public/wordpress (sha256:b107dafa5a9af6387b8558c5859573b0203d32e7c91ea474820b6250c6e12840)
Published 2025-10-12 22:24:04 +07:00 by panuwat.n
Installation
docker pull git.web2.rmutsv.ac.th/administrator/public/wordpress@sha256:b107dafa5a9af6387b8558c5859573b0203d32e7c91ea474820b6250c6e12840sha256:b107dafa5a9af6387b8558c5859573b0203d32e7c91ea474820b6250c6e12840Image Layers
| # debian.sh --arch 'amd64' out/ 'trixie' '@1759104000' |
| RUN /bin/sh -c set -eux; { echo 'Package: php*'; echo 'Pin: release *'; echo 'Pin-Priority: -1'; } > /etc/apt/preferences.d/no-debian-php # buildkit |
| ENV PHPIZE_DEPS=autoconf dpkg-dev file g++ gcc libc-dev make pkg-config re2c |
| RUN /bin/sh -c set -eux; apt-get update; apt-get install -y --no-install-recommends $PHPIZE_DEPS ca-certificates curl xz-utils ; apt-get dist-clean # buildkit |
| ENV PHP_INI_DIR=/usr/local/etc/php |
| RUN /bin/sh -c set -eux; mkdir -p "$PHP_INI_DIR/conf.d"; [ ! -d /var/www/html ]; mkdir -p /var/www/html; chown www-data:www-data /var/www/html; chmod 1777 /var/www/html # buildkit |
| ENV APACHE_CONFDIR=/etc/apache2 |
| ENV APACHE_ENVVARS=/etc/apache2/envvars |
| RUN /bin/sh -c set -eux; apt-get update; apt-get install -y --no-install-recommends apache2; apt-get dist-clean; sed -ri 's/^export ([^=]+)=(.*)$/: ${\1:=\2}\nexport \1/' "$APACHE_ENVVARS"; . "$APACHE_ENVVARS"; for dir in "$APACHE_LOCK_DIR" "$APACHE_RUN_DIR" "$APACHE_LOG_DIR" "$APACHE_RUN_DIR/socks" ; do rm -rvf "$dir"; mkdir -p "$dir"; chown "$APACHE_RUN_USER:$APACHE_RUN_GROUP" "$dir"; chmod 1777 "$dir"; done; rm -rvf /var/www/html/*; ln -sfT /dev/stderr "$APACHE_LOG_DIR/error.log"; ln -sfT /dev/stdout "$APACHE_LOG_DIR/access.log"; ln -sfT /dev/stdout "$APACHE_LOG_DIR/other_vhosts_access.log"; chown -R --no-dereference "$APACHE_RUN_USER:$APACHE_RUN_GROUP" "$APACHE_LOG_DIR" # buildkit |
| RUN /bin/sh -c a2dismod mpm_event && a2enmod mpm_prefork # buildkit |
| RUN /bin/sh -c { echo '<FilesMatch \.php$>'; echo '\tSetHandler application/x-httpd-php'; echo '</FilesMatch>'; echo; echo 'DirectoryIndex disabled'; echo 'DirectoryIndex index.php index.html'; echo; echo '<Directory /var/www/>'; echo '\tOptions -Indexes'; echo '\tAllowOverride All'; echo '</Directory>'; } | tee "$APACHE_CONFDIR/conf-available/docker-php.conf" && a2enconf docker-php # buildkit |
| ENV PHP_CFLAGS=-fstack-protector-strong -fpic -fpie -O2 -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 |
| ENV PHP_CPPFLAGS=-fstack-protector-strong -fpic -fpie -O2 -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 |
| ENV PHP_LDFLAGS=-Wl,-O1 -pie |
| ENV GPG_KEYS=1198C0117593497A5EC5C199286AF1F9897469DC C28D937575603EB4ABB725861C0779DC5C0A9DE4 AFD8691FDAEDF03BDF6E460563F15A9B715376CA |
| ENV PHP_VERSION=8.3.26 |
| ENV PHP_URL=https://www.php.net/distributions/php-8.3.26.tar.xz PHP_ASC_URL=https://www.php.net/distributions/php-8.3.26.tar.xz.asc |
| ENV PHP_SHA256=2f522eefa02c400c94610d07f25c4fd4c771f95e4a1f55102332ccb40663cbd2 |
| RUN /bin/sh -c set -eux; savedAptMark="$(apt-mark showmanual)"; apt-get update; apt-get install -y --no-install-recommends gnupg; apt-get dist-clean; mkdir -p /usr/src; cd /usr/src; curl -fsSL -o php.tar.xz "$PHP_URL"; if [ -n "$PHP_SHA256" ]; then echo "$PHP_SHA256 *php.tar.xz" | sha256sum -c -; fi; curl -fsSL -o php.tar.xz.asc "$PHP_ASC_URL"; export GNUPGHOME="$(mktemp -d)"; for key in $GPG_KEYS; do gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key"; done; gpg --batch --verify php.tar.xz.asc php.tar.xz; gpgconf --kill all; rm -rf "$GNUPGHOME"; apt-mark auto '.*' > /dev/null; apt-mark manual $savedAptMark > /dev/null; apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false # buildkit |
| COPY docker-php-source /usr/local/bin/ # buildkit |
| RUN /bin/sh -c set -eux; savedAptMark="$(apt-mark showmanual)"; apt-get update; apt-get install -y --no-install-recommends apache2-dev libargon2-dev libcurl4-openssl-dev libonig-dev libreadline-dev libsodium-dev libsqlite3-dev libssl-dev libxml2-dev zlib1g-dev ; export CFLAGS="$PHP_CFLAGS" CPPFLAGS="$PHP_CPPFLAGS" LDFLAGS="$PHP_LDFLAGS" PHP_BUILD_PROVIDER='https://github.com/docker-library/php' PHP_UNAME='Linux - Docker' ; docker-php-source extract; cd /usr/src/php; gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; debMultiarch="$(dpkg-architecture --query DEB_BUILD_MULTIARCH)"; if [ ! -d /usr/include/curl ]; then ln -sT "/usr/include/$debMultiarch/curl" /usr/local/include/curl; fi; ./configure --build="$gnuArch" --with-config-file-path="$PHP_INI_DIR" --with-config-file-scan-dir="$PHP_INI_DIR/conf.d" --enable-option-checking=fatal --with-mhash --with-pic --enable-mbstring --enable-mysqlnd --with-password-argon2 --with-sodium=shared --with-pdo-sqlite=/usr --with-sqlite3=/usr --with-curl --with-iconv --with-openssl --with-readline --with-zlib --disable-phpdbg --with-pear --with-libdir="lib/$debMultiarch" --disable-cgi --with-apxs2 ; make -j "$(nproc)"; find -type f -name '*.a' -delete; make install; find /usr/local -type f -perm '/0111' -exec sh -euxc ' strip --strip-all "$@" || : ' -- '{}' + ; make clean; cp -v php.ini-* "$PHP_INI_DIR/"; cd /; docker-php-source delete; apt-mark auto '.*' > /dev/null; [ -z "$savedAptMark" ] || apt-mark manual $savedAptMark; find /usr/local -type f -executable -exec ldd '{}' ';' | awk '/=>/ { so = $(NF-1); if (index(so, "/usr/local/") == 1) { next }; gsub("^/(usr/)?", "", so); printf "*%s\n", so }' | sort -u | xargs -rt dpkg-query --search | awk 'sub(":$", "", $1) { print $1 }' | sort -u | xargs -r apt-mark manual ; apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; apt-get dist-clean; pecl update-channels; rm -rf /tmp/pear ~/.pearrc; php --version # buildkit |
| COPY docker-php-ext-* docker-php-entrypoint /usr/local/bin/ # buildkit |
| RUN /bin/sh -c docker-php-ext-enable opcache # buildkit |
| RUN /bin/sh -c docker-php-ext-enable sodium # buildkit |
| ENTRYPOINT ["docker-php-entrypoint"] |
| STOPSIGNAL SIGWINCH |
| COPY apache2-foreground /usr/local/bin/ # buildkit |
| WORKDIR /var/www/html |
| EXPOSE map[80/tcp:{}] |
| CMD ["apache2-foreground"] |
| RUN /bin/sh -c set -eux; apt-get update; apt-get install -y --no-install-recommends ghostscript ; rm -rf /var/lib/apt/lists/* # buildkit |
| RUN /bin/sh -c set -ex; savedAptMark="$(apt-mark showmanual)"; apt-get update; apt-get install -y --no-install-recommends libavif-dev libfreetype6-dev libicu-dev libjpeg-dev libmagickwand-dev libpng-dev libwebp-dev libzip-dev ; docker-php-ext-configure gd --with-avif --with-freetype --with-jpeg --with-webp ; docker-php-ext-install -j "$(nproc)" bcmath exif gd intl mysqli zip ; pecl install imagick-3.8.0; docker-php-ext-enable imagick; rm -r /tmp/pear; out="$(php -r 'exit(0);')"; [ -z "$out" ]; err="$(php -r 'exit(0);' 3>&1 1>&2 2>&3)"; [ -z "$err" ]; extDir="$(php -r 'echo ini_get("extension_dir");')"; [ -d "$extDir" ]; apt-mark auto '.*' > /dev/null; apt-mark manual $savedAptMark; ldd "$extDir"/*.so | awk '/=>/ { so = $(NF-1); if (index(so, "/usr/local/") == 1) { next }; gsub("^/(usr/)?", "", so); printf "*%s\n", so }' | sort -u | xargs -r dpkg-query --search | cut -d: -f1 | sort -u | xargs -rt apt-mark manual; apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; rm -rf /var/lib/apt/lists/*; ! { ldd "$extDir"/*.so | grep 'not found'; }; err="$(php --version 3>&1 1>&2 2>&3)"; [ -z "$err" ] # buildkit |
| RUN /bin/sh -c set -eux; docker-php-ext-enable opcache; { echo 'opcache.memory_consumption=128'; echo 'opcache.interned_strings_buffer=8'; echo 'opcache.max_accelerated_files=4000'; echo 'opcache.revalidate_freq=2'; } > /usr/local/etc/php/conf.d/opcache-recommended.ini # buildkit |
| RUN /bin/sh -c { echo 'error_reporting = E_ERROR | E_WARNING | E_PARSE | E_CORE_ERROR | E_CORE_WARNING | E_COMPILE_ERROR | E_COMPILE_WARNING | E_RECOVERABLE_ERROR'; echo 'display_errors = Off'; echo 'display_startup_errors = Off'; echo 'log_errors = On'; echo 'error_log = /dev/stderr'; echo 'log_errors_max_len = 1024'; echo 'ignore_repeated_errors = On'; echo 'ignore_repeated_source = Off'; echo 'html_errors = Off'; } > /usr/local/etc/php/conf.d/error-logging.ini # buildkit |
| RUN /bin/sh -c set -eux; a2enmod rewrite expires; a2enmod remoteip; { echo 'RemoteIPHeader X-Forwarded-For'; echo 'RemoteIPInternalProxy 10.0.0.0/8'; echo 'RemoteIPInternalProxy 172.16.0.0/12'; echo 'RemoteIPInternalProxy 192.168.0.0/16'; echo 'RemoteIPInternalProxy 169.254.0.0/16'; echo 'RemoteIPInternalProxy 127.0.0.0/8'; } > /etc/apache2/conf-available/remoteip.conf; a2enconf remoteip; find /etc/apache2 -type f -name '*.conf' -exec sed -ri 's/([[:space:]]*LogFormat[[:space:]]+"[^"]*)%h([^"]*")/\1%a\2/g' '{}' + # buildkit |
| RUN /bin/sh -c set -eux; version='6.8.3'; sha1='fd56bcdc15f1877e45dce67942ea75949ed650e8'; curl -o wordpress.tar.gz -fL "https://wordpress.org/wordpress-$version.tar.gz"; echo "$sha1 *wordpress.tar.gz" | sha1sum -c -; tar -xzf wordpress.tar.gz -C /usr/src/; rm wordpress.tar.gz; [ ! -e /usr/src/wordpress/.htaccess ]; { echo '# BEGIN WordPress'; echo ''; echo 'RewriteEngine On'; echo 'RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]'; echo 'RewriteBase /'; echo 'RewriteRule ^index\.php$ - [L]'; echo 'RewriteCond %{REQUEST_FILENAME} !-f'; echo 'RewriteCond %{REQUEST_FILENAME} !-d'; echo 'RewriteRule . /index.php [L]'; echo ''; echo '# END WordPress'; } > /usr/src/wordpress/.htaccess; chown -R www-data:www-data /usr/src/wordpress; mkdir wp-content; for dir in /usr/src/wordpress/wp-content/*/ cache; do dir="$(basename "${dir%/}")"; mkdir "wp-content/$dir"; done; chown -R www-data:www-data wp-content; chmod -R 1777 wp-content # buildkit |
| VOLUME [/var/www/html] |
| COPY --chown=www-data:www-data wp-config-docker.php /usr/src/wordpress/ # buildkit |
| COPY docker-entrypoint.sh /usr/local/bin/ # buildkit |
| RUN /bin/sh -c ln -svfT docker-entrypoint.sh /usr/local/bin/docker-ensure-installed.sh # buildkit |
| ENTRYPOINT ["docker-entrypoint.sh"] |
| CMD ["apache2-foreground"] |
| ARG DEBIAN_FRONTEND=noninteractive |
| ARG WP_USER_ID=33 |
| ARG WP_GROUP_ID=33 |
| ENV TZ=Asia/Bangkok |
| ENV APACHE_RUN_USER=www-data |
| ENV APACHE_RUN_GROUP=www-data |
| WORKDIR /var/www/html |
| RUN |3 DEBIAN_FRONTEND=noninteractive WP_USER_ID=33 WP_GROUP_ID=33 /bin/sh -c set -eux; apt-get update; apt-get upgrade -y; apt-get install -y --no-install-recommends ca-certificates curl unzip libpng-dev libzip-dev gnupg2 apt-transport-https; rm -rf /var/lib/apt/lists/* # buildkit |
| COPY /usr/bin/install-php-extensions /usr/bin/install-php-extensions # buildkit |
| RUN |3 DEBIAN_FRONTEND=noninteractive WP_USER_ID=33 WP_GROUP_ID=33 /bin/sh -c chmod +x /usr/bin/install-php-extensions # buildkit |
| RUN |3 DEBIAN_FRONTEND=noninteractive WP_USER_ID=33 WP_GROUP_ID=33 /bin/sh -c set -eux; install-php-extensions bcmath exif gd gettext intl mysqli opcache pdo_mysql zip redis ldap # buildkit |
| RUN |3 DEBIAN_FRONTEND=noninteractive WP_USER_ID=33 WP_GROUP_ID=33 /bin/sh -c set -eux; mkdir -p /tmp/opcache && chown -R www-data:www-data /tmp/opcache; { echo 'opcache.enable=1'; echo 'opcache.enable_cli=1'; echo 'opcache.jit=off'; echo 'opcache.memory_consumption=256'; echo 'opcache.interned_strings_buffer=32'; echo 'opcache.max_accelerated_files=65407'; echo 'opcache.validate_timestamps=0'; echo 'opcache.revalidate_freq=0'; echo 'opcache.revalidate_path=1'; echo 'opcache.file_cache=/tmp/opcache'; echo 'opcache.file_cache_only=1'; echo 'opcache.file_cache_consistency_checks=1'; echo 'opcache.file_cache_fallback=1'; } > /usr/local/etc/php/conf.d/zz-opcache.ini # buildkit |
| RUN |3 DEBIAN_FRONTEND=noninteractive WP_USER_ID=33 WP_GROUP_ID=33 /bin/sh -c set -eux; { echo 'expose_php=Off'; echo 'display_errors=Off'; echo 'log_errors=On'; echo 'error_log=/var/log/php_errors.log'; echo 'memory_limit=512M'; echo 'max_execution_time=300'; echo 'max_input_time=300'; echo 'upload_max_filesize=256M'; echo 'post_max_size=256M'; echo 'date.timezone=Asia/Bangkok'; echo 'realpath_cache_size=8192k'; echo 'realpath_cache_ttl=1200'; echo 'output_buffering=4096'; echo 'sys_temp_dir=/tmp'; echo 'upload_tmp_dir=/tmp'; } > /usr/local/etc/php/conf.d/zz-base.ini; { echo 'session.use_strict_mode=1'; echo 'session.cookie_secure=1'; echo 'session.cookie_httponly=1'; echo 'session.cookie_samesite=Strict'; echo 'session.save_handler=redis'; echo 'session.save_path="tcp://redis:6379?database=2&timeout=2.0"'; } > /usr/local/etc/php/conf.d/zz-session.ini; { echo 'disable_functions=exec,passthru,shell_exec,system,proc_open,popen,parse_ini_file,show_source,phpinfo'; } > /usr/local/etc/php/conf.d/zz-disable_functions.ini # buildkit |
| RUN |3 DEBIAN_FRONTEND=noninteractive WP_USER_ID=33 WP_GROUP_ID=33 /bin/sh -c set -eux; a2enmod rewrite expires headers deflate remoteip; { echo 'ServerName localhost'; } > /etc/apache2/conf-available/servername.conf; a2enconf servername; { echo 'RemoteIPHeader X-Forwarded-For'; echo 'RemoteIPTrustedProxy 10.0.0.0/8'; echo 'RemoteIPTrustedProxy 172.16.0.0/12'; echo 'RemoteIPTrustedProxy 172.27.0.0/16'; } > /etc/apache2/conf-available/99-remoteip.conf; a2enconf 99-remoteip; { echo '<IfModule mod_headers.c>'; echo ' Header always set X-Frame-Options "SAMEORIGIN"'; echo ' Header always set X-Content-Type-Options "nosniff"'; echo ' Header always set Referrer-Policy "strict-origin-when-cross-origin"'; echo ' Header always set Permissions-Policy "geolocation=(), microphone=(), camera=()"'; echo ' Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains"'; echo '</IfModule>'; } > /etc/apache2/conf-available/99-security-headers.conf; a2enconf 99-security-headers; { echo 'ServerTokens Prod'; echo 'ServerSignature Off'; echo 'HostnameLookups Off'; echo 'TraceEnable Off'; echo 'FileETag None'; echo 'Timeout 60'; echo 'KeepAlive On'; echo 'MaxKeepAliveRequests 100'; echo 'KeepAliveTimeout 2'; } > /etc/apache2/conf-available/99-performance.conf; a2enconf 99-performance; { echo '<IfModule mod_deflate.c>'; echo ' AddOutputFilterByType DEFLATE text/plain text/html text/xml text/css text/javascript application/javascript application/x-javascript application/json application/xml application/rss+xml application/ld+json image/svg+xml'; echo ' DeflateCompressionLevel 6'; echo ' SetEnvIfNoCase Request_URI "\\.(?:gif|jpe?g|png|webp|avif|mp4|mp3|zip|gz|bz2)$" no-gzip=1'; echo '</IfModule>'; echo ''; echo '<IfModule mod_brotli.c>'; echo ' BrotliCompressionLevel 5'; echo ' AddOutputFilterByType BROTLI_COMPRESS text/plain text/html text/xml text/css text/javascript application/javascript application/x-javascript application/json application/xml application/rss+xml application/ld+json image/svg+xml'; echo '</IfModule>'; } > /etc/apache2/conf-available/99-compress.conf; a2enconf 99-compress; { echo '<IfModule mod_expires.c>'; echo ' ExpiresActive On'; echo ' ExpiresByType text/css "access plus 30 days"'; echo ' ExpiresByType application/javascript "access plus 30 days"'; echo ' ExpiresByType application/json "access plus 7 days"'; echo ' ExpiresByType image/svg+xml "access plus 30 days"'; echo ' ExpiresByType image/avif "access plus 30 days"'; echo ' ExpiresByType image/webp "access plus 30 days"'; echo ' ExpiresByType image/png "access plus 30 days"'; echo ' ExpiresByType image/jpg "access plus 30 days"'; echo ' ExpiresByType image/jpeg "access plus 30 days"'; echo ' ExpiresByType image/gif "access plus 30 days"'; echo '</IfModule>'; echo '<IfModule mod_headers.c>'; echo ' <LocationMatch "\\.(?:css|js|svg|json)$">'; echo ' Header set Cache-Control "public, max-age=2592000, immutable"'; echo ' </LocationMatch>'; echo ' <LocationMatch "\\.(?:png|jpe?g|gif|webp|avif)$">'; echo ' Header set Cache-Control "public, max-age=2592000, immutable"'; echo ' </LocationMatch>'; echo '</IfModule>'; } > /etc/apache2/conf-available/99-static-cache.conf; a2enconf 99-static-cache # buildkit |
| RUN |3 DEBIAN_FRONTEND=noninteractive WP_USER_ID=33 WP_GROUP_ID=33 /bin/sh -c cat >/etc/apache2/conf-available/99-wp-uploads-noexec.conf <<'APACHECONF' <Directory "/var/www/html/wp-content/uploads"> php_admin_flag engine Off <FilesMatch "\.ph(p[0-9]?|t|tml)$"> Require all denied </FilesMatch> Options -Indexes </Directory> APACHECONF # buildkit |
| RUN |3 DEBIAN_FRONTEND=noninteractive WP_USER_ID=33 WP_GROUP_ID=33 /bin/sh -c a2enconf 99-wp-uploads-noexec # buildkit |
| RUN |3 DEBIAN_FRONTEND=noninteractive WP_USER_ID=33 WP_GROUP_ID=33 /bin/sh -c apache2ctl -t # buildkit |
| RUN |3 DEBIAN_FRONTEND=noninteractive WP_USER_ID=33 WP_GROUP_ID=33 /bin/sh -c set -eux; curl -fsSL https://raw.githubusercontent.com/wp-cli/builds/gh-pages/phar/wp-cli.phar -o /usr/local/bin/wp; chmod +x /usr/local/bin/wp # buildkit |
| COPY --chown=www-data:www-data apache2.conf /etc/apache2/ # buildkit |
| COPY --chown=www-data:www-data 000-default.conf /etc/apache2/sites-available/ # buildkit |
| COPY --chown=www-data:www-data php.ini /usr/local/etc/php/ # buildkit |
| RUN |3 DEBIAN_FRONTEND=noninteractive WP_USER_ID=33 WP_GROUP_ID=33 /bin/sh -c set -eux; if [ "${WP_GROUP_ID}" != "33" ]; then groupmod -g "${WP_GROUP_ID}" www-data; fi; if [ "${WP_USER_ID}" != "33" ]; then usermod -u "${WP_USER_ID}" www-data; fi; mkdir -p /var/www/html; chown -R www-data:www-data /var/www/html; find /var/www/html -type d -exec chmod 755 {} \; ; find /var/www/html -type f -exec chmod 644 {} \; # buildkit |
| COPY --chown=www-data:www-data .htaccess /var/www/html/ # buildkit |
| RUN |3 DEBIAN_FRONTEND=noninteractive WP_USER_ID=33 WP_GROUP_ID=33 /bin/sh -c chmod 644 /var/www/html/.htaccess # buildkit |
| RUN |3 DEBIAN_FRONTEND=noninteractive WP_USER_ID=33 WP_GROUP_ID=33 /bin/sh -c set -eux; touch /var/log/php_errors.log; chown www-data:www-data /var/log/php_errors.log; chmod 644 /var/log/php_errors.log # buildkit |
| HEALTHCHECK &{["CMD-SHELL" "curl -f http://localhost/wp-login.php || exit 1"] "30s" "10s" "1m0s" "0s" '\x03'} |
| EXPOSE &{[{{225 0} {225 0}}] 0xc0019d7080} |
| CMD ["apache2-foreground"] |