initial release

Dockerfile

@@ -0,0 +1,88 @@
+# debian
+FROM debian:stretch-slim
+ENV PHP_VERSION=7.2
+ARG DEBIAN_VERSION=stretch
+MAINTAINER dadittoz <[email protected]>
+ENV DEBIAN_FRONTEND noninteractive
+ADD /etc/apt /etc/apt
+RUN apt-get update && \
+	apt-get upgrade -y && \
+	apt-get install -y --no-install-recommends ca-certificates apt-transport-https lsb-release gnupg dirmngr gettext \
+		exim4-daemon-light inotify-tools supervisor unrar unzip wget zip cron curl locales && \
+	echo -n > /var/lib/apt/extended_states
+RUN useradd -u 500 core
+
+# --------------
+# locale
+RUN sed -i -e 's/# en_US.UTF-8 UTF-8/en_US.UTF-8 UTF-8/' /etc/locale.gen
+RUN sed -i -e 's/# ru_RU.UTF-8 UTF-8/ru_RU.UTF-8 UTF-8/' /etc/locale.gen
+RUN dpkg-reconfigure locales
+
+# --------------
+# nginx
+#RUN rm -rf /etc/nginx/nginx.conf
+RUN apt-key adv --keyserver keyserver.ubuntu.com --recv-keys ABF5BD827BD9BF62 && \
+        echo "deb http://www.nginx.org/packages/debian/ ${DEBIAN_VERSION} nginx" > /etc/apt/sources.list.d/nginx.list && \
+        apt-get install -y nginx && \
+        echo -n > /var/lib/apt/extended_states
+
+# --------------
+# php
+RUN wget -O /etc/apt/trusted.gpg.d/php.gpg https://packages.sury.org/php/apt.gpg
+RUN echo "deb https://packages.sury.org/php/ $(lsb_release -sc) main" | tee /etc/apt/sources.list.d/php.list
+RUN apt-get update
+RUN apt-get install -y php-pear libmcrypt-dev libreadline-dev php${PHP_VERSION}-dev
+RUN apt-get install -y php${PHP_VERSION}-cli php${PHP_VERSION}-curl php${PHP_VERSION}-fpm php${PHP_VERSION}-gd php${PHP_VERSION}-mysql php${PHP_VERSION}-mongo php${PHP_VERSION}-redis php${PHP_VERSION}-xmlrpc php${PHP_VERSION}-apcu php${PHP_VERSION}-opcache php${PHP_VERSION}-mbstring php${PHP_VERSION}-intl php${PHP_VERSION}-imagick php${PHP_VERSION}-xml php${PHP_VERSION}-zip php${PHP_VERSION}-soap
+#php-mcrypt
+RUN pecl channel-update pecl.php.net
+RUN sed -i '639s/.*/$v_att_list = func_get_args();/' /usr/share/php/Archive/Tar.php
+RUN pear install Archive_Tar
+RUN pecl install mcrypt-1.0.1
+RUN echo "extension=mcrypt.so" > /etc/php/${PHP_VERSION}/mods-available/mcrypt.ini
+RUN ln -s /etc/php/${PHP_VERSION}/mods-available/mcrypt.ini /etc/php/${PHP_VERSION}/fpm/conf.d/20-mcrypt.ini
+RUN ln -s /etc/php/${PHP_VERSION}/mods-available/mcrypt.ini /etc/php/${PHP_VERSION}/cli/conf.d/20-mcrypt.ini
+RUN echo "opcache.interned_strings_buffer=8 \n opcache.memory_consumption=128 \n opcache.huge_code_pages=on" >> /etc/php/${PHP_VERSION}/mods-available/opcache.ini
+
+# --------------
+# clean default configs and create dirs
+RUN rm -rf /etc/nginx/addon.d && rm -rf /etc/php/${PHP_VERSION}/fpm/pool.d && \
+        mkdir -p /etc/nginx/addon.d /etc/php/${PHP_VERSION}/fpm/pool.d
+RUN rm -rf /etc/nginx/*.d && \
+        mkdir -p /etc/nginx/addon.d /etc/nginx/conf.d /etc/nginx/host.d /etc/nginx/nginx.d /etc/nginx/global.d
+
+
+# --------------
+# php:config
+RUN mkdir /config /data
+ADD config /config
+ADD etc /etc
+RUN envsubst < /etc/php-fpm/php-fpm.conf | tee /etc/php-fpm/php-fpm.conf
+RUN rm -rf /etc/php/${PHP_VERSION}/fpm/pool.d
+RUN cp -rp /etc/php-fpm/* /etc/php/${PHP_VERSION}/fpm
+RUN rm -rf /etc/php-fpm
+#ADD usr /usr
+
+# --------------
+# nginx:config
+RUN echo "real_ip_header X-Forwarded-For;" | tee -a /etc/nginx/nginx.d/nginx-cloudflare-ips.conf
+RUN curl https://www.cloudflare.com/ips-v4 | awk '{print "set_real_ip_from " $0 ";" }' | tee -a /etc/nginx/nginx.d/nginx-cloudflare-ips.conf
+RUN curl https://www.cloudflare.com/ips-v6 | awk '{print "set_real_ip_from " $0 ";" }' | tee -a /etc/nginx/nginx.d/nginx-cloudflare-ips.conf
+
+# --------------
+# supervisor:config
+RUN envsubst < /etc/supervisor/conf.d/base-services.conf | tee /etc/supervisor/conf.d/base-services.conf
+
+
+# --------------
+# boot script
+RUN chmod +x /config/loop
+CMD /config/loop
+
+# --------------
+# clean up
+RUN apt-get clean
+RUN echo -n > /var/lib/apt/extended_states
+
+# --------------
+# settings
+EXPOSE 80

build.sh

@@ -0,0 +1,3 @@
+#!/bin/bash
+image_name=$(basename $(pwd))
+docker build -t $image_name ./

config/copy-cron-config

@@ -0,0 +1,4 @@
+rm -rf /etc/cron.d/*
+cp /data/config/cron-* /etc/cron.d
+chown root.root /etc/cron.d/*
+chmod 644 /etc/cron.d/*

config/init01

@@ -0,0 +1,2 @@
+#chown -R core:core /data
+bash /config/copy-cron-config

config/init02

@@ -0,0 +1,2 @@
+mkdir -p /data/config
+chown -R www-data:www-data /data/logs

config/init03log-filenames

@@ -0,0 +1,18 @@
+vHostArr=(${VIRTUAL_HOST//,/ })
+vHost=${vHostArr[0]//[.]/-}
+mkdir /config/nginx-container
+echo "access_log /data/logs/${vHost}-nginx.log;" > /config/nginx-container/logs.conf
+echo "error_log /data/logs/${vHost}-nginx.error.log;" >> /config/nginx-container/logs.conf
+
+mkdir /config/php-container
+#echo "error_log = /data/logs/${vHost}-php-fpm.log;" > /config/php-container/global-logs.conf
+echo "[$vHost]
+user = www-data
+group = www-data
+listen = /run/php-fpm.sock
+listen.owner = www-data
+listen.group = www-data
+listen.mode = 0660
+
+php_admin_value[error_log] = /data/logs/${vHost}-php.error.log
+" > /config/php-container/pool-name-and-logs.conf

config/loop

@@ -0,0 +1,5 @@
+#!/bin/bash
+for init in /config/init*; do
+	bash "$init"
+done
+supervisord -n

etc/apt/sources.list

@@ -0,0 +1,3 @@
+deb http://http.debian.net/debian/ stretch main contrib non-free
+deb http://http.debian.net/debian/ stretch-updates main contrib non-free
+deb http://security.debian.org/ stretch/updates main contrib non-free

etc/nginx/host.d/addon.d/default-php.conf

@@ -0,0 +1,17 @@
+client_max_body_size 0;
+index index.html index.php;
+location ~ \.php$ {
+    fastcgi_split_path_info ^(.+?\.php)(/.*)$;
+    if (!-f $document_root$fastcgi_script_name) {
+        return 404;
+    }
+    fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
+    fastcgi_param PATH_INFO       $fastcgi_path_info;
+
+	fastcgi_pass unix:/run/php-fpm.sock;
+	fastcgi_index index.php;
+	#fastcgi_split_path_info ^(.+\.php)(.*)$;
+	include fastcgi_params;
+	try_files $uri =404;
+    include /data/config/fastcgi-*.conf;
+}

etc/nginx/host.d/conf.d/01deny.conf

@@ -0,0 +1,3 @@
+location ~ /\. {
+	deny all;
+}

etc/nginx/host.d/conf.d/02cache.conf

@@ -0,0 +1,3 @@
+location ~* \.(css|gif|ico|jpeg|jpg|js|png|svg)$ {
+	expires 30d;
+}

etc/nginx/host.d/default.conf

@@ -0,0 +1,9 @@
+server {
+	listen [::]:80 default_server ipv6only=on;
+        listen 80 default_server;
+	root /data/site/http;
+	include /data/config/nginx-*.conf;
+	include /etc/nginx/host.d/addon.d/*.conf;
+	include /etc/nginx/host.d/conf.d/*.conf;
+        include /config/nginx-container/*.conf;
+}

etc/nginx/nginx.conf

@@ -0,0 +1,19 @@
+daemon off;
+pid /var/run/nginx.pid;
+user www-data;
+worker_processes 1;
+
+events {
+	multi_accept on;
+	#pcre_jit on;
+	use epoll;
+	worker_connections 1024;
+}
+
+http {
+        include /data/config/nginxsub-*.conf;
+	include /etc/nginx/nginx.d/*.conf;
+	include /etc/nginx/host.d/*.conf;
+	include /etc/nginx/global.d/*.conf;
+        include /config/nginx-container/*.conf;
+}

etc/nginx/nginx.d/01mime.conf

@@ -0,0 +1,2 @@
+include /etc/nginx/mime.types;
+default_type application/octet-stream;

etc/nginx/nginx.d/02logs.conf

@@ -0,0 +1,2 @@
+access_log off;
+error_log /dev/null;

etc/nginx/nginx.d/03performance.conf

@@ -0,0 +1,4 @@
+sendfile on;
+server_names_hash_bucket_size 128;
+tcp_nodelay on;
+tcp_nopush on;

etc/nginx/nginx.d/04gzip.conf

@@ -0,0 +1,4 @@
+gzip on;
+gzip_comp_level 1;
+gzip_min_length 256;
+gzip_types application/javascript text/css text/plain text/xml;

etc/nginx/nginx.d/nginx-k8s-ips.conf

@@ -0,0 +1,3 @@
+set_real_ip_from 10.0.0.0/8;
+set_real_ip_from 127.0.0.0/8;
+real_ip_recursive on;

etc/php-fpm/php-fpm.conf

@@ -0,0 +1,6 @@
+[global]
+daemonize = no
+error_log = /data/logs/php7-fpm.log
+pid = /var/run/php7-fpm.pid
+include = /config/php-container/global-*.conf
+include = /etc/php/${PHP_VERSION}/fpm/pool.d/*.conf

etc/php-fpm/pool.d/default.conf

@@ -0,0 +1,30 @@
+include = /config/php-container/pool-*.conf
+
+user = www-data
+group = www-data
+listen = /run/php-fpm.sock
+listen.owner = www-data
+listen.group = www-data
+listen.mode = 0660
+
+pm = ondemand
+pm.process_idle_timeout = 120s
+
+pm.max_children = 8
+php_value[max_execution_time] = 120
+php_value[post_max_size] = 256M
+php_value[upload_max_filesize] = 256M
+
+php_value[apc.shm_size] = 128M
+php_value[opcache.memory_consumption] = 128M
+php_value[opcache.interned_strings_buffer] = 128M
+
+php_flag[log_errors] = on
+php_flag[ignore_repeated_source] = on
+php_flag[ignore_repeated_errors] = on
+php_value[display_errors] = 0
+
+; http://www.bx.com.au/tools/ultimate-php-error-reporting-wizard
+php_value[error_reporting] = E_ALL & ~E_WARNING & ~E_NOTICE & ~E_USER_WARNING & ~E_USER_NOTICE & ~E_STRICT & ~E_DEPRECATED
+
+include = /data/config/php-*.conf

etc/supervisor/conf.d/base-services.conf

@@ -0,0 +1,23 @@
+[program:php7-fpm]
+command=php-fpm${PHP_VERSION} --force-stderr --fpm-config /etc/php/${PHP_VERSION}/fpm/php-fpm.conf
+stdout_logfile=/dev/stdout
+stdout_logfile_maxbytes=0
+stderr_logfile=/dev/stderr
+stderr_logfile_maxbytes=0
+
+[program:nginx]
+command=nginx
+stdout_logfile=/dev/stdout
+stdout_logfile_maxbytes=0
+stderr_logfile=/dev/stderr
+stderr_logfile_maxbytes=0
+
+[program:cron]
+command=cron -f
+stdout_logfile=/dev/stdout
+stdout_logfile_maxbytes=0
+stderr_logfile=/dev/stderr
+stderr_logfile_maxbytes=0
+
+[program:configs]
+command=bash -c "while inotifywait -e create,delete,modify,move -q /data/config/; do supervisorctl reread; supervisorctl update; bash /config/copy-cron-config; supervisorctl restart all; done"

etc/supervisor/supervisord.conf

@@ -0,0 +1,28 @@
+; supervisor config file
+
+[unix_http_server]
+file=/var/run//supervisor.sock   ; (the path to the socket file)
+chmod=0700                       ; sockef file mode (default 0700)
+
+[supervisord]
+logfile=/var/log/supervisor/supervisord.log ; (main log file;default $CWD/supervisord.log)
+pidfile=/var/run/supervisord.pid ; (supervisord pidfile;default supervisord.pid)
+childlogdir=/var/log/supervisor            ; ('AUTO' child log dir, default $TEMP)
+
+; the below section must remain in the config file for RPC
+; (supervisorctl/web interface) to work, additional interfaces may be
+; added by defining them in separate rpcinterface: sections
+[rpcinterface:supervisor]
+supervisor.rpcinterface_factory = supervisor.rpcinterface:make_main_rpcinterface
+
+[supervisorctl]
+serverurl=unix:///var/run//supervisor.sock ; use a unix:// URL  for a unix socket
+
+; The [include] section can just contain the "files" setting.  This
+; setting can list multiple files (separated by whitespace or
+; newlines).  It can also contain wildcards.  The filenames are
+; interpreted as relative to this file.  Included files *cannot*
+; include files themselves.
+
+[include]
+files = /etc/supervisor/conf.d/*.conf /data/config/supervisor-*.conf