michi/checkvorteil
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Apache entfernt

Browse Source
This commit is contained in:
michi 2025-06-16 15:22:25 +02:00
parent bfaf77b78b
commit a777a3b1cb
4 changed files with 75 additions and 107 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
.env
View File

@ -31,3 +31,7 @@ BACKUP_SCHEDULE="0 2 * * *"
# Security
WORDPRESS_SALTS_AUTO_GENERATE=true
# Container Settings - EINFACH HALTEN
WORDPRESS_IMAGE=wordpress:latest
PHP_VERSION=8.1

16
Dockerfile
View File

@ -3,10 +3,11 @@ FROM wordpress:6.4-php8.2-apache
# Container Environment Variable
ENV WORDPRESS_CONTAINER=true
# Install additional PHP extensions
# Install additional PHP extensions and tools
RUN apt-get update && apt-get install -y \
libzip-dev \
unzip \
mariadb-client \
&& docker-php-ext-install zip \
&& rm -rf /var/lib/apt/lists/*
@ -18,10 +19,10 @@ RUN curl -O https://raw.githubusercontent.com/wp-cli/wp-cli/master/phar/wp-cli.p
# Copy theme files
COPY . /usr/src/wordpress/wp-content/themes/checkvorteil/
# Set correct permissions
# Set correct permissions for theme
RUN chown -R www-data:www-data /usr/src/wordpress/wp-content/themes/checkvorteil
# Custom Apache configuration
# Copy Apache configuration (if exists)
COPY docker/apache-config.conf /etc/apache2/sites-available/000-default.conf
# Enable Apache modules
@ -31,12 +32,13 @@ RUN a2enmod rewrite headers deflate expires
HEALTHCHECK --interval=30s --timeout=3s --start-period=5s --retries=3 \
CMD curl -f http://localhost/?health=check || exit 1
# Expose port
EXPOSE 80
# Custom entrypoint
# Copy and set up custom entrypoint
COPY docker/entrypoint.sh /usr/local/bin/custom-entrypoint.sh
RUN chmod +x /usr/local/bin/custom-entrypoint.sh
# Expose port
EXPOSE 80
# Use custom entrypoint
ENTRYPOINT ["/usr/local/bin/custom-entrypoint.sh"]
CMD ["apache2-foreground"]

105
docker-compose.yml
View File

@ -2,9 +2,7 @@ version: '3.8'
services:
wordpress:
build:
context: .
dockerfile: Dockerfile
image: wordpress:latest
container_name: checkvorteil-wordpress
restart: unless-stopped
environment:
@ -12,68 +10,20 @@ services:
WORDPRESS_DB_USER: checkvorteil
WORDPRESS_DB_PASSWORD: ${DB_PASSWORD}
WORDPRESS_DB_NAME: checkvorteil_db
WORDPRESS_TABLE_PREFIX: cv_
WORDPRESS_DEBUG: 'false'
WORDPRESS_CONFIG_EXTRA: |
define('WP_MEMORY_LIMIT', '256M');
define('DISALLOW_FILE_EDIT', true);
define('AUTOMATIC_UPDATER_DISABLED', true);
define('WP_AUTO_UPDATE_CORE', false);
define('FORCE_SSL_ADMIN', true);
volumes:
- wordpress_data:/var/www/html
- ./uploads:/var/www/html/wp-content/uploads
- ./logs:/var/log/apache2
- ./:/var/www/html/wp-content/themes/checkvorteil
depends_on:
- db
- redis
networks:
- traefik
labels:
# Traefik Labels für automatisches Routing
- "traefik.enable=true"
- "traefik.docker.network=traefik"
# HTTP Router
- "traefik.http.routers.checkvorteil.rule=Host(`checkvorteil.de`) || Host(`www.checkvorteil.de`)"
- "traefik.http.routers.checkvorteil.entrypoints=web"
- "traefik.http.routers.checkvorteil.middlewares=redirect-to-https"
# HTTPS Router
- "traefik.http.routers.checkvorteil-secure.rule=Host(`checkvorteil.de`) || Host(`www.checkvorteil.de`)"
- "traefik.http.routers.checkvorteil-secure.entrypoints=websecure"
- "traefik.http.routers.checkvorteil-secure.tls=true"
- "traefik.http.routers.checkvorteil-secure.tls.certresolver=letsencrypt"
- "traefik.http.routers.checkvorteil-secure.middlewares=security-headers,compress,rate-limit"
# Service
- "traefik.http.routers.checkvorteil.rule=Host(`checkvorteil.de`)"
- "traefik.http.routers.checkvorteil.entrypoints=websecure"
- "traefik.http.routers.checkvorteil.tls.certresolver=letsencrypt"
- "traefik.http.services.checkvorteil.loadbalancer.server.port=80"
# Middlewares
- "traefik.http.middlewares.redirect-to-https.redirectscheme.scheme=https"
- "traefik.http.middlewares.redirect-to-https.redirectscheme.permanent=true"
# Rate Limiting Middleware
- "traefik.http.middlewares.rate-limit.ratelimit.burst=100"
- "traefik.http.middlewares.rate-limit.ratelimit.period=1m"
# Security Headers Middleware
- "traefik.http.middlewares.security-headers.headers.frameDeny=true"
- "traefik.http.middlewares.security-headers.headers.contentTypeNosniff=true"
- "traefik.http.middlewares.security-headers.headers.browserXssFilter=true"
- "traefik.http.middlewares.security-headers.headers.referrerPolicy=strict-origin-when-cross-origin"
- "traefik.http.middlewares.security-headers.headers.forceSTSHeader=true"
- "traefik.http.middlewares.security-headers.headers.stsSeconds=31536000"
- "traefik.http.middlewares.security-headers.headers.stsIncludeSubdomains=true"
- "traefik.http.middlewares.security-headers.headers.stsPreload=true"
# Compression Middleware
- "traefik.http.middlewares.compress.compress=true"
# Health Check
- "traefik.http.routers.checkvorteil-health.rule=Host(`checkvorteil.de`) && Path(`/health`)"
- "traefik.http.routers.checkvorteil-health.middlewares=health-check"
- "traefik.http.middlewares.health-check.addprefix.prefix=/?health=check"
db:
image: mysql:8.0
@ -84,57 +34,12 @@ services:
MYSQL_USER: checkvorteil
MYSQL_PASSWORD: ${DB_PASSWORD}
MYSQL_ROOT_PASSWORD: ${DB_ROOT_PASSWORD}
MYSQL_CHARACTER_SET_SERVER: utf8mb4
MYSQL_COLLATION_SERVER: utf8mb4_unicode_ci
volumes:
- db_data:/var/lib/mysql
- ./docker/mysql-init:/docker-entrypoint-initdb.d
command: >
--character-set-server=utf8mb4
--collation-server=utf8mb4_unicode_ci
--innodb-buffer-pool-size=256M
--max-connections=100
networks:
- traefik
labels:
- "traefik.enable=false"
redis:
image: redis:7-alpine
container_name: checkvorteil-redis
restart: unless-stopped
command: redis-server --maxmemory 128mb --maxmemory-policy allkeys-lru
volumes:
- redis_data:/data
networks:
- traefik
labels:
- "traefik.enable=false"
backup:
image: mysql:8.0
container_name: checkvorteil-backup
restart: "no"
environment:
MYSQL_HOST: db
MYSQL_USER: checkvorteil
MYSQL_PASSWORD: ${DB_PASSWORD}
MYSQL_DATABASE: checkvorteil_db
volumes:
- ./backups:/backups
- ./docker/backup.sh:/backup.sh
command: /bin/bash /backup.sh
depends_on:
- db
networks:
- traefik
labels:
- "traefik.enable=false"
volumes:
wordpress_data:
db_data:
redis_data:
networks:
traefik:

57
docker/apache-config.conf Normal file
View File

@ -0,0 +1,57 @@
<VirtualHost *:80>
ServerName checkvorteil.de
DocumentRoot /var/www/html
# Enable mod_rewrite for WordPress permalinks
<Directory /var/www/html>
Options Indexes FollowSymLinks
AllowOverride All
Require all granted
</Directory>
# Security headers (zusätzlich zu Traefik)
Header always set X-Content-Type-Options nosniff
Header always set X-Frame-Options SAMEORIGIN
Header always set X-XSS-Protection "1; mode=block"
# Log configuration
ErrorLog /var/log/apache2/error.log
CustomLog /var/log/apache2/access.log combined
# Hide Apache version
ServerTokens Prod
ServerSignature Off
# Disable access to sensitive files
<Files "wp-config.php">
Require all denied
</Files>
<Files ".htaccess">
Require all denied
</Files>
<FilesMatch "\.(log|bak|save|swo|swp|old)$">
Require all denied
</FilesMatch>
# Enable compression for better performance
<IfModule mod_deflate.c>
AddOutputFilterByType DEFLATE text/html text/plain text/xml text/css application/javascript application/json
</IfModule>
# Browser caching
<IfModule mod_expires.c>
ExpiresActive On
ExpiresByType image/jpg "access plus 1 month"
ExpiresByType image/jpeg "access plus 1 month"
ExpiresByType image/gif "access plus 1 month"
ExpiresByType image/png "access plus 1 month"
ExpiresByType text/css "access plus 1 month"
ExpiresByType application/pdf "access plus 1 month"
ExpiresByType text/javascript "access plus 1 month"
ExpiresByType application/javascript "access plus 1 month"
ExpiresByType image/x-icon "access plus 1 year"
ExpiresDefault "access plus 2 days"
</IfModule>
</VirtualHost>