#!/bin/bash set -eu readonly WP="/app/code/wp --allow-root" mkdir -p /run/wordpress/sessions # Detect the wordpress prefix from existing database. This is a bit of a hack because some wordpress plugins # seem to leave the old wp_ tables behind. table_prefix=$(mysql --user=${MYSQL_USERNAME} --password=${MYSQL_PASSWORD} --host=${MYSQL_HOST} ${MYSQL_DATABASE} -e 'SHOW TABLES' --batch 2>/dev/null | sed -n 's/\(.*_\)usermeta/\1/p' | grep -v ^wp_ | head -n1) [[ -n "${table_prefix}" ]] || table_prefix="wp_" echo "Using table prefix ${table_prefix}" # Settings to be updated on every run. Regenerating salts means users have to relogin sed -e "s/##MYSQL_DATABASE/${MYSQL_DATABASE}/" \ -e "s/##MYSQL_USERNAME/${MYSQL_USERNAME}/" \ -e "s/##MYSQL_PASSWORD/${MYSQL_PASSWORD}/" \ -e "s/##MYSQL_HOST/${MYSQL_HOST}:${MYSQL_PORT}/" \ -e "s,##APP_ORIGIN,${APP_ORIGIN}," \ -e "s/##AUTH_KEY/$(pwgen -1cns 64)/" \ -e "s/##SECURE_AUTH_KEY/$(pwgen -1cns 64)/" \ -e "s/##LOGGED_IN_KEY/$(pwgen -1cns 64)/" \ -e "s/##NONCE_KEY/$(pwgen -1cns 64)/" \ -e "s/##AUTH_SALT/$(pwgen -1cns 64)/" \ -e "s/##SECURE_AUTH_SALT/$(pwgen -1cns 64)/" \ -e "s/##LOGGED_IN_SALT/$(pwgen -1cns 64)/" \ -e "s/##NONCE_SALT/$(pwgen -1cns 64)/" \ -e "s/##TABLE_PREFIX/${table_prefix}/" \ /app/code/wp-config.php.template > /run/wordpress/wp-config.php # sed -i seems to destroy symlink # Generate pre-fork configuration memory_limit=$(cat /sys/fs/cgroup/memory/memory.limit_in_bytes) # this is the RAM. we have equal amount of swap concurrency=$((memory_limit*2/1024/1024/50)) # wp has 40MB limit. 10MB to accomodate some leaks echo "Setting max requests to ${concurrency}" sed -e "s/MaxRequestWorkers.*/MaxRequestWorkers ${concurrency}/" /etc/apache2/mods-available/mpm_prefork.conf.template > /run/wordpress/mpm_prefork.conf # Used for wp rewrite touch /app/data/htaccess if [[ ! -f "/app/data/.dbsetup" ]]; then echo "Copying wp-content files on first run" mkdir -p /app/data/wp-content/mu-plugins cp -r /app/code/wp-content-vanilla/* /app/data/wp-content/ if [[ -n "${LDAP_SERVER:-}" ]]; then admin_password=$(pwgen -1y 16) admin_email=${MAIL_FROM} else admin_password="changeme" admin_email=${MAIL_FROM} fi echo "Admin password is ${admin_password} and email is ${admin_email}" # --skip-email is part of 0.23.0 https://github.com/wp-cli/wp-cli/pull/2345 and https://github.com/wp-cli/wp-cli/issues/1164 $WP --url="${APP_ORIGIN}" --skip-email core install \ --url="${APP_ORIGIN}" \ --title="My blog" \ --admin_user=admin \ --admin_password="${admin_password}" \ --admin_email="${admin_email}" echo "WP is now installed" # Set default post structure to what most people want # Curiously, installing some plugins prevents .htaccess getting written $WP rewrite structure --hard '/%postname%/' touch "/app/data/.dbsetup" else # Update wordpress echo "Updating wordpress database" $WP core update-db fi # install and backup the plugins. mu plugins are a "flat" structure # sadly mu-plugins can still be re-configured, just not uninstallable # We have to do this on every run to get plugin updates if [[ ! -f "/run/wordpress/plugins_unpacked" ]]; then echo "Unpacking plugins" # clear the directory, otherwise unzip/mv have to be forced rm -rf /app/data/wp-content/mu-plugins/* rm -f /app/data/wp-content/mu-plugins/disable-updates.php # remove the old plugin we used unzip -d /app/data/wp-content/mu-plugins/ /app/code/disable-wordpress-core-update.zip mv /app/data/wp-content/mu-plugins/disable-wordpress-core-update/* /app/data/wp-content/mu-plugins/ rm -rf /app/data/wp-content/mu-plugins/disable-wordpress-core-update/ unzip -d /app/data/wp-content/mu-plugins/ /app/code/wp-mail-smtp.zip mv /app/data/wp-content/mu-plugins/wp-mail-smtp/* /app/data/wp-content/mu-plugins/ rm -rf /app/data/wp-content/mu-plugins/wp-mail-smtp/ # only install ldap plugin with sso if [[ -n "${LDAP_SERVER:-}" ]]; then unzip -d /app/data/wp-content/mu-plugins/ /app/code/authLdap.zip mv /app/data/wp-content/mu-plugins/authLdap-*/* /app/data/wp-content/mu-plugins/ rm -rf /app/data/wp-content/mu-plugins/authLdap-*/ fi touch /run/wordpress/plugins_unpacked else echo "Plugins already unpacked from previous run" # restarts fi echo "Updating domain related settings" # Note that wp-config already sets WP_HOME and WP_SITEURL and the values in db below are ignored # This is only done for keeping the db dumps more useful $WP option update siteurl "${APP_ORIGIN}" $WP option update home "${APP_ORIGIN}" # If the user has not changed the email, update it to reflect it any domain change if [[ "$($WP option get admin_email)" == *.app@* ]]; then echo "Updating admin email since it was unchanged" $WP option update admin_email "${MAIL_FROM}" fi # configure WP mail smtp plugin (smtp_user, smtp_pass can be set when supported) echo "Configuring smtp mail" $WP option update mailer smtp $WP option update mail_from "${MAIL_FROM}" # Let user customize the mail from name if ! $WP option get mail_from_name; then $WP option update mail_from_name WordPress fi $WP option update smtp_host ${MAIL_SMTP_SERVER} $WP option update smtp_port ${MAIL_SMTP_PORT} $WP option update smtp_auth true $WP option update smtp_user ${MAIL_SMTP_USERNAME} $WP option update smtp_pass "${MAIL_SMTP_PASSWORD}" if [[ -n "${LDAP_SERVER:-}" ]]; then # configure LDAP # https://github.com/heiglandreas/authLdap/blob/master/authLdap.php#L644 # GroupEnable means that cloudron groups are carried over to wp groups # GroupOverUser means that if there is an existing wp group for the user, it won't be overwritten # The above implies that users can override the roles in wordpress and it # doesn't get overwritten on re-login echo "Configuring LDAP" ldapConfig=$(cat <