From 3a769b437f58b53d87e0495b4a5f8f46b32ce15c Mon Sep 17 00:00:00 2001 From: Barbara Pitt Date: Sun, 27 Dec 2020 17:15:12 -0600 Subject: [PATCH 01/45] adding docker items --- Dockerfile | 22 ++++++++++++++++++++++ docker-compose.yml | 45 +++++++++++++++++++++++++++++++++++++++++++++ site.conf | 16 ++++++++++++++++ 3 files changed, 83 insertions(+) create mode 100644 Dockerfile create mode 100644 docker-compose.yml create mode 100644 site.conf diff --git a/Dockerfile b/Dockerfile new file mode 100644 index 00000000..c568280f --- /dev/null +++ b/Dockerfile @@ -0,0 +1,22 @@ +FROM php:5.6-fpm +RUN docker-php-ext-install pdo pdo_mysql +RUN apt-get update -y && apt-get install -y libpng-dev libjpeg-dev +RUN docker-php-ext-install mbstring +RUN apt-get update -y && apt-get install -y libmcrypt-dev +RUN docker-php-ext-install -j$(nproc) mcrypt +RUN docker-php-ext-install iconv +RUN apt-get update -y && apt-get install -y imagemagick +RUN apt-get update -y && apt-get install -y graphicsmagick +RUN apt-get update -y && apt-get install -y gifsicle +RUN docker-php-ext-configure gd \ + --with-png-dir=/usr \ + --with-jpeg-dir=/usr +RUN docker-php-ext-install gd +RUN apt-get update -y \ + && apt-get install -y libmemcached11 libmemcachedutil2 build-essential libmemcached-dev libz-dev \ + && pecl install memcached-2.2.0 \ + && echo extension=memcached.so >> /usr/local/etc/php/conf.d/memcached.ini \ + && apt-get remove -y build-essential libmemcached-dev libz-dev \ + && apt-get autoremove -y \ + && apt-get clean \ + && rm -rf /tmp/pear \ No newline at end of file diff --git a/docker-compose.yml b/docker-compose.yml new file mode 100644 index 00000000..3d61f915 --- /dev/null +++ b/docker-compose.yml @@ -0,0 +1,45 @@ +services: + #nginx webserver + php 5.6 + web: + image: nginx:1.19.6-alpine + ports: + - "8080:80" + depends_on: + - db + volumes: + - ./:/code + - ./site.conf:/etc/nginx/conf.d/default.conf + networks: + leftchan_net: + ipv4_address: 172.20.0.3 + links: + - php + php: + build: . + volumes: + - ./:/code + networks: + leftchan_net: + ipv4_address: 172.20.0.4 + #MySQL Service + db: + image: mysql:5.6.50 + container_name: db + restart: unless-stopped + tty: true + ports: + - "3306:3306" + environment: + MYSQL_DATABASE: lainchan + MYSQL_ROOT_PASSWORD: M9q5lO0RxJVh + networks: + leftchan_net: + ipv4_address: 172.20.0.2 + +#Docker Networks +networks: + leftchan_net: + ipam: + driver: default + config: + - subnet: 172.20.0.0/16 \ No newline at end of file diff --git a/site.conf b/site.conf new file mode 100644 index 00000000..80bc50fb --- /dev/null +++ b/site.conf @@ -0,0 +1,16 @@ +server { + index index.php index.html; + error_log /var/log/nginx/error.log; + access_log /var/log/nginx/access.log; + root /code; + + location ~ \.php$ { + try_files $uri =404; + fastcgi_split_path_info ^(.+\.php)(/.+)$; + fastcgi_pass php:9000; + fastcgi_index index.php; + include fastcgi_params; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_param PATH_INFO $fastcgi_path_info; + } +} \ No newline at end of file From 90235b2bab1a9e438034b8391c786726e50af4a6 Mon Sep 17 00:00:00 2001 From: Zankaria Date: Sun, 7 Apr 2024 13:22:53 +0200 Subject: [PATCH 02/45] docker: remove unused configuration --- site.conf | 16 ---------------- 1 file changed, 16 deletions(-) delete mode 100644 site.conf diff --git a/site.conf b/site.conf deleted file mode 100644 index 80bc50fb..00000000 --- a/site.conf +++ /dev/null @@ -1,16 +0,0 @@ -server { - index index.php index.html; - error_log /var/log/nginx/error.log; - access_log /var/log/nginx/access.log; - root /code; - - location ~ \.php$ { - try_files $uri =404; - fastcgi_split_path_info ^(.+\.php)(/.+)$; - fastcgi_pass php:9000; - fastcgi_index index.php; - include fastcgi_params; - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - fastcgi_param PATH_INFO $fastcgi_path_info; - } -} \ No newline at end of file From 5ca2d194b4f5923f03ca0620ec89294f70863f0d Mon Sep 17 00:00:00 2001 From: zeke Date: Wed, 17 Jan 2024 11:06:22 -0800 Subject: [PATCH 03/45] Update dependencies for Docker image --- Dockerfile | 25 ++++++++++++++++--------- docker-compose.yml | 6 +++--- 2 files changed, 19 insertions(+), 12 deletions(-) diff --git a/Dockerfile b/Dockerfile index c568280f..4e76f72e 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,22 +1,29 @@ -FROM php:5.6-fpm +FROM php:8.1.8-fpm + +COPY . /code + RUN docker-php-ext-install pdo pdo_mysql -RUN apt-get update -y && apt-get install -y libpng-dev libjpeg-dev +RUN apt-get update -y && apt-get install -y libpng-dev libjpeg-dev libonig-dev RUN docker-php-ext-install mbstring RUN apt-get update -y && apt-get install -y libmcrypt-dev -RUN docker-php-ext-install -j$(nproc) mcrypt +# RUN docker-php-ext-install -j$(nproc) mcrypt RUN docker-php-ext-install iconv RUN apt-get update -y && apt-get install -y imagemagick RUN apt-get update -y && apt-get install -y graphicsmagick RUN apt-get update -y && apt-get install -y gifsicle -RUN docker-php-ext-configure gd \ - --with-png-dir=/usr \ - --with-jpeg-dir=/usr +# RUN docker-php-ext-configure gd +# --with-jpeg=/usr/include +# --with-png-dir=/usr \ RUN docker-php-ext-install gd RUN apt-get update -y \ - && apt-get install -y libmemcached11 libmemcachedutil2 build-essential libmemcached-dev libz-dev \ - && pecl install memcached-2.2.0 \ + && apt-get install -y libmemcached11 libmemcachedutil2 build-essential libmemcached-dev libz-dev git \ + && pecl install memcached \ && echo extension=memcached.so >> /usr/local/etc/php/conf.d/memcached.ini \ && apt-get remove -y build-essential libmemcached-dev libz-dev \ && apt-get autoremove -y \ && apt-get clean \ - && rm -rf /tmp/pear \ No newline at end of file + && rm -rf /tmp/pear \ + && curl -sS https://getcomposer.org/installer -o composer-setup.php \ + && php composer-setup.php --install-dir=/usr/local/bin --filename=composer \ + && docker-php-ext-install bcmath \ + && cd /code && composer install \ No newline at end of file diff --git a/docker-compose.yml b/docker-compose.yml index 3d61f915..0008c064 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -1,7 +1,7 @@ services: - #nginx webserver + php 5.6 + #nginx webserver + php 8.x web: - image: nginx:1.19.6-alpine + image: nginx:1.25.3-alpine ports: - "8080:80" depends_on: @@ -23,7 +23,7 @@ services: ipv4_address: 172.20.0.4 #MySQL Service db: - image: mysql:5.6.50 + image: mysql:8.0.35 container_name: db restart: unless-stopped tty: true From fc63de4ed420cebf1d5f0bfb7862321f65ed27ed Mon Sep 17 00:00:00 2001 From: zeke Date: Thu, 1 Feb 2024 18:05:08 -0800 Subject: [PATCH 04/45] Use two Dockerfiles, move Docker stuff to /docker --- docker-compose.yml | 16 ++++++--- docker/common-setup.sh | 32 ++++++++++++++++++ docker/nginx/Dockerfile | 8 +++++ docker/nginx/leftypol.conf | 68 ++++++++++++++++++++++++++++++++++++++ docker/nginx/nginx.conf | 32 ++++++++++++++++++ docker/nginx/proxy.conf | 40 ++++++++++++++++++++++ docker/php/Dockerfile | 44 ++++++++++++++++++++++++ docker/php/custom.ini | 15 +++++++++ docker/php/www.conf | 10 ++++++ 9 files changed, 261 insertions(+), 4 deletions(-) create mode 100755 docker/common-setup.sh create mode 100644 docker/nginx/Dockerfile create mode 100644 docker/nginx/leftypol.conf create mode 100644 docker/nginx/nginx.conf create mode 100644 docker/nginx/proxy.conf create mode 100644 docker/php/Dockerfile create mode 100644 docker/php/custom.ini create mode 100644 docker/php/www.conf diff --git a/docker-compose.yml b/docker-compose.yml index 0008c064..98e93884 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -1,23 +1,31 @@ services: #nginx webserver + php 8.x web: - image: nginx:1.25.3-alpine + build: + context: . + dockerfile: ./docker/nginx/Dockerfile ports: - "8080:80" depends_on: - db volumes: - ./:/code - - ./site.conf:/etc/nginx/conf.d/default.conf + - ./docker/nginx/leftypol.conf:/etc/nginx/conf.d/default.conf + - ./docker/nginx/nginx.conf:/etc/nginx/nginx.conf + - ./docker/nginx/proxy.conf:/etc/nginx/conf.d/proxy.conf networks: leftchan_net: ipv4_address: 172.20.0.3 links: - php php: - build: . + build: + context: . + dockerfile: ./docker/php/Dockerfile volumes: - ./:/code + - ./docker/php/custom.ini:/usr/local/etc/php/conf.d/custom.ini + - ./docker/php/www.conf:/usr/local/etc/php-fpm.d/www.conf networks: leftchan_net: ipv4_address: 172.20.0.4 @@ -42,4 +50,4 @@ networks: ipam: driver: default config: - - subnet: 172.20.0.0/16 \ No newline at end of file + - subnet: 172.20.0.0/16 diff --git a/docker/common-setup.sh b/docker/common-setup.sh new file mode 100755 index 00000000..c7ea147e --- /dev/null +++ b/docker/common-setup.sh @@ -0,0 +1,32 @@ +#!/bin/sh + +# not exactly elegant, but one container is Debian, the other is Alpine +useradd -MU leftypol +addgroup leftypol +adduser -DHG leftypol leftypol + +set -eu + +install -m 775 -o leftypol -g leftypol -d /var/www-leftypol +ln -s \ + /code/banners/ \ + /code/static/ \ + /code/stylesheets/ \ + /code/tools/ \ + /code/walls/ \ + /code/*.php \ + /code/404.html \ + /code/LICENSE.* \ + /code/robots.txt \ + /code/install.sql \ + /var/www-leftypol/ + +install -m 775 -o leftypol -g leftypol -d /var/www/js +ln -s /code/js/* /var/www/js/ + +install -m 775 -o leftypol -g leftypol -d /var/www-leftypol/templates +install -m 775 -o leftypol -g leftypol -d /var/www-leftypol/templates/cache +ln -s /code/templates/* /var/www-leftypol/templates/ + +install -m 775 -o leftypol -g leftypol -d /var/www-leftypol/inc +ln -s /code/inc/* /var/www-leftypol/inc/ diff --git a/docker/nginx/Dockerfile b/docker/nginx/Dockerfile new file mode 100644 index 00000000..9c2392b2 --- /dev/null +++ b/docker/nginx/Dockerfile @@ -0,0 +1,8 @@ +FROM nginx:1.25.3-alpine + +COPY . /code +RUN /code/docker/common-setup.sh + + +CMD ["nginx", "-g", "daemon off;"] +EXPOSE 80 443 \ No newline at end of file diff --git a/docker/nginx/leftypol.conf b/docker/nginx/leftypol.conf new file mode 100644 index 00000000..a825fea7 --- /dev/null +++ b/docker/nginx/leftypol.conf @@ -0,0 +1,68 @@ +upstream php-upstream { + server php:9000; +} + +server { + listen 80 default_server; + listen [::]:80 default_server ipv6only=on; + server_name leftypol; + root /var/www-leftypol; + add_header X-Frame-Options "SAMEORIGIN"; + add_header X-Content-Type-Options "nosniff"; + + index index.html index.php; + + charset utf-8; + + location ~ ^([^.\?]*[^\/])$ { + try_files $uri @addslash; + } + + # Expire rules for static content + # Media: images, icons, video, audio, HTC + location ~* \.(?:jpg|jpeg|gif|png|ico|cur|gz|svg|svgz|mp4|ogg|ogv|webm|htc)$ { + expires 1M; + access_log off; + log_not_found off; + add_header Cache-Control "public"; + } + # CSS and Javascript + location ~* \.(?:css|js)$ { + expires 1y; + access_log off; + log_not_found off; + add_header Cache-Control "public"; + } + + location ~* \.(html)$ { + expires -1; + } + + location @addslash { + return 301 $uri/; + } + + location / { + try_files $uri $uri/ /index.php$is_args$args; + } + + client_max_body_size 2G; + + location ~ \.php$ { + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $remote_addr; + proxy_set_header X-Request-Id $x_request_id; + proxy_set_header X-Forwarded-Host $host; + proxy_set_header Forwarded-Request-Id $x_request_id; + fastcgi_pass php-upstream; + fastcgi_index index.php; + fastcgi_buffers 16 16k; + fastcgi_buffer_size 32k; + fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name; + fastcgi_read_timeout 600; + include fastcgi_params; + } + + location = /favicon.ico { access_log off; log_not_found off; } + location = /robots.txt { access_log off; log_not_found off; } +} \ No newline at end of file diff --git a/docker/nginx/nginx.conf b/docker/nginx/nginx.conf new file mode 100644 index 00000000..447ab989 --- /dev/null +++ b/docker/nginx/nginx.conf @@ -0,0 +1,32 @@ +# This and proxy.conf are based on +# https://github.com/dead-guru/devichan/blob/master/nginx/nginx.conf + +user leftypol; +worker_processes 4; + +error_log /dev/stdout warn; +pid /var/run/nginx.pid; +events { + worker_connections 1024; +} +http { + include /etc/nginx/mime.types; + default_type application/octet-stream; + #access_log /var/log/nginx/access.log; + # Switch logging to console out to view via Docker + access_log /dev/stdout; + error_log /dev/stdout warn; + sendfile on; + keepalive_timeout 5; + + gzip on; + gzip_http_version 1.0; + gzip_vary on; + gzip_comp_level 6; + gzip_types text/xml text/plain text/css application/xhtml+xml application/xml application/rss+xml application/atom_xml application/x-javascript application/x-httpd-php; + gzip_disable "MSIE [1-6]\."; + + + include /etc/nginx/conf.d/*.conf; + include /etc/nginx/sites-available/*.conf; +} \ No newline at end of file diff --git a/docker/nginx/proxy.conf b/docker/nginx/proxy.conf new file mode 100644 index 00000000..bc22ea34 --- /dev/null +++ b/docker/nginx/proxy.conf @@ -0,0 +1,40 @@ +proxy_cache_path /var/cache/nginx levels=1:2 keys_zone=czone:4m max_size=50m inactive=120m; +proxy_temp_path /var/tmp/nginx; +proxy_cache_key "$scheme://$host$request_uri"; + + +map $http_forwarded_request_id $x_request_id { + "" $request_id; + default $http_forwarded_request_id; +} + +map $http_forwarded_forwarded_host $forwardedhost { + "" $host; + default $http_forwarded_forwarded_host; +} + + +map $http_x_forwarded_proto $fcgi_https { + default ""; + https on; +} + +map $http_x_forwarded_proto $real_scheme { + default $scheme; + https https; +} + +proxy_set_header Host $host; +proxy_set_header X-Real-IP $remote_addr; +proxy_set_header X-Forwarded-Host $host; +proxy_set_header X-Forwarded-Server $host; + +real_ip_header X-Forwarded-For; + +set_real_ip_from 10.0.0.0/8; +set_real_ip_from 172.16.0.0/12; +set_real_ip_from 172.18.0.0/12; +set_real_ip_from 192.168.0.0/24; +set_real_ip_from 127.0.0.0/8; + +real_ip_recursive on; \ No newline at end of file diff --git a/docker/php/Dockerfile b/docker/php/Dockerfile new file mode 100644 index 00000000..2db11415 --- /dev/null +++ b/docker/php/Dockerfile @@ -0,0 +1,44 @@ +# Based on https://github.com/dead-guru/devichan/blob/master/php-fpm/Dockerfile + +FROM composer AS composer +FROM php:8.1-fpm-bullseye +COPY --from=composer /usr/bin/composer /usr/bin/composer +COPY . /code + +RUN apt-get update && apt-get upgrade -y && apt-get install -y \ + zlib1g-dev libicu-dev g++ \ + libjpeg62-turbo-dev \ + libzip-dev \ + libpng-dev \ + libwebp-dev \ + libfreetype6-dev \ + libxml2-dev \ + git \ + zip \ + ffmpeg \ + libonig-dev \ + unzip \ + libcurl4-openssl-dev \ + libmagickwand-dev \ + gifsicle \ + graphicsmagick \ + gettext \ + imagemagick \ + locales locales-all \ + libmagickwand-dev \ + libmcrypt-dev \ + && docker-php-ext-configure gd \ + --with-webp=/usr/include/webp \ + --with-jpeg=/usr/include \ + --with-freetype=/usr/include/freetype2/ \ + && pecl install redis \ + && pecl install imagick \ + && pecl install -o -f igbinary \ + && docker-php-ext-install gd zip opcache intl pdo pdo_mysql mysqli bcmath gettext iconv mbstring curl \ + && docker-php-ext-enable igbinary redis imagick + + +RUN /code/docker/common-setup.sh +WORKDIR "/var/www-leftypol" +CMD ["php-fpm"] +EXPOSE 9000 \ No newline at end of file diff --git a/docker/php/custom.ini b/docker/php/custom.ini new file mode 100644 index 00000000..aacb2d72 --- /dev/null +++ b/docker/php/custom.ini @@ -0,0 +1,15 @@ +; based on https://github.com/dead-guru/devichan/blob/master/php-fpm/custom.ini + +memory_limit = 2G +max_execution_time = 30 +upload_max_filesize = 2G +post_max_size = 2G +pm = dynamic +pm.max_children = 20 +pm.start_servers = 5 +pm.min_spare_servers = 3 +pm.max_spare_servers = 10 + +extension = igbinary.so +extension = redis.so +extension = imagick.so \ No newline at end of file diff --git a/docker/php/www.conf b/docker/php/www.conf new file mode 100644 index 00000000..f6c4f00e --- /dev/null +++ b/docker/php/www.conf @@ -0,0 +1,10 @@ +[www] +user = leftypol +group = leftypol +listen = 127.0.0.1:9000 +pm = dynamic +pm.max_children = 200 +pm.start_servers = 10 +pm.min_spare_servers = 1 +pm.max_spare_servers = 20 +pm.max_requests = 20000 From f3c7bad9cdb15a9acbd9be9b9d688891df77c8ee Mon Sep 17 00:00:00 2001 From: zeke Date: Sun, 4 Feb 2024 23:29:38 -0800 Subject: [PATCH 05/45] Remove extension lines (added by docker-php-ext-enable) --- docker/php/custom.ini | 4 ---- 1 file changed, 4 deletions(-) diff --git a/docker/php/custom.ini b/docker/php/custom.ini index aacb2d72..527f44e7 100644 --- a/docker/php/custom.ini +++ b/docker/php/custom.ini @@ -9,7 +9,3 @@ pm.max_children = 20 pm.start_servers = 5 pm.min_spare_servers = 3 pm.max_spare_servers = 10 - -extension = igbinary.so -extension = redis.so -extension = imagick.so \ No newline at end of file From 03228eb87debf286ffd84dfbff7aa0ba4160ed5f Mon Sep 17 00:00:00 2001 From: zeke Date: Wed, 7 Feb 2024 10:47:36 -0800 Subject: [PATCH 06/45] Fix user and group creation for docker containers --- docker/common-setup.sh | 5 ----- docker/nginx/Dockerfile | 5 ++++- docker/php/Dockerfile | 6 +++++- 3 files changed, 9 insertions(+), 7 deletions(-) diff --git a/docker/common-setup.sh b/docker/common-setup.sh index c7ea147e..e8a3f007 100755 --- a/docker/common-setup.sh +++ b/docker/common-setup.sh @@ -1,10 +1,5 @@ #!/bin/sh -# not exactly elegant, but one container is Debian, the other is Alpine -useradd -MU leftypol -addgroup leftypol -adduser -DHG leftypol leftypol - set -eu install -m 775 -o leftypol -g leftypol -d /var/www-leftypol diff --git a/docker/nginx/Dockerfile b/docker/nginx/Dockerfile index 9c2392b2..e58381da 100644 --- a/docker/nginx/Dockerfile +++ b/docker/nginx/Dockerfile @@ -1,7 +1,10 @@ FROM nginx:1.25.3-alpine COPY . /code -RUN /code/docker/common-setup.sh +RUN addgroup --system leftypol \ + && adduser --system leftypol \ + && adduser leftypol leftypol \ + && /code/docker/common-setup.sh CMD ["nginx", "-g", "daemon off;"] diff --git a/docker/php/Dockerfile b/docker/php/Dockerfile index 2db11415..78e979d3 100644 --- a/docker/php/Dockerfile +++ b/docker/php/Dockerfile @@ -35,7 +35,11 @@ RUN apt-get update && apt-get upgrade -y && apt-get install -y \ && pecl install imagick \ && pecl install -o -f igbinary \ && docker-php-ext-install gd zip opcache intl pdo pdo_mysql mysqli bcmath gettext iconv mbstring curl \ - && docker-php-ext-enable igbinary redis imagick + && docker-php-ext-enable igbinary redis imagick \ + && useradd -MU leftypol \ + && /code/docker/common-setup.sh \ + && ln -s /code/composer.json /code/composer.lock /var/www-leftypol/ \ + && cd /var/www-leftypol && composer install RUN /code/docker/common-setup.sh From 460aee0dad613d7b301ca26dd55a2e0e4017d244 Mon Sep 17 00:00:00 2001 From: zeke Date: Wed, 7 Feb 2024 12:03:05 -0800 Subject: [PATCH 07/45] Remove unused Dockerfile --- Dockerfile | 29 ----------------------------- 1 file changed, 29 deletions(-) delete mode 100644 Dockerfile diff --git a/Dockerfile b/Dockerfile deleted file mode 100644 index 4e76f72e..00000000 --- a/Dockerfile +++ /dev/null @@ -1,29 +0,0 @@ -FROM php:8.1.8-fpm - -COPY . /code - -RUN docker-php-ext-install pdo pdo_mysql -RUN apt-get update -y && apt-get install -y libpng-dev libjpeg-dev libonig-dev -RUN docker-php-ext-install mbstring -RUN apt-get update -y && apt-get install -y libmcrypt-dev -# RUN docker-php-ext-install -j$(nproc) mcrypt -RUN docker-php-ext-install iconv -RUN apt-get update -y && apt-get install -y imagemagick -RUN apt-get update -y && apt-get install -y graphicsmagick -RUN apt-get update -y && apt-get install -y gifsicle -# RUN docker-php-ext-configure gd -# --with-jpeg=/usr/include -# --with-png-dir=/usr \ -RUN docker-php-ext-install gd -RUN apt-get update -y \ - && apt-get install -y libmemcached11 libmemcachedutil2 build-essential libmemcached-dev libz-dev git \ - && pecl install memcached \ - && echo extension=memcached.so >> /usr/local/etc/php/conf.d/memcached.ini \ - && apt-get remove -y build-essential libmemcached-dev libz-dev \ - && apt-get autoremove -y \ - && apt-get clean \ - && rm -rf /tmp/pear \ - && curl -sS https://getcomposer.org/installer -o composer-setup.php \ - && php composer-setup.php --install-dir=/usr/local/bin --filename=composer \ - && docker-php-ext-install bcmath \ - && cd /code && composer install \ No newline at end of file From 7ac0460b0a6e6d7dba66fd277c49a8fb44aee4a1 Mon Sep 17 00:00:00 2001 From: zeke Date: Fri, 9 Feb 2024 11:01:07 -0800 Subject: [PATCH 08/45] Apply suggested changes --- docker-compose.yml | 1 - docker/nginx/leftypol.conf | 106 ++++++++++++++++++------------------- docker/nginx/nginx.conf | 36 ++++++------- docker/php/custom.ini | 11 ---- docker/php/www.conf | 9 ++-- 5 files changed, 74 insertions(+), 89 deletions(-) delete mode 100644 docker/php/custom.ini diff --git a/docker-compose.yml b/docker-compose.yml index 98e93884..9ae4f02f 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -24,7 +24,6 @@ services: dockerfile: ./docker/php/Dockerfile volumes: - ./:/code - - ./docker/php/custom.ini:/usr/local/etc/php/conf.d/custom.ini - ./docker/php/www.conf:/usr/local/etc/php-fpm.d/www.conf networks: leftchan_net: diff --git a/docker/nginx/leftypol.conf b/docker/nginx/leftypol.conf index a825fea7..ad421a9f 100644 --- a/docker/nginx/leftypol.conf +++ b/docker/nginx/leftypol.conf @@ -1,68 +1,66 @@ upstream php-upstream { - server php:9000; + server php:9000; } server { - listen 80 default_server; - listen [::]:80 default_server ipv6only=on; - server_name leftypol; - root /var/www-leftypol; - add_header X-Frame-Options "SAMEORIGIN"; - add_header X-Content-Type-Options "nosniff"; + listen 80 default_server; + listen [::]:80 default_server ipv6only=on; + server_name leftypol; + root /var/www-leftypol; + add_header X-Frame-Options "SAMEORIGIN"; + add_header X-Content-Type-Options "nosniff"; - index index.html index.php; + index index.html index.php; - charset utf-8; + charset utf-8; - location ~ ^([^.\?]*[^\/])$ { - try_files $uri @addslash; - } + location ~ ^([^.\?]*[^\/])$ { + try_files $uri @addslash; + } - # Expire rules for static content - # Media: images, icons, video, audio, HTC - location ~* \.(?:jpg|jpeg|gif|png|ico|cur|gz|svg|svgz|mp4|ogg|ogv|webm|htc)$ { - expires 1M; - access_log off; - log_not_found off; - add_header Cache-Control "public"; - } - # CSS and Javascript - location ~* \.(?:css|js)$ { - expires 1y; - access_log off; - log_not_found off; - add_header Cache-Control "public"; - } + # Expire rules for static content + # Media: images, icons, video, audio, HTC + location ~* \.(?:jpg|jpeg|gif|png|ico|cur|gz|svg|svgz|mp4|ogg|ogv|webm|htc)$ { + expires 1M; + access_log off; + log_not_found off; + add_header Cache-Control "public"; + } + # CSS and Javascript + location ~* \.(?:css|js)$ { + expires 1y; + access_log off; + log_not_found off; + add_header Cache-Control "public"; + } - location ~* \.(html)$ { - expires -1; - } + location ~* \.(html)$ { + expires -1; + } - location @addslash { - return 301 $uri/; - } + location @addslash { + return 301 $uri/; + } - location / { - try_files $uri $uri/ /index.php$is_args$args; - } + location / { + try_files $uri $uri/ /index.php$is_args$args; + } - client_max_body_size 2G; + client_max_body_size 2G; - location ~ \.php$ { - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $remote_addr; - proxy_set_header X-Request-Id $x_request_id; - proxy_set_header X-Forwarded-Host $host; - proxy_set_header Forwarded-Request-Id $x_request_id; - fastcgi_pass php-upstream; - fastcgi_index index.php; - fastcgi_buffers 16 16k; - fastcgi_buffer_size 32k; - fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name; - fastcgi_read_timeout 600; - include fastcgi_params; - } + location ~ \.php$ { + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $remote_addr; + proxy_set_header X-Request-Id $x_request_id; + proxy_set_header X-Forwarded-Host $host; + proxy_set_header Forwarded-Request-Id $x_request_id; + fastcgi_pass php-upstream; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name; + fastcgi_read_timeout 600; + include fastcgi_params; + } - location = /favicon.ico { access_log off; log_not_found off; } - location = /robots.txt { access_log off; log_not_found off; } -} \ No newline at end of file + location = /favicon.ico { access_log off; log_not_found off; } + location = /robots.txt { access_log off; log_not_found off; } +} diff --git a/docker/nginx/nginx.conf b/docker/nginx/nginx.conf index 447ab989..89ac1ffc 100644 --- a/docker/nginx/nginx.conf +++ b/docker/nginx/nginx.conf @@ -2,31 +2,31 @@ # https://github.com/dead-guru/devichan/blob/master/nginx/nginx.conf user leftypol; -worker_processes 4; +worker_processes auto; error_log /dev/stdout warn; pid /var/run/nginx.pid; events { - worker_connections 1024; + worker_connections 1024; } http { - include /etc/nginx/mime.types; - default_type application/octet-stream; - #access_log /var/log/nginx/access.log; - # Switch logging to console out to view via Docker - access_log /dev/stdout; - error_log /dev/stdout warn; - sendfile on; - keepalive_timeout 5; + include /etc/nginx/mime.types; + default_type application/octet-stream; - gzip on; - gzip_http_version 1.0; - gzip_vary on; - gzip_comp_level 6; - gzip_types text/xml text/plain text/css application/xhtml+xml application/xml application/rss+xml application/atom_xml application/x-javascript application/x-httpd-php; - gzip_disable "MSIE [1-6]\."; + # Switch logging to console out to view via Docker + access_log /dev/stdout; + error_log /dev/stdout warn; + sendfile on; + keepalive_timeout 5; + + gzip on; + gzip_http_version 1.0; + gzip_vary on; + gzip_comp_level 6; + gzip_types text/xml text/plain text/css application/xhtml+xml application/xml application/rss+xml application/atom_xml application/x-javascript application/x-httpd-php; + gzip_disable "MSIE [1-6]\."; - include /etc/nginx/conf.d/*.conf; - include /etc/nginx/sites-available/*.conf; + include /etc/nginx/conf.d/*.conf; + include /etc/nginx/sites-available/*.conf; } \ No newline at end of file diff --git a/docker/php/custom.ini b/docker/php/custom.ini deleted file mode 100644 index 527f44e7..00000000 --- a/docker/php/custom.ini +++ /dev/null @@ -1,11 +0,0 @@ -; based on https://github.com/dead-guru/devichan/blob/master/php-fpm/custom.ini - -memory_limit = 2G -max_execution_time = 30 -upload_max_filesize = 2G -post_max_size = 2G -pm = dynamic -pm.max_children = 20 -pm.start_servers = 5 -pm.min_spare_servers = 3 -pm.max_spare_servers = 10 diff --git a/docker/php/www.conf b/docker/php/www.conf index f6c4f00e..07fa7c28 100644 --- a/docker/php/www.conf +++ b/docker/php/www.conf @@ -2,9 +2,8 @@ user = leftypol group = leftypol listen = 127.0.0.1:9000 -pm = dynamic -pm.max_children = 200 -pm.start_servers = 10 +pm = static +pm.max_children = 16 +pm.start_servers = 2 pm.min_spare_servers = 1 -pm.max_spare_servers = 20 -pm.max_requests = 20000 +pm.max_spare_servers = 3 From 62f0e9894ca8db8d2ded225f9542ddbfd98481b9 Mon Sep 17 00:00:00 2001 From: Zankaria Date: Sun, 11 Feb 2024 10:28:36 +0100 Subject: [PATCH 09/45] docker: trim PHP configuration --- docker/php/www.conf | 3 --- 1 file changed, 3 deletions(-) diff --git a/docker/php/www.conf b/docker/php/www.conf index 07fa7c28..6a7ac20e 100644 --- a/docker/php/www.conf +++ b/docker/php/www.conf @@ -4,6 +4,3 @@ group = leftypol listen = 127.0.0.1:9000 pm = static pm.max_children = 16 -pm.start_servers = 2 -pm.min_spare_servers = 1 -pm.max_spare_servers = 3 From 1d385ad6aa9c82e84dba58ef343677cf03a23f16 Mon Sep 17 00:00:00 2001 From: Zankaria Date: Sun, 11 Feb 2024 11:00:29 +0100 Subject: [PATCH 10/45] docker: remove "meaningless" bits from nginx configuration --- docker/nginx/proxy.conf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docker/nginx/proxy.conf b/docker/nginx/proxy.conf index bc22ea34..6830cd5f 100644 --- a/docker/nginx/proxy.conf +++ b/docker/nginx/proxy.conf @@ -33,7 +33,7 @@ real_ip_header X-Forwarded-For; set_real_ip_from 10.0.0.0/8; set_real_ip_from 172.16.0.0/12; -set_real_ip_from 172.18.0.0/12; +set_real_ip_from 172.18.0.0; set_real_ip_from 192.168.0.0/24; set_real_ip_from 127.0.0.0/8; From cc8e4589069783f52cca90ed9543a59bc7dc3913 Mon Sep 17 00:00:00 2001 From: Zankaria Date: Sun, 11 Feb 2024 15:45:55 +0100 Subject: [PATCH 11/45] docker: split up application and dependency layers --- docker/php/Dockerfile | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/docker/php/Dockerfile b/docker/php/Dockerfile index 78e979d3..f70a05b9 100644 --- a/docker/php/Dockerfile +++ b/docker/php/Dockerfile @@ -2,8 +2,6 @@ FROM composer AS composer FROM php:8.1-fpm-bullseye -COPY --from=composer /usr/bin/composer /usr/bin/composer -COPY . /code RUN apt-get update && apt-get upgrade -y && apt-get install -y \ zlib1g-dev libicu-dev g++ \ @@ -36,8 +34,12 @@ RUN apt-get update && apt-get upgrade -y && apt-get install -y \ && pecl install -o -f igbinary \ && docker-php-ext-install gd zip opcache intl pdo pdo_mysql mysqli bcmath gettext iconv mbstring curl \ && docker-php-ext-enable igbinary redis imagick \ - && useradd -MU leftypol \ - && /code/docker/common-setup.sh \ + && useradd -MU leftypol + +COPY --from=composer /usr/bin/composer /usr/bin/composer +COPY . /code + +RUN /code/docker/common-setup.sh \ && ln -s /code/composer.json /code/composer.lock /var/www-leftypol/ \ && cd /var/www-leftypol && composer install @@ -45,4 +47,4 @@ RUN apt-get update && apt-get upgrade -y && apt-get install -y \ RUN /code/docker/common-setup.sh WORKDIR "/var/www-leftypol" CMD ["php-fpm"] -EXPOSE 9000 \ No newline at end of file +EXPOSE 9000 From 482962844a63d47e551d68196942542787954abf Mon Sep 17 00:00:00 2001 From: Zankaria Date: Sun, 11 Feb 2024 16:04:57 +0100 Subject: [PATCH 12/45] docker: fix missing tmp directory --- docker/common-setup.sh | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/docker/common-setup.sh b/docker/common-setup.sh index e8a3f007..649a3049 100755 --- a/docker/common-setup.sh +++ b/docker/common-setup.sh @@ -16,8 +16,12 @@ ln -s \ /code/install.sql \ /var/www-leftypol/ -install -m 775 -o leftypol -g leftypol -d /var/www/js -ln -s /code/js/* /var/www/js/ +install -m 775 -o leftypol -g leftypol -d /var/tmp/leftypol +install -m 775 -o leftypol -g leftypol -d /var/tmp/leftypol/cache +ln -s /var/tmp/leftypol /var/www-leftypol/tmp + +install -m 775 -o leftypol -g leftypol -d /var/www-leftypol/js +ln -s /code/js/* /var/www-leftypol/js/ install -m 775 -o leftypol -g leftypol -d /var/www-leftypol/templates install -m 775 -o leftypol -g leftypol -d /var/www-leftypol/templates/cache From d55961995cd5163eff7c51b7f4b862631f246a0c Mon Sep 17 00:00:00 2001 From: Zankaria Date: Sun, 31 Mar 2024 15:41:02 +0200 Subject: [PATCH 13/45] docker: change the work directory to /var/www --- docker/common-setup.sh | 20 ++++++++++---------- docker/nginx/leftypol.conf | 4 ++-- docker/php/Dockerfile | 9 ++++----- 3 files changed, 16 insertions(+), 17 deletions(-) diff --git a/docker/common-setup.sh b/docker/common-setup.sh index 649a3049..e8e8ed2e 100755 --- a/docker/common-setup.sh +++ b/docker/common-setup.sh @@ -2,7 +2,7 @@ set -eu -install -m 775 -o leftypol -g leftypol -d /var/www-leftypol +install -m 775 -o leftypol -g leftypol -d /var/www ln -s \ /code/banners/ \ /code/static/ \ @@ -14,18 +14,18 @@ ln -s \ /code/LICENSE.* \ /code/robots.txt \ /code/install.sql \ - /var/www-leftypol/ + /var/www/ install -m 775 -o leftypol -g leftypol -d /var/tmp/leftypol install -m 775 -o leftypol -g leftypol -d /var/tmp/leftypol/cache -ln -s /var/tmp/leftypol /var/www-leftypol/tmp +ln -s /var/tmp/leftypol /var/www/tmp -install -m 775 -o leftypol -g leftypol -d /var/www-leftypol/js -ln -s /code/js/* /var/www-leftypol/js/ +install -m 775 -o leftypol -g leftypol -d /var/www/js +ln -s /code/js/* /var/www/js/ -install -m 775 -o leftypol -g leftypol -d /var/www-leftypol/templates -install -m 775 -o leftypol -g leftypol -d /var/www-leftypol/templates/cache -ln -s /code/templates/* /var/www-leftypol/templates/ +install -m 775 -o leftypol -g leftypol -d /var/www/templates +install -m 775 -o leftypol -g leftypol -d /var/www/templates/cache +ln -s /code/templates/* /var/www/templates/ -install -m 775 -o leftypol -g leftypol -d /var/www-leftypol/inc -ln -s /code/inc/* /var/www-leftypol/inc/ +install -m 775 -o leftypol -g leftypol -d /var/www/inc +ln -s /code/inc/* /var/www/inc/ diff --git a/docker/nginx/leftypol.conf b/docker/nginx/leftypol.conf index ad421a9f..527873c5 100644 --- a/docker/nginx/leftypol.conf +++ b/docker/nginx/leftypol.conf @@ -6,7 +6,7 @@ server { listen 80 default_server; listen [::]:80 default_server ipv6only=on; server_name leftypol; - root /var/www-leftypol; + root /var/www; add_header X-Frame-Options "SAMEORIGIN"; add_header X-Content-Type-Options "nosniff"; @@ -56,7 +56,7 @@ server { proxy_set_header Forwarded-Request-Id $x_request_id; fastcgi_pass php-upstream; fastcgi_index index.php; - fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name; + fastcgi_param SCRIPT_FILENAME /var/www/$fastcgi_script_name; fastcgi_read_timeout 600; include fastcgi_params; } diff --git a/docker/php/Dockerfile b/docker/php/Dockerfile index f70a05b9..bbae84fd 100644 --- a/docker/php/Dockerfile +++ b/docker/php/Dockerfile @@ -40,11 +40,10 @@ COPY --from=composer /usr/bin/composer /usr/bin/composer COPY . /code RUN /code/docker/common-setup.sh \ - && ln -s /code/composer.json /code/composer.lock /var/www-leftypol/ \ - && cd /var/www-leftypol && composer install + && ln -s /code/composer.json /code/composer.lock /var/www/ \ + && cd /var/www && composer install - -RUN /code/docker/common-setup.sh -WORKDIR "/var/www-leftypol" +# RUN /code/docker/common-setup.sh php +WORKDIR "/var/www" CMD ["php-fpm"] EXPOSE 9000 From 7979404c1b85c0462b16fb147ab9a49b608a5790 Mon Sep 17 00:00:00 2001 From: Zankaria Date: Sun, 31 Mar 2024 15:49:09 +0200 Subject: [PATCH 14/45] docker: change user to www-data --- docker/common-setup.sh | 14 +++++++------- docker/nginx/Dockerfile | 11 +++++------ docker/nginx/nginx.conf | 6 ++++-- docker/php/Dockerfile | 6 ++---- docker/php/www.conf | 4 ++-- 5 files changed, 20 insertions(+), 21 deletions(-) diff --git a/docker/common-setup.sh b/docker/common-setup.sh index e8e8ed2e..3530c97c 100755 --- a/docker/common-setup.sh +++ b/docker/common-setup.sh @@ -2,7 +2,7 @@ set -eu -install -m 775 -o leftypol -g leftypol -d /var/www +install -m 775 -o www-data -g www-data -d /var/www ln -s \ /code/banners/ \ /code/static/ \ @@ -16,16 +16,16 @@ ln -s \ /code/install.sql \ /var/www/ -install -m 775 -o leftypol -g leftypol -d /var/tmp/leftypol -install -m 775 -o leftypol -g leftypol -d /var/tmp/leftypol/cache +install -m 775 -o www-data -g www-data -d /var/tmp/leftypol +install -m 775 -o www-data -g www-data -d /var/tmp/leftypol/cache ln -s /var/tmp/leftypol /var/www/tmp -install -m 775 -o leftypol -g leftypol -d /var/www/js +install -m 775 -o www-data -g www-data -d /var/www/js ln -s /code/js/* /var/www/js/ -install -m 775 -o leftypol -g leftypol -d /var/www/templates -install -m 775 -o leftypol -g leftypol -d /var/www/templates/cache +install -m 775 -o www-data -g www-data -d /var/www/templates +install -m 775 -o www-data -g www-data -d /var/www/templates/cache ln -s /code/templates/* /var/www/templates/ -install -m 775 -o leftypol -g leftypol -d /var/www/inc +install -m 775 -o www-data -g www-data -d /var/www/inc ln -s /code/inc/* /var/www/inc/ diff --git a/docker/nginx/Dockerfile b/docker/nginx/Dockerfile index e58381da..5fa002d3 100644 --- a/docker/nginx/Dockerfile +++ b/docker/nginx/Dockerfile @@ -1,11 +1,10 @@ FROM nginx:1.25.3-alpine COPY . /code -RUN addgroup --system leftypol \ - && adduser --system leftypol \ - && adduser leftypol leftypol \ - && /code/docker/common-setup.sh +RUN adduser --system www-data \ + && adduser www-data www-data \ + && /code/docker/common-setup.sh -CMD ["nginx", "-g", "daemon off;"] -EXPOSE 80 443 \ No newline at end of file +CMD [ "nginx", "-g", "daemon off;" ] +EXPOSE 80 diff --git a/docker/nginx/nginx.conf b/docker/nginx/nginx.conf index 89ac1ffc..7c6b6587 100644 --- a/docker/nginx/nginx.conf +++ b/docker/nginx/nginx.conf @@ -1,14 +1,16 @@ # This and proxy.conf are based on # https://github.com/dead-guru/devichan/blob/master/nginx/nginx.conf -user leftypol; +user www-data; worker_processes auto; error_log /dev/stdout warn; -pid /var/run/nginx.pid; +pid /var/run/nginx.pid; + events { worker_connections 1024; } + http { include /etc/nginx/mime.types; default_type application/octet-stream; diff --git a/docker/php/Dockerfile b/docker/php/Dockerfile index bbae84fd..962ef695 100644 --- a/docker/php/Dockerfile +++ b/docker/php/Dockerfile @@ -33,8 +33,7 @@ RUN apt-get update && apt-get upgrade -y && apt-get install -y \ && pecl install imagick \ && pecl install -o -f igbinary \ && docker-php-ext-install gd zip opcache intl pdo pdo_mysql mysqli bcmath gettext iconv mbstring curl \ - && docker-php-ext-enable igbinary redis imagick \ - && useradd -MU leftypol + && docker-php-ext-enable igbinary redis imagick COPY --from=composer /usr/bin/composer /usr/bin/composer COPY . /code @@ -43,7 +42,6 @@ RUN /code/docker/common-setup.sh \ && ln -s /code/composer.json /code/composer.lock /var/www/ \ && cd /var/www && composer install -# RUN /code/docker/common-setup.sh php WORKDIR "/var/www" -CMD ["php-fpm"] +CMD [ "php-fpm" ] EXPOSE 9000 diff --git a/docker/php/www.conf b/docker/php/www.conf index 6a7ac20e..0f53aebf 100644 --- a/docker/php/www.conf +++ b/docker/php/www.conf @@ -1,6 +1,6 @@ [www] -user = leftypol -group = leftypol +user = www-data +group = www-data listen = 127.0.0.1:9000 pm = static pm.max_children = 16 From bd3bf7e4f8cf0fbec2b70d59f5200f1e6c16f5ba Mon Sep 17 00:00:00 2001 From: Zankaria Date: Sun, 31 Mar 2024 17:35:31 +0200 Subject: [PATCH 15/45] docker: reduce file permissions --- docker/common-setup.sh | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/docker/common-setup.sh b/docker/common-setup.sh index 3530c97c..3b61b712 100755 --- a/docker/common-setup.sh +++ b/docker/common-setup.sh @@ -2,7 +2,7 @@ set -eu -install -m 775 -o www-data -g www-data -d /var/www +install -m 544 -o www-data -g www-data -d /var/www ln -s \ /code/banners/ \ /code/static/ \ @@ -16,16 +16,16 @@ ln -s \ /code/install.sql \ /var/www/ -install -m 775 -o www-data -g www-data -d /var/tmp/leftypol -install -m 775 -o www-data -g www-data -d /var/tmp/leftypol/cache +install -m 540 -o www-data -g www-data -d /var/tmp/leftypol +install -m 540 -o www-data -g www-data -d /var/tmp/leftypol/cache ln -s /var/tmp/leftypol /var/www/tmp -install -m 775 -o www-data -g www-data -d /var/www/js +install -m 544 -o www-data -g www-data -d /var/www/js ln -s /code/js/* /var/www/js/ -install -m 775 -o www-data -g www-data -d /var/www/templates -install -m 775 -o www-data -g www-data -d /var/www/templates/cache +install -m 544 -o www-data -g www-data -d /var/www/templates +install -m 544 -o www-data -g www-data -d /var/www/templates/cache ln -s /code/templates/* /var/www/templates/ -install -m 775 -o www-data -g www-data -d /var/www/inc +install -m 544 -o www-data -g www-data -d /var/www/inc ln -s /code/inc/* /var/www/inc/ From b1b28dcb90279fa82beddb6cf18881b89e36ad90 Mon Sep 17 00:00:00 2001 From: Zankaria Date: Sun, 31 Mar 2024 23:12:19 +0200 Subject: [PATCH 16/45] docker-compose: use local www root --- .dockerignore | 3 +++ .gitignore | 1 + docker-compose.yml | 2 +- 3 files changed, 5 insertions(+), 1 deletion(-) create mode 100644 .dockerignore diff --git a/.dockerignore b/.dockerignore new file mode 100644 index 00000000..60786eb9 --- /dev/null +++ b/.dockerignore @@ -0,0 +1,3 @@ +**/.git +**/.gitignore +/local-www diff --git a/.gitignore b/.gitignore index 220b0e11..9d1640ae 100644 --- a/.gitignore +++ b/.gitignore @@ -44,5 +44,6 @@ Thumbs.db #vichan custom favicon.ico /static/spoiler.png +local-www /vendor/ diff --git a/docker-compose.yml b/docker-compose.yml index 9ae4f02f..cb095748 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -23,7 +23,7 @@ services: context: . dockerfile: ./docker/php/Dockerfile volumes: - - ./:/code + - ./local-www:/var/www - ./docker/php/www.conf:/usr/local/etc/php-fpm.d/www.conf networks: leftchan_net: From 7aca69125f601c34c724f25fa75bf85248d60620 Mon Sep 17 00:00:00 2001 From: Zankaria Date: Sun, 31 Mar 2024 23:17:38 +0200 Subject: [PATCH 17/45] docker: extract the vichan directory and make it optionally exposable --- docker/common-setup.sh | 31 ---------------- docker/doc.md | 4 +++ docker/nginx/Dockerfile | 4 +-- docker/nginx/leftypol.conf | 21 +++++++++-- docker/php/Dockerfile | 26 ++++++++++---- docker/php/bootstrap.sh | 74 ++++++++++++++++++++++++++++++++++++++ 6 files changed, 117 insertions(+), 43 deletions(-) delete mode 100755 docker/common-setup.sh create mode 100644 docker/doc.md create mode 100755 docker/php/bootstrap.sh diff --git a/docker/common-setup.sh b/docker/common-setup.sh deleted file mode 100755 index 3b61b712..00000000 --- a/docker/common-setup.sh +++ /dev/null @@ -1,31 +0,0 @@ -#!/bin/sh - -set -eu - -install -m 544 -o www-data -g www-data -d /var/www -ln -s \ - /code/banners/ \ - /code/static/ \ - /code/stylesheets/ \ - /code/tools/ \ - /code/walls/ \ - /code/*.php \ - /code/404.html \ - /code/LICENSE.* \ - /code/robots.txt \ - /code/install.sql \ - /var/www/ - -install -m 540 -o www-data -g www-data -d /var/tmp/leftypol -install -m 540 -o www-data -g www-data -d /var/tmp/leftypol/cache -ln -s /var/tmp/leftypol /var/www/tmp - -install -m 544 -o www-data -g www-data -d /var/www/js -ln -s /code/js/* /var/www/js/ - -install -m 544 -o www-data -g www-data -d /var/www/templates -install -m 544 -o www-data -g www-data -d /var/www/templates/cache -ln -s /code/templates/* /var/www/templates/ - -install -m 544 -o www-data -g www-data -d /var/www/inc -ln -s /code/inc/* /var/www/inc/ diff --git a/docker/doc.md b/docker/doc.md new file mode 100644 index 00000000..13ad93a6 --- /dev/null +++ b/docker/doc.md @@ -0,0 +1,4 @@ +The `php-fpm` process runs containerized. +The php application always uses `/var/www` as it's work directory and home folder, and if `/var/www` is bind mounted it +is necessary to adjust the path passed via FastCGI to `php-fpm` by changing the root directory to `/var/www`. +This can achieved in nginx by setting the `fastcgi_param SCRIPT_FILENAME` to `/var/www/$fastcgi_script_name;` diff --git a/docker/nginx/Dockerfile b/docker/nginx/Dockerfile index 5fa002d3..d9d4bcc4 100644 --- a/docker/nginx/Dockerfile +++ b/docker/nginx/Dockerfile @@ -2,9 +2,7 @@ FROM nginx:1.25.3-alpine COPY . /code RUN adduser --system www-data \ - && adduser www-data www-data \ - && /code/docker/common-setup.sh - + && adduser www-data www-data CMD [ "nginx", "-g", "daemon off;" ] EXPOSE 80 diff --git a/docker/nginx/leftypol.conf b/docker/nginx/leftypol.conf index 527873c5..1c66e95f 100644 --- a/docker/nginx/leftypol.conf +++ b/docker/nginx/leftypol.conf @@ -6,7 +6,7 @@ server { listen 80 default_server; listen [::]:80 default_server ipv6only=on; server_name leftypol; - root /var/www; + root /var/www/html; add_header X-Frame-Options "SAMEORIGIN"; add_header X-Content-Type-Options "nosniff"; @@ -15,9 +15,24 @@ server { charset utf-8; location ~ ^([^.\?]*[^\/])$ { - try_files $uri @addslash; + try_files $uri @addslash; } + # Expire rules for static content + # Media: images, icons, video, audio, HTC + location ~* \.(?:jpg|jpeg|gif|png|ico|cur|gz|svg|svgz|mp4|ogg|ogv|webm|htc)$ { + expires 1M; + access_log off; + log_not_found off; + add_header Cache-Control "public"; + } + # CSS and Javascript + location ~* \.(?:css|js)$ { + expires 1y; + access_log off; + log_not_found off; + add_header Cache-Control "public"; + } # Expire rules for static content # Media: images, icons, video, audio, HTC location ~* \.(?:jpg|jpeg|gif|png|ico|cur|gz|svg|svgz|mp4|ogg|ogv|webm|htc)$ { @@ -39,7 +54,7 @@ server { } location @addslash { - return 301 $uri/; + return 301 $uri/; } location / { diff --git a/docker/php/Dockerfile b/docker/php/Dockerfile index 962ef695..5734dc1e 100644 --- a/docker/php/Dockerfile +++ b/docker/php/Dockerfile @@ -33,15 +33,29 @@ RUN apt-get update && apt-get upgrade -y && apt-get install -y \ && pecl install imagick \ && pecl install -o -f igbinary \ && docker-php-ext-install gd zip opcache intl pdo pdo_mysql mysqli bcmath gettext iconv mbstring curl \ - && docker-php-ext-enable igbinary redis imagick + && docker-php-ext-enable igbinary redis imagick \ + && rm -rf /var/cache/* \ + && rmdir /var/www/html \ + && install -d -m 744 -o www-data -g www-data /var/www \ + && install -d -m 700 -o www-data -g www-data /var/tmp/leftypol \ + && install -d -m 700 -o www-data -g www-data /var/cache/gen-cache \ + && install -d -m 700 -o www-data -g www-data /var/cache/template-cache -COPY --from=composer /usr/bin/composer /usr/bin/composer +COPY --from=composer /usr/bin/composer /usr/local/bin/composer + +# Copy the bootstrap script. +COPY ./docker/php/bootstrap.sh /usr/local/bin/bootstrap.sh + +# Copy the actual project (use .dockerignore to exclude stuff). COPY . /code -RUN /code/docker/common-setup.sh \ - && ln -s /code/composer.json /code/composer.lock /var/www/ \ - && cd /var/www && composer install +# Make the instance configuration owned by www-data. +# Make it writable by php. +# Install the compose depedencies. +RUN chown www-data /code/inc/instance-config.php && chgrp www-data /code/inc/instance-config.php \ + && chmod 660 /code/inc/instance-config.php \ + && cd /code && composer install WORKDIR "/var/www" -CMD [ "php-fpm" ] +CMD [ "bootstrap.sh" ] EXPOSE 9000 diff --git a/docker/php/bootstrap.sh b/docker/php/bootstrap.sh new file mode 100755 index 00000000..cc5390dc --- /dev/null +++ b/docker/php/bootstrap.sh @@ -0,0 +1,74 @@ +#!/bin/sh + +set -eu + +if ! mountpoint -q /var/www; then + echo "WARNING: '/var/www' is not a mountpoint. All the data will remain inside the container!" +fi + +if [ ! -w /var/www ] ; then + echo "ERROR: '/var/www' is not writable. Closing." + exit 1 +fi + +# Link the entrypoints from the exposed directory. +ln -nfs \ + /code/banners/ \ + /code/static/ \ + /code/stylesheets/ \ + /code/tools/ \ + /code/walls/ \ + /code/*.php \ + /code/LICENSE.* \ + /code/404.html \ + /code/install.sql \ + /var/www/ +# Ensure correct permissions are set, since this might be bind mount. +chown www-data /var/www +chgrp www-data /var/www + +# Initialize robots.txt with the default if it doesn't exist. +cp -n /code/robots.txt /var/www + +# Link the cache and tmp files directory. +ln -nfs /var/tmp/leftypol /var/www/tmp + +# Link the javascript directory. +ln -nfs /code/js /var/www/ + +# Link the html templates directory and it's cache. +ln -nfs /code/templates /var/www/ +ln -nfs -T /var/cache/template-cache /var/www/templates/cache +chown -h www-data /var/www/templates/cache +chgrp -h www-data /var/www/templates/cache + +# Link the generic cache. +ln -nfs -T /var/cache/gen-cache /var/www/tmp/cache +chown -h www-data /var/www/tmp/cache +chgrp -h www-data /var/www/tmp/cache + +# Create the included files directory and link them +install -d -m 700 -o www-data -g www-data /var/www/inc +for file in /code/inc/*; do + file="${file##*/}" + if [ ! -e /var/www/inc/$file ]; then + ln -s /code/inc/$file /var/www/inc/ + fi +done +# Copy an empty instance configuration if the file is a link (it was linked because it did not exist before). +if [ -L '/var/www/inc/instance-config.php' ]; then + echo 'INFO: Resetting instance configuration' + rm /var/www/inc/instance-config.php + cp /code/inc/instance-config.php /var/www/inc/instance-config.php + chown www-data /var/www/inc/instance-config.php + chgrp www-data /var/www/inc/instance-config.php + chmod 600 /var/www/inc/instance-config.php +else + echo 'INFO: Using existing instance configuration' +fi + +# Link the composer dependencies. +ln -nfs /code/vendor /var/www/ + +# Start the php-fpm server. +exec php-fpm From efdf93e3dde39bcfbf03e7328047605ac4976713 Mon Sep 17 00:00:00 2001 From: Zankaria Date: Sun, 7 Apr 2024 17:38:00 +0200 Subject: [PATCH 18/45] template.php: trim --- inc/template.php | 22 +++++++++++----------- 1 file changed, 11 insertions(+), 11 deletions(-) diff --git a/inc/template.php b/inc/template.php index 0362111c..11e74b7c 100644 --- a/inc/template.php +++ b/inc/template.php @@ -28,17 +28,17 @@ function load_twig() { function Element($templateFile, array $options) { global $config, $debug, $twig, $build_pages; - + if (!$twig) load_twig(); - + if (function_exists('create_pm_header') && ((isset($options['mod']) && $options['mod']) || isset($options['__mod'])) && !preg_match('!^mod/!', $templateFile)) { $options['pm'] = create_pm_header(); } - + if (isset($options['body']) && $config['debug']) { $_debug = $debug; - + if (isset($debug['start'])) { $_debug['time']['total'] = '~' . round((microtime(true) - $_debug['start']) * 1000, 2) . 'ms'; $_debug['time']['init'] = '~' . round(($_debug['start_debug'] - $_debug['start']) * 1000, 2) . 'ms'; @@ -56,15 +56,15 @@ function Element($templateFile, array $options) { str_replace("\n", '
', utf8tohtml(print_r($_debug, true))) . ''; } - + // Read the template file if (@file_get_contents("{$config['dir']['template']}/${templateFile}")) { $body = $twig->render($templateFile, $options); - + if ($config['minify_html'] && preg_match('/\.html$/', $templateFile)) { $body = trim(preg_replace("/[\t\r\n]/", '', $body)); } - + return $body; } else { throw new Exception("Template file '${templateFile}' does not exist or is empty in '{$config['dir']['template']}'!"); @@ -102,7 +102,7 @@ class Tinyboard extends Twig\Extension\AbstractExtension new Twig\TwigFilter('cloak_mask', 'cloak_mask'), ); } - + /** * Returns a list of functions to add to the existing list. * @@ -122,7 +122,7 @@ class Tinyboard extends Twig\Extension\AbstractExtension new Twig\TwigFunction('link_for', 'link_for') ); } - + /** * Returns the name of the extension. * @@ -154,7 +154,7 @@ function twig_hasPermission_filter($mod, $permission, $board = null) { function twig_extension_filter($value, $case_insensitive = true) { $ext = mb_substr($value, mb_strrpos($value, '.') + 1); if($case_insensitive) - $ext = mb_strtolower($ext); + $ext = mb_strtolower($ext); return $ext; } @@ -179,7 +179,7 @@ function twig_filename_truncate_filter($value, $length = 30, $separator = '…') $value = strrev($value); $array = array_reverse(explode(".", $value, 2)); $array = array_map("strrev", $array); - + $filename = &$array[0]; $extension = isset($array[1]) ? $array[1] : false; From 3de9fa24dd133d55731bee75bb790e677b63b4c6 Mon Sep 17 00:00:00 2001 From: Zankaria Date: Sun, 31 Mar 2024 23:10:07 +0200 Subject: [PATCH 19/45] template.php install.php: handle cache directory being a symlink --- inc/template.php | 6 ++++-- install.php | 5 ++--- 2 files changed, 6 insertions(+), 5 deletions(-) diff --git a/inc/template.php b/inc/template.php index 11e74b7c..26ba6cc0 100644 --- a/inc/template.php +++ b/inc/template.php @@ -11,12 +11,14 @@ $twig = false; function load_twig() { global $twig, $config; + $cache_dir = "{$config['dir']['template']}/cache/"; + $loader = new Twig\Loader\FilesystemLoader($config['dir']['template']); $loader->setPaths($config['dir']['template']); $twig = new Twig\Environment($loader, array( 'autoescape' => false, - 'cache' => is_writable('templates') || (is_dir('templates/cache') && is_writable('templates/cache')) ? - new Twig_Cache_TinyboardFilesystem("{$config['dir']['template']}/cache") : false, + 'cache' => is_writable('templates/') || (is_dir($cache_dir) && is_writable($cache_dir)) ? + new Twig_Cache_TinyboardFilesystem($cache_dir) : false, 'debug' => $config['debug'], 'auto_reload' => $config['twig_auto_reload'] )); diff --git a/install.php b/install.php index c174771b..cb2a44cd 100644 --- a/install.php +++ b/install.php @@ -856,14 +856,14 @@ if ($step == 0) { array( 'category' => 'File permissions', 'name' => getcwd() . '/templates/cache', - 'result' => is_writable('templates') || (is_dir('templates/cache') && is_writable('templates/cache')), + 'result' => is_dir('templates/cache/') && is_writable('templates/cache/'), 'required' => true, 'message' => 'You must give vichan permission to create (and write to) the templates/cache directory or performance will be drastically reduced.' ), array( 'category' => 'File permissions', 'name' => getcwd() . '/tmp/cache', - 'result' => is_dir('tmp/cache') && is_writable('tmp/cache'), + 'result' => is_dir('tmp/cache/') && is_writable('tmp/cache/'), 'required' => true, 'message' => 'You must give vichan permission to write to the tmp/cache directory.' ), @@ -1032,4 +1032,3 @@ if ($step == 0) { echo Element('page.html', $page); } - From 8799c142b0026b06d12acf0657405ddec9842924 Mon Sep 17 00:00:00 2001 From: Zankaria Date: Thu, 4 Apr 2024 17:05:27 +0200 Subject: [PATCH 20/45] install.php: check that secrets.php is writable --- install.php | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/install.php b/install.php index cb2a44cd..0d17d0da 100644 --- a/install.php +++ b/install.php @@ -5,6 +5,11 @@ define('VERSION', '5.1.4'); require 'inc/bootstrap.php'; loadConfig(); +if (!is_writable('inc/secrets.php')) { + echo 'install.php does not have permission to write to /inc/secrets.php, without permission the installer cannot continue'; + exit(); +} + // Salt generators class SaltGen { public $salt_length = 128; From 2af07d006bf998392da6dfe17443984df3d14ce9 Mon Sep 17 00:00:00 2001 From: Zankaria Date: Thu, 4 Apr 2024 17:33:22 +0200 Subject: [PATCH 21/45] docker: create empty robots.txt --- docker/php/bootstrap.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docker/php/bootstrap.sh b/docker/php/bootstrap.sh index cc5390dc..5aaec0b2 100755 --- a/docker/php/bootstrap.sh +++ b/docker/php/bootstrap.sh @@ -27,8 +27,8 @@ ln -nfs \ chown www-data /var/www chgrp www-data /var/www -# Initialize robots.txt with the default if it doesn't exist. -cp -n /code/robots.txt /var/www +# Initialize an empty robots.txt with the default if it doesn't exist. +touch /var/www/robots.txt # Link the cache and tmp files directory. ln -nfs /var/tmp/leftypol /var/www/tmp From 1fed05c5ee07d4798ec4f9d7100892714509b2b6 Mon Sep 17 00:00:00 2001 From: Zankaria Date: Thu, 4 Apr 2024 17:41:03 +0200 Subject: [PATCH 22/45] docker: ignore empty gitkeep directories --- .dockerignore | 1 + 1 file changed, 1 insertion(+) diff --git a/.dockerignore b/.dockerignore index 60786eb9..1b82198d 100644 --- a/.dockerignore +++ b/.dockerignore @@ -1,3 +1,4 @@ **/.git **/.gitignore /local-www +**/.gitkeep From c058ec12f998196e375cdab0eae31c8863119d11 Mon Sep 17 00:00:00 2001 From: Zankaria Date: Thu, 4 Apr 2024 17:41:31 +0200 Subject: [PATCH 23/45] Remove template/cache directory --- templates/cache/.gitkeep | 1 - 1 file changed, 1 deletion(-) delete mode 100644 templates/cache/.gitkeep diff --git a/templates/cache/.gitkeep b/templates/cache/.gitkeep deleted file mode 100644 index 8b137891..00000000 --- a/templates/cache/.gitkeep +++ /dev/null @@ -1 +0,0 @@ - From eb01768191d7ff6f49f8f83bae9e634174ce3c42 Mon Sep 17 00:00:00 2001 From: Zankaria Date: Thu, 4 Apr 2024 17:42:37 +0200 Subject: [PATCH 24/45] docker: use less used port for compose --- docker-compose.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docker-compose.yml b/docker-compose.yml index cb095748..c50f95aa 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -5,7 +5,7 @@ services: context: . dockerfile: ./docker/nginx/Dockerfile ports: - - "8080:80" + - "9090:80" depends_on: - db volumes: From 79183ae8e6a32a77d40196784a117e593623141a Mon Sep 17 00:00:00 2001 From: Zankaria Date: Thu, 4 Apr 2024 23:57:25 +0200 Subject: [PATCH 25/45] docker: handle secrets.php --- docker/php/bootstrap.sh | 5 +++++ install.php | 4 ++-- 2 files changed, 7 insertions(+), 2 deletions(-) diff --git a/docker/php/bootstrap.sh b/docker/php/bootstrap.sh index 5aaec0b2..006eea80 100755 --- a/docker/php/bootstrap.sh +++ b/docker/php/bootstrap.sh @@ -30,6 +30,11 @@ chgrp www-data /var/www # Initialize an empty robots.txt with the default if it doesn't exist. touch /var/www/robots.txt +# Initialize an empty writable secrests.php with the default if it doesn't exist. +touch /var/www/inc/secrets.php +chown www-data /var/www/inc/secrets.php +chgrp www-data /var/www/inc/secrets.php + # Link the cache and tmp files directory. ln -nfs /var/tmp/leftypol /var/www/tmp diff --git a/install.php b/install.php index 0d17d0da..696543a3 100644 --- a/install.php +++ b/install.php @@ -5,8 +5,8 @@ define('VERSION', '5.1.4'); require 'inc/bootstrap.php'; loadConfig(); -if (!is_writable('inc/secrets.php')) { - echo 'install.php does not have permission to write to /inc/secrets.php, without permission the installer cannot continue'; +if (!is_writable('inc/secrets.php') || !is_writable('inc/')) { + echo 'install.php does not have permission to write to /inc/secrets.php and/or /inc/, without permission the installer cannot continue'; exit(); } From 9d9804db138ac1cc80f616663728df4ffa4776af Mon Sep 17 00:00:00 2001 From: Zankaria Date: Fri, 5 Apr 2024 00:45:26 +0200 Subject: [PATCH 26/45] docker: compose mount local-www as root directory in nginx --- docker-compose.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docker-compose.yml b/docker-compose.yml index c50f95aa..7383781b 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -9,7 +9,7 @@ services: depends_on: - db volumes: - - ./:/code + - ./local-www:/var/www/html - ./docker/nginx/leftypol.conf:/etc/nginx/conf.d/default.conf - ./docker/nginx/nginx.conf:/etc/nginx/nginx.conf - ./docker/nginx/proxy.conf:/etc/nginx/conf.d/proxy.conf From 711e824153985a0210b9e953314dcfc0272e2138 Mon Sep 17 00:00:00 2001 From: Zankaria Date: Sun, 7 Apr 2024 13:16:33 +0200 Subject: [PATCH 27/45] docker: remove lainchan branding from compose file --- docker-compose.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docker-compose.yml b/docker-compose.yml index 7383781b..319e0dff 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -37,8 +37,8 @@ services: ports: - "3306:3306" environment: - MYSQL_DATABASE: lainchan - MYSQL_ROOT_PASSWORD: M9q5lO0RxJVh + MYSQL_DATABASE: vichan + MYSQL_ROOT_PASSWORD: test-database networks: leftchan_net: ipv4_address: 172.20.0.2 From 5bdbe49f3836f19ad239c6b85eb8062e88c80fd4 Mon Sep 17 00:00:00 2001 From: Zankaria Date: Sun, 7 Apr 2024 13:17:17 +0200 Subject: [PATCH 28/45] docker: move image to alpine linux --- docker/php/Dockerfile | 90 ++++++++++++++++++++++++++++--------------- 1 file changed, 60 insertions(+), 30 deletions(-) diff --git a/docker/php/Dockerfile b/docker/php/Dockerfile index 5734dc1e..e3bd206f 100644 --- a/docker/php/Dockerfile +++ b/docker/php/Dockerfile @@ -1,43 +1,73 @@ # Based on https://github.com/dead-guru/devichan/blob/master/php-fpm/Dockerfile FROM composer AS composer -FROM php:8.1-fpm-bullseye +FROM php:8.1-fpm-alpine -RUN apt-get update && apt-get upgrade -y && apt-get install -y \ - zlib1g-dev libicu-dev g++ \ - libjpeg62-turbo-dev \ - libzip-dev \ - libpng-dev \ - libwebp-dev \ - libfreetype6-dev \ - libxml2-dev \ - git \ - zip \ - ffmpeg \ - libonig-dev \ - unzip \ - libcurl4-openssl-dev \ - libmagickwand-dev \ - gifsicle \ - graphicsmagick \ - gettext \ - imagemagick \ - locales locales-all \ - libmagickwand-dev \ - libmcrypt-dev \ +RUN apk add --no-cache \ + zlib \ + zlib-dev \ + libpng \ + libpng-dev \ + libjpeg-turbo \ + libjpeg-turbo-dev \ + libwebp \ + libwebp-dev \ + libcurl \ + curl-dev \ + imagemagick \ + graphicsmagick \ + gifsicle \ + ffmpeg \ + bind-tools \ + gettext \ + gettext-dev \ + icu-dev \ + oniguruma \ + oniguruma-dev \ + libmcrypt \ + libmcrypt-dev \ + lz4-libs \ + lz4-dev \ + imagemagick-dev \ + pcre-dev \ + $PHPIZE_DEPS \ && docker-php-ext-configure gd \ --with-webp=/usr/include/webp \ --with-jpeg=/usr/include \ - --with-freetype=/usr/include/freetype2/ \ + && docker-php-ext-install -j$(nproc) \ + gd \ + curl \ + bcmath \ + opcache \ + pdo_mysql \ + gettext \ + intl \ + mbstring \ + && pecl update-channels \ + && pecl install -o -f igbinary \ && pecl install redis \ && pecl install imagick \ - && pecl install -o -f igbinary \ - && docker-php-ext-install gd zip opcache intl pdo pdo_mysql mysqli bcmath gettext iconv mbstring curl \ - && docker-php-ext-enable igbinary redis imagick \ - && rm -rf /var/cache/* \ - && rmdir /var/www/html \ + $$ docker-php-ext-enable \ + igbinary \ + redis \ + imagick \ + && apk del \ + zlib-dev \ + libpng-dev \ + libjpeg-turbo-dev \ + libwebp-dev \ + curl-dev \ + gettext-dev \ + oniguruma-dev \ + libmcrypt-dev \ + lz4-dev \ + imagemagick-dev \ + pcre-dev \ + $PHPIZE_DEPS \ + && rm -rf /var/cache/* +RUN rmdir /var/www/html \ && install -d -m 744 -o www-data -g www-data /var/www \ - && install -d -m 700 -o www-data -g www-data /var/tmp/leftypol \ + && install -d -m 700 -o www-data -g www-data /var/tmp/vichan \ && install -d -m 700 -o www-data -g www-data /var/cache/gen-cache \ && install -d -m 700 -o www-data -g www-data /var/cache/template-cache From d117619ce6170ea6b4695fd359fa09b1503e4291 Mon Sep 17 00:00:00 2001 From: Zankaria Date: Sun, 7 Apr 2024 13:18:38 +0200 Subject: [PATCH 29/45] docker: boostrap script handle secrets.php, copy static files --- docker/php/bootstrap.sh | 39 +++++++++++++++++++++------------------ 1 file changed, 21 insertions(+), 18 deletions(-) diff --git a/docker/php/bootstrap.sh b/docker/php/bootstrap.sh index 006eea80..5436b2c2 100755 --- a/docker/php/bootstrap.sh +++ b/docker/php/bootstrap.sh @@ -2,6 +2,19 @@ set -eu +function set_cfg() { + if [ -L "/var/www/inc/$1" ]; then + echo "INFO: Resetting $1" + rm "/var/www/inc/$1" + cp "/code/inc/$1" "/var/www/inc/$1" + chown www-data "/var/www/inc/$1" + chgrp www-data "/var/www/inc/$1" + chmod 600 "/var/www/inc/$1" + else + echo "INFO: Using existing $1" + fi +} + if ! mountpoint -q /var/www; then echo "WARNING: '/var/www' is not a mountpoint. All the data will remain inside the container!" fi @@ -14,8 +27,6 @@ fi # Link the entrypoints from the exposed directory. ln -nfs \ /code/banners/ \ - /code/static/ \ - /code/stylesheets/ \ /code/tools/ \ /code/walls/ \ /code/*.php \ @@ -23,6 +34,10 @@ ln -nfs \ /code/404.html \ /code/install.sql \ /var/www/ +# Static files accessible from the webserver must be copied. +cp -ur /code/static /var/www/ +cp -ur /code/stylesheets /var/www/ + # Ensure correct permissions are set, since this might be bind mount. chown www-data /var/www chgrp www-data /var/www @@ -30,13 +45,8 @@ chgrp www-data /var/www # Initialize an empty robots.txt with the default if it doesn't exist. touch /var/www/robots.txt -# Initialize an empty writable secrests.php with the default if it doesn't exist. -touch /var/www/inc/secrets.php -chown www-data /var/www/inc/secrets.php -chgrp www-data /var/www/inc/secrets.php - # Link the cache and tmp files directory. -ln -nfs /var/tmp/leftypol /var/www/tmp +ln -nfs /var/tmp/vichan /var/www/tmp # Link the javascript directory. ln -nfs /code/js /var/www/ @@ -60,17 +70,10 @@ for file in /code/inc/*; do ln -s /code/inc/$file /var/www/inc/ fi done + # Copy an empty instance configuration if the file is a link (it was linked because it did not exist before). -if [ -L '/var/www/inc/instance-config.php' ]; then - echo 'INFO: Resetting instance configuration' - rm /var/www/inc/instance-config.php - cp /code/inc/instance-config.php /var/www/inc/instance-config.php - chown www-data /var/www/inc/instance-config.php - chgrp www-data /var/www/inc/instance-config.php - chmod 600 /var/www/inc/instance-config.php -else - echo 'INFO: Using existing instance configuration' -fi +set_cfg 'instance-config.php' +set_cfg 'secrets.php' # Link the composer dependencies. ln -nfs /code/vendor /var/www/ From 729219a3c4444896b81dc58ae96b03d288739db3 Mon Sep 17 00:00:00 2001 From: Zankaria Date: Sun, 7 Apr 2024 18:20:34 +0200 Subject: [PATCH 30/45] docker: bootstrap remove leftypol specific files --- docker/php/bootstrap.sh | 3 --- 1 file changed, 3 deletions(-) diff --git a/docker/php/bootstrap.sh b/docker/php/bootstrap.sh index 5436b2c2..6d6b5c15 100755 --- a/docker/php/bootstrap.sh +++ b/docker/php/bootstrap.sh @@ -26,12 +26,9 @@ fi # Link the entrypoints from the exposed directory. ln -nfs \ - /code/banners/ \ /code/tools/ \ - /code/walls/ \ /code/*.php \ /code/LICENSE.* \ - /code/404.html \ /code/install.sql \ /var/www/ # Static files accessible from the webserver must be copied. From 5a5d31533006cd70ce4ce22e57aad093dbcdcee7 Mon Sep 17 00:00:00 2001 From: Zankaria Date: Sun, 7 Apr 2024 13:20:58 +0200 Subject: [PATCH 31/45] docker: remove leftypol branding from nginx compose --- docker-compose.yml | 2 +- docker/nginx/{leftypol.conf => vichan.conf} | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) rename docker/nginx/{leftypol.conf => vichan.conf} (96%) diff --git a/docker-compose.yml b/docker-compose.yml index 319e0dff..6bb99192 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -10,7 +10,7 @@ services: - db volumes: - ./local-www:/var/www/html - - ./docker/nginx/leftypol.conf:/etc/nginx/conf.d/default.conf + - ./docker/nginx/vichan.conf:/etc/nginx/conf.d/default.conf - ./docker/nginx/nginx.conf:/etc/nginx/nginx.conf - ./docker/nginx/proxy.conf:/etc/nginx/conf.d/proxy.conf networks: diff --git a/docker/nginx/leftypol.conf b/docker/nginx/vichan.conf similarity index 96% rename from docker/nginx/leftypol.conf rename to docker/nginx/vichan.conf index 1c66e95f..ea46476e 100644 --- a/docker/nginx/leftypol.conf +++ b/docker/nginx/vichan.conf @@ -5,7 +5,7 @@ upstream php-upstream { server { listen 80 default_server; listen [::]:80 default_server ipv6only=on; - server_name leftypol; + server_name vichan; root /var/www/html; add_header X-Frame-Options "SAMEORIGIN"; add_header X-Content-Type-Options "nosniff"; @@ -64,7 +64,7 @@ server { client_max_body_size 2G; location ~ \.php$ { - proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $remote_addr; proxy_set_header X-Request-Id $x_request_id; proxy_set_header X-Forwarded-Host $host; From f8ea32376e76ef0017481ce370cbb0ed45d0f442 Mon Sep 17 00:00:00 2001 From: Zankaria Date: Wed, 10 Apr 2024 16:05:30 +0200 Subject: [PATCH 32/45] docker: remove leftchan references from compose --- docker-compose.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/docker-compose.yml b/docker-compose.yml index 6bb99192..f1429037 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -14,7 +14,7 @@ services: - ./docker/nginx/nginx.conf:/etc/nginx/nginx.conf - ./docker/nginx/proxy.conf:/etc/nginx/conf.d/proxy.conf networks: - leftchan_net: + vichan_net: ipv4_address: 172.20.0.3 links: - php @@ -26,7 +26,7 @@ services: - ./local-www:/var/www - ./docker/php/www.conf:/usr/local/etc/php-fpm.d/www.conf networks: - leftchan_net: + vichan_net: ipv4_address: 172.20.0.4 #MySQL Service db: @@ -40,12 +40,12 @@ services: MYSQL_DATABASE: vichan MYSQL_ROOT_PASSWORD: test-database networks: - leftchan_net: + vichan_net: ipv4_address: 172.20.0.2 #Docker Networks networks: - leftchan_net: + vichan_net: ipam: driver: default config: From 050bc59588b03754b7c7ab566fe852bea31bc5b1 Mon Sep 17 00:00:00 2001 From: Zankaria Date: Wed, 10 Apr 2024 16:06:20 +0200 Subject: [PATCH 33/45] docker: enable JIT by default on compose --- docker-compose.yml | 1 + docker/php/jit.ini | 2 ++ 2 files changed, 3 insertions(+) create mode 100644 docker/php/jit.ini diff --git a/docker-compose.yml b/docker-compose.yml index f1429037..c261562f 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -25,6 +25,7 @@ services: volumes: - ./local-www:/var/www - ./docker/php/www.conf:/usr/local/etc/php-fpm.d/www.conf + - ./docker/php/jit.ini:/usr/local/etc/php/conf.d/jit.ini networks: vichan_net: ipv4_address: 172.20.0.4 diff --git a/docker/php/jit.ini b/docker/php/jit.ini new file mode 100644 index 00000000..ecfb44c5 --- /dev/null +++ b/docker/php/jit.ini @@ -0,0 +1,2 @@ +opcache.jit_buffer_size=192M +opcache.jit=tracing From 575b265c743ee35dd5b4d351b5e1f551b436a05d Mon Sep 17 00:00:00 2001 From: Zankaria Date: Wed, 10 Apr 2024 16:06:56 +0200 Subject: [PATCH 34/45] docker: adjust php-fpm pool log config on compose --- docker/php/www.conf | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/docker/php/www.conf b/docker/php/www.conf index 0f53aebf..6e78ad26 100644 --- a/docker/php/www.conf +++ b/docker/php/www.conf @@ -1,6 +1,13 @@ [www] +access.log = /proc/self/fd/2 + +; Ensure worker stdout and stderr are sent to the main error log. +catch_workers_output = yes +decorate_workers_output = no + user = www-data group = www-data + listen = 127.0.0.1:9000 pm = static pm.max_children = 16 From fb191a0ffda34e90c10879ff7b3ae8c10cc9f48f Mon Sep 17 00:00:00 2001 From: Zankaria Date: Wed, 10 Apr 2024 17:17:46 +0200 Subject: [PATCH 35/45] docker: change compose database root password --- docker-compose.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docker-compose.yml b/docker-compose.yml index c261562f..240d0e88 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -39,7 +39,7 @@ services: - "3306:3306" environment: MYSQL_DATABASE: vichan - MYSQL_ROOT_PASSWORD: test-database + MYSQL_ROOT_PASSWORD: password networks: vichan_net: ipv4_address: 172.20.0.2 From 5c99b0f4f3e0017e3a799fde7142d22947e57598 Mon Sep 17 00:00:00 2001 From: Zankaria Date: Fri, 12 Apr 2024 17:10:19 +0200 Subject: [PATCH 36/45] docker: enable profiling with xdebug --- docker-compose.yml | 3 ++- docker/php/Dockerfile.profile | 16 ++++++++++++++++ docker/php/bootstrap.sh | 8 ++++++++ docker/php/xdebug-prof.ini | 7 +++++++ 4 files changed, 33 insertions(+), 1 deletion(-) create mode 100644 docker/php/Dockerfile.profile create mode 100644 docker/php/xdebug-prof.ini diff --git a/docker-compose.yml b/docker-compose.yml index 240d0e88..47ab8d7b 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -21,11 +21,12 @@ services: php: build: context: . - dockerfile: ./docker/php/Dockerfile + dockerfile: ./docker/php/Dockerfile.profile volumes: - ./local-www:/var/www - ./docker/php/www.conf:/usr/local/etc/php-fpm.d/www.conf - ./docker/php/jit.ini:/usr/local/etc/php/conf.d/jit.ini + - ./docker/php/xdebug-prof.ini:/usr/local/etc/php/conf.d/xdebug-prof.ini networks: vichan_net: ipv4_address: 172.20.0.4 diff --git a/docker/php/Dockerfile.profile b/docker/php/Dockerfile.profile new file mode 100644 index 00000000..ad2019ab --- /dev/null +++ b/docker/php/Dockerfile.profile @@ -0,0 +1,16 @@ +# syntax = devthefuture/dockerfile-x +INCLUDE ./docker/php/Dockerfile + +RUN apk add --no-cache \ + linux-headers \ + $PHPIZE_DEPS \ + && pecl update-channels \ + && pecl install xdebug \ + && docker-php-ext-enable xdebug \ + && apk del \ + linux-headers \ + $PHPIZE_DEPS \ + && rm -rf /var/cache/* + +ENV XDEBUG_OUT_DIR=/var/www/xdebug_out +CMD [ "bootstrap.sh" ] \ No newline at end of file diff --git a/docker/php/bootstrap.sh b/docker/php/bootstrap.sh index 6d6b5c15..4ee088ba 100755 --- a/docker/php/bootstrap.sh +++ b/docker/php/bootstrap.sh @@ -24,6 +24,14 @@ if [ ! -w /var/www ] ; then exit 1 fi +if [ -z "$XDEBUG_OUT_DIR" ] ; then + echo "INFO: Initializing xdebug out directory at $XDEBUG_OUT_DIR" + mkdir -p "$XDEBUG_OUT_DIR" + chown www-data "$XDEBUG_OUT_DIR" + chgrp www-data "$XDEBUG_OUT_DIR" + chmod 755 "$XDEBUG_OUT_DIR" +fi + # Link the entrypoints from the exposed directory. ln -nfs \ /code/tools/ \ diff --git a/docker/php/xdebug-prof.ini b/docker/php/xdebug-prof.ini new file mode 100644 index 00000000..c6dc008e --- /dev/null +++ b/docker/php/xdebug-prof.ini @@ -0,0 +1,7 @@ +zend_extension=xdebug + +[xdebug] +xdebug.mode = profile +xdebug.start_with_request = start +error_reporting = E_ALL +xdebug.output_dir = /var/www/xdebug_out From fbbdb5afd6bb1a581bcaedeb2e2baba54d4769fc Mon Sep 17 00:00:00 2001 From: Zankaria Date: Tue, 16 Apr 2024 20:49:31 +0200 Subject: [PATCH 37/45] docker: fix variable checking in bootstrapping script --- docker/php/bootstrap.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docker/php/bootstrap.sh b/docker/php/bootstrap.sh index 4ee088ba..cc3f43d0 100755 --- a/docker/php/bootstrap.sh +++ b/docker/php/bootstrap.sh @@ -24,7 +24,7 @@ if [ ! -w /var/www ] ; then exit 1 fi -if [ -z "$XDEBUG_OUT_DIR" ] ; then +if [ -z "${XDEBUG_OUT_DIR:-''}" ] ; then echo "INFO: Initializing xdebug out directory at $XDEBUG_OUT_DIR" mkdir -p "$XDEBUG_OUT_DIR" chown www-data "$XDEBUG_OUT_DIR" From 107592f70ce1916ca994da2d63f012938645b55e Mon Sep 17 00:00:00 2001 From: Zankaria Date: Tue, 16 Apr 2024 20:50:27 +0200 Subject: [PATCH 38/45] docker: simplify composer file --- docker-compose.yml | 19 ++----------------- 1 file changed, 2 insertions(+), 17 deletions(-) diff --git a/docker-compose.yml b/docker-compose.yml index 47ab8d7b..a531be88 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -13,11 +13,9 @@ services: - ./docker/nginx/vichan.conf:/etc/nginx/conf.d/default.conf - ./docker/nginx/nginx.conf:/etc/nginx/nginx.conf - ./docker/nginx/proxy.conf:/etc/nginx/conf.d/proxy.conf - networks: - vichan_net: - ipv4_address: 172.20.0.3 links: - php + php: build: context: . @@ -27,9 +25,7 @@ services: - ./docker/php/www.conf:/usr/local/etc/php-fpm.d/www.conf - ./docker/php/jit.ini:/usr/local/etc/php/conf.d/jit.ini - ./docker/php/xdebug-prof.ini:/usr/local/etc/php/conf.d/xdebug-prof.ini - networks: - vichan_net: - ipv4_address: 172.20.0.4 + #MySQL Service db: image: mysql:8.0.35 @@ -41,14 +37,3 @@ services: environment: MYSQL_DATABASE: vichan MYSQL_ROOT_PASSWORD: password - networks: - vichan_net: - ipv4_address: 172.20.0.2 - -#Docker Networks -networks: - vichan_net: - ipam: - driver: default - config: - - subnet: 172.20.0.0/16 From f161de3d5744a90dc333b083715fa2fb30ae65b3 Mon Sep 17 00:00:00 2001 From: Zankaria Date: Tue, 16 Apr 2024 20:51:13 +0200 Subject: [PATCH 39/45] docker: format compose file --- docker-compose.yml | 44 ++++++++++++++++++++++---------------------- 1 file changed, 22 insertions(+), 22 deletions(-) diff --git a/docker-compose.yml b/docker-compose.yml index a531be88..b32a3ae8 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -1,30 +1,30 @@ services: #nginx webserver + php 8.x web: - build: - context: . - dockerfile: ./docker/nginx/Dockerfile - ports: - - "9090:80" - depends_on: - - db - volumes: - - ./local-www:/var/www/html - - ./docker/nginx/vichan.conf:/etc/nginx/conf.d/default.conf - - ./docker/nginx/nginx.conf:/etc/nginx/nginx.conf - - ./docker/nginx/proxy.conf:/etc/nginx/conf.d/proxy.conf - links: - - php + build: + context: . + dockerfile: ./docker/nginx/Dockerfile + ports: + - "9090:80" + depends_on: + - db + volumes: + - ./local-www:/var/www/html + - ./docker/nginx/vichan.conf:/etc/nginx/conf.d/default.conf + - ./docker/nginx/nginx.conf:/etc/nginx/nginx.conf + - ./docker/nginx/proxy.conf:/etc/nginx/conf.d/proxy.conf + links: + - php php: - build: - context: . - dockerfile: ./docker/php/Dockerfile.profile - volumes: - - ./local-www:/var/www - - ./docker/php/www.conf:/usr/local/etc/php-fpm.d/www.conf - - ./docker/php/jit.ini:/usr/local/etc/php/conf.d/jit.ini - - ./docker/php/xdebug-prof.ini:/usr/local/etc/php/conf.d/xdebug-prof.ini + build: + context: . + dockerfile: ./docker/php/Dockerfile.profile + volumes: + - ./local-www:/var/www + - ./docker/php/www.conf:/usr/local/etc/php-fpm.d/www.conf + - ./docker/php/jit.ini:/usr/local/etc/php/conf.d/jit.ini + - ./docker/php/xdebug-prof.ini:/usr/local/etc/php/conf.d/xdebug-prof.ini #MySQL Service db: From bf4f388a042e4ab659530f46dec1b3df7a32d847 Mon Sep 17 00:00:00 2001 From: Zankaria Date: Tue, 16 Apr 2024 20:51:37 +0200 Subject: [PATCH 40/45] docker: make non-profile the default compose setting --- docker-compose.yml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/docker-compose.yml b/docker-compose.yml index b32a3ae8..f0170c7b 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -19,12 +19,11 @@ services: php: build: context: . - dockerfile: ./docker/php/Dockerfile.profile + dockerfile: ./docker/php/Dockerfile volumes: - ./local-www:/var/www - ./docker/php/www.conf:/usr/local/etc/php-fpm.d/www.conf - ./docker/php/jit.ini:/usr/local/etc/php/conf.d/jit.ini - - ./docker/php/xdebug-prof.ini:/usr/local/etc/php/conf.d/xdebug-prof.ini #MySQL Service db: From 024f9553388050a36738668e6a04bbc3083447a3 Mon Sep 17 00:00:00 2001 From: Zankaria Date: Tue, 16 Apr 2024 21:03:47 +0200 Subject: [PATCH 41/45] docker: remove special handling of instance-config.php from build --- docker/php/Dockerfile | 10 +++------- 1 file changed, 3 insertions(+), 7 deletions(-) diff --git a/docker/php/Dockerfile b/docker/php/Dockerfile index e3bd206f..0e2f741d 100644 --- a/docker/php/Dockerfile +++ b/docker/php/Dockerfile @@ -71,20 +71,16 @@ RUN rmdir /var/www/html \ && install -d -m 700 -o www-data -g www-data /var/cache/gen-cache \ && install -d -m 700 -o www-data -g www-data /var/cache/template-cache -COPY --from=composer /usr/bin/composer /usr/local/bin/composer - # Copy the bootstrap script. COPY ./docker/php/bootstrap.sh /usr/local/bin/bootstrap.sh +COPY --from=composer /usr/bin/composer /usr/local/bin/composer + # Copy the actual project (use .dockerignore to exclude stuff). COPY . /code -# Make the instance configuration owned by www-data. -# Make it writable by php. # Install the compose depedencies. -RUN chown www-data /code/inc/instance-config.php && chgrp www-data /code/inc/instance-config.php \ - && chmod 660 /code/inc/instance-config.php \ - && cd /code && composer install +RUN cd /code && composer install WORKDIR "/var/www" CMD [ "bootstrap.sh" ] From c3619c49fb9b681507ebdc3d86a98dcbfbe7a8ab Mon Sep 17 00:00:00 2001 From: Zankaria Date: Tue, 16 Apr 2024 21:31:56 +0200 Subject: [PATCH 42/45] docker: prepare compose for multiple test instances --- .dockerignore | 2 +- .gitignore | 2 +- docker-compose.yml | 6 ++++-- docker/doc.md | 12 ++++++++++++ 4 files changed, 18 insertions(+), 4 deletions(-) diff --git a/.dockerignore b/.dockerignore index 1b82198d..8ae84728 100644 --- a/.dockerignore +++ b/.dockerignore @@ -1,4 +1,4 @@ **/.git **/.gitignore -/local-www +/local-instances **/.gitkeep diff --git a/.gitignore b/.gitignore index 9d1640ae..5e0ab052 100644 --- a/.gitignore +++ b/.gitignore @@ -44,6 +44,6 @@ Thumbs.db #vichan custom favicon.ico /static/spoiler.png -local-www +/local-instances /vendor/ diff --git a/docker-compose.yml b/docker-compose.yml index f0170c7b..da45b113 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -9,7 +9,7 @@ services: depends_on: - db volumes: - - ./local-www:/var/www/html + - ./local-instances/1/www:/var/www/html - ./docker/nginx/vichan.conf:/etc/nginx/conf.d/default.conf - ./docker/nginx/nginx.conf:/etc/nginx/nginx.conf - ./docker/nginx/proxy.conf:/etc/nginx/conf.d/proxy.conf @@ -21,7 +21,7 @@ services: context: . dockerfile: ./docker/php/Dockerfile volumes: - - ./local-www:/var/www + - ./local-instances/1/www:/var/www - ./docker/php/www.conf:/usr/local/etc/php-fpm.d/www.conf - ./docker/php/jit.ini:/usr/local/etc/php/conf.d/jit.ini @@ -36,3 +36,5 @@ services: environment: MYSQL_DATABASE: vichan MYSQL_ROOT_PASSWORD: password + volumes: + - ./local-instances/1/mysql:/var/lib/mysql diff --git a/docker/doc.md b/docker/doc.md index 13ad93a6..e022f170 100644 --- a/docker/doc.md +++ b/docker/doc.md @@ -2,3 +2,15 @@ The `php-fpm` process runs containerized. The php application always uses `/var/www` as it's work directory and home folder, and if `/var/www` is bind mounted it is necessary to adjust the path passed via FastCGI to `php-fpm` by changing the root directory to `/var/www`. This can achieved in nginx by setting the `fastcgi_param SCRIPT_FILENAME` to `/var/www/$fastcgi_script_name;` + +The default docker compose settings are intended for development and testing purposes. +The folder structure expected by compose is as follows + +``` + +└── local-instances + └── 1 + ├── mysql + └── www +``` +The vichan container is by itself much less rigid. From cbb15710633f0848235d435581e79a470e8e053a Mon Sep 17 00:00:00 2001 From: Zankaria Date: Thu, 18 Apr 2024 23:32:48 +0200 Subject: [PATCH 43/45] docker: remove duplicated nginx configuration --- docker/nginx/vichan.conf | 15 --------------- 1 file changed, 15 deletions(-) diff --git a/docker/nginx/vichan.conf b/docker/nginx/vichan.conf index ea46476e..b5b49deb 100644 --- a/docker/nginx/vichan.conf +++ b/docker/nginx/vichan.conf @@ -18,21 +18,6 @@ server { try_files $uri @addslash; } - # Expire rules for static content - # Media: images, icons, video, audio, HTC - location ~* \.(?:jpg|jpeg|gif|png|ico|cur|gz|svg|svgz|mp4|ogg|ogv|webm|htc)$ { - expires 1M; - access_log off; - log_not_found off; - add_header Cache-Control "public"; - } - # CSS and Javascript - location ~* \.(?:css|js)$ { - expires 1y; - access_log off; - log_not_found off; - add_header Cache-Control "public"; - } # Expire rules for static content # Media: images, icons, video, audio, HTC location ~* \.(?:jpg|jpeg|gif|png|ico|cur|gz|svg|svgz|mp4|ogg|ogv|webm|htc)$ { From 9d7ddd46c58222980c0af45ea3ec48eb46008654 Mon Sep 17 00:00:00 2001 From: Zankaria Date: Thu, 18 Apr 2024 23:33:47 +0200 Subject: [PATCH 44/45] dokcer: cache webp images files in nginx --- docker/nginx/vichan.conf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docker/nginx/vichan.conf b/docker/nginx/vichan.conf index b5b49deb..35f6bc08 100644 --- a/docker/nginx/vichan.conf +++ b/docker/nginx/vichan.conf @@ -20,7 +20,7 @@ server { # Expire rules for static content # Media: images, icons, video, audio, HTC - location ~* \.(?:jpg|jpeg|gif|png|ico|cur|gz|svg|svgz|mp4|ogg|ogv|webm|htc)$ { + location ~* \.(?:jpg|jpeg|gif|png|webp|ico|cur|gz|svg|svgz|mp4|ogg|ogv|webm|htc)$ { expires 1M; access_log off; log_not_found off; From 2836ace5512af354af713ce88a65968fa37d1f93 Mon Sep 17 00:00:00 2001 From: Zankaria Date: Thu, 18 Apr 2024 23:44:09 +0200 Subject: [PATCH 45/45] readme: add basic docker documentation in the README --- README.md | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/README.md b/README.md index b1794df9..2c7001be 100644 --- a/README.md +++ b/README.md @@ -119,6 +119,11 @@ WebM support ------------ Read `inc/lib/webm/README.md` for information about enabling webm. +Docker +------------ +Vichan comes with a Dockerfile and docker-compose configuration, the latter aimed primarily at development and testing. +See the `docker/doc.md` file for more information. + vichan API ---------- vichan provides by default a 4chan-compatible JSON API. For documentation on this, see: