wordpress-app-alt2/start.sh

#!/bin/bash

set -eu

readonly WP="/app/code/wp --allow-root"
readonly admin_password=$(pwgen -1y 16)
readonly admin_email=${MAIL_SMTP_USERNAME}@${MAIL_DOMAIN}
echo "Admin password is ${admin_password} and email is ${admin_email}"

# Settings to be updated on every run. Regenerating salts means users have to relogin
sed -e "s/##MYSQL_DATABASE/${MYSQL_DATABASE}/" \
    -e "s/##MYSQL_USERNAME/${MYSQL_USERNAME}/" \
    -e "s/##MYSQL_PASSWORD/${MYSQL_PASSWORD}/" \
    -e "s/##MYSQL_HOST/${MYSQL_HOST}:${MYSQL_PORT}/" \
    -e "s,##APP_ORIGIN,${APP_ORIGIN}," \
    -e "s/##AUTH_KEY/$(pwgen -1cns 64)/" \
    -e "s/##SECURE_AUTH_KEY/$(pwgen -1cns 64)/" \
    -e "s/##LOGGED_IN_KEY/$(pwgen -1cns 64)/" \
    -e "s/##NONCE_KEY/$(pwgen -1cns 64)/" \
    -e "s/##AUTH_SALT/$(pwgen -1cns 64)/" \
    -e "s/##SECURE_AUTH_SALT/$(pwgen -1cns 64)/" \
    -e "s/##LOGGED_IN_SALT/$(pwgen -1cns 64)/" \
    -e "s/##NONCE_SALT/$(pwgen -1cns 64)/" \
    /app/code/wp-config.php.template > /run/wordpress/wp-config.php # sed -i seems to destroy symlink

if [[ -z "$(ls -A /app/data)" ]]; then
    echo "Copying wp-content files on first run"
    mkdir -p /app/data/wp-content/mu-plugins
    cp -r /app/code/wp-content-vanilla/* /app/data/wp-content/

    # create db tables
    $WP --url="${APP_ORIGIN}" core install \
        --url="${APP_ORIGIN}" \
        --title="My blog" \
        --admin_user=admin \
        --admin_password="${admin_password}" \
        --admin_email="${admin_email}"

    # install and backup the plugins
    $WP plugin install --activate --force /app/code/disable-wordpress-updates.zip
    mv /app/data/wp-content/plugins/disable-wordpress-updates /app/data/wp-content/mu-plugins/

    $WP plugin install --activate --force /app/code/wp-mail-smtp.zip
    mv /app/data/wp-content/plugins/wp-mail-smtp /app/data/wp-content/mu-plugins/

    $WP plugin install --activate --force /app/code/authLdap.zip
else
    # Update wordpress
    $WP core update-db
fi

# reset the admin password
$WP user update $($WP user get admin --field=ID) --user_pass="${admin_password}"
$WP user update $($WP user get admin --field=ID) --user_email="${admin_email}"

# configure WP mail smtp plugin (smtp_user, smtp_pass can be set when supported)
$WP option update mailer smtp
$WP option update mail_from ${MAIL_SMTP_USERNAME}@${MAIL_DOMAIN}
$WP option update mail_from_name ${MAIL_SMTP_USERNAME}
$WP option update smtp_host ${MAIL_SMTP_SERVER}
$WP option update smtp_port ${MAIL_SMTP_PORT}
$WP option update smtp_auth false

# configure LDAP
# https://github.com/heiglandreas/authLdap/blob/master/authLdap.php#L644
ldapConfig=$(cat <<EOF
[
    'Enabled'       => true,
    'CachePW'       => false,
    'URI'           => 'ldap://${LDAP_SERVER}:${LDAP_PORT}/${LDAP_USERS_BASE_DN}',
    'Filter'        => '(uid=%s)',
    'NameAttr'      => 'displayname',
    'SecName'       => '',
    'UidAttr'       => '', // 'uid'
    'MailAttr'      => '', // 'mail'
    'WebAttr'       => '',
    'Groups'        => array([ 'administrator' => 'cn=admins,${LDAP_GROUPS_BASE_DN}' ]),
    'Debug'         => false,
    'GroupAttr'     => 'memberof',
    'GroupFilter'   => '(&(objectClass=user)(uid=%s))',
    'DefaultRole'   => 'editor',
    'GroupEnable'   => true,
    'GroupOverUser' => true,
    'Version'       => 1
]
EOF
)
authLDAPOptions=$(echo "${ldapConfig}" | php5 -r 'echo serialize(eval("return " . file_get_contents("php://stdin") . ";"));')
$WP option update authLDAPOptions "${authLDAPOptions}"

chown -R www-data:www-data /app/data

echo "Starting apache"
APACHE_CONFDIR="" source /etc/apache2/envvars
rm -f "${APACHE_PID_FILE}"
exec /usr/sbin/apache2 -DFOREGROUND