Off to the Races
After a night of banging my head against the wall, I seem to have the blog more or less up and running. When I was originally setting everything up internally, I made a simple docker-compose.yaml file which used the official WordPress and Mariadb images. The problem though is that the docker images don’t support TLS out of the box, and the documentation on the Docker’s website doesn’t explain how to set it up (mea culpa, I should ask someone at work about this). My assumption was this wouldn’t be a big deal, because I could just slap an nginx container onto the front to terminate the TLS, and then just use HTTP pass-through to the WordPress container.
Unfortunately, that didn’t work out so well.
WordPress assumes ignores the WordPress Address and Site URL Address schemas when it serves up static content. That meant that some of the content was getting served up with HTTPS and some of it was still HTTP. To make things worse, the admin console completely ignores the settings and relies relative links. Unfortunately because I was passing things through to a private container, this meant that it tried hitting the container name. I ended up ditching the Nginx container, and digging through the Apache configuration in the WordPress container, and finally figured out how to make TLS work. So, lots of mucking around with Dockerfiles, and a fresh new cert from Let’s Encrypt and we’re finally running with a modicum of security. Now I just need to figure out how to automate getting the certs, because they expire every three months.