diff --git a/docker/common-setup.sh b/docker/common-setup.sh index 3b61b712..d275dcd2 100755 --- a/docker/common-setup.sh +++ b/docker/common-setup.sh @@ -1,31 +1,32 @@ #!/bin/sh -set -eu - -install -m 544 -o www-data -g www-data -d /var/www -ln -s \ - /code/banners/ \ - /code/static/ \ - /code/stylesheets/ \ - /code/tools/ \ - /code/walls/ \ - /code/*.php \ - /code/404.html \ - /code/LICENSE.* \ - /code/robots.txt \ - /code/install.sql \ - /var/www/ - -install -m 540 -o www-data -g www-data -d /var/tmp/leftypol -install -m 540 -o www-data -g www-data -d /var/tmp/leftypol/cache -ln -s /var/tmp/leftypol /var/www/tmp - -install -m 544 -o www-data -g www-data -d /var/www/js -ln -s /code/js/* /var/www/js/ - -install -m 544 -o www-data -g www-data -d /var/www/templates -install -m 544 -o www-data -g www-data -d /var/www/templates/cache -ln -s /code/templates/* /var/www/templates/ - -install -m 544 -o www-data -g www-data -d /var/www/inc -ln -s /code/inc/* /var/www/inc/ +#set -eu +# +#install -m 544 -o www-data -g www-data -d /var/www +#ln -s \ +# /code/banners/ \ +# /code/static/ \ +# /code/stylesheets/ \ +# /code/tools/ \ +# /code/walls/ \ +# /code/*.php \ +# /code/404.html \ +# /code/LICENSE.* \ +# /code/robots.txt \ +# /code/install.sql \ +# /var/www/ +# +#install -m 540 -o www-data -g www-data -d /var/tmp/leftypol +#install -m 540 -o www-data -g www-data -d /var/tmp/leftypol/cache +#ln -s /var/tmp/leftypol /var/www/tmp +# +#install -m 544 -o www-data -g www-data -d /var/www/js +#ln -s /code/js/* /var/www/js/ +# +#install -m 544 -o www-data -g www-data -d /var/www/templates +#install -m 544 -o www-data -g www-data -d /var/www/templates/cache +#ln -s /code/templates/* /var/www/templates/ +# +#install -m 544 -o www-data -g www-data -d /var/www/inc +#ln -s /code/inc/* /var/www/inc/ +# \ No newline at end of file diff --git a/docker/doc.md b/docker/doc.md new file mode 100644 index 00000000..13ad93a6 --- /dev/null +++ b/docker/doc.md @@ -0,0 +1,4 @@ +The `php-fpm` process runs containerized. +The php application always uses `/var/www` as it's work directory and home folder, and if `/var/www` is bind mounted it +is necessary to adjust the path passed via FastCGI to `php-fpm` by changing the root directory to `/var/www`. +This can achieved in nginx by setting the `fastcgi_param SCRIPT_FILENAME` to `/var/www/$fastcgi_script_name;` diff --git a/docker/nginx/Dockerfile b/docker/nginx/Dockerfile index 5fa002d3..d9d4bcc4 100644 --- a/docker/nginx/Dockerfile +++ b/docker/nginx/Dockerfile @@ -2,9 +2,7 @@ FROM nginx:1.25.3-alpine COPY . /code RUN adduser --system www-data \ - && adduser www-data www-data \ - && /code/docker/common-setup.sh - + && adduser www-data www-data CMD [ "nginx", "-g", "daemon off;" ] EXPOSE 80 diff --git a/docker/nginx/leftypol.conf b/docker/nginx/leftypol.conf index f6876dfe..cdb28076 100644 --- a/docker/nginx/leftypol.conf +++ b/docker/nginx/leftypol.conf @@ -6,7 +6,7 @@ server { listen 80 default_server; listen [::]:80 default_server ipv6only=on; server_name leftypol; - root /var/www; + root /var/www/html; add_header X-Frame-Options "SAMEORIGIN"; add_header X-Content-Type-Options "nosniff"; @@ -15,9 +15,24 @@ server { charset utf-8; location ~ ^([^.\?]*[^\/])$ { - try_files $uri @addslash; + try_files $uri @addslash; } + # Expire rules for static content + # Media: images, icons, video, audio, HTC + location ~* \.(?:jpg|jpeg|gif|png|ico|cur|gz|svg|svgz|mp4|ogg|ogv|webm|htc)$ { + expires 1M; + access_log off; + log_not_found off; + add_header Cache-Control "public"; + } + # CSS and Javascript + location ~* \.(?:css|js)$ { + expires 1y; + access_log off; + log_not_found off; + add_header Cache-Control "public"; + } # Expire rules for static content # Media: images, icons, video, audio, HTC location ~* \.(?:jpg|jpeg|gif|png|ico|cur|gz|svg|svgz|mp4|ogg|ogv|webm|htc)$ { @@ -39,7 +54,7 @@ server { } location @addslash { - return 301 $uri/; + return 301 $uri/; } location / { diff --git a/docker/php/Dockerfile b/docker/php/Dockerfile index 962ef695..5734dc1e 100644 --- a/docker/php/Dockerfile +++ b/docker/php/Dockerfile @@ -33,15 +33,29 @@ RUN apt-get update && apt-get upgrade -y && apt-get install -y \ && pecl install imagick \ && pecl install -o -f igbinary \ && docker-php-ext-install gd zip opcache intl pdo pdo_mysql mysqli bcmath gettext iconv mbstring curl \ - && docker-php-ext-enable igbinary redis imagick + && docker-php-ext-enable igbinary redis imagick \ + && rm -rf /var/cache/* \ + && rmdir /var/www/html \ + && install -d -m 744 -o www-data -g www-data /var/www \ + && install -d -m 700 -o www-data -g www-data /var/tmp/leftypol \ + && install -d -m 700 -o www-data -g www-data /var/cache/gen-cache \ + && install -d -m 700 -o www-data -g www-data /var/cache/template-cache -COPY --from=composer /usr/bin/composer /usr/bin/composer +COPY --from=composer /usr/bin/composer /usr/local/bin/composer + +# Copy the bootstrap script. +COPY ./docker/php/bootstrap.sh /usr/local/bin/bootstrap.sh + +# Copy the actual project (use .dockerignore to exclude stuff). COPY . /code -RUN /code/docker/common-setup.sh \ - && ln -s /code/composer.json /code/composer.lock /var/www/ \ - && cd /var/www && composer install +# Make the instance configuration owned by www-data. +# Make it writable by php. +# Install the compose depedencies. +RUN chown www-data /code/inc/instance-config.php && chgrp www-data /code/inc/instance-config.php \ + && chmod 660 /code/inc/instance-config.php \ + && cd /code && composer install WORKDIR "/var/www" -CMD [ "php-fpm" ] +CMD [ "bootstrap.sh" ] EXPOSE 9000 diff --git a/docker/php/bootstrap.sh b/docker/php/bootstrap.sh new file mode 100755 index 00000000..cc5390dc --- /dev/null +++ b/docker/php/bootstrap.sh @@ -0,0 +1,74 @@ +#!/bin/sh + +set -eu + +if ! mountpoint -q /var/www; then + echo "WARNING: '/var/www' is not a mountpoint. All the data will remain inside the container!" +fi + +if [ ! -w /var/www ] ; then + echo "ERROR: '/var/www' is not writable. Closing." + exit 1 +fi + +# Link the entrypoints from the exposed directory. +ln -nfs \ + /code/banners/ \ + /code/static/ \ + /code/stylesheets/ \ + /code/tools/ \ + /code/walls/ \ + /code/*.php \ + /code/LICENSE.* \ + /code/404.html \ + /code/install.sql \ + /var/www/ +# Ensure correct permissions are set, since this might be bind mount. +chown www-data /var/www +chgrp www-data /var/www + +# Initialize robots.txt with the default if it doesn't exist. +cp -n /code/robots.txt /var/www + +# Link the cache and tmp files directory. +ln -nfs /var/tmp/leftypol /var/www/tmp + +# Link the javascript directory. +ln -nfs /code/js /var/www/ + +# Link the html templates directory and it's cache. +ln -nfs /code/templates /var/www/ +ln -nfs -T /var/cache/template-cache /var/www/templates/cache +chown -h www-data /var/www/templates/cache +chgrp -h www-data /var/www/templates/cache + +# Link the generic cache. +ln -nfs -T /var/cache/gen-cache /var/www/tmp/cache +chown -h www-data /var/www/tmp/cache +chgrp -h www-data /var/www/tmp/cache + +# Create the included files directory and link them +install -d -m 700 -o www-data -g www-data /var/www/inc +for file in /code/inc/*; do + file="${file##*/}" + if [ ! -e /var/www/inc/$file ]; then + ln -s /code/inc/$file /var/www/inc/ + fi +done +# Copy an empty instance configuration if the file is a link (it was linked because it did not exist before). +if [ -L '/var/www/inc/instance-config.php' ]; then + echo 'INFO: Resetting instance configuration' + rm /var/www/inc/instance-config.php + cp /code/inc/instance-config.php /var/www/inc/instance-config.php + chown www-data /var/www/inc/instance-config.php + chgrp www-data /var/www/inc/instance-config.php + chmod 600 /var/www/inc/instance-config.php +else + echo 'INFO: Using existing instance configuration' +fi + +# Link the composer dependencies. +ln -nfs /code/vendor /var/www/ + +# Start the php-fpm server. +exec php-fpm