diff --git a/README.md b/README.md index 42218486..18e15e6f 100644 --- a/README.md +++ b/README.md @@ -1,2 +1,4 @@ # dockerfiles -Discontinued. Fork at your will. +Based on [Wonderfall Dockerfiles](https://github.com/Wonderfall/dockerfiles) + +There are **automated builds** on [Docker](https://hub.docker.com/u/hoellen). diff --git a/boring-nginx/Dockerfile b/boring-nginx/Dockerfile index 3061dfdb..e1235589 100644 --- a/boring-nginx/Dockerfile +++ b/boring-nginx/Dockerfile @@ -1,8 +1,8 @@ -FROM alpine:3.6 +FROM alpine:3.13 ENV UID=991 GID=991 -ARG NGINX_VERSION=1.13.5 +ARG NGINX_VERSION=1.20.1 ARG GPG_NGINX="B0F4 2533 73F8 F6F5 10D4 2178 520A 9993 A1C0 52F8" ARG BUILD_CORES @@ -29,24 +29,17 @@ ARG NGINX_3RD_PARTY_MODULES=" \ --add-module=/tmp/ngx_brotli" RUN NB_CORES=${BUILD_CORES-$(getconf _NPROCESSORS_CONF)} \ - -# Update system && apk -U upgrade \ - -# Installing runtime dependencies && apk add \ ${BUILD_DEPS} \ pcre \ zlib \ libgcc \ libstdc++ \ - jemalloc \ su-exec \ libressl \ bind-tools \ tini \ - -# Installing build dependencies && apk add -t build-dependencies \ build-base \ linux-headers \ @@ -54,7 +47,6 @@ RUN NB_CORES=${BUILD_CORES-$(getconf _NPROCESSORS_CONF)} \ automake \ autoconf \ git \ - jemalloc-dev \ tar \ libtool \ pcre-dev \ @@ -63,31 +55,17 @@ RUN NB_CORES=${BUILD_CORES-$(getconf _NPROCESSORS_CONF)} \ gnupg \ cmake \ go \ - -# Brotli && cd /tmp && git clone https://github.com/bagder/libbrotli --depth=1 \ && cd libbrotli && ./autogen.sh && ./configure && make -j ${NB_CORES} && make install \ && cd /tmp && git clone https://github.com/google/ngx_brotli --depth=1 \ && cd ngx_brotli && git submodule update --init \ - -# Headers More && cd /tmp && git clone https://github.com/openresty/headers-more-nginx-module --depth=1 \ - -# BoringSSL && git clone https://boringssl.googlesource.com/boringssl --depth=1 \ && cd boringssl \ - && sed -i 's@out \([>=]\) TLS1_2_VERSION@out \1 TLS1_3_VERSION@' ssl/ssl_lib.cc \ - && sed -i 's@ssl->version[ ]*=[ ]*TLS1_2_VERSION@ssl->version = TLS1_3_VERSION@' ssl/s3_lib.cc \ - && sed -i 's@(SSL3_VERSION, TLS1_2_VERSION@(SSL3_VERSION, TLS1_3_VERSION@' ssl/ssl_test.cc \ - && sed -i 's@\$shaext[ ]*=[ ]*0;@\$shaext = 1;@' crypto/*/asm/*.pl \ - && sed -i 's@\$avx[ ]*=[ ]*[0|1];@\$avx = 2;@' crypto/*/asm/*.pl \ - && sed -i 's@\$addx[ ]*=[ ]*0;@\$addx = 1;@' crypto/*/asm/*.pl \ && mkdir build && cd build && cmake -DCMAKE_BUILD_TYPE=Release .. \ && make -j ${NB_CORES} && cd .. \ && mkdir -p .openssl/lib/ && cd .openssl && ln -s ../include && cd .. \ && cp build/crypto/libcrypto.a build/ssl/libssl.a .openssl/lib && cd /tmp \ - -# Nginx tarball checking && NGINX_TARBALL="nginx-${NGINX_VERSION}.tar.gz" \ && wget -q https://nginx.org/download/${NGINX_TARBALL} \ && echo "Verifying ${NGINX_TARBALL} using GPG..." \ @@ -100,31 +78,21 @@ RUN NB_CORES=${BUILD_CORES-$(getconf _NPROCESSORS_CONF)} \ && if [ "${FINGERPRINT}" != "${GPG_NGINX}" ]; then echo "Warning! Wrong GPG fingerprint!" && exit 1; fi \ && echo "All seems good, now unpacking ${NGINX_TARBALL}..." \ && tar xzf ${NGINX_TARBALL} && cd nginx-${NGINX_VERSION} \ - -# Nginx patch : dynamic TLS records - && wget -q https://raw.githubusercontent.com/cujanovic/nginx-dynamic-tls-records-patch/master/nginx__dynamic_tls_records_1.13.0%2B.patch -O dynamic_records.patch \ + && wget -q https://raw.githubusercontent.com/hoellen/dockerfiles/master/boring-nginx/dynamic_records.patch -O dynamic_records.patch \ && patch -p1 < dynamic_records.patch \ - -# Nginx full HPACK encoding support -# && wget -q https://raw.githubusercontent.com/cloudflare/sslconfig/master/patches/nginx_1.13.1_http2_hpack.patch \ -# && patch -p1 < nginx_1.13.1_http2_hpack.patch \ - -# Nginx compilation && ./configure \ --prefix=/etc/nginx \ --sbin-path=/usr/sbin/nginx \ --with-cc-opt="-O3 -fPIE -fstack-protector-strong -D_FORTIFY_SOURCE=2 -Wformat -Werror=format-security -Wno-deprecated-declarations -I ../boringssl/.openssl/include/" \ - --with-ld-opt="-lrt -ljemalloc -Wl,-Bsymbolic-functions -Wl,-z,relro -L ../boringssl/.openssl/lib" \ + --with-ld-opt="-lrt -Wl,-Bsymbolic-functions -Wl,-z,relro -L ../boringssl/.openssl/lib" \ --http-log-path=/var/log/nginx/access.log \ --error-log-path=/var/log/nginx/error.log \ ${NGINX_MODULES} \ ${NGINX_3RD_PARTY_MODULES} \ && make -j ${NB_CORES} && make install && make clean \ && strip -s /usr/sbin/nginx \ - -# Clean && apk del build-dependencies \ - && rm -rf /tmp/* /var/cache/apk/* /root/.gnupg + && rm -rf /tmp/* /var/cache/apk/* COPY rootfs / @@ -137,6 +105,6 @@ VOLUME /sites-enabled /www /conf.d /passwds /certs /var/log/nginx LABEL description="nginx built from source" \ openssl="BoringSSL" \ nginx="nginx ${NGINX_VERSION}" \ - maintainer="Wonderfall " + maintainer="hoellen " CMD ["run.sh"] diff --git a/boring-nginx/README.md b/boring-nginx/README.md index ba22cd0b..0daa8317 100644 --- a/boring-nginx/README.md +++ b/boring-nginx/README.md @@ -1,4 +1,4 @@ -## wonderfall/boring-nginx +## hoellen/boring-nginx ![](https://upload.wikimedia.org/wikipedia/commons/thumb/c/c5/Nginx_logo.svg/115px-Nginx_logo.svg.png) @@ -6,9 +6,10 @@ This is nginx statically linked against BoringSSL, with embedded Brotli support. #### Features +- Thanks to [Wonderfall](https://github.com/wonderfall/dockerfiles) - Based on Alpine Linux. - nginx built against **BoringSSL** with SSE/SHA, and AVX2 SIMD-instructions. -- **TLS 1.3** patch : use of TLS 1.3 DRAFT is enforced (haven't found another way yet). +- **TLS 1.3** enabled - Built using hardening gcc flags. - Dynamic TLS records patch (cloudflare). - TTP/2 (+NPN) support. diff --git a/boring-nginx/dynamic_records.patch b/boring-nginx/dynamic_records.patch new file mode 100644 index 00000000..37dd7570 --- /dev/null +++ b/boring-nginx/dynamic_records.patch @@ -0,0 +1,252 @@ +What we do now: +We use a static record size of 4K. This gives a good balance of latency and +throughput. + +Optimize latency: +By initialy sending small (1 TCP segment) sized records, we are able to avoid +HoL blocking of the first byte. This means TTFB is sometime lower by a whole +RTT. + +Optimizing throughput: +By sending increasingly larger records later in the connection, when HoL is not +a problem, we reduce the overhead of TLS record (29 bytes per record with +GCM/CHACHA-POLY). + +Logic: +Start each connection with small records (1369 byte default, change with +ssl_dyn_rec_size_lo). After a given number of records (40, change with +ssl_dyn_rec_threshold) start sending larger records (4229, ssl_dyn_rec_size_hi). +Eventually after the same number of records, start sending the largest records +(ssl_buffer_size). +In case the connection idles for a given amount of time (1s, +ssl_dyn_rec_timeout), the process repeats itself (i.e. begin sending small +records again). + +Upstream source: +https://github.com/cloudflare/sslconfig/blob/master/patches/nginx__dynamic_tls_records.patch + +--- a/src/event/ngx_event_openssl.c ++++ b/src/event/ngx_event_openssl.c +@@ -1272,6 +1272,7 @@ + + sc->buffer = ((flags & NGX_SSL_BUFFER) != 0); + sc->buffer_size = ssl->buffer_size; ++ sc->dyn_rec = ssl->dyn_rec; + + sc->session_ctx = ssl->ctx; + +@@ -2124,6 +2125,41 @@ + + for ( ;; ) { + ++ /* Dynamic record resizing: ++ We want the initial records to fit into one TCP segment ++ so we don't get TCP HoL blocking due to TCP Slow Start. ++ A connection always starts with small records, but after ++ a given amount of records sent, we make the records larger ++ to reduce header overhead. ++ After a connection has idled for a given timeout, begin ++ the process from the start. The actual parameters are ++ configurable. If dyn_rec_timeout is 0, we assume dyn_rec is off. */ ++ ++ if (c->ssl->dyn_rec.timeout > 0 ) { ++ ++ if (ngx_current_msec - c->ssl->dyn_rec_last_write > ++ c->ssl->dyn_rec.timeout) ++ { ++ buf->end = buf->start + c->ssl->dyn_rec.size_lo; ++ c->ssl->dyn_rec_records_sent = 0; ++ ++ } else { ++ if (c->ssl->dyn_rec_records_sent > ++ c->ssl->dyn_rec.threshold * 2) ++ { ++ buf->end = buf->start + c->ssl->buffer_size; ++ ++ } else if (c->ssl->dyn_rec_records_sent > ++ c->ssl->dyn_rec.threshold) ++ { ++ buf->end = buf->start + c->ssl->dyn_rec.size_hi; ++ ++ } else { ++ buf->end = buf->start + c->ssl->dyn_rec.size_lo; ++ } ++ } ++ } ++ + while (in && buf->last < buf->end && send < limit) { + if (in->buf->last_buf || in->buf->flush) { + flush = 1; +@@ -2231,6 +2272,9 @@ + + if (n > 0) { + ++ c->ssl->dyn_rec_records_sent++; ++ c->ssl->dyn_rec_last_write = ngx_current_msec; ++ + if (c->ssl->saved_read_handler) { + + c->read->handler = c->ssl->saved_read_handler; +--- a/src/event/ngx_event_openssl.h ++++ b/src/event/ngx_event_openssl.h +@@ -64,10 +64,19 @@ + #endif + + ++typedef struct { ++ ngx_msec_t timeout; ++ ngx_uint_t threshold; ++ size_t size_lo; ++ size_t size_hi; ++} ngx_ssl_dyn_rec_t; ++ ++ + struct ngx_ssl_s { + SSL_CTX *ctx; + ngx_log_t *log; + size_t buffer_size; ++ ngx_ssl_dyn_rec_t dyn_rec; + }; + + +@@ -99,6 +108,10 @@ + unsigned in_early:1; + unsigned early_preread:1; + unsigned write_blocked:1; ++ ++ ngx_ssl_dyn_rec_t dyn_rec; ++ ngx_msec_t dyn_rec_last_write; ++ ngx_uint_t dyn_rec_records_sent; + }; + + +@@ -108,7 +121,7 @@ + #define NGX_SSL_DFLT_BUILTIN_SCACHE -5 + + +-#define NGX_SSL_MAX_SESSION_SIZE 4096 ++#define NGX_SSL_MAX_SESSION_SIZE 16384 + + typedef struct ngx_ssl_sess_id_s ngx_ssl_sess_id_t; + +--- a/src/http/modules/ngx_http_ssl_module.c ++++ b/src/http/modules/ngx_http_ssl_module.c +@@ -246,6 +246,41 @@ + offsetof(ngx_http_ssl_srv_conf_t, early_data), + NULL }, + ++ { ngx_string("ssl_dyn_rec_enable"), ++ NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_CONF_FLAG, ++ ngx_conf_set_flag_slot, ++ NGX_HTTP_SRV_CONF_OFFSET, ++ offsetof(ngx_http_ssl_srv_conf_t, dyn_rec_enable), ++ NULL }, ++ ++ { ngx_string("ssl_dyn_rec_timeout"), ++ NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_CONF_FLAG, ++ ngx_conf_set_msec_slot, ++ NGX_HTTP_SRV_CONF_OFFSET, ++ offsetof(ngx_http_ssl_srv_conf_t, dyn_rec_timeout), ++ NULL }, ++ ++ { ngx_string("ssl_dyn_rec_size_lo"), ++ NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_CONF_FLAG, ++ ngx_conf_set_size_slot, ++ NGX_HTTP_SRV_CONF_OFFSET, ++ offsetof(ngx_http_ssl_srv_conf_t, dyn_rec_size_lo), ++ NULL }, ++ ++ { ngx_string("ssl_dyn_rec_size_hi"), ++ NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_CONF_FLAG, ++ ngx_conf_set_size_slot, ++ NGX_HTTP_SRV_CONF_OFFSET, ++ offsetof(ngx_http_ssl_srv_conf_t, dyn_rec_size_hi), ++ NULL }, ++ ++ { ngx_string("ssl_dyn_rec_threshold"), ++ NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_CONF_FLAG, ++ ngx_conf_set_num_slot, ++ NGX_HTTP_SRV_CONF_OFFSET, ++ offsetof(ngx_http_ssl_srv_conf_t, dyn_rec_threshold), ++ NULL }, ++ + ngx_null_command + }; + +@@ -576,6 +611,11 @@ + sscf->session_ticket_keys = NGX_CONF_UNSET_PTR; + sscf->stapling = NGX_CONF_UNSET; + sscf->stapling_verify = NGX_CONF_UNSET; ++ sscf->dyn_rec_enable = NGX_CONF_UNSET; ++ sscf->dyn_rec_timeout = NGX_CONF_UNSET_MSEC; ++ sscf->dyn_rec_size_lo = NGX_CONF_UNSET_SIZE; ++ sscf->dyn_rec_size_hi = NGX_CONF_UNSET_SIZE; ++ sscf->dyn_rec_threshold = NGX_CONF_UNSET_UINT; + + return sscf; + } +@@ -643,6 +683,20 @@ + ngx_conf_merge_str_value(conf->stapling_responder, + prev->stapling_responder, ""); + ++ ngx_conf_merge_value(conf->dyn_rec_enable, prev->dyn_rec_enable, 0); ++ ngx_conf_merge_msec_value(conf->dyn_rec_timeout, prev->dyn_rec_timeout, ++ 1000); ++ /* Default sizes for the dynamic record sizes are defined to fit maximal ++ TLS + IPv6 overhead in a single TCP segment for lo and 3 segments for hi: ++ 1369 = 1500 - 40 (IP) - 20 (TCP) - 10 (Time) - 61 (Max TLS overhead) */ ++ ngx_conf_merge_size_value(conf->dyn_rec_size_lo, prev->dyn_rec_size_lo, ++ 1369); ++ /* 4229 = (1500 - 40 - 20 - 10) * 3 - 61 */ ++ ngx_conf_merge_size_value(conf->dyn_rec_size_hi, prev->dyn_rec_size_hi, ++ 4229); ++ ngx_conf_merge_uint_value(conf->dyn_rec_threshold, prev->dyn_rec_threshold, ++ 40); ++ + conf->ssl.log = cf->log; + + if (conf->enable) { +@@ -827,6 +881,28 @@ + return NGX_CONF_ERROR; + } + ++ if (conf->dyn_rec_enable) { ++ conf->ssl.dyn_rec.timeout = conf->dyn_rec_timeout; ++ conf->ssl.dyn_rec.threshold = conf->dyn_rec_threshold; ++ ++ if (conf->buffer_size > conf->dyn_rec_size_lo) { ++ conf->ssl.dyn_rec.size_lo = conf->dyn_rec_size_lo; ++ ++ } else { ++ conf->ssl.dyn_rec.size_lo = conf->buffer_size; ++ } ++ ++ if (conf->buffer_size > conf->dyn_rec_size_hi) { ++ conf->ssl.dyn_rec.size_hi = conf->dyn_rec_size_hi; ++ ++ } else { ++ conf->ssl.dyn_rec.size_hi = conf->buffer_size; ++ } ++ ++ } else { ++ conf->ssl.dyn_rec.timeout = 0; ++ } ++ + return NGX_CONF_OK; + } + +--- a/src/http/modules/ngx_http_ssl_module.h ++++ b/src/http/modules/ngx_http_ssl_module.h +@@ -58,6 +58,12 @@ + + u_char *file; + ngx_uint_t line; ++ ++ ngx_flag_t dyn_rec_enable; ++ ngx_msec_t dyn_rec_timeout; ++ size_t dyn_rec_size_lo; ++ size_t dyn_rec_size_hi; ++ ngx_uint_t dyn_rec_threshold; + } ngx_http_ssl_srv_conf_t; + + diff --git a/boring-nginx/rootfs/etc/nginx/conf/proxy_params b/boring-nginx/rootfs/etc/nginx/conf/proxy_params index 6f9827e8..8d7e03d7 100644 --- a/boring-nginx/rootfs/etc/nginx/conf/proxy_params +++ b/boring-nginx/rootfs/etc/nginx/conf/proxy_params @@ -1,6 +1,11 @@ -proxy_set_header Host $host; +proxy_set_header Host $http_host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Remote-Port $remote_port; proxy_set_header X-Forwarded-Proto $scheme; proxy_redirect off; + +proxy_connect_timeout 1400; +proxy_send_timeout 1400; +proxy_read_timeout 1400; +send_timeout 1400; diff --git a/matomo/Dockerfile b/matomo/Dockerfile new file mode 100644 index 00000000..a10f56a6 --- /dev/null +++ b/matomo/Dockerfile @@ -0,0 +1,52 @@ +FROM hoellen/nginx-php:7.3 + +ARG VERSION=3.13.0 +ARG GPG_matthieu="814E 346F A01A 20DB B04B 6807 B5DB D592 5590 A237" + +ENV UID=991 GID=991 \ + UPLOAD_MAX_SIZE=10M \ + MEMORY_LIMIT=256M \ + OPCACHE_MEM_SIZE=128M \ + PHP_MAX_CHILDREN=15 \ + PHP_START_SERVERS=2 \ + PHP_MIN_SPARE_SERVERS=1 \ + PHP_MAX_SPARE_SERVERS=6 + +RUN BUILD_DEPS=" \ + tar \ + openssl \ + ca-certificates \ + gnupg" \ + && apk -U upgrade && apk add \ + ${BUILD_DEPS} \ + tzdata \ + && mkdir /matomo && cd /tmp \ + && MATOMO_TARBALL="matomo-${VERSION}.tar.gz" \ + && wget -q https://builds.matomo.org/${MATOMO_TARBALL} \ + && wget -q https://builds.matomo.org/${MATOMO_TARBALL}.asc \ + && wget -q https://builds.matomo.org/signature.asc \ + && echo "Verifying authenticity of ${MATOMO_TARBALL}..." \ + && gpg --import signature.asc \ + && FINGERPRINT="$(LANG=C gpg --verify ${MATOMO_TARBALL}.asc ${MATOMO_TARBALL} 2>&1 \ + | sed -n "s#Primary key fingerprint: \(.*\)#\1#p")" \ + && if [ -z "${FINGERPRINT}" ]; then echo "Warning! Invalid GPG signature!" && exit 1; fi \ + && if [ "${FINGERPRINT}" != "${GPG_matthieu}" ]; then echo "Warning! Wrong GPG fingerprint!" && exit 1; fi \ + && echo "All seems good, now unpacking ${MATOMO_TARBALL}..." \ + && tar xzf ${MATOMO_TARBALL} --strip 1 -C /matomo \ + && cd /matomo/misc && wget -qO- https://geolite.maxmind.com/download/geoip/database/GeoLite2-City.tar.gz | tar xz --strip 1 \ + && apk del ${BUILD_DEPS} php7-dev php7-pear \ + && rm -rf /var/cache/apk/* /tmp/* /root/.gnupg + +COPY rootfs / + +RUN chmod +x /usr/local/bin/run.sh /etc/s6.d/*/* /etc/s6.d/.s6-svscan/* + +VOLUME /config + +EXPOSE 8888 + +LABEL description "Open web analytics platform" \ + matomo "Matomo v${VERSION}" \ + maintainer="hoellen " + +CMD ["run.sh"] diff --git a/matomo/README.md b/matomo/README.md new file mode 100644 index 00000000..05367861 --- /dev/null +++ b/matomo/README.md @@ -0,0 +1,66 @@ +## hoellen/matomo + +#### What is this? +It is a web analytics platform. Matomo respects your privacy and gives you full control over your data. + +#### Features +- Based on wonderfall/dockerfiles (Thanks!) +- Based on Alpine Linux. +- Latest Matomo stable. +- nginx stable + PHP7. +- mysql drivers (server not built-in). +- Latest GeoLite City Database from maxmind.com. + +#### Build-time variables +- **VERSION** : version of Matomo +- **GPG_matthieu** : fingerprint of signing key + +#### Environment variables +- **GID** : matomo group id *(default : 991)* +- **UID** : matomo user id *(default : 991)* + +#### Volumes +- **/config** : configuration files + +#### Update +Matomo can update itself. It works well. I'm also maintaing this Dockerfile, so if you don't want to do upgrades directly from Matomo, you can recreate the container as well whenever I push an update. + +#### Configuration +According to Matomo, everything should be fine running this image. You shoudn't have any difficulties to setup your own instance of Matomo. Your `/config/config.ini.php` overwrites the one (in `/matomo/config`)used by Matomo each time the container is started. Moreover, the old config.ini.php is saved as `/config/config.ini.php.bkp` if you want to revert last changes. This should also guarantee transparency through Matomo's updates. + +If you're running Matomo behind a reverse proxy (most likely you do), add this to your `config.ini.php` : + +``` +[General] +#assume_secure_protocol = 1 #uncomment if you use https +proxy_client_headers[] = HTTP_X_FORWARDED_FOR +proxy_client_headers[] = HTTP_X_REAL_IP +proxy_host_headers[] = HTTP_X_FORWARDED_HOST +``` + +#### Reverse proxy +Use port **8888**. +https://github.com/hoellen/dockerfiles/tree/master/boring-nginx + +#### Docker Compose (example) +``` +matomo: + image: hoellen/matomo + links: + - db_matomo:db_matomo + volumes: + - /mnt/docker/matomo/config:/config + environment: + - GID=1000 + - UID=1000 + +db_matomo: + image: mariadb:10 + volumes: + - /mnt/docker/matomo/db:/var/lib/mysql + environment: + - MYSQL_ROOT_PASSWORD=asupersecretpassword + - MYSQL_DATABASE=matomo + - MYSQL_USER=matomo + - MYSQL_PASSWORD=asupersecretpassword +``` diff --git a/piwik/rootfs/nginx/sites-enabled/nginx.conf b/matomo/rootfs/nginx/sites-enabled/nginx.conf similarity index 53% rename from piwik/rootfs/nginx/sites-enabled/nginx.conf rename to matomo/rootfs/nginx/sites-enabled/nginx.conf index 69ea84de..140c30cc 100644 --- a/piwik/rootfs/nginx/sites-enabled/nginx.conf +++ b/matomo/rootfs/nginx/sites-enabled/nginx.conf @@ -1,6 +1,6 @@ server { listen 8888; - root /piwik; + root /matomo; index index.php index.html; location ~* \.(?:bat|git|ini|sh|svn[^.]*|txt|tpl|xml)$ { @@ -20,17 +20,17 @@ server { return 404; } - location ~ ^/(vendor|config|tmp|libs|misc) { - deny all; - return 404; - } - + location ~ ^/(vendor|config|tmp|libs|misc) { + deny all; + return 404; + } + location ~* /(.*)\.(?:markdown|md|twig|yaml|yml|ht|htaccess|ini)$ { - deny all; - } - - location ~ /\. { - deny all; + deny all; + } + + location ~ /\. { + deny all; } location / { diff --git a/piwik/rootfs/php/conf.d/opcache.ini b/matomo/rootfs/php/conf.d/opcache.ini similarity index 100% rename from piwik/rootfs/php/conf.d/opcache.ini rename to matomo/rootfs/php/conf.d/opcache.ini diff --git a/matomo/rootfs/usr/local/bin/run.sh b/matomo/rootfs/usr/local/bin/run.sh new file mode 100644 index 00000000..d2c6a439 --- /dev/null +++ b/matomo/rootfs/usr/local/bin/run.sh @@ -0,0 +1,17 @@ +#!/bin/sh +sed -i -e "s//$UPLOAD_MAX_SIZE/g" /nginx/conf/nginx.conf /php/etc/php-fpm.conf \ + -e "s//$MEMORY_LIMIT/g" /php/etc/php-fpm.conf \ + -e "s//$OPCACHE_MEM_SIZE/g" /php/conf.d/opcache.ini \ + -e "s//$PHP_MAX_CHILDREN/g" /php/etc/php-fpm.conf \ + -e "s//$PHP_START_SERVERS/g" /php/etc/php-fpm.conf \ + -e "s//$PHP_MIN_SPARE_SERVERS/g" /php/etc/php-fpm.conf \ + -e "s//$PHP_MAX_SPARE_SERVERS/g" /php/etc/php-fpm.conf + +if [ ! -f /config/config.ini.php ]; then + cp /matomo/config/config.ini.php /config/config.ini.php +fi + +ln -s /config/config.ini.php /matomo/config/config.ini.php +mv matomo fix && mv fix matomo # fix strange bug +chown -R $UID:$GID /matomo /config /var/log /php /nginx /tmp /usr/share/GeoIP /etc/s6.d +exec su-exec $UID:$GID /bin/s6-svscan /etc/s6.d diff --git a/nextcloud/Dockerfile.12.0 b/nextcloud/Dockerfile.20.0 similarity index 83% rename from nextcloud/Dockerfile.12.0 rename to nextcloud/Dockerfile.20.0 index 2624bf10..a907b348 100644 --- a/nextcloud/Dockerfile.12.0 +++ b/nextcloud/Dockerfile.20.0 @@ -1,6 +1,6 @@ -FROM wonderfall/nginx-php:7.1 +FROM hoellen/nginx-php:7.4 -ARG NEXTCLOUD_VERSION=12.0.3 +ARG NEXTCLOUD_VERSION=20.0.14 ARG GPG_nextcloud="2880 6A87 8AE4 23A2 8372 792E D758 99B9 A724 937A" ENV UID=991 GID=991 \ @@ -8,11 +8,16 @@ ENV UID=991 GID=991 \ APC_SHM_SIZE=128M \ OPCACHE_MEM_SIZE=128 \ MEMORY_LIMIT=512M \ - CRON_PERIOD=15m \ + PHP_MAX_CHILDREN=15 \ + PHP_START_SERVERS=2 \ + PHP_MIN_SPARE_SERVERS=1 \ + PHP_MAX_SPARE_SERVERS=6 \ + CRON_PERIOD=5m \ CRON_MEMORY_LIMIT=1g \ TZ=Etc/UTC \ DB_TYPE=sqlite3 \ - DOMAIN=localhost + DOMAIN=localhost \ + CHECK_PERMISSIONS=1 RUN apk -U upgrade \ && apk add -t build-dependencies \ @@ -24,17 +29,23 @@ RUN apk -U upgrade \ pcre-dev \ libtool \ samba-dev \ + imagemagick-dev \ && apk add \ libressl \ ca-certificates \ libsmbclient \ + imagemagick \ + ffmpeg \ tzdata \ + && pecl channel-update pecl.php.net \ && pecl install \ smbclient \ apcu \ redis \ + imagick \ && echo "extension=smbclient.so" > /php/conf.d/smbclient.ini \ && echo "extension=redis.so" > /php/conf.d/redis.ini \ + && echo "extension=imagick.so" > /php/conf.d/imagick.ini \ && mkdir /nextcloud \ && cd /tmp \ && NEXTCLOUD_TARBALL="nextcloud-${NEXTCLOUD_VERSION}.tar.bz2" \ @@ -66,6 +77,6 @@ EXPOSE 8888 LABEL description="A server software for creating file hosting services" \ nextcloud="Nextcloud v${NEXTCLOUD_VERSION}" \ - maintainer="Wonderfall " + maintainer="hoellen " CMD ["run.sh"] diff --git a/nextcloud/Dockerfile.11.0 b/nextcloud/Dockerfile.21.0 similarity index 83% rename from nextcloud/Dockerfile.11.0 rename to nextcloud/Dockerfile.21.0 index 3e55ba45..3a871a3c 100644 --- a/nextcloud/Dockerfile.11.0 +++ b/nextcloud/Dockerfile.21.0 @@ -1,6 +1,6 @@ -FROM wonderfall/nginx-php:7.1 +FROM hoellen/nginx-php:7.4 -ARG NEXTCLOUD_VERSION=11.0.4 +ARG NEXTCLOUD_VERSION=21.0.7 ARG GPG_nextcloud="2880 6A87 8AE4 23A2 8372 792E D758 99B9 A724 937A" ENV UID=991 GID=991 \ @@ -8,11 +8,16 @@ ENV UID=991 GID=991 \ APC_SHM_SIZE=128M \ OPCACHE_MEM_SIZE=128 \ MEMORY_LIMIT=512M \ - CRON_PERIOD=15m \ + PHP_MAX_CHILDREN=15 \ + PHP_START_SERVERS=2 \ + PHP_MIN_SPARE_SERVERS=1 \ + PHP_MAX_SPARE_SERVERS=6 \ + CRON_PERIOD=5m \ CRON_MEMORY_LIMIT=1g \ TZ=Etc/UTC \ DB_TYPE=sqlite3 \ - DOMAIN=localhost + DOMAIN=localhost \ + CHECK_PERMISSIONS=1 RUN apk -U upgrade \ && apk add -t build-dependencies \ @@ -24,17 +29,23 @@ RUN apk -U upgrade \ pcre-dev \ libtool \ samba-dev \ + imagemagick-dev \ && apk add \ libressl \ ca-certificates \ libsmbclient \ + imagemagick \ + ffmpeg \ tzdata \ + && pecl channel-update pecl.php.net \ && pecl install \ smbclient \ apcu \ redis \ + imagick \ && echo "extension=smbclient.so" > /php/conf.d/smbclient.ini \ && echo "extension=redis.so" > /php/conf.d/redis.ini \ + && echo "extension=imagick.so" > /php/conf.d/imagick.ini \ && mkdir /nextcloud \ && cd /tmp \ && NEXTCLOUD_TARBALL="nextcloud-${NEXTCLOUD_VERSION}.tar.bz2" \ @@ -66,6 +77,6 @@ EXPOSE 8888 LABEL description="A server software for creating file hosting services" \ nextcloud="Nextcloud v${NEXTCLOUD_VERSION}" \ - maintainer="Wonderfall " + maintainer="hoellen " CMD ["run.sh"] diff --git a/nextcloud/Dockerfile.22.2 b/nextcloud/Dockerfile.22.2 new file mode 100644 index 00000000..498a8e12 --- /dev/null +++ b/nextcloud/Dockerfile.22.2 @@ -0,0 +1,83 @@ +FROM hoellen/nginx-php:7.4 + +ARG NEXTCLOUD_VERSION=22.2.3 +ARG GPG_nextcloud="2880 6A87 8AE4 23A2 8372 792E D758 99B9 A724 937A" + +ENV UID=991 GID=991 \ + UPLOAD_MAX_SIZE=10G \ + APC_SHM_SIZE=128M \ + OPCACHE_MEM_SIZE=128 \ + MEMORY_LIMIT=512M \ + PHP_MAX_CHILDREN=15 \ + PHP_START_SERVERS=2 \ + PHP_MIN_SPARE_SERVERS=1 \ + PHP_MAX_SPARE_SERVERS=6 \ + CRON_PERIOD=5m \ + CRON_MEMORY_LIMIT=1g \ + TZ=Etc/UTC \ + DB_TYPE=sqlite3 \ + DOMAIN=localhost \ + CHECK_PERMISSIONS=1 + +RUN apk -U upgrade \ + && apk add -t build-dependencies \ + gnupg \ + tar \ + build-base \ + autoconf \ + automake \ + pcre-dev \ + libtool \ + samba-dev \ + imagemagick-dev \ + && apk add \ + libressl \ + ca-certificates \ + libsmbclient \ + imagemagick \ + libgomp \ + ffmpeg \ + tzdata \ + && pecl channel-update pecl.php.net \ + && pecl install \ + smbclient \ + apcu \ + redis \ + imagick \ + && echo "extension=smbclient.so" > /php/conf.d/smbclient.ini \ + && echo "extension=redis.so" > /php/conf.d/redis.ini \ + && echo "extension=imagick.so" > /php/conf.d/imagick.ini \ + && mkdir /nextcloud \ + && cd /tmp \ + && NEXTCLOUD_TARBALL="nextcloud-${NEXTCLOUD_VERSION}.tar.bz2" \ + && wget -q https://download.nextcloud.com/server/releases/${NEXTCLOUD_TARBALL} \ + && wget -q https://download.nextcloud.com/server/releases/${NEXTCLOUD_TARBALL}.sha512 \ + && wget -q https://download.nextcloud.com/server/releases/${NEXTCLOUD_TARBALL}.asc \ + && wget -q https://nextcloud.com/nextcloud.asc \ + && echo "Verifying both integrity and authenticity of ${NEXTCLOUD_TARBALL}..." \ + && CHECKSUM_STATE=$(echo -n $(sha512sum -c ${NEXTCLOUD_TARBALL}.sha512) | tail -c 2) \ + && if [ "${CHECKSUM_STATE}" != "OK" ]; then echo "Warning! Checksum does not match!" && exit 1; fi \ + && gpg --import nextcloud.asc \ + && FINGERPRINT="$(LANG=C gpg --verify ${NEXTCLOUD_TARBALL}.asc ${NEXTCLOUD_TARBALL} 2>&1 \ + | sed -n "s#Primary key fingerprint: \(.*\)#\1#p")" \ + && if [ -z "${FINGERPRINT}" ]; then echo "Warning! Invalid GPG signature!" && exit 1; fi \ + && if [ "${FINGERPRINT}" != "${GPG_nextcloud}" ]; then echo "Warning! Wrong GPG fingerprint!" && exit 1; fi \ + && echo "All seems good, now unpacking ${NEXTCLOUD_TARBALL}..." \ + && tar xjf ${NEXTCLOUD_TARBALL} --strip 1 -C /nextcloud \ + && update-ca-certificates \ + && apk del build-dependencies \ + && rm -rf /var/cache/apk/* /tmp/* /root/.gnupg + +COPY rootfs / + +RUN chmod +x /usr/local/bin/* /etc/s6.d/*/* /etc/s6.d/.s6-svscan/* + +VOLUME /data /config /apps2 /nextcloud/themes + +EXPOSE 8888 + +LABEL description="A server software for creating file hosting services" \ + nextcloud="Nextcloud v${NEXTCLOUD_VERSION}" \ + maintainer="hoellen " + +CMD ["run.sh"] diff --git a/nextcloud/Dockerfile.daily b/nextcloud/Dockerfile.daily index 4a4b23a7..5a82a86a 100644 --- a/nextcloud/Dockerfile.daily +++ b/nextcloud/Dockerfile.daily @@ -1,15 +1,20 @@ -FROM wonderfall/nginx-php:7.1 +FROM hoellen/nginx-php:7.4 ENV UID=991 GID=991 \ UPLOAD_MAX_SIZE=10G \ APC_SHM_SIZE=128M \ OPCACHE_MEM_SIZE=128 \ MEMORY_LIMIT=512M \ - CRON_PERIOD=15m \ + PHP_MAX_CHILDREN=15 \ + PHP_START_SERVERS=2 \ + PHP_MIN_SPARE_SERVERS=1 \ + PHP_MAX_SPARE_SERVERS=6 \ + CRON_PERIOD=5m \ CRON_MEMORY_LIMIT=1g \ TZ=Etc/UTC \ DB_TYPE=sqlite3 \ - DOMAIN=localhost + DOMAIN=localhost \ + CHECK_PERMISSIONS=1 RUN apk -U upgrade \ && apk add -t build-dependencies \ @@ -21,17 +26,23 @@ RUN apk -U upgrade \ pcre-dev \ libtool \ samba-dev \ + imagemagick-dev \ && apk add \ libressl \ ca-certificates \ libsmbclient \ + imagemagick \ + ffmpeg \ tzdata \ + && pecl channel-update pecl.php.net \ && pecl install \ smbclient \ apcu \ redis \ + imagick \ && echo "extension=smbclient.so" > /php/conf.d/smbclient.ini \ && echo "extension=redis.so" > /php/conf.d/redis.ini \ + && echo "extension=imagick.so" > /php/conf.d/imagick.ini \ && mkdir /nextcloud \ && cd /tmp \ && wget -q https://download.nextcloud.com/server/daily/latest.tar.bz2 \ @@ -43,18 +54,18 @@ RUN apk -U upgrade \ && tar xjf latest.tar.bz2 --strip 1 -C /nextcloud \ && update-ca-certificates \ && apk del build-dependencies \ - && rm -rf /var/cache/apk/* /tmp/* + && rm -rf /var/cache/apk/* /tmp/* /root/.gnupg COPY rootfs / RUN chmod +x /usr/local/bin/* /etc/s6.d/*/* /etc/s6.d/.s6-svscan/* -VOLUME /data /config /apps2 /nextcloud/themes /php/session +VOLUME /data /config /apps2 /nextcloud/themes EXPOSE 8888 LABEL description="A server software for creating file hosting services" \ nextcloud="Nextcloud daily" \ - maintainer="Wonderfall " + maintainer="hoellen " CMD ["run.sh"] diff --git a/nextcloud/README.md b/nextcloud/README.md index d926f919..63453cdc 100644 --- a/nextcloud/README.md +++ b/nextcloud/README.md @@ -1,15 +1,14 @@ -## wonderfall/nextcloud +## hoellen/nextcloud -[![](https://images.microbadger.com/badges/version/wonderfall/nextcloud.svg)](http://microbadger.com/images/wonderfall/nextcloud "Get your own version badge on microbadger.com") [![](https://images.microbadger.com/badges/image/wonderfall/nextcloud.svg)](http://microbadger.com/images/wonderfall/nextcloud "Get your own image badge on microbadger.com") - -![](https://s32.postimg.org/69nev7aol/Nextcloud_logo.png) +[![](https://images.microbadger.com/badges/version/hoellen/nextcloud.svg)](http://microbadger.com/images/hoellen/nextcloud "Get your own version badge on microbadger.com") [![](https://images.microbadger.com/badges/image/hoellen/nextcloud.svg)](http://microbadger.com/images/hoellen/nextcloud "Get your own image badge on microbadger.com") **This image was made for my own use and I have no intention to make this official. Support won't be regular so if there's an update, or a fix, you can open a pull request. Any contribution is welcome, but please be aware I'm very busy currently. Before opening an issue, please check if there's already one related. Also please use Github instead of Docker Hub, otherwise I won't see your comments. Thanks.** ### Features +- Based on wonderfall/dockerfiles (Thanks!) - Based on Alpine Linux. -- Bundled with nginx and PHP 7.1 (wonderfall/nginx-php image). +- Bundled with nginx and PHP 7.3 (hoellen/nginx-php image). - Automatic installation using environment variables. - Package integrity (SHA512) and authenticity (PGP) checked during building process. - Data and apps persistence. @@ -22,18 +21,25 @@ - Environment variables provided (see below). ### Tags -- **latest** : latest stable version. (12.0) -- **12.0** : latest 12.0.x version (stable) -- **11.0** : latest 11.0.x version (old stable) -- **10.0** : latest 10.0.x version (old stable) (unmaintained) -- **9.0** : latest 9.0.x version. (old stable) (unmaintained) -- **daily** : latest code (daily build). +- **latest** : latest stable version (22.1) +- **22.1** : latest 22.1.x version (stable) +- **21.0** : latest 21.0.x version (old stable) +- **20.0** : latest 20.0.x version (deprecated) +- ~~**19.0** : latest 19.0.x version (end-of-life)~~ +- ~~**18.0** : latest 18.0.x version (end-of-life)~~ +- ~~**17.0** : latest 17.0.x version (end-of-life)~~ +- ~~**16.0** : latest 16.0.x version (end-of-life)~~ +- ~~**15.0** : latest 15.0.x version (end-of-life)~~ +- ~~**14.0** : latest 14.0.x version (end-of-life)~~ +- ~~**13.0** : latest 13.0.x version (end-of-life)~~ +- ~~**12.0** : latest 12.0.x version (end-of-life)~~ +- ~~**11.0** : latest 11.0.x version (end-of-life)~~ +- **daily** : latest code (daily build) Other tags than `daily` are built weekly. For security reasons, you should occasionally update the container, even if you have the latest version of Nextcloud. ### Build-time variables - **NEXTCLOUD_VERSION** : version of nextcloud -- **GNU_LIBICONV_VERSION** : version of GNU Libiconv - **GPG_nextcloud** : signing key fingerprint ### Environment variables @@ -43,6 +49,10 @@ Other tags than `daily` are built weekly. For security reasons, you should occas - **APC_SHM_SIZE** : apc memory size *(default : 128M)* - **OPCACHE_MEM_SIZE** : opcache memory size in megabytes *(default : 128)* - **MEMORY_LIMIT** : php memory limit *(default : 512M)* +- **PHP_MAX_CHILDREN** : php max child processes *(default : 15)* +- **PHP_START_SERVERS** : php number of processes on startup *(default : 2)* +- **PHP_MIN_SPARE_SERVERS** : php min of idle processes *(default : 1)* +- **PHP_MAX_SPARE_SERVERS** : php max of idle processes *(default : 6)* - **CRON_PERIOD** : time interval between two cron tasks *(default : 15m)* - **CRON_MEMORY_LIMIT** : memory limit for PHP when executing cronjobs *(default : 1024m)* - **TZ** : the system/log timezone *(default : Etc/UTC)* @@ -54,6 +64,7 @@ Other tags than `daily` are built weekly. For security reasons, you should occas - **DB_USER** : username for database *(default : none)* - **DB_PASSWORD** : password for database user *(default : none)* - **DB_HOST** : database host *(default : none)* +- **CHECK_PERMISSIONS** : disable permission check for /data folder *(default: 1)* Don't forget to use a **strong password** for the admin account! @@ -70,19 +81,21 @@ Don't forget to use a **strong password** for the admin account! ### Database Basically, you can use a database instance running on the host or any other machine. An easier solution is to use an external database container. I suggest you to use MariaDB, which is a reliable database server. You can use the official `mariadb` image available on Docker Hub to create a database container, which must be linked to the Nextcloud container. PostgreSQL can also be used as well. +Please note, that you may need to adjust some database settings to your hardware to achieve better performance for your Nextcloud instance. Some examples can be found in the [Nextcloud documentation](https://docs.nextcloud.com/server/16/admin_manual/configuration_database/linux_database_configuration.html). + ### Setup Pull the image and create a container. `/docker` can be anywhere on your host, this is just an example. Change `MYSQL_ROOT_PASSWORD` and `MYSQL_PASSWORD` values (mariadb). You may also want to change UID and GID for Nextcloud, as well as other variables (see *Environment Variables*). ``` -docker pull wonderfall/nextcloud:10.0 && docker pull mariadb:10 +docker pull hoellen/nextcloud && docker pull mariadb docker run -d --name db_nextcloud \ -v /docker/nextcloud/db:/var/lib/mysql \ -e MYSQL_ROOT_PASSWORD=supersecretpassword \ -e MYSQL_DATABASE=nextcloud -e MYSQL_USER=nextcloud \ -e MYSQL_PASSWORD=supersecretpassword \ - mariadb:10 - + mariadb + docker run -d --name nextcloud \ --link db_nextcloud:db_nextcloud \ -v /docker/nextcloud/data:/data \ @@ -103,23 +116,18 @@ docker run -d --name nextcloud \ -e DB_USER=nextcloud \ -e DB_PASSWORD=supersecretpassword \ -e DB_HOST=db_nextcloud \ - wonderfall/nextcloud:10.0 + hoellen/nextcloud ``` You are **not obliged** to use `ADMIN_USER` and `ADMIN_PASSWORD`. If these variables are not provided, you'll be able to configure your admin acccount from your browser. **Below you can find a docker-compose file, which is very useful!** -Now you have to use a **reverse proxy** in order to access to your container through Internet, steps and details are available at the end of the README.md. And that's it! Since you already configured Nextcloud through setting environment variables, there's no setup page. - -### ARM-based devices -You will have to build yourself using an Alpine-ARM image, like `orax/alpine-armhf:edge`. - ### Configure In the admin panel, you should switch from `AJAX cron` to `cron` (system cron). ### Update -Pull a newer image, then recreate the container as you did before (*Setup* step). None of your data will be lost since you're using external volumes. If Nextcloud performed a full upgrade, your apps could be disabled, enable them again **(starting with 12.0.x, your apps are automatically enabled after an upgrade)**. +Pull a newer image, then recreate the container as you did before (*Setup* step). None of your data will be lost since you're using external volumes. Nextcloud takes care of the database migration steps. ### Docker-compose I advise you to use [docker-compose](https://docs.docker.com/compose/), which is a great tool for managing containers. You can create a `docker-compose.yml` with the following content (which must be adapted to your needs) and then run `docker-compose up -d nextcloud-db`, wait some 15 seconds for the database to come up, then run everything with `docker-compose up -d`, that's it! On subsequent runs, a single `docker-compose up -d` is sufficient! @@ -136,10 +144,9 @@ networks: services: nextcloud: - image: wonderfall/nextcloud + image: hoellen/nextcloud depends_on: - nextcloud-db # If using MySQL - - solr # If using Nextant - redis # If using Redis environment: - UID=1000 @@ -149,8 +156,6 @@ services: - OPCACHE_MEM_SIZE=128 - CRON_PERIOD=15m - TZ=Europe/Berlin - - ADMIN_USER=admin # Don't set to configure through browser - - ADMIN_PASSWORD=admin # Don't set to configure through browser - DOMAIN=localhost - DB_TYPE=mysql - DB_NAME=nextcloud @@ -173,17 +178,6 @@ services: - MYSQL_DATABASE=nextcloud - MYSQL_USER=nextcloud - MYSQL_PASSWORD=supersecretpassword - - # If using Nextant - solr: - image: solr:6-alpine - container_name: solr - volumes: - - /docker/nextcloud/solr:/opt/solr/server/solr/mycores - entrypoint: - - docker-entrypoint.sh - - solr-precreate - - nextant # If using Redis redis: @@ -208,49 +202,13 @@ Redis can be used for distributed and file locking cache, alongside with APCu (l  ), ``` -### How to configure Nextant -You will have to deploy a Solr server, I've shown an example above with docker-compose. Once Nextant app is installed, go to "additional settings" in your admin pannel and use http://solr:8983/solr as "Adress of your Solr Servlet". There you go! - ### Tip : how to use occ command -There is a script for that, so you shouldn't bother to log into the container, set the right permissions, and so on. Just use `docker exec -ti nexcloud occ command`. +There is a script for that, so you shouldn't bother to log into the container, set the right permissions, and so on. Just use `docker exec -ti nextcloud occ command`. ### Reverse proxy Of course you can use your own solution! nginx, Haproxy, Caddy, h2o, Traefik... Whatever your choice is, you have to know that headers are already sent by the container, including HSTS, so there's no need to add them again. **It is strongly recommended (I'd like to say : MANDATORY) to use Nextcloud through an encrypted connection (HTTPS).** [Let's Encrypt](https://letsencrypt.org/) provides free SSL/TLS certificates, so you have no excuses. -You can take a look at my brand new image [wonderfall/reverse](https://hub.docker.com/r/wonderfall/reverse/). It was made with security and ease-of-use in mind, using the latest versions of nginx and OpenSSL. It also provides SSL/TLS automation with [lego](https://github.com/xenolf/lego), a Let's Encrypt client. Also, no need to bother about configuration files! This image does litterally everything for you. - -Look at how simple it is. First, you have to add labels to your Nextcloud container, like this: - -``` - nextcloud: - ... - labels: - - reverse.frontend.domain=cloud.domain.tld - - reverse.backend.port=8888 - - reverse.frontend.ssl=true - - reverse.frontend.ssltype=ec384 - - reverse.frontend.hsts=false -      - reverse.frontend.headers=false -``` - -These labels can tell the reverse container what settings should be set when generating files/certificates for Nextcloud. Now you can add the reverse container in your docker-compose file, and you need to provide it your `EMAIL` (for Let's Encrypt), and bind it to the nextcloud container : - -``` - reverse: - image: wonderfall/reverse - container_name: reverse - ports: - - "80:8080" - - "443:8443" - environment: - - EMAIL=admin@domain.tld - volumes: - - /docker/reverse/ssl:/nginx/ssl - - /var/run/docker.sock:/var/run/docker.sock - depends_on: -      - nextcloud -``` That's it! Did I lie to you? diff --git a/nextcloud/rootfs/nginx/sites-enabled/nginx.conf b/nextcloud/rootfs/nginx/sites-enabled/nginx.conf index 2fb15491..33d0d25f 100644 --- a/nextcloud/rootfs/nginx/sites-enabled/nginx.conf +++ b/nextcloud/rootfs/nginx/sites-enabled/nginx.conf @@ -1,15 +1,19 @@ server { listen 8888; root /nextcloud; - + fastcgi_buffers 64 4K; - - add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload"; - add_header X-Content-Type-Options nosniff; - add_header X-XSS-Protection "1; mode=block"; - add_header X-Robots-Tag none; - add_header X-Download-Options noopen; - add_header X-Permitted-Cross-Domain-Policies none; + fastcgi_hide_header X-Powered-By; + + add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;" always; + add_header Referrer-Policy "no-referrer" always; + add_header X-Content-Type-Options "nosniff" always; + add_header X-Download-Options "noopen" always; + add_header X-Frame-Options "SAMEORIGIN" always; + add_header X-Permitted-Cross-Domain-Policies "none" always; + add_header X-Robots-Tag "none" always; + add_header X-XSS-Protection "1; mode=block" always; + location = /robots.txt { allow all; @@ -17,16 +21,14 @@ server { access_log off; } - location = /.well-known/carddav { - return 301 $scheme://$host/remote.php/dav; - } + location = /.well-known/carddav { return 301 https://$host/remote.php/dav; } + location = /.well-known/caldav { return 301 https://$host/remote.php/dav; } - location = /.well-known/caldav { - return 301 $scheme://$host/remote.php/dav; - } + # Anything else is dynamically handled by Nextcloud + location ^~ /.well-known { return 301 https://$host/index.php$uri; } location / { - rewrite ^ /index.php$uri; + rewrite ^ /index.php; } location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)/ { @@ -37,39 +39,42 @@ server { deny all; } - location ~ ^/(?:index|remote|public|cron|core/ajax/update|status|ocs/v[12]|updater/.+|ocs-provider/.+|core/templates/40[34])\.php(?:$|/) { + location ~ ^/(?:index|remote|public|cron|core/ajax/update|status|ocs/v[12]|updater/.+|oc[ms]-provider/.+)\.php(?:$|/) { include /nginx/conf/fastcgi_params; fastcgi_split_path_info ^(.+\.php)(/.*)$; + set $path_info $fastcgi_path_info; + try_files $fastcgi_script_name =404; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - fastcgi_param PATH_INFO $fastcgi_path_info; + fastcgi_param PATH_INFO $path_info; fastcgi_param modHeadersAvailable true; fastcgi_param front_controller_active true; fastcgi_pass unix:/php/run/php-fpm.sock; - fastcgi_intercept_errors on; + fastcgi_intercept_errors off; fastcgi_request_buffering off; fastcgi_read_timeout 1200; } - location ~ ^/(?:updater|ocs-provider)(?:$|/) { + location ~ ^/(?:updater|oc[ms]-provider)(?:$|/) { try_files $uri/ =404; index index.php; } - location ~* \.(?:css|js)$ { - try_files $uri /index.php$uri$is_args$args; - add_header Cache-Control "public, max-age=7200"; - add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;"; - add_header X-Frame-Options "SAMEORIGIN"; - add_header X-Content-Type-Options nosniff; - add_header X-XSS-Protection "1; mode=block"; - add_header X-Robots-Tag none; - add_header X-Download-Options noopen; - add_header X-Permitted-Cross-Domain-Policies none; + location ~ \.(?:css|js|woff2?|svg|gif|map)$ { + try_files $uri /index.php$request_uri; + add_header Cache-Control "public, max-age=15778463"; + add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;" always; + add_header Referrer-Policy "no-referrer" always; + add_header X-Content-Type-Options "nosniff" always; + add_header X-Download-Options "noopen" always; + add_header X-Frame-Options "SAMEORIGIN" always; + add_header X-Permitted-Cross-Domain-Policies "none" always; + add_header X-Robots-Tag "none" always; + add_header X-XSS-Protection "1; mode=block" always; access_log off; } - location ~* \.(?:svg|gif|png|html|ttf|woff|ico|jpg|jpeg)$ { - try_files $uri /index.php$uri$is_args$args; + location ~ \.(?:png|html|ttf|ico|jpg|jpeg|bcmap|mp4|webm)$ { + try_files $uri /index.php$request_uri; access_log off; } } diff --git a/nextcloud/rootfs/php/conf.d/apcu.ini b/nextcloud/rootfs/php/conf.d/apcu.ini index 1bf9b49d..145b47e6 100644 --- a/nextcloud/rootfs/php/conf.d/apcu.ini +++ b/nextcloud/rootfs/php/conf.d/apcu.ini @@ -1,4 +1,5 @@ extension=apcu.so apc.enabled=1 +apc.enable_cli=1 apc.shm_size= apc.ttl=7200 diff --git a/nextcloud/rootfs/php/conf.d/opcache.ini b/nextcloud/rootfs/php/conf.d/opcache.ini index d77112b7..6deabb37 100644 --- a/nextcloud/rootfs/php/conf.d/opcache.ini +++ b/nextcloud/rootfs/php/conf.d/opcache.ini @@ -1,8 +1,8 @@ zend_extension=opcache.so opcache.enable=1 opcache.enable_cli=1 -opcache.fast_shutdown=1 opcache.memory_consumption= opcache.interned_strings_buffer=16 +opcache.save_comments=1 opcache.max_accelerated_files=10000 opcache.revalidate_freq=60 diff --git a/nextcloud/rootfs/usr/local/bin/run.sh b/nextcloud/rootfs/usr/local/bin/run.sh index b0e632f8..3adf2b38 100644 --- a/nextcloud/rootfs/usr/local/bin/run.sh +++ b/nextcloud/rootfs/usr/local/bin/run.sh @@ -6,11 +6,16 @@ sed -i -e "s//$APC_SHM_SIZE/g" /php/conf.d/apcu.ini \ -e "s//$CRON_PERIOD/g" /etc/s6.d/cron/run \ -e "s//$MEMORY_LIMIT/g" /usr/local/bin/occ \ -e "s//$UPLOAD_MAX_SIZE/g" /nginx/conf/nginx.conf /php/etc/php-fpm.conf \ - -e "s//$MEMORY_LIMIT/g" /php/etc/php-fpm.conf + -e "s//$MEMORY_LIMIT/g" /php/etc/php-fpm.conf \ + -e "s//$PHP_MAX_CHILDREN/g" /php/etc/php-fpm.conf \ + -e "s//$PHP_START_SERVERS/g" /php/etc/php-fpm.conf \ + -e "s//$PHP_MIN_SPARE_SERVERS/g" /php/etc/php-fpm.conf \ + -e "s//$PHP_MAX_SPARE_SERVERS/g" /php/etc/php-fpm.conf # Put the configuration and apps into volumes ln -sf /config/config.php /nextcloud/config/config.php &>/dev/null ln -sf /apps2 /nextcloud &>/dev/null +chown -h $UID:$GID /nextcloud/config/config.php /nextcloud/apps2 # Create folder for php sessions if not exists if [ ! -d /data/session ]; then @@ -19,6 +24,10 @@ fi echo "Updating permissions..." for dir in /nextcloud /data /config /apps2 /var/log /php /nginx /tmp /etc/s6.d; do + if [ "$dir" = "/data" ] && [ "$CHECK_PERMISSIONS" = "0" ]; then + echo "WARNING: Skip checking permissions for /data" + continue + fi if $(find $dir ! -user $UID -o ! -group $GID|egrep '.' -q); then echo "Updating permissions in $dir..." chown -R $UID:$GID $dir @@ -28,6 +37,14 @@ for dir in /nextcloud /data /config /apps2 /var/log /php /nginx /tmp /etc/s6.d; done echo "Done updating permissions." +echo "Check for UserID ${UID}" +if ! $(grep ":${UID}:" /etc/passwd 1>/dev/null 2>&1); then + echo "Creating user nextcloud with UID=${UID} and GID=${GID}." + /usr/sbin/adduser -g ${GID} -u ${UID} --disabled-password --gecos "" nextcloud +else + echo "An existing user with UID=${UID} was found, nothing to do." +fi + if [ ! -f /config/config.php ]; then # New installation, run the setup /usr/local/bin/setup.sh diff --git a/nextcloud/rootfs/usr/local/bin/setup.sh b/nextcloud/rootfs/usr/local/bin/setup.sh index df299926..636c1ef0 100755 --- a/nextcloud/rootfs/usr/local/bin/setup.sh +++ b/nextcloud/rootfs/usr/local/bin/setup.sh @@ -8,7 +8,8 @@ CONFIGFILE=/config/config.php # Create an initial configuration file. -instanceid=oc$(echo $PRIMARY_HOSTNAME | sha1sum | fold -w 10 | head -n 1) +instanceid=oc$(openssl rand -hex 6 | head -c 10) + cat > $CONFIGFILE < This image is build and push with [drone.io](https://github.com/drone/drone), a circle-ci like self-hosted. -> If you don't trust, you can build yourself. - ## Description What is [Nginx](http://nginx.org)? diff --git a/nginx-php/7.1/rootfs/etc/s6.d/.s6-svscan/finish b/nginx-php/rootfs/etc/s6.d/.s6-svscan/finish similarity index 100% rename from nginx-php/7.1/rootfs/etc/s6.d/.s6-svscan/finish rename to nginx-php/rootfs/etc/s6.d/.s6-svscan/finish diff --git a/kippo-graph/s6.d/nginx/run b/nginx-php/rootfs/etc/s6.d/nginx/run similarity index 100% rename from kippo-graph/s6.d/nginx/run rename to nginx-php/rootfs/etc/s6.d/nginx/run diff --git a/nginx-php/7.1/rootfs/etc/s6.d/php/run b/nginx-php/rootfs/etc/s6.d/php/run similarity index 100% rename from nginx-php/7.1/rootfs/etc/s6.d/php/run rename to nginx-php/rootfs/etc/s6.d/php/run diff --git a/nginx-php/7.1/rootfs/nginx/conf.d/php.conf b/nginx-php/rootfs/nginx/conf.d/php.conf similarity index 100% rename from nginx-php/7.1/rootfs/nginx/conf.d/php.conf rename to nginx-php/rootfs/nginx/conf.d/php.conf diff --git a/nginx-php/7.1/rootfs/nginx/conf/nginx.conf b/nginx-php/rootfs/nginx/conf/nginx.conf similarity index 100% rename from nginx-php/7.1/rootfs/nginx/conf/nginx.conf rename to nginx-php/rootfs/nginx/conf/nginx.conf diff --git a/nginx-php/7.1/rootfs/php/etc/php-fpm.conf b/nginx-php/rootfs/php/etc/php-fpm.conf similarity index 75% rename from nginx-php/7.1/rootfs/php/etc/php-fpm.conf rename to nginx-php/rootfs/php/etc/php-fpm.conf index 215e2640..4e68ce2b 100644 --- a/nginx-php/7.1/rootfs/php/etc/php-fpm.conf +++ b/nginx-php/rootfs/php/etc/php-fpm.conf @@ -5,10 +5,10 @@ error_log = /php/logs/error.log [www] listen = /php/run/php-fpm.sock pm = dynamic -pm.max_children = 15 -pm.start_servers = 2 -pm.min_spare_servers = 1 -pm.max_spare_servers = 6 +pm.max_children = +pm.start_servers = +pm.min_spare_servers = +pm.max_spare_servers = chdir = / request_terminate_timeout = 0 env[PATH] = /usr/local/bin:/usr/bin:/bin diff --git a/nginx-php/7.1/rootfs/usr/local/bin/docker-php-ext-configure b/nginx-php/rootfs/usr/local/bin/docker-php-ext-configure similarity index 100% rename from nginx-php/7.1/rootfs/usr/local/bin/docker-php-ext-configure rename to nginx-php/rootfs/usr/local/bin/docker-php-ext-configure diff --git a/nginx-php/7.1/rootfs/usr/local/bin/docker-php-ext-enable b/nginx-php/rootfs/usr/local/bin/docker-php-ext-enable similarity index 100% rename from nginx-php/7.1/rootfs/usr/local/bin/docker-php-ext-enable rename to nginx-php/rootfs/usr/local/bin/docker-php-ext-enable diff --git a/nginx-php/7.1/rootfs/usr/local/bin/docker-php-ext-install b/nginx-php/rootfs/usr/local/bin/docker-php-ext-install similarity index 100% rename from nginx-php/7.1/rootfs/usr/local/bin/docker-php-ext-install rename to nginx-php/rootfs/usr/local/bin/docker-php-ext-install diff --git a/piwik/Dockerfile b/piwik/Dockerfile deleted file mode 100644 index a2d40e2a..00000000 --- a/piwik/Dockerfile +++ /dev/null @@ -1,57 +0,0 @@ -FROM wonderfall/nginx-php:7.1 - -ARG VERSION=3.2.0 -ARG GPG_matthieu="814E 346F A01A 20DB B04B 6807 B5DB D592 5590 A237" - -ENV UID=991 GID=991 \ - UPLOAD_MAX_SIZE=10M \ - MEMORY_LIMIT=256M \ - OPCACHE_MEM_SIZE=128M - -RUN BUILD_DEPS=" \ - git \ - tar \ - build-base \ - autoconf \ - geoip-dev \ - libressl \ - ca-certificates \ - gnupg" \ - && apk -U upgrade && apk add \ - ${BUILD_DEPS} \ - geoip \ - tzdata \ - && pecl install geoip-1.1.1 \ - && echo 'extension=geoip.so' >> /php/conf.d/geoip.ini \ - && mkdir /piwik && cd /tmp \ - && PIWIK_TARBALL="piwik-${VERSION}.tar.gz" \ - && wget -q https://builds.piwik.org/${PIWIK_TARBALL} \ - && wget -q https://builds.piwik.org/${PIWIK_TARBALL}.asc \ - && wget -q https://builds.piwik.org/signature.asc \ - && echo "Verifying authenticity of ${PIWIK_TARBALL}..." \ - && gpg --import signature.asc \ - && FINGERPRINT="$(LANG=C gpg --verify ${PIWIK_TARBALL}.asc ${PIWIK_TARBALL} 2>&1 \ - | sed -n "s#Primary key fingerprint: \(.*\)#\1#p")" \ - && if [ -z "${FINGERPRINT}" ]; then echo "Warning! Invalid GPG signature!" && exit 1; fi \ - && if [ "${FINGERPRINT}" != "${GPG_matthieu}" ]; then echo "Warning! Wrong GPG fingerprint!" && exit 1; fi \ - && echo "All seems good, now unpacking ${PIWIK_TARBALL}..." \ - && tar xzf ${PIWIK_TARBALL} --strip 1 -C /piwik \ - && wget -q https://geolite.maxmind.com/download/geoip/database/GeoLiteCity.dat.gz -P /usr/share/GeoIP/ \ - && gzip -d /usr/share/GeoIP/GeoLiteCity.dat.gz \ - && mv /usr/share/GeoIP/GeoLiteCity.dat /usr/share/GeoIP/GeoIPCity.dat \ - && apk del ${BUILD_DEPS} php7-dev php7-pear \ - && rm -rf /var/cache/apk/* /tmp/* /root/.gnupg - -COPY rootfs / - -RUN chmod +x /usr/local/bin/run.sh /etc/s6.d/*/* /etc/s6.d/.s6-svscan/* - -VOLUME /config - -EXPOSE 8888 - -LABEL description "Open web analytics platform" \ - piwik "Piwik v${VERSION}" \ - maintainer="Wonderfall " - -CMD ["run.sh"] diff --git a/piwik/README.md b/piwik/README.md deleted file mode 100644 index 3724e8a2..00000000 --- a/piwik/README.md +++ /dev/null @@ -1,68 +0,0 @@ -## wonderfall/piwik - -![](https://i.goopics.net/m3.png) - -#### What is this? -It is a web analytics platform. Piwik respects your privacy and gives you full control over your data. - -#### Features -- Based on Alpine Linux. -- Latest Piwik stable. -- nginx stable + PHP7. -- mysql drivers (server not built-in). -- Latest GeoLite City Database from maxmind.com. - -#### Build-time variables -- **VERSION** : version of Piwik -- **GPG_matthieu** : fingerprint of signing key - -#### Environment variables -- **GID** : piwik group id *(default : 991)* -- **UID** : piwik user id *(default : 991)* - -#### Volumes -- **/config** : configuration files - -#### Update -Piwik can update itself. It works well. I'm also maintaing this Dockerfile, so if you don't want to do upgrades directly from Piwik, you can recreate the container as well whenever I push an update. - -#### Configuration -According to Piwik, everything should be fine running this image. You shoudn't have any difficulties to setup your own instance of Piwik. Your `/config/config.ini.php` overwrites the one (in `/piwik/config`)used by Piwik each time the container is started. Moreover, the old config.ini.php is saved as `/config/config.ini.php.bkp` if you want to revert last changes. This should also guarantee transparency through Piwik's updates. - -If you're running Piwik behind a reverse proxy (most likely you do), add this to your `config.ini.php` : - -``` -[General] -#assume_secure_protocol = 1 #uncomment if you use https -proxy_client_headers[] = HTTP_X_FORWARDED_FOR -proxy_client_headers[] = HTTP_X_REAL_IP -proxy_host_headers[] = HTTP_X_FORWARDED_HOST -``` - -#### Reverse proxy -Use port **8888**. -https://github.com/Wonderfall/dockerfiles/tree/master/reverse -https://github.com/hardware/mailserver/wiki/Reverse-proxy-configuration - -#### Docker Compose (example) -``` -piwik: - image: wonderfall/piwik - links: - - db_piwik:db_piwik - volumes: - - /mnt/docker/piwik/config:/config - environment: - - GID=1000 - - UID=1000 - -db_piwik: - image: mariadb:10 - volumes: - - /mnt/docker/piwik/db:/var/lib/mysql - environment: - - MYSQL_ROOT_PASSWORD=asupersecretpassword - - MYSQL_DATABASE=piwik - - MYSQL_USER=piwik - - MYSQL_PASSWORD=asupersecretpassword -``` diff --git a/piwik/rootfs/usr/local/bin/run.sh b/piwik/rootfs/usr/local/bin/run.sh deleted file mode 100644 index 887825e8..00000000 --- a/piwik/rootfs/usr/local/bin/run.sh +++ /dev/null @@ -1,13 +0,0 @@ -#!/bin/sh -sed -i -e "s//$UPLOAD_MAX_SIZE/g" /nginx/conf/nginx.conf /php/etc/php-fpm.conf \ - -e "s//$MEMORY_LIMIT/g" /php/etc/php-fpm.conf \ - -e "s//$OPCACHE_MEM_SIZE/g" /php/conf.d/opcache.ini - -if [ ! -f /config/config.ini.php ]; then - cp /piwik/config/config.ini.php /config/config.ini.php -fi - -ln -s /config/config.ini.php /piwik/config/config.ini.php -mv piwik fix && mv fix piwik # fix strange bug -chown -R $UID:$GID /piwik /config /var/log /php /nginx /tmp /usr/share/GeoIP /etc/s6.d -exec su-exec $UID:$GID /bin/s6-svscan /etc/s6.d diff --git a/privatebin/Dockerfile b/privatebin/Dockerfile index 7c1f8883..649fd533 100644 --- a/privatebin/Dockerfile +++ b/privatebin/Dockerfile @@ -1,30 +1,45 @@ -FROM wonderfall/nginx-php +FROM hoellen/nginx-php -ARG PRIVATEBIN_VER=1.1.1 +ARG PRIVATEBIN_VER=1.3.5 ENV GID=991 UID=991 \ UPLOAD_MAX_SIZE=10M \ - MEMORY_LIMIT=128M + MEMORY_LIMIT=128M \ + PHP_MAX_CHILDREN=15 \ + PHP_START_SERVERS=2 \ + PHP_MIN_SPARE_SERVERS=1 \ + PHP_MAX_SPARE_SERVERS=6 -RUN echo " https://nl.alpinelinux.org/alpine/edge/testing" >> /etc/apk/repositories \ - && BUILD_DEPS="tar libressl ca-certificates" \ +RUN BUILD_DEPS="tar gnupg" \ && apk -U upgrade && apk add $BUILD_DEPS \ - && mkdir privatebin && cd privatebin \ - && wget -qO- https://github.com/PrivateBin/PrivateBin/archive/${PRIVATEBIN_VER}.tar.gz | tar xz --strip 1 \ - && mv cfg/conf.ini.sample cfg/conf.ini \ + && mkdir -p privatebin/data privatebin/cfg \ + && export GNUPGHOME="$(mktemp -d)" \ + && gpg2 --list-public-keys || /bin/true \ + && wget -qO- https://privatebin.info/key/release.asc | gpg2 --import - \ + && wget -qO /privatebin.tar.gz.asc https://github.com/PrivateBin/PrivateBin/releases/download/${PRIVATEBIN_VER}/PrivateBin-${PRIVATEBIN_VER}.tar.gz.asc \ + && wget -qO /privatebin.tar.gz https://github.com/PrivateBin/PrivateBin/archive/${PRIVATEBIN_VER}.tar.gz \ + && gpg2 --verify /privatebin.tar.gz.asc \ + && cd srv \ + && tar -xzf /privatebin.tar.gz --strip 1 \ + && mv cfg /privatebin \ + && mv lib /privatebin \ + && mv tpl /privatebin \ + && mv vendor /privatebin \ + && sed -i "s#define('PATH', '');#define('PATH', '/privatebin/');#" index.php \ && apk del $BUILD_DEPS \ - && rm -f /var/cache/apk/* + && rm -rf /var/cache/apk/* *.md /privatebin.tar.gz* "${GNUPGHOME}" COPY rootfs / RUN chmod +x /usr/local/bin/run.sh /etc/s6.d/*/* /etc/s6.d/.s6-svscan/* -VOLUME /privatebin/data /php/session +# mark dirs as volumes that need to be writable, allows running the container --read-only +VOLUME /privatebin/data /php /nginx /tmp /etc/s6.d EXPOSE 8888 -LABEL maintainer="Wonderfall " \ +LABEL maintainer="hoellen " \ description="A minimalist, open source online pastebin where the server has zero knowledge of pasted data" \ - version="PrivateBin 1.1.1" + version="PrivateBin 1.3" CMD ["run.sh"] diff --git a/privatebin/README.md b/privatebin/README.md index 70808c04..b3c87cf2 100644 --- a/privatebin/README.md +++ b/privatebin/README.md @@ -1,11 +1,13 @@ -## wonderfall/privatebin +## hoellen/privatebin Paste securely. #### Features -- Based on Alpine Linux (wonderfall/nginx-php image) +- Based on Alpine Linux (hoellen/nginx-php image) - Uses [PrivateBin](https://github.com/PrivateBin/PrivateBin), originally a fork of zerobin by elrido. -- Bundled with nginx and PHP7.1. +- GPG signature check +- separate /data directory +- Bundled with nginx and PHP #### Build-time variables - **PRIVATEBIN_VER** : version of PrivateBin diff --git a/privatebin/rootfs/nginx/sites-enabled/nginx.conf b/privatebin/rootfs/nginx/sites-enabled/nginx.conf index 8765f488..6e923cef 100644 --- a/privatebin/rootfs/nginx/sites-enabled/nginx.conf +++ b/privatebin/rootfs/nginx/sites-enabled/nginx.conf @@ -1,33 +1,33 @@ server { - listen 8888; - root /privatebin; - index index.php index.html; + listen 8888; + root /srv; + index index.php; - location ~* \.(jpg|jpeg|gif|css|png|js|map|woff|woff2|ttf|svg|eot)$ { - expires 30d; - access_log off; - } + location ~* \.(jpg|jpeg|gif|css|png|js|map|woff|woff2|ttf|svg|eot)$ { + expires 30d; + access_log off; + } - location ~ ^/(data|cfg|tmp) { - deny all; - } - - location ~* /(.*)\.(?:markdown|md|twig|yaml|yml|ht|htaccess|ini)$ { - deny all; - } - - location ~ /\. { - deny all; - } + location ~ ^/(data|cfg|tmp) { + deny all; + } - location / { - try_files $uri $uri/ /index.php; - } + location ~* /(.*)\.(?:markdown|md|twig|yaml|yml|ht|htaccess|ini)$ { + deny all; + } - location ~ \.php$ { - fastcgi_index index.php; - fastcgi_pass unix:/php/run/php-fpm.sock; - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - include /nginx/conf/fastcgi_params; - } + location ~ /\. { + deny all; + } + + location / { + try_files $uri $uri/ /index.php; + } + + location ~ \.php$ { + fastcgi_index index.php; + fastcgi_pass unix:/php/run/php-fpm.sock; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + include /nginx/conf/fastcgi_params; + } } diff --git a/privatebin/rootfs/usr/local/bin/run.sh b/privatebin/rootfs/usr/local/bin/run.sh index 277b8345..e453f2d1 100644 --- a/privatebin/rootfs/usr/local/bin/run.sh +++ b/privatebin/rootfs/usr/local/bin/run.sh @@ -1,6 +1,10 @@ #!/bin/sh sed -i -e "s//$UPLOAD_MAX_SIZE/g" /nginx/conf/nginx.conf /php/etc/php-fpm.conf \ - -e "s//$MEMORY_LIMIT/g" /php/etc/php-fpm.conf + -e "s//$MEMORY_LIMIT/g" /php/etc/php-fpm.conf \ + -e "s//$PHP_MAX_CHILDREN/g" /php/etc/php-fpm.conf \ + -e "s//$PHP_START_SERVERS/g" /php/etc/php-fpm.conf \ + -e "s//$PHP_MIN_SPARE_SERVERS/g" /php/etc/php-fpm.conf \ + -e "s//$PHP_MAX_SPARE_SERVERS/g" /php/etc/php-fpm.conf -chown -R $UID:$GID /privatebin /nginx /php /tmp /etc/s6.d +chown -R $UID:$GID /privatebin/data /nginx /php /tmp /etc/s6.d exec su-exec $UID:$GID /bin/s6-svscan /etc/s6.d diff --git a/searx/Dockerfile b/searx/Dockerfile.Latest similarity index 77% rename from searx/Dockerfile rename to searx/Dockerfile.Latest index aa19333e..b108624a 100644 --- a/searx/Dockerfile +++ b/searx/Dockerfile.Latest @@ -1,6 +1,6 @@ -FROM alpine:3.6 +FROM alpine:3.13 -ARG VERSION=0.12.0 +ARG VERSION=1.0.0 ENV BASE_URL=False IMAGE_PROXY=False \ UID=991 GID=991 @@ -8,23 +8,27 @@ ENV BASE_URL=False IMAGE_PROXY=False \ RUN apk -U upgrade \ && apk add -t build-dependencies \ build-base \ - python-dev \ + python3-dev \ libffi-dev \ libxslt-dev \ libxml2-dev \ + protoc \ + protobuf-dev \ openssl-dev \ tar \ ca-certificates \ && apk add \ su-exec \ - python \ + python3 \ + py-pip \ + protobuf \ libxml2 \ libxslt \ openssl \ tini \ - py2-pip \ && mkdir /usr/local/searx && cd /usr/local/searx \ && wget -qO- https://github.com/asciimoo/searx/archive/v${VERSION}.tar.gz | tar xz --strip 1 \ + && pip install --upgrade setuptools pip \ && pip install --no-cache -r requirements.txt \ && sed -i "s/127.0.0.1/0.0.0.0/g" searx/settings.yml \ && apk del build-dependencies \ @@ -36,6 +40,6 @@ RUN chmod +x /usr/local/bin/run.sh EXPOSE 8888 -LABEL maintainer="Wonderfall " +LABEL maintainer="hoellen " CMD ["run.sh"] diff --git a/searx/Dockerfile.Master b/searx/Dockerfile.Master new file mode 100644 index 00000000..25c321d5 --- /dev/null +++ b/searx/Dockerfile.Master @@ -0,0 +1,45 @@ +FROM alpine:3.13 + +ARG VERSION=master + +ENV BASE_URL=False IMAGE_PROXY=False \ + UID=991 GID=991 + +RUN apk -U upgrade \ + && apk add -t build-dependencies \ + build-base \ + python3-dev \ + libffi-dev \ + libxslt-dev \ + libxml2-dev \ + protoc \ + protobuf-dev \ + openssl-dev \ + git \ + ca-certificates \ + && apk add \ + su-exec \ + python3 \ + py-pip \ + protobuf \ + libxml2 \ + libxslt \ + openssl \ + tini \ + && mkdir /usr/local/searx && cd /usr/local/searx \ + && git clone https://github.com/asciimoo/searx/ . \ + && pip install --upgrade setuptools pip \ + && pip install --no-cache -r requirements.txt \ + && sed -i "s/127.0.0.1/0.0.0.0/g" searx/settings.yml \ + && apk del build-dependencies \ + && rm -f /var/cache/apk/* + +COPY run.sh /usr/local/bin/run.sh + +RUN chmod +x /usr/local/bin/run.sh + +EXPOSE 8888 + +LABEL maintainer="hoellen " + +CMD ["run.sh"] diff --git a/searx/README.md b/searx/README.md index 969489c2..ae70fa60 100644 --- a/searx/README.md +++ b/searx/README.md @@ -1,16 +1,23 @@ -## wonderfall/searx +## hoellen/searx ![](https://i.goopics.net/ls.png) #### What is searx? Searx is a metasearch engine, inspired by the seeks project. -It provides basic privacy by mixing your queries with searches on other platforms without storing search data. Queries are made using a POST request on every browser (except chrome*). Therefore they show up in neither our logs, nor your url history. In case of Chrome* users there is an exception, Searx uses the search bar to perform GET requests. Searx can be added to your browser's search bar; moreover, it can be set as the default search engine. +It provides basic privacy by mixing your queries with searches on other platforms without storing search data. Queries are made using a POST request on every browser (except chrome*). Therefore they show up in neither our logs, nor your url history. In case of Chrome* users there is an exception, Searx uses the search bar to perform GET requests. Searx can be added to your browser's search bar; moreover, it can be set as the default search engine. #### Features - Based on Alpine Linux. +- Based on discontinued wonderfall/searx (thanks!). - Latest code from [asciimoo/searx](https://github.com/asciimoo/searx) - A unique secret key is generated when booting the first time. +#### Tags +- **latest** : latest stable version (0.15) +- **master** : latest code from master branch + +`latest` and `master` are built weekly. For security reasons, you should occasionally update the container, even if you have the latest version of Searx. + #### Build-time variables - **VERSION** : Searx version diff --git a/searx/run.sh b/searx/run.sh index bb275ff0..f65723c6 100644 --- a/searx/run.sh +++ b/searx/run.sh @@ -4,4 +4,4 @@ sed -i -e "s|base_url : False|base_url : ${BASE_URL}|g" \ -e "s/ultrasecretkey/$(openssl rand -hex 16)/g" \ /usr/local/searx/searx/settings.yml -exec su-exec $UID:$GID /sbin/tini -- python /usr/local/searx/searx/webapp.py +exec su-exec $UID:$GID /sbin/tini -- python3 /usr/local/searx/searx/webapp.py diff --git a/cowrie/Dockerfile b/unmaintained/cowrie/Dockerfile similarity index 100% rename from cowrie/Dockerfile rename to unmaintained/cowrie/Dockerfile diff --git a/cowrie/README.md b/unmaintained/cowrie/README.md similarity index 100% rename from cowrie/README.md rename to unmaintained/cowrie/README.md diff --git a/cowrie/run.sh b/unmaintained/cowrie/run.sh similarity index 100% rename from cowrie/run.sh rename to unmaintained/cowrie/run.sh diff --git a/cryptpad/Dockerfile b/unmaintained/cryptpad/Dockerfile similarity index 96% rename from cryptpad/Dockerfile rename to unmaintained/cryptpad/Dockerfile index e3be8302..517fca0c 100644 --- a/cryptpad/Dockerfile +++ b/unmaintained/cryptpad/Dockerfile @@ -1,6 +1,6 @@ FROM alpine:3.6 -ARG VERSION=1.13.0 +ARG VERSION=1.20.0 ENV UID=991 GID=991 diff --git a/cryptpad/README.md b/unmaintained/cryptpad/README.md similarity index 100% rename from cryptpad/README.md rename to unmaintained/cryptpad/README.md diff --git a/cryptpad/run.sh b/unmaintained/cryptpad/run.sh similarity index 100% rename from cryptpad/run.sh rename to unmaintained/cryptpad/run.sh diff --git a/freshrss/Dockerfile b/unmaintained/freshrss/Dockerfile similarity index 100% rename from freshrss/Dockerfile rename to unmaintained/freshrss/Dockerfile diff --git a/freshrss/README.md b/unmaintained/freshrss/README.md similarity index 100% rename from freshrss/README.md rename to unmaintained/freshrss/README.md diff --git a/freshrss/rootfs/etc/s6.d/cron/run b/unmaintained/freshrss/rootfs/etc/s6.d/cron/run similarity index 100% rename from freshrss/rootfs/etc/s6.d/cron/run rename to unmaintained/freshrss/rootfs/etc/s6.d/cron/run diff --git a/freshrss/rootfs/nginx/sites-enabled/nginx.conf b/unmaintained/freshrss/rootfs/nginx/sites-enabled/nginx.conf similarity index 100% rename from freshrss/rootfs/nginx/sites-enabled/nginx.conf rename to unmaintained/freshrss/rootfs/nginx/sites-enabled/nginx.conf diff --git a/freshrss/rootfs/usr/local/bin/run.sh b/unmaintained/freshrss/rootfs/usr/local/bin/run.sh similarity index 100% rename from freshrss/rootfs/usr/local/bin/run.sh rename to unmaintained/freshrss/rootfs/usr/local/bin/run.sh diff --git a/ghost/Dockerfile b/unmaintained/ghost/Dockerfile similarity index 100% rename from ghost/Dockerfile rename to unmaintained/ghost/Dockerfile diff --git a/ghost/README.md b/unmaintained/ghost/README.md similarity index 100% rename from ghost/README.md rename to unmaintained/ghost/README.md diff --git a/ghost/rootfs/etc/s6.d/.s6-svscan/finish b/unmaintained/ghost/rootfs/etc/s6.d/.s6-svscan/finish similarity index 100% rename from ghost/rootfs/etc/s6.d/.s6-svscan/finish rename to unmaintained/ghost/rootfs/etc/s6.d/.s6-svscan/finish diff --git a/ghost/rootfs/etc/s6.d/ghost/run b/unmaintained/ghost/rootfs/etc/s6.d/ghost/run similarity index 100% rename from ghost/rootfs/etc/s6.d/ghost/run rename to unmaintained/ghost/rootfs/etc/s6.d/ghost/run diff --git a/ghost/rootfs/usr/local/bin/run.sh b/unmaintained/ghost/rootfs/usr/local/bin/run.sh similarity index 100% rename from ghost/rootfs/usr/local/bin/run.sh rename to unmaintained/ghost/rootfs/usr/local/bin/run.sh diff --git a/ghost/rootfs/usr/local/etc/disqus.conf b/unmaintained/ghost/rootfs/usr/local/etc/disqus.conf similarity index 100% rename from ghost/rootfs/usr/local/etc/disqus.conf rename to unmaintained/ghost/rootfs/usr/local/etc/disqus.conf diff --git a/ghost/rootfs/usr/local/etc/ghost.example.conf b/unmaintained/ghost/rootfs/usr/local/etc/ghost.example.conf similarity index 100% rename from ghost/rootfs/usr/local/etc/ghost.example.conf rename to unmaintained/ghost/rootfs/usr/local/etc/ghost.example.conf diff --git a/ghost/rootfs/usr/local/etc/isso.conf b/unmaintained/ghost/rootfs/usr/local/etc/isso.conf similarity index 100% rename from ghost/rootfs/usr/local/etc/isso.conf rename to unmaintained/ghost/rootfs/usr/local/etc/isso.conf diff --git a/isso/Dockerfile b/unmaintained/isso/Dockerfile similarity index 100% rename from isso/Dockerfile rename to unmaintained/isso/Dockerfile diff --git a/isso/README.md b/unmaintained/isso/README.md similarity index 100% rename from isso/README.md rename to unmaintained/isso/README.md diff --git a/isso/run.sh b/unmaintained/isso/run.sh similarity index 100% rename from isso/run.sh rename to unmaintained/isso/run.sh diff --git a/kippo-graph/Dockerfile b/unmaintained/kippo-graph/Dockerfile similarity index 100% rename from kippo-graph/Dockerfile rename to unmaintained/kippo-graph/Dockerfile diff --git a/kippo-graph/README.md b/unmaintained/kippo-graph/README.md similarity index 100% rename from kippo-graph/README.md rename to unmaintained/kippo-graph/README.md diff --git a/kippo-graph/nginx.conf b/unmaintained/kippo-graph/nginx.conf similarity index 100% rename from kippo-graph/nginx.conf rename to unmaintained/kippo-graph/nginx.conf diff --git a/kippo-graph/php-fpm.conf b/unmaintained/kippo-graph/php-fpm.conf similarity index 100% rename from kippo-graph/php-fpm.conf rename to unmaintained/kippo-graph/php-fpm.conf diff --git a/kippo-graph/run.sh b/unmaintained/kippo-graph/run.sh similarity index 100% rename from kippo-graph/run.sh rename to unmaintained/kippo-graph/run.sh diff --git a/kippo-graph/s6.d/.s6-svscan/finish b/unmaintained/kippo-graph/s6.d/.s6-svscan/finish similarity index 100% rename from kippo-graph/s6.d/.s6-svscan/finish rename to unmaintained/kippo-graph/s6.d/.s6-svscan/finish diff --git a/lychee/s6.d/nginx/run b/unmaintained/kippo-graph/s6.d/nginx/run similarity index 100% rename from lychee/s6.d/nginx/run rename to unmaintained/kippo-graph/s6.d/nginx/run diff --git a/kippo-graph/s6.d/php/run b/unmaintained/kippo-graph/s6.d/php/run similarity index 100% rename from kippo-graph/s6.d/php/run rename to unmaintained/kippo-graph/s6.d/php/run diff --git a/libresonic/Dockerfile b/unmaintained/libresonic/Dockerfile similarity index 100% rename from libresonic/Dockerfile rename to unmaintained/libresonic/Dockerfile diff --git a/libresonic/README.md b/unmaintained/libresonic/README.md similarity index 100% rename from libresonic/README.md rename to unmaintained/libresonic/README.md diff --git a/libresonic/run.sh b/unmaintained/libresonic/run.sh similarity index 100% rename from libresonic/run.sh rename to unmaintained/libresonic/run.sh diff --git a/lychee/Dockerfile b/unmaintained/lychee/Dockerfile similarity index 100% rename from lychee/Dockerfile rename to unmaintained/lychee/Dockerfile diff --git a/lychee/README.md b/unmaintained/lychee/README.md similarity index 100% rename from lychee/README.md rename to unmaintained/lychee/README.md diff --git a/lychee/nginx.conf b/unmaintained/lychee/nginx.conf similarity index 100% rename from lychee/nginx.conf rename to unmaintained/lychee/nginx.conf diff --git a/lychee/php-fpm.conf b/unmaintained/lychee/php-fpm.conf similarity index 100% rename from lychee/php-fpm.conf rename to unmaintained/lychee/php-fpm.conf diff --git a/lychee/run.sh b/unmaintained/lychee/run.sh similarity index 100% rename from lychee/run.sh rename to unmaintained/lychee/run.sh diff --git a/lychee/s6.d/.s6-svscan/finish b/unmaintained/lychee/s6.d/.s6-svscan/finish similarity index 100% rename from lychee/s6.d/.s6-svscan/finish rename to unmaintained/lychee/s6.d/.s6-svscan/finish diff --git a/nginx-php/7.1/rootfs/etc/s6.d/nginx/run b/unmaintained/lychee/s6.d/nginx/run similarity index 100% rename from nginx-php/7.1/rootfs/etc/s6.d/nginx/run rename to unmaintained/lychee/s6.d/nginx/run diff --git a/lychee/s6.d/php/run b/unmaintained/lychee/s6.d/php/run similarity index 100% rename from lychee/s6.d/php/run rename to unmaintained/lychee/s6.d/php/run diff --git a/mastodon/Dockerfile.master b/unmaintained/mastodon/Dockerfile.master similarity index 100% rename from mastodon/Dockerfile.master rename to unmaintained/mastodon/Dockerfile.master diff --git a/mastodon/Dockerfile.stable b/unmaintained/mastodon/Dockerfile.stable similarity index 100% rename from mastodon/Dockerfile.stable rename to unmaintained/mastodon/Dockerfile.stable diff --git a/mastodon/Dockerfile.targaryen b/unmaintained/mastodon/Dockerfile.targaryen similarity index 100% rename from mastodon/Dockerfile.targaryen rename to unmaintained/mastodon/Dockerfile.targaryen diff --git a/mastodon/README.md b/unmaintained/mastodon/README.md similarity index 100% rename from mastodon/README.md rename to unmaintained/mastodon/README.md diff --git a/mastodon/rootfs/etc/s6.d/.s6-svscan/finish b/unmaintained/mastodon/rootfs/etc/s6.d/.s6-svscan/finish similarity index 100% rename from mastodon/rootfs/etc/s6.d/.s6-svscan/finish rename to unmaintained/mastodon/rootfs/etc/s6.d/.s6-svscan/finish diff --git a/mastodon/rootfs/etc/s6.d/sidekiq/run b/unmaintained/mastodon/rootfs/etc/s6.d/sidekiq/run similarity index 100% rename from mastodon/rootfs/etc/s6.d/sidekiq/run rename to unmaintained/mastodon/rootfs/etc/s6.d/sidekiq/run diff --git a/mastodon/rootfs/etc/s6.d/streaming/run b/unmaintained/mastodon/rootfs/etc/s6.d/streaming/run similarity index 100% rename from mastodon/rootfs/etc/s6.d/streaming/run rename to unmaintained/mastodon/rootfs/etc/s6.d/streaming/run diff --git a/mastodon/rootfs/etc/s6.d/web/run b/unmaintained/mastodon/rootfs/etc/s6.d/web/run similarity index 100% rename from mastodon/rootfs/etc/s6.d/web/run rename to unmaintained/mastodon/rootfs/etc/s6.d/web/run diff --git a/mastodon/rootfs/usr/local/bin/run b/unmaintained/mastodon/rootfs/usr/local/bin/run similarity index 100% rename from mastodon/rootfs/usr/local/bin/run rename to unmaintained/mastodon/rootfs/usr/local/bin/run diff --git a/mastodon/targaryen/app/javascript/images/elephant-friend.png b/unmaintained/mastodon/targaryen/app/javascript/images/elephant-friend.png similarity index 100% rename from mastodon/targaryen/app/javascript/images/elephant-friend.png rename to unmaintained/mastodon/targaryen/app/javascript/images/elephant-friend.png diff --git a/mastodon/targaryen/app/javascript/images/logo.svg b/unmaintained/mastodon/targaryen/app/javascript/images/logo.svg similarity index 100% rename from mastodon/targaryen/app/javascript/images/logo.svg rename to unmaintained/mastodon/targaryen/app/javascript/images/logo.svg diff --git a/mastodon/targaryen/app/javascript/images/logo_alt.svg b/unmaintained/mastodon/targaryen/app/javascript/images/logo_alt.svg similarity index 100% rename from mastodon/targaryen/app/javascript/images/logo_alt.svg rename to unmaintained/mastodon/targaryen/app/javascript/images/logo_alt.svg diff --git a/mastodon/targaryen/app/javascript/images/logo_full.svg b/unmaintained/mastodon/targaryen/app/javascript/images/logo_full.svg similarity index 100% rename from mastodon/targaryen/app/javascript/images/logo_full.svg rename to unmaintained/mastodon/targaryen/app/javascript/images/logo_full.svg diff --git a/mastodon/targaryen/app/javascript/images/mastodon-getting-started.png b/unmaintained/mastodon/targaryen/app/javascript/images/mastodon-getting-started.png similarity index 100% rename from mastodon/targaryen/app/javascript/images/mastodon-getting-started.png rename to unmaintained/mastodon/targaryen/app/javascript/images/mastodon-getting-started.png diff --git a/mastodon/targaryen/app/javascript/images/mastodon-not-found.png b/unmaintained/mastodon/targaryen/app/javascript/images/mastodon-not-found.png similarity index 100% rename from mastodon/targaryen/app/javascript/images/mastodon-not-found.png rename to unmaintained/mastodon/targaryen/app/javascript/images/mastodon-not-found.png diff --git a/mastodon/targaryen/app/javascript/styles/variables.scss b/unmaintained/mastodon/targaryen/app/javascript/styles/variables.scss similarity index 100% rename from mastodon/targaryen/app/javascript/styles/variables.scss rename to unmaintained/mastodon/targaryen/app/javascript/styles/variables.scss diff --git a/mastodon/targaryen/public/android-chrome-192x192.png b/unmaintained/mastodon/targaryen/public/android-chrome-192x192.png similarity index 100% rename from mastodon/targaryen/public/android-chrome-192x192.png rename to unmaintained/mastodon/targaryen/public/android-chrome-192x192.png diff --git a/mastodon/targaryen/public/apple-touch-icon.png b/unmaintained/mastodon/targaryen/public/apple-touch-icon.png similarity index 100% rename from mastodon/targaryen/public/apple-touch-icon.png rename to unmaintained/mastodon/targaryen/public/apple-touch-icon.png diff --git a/mastodon/targaryen/public/avatars/original/missing.png b/unmaintained/mastodon/targaryen/public/avatars/original/missing.png similarity index 100% rename from mastodon/targaryen/public/avatars/original/missing.png rename to unmaintained/mastodon/targaryen/public/avatars/original/missing.png diff --git a/mastodon/targaryen/public/favicon.ico b/unmaintained/mastodon/targaryen/public/favicon.ico similarity index 100% rename from mastodon/targaryen/public/favicon.ico rename to unmaintained/mastodon/targaryen/public/favicon.ico diff --git a/mastodon/targaryen/public/mstile-150x150.png b/unmaintained/mastodon/targaryen/public/mstile-150x150.png similarity index 100% rename from mastodon/targaryen/public/mstile-150x150.png rename to unmaintained/mastodon/targaryen/public/mstile-150x150.png diff --git a/mastodon/targaryen/public/oops.png b/unmaintained/mastodon/targaryen/public/oops.png similarity index 100% rename from mastodon/targaryen/public/oops.png rename to unmaintained/mastodon/targaryen/public/oops.png diff --git a/mastodon/targaryen/targaryen.sh b/unmaintained/mastodon/targaryen/targaryen.sh similarity index 100% rename from mastodon/targaryen/targaryen.sh rename to unmaintained/mastodon/targaryen/targaryen.sh diff --git a/mediawiki/Dockerfile b/unmaintained/mediawiki/Dockerfile similarity index 100% rename from mediawiki/Dockerfile rename to unmaintained/mediawiki/Dockerfile diff --git a/mediawiki/README.md b/unmaintained/mediawiki/README.md similarity index 100% rename from mediawiki/README.md rename to unmaintained/mediawiki/README.md diff --git a/mediawiki/rootfs/nginx/sites-enabled/nginx.conf b/unmaintained/mediawiki/rootfs/nginx/sites-enabled/nginx.conf similarity index 100% rename from mediawiki/rootfs/nginx/sites-enabled/nginx.conf rename to unmaintained/mediawiki/rootfs/nginx/sites-enabled/nginx.conf diff --git a/mediawiki/rootfs/php/conf.d/apcu.ini b/unmaintained/mediawiki/rootfs/php/conf.d/apcu.ini similarity index 100% rename from mediawiki/rootfs/php/conf.d/apcu.ini rename to unmaintained/mediawiki/rootfs/php/conf.d/apcu.ini diff --git a/mediawiki/rootfs/usr/local/bin/run.sh b/unmaintained/mediawiki/rootfs/usr/local/bin/run.sh similarity index 100% rename from mediawiki/rootfs/usr/local/bin/run.sh rename to unmaintained/mediawiki/rootfs/usr/local/bin/run.sh diff --git a/parsoid/Dockerfile b/unmaintained/parsoid/Dockerfile similarity index 100% rename from parsoid/Dockerfile rename to unmaintained/parsoid/Dockerfile diff --git a/parsoid/README.md b/unmaintained/parsoid/README.md similarity index 100% rename from parsoid/README.md rename to unmaintained/parsoid/README.md diff --git a/parsoid/rootfs/etc/s6.d/.s6-svscan/finish b/unmaintained/parsoid/rootfs/etc/s6.d/.s6-svscan/finish similarity index 100% rename from parsoid/rootfs/etc/s6.d/.s6-svscan/finish rename to unmaintained/parsoid/rootfs/etc/s6.d/.s6-svscan/finish diff --git a/parsoid/rootfs/etc/s6.d/parsoid/run b/unmaintained/parsoid/rootfs/etc/s6.d/parsoid/run similarity index 100% rename from parsoid/rootfs/etc/s6.d/parsoid/run rename to unmaintained/parsoid/rootfs/etc/s6.d/parsoid/run diff --git a/parsoid/rootfs/usr/local/bin/run.sh b/unmaintained/parsoid/rootfs/usr/local/bin/run.sh similarity index 100% rename from parsoid/rootfs/usr/local/bin/run.sh rename to unmaintained/parsoid/rootfs/usr/local/bin/run.sh diff --git a/parsoid/rootfs/usr/local/etc/disqus.conf b/unmaintained/parsoid/rootfs/usr/local/etc/disqus.conf similarity index 100% rename from parsoid/rootfs/usr/local/etc/disqus.conf rename to unmaintained/parsoid/rootfs/usr/local/etc/disqus.conf diff --git a/parsoid/rootfs/usr/local/etc/ghost.example.conf b/unmaintained/parsoid/rootfs/usr/local/etc/ghost.example.conf similarity index 100% rename from parsoid/rootfs/usr/local/etc/ghost.example.conf rename to unmaintained/parsoid/rootfs/usr/local/etc/ghost.example.conf diff --git a/parsoid/rootfs/usr/local/etc/isso.conf b/unmaintained/parsoid/rootfs/usr/local/etc/isso.conf similarity index 100% rename from parsoid/rootfs/usr/local/etc/isso.conf rename to unmaintained/parsoid/rootfs/usr/local/etc/isso.conf diff --git a/pgbouncer/Dockerfile b/unmaintained/pgbouncer/Dockerfile similarity index 100% rename from pgbouncer/Dockerfile rename to unmaintained/pgbouncer/Dockerfile diff --git a/pgbouncer/README.md b/unmaintained/pgbouncer/README.md similarity index 100% rename from pgbouncer/README.md rename to unmaintained/pgbouncer/README.md diff --git a/pgbouncer/run.sh b/unmaintained/pgbouncer/run.sh similarity index 100% rename from pgbouncer/run.sh rename to unmaintained/pgbouncer/run.sh diff --git a/reverse/Dockerfile b/unmaintained/reverse/Dockerfile similarity index 99% rename from reverse/Dockerfile rename to unmaintained/reverse/Dockerfile index acc55a2e..23ee1c5d 100644 --- a/reverse/Dockerfile +++ b/unmaintained/reverse/Dockerfile @@ -2,7 +2,7 @@ FROM alpine:3.6 ENV UID=991 GID=991 -ARG NGINX_VERSION=1.13.6 +ARG NGINX_VERSION=1.13.7 ARG OPENSSL_VERSION=1.1.0g ARG GPG_NGINX="B0F4 2533 73F8 F6F5 10D4 2178 520A 9993 A1C0 52F8" ARG BUILD_CORES diff --git a/reverse/README.md b/unmaintained/reverse/README.md similarity index 100% rename from reverse/README.md rename to unmaintained/reverse/README.md diff --git a/reverse/auto_upgrade.sh b/unmaintained/reverse/auto_upgrade.sh similarity index 100% rename from reverse/auto_upgrade.sh rename to unmaintained/reverse/auto_upgrade.sh diff --git a/reverse/docker-compose.yml b/unmaintained/reverse/docker-compose.yml similarity index 100% rename from reverse/docker-compose.yml rename to unmaintained/reverse/docker-compose.yml diff --git a/reverse/rootfs/etc/s6.d/.s6-svscan/finish b/unmaintained/reverse/rootfs/etc/s6.d/.s6-svscan/finish similarity index 100% rename from reverse/rootfs/etc/s6.d/.s6-svscan/finish rename to unmaintained/reverse/rootfs/etc/s6.d/.s6-svscan/finish diff --git a/reverse/rootfs/etc/s6.d/check_certs/run b/unmaintained/reverse/rootfs/etc/s6.d/check_certs/run similarity index 100% rename from reverse/rootfs/etc/s6.d/check_certs/run rename to unmaintained/reverse/rootfs/etc/s6.d/check_certs/run diff --git a/reverse/rootfs/etc/s6.d/nginx/run b/unmaintained/reverse/rootfs/etc/s6.d/nginx/run similarity index 100% rename from reverse/rootfs/etc/s6.d/nginx/run rename to unmaintained/reverse/rootfs/etc/s6.d/nginx/run diff --git a/reverse/rootfs/nginx/conf.d/ct.conf b/unmaintained/reverse/rootfs/nginx/conf.d/ct.conf similarity index 100% rename from reverse/rootfs/nginx/conf.d/ct.conf rename to unmaintained/reverse/rootfs/nginx/conf.d/ct.conf diff --git a/reverse/rootfs/nginx/conf.d/headers.conf b/unmaintained/reverse/rootfs/nginx/conf.d/headers.conf similarity index 100% rename from reverse/rootfs/nginx/conf.d/headers.conf rename to unmaintained/reverse/rootfs/nginx/conf.d/headers.conf diff --git a/reverse/rootfs/nginx/conf.d/hsts.conf b/unmaintained/reverse/rootfs/nginx/conf.d/hsts.conf similarity index 100% rename from reverse/rootfs/nginx/conf.d/hsts.conf rename to unmaintained/reverse/rootfs/nginx/conf.d/hsts.conf diff --git a/reverse/rootfs/nginx/conf.d/ocsp.conf b/unmaintained/reverse/rootfs/nginx/conf.d/ocsp.conf similarity index 100% rename from reverse/rootfs/nginx/conf.d/ocsp.conf rename to unmaintained/reverse/rootfs/nginx/conf.d/ocsp.conf diff --git a/reverse/rootfs/nginx/conf.d/proxy.conf b/unmaintained/reverse/rootfs/nginx/conf.d/proxy.conf similarity index 100% rename from reverse/rootfs/nginx/conf.d/proxy.conf rename to unmaintained/reverse/rootfs/nginx/conf.d/proxy.conf diff --git a/reverse/rootfs/nginx/conf.d/ssl.conf b/unmaintained/reverse/rootfs/nginx/conf.d/ssl.conf similarity index 100% rename from reverse/rootfs/nginx/conf.d/ssl.conf rename to unmaintained/reverse/rootfs/nginx/conf.d/ssl.conf diff --git a/reverse/rootfs/nginx/conf/nginx.conf b/unmaintained/reverse/rootfs/nginx/conf/nginx.conf similarity index 100% rename from reverse/rootfs/nginx/conf/nginx.conf rename to unmaintained/reverse/rootfs/nginx/conf/nginx.conf diff --git a/reverse/rootfs/nginx/path.d/template b/unmaintained/reverse/rootfs/nginx/path.d/template similarity index 100% rename from reverse/rootfs/nginx/path.d/template rename to unmaintained/reverse/rootfs/nginx/path.d/template diff --git a/reverse/rootfs/nginx/path.d/template_auth b/unmaintained/reverse/rootfs/nginx/path.d/template_auth similarity index 100% rename from reverse/rootfs/nginx/path.d/template_auth rename to unmaintained/reverse/rootfs/nginx/path.d/template_auth diff --git a/reverse/rootfs/nginx/sites-enabled/template b/unmaintained/reverse/rootfs/nginx/sites-enabled/template similarity index 100% rename from reverse/rootfs/nginx/sites-enabled/template rename to unmaintained/reverse/rootfs/nginx/sites-enabled/template diff --git a/reverse/rootfs/nginx/sites-enabled/template_ssl b/unmaintained/reverse/rootfs/nginx/sites-enabled/template_ssl similarity index 100% rename from reverse/rootfs/nginx/sites-enabled/template_ssl rename to unmaintained/reverse/rootfs/nginx/sites-enabled/template_ssl diff --git a/reverse/rootfs/nginx/www/letsencrypt b/unmaintained/reverse/rootfs/nginx/www/letsencrypt similarity index 100% rename from reverse/rootfs/nginx/www/letsencrypt rename to unmaintained/reverse/rootfs/nginx/www/letsencrypt diff --git a/reverse/rootfs/usr/local/bin/check_certs b/unmaintained/reverse/rootfs/usr/local/bin/check_certs similarity index 100% rename from reverse/rootfs/usr/local/bin/check_certs rename to unmaintained/reverse/rootfs/usr/local/bin/check_certs diff --git a/reverse/rootfs/usr/local/bin/startup b/unmaintained/reverse/rootfs/usr/local/bin/startup similarity index 100% rename from reverse/rootfs/usr/local/bin/startup rename to unmaintained/reverse/rootfs/usr/local/bin/startup diff --git a/rtorrent-flood/Dockerfile b/unmaintained/rtorrent-flood/Dockerfile similarity index 100% rename from rtorrent-flood/Dockerfile rename to unmaintained/rtorrent-flood/Dockerfile diff --git a/rtorrent-flood/README.md b/unmaintained/rtorrent-flood/README.md similarity index 100% rename from rtorrent-flood/README.md rename to unmaintained/rtorrent-flood/README.md diff --git a/rtorrent-flood/config.js b/unmaintained/rtorrent-flood/config.js similarity index 100% rename from rtorrent-flood/config.js rename to unmaintained/rtorrent-flood/config.js diff --git a/rtorrent-flood/postdl b/unmaintained/rtorrent-flood/postdl similarity index 100% rename from rtorrent-flood/postdl rename to unmaintained/rtorrent-flood/postdl diff --git a/rtorrent-flood/postrm b/unmaintained/rtorrent-flood/postrm similarity index 100% rename from rtorrent-flood/postrm rename to unmaintained/rtorrent-flood/postrm diff --git a/rtorrent-flood/rtorrent.rc b/unmaintained/rtorrent-flood/rtorrent.rc similarity index 100% rename from rtorrent-flood/rtorrent.rc rename to unmaintained/rtorrent-flood/rtorrent.rc diff --git a/rtorrent-flood/run.sh b/unmaintained/rtorrent-flood/run.sh similarity index 100% rename from rtorrent-flood/run.sh rename to unmaintained/rtorrent-flood/run.sh diff --git a/rtorrent-flood/s6.d/.s6-svscan/finish b/unmaintained/rtorrent-flood/s6.d/.s6-svscan/finish similarity index 100% rename from rtorrent-flood/s6.d/.s6-svscan/finish rename to unmaintained/rtorrent-flood/s6.d/.s6-svscan/finish diff --git a/rtorrent-flood/s6.d/flood/run b/unmaintained/rtorrent-flood/s6.d/flood/run similarity index 100% rename from rtorrent-flood/s6.d/flood/run rename to unmaintained/rtorrent-flood/s6.d/flood/run diff --git a/rtorrent-flood/s6.d/rtorrent/run b/unmaintained/rtorrent-flood/s6.d/rtorrent/run similarity index 100% rename from rtorrent-flood/s6.d/rtorrent/run rename to unmaintained/rtorrent-flood/s6.d/rtorrent/run