generated from bisco/codex-bootstrap
feat: use host bind mounts for persistent data
This commit is contained in:
@@ -18,8 +18,9 @@ sanitized theme modifications, while a must-use plugin owns Shows and Gallery cu
|
||||
post types so structured content is not lost when changing themes.
|
||||
|
||||
NGINX is the only public entry point. WP-CLI provides an idempotent opt-in bootstrap;
|
||||
Certbot provides opt-in direct TLS. Docker networks isolate the database and functional
|
||||
tests use separate volumes.
|
||||
Certbot provides opt-in direct TLS. Docker networks isolate the database. Runtime state
|
||||
uses host-based bind mounts with a preparation script for ownership/mode, while
|
||||
functional tests use separate Docker volumes.
|
||||
|
||||
## Consequences
|
||||
|
||||
@@ -48,11 +49,12 @@ headers, and fail-closed TLS. Admin MFA and allowlisting remain external control
|
||||
## Operational impact
|
||||
|
||||
Database and WordPress files are coordinated state and must be backed up together.
|
||||
Host bind-mount paths must be permissioned for the image users before startup.
|
||||
Operators must monitor upstream security releases and rebuild pinned images. SMTP and
|
||||
off-host storage are not part of this minimal base.
|
||||
|
||||
## Rollback
|
||||
|
||||
Revert the implementation commit and rebuild. Preserve WordPress, database, and
|
||||
certificate volumes unless data deletion is intentional. Restore data only from a
|
||||
verified coordinated backup.
|
||||
Revert the implementation commit and rebuild. Preserve the configured WordPress,
|
||||
database, and certificate host directories unless data deletion is intentional. Restore
|
||||
data only from a verified coordinated backup.
|
||||
|
||||
Reference in New Issue
Block a user