generated from bisco/codex-bootstrap
feat: add wordpress site variant
This commit is contained in:
+37
-9
@@ -1,13 +1,41 @@
|
||||
# Operations
|
||||
|
||||
Describe operational procedures.
|
||||
## Routine commands
|
||||
|
||||
Include:
|
||||
```bash
|
||||
docker compose up --build -d
|
||||
docker compose ps
|
||||
docker compose logs -f proxy wordpress db certbot
|
||||
docker compose --profile tools run --rm wp-cli -c 'wp core version'
|
||||
docker compose down
|
||||
```
|
||||
|
||||
- startup and shutdown;
|
||||
- health checks;
|
||||
- logs;
|
||||
- monitoring;
|
||||
- backup and restore;
|
||||
- routine maintenance;
|
||||
- known operational risks.
|
||||
The proxy healthcheck reaches WordPress, and WordPress health reaches its login route.
|
||||
MariaDB uses its official readiness check. WordPress access logs are disabled while
|
||||
PHP warnings/errors remain visible. NGINX is the request audit trail; apply an explicit
|
||||
retention policy because it contains client metadata.
|
||||
|
||||
## Updates
|
||||
|
||||
WordPress, PHP, MariaDB, NGINX, Certbot, and Playwright use explicit image versions.
|
||||
Review security releases routinely, update pins in a task branch, rebuild, run the full
|
||||
test suite, and deploy. Production disables WordPress web-based file modifications, so
|
||||
image rebuilds are the update path.
|
||||
|
||||
## Backup and restore
|
||||
|
||||
Create database and `wordpress_data` backups in one maintenance window. Backups contain
|
||||
credentials, accounts, contact information, and uploaded media; encrypt them, restrict
|
||||
access, set retention, and store copies off-host.
|
||||
|
||||
A restore is destructive. Validate it on isolated volumes, then stop WordPress, restore
|
||||
the database and file volume together, restart, and verify the homepage, media,
|
||||
`/wp-admin/`, and user accounts.
|
||||
|
||||
## Known risks
|
||||
|
||||
- Local named volumes are not backups.
|
||||
- SMTP is not configured; WordPress password-reset email needs an external mail service.
|
||||
- Admin MFA and network allowlisting are deployment concerns and are not bundled.
|
||||
- WordPress plugins expand the attack surface; install only reviewed, maintained,
|
||||
necessary plugins.
|
||||
|
||||
Reference in New Issue
Block a user