diff --git a/packages/lab/wordpress/.env.example b/packages/lab/wordpress/.env.example
new file mode 100644
index 000000000..e84e277d9
--- /dev/null
+++ b/packages/lab/wordpress/.env.example
@@ -0,0 +1,14 @@
+DOMAIN=wp.mihandoost.com
+
+NGINX_VERSION=1.21
+PHP_VERSION=8.1
+WORDPRESS_VERSION=6.0
+NGINX_MEMOTY_LIMIT=256m
+PHP_MEMOTY_LIMIT=2048m
+## Remove _data/wp-config.php to appy
+WORDPRESS_DB_HOST=mariadb.alwatr.io
+WORDPRESS_DB_USER=alwatr
+WORDPRESS_DB_PASSWORD=secret-password
+WORDPRESS_DB_NAME=database
+WORDPRESS_TABLE_PREFIX=wp_
+WORDPRESS_DEBUG=
diff --git a/packages/lab/wordpress/README.md b/packages/lab/wordpress/README.md
new file mode 100644
index 000000000..ed9da84ed
--- /dev/null
+++ b/packages/lab/wordpress/README.md
@@ -0,0 +1,18 @@
+# @alwatr/wordpress container
+
+## Superfast Wordpress Container for CloudNative Kubernetes Deployments
+
+This container image is based on the official Wordpress image, but with a few tweaks to make it more suitable for Kubernetes deployments.
+
+This is the best practices and fast as possible to run the lazy PHP application like wordpress!
+Just because of `@alwatr/nginx` and php-fpm cashing It can work More than 1,000,000 time faster than the official wordpress!, It’s not a joke!
+
+## So, is Wordpress Cloud native?
+
+**Fuck No!**
+
+To be honest, no PHP application or even framework is made in a cloud native way or mindset.
+This might suck and you don't like it! But it's not my fault if php is bullshit and you like it just because it's popular and easy to learn!
+I have to mention this to reduce my guilty conscience about having this package in the alwatr project!
+There are always a few fundamental “architecture design” problems which cause the entire cloud native way impossible out of the box. Sometimes even with loads of work altering in the “core”, you won’t be able to run it in the way you wanted to.
+If you analyze your requirements and needs, you pick the right tools. If we want high availability, high performance, and ease of CI/CD, perhaps you should have picked another language…
diff --git a/packages/lab/wordpress/_up.sh b/packages/lab/wordpress/_up.sh
new file mode 100755
index 000000000..fc896d22b
--- /dev/null
+++ b/packages/lab/wordpress/_up.sh
@@ -0,0 +1,33 @@
+#!/usr/bin/env bash
+
+set -Eeuo pipefail
+trap "echo '❌ Error'" ERR
+
+TIMEFORMAT="done in %Rs"
+thisPath="$(dirname "$0")"
+cd $thisPath
+ls -lahF
+
+echoStep () {
+ echo "🔹 $1"
+}
+
+echoStep "Preparing..."
+
+[ ! -d _data ] && mkdir _data
+[ -f _data/wp-config.php ] && mv -fv "_data/wp-config.php" "_data/wp-config.php.bak"
+
+time docker-compose pull
+time docker-compose build --pull
+
+echoStep "Starting..."
+
+time docker-compose up --detach --remove-orphans # --force-recreate
+
+echoStep "Fix permitions..."
+
+time docker-compose exec php "fix-permition.sh"
+
+echoStep "Done"
+
+docker-compose logs --tail=300 --follow || true
diff --git a/packages/lab/wordpress/deploy.sh b/packages/lab/wordpress/deploy.sh
new file mode 100755
index 000000000..0b826c689
--- /dev/null
+++ b/packages/lab/wordpress/deploy.sh
@@ -0,0 +1,56 @@
+#!/usr/bin/env bash
+set -Eeuo pipefail
+trap "echo '❌ Error'" ERR
+
+thisPath="$(pwd)"
+thisBasename="$(basename "$thisPath")"
+cd $thisPath;
+
+if [ -z ${DEPLOY_HOST:-} ]
+then
+ echo '❌ Plsease set deploy host env by `export DEPLOY_HOST=root@srv1.alwatr.io`'
+ exit 1
+fi
+
+if [ -z ${DEPLOY_PATH:-} ]
+then
+ echo '❌ Plsease set deploy path env by `DEPLOY_PATH=wp-test ./deploy.sh`'
+ exit 1
+fi
+
+DEPLOY_PATH="/srv/${DEPLOY_PATH:-$thisBasename}/"
+
+echo "DEPLOY_HOST: $DEPLOY_HOST"
+echo "DEPLOY_PATH: $DEPLOY_PATH"
+
+echoStep () {
+ echo "🔸 $1"
+}
+
+remoteShell () {
+ server=$1; shift;
+ echo "🔸 remoteShell => $server"
+ ssh -o "ConnectTimeout=5" -tt -q $server $@
+}
+
+if [ ! -f .env ]
+then
+ echo "❌ .env file not found"
+ cp .env.example .env
+ nano .env
+fi
+
+echoStep "Sync..."
+
+remoteShell $DEPLOY_HOST "mkdir -p $DEPLOY_PATH"
+
+rsync -Pazh --del ./_*.sh ./.env ./*.yml php nginx $DEPLOY_HOST:$DEPLOY_PATH/
+
+if [[ "${1:-}" == "--down" ]]
+then
+ echoStep "Down..."
+ remoteShell $DEPLOY_HOST "cd $DEPLOY_PATH && docker-compose down --remove-orphans"
+else
+ echoStep "Up..."
+ remoteShell $DEPLOY_HOST "cd $DEPLOY_PATH && chmod +x _up.sh && ./_up.sh"
+fi
diff --git a/packages/lab/wordpress/docker-compose.yml b/packages/lab/wordpress/docker-compose.yml
new file mode 100644
index 000000000..9f956c84f
--- /dev/null
+++ b/packages/lab/wordpress/docker-compose.yml
@@ -0,0 +1,98 @@
+version: '2'
+
+networks:
+ internal:
+ alwatr-private-network:
+ external:
+ name: alwatr-private-network
+ alwatr-public-network:
+ external:
+ name: alwatr-public-network
+
+services:
+ nginx:
+ build:
+ context: ./nginx
+ args:
+ - NGINX_VERSION=${NGINX_VERSION}
+
+ hostname: nginx.alwatr.io
+
+ networks:
+ - internal
+ - alwatr-public-network
+
+ restart: unless-stopped
+
+ depends_on:
+ - php
+
+ cpu_shares: 2048
+ mem_limit: ${NGINX_MEMOTY_LIMIT}
+
+ volumes:
+ - type: bind
+ source: ./_data/
+ target: /var/www/html/
+
+ tmpfs:
+ - /var/cache
+
+ logging:
+ driver: json-file
+ options:
+ max-size: '10m'
+ max-file: '2'
+
+ labels:
+ traefik.enable: true
+ traefik.port: 80
+ traefik.frontend.rule: Host:${DOMAIN}
+ traefik.frontend.entryPoints: http, https
+ traefik.frontend.redirect.entryPoint: https
+
+ php:
+ build:
+ context: ./php
+ args:
+ - PHP_VERSION=${PHP_VERSION}
+ - WORDPRESS_VERSION=${WORDPRESS_VERSION}
+
+ hostname: php.alwatr.io
+
+ networks:
+ - internal
+ - alwatr-private-network
+
+ restart: unless-stopped
+
+ cpu_shares: 1024
+ mem_limit: ${PHP_MEMOTY_LIMIT}
+
+ volumes:
+ - type: bind
+ source: ./_data/
+ target: /var/www/html/
+
+ tmpfs:
+ - /tmp
+
+ env_file:
+ - .env
+
+ logging:
+ driver: json-file
+ options:
+ max-size: '10m'
+ max-file: '2'
+
+ environment:
+ WORDPRESS_CONFIG_EXTRA: |
+ /* Alwatr Setting */
+ define('WP_CACHE', true);
+ define('WP_POST_REVISIONS', 2);
+ define('IMAGE_EDIT_OVERWRITE', true);
+ define('FORCE_SSL_LOGIN', false);
+ define('FORCE_SSL_ADMIN', false);
+ define('WP_MEMORY_LIMIT', '256M');
+ define('WP_MAX_MEMORY_LIMIT', '256M'); # admin dashboard
diff --git a/packages/lab/wordpress/nginx/.dockerignore b/packages/lab/wordpress/nginx/.dockerignore
new file mode 100644
index 000000000..f57b03055
--- /dev/null
+++ b/packages/lab/wordpress/nginx/.dockerignore
@@ -0,0 +1,4 @@
+*
+!nginx.conf
+!conf.d
+!toggle-cache.html
diff --git a/packages/lab/wordpress/nginx/Dockerfile b/packages/lab/wordpress/nginx/Dockerfile
new file mode 100644
index 000000000..cb4dcce39
--- /dev/null
+++ b/packages/lab/wordpress/nginx/Dockerfile
@@ -0,0 +1,8 @@
+ARG NGINX_VERSION=1.23
+
+FROM nginx:${NGINX_VERSION}-alpine
+
+COPY nginx.conf /etc/nginx/
+COPY conf.d/ /etc/nginx/conf.d/
+RUN ls -lahF /etc/nginx && ls -lahF /etc/nginx/conf.d/ # for debug
+COPY toggle-cache.html /var/www/
diff --git a/packages/lab/wordpress/nginx/conf.d/fastcgi.conf b/packages/lab/wordpress/nginx/conf.d/fastcgi.conf
new file mode 100644
index 000000000..4e3fc8cd2
--- /dev/null
+++ b/packages/lab/wordpress/nginx/conf.d/fastcgi.conf
@@ -0,0 +1,70 @@
+# regex to split $uri to $fastcgi_script_name and $fastcgi_path
+# This is a robust solution for path info security issue and works with "cgi.fix_pathinfo = 1" in /etc/php.ini (default) # ?
+fastcgi_split_path_info ^(.+\.php)(/.+)$;
+fastcgi_connect_timeout 10s;
+fastcgi_send_timeout 15s;
+fastcgi_read_timeout 120s;
+
+fastcgi_buffer_size 256k;
+fastcgi_buffers 4 256k;
+fastcgi_busy_buffers_size 256k;
+fastcgi_temp_file_write_size 4m;
+fastcgi_max_temp_file_size 4m;
+fastcgi_intercept_errors off;
+
+# fastcgi_keep_conn on; # its must be on for keepalive in upstream work
+
+fastcgi_cache fastcgicache;
+fastcgi_cache_valid 302 403 404 5m;
+fastcgi_cache_valid 200 206 301 24h;
+fastcgi_cache_revalidate on; # ?
+fastcgi_cache_background_update on; # ?
+fastcgi_cache_lock on;
+fastcgi_cache_use_stale error timeout invalid_header updating http_500;
+fastcgi_cache_min_uses 1;
+#fastcgi_cache_purge $purge_method; # active module
+
+fastcgi_cache_bypass $no_cache;
+fastcgi_no_cache $no_cache;
+
+fastcgi_pass_request_headers on;
+fastcgi_pass_request_body on;
+fastcgi_ignore_headers Cache-Control Expires Set-Cookie;
+fastcgi_hide_header X-Powered-By;
+# Remove cached Set-Cookie header to prevent same cookie for all users!
+#fastcgi_hide_header Set-Cookie;
+#fastcgi_hide_header Cookie;
+
+fastcgi_param GATEWAY_INTERFACE CGI/1.1;
+fastcgi_param SERVER_SOFTWARE nginx/$nginx_version;
+
+fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
+fastcgi_param SCRIPT_NAME $fastcgi_script_name;
+fastcgi_param QUERY_STRING $query_string;
+fastcgi_param REQUEST_METHOD $request_method;
+fastcgi_param CONTENT_TYPE $content_type if_not_empty;
+fastcgi_param CONTENT_LENGTH $content_length;
+
+fastcgi_param REQUEST_URI $request_uri;
+fastcgi_param DOCUMENT_URI $document_uri;
+fastcgi_param DOCUMENT_ROOT $document_root;
+fastcgi_param SERVER_PROTOCOL $server_protocol;
+fastcgi_param REQUEST_SCHEME $scheme;
+fastcgi_param HTTPS $https if_not_empty;
+
+fastcgi_param REMOTE_ADDR $http_x_real_ip;
+fastcgi_param REMOTE_PORT $remote_port;
+fastcgi_param SERVER_ADDR $server_addr;
+fastcgi_param SERVER_PORT $server_port;
+fastcgi_param SERVER_NAME $server_name;
+
+# PHP only, required if PHP was built with --enable-force-cgi-redirect
+fastcgi_param REDIRECT_STATUS 200;
+
+# Bypass the fact that try_files resets $fastcgi_path_info
+# see: https://trac.nginx.org/nginx/ticket/321
+set $path_info $fastcgi_path_info;
+fastcgi_param PATH_INFO $path_info;
+
+## Fix HTTPoxy vulnerability https://httpoxy.org/#mitigate-nginx
+# fastcgi_param HTTP_PROXY '';
diff --git a/packages/lab/wordpress/nginx/conf.d/mime-expire.conf b/packages/lab/wordpress/nginx/conf.d/mime-expire.conf
new file mode 100644
index 000000000..5c6d8456a
--- /dev/null
+++ b/packages/lab/wordpress/nginx/conf.d/mime-expire.conf
@@ -0,0 +1,53 @@
+map $sent_http_content_type $expires {
+ default off;
+ ~assets/ max;
+ application/ecmascript max;
+ application/javascript max;
+ application/json max;
+ application/pdf max;
+ application/postscript max;
+ application/font-woff max;
+ application/font-woff2 max;
+ application/x-javascript max;
+ application/vnd.ms-fontobject max;
+ application/x-font-opentype max;
+ application/x-font-truetype max;
+ application/x-font-ttf max;
+ application/xml max;
+ image/gif max;
+ image/jpeg max;
+ image/png max;
+ image/svg+xml max;
+ image/tiff max;
+ image/x-icon max;
+ image/vnd.microsoft.icon max;
+ image/webp max;
+ text/x-component max;
+ text/x-js max;
+ text/css max;
+ text/csv max;
+ text/html epoch;
+ text/javascript max;
+ text/plain epoch;
+ text/xml max;
+ text/xsd max;
+ text/xsl max;
+ font/eot max;
+ font/opentype max;
+ font/otf max;
+ font/woff max;
+ font/woff2 max;
+ video/3gpp max;
+ video/mp4 max;
+ video/mpeg max;
+ video/ogg max;
+ video/quicktime max;
+ video/webm max;
+ video/x-flv max;
+ video/x-mng max;
+ video/x-ms-asf max;
+ video/x-ms-wmv max;
+ video/x-msvideo max;
+}
+
+expires $expires;
diff --git a/packages/lab/wordpress/nginx/conf.d/mime.conf b/packages/lab/wordpress/nginx/conf.d/mime.conf
new file mode 100644
index 000000000..6dfed9cc5
--- /dev/null
+++ b/packages/lab/wordpress/nginx/conf.d/mime.conf
@@ -0,0 +1,95 @@
+default_type application/octet-stream;
+
+types {
+ application/atom+xml atom;
+ application/json json map topojson;
+ application/ld+json jsonld;
+ application/rss+xml rss;
+ application/vnd.geo+json geojson;
+ application/xml rdf xml;
+ application/javascript js;
+ application/manifest+json webmanifest;
+ application/x-web-app-manifest+json webapp;
+ text/cache-manifest appcache;
+ audio/midi mid midi kar;
+ audio/mp4 aac f4a f4b m4a;
+ audio/mpeg mp3;
+ audio/ogg oga ogg opus;
+ audio/x-realaudio ra;
+ audio/x-wav wav;
+ image/bmp bmp;
+ image/gif gif;
+ image/jpeg jpeg jpg;
+ image/jxr jxr hdp wdp;
+ image/png png;
+ image/svg+xml svg svgz;
+ image/tiff tif tiff;
+ image/vnd.wap.wbmp wbmp;
+ image/webp webp;
+ image/x-jng jng;
+ video/3gpp 3gp 3gpp;
+ video/mp4 f4p f4v m4v mp4;
+ video/mpeg mpeg mpg;
+ video/ogg ogv;
+ video/quicktime mov;
+ video/webm webm;
+ video/x-flv flv;
+ video/x-mng mng;
+ video/x-ms-asf asf asx;
+ video/x-ms-wmv wmv;
+ video/x-msvideo avi;
+ image/x-icon cur ico;
+ application/msword doc;
+ application/vnd.ms-excel xls;
+ application/vnd.ms-powerpoint ppt;
+ application/vnd.openxmlformats-officedocument.wordprocessingml.document docx;
+ application/vnd.openxmlformats-officedocument.spreadsheetml.sheet xlsx;
+ application/vnd.openxmlformats-officedocument.presentationml.presentation pptx;
+ application/font-woff woff;
+ font/woff2 woff2;
+ application/vnd.ms-fontobject eot;
+ application/font-sfnt ttf otf;
+ application/java-archive ear jar war;
+ application/mac-binhex40 hqx;
+ application/octet-stream bin deb dll dmg exe img iso msi msm msp safariextz;
+ application/pdf pdf;
+ application/postscript ai eps ps;
+ application/rtf rtf;
+ application/vnd.google-earth.kml+xml kml;
+ application/vnd.google-earth.kmz kmz;
+ application/vnd.wap.wmlc wmlc;
+ application/x-7z-compressed 7z;
+ application/x-bb-appworld bbaw;
+ application/x-bittorrent torrent;
+ application/x-chrome-extension crx;
+ application/x-cocoa cco;
+ application/x-java-archive-diff jardiff;
+ application/x-java-jnlp-file jnlp;
+ application/x-makeself run;
+ application/x-opera-extension oex;
+ application/x-perl pl pm;
+ application/x-pilot pdb prc;
+ application/x-rar-compressed rar;
+ application/x-redhat-package-manager rpm;
+ application/x-sea sea;
+ application/x-shockwave-flash swf;
+ application/x-stuffit sit;
+ application/x-tcl tcl tk;
+ application/x-x509-ca-cert crt der pem;
+ application/x-xpinstall xpi;
+ application/xhtml+xml xhtml;
+ application/xslt+xml xsl;
+ application/zip zip;
+ text/css css;
+ text/csv csv;
+ text/html htm html shtml;
+ text/markdown md;
+ text/mathml mml;
+ text/plain txt;
+ text/vcard vcard vcf;
+ text/vnd.rim.location.xloc xloc;
+ text/vnd.sun.j2me.app-descriptor jad;
+ text/vnd.wap.wml wml;
+ text/vtt vtt;
+ text/x-component htc;
+}
diff --git a/packages/lab/wordpress/nginx/conf.d/nocache.conf b/packages/lab/wordpress/nginx/conf.d/nocache.conf
new file mode 100644
index 000000000..4422a7f76
--- /dev/null
+++ b/packages/lab/wordpress/nginx/conf.d/nocache.conf
@@ -0,0 +1,39 @@
+# Skip fastcgi cache for following patterns
+map $request_uri $no_cache {
+ # 0 => enable cache
+ # 1 => skip cache
+
+ default 0;
+ # default 1; # temporary disable cache
+
+ ~*\/wp-admin\/.* 1;
+ ~*\/wp-content/plugins\/.* 1;
+ ~*\/wp-[a-zA-Z0-9-]+\.php 1;
+ ~*\/feed\/.* 1;
+ ~*\/administrator\/.* 1;
+ ~*\/sitemap(_index)?.xml 1;
+ ~*\/xmlrpc.php 1;
+ ~*\/wp-.*.php 1;
+ ~*\/index.php 1;
+
+ # woocommerce
+ ~*\/cart.* 1;
+ ~*\/checkout.* 1;
+ ~*\/my-account.* 1;
+ ~*\/account.* 1;
+ ~*\/profile.* 1;
+ ~*\/addons.* 1;
+ ~*\/login.* 1;
+ ~*\/wc-ajax.* 1;
+
+ HEAD 0;
+ GET 0;
+}
+
+map $http_cookie $no_cache {
+ ~*no_cache* 1;
+ ~*comment_author* 1;
+ ~*wp-postpass* 1;
+ ~*wordpress_test_cookie* 1;
+ ~*wordpress_logged_in* 1;
+}
diff --git a/packages/lab/wordpress/nginx/conf.d/secure.conf b/packages/lab/wordpress/nginx/conf.d/secure.conf
new file mode 100644
index 000000000..33d1989ab
--- /dev/null
+++ b/packages/lab/wordpress/nginx/conf.d/secure.conf
@@ -0,0 +1,54 @@
+location ~* (?:\.(?:bak|conf|dist|fla|in[ci]|log|psd|sh|sql|sw[op]|lock)|~)$ {
+ deny all;
+ access_log off; log_not_found off;
+}
+location ~* \.(pl|cgi|py|sh|lua)\$ {
+ return 444;
+}
+location ~* (w00tw00t) {
+ return 444;
+}
+location ~* \.(engine|inc|info|install|make|module|profile|test|po|sh|.*sql|theme|tpl(\.php)?|xtmpl)\$|^(\..*|Entries.*|Repository|Root|Tag|Template)\$|\.php_ {
+ return 444;
+}
+location = /robots.txt {
+ access_log off; log_not_found off;
+}
+location = /favicon.ico {
+ access_log off; log_not_found off;
+}
+location ~ /\. {
+ deny all;
+ access_log off; log_not_found off;
+}
+location ~* wp-includes/theme-compat/ {
+ deny all;
+}
+location ~* /(\.|wp-config\.php|wp-config\.txt|changelog\.txt|readme\.txt|readme\.html|license\.txt) {
+ deny all;
+}
+location ~* wp-includes/js/tinymce/langs/.*.php {
+ deny all;
+}
+location ~* /(?:uploads|files|wp-content|wp-includes)/.*\.php\$ {
+ deny all;
+}
+location ~* /wp-content/uploads/nginx-helper/ {
+ internal;
+}
+location ~* ^/(wp-content)/(.*?)\.(zip|gz|tar|bzip2|7z)\$ {
+ deny all;
+}
+location ~ ^/wp-content/uploads/sucuri {
+ deny all;
+}
+location ~ ^/wp-content/updraft {
+ deny all;
+}
+location ~ ^/wp-content/uploads/.*.(php|pl|py|jsp|asp|htm|html|shtml|sh|cgi)$ {
+ types { }
+ default_type text/plain;
+}
+# if ($request_method !~ ^(GET|HEAD|POST)$ ) {
+# return 405;
+# }
diff --git a/packages/lab/wordpress/nginx/nginx.conf b/packages/lab/wordpress/nginx/nginx.conf
new file mode 100644
index 000000000..189f4138c
--- /dev/null
+++ b/packages/lab/wordpress/nginx/nginx.conf
@@ -0,0 +1,162 @@
+# Configuration File - Nginx Server Configs
+# http://nginx.org/en/docs/dirindex.html
+
+# The file storing the process ID of the main process
+pid /var/run/nginx.pid;
+
+# Run as a unique, less privileged user for security reasons.
+# user www-data www-data; # user group
+user nginx;
+
+# Sets the worker threads to the number of CPU cores available in the system for best performance.
+# Should be > the number of CPU cores.
+# Maximum number of connections = worker_processes * worker_connections
+worker_processes auto;
+
+# Reduces timer resolution in worker processes, thus reducing the number of gettimeofday() system calls made. By default, gettimeofday() is called each time a kernel event is received. With reduced resolution, gettimeofday() is only called once per specified interval.
+timer_resolution 100ms;
+
+# Defines named thread pools used for multi-threaded reading and sending of files without blocking worker processes.
+thread_pool default threads=32 max_queue=65536;
+
+events {
+ # https://nginx.org/en/docs/events.html
+ # use epoll;
+
+ # Sets the maximum number of simultaneous connections that can be opened by a worker process.
+ # Should be < worker_rlimit_nofile.
+ worker_connections 32767;
+
+ # accept as many connections as possible, may flood worker connections if set too low -- for testing environment
+ # multi_accept on;
+}
+
+http {
+ # set all cache temp paths
+ client_body_temp_path /var/cache/client_body 1 2;
+ proxy_temp_path /var/cache/proxy_temp_path 1 2;
+ fastcgi_temp_path /var/cache/fastcgi_temp 1 2;
+ uwsgi_temp_path /var/cache/uwsgi_temp 1 2;
+ scgi_temp_path /var/cache/scgi_temp 1 2;
+
+ log_format simple "$time_local $remote_addr (c:$upstream_cache_status, n:$no_cache) $request_method $scheme://$host$request_uri";
+ access_log /var/log/nginx/access.log simple;
+ #access_log off;
+ error_log /var/log/nginx/error.log warn;
+
+ server_tokens off;
+
+ tcp_nopush off;
+ tcp_nodelay off;
+ sendfile off;
+ sendfile_max_chunk 512k;
+
+ # fix dns for docker and ssl
+ resolver 127.0.0.11 ipv6=off valid=10s;
+ resolver_timeout 5s;
+ #resolver 1.1.1.1 8.8.8.8 8.8.4.4 valid=60s;
+ #resolver_timeout 15s;
+
+
+ # allow the server to close connection on non responding client, this will free up memory
+ reset_timedout_connection on;
+
+ # Controls whether header fields with invalid names should be ignored. Valid names are composed of English letters, digits, hyphens, and possibly underscores
+ ignore_invalid_headers on;
+
+ # Sets the maximum allowed size of the client request body
+ client_max_body_size 100m;
+
+ index index.html index.php;
+
+ set_real_ip_from 172.16.0.0/12;
+ #set_real_ip_from 10.0.0.0/8;
+ #real_ip_header X-Real-IP;
+ real_ip_header X-Forwarded-For;
+ real_ip_recursive on;
+
+ limit_req_zone $binary_remote_addr zone=req_zone:10m rate=500r/s;
+
+ fastcgi_cache_path /var/cache/fastcgi
+ levels=1:2
+ keys_zone=fastcgicache:10m
+ inactive=48h
+ max_size=4g;
+
+ fastcgi_cache_key $scheme$request_method$host$request_uri;
+ fastcgi_cache_use_stale error timeout invalid_header http_500;
+
+ # map $request_method $purge_method {
+ # PURGE 1;
+ # default 0;
+ # }
+
+ open_file_cache max=75000 inactive=120s; # removed from the cache if it has not been accessed during `inactive` time
+ open_file_cache_valid 120s; # Sets a time after which open_file_cache elements should be validated.
+ open_file_cache_min_uses 1; # Sets the minimum number of file accesses during the period configured by the inactive parameter
+ open_file_cache_errors on; # Enables or disables caching of file lookup errors by open_file_cache.
+
+ open_log_file_cache max=20000 inactive=30s min_uses=2; # We need `open_log_file_cache` becouse https://serverfault.com/questions/547421
+
+ include /etc/nginx/conf.d/mime.conf;
+ include /etc/nginx/conf.d/mime-expire.conf;
+ include /etc/nginx/conf.d/nocache.conf;
+
+ upstream php-fpm {
+ #zone php-fpm 32k;
+ ip_hash;
+ server php:9000 max_fails=4 fail_timeout=30s;
+ }
+
+ server {
+ listen 80 default_server;
+ # listen [::]:80 default_server;
+ server_name _;
+
+ include /etc/nginx/conf.d/secure.conf;
+
+ root /var/www/html;
+
+ error_page 401 403 404 /error/404.html;
+ error_page 500 501 503 504 /error/500.html;
+
+ add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload;" always; # always https
+ add_header X-Frame-Options SAMEORIGIN;
+ add_header X-Content-Type-Options nosniff;
+ add_header X-XSS-Protection "1; mode=block";
+ add_header "X-UA-Compatible" "IE=Edge";
+ add_header X-Cache $upstream_cache_status;
+ add_header X-Skip-Cache $no_cache; # for debug
+
+ # limit request disabled behind edge proxy
+ limit_req zone=req_zone burst=150 nodelay;
+
+ location / {
+ # This is cool because no php is touched for static content.
+ try_files $uri $uri/ /index.php$is_args$args;
+ }
+
+ location @php-fpm {
+ try_files $uri =404;
+ fastcgi_pass php-fpm;
+ include /etc/nginx/conf.d/fastcgi.conf;
+ }
+
+ location ~ [^/]\.php(/|$) {
+ try_files $uri $uri/ /index.php$is_args$args @php-fpm;
+ fastcgi_pass php-fpm;
+ include /etc/nginx/conf.d/fastcgi.conf;
+ }
+
+ location = /toggle-cache.html {
+ default_type text/html;
+ alias /var/www/toggle-cache.html;
+ }
+
+ location /server-info {
+ access_log off;
+ default_type text/plain;
+ return 200 "Alwatr Accelerated Web Server";
+ }
+ }
+}
diff --git a/packages/lab/wordpress/nginx/toggle-cache.html b/packages/lab/wordpress/nginx/toggle-cache.html
new file mode 100644
index 000000000..79eb122f9
--- /dev/null
+++ b/packages/lab/wordpress/nginx/toggle-cache.html
@@ -0,0 +1,63 @@
+
+
+
+
+
+ Toggle Wordpress Cache
+
+
+
+
+
+
+
+
diff --git a/packages/lab/wordpress/php/.dockerignore b/packages/lab/wordpress/php/.dockerignore
new file mode 100644
index 000000000..55de093af
--- /dev/null
+++ b/packages/lab/wordpress/php/.dockerignore
@@ -0,0 +1,3 @@
+*
+!php.conf.ini
+!fix-permition.sh
diff --git a/packages/lab/wordpress/php/Dockerfile b/packages/lab/wordpress/php/Dockerfile
new file mode 100644
index 000000000..566318810
--- /dev/null
+++ b/packages/lab/wordpress/php/Dockerfile
@@ -0,0 +1,9 @@
+# https://hub.docker.com/_/wordpress/
+ARG PHP_VERSION=8.1
+ARG WORDPRESS_VERSION=6.0
+
+FROM wordpress:${WORDPRESS_VERSION}-php${PHP_VERSION}-fpm
+
+COPY php.conf.ini $PHP_INI_DIR/conf.d/
+COPY fix-permition.sh /usr/local/bin/
+RUN chmod +x /usr/local/bin/fix-permition.sh
diff --git a/packages/lab/wordpress/php/fix-permition.sh b/packages/lab/wordpress/php/fix-permition.sh
new file mode 100755
index 000000000..5d20800fd
--- /dev/null
+++ b/packages/lab/wordpress/php/fix-permition.sh
@@ -0,0 +1,14 @@
+#!/usr/bin/env bash
+
+set -Eeuo pipefail
+trap "echo '❌ Error'" ERR
+
+data=/var/www/html/
+
+echo "Fix permitions..."
+
+ls -lahF $data
+chown www-data:www-data -R $data
+find $data -type d -exec chmod 755 {} \;
+find $data -type f -exec chmod 644 {} \;
+ls -lahF $data
diff --git a/packages/lab/wordpress/php/php.conf.ini b/packages/lab/wordpress/php/php.conf.ini
new file mode 100644
index 000000000..a25426fc2
--- /dev/null
+++ b/packages/lab/wordpress/php/php.conf.ini
@@ -0,0 +1,21 @@
+# Override by WP
+error_reporting = E_ALL & ~E_NOTICE
+
+# Override by WP
+; display_errors = Off
+
+log_errors = On
+; error_log = /dev/stderr
+
+memory_limit = 256M
+# https://codex.wordpress.org/Editing_wp-config.php#Increasing_memory_allocated_to_PHP
+# WordPress will automatically check if PHP has been allocated less memory than the entered value before utilizing this function. For example, if PHP has been allocated 64MB, there is no need to set this value to 64M as WordPress will automatically use all 64MB if need be.
+
+upload_max_filesize = 100M
+post_max_size = 100M
+
+# http://www.php.net/manual/en/info.configuration.php#ini.max-input-time
+max_input_time = 600
+max_input_vars = 3000
+# after uplaod compreled max_input_time clock is stopped, max_execution_time clock started
+max_execution_time = 120