diff --git a/.gitignore b/.gitignore index a78e0f9..55aa58d 100644 --- a/.gitignore +++ b/.gitignore @@ -1,4 +1,4 @@ -.env +.env-github result result* wordpress diff --git a/Caddyfile b/Caddyfile new file mode 100644 index 0000000..26238fb --- /dev/null +++ b/Caddyfile @@ -0,0 +1,32 @@ +{ + {$CADDY_GLOBAL_OPTIONS} + + frankenphp { + #worker /path/to/your/worker.php + {$FRANKENPHP_CONFIG} + } + + # https://caddyserver.com/docs/caddyfile/directives#sorting-algorithm + order php_server before file_server + order php before file_server + order request_header before wp_cache +} + +{$CADDY_EXTRA_CONFIG} + +## Need to set all hosts with port for the cloud. +# You may not have the hostname being called due to dynamic IPs and load balancers. +# Allowing all hosts on port 80 for health checks, local dev & cases where the hostname is unknown. +{:80} { + @static { + file + path *.ico *.css *.js *.gif *.jpg *.jpeg *.png *.svg *.woff + } + + root * /var/www/html/ + encode br zstd gzip + + {$CADDY_SERVER_EXTRA_DIRECTIVES} + + php_server +} \ No newline at end of file diff --git a/build-and-push.sh b/build-and-push.sh index 229f575..2c737cf 100755 --- a/build-and-push.sh +++ b/build-and-push.sh @@ -3,8 +3,8 @@ set -e # Load environment variables -if [ -f .env ]; then - export $(cat .env | xargs) +if [ -f .env-github ]; then + export $(cat .env-github | xargs) fi # Check if required environment variables are set diff --git a/flake.lock b/flake.lock index b6be346..0136f65 100644 --- a/flake.lock +++ b/flake.lock @@ -20,11 +20,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1725983898, - "narHash": "sha256-4b3A9zPpxAxLnkF9MawJNHDtOOl6ruL0r6Og1TEDGCE=", + "lastModified": 1726243404, + "narHash": "sha256-sjiGsMh+1cWXb53Tecsm4skyFNag33GPbVgCdfj3n9I=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "1355a0cbfeac61d785b7183c0caaec1f97361b43", + "rev": "345c263f2f53a3710abe117f28a5cb86d0ba4059", "type": "github" }, "original": { diff --git a/mu-plugins/loopback.php b/mu-plugins/loopback.php index a6082c2..19c168d 100644 --- a/mu-plugins/loopback.php +++ b/mu-plugins/loopback.php @@ -20,45 +20,42 @@ exit; } -// Define allowed hosts for internal requests -define('WP_ACCESSIBLE_HOSTS', 'localhost,127.0.0.1'); - -// Function to rewrite URLs for internal requests -function rewrite_internal_url($url) { - if ((defined('DOING_AJAX') && DOING_AJAX) || - (defined('REST_REQUEST') && REST_REQUEST) || - wp_doing_cron()) { +// // Function to rewrite URLs for internal requests +// function rewrite_internal_url($url) { +// if ((defined('DOING_AJAX') && DOING_AJAX) || +// (defined('REST_REQUEST') && REST_REQUEST) || +// wp_doing_cron()) { - $site_url = parse_url(get_site_url()); - $url_parts = parse_url($url); +// $site_url = parse_url(get_site_url()); +// $url_parts = parse_url($url); - // Only rewrite if the host matches the site's host - if (isset($url_parts['host']) && $url_parts['host'] === $site_url['host']) { - $url = set_url_scheme($url, 'http'); - $url = str_replace($url_parts['host'], 'localhost', $url); - } - } - return $url; -} +// // Only rewrite if the host matches the site's host +// if (isset($url_parts['host']) && $url_parts['host'] === $site_url['host']) { +// $url = set_url_scheme($url, 'http'); +// $url = str_replace($url_parts['host'], 'localhost', $url); +// } +// } +// return $url; +// } -// Apply URL rewriting to various WordPress URL functions -add_filter('site_url', 'rewrite_internal_url', 10, 1); -add_filter('home_url', 'rewrite_internal_url', 10, 1); -add_filter('admin_url', 'rewrite_internal_url', 10, 1); -add_filter('includes_url', 'rewrite_internal_url', 10, 1); -add_filter('content_url', 'rewrite_internal_url', 10, 1); -add_filter('plugins_url', 'rewrite_internal_url', 10, 1); -add_filter('wp_get_attachment_url', 'rewrite_internal_url', 10, 1); +// // Apply URL rewriting to various WordPress URL functions +// add_filter('site_url', 'rewrite_internal_url', 10, 1); +// add_filter('home_url', 'rewrite_internal_url', 10, 1); +// add_filter('admin_url', 'rewrite_internal_url', 10, 1); +// add_filter('includes_url', 'rewrite_internal_url', 10, 1); +// add_filter('content_url', 'rewrite_internal_url', 10, 1); +// add_filter('plugins_url', 'rewrite_internal_url', 10, 1); +// add_filter('wp_get_attachment_url', 'rewrite_internal_url', 10, 1); -// Force WordPress to use HTTP for loopback requests -add_filter('http_request_args', function($args, $url) { - if (strpos($url, 'localhost') !== false || strpos($url, '127.0.0.1') !== false) { - $args['sslverify'] = false; - $args['curl'][CURLOPT_SSL_VERIFYPEER] = false; - $args['curl'][CURLOPT_SSL_VERIFYHOST] = false; - } - return $args; -}, 10, 2); +// // Force WordPress to use HTTP for loopback requests +// add_filter('http_request_args', function($args, $url) { +// if (strpos($url, 'localhost') !== false || strpos($url, '127.0.0.1') !== false) { +// $args['sslverify'] = false; +// $args['curl'][CURLOPT_SSL_VERIFYPEER] = false; +// $args['curl'][CURLOPT_SSL_VERIFYHOST] = false; +// } +// return $args; +// }, 10, 2); -// Optionally, set the site URL for the REST API -add_filter('rest_url', 'rewrite_internal_url', 10, 1); \ No newline at end of file +// // Optionally, set the site URL for the REST API +// add_filter('rest_url', 'rewrite_internal_url', 10, 1); \ No newline at end of file diff --git a/wordpress.nix b/wordpress.nix index 6c6c14b..33437f4 100644 --- a/wordpress.nix +++ b/wordpress.nix @@ -58,6 +58,7 @@ let intl mbstring openssl + tokenizer zip zlib @@ -76,28 +77,28 @@ let phpBuild = phpWithExtensions.buildEnv { extraConfig = '' ; Memory limits - memory_limit = -1 ; Increased to allow more memory for PHP - max_execution_time = 300 ; Allow longer execution time if needed - max_input_time = 120 ; Extend input processing time + memory_limit = 512M ; Increased to allow more memory for PHP + max_execution_time = 300 ; Allow longer execution time if needed + max_input_time = 120 ; Extend input processing time ; Opcache settings opcache.enable = 1 - opcache.memory_consumption = 128 ; Increase opcache memory to improve script caching - opcache.max_accelerated_files = 20000 ; Higher number of files cached - opcache.interned_strings_buffer = 16 ; Increased for interned strings - opcache.jit_buffer_size = 64M ; Enable JIT with a larger buffer - opcache.jit = tracing ; Enable JIT for tracing mode, which may boost performance - opcache.validate_timestamps = 1 ; Keep enabled to handle dynamic file changes - opcache.revalidate_freq = 60 ; Check for file changes every 60 seconds + opcache.memory_consumption = 128 ; Increase opcache memory to improve script caching + opcache.max_accelerated_files = 20000 ; Higher number of files cached + opcache.interned_strings_buffer = 16 ; Increased for interned strings + opcache.jit_buffer_size = 64M ; Enable JIT with a larger buffer + opcache.jit = tracing ; Enable JIT compilation + opcache.validate_timestamps = 0 ; Keep enabled to handle dynamic file changes + opcache.revalidate_freq = 60 ; Check for file changes every 60 seconds ; Database connection pooling - mysqli.max_persistent = 4 ; Allow more persistent connections for efficiency - mysqli.allow_persistent = 1 ; Enable persistent connections + mysqli.max_persistent = 1 ; Allow more persistent connections for efficiency + mysqli.allow_persistent = 1 ; Enable persistent connections ; Security settings upload_max_filesize = 100M post_max_size = 100M - zend.max_allowed_stack_size = -1 + zend.max_allowed_stack_size = 64M ffi.enable = 1 ''; }; @@ -135,7 +136,7 @@ pkgs.dockerTools.buildLayeredImage { config = { Entrypoint = [ "${pkgs.busybox}/bin/sh" "/docker-entrypoint.sh" ]; - Cmd = [ "${pkgs.lib.getExe frankenphp}" "php-server" "--root" "/var/www/html" "--listen" "0.0.0.0:80" ]; + Cmd = [ "${pkgs.lib.getExe frankenphp}" ]; ExposedPorts = { "80/tcp" = { }; }; @@ -163,6 +164,10 @@ pkgs.dockerTools.buildLayeredImage { mkdir -p tmp chmod 1777 tmp + # copy Caddyfile + mkdir -p etc/caddy + cp ${./Caddyfile} etc/caddy/Caddyfile + # Copy WordPress files mkdir -p var/www/html cp ${./wp-config.php} wp-config.php @@ -175,5 +180,10 @@ pkgs.dockerTools.buildLayeredImage { # Symlink CA certificates ln -s ${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt etc/ssl/certs/ca-certificates.crt + + # Symlink busybox for bash and env + mkdir -p usr/bin + ln -s ${pkgs.busybox}/bin/busybox usr/bin/bash + ln -s ${pkgs.busybox}/bin/busybox usr/bin/env ''; } diff --git a/wp-config.php b/wp-config.php index 48a623b..1ba08e8 100644 --- a/wp-config.php +++ b/wp-config.php @@ -20,7 +20,7 @@ define('NONCE_SALT', getenv('WORDPRESS_NONCE_SALT')); // Debug mode -define('WP_DEBUG', !!getenv('WORDPRESS_DEBUG')); +define('WP_DEBUG', !!getenv('WORDPRESS_DEBUG', '') ); // Extra WordPress configs if ($extra = getenv('WORDPRESS_CONFIG_EXTRA')) { @@ -53,9 +53,16 @@ define('WP_POST_REVISIONS', 5); define('EMPTY_TRASH_DAYS', 7); -// That's all, stop editing! Happy publishing. -if (! defined('ABSPATH')) { - define('ABSPATH', dirname(__FILE__) . '/'); +/* Add any custom values between this line and the "stop editing" line. */ + + + +/* That's all, stop editing! Happy publishing. */ + +/** Absolute path to the WordPress directory. */ +if ( ! defined( 'ABSPATH' ) ) { + define( 'ABSPATH', __DIR__ . '/' ); } -require_once(ABSPATH . 'wp-settings.php'); +/** Sets up WordPress vars and included files. */ +require_once ABSPATH . 'wp-settings.php'; \ No newline at end of file