From 530aa67d34ef2901eea679dfd5179a5f870e1439 Mon Sep 17 00:00:00 2001 From: dadittoz Date: Sun, 7 Oct 2018 16:59:29 +0300 Subject: [PATCH] initial release --- Dockerfile | 88 +++++++++++++++++++++++ build.sh | 3 + config/copy-cron-config | 4 ++ config/init01 | 2 + config/init02 | 2 + config/init03log-filenames | 18 +++++ config/loop | 5 ++ config/nginx-container/.keep | 0 config/php-container/.keep | 0 etc/apt/sources.list | 3 + etc/nginx/host.d/addon.d/default-php.conf | 17 +++++ etc/nginx/host.d/conf.d/01deny.conf | 3 + etc/nginx/host.d/conf.d/02cache.conf | 3 + etc/nginx/host.d/default.conf | 9 +++ etc/nginx/nginx.conf | 19 +++++ etc/nginx/nginx.d/01mime.conf | 2 + etc/nginx/nginx.d/02logs.conf | 2 + etc/nginx/nginx.d/03performance.conf | 4 ++ etc/nginx/nginx.d/04gzip.conf | 4 ++ etc/nginx/nginx.d/nginx-k8s-ips.conf | 3 + etc/php-fpm/php-fpm.conf | 6 ++ etc/php-fpm/pool.d/default.conf | 30 ++++++++ etc/supervisor/conf.d/base-services.conf | 23 ++++++ etc/supervisor/supervisord.conf | 28 ++++++++ 24 files changed, 278 insertions(+) create mode 100644 Dockerfile create mode 100755 build.sh create mode 100644 config/copy-cron-config create mode 100644 config/init01 create mode 100644 config/init02 create mode 100644 config/init03log-filenames create mode 100644 config/loop create mode 100644 config/nginx-container/.keep create mode 100644 config/php-container/.keep create mode 100644 etc/apt/sources.list create mode 100644 etc/nginx/host.d/addon.d/default-php.conf create mode 100644 etc/nginx/host.d/conf.d/01deny.conf create mode 100644 etc/nginx/host.d/conf.d/02cache.conf create mode 100644 etc/nginx/host.d/default.conf create mode 100644 etc/nginx/nginx.conf create mode 100644 etc/nginx/nginx.d/01mime.conf create mode 100644 etc/nginx/nginx.d/02logs.conf create mode 100644 etc/nginx/nginx.d/03performance.conf create mode 100644 etc/nginx/nginx.d/04gzip.conf create mode 100644 etc/nginx/nginx.d/nginx-k8s-ips.conf create mode 100644 etc/php-fpm/php-fpm.conf create mode 100644 etc/php-fpm/pool.d/default.conf create mode 100644 etc/supervisor/conf.d/base-services.conf create mode 100644 etc/supervisor/supervisord.conf diff --git a/Dockerfile b/Dockerfile new file mode 100644 index 0000000..4cec6f9 --- /dev/null +++ b/Dockerfile @@ -0,0 +1,88 @@ +# debian +FROM debian:stretch-slim +ENV PHP_VERSION=7.2 +ARG DEBIAN_VERSION=stretch +MAINTAINER dadittoz +ENV DEBIAN_FRONTEND noninteractive +ADD /etc/apt /etc/apt +RUN apt-get update && \ + apt-get upgrade -y && \ + apt-get install -y --no-install-recommends ca-certificates apt-transport-https lsb-release gnupg dirmngr gettext \ + exim4-daemon-light inotify-tools supervisor unrar unzip wget zip cron curl locales && \ + echo -n > /var/lib/apt/extended_states +RUN useradd -u 500 core + +# -------------- +# locale +RUN sed -i -e 's/# en_US.UTF-8 UTF-8/en_US.UTF-8 UTF-8/' /etc/locale.gen +RUN sed -i -e 's/# ru_RU.UTF-8 UTF-8/ru_RU.UTF-8 UTF-8/' /etc/locale.gen +RUN dpkg-reconfigure locales + +# -------------- +# nginx +#RUN rm -rf /etc/nginx/nginx.conf +RUN apt-key adv --keyserver keyserver.ubuntu.com --recv-keys ABF5BD827BD9BF62 && \ + echo "deb http://www.nginx.org/packages/debian/ ${DEBIAN_VERSION} nginx" > /etc/apt/sources.list.d/nginx.list && \ + apt-get install -y nginx && \ + echo -n > /var/lib/apt/extended_states + +# -------------- +# php +RUN wget -O /etc/apt/trusted.gpg.d/php.gpg https://packages.sury.org/php/apt.gpg +RUN echo "deb https://packages.sury.org/php/ $(lsb_release -sc) main" | tee /etc/apt/sources.list.d/php.list +RUN apt-get update +RUN apt-get install -y php-pear libmcrypt-dev libreadline-dev php${PHP_VERSION}-dev +RUN apt-get install -y php${PHP_VERSION}-cli php${PHP_VERSION}-curl php${PHP_VERSION}-fpm php${PHP_VERSION}-gd php${PHP_VERSION}-mysql php${PHP_VERSION}-mongo php${PHP_VERSION}-redis php${PHP_VERSION}-xmlrpc php${PHP_VERSION}-apcu php${PHP_VERSION}-opcache php${PHP_VERSION}-mbstring php${PHP_VERSION}-intl php${PHP_VERSION}-imagick php${PHP_VERSION}-xml php${PHP_VERSION}-zip php${PHP_VERSION}-soap +#php-mcrypt +RUN pecl channel-update pecl.php.net +RUN sed -i '639s/.*/$v_att_list = func_get_args();/' /usr/share/php/Archive/Tar.php +RUN pear install Archive_Tar +RUN pecl install mcrypt-1.0.1 +RUN echo "extension=mcrypt.so" > /etc/php/${PHP_VERSION}/mods-available/mcrypt.ini +RUN ln -s /etc/php/${PHP_VERSION}/mods-available/mcrypt.ini /etc/php/${PHP_VERSION}/fpm/conf.d/20-mcrypt.ini +RUN ln -s /etc/php/${PHP_VERSION}/mods-available/mcrypt.ini /etc/php/${PHP_VERSION}/cli/conf.d/20-mcrypt.ini +RUN echo "opcache.interned_strings_buffer=8 \n opcache.memory_consumption=128 \n opcache.huge_code_pages=on" >> /etc/php/${PHP_VERSION}/mods-available/opcache.ini + +# -------------- +# clean default configs and create dirs +RUN rm -rf /etc/nginx/addon.d && rm -rf /etc/php/${PHP_VERSION}/fpm/pool.d && \ + mkdir -p /etc/nginx/addon.d /etc/php/${PHP_VERSION}/fpm/pool.d +RUN rm -rf /etc/nginx/*.d && \ + mkdir -p /etc/nginx/addon.d /etc/nginx/conf.d /etc/nginx/host.d /etc/nginx/nginx.d /etc/nginx/global.d + + +# -------------- +# php:config +RUN mkdir /config /data +ADD config /config +ADD etc /etc +RUN envsubst < /etc/php-fpm/php-fpm.conf | tee /etc/php-fpm/php-fpm.conf +RUN rm -rf /etc/php/${PHP_VERSION}/fpm/pool.d +RUN cp -rp /etc/php-fpm/* /etc/php/${PHP_VERSION}/fpm +RUN rm -rf /etc/php-fpm +#ADD usr /usr + +# -------------- +# nginx:config +RUN echo "real_ip_header X-Forwarded-For;" | tee -a /etc/nginx/nginx.d/nginx-cloudflare-ips.conf +RUN curl https://www.cloudflare.com/ips-v4 | awk '{print "set_real_ip_from " $0 ";" }' | tee -a /etc/nginx/nginx.d/nginx-cloudflare-ips.conf +RUN curl https://www.cloudflare.com/ips-v6 | awk '{print "set_real_ip_from " $0 ";" }' | tee -a /etc/nginx/nginx.d/nginx-cloudflare-ips.conf + +# -------------- +# supervisor:config +RUN envsubst < /etc/supervisor/conf.d/base-services.conf | tee /etc/supervisor/conf.d/base-services.conf + + +# -------------- +# boot script +RUN chmod +x /config/loop +CMD /config/loop + +# -------------- +# clean up +RUN apt-get clean +RUN echo -n > /var/lib/apt/extended_states + +# -------------- +# settings +EXPOSE 80 diff --git a/build.sh b/build.sh new file mode 100755 index 0000000..04c4c2d --- /dev/null +++ b/build.sh @@ -0,0 +1,3 @@ +#!/bin/bash +image_name=$(basename $(pwd)) +docker build -t $image_name ./ diff --git a/config/copy-cron-config b/config/copy-cron-config new file mode 100644 index 0000000..7b962ca --- /dev/null +++ b/config/copy-cron-config @@ -0,0 +1,4 @@ +rm -rf /etc/cron.d/* +cp /data/config/cron-* /etc/cron.d +chown root.root /etc/cron.d/* +chmod 644 /etc/cron.d/* diff --git a/config/init01 b/config/init01 new file mode 100644 index 0000000..51925ac --- /dev/null +++ b/config/init01 @@ -0,0 +1,2 @@ +#chown -R core:core /data +bash /config/copy-cron-config diff --git a/config/init02 b/config/init02 new file mode 100644 index 0000000..664d553 --- /dev/null +++ b/config/init02 @@ -0,0 +1,2 @@ +mkdir -p /data/config +chown -R www-data:www-data /data/logs diff --git a/config/init03log-filenames b/config/init03log-filenames new file mode 100644 index 0000000..1adab8a --- /dev/null +++ b/config/init03log-filenames @@ -0,0 +1,18 @@ +vHostArr=(${VIRTUAL_HOST//,/ }) +vHost=${vHostArr[0]//[.]/-} +mkdir /config/nginx-container +echo "access_log /data/logs/${vHost}-nginx.log;" > /config/nginx-container/logs.conf +echo "error_log /data/logs/${vHost}-nginx.error.log;" >> /config/nginx-container/logs.conf + +mkdir /config/php-container +#echo "error_log = /data/logs/${vHost}-php-fpm.log;" > /config/php-container/global-logs.conf +echo "[$vHost] +user = www-data +group = www-data +listen = /run/php-fpm.sock +listen.owner = www-data +listen.group = www-data +listen.mode = 0660 + +php_admin_value[error_log] = /data/logs/${vHost}-php.error.log +" > /config/php-container/pool-name-and-logs.conf diff --git a/config/loop b/config/loop new file mode 100644 index 0000000..384ef62 --- /dev/null +++ b/config/loop @@ -0,0 +1,5 @@ +#!/bin/bash +for init in /config/init*; do + bash "$init" +done +supervisord -n diff --git a/config/nginx-container/.keep b/config/nginx-container/.keep new file mode 100644 index 0000000..e69de29 diff --git a/config/php-container/.keep b/config/php-container/.keep new file mode 100644 index 0000000..e69de29 diff --git a/etc/apt/sources.list b/etc/apt/sources.list new file mode 100644 index 0000000..0e1e48a --- /dev/null +++ b/etc/apt/sources.list @@ -0,0 +1,3 @@ +deb http://http.debian.net/debian/ stretch main contrib non-free +deb http://http.debian.net/debian/ stretch-updates main contrib non-free +deb http://security.debian.org/ stretch/updates main contrib non-free diff --git a/etc/nginx/host.d/addon.d/default-php.conf b/etc/nginx/host.d/addon.d/default-php.conf new file mode 100644 index 0000000..53998aa --- /dev/null +++ b/etc/nginx/host.d/addon.d/default-php.conf @@ -0,0 +1,17 @@ +client_max_body_size 0; +index index.html index.php; +location ~ \.php$ { + fastcgi_split_path_info ^(.+?\.php)(/.*)$; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_param PATH_INFO $fastcgi_path_info; + + fastcgi_pass unix:/run/php-fpm.sock; + fastcgi_index index.php; + #fastcgi_split_path_info ^(.+\.php)(.*)$; + include fastcgi_params; + try_files $uri =404; + include /data/config/fastcgi-*.conf; +} diff --git a/etc/nginx/host.d/conf.d/01deny.conf b/etc/nginx/host.d/conf.d/01deny.conf new file mode 100644 index 0000000..ef03c8e --- /dev/null +++ b/etc/nginx/host.d/conf.d/01deny.conf @@ -0,0 +1,3 @@ +location ~ /\. { + deny all; +} diff --git a/etc/nginx/host.d/conf.d/02cache.conf b/etc/nginx/host.d/conf.d/02cache.conf new file mode 100644 index 0000000..d563f0e --- /dev/null +++ b/etc/nginx/host.d/conf.d/02cache.conf @@ -0,0 +1,3 @@ +location ~* \.(css|gif|ico|jpeg|jpg|js|png|svg)$ { + expires 30d; +} diff --git a/etc/nginx/host.d/default.conf b/etc/nginx/host.d/default.conf new file mode 100644 index 0000000..5c46efa --- /dev/null +++ b/etc/nginx/host.d/default.conf @@ -0,0 +1,9 @@ +server { + listen [::]:80 default_server ipv6only=on; + listen 80 default_server; + root /data/site/http; + include /data/config/nginx-*.conf; + include /etc/nginx/host.d/addon.d/*.conf; + include /etc/nginx/host.d/conf.d/*.conf; + include /config/nginx-container/*.conf; +} diff --git a/etc/nginx/nginx.conf b/etc/nginx/nginx.conf new file mode 100644 index 0000000..4d081c4 --- /dev/null +++ b/etc/nginx/nginx.conf @@ -0,0 +1,19 @@ +daemon off; +pid /var/run/nginx.pid; +user www-data; +worker_processes 1; + +events { + multi_accept on; + #pcre_jit on; + use epoll; + worker_connections 1024; +} + +http { + include /data/config/nginxsub-*.conf; + include /etc/nginx/nginx.d/*.conf; + include /etc/nginx/host.d/*.conf; + include /etc/nginx/global.d/*.conf; + include /config/nginx-container/*.conf; +} diff --git a/etc/nginx/nginx.d/01mime.conf b/etc/nginx/nginx.d/01mime.conf new file mode 100644 index 0000000..d1851c6 --- /dev/null +++ b/etc/nginx/nginx.d/01mime.conf @@ -0,0 +1,2 @@ +include /etc/nginx/mime.types; +default_type application/octet-stream; diff --git a/etc/nginx/nginx.d/02logs.conf b/etc/nginx/nginx.d/02logs.conf new file mode 100644 index 0000000..09295a7 --- /dev/null +++ b/etc/nginx/nginx.d/02logs.conf @@ -0,0 +1,2 @@ +access_log off; +error_log /dev/null; diff --git a/etc/nginx/nginx.d/03performance.conf b/etc/nginx/nginx.d/03performance.conf new file mode 100644 index 0000000..362210b --- /dev/null +++ b/etc/nginx/nginx.d/03performance.conf @@ -0,0 +1,4 @@ +sendfile on; +server_names_hash_bucket_size 128; +tcp_nodelay on; +tcp_nopush on; diff --git a/etc/nginx/nginx.d/04gzip.conf b/etc/nginx/nginx.d/04gzip.conf new file mode 100644 index 0000000..80710ef --- /dev/null +++ b/etc/nginx/nginx.d/04gzip.conf @@ -0,0 +1,4 @@ +gzip on; +gzip_comp_level 1; +gzip_min_length 256; +gzip_types application/javascript text/css text/plain text/xml; diff --git a/etc/nginx/nginx.d/nginx-k8s-ips.conf b/etc/nginx/nginx.d/nginx-k8s-ips.conf new file mode 100644 index 0000000..c75a62f --- /dev/null +++ b/etc/nginx/nginx.d/nginx-k8s-ips.conf @@ -0,0 +1,3 @@ +set_real_ip_from 10.0.0.0/8; +set_real_ip_from 127.0.0.0/8; +real_ip_recursive on; diff --git a/etc/php-fpm/php-fpm.conf b/etc/php-fpm/php-fpm.conf new file mode 100644 index 0000000..43f2243 --- /dev/null +++ b/etc/php-fpm/php-fpm.conf @@ -0,0 +1,6 @@ +[global] +daemonize = no +error_log = /data/logs/php7-fpm.log +pid = /var/run/php7-fpm.pid +include = /config/php-container/global-*.conf +include = /etc/php/${PHP_VERSION}/fpm/pool.d/*.conf diff --git a/etc/php-fpm/pool.d/default.conf b/etc/php-fpm/pool.d/default.conf new file mode 100644 index 0000000..ddda779 --- /dev/null +++ b/etc/php-fpm/pool.d/default.conf @@ -0,0 +1,30 @@ +include = /config/php-container/pool-*.conf + +user = www-data +group = www-data +listen = /run/php-fpm.sock +listen.owner = www-data +listen.group = www-data +listen.mode = 0660 + +pm = ondemand +pm.process_idle_timeout = 120s + +pm.max_children = 8 +php_value[max_execution_time] = 120 +php_value[post_max_size] = 256M +php_value[upload_max_filesize] = 256M + +php_value[apc.shm_size] = 128M +php_value[opcache.memory_consumption] = 128M +php_value[opcache.interned_strings_buffer] = 128M + +php_flag[log_errors] = on +php_flag[ignore_repeated_source] = on +php_flag[ignore_repeated_errors] = on +php_value[display_errors] = 0 + +; http://www.bx.com.au/tools/ultimate-php-error-reporting-wizard +php_value[error_reporting] = E_ALL & ~E_WARNING & ~E_NOTICE & ~E_USER_WARNING & ~E_USER_NOTICE & ~E_STRICT & ~E_DEPRECATED + +include = /data/config/php-*.conf diff --git a/etc/supervisor/conf.d/base-services.conf b/etc/supervisor/conf.d/base-services.conf new file mode 100644 index 0000000..9575434 --- /dev/null +++ b/etc/supervisor/conf.d/base-services.conf @@ -0,0 +1,23 @@ +[program:php7-fpm] +command=php-fpm${PHP_VERSION} --force-stderr --fpm-config /etc/php/${PHP_VERSION}/fpm/php-fpm.conf +stdout_logfile=/dev/stdout +stdout_logfile_maxbytes=0 +stderr_logfile=/dev/stderr +stderr_logfile_maxbytes=0 + +[program:nginx] +command=nginx +stdout_logfile=/dev/stdout +stdout_logfile_maxbytes=0 +stderr_logfile=/dev/stderr +stderr_logfile_maxbytes=0 + +[program:cron] +command=cron -f +stdout_logfile=/dev/stdout +stdout_logfile_maxbytes=0 +stderr_logfile=/dev/stderr +stderr_logfile_maxbytes=0 + +[program:configs] +command=bash -c "while inotifywait -e create,delete,modify,move -q /data/config/; do supervisorctl reread; supervisorctl update; bash /config/copy-cron-config; supervisorctl restart all; done" diff --git a/etc/supervisor/supervisord.conf b/etc/supervisor/supervisord.conf new file mode 100644 index 0000000..3037b2e --- /dev/null +++ b/etc/supervisor/supervisord.conf @@ -0,0 +1,28 @@ +; supervisor config file + +[unix_http_server] +file=/var/run//supervisor.sock ; (the path to the socket file) +chmod=0700 ; sockef file mode (default 0700) + +[supervisord] +logfile=/var/log/supervisor/supervisord.log ; (main log file;default $CWD/supervisord.log) +pidfile=/var/run/supervisord.pid ; (supervisord pidfile;default supervisord.pid) +childlogdir=/var/log/supervisor ; ('AUTO' child log dir, default $TEMP) + +; the below section must remain in the config file for RPC +; (supervisorctl/web interface) to work, additional interfaces may be +; added by defining them in separate rpcinterface: sections +[rpcinterface:supervisor] +supervisor.rpcinterface_factory = supervisor.rpcinterface:make_main_rpcinterface + +[supervisorctl] +serverurl=unix:///var/run//supervisor.sock ; use a unix:// URL for a unix socket + +; The [include] section can just contain the "files" setting. This +; setting can list multiple files (separated by whitespace or +; newlines). It can also contain wildcards. The filenames are +; interpreted as relative to this file. Included files *cannot* +; include files themselves. + +[include] +files = /etc/supervisor/conf.d/*.conf /data/config/supervisor-*.conf