wordpress/docker-compose.yml

x-wordpress-configuration-env: &wordpress-configuration-env
  WORDPRESS_PLUGIN_LIST: "maintenance redis-cache"
  WORDPRESS_REDIS_HOST: redis
  WORDPRESS_CACHE: 1
  WORDPRESS_CACHE_KEY_SALT: 'Wp-'
  WORDPRESS_TABLE_PREFIX: 'wp_'
  WORDPRESS_DEBUG: 0
  DEFAULT_EMAIL: "webmaster@example.com"
  WORDPRESS_DB_USER: wordpress
  WORDPRESS_DB_NAME: wordpress
  WORDPRESS_DB_HOST: database
  WORDPRESS_CONFIG_EXTRA: |
    define('WP_AUTO_UPDATE_CORE', false);
    define('WP_SITEURL', 'https://www.example.com');
    define('WP_HOME', 'https://www.example.com');
    define('WP_CACHE', true);
    define('WP_CACHE_KEY_SALT', 'Wp-');
    define('WP_REDIS_HOST', "cache");
    define('DISABLE_WP_CRON', true);
    $$_SERVER['HTTP_UPGRADE_INSECURE_REQUESTS'] = false;
    $$_SERVER['HTTP_X_FORWARDED_PORT'] = 443;
    $$_SERVER['HTTP_X_FORWARDED_SSL'] = 'on';
    $$_SERVER['HTTPS'] = 'on';
    $$_SERVER['SERVER_PORT'] = 443;
    $$_SERVER['REQUEST_SCHEME'] = 'https';
  # $_SERVER definitions above are set to trick WP that it's accessed over HTTPS. This is typically useful only behind reverse proxy and should be avoided in production

# Required since nginx unit will not pass environment variables s6-envdir loads. wp-config.php has docker_getenv()
x-wordpress-secrets-files: &wordpress-secrets-files-env
  WORDPRESS_AUTH_KEY_FILE: /run/secrets/wordpress_auth_key
  WORDPRESS_SECURE_AUTH_KEY_FILE: /run/secrets/wordpress_secure_auth_key
  WORDPRESS_LOGGED_IN_KEY_FILE: /run/secrets/wordpress_logged_in_key
  WORDPRESS_NONCE_KEY_FILE: /run/secrets/wordpress_nonce_key
  WORDPRESS_AUTH_SALT_FILE: /run/secrets/wordpress_auth_salt
  WORDPRESS_SECURE_AUTH_SALT_FILE: /run/secrets/wordpress_secure_auth_salt
  WORDPRESS_LOGGED_IN_SALT_FILE: /run/secrets/wordpress_logged_in_salt
  WORDPRESS_NONCE_SALT_FILE: /run/secrets/wordpress_nonce_salt
  WORDPRESS_DB_PASSWORD_FILE: /run/secrets/wordpress_db_password

x-wordpress-init-env: &wordpress-init-env
  WORDPRESS_INIT_ENABLE: "true"
  WORDPRESS_INIT_ADMIN_USER: admin
  # WORDPRESS_INIT_ADMIN_PASSWORD is defined in secrets
  WORDPRESS_INIT_ADMIN_EMAIL: admin@example.com
  WORDPRESS_INIT_SITE_TITLE: "Example.com"
  WORDPRESS_INIT_SITE_URL: "https://www.example.com"


networks:
  default:

secrets:
  database_root_password:
    file: ./.secrets/database_root_password.txt
  wordpress_database_password:
    file: ./.secrets/wordpress_database_password.txt
  wordpress_db_password:
    file: ./.secrets/wordpress_database_password.txt
  wordpress_auth_key:
    file: ./.secrets/wordpress_auth_key
  wordpress_secure_auth_key:
    file: ./.secrets/wordpress_secure_auth_key
  wordpress_logged_in_key:
    file: ./.secrets/wordpress_logged_in_key
  wordpress_nonce_key:
    file: ./.secrets/wordpress_nonce_key
  wordpress_auth_salt:
    file: ./.secrets/wordpress_auth_salt
  wordpress_secure_auth_salt:
    file: ./.secrets/wordpress_secure_auth_salt
  wordpress_logged_in_salt:
    file: ./.secrets/wordpress_logged_in_salt
  wordpress_nonce_salt:
    file: ./.secrets/wordpress_nonce_salt
  wordpress_init_admin_password:
    file: ./.secrets/wordpress_init_admin_password


services:
  wordpress:
    image: ghcr.io/n0rthernl1ghts/wordpress:6.6.2
    deploy:
      restart_policy:
        condition: any
    healthcheck: # See: src/wp-utils/healthcheck
      test: [ "CMD", "/usr/local/bin/healthcheck" ]
      interval: 30s
      timeout: 5s
      retries: 3
    secrets:
      - wordpress_db_password
      - wordpress_auth_key
      - wordpress_secure_auth_key
      - wordpress_logged_in_key
      - wordpress_nonce_key
      - wordpress_auth_salt
      - wordpress_secure_auth_salt
      - wordpress_logged_in_salt
      - wordpress_nonce_salt
      - wordpress_init_admin_password
    environment:
      <<: [ *wordpress-configuration-env, *wordpress-secrets-files-env, *wordpress-init-env ]
      CRON_ENABLED: "false"
    labels: # This configures traefik - if you have it. You also need to make sure that this service is in the same network with Traefik instance
      - "traefik.enable=true"
      - "traefik.http.routers.${COMPOSE_PROJECT_NAME}-http.rule=Host(`example.com`)"
      - "traefik.http.routers.${COMPOSE_PROJECT_NAME}-http.entrypoints=web"
      - "traefik.http.routers.${COMPOSE_PROJECT_NAME}-https.tls=true"
      - "traefik.http.routers.${COMPOSE_PROJECT_NAME}-https.tls.certresolver=le"
      - "traefik.http.routers.${COMPOSE_PROJECT_NAME}-https.rule=Host(`example.com`)"
      - "traefik.http.routers.${COMPOSE_PROJECT_NAME}-https.entrypoints=websecure"
      - "traefik.http.services.${COMPOSE_PROJECT_NAME}.loadbalancer.server.port=80"
    volumes:
      - ./data/wordpress/wp-content:/var/www/html/wp-content
    networks:
      default:

  # It's a good idea to have a separate service for the cron job
  cron:
    extends:
      service: wordpress
    deploy:
      resources:
        limits:
          memory: 512M # Limit the memory for the cron job to 512 MB. This is a good practice to avoid memory leaks.
    environment:
      CRON_ENABLED: "true"

  # Redis is optional, but it works really well for caching. If removed, please update x-wordpress-configuration-env
  cache:
    image: redis:alpine
    init: true
    healthcheck:
      test: ["CMD", "/usr/local/bin/redis-cli", "PING"]
      interval: 20s
      timeout: 3s
      retries: 3
    deploy:
      restart_policy:
        condition: any
      resources:
        limits:
          memory: 64M
    networks:
      default:

  # Please update environment accordingly
  database:
    image: 'ghcr.io/n0rthernl1ghts/mariadb:10.11'
    deploy:
      replicas: 1
      restart_policy:
        condition: any
      resources:
        limits:
          memory: 512M # Should be adjusted accordingly to the website size. 512MB is usually enough for small website
    healthcheck:
      test: ["CMD", "/usr/bin/healthcheck"]
      interval: 30s
      timeout: 20s
      retries: 3
    environment:
      PUID: 1000
      PGID: 1000
      MARIADB_INIT_DATABASES: wordpress
      MARIADB_INIT_USERS: wordpress
      FILE__MARIADB_ROOT_PASSWORD: /run/secrets/database_root_password
      FILE__MARIADB_USER_wordpress_PASSWORD: /run/secrets/wordpress_database_password
      FORCE_CONFIG_OVERWRITE: 1
    volumes:
      - ./data/database/config:/config
      - ./data/database/data:/var/lib/mysql
    secrets:
      - database_root_password
      - wordpress_database_password
    networks:
      default:
Add docker-compose.yml 2024-05-23 20:06:00 +02:00			`x-wordpress-configuration-env: &wordpress-configuration-env`
			`WORDPRESS_PLUGIN_LIST: "maintenance redis-cache"`
			`WORDPRESS_REDIS_HOST: redis`
			`WORDPRESS_CACHE: 1`
			`WORDPRESS_CACHE_KEY_SALT: 'Wp-'`
			`WORDPRESS_TABLE_PREFIX: 'wp_'`
			`WORDPRESS_DEBUG: 0`
			`DEFAULT_EMAIL: "webmaster@example.com"`
Use docker secrets 2024-10-29 19:17:44 +01:00			`WORDPRESS_DB_USER: wordpress`
			`WORDPRESS_DB_NAME: wordpress`
			`WORDPRESS_DB_HOST: database`
Add docker-compose.yml 2024-05-23 20:06:00 +02:00			`WORDPRESS_CONFIG_EXTRA: \|`
			`define('WP_AUTO_UPDATE_CORE', false);`
			`define('WP_SITEURL', 'https://www.example.com');`
			`define('WP_HOME', 'https://www.example.com');`
			`define('WP_CACHE', true);`
			`define('WP_CACHE_KEY_SALT', 'Wp-');`
			`define('WP_REDIS_HOST', "cache");`
			`define('DISABLE_WP_CRON', true);`
			`$$_SERVER['HTTP_UPGRADE_INSECURE_REQUESTS'] = false;`
			`$$_SERVER['HTTP_X_FORWARDED_PORT'] = 443;`
			`$$_SERVER['HTTP_X_FORWARDED_SSL'] = 'on';`
			`$$_SERVER['HTTPS'] = 'on';`
			`$$_SERVER['SERVER_PORT'] = 443;`
			`$$_SERVER['REQUEST_SCHEME'] = 'https';`
			`# $_SERVER definitions above are set to trick WP that it's accessed over HTTPS. This is typically useful only behind reverse proxy and should be avoided in production`

Use docker secrets 2024-10-29 19:17:44 +01:00			`# Required since nginx unit will not pass environment variables s6-envdir loads. wp-config.php has docker_getenv()`
			`x-wordpress-secrets-files: &wordpress-secrets-files-env`
			`WORDPRESS_AUTH_KEY_FILE: /run/secrets/wordpress_auth_key`
			`WORDPRESS_SECURE_AUTH_KEY_FILE: /run/secrets/wordpress_secure_auth_key`
			`WORDPRESS_LOGGED_IN_KEY_FILE: /run/secrets/wordpress_logged_in_key`
			`WORDPRESS_NONCE_KEY_FILE: /run/secrets/wordpress_nonce_key`
			`WORDPRESS_AUTH_SALT_FILE: /run/secrets/wordpress_auth_salt`
			`WORDPRESS_SECURE_AUTH_SALT_FILE: /run/secrets/wordpress_secure_auth_salt`
			`WORDPRESS_LOGGED_IN_SALT_FILE: /run/secrets/wordpress_logged_in_salt`
			`WORDPRESS_NONCE_SALT_FILE: /run/secrets/wordpress_nonce_salt`
			`WORDPRESS_DB_PASSWORD_FILE: /run/secrets/wordpress_db_password`

Add support for WordPress init - automated install 2024-05-25 02:25:33 +02:00			`x-wordpress-init-env: &wordpress-init-env`
			`WORDPRESS_INIT_ENABLE: "true"`
			`WORDPRESS_INIT_ADMIN_USER: admin`
Use docker secrets 2024-10-29 19:17:44 +01:00			`# WORDPRESS_INIT_ADMIN_PASSWORD is defined in secrets`
Add support for WordPress init - automated install 2024-05-25 02:25:33 +02:00			`WORDPRESS_INIT_ADMIN_EMAIL: admin@example.com`
			`WORDPRESS_INIT_SITE_TITLE: "Example.com"`
			`WORDPRESS_INIT_SITE_URL: "https://www.example.com"`


Add docker-compose.yml 2024-05-23 20:06:00 +02:00			`networks:`
			`default:`

Use secrets for database service 2024-05-24 01:33:39 +02:00			`secrets:`
Use docker secrets 2024-10-29 19:17:44 +01:00			`database_root_password:`
			`file: ./.secrets/database_root_password.txt`
			`wordpress_database_password:`
			`file: ./.secrets/wordpress_database_password.txt`
			`wordpress_db_password:`
			`file: ./.secrets/wordpress_database_password.txt`
			`wordpress_auth_key:`
			`file: ./.secrets/wordpress_auth_key`
			`wordpress_secure_auth_key:`
			`file: ./.secrets/wordpress_secure_auth_key`
			`wordpress_logged_in_key:`
			`file: ./.secrets/wordpress_logged_in_key`
			`wordpress_nonce_key:`
			`file: ./.secrets/wordpress_nonce_key`
			`wordpress_auth_salt:`
			`file: ./.secrets/wordpress_auth_salt`
			`wordpress_secure_auth_salt:`
			`file: ./.secrets/wordpress_secure_auth_salt`
			`wordpress_logged_in_salt:`
			`file: ./.secrets/wordpress_logged_in_salt`
			`wordpress_nonce_salt:`
			`file: ./.secrets/wordpress_nonce_salt`
			`wordpress_init_admin_password:`
			`file: ./.secrets/wordpress_init_admin_password`

Use secrets for database service 2024-05-24 01:33:39 +02:00
Add docker-compose.yml 2024-05-23 20:06:00 +02:00			`services:`
			`wordpress:`
Use docker secrets 2024-10-29 19:17:44 +01:00			`image: ghcr.io/n0rthernl1ghts/wordpress:6.6.2`
Add docker-compose.yml 2024-05-23 20:06:00 +02:00			`deploy:`
			`restart_policy:`
			`condition: any`
			`healthcheck: # See: src/wp-utils/healthcheck`
			`test: [ "CMD", "/usr/local/bin/healthcheck" ]`
			`interval: 30s`
			`timeout: 5s`
			`retries: 3`
Use docker secrets 2024-10-29 19:17:44 +01:00			`secrets:`
			`- wordpress_db_password`
			`- wordpress_auth_key`
			`- wordpress_secure_auth_key`
			`- wordpress_logged_in_key`
			`- wordpress_nonce_key`
			`- wordpress_auth_salt`
			`- wordpress_secure_auth_salt`
			`- wordpress_logged_in_salt`
			`- wordpress_nonce_salt`
			`- wordpress_init_admin_password`
Add docker-compose.yml 2024-05-23 20:06:00 +02:00			`environment:`
Use docker secrets 2024-10-29 19:17:44 +01:00			`<<: [ wordpress-configuration-env, wordpress-secrets-files-env, *wordpress-init-env ]`
Add docker-compose.yml 2024-05-23 20:06:00 +02:00			`CRON_ENABLED: "false"`
			`labels: # This configures traefik - if you have it. You also need to make sure that this service is in the same network with Traefik instance`
			`- "traefik.enable=true"`
			- "traefik.http.routers.${COMPOSE_PROJECT_NAME}-http.rule=Host(`example.com`)"
			`- "traefik.http.routers.${COMPOSE_PROJECT_NAME}-http.entrypoints=web"`
			`- "traefik.http.routers.${COMPOSE_PROJECT_NAME}-https.tls=true"`
			`- "traefik.http.routers.${COMPOSE_PROJECT_NAME}-https.tls.certresolver=le"`
			- "traefik.http.routers.${COMPOSE_PROJECT_NAME}-https.rule=Host(`example.com`)"
			`- "traefik.http.routers.${COMPOSE_PROJECT_NAME}-https.entrypoints=websecure"`
			`- "traefik.http.services.${COMPOSE_PROJECT_NAME}.loadbalancer.server.port=80"`
			`volumes:`
			`- ./data/wordpress/wp-content:/var/www/html/wp-content`
			`networks:`
			`default:`

			`# It's a good idea to have a separate service for the cron job`
			`cron:`
			`extends:`
			`service: wordpress`
			`deploy:`
			`resources:`
			`limits:`
			`memory: 512M # Limit the memory for the cron job to 512 MB. This is a good practice to avoid memory leaks.`
			`environment:`
			`CRON_ENABLED: "true"`

			`# Redis is optional, but it works really well for caching. If removed, please update x-wordpress-configuration-env`
			`cache:`
			`image: redis:alpine`
			`init: true`
			`healthcheck:`
			`test: ["CMD", "/usr/local/bin/redis-cli", "PING"]`
			`interval: 20s`
			`timeout: 3s`
			`retries: 3`
			`deploy:`
			`restart_policy:`
			`condition: any`
			`resources:`
			`limits:`
			`memory: 64M`
			`networks:`
			`default:`

			`# Please update environment accordingly`
			`database:`
			`image: 'ghcr.io/n0rthernl1ghts/mariadb:10.11'`
			`deploy:`
			`replicas: 1`
			`restart_policy:`
			`condition: any`
			`resources:`
			`limits:`
			`memory: 512M # Should be adjusted accordingly to the website size. 512MB is usually enough for small website`
			`healthcheck:`
			`test: ["CMD", "/usr/bin/healthcheck"]`
			`interval: 30s`
			`timeout: 20s`
			`retries: 3`
			`environment:`
			`PUID: 1000`
			`PGID: 1000`
			`MARIADB_INIT_DATABASES: wordpress`
Add support for WordPress init - automated install 2024-05-25 02:25:33 +02:00			`MARIADB_INIT_USERS: wordpress`
Use secrets for database service 2024-05-24 01:33:39 +02:00			`FILE__MARIADB_ROOT_PASSWORD: /run/secrets/database_root_password`
Add support for WordPress init - automated install 2024-05-25 02:25:33 +02:00			`FILE__MARIADB_USER_wordpress_PASSWORD: /run/secrets/wordpress_database_password`
Add docker-compose.yml 2024-05-23 20:06:00 +02:00			`FORCE_CONFIG_OVERWRITE: 1`
			`volumes:`
			`- ./data/database/config:/config`
			`- ./data/database/data:/var/lib/mysql`
Use secrets for database service 2024-05-24 01:33:39 +02:00			`secrets:`
			`- database_root_password`
Add support for WordPress init - automated install 2024-05-25 02:25:33 +02:00			`- wordpress_database_password`
Add docker-compose.yml 2024-05-23 20:06:00 +02:00			`networks:`
			`default:`