Docker-izing WordPress for Kubernetes

docker-entrypoint.sh

#!/bin/bash
set -euo pipefail


TERM=dumb php -- <<'EOPHP'
<?php
// database might not exist, so let's try creating it (just to be safe)

$stderr = fopen('php://stderr', 'w');

// https://codex.wordpress.org/Editing_wp-config.php#MySQL_Alternate_Port
//   "hostname:port"
// https://codex.wordpress.org/Editing_wp-config.php#MySQL_Sockets_or_Pipes
//   "hostname:unix-socket-path"
list($host, $socket) = explode(':', getenv('WORDPRESS_DB_HOST'), 2);
$port = 0;
if (is_numeric($socket)) {
	$port = (int) $socket;
	$socket = null;
}
$user = getenv('WORDPRESS_DB_USER');
$pass = getenv('WORDPRESS_DB_PASSWORD');
$dbName = getenv('WORDPRESS_DB_NAME');

$maxTries = 10;
do {
	$mysql = new mysqli($host, $user, $pass, '', $port, $socket);
	if ($mysql->connect_error) {
		fwrite($stderr, 'MySQL Connection Error: (' . $mysql->connect_errno . ') ' . $mysql->connect_error . "\n");
		--$maxTries;
		if ($maxTries <= 0) {
			exit(1);
		}
		sleep(3);
	}
} while ($mysql->connect_error);

if (!$mysql->query('CREATE DATABASE IF NOT EXISTS `' . $mysql->real_escape_string($dbName) . '`')) {
	fwrite($stderr, "\n" . 'MySQL "CREATE DATABASE" Error: ' . $mysql->error . "\n");
	$mysql->close();
	exit(1);
}

$mysql->close();

// see if we need to copy files over
include '/var/www/html-original/wp-includes/version.php';
$dockerWPversion = $wp_version;

if (file_exists('/var/www/html/wp-includes/version.php')) {
	include '/var/www/html/wp-includes/version.php';
	$installedWPversion = $wp_version;
} else {
	$installedWPversion = '0.0.0';
}

fwrite($stderr, "dockerWPversion: $dockerWPversion - installedWPversion: $installedWPversion\n");
if(version_compare($dockerWPversion, $installedWPversion, '>')) {
	fwrite($stderr, "Installing worpress files\n");
	exec('rsync -au /var/www/html-original/ /var/www/html');
}

if (filemtime('/var/www/html-original/wp-content/themes') > filemtime('/var/www/html/wp-content/themes')) {
	fwrite($stderr, "Updating theme files\n");
	exec('rsync -au --delete-after /var/www/html-original/wp-content/themes/ /var/www/html/wp-content/themes');
}


EOPHP

cp /tmp/wp-config.php /var/www/html/wp-config.php
chown www-data:www-data /var/www/html/wp-config.php
chmod 400 /var/www/html/wp-config.php

chown -R www-data:www-data /var/www/html

/usr/sbin/nginx -g 'daemon off;pid /run/nginx.pid;' &

exec "$@"

Dockerfile

FROM php:7.2-fpm-alpine

# docker-entrypoint.sh dependencies
RUN apk add --no-cache \
# in theory, docker-entrypoint.sh is POSIX-compliant, but priority is a working, consistent image
		bash \
		sed \
		rsync \ 
		nginx

# install the PHP extensions we need
RUN set -ex; \
	\
	apk add --no-cache --virtual .build-deps \
		libjpeg-turbo-dev \
		libpng-dev \
	; \
	\
	docker-php-ext-configure gd --with-png-dir=/usr --with-jpeg-dir=/usr; \
	docker-php-ext-install gd mysqli opcache; \
	\
	runDeps="$( \
		scanelf --needed --nobanner --recursive \
			/usr/local/lib/php/extensions \
			| awk '{ gsub(/,/, "\nso:", $2); print "so:" $2 }' \
			| sort -u \
			| xargs -r apk info --installed \
			| sort -u \
	)"; \
	apk add --virtual .wordpress-phpexts-rundeps $runDeps; \
	apk del .build-deps

# set recommended PHP.ini settings
# see https://secure.php.net/manual/en/opcache.installation.php
RUN { \
		echo 'opcache.memory_consumption=128'; \
		echo 'opcache.interned_strings_buffer=8'; \
		echo 'opcache.max_accelerated_files=4000'; \
		echo 'opcache.revalidate_freq=2'; \
		echo 'opcache.fast_shutdown=1'; \
		echo 'opcache.enable_cli=1'; \
		echo 'upload_max_filesize=25M'; \
    echo 'post_max_size=25M'; \
	} > /usr/local/etc/php/conf.d/opcache-recommended.ini

VOLUME /var/www/html
ADD html /var/www/html-original

COPY wp-config.php /tmp/wp-config.php
COPY nginx.conf /etc/nginx/nginx.conf

COPY docker-entrypoint.sh /usr/local/bin/

ENTRYPOINT ["/usr/local/bin/docker-entrypoint.sh"]
CMD ["php-fpm"]

nginx.conf

user www-data;
worker_processes 1;
worker_rlimit_nofile 1024;

events {
  accept_mutex on;
  accept_mutex_delay 500ms;
  worker_connections 1024;
}

http {
  include       /etc/nginx/mime.types;
  default_type  text/html;

  sendfile    on;
  send_timeout 10;
  server_tokens off;

  types_hash_max_size 1024;
  types_hash_bucket_size 512;

  server_names_hash_bucket_size 64;
  server_names_hash_max_size 512;

  keepalive_timeout   30;
  keepalive_requests  100;
  client_body_timeout 15;
  lingering_timeout   5;
  tcp_nodelay         on;
  reset_timedout_connection on;

  gzip              on;
  gzip_buffers      16 8k;
  gzip_comp_level   6;
  gzip_disable      msie6;
  gzip_min_length   20;
  gzip_http_version 1.1;
  gzip_proxied      any;
  gzip_types        image/png image/gif image/jpeg text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript application/javascript text/x-js image/svg+xml;
  gzip_vary         off;

  client_max_body_size    25M;
  client_body_buffer_size 256k;
  proxy_connect_timeout   90;
  proxy_send_timeout      90;
  proxy_read_timeout      90;
  proxy_buffers           32 4k;
  proxy_buffer_size       8k;
  proxy_set_header        Host $host;
  proxy_set_header        X-Real-IP $remote_addr;
  proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;

    server {
        listen  80;

        server_name _;
        root /var/www/html;
        index index.php;

        error_log /var/log/nginx/localhost.error.log;
        access_log /var/log/nginx/localhost.access.log;

        location / {
            # try to serve file directly, fallback to app.php
            try_files $uri $uri/ /index.php$is_args$args;
        }

        gzip_vary on;
        gzip_min_length 2000;
        gzip_comp_level 5;
        gzip_buffers 16 8k;
        gzip_proxied expired no-cache no-store private auth;
        gzip_http_version 1.1;
        gzip_types text/plain text/css image/jpg image/jpeg application/json application/javascript text/xml application/xml application/xml+rss text/javascript image/svg+xml;
        gzip_disable "MSIE [1-6]\.";

        location ~* \.(jpg|jpeg|gif|png|css|js|ico|xml|svg|ttf|ttc|otf|eot|woff|woff2)$ {
            expires 30d;
        }

        location ~ ^/.+\.php(/|$) {
            fastcgi_pass localhost:9000;
            fastcgi_split_path_info ^(.+\.php)(/.*)$;
            include fastcgi_params;
            fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
            fastcgi_param HTTPS off;
        }
    }
}

wp-config.php

<?php
/**
 * The base configuration for WordPress
 *
 * The wp-config.php creation script uses this file during the
 * installation. You don't have to use the web site, you can
 * copy this file to "wp-config.php" and fill in the values.
 *
 * This file contains the following configurations:
 *
 * * MySQL settings
 * * Secret keys
 * * Database table prefix
 * * ABSPATH
 *
 * @link https://codex.wordpress.org/Editing_wp-config.php
 *
 * @package WordPress
 */

// ** MySQL settings - You can get this info from your web host ** //
/** The name of the database for WordPress */
define('DB_NAME', getenv('WORDPRESS_DB_NAME'));

/** MySQL database username */
define('DB_USER', getenv('WORDPRESS_DB_USER'));

/** MySQL database password */
define('DB_PASSWORD', getenv('WORDPRESS_DB_PASSWORD'));

/** MySQL hostname */
define('DB_HOST', getenv('WORDPRESS_DB_HOST'));

/** Database Charset to use in creating database tables. */
define('DB_CHARSET', 'utf8');

/** The Database Collate type. Don't change this if in doubt. */
define('DB_COLLATE', '');

/**#@+
 * Authentication Unique Keys and Salts.
 *
 * Change these to different unique phrases!
 * You can generate these using the {@link https://api.wordpress.org/secret-key/1.1/salt/ WordPress.org secret-key service}
 * You can change these at any point in time to invalidate all existing cookies. This will force all users to have to log in again.
 *
 * @since 2.6.0
 */
define('AUTH_KEY',         '+_IYoQPA1feb2@f.+^LFf5p3[s%]$CH?&M70?`Tt$;x>k8bk|l>crKh]+WV0Nr;w');
define('SECURE_AUTH_KEY',  '(jXf[b*fTJ8gt;<WU`yUeMflZ:h#ps?wYAsP8H{+Iq.+|<,P=A_=]/oy&T8{-hr]');
define('LOGGED_IN_KEY',    'VCN3Jch]O+Jg-8aK/!N!%ICYKAjqP>D.SFHNuKtSC6hHys7YYm,4hP+c2P*(Bf*{');
define('NONCE_KEY',        'L9XIj,9%!)xY2@|r}r*<)r?yEYJ%Yd9Mw0[%+%U~B*j+JxQ5Cd:>3&I@t]4|di/A');
define('AUTH_SALT',        '^kcQa+9>$= _!/p%%8u0Jq>7g<R?kQa`vUD.WE7]U8TV)A%]j&f~Ge5QBf7c@#eC');
define('SECURE_AUTH_SALT', '&oWphdQ~bE.GklbCl7d!e+UAO_gs3MdyhSA);C88&cFSh6eB6.^K;0/x}St6fQ`p');
define('LOGGED_IN_SALT',   'z~cVMdgeRtUom#X=FAB%-(l$:*dIXuA%75+r|-Rm`x$D}z|+De S}-ZVbxI=!88J');
define('NONCE_SALT',       's+^|5s}Ei~3eA|]M1nmO%|+9#H*m?x+e+l*3,!R{N]NPe?S~,|%+VfLb<9Pys-sG');

/**#@-*/

/**
 * WordPress Database Table prefix.
 *
 * You can have multiple installations in one database if you give each
 * a unique prefix. Only numbers, letters, and underscores please!
 */
$table_prefix  = 'wp_';

/**
 * For developers: WordPress debugging mode.
 *
 * Change this to true to enable the display of notices during development.
 * It is strongly recommended that plugin and theme developers use WP_DEBUG
 * in their development environments.
 *
 * For information on other constants that can be used for debugging,
 * visit the Codex.
 *
 * @link https://codex.wordpress.org/Debugging_in_WordPress
 */
define('WP_DEBUG', false);

// If we're behind a proxy server and using HTTPS, we need to alert Wordpress of that fact
// see also http://codex.wordpress.org/Administration_Over_SSL#Using_a_Reverse_Proxy
if (isset($_SERVER['HTTP_X_FORWARDED_PROTO']) && $_SERVER['HTTP_X_FORWARDED_PROTO'] === 'https') {
    $_SERVER['HTTPS'] = 'on';
}

/* That's all, stop editing! Happy blogging. */

/** Absolute path to the WordPress directory. */
if (!defined('ABSPATH')) {
    define('ABSPATH', dirname(__FILE__) . '/');
}

/** Sets up WordPress vars and included files. */
require_once(ABSPATH . 'wp-settings.php');