Docker and Ghost CMS overhaul

.env

@@ -1,14 +1,18 @@
 #!/usr/bin/env bash
 
 # Ghost
-URL=http://localhost
+GHOST_HOST=localhost/ghost
+GHOST_EMAIL=admin@openrsc.com
+GHOST_PASSWORD=malwareinfection
+GHOST_DATABASE_NAME=ghost
+ALLOW_EMPTY_PASSWORD=no
 
 # Nginx
 NGINX_HOST=localhost
 
 # MySQL
-MYSQL_DATABASE=test
-MYSQL_ROOT_USER=root
-MYSQL_ROOT_PASSWORD=root
-MYSQL_USER=dev
-MYSQL_PASSWORD=dev
+MARIADB_DATABASE=test
+MARIADB_ROOT_USER=root
+MARIADB_ROOT_PASSWORD=root
+MARIADB_USER=user
+MARIADB_PASS=pass

Linux_Installer.sh

@@ -546,9 +546,10 @@ elif [ "$choice" == "2" ]; then
     unzip -o Game/client/cache.zip -d ~/OpenRSC
     echo ""
     echo ""
-    echo "Importing the game databases."
+    echo "Importing the databases."
     echo ""
     sudo make import-game
+    sudo make import-ghost
     echo ""
     echo ""
     echo "Creating a backup of your current databases as \"Docker-Home/data/db/db.sql\""

Makefile

@@ -57,28 +57,31 @@ logs:
 backup:
 	@sudo mkdir -p $(MYSQL_DUMPS_DIR)
 	@$(shell sudo chmod -R 777 $(MYSQL_DUMPS_DIR))
-	@docker exec $(shell docker-compose ps -q mysqldb) mysqldump --all-databases -u"$(MYSQL_ROOT_USER)" -p"$(MYSQL_ROOT_PASSWORD)" > $(MYSQL_DUMPS_DIR)/db.sql 2>/dev/null
+	@docker exec $(shell docker-compose ps -q mysqldb) mysqldump --all-databases -u"$(MARIADB_ROOT_USER)" -p"$(MARIADB_ROOT_PASSWORD)" > $(MYSQL_DUMPS_DIR)/db.sql 2>/dev/null
 
 backup-windows:
-	@docker exec -i mysql mysqldump --all-databases -u"$(MYSQL_ROOT_USER)" -p"$(MYSQL_ROOT_PASSWORD)" > $(MYSQL_DUMPS_DIR)/db.sql
+	@docker exec -i mysql mysqldump --all-databases -u"$(MARIADB_ROOT_USER)" -p"$(MARIADB_ROOT_PASSWORD)" > $(MYSQL_DUMPS_DIR)/db.sql
 
 restore:
-	@docker exec -i $(shell docker-compose ps -q mysqldb) mysql -u"$(MYSQL_ROOT_USER)" -p"$(MYSQL_ROOT_PASSWORD)" < $(MYSQL_DUMPS_DIR)/db.sql 2>/dev/null
+	@docker exec -i $(shell docker-compose ps -q mysqldb) mysql -u"$(MARIADB_ROOT_USER)" -p"$(MARIADB_ROOT_PASSWORD)" < $(MYSQL_DUMPS_DIR)/db.sql 2>/dev/null
 
 restore-windows:
-	@docker exec -i mysql mysql -u"$(MYSQL_ROOT_USER)" -p"$(MYSQL_ROOT_PASSWORD)" < $(MYSQL_DUMPS_DIR)/db.sql
+	@docker exec -i mysql mysql -u"$(MARIADB_ROOT_USER)" -p"$(MARIADB_ROOT_PASSWORD)" < $(MYSQL_DUMPS_DIR)/db.sql
 
 import-game:
-	@docker exec -i $(shell docker-compose ps -q mysqldb) mysql -u"$(MYSQL_ROOT_USER)" -p"$(MYSQL_ROOT_PASSWORD)" < Game/Databases/openrsc_config.sql 2>/dev/null
-	@docker exec -i $(shell docker-compose ps -q mysqldb) mysql -u"$(MYSQL_ROOT_USER)" -p"$(MYSQL_ROOT_PASSWORD)" < Game/Databases/openrsc_logs.sql 2>/dev/null
-	@docker exec -i $(shell docker-compose ps -q mysqldb) mysql -u"$(MYSQL_ROOT_USER)" -p"$(MYSQL_ROOT_PASSWORD)" < Game/Databases/openrsc.sql 2>/dev/null
-	@docker exec -i $(shell docker-compose ps -q mysqldb) mysql -u"$(MYSQL_ROOT_USER)" -p"$(MYSQL_ROOT_PASSWORD)" < Game/Databases/openrsc_tools.sql 2>/dev/null
+	@docker exec -i $(shell sudo docker-compose ps -q mysqldb) mysql -u"$(MARIADB_ROOT_USER)" -p"$(MARIADB_ROOT_PASSWORD)" < Game/Databases/openrsc_config.sql 2>/dev/null
+	@docker exec -i $(shell sudo docker-compose ps -q mysqldb) mysql -u"$(MARIADB_ROOT_USER)" -p"$(MARIADB_ROOT_PASSWORD)" < Game/Databases/openrsc_logs.sql 2>/dev/null
+	@docker exec -i $(shell sudo docker-compose ps -q mysqldb) mysql -u"$(MARIADB_ROOT_USER)" -p"$(MARIADB_ROOT_PASSWORD)" < Game/Databases/openrsc.sql 2>/dev/null
+	@docker exec -i $(shell sudo docker-compose ps -q mysqldb) mysql -u"$(MARIADB_ROOT_USER)" -p"$(MARIADB_ROOT_PASSWORD)" < Game/Databases/openrsc_tools.sql 2>/dev/null
 
 import-website:
-	#@docker exec -i $(shell docker-compose ps -q mysqldb) mysql -u"$(MYSQL_ROOT_USER)" -p"$(MYSQL_ROOT_PASSWORD)" < Website/openrsc_forum.sql 2>/dev/null
+	@docker exec -i $(shell sudo docker-compose ps -q mysqldb) mysql -u"$(MARIADB_ROOT_USER)" -p"$(MARIADB_ROOT_PASSWORD)" < Website/openrsc_forum.sql 2>/dev/null
+
+import-ghost:
+	docker exec -i $(shell sudo docker-compose ps -q mysqldb) mysql -u"$(MARIADB_ROOT_USER)" -p"$(MARIADB_ROOT_PASSWORD)" < ghost.sql 2>/dev/null
 
 import-wiki:
-	#@docker exec -i $(shell docker-compose ps -q mysqldb) mysql -u"$(MYSQL_ROOT_USER)" -p"$(MYSQL_ROOT_PASSWORD)" < Website/Wiki/openrsc_wiki.sql 2>/dev/null
+	@docker exec -i $(shell sudo docker-compose ps -q mysqldb) mysql -u"$(MARIADB_ROOT_USER)" -p"$(MARIADB_ROOT_PASSWORD)" < Website/Wiki/openrsc_wiki.sql 2>/dev/null
 
 import-windows-game:
 	@docker exec -i mysql mysql -u"root" -p"root" < Game/Databases/openrsc_logs.sql
@@ -87,13 +90,16 @@ import-windows-game:
 	@docker exec -i mysql mysql -u"root" -p"root" < Game/Databases/openrsc_tools.sql
 
 import-windows-website:
-	#@docker exec -i mysql mysql -u"$(MYSQL_ROOT_USER)" -p"$(MYSQL_ROOT_PASSWORD)" < Website/openrsc_forum.sql
+	@docker exec -i mysql mysql -u"$(MARIADB_ROOT_USER)" -p"$(MARIADB_ROOT_PASSWORD)" < Website/openrsc_forum.sql
+
+import-windows-ghost:
+	@docker exec -i mysql mysql -u"$(MARIADB_ROOT_USER)" -p"$(MARIADB_ROOT_PASSWORD)" < ghost.sql
 
 import-windows-wiki:
-	#@docker exec -i mysql mysql -u"$(MYSQL_ROOT_USER)" -p"$(MYSQL_ROOT_PASSWORD)" < Website/Wiki/openrsc_wiki.sql
+	@docker exec -i mysql mysql -u"$(MARIADB_ROOT_USER)" -p"$(MARIADB_ROOT_PASSWORD)" < Website/Wiki/openrsc_wiki.sql
 
 flush:
-	@$(shell rm -rf Website && rm -rf Game)
+	@$(shell sudo rm -rf Website && sudo rm -rf Game)
 
 flush-windows:
 	@rmdir "Website" /s /Q

Windows_Installer.cmd

@@ -247,6 +247,7 @@ echo:
 echo Importing the game databases.
 echo:
 make import-windows-game
+make import-windows-ghost
 echo:
 echo:
 goto final

docker-compose.yml

@@ -2,34 +2,24 @@ version: '3.1'
 services:
 
     nginx:
-        image: nginx:latest
+        image: bitnami/nginx:latest
         container_name: nginx
         volumes:
-            - "./etc/nginx/default.conf:/etc/nginx/conf.d/default.conf"
-            #- "./Website:/var/www/html/public"
-            - "./etc/nginx/default.template.conf:/etc/nginx/conf.d/default.template"
-            - "./etc/logs/nginx:/var/log/nginx"
-            - "./etc/logs/letsencrypt:/var/log/letsencrypt"
-            - "./etc/letsencrypt/certs:/etc/letsencrypt"
-            - "./etc/letsencrypt/data:/data/letsencrypt"
+            - "./etc/nginx:/opt/bitnami/nginx/conf/vhosts"
+            - "./Website:/opt/bitnami/nginx/html"
+            - "./etc/logs/nginx:/opt/bitnami/nginx/logs"
+            #- "./etc/logs/letsencrypt:/var/log/letsencrypt"
+            #- "./etc/letsencrypt/certs:/etc/letsencrypt"
+            #- "./etc/letsencrypt/data:/data/letsencrypt"
         ports:
-            - "80:80"
+            - "80:8080"
             - "443:443"
         environment:
             - NGINX_HOST=${NGINX_HOST}
-        command: /bin/sh -c "envsubst '$$NGINX_HOST' < /etc/nginx/conf.d/default.template > /etc/nginx/conf.d/default.conf && nginx -g 'daemon off;'"
+            #- VIRTUAL_HOST=localhost
+            #- LETSENCRYPT_HOST=localhost
+            #- LETSENCRYPT_EMAIL=your.email@here.com
         restart: always
-        depends_on:
-            - mysqldb
-            - tomcat
-#        logging:
-#            driver: splunk
-#            options:
-#                splunk-token: "e1c56fa1-9f7c-4d2c-ba8f-989b15d85008"
-#                splunk-url: "https://127.0.0.1:8088"
-#                splunk-insecureskipverify: "true"
-#                tag: "{{.ImageName}}/{{.Name}}/{{.ID}}"
-#                labels: "Nginx"
 
     myadmin:
         image: phpmyadmin/phpmyadmin
@@ -42,40 +32,28 @@ services:
         restart: always
         depends_on:
             - mysqldb
-#        logging:
-#            driver: splunk
-#            options:
-#                splunk-token: "e1c56fa1-9f7c-4d2c-ba8f-989b15d85008"
-#                splunk-url: "https://127.0.0.1:8088"
-#                splunk-insecureskipverify: "true"
-#                tag: "{{.ImageName}}/{{.Name}}/{{.ID}}"
-#                labels: "PHPMyAdmin"
 
     mysqldb:
-        image: mariadb:10.3.8
+        image: bitnami/mariadb:latest
         container_name: mysql
         restart: always
         env_file:
             - ".env"
         environment:
-            - MYSQL_DATABASE=${MYSQL_DATABASE}
-            - MYSQL_ROOT_USER=${MYSQL_ROOT_USER}
-            - MYSQL_ROOT_PASSWORD=${MYSQL_ROOT_PASSWORD}
-            - MYSQL_USER=${MYSQL_USER}
-            - MYSQL_PASSWORD=${MYSQL_PASSWORD}
+            - MARIADB_DATABASE=${MARIADB_DATABASE}
+            - MARIADB_ROOT_USER=${MARIADB_ROOT_USER}
+            - MARIADB_ROOT_PASSWORD=${MARIADB_ROOT_PASSWORD}
+            - ALLOW_EMPTY_PASSWORD=no
+            - MARIADB_USER=${MARIADB_USER}
+            - MARIADB_PASSWORD=${MARIADB_PASS}
+            - MARIADB_DATABASE=bitnami_ghost
         ports:
             - "127.0.0.1:3306:3306"
         volumes:
-            - "./data/db/mysql:/var/lib/mysql"
-            - "./etc/mariadb/innodb.cnf:/etc/mysql/conf.d/innodb.cnf:ro"
-#        logging:
-#            driver: splunk
-#            options:
-#                splunk-token: "e1c56fa1-9f7c-4d2c-ba8f-989b15d85008"
-#                splunk-url: "https://127.0.0.1:8088"
-#                splunk-insecureskipverify: "true"
-#                tag: "{{.ImageName}}/{{.Name}}/{{.ID}}"
-#                labels: "MySQL"
+            - "./data/db/mysql:/bitnami/mariadb"
+            - "./etc/mariadb/innodb.cnf:/bitnami/mariadb/conf/innodb.cnf:ro"
+        depends_on:
+          - nginx
 
     tomcat:
         image: tomcat:latest
@@ -86,36 +64,47 @@ services:
         volumes:
             - "./Website:/usr/local/tomcat/webapps/ROOT"
             - "./etc/tomcat:/usr/local/tomcat/conf"
-#        logging:
-#            driver: splunk
-#            options:
-#                splunk-token: "e1c56fa1-9f7c-4d2c-ba8f-989b15d85008"
-#                splunk-url: "https://127.0.0.1:8088"
-#                splunk-insecureskipverify: "true"
-#                tag: "{{.ImageName}}/{{.Name}}/{{.ID}}"
-#                labels: "Tomcat"
+        depends_on:
+          - nginx
 
     ghost:
-        image: ghost:latest
+        image: bitnami/ghost:latest
         container_name: ghost
         ports:
             - "127.0.0.1:2368:2368"
         restart: always
         volumes:
-            - "./etc/ghost:/var/lib/ghost/content"
-        depends_on:
-            - nginx
+            - "./etc:/bitnami"
         env_file:
             - ".env"
         environment:
-          NODE_ENV: production
-          privacy__useUpdateCheck: 0
-          url: ${URL}
-#        logging:
-#            driver: splunk
-#            options:
-#                splunk-token: "e1c56fa1-9f7c-4d2c-ba8f-989b15d85008"
-#                splunk-url: "https://127.0.0.1:8088"
-#                splunk-insecureskipverify: "true"
-#                tag: "{{.ImageName}}/{{.Name}}/{{.ID}}"
-#                labels: "Ghost"
+          - MARIADB_HOST=mysql
+          - MARIADB_PORT_NUMBER=3306
+          - GHOST_DATABASE_USER=${MARIADB_ROOT_USER}
+          - GHOST_DATABASE_PASSWORD=${MARIADB_ROOT_PASSWORD}
+          - GHOST_DATABASE_NAME=${GHOST_DATABASE_NAME}
+          - ALLOW_EMPTY_PASSWORD=${ALLOW_EMPTY_PASSWORD}
+          - GHOST_HOST=${GHOST_HOST}
+          - GHOST_EMAIL=${GHOST_EMAIL}
+          - GHOST_PASSWORD=${GHOST_PASSWORD}
+        depends_on:
+          - mysqldb
+          - nginx
+
+    php:
+        image: bitnami/php-fpm:latest
+        container_name: php
+        restart: always
+        ports:
+            - "9001:9000"
+        volumes:
+            - "./etc/php/php.ini:/opt/bitnami/php/etc/conf.d/php.ini"
+            - "./Website:/app"
+        depends_on:
+          - nginx
+
+volumes:
+  mariadb_data:
+    driver: local
+  ghost_data:
+    driver: local

etc/ghost/config.production.json

@@ -0,0 +1,29 @@
+{
+  "database": {
+    "client": "mysql",
+    "connection": {
+      "host": "mysql",
+      "port": 3306,
+      "password": "root",
+      "user": "root",
+      "database": "ghost"
+    }
+  },
+  "url": "http://localhost:2368/blog",
+  "server": {
+    "port": 2368,
+    "host": "0.0.0.0"
+  },
+  "mail": {
+    "transport": "Direct"
+  },
+  "logging": {
+    "transports": [
+      "file"
+    ]
+  },
+  "process": "local",
+  "paths": {
+    "contentPath": "/opt/bitnami/ghost/content"
+  }
+}

etc/ghost/content/logs

@@ -0,0 +1 @@
+/opt/bitnami/ghost/logs

etc/ghost/content/themes/casper

@@ -0,0 +1 @@
+/opt/bitnami/ghost/current/content/themes/casper

etc/ghost/ghost/config.production.json

@@ -0,0 +1,29 @@
+{
+  "database": {
+    "client": "mysql",
+    "connection": {
+      "host": "mysql",
+      "port": 3306,
+      "password": "root",
+      "user": "root",
+      "database": "ghost"
+    }
+  },
+  "url": "http://localhost:2368/blog",
+  "server": {
+    "port": 2368,
+    "host": "0.0.0.0"
+  },
+  "mail": {
+    "transport": "Direct"
+  },
+  "logging": {
+    "transports": [
+      "file"
+    ]
+  },
+  "process": "local",
+  "paths": {
+    "contentPath": "/opt/bitnami/ghost/content"
+  }
+}

etc/nginx/HTTPS_default.conf.BAK

@@ -0,0 +1,119 @@
+upstream tomcat {
+    server tomcat:8080;
+}
+
+upstream ghost {
+    server ghost:2368;
+}
+
+# HTTP
+server {
+    listen 8080                             default_server;
+    listen [::]:8080                        default_server ipv6only=on;
+    server_name                             ${NGINX_HOST};
+
+    error_log                               /opt/bitnami/nginx/logs/error.log;
+    access_log                              /opt/bitnami/nginx/logs/access.log;
+
+    rewrite ^ https://$http_host$request_uri? permanent; #Redirect traffic to HTTPS
+
+    root /app;
+    index index.html index.htm index.php index.jsp;
+
+    client_max_body_size                    100M;
+
+    location / {
+        try_files $uri $uri/index.html;
+    }
+
+    ####### Proxies #######
+    # PHP proxy
+    location ~ \.php$ {
+        fastcgi_pass php:9001;
+        fastcgi_index index.php;
+        include fastcgi.conf;
+    }
+
+    # Ghost proxy
+    location /blog {
+        proxy_pass http://ghost;
+        proxy_set_header  Host              $http_host;   # required for docker client's sake
+        proxy_set_header  X-Real-IP         $remote_addr; # pass on real client's IP
+        proxy_set_header  X-Forwarded-For   $proxy_add_x_forwarded_for;
+        proxy_set_header  X-Forwarded-Proto $scheme;
+        proxy_read_timeout                  900;
+    }
+
+    # Tomcat proxy
+    location ~ \.(do|jspa|obr|jsp|txt|zip) {
+        proxy_set_header X-Forwarded-Host $host;
+        proxy_set_header X-Forwarded-Server $host;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_pass                          http://tomcat;
+    }
+
+}
+
+# HTTPS
+server {
+    listen      443           ssl http2;
+    listen [::]:443           ssl http2;
+    server_name               ${NGINX_HOST};
+
+    error_log                 /opt/bitnami/nginx/logs/error.log;
+    access_log                /opt/bitnami/nginx/logs/access.log;
+
+    add_header                Strict-Transport-Security "max-age=31536000" always;
+    ssl_session_cache         shared:SSL:20m;
+    ssl_session_timeout       10m;
+    ssl_protocols             TLSv1 TLSv1.1 TLSv1.2;
+    ssl_prefer_server_ciphers on;
+    ssl_ciphers               "ECDH+AESGCM:ECDH+AES256:ECDH+AES128:!ADH:!AECDH:!MD5;";
+    ssl_stapling              on;
+    ssl_stapling_verify       on;
+    resolver                  8.8.8.8 1.1.1.1;
+    ssl_certificate           /etc/letsencrypt/live/${NGINX_HOST}/fullchain.pem;
+    ssl_certificate_key       /etc/letsencrypt/live/${NGINX_HOST}/privkey.pem;
+    ssl_trusted_certificate   /etc/letsencrypt/live/${NGINX_HOST}/chain.pem;
+
+    root /app;
+    index index.html index.htm index.php index.jsp;
+
+    client_max_body_size                    100M;
+
+    location / {
+        try_files $uri $uri/index.html;
+    }
+
+    ####### Proxies #######
+    # PHP proxy
+    location ~ \.php$ {
+        fastcgi_pass php:9001;
+        fastcgi_index index.php;
+        include fastcgi.conf;
+    }
+
+    # Ghost proxy
+    location /blog {
+        proxy_pass http://ghost;
+        proxy_set_header  Host              $http_host;   # required for docker client's sake
+        proxy_set_header  X-Real-IP         $remote_addr; # pass on real client's IP
+        proxy_set_header  X-Forwarded-For   $proxy_add_x_forwarded_for;
+        proxy_set_header  X-Forwarded-Proto $scheme;
+        proxy_read_timeout                  900;
+    }
+
+    # Tomcat proxy
+    location ~ \.(do|jspa|obr|jsp|txt|zip) {
+        proxy_set_header X-Forwarded-Host $host;
+        proxy_set_header X-Forwarded-Server $host;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_pass                          http://tomcat;
+    }
+
+    # Certbot for HTTPS cert renewal
+    location ~ ^/.well-known {
+        root /data/letsencrypt/;
+    }
+
+}