wordpress-app-alt2/start.sh

#!/bin/bash

set -eu

readonly WP="/app/code/wp --allow-root"
readonly admin_password=$(pwgen -1y 16)
readonly admin_email=${MAIL_SMTP_USERNAME}@${MAIL_DOMAIN}
echo "Admin password is ${admin_password} and email is ${admin_email}"

# Settings to be updated on every run. Regenerating salts means users have to relogin
sed -e "s/##MYSQL_DATABASE/${MYSQL_DATABASE}/" \
    -e "s/##MYSQL_USERNAME/${MYSQL_USERNAME}/" \
    -e "s/##MYSQL_PASSWORD/${MYSQL_PASSWORD}/" \
    -e "s/##MYSQL_HOST/${MYSQL_HOST}:${MYSQL_PORT}/" \
    -e "s,##APP_ORIGIN,${APP_ORIGIN}," \
    -e "s/##AUTH_KEY/$(pwgen -1cns 64)/" \
    -e "s/##SECURE_AUTH_KEY/$(pwgen -1cns 64)/" \
    -e "s/##LOGGED_IN_KEY/$(pwgen -1cns 64)/" \
    -e "s/##NONCE_KEY/$(pwgen -1cns 64)/" \
    -e "s/##AUTH_SALT/$(pwgen -1cns 64)/" \
    -e "s/##SECURE_AUTH_SALT/$(pwgen -1cns 64)/" \
    -e "s/##LOGGED_IN_SALT/$(pwgen -1cns 64)/" \
    -e "s/##NONCE_SALT/$(pwgen -1cns 64)/" \
    /app/code/wp-config.php.template > /run/wordpress/wp-config.php # sed -i seems to destroy symlink

if [[ -z "$(ls -A /app/data)" ]]; then
    echo "Copying wp-content files on first run"
    mkdir -p /app/data/wp-content/mu-plugins
    cp -r /app/code/wp-content-vanilla/* /app/data/wp-content/

    # create db tables
    $WP --url="${APP_ORIGIN}" core install \
        --url="${APP_ORIGIN}" \
        --title="My blog" \
        --admin_user=admin \
        --admin_password="${admin_password}" \
        --admin_email="${admin_email}"

    # install and backup the plugins. mu plugins are a "flat" structure"
    # sadly mu-plugins can still be re-configured, just not uninstallable
    unzip -d /app/data/wp-content/mu-plugins/ /app/code/disable-wordpress-updates.zip
    mv /app/data/wp-content/mu-plugins/disable-wordpress-updates/* /app/data/wp-content/mu-plugins/
    rm -rf /app/data/wp-content/mu-plugins/disable-wordpress-updates/

    unzip -d /app/data/wp-content/mu-plugins/ /app/code/wp-mail-smtp.zip
    mv /app/data/wp-content/mu-plugins/wp-mail-smtp/* /app/data/wp-content/mu-plugins/
    rm -rf /app/data/wp-content/mu-plugins/wp-mail-smtp/

    unzip -d /app/data/wp-content/mu-plugins/ /app/code/authLdap.zip
    mv /app/data/wp-content/mu-plugins/authLdap-*/* /app/data/wp-content/mu-plugins/
    rm -rf /app/data/wp-content/mu-plugins/authLdap-*/
else
    # Update wordpress
    $WP core update-db
fi

# reset the admin password
$WP user update $($WP user get admin --field=ID) --user_pass="${admin_password}"
$WP user update $($WP user get admin --field=ID) --user_email="${admin_email}"

# configure WP mail smtp plugin (smtp_user, smtp_pass can be set when supported)
$WP option update mailer smtp
$WP option update mail_from ${MAIL_SMTP_USERNAME}@${MAIL_DOMAIN}
$WP option update mail_from_name ${MAIL_SMTP_USERNAME}
$WP option update smtp_host ${MAIL_SMTP_SERVER}
$WP option update smtp_port ${MAIL_SMTP_PORT}
$WP option update smtp_auth false

# configure LDAP
# https://github.com/heiglandreas/authLdap/blob/master/authLdap.php#L644
ldapConfig=$(cat <<EOF
{
    "Enabled"       : true,
    "CachePW"       : false,
    "URI"           : "ldap://${LDAP_SERVER}:${LDAP_PORT}/${LDAP_USERS_BASE_DN}",
    "Filter"        : "(uid=%s)",
    "NameAttr"      : "displayname",
    "SecName"       : "",
    "UidAttr"       : "uid",
    "MailAttr"      : "mail",
    "WebAttr"       : "",
    "Groups"        : { "administrator" : "cn=admins,${LDAP_GROUPS_BASE_DN}" },
    "Debug"         : false,
    "GroupAttr"     : "memberof",
    "GroupFilter"   : "(&(objectClass=user)(uid=%s))",
    "DefaultRole"   : "editor",
    "GroupEnable"   : true,
    "GroupOverUser" : true,
    "Version"       : 1
}
EOF
)
$WP --autoload=true --format=json option update authLDAPOptions "${ldapConfig}"

chown -R www-data:www-data /app/data

echo "Starting apache"
APACHE_CONFDIR="" source /etc/apache2/envvars
rm -f "${APACHE_PID_FILE}"
exec /usr/sbin/apache2 -DFOREGROUND