feat: prod env by taygumus · Pull Request #20 · taygumus/wp-docker-stack

taygumus · 2026-01-05T16:32:03Z

Production hardening: Docker Compose, Certbot, and Makefile improvements

This PR introduces a complete production-ready setup for the stack, with a focus on stability, security, and operational clarity.
All production-specific concerns are isolated from the development configuration.

✨ Highlights

Docker Compose (Production)

Added docker-compose.prod.yml with production-only overrides
Centralized logging configuration with log rotation (json-file, max-size, max-file)
CPU and memory limits defined for all services
Security hardening:
- init: true where appropriate to prevent zombie processes
- no-new-privileges for WordPress and Nginx
- tmpfs usage for transient directories
MySQL production settings:
- utf8mb4 character set
- utf8mb4_unicode_ci collation
Clear separation between core services and utility containers

Certbot Integration

Added a dedicated Certbot service for Let's Encrypt HTTP-01 validation
Persistent volumes for certificates and ACME challenge files
Configuration driven entirely by environment variables:
- SERVER_NAME
- LETSENCRYPT_EMAIL
- CERTBOT_RENEW_INTERVAL
Certificate issuance, renewal, and dry-run flows are handled via scripts

Makefile Improvements

Added production targets for Certbot operations:
- certbot-first-issue
- certbot-dry-run
- certbot-renew
Uses docker compose run --rm to keep Certbot executions isolated and idempotent
No runtime configuration embedded in the Makefile; all values are sourced from .env

Environment Configuration

Updated env.example to document all required production variables
Added sensible defaults where applicable (e.g. renewal interval)

🧠 Design Principles

Strict separation of development and production concerns
No long-running utility containers started by default
Scripts encapsulate logic; Docker Compose and Makefile focus on orchestration
Optimized for single-node production deployments (VPS-friendly)

✅ Scope

This PR focuses exclusively on production configuration and does not modify application-level logic or development workflows.

taygumus added 16 commits December 31, 2025 14:31

fix: production configurations

e262925

fix: wp-init service with no wordpress db

2e9dbe4

fix: docker yml comment

a767536

fix: resource config and improvements

52f878e

feat: php configurations

b20b46d

fix: comment

812485e

fix: small improvements

4c05533

feat: logs in prod

9a87397

feat: additional prod configs

abf0834

feat: certbot service

e8b85f4

fix: server nginx

9188d8e

refactor: nginx template readability

f78d9b1

refactor: dev nginx template

182bbe3

fix: small improvement

b73e9b4

feat: certbot renew task

e219bcc

feat: certbot targets

919d1f7

taygumus self-assigned this Jan 5, 2026

taygumus added the enhancement New feature or request label Jan 5, 2026

taygumus merged commit 91cb7dd into main Jan 5, 2026
4 checks passed

taygumus deleted the feat/prod-env branch January 8, 2026 20:16

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

feat: prod env#20

feat: prod env#20
taygumus merged 16 commits intomainfrom
feat/prod-env

taygumus commented Jan 5, 2026 •

edited

Loading

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

Conversation

taygumus commented Jan 5, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Production hardening: Docker Compose, Certbot, and Makefile improvements

✨ Highlights

Docker Compose (Production)

Certbot Integration

Makefile Improvements

Environment Configuration

🧠 Design Principles

✅ Scope

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

taygumus commented Jan 5, 2026 •

edited

Loading