From da3d5930a5768b061e941c9197456acfa2c59dea Mon Sep 17 00:00:00 2001 From: casjay Date: Wed, 29 Jan 2025 13:43:57 -0500 Subject: [PATCH] =?UTF-8?q?=F0=9F=97=83=EF=B8=8F=20Committing=20everything?= =?UTF-8?q?=20that=20changed=20=F0=9F=97=83=EF=B8=8F?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Dockerfile .env.scripts rootfs/tmp/etc/nginx/ rootfs/usr/local/etc/docker/init.d/99-php.sh rootfs/usr/local/etc/docker/init.d/zz-nginx.sh --- .env.scripts | 4 +- Dockerfile | 8 +- rootfs/tmp/etc/nginx/mime.types | 79 ++++++++++++ rootfs/tmp/etc/nginx/nginx.conf | 122 ++++++++++++++++++ .../docker/init.d/{99-php.sh => zz-nginx.sh} | 67 +++++----- 5 files changed, 239 insertions(+), 41 deletions(-) create mode 100644 rootfs/tmp/etc/nginx/mime.types create mode 100644 rootfs/tmp/etc/nginx/nginx.conf rename rootfs/usr/local/etc/docker/init.d/{99-php.sh => zz-nginx.sh} (94%) diff --git a/.env.scripts b/.env.scripts index 65438f8..e1ae2a3 100644 --- a/.env.scripts +++ b/.env.scripts @@ -45,7 +45,7 @@ SERVICE_PORT="80" EXPOSE_PORTS="80 9053 9050 9080" # - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - # Versions -PHP_VERSION="system" +PHP_VERSION="84" NODE_VERSION="system" NODE_MANAGER="system" # - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - @@ -56,5 +56,5 @@ DEFAULT_DATA_DIR="/usr/local/share/template-files/data" DEFAULT_CONF_DIR="/usr/local/share/template-files/config" DEFAULT_TEMPLATE_DIR="/usr/local/share/template-files/defaults" # - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -ENV_PACKAGES="tor torsocks php nginx" +ENV_PACKAGES="tor torsocks nginx php\$PHP_VERSION" # - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - diff --git a/Dockerfile b/Dockerfile index 7b34063..a411675 100644 --- a/Dockerfile +++ b/Dockerfile @@ -16,7 +16,7 @@ ARG SHELL_OPTS="set -e -o pipefail" ARG SERVICE_PORT="80" ARG EXPOSE_PORTS="80 8118 9040 9050 9053 9080 57000-57010" -ARG PHP_VERSION="system" +ARG PHP_VERSION="84" ARG NODE_VERSION="system" ARG NODE_MANAGER="system" @@ -54,7 +54,7 @@ ARG PHP_SERVER ARG SHELL_OPTS ARG PATH -ARG PACK_LIST="tor torsocks lyrebird privoxy php socat unbound bind-tools" +ARG PACK_LIST="tor torsocks lyrebird privoxy nginx socat unbound bind-tools php$PHP_VERSION" ENV ENV=~/.profile ENV SHELL="/bin/sh" @@ -129,8 +129,8 @@ RUN echo "Updating system files "; \ if [ -f "/etc/profile.d/color_prompt.sh.disabled" ]; then mv -f "/etc/profile.d/color_prompt.sh.disabled" "/etc/profile.d/color_prompt.sh";fi ; \ { [ -f "/etc/bash/bashrc" ] && cp -Rf "/etc/bash/bashrc" "/root/.bashrc"; } || { [ -f "/etc/bashrc" ] && cp -Rf "/etc/bashrc" "/root/.bashrc"; } || { [ -f "/etc/bash.bashrc" ] && cp -Rf "/etc/bash.bashrc" "/root/.bashrc"; } || true; \ if [ -z "$(command -v "apt-get" 2>/dev/null)" ];then grep -sh -q 'alias quit' "/root/.bashrc" || printf '# Profile\n\n%s\n%s\n%s\n' '. /etc/profile' '. /root/.profile' "alias quit='exit 0 2>/dev/null'" >>"/root/.bashrc"; fi; \ - if [ "$PHP_VERSION" != "system" ] && [ -e "/etc/php" ] && [ -d "/etc/${PHP_VERSION}" ];then rm -Rf "/etc/php";fi; \ - if [ "$PHP_VERSION" != "system" ] && [ -n "${PHP_VERSION}" ] && [ -d "/etc/${PHP_VERSION}" ];then ln -sf "/etc/${PHP_VERSION}" "/etc/php";fi; \ + if [ "$PHP_VERSION" != "system" ] && [ -e "/etc/php" ] && [ -d "/etc/php${PHP_VERSION}" ];then rm -Rf "/etc/php";fi; \ + if [ "$PHP_VERSION" != "system" ] && [ -n "${PHP_VERSION}" ] && [ -d "/etc/php${PHP_VERSION}" ];then ln -sf "/etc/php${PHP_VERSION}" "/etc/php";fi; \ if [ -f "/root/docker/setup/03-files.sh" ];then echo "Running the files script";/root/docker/setup/03-files.sh||{ echo "Failed to execute /root/docker/setup/03-files.sh" >&2 && exit 10; };echo "Done running the files script";fi; \ echo "" diff --git a/rootfs/tmp/etc/nginx/mime.types b/rootfs/tmp/etc/nginx/mime.types new file mode 100644 index 0000000..5d132eb --- /dev/null +++ b/rootfs/tmp/etc/nginx/mime.types @@ -0,0 +1,79 @@ +types { + text/html html htm shtml; + text/css css; + text/xml xml; + image/gif gif; + image/jpeg jpeg jpg; + application/x-javascript js; + application/atom+xml atom; + application/rss+xml rss; + + text/mathml mml; + text/plain txt; + text/vnd.sun.j2me.app-descriptor jad; + text/vnd.wap.wml wml; + text/x-component htc; + + image/png png; + image/tiff tif tiff; + image/vnd.wap.wbmp wbmp; + image/x-icon ico; + image/x-jng jng; + image/x-ms-bmp bmp; + image/svg+xml svg svgz; + image/webp webp; + + application/java-archive jar war ear; + application/mac-binhex40 hqx; + application/msword doc; + application/pdf pdf; + application/postscript ps eps ai; + application/rtf rtf; + application/vnd.ms-excel xls; + application/vnd.ms-powerpoint ppt; + application/vnd.wap.wmlc wmlc; + application/vnd.google-earth.kml+xml kml; + application/vnd.google-earth.kmz kmz; + application/x-7z-compressed 7z; + application/x-cocoa cco; + application/x-java-archive-diff jardiff; + application/x-java-jnlp-file jnlp; + application/x-makeself run; + application/x-perl pl pm; + application/x-pilot prc pdb; + application/x-rar-compressed rar; + application/x-redhat-package-manager rpm; + application/x-sea sea; + application/x-shockwave-flash swf; + application/x-stuffit sit; + application/x-tcl tcl tk; + application/x-x509-ca-cert der pem crt; + application/x-xpinstall xpi; + application/xhtml+xml xhtml; + application/zip zip; + + application/octet-stream bin exe dll; + application/octet-stream deb; + application/octet-stream dmg; + application/octet-stream eot; + application/octet-stream iso img; + application/octet-stream msi msp msm; + + audio/midi mid midi kar; + audio/mpeg mp3; + audio/ogg ogg; + audio/x-m4a m4a; + audio/x-realaudio ra; + + video/3gpp 3gpp 3gp; + video/mp4 mp4; + video/mpeg mpeg mpg; + video/quicktime mov; + video/webm webm; + video/x-flv flv; + video/x-m4v m4v; + video/x-mng mng; + video/x-ms-asf asx asf; + video/x-ms-wmv wmv; + video/x-msvideo avi; +} diff --git a/rootfs/tmp/etc/nginx/nginx.conf b/rootfs/tmp/etc/nginx/nginx.conf new file mode 100644 index 0000000..b563b98 --- /dev/null +++ b/rootfs/tmp/etc/nginx/nginx.conf @@ -0,0 +1,122 @@ +# Default nginx configuration +user REPLACE_SERVICE_USER; +worker_processes auto; +daemon off; +error_log /data/logs/nginx/nginx.log warn; +pid /run/nginx.pid; + +events { + worker_connections 1024; +} + +http { + include /etc/nginx/mime.types; + default_type "text/html"; + sendfile on; + keepalive_timeout 65; + gzip on; + map $http_upgrade $connection_upgrade { default upgrade; '' close; } + disable_symlinks off; + root REPLACE_SERVER_WWW_DIR; + access_log /data/logs/nginx/access.REPLACE_SERVER_NAME.log; + + server { + listen REPLACE_SERVER_PORT; + server_name REPLACE_SERVER_NAME; + root REPLACE_SERVER_WWW_DIR; + index index.php index.html index.cgi index.pl index.aspx index.txt index.json index.unknown.php index.default.php; + add_header X-Frame-Options "SAMEORIGIN" always; + add_header X-XSS-Protection "1; mode=block" always; + add_header X-Content-Type-Options "nosniff" always; + add_header Referrer-Policy "no-referrer-when-downgrade" always; + add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always; + add_header Content-Security-Policy "script-src 'self' 'unsafe-inline' 'unsafe-eval' *; frame-src 'self' *; object-src 'self'" always; + proxy_intercept_errors off; + + location ^~ /favicon.ico { + alias REPLACE_SERVER_WWW_DIR/favicon.ico; + allow all; + log_not_found off; + access_log off; + } + + location ^~ /robots.txt { + default_type "text/plain"; + alias REPLACE_SERVER_WWW_DIR/robots.txt; + allow all; + log_not_found off; + access_log off; + } + + location ^~ /.well-known { + default_type "text/plain"; + alias REPLACE_SERVER_WWW_DIR/.well-known; + allow all; + log_not_found on; + access_log off; + } + + location ^~ /.well-known/security.txt { + default_type "text/plain"; + alias REPLACE_SERVER_WWW_DIR/security.txt; + allow all; + log_not_found off; + access_log off; + } + + location ^~ /health { + default_type "text/plain"; + allow all; + access_log off; + return 200 'ok'; + } + + location ^~ /health/txt { + default_type "text/plain"; + allow all; + access_log off; + return 200 'ok'; + } + + location ^~ /health/json { + default_type "application/json"; + allow all; + access_log off; + return 200 '{"status":"OK"}'; + } + + location ^~ /health/status { + stub_status; + } + + location ~ [^/]\.php(/|$) { + fastcgi_split_path_info ^(.+?\.php)(/.*)$; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + fastcgi_param HTTP_PROXY ""; + fastcgi_pass 127.0.0.1:9000; + fastcgi_index index.php; + fastcgi_param QUERY_STRING $query_string; + fastcgi_param REQUEST_METHOD $request_method; + fastcgi_param CONTENT_TYPE $content_type; + fastcgi_param CONTENT_LENGTH $content_length; + fastcgi_param SCRIPT_NAME $fastcgi_script_name; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_param REQUEST_URI $request_uri; + fastcgi_param DOCUMENT_URI $document_uri; + fastcgi_param DOCUMENT_ROOT $document_root; + fastcgi_param SERVER_PROTOCOL $server_protocol; + fastcgi_param REQUEST_SCHEME $scheme; + fastcgi_param HTTPS $https if_not_empty; + fastcgi_param GATEWAY_INTERFACE CGI/1.1; + fastcgi_param SERVER_SOFTWARE nginx/$nginx_version; + fastcgi_param REMOTE_ADDR $remote_addr; + fastcgi_param REMOTE_PORT $remote_port; + fastcgi_param SERVER_ADDR $server_addr; + fastcgi_param SERVER_PORT $server_port; + fastcgi_param SERVER_NAME $server_name; + fastcgi_param REDIRECT_STATUS 200; + } + } +} diff --git a/rootfs/usr/local/etc/docker/init.d/99-php.sh b/rootfs/usr/local/etc/docker/init.d/zz-nginx.sh similarity index 94% rename from rootfs/usr/local/etc/docker/init.d/99-php.sh rename to rootfs/usr/local/etc/docker/init.d/zz-nginx.sh index 5821cda..0d88263 100755 --- a/rootfs/usr/local/etc/docker/init.d/99-php.sh +++ b/rootfs/usr/local/etc/docker/init.d/zz-nginx.sh @@ -1,14 +1,14 @@ #!/usr/bin/env bash # shellcheck shell=bash # - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -##@Version : 202501060902-git +##@Version : 202501291320-git # @@Author : Jason Hempstead # @@Contact : jason@casjaysdev.pro # @@License : LICENSE.md -# @@ReadME : php.sh --help +# @@ReadME : zz-nginx.sh --help # @@Copyright : Copyright: (c) 2025 Jason Hempstead, Casjays Developments -# @@Created : Monday, Jan 06, 2025 09:02 EST -# @@File : php.sh +# @@Created : Wednesday, Jan 29, 2025 13:20 EST +# @@File : zz-nginx.sh # @@Description : # @@Changelog : New script # @@TODO : Better documentation @@ -30,7 +30,7 @@ trap 'retVal=$?;[ "$SERVICE_IS_RUNNING" != "yes" ] && [ -f "$SERVICE_PID_FILE" ] export PATH="/usr/local/etc/docker/bin:/usr/local/bin:/usr/bin:/usr/sbin:/bin:/sbin" # - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - SCRIPT_FILE="$0" -SERVICE_NAME="php" +SERVICE_NAME="nginx" SCRIPT_NAME="$(basename -- "$SCRIPT_FILE" 2>/dev/null)" # - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - # exit if __start_init_scripts function hasn't been Initialized @@ -59,24 +59,24 @@ printf '%s\n' "# - - - Initializing $SERVICE_NAME - - - #" START_SCRIPT="/usr/local/etc/docker/exec/$SERVICE_NAME" # - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - # Reset environment before executing service -RESET_ENV="yes" +RESET_ENV="no" # - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - # Set webroot WWW_ROOT_DIR="/data/htdocs/www" # - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - # Default predefined variables -DATA_DIR="/data/php" # set data directory -CONF_DIR="/config/php" # set config directory +DATA_DIR="/data/nginx" # set data directory +CONF_DIR="/config/nginx" # set config directory # - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - # set the containers etc directory -ETC_DIR="/etc/php" +ETC_DIR="/etc/nginx" # - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - # set the var dir VAR_DIR="" # - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -TMP_DIR="/tmp/php" # set the temp dir -RUN_DIR="/run/php" # set scripts pid dir -LOG_DIR="/data/logs/php" # set log directory +TMP_DIR="/tmp/nginx" # set the temp dir +RUN_DIR="/run/nginx" # set scripts pid dir +LOG_DIR="/data/logs/nginx" # set log directory # - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - # Set the working dir WORK_DIR="" @@ -88,8 +88,8 @@ SERVICE_PORT="80" RUNAS_USER="root" # normally root # - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - # User and group in which the service switches to - IE: nginx,apache,mysql,postgres -#SERVICE_USER="php" # execute command as another user -#SERVICE_GROUP="php" # Set the service group +#SERVICE_USER="nginx" # execute command as another user +#SERVICE_GROUP="nginx" # Set the service group # - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - # Set password length RANDOM_PASS_USER="" @@ -100,12 +100,12 @@ SERVICE_UID="0" # set the user id SERVICE_GID="0" # set the group id # - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - # execute command variables - keep single quotes variables will be expanded later -EXEC_CMD_BIN='php' # command to execute -EXEC_CMD_ARGS='-q -S 0.0.0.0:80 -t $WWW_ROOT_DIR' # command arguments -EXEC_PRE_SCRIPT='' # execute script before +EXEC_CMD_BIN='nginx' # command to execute +EXEC_CMD_ARGS='-c $ETC_DIR/nginx.conf' # command arguments +EXEC_PRE_SCRIPT='' # execute script before # - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - # Is this service a web server -IS_WEB_SERVER="no" +IS_WEB_SERVER="yes" # - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - # Is this service a database server IS_DATABASE_SERVICE="no" @@ -134,16 +134,16 @@ ROOT_FILE_PREFIX="/config/secure/auth/root" # directory to save username/passwor USER_FILE_PREFIX="/config/secure/auth/user" # directory to save username/password for normal user # - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - # root/admin user info password/random] -root_user_name="${PHP_ROOT_USER_NAME:-}" # root user name -root_user_pass="${PHP_ROOT_PASS_WORD:-}" # root user password +root_user_name="${NGINX_ROOT_USER_NAME:-}" # root user name +root_user_pass="${NGINX_ROOT_PASS_WORD:-}" # root user password # - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - # Normal user info [password/random] -user_name="${PHP_USER_NAME:-}" # normal user name -user_pass="${PHP_USER_PASS_WORD:-}" # normal user password +user_name="${NGINX_USER_NAME:-}" # normal user name +user_pass="${NGINX_USER_PASS_WORD:-}" # normal user password # - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - # Load variables from config -[ -f "/config/env/php.script.sh" ] && . "/config/env/php.script.sh" # Generated by my dockermgr script -[ -f "/config/env/php.sh" ] && . "/config/env/php.sh" # Overwrite the variabes +[ -f "/config/env/nginx.script.sh" ] && . "/config/env/nginx.script.sh" # Generated by my dockermgr script +[ -f "/config/env/nginx.sh" ] && . "/config/env/nginx.sh" # Overwrite the variabes # - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - # Additional predefined variables @@ -182,11 +182,7 @@ __run_precopy() { if [ -d "$WWW_ROOT_DIR/.git" ]; then rm -Rf "$WWW_ROOT_DIR/.git" fi - if [ ! -d "$WWW_ROOT_DIR/health" ]; then - mkdir -p "$WWW_ROOT_DIR/health" - echo "200" >"$WWW_ROOT_DIR/health/txt" - echo '{"message":"ok"}' >"$WWW_ROOT_DIR/health/json" - fi + [ -d "$WWW_ROOT_DIR/.well-known" ] || mkdir -p "$WWW_ROOT_DIR/.well-known" # allow custom functions if builtin type -t __run_precopy_local | grep -q 'function'; then __run_precopy_local; fi } @@ -195,8 +191,9 @@ __run_precopy() { __execute_prerun() { # Define environment local hostname=${HOSTNAME} + local php_ver="${PHP_VERSION:-84}" # Define actions/commands - + /usr/sbin/php-fpm$php_ver --nodaemonize --fpm-config "/etc/php$php_ver/php-fpm.conf" & # allow custom functions if builtin type -t __execute_prerun_local | grep -q 'function'; then __execute_prerun_local; fi } @@ -240,7 +237,7 @@ __update_conf_files() { # - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - # replace variables - # __replace "" "" "$CONF_DIR/php.conf" + # __replace "" "" "$CONF_DIR/nginx.conf" # replace variables recursively # __find_replace "" "" "$CONF_DIR" @@ -330,14 +327,14 @@ __create_service_env() { cat </dev/null # - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - # root/admin user info [password/random] -#ENV_ROOT_USER_NAME="${ENV_ROOT_USER_NAME:-$PHP_ROOT_USER_NAME}" # root user name -#ENV_ROOT_USER_PASS="${ENV_ROOT_USER_NAME:-$PHP_ROOT_PASS_WORD}" # root user password +#ENV_ROOT_USER_NAME="${ENV_ROOT_USER_NAME:-$NGINX_ROOT_USER_NAME}" # root user name +#ENV_ROOT_USER_PASS="${ENV_ROOT_USER_NAME:-$NGINX_ROOT_PASS_WORD}" # root user password #root_user_name="${ENV_ROOT_USER_NAME:-$root_user_name}" # #root_user_pass="${ENV_ROOT_USER_PASS:-$root_user_pass}" # # - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - #Normal user info [password/random] -#ENV_USER_NAME="${ENV_USER_NAME:-$PHP_USER_NAME}" # -#ENV_USER_PASS="${ENV_USER_PASS:-$PHP_USER_PASS_WORD}" # +#ENV_USER_NAME="${ENV_USER_NAME:-$NGINX_USER_NAME}" # +#ENV_USER_PASS="${ENV_USER_PASS:-$NGINX_USER_PASS_WORD}" # #user_name="${ENV_USER_NAME:-$user_name}" # normal user name #user_pass="${ENV_USER_PASS:-$user_pass}" # normal user password