{"id":15505531,"url":"https://github.com/aldavigdis/dockpress","last_synced_at":"2025-04-23T01:52:00.052Z","repository":{"id":142926625,"uuid":"609202612","full_name":"aldavigdis/dockpress","owner":"aldavigdis","description":"A Docker image for running WordPress in the cloud, with Memcached and New Relic support built in","archived":false,"fork":false,"pushed_at":"2024-03-21T13:06:23.000Z","size":120,"stargazers_count":14,"open_issues_count":3,"forks_count":1,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-04-23T01:51:52.470Z","etag":null,"topics":["docker","docker-image","memcached","new-relic","wordpress","wordpress-hosting"],"latest_commit_sha":null,"homepage":"","language":"Shell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"agpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/aldavigdis.png","metadata":{"files":{"readme":"readme.md","changelog":null,"contributing":null,"funding":".github/FUNDING.yml","license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null},"funding":{"github":"aldavigdis"}},"created_at":"2023-03-03T15:37:02.000Z","updated_at":"2024-11-07T16:56:52.000Z","dependencies_parsed_at":"2024-02-13T13:52:55.527Z","dependency_job_id":"1afc02fb-daf3-4ba1-81b7-4a98e826e08a","html_url":"https://github.com/aldavigdis/dockpress","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/aldavigdis%2Fdockpress","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/aldavigdis%2Fdockpress/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/aldavigdis%2Fdockpress/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/aldavigdis%2Fdockpress/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/aldavigdis","download_url":"https://codeload.github.com/aldavigdis/dockpress/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":250354298,"owners_count":21416751,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["docker","docker-image","memcached","new-relic","wordpress","wordpress-hosting"],"created_at":"2024-10-02T09:23:47.667Z","updated_at":"2025-04-23T01:52:00.034Z","avatar_url":"https://github.com/aldavigdis.png","language":"Shell","funding_links":["https://github.com/sponsors/aldavigdis"],"categories":[],"sub_categories":[],"readme":"# DockPress\n\n```\n   ______   _____  _______ _     _  _____   ______ _______ _______ _______\n   |     \\ |     | |       |____/  |_____] |_____/ |______ |______ |______\n   |_____/ |_____| |_____  |    \\_ |       |    \\_ |______ ______| ______|\n\n```\n\nThis is a build-it-yourself Docker image intended for WordPress sites that are\nrun in a cluster or a swarm in the cloud. It can also run as a development/test\nenvironment where PHP-FPM, Nginx, Memcached and New Relic need to be accounted\nfor.\n\nDockPress is designed with Kubernetes in mind and includes documentation on\ndeployment and operations in Google Cloud and Google Kubernetes engine.\n\nContributions are welcome.\n\nThis image is a build-it-yourself template and is **meant to be forked** and\nmodified for every use case, under the AGPL licence.\n\nApplication-specific things such as modifying the entry point and adding the\nrequired secrets to pull a WordPress site from a git hosting provider (such as\nGithub) for a production site is up to you.\n\n## DockPress has:\n\n* Facilitates an immutable WordPress installation in the cloud, using **Docker** and **Kubernetes**\n* Runs **PHP-FPM** 8.1 behind **Nginx** (as opposed to the legacy apache mod_php way of doing things)\n* Keeps WordPress' uploads directory in a persistent volume\n* Installs **Memcached** support for WP Object and PHP session storage\n* Keeps credentials, salts and keys in a JSON file, which can be kept in a Kubernetes secret volume\n* Facilitates the installation of and runs the **New Relic** PHP Agent, which is used for system monitoring\n* Facilitiates changing image URLs to point to a different server (like a CDN)\n* Installs and configures **Ghostscript** to work with ImageMagick and PHP to generate PDF thumbnails\n* Includes documentation on **Kubernetes** deployment on Google Cloud\n\n## Needed contributions:\n\n* Improved testing and documentation\n* Usage examples for beginner to advanced use\n* Documentation and example YAML files for other cloud services such as AWS and IBM Cloud\n* Scripts and interfaces to build YAML files and feed into `kubectl` based on variables\n\n## Quick Start with Docker Desktop\n\nThis assumes you are not running this on Docker Desktop for testing or\ndevelopment purposes.\n\nSet up a MySQL server for WordPress to connect to and note down its IP address.\n(You can do this via Docker or locally.)\n\nEdit the `secets/credentials.json` file with the correct information and\ncredentials for your database, New Relic setup (leave blank if none) and the\nMemcached server (leave as-is if none).\n\nExample:\n\n```json\n{\n    \"mysql_server\":       \"172.17.0.2:3306\",\n    \"mysql_db\":           \"wordpress\",\n    \"mysql_user\":         \"root\",\n    \"mysql_password\":     \"very_secure_password\",\n    \"new_relic_app_name\": \"\",\n    \"new_relic_key\":      \"\",\n    \"memcached_servers\":  [\"\"],\n    \"memcached_key_salt\": \"ciVWNmAjdnKO5SUkEoUI\",\n    \"auth_key\":          \"SuuPyW6VmNCHtUIyMjj9\",\n    \"secure_auth_key\":   \"oEZl3jIFUOdgAfEpjtPE\",\n    \"logged_in_key\":     \"HnCiub8gPhoxs8gFWtuA\",\n    \"nonce_key\":         \"GSfL7q0E7f1VWQzwvIv5\",\n    \"auth_salt\":         \"YrdqeWT3dfcCv46yY19H\",\n    \"secure_auth_salt\":  \"sZ3vthTmfp0U60vGZjRX\",\n    \"logged_in_salt\":    \"kToEN1cJe4aKDOq0iItf\",\n    \"nonce_salt\":        \"uG1u4lyr3xXOKCY1cWih\"\n}\n```\n\nBuild the Docker image:\n\n```bash\ndocker build -t dockpress . -f Dockerfile --no-cache\n```\n\nRun the Docker image:\n\n```bash\ndocker run -dp 80:80 --mount type=bind,src=$(pwd)/secrets,dst=/secrets \\\n                     dockpress\n```\n\nThat's it!\n\n## Features\n\nThe following is a list of features that can be enabled and facilitated by\nenvironment variables that are set usig `ENV` statements in the Dockerfile.\n\n### Fresh WordPress installation\n\nMake sure tha the `WP_INSTALL_IF_NOT_FOUND` environment variable is set and if\nno WordPress installation is found (the entrypoint script checks for\n`index.php`), a new version of the WordPress Core is fetched and installed.\n\nThis is based on `wp-config-sample.php`, so that one needs to be in there for\nthe installation to work.\n\n### Force WordPress configuration\n\nDockPress's WordPress configuration script will not run (for the most part) if\n`wp-config.php` already exists. In order to force it to run on deployment, you\ncan set the `FORCE_WP_CONFIG` environment variable.\n\nThis may have unintended consequences and it is recommended not to deploy or\nversion `wp-config.php` for use in Dockpress, as DockPress takes care of\nconfiguring the WordPress installation. (I.e. keep your own `wp-config.php`\nfor development purposes, but add it to your `.gitignore` file.)\n\nFurthermore, DockPress runs WP-CLI as root. If you have a WordPress installation\nrunning and use `FORCE_WP_CONFIG`, the WP Core, themes, plugins, drop-ins etc.\nwill be run by root, which is the most priveleged user account on the system.\n\n### New Relic PHP Agent installation\n\nSet your New Relic credentials in `credentials.json` and the New Relic PHP Agent\nwill be installed and configured.\n\nIf you need a specific version of New Relic, you can set the `NR_PHP_AGENT_URL`\nenvironment variable to the full URL of the newest version's .tar.gz archive.\n\nPlese not that while optionally hosted in the EU, you may want to inform your\nusers about data egress to New Relic's servers, especially as NR injects\nJavaScript code into the frontend of your site for performance monitoring.\n\n### Debugging and error logging\n\nMake sure that the `WP_DEBUG` environment varialbe is set to enable error\nlogging for WordPress' PHP bits and plugins that supress error reporting unless\n`WP_DEBUG` is enabled.\n\nNote that errors, warnings and notices are not displayed in the web interface,\nbut appear in the system log instead.\n\nNon-minified versions of the WP Core's JavaScript libraries and CSS can be\nloaded by setting the `WP_SCRIPT_DEBUG` environment variable.\n\n### Refer to uploads on a different server\n\nSet the `WP_UPLOADS_URL` or `WP_CONTENT_URL` environment variables to your CDN's\nURL and WordPress will refer to that server when fetching images and other media\nfrom your Media Library.\n\nIf you are syncing static files between your DockPress managed WP installation\nand a CDN bucket, DockPress installs an mu-plugin that waits for files uploaded\nusing the Media Library to be reached from the CDN, before a the upload is\nconfirmed.\n\n### Tweak PHP memory use\n\nYou can set the following environment variables, which will then be applied to\nthe corresponding values in `php.ini`.\n\n* `PHP_UPLOAD_MAX_FILESIZE`\n* `PHP_POST_MAX_SIZE`\n* `PHP_MEMORY_LIMIT`\n\nThose are currently set to be appropriate for Google Kubernetes Engine's\n*General Purpose* pods.\n\nAlso note that WordPress tends to override the `PHP_MEMORY_LIMIT` value and uses\nits own value, which is set to `40M` per process as if it's still the 90's and\nmost WordPress plugins weren't horriby inefficient.\n\nTo get past this, make sure that the `WP_MEMORY_LIMIT` ENV variable is set to a\ngood portion of the `PHP_MEMORY_LIMIT`. DockPress sets it to `448MB` by default.\n\n### Tweak acceptable PHP response time\n\nSet the `PHP_MAX_EXECUTION_TIME` to a numeric value, to set the number of\nseconds to allow PHP processess to run. This sets both the `php.ini` value and\nthe relevant Nginx configuration variable.\n\n### Nuke Permissions\n\nSet the `NUKE_PERMISSIONS` environment variable to reset file and directory\npermissions on deployment. This will scan your WordPress installation (but not\nthe `.git` or `wp-content/uploads` directories) and set file ownership to\n`FILE_OWNER`, the file mode to `FILE_MODE` and directory mode to\n`DIRECTORY_MODE`\n\nNote that this takes a while to run, so if you are depending on rolling restarts\nin a small cluster, this may not be the right thing to do.\n\n### Remove crap plugins\n\nIf the `REMOVE_CRAP_PLUGINS` environment variable is set, the built-in Akismet\nand hello.php plugins are removed from the WordPress installation.\n\n### Prevent updates\n\nKeep the `PREVENT_UPDATES` environment variable set in order to make sure that\nthe WordPress core, plugins and themes are not updated.\n\nIn case of running DockPress in a cluster, if each node/pod has its own file\nstorage and runs the built-in update mechanism,\n\nThis also ensures that the WordPress installation is immutable and makes it less\nlikely that the site is exploited by and falls victim to code injection.\n\n### Ghostscript (GhostPDL) installation\n\nMake sure that the `INSTALL_GHOSTSCRIPT` environment variable is set to enable\nthe installation of Ghostscript (as a part of the larger GhostPDL package).\n\nGhostpress may take a while to build from source.\n\nNote that while *open source*, Ghostscript and GhostPDL are, like this package,\nlicenced under the GNU Affero General Public License by Artifex Software Inc and\navailabe commerically as well.\n\nPlease check [Artiflex's licencing information](https://artifex.com/licensing/)\nfor more information on their licencing terms.\n\n## Further Technical Stuff\n\n### Users\n\nNginx and PHP-FPM run WordPress as the service account `www-data` by default.\nIn DockPress, the web root and the files in the WordPress installation are owned\nby a service account `wp-services`, which then has elevated access.\n\nThis arrangement makes sure that the web server does not write files into the\nWordPress installation while enabling maintainance, file sync and other tasks to\nbe run using a specific account.\n\n### Expected volume mounts\n\n* `/var/www/html/`: The storage location for the WordPress installation itself. If not set, a fresh installation may be made on deployment.\n* `/secrets`: Contains the file `credentials.json`, which includes our MySQL credentials, the Memcached host, the New Relic key and the secure salts and keys used by WordPress. (In Kubernetes, you would use a secret volume for this.)\n\n### File permissions\n\nThe Linux service account `www-data` (Debian user ID `33`) nees to have read\naccess to the mounted volumes and write access to\n`/var/www/html/wp-content/uploads`.\n\nChoosing to mount a volume accessed by `www-data` outside of `/var/www/html` may\nresult in SELinux stepping in and blocking access.\n\n### WordPress keys and salts\n\nEach node in a swarm needs to share the same salts and keys in order for things\nlike logging in and such to be consistent (and actually work) between nodes.\n\n**Please replace the values with new, randomised values found at\nhttps://api.wordpress.org/secret-key/1.1/salt/ or https://random.org for\nproduction use.**\n\n## Cloud Deployment\n\n* [Google Cloud Services and GKE](docs/gcs_deployment.md)\n\n## Build and send off to your private image registry\n\nYou can do the following to build and publish a Docker image based on DockPress\nto your private Docker registry. The following uses my own internal URL for my\nown build and yours will be different:\n\n```bash\nexport registry_path=eu.gcr.io/dockerpress-379014/dockpress/dockpress:latest\ndocker build -t dockpress . -f Dockerfile\ndocker commit $(docker create dockpress) $registry_path\ndocker push $registry_path\n```\n\n## Licence\n\nThis software is licenced according to and is subject to the GNU Affero General\nPublic License (AGPL), with the possibility of an exception upon request.\n\nThe 3rd party software that it installs during build is generally subject to the\nGPL licence or other highly permissive licences, with the exception of\nGhostscript/GhostPDL, which is also distributed according to the AGPL.\n\nPlease do not hesistate to contact the author to enquire about a license\nexception or if there are questions about appropriate use of this software.\n\n---\n\n**Copyright (C) 2023 Alda Vigdís Skarphéðinsdóttir (aldavigdis@aldavigdis.is)**\n\nThis program is free software: you can redistribute it and/or modify\nit under the terms of the GNU Affero General Public License as published by\nthe Free Software Foundation, either version 3 of the License, or\n(at your option) any later version.\n\nThis program is distributed in the hope that it will be useful,\nbut WITHOUT ANY WARRANTY; without even the implied warranty of\nMERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the\nGNU Affero General Public License for more details.\n\nYou should have received a copy of the GNU Affero General Public License\nalong with this program. If not, see \u003chttps://www.gnu.org/licenses/\u003e.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Faldavigdis%2Fdockpress","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Faldavigdis%2Fdockpress","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Faldavigdis%2Fdockpress/lists"}