From 40328d29801a6ec44211e851cc85fb4e30fcf9a1 Mon Sep 17 00:00:00 2001 From: H3XploR Date: Tue, 8 Jul 2025 01:08:28 +0200 Subject: [PATCH] oui --- Makefile | 30 ++--- secrets/README.txt | 7 ++ secrets/db_password.txt | 1 + secrets/db_root_password.txt | 1 + secrets/tls_crt.pem | 22 ++++ secrets/tls_key.pem | 28 +++++ srcs/.env | 9 -- srcs/.env.example | 17 +++ srcs/docker-compose.yml | 112 +++++++++--------- srcs/requirements/mariadb/.dockerignore | 0 srcs/requirements/mariadb/Dockerfile | 22 ++-- srcs/requirements/mariadb/conf/my.cnf | 2 - srcs/requirements/mariadb/entrypoint.sh | 30 ----- srcs/requirements/mariadb/init.sh | 14 --- srcs/requirements/mariadb/tools/init-db.sh | 15 +++ srcs/requirements/nginx/.dockerignore | 2 + srcs/requirements/nginx/Dockerfile | 13 +- srcs/requirements/nginx/conf/default.conf | 15 +-- srcs/requirements/nginx/conf/nginx.conf | 21 ++++ srcs/requirements/nginx/tools/entrypoint.sh | 12 ++ srcs/requirements/nginx/tools/generate_ssl.sh | 7 -- srcs/requirements/wordpress/.dockerignore | 0 srcs/requirements/wordpress/Dockerfile | 41 +++---- .../requirements/wordpress/conf/wp-config.php | 18 --- .../wordpress/tools/entrypoint.sh | 15 +++ srcs/secrets/db_password.txt | 1 - srcs/secrets/db_root_password.txt | 1 - srcs/secrets/db_user.txt | 1 - srcs/secrets/wp_admin_password.txt | 1 - srcs/secrets/wp_admin_user.txt | 1 - 30 files changed, 246 insertions(+), 213 deletions(-) create mode 100644 secrets/README.txt create mode 100644 secrets/db_password.txt create mode 100644 secrets/db_root_password.txt create mode 100644 secrets/tls_crt.pem create mode 100644 secrets/tls_key.pem delete mode 100644 srcs/.env create mode 100644 srcs/.env.example create mode 100644 srcs/requirements/mariadb/.dockerignore delete mode 100644 srcs/requirements/mariadb/conf/my.cnf delete mode 100644 srcs/requirements/mariadb/entrypoint.sh delete mode 100644 srcs/requirements/mariadb/init.sh create mode 100755 srcs/requirements/mariadb/tools/init-db.sh create mode 100644 srcs/requirements/nginx/.dockerignore create mode 100644 srcs/requirements/nginx/conf/nginx.conf create mode 100755 srcs/requirements/nginx/tools/entrypoint.sh delete mode 100644 srcs/requirements/nginx/tools/generate_ssl.sh create mode 100644 srcs/requirements/wordpress/.dockerignore delete mode 100644 srcs/requirements/wordpress/conf/wp-config.php create mode 100755 srcs/requirements/wordpress/tools/entrypoint.sh delete mode 100644 srcs/secrets/db_password.txt delete mode 100644 srcs/secrets/db_root_password.txt delete mode 100644 srcs/secrets/db_user.txt delete mode 100644 srcs/secrets/wp_admin_password.txt delete mode 100644 srcs/secrets/wp_admin_user.txt diff --git a/Makefile b/Makefile index 97487d5..bed3765 100644 --- a/Makefile +++ b/Makefile @@ -1,29 +1,15 @@ -PROJECT_NAME=inception -DOCKER_COMPOSE=docker-compose -DC_FILE=srcs/docker-compose.yml -ENV_FILE=srcs/.env - -all: up +NAME=inception +SRC_DIR=srcs up: - @mkdir -p /home/yantoine/data/mariadb - @mkdir -p /home/yantoine/data/wordpress - @$(DOCKER_COMPOSE) -f $(DC_FILE) --env-file $(ENV_FILE) up -d --build + docker compose -f $(SRC_DIR)/docker-compose.yml --env-file $(SRC_DIR)/.env up -d --build down: - @$(DOCKER_COMPOSE) -f $(DC_FILE) --env-file $(ENV_FILE) down + docker compose -f $(SRC_DIR)/docker-compose.yml down -clean: - # Arrête et supprime containers + volumes liés au projet - @$(DOCKER_COMPOSE) -f $(DC_FILE) --env-file $(ENV_FILE) down -v --remove-orphans +re: down up -fclean: clean - # Supprime images du projet + system prune + supprime données sur l'hôte - @docker image rm -f $(PROJECT_NAME)_wordpress $(PROJECT_NAME)_mariadb $(PROJECT_NAME)_nginx || true - @docker system prune -af - @rm -rf /home/yantoine/data/mariadb - @rm -rf /home/yantoine/data/wordpress +fclean: down + docker system prune -af -re: fclean up - -.PHONY: all up down clean fclean re +.PHONY: up down re fclean diff --git a/secrets/README.txt b/secrets/README.txt new file mode 100644 index 0000000..75c6d0f --- /dev/null +++ b/secrets/README.txt @@ -0,0 +1,7 @@ + +- db_password.txt : mot de passe de l'utilisateur MySQL +- db_root_password.txt : mot de passe root MySQL +- tls_crt.pem : certificat TLS (full chain) +- tls_key.pem : clé privée TLS + + .gitignore ! diff --git a/secrets/db_password.txt b/secrets/db_password.txt new file mode 100644 index 0000000..5539019 --- /dev/null +++ b/secrets/db_password.txt @@ -0,0 +1 @@ +motdepasseuser diff --git a/secrets/db_root_password.txt b/secrets/db_root_password.txt new file mode 100644 index 0000000..36ce055 --- /dev/null +++ b/secrets/db_root_password.txt @@ -0,0 +1 @@ +motdepasseroot diff --git a/secrets/tls_crt.pem b/secrets/tls_crt.pem new file mode 100644 index 0000000..57b526e --- /dev/null +++ b/secrets/tls_crt.pem @@ -0,0 +1,22 @@ +-----BEGIN CERTIFICATE----- +MIIDjzCCAnegAwIBAgIUTJCx7vaFiojCcjWzv038pPBJ0JQwDQYJKoZIhvcNAQEL +BQAwVzELMAkGA1UEBhMCRlIxCzAJBgNVBAgMAjQyMQ4wDAYDVQQHDAVQYXJpczES +MBAGA1UECgwJSW5jZXB0aW9uMRcwFQYDVQQDDA55YW50b2luZS40Mi5mcjAeFw0y +NTA3MDcyMzA2NThaFw0yNjA3MDcyMzA2NThaMFcxCzAJBgNVBAYTAkZSMQswCQYD +VQQIDAI0MjEOMAwGA1UEBwwFUGFyaXMxEjAQBgNVBAoMCUluY2VwdGlvbjEXMBUG +A1UEAwwOeWFudG9pbmUuNDIuZnIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK +AoIBAQDIin6td4TI/XquOuGwsSCMsk8vDjBwnyJXuLMnEXlwywcMgUrK6f0niaAG +XnFrDDJ7n6515HtmniXyJsK/sPVMJoBP9uHYau2amemZhRsFDarsyxnlfYmsc2Ax +MJxNqnh/9jtR2HxIW0MdvdgvfYNrvyFfKOJ1MypYt60d5OXDnzRetokm7uXsFqpp +gz517nj3YD1lPh+1cIYR5HiPywAd5IB+lOGvw53YDAb9VmU03xvmvKuZHuYQmJVv +VBHV5LwGVoduyP8DGK36Nh9RlNAxEUSWIIaExnKXUm9c948a/OsuHCB4ks0dT209 +fQbnxU5mqvo+/wNROdA9vAepv2lNAgMBAAGjUzBRMB0GA1UdDgQWBBTTnH14HI/x +1M3wFMcF7GAdlnpssjAfBgNVHSMEGDAWgBTTnH14HI/x1M3wFMcF7GAdlnpssjAP +BgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQB2NcfiWNcPtWUW8zow +6aD8SQzz4FMMrTAwJG/QYrd+1J75DEM/reT1UivkfX19rsbHp+YjNY9duFBfO7aX +cz5zajof0GS69LI13tOI2GUayG8D2HacBY+BSOybI7l0uuI90i8xBwkc/m2lZdOW +wMtDP4jBAtr38HevQhimLzQdLRoqTqku6Dz13f8tPGkCTNCfSbmHYSclpFhXIl0/ +KsVM6rW107TsVh4Tukpumb9mrUsWW2KBdeD/uNF0qtnpgt31fhGjOco/eEojOrpn +v08CjnyNl+v3cz/TzK08g1gsspJtVxv9IRI9t3673Z+yjLVPqYy8e2thPcu0Tbmi +iIw0 +-----END CERTIFICATE----- diff --git a/secrets/tls_key.pem b/secrets/tls_key.pem new file mode 100644 index 0000000..15ac0e0 --- /dev/null +++ b/secrets/tls_key.pem @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQDIin6td4TI/Xqu +OuGwsSCMsk8vDjBwnyJXuLMnEXlwywcMgUrK6f0niaAGXnFrDDJ7n6515HtmniXy +JsK/sPVMJoBP9uHYau2amemZhRsFDarsyxnlfYmsc2AxMJxNqnh/9jtR2HxIW0Md +vdgvfYNrvyFfKOJ1MypYt60d5OXDnzRetokm7uXsFqppgz517nj3YD1lPh+1cIYR +5HiPywAd5IB+lOGvw53YDAb9VmU03xvmvKuZHuYQmJVvVBHV5LwGVoduyP8DGK36 +Nh9RlNAxEUSWIIaExnKXUm9c948a/OsuHCB4ks0dT209fQbnxU5mqvo+/wNROdA9 +vAepv2lNAgMBAAECggEAA4wI4+Tmc9mhPF4ClOn6cz1KJOvBfpR0pTbj8E/LpUDq +DdYRmReHaJYeFE7CVHbhmQnWKklRchtfp3H5EC6UlXVkNUXexmxUad90Csjtv+qh +zdC6fgfOPL8eV0W5VgRVtPRe0I/y2XgdGUm806Y1ggfePWfPOEHLQMjK5pRLCL6K +6d1Mn4AaaXOpgnJDPPltwzkl0Z9t+zEbIVmCG6isHRAP+LKug6a75dejTLkMQmY8 +kAUkKOHTneVYj+vIHYCQPiH6wsgQ8frBuxd1zD35xOMA4scC2+NUHZKB329FcIdo +gJ4uuNYC+4mChDVB2hZXM24eYo+aLw7V/Nxe8fQDrwKBgQD5pb80lvN8GGHVBkNR +IdwGd9Cx9pcUemwyJjOmL/RN35P2wiR0g0AErdEiQB+uA9l//w6+Isdw8Nl1xnga +eW4dFZDBnIAFucNlBjWjJeCattozj4J+l4iDQtZ4G5X43f19Xc6Ij1D/T2Uv6hE+ +BFSCI97cxjNX+CamxNHiBmroiwKBgQDNpNvWZFCIcGswbUZmvh2x6/rw9nTHJUfo +7fE1WeMwCcmXl497fgafxgfYn4sVZRsv2n5xOtzjDq0F+3RFHFdRFcCbNrLk4nvQ +OCo/8eRHGh9pj5DlrkI9mxd98ulTcGDtM1l7H4i8fmlKA2nbgsbm4xAHrbp2dMl2 +UiZx1S1YhwKBgFgOCl82TzOaNge5ac0YME9nu4jJ/YgPllIp/1XC3F0LW1lSKSGf +mdkMphN6orHyUalAAac3BTnk+g78rihIZHqFvMVNuipK14yuoASnu41Wqag+Gj0k +ndYOoS9EK6XYRy0NBWhNhLhI/Nvlp6dER7qPhHBCyKFiud9g1NbwhIz5AoGAdBfr +277KEByXBsHKCtqtXPKBumMIThzn2cHqeFoEfewomKIBaJAfITfk2hBHro5jqMJK +u5WlebGhUE1CuHlleeszzuw0Vi7eAxCSGYNvggxnS2q3PFMCJlFWE858lpRMw9xH +WdDVmsQqoJQIwNm1fEcXl54mNBV+XoPGHGFitiUCgYBq3NwWC4X5whD9nQsD9Ktg +3fZd9fc/QsdVDN58zh/Pmn8mMjQd5V3c/CNRrJ1uPAY9OyLWlClS/c5KEpNr8k0F +VJ40lhiHCv6T7DuzU2Ni0K5YHzMcVAc8lXxJz6v+T4RGqqmNXH8bMcZYd+zRna/u +rGkuwgA+oFWgIyPCfE5bGA== +-----END PRIVATE KEY----- diff --git a/srcs/.env b/srcs/.env deleted file mode 100644 index f26a9a5..0000000 --- a/srcs/.env +++ /dev/null @@ -1,9 +0,0 @@ -MYSQL_ROOT_PASSWORD_FILE=/run/secrets/db_root_password -MYSQL_DATABASE=wordpress_db -MYSQL_USER_FILE=/run/secrets/db_user -MYSQL_PASSWORD_FILE=/run/secrets/db_password - -WP_ADMIN_USER_FILE=/run/secrets/wp_admin_user -WP_ADMIN_PASSWORD_FILE=/run/secrets/wp_admin_password -WP_ADMIN_EMAIL=admin@yantoine.42.fr -DOMAIN_NAME=yantoine.42.fr diff --git a/srcs/.env.example b/srcs/.env.example new file mode 100644 index 0000000..49141a6 --- /dev/null +++ b/srcs/.env.example @@ -0,0 +1,17 @@ +LOGIN=yantoine +DOMAIN_NAME=yantoine.42.fr + +# Chemin hôte où seront stockés les volumes +HOST_PATH=/home/${LOGIN}/data + +# Base de données +MYSQL_DATABASE=wordpress +MYSQL_USER=simple_user +# Les fichiers secrets contiendront les mots de passe +# MYSQL_PASSWORD et MYSQL_ROOT_PASSWORD sont fournis via des secrets Docker + +# WordPress +WP_ADMIN_USER=root +WP_ADMIN_PASSWORD=supertoor123 +WP_ADMIN_EMAIL=root@mail.com +WP_TITLE=Inception42 diff --git a/srcs/docker-compose.yml b/srcs/docker-compose.yml index 998b98a..eee1c1a 100644 --- a/srcs/docker-compose.yml +++ b/srcs/docker-compose.yml @@ -1,82 +1,86 @@ -version: '3.8' +version: "3.8" services: - mariadb: - build: ./requirements/mariadb - container_name: mariadb - restart: always + nginx: + build: ./requirements/nginx + container_name: nginx + image: nginx + depends_on: + - wordpress volumes: - - mariadb_data:/var/lib/mysql - environment: - MYSQL_ROOT_PASSWORD_FILE: /run/secrets/db_root_password - secrets: - - db_root_password - - db_user - - db_password + - wp_data:/var/www/html networks: - inception + ports: + - "443:443" + restart: always + environment: + - DOMAIN_NAME=${DOMAIN_NAME} + secrets: + - tls_crt + - tls_key wordpress: build: ./requirements/wordpress container_name: wordpress - restart: always + image: wordpress depends_on: - mariadb volumes: - - wordpress_data:/var/www/html + - wp_data:/var/www/html + networks: + - inception + restart: always environment: - MYSQL_DATABASE: wordpress_db - MYSQL_USER_FILE: /run/secrets/db_user - MYSQL_PASSWORD_FILE: /run/secrets/db_password + - WORDPRESS_DB_HOST=mariadb:3306 + - WORDPRESS_DB_NAME=${MYSQL_DATABASE} + - WORDPRESS_DB_USER=${MYSQL_USER} + - WORDPRESS_DB_PASSWORD_FILE=/run/secrets/db_password + - DOMAIN_NAME=${DOMAIN_NAME} + secrets: + - db_password + + mariadb: + build: ./requirements/mariadb + container_name: mariadb + image: mariadb + volumes: + - db_data:/var/lib/mysql + networks: + - inception + restart: always + environment: + - MYSQL_ROOT_PASSWORD_FILE=/run/secrets/db_root_password + - MYSQL_DATABASE=${MYSQL_DATABASE} + - MYSQL_USER=${MYSQL_USER} + - MYSQL_PASSWORD_FILE=/run/secrets/db_password secrets: - db_root_password - - db_user - db_password - - wp_admin_user - - wp_admin_password - networks: - - inception - - - nginx: - build: ./requirements/nginx - container_name: nginx - restart: always - depends_on: - - wordpress - ports: - - "443:443" - volumes: - - wordpress_data:/var/www/html - networks: - - inception volumes: - mariadb_data: + db_data: driver: local driver_opts: - type: 'none' - device: '/home/yantoine/data/mariadb' - o: 'bind' - wordpress_data: + type: none + device: ${HOST_PATH}/db + o: bind + wp_data: driver: local driver_opts: - type: 'none' - device: '/home/yantoine/data/wordpress' - o: 'bind' + type: none + device: ${HOST_PATH}/wp + o: bind networks: inception: - driver: bridge secrets: - db_root_password: - file: ./secrets/db_root_password.txt - db_user: - file: ./secrets/db_user.txt db_password: - file: ./secrets/db_password.txt - wp_admin_user: - file: ./secrets/wp_admin_user.txt - wp_admin_password: - file: ./secrets/wp_admin_password.txt + file: ../secrets/db_password.txt + db_root_password: + file: ../secrets/db_root_password.txt + tls_key: + file: ../secrets/tls_key.pem + tls_crt: + file: ../secrets/tls_crt.pem diff --git a/srcs/requirements/mariadb/.dockerignore b/srcs/requirements/mariadb/.dockerignore new file mode 100644 index 0000000..e69de29 diff --git a/srcs/requirements/mariadb/Dockerfile b/srcs/requirements/mariadb/Dockerfile index 1cabedd..89fbe55 100644 --- a/srcs/requirements/mariadb/Dockerfile +++ b/srcs/requirements/mariadb/Dockerfile @@ -1,16 +1,12 @@ -FROM debian:12.5-slim +FROM alpine:3.20 -RUN apt-get update && \ - apt-get install -y mariadb-server && \ - rm -rf /var/lib/apt/lists/* +RUN apk update && \ + apk add --no-cache mariadb mariadb-client bash && \ + mkdir -p /run/mysqld && chown -R mysql:mysql /run/mysqld /var/lib/mysql + +# Copie du script d'initialisation +COPY tools/init-db.sh /docker-entrypoint-initdb.d/init-db.sh +RUN chmod +x /docker-entrypoint-initdb.d/init-db.sh EXPOSE 3306 - -COPY conf/my.cnf /etc/mysql/my.cnf -COPY init.sh /docker-entrypoint-initdb.d/init.sh -COPY entrypoint.sh /entrypoint.sh - -RUN chmod +x /entrypoint.sh /docker-entrypoint-initdb.d/init.sh - -ENTRYPOINT ["/entrypoint.sh"] - +CMD ["mysqld"] diff --git a/srcs/requirements/mariadb/conf/my.cnf b/srcs/requirements/mariadb/conf/my.cnf deleted file mode 100644 index 84e7bbf..0000000 --- a/srcs/requirements/mariadb/conf/my.cnf +++ /dev/null @@ -1,2 +0,0 @@ -[mysqld] -bind-address=0.0.0.0 diff --git a/srcs/requirements/mariadb/entrypoint.sh b/srcs/requirements/mariadb/entrypoint.sh deleted file mode 100644 index c686add..0000000 --- a/srcs/requirements/mariadb/entrypoint.sh +++ /dev/null @@ -1,30 +0,0 @@ -#!/bin/bash -set -e - -# Démarre MariaDB en arrière-plan pour l'initialisation -mysqld_safe --skip-networking & -sleep 5 - -# Vérifie si la DB est déjà initialisée -if [ ! -d "/var/lib/mysql/mysql" ]; then - echo "=> Initializing database..." - mysql_install_db --user=mysql --ldata=/var/lib/mysql - - echo "=> Running init scripts..." - for f in /docker-entrypoint-initdb.d/*; do - case "$f" in - *.sh) echo "Running $f"; . "$f" ;; - *.sql) echo "Running $f"; mysql -u root < "$f" ;; - *) echo "Ignoring $f" ;; - esac - done - - echo "=> Initialization done." -fi - -# Stop MariaDB safe mode -mysqladmin -u root shutdown - -# Redémarre MariaDB en mode normal -exec mysqld_safe - diff --git a/srcs/requirements/mariadb/init.sh b/srcs/requirements/mariadb/init.sh deleted file mode 100644 index 8e5618e..0000000 --- a/srcs/requirements/mariadb/init.sh +++ /dev/null @@ -1,14 +0,0 @@ -#!/bin/bash -set -e - -echo "=> Creating WordPress database and user..." - -mysql -u root < WordPress database and user created!" - diff --git a/srcs/requirements/mariadb/tools/init-db.sh b/srcs/requirements/mariadb/tools/init-db.sh new file mode 100755 index 0000000..dd060cb --- /dev/null +++ b/srcs/requirements/mariadb/tools/init-db.sh @@ -0,0 +1,15 @@ +#!/bin/sh +set -eu + +echo "Initialisation de la base de données…" + +# Création de la base et de l'utilisateur +cat <<-EOSQL > /tmp/init.sql +CREATE DATABASE IF NOT EXISTS \`${MYSQL_DATABASE}\`; +CREATE USER IF NOT EXISTS '\${MYSQL_USER}'@'%' IDENTIFIED BY '\$(cat /run/secrets/db_password)'; +GRANT ALL PRIVILEGES ON \`${MYSQL_DATABASE}\`.* TO '\${MYSQL_USER}'@'%'; +FLUSH PRIVILEGES; +EOSQL + +mysql -u root -p"$(cat /run/secrets/db_root_password)" < /tmp/init.sql +rm /tmp/init.sql diff --git a/srcs/requirements/nginx/.dockerignore b/srcs/requirements/nginx/.dockerignore new file mode 100644 index 0000000..23f196c --- /dev/null +++ b/srcs/requirements/nginx/.dockerignore @@ -0,0 +1,2 @@ +*.pem +*.crt diff --git a/srcs/requirements/nginx/Dockerfile b/srcs/requirements/nginx/Dockerfile index cc414d0..493492d 100644 --- a/srcs/requirements/nginx/Dockerfile +++ b/srcs/requirements/nginx/Dockerfile @@ -1,12 +1,13 @@ -FROM alpine:3.19 +FROM alpine:3.20 -RUN apk add --no-cache nginx openssl +RUN apk update && apk add --no-cache nginx openssl bash +# Copie des fichiers de configuration +COPY conf/nginx.conf /etc/nginx/nginx.conf COPY conf/default.conf /etc/nginx/http.d/default.conf -COPY tools/generate_ssl.sh /tmp/generate_ssl.sh - -RUN chmod +x /tmp/generate_ssl.sh && /tmp/generate_ssl.sh +COPY tools/entrypoint.sh /entrypoint.sh +RUN chmod +x /entrypoint.sh EXPOSE 443 -CMD ["nginx", "-g", "daemon off;"] +ENTRYPOINT ["/entrypoint.sh"] diff --git a/srcs/requirements/nginx/conf/default.conf b/srcs/requirements/nginx/conf/default.conf index 476a047..7595389 100644 --- a/srcs/requirements/nginx/conf/default.conf +++ b/srcs/requirements/nginx/conf/default.conf @@ -1,11 +1,11 @@ server { - listen 443 ssl; - server_name yantoine.42.fr; + listen 443 ssl http2; + server_name __DOMAIN_NAME__; - ssl_certificate /etc/ssl/private/yantoine.42.fr.crt; - ssl_certificate_key /etc/ssl/private/yantoine.42.fr.key; - - ssl_protocols TLSv1.2 TLSv1.3; + ssl_certificate /etc/ssl/certs/server.crt; + ssl_certificate_key /etc/ssl/private/server.key; + ssl_protocols TLSv1.2 TLSv1.3; + ssl_prefer_server_ciphers off; root /var/www/html; index index.php index.html; @@ -15,8 +15,9 @@ server { } location ~ \.php$ { - fastcgi_pass wordpress:9000; include fastcgi_params; + fastcgi_pass wordpress:9000; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_param PATH_INFO $fastcgi_path_info; } } diff --git a/srcs/requirements/nginx/conf/nginx.conf b/srcs/requirements/nginx/conf/nginx.conf new file mode 100644 index 0000000..705f974 --- /dev/null +++ b/srcs/requirements/nginx/conf/nginx.conf @@ -0,0 +1,21 @@ +user nginx; +worker_processes auto; + +error_log /var/log/nginx/error.log warn; +pid /var/run/nginx.pid; + +events { + worker_connections 1024; +} + +http { + include /etc/nginx/mime.types; + default_type application/octet-stream; + + access_log /var/log/nginx/access.log main; + + sendfile on; + keepalive_timeout 65; + + include /etc/nginx/http.d/*.conf; +} diff --git a/srcs/requirements/nginx/tools/entrypoint.sh b/srcs/requirements/nginx/tools/entrypoint.sh new file mode 100755 index 0000000..672b680 --- /dev/null +++ b/srcs/requirements/nginx/tools/entrypoint.sh @@ -0,0 +1,12 @@ +#!/bin/sh +set -eu + +# Copie des secrets TLS vers leurs emplacements +cp /run/secrets/tls_crt /etc/ssl/certs/server.crt +cp /run/secrets/tls_key /etc/ssl/private/server.key +chmod 600 /etc/ssl/private/server.key + +# Remplacement du nom de domaine dans la conf +sed -i "s/__DOMAIN_NAME__/${DOMAIN_NAME}/g" /etc/nginx/http.d/default.conf + +exec nginx -g 'daemon off;' diff --git a/srcs/requirements/nginx/tools/generate_ssl.sh b/srcs/requirements/nginx/tools/generate_ssl.sh deleted file mode 100644 index 4045ceb..0000000 --- a/srcs/requirements/nginx/tools/generate_ssl.sh +++ /dev/null @@ -1,7 +0,0 @@ -#!/bin/sh -mkdir -p /etc/ssl/private -openssl req -x509 -nodes -days 365 \ - -subj "/C=FR/ST=Paris/L=Paris/O=42/OU=Login/CN=yantoine.42.fr" \ - -newkey rsa:2048 \ - -keyout /etc/ssl/private/yantoine.42.fr.key \ - -out /etc/ssl/private/yantoine.42.fr.crt diff --git a/srcs/requirements/wordpress/.dockerignore b/srcs/requirements/wordpress/.dockerignore new file mode 100644 index 0000000..e69de29 diff --git a/srcs/requirements/wordpress/Dockerfile b/srcs/requirements/wordpress/Dockerfile index 4c2d2aa..93275a7 100644 --- a/srcs/requirements/wordpress/Dockerfile +++ b/srcs/requirements/wordpress/Dockerfile @@ -1,33 +1,22 @@ -FROM debian:11 +FROM alpine:3.20 -RUN apt-get update && apt-get install -y \ - mariadb-client \ - curl \ - php7.4-fpm \ - php7.4-mysql \ - php7.4-cli \ - php7.4-curl \ - php7.4-gd \ - php7.4-mbstring \ - php7.4-xml \ - php7.4-zip \ - && apt-get clean - -# Fix: créer le dossier /run/php -RUN mkdir -p /run/php - -# Fix: forcer php-fpm à écouter sur le port 9000 -RUN sed -i 's|listen = /run/php/php7.4-fpm.sock|listen = 9000|' /etc/php/7.4/fpm/pool.d/www.conf +RUN apk update && \ + apk add --no-cache php82 php82-fpm php82-mysqli php82-json php82-session php82-phar \ + php82-xml php82-mbstring php82-gd php82-curl php82-dom wget bash && \ + adduser -D -g 'www' www WORKDIR /var/www/html -RUN curl -o wordpress.tar.gz https://wordpress.org/latest.tar.gz && \ - tar -xzf wordpress.tar.gz --strip-components=1 && \ - rm wordpress.tar.gz +# Téléchargement de WordPress +RUN wget https://wordpress.org/latest.tar.gz && \ + tar -xzf latest.tar.gz --strip-components=1 && \ + rm latest.tar.gz -COPY conf/wp-config.php /var/www/html/wp-config.php +COPY tools/entrypoint.sh /entrypoint.sh +RUN chmod +x /entrypoint.sh && \ + chown -R www:www /var/www/html && \ + sed -i 's|listen = .*|listen = 0.0.0.0:9000|' /etc/php82/php-fpm.d/www.conf +USER www EXPOSE 9000 - -CMD ["/usr/sbin/php-fpm7.4", "-F"] - +ENTRYPOINT ["/entrypoint.sh"] diff --git a/srcs/requirements/wordpress/conf/wp-config.php b/srcs/requirements/wordpress/conf/wp-config.php deleted file mode 100644 index 9bcfb4c..0000000 --- a/srcs/requirements/wordpress/conf/wp-config.php +++ /dev/null @@ -1,18 +0,0 @@ -