Features: - PHP 8.4 support (from 8.3) - WordPress 7.0 (auto-update via WP-CLI) - Modern TLS 1.3 cipher suites (2026 best practices) - Fail2Ban security integration (5 jails: SSH, Nginx, WordPress, recidive) - Auto-update cron job for WordPress (weekly Minor updates) - Debian 14 Forky support (testing) - Ubuntu 25.04 support - Python 3.12 in GitHub Actions Security: - Fail2Ban with SSH brute force protection (24h ban) - WordPress wp-login.php protection (2h ban) - Nginx bot scanner protection - Recidive jail for repeat offenders (1 week ban) - Modern TLS ciphers (AEAD only) - HSTS 2 years for preload Documentation: - docs/autoupdate.md - WordPress auto-update guide - docs/fail2ban.md - Fail2Ban configuration guide - docs/troubleshooting.md - Updated with php_version variable Breaking changes: - PHP 8.4 is now the default (requires Ubuntu 20.04+ or Debian 11+)
40 lines
791 B
YAML
Executable File
40 lines
791 B
YAML
Executable File
|
|
|
|
services:
|
|
ubuntu-test:
|
|
build:
|
|
context: .
|
|
dockerfile: Dockerfile
|
|
container_name: ansible-ubuntu-test
|
|
hostname: ubuntu-test
|
|
ports:
|
|
- "2222:22"
|
|
- "8080:80"
|
|
volumes:
|
|
- ./test-data:/opt/test-data:rw
|
|
- ./html:/var/www/html:rw
|
|
environment:
|
|
- TZ=Europe/Berlin
|
|
restart: unless-stopped
|
|
healthcheck:
|
|
test: ["CMD", "service", "ssh", "status"]
|
|
interval: 30s
|
|
timeout: 10s
|
|
retries: 3
|
|
start_period: 40s
|
|
networks:
|
|
- ansible-net
|
|
security_opt:
|
|
- seccomp:unconfined
|
|
tmpfs:
|
|
- /tmp:noexec,nosuid,size=500m
|
|
|
|
networks:
|
|
ansible-net:
|
|
driver: bridge
|
|
driver_opts:
|
|
com.docker.network.bridge.name: ansible-br1
|
|
ipam:
|
|
config:
|
|
- subnet: 172.25.0.0/24
|