diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index ae44538..10015aa 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -1,5 +1,5 @@ variables: - HELM_CHART_VERSION: "0.7.1" + HELM_CHART_VERSION: "0.8.7" stages: - deploy diff --git a/Chart/Chart.yaml b/Chart/Chart.yaml index 4f7d314..0d7ae6e 100644 --- a/Chart/Chart.yaml +++ b/Chart/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v2 name: cloudypress -description: A helm chart for deploying Wordpress on Cloudyne Hosting +description: Helm chart to deploy Wordpress backed by PHP-CLI and Nginx Unit type: application -version: "0.7.0" -appVersion: "6.1.1" +version: "0.8.7" +appVersion: "6.2.0" diff --git a/Chart/templates/configmap.yaml b/Chart/templates/configmap.yaml index ac80cf3..8ed6d5b 100644 --- a/Chart/templates/configmap.yaml +++ b/Chart/templates/configmap.yaml @@ -39,13 +39,16 @@ data: RUN_COMPOSER: 'true' INSTALL_SITE: {{ .Values.site.init.composerPackage }} SET_THEME: {{ .Values.site.init.themeName | default "" }} + {{- if .Values.site.forceThemeName }} + FORCE_THEME_NAME: {{ .Values.site.forceThemeName }} + {{- end }} {{- end }} {{- if and .Values.site.init .Values.site.init.content .Values.site.init.content.import }} RUN_IMPORTS: 'true' IMPORT_CONTENT: {{ .Values.site.init.content.url }} {{- end }} - + {{- if and .Values.site.init .Values.site.init.database .Values.site.init.database.import }} RUN_DATABASEIMPORTS: 'true' IMPORT_DATABASE: {{ .Values.site.init.database.url }} @@ -64,226 +67,121 @@ metadata: labels: {{- include "..labels" . | nindent 8 }} data: - www.conf: |- - [www] - - - {{- if and .Values.global .Values.global.php }} - listen = {{ .Values.global.php.listenAddress | default "127.0.0.1:8123" }} - listen.backlog = {{ .Values.global.php.listenBacklog | default "511" }} - - pm = {{ .Values.global.php.pmMode | default "ondemand" }} - pm.max_children = {{ .Values.global.php.pmMaxChildren | default "100" }} - pm.process_idle_timeout = {{ .Values.global.php.pmProcessIdle | default "30s" }} - pm.max_requests = {{ .Values.global.php.pmMaxRequests | default "1000" }} - security.limit_extensions = {{ .Values.global.php.limitExtensions | default ".php" }} - php_admin_value[expose_php] = {{ .Values.global.php.exposePHP | default "Off" }} - php_admin_value[short_open_tag] = {{ .Values.global.php.shortOpenTag | default "Off" }} - php_admin_value[disable_functions] = {{ .Values.global.php.disableFunctions | default "exec,passthru,shell_exec,system,proc_open,popen,curl_exec,curl_multi_exec,show_source" }} - php_value[log_errors] = {{ .Values.global.php.logErrors | default "On" }} - php_admin_value[date.timezone] = {{ .Values.customer.timezone | default "Europe/Stockholm" }} - - {{- else }} - - listen = 127.0.0.1:8123 - listen.backlog = 511 - - pm = ondemand - pm.max_children = 100 - pm.process_idle_timeout = 30s - pm.max_requests = 1000 - security.limit_extensions = .php - php_admin_value[expose_php] = Off - php_admin_value[short_open_tag] = Off - php_admin_value[disable_functions] = exec,passthru,shell_exec,system,proc_open,popen,curl_exec,curl_multi_exec,show_source - php_value[log_errors] = On - - {{- end }} - - ping.path = /fpm-ping - listen.allowed_clients = 127.0.0.1 - catch_workers_output = yes - php_value[error_log] = /dev/stderr - - - {{- if .Values.global.php.adminValues }} - {{- range $k, $v := .Values.global.php.adminValues }} - php_admin_value[{{ $k }}] = {{ $v }} - {{- end }} - {{- end }} - - - nginx.conf: | - worker_processes auto; - error_log stderr warn; - pid /run/nginx/nginx.pid; - - {{- if and .Values.global .Values.global.nginx }} - {{ .Values.global.nginx.globalAdditions | default "" }} - {{- end }} - - events { - {{- if and .Values.global .Values.global.nginx }} - worker_connections {{ .Values.global.nginx.workerConnections | default "1024" }}; - {{ .Values.global.nginx.eventsAdditions | default "" }} - {{- else }} - worker_connections 1024; - {{- end }} - } - - http { - include mime.types; - default_type application/octet-stream; - - disable_symlinks off; - - log_format main_timed '$remote_addr - $remote_user [$time_local] "$request" ' - '$status $body_bytes_sent "$http_referer" ' - '"$http_user_agent" "$http_x_forwarded_for" ' - '$request_time $upstream_response_time $pipe $upstream_cache_status'; - - access_log /dev/stdout main_timed; - error_log /dev/stderr notice; - {{- if and .Values.global .Values.global.nginx }} - keepalive_timeout {{ .Values.global.nginx.keepaliveTimeout | default "61" }}; - {{- else }} - keepalive_timeout 61; - {{- end }} - - client_max_body_size 512m; - client_body_temp_path /tmp/client_temp; - proxy_temp_path /tmp/proxy_temp_path; - fastcgi_temp_path /tmp/fastcgi_temp; - uwsgi_temp_path /tmp/uwsgi_temp; - scgi_temp_path /tmp/scgi_temp; - - server { - listen [::]:8080 default_server; - listen 8080 default_server; - server_name _; - {{- if and .Values.global .Values.global.nginx }} - sendfile {{ .Values.global.nginx.sendfile | default "off" }}; - tcp_nodelay {{ .Values.global.nginx.tcpNodelay | default "on" }}; - absolute_redirect {{ .Values.global.nginx.absoluteRedirects | default "off" }}; - {{- else }} - sendfile off; - tcp_nodelay on; - absolute_redirect off; - {{- end }} - - {{- if and .Values.site .Values.site.webroot }} - root {{ .Values.site.webroot.path | default "/app/web" }}; - index {{ .Values.site.webroot.indexes | default "index.php index.html index.htm" }}; - {{- else }} - root /app/web; - index index.php index.html; - {{- end }} - - - location / { - try_files $uri $uri/ /index.php?q=$uri&$args; - {{- if and .Values.global .Values.global.nginx }} - {{ .Values.global.nginx.rootLocationAdditions | default "" }} - {{- end }} - + unit.json: |- + { + "settings": { + "http": { + "header_read_timeout": 60, + "body_read_timeout": 60, + "idle_timeout": 60, + "max_body_size": 512111110 } - - location ~* /app/web/app/uploads/.*.php$ { - deny all; + }, + "listeners": { + "*:8080": { + "pass": "routes" } - - location ~* /wp-content/uploads/.*.php$ { - deny all; + }, + "routes": [ + { + "action": { + "return": 200 + }, + "match": { + "uri": [ + "/unit-ping", + "/fpm-ping" + ] + } + }, + { + "action": { + "return": 404 + }, + "match": { + "uri": [ + "/app/uploads/*.php", + "/app/uploads/*.php/*" + ] + } + }, + { + "action": { + "pass": "applications/php/direct" + }, + "match": { + "uri": [ + "*.php", + "*.php/*", + "/wp/wp-admin/" + ] + } + }, + { + "action": { + "return": 302, + "location": "/wp/wp-admin" + }, + "match": { + "uri": [ + "/wp-admin", + "/wp-admin/*" + ] + } + }, + { + "action": { + "share": "/app/web$uri", + "fallback": { + "pass": "applications/php/index" + } + } } + ], - error_page 500 502 503 504 /50x.html; - location = /50x.html { - root /var/lib/nginx/html; + "applications": { + "php": { + "type": "php", + "options": { + "user": { + "display_errors": "0", + "log_errors": "1", + }, + "admin": { + {{- if and .Values.global .Values.global.php }} + "expose_php": "{{ .Values.global.php.exposePHP | default "Off" }}", + "short_open_tag": "{{ .Values.global.php.shortOpenTag | default "Off" }}", + "disable_functions": "{{ .Values.global.php.disableFunctions | default "exec,passthru,shell_exec,system,proc_open,popen,curl_exec,curl_multi_exec,show_source" }}", + "log_errors": "{{ .Values.global.php.logErrors | default "On" }}", + "date.timezone": "{{ .Values.customer.timezone | default "Europe/Stockholm" }}", + {{- else }} + "expose_php": "Off", + "short_open_tag": "Off", + "disable_functions": "exec,passthru,shell_exec,system,proc_open,popen,curl_exec,curl_multi_exec,show_source", + "log_errors": "On", + {{- end }} + {{- if .Values.global.php.adminValues }} + {{- range $k, $v := .Values.global.php.adminValues }} + "{{ $k }}": "{{ $v }}", + {{- end }} + {{- else }} + "memory_limit": "512M", + "upload_max_filesize": "512M", + "post_max_size": "512M", + "max_execution_time": "300", + "max_input_time": "300" + {{- end }} + } + }, + "targets": { + "direct": { + "root": "/app/web" + }, + "index": { + "root": "/app/web", + "script": "index.php" + } + } } - - location ~ \.php$ { - {{- if and .Values.global .Values.global.nginx }} - fastcgi_buffer_size {{ .Values.global.nginx.fcgiBufferSize | default "128k" }}; - fastcgi_buffers {{ .Values.global.nginx.fcgiBuffers | default "4 256k" }}; - fastcgi_busy_buffers_size {{ .Values.global.nginx.fcgiBusyBufferSize | default "256k" }}; - fastcgi_read_timeout {{ .Values.global.nginx.fcgiReadTimeout | default "300" }}; - {{- else }} - fastcgi_buffer_size 128k; - fastcgi_buffers 4 256k; - fastcgi_busy_buffers_size 256k; - fastcgi_read_timeout 300; - {{- end }} - - include fastcgi_params; - fastcgi_split_path_info ^(.+\.php)(/.+)$; - fastcgi_pass 127.0.0.1:8123; - fastcgi_index index.php; - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - {{- if and .Values.global .Values.global.nginx }} - {{ .Values.global.nginx.phpLocationAdditions | default "" }} - {{- end }} - } - - location ~* \.(jpg|jpeg|webp|gif|png|css|svg|js|ico|xml)$ { - expires 5d; - } - - gzip_comp_level 5; - gzip_min_length 256; - gzip_types - application/atom+xml - application/javascript - application/json - application/rss+xml - application/vnd.ms-fontobject - application/x-font-ttf - application/x-font-opentype - application/x-font-truetype - application/x-javascript - application/x-web-app-manifest+json - application/xhtml+xml - application/xml - font/eot - font/opentype - font/otf - image/svg+xml - image/x-icon - image/vnd.microsoft.icon - text/css - text/plain - text/javascript - text/x-component; - - gzip_disable "MSIE [1-6]\.(?!.*SV1)"; - location ~ /\. { - log_not_found off; - deny all; - } - - location ~ ^/(fpm-status|fpm-ping)$ { - access_log off; - allow 127.0.0.1; - deny all; - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - include fastcgi_params; - fastcgi_pass 127.0.0.1:8123; - } - {{- if and .Values.global .Values.global.nginx }} - {{ .Values.global.nginx.serverAdditions | default "" }} - {{- end }} - } - - proxy_hide_header X-Powered-By; - fastcgi_hide_header X-Powered-By; - server_tokens off; - - add_header X-Content-Type-Options nosniff; - add_header X-Frame-Options SAMEORIGIN; - add_header X-XSS-Protection "1; mode=block"; - {{- if and .Values.global .Values.global.nginx }} - {{ .Values.global.nginx.httpAdditions }} - {{- end }} - - include /etc/nginx/modules/*.conf; } diff --git a/Chart/templates/deployment.yaml b/Chart/templates/deployment.yaml index 84a3071..ad02a29 100644 --- a/Chart/templates/deployment.yaml +++ b/Chart/templates/deployment.yaml @@ -22,7 +22,7 @@ spec: cloudyne.systems/site: {{ .Values.site.url }} spec: securityContext: - fsGroup: 65534 + fsGroup: 101 volumes: - name: cloud persistentVolumeClaim: @@ -38,9 +38,9 @@ spec: allowPrivilegeEscalation: false runAsUser: 0 {{- if .Values.global }} - image: {{ .Values.global.initImage | default "ghcr.io/cloudynes/php-init" }}:{{ .Values.global.imagetag | default "latest" }} + image: {{ .Values.global.initImage | default "ghcr.io/cloudynes/php-cd" }}:{{ .Values.global.imageTag | default "latest" }} {{- else }} - image: ghcr.io/cloudynes/php-init:latest + image: ghcr.io/cloudynes/php-cd:latest {{- end }} imagePullPolicy: Always volumeMounts: @@ -65,22 +65,19 @@ spec: containers: - name: wordpress securityContext: - runAsUser: 65534 + runAsUser: 101 {{- if .Values.global }} - image: {{ .Values.global.serverImage | default "ghcr.io/cloudynes/php-nginx" }}:{{ .Values.global.imagetag | default "latest" }} + image: {{ .Values.global.serverImage | default "ghcr.io/cloudynes/php-unit" }}:{{ .Values.global.imageTag | default "latest" }} {{- else }} - image: ghcr.io/cloudynes/php-nginx:latest + image: ghcr.io/cloudynes/php-unit:latest {{- end }} imagePullPolicy: Always volumeMounts: - name: local mountPath: /app - name: serverconfig - mountPath: /etc/nginx/nginx.conf - subPath: nginx.conf - - name: serverconfig - mountPath: /usr/local/etc/php-fpm.d/www.conf - subPath: www.conf + mountPath: /docker-entrypoint.d/unit.json + subPath: unit.json {{- if and .Values.site .Values.site.storage .Values.site.storage.cloud .Values.site.storage.cloud.folders }} {{- range $v := .Values.site.storage.cloud.folders }} - name: cloud diff --git a/Chart/values.yaml b/Chart/values.yaml index 010a6f2..9716264 100644 --- a/Chart/values.yaml +++ b/Chart/values.yaml @@ -74,6 +74,9 @@ site: # The name of the theme which the composer package refers to themeName: "mycustomer-app-theme" + + # If needed, force a change of the theme folder name to conform with site requirements + # forceThemeName: "" # Optional: Import content to wp-content directory from zip file content: {} @@ -107,13 +110,13 @@ site: # Global configuration global: # Which image to use for the web server - serverImage: ghcr.io/cloudynes/php-nginx + serverImage: ghcr.io/cloudynes/php-unit # Which image to use for the initialization - initImage: ghcr.io/cloudynes/php-init + initImage: ghcr.io/cloudynes/php-cd # The tag to use for the above images - imageTag: fpm8.0-alpine3.16 + imageTag: "8.0" # The database instance where the database will be provisioned dbInstance: "kincaid" @@ -134,8 +137,11 @@ global: logErrors: "On" adminValues: - upload_max_filesize: "256M" - post_max_size: "256M" + memory_limit: "512M" + upload_max_filesize: "512M" + post_max_size: "512M" + max_execution_time: "300" + max_input_time: "300" nginx: workerConnections: "1024"