From 0e780362d8a52ab194d4b3af1a0cd168c5e16010 Mon Sep 17 00:00:00 2001 From: Jonas Heinrich Date: Wed, 1 Apr 2020 18:10:21 +0200 Subject: [PATCH] add theme to wordpress docker container --- README.md | 11 ++---- dist/nftables.conf | 45 +++++++++++++++++++++++++ dist/nftables.conf.notes | 2 ++ dist/nftables2.conf | 71 +++++++++++++++++++++++++++++++++++++++ kit/{index => index.html} | 0 wordpress.yml | 32 ++++++++++++++++++ 6 files changed, 152 insertions(+), 9 deletions(-) create mode 100644 dist/nftables.conf create mode 100644 dist/nftables.conf.notes create mode 100644 dist/nftables2.conf rename kit/{index => index.html} (100%) create mode 100644 wordpress.yml diff --git a/README.md b/README.md index d6e8a44..3dcb6c8 100644 --- a/README.md +++ b/README.md @@ -23,16 +23,9 @@ Fork of the experimental KIT theme from kit-ausbildung.de, adapted to Wordpres. ## Testing Can be easily tested using Docker: ``` -docker run -v /tmp/nextcloud-app-radio:/opt/nextcloud/apps/radio -d --name nextcloud -p 80:80 rootlogin/nextcloud -``` -First part of -v is the path to the cloned or downloaded nextcloud radio app. Debug running container it with: -``` -docker exec -i -t 665b4a1e17b6 /bin/bash -``` -Where -t specifies the container id. If you further need to access the sqlite-database, logs or files inside the data folder of Nextcloud, that you also have to share this folder with the host: -``` -docker run -v /tmp/dockerdata:/data/data -v /tmp/nextcloud-app-radio:/opt/nextcloud/apps/radio -d --name nextcloud -p 80:80 rootlogin/nextcloud +make docker_up ``` +The Wordpress instance is then available in the local network at http://localhost:8080/ . ## Reporting bugs You can report bugs in the public gitlab repository [here](https://git.project-insanity.org/onny/nextcloud-app-radio/issues) and for discussion you can find a section for the app in the offical Nextcloud forums [here](https://help.nextcloud.com/c/apps/radio). diff --git a/dist/nftables.conf b/dist/nftables.conf new file mode 100644 index 0000000..da0c703 --- /dev/null +++ b/dist/nftables.conf @@ -0,0 +1,45 @@ +#!/usr/bin/nft -f +# /etc/nftables.conf + +table inet filter { + chain input { + type filter hook input priority 0; + + # allow established/related connections + ct state {established, related} counter accept + + # early drop of invalid connections + ct state invalid counter drop + + # allow from loopback + iifname lo counter accept + + # allow icmp + ip protocol icmp counter accept + ip6 nexthdr icmpv6 counter accept + + # allow ssh + # tcp dport ssh counter accept + + # everything else + counter reject with icmp type port-unreachable + } + chain forward { + type filter hook forward priority 0; +# drop + } + chain output { + type filter hook output priority 0; + } + +} + +table ip nat { + chain prerouting { + type nat hook prerouting priority 0; + } + chain postrouting { + type nat hook postrouting priority 0; + oifname "wlan0" counter masquerade + } +} diff --git a/dist/nftables.conf.notes b/dist/nftables.conf.notes new file mode 100644 index 0000000..eaf0c1c --- /dev/null +++ b/dist/nftables.conf.notes @@ -0,0 +1,2 @@ + +https://gist.github.com/dearing/9388218f3c6ef6e48114 diff --git a/dist/nftables2.conf b/dist/nftables2.conf new file mode 100644 index 0000000..526ef0d --- /dev/null +++ b/dist/nftables2.conf @@ -0,0 +1,71 @@ +#!/usr/sbin/nft -f + +define docker_v4 = 172.17.0.0/16 +define docker_v6 = fcdd::/48 + +# start with a clean slate +flush ruleset + +table inet filter { + chain input { + # default input policy is drop + type filter hook input priority 50; policy drop; + + # accept any localhost traffic + iif "lo" accept + + # accept any docker traffic + ip saddr $docker_v4 accept + ip6 saddr $docker_v6 accept + + # accept any icmp traffic + ip protocol icmp accept + ip6 nexthdr ipv6-icmp accept + + # accept any established connection traffic + ct state established,related accept + } + + chain forward { + # default forward policy is drop + type filter hook forward priority 50; policy drop; + + # accept any docker traffic going to the internet + ip saddr $docker_v4 oif eth0 accept + ip6 saddr $docker_v6 oif eth0 accept + + # accept any established connection traffic + ct state established,related accept + } + + chain output { + # default output policy is accept + type filter hook output priority 50; policy accept; + } +} + +table ip nat { + chain prerouting { + type nat hook prerouting priority 0; + } + + chain postrouting { + type nat hook postrouting priority 100; + + # apply source nat for docker traffic to the internet + ip saddr $docker_v4 oif eth0 masquerade + } +} + +table ip6 nat { + chain prerouting { + type nat hook prerouting priority 0; + } + + chain postrouting { + type nat hook postrouting priority 100; + + # apply source nat for docker traffic to the internet + ip6 saddr $docker_v6 oif eth0 masquerade + } +} diff --git a/kit/index b/kit/index.html similarity index 100% rename from kit/index rename to kit/index.html diff --git a/wordpress.yml b/wordpress.yml new file mode 100644 index 0000000..f16bc39 --- /dev/null +++ b/wordpress.yml @@ -0,0 +1,32 @@ +version: '3.1' + +services: + + wordpress: + image: wordpress + restart: always + ports: + - 8080:80 + environment: + WORDPRESS_DB_HOST: db + WORDPRESS_DB_USER: exampleuser + WORDPRESS_DB_PASSWORD: examplepass + WORDPRESS_DB_NAME: exampledb + volumes: + - wordpress:/var/www/html + - ./kit:/var/www/html/wp-content/themes/kit + + db: + image: mysql:5.7 + restart: always + environment: + MYSQL_DATABASE: exampledb + MYSQL_USER: exampleuser + MYSQL_PASSWORD: examplepass + MYSQL_RANDOM_ROOT_PASSWORD: '1' + volumes: + - db:/var/lib/mysql + +volumes: + wordpress: + db: