cloudron
/
wordpress-app-alt2


			
				
					
						
						
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174
							#!/bin/bash

set -eu

readonly WP="/app/code/wp --allow-root"
 
mkdir -p /run/wordpress/sessions

# Detect the wordpress prefix from existing database. This is a bit of a hack because some wordpress plugins
# seem to leave the old wp_ tables behind.
table_prefix=$(mysql --user=${MYSQL_USERNAME} --password=${MYSQL_PASSWORD} --host=${MYSQL_HOST} ${MYSQL_DATABASE} -e 'SHOW TABLES' --batch 2>/dev/null | sed -n 's/\(.*_\)usermeta/\1/p' | grep -v ^wp_ | head -n1)
[[ -n "${table_prefix}" ]] || table_prefix="wp_"
echo "Using table prefix ${table_prefix}"

# Settings to be updated on every run. Regenerating salts means users have to relogin
sed -e "s/##MYSQL_DATABASE/${MYSQL_DATABASE}/" \
    -e "s/##MYSQL_USERNAME/${MYSQL_USERNAME}/" \
    -e "s/##MYSQL_PASSWORD/${MYSQL_PASSWORD}/" \
    -e "s/##MYSQL_HOST/${MYSQL_HOST}:${MYSQL_PORT}/" \
    -e "s,##APP_ORIGIN,${APP_ORIGIN}," \
    -e "s/##AUTH_KEY/$(pwgen -1cns 64)/" \
    -e "s/##SECURE_AUTH_KEY/$(pwgen -1cns 64)/" \
    -e "s/##LOGGED_IN_KEY/$(pwgen -1cns 64)/" \
    -e "s/##NONCE_KEY/$(pwgen -1cns 64)/" \
    -e "s/##AUTH_SALT/$(pwgen -1cns 64)/" \
    -e "s/##SECURE_AUTH_SALT/$(pwgen -1cns 64)/" \
    -e "s/##LOGGED_IN_SALT/$(pwgen -1cns 64)/" \
    -e "s/##NONCE_SALT/$(pwgen -1cns 64)/" \
    -e "s/##TABLE_PREFIX/${table_prefix}/" \
    /app/code/wp-config.php.template > /run/wordpress/wp-config.php # sed -i seems to destroy symlink

# Generate pre-fork configuration
memory_limit=$(cat /sys/fs/cgroup/memory/memory.limit_in_bytes) # this is the RAM. we have equal amount of swap
concurrency=$((memory_limit*2/1024/1024/50)) # wp has 40MB limit. 10MB to accomodate some leaks

echo "Setting max requests to ${concurrency}"
sed -e "s/MaxRequestWorkers.*/MaxRequestWorkers ${concurrency}/" /etc/apache2/mods-available/mpm_prefork.conf.template > /run/wordpress/mpm_prefork.conf

# Used for wp rewrite
touch /app/data/htaccess

if [[ ! -f "/app/data/.dbsetup" ]]; then
    echo "Copying wp-content files on first run"
    mkdir -p /app/data/wp-content/mu-plugins
    cp -r /app/code/wp-content-vanilla/* /app/data/wp-content/

    if [[ -n "${LDAP_SERVER:-}" ]]; then
        admin_password=$(pwgen -1y 16)
        admin_email=${MAIL_FROM}
    else
        admin_password="changeme"
        admin_email=${MAIL_FROM}
    fi

    echo "Admin password is ${admin_password} and email is ${admin_email}"

    # --skip-email is part of 0.23.0 https://github.com/wp-cli/wp-cli/pull/2345 and https://github.com/wp-cli/wp-cli/issues/1164
    $WP --url="${APP_ORIGIN}" --skip-email core install \
        --url="${APP_ORIGIN}" \
        --title="My blog" \
        --admin_user=admin \
        --admin_password="${admin_password}" \
        --admin_email="${admin_email}"
    echo "WP is now installed"

    # Set default post structure to what most people want
    # Curiously, installing some plugins prevents .htaccess getting written
    $WP rewrite structure --hard '/%postname%/'

    touch "/app/data/.dbsetup"
else
    # Update wordpress
    echo "Updating wordpress database"
    $WP core update-db
fi

# install and backup the plugins. mu plugins are a "flat" structure
# sadly mu-plugins can still be re-configured, just not uninstallable
# We have to do this on every run to get plugin updates
if [[ ! -f "/run/wordpress/plugins_unpacked" ]]; then
    echo "Unpacking plugins"

    # clear the directory, otherwise unzip/mv have to be forced
    rm -rf /app/data/wp-content/mu-plugins/*

    rm -f /app/data/wp-content/mu-plugins/disable-updates.php # remove the old plugin we used
    unzip -d /app/data/wp-content/mu-plugins/ /app/code/disable-wordpress-core-update.zip
    mv /app/data/wp-content/mu-plugins/disable-wordpress-core-update/* /app/data/wp-content/mu-plugins/
    rm -rf /app/data/wp-content/mu-plugins/disable-wordpress-core-update/

    unzip -d /app/data/wp-content/mu-plugins/ /app/code/wp-mail-smtp.zip
    mv /app/data/wp-content/mu-plugins/wp-mail-smtp/* /app/data/wp-content/mu-plugins/
    rm -rf /app/data/wp-content/mu-plugins/wp-mail-smtp/

    # only install ldap plugin with sso
    if [[ -n "${LDAP_SERVER:-}" ]]; then
        unzip -d /app/data/wp-content/mu-plugins/ /app/code/authLdap.zip
        mv /app/data/wp-content/mu-plugins/authLdap-*/* /app/data/wp-content/mu-plugins/
        rm -rf /app/data/wp-content/mu-plugins/authLdap-*/
    fi

    touch /run/wordpress/plugins_unpacked
else
    echo "Plugins already unpacked from previous run" # restarts
fi

echo "Updating domain related settings"
# Note that wp-config already sets WP_HOME and WP_SITEURL and the values in db below are ignored
# This is only done for keeping the db dumps more useful
$WP option update siteurl "${APP_ORIGIN}"
$WP option update home "${APP_ORIGIN}"

# If the user has not changed the email, update it to reflect it any domain change
if [[ "$($WP option get admin_email)" == *.app@* ]]; then
    echo "Updating admin email since it was unchanged"
    $WP option update admin_email "${MAIL_FROM}"
fi

# configure WP mail smtp plugin (smtp_user, smtp_pass can be set when supported)
echo "Configuring smtp mail"
$WP option update mailer smtp
$WP option update mail_from "${MAIL_FROM}"
# Let user customize the mail from name
if ! $WP option get mail_from_name; then
    $WP option update mail_from_name WordPress
fi
$WP option update smtp_host ${MAIL_SMTP_SERVER}
$WP option update smtp_port ${MAIL_SMTP_PORT}
$WP option update smtp_auth true
$WP option update smtp_user ${MAIL_SMTP_USERNAME}
$WP option update smtp_pass "${MAIL_SMTP_PASSWORD}"

if [[ -n "${LDAP_SERVER:-}" ]]; then
    # configure LDAP
    # https://github.com/heiglandreas/authLdap/blob/master/authLdap.php#L644

    # GroupEnable means that cloudron groups are carried over to wp groups
    # GroupOverUser means that if there is an existing wp group for the user, it won't be overwritten
    # The above implies that users can override the roles in wordpress and it
    # doesn't get overwritten on re-login
    echo "Configuring LDAP"
    ldapConfig=$(cat <<EOF
    {
        "Enabled"       : true,
        "CachePW"       : false,
        "URI"           : "ldap://${LDAP_SERVER}:${LDAP_PORT}/${LDAP_USERS_BASE_DN}",
        "Filter"        : "(|(mail=%1\$s)(username=%1\$s))",
        "NameAttr"      : "givenName",
        "SecName"       : "sn",
        "UidAttr"       : "username",
        "MailAttr"      : "mail",
        "WebAttr"       : "",
        "Groups"        : { "administrator" : "cn=admins,${LDAP_GROUPS_BASE_DN}" },
        "GroupSeparator": ";",
        "Debug"         : false,
        "GroupAttr"     : "memberof",
        "GroupFilter"   : "(|(mail=%1\$s)(username=%1\$s))",
        "DefaultRole"   : "editor",
        "GroupEnable"   : true,
        "GroupOverUser" : false,
        "Version"       : 1
    }
EOF
)
    $WP --format=json option update authLDAPOptions "${ldapConfig}"
fi

chown -R www-data:www-data /app/data /run/wordpress

echo "Starting apache"
APACHE_CONFDIR="" source /etc/apache2/envvars
rm -f "${APACHE_PID_FILE}"
exec /usr/sbin/apache2 -DFOREGROUND