mirror of
https://notabug.org/halcyon-suite/halcyon
synced 2024-12-23 00:10:37 +01:00
Docker updates - Update to be pure php-fpm - Remove nginx from container - Update halcyon path to match standard docs (/opt/halcyon) - Updated halcyon path allows this container to work as-is with the provided web server configs
This commit is contained in:
parent
12edd8677a
commit
7ea6f98149
@ -26,28 +26,17 @@ RUN apt-get install -y --no-install-recommends \
|
|||||||
&& apt-get autoremove -y --purge
|
&& apt-get autoremove -y --purge
|
||||||
|
|
||||||
# Halcyon
|
# Halcyon
|
||||||
|
WORKDIR /opt/halcyon
|
||||||
RUN apt-get install -y --no-install-recommends git \
|
RUN apt-get install -y --no-install-recommends git \
|
||||||
&& git clone https://notabug.org/halcyon-suite/halcyon.git /var/www/html/ \
|
&& git clone https://notabug.org/halcyon-suite/halcyon.git /opt/halcyon/ \
|
||||||
&& git checkout `git describe --tags` \
|
&& git checkout `git describe --tags` \
|
||||||
&& cp -r /var/www/html/config /var/www/html/config.example \
|
&& cp -r /opt/halcyon/config /opt/halcyon/config.example \
|
||||||
&& chown -R www-data: /var/www
|
&& chown -R www-data: /opt/halcyon
|
||||||
|
|
||||||
# PHP-fpm + nginx
|
# PHP-fpm
|
||||||
RUN apt-get install -y --no-install-recommends nginx \
|
RUN \
|
||||||
# Remove (some of the) default nginx config
|
|
||||||
&& rm -f /etc/nginx.conf \
|
|
||||||
&& rm -f /etc/nginx/conf.d/default.conf \
|
|
||||||
&& rm -rf /etc/nginx/sites-* \
|
|
||||||
&& rm -rf /var/log/nginx \
|
|
||||||
# Ensure nginx logs, even if the config has errors, are written to stderr
|
|
||||||
&& mkdir -p /var/log/nginx \
|
|
||||||
&& chown www-data: /var/log/nginx \
|
|
||||||
&& ln -s /dev/stderr /var/log/nginx/error.log \
|
|
||||||
# Create folder where the user hook into our default configs
|
|
||||||
&& mkdir -p /etc/nginx/server.d/ \
|
|
||||||
&& mkdir -p /etc/nginx/location.d/ \
|
|
||||||
# Bring php-fpm configs into a more controallable state
|
# Bring php-fpm configs into a more controallable state
|
||||||
&& rm /usr/local/etc/php-fpm.d/www.conf.default \
|
rm /usr/local/etc/php-fpm.d/www.conf.default \
|
||||||
&& mv /usr/local/etc/php-fpm.d/docker.conf /usr/local/etc/php-fpm.d/00-docker.conf \
|
&& mv /usr/local/etc/php-fpm.d/docker.conf /usr/local/etc/php-fpm.d/00-docker.conf \
|
||||||
&& mv /usr/local/etc/php-fpm.d/www.conf /usr/local/etc/php-fpm.d/10-www.conf \
|
&& mv /usr/local/etc/php-fpm.d/www.conf /usr/local/etc/php-fpm.d/10-www.conf \
|
||||||
&& mv /usr/local/etc/php-fpm.d/zz-docker.conf /usr/local/etc/php-fpm.d/20-docker.conf
|
&& mv /usr/local/etc/php-fpm.d/zz-docker.conf /usr/local/etc/php-fpm.d/20-docker.conf
|
||||||
@ -56,7 +45,7 @@ RUN apt-get install -y --no-install-recommends nginx \
|
|||||||
ADD etc/ /etc/
|
ADD etc/ /etc/
|
||||||
ADD usr/ /usr/
|
ADD usr/ /usr/
|
||||||
|
|
||||||
EXPOSE 80
|
EXPOSE 9000
|
||||||
|
|
||||||
ENTRYPOINT ["/usr/bin/supervisord","-c","/etc/supervisord.conf"]
|
ENTRYPOINT ["/usr/bin/supervisord","-c","/etc/supervisord.conf"]
|
||||||
|
|
||||||
|
@ -1,5 +0,0 @@
|
|||||||
# Log access to this file
|
|
||||||
# This is only used when you don't override it on a server{} level
|
|
||||||
access_log /dev/stdout main;
|
|
||||||
|
|
||||||
# Note: Feel free to overwrite this file if you want a custom logging format!
|
|
@ -1,19 +0,0 @@
|
|||||||
# This tells Nginx to cache open file handles, "not found" errors, metadata about files and their permissions, etc.
|
|
||||||
#
|
|
||||||
# The upside of this is that Nginx can immediately begin sending data when a popular file is requested,
|
|
||||||
# and will also know to immediately send a 404 if a file is missing on disk, and so on.
|
|
||||||
#
|
|
||||||
# However, it also means that the server won't react immediately to changes on disk, which may be undesirable.
|
|
||||||
#
|
|
||||||
# In the below configuration, inactive files are released from the cache after 20 seconds, whereas
|
|
||||||
# active (recently requested) files are re-validated every 30 seconds.
|
|
||||||
#
|
|
||||||
# Descriptors will not be cached unless they are used at least 2 times within 20 seconds (the inactive time).
|
|
||||||
#
|
|
||||||
# A maximum of the 1000 most recently used file descriptors can be cached at any time.
|
|
||||||
#
|
|
||||||
# Production servers with stable file collections will definitely want to enable the cache.
|
|
||||||
open_file_cache max=1000 inactive=20s;
|
|
||||||
open_file_cache_valid 30s;
|
|
||||||
open_file_cache_min_uses 2;
|
|
||||||
open_file_cache_errors on;
|
|
@ -1,56 +0,0 @@
|
|||||||
# Enable gzip compression.
|
|
||||||
gzip on;
|
|
||||||
|
|
||||||
# Compression level (1-9).
|
|
||||||
# 5 is a perfect compromise between size and CPU usage, offering about
|
|
||||||
# 75% reduction for most ASCII files (almost identical to level 9).
|
|
||||||
gzip_comp_level 5;
|
|
||||||
|
|
||||||
# Don't compress anything that's already small and unlikely to shrink much
|
|
||||||
# if at all (the default is 20 bytes, which is bad as that usually leads to
|
|
||||||
# larger files after gzipping).
|
|
||||||
gzip_min_length 256;
|
|
||||||
|
|
||||||
# Compress data even for clients that are connecting to us via proxies,
|
|
||||||
# identified by the "Via" header (required for CloudFront).
|
|
||||||
gzip_proxied any;
|
|
||||||
|
|
||||||
# Tell proxies to cache both the gzipped and regular version of a resource
|
|
||||||
# whenever the client's Accept-Encoding capabilities header varies;
|
|
||||||
# Avoids the issue where a non-gzip capable client (which is extremely rare
|
|
||||||
# today) would display gibberish if their proxy gave them the gzipped version.
|
|
||||||
gzip_vary on;
|
|
||||||
|
|
||||||
# Compress all output labeled with one of the following MIME-types.
|
|
||||||
gzip_types
|
|
||||||
application/atom+xml
|
|
||||||
application/javascript
|
|
||||||
application/json
|
|
||||||
application/ld+json
|
|
||||||
application/manifest+json
|
|
||||||
application/rss+xml
|
|
||||||
application/vnd.geo+json
|
|
||||||
application/vnd.ms-fontobject
|
|
||||||
application/x-font-ttf
|
|
||||||
application/x-web-app-manifest+json
|
|
||||||
application/xhtml+xml
|
|
||||||
application/xml
|
|
||||||
font/opentype
|
|
||||||
image/bmp
|
|
||||||
image/svg+xml
|
|
||||||
image/x-icon
|
|
||||||
text/cache-manifest
|
|
||||||
text/css
|
|
||||||
text/plain
|
|
||||||
text/vcard
|
|
||||||
text/vnd.rim.location.xloc
|
|
||||||
text/vtt
|
|
||||||
text/x-component
|
|
||||||
text/x-cross-domain-policy;
|
|
||||||
# text/html is always compressed by gzip module
|
|
||||||
|
|
||||||
# This should be turned on if you are going to have pre-compressed copies (.gz) of
|
|
||||||
# static files available. If not it should be left off as it will cause extra I/O
|
|
||||||
# for the check. It is best if you enable this in a location{} block for
|
|
||||||
# a specific directory, or on an individual server{} level.
|
|
||||||
# gzip_static on;
|
|
@ -1,75 +0,0 @@
|
|||||||
# Run as a unique, less privileged user for security reasons.
|
|
||||||
user www-data www-data;
|
|
||||||
|
|
||||||
# Sets the worker threads to the number of CPU cores available in the system for best performance.
|
|
||||||
# Should be > the number of CPU cores.
|
|
||||||
# Maximum number of connections = worker_processes * worker_connections
|
|
||||||
worker_processes auto;
|
|
||||||
|
|
||||||
# Maximum number of open files per worker process.
|
|
||||||
# Should be > worker_connections.
|
|
||||||
worker_rlimit_nofile 8192;
|
|
||||||
|
|
||||||
events {
|
|
||||||
# If you need more connections than this, you start optimizing your OS.
|
|
||||||
# That's probably the point at which you hire people who are smarter than you as this is *a lot* of requests.
|
|
||||||
# Should be < worker_rlimit_nofile.
|
|
||||||
worker_connections 8000;
|
|
||||||
}
|
|
||||||
|
|
||||||
# Log errors and warnings to this file
|
|
||||||
# This is only used when you don't override it on a server{} level
|
|
||||||
error_log /dev/stderr warn;
|
|
||||||
|
|
||||||
# The file storing the process ID of the main process
|
|
||||||
pid /var/run/nginx.pid;
|
|
||||||
|
|
||||||
# The process is managed in the docker-env
|
|
||||||
daemon off;
|
|
||||||
|
|
||||||
# Free some CPU cycles
|
|
||||||
timer_resolution 500ms;
|
|
||||||
|
|
||||||
http {
|
|
||||||
# Specify MIME types for files.
|
|
||||||
include mime.types;
|
|
||||||
default_type application/octet-stream;
|
|
||||||
|
|
||||||
# Update charset_types to match updated mime.types.
|
|
||||||
# text/html is always included by charset module.
|
|
||||||
charset_types text/css text/plain text/vnd.wap.wml application/javascript application/json application/rss+xml application/xml;
|
|
||||||
|
|
||||||
# Include $http_x_forwarded_for within default format used in log files
|
|
||||||
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
|
|
||||||
'$status $body_bytes_sent "$http_referer" '
|
|
||||||
'"$http_user_agent" "$http_x_forwarded_for"';
|
|
||||||
|
|
||||||
# Hide used software
|
|
||||||
server_tokens off;
|
|
||||||
|
|
||||||
# Default charset
|
|
||||||
charset utf-8;
|
|
||||||
|
|
||||||
# How long to allow each connection to stay idle.
|
|
||||||
# Longer values are better for each individual client, particularly for SSL,
|
|
||||||
# but means that worker connections are tied up longer.
|
|
||||||
keepalive_timeout 20s;
|
|
||||||
|
|
||||||
# Speed up file transfers by using sendfile() to copy directly
|
|
||||||
# between descriptors rather than using read()/write().
|
|
||||||
# For performance reasons, on FreeBSD systems w/ ZFS
|
|
||||||
# this option should be disabled as ZFS's ARC caches
|
|
||||||
# frequently used files in RAM by default.
|
|
||||||
sendfile on;
|
|
||||||
|
|
||||||
# Don't send out partial frames; this increases throughput
|
|
||||||
# since TCP frames are filled up before being sent out.
|
|
||||||
tcp_nopush on;
|
|
||||||
|
|
||||||
# Allow up to 3 MiB payload, privatebin defaults to 2 MiB.
|
|
||||||
client_max_body_size 3M;
|
|
||||||
|
|
||||||
# Load even moar configs
|
|
||||||
include /etc/nginx/conf.d/*.conf;
|
|
||||||
include /etc/nginx/sites-enabled/*.conf;
|
|
||||||
}
|
|
@ -1,24 +0,0 @@
|
|||||||
server {
|
|
||||||
listen 80 default_server;
|
|
||||||
|
|
||||||
root /var/www/html;
|
|
||||||
index index.php index.html index.htm;
|
|
||||||
|
|
||||||
location / {
|
|
||||||
include /etc/nginx/location.d/*.conf;
|
|
||||||
try_files $uri $uri/ /index.php$is_args$args;
|
|
||||||
}
|
|
||||||
|
|
||||||
location ~ \.php$ {
|
|
||||||
include /etc/nginx/location.d/*.conf;
|
|
||||||
fastcgi_pass unix:/run/php-fpm.sock;
|
|
||||||
fastcgi_index index.php;
|
|
||||||
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
|
|
||||||
include fastcgi_params;
|
|
||||||
|
|
||||||
# Prevent exposing nginx + version to $_SERVER
|
|
||||||
fastcgi_param SERVER_SOFTWARE "";
|
|
||||||
}
|
|
||||||
|
|
||||||
include /etc/nginx/server.d/*.conf;
|
|
||||||
}
|
|
@ -1 +0,0 @@
|
|||||||
/etc/nginx/sites-available/site.conf
|
|
@ -12,12 +12,3 @@ stdout_logfile_maxbytes=0
|
|||||||
stderr_logfile=/dev/stderr
|
stderr_logfile=/dev/stderr
|
||||||
stderr_logfile_maxbytes=0
|
stderr_logfile_maxbytes=0
|
||||||
|
|
||||||
[program:nginx]
|
|
||||||
command=/usr/sbin/nginx
|
|
||||||
autostart=true
|
|
||||||
autorestart=true
|
|
||||||
priority=20
|
|
||||||
stdout_logfile=/dev/stdout
|
|
||||||
stdout_logfile_maxbytes=0
|
|
||||||
stderr_logfile=/dev/stderr
|
|
||||||
stderr_logfile_maxbytes=0
|
|
||||||
|
@ -1,5 +1,4 @@
|
|||||||
[www]
|
[www]
|
||||||
listen = /run/php-fpm.sock
|
listen = 0.0.0.0:9000
|
||||||
listen.owner = www-data
|
listen.owner = www-data
|
||||||
listen.group = www-data
|
listen.group = www-data
|
||||||
listen.mode = 0660
|
|
||||||
|
Loading…
Reference in New Issue
Block a user