#!/bin/bash set -eu readonly WP="/app/code/wp --allow-root --skip-plugins" mkdir -p /run/wordpress/sessions /app/data/wp-snapshots # Detect the wordpress prefix from existing database. This is a bit of a hack because some wordpress plugins # seem to leave the old wp_ tables behind. table_prefix=$(mysql --user=${CLOUDRON_MYSQL_USERNAME} --password=${CLOUDRON_MYSQL_PASSWORD} --host=${CLOUDRON_MYSQL_HOST} ${CLOUDRON_MYSQL_DATABASE} -e 'SHOW TABLES' --batch 2>/dev/null | sed -n 's/\(.*_\)usermeta/\1/p' | grep -v ^wp_ | head -n1) [[ -n "${table_prefix}" ]] || table_prefix="wp_" echo "==> Using table prefix ${table_prefix}" # Settings to be updated on every run. Regenerating salts means users have to relogin sed -e "s/##MYSQL_DATABASE/${CLOUDRON_MYSQL_DATABASE}/" \ -e "s/##MYSQL_USERNAME/${CLOUDRON_MYSQL_USERNAME}/" \ -e "s/##MYSQL_PASSWORD/${CLOUDRON_MYSQL_PASSWORD}/" \ -e "s/##MYSQL_HOST/${CLOUDRON_MYSQL_HOST}:${CLOUDRON_MYSQL_PORT}/" \ -e "s,##APP_ORIGIN,${CLOUDRON_APP_ORIGIN}," \ -e "s/##AUTH_KEY/$(pwgen -1cns 64)/" \ -e "s/##SECURE_AUTH_KEY/$(pwgen -1cns 64)/" \ -e "s/##LOGGED_IN_KEY/$(pwgen -1cns 64)/" \ -e "s/##NONCE_KEY/$(pwgen -1cns 64)/" \ -e "s/##AUTH_SALT/$(pwgen -1cns 64)/" \ -e "s/##SECURE_AUTH_SALT/$(pwgen -1cns 64)/" \ -e "s/##LOGGED_IN_SALT/$(pwgen -1cns 64)/" \ -e "s/##NONCE_SALT/$(pwgen -1cns 64)/" \ -e "s/##TABLE_PREFIX/${table_prefix}/" \ /app/code/wp-config.php.template > /run/wordpress/wp-config.php # sed -i seems to destroy symlink # Generate pre-fork configuration memory_limit=$(cat /sys/fs/cgroup/memory/memory.limit_in_bytes) # this is the RAM. we have equal amount of swap concurrency=$((memory_limit*2/1024/1024/50)) # wp has 40MB limit. 10MB to accomodate some leaks echo "==> Setting max requests to ${concurrency}" sed -e "s/MaxRequestWorkers.*/MaxRequestWorkers ${concurrency}/" /etc/apache2/mods-available/mpm_prefork.conf.template > /run/wordpress/mpm_prefork.conf # Used for wp rewrite touch /app/data/htaccess if [[ ! -f "/app/data/.dbsetup" ]]; then echo "==> Copying wp-content files on first run" mkdir -p /app/data/wp-content/mu-plugins cp -r /app/code/wp-content-vanilla/* /app/data/wp-content/ # note: we cannot delete the admin user in ldap mode because the default posts are assigned to that user admin_password=$([[ -n "${CLOUDRON_LDAP_SERVER:-}" ]] && pwgen -1y 16 || echo "changeme") admin_email="admin@cloudron.local" # --skip-email is part of 0.23.0 https://github.com/wp-cli/wp-cli/pull/2345 and https://github.com/wp-cli/wp-cli/issues/1164 $WP --url="${CLOUDRON_APP_ORIGIN}" --skip-email core install \ --url="${CLOUDRON_APP_ORIGIN}" \ --title="My blog" \ --admin_user=admin \ --admin_password="${admin_password}" \ --admin_email="${admin_email}" echo "==> WP is now installed" # Set default post structure to what most people want # Curiously, installing some plugins prevents .htaccess getting written $WP rewrite structure --hard '/%postname%/' touch "/app/data/.dbsetup" else # Update wordpress echo "==> Updating wordpress database" $WP core update-db fi # install and backup the plugins. mu plugins are a "flat" structure # sadly mu-plugins can still be re-configured, just not uninstallable # We have to do this on every run to get plugin updates if [[ ! -f "/run/wordpress/plugins_unpacked" ]]; then echo "==> Unpacking plugins" # clear the directory, otherwise unzip/mv have to be forced rm -rf /app/data/wp-content/mu-plugins/* rm -f /app/data/wp-content/mu-plugins/disable-updates.php # remove the old plugin we used unzip -d /app/data/wp-content/mu-plugins/ /app/code/disable-wordpress-core-update.zip mv /app/data/wp-content/mu-plugins/disable-wordpress-core-update/* /app/data/wp-content/mu-plugins/ rm -rf /app/data/wp-content/mu-plugins/disable-wordpress-core-update/ unzip -d /app/data/wp-content/mu-plugins/ /app/code/wp-mail-smtp.zip mv /app/data/wp-content/mu-plugins/wp-mail-smtp/* /app/data/wp-content/mu-plugins/ rm -rf /app/data/wp-content/mu-plugins/wp-mail-smtp/ # only install ldap plugin with sso if [[ -n "${CLOUDRON_LDAP_SERVER:-}" ]]; then unzip -d /app/data/wp-content/mu-plugins/ /app/code/authLdap.zip mv /app/data/wp-content/mu-plugins/authLdap-*/* /app/data/wp-content/mu-plugins/ rm -rf /app/data/wp-content/mu-plugins/authLdap-*/ fi touch /run/wordpress/plugins_unpacked else echo "==> Plugins already unpacked from previous run" # restarts fi echo "==> Updating domain related settings" # Note that wp-config already sets WP_HOME and WP_SITEURL and the values in db below are ignored # This is only done for keeping the db dumps more useful $WP option update siteurl "${CLOUDRON_APP_ORIGIN}" $WP option update home "${CLOUDRON_APP_ORIGIN}" # If the user has not changed the email, update it to reflect it any domain change # TODO: remove this after this release if [[ "$($WP option get admin_email)" == *.app@* ]]; then echo "==> Updating admin email since it was unchanged" $WP option update admin_email "admin@cloudron.local" fi # configure WP mail smtp plugin (smtp_user, smtp_pass can be set when supported) echo "==> Configuring smtp mail" $WP option update mailer smtp $WP option update mail_from "${CLOUDRON_MAIL_FROM}" # Let user customize the mail from name if ! $WP option get mail_from_name; then $WP option update mail_from_name WordPress fi $WP option update smtp_host ${CLOUDRON_MAIL_SMTP_SERVER} $WP option update smtp_port ${CLOUDRON_MAIL_SMTP_PORT} $WP option update smtp_auth true $WP option update smtp_user ${CLOUDRON_MAIL_SMTP_USERNAME} $WP option update smtp_pass "${CLOUDRON_MAIL_SMTP_PASSWORD}" if [[ -n "${CLOUDRON_LDAP_SERVER:-}" ]]; then # configure LDAP # https://github.com/heiglandreas/authLdap/blob/master/authLdap.php#L644 # GroupEnable means that cloudron groups are carried over to wp groups # GroupOverUser means that if there is an existing wp group for the user, it won't be overwritten # The above implies that users can override the roles in wordpress and it # doesn't get overwritten on re-login echo "==> Configuring LDAP" ldapConfig=$(cat < Starting apache" APACHE_CONFDIR="" source /etc/apache2/envvars rm -f "${APACHE_PID_FILE}" exec /usr/sbin/apache2 -DFOREGROUND