Initial

config/application.php

@@ -0,0 +1,137 @@
+<?php
+/**
+ * Your base production configuration goes in this file. Environment-specific
+ * overrides go in their respective config/environments/{{WP_ENV}}.php file.
+ *
+ * A good default policy is to deviate from the production config as little as
+ * possible. Try to define as much of your configuration in this file as you
+ * can.
+ */
+
+use Roots\WPConfig\Config;
+use function Env\env;
+
+/**
+ * Directory containing all of the site's files
+ *
+ * @var string
+ */
+$root_dir = dirname(__DIR__);
+
+/**
+ * Document Root
+ *
+ * @var string
+ */
+$webroot_dir = $root_dir . '/web';
+
+/**
+ * Use Dotenv to set required environment variables and load .env file in root
+ * .env.local will override .env if it exists
+ */
+$env_files = file_exists($root_dir . '/.env.local')
+    ? ['.env', '.env.local']
+    : ['.env'];
+
+$dotenv = Dotenv\Dotenv::createUnsafeImmutable($root_dir, $env_files, false);
+if (file_exists($root_dir . '/.env')) {
+    $dotenv->load();
+    $dotenv->required(['WP_HOME', 'WP_SITEURL']);
+    if (!env('DATABASE_URL')) {
+        $dotenv->required(['DB_NAME', 'DB_USER', 'DB_PASSWORD']);
+    }
+}
+
+/**
+ * Set up our global environment constant and load its config first
+ * Default: production
+ */
+define('WP_ENV', env('WP_ENV') ?: 'production');
+
+/**
+ * URLs
+ */
+Config::define('WP_HOME', env('WP_HOME'));
+Config::define('WP_SITEURL', env('WP_SITEURL'));
+
+/**
+ * Custom Content Directory
+ */
+Config::define('CONTENT_DIR', '/app');
+Config::define('WP_CONTENT_DIR', $webroot_dir . Config::get('CONTENT_DIR'));
+Config::define('WP_CONTENT_URL', Config::get('WP_HOME') . Config::get('CONTENT_DIR'));
+
+/**
+ * DB settings
+ */
+Config::define('DB_NAME', env('DB_NAME'));
+Config::define('DB_USER', env('DB_USER'));
+Config::define('DB_PASSWORD', env('DB_PASSWORD'));
+Config::define('DB_HOST', env('DB_HOST') ?: 'localhost');
+Config::define('DB_CHARSET', 'utf8mb4');
+Config::define('DB_COLLATE', '');
+$table_prefix = env('DB_PREFIX') ?: 'wp_';
+
+if (env('DATABASE_URL')) {
+    $dsn = (object) parse_url(env('DATABASE_URL'));
+
+    Config::define('DB_NAME', substr($dsn->path, 1));
+    Config::define('DB_USER', $dsn->user);
+    Config::define('DB_PASSWORD', isset($dsn->pass) ? $dsn->pass : null);
+    Config::define('DB_HOST', isset($dsn->port) ? "{$dsn->host}:{$dsn->port}" : $dsn->host);
+}
+
+/**
+ * Authentication Unique Keys and Salts
+ */
+Config::define('AUTH_KEY', env('AUTH_KEY'));
+Config::define('SECURE_AUTH_KEY', env('SECURE_AUTH_KEY'));
+Config::define('LOGGED_IN_KEY', env('LOGGED_IN_KEY'));
+Config::define('NONCE_KEY', env('NONCE_KEY'));
+Config::define('AUTH_SALT', env('AUTH_SALT'));
+Config::define('SECURE_AUTH_SALT', env('SECURE_AUTH_SALT'));
+Config::define('LOGGED_IN_SALT', env('LOGGED_IN_SALT'));
+Config::define('NONCE_SALT', env('NONCE_SALT'));
+
+/**
+ * Custom Settings
+ */
+Config::define('AUTOMATIC_UPDATER_DISABLED', true);
+Config::define('DISABLE_WP_CRON', env('DISABLE_WP_CRON') ?: false);
+// Disable the plugin and theme file editor in the admin
+Config::define('DISALLOW_FILE_EDIT', true);
+// Disable plugin and theme updates and installation from the admin
+Config::define('DISALLOW_FILE_MODS', true);
+// Limit the number of post revisions that Wordpress stores (true (default WP): store every revision)
+Config::define('WP_POST_REVISIONS', env('WP_POST_REVISIONS') ?: true);
+
+/**
+ * Debugging Settings
+ */
+Config::define('WP_DEBUG_DISPLAY', false);
+Config::define('WP_DEBUG_LOG', false);
+Config::define('SCRIPT_DEBUG', false);
+ini_set('display_errors', '0');
+
+/**
+ * Allow WordPress to detect HTTPS when used behind a reverse proxy or a load balancer
+ * See https://codex.wordpress.org/Function_Reference/is_ssl#Notes
+ */
+if (isset($_SERVER['HTTP_X_FORWARDED_PROTO']) && $_SERVER['HTTP_X_FORWARDED_PROTO'] === 'https') {
+    $_SERVER['HTTPS'] = 'on';
+}
+
+$env_config = __DIR__ . '/environments/' . WP_ENV . '.php';
+
+if (file_exists($env_config)) {
+    require_once $env_config;
+}
+
+Config::apply();
+
+/**
+ * Bootstrap WordPress
+ */
+if (!defined('ABSPATH')) {
+    define('ABSPATH', $webroot_dir . '/wp/');
+}

config/environments/development.php

@@ -0,0 +1,20 @@
+<?php
+/**
+ * Configuration overrides for WP_ENV === 'development'
+ */
+
+use Roots\WPConfig\Config;
+use function Env\env;
+
+Config::define('SAVEQUERIES', true);
+Config::define('WP_DEBUG', true);
+Config::define('WP_DEBUG_DISPLAY', true);
+Config::define('WP_DEBUG_LOG', env('WP_DEBUG_LOG') ?? true);
+Config::define('WP_DISABLE_FATAL_ERROR_HANDLER', true);
+Config::define('SCRIPT_DEBUG', true);
+Config::define('DISALLOW_INDEXING', true);
+
+ini_set('display_errors', '1');
+
+// Enable plugin and theme updates and installation from the admin
+Config::define('DISALLOW_FILE_MODS', false);

config/environments/staging.php

@@ -0,0 +1,17 @@
+<?php
+/**
+ * Configuration overrides for WP_ENV === 'staging'
+ */
+
+use Roots\WPConfig\Config;
+
+/**
+ * You should try to keep staging as close to production as possible. However,
+ * should you need to, you can always override production configuration values
+ * with `Config::define`.
+ *
+ * Example: `Config::define('WP_DEBUG', true);`
+ * Example: `Config::define('DISALLOW_FILE_MODS', false);`
+ */
+
+Config::define('DISALLOW_INDEXING', true);

config/mailhog.ini

@@ -0,0 +1 @@
+sendmail_path="/usr/local/bin/mhsendmail --smtp-addr=${MAILHOG_ADDR}"

config/nginx.conf

@@ -0,0 +1,97 @@
+server_tokens off;
+
+index index.php index.html;
+charset UTF-8;
+default_type text/html;
+
+gzip on;
+gzip_disable "msie6";
+
+gzip_vary on;
+gzip_proxied any;
+gzip_comp_level 6;
+gzip_buffers 16 8k;
+gzip_min_length 10;
+gzip_http_version 1.1;
+gzip_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript image/png image/gif image/jpeg;
+
+client_max_body_size 1024M;
+
+# Force HTTPS on Heroku
+if ($http_x_forwarded_proto = "http") {
+  return 301 https://$host$request_uri;
+}
+
+include /app/config/nginx.d/*.conf;
+
+# Force installation to /wp-admin/install.php so siteurl is always correct
+rewrite ^/wp/wp-admin/install.php(.*) $scheme://$http_host/wp-admin/install.php permanent;
+
+# Rewrite rules to allow for an application-like wordpress directory structure
+if (!-e $request_filename) {
+  rewrite ^/wp-admin$ $scheme://$http_host/wp-admin/ permanent;
+  rewrite ^/(wp-.*.php)$ /wp/$1 last;
+  rewrite ^/(wp-(content|admin|includes).*) /wp/$1 last;
+}
+
+# Enable XML-RPC for WordPress
+rewrite ^/(xmlrpc\.php)$ /wp/$1 last;
+
+# Hide often probed WordPress file so that finding out the WordPress install
+# and version would not be too easy
+location /wp/readme.html {
+  return 404;
+}
+
+location = /favicon.ico {
+  log_not_found off;
+  access_log off;
+}
+
+location = /robots.txt {
+  allow all;
+  log_not_found off;
+  access_log off;
+}
+
+location = /ads.txt {
+  allow all;
+  log_not_found off;
+  access_log off;
+}
+
+# Block direct access to WooCommerce digital downloads. They can be accessed
+# via the X-Accel-Redirect mechanism for fast and protected downloads.
+location /wp/wp-content/uploads/woocommerce_uploads/ {
+  internal;
+}
+
+# Deny access to any other dot file
+# ~ matches using regular expression all requests that contain '/.'
+# anywhere in the URL, eg '/.htaccess' and '/wp-content/.htpasswd'.
+# This regex will override all non-regex rules, except ^~ rules due
+# how to Nginx location parsing and priorities works.
+location ~ \/\. {
+  deny all;
+}
+
+location ~* ^.+\.(css|js|ogg|ogv|svg|svgz|eot|otf|woff|woff2|mp4|ttf|rss|atom|jpg|jpeg|gif|png|webp|ico|zip|tgz|gz|rar|bz2|doc|xls|exe|ppt|tar|mid|midi|wav|bmp|rtf)$ {
+  try_files $uri =404;
+  expires max;
+  add_header Pragma "public";
+  add_header Cache-Control "public, must-revalidate, proxy-revalidate";
+  access_log off;
+}
+
+# Use actual file if exists, otherwise pass request to WordPress
+# Last rule: match all requests (= URLs that start with /)
+location / {
+  try_files $uri $uri/ /index.php?$args;
+}
+
+# If front page is requested, skip all other regex and rewrite rules and
+# pass request directly to WordPress (= URLS that are exactly /)
+# Tip from https://www.scalescale.com/tips/nginx/nginx-location-directive/
+location = / {
+  try_files $uri $uri/ /index.php?$args;
+}