PR #5 from psaux-it/fallback

fallback_localhost

Author: hsntgm

.env

@@ -1,4 +1,9 @@
-# NPP environment file
+# Environment for NPP-Optimized WordPress Setup                                    #
+# ----------------------------------------------------------------------------     #
+# Author: [Hasan ÇALIŞIR]                                                          #
+# Purpose: Full-stack Dockerized environment for NPP WordPress plugin, including   #
+#          WordPress, PHP-FPM, Nginx, MySQL, WP-CLI, and necessary PHP extensions. #
+# ----------------------------------------------------------------------------     #
 
 # Wordpress Settings
 export WORDPRESS_HOME=wordpress
@@ -18,13 +23,13 @@ export NPP_MYSQL_CONF=./mysql/50-npp-server.cnf
 # Nginx Settings
 export NGINX_CACHE=nginx_cache
 export NGINX_CONF=./nginx/nginx.conf
-export NPP_NGINX_CONF=./nginx/npp.conf
+export NPP_NGINX_CONF=./nginx/default.conf
 export NPP_NGINX_PARAMS_CONF=./nginx/fastcgi_params
-export NGINX_LOGS=./logs/nginx
-export NPP_NGINX_IP=172.19.0.3
+export NPP_NGINX_IP=172.19.84.1
+export NPP_HTTP_HOST=localhost
 
 # WP-CLI Settings
-export WORDPRESS_SITE_URL_="https://${NPP_NGINX_IP}"
+export WORDPRESS_SITE_URL_="https://${NPP_HTTP_HOST}"
 export WORDPRESS_SITE_TITLE_="NPP Dockerized"
 export WORDPRESS_ADMIN_USER_=npp
 export WORDPRESS_ADMIN_PASSWORD_=npp
@@ -49,16 +54,16 @@ export NPP_USER_=npp
 export NPP_UID_=18978
 export NPP_GID_=33749
 
-# NPP Switch Development environment
+# NPP Development environment
 export NPP_DEV_ENABLED_=1
 export NPP_DEV_PLUGIN_NAME_=fastcgi-cache-purge-and-preload-nginx
 export NPP_DEV_PLUGIN_DIR_="${NPP_WEB_ROOT_}/wp-content/plugins/${NPP_DEV_PLUGIN_NAME_}"
 export NPP_DEV_TMP_CLONE_DIR_="/tmp/${NPP_DEV_PLUGIN_NAME_}"
 export NPP_DEV_PLUGIN_FILE_="${NPP_DEV_PLUGIN_DIR_}/${NPP_DEV_PLUGIN_NAME_}.php"
 export NPP_DEV_GITHUB_REPO_="https://github.com/psaux-it/nginx-fastcgi-cache-purge-and-preload.git"
 
-# Plugins to Install (comma seperated)
-export NPP_PLUGINS_="fastcgi-cache-purge-and-preload-nginx"
+# Plugins to auto Install (comma seperated)
+export NPP_PLUGINS_="${NPP_DEV_PLUGIN_NAME_}, contact-form-7"
 
-# Default Theme
+# Themes to auto Install (comma seperated)
 export NPP_THEMES_="blue-note"

README.md

@@ -16,14 +16,15 @@ Explore the **[NPP Main GitHub Repository](https://github.com/psaux-it/nginx-fas
 - ✅ Supports a wide range of **PHP extensions**
 - ✅ Easily switch between the **stable** release and the **bleeding-edge dev** version of the **NPP**
 - ✅ All containers powered by **Debian 12** for a stable, consistent environment
+- ✅ Compatible with Windows WSL and Linux Hosts
 
 ## 🔑 Environment Variables
 
 Please check the **.env** file for the environment variables used by the project.
 
 Some variables can be directly modified by the user to customize the setup easily, while others are hard depend to the project's core configuration. Modifying these core variables for a production environment may require adjustments in other parts of the project to ensure proper integration and workflow. Feel free to customize it to meet your full-stack WordPress **production** needs!
 
-#### Use the Bleeding-Edge Version of NPP or Contribute to Development  
+#### Use the Bleeding-Edge Version of NPP or Contribute to Development (Default)
 
 If you want to use the **latest bleeding-edge version** of the NPP plugin or set up a **development/test environment**, simply set the following environment variable:  
 
@@ -62,8 +63,8 @@ docker compose up -d --build
 
 ### 🚀 **Post-Container Startup Access**
 - The WordPress site can be accessed at the host machine:
-  - 🔒 [https://172.19.0.3](https://172.19.0.3)
-  - 🌐 [http://172.19.0.3](http://172.19.0.3)
+  - 🔒 [https://localhost](https://localhost)
+  - 🌐 [http://localhost](http://localhost)
 
 - Default WordPress **wp-admin** login credentials:
   - **Username**: `npp`

docker-compose.yml

@@ -16,7 +16,7 @@ services:
       - ${WORDPRESS_HOME}:${NPP_WEB_ROOT_}
       - ${NGINX_CACHE}:${NPP_NGINX_CACHE_PATH_}
       - ${NGINX_CONF}:/etc/nginx/nginx.conf
-      - ${NPP_NGINX_CONF}:/etc/nginx/conf.d/npp.conf
+      - ${NPP_NGINX_CONF}:/etc/nginx/conf.d/default.conf
       - ${NPP_FPM_CONF}:/usr/local/etc/php-fpm.d/www.conf
       - ${FPM_DOCKER_CONF}:/usr/local/etc/php-fpm.d/zz-docker.conf
       - ${NPP_PHP_CONF}:/usr/local/etc/php/conf.d/npp.ini
@@ -30,9 +30,11 @@ services:
       - WORDPRESS_CONFIG_EXTRA=
           define('FORCE_SSL_ADMIN', true);
           define('FORCE_SSL_LOGIN', true);
-          if (defined('WP_CLI') && WP_CLI && !isset($$_SERVER['HTTP_HOST'])) $$_SERVER['HTTP_HOST'] = "${NPP_NGINX_IP}";
+          if (defined('WP_CLI') && WP_CLI && !isset($$_SERVER['HTTP_HOST'])) $$_SERVER['HTTP_HOST'] = "${NPP_HTTP_HOST}";
       - NPP_WEB_ROOT=${NPP_WEB_ROOT_}
       - NPP_NGINX_CACHE_PATH=${NPP_NGINX_CACHE_PATH_}
+      - NPP_NGINX_IP=${NPP_NGINX_IP}
+      - NPP_HTTP_HOST=${NPP_HTTP_HOST}
       - NPP_USER=${NPP_USER_}
       - NPP_UID=${NPP_UID_}
       - NPP_GID=${NPP_GID_}
@@ -61,7 +63,6 @@ services:
       - /dev/fuse:/dev/fuse
     networks:
       npp_network:
-        ipv4_address: 172.19.0.4
     post_start:
       - command: /scripts/wp-cli.sh
         working_dir: ${NPP_WEB_ROOT_}
@@ -104,7 +105,6 @@ services:
       - MYSQL_PASSWORD=${MYSQL_PASSWORD}
     networks:
       npp_network:
-        ipv4_address: 172.19.0.2
     mem_limit: "2GB"
     mem_reservation: "1GB"
     cpus: "1.0"
@@ -135,7 +135,7 @@ services:
       - ${WORDPRESS_HOME}:${NPP_WEB_ROOT_}
       - ${NGINX_CACHE}:${NPP_NGINX_CACHE_PATH_}
       - ${NGINX_CONF}:/etc/nginx/nginx.conf
-      - ${NPP_NGINX_CONF}:/etc/nginx/conf.d/npp.conf
+      - ${NPP_NGINX_CONF}:/etc/nginx/conf.d/default.conf
       - ${NPP_NGINX_PARAMS_CONF}:/etc/nginx/fastcgi_params
       - ${NGINX_SSL_CERTS}:/etc/ssl:ro
       - /etc/localtime:/etc/localtime:ro
@@ -146,11 +146,11 @@ services:
       - NPP_UID=${NPP_UID_}
       - NPP_GID=${NPP_GID_}
       - NGINX_WEB_USER=${NGINX_WEB_USER_}
-      - NPP_NGINX_IP=${NPP_NGINX_IP}
+      - NPP_HTTP_HOST=${NPP_HTTP_HOST}
       - MOUNT_DIR=${MOUNT_DIR_}
     networks:
       npp_network:
-        ipv4_address: 172.19.0.3
+        ipv4_address: 172.19.84.1
     mem_limit: "1.5GB"
     mem_reservation: "1GB"
     cpus: "1.0"
@@ -167,11 +167,17 @@ volumes:
   wordpress-db:
   wordpress:
   nginx_cache:
+    driver: local
+    driver_opts:
+      type: tmpfs
+      device: tmpfs
+      o: size=500m
 
 networks:
   npp_network:
     name: npp-wp
     driver: bridge
+    enable_ipv6: false
     ipam:
       config:
         - subnet: "172.19.0.0/16"

fpm/www.conf

@@ -2,7 +2,7 @@
 
 user = npp
 group = npp
-listen = 127.0.0.1:9001
+listen = 0.0.0.0:9001
 pm = dynamic
 pm.max_children = 8
 pm.start_servers = 4

fpm/zz-docker.conf

@@ -1,5 +1,2 @@
 [global]
 daemonize = no
-
-[www]
-listen = 9001

nginx/default.conf

@@ -0,0 +1,196 @@
+# Nginx VHOST for NPP-Optimized WordPress Setup                                    #
+# ----------------------------------------------------------------------------     #
+# Author: [Hasan ÇALIŞIR]                                                          #
+# Purpose: Full-stack Dockerized environment for NPP WordPress plugin, including   #
+#          WordPress, PHP-FPM, Nginx, MySQL, WP-CLI, and necessary PHP extensions. #
+# ----------------------------------------------------------------------------     #
+
+# FastCGI Cache Path
+####################
+fastcgi_cache_path /var/cache/nginx levels=1:2 keys_zone=NPP:100m max_size=400m inactive=30d;
+####################
+
+server {
+    # Listen HTTP
+    ##################################
+    listen 80;
+    server_name localhost;
+
+    # HTTPS Redirect
+    ##################################
+    location / {
+        rewrite ^ https://$host$request_uri? permanent;
+    }
+}
+
+server {
+    # Listen HTTPS
+    ##################################
+    listen 443 ssl;
+    server_name localhost;
+
+    # Document root
+    ###############
+    root /var/www/html;
+    index index.php index.html index.htm;
+
+    # Cache Settings
+    #################
+    set $skip_cache 0;
+
+    if ($query_string != "") {
+        set $skip_cache 1;
+    }
+
+    if ($request_uri ~* "(?:/add-to-cart=.*|/cart/.*|/my-account/.*|/checkout/.*|/wp-json/.*|/wc-api/.*|/addons.*|/wp-admin(?:/.*)?|/robots\.txt|/xmlrpc\.php|wp-.*\.php|/feed/.*|index\.php|sitemap(_index)?\.xml|[a-z0-9_-]+-sitemap([0-9]+)?\.(xml|html)|/sitemap\.html)") {
+        set $skip_cache 1;
+    }
+
+    if ($http_cookie ~* "comment_author|wordpress_[a-f0-9]+|wp-postpass|wordpress_no_cache|wordpress_logged_in") {
+        set $skip_cache 1;
+    }
+
+    if ($http_cookie ~* "woocommerce_items_in_cart") {
+        set $skip_cache 1;
+    }
+
+    if ($arg_add-to-cart != "") {
+        set $skip_cache 1;
+    }
+    # End
+    #####
+
+    # Stop Nginx from logging
+    #########################
+    location = /favicon.ico {
+        log_not_found off;
+        access_log off;
+    }
+
+    location = /robots.txt {
+        log_not_found off;
+        access_log off;
+        allow all;
+    }
+    # End
+    #####
+
+    # Serve content
+    ##################
+    location / {
+        try_files $uri $uri/ /index.php$is_args$args;
+    }
+    # End
+    #####
+
+    # PHP-FPM Configuration
+    ################
+    location ~ \.php$ {
+        # Use NPP "Cache Key Regex" option for non-default structers
+        # This structer supported in default by NPP
+        ############################################################
+        fastcgi_cache_key "$scheme$request_method$host$request_uri";
+        ############################################################
+
+        try_files $uri =404;
+        fastcgi_split_path_info ^(.+\.php)(/.+)$;
+        fastcgi_index index.php;
+        fastcgi_pass wordpress-fpm:9001;
+        include /etc/nginx/fastcgi_params;
+        fastcgi_cache_bypass $skip_cache;
+        fastcgi_no_cache $skip_cache;
+        fastcgi_cache NPP;
+        fastcgi_cache_valid 30d;
+        fastcgi_cache_use_stale error timeout updating invalid_header http_500 http_503;
+        fastcgi_cache_lock on;
+    }
+    # End
+    #####
+
+    # WP Security Settings
+    #######################
+    # Deny access to hidden files and directories (except .well-known)
+    location ~ /\.(?!well-known/) {
+        deny all;
+    }
+
+    # Deny access to wp-config files and other critical files
+    location ~* ^/(?:wp-config\.php|wp-config-sample\.php|readme\.html|license\.txt)$ {
+        deny all;
+    }
+
+    # Deny access to PHP files in uploads, files, plugins, themes
+    location ~* /(?:uploads|files|wp-content|wp-includes)/.*\.php$ {
+        deny all;
+    }
+
+    # Deny access to script file types
+    location ~* .(pl|cgi|py|sh|lua|asp)$ {
+        deny all;
+    }
+
+    # Block access to wp-content plugin/theme log files
+    location ~* ^/wp-content/(plugins|themes)/.*\.(txt|log|md)$ {
+        deny all;
+    }
+
+    # Block common attack patterns
+    location ~* "(eval\(.*\)|base64_encode\(.*\)|\{0\}|phpinfo|self/environ)" {
+        deny all;
+    }
+
+    # Block dangerous file access
+    location ~* "/(thumb|timthumb|config|settings|sqlpatch|webshell|phpinfo)\.php" {
+        deny all;
+    }
+    # End
+    #####
+
+    # Browser Cache (Enable on Production)
+    ###############
+    # location ~*.(ogg|ogv|svg|svgz|eot|otf|woff|mp4|ttf|css|rss|atom|js|jpg|jpeg|gif|png|ico|zip|tgz|gz|rar|bz2|doc|xls|exe|ppt|tar|mid|midi|wav|bmp|rtf)$ {
+    #    expires max;
+    #    log_not_found off;
+    #    access_log off;
+    # }
+    # End
+    #####
+
+    # Dummy Self-Signed SSL Certificate (Don't use on Production)
+    #################
+    ssl_certificate /etc/ssl/fullchain.pem;
+    ssl_certificate_key /etc/ssl/privkey.pem;
+    ssl_trusted_certificate /etc/ssl/chain.pem;
+    # End
+    #####
+
+    # SSL Settings (Enable on Production)
+    ##############
+    # ssl_protocols TLSv1.2 TLSv1.3;
+    # ssl_prefer_server_ciphers on;
+    # ssl_ciphers ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS;
+    # ssl_ecdh_curve secp384r1;
+    # ssl_session_cache shared:SSLA:10m;
+    # ssl_session_timeout 10m;
+    # ssl_session_tickets off;
+    # ssl_buffer_size 4k;
+    # End
+    #####
+
+    # Security Headers (Enable on Production)
+    ##################
+    # add_header Content-Security-Policy upgrade-insecure-requests;
+    # add_header Permissions-Policy "microphone=(), camera=(), interest-cohort=(), browsing-topics=()";
+    # add_header Referrer-Policy no-referrer-when-downgrade;
+    # add_header X-Frame-Options "SAMEORIGIN";
+    # add_header X-Content-Type-Options "nosniff";
+    # add_header X-XSS-Protection "1; mode=block";
+    # add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;
+    # End
+    #####
+
+    # FastCGI Cache Status Header
+    #############################
+    add_header NPP-FastCGI-Cache $upstream_cache_status;
+    #############################
+}       

nginx/entrypoint-nginx.sh

@@ -65,7 +65,14 @@ wait_for_service "wordpress" 9001
 wait_for_service "wordpress" 9999
 
 # Check if required environment variables are set
-for var in NPP_UID NPP_GID NPP_USER NPP_WEB_ROOT NGINX_WEB_USER MOUNT_DIR NPP_NGINX_IP; do
+for var in \
+    NPP_UID \
+    NPP_GID \
+    NPP_USER \
+    NPP_WEB_ROOT \
+    NGINX_WEB_USER \
+    MOUNT_DIR \
+    NPP_HTTP_HOST; do
     if [[ -z "${!var:-}" ]]; then
         echo -e "${COLOR_RED}${COLOR_BOLD}NPP-NGINX-FATAL:${COLOR_RESET} Missing required environment variable: ${COLOR_LIGHT_CYAN}${var}${COLOR_RESET} - ${COLOR_RED}Exiting...${COLOR_RESET}"
         exit 1
@@ -106,7 +113,7 @@ echo -e "\n${COLOR_YELLOW}━━━━━━━━━━━━━━━━━━
 
 # URL Access Information
 echo -e "\n${COLOR_GREEN}${COLOR_BOLD}🔑 Access WordPress:${COLOR_RESET}"
-echo -e "${COLOR_LIGHT_CYAN}URL: ${COLOR_RESET}${COLOR_BOLD}https://${NPP_NGINX_IP}/wp-admin${COLOR_RESET}"
+echo -e "${COLOR_LIGHT_CYAN}URL: ${COLOR_RESET}${COLOR_BOLD}https://${NPP_HTTP_HOST}/wp-admin${COLOR_RESET}"
 
 # Separator for credentials
 echo -e "\n${COLOR_YELLOW}━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━${COLOR_RESET}"