perdedora/leftypol
1
0
Fork 0
forked from leftypol/leftypol
Code Pull requests Activity

docker: extract the vichan directory and make it optionally exposable

Browse source
This commit is contained in:
Zankaria 2024-03-31 23:17:38 +02:00 committed by Zankaria
parent 6ba2c7cf42
commit df7d7e1d3c
6 changed files with 147 additions and 41 deletions
Download patch file Download diff file Expand all files Collapse all files

59
docker/common-setup.sh
View file

@ -1,31 +1,32 @@
#!/bin/sh #!/bin/sh
set -eu #set -eu
#
install -m 544 -o www-data -g www-data -d /var/www #install -m 544 -o www-data -g www-data -d /var/www
ln -s \ #ln -s \
/code/banners/ \ # /code/banners/ \
/code/static/ \ # /code/static/ \
/code/stylesheets/ \ # /code/stylesheets/ \
/code/tools/ \ # /code/tools/ \
/code/walls/ \ # /code/walls/ \
/code/*.php \ # /code/*.php \
/code/404.html \ # /code/404.html \
/code/LICENSE.* \ # /code/LICENSE.* \
/code/robots.txt \ # /code/robots.txt \
/code/install.sql \ # /code/install.sql \
/var/www/ # /var/www/
#
install -m 540 -o www-data -g www-data -d /var/tmp/leftypol #install -m 540 -o www-data -g www-data -d /var/tmp/leftypol
install -m 540 -o www-data -g www-data -d /var/tmp/leftypol/cache #install -m 540 -o www-data -g www-data -d /var/tmp/leftypol/cache
ln -s /var/tmp/leftypol /var/www/tmp #ln -s /var/tmp/leftypol /var/www/tmp
#
install -m 544 -o www-data -g www-data -d /var/www/js #install -m 544 -o www-data -g www-data -d /var/www/js
ln -s /code/js/* /var/www/js/ #ln -s /code/js/* /var/www/js/
#
install -m 544 -o www-data -g www-data -d /var/www/templates #install -m 544 -o www-data -g www-data -d /var/www/templates
install -m 544 -o www-data -g www-data -d /var/www/templates/cache #install -m 544 -o www-data -g www-data -d /var/www/templates/cache
ln -s /code/templates/* /var/www/templates/ #ln -s /code/templates/* /var/www/templates/
#
install -m 544 -o www-data -g www-data -d /var/www/inc #install -m 544 -o www-data -g www-data -d /var/www/inc
ln -s /code/inc/* /var/www/inc/ #ln -s /code/inc/* /var/www/inc/
#

4
docker/doc.md Normal file
View file

@ -0,0 +1,4 @@
The `php-fpm` process runs containerized.
The php application always uses `/var/www` as it's work directory and home folder, and if `/var/www` is bind mounted it
is necessary to adjust the path passed via FastCGI to `php-fpm` by changing the root directory to `/var/www`.
This can achieved in nginx by setting the `fastcgi_param SCRIPT_FILENAME` to `/var/www/$fastcgi_script_name;`

4
docker/nginx/Dockerfile
View file

@ -2,9 +2,7 @@ FROM nginx:1.25.3-alpine
COPY . /code COPY . /code
RUN adduser --system www-data \ RUN adduser --system www-data \
&& adduser www-data www-data \ && adduser www-data www-data
&& /code/docker/common-setup.sh
CMD [ "nginx", "-g", "daemon off;" ] CMD [ "nginx", "-g", "daemon off;" ]
EXPOSE 80 EXPOSE 80

21
docker/nginx/leftypol.conf
View file

@ -6,7 +6,7 @@ server {
listen 80 default_server; listen 80 default_server;
listen [::]:80 default_server ipv6only=on; listen [::]:80 default_server ipv6only=on;
server_name leftypol; server_name leftypol;
root /var/www; root /var/www/html;
add_header X-Frame-Options "SAMEORIGIN"; add_header X-Frame-Options "SAMEORIGIN";
add_header X-Content-Type-Options "nosniff"; add_header X-Content-Type-Options "nosniff";
@ -15,9 +15,24 @@ server {
charset utf-8; charset utf-8;
location ~ ^([^.\?]*[^\/])$ { location ~ ^([^.\?]*[^\/])$ {
try_files $uri @addslash; try_files $uri @addslash;
} }
# Expire rules for static content
# Media: images, icons, video, audio, HTC
location ~* \.(?:jpg|jpeg|gif|png|ico|cur|gz|svg|svgz|mp4|ogg|ogv|webm|htc)$ {
expires 1M;
access_log off;
log_not_found off;
add_header Cache-Control "public";
}
# CSS and Javascript
location ~* \.(?:css|js)$ {
expires 1y;
access_log off;
log_not_found off;
add_header Cache-Control "public";
}
# Expire rules for static content # Expire rules for static content
# Media: images, icons, video, audio, HTC # Media: images, icons, video, audio, HTC
location ~* \.(?:jpg|jpeg|gif|png|ico|cur|gz|svg|svgz|mp4|ogg|ogv|webm|htc)$ { location ~* \.(?:jpg|jpeg|gif|png|ico|cur|gz|svg|svgz|mp4|ogg|ogv|webm|htc)$ {
@ -39,7 +54,7 @@ server {
} }
location @addslash { location @addslash {
return 301 $uri/; return 301 $uri/;
} }
location / { location / {

26
docker/php/Dockerfile
View file

@ -33,15 +33,29 @@ RUN apt-get update && apt-get upgrade -y && apt-get install -y \
&& pecl install imagick \ && pecl install imagick \
&& pecl install -o -f igbinary \ && pecl install -o -f igbinary \
&& docker-php-ext-install gd zip opcache intl pdo pdo_mysql mysqli bcmath gettext iconv mbstring curl \ && docker-php-ext-install gd zip opcache intl pdo pdo_mysql mysqli bcmath gettext iconv mbstring curl \
&& docker-php-ext-enable igbinary redis imagick && docker-php-ext-enable igbinary redis imagick \
&& rm -rf /var/cache/* \
&& rmdir /var/www/html \
&& install -d -m 744 -o www-data -g www-data /var/www \
&& install -d -m 700 -o www-data -g www-data /var/tmp/leftypol \
&& install -d -m 700 -o www-data -g www-data /var/cache/gen-cache \
&& install -d -m 700 -o www-data -g www-data /var/cache/template-cache
COPY --from=composer /usr/bin/composer /usr/bin/composer COPY --from=composer /usr/bin/composer /usr/local/bin/composer
# Copy the bootstrap script.
COPY ./docker/php/bootstrap.sh /usr/local/bin/bootstrap.sh
# Copy the actual project (use .dockerignore to exclude stuff).
COPY . /code COPY . /code
RUN /code/docker/common-setup.sh \ # Make the instance configuration owned by www-data.
&& ln -s /code/composer.json /code/composer.lock /var/www/ \ # Make it writable by php.
&& cd /var/www && composer install # Install the compose depedencies.
RUN chown www-data /code/inc/instance-config.php && chgrp www-data /code/inc/instance-config.php \
&& chmod 660 /code/inc/instance-config.php \
&& cd /code && composer install
WORKDIR "/var/www" WORKDIR "/var/www"
CMD [ "php-fpm" ] CMD [ "bootstrap.sh" ]
EXPOSE 9000 EXPOSE 9000

74
docker/php/bootstrap.sh Executable file
View file

@ -0,0 +1,74 @@
#!/bin/sh
set -eu
if ! mountpoint -q /var/www; then
echo "WARNING: '/var/www' is not a mountpoint. All the data will remain inside the container!"
fi
if [ ! -w /var/www ] ; then
echo "ERROR: '/var/www' is not writable. Closing."
exit 1
fi
# Link the entrypoints from the exposed directory.
ln -nfs \
/code/banners/ \
/code/static/ \
/code/stylesheets/ \
/code/tools/ \
/code/walls/ \
/code/*.php \
/code/LICENSE.* \
/code/404.html \
/code/install.sql \
/var/www/
# Ensure correct permissions are set, since this might be bind mount.
chown www-data /var/www
chgrp www-data /var/www
# Initialize robots.txt with the default if it doesn't exist.
cp -n /code/robots.txt /var/www
# Link the cache and tmp files directory.
ln -nfs /var/tmp/leftypol /var/www/tmp
# Link the javascript directory.
ln -nfs /code/js /var/www/
# Link the html templates directory and it's cache.
ln -nfs /code/templates /var/www/
ln -nfs -T /var/cache/template-cache /var/www/templates/cache
chown -h www-data /var/www/templates/cache
chgrp -h www-data /var/www/templates/cache
# Link the generic cache.
ln -nfs -T /var/cache/gen-cache /var/www/tmp/cache
chown -h www-data /var/www/tmp/cache
chgrp -h www-data /var/www/tmp/cache
# Create the included files directory and link them
install -d -m 700 -o www-data -g www-data /var/www/inc
for file in /code/inc/*; do
file="${file##*/}"
if [ ! -e /var/www/inc/$file ]; then
ln -s /code/inc/$file /var/www/inc/
fi
done
# Copy an empty instance configuration if the file is a link (it was linked because it did not exist before).
if [ -L '/var/www/inc/instance-config.php' ]; then
echo 'INFO: Resetting instance configuration'
rm /var/www/inc/instance-config.php
cp /code/inc/instance-config.php /var/www/inc/instance-config.php
chown www-data /var/www/inc/instance-config.php
chgrp www-data /var/www/inc/instance-config.php
chmod 600 /var/www/inc/instance-config.php
else
echo 'INFO: Using existing instance configuration'
fi
# Link the composer dependencies.
ln -nfs /code/vendor /var/www/
# Start the php-fpm server.
exec php-fpm