zeke
3 months ago
9 changed files with 262 additions and 4 deletions
@ -0,0 +1,32 @@ |
|||
#!/bin/sh |
|||
|
|||
# not exactly elegant, but one container is Debian, the other is Alpine |
|||
useradd -MU leftypol |
|||
addgroup leftypol |
|||
adduser -DHG leftypol leftypol |
|||
|
|||
set -eu |
|||
|
|||
install -m 775 -o leftypol -g leftypol -d /var/www-leftypol |
|||
ln -s \ |
|||
/code/banners/ \ |
|||
/code/static/ \ |
|||
/code/stylesheets/ \ |
|||
/code/tools/ \ |
|||
/code/walls/ \ |
|||
/code/*.php \ |
|||
/code/404.html \ |
|||
/code/LICENSE.* \ |
|||
/code/robots.txt \ |
|||
/code/install.sql \ |
|||
/var/www-leftypol/ |
|||
|
|||
install -m 775 -o leftypol -g leftypol -d /var/www/js |
|||
ln -s /code/js/* /var/www/js/ |
|||
|
|||
install -m 775 -o leftypol -g leftypol -d /var/www-leftypol/templates |
|||
install -m 775 -o leftypol -g leftypol -d /var/www-leftypol/templates/cache |
|||
ln -s /code/templates/* /var/www-leftypol/templates/ |
|||
|
|||
install -m 775 -o leftypol -g leftypol -d /var/www-leftypol/inc |
|||
ln -s /code/inc/* /var/www-leftypol/inc/ |
@ -0,0 +1,8 @@ |
|||
FROM nginx:1.25.3-alpine |
|||
|
|||
COPY . /code |
|||
RUN /code/docker/common-setup.sh |
|||
|
|||
|
|||
CMD ["nginx", "-g", "daemon off;"] |
|||
EXPOSE 80 443 |
@ -0,0 +1,68 @@ |
|||
upstream php-upstream { |
|||
server php:9000; |
|||
} |
|||
|
|||
server { |
|||
listen 80 default_server; |
|||
listen [::]:80 default_server ipv6only=on; |
|||
server_name leftypol; |
|||
root /var/www-leftypol; |
|||
add_header X-Frame-Options "SAMEORIGIN"; |
|||
add_header X-Content-Type-Options "nosniff"; |
|||
|
|||
index index.html index.php; |
|||
|
|||
charset utf-8; |
|||
|
|||
location ~ ^([^.\?]*[^\/])$ { |
|||
try_files $uri @addslash; |
|||
} |
|||
|
|||
# Expire rules for static content |
|||
# Media: images, icons, video, audio, HTC |
|||
location ~* \.(?:jpg|jpeg|gif|png|ico|cur|gz|svg|svgz|mp4|ogg|ogv|webm|htc)$ { |
|||
expires 1M; |
|||
access_log off; |
|||
log_not_found off; |
|||
add_header Cache-Control "public"; |
|||
} |
|||
# CSS and Javascript |
|||
location ~* \.(?:css|js)$ { |
|||
expires 1y; |
|||
access_log off; |
|||
log_not_found off; |
|||
add_header Cache-Control "public"; |
|||
} |
|||
|
|||
location ~* \.(html)$ { |
|||
expires -1; |
|||
} |
|||
|
|||
location @addslash { |
|||
return 301 $uri/; |
|||
} |
|||
|
|||
location / { |
|||
try_files $uri $uri/ /index.php$is_args$args; |
|||
} |
|||
|
|||
client_max_body_size 2G; |
|||
|
|||
location ~ \.php$ { |
|||
proxy_set_header X-Real-IP $remote_addr; |
|||
proxy_set_header X-Forwarded-For $remote_addr; |
|||
proxy_set_header X-Request-Id $x_request_id; |
|||
proxy_set_header X-Forwarded-Host $host; |
|||
proxy_set_header Forwarded-Request-Id $x_request_id; |
|||
fastcgi_pass php-upstream; |
|||
fastcgi_index index.php; |
|||
fastcgi_buffers 16 16k; |
|||
fastcgi_buffer_size 32k; |
|||
fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name; |
|||
fastcgi_read_timeout 600; |
|||
include fastcgi_params; |
|||
} |
|||
|
|||
location = /favicon.ico { access_log off; log_not_found off; } |
|||
location = /robots.txt { access_log off; log_not_found off; } |
|||
} |
@ -0,0 +1,33 @@ |
|||
# This and proxy.conf are based on |
|||
# https://github.com/dead-guru/devichan/blob/master/nginx/nginx.conf |
|||
|
|||
user leftypol; |
|||
worker_processes 4; |
|||
# daemon off; |
|||
# error_log /var/log/nginx/error.log warn; |
|||
error_log /dev/stdout warn; |
|||
pid /var/run/nginx.pid; |
|||
events { |
|||
worker_connections 1024; |
|||
} |
|||
http { |
|||
include /etc/nginx/mime.types; |
|||
default_type application/octet-stream; |
|||
#access_log /var/log/nginx/access.log; |
|||
# Switch logging to console out to view via Docker |
|||
access_log /dev/stdout; |
|||
error_log /dev/stdout warn; |
|||
sendfile on; |
|||
keepalive_timeout 5; |
|||
|
|||
gzip on; |
|||
gzip_http_version 1.0; |
|||
gzip_vary on; |
|||
gzip_comp_level 6; |
|||
gzip_types text/xml text/plain text/css application/xhtml+xml application/xml application/rss+xml application/atom_xml application/x-javascript application/x-httpd-php; |
|||
gzip_disable "MSIE [1-6]\."; |
|||
|
|||
|
|||
include /etc/nginx/conf.d/*.conf; |
|||
include /etc/nginx/sites-available/*.conf; |
|||
} |
@ -0,0 +1,40 @@ |
|||
proxy_cache_path /var/cache/nginx levels=1:2 keys_zone=czone:4m max_size=50m inactive=120m; |
|||
proxy_temp_path /var/tmp/nginx; |
|||
proxy_cache_key "$scheme://$host$request_uri"; |
|||
|
|||
|
|||
map $http_forwarded_request_id $x_request_id { |
|||
"" $request_id; |
|||
default $http_forwarded_request_id; |
|||
} |
|||
|
|||
map $http_forwarded_forwarded_host $forwardedhost { |
|||
"" $host; |
|||
default $http_forwarded_forwarded_host; |
|||
} |
|||
|
|||
|
|||
map $http_x_forwarded_proto $fcgi_https { |
|||
default ""; |
|||
https on; |
|||
} |
|||
|
|||
map $http_x_forwarded_proto $real_scheme { |
|||
default $scheme; |
|||
https https; |
|||
} |
|||
|
|||
proxy_set_header Host $host; |
|||
proxy_set_header X-Real-IP $remote_addr; |
|||
proxy_set_header X-Forwarded-Host $host; |
|||
proxy_set_header X-Forwarded-Server $host; |
|||
|
|||
real_ip_header X-Forwarded-For; |
|||
|
|||
set_real_ip_from 10.0.0.0/8; |
|||
set_real_ip_from 172.16.0.0/12; |
|||
set_real_ip_from 172.18.0.0/12; |
|||
set_real_ip_from 192.168.0.0/24; |
|||
set_real_ip_from 127.0.0.0/8; |
|||
|
|||
real_ip_recursive on; |
@ -0,0 +1,44 @@ |
|||
# Based on https://github.com/dead-guru/devichan/blob/master/php-fpm/Dockerfile |
|||
|
|||
FROM composer AS composer |
|||
FROM php:8.1-fpm-bullseye |
|||
COPY --from=composer /usr/bin/composer /usr/bin/composer |
|||
COPY . /code |
|||
|
|||
RUN apt-get update && apt-get upgrade -y && apt-get install -y \ |
|||
zlib1g-dev libicu-dev g++ \ |
|||
libjpeg62-turbo-dev \ |
|||
libzip-dev \ |
|||
libpng-dev \ |
|||
libwebp-dev \ |
|||
libfreetype6-dev \ |
|||
libxml2-dev \ |
|||
git \ |
|||
zip \ |
|||
ffmpeg \ |
|||
libonig-dev \ |
|||
unzip \ |
|||
libcurl4-openssl-dev \ |
|||
libmagickwand-dev \ |
|||
gifsicle \ |
|||
graphicsmagick \ |
|||
gettext \ |
|||
imagemagick \ |
|||
locales locales-all \ |
|||
libmagickwand-dev \ |
|||
libmcrypt-dev \ |
|||
&& docker-php-ext-configure gd \ |
|||
--with-webp=/usr/include/webp \ |
|||
--with-jpeg=/usr/include \ |
|||
--with-freetype=/usr/include/freetype2/ \ |
|||
&& pecl install redis \ |
|||
&& pecl install imagick \ |
|||
&& pecl install -o -f igbinary \ |
|||
&& docker-php-ext-install gd zip opcache intl pdo pdo_mysql mysqli bcmath gettext iconv mbstring curl \ |
|||
&& docker-php-ext-enable igbinary redis imagick |
|||
|
|||
|
|||
RUN /code/docker/common-setup.sh |
|||
WORKDIR "/var/www-leftypol" |
|||
CMD ["php-fpm"] |
|||
EXPOSE 9000 |
@ -0,0 +1,15 @@ |
|||
; based on https://github.com/dead-guru/devichan/blob/master/php-fpm/custom.ini |
|||
|
|||
memory_limit = 2G |
|||
max_execution_time = 30 |
|||
upload_max_filesize = 2G |
|||
post_max_size = 2G |
|||
pm = dynamic |
|||
pm.max_children = 20 |
|||
pm.start_servers = 5 |
|||
pm.min_spare_servers = 3 |
|||
pm.max_spare_servers = 10 |
|||
|
|||
extension = igbinary.so |
|||
extension = redis.so |
|||
extension = imagick.so |
@ -0,0 +1,10 @@ |
|||
[www] |
|||
user = leftypol |
|||
group = leftypol |
|||
listen = 127.0.0.1:9000 |
|||
pm = dynamic |
|||
pm.max_children = 200 |
|||
pm.start_servers = 10 |
|||
pm.min_spare_servers = 1 |
|||
pm.max_spare_servers = 20 |
|||
pm.max_requests = 20000 |
Loading…
Reference in new issue