Merge branch 'develop'

Author: yuriipavlov

Makefile

@@ -70,11 +70,6 @@ pma-up:
 pma-down:
 	docker-compose -f docker-compose.phpmyadmin.yml down -v
 
-# Init backups cron
-.PHONY: backup-init
-backup-init:
-	sudo bash sh/backup/backup-init.sh
-
 # Full docker cleanup
 .PHONY: docker-clean
 docker-clean:

README.MD

@@ -186,7 +186,6 @@ It will up special file `docker-compose.prod.yml` with 80 and your port (most li
 - `make pause` - `docker-compose pause`
 - `make pma-up`
 - `make pma-down`
-- `make backup-init`
 
 ## Structure
 wp-content - docker mounted WordPress wp-content folder, it's your working directory. Add plugins and custom theme here.
@@ -198,7 +197,8 @@ db-data/                  # Database docker mounted volume
 docker/                   # Docker images (Dockerfiles) and additional scripts
 logs/                     # System and wordpress logs
 sh/                       # Bash scripts
-└── backup/               # Backup scripts (crontab, backup-init, start-backup)
+├── env/                  # Operations with environment files 
+└── utils/                # Additional bash utils
 wp-content/               # Docker mounted volume, WordPress wp-content folder
 ├── mu-plugins/           # Must use plugins
 ├── plugins/              # Plugins folder. Add your plugins here
@@ -268,18 +268,13 @@ The system has automatic backups. Launched by a cronjob. By default, daily and w
 
 To activate backups:
 
-1. Edit `./config/environment/.env.type.[environment_type]` file - enable `APP_WP_BACKUP_ENABLE` and check `APP_HOST_SYSTEM_CRON_DIR`
+1. Edit `./config/environment/.env.type.[environment_type]` file - enable `APP_WP_BACKUP_ENABLE`
 
 
-2. Check `./sh/backup/backup-crontab.template` - change cronjob time if it needs.
+2. Check crontab file in `./config/crontabs` - change cronjob time if it needs.
 
 
-3. Run backups init script<sup>[2](#footnote_backup)</sup>:
+3. If you have more than one database (maybe custom databases), check `mysqldump` command parameters in `./docker/cron/start-backup.sh`
 
-```bash
-make backup-init
-```
-
-Backups will appear in the `./backups` folder, logs in `./logs/cron/backup.log`
+Backups will appear in the `./backups` folder, logs in docker cron container logs
 
-<a name="footnote_backup"></a>[2] Need sudo access

config/crontabs/root

@@ -0,0 +1,28 @@
+# This is crontab file. Here you can customize your cron-jobs.
+# Changes will apply after file save. Container restart not need
+#
+
+# * * * * * - time options, see more https://crontab.guru/
+# flock - lock files are used to determine if a script or application is already running
+# >> - append, > renew log file
+# >> /var/log/cron.log 2>&1 - send output to log
+# > /dev/null 2>&1 - send output to black hole
+# 2>&1 redirects the output include both the Standard Error and Standard Out. Look details https://tldp.org/LDP/abs/html/io-redirection.html
+
+# Example
+# * * * * * [flock -n <path-to-lck-file>] <some-command> >> <path-to-log-file> 2>&1
+# * * * * * [flock -n <path-to-lck-file>] <some-command> > /dev/null 2>&1
+
+
+
+# Let's run!
+
+# WordPress cron run by system cron
+*/10 * * * * docker exec ${APP_NAME}_wordpress flock -n /var/log/wordpress/wp-cron.lck php /var/www/html/wp-cron.php >> /var/log/cron.log 2>&1
+
+
+# Backup database and media
+15 3 * * * start-backup.sh daily >> /var/log/cron.log 2>&1
+15 4 * * 1 start-backup.sh weekly >> /var/log/cron.log 2>&1
+
+# An empty line is required at the end of this file for a valid cron file

config/crontabs/www-data

@@ -24,7 +24,7 @@
 
 
 # App info
-APP_NAME=YourAppName
+APP_NAME=your_app_name
 APP_TYPE=wordpress
 
 

config/environment/.env.main

@@ -40,10 +40,8 @@ WP_REDIS_MAXTTL=1
 
 
 # Backup database and media files cron job
-# Edit ./sh/backup/backup-crontab.template file to setup backup time. Changes will apply after backup init
+# Edit file in ./config/crontabs folder to setup backup time
 APP_WP_BACKUP_ENABLE=0
-# Change destination folder to your host crontab directory if it is different
-APP_HOST_SYSTEM_CRON_DIR=/etc/cron.d
 
 
 # wp-login.php Basic Auth protection

config/environment/.env.type.dev

@@ -40,10 +40,8 @@ WP_REDIS_MAXTTL=3600
 
 
 # Backup database and media files cron job
-# Edit ./sh/backup/backup-crontab.template file to setup backup time. Changes will apply after backup init
+# Edit file in ./config/crontabs folder to setup backup time
 APP_WP_BACKUP_ENABLE=1
-# Change destination folder to your host crontab directory if it is different
-APP_HOST_SYSTEM_CRON_DIR=/etc/cron.d
 
 
 # wp-login.php Basic Auth protection

config/environment/.env.type.prod

@@ -40,10 +40,8 @@ WP_REDIS_MAXTTL=3600
 
 
 # Backup database and media files cron job
-# Edit ./sh/backup/backup-crontab.template file to setup backup time. Changes will apply after backup init
+# Edit file in ./config/crontabs folder to setup backup time
 APP_WP_BACKUP_ENABLE=1
-# Change destination folder to your host crontab directory if it is different
-APP_HOST_SYSTEM_CRON_DIR=/etc/cron.d
 
 
 # wp-login.php Basic Auth protection

config/environment/.env.type.stage

@@ -2,7 +2,7 @@
 # Edit .template file to change settings
 
     location ^~ /wp-login.php {
-        auth_basic           "Restricted Area: Look password in .env.secret";
+        auth_basic "Restricted Area";
         auth_basic_user_file /etc/nginx/auth/.wplogin;
 
         include /etc/nginx/conf.d/partials/php.conf;

config/nginx/templates/partials/basic_auth_enable.conf.template

@@ -3,12 +3,25 @@
 
 # Special config for HTTP
 
+# http://www > http://non-www redirect
+server {
+    listen ${APP_PORT};
+    listen [::]:${APP_PORT};
+    server_name www.${APP_DOMAIN};
+
+    include /etc/nginx/conf.d/partials/logs.conf;
+
+    return 301 $scheme://${APP_DOMAIN}$request_uri;
+}
+
 server {
     listen ${APP_PORT};
     listen [::]:${APP_PORT};
-    index index.php;
     server_name ${APP_DOMAIN};
 
+    root /var/www/html;
+    index index.php;
+
     include /etc/nginx/conf.d/partials/logs.conf;
 
     # Check and include Basic Auth config (15-setup-basic-auth.sh)

config/nginx/templates/partials/http.conf.template

@@ -3,27 +3,41 @@
 
 # Special config for HTTPS
 
+# http > https redirect. 80 port should be open
+# http://www > https://non-www redirect
 server {
     listen 80;
     listen [::]:80;
-    server_name ${APP_DOMAIN};
-    return 301 https://${APP_DOMAIN};
+    server_name ${APP_DOMAIN} www.${APP_DOMAIN};
+
+    include /etc/nginx/conf.d/partials/logs.conf;
+
+    return 301 https://${APP_DOMAIN}$request_uri;
 }
 
+# https://www > https://non-www redirect
+server {
+    listen ${APP_PORT} ssl http2;
+    listen [::]:${APP_PORT} ssl http2;
+    server_name www.${APP_DOMAIN};
+
+    include /etc/nginx/conf.d/partials/ssl.conf;
+
+    include /etc/nginx/conf.d/partials/logs.conf;
+
+    return 301 https://${APP_DOMAIN}$request_uri;
+}
+
+# Main directive
 server {
     listen ${APP_PORT} ssl http2;
     listen [::]:${APP_PORT} ssl http2;
-    index index.php;
     server_name ${APP_DOMAIN};
 
-    ssl_certificate /etc/nginx/ssl/${APP_DOMAIN}.crt;
-    ssl_certificate_key /etc/nginx/ssl/${APP_DOMAIN}.key;
-    ssl_protocols TLSv1.2 TLSv1.3;
+    root /var/www/html;
+    index index.php;
 
-    # Recommendations from https://raymii.org/s/tutorials/Strong_SSL_Security_On_nginx.html
-    ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';
-    ssl_prefer_server_ciphers on;
-    ssl_session_cache shared:SSL:10m;
+    include /etc/nginx/conf.d/partials/ssl.conf;
 
     include /etc/nginx/conf.d/partials/logs.conf;
 
@@ -36,4 +50,4 @@ server {
 
     include /etc/nginx/conf.d/partials/static.conf;
 
-}
+}

config/nginx/templates/partials/https.conf.template

@@ -1,8 +1,6 @@
 # Do not edit .conf file, it will override by script.
 # Edit .template file to change settings
 
-    root /var/www/html;
-
     error_log  /var/log/nginx/error.log;
     #access_log /var/log/nginx/access.log;
     access_log  off;

config/nginx/templates/partials/logs.conf.template

@@ -0,0 +1,12 @@
+# Do not edit .conf file, it will override by script.
+# Edit .template file to change settings
+
+    ssl_certificate /etc/nginx/ssl/${APP_DOMAIN}.crt;
+    ssl_certificate_key /etc/nginx/ssl/${APP_DOMAIN}.key;
+
+    ssl_protocols TLSv1.2 TLSv1.3;
+
+    # Recommendations from https://raymii.org/s/tutorials/Strong_SSL_Security_On_nginx.html
+    ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';
+    ssl_prefer_server_ciphers on;
+    ssl_session_cache shared:SSL:10m;

config/nginx/templates/partials/ssl.conf.template

@@ -5,6 +5,7 @@ services:
 
   database:
     image: mariadb:10.5
+    container_name: "${APP_NAME}_database"
     restart: unless-stopped
     env_file: .env
     # Open port only for the host. Need for SSH tunnel to connect to database from SQL Manager like HeidiSQL
@@ -16,9 +17,8 @@ services:
 
   wordpress:
     build: ./docker/wordpress
+    container_name: "${APP_NAME}_wordpress"
     restart: unless-stopped
-    links:
-      - database
     depends_on:
       - database
     env_file: .env
@@ -28,15 +28,11 @@ services:
       - ./wp-content:/var/www/html/wp-content # all needed wp-content folders, uploads should be in .gitignore
       # Debug log
       - ./logs/wordpress:/var/log/wordpress
-      # Cron
-      - ./config/crontabs:/etc/crontabs
-      - ./logs/cron:/var/log/cron
 
   nginx:
     build: ./docker/nginx
+    container_name: "${APP_NAME}_nginx"
     restart: unless-stopped
-    links:
-      - wordpress
     depends_on:
       - database
       - wordpress
@@ -51,7 +47,18 @@ services:
 
   redis:
     image: redis:6.2-alpine
+    container_name: "${APP_NAME}_redis"
+    restart: unless-stopped
+    
+  cron:
+    build: ./docker/cron
+    container_name: "${APP_NAME}_cron"
     restart: unless-stopped
+    env_file: .env
+    volumes:
+      - /var/run/docker.sock:/var/run/docker.sock:ro
+      - ./config/crontabs:/etc/crontabs
+      - ./backups:/srv/wordpress/backups
 
 #volumes:
   #wordpress_core:

docker-compose.yml

@@ -0,0 +1,30 @@
+# Based on https://habr.com/ru/company/redmadrobot/blog/305364/
+# https://github.com/renskiy/cron-docker-image
+# Thanks to renskiy
+
+FROM alpine:3.14
+
+RUN set -ex \
+# Install bash
+    && apk add --no-cache \
+    bash \
+# Install docker-cli only. We need just run `docker exec` command, we do not need 'Docker-in-Docker'
+# https://jpetazzo.github.io/2015/09/03/do-not-use-docker-in-docker-for-ci/
+    docker-cli \
+# Add GNU tar
+    tar \
+# WordPress backups dir
+    && mkdir -p  /srv/wordpress/backups \
+# Cron log dir (ToDo 101 Systematize logs in one place.)
+    && mkdir -p /var/log/cron \
+# making logging pipe
+    && mkfifo -m 0666 /var/log/cron.log \
+    && ln -s /var/log/cron.log /var/log/crond.log
+
+COPY start-cron.sh /usr/local/bin
+RUN chmod +x /usr/local/bin/start-cron.sh
+
+COPY start-backup.sh /usr/local/bin
+RUN chmod +x /usr/local/bin/start-backup.sh
+
+CMD ["start-cron.sh"]