x-wordpress-configuration-env: &wordpress-configuration-env WORDPRESS_PLUGIN_LIST: "maintenance redis-cache" WORDPRESS_REDIS_HOST: redis WORDPRESS_CACHE: 1 WORDPRESS_CACHE_KEY_SALT: 'Wp-' WORDPRESS_TABLE_PREFIX: 'wp_' WORDPRESS_DEBUG: 0 DEFAULT_EMAIL: "webmaster@example.com" WORDPRESS_CONFIG_EXTRA: | define('WP_AUTO_UPDATE_CORE', false); define('WP_SITEURL', 'https://www.example.com'); define('WP_HOME', 'https://www.example.com'); define('WP_CACHE', true); define('WP_CACHE_KEY_SALT', 'Wp-'); define('WP_REDIS_HOST', "cache"); define('DISABLE_WP_CRON', true); $$_SERVER['HTTP_UPGRADE_INSECURE_REQUESTS'] = false; $$_SERVER['HTTP_X_FORWARDED_PORT'] = 443; $$_SERVER['HTTP_X_FORWARDED_SSL'] = 'on'; $$_SERVER['HTTPS'] = 'on'; $$_SERVER['SERVER_PORT'] = 443; $$_SERVER['REQUEST_SCHEME'] = 'https'; # $_SERVER definitions above are set to trick WP that it's accessed over HTTPS. This is typically useful only behind reverse proxy and should be avoided in production x-wordpress-init-env: &wordpress-init-env WORDPRESS_INIT_ENABLE: "true" WORDPRESS_INIT_ADMIN_USER: admin WORDPRESS_INIT_ADMIN_PASSWORD: admin WORDPRESS_INIT_ADMIN_EMAIL: admin@example.com WORDPRESS_INIT_SITE_TITLE: "Example.com" WORDPRESS_INIT_SITE_URL: "https://www.example.com" networks: default: secrets: database_root_password: file: ./.secrets/database_root_password.txt wordpress_database_password: file: ./.secrets/wordpress_database_password.txt services: wordpress: image: ghcr.io/n0rthernl1ghts/wordpress:6.5.3 deploy: restart_policy: condition: any healthcheck: # See: src/wp-utils/healthcheck test: [ "CMD", "/usr/local/bin/healthcheck" ] interval: 30s timeout: 5s retries: 3 env_file: - ./.secrets/wp-salts.env - ./.secrets/wp-database.env environment: <<: [ *wordpress-configuration-env, *wordpress-init-env ] CRON_ENABLED: "false" labels: # This configures traefik - if you have it. You also need to make sure that this service is in the same network with Traefik instance - "traefik.enable=true" - "traefik.http.routers.${COMPOSE_PROJECT_NAME}-http.rule=Host(`example.com`)" - "traefik.http.routers.${COMPOSE_PROJECT_NAME}-http.entrypoints=web" - "traefik.http.routers.${COMPOSE_PROJECT_NAME}-https.tls=true" - "traefik.http.routers.${COMPOSE_PROJECT_NAME}-https.tls.certresolver=le" - "traefik.http.routers.${COMPOSE_PROJECT_NAME}-https.rule=Host(`example.com`)" - "traefik.http.routers.${COMPOSE_PROJECT_NAME}-https.entrypoints=websecure" - "traefik.http.services.${COMPOSE_PROJECT_NAME}.loadbalancer.server.port=80" volumes: - ./data/wordpress/wp-content:/var/www/html/wp-content networks: default: # It's a good idea to have a separate service for the cron job cron: extends: service: wordpress deploy: resources: limits: memory: 512M # Limit the memory for the cron job to 512 MB. This is a good practice to avoid memory leaks. environment: CRON_ENABLED: "true" # Redis is optional, but it works really well for caching. If removed, please update x-wordpress-configuration-env cache: image: redis:alpine init: true healthcheck: test: ["CMD", "/usr/local/bin/redis-cli", "PING"] interval: 20s timeout: 3s retries: 3 deploy: restart_policy: condition: any resources: limits: memory: 64M networks: default: # Please update environment accordingly database: image: 'ghcr.io/n0rthernl1ghts/mariadb:10.11' deploy: replicas: 1 restart_policy: condition: any resources: limits: memory: 512M # Should be adjusted accordingly to the website size. 512MB is usually enough for small website healthcheck: test: ["CMD", "/usr/bin/healthcheck"] interval: 30s timeout: 20s retries: 3 environment: PUID: 1000 PGID: 1000 MARIADB_INIT_DATABASES: wordpress MARIADB_INIT_USERS: wordpress FILE__MARIADB_ROOT_PASSWORD: /run/secrets/database_root_password FILE__MARIADB_USER_wordpress_PASSWORD: /run/secrets/wordpress_database_password FORCE_CONFIG_OVERWRITE: 1 volumes: - ./data/database/config:/config - ./data/database/data:/var/lib/mysql secrets: - database_root_password - wordpress_database_password networks: default: