diff --git a/Caddyfile b/Caddyfile index 86939e9..65a1d2a 100644 --- a/Caddyfile +++ b/Caddyfile @@ -1,32 +1,43 @@ +# Global options { {$CADDY_GLOBAL_OPTIONS} frankenphp { - #worker /path/to/your/worker.php {$FRANKENPHP_CONFIG} } - # https://caddyserver.com/docs/caddyfile/directives#sorting-algorithm + servers { + timeouts { + read_body 10s + read_header 10s + write 30s + idle 60s + } + keepalive_interval 2m + max_header_size 16KB + trusted_proxies static private_ranges + client_ip_headers X-Forwarded-For + protocols h1 + enable_full_duplex + strict_sni_host on + } + order php_server before file_server order php before file_server - order request_header before wp_cache } -{$CADDY_EXTRA_CONFIG} - -## Need to set all hosts with port for the cloud. -# You may not have the hostname being called due to dynamic IPs and load balancers. -# Allowing all hosts on port 80 for health checks, local dev & cases where the hostname is unknown. :80 { @static { file - path *.ico *.css *.js *.gif *.jpg *.jpeg *.png *.svg *.webp *.woff *.woff2 + path *.css *.eot *.gif *.ico *.jpeg *.jpg *.js *.otf *.png *.svg *.ttf *.webp *.woff *.woff2 } root * /var/www/html/ encode br zstd gzip - + + # Include any extra directives {$CADDY_SERVER_EXTRA_DIRECTIVES} + # PHP handling php_server -} \ No newline at end of file +} diff --git a/build-and-push.sh b/build-and-push.sh index 2c737cf..e4a2f28 100755 --- a/build-and-push.sh +++ b/build-and-push.sh @@ -15,9 +15,20 @@ fi # Set variables REPOSITORY="ghcr.io/avunu/wordpress" -PHP_VERSIONS=("php82" "php83" "php84") +ALL_PHP_VERSIONS=("php82" "php83" "php84") DEFAULT_PHP_VERSION="php83" +# Check if a specific PHP version is provided as an argument +if [ $# -eq 1 ]; then + PHP_VERSIONS=("$1") + if [[ ! " ${ALL_PHP_VERSIONS[@]} " =~ " ${1} " ]]; then + echo "Error: Invalid PHP version. Allowed versions are: ${ALL_PHP_VERSIONS[*]}" + exit 1 + fi +else + PHP_VERSIONS=("${ALL_PHP_VERSIONS[@]}") +fi + # Login to GitHub Container Registry echo $GITHUB_TOKEN | docker login ghcr.io -u $GITHUB_USERNAME -p $GITHUB_TOKEN diff --git a/docker-entrypoint.sh b/docker-entrypoint.sh index 0d0e2d8..901c6a2 100644 --- a/docker-entrypoint.sh +++ b/docker-entrypoint.sh @@ -2,7 +2,8 @@ set -e # set shell as /bin/sh -export SHELL=/bin/sh +# export SHELL=/bin/sh +# export WP_CLI_CUSTOM_SHELL=/bin/sh # Function to run wp-cron run_wp_cron() { @@ -17,7 +18,7 @@ run_wp_cron() { # If PROC_TYPE=worker, run cron jobs in the background if [ "$PROC_TYPE" = "worker" ]; then - export WP_CLI_CUSTOM_SHELL=/bin/sh + # export WP_CLI_CUSTOM_SHELL=/bin/sh echo "Starting wp-cron worker process" run_wp_cron fi diff --git a/flake.lock b/flake.lock index 0136f65..641a5f5 100644 --- a/flake.lock +++ b/flake.lock @@ -5,11 +5,11 @@ "systems": "systems" }, "locked": { - "lastModified": 1710146030, - "narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=", + "lastModified": 1726560853, + "narHash": "sha256-X6rJYSESBVr3hBoH0WbKE5KvhPU5bloyZ2L4K60/fPQ=", "owner": "numtide", "repo": "flake-utils", - "rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a", + "rev": "c1dfcf08411b08f6b8615f7d8971a2bfa81d5e8a", "type": "github" }, "original": { @@ -20,11 +20,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1726243404, - "narHash": "sha256-sjiGsMh+1cWXb53Tecsm4skyFNag33GPbVgCdfj3n9I=", + "lastModified": 1726463316, + "narHash": "sha256-gI9kkaH0ZjakJOKrdjaI/VbaMEo9qBbSUl93DnU7f4c=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "345c263f2f53a3710abe117f28a5cb86d0ba4059", + "rev": "99dc8785f6a0adac95f5e2ab05cc2e1bf666d172", "type": "github" }, "original": { diff --git a/wordpress.nix b/wordpress.nix index 455e1d0..3708fa6 100644 --- a/wordpress.nix +++ b/wordpress.nix @@ -24,15 +24,19 @@ let ztsSupport = true; # Needed for FrankenPHP - }).overrideAttrs (oldAttrs: { + }).overrideAttrs (oldAttrs: rec { + # Use Clang instead of GCC + stdenv = pkgs.clangStdenv; # optimizations extraConfig = '' - CFLAGS="$CFLAGS -march=x86-64-v3 -mtune=x86-64-v3 -O3 -flto" - CXXFLAGS="$CXXFLAGS -march=x86-64-v3 -mtune=x86-64-v3 -O3 -flto" + CC = "${pkgs.llvmPackages_19.clang}/bin/clang"; + CXX = "${pkgs.llvmPackages_19.clang}/bin/clang++"; + CFLAGS="$CFLAGS -march=x86-64-v3 -mtune=x86-64-v3 -O3 -ffast-math -flto" + CXXFLAGS="$CXXFLAGS -march=x86-64-v3 -mtune=x86-64-v3 -O3 -ffast-math -flto" LDFLAGS="$LDFLAGS -flto" ''; - + # Explicitly enable XML support configureFlags = (oldAttrs.configureFlags or [ ]) ++ [ "--enable-xml" @@ -77,40 +81,40 @@ let phpBuild = phpWithExtensions.buildEnv { extraConfig = '' ; Memory limits - memory_limit = 512M ; Increased to allow more memory for PHP - max_execution_time = 300 ; Allow longer execution time if needed - max_input_time = 120 ; Extend input processing time + memory_limit = 512M ; Increased to allow more memory for PHP + max_execution_time = 300 ; Allow longer execution time if needed + max_input_time = 120 ; Extend input processing time ; Opcache settings - opcache.enable = 1 - opcache.memory_consumption = 128 ; Increase opcache memory to improve script caching - opcache.max_accelerated_files = 4000 ; Higher number of files cached - opcache.interned_strings_buffer = 8 ; Increased for interned strings - opcache.jit_buffer_size = 64M ; Enable JIT with a larger buffer - opcache.jit = tracing ; Enable JIT compilation - opcache.validate_timestamps = 0 ; Keep enabled to handle dynamic file changes - opcache.revalidate_freq = 2 ; Check for file changes every 60 seconds + opcache.enable = 0 + opcache.memory_consumption = 128 ; Increase opcache memory to improve script caching + opcache.max_accelerated_files = 4000 ; Higher number of files cached + opcache.interned_strings_buffer = 8 ; Increased for interned strings + opcache.jit_buffer_size = 64M ; Enable JIT with a larger buffer + opcache.jit = 0 ; Enable JIT compilation + opcache.validate_timestamps = 0 ; Keep enabled to handle dynamic file changes + opcache.revalidate_freq = 2 ; Check for file changes every 60 seconds ; Error handling error_reporting = E_ERROR | E_WARNING | E_PARSE | E_CORE_ERROR | E_CORE_WARNING | E_COMPILE_ERROR | E_COMPILE_WARNING | E_RECOVERABLE_ERROR - display_errors = Off - display_startup_errors = Off + display_errors = On + display_startup_errors = On log_errors = On error_log = /dev/stderr log_errors_max_len = 1024 ignore_repeated_errors = On ignore_repeated_source = Off - html_errors = Off + html_errors = On ; Database connection pooling - mysqli.max_persistent = 1 ; Allow more persistent connections for efficiency - mysqli.allow_persistent = 1 ; Enable persistent connections + mysqli.max_persistent = 1 ; Allow more persistent connections for efficiency + mysqli.allow_persistent = 1 ; Enable persistent connections ; Security settings upload_max_filesize = 100M post_max_size = 100M zend.max_allowed_stack_size = 64M - ffi.enable = 1 + ffi.enable = 0 ; Disable FFI for security reasons ''; }; @@ -136,18 +140,22 @@ pkgs.dockerTools.buildLayeredImage { contents = [ frankenphp phpBuild - pkgs.busybox + pkgs.bashInteractive pkgs.cacert + pkgs.coreutils pkgs.ghostscript pkgs.imagemagick pkgs.mysql.client + pkgs.ncurses + pkgs.unzip pkgs.vips + pkgs.wget wp-cli ]; config = { - Entrypoint = [ "${pkgs.busybox}/bin/sh" "/docker-entrypoint.sh" ]; - Cmd = [ "${pkgs.lib.getExe frankenphp}" "run" "--config" "/etc/caddy/Caddyfile"]; + Entrypoint = [ "${pkgs.lib.getExe pkgs.bashInteractive}" "/docker-entrypoint.sh" ]; + Cmd = [ "${pkgs.lib.getExe frankenphp}" "run" "--config" "/etc/caddy/Caddyfile" ]; ExposedPorts = { "80/tcp" = { }; }; @@ -171,30 +179,36 @@ pkgs.dockerTools.buildLayeredImage { }; extraCommands = '' - # set up /tmp - mkdir -p tmp - chmod 1777 tmp - - # copy Caddyfile - mkdir -p etc/caddy - cp ${./Caddyfile} etc/caddy/Caddyfile - - # Copy WordPress files - mkdir -p var/www/html - cp ${./wp-config.php} wp-config.php - cp ${./docker-entrypoint.sh} docker-entrypoint.sh - chmod +x docker-entrypoint.sh - - # copy must-use plugins - mkdir mu-plugins - cp ${./mu-plugins/loopback.php} mu-plugins/ - - # Symlink CA certificates - ln -s ${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt etc/ssl/certs/ca-certificates.crt - - # Symlink busybox for bash and env - mkdir -p usr/bin - ln -s ${pkgs.busybox}/bin/busybox usr/bin/bash - ln -s ${pkgs.busybox}/bin/busybox usr/bin/env + # set up /tmp + mkdir -p tmp + chmod 1777 tmp + + # copy Caddyfile + mkdir -p etc/caddy + cp ${./Caddyfile} etc/caddy/Caddyfile + + # enable Caddy logging + mkdir -p var/log/caddy + touch var/log/caddy/access.log + touch var/log/caddy/error.log + chmod -R 777 var/log/caddy + + # Copy WordPress files + mkdir -p var/www/html + cp ${./wp-config.php} wp-config.php + cp ${./docker-entrypoint.sh} docker-entrypoint.sh + chmod +x docker-entrypoint.sh + + # copy must-use plugins + mkdir mu-plugins + cp ${./mu-plugins/loopback.php} mu-plugins/ + + # Symlink CA certificates + ln -s ${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt etc/ssl/certs/ca-certificates.crt + + # # Symlink busybox for bash and env + # mkdir -p usr/bin + # ln -s ${pkgs.busybox}/bin/busybox usr/bin/bash + # ln -s ${pkgs.busybox}/bin/busybox usr/bin/env ''; }