init

2017-06-11 18:16:46 +02:00 · 2017-06-11 18:16:46 +02:00 · 4e69f9a945
parent d32387b0e8
commit 4e69f9a945
9 changed files with 178 additions and 0 deletions
--- a/36
+++ b/36
@ -0,0 +1,36 @@
+FROM alpine:3.5
+MAINTAINER kolaente - mowie.cc
+
+ENV TZ "Europe/Berlin"
+
+RUN apk update && \
+    apk --no-cache add bash tzdata curl ca-certificates s6 ssmtp mysql-client \
+    nginx nginx-mod-http-headers-more
+
+RUN ln -sf "/usr/share/zoneinfo/$TZ" /etc/localtime && \
+    echo "$TZ" > /etc/timezone && date
+
+RUN apk --no-cache add \
+    php7 php7-phar php7-curl php7-fpm php7-json php7-zlib php7-gd \
+    php7-xml php7-dom php7-ctype php7-opcache php7-zip php7-iconv \
+    php7-pdo php7-pdo_mysql php7-mysqli php7-mbstring php7-session \
+    php7-mcrypt php7-openssl php7-sockets php7-posix
+
+RUN rm -rf /var/cache/apk/* && \
+    ln -s /usr/bin/php7 /usr/bin/php && \
+    rm -f /etc/php7/php-fpm.d/www.conf && \
+    touch /etc/php7/php-fpm.d/env.conf
+
+RUN rm -rf /var/www
+
+COPY conf/services.d /etc/services.d
+COPY conf/nginx/nginx.conf /etc/nginx/nginx.conf
+COPY conf/php/php-fpm.conf /etc/php7/
+COPY conf/php/conf.d/php.ini /etc/php7/conf.d/zphp.ini
+
+VOLUME /var/www/content
+
+EXPOSE 80
+
+ENTRYPOINT ["/bin/s6-svscan", "/etc/services.d"]
+CMD []
--- a/conf/nginx/nginx.conf
+++ b/conf/nginx/nginx.conf
@ -0,0 +1,88 @@
+load_module modules/ngx_http_headers_more_filter_module.so;
+
+user nginx;
+worker_processes auto;
+pid /var/run/nginx.pid;
+
+events {
+    worker_connections 1024;
+}
+
+http {
+
+    include       mime.types;
+    default_type  application/octet-stream;
+
+    sendfile           on;
+    tcp_nopush         on;
+    tcp_nodelay        on;
+    keepalive_timeout  65;
+    server_tokens      off;
+
+    log_format  main_timed  '$remote_addr - $remote_user [$time_local] "$request" '
+                            '$status $body_bytes_sent "$http_referer" '
+                            '"$http_user_agent" "$http_x_forwarded_for" '
+                            '$request_time $upstream_response_time $pipe $upstream_cache_status';
+
+    #access_log        off;
+    #error_log         /dev/stderr;
+    access_log         /dev/stdout main_timed;
+    error_log          /dev/stderr;
+
+    server {
+        listen       [::]:80 default_server;
+        listen       80 default_server;
+        server_name  _;
+        index        index.php;
+        root         /var/www;
+        client_max_body_size 1G;
+
+        location / {
+            try_files $uri $uri/ /index.php;
+        }
+
+        location ~ \.php$ {
+            try_files $uri =404;
+            fastcgi_split_path_info ^(.+\.php)(/.+)$;
+            fastcgi_pass unix:/var/run/php-fpm.sock;
+            fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
+            fastcgi_index index.php;
+            include fastcgi_params;
+        }
+
+        location ~* ^.+\.(log|sqlite|yml|yaml|ini)$ {
+            return 404;
+        }
+
+        location ~ /\.ht {
+            return 404;
+        }
+
+        location ~* ^.+\.(ico|jpg|gif|png|css|js|svg|eot|ttf|woff|woff2|otf)$ {
+            log_not_found off;
+            expires 7d;
+            etag on;
+        }
+
+        gzip on;
+        gzip_comp_level 3;
+        gzip_disable "msie6";
+        gzip_vary on;
+        gzip_types
+            text/plain
+            text/css
+            text/javascript
+            text/xml
+            application/javascript
+            application/json
+            application/xml
+            application/rss+xml;
+    }
+
+    add_header X-Frame-Options SAMEORIGIN;
+    add_header X-Content-Type-Options nosniff;
+    add_header X-XSS-Protection "1; mode=block";
+
+    more_clear_headers 'X-Powered-By';
+    more_clear_headers 'Server';
+}
--- a/conf/nginx/security.conf
+++ b/conf/nginx/security.conf
@ -0,0 +1,9 @@
+server_tokens off;
+
+add_header X-Frame-Options SAMEORIGIN;
+add_header X-Content-Type-Options nosniff;
+add_header X-XSS-Protection "1; mode=block";
+
+more_clear_headers 'X-Powered-By';
+more_clear_headers 'Server';
+
--- a/conf/php/conf.d/php.ini
+++ b/conf/php/conf.d/php.ini
@ -0,0 +1,17 @@
+expose_php = Off
+error_reporting = E_ALL
+display_errors = Off
+log_errors = On
+error_log = /dev/stderr
+cgi.fix_pathinfo=0
+date.timezone = Europe/Berlin
+allow_url_fopen = On
+post_max_size = 1300M
+upload_max_filesize = 1024M
+opcache.max_accelerated_files = 7963
+opcache.validate_timestamps = Off
+opcache.save_comments = 0
+opcache.load_comments = 0
+opcache.fast_shutdown = 1
+opcache.enable_file_override = On
+session.save_path = "/var/session"
--- a/conf/php/php-fpm.conf
+++ b/conf/php/php-fpm.conf
@ -0,0 +1,20 @@
+[global]
+error_log = /proc/self/fd/2
+log_level = error
+daemonize = no
+
+[www]
+catch_workers_output = yes
+user = nginx
+group = nginx
+listen.owner = nginx
+listen.group = nginx
+listen = /var/run/php-fpm.sock
+pm = dynamic
+pm.max_children = 20
+pm.start_servers = 1
+pm.min_spare_servers = 1
+pm.max_spare_servers = 3
+pm.max_requests = 2048
+include = /etc/php7/php-fpm.d/env.conf
+
--- a/conf/services.d/.s6-svscan/crash
+++ b/conf/services.d/.s6-svscan/crash
@ -0,0 +1,2 @@
+#!/bin/sh
+/bin/true
--- a/conf/services.d/.s6-svscan/finish
+++ b/conf/services.d/.s6-svscan/finish
@ -0,0 +1,2 @@
+#!/bin/sh
+/bin/true
--- a/conf/services.d/nginx/run
+++ b/conf/services.d/nginx/run
@ -0,0 +1,2 @@
+#!/bin/execlineb -P
+nginx -g "daemon off;"
--- a/conf/services.d/php/run
+++ b/conf/services.d/php/run
@ -0,0 +1,2 @@
+#!/bin/execlineb -P
+php-fpm7 -F