resource "kubectl_manifest" "wordpress_cfg" { yaml_body = <<-EOF apiVersion: v1 kind: ConfigMap metadata: name: "${var.instance}-${var.component}-envs" labels: ${jsonencode(local.common_labels)} namespace: ${var.namespace} data: WORDPRESS_DB_HOST: ${var.instance}-${var.component}-mysqld.${var.namespace}.svc:3306 WORDPRESS_DB_NAME: ${var.component} WORDPRESS_DB_USER: ${var.component} WORDPRESS_HOST: ${local.dns_name} WORDPRESS_ADMIN_MAIL: "svc-${var.instance}@${var.domain_name}" WORDPRESS_TITLE: "${var.instance}" WORDPRESS_TABLE_PREFIX: wp_ WORDPRESS_DEBUG: "${var.config.is_debug?"true":""}" WORDPRESS_PLUGINS: "${var.config.plugins}" WORDPRESS_THEMES: "${var.config.themes}" WORDPRESS_THEME: "${var.config.theme}" WORDPRESS_LOCALES: "${var.config.locales}" WORDPRESS_ADMINS: "${var.config.extra_admins}" WORDPRESS_LOCALE: "${var.config.locale}" WORDPRESS_CONFIG_EXTRA: | #### general settings define('WP_HOME', 'https://${local.dns_name}'); define('WP_SITEURL', 'https://${local.dns_name}'); define('WP_CACHE', true ); define( 'DISALLOW_FILE_EDIT', true ); @ini_set( 'display_errors', '${var.config.is_debug?"On":"Off"}' ); define( 'WP_DISABLE_FATAL_ERROR_HANDLER', ${var.config.is_debug?"true":"false"} ); define( 'WP_DEBUG_DISPLAY', ${var.config.is_debug?"true":"false"} ); if (isset($_SERVER['HTTP_X_FORWARDED_PROTO']) && $_SERVER['HTTP_X_FORWARDED_PROTO'] == 'https') $_SERVER['HTTPS'] = 'on'; #### memory limits # define('WP_MEMORY_LIMIT', '40' ); # default # define('WP_MAX_MEMORY_LIMIT', '256' ); # default EOF } resource "kubectl_manifest" "wordpress_files" { yaml_body = <<-EOF apiVersion: v1 kind: ConfigMap metadata: name: "${var.instance}-${var.component}-files" labels: ${jsonencode(local.common_labels)} namespace: ${var.namespace} data: "vynil-configurator.sh": |- #!/usr/bin/env bash set -ex set_opt() { if wp option get "$1" >/dev/null 2>&1;then wp option update --format=json "$1" "$2" else wp option add --format=json "$1" "$2" fi } if [ ! -f "$(pwd)/wp-config.php" ];then echo "$${WORDPRESS_CONFIG_EXTRA}" | wp config create --dbname="$${WORDPRESS_DB_NAME}" --dbuser="$${WORDPRESS_DB_USER}" --dbpass="$${WORDPRESS_DB_PASSWORD}" --dbhost="$${WORDPRESS_DB_HOST}" --extra-php fi if [ -z "$(wp core is-installed)" ]; then wp core install --url="https://$${WORDPRESS_HOST}" --title="$${WORDPRESS_TITLE}" --admin_user="$${WORDPRESS_ADMIN_NAME}" --admin_password="$${WORDPRESS_ADMIN_PASSWORD}" --admin_email="$${WORDPRESS_ADMIN_MAIL}" --locale="${var.config.locale}" --skip-email fi for THEME in $(echo "$WORDPRESS_THEMES"|sed 's/;/ /g;s/,/ /g');do wp theme install $THEME done if [ ! -z "$WORDPRESS_THEME" ]; then wp theme install $WORDPRESS_THEME wp theme activate $WORDPRESS_THEME fi for PLUGIN in $(echo "miniorange-login-with-eve-online-google-facebook $WORDPRESS_PLUGINS"|sed 's/;/ /g;s/,/ /g');do wp plugin install $PLUGIN wp plugin activate $PLUGIN done for LOCALE in $(echo "$WORDPRESS_LOCALES"|sed 's/;/ /g;s/,/ /g');do wp language core install $LOCALE wp language theme install --all $LOCALE wp language plugin install --all $LOCALE done if [ ! -z "$WORDPRESS_LOCALE" ]; then wp language core install $WORDPRESS_LOCALE wp language theme install --all $WORDPRESS_LOCALE wp language plugin install --all $WORDPRESS_LOCALE wp language core activate $WORDPRESS_LOCALE fi set_opt mo_oauth_apps_list "$WORDPRESS_SSO_CONFIG" set_opt mo_debug_check '"0"' set_opt mo_oauth_client_new_registration '"true"' set_opt mo_oc_valid_discovery_ep '"1"' set_opt mo_discovery_validation '"valid"' set_opt mo_attr_option '"automatic"' set_opt mo_debug_enable '"on"' for ADMIN in $(echo "$WORDPRESS_ADMINS"|sed 's/;/ /g;s/,/ /g');do if wp user get $ADMIN >/dev/null 2>&1;then wp user add-role $ADMIN administrator fi done wp core update-db wp-cli: |- #!/bin/sh WP_PATH=/var/www/html/ CLI=/tmp/wp-cli.phar if ! [ -f "$CLI" ]; then curl https://raw.githubusercontent.com/wp-cli/builds/gh-pages/phar/wp-cli.phar -o $CLI fi export PAGER="more" php $CLI --path=$WP_PATH "$@" docker-php-ext-redis.ini: |- extension = redis.so session.save_handler = redis session.save_path = "tcp://${var.instance}-${var.component}-redis.${var.namespace}.svc:6379/?prefix=SESSION_${var.component}_${var.instance}:" php-fpm-zz-docker.conf: |- [global] daemonize = no [www] listen = 9000 php-opcache-recommended.ini: |- opcache.enable=1 opcache.memory_consumption=128 opcache.interned_strings_buffer=8 opcache.max_accelerated_files=10000 opcache.validate_timestamps=1 opcache.revalidate_freq=60 php-uploads.ini: |- memory_limit = 256M max_file_uploads = 50 upload_max_filesize = 96M post_max_size = 96M max_execution_time = 300 max_input_time = 600 nginx.conf: |- worker_processes auto; error_log /dev/stderr; pid /tmp/nginx.pid; worker_rlimit_nofile 8192; events { worker_connections 1024; multi_accept on; } http { # cache informations about FDs, frequently accessed files # can boost performance, but you need to test those values open_file_cache max=40000 inactive=20s; open_file_cache_valid 60s; open_file_cache_min_uses 2; open_file_cache_errors on; # copies data between one FD and other from within the kernel # faster than read() + write() sendfile on; # send headers in one piece, it is better than sending them one by one tcp_nopush on; # don't buffer data sent, good for small data bursts in real time tcp_nodelay on; # gzip settings gzip on; gzip_buffers 16 8k; gzip_min_length 10k; gzip_proxied any; gzip_types text/css text/javascript text/xml text/plain text/x-component application/javascript application/x-javascript application/json application/xml application/rss+xml application/atom+xml font/truetype font/opentype application/vnd.ms-fontobject image/svg+xml; # allow the server to close connection on non responding client, this will free up memory reset_timedout_connection on; # request timed out -- default 60 client_body_timeout 20; # if client stop responding, free up memory -- default 60 send_timeout 10; # server will close connection after this time -- default 75 keepalive_timeout 30; # number of requests client can make over keep-alive -- for testing environment keepalive_requests 10000; # other settings client_max_body_size 96M; server_tokens off; include mime.types; default_type application/octet-stream; add_header X-Frame-Options SAMEORIGIN; # trust these ips to set the correct http_x_forwarded_for header set_real_ip_from 10.0.0.0/8; set_real_ip_from 127.0.0.1; real_ip_header X-Forwarded-For; # to boost I/O on HDD we can disable access logs # access_log off; log_format main '$remote_addr - $status [$request] $body_bytes_sent ' '"$http_referer" "$http_user_agent" via $realip_remote_addr'; access_log "/dev/stdout" main buffer=2048 flush=5s; client_body_temp_path /tmp/client_temp 1 2; proxy_temp_path /tmp/proxy_temp_path 1 2; fastcgi_temp_path /tmp/fastcgi_temp 1 2; uwsgi_temp_path /tmp/uwsgi_temp 1 2; scgi_temp_path /tmp/scgi_temp 1 2; #################################### ### fastcgi cache start #fastcgi_cache_path /tmp/fastcgi-cache levels=1:2 keys_zone=WORDPRESS:100m inactive=10m; #fastcgi_cache_key "$scheme$request_method$host$request_uri"; #fastcgi_cache_use_stale error timeout invalid_header http_500; #fastcgi_ignore_headers Cache-Control Expires Set-Cookie; ### fastcgi cache end #################################### server { listen 8080 default_server; server_name _; root /var/www/html; index index.php; location / { # deliver files directly or from php # $uri - for regular files (html, css, js, jpg, ...) # $uri/ - needed for indexes like /wp-config/ or /tag/nice/ # /index.php?$args - sends the request to wordpress using fastcgi / php try_files $uri $uri/ /index.php?$args; } # DISABLE_DIRECT_CONTENT_PHP_EXECUTION location ~ /(?:wp-content|wp-includes|uploads)/.*\.php$ { deny all; #access_log off; #log_not_found off; } # Deny access to load load-scripts.php, load-styles.php; can be used for DOS attacks; #location ~ \/wp-admin\/load\-(scripts|styles)\.php { # deny all; #} # START Nginx Rewrites for Rank Math Sitemaps rewrite ^/sitemap_index.xml$ /index.php?sitemap=1 last; rewrite ^/([^/]+?)-sitemap([0-9]+)?.xml$ /index.php?sitemap=$1&sitemap_n=$2 last; # END Nginx Rewrites for Rank Math Sitemaps #################################### ### fastcgi cache start # define when to skip the cache #set $skip_cache 0; # Requests with a query string should not be cached #if ($query_string != "") { # set $skip_cache 1; #} # Don't cache uris containing the following segments #if ($request_uri ~ "/wp-admin/|/xmlrpc.php|wp-.*.php|index.php") { # set $skip_cache 1; #} # Don't use the cache for logged in users or recent commenters #if ($http_cookie ~* "comment_author|wordpress_[a-f0-9]+|wp-postpass|wordpress_no_cache|wordpress_logged_in") { # set $skip_cache 1; #} ### fastcgi cache end #################################### # send .php requests to wordpress using (fastcgi) location ~ [^/]\.php(/|$) { # split the request path into its components fastcgi_split_path_info ^(.+?\.php)(/.*)$; # check if the requested php file exits; # don't send the request to fastcgi if no such file exits (saves some resources) if (!-f $document_root$fastcgi_script_name) { return 404; } # include fastcgi_params from nginx directory (/etc/nginx/fastcgi_params) include fastcgi_params; # set the script filename (eg. /var/www/html/index.php) fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_param PATH_INFO $fastcgi_path_info; fastcgi_param PATH_TRANSLATED $document_root$fastcgi_path_info; fastcgi_index index.php; # tell wordpress that the request came over https to avoid redirect-loops fastcgi_param REQUEST_SCHEME 'https'; fastcgi_param HTTPS 'on'; # hide PHP header fastcgi_hide_header X-Powered-By; # send the request to php fastcgi_pass localhost:9000; #fastcgi_pass unix:/run/php/fpm.sock; #################################### ### fastcgi cache start #fastcgi_cache_methods GET HEAD; #fastcgi_cache_bypass $skip_cache; #fastcgi_no_cache $skip_cache; #fastcgi_cache WORDPRESS; #fastcgi_cache_valid 10m; #add_header X-FastCGI-Cache $upstream_cache_status; ### fastcgi cache end #################################### } # enable client cache for media files and fonts location ~* \.(css|js|ico|gif|jpeg|jpg|webp|png|svg|eot|otf|woff|woff2|ttf|ogg|pdf)$ { expires 120d; } } } EOF }