add openresty and ssdb

This commit is contained in:
Larry 2021-06-23 22:56:12 +08:00
parent 0b6c266744
commit e0a88ac371
16 changed files with 829 additions and 1 deletions

View File

@ -5,7 +5,6 @@ networks:
driver: ${NETWORKS_DRIVER}
backend:
driver: ${NETWORKS_DRIVER}
volumes:
mysql:
driver: ${VOLUMES_DRIVER}
@ -415,6 +414,32 @@ services:
- frontend
- backend
### OpenResty Server #########################################
openresty:
build:
context: ./openresty
args:
- CHANGE_SOURCE=${CHANGE_SOURCE}
- PHP_UPSTREAM_CONTAINER=${OPENRESTY_PHP_UPSTREAM_CONTAINER}
- PHP_UPSTREAM_PORT=${OPENRESTY_PHP_UPSTREAM_PORT}
- http_proxy
- https_proxy
- no_proxy
volumes:
- ${APP_CODE_PATH_HOST}:${APP_CODE_PATH_CONTAINER}${APP_CODE_CONTAINER_FLAG}
- ${OPENRESTY_HOST_LOG_PATH}:/var/log/nginx
- ${OPENRESTY_SITES_PATH}:/etc/nginx/sites-available
- ${OPENRESTY_SSL_PATH}:/etc/nginx/ssl
ports:
- "${OPENRESTY_HOST_HTTP_PORT}:80"
- "${OPENRESTY_HOST_HTTPS_PORT}:443"
- "${VARNISH_BACKEND_PORT}:81"
depends_on:
- php-fpm
networks:
- frontend
- backend
### Blackfire ########################################
blackfire:
image: blackfire/blackfire
@ -694,6 +719,16 @@ services:
- "${REDIS_CLUSTER_PORT_RANGE}:7000-7005"
networks:
- backend
### SSDB ################################################
ssdb:
build: ./ssdb
volumes:
- ${DATA_PATH_HOST}/ssdb:/data
ports:
- "${SSDB_PORT}:8888"
dns: 172.17.0.1
networks:
- backend
### ZooKeeper #########################################
zookeeper:

211
openresty/Dockerfile Normal file
View File

@ -0,0 +1,211 @@
# Dockerfile - alpine
# https://github.com/openresty/docker-openresty
ARG RESTY_IMAGE_BASE="alpine"
ARG RESTY_IMAGE_TAG="3.13"
FROM ${RESTY_IMAGE_BASE}:${RESTY_IMAGE_TAG}
LABEL maintainer="Evan Wies <evan@neomantra.net>"
# Docker Build Arguments
ARG RESTY_IMAGE_BASE="alpine"
ARG RESTY_IMAGE_TAG="3.13"
ARG RESTY_VERSION="1.19.3.2"
ARG RESTY_OPENSSL_VERSION="1.1.1k"
ARG RESTY_OPENSSL_PATCH_VERSION="1.1.1f"
ARG RESTY_OPENSSL_URL_BASE="https://www.openssl.org/source"
ARG RESTY_PCRE_VERSION="8.44"
ARG RESTY_J="1"
ARG RESTY_CONFIG_OPTIONS="\
--with-compat \
--with-file-aio \
--with-http_addition_module \
--with-http_auth_request_module \
--with-http_dav_module \
--with-http_flv_module \
--with-http_geoip_module=dynamic \
--with-http_gunzip_module \
--with-http_gzip_static_module \
--with-http_image_filter_module=dynamic \
--with-http_mp4_module \
--with-http_random_index_module \
--with-http_realip_module \
--with-http_secure_link_module \
--with-http_slice_module \
--with-http_ssl_module \
--with-http_stub_status_module \
--with-http_sub_module \
--with-http_v2_module \
--with-http_xslt_module=dynamic \
--with-ipv6 \
--with-mail \
--with-mail_ssl_module \
--with-md5-asm \
--with-pcre-jit \
--with-sha1-asm \
--with-stream \
--with-stream_ssl_module \
--with-threads \
"
ARG RESTY_CONFIG_OPTIONS_MORE="\
--conf-path=/etc/nginx/nginx.conf \
--error-log-path=/var/log/nginx/error.log \
--http-log-path=/var/log/nginx/access.log \
--pid-path=/var/run/nginx.pid \
--user=www-data \
--group=www-data \
--with-http_iconv_module \
--add-module=/tmp/nginx-ct-master \
--add-module=/tmp/nginx-dav-ext-module-master \
--add-module=/tmp/ngx_brotli \
--add-module=/tmp/ngx_cache_purge-master \
--add-module=/tmp/ngx_http_substitutions_filter_module-master \
"
ARG RESTY_LUAJIT_OPTIONS="--with-luajit-xcflags='-DLUAJIT_NUMMODE=2 -DLUAJIT_ENABLE_LUA52COMPAT'"
ARG RESTY_ADD_PACKAGE_BUILDDEPS=""
ARG RESTY_ADD_PACKAGE_RUNDEPS=""
ARG RESTY_EVAL_PRE_CONFIGURE=""
ARG RESTY_EVAL_POST_MAKE=""
# These are not intended to be user-specified
ARG _RESTY_CONFIG_DEPS="--with-pcre \
--with-cc-opt='-DNGX_LUA_ABORT_AT_PANIC -I/usr/local/openresty/pcre/include -I/usr/local/openresty/openssl/include' \
--with-ld-opt='-L/usr/local/openresty/pcre/lib -L/usr/local/openresty/openssl/lib -Wl,-rpath,/usr/local/openresty/pcre/lib:/usr/local/openresty/openssl/lib' \
"
LABEL resty_image_base="${RESTY_IMAGE_BASE}"
LABEL resty_image_tag="${RESTY_IMAGE_TAG}"
LABEL resty_version="${RESTY_VERSION}"
LABEL resty_openssl_version="${RESTY_OPENSSL_VERSION}"
LABEL resty_openssl_patch_version="${RESTY_OPENSSL_PATCH_VERSION}"
LABEL resty_openssl_url_base="${RESTY_OPENSSL_URL_BASE}"
LABEL resty_pcre_version="${RESTY_PCRE_VERSION}"
LABEL resty_config_options="${RESTY_CONFIG_OPTIONS}"
LABEL resty_config_options_more="${RESTY_CONFIG_OPTIONS_MORE}"
LABEL resty_config_deps="${_RESTY_CONFIG_DEPS}"
LABEL resty_add_package_builddeps="${RESTY_ADD_PACKAGE_BUILDDEPS}"
LABEL resty_add_package_rundeps="${RESTY_ADD_PACKAGE_RUNDEPS}"
LABEL resty_eval_pre_configure="${RESTY_EVAL_PRE_CONFIGURE}"
LABEL resty_eval_post_make="${RESTY_EVAL_POST_MAKE}"
ARG CHANGE_SOURCE=false
RUN if [ ${CHANGE_SOURCE} = true ]; then \
# Change application source from dl-cdn.alpinelinux.org to aliyun source
sed -i 's/dl-cdn.alpinelinux.org/mirrors.aliyun.com/' /etc/apk/repositories \
;fi
RUN set -x ; \
addgroup -g 82 -S www-data ; \
adduser -u 82 -D -S -G www-data www-data && exit 0 ; exit 1
RUN apk add --no-cache --virtual .build-deps \
build-base \
coreutils \
curl \
gd-dev \
geoip-dev \
libxslt-dev \
linux-headers \
make \
perl-dev \
readline-dev \
zlib-dev \
${RESTY_ADD_PACKAGE_BUILDDEPS} \
&& apk add --no-cache \
gd \
geoip \
libgcc \
libxslt \
zlib \
bash \
logrotate \
openssl \
${RESTY_ADD_PACKAGE_RUNDEPS} \
&& cd /tmp \
&& if [ -n "${RESTY_EVAL_PRE_CONFIGURE}" ]; then eval $(echo ${RESTY_EVAL_PRE_CONFIGURE}); fi \
&& cd /tmp \
&& curl -fSL "${RESTY_OPENSSL_URL_BASE}/openssl-${RESTY_OPENSSL_VERSION}.tar.gz" -o openssl-${RESTY_OPENSSL_VERSION}.tar.gz \
&& tar xzf openssl-${RESTY_OPENSSL_VERSION}.tar.gz \
&& cd openssl-${RESTY_OPENSSL_VERSION} \
&& if [ $(echo ${RESTY_OPENSSL_VERSION} | cut -c 1-5) = "1.1.1" ] ; then \
echo 'patching OpenSSL 1.1.1 for OpenResty' \
&& curl -s https://raw.githubusercontent.com/openresty/openresty/master/patches/openssl-${RESTY_OPENSSL_PATCH_VERSION}-sess_set_get_cb_yield.patch | patch -p1 ; \
fi \
&& if [ $(echo ${RESTY_OPENSSL_VERSION} | cut -c 1-5) = "1.1.0" ] ; then \
echo 'patching OpenSSL 1.1.0 for OpenResty' \
&& curl -s https://raw.githubusercontent.com/openresty/openresty/ed328977028c3ec3033bc25873ee360056e247cd/patches/openssl-1.1.0j-parallel_build_fix.patch | patch -p1 \
&& curl -s https://raw.githubusercontent.com/openresty/openresty/master/patches/openssl-${RESTY_OPENSSL_PATCH_VERSION}-sess_set_get_cb_yield.patch | patch -p1 ; \
fi \
&& ./config \
no-threads shared zlib -g \
enable-ssl3 enable-ssl3-method \
--prefix=/usr/local/openresty/openssl \
--libdir=lib \
-Wl,-rpath,/usr/local/openresty/openssl/lib \
&& make -j${RESTY_J} \
&& make -j${RESTY_J} install_sw \
&& cd /tmp \
&& curl -fSL https://ftp.pcre.org/pub/pcre/pcre-${RESTY_PCRE_VERSION}.tar.gz -o pcre-${RESTY_PCRE_VERSION}.tar.gz \
&& tar xzf pcre-${RESTY_PCRE_VERSION}.tar.gz \
&& cd /tmp/pcre-${RESTY_PCRE_VERSION} \
&& ./configure \
--prefix=/usr/local/openresty/pcre \
--disable-cpp \
--enable-jit \
--enable-utf \
--enable-unicode-properties \
&& make -j${RESTY_J} \
&& make -j${RESTY_J} install \
&& cd /tmp \
&& curl -fSL https://openresty.org/download/openresty-${RESTY_VERSION}.tar.gz -o openresty-${RESTY_VERSION}.tar.gz \
&& tar xzf openresty-${RESTY_VERSION}.tar.gz \
&& curl -fSL https://github.com/grahamedgecombe/nginx-ct/archive/master.tar.gz -o nginx-ct.tar.gz \
&& tar xzf nginx-ct.tar.gz \
&& curl -fSL https://github.com/arut/nginx-dav-ext-module/archive/master.tar.gz -o nginx-dav-ext-module.tar.gz \
&& tar xzf nginx-dav-ext-module.tar.gz \
&& curl -fSL https://www.downsoft.cn/software/linux/nginx/ngx_brotli.tar.gz -o ngx_brotli.tar.gz \
&& tar xzf ngx_brotli.tar.gz \
&& curl -fSL https://github.com/yaoweibin/ngx_http_substitutions_filter_module/archive/master.tar.gz -o ngx_http_substitutions_filter_module.tar.gz \
&& tar xzf ngx_http_substitutions_filter_module.tar.gz \
&& curl -fSL https://github.com/FRiCKLE/ngx_cache_purge/archive/master.tar.gz -o ngx_cache_purge.tar.gz \
&& tar xzf ngx_cache_purge.tar.gz \
&& cd /tmp/openresty-${RESTY_VERSION} \
&& eval ./configure -j${RESTY_J} ${_RESTY_CONFIG_DEPS} ${RESTY_CONFIG_OPTIONS} ${RESTY_CONFIG_OPTIONS_MORE} ${RESTY_LUAJIT_OPTIONS} \
&& make -j${RESTY_J} \
&& make -j${RESTY_J} install \
&& cd /tmp \
&& if [ -n "${RESTY_EVAL_POST_MAKE}" ]; then eval $(echo ${RESTY_EVAL_POST_MAKE}); fi \
&& rm -rf \
openssl-${RESTY_OPENSSL_VERSION}.tar.gz openssl-${RESTY_OPENSSL_VERSION} \
pcre-${RESTY_PCRE_VERSION}.tar.gz pcre-${RESTY_PCRE_VERSION} \
openresty-${RESTY_VERSION}.tar.gz openresty-${RESTY_VERSION} \
&& apk del .build-deps \
&& mkdir -p /etc/nginx/conf.d/ /var/run/openresty/
# Add additional binaries into PATH for convenience
ENV PATH=$PATH:/usr/local/openresty/luajit/bin:/usr/local/openresty/nginx/sbin:/usr/local/openresty/bin
ARG PHP_UPSTREAM_CONTAINER=php-fpm
ARG PHP_UPSTREAM_PORT=9000
# Create 'messages' file used from 'logrotate'
RUN touch /var/log/messages
# Copy 'logrotate' config file
COPY logrotate/nginx /etc/logrotate.d/
# Set upstream conf and remove the default conf
RUN echo "upstream php-upstream { server ${PHP_UPSTREAM_CONTAINER}:${PHP_UPSTREAM_PORT}; }" > /etc/nginx/conf.d/upstream.conf
# Copy nginx configuration files
COPY nginx.conf /etc/nginx/
ADD ./startup.sh /opt/startup.sh
RUN sed -i 's/\r//g' /opt/startup.sh
CMD ["/bin/bash", "/opt/startup.sh"]
EXPOSE 80 81 443

14
openresty/logrotate/nginx Normal file
View File

@ -0,0 +1,14 @@
/var/log/nginx/*.log {
daily
missingok
rotate 32
compress
delaycompress
nodateext
notifempty
create 644 www-data root
sharedscripts
postrotate
[ -f /var/run/nginx.pid ] && kill -USR1 `cat /var/run/nginx.pid`
endscript
}

100
openresty/nginx.conf Normal file
View File

@ -0,0 +1,100 @@
# nginx.conf -- docker-openresty
#
# This file is installed to:
# `/usr/local/openresty/nginx/conf/nginx.conf`
# and is the file loaded by nginx at startup,
# unless the user specifies otherwise.
#
# It tracks the upstream OpenResty's `nginx.conf`, but removes the `server`
# section and adds this directive:
# `include /etc/nginx/conf.d/*.conf;`
#
# The `docker-openresty` file `nginx.vh.default.conf` is copied to
# `/etc/nginx/conf.d/default.conf`. It contains the `server section
# of the upstream `nginx.conf`.
#
# See https://github.com/openresty/docker-openresty/blob/master/README.md#nginx-config-files
#
user www-data;
worker_processes 4;
# Enables the use of JIT for regular expressions to speed-up their processing.
pcre_jit on;
#error_log logs/error.log;
#error_log logs/error.log notice;
#error_log logs/error.log info;
pid /var/run/nginx.pid;
daemon off;
worker_rlimit_nofile 65535;
events {
use epoll;
worker_connections 65535;
multi_accept on;
accept_mutex on;
}
http {
include mime.types;
default_type application/octet-stream;
# Enables or disables the use of underscores in client request header fields.
# When the use of underscores is disabled, request header fields whose names contain underscores are marked as invalid and become subject to the ignore_invalid_headers directive.
# underscores_in_headers off;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for" "$host"';
#access_log logs/access.log main;
# Log in JSON Format
# log_format nginxlog_json escape=json '{ "timestamp": "$time_iso8601", '
# '"remote_addr": "$remote_addr", '
# '"body_bytes_sent": $body_bytes_sent, '
# '"request_time": $request_time, '
# '"response_status": $status, '
# '"request": "$request", '
# '"request_method": "$request_method", '
# '"host": "$host",'
# '"upstream_addr": "$upstream_addr",'
# '"http_x_forwarded_for": "$http_x_forwarded_for",'
# '"http_referrer": "$http_referer", '
# '"http_user_agent": "$http_user_agent", '
# '"http_version": "$server_protocol", '
# '"nginx_access": true }';
# access_log /dev/stdout nginxlog_json;
# See Move default writable paths to a dedicated directory (#119)
# https://github.com/openresty/docker-openresty/issues/119
client_body_temp_path /var/run/openresty/nginx-client-body;
proxy_temp_path /var/run/openresty/nginx-proxy;
fastcgi_temp_path /var/run/openresty/nginx-fastcgi;
uwsgi_temp_path /var/run/openresty/nginx-uwsgi;
scgi_temp_path /var/run/openresty/nginx-scgi;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
#keepalive_timeout 0;
keepalive_timeout 65;
types_hash_max_size 2048;
client_max_body_size 128M;
gzip on;
gzip_disable "msie6";
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers 'ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS';
include /etc/nginx/conf.d/*.conf;
include /etc/nginx/sites-available/*.conf;
# Don't reveal OpenResty version to clients.
server_tokens off;
charset UTF-8;
}

2
openresty/sites/.gitignore vendored Normal file
View File

@ -0,0 +1,2 @@
*.conf
!default.conf

View File

@ -0,0 +1,43 @@
server {
listen 80;
listen [::]:80;
# For https
# listen 443 ssl;
# listen [::]:443 ssl ipv6only=on;
# ssl_certificate /etc/nginx/ssl/default.crt;
# ssl_certificate_key /etc/nginx/ssl/default.key;
server_name app.test;
root /var/www/app;
index index.php index.html index.htm;
location / {
try_files $uri $uri/ /index.php$is_args$args;
}
location ~ \.php$ {
try_files $uri /index.php =404;
fastcgi_pass php-upstream;
fastcgi_index index.php;
fastcgi_buffers 16 16k;
fastcgi_buffer_size 32k;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
#fixes timeouts
fastcgi_read_timeout 600;
include fastcgi_params;
}
location ~ /\.ht {
deny all;
}
location /.well-known/acme-challenge/ {
root /var/www/letsencrypt/;
log_not_found off;
}
error_log /var/log/nginx/app_error.log;
access_log /var/log/nginx/app_access.log;
}

View File

@ -0,0 +1,43 @@
server {
listen 80;
listen [::]:80;
server_name www.confluence-domain.com;
rewrite ^(.*) https://confluence-domain.com$1/ permanent;
}
server {
listen 80;
listen [::]:80;
server_name confluence-domain.com;
rewrite ^(.*) https://confluence-domain.com/ permanent;
}
server {
listen 443 ssl;
listen [::]:443 ssl;
ssl_certificate /etc/nginx/ssl/confluence-domain.com.crt;
ssl_certificate_key /etc/nginx/ssl/confluence-domain.com.key;
server_name confluence-domain.com;
location / {
client_max_body_size 100m;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://confluence-domain.com:8090/;
}
location /synchrony {
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://confluence-domain.com:8090/synchrony-proxy;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
}
error_log /var/log/nginx/bookchangerru_error.log;
access_log /var/log/nginx/bookchangerru_access.log;
}

View File

@ -0,0 +1,40 @@
server {
listen 80 default_server;
listen [::]:80 default_server ipv6only=on;
# For https
# listen 443 ssl default_server;
# listen [::]:443 ssl default_server ipv6only=on;
# ssl_certificate /etc/nginx/ssl/default.crt;
# ssl_certificate_key /etc/nginx/ssl/default.key;
server_name localhost;
root /opt/www/default;
index index.php index.html index.htm;
location / {
try_files $uri $uri/ /index.php$is_args$args;
}
location ~ \.php$ {
try_files $uri /index.php =404;
fastcgi_pass php-upstream;
fastcgi_index index.php;
fastcgi_buffers 16 16k;
fastcgi_buffer_size 32k;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
#fixes timeouts
fastcgi_read_timeout 600;
include fastcgi_params;
}
location ~ /\.ht {
deny all;
}
location /.well-known/acme-challenge/ {
root /var/www/letsencrypt/;
log_not_found off;
}
}

View File

@ -0,0 +1,49 @@
#server {
# listen 80;
# server_name laravel.com.co;
# return 301 https://laravel.com.co$request_uri;
#}
server {
listen 80;
listen [::]:80;
# For https
# listen 443 ssl;
# listen [::]:443 ssl ipv6only=on;
# ssl_certificate /etc/nginx/ssl/default.crt;
# ssl_certificate_key /etc/nginx/ssl/default.key;
server_name laravel.test;
root /var/www/laravel/public;
index index.php index.html index.htm;
location / {
try_files $uri $uri/ /index.php$is_args$args;
}
location ~ \.php$ {
try_files $uri /index.php =404;
fastcgi_pass php-upstream;
fastcgi_index index.php;
fastcgi_buffers 16 16k;
fastcgi_buffer_size 32k;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
#fixes timeouts
fastcgi_read_timeout 600;
include fastcgi_params;
}
location ~ /\.ht {
deny all;
}
location /.well-known/acme-challenge/ {
root /var/www/letsencrypt/;
log_not_found off;
}
error_log /var/log/nginx/laravel_error.log;
access_log /var/log/nginx/laravel_access.log;
}

View File

@ -0,0 +1,110 @@
server {
listen 80;
listen [::]:80;
server_name www.laravel.test;
rewrite ^(.*) https://laravel.test$1/ permanent;
}
server {
listen 80;
listen [::]:80;
server_name laravel.test;
rewrite ^(.*) https://laravel.test$1/ permanent;
}
server {
listen 443 ssl ;
listen [::]:443 ssl;
ssl_certificate /etc/nginx/ssl/laravel.test.crt;
ssl_certificate_key /etc/nginx/ssl/laravel.test.key;
server_name www.laravel.test;
rewrite ^(.*) https://laravel.test$1/ permanent;
}
server {
server_name laravel.test;
# For https
listen 443 ssl ;
listen [::]:443 ssl;
ssl_certificate /etc/nginx/ssl/laravel.test.crt;
ssl_certificate_key /etc/nginx/ssl/laravel.test.key;
port_in_redirect off;
add_header Strict-Transport-Security "max-age=31536000";
add_header X-Content-Type-Options nosniff;
location / {
proxy_pass http://proxy:6081;
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header HTTPS "on";
proxy_redirect off;
}
}
server {
server_name laravel.test;
listen 81;
listen [::]:81;
root /var/www/laravel.test/www;
index index.php index.html index.htm;
location / {
try_files $uri $uri/ /index.php$is_args$args;
}
location ~ \.php$ {
fastcgi_max_temp_file_size 4m;
fastcgi_pass php-upstream;
# Additional configs
fastcgi_pass_header Set-Cookie;
fastcgi_pass_header Cookie;
fastcgi_ignore_headers Cache-Control Expires Set-Cookie;
try_files $uri /index.php =404;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_param PATH_TRANSLATED $document_root$fastcgi_path_info;
fastcgi_param HTTPS on;
fastcgi_buffers 16 16k;
fastcgi_buffer_size 32k;
fastcgi_intercept_errors on;
#fixes timeouts
fastcgi_read_timeout 600;
include fastcgi_params;
}
# Caching
location ~* \.(ico|jpg|webp|jpeg|gif|css|png|js|ico|bmp|zip|woff)$ {
access_log off;
log_not_found off;
add_header Pragma public;
add_header Cache-Control "public";
expires 14d;
}
location ~* \.(php|html)$ {
access_log on;
log_not_found on;
add_header Pragma public;
add_header Cache-Control "public";
expires 14d;
}
location ~ /\.ht {
deny all;
}
}

View File

@ -0,0 +1,47 @@
#server {
# listen 80;
# server_name node.com.co;
# return 301 https://node.com.co$request_uri;
#}
server {
listen 80;
listen [::]:80;
#listen 443;
#listen [::]:443;
server_name node.com.co;
#ssl on;
#ssl_certificate /var/certs/node.com.co/cert.pem;
#ssl_certificate_key /var/certs/node.com.co/privkey.pem;
#ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;
#ssl_ciphers HIGH:!aNULL:!MD5;
location / {
proxy_pass http://node.com.co:3001;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_cache_bypass $http_upgrade;
}
location ~ /\.ht {
deny all;
}
location /.well-known/acme-challenge/ {
root /var/www/letsencrypt/;
log_not_found off;
}
error_log /var/log/nginx/node.com.co.local_error.log;
access_log /var/log/nginx/node.com.co.local_access.log;
}

View File

@ -0,0 +1,42 @@
server {
listen 80;
listen [::]:80;
# For https
# listen 443 ssl;
# listen [::]:443 ssl ipv6only=on;
# ssl_certificate /etc/nginx/ssl/default.crt;
# ssl_certificate_key /etc/nginx/ssl/default.key;
server_name symfony.test;
root /var/www/projects/symfony/web;
index index.php index.html index.htm;
location / {
try_files $uri @rewriteapp;
}
# For Symfony 3
location @rewriteapp {
rewrite ^(.*)$ /app.php/$1 last;
}
# For Symfony 4 config
# location @rewriteapp {
# rewrite ^(.*)$ /index.php/$1 last;
# }
location ~ ^/(app|app_dev|config|index)\.php(/|$) {
fastcgi_pass php-upstream;
fastcgi_split_path_info ^(.+\.php)(/.*)$;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
#fixes timeouts
fastcgi_read_timeout 600;
fastcgi_param HTTPS off;
}
error_log /var/log/nginx/symfony_error.log;
access_log /var/log/nginx/symfony_access.log;
}

4
openresty/ssl/.gitignore vendored Normal file
View File

@ -0,0 +1,4 @@
*.crt
*.csr
*.key
*.pem

14
openresty/startup.sh Normal file
View File

@ -0,0 +1,14 @@
#!/bin/bash
if [ ! -f /etc/nginx/ssl/default.crt ]; then
openssl genrsa -out "/etc/nginx/ssl/default.key" 2048
openssl req -new -key "/etc/nginx/ssl/default.key" -out "/etc/nginx/ssl/default.csr" -subj "/CN=default/O=default/C=UK"
openssl x509 -req -days 365 -in "/etc/nginx/ssl/default.csr" -signkey "/etc/nginx/ssl/default.key" -out "/etc/nginx/ssl/default.crt"
chmod 644 /etc/nginx/ssl/default.key
fi
# Start crond in background
crond -l 2 -b
# Start nginx in foreground
nginx

22
ssdb/Dockerfile Normal file
View File

@ -0,0 +1,22 @@
FROM alpine
LABEL maintainer="Leonard Buskin <leonardbuskin@gmail.com>"
ARG VERSION=${VERSION:-master}
RUN apk add --no-cache --virtual .build-deps \
curl gcc g++ make autoconf libc-dev libevent-dev linux-headers perl tar \
&& mkdir -p /ssdb/tmp \
&& curl -Lk "https://github.com/ideawu/ssdb/archive/${VERSION}.tar.gz" | \
tar -xz -C /ssdb/tmp --strip-components=1 \
&& cd /ssdb/tmp \
&& make -j$(getconf _NPROCESSORS_ONLN) \
&& make install PREFIX=/ssdb \
&& rm -rf /ssdb/tmp \
&& apk add --virtual .rundeps libstdc++ \
&& apk add --no-cache bash python2 \
&& apk del .build-deps
EXPOSE 8888
VOLUME /ssdb/var
COPY ssdb.conf /ssdb/ssdb.conf
CMD ["/ssdb/ssdb-server", "/ssdb/ssdb.conf"]

52
ssdb/ssdb.conf Normal file
View File

@ -0,0 +1,52 @@
# ssdb-server config
# MUST indent by TAB!
# relative to path of this file, directory must exists
work_dir = /data
pidfile = /run/ssdb.pid
server:
#ip: 127.0.0.1
port: 8888
# bind to public ip
ip: 0.0.0.0
# format: allow|deny: all|ip_prefix
# multiple allows or denys is supported
deny: all
allow: 127.0.0.1
allow: 192.
allow: 172.
# auth password must be at least 32 characters
#auth: very-strong-password
replication:
binlog: yes
# Limit sync speed to *MB/s, -1: no limit
sync_speed: -1
slaveof:
# to identify a master even if it moved(ip, port changed)
# if set to empty or not defined, ip:port will be used.
#id: svc_2
# sync|mirror, default is sync
#type: sync
#host: s1.ssdb.db
#port: 8888
logger:
level: warn
output: /var/log/ssdb.log
rotate:
size: 1000000000
leveldb:
# in MB
cache_size: 500
# in KB
block_size: 32
# in MB
write_buffer_size: 64
# in MB
compaction_speed: 1000
# yes|no
compression: yes