From 928593dad9fd1eb2eb2824b1a0057e4b01e86fde Mon Sep 17 00:00:00 2001 From: Zankaria Date: Sun, 7 Apr 2024 13:22:53 +0200 Subject: [PATCH 01/28] docker: remove unused configuration --- site.conf | 16 ---------------- 1 file changed, 16 deletions(-) delete mode 100644 site.conf diff --git a/site.conf b/site.conf deleted file mode 100644 index 80bc50fb..00000000 --- a/site.conf +++ /dev/null @@ -1,16 +0,0 @@ -server { - index index.php index.html; - error_log /var/log/nginx/error.log; - access_log /var/log/nginx/access.log; - root /code; - - location ~ \.php$ { - try_files $uri =404; - fastcgi_split_path_info ^(.+\.php)(/.+)$; - fastcgi_pass php:9000; - fastcgi_index index.php; - include fastcgi_params; - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - fastcgi_param PATH_INFO $fastcgi_path_info; - } -} \ No newline at end of file From faf546ab029ba483a277870af1d137ee62dcf476 Mon Sep 17 00:00:00 2001 From: Zankaria Date: Sun, 11 Feb 2024 11:00:29 +0100 Subject: [PATCH 02/28] docker: remove "meaningless" bits from nginx configuration --- docker/nginx/proxy.conf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docker/nginx/proxy.conf b/docker/nginx/proxy.conf index bc22ea34..6830cd5f 100644 --- a/docker/nginx/proxy.conf +++ b/docker/nginx/proxy.conf @@ -33,7 +33,7 @@ real_ip_header X-Forwarded-For; set_real_ip_from 10.0.0.0/8; set_real_ip_from 172.16.0.0/12; -set_real_ip_from 172.18.0.0/12; +set_real_ip_from 172.18.0.0; set_real_ip_from 192.168.0.0/24; set_real_ip_from 127.0.0.0/8; From e3dc1a1a659d6124acdf107cd9621e3a058dd825 Mon Sep 17 00:00:00 2001 From: Zankaria Date: Sun, 11 Feb 2024 15:45:55 +0100 Subject: [PATCH 03/28] docker: split up application and dependency layers --- docker/php/Dockerfile | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/docker/php/Dockerfile b/docker/php/Dockerfile index cb2225bb..b5a55675 100644 --- a/docker/php/Dockerfile +++ b/docker/php/Dockerfile @@ -2,8 +2,6 @@ FROM composer AS composer FROM php:8.1-fpm-bullseye -COPY --from=composer /usr/bin/composer /usr/bin/composer -COPY . /code RUN apt-get update && apt-get upgrade -y && apt-get install -y \ zlib1g-dev libicu-dev g++ \ @@ -36,12 +34,16 @@ RUN apt-get update && apt-get upgrade -y && apt-get install -y \ && pecl install -o -f igbinary \ && docker-php-ext-install gd zip opcache intl pdo pdo_mysql mysqli bcmath gettext iconv mbstring curl \ && docker-php-ext-enable igbinary redis imagick \ - && useradd -MU leftypol \ - && /code/docker/common-setup.sh \ + && useradd -MU leftypol + +COPY --from=composer /usr/bin/composer /usr/bin/composer +COPY . /code + +RUN /code/docker/common-setup.sh \ && ln -s /code/composer.json /code/composer.lock /var/www-leftypol/ \ && cd /var/www-leftypol && composer install # RUN /code/docker/common-setup.sh php WORKDIR "/var/www-leftypol" CMD ["php-fpm"] -EXPOSE 9000 \ No newline at end of file +EXPOSE 9000 From 20b7ed7829a02db6859abaa38c6816c87f9b9fd7 Mon Sep 17 00:00:00 2001 From: Zankaria Date: Sun, 11 Feb 2024 16:04:57 +0100 Subject: [PATCH 04/28] docker: fix missing tmp directory --- docker/common-setup.sh | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/docker/common-setup.sh b/docker/common-setup.sh index bf30bd20..649a3049 100755 --- a/docker/common-setup.sh +++ b/docker/common-setup.sh @@ -16,6 +16,10 @@ ln -s \ /code/install.sql \ /var/www-leftypol/ +install -m 775 -o leftypol -g leftypol -d /var/tmp/leftypol +install -m 775 -o leftypol -g leftypol -d /var/tmp/leftypol/cache +ln -s /var/tmp/leftypol /var/www-leftypol/tmp + install -m 775 -o leftypol -g leftypol -d /var/www-leftypol/js ln -s /code/js/* /var/www-leftypol/js/ From 726de817b124ad1cbdd19ba9c7661732d5487683 Mon Sep 17 00:00:00 2001 From: Zankaria Date: Sun, 31 Mar 2024 15:41:02 +0200 Subject: [PATCH 05/28] docker: change work directory to /var/www --- Dockerfile | 29 +++++++++++++++++++++++++++++ docker/common-setup.sh | 20 ++++++++++---------- docker/nginx/leftypol.conf | 4 ++-- docker/php/Dockerfile | 6 +++--- 4 files changed, 44 insertions(+), 15 deletions(-) create mode 100644 Dockerfile diff --git a/Dockerfile b/Dockerfile new file mode 100644 index 00000000..4e76f72e --- /dev/null +++ b/Dockerfile @@ -0,0 +1,29 @@ +FROM php:8.1.8-fpm + +COPY . /code + +RUN docker-php-ext-install pdo pdo_mysql +RUN apt-get update -y && apt-get install -y libpng-dev libjpeg-dev libonig-dev +RUN docker-php-ext-install mbstring +RUN apt-get update -y && apt-get install -y libmcrypt-dev +# RUN docker-php-ext-install -j$(nproc) mcrypt +RUN docker-php-ext-install iconv +RUN apt-get update -y && apt-get install -y imagemagick +RUN apt-get update -y && apt-get install -y graphicsmagick +RUN apt-get update -y && apt-get install -y gifsicle +# RUN docker-php-ext-configure gd +# --with-jpeg=/usr/include +# --with-png-dir=/usr \ +RUN docker-php-ext-install gd +RUN apt-get update -y \ + && apt-get install -y libmemcached11 libmemcachedutil2 build-essential libmemcached-dev libz-dev git \ + && pecl install memcached \ + && echo extension=memcached.so >> /usr/local/etc/php/conf.d/memcached.ini \ + && apt-get remove -y build-essential libmemcached-dev libz-dev \ + && apt-get autoremove -y \ + && apt-get clean \ + && rm -rf /tmp/pear \ + && curl -sS https://getcomposer.org/installer -o composer-setup.php \ + && php composer-setup.php --install-dir=/usr/local/bin --filename=composer \ + && docker-php-ext-install bcmath \ + && cd /code && composer install \ No newline at end of file diff --git a/docker/common-setup.sh b/docker/common-setup.sh index 649a3049..e8e8ed2e 100755 --- a/docker/common-setup.sh +++ b/docker/common-setup.sh @@ -2,7 +2,7 @@ set -eu -install -m 775 -o leftypol -g leftypol -d /var/www-leftypol +install -m 775 -o leftypol -g leftypol -d /var/www ln -s \ /code/banners/ \ /code/static/ \ @@ -14,18 +14,18 @@ ln -s \ /code/LICENSE.* \ /code/robots.txt \ /code/install.sql \ - /var/www-leftypol/ + /var/www/ install -m 775 -o leftypol -g leftypol -d /var/tmp/leftypol install -m 775 -o leftypol -g leftypol -d /var/tmp/leftypol/cache -ln -s /var/tmp/leftypol /var/www-leftypol/tmp +ln -s /var/tmp/leftypol /var/www/tmp -install -m 775 -o leftypol -g leftypol -d /var/www-leftypol/js -ln -s /code/js/* /var/www-leftypol/js/ +install -m 775 -o leftypol -g leftypol -d /var/www/js +ln -s /code/js/* /var/www/js/ -install -m 775 -o leftypol -g leftypol -d /var/www-leftypol/templates -install -m 775 -o leftypol -g leftypol -d /var/www-leftypol/templates/cache -ln -s /code/templates/* /var/www-leftypol/templates/ +install -m 775 -o leftypol -g leftypol -d /var/www/templates +install -m 775 -o leftypol -g leftypol -d /var/www/templates/cache +ln -s /code/templates/* /var/www/templates/ -install -m 775 -o leftypol -g leftypol -d /var/www-leftypol/inc -ln -s /code/inc/* /var/www-leftypol/inc/ +install -m 775 -o leftypol -g leftypol -d /var/www/inc +ln -s /code/inc/* /var/www/inc/ diff --git a/docker/nginx/leftypol.conf b/docker/nginx/leftypol.conf index eada8ee9..f6876dfe 100644 --- a/docker/nginx/leftypol.conf +++ b/docker/nginx/leftypol.conf @@ -6,7 +6,7 @@ server { listen 80 default_server; listen [::]:80 default_server ipv6only=on; server_name leftypol; - root /var/www-leftypol; + root /var/www; add_header X-Frame-Options "SAMEORIGIN"; add_header X-Content-Type-Options "nosniff"; @@ -56,7 +56,7 @@ server { proxy_set_header Forwarded-Request-Id $x_request_id; fastcgi_pass php-upstream; fastcgi_index index.php; - fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name; + fastcgi_param SCRIPT_FILENAME /var/www/$fastcgi_script_name; fastcgi_read_timeout 600; include fastcgi_params; } diff --git a/docker/php/Dockerfile b/docker/php/Dockerfile index b5a55675..bbae84fd 100644 --- a/docker/php/Dockerfile +++ b/docker/php/Dockerfile @@ -40,10 +40,10 @@ COPY --from=composer /usr/bin/composer /usr/bin/composer COPY . /code RUN /code/docker/common-setup.sh \ - && ln -s /code/composer.json /code/composer.lock /var/www-leftypol/ \ - && cd /var/www-leftypol && composer install + && ln -s /code/composer.json /code/composer.lock /var/www/ \ + && cd /var/www && composer install # RUN /code/docker/common-setup.sh php -WORKDIR "/var/www-leftypol" +WORKDIR "/var/www" CMD ["php-fpm"] EXPOSE 9000 From 5bf2634bf66800a91b8332cddc005734f2f63e63 Mon Sep 17 00:00:00 2001 From: Zankaria Date: Sun, 31 Mar 2024 15:49:09 +0200 Subject: [PATCH 06/28] docker: change user to www-data --- docker/common-setup.sh | 14 +++++++------- docker/nginx/Dockerfile | 11 +++++------ docker/nginx/nginx.conf | 6 ++++-- docker/php/Dockerfile | 6 ++---- docker/php/www.conf | 4 ++-- 5 files changed, 20 insertions(+), 21 deletions(-) diff --git a/docker/common-setup.sh b/docker/common-setup.sh index e8e8ed2e..3530c97c 100755 --- a/docker/common-setup.sh +++ b/docker/common-setup.sh @@ -2,7 +2,7 @@ set -eu -install -m 775 -o leftypol -g leftypol -d /var/www +install -m 775 -o www-data -g www-data -d /var/www ln -s \ /code/banners/ \ /code/static/ \ @@ -16,16 +16,16 @@ ln -s \ /code/install.sql \ /var/www/ -install -m 775 -o leftypol -g leftypol -d /var/tmp/leftypol -install -m 775 -o leftypol -g leftypol -d /var/tmp/leftypol/cache +install -m 775 -o www-data -g www-data -d /var/tmp/leftypol +install -m 775 -o www-data -g www-data -d /var/tmp/leftypol/cache ln -s /var/tmp/leftypol /var/www/tmp -install -m 775 -o leftypol -g leftypol -d /var/www/js +install -m 775 -o www-data -g www-data -d /var/www/js ln -s /code/js/* /var/www/js/ -install -m 775 -o leftypol -g leftypol -d /var/www/templates -install -m 775 -o leftypol -g leftypol -d /var/www/templates/cache +install -m 775 -o www-data -g www-data -d /var/www/templates +install -m 775 -o www-data -g www-data -d /var/www/templates/cache ln -s /code/templates/* /var/www/templates/ -install -m 775 -o leftypol -g leftypol -d /var/www/inc +install -m 775 -o www-data -g www-data -d /var/www/inc ln -s /code/inc/* /var/www/inc/ diff --git a/docker/nginx/Dockerfile b/docker/nginx/Dockerfile index e58381da..5fa002d3 100644 --- a/docker/nginx/Dockerfile +++ b/docker/nginx/Dockerfile @@ -1,11 +1,10 @@ FROM nginx:1.25.3-alpine COPY . /code -RUN addgroup --system leftypol \ - && adduser --system leftypol \ - && adduser leftypol leftypol \ - && /code/docker/common-setup.sh +RUN adduser --system www-data \ + && adduser www-data www-data \ + && /code/docker/common-setup.sh -CMD ["nginx", "-g", "daemon off;"] -EXPOSE 80 443 \ No newline at end of file +CMD [ "nginx", "-g", "daemon off;" ] +EXPOSE 80 diff --git a/docker/nginx/nginx.conf b/docker/nginx/nginx.conf index 8a4ba95f..6ac68e98 100644 --- a/docker/nginx/nginx.conf +++ b/docker/nginx/nginx.conf @@ -1,15 +1,17 @@ # This and proxy.conf are based on # https://github.com/dead-guru/devichan/blob/master/nginx/nginx.conf -user leftypol; +user www-data; worker_processes auto; # daemon off; # error_log /var/log/nginx/error.log warn; error_log /dev/stdout warn; -pid /var/run/nginx.pid; +pid /var/run/nginx.pid; + events { worker_connections 1024; } + http { include /etc/nginx/mime.types; default_type application/octet-stream; diff --git a/docker/php/Dockerfile b/docker/php/Dockerfile index bbae84fd..962ef695 100644 --- a/docker/php/Dockerfile +++ b/docker/php/Dockerfile @@ -33,8 +33,7 @@ RUN apt-get update && apt-get upgrade -y && apt-get install -y \ && pecl install imagick \ && pecl install -o -f igbinary \ && docker-php-ext-install gd zip opcache intl pdo pdo_mysql mysqli bcmath gettext iconv mbstring curl \ - && docker-php-ext-enable igbinary redis imagick \ - && useradd -MU leftypol + && docker-php-ext-enable igbinary redis imagick COPY --from=composer /usr/bin/composer /usr/bin/composer COPY . /code @@ -43,7 +42,6 @@ RUN /code/docker/common-setup.sh \ && ln -s /code/composer.json /code/composer.lock /var/www/ \ && cd /var/www && composer install -# RUN /code/docker/common-setup.sh php WORKDIR "/var/www" -CMD ["php-fpm"] +CMD [ "php-fpm" ] EXPOSE 9000 diff --git a/docker/php/www.conf b/docker/php/www.conf index 07fa7c28..1c4bfcfb 100644 --- a/docker/php/www.conf +++ b/docker/php/www.conf @@ -1,6 +1,6 @@ [www] -user = leftypol -group = leftypol +user = www-data +group = www-data listen = 127.0.0.1:9000 pm = static pm.max_children = 16 From e76dbfd7a0c1bf58e6719f8ea081f91c99705d0a Mon Sep 17 00:00:00 2001 From: Zankaria Date: Sun, 31 Mar 2024 17:35:31 +0200 Subject: [PATCH 07/28] docker: reduce file permissions --- docker/common-setup.sh | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/docker/common-setup.sh b/docker/common-setup.sh index 3530c97c..3b61b712 100755 --- a/docker/common-setup.sh +++ b/docker/common-setup.sh @@ -2,7 +2,7 @@ set -eu -install -m 775 -o www-data -g www-data -d /var/www +install -m 544 -o www-data -g www-data -d /var/www ln -s \ /code/banners/ \ /code/static/ \ @@ -16,16 +16,16 @@ ln -s \ /code/install.sql \ /var/www/ -install -m 775 -o www-data -g www-data -d /var/tmp/leftypol -install -m 775 -o www-data -g www-data -d /var/tmp/leftypol/cache +install -m 540 -o www-data -g www-data -d /var/tmp/leftypol +install -m 540 -o www-data -g www-data -d /var/tmp/leftypol/cache ln -s /var/tmp/leftypol /var/www/tmp -install -m 775 -o www-data -g www-data -d /var/www/js +install -m 544 -o www-data -g www-data -d /var/www/js ln -s /code/js/* /var/www/js/ -install -m 775 -o www-data -g www-data -d /var/www/templates -install -m 775 -o www-data -g www-data -d /var/www/templates/cache +install -m 544 -o www-data -g www-data -d /var/www/templates +install -m 544 -o www-data -g www-data -d /var/www/templates/cache ln -s /code/templates/* /var/www/templates/ -install -m 775 -o www-data -g www-data -d /var/www/inc +install -m 544 -o www-data -g www-data -d /var/www/inc ln -s /code/inc/* /var/www/inc/ From 6ba2c7cf426fdef6ae7d3b7fc7d6d82a53eab61f Mon Sep 17 00:00:00 2001 From: Zankaria Date: Sun, 31 Mar 2024 23:12:19 +0200 Subject: [PATCH 08/28] docker-compose: use local www root --- .dockerignore | 3 +++ .gitignore | 1 + docker-compose.yml | 2 +- 3 files changed, 5 insertions(+), 1 deletion(-) create mode 100644 .dockerignore diff --git a/.dockerignore b/.dockerignore new file mode 100644 index 00000000..60786eb9 --- /dev/null +++ b/.dockerignore @@ -0,0 +1,3 @@ +**/.git +**/.gitignore +/local-www diff --git a/.gitignore b/.gitignore index 6cade620..5571b91b 100644 --- a/.gitignore +++ b/.gitignore @@ -55,6 +55,7 @@ php_errors.log #vichan custom favicon.ico /static/spoiler.png +local-www piwik/ jwplayer/ diff --git a/docker-compose.yml b/docker-compose.yml index 9ae4f02f..cb095748 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -23,7 +23,7 @@ services: context: . dockerfile: ./docker/php/Dockerfile volumes: - - ./:/code + - ./local-www:/var/www - ./docker/php/www.conf:/usr/local/etc/php-fpm.d/www.conf networks: leftchan_net: From df7d7e1d3c1f89fd6a1bb5f0d3b4493404072ac6 Mon Sep 17 00:00:00 2001 From: Zankaria Date: Sun, 31 Mar 2024 23:17:38 +0200 Subject: [PATCH 09/28] docker: extract the vichan directory and make it optionally exposable --- docker/common-setup.sh | 59 +++++++++++++++--------------- docker/doc.md | 4 +++ docker/nginx/Dockerfile | 4 +-- docker/nginx/leftypol.conf | 21 +++++++++-- docker/php/Dockerfile | 26 ++++++++++---- docker/php/bootstrap.sh | 74 ++++++++++++++++++++++++++++++++++++++ 6 files changed, 147 insertions(+), 41 deletions(-) create mode 100644 docker/doc.md create mode 100755 docker/php/bootstrap.sh diff --git a/docker/common-setup.sh b/docker/common-setup.sh index 3b61b712..d275dcd2 100755 --- a/docker/common-setup.sh +++ b/docker/common-setup.sh @@ -1,31 +1,32 @@ #!/bin/sh -set -eu - -install -m 544 -o www-data -g www-data -d /var/www -ln -s \ - /code/banners/ \ - /code/static/ \ - /code/stylesheets/ \ - /code/tools/ \ - /code/walls/ \ - /code/*.php \ - /code/404.html \ - /code/LICENSE.* \ - /code/robots.txt \ - /code/install.sql \ - /var/www/ - -install -m 540 -o www-data -g www-data -d /var/tmp/leftypol -install -m 540 -o www-data -g www-data -d /var/tmp/leftypol/cache -ln -s /var/tmp/leftypol /var/www/tmp - -install -m 544 -o www-data -g www-data -d /var/www/js -ln -s /code/js/* /var/www/js/ - -install -m 544 -o www-data -g www-data -d /var/www/templates -install -m 544 -o www-data -g www-data -d /var/www/templates/cache -ln -s /code/templates/* /var/www/templates/ - -install -m 544 -o www-data -g www-data -d /var/www/inc -ln -s /code/inc/* /var/www/inc/ +#set -eu +# +#install -m 544 -o www-data -g www-data -d /var/www +#ln -s \ +# /code/banners/ \ +# /code/static/ \ +# /code/stylesheets/ \ +# /code/tools/ \ +# /code/walls/ \ +# /code/*.php \ +# /code/404.html \ +# /code/LICENSE.* \ +# /code/robots.txt \ +# /code/install.sql \ +# /var/www/ +# +#install -m 540 -o www-data -g www-data -d /var/tmp/leftypol +#install -m 540 -o www-data -g www-data -d /var/tmp/leftypol/cache +#ln -s /var/tmp/leftypol /var/www/tmp +# +#install -m 544 -o www-data -g www-data -d /var/www/js +#ln -s /code/js/* /var/www/js/ +# +#install -m 544 -o www-data -g www-data -d /var/www/templates +#install -m 544 -o www-data -g www-data -d /var/www/templates/cache +#ln -s /code/templates/* /var/www/templates/ +# +#install -m 544 -o www-data -g www-data -d /var/www/inc +#ln -s /code/inc/* /var/www/inc/ +# \ No newline at end of file diff --git a/docker/doc.md b/docker/doc.md new file mode 100644 index 00000000..13ad93a6 --- /dev/null +++ b/docker/doc.md @@ -0,0 +1,4 @@ +The `php-fpm` process runs containerized. +The php application always uses `/var/www` as it's work directory and home folder, and if `/var/www` is bind mounted it +is necessary to adjust the path passed via FastCGI to `php-fpm` by changing the root directory to `/var/www`. +This can achieved in nginx by setting the `fastcgi_param SCRIPT_FILENAME` to `/var/www/$fastcgi_script_name;` diff --git a/docker/nginx/Dockerfile b/docker/nginx/Dockerfile index 5fa002d3..d9d4bcc4 100644 --- a/docker/nginx/Dockerfile +++ b/docker/nginx/Dockerfile @@ -2,9 +2,7 @@ FROM nginx:1.25.3-alpine COPY . /code RUN adduser --system www-data \ - && adduser www-data www-data \ - && /code/docker/common-setup.sh - + && adduser www-data www-data CMD [ "nginx", "-g", "daemon off;" ] EXPOSE 80 diff --git a/docker/nginx/leftypol.conf b/docker/nginx/leftypol.conf index f6876dfe..cdb28076 100644 --- a/docker/nginx/leftypol.conf +++ b/docker/nginx/leftypol.conf @@ -6,7 +6,7 @@ server { listen 80 default_server; listen [::]:80 default_server ipv6only=on; server_name leftypol; - root /var/www; + root /var/www/html; add_header X-Frame-Options "SAMEORIGIN"; add_header X-Content-Type-Options "nosniff"; @@ -15,9 +15,24 @@ server { charset utf-8; location ~ ^([^.\?]*[^\/])$ { - try_files $uri @addslash; + try_files $uri @addslash; } + # Expire rules for static content + # Media: images, icons, video, audio, HTC + location ~* \.(?:jpg|jpeg|gif|png|ico|cur|gz|svg|svgz|mp4|ogg|ogv|webm|htc)$ { + expires 1M; + access_log off; + log_not_found off; + add_header Cache-Control "public"; + } + # CSS and Javascript + location ~* \.(?:css|js)$ { + expires 1y; + access_log off; + log_not_found off; + add_header Cache-Control "public"; + } # Expire rules for static content # Media: images, icons, video, audio, HTC location ~* \.(?:jpg|jpeg|gif|png|ico|cur|gz|svg|svgz|mp4|ogg|ogv|webm|htc)$ { @@ -39,7 +54,7 @@ server { } location @addslash { - return 301 $uri/; + return 301 $uri/; } location / { diff --git a/docker/php/Dockerfile b/docker/php/Dockerfile index 962ef695..5734dc1e 100644 --- a/docker/php/Dockerfile +++ b/docker/php/Dockerfile @@ -33,15 +33,29 @@ RUN apt-get update && apt-get upgrade -y && apt-get install -y \ && pecl install imagick \ && pecl install -o -f igbinary \ && docker-php-ext-install gd zip opcache intl pdo pdo_mysql mysqli bcmath gettext iconv mbstring curl \ - && docker-php-ext-enable igbinary redis imagick + && docker-php-ext-enable igbinary redis imagick \ + && rm -rf /var/cache/* \ + && rmdir /var/www/html \ + && install -d -m 744 -o www-data -g www-data /var/www \ + && install -d -m 700 -o www-data -g www-data /var/tmp/leftypol \ + && install -d -m 700 -o www-data -g www-data /var/cache/gen-cache \ + && install -d -m 700 -o www-data -g www-data /var/cache/template-cache -COPY --from=composer /usr/bin/composer /usr/bin/composer +COPY --from=composer /usr/bin/composer /usr/local/bin/composer + +# Copy the bootstrap script. +COPY ./docker/php/bootstrap.sh /usr/local/bin/bootstrap.sh + +# Copy the actual project (use .dockerignore to exclude stuff). COPY . /code -RUN /code/docker/common-setup.sh \ - && ln -s /code/composer.json /code/composer.lock /var/www/ \ - && cd /var/www && composer install +# Make the instance configuration owned by www-data. +# Make it writable by php. +# Install the compose depedencies. +RUN chown www-data /code/inc/instance-config.php && chgrp www-data /code/inc/instance-config.php \ + && chmod 660 /code/inc/instance-config.php \ + && cd /code && composer install WORKDIR "/var/www" -CMD [ "php-fpm" ] +CMD [ "bootstrap.sh" ] EXPOSE 9000 diff --git a/docker/php/bootstrap.sh b/docker/php/bootstrap.sh new file mode 100755 index 00000000..cc5390dc --- /dev/null +++ b/docker/php/bootstrap.sh @@ -0,0 +1,74 @@ +#!/bin/sh + +set -eu + +if ! mountpoint -q /var/www; then + echo "WARNING: '/var/www' is not a mountpoint. All the data will remain inside the container!" +fi + +if [ ! -w /var/www ] ; then + echo "ERROR: '/var/www' is not writable. Closing." + exit 1 +fi + +# Link the entrypoints from the exposed directory. +ln -nfs \ + /code/banners/ \ + /code/static/ \ + /code/stylesheets/ \ + /code/tools/ \ + /code/walls/ \ + /code/*.php \ + /code/LICENSE.* \ + /code/404.html \ + /code/install.sql \ + /var/www/ +# Ensure correct permissions are set, since this might be bind mount. +chown www-data /var/www +chgrp www-data /var/www + +# Initialize robots.txt with the default if it doesn't exist. +cp -n /code/robots.txt /var/www + +# Link the cache and tmp files directory. +ln -nfs /var/tmp/leftypol /var/www/tmp + +# Link the javascript directory. +ln -nfs /code/js /var/www/ + +# Link the html templates directory and it's cache. +ln -nfs /code/templates /var/www/ +ln -nfs -T /var/cache/template-cache /var/www/templates/cache +chown -h www-data /var/www/templates/cache +chgrp -h www-data /var/www/templates/cache + +# Link the generic cache. +ln -nfs -T /var/cache/gen-cache /var/www/tmp/cache +chown -h www-data /var/www/tmp/cache +chgrp -h www-data /var/www/tmp/cache + +# Create the included files directory and link them +install -d -m 700 -o www-data -g www-data /var/www/inc +for file in /code/inc/*; do + file="${file##*/}" + if [ ! -e /var/www/inc/$file ]; then + ln -s /code/inc/$file /var/www/inc/ + fi +done +# Copy an empty instance configuration if the file is a link (it was linked because it did not exist before). +if [ -L '/var/www/inc/instance-config.php' ]; then + echo 'INFO: Resetting instance configuration' + rm /var/www/inc/instance-config.php + cp /code/inc/instance-config.php /var/www/inc/instance-config.php + chown www-data /var/www/inc/instance-config.php + chgrp www-data /var/www/inc/instance-config.php + chmod 600 /var/www/inc/instance-config.php +else + echo 'INFO: Using existing instance configuration' +fi + +# Link the composer dependencies. +ln -nfs /code/vendor /var/www/ + +# Start the php-fpm server. +exec php-fpm From 06214a1e26d295cd121d6904bf48ef963fcb5e4c Mon Sep 17 00:00:00 2001 From: Zankaria Date: Sun, 7 Apr 2024 17:38:00 +0200 Subject: [PATCH 10/28] template.php: trim --- inc/template.php | 15 +++++++-------- 1 file changed, 7 insertions(+), 8 deletions(-) diff --git a/inc/template.php b/inc/template.php index 648adae8..54d2130e 100644 --- a/inc/template.php +++ b/inc/template.php @@ -27,17 +27,17 @@ function load_twig() { function Element($templateFile, array $options) { global $config, $debug, $twig, $build_pages; - + if (!$twig) load_twig(); - + if (function_exists('create_pm_header') && ((isset($options['mod']) && $options['mod']) || isset($options['__mod'])) && !preg_match('!^mod/!', $templateFile)) { $options['pm'] = create_pm_header(); } - + if (isset($options['body']) && $config['debug']) { $_debug = $debug; - + if (isset($debug['start'])) { $_debug['time']['total'] = '~' . round((microtime(true) - $_debug['start']) * 1000, 2) . 'ms'; $_debug['time']['init'] = '~' . round(($_debug['start_debug'] - $_debug['start']) * 1000, 2) . 'ms'; @@ -55,18 +55,17 @@ function Element($templateFile, array $options) { str_replace("\n", '
', utf8tohtml(print_r($_debug, true))) . ''; } - + // Read the template file if (@file_get_contents("{$config['dir']['template']}/${templateFile}")) { $body = $twig->render($templateFile, $options); - + if ($config['minify_html'] && preg_match('/\.html$/', $templateFile)) { $body = trim(preg_replace("/[\t\r\n]/", '', $body)); } - + return $body; } else { throw new Exception("Template file '${templateFile}' does not exist or is empty in '{$config['dir']['template']}'!"); } } - From 58739875999831ebf9ba9e4d99049ea21d35ad81 Mon Sep 17 00:00:00 2001 From: Zankaria Date: Sun, 31 Mar 2024 23:10:07 +0200 Subject: [PATCH 11/28] template.php install.php: handle cache directory being a symlink --- inc/template.php | 7 +++++-- install.php | 5 ++--- 2 files changed, 7 insertions(+), 5 deletions(-) diff --git a/inc/template.php b/inc/template.php index 54d2130e..9ec93d34 100644 --- a/inc/template.php +++ b/inc/template.php @@ -13,12 +13,15 @@ $twig = false; function load_twig() { global $twig, $config; + + $cache_dir = "{$config['dir']['template']}/cache/"; + $loader = new Twig_Loader_Filesystem($config['dir']['template']); $loader->setPaths($config['dir']['template']); $twig = new Twig_Environment($loader, array( 'autoescape' => false, - 'cache' => is_writable('templates') || (is_dir('templates/cache') && is_writable('templates/cache')) ? - "{$config['dir']['template']}/cache" : false, + 'cache' => is_writable('templates/') || (is_dir($cache_dir) && is_writable($cache_dir)) ? + $cache_dir : false, 'debug' => $config['debug'] )); $twig->addExtension(new Twig_Extensions_Extension_Tinyboard()); diff --git a/install.php b/install.php index dfd0df73..8c3c9208 100644 --- a/install.php +++ b/install.php @@ -818,14 +818,14 @@ if ($step == 0) { array( 'category' => 'File permissions', 'name' => getcwd() . '/templates/cache', - 'result' => is_writable('templates') || (is_dir('templates/cache') && is_writable('templates/cache')), + 'result' => is_dir('templates/cache/') && is_writable('templates/cache/'), 'required' => true, 'message' => 'You must give vichan permission to create (and write to) the templates/cache directory or performance will be drastically reduced.' ), array( 'category' => 'File permissions', 'name' => getcwd() . '/tmp/cache', - 'result' => is_dir('tmp/cache') && is_writable('tmp/cache'), + 'result' => is_dir('tmp/cache/') && is_writable('tmp/cache/'), 'required' => true, 'message' => 'You must give vichan permission to write to the tmp/cache directory.' ), @@ -993,4 +993,3 @@ if ($step == 0) { echo Element('page.html', $page); } - From 0354b1a3cd992be1e3926a0bf6f057ee6e8b5433 Mon Sep 17 00:00:00 2001 From: Zankaria Date: Thu, 4 Apr 2024 17:05:27 +0200 Subject: [PATCH 12/28] install.php: check that secrets.php is writable --- install.php | 134 ++++++++++++++++++++++++++-------------------------- 1 file changed, 67 insertions(+), 67 deletions(-) diff --git a/install.php b/install.php index 8c3c9208..9d3ef19c 100644 --- a/install.php +++ b/install.php @@ -1,6 +1,6 @@ = 50503) return query($sql); else return query(str_replace('utf8mb4', 'utf8', $sql)); } - + $boards = listBoards(); - + switch ($version) { case 'v0.9': case 'v0.9.1': // Upgrade to v0.9.2-dev - + foreach ($boards as &$_board) { // Add `capcode` field after `trip` query(sprintf("ALTER TABLE `posts_%s` ADD `capcode` VARCHAR( 50 ) NULL AFTER `trip`", $_board['uri'])) or error(db_error()); - + // Resize `trip` to 15 characters query(sprintf("ALTER TABLE `posts_%s` CHANGE `trip` `trip` VARCHAR( 15 ) CHARACTER SET utf8 COLLATE utf8_general_ci NULL DEFAULT NULL", $_board['uri'])) or error(db_error()); } case 'v0.9.2-dev': // Upgrade to v0.9.2-dev-1 - + // New table: `theme_settings` query("CREATE TABLE IF NOT EXISTS `theme_settings` ( `name` varchar(40) NOT NULL, `value` text, UNIQUE KEY `name` (`name`)) ENGINE=InnoDB DEFAULT CHARSET=utf8;") or error(db_error()); - + // New table: `news` query("CREATE TABLE IF NOT EXISTS `news` ( `id` int(11) NOT NULL AUTO_INCREMENT, `name` text NOT NULL, `time` int(11) NOT NULL, `subject` text NOT NULL, `body` text NOT NULL, UNIQUE KEY `id` (`id`) ) ENGINE=InnoDB DEFAULT CHARSET=utf8 AUTO_INCREMENT=1;") or error(db_error()); case 'v0.9.2.1-dev': @@ -81,7 +81,7 @@ if (file_exists($config['has_installed'])) { // Fix broken version number/mistake $version = 'v0.9.2-dev-1'; // Upgrade to v0.9.2-dev-2 - + foreach ($boards as &$_board) { // Increase field sizes query(sprintf("ALTER TABLE `posts_%s` CHANGE `subject` `subject` VARCHAR( 50 ) CHARACTER SET utf8 COLLATE utf8_general_ci NOT NULL", $_board['uri'])) or error(db_error()); @@ -89,7 +89,7 @@ if (file_exists($config['has_installed'])) { } case 'v0.9.2-dev-2': // Upgrade to v0.9.2-dev-3 (v0.9.2) - + foreach ($boards as &$_board) { // Add `custom_fields` field query(sprintf("ALTER TABLE `posts_%s` ADD `embed` TEXT NULL", $_board['uri'])) or error(db_error()); @@ -97,7 +97,7 @@ if (file_exists($config['has_installed'])) { case 'v0.9.2-dev-3': // v0.9.2-dev-3 == v0.9.2 case 'v0.9.2': // Upgrade to v0.9.3-dev-1 - + // Upgrade `theme_settings` table query("TRUNCATE TABLE `theme_settings`") or error(db_error()); query("ALTER TABLE `theme_settings` ADD `theme` VARCHAR( 40 ) NOT NULL FIRST") or error(db_error()); @@ -129,7 +129,7 @@ if (file_exists($config['has_installed'])) { foreach ($boards as &$board) { $tables[] = "posts_{$board['uri']}"; } - + foreach ($tables as &$table) { query("ALTER TABLE `{$table}` ENGINE = MYISAM DEFAULT CHARACTER SET utf8 COLLATE utf8_general_ci") or error(db_error()); } @@ -153,10 +153,10 @@ if (file_exists($config['has_installed'])) { query("ALTER TABLE `boards` DROP PRIMARY KEY") or error(db_error()); query("ALTER TABLE `reports` DROP INDEX `id`") or error(db_error()); query("ALTER TABLE `boards` DROP INDEX `uri`") or error(db_error()); - + query("ALTER IGNORE TABLE `robot` ADD PRIMARY KEY (`hash`)") or error(db_error()); query("ALTER TABLE `bans` ADD FULLTEXT (`ip`)") or error(db_error()); - query("ALTER TABLE `ip_notes` ADD INDEX (`ip`)") or error(db_error()); + query("ALTER TABLE `ip_notes` ADD INDEX (`ip`)") or error(db_error()); query("ALTER TABLE `modlogs` ADD INDEX (`time`)") or error(db_error()); query("ALTER TABLE `boards` ADD PRIMARY KEY(`uri`)") or error(db_error()); query("ALTER TABLE `mutes` ADD INDEX (`ip`)") or error(db_error()); @@ -174,9 +174,9 @@ if (file_exists($config['has_installed'])) {

I have read and understood the agreement. Proceed to upgrading.

'; - + file_write($config['has_installed'], 'v0.9.4-dev-2'); - + break; } case 'v0.9.4-dev-3': @@ -194,14 +194,14 @@ if (file_exists($config['has_installed'])) { } query("CREATE TABLE IF NOT EXISTS `cites` ( `board` varchar(8) NOT NULL, `post` int(11) NOT NULL, `target_board` varchar(8) NOT NULL, `target` int(11) NOT NULL, KEY `target` (`target_board`,`target`), KEY `post` (`board`,`post`)) ENGINE=MyISAM DEFAULT CHARSET=utf8;") or error(db_error()); case 'v0.9.5-dev-2': - query("ALTER TABLE `boards` + query("ALTER TABLE `boards` CHANGE `uri` `uri` VARCHAR( 15 ) CHARACTER SET utf8 COLLATE utf8_general_ci NOT NULL, CHANGE `title` `title` VARCHAR( 40 ) CHARACTER SET utf8 COLLATE utf8_general_ci NOT NULL, CHANGE `subtitle` `subtitle` VARCHAR( 120 ) CHARACTER SET utf8 COLLATE utf8_general_ci NULL") or error(db_error()); case 'v0.9.5-dev-3': // v0.9.5 case 'v0.9.5': - query("ALTER TABLE `boards` + query("ALTER TABLE `boards` CHANGE `uri` `uri` VARCHAR( 50 ) CHARACTER SET utf8 COLLATE utf8_general_ci NOT NULL, CHANGE `title` `title` TINYTEXT CHARACTER SET utf8 COLLATE utf8_general_ci NOT NULL, CHANGE `subtitle` `subtitle` TINYTEXT CHARACTER SET utf8 COLLATE utf8_general_ci NULL") or error(db_error()); @@ -228,12 +228,12 @@ if (file_exists($config['has_installed'])) { $query->bindValue(':newboard', $board['uri']); $query->bindValue(':oldboard', $board['id']); $query->execute() or error(db_error($query)); - + $query = prepare("UPDATE `modlogs` SET `board` = :newboard WHERE `board` = :oldboard"); $query->bindValue(':newboard', $board['uri']); $query->bindValue(':oldboard', $board['id']); $query->execute() or error(db_error($query)); - + $query = prepare("UPDATE `reports` SET `board` = :newboard WHERE `board` = :oldboard"); $query->bindValue(':newboard', $board['uri']); $query->bindValue(':oldboard', $board['id']); @@ -271,10 +271,10 @@ if (file_exists($config['has_installed'])) { if (strlen($user['password']) == 40) { mt_srand(microtime(true) * 100000 + memory_get_usage(true)); $salt = md5(uniqid(mt_rand(), true)); - + $user['salt'] = $salt; $user['password'] = hash('sha256', $user['salt'] . $user['password']); - + $_query = prepare("UPDATE `mods` SET `password` = :password, `salt` = :salt WHERE `id` = :id"); $_query->bindValue(':id', $user['id']); $_query->bindValue(':password', $user['password']); @@ -306,7 +306,7 @@ if (file_exists($config['has_installed'])) { CHANGE `embed` `embed` TEXT CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci NULL DEFAULT NULL, DEFAULT CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci;", $board['uri'])) or error(db_error()); } - + __query("ALTER TABLE `antispam` CHANGE `board` `board` VARCHAR( 120 ) CHARACTER SET ASCII COLLATE ascii_general_ci NOT NULL , CHANGE `hash` `hash` CHAR( 40 ) CHARACTER SET ASCII COLLATE ascii_bin NOT NULL , @@ -466,44 +466,44 @@ if (file_exists($config['has_installed'])) { ) ENGINE=MyISAM DEFAULT CHARSET=utf8mb4 AUTO_INCREMENT=1") or error(db_error()); $listquery = query("SELECT * FROM ``bans`` ORDER BY `id`") or error(db_error()); while ($ban = $listquery->fetch(PDO::FETCH_ASSOC)) { - $query = prepare("INSERT INTO ``bans_new_temp`` VALUES + $query = prepare("INSERT INTO ``bans_new_temp`` VALUES (NULL, :ipstart, :ipend, :created, :expires, :board, :creator, :reason, :seen, NULL)"); - + $range = Bans::parse_range($ban['ip']); if ($range === false) { // Invalid retard ban; just skip it. continue; } - + $query->bindValue(':ipstart', $range[0]); if ($range[1] !== false && $range[1] != $range[0]) $query->bindValue(':ipend', $range[1]); else $query->bindValue(':ipend', null, PDO::PARAM_NULL); - + $query->bindValue(':created', $ban['set']); - + if ($ban['expires']) $query->bindValue(':expires', $ban['expires']); else $query->bindValue(':expires', null, PDO::PARAM_NULL); - + if ($ban['board']) $query->bindValue(':board', $ban['board']); else $query->bindValue(':board', null, PDO::PARAM_NULL); - + $query->bindValue(':creator', $ban['mod']); - + if ($ban['reason']) $query->bindValue(':reason', $ban['reason']); else $query->bindValue(':reason', null, PDO::PARAM_NULL); - + $query->bindValue(':seen', $ban['seen']); $query->execute() or error(db_error($query)); } - + // Drop old bans table query("DROP TABLE ``bans``") or error(db_error()); // Replace with new table @@ -535,9 +535,9 @@ if (file_exists($config['has_installed'])) {

I have read and understood the agreement. Proceed to upgrading.

'; - + file_write($config['has_installed'], '4.4.97'); - + break; } case '4.4.98-pre': @@ -553,9 +553,9 @@ if (file_exists($config['has_installed'])) {

I have read and understood the warning. Proceed to upgrading.

'; - + file_write($config['has_installed'], '4.5.2'); - + break; } @@ -614,7 +614,7 @@ if (file_exists($config['has_installed'])) { // Update version number file_write($config['has_installed'], VERSION); - + $page['title'] = 'Upgraded'; $page['body'] = '

Successfully upgraded from ' . $version . ' to ' . VERSION . '.

'; break; @@ -626,8 +626,8 @@ if (file_exists($config['has_installed'])) { $page['title'] = 'Already installed'; $page['body'] = '

It appears that vichan is already installed (' . $version . ') and there is nothing to upgrade! Delete ' . $config['has_installed'] . ' to reinstall.

'; break; - } - + } + die(Element('page.html', $page)); } @@ -659,11 +659,11 @@ if ($step == 0) {

I have read and understood the agreement. Proceed to installation.

'; - + echo Element('page.html', $page); } elseif ($step == 1) { $page['title'] = 'Pre-installation test'; - + $can_exec = true; if (!function_exists('shell_exec')) $can_exec = false; @@ -673,12 +673,12 @@ if ($step == 0) { $can_exec = false; elseif (trim(shell_exec('echo "TEST"')) !== 'TEST') $can_exec = false; - + if (!defined('PHP_VERSION_ID')) { $version = explode('.', PHP_VERSION); define('PHP_VERSION_ID', ($version[0] * 10000 + $version[1] * 100 + $version[2])); } - + // Required extensions $extensions = array( 'PDO' => array( @@ -854,7 +854,7 @@ if ($step == 0) { ); $config['font_awesome'] = true; - + $additional_config = array(); foreach ($tests as $test) { if ($test['result'] && isset($test['effect'])) { @@ -877,10 +877,10 @@ if ($step == 0) { } elseif ($step == 2) { // Basic config $page['title'] = 'Configuration'; - + $config['cookies']['salt'] = substr(base64_encode(sha1(rand())), 0, 30); - $config['secure_trip_salt'] = substr(base64_encode(sha1(rand())), 0, 30); - + $config['secure_trip_salt'] = substr(base64_encode(sha1(rand())), 0, 30); + echo Element('page.html', array( 'body' => Element('installer/config.html', array( 'config' => $config, @@ -893,7 +893,7 @@ if ($step == 0) { $more = $_POST['more']; unset($_POST['more']); - $instance_config = + $instance_config = '<'.'?php /* @@ -905,13 +905,13 @@ if ($step == 0) { */ '; - + create_config_from_array($instance_config, $_POST); - + $instance_config .= "\n"; $instance_config .= $more; $instance_config .= "\n"; - + if (@file_put_contents('inc/instance-config.php', $instance_config)) { header('Location: ?step=4', true, $config['redirect_http']); } else { @@ -928,22 +928,22 @@ if ($step == 0) { } } elseif ($step == 4) { // SQL installation - + buildJavascript(); - + $sql = @file_get_contents('install.sql') or error("Couldn't load install.sql."); - + sql_open(); $mysql_version = mysql_version(); - + // This code is probably horrible, but what I'm trying // to do is find all of the SQL queires and put them // in an array. preg_match_all("/(^|\n)((SET|CREATE|INSERT).+)\n\n/msU", $sql, $queries); $queries = $queries[2]; - + $queries[] = Element('posts.sql', array('board' => 'b')); - + $sql_errors = ''; $sql_err_count = 0; foreach ($queries as $query) { @@ -956,10 +956,10 @@ if ($step == 0) { $sql_errors .= "
  • $sql_err_count
    • $query
    • $error
    • "; } } - + $page['title'] = 'Installation complete'; $page['body'] = '

    Thank you for using vichan. Please remember to report any bugs you discover. How do I edit the config files?

    '; - + if (!empty($sql_errors)) { $page['body'] .= '

    SQL errors

    SQL errors were encountered when trying to install the database. This may be the result of using a database which is already occupied with a vichan installation; if so, you can probably ignore this.

    The errors encountered were:

      ' . $sql_errors . '

    Ignore errors and complete installation.

    '; } else { @@ -968,28 +968,28 @@ if ($step == 0) { setupBoard($_board); buildIndex(); } - + file_write($config['has_installed'], VERSION); /*if (!file_unlink(__FILE__)) { $page['body'] .= '

    Delete install.php!

    I couldn\'t remove install.php. You will have to remove it manually.

    '; }*/ } - + echo Element('page.html', $page); } elseif ($step == 5) { $page['title'] = 'Installation complete'; $page['body'] = '

    Thank you for using vichan. Please remember to report any bugs you discover.

    '; - + $boards = listBoards(); foreach ($boards as &$_board) { setupBoard($_board); buildIndex(); } - + file_write($config['has_installed'], VERSION); if (!file_unlink(__FILE__)) { $page['body'] .= '

    Delete install.php!

    I couldn\'t remove install.php. You will have to remove it manually.

    '; } - + echo Element('page.html', $page); } From e1e6a5ce35d8b70742050bb1c3e48aca2f820acd Mon Sep 17 00:00:00 2001 From: Zankaria Date: Thu, 4 Apr 2024 17:33:22 +0200 Subject: [PATCH 13/28] docker: create empty robots.txt --- docker/php/bootstrap.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docker/php/bootstrap.sh b/docker/php/bootstrap.sh index cc5390dc..5aaec0b2 100755 --- a/docker/php/bootstrap.sh +++ b/docker/php/bootstrap.sh @@ -27,8 +27,8 @@ ln -nfs \ chown www-data /var/www chgrp www-data /var/www -# Initialize robots.txt with the default if it doesn't exist. -cp -n /code/robots.txt /var/www +# Initialize an empty robots.txt with the default if it doesn't exist. +touch /var/www/robots.txt # Link the cache and tmp files directory. ln -nfs /var/tmp/leftypol /var/www/tmp From cb686abbba8351d3c47c1cb72fd098c2f6e955aa Mon Sep 17 00:00:00 2001 From: Zankaria Date: Thu, 4 Apr 2024 17:41:03 +0200 Subject: [PATCH 14/28] docker: ignore empty gitkeep directories --- .dockerignore | 1 + 1 file changed, 1 insertion(+) diff --git a/.dockerignore b/.dockerignore index 60786eb9..1b82198d 100644 --- a/.dockerignore +++ b/.dockerignore @@ -1,3 +1,4 @@ **/.git **/.gitignore /local-www +**/.gitkeep From 745bd5fc5d1b7c8bfffb0e567576320918bdb9f0 Mon Sep 17 00:00:00 2001 From: Zankaria Date: Thu, 4 Apr 2024 17:42:37 +0200 Subject: [PATCH 15/28] docker: use less used port for compose --- docker-compose.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docker-compose.yml b/docker-compose.yml index cb095748..c50f95aa 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -5,7 +5,7 @@ services: context: . dockerfile: ./docker/nginx/Dockerfile ports: - - "8080:80" + - "9090:80" depends_on: - db volumes: From ffaad8dbb89e3735bb0ac75eba0a8136153d3000 Mon Sep 17 00:00:00 2001 From: Zankaria Date: Thu, 4 Apr 2024 23:57:25 +0200 Subject: [PATCH 16/28] docker: handle secrets.php --- docker/php/bootstrap.sh | 5 +++++ install.php | 2 +- 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/docker/php/bootstrap.sh b/docker/php/bootstrap.sh index 5aaec0b2..006eea80 100755 --- a/docker/php/bootstrap.sh +++ b/docker/php/bootstrap.sh @@ -30,6 +30,11 @@ chgrp www-data /var/www # Initialize an empty robots.txt with the default if it doesn't exist. touch /var/www/robots.txt +# Initialize an empty writable secrests.php with the default if it doesn't exist. +touch /var/www/inc/secrets.php +chown www-data /var/www/inc/secrets.php +chgrp www-data /var/www/inc/secrets.php + # Link the cache and tmp files directory. ln -nfs /var/tmp/leftypol /var/www/tmp diff --git a/install.php b/install.php index 9d3ef19c..6e58d344 100644 --- a/install.php +++ b/install.php @@ -3,7 +3,7 @@ // Installation/upgrade file define('VERSION', '5.1.3'); -if (fopen('inc/instance-config.php' , 'a') === false) { +if (!is_writable('inc/instance-config.php') || !is_writable('inc/')) { print('install.php does not have permission to write to /inc/, without permission the installer cannot continue'); exit(); } From 0d2a441eb0e7040cd6da038859be87e4dfd8b5ea Mon Sep 17 00:00:00 2001 From: Zankaria Date: Fri, 5 Apr 2024 00:45:26 +0200 Subject: [PATCH 17/28] docker: compose mount local-www as root directory in nginx --- docker-compose.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docker-compose.yml b/docker-compose.yml index c50f95aa..7383781b 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -9,7 +9,7 @@ services: depends_on: - db volumes: - - ./:/code + - ./local-www:/var/www/html - ./docker/nginx/leftypol.conf:/etc/nginx/conf.d/default.conf - ./docker/nginx/nginx.conf:/etc/nginx/nginx.conf - ./docker/nginx/proxy.conf:/etc/nginx/conf.d/proxy.conf From ef98a2aa7e65d3014fa1b98bbabe44a3d3b93bf7 Mon Sep 17 00:00:00 2001 From: Zankaria Date: Sun, 7 Apr 2024 13:16:33 +0200 Subject: [PATCH 18/28] docker: remove lainchan branding from compose file --- docker-compose.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docker-compose.yml b/docker-compose.yml index 7383781b..319e0dff 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -37,8 +37,8 @@ services: ports: - "3306:3306" environment: - MYSQL_DATABASE: lainchan - MYSQL_ROOT_PASSWORD: M9q5lO0RxJVh + MYSQL_DATABASE: vichan + MYSQL_ROOT_PASSWORD: test-database networks: leftchan_net: ipv4_address: 172.20.0.2 From 4edb0b5563ca093d65cbb93b4c26c473d65a1207 Mon Sep 17 00:00:00 2001 From: Zankaria Date: Sun, 7 Apr 2024 13:17:17 +0200 Subject: [PATCH 19/28] docker: move image to alpine linux --- docker/php/Dockerfile | 90 ++++++++++++++++++++++++++++--------------- 1 file changed, 60 insertions(+), 30 deletions(-) diff --git a/docker/php/Dockerfile b/docker/php/Dockerfile index 5734dc1e..e3bd206f 100644 --- a/docker/php/Dockerfile +++ b/docker/php/Dockerfile @@ -1,43 +1,73 @@ # Based on https://github.com/dead-guru/devichan/blob/master/php-fpm/Dockerfile FROM composer AS composer -FROM php:8.1-fpm-bullseye +FROM php:8.1-fpm-alpine -RUN apt-get update && apt-get upgrade -y && apt-get install -y \ - zlib1g-dev libicu-dev g++ \ - libjpeg62-turbo-dev \ - libzip-dev \ - libpng-dev \ - libwebp-dev \ - libfreetype6-dev \ - libxml2-dev \ - git \ - zip \ - ffmpeg \ - libonig-dev \ - unzip \ - libcurl4-openssl-dev \ - libmagickwand-dev \ - gifsicle \ - graphicsmagick \ - gettext \ - imagemagick \ - locales locales-all \ - libmagickwand-dev \ - libmcrypt-dev \ +RUN apk add --no-cache \ + zlib \ + zlib-dev \ + libpng \ + libpng-dev \ + libjpeg-turbo \ + libjpeg-turbo-dev \ + libwebp \ + libwebp-dev \ + libcurl \ + curl-dev \ + imagemagick \ + graphicsmagick \ + gifsicle \ + ffmpeg \ + bind-tools \ + gettext \ + gettext-dev \ + icu-dev \ + oniguruma \ + oniguruma-dev \ + libmcrypt \ + libmcrypt-dev \ + lz4-libs \ + lz4-dev \ + imagemagick-dev \ + pcre-dev \ + $PHPIZE_DEPS \ && docker-php-ext-configure gd \ --with-webp=/usr/include/webp \ --with-jpeg=/usr/include \ - --with-freetype=/usr/include/freetype2/ \ + && docker-php-ext-install -j$(nproc) \ + gd \ + curl \ + bcmath \ + opcache \ + pdo_mysql \ + gettext \ + intl \ + mbstring \ + && pecl update-channels \ + && pecl install -o -f igbinary \ && pecl install redis \ && pecl install imagick \ - && pecl install -o -f igbinary \ - && docker-php-ext-install gd zip opcache intl pdo pdo_mysql mysqli bcmath gettext iconv mbstring curl \ - && docker-php-ext-enable igbinary redis imagick \ - && rm -rf /var/cache/* \ - && rmdir /var/www/html \ + $$ docker-php-ext-enable \ + igbinary \ + redis \ + imagick \ + && apk del \ + zlib-dev \ + libpng-dev \ + libjpeg-turbo-dev \ + libwebp-dev \ + curl-dev \ + gettext-dev \ + oniguruma-dev \ + libmcrypt-dev \ + lz4-dev \ + imagemagick-dev \ + pcre-dev \ + $PHPIZE_DEPS \ + && rm -rf /var/cache/* +RUN rmdir /var/www/html \ && install -d -m 744 -o www-data -g www-data /var/www \ - && install -d -m 700 -o www-data -g www-data /var/tmp/leftypol \ + && install -d -m 700 -o www-data -g www-data /var/tmp/vichan \ && install -d -m 700 -o www-data -g www-data /var/cache/gen-cache \ && install -d -m 700 -o www-data -g www-data /var/cache/template-cache From 1682352b66bdb2bf6c95fdb3a072d253395df97d Mon Sep 17 00:00:00 2001 From: Zankaria Date: Sun, 7 Apr 2024 13:18:38 +0200 Subject: [PATCH 20/28] docker: boostrap script handle secrets.php, copy static files --- docker/php/bootstrap.sh | 44 ++++++++++++++++++++++++----------------- 1 file changed, 26 insertions(+), 18 deletions(-) diff --git a/docker/php/bootstrap.sh b/docker/php/bootstrap.sh index 006eea80..36aed8b9 100755 --- a/docker/php/bootstrap.sh +++ b/docker/php/bootstrap.sh @@ -2,6 +2,19 @@ set -eu +function set_cfg() { + if [ -L "/var/www/inc/$1" ]; then + echo "INFO: Resetting $1" + rm "/var/www/inc/$1" + cp "/code/inc/$1" "/var/www/inc/$1" + chown www-data "/var/www/inc/$1" + chgrp www-data "/var/www/inc/$1" + chmod 600 "/var/www/inc/$1" + else + echo "INFO: Using existing $1" + fi +} + if ! mountpoint -q /var/www; then echo "WARNING: '/var/www' is not a mountpoint. All the data will remain inside the container!" fi @@ -14,8 +27,6 @@ fi # Link the entrypoints from the exposed directory. ln -nfs \ /code/banners/ \ - /code/static/ \ - /code/stylesheets/ \ /code/tools/ \ /code/walls/ \ /code/*.php \ @@ -23,6 +34,10 @@ ln -nfs \ /code/404.html \ /code/install.sql \ /var/www/ +# Static files accessible from the webserver must be copied. +cp -ur /code/static /var/www/ +cp -ur /code/stylesheets /var/www/ + # Ensure correct permissions are set, since this might be bind mount. chown www-data /var/www chgrp www-data /var/www @@ -30,13 +45,8 @@ chgrp www-data /var/www # Initialize an empty robots.txt with the default if it doesn't exist. touch /var/www/robots.txt -# Initialize an empty writable secrests.php with the default if it doesn't exist. -touch /var/www/inc/secrets.php -chown www-data /var/www/inc/secrets.php -chgrp www-data /var/www/inc/secrets.php - # Link the cache and tmp files directory. -ln -nfs /var/tmp/leftypol /var/www/tmp +ln -nfs /var/tmp/vichan /var/www/tmp # Link the javascript directory. ln -nfs /code/js /var/www/ @@ -60,17 +70,15 @@ for file in /code/inc/*; do ln -s /code/inc/$file /var/www/inc/ fi done + # Copy an empty instance configuration if the file is a link (it was linked because it did not exist before). -if [ -L '/var/www/inc/instance-config.php' ]; then - echo 'INFO: Resetting instance configuration' - rm /var/www/inc/instance-config.php - cp /code/inc/instance-config.php /var/www/inc/instance-config.php - chown www-data /var/www/inc/instance-config.php - chgrp www-data /var/www/inc/instance-config.php - chmod 600 /var/www/inc/instance-config.php -else - echo 'INFO: Using existing instance configuration' -fi +set_cfg 'instance-config.php' +set_cfg 'secrets.php' + +# Initialize an empty writable secrests.php with the default if it doesn't exist. +#touch /var/www/inc/secrets.php +#chown www-data /var/www/inc/secrets.php +#chgrp www-data /var/www/inc/secrets.php # Link the composer dependencies. ln -nfs /code/vendor /var/www/ From 651cc9edb4616f44fa55694e4947a6d84f76ad04 Mon Sep 17 00:00:00 2001 From: Zankaria Date: Sun, 7 Apr 2024 18:29:38 +0200 Subject: [PATCH 21/28] docker: use different subnet and db container name than vanilla vichan --- docker-compose.yml | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/docker-compose.yml b/docker-compose.yml index 319e0dff..8f5e22c8 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -5,7 +5,7 @@ services: context: . dockerfile: ./docker/nginx/Dockerfile ports: - - "9090:80" + - "9091:80" depends_on: - db volumes: @@ -15,7 +15,7 @@ services: - ./docker/nginx/proxy.conf:/etc/nginx/conf.d/proxy.conf networks: leftchan_net: - ipv4_address: 172.20.0.3 + ipv4_address: 172.21.0.3 links: - php php: @@ -27,11 +27,11 @@ services: - ./docker/php/www.conf:/usr/local/etc/php-fpm.d/www.conf networks: leftchan_net: - ipv4_address: 172.20.0.4 + ipv4_address: 172.21.0.4 #MySQL Service db: image: mysql:8.0.35 - container_name: db + container_name: leftypol-db restart: unless-stopped tty: true ports: @@ -41,7 +41,7 @@ services: MYSQL_ROOT_PASSWORD: test-database networks: leftchan_net: - ipv4_address: 172.20.0.2 + ipv4_address: 172.21.0.2 #Docker Networks networks: @@ -49,4 +49,4 @@ networks: ipam: driver: default config: - - subnet: 172.20.0.0/16 + - subnet: 172.21.0.0/16 From 040bf21c4726cd221d5cb137811a566a2483c606 Mon Sep 17 00:00:00 2001 From: Zankaria Date: Sun, 7 Apr 2024 18:30:29 +0200 Subject: [PATCH 22/28] docker: do not mention instance-config.php in leftypol dockerfile --- docker/php/Dockerfile | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/docker/php/Dockerfile b/docker/php/Dockerfile index e3bd206f..42f61541 100644 --- a/docker/php/Dockerfile +++ b/docker/php/Dockerfile @@ -82,9 +82,7 @@ COPY . /code # Make the instance configuration owned by www-data. # Make it writable by php. # Install the compose depedencies. -RUN chown www-data /code/inc/instance-config.php && chgrp www-data /code/inc/instance-config.php \ - && chmod 660 /code/inc/instance-config.php \ - && cd /code && composer install +RUN cd /code && composer install WORKDIR "/var/www" CMD [ "bootstrap.sh" ] From c6f0dc5f4e8bcd39c4c73a3013db5fbde8452586 Mon Sep 17 00:00:00 2001 From: Zankaria Date: Sun, 7 Apr 2024 18:31:58 +0200 Subject: [PATCH 23/28] docker: do not mention secrets.php in leftypol dockerfile --- docker/php/bootstrap.sh | 6 ------ 1 file changed, 6 deletions(-) diff --git a/docker/php/bootstrap.sh b/docker/php/bootstrap.sh index 36aed8b9..f7d2c4f4 100755 --- a/docker/php/bootstrap.sh +++ b/docker/php/bootstrap.sh @@ -73,12 +73,6 @@ done # Copy an empty instance configuration if the file is a link (it was linked because it did not exist before). set_cfg 'instance-config.php' -set_cfg 'secrets.php' - -# Initialize an empty writable secrests.php with the default if it doesn't exist. -#touch /var/www/inc/secrets.php -#chown www-data /var/www/inc/secrets.php -#chgrp www-data /var/www/inc/secrets.php # Link the composer dependencies. ln -nfs /code/vendor /var/www/ From 919a6d0d2f5bb17c8958e9fe3edc3d7be84b3279 Mon Sep 17 00:00:00 2001 From: Zankaria Date: Sun, 7 Apr 2024 18:40:35 +0200 Subject: [PATCH 24/28] docker: handle leftypol not shipping with instance-config.php --- docker/php/bootstrap.sh | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/docker/php/bootstrap.sh b/docker/php/bootstrap.sh index f7d2c4f4..e94dcf28 100755 --- a/docker/php/bootstrap.sh +++ b/docker/php/bootstrap.sh @@ -3,10 +3,9 @@ set -eu function set_cfg() { - if [ -L "/var/www/inc/$1" ]; then + if [ ! -f "/var/www/inc/$1" ]; then echo "INFO: Resetting $1" - rm "/var/www/inc/$1" - cp "/code/inc/$1" "/var/www/inc/$1" + touch "/var/www/inc/$1" chown www-data "/var/www/inc/$1" chgrp www-data "/var/www/inc/$1" chmod 600 "/var/www/inc/$1" From 677a1e0210f054f5c6f11d14d2ada1043856b650 Mon Sep 17 00:00:00 2001 From: Zankaria Date: Sun, 7 Apr 2024 19:50:23 +0200 Subject: [PATCH 25/28] docker: downgrade to php 7.2 for leftypol --- docker-compose.yml | 7 ++++--- docker/php/Dockerfile | 6 +++--- 2 files changed, 7 insertions(+), 6 deletions(-) diff --git a/docker-compose.yml b/docker-compose.yml index 8f5e22c8..bdd5fc86 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -7,7 +7,7 @@ services: ports: - "9091:80" depends_on: - - db + - leftypol-db volumes: - ./local-www:/var/www/html - ./docker/nginx/leftypol.conf:/etc/nginx/conf.d/default.conf @@ -29,7 +29,7 @@ services: leftchan_net: ipv4_address: 172.21.0.4 #MySQL Service - db: + leftypol-db: image: mysql:8.0.35 container_name: leftypol-db restart: unless-stopped @@ -38,7 +38,8 @@ services: - "3306:3306" environment: MYSQL_DATABASE: vichan - MYSQL_ROOT_PASSWORD: test-database + MYSQL_ROOT_PASSWORD: password + command: "--default-authentication-plugin=mysql_native_password" networks: leftchan_net: ipv4_address: 172.21.0.2 diff --git a/docker/php/Dockerfile b/docker/php/Dockerfile index 42f61541..48694790 100644 --- a/docker/php/Dockerfile +++ b/docker/php/Dockerfile @@ -1,7 +1,7 @@ # Based on https://github.com/dead-guru/devichan/blob/master/php-fpm/Dockerfile FROM composer AS composer -FROM php:8.1-fpm-alpine +FROM php:7.2-fpm-alpine RUN apk add --no-cache \ zlib \ @@ -32,8 +32,8 @@ RUN apk add --no-cache \ pcre-dev \ $PHPIZE_DEPS \ && docker-php-ext-configure gd \ - --with-webp=/usr/include/webp \ - --with-jpeg=/usr/include \ + --with-webp-dir=/usr/include/webp \ + --with-jpeg-dir=/usr/include \ && docker-php-ext-install -j$(nproc) \ gd \ curl \ From ac3fc9518b9046599042d75a8bcf278c88b696ef Mon Sep 17 00:00:00 2001 From: Zankaria Date: Wed, 10 Apr 2024 14:39:41 +0200 Subject: [PATCH 26/28] docker: remove unused script --- docker/common-setup.sh | 32 -------------------------------- 1 file changed, 32 deletions(-) delete mode 100755 docker/common-setup.sh diff --git a/docker/common-setup.sh b/docker/common-setup.sh deleted file mode 100755 index d275dcd2..00000000 --- a/docker/common-setup.sh +++ /dev/null @@ -1,32 +0,0 @@ -#!/bin/sh - -#set -eu -# -#install -m 544 -o www-data -g www-data -d /var/www -#ln -s \ -# /code/banners/ \ -# /code/static/ \ -# /code/stylesheets/ \ -# /code/tools/ \ -# /code/walls/ \ -# /code/*.php \ -# /code/404.html \ -# /code/LICENSE.* \ -# /code/robots.txt \ -# /code/install.sql \ -# /var/www/ -# -#install -m 540 -o www-data -g www-data -d /var/tmp/leftypol -#install -m 540 -o www-data -g www-data -d /var/tmp/leftypol/cache -#ln -s /var/tmp/leftypol /var/www/tmp -# -#install -m 544 -o www-data -g www-data -d /var/www/js -#ln -s /code/js/* /var/www/js/ -# -#install -m 544 -o www-data -g www-data -d /var/www/templates -#install -m 544 -o www-data -g www-data -d /var/www/templates/cache -#ln -s /code/templates/* /var/www/templates/ -# -#install -m 544 -o www-data -g www-data -d /var/www/inc -#ln -s /code/inc/* /var/www/inc/ -# \ No newline at end of file From 36419ab9a76429bf48bbf9d415e544bf02fa385f Mon Sep 17 00:00:00 2001 From: Zankaria Date: Wed, 10 Apr 2024 16:05:30 +0200 Subject: [PATCH 27/28] docker: remove leftchan references from compose --- docker-compose.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/docker-compose.yml b/docker-compose.yml index bdd5fc86..1d391f58 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -14,7 +14,7 @@ services: - ./docker/nginx/nginx.conf:/etc/nginx/nginx.conf - ./docker/nginx/proxy.conf:/etc/nginx/conf.d/proxy.conf networks: - leftchan_net: + d_leftypol_org: ipv4_address: 172.21.0.3 links: - php @@ -26,7 +26,7 @@ services: - ./local-www:/var/www - ./docker/php/www.conf:/usr/local/etc/php-fpm.d/www.conf networks: - leftchan_net: + d_leftypol_org: ipv4_address: 172.21.0.4 #MySQL Service leftypol-db: @@ -41,12 +41,12 @@ services: MYSQL_ROOT_PASSWORD: password command: "--default-authentication-plugin=mysql_native_password" networks: - leftchan_net: + d_leftypol_org: ipv4_address: 172.21.0.2 #Docker Networks networks: - leftchan_net: + d_leftypol_org: ipam: driver: default config: From 6a0613d4a846629068ed9be0bff385908224a0e2 Mon Sep 17 00:00:00 2001 From: Zankaria Date: Wed, 10 Apr 2024 16:06:56 +0200 Subject: [PATCH 28/28] docker: adjust php-fpm pool log config on compose --- docker/php/www.conf | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/docker/php/www.conf b/docker/php/www.conf index 1c4bfcfb..d9d84760 100644 --- a/docker/php/www.conf +++ b/docker/php/www.conf @@ -1,6 +1,12 @@ [www] +access.log = /proc/self/fd/2 + +; Ensure worker stdout and stderr are sent to the main error log. +catch_workers_output = yes + user = www-data group = www-data + listen = 127.0.0.1:9000 pm = static pm.max_children = 16