Skip to content

Commit 42032ba

Browse files
author
B&R
committed
fix: Riotkit entrypoint was not set up at all in new installations
1 parent 5d9fb0f commit 42032ba

File tree

3 files changed

+36
-31
lines changed

3 files changed

+36
-31
lines changed

Dockerfile

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -47,7 +47,7 @@ RUN apk --update add nginx apache2-utils rsync less \
4747
&& chown www-data:www-data /var/tmp/nginx/ /var/lib/nginx/tmp/ -R \
4848
&& chmod +x /usr/bin/wp
4949

50-
ADD ./wp-config-sample.php /usr/src/wordpress/wp-config-sample.php
50+
ADD ./wp-config-sample.php /usr/src/wordpress/wp-config.php
5151
ADD ./wp-config-riotkit.php /usr/src/wordpress/wp-config-riotkit.php
5252
ADD ./liveness.php /usr/src/wordpress/liveness.php
5353
ADD ./readiness.php /usr/src/wordpress/readiness.php

container-files/entrypoint.sh

Lines changed: 24 additions & 29 deletions
Original file line numberDiff line numberDiff line change
@@ -7,41 +7,36 @@ gid="$(id -g)"
77
echo " >> UID=${uid}, GID=${gid}"
88

99
if ([ ! -e index.php ] && [ ! -e wp-includes/version.php ]) || [[ "${FORCE_UPGRADE}" == "true" ]]; then
10-
args=( "--exclude" "readme.html" "--exclude" "*.txt" )
10+
args=( "--exclude" "readme.html" "--exclude" "*.txt" "--exclude" "wp-content" )
1111

12-
echo >&2 "WordPress not found in $PWD - copying now..."
12+
echo >&2 " >> WordPress not found in $PWD - copying now..."
1313
if [ -n "$(find -mindepth 1 -maxdepth 1 -not -name wp-content)" ]; then
1414
echo >&2 "WARNING: $PWD is not empty! (copying anyhow)"
1515
fi
1616

17-
if [[ ! -z "$(ls -A /var/www/riotkit/wp-content)" ]]; then
18-
args+=( "--exclude" "wp-content" )
17+
echo >&2 " >> Running rsync, additional args: ${args[@]}"
18+
rsync -av /usr/src/wordpress/* /var/www/riotkit "${args[@]}"
19+
20+
# does not exist OR is empty
21+
if [[ ! -d /var/www/riotkit/wp-content ]] || [[ ! -z "$(ls -A /var/www/riotkit/wp-content)" ]]; then
22+
echo >&2 " >> Syncing wp-content as it does not exists or is empty"
23+
mkdir -p /usr/src/wordpress/wp-content || true
24+
25+
# do not set owner/group/time on a volume mount to avoid non-root permission denied
26+
rsync -av --no-o --no-g --no-t --no-p /usr/src/wordpress/wp-content/* /var/www/riotkit/wp-content
1927
fi
2028

21-
echo "Running rsync, additional args: ${args}"
22-
rsync -av --no-o --no-g --no-t --no-p /usr/src/wordpress/* /var/www/riotkit "${args[@]}"
23-
echo >&2 "Complete! WordPress has been successfully copied to $PWD"
29+
echo >&2 " >> YAY! WordPress has been successfully copied to $PWD"
2430
fi
2531

26-
wpEnvs=( "${!WORDPRESS_@}" )
27-
if [ ! -s wp-config.php ] && [ "${#wpEnvs[@]}" -gt 0 ]; then
28-
for wpConfigDocker in \
29-
wp-config-docker.php \
30-
/usr/src/wordpress/wp-config-docker.php \
31-
; do
32-
if [ -s "$wpConfigDocker" ]; then
33-
echo >&2 "No 'wp-config.php' found in $PWD, but 'WORDPRESS_...' variables supplied; copying '$wpConfigDocker' (${wpEnvs[*]})"
34-
# using "awk" to replace all instances of "put your unique phrase here" with a properly unique string (for AUTH_KEY and friends to have safe defaults if they aren't specified with environment variables)
35-
awk '
36-
/put your unique phrase here/ {
37-
cmd = "head -c1m /dev/urandom | sha1sum | cut -d\\ -f1"
38-
cmd | getline str
39-
close(cmd)
40-
gsub("put your unique phrase here", str)
41-
}
42-
{ print }
43-
' "$wpConfigDocker" > wp-config.php
44-
break
45-
fi
46-
done
47-
fi
32+
echo " >> Filling up wp-config.php"
33+
wpConfigContent=$(cat wp-config.php)
34+
echo "${wpConfigContent}" | awk '
35+
/put your unique phrase here/ {
36+
cmd = "head -c1m /dev/urandom | sha1sum | cut -d\\ -f1"
37+
cmd | getline str
38+
close(cmd)
39+
gsub("put your unique phrase here", str)
40+
}
41+
{ print }
42+
' > wp-config.php

helm/wordpress-hardened/templates/deployment.yaml

Lines changed: 11 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -59,6 +59,10 @@ spec:
5959
tolerations:
6060
{{- toYaml . | nindent 14 }}
6161
{{- end }}
62+
63+
# ================================================================
64+
# Init Container for fixing permissions
65+
# ================================================================
6266
initContainers:
6367
{{ if .Values.chownInitContainer.enabled }}
6468
- name: set-volume-permissions
@@ -72,6 +76,9 @@ spec:
7276
{{ include "wordpress-hardened.mounts" . | nindent 22 }}
7377
{{ end }}
7478
containers:
79+
# ================================================================
80+
# Web Application Firewall (WAF) support
81+
# ================================================================
7582
{{- if .Values.waf.enabled }}
7683
- name: waf-proxy
7784
image: {{ .Values.waf.image.repository }}:{{ .Values.waf.image.tag }}
@@ -125,6 +132,9 @@ spec:
125132
{{- end }}
126133
{{- end }}
127134

135+
# ================================================================
136+
# WordPress container
137+
# ================================================================
128138
- name: app
129139
image: {{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}
130140
imagePullPolicy: Always
@@ -138,7 +148,7 @@ spec:
138148

139149
{{- if not (hasKey .Values.env "WP_PAGE_URL") }}
140150
- name: WP_PAGE_URL
141-
value: "http{{ if eq .Values.wordpress.https "on" }}s{{ end }}://{{ .Values.wordpress.domain }}{{ if not (eq .Values.wordpress.publicPort "443") }}:{{ .Values.wordpress.publicPort }}{{ end }}"
151+
value: "http{{ if eq .Values.wordpress.https "on" }}s{{ end }}://{{ .Values.wordpress.domain }}{{ if not (eq (.Values.wordpress.publicPort | toString) "443") }}:{{ .Values.wordpress.publicPort }}{{ end }}"
142152
{{- end }}
143153

144154
{{- if not (hasKey .Values.env "HEALTH_CHECK_ALLOWED_SUBNET") }}

0 commit comments

Comments
 (0)