fix(*): all issues

.github/workflows/publish.yml

@@ -102,6 +102,8 @@ jobs:
           labels: ${{steps.meta.outputs.labels}}
           cache-from: type=gha
           cache-to: type=gha,mode=max
+          build-args: |
+            IONCUBE_LOADER="1"
 
       - name: 🏗 Sign the published container image
         if: ${{github.event_name != 'pull_request'}}

.gitignore

@@ -1 +1,102 @@
 .env
+
+# Created by https://www.toptal.com/developers/gitignore/api/macos,linux,wordpress
+# Edit at https://www.toptal.com/developers/gitignore?templates=macos,linux,wordpress
+
+### Linux ###
+*~
+
+# temporary files which can be created if a process still has a handle open of a deleted file
+.fuse_hidden*
+
+# KDE directory preferences
+.directory
+
+# Linux trash folder which might appear on any partition or disk
+.Trash-*
+
+# .nfs files are created when an open file is removed but is still being accessed
+.nfs*
+
+### macOS ###
+# General
+.DS_Store
+.AppleDouble
+.LSOverride
+
+# Icon must end with two \r
+Icon
+
+
+# Thumbnails
+._*
+
+# Files that might appear in the root of a volume
+.DocumentRevisions-V100
+.fseventsd
+.Spotlight-V100
+.TemporaryItems
+.Trashes
+.VolumeIcon.icns
+.com.apple.timemachine.donotpresent
+
+# Directories potentially created on remote AFP share
+.AppleDB
+.AppleDesktop
+Network Trash Folder
+Temporary Items
+.apdisk
+
+### macOS Patch ###
+# iCloud generated files
+*.icloud
+
+### WordPress ###
+# Core
+#
+# Note: if you want to stage/commit WP core files
+# you can delete this whole section/until Configuration.
+/wp-admin/
+/wp-content/index.php
+/wp-content/languages
+/wp-content/plugins/index.php
+/wp-content/themes/index.php
+/wp-includes/
+/index.php
+/license.txt
+/readme.html
+/wp-*.php
+/xmlrpc.php
+
+# Configuration
+wp-config.php
+
+# Example themes
+/wp-content/themes/twenty*/
+
+# Example plugin
+/wp-content/plugins/hello.php
+
+# Uploads
+/wp-content/uploads/
+
+# Log files
+*.log
+
+# htaccess
+/.htaccess
+
+# All plugins
+# Note: If you wish to whitelist plugins,
+# uncomment the next line
+#/wp-content/plugins
+
+# All themes
+# Note: If you wish to whitelist themes,
+# uncomment the next line
+#/wp-content/themes
+
+
+# End of https://www.toptal.com/developers/gitignore/api/macos,linux,wordpress
+**/html/*.zip
+**/html/installer.php

compose.yml

@@ -1,44 +1,41 @@
 services:
   db:
-    platform: linux/amd64
-    image: ghcr.io/gecut/lemp/mysql:8
+    build: containers/mysql
     container_name: db
     restart: unless-stopped
     env_file: .env
+    mem_limit: 512M
+    cpus: 0.128
     volumes:
       - db:/var/lib/mysql
-    environment:
-      - MYSQL_DATABASE=wordpress
     networks:
       - app-network
 
   wordpress:
     depends_on:
       - db
-    platform: linux/amd64
-    image: ghcr.io/gecut/lemp/wordpress:6
+    build:
+      context: containers/wordpress
+      args:
+        IONCUBE_LOADER: "1"
     container_name: wordpress
     restart: unless-stopped
     env_file: .env
-    environment:
-      - WORDPRESS_DB_HOST=db:3306
-      - WORDPRESS_DB_USER=$MYSQL_USER
-      - WORDPRESS_DB_PASSWORD=$MYSQL_PASSWORD
-      - WORDPRESS_DB_NAME=wordpress
+    mem_limit: 512M
+    cpus: 0.512
     volumes:
       - wordpress:/var/www/html
     networks:
       - app-network
 
   webserver:
-    depends_on:
-      - wordpress
-    platform: linux/amd64
-    image: ghcr.io/gecut/lemp/nginx:1
+    build: containers/nginx
     container_name: webserver
     restart: unless-stopped
+    mem_limit: 128M
+    cpus: 0.512
     ports:
-      - "9090:80"
+      - "80:80"
     volumes:
       - wordpress:/var/www/html
     networks:
@@ -50,4 +47,5 @@ volumes:
 
 networks:
   app-network:
-    driver: bridge
+    driver: bridge
+    external: true

containers/mysql/Dockerfile

@@ -3,7 +3,6 @@ FROM mysql:8.0
 
 # Set the default authentication plugin
 ENV MYSQL_ROOT_PASSWORD=your_root_password
-ENV MYSQL_DATABASE=wordpress
 ENV MYSQL_USER=your_db_user
 ENV MYSQL_PASSWORD=your_db_password
 

containers/nginx/Dockerfile

@@ -3,7 +3,7 @@ FROM nginx:1.27-alpine
 
 # Copy Nginx configuration and custom HTML files
 COPY config/ /etc/nginx/
-COPY html/ /var/www/html/
+COPY html/* /var/www/html/
 
 # Expose the Nginx port
 EXPOSE 80

containers/nginx/config/conf.d/fastcgi.conf

@@ -1,65 +1,65 @@
 # regex to split $uri to $fastcgi_script_name and $fastcgi_path
 # This is a robust solution for path info security issue and works with "cgi.fix_pathinfo = 1" in /etc/php.ini (default) # ?
-fastcgi_split_path_info  ^(.+\.php)(/.+)$;
-fastcgi_connect_timeout  10s;
-fastcgi_send_timeout     15s;
-fastcgi_read_timeout     120s;
+fastcgi_split_path_info ^(.+\.php)(/.+)$;
+fastcgi_connect_timeout 10s;
+fastcgi_send_timeout 15s;
+fastcgi_read_timeout 120s;
 
-fastcgi_buffer_size          256k;
-fastcgi_buffers              4 256k;
-fastcgi_busy_buffers_size    256k;
+fastcgi_buffer_size 256k;
+fastcgi_buffers 4 256k;
+fastcgi_busy_buffers_size 256k;
 fastcgi_temp_file_write_size 4m;
-fastcgi_max_temp_file_size   4m;
-fastcgi_intercept_errors     off;
+fastcgi_max_temp_file_size 4m;
+fastcgi_intercept_errors off;
 
 # fastcgi_keep_conn  on; # its must be on for keepalive in upstream work
 
-fastcgi_cache                   fastcgicache;
-fastcgi_cache_valid             302 403 404 5m;
-fastcgi_cache_valid             200 206 301 24h;
-fastcgi_cache_revalidate        on; # ?
+fastcgi_cache fastcgicache;
+fastcgi_cache_valid 302 403 404 5m;
+fastcgi_cache_valid 200 206 301 24h;
+fastcgi_cache_revalidate on; # ?
 fastcgi_cache_background_update on; # ?
-fastcgi_cache_lock              on;
-fastcgi_cache_use_stale         error timeout invalid_header updating http_500;
-fastcgi_cache_min_uses          1;
-#fastcgi_cache_purge             $purge_method; # active module
+fastcgi_cache_lock on;
+fastcgi_cache_use_stale error timeout invalid_header updating http_500;
+fastcgi_cache_min_uses 2;
+# fastcgi_cache_purge             $purge_method; # active module
 
-fastcgi_cache_bypass            $no_cache;
-fastcgi_no_cache                $no_cache;
+fastcgi_cache_bypass $no_cache;
+fastcgi_no_cache $no_cache;
 
 fastcgi_pass_request_headers on;
-fastcgi_pass_request_body    on;
-fastcgi_ignore_headers       Cache-Control Expires Set-Cookie;
-fastcgi_hide_header          X-Powered-By;
+fastcgi_pass_request_body on;
+fastcgi_ignore_headers Cache-Control Expires Set-Cookie;
+fastcgi_hide_header X-Powered-By;
 # Remove cached Set-Cookie header to prevent same cookie for all users!
 #fastcgi_hide_header          Set-Cookie;
 #fastcgi_hide_header          Cookie;
 
-fastcgi_param  GATEWAY_INTERFACE CGI/1.1;
-fastcgi_param  SERVER_SOFTWARE   nginx/$nginx_version;
+fastcgi_param GATEWAY_INTERFACE CGI/1.1;
+fastcgi_param SERVER_SOFTWARE nginx/$nginx_version;
 
-fastcgi_param  SCRIPT_FILENAME   $document_root$fastcgi_script_name;
-fastcgi_param  SCRIPT_NAME       $fastcgi_script_name;
-fastcgi_param  QUERY_STRING      $query_string;
-fastcgi_param  REQUEST_METHOD    $request_method;
-fastcgi_param  CONTENT_TYPE      $content_type if_not_empty;
-fastcgi_param  CONTENT_LENGTH    $content_length;
+fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
+fastcgi_param SCRIPT_NAME $fastcgi_script_name;
+fastcgi_param QUERY_STRING $query_string;
+fastcgi_param REQUEST_METHOD $request_method;
+fastcgi_param CONTENT_TYPE $content_type if_not_empty;
+fastcgi_param CONTENT_LENGTH $content_length;
 
-fastcgi_param  REQUEST_URI       $request_uri;
-fastcgi_param  DOCUMENT_URI      $document_uri;
-fastcgi_param  DOCUMENT_ROOT     $document_root;
-fastcgi_param  SERVER_PROTOCOL   $server_protocol;
-fastcgi_param  REQUEST_SCHEME    $scheme;
-fastcgi_param  HTTPS             $https if_not_empty;
+fastcgi_param REQUEST_URI $request_uri;
+fastcgi_param DOCUMENT_URI $document_uri;
+fastcgi_param DOCUMENT_ROOT $document_root;
+fastcgi_param SERVER_PROTOCOL $server_protocol;
+fastcgi_param REQUEST_SCHEME $scheme;
+fastcgi_param HTTPS $https if_not_empty;
 
-fastcgi_param  REMOTE_ADDR       $http_x_real_ip;
-fastcgi_param  REMOTE_PORT       $remote_port;
-fastcgi_param  SERVER_ADDR       $server_addr;
-fastcgi_param  SERVER_PORT       $server_port;
-fastcgi_param  SERVER_NAME       $server_name;
+fastcgi_param REMOTE_ADDR $http_x_real_ip;
+fastcgi_param REMOTE_PORT $remote_port;
+fastcgi_param SERVER_ADDR $server_addr;
+fastcgi_param SERVER_PORT $server_port;
+fastcgi_param SERVER_NAME $server_name;
 
 # PHP only, required if PHP was built with --enable-force-cgi-redirect
-fastcgi_param  REDIRECT_STATUS   200;
+fastcgi_param REDIRECT_STATUS 200;
 
 # Bypass the fact that try_files resets $fastcgi_path_info
 # see: https://trac.nginx.org/nginx/ticket/321