trying to understand why ports dont work

srcs/.env

@@ -2,6 +2,7 @@
 # NGINX SETUP
 
 NG_VOLUME_CERTS=/etc/ssl
+MAX_UPLOAD_SIZE=512
 
 # MARIADB SETUP
 
@@ -27,7 +28,6 @@ WP_USER_EMAIL=moehu36@42.fr
 
 # MAP
 
-MAX_UPLOAD_SIZE=512
 EXECUTION_TIME=300
 
 # env file does not have expension capacity, so we simulate it with makefile :
@@ -40,10 +40,8 @@ EXECUTION_TIME=300
 #EXPEND_HOST_VOLUME_WP=$HOME_PATH/data/lejourduprof/wp_volume
 #EXPEND_HOST_VOLUME_DB=$HOME_PATH/data/lejourduprof/db_volume
 #EXPEND_HOST_VOLUME_PLUGINS=$PWD_PATH/srcs/plugins
-#EXPEND_HOST_VOLUME_CERTS=$PWD_PATH/srcs/requirements/nginx/conf/ssl
 # EXPENDED LINES :
-HOST_VOLUME_CERTS=/home/asususus/nextcloud_backup/backup_planethoster_server/nextclouddata/hugogogo/files/informatique/lejourduprof/srcs/requirements/nginx/conf/ssl
-HOST_VOLUME_PLUGINS=/home/asususus/nextcloud_backup/backup_planethoster_server/nextclouddata/hugogogo/files/informatique/lejourduprof/srcs/plugins
+HOST_VOLUME_PLUGINS=/home/asususus/nextcloud_backup/backup_planethoster_server/nextclouddata/hugogogo/files/informatique/wordpress_docker/srcs/plugins
 HOST_VOLUME_DB=/home/asususus/data/lejourduprof/db_volume
 HOST_VOLUME_WP=/home/asususus/data/lejourduprof/wp_volume
 

srcs/docker-compose.yml

@@ -8,24 +8,16 @@
 version: "3.8"
 
 services:
-# ---------------------------------
-#  test:
-#    build:
-#      context: ./requirements/test
-#      dockerfile: Dockerfile
-#    image: test
-#    container_name: test_container
 # ---------------------------------
   nginx:
     restart: on-failure
     networks:
       - inception
     ports:
-      - "443:443"
+      - "443":"443"
     volumes:
       - wp_volume:${WP_VOLUME_DIR}
       - wp_plugins:${WP_VOLUME_PLUGINS}
-      - ng_certs:${NG_VOLUME_CERTS}
     build:
       context: ./requirements/nginx
       args:
@@ -64,7 +56,7 @@ services:
 # ---------------------------------
   wordpress:
     restart: on-failure
-    env_file: ./.env
+    env_file: .env
     networks:
       - inception
     volumes:
@@ -103,12 +95,6 @@ volumes:
       type: none
       o: "bind"
       device: ${HOST_VOLUME_PLUGINS}
-  ng_certs:
-    driver: local
-    driver_opts:
-      type: none
-      o: "bind"
-      device: ${HOST_VOLUME_CERTS}
 
 networks:
   inception:

srcs/requirements/nginx/Dockerfile

@@ -9,8 +9,8 @@ RUN apk update && apk add \
 	rm -rf /var/cache/apk*
 
 # nginx conf
-COPY ./conf/nginx.conf.alpine /etc/nginx/nginx.conf
-COPY ./conf/inception_nginx.conf /etc/nginx/http.d/
+COPY ./conf/nginx_main.conf.alpine /etc/nginx/nginx.conf
+COPY ./conf/nginx_http_server.conf /etc/nginx/http.d/
 # dir for logs
 RUN mkdir -p /var/log/nginx/
 
@@ -20,31 +20,38 @@ RUN adduser -S www-data && \
 	adduser www-data nginx && \
 	chmod +rwx /var/lib/nginx/tmp
 
+# ARG variables are not persistent after the build process, in opposite to ENV
 ARG WP_URL
 ARG MAX_UPLOAD_SIZE
 ARG WP_VOLUME_DIR
 ARG WP_VOLUME_PLUGINS
 ARG NG_VOLUME_CERTS
 
-# create and empty volumes dir
-RUN mkdir -p ${WP_VOLUME_DIR}   ${WP_VOLUME_PLUGINS}   ${NG_VOLUME_CERTS} && \
-	rm -rf   ${WP_VOLUME_DIR}/* ${WP_VOLUME_PLUGINS}/* ${NG_VOLUME_CERTS}/*
-
 # replace WP_URL
-RUN sed -i "s/\${WP_URL}/${WP_URL}/g" /etc/nginx/http.d/inception_nginx.conf
-
+RUN sed -i "s/\${WP_URL}/${WP_URL}/g" /etc/nginx/http.d/nginx_http_server.conf
 # replace max file size upload
 RUN sed -i "s/\(client_max_body_size \).*\(m;\)/\1${MAX_UPLOAD_SIZE}\2/g" /etc/nginx/nginx.conf
 
-# create ssl certificate
-COPY ./conf/ssl ${NG_VOLUME_CERTS}
-RUN if [ -z "$(ls -A ${NG_VOLUME_CERTS} 2>/dev/null)" ]; then \
-		mkdir ${NG_VOLUME_CERTS}/private ${NG_VOLUME_CERTS}/certs; \
+# create ssl certificates
+#   command openssl :
+#    - req             : create a certificate signing request (CSR) or a self-signed certificate
+#    - newkey rsa:2048 : generate a new RSA key pair with a key length of 2048 bits
+#    - nodes           : the private key should not be encrypted with a passphrase. This is useful for automated processes where entering a passphrase is not practical
+#    - x509            : a self-signed certificate should be created
+#    - days 365        : sets the validity period of the certificate to 365 days
+#    - subj            : sets the subject, information about the entity the certificate is issued to
+#      - C, ST, L, O, OU, CN : country, state, locality, organization, organizational unit, and common name
+#    - keyout          : the filename for the private key file
+#    - out             : the filename for the output certificate file
+ARG SSL_KEY=${NG_VOLUME_CERTS}/private/${WP_URL}.key
+ARG SSL_CERT=${NG_VOLUME_CERTS}/certs/${WP_URL}.crt
+RUN mkdir -p ${NG_VOLUME_CERTS}; \
+		cd ${NG_VOLUME_CERTS}; \
+		mkdir private certs; \
 		openssl req -newkey rsa:2048 -nodes -x509 -days 365 \
-			-subj "/C=fr/ST=ile-de-france/L=paris/O=ljdp/OU=lejourdesprofs/CN=${WP_URL}" \
-			-keyout ${NG_VOLUME_CERTS}/private/${WP_URL}.key \
-			-out ${NG_VOLUME_CERTS}/certs/${WP_URL}.crt; \
-	fi
+			-subj "/C=fr/ST=ile-de-france/L=paris/O=wp/OU=wp_local/CN=${WP_URL}" \
+			-keyout ${SSL_KEY} \
+			-out ${SSL_CERT};
 
 ENTRYPOINT [ "nginx", "-g", "daemon off;" ]
 

srcs/requirements/nginx/conf/default

@@ -1,91 +0,0 @@
-##
-# You should look at the following URL's in order to grasp a solid understanding
-# of Nginx configuration files in order to fully unleash the power of Nginx.
-# https://www.nginx.com/resources/wiki/start/
-# https://www.nginx.com/resources/wiki/start/topics/tutorials/config_pitfalls/
-# https://wiki.debian.org/Nginx/DirectoryStructure
-#
-# In most cases, administrators will remove this file from sites-enabled/ and
-# leave it as reference inside of sites-available where it will continue to be
-# updated by the nginx packaging team.
-#
-# This file will automatically load configuration files provided by other
-# applications, such as Drupal or Wordpress. These applications will be made
-# available underneath a path with that package name, such as /drupal8.
-#
-# Please see /usr/share/doc/nginx-doc/examples/ for more detailed examples.
-##
-
-# Default server configuration
-#
-server {
-	listen 80 default_server;
-	listen [::]:80 default_server;
-
-	# SSL configuration
-	#
-	# listen 443 ssl default_server;
-	# listen [::]:443 ssl default_server;
-	#
-	# Note: You should disable gzip for SSL traffic.
-	# See: https://bugs.debian.org/773332
-	#
-	# Read up on ssl_ciphers to ensure a secure configuration.
-	# See: https://bugs.debian.org/765782
-	#
-	# Self signed certs generated by the ssl-cert package
-	# Don't use them in a production server!
-	#
-	# include snippets/snakeoil.conf;
-
-	root /var/www/html;
-
-	# Add index.php to the list if you are using PHP
-	index index.html index.htm index.nginx-debian.html;
-
-	server_name _;
-
-	location / {
-		# First attempt to serve request as file, then
-		# as directory, then fall back to displaying a 404.
-		try_files $uri $uri/ =404;
-	}
-
-	# pass PHP scripts to FastCGI server
-	#
-	#location ~ \.php$ {
-	#	include snippets/fastcgi-php.conf;
-	#
-	#	# With php-fpm (or other unix sockets):
-	#	fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;
-	#	# With php-cgi (or other tcp sockets):
-	#	fastcgi_pass 127.0.0.1:9000;
-	#}
-
-	# deny access to .htaccess files, if Apache's document root
-	# concurs with nginx's one
-	#
-	#location ~ /\.ht {
-	#	deny all;
-	#}
-}
-
-
-# Virtual Host configuration for example.com
-#
-# You can move that to a different file under sites-available/ and symlink that
-# to sites-enabled/ to enable it.
-#
-#server {
-#	listen 80;
-#	listen [::]:80;
-#
-#	server_name example.com;
-#
-#	root /var/www/example.com;
-#	index index.html;
-#
-#	location / {
-#		try_files $uri $uri/ =404;
-#	}
-#}

srcs/requirements/nginx/conf/inception_nginx.conf

@@ -1,48 +0,0 @@
-# doc : https://nginx.org/en/docs/dirindex.html
-
-server {
-	listen				443 ssl;										# for ipv4, on port 443, specifying that accepted connections should works in ssl mode
-	listen				[::]:443 ssl;									# for ipv6
-	server_name			${WP_URL};
-	ssl_certificate		/etc/ssl/certs/${WP_URL}.crt;					# specifies the file with the ssl certificate (self signed here) generated by openssl
-	ssl_certificate_key	/etc/ssl/private/${WP_URL}.key;					# specifies the file with the secret key of the certificate
-
-	root				/var/www/html/;									# contains default nginx index.nginx-debian.html
-	index				index.html index.php;							# defines files that will be used as index (https://nginx.org/en/docs/http/ngx_http_index_module.html)
-		 
-	access_log /var/log/nginx/${WP_URL}.access.log;
-	error_log /var/log/nginx/${WP_URL}.error.log;
-
-	# use fastcgi for all php files
-	location ~ \.php$ {
-		fastcgi_pass	wordpress:9000;
-		fastcgi_split_path_info	^(.+\.php)(/.+)$;
-		fastcgi_param	SCRIPT_FILENAME $document_root$fastcgi_script_name;
-		include			fastcgi_params;
-	}
-
-# followings are from :
-# https://www.farinspace.com/wordpress-nginx-rewrite-rules/
-
-	# unless the request is for a valid file, send to bootstrap
-	# without this, permalinks changes don't work
-	if (!-e $request_filename) {
-		rewrite ^(.+)$ /index.php?q=$1 last;
-	}
-
-	## enforce NO www
-	#if ($host ~* ^www\.(.*)) {
-	#	set $host_without_www $1;
-	#	rewrite ^/(.*)$ $scheme://$host_without_www/$1 permanent;
-	#}
-
-	## catch all
-	#error_page 404 /index.php;
-
-	## deny access to apache .htaccess files
-	#location ~ /\.ht {
-	#	deny all;
-	#}
-
-}
-

srcs/requirements/nginx/conf/nginx.conf.debian

@@ -1,98 +0,0 @@
-# inception modifications :
-#
-# ssl_protocols :
-#   < ssl_protocols TLSv1.3; # Dropping SSLv3, ref: POODLE
-#   > ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE
-# gzip :
-#   < gzip off;
-#   > gzip on;
-# sites-enabled :
-#   < # include /etc/nginx/sites-enabled/*;
-#   > include /etc/nginx/sites-enabled/*;
-																			# doc : https://nginx.org/en/docs/dirindex.html
-
-user www-data;																# process owner name, can be anything
-worker_processes auto;														# a worker is a process that handles incoming requests, auto to automatically adjust the number of processes available
-pid /run/nginx.pid;															# defines a file that will store the process id of the main process
-include /etc/nginx/modules-enabled/*.conf;									# include a file
-
-events {																	# section for connection processing directives
-	worker_connections 768;													# max number of connection that can be opened by a worker process
-	# multi_accept on;
-}
-
-http {																		# section for http server directives
-	##
-	# Basic Settings
-	##
-
-	sendfile on;															# enable the use of linux sendfil() function, that transfer data directly betzeen fd, so withour copying to intermediate memory buffer, it increases performances in most cases (https://stackoverflow.com/questions/58066785/always-use-sendfile-with-nginx-on-linux)
-	tcp_nopush on;															# enables the socket option TCP_CORK/TCP_NOPUSH, that allows to send packets filled with more datas (https://baus.net/on-tcp_cork/)
-	tcp_nodelay on;															# opposit of TCP_CORK, TCP_NODELAY says the application to send datas as soon as it receives it, both options are exclusives but can work together in modern kernel (https://stackoverflow.com/questions/3761276/when-should-i-use-tcp-nodelay-and-when-tcp-cork)
-	keepalive_timeout 65;													# in seconds, defines time before closing a connexion without activity
-	types_hash_max_size 2048;												# maximum size for the list that stores duplicates of the hash table, size of the hash table is chosen accordingly (https://nginx.org/en/docs/hash.html, hash table : https://www.youtube.com/watch?v=KyUTuwz_b7Q)
-	# server_tokens off;
-
-	# server_names_hash_bucket_size 64;
-	# server_name_in_redirect off;
-
-	include /etc/nginx/mime.types;											# include a file
-	default_type application/octet-stream;									# defines the default MIME type (default is text/plain)
-
-	##
-	# SSL Settings
-	##
-
-	ssl_protocols TLSv1.3; # Dropping SSLv3, ref: POODLE					# enables the specified protocols. The TLSv1.1 and TLSv1.2 parameters works only when OpenSSL 1.0.1 or higher is used, and the TLSv1.3 only when OpenSSL 1.1.1 or higher is used
-	ssl_prefer_server_ciphers on;											# Specifies that server ciphers should be preferred over client ciphers when using the SSLv3 and TLS protocols (a cipher is "an algorithm for performing encryption or decryption, a series of [...] steps that can be followed as a procedure" https://en.wikipedia.org/wiki/Cipher_suite)
-
-	##
-	# Logging Settings
-	##
-
-	access_log /var/log/nginx/access.log;									# defines where to write the access logs. if gzip is used, the log will be buffered
-	error_log /var/log/nginx/error.log;										# defines where to write the error logs. if gzip is used, the log will be buffered
-
-	##
-	# Gzip Settings
-	##
-
-	gzip off;																# enable gzipping of responses. gzip is an algorithm that compress the data (disabled for security reasons : https://bugs.debian.org/773332)
-
-	# gzip_vary on;
-	# gzip_proxied any;
-	# gzip_comp_level 6;
-	# gzip_buffers 16 8k;
-	# gzip_http_version 1.1;
-	# gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;
-
-	##
-	# Virtual Host Configs
-	##
-
-	include /etc/nginx/conf.d/*.conf;										# include the *.conf files found in conf.d folder. do the same as "sites-enabled" with another approach : you put your .conf files for the site inside this folder, and if you want to disable a config file you just rename it to no have a .conf suffix
-	# include /etc/nginx/sites-enabled/*;									# include all the (symlink) files found in sites-enabled folder. do the same as "conf.d" with another approach : you put all your configurations files into a "/etc/nginx/sites-available/" folder, and you put symlinks of a selection of thoses files that you want to use for the site, into "/etc/nginx/sites-enabled/" folder (bad practice : https://serverfault.com/questions/527630/difference-in-sites-available-vs-sites-enabled-vs-conf-d-directories-nginx#answer-870709)
-}
-
-
-#mail {
-#	# See sample authentication script at:
-#	# http://wiki.nginx.org/ImapAuthenticateWithApachePhpScript
-# 
-#	# auth_http localhost/auth.php;
-#	# pop3_capabilities "TOP" "USER";
-#	# imap_capabilities "IMAP4rev1" "UIDPLUS";
-# 
-#	server {
-#		listen     localhost:110;
-#		protocol   pop3;
-#		proxy      on;
-#	}
-# 
-#	server {
-#		listen     localhost:143;
-#		protocol   imap;
-#		proxy      on;
-#	}
-#}
-

srcs/requirements/nginx/conf/nginx_http_server.conf

@@ -0,0 +1,52 @@
+# doc :
+# https://nginx.org/en/docs/dirindex.html
+# https://www.nginx.com/resources/wiki/start/
+# https://www.nginx.com/resources/wiki/start/topics/tutorials/config_pitfalls/
+# https://wiki.debian.org/Nginx/DirectoryStructure
+
+server {
+	listen							443 ssl;												# for ipv4, on port 443, specifying that accepted connections should works in ssl mode
+	listen							[::]:443 ssl;										# for ipv6
+	server_name					${WP_URL};
+	ssl_certificate			/etc/ssl/certs/${WP_URL}.crt;		# specifies the file with the ssl certificate (self signed here) generated by openssl
+	ssl_certificate_key	/etc/ssl/private/${WP_URL}.key;	# specifies the file with the secret key of the certificate
+
+	root				/var/www/html/;													# contains default nginx index.nginx-debian.html
+	index				index.html index.php;										# defines files that will be used as index (https://nginx.org/en/docs/http/ngx_http_index_module.html)
+		 
+	access_log /var/log/nginx/${WP_URL}.access.log;
+	error_log /var/log/nginx/${WP_URL}.error.log;
+
+	# use fastcgi for all php files
+	location ~ \.php$ {
+		fastcgi_pass	wordpress:9000;
+		fastcgi_split_path_info	^(.+\.php)(/.+)$;
+		fastcgi_param	SCRIPT_FILENAME $document_root$fastcgi_script_name;
+		include			fastcgi_params;
+	}
+
+# followings are from :
+# https://www.farinspace.com/wordpress-nginx-rewrite-rules/
+
+	# unless the request is for a valid file, send to bootstrap
+	# without this, permalinks changes don't work
+	if (!-e $request_filename) {
+		rewrite ^(.+)$ /index.php?q=$1 last;
+	}
+
+	## enforce NO www
+	#if ($host ~* ^www\.(.*)) {
+	#	set $host_without_www $1;
+	#	rewrite ^/(.*)$ $scheme://$host_without_www/$1 permanent;
+	#}
+
+	## catch all
+	#error_page 404 /index.php;
+
+	## deny access to apache .htaccess files
+	#location ~ /\.ht {
+	#	deny all;
+	#}
+
+}
+

srcs/requirements/nginx/conf/nginx_main.conf.alpine

@@ -1,4 +1,4 @@
-# inception modifications :
+# modifications from original :
 #
 # user :
 #   < user www-data

srcs/requirements/wordpress/Dockerfile

@@ -31,10 +31,6 @@ ARG WP_VOLUME_PLUGINS
 ARG MAX_UPLOAD_SIZE
 ARG EXECUTION_TIME
 
-# create and empty volumes dir
-RUN mkdir -p ${WP_VOLUME_DIR}   ${WP_VOLUME_PLUGINS} && \
-	rm -rf   ${WP_VOLUME_DIR}/* ${WP_VOLUME_PLUGINS}/*
-
 # replace max file size upload and execution time
 RUN sed -i "s/\(upload_max_filesize = \).*\(M\)/\1${MAX_UPLOAD_SIZE}\2/g" /etc/php7/php.ini && \
 	sed -i "s/\(post_max_size = \).*\(M\)/\1${MAX_UPLOAD_SIZE}\2/g" /etc/php7/php.ini && \

srcs/requirements/wordpress/conf/wp_entrypoint.sh

@@ -10,6 +10,8 @@ CYAN="\e[0;36m"
 WHITE="\e[0;37m"
 RESET="\e[0m"
 
+# it gets the ENV variables from .env because specified in the docker-compose.yml file
+
 # install wordpress with cli : https://make.wordpress.org/cli/handbook/how-to-install/
 # commands : https://developer.wordpress.org/cli/commands/
 # bug with wp commands : https://github.com/wp-cli/config-command/issues/31