oui

2025-07-08 01:08:28 +02:00
parent 2117ce50f4
commit 40328d2980
30 changed files with 246 additions and 213 deletions
@@ -1,9 +0,0 @@
-MYSQL_ROOT_PASSWORD_FILE=/run/secrets/db_root_password
-MYSQL_DATABASE=wordpress_db
-MYSQL_USER_FILE=/run/secrets/db_user
-MYSQL_PASSWORD_FILE=/run/secrets/db_password
-
-WP_ADMIN_USER_FILE=/run/secrets/wp_admin_user
-WP_ADMIN_PASSWORD_FILE=/run/secrets/wp_admin_password
-WP_ADMIN_EMAIL=admin@yantoine.42.fr
-DOMAIN_NAME=yantoine.42.fr
@@ -0,0 +1,17 @@
+LOGIN=yantoine
+DOMAIN_NAME=yantoine.42.fr
+
+# Chemin hôte où seront stockés les volumes
+HOST_PATH=/home/${LOGIN}/data
+
+# Base de données
+MYSQL_DATABASE=wordpress
+MYSQL_USER=simple_user
+# Les fichiers secrets contiendront les mots de passe
+# MYSQL_PASSWORD et MYSQL_ROOT_PASSWORD sont fournis via des secrets Docker
+
+# WordPress
+WP_ADMIN_USER=root
+WP_ADMIN_PASSWORD=supertoor123
+WP_ADMIN_EMAIL=root@mail.com
+WP_TITLE=Inception42
@@ -1,82 +1,86 @@
-version: '3.8'
+version: "3.8"

 services:
-  mariadb:
-    build: ./requirements/mariadb
-    container_name: mariadb
-    restart: always
+  nginx:
+    build: ./requirements/nginx
+    container_name: nginx
+    image: nginx
+    depends_on:
+      - wordpress
    volumes:
-      - mariadb_data:/var/lib/mysql
-    environment:
-      MYSQL_ROOT_PASSWORD_FILE: /run/secrets/db_root_password
-    secrets:
-      - db_root_password
-      - db_user
-      - db_password
+      - wp_data:/var/www/html
    networks:
      - inception
+    ports:
+      - "443:443"
+    restart: always
+    environment:
+      - DOMAIN_NAME=${DOMAIN_NAME}
+    secrets:
+      - tls_crt
+      - tls_key

  wordpress:
    build: ./requirements/wordpress
    container_name: wordpress
-    restart: always
+    image: wordpress
    depends_on:
      - mariadb
    volumes:
-      - wordpress_data:/var/www/html
+      - wp_data:/var/www/html
+    networks:
+      - inception
+    restart: always
    environment:
-      MYSQL_DATABASE: wordpress_db
-      MYSQL_USER_FILE: /run/secrets/db_user
-      MYSQL_PASSWORD_FILE: /run/secrets/db_password
+      - WORDPRESS_DB_HOST=mariadb:3306
+      - WORDPRESS_DB_NAME=${MYSQL_DATABASE}
+      - WORDPRESS_DB_USER=${MYSQL_USER}
+      - WORDPRESS_DB_PASSWORD_FILE=/run/secrets/db_password
+      - DOMAIN_NAME=${DOMAIN_NAME}
+    secrets:
+      - db_password
+
+  mariadb:
+    build: ./requirements/mariadb
+    container_name: mariadb
+    image: mariadb
+    volumes:
+      - db_data:/var/lib/mysql
+    networks:
+      - inception
+    restart: always
+    environment:
+      - MYSQL_ROOT_PASSWORD_FILE=/run/secrets/db_root_password
+      - MYSQL_DATABASE=${MYSQL_DATABASE}
+      - MYSQL_USER=${MYSQL_USER}
+      - MYSQL_PASSWORD_FILE=/run/secrets/db_password
    secrets:
      - db_root_password
-      - db_user
      - db_password
-      - wp_admin_user
-      - wp_admin_password
-    networks:
-      - inception
-
-
-  nginx:
-    build: ./requirements/nginx
-    container_name: nginx
-    restart: always
-    depends_on:
-      - wordpress
-    ports:
-      - "443:443"
-    volumes:
-      - wordpress_data:/var/www/html
-    networks:
-      - inception

 volumes:
-  mariadb_data:
+  db_data:
    driver: local
    driver_opts:
-      type: 'none'
-      device: '/home/yantoine/data/mariadb'
-      o: 'bind'
-  wordpress_data:
+      type: none
+      device: ${HOST_PATH}/db
+      o: bind
+  wp_data:
    driver: local
    driver_opts:
-      type: 'none'
-      device: '/home/yantoine/data/wordpress'
-      o: 'bind'
+      type: none
+      device: ${HOST_PATH}/wp
+      o: bind

 networks:
  inception:
-    driver: bridge

 secrets:
-  db_root_password:
-    file: ./secrets/db_root_password.txt
-  db_user:
-    file: ./secrets/db_user.txt
  db_password:
-    file: ./secrets/db_password.txt
-  wp_admin_user:
-    file: ./secrets/wp_admin_user.txt
-  wp_admin_password:
-    file: ./secrets/wp_admin_password.txt
+    file: ../secrets/db_password.txt
+  db_root_password:
+    file: ../secrets/db_root_password.txt
+  tls_key:
+    file: ../secrets/tls_key.pem
+  tls_crt:
+    file: ../secrets/tls_crt.pem
@@ -1,16 +1,12 @@
-FROM debian:12.5-slim
+FROM alpine:3.20

-RUN apt-get update && \
-    apt-get install -y mariadb-server && \
-    rm -rf /var/lib/apt/lists/*
+RUN apk update && \
+    apk add --no-cache mariadb mariadb-client bash && \
+    mkdir -p /run/mysqld && chown -R mysql:mysql /run/mysqld /var/lib/mysql
+
+# Copie du script d'initialisation
+COPY tools/init-db.sh /docker-entrypoint-initdb.d/init-db.sh
+RUN chmod +x /docker-entrypoint-initdb.d/init-db.sh

 EXPOSE 3306
-
-COPY conf/my.cnf /etc/mysql/my.cnf
-COPY init.sh /docker-entrypoint-initdb.d/init.sh
-COPY entrypoint.sh /entrypoint.sh
-
-RUN chmod +x /entrypoint.sh /docker-entrypoint-initdb.d/init.sh
-
-ENTRYPOINT ["/entrypoint.sh"]
-
+CMD ["mysqld"]
@@ -1,2 +0,0 @@
-[mysqld]
-bind-address=0.0.0.0
@@ -1,30 +0,0 @@
-#!/bin/bash
-set -e
-
-# Démarre MariaDB en arrière-plan pour l'initialisation
-mysqld_safe --skip-networking &
-sleep 5
-
-# Vérifie si la DB est déjà initialisée
-if [ ! -d "/var/lib/mysql/mysql" ]; then
-    echo "=> Initializing database..."
-    mysql_install_db --user=mysql --ldata=/var/lib/mysql
-
-    echo "=> Running init scripts..."
-    for f in /docker-entrypoint-initdb.d/*; do
-        case "$f" in
-            *.sh)  echo "Running $f"; . "$f" ;;
-            *.sql) echo "Running $f"; mysql -u root < "$f" ;;
-            *)     echo "Ignoring $f" ;;
-        esac
-    done
-
-    echo "=> Initialization done."
-fi
-
-# Stop MariaDB safe mode
-mysqladmin -u root shutdown
-
-# Redémarre MariaDB en mode normal
-exec mysqld_safe
-
@@ -1,14 +0,0 @@
-#!/bin/bash
-set -e
-
-echo "=> Creating WordPress database and user..."
-
-mysql -u root <<EOF
-CREATE DATABASE IF NOT EXISTS wordpress_db CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci;
-CREATE USER IF NOT EXISTS 'wp_user'@'%' IDENTIFIED BY 'wp_pass123';
-GRANT ALL PRIVILEGES ON wordpress_db.* TO 'wp_user'@'%';
-FLUSH PRIVILEGES;
-EOF
-
-echo "=> WordPress database and user created!"
-
@@ -0,0 +1,15 @@
+#!/bin/sh
+set -eu
+
+echo "Initialisation de la base de données…"
+
+# Création de la base et de l'utilisateur
+cat <<-EOSQL > /tmp/init.sql
+CREATE DATABASE IF NOT EXISTS \`${MYSQL_DATABASE}\`;
+CREATE USER IF NOT EXISTS '\${MYSQL_USER}'@'%' IDENTIFIED BY '\$(cat /run/secrets/db_password)';
+GRANT ALL PRIVILEGES ON \`${MYSQL_DATABASE}\`.* TO '\${MYSQL_USER}'@'%';
+FLUSH PRIVILEGES;
+EOSQL
+
+mysql -u root -p"$(cat /run/secrets/db_root_password)" < /tmp/init.sql
+rm /tmp/init.sql
@@ -0,0 +1,2 @@
+*.pem
+*.crt
@@ -1,12 +1,13 @@
-FROM alpine:3.19
+FROM alpine:3.20

-RUN apk add --no-cache nginx openssl
+RUN apk update && apk add --no-cache nginx openssl bash

+# Copie des fichiers de configuration
+COPY conf/nginx.conf /etc/nginx/nginx.conf
 COPY conf/default.conf /etc/nginx/http.d/default.conf
-COPY tools/generate_ssl.sh /tmp/generate_ssl.sh
-
-RUN chmod +x /tmp/generate_ssl.sh && /tmp/generate_ssl.sh
+COPY tools/entrypoint.sh /entrypoint.sh
+RUN chmod +x /entrypoint.sh

 EXPOSE 443

-CMD ["nginx", "-g", "daemon off;"]
+ENTRYPOINT ["/entrypoint.sh"]
@@ -1,11 +1,11 @@
 server {
-    listen 443 ssl;
-    server_name yantoine.42.fr;
+    listen 443 ssl http2;
+    server_name __DOMAIN_NAME__;

-    ssl_certificate /etc/ssl/private/yantoine.42.fr.crt;
-    ssl_certificate_key /etc/ssl/private/yantoine.42.fr.key;
-
-    ssl_protocols TLSv1.2 TLSv1.3;
+    ssl_certificate     /etc/ssl/certs/server.crt;
+    ssl_certificate_key /etc/ssl/private/server.key;
+    ssl_protocols       TLSv1.2 TLSv1.3;
+    ssl_prefer_server_ciphers off;

    root /var/www/html;
    index index.php index.html;
@@ -15,8 +15,9 @@ server {
    }

    location ~ \.php$ {
-        fastcgi_pass wordpress:9000;
        include fastcgi_params;
+        fastcgi_pass wordpress:9000;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
+        fastcgi_param PATH_INFO $fastcgi_path_info;
    }
 }
@@ -0,0 +1,21 @@
+user nginx;
+worker_processes auto;
+
+error_log  /var/log/nginx/error.log warn;
+pid        /var/run/nginx.pid;
+
+events {
+    worker_connections 1024;
+}
+
+http {
+    include       /etc/nginx/mime.types;
+    default_type  application/octet-stream;
+
+    access_log  /var/log/nginx/access.log  main;
+
+    sendfile        on;
+    keepalive_timeout  65;
+
+    include /etc/nginx/http.d/*.conf;
+}
@@ -0,0 +1,12 @@
+#!/bin/sh
+set -eu
+
+# Copie des secrets TLS vers leurs emplacements
+cp /run/secrets/tls_crt /etc/ssl/certs/server.crt
+cp /run/secrets/tls_key /etc/ssl/private/server.key
+chmod 600 /etc/ssl/private/server.key
+
+# Remplacement du nom de domaine dans la conf
+sed -i "s/__DOMAIN_NAME__/${DOMAIN_NAME}/g" /etc/nginx/http.d/default.conf
+
+exec nginx -g 'daemon off;'
@@ -1,7 +0,0 @@
-#!/bin/sh
-mkdir -p /etc/ssl/private
-openssl req -x509 -nodes -days 365 \
-  -subj "/C=FR/ST=Paris/L=Paris/O=42/OU=Login/CN=yantoine.42.fr" \
-  -newkey rsa:2048 \
-  -keyout /etc/ssl/private/yantoine.42.fr.key \
-  -out /etc/ssl/private/yantoine.42.fr.crt
@@ -1,33 +1,22 @@
-FROM debian:11
+FROM alpine:3.20

-RUN apt-get update && apt-get install -y \
-    mariadb-client \
-    curl \
-    php7.4-fpm \
-    php7.4-mysql \
-    php7.4-cli \
-    php7.4-curl \
-    php7.4-gd \
-    php7.4-mbstring \
-    php7.4-xml \
-    php7.4-zip \
-    && apt-get clean
-
-# Fix: créer le dossier /run/php
-RUN mkdir -p /run/php
-
-# Fix: forcer php-fpm à écouter sur le port 9000
-RUN sed -i 's|listen = /run/php/php7.4-fpm.sock|listen = 9000|' /etc/php/7.4/fpm/pool.d/www.conf
+RUN apk update && \
+    apk add --no-cache php82 php82-fpm php82-mysqli php82-json php82-session php82-phar \
+        php82-xml php82-mbstring php82-gd php82-curl php82-dom wget bash && \
+    adduser -D -g 'www' www

 WORKDIR /var/www/html

-RUN curl -o wordpress.tar.gz https://wordpress.org/latest.tar.gz && \
-    tar -xzf wordpress.tar.gz --strip-components=1 && \
-    rm wordpress.tar.gz
+# Téléchargement de WordPress
+RUN wget https://wordpress.org/latest.tar.gz && \
+    tar -xzf latest.tar.gz --strip-components=1 && \
+    rm latest.tar.gz

-COPY conf/wp-config.php /var/www/html/wp-config.php
+COPY tools/entrypoint.sh /entrypoint.sh
+RUN chmod +x /entrypoint.sh && \
+    chown -R www:www /var/www/html && \
+    sed -i 's|listen = .*|listen = 0.0.0.0:9000|' /etc/php82/php-fpm.d/www.conf

+USER www
 EXPOSE 9000
-
-CMD ["/usr/sbin/php-fpm7.4", "-F"]
-
+ENTRYPOINT ["/entrypoint.sh"]
@@ -1,18 +0,0 @@
-<?php
-define( 'DB_NAME', getenv('MYSQL_DATABASE') );
-
-define( 'DB_USER', trim(file_get_contents(getenv('MYSQL_USER_FILE'))) );
-define( 'DB_PASSWORD', trim(file_get_contents(getenv('MYSQL_PASSWORD_FILE'))) );
-
-define( 'DB_HOST', 'mariadb' );
-define( 'DB_CHARSET', 'utf8mb4' );
-define( 'DB_COLLATE', '' );
-
-$table_prefix = 'wp_';
-define( 'WP_DEBUG', false );
-
-if ( ! defined( 'ABSPATH' ) ) {
-    define( 'ABSPATH', __DIR__ . '/' );
-}
-
-require_once ABSPATH . 'wp-settings.php';
@@ -0,0 +1,15 @@
+#!/bin/sh
+set -eu
+
+CONFIG=/var/www/html/wp-config.php
+
+if [ ! -f "$CONFIG" ]; then
+    cp wp-config-sample.php $CONFIG
+    sed -i "s/database_name_here/${WORDPRESS_DB_NAME}/" $CONFIG
+    sed -i "s/username_here/${WORDPRESS_DB_USER}/" $CONFIG
+    sed -i "s/password_here/$(cat ${WORDPRESS_DB_PASSWORD_FILE})/" $CONFIG
+    sed -i "s/localhost/${WORDPRESS_DB_HOST}/" $CONFIG
+fi
+
+# Lancement de php-fpm au premier plan
+php-fpm --nodaemonize
@@ -1 +0,0 @@
-wp_pass123
@@ -1 +0,0 @@
-rootpass123
@@ -1 +0,0 @@
-wp_user
@@ -1 +0,0 @@
-cbienrelouquandmeme
@@ -1 +0,0 @@
-jenpeuxplusdeceprojet