forked from leftypol/leftypol
Merge pull request 'Dockerize leftypol, again' (#115) from dockerize2 into config
Reviewed-on: leftypol/leftypol#115
This commit is contained in:
commit
e5c8923c1c
4
.dockerignore
Normal file
4
.dockerignore
Normal file
|
@ -0,0 +1,4 @@
|
|||
**/.git
|
||||
**/.gitignore
|
||||
/local-www
|
||||
**/.gitkeep
|
1
.gitignore
vendored
1
.gitignore
vendored
|
@ -55,6 +55,7 @@ php_errors.log
|
|||
#vichan custom
|
||||
favicon.ico
|
||||
/static/spoiler.png
|
||||
local-www
|
||||
|
||||
piwik/
|
||||
jwplayer/
|
||||
|
|
29
Dockerfile
Normal file
29
Dockerfile
Normal file
|
@ -0,0 +1,29 @@
|
|||
FROM php:8.1.8-fpm
|
||||
|
||||
COPY . /code
|
||||
|
||||
RUN docker-php-ext-install pdo pdo_mysql
|
||||
RUN apt-get update -y && apt-get install -y libpng-dev libjpeg-dev libonig-dev
|
||||
RUN docker-php-ext-install mbstring
|
||||
RUN apt-get update -y && apt-get install -y libmcrypt-dev
|
||||
# RUN docker-php-ext-install -j$(nproc) mcrypt
|
||||
RUN docker-php-ext-install iconv
|
||||
RUN apt-get update -y && apt-get install -y imagemagick
|
||||
RUN apt-get update -y && apt-get install -y graphicsmagick
|
||||
RUN apt-get update -y && apt-get install -y gifsicle
|
||||
# RUN docker-php-ext-configure gd
|
||||
# --with-jpeg=/usr/include
|
||||
# --with-png-dir=/usr \
|
||||
RUN docker-php-ext-install gd
|
||||
RUN apt-get update -y \
|
||||
&& apt-get install -y libmemcached11 libmemcachedutil2 build-essential libmemcached-dev libz-dev git \
|
||||
&& pecl install memcached \
|
||||
&& echo extension=memcached.so >> /usr/local/etc/php/conf.d/memcached.ini \
|
||||
&& apt-get remove -y build-essential libmemcached-dev libz-dev \
|
||||
&& apt-get autoremove -y \
|
||||
&& apt-get clean \
|
||||
&& rm -rf /tmp/pear \
|
||||
&& curl -sS https://getcomposer.org/installer -o composer-setup.php \
|
||||
&& php composer-setup.php --install-dir=/usr/local/bin --filename=composer \
|
||||
&& docker-php-ext-install bcmath \
|
||||
&& cd /code && composer install
|
|
@ -5,17 +5,17 @@ services:
|
|||
context: .
|
||||
dockerfile: ./docker/nginx/Dockerfile
|
||||
ports:
|
||||
- "8080:80"
|
||||
- "9091:80"
|
||||
depends_on:
|
||||
- db
|
||||
- leftypol-db
|
||||
volumes:
|
||||
- ./:/code
|
||||
- ./local-www:/var/www/html
|
||||
- ./docker/nginx/leftypol.conf:/etc/nginx/conf.d/default.conf
|
||||
- ./docker/nginx/nginx.conf:/etc/nginx/nginx.conf
|
||||
- ./docker/nginx/proxy.conf:/etc/nginx/conf.d/proxy.conf
|
||||
networks:
|
||||
leftchan_net:
|
||||
ipv4_address: 172.20.0.3
|
||||
d_leftypol_org:
|
||||
ipv4_address: 172.21.0.3
|
||||
links:
|
||||
- php
|
||||
php:
|
||||
|
@ -23,30 +23,31 @@ services:
|
|||
context: .
|
||||
dockerfile: ./docker/php/Dockerfile
|
||||
volumes:
|
||||
- ./:/code
|
||||
- ./local-www:/var/www
|
||||
- ./docker/php/www.conf:/usr/local/etc/php-fpm.d/www.conf
|
||||
networks:
|
||||
leftchan_net:
|
||||
ipv4_address: 172.20.0.4
|
||||
d_leftypol_org:
|
||||
ipv4_address: 172.21.0.4
|
||||
#MySQL Service
|
||||
db:
|
||||
leftypol-db:
|
||||
image: mysql:8.0.35
|
||||
container_name: db
|
||||
container_name: leftypol-db
|
||||
restart: unless-stopped
|
||||
tty: true
|
||||
ports:
|
||||
- "3306:3306"
|
||||
environment:
|
||||
MYSQL_DATABASE: lainchan
|
||||
MYSQL_ROOT_PASSWORD: M9q5lO0RxJVh
|
||||
MYSQL_DATABASE: vichan
|
||||
MYSQL_ROOT_PASSWORD: password
|
||||
command: "--default-authentication-plugin=mysql_native_password"
|
||||
networks:
|
||||
leftchan_net:
|
||||
ipv4_address: 172.20.0.2
|
||||
d_leftypol_org:
|
||||
ipv4_address: 172.21.0.2
|
||||
|
||||
#Docker Networks
|
||||
networks:
|
||||
leftchan_net:
|
||||
d_leftypol_org:
|
||||
ipam:
|
||||
driver: default
|
||||
config:
|
||||
- subnet: 172.20.0.0/16
|
||||
- subnet: 172.21.0.0/16
|
||||
|
|
|
@ -1,27 +0,0 @@
|
|||
#!/bin/sh
|
||||
|
||||
set -eu
|
||||
|
||||
install -m 775 -o leftypol -g leftypol -d /var/www-leftypol
|
||||
ln -s \
|
||||
/code/banners/ \
|
||||
/code/static/ \
|
||||
/code/stylesheets/ \
|
||||
/code/tools/ \
|
||||
/code/walls/ \
|
||||
/code/*.php \
|
||||
/code/404.html \
|
||||
/code/LICENSE.* \
|
||||
/code/robots.txt \
|
||||
/code/install.sql \
|
||||
/var/www-leftypol/
|
||||
|
||||
install -m 775 -o leftypol -g leftypol -d /var/www-leftypol/js
|
||||
ln -s /code/js/* /var/www-leftypol/js/
|
||||
|
||||
install -m 775 -o leftypol -g leftypol -d /var/www-leftypol/templates
|
||||
install -m 775 -o leftypol -g leftypol -d /var/www-leftypol/templates/cache
|
||||
ln -s /code/templates/* /var/www-leftypol/templates/
|
||||
|
||||
install -m 775 -o leftypol -g leftypol -d /var/www-leftypol/inc
|
||||
ln -s /code/inc/* /var/www-leftypol/inc/
|
4
docker/doc.md
Normal file
4
docker/doc.md
Normal file
|
@ -0,0 +1,4 @@
|
|||
The `php-fpm` process runs containerized.
|
||||
The php application always uses `/var/www` as it's work directory and home folder, and if `/var/www` is bind mounted it
|
||||
is necessary to adjust the path passed via FastCGI to `php-fpm` by changing the root directory to `/var/www`.
|
||||
This can achieved in nginx by setting the `fastcgi_param SCRIPT_FILENAME` to `/var/www/$fastcgi_script_name;`
|
|
@ -1,11 +1,8 @@
|
|||
FROM nginx:1.25.3-alpine
|
||||
|
||||
COPY . /code
|
||||
RUN addgroup --system leftypol \
|
||||
&& adduser --system leftypol \
|
||||
&& adduser leftypol leftypol \
|
||||
&& /code/docker/common-setup.sh
|
||||
|
||||
RUN adduser --system www-data \
|
||||
&& adduser www-data www-data
|
||||
|
||||
CMD [ "nginx", "-g", "daemon off;" ]
|
||||
EXPOSE 80 443
|
||||
EXPOSE 80
|
||||
|
|
|
@ -6,7 +6,7 @@ server {
|
|||
listen 80 default_server;
|
||||
listen [::]:80 default_server ipv6only=on;
|
||||
server_name leftypol;
|
||||
root /var/www-leftypol;
|
||||
root /var/www/html;
|
||||
add_header X-Frame-Options "SAMEORIGIN";
|
||||
add_header X-Content-Type-Options "nosniff";
|
||||
|
||||
|
@ -18,6 +18,21 @@ server {
|
|||
try_files $uri @addslash;
|
||||
}
|
||||
|
||||
# Expire rules for static content
|
||||
# Media: images, icons, video, audio, HTC
|
||||
location ~* \.(?:jpg|jpeg|gif|png|ico|cur|gz|svg|svgz|mp4|ogg|ogv|webm|htc)$ {
|
||||
expires 1M;
|
||||
access_log off;
|
||||
log_not_found off;
|
||||
add_header Cache-Control "public";
|
||||
}
|
||||
# CSS and Javascript
|
||||
location ~* \.(?:css|js)$ {
|
||||
expires 1y;
|
||||
access_log off;
|
||||
log_not_found off;
|
||||
add_header Cache-Control "public";
|
||||
}
|
||||
# Expire rules for static content
|
||||
# Media: images, icons, video, audio, HTC
|
||||
location ~* \.(?:jpg|jpeg|gif|png|ico|cur|gz|svg|svgz|mp4|ogg|ogv|webm|htc)$ {
|
||||
|
@ -56,7 +71,7 @@ server {
|
|||
proxy_set_header Forwarded-Request-Id $x_request_id;
|
||||
fastcgi_pass php-upstream;
|
||||
fastcgi_index index.php;
|
||||
fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;
|
||||
fastcgi_param SCRIPT_FILENAME /var/www/$fastcgi_script_name;
|
||||
fastcgi_read_timeout 600;
|
||||
include fastcgi_params;
|
||||
}
|
||||
|
|
|
@ -1,15 +1,17 @@
|
|||
# This and proxy.conf are based on
|
||||
# https://github.com/dead-guru/devichan/blob/master/nginx/nginx.conf
|
||||
|
||||
user leftypol;
|
||||
user www-data;
|
||||
worker_processes auto;
|
||||
# daemon off;
|
||||
# error_log /var/log/nginx/error.log warn;
|
||||
error_log /dev/stdout warn;
|
||||
pid /var/run/nginx.pid;
|
||||
|
||||
events {
|
||||
worker_connections 1024;
|
||||
}
|
||||
|
||||
http {
|
||||
include /etc/nginx/mime.types;
|
||||
default_type application/octet-stream;
|
||||
|
|
|
@ -33,7 +33,7 @@ real_ip_header X-Forwarded-For;
|
|||
|
||||
set_real_ip_from 10.0.0.0/8;
|
||||
set_real_ip_from 172.16.0.0/12;
|
||||
set_real_ip_from 172.18.0.0/12;
|
||||
set_real_ip_from 172.18.0.0;
|
||||
set_real_ip_from 192.168.0.0/24;
|
||||
set_real_ip_from 127.0.0.0/8;
|
||||
|
||||
|
|
|
@ -1,47 +1,89 @@
|
|||
# Based on https://github.com/dead-guru/devichan/blob/master/php-fpm/Dockerfile
|
||||
|
||||
FROM composer AS composer
|
||||
FROM php:8.1-fpm-bullseye
|
||||
COPY --from=composer /usr/bin/composer /usr/bin/composer
|
||||
COPY . /code
|
||||
FROM php:7.2-fpm-alpine
|
||||
|
||||
RUN apt-get update && apt-get upgrade -y && apt-get install -y \
|
||||
zlib1g-dev libicu-dev g++ \
|
||||
libjpeg62-turbo-dev \
|
||||
libzip-dev \
|
||||
RUN apk add --no-cache \
|
||||
zlib \
|
||||
zlib-dev \
|
||||
libpng \
|
||||
libpng-dev \
|
||||
libjpeg-turbo \
|
||||
libjpeg-turbo-dev \
|
||||
libwebp \
|
||||
libwebp-dev \
|
||||
libfreetype6-dev \
|
||||
libxml2-dev \
|
||||
git \
|
||||
zip \
|
||||
ffmpeg \
|
||||
libonig-dev \
|
||||
unzip \
|
||||
libcurl4-openssl-dev \
|
||||
libmagickwand-dev \
|
||||
gifsicle \
|
||||
graphicsmagick \
|
||||
gettext \
|
||||
libcurl \
|
||||
curl-dev \
|
||||
imagemagick \
|
||||
locales locales-all \
|
||||
libmagickwand-dev \
|
||||
graphicsmagick \
|
||||
gifsicle \
|
||||
ffmpeg \
|
||||
bind-tools \
|
||||
gettext \
|
||||
gettext-dev \
|
||||
icu-dev \
|
||||
oniguruma \
|
||||
oniguruma-dev \
|
||||
libmcrypt \
|
||||
libmcrypt-dev \
|
||||
lz4-libs \
|
||||
lz4-dev \
|
||||
imagemagick-dev \
|
||||
pcre-dev \
|
||||
$PHPIZE_DEPS \
|
||||
&& docker-php-ext-configure gd \
|
||||
--with-webp=/usr/include/webp \
|
||||
--with-jpeg=/usr/include \
|
||||
--with-freetype=/usr/include/freetype2/ \
|
||||
--with-webp-dir=/usr/include/webp \
|
||||
--with-jpeg-dir=/usr/include \
|
||||
&& docker-php-ext-install -j$(nproc) \
|
||||
gd \
|
||||
curl \
|
||||
bcmath \
|
||||
opcache \
|
||||
pdo_mysql \
|
||||
gettext \
|
||||
intl \
|
||||
mbstring \
|
||||
&& pecl update-channels \
|
||||
&& pecl install -o -f igbinary \
|
||||
&& pecl install redis \
|
||||
&& pecl install imagick \
|
||||
&& pecl install -o -f igbinary \
|
||||
&& docker-php-ext-install gd zip opcache intl pdo pdo_mysql mysqli bcmath gettext iconv mbstring curl \
|
||||
&& docker-php-ext-enable igbinary redis imagick \
|
||||
&& useradd -MU leftypol \
|
||||
&& /code/docker/common-setup.sh \
|
||||
&& ln -s /code/composer.json /code/composer.lock /var/www-leftypol/ \
|
||||
&& cd /var/www-leftypol && composer install
|
||||
$$ docker-php-ext-enable \
|
||||
igbinary \
|
||||
redis \
|
||||
imagick \
|
||||
&& apk del \
|
||||
zlib-dev \
|
||||
libpng-dev \
|
||||
libjpeg-turbo-dev \
|
||||
libwebp-dev \
|
||||
curl-dev \
|
||||
gettext-dev \
|
||||
oniguruma-dev \
|
||||
libmcrypt-dev \
|
||||
lz4-dev \
|
||||
imagemagick-dev \
|
||||
pcre-dev \
|
||||
$PHPIZE_DEPS \
|
||||
&& rm -rf /var/cache/*
|
||||
RUN rmdir /var/www/html \
|
||||
&& install -d -m 744 -o www-data -g www-data /var/www \
|
||||
&& install -d -m 700 -o www-data -g www-data /var/tmp/vichan \
|
||||
&& install -d -m 700 -o www-data -g www-data /var/cache/gen-cache \
|
||||
&& install -d -m 700 -o www-data -g www-data /var/cache/template-cache
|
||||
|
||||
# RUN /code/docker/common-setup.sh php
|
||||
WORKDIR "/var/www-leftypol"
|
||||
CMD ["php-fpm"]
|
||||
COPY --from=composer /usr/bin/composer /usr/local/bin/composer
|
||||
|
||||
# Copy the bootstrap script.
|
||||
COPY ./docker/php/bootstrap.sh /usr/local/bin/bootstrap.sh
|
||||
|
||||
# Copy the actual project (use .dockerignore to exclude stuff).
|
||||
COPY . /code
|
||||
|
||||
# Make the instance configuration owned by www-data.
|
||||
# Make it writable by php.
|
||||
# Install the compose depedencies.
|
||||
RUN cd /code && composer install
|
||||
|
||||
WORKDIR "/var/www"
|
||||
CMD [ "bootstrap.sh" ]
|
||||
EXPOSE 9000
|
80
docker/php/bootstrap.sh
Executable file
80
docker/php/bootstrap.sh
Executable file
|
@ -0,0 +1,80 @@
|
|||
#!/bin/sh
|
||||
|
||||
set -eu
|
||||
|
||||
function set_cfg() {
|
||||
if [ ! -f "/var/www/inc/$1" ]; then
|
||||
echo "INFO: Resetting $1"
|
||||
touch "/var/www/inc/$1"
|
||||
chown www-data "/var/www/inc/$1"
|
||||
chgrp www-data "/var/www/inc/$1"
|
||||
chmod 600 "/var/www/inc/$1"
|
||||
else
|
||||
echo "INFO: Using existing $1"
|
||||
fi
|
||||
}
|
||||
|
||||
if ! mountpoint -q /var/www; then
|
||||
echo "WARNING: '/var/www' is not a mountpoint. All the data will remain inside the container!"
|
||||
fi
|
||||
|
||||
if [ ! -w /var/www ] ; then
|
||||
echo "ERROR: '/var/www' is not writable. Closing."
|
||||
exit 1
|
||||
fi
|
||||
|
||||
# Link the entrypoints from the exposed directory.
|
||||
ln -nfs \
|
||||
/code/banners/ \
|
||||
/code/tools/ \
|
||||
/code/walls/ \
|
||||
/code/*.php \
|
||||
/code/LICENSE.* \
|
||||
/code/404.html \
|
||||
/code/install.sql \
|
||||
/var/www/
|
||||
# Static files accessible from the webserver must be copied.
|
||||
cp -ur /code/static /var/www/
|
||||
cp -ur /code/stylesheets /var/www/
|
||||
|
||||
# Ensure correct permissions are set, since this might be bind mount.
|
||||
chown www-data /var/www
|
||||
chgrp www-data /var/www
|
||||
|
||||
# Initialize an empty robots.txt with the default if it doesn't exist.
|
||||
touch /var/www/robots.txt
|
||||
|
||||
# Link the cache and tmp files directory.
|
||||
ln -nfs /var/tmp/vichan /var/www/tmp
|
||||
|
||||
# Link the javascript directory.
|
||||
ln -nfs /code/js /var/www/
|
||||
|
||||
# Link the html templates directory and it's cache.
|
||||
ln -nfs /code/templates /var/www/
|
||||
ln -nfs -T /var/cache/template-cache /var/www/templates/cache
|
||||
chown -h www-data /var/www/templates/cache
|
||||
chgrp -h www-data /var/www/templates/cache
|
||||
|
||||
# Link the generic cache.
|
||||
ln -nfs -T /var/cache/gen-cache /var/www/tmp/cache
|
||||
chown -h www-data /var/www/tmp/cache
|
||||
chgrp -h www-data /var/www/tmp/cache
|
||||
|
||||
# Create the included files directory and link them
|
||||
install -d -m 700 -o www-data -g www-data /var/www/inc
|
||||
for file in /code/inc/*; do
|
||||
file="${file##*/}"
|
||||
if [ ! -e /var/www/inc/$file ]; then
|
||||
ln -s /code/inc/$file /var/www/inc/
|
||||
fi
|
||||
done
|
||||
|
||||
# Copy an empty instance configuration if the file is a link (it was linked because it did not exist before).
|
||||
set_cfg 'instance-config.php'
|
||||
|
||||
# Link the composer dependencies.
|
||||
ln -nfs /code/vendor /var/www/
|
||||
|
||||
# Start the php-fpm server.
|
||||
exec php-fpm
|
|
@ -1,6 +1,12 @@
|
|||
[www]
|
||||
user = leftypol
|
||||
group = leftypol
|
||||
access.log = /proc/self/fd/2
|
||||
|
||||
; Ensure worker stdout and stderr are sent to the main error log.
|
||||
catch_workers_output = yes
|
||||
|
||||
user = www-data
|
||||
group = www-data
|
||||
|
||||
listen = 127.0.0.1:9000
|
||||
pm = static
|
||||
pm.max_children = 16
|
||||
|
|
|
@ -13,12 +13,15 @@ $twig = false;
|
|||
|
||||
function load_twig() {
|
||||
global $twig, $config;
|
||||
|
||||
$cache_dir = "{$config['dir']['template']}/cache/";
|
||||
|
||||
$loader = new Twig_Loader_Filesystem($config['dir']['template']);
|
||||
$loader->setPaths($config['dir']['template']);
|
||||
$twig = new Twig_Environment($loader, array(
|
||||
'autoescape' => false,
|
||||
'cache' => is_writable('templates') || (is_dir('templates/cache') && is_writable('templates/cache')) ?
|
||||
"{$config['dir']['template']}/cache" : false,
|
||||
'cache' => is_writable('templates/') || (is_dir($cache_dir) && is_writable($cache_dir)) ?
|
||||
$cache_dir : false,
|
||||
'debug' => $config['debug']
|
||||
));
|
||||
$twig->addExtension(new Twig_Extensions_Extension_Tinyboard());
|
||||
|
@ -69,4 +72,3 @@ function Element($templateFile, array $options) {
|
|||
throw new Exception("Template file '${templateFile}' does not exist or is empty in '{$config['dir']['template']}'!");
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
@ -3,7 +3,7 @@
|
|||
// Installation/upgrade file
|
||||
define('VERSION', '5.1.3');
|
||||
|
||||
if (fopen('inc/instance-config.php' , 'a') === false) {
|
||||
if (!is_writable('inc/instance-config.php') || !is_writable('inc/')) {
|
||||
print('install.php does not have permission to write to /inc/, without permission the installer cannot continue');
|
||||
exit();
|
||||
}
|
||||
|
@ -818,14 +818,14 @@ if ($step == 0) {
|
|||
array(
|
||||
'category' => 'File permissions',
|
||||
'name' => getcwd() . '/templates/cache',
|
||||
'result' => is_writable('templates') || (is_dir('templates/cache') && is_writable('templates/cache')),
|
||||
'result' => is_dir('templates/cache/') && is_writable('templates/cache/'),
|
||||
'required' => true,
|
||||
'message' => 'You must give vichan permission to create (and write to) the <code>templates/cache</code> directory or performance will be drastically reduced.'
|
||||
),
|
||||
array(
|
||||
'category' => 'File permissions',
|
||||
'name' => getcwd() . '/tmp/cache',
|
||||
'result' => is_dir('tmp/cache') && is_writable('tmp/cache'),
|
||||
'result' => is_dir('tmp/cache/') && is_writable('tmp/cache/'),
|
||||
'required' => true,
|
||||
'message' => 'You must give vichan permission to write to the <code>tmp/cache</code> directory.'
|
||||
),
|
||||
|
@ -993,4 +993,3 @@ if ($step == 0) {
|
|||
|
||||
echo Element('page.html', $page);
|
||||
}
|
||||
|
||||
|
|
16
site.conf
16
site.conf
|
@ -1,16 +0,0 @@
|
|||
server {
|
||||
index index.php index.html;
|
||||
error_log /var/log/nginx/error.log;
|
||||
access_log /var/log/nginx/access.log;
|
||||
root /code;
|
||||
|
||||
location ~ \.php$ {
|
||||
try_files $uri =404;
|
||||
fastcgi_split_path_info ^(.+\.php)(/.+)$;
|
||||
fastcgi_pass php:9000;
|
||||
fastcgi_index index.php;
|
||||
include fastcgi_params;
|
||||
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
|
||||
fastcgi_param PATH_INFO $fastcgi_path_info;
|
||||
}
|
||||
}
|
Loading…
Reference in New Issue
Block a user