From 82a73997c30184ffe89ce8ab8bdfe3cbe251ffee Mon Sep 17 00:00:00 2001 From: Blue Gaston Date: Tue, 6 Apr 2021 11:09:35 -0700 Subject: [PATCH 01/11] alpine --- workflow-test.sh | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/workflow-test.sh b/workflow-test.sh index d379fe3da6..686beb1995 100755 --- a/workflow-test.sh +++ b/workflow-test.sh @@ -46,7 +46,6 @@ function start { docker run --rm --name mysql-host -e MYSQL_ROOT_PASSWORD=qwerty -d mysql:5.7 docker run --rm -e MODE=$MODE --name $container -v $PWD/wordpress:/wordpress --link mysql-host:mysql -p 8000:80 $image else - echo "alpine" docker tag $image $image:alpine-7.2-test MODE=$MODE headsha="test" docker-compose -f $compose up fi @@ -54,7 +53,7 @@ function start { echo "testing vanilla wordpress" start & -sleep 20 +sleep 45 if [ "$( docker container inspect -f '{{.State.Running}}' $container )" == "false" ]; then fail "Vanilla container failed to start -- check container errors." fi From 7be7497620190f5f1531cbb1ee9becb08e2f5ee6 Mon Sep 17 00:00:00 2001 From: Blue Gaston Date: Tue, 6 Apr 2021 11:10:32 -0700 Subject: [PATCH 02/11] alpine --- .github/workflows/publish-7.2-fpm.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/publish-7.2-fpm.yml b/.github/workflows/publish-7.2-fpm.yml index ead443b78e..ba59e6ebea 100644 --- a/.github/workflows/publish-7.2-fpm.yml +++ b/.github/workflows/publish-7.2-fpm.yml @@ -18,6 +18,7 @@ jobs: - name: Test 7.2 WordPress Image run: ./workflow-test.sh ./php7.2/fpm-alpine/docker-compose.yml shell: bash + working-directory: ./ - uses: docker/login-action@v1 with: username: ${{ secrets.DOCKER_USERNAME }} From 27a1c62b17de7e0005c2da04557a0eb3edbc1d7c Mon Sep 17 00:00:00 2001 From: Blue Gaston Date: Tue, 6 Apr 2021 11:47:56 -0700 Subject: [PATCH 03/11] Update publish --- php7.2/fpm-alpine/publish-image.sh | 2 + php7.2/fpm-alpine/scripts/build-scrambled.sh | 30 ++ php7.2/fpm-alpine/scripts/dispatch.sh | 40 +++ .../fpm-alpine/scripts/docker-entrypoint.sh | 318 ++++++++++++++++++ php7.2/fpm-alpine/scripts/reset.sh | 4 + php7.2/fpm-alpine/scripts/scramble.sh | 79 +++++ 6 files changed, 473 insertions(+) create mode 100755 php7.2/fpm-alpine/scripts/build-scrambled.sh create mode 100755 php7.2/fpm-alpine/scripts/dispatch.sh create mode 100755 php7.2/fpm-alpine/scripts/docker-entrypoint.sh create mode 100755 php7.2/fpm-alpine/scripts/reset.sh create mode 100755 php7.2/fpm-alpine/scripts/scramble.sh diff --git a/php7.2/fpm-alpine/publish-image.sh b/php7.2/fpm-alpine/publish-image.sh index 66de4a8a31..8287bb342d 100755 --- a/php7.2/fpm-alpine/publish-image.sh +++ b/php7.2/fpm-alpine/publish-image.sh @@ -7,6 +7,7 @@ headsha=$(git rev-parse --verify HEAD) echo "Copying scripts into current directory for docker build context..." cp -Rp ../../scripts . +echo "Building and Tagging" #Build and Tage docker build -t $image:alpine-7.2-$headsha . docker tag $image:alpine-7.2-$headsha $image:alpine-7.2 @@ -14,6 +15,7 @@ docker tag $image:alpine-7.2-$headsha $image:latest #Dockerhub Respository if [[ "$1" == "-p" ]]; then + echo "Pushing to Docker Hub" docker push $image:alpine-7.2-$headsha docker push $image:alpine-7.2-latest docker push $image:latest diff --git a/php7.2/fpm-alpine/scripts/build-scrambled.sh b/php7.2/fpm-alpine/scripts/build-scrambled.sh new file mode 100755 index 0000000000..020777e800 --- /dev/null +++ b/php7.2/fpm-alpine/scripts/build-scrambled.sh @@ -0,0 +1,30 @@ +#!/bin/bash +# Copyright (c) 2020 Polyverse Corporation + +if [ ! -v PHP_EXEC ]; then + PHP_EXEC=/usr/local/bin +fi + +if [ ! -f "${PHP_EXEC}/s_php" ]; then + cp -p $PHP_EXEC/php $PHP_EXEC/s_php +fi + +if [ ! -d "${POLYSCRIPT_PATH}/vanilla-save" ]; then + mkdir $POLYSCRIPT_PATH/vanilla-save + cp -p $PHP_SRC_PATH/Zend/zend_language_scanner.l /usr/local/bin/polyscripting/vanilla-save/zend_language_scanner.l + cp -p $PHP_SRC_PATH/Zend/zend_language_parser.y /usr/local/bin/polyscripting/vanilla-save/zend_language_parser.y + cp -p $PHP_SRC_PATH/ext/phar/phar.php /usr/local/bin/polyscripting/vanilla-save/phar.php +fi + +$POLYSCRIPT_PATH//php-scrambler + +cp -p $PHP_SRC_PATH/ext/phar/phar.php . + +$PHP_EXEC/s_php tok-php-transformer.php -p $POLYSCRIPT_PATH//phar.php --replace +mv $POLYSCRIPT_PATH//phar.php $PHP_SRC_PATH/ext/phar/phar.php + +cd $PHP_SRC_PATH; make -o ext/phar/phar.php install -k; cd $POLYSCRIPT_PATH; + +cp -p /usr/local/bin/polyscripting/vanilla-save/zend_language_scanner.l $PHP_SRC_PATH/Zend/zend_language_scanner.l +cp -p /usr/local/bin/polyscripting/vanilla-save/zend_language_parser.y $PHP_SRC_PATH/Zend/zend_language_parser.y +cp -p /usr/local/bin/polyscripting/vanilla-save/phar.php $PHP_SRC_PATH/ext/phar/phar.php diff --git a/php7.2/fpm-alpine/scripts/dispatch.sh b/php7.2/fpm-alpine/scripts/dispatch.sh new file mode 100755 index 0000000000..9c6586e4a2 --- /dev/null +++ b/php7.2/fpm-alpine/scripts/dispatch.sh @@ -0,0 +1,40 @@ +#!/bin/bash +# Copyright (c) 2020 Polyverse Corporation + +test -n "$1" || { echo "$0 "; exit 1; } +port=$1 + +function poly-dispatcher () { + while true ; do + read -d ' ' msg + case $msg in + 1 ) + echo "1" >> dispatcher-in.logs + export MODE=polyscripted ;; + 2 ) + echo "2" >> dispatcher-in.logs + export MODE=polyscripted ;; + 3 ) + echo "3" >> dispatcher-in.logs + export MODE=off ;; + * ) + err='true' + echo "err" >> dispatcher-in.logs + echo "Commands: 1, scramble; 2, rescramble; 3, reset;" + echo " ctrl-c to exit" + esac + if ! [[ $err = 'true' ]]; then + scramble.sh >& /usr/local/bin/polyscripting/to_main_process + service apache2 stop >& /usr/local/bin/polyscripting/to_main_process + /usr/local/bin/tini -s -- "apache2-foreground" >& /usr/local/bin/polyscripting/to_main_process & + err='false' + fi + echo "done" >> dispatcher-in.logs + echo -n "> " + done + echo "complete" >> dispatcher-in.logs +} + +coproc proc_dispatcher { poly-dispatcher; } + +nc -v -l -p $port -k <&${proc_dispatcher[0]} >&${proc_dispatcher[1]} diff --git a/php7.2/fpm-alpine/scripts/docker-entrypoint.sh b/php7.2/fpm-alpine/scripts/docker-entrypoint.sh new file mode 100755 index 0000000000..ca26520981 --- /dev/null +++ b/php7.2/fpm-alpine/scripts/docker-entrypoint.sh @@ -0,0 +1,318 @@ +#!/bin/bash +set -euo pipefail + +# usage: file_env VAR [DEFAULT] +# ie: file_env 'XYZ_DB_PASSWORD' 'example' +# (will allow for "$XYZ_DB_PASSWORD_FILE" to fill in the value of +# "$XYZ_DB_PASSWORD" from a file, especially for Docker's secrets feature) +file_env() { + local var="$1" + local fileVar="${var}_FILE" + local def="${2:-}" + if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then + echo >&2 "error: both $var and $fileVar are set (but are exclusive)" + exit 1 + fi + local val="$def" + if [ "${!var:-}" ]; then + val="${!var}" + elif [ "${!fileVar:-}" ]; then + val="$(< "${!fileVar}")" + fi + export "$var"="$val" + unset "$fileVar" +} + +if [[ "$1" == apache2* ]] || [ "$1" == php-fpm ]; then + if [ "$(id -u)" = '0' ]; then + case "$1" in + apache2*) + user="${APACHE_RUN_USER:-www-data}" + group="${APACHE_RUN_GROUP:-www-data}" + + # strip off any '#' symbol ('#1000' is valid syntax for Apache) + pound='#' + user="${user#$pound}" + group="${group#$pound}" + ;; + *) # php-fpm + user='www-data' + group='www-data' + ;; + esac + else + user="$(id -u)" + group="$(id -g)" + fi + + if [ ! -d /wordpress ]; then + echo "Please mount a directory at /wordpress where unscrambled wordpress can be saved. " + echo "You may mount an empty directory and it will be auto-populated with WordPress." + exit 1 + fi + cd /wordpress + + if [ ! -e index.php ] && [ ! -e wp-includes/version.php ]; then + # if the directory exists and WordPress doesn't appear to be installed AND the permissions of it are root:root, let's chown it (likely a Docker-created directory) + if [ "$(id -u)" = '0' ] && [ "$(stat -c '%u:%g' .)" = '0:0' ]; then + chown "$user:$group" . + fi + + echo >&2 "WordPress not found in $PWD - copying now..." + if [ -n "$(ls -A)" ]; then + echo >&2 "WARNING: $PWD is not empty! (copying anyhow)" + fi + sourceTarArgs=( + --create + --file - + --one-file-system + --directory /usr/src/wordpress + --owner "$user" --group "$group" + ) + targetTarArgs=( + --extract + --file - + ) + if [ "$user" != '0' ]; then + # avoid "tar: .: Cannot utime: Operation not permitted" and "tar: .: Cannot change mode to rwxr-xr-x: Operation not permitted" + targetTarArgs+=( --no-overwrite-dir ) + fi + tar "${sourceTarArgs[@]}" . | tar "${targetTarArgs[@]}" + echo >&2 "Complete! WordPress has been successfully copied to $PWD" + if [ ! -e .htaccess ]; then + # NOTE: The "Indexes" option is disabled in the php:apache base image + cat > .htaccess <<-'EOF' + # BEGIN WordPress + + RewriteEngine On + RewriteBase / + RewriteRule ^index\.php$ - [L] + RewriteCond %{REQUEST_FILENAME} !-f + RewriteCond %{REQUEST_FILENAME} !-d + RewriteRule . /index.php [L] + + # END WordPress + EOF + chown "$user:$group" .htaccess + fi + fi + + # allow any of these "Authentication Unique Keys and Salts." to be specified via + # environment variables with a "WORDPRESS_" prefix (ie, "WORDPRESS_AUTH_KEY") + uniqueEnvs=( + AUTH_KEY + SECURE_AUTH_KEY + LOGGED_IN_KEY + NONCE_KEY + AUTH_SALT + SECURE_AUTH_SALT + LOGGED_IN_SALT + NONCE_SALT + ) + envs=( + WORDPRESS_DB_HOST + WORDPRESS_DB_USER + WORDPRESS_DB_PASSWORD + WORDPRESS_DB_NAME + WORDPRESS_DB_CHARSET + WORDPRESS_DB_COLLATE + "${uniqueEnvs[@]/#/WORDPRESS_}" + WORDPRESS_TABLE_PREFIX + WORDPRESS_DEBUG + WORDPRESS_CONFIG_EXTRA + ) + haveConfig= + for e in "${envs[@]}"; do + file_env "$e" + if [ -z "$haveConfig" ] && [ -n "${!e}" ]; then + haveConfig=1 + fi + done + + # linking backwards-compatibility + if [ -n "${!MYSQL_ENV_MYSQL_*}" ]; then + haveConfig=1 + # host defaults to "mysql" below if unspecified + : "${WORDPRESS_DB_USER:=${MYSQL_ENV_MYSQL_USER:-root}}" + if [ "$WORDPRESS_DB_USER" = 'root' ]; then + : "${WORDPRESS_DB_PASSWORD:=${MYSQL_ENV_MYSQL_ROOT_PASSWORD:-}}" + else + : "${WORDPRESS_DB_PASSWORD:=${MYSQL_ENV_MYSQL_PASSWORD:-}}" + fi + : "${WORDPRESS_DB_NAME:=${MYSQL_ENV_MYSQL_DATABASE:-}}" + fi + + # only touch "wp-config.php" if we have environment-supplied configuration values + if [ "$haveConfig" ]; then + : "${WORDPRESS_DB_HOST:=mysql}" + : "${WORDPRESS_DB_USER:=root}" + : "${WORDPRESS_DB_PASSWORD:=}" + : "${WORDPRESS_DB_NAME:=wordpress}" + : "${WORDPRESS_DB_CHARSET:=utf8}" + : "${WORDPRESS_DB_COLLATE:=}" + + # version 4.4.1 decided to switch to windows line endings, that breaks our seds and awks + # https://github.com/docker-library/wordpress/issues/116 + # https://github.com/WordPress/WordPress/commit/1acedc542fba2482bab88ec70d4bea4b997a92e4 + sed -ri -e 's/\r$//' wp-config* + + if [ ! -e wp-config.php ]; then + awk ' + /^\/\*.*stop editing.*\*\/$/ && c == 0 { + c = 1 + system("cat") + if (ENVIRON["WORDPRESS_CONFIG_EXTRA"]) { + print "// WORDPRESS_CONFIG_EXTRA" + print ENVIRON["WORDPRESS_CONFIG_EXTRA"] "\n" + } + } + { print } + ' wp-config-sample.php > wp-config.php <<'EOPHP' +// If we're behind a proxy server and using HTTPS, we need to alert WordPress of that fact +// see also http://codex.wordpress.org/Administration_Over_SSL#Using_a_Reverse_Proxy +if (isset($_SERVER['HTTP_X_FORWARDED_PROTO']) && $_SERVER['HTTP_X_FORWARDED_PROTO'] === 'https') { + $_SERVER['HTTPS'] = 'on'; +} + +EOPHP + chown "$user:$group" wp-config.php + elif [ -e wp-config.php ] && [ -n "$WORDPRESS_CONFIG_EXTRA" ] && [[ "$(< wp-config.php)" != *"$WORDPRESS_CONFIG_EXTRA"* ]]; then + # (if the config file already contains the requested PHP code, don't print a warning) + echo >&2 + echo >&2 'WARNING: environment variable "WORDPRESS_CONFIG_EXTRA" is set, but "wp-config.php" already exists' + echo >&2 ' The contents of this variable will _not_ be inserted into the existing "wp-config.php" file.' + echo >&2 ' (see https://github.com/docker-library/wordpress/issues/333 for more details)' + echo >&2 + fi + + # see http://stackoverflow.com/a/2705678/433558 + sed_escape_lhs() { + echo "$@" | sed -e 's/[]\/$*.^|[]/\\&/g' + } + sed_escape_rhs() { + echo "$@" | sed -e 's/[\/&]/\\&/g' + } + php_escape() { + local escaped="$(php -r 'var_export(('"$2"') $argv[1]);' -- "$1")" + if [ "$2" = 'string' ] && [ "${escaped:0:1}" = "'" ]; then + escaped="${escaped//$'\n'/"' + \"\\n\" + '"}" + fi + echo "$escaped" + } + set_config() { + key="$1" + value="$2" + var_type="${3:-string}" + start="(['\"])$(sed_escape_lhs "$key")\2\s*," + end="\);" + if [ "${key:0:1}" = '$' ]; then + start="^(\s*)$(sed_escape_lhs "$key")\s*=" + end=";" + fi + sed -ri -e "s/($start\s*).*($end)$/\1$(sed_escape_rhs "$(php_escape "$value" "$var_type")")\3/" wp-config.php + } + + set_config 'DB_HOST' "$WORDPRESS_DB_HOST" + set_config 'DB_USER' "$WORDPRESS_DB_USER" + set_config 'DB_PASSWORD' "$WORDPRESS_DB_PASSWORD" + set_config 'DB_NAME' "$WORDPRESS_DB_NAME" + set_config 'DB_CHARSET' "$WORDPRESS_DB_CHARSET" + set_config 'DB_COLLATE' "$WORDPRESS_DB_COLLATE" + + for unique in "${uniqueEnvs[@]}"; do + uniqVar="WORDPRESS_$unique" + if [ -n "${!uniqVar}" ]; then + set_config "$unique" "${!uniqVar}" + else + # if not specified, let's generate a random value + currentVal="$(sed -rn -e "s/define\(\s*(([\'\"])$unique\2\s*,\s*)(['\"])(.*)\3\s*\);/\4/p" wp-config.php)" + if [ "$currentVal" = 'put your unique phrase here' ]; then + set_config "$unique" "$(head -c1m /dev/urandom | sha1sum | cut -d' ' -f1)" + fi + fi + done + + if [ "$WORDPRESS_TABLE_PREFIX" ]; then + set_config '$table_prefix' "$WORDPRESS_TABLE_PREFIX" + fi + + if [ "$WORDPRESS_DEBUG" ]; then + set_config 'WP_DEBUG' 1 boolean + fi + + if ! TERM=dumb php -- <<'EOPHP' +connect_error) { + fwrite($stderr, "\n" . 'MySQL Connection Error: (' . $mysql->connect_errno . ') ' . $mysql->connect_error . "\n"); + --$maxTries; + if ($maxTries <= 0) { + exit(1); + } + sleep(3); + } +} while ($mysql->connect_error); + +if (!$mysql->query('CREATE DATABASE IF NOT EXISTS `' . $mysql->real_escape_string($dbName) . '`')) { + fwrite($stderr, "\n" . 'MySQL "CREATE DATABASE" Error: ' . $mysql->error . "\n"); + $mysql->close(); + exit(1); +} + +$mysql->close(); +EOPHP + then + echo >&2 + echo >&2 "WARNING: unable to establish a database connection to '$WORDPRESS_DB_HOST'" + echo >&2 ' continuing anyways (which might have unexpected results)' + echo >&2 + fi + fi + + # now that we're definitely done writing configuration, let's clear out the relevant envrionment variables (so that stray "phpinfo()" calls don't leak secrets from our code) + for e in "${envs[@]}"; do + unset "$e" + done + + if [ -e $POLYSCRIPT_PATH/scramble.sh ]; then + echo "Scrambler script found. Calling it..." + $POLYSCRIPT_PATH/scramble.sh + fi +fi + +if [ -f "/usr/local/bin/s_php" ]; then + rm -rf /usr/local/bin/s_php +fi + +# Get all child processes to send data to us such that we can +# print restarted apache output to stdout + +mkfifo /usr/local/bin/polyscripting/to_main_process + +echo "Forking off dispatcher and running $@..." +/usr/local/bin/polyscripting/dispatch.sh 2323 >& /usr/local/bin/polyscripting/to_main_process & +/usr/local/bin/tini -s -- "$@" >& /usr/local/bin/polyscripting/to_main_process & + +# Infinite wait and print to stdout +echo "Capturing dispatcher and apache output to stdout..." +while true; do cat /usr/local/bin/polyscripting/to_main_process; done diff --git a/php7.2/fpm-alpine/scripts/reset.sh b/php7.2/fpm-alpine/scripts/reset.sh new file mode 100755 index 0000000000..28d5ec5bf4 --- /dev/null +++ b/php7.2/fpm-alpine/scripts/reset.sh @@ -0,0 +1,4 @@ +#!/bin/bash +# Copyright (c) 2020 Polyverse Corporation + +cd $PHP_SRC_PATH; make -o ext/phar/phar.php install -k; cd $POLYSCRIPT_PATH; diff --git a/php7.2/fpm-alpine/scripts/scramble.sh b/php7.2/fpm-alpine/scripts/scramble.sh new file mode 100755 index 0000000000..fc11ac5459 --- /dev/null +++ b/php7.2/fpm-alpine/scripts/scramble.sh @@ -0,0 +1,79 @@ +#!/bin/bash + +if [ "$(ls -A /var/www/html)" ]; then + echo "The directory /var/www/html is non-empty. This is unexpected and dangerous for this container." + echo "This container expects Wordpress (or the PHP app) at location '/wordpress' which will then be" + echo "properly provided at /var/www/html either directly or polyscripted." + echo "" + echo "To avoid destroying your code, aboring this container." + + exit 1 +else + rm -rf /var/www/html +fi + +if [[ "$MODE" == "polyscripted" || -f /polyscripted ]]; then + + echo "===================== POLYSCRIPTING ENABLED ==========================" + if [ -d /wordpress ]; then + echo "Copying /wordpress to /var/www/html to be polyscripted in place..." + echo "This will prevent changes from being saved back to /wordpress, but will protect" + echo "against code injection attacks..." + cp -Rp /wordpress /var/www/temp + fi + + echo "Starting polyscripted WordPress" + cd $POLYSCRIPT_PATH + sed -i "/#mod_allow/a \define( 'DISALLOW_FILE_MODS', true );" /var/www/html/wp-config.php + ./build-scrambled.sh + if [ -f scrambled.json ] && s_php tok-php-transformer.php -p /var/www/temp --replace; then + rm -rf /var/www/html + mv /var/www/temp /var/www/html + echo "Polyscripting enabled." + echo "done" + else + echo "Polyscripting failed." + cp -p /usr/local/bin/s_php /usr/local/bin/php + exit 1 + fi + + echo "Removing /var/www/html/wp-content/uploads (since it was deep-copied)..." + echo "Don't worry it will be mounted properly in a moment." + rm -rf /var/www/html/wp-content/uploads + +else + echo "Polyscripted mode is off. To enable it, either:" + echo " 1. Set the environment variable: MODE=polyscripted" + echo " 2. OR create a file at path: /polyscripted" + + if [ -d $POLYSCRIPT_PATH/vanilla-save ]; then + $POLYSCRIPT_PATH/reset.sh + fi + + # Symlink the mount so it's editable + ln -s /wordpress /var/www/html +fi + +if [ -d /var/www/html/wp-content/uploads ]; then + echo "Directory for uploads /var/www/html/wp-content/uploads exists. Doing nothing." +else + echo "Directory for uploads /var/www/html/wp-content/uploads does not exist. Looking to mount it..." + if [ -d /uploads ]; then + echo "Uploads mounted at /uploads so symlinking that to /var/www/html/wp-content/uploads" + ln -s /uploads /var/www/html/wp-content/uploads + else + if [ ! -d /wordpress/wp-content/uploads ]; then + echo "Creating a directory for uploads at: /wordpress/wp-content/uploads" + mkdir /wordpress/wp-content/uploads + fi + + if [ -d /var/www/html/wp-content/uploads ]; then + echo "/var/www/html/wp-content/uploads exists now." + echo "/wordpress is probably already symlinked to /var/www/html (encapsulating /wordpress/wp-content/uploads with it)" + else + echo "Symlinking /wordpress/wp-content/uploads to /var/www/html/wp-content/uploads for persistent uploads" + ln -s /wordpress/wp-content/uploads /var/www/html/wp-content/uploads + fi + + fi +fi \ No newline at end of file From ac7380570ed062391a5e0de9f7dde331ce0d4f5e Mon Sep 17 00:00:00 2001 From: Blue Gaston Date: Tue, 6 Apr 2021 11:51:19 -0700 Subject: [PATCH 04/11] test workflow --- php7.2/fpm-alpine/publish-image.sh | 3 +- php7.2/fpm-alpine/scripts/build-scrambled.sh | 30 -- php7.2/fpm-alpine/scripts/dispatch.sh | 40 --- .../fpm-alpine/scripts/docker-entrypoint.sh | 318 ------------------ php7.2/fpm-alpine/scripts/reset.sh | 4 - php7.2/fpm-alpine/scripts/scramble.sh | 79 ----- 6 files changed, 1 insertion(+), 473 deletions(-) delete mode 100755 php7.2/fpm-alpine/scripts/build-scrambled.sh delete mode 100755 php7.2/fpm-alpine/scripts/dispatch.sh delete mode 100755 php7.2/fpm-alpine/scripts/docker-entrypoint.sh delete mode 100755 php7.2/fpm-alpine/scripts/reset.sh delete mode 100755 php7.2/fpm-alpine/scripts/scramble.sh diff --git a/php7.2/fpm-alpine/publish-image.sh b/php7.2/fpm-alpine/publish-image.sh index 8287bb342d..1d25a5776c 100755 --- a/php7.2/fpm-alpine/publish-image.sh +++ b/php7.2/fpm-alpine/publish-image.sh @@ -11,14 +11,13 @@ echo "Building and Tagging" #Build and Tage docker build -t $image:alpine-7.2-$headsha . docker tag $image:alpine-7.2-$headsha $image:alpine-7.2 -docker tag $image:alpine-7.2-$headsha $image:latest +docker tag $image:alpine-7.2-$headsha $image:alpine-7.2-latest #Dockerhub Respository if [[ "$1" == "-p" ]]; then echo "Pushing to Docker Hub" docker push $image:alpine-7.2-$headsha docker push $image:alpine-7.2-latest - docker push $image:latest fi #Github Container Repository if [[ "$1" == "-g" ]]; then diff --git a/php7.2/fpm-alpine/scripts/build-scrambled.sh b/php7.2/fpm-alpine/scripts/build-scrambled.sh deleted file mode 100755 index 020777e800..0000000000 --- a/php7.2/fpm-alpine/scripts/build-scrambled.sh +++ /dev/null @@ -1,30 +0,0 @@ -#!/bin/bash -# Copyright (c) 2020 Polyverse Corporation - -if [ ! -v PHP_EXEC ]; then - PHP_EXEC=/usr/local/bin -fi - -if [ ! -f "${PHP_EXEC}/s_php" ]; then - cp -p $PHP_EXEC/php $PHP_EXEC/s_php -fi - -if [ ! -d "${POLYSCRIPT_PATH}/vanilla-save" ]; then - mkdir $POLYSCRIPT_PATH/vanilla-save - cp -p $PHP_SRC_PATH/Zend/zend_language_scanner.l /usr/local/bin/polyscripting/vanilla-save/zend_language_scanner.l - cp -p $PHP_SRC_PATH/Zend/zend_language_parser.y /usr/local/bin/polyscripting/vanilla-save/zend_language_parser.y - cp -p $PHP_SRC_PATH/ext/phar/phar.php /usr/local/bin/polyscripting/vanilla-save/phar.php -fi - -$POLYSCRIPT_PATH//php-scrambler - -cp -p $PHP_SRC_PATH/ext/phar/phar.php . - -$PHP_EXEC/s_php tok-php-transformer.php -p $POLYSCRIPT_PATH//phar.php --replace -mv $POLYSCRIPT_PATH//phar.php $PHP_SRC_PATH/ext/phar/phar.php - -cd $PHP_SRC_PATH; make -o ext/phar/phar.php install -k; cd $POLYSCRIPT_PATH; - -cp -p /usr/local/bin/polyscripting/vanilla-save/zend_language_scanner.l $PHP_SRC_PATH/Zend/zend_language_scanner.l -cp -p /usr/local/bin/polyscripting/vanilla-save/zend_language_parser.y $PHP_SRC_PATH/Zend/zend_language_parser.y -cp -p /usr/local/bin/polyscripting/vanilla-save/phar.php $PHP_SRC_PATH/ext/phar/phar.php diff --git a/php7.2/fpm-alpine/scripts/dispatch.sh b/php7.2/fpm-alpine/scripts/dispatch.sh deleted file mode 100755 index 9c6586e4a2..0000000000 --- a/php7.2/fpm-alpine/scripts/dispatch.sh +++ /dev/null @@ -1,40 +0,0 @@ -#!/bin/bash -# Copyright (c) 2020 Polyverse Corporation - -test -n "$1" || { echo "$0 "; exit 1; } -port=$1 - -function poly-dispatcher () { - while true ; do - read -d ' ' msg - case $msg in - 1 ) - echo "1" >> dispatcher-in.logs - export MODE=polyscripted ;; - 2 ) - echo "2" >> dispatcher-in.logs - export MODE=polyscripted ;; - 3 ) - echo "3" >> dispatcher-in.logs - export MODE=off ;; - * ) - err='true' - echo "err" >> dispatcher-in.logs - echo "Commands: 1, scramble; 2, rescramble; 3, reset;" - echo " ctrl-c to exit" - esac - if ! [[ $err = 'true' ]]; then - scramble.sh >& /usr/local/bin/polyscripting/to_main_process - service apache2 stop >& /usr/local/bin/polyscripting/to_main_process - /usr/local/bin/tini -s -- "apache2-foreground" >& /usr/local/bin/polyscripting/to_main_process & - err='false' - fi - echo "done" >> dispatcher-in.logs - echo -n "> " - done - echo "complete" >> dispatcher-in.logs -} - -coproc proc_dispatcher { poly-dispatcher; } - -nc -v -l -p $port -k <&${proc_dispatcher[0]} >&${proc_dispatcher[1]} diff --git a/php7.2/fpm-alpine/scripts/docker-entrypoint.sh b/php7.2/fpm-alpine/scripts/docker-entrypoint.sh deleted file mode 100755 index ca26520981..0000000000 --- a/php7.2/fpm-alpine/scripts/docker-entrypoint.sh +++ /dev/null @@ -1,318 +0,0 @@ -#!/bin/bash -set -euo pipefail - -# usage: file_env VAR [DEFAULT] -# ie: file_env 'XYZ_DB_PASSWORD' 'example' -# (will allow for "$XYZ_DB_PASSWORD_FILE" to fill in the value of -# "$XYZ_DB_PASSWORD" from a file, especially for Docker's secrets feature) -file_env() { - local var="$1" - local fileVar="${var}_FILE" - local def="${2:-}" - if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then - echo >&2 "error: both $var and $fileVar are set (but are exclusive)" - exit 1 - fi - local val="$def" - if [ "${!var:-}" ]; then - val="${!var}" - elif [ "${!fileVar:-}" ]; then - val="$(< "${!fileVar}")" - fi - export "$var"="$val" - unset "$fileVar" -} - -if [[ "$1" == apache2* ]] || [ "$1" == php-fpm ]; then - if [ "$(id -u)" = '0' ]; then - case "$1" in - apache2*) - user="${APACHE_RUN_USER:-www-data}" - group="${APACHE_RUN_GROUP:-www-data}" - - # strip off any '#' symbol ('#1000' is valid syntax for Apache) - pound='#' - user="${user#$pound}" - group="${group#$pound}" - ;; - *) # php-fpm - user='www-data' - group='www-data' - ;; - esac - else - user="$(id -u)" - group="$(id -g)" - fi - - if [ ! -d /wordpress ]; then - echo "Please mount a directory at /wordpress where unscrambled wordpress can be saved. " - echo "You may mount an empty directory and it will be auto-populated with WordPress." - exit 1 - fi - cd /wordpress - - if [ ! -e index.php ] && [ ! -e wp-includes/version.php ]; then - # if the directory exists and WordPress doesn't appear to be installed AND the permissions of it are root:root, let's chown it (likely a Docker-created directory) - if [ "$(id -u)" = '0' ] && [ "$(stat -c '%u:%g' .)" = '0:0' ]; then - chown "$user:$group" . - fi - - echo >&2 "WordPress not found in $PWD - copying now..." - if [ -n "$(ls -A)" ]; then - echo >&2 "WARNING: $PWD is not empty! (copying anyhow)" - fi - sourceTarArgs=( - --create - --file - - --one-file-system - --directory /usr/src/wordpress - --owner "$user" --group "$group" - ) - targetTarArgs=( - --extract - --file - - ) - if [ "$user" != '0' ]; then - # avoid "tar: .: Cannot utime: Operation not permitted" and "tar: .: Cannot change mode to rwxr-xr-x: Operation not permitted" - targetTarArgs+=( --no-overwrite-dir ) - fi - tar "${sourceTarArgs[@]}" . | tar "${targetTarArgs[@]}" - echo >&2 "Complete! WordPress has been successfully copied to $PWD" - if [ ! -e .htaccess ]; then - # NOTE: The "Indexes" option is disabled in the php:apache base image - cat > .htaccess <<-'EOF' - # BEGIN WordPress - - RewriteEngine On - RewriteBase / - RewriteRule ^index\.php$ - [L] - RewriteCond %{REQUEST_FILENAME} !-f - RewriteCond %{REQUEST_FILENAME} !-d - RewriteRule . /index.php [L] - - # END WordPress - EOF - chown "$user:$group" .htaccess - fi - fi - - # allow any of these "Authentication Unique Keys and Salts." to be specified via - # environment variables with a "WORDPRESS_" prefix (ie, "WORDPRESS_AUTH_KEY") - uniqueEnvs=( - AUTH_KEY - SECURE_AUTH_KEY - LOGGED_IN_KEY - NONCE_KEY - AUTH_SALT - SECURE_AUTH_SALT - LOGGED_IN_SALT - NONCE_SALT - ) - envs=( - WORDPRESS_DB_HOST - WORDPRESS_DB_USER - WORDPRESS_DB_PASSWORD - WORDPRESS_DB_NAME - WORDPRESS_DB_CHARSET - WORDPRESS_DB_COLLATE - "${uniqueEnvs[@]/#/WORDPRESS_}" - WORDPRESS_TABLE_PREFIX - WORDPRESS_DEBUG - WORDPRESS_CONFIG_EXTRA - ) - haveConfig= - for e in "${envs[@]}"; do - file_env "$e" - if [ -z "$haveConfig" ] && [ -n "${!e}" ]; then - haveConfig=1 - fi - done - - # linking backwards-compatibility - if [ -n "${!MYSQL_ENV_MYSQL_*}" ]; then - haveConfig=1 - # host defaults to "mysql" below if unspecified - : "${WORDPRESS_DB_USER:=${MYSQL_ENV_MYSQL_USER:-root}}" - if [ "$WORDPRESS_DB_USER" = 'root' ]; then - : "${WORDPRESS_DB_PASSWORD:=${MYSQL_ENV_MYSQL_ROOT_PASSWORD:-}}" - else - : "${WORDPRESS_DB_PASSWORD:=${MYSQL_ENV_MYSQL_PASSWORD:-}}" - fi - : "${WORDPRESS_DB_NAME:=${MYSQL_ENV_MYSQL_DATABASE:-}}" - fi - - # only touch "wp-config.php" if we have environment-supplied configuration values - if [ "$haveConfig" ]; then - : "${WORDPRESS_DB_HOST:=mysql}" - : "${WORDPRESS_DB_USER:=root}" - : "${WORDPRESS_DB_PASSWORD:=}" - : "${WORDPRESS_DB_NAME:=wordpress}" - : "${WORDPRESS_DB_CHARSET:=utf8}" - : "${WORDPRESS_DB_COLLATE:=}" - - # version 4.4.1 decided to switch to windows line endings, that breaks our seds and awks - # https://github.com/docker-library/wordpress/issues/116 - # https://github.com/WordPress/WordPress/commit/1acedc542fba2482bab88ec70d4bea4b997a92e4 - sed -ri -e 's/\r$//' wp-config* - - if [ ! -e wp-config.php ]; then - awk ' - /^\/\*.*stop editing.*\*\/$/ && c == 0 { - c = 1 - system("cat") - if (ENVIRON["WORDPRESS_CONFIG_EXTRA"]) { - print "// WORDPRESS_CONFIG_EXTRA" - print ENVIRON["WORDPRESS_CONFIG_EXTRA"] "\n" - } - } - { print } - ' wp-config-sample.php > wp-config.php <<'EOPHP' -// If we're behind a proxy server and using HTTPS, we need to alert WordPress of that fact -// see also http://codex.wordpress.org/Administration_Over_SSL#Using_a_Reverse_Proxy -if (isset($_SERVER['HTTP_X_FORWARDED_PROTO']) && $_SERVER['HTTP_X_FORWARDED_PROTO'] === 'https') { - $_SERVER['HTTPS'] = 'on'; -} - -EOPHP - chown "$user:$group" wp-config.php - elif [ -e wp-config.php ] && [ -n "$WORDPRESS_CONFIG_EXTRA" ] && [[ "$(< wp-config.php)" != *"$WORDPRESS_CONFIG_EXTRA"* ]]; then - # (if the config file already contains the requested PHP code, don't print a warning) - echo >&2 - echo >&2 'WARNING: environment variable "WORDPRESS_CONFIG_EXTRA" is set, but "wp-config.php" already exists' - echo >&2 ' The contents of this variable will _not_ be inserted into the existing "wp-config.php" file.' - echo >&2 ' (see https://github.com/docker-library/wordpress/issues/333 for more details)' - echo >&2 - fi - - # see http://stackoverflow.com/a/2705678/433558 - sed_escape_lhs() { - echo "$@" | sed -e 's/[]\/$*.^|[]/\\&/g' - } - sed_escape_rhs() { - echo "$@" | sed -e 's/[\/&]/\\&/g' - } - php_escape() { - local escaped="$(php -r 'var_export(('"$2"') $argv[1]);' -- "$1")" - if [ "$2" = 'string' ] && [ "${escaped:0:1}" = "'" ]; then - escaped="${escaped//$'\n'/"' + \"\\n\" + '"}" - fi - echo "$escaped" - } - set_config() { - key="$1" - value="$2" - var_type="${3:-string}" - start="(['\"])$(sed_escape_lhs "$key")\2\s*," - end="\);" - if [ "${key:0:1}" = '$' ]; then - start="^(\s*)$(sed_escape_lhs "$key")\s*=" - end=";" - fi - sed -ri -e "s/($start\s*).*($end)$/\1$(sed_escape_rhs "$(php_escape "$value" "$var_type")")\3/" wp-config.php - } - - set_config 'DB_HOST' "$WORDPRESS_DB_HOST" - set_config 'DB_USER' "$WORDPRESS_DB_USER" - set_config 'DB_PASSWORD' "$WORDPRESS_DB_PASSWORD" - set_config 'DB_NAME' "$WORDPRESS_DB_NAME" - set_config 'DB_CHARSET' "$WORDPRESS_DB_CHARSET" - set_config 'DB_COLLATE' "$WORDPRESS_DB_COLLATE" - - for unique in "${uniqueEnvs[@]}"; do - uniqVar="WORDPRESS_$unique" - if [ -n "${!uniqVar}" ]; then - set_config "$unique" "${!uniqVar}" - else - # if not specified, let's generate a random value - currentVal="$(sed -rn -e "s/define\(\s*(([\'\"])$unique\2\s*,\s*)(['\"])(.*)\3\s*\);/\4/p" wp-config.php)" - if [ "$currentVal" = 'put your unique phrase here' ]; then - set_config "$unique" "$(head -c1m /dev/urandom | sha1sum | cut -d' ' -f1)" - fi - fi - done - - if [ "$WORDPRESS_TABLE_PREFIX" ]; then - set_config '$table_prefix' "$WORDPRESS_TABLE_PREFIX" - fi - - if [ "$WORDPRESS_DEBUG" ]; then - set_config 'WP_DEBUG' 1 boolean - fi - - if ! TERM=dumb php -- <<'EOPHP' -connect_error) { - fwrite($stderr, "\n" . 'MySQL Connection Error: (' . $mysql->connect_errno . ') ' . $mysql->connect_error . "\n"); - --$maxTries; - if ($maxTries <= 0) { - exit(1); - } - sleep(3); - } -} while ($mysql->connect_error); - -if (!$mysql->query('CREATE DATABASE IF NOT EXISTS `' . $mysql->real_escape_string($dbName) . '`')) { - fwrite($stderr, "\n" . 'MySQL "CREATE DATABASE" Error: ' . $mysql->error . "\n"); - $mysql->close(); - exit(1); -} - -$mysql->close(); -EOPHP - then - echo >&2 - echo >&2 "WARNING: unable to establish a database connection to '$WORDPRESS_DB_HOST'" - echo >&2 ' continuing anyways (which might have unexpected results)' - echo >&2 - fi - fi - - # now that we're definitely done writing configuration, let's clear out the relevant envrionment variables (so that stray "phpinfo()" calls don't leak secrets from our code) - for e in "${envs[@]}"; do - unset "$e" - done - - if [ -e $POLYSCRIPT_PATH/scramble.sh ]; then - echo "Scrambler script found. Calling it..." - $POLYSCRIPT_PATH/scramble.sh - fi -fi - -if [ -f "/usr/local/bin/s_php" ]; then - rm -rf /usr/local/bin/s_php -fi - -# Get all child processes to send data to us such that we can -# print restarted apache output to stdout - -mkfifo /usr/local/bin/polyscripting/to_main_process - -echo "Forking off dispatcher and running $@..." -/usr/local/bin/polyscripting/dispatch.sh 2323 >& /usr/local/bin/polyscripting/to_main_process & -/usr/local/bin/tini -s -- "$@" >& /usr/local/bin/polyscripting/to_main_process & - -# Infinite wait and print to stdout -echo "Capturing dispatcher and apache output to stdout..." -while true; do cat /usr/local/bin/polyscripting/to_main_process; done diff --git a/php7.2/fpm-alpine/scripts/reset.sh b/php7.2/fpm-alpine/scripts/reset.sh deleted file mode 100755 index 28d5ec5bf4..0000000000 --- a/php7.2/fpm-alpine/scripts/reset.sh +++ /dev/null @@ -1,4 +0,0 @@ -#!/bin/bash -# Copyright (c) 2020 Polyverse Corporation - -cd $PHP_SRC_PATH; make -o ext/phar/phar.php install -k; cd $POLYSCRIPT_PATH; diff --git a/php7.2/fpm-alpine/scripts/scramble.sh b/php7.2/fpm-alpine/scripts/scramble.sh deleted file mode 100755 index fc11ac5459..0000000000 --- a/php7.2/fpm-alpine/scripts/scramble.sh +++ /dev/null @@ -1,79 +0,0 @@ -#!/bin/bash - -if [ "$(ls -A /var/www/html)" ]; then - echo "The directory /var/www/html is non-empty. This is unexpected and dangerous for this container." - echo "This container expects Wordpress (or the PHP app) at location '/wordpress' which will then be" - echo "properly provided at /var/www/html either directly or polyscripted." - echo "" - echo "To avoid destroying your code, aboring this container." - - exit 1 -else - rm -rf /var/www/html -fi - -if [[ "$MODE" == "polyscripted" || -f /polyscripted ]]; then - - echo "===================== POLYSCRIPTING ENABLED ==========================" - if [ -d /wordpress ]; then - echo "Copying /wordpress to /var/www/html to be polyscripted in place..." - echo "This will prevent changes from being saved back to /wordpress, but will protect" - echo "against code injection attacks..." - cp -Rp /wordpress /var/www/temp - fi - - echo "Starting polyscripted WordPress" - cd $POLYSCRIPT_PATH - sed -i "/#mod_allow/a \define( 'DISALLOW_FILE_MODS', true );" /var/www/html/wp-config.php - ./build-scrambled.sh - if [ -f scrambled.json ] && s_php tok-php-transformer.php -p /var/www/temp --replace; then - rm -rf /var/www/html - mv /var/www/temp /var/www/html - echo "Polyscripting enabled." - echo "done" - else - echo "Polyscripting failed." - cp -p /usr/local/bin/s_php /usr/local/bin/php - exit 1 - fi - - echo "Removing /var/www/html/wp-content/uploads (since it was deep-copied)..." - echo "Don't worry it will be mounted properly in a moment." - rm -rf /var/www/html/wp-content/uploads - -else - echo "Polyscripted mode is off. To enable it, either:" - echo " 1. Set the environment variable: MODE=polyscripted" - echo " 2. OR create a file at path: /polyscripted" - - if [ -d $POLYSCRIPT_PATH/vanilla-save ]; then - $POLYSCRIPT_PATH/reset.sh - fi - - # Symlink the mount so it's editable - ln -s /wordpress /var/www/html -fi - -if [ -d /var/www/html/wp-content/uploads ]; then - echo "Directory for uploads /var/www/html/wp-content/uploads exists. Doing nothing." -else - echo "Directory for uploads /var/www/html/wp-content/uploads does not exist. Looking to mount it..." - if [ -d /uploads ]; then - echo "Uploads mounted at /uploads so symlinking that to /var/www/html/wp-content/uploads" - ln -s /uploads /var/www/html/wp-content/uploads - else - if [ ! -d /wordpress/wp-content/uploads ]; then - echo "Creating a directory for uploads at: /wordpress/wp-content/uploads" - mkdir /wordpress/wp-content/uploads - fi - - if [ -d /var/www/html/wp-content/uploads ]; then - echo "/var/www/html/wp-content/uploads exists now." - echo "/wordpress is probably already symlinked to /var/www/html (encapsulating /wordpress/wp-content/uploads with it)" - else - echo "Symlinking /wordpress/wp-content/uploads to /var/www/html/wp-content/uploads for persistent uploads" - ln -s /wordpress/wp-content/uploads /var/www/html/wp-content/uploads - fi - - fi -fi \ No newline at end of file From 5e40977ac20f1d1cf6143dbc22140ea751f8db83 Mon Sep 17 00:00:00 2001 From: Blue Gaston Date: Tue, 6 Apr 2021 12:03:02 -0700 Subject: [PATCH 05/11] test workflow --- php7.2/fpm-alpine/publish-image.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/php7.2/fpm-alpine/publish-image.sh b/php7.2/fpm-alpine/publish-image.sh index 1d25a5776c..eb2f925144 100755 --- a/php7.2/fpm-alpine/publish-image.sh +++ b/php7.2/fpm-alpine/publish-image.sh @@ -12,7 +12,7 @@ echo "Building and Tagging" docker build -t $image:alpine-7.2-$headsha . docker tag $image:alpine-7.2-$headsha $image:alpine-7.2 docker tag $image:alpine-7.2-$headsha $image:alpine-7.2-latest - +docker tag $image:alpine-7.2-$headsha $iamge:latest #Dockerhub Respository if [[ "$1" == "-p" ]]; then echo "Pushing to Docker Hub" From 1188acd0b68a7a4790194f29a8cfaddc0b7bf0ba Mon Sep 17 00:00:00 2001 From: Blue Gaston Date: Tue, 6 Apr 2021 12:15:57 -0700 Subject: [PATCH 06/11] test workflow --- php7.2/fpm-alpine/publish-image.sh | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/php7.2/fpm-alpine/publish-image.sh b/php7.2/fpm-alpine/publish-image.sh index eb2f925144..ad77c4a293 100755 --- a/php7.2/fpm-alpine/publish-image.sh +++ b/php7.2/fpm-alpine/publish-image.sh @@ -8,11 +8,12 @@ echo "Copying scripts into current directory for docker build context..." cp -Rp ../../scripts . echo "Building and Tagging" -#Build and Tage +#Build and Tag docker build -t $image:alpine-7.2-$headsha . docker tag $image:alpine-7.2-$headsha $image:alpine-7.2 docker tag $image:alpine-7.2-$headsha $image:alpine-7.2-latest -docker tag $image:alpine-7.2-$headsha $iamge:latest +docker tag $image:alpine-7.2-$headsha $image:latest + #Dockerhub Respository if [[ "$1" == "-p" ]]; then echo "Pushing to Docker Hub" From a835e239eb7c5263c69431de2a428fb0ff983dfe Mon Sep 17 00:00:00 2001 From: Blue Gaston Date: Sun, 9 May 2021 10:41:05 -0700 Subject: [PATCH 07/11] Add plugin in docker-entrypoint.sh --- php8.0/apache/Dockerfile | 1 + 1 file changed, 1 insertion(+) diff --git a/php8.0/apache/Dockerfile b/php8.0/apache/Dockerfile index 0e65974678..4313633729 100644 --- a/php8.0/apache/Dockerfile +++ b/php8.0/apache/Dockerfile @@ -125,6 +125,7 @@ RUN curl -L -o /usr/local/bin/tini https://github.com/krallin/tini/releases/late WORKDIR $POLYSCRIPT_PATH COPY scripts/* $POLYSCRIPT_PATH/ +RUN mv docker-entrypoint.sh /usr/local/bin # apache2-foreground comes from inherited container's CMD, which we chain ENTRYPOINT ["/usr/local/bin/tini", "-g", "--", "bash", "-c"] From d988eccfee335360ae6bf080f896251b9f6769ba Mon Sep 17 00:00:00 2001 From: Blue Gaston Date: Sun, 9 May 2021 10:41:58 -0700 Subject: [PATCH 08/11] Add plugin in docker-entrypoint.sh --- php7.2/fpm-alpine/publish-image.sh | 1 + scripts/docker-entrypoint.sh | 5 +++++ 2 files changed, 6 insertions(+) diff --git a/php7.2/fpm-alpine/publish-image.sh b/php7.2/fpm-alpine/publish-image.sh index ad77c4a293..ebcc46d082 100755 --- a/php7.2/fpm-alpine/publish-image.sh +++ b/php7.2/fpm-alpine/publish-image.sh @@ -1,4 +1,5 @@ #!/bin/bash + set -e image="polyverse/polyscripted-wordpress" echo "$(date) Obtaining current git sha for tagging the docker image" diff --git a/scripts/docker-entrypoint.sh b/scripts/docker-entrypoint.sh index ca26520981..6a075a6287 100755 --- a/scripts/docker-entrypoint.sh +++ b/scripts/docker-entrypoint.sh @@ -96,6 +96,11 @@ if [[ "$1" == apache2* ]] || [ "$1" == php-fpm ]; then chown "$user:$group" .htaccess fi fi + + if [ ! -e wp-content/plugins/polyscripting-plugin ]; then + #TODO: Pull release. + git clone https://github.com/polyverse/polyscripting-plugin wp-content/plugins/polyscripting-plugin + fi # allow any of these "Authentication Unique Keys and Salts." to be specified via # environment variables with a "WORDPRESS_" prefix (ie, "WORDPRESS_AUTH_KEY") From 584850dfebf82cdcc9e982b003c740e761bd44b1 Mon Sep 17 00:00:00 2001 From: Blue Gaston Date: Sun, 27 Jun 2021 17:54:13 -0700 Subject: [PATCH 09/11] Updated php plugin, added cron --- default.run.config | 11 +++++ php7.4/apache/Dockerfile | 6 ++- php7.4/apache/default.run.config | 5 -- php7.4/apache/run-self-contained.sh | 3 +- php7.4/apache/run.sh | 74 ++++++++++++----------------- php8.0/apache/Dockerfile | 17 ++----- php8.0/apache/run-self-contained.sh | 3 +- php8.0/apache/run.sh | 74 ++++++++++++----------------- scripts/build-scrambled.sh | 17 ++----- scripts/dispatch.sh | 66 ++++++++++++++++++++----- scripts/docker-entrypoint.sh | 29 +++++++---- scripts/scramble.sh | 69 ++++++++++++++++++++------- scripts/wp-incron.sh | 19 ++++++++ 13 files changed, 234 insertions(+), 159 deletions(-) create mode 100644 default.run.config delete mode 100644 php7.4/apache/default.run.config create mode 100755 scripts/wp-incron.sh diff --git a/default.run.config b/default.run.config new file mode 100644 index 0000000000..e5f46d4c3d --- /dev/null +++ b/default.run.config @@ -0,0 +1,11 @@ +#-------------------------CONTAINER CONFIGURATION-------------------------------- +export CONTAINER_NAME=wordpress +export CONTAINER_PORT=80 +export HOST_PORT=8000 +export CONTAINER_ADDRESS="http://localhost:$CONTAINER_PORT" + + +export WORDPRESS_DIR=$PWD/wordpress +export MODE=unpolyscripted + + diff --git a/php7.4/apache/Dockerfile b/php7.4/apache/Dockerfile index 0ae550abec..6f3a1d1495 100644 --- a/php7.4/apache/Dockerfile +++ b/php7.4/apache/Dockerfile @@ -1,4 +1,4 @@ -FROM polyverse/ps-php7.4-apache:latest +FROM polyverse/ps-php7.4-buster-apache:latest # persistent dependencies RUN set -eux; \ @@ -19,7 +19,10 @@ RUN set -ex; \ libfreetype6-dev \ libjpeg-dev \ ncat \ + cron \ + incron \ vim \ + git \ libmagickwand-dev \ libpng-dev \ libzip-dev \ @@ -115,6 +118,7 @@ RUN curl -L -o /usr/local/bin/tini https://github.com/krallin/tini/releases/late WORKDIR $POLYSCRIPT_PATH COPY scripts/* $POLYSCRIPT_PATH/ +RUN mv scramble.sh /usr/local/bin # apache2-foreground comes from inherited container's CMD, which we chain ENTRYPOINT ["/usr/local/bin/tini", "-g", "--", "bash", "-c"] diff --git a/php7.4/apache/default.run.config b/php7.4/apache/default.run.config deleted file mode 100644 index 22a10301fb..0000000000 --- a/php7.4/apache/default.run.config +++ /dev/null @@ -1,5 +0,0 @@ -export WORDPRESSDIR=$PWD/wordpress -export WORDPRESS_DB_HOST=mysql-host -export MODE=unpolyscripted -export WORDPRESS_SQL_DATADIR="$PWD/mysql-data" - diff --git a/php7.4/apache/run-self-contained.sh b/php7.4/apache/run-self-contained.sh index dca4e34101..385950f928 100755 --- a/php7.4/apache/run-self-contained.sh +++ b/php7.4/apache/run-self-contained.sh @@ -5,6 +5,7 @@ echo "Running under mode: $MODE" image="polyverse/polyscripted-wordpress" echo "$(date) Obtaining current git sha for tagging the docker image" headsha=$(git rev-parse --verify HEAD) +php_version=apache-7.4 docker run --name mysql-host -e MYSQL_ROOT_PASSWORD=qwerty -d mysql:5.7 -docker run --rm -e MODE=$MODE --name wordpress -v $PWD/wordpress:/wordpress --link mysql-host:mysql -p 8000:80 $image:apache-7.4-$headsha +docker run --rm -e MODE=$MODE -e CONTAINER_ADDRESS="http://localhost:80" --name wordpress -v $PWD/wordpress:/wordpress --link mysql-host:mysql -p 8000:80 $image:$php_version-$headsha diff --git a/php7.4/apache/run.sh b/php7.4/apache/run.sh index ad0cd8610b..0404aa0038 100755 --- a/php7.4/apache/run.sh +++ b/php7.4/apache/run.sh @@ -1,11 +1,25 @@ #!/bin/bash - - - # 80-character wide dashes for intermittent use # echo "--------------------------------------------------------------------------------" -CONTAINER_NAME=wordpress +php_version=apache-7.4 + +if [[ "$CONTAINER_NAME" == "" ]]; then + echo "No container name env variable found, defaulting to wordpress." + CONTAINER_NAME=wordpress +fi +if [[ "$CONTAINER_PORT" == "" ]]; then + echo "No override container port found, using default exposed port 80." + CONTAINER_PORT=80 +fi +if [[ "$HOST_PORT" == "" ]]; then + echo "No host port env variable found, defaulting to port 8000." + HOST_PORT=8000 +fi +if [[ "$CONTAINER_ADDRESS" == "" ]]; then + echo "Defaulting to localhost for cron." + CONTAINER_ADDRESS="http://localhost:$CONTAINER_PORT" +fi function getContainerHealth { docker inspect --format "{{.State.Health.Status}}" $1 @@ -81,7 +95,7 @@ fi echo "---------------------------WORDPRESS DIRECTORY---------------------------------" -if [[ "$WORDPRESSDIR" == "" ]]; then +if [[ "$WORDPRESS_DIR" == "" ]]; then echo " A Wordpress directory was not specified. Using a default directory" echo " under the current path: $PWD/wordpress." echo "" @@ -91,13 +105,13 @@ if [[ "$WORDPRESSDIR" == "" ]]; then while true; do read -p "Do you wish to use this wordpress directory?" yn case $yn in - [Yy]* ) export WORDPRESSDIR=$PWD/wordpress; break;; + [Yy]* ) export WORDPRESS_DIR=$PWD/wordpress; break;; [Nn]* ) exit;; * ) echo "Please answer yes or no.";; esac done else - echo "Using wordpress installation from directory: $WORDPRESSDIR" + echo "Using wordpress installation from directory: $WORDPRESS_DIR" fi echo "-------------------------WORDPRESS CONFIGURATION--------------------------------" @@ -143,54 +157,26 @@ else echo "Found existing database configuration." fi +echo "-------------------------SYSTEM CRON ----------------------------------------" +echo "For optimization a system cron is utilized for the plugin." +echo "Set CONTAINER_ADDRESS to configure this cron." +echo "To disable cron jobs set WP_DISABLE_CRON and WP_DISABLE_INCRON to true." +echo "" + echo "-------------------------WORDPRESS STARTUP--------------------------------------" echo "$(date) Obtaining current git sha for tagging the docker image" headsha=$(git rev-parse --verify HEAD) -if [[ "$CONTAINERPORT" == "" ]]; then - echo "No override container port found, using default exposed port 80." - CONTAINERPORT=80 -fi -if [[ "$HOSTPORT" == "" ]]; then - echo "No host port env variable found, defaulting to port 8000." - HOSTPORT=8000 -fi -wpcmd="docker run -t -d -e MODE=$MODE --name $CONTAINER_NAME -v $WORDPRESSDIR:/wordpress -p $HOSTPORT:$CONTAINERPORT $wpvarparams $dblink polyverse/polyscripted-wordpress:apache-7.4-$headsha bash" -if [[ "$*" == "-f" ]] -then - echo "YES" -else - echo "NO" -fi -function startBackgroundTasks() { -if [[ $PLUGIN != "true" ]]; then - while true; do - read -p "Do you want to start dispatcher for the polyscripting plugin to allow scrambling from the wordpress plugin?" - case $yn in - [Yy]* ) docker exec -d $CONTAINER_NAME ./dispatch.sh 2323; echo "Set PLUGIN to true to skip this prompt."; break;; - [Nn]* ) echo "To enable dispatcher in the future run: docker exec -d $CONTAINER_NAME ./dispatch.sh 2323; break;;"; break;; - * ) echo "Please answer yes or no.";; - esac - done -else - docker exec -d $CONTAINER_NAME ./dispatch.sh 2323; -fi - echo "Starting apache server inside $CONTAINER_NAME" - docker exec -e MODE=$MODE --workdir /usr/local/bin $CONTAINER_NAME ./docker-entrypoint.sh apache2-foreground; -} +wpcmd="docker run -t -e MODE=$MODE -e CONTAINER_ADDRESS=$CONTAINER_ADDRESS --name $CONTAINER_NAME -v $WORDPRESS_DIR:/wordpress -p $HOST_PORT:$CONTAINER_PORT $wpvarparams $dblink polyverse/polyscripted-wordpress:$php_version-$headsha" function startContainer() { if [[ $(docker ps -aq -f status=exited -f name=$CONTAINER_NAME) ]]; then - echo "Existing container found, but it is stopped. Starting now." - docker start $CONTAINER_NAME - startBackgroundTasks + echo "Existing container found, but it is stopped." + echo "Restart, rename, or delete existing container." elif [[ $(docker ps -q -f status=running -f name=$CONTAINER_NAME) ]]; then echo "Container already running." - echo "To start dispatcher run: 'docker exec -d $CONTAINER_NAME ./dispatch.sh 2323'" - echo "To start apache run: 'docker exec -e MODE=$MODE --workdir /usr/local/bin $CONTAINER_NAME ./docker-entrypoint.sh apache2-foreground;'" else eval $wpcmd; - startBackgroundTasks fi } diff --git a/php8.0/apache/Dockerfile b/php8.0/apache/Dockerfile index 4313633729..f87131fab2 100644 --- a/php8.0/apache/Dockerfile +++ b/php8.0/apache/Dockerfile @@ -1,4 +1,4 @@ -FROM polyverse/ps-php8.0-buster-apache:latest +FROM polyverse/ps-php7.4-buster-apache # persistent dependencies RUN set -eux; \ @@ -19,6 +19,8 @@ RUN set -ex; \ libfreetype6-dev \ libjpeg-dev \ ncat \ + cron \ + incron \ vim \ git \ libmagickwand-dev \ @@ -37,16 +39,7 @@ RUN set -ex; \ opcache \ zip \ ; \ - # Thanks to: https://github.com/Imagick/imagick/issues/331#issuecomment-743271207 - # Enable the line below once it's on PECL - # pecl install imagick-3.4.4; \ - # Until then, we're going to install from source! - cd /opt; \ - git clone https://github.com/Imagick/imagick; \ - cd imagick; \ - phpize && ./configure; \ - make; \ - make install; \ + pecl install imagick-3.4.4; \ docker-php-ext-enable imagick; \ \ # reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies @@ -125,7 +118,7 @@ RUN curl -L -o /usr/local/bin/tini https://github.com/krallin/tini/releases/late WORKDIR $POLYSCRIPT_PATH COPY scripts/* $POLYSCRIPT_PATH/ -RUN mv docker-entrypoint.sh /usr/local/bin +RUN mv scramble.sh /usr/local/bin # apache2-foreground comes from inherited container's CMD, which we chain ENTRYPOINT ["/usr/local/bin/tini", "-g", "--", "bash", "-c"] diff --git a/php8.0/apache/run-self-contained.sh b/php8.0/apache/run-self-contained.sh index 612b3b652d..385950f928 100755 --- a/php8.0/apache/run-self-contained.sh +++ b/php8.0/apache/run-self-contained.sh @@ -5,6 +5,7 @@ echo "Running under mode: $MODE" image="polyverse/polyscripted-wordpress" echo "$(date) Obtaining current git sha for tagging the docker image" headsha=$(git rev-parse --verify HEAD) +php_version=apache-7.4 docker run --name mysql-host -e MYSQL_ROOT_PASSWORD=qwerty -d mysql:5.7 -docker run --rm -e MODE=$MODE --name wordpress -v $PWD/wordpress:/wordpress --link mysql-host:mysql -p 8000:80 $image:apache-8.0-$headsha +docker run --rm -e MODE=$MODE -e CONTAINER_ADDRESS="http://localhost:80" --name wordpress -v $PWD/wordpress:/wordpress --link mysql-host:mysql -p 8000:80 $image:$php_version-$headsha diff --git a/php8.0/apache/run.sh b/php8.0/apache/run.sh index 2743a9f6d4..086f4ea686 100755 --- a/php8.0/apache/run.sh +++ b/php8.0/apache/run.sh @@ -1,11 +1,25 @@ #!/bin/bash - - - # 80-character wide dashes for intermittent use # echo "--------------------------------------------------------------------------------" -CONTAINER_NAME=wordpress +php_version=apache-8.0 + +if [[ "$CONTAINER_NAME" == "" ]]; then + echo "No container name env variable found, defaulting to wordpress." + CONTAINER_NAME=wordpress +fi +if [[ "$CONTAINER_PORT" == "" ]]; then + echo "No override container port found, using default exposed port 80." + CONTAINER_PORT=80 +fi +if [[ "$HOST_PORT" == "" ]]; then + echo "No host port env variable found, defaulting to port 8000." + HOST_PORT=8000 +fi +if [[ "$CONTAINER_ADDRESS" == "" ]]; then + echo "Defaulting to localhost for cron." + CONTAINER_ADDRESS="http://localhost:$CONTAINER_PORT" +fi function getContainerHealth { docker inspect --format "{{.State.Health.Status}}" $1 @@ -81,7 +95,7 @@ fi echo "---------------------------WORDPRESS DIRECTORY---------------------------------" -if [[ "$WORDPRESSDIR" == "" ]]; then +if [[ "$WORDPRESS_DIR" == "" ]]; then echo " A Wordpress directory was not specified. Using a default directory" echo " under the current path: $PWD/wordpress." echo "" @@ -91,13 +105,13 @@ if [[ "$WORDPRESSDIR" == "" ]]; then while true; do read -p "Do you wish to use this wordpress directory?" yn case $yn in - [Yy]* ) export WORDPRESSDIR=$PWD/wordpress; break;; + [Yy]* ) export WORDPRESS_DIR=$PWD/wordpress; break;; [Nn]* ) exit;; * ) echo "Please answer yes or no.";; esac done else - echo "Using wordpress installation from directory: $WORDPRESSDIR" + echo "Using wordpress installation from directory: $WORDPRESS_DIR" fi echo "-------------------------WORDPRESS CONFIGURATION--------------------------------" @@ -143,54 +157,26 @@ else echo "Found existing database configuration." fi +echo "-------------------------SYSTEM CRON ----------------------------------------" +echo "For optimization a system cron is utilized for the plugin." +echo "Set CONTAINER_ADDRESS to configure this cron." +echo "To disable cron jobs set WP_DISABLE_CRON and WP_DISABLE_INCRON to true." +echo "" + echo "-------------------------WORDPRESS STARTUP--------------------------------------" echo "$(date) Obtaining current git sha for tagging the docker image" headsha=$(git rev-parse --verify HEAD) -if [[ "$CONTAINERPORT" == "" ]]; then - echo "No override container port found, using default exposed port 80." - CONTAINERPORT=80 -fi -if [[ "$HOSTPORT" == "" ]]; then - echo "No host port env variable found, defaulting to port 8000." - HOSTPORT=8000 -fi -wpcmd="docker run -t -d -e MODE=$MODE --name $CONTAINER_NAME -v $WORDPRESSDIR:/wordpress -p $HOSTPORT:$CONTAINERPORT $wpvarparams $dblink polyverse/polyscripted-wordpress:apache-8.0-$headsha bash" -if [[ "$*" == "-f" ]] -then - echo "YES" -else - echo "NO" -fi -function startBackgroundTasks() { -if [[ $PLUGIN != "true" ]]; then - while true; do - read -p "Do you want to start dispatcher for the polyscripting plugin to allow scrambling from the wordpress plugin?" - case $yn in - [Yy]* ) docker exec -d $CONTAINER_NAME ./dispatch.sh 2323; echo "Set PLUGIN to true to skip this prompt."; break;; - [Nn]* ) echo "To enable dispatcher in the future run: docker exec -d $CONTAINER_NAME ./dispatch.sh 2323; break;;"; break;; - * ) echo "Please answer yes or no.";; - esac - done -else - docker exec -d $CONTAINER_NAME ./dispatch.sh 2323; -fi - echo "Starting apache server inside $CONTAINER_NAME" - docker exec -e MODE=$MODE --workdir /usr/local/bin $CONTAINER_NAME ./docker-entrypoint.sh apache2-foreground; -} +wpcmd="docker run -t -e MODE=$MODE -e CONTAINER_ADDRESS=$CONTAINER_ADDRESS --name $CONTAINER_NAME -v $WORDPRESS_DIR:/wordpress -p $HOST_PORT:$CONTAINER_PORT $wpvarparams $dblink polyverse/polyscripted-wordpress:$php_version-$headsha" function startContainer() { if [[ $(docker ps -aq -f status=exited -f name=$CONTAINER_NAME) ]]; then - echo "Existing container found, but it is stopped. Starting now." - docker start $CONTAINER_NAME - startBackgroundTasks + echo "Existing container found, but it is stopped." + echo "Restart, rename, or delete existing container." elif [[ $(docker ps -q -f status=running -f name=$CONTAINER_NAME) ]]; then echo "Container already running." - echo "To start dispatcher run: 'docker exec -d $CONTAINER_NAME ./dispatch.sh 2323'" - echo "To start apache run: 'docker exec -e MODE=$MODE --workdir /usr/local/bin $CONTAINER_NAME ./docker-entrypoint.sh apache2-foreground;'" else eval $wpcmd; - startBackgroundTasks fi } diff --git a/scripts/build-scrambled.sh b/scripts/build-scrambled.sh index 020777e800..660b836537 100755 --- a/scripts/build-scrambled.sh +++ b/scripts/build-scrambled.sh @@ -1,14 +1,6 @@ #!/bin/bash # Copyright (c) 2020 Polyverse Corporation -if [ ! -v PHP_EXEC ]; then - PHP_EXEC=/usr/local/bin -fi - -if [ ! -f "${PHP_EXEC}/s_php" ]; then - cp -p $PHP_EXEC/php $PHP_EXEC/s_php -fi - if [ ! -d "${POLYSCRIPT_PATH}/vanilla-save" ]; then mkdir $POLYSCRIPT_PATH/vanilla-save cp -p $PHP_SRC_PATH/Zend/zend_language_scanner.l /usr/local/bin/polyscripting/vanilla-save/zend_language_scanner.l @@ -16,15 +8,16 @@ if [ ! -d "${POLYSCRIPT_PATH}/vanilla-save" ]; then cp -p $PHP_SRC_PATH/ext/phar/phar.php /usr/local/bin/polyscripting/vanilla-save/phar.php fi -$POLYSCRIPT_PATH//php-scrambler +$POLYSCRIPT_PATH/php-scrambler cp -p $PHP_SRC_PATH/ext/phar/phar.php . -$PHP_EXEC/s_php tok-php-transformer.php -p $POLYSCRIPT_PATH//phar.php --replace -mv $POLYSCRIPT_PATH//phar.php $PHP_SRC_PATH/ext/phar/phar.php +$POLYSCRIPT_PATH/s_php tok-php-transformer.php -p $POLYSCRIPT_PATH/phar.php --replace +mv $POLYSCRIPT_PATH/phar.php $PHP_SRC_PATH/ext/phar/phar.php cd $PHP_SRC_PATH; make -o ext/phar/phar.php install -k; cd $POLYSCRIPT_PATH; +touch /usr/local/bin/polyscripting/vanilla-save/* cp -p /usr/local/bin/polyscripting/vanilla-save/zend_language_scanner.l $PHP_SRC_PATH/Zend/zend_language_scanner.l cp -p /usr/local/bin/polyscripting/vanilla-save/zend_language_parser.y $PHP_SRC_PATH/Zend/zend_language_parser.y -cp -p /usr/local/bin/polyscripting/vanilla-save/phar.php $PHP_SRC_PATH/ext/phar/phar.php +cp -p /usr/local/bin/polyscripting/vanilla-save/phar.php $PHP_SRC_PATH/ext/phar/phar.php \ No newline at end of file diff --git a/scripts/dispatch.sh b/scripts/dispatch.sh index 9c6586e4a2..23904fc803 100755 --- a/scripts/dispatch.sh +++ b/scripts/dispatch.sh @@ -3,38 +3,78 @@ test -n "$1" || { echo "$0 "; exit 1; } port=$1 +volume="/wordpress" + +LOGFILE="/var/log/dispatcher-in.logs" + +#Cron job to curl wp-crons -- updated health of container every hour. +if [[ '$WP_DISABLE_CRON' != 'true' ]]; then + (crontab -l 2>/dev/null | grep -v '^[a-zA-Z]'; echo "*/15 * * * * curl $CONTAINER_ADDRESS/wp-cron.php >> /var/log/wp-cron.log 2>&1") | sort - | uniq - | crontab - + echo "Starting Cron job for Polyscripting Plugin" + /etc/init.d/cron start +fi + +#Cron job to watch for mounted volume changes. +if [[ '$WP_DISABLE_INCRON' != 'true' ]]; then + (incrontab -l 2>/dev/null | grep -v '^[a-zA-Z]'; echo "$volume IN_MODIFY,loopable=true /usr/local/bin/polyscripting/wp-incron.sh $port >> /var/log/wp-incron.log 2>&1") | sort - | uniq - | incrontab - + echo "Starting incron job for Polyscripting Plugin" + /etc/init.d/incron start +fi + function poly-dispatcher () { while true ; do read -d ' ' msg + now=$(date +"%T") case $msg in 1 ) - echo "1" >> dispatcher-in.logs + echo "Recieved code 1, scrambling. $now" >> $LOGFILE export MODE=polyscripted ;; 2 ) - echo "2" >> dispatcher-in.logs + echo "Recieved code 2, rescrambling. $now" >> $LOGFILE export MODE=polyscripted ;; 3 ) - echo "3" >> dispatcher-in.logs + echo "Recieved code 3, disabling. $now" + >> $LOGFILE export MODE=off ;; + 4 ) + echo "Recieved code 4, merging. $now" + >> $LOGFILE + if [ "$MODE" == "polyscripted" ]; then + echo "Polyscripting enabled, merging changes from mounted directory." + export MODE=merge + merge='true' + else + echo "Polyscripting not enabled, merge not necessary." + no_action='true' + fi + ;; * ) - err='true' - echo "err" >> dispatcher-in.logs - echo "Commands: 1, scramble; 2, rescramble; 3, reset;" + no_action='true' + echo "err $now" >> $LOGFILE + echo "Commands: 1, scramble; 2, rescramble; 3, merge 4, reset;" echo " ctrl-c to exit" esac - if ! [[ $err = 'true' ]]; then - scramble.sh >& /usr/local/bin/polyscripting/to_main_process - service apache2 stop >& /usr/local/bin/polyscripting/to_main_process - /usr/local/bin/tini -s -- "apache2-foreground" >& /usr/local/bin/polyscripting/to_main_process & - err='false' + if ! [[ $no_action == 'true' ]]; then + echo "Calling scramble script" + scramble.sh -o >& /usr/local/bin/polyscripting/to_main_process + if ! [[ $merge == 'true' ]]; then + echo "Restarting services" + service apache2 stop >& /usr/local/bin/polyscripting/to_main_process + /usr/local/bin/tini -s -- "apache2-foreground" >& /usr/local/bin/polyscripting/to_main_process & + else + echo "Merge complete. Not restarting services." + export MODE=polyscripted + export merge='false' + fi + no_action='false' fi - echo "done" >> dispatcher-in.logs + no_action='false' + echo "Message read complete. Waiting for next." >> $LOGFILE echo -n "> " done - echo "complete" >> dispatcher-in.logs + echo "complete dispatcher process ending." >> $LOGFILE } coproc proc_dispatcher { poly-dispatcher; } nc -v -l -p $port -k <&${proc_dispatcher[0]} >&${proc_dispatcher[1]} + diff --git a/scripts/docker-entrypoint.sh b/scripts/docker-entrypoint.sh index 6a075a6287..c0ca65028f 100755 --- a/scripts/docker-entrypoint.sh +++ b/scripts/docker-entrypoint.sh @@ -98,8 +98,7 @@ if [[ "$1" == apache2* ]] || [ "$1" == php-fpm ]; then fi if [ ! -e wp-content/plugins/polyscripting-plugin ]; then - #TODO: Pull release. - git clone https://github.com/polyverse/polyscripting-plugin wp-content/plugins/polyscripting-plugin + mkdir wp-content/plugins/polyscripting-plugin && curl -sL https://github.com/polyverse/polyscripting-plugin/archive/refs/tags/2.0.tar.gz | tar xvfz - -C wp-content/plugins/polyscripting-plugin --strip-components=1 fi # allow any of these "Authentication Unique Keys and Salts." to be specified via @@ -299,14 +298,26 @@ EOPHP unset "$e" done - if [ -e $POLYSCRIPT_PATH/scramble.sh ]; then - echo "Scrambler script found. Calling it..." - $POLYSCRIPT_PATH/scramble.sh - fi -fi -if [ -f "/usr/local/bin/s_php" ]; then - rm -rf /usr/local/bin/s_php + if [ "$(ls -A /var/www/html)" ]; then + echo "The directory /var/www/html is non-empty. This is unexpected and dangerous for this container." + echo "This container expects Wordpress (or the PHP app) at location '/wordpress' which will then be" + echo "properly provided at /var/www/html either directly or polyscripted." + echo "" + echo "To avoid destroying your code, aboring this container." + + exit 1 + else + rm -rf /var/www/html + fi + echo root >> /etc/incron.allow + scramble.sh + if [ $? -eq 0 ]; then + echo "Scrambler script found & called." + else + echo "Scramble script not found. Failed" + exit 0 + fi fi # Get all child processes to send data to us such that we can diff --git a/scripts/scramble.sh b/scripts/scramble.sh index fc11ac5459..9c7861c5cb 100755 --- a/scripts/scramble.sh +++ b/scripts/scramble.sh @@ -1,15 +1,43 @@ #!/bin/bash -if [ "$(ls -A /var/www/html)" ]; then - echo "The directory /var/www/html is non-empty. This is unexpected and dangerous for this container." - echo "This container expects Wordpress (or the PHP app) at location '/wordpress' which will then be" - echo "properly provided at /var/www/html either directly or polyscripted." - echo "" - echo "To avoid destroying your code, aboring this container." +### LOCK TO ENSURE MULTIPLE SCRAMBLES ARE NOT CALLED SIMULTANEOUSLY ### +exec 100>/var/tmp/scramble.lock || exit 1 +flock -n 100 || exit 1 +trap 'rm -f /var/tmp/scramble.lock' EXIT +### ### ### ### ### ### ### ### ### ### ### ### ### ### ### ### ### + + +for i in "$@" +do +case $i in + --overwrite|-o) + OW=1 + shift # past argument with no value + ;; + *) + ;; +esac +done +if [[ $(ls -A /var/www/html) && $OW -ne 1 ]]; then + echo "The directory /var/www/html is non-empty. This is unexpected and dangerous for this container." + echo "To run this script, pass arugment --overwrite to enable overwriting /var/www/html directory." exit 1 -else - rm -rf /var/www/html +fi + +if [ ! -v PHP_EXEC ]; then + PHP_EXEC=/usr/local/bin +fi + +if [ ! -f "${PHP_EXEC}/s_php" ]; then + $POLYSCRIPT_PATH/reset.sh + cp -p $PHP_EXEC/php $POLYSCRIPT_PATH/s_php +fi + +if [[ "$MODE" == "merge" ]]; then + echo "Merging files only." + export MODE=polyscripted + merge=true fi if [[ "$MODE" == "polyscripted" || -f /polyscripted ]]; then @@ -24,10 +52,15 @@ if [[ "$MODE" == "polyscripted" || -f /polyscripted ]]; then echo "Starting polyscripted WordPress" cd $POLYSCRIPT_PATH - sed -i "/#mod_allow/a \define( 'DISALLOW_FILE_MODS', true );" /var/www/html/wp-config.php - ./build-scrambled.sh - if [ -f scrambled.json ] && s_php tok-php-transformer.php -p /var/www/temp --replace; then - rm -rf /var/www/html + sed -i "/#mod_allow/a \define( 'DISALLOW_FILE_MODS', true );" /var/www/temp/wp-config.php + + if ! [[ "$merge" == 'true' && -f scrambled.json ]] ; then + echo "Build flag found." + ./build-scrambled.sh + fi + + if [ -f scrambled.json ] && ./s_php tok-php-transformer.php -p /var/www/temp --replace; then + rm -rf /var/www/html mv /var/www/temp /var/www/html echo "Polyscripting enabled." echo "done" @@ -46,11 +79,8 @@ else echo " 1. Set the environment variable: MODE=polyscripted" echo " 2. OR create a file at path: /polyscripted" - if [ -d $POLYSCRIPT_PATH/vanilla-save ]; then - $POLYSCRIPT_PATH/reset.sh - fi - # Symlink the mount so it's editable + rm -rf /var/www/html ln -s /wordpress /var/www/html fi @@ -76,4 +106,9 @@ else fi fi -fi \ No newline at end of file +fi + +if [ -f "${POLYSCRIPT_PATH}/s_php" ]; then + rm $POLYSCRIPT_PATH/s_php +fi + diff --git a/scripts/wp-incron.sh b/scripts/wp-incron.sh new file mode 100755 index 0000000000..4619457f20 --- /dev/null +++ b/scripts/wp-incron.sh @@ -0,0 +1,19 @@ +#!/bin/bash +set -e +port=$1 +host='localhost' + + +### LOCK CRON JOB ### +scriptname=$(basename $0) +lock="/var/run/${scriptname}" +exec 201>lock +flock -n 201 || exit 1 +pid=$$ +echo $pid 1>&201 +### LOCK CRON JOB ### + +echo "Modification to wordpress directory caught at: $(date +"%T")" +sleep 30m +echo "Sending merge request at: $(date +"%T")" +echo "4 " | nc $host $port From 543822458013422b9c45669d3519a50d668e8b0b Mon Sep 17 00:00:00 2001 From: Blue Gaston Date: Wed, 27 Oct 2021 11:28:38 -0700 Subject: [PATCH 10/11] fixed imagik issue --- .../build-scrambled.sh => build-scrambled.sh | 0 php8.0/apache/Dockerfile | 124 ++++++++-------- php8.0/apache/dftemp | 136 ++++++++++++++++++ 3 files changed, 202 insertions(+), 58 deletions(-) rename scripts/build-scrambled.sh => build-scrambled.sh (100%) create mode 100644 php8.0/apache/dftemp diff --git a/scripts/build-scrambled.sh b/build-scrambled.sh similarity index 100% rename from scripts/build-scrambled.sh rename to build-scrambled.sh diff --git a/php8.0/apache/Dockerfile b/php8.0/apache/Dockerfile index f87131fab2..f7764360ec 100644 --- a/php8.0/apache/Dockerfile +++ b/php8.0/apache/Dockerfile @@ -1,11 +1,13 @@ -FROM polyverse/ps-php7.4-buster-apache +FROM polyverse/ps-php8.0-buster-apache:latest + +ENV PHP_EXEC=/usr/local/bin # persistent dependencies RUN set -eux; \ apt-get update; \ apt-get install -y --no-install-recommends \ -# Ghostscript is required for rendering PDF previews - ghostscript \ + # Ghostscript is required for rendering PDF previews + ghostscript \ ; \ rm -rf /var/lib/apt/lists/* @@ -16,99 +18,106 @@ RUN set -ex; \ \ apt-get update; \ apt-get install -y --no-install-recommends \ - libfreetype6-dev \ - libjpeg-dev \ - ncat \ - cron \ - incron \ - vim \ - git \ - libmagickwand-dev \ - libpng-dev \ - libzip-dev \ + libfreetype6-dev \ + libjpeg-dev \ + ncat \ + vim \ + git \ + libmagickwand-dev \ + libpng-dev \ + libzip-dev \ ; \ \ php -i; \ docker-php-ext-configure gd --with-freetype --with-jpeg; \ docker-php-ext-install -j "$(nproc)" \ - bcmath \ - exif \ - sockets \ - gd \ - mysqli \ - opcache \ - zip \ + bcmath \ + exif \ + sockets \ + gd \ + mysqli \ + opcache \ + zip \ ; \ - pecl install imagick-3.4.4; \ + # Thanks to: https://github.com/Imagick/imagick/issues/331#issuecomment-743271207 + # Enable the line below once it's on PECL + # pecl install imagick-3.4.4; \ + # Until then, we're going to install from source! + cd /opt; \ + git clone https://github.com/Imagick/imagick; \ + cd imagick; \ + phpize && ./configure; \ + make; \ + make install; \ docker-php-ext-enable imagick; \ \ -# reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies + # reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies apt-mark auto '.*' > /dev/null; \ apt-mark manual $savedAptMark; \ ldd "$(php -r 'echo ini_get("extension_dir");')"/*.so \ - | awk '/=>/ { print $3 }' \ - | sort -u \ - | xargs -r dpkg-query -S \ - | cut -d: -f1 \ - | sort -u \ - | xargs -rt apt-mark manual; \ + | awk '/=>/ { print $3 }' \ + | sort -u \ + | xargs -r dpkg-query -S \ + | cut -d: -f1 \ + | sort -u \ + | xargs -rt apt-mark manual; \ \ rm -rf /var/lib/apt/lists/* # set recommended PHP.ini settings # see https://secure.php.net/manual/en/opcache.installation.php RUN { \ - echo 'opcache.memory_consumption=128'; \ - echo 'opcache.interned_strings_buffer=8'; \ - echo 'opcache.max_accelerated_files=4000'; \ - echo 'opcache.revalidate_freq=2'; \ - echo 'opcache.fast_shutdown=1'; \ + echo 'opcache.memory_consumption=128'; \ + echo 'opcache.interned_strings_buffer=8'; \ + echo 'opcache.max_accelerated_files=4000'; \ + echo 'opcache.revalidate_freq=2'; \ + echo 'opcache.fast_shutdown=1'; \ } > /usr/local/etc/php/conf.d/opcache-recommended.ini # https://wordpress.org/support/article/editing-wp-config-php/#configure-error-logging RUN { \ -# https://www.php.net/manual/en/errorfunc.constants.php -# https://github.com/docker-library/wordpress/issues/420#issuecomment-517839670 - echo 'error_reporting = E_ERROR | E_WARNING | E_PARSE | E_CORE_ERROR | E_CORE_WARNING | E_COMPILE_ERROR | E_COMPILE_WARNING | E_RECOVERABLE_ERROR'; \ - echo 'display_errors = Off'; \ - echo 'display_startup_errors = Off'; \ - echo 'log_errors = On'; \ - echo 'error_log = /dev/stderr'; \ - echo 'log_errors_max_len = 1024'; \ - echo 'ignore_repeated_errors = On'; \ - echo 'ignore_repeated_source = Off'; \ - echo 'html_errors = Off'; \ + # https://www.php.net/manual/en/errorfunc.constants.php + # https://github.com/docker-library/wordpress/issues/420#issuecomment-517839670 + echo 'error_reporting = E_ERROR | E_WARNING | E_PARSE | E_CORE_ERROR | E_CORE_WARNING | E_COMPILE_ERROR | E_COMPILE_WARNING | E_RECOVERABLE_ERROR'; \ + echo 'display_errors = Off'; \ + echo 'display_startup_errors = Off'; \ + echo 'log_errors = On'; \ + echo 'error_log = /dev/stderr'; \ + echo 'log_errors_max_len = 1024'; \ + echo 'ignore_repeated_errors = On'; \ + echo 'ignore_repeated_source = Off'; \ + echo 'html_errors = Off'; \ } > /usr/local/etc/php/conf.d/error-logging.ini RUN set -eux; \ a2enmod rewrite expires; \ \ -# https://httpd.apache.org/docs/2.4/mod/mod_remoteip.html + # https://httpd.apache.org/docs/2.4/mod/mod_remoteip.html a2enmod remoteip; \ { \ - echo 'RemoteIPHeader X-Forwarded-For'; \ -# these IP ranges are reserved for "private" use and should thus *usually* be safe inside Docker - echo 'RemoteIPTrustedProxy 10.0.0.0/8'; \ - echo 'RemoteIPTrustedProxy 172.16.0.0/12'; \ - echo 'RemoteIPTrustedProxy 192.168.0.0/16'; \ - echo 'RemoteIPTrustedProxy 169.254.0.0/16'; \ - echo 'RemoteIPTrustedProxy 127.0.0.0/8'; \ + echo 'RemoteIPHeader X-Forwarded-For'; \ + # these IP ranges are reserved for "private" use and should thus *usually* be safe inside Docker + echo 'RemoteIPTrustedProxy 10.0.0.0/8'; \ + echo 'RemoteIPTrustedProxy 172.16.0.0/12'; \ + echo 'RemoteIPTrustedProxy 192.168.0.0/16'; \ + echo 'RemoteIPTrustedProxy 169.254.0.0/16'; \ + echo 'RemoteIPTrustedProxy 127.0.0.0/8'; \ } > /etc/apache2/conf-available/remoteip.conf; \ a2enconf remoteip; \ -# https://github.com/docker-library/wordpress/issues/383#issuecomment-507886512 -# (replace all instances of "%h" with "%a" in LogFormat) + # https://github.com/docker-library/wordpress/issues/383#issuecomment-507886512 + # (replace all instances of "%h" with "%a" in LogFormat) find /etc/apache2 -type f -name '*.conf' -exec sed -ri 's/([[:space:]]*LogFormat[[:space:]]+"[^"]*)%h([^"]*")/\1%a\2/g' '{}' + # Keep compiled layer up top so it is reused when scripts are modified. WORKDIR $PHP_SRC_PATH RUN make install -ENV WORDPRESS_VERSION 5.6 -ENV WORDPRESS_SHA1 db8b75bfc9de27490434b365c12fd805ca6784ce +ENV WORDPRESS_VERSION 5.7.2 +ENV WORDPRESS_SHA1 c97c037d942e974eb8524213a505268033aff6c8 RUN set -ex; \ curl -o wordpress.tar.gz -fSL "https://wordpress.org/wordpress-${WORDPRESS_VERSION}.tar.gz"; \ echo "$WORDPRESS_SHA1 *wordpress.tar.gz" | sha1sum -c -; \ -# upstream tarballs include ./wordpress/ so this gives us /usr/src/wordpress + # upstream tarballs include ./wordpress/ so this gives us /usr/src/wordpress tar -xzf wordpress.tar.gz -C /usr/src/; \ rm wordpress.tar.gz; \ chown -R www-data:www-data /usr/src/wordpress @@ -118,7 +127,6 @@ RUN curl -L -o /usr/local/bin/tini https://github.com/krallin/tini/releases/late WORKDIR $POLYSCRIPT_PATH COPY scripts/* $POLYSCRIPT_PATH/ -RUN mv scramble.sh /usr/local/bin # apache2-foreground comes from inherited container's CMD, which we chain ENTRYPOINT ["/usr/local/bin/tini", "-g", "--", "bash", "-c"] diff --git a/php8.0/apache/dftemp b/php8.0/apache/dftemp new file mode 100644 index 0000000000..c68794c455 --- /dev/null +++ b/php8.0/apache/dftemp @@ -0,0 +1,136 @@ +FROM php:8.0-apache + +# persistent dependencies +RUN set -eux; \ + apt-get update; \ + apt-get install -y --no-install-recommends \ +# Ghostscript is required for rendering PDF previews + ghostscript \ + ; \ + rm -rf /var/lib/apt/lists/* + +# install the PHP extensions we need (https://make.wordpress.org/hosting/handbook/handbook/server-environment/#php-extensions) +RUN set -ex; \ + \ + savedAptMark="$(apt-mark showmanual)"; \ + \ + apt-get update; \ + apt-get install -y --no-install-recommends \ + libfreetype6-dev \ + libjpeg-dev \ + ncat \ + cron \ + incron \ + vim \ + git \ + libmagickwand-dev \ + libpng-dev \ + libzip-dev \ + ; \ + \ + php -i; \ + docker-php-ext-configure gd --with-freetype --with-jpeg; \ + docker-php-ext-install -j "$(nproc)" \ + bcmath \ + exif \ + sockets \ + gd \ + mysqli \ + opcache \ + zip \ + ; \ + + # Thanks to: https://github.com/Imagick/imagick/issues/331#issuecomment-743271207 + # Enable the line below once it's on PECL + # pecl install imagick-3.4.4; \ + # Until then, we're going to install from source! + cd /opt; \ + git clone https://github.com/Imagick/imagick; \ + cd imagick; \ + phpize && ./configure; \ + make; \ + make install; \ + docker-php-ext-enable imagick; \ +\ +# reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies + apt-mark auto '.*' > /dev/null; \ + apt-mark manual $savedAptMark; \ + ldd "$(php -r 'echo ini_get("extension_dir");')"/*.so \ + | awk '/=>/ { print $3 }' \ + | sort -u \ + | xargs -r dpkg-query -S \ + | cut -d: -f1 \ + | sort -u \ + | xargs -rt apt-mark manual; \ + \ + rm -rf /var/lib/apt/lists/* + +# set recommended PHP.ini settings +# see https://secure.php.net/manual/en/opcache.installation.php +RUN { \ + echo 'opcache.memory_consumption=128'; \ + echo 'opcache.interned_strings_buffer=8'; \ + echo 'opcache.max_accelerated_files=4000'; \ + echo 'opcache.revalidate_freq=2'; \ + echo 'opcache.fast_shutdown=1'; \ + } > /usr/local/etc/php/conf.d/opcache-recommended.ini +# https://wordpress.org/support/article/editing-wp-config-php/#configure-error-logging +RUN { \ +# https://www.php.net/manual/en/errorfunc.constants.php +# https://github.com/docker-library/wordpress/issues/420#issuecomment-517839670 + echo 'error_reporting = E_ERROR | E_WARNING | E_PARSE | E_CORE_ERROR | E_CORE_WARNING | E_COMPILE_ERROR | E_COMPILE_WARNING | E_RECOVERABLE_ERROR'; \ + echo 'display_errors = Off'; \ + echo 'display_startup_errors = Off'; \ + echo 'log_errors = On'; \ + echo 'error_log = /dev/stderr'; \ + echo 'log_errors_max_len = 1024'; \ + echo 'ignore_repeated_errors = On'; \ + echo 'ignore_repeated_source = Off'; \ + echo 'html_errors = Off'; \ + } > /usr/local/etc/php/conf.d/error-logging.ini + +RUN set -eux; \ + a2enmod rewrite expires; \ + \ +# https://httpd.apache.org/docs/2.4/mod/mod_remoteip.html + a2enmod remoteip; \ + { \ + echo 'RemoteIPHeader X-Forwarded-For'; \ +# these IP ranges are reserved for "private" use and should thus *usually* be safe inside Docker + echo 'RemoteIPTrustedProxy 10.0.0.0/8'; \ + echo 'RemoteIPTrustedProxy 172.16.0.0/12'; \ + echo 'RemoteIPTrustedProxy 192.168.0.0/16'; \ + echo 'RemoteIPTrustedProxy 169.254.0.0/16'; \ + echo 'RemoteIPTrustedProxy 127.0.0.0/8'; \ + } > /etc/apache2/conf-available/remoteip.conf; \ + a2enconf remoteip; \ +# https://github.com/docker-library/wordpress/issues/383#issuecomment-507886512 +# (replace all instances of "%h" with "%a" in LogFormat) + find /etc/apache2 -type f -name '*.conf' -exec sed -ri 's/([[:space:]]*LogFormat[[:space:]]+"[^"]*)%h([^"]*")/\1%a\2/g' '{}' + + +# Keep compiled layer up top so it is reused when scripts are modified. +WORKDIR $PHP_SRC_PATH +#RUN make install + +ENV WORDPRESS_VERSION 5.6 +ENV WORDPRESS_SHA1 db8b75bfc9de27490434b365c12fd805ca6784ce + +RUN set -ex; \ + curl -o wordpress.tar.gz -fSL "https://wordpress.org/wordpress-${WORDPRESS_VERSION}.tar.gz"; \ + echo "$WORDPRESS_SHA1 *wordpress.tar.gz" | sha1sum -c -; \ +# upstream tarballs include ./wordpress/ so this gives us /usr/src/wordpress + tar -xzf wordpress.tar.gz -C /usr/src/; \ + rm wordpress.tar.gz; \ + chown -R www-data:www-data /usr/src/wordpress + +RUN curl -L -o /usr/local/bin/tini https://github.com/krallin/tini/releases/latest/download/tini && \ + chmod a+x /usr/local/bin/tini + +WORKDIR $POLYSCRIPT_PATH +COPY scripts/* $POLYSCRIPT_PATH/ +RUN mv scramble.sh /usr/local/bin + +# apache2-foreground comes from inherited container's CMD, which we chain +ENTRYPOINT ["/usr/local/bin/tini", "-g", "--", "bash", "-c"] +CMD ["$POLYSCRIPT_PATH/docker-entrypoint.sh apache2-foreground"] +EXPOSE 80/tcp From d9ab603419be8098a39b898fa2b46b155252ae1d Mon Sep 17 00:00:00 2001 From: Blue Gaston Date: Wed, 27 Oct 2021 11:30:06 -0700 Subject: [PATCH 11/11] removed file --- php8.0/apache/dftemp | 136 ------------------------------------------- 1 file changed, 136 deletions(-) delete mode 100644 php8.0/apache/dftemp diff --git a/php8.0/apache/dftemp b/php8.0/apache/dftemp deleted file mode 100644 index c68794c455..0000000000 --- a/php8.0/apache/dftemp +++ /dev/null @@ -1,136 +0,0 @@ -FROM php:8.0-apache - -# persistent dependencies -RUN set -eux; \ - apt-get update; \ - apt-get install -y --no-install-recommends \ -# Ghostscript is required for rendering PDF previews - ghostscript \ - ; \ - rm -rf /var/lib/apt/lists/* - -# install the PHP extensions we need (https://make.wordpress.org/hosting/handbook/handbook/server-environment/#php-extensions) -RUN set -ex; \ - \ - savedAptMark="$(apt-mark showmanual)"; \ - \ - apt-get update; \ - apt-get install -y --no-install-recommends \ - libfreetype6-dev \ - libjpeg-dev \ - ncat \ - cron \ - incron \ - vim \ - git \ - libmagickwand-dev \ - libpng-dev \ - libzip-dev \ - ; \ - \ - php -i; \ - docker-php-ext-configure gd --with-freetype --with-jpeg; \ - docker-php-ext-install -j "$(nproc)" \ - bcmath \ - exif \ - sockets \ - gd \ - mysqli \ - opcache \ - zip \ - ; \ - - # Thanks to: https://github.com/Imagick/imagick/issues/331#issuecomment-743271207 - # Enable the line below once it's on PECL - # pecl install imagick-3.4.4; \ - # Until then, we're going to install from source! - cd /opt; \ - git clone https://github.com/Imagick/imagick; \ - cd imagick; \ - phpize && ./configure; \ - make; \ - make install; \ - docker-php-ext-enable imagick; \ -\ -# reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies - apt-mark auto '.*' > /dev/null; \ - apt-mark manual $savedAptMark; \ - ldd "$(php -r 'echo ini_get("extension_dir");')"/*.so \ - | awk '/=>/ { print $3 }' \ - | sort -u \ - | xargs -r dpkg-query -S \ - | cut -d: -f1 \ - | sort -u \ - | xargs -rt apt-mark manual; \ - \ - rm -rf /var/lib/apt/lists/* - -# set recommended PHP.ini settings -# see https://secure.php.net/manual/en/opcache.installation.php -RUN { \ - echo 'opcache.memory_consumption=128'; \ - echo 'opcache.interned_strings_buffer=8'; \ - echo 'opcache.max_accelerated_files=4000'; \ - echo 'opcache.revalidate_freq=2'; \ - echo 'opcache.fast_shutdown=1'; \ - } > /usr/local/etc/php/conf.d/opcache-recommended.ini -# https://wordpress.org/support/article/editing-wp-config-php/#configure-error-logging -RUN { \ -# https://www.php.net/manual/en/errorfunc.constants.php -# https://github.com/docker-library/wordpress/issues/420#issuecomment-517839670 - echo 'error_reporting = E_ERROR | E_WARNING | E_PARSE | E_CORE_ERROR | E_CORE_WARNING | E_COMPILE_ERROR | E_COMPILE_WARNING | E_RECOVERABLE_ERROR'; \ - echo 'display_errors = Off'; \ - echo 'display_startup_errors = Off'; \ - echo 'log_errors = On'; \ - echo 'error_log = /dev/stderr'; \ - echo 'log_errors_max_len = 1024'; \ - echo 'ignore_repeated_errors = On'; \ - echo 'ignore_repeated_source = Off'; \ - echo 'html_errors = Off'; \ - } > /usr/local/etc/php/conf.d/error-logging.ini - -RUN set -eux; \ - a2enmod rewrite expires; \ - \ -# https://httpd.apache.org/docs/2.4/mod/mod_remoteip.html - a2enmod remoteip; \ - { \ - echo 'RemoteIPHeader X-Forwarded-For'; \ -# these IP ranges are reserved for "private" use and should thus *usually* be safe inside Docker - echo 'RemoteIPTrustedProxy 10.0.0.0/8'; \ - echo 'RemoteIPTrustedProxy 172.16.0.0/12'; \ - echo 'RemoteIPTrustedProxy 192.168.0.0/16'; \ - echo 'RemoteIPTrustedProxy 169.254.0.0/16'; \ - echo 'RemoteIPTrustedProxy 127.0.0.0/8'; \ - } > /etc/apache2/conf-available/remoteip.conf; \ - a2enconf remoteip; \ -# https://github.com/docker-library/wordpress/issues/383#issuecomment-507886512 -# (replace all instances of "%h" with "%a" in LogFormat) - find /etc/apache2 -type f -name '*.conf' -exec sed -ri 's/([[:space:]]*LogFormat[[:space:]]+"[^"]*)%h([^"]*")/\1%a\2/g' '{}' + - -# Keep compiled layer up top so it is reused when scripts are modified. -WORKDIR $PHP_SRC_PATH -#RUN make install - -ENV WORDPRESS_VERSION 5.6 -ENV WORDPRESS_SHA1 db8b75bfc9de27490434b365c12fd805ca6784ce - -RUN set -ex; \ - curl -o wordpress.tar.gz -fSL "https://wordpress.org/wordpress-${WORDPRESS_VERSION}.tar.gz"; \ - echo "$WORDPRESS_SHA1 *wordpress.tar.gz" | sha1sum -c -; \ -# upstream tarballs include ./wordpress/ so this gives us /usr/src/wordpress - tar -xzf wordpress.tar.gz -C /usr/src/; \ - rm wordpress.tar.gz; \ - chown -R www-data:www-data /usr/src/wordpress - -RUN curl -L -o /usr/local/bin/tini https://github.com/krallin/tini/releases/latest/download/tini && \ - chmod a+x /usr/local/bin/tini - -WORKDIR $POLYSCRIPT_PATH -COPY scripts/* $POLYSCRIPT_PATH/ -RUN mv scramble.sh /usr/local/bin - -# apache2-foreground comes from inherited container's CMD, which we chain -ENTRYPOINT ["/usr/local/bin/tini", "-g", "--", "bash", "-c"] -CMD ["$POLYSCRIPT_PATH/docker-entrypoint.sh apache2-foreground"] -EXPOSE 80/tcp