oui

2025-07-08 01:08:28 +02:00
parent 2117ce50f4
commit 40328d2980
30 changed files with 246 additions and 213 deletions
@@ -1,29 +1,15 @@
-PROJECT_NAME=inception
+NAME=inception
-DOCKER_COMPOSE=docker-compose
+SRC_DIR=srcs
 DC_FILE=srcs/docker-compose.yml
 ENV_FILE=srcs/.env
 all: up
 up:
-	@mkdir -p /home/yantoine/data/mariadb
+	docker compose -f $(SRC_DIR)/docker-compose.yml --env-file $(SRC_DIR)/.env up -d --build
 	@mkdir -p /home/yantoine/data/wordpress
 	@$(DOCKER_COMPOSE) -f $(DC_FILE) --env-file $(ENV_FILE) up -d --build
 down:
-	@$(DOCKER_COMPOSE) -f $(DC_FILE) --env-file $(ENV_FILE) down
+	docker compose -f $(SRC_DIR)/docker-compose.yml down
-clean:
+re: down up
 	# Arrête et supprime containers + volumes liés au projet
 	@$(DOCKER_COMPOSE) -f $(DC_FILE) --env-file $(ENV_FILE) down -v --remove-orphans
-fclean: clean
+fclean: down
-	# Supprime images du projet + system prune + supprime données sur l'hôte
+	docker system prune -af
 	@docker image rm -f $(PROJECT_NAME)_wordpress $(PROJECT_NAME)_mariadb $(PROJECT_NAME)_nginx || true
 	@docker system prune -af
 	@rm -rf /home/yantoine/data/mariadb
 	@rm -rf /home/yantoine/data/wordpress
-re: fclean up
+.PHONY: up down re fclean
 .PHONY: all up down clean fclean re
@@ -0,0 +1,7 @@
 - db_password.txt           : mot de passe de l'utilisateur MySQL
 - db_root_password.txt      : mot de passe root MySQL
 - tls_crt.pem               : certificat TLS (full chain)
 - tls_key.pem               : clé privée TLS
 .gitignore !
@@ -0,0 +1 @@
 motdepasseuser
@@ -0,0 +1 @@
 motdepasseroot
@@ -0,0 +1,22 @@
 -----BEGIN CERTIFICATE-----
 MIIDjzCCAnegAwIBAgIUTJCx7vaFiojCcjWzv038pPBJ0JQwDQYJKoZIhvcNAQEL
 BQAwVzELMAkGA1UEBhMCRlIxCzAJBgNVBAgMAjQyMQ4wDAYDVQQHDAVQYXJpczES
 MBAGA1UECgwJSW5jZXB0aW9uMRcwFQYDVQQDDA55YW50b2luZS40Mi5mcjAeFw0y
 NTA3MDcyMzA2NThaFw0yNjA3MDcyMzA2NThaMFcxCzAJBgNVBAYTAkZSMQswCQYD
 VQQIDAI0MjEOMAwGA1UEBwwFUGFyaXMxEjAQBgNVBAoMCUluY2VwdGlvbjEXMBUG
 A1UEAwwOeWFudG9pbmUuNDIuZnIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
 AoIBAQDIin6td4TI/XquOuGwsSCMsk8vDjBwnyJXuLMnEXlwywcMgUrK6f0niaAG
 XnFrDDJ7n6515HtmniXyJsK/sPVMJoBP9uHYau2amemZhRsFDarsyxnlfYmsc2Ax
 MJxNqnh/9jtR2HxIW0MdvdgvfYNrvyFfKOJ1MypYt60d5OXDnzRetokm7uXsFqpp
 gz517nj3YD1lPh+1cIYR5HiPywAd5IB+lOGvw53YDAb9VmU03xvmvKuZHuYQmJVv
 VBHV5LwGVoduyP8DGK36Nh9RlNAxEUSWIIaExnKXUm9c948a/OsuHCB4ks0dT209
 fQbnxU5mqvo+/wNROdA9vAepv2lNAgMBAAGjUzBRMB0GA1UdDgQWBBTTnH14HI/x
 1M3wFMcF7GAdlnpssjAfBgNVHSMEGDAWgBTTnH14HI/x1M3wFMcF7GAdlnpssjAP
 BgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQB2NcfiWNcPtWUW8zow
 6aD8SQzz4FMMrTAwJG/QYrd+1J75DEM/reT1UivkfX19rsbHp+YjNY9duFBfO7aX
 cz5zajof0GS69LI13tOI2GUayG8D2HacBY+BSOybI7l0uuI90i8xBwkc/m2lZdOW
 wMtDP4jBAtr38HevQhimLzQdLRoqTqku6Dz13f8tPGkCTNCfSbmHYSclpFhXIl0/
 KsVM6rW107TsVh4Tukpumb9mrUsWW2KBdeD/uNF0qtnpgt31fhGjOco/eEojOrpn
 v08CjnyNl+v3cz/TzK08g1gsspJtVxv9IRI9t3673Z+yjLVPqYy8e2thPcu0Tbmi
 iIw0
 -----END CERTIFICATE-----
@@ -0,0 +1,28 @@
 -----BEGIN PRIVATE KEY-----
 MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQDIin6td4TI/Xqu
 OuGwsSCMsk8vDjBwnyJXuLMnEXlwywcMgUrK6f0niaAGXnFrDDJ7n6515HtmniXy
 JsK/sPVMJoBP9uHYau2amemZhRsFDarsyxnlfYmsc2AxMJxNqnh/9jtR2HxIW0Md
 vdgvfYNrvyFfKOJ1MypYt60d5OXDnzRetokm7uXsFqppgz517nj3YD1lPh+1cIYR
 5HiPywAd5IB+lOGvw53YDAb9VmU03xvmvKuZHuYQmJVvVBHV5LwGVoduyP8DGK36
 Nh9RlNAxEUSWIIaExnKXUm9c948a/OsuHCB4ks0dT209fQbnxU5mqvo+/wNROdA9
 vAepv2lNAgMBAAECggEAA4wI4+Tmc9mhPF4ClOn6cz1KJOvBfpR0pTbj8E/LpUDq
 DdYRmReHaJYeFE7CVHbhmQnWKklRchtfp3H5EC6UlXVkNUXexmxUad90Csjtv+qh
 zdC6fgfOPL8eV0W5VgRVtPRe0I/y2XgdGUm806Y1ggfePWfPOEHLQMjK5pRLCL6K
 6d1Mn4AaaXOpgnJDPPltwzkl0Z9t+zEbIVmCG6isHRAP+LKug6a75dejTLkMQmY8
 kAUkKOHTneVYj+vIHYCQPiH6wsgQ8frBuxd1zD35xOMA4scC2+NUHZKB329FcIdo
 gJ4uuNYC+4mChDVB2hZXM24eYo+aLw7V/Nxe8fQDrwKBgQD5pb80lvN8GGHVBkNR
 IdwGd9Cx9pcUemwyJjOmL/RN35P2wiR0g0AErdEiQB+uA9l//w6+Isdw8Nl1xnga
 eW4dFZDBnIAFucNlBjWjJeCattozj4J+l4iDQtZ4G5X43f19Xc6Ij1D/T2Uv6hE+
 BFSCI97cxjNX+CamxNHiBmroiwKBgQDNpNvWZFCIcGswbUZmvh2x6/rw9nTHJUfo
 7fE1WeMwCcmXl497fgafxgfYn4sVZRsv2n5xOtzjDq0F+3RFHFdRFcCbNrLk4nvQ
 OCo/8eRHGh9pj5DlrkI9mxd98ulTcGDtM1l7H4i8fmlKA2nbgsbm4xAHrbp2dMl2
 UiZx1S1YhwKBgFgOCl82TzOaNge5ac0YME9nu4jJ/YgPllIp/1XC3F0LW1lSKSGf
 mdkMphN6orHyUalAAac3BTnk+g78rihIZHqFvMVNuipK14yuoASnu41Wqag+Gj0k
 ndYOoS9EK6XYRy0NBWhNhLhI/Nvlp6dER7qPhHBCyKFiud9g1NbwhIz5AoGAdBfr
 277KEByXBsHKCtqtXPKBumMIThzn2cHqeFoEfewomKIBaJAfITfk2hBHro5jqMJK
 u5WlebGhUE1CuHlleeszzuw0Vi7eAxCSGYNvggxnS2q3PFMCJlFWE858lpRMw9xH
 WdDVmsQqoJQIwNm1fEcXl54mNBV+XoPGHGFitiUCgYBq3NwWC4X5whD9nQsD9Ktg
 3fZd9fc/QsdVDN58zh/Pmn8mMjQd5V3c/CNRrJ1uPAY9OyLWlClS/c5KEpNr8k0F
 VJ40lhiHCv6T7DuzU2Ni0K5YHzMcVAc8lXxJz6v+T4RGqqmNXH8bMcZYd+zRna/u
 rGkuwgA+oFWgIyPCfE5bGA==
 -----END PRIVATE KEY-----
@@ -1,9 +0,0 @@
 MYSQL_ROOT_PASSWORD_FILE=/run/secrets/db_root_password
 MYSQL_DATABASE=wordpress_db
 MYSQL_USER_FILE=/run/secrets/db_user
 MYSQL_PASSWORD_FILE=/run/secrets/db_password
 WP_ADMIN_USER_FILE=/run/secrets/wp_admin_user
 WP_ADMIN_PASSWORD_FILE=/run/secrets/wp_admin_password
 WP_ADMIN_EMAIL=admin@yantoine.42.fr
 DOMAIN_NAME=yantoine.42.fr
@@ -0,0 +1,17 @@
 LOGIN=yantoine
 DOMAIN_NAME=yantoine.42.fr
 # Chemin hôte où seront stockés les volumes
 HOST_PATH=/home/${LOGIN}/data
 # Base de données
 MYSQL_DATABASE=wordpress
 MYSQL_USER=simple_user
 # Les fichiers secrets contiendront les mots de passe
 # MYSQL_PASSWORD et MYSQL_ROOT_PASSWORD sont fournis via des secrets Docker
 # WordPress
 WP_ADMIN_USER=root
 WP_ADMIN_PASSWORD=supertoor123
 WP_ADMIN_EMAIL=root@mail.com
 WP_TITLE=Inception42
@@ -1,82 +1,86 @@
-version: '3.8'
+version: "3.8"
 services:
-  mariadb:
+  nginx:
-    build: ./requirements/mariadb
+    build: ./requirements/nginx
-    container_name: mariadb
+    container_name: nginx
-    restart: always
+    image: nginx
    depends_on:
      - wordpress
    volumes:
-      - mariadb_data:/var/lib/mysql
+      - wp_data:/var/www/html
    environment:
      MYSQL_ROOT_PASSWORD_FILE: /run/secrets/db_root_password
    secrets:
      - db_root_password
      - db_user
      - db_password
    networks:
      - inception
    ports:
      - "443:443"
    restart: always
    environment:
      - DOMAIN_NAME=${DOMAIN_NAME}
    secrets:
      - tls_crt
      - tls_key
  wordpress:
    build: ./requirements/wordpress
    container_name: wordpress
-    restart: always
+    image: wordpress
    depends_on:
      - mariadb
    volumes:
-      - wordpress_data:/var/www/html
+      - wp_data:/var/www/html
    networks:
      - inception
    restart: always
    environment:
-      MYSQL_DATABASE: wordpress_db
+      - WORDPRESS_DB_HOST=mariadb:3306
-      MYSQL_USER_FILE: /run/secrets/db_user
+      - WORDPRESS_DB_NAME=${MYSQL_DATABASE}
-      MYSQL_PASSWORD_FILE: /run/secrets/db_password
+      - WORDPRESS_DB_USER=${MYSQL_USER}
      - WORDPRESS_DB_PASSWORD_FILE=/run/secrets/db_password
      - DOMAIN_NAME=${DOMAIN_NAME}
    secrets:
      - db_password
  mariadb:
    build: ./requirements/mariadb
    container_name: mariadb
    image: mariadb
    volumes:
      - db_data:/var/lib/mysql
    networks:
      - inception
    restart: always
    environment:
      - MYSQL_ROOT_PASSWORD_FILE=/run/secrets/db_root_password
      - MYSQL_DATABASE=${MYSQL_DATABASE}
      - MYSQL_USER=${MYSQL_USER}
      - MYSQL_PASSWORD_FILE=/run/secrets/db_password
    secrets:
      - db_root_password
      - db_user
      - db_password
      - wp_admin_user
      - wp_admin_password
    networks:
      - inception
  nginx:
    build: ./requirements/nginx
    container_name: nginx
    restart: always
    depends_on:
      - wordpress
    ports:
      - "443:443"
    volumes:
      - wordpress_data:/var/www/html
    networks:
      - inception
 volumes:
-  mariadb_data:
+  db_data:
    driver: local
    driver_opts:
-      type: 'none'
+      type: none
-      device: '/home/yantoine/data/mariadb'
+      device: ${HOST_PATH}/db
-      o: 'bind'
+      o: bind
-  wordpress_data:
+  wp_data:
    driver: local
    driver_opts:
-      type: 'none'
+      type: none
-      device: '/home/yantoine/data/wordpress'
+      device: ${HOST_PATH}/wp
-      o: 'bind'
+      o: bind
 networks:
  inception:
    driver: bridge
 secrets:
  db_root_password:
    file: ./secrets/db_root_password.txt
  db_user:
    file: ./secrets/db_user.txt
  db_password:
-    file: ./secrets/db_password.txt
+    file: ../secrets/db_password.txt
-  wp_admin_user:
+  db_root_password:
-    file: ./secrets/wp_admin_user.txt
+    file: ../secrets/db_root_password.txt
-  wp_admin_password:
+  tls_key:
-    file: ./secrets/wp_admin_password.txt
+    file: ../secrets/tls_key.pem
  tls_crt:
    file: ../secrets/tls_crt.pem
@@ -1,16 +1,12 @@
-FROM debian:12.5-slim
+FROM alpine:3.20
-RUN apt-get update && \
+RUN apk update && \
-    apt-get install -y mariadb-server && \
+    apk add --no-cache mariadb mariadb-client bash && \
-    rm -rf /var/lib/apt/lists/*
+    mkdir -p /run/mysqld && chown -R mysql:mysql /run/mysqld /var/lib/mysql
 # Copie du script d'initialisation
 COPY tools/init-db.sh /docker-entrypoint-initdb.d/init-db.sh
 RUN chmod +x /docker-entrypoint-initdb.d/init-db.sh
 EXPOSE 3306
-
+CMD ["mysqld"]
 COPY conf/my.cnf /etc/mysql/my.cnf
 COPY init.sh /docker-entrypoint-initdb.d/init.sh
 COPY entrypoint.sh /entrypoint.sh
 RUN chmod +x /entrypoint.sh /docker-entrypoint-initdb.d/init.sh
 ENTRYPOINT ["/entrypoint.sh"]
@@ -1,2 +0,0 @@
 [mysqld]
 bind-address=0.0.0.0
@@ -1,30 +0,0 @@
 #!/bin/bash
 set -e
 # Démarre MariaDB en arrière-plan pour l'initialisation
 mysqld_safe --skip-networking &
 sleep 5
 # Vérifie si la DB est déjà initialisée
 if [ ! -d "/var/lib/mysql/mysql" ]; then
    echo "=> Initializing database..."
    mysql_install_db --user=mysql --ldata=/var/lib/mysql
    echo "=> Running init scripts..."
    for f in /docker-entrypoint-initdb.d/*; do
        case "$f" in
            *.sh)  echo "Running $f"; . "$f" ;;
            *.sql) echo "Running $f"; mysql -u root < "$f" ;;
            *)     echo "Ignoring $f" ;;
        esac
    done
    echo "=> Initialization done."
 fi
 # Stop MariaDB safe mode
 mysqladmin -u root shutdown
 # Redémarre MariaDB en mode normal
 exec mysqld_safe
@@ -1,14 +0,0 @@
 #!/bin/bash
 set -e
 echo "=> Creating WordPress database and user..."
 mysql -u root <<EOF
 CREATE DATABASE IF NOT EXISTS wordpress_db CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci;
 CREATE USER IF NOT EXISTS 'wp_user'@'%' IDENTIFIED BY 'wp_pass123';
 GRANT ALL PRIVILEGES ON wordpress_db.* TO 'wp_user'@'%';
 FLUSH PRIVILEGES;
 EOF
 echo "=> WordPress database and user created!"
@@ -0,0 +1,15 @@
 #!/bin/sh
 set -eu
 echo "Initialisation de la base de données…"
 # Création de la base et de l'utilisateur
 cat <<-EOSQL > /tmp/init.sql
 CREATE DATABASE IF NOT EXISTS \`${MYSQL_DATABASE}\`;
 CREATE USER IF NOT EXISTS '\${MYSQL_USER}'@'%' IDENTIFIED BY '\$(cat /run/secrets/db_password)';
 GRANT ALL PRIVILEGES ON \`${MYSQL_DATABASE}\`.* TO '\${MYSQL_USER}'@'%';
 FLUSH PRIVILEGES;
 EOSQL
 mysql -u root -p"$(cat /run/secrets/db_root_password)" < /tmp/init.sql
 rm /tmp/init.sql
@@ -0,0 +1,2 @@
 *.pem
 *.crt
@@ -1,12 +1,13 @@
-FROM alpine:3.19
+FROM alpine:3.20
-RUN apk add --no-cache nginx openssl
+RUN apk update && apk add --no-cache nginx openssl bash
 # Copie des fichiers de configuration
 COPY conf/nginx.conf /etc/nginx/nginx.conf
 COPY conf/default.conf /etc/nginx/http.d/default.conf
-COPY tools/generate_ssl.sh /tmp/generate_ssl.sh
+COPY tools/entrypoint.sh /entrypoint.sh
-
+RUN chmod +x /entrypoint.sh
 RUN chmod +x /tmp/generate_ssl.sh && /tmp/generate_ssl.sh
 EXPOSE 443
-CMD ["nginx", "-g", "daemon off;"]
+ENTRYPOINT ["/entrypoint.sh"]
@@ -1,11 +1,11 @@
 server {
-    listen 443 ssl;
+    listen 443 ssl http2;
-    server_name yantoine.42.fr;
+    server_name __DOMAIN_NAME__;
-    ssl_certificate /etc/ssl/private/yantoine.42.fr.crt;
+    ssl_certificate     /etc/ssl/certs/server.crt;
-    ssl_certificate_key /etc/ssl/private/yantoine.42.fr.key;
+    ssl_certificate_key /etc/ssl/private/server.key;
-
+    ssl_protocols       TLSv1.2 TLSv1.3;
-    ssl_protocols TLSv1.2 TLSv1.3;
+    ssl_prefer_server_ciphers off;
    root /var/www/html;
    index index.php index.html;
@@ -15,8 +15,9 @@ server {
    }
    location ~ \.php$ {
        fastcgi_pass wordpress:9000;
        include fastcgi_params;
        fastcgi_pass wordpress:9000;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
        fastcgi_param PATH_INFO $fastcgi_path_info;
    }
 }
@@ -0,0 +1,21 @@
 user nginx;
 worker_processes auto;
 error_log  /var/log/nginx/error.log warn;
 pid        /var/run/nginx.pid;
 events {
    worker_connections 1024;
 }
 http {
    include       /etc/nginx/mime.types;
    default_type  application/octet-stream;
    access_log  /var/log/nginx/access.log  main;
    sendfile        on;
    keepalive_timeout  65;
    include /etc/nginx/http.d/*.conf;
 }
@@ -0,0 +1,12 @@
 #!/bin/sh
 set -eu
 # Copie des secrets TLS vers leurs emplacements
 cp /run/secrets/tls_crt /etc/ssl/certs/server.crt
 cp /run/secrets/tls_key /etc/ssl/private/server.key
 chmod 600 /etc/ssl/private/server.key
 # Remplacement du nom de domaine dans la conf
 sed -i "s/__DOMAIN_NAME__/${DOMAIN_NAME}/g" /etc/nginx/http.d/default.conf
 exec nginx -g 'daemon off;'
@@ -1,7 +0,0 @@
 #!/bin/sh
 mkdir -p /etc/ssl/private
 openssl req -x509 -nodes -days 365 \
  -subj "/C=FR/ST=Paris/L=Paris/O=42/OU=Login/CN=yantoine.42.fr" \
  -newkey rsa:2048 \
  -keyout /etc/ssl/private/yantoine.42.fr.key \
  -out /etc/ssl/private/yantoine.42.fr.crt
@@ -1,33 +1,22 @@
-FROM debian:11
+FROM alpine:3.20
-RUN apt-get update && apt-get install -y \
+RUN apk update && \
-    mariadb-client \
+    apk add --no-cache php82 php82-fpm php82-mysqli php82-json php82-session php82-phar \
-    curl \
+        php82-xml php82-mbstring php82-gd php82-curl php82-dom wget bash && \
-    php7.4-fpm \
+    adduser -D -g 'www' www
    php7.4-mysql \
    php7.4-cli \
    php7.4-curl \
    php7.4-gd \
    php7.4-mbstring \
    php7.4-xml \
    php7.4-zip \
    && apt-get clean
 # Fix: créer le dossier /run/php
 RUN mkdir -p /run/php
 # Fix: forcer php-fpm à écouter sur le port 9000
 RUN sed -i 's|listen = /run/php/php7.4-fpm.sock|listen = 9000|' /etc/php/7.4/fpm/pool.d/www.conf
 WORKDIR /var/www/html
-RUN curl -o wordpress.tar.gz https://wordpress.org/latest.tar.gz && \
+# Téléchargement de WordPress
-    tar -xzf wordpress.tar.gz --strip-components=1 && \
+RUN wget https://wordpress.org/latest.tar.gz && \
-    rm wordpress.tar.gz
+    tar -xzf latest.tar.gz --strip-components=1 && \
    rm latest.tar.gz
-COPY conf/wp-config.php /var/www/html/wp-config.php
+COPY tools/entrypoint.sh /entrypoint.sh
 RUN chmod +x /entrypoint.sh && \
    chown -R www:www /var/www/html && \
    sed -i 's|listen = .*|listen = 0.0.0.0:9000|' /etc/php82/php-fpm.d/www.conf
 USER www
 EXPOSE 9000
-
+ENTRYPOINT ["/entrypoint.sh"]
 CMD ["/usr/sbin/php-fpm7.4", "-F"]
@@ -1,18 +0,0 @@
 <?php
 define( 'DB_NAME', getenv('MYSQL_DATABASE') );
 define( 'DB_USER', trim(file_get_contents(getenv('MYSQL_USER_FILE'))) );
 define( 'DB_PASSWORD', trim(file_get_contents(getenv('MYSQL_PASSWORD_FILE'))) );
 define( 'DB_HOST', 'mariadb' );
 define( 'DB_CHARSET', 'utf8mb4' );
 define( 'DB_COLLATE', '' );
 $table_prefix = 'wp_';
 define( 'WP_DEBUG', false );
 if ( ! defined( 'ABSPATH' ) ) {
    define( 'ABSPATH', __DIR__ . '/' );
 }
 require_once ABSPATH . 'wp-settings.php';
@@ -0,0 +1,15 @@
 #!/bin/sh
 set -eu
 CONFIG=/var/www/html/wp-config.php
 if [ ! -f "$CONFIG" ]; then
    cp wp-config-sample.php $CONFIG
    sed -i "s/database_name_here/${WORDPRESS_DB_NAME}/" $CONFIG
    sed -i "s/username_here/${WORDPRESS_DB_USER}/" $CONFIG
    sed -i "s/password_here/$(cat ${WORDPRESS_DB_PASSWORD_FILE})/" $CONFIG
    sed -i "s/localhost/${WORDPRESS_DB_HOST}/" $CONFIG
 fi
 # Lancement de php-fpm au premier plan
 php-fpm --nodaemonize
@@ -1 +0,0 @@
 wp_pass123
@@ -1 +0,0 @@
 rootpass123
@@ -1 +0,0 @@
 wp_user
@@ -1 +0,0 @@
 cbienrelouquandmeme
@@ -1 +0,0 @@
 jenpeuxplusdeceprojet