helm/cloudypress
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

merge into: helm:main
Branches Tags
helm:main helm:unit helm:testing
helm:0.7.3 helm:0.7.2 helm:0.7.1
...
pull from: helm:testing
Branches Tags
helm:main helm:unit helm:testing
helm:0.7.3 helm:0.7.2 helm:0.7.1

15 Commits
main ... testing

Author SHA1 Message Date
Lars Scheibling
4ee88fd2e9 Update .gitlab-ci.yml 2023-04-26 10:46:40 +02:00
Lars Scheibling
3d08d4b1e3 Update values.yaml 2023-04-26 10:45:40 +02:00
Lars Scheibling
0c2bde824f Update .gitlab-ci.yml, Chart/Chart.yaml 2023-04-26 10:41:02 +02:00
Lars Scheibling
38488999b9 Update Chart/templates/configmap.yaml 2023-04-26 10:37:52 +02:00
Lars Scheibling
231a6acbd7 Update .gitlab-ci.yml, Chart/values.yaml, Chart/templates/configmap.yaml, Chart/templates/persistentvolume.yaml, Chart/templates/persistentvolumeclaim.yaml, Chart/Chart.yaml 2023-04-25 14:30:40 +02:00
Lars Scheibling
d7aba60eb3 Merge branch 'unit' into 'testing' 
Unit

See merge request helm/wordpress-hosting!1
 2023-04-25 14:24:21 +02:00
Lars Scheibling
9f414dde5d Fixed bug with FORCE_THEME_NAME 2023-04-18 15:32:45 +00:00
Lars Scheibling
ac4583339e Added redirect from wp-admin to wp/wp-admin 2023-04-17 21:46:01 +00:00
Lars Scheibling
a3bd5334f1 Added option to force theme name 2023-04-17 19:51:28 +00:00
Lars Scheibling
6f8f678288 Fixed duplicate setting field issue 2023-04-15 21:18:51 +00:00
Lars Scheibling
fc1e7a71b2 Added unit config file to container 2023-04-15 21:09:06 +00:00
Lars Scheibling
54fdb529f8 Fixed fsGroup and user ID for Unit 2023-04-15 20:03:29 +00:00
Lars Scheibling
269d9f5550 Typo in image tag reference in deployment 2023-04-15 19:54:07 +00:00
Lars Scheibling
266cbc4afb Switched to Nhinx Unit 2023-04-15 19:32:48 +00:00
Lars Scheibling
d4592ecd65 Created new chart for nginx unit deployments 2023-04-06 15:54:10 +00:00
7 changed files with 145 additions and 242 deletions
Expand all files Collapse all files

2
.gitlab-ci.yml
View File

@@ -1,5 +1,5 @@
variables: variables:
HELM_CHART_VERSION: "0.7.1" HELM_CHART_VERSION: "0.0.3"
stages: stages:
- deploy - deploy

6
Chart/Chart.yaml
View File

@@ -1,6 +1,6 @@
apiVersion: v2 apiVersion: v2
name: cloudypress name: cloudypress
description: A helm chart for deploying Wordpress on Cloudyne Hosting description: Helm chart to deploy Wordpress backed by PHP-CLI and Nginx Unit
type: application type: application
version: "0.7.0" version: "0.0.2"
appVersion: "6.1.1" appVersion: "6.2.0"

334
Chart/templates/configmap.yaml
View File

@@ -28,7 +28,7 @@ data:
SMTP_FROM_NAME: "V3 Customer Mailer" SMTP_FROM_NAME: "V3 Customer Mailer"
{{- end }} {{- end }}
WP_ENV: "production" WP_ENV: "{{ .Values.site.env | default "production" }}"
{{- if .Values.site.overrideMainUrl }} {{- if .Values.site.overrideMainUrl }}
WP_HOME: "https://{{ .Values.site.overrideMainUrl }}" WP_HOME: "https://{{ .Values.site.overrideMainUrl }}"
{{- else }} {{- else }}
@@ -39,13 +39,16 @@ data:
RUN_COMPOSER: 'true' RUN_COMPOSER: 'true'
INSTALL_SITE: {{ .Values.site.init.composerPackage }} INSTALL_SITE: {{ .Values.site.init.composerPackage }}
SET_THEME: {{ .Values.site.init.themeName | default "" }} SET_THEME: {{ .Values.site.init.themeName | default "" }}
{{- if .Values.site.forceThemeName }}
FORCE_THEME_NAME: {{ .Values.site.forceThemeName }}
{{- end }}
{{- end }} {{- end }}
{{- if and .Values.site.init .Values.site.init.content .Values.site.init.content.import }} {{- if and .Values.site.init .Values.site.init.content .Values.site.init.content.import }}
RUN_IMPORTS: 'true' RUN_IMPORTS: 'true'
IMPORT_CONTENT: {{ .Values.site.init.content.url }} IMPORT_CONTENT: {{ .Values.site.init.content.url }}
{{- end }} {{- end }}
{{- if and .Values.site.init .Values.site.init.database .Values.site.init.database.import }} {{- if and .Values.site.init .Values.site.init.database .Values.site.init.database.import }}
RUN_DATABASEIMPORTS: 'true' RUN_DATABASEIMPORTS: 'true'
IMPORT_DATABASE: {{ .Values.site.init.database.url }} IMPORT_DATABASE: {{ .Values.site.init.database.url }}
@@ -64,226 +67,121 @@ metadata:
labels: labels:
{{- include "..labels" . | nindent 8 }} {{- include "..labels" . | nindent 8 }}
data: data:
www.conf: |- unit.json: |-
[www] {
"settings": {
"http": {
{{- if and .Values.global .Values.global.php }} "header_read_timeout": 60,
listen = {{ .Values.global.php.listenAddress | default "127.0.0.1:8123" }} "body_read_timeout": 60,
listen.backlog = {{ .Values.global.php.listenBacklog | default "511" }} "idle_timeout": 60,
"max_body_size": 512111110
pm = {{ .Values.global.php.pmMode | default "ondemand" }}
pm.max_children = {{ .Values.global.php.pmMaxChildren | default "100" }}
pm.process_idle_timeout = {{ .Values.global.php.pmProcessIdle | default "30s" }}
pm.max_requests = {{ .Values.global.php.pmMaxRequests | default "1000" }}
security.limit_extensions = {{ .Values.global.php.limitExtensions | default ".php" }}
php_admin_value[expose_php] = {{ .Values.global.php.exposePHP | default "Off" }}
php_admin_value[short_open_tag] = {{ .Values.global.php.shortOpenTag | default "Off" }}
php_admin_value[disable_functions] = {{ .Values.global.php.disableFunctions | default "exec,passthru,shell_exec,system,proc_open,popen,curl_exec,curl_multi_exec,show_source" }}
php_value[log_errors] = {{ .Values.global.php.logErrors | default "On" }}
php_admin_value[date.timezone] = {{ .Values.customer.timezone | default "Europe/Stockholm" }}
{{- else }}
listen = 127.0.0.1:8123
listen.backlog = 511
pm = ondemand
pm.max_children = 100
pm.process_idle_timeout = 30s
pm.max_requests = 1000
security.limit_extensions = .php
php_admin_value[expose_php] = Off
php_admin_value[short_open_tag] = Off
php_admin_value[disable_functions] = exec,passthru,shell_exec,system,proc_open,popen,curl_exec,curl_multi_exec,show_source
php_value[log_errors] = On
{{- end }}
ping.path = /fpm-ping
listen.allowed_clients = 127.0.0.1
catch_workers_output = yes
php_value[error_log] = /dev/stderr
{{- if .Values.global.php.adminValues }}
{{- range $k, $v := .Values.global.php.adminValues }}
php_admin_value[{{ $k }}] = {{ $v }}
{{- end }}
{{- end }}
nginx.conf: |
worker_processes auto;
error_log stderr warn;
pid /run/nginx/nginx.pid;
{{- if and .Values.global .Values.global.nginx }}
{{ .Values.global.nginx.globalAdditions | default "" }}
{{- end }}
events {
{{- if and .Values.global .Values.global.nginx }}
worker_connections {{ .Values.global.nginx.workerConnections | default "1024" }};
{{ .Values.global.nginx.eventsAdditions | default "" }}
{{- else }}
worker_connections 1024;
{{- end }}
}
http {
include mime.types;
default_type application/octet-stream;
disable_symlinks off;
log_format main_timed '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for" '
'$request_time $upstream_response_time $pipe $upstream_cache_status';
access_log /dev/stdout main_timed;
error_log /dev/stderr notice;
{{- if and .Values.global .Values.global.nginx }}
keepalive_timeout {{ .Values.global.nginx.keepaliveTimeout | default "61" }};
{{- else }}
keepalive_timeout 61;
{{- end }}
client_max_body_size 512m;
client_body_temp_path /tmp/client_temp;
proxy_temp_path /tmp/proxy_temp_path;
fastcgi_temp_path /tmp/fastcgi_temp;
uwsgi_temp_path /tmp/uwsgi_temp;
scgi_temp_path /tmp/scgi_temp;
server {
listen [::]:8080 default_server;
listen 8080 default_server;
server_name _;
{{- if and .Values.global .Values.global.nginx }}
sendfile {{ .Values.global.nginx.sendfile | default "off" }};
tcp_nodelay {{ .Values.global.nginx.tcpNodelay | default "on" }};
absolute_redirect {{ .Values.global.nginx.absoluteRedirects | default "off" }};
{{- else }}
sendfile off;
tcp_nodelay on;
absolute_redirect off;
{{- end }}
{{- if and .Values.site .Values.site.webroot }}
root {{ .Values.site.webroot.path | default "/app/web" }};
index {{ .Values.site.webroot.indexes | default "index.php index.html index.htm" }};
{{- else }}
root /app/web;
index index.php index.html;
{{- end }}
location / {
try_files $uri $uri/ /index.php?q=$uri&$args;
{{- if and .Values.global .Values.global.nginx }}
{{ .Values.global.nginx.rootLocationAdditions | default "" }}
{{- end }}
} }
},
location ~* /app/web/app/uploads/.*.php$ { "listeners": {
deny all; "*:8080": {
"pass": "routes"
} }
},
location ~* /wp-content/uploads/.*.php$ { "routes": [
deny all; {
"action": {
"return": 200
},
"match": {
"uri": [
"/unit-ping",
"/fpm-ping"
]
}
},
{
"action": {
"return": 404
},
"match": {
"uri": [
"/app/uploads/*.php",
"/app/uploads/*.php/*"
]
}
},
{
"action": {
"pass": "applications/php/direct"
},
"match": {
"uri": [
"*.php",
"*.php/*",
"/wp/wp-admin/"
]
}
},
{
"action": {
"return": 302,
"location": "/wp/wp-admin"
},
"match": {
"uri": [
"/wp-admin",
"/wp-admin/*"
]
}
},
{
"action": {
"share": "/app/web$uri",
"fallback": {
"pass": "applications/php/index"
}
}
} }
],
error_page 500 502 503 504 /50x.html; "applications": {
location = /50x.html { "php": {
root /var/lib/nginx/html; "type": "php",
"options": {
"user": {
"display_errors": "0",
"log_errors": "1",
},
"admin": {
{{- if and .Values.global .Values.global.php }}
"expose_php": "{{ .Values.global.php.exposePHP | default "Off" }}",
"short_open_tag": "{{ .Values.global.php.shortOpenTag | default "Off" }}",
"disable_functions": "{{ .Values.global.php.disableFunctions | default "exec,passthru,shell_exec,system,proc_open,popen,show_source" }}",
"log_errors": "{{ .Values.global.php.logErrors | default "On" }}",
"date.timezone": "{{ .Values.customer.timezone | default "Europe/Stockholm" }}",
{{- else }}
"expose_php": "Off",
"short_open_tag": "Off",
"disable_functions": "exec,passthru,shell_exec,system,proc_open,popen,show_source",
"log_errors": "On",
{{- end }}
{{- if .Values.global.php.adminValues }}
{{- range $k, $v := .Values.global.php.adminValues }}
"{{ $k }}": "{{ $v }}",
{{- end }}
{{- else }}
"memory_limit": "512M",
"upload_max_filesize": "512M",
"post_max_size": "512M",
"max_execution_time": "300",
"max_input_time": "300"
{{- end }}
}
},
"targets": {
"direct": {
"root": "/app/web"
},
"index": {
"root": "/app/web",
"script": "index.php"
}
}
} }
location ~ \.php$ {
{{- if and .Values.global .Values.global.nginx }}
fastcgi_buffer_size {{ .Values.global.nginx.fcgiBufferSize | default "128k" }};
fastcgi_buffers {{ .Values.global.nginx.fcgiBuffers | default "4 256k" }};
fastcgi_busy_buffers_size {{ .Values.global.nginx.fcgiBusyBufferSize | default "256k" }};
fastcgi_read_timeout {{ .Values.global.nginx.fcgiReadTimeout | default "300" }};
{{- else }}
fastcgi_buffer_size 128k;
fastcgi_buffers 4 256k;
fastcgi_busy_buffers_size 256k;
fastcgi_read_timeout 300;
{{- end }}
include fastcgi_params;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass 127.0.0.1:8123;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
{{- if and .Values.global .Values.global.nginx }}
{{ .Values.global.nginx.phpLocationAdditions | default "" }}
{{- end }}
}
location ~* \.(jpg|jpeg|webp|gif|png|css|svg|js|ico|xml)$ {
expires 5d;
}
gzip_comp_level 5;
gzip_min_length 256;
gzip_types
application/atom+xml
application/javascript
application/json
application/rss+xml
application/vnd.ms-fontobject
application/x-font-ttf
application/x-font-opentype
application/x-font-truetype
application/x-javascript
application/x-web-app-manifest+json
application/xhtml+xml
application/xml
font/eot
font/opentype
font/otf
image/svg+xml
image/x-icon
image/vnd.microsoft.icon
text/css
text/plain
text/javascript
text/x-component;
gzip_disable "MSIE [1-6]\.(?!.*SV1)";
location ~ /\. {
log_not_found off;
deny all;
}
location ~ ^/(fpm-status|fpm-ping)$ {
access_log off;
allow 127.0.0.1;
deny all;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
fastcgi_pass 127.0.0.1:8123;
}
{{- if and .Values.global .Values.global.nginx }}
{{ .Values.global.nginx.serverAdditions | default "" }}
{{- end }}
} }
proxy_hide_header X-Powered-By;
fastcgi_hide_header X-Powered-By;
server_tokens off;
add_header X-Content-Type-Options nosniff;
add_header X-Frame-Options SAMEORIGIN;
add_header X-XSS-Protection "1; mode=block";
{{- if and .Values.global .Values.global.nginx }}
{{ .Values.global.nginx.httpAdditions }}
{{- end }}
include /etc/nginx/modules/*.conf;
} }

19
Chart/templates/deployment.yaml
View File

@@ -22,7 +22,7 @@ spec:
cloudyne.systems/site: {{ .Values.site.url }} cloudyne.systems/site: {{ .Values.site.url }}
spec: spec:
securityContext: securityContext:
fsGroup: 65534 fsGroup: 101
volumes: volumes:
- name: cloud - name: cloud
persistentVolumeClaim: persistentVolumeClaim:
@@ -38,9 +38,9 @@ spec:
allowPrivilegeEscalation: false allowPrivilegeEscalation: false
runAsUser: 0 runAsUser: 0
{{- if .Values.global }} {{- if .Values.global }}
image: {{ .Values.global.initImage | default "ghcr.io/cloudynes/php-init" }}:{{ .Values.global.imagetag | default "latest" }} image: {{ .Values.global.initImage | default "ghcr.io/cloudynes/php-cd" }}:{{ .Values.global.imageTag | default "latest" }}
{{- else }} {{- else }}
image: ghcr.io/cloudynes/php-init:latest image: ghcr.io/cloudynes/php-cd:latest
{{- end }} {{- end }}
imagePullPolicy: Always imagePullPolicy: Always
volumeMounts: volumeMounts:
@@ -65,22 +65,19 @@ spec:
containers: containers:
- name: wordpress - name: wordpress
securityContext: securityContext:
runAsUser: 65534 runAsUser: 101
{{- if .Values.global }} {{- if .Values.global }}
image: {{ .Values.global.serverImage | default "ghcr.io/cloudynes/php-nginx" }}:{{ .Values.global.imagetag | default "latest" }} image: {{ .Values.global.serverImage | default "ghcr.io/cloudynes/php-unit" }}:{{ .Values.global.imageTag | default "latest" }}
{{- else }} {{- else }}
image: ghcr.io/cloudynes/php-nginx:latest image: ghcr.io/cloudynes/php-unit:latest
{{- end }} {{- end }}
imagePullPolicy: Always imagePullPolicy: Always
volumeMounts: volumeMounts:
- name: local - name: local
mountPath: /app mountPath: /app
- name: serverconfig - name: serverconfig
mountPath: /etc/nginx/nginx.conf mountPath: /docker-entrypoint.d/unit.json
subPath: nginx.conf subPath: unit.json
- name: serverconfig
mountPath: /usr/local/etc/php-fpm.d/www.conf
subPath: www.conf
{{- if and .Values.site .Values.site.storage .Values.site.storage.cloud .Values.site.storage.cloud.folders }} {{- if and .Values.site .Values.site.storage .Values.site.storage.cloud .Values.site.storage.cloud.folders }}
{{- range $v := .Values.site.storage.cloud.folders }} {{- range $v := .Values.site.storage.cloud.folders }}
- name: cloud - name: cloud

2
Chart/templates/persistentvolume.yaml
View File

@@ -35,4 +35,4 @@ spec:
persistentVolumeReclaimPolicy: Retain persistentVolumeReclaimPolicy: Retain
storageClassName: {{ .Values.site.storage.cloud.class }}-retain storageClassName: {{ .Values.site.storage.cloud.class }}-retain
volumeMode: Filesystem volumeMode: Filesystem
--- ---

2
Chart/templates/persistentvolumeclaim.yaml
View File

@@ -19,4 +19,4 @@ spec:
{{- if and .Values.site .Values.site.storage .Values.site.storage.cloud }} {{- if and .Values.site .Values.site.storage .Values.site.storage.cloud }}
storageClassName: {{ .Values.site.storage.cloud.class }}-retain storageClassName: {{ .Values.site.storage.cloud.class }}-retain
{{- end }} {{- end }}

22
Chart/values.yaml
View File

@@ -37,6 +37,8 @@ email: {}
# Website Configuration # Website Configuration
site: site:
env: "development"
# The main URL for the website # The main URL for the website
url: "www.mycustomer.com" url: "www.mycustomer.com"
@@ -46,7 +48,7 @@ site:
# Create sites with another main domain for WP, # Create sites with another main domain for WP,
# but the rest of the components named according to site-tld # but the rest of the components named according to site-tld
# overrideMainUrl: "" overrideMainUrl: ""
# Whether to keep plugins and Wordpress updated # Whether to keep plugins and Wordpress updated
autoUpdate: 'true' autoUpdate: 'true'
@@ -74,6 +76,9 @@ site:
# The name of the theme which the composer package refers to # The name of the theme which the composer package refers to
themeName: "mycustomer-app-theme" themeName: "mycustomer-app-theme"
# If needed, force a change of the theme folder name to conform with site requirements
# forceThemeName: ""
# Optional: Import content to wp-content directory from zip file # Optional: Import content to wp-content directory from zip file
content: {} content: {}
@@ -107,13 +112,13 @@ site:
# Global configuration # Global configuration
global: global:
# Which image to use for the web server # Which image to use for the web server
serverImage: ghcr.io/cloudynes/php-nginx serverImage: ghcr.io/cloudynes/php-unit
# Which image to use for the initialization # Which image to use for the initialization
initImage: ghcr.io/cloudynes/php-init initImage: ghcr.io/cloudynes/php-cd
# The tag to use for the above images # The tag to use for the above images
imageTag: fpm8.0-alpine3.16 imageTag: "8.0"
# The database instance where the database will be provisioned # The database instance where the database will be provisioned
dbInstance: "kincaid" dbInstance: "kincaid"
@@ -130,12 +135,15 @@ global:
limitExtensions: ".php" limitExtensions: ".php"
exposePHP: "Off" exposePHP: "Off"
shortOpenTag": "Off" shortOpenTag": "Off"
disableFunctions: "exec,passthru,shell_exec,system,proc_open,popen,curl_exec,curl_multi_exec,show_source" disableFunctions: "exec,passthru,shell_exec,system,proc_open,popen,show_source"
logErrors: "On" logErrors: "On"
adminValues: adminValues:
upload_max_filesize: "256M" memory_limit: "512M"
post_max_size: "256M" upload_max_filesize: "512M"
post_max_size: "512M"
max_execution_time: "300"
max_input_time: "300"
nginx: nginx:
workerConnections: "1024" workerConnections: "1024"