feat(service/wordpress): supper fast wordpress cloud!

packages/lab/wordpress/.env.example

@@ -0,0 +1,14 @@
+DOMAIN=wp.mihandoost.com
+
+NGINX_VERSION=1.21
+PHP_VERSION=8.1
+WORDPRESS_VERSION=6.0
+NGINX_MEMOTY_LIMIT=256m
+PHP_MEMOTY_LIMIT=2048m
+## Remove _data/wp-config.php to appy
+WORDPRESS_DB_HOST=mariadb.alwatr.io
+WORDPRESS_DB_USER=alwatr
+WORDPRESS_DB_PASSWORD=secret-password
+WORDPRESS_DB_NAME=database
+WORDPRESS_TABLE_PREFIX=wp_
+WORDPRESS_DEBUG=

packages/lab/wordpress/README.md

@@ -0,0 +1,18 @@
+# @alwatr/wordpress container
+
+## Superfast Wordpress Container for CloudNative Kubernetes Deployments
+
+This container image is based on the official Wordpress image, but with a few tweaks to make it more suitable for Kubernetes deployments.
+
+This is the best practices and fast as possible to run the lazy PHP application like wordpress!  
+Just because of `@alwatr/nginx` and php-fpm cashing It can work More than 1,000,000 time faster than the official wordpress!, It’s not a joke!
+
+## So, is Wordpress Cloud native?
+
+**Fuck No!**
+
+To be honest, no PHP application or even framework is made in a cloud native way or mindset.  
+This might suck and you don't like it! But it's not my fault if php is bullshit and you like it just because it's popular and easy to learn!  
+I have to mention this to reduce my guilty conscience about having this package in the alwatr project!  
+There are always a few fundamental “architecture design” problems which cause the entire cloud native way impossible out of the box. Sometimes even with loads of work altering in the “core”, you won’t be able to run it in the way you wanted to.
+If you analyze your requirements and needs, you pick the right tools. If we want high availability, high performance, and ease of CI/CD, perhaps you should have picked another language…

packages/lab/wordpress/_up.sh

@@ -0,0 +1,33 @@
+#!/usr/bin/env bash
+
+set -Eeuo pipefail
+trap "echo '❌ Error'" ERR
+
+TIMEFORMAT="done in %Rs"
+thisPath="$(dirname "$0")"
+cd $thisPath
+ls -lahF
+
+echoStep () {
+  echo "🔹 $1"
+}
+
+echoStep "Preparing..."
+
+[ ! -d _data ] && mkdir _data
+[ -f _data/wp-config.php ] && mv -fv "_data/wp-config.php" "_data/wp-config.php.bak"
+
+time docker-compose pull
+time docker-compose build --pull
+
+echoStep "Starting..."
+
+time docker-compose up --detach --remove-orphans # --force-recreate
+
+echoStep "Fix permitions..."
+
+time docker-compose exec php "fix-permition.sh"
+
+echoStep "Done"
+
+docker-compose logs --tail=300 --follow || true

packages/lab/wordpress/deploy.sh

@@ -0,0 +1,56 @@
+#!/usr/bin/env bash
+set -Eeuo pipefail
+trap "echo '❌ Error'" ERR
+
+thisPath="$(pwd)"
+thisBasename="$(basename "$thisPath")"
+cd $thisPath;
+
+if [ -z ${DEPLOY_HOST:-} ]
+then
+  echo '❌ Plsease set deploy host env by `export DEPLOY_HOST=root@srv1.alwatr.io`'
+  exit 1
+fi
+
+if [ -z ${DEPLOY_PATH:-} ]
+then
+  echo '❌ Plsease set deploy path env by `DEPLOY_PATH=wp-test ./deploy.sh`'
+  exit 1
+fi
+
+DEPLOY_PATH="/srv/${DEPLOY_PATH:-$thisBasename}/"
+
+echo "DEPLOY_HOST: $DEPLOY_HOST"
+echo "DEPLOY_PATH: $DEPLOY_PATH"
+
+echoStep () {
+  echo "🔸 $1"
+}
+
+remoteShell () {
+  server=$1; shift;
+  echo "🔸 remoteShell => $server"
+  ssh -o "ConnectTimeout=5" -tt -q $server $@
+}
+
+if [ ! -f .env ]
+then
+  echo "❌ .env file not found"
+  cp .env.example .env
+  nano .env
+fi
+
+echoStep "Sync..."
+
+remoteShell $DEPLOY_HOST "mkdir -p $DEPLOY_PATH"
+
+rsync -Pazh --del ./_*.sh ./.env ./*.yml php nginx $DEPLOY_HOST:$DEPLOY_PATH/
+
+if [[ "${1:-}" == "--down" ]]
+then
+  echoStep "Down..."
+  remoteShell $DEPLOY_HOST "cd $DEPLOY_PATH && docker-compose down --remove-orphans"
+else
+  echoStep "Up..."
+  remoteShell $DEPLOY_HOST "cd $DEPLOY_PATH && chmod +x _up.sh && ./_up.sh"
+fi

packages/lab/wordpress/docker-compose.yml

@@ -0,0 +1,98 @@
+version: '2'
+
+networks:
+  internal:
+  alwatr-private-network:
+    external:
+      name: alwatr-private-network
+  alwatr-public-network:
+    external:
+      name: alwatr-public-network
+
+services:
+  nginx:
+    build:
+      context: ./nginx
+      args:
+        - NGINX_VERSION=${NGINX_VERSION}
+
+    hostname: nginx.alwatr.io
+
+    networks:
+      - internal
+      - alwatr-public-network
+
+    restart: unless-stopped
+
+    depends_on:
+      - php
+
+    cpu_shares: 2048
+    mem_limit: ${NGINX_MEMOTY_LIMIT}
+
+    volumes:
+      - type: bind
+        source: ./_data/
+        target: /var/www/html/
+
+    tmpfs:
+      - /var/cache
+
+    logging:
+      driver: json-file
+      options:
+        max-size: '10m'
+        max-file: '2'
+
+    labels:
+      traefik.enable: true
+      traefik.port: 80
+      traefik.frontend.rule: Host:${DOMAIN}
+      traefik.frontend.entryPoints: http, https
+      traefik.frontend.redirect.entryPoint: https
+
+  php:
+    build:
+      context: ./php
+      args:
+        - PHP_VERSION=${PHP_VERSION}
+        - WORDPRESS_VERSION=${WORDPRESS_VERSION}
+
+    hostname: php.alwatr.io
+
+    networks:
+      - internal
+      - alwatr-private-network
+
+    restart: unless-stopped
+
+    cpu_shares: 1024
+    mem_limit: ${PHP_MEMOTY_LIMIT}
+
+    volumes:
+      - type: bind
+        source: ./_data/
+        target: /var/www/html/
+
+    tmpfs:
+      - /tmp
+
+    env_file:
+      - .env
+
+    logging:
+      driver: json-file
+      options:
+        max-size: '10m'
+        max-file: '2'
+
+    environment:
+      WORDPRESS_CONFIG_EXTRA: |
+        /* Alwatr Setting */
+        define('WP_CACHE', true);
+        define('WP_POST_REVISIONS', 2);
+        define('IMAGE_EDIT_OVERWRITE', true);
+        define('FORCE_SSL_LOGIN', false);
+        define('FORCE_SSL_ADMIN', false);
+        define('WP_MEMORY_LIMIT', '256M');
+        define('WP_MAX_MEMORY_LIMIT', '256M'); # admin dashboard

packages/lab/wordpress/nginx/.dockerignore

@@ -0,0 +1,4 @@
+*
+!nginx.conf
+!conf.d
+!toggle-cache.html

packages/lab/wordpress/nginx/Dockerfile

@@ -0,0 +1,8 @@
+ARG NGINX_VERSION=1.23
+
+FROM nginx:${NGINX_VERSION}-alpine
+
+COPY nginx.conf /etc/nginx/
+COPY conf.d/ /etc/nginx/conf.d/
+RUN ls -lahF /etc/nginx && ls -lahF /etc/nginx/conf.d/ # for debug
+COPY toggle-cache.html /var/www/

packages/lab/wordpress/nginx/conf.d/fastcgi.conf

@@ -0,0 +1,70 @@
+# regex to split $uri to $fastcgi_script_name and $fastcgi_path
+# This is a robust solution for path info security issue and works with "cgi.fix_pathinfo = 1" in /etc/php.ini (default) # ?
+fastcgi_split_path_info  ^(.+\.php)(/.+)$;
+fastcgi_connect_timeout  10s;
+fastcgi_send_timeout     15s;
+fastcgi_read_timeout     120s;
+
+fastcgi_buffer_size          256k;
+fastcgi_buffers              4 256k;
+fastcgi_busy_buffers_size    256k;
+fastcgi_temp_file_write_size 4m;
+fastcgi_max_temp_file_size   4m;
+fastcgi_intercept_errors     off;
+
+# fastcgi_keep_conn  on; # its must be on for keepalive in upstream work
+
+fastcgi_cache                   fastcgicache;
+fastcgi_cache_valid             302 403 404 5m;
+fastcgi_cache_valid             200 206 301 24h;
+fastcgi_cache_revalidate        on; # ?
+fastcgi_cache_background_update on; # ?
+fastcgi_cache_lock              on;
+fastcgi_cache_use_stale         error timeout invalid_header updating http_500;
+fastcgi_cache_min_uses          1;
+#fastcgi_cache_purge             $purge_method; # active module
+
+fastcgi_cache_bypass            $no_cache;
+fastcgi_no_cache                $no_cache;
+
+fastcgi_pass_request_headers on;
+fastcgi_pass_request_body    on;
+fastcgi_ignore_headers       Cache-Control Expires Set-Cookie;
+fastcgi_hide_header          X-Powered-By;
+# Remove cached Set-Cookie header to prevent same cookie for all users!
+#fastcgi_hide_header          Set-Cookie;
+#fastcgi_hide_header          Cookie;
+
+fastcgi_param  GATEWAY_INTERFACE CGI/1.1;
+fastcgi_param  SERVER_SOFTWARE   nginx/$nginx_version;
+
+fastcgi_param  SCRIPT_FILENAME   $document_root$fastcgi_script_name;
+fastcgi_param  SCRIPT_NAME       $fastcgi_script_name;
+fastcgi_param  QUERY_STRING      $query_string;
+fastcgi_param  REQUEST_METHOD    $request_method;
+fastcgi_param  CONTENT_TYPE      $content_type if_not_empty;
+fastcgi_param  CONTENT_LENGTH    $content_length;
+
+fastcgi_param  REQUEST_URI       $request_uri;
+fastcgi_param  DOCUMENT_URI      $document_uri;
+fastcgi_param  DOCUMENT_ROOT     $document_root;
+fastcgi_param  SERVER_PROTOCOL   $server_protocol;
+fastcgi_param  REQUEST_SCHEME    $scheme;
+fastcgi_param  HTTPS             $https if_not_empty;
+
+fastcgi_param  REMOTE_ADDR       $http_x_real_ip;
+fastcgi_param  REMOTE_PORT       $remote_port;
+fastcgi_param  SERVER_ADDR       $server_addr;
+fastcgi_param  SERVER_PORT       $server_port;
+fastcgi_param  SERVER_NAME       $server_name;
+
+# PHP only, required if PHP was built with --enable-force-cgi-redirect
+fastcgi_param  REDIRECT_STATUS   200;
+
+# Bypass the fact that try_files resets $fastcgi_path_info
+# see: https://trac.nginx.org/nginx/ticket/321
+set $path_info $fastcgi_path_info;
+fastcgi_param PATH_INFO $path_info;
+
+## Fix HTTPoxy vulnerability https://httpoxy.org/#mitigate-nginx
+# fastcgi_param HTTP_PROXY '';

packages/lab/wordpress/nginx/conf.d/mime-expire.conf

@@ -0,0 +1,53 @@
+map $sent_http_content_type $expires {
+  default off;
+  ~assets/ max;
+  application/ecmascript max;
+  application/javascript max;
+  application/json max;
+  application/pdf max;
+  application/postscript max;
+  application/font-woff max;
+  application/font-woff2 max;
+  application/x-javascript max;
+  application/vnd.ms-fontobject max;
+  application/x-font-opentype max;
+  application/x-font-truetype max;
+  application/x-font-ttf max;
+  application/xml max;
+  image/gif max;
+  image/jpeg max;
+  image/png max;
+  image/svg+xml max;
+  image/tiff max;
+  image/x-icon max;
+  image/vnd.microsoft.icon max;
+  image/webp max;
+  text/x-component max;
+  text/x-js max;
+  text/css max;
+  text/csv max;
+  text/html epoch;
+  text/javascript max;
+  text/plain epoch;
+  text/xml max;
+  text/xsd max;
+  text/xsl max;
+  font/eot max;
+  font/opentype max;
+  font/otf max;
+  font/woff max;
+  font/woff2 max;
+  video/3gpp max;
+  video/mp4 max;
+  video/mpeg max;
+  video/ogg max;
+  video/quicktime max;
+  video/webm max;
+  video/x-flv max;
+  video/x-mng max;
+  video/x-ms-asf max;
+  video/x-ms-wmv max;
+  video/x-msvideo max;
+}
+
+expires $expires;