-
Notifications
You must be signed in to change notification settings - Fork 10
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
feat(service/wordpress): supper fast wordpress cloud!
- Loading branch information
Showing
18 changed files
with
814 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,14 @@ | ||
DOMAIN=wp.mihandoost.com | ||
|
||
NGINX_VERSION=1.21 | ||
PHP_VERSION=8.1 | ||
WORDPRESS_VERSION=6.0 | ||
NGINX_MEMOTY_LIMIT=256m | ||
PHP_MEMOTY_LIMIT=2048m | ||
## Remove _data/wp-config.php to appy | ||
WORDPRESS_DB_HOST=mariadb.alwatr.io | ||
WORDPRESS_DB_USER=alwatr | ||
WORDPRESS_DB_PASSWORD=secret-password | ||
WORDPRESS_DB_NAME=database | ||
WORDPRESS_TABLE_PREFIX=wp_ | ||
WORDPRESS_DEBUG= |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,18 @@ | ||
# @alwatr/wordpress container | ||
|
||
## Superfast Wordpress Container for CloudNative Kubernetes Deployments | ||
|
||
This container image is based on the official Wordpress image, but with a few tweaks to make it more suitable for Kubernetes deployments. | ||
|
||
This is the best practices and fast as possible to run the lazy PHP application like wordpress! | ||
Just because of `@alwatr/nginx` and php-fpm cashing It can work More than 1,000,000 time faster than the official wordpress!, It’s not a joke! | ||
|
||
## So, is Wordpress Cloud native? | ||
|
||
**Fuck No!** | ||
|
||
To be honest, no PHP application or even framework is made in a cloud native way or mindset. | ||
This might suck and you don't like it! But it's not my fault if php is bullshit and you like it just because it's popular and easy to learn! | ||
I have to mention this to reduce my guilty conscience about having this package in the alwatr project! | ||
There are always a few fundamental “architecture design” problems which cause the entire cloud native way impossible out of the box. Sometimes even with loads of work altering in the “core”, you won’t be able to run it in the way you wanted to. | ||
If you analyze your requirements and needs, you pick the right tools. If we want high availability, high performance, and ease of CI/CD, perhaps you should have picked another language… |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,33 @@ | ||
#!/usr/bin/env bash | ||
|
||
set -Eeuo pipefail | ||
trap "echo '❌ Error'" ERR | ||
|
||
TIMEFORMAT="done in %Rs" | ||
thisPath="$(dirname "$0")" | ||
cd $thisPath | ||
ls -lahF | ||
|
||
echoStep () { | ||
echo "🔹 $1" | ||
} | ||
|
||
echoStep "Preparing..." | ||
|
||
[ ! -d _data ] && mkdir _data | ||
[ -f _data/wp-config.php ] && mv -fv "_data/wp-config.php" "_data/wp-config.php.bak" | ||
|
||
time docker-compose pull | ||
time docker-compose build --pull | ||
|
||
echoStep "Starting..." | ||
|
||
time docker-compose up --detach --remove-orphans # --force-recreate | ||
|
||
echoStep "Fix permitions..." | ||
|
||
time docker-compose exec php "fix-permition.sh" | ||
|
||
echoStep "Done" | ||
|
||
docker-compose logs --tail=300 --follow || true |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,56 @@ | ||
#!/usr/bin/env bash | ||
set -Eeuo pipefail | ||
trap "echo '❌ Error'" ERR | ||
|
||
thisPath="$(pwd)" | ||
thisBasename="$(basename "$thisPath")" | ||
cd $thisPath; | ||
|
||
if [ -z ${DEPLOY_HOST:-} ] | ||
then | ||
echo '❌ Plsease set deploy host env by `export DEPLOY_HOST=root@srv1.alwatr.io`' | ||
exit 1 | ||
fi | ||
|
||
if [ -z ${DEPLOY_PATH:-} ] | ||
then | ||
echo '❌ Plsease set deploy path env by `DEPLOY_PATH=wp-test ./deploy.sh`' | ||
exit 1 | ||
fi | ||
|
||
DEPLOY_PATH="/srv/${DEPLOY_PATH:-$thisBasename}/" | ||
|
||
echo "DEPLOY_HOST: $DEPLOY_HOST" | ||
echo "DEPLOY_PATH: $DEPLOY_PATH" | ||
|
||
echoStep () { | ||
echo "🔸 $1" | ||
} | ||
|
||
remoteShell () { | ||
server=$1; shift; | ||
echo "🔸 remoteShell => $server" | ||
ssh -o "ConnectTimeout=5" -tt -q $server $@ | ||
} | ||
|
||
if [ ! -f .env ] | ||
then | ||
echo "❌ .env file not found" | ||
cp .env.example .env | ||
nano .env | ||
fi | ||
|
||
echoStep "Sync..." | ||
|
||
remoteShell $DEPLOY_HOST "mkdir -p $DEPLOY_PATH" | ||
|
||
rsync -Pazh --del ./_*.sh ./.env ./*.yml php nginx $DEPLOY_HOST:$DEPLOY_PATH/ | ||
|
||
if [[ "${1:-}" == "--down" ]] | ||
then | ||
echoStep "Down..." | ||
remoteShell $DEPLOY_HOST "cd $DEPLOY_PATH && docker-compose down --remove-orphans" | ||
else | ||
echoStep "Up..." | ||
remoteShell $DEPLOY_HOST "cd $DEPLOY_PATH && chmod +x _up.sh && ./_up.sh" | ||
fi |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,98 @@ | ||
version: '2' | ||
|
||
networks: | ||
internal: | ||
alwatr-private-network: | ||
external: | ||
name: alwatr-private-network | ||
alwatr-public-network: | ||
external: | ||
name: alwatr-public-network | ||
|
||
services: | ||
nginx: | ||
build: | ||
context: ./nginx | ||
args: | ||
- NGINX_VERSION=${NGINX_VERSION} | ||
|
||
hostname: nginx.alwatr.io | ||
|
||
networks: | ||
- internal | ||
- alwatr-public-network | ||
|
||
restart: unless-stopped | ||
|
||
depends_on: | ||
- php | ||
|
||
cpu_shares: 2048 | ||
mem_limit: ${NGINX_MEMOTY_LIMIT} | ||
|
||
volumes: | ||
- type: bind | ||
source: ./_data/ | ||
target: /var/www/html/ | ||
|
||
tmpfs: | ||
- /var/cache | ||
|
||
logging: | ||
driver: json-file | ||
options: | ||
max-size: '10m' | ||
max-file: '2' | ||
|
||
labels: | ||
traefik.enable: true | ||
traefik.port: 80 | ||
traefik.frontend.rule: Host:${DOMAIN} | ||
traefik.frontend.entryPoints: http, https | ||
traefik.frontend.redirect.entryPoint: https | ||
|
||
php: | ||
build: | ||
context: ./php | ||
args: | ||
- PHP_VERSION=${PHP_VERSION} | ||
- WORDPRESS_VERSION=${WORDPRESS_VERSION} | ||
|
||
hostname: php.alwatr.io | ||
|
||
networks: | ||
- internal | ||
- alwatr-private-network | ||
|
||
restart: unless-stopped | ||
|
||
cpu_shares: 1024 | ||
mem_limit: ${PHP_MEMOTY_LIMIT} | ||
|
||
volumes: | ||
- type: bind | ||
source: ./_data/ | ||
target: /var/www/html/ | ||
|
||
tmpfs: | ||
- /tmp | ||
|
||
env_file: | ||
- .env | ||
|
||
logging: | ||
driver: json-file | ||
options: | ||
max-size: '10m' | ||
max-file: '2' | ||
|
||
environment: | ||
WORDPRESS_CONFIG_EXTRA: | | ||
/* Alwatr Setting */ | ||
define('WP_CACHE', true); | ||
define('WP_POST_REVISIONS', 2); | ||
define('IMAGE_EDIT_OVERWRITE', true); | ||
define('FORCE_SSL_LOGIN', false); | ||
define('FORCE_SSL_ADMIN', false); | ||
define('WP_MEMORY_LIMIT', '256M'); | ||
define('WP_MAX_MEMORY_LIMIT', '256M'); # admin dashboard |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,4 @@ | ||
* | ||
!nginx.conf | ||
!conf.d | ||
!toggle-cache.html |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,8 @@ | ||
ARG NGINX_VERSION=1.23 | ||
|
||
FROM nginx:${NGINX_VERSION}-alpine | ||
|
||
COPY nginx.conf /etc/nginx/ | ||
COPY conf.d/ /etc/nginx/conf.d/ | ||
RUN ls -lahF /etc/nginx && ls -lahF /etc/nginx/conf.d/ # for debug | ||
COPY toggle-cache.html /var/www/ |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,70 @@ | ||
# regex to split $uri to $fastcgi_script_name and $fastcgi_path | ||
# This is a robust solution for path info security issue and works with "cgi.fix_pathinfo = 1" in /etc/php.ini (default) # ? | ||
fastcgi_split_path_info ^(.+\.php)(/.+)$; | ||
fastcgi_connect_timeout 10s; | ||
fastcgi_send_timeout 15s; | ||
fastcgi_read_timeout 120s; | ||
|
||
fastcgi_buffer_size 256k; | ||
fastcgi_buffers 4 256k; | ||
fastcgi_busy_buffers_size 256k; | ||
fastcgi_temp_file_write_size 4m; | ||
fastcgi_max_temp_file_size 4m; | ||
fastcgi_intercept_errors off; | ||
|
||
# fastcgi_keep_conn on; # its must be on for keepalive in upstream work | ||
|
||
fastcgi_cache fastcgicache; | ||
fastcgi_cache_valid 302 403 404 5m; | ||
fastcgi_cache_valid 200 206 301 24h; | ||
fastcgi_cache_revalidate on; # ? | ||
fastcgi_cache_background_update on; # ? | ||
fastcgi_cache_lock on; | ||
fastcgi_cache_use_stale error timeout invalid_header updating http_500; | ||
fastcgi_cache_min_uses 1; | ||
#fastcgi_cache_purge $purge_method; # active module | ||
|
||
fastcgi_cache_bypass $no_cache; | ||
fastcgi_no_cache $no_cache; | ||
|
||
fastcgi_pass_request_headers on; | ||
fastcgi_pass_request_body on; | ||
fastcgi_ignore_headers Cache-Control Expires Set-Cookie; | ||
fastcgi_hide_header X-Powered-By; | ||
# Remove cached Set-Cookie header to prevent same cookie for all users! | ||
#fastcgi_hide_header Set-Cookie; | ||
#fastcgi_hide_header Cookie; | ||
|
||
fastcgi_param GATEWAY_INTERFACE CGI/1.1; | ||
fastcgi_param SERVER_SOFTWARE nginx/$nginx_version; | ||
|
||
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; | ||
fastcgi_param SCRIPT_NAME $fastcgi_script_name; | ||
fastcgi_param QUERY_STRING $query_string; | ||
fastcgi_param REQUEST_METHOD $request_method; | ||
fastcgi_param CONTENT_TYPE $content_type if_not_empty; | ||
fastcgi_param CONTENT_LENGTH $content_length; | ||
|
||
fastcgi_param REQUEST_URI $request_uri; | ||
fastcgi_param DOCUMENT_URI $document_uri; | ||
fastcgi_param DOCUMENT_ROOT $document_root; | ||
fastcgi_param SERVER_PROTOCOL $server_protocol; | ||
fastcgi_param REQUEST_SCHEME $scheme; | ||
fastcgi_param HTTPS $https if_not_empty; | ||
|
||
fastcgi_param REMOTE_ADDR $http_x_real_ip; | ||
fastcgi_param REMOTE_PORT $remote_port; | ||
fastcgi_param SERVER_ADDR $server_addr; | ||
fastcgi_param SERVER_PORT $server_port; | ||
fastcgi_param SERVER_NAME $server_name; | ||
|
||
# PHP only, required if PHP was built with --enable-force-cgi-redirect | ||
fastcgi_param REDIRECT_STATUS 200; | ||
|
||
# Bypass the fact that try_files resets $fastcgi_path_info | ||
# see: https://trac.nginx.org/nginx/ticket/321 | ||
set $path_info $fastcgi_path_info; | ||
fastcgi_param PATH_INFO $path_info; | ||
|
||
## Fix HTTPoxy vulnerability https://httpoxy.org/#mitigate-nginx | ||
# fastcgi_param HTTP_PROXY ''; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,53 @@ | ||
map $sent_http_content_type $expires { | ||
default off; | ||
~assets/ max; | ||
application/ecmascript max; | ||
application/javascript max; | ||
application/json max; | ||
application/pdf max; | ||
application/postscript max; | ||
application/font-woff max; | ||
application/font-woff2 max; | ||
application/x-javascript max; | ||
application/vnd.ms-fontobject max; | ||
application/x-font-opentype max; | ||
application/x-font-truetype max; | ||
application/x-font-ttf max; | ||
application/xml max; | ||
image/gif max; | ||
image/jpeg max; | ||
image/png max; | ||
image/svg+xml max; | ||
image/tiff max; | ||
image/x-icon max; | ||
image/vnd.microsoft.icon max; | ||
image/webp max; | ||
text/x-component max; | ||
text/x-js max; | ||
text/css max; | ||
text/csv max; | ||
text/html epoch; | ||
text/javascript max; | ||
text/plain epoch; | ||
text/xml max; | ||
text/xsd max; | ||
text/xsl max; | ||
font/eot max; | ||
font/opentype max; | ||
font/otf max; | ||
font/woff max; | ||
font/woff2 max; | ||
video/3gpp max; | ||
video/mp4 max; | ||
video/mpeg max; | ||
video/ogg max; | ||
video/quicktime max; | ||
video/webm max; | ||
video/x-flv max; | ||
video/x-mng max; | ||
video/x-ms-asf max; | ||
video/x-ms-wmv max; | ||
video/x-msvideo max; | ||
} | ||
|
||
expires $expires; |
Oops, something went wrong.