questions

How to config dockerized wordpress nginx that using ‘different domain per language’ of WPML?

Rate this post

Now here is a domain that cool.XXXXXX.com in use.

I want to show my Japanese version with domain called jp-cool.XXXXXX.com

I set the SSL with letencrypt

certbot certonly --standalone -d jp-cool.XXXXXX.com --staple-ocsp -m [email protected] --agree-tos

docker-compose.yml

version: "3.3"
services:
  XXXXweb-db:
    image: mysql:5.7.26
    restart: always
    container_name: XXXXweb-db
    environment:
      MYSQL_HOST: XXXXweb-db
      MYSQL_DATABASE: ${DB_NAME}
      MYSQL_USER: ${DB_USER}
      MYSQL_PASSWORD: ${DB_PASS}
      MYSQL_ROOT_PASSWORD: ${DB_ROOT_PASS}
    volumes:
      - ./data:/var/lib/mysql:delegated
      - ./logs/mysql:/var/log/mysql:delegated
      - ./conf/mysql.cnf:/etc/mysql/my.cnf:delegated
    ports:
        - "3306:3306"
    expose:
        - 3306
    security_opt:
      - seccomp:unconfined
  
  XXXXweb-nginx:
    image: nginx:1.17.1-alpine
    restart: always
    ports:
      - "80:80"
      - "443:443"
    expose:
      - 80
      - 443
    volumes:
      - ./logs:/var/log/nginx:delegated
      - ./conf/${NGINX_CONFIG_NAME}:/etc/nginx/nginx.conf:delegated
      - ${CERT_PATH}:/etc/letsencrypt:delegated
      - ./:/wwwroot:delegated
    depends_on:
      - XXXXweb-db
      - XXXXweb-php
    logging:
        driver: "json-file"
        options:
          max-size: "100m"

  XXXXweb-php:
    image: php-XXXX
    restart: always
    ports:
      - "9000:9000"
    expose:
      - 9000
    volumes:
      - ./logs:/var/log:delegated
      - ./:/wwwroot:delegated
    healthcheck:
      test: ["CMD-SHELL", "pidof php-fpm"]
      interval: 5s
      retries: 12
    logging:
      driver: "json-file"
      options:
        max-size: "100m"

nginx-server.conf

user nginx;
worker_processes 1;
error_log /var/log/nginx/error.log warn;
pid /var/run/nginx.pid;
events { worker_connections 1024; }

http {
        include /etc/nginx/mime.types;
        default_type application/octet-stream;
        log_format main '$http_x_forwarded_for - $remote_user [$time_local] "$request" $status $body_bytes_sent "$http_referer" "$http_user_agent"';
        access_log on;
        sendfile on;
        keepalive_timeout 65;
        client_max_body_size 100M;

        server {
            listen 80;
            server_name cool.XXXXXX.com;
            return 301 https://cool.XXXXXX.com$request_uri;
        }

        server {
                listen [::]:443 ssl ipv6only=on; # managed by Certbot
                listen 443 ssl; # managed by Certbot
                ssl_certificate /etc/letsencrypt/live/cool.XXXXXX.com/fullchain.pem; # managed by Certbot
                ssl_certificate_key /etc/letsencrypt/live/cool.XXXXXX.com/privkey.pem; # managed by Certbot
                
                ## Your website name goes here.
                server_name cool.XXXXXX.com;
                ## Your only path reference.
                root /wwwroot;
                ## This should be in your http block and if it is, it's not needed here.
                index index.php;

                location = /favicon.ico {
                        log_not_found off;
                        access_log off;
                }

                location = /robots.txt {
                        allow all;
                        log_not_found off;
                        access_log off;
                }

                location / {
                        # This is cool because no php is touched for static content.
                        # include the "?$args" part so non-default permalinks doesn't break when using query string
                        try_files $uri $uri/ /index.php?$args;
                }

                location ~ \.php$ {
                        try_files $uri =404;
                        fastcgi_split_path_info ^(.+\.php)(/.+)$;
                        fastcgi_pass XXXXweb-php:9000;
                        fastcgi_index index.php;
                        include fastcgi_params;
                        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
                        fastcgi_param PATH_INFO $fastcgi_path_info;
                }

                location ~* \.(js|css|png|jpg|jpeg|gif|ico)$ {
                        expires max;
                        log_not_found off;
                }
        }
}

After I add

        server {
            listen 80;
            server_name jp-cool.XXXXXX.com;
            return 301 https://jp-cool.XXXXXX.com$request_uri;
        }

It works for http insecure connection.

However after I add a jp-cool.XXXXXX.com duplicate part of cool.XXXXXX.com, just one of them could work.

And I got invalid on the WPML panel when setting ‘different domain per language’.

Without docker, I could setting different domain in local nginx /etc/nginx/site-available

But I can’t set it up with dockerized nginx.

 

✔️Solution:

If you have no wildcard certificate your only option is to duplicate server block per certificate. Here’s how you can do it:

        server {
                # this part changes per certificate
                ssl_certificate /etc/letsencrypt/live/cool.XXXXXX.com/fullchain.pem; # managed by Certbot
                ssl_certificate_key /etc/letsencrypt/live/cool.XXXXXX.com/privkey.pem; # managed by Certbot                
                server_name cool.XXXXXX.com;
                include common;
        }
        server {
                # this part changes per certificate
                ssl_certificate /etc/letsencrypt/live/jp-cool.XXXXXX.com/fullchain.pem; # managed by Certbot
                ssl_certificate_key /etc/letsencrypt/live/jp-cool.XXXXXX.com/privkey.pem;
                server_name jp-cool.XXXXXX.com;
                include common;
         }

To follow DRY principle, put the rest of the server block into a separate file. I’ve used ‘common’ as a name for that file, you need to place it in /etc/nginx/ or you’d have to change path in blocks above. /etc/nginx/common:

                listen [::]:443 ssl ipv6only=on; # managed by Certbot
                listen 443 ssl; # managed by Certbot
                root /wwwroot;
                ## This should be in your http block and if it is, it's not needed here.
                index index.php;

                location = /favicon.ico {
                        log_not_found off;
                        access_log off;
                }

                location = /robots.txt {
                        allow all;
                        log_not_found off;
                        access_log off;
                }

                location / {
                        # This is cool because no php is touched for static content.
                        # include the "?$args" part so non-default permalinks doesn't break when using query string
                        try_files $uri $uri/ /index.php?$args;
                }

                location ~ \.php$ {
                        try_files $uri =404;
                        fastcgi_split_path_info ^(.+\.php)(/.+)$;
                        fastcgi_pass XXXXweb-php:9000;
                        fastcgi_index index.php;
                        include fastcgi_params;
                        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
                        fastcgi_param PATH_INFO $fastcgi_path_info;
                }

                location ~* \.(js|css|png|jpg|jpeg|gif|ico)$ {
                        expires max;
                        log_not_found off;
                }

Also you can do HTTPS redirects with one server:

        server {
            listen 80;
            server_name cool.XXXXXX.com;
            server_name jp-cool.XXXXXX.com;
            return 301 https://$host$request_uri;
        }

Leave a Reply

Your email address will not be published.

Back to top button