generated from bisco/codex-bootstrap
feat: add wordpress site variant
This commit is contained in:
+37
-11
@@ -1,15 +1,41 @@
|
||||
# Deployment
|
||||
|
||||
Describe how this project is deployed.
|
||||
## Local
|
||||
|
||||
Include:
|
||||
Copy `.env.example` to `.env`, add `127.0.0.1 azionelab.org` to the hosts file, then:
|
||||
|
||||
- environments;
|
||||
- Docker/Compose usage;
|
||||
- required configuration;
|
||||
- secrets handling;
|
||||
- exposed ports;
|
||||
- volumes;
|
||||
- networks;
|
||||
- deployment commands;
|
||||
- rollback procedure.
|
||||
```bash
|
||||
docker compose up --build -d
|
||||
docker compose --profile tools run --rm wp-cli /scripts/bootstrap.sh
|
||||
```
|
||||
|
||||
NGINX binds to loopback ports 8080/8443. WordPress and MariaDB remain private. The
|
||||
bootstrap is safe to rerun and does not duplicate demo records.
|
||||
|
||||
## Production
|
||||
|
||||
Required controls:
|
||||
|
||||
- `WP_ENVIRONMENT_TYPE=production`;
|
||||
- unique non-placeholder MariaDB passwords of at least 16 characters;
|
||||
- `WORDPRESS_DEBUG=0` and a strong administrator password;
|
||||
- an HTTPS `WP_URL`;
|
||||
- managed secrets outside the Compose file;
|
||||
- either direct Let's Encrypt termination or a trusted external load balancer;
|
||||
- off-host database/file backups and monitoring.
|
||||
|
||||
When a load balancer terminates TLS, Certbot stays disabled. `TRUST_PROXY_HEADERS=1`
|
||||
is safe only when firewall/network policy makes the load balancer the sole NGINX
|
||||
caller and it overwrites `X-Forwarded-*` headers.
|
||||
|
||||
For direct TLS, public DNS and inbound ports 80/443 must reach NGINX. Start with
|
||||
`LETSENCRYPT_STAGING=1`; application HTTP returns 503 until a certificate exists, then
|
||||
redirects to HTTPS. Switch to the production CA only after validating DNS and firewall
|
||||
behavior, removing only the staging certificate volume when necessary.
|
||||
|
||||
## State and rollback
|
||||
|
||||
Database and WordPress file volumes must be backed up together. Code rollback is a
|
||||
container rebuild from a prior commit and does not require deleting volumes. Never use
|
||||
`docker compose down --volumes` where content must survive. Test database restoration
|
||||
in a disposable environment before any production restore.
|
||||
|
||||
Reference in New Issue
Block a user