diff --git a/Dockerfile b/Dockerfile index 5ec34bf0..9e80c64a 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,24 +1,29 @@ #### Copy stage #### -FROM mensbeam/baseimage_alpine:latest as copy-stage +FROM mensbeam/baseimage_alpine:latest AS copy-stage + +ARG VENDOR_DIR RUN mkdir -p /copy/app/arsse COPY dist/docker /copy COPY arsse.php /copy/app/arsse/ COPY composer.json /copy/app/arsse/ COPY composer.lock /copy/app/arsse/ -COPY www /copy/app/arsse/www COPY lib /copy/app/arsse/lib +COPY ${VENDOR_DIR} /copy/app/arsse/vendor +COPY www /copy/app/arsse/www +RUN ln -s /config/arsse/config.php /copy/app/arsse/config.php #### Runtime stage #### FROM mensbeam/baseimage_alpine:latest RUN apk add --no-cache \ - composer \ gnu-libiconv \ libxml2 \ + logrotate \ nginx \ php-fpm \ php83-dom \ + php83-iconv \ php83-intl \ php83-mysqli \ php83-pcntl \ @@ -27,7 +32,9 @@ RUN apk add --no-cache \ php83-pdo_sqlite \ php83-pgsql \ php83-posix \ - php83-sqlite3 + php83-sqlite3 && \ + sed -i "s#/var/log/messages {}.*# #g" /etc/logrotate.conf && \ + sed -i 's#/usr/sbin/logrotate /etc/logrotate.conf#/usr/sbin/logrotate /etc/logrotate.conf -s /config/log/logrotate.status#g' /etc/periodic/daily/logrotate COPY --from=copy-stage /copy/ / diff --git a/dist/docker/default/nginx/fcgi.conf b/dist/docker/default/nginx/fcgi.conf index 4e2c4d84..c9cbe23c 100644 --- a/dist/docker/default/nginx/fcgi.conf +++ b/dist/docker/default/nginx/fcgi.conf @@ -13,5 +13,5 @@ fastcgi_param QUERY_STRING $query_string; fastcgi_param HTTPS $https if_not_empty; fastcgi_param REMOTE_USER $remote_user; -fastcgi_pass unix:/var/run/php/arsse.sock; +fastcgi_pass unix:/app/arsse/arsse.sock; fastcgi_param SCRIPT_FILENAME /app/arsse/arsse.php; \ No newline at end of file diff --git a/dist/docker/default/nginx/hosts.conf b/dist/docker/default/nginx/hosts.conf index 51be149d..12e204fa 100644 --- a/dist/docker/default/nginx/hosts.conf +++ b/dist/docker/default/nginx/hosts.conf @@ -1,22 +1,10 @@ server { - server_name -; + server_name ~^.*$; listen 80; listen [::]:80; #include /config/nginx/ssl.conf; - # Automatic HTTPS redirection - uninitialized_variable_warn off; - if ($https = "on") { - set $tls_redir off; - } - if ($tls_redir = "") { - set $tls_redir on; - } - if ($tls_redir = "on") { - rewrite ^ https://$host$request_uri; - } - root /app/arsse/www; location @arsse { diff --git a/dist/docker/default/nginx/nginx.conf b/dist/docker/default/nginx/nginx.conf index b63a43eb..4171b2b1 100644 --- a/dist/docker/default/nginx/nginx.conf +++ b/dist/docker/default/nginx/nginx.conf @@ -131,19 +131,6 @@ http { # Sets the path, format, and configuration for a buffered log write. access_log /config/log/nginx/access.log; - # Additional configs. - #include /config/nginx/http.d/*.conf; - - # Fallback virtual server - server { - server_name ~^.*$; - listen 80; - - location / { - return 503; - } - } - # Includes virtual hosts configs. include /config/nginx/hosts.conf; } diff --git a/dist/docker/default/nginx/ssl.conf b/dist/docker/default/nginx/ssl.conf index f5c76451..ad8af0e7 100644 --- a/dist/docker/default/nginx/ssl.conf +++ b/dist/docker/default/nginx/ssl.conf @@ -19,3 +19,15 @@ ssl_prefer_server_ciphers on; ssl_certificate /config/keys/fullchain.cer; ssl_certificate_key /config/keys/cert.key; ssl_trusted_certificate /config/keys/cert.cer; + +# Automatic HTTPS redirection +uninitialized_variable_warn off; +if ($https = "on") { + set $tls_redir off; +} +if ($tls_redir = "") { + set $tls_redir on; +} +if ($tls_redir = "on") { + rewrite ^ https://$host$request_uri; +} \ No newline at end of file diff --git a/dist/docker/etc/logrotate.d/nginx b/dist/docker/etc/logrotate.d/nginx new file mode 100644 index 00000000..181c9b25 --- /dev/null +++ b/dist/docker/etc/logrotate.d/nginx @@ -0,0 +1,14 @@ +/config/log/nginx/*.log { + weekly + rotate 7 + compress + delaycompress + nodateext + notifempty + missingok + sharedscripts + postrotate + sv hup /etc/service/nginx + endscript + su ook ook +} \ No newline at end of file diff --git a/dist/docker/etc/logrotate.d/php-fpm b/dist/docker/etc/logrotate.d/php-fpm new file mode 100644 index 00000000..d1aed857 --- /dev/null +++ b/dist/docker/etc/logrotate.d/php-fpm @@ -0,0 +1,14 @@ +/config/log/php/*.log { + rotate 5 + weekly + missingok + notifempty + delaycompress + compress + nodateext + sharedscripts + postrotate + sv hup /etc/service/php-fpm + endscript + su ook ook +} \ No newline at end of file diff --git a/dist/docker/etc/php83/php-fpm.conf b/dist/docker/etc/php83/php-fpm.conf index 6a435be8..a0e77b1e 100644 --- a/dist/docker/etc/php83/php-fpm.conf +++ b/dist/docker/etc/php83/php-fpm.conf @@ -1,10 +1,8 @@ [global] -env[PATH] = /usr/local/bin:/usr/bin:/bin +error_log = /config/log/php/error.log [arsse] -user = ook -group = ook -listen = /var/run/php/arsse.sock +listen = /app/arsse/arsse.sock listen.owner = ook listen.group = ook pm = dynamic diff --git a/dist/docker/etc/s6-overlay/s6-rc.d/init-config/dependencies.d/init-user b/dist/docker/etc/s6-overlay/s6-rc.d/init-config/dependencies.d/init-user new file mode 100644 index 00000000..e69de29b diff --git a/dist/docker/etc/service/init-config/run b/dist/docker/etc/s6-overlay/s6-rc.d/init-config/run old mode 100644 new mode 100755 similarity index 51% rename from dist/docker/etc/service/init-config/run rename to dist/docker/etc/s6-overlay/s6-rc.d/init-config/run index 320bbded..598ba4b9 --- a/dist/docker/etc/service/init-config/run +++ b/dist/docker/etc/s6-overlay/s6-rc.d/init-config/run @@ -1,22 +1,22 @@ -#!/usr/bin/env bash - -while ! grep -qF "init-user: done"; do - sleep 1 -done - -logger -t 'init-config' "start" >> /var/log/run-log +#!/usr/bin/with-contenv bash if [ ! -d "/config/arsse" ] || [ ! "$(ls -A "/config/arsse")" ]; then echo -n "[init-config] Copying defaults to /config/arsse..." cp -R /default/arsse/. /config/arsse - chown -R ook:ook /config/arsse echo " done" fi if [ ! -d "/config/nginx" ] || [ ! "$(ls -A "/config/nginx")" ]; then echo -n "[init-config] Copying defaults to /config/nginx..." cp -R /default/nginx/. /config/nginx - chown -R ook:ook /config/nginx + echo " done" +fi +if [ ! -d "/config/log" ] || [ ! "$(ls -A "/config/log")" ]; then + echo -n "[init-config] Creating log folder at /config/log..." + mkdir -p /config/log/php + mkdir -p /config/log/nginx echo " done" fi -logger -t 'init-config' "done" >> /var/log/run-log \ No newline at end of file +echo -n "[init-config] Setting permissions for ook user..." +chown -R ook:ook /app /config /default 2>/dev/null +echo " done" \ No newline at end of file diff --git a/dist/docker/etc/s6-overlay/s6-rc.d/init-config/type b/dist/docker/etc/s6-overlay/s6-rc.d/init-config/type new file mode 100644 index 00000000..3d92b15f --- /dev/null +++ b/dist/docker/etc/s6-overlay/s6-rc.d/init-config/type @@ -0,0 +1 @@ +oneshot \ No newline at end of file diff --git a/dist/docker/etc/s6-overlay/s6-rc.d/init-config/up b/dist/docker/etc/s6-overlay/s6-rc.d/init-config/up new file mode 100644 index 00000000..4567b392 --- /dev/null +++ b/dist/docker/etc/s6-overlay/s6-rc.d/init-config/up @@ -0,0 +1 @@ +/etc/s6-overlay/s6-rc.d/init-config/run \ No newline at end of file diff --git a/dist/docker/etc/s6-overlay/s6-rc.d/init-nginx/dependencies.d/init-config b/dist/docker/etc/s6-overlay/s6-rc.d/init-nginx/dependencies.d/init-config new file mode 100644 index 00000000..e69de29b diff --git a/dist/docker/etc/s6-overlay/s6-rc.d/init-nginx/run b/dist/docker/etc/s6-overlay/s6-rc.d/init-nginx/run new file mode 100755 index 00000000..ae007f75 --- /dev/null +++ b/dist/docker/etc/s6-overlay/s6-rc.d/init-nginx/run @@ -0,0 +1,34 @@ +#!/usr/bin/with-contenv bash + +touch /config/log/nginx/access.log +touch /config/log/nginx/error.log + +# Download dhparams if necessary +if [ ! -f /config/nginx/dhparams.pem ]; then + curl -o /config/nginx/dhparams.pem -L "https://ssl-config.mozilla.org/ffdhe4096.txt" +fi + +# Set resolver +touch /config/nginx/resolver.conf +if ! grep -q 'resolver' /config/nginx/resolver.conf; then + RESOLVERRAW=$(awk 'BEGIN{ORS=" "} $1=="nameserver" {print $2}' /etc/resolv.conf) + for i in ${RESOLVERRAW}; do + if [[ "$(awk -F ':' '{print NF-1}' <<< "${i}")" -le 2 ]]; then + RESOLVER="${RESOLVER} ${i}" + fi + done + if [[ -z "${RESOLVER}" ]]; then + RESOLVER="127.0.0.11" + fi + echo "Setting resolver to ${RESOLVER}" + RESOLVEROUTPUT="# This file is auto-generated only on first start, based on the container's /etc/resolv.conf file. Feel free to modify it as you wish.\n\nresolver ${RESOLVER} valid=30s;" + echo -e "${RESOLVEROUTPUT}" > /config/nginx/resolver.conf +fi + +# Set worker_processes +touch /config/nginx/worker_processes.conf +if ! grep -q 'worker_processes' /config/nginx/worker_processes.conf; then + WORKER_PROCESSES=$(nproc) + echo "Setting worker_processes to ${WORKER_PROCESSES}" + echo -e "# This file is auto-generated only on first start, based on the cpu cores detected. Feel free to change it to any other number or to auto to let nginx handle it automatically.\n\nworker_processes ${WORKER_PROCESSES};" >/config/nginx/worker_processes.conf +fi \ No newline at end of file diff --git a/dist/docker/etc/s6-overlay/s6-rc.d/init-nginx/type b/dist/docker/etc/s6-overlay/s6-rc.d/init-nginx/type new file mode 100644 index 00000000..3d92b15f --- /dev/null +++ b/dist/docker/etc/s6-overlay/s6-rc.d/init-nginx/type @@ -0,0 +1 @@ +oneshot \ No newline at end of file diff --git a/dist/docker/etc/s6-overlay/s6-rc.d/init-nginx/up b/dist/docker/etc/s6-overlay/s6-rc.d/init-nginx/up new file mode 100644 index 00000000..60ba159c --- /dev/null +++ b/dist/docker/etc/s6-overlay/s6-rc.d/init-nginx/up @@ -0,0 +1 @@ +/etc/s6-overlay/s6-rc.d/init-nginx/run \ No newline at end of file diff --git a/dist/docker/etc/s6-overlay/s6-rc.d/nginx/dependencies.d/init-nginx b/dist/docker/etc/s6-overlay/s6-rc.d/nginx/dependencies.d/init-nginx new file mode 100644 index 00000000..e69de29b diff --git a/dist/docker/etc/s6-overlay/s6-rc.d/nginx/run b/dist/docker/etc/s6-overlay/s6-rc.d/nginx/run new file mode 100755 index 00000000..93535652 --- /dev/null +++ b/dist/docker/etc/s6-overlay/s6-rc.d/nginx/run @@ -0,0 +1,2 @@ +#!/usr/bin/with-contenv bash +exec nginx -c /config/nginx/nginx.conf \ No newline at end of file diff --git a/dist/docker/etc/s6-overlay/s6-rc.d/nginx/type b/dist/docker/etc/s6-overlay/s6-rc.d/nginx/type new file mode 100644 index 00000000..1780f9f4 --- /dev/null +++ b/dist/docker/etc/s6-overlay/s6-rc.d/nginx/type @@ -0,0 +1 @@ +longrun \ No newline at end of file diff --git a/dist/docker/etc/s6-overlay/s6-rc.d/nginx/up b/dist/docker/etc/s6-overlay/s6-rc.d/nginx/up new file mode 100644 index 00000000..bc49bf39 --- /dev/null +++ b/dist/docker/etc/s6-overlay/s6-rc.d/nginx/up @@ -0,0 +1 @@ +/etc/s6-overlay/s6-rc.d/nginx/run \ No newline at end of file diff --git a/dist/docker/etc/s6-overlay/s6-rc.d/php-fpm/dependencies.d/init-config b/dist/docker/etc/s6-overlay/s6-rc.d/php-fpm/dependencies.d/init-config new file mode 100644 index 00000000..e69de29b diff --git a/dist/docker/etc/s6-overlay/s6-rc.d/php-fpm/run b/dist/docker/etc/s6-overlay/s6-rc.d/php-fpm/run new file mode 100755 index 00000000..a97418f7 --- /dev/null +++ b/dist/docker/etc/s6-overlay/s6-rc.d/php-fpm/run @@ -0,0 +1,2 @@ +#!/usr/bin/with-contenv bash +su-exec ook /usr/sbin/php-fpm83 -F \ No newline at end of file diff --git a/dist/docker/etc/s6-overlay/s6-rc.d/php-fpm/type b/dist/docker/etc/s6-overlay/s6-rc.d/php-fpm/type new file mode 100644 index 00000000..1780f9f4 --- /dev/null +++ b/dist/docker/etc/s6-overlay/s6-rc.d/php-fpm/type @@ -0,0 +1 @@ +longrun \ No newline at end of file diff --git a/dist/docker/etc/s6-overlay/s6-rc.d/php-fpm/up b/dist/docker/etc/s6-overlay/s6-rc.d/php-fpm/up new file mode 100644 index 00000000..5e0de132 --- /dev/null +++ b/dist/docker/etc/s6-overlay/s6-rc.d/php-fpm/up @@ -0,0 +1 @@ +/etc/s6-overlay/s6-rc.d/php-fpm/run \ No newline at end of file diff --git a/dist/docker/etc/s6-overlay/s6-rc.d/user/contents.d/init-config b/dist/docker/etc/s6-overlay/s6-rc.d/user/contents.d/init-config new file mode 100644 index 00000000..e69de29b diff --git a/dist/docker/etc/s6-overlay/s6-rc.d/user/contents.d/init-nginx b/dist/docker/etc/s6-overlay/s6-rc.d/user/contents.d/init-nginx new file mode 100644 index 00000000..e69de29b diff --git a/dist/docker/etc/s6-overlay/s6-rc.d/user/contents.d/nginx b/dist/docker/etc/s6-overlay/s6-rc.d/user/contents.d/nginx new file mode 100644 index 00000000..e69de29b diff --git a/dist/docker/etc/s6-overlay/s6-rc.d/user/contents.d/php-fpm b/dist/docker/etc/s6-overlay/s6-rc.d/user/contents.d/php-fpm new file mode 100644 index 00000000..e69de29b diff --git a/dist/docker/etc/service/init-arsse/run b/dist/docker/etc/service/init-arsse/run deleted file mode 100644 index 33339968..00000000 --- a/dist/docker/etc/service/init-arsse/run +++ /dev/null @@ -1,16 +0,0 @@ -#!/usr/bin/env bash - -while ! grep -qF "init-config: done"; do - sleep 1 -done - -logger -t 'init-arsse' "start" >> /var/log/run-log - -chown -R ook:ook /app - -if [ ! -d '/app/arsse/vendor' ]; then - cd /app/arsse - composer install -fi - -logger -t 'init-arsse' "done" >> /var/log/run-log \ No newline at end of file diff --git a/dist/docker/etc/service/nginx/run b/dist/docker/etc/service/nginx/run deleted file mode 100644 index f0c2520e..00000000 --- a/dist/docker/etc/service/nginx/run +++ /dev/null @@ -1,11 +0,0 @@ -#!/usr/bin/env bash - -while ! grep -qF "init-arsse: done"; do - sleep 1 -done - -logger -t 'nginx' "start" >> /var/log/run-log - -nginx -c /config/nginx/nginx.conf -g 'daemon off;' - -logger -t 'nginx' "done" >> /var/log/run-log \ No newline at end of file