WIP

SURFscz · Feb 5, 2024 · 2cc6e9b · 2cc6e9b
1 parent 2b67160
commit 2cc6e9b
Show file tree

Hide file tree

Showing 5 changed files with 58 additions and 36 deletions.
diff --git a/environments/docker/group_vars/demo1.yml b/environments/docker/group_vars/demo1.yml
@@ -17,8 +17,7 @@ containers:
 images:
   etherpad: ghcr.io/surfscz/sram-etherpad:main
   wordpress: wordpress:6
-  wordpress_cli: wordpress:cli-2
-  # wordpress: bitnami/wordpress:6.4.2
+  wordpress_cli: wordpress:cli
   database: mariadb:11
 
 demo_hosts:

diff --git a/roles/demo-apache/templates/apache.conf.j2 b/roles/demo-apache/templates/apache.conf.j2
@@ -29,15 +29,15 @@
         OIDCResponseMode "query"
         OIDCScope "openid profile uid"
 
-        OIDCRedirectURI https://demo1.sram.surf.nl/redirect_uri
+        OIDCRedirectURI /redirect_uri
         OIDCCryptoPassphrase randompassword
 
         RequestHeader unset X-Authenticated-User
         RequestHeader unset X-Authenticated-Name
         RequestHeader set X-Authenticated-User expr=%{ENV:OIDC_CLAIM_uid}
         RequestHeader set X-Authenticated-Name expr=%{ENV:OIDC_CLAIM_uid}
 
-        <LocationMatch ^/(ep/|wp/wp-admin)>
+        <LocationMatch ^/(redirect_uri|ep/|wp/wp-admin)>
             Require valid-user
             AuthType openid-connect
         </LocationMatch>
@@ -47,10 +47,11 @@
 {% endif %}
 
         RequestHeader set X-Forwarded-Host expr=%{HTTP_HOST}
+        RequestHeader set X-Forwarded-Proto expr=%{HTTPS}
         RewriteEngine on
 
         # Etherpad Reverse Proxy
-        # RedirectMatch 301 /ep$ /ep/
+        RedirectMatch 301 /ep$ /ep/
         <LocationMatch "^/ep/(.*)">
             RewriteCond %{HTTP:Connection} =Upgrade       [NC]
             RewriteCond %{HTTP:Upgrade} =websocket        [NC]
@@ -60,6 +61,9 @@
             RewriteRule /ep/(.*) http://localhost:9001/$1 [P,L]
         </LocationMatch>
 
+        # Wordpress Reverse Proxy
+        RedirectMatch 301 /wp$ /wp/
+        RedirectMatch 301 /wp/wp-admin$ /wp/wp-admin/
         <LocationMatch "^/wp/(.*)">
             ProxyPassMatch http://localhost:{{ports.wordpress}}/$1
             ProxyPassReverse http://localhost:{{ports.wordpress}}/$1

diff --git a/roles/demo-wordpress/defaults/main.yml b/roles/demo-wordpress/defaults/main.yml
@@ -1,2 +1,3 @@
 ---
 wordpress_basedir: "{{sram_conf_dir}}/wordpress"
+wordpress_content: "{{wordpress_basedir}}/content"
diff --git a/roles/demo-wordpress/files/wait-for-mysql.sh b/roles/demo-wordpress/files/wait-for-mysql.sh
@@ -0,0 +1,15 @@
+#!/bin/bash -e
+
+if [[ $WORDPRESS_DB_HOST == *":"* ]]; then
+    HOST=$(echo $WORDPRESS_DB_HOST | cut -d: -f1)
+    PORT=$(echo $WORDPRESS_DB_HOST | cut -d: -f2)
+else
+    HOST=$WORDPRESS_DB_HOST
+    PORT=3306
+fi
+
+until mysql -h $HOST -P $PORT -D $WORDPRESS_DB_NAME -u $WORDPRESS_DB_USER -p$WORDPRESS_DB_PASSWORD -e '\q' 2>null; do
+  sleep 1
+done
+
+>&2 echo "Mysql is up - executing command"
diff --git a/roles/demo-wordpress/tasks/main.yml b/roles/demo-wordpress/tasks/main.yml
@@ -7,17 +7,24 @@
     mode: '0777'
   with_items:
     - "{{wordpress_basedir}}"
-    - "{{wordpress_basedir}}/wp-content/plugins"
+    - "{{wordpress_content}}"
+    - "{{wordpress_content}}/wp-content/plugins"
 
 - name: install wordpress jit-user plugin
   copy:
     src: "jit-user.php"
-    dest: "{{wordpress_basedir}}/wp-content/plugins"
+    dest: "{{wordpress_content}}/wp-content/plugins"
+
+- name: install wait-for-mysql.sh
+  copy:
+    src: "wait-for-mysql.sh"
+    dest: "{{wordpress_basedir}}/wait-for-mysql.sh"
+    mode: '0755'
 
 # - name: install additional wordpress plugins
 #   subversion:
 #     repo: "{{item.svn}}"
-#     dest: "{{wordpress_basedir}}/wp-plugins/{{item.name}}"
+#     dest: "{{wordpress_content}}/wp-plugins/{{item.name}}"
 #   with_items:
 #     - name: "disable-xml-rpc"
 #       svn: "https://plugins.svn.wordpress.org/disable-xml-rpc/tags/1.0.1/"
@@ -29,7 +36,7 @@
     name: "{{ containers.database }}"
     image: "{{ images.database }}"
     restart_policy: "always"
-    restart: true
+    # restart: true
     state: started
     # pull: true
     env:
@@ -48,55 +55,51 @@
     name: "{{ containers.wordpress }}"
     image: "{{ images.wordpress }}"
     restart_policy: "always"
-    restart: true
+    # restart: true
     state: started
     # pull: true
     env:
       WORDPRESS_DB_HOST: "{{ containers.database }}"
-      WORDPRESS_DB_USER: wordpress
-      WORDPRESS_DB_PASSWORD: wordpress
-      WORDPRESS_DB_NAME: wordpress
+      WORDPRESS_DB_USER: "wordpress"
+      WORDPRESS_DB_PASSWORD: "wordpress"
+      WORDPRESS_DB_NAME: "wordpress"
       WORDPRESS_CONFIG_EXTRA: |
         define( 'WP_HOME', '/wp' );
         define( 'WP_SITEURL', '/wp' );
         if (!empty($_SERVER['HTTP_X_FORWARDED_HOST'])) {
           $_SERVER['HTTP_HOST'] = $_SERVER['HTTP_X_FORWARDED_HOST'];
-        }
+        };
+        if (!empty($_SERVER['HTTP_X_FORWARDED_PROTO'])) {
+          $_SERVER['HTTPS'] = $_SERVER['HTTP_X_FORWARDED_PROTO'];
+        };
     published_ports:
       - "{{ports.wordpress}}:80"
     volumes:
-      - "{{ wordpress_basedir }}:/var/www/html"
-      # - "{{ wordpress_basedir }}/plugins:/var/www/html/wp-content/plugins/"
+      - "{{ wordpress_content }}:/var/www/html"
     networks:
       - name: "{{ internal_network }}"
 
 - name: Run command in the worpress container
   docker_container:
     name: "{{ containers.wordpress_cli }}"
     image: "{{ images.wordpress_cli }}"
-    restart_policy: "no"
+    restart_policy: no
     state: started
+    user: 33
     env:
       WORDPRESS_DB_HOST: "{{ containers.database }}"
-      WORDPRESS_DB_USER: wordpress
-      WORDPRESS_DB_PASSWORD: wordpress
-      WORDPRESS_DB_NAME: wordpress
-      WORDPRESS_CONFIG_EXTRA: |
-        define( 'WP_HOME', '/wp' );
-        define( 'WP_SITEURL', '/wp' );
-        if (!empty($_SERVER['HTTP_X_FORWARDED_HOST'])) {
-          $_SERVER['HTTP_HOST'] = $_SERVER['HTTP_X_FORWARDED_HOST'];
-        }
-    entrypoint: sh
-    command: >
-      -c 'sleep 30;
-      wp core install \
-        --url="https://example.com" \
-        --title="Wordpress" \
-        --admin_name="admin" --admin_password="admin" \
-        --admin_email="admin@example.com";
-      wp plugin activate jit-user.php'
+      WORDPRESS_DB_USER: "wordpress"
+      WORDPRESS_DB_PASSWORD: "wordpress"
+      WORDPRESS_DB_NAME: "wordpress"
+    command: >-
+      /bin/sh -c '
+      /wait-for-mysql.sh;
+      wp core install --url=https://{{ demo_hosts.demo1 }}/wp --title=Wordpress --admin_user=admin --admin_email=admin@example.com;
+      wp plugin activate jit-user.php;
+      '
+    volumes_from:
+      - "{{ containers.wordpress }}"
     volumes:
-      - "{{ wordpress_basedir }}:/var/www/html"
+      - "{{ wordpress_basedir }}/wait-for-mysql.sh:/wait-for-mysql.sh"
     networks:
       - name: "{{ internal_network }}"