Update PHP version and NGINX config for more security

oanhnn · oanhnn · commit 9860c5ec299f · 2022-06-10T12:10:51.000+07:00
diff --git a/Dockerrun.aws.json b/Dockerrun.aws.json
@@ -17,7 +17,7 @@
   "containerDefinitions": [
     {
       "name": "wp",
-      "image": "wordpress:php7.4-fpm-alpine",
+      "image": "wordpress:php8.1-fpm-alpine",
       "essential": true,
       "environment": [
         {
diff --git a/LICENSE b/LICENSE
@@ -1,6 +1,6 @@
 MIT License
 
-Copyright (c) 2020 Oanh Nguyen <oanhnn.bk@gmail.com>
+Copyright (c) 2022 Oanh Nguyen <oanhnn.bk@gmail.com>
 
 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to deal
diff --git a/README.md b/README.md
@@ -75,5 +75,5 @@ If you would like to help take a look at the [list of issues](https://github.com
 ## License
 
 This project is released under the MIT License.   
-Copyright © 2020 [Oanh Nguyen](https://github.com/oanhnn)   
+Copyright © 2022 [Oanh Nguyen](https://github.com/oanhnn)   
 Please see [License File](https://github.com/oanhnn/example-wordpress-with-docker/blob/master/LICENSE) for more information.
diff --git a/docker/nginx/default.conf b/docker/nginx/default.conf
@@ -3,15 +3,35 @@ upstream php-fpm {
 }
 
 server {
+    server_name _;
     listen 80 default_server;
     listen [::]:80 default_server ipv6only=on;
 
+    # logging
+    access_log /var/log/nginx/access.log;
+    error_log /var/log/nginx/error.log warn;
+    server_tokens off;
+
+    # gzip for performance
+    gzip on;
+    gzip_vary on;
+    gzip_proxied any;
+    gzip_comp_level 6;
+    gzip_types text/plain text/css text/xml application/json application/javascript application/rss+xml application/atom+xml image/svg+xml;
+
+    ## security headers
+    # https://securityheaders.com/
+    # https://scotthelme.co.uk/tag/security-headers/
+    add_header X-Frame-Options "SAMEORIGIN" always;
+    add_header X-XSS-Protection "1; mode=block" always;
+    add_header X-Content-Type-Options "nosniff" always;
+    add_header Referrer-Policy no-referrer;
+    add_header Strict-Transport-Security "max-age=63072000" always;
+    add_header Permissions-Policy "interest-cohort=()";
+
     root /var/www/html;
     index index.php index.html index.htm;
 
-    server_name _;
-    server_tokens off;
-
     location = /favicon.ico {
         log_not_found off;
         access_log off;
diff --git a/docker/wordpress/Dockerfile b/docker/wordpress/Dockerfile
@@ -1,4 +1,4 @@
-FROM wordpress:php8.0-fpm-alpine
+FROM wordpress:php8.1-fpm-alpine
 
 # Install xdebug and Less
 RUN set -eux; \
@@ -19,4 +19,4 @@ RUN set -eux; \
     php --version
 
 # Install WP-CLI
-COPY --from=wordpress:cli-php8.0 /usr/local/bin/wp /usr/local/bin/wp
+COPY --from=wordpress:cli-php8.1 /usr/local/bin/wp /usr/local/bin/wp

Original file line number	Diff line number	Diff line change
`@@ -17,7 +17,7 @@`
`17`	`17`	`"containerDefinitions": [`
`18`	`18`	`{`
`19`	`19`	`"name": "wp",`
`20`		`- "image": "wordpress:php7.4-fpm-alpine",`
	`20`	`+ "image": "wordpress:php8.1-fpm-alpine",`
`21`	`21`	`"essential": true,`
`22`	`22`	`"environment": [`
`23`	`23`	`{`