diff --git a/.env.example b/.env.example index a9ebec96..664e1454 100644 --- a/.env.example +++ b/.env.example @@ -199,6 +199,7 @@ WORKSPACE_INSTALL_LNAV=false WORKSPACE_INSTALL_PROTOC=false WORKSPACE_INSTALL_PHPDECIMAL=false WORKSPACE_INSTALL_ZOOKEEPER=false +WORKSPACE_INSTALL_SSDB=false WORKSPACE_PROTOC_VERSION=latest WORKSPACE_INSTALL_MEMCACHED=true @@ -262,6 +263,7 @@ PHP_FPM_INSTALL_MAILPARSE=false PHP_FPM_INSTALL_WKHTMLTOPDF=false PHP_FPM_INSTALL_PHPDECIMAL=false PHP_FPM_INSTALL_ZOOKEEPER=false +PHP_FPM_INSTALL_SSDB=false PHP_FPM_FFMPEG=false PHP_FPM_AUDIOWAVEFORM=false PHP_FPM_ADDITIONAL_LOCALES="en_US.UTF-8 es_ES.UTF-8 fr_FR.UTF-8" @@ -308,6 +310,7 @@ PHP_WORKER_INSTALL_GEARMAN=false PHP_WORKER_INSTALL_REDIS=false PHP_WORKER_INSTALL_IMAP=false PHP_WORKER_INSTALL_XMLRPC=false +PHP_WORKER_INSTALL_SSDB=false PHP_WORKER_PUID=1000 PHP_WORKER_PGID=1000 @@ -322,6 +325,16 @@ NGINX_PHP_UPSTREAM_CONTAINER=php-fpm NGINX_PHP_UPSTREAM_PORT=9000 NGINX_SSL_PATH=./nginx/ssl/ +### OpenResty ################################################# + +OPENRESTY_HOST_HTTP_PORT=80 +OPENRESTY_HOST_HTTPS_PORT=443 +OPENRESTY_HOST_LOG_PATH=./logs/openresty/ +OPENRESTY_SITES_PATH=./openresty/sites/ +OPENRESTY_PHP_UPSTREAM_CONTAINER=php-fpm +OPENRESTY_PHP_UPSTREAM_PORT=9000 +OPENRESTY_SSL_PATH=./openresty/ssl/ + ### LARAVEL_HORIZON ################################################ LARAVEL_HORIZON_INSTALL_BZ2=false @@ -387,6 +400,10 @@ REDIS_PORT=6379 REDIS_CLUSTER_PORT_RANGE=7000-7005 +### SSDB ################################################# + +SSDB_PORT=16801 + ### ZooKeeper ############################################# ZOOKEEPER_PORT=2181 diff --git a/docker-compose.yml b/docker-compose.yml index 1e4ea9f2..5847a80b 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -5,7 +5,6 @@ networks: driver: ${NETWORKS_DRIVER} backend: driver: ${NETWORKS_DRIVER} - volumes: mysql: driver: ${VOLUMES_DRIVER} @@ -167,6 +166,7 @@ services: - INSTALL_PROTOC=${WORKSPACE_INSTALL_PROTOC} - INSTALL_PHPDECIMAL=${WORKSPACE_INSTALL_PHPDECIMAL} - INSTALL_ZOOKEEPER=${WORKSPACE_INSTALL_ZOOKEEPER} + - INSTALL_SSDB=${WORKSPACE_INSTALL_SSDB} - PROTOC_VERSION=${WORKSPACE_PROTOC_VERSION} - INSTALL_DOCKER_CLIENT=${WORKSPACE_INSTALL_DOCKER_CLIENT} - INSTALL_MEMCACHED=${WORKSPACE_INSTALL_MEMCACHED} @@ -267,6 +267,7 @@ services: - INSTALL_XMLRPC=${PHP_FPM_INSTALL_XMLRPC} - INSTALL_PHPDECIMAL=${PHP_FPM_INSTALL_PHPDECIMAL} - INSTALL_ZOOKEEPER=${PHP_FPM_INSTALL_ZOOKEEPER} + - INSTALL_SSDB=${PHP_FPM_INSTALL_SSDB} - DOWNGRADE_OPENSSL_TLS_AND_SECLEVEL=${PHP_DOWNGRADE_OPENSSL_TLS_AND_SECLEVEL} - PUID=${PHP_FPM_PUID} - PGID=${PHP_FPM_PGID} @@ -337,6 +338,7 @@ services: - INSTALL_REDIS=${PHP_WORKER_INSTALL_REDIS} - INSTALL_IMAP=${PHP_WORKER_INSTALL_IMAP} - INSTALL_XMLRPC=${PHP_WORKER_INSTALL_XMLRPC} + - INSTALL_SSDB=${PHP_WORKER_INSTALL_SSDB} - PUID=${PHP_WORKER_PUID} - PGID=${PHP_WORKER_PGID} - IMAGEMAGICK_VERSION=${PHP_WORKER_IMAGEMAGICK_VERSION} @@ -412,6 +414,32 @@ services: - frontend - backend +### OpenResty Server ######################################### + openresty: + build: + context: ./openresty + args: + - CHANGE_SOURCE=${CHANGE_SOURCE} + - PHP_UPSTREAM_CONTAINER=${OPENRESTY_PHP_UPSTREAM_CONTAINER} + - PHP_UPSTREAM_PORT=${OPENRESTY_PHP_UPSTREAM_PORT} + - http_proxy + - https_proxy + - no_proxy + volumes: + - ${APP_CODE_PATH_HOST}:${APP_CODE_PATH_CONTAINER}${APP_CODE_CONTAINER_FLAG} + - ${OPENRESTY_HOST_LOG_PATH}:/var/log/nginx + - ${OPENRESTY_SITES_PATH}:/etc/nginx/sites-available + - ${OPENRESTY_SSL_PATH}:/etc/nginx/ssl + ports: + - "${OPENRESTY_HOST_HTTP_PORT}:80" + - "${OPENRESTY_HOST_HTTPS_PORT}:443" + - "${VARNISH_BACKEND_PORT}:81" + depends_on: + - php-fpm + networks: + - frontend + - backend + ### Blackfire ######################################## blackfire: image: blackfire/blackfire @@ -692,6 +720,15 @@ services: - "${REDIS_CLUSTER_PORT_RANGE}:7000-7005" networks: - backend +### SSDB ################################################ + ssdb: + build: ./ssdb + volumes: + - ${DATA_PATH_HOST}/ssdb:/data + ports: + - "${SSDB_PORT}:8888" + networks: + - backend ### ZooKeeper ######################################### zookeeper: diff --git a/openresty/Dockerfile b/openresty/Dockerfile new file mode 100644 index 00000000..8a045aba --- /dev/null +++ b/openresty/Dockerfile @@ -0,0 +1,211 @@ +# Dockerfile - alpine +# https://github.com/openresty/docker-openresty + +ARG RESTY_IMAGE_BASE="alpine" +ARG RESTY_IMAGE_TAG="3.13" + +FROM ${RESTY_IMAGE_BASE}:${RESTY_IMAGE_TAG} + +LABEL maintainer="Evan Wies " + +# Docker Build Arguments +ARG RESTY_IMAGE_BASE="alpine" +ARG RESTY_IMAGE_TAG="3.13" +ARG RESTY_VERSION="1.19.3.2" +ARG RESTY_OPENSSL_VERSION="1.1.1k" +ARG RESTY_OPENSSL_PATCH_VERSION="1.1.1f" +ARG RESTY_OPENSSL_URL_BASE="https://www.openssl.org/source" +ARG RESTY_PCRE_VERSION="8.44" +ARG RESTY_J="1" +ARG RESTY_CONFIG_OPTIONS="\ + --with-compat \ + --with-file-aio \ + --with-http_addition_module \ + --with-http_auth_request_module \ + --with-http_dav_module \ + --with-http_flv_module \ + --with-http_geoip_module=dynamic \ + --with-http_gunzip_module \ + --with-http_gzip_static_module \ + --with-http_image_filter_module=dynamic \ + --with-http_mp4_module \ + --with-http_random_index_module \ + --with-http_realip_module \ + --with-http_secure_link_module \ + --with-http_slice_module \ + --with-http_ssl_module \ + --with-http_stub_status_module \ + --with-http_sub_module \ + --with-http_v2_module \ + --with-http_xslt_module=dynamic \ + --with-ipv6 \ + --with-mail \ + --with-mail_ssl_module \ + --with-md5-asm \ + --with-pcre-jit \ + --with-sha1-asm \ + --with-stream \ + --with-stream_ssl_module \ + --with-threads \ + " +ARG RESTY_CONFIG_OPTIONS_MORE="\ + --conf-path=/etc/nginx/nginx.conf \ + --error-log-path=/var/log/nginx/error.log \ + --http-log-path=/var/log/nginx/access.log \ + --pid-path=/var/run/nginx.pid \ + --user=www-data \ + --group=www-data \ + --with-http_iconv_module \ + --add-module=/tmp/nginx-ct-master \ + --add-module=/tmp/nginx-dav-ext-module-master \ + --add-module=/tmp/ngx_brotli \ + --add-module=/tmp/ngx_cache_purge-master \ + --add-module=/tmp/ngx_http_substitutions_filter_module-master \ + " +ARG RESTY_LUAJIT_OPTIONS="--with-luajit-xcflags='-DLUAJIT_NUMMODE=2 -DLUAJIT_ENABLE_LUA52COMPAT'" + +ARG RESTY_ADD_PACKAGE_BUILDDEPS="" +ARG RESTY_ADD_PACKAGE_RUNDEPS="" +ARG RESTY_EVAL_PRE_CONFIGURE="" +ARG RESTY_EVAL_POST_MAKE="" + +# These are not intended to be user-specified +ARG _RESTY_CONFIG_DEPS="--with-pcre \ + --with-cc-opt='-DNGX_LUA_ABORT_AT_PANIC -I/usr/local/openresty/pcre/include -I/usr/local/openresty/openssl/include' \ + --with-ld-opt='-L/usr/local/openresty/pcre/lib -L/usr/local/openresty/openssl/lib -Wl,-rpath,/usr/local/openresty/pcre/lib:/usr/local/openresty/openssl/lib' \ + " + +LABEL resty_image_base="${RESTY_IMAGE_BASE}" +LABEL resty_image_tag="${RESTY_IMAGE_TAG}" +LABEL resty_version="${RESTY_VERSION}" +LABEL resty_openssl_version="${RESTY_OPENSSL_VERSION}" +LABEL resty_openssl_patch_version="${RESTY_OPENSSL_PATCH_VERSION}" +LABEL resty_openssl_url_base="${RESTY_OPENSSL_URL_BASE}" +LABEL resty_pcre_version="${RESTY_PCRE_VERSION}" +LABEL resty_config_options="${RESTY_CONFIG_OPTIONS}" +LABEL resty_config_options_more="${RESTY_CONFIG_OPTIONS_MORE}" +LABEL resty_config_deps="${_RESTY_CONFIG_DEPS}" +LABEL resty_add_package_builddeps="${RESTY_ADD_PACKAGE_BUILDDEPS}" +LABEL resty_add_package_rundeps="${RESTY_ADD_PACKAGE_RUNDEPS}" +LABEL resty_eval_pre_configure="${RESTY_EVAL_PRE_CONFIGURE}" +LABEL resty_eval_post_make="${RESTY_EVAL_POST_MAKE}" + +ARG CHANGE_SOURCE=false +RUN if [ ${CHANGE_SOURCE} = true ]; then \ + # Change application source from dl-cdn.alpinelinux.org to aliyun source + sed -i 's/dl-cdn.alpinelinux.org/mirrors.aliyun.com/' /etc/apk/repositories \ +;fi + +RUN set -x ; \ + addgroup -g 82 -S www-data ; \ + adduser -u 82 -D -S -G www-data www-data && exit 0 ; exit 1 + + +RUN apk add --no-cache --virtual .build-deps \ + build-base \ + coreutils \ + curl \ + gd-dev \ + geoip-dev \ + libxslt-dev \ + linux-headers \ + make \ + perl-dev \ + readline-dev \ + zlib-dev \ + ${RESTY_ADD_PACKAGE_BUILDDEPS} \ + && apk add --no-cache \ + gd \ + geoip \ + libgcc \ + libxslt \ + zlib \ + bash \ + logrotate \ + openssl \ + ${RESTY_ADD_PACKAGE_RUNDEPS} \ + && cd /tmp \ + && if [ -n "${RESTY_EVAL_PRE_CONFIGURE}" ]; then eval $(echo ${RESTY_EVAL_PRE_CONFIGURE}); fi \ + && cd /tmp \ + && curl -fSL "${RESTY_OPENSSL_URL_BASE}/openssl-${RESTY_OPENSSL_VERSION}.tar.gz" -o openssl-${RESTY_OPENSSL_VERSION}.tar.gz \ + && tar xzf openssl-${RESTY_OPENSSL_VERSION}.tar.gz \ + && cd openssl-${RESTY_OPENSSL_VERSION} \ + && if [ $(echo ${RESTY_OPENSSL_VERSION} | cut -c 1-5) = "1.1.1" ] ; then \ + echo 'patching OpenSSL 1.1.1 for OpenResty' \ + && curl -s https://raw.githubusercontent.com/openresty/openresty/master/patches/openssl-${RESTY_OPENSSL_PATCH_VERSION}-sess_set_get_cb_yield.patch | patch -p1 ; \ + fi \ + && if [ $(echo ${RESTY_OPENSSL_VERSION} | cut -c 1-5) = "1.1.0" ] ; then \ + echo 'patching OpenSSL 1.1.0 for OpenResty' \ + && curl -s https://raw.githubusercontent.com/openresty/openresty/ed328977028c3ec3033bc25873ee360056e247cd/patches/openssl-1.1.0j-parallel_build_fix.patch | patch -p1 \ + && curl -s https://raw.githubusercontent.com/openresty/openresty/master/patches/openssl-${RESTY_OPENSSL_PATCH_VERSION}-sess_set_get_cb_yield.patch | patch -p1 ; \ + fi \ + && ./config \ + no-threads shared zlib -g \ + enable-ssl3 enable-ssl3-method \ + --prefix=/usr/local/openresty/openssl \ + --libdir=lib \ + -Wl,-rpath,/usr/local/openresty/openssl/lib \ + && make -j${RESTY_J} \ + && make -j${RESTY_J} install_sw \ + && cd /tmp \ + && curl -fSL https://ftp.pcre.org/pub/pcre/pcre-${RESTY_PCRE_VERSION}.tar.gz -o pcre-${RESTY_PCRE_VERSION}.tar.gz \ + && tar xzf pcre-${RESTY_PCRE_VERSION}.tar.gz \ + && cd /tmp/pcre-${RESTY_PCRE_VERSION} \ + && ./configure \ + --prefix=/usr/local/openresty/pcre \ + --disable-cpp \ + --enable-jit \ + --enable-utf \ + --enable-unicode-properties \ + && make -j${RESTY_J} \ + && make -j${RESTY_J} install \ + && cd /tmp \ + && curl -fSL https://openresty.org/download/openresty-${RESTY_VERSION}.tar.gz -o openresty-${RESTY_VERSION}.tar.gz \ + && tar xzf openresty-${RESTY_VERSION}.tar.gz \ + && curl -fSL https://github.com/grahamedgecombe/nginx-ct/archive/master.tar.gz -o nginx-ct.tar.gz \ + && tar xzf nginx-ct.tar.gz \ + && curl -fSL https://github.com/arut/nginx-dav-ext-module/archive/master.tar.gz -o nginx-dav-ext-module.tar.gz \ + && tar xzf nginx-dav-ext-module.tar.gz \ + && curl -fSL https://www.downsoft.cn/software/linux/nginx/ngx_brotli.tar.gz -o ngx_brotli.tar.gz \ + && tar xzf ngx_brotli.tar.gz \ + && curl -fSL https://github.com/yaoweibin/ngx_http_substitutions_filter_module/archive/master.tar.gz -o ngx_http_substitutions_filter_module.tar.gz \ + && tar xzf ngx_http_substitutions_filter_module.tar.gz \ + && curl -fSL https://github.com/FRiCKLE/ngx_cache_purge/archive/master.tar.gz -o ngx_cache_purge.tar.gz \ + && tar xzf ngx_cache_purge.tar.gz \ + && cd /tmp/openresty-${RESTY_VERSION} \ + && eval ./configure -j${RESTY_J} ${_RESTY_CONFIG_DEPS} ${RESTY_CONFIG_OPTIONS} ${RESTY_CONFIG_OPTIONS_MORE} ${RESTY_LUAJIT_OPTIONS} \ + && make -j${RESTY_J} \ + && make -j${RESTY_J} install \ + && cd /tmp \ + && if [ -n "${RESTY_EVAL_POST_MAKE}" ]; then eval $(echo ${RESTY_EVAL_POST_MAKE}); fi \ + && rm -rf \ + openssl-${RESTY_OPENSSL_VERSION}.tar.gz openssl-${RESTY_OPENSSL_VERSION} \ + pcre-${RESTY_PCRE_VERSION}.tar.gz pcre-${RESTY_PCRE_VERSION} \ + openresty-${RESTY_VERSION}.tar.gz openresty-${RESTY_VERSION} \ + && apk del .build-deps \ + && mkdir -p /etc/nginx/conf.d/ /var/run/openresty/ + +# Add additional binaries into PATH for convenience +ENV PATH=$PATH:/usr/local/openresty/luajit/bin:/usr/local/openresty/nginx/sbin:/usr/local/openresty/bin + + +ARG PHP_UPSTREAM_CONTAINER=php-fpm +ARG PHP_UPSTREAM_PORT=9000 + +# Create 'messages' file used from 'logrotate' +RUN touch /var/log/messages + +# Copy 'logrotate' config file +COPY logrotate/nginx /etc/logrotate.d/ + +# Set upstream conf and remove the default conf +RUN echo "upstream php-upstream { server ${PHP_UPSTREAM_CONTAINER}:${PHP_UPSTREAM_PORT}; }" > /etc/nginx/conf.d/upstream.conf + +# Copy nginx configuration files +COPY nginx.conf /etc/nginx/ + +ADD ./startup.sh /opt/startup.sh +RUN sed -i 's/\r//g' /opt/startup.sh +CMD ["/bin/bash", "/opt/startup.sh"] + +EXPOSE 80 81 443 diff --git a/openresty/logrotate/nginx b/openresty/logrotate/nginx new file mode 100644 index 00000000..8c89a83a --- /dev/null +++ b/openresty/logrotate/nginx @@ -0,0 +1,14 @@ +/var/log/nginx/*.log { + daily + missingok + rotate 32 + compress + delaycompress + nodateext + notifempty + create 644 www-data root + sharedscripts + postrotate + [ -f /var/run/nginx.pid ] && kill -USR1 `cat /var/run/nginx.pid` + endscript +} diff --git a/openresty/nginx.conf b/openresty/nginx.conf new file mode 100644 index 00000000..a2494964 --- /dev/null +++ b/openresty/nginx.conf @@ -0,0 +1,100 @@ +# nginx.conf -- docker-openresty +# +# This file is installed to: +# `/usr/local/openresty/nginx/conf/nginx.conf` +# and is the file loaded by nginx at startup, +# unless the user specifies otherwise. +# +# It tracks the upstream OpenResty's `nginx.conf`, but removes the `server` +# section and adds this directive: +# `include /etc/nginx/conf.d/*.conf;` +# +# The `docker-openresty` file `nginx.vh.default.conf` is copied to +# `/etc/nginx/conf.d/default.conf`. It contains the `server section +# of the upstream `nginx.conf`. +# +# See https://github.com/openresty/docker-openresty/blob/master/README.md#nginx-config-files +# + +user www-data; +worker_processes 4; + +# Enables the use of JIT for regular expressions to speed-up their processing. +pcre_jit on; + + +#error_log logs/error.log; +#error_log logs/error.log notice; +#error_log logs/error.log info; + +pid /var/run/nginx.pid; +daemon off; + +worker_rlimit_nofile 65535; +events { + use epoll; + worker_connections 65535; + multi_accept on; + accept_mutex on; +} + +http { + include mime.types; + default_type application/octet-stream; + + # Enables or disables the use of underscores in client request header fields. + # When the use of underscores is disabled, request header fields whose names contain underscores are marked as invalid and become subject to the ignore_invalid_headers directive. + # underscores_in_headers off; + + log_format main '$remote_addr - $remote_user [$time_local] "$request" ' + '$status $body_bytes_sent "$http_referer" ' + '"$http_user_agent" "$http_x_forwarded_for" "$host"'; + #access_log logs/access.log main; + + # Log in JSON Format + # log_format nginxlog_json escape=json '{ "timestamp": "$time_iso8601", ' + # '"remote_addr": "$remote_addr", ' + # '"body_bytes_sent": $body_bytes_sent, ' + # '"request_time": $request_time, ' + # '"response_status": $status, ' + # '"request": "$request", ' + # '"request_method": "$request_method", ' + # '"host": "$host",' + # '"upstream_addr": "$upstream_addr",' + # '"http_x_forwarded_for": "$http_x_forwarded_for",' + # '"http_referrer": "$http_referer", ' + # '"http_user_agent": "$http_user_agent", ' + # '"http_version": "$server_protocol", ' + # '"nginx_access": true }'; + # access_log /dev/stdout nginxlog_json; + + # See Move default writable paths to a dedicated directory (#119) + # https://github.com/openresty/docker-openresty/issues/119 + client_body_temp_path /var/run/openresty/nginx-client-body; + proxy_temp_path /var/run/openresty/nginx-proxy; + fastcgi_temp_path /var/run/openresty/nginx-fastcgi; + uwsgi_temp_path /var/run/openresty/nginx-uwsgi; + scgi_temp_path /var/run/openresty/nginx-scgi; + + sendfile on; + tcp_nopush on; + tcp_nodelay on; + + #keepalive_timeout 0; + keepalive_timeout 65; + types_hash_max_size 2048; + client_max_body_size 128M; + + gzip on; + gzip_disable "msie6"; + + ssl_protocols TLSv1 TLSv1.1 TLSv1.2; + ssl_ciphers 'ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS'; + + include /etc/nginx/conf.d/*.conf; + include /etc/nginx/sites-available/*.conf; + + # Don't reveal OpenResty version to clients. + server_tokens off; + charset UTF-8; +} diff --git a/openresty/sites/.gitignore b/openresty/sites/.gitignore new file mode 100644 index 00000000..f5d67af0 --- /dev/null +++ b/openresty/sites/.gitignore @@ -0,0 +1,2 @@ +*.conf +!default.conf \ No newline at end of file diff --git a/openresty/sites/app.conf.example b/openresty/sites/app.conf.example new file mode 100644 index 00000000..a0f8357d --- /dev/null +++ b/openresty/sites/app.conf.example @@ -0,0 +1,43 @@ +server { + + listen 80; + listen [::]:80; + + # For https + # listen 443 ssl; + # listen [::]:443 ssl ipv6only=on; + # ssl_certificate /etc/nginx/ssl/default.crt; + # ssl_certificate_key /etc/nginx/ssl/default.key; + + server_name app.test; + root /var/www/app; + index index.php index.html index.htm; + + location / { + try_files $uri $uri/ /index.php$is_args$args; + } + + location ~ \.php$ { + try_files $uri /index.php =404; + fastcgi_pass php-upstream; + fastcgi_index index.php; + fastcgi_buffers 16 16k; + fastcgi_buffer_size 32k; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + #fixes timeouts + fastcgi_read_timeout 600; + include fastcgi_params; + } + + location ~ /\.ht { + deny all; + } + + location /.well-known/acme-challenge/ { + root /var/www/letsencrypt/; + log_not_found off; + } + + error_log /var/log/nginx/app_error.log; + access_log /var/log/nginx/app_access.log; +} diff --git a/openresty/sites/confluence.conf.example b/openresty/sites/confluence.conf.example new file mode 100644 index 00000000..f804956b --- /dev/null +++ b/openresty/sites/confluence.conf.example @@ -0,0 +1,43 @@ +server { + listen 80; + listen [::]:80; + server_name www.confluence-domain.com; + rewrite ^(.*) https://confluence-domain.com$1/ permanent; +} + +server { + listen 80; + listen [::]:80; + server_name confluence-domain.com; + rewrite ^(.*) https://confluence-domain.com/ permanent; +} + +server { + listen 443 ssl; + listen [::]:443 ssl; + ssl_certificate /etc/nginx/ssl/confluence-domain.com.crt; + ssl_certificate_key /etc/nginx/ssl/confluence-domain.com.key; + + server_name confluence-domain.com; + + location / { + client_max_body_size 100m; + proxy_set_header X-Forwarded-Host $host; + proxy_set_header X-Forwarded-Server $host; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_pass http://confluence-domain.com:8090/; + } + + location /synchrony { + proxy_set_header X-Forwarded-Host $host; + proxy_set_header X-Forwarded-Server $host; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_pass http://confluence-domain.com:8090/synchrony-proxy; + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "Upgrade"; + } + + error_log /var/log/nginx/bookchangerru_error.log; + access_log /var/log/nginx/bookchangerru_access.log; +} diff --git a/openresty/sites/default.conf b/openresty/sites/default.conf new file mode 100644 index 00000000..e02bb830 --- /dev/null +++ b/openresty/sites/default.conf @@ -0,0 +1,40 @@ +server { + + listen 80 default_server; + listen [::]:80 default_server ipv6only=on; + + # For https + # listen 443 ssl default_server; + # listen [::]:443 ssl default_server ipv6only=on; + # ssl_certificate /etc/nginx/ssl/default.crt; + # ssl_certificate_key /etc/nginx/ssl/default.key; + + server_name localhost; + root /var/www/public; + index index.php index.html index.htm; + + location / { + try_files $uri $uri/ /index.php$is_args$args; + } + + location ~ \.php$ { + try_files $uri /index.php =404; + fastcgi_pass php-upstream; + fastcgi_index index.php; + fastcgi_buffers 16 16k; + fastcgi_buffer_size 32k; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + #fixes timeouts + fastcgi_read_timeout 600; + include fastcgi_params; + } + + location ~ /\.ht { + deny all; + } + + location /.well-known/acme-challenge/ { + root /var/www/letsencrypt/; + log_not_found off; + } +} diff --git a/openresty/sites/laravel.conf.example b/openresty/sites/laravel.conf.example new file mode 100644 index 00000000..c9ba2d96 --- /dev/null +++ b/openresty/sites/laravel.conf.example @@ -0,0 +1,49 @@ +#server { +# listen 80; +# server_name laravel.com.co; +# return 301 https://laravel.com.co$request_uri; +#} + +server { + + listen 80; + listen [::]:80; + + # For https + # listen 443 ssl; + # listen [::]:443 ssl ipv6only=on; + # ssl_certificate /etc/nginx/ssl/default.crt; + # ssl_certificate_key /etc/nginx/ssl/default.key; + + server_name laravel.test; + root /var/www/laravel/public; + index index.php index.html index.htm; + + location / { + try_files $uri $uri/ /index.php$is_args$args; + } + + location ~ \.php$ { + try_files $uri /index.php =404; + fastcgi_pass php-upstream; + fastcgi_index index.php; + fastcgi_buffers 16 16k; + fastcgi_buffer_size 32k; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + #fixes timeouts + fastcgi_read_timeout 600; + include fastcgi_params; + } + + location ~ /\.ht { + deny all; + } + + location /.well-known/acme-challenge/ { + root /var/www/letsencrypt/; + log_not_found off; + } + + error_log /var/log/nginx/laravel_error.log; + access_log /var/log/nginx/laravel_access.log; +} diff --git a/openresty/sites/laravel_varnish.conf.example b/openresty/sites/laravel_varnish.conf.example new file mode 100644 index 00000000..7d545872 --- /dev/null +++ b/openresty/sites/laravel_varnish.conf.example @@ -0,0 +1,110 @@ +server { + listen 80; + listen [::]:80; + server_name www.laravel.test; + rewrite ^(.*) https://laravel.test$1/ permanent; +} + +server { + listen 80; + listen [::]:80; + server_name laravel.test; + rewrite ^(.*) https://laravel.test$1/ permanent; +} + +server { + listen 443 ssl ; + listen [::]:443 ssl; + ssl_certificate /etc/nginx/ssl/laravel.test.crt; + ssl_certificate_key /etc/nginx/ssl/laravel.test.key; + server_name www.laravel.test; + rewrite ^(.*) https://laravel.test$1/ permanent; +} + +server { + server_name laravel.test; + + # For https + listen 443 ssl ; + listen [::]:443 ssl; + ssl_certificate /etc/nginx/ssl/laravel.test.crt; + ssl_certificate_key /etc/nginx/ssl/laravel.test.key; + + port_in_redirect off; + + add_header Strict-Transport-Security "max-age=31536000"; + add_header X-Content-Type-Options nosniff; + + location / { + proxy_pass http://proxy:6081; + proxy_set_header Host $http_host; + proxy_set_header X-Forwarded-Host $http_host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto https; + proxy_set_header HTTPS "on"; + proxy_redirect off; + } +} + +server { + server_name laravel.test; + + listen 81; + listen [::]:81; + + root /var/www/laravel.test/www; + + index index.php index.html index.htm; + + location / { + try_files $uri $uri/ /index.php$is_args$args; + } + + location ~ \.php$ { + fastcgi_max_temp_file_size 4m; + fastcgi_pass php-upstream; + + # Additional configs + fastcgi_pass_header Set-Cookie; + fastcgi_pass_header Cookie; + fastcgi_ignore_headers Cache-Control Expires Set-Cookie; + try_files $uri /index.php =404; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_split_path_info ^(.+\.php)(/.+)$; + fastcgi_param PATH_INFO $fastcgi_path_info; + fastcgi_param PATH_TRANSLATED $document_root$fastcgi_path_info; + fastcgi_param HTTPS on; + + fastcgi_buffers 16 16k; + fastcgi_buffer_size 32k; + + fastcgi_intercept_errors on; + + #fixes timeouts + fastcgi_read_timeout 600; + include fastcgi_params; + } + + # Caching + location ~* \.(ico|jpg|webp|jpeg|gif|css|png|js|ico|bmp|zip|woff)$ { + access_log off; + log_not_found off; + add_header Pragma public; + add_header Cache-Control "public"; + expires 14d; + } + + location ~* \.(php|html)$ { + access_log on; + log_not_found on; + add_header Pragma public; + add_header Cache-Control "public"; + expires 14d; + } + + location ~ /\.ht { + deny all; + } +} diff --git a/openresty/sites/node.conf.example b/openresty/sites/node.conf.example new file mode 100644 index 00000000..6fe0c754 --- /dev/null +++ b/openresty/sites/node.conf.example @@ -0,0 +1,47 @@ +#server { +# listen 80; +# server_name node.com.co; +# return 301 https://node.com.co$request_uri; +#} + +server { + + listen 80; + listen [::]:80; + + #listen 443; + #listen [::]:443; + + server_name node.com.co; + + #ssl on; + #ssl_certificate /var/certs/node.com.co/cert.pem; + #ssl_certificate_key /var/certs/node.com.co/privkey.pem; + #ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2; + #ssl_ciphers HIGH:!aNULL:!MD5; + + + location / { + proxy_pass http://node.com.co:3001; + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection 'upgrade'; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_cache_bypass $http_upgrade; + } + + location ~ /\.ht { + deny all; + } + + location /.well-known/acme-challenge/ { + root /var/www/letsencrypt/; + log_not_found off; + } + + error_log /var/log/nginx/node.com.co.local_error.log; + access_log /var/log/nginx/node.com.co.local_access.log; +} diff --git a/openresty/sites/symfony.conf.example b/openresty/sites/symfony.conf.example new file mode 100644 index 00000000..2834d747 --- /dev/null +++ b/openresty/sites/symfony.conf.example @@ -0,0 +1,42 @@ +server { + + listen 80; + listen [::]:80; + + # For https + # listen 443 ssl; + # listen [::]:443 ssl ipv6only=on; + # ssl_certificate /etc/nginx/ssl/default.crt; + # ssl_certificate_key /etc/nginx/ssl/default.key; + + server_name symfony.test; + root /var/www/projects/symfony/web; + index index.php index.html index.htm; + + location / { + try_files $uri @rewriteapp; + } + + # For Symfony 3 + location @rewriteapp { + rewrite ^(.*)$ /app.php/$1 last; + } + + # For Symfony 4 config + # location @rewriteapp { + # rewrite ^(.*)$ /index.php/$1 last; + # } + + location ~ ^/(app|app_dev|config|index)\.php(/|$) { + fastcgi_pass php-upstream; + fastcgi_split_path_info ^(.+\.php)(/.*)$; + include fastcgi_params; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + #fixes timeouts + fastcgi_read_timeout 600; + fastcgi_param HTTPS off; + } + + error_log /var/log/nginx/symfony_error.log; + access_log /var/log/nginx/symfony_access.log; +} diff --git a/openresty/ssl/.gitignore b/openresty/ssl/.gitignore new file mode 100644 index 00000000..003cd8e5 --- /dev/null +++ b/openresty/ssl/.gitignore @@ -0,0 +1,4 @@ +*.crt +*.csr +*.key +*.pem \ No newline at end of file diff --git a/openresty/startup.sh b/openresty/startup.sh new file mode 100644 index 00000000..0f088ad0 --- /dev/null +++ b/openresty/startup.sh @@ -0,0 +1,14 @@ +#!/bin/bash + +if [ ! -f /etc/nginx/ssl/default.crt ]; then + openssl genrsa -out "/etc/nginx/ssl/default.key" 2048 + openssl req -new -key "/etc/nginx/ssl/default.key" -out "/etc/nginx/ssl/default.csr" -subj "/CN=default/O=default/C=UK" + openssl x509 -req -days 365 -in "/etc/nginx/ssl/default.csr" -signkey "/etc/nginx/ssl/default.key" -out "/etc/nginx/ssl/default.crt" + chmod 644 /etc/nginx/ssl/default.key +fi + +# Start crond in background +crond -l 2 -b + +# Start nginx in foreground +nginx diff --git a/php-fpm/Dockerfile b/php-fpm/Dockerfile index 9eb184b7..9da002c8 100644 --- a/php-fpm/Dockerfile +++ b/php-fpm/Dockerfile @@ -1136,6 +1136,33 @@ RUN if [ ${NEW_RELIC} = true ]; then \ -e 's/;newrelic.daemon.start_timeout =.*/newrelic.daemon.start_timeout=5s/' \ /usr/local/etc/php/conf.d/newrelic.ini \ ;fi + +########################################################################### +# PHP SSDB: +########################################################################### + +USER root + +ARG INSTALL_SSDB=false + +RUN set -xe; \ + if [ ${INSTALL_SSDB} = true ] && [ $(php -r "echo PHP_MAJOR_VERSION;") != "8" ]; then \ + apt-get -y install sudo wget && \ + if [ $(php -r "echo PHP_MAJOR_VERSION;") = "7" ]; then \ + curl -L -o /tmp/ssdb-client-php.tar.gz https://github.com/jonnywang/phpssdb/archive/php7.tar.gz; \ + else \ + curl -L -o /tmp/ssdb-client-php.tar.gz https://github.com/jonnywang/phpssdb/archive/master.tar.gz; \ + fi \ + && mkdir -p /tmp/ssdb-client-php \ + && tar -C /tmp/ssdb-client-php -zxvf /tmp/ssdb-client-php.tar.gz --strip 1 \ + && cd /tmp/ssdb-client-php \ + && phpize \ + && ./configure \ + && make \ + && make install \ + && rm /tmp/ssdb-client-php.tar.gz \ + && docker-php-ext-enable ssdb \ +;fi ########################################################################### # Downgrade Openssl: ########################################################################### diff --git a/php-worker/Dockerfile b/php-worker/Dockerfile index b901770b..c06bd7ee 100644 --- a/php-worker/Dockerfile +++ b/php-worker/Dockerfile @@ -422,6 +422,33 @@ RUN if [ ${INSTALL_MEMCACHED} = true ]; then \ php -m | grep -r 'memcached'; \ fi +########################################################################### +# PHP SSDB: +########################################################################### + +USER root + +ARG INSTALL_SSDB=false + +RUN set -xe; \ + if [ ${INSTALL_SSDB} = true ] && [ $(php -r "echo PHP_MAJOR_VERSION;") != "8" ]; then \ + apk --update add sudo wget && \ + if [ $(php -r "echo PHP_MAJOR_VERSION;") = "7" ]; then \ + curl -L -o /tmp/ssdb-client-php.tar.gz https://github.com/jonnywang/phpssdb/archive/php7.tar.gz; \ + else \ + curl -L -o /tmp/ssdb-client-php.tar.gz https://github.com/jonnywang/phpssdb/archive/master.tar.gz; \ + fi \ + && mkdir -p /tmp/ssdb-client-php \ + && tar -C /tmp/ssdb-client-php -zxvf /tmp/ssdb-client-php.tar.gz --strip 1 \ + && cd /tmp/ssdb-client-php \ + && phpize \ + && ./configure \ + && make \ + && make install \ + && rm /tmp/ssdb-client-php.tar.gz \ + && docker-php-ext-enable ssdb \ +;fi + # #-------------------------------------------------------------------------- # Optional Supervisord Configuration diff --git a/ssdb/Dockerfile b/ssdb/Dockerfile new file mode 100644 index 00000000..e8e988a7 --- /dev/null +++ b/ssdb/Dockerfile @@ -0,0 +1,22 @@ +FROM alpine +LABEL maintainer="Leonard Buskin " + +ARG VERSION=${VERSION:-master} + +RUN apk add --no-cache --virtual .build-deps \ + curl gcc g++ make autoconf libc-dev libevent-dev linux-headers perl tar \ + && mkdir -p /ssdb/tmp \ + && curl -Lk "https://github.com/ideawu/ssdb/archive/${VERSION}.tar.gz" | \ + tar -xz -C /ssdb/tmp --strip-components=1 \ + && cd /ssdb/tmp \ + && make -j$(getconf _NPROCESSORS_ONLN) \ + && make install PREFIX=/ssdb \ + && rm -rf /ssdb/tmp \ + && apk add --virtual .rundeps libstdc++ \ + && apk add --no-cache bash python2 \ + && apk del .build-deps + +EXPOSE 8888 +VOLUME /ssdb/var +COPY ssdb.conf /ssdb/ssdb.conf +CMD ["/ssdb/ssdb-server", "/ssdb/ssdb.conf"] diff --git a/ssdb/ssdb.conf b/ssdb/ssdb.conf new file mode 100644 index 00000000..14122b92 --- /dev/null +++ b/ssdb/ssdb.conf @@ -0,0 +1,52 @@ +# ssdb-server config +# MUST indent by TAB! + +# relative to path of this file, directory must exists +work_dir = /data +pidfile = /run/ssdb.pid + +server: + #ip: 127.0.0.1 + port: 8888 + # bind to public ip + ip: 0.0.0.0 + # format: allow|deny: all|ip_prefix + # multiple allows or denys is supported + deny: all + allow: 127.0.0.1 + allow: 192. + allow: 172. + # auth password must be at least 32 characters + #auth: very-strong-password + +replication: + binlog: yes + # Limit sync speed to *MB/s, -1: no limit + sync_speed: -1 + slaveof: + # to identify a master even if it moved(ip, port changed) + # if set to empty or not defined, ip:port will be used. + #id: svc_2 + # sync|mirror, default is sync + #type: sync + #host: s1.ssdb.db + #port: 8888 + +logger: + level: warn + output: /var/log/ssdb.log + rotate: + size: 1000000000 + +leveldb: + # in MB + cache_size: 500 + # in KB + block_size: 32 + # in MB + write_buffer_size: 64 + # in MB + compaction_speed: 1000 + # yes|no + compression: yes + diff --git a/workspace/Dockerfile b/workspace/Dockerfile index 64deb567..c9c777c8 100644 --- a/workspace/Dockerfile +++ b/workspace/Dockerfile @@ -1649,6 +1649,32 @@ RUN set -eux; \ php -m | grep -q 'zookeeper'; \ fi +########################################################################### +# PHP SSDB: +########################################################################### + +USER root + +ARG INSTALL_SSDB=false + +RUN set -xe; \ + if [ ${INSTALL_SSDB} = true ] && [ $(php -r "echo PHP_MAJOR_VERSION;") != "8" ]; then \ + apt-get -y install sudo wget && \ + if [ $(php -r "echo PHP_MAJOR_VERSION;") = "7" ]; then \ + curl -L -o /tmp/ssdb-client-php.tar.gz https://github.com/jonnywang/phpssdb/archive/php7.tar.gz; \ + else \ + curl -L -o /tmp/ssdb-client-php.tar.gz https://github.com/jonnywang/phpssdb/archive/master.tar.gz; \ + fi \ + && mkdir -p /tmp/ssdb-client-php \ + && tar -C /tmp/ssdb-client-php -zxvf /tmp/ssdb-client-php.tar.gz --strip 1 \ + && cd /tmp/ssdb-client-php \ + && phpize \ + && ./configure \ + && make \ + && make install \ + && rm /tmp/ssdb-client-php.tar.gz \ + && docker-php-ext-enable ssdb \ +;fi # #-------------------------------------------------------------------------- # Final Touch