generated from bisco/codex-bootstrap
73 lines
2.7 KiB
Markdown
73 lines
2.7 KiB
Markdown
# Runbook
|
|
|
|
## Installation screen remains visible
|
|
|
|
1. Check `docker compose ps` for healthy database and WordPress services.
|
|
2. Run `docker compose --profile tools run --rm wp-cli /scripts/bootstrap.sh`.
|
|
3. Inspect `docker compose logs wordpress db` without printing secret values.
|
|
|
|
## NGINX returns 502
|
|
|
|
1. Run `docker compose ps` and `docker compose exec proxy nginx -t`.
|
|
2. Check the WordPress health status and `docker compose logs proxy wordpress`.
|
|
3. Confirm the request host is exactly `azionelab.org`; unknown hosts return 404.
|
|
|
|
## Images or theme are missing
|
|
|
|
1. Confirm `WORDPRESS_DATA_PATH` is mounted in both WordPress and WP-CLI.
|
|
2. Run `docker compose --profile tools run --rm wp-cli -c 'wp theme status azionelab'`.
|
|
3. Verify file ownership before changing permissions; never make the tree world-writable.
|
|
|
|
## A service cannot write to its volume
|
|
|
|
1. Stop the affected service.
|
|
2. Confirm the relevant `.env` path points to the intended host directory.
|
|
3. Run `./scripts/prepare-host-volumes.sh`.
|
|
4. Start the service and inspect logs without printing secret values.
|
|
|
|
## Certificate issuance fails
|
|
|
|
Verify public DNS, inbound port 80, the operator email, and staging mode. Request a
|
|
missing `/.well-known/acme-challenge/` path: an NGINX 404 confirms the route is yours.
|
|
Avoid repeated production-CA retries while debugging.
|
|
|
|
When Let's Encrypt is enabled, the proxy intentionally returns 503 for normal
|
|
application paths until a certificate exists. ACME challenge paths and proxy health
|
|
paths must still work in that pending state, otherwise Certbot will never start.
|
|
|
|
## Staging certificate remains after switching to production
|
|
|
|
Certbot does not replace a still-valid staging certificate just because
|
|
`LETSENCRYPT_STAGING` changed. Recreate the Certbot container so it reads the updated
|
|
environment:
|
|
|
|
```bash
|
|
docker compose up -d --force-recreate certbot
|
|
docker compose up -d proxy
|
|
```
|
|
|
|
The entrypoint removes an existing staging certificate for `LETSENCRYPT_DOMAIN` before
|
|
requesting the production certificate. If issuance fails, inspect `docker compose logs
|
|
certbot proxy`, verify DNS and port 80, and avoid repeated production-CA retries.
|
|
|
|
## Bootstrap writes to the wrong data volume
|
|
|
|
Do not combine the test override with production bootstrap commands. This command writes
|
|
to isolated test volumes only:
|
|
|
|
```bash
|
|
docker compose -f docker-compose.yml -f docker-compose.test.yml --profile tools run --rm wp-cli /scripts/bootstrap.sh
|
|
```
|
|
|
|
Use this command for the real host-based WordPress data directory:
|
|
|
|
```bash
|
|
docker compose --profile tools run --rm wp-cli /scripts/bootstrap.sh
|
|
```
|
|
|
|
## Rollback
|
|
|
|
Revert the deployment commit and rebuild while preserving all host data directories.
|
|
Restore database/files only for a data rollback and only from a verified coordinated
|
|
backup.
|