├── LICENSE ├── README.md ├── alpine-base ├── Dockerfile ├── Dockerfile-aliyun ├── Dockerfile-mini ├── Dockerfile-mini-aliyun ├── README.md └── root │ └── etc │ ├── cont-init.d │ ├── 01-permissions │ ├── 02-zabbix │ ├── 03-cron │ ├── 04-smtp │ └── 99-container-init │ ├── fix-attrs.d │ ├── 02-zabbix │ └── 03-logrotate │ ├── s6 │ └── services │ │ ├── 02-zabbix │ │ └── run │ │ ├── 03-cron │ │ └── run │ │ └── 04-smtp │ │ └── run │ └── zabbix │ ├── zabbix_agentd.conf │ └── zabbix_agentd.conf.d │ ├── .hidden │ ├── container_os.conf │ └── updated_packages.conf ├── bind ├── Dockerfile ├── README.md └── root │ └── etc │ ├── bind │ ├── README │ ├── default-zones │ │ ├── db.0 │ │ ├── db.127 │ │ ├── db.255 │ │ ├── db.empty │ │ ├── db.local │ │ └── db.root │ ├── example-configs │ │ ├── README │ │ ├── authoritative │ │ │ └── named.conf.options │ │ └── recursive-resolver │ │ │ └── named.conf.options │ ├── named.conf │ ├── named.conf.default-zones │ ├── named.conf.local │ ├── named.conf.options │ └── named.conf.rfc1918 │ └── s6 │ └── services │ └── 33-bind │ └── run ├── dnsmasq ├── Dockerfile ├── README.md └── root │ └── etc │ ├── dnsmasq.conf │ └── s6 │ └── services │ └── 31-webproc │ └── run ├── glibc ├── Dockerfile └── Dockerfile-mini ├── mariadb ├── Dockerfile └── root │ ├── etc │ ├── mysql │ │ └── my.cnf │ ├── s6 │ │ └── services │ │ │ └── 10-mariadb │ │ │ └── run │ └── zabbix │ │ ├── .my.cnf │ │ └── zabbix_agentd.conf.d │ │ └── mysql.conf │ └── tmp │ └── install.sh ├── memcached ├── Dockerfile └── root │ └── etc │ ├── s6 │ └── services │ │ └── 10-memcached │ │ └── run │ └── zabbix │ └── zabbix_agentd.conf.d │ └── memcached.conf ├── nginx-php ├── 5.6 │ ├── Dockerfile │ └── root │ │ ├── assets │ │ └── maintenance │ │ │ └── maintenance.html │ │ ├── etc │ │ ├── cont-init.d │ │ │ ├── 09-nginx │ │ │ └── 20-php-fpm │ │ ├── logrotate.d │ │ │ ├── nginx │ │ │ └── php-fpm7 │ │ ├── nginx │ │ │ ├── conf.d │ │ │ │ ├── default.conf │ │ │ │ ├── default.llng │ │ │ │ └── maintenance.conf.maint │ │ │ └── nginx.conf │ │ ├── php5 │ │ │ ├── conf.d │ │ │ │ ├── apcu.ini │ │ │ │ └── opcache.ini │ │ │ ├── php-fpm.conf │ │ │ └── php.ini │ │ ├── s6 │ │ │ └── services │ │ │ │ ├── 10-nginx │ │ │ │ └── run │ │ │ │ └── 20-php-fpm │ │ │ │ └── run │ │ └── zabbix │ │ │ └── zabbix_agentd.conf.d │ │ │ ├── nginx-status.conf │ │ │ ├── php-fpm-params.conf │ │ │ ├── php-opcache-check.conf │ │ │ ├── php │ │ │ └── php-opcache-check.php │ │ │ └── scripts │ │ │ ├── nginx-status.sh │ │ │ └── php-fpm-check.sh │ │ ├── tmp │ │ └── install.sh │ │ └── usr │ │ └── sbin │ │ └── maintenance └── 7.1 │ ├── Dockerfile │ └── root │ ├── assets │ └── maintenance │ │ └── maintenance.html │ ├── etc │ ├── cont-init.d │ │ ├── 08-hosts │ │ ├── 09-nginx │ │ └── 20-php-fpm │ ├── logrotate.d │ │ ├── nginx │ │ └── php-fpm7 │ ├── nginx │ │ ├── conf.d │ │ │ ├── default.conf │ │ │ ├── default.llng │ │ │ └── maintenance.conf.maint │ │ └── nginx.conf │ ├── php7 │ │ ├── conf.d │ │ │ ├── 00_opcache.ini │ │ │ └── apcu.ini │ │ ├── php-fpm.conf │ │ └── php.ini │ ├── s6 │ │ └── services │ │ │ ├── 10-nginx │ │ │ └── run │ │ │ └── 20-php-fpm │ │ │ └── run │ └── zabbix │ │ └── zabbix_agentd.conf.d │ │ ├── nginx-status.conf │ │ ├── php-fpm-params.conf │ │ ├── php-opcache-check.conf │ │ ├── php │ │ └── php-opcache-check.php │ │ └── scripts │ │ ├── nginx-status.sh │ │ └── php-fpm-check.sh │ └── usr │ └── sbin │ └── maintenance ├── nginx ├── Dockerfile └── root │ ├── assets │ └── maintenance │ │ └── maintenance.html │ ├── etc │ ├── cont-init.d │ │ └── 09-nginx │ ├── logrotate.d │ │ └── nginx │ ├── nginx │ │ ├── conf.d │ │ │ ├── default.conf │ │ │ ├── default.llng │ │ │ └── maintenance.conf.maint │ │ └── nginx.conf │ ├── s6 │ │ └── services │ │ │ └── 10-nginx │ │ │ └── run │ └── zabbix │ │ └── zabbix_agentd.conf.d │ │ ├── nginx-status.conf │ │ └── scripts │ │ └── nginx-status.sh │ └── usr │ └── sbin │ └── maintenance ├── openjdk ├── 7 │ └── Dockerfile └── 8 │ └── Dockerfile ├── openssh ├── Dockerfile ├── README.md └── root │ └── etc │ └── s6 │ └── services │ └── 30-sshd │ └── run ├── oraclejdk └── 8 │ ├── Dockerfile │ └── Dockerfile-test ├── php ├── 5.6 │ ├── Dockerfile │ └── root │ │ ├── assets │ │ └── maintenance │ │ │ └── maintenance.html │ │ ├── etc │ │ ├── cont-init.d │ │ │ ├── 09-nginx │ │ │ └── 20-php-fpm │ │ ├── logrotate.d │ │ │ ├── nginx │ │ │ └── php-fpm7 │ │ ├── nginx │ │ │ ├── conf.d │ │ │ │ ├── default.conf │ │ │ │ ├── default.llng │ │ │ │ └── maintenance.conf.maint │ │ │ └── nginx.conf │ │ ├── php5 │ │ │ ├── conf.d │ │ │ │ ├── apcu.ini │ │ │ │ └── opcache.ini │ │ │ ├── php-fpm.conf │ │ │ └── php.ini │ │ ├── s6 │ │ │ └── services │ │ │ │ ├── 10-nginx │ │ │ │ └── run │ │ │ │ └── 20-php-fpm │ │ │ │ └── run │ │ └── zabbix │ │ │ └── zabbix_agentd.conf.d │ │ │ ├── nginx-status.conf │ │ │ ├── php-fpm-params.conf │ │ │ ├── php-opcache-check.conf │ │ │ ├── php │ │ │ └── php-opcache-check.php │ │ │ └── scripts │ │ │ ├── nginx-status.sh │ │ │ └── php-fpm-check.sh │ │ ├── tmp │ │ └── install.sh │ │ └── usr │ │ └── sbin │ │ └── maintenance └── 7.1 │ ├── Dockerfile │ └── root │ ├── assets │ └── maintenance │ │ └── maintenance.html │ ├── etc │ ├── cont-init.d │ │ └── 20-php-fpm │ ├── logrotate.d │ │ └── php-fpm7 │ ├── php7 │ │ ├── conf.d │ │ │ ├── 00_opcache.ini │ │ │ └── apcu.ini │ │ ├── php-fpm.conf │ │ └── php.ini │ ├── s6 │ │ └── services │ │ │ └── 20-php-fpm │ │ │ └── run │ └── zabbix │ │ └── zabbix_agentd.conf.d │ │ ├── php-fpm-params.conf │ │ ├── php-opcache-check.conf │ │ ├── php │ │ └── php-opcache-check.php │ │ └── scripts │ │ ├── nginx-status.sh │ │ └── php-fpm-check.sh │ └── usr │ └── sbin │ └── maintenance ├── redis ├── 3 │ ├── Dockerfile │ └── root │ │ └── etc │ │ ├── s6 │ │ └── services │ │ │ └── 10-redis │ │ │ └── run │ │ └── zabbix │ │ └── zabbix_agentd.conf.d │ │ ├── redis.conf │ │ └── scripts │ │ └── redis-discovery.sh └── 4 │ ├── Dockerfile │ └── root │ └── etc │ ├── s6 │ └── services │ │ └── 10-redis │ │ └── run │ └── zabbix │ └── zabbix_agentd.conf.d │ ├── redis.conf │ └── scripts │ └── redis-discovery.sh ├── tomcat ├── 7 │ ├── Dockerfile │ └── root │ │ └── etc │ │ ├── cont-init.d │ │ └── 10-tomcat │ │ └── s6 │ │ └── services │ │ └── 10-tomcat │ │ └── run ├── 8 │ ├── Dockerfile │ └── root │ │ └── etc │ │ ├── cont-init.d │ │ └── 10-tomcat │ │ └── s6 │ │ └── services │ │ └── 10-tomcat │ │ └── run └── 9 │ ├── Dockerfile │ └── root │ └── etc │ ├── cont-init.d │ └── 10-tomcat │ └── s6 │ └── services │ └── 10-tomcat │ └── run ├── unbound ├── Dockerfile └── root │ └── etc │ ├── cont-init.d │ └── 10-unbound │ ├── s6 │ └── services │ │ └── 10-unbound │ │ └── run │ └── unbound │ └── unbound.conf ├── varnish ├── Dockerfile ├── README.md └── root │ └── etc │ ├── s6 │ └── services │ │ └── 35-varnish │ │ └── run │ └── varnish │ └── default.vcl └── zabbix ├── agentd ├── Dockerfile ├── Dockerfile-aliyun ├── agent-install.sh └── root │ └── etc │ ├── cont-init.d │ ├── 01-permissions │ ├── 02-zabbix │ ├── 03-cron │ ├── 04-smtp │ └── 99-container-init │ ├── fix-attrs.d │ ├── 02-zabbix │ └── 03-logrotate │ ├── s6 │ └── services │ │ ├── 02-zabbix │ │ └── run │ │ ├── 03-cron │ │ └── run │ │ └── 04-smtp │ │ └── run │ └── zabbix │ ├── zabbix_agentd.conf │ └── zabbix_agentd.conf.d │ ├── .hidden │ ├── container_os.conf │ └── updated_packages.conf ├── mysql ├── Dockerfile └── root │ ├── etc │ ├── mysql │ │ └── my.cnf │ └── zabbix │ │ ├── .my.cnf │ │ └── zabbix_agentd.conf.d │ │ ├── .hidden │ │ └── mysql.conf │ └── mysql │ ├── startup.sh │ └── zabbix.sql └── server ├── Dockerfile ├── Dockerfile-mini └── root ├── etc └── zabbix │ ├── .my.cnf │ └── zabbix_server.conf └── zabbix ├── install.sh ├── msyh.ttf ├── startup.sh └── zabbix.conf.php /LICENSE: -------------------------------------------------------------------------------- 1 | MIT License 2 | 3 | Copyright (c) 2018 aqzt 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. 22 | -------------------------------------------------------------------------------- /alpine-base/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM alpine:3.7 2 | LABEL maintainer="ppabc (ppabc@qq.com)" 3 | 4 | ### Set Defaults 5 | ARG S6_OVERLAY_VERSION=v1.21.2.2 6 | ENV DEBUG_MODE=FALSE \ 7 | ENABLE_CRON=FALSE \ 8 | ENABLE_SMTP=FALSE \ 9 | ENABLE_ZABBIX=TRUE \ 10 | ENABLE_ZABBIX_AGENT_ACTIVE=TRUE 11 | 12 | ### Add Zabbix User First 13 | RUN set -x ; \ 14 | addgroup -g 10050 zabbix ; \ 15 | adduser -S -D -H -h /dev/null -s /sbin/nologin -G zabbix -u 10050 zabbix ;\ 16 | 17 | ### Install MailHog 18 | apk --no-cache add --virtual mailhog-build-dependencies \ 19 | go \ 20 | git \ 21 | musl-dev \ 22 | ; \ 23 | mkdir -p /usr/src/gocode ; \ 24 | export GOPATH=/usr/src/gocode ; \ 25 | go get github.com/mailhog/MailHog ; \ 26 | go get github.com/mailhog/mhsendmail ; \ 27 | mv /usr/src/gocode/bin/MailHog /usr/local/bin ; \ 28 | mv /usr/src/gocode/bin/mhsendmail /usr/local/bin ; \ 29 | rm -rf /usr/src/gocode ; \ 30 | apk del --purge mailhog-build-dependencies ; \ 31 | adduser -S -D -H -h /dev/null -u 1025 mailhog ; \ 32 | 33 | ### Add Core Utils 34 | apk --no-cache upgrade ; \ 35 | apk --no-cache add \ 36 | bash \ 37 | curl \ 38 | grep \ 39 | less \ 40 | logrotate \ 41 | msmtp \ 42 | nano \ 43 | sudo \ 44 | tzdata \ 45 | vim \ 46 | zabbix-agent \ 47 | zabbix-utils \ 48 | ; \ 49 | rm -rf /var/cache/apk/* ; \ 50 | rm -rf /etc/logrotate.d/acpid ; \ 51 | cp -R /usr/share/zoneinfo/Asia/Shanghai /etc/localtime ; \ 52 | echo 'Asia/Shanghai' > /etc/timezone ; \ 53 | echo '%zabbix ALL=(ALL) NOPASSWD:ALL' >> /etc/sudoers ; \ 54 | 55 | ### S6 Installation 56 | curl -sSL https://github.com/just-containers/s6-overlay/releases/download/${S6_OVERLAY_VERSION}/s6-overlay-amd64.tar.gz | tar xfz - -C / ; \ 57 | 58 | ### Add Folders 59 | mkdir -p /assets/cron 60 | 61 | ADD root / 62 | 63 | ### Networking Configuration 64 | EXPOSE 1025 8025 10050/TCP 65 | 66 | ### Entrypoint Configuration 67 | ENTRYPOINT ["/init"] 68 | -------------------------------------------------------------------------------- /alpine-base/Dockerfile-aliyun: -------------------------------------------------------------------------------- 1 | FROM alpine:3.7 2 | LABEL maintainer="ppabc (ppabc@qq.com)" 3 | RUN echo "https://mirrors.aliyun.com/alpine/v3.7/main" > /etc/apk/repositories 4 | RUN echo "https://mirrors.aliyun.com/alpine/v3.7/community" >> /etc/apk/repositories 5 | 6 | ### Set Defaults 7 | ARG S6_OVERLAY_VERSION=v1.21.2.2 8 | ENV DEBUG_MODE=FALSE \ 9 | ENABLE_CRON=FALSE \ 10 | ENABLE_SMTP=FALSE \ 11 | ENABLE_ZABBIX=TRUE \ 12 | ENABLE_ZABBIX_AGENT_ACTIVE=TRUE 13 | 14 | ### Add Zabbix User First 15 | RUN set -x ; \ 16 | addgroup -g 10050 zabbix ; \ 17 | adduser -S -D -H -h /dev/null -s /sbin/nologin -G zabbix -u 10050 zabbix ;\ 18 | 19 | ### Install MailHog 20 | apk --no-cache add --virtual mailhog-build-dependencies \ 21 | go \ 22 | git \ 23 | musl-dev \ 24 | ; \ 25 | mkdir -p /usr/src/gocode ; \ 26 | export GOPATH=/usr/src/gocode ; \ 27 | go get github.com/mailhog/MailHog ; \ 28 | go get github.com/mailhog/mhsendmail ; \ 29 | mv /usr/src/gocode/bin/MailHog /usr/local/bin ; \ 30 | mv /usr/src/gocode/bin/mhsendmail /usr/local/bin ; \ 31 | rm -rf /usr/src/gocode ; \ 32 | apk del --purge mailhog-build-dependencies ; \ 33 | adduser -S -D -H -h /dev/null -u 1025 mailhog ; \ 34 | 35 | ### Add Core Utils 36 | apk --no-cache upgrade ; \ 37 | apk --no-cache add \ 38 | bash \ 39 | curl \ 40 | grep \ 41 | less \ 42 | logrotate \ 43 | msmtp \ 44 | nano \ 45 | sudo \ 46 | tzdata \ 47 | vim \ 48 | zabbix-agent \ 49 | zabbix-utils \ 50 | ; \ 51 | rm -rf /var/cache/apk/* ; \ 52 | rm -rf /etc/logrotate.d/acpid ; \ 53 | cp -R /usr/share/zoneinfo/Asia/Shanghai /etc/localtime ; \ 54 | echo 'Asia/Shanghai' > /etc/timezone ; \ 55 | echo '%zabbix ALL=(ALL) NOPASSWD:ALL' >> /etc/sudoers ; \ 56 | 57 | ### S6 Installation 58 | curl -sSL https://github.com/just-containers/s6-overlay/releases/download/${S6_OVERLAY_VERSION}/s6-overlay-amd64.tar.gz | tar xfz - -C / ; \ 59 | 60 | ### Add Folders 61 | mkdir -p /assets/cron 62 | 63 | ADD root / 64 | 65 | ### Networking Configuration 66 | EXPOSE 1025 8025 10050/TCP 67 | 68 | ### Entrypoint Configuration 69 | ENTRYPOINT ["/init"] 70 | -------------------------------------------------------------------------------- /alpine-base/Dockerfile-mini: -------------------------------------------------------------------------------- 1 | FROM alpine:3.7 2 | LABEL maintainer="ppabc (ppabc@qq.com)" 3 | 4 | RUN set -x ; \ 5 | addgroup -g 10050 zabbix ; \ 6 | adduser -S -D -H -h /dev/null -s /sbin/nologin -G zabbix -u 10050 zabbix ;\ 7 | 8 | 9 | apk --no-cache upgrade ; \ 10 | apk --no-cache add \ 11 | bash \ 12 | curl \ 13 | grep \ 14 | less \ 15 | sudo \ 16 | tzdata \ 17 | ; \ 18 | rm -rf /var/cache/apk/* ; \ 19 | rm -rf /etc/logrotate.d/acpid ; \ 20 | cp -R /usr/share/zoneinfo/Asia/Shanghai /etc/localtime ; \ 21 | echo 'Asia/Shanghai' > /etc/timezone ; \ 22 | echo '%zabbix ALL=(ALL) NOPASSWD:ALL' >> /etc/sudoers ; \ 23 | -------------------------------------------------------------------------------- /alpine-base/Dockerfile-mini-aliyun: -------------------------------------------------------------------------------- 1 | FROM alpine:3.7 2 | LABEL maintainer="ppabc (ppabc@qq.com)" 3 | 4 | RUN echo "https://mirrors.aliyun.com/alpine/v3.7/main" > /etc/apk/repositories 5 | RUN echo "https://mirrors.aliyun.com/alpine/v3.7/community" >> /etc/apk/repositories 6 | 7 | RUN set -x ; \ 8 | addgroup -g 10050 zabbix ; \ 9 | adduser -S -D -H -h /dev/null -s /sbin/nologin -G zabbix -u 10050 zabbix ;\ 10 | 11 | 12 | apk --no-cache upgrade ; \ 13 | apk --no-cache add \ 14 | bash \ 15 | curl \ 16 | grep \ 17 | less \ 18 | sudo \ 19 | tzdata \ 20 | ; \ 21 | rm -rf /var/cache/apk/* ; \ 22 | rm -rf /etc/logrotate.d/acpid ; \ 23 | cp -R /usr/share/zoneinfo/Asia/Shanghai /etc/localtime ; \ 24 | echo 'Asia/Shanghai' > /etc/timezone ; \ 25 | echo '%zabbix ALL=(ALL) NOPASSWD:ALL' >> /etc/sudoers ; \ 26 | -------------------------------------------------------------------------------- /alpine-base/root/etc/cont-init.d/02-zabbix: -------------------------------------------------------------------------------- 1 | #!/usr/bin/with-contenv bash 2 | 3 | ###Get the container IP 4 | DOCKER_IP=$(ip a|grep "inet "|awk -F" " '{print $2}'|awk -F"/" '{print $1}'|egrep "^172" |head -n 1) 5 | 6 | ### Set Defaults 7 | ENABLE_ZABBIX=${ENABLE_ZABBIX:-"TRUE"} 8 | ZABBIX_LOGFILE=${ZABBIX_LOGFILE:-"/var/log/zabbix/zabbix_agentd.log"} 9 | ZABBIX_LOGFILESIZE=${ZABBIX_LOGFILESIZE:-"1"} 10 | ZABBIX_DEBUGLEVEL=${ZABBIX_DEBUGLEVEL:-"1"} 11 | ZABBIX_REMOTECOMMANDS=${ZABBIX_REMOTECOMMANDS:-"1"} 12 | ZABBIX_REMOTECOMMANDS_LOG=${ZABBIX_REMOTECOMMANDS_LOG:-"1"} 13 | ZABBIX_SERVER=${ZABBIX_SERVER:-"0.0.0.0/0"} 14 | ZABBIX_LISTEN_PORT=${ZABBIX_LISTEN_PORT:-"10050"} 15 | ZABBIX_LISTEN_IP=${ZABBIX_LISTEN_IP:-"0.0.0.0"} 16 | ZABBIX_START_AGENTS=${ZABBIX_START_AGENTS:-"0"} 17 | ZABBIX_SERVER_ACTIVE=${ZABBIX_SERVER_ACTIVE:-"zabbix-proxy"} 18 | ZABBIX_HOSTNAME=${ZABBIX_HOSTNAME:-"$DOCKER_IP-$(hostname)"} 19 | ZABBIX_REFRESH_ACTIVE_CHECKS=${ZABBIX_REFRESH_ACTIVE_CHECKS:-"120"} 20 | ZABBIX_BUFFER_SEND=${ZABBIX_BUFFER_SEND:-"5"} 21 | ZABBIX_BUFFER_SIZE=${ZABBIX_BUFFER_SIZE:-"100"} 22 | ZABBIX_MAXLINES_SECOND=${ZABBIX_MAXLINES_SECOND:-"20"} 23 | ZABBIX_ALLOW_ROOT=${ZABBIX_ALLOW_ROOT:-"1"} 24 | ZABBIX_USER=${ZABBIX_USER:-"zabbix"} 25 | ZABBIX_TIMEOUT=${ZABBIX_TIMEOUT:-"30"} 26 | ZABBIX_UNSAFEUSERPARAMETERS=${ZABBIX_UNSAFEUSERPARAMETERS:-"1"} 27 | 28 | ### Debug Mode 29 | if [ "$DEBUG_MODE" = "TRUE" ] || [ "$DEBUG_MODE" = "true" ]; then 30 | ZABBIX_DEBUGLEVEL=4 31 | fi 32 | 33 | ### ENABLE_ZABBIX_AGENT_ACTIVE 34 | if [ "$ENABLE_ZABBIX_AGENT_ACTIVE" = "TRUE" ] || [ "$ENABLE_ZABBIX_AGENT_ACTIVE" = "true" ]; then 35 | if [ ! -f /tmp/zabbix_agentd_pid.log ]; then 36 | echo "Timeout=" >> /etc/zabbix/zabbix_agentd.conf 37 | echo "UnsafeUserParameters=" >> /etc/zabbix/zabbix_agentd.conf 38 | echo "HostMetadataItem=system.uname" >> /etc/zabbix/zabbix_agentd.conf 39 | > /tmp/zabbix_agentd_pid.log 40 | fi 41 | fi 42 | 43 | ### Check to see if Enabled/Disabled 44 | if [ "$ENABLE_ZABBIX" = "TRUE" ] || [ "$ENABLE_ZABBIX" = "true" ]; then 45 | sed -i -e "s||$ZABBIX_LOGFILE|g" /etc/zabbix/zabbix_agentd.conf 46 | sed -i -e "s//$ZABBIX_LOGFILESIZE/g" /etc/zabbix/zabbix_agentd.conf 47 | sed -i -e "s//$ZABBIX_DEBUGLEVEL/g" /etc/zabbix/zabbix_agentd.conf 48 | sed -i -e "s//$ZABBIX_REMOTECOMMANDS/g" /etc/zabbix/zabbix_agentd.conf 49 | sed -i -e "s//$ZABBIX_REMOTECOMMANDS_LOG/g" /etc/zabbix/zabbix_agentd.conf 50 | sed -i -e "s||$ZABBIX_SERVER|g" /etc/zabbix/zabbix_agentd.conf 51 | sed -i -e "s//$ZABBIX_LISTEN_PORT/g" /etc/zabbix/zabbix_agentd.conf 52 | sed -i -e "s//$ZABBIX_LISTEN_IP/g" /etc/zabbix/zabbix_agentd.conf 53 | sed -i -e "s//$ZABBIX_START_AGENTS/g" /etc/zabbix/zabbix_agentd.conf 54 | sed -i -e "s//$ZABBIX_SERVER_ACTIVE/g" /etc/zabbix/zabbix_agentd.conf 55 | sed -i -e "s//$ZABBIX_HOSTNAME/g" /etc/zabbix/zabbix_agentd.conf 56 | sed -i -e "s//$ZABBIX_REFRESH_ACTIVE_CHECKS/g" /etc/zabbix/zabbix_agentd.conf 57 | sed -i -e "s//$ZABBIX_BUFFER_SEND/g" /etc/zabbix/zabbix_agentd.conf 58 | sed -i -e "s//$ZABBIX_BUFFER_SIZE/g" /etc/zabbix/zabbix_agentd.conf 59 | sed -i -e "s//$ZABBIX_MAXLINES_SECOND/g" /etc/zabbix/zabbix_agentd.conf 60 | sed -i -e "s//$ZABBIX_ALLOW_ROOT/g" /etc/zabbix/zabbix_agentd.conf 61 | sed -i -e "s//$ZABBIX_USER/g" /etc/zabbix/zabbix_agentd.conf 62 | sed -i -e "s//$ZABBIX_TIMEOUT/g" /etc/zabbix/zabbix_agentd.conf 63 | sed -i -e "s//$ZABBIX_UNSAFEUSERPARAMETERS/g" /etc/zabbix/zabbix_agentd.conf 64 | 65 | mkdir -p ${ZABBIX_LOGFILE%/*} 66 | chown -R $ZABBIX_USER ${ZABBIX_LOGFILE%/*} 67 | chown -R $ZABBIX_USER /etc/zabbix/ 68 | else 69 | echo "**** [zabbix] Disabling Zabbix" 70 | s6-svc -d /var/run/s6/services/`basename $0` 71 | fi 72 | 73 | mkdir -p /tmp/state 74 | touch /tmp/state/`basename $0`-init 75 | -------------------------------------------------------------------------------- /alpine-base/root/etc/cont-init.d/03-cron: -------------------------------------------------------------------------------- 1 | #!/usr/bin/with-contenv bash 2 | 3 | ### Set Defaults 4 | ENABLE_CRON=${ENABLE_CRON:-"TRUE"} 5 | 6 | ### Check to see if Enabled/Disabled 7 | if [ "$ENABLE_CRON" = "FALSE" ] || [ "$ENABLE_CRON" = "false" ]; then 8 | echo "**** [cron] Disabling Cron" 9 | s6-svc -d /var/run/s6/services/`basename $0` 10 | else 11 | echo "**** [cron] Enabling Cron" 12 | fi 13 | 14 | mkdir -p /tmp/state 15 | touch /tmp/state/`basename $0`-init 16 | -------------------------------------------------------------------------------- /alpine-base/root/etc/cont-init.d/04-smtp: -------------------------------------------------------------------------------- 1 | #!/usr/bin/with-contenv bash 2 | 3 | s6-svc -d /var/run/s6/services/`basename $0` 4 | DEBUG_SMTP=${DEBUG_SMTP:-"FALSE"} 5 | ENABLE_SMTP=${ENABLE_SMTP:-"TRUE"} 6 | SMTP_HOST=${SMTP_HOST:-"postfix-relay"} 7 | SMTP_PORT=${SMTP_PORT:-"25"} 8 | SMTP_DOMAIN=${SMTP_DOMAIN:-"docker"} 9 | SMTP_MAILDOMAIN=${SMTP_MAILDOMAIN:-"example.org"} 10 | SMTP_TLS=${SMTP_TLS:-"off"} 11 | SMTP_STARTTLS=${SMTP_STARTTLS:-"off"} 12 | SMTP_SMTP_TLSCERTCHECK=${SMTP_TLSCERTCHECK:-"off"} 13 | DEBUG_SMTP=${DEBUG_SMTP:-"FALSE"} 14 | 15 | ### Debug Mode - Enable MailHog 16 | if [ "$DEBUG_SMTP" = "TRUE" ] || [ "$DEBUG_SMTP" = "true" ] || [ "$DEBUG_MODE" = "true" ] || [ "$DEBUG_MODE" = "TRUE" ]; then 17 | ENABLE_SMTP=FALSE 18 | 19 | case "SMTP_HOST" in 20 | "postfix-relay") 21 | SMTP_HOST=localhost 22 | ;; 23 | "mailcatcher") 24 | echo '' 25 | ;; 26 | esac 27 | 28 | echo '### Automatically Generated on Container Start. See Documentation on how to set!' >/etc/msmtp 29 | echo 'account default ' >>/etc/msmtp 30 | echo 'host '$SMTP_HOST >>/etc/msmtp 31 | echo 'port 1025' >>/etc/msmtp 32 | echo 'domain ' $SMTP_DOMAIN >>/etc/msmtp 33 | echo 'maildomain ' $SMTP_MAILDOMAIN >>/etc/msmtp 34 | echo 'tls '$SMTP_TLS >>/etc/msmtp 35 | echo 'tls_starttls '$SMTP_STARTTLS >>/etc/msmtp 36 | echo 'tls_certcheck '$SMTP_TLSCERTCHECK >>/etc/msmtp 37 | 38 | rm -f /usr/sbin/sendmail 39 | ln -s /usr/bin/msmtp /usr/sbin/sendmail 40 | 41 | s6-svc -u /var/run/s6/services/`basename $0` 42 | echo '**** [smtp] [debug] SMTP Mailcatcher Enabled at Port 1025, Visit http://127.0.0.1:8025 for Web Interface' 43 | fi 44 | 45 | ### Enable or Disable SMTP 46 | if [ "$ENABLE_SMTP" = "TRUE" ] || [ "$ENABLE_SMTP" = "true" ]; then 47 | 48 | rm -f /usr/sbin/sendmail 49 | ln -s /usr/bin/msmtp /usr/sbin/sendmail 50 | 51 | echo '### Automatically Generated on Container Start. See Documentation on how to set!' >/etc/msmtp 52 | echo 'account default ' >>/etc/msmtp 53 | echo 'host ' $SMTP_HOST >>/etc/msmtp 54 | echo 'port ' $SMTP_PORT >>/etc/msmtp 55 | echo 'domain ' $SMTP_DOMAIN >>/etc/msmtp 56 | echo 'maildomain ' $SMTP_MAILDOMAIN >>/etc/msmtp 57 | if [ -n "$SMTP_AUTHENTICATION" ]; then echo 'auth '$SMTP_AUTHENTICATION >>/etc/msmtp; fi 58 | if [ -n "$SMTP_USER" ]; then echo 'user '$SMTP_USER >>/etc/msmtp; fi 59 | if [ -n "$SMTP_PASS" ]; then echo 'password '$SMTP_PASS >>/etc/msmtp; fi 60 | echo 'tls '$SMTP_TLS >>/etc/msmtp 61 | echo 'tls_starttls '$SMTP_STARTTLS >>/etc/msmtp 62 | echo 'tls_certcheck '$SMTP_TLSCERTCHECK >>/etc/msmtp 63 | 64 | export ENABLE_SMTP=TRUE 65 | echo '**** [smtp] Sendmail replaced and enabled to route mail to: '$SMTP_HOST 66 | else 67 | echo '**** [smtp] Disabling SMTP Features' 68 | fi 69 | 70 | mkdir -p /tmp/state 71 | touch /tmp/state/`basename $0`-init 72 | -------------------------------------------------------------------------------- /alpine-base/root/etc/cont-init.d/99-container-init: -------------------------------------------------------------------------------- 1 | #!/usr/bin/with-contenv bash 2 | 3 | ### Timezone Setup 4 | if [ -n "$TIMEZONE" ]; then 5 | set_timezone () { 6 | if [ -f /usr/share/zoneinfo/$TIMEZONE ]; then 7 | echo "**** [timezone] Setting timezone to $TIMEZONE" 8 | cp -R /usr/share/zoneinfo/$1 /etc/localtime 9 | echo $1 > /etc/timezone 10 | else 11 | echo "**** [timezone] ERROR: Timezone $TIMEZONE does not exist - Skipping.." 12 | fi 13 | } 14 | 15 | if [ ! -d /usr/share/zoneinfo ]; then 16 | apk add --update tzdata 17 | set_timezone $TIMEZONE 18 | apk del tzdata 19 | rm -rf /var/cache/apk/* 20 | else 21 | set_timezone $TIMEZONE 22 | fi 23 | fi 24 | 25 | 26 | mkdir -p /tmp/state 27 | touch /tmp/state/99-container-init 28 | -------------------------------------------------------------------------------- /alpine-base/root/etc/fix-attrs.d/02-zabbix: -------------------------------------------------------------------------------- 1 | /etc/zabbix/ true zabbix 0755 0755 2 | -------------------------------------------------------------------------------- /alpine-base/root/etc/fix-attrs.d/03-logrotate: -------------------------------------------------------------------------------- 1 | /etc/logrotate.d true root 0644 0644 2 | -------------------------------------------------------------------------------- /alpine-base/root/etc/s6/services/02-zabbix/run: -------------------------------------------------------------------------------- 1 | #!/usr/bin/with-contenv bash 2 | 3 | while [ ! -f /tmp/state/99-container-init ] 4 | do 5 | sleep 1 6 | done 7 | 8 | ### Start Zabbix 9 | echo '' 10 | echo '** [zabbix] Starting Zabbix Agent' 11 | 12 | exec s6-setuidgid zabbix zabbix_agentd -f >/dev/null 2>&1; 13 | -------------------------------------------------------------------------------- /alpine-base/root/etc/s6/services/03-cron/run: -------------------------------------------------------------------------------- 1 | #!/usr/bin/with-contenv bash 2 | 3 | while [ ! -f /tmp/state/99-container-init ] 4 | do 5 | sleep 1 6 | done 7 | 8 | if [ ! -f /tmp/state/`basename $0` ]; then 9 | echo ' ' 10 | sleep 60 11 | echo '59 23 * * * logrotate -f /etc/logrotate.d/* >/dev/null 2>&1' >>/assets/cron/crontab.txt 12 | mkdir -p /tmp/state/ 13 | echo 'Initialization Complete' >/tmp/state/`basename $0` 14 | fi 15 | 16 | echo '** [cron] Starting cron' 17 | 18 | if [ -d /assets/cron-custom ]; then 19 | echo '** [cron] Found Custom Crontab - Merging' 20 | cat /assets/cron-custom/* >>/assets/cron/crontab.txt 21 | fi 22 | 23 | /usr/bin/crontab /assets/cron/crontab.txt 24 | exec /usr/sbin/crond -f -l 8 >/dev/null 2>&1; 25 | -------------------------------------------------------------------------------- /alpine-base/root/etc/s6/services/04-smtp/run: -------------------------------------------------------------------------------- 1 | #!/usr/bin/with-contenv bash 2 | 3 | while [ ! -f /tmp/state/99-container-init ] 4 | do 5 | sleep 1 6 | done 7 | 8 | if [[ "$DEBUG_SMTP" = "TRUE" ]] || [[ "$DEBUG_SMTP" = "true" ]] || [[ "$DEBUG_MODE" = "true" ]] || [[ "$DEBUG_MODE" = "TRUE" ]]; then 9 | exec s6-setuidgid mailhog MailHog; 10 | fi 11 | -------------------------------------------------------------------------------- /alpine-base/root/etc/zabbix/zabbix_agentd.conf: -------------------------------------------------------------------------------- 1 | LogFile= 2 | LogFileSize= 3 | DebugLevel= 4 | EnableRemoteCommands= 5 | LogRemoteCommands= 6 | Server= 7 | ListenPort= 8 | ListenIP= 9 | StartAgents= 10 | ServerActive= 11 | Hostname= 12 | RefreshActiveChecks= 13 | BufferSend= 14 | BufferSize= 15 | MaxLinesPerSecond= 16 | AllowRoot= 17 | User= 18 | Include=/etc/zabbix/zabbix_agentd.conf.d/*.conf 19 | -------------------------------------------------------------------------------- /alpine-base/root/etc/zabbix/zabbix_agentd.conf.d/.hidden: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aqzt/docker-alpine/6495a41fcdba25db9f2b159d02eafcd8b52246dd/alpine-base/root/etc/zabbix/zabbix_agentd.conf.d/.hidden -------------------------------------------------------------------------------- /alpine-base/root/etc/zabbix/zabbix_agentd.conf.d/container_os.conf: -------------------------------------------------------------------------------- 1 | UserParameter=agent.os,grep "PRETTY_NAME" /etc/os-release | cut -d '"' -f2 2 | -------------------------------------------------------------------------------- /alpine-base/root/etc/zabbix/zabbix_agentd.conf.d/updated_packages.conf: -------------------------------------------------------------------------------- 1 | UserParameter=packages.upgradable,sudo apk update >/dev/null && apk version | sed "/Installed/d" | wc -l -------------------------------------------------------------------------------- /bind/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM aqzt/docker-alpine 2 | LABEL maintainer="aqzt.com (ppabc@qq.com)" 3 | 4 | RUN apk --update upgrade && apk add bind 5 | 6 | RUN mkdir -m 0770 -p /etc/bind && chown -R root:named /etc/bind ; \ 7 | mkdir -m 0770 -p /var/cache/bind && chown -R root:named /var/cache/bind ; \ 8 | wget -q -O /etc/bind/bind.keys https://ftp.isc.org/isc/bind9/keys/9.11/bind.keys.v9_11 ; \ 9 | rndc-confgen -a -r /dev/urandom 10 | 11 | ADD root / 12 | 13 | VOLUME ["/etc/bind"] 14 | VOLUME ["/var/cache/bind"] 15 | 16 | EXPOSE 53/tcp 53/udp 17 | 18 | 19 | -------------------------------------------------------------------------------- /bind/README.md: -------------------------------------------------------------------------------- 1 | ## 基于Alpine系统的bind镜像 2 | 3 | ### 概述 4 | 使用Dockerfile构建基于Alpine系统的bind镜像,并采用supervise守护进程。 5 | 6 | ### 使用说明 7 | ``` 8 | 9 | docker run --name=dns-test -it -d --dns=8.8.8.8 --dns=8.8.4.4 -p 53:53/udp -p 53:53 aqzt/docker-alpine:bind 10 | 或者采用host方式 11 | docker run --name=dns-test -it -d --dns=8.8.8.8 --dns=8.8.4.4 --net=host aqzt/docker-alpine:bind 12 | 13 | 14 | ``` 15 | 16 | 使用docker exec进入容器 17 | ``` 18 | docker exec -ti "CONTAINER ID" /bin/sh 19 | ``` -------------------------------------------------------------------------------- /bind/root/etc/bind/README: -------------------------------------------------------------------------------- 1 | You should add your zones to: named.conf.local 2 | Generally, that's the only file you will need to modify 3 | -------------------------------------------------------------------------------- /bind/root/etc/bind/default-zones/db.0: -------------------------------------------------------------------------------- 1 | ; 2 | ; BIND reverse data file for broadcast zone 3 | ; 4 | $TTL 604800 5 | @ IN SOA localhost. root.localhost. ( 6 | 1 ; Serial 7 | 604800 ; Refresh 8 | 86400 ; Retry 9 | 2419200 ; Expire 10 | 604800 ) ; Negative Cache TTL 11 | ; 12 | @ IN NS localhost. 13 | -------------------------------------------------------------------------------- /bind/root/etc/bind/default-zones/db.127: -------------------------------------------------------------------------------- 1 | ; 2 | ; BIND reverse data file for local loopback interface 3 | ; 4 | $TTL 604800 5 | @ IN SOA localhost. root.localhost. ( 6 | 1 ; Serial 7 | 604800 ; Refresh 8 | 86400 ; Retry 9 | 2419200 ; Expire 10 | 604800 ) ; Negative Cache TTL 11 | ; 12 | @ IN NS localhost. 13 | 1.0.0 IN PTR localhost. 14 | -------------------------------------------------------------------------------- /bind/root/etc/bind/default-zones/db.255: -------------------------------------------------------------------------------- 1 | ; 2 | ; BIND reverse data file for broadcast zone 3 | ; 4 | $TTL 604800 5 | @ IN SOA localhost. root.localhost. ( 6 | 1 ; Serial 7 | 604800 ; Refresh 8 | 86400 ; Retry 9 | 2419200 ; Expire 10 | 604800 ) ; Negative Cache TTL 11 | ; 12 | @ IN NS localhost. 13 | -------------------------------------------------------------------------------- /bind/root/etc/bind/default-zones/db.empty: -------------------------------------------------------------------------------- 1 | ; BIND reverse data file for empty rfc1918 zone 2 | ; 3 | ; DO NOT EDIT THIS FILE - it is used for multiple zones. 4 | ; Instead, copy it, edit named.conf, and use that copy. 5 | ; 6 | $TTL 86400 7 | @ IN SOA localhost. root.localhost. ( 8 | 1 ; Serial 9 | 604800 ; Refresh 10 | 86400 ; Retry 11 | 2419200 ; Expire 12 | 86400 ) ; Negative Cache TTL 13 | ; 14 | @ IN NS localhost. 15 | -------------------------------------------------------------------------------- /bind/root/etc/bind/default-zones/db.local: -------------------------------------------------------------------------------- 1 | ; 2 | ; BIND data file for local loopback interface 3 | ; 4 | $TTL 604800 5 | @ IN SOA localhost. root.localhost. ( 6 | 2 ; Serial 7 | 604800 ; Refresh 8 | 86400 ; Retry 9 | 2419200 ; Expire 10 | 604800 ) ; Negative Cache TTL 11 | ; 12 | @ IN NS localhost. 13 | @ IN A 127.0.0.1 14 | @ IN AAAA ::1 15 | -------------------------------------------------------------------------------- /bind/root/etc/bind/default-zones/db.root: -------------------------------------------------------------------------------- 1 | ; This file holds the information on root name servers needed to 2 | ; initialize cache of Internet domain name servers 3 | ; (e.g. reference this file in the "cache . " 4 | ; configuration file of BIND domain name servers). 5 | ; 6 | ; This file is made available by InterNIC 7 | ; under anonymous FTP as 8 | ; file /domain/named.cache 9 | ; on server FTP.INTERNIC.NET 10 | ; -OR- RS.INTERNIC.NET 11 | ; 12 | ; last update: January 30, 2018 13 | ; related version of root zone: 2018013001 14 | ; 15 | ; FORMERLY NS.INTERNIC.NET 16 | ; 17 | . 3600000 NS A.ROOT-SERVERS.NET. 18 | A.ROOT-SERVERS.NET. 3600000 A 198.41.0.4 19 | A.ROOT-SERVERS.NET. 3600000 AAAA 2001:503:ba3e::2:30 20 | ; 21 | ; FORMERLY NS1.ISI.EDU 22 | ; 23 | . 3600000 NS B.ROOT-SERVERS.NET. 24 | B.ROOT-SERVERS.NET. 3600000 A 199.9.14.201 25 | B.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:200::b 26 | ; 27 | ; FORMERLY C.PSI.NET 28 | ; 29 | . 3600000 NS C.ROOT-SERVERS.NET. 30 | C.ROOT-SERVERS.NET. 3600000 A 192.33.4.12 31 | C.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:2::c 32 | ; 33 | ; FORMERLY TERP.UMD.EDU 34 | ; 35 | . 3600000 NS D.ROOT-SERVERS.NET. 36 | D.ROOT-SERVERS.NET. 3600000 A 199.7.91.13 37 | D.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:2d::d 38 | ; 39 | ; FORMERLY NS.NASA.GOV 40 | ; 41 | . 3600000 NS E.ROOT-SERVERS.NET. 42 | E.ROOT-SERVERS.NET. 3600000 A 192.203.230.10 43 | E.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:a8::e 44 | ; 45 | ; FORMERLY NS.ISC.ORG 46 | ; 47 | . 3600000 NS F.ROOT-SERVERS.NET. 48 | F.ROOT-SERVERS.NET. 3600000 A 192.5.5.241 49 | F.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:2f::f 50 | ; 51 | ; FORMERLY NS.NIC.DDN.MIL 52 | ; 53 | . 3600000 NS G.ROOT-SERVERS.NET. 54 | G.ROOT-SERVERS.NET. 3600000 A 192.112.36.4 55 | G.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:12::d0d 56 | ; 57 | ; FORMERLY AOS.ARL.ARMY.MIL 58 | ; 59 | . 3600000 NS H.ROOT-SERVERS.NET. 60 | H.ROOT-SERVERS.NET. 3600000 A 198.97.190.53 61 | H.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:1::53 62 | ; 63 | ; FORMERLY NIC.NORDU.NET 64 | ; 65 | . 3600000 NS I.ROOT-SERVERS.NET. 66 | I.ROOT-SERVERS.NET. 3600000 A 192.36.148.17 67 | I.ROOT-SERVERS.NET. 3600000 AAAA 2001:7fe::53 68 | ; 69 | ; OPERATED BY VERISIGN, INC. 70 | ; 71 | . 3600000 NS J.ROOT-SERVERS.NET. 72 | J.ROOT-SERVERS.NET. 3600000 A 192.58.128.30 73 | J.ROOT-SERVERS.NET. 3600000 AAAA 2001:503:c27::2:30 74 | ; 75 | ; OPERATED BY RIPE NCC 76 | ; 77 | . 3600000 NS K.ROOT-SERVERS.NET. 78 | K.ROOT-SERVERS.NET. 3600000 A 193.0.14.129 79 | K.ROOT-SERVERS.NET. 3600000 AAAA 2001:7fd::1 80 | ; 81 | ; OPERATED BY ICANN 82 | ; 83 | . 3600000 NS L.ROOT-SERVERS.NET. 84 | L.ROOT-SERVERS.NET. 3600000 A 199.7.83.42 85 | L.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:9f::42 86 | ; 87 | ; OPERATED BY WIDE 88 | ; 89 | . 3600000 NS M.ROOT-SERVERS.NET. 90 | M.ROOT-SERVERS.NET. 3600000 A 202.12.27.33 91 | M.ROOT-SERVERS.NET. 3600000 AAAA 2001:dc3::35 92 | ; End of file -------------------------------------------------------------------------------- /bind/root/etc/bind/example-configs/README: -------------------------------------------------------------------------------- 1 | 1.) Start with the FULL directory contents of "configs" which has a 2 | fully functioning recurive resolver/forwarding cacher AND an 3 | authoritative config at the same time. 4 | 5 | The "configs" directory contains: 6 | 7 | * README 8 | * named.conf 9 | * named.conf.default-zones 10 | * named.conf.rfc1918 11 | * named.conf.local -> modify this for all of your authoritative zones 12 | * named.conf.options -> feel free to overwrite this with one fr 13 | 14 | default-zones: 15 | db.0 db.127 db.255 db.empty db.local db.root 16 | 17 | 18 | 2.) and then feel free to use the "named.conf.options" provided in the 19 | "example-configs" to override the default with a more "specific 20 | 'named.conf.options' as needed for a more 21 | -------------------------------------------------------------------------------- /bind/root/etc/bind/example-configs/authoritative/named.conf.options: -------------------------------------------------------------------------------- 1 | // Copy this file to /etc/bind/named.conf.options if you want to run bind as an 2 | // authoritative nameserver. If you want to run a recursive DNS resolver 3 | // instead, see Ventz's "example-configs/recursive-resolver/named.conf.options" 4 | // 5 | // BIND supports using the same daemon as both authoritative nameserver and 6 | // recursive resolver; it supports this because it is the oldest and original 7 | // nameserver and so was designed before it was realized that combining these 8 | // functions is inadvisable. 9 | // 10 | // In actual fact, combining these functions is a very bad idea. It is thus 11 | // recommended that you run a given instance of BIND as either an authoritative 12 | // nameserver or recursive resolver, not both. The example configuration herein 13 | // provides a secure starting point for running an authoritative nameserver. 14 | 15 | options { 16 | directory "/var/bind"; 17 | 18 | // Configure the IPs to listen on here. 19 | listen-on { 127.0.0.1; }; 20 | listen-on-v6 { none; }; 21 | 22 | // If you want to allow only specific hosts to use the DNS server: 23 | //allow-query { 24 | // 127.0.0.1; 25 | //}; 26 | 27 | // Specify a list of IPs/masks to allow zone transfers to here. 28 | // 29 | // You can override this on a per-zone basis by specifying this inside a zone 30 | // block. 31 | // 32 | // Warning: Removing this block will cause BIND to revert to its default 33 | // behaviour of allowing zone transfers to any host (!). 34 | allow-transfer { 35 | none; 36 | }; 37 | 38 | // If you have problems and are behind a firewall: 39 | //query-source address * port 53; 40 | 41 | pid-file "/var/run/named/named.pid"; 42 | 43 | // Changing this is NOT RECOMMENDED; see the notes above and in 44 | // named.conf.recursive. 45 | allow-recursion { none; }; 46 | recursion no; 47 | }; 48 | 49 | // Example of how to configure a zone for which this server is the master: 50 | //zone "example.com" IN { 51 | // type master; 52 | // file "/etc/bind/master/example.com"; 53 | //}; 54 | 55 | // You can include files: 56 | //include "/etc/bind/example.conf"; 57 | -------------------------------------------------------------------------------- /bind/root/etc/bind/example-configs/recursive-resolver/named.conf.options: -------------------------------------------------------------------------------- 1 | // Copy this file to /etc/bind/named.conf.options if you want to run bind as a 2 | // recursive DNS resolver. If you want to run an authoritative nameserver 3 | // instead, see Ventz's "example-configs/authoritative/named.conf.options" 4 | // 5 | // BIND supports using the same daemon as both authoritative nameserver and 6 | // recursive resolver; it supports this because it is the oldest and original 7 | // nameserver and so was designed before it was realized that combining these 8 | // functions is inadvisable. 9 | // 10 | // In actual fact, combining these functions is a very bad idea. It is thus 11 | // recommended that you run a given instance of BIND as either an authoritative 12 | // nameserver or recursive resolver, not both. The example configuration herein 13 | // provides a starting point for running a recursive resolver. 14 | // 15 | // 16 | // *** IMPORTANT *** 17 | // You should note that running an open DNS resolver (that is, a resolver which 18 | // answers queries from any globally routable IP) makes the resolver vulnerable 19 | // to abuse in the form of reflected DDoS attacks. 20 | // 21 | // These attacks are now widely prevalent on the open internet. Even if 22 | // unadvertised, attackers can and will find your resolver by portscanning the 23 | // global IPv4 address space. 24 | // 25 | // In one case the traffic generated using such an attack reached 300 Gb/s (!). 26 | // 27 | // It is therefore imperative that you take care to configure the resolver to 28 | // only answer queries from IP address space you trust or control. See the 29 | // "allow-recursion" directive below. 30 | // 31 | // Bear in mind that with these attacks, the "source" of a query will actually 32 | // be the intended target of a DDoS attack, so this only protects other networks 33 | // from attack, not your own; ideally therefore you should firewall DNS traffic 34 | // at the borders of your network to eliminate spoofed traffic. 35 | // 36 | // This is a complex issue and some level of understanding of these attacks is 37 | // advisable before you attempt to configure a resolver. 38 | 39 | options { 40 | directory "/var/bind"; 41 | 42 | // Specify a list of CIDR masks which should be allowed to issue recursive 43 | // queries to the DNS server. Do NOT specify 0.0.0.0/0 here; see above. 44 | allow-recursion { 45 | 127.0.0.1/32; 46 | }; 47 | 48 | // If you want this resolver to itself resolve via means of another recursive 49 | // resolver, uncomment this block and specify the IP addresses of the desired 50 | // upstream resolvers. 51 | //forwarders { 52 | // 8.8.8.8; 53 | // 8.8.4.4; 54 | //}; 55 | 56 | // By default the resolver will attempt to perform recursive resolution itself 57 | // if the forwarders are unavailable. If you want this resolver to fail outright 58 | // if the upstream resolvers are unavailable, uncomment this directive. 59 | //forward only; 60 | 61 | // Configure the IPs to listen on here. 62 | listen-on { 127.0.0.1; }; 63 | listen-on-v6 { none; }; 64 | 65 | // If you have problems and are behind a firewall: 66 | //query-source address * port 53; 67 | 68 | pid-file "/var/run/named/named.pid"; 69 | 70 | // Removing this block will cause BIND to revert to its default behaviour 71 | // of allowing zone transfers to any host (!). There is no need to allow zone 72 | // transfers when operating as a recursive resolver. 73 | allow-transfer { none; }; 74 | }; 75 | 76 | // Briefly, a zone which has been declared delegation-only will be effectively 77 | // limited to containing NS RRs for subdomains, but no actual data beyond its 78 | // own apex (for example, its SOA RR and apex NS RRset). This can be used to 79 | // filter out "wildcard" or "synthesized" data from NAT boxes or from 80 | // authoritative name servers whose undelegated (in-zone) data is of no 81 | // interest. 82 | // See http://www.isc.org/products/BIND/delegation-only.html for more info 83 | 84 | //zone "COM" { type delegation-only; }; 85 | //zone "NET" { type delegation-only; }; 86 | 87 | zone "." IN { 88 | type hint; 89 | file "named.ca"; 90 | }; 91 | 92 | zone "localhost" IN { 93 | type master; 94 | file "pri/localhost.zone"; 95 | allow-update { none; }; 96 | notify no; 97 | }; 98 | 99 | zone "127.in-addr.arpa" IN { 100 | type master; 101 | file "pri/127.zone"; 102 | allow-update { none; }; 103 | notify no; 104 | }; 105 | -------------------------------------------------------------------------------- /bind/root/etc/bind/named.conf: -------------------------------------------------------------------------------- 1 | // This is the primary configuration file for the BIND DNS server named. 2 | // 3 | // Please read /usr/share/doc/bind9/README.Debian.gz for information on the 4 | // structure of BIND configuration files in Debian, *BEFORE* you customize 5 | // this configuration file. 6 | // 7 | // If you are just adding zones, please do that in /etc/bind/named.conf.local 8 | 9 | controls { 10 | inet 127.0.0.1 allow { localhost; } keys { "rndc-key"; }; 11 | }; 12 | 13 | include "/etc/bind/rndc.key"; 14 | include "/etc/bind/named.conf.options"; 15 | include "/etc/bind/named.conf.local"; 16 | 17 | -------------------------------------------------------------------------------- /bind/root/etc/bind/named.conf.default-zones: -------------------------------------------------------------------------------- 1 | // prime the server with knowledge of the root servers 2 | zone "." { 3 | type hint; 4 | file "/etc/bind/default-zones/db.root"; 5 | }; 6 | 7 | // be authoritative for the localhost forward and reverse zones, and for 8 | // broadcast zones as per RFC 1912 9 | 10 | zone "localhost" { 11 | type master; 12 | file "/etc/bind/default-zones/db.local"; 13 | }; 14 | 15 | zone "127.in-addr.arpa" { 16 | type master; 17 | file "/etc/bind/default-zones/db.127"; 18 | }; 19 | 20 | zone "0.in-addr.arpa" { 21 | type master; 22 | file "/etc/bind/default-zones/db.0"; 23 | }; 24 | 25 | zone "255.in-addr.arpa" { 26 | type master; 27 | file "/etc/bind/default-zones/db.255"; 28 | }; 29 | -------------------------------------------------------------------------------- /bind/root/etc/bind/named.conf.local: -------------------------------------------------------------------------------- 1 | // 2 | // Do any local configuration here 3 | // 4 | 5 | /////////////////////////////////////////////////////////////////////////////// 6 | ////////////////////////////////////////////////////////////////////////////// 7 | 8 | // STANDARD ZONES 9 | include "/etc/bind/named.conf.default-zones"; 10 | 11 | // Consider adding the 1918 zones here, if they are not used in your 12 | // organization 13 | include "/etc/bind/named.conf.rfc1918"; 14 | 15 | /////////////////////////////////////////////////////////////////////////////// 16 | ////////////////////////////////////////////////////////////////////////////// 17 | 18 | 19 | ####################################### 20 | # REVERSE 'PTR' RECORDS # 21 | ####################################### 22 | # example reverse zone: 1.2.3.4/24 23 | //zone "4.3.2.1.in-addr.arpa" { 24 | // type master; 25 | // file "/var/cache/bind/1.2.3.4.rev"; 26 | // notify yes; 27 | //}; 28 | 29 | 30 | ####################################### 31 | # FORWARD 'A' RECORDS # 32 | ####################################### 33 | # example "forward" (domain) zone: domain.tld 34 | //zone "domain.tld" { 35 | // type master; 36 | // file "/var/cache/bind/domain.tld"; 37 | // notify yes; 38 | // #also-notify { a.b.c.d; }; 39 | // #allow-transfer { localhost; a.b.c.d; }; 40 | // # vs 41 | // #allow-transfer { "none"; }; 42 | //}; 43 | -------------------------------------------------------------------------------- /bind/root/etc/bind/named.conf.options: -------------------------------------------------------------------------------- 1 | options { 2 | directory "/var/cache/bind"; 3 | 4 | // Remove (hide) our bind version - no reason to disclose it 5 | version ""; 6 | 7 | // Configure the IPs to listen on here. 8 | listen-on { any; }; 9 | listen-on-v6 { none; }; 10 | 11 | // QUERY SOURCE - Useful for caching servers behind a firewall 12 | // Default: address * port * 13 | // Values : The IP address and port to use as the source of queries to other servers 14 | // If you have problems and are behind a firewall, uncomment: 15 | //query-source address * port *; 16 | 17 | pid-file "/var/run/named/named.pid"; 18 | 19 | // statistics-file "/var/cache/bind/named.stats"; 20 | // zone-statistics yes; 21 | 22 | // If you want to allow only specific hosts to use the DNS server: 23 | allow-query { 127.0.0.1; }; 24 | 25 | // Specify a list of IPs/masks to allow zone transfers to here. 26 | // 27 | // You can override this on a per-zone basis by specifying this inside a zone 28 | // block. 29 | // 30 | // Warning: Removing this block will cause BIND to revert to its default 31 | // behaviour of allowing zone transfers to any host (!). 32 | allow-transfer { none; }; 33 | 34 | 35 | // If there is a firewall between you and nameservers you want 36 | // to talk to, you may need to fix the firewall to allow multiple 37 | // ports to talk. See http://www.kb.cert.org/vuls/id/800113 38 | 39 | // RECURSION - Required for caching servers 40 | // Default: yes 41 | // Values : yes, no 42 | // 43 | // yes: Attempt to resolve requests we are not authoritative for 44 | // no : Do not resolve requests we are not authoritative for 45 | // 46 | // NOTE: Commented out because specified in each zone/view 47 | recursion yes; 48 | //recursion no; 49 | 50 | 51 | // ALLOW-RECURSION - Who may use our caching server? 52 | // Default: any; 53 | // Values : any, none, (addresslist) 54 | // 55 | // any : anybody may use the caching server 56 | // none : noone may use the caching server 57 | // address: List of IP addresses that may use the caching server. 58 | // allow-recursion { localhost; localnets; }; 59 | // 60 | // NOTE: Commented out because specified in each zone/view 61 | // allow-recursion { clients; servers; lan; }; 62 | //allow-recursion { none; }; 63 | allow-recursion { 127.0.0.1; }; 64 | 65 | // If your ISP provided one or more IP addresses for stable 66 | // nameservers, you probably want to use them as forwarders. 67 | // Uncomment the following block, and insert the addresses replacing 68 | // the all-0's placeholder. 69 | 70 | forwarders { 71 | 8.8.8.8; 72 | 8.8.4.4; 73 | }; 74 | 75 | // FORWARD - Recommended for caching servers 76 | // Default: first 77 | // Values : first, only 78 | // 79 | // first: Query "forwarders" first, then resolve request ourself 80 | // only : Only query the "forwarders" to resolve requests 81 | // 82 | forward first; 83 | 84 | 85 | // NOTIFY - Relevant to authoritative servers 86 | // Default: yes 87 | // Values : yes, explicit, no 88 | // 89 | // yes : Send DNS NOTIFY messages to slave servers in zone NS records when zone changes 90 | // explicit: Only send DNS NOTIFY messages to "also-notify" hosts 91 | // no : Never automatically send DNS NOTIFY messages 92 | // 93 | notify yes; 94 | 95 | // Need this for SRV records 96 | check-names master ignore; 97 | 98 | //======================================================================== 99 | // If BIND logs error messages about the root key being expired, 100 | // you will need to update your keys. See https://www.isc.org/bind-keys 101 | //======================================================================== 102 | dnssec-validation auto; 103 | 104 | auth-nxdomain no; # conform to RFC1035 105 | }; 106 | -------------------------------------------------------------------------------- /bind/root/etc/bind/named.conf.rfc1918: -------------------------------------------------------------------------------- 1 | zone "10.in-addr.arpa" { type master; file "/etc/bind/default-zones/db.empty"; }; 2 | 3 | zone "16.172.in-addr.arpa" { type master; file "/etc/bind/default-zones/db.empty"; }; 4 | zone "17.172.in-addr.arpa" { type master; file "/etc/bind/default-zones/db.empty"; }; 5 | zone "18.172.in-addr.arpa" { type master; file "/etc/bind/default-zones/db.empty"; }; 6 | zone "19.172.in-addr.arpa" { type master; file "/etc/bind/default-zones/db.empty"; }; 7 | zone "20.172.in-addr.arpa" { type master; file "/etc/bind/default-zones/db.empty"; }; 8 | zone "21.172.in-addr.arpa" { type master; file "/etc/bind/default-zones/db.empty"; }; 9 | zone "22.172.in-addr.arpa" { type master; file "/etc/bind/default-zones/db.empty"; }; 10 | zone "23.172.in-addr.arpa" { type master; file "/etc/bind/default-zones/db.empty"; }; 11 | zone "24.172.in-addr.arpa" { type master; file "/etc/bind/default-zones/db.empty"; }; 12 | zone "25.172.in-addr.arpa" { type master; file "/etc/bind/default-zones/db.empty"; }; 13 | zone "26.172.in-addr.arpa" { type master; file "/etc/bind/default-zones/db.empty"; }; 14 | zone "27.172.in-addr.arpa" { type master; file "/etc/bind/default-zones/db.empty"; }; 15 | zone "28.172.in-addr.arpa" { type master; file "/etc/bind/default-zones/db.empty"; }; 16 | zone "29.172.in-addr.arpa" { type master; file "/etc/bind/default-zones/db.empty"; }; 17 | zone "30.172.in-addr.arpa" { type master; file "/etc/bind/default-zones/db.empty"; }; 18 | zone "31.172.in-addr.arpa" { type master; file "/etc/bind/default-zones/db.empty"; }; 19 | 20 | zone "168.192.in-addr.arpa" { type master; file "/etc/bind/default-zones/db.empty"; }; 21 | -------------------------------------------------------------------------------- /bind/root/etc/s6/services/33-bind/run: -------------------------------------------------------------------------------- 1 | #!/usr/bin/with-contenv bash 2 | 3 | while [ ! -f /tmp/state/99-container-init ] 4 | do 5 | sleep 1 6 | done 7 | 8 | if [ ! -f /tmp/state/33-bind ]; then 9 | chown -R root:named /etc/bind /var/cache/bind /var/run/named 10 | chmod -R 770 /var/cache/bind /var/run/named 11 | chmod -R 750 /etc/bind 12 | mkdir -p /tmp/state 13 | echo 'Initialization Complete' >/tmp/state/33-bind 14 | fi 15 | 16 | exec /usr/sbin/named -c /etc/bind/named.conf -g -u named 17 | -------------------------------------------------------------------------------- /dnsmasq/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM aqzt/docker-alpine 2 | LABEL maintainer="aqzt.com (ppabc@qq.com)" 3 | 4 | # webproc release settings 5 | ENV HTTP_USER user 6 | ENV HTTP_PASS Root123 7 | ENV WEBPROC_VERSION 0.1.9 8 | ENV WEBPROC_URL https://github.com/jpillora/webproc/releases/download/$WEBPROC_VERSION/webproc_linux_amd64.gz 9 | # fetch dnsmasq and webproc binary 10 | RUN apk update \ 11 | && apk --no-cache add dnsmasq \ 12 | && apk add --no-cache --virtual .build-deps curl \ 13 | && curl -sL $WEBPROC_URL | gzip -d - > /usr/local/bin/webproc \ 14 | && chmod +x /usr/local/bin/webproc \ 15 | && apk del .build-deps 16 | #configure dnsmasq 17 | run mkdir -p /etc/default/ 18 | RUN echo -e "ENABLED=1\nIGNORE_RESOLVCONF=yes" > /etc/default/dnsmasq 19 | 20 | EXPOSE 53/tcp 53/udp 21 | 22 | ADD root / 23 | -------------------------------------------------------------------------------- /dnsmasq/README.md: -------------------------------------------------------------------------------- 1 | ## 基于Alpine系统的dnsmasq镜像 2 | 3 | ### 概述 4 | 使用Dockerfile构建基于Alpine系统的dnsmasq镜像,并采用supervise守护进程。 5 | 6 | ### 使用说明 7 | ``` 8 | 9 | docker run --name dnsmasq -d -p 53:53/udp -p 8080:8080 -v /opt/dnsmasq.conf:/etc/dnsmasq.conf --log-opt "max-size=100m" -e "HTTP_USER=user" -e "HTTP_PASS=Root123" --restart always aqzt/docker-alpine:dnsmasq 10 | 或者 11 | docker run -d --name dnsmasq -ti -p 53:53/udp -p 8080:8080 -v /opt/dnsmasq.conf:/etc/dnsmasq.conf --log-opt "max-size=100m" -e "HTTP_USER=user" -e "HTTP_PASS=Root123" aqzt/docker-alpine:dnsmasq 12 | 或者采用host方式 13 | docker run -d --name dnsmasq -it --net=host -v /opt/dnsmasq.conf:/etc/dnsmasq.conf --log-opt "max-size=100m" -e "HTTP_USER=user" -e "HTTP_PASS=Root123" aqzt/docker-alpine:dnsmasq 14 | 15 | ``` 16 | 17 | 使用docker exec进入容器 18 | ``` 19 | docker exec -ti "CONTAINER ID" /bin/sh 20 | ``` 21 | -------------------------------------------------------------------------------- /dnsmasq/root/etc/dnsmasq.conf: -------------------------------------------------------------------------------- 1 | #log all dns queries 2 | log-queries 3 | #dont use hosts nameservers 4 | no-resolv 5 | #use google as default nameservers 6 | server=8.8.4.4 7 | server=8.8.8.8 8 | #serve all .company queries using a specific nameserver 9 | server=/company/10.0.0.1 10 | #explicitly define host-ip mappings 11 | address=/myhost.company/10.0.0.2 12 | -------------------------------------------------------------------------------- /dnsmasq/root/etc/s6/services/31-webproc/run: -------------------------------------------------------------------------------- 1 | #!/usr/bin/with-contenv bash 2 | 3 | while [ ! -f /tmp/state/99-container-init ] 4 | do 5 | sleep 1 6 | done 7 | 8 | if [ ! -f /tmp/state/31-webproc ]; then 9 | mkdir -p /tmp/state 10 | echo 'Initialization Complete' >/tmp/state/31-webproc 11 | fi 12 | 13 | exec webproc --config /etc/dnsmasq.conf -- dnsmasq --no-daemon 14 | -------------------------------------------------------------------------------- /glibc/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM aqzt/docker-alpine 2 | LABEL maintainer="ppabc (ppabc@qq.com)" 3 | 4 | ENV LANG=C.UTF-8 5 | 6 | RUN ALPINE_GLIBC_BASE_URL="https://github.com/sgerrand/alpine-pkg-glibc/releases/download" && \ 7 | ALPINE_GLIBC_PACKAGE_VERSION="2.27-r0" && \ 8 | ALPINE_GLIBC_BASE_PACKAGE_FILENAME="glibc-$ALPINE_GLIBC_PACKAGE_VERSION.apk" && \ 9 | ALPINE_GLIBC_BIN_PACKAGE_FILENAME="glibc-bin-$ALPINE_GLIBC_PACKAGE_VERSION.apk" && \ 10 | ALPINE_GLIBC_I18N_PACKAGE_FILENAME="glibc-i18n-$ALPINE_GLIBC_PACKAGE_VERSION.apk" && \ 11 | apk add --no-cache --virtual=.build-dependencies wget ca-certificates && \ 12 | wget \ 13 | "https://raw.githubusercontent.com/sgerrand/alpine-pkg-glibc/master/sgerrand.rsa.pub" \ 14 | -O "/etc/apk/keys/sgerrand.rsa.pub" && \ 15 | wget \ 16 | "$ALPINE_GLIBC_BASE_URL/$ALPINE_GLIBC_PACKAGE_VERSION/$ALPINE_GLIBC_BASE_PACKAGE_FILENAME" \ 17 | "$ALPINE_GLIBC_BASE_URL/$ALPINE_GLIBC_PACKAGE_VERSION/$ALPINE_GLIBC_BIN_PACKAGE_FILENAME" \ 18 | "$ALPINE_GLIBC_BASE_URL/$ALPINE_GLIBC_PACKAGE_VERSION/$ALPINE_GLIBC_I18N_PACKAGE_FILENAME" && \ 19 | apk add --no-cache \ 20 | "$ALPINE_GLIBC_BASE_PACKAGE_FILENAME" \ 21 | "$ALPINE_GLIBC_BIN_PACKAGE_FILENAME" \ 22 | "$ALPINE_GLIBC_I18N_PACKAGE_FILENAME" && \ 23 | \ 24 | rm "/etc/apk/keys/sgerrand.rsa.pub" && \ 25 | /usr/glibc-compat/bin/localedef --force --inputfile POSIX --charmap UTF-8 "$LANG" || true && \ 26 | echo "export LANG=$LANG" > /etc/profile.d/locale.sh && \ 27 | \ 28 | apk del glibc-i18n && \ 29 | \ 30 | rm "/root/.wget-hsts" && \ 31 | apk del .build-dependencies && \ 32 | rm \ 33 | "$ALPINE_GLIBC_BASE_PACKAGE_FILENAME" \ 34 | "$ALPINE_GLIBC_BIN_PACKAGE_FILENAME" \ 35 | "$ALPINE_GLIBC_I18N_PACKAGE_FILENAME" 36 | -------------------------------------------------------------------------------- /glibc/Dockerfile-mini: -------------------------------------------------------------------------------- 1 | FROM alpine:3.7 2 | LABEL maintainer="ppabc (ppabc@qq.com)" 3 | 4 | ENV LANG=C.UTF-8 5 | 6 | RUN ALPINE_GLIBC_BASE_URL="https://github.com/sgerrand/alpine-pkg-glibc/releases/download" && \ 7 | ALPINE_GLIBC_PACKAGE_VERSION="2.27-r0" && \ 8 | ALPINE_GLIBC_BASE_PACKAGE_FILENAME="glibc-$ALPINE_GLIBC_PACKAGE_VERSION.apk" && \ 9 | ALPINE_GLIBC_BIN_PACKAGE_FILENAME="glibc-bin-$ALPINE_GLIBC_PACKAGE_VERSION.apk" && \ 10 | ALPINE_GLIBC_I18N_PACKAGE_FILENAME="glibc-i18n-$ALPINE_GLIBC_PACKAGE_VERSION.apk" && \ 11 | apk add --no-cache --virtual=.build-dependencies wget ca-certificates && \ 12 | wget \ 13 | "https://raw.githubusercontent.com/sgerrand/alpine-pkg-glibc/master/sgerrand.rsa.pub" \ 14 | -O "/etc/apk/keys/sgerrand.rsa.pub" && \ 15 | wget \ 16 | "$ALPINE_GLIBC_BASE_URL/$ALPINE_GLIBC_PACKAGE_VERSION/$ALPINE_GLIBC_BASE_PACKAGE_FILENAME" \ 17 | "$ALPINE_GLIBC_BASE_URL/$ALPINE_GLIBC_PACKAGE_VERSION/$ALPINE_GLIBC_BIN_PACKAGE_FILENAME" \ 18 | "$ALPINE_GLIBC_BASE_URL/$ALPINE_GLIBC_PACKAGE_VERSION/$ALPINE_GLIBC_I18N_PACKAGE_FILENAME" && \ 19 | apk add --no-cache \ 20 | "$ALPINE_GLIBC_BASE_PACKAGE_FILENAME" \ 21 | "$ALPINE_GLIBC_BIN_PACKAGE_FILENAME" \ 22 | "$ALPINE_GLIBC_I18N_PACKAGE_FILENAME" && \ 23 | \ 24 | rm "/etc/apk/keys/sgerrand.rsa.pub" && \ 25 | /usr/glibc-compat/bin/localedef --force --inputfile POSIX --charmap UTF-8 "$LANG" || true && \ 26 | echo "export LANG=$LANG" > /etc/profile.d/locale.sh && \ 27 | \ 28 | apk del glibc-i18n && \ 29 | \ 30 | rm "/root/.wget-hsts" && \ 31 | apk del .build-dependencies && \ 32 | rm \ 33 | "$ALPINE_GLIBC_BASE_PACKAGE_FILENAME" \ 34 | "$ALPINE_GLIBC_BIN_PACKAGE_FILENAME" \ 35 | "$ALPINE_GLIBC_I18N_PACKAGE_FILENAME" 36 | -------------------------------------------------------------------------------- /mariadb/root/etc/mysql/my.cnf: -------------------------------------------------------------------------------- 1 | [client] 2 | port = 3306 3 | socket = /run/mysqld/mysqld.sock 4 | 5 | [mysqld_safe] 6 | socket = /var/run/mysqld/mysqld.sock 7 | nice = 0 8 | 9 | 10 | [mysqld] 11 | port = 3306 12 | socket = /run/mysqld/mysqld.sock 13 | bulk_insert_buffer_size = 16M 14 | connect_timeout = 5 15 | max_connections = 100 16 | max_heap_table_size = 32M 17 | tmp_table_size = 32M 18 | wait_timeout = 600 19 | 20 | 21 | ### MyISAM 22 | ### 23 | expire_logs_days = 10 24 | key_buffer_size = 128M 25 | long_query_time = 10 26 | max_allowed_packet = 16M 27 | myisam_recover_options = BACKUP 28 | myisam_sort_buffer_size = 512M 29 | net_buffer_length = 16K 30 | query_cache_limit = 128K 31 | query_cache_size = 64M 32 | read_buffer_size = 2M 33 | read_rnd_buffer_size = 1M 34 | skip-external-locking 35 | slow_query_log_file = /var/log/mysql/mariadb-slow.log 36 | sort_buffer_size = 4M 37 | table_open_cache = 400 38 | 39 | ### InnoDB 40 | ### 41 | #### InnoDB is enabled by default with a 10MB datafile in /var/lib/mysql/. 42 | default_storage_engine = InnoDB 43 | # you can't just change log file size, requires special procedure 44 | #innodb_log_file_size = 50M 45 | innodb_buffer_pool_size = 256M 46 | innodb_file_per_table = 1 47 | innodb_flush_method = O_DIRECT 48 | innodb_io_capacity = 400 49 | innodb_log_buffer_size = 8M 50 | innodb_open_files = 400 51 | 52 | # Point the following paths to different dedicated disks 53 | #tmpdir = /tmp/ 54 | 55 | ### Replication 56 | # Replication Master Server (default) 57 | # binary logging is required for replication 58 | #log-bin=mysql-bin 59 | 60 | # binary logging format - mixed recommended 61 | #binlog_format =mixed 62 | 63 | #max_binlog_size = 100M 64 | 65 | # required unique id between 1 and 2^32 - 1 66 | # defaults to 1 if master-host is not set 67 | # but will not function as a master if omitted 68 | server-id = 1 69 | 70 | [mysqldump] 71 | max_allowed_packet = 16M 72 | quick 73 | quote-names 74 | 75 | 76 | [mysql] 77 | no-auto-rehash 78 | # Remove the next comment character if you are not familiar with SQL 79 | #safe-updates 80 | 81 | 82 | [myisamchk] 83 | key_buffer_size = 20M 84 | sort_buffer_size = 20M 85 | read_buffer = 2M 86 | write_buffer = 2M 87 | 88 | [mysqlhotcopy] 89 | interactive-timeout 90 | 91 | ## Include .conf files 92 | !includedir /etc/mysql/conf.d/ -------------------------------------------------------------------------------- /mariadb/root/etc/s6/services/10-mariadb/run: -------------------------------------------------------------------------------- 1 | #!/usr/bin/with-contenv bash 2 | 3 | MYSQL_ROOT_PASSWORD=${MYSQL_ROOT_PASSWORD:-"111111"} 4 | 5 | while [ ! -f /tmp/state/99-container-init ] 6 | do 7 | sleep 1 8 | done 9 | 10 | if [ -z "$MYSQL_ROOT_PASSWORD" -a -z "$MYSQL_ALLOW_EMPTY_PASSWORD" ]; then 11 | echo >&2 'error: database is uninitialized and MYSQL_ROOT_PASSWORD not set' 12 | echo >&2 ' Did you forget to add -e MYSQL_ROOT_PASSWORD=... ?' 13 | exit 1 14 | fi 15 | 16 | ### Update for Zabbix Monitoring 17 | sed -i -e "s//$MYSQL_ROOT_PASSWORD/g" /etc/zabbix/.my.cnf 18 | chmod 0700 /etc/zabbix/.my.cnf 19 | chown -R zabbix /etc/zabbix 20 | 21 | 22 | ### Permissions Fix 23 | chmod 0644 /etc/mysql/my.cnf 24 | 25 | 26 | if [ -d /var/lib/mysql/mysql ]; then 27 | echo "** [mariadb] [i] MariaDB directory already present, skipping DB creation." 28 | else 29 | 30 | echo "** [mariadb] [i] MySQL data directory is not found, creating initial DB(s)..." 31 | mkdir -p /var/lib/mysql/mysql 32 | chown -R mysql:mysql /var/lib/mysql 33 | chown -R mysql:mysql /run/mysqld 34 | chmod 777 /tmp 35 | mysql_install_db --user=mysql --basedir=/usr --datadir=/var/lib/mysql --defaults-file=/etc/mysql/my.cnf >/dev/null 36 | 37 | TEMP_FILE='/tmp/mysql-first-time.sql' 38 | cat > "$TEMP_FILE" <<-EOSQL 39 | DELETE FROM mysql.user ; 40 | CREATE USER 'root'@'%' IDENTIFIED BY '${MYSQL_ROOT_PASSWORD}' ; 41 | GRANT ALL ON *.* TO 'root'@'%' WITH GRANT OPTION ; 42 | DROP DATABASE IF EXISTS test ; 43 | EOSQL 44 | 45 | if [ "$MYSQL_DATABASE" ]; then 46 | echo "CREATE DATABASE IF NOT EXISTS \`$MYSQL_DATABASE\` ;" >> "$TEMP_FILE" 47 | fi 48 | 49 | if [ "$MYSQL_USER" -a "$MYSQL_PASSWORD" ]; then 50 | echo "CREATE USER '$MYSQL_USER'@'%' IDENTIFIED BY '$MYSQL_PASSWORD' ;" >> "$TEMP_FILE" 51 | 52 | if [ "$MYSQL_DATABASE" ]; then 53 | echo "GRANT ALL ON \`$MYSQL_DATABASE\`.* TO '$MYSQL_USER'@'%' ;" >> "$TEMP_FILE" 54 | fi 55 | fi 56 | 57 | echo 'FLUSH PRIVILEGES ;' >> "$TEMP_FILE" 58 | 59 | /usr/bin/mysqld --defaults-file=/etc/mysql/my.cnf --console --user=mysql --init-file="$TEMP_FILE" 60 | rm -f $TEMP_FILE 61 | fi 62 | 63 | exec /usr/bin/mysqld --defaults-file=/etc/mysql/my.cnf --user=mysql --console 64 | -------------------------------------------------------------------------------- /mariadb/root/etc/zabbix/.my.cnf: -------------------------------------------------------------------------------- 1 | [mysql] 2 | user=root 3 | password= 4 | 5 | [mysqladmin] 6 | user=root 7 | password= 8 | -------------------------------------------------------------------------------- /mariadb/root/etc/zabbix/zabbix_agentd.conf.d/mysql.conf: -------------------------------------------------------------------------------- 1 | # For all the following commands HOME should be set to the directory that has .my.cnf file with password information. 2 | 3 | # Flexible parameter to grab global variables. On the frontend side, use keys like mysql.status[Com_insert]. 4 | # Key syntax is mysql.status[variable]. 5 | UserParameter=mysql.status[*],echo "show global status where Variable_name='$1';" | HOME=/etc/zabbix mysql -N | awk '{print $$2}' 6 | 7 | # Flexible parameter to determine database or table size. On the frontend side, use keys like mysql.size[zabbix,history,data]. 8 | # Key syntax is mysql.size[,,]. 9 | # Database may be a database name or "all". Default is "all". 10 | # Table may be a table name or "all". Default is "all". 11 | # Type may be "data", "index", "free" or "both". Both is a sum of data and index. Default is "both". 12 | # Database is mandatory if a table is specified. Type may be specified always. 13 | # Returns value in bytes. 14 | # 'sum' on data_length or index_length alone needed when we are getting this information for whole database instead of a single table 15 | UserParameter=mysql.size[*],bash -c 'echo "select sum($(case "$3" in both|"") echo "data_length+index_length";; data|index) echo "$3_length";; free) echo "data_free";; esac)) from information_schema.tables$([[ "$1" = "all" || ! "$1" ]] || echo " where table_schema=\"$1\"")$([[ "$2" = "all" || ! "$2" ]] || echo "and table_name=\"$2\"");" | HOME=/etc/zabbix mysql -N' 16 | 17 | # Check if alive 18 | UserParameter=mysql.ping,HOME=/etc/zabbix mysqladmin ping | grep -c alive 19 | 20 | # Get Version 21 | UserParameter=mysql.version,mysql -V -------------------------------------------------------------------------------- /memcached/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM aqzt/docker-alpine 2 | LABEL maintainer="aqzt.com (ppabc@qq.com)" 3 | 4 | ## Set Environment Variables 5 | ARG MEMCACHED_VERSION=1.5.4 6 | ARG MEMCACHED_SHA1=29cb75cc234dbaceed6e89db029af8363706f0fe 7 | ENV ZABBIX_HOSTNAME=memcached-app 8 | 9 | ## Install 10 | # add our user and group first to make sure their IDs get assigned consistently, regardless of whatever dependencies get added 11 | RUN adduser -D memcache ; \ 12 | 13 | set -x ; \ 14 | apk add --no-cache --virtual .build-deps \ 15 | ca-certificates \ 16 | coreutils \ 17 | cyrus-sasl-dev \ 18 | dpkg-dev dpkg \ 19 | gcc \ 20 | libc-dev \ 21 | libevent-dev \ 22 | libressl \ 23 | linux-headers \ 24 | make \ 25 | perl \ 26 | tar \ 27 | ; \ 28 | 29 | apk add --no-cache \ 30 | python \ 31 | ; \ 32 | 33 | wget -O memcached.tar.gz "https://memcached.org/files/memcached-$MEMCACHED_VERSION.tar.gz" ; \ 34 | echo "$MEMCACHED_SHA1 memcached.tar.gz" | sha1sum -c - ; \ 35 | mkdir -p /usr/src/memcached ; \ 36 | tar -xzf memcached.tar.gz -C /usr/src/memcached --strip-components=1 ; \ 37 | rm memcached.tar.gz ; \ 38 | cd /usr/src/memcached ; \ 39 | ./configure \ 40 | --build="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)" \ 41 | --enable-sasl ; \ 42 | make -j "$(nproc)" ; \ 43 | make install ; \ 44 | cd / && rm -rf /usr/src/memcached ; \ 45 | runDeps="$( \ 46 | scanelf --needed --nobanner --recursive /usr/local \ 47 | | awk '{ gsub(/,/, "\nso:", $2); print "so:" $2 }' \ 48 | | sort -u \ 49 | | xargs -r apk info --installed \ 50 | | sort -u \ 51 | )" ; \ 52 | apk add --virtual .memcached-rundeps $runDeps ; \ 53 | apk del .build-deps ; \ 54 | rm -rf /var/cache/apk/* ; \ 55 | memcached -V 56 | 57 | 58 | ### Add Folders 59 | ADD /root / 60 | 61 | ## Networking Setup 62 | EXPOSE 11211 63 | 64 | -------------------------------------------------------------------------------- /memcached/root/etc/s6/services/10-memcached/run: -------------------------------------------------------------------------------- 1 | #!/usr/bin/with-contenv bash 2 | 3 | while [ ! -f /tmp/state/99-container-init ] 4 | do 5 | sleep 1 6 | done 7 | 8 | if [ ! -f /tmp/state/10-memcached ]; then 9 | 10 | # first arg is `-f` or `--some-option` 11 | if [ "${1#-}" != "$1" ]; then 12 | set -- memcached "$@" 13 | fi 14 | 15 | mkdir -p /tmp/state 16 | echo 'Initialization Complete' >/tmp/state/10-memcached 17 | fi 18 | 19 | echo '' 20 | echo '** Starting memcached..' 21 | exec s6-setuidgid memcache memcached 22 | 23 | -------------------------------------------------------------------------------- /memcached/root/etc/zabbix/zabbix_agentd.conf.d/memcached.conf: -------------------------------------------------------------------------------- 1 | UserParameter=memcached[*],echo -e "stats\nquit" | busybox nc 127.0.0.1 11211 | grep "STAT $1 " | awk '{print $$3}' 2 | -------------------------------------------------------------------------------- /nginx-php/5.6/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM aqzt/docker-alpine 2 | LABEL maintainer="aqzt.com (ppabc@qq.com)" 3 | 4 | ### Default Runtime Environment Variables 5 | ENV ZABBIX_HOSTNAME=nginx-php-fpm-app \ 6 | ENABLE_SMTP=TRUE 7 | 8 | ADD root / 9 | RUN /tmp/install.sh 10 | 11 | ### Networking Configuration 12 | EXPOSE 80 443 13 | 14 | ### Files Addition 15 | RUN chmod +x /etc/zabbix/zabbix_agentd.conf.d/scripts/* 16 | -------------------------------------------------------------------------------- /nginx-php/5.6/root/assets/maintenance/maintenance.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | Undergoing Scheduled Maintenance 5 | 6 | 7 | 8 |

Sorry, we're presently performing maintenance on our services.

9 | 10 | 11 | 12 | 13 | 14 | 15 | -------------------------------------------------------------------------------- /nginx-php/5.6/root/etc/cont-init.d/09-nginx: -------------------------------------------------------------------------------- 1 | #!/usr/bin/with-contenv bash 2 | 3 | ### Set Defaults 4 | AUTHENTICATION_TYPE=${AUTHENTICATION_TYPE:-NONE} 5 | MAINTENANCE=${MAINTENANCE:-"FALSE"} 6 | PHP_TIMEOUT=${PHP_TIMEOUT:-"180"} 7 | UPLOAD_MAX_SIZE=${UPLOAD_MAX_SIZE:-"2G"} 8 | STAGE=${STAGE:-"DEVELOP"} 9 | LLNG_HANDLER_HOST=${LLNG_HANDLER_HOST="llng-handler"} 10 | LLNG_HANDLER_PORT=${LLNG_HANDLER_PORT="2884"} 11 | WEB_USER=${WEB_USER:-admin} 12 | WEB_PASS=${WEB_PASS:-password} 13 | 14 | ### Map Authentication 15 | case "$AUTHENTICATION_TYPE" in 16 | "BASIC") 17 | htpasswd -b -c /etc/nginx/htpasswd $WEB_USER $WEB_PASS 18 | sed -i "/ location \//a\ \ \ auth_basic "Protected"; auth_basic_user_file /etc/nginx/htpasswd;" /etc/nginx/conf.d/default.conf 19 | echo '** [nginx-php-fpm] Setting Basic Authentication' 20 | ;; 21 | "LLNG") 22 | if [ -f "/etc/nginx/conf.d/default.llng" ]; then 23 | sed -i "s//$LLNG_HANDLER_HOST/g" /etc/nginx/conf.d/default.llng 24 | sed -i "s//$LLNG_HANDLER_PORT/g" /etc/nginx/conf.d/default.llng 25 | echo '** [nginx-php-fpm] Setting LLNG Authentication' 26 | mv /etc/nginx/conf.d/default.conf /etc/nginx/conf.d/default.orig 27 | mv /etc/nginx/conf.d/default.llng /etc/nginx/conf.d/default.conf 28 | else 29 | echo '** [nginx-php-fpm] ERROR: Cannot find specific Configuration for LLNG Authentication exiting.' 30 | exit 1 31 | fi 32 | ;; 33 | "NONE") 34 | echo '** [nginx-php-fpm] Relying on Application Authentication' 35 | ;; 36 | *) 37 | echo '** [nginx-php-fpm] Unknown AUTHENTICATION_TYPE option. Relying on Application Authentication' 38 | ;; 39 | esac 40 | 41 | ### Adjust NGINX Runtime Variables 42 | sed -i -e "s//$UPLOAD_MAX_SIZE/g" /etc/nginx/nginx.conf 43 | sed -i -e "s//$PHP_TIMEOUT/g" /etc/nginx/conf.d/default.conf 44 | 45 | ### Set Stage for Future Development and Production Purposes 46 | case "$STAGE" in 47 | "DEVELOP" | "develop" ) 48 | echo 'fastcgi_param STAGE "DEVELOP";' >> /etc/nginx/fastcgi_params 49 | ;; 50 | "PRODUCTION" | "production" | "STAGING" | "staging") 51 | echo 'fastcgi_param STAGE "PRODUCTION";' >> /etc/nginx/fastcgi_params 52 | ;; 53 | *) 54 | echo 'fastcgi_param STAGE "DEVELOP";' >> /etc/nginx/fastcgi_params 55 | ;; 56 | esac 57 | 58 | ### Maintenance Mode 59 | if [ "$MAINTENANCE" = "TRUE" ] || [ "$MAINTENANCE" = "true" ]; then 60 | echo '** MAINTENANCE MODE ACTIVATED - THIS IMAGE WILL NOT SERVE PAGES' 61 | mv /etc/nginx/conf.d/default.conf /etc/nginx/conf.d/default.conf.orig 62 | mv /etc/nginx/conf.d/maintenance.conf.maint /etc/nginx.conf.d/maintenance.conf 63 | fi 64 | 65 | mkdir -p /data/logs/nginx 66 | mkdir -p /tmp/nginx 67 | chown -R nginx /data/logs/nginx 68 | chown -R nginx /tmp/nginx 69 | 70 | mkdir -p /tmp/state 71 | touch /tmp/state/09-nginx-init 72 | -------------------------------------------------------------------------------- /nginx-php/5.6/root/etc/logrotate.d/nginx: -------------------------------------------------------------------------------- 1 | /data/logs/nginx/*.log { 2 | daily 3 | ifempty 4 | rotate 7 5 | missingok 6 | compress 7 | dateext 8 | sharedscripts 9 | postrotate 10 | s6-svc -h /var/run/s6/services/10-nginx 11 | endscript 12 | } 13 | -------------------------------------------------------------------------------- /nginx-php/5.6/root/etc/logrotate.d/php-fpm7: -------------------------------------------------------------------------------- 1 | /data/logs/php-fpm/*.log { 2 | daily 3 | ifempty 4 | rotate 7 5 | missingok 6 | compress 7 | dateext 8 | sharedscripts 9 | postrotate 10 | s6-svc -h /var/run/s6/services/20-php-fpm 11 | endscript 12 | } 13 | 14 | -------------------------------------------------------------------------------- /nginx-php/5.6/root/etc/nginx/conf.d/default.conf: -------------------------------------------------------------------------------- 1 | server { 2 | listen 80; 3 | 4 | root /data/html; 5 | index index.php index.html index.htm; 6 | access_log /data/logs/nginx/access.log specialLog; 7 | error_log /data/logs/nginx/error.log; 8 | 9 | disable_symlinks off; 10 | 11 | location = /robots.txt { 12 | allow all; 13 | log_not_found off; 14 | access_log off; 15 | } 16 | 17 | # deny dot-files 18 | location ~ /\. { 19 | deny all; 20 | access_log off; 21 | log_not_found off; 22 | } 23 | 24 | location / { 25 | try_files $uri $uri/ /index.php?$args; 26 | } 27 | 28 | location ~ \.php(/|$) { 29 | fastcgi_split_path_info ^(.+?\.php)(/.+)$; 30 | fastcgi_param PATH_INFO $fastcgi_path_info; 31 | fastcgi_pass 127.0.0.1:9000; 32 | fastcgi_index index.php; 33 | include fastcgi_params; 34 | fastcgi_read_timeout ; 35 | fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; 36 | } 37 | 38 | # Deny access to any files with a .php extension in the uploads directory 39 | # Works in sub-directory installs and also in multisite network 40 | # Keep logging the requests to parse later (or to pass to firewall utilities such as fail2ban) 41 | location ~* /(?:uploads|files)/.*\.php$ { 42 | deny all; 43 | } 44 | 45 | location ~* \.(jpg|jpeg|gif|png|css|js|ico|xml)$ { 46 | access_log on; 47 | log_not_found on; 48 | expires 360d; 49 | } 50 | 51 | ## Block SQL injections 52 | location ~* union.*select.*\( { access_log /data/logs/nginx/blocked.log blocked; deny all; } 53 | location ~* union.*all.*select.* { access_log /data/logs/nginx/blocked.log blocked; deny all; } 54 | location ~* concat.*\( { access_log /data/logs/nginx/blocked.log blocked; deny all; } 55 | 56 | ## Block common exploits 57 | location ~* (<|%3C).*script.*(>|%3E) { access_log /data/logs/nginx/blocked.log blocked; deny all; } 58 | location ~* base64_(en|de)code\(.*\) { access_log /data/logs/nginx/blocked.log blocked; deny all; } 59 | location ~* (%24&x) { access_log /data/logs/nginx/blocked.log blocked; deny all; } 60 | location ~* (%0|%A|%B|%C|%D|%E|%F|127\.0) { access_log /data/logs/nginx/blocked.log blocked; deny all; } 61 | location ~* \.\.\/ { access_log /data/logs/nginx/blocked.log blocked; deny all; } 62 | location ~* ~$ { access_log /data/logs/nginx/blocked.log blocked; deny all; } 63 | location ~* proc/self/environ { access_log /data/logs/nginx/blocked.log blocked; deny all; } 64 | location ~* /\.(htaccess|htpasswd|svn) { access_log /data/logs/nginx/blocked.log blocked; deny all; } 65 | 66 | ## Block file injections 67 | location ~* [a-zA-Z0-9_]=(\.\.//?)+ { access_log /data/logs/nginx/blocked.log blocked; deny all; } 68 | location ~* [a-zA-Z0-9_]=/([a-z0-9_.]//?)+ { access_log /data/logs/nginx/blocked.log blocked; deny all; } 69 | 70 | } 71 | -------------------------------------------------------------------------------- /nginx-php/5.6/root/etc/nginx/conf.d/default.llng: -------------------------------------------------------------------------------- 1 | server { 2 | listen 80; 3 | 4 | root /data/html; 5 | index index.php index.html index.htm; 6 | access_log /data/logs/nginx/access.log specialLog; 7 | error_log /data/logs/nginx/error.log; 8 | 9 | disable_symlinks off; 10 | 11 | location = /robots.txt { 12 | allow all; 13 | log_not_found off; 14 | access_log off; 15 | } 16 | 17 | # deny dot-files 18 | location ~ /\. { 19 | deny all; 20 | access_log off; 21 | log_not_found off; 22 | } 23 | 24 | # LemonLDAP:NG authentication request 25 | location = /lmauth { 26 | internal; 27 | include /etc/nginx/fastcgi_params; 28 | fastcgi_pass :; 29 | fastcgi_param REMOTE_PORT ; 30 | fastcgi_pass_request_body off; 31 | fastcgi_param CONTENT_LENGTH ""; 32 | fastcgi_param HOST $http_host; 33 | fastcgi_param X_ORIGINAL_URI $request_uri; 34 | } 35 | 36 | location / { 37 | auth_request /lmauth; 38 | auth_request_set $lmremote_user $upstream_http_lm_remote_user; 39 | auth_request_set $lmlocation $upstream_http_location; 40 | auth_request_set $cookie_value $upstream_http_set_cookie; 41 | add_header Set-Cookie $cookie_value; 42 | error_page 401 $lmlocation; 43 | try_files $uri $uri/ /index.php?$args; 44 | } 45 | 46 | location ~ \.php(/|$) { 47 | fastcgi_split_path_info ^(.+?\.php)(/.+)$; 48 | fastcgi_param PATH_INFO $fastcgi_path_info; 49 | fastcgi_pass 127.0.0.1:9000; 50 | fastcgi_index index.php; 51 | include fastcgi_params; 52 | fastcgi_read_timeout ; 53 | fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; 54 | fastcgi_param HTTP_AUTH_USER; 55 | } 56 | 57 | # Deny access to any files with a .php extension in the uploads directory 58 | # Works in sub-directory installs and also in multisite network 59 | # Keep logging the requests to parse later (or to pass to firewall utilities such as fail2ban) 60 | location ~* /(?:uploads|files)/.*\.php$ { 61 | deny all; 62 | } 63 | 64 | location ~* \.(jpg|jpeg|gif|png|css|js|ico|xml)$ { 65 | access_log on; 66 | log_not_found on; 67 | expires 360d; 68 | } 69 | 70 | ## Block SQL injections 71 | location ~* union.*select.*\( { access_log /data/logs/nginx/blocked.log blocked; deny all; } 72 | location ~* union.*all.*select.* { access_log /data/logs/nginx/blocked.log blocked; deny all; } 73 | location ~* concat.*\( { access_log /data/logs/nginx/blocked.log blocked; deny all; } 74 | 75 | ## Block common exploits 76 | location ~* (<|%3C).*script.*(>|%3E) { access_log /data/logs/nginx/blocked.log blocked; deny all; } 77 | location ~* base64_(en|de)code\(.*\) { access_log /data/logs/nginx/blocked.log blocked; deny all; } 78 | location ~* (%24&x) { access_log /data/logs/nginx/blocked.log blocked; deny all; } 79 | location ~* (%0|%A|%B|%C|%D|%E|%F|127\.0) { access_log /data/logs/nginx/blocked.log blocked; deny all; } 80 | location ~* \.\.\/ { access_log /data/logs/nginx/blocked.log blocked; deny all; } 81 | location ~* ~$ { access_log /data/logs/nginx/blocked.log blocked; deny all; } 82 | location ~* proc/self/environ { access_log /data/logs/nginx/blocked.log blocked; deny all; } 83 | location ~* /\.(htaccess|htpasswd|svn) { access_log /data/logs/nginx/blocked.log blocked; deny all; } 84 | 85 | ## Block file injections 86 | location ~* [a-zA-Z0-9_]=(\.\.//?)+ { access_log /data/logs/nginx/blocked.log blocked; deny all; } 87 | location ~* [a-zA-Z0-9_]=/([a-z0-9_.]//?)+ { access_log /data/logs/nginx/blocked.log blocked; deny all; } 88 | 89 | } 90 | -------------------------------------------------------------------------------- /nginx-php/5.6/root/etc/nginx/conf.d/maintenance.conf.maint: -------------------------------------------------------------------------------- 1 | server { 2 | listen 80; 3 | server_name localhost; 4 | 5 | location / { 6 | root /assets/maintenance; 7 | index maintenance.html; 8 | } 9 | 10 | } 11 | -------------------------------------------------------------------------------- /nginx-php/5.6/root/etc/nginx/nginx.conf: -------------------------------------------------------------------------------- 1 | # run nginx in foreground 2 | daemon off; 3 | 4 | error_log /data/logs/nginx/error.log warn; 5 | pid /var/run/nginx.pid; 6 | 7 | worker_processes auto; 8 | events { 9 | worker_connections 4096; 10 | } 11 | 12 | http { 13 | sendfile on; 14 | include /etc/nginx/mime.types; 15 | include /etc/nginx/fastcgi.conf; 16 | default_type application/octet-stream; 17 | tcp_nopush on; 18 | client_body_temp_path /tmp/nginx/body 1 2; 19 | fastcgi_temp_path /tmp/nginx/fastcgi_temp 1 2; 20 | 21 | #a new log format for detecting bad bots. 22 | log_format blocked '$time_local: Blocked request from $http_x_real_ip $request'; 23 | 24 | ## This log format makes it so we can see real requester's IP address \ 25 | ## not just the reverse proxy server's IP address. Also note, that \ 26 | ## "specialLog" can be replaced with any name you would like to \ 27 | ## give to this log format. 28 | log_format specialLog '$http_x_real_ip - $remote_user [$time_local] ' 29 | '"$request" $status $body_bytes_sent ' 30 | '"$http_referer" "$http_user_agent"'; 31 | 32 | client_max_body_size ; 33 | 34 | server { 35 | listen 73; 36 | server_name 127.0.0.1; 37 | 38 | ## Zabbix 39 | location /stub_status { 40 | stub_status on; 41 | access_log off; 42 | allow 127.0.0.1; 43 | deny all; 44 | } 45 | 46 | location ~ ^/(php-fpm_status|ping)$ { 47 | access_log off; 48 | allow 127.0.0.1; 49 | deny all; 50 | fastcgi_pass 127.0.0.1:9000; 51 | fastcgi_param SCRIPT_FILENAME $fastcgi_script_name; 52 | include fastcgi_params; 53 | } 54 | 55 | location ~ \.php(/|$) { 56 | root /etc/zabbix/zabbix_agentd.conf.d/php; 57 | access_log off; 58 | fastcgi_split_path_info ^(.+?\.php)(/.+)$; 59 | fastcgi_param PATH_INFO $fastcgi_path_info; 60 | fastcgi_pass 127.0.0.1:9000; 61 | fastcgi_index index.php; 62 | include fastcgi_params; 63 | fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; 64 | } 65 | 66 | } 67 | 68 | include /etc/nginx/conf.d/*.conf; 69 | } 70 | 71 | -------------------------------------------------------------------------------- /nginx-php/5.6/root/etc/php5/conf.d/apcu.ini: -------------------------------------------------------------------------------- 1 | extension=apcu.so 2 | apc.enabled=1 3 | apc.shm_size= 4 | apc.ttl=7200 5 | -------------------------------------------------------------------------------- /nginx-php/5.6/root/etc/php5/conf.d/opcache.ini: -------------------------------------------------------------------------------- 1 | zend_extension=opcache.so 2 | opcache.enable=0 3 | opcache.enable_cli=1 4 | opcache.fast_shutdown=1 5 | opcache.memory_consumption= 6 | opcache.interned_strings_buffer=16 7 | opcache.max_accelerated_files=5413 8 | opcache.revalidate_freq=60 9 | -------------------------------------------------------------------------------- /nginx-php/5.6/root/etc/php5/php-fpm.conf: -------------------------------------------------------------------------------- 1 | error_log = /data/logs/php-fpm/php-fpm.log 2 | log_level = 3 | 4 | [www] 5 | ;user = nginx 6 | ;group = www-data 7 | listen = 127.0.0.1:9000 8 | listen.owner = nginx 9 | listen.group = www-data 10 | pm = ondemand 11 | 12 | ; Total RAM dedicated to the web server / Max child process size 13 | pm.max_children = 75 14 | pm.status_path = /php-fpm_status 15 | ping.path = /ping 16 | 17 | pm.process_idle_timeout = 10s 18 | pm.max_requests = 500 19 | ;chdir = /data/html 20 | php_flag[display_errors] = on 21 | php_admin_value[memory_limit] = 22 | php_admin_value[post_max_size] = 23 | php_admin_value[upload_max_filesize] = 24 | php_admin_value[output_buffering] = 0 25 | php_admin_value[openssl.cafile] = /etc/ssl/certs/ca-certificates.crt 26 | php_admin_value[openssl.capath] = /etc/ssl/certs 27 | php_admin_value[max_input_nesting_level] = 256 28 | php_admin_value[max_input_vars] = 10000 29 | php_admin_value[max_execution_time] = 300 30 | 31 | ; Redirect worker stdout and stderr into main error log. If not set, stdout and 32 | ; stderr will be redirected to /dev/null according to FastCGI specs. 33 | ; Default Value: no 34 | catch_workers_output = yes 35 | 36 | env[PATH] = /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin 37 | env[TMP] = /tmp 38 | env[TMPDIR] = /tmp 39 | env[TEMP] = /tmp -------------------------------------------------------------------------------- /nginx-php/5.6/root/etc/s6/services/10-nginx/run: -------------------------------------------------------------------------------- 1 | #!/usr/bin/with-contenv bash 2 | 3 | while [ ! -f /tmp/state/99-container-init ] 4 | do 5 | sleep 1 6 | done 7 | 8 | if [ ! -f /tmp/state/10-nginx ]; then 9 | 10 | ### Check to see if this is a new install, if yes create directories... 11 | if [ ! -f /data/html/index.php ] ; then 12 | echo "** [nginx-php-fpm] Nothing in Directory, Creating Sample File" 13 | mkdir -p /data/html 14 | touch /data/html/index.php 15 | chown nginx:www-data /data/html 16 | fi 17 | 18 | ### Force Reset Permissions for Security 19 | chown -R nginx:www-data /data/html 20 | mkdir -p /tmp/state 21 | echo 'Initialization Complete' >/tmp/state/10-nginx 22 | fi 23 | 24 | echo '' 25 | echo '** [nginx] Starting nginx..' 26 | exec nginx 27 | -------------------------------------------------------------------------------- /nginx-php/5.6/root/etc/s6/services/20-php-fpm/run: -------------------------------------------------------------------------------- 1 | #!/usr/bin/with-contenv bash 2 | 3 | while [ ! -f /tmp/state/99-container-init ] 4 | do 5 | sleep 1 6 | done 7 | 8 | if [ ! -f /tmp/state/20-php-fpm ]; then 9 | ### Start php-fpm 10 | mkdir -p /tmp/state/ 11 | echo 'Initialization Complete' >/tmp/state/20-php-fpm 12 | fi 13 | 14 | 15 | echo '' 16 | echo '** [nginx-php-fpm] Starting php-fpm..' 17 | exec s6-setuidgid nginx php-fpm5 -F; 18 | -------------------------------------------------------------------------------- /nginx-php/5.6/root/etc/zabbix/zabbix_agentd.conf.d/nginx-status.conf: -------------------------------------------------------------------------------- 1 | UserParameter=nginx.status[*],/etc/zabbix/zabbix_agentd.conf.d/scripts/nginx-status.sh $1 2 | -------------------------------------------------------------------------------- /nginx-php/5.6/root/etc/zabbix/zabbix_agentd.conf.d/php-fpm-params.conf: -------------------------------------------------------------------------------- 1 | UserParameter=php-fpm.status[*],/etc/zabbix/zabbix_agentd.conf.d/scripts/php-fpm-check.sh $1 2 | 3 | -------------------------------------------------------------------------------- /nginx-php/5.6/root/etc/zabbix/zabbix_agentd.conf.d/php-opcache-check.conf: -------------------------------------------------------------------------------- 1 | UserParameter=opcache[*], curl --silent http://127.0.0.1:73/php-opcache-check.php?item=$1 2 | -------------------------------------------------------------------------------- /nginx-php/5.6/root/etc/zabbix/zabbix_agentd.conf.d/scripts/nginx-status.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | HOST="localhost" 3 | PORT="73" 4 | 5 | function proc_num { 6 | num=$(pgrep nginx |wc -l) 7 | } 8 | function active { 9 | num=$(curl -s "http://$HOST:$PORT/stub_status" |grep 'Active' |awk '{print $NF}') 10 | } 11 | function reading { 12 | num=$(curl -s "http://$HOST:$PORT/stub_status" |grep 'Reading' |awk '{print $2}') 13 | } 14 | function writing { 15 | num=$(curl -s "http://$HOST:$PORT/stub_status" |grep 'Writing' |awk '{print $4}') 16 | } 17 | function waiting { 18 | num=$(curl -s "http://$HOST:$PORT/stub_status" |grep 'Waiting' |awk '{print $6}') 19 | } 20 | function accepts { 21 | num=$(curl -s "http://$HOST:$PORT/stub_status" |awk NR==3 |awk '{print $1}') 22 | } 23 | function handled { 24 | num=$(curl -s "http://$HOST:$PORT/stub_status" |awk NR==3 |awk '{print $2}') 25 | } 26 | function requests { 27 | num=$(curl -s "http://$HOST:$PORT/stub_status" |awk NR==3 |awk '{print $3}') 28 | } 29 | 30 | $1 31 | echo ${num:-0} 32 | 33 | -------------------------------------------------------------------------------- /nginx-php/5.6/root/etc/zabbix/zabbix_agentd.conf.d/scripts/php-fpm-check.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | HOST="localhost" 4 | PORT="73" 5 | status="php-fpm_status" 6 | 7 | function query() { 8 | curl -s http://${HOST}:${PORT}/${status}?xml | grep "<$1>" | awk -F'>|<' '{ print $3}' 9 | } 10 | 11 | if [ $# == 0 ]; then 12 | echo $"Usage $0 {pool|process-manager|start-time|start-since|accepted-conn|listen-queue|max-listen-queue|listen-queue-len|idle-processes|active-processes|total-processes|max-active-processes|max-children-reached|slow-requests}" 13 | exit 14 | else 15 | query "$1" 16 | fi 17 | 18 | -------------------------------------------------------------------------------- /nginx-php/5.6/root/tmp/install.sh: -------------------------------------------------------------------------------- 1 | apk update ; \ 2 | apk add \ 3 | bash \ 4 | apache2-utils \ 5 | ca-certificates \ 6 | mariadb-client \ 7 | nginx \ 8 | openssl \ 9 | php5 \ 10 | php5-common \ 11 | php5-apcu \ 12 | php5-bcmath \ 13 | php5-bz2 \ 14 | php5-calendar \ 15 | php5-ctype \ 16 | php5-curl \ 17 | php5-dba \ 18 | php5-dom \ 19 | php5-embed \ 20 | php5-enchant \ 21 | php5-exif \ 22 | php5-fpm \ 23 | php5-ftp \ 24 | php5-gd \ 25 | php5-gettext \ 26 | php5-gmp \ 27 | php5-iconv \ 28 | php5-intl \ 29 | php5-imap \ 30 | php5-json \ 31 | php5-ldap \ 32 | php5-mcrypt \ 33 | php5-mysqli \ 34 | php5-odbc \ 35 | php5-opcache \ 36 | php5-openssl \ 37 | php5-pcntl \ 38 | php5-pdo \ 39 | php5-pdo_mysql \ 40 | php5-pdo_pgsql \ 41 | php5-pdo_sqlite \ 42 | php5-pgsql \ 43 | php5-phar\ 44 | php5-posix \ 45 | php5-pspell \ 46 | php5-shmop \ 47 | php5-snmp \ 48 | php5-soap \ 49 | php5-sockets \ 50 | php5-sqlite3 \ 51 | php5-wddx \ 52 | php5-xml \ 53 | php5-xmlreader \ 54 | php5-xmlrpc \ 55 | php5-xml \ 56 | php5-zip \ 57 | php5-zlib \ 58 | ; \ 59 | \ 60 | rm -rf /var/cache/apk/* ; \ 61 | \ 62 | ### Nginx and PHP5 Setup 63 | sed -i 's/;cgi.fix_pathinfo=1/cgi.fix_pathinfo=0/g' /etc/php5/php.ini ; \ 64 | sed -i "s/nginx:x:100:101:nginx:\/var\/lib\/nginx:\/sbin\/nologin/nginx:x:100:101:nginx:\/data:\/bin\/bash/g" /etc/passwd ; \ 65 | sed -i "s/nginx:x:100:101:nginx:\/var\/lib\/nginx:\/sbin\/nologin/nginx:x:100:101:nginx:\/data:\/bin\/bash/g" /etc/passwd- ; \ 66 | \ 67 | ### WWW Installation 68 | mkdir -p /data/logs 69 | -------------------------------------------------------------------------------- /nginx-php/5.6/root/usr/sbin/maintenance: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | if [ -z $1 ]; then 4 | echo "Usage: maintenance (on|off|sleep NUM VALUE)" 5 | echo "" 6 | echo "Example: " 7 | echo "" 8 | echo "maintenance on - Switches on Maintenance Mode" 9 | echo "maintenance off - Switches off Maintenance Mode" 10 | echo "maintenance sleep - Switches on Maintenance Mode temporarily for 15 minutes" 11 | echo "maintenance sleep 10 min - Switches on Maintenance Mode temporarily for 10 min" 12 | echo "" 13 | echo "Valid VALUE is seconds (sec, secs), minutes (min, mins) , hours (hour, hr) , days (day)" 14 | exit 15 | fi 16 | 17 | case "$1" in 18 | "on" | "ON" | "true" | "TRUE" ) 19 | mv /etc/nginx/conf.d/default.conf /etc/nginx/conf.d/default.conf.orig 20 | mv /etc/nginx/conf.d/maintenance.conf.maint /etc/nginx/conf.d/maintenance.conf 21 | nginx -s reload 22 | echo 'Maintenance Mode Activated' 23 | ;; 24 | "off" | "OFF" | "false" | "FALSE" ) 25 | mv /etc/nginx/conf.d/default.conf.orig /etc/nginx/conf.d/default.conf 26 | mv /etc/nginx/conf.d/maintenance.conf /etc/nginx/conf.d/maintenance.conf.maint 27 | nginx -s reload 28 | echo 'Maintenance Mode Deactivated' 29 | ;; 30 | "sleep" | "SLEEP" | "temp" | "TEMP" ) 31 | mv /etc/nginx/conf.d/default.conf /etc/nginx/conf.d/default.conf.orig 32 | mv /etc/nginx/conf.d/maintenance.conf.maint /etc/nginx/conf.d/maintenance.conf 33 | nginx -s reload 34 | if [ -z $2 ]; then 35 | SLEEPNUM="15" 36 | SLEEPCALC=$((15 * 60)) 37 | fi 38 | 39 | if [ -z $3 ]; then 40 | set -- "${@:1:2}" "min" 41 | fi 42 | 43 | case "$3" in 44 | "min" | "minutes" | "MIN" | "MINUTES" ) 45 | SLEEPCALC=$(($2 * 60)) 46 | SLEEPDESC="minutes" 47 | ;; 48 | "seconds" | "secs" | "sec" | "SECONDS" | "SECS" | "SEC" ) 49 | SLEEPCALC=$(($2 * 1)) 50 | SLEEPDESC="seconds" 51 | ;; 52 | "hour" | "hours" | "hr" | "hrs" | "HOUR" | "HOURS" | "HRS" ) 53 | SLEEPCALC=$(($2 * 3600)) 54 | SLEEPDESC="hour(s)" 55 | ;; 56 | "day" | "days" | "DAY" | "DAYS" ) 57 | SLEEPCALC=$(($2 * 86400)) 58 | SLEEPDESC="day(s)" 59 | ;; 60 | esac 61 | 62 | echo 'Maintenance Mode Temporarily Activated for '$SLEEPNUM' '$SLEEPDESC 63 | sleep $SLEEPCALC 64 | mv /etc/nginx/conf.d/default.conf.orig /etc/nginx/conf.d/default.conf 65 | mv /etc/nginx/conf.d/maintenance.conf /etc/nginx/conf.d/maintenance.conf.maint 66 | nginx -s reload 67 | echo 'Maintenance Mode Deactivated' 68 | ;; 69 | esac 70 | -------------------------------------------------------------------------------- /nginx-php/7.1/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM aqzt/docker-alpine 2 | LABEL maintainer="aqzt.com (ppabc@qq.com)" 3 | 4 | ### Default Runtime Environment Variables 5 | ENV ENABLE_HOSTS=TRUE \ 6 | ENABLE_SMTP=FALSE 7 | 8 | ### Dependency Installation 9 | RUN apk update ; \ 10 | apk add \ 11 | apache2-utils \ 12 | ca-certificates \ 13 | mariadb-client \ 14 | openssl \ 15 | nginx \ 16 | libpng-dev \ 17 | libpng-utils \ 18 | libpng \ 19 | imagemagick \ 20 | php7 \ 21 | php7-common \ 22 | php7-apcu \ 23 | php7-amqp \ 24 | php7-bcmath \ 25 | php7-bz2 \ 26 | php7-calendar \ 27 | php7-ctype \ 28 | php7-curl \ 29 | php7-dba \ 30 | php7-dom \ 31 | php7-embed \ 32 | php7-enchant \ 33 | php7-exif \ 34 | php7-fileinfo \ 35 | php7-fpm \ 36 | php7-ftp \ 37 | php7-gd \ 38 | php7-gettext \ 39 | php7-gmp \ 40 | php7-iconv \ 41 | php7-imagick \ 42 | php7-imagick-dev \ 43 | php7-imap \ 44 | php7-intl \ 45 | php7-json \ 46 | php7-ldap \ 47 | php7-mailparse \ 48 | php7-mbstring \ 49 | php7-mcrypt \ 50 | php7-memcached \ 51 | php7-mysqli \ 52 | php7-mysqlnd \ 53 | php7-odbc \ 54 | php7-opcache \ 55 | php7-openssl \ 56 | php7-pcntl \ 57 | php7-pdo \ 58 | php7-pdo_mysql \ 59 | php7-pdo_pgsql \ 60 | php7-pdo_sqlite \ 61 | php7-pgsql \ 62 | php7-phar\ 63 | php7-posix \ 64 | php7-pspell \ 65 | php7-recode \ 66 | php7-redis \ 67 | php7-session \ 68 | php7-shmop \ 69 | php7-simplexml \ 70 | php7-snmp \ 71 | php7-soap \ 72 | php7-sockets \ 73 | php7-sqlite3 \ 74 | php7-tidy \ 75 | php7-tokenizer \ 76 | php7-wddx \ 77 | php7-xdebug \ 78 | php7-xml \ 79 | php7-xmlreader \ 80 | php7-xmlrpc \ 81 | php7-xmlwriter \ 82 | php7-xml \ 83 | php7-zip \ 84 | php7-zlib \ 85 | php7-zmq \ 86 | ; \ 87 | \ 88 | rm -rf /var/cache/apk/* ; \ 89 | \ 90 | ### Nginx and PHP7 Setup 91 | sed -i 's/;cgi.fix_pathinfo=1/cgi.fix_pathinfo=0/g' /etc/php7/php.ini ; \ 92 | sed -i "s/nginx:x:100:101:nginx:\/var\/lib\/nginx:\/sbin\/nologin/nginx:x:100:101:nginx:\/www:\/bin\/bash/g" /etc/passwd ; \ 93 | sed -i "s/nginx:x:100:101:nginx:\/var\/lib\/nginx:\/sbin\/nologin/nginx:x:100:101:nginx:\/www:\/bin\/bash/g" /etc/passwd- ; \ 94 | ln -s /sbin/php-fpm7 /sbin/php-fpm ; \ 95 | \ 96 | ### Install PHP Composer 97 | curl -sS https://getcomposer.org/installer | php -- --install-dir=/usr/bin --filename=composer ; \ 98 | \ 99 | ### WWW Installation 100 | mkdir -p /www/logs 101 | 102 | 103 | ### Networking Configuration 104 | EXPOSE 80 443 9002 105 | 106 | ### Files Addition 107 | ADD root / 108 | RUN chmod +x /etc/zabbix/zabbix_agentd.conf.d/scripts/* 109 | -------------------------------------------------------------------------------- /nginx-php/7.1/root/assets/maintenance/maintenance.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | Undergoing Scheduled Maintenance 5 | 6 | 7 | 8 |

Sorry, we're presently performing maintenance on our services.

9 | 10 | 11 | 12 | 13 | 14 | 15 | -------------------------------------------------------------------------------- /nginx-php/7.1/root/etc/cont-init.d/08-hosts: -------------------------------------------------------------------------------- 1 | #!/usr/bin/with-contenv bash 2 | 3 | ### Set Defaults 4 | HOSTS_MYSQL=${HOSTS_MYSQL:-"172.17.1.1"} 5 | HOSTS_PHP5=${HOSTS_PHP5:-"127.0.0.1"} 6 | HOSTS_PHP7=${HOSTS_PHP7:-"127.0.0.1"} 7 | 8 | ### ENABLE_HOSTS 9 | if [ "$ENABLE_HOSTS" = "TRUE" ] || [ "$ENABLE_HOSTS" = "true" ]; then 10 | if [ ! -f /tmp/hosts-init ]; then 11 | echo "$HOSTS_MYSQL HOSTS_MYSQL" >> /etc/hosts 12 | echo "$HOSTS_PHP5 HOSTS_PHP5" >> /etc/hosts 13 | echo "$HOSTS_PHP7 HOSTS_PHP7" >> /etc/hosts 14 | touch /tmp/hosts-init 15 | fi 16 | fi 17 | 18 | mkdir -p /tmp/state 19 | touch /tmp/state/08-hosts-init 20 | -------------------------------------------------------------------------------- /nginx-php/7.1/root/etc/cont-init.d/09-nginx: -------------------------------------------------------------------------------- 1 | #!/usr/bin/with-contenv bash 2 | 3 | ### Set Defaults 4 | AUTHENTICATION_TYPE=${AUTHENTICATION_TYPE:-NONE} 5 | MAINTENANCE=${MAINTENANCE:-"FALSE"} 6 | PHP_TIMEOUT=${PHP_TIMEOUT:-"180"} 7 | UPLOAD_MAX_SIZE=${UPLOAD_MAX_SIZE:-"2G"} 8 | STAGE=${STAGE:-"DEVELOP"} 9 | LLNG_HANDLER_HOST=${LLNG_HANDLER_HOST="llng-handler"} 10 | LLNG_HANDLER_PORT=${LLNG_HANDLER_PORT="2884"} 11 | WEB_USER=${WEB_USER:-admin} 12 | WEB_PASS=${WEB_PASS:-password} 13 | 14 | ### Map Authentication 15 | case "$AUTHENTICATION_TYPE" in 16 | "BASIC") 17 | htpasswd -b -c /etc/nginx/htpasswd $WEB_USER $WEB_PASS 18 | sed -i "/ location \//a\ \ \ auth_basic "Protected"; auth_basic_user_file /etc/nginx/htpasswd;" /etc/nginx/conf.d/default.conf 19 | echo '** [nginx-php-fpm] Setting Basic Authentication' 20 | ;; 21 | "LLNG") 22 | if [ -f "/etc/nginx/conf.d/default.llng" ]; then 23 | sed -i "s//$LLNG_HANDLER_HOST/g" /etc/nginx/conf.d/default.llng 24 | sed -i "s//$LLNG_HANDLER_PORT/g" /etc/nginx/conf.d/default.llng 25 | echo '** [nginx-php-fpm] Setting LLNG Authentication' 26 | mv /etc/nginx/conf.d/default.conf /etc/nginx/conf.d/default.orig 27 | mv /etc/nginx/conf.d/default.llng /etc/nginx/conf.d/default.conf 28 | else 29 | echo '** [nginx-php-fpm] ERROR: Cannot find specific Configuration for LLNG Authentication exiting.' 30 | exit 1 31 | fi 32 | ;; 33 | "NONE") 34 | echo '** [nginx-php-fpm] Relying on Application Authentication' 35 | ;; 36 | *) 37 | echo '** [nginx-php-fpm] Unknown AUTHENTICATION_TYPE option. Relying on Application Authentication' 38 | ;; 39 | esac 40 | 41 | ### Adjust NGINX Runtime Variables 42 | sed -i -e "s//$UPLOAD_MAX_SIZE/g" /etc/nginx/nginx.conf 43 | sed -i -e "s//$PHP_TIMEOUT/g" /etc/nginx/conf.d/default.conf 44 | 45 | ### Set Stage for Future Development and Production Purposes 46 | case "$STAGE" in 47 | "DEVELOP" | "develop" ) 48 | echo 'fastcgi_param STAGE "DEVELOP";' >> /etc/nginx/fastcgi_params 49 | ;; 50 | "PRODUCTION" | "production" | "STAGING" | "staging") 51 | echo 'fastcgi_param STAGE "PRODUCTION";' >> /etc/nginx/fastcgi_params 52 | ;; 53 | *) 54 | echo 'fastcgi_param STAGE "DEVELOP";' >> /etc/nginx/fastcgi_params 55 | ;; 56 | esac 57 | 58 | ### Maintenance Mode 59 | if [ "$MAINTENANCE" = "TRUE" ] || [ "$MAINTENANCE" = "true" ]; then 60 | echo '** MAINTENANCE MODE ACTIVATED - THIS IMAGE WILL NOT SERVE PAGES' 61 | mv /etc/nginx/conf.d/default.conf /etc/nginx/conf.d/default.conf.orig 62 | mv /etc/nginx/conf.d/maintenance.conf.maint /etc/nginx.conf.d/maintenance.conf 63 | fi 64 | 65 | mkdir -p /data/logs/nginx 66 | mkdir -p /tmp/nginx 67 | chown -R nginx /data/logs/nginx 68 | chown -R nginx /tmp/nginx 69 | 70 | mkdir -p /tmp/state 71 | touch /tmp/state/09-nginx-init 72 | -------------------------------------------------------------------------------- /nginx-php/7.1/root/etc/logrotate.d/nginx: -------------------------------------------------------------------------------- 1 | /www/logs/nginx/*.log { 2 | daily 3 | ifempty 4 | rotate 7 5 | missingok 6 | compress 7 | dateext 8 | sharedscripts 9 | postrotate 10 | s6-svc -h /var/run/s6/services/10-nginx 11 | endscript 12 | } 13 | -------------------------------------------------------------------------------- /nginx-php/7.1/root/etc/logrotate.d/php-fpm7: -------------------------------------------------------------------------------- 1 | /www/logs/php-fpm/*.log { 2 | daily 3 | ifempty 4 | rotate 7 5 | missingok 6 | compress 7 | dateext 8 | sharedscripts 9 | postrotate 10 | s6-svc -h /var/run/s6/services/20-php-fpm 11 | endscript 12 | } 13 | 14 | -------------------------------------------------------------------------------- /nginx-php/7.1/root/etc/nginx/conf.d/default.conf: -------------------------------------------------------------------------------- 1 | server { 2 | listen 80; 3 | 4 | root /data/html; 5 | index index.php index.html index.htm; 6 | access_log /data/logs/nginx/access.log specialLog; 7 | error_log /data/logs/nginx/error.log; 8 | 9 | disable_symlinks off; 10 | 11 | location = /robots.txt { 12 | allow all; 13 | log_not_found off; 14 | access_log off; 15 | } 16 | 17 | # deny dot-files 18 | location ~ /\. { 19 | deny all; 20 | access_log off; 21 | log_not_found off; 22 | } 23 | 24 | location / { 25 | try_files $uri $uri/ /index.php?$args; 26 | } 27 | 28 | location ~ \.php(/|$) { 29 | fastcgi_split_path_info ^(.+?\.php)(/.+)$; 30 | fastcgi_param PATH_INFO $fastcgi_path_info; 31 | fastcgi_pass 127.0.0.1:9000; 32 | fastcgi_index index.php; 33 | include fastcgi_params; 34 | fastcgi_read_timeout ; 35 | fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; 36 | } 37 | 38 | # Deny access to any files with a .php extension in the uploads directory 39 | # Works in sub-directory installs and also in multisite network 40 | # Keep logging the requests to parse later (or to pass to firewall utilities such as fail2ban) 41 | location ~* /(?:uploads|files)/.*\.php$ { 42 | deny all; 43 | } 44 | 45 | location ~* \.(jpg|jpeg|gif|png|css|js|ico|xml)$ { 46 | access_log on; 47 | log_not_found on; 48 | expires 360d; 49 | } 50 | 51 | ## Block SQL injections 52 | location ~* union.*select.*\( { access_log /data/logs/nginx/blocked.log blocked; deny all; } 53 | location ~* union.*all.*select.* { access_log /data/logs/nginx/blocked.log blocked; deny all; } 54 | location ~* concat.*\( { access_log /data/logs/nginx/blocked.log blocked; deny all; } 55 | 56 | ## Block common exploits 57 | location ~* (<|%3C).*script.*(>|%3E) { access_log /data/logs/nginx/blocked.log blocked; deny all; } 58 | location ~* base64_(en|de)code\(.*\) { access_log /data/logs/nginx/blocked.log blocked; deny all; } 59 | location ~* (%24&x) { access_log /data/logs/nginx/blocked.log blocked; deny all; } 60 | location ~* (%0|%A|%B|%C|%D|%E|%F|127\.0) { access_log /data/logs/nginx/blocked.log blocked; deny all; } 61 | location ~* \.\.\/ { access_log /data/logs/nginx/blocked.log blocked; deny all; } 62 | location ~* ~$ { access_log /data/logs/nginx/blocked.log blocked; deny all; } 63 | location ~* proc/self/environ { access_log /data/logs/nginx/blocked.log blocked; deny all; } 64 | location ~* /\.(htaccess|htpasswd|svn) { access_log /data/logs/nginx/blocked.log blocked; deny all; } 65 | 66 | ## Block file injections 67 | location ~* [a-zA-Z0-9_]=(\.\.//?)+ { access_log /data/logs/nginx/blocked.log blocked; deny all; } 68 | location ~* [a-zA-Z0-9_]=/([a-z0-9_.]//?)+ { access_log /data/logs/nginx/blocked.log blocked; deny all; } 69 | 70 | } 71 | -------------------------------------------------------------------------------- /nginx-php/7.1/root/etc/nginx/conf.d/default.llng: -------------------------------------------------------------------------------- 1 | server { 2 | listen 80; 3 | 4 | root /data/html; 5 | index index.php index.html index.htm; 6 | access_log /data/logs/nginx/access.log specialLog; 7 | error_log /data/logs/nginx/error.log; 8 | 9 | disable_symlinks off; 10 | 11 | location = /robots.txt { 12 | allow all; 13 | log_not_found off; 14 | access_log off; 15 | } 16 | 17 | # deny dot-files 18 | location ~ /\. { 19 | deny all; 20 | access_log off; 21 | log_not_found off; 22 | } 23 | 24 | # LemonLDAP:NG authentication request 25 | location = /lmauth { 26 | internal; 27 | include /etc/nginx/fastcgi_params; 28 | fastcgi_pass :; 29 | fastcgi_param REMOTE_PORT ; 30 | fastcgi_pass_request_body off; 31 | fastcgi_param CONTENT_LENGTH ""; 32 | fastcgi_param HOST $http_host; 33 | fastcgi_param X_ORIGINAL_URI $request_uri; 34 | } 35 | 36 | location / { 37 | auth_request /lmauth; 38 | auth_request_set $lmremote_user $upstream_http_lm_remote_user; 39 | auth_request_set $lmlocation $upstream_http_location; 40 | auth_request_set $cookie_value $upstream_http_set_cookie; 41 | add_header Set-Cookie $cookie_value; 42 | error_page 401 $lmlocation; 43 | try_files $uri $uri/ /index.php?$args; 44 | } 45 | 46 | location ~ \.php(/|$) { 47 | fastcgi_split_path_info ^(.+?\.php)(/.+)$; 48 | fastcgi_param PATH_INFO $fastcgi_path_info; 49 | fastcgi_pass 127.0.0.1:9000; 50 | fastcgi_index index.php; 51 | include fastcgi_params; 52 | fastcgi_read_timeout ; 53 | fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; 54 | fastcgi_param HTTP_AUTH_USER; 55 | } 56 | 57 | # Deny access to any files with a .php extension in the uploads directory 58 | # Works in sub-directory installs and also in multisite network 59 | # Keep logging the requests to parse later (or to pass to firewall utilities such as fail2ban) 60 | location ~* /(?:uploads|files)/.*\.php$ { 61 | deny all; 62 | } 63 | 64 | location ~* \.(jpg|jpeg|gif|png|css|js|ico|xml)$ { 65 | access_log on; 66 | log_not_found on; 67 | expires 360d; 68 | } 69 | 70 | ## Block SQL injections 71 | location ~* union.*select.*\( { access_log /data/logs/nginx/blocked.log blocked; deny all; } 72 | location ~* union.*all.*select.* { access_log /data/logs/nginx/blocked.log blocked; deny all; } 73 | location ~* concat.*\( { access_log /data/logs/nginx/blocked.log blocked; deny all; } 74 | 75 | ## Block common exploits 76 | location ~* (<|%3C).*script.*(>|%3E) { access_log /data/logs/nginx/blocked.log blocked; deny all; } 77 | location ~* base64_(en|de)code\(.*\) { access_log /data/logs/nginx/blocked.log blocked; deny all; } 78 | location ~* (%24&x) { access_log /data/logs/nginx/blocked.log blocked; deny all; } 79 | location ~* (%0|%A|%B|%C|%D|%E|%F|127\.0) { access_log /data/logs/nginx/blocked.log blocked; deny all; } 80 | location ~* \.\.\/ { access_log /data/logs/nginx/blocked.log blocked; deny all; } 81 | location ~* ~$ { access_log /data/logs/nginx/blocked.log blocked; deny all; } 82 | location ~* proc/self/environ { access_log /data/logs/nginx/blocked.log blocked; deny all; } 83 | location ~* /\.(htaccess|htpasswd|svn) { access_log /data/logs/nginx/blocked.log blocked; deny all; } 84 | 85 | ## Block file injections 86 | location ~* [a-zA-Z0-9_]=(\.\.//?)+ { access_log /data/logs/nginx/blocked.log blocked; deny all; } 87 | location ~* [a-zA-Z0-9_]=/([a-z0-9_.]//?)+ { access_log /data/logs/nginx/blocked.log blocked; deny all; } 88 | 89 | } 90 | -------------------------------------------------------------------------------- /nginx-php/7.1/root/etc/nginx/conf.d/maintenance.conf.maint: -------------------------------------------------------------------------------- 1 | server { 2 | listen 80; 3 | server_name localhost; 4 | 5 | location / { 6 | root /assets/maintenance; 7 | index maintenance.html; 8 | } 9 | 10 | } 11 | -------------------------------------------------------------------------------- /nginx-php/7.1/root/etc/nginx/nginx.conf: -------------------------------------------------------------------------------- 1 | # run nginx in foreground 2 | daemon off; 3 | 4 | error_log /data/logs/nginx/error.log warn; 5 | pid /var/run/nginx.pid; 6 | 7 | worker_processes auto; 8 | events { 9 | worker_connections 4096; 10 | } 11 | 12 | http { 13 | sendfile on; 14 | include /etc/nginx/mime.types; 15 | include /etc/nginx/fastcgi.conf; 16 | default_type application/octet-stream; 17 | tcp_nopush on; 18 | client_body_temp_path /tmp/nginx/body 1 2; 19 | fastcgi_temp_path /tmp/nginx/fastcgi_temp 1 2; 20 | 21 | #a new log format for detecting bad bots. 22 | log_format blocked '$time_local: Blocked request from $http_x_real_ip $request'; 23 | 24 | 25 | real_ip_header X-Forwarded-For; 26 | set_real_ip_from 172.16.0.0/12; 27 | 28 | log_format access '$remote_addr - $remote_user [$time_local] $http_host $request_method "$uri" "$query_string" ' 29 | '$status $body_bytes_sent "$http_referer" $upstream_status $upstream_addr $request_time $upstream_response_time ' 30 | '"$http_user_agent" "$http_x_forwarded_for"' ; 31 | 32 | log_format specialLog '$http_x_real_ip - $remote_user [$time_local] ' 33 | '"$request" $status $body_bytes_sent ' 34 | '"$http_referer" "$http_user_agent"'; 35 | 36 | client_max_body_size ; 37 | 38 | upstream php5 { 39 | server HOSTS_PHP5:9001; 40 | } 41 | upstream php7 { 42 | server HOSTS_PHP7:9002; 43 | } 44 | 45 | server { 46 | listen 73; 47 | server_name 127.0.0.1; 48 | 49 | ## Zabbix 50 | location /stub_status { 51 | stub_status on; 52 | access_log off; 53 | allow 127.0.0.1; 54 | deny all; 55 | } 56 | 57 | location ~ ^/(php-fpm_status|ping)$ { 58 | access_log off; 59 | allow 127.0.0.1; 60 | deny all; 61 | fastcgi_pass 127.0.0.1:9000; 62 | fastcgi_param SCRIPT_FILENAME $fastcgi_script_name; 63 | include fastcgi_params; 64 | } 65 | 66 | location ~ \.php(/|$) { 67 | root /etc/zabbix/zabbix_agentd.conf.d/php; 68 | access_log off; 69 | fastcgi_split_path_info ^(.+?\.php)(/.+)$; 70 | fastcgi_param PATH_INFO $fastcgi_path_info; 71 | fastcgi_pass 127.0.0.1:9000; 72 | fastcgi_index index.php; 73 | include fastcgi_params; 74 | fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; 75 | } 76 | 77 | } 78 | 79 | include /etc/nginx/conf.d/*.conf; 80 | } 81 | 82 | -------------------------------------------------------------------------------- /nginx-php/7.1/root/etc/php7/conf.d/00_opcache.ini: -------------------------------------------------------------------------------- 1 | zend_extension=opcache.so 2 | opcache.enable=1 3 | opcache.enable_cli=1 4 | opcache.fast_shutdown=1 5 | opcache.memory_consumption= 6 | opcache.interned_strings_buffer=16 7 | opcache.max_accelerated_files=5413 8 | opcache.revalidate_freq=60 9 | -------------------------------------------------------------------------------- /nginx-php/7.1/root/etc/php7/conf.d/apcu.ini: -------------------------------------------------------------------------------- 1 | extension=apcu.so 2 | apc.enabled=1 3 | apc.shm_size= 4 | apc.ttl=7200 5 | -------------------------------------------------------------------------------- /nginx-php/7.1/root/etc/php7/php-fpm.conf: -------------------------------------------------------------------------------- 1 | error_log = /data/logs/php-fpm/php-fpm.log 2 | log_level = 3 | 4 | [www] 5 | 6 | 7 | listen = 127.0.0.1:9002 8 | listen.owner = nginx 9 | listen.group = www-data 10 | pm = ondemand 11 | 12 | 13 | pm.max_children = 20 14 | pm.start_servers = 2 15 | pm.min_spare_servers = 1 16 | pm.max_spare_servers = 3 17 | pm.status_path = /php-fpm_status 18 | ping.path = /ping 19 | 20 | pm.process_idle_timeout = 10s 21 | pm.max_requests = 500 22 | chdir = /data/html 23 | php_flag[display_errors] = on 24 | php_admin_value[memory_limit] = 25 | php_admin_value[post_max_size] = 26 | php_admin_value[upload_max_filesize] = 27 | php_admin_value[output_buffering] = 0 28 | php_admin_value[openssl.cafile] = /etc/ssl/certs/ca-certificates.crt 29 | php_admin_value[openssl.capath] = /etc/ssl/certs 30 | php_admin_value[max_input_nesting_level] = 256 31 | php_admin_value[max_input_vars] = 10000 32 | php_admin_value[max_execution_time] = 300 33 | 34 | 35 | 36 | 37 | catch_workers_output = yes 38 | 39 | env[PATH] = /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin 40 | env[TMP] = /tmp 41 | env[TMPDIR] = /tmp 42 | env[TEMP] = /tmp -------------------------------------------------------------------------------- /nginx-php/7.1/root/etc/s6/services/10-nginx/run: -------------------------------------------------------------------------------- 1 | #!/usr/bin/with-contenv bash 2 | 3 | while [ ! -f /tmp/state/99-container-init ] 4 | do 5 | sleep 1 6 | done 7 | 8 | if [ ! -f /tmp/state/10-nginx ]; then 9 | 10 | ### Check to see if this is a new install, if yes create directories... 11 | if [ ! -f /data/html/index.php ] ; then 12 | echo "** [nginx-php-fpm] Nothing in Directory, Creating Sample File" 13 | mkdir -p /data/html 14 | touch /data/html/index.php 15 | chown nginx:www-data /data/html 16 | fi 17 | 18 | ### Force Reset Permissions for Security 19 | chown -R nginx:www-data /data/html 20 | mkdir -p /tmp/state 21 | echo 'Initialization Complete' >/tmp/state/10-nginx 22 | fi 23 | 24 | echo '' 25 | echo '** [nginx] Starting nginx..' 26 | exec nginx 27 | -------------------------------------------------------------------------------- /nginx-php/7.1/root/etc/s6/services/20-php-fpm/run: -------------------------------------------------------------------------------- 1 | #!/usr/bin/with-contenv bash 2 | 3 | while [ ! -f /tmp/state/99-container-init ] 4 | do 5 | sleep 1 6 | done 7 | 8 | if [ ! -f /tmp/state/20-php-fpm ]; then 9 | ### Start php-fpm 10 | mkdir -p /tmp/state/ 11 | echo 'Initialization Complete' >/tmp/state/20-php-fpm 12 | fi 13 | 14 | 15 | echo '' 16 | echo '** [nginx-php-fpm] Starting php-fpm..' 17 | exec s6-setuidgid nginx php-fpm7 -F; 18 | -------------------------------------------------------------------------------- /nginx-php/7.1/root/etc/zabbix/zabbix_agentd.conf.d/nginx-status.conf: -------------------------------------------------------------------------------- 1 | UserParameter=nginx.status[*],/etc/zabbix/zabbix_agentd.conf.d/scripts/nginx-status.sh $1 2 | -------------------------------------------------------------------------------- /nginx-php/7.1/root/etc/zabbix/zabbix_agentd.conf.d/php-fpm-params.conf: -------------------------------------------------------------------------------- 1 | UserParameter=php-fpm.status[*],/etc/zabbix/zabbix_agentd.conf.d/scripts/php-fpm-check.sh $1 2 | 3 | -------------------------------------------------------------------------------- /nginx-php/7.1/root/etc/zabbix/zabbix_agentd.conf.d/php-opcache-check.conf: -------------------------------------------------------------------------------- 1 | UserParameter=opcache[*], curl --silent http://127.0.0.1:73/php-opcache-check.php?item=$1 2 | -------------------------------------------------------------------------------- /nginx-php/7.1/root/etc/zabbix/zabbix_agentd.conf.d/scripts/nginx-status.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | HOST="localhost" 3 | PORT="73" 4 | 5 | function proc_num { 6 | num=$(pgrep nginx |wc -l) 7 | } 8 | function active { 9 | num=$(curl -s "http://$HOST:$PORT/stub_status" |grep 'Active' |awk '{print $NF}') 10 | } 11 | function reading { 12 | num=$(curl -s "http://$HOST:$PORT/stub_status" |grep 'Reading' |awk '{print $2}') 13 | } 14 | function writing { 15 | num=$(curl -s "http://$HOST:$PORT/stub_status" |grep 'Writing' |awk '{print $4}') 16 | } 17 | function waiting { 18 | num=$(curl -s "http://$HOST:$PORT/stub_status" |grep 'Waiting' |awk '{print $6}') 19 | } 20 | function accepts { 21 | num=$(curl -s "http://$HOST:$PORT/stub_status" |awk NR==3 |awk '{print $1}') 22 | } 23 | function handled { 24 | num=$(curl -s "http://$HOST:$PORT/stub_status" |awk NR==3 |awk '{print $2}') 25 | } 26 | function requests { 27 | num=$(curl -s "http://$HOST:$PORT/stub_status" |awk NR==3 |awk '{print $3}') 28 | } 29 | 30 | $1 31 | echo ${num:-0} 32 | 33 | -------------------------------------------------------------------------------- /nginx-php/7.1/root/etc/zabbix/zabbix_agentd.conf.d/scripts/php-fpm-check.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | HOST="localhost" 4 | PORT="73" 5 | status="php-fpm_status" 6 | 7 | function query() { 8 | curl -s http://${HOST}:${PORT}/${status}?xml | grep "<$1>" | awk -F'>|<' '{ print $3}' 9 | } 10 | 11 | if [ $# == 0 ]; then 12 | echo $"Usage $0 {pool|process-manager|start-time|start-since|accepted-conn|listen-queue|max-listen-queue|listen-queue-len|idle-processes|active-processes|total-processes|max-active-processes|max-children-reached|slow-requests}" 13 | exit 14 | else 15 | query "$1" 16 | fi 17 | 18 | -------------------------------------------------------------------------------- /nginx-php/7.1/root/usr/sbin/maintenance: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | if [ -z $1 ]; then 4 | echo "Usage: maintenance (on|off|sleep NUM VALUE)" 5 | echo "" 6 | echo "Example: " 7 | echo "" 8 | echo "maintenance on - Switches on Maintenance Mode" 9 | echo "maintenance off - Switches off Maintenance Mode" 10 | echo "maintenance sleep - Switches on Maintenance Mode temporarily for 15 minutes" 11 | echo "maintenance sleep 10 min - Switches on Maintenance Mode temporarily for 10 min" 12 | echo "" 13 | echo "Valid VALUE is seconds (sec, secs), minutes (min, mins) , hours (hour, hr) , days (day)" 14 | exit 15 | fi 16 | 17 | case "$1" in 18 | "on" | "ON" | "true" | "TRUE" ) 19 | mv /etc/nginx/conf.d/default.conf /etc/nginx/conf.d/default.conf.orig 20 | mv /etc/nginx/conf.d/maintenance.conf.maint /etc/nginx/conf.d/maintenance.conf 21 | nginx -s reload 22 | echo 'Maintenance Mode Activated' 23 | ;; 24 | "off" | "OFF" | "false" | "FALSE" ) 25 | mv /etc/nginx/conf.d/default.conf.orig /etc/nginx/conf.d/default.conf 26 | mv /etc/nginx/conf.d/maintenance.conf /etc/nginx/conf.d/maintenance.conf.maint 27 | nginx -s reload 28 | echo 'Maintenance Mode Deactivated' 29 | ;; 30 | "sleep" | "SLEEP" | "temp" | "TEMP" ) 31 | mv /etc/nginx/conf.d/default.conf /etc/nginx/conf.d/default.conf.orig 32 | mv /etc/nginx/conf.d/maintenance.conf.maint /etc/nginx/conf.d/maintenance.conf 33 | nginx -s reload 34 | if [ -z $2 ]; then 35 | SLEEPNUM="15" 36 | SLEEPCALC=$((15 * 60)) 37 | fi 38 | 39 | if [ -z $3 ]; then 40 | set -- "${@:1:2}" "min" 41 | fi 42 | 43 | case "$3" in 44 | "min" | "minutes" | "MIN" | "MINUTES" ) 45 | SLEEPCALC=$(($2 * 60)) 46 | SLEEPDESC="minutes" 47 | ;; 48 | "seconds" | "secs" | "sec" | "SECONDS" | "SECS" | "SEC" ) 49 | SLEEPCALC=$(($2 * 1)) 50 | SLEEPDESC="seconds" 51 | ;; 52 | "hour" | "hours" | "hr" | "hrs" | "HOUR" | "HOURS" | "HRS" ) 53 | SLEEPCALC=$(($2 * 3600)) 54 | SLEEPDESC="hour(s)" 55 | ;; 56 | "day" | "days" | "DAY" | "DAYS" ) 57 | SLEEPCALC=$(($2 * 86400)) 58 | SLEEPDESC="day(s)" 59 | ;; 60 | esac 61 | 62 | echo 'Maintenance Mode Temporarily Activated for '$SLEEPNUM' '$SLEEPDESC 63 | sleep $SLEEPCALC 64 | mv /etc/nginx/conf.d/default.conf.orig /etc/nginx/conf.d/default.conf 65 | mv /etc/nginx/conf.d/maintenance.conf /etc/nginx/conf.d/maintenance.conf.maint 66 | nginx -s reload 67 | echo 'Maintenance Mode Deactivated' 68 | ;; 69 | esac 70 | -------------------------------------------------------------------------------- /nginx/root/assets/maintenance/maintenance.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | Undergoing Scheduled Maintenance 5 | 6 | 7 | 8 |

Sorry, we're presently performing maintenance on our services.

9 | 10 | 11 | 12 | 13 | 14 | 15 | -------------------------------------------------------------------------------- /nginx/root/etc/cont-init.d/09-nginx: -------------------------------------------------------------------------------- 1 | #!/usr/bin/with-contenv bash 2 | 3 | ### Adjust NGINX Runtime Variables 4 | UPLOAD_MAX_SIZE=${UPLOAD_MAX_SIZE:="2G"} 5 | LLNG_HANDLER_HOST=${LLNG_HANDLER_HOST="llng-handler"} 6 | LLNG_HANDLER_PORT=${LLNG_HANDLER_PORT="2884"} 7 | WEB_USER=${WEB_USER:-admin} 8 | WEB_PASS=${WEB_PASS:-password} 9 | 10 | ### Map Authentication 11 | case "$AUTHENTICATION_TYPE" in 12 | "BASIC") 13 | htpasswd -b -c /etc/nginx/htpasswd $WEB_USER $WEB_PASS 14 | sed -i "/ location \//a\ \ \ auth_basic "Protected"; auth_basic_user_file /etc/nginx/htpasswd;" /etc/nginx/conf.d/default.conf 15 | echo '** [nginx-php-fpm] Setting Basic Authentication' 16 | ;; 17 | "LLNG") 18 | if [ -f "/etc/nginx/conf.d/default.llng" ]; then 19 | sed -i "s//$LLNG_HANDLER_HOST/g" /etc/nginx/conf.d/default.llng 20 | sed -i "s//$LLNG_HANDLER_PORT/g" /etc/nginx/conf.d/default.llng 21 | echo '** [nginx-php-fpm] Setting LLNG Authentication' 22 | mv /etc/nginx/conf.d/default.conf /etc/nginx/conf.d/default.orig 23 | mv /etc/nginx/conf.d/default.llng /etc/nginx/conf.d/default.conf 24 | else 25 | echo '** [nginx-php-fpm] ERROR: Cannot find specific Configuration for LLNG Authentication exiting.' 26 | exit 1 27 | fi 28 | ;; 29 | "NONE") 30 | echo '** [nginx-php-fpm] Relying on Application Authentication' 31 | ;; 32 | *) 33 | echo '** [nginx-php-fpm] Unknown AUTHENTICATION_TYPE option. Relying on Application Authentication' 34 | ;; 35 | esac 36 | 37 | sed -i -e "s//$UPLOAD_MAX_SIZE/g" /etc/nginx/nginx.conf 38 | 39 | if [ "$MAINTENANCE" = "TRUE" ] || [ "$MAINTENANCE" = "true" ]; then 40 | echo '** MAINTENANCE MODE ACTIVATED - THIS IMAGE WILL NOT SERVE PAGES' 41 | mv /etc/nginx/conf.d/default.conf /etc/nginx/conf.d/default.conf.orig 42 | mv /etc/nginx/conf.d/maintenance.conf.maint /etc/nginx.conf.d/maintenance.conf 43 | fi 44 | 45 | 46 | mkdir -p /data/logs/nginx 47 | chown -R nginx /data/logs/nginx 48 | mkdir -p /tmp/nginx 49 | chown -R nginx /tmp/nginx 50 | 51 | mkdir -p /tmp/state 52 | touch /tmp/state/09-nginx 53 | -------------------------------------------------------------------------------- /nginx/root/etc/logrotate.d/nginx: -------------------------------------------------------------------------------- 1 | /data/logs/nginx/*.log { 2 | daily 3 | ifempty 4 | rotate 7 5 | missingok 6 | compress 7 | dateext 8 | sharedscripts 9 | postrotate 10 | s6-svc -h /var/run/s6/services/10-nginx 11 | endscript 12 | } 13 | -------------------------------------------------------------------------------- /nginx/root/etc/nginx/conf.d/default.conf: -------------------------------------------------------------------------------- 1 | server { 2 | listen 80; 3 | server_name localhost; 4 | 5 | location / { 6 | root /data/html; 7 | index index.html index.htm; 8 | } 9 | 10 | } 11 | -------------------------------------------------------------------------------- /nginx/root/etc/nginx/conf.d/default.llng: -------------------------------------------------------------------------------- 1 | server { 2 | listen 80; 3 | server_name localhost; 4 | 5 | # LemonLDAP:NG authentication request 6 | location = /lmauth { 7 | internal; 8 | include /etc/nginx/fastcgi_params; 9 | fastcgi_pass :; 10 | fastcgi_param REMOTE_PORT ; 11 | fastcgi_pass_request_body off; 12 | fastcgi_param CONTENT_LENGTH ""; 13 | fastcgi_param HOST $http_host; 14 | fastcgi_param X_ORIGINAL_URI $request_uri; 15 | } 16 | 17 | location / { 18 | root /data/html; 19 | index index.html index.htm; 20 | 21 | auth_request /lmauth; 22 | auth_request_set $lmremote_user $upstream_http_lm_remote_user; 23 | auth_request_set $lmlocation $upstream_http_location; 24 | auth_request_set $cookie_value $upstream_http_set_cookie; 25 | add_header Set-Cookie $cookie_value; 26 | error_page 401 $lmlocation; 27 | } 28 | 29 | } 30 | -------------------------------------------------------------------------------- /nginx/root/etc/nginx/conf.d/maintenance.conf.maint: -------------------------------------------------------------------------------- 1 | server { 2 | listen 80; 3 | server_name localhost; 4 | 5 | location / { 6 | root /assets/maintenance; 7 | index maintenance.html; 8 | } 9 | 10 | } 11 | -------------------------------------------------------------------------------- /nginx/root/etc/nginx/nginx.conf: -------------------------------------------------------------------------------- 1 | daemon off; 2 | 3 | user nginx www-data; 4 | worker_processes 1; 5 | 6 | error_log /data/logs/nginx/error.log warn; 7 | pid /var/run/nginx.pid; 8 | 9 | 10 | events { 11 | worker_connections 1024; 12 | } 13 | 14 | 15 | http { 16 | include /etc/nginx/mime.types; 17 | default_type application/octet-stream; 18 | 19 | real_ip_header X-Forwarded-For; 20 | set_real_ip_from 172.16.0.0/12; 21 | 22 | log_format main '$remote_addr - $remote_user [$time_local] "$request" ' 23 | '$status $body_bytes_sent "$http_referer" ' 24 | '"$http_user_agent" "$http_x_forwarded_for"'; 25 | 26 | access_log /data/logs/nginx/access.log main; 27 | 28 | sendfile on; 29 | #tcp_nopush on; 30 | 31 | keepalive_timeout 265; 32 | 33 | client_max_body_size ; 34 | 35 | server { 36 | listen 73; 37 | server_name 127.0.0.1; 38 | 39 | ## Zabbix 40 | location /stub_status { 41 | stub_status on; 42 | access_log off; 43 | allow 127.0.0.1; 44 | deny all; 45 | } 46 | 47 | } 48 | 49 | include /etc/nginx/conf.d/*.conf; 50 | } 51 | -------------------------------------------------------------------------------- /nginx/root/etc/s6/services/10-nginx/run: -------------------------------------------------------------------------------- 1 | #!/usr/bin/with-contenv bash 2 | 3 | while [ ! -f /tmp/state/99-container-init ] 4 | do 5 | sleep 1 6 | done 7 | 8 | 9 | if [ ! -f /tmp/state/10-nginx ]; then 10 | 11 | ### Check to see if this is a new install, if yes create directories... 12 | if [ ! -f /data/html/index.html ] ; then 13 | echo "** [nginx] No Files found - New Installation Detected......" 14 | mkdir -p /data/html 15 | touch /data/html/index.html 16 | chown nginx /data/html 17 | fi 18 | 19 | ### Force Reset Permissions for Security 20 | chown -R nginx /data/html 21 | 22 | mkdir -p /tmp/state/ 23 | echo 'Initialization Complete' >/tmp/state/10-nginx 24 | fi 25 | 26 | echo '' 27 | echo '** [nginx] Starting nginx..' 28 | exec nginx 29 | 30 | -------------------------------------------------------------------------------- /nginx/root/etc/zabbix/zabbix_agentd.conf.d/nginx-status.conf: -------------------------------------------------------------------------------- 1 | UserParameter=nginx.status[*],/etc/zabbix/zabbix_agentd.conf.d/scripts/nginx-status.sh $1 2 | -------------------------------------------------------------------------------- /nginx/root/etc/zabbix/zabbix_agentd.conf.d/scripts/nginx-status.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | HOST="localhost" 3 | PORT="73" 4 | 5 | function proc_num { 6 | num=$(pgrep nginx |wc -l) 7 | } 8 | function active { 9 | num=$(curl -s "http://$HOST:$PORT/stub_status" |grep 'Active' |awk '{print $NF}') 10 | } 11 | function reading { 12 | num=$(curl -s "http://$HOST:$PORT/stub_status" |grep 'Reading' |awk '{print $2}') 13 | } 14 | function writing { 15 | num=$(curl -s "http://$HOST:$PORT/stub_status" |grep 'Writing' |awk '{print $4}') 16 | } 17 | function waiting { 18 | num=$(curl -s "http://$HOST:$PORT/stub_status" |grep 'Waiting' |awk '{print $6}') 19 | } 20 | function accepts { 21 | num=$(curl -s "http://$HOST:$PORT/stub_status" |awk NR==3 |awk '{print $1}') 22 | } 23 | function handled { 24 | num=$(curl -s "http://$HOST:$PORT/stub_status" |awk NR==3 |awk '{print $2}') 25 | } 26 | function requests { 27 | num=$(curl -s "http://$HOST:$PORT/stub_status" |awk NR==3 |awk '{print $3}') 28 | } 29 | 30 | $1 31 | echo ${num:-0} 32 | 33 | -------------------------------------------------------------------------------- /nginx/root/usr/sbin/maintenance: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | if [ -z $1 ]; then 4 | echo "Usage: maintenance (on|off|sleep NUM VALUE)" 5 | echo "" 6 | echo "Example: " 7 | echo "" 8 | echo "maintenance on - Switches on Maintenance Mode" 9 | echo "maintenance off - Switches off Maintenance Mode" 10 | echo "maintenance sleep - Switches on Maintenance Mode temporarily for 15 minutes" 11 | echo "maintenance sleep 10 min - Switches on Maintenance Mode temporarily for 10 min" 12 | echo "" 13 | echo "Valid VALUE is seconds (sec, secs), minutes (min, mins) , hours (hour, hr) , days (day)" 14 | exit 15 | fi 16 | 17 | case "$1" in 18 | "on" | "ON" | "true" | "TRUE" ) 19 | mv /etc/nginx/conf.d/default.conf /etc/nginx/conf.d/default.conf.orig 20 | mv /etc/nginx/conf.d/maintenance.conf.maint /etc/nginx/conf.d/maintenance.conf 21 | nginx -s reload 22 | echo 'Maintenance Mode Activated' 23 | ;; 24 | "off" | "OFF" | "false" | "FALSE" ) 25 | mv /etc/nginx/conf.d/default.conf.orig /etc/nginx/conf.d/default.conf 26 | mv /etc/nginx/conf.d/maintenance.conf /etc/nginx/conf.d/maintenance.conf.maint 27 | nginx -s reload 28 | echo 'Maintenance Mode Deactivated' 29 | ;; 30 | "sleep" | "SLEEP" | "temp" | "TEMP" ) 31 | mv /etc/nginx/conf.d/default.conf /etc/nginx/conf.d/default.conf.orig 32 | mv /etc/nginx/conf.d/maintenance.conf.maint /etc/nginx/conf.d/maintenance.conf 33 | nginx -s reload 34 | if [ -z $2 ]; then 35 | SLEEPNUM="15" 36 | SLEEPCALC=$((15 * 60)) 37 | fi 38 | 39 | if [ -z $3 ]; then 40 | set -- "${@:1:2}" "min" 41 | fi 42 | 43 | case "$3" in 44 | "min" | "minutes" | "MIN" | "MINUTES" ) 45 | SLEEPCALC=$(($2 * 60)) 46 | SLEEPDESC="minutes" 47 | ;; 48 | "seconds" | "secs" | "sec" | "SECONDS" | "SECS" | "SEC" ) 49 | SLEEPCALC=$(($2 * 1)) 50 | SLEEPDESC="seconds" 51 | ;; 52 | "hour" | "hours" | "hr" | "hrs" | "HOUR" | "HOURS" | "HRS" ) 53 | SLEEPCALC=$(($2 * 3600)) 54 | SLEEPDESC="hour(s)" 55 | ;; 56 | "day" | "days" | "DAY" | "DAYS" ) 57 | SLEEPCALC=$(($2 * 86400)) 58 | SLEEPDESC="day(s)" 59 | ;; 60 | esac 61 | 62 | echo 'Maintenance Mode Temporarily Activated for '$SLEEPNUM' '$SLEEPDESC 63 | sleep $SLEEPCALC 64 | mv /etc/nginx/conf.d/default.conf.orig /etc/nginx/conf.d/default.conf 65 | mv /etc/nginx/conf.d/maintenance.conf /etc/nginx/conf.d/maintenance.conf.maint 66 | nginx -s reload 67 | echo 'Maintenance Mode Deactivated' 68 | ;; 69 | esac 70 | -------------------------------------------------------------------------------- /openjdk/7/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM aqzt/docker-alpine 2 | LABEL maintainer="aqzt.com (ppabc@qq.com)" 3 | 4 | ENV JAVA_HOME="/usr/lib/jvm/default-jvm" 5 | 6 | RUN apk update && \ 7 | apk add \ 8 | openjdk7 && \ 9 | rm -rf /tmp/* /var/cache/apk/* 10 | 11 | 12 | -------------------------------------------------------------------------------- /openjdk/8/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM aqzt/docker-alpine 2 | LABEL maintainer="aqzt.com (ppabc@qq.com)" 3 | 4 | ENV JAVA_HOME="/usr/lib/jvm/default-jvm" 5 | 6 | RUN apk update && \ 7 | apk add \ 8 | openjdk8 && \ 9 | rm -rf /tmp/* /var/cache/apk/* 10 | 11 | 12 | -------------------------------------------------------------------------------- /openssh/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM aqzt/docker-alpine 2 | LABEL maintainer="aqzt.com (ppabc@qq.com)" 3 | 4 | ENV ROOT_PASSWORD root 5 | 6 | RUN apk update && apk upgrade && apk add openssh \ 7 | && sed -i s/#PermitRootLogin.*/PermitRootLogin\ yes/ /etc/ssh/sshd_config \ 8 | && echo "root:${ROOT_PASSWORD}" | chpasswd \ 9 | && rm -rf /var/cache/apk/* /tmp/* 10 | 11 | EXPOSE 22 12 | 13 | ADD root / 14 | -------------------------------------------------------------------------------- /openssh/README.md: -------------------------------------------------------------------------------- 1 | ## 基于Alpine系统的OpenSSH镜像 2 | 3 | ### 概述 4 | 使用Dockerfile构建基于Alpine系统的OpenSSH镜像,并采用supervise守护进程。 5 | 6 | ### 使用说明 7 | ``` 8 | 9 | docker run --rm --publish=8080:22 --env ROOT_PASSWORD=Root123 aqzt/docker-alpine:ssh 10 | docker run -d --name ssh -ti -p 8080:22 -e ROOT_PASSWORD=Root123 aqzt/docker-alpine:ssh 11 | docker run -d --name ssh -it --net=host -e ROOT_PASSWORD=Root123 aqzt/docker-alpine:ssh 12 | 13 | ``` 14 | 15 | 使用ssh连接进入容器 16 | ``` 17 | $ ssh root@127.0.0.1 -p 8080 18 | ``` -------------------------------------------------------------------------------- /openssh/root/etc/s6/services/30-sshd/run: -------------------------------------------------------------------------------- 1 | #!/usr/bin/with-contenv bash 2 | 3 | while [ ! -f /tmp/state/99-container-init ] 4 | do 5 | sleep 1 6 | done 7 | 8 | if [ ! -f /tmp/state/30-sshd ]; then 9 | # generate host keys if not present 10 | ssh-keygen -A 11 | 12 | # check wether a random root-password is provided 13 | if [ ! -z "${ROOT_PASSWORD}" ] && [ "${ROOT_PASSWORD}" != "root" ]; then 14 | echo "root:${ROOT_PASSWORD}" | chpasswd 15 | fi 16 | mkdir -p /tmp/state 17 | echo 'Initialization Complete' >/tmp/state/30-sshd 18 | fi 19 | 20 | exec /usr/sbin/sshd -D -e "$@" 21 | -------------------------------------------------------------------------------- /oraclejdk/8/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM aqzt/docker-alpine 2 | LABEL maintainer="aqzt.com (ppabc@qq.com)" 3 | 4 | ENV JAVA_HOME /usr/lib/jvm/jre 5 | ENV PATH $PATH:$JAVA_HOME/bin 6 | ENV LANG=C.UTF-8 7 | 8 | ### install glibc 9 | RUN ALPINE_GLIBC_BASE_URL="https://github.com/sgerrand/alpine-pkg-glibc/releases/download" && \ 10 | ALPINE_GLIBC_PACKAGE_VERSION="2.27-r0" && \ 11 | ALPINE_GLIBC_BASE_PACKAGE_FILENAME="glibc-$ALPINE_GLIBC_PACKAGE_VERSION.apk" && \ 12 | ALPINE_GLIBC_BIN_PACKAGE_FILENAME="glibc-bin-$ALPINE_GLIBC_PACKAGE_VERSION.apk" && \ 13 | ALPINE_GLIBC_I18N_PACKAGE_FILENAME="glibc-i18n-$ALPINE_GLIBC_PACKAGE_VERSION.apk" && \ 14 | apk add --no-cache --virtual=.build-dependencies wget ca-certificates && \ 15 | wget \ 16 | "https://raw.githubusercontent.com/sgerrand/alpine-pkg-glibc/master/sgerrand.rsa.pub" \ 17 | -O "/etc/apk/keys/sgerrand.rsa.pub" && \ 18 | wget \ 19 | "$ALPINE_GLIBC_BASE_URL/$ALPINE_GLIBC_PACKAGE_VERSION/$ALPINE_GLIBC_BASE_PACKAGE_FILENAME" \ 20 | "$ALPINE_GLIBC_BASE_URL/$ALPINE_GLIBC_PACKAGE_VERSION/$ALPINE_GLIBC_BIN_PACKAGE_FILENAME" \ 21 | "$ALPINE_GLIBC_BASE_URL/$ALPINE_GLIBC_PACKAGE_VERSION/$ALPINE_GLIBC_I18N_PACKAGE_FILENAME" && \ 22 | apk add --no-cache \ 23 | "$ALPINE_GLIBC_BASE_PACKAGE_FILENAME" \ 24 | "$ALPINE_GLIBC_BIN_PACKAGE_FILENAME" \ 25 | "$ALPINE_GLIBC_I18N_PACKAGE_FILENAME" && \ 26 | \ 27 | rm "/etc/apk/keys/sgerrand.rsa.pub" && \ 28 | /usr/glibc-compat/bin/localedef --force --inputfile POSIX --charmap UTF-8 "$LANG" || true && \ 29 | echo "export LANG=$LANG" > /etc/profile.d/locale.sh && \ 30 | \ 31 | apk del glibc-i18n && \ 32 | \ 33 | rm "/root/.wget-hsts" && \ 34 | apk del .build-dependencies && \ 35 | rm \ 36 | "$ALPINE_GLIBC_BASE_PACKAGE_FILENAME" \ 37 | "$ALPINE_GLIBC_BIN_PACKAGE_FILENAME" \ 38 | "$ALPINE_GLIBC_I18N_PACKAGE_FILENAME" 39 | 40 | ### install jdk 41 | RUN apk add --no-cache --virtual=build-dependencies wget ca-certificates \ 42 | && mkdir /usr/lib/jvm \ 43 | && cd /usr/lib/jvm \ 44 | && wget --header "Cookie: oraclelicense=accept-securebackup-cookie;" http://download.oracle.com/otn-pub/java/jdk/8u171-b11/512cd62ec5174c3487ac17c61aaa89e8/server-jre-8u171-linux-x64.tar.gz -O - | gunzip | tar x \ 45 | && ln -s /usr/lib/jvm/jdk1.8.0_171 /usr/lib/jvm/jre \ 46 | && apk del build-dependencies \ 47 | && rm -rf /tmp/* 48 | -------------------------------------------------------------------------------- /oraclejdk/8/Dockerfile-test: -------------------------------------------------------------------------------- 1 | FROM aqzt/docker-alpine:glibc 2 | LABEL maintainer="aqzt.com (ppabc@qq.com)" 3 | 4 | ENV JAVA_VERSION=8 \ 5 | JAVA_UPDATE=171 \ 6 | JAVA_BUILD=11 \ 7 | JAVA_PATH=512cd62ec5174c3487ac17c61aaa89e8 \ 8 | JAVA_HOME="/usr/lib/jvm/default-jvm" 9 | 10 | RUN apk add --no-cache --virtual=build-dependencies wget ca-certificates unzip && \ 11 | cd "/tmp" && \ 12 | wget --header "Cookie: oraclelicense=accept-securebackup-cookie;" \ 13 | "http://download.oracle.com/otn-pub/java/jdk/${JAVA_VERSION}u${JAVA_UPDATE}-b${JAVA_BUILD}/${JAVA_PATH}/jdk-${JAVA_VERSION}u${JAVA_UPDATE}-linux-x64.tar.gz" && \ 14 | tar -xzf "jdk-${JAVA_VERSION}u${JAVA_UPDATE}-linux-x64.tar.gz" && \ 15 | mkdir -p "/usr/lib/jvm" && \ 16 | mv "/tmp/jdk1.${JAVA_VERSION}.0_${JAVA_UPDATE}" "/usr/lib/jvm/java-${JAVA_VERSION}-oracle" && \ 17 | ln -s "java-${JAVA_VERSION}-oracle" "$JAVA_HOME" && \ 18 | ln -s "$JAVA_HOME/bin/"* "/usr/bin/" && \ 19 | rm -rf "$JAVA_HOME/"*src.zip && \ 20 | rm -rf "$JAVA_HOME/lib/missioncontrol" \ 21 | "$JAVA_HOME/lib/visualvm" \ 22 | "$JAVA_HOME/lib/"*javafx* \ 23 | "$JAVA_HOME/jre/lib/plugin.jar" \ 24 | "$JAVA_HOME/jre/lib/ext/jfxrt.jar" \ 25 | "$JAVA_HOME/jre/bin/javaws" \ 26 | "$JAVA_HOME/jre/lib/javaws.jar" \ 27 | "$JAVA_HOME/jre/lib/desktop" \ 28 | "$JAVA_HOME/jre/plugin" \ 29 | "$JAVA_HOME/jre/lib/"deploy* \ 30 | "$JAVA_HOME/jre/lib/"*javafx* \ 31 | "$JAVA_HOME/jre/lib/"*jfx* \ 32 | "$JAVA_HOME/jre/lib/amd64/libdecora_sse.so" \ 33 | "$JAVA_HOME/jre/lib/amd64/"libprism_*.so \ 34 | "$JAVA_HOME/jre/lib/amd64/libfxplugins.so" \ 35 | "$JAVA_HOME/jre/lib/amd64/libglass.so" \ 36 | "$JAVA_HOME/jre/lib/amd64/libgstreamer-lite.so" \ 37 | "$JAVA_HOME/jre/lib/amd64/"libjavafx*.so \ 38 | "$JAVA_HOME/jre/lib/amd64/"libjfx*.so && \ 39 | rm -rf "$JAVA_HOME/jre/bin/jjs" \ 40 | "$JAVA_HOME/jre/bin/keytool" \ 41 | "$JAVA_HOME/jre/bin/orbd" \ 42 | "$JAVA_HOME/jre/bin/pack200" \ 43 | "$JAVA_HOME/jre/bin/policytool" \ 44 | "$JAVA_HOME/jre/bin/rmid" \ 45 | "$JAVA_HOME/jre/bin/rmiregistry" \ 46 | "$JAVA_HOME/jre/bin/servertool" \ 47 | "$JAVA_HOME/jre/bin/tnameserv" \ 48 | "$JAVA_HOME/jre/bin/unpack200" \ 49 | "$JAVA_HOME/jre/lib/ext/nashorn.jar" \ 50 | "$JAVA_HOME/jre/lib/jfr.jar" \ 51 | "$JAVA_HOME/jre/lib/jfr" \ 52 | "$JAVA_HOME/jre/lib/oblique-fonts" && \ 53 | wget --header "Cookie: oraclelicense=accept-securebackup-cookie;" \ 54 | "http://download.oracle.com/otn-pub/java/jce/${JAVA_VERSION}/jce_policy-${JAVA_VERSION}.zip" && \ 55 | unzip -jo -d "${JAVA_HOME}/jre/lib/security" "jce_policy-${JAVA_VERSION}.zip" && \ 56 | rm "${JAVA_HOME}/jre/lib/security/README.txt" && \ 57 | apk del build-dependencies && \ 58 | rm "/tmp/"* 59 | -------------------------------------------------------------------------------- /php/5.6/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM aqzt/docker-alpine 2 | LABEL maintainer="aqzt.com (ppabc@qq.com)" 3 | 4 | ### Default Runtime Environment Variables 5 | ENV ZABBIX_HOSTNAME=nginx-php-fpm-app \ 6 | ENABLE_SMTP=TRUE 7 | 8 | ADD root / 9 | RUN /tmp/install.sh 10 | 11 | ### Networking Configuration 12 | EXPOSE 80 443 13 | 14 | ### Files Addition 15 | RUN chmod +x /etc/zabbix/zabbix_agentd.conf.d/scripts/* 16 | -------------------------------------------------------------------------------- /php/5.6/root/assets/maintenance/maintenance.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | Undergoing Scheduled Maintenance 5 | 6 | 7 | 8 |

Sorry, we're presently performing maintenance on our services.

9 | 10 | 11 | 12 | 13 | 14 | 15 | -------------------------------------------------------------------------------- /php/5.6/root/etc/cont-init.d/09-nginx: -------------------------------------------------------------------------------- 1 | #!/usr/bin/with-contenv bash 2 | 3 | ### Set Defaults 4 | AUTHENTICATION_TYPE=${AUTHENTICATION_TYPE:-NONE} 5 | MAINTENANCE=${MAINTENANCE:-"FALSE"} 6 | PHP_TIMEOUT=${PHP_TIMEOUT:-"180"} 7 | UPLOAD_MAX_SIZE=${UPLOAD_MAX_SIZE:-"2G"} 8 | STAGE=${STAGE:-"DEVELOP"} 9 | LLNG_HANDLER_HOST=${LLNG_HANDLER_HOST="llng-handler"} 10 | LLNG_HANDLER_PORT=${LLNG_HANDLER_PORT="2884"} 11 | WEB_USER=${WEB_USER:-admin} 12 | WEB_PASS=${WEB_PASS:-password} 13 | 14 | ### Map Authentication 15 | case "$AUTHENTICATION_TYPE" in 16 | "BASIC") 17 | htpasswd -b -c /etc/nginx/htpasswd $WEB_USER $WEB_PASS 18 | sed -i "/ location \//a\ \ \ auth_basic "Protected"; auth_basic_user_file /etc/nginx/htpasswd;" /etc/nginx/conf.d/default.conf 19 | echo '** [nginx-php-fpm] Setting Basic Authentication' 20 | ;; 21 | "LLNG") 22 | if [ -f "/etc/nginx/conf.d/default.llng" ]; then 23 | sed -i "s//$LLNG_HANDLER_HOST/g" /etc/nginx/conf.d/default.llng 24 | sed -i "s//$LLNG_HANDLER_PORT/g" /etc/nginx/conf.d/default.llng 25 | echo '** [nginx-php-fpm] Setting LLNG Authentication' 26 | mv /etc/nginx/conf.d/default.conf /etc/nginx/conf.d/default.orig 27 | mv /etc/nginx/conf.d/default.llng /etc/nginx/conf.d/default.conf 28 | else 29 | echo '** [nginx-php-fpm] ERROR: Cannot find specific Configuration for LLNG Authentication exiting.' 30 | exit 1 31 | fi 32 | ;; 33 | "NONE") 34 | echo '** [nginx-php-fpm] Relying on Application Authentication' 35 | ;; 36 | *) 37 | echo '** [nginx-php-fpm] Unknown AUTHENTICATION_TYPE option. Relying on Application Authentication' 38 | ;; 39 | esac 40 | 41 | ### Adjust NGINX Runtime Variables 42 | sed -i -e "s//$UPLOAD_MAX_SIZE/g" /etc/nginx/nginx.conf 43 | sed -i -e "s//$PHP_TIMEOUT/g" /etc/nginx/conf.d/default.conf 44 | 45 | ### Set Stage for Future Development and Production Purposes 46 | case "$STAGE" in 47 | "DEVELOP" | "develop" ) 48 | echo 'fastcgi_param STAGE "DEVELOP";' >> /etc/nginx/fastcgi_params 49 | ;; 50 | "PRODUCTION" | "production" | "STAGING" | "staging") 51 | echo 'fastcgi_param STAGE "PRODUCTION";' >> /etc/nginx/fastcgi_params 52 | ;; 53 | *) 54 | echo 'fastcgi_param STAGE "DEVELOP";' >> /etc/nginx/fastcgi_params 55 | ;; 56 | esac 57 | 58 | ### Maintenance Mode 59 | if [ "$MAINTENANCE" = "TRUE" ] || [ "$MAINTENANCE" = "true" ]; then 60 | echo '** MAINTENANCE MODE ACTIVATED - THIS IMAGE WILL NOT SERVE PAGES' 61 | mv /etc/nginx/conf.d/default.conf /etc/nginx/conf.d/default.conf.orig 62 | mv /etc/nginx/conf.d/maintenance.conf.maint /etc/nginx.conf.d/maintenance.conf 63 | fi 64 | 65 | mkdir -p /data/logs/nginx 66 | mkdir -p /tmp/nginx 67 | chown -R nginx /data/logs/nginx 68 | chown -R nginx /tmp/nginx 69 | 70 | mkdir -p /tmp/state 71 | touch /tmp/state/09-nginx-init 72 | -------------------------------------------------------------------------------- /php/5.6/root/etc/logrotate.d/nginx: -------------------------------------------------------------------------------- 1 | /data/logs/nginx/*.log { 2 | daily 3 | ifempty 4 | rotate 7 5 | missingok 6 | compress 7 | dateext 8 | sharedscripts 9 | postrotate 10 | s6-svc -h /var/run/s6/services/10-nginx 11 | endscript 12 | } 13 | -------------------------------------------------------------------------------- /php/5.6/root/etc/logrotate.d/php-fpm7: -------------------------------------------------------------------------------- 1 | /data/logs/php-fpm/*.log { 2 | daily 3 | ifempty 4 | rotate 7 5 | missingok 6 | compress 7 | dateext 8 | sharedscripts 9 | postrotate 10 | s6-svc -h /var/run/s6/services/20-php-fpm 11 | endscript 12 | } 13 | 14 | -------------------------------------------------------------------------------- /php/5.6/root/etc/nginx/conf.d/default.conf: -------------------------------------------------------------------------------- 1 | server { 2 | listen 80; 3 | 4 | root /data/html; 5 | index index.php index.html index.htm; 6 | access_log /data/logs/nginx/access.log specialLog; 7 | error_log /data/logs/nginx/error.log; 8 | 9 | disable_symlinks off; 10 | 11 | location = /robots.txt { 12 | allow all; 13 | log_not_found off; 14 | access_log off; 15 | } 16 | 17 | # deny dot-files 18 | location ~ /\. { 19 | deny all; 20 | access_log off; 21 | log_not_found off; 22 | } 23 | 24 | location / { 25 | try_files $uri $uri/ /index.php?$args; 26 | } 27 | 28 | location ~ \.php(/|$) { 29 | fastcgi_split_path_info ^(.+?\.php)(/.+)$; 30 | fastcgi_param PATH_INFO $fastcgi_path_info; 31 | fastcgi_pass 127.0.0.1:9000; 32 | fastcgi_index index.php; 33 | include fastcgi_params; 34 | fastcgi_read_timeout ; 35 | fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; 36 | } 37 | 38 | # Deny access to any files with a .php extension in the uploads directory 39 | # Works in sub-directory installs and also in multisite network 40 | # Keep logging the requests to parse later (or to pass to firewall utilities such as fail2ban) 41 | location ~* /(?:uploads|files)/.*\.php$ { 42 | deny all; 43 | } 44 | 45 | location ~* \.(jpg|jpeg|gif|png|css|js|ico|xml)$ { 46 | access_log on; 47 | log_not_found on; 48 | expires 360d; 49 | } 50 | 51 | ## Block SQL injections 52 | location ~* union.*select.*\( { access_log /data/logs/nginx/blocked.log blocked; deny all; } 53 | location ~* union.*all.*select.* { access_log /data/logs/nginx/blocked.log blocked; deny all; } 54 | location ~* concat.*\( { access_log /data/logs/nginx/blocked.log blocked; deny all; } 55 | 56 | ## Block common exploits 57 | location ~* (<|%3C).*script.*(>|%3E) { access_log /data/logs/nginx/blocked.log blocked; deny all; } 58 | location ~* base64_(en|de)code\(.*\) { access_log /data/logs/nginx/blocked.log blocked; deny all; } 59 | location ~* (%24&x) { access_log /data/logs/nginx/blocked.log blocked; deny all; } 60 | location ~* (%0|%A|%B|%C|%D|%E|%F|127\.0) { access_log /data/logs/nginx/blocked.log blocked; deny all; } 61 | location ~* \.\.\/ { access_log /data/logs/nginx/blocked.log blocked; deny all; } 62 | location ~* ~$ { access_log /data/logs/nginx/blocked.log blocked; deny all; } 63 | location ~* proc/self/environ { access_log /data/logs/nginx/blocked.log blocked; deny all; } 64 | location ~* /\.(htaccess|htpasswd|svn) { access_log /data/logs/nginx/blocked.log blocked; deny all; } 65 | 66 | ## Block file injections 67 | location ~* [a-zA-Z0-9_]=(\.\.//?)+ { access_log /data/logs/nginx/blocked.log blocked; deny all; } 68 | location ~* [a-zA-Z0-9_]=/([a-z0-9_.]//?)+ { access_log /data/logs/nginx/blocked.log blocked; deny all; } 69 | 70 | } 71 | -------------------------------------------------------------------------------- /php/5.6/root/etc/nginx/conf.d/default.llng: -------------------------------------------------------------------------------- 1 | server { 2 | listen 80; 3 | 4 | root /data/html; 5 | index index.php index.html index.htm; 6 | access_log /data/logs/nginx/access.log specialLog; 7 | error_log /data/logs/nginx/error.log; 8 | 9 | disable_symlinks off; 10 | 11 | location = /robots.txt { 12 | allow all; 13 | log_not_found off; 14 | access_log off; 15 | } 16 | 17 | # deny dot-files 18 | location ~ /\. { 19 | deny all; 20 | access_log off; 21 | log_not_found off; 22 | } 23 | 24 | # LemonLDAP:NG authentication request 25 | location = /lmauth { 26 | internal; 27 | include /etc/nginx/fastcgi_params; 28 | fastcgi_pass :; 29 | fastcgi_param REMOTE_PORT ; 30 | fastcgi_pass_request_body off; 31 | fastcgi_param CONTENT_LENGTH ""; 32 | fastcgi_param HOST $http_host; 33 | fastcgi_param X_ORIGINAL_URI $request_uri; 34 | } 35 | 36 | location / { 37 | auth_request /lmauth; 38 | auth_request_set $lmremote_user $upstream_http_lm_remote_user; 39 | auth_request_set $lmlocation $upstream_http_location; 40 | auth_request_set $cookie_value $upstream_http_set_cookie; 41 | add_header Set-Cookie $cookie_value; 42 | error_page 401 $lmlocation; 43 | try_files $uri $uri/ /index.php?$args; 44 | } 45 | 46 | location ~ \.php(/|$) { 47 | fastcgi_split_path_info ^(.+?\.php)(/.+)$; 48 | fastcgi_param PATH_INFO $fastcgi_path_info; 49 | fastcgi_pass 127.0.0.1:9000; 50 | fastcgi_index index.php; 51 | include fastcgi_params; 52 | fastcgi_read_timeout ; 53 | fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; 54 | fastcgi_param HTTP_AUTH_USER; 55 | } 56 | 57 | # Deny access to any files with a .php extension in the uploads directory 58 | # Works in sub-directory installs and also in multisite network 59 | # Keep logging the requests to parse later (or to pass to firewall utilities such as fail2ban) 60 | location ~* /(?:uploads|files)/.*\.php$ { 61 | deny all; 62 | } 63 | 64 | location ~* \.(jpg|jpeg|gif|png|css|js|ico|xml)$ { 65 | access_log on; 66 | log_not_found on; 67 | expires 360d; 68 | } 69 | 70 | ## Block SQL injections 71 | location ~* union.*select.*\( { access_log /data/logs/nginx/blocked.log blocked; deny all; } 72 | location ~* union.*all.*select.* { access_log /data/logs/nginx/blocked.log blocked; deny all; } 73 | location ~* concat.*\( { access_log /data/logs/nginx/blocked.log blocked; deny all; } 74 | 75 | ## Block common exploits 76 | location ~* (<|%3C).*script.*(>|%3E) { access_log /data/logs/nginx/blocked.log blocked; deny all; } 77 | location ~* base64_(en|de)code\(.*\) { access_log /data/logs/nginx/blocked.log blocked; deny all; } 78 | location ~* (%24&x) { access_log /data/logs/nginx/blocked.log blocked; deny all; } 79 | location ~* (%0|%A|%B|%C|%D|%E|%F|127\.0) { access_log /data/logs/nginx/blocked.log blocked; deny all; } 80 | location ~* \.\.\/ { access_log /data/logs/nginx/blocked.log blocked; deny all; } 81 | location ~* ~$ { access_log /data/logs/nginx/blocked.log blocked; deny all; } 82 | location ~* proc/self/environ { access_log /data/logs/nginx/blocked.log blocked; deny all; } 83 | location ~* /\.(htaccess|htpasswd|svn) { access_log /data/logs/nginx/blocked.log blocked; deny all; } 84 | 85 | ## Block file injections 86 | location ~* [a-zA-Z0-9_]=(\.\.//?)+ { access_log /data/logs/nginx/blocked.log blocked; deny all; } 87 | location ~* [a-zA-Z0-9_]=/([a-z0-9_.]//?)+ { access_log /data/logs/nginx/blocked.log blocked; deny all; } 88 | 89 | } 90 | -------------------------------------------------------------------------------- /php/5.6/root/etc/nginx/conf.d/maintenance.conf.maint: -------------------------------------------------------------------------------- 1 | server { 2 | listen 80; 3 | server_name localhost; 4 | 5 | location / { 6 | root /assets/maintenance; 7 | index maintenance.html; 8 | } 9 | 10 | } 11 | -------------------------------------------------------------------------------- /php/5.6/root/etc/nginx/nginx.conf: -------------------------------------------------------------------------------- 1 | # run nginx in foreground 2 | daemon off; 3 | 4 | error_log /data/logs/nginx/error.log warn; 5 | pid /var/run/nginx.pid; 6 | 7 | worker_processes auto; 8 | events { 9 | worker_connections 4096; 10 | } 11 | 12 | http { 13 | sendfile on; 14 | include /etc/nginx/mime.types; 15 | include /etc/nginx/fastcgi.conf; 16 | default_type application/octet-stream; 17 | tcp_nopush on; 18 | client_body_temp_path /tmp/nginx/body 1 2; 19 | fastcgi_temp_path /tmp/nginx/fastcgi_temp 1 2; 20 | 21 | #a new log format for detecting bad bots. 22 | log_format blocked '$time_local: Blocked request from $http_x_real_ip $request'; 23 | 24 | ## This log format makes it so we can see real requester's IP address \ 25 | ## not just the reverse proxy server's IP address. Also note, that \ 26 | ## "specialLog" can be replaced with any name you would like to \ 27 | ## give to this log format. 28 | log_format specialLog '$http_x_real_ip - $remote_user [$time_local] ' 29 | '"$request" $status $body_bytes_sent ' 30 | '"$http_referer" "$http_user_agent"'; 31 | 32 | client_max_body_size ; 33 | 34 | server { 35 | listen 73; 36 | server_name 127.0.0.1; 37 | 38 | ## Zabbix 39 | location /stub_status { 40 | stub_status on; 41 | access_log off; 42 | allow 127.0.0.1; 43 | deny all; 44 | } 45 | 46 | location ~ ^/(php-fpm_status|ping)$ { 47 | access_log off; 48 | allow 127.0.0.1; 49 | deny all; 50 | fastcgi_pass 127.0.0.1:9000; 51 | fastcgi_param SCRIPT_FILENAME $fastcgi_script_name; 52 | include fastcgi_params; 53 | } 54 | 55 | location ~ \.php(/|$) { 56 | root /etc/zabbix/zabbix_agentd.conf.d/php; 57 | access_log off; 58 | fastcgi_split_path_info ^(.+?\.php)(/.+)$; 59 | fastcgi_param PATH_INFO $fastcgi_path_info; 60 | fastcgi_pass 127.0.0.1:9000; 61 | fastcgi_index index.php; 62 | include fastcgi_params; 63 | fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; 64 | } 65 | 66 | } 67 | 68 | include /etc/nginx/conf.d/*.conf; 69 | } 70 | 71 | -------------------------------------------------------------------------------- /php/5.6/root/etc/php5/conf.d/apcu.ini: -------------------------------------------------------------------------------- 1 | extension=apcu.so 2 | apc.enabled=1 3 | apc.shm_size= 4 | apc.ttl=7200 5 | -------------------------------------------------------------------------------- /php/5.6/root/etc/php5/conf.d/opcache.ini: -------------------------------------------------------------------------------- 1 | zend_extension=opcache.so 2 | opcache.enable=0 3 | opcache.enable_cli=1 4 | opcache.fast_shutdown=1 5 | opcache.memory_consumption= 6 | opcache.interned_strings_buffer=16 7 | opcache.max_accelerated_files=5413 8 | opcache.revalidate_freq=60 9 | -------------------------------------------------------------------------------- /php/5.6/root/etc/php5/php-fpm.conf: -------------------------------------------------------------------------------- 1 | error_log = /data/logs/php-fpm/php-fpm.log 2 | log_level = 3 | 4 | [www] 5 | ;user = nginx 6 | ;group = www-data 7 | listen = 127.0.0.1:9000 8 | listen.owner = nginx 9 | listen.group = www-data 10 | pm = ondemand 11 | 12 | ; Total RAM dedicated to the web server / Max child process size 13 | pm.max_children = 75 14 | pm.status_path = /php-fpm_status 15 | ping.path = /ping 16 | 17 | pm.process_idle_timeout = 10s 18 | pm.max_requests = 500 19 | ;chdir = /data/html 20 | php_flag[display_errors] = on 21 | php_admin_value[memory_limit] = 22 | php_admin_value[post_max_size] = 23 | php_admin_value[upload_max_filesize] = 24 | php_admin_value[output_buffering] = 0 25 | php_admin_value[openssl.cafile] = /etc/ssl/certs/ca-certificates.crt 26 | php_admin_value[openssl.capath] = /etc/ssl/certs 27 | php_admin_value[max_input_nesting_level] = 256 28 | php_admin_value[max_input_vars] = 10000 29 | php_admin_value[max_execution_time] = 300 30 | 31 | ; Redirect worker stdout and stderr into main error log. If not set, stdout and 32 | ; stderr will be redirected to /dev/null according to FastCGI specs. 33 | ; Default Value: no 34 | catch_workers_output = yes 35 | 36 | env[PATH] = /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin 37 | env[TMP] = /tmp 38 | env[TMPDIR] = /tmp 39 | env[TEMP] = /tmp -------------------------------------------------------------------------------- /php/5.6/root/etc/s6/services/10-nginx/run: -------------------------------------------------------------------------------- 1 | #!/usr/bin/with-contenv bash 2 | 3 | while [ ! -f /tmp/state/99-container-init ] 4 | do 5 | sleep 1 6 | done 7 | 8 | if [ ! -f /tmp/state/10-nginx ]; then 9 | 10 | ### Check to see if this is a new install, if yes create directories... 11 | if [ ! -f /data/html/index.php ] ; then 12 | echo "** [nginx-php-fpm] Nothing in Directory, Creating Sample File" 13 | mkdir -p /data/html 14 | touch /data/html/index.php 15 | chown nginx:www-data /data/html 16 | fi 17 | 18 | ### Force Reset Permissions for Security 19 | chown -R nginx:www-data /data/html 20 | mkdir -p /tmp/state 21 | echo 'Initialization Complete' >/tmp/state/10-nginx 22 | fi 23 | 24 | echo '' 25 | echo '** [nginx] Starting nginx..' 26 | exec nginx 27 | -------------------------------------------------------------------------------- /php/5.6/root/etc/s6/services/20-php-fpm/run: -------------------------------------------------------------------------------- 1 | #!/usr/bin/with-contenv bash 2 | 3 | while [ ! -f /tmp/state/99-container-init ] 4 | do 5 | sleep 1 6 | done 7 | 8 | if [ ! -f /tmp/state/20-php-fpm ]; then 9 | ### Start php-fpm 10 | mkdir -p /tmp/state/ 11 | echo 'Initialization Complete' >/tmp/state/20-php-fpm 12 | fi 13 | 14 | 15 | echo '' 16 | echo '** [nginx-php-fpm] Starting php-fpm..' 17 | exec s6-setuidgid nginx php-fpm5 -F; 18 | -------------------------------------------------------------------------------- /php/5.6/root/etc/zabbix/zabbix_agentd.conf.d/nginx-status.conf: -------------------------------------------------------------------------------- 1 | UserParameter=nginx.status[*],/etc/zabbix/zabbix_agentd.conf.d/scripts/nginx-status.sh $1 2 | -------------------------------------------------------------------------------- /php/5.6/root/etc/zabbix/zabbix_agentd.conf.d/php-fpm-params.conf: -------------------------------------------------------------------------------- 1 | UserParameter=php-fpm.status[*],/etc/zabbix/zabbix_agentd.conf.d/scripts/php-fpm-check.sh $1 2 | 3 | -------------------------------------------------------------------------------- /php/5.6/root/etc/zabbix/zabbix_agentd.conf.d/php-opcache-check.conf: -------------------------------------------------------------------------------- 1 | UserParameter=opcache[*], curl --silent http://127.0.0.1:73/php-opcache-check.php?item=$1 2 | -------------------------------------------------------------------------------- /php/5.6/root/etc/zabbix/zabbix_agentd.conf.d/scripts/nginx-status.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | HOST="localhost" 3 | PORT="73" 4 | 5 | function proc_num { 6 | num=$(pgrep nginx |wc -l) 7 | } 8 | function active { 9 | num=$(curl -s "http://$HOST:$PORT/stub_status" |grep 'Active' |awk '{print $NF}') 10 | } 11 | function reading { 12 | num=$(curl -s "http://$HOST:$PORT/stub_status" |grep 'Reading' |awk '{print $2}') 13 | } 14 | function writing { 15 | num=$(curl -s "http://$HOST:$PORT/stub_status" |grep 'Writing' |awk '{print $4}') 16 | } 17 | function waiting { 18 | num=$(curl -s "http://$HOST:$PORT/stub_status" |grep 'Waiting' |awk '{print $6}') 19 | } 20 | function accepts { 21 | num=$(curl -s "http://$HOST:$PORT/stub_status" |awk NR==3 |awk '{print $1}') 22 | } 23 | function handled { 24 | num=$(curl -s "http://$HOST:$PORT/stub_status" |awk NR==3 |awk '{print $2}') 25 | } 26 | function requests { 27 | num=$(curl -s "http://$HOST:$PORT/stub_status" |awk NR==3 |awk '{print $3}') 28 | } 29 | 30 | $1 31 | echo ${num:-0} 32 | 33 | -------------------------------------------------------------------------------- /php/5.6/root/etc/zabbix/zabbix_agentd.conf.d/scripts/php-fpm-check.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | HOST="localhost" 4 | PORT="73" 5 | status="php-fpm_status" 6 | 7 | function query() { 8 | curl -s http://${HOST}:${PORT}/${status}?xml | grep "<$1>" | awk -F'>|<' '{ print $3}' 9 | } 10 | 11 | if [ $# == 0 ]; then 12 | echo $"Usage $0 {pool|process-manager|start-time|start-since|accepted-conn|listen-queue|max-listen-queue|listen-queue-len|idle-processes|active-processes|total-processes|max-active-processes|max-children-reached|slow-requests}" 13 | exit 14 | else 15 | query "$1" 16 | fi 17 | 18 | -------------------------------------------------------------------------------- /php/5.6/root/tmp/install.sh: -------------------------------------------------------------------------------- 1 | apk update ; \ 2 | apk add \ 3 | bash \ 4 | apache2-utils \ 5 | ca-certificates \ 6 | mariadb-client \ 7 | nginx \ 8 | openssl \ 9 | php5 \ 10 | php5-common \ 11 | php5-apcu \ 12 | php5-bcmath \ 13 | php5-bz2 \ 14 | php5-calendar \ 15 | php5-ctype \ 16 | php5-curl \ 17 | php5-dba \ 18 | php5-dom \ 19 | php5-embed \ 20 | php5-enchant \ 21 | php5-exif \ 22 | php5-fpm \ 23 | php5-ftp \ 24 | php5-gd \ 25 | php5-gettext \ 26 | php5-gmp \ 27 | php5-iconv \ 28 | php5-intl \ 29 | php5-imap \ 30 | php5-json \ 31 | php5-ldap \ 32 | php5-mcrypt \ 33 | php5-mysqli \ 34 | php5-odbc \ 35 | php5-opcache \ 36 | php5-openssl \ 37 | php5-pcntl \ 38 | php5-pdo \ 39 | php5-pdo_mysql \ 40 | php5-pdo_pgsql \ 41 | php5-pdo_sqlite \ 42 | php5-pgsql \ 43 | php5-phar\ 44 | php5-posix \ 45 | php5-pspell \ 46 | php5-shmop \ 47 | php5-snmp \ 48 | php5-soap \ 49 | php5-sockets \ 50 | php5-sqlite3 \ 51 | php5-wddx \ 52 | php5-xml \ 53 | php5-xmlreader \ 54 | php5-xmlrpc \ 55 | php5-xml \ 56 | php5-zip \ 57 | php5-zlib \ 58 | ; \ 59 | \ 60 | rm -rf /var/cache/apk/* ; \ 61 | \ 62 | ### Nginx and PHP5 Setup 63 | sed -i 's/;cgi.fix_pathinfo=1/cgi.fix_pathinfo=0/g' /etc/php5/php.ini ; \ 64 | sed -i "s/nginx:x:100:101:nginx:\/var\/lib\/nginx:\/sbin\/nologin/nginx:x:100:101:nginx:\/data:\/bin\/bash/g" /etc/passwd ; \ 65 | sed -i "s/nginx:x:100:101:nginx:\/var\/lib\/nginx:\/sbin\/nologin/nginx:x:100:101:nginx:\/data:\/bin\/bash/g" /etc/passwd- ; \ 66 | \ 67 | ### WWW Installation 68 | mkdir -p /data/logs 69 | -------------------------------------------------------------------------------- /php/5.6/root/usr/sbin/maintenance: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | if [ -z $1 ]; then 4 | echo "Usage: maintenance (on|off|sleep NUM VALUE)" 5 | echo "" 6 | echo "Example: " 7 | echo "" 8 | echo "maintenance on - Switches on Maintenance Mode" 9 | echo "maintenance off - Switches off Maintenance Mode" 10 | echo "maintenance sleep - Switches on Maintenance Mode temporarily for 15 minutes" 11 | echo "maintenance sleep 10 min - Switches on Maintenance Mode temporarily for 10 min" 12 | echo "" 13 | echo "Valid VALUE is seconds (sec, secs), minutes (min, mins) , hours (hour, hr) , days (day)" 14 | exit 15 | fi 16 | 17 | case "$1" in 18 | "on" | "ON" | "true" | "TRUE" ) 19 | mv /etc/nginx/conf.d/default.conf /etc/nginx/conf.d/default.conf.orig 20 | mv /etc/nginx/conf.d/maintenance.conf.maint /etc/nginx/conf.d/maintenance.conf 21 | nginx -s reload 22 | echo 'Maintenance Mode Activated' 23 | ;; 24 | "off" | "OFF" | "false" | "FALSE" ) 25 | mv /etc/nginx/conf.d/default.conf.orig /etc/nginx/conf.d/default.conf 26 | mv /etc/nginx/conf.d/maintenance.conf /etc/nginx/conf.d/maintenance.conf.maint 27 | nginx -s reload 28 | echo 'Maintenance Mode Deactivated' 29 | ;; 30 | "sleep" | "SLEEP" | "temp" | "TEMP" ) 31 | mv /etc/nginx/conf.d/default.conf /etc/nginx/conf.d/default.conf.orig 32 | mv /etc/nginx/conf.d/maintenance.conf.maint /etc/nginx/conf.d/maintenance.conf 33 | nginx -s reload 34 | if [ -z $2 ]; then 35 | SLEEPNUM="15" 36 | SLEEPCALC=$((15 * 60)) 37 | fi 38 | 39 | if [ -z $3 ]; then 40 | set -- "${@:1:2}" "min" 41 | fi 42 | 43 | case "$3" in 44 | "min" | "minutes" | "MIN" | "MINUTES" ) 45 | SLEEPCALC=$(($2 * 60)) 46 | SLEEPDESC="minutes" 47 | ;; 48 | "seconds" | "secs" | "sec" | "SECONDS" | "SECS" | "SEC" ) 49 | SLEEPCALC=$(($2 * 1)) 50 | SLEEPDESC="seconds" 51 | ;; 52 | "hour" | "hours" | "hr" | "hrs" | "HOUR" | "HOURS" | "HRS" ) 53 | SLEEPCALC=$(($2 * 3600)) 54 | SLEEPDESC="hour(s)" 55 | ;; 56 | "day" | "days" | "DAY" | "DAYS" ) 57 | SLEEPCALC=$(($2 * 86400)) 58 | SLEEPDESC="day(s)" 59 | ;; 60 | esac 61 | 62 | echo 'Maintenance Mode Temporarily Activated for '$SLEEPNUM' '$SLEEPDESC 63 | sleep $SLEEPCALC 64 | mv /etc/nginx/conf.d/default.conf.orig /etc/nginx/conf.d/default.conf 65 | mv /etc/nginx/conf.d/maintenance.conf /etc/nginx/conf.d/maintenance.conf.maint 66 | nginx -s reload 67 | echo 'Maintenance Mode Deactivated' 68 | ;; 69 | esac 70 | -------------------------------------------------------------------------------- /php/7.1/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM aqzt/docker-alpine 2 | LABEL maintainer="aqzt.com (ppabc@qq.com)" 3 | 4 | ### Default Runtime Environment Variables 5 | ENV ENABLE_HOSTS=TRUE \ 6 | ENABLE_SMTP=FALSE 7 | 8 | ### Dependency Installation 9 | RUN apk update ; \ 10 | apk add \ 11 | apache2-utils \ 12 | ca-certificates \ 13 | mariadb-client \ 14 | openssl \ 15 | libpng-dev \ 16 | libpng-utils \ 17 | libpng \ 18 | imagemagick \ 19 | php7 \ 20 | php7-common \ 21 | php7-apcu \ 22 | php7-amqp \ 23 | php7-bcmath \ 24 | php7-bz2 \ 25 | php7-calendar \ 26 | php7-ctype \ 27 | php7-curl \ 28 | php7-dba \ 29 | php7-dom \ 30 | php7-embed \ 31 | php7-enchant \ 32 | php7-exif \ 33 | php7-fileinfo \ 34 | php7-fpm \ 35 | php7-ftp \ 36 | php7-gd \ 37 | php7-gettext \ 38 | php7-gmp \ 39 | php7-iconv \ 40 | php7-imagick \ 41 | php7-imagick-dev \ 42 | php7-imap \ 43 | php7-intl \ 44 | php7-json \ 45 | php7-ldap \ 46 | php7-mailparse \ 47 | php7-mbstring \ 48 | php7-mcrypt \ 49 | php7-memcached \ 50 | php7-mysqli \ 51 | php7-mysqlnd \ 52 | php7-odbc \ 53 | php7-opcache \ 54 | php7-openssl \ 55 | php7-pcntl \ 56 | php7-pdo \ 57 | php7-pdo_mysql \ 58 | php7-pdo_pgsql \ 59 | php7-pdo_sqlite \ 60 | php7-pgsql \ 61 | php7-phar\ 62 | php7-posix \ 63 | php7-pspell \ 64 | php7-recode \ 65 | php7-redis \ 66 | php7-session \ 67 | php7-shmop \ 68 | php7-simplexml \ 69 | php7-snmp \ 70 | php7-soap \ 71 | php7-sockets \ 72 | php7-sqlite3 \ 73 | php7-tidy \ 74 | php7-tokenizer \ 75 | php7-wddx \ 76 | php7-xdebug \ 77 | php7-xml \ 78 | php7-xmlreader \ 79 | php7-xmlrpc \ 80 | php7-xmlwriter \ 81 | php7-xml \ 82 | php7-zip \ 83 | php7-zlib \ 84 | php7-zmq \ 85 | ; \ 86 | \ 87 | rm -rf /var/cache/apk/* ; \ 88 | \ 89 | ### PHP7 Setup 90 | sed -i 's/;cgi.fix_pathinfo=1/cgi.fix_pathinfo=0/g' /etc/php7/php.ini ; \ 91 | ln -s /sbin/php-fpm7 /sbin/php-fpm ; \ 92 | \ 93 | ### Install PHP Composer 94 | curl -sS https://getcomposer.org/installer | php -- --install-dir=/usr/bin --filename=composer ; \ 95 | \ 96 | ### WWW Installation 97 | mkdir -p /www/logs 98 | 99 | 100 | ### Networking Configuration 101 | EXPOSE 9002 102 | 103 | ### Files Addition 104 | ADD root / 105 | RUN chmod +x /etc/zabbix/zabbix_agentd.conf.d/scripts/* 106 | -------------------------------------------------------------------------------- /php/7.1/root/assets/maintenance/maintenance.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | Undergoing Scheduled Maintenance 5 | 6 | 7 | 8 |

Sorry, we're presently performing maintenance on our services.

9 | 10 | 11 | 12 | 13 | 14 | 15 | -------------------------------------------------------------------------------- /php/7.1/root/etc/logrotate.d/php-fpm7: -------------------------------------------------------------------------------- 1 | /www/logs/php-fpm/*.log { 2 | daily 3 | ifempty 4 | rotate 7 5 | missingok 6 | compress 7 | dateext 8 | sharedscripts 9 | postrotate 10 | s6-svc -h /var/run/s6/services/20-php-fpm 11 | endscript 12 | } 13 | 14 | -------------------------------------------------------------------------------- /php/7.1/root/etc/php7/conf.d/00_opcache.ini: -------------------------------------------------------------------------------- 1 | zend_extension=opcache.so 2 | opcache.enable=1 3 | opcache.enable_cli=1 4 | opcache.fast_shutdown=1 5 | opcache.memory_consumption= 6 | opcache.interned_strings_buffer=16 7 | opcache.max_accelerated_files=5413 8 | opcache.revalidate_freq=60 9 | -------------------------------------------------------------------------------- /php/7.1/root/etc/php7/conf.d/apcu.ini: -------------------------------------------------------------------------------- 1 | extension=apcu.so 2 | apc.enabled=1 3 | apc.shm_size= 4 | apc.ttl=7200 5 | -------------------------------------------------------------------------------- /php/7.1/root/etc/php7/php-fpm.conf: -------------------------------------------------------------------------------- 1 | error_log = /data/logs/php-fpm/php-fpm.log 2 | log_level = 3 | 4 | [www] 5 | listen = 127.0.0.1:9002 6 | listen.owner = nginx 7 | listen.group = www-data 8 | pm = ondemand 9 | 10 | pm.max_children = 20 11 | pm.start_servers = 2 12 | pm.min_spare_servers = 1 13 | pm.max_spare_servers = 3 14 | pm.status_path = /php-fpm_status 15 | ping.path = /ping 16 | 17 | pm.process_idle_timeout = 10s 18 | pm.max_requests = 500 19 | chdir = /data/html 20 | php_flag[display_errors] = on 21 | php_admin_value[memory_limit] = 22 | php_admin_value[post_max_size] = 23 | php_admin_value[upload_max_filesize] = 24 | php_admin_value[output_buffering] = 0 25 | php_admin_value[openssl.cafile] = /etc/ssl/certs/ca-certificates.crt 26 | php_admin_value[openssl.capath] = /etc/ssl/certs 27 | php_admin_value[max_input_nesting_level] = 256 28 | php_admin_value[max_input_vars] = 10000 29 | php_admin_value[max_execution_time] = 300 30 | 31 | catch_workers_output = yes 32 | 33 | env[PATH] = /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin 34 | env[TMP] = /tmp 35 | env[TMPDIR] = /tmp 36 | env[TEMP] = /tmp -------------------------------------------------------------------------------- /php/7.1/root/etc/s6/services/20-php-fpm/run: -------------------------------------------------------------------------------- 1 | #!/usr/bin/with-contenv bash 2 | 3 | while [ ! -f /tmp/state/99-container-init ] 4 | do 5 | sleep 1 6 | done 7 | 8 | if [ ! -f /tmp/state/20-php-fpm ]; then 9 | ### Start php-fpm 10 | mkdir -p /tmp/state/ 11 | echo 'Initialization Complete' >/tmp/state/20-php-fpm 12 | fi 13 | 14 | 15 | echo '' 16 | echo '** [nginx-php-fpm] Starting php-fpm..' 17 | exec s6-setuidgid nginx php-fpm7 -F; 18 | -------------------------------------------------------------------------------- /php/7.1/root/etc/zabbix/zabbix_agentd.conf.d/php-fpm-params.conf: -------------------------------------------------------------------------------- 1 | UserParameter=php-fpm.status[*],/etc/zabbix/zabbix_agentd.conf.d/scripts/php-fpm-check.sh $1 2 | 3 | -------------------------------------------------------------------------------- /php/7.1/root/etc/zabbix/zabbix_agentd.conf.d/php-opcache-check.conf: -------------------------------------------------------------------------------- 1 | UserParameter=opcache[*], curl --silent http://127.0.0.1:73/php-opcache-check.php?item=$1 2 | -------------------------------------------------------------------------------- /php/7.1/root/etc/zabbix/zabbix_agentd.conf.d/scripts/nginx-status.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | HOST="localhost" 3 | PORT="73" 4 | 5 | function proc_num { 6 | num=$(pgrep nginx |wc -l) 7 | } 8 | function active { 9 | num=$(curl -s "http://$HOST:$PORT/stub_status" |grep 'Active' |awk '{print $NF}') 10 | } 11 | function reading { 12 | num=$(curl -s "http://$HOST:$PORT/stub_status" |grep 'Reading' |awk '{print $2}') 13 | } 14 | function writing { 15 | num=$(curl -s "http://$HOST:$PORT/stub_status" |grep 'Writing' |awk '{print $4}') 16 | } 17 | function waiting { 18 | num=$(curl -s "http://$HOST:$PORT/stub_status" |grep 'Waiting' |awk '{print $6}') 19 | } 20 | function accepts { 21 | num=$(curl -s "http://$HOST:$PORT/stub_status" |awk NR==3 |awk '{print $1}') 22 | } 23 | function handled { 24 | num=$(curl -s "http://$HOST:$PORT/stub_status" |awk NR==3 |awk '{print $2}') 25 | } 26 | function requests { 27 | num=$(curl -s "http://$HOST:$PORT/stub_status" |awk NR==3 |awk '{print $3}') 28 | } 29 | 30 | $1 31 | echo ${num:-0} 32 | 33 | -------------------------------------------------------------------------------- /php/7.1/root/etc/zabbix/zabbix_agentd.conf.d/scripts/php-fpm-check.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | HOST="localhost" 4 | PORT="73" 5 | status="php-fpm_status" 6 | 7 | function query() { 8 | curl -s http://${HOST}:${PORT}/${status}?xml | grep "<$1>" | awk -F'>|<' '{ print $3}' 9 | } 10 | 11 | if [ $# == 0 ]; then 12 | echo $"Usage $0 {pool|process-manager|start-time|start-since|accepted-conn|listen-queue|max-listen-queue|listen-queue-len|idle-processes|active-processes|total-processes|max-active-processes|max-children-reached|slow-requests}" 13 | exit 14 | else 15 | query "$1" 16 | fi 17 | 18 | -------------------------------------------------------------------------------- /php/7.1/root/usr/sbin/maintenance: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | if [ -z $1 ]; then 4 | echo "Usage: maintenance (on|off|sleep NUM VALUE)" 5 | echo "" 6 | echo "Example: " 7 | echo "" 8 | echo "maintenance on - Switches on Maintenance Mode" 9 | echo "maintenance off - Switches off Maintenance Mode" 10 | echo "maintenance sleep - Switches on Maintenance Mode temporarily for 15 minutes" 11 | echo "maintenance sleep 10 min - Switches on Maintenance Mode temporarily for 10 min" 12 | echo "" 13 | echo "Valid VALUE is seconds (sec, secs), minutes (min, mins) , hours (hour, hr) , days (day)" 14 | exit 15 | fi 16 | 17 | case "$1" in 18 | "on" | "ON" | "true" | "TRUE" ) 19 | mv /etc/nginx/conf.d/default.conf /etc/nginx/conf.d/default.conf.orig 20 | mv /etc/nginx/conf.d/maintenance.conf.maint /etc/nginx/conf.d/maintenance.conf 21 | nginx -s reload 22 | echo 'Maintenance Mode Activated' 23 | ;; 24 | "off" | "OFF" | "false" | "FALSE" ) 25 | mv /etc/nginx/conf.d/default.conf.orig /etc/nginx/conf.d/default.conf 26 | mv /etc/nginx/conf.d/maintenance.conf /etc/nginx/conf.d/maintenance.conf.maint 27 | nginx -s reload 28 | echo 'Maintenance Mode Deactivated' 29 | ;; 30 | "sleep" | "SLEEP" | "temp" | "TEMP" ) 31 | mv /etc/nginx/conf.d/default.conf /etc/nginx/conf.d/default.conf.orig 32 | mv /etc/nginx/conf.d/maintenance.conf.maint /etc/nginx/conf.d/maintenance.conf 33 | nginx -s reload 34 | if [ -z $2 ]; then 35 | SLEEPNUM="15" 36 | SLEEPCALC=$((15 * 60)) 37 | fi 38 | 39 | if [ -z $3 ]; then 40 | set -- "${@:1:2}" "min" 41 | fi 42 | 43 | case "$3" in 44 | "min" | "minutes" | "MIN" | "MINUTES" ) 45 | SLEEPCALC=$(($2 * 60)) 46 | SLEEPDESC="minutes" 47 | ;; 48 | "seconds" | "secs" | "sec" | "SECONDS" | "SECS" | "SEC" ) 49 | SLEEPCALC=$(($2 * 1)) 50 | SLEEPDESC="seconds" 51 | ;; 52 | "hour" | "hours" | "hr" | "hrs" | "HOUR" | "HOURS" | "HRS" ) 53 | SLEEPCALC=$(($2 * 3600)) 54 | SLEEPDESC="hour(s)" 55 | ;; 56 | "day" | "days" | "DAY" | "DAYS" ) 57 | SLEEPCALC=$(($2 * 86400)) 58 | SLEEPDESC="day(s)" 59 | ;; 60 | esac 61 | 62 | echo 'Maintenance Mode Temporarily Activated for '$SLEEPNUM' '$SLEEPDESC 63 | sleep $SLEEPCALC 64 | mv /etc/nginx/conf.d/default.conf.orig /etc/nginx/conf.d/default.conf 65 | mv /etc/nginx/conf.d/maintenance.conf /etc/nginx/conf.d/maintenance.conf.maint 66 | nginx -s reload 67 | echo 'Maintenance Mode Deactivated' 68 | ;; 69 | esac 70 | -------------------------------------------------------------------------------- /redis/3/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM aqzt/docker-alpine 2 | LABEL maintainer="aqzt.com (ppabc@qq.com)" 3 | 4 | ENV REDIS_VERSION=3.2.11 \ 5 | REDIS_DOWNLOAD_URL=http://download.redis.io/releases/redis-3.2.11.tar.gz \ 6 | REDIS_DOWNLOAD_SHA1=31ae927cab09f90c9ca5954aab7aeecc3bb4da6087d3d12ba0a929ceb54081b5 \ 7 | ZABBIX_HOSTNAME=redis-app \ 8 | ENABLE_SMTP=FALSE 9 | 10 | 11 | ## Redis Installation 12 | # add our user and group first to make sure their IDs get assigned consistently, regardless of whatever dependencies get added 13 | RUN addgroup -S redis && adduser -S -G redis redis 14 | 15 | # grab su-exec for easy step-down from root 16 | RUN apk add --no-cache 'su-exec>=0.2' 17 | 18 | 19 | # for redis-sentinel see: http://redis.io/topics/sentinel 20 | RUN set -ex \ 21 | \ 22 | && apk add --no-cache --virtual .build-deps \ 23 | gcc \ 24 | linux-headers \ 25 | make \ 26 | musl-dev \ 27 | tar \ 28 | && \ 29 | wget -O redis.tar.gz "$REDIS_DOWNLOAD_URL" && \ 30 | mkdir -p /usr/src/redis && \ 31 | tar -xzf redis.tar.gz -C /usr/src/redis --strip-components=1 && \ 32 | rm redis.tar.gz && \ 33 | 34 | # Disable Redis protected mode [1] as it is unnecessary in context 35 | # of Docker. Ports are not automatically exposed when running inside 36 | # Docker, but rather explicitely by specifying -p / -P. 37 | # [1] https://github.com/antirez/redis/commit/edd4d555df57dc84265fdfb4ef59a4678832f6da 38 | grep -q '^#define CONFIG_DEFAULT_PROTECTED_MODE 1$' /usr/src/redis/src/server.h && \ 39 | sed -ri 's!^(#define CONFIG_DEFAULT_PROTECTED_MODE) 1$!\1 0!' /usr/src/redis/src/server.h && \ 40 | grep -q '^#define CONFIG_DEFAULT_PROTECTED_MODE 0$' /usr/src/redis/src/server.h && \ 41 | # for future reference, we modify this directly in the source instead of just supplying a default configuration flag because apparently "if you specify any argument to redis-server, [it assumes] you are going to specify everything" 42 | # see also https://github.com/docker-library/redis/issues/4#issuecomment-50780840 43 | # (more exactly, this makes sure the default behavior of "save on SIGTERM" stays functional by default) 44 | 45 | make -C /usr/src/redis && \ 46 | make -C /usr/src/redis install && \ 47 | 48 | rm -r /usr/src/redis && \ 49 | 50 | apk del .build-deps && \ 51 | rm -rf /var/cache/apk/* && \ 52 | 53 | # Workspace and Volume Setup 54 | mkdir -p /data && \ 55 | chown redis:redis /data 56 | 57 | VOLUME /data 58 | WORKDIR /data 59 | 60 | ## Networking Configuration 61 | EXPOSE 6379 62 | 63 | ### Files Addition 64 | ADD root / 65 | 66 | ### Entrypoint Configuration 67 | ENTRYPOINT ["/init"] 68 | -------------------------------------------------------------------------------- /redis/3/root/etc/s6/services/10-redis/run: -------------------------------------------------------------------------------- 1 | #!/usr/bin/with-contenv bash 2 | 3 | while [ ! -f /tmp/state/99-container-init ] 4 | do 5 | sleep 1 6 | done 7 | 8 | if [ ! -f /tmp/state/10-redis ]; then 9 | 10 | ## Redis Setup 11 | # first arg is `-f` or `--some-option` 12 | # or first arg is `something.conf` 13 | if [ "${1#-}" != "$1" ] || [ "${1%.conf}" != "$1" ]; then 14 | set -- redis-server "$@" 15 | fi 16 | 17 | # allow the container to be started with `--user` 18 | if [ "$1" = 'redis-server' -a "$(id -u)" = '0' ]; then 19 | chown -R redis . 20 | exec su-exec redis "$0" "$@" 21 | fi 22 | 23 | mkdir -p /tmp/state 24 | echo 'Initialization Complete' >/tmp/state/10-redis 25 | fi 26 | 27 | echo '' 28 | echo '** Starting Redis..' 29 | exec s6-setuidgid redis redis-server --dir /data 30 | 31 | -------------------------------------------------------------------------------- /redis/3/root/etc/zabbix/zabbix_agentd.conf.d/redis.conf: -------------------------------------------------------------------------------- 1 | # total keys amount among all databases 2 | UserParameter=redis.keys,redis-cli info |grep -E -o 'keys=[0-9]+' |awk -F= '{sum += $2} END {print sum}' 3 | 4 | # info statistics 5 | UserParameter=redis.stat[*],redis-cli info |grep -w $1 |cut -d: -f2 6 | 7 | # get raw data from redis 8 | UserParameter=redis.raw[*],redis-cli --raw $1 $2 9 | UserParameter=redis.discovery[*],/etc/zabbix/zabbix_agentd.conf.d/scripts/redis-discovery.sh $1 $2 10 | -------------------------------------------------------------------------------- /redis/3/root/etc/zabbix/zabbix_agentd.conf.d/scripts/redis-discovery.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | # Author: Lesovsky A.V. 3 | # Description: Get values stored in Redis keys 4 | 5 | getValues=$(redis-cli --raw $1 $2) 6 | 7 | echo -n '{"data":[' 8 | for value in $getValues; do echo -n "{\"{#VALUE}\": \"$value\"},"; done |sed -e 's:\},$:\}:' 9 | echo -n ']}' 10 | 11 | -------------------------------------------------------------------------------- /redis/4/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM aqzt/docker-alpine 2 | LABEL maintainer="aqzt.com (ppabc@qq.com)" 3 | 4 | ENV REDIS_VERSION=4.0.9 \ 5 | REDIS_DOWNLOAD_URL=http://download.redis.io/releases/redis-4.0.9.tar.gz \ 6 | ZABBIX_HOSTNAME=redis-db \ 7 | ENABLE_SMTP=FALSE 8 | 9 | ## Redis Installation 10 | RUN set -x ; \ 11 | addgroup -S -g 6379 redis ; \ 12 | adduser -S -D -H -h /dev/null -s /sbin/nologin -G redis -u 6379 redis ;\ 13 | 14 | apk add --no-cache 'su-exec>=0.2' ; \ 15 | set -ex ; \ 16 | \ 17 | apk add --no-cache --virtual .redis-build-deps \ 18 | gcc \ 19 | linux-headers \ 20 | make \ 21 | musl-dev \ 22 | tar \ 23 | ; \ 24 | mkdir -p /usr/src/redis ; \ 25 | curl $REDIS_DOWNLOAD_URL | tar xfz - --strip 1 -C /usr/src/redis ; \ 26 | 27 | grep -q '^#define CONFIG_DEFAULT_PROTECTED_MODE 1$' /usr/src/redis/src/server.h ; \ 28 | sed -ri 's!^(#define CONFIG_DEFAULT_PROTECTED_MODE) 1$!\1 0!' /usr/src/redis/src/server.h ; \ 29 | grep -q '^#define CONFIG_DEFAULT_PROTECTED_MODE 0$' /usr/src/redis/src/server.h ; \ 30 | 31 | make -C /usr/src/redis ; \ 32 | make -C /usr/src/redis install ; \ 33 | 34 | rm -r /usr/src/redis ; \ 35 | 36 | apk del .redis-build-deps ; \ 37 | rm -rf /var/cache/apk/* ; \ 38 | 39 | # Workspace and Volume Setup 40 | mkdir -p /data ; \ 41 | chown redis /data 42 | 43 | VOLUME /data 44 | WORKDIR /data 45 | 46 | ## Networking Configuration 47 | EXPOSE 6379 48 | 49 | ### Files Addition 50 | ADD root / 51 | -------------------------------------------------------------------------------- /redis/4/root/etc/s6/services/10-redis/run: -------------------------------------------------------------------------------- 1 | #!/usr/bin/with-contenv bash 2 | 3 | while [ ! -f /tmp/state/99-container-init ] 4 | do 5 | sleep 1 6 | done 7 | 8 | if [ ! -f /tmp/state/10-redis ]; then 9 | 10 | ## Redis Setup 11 | # first arg is `-f` or `--some-option` 12 | # or first arg is `something.conf` 13 | if [ "${1#-}" != "$1" ] || [ "${1%.conf}" != "$1" ]; then 14 | set -- redis-server "$@" 15 | fi 16 | 17 | # allow the container to be started with `--user` 18 | if [ "$1" = 'redis-server' -a "$(id -u)" = '0' ]; then 19 | chown -R redis . 20 | exec su-exec redis "$0" "$@" 21 | fi 22 | 23 | mkdir -p /tmp/state 24 | echo 'Initialization Complete' >/tmp/state/10-redis 25 | fi 26 | 27 | echo '' 28 | echo '** Starting Redis..' 29 | exec s6-setuidgid redis redis-server --dir /data 30 | 31 | -------------------------------------------------------------------------------- /redis/4/root/etc/zabbix/zabbix_agentd.conf.d/redis.conf: -------------------------------------------------------------------------------- 1 | # total keys amount among all databases 2 | UserParameter=redis.keys,redis-cli info |grep -E -o 'keys=[0-9]+' |awk -F= '{sum += $2} END {print sum}' 3 | 4 | # info statistics 5 | UserParameter=redis.stat[*],redis-cli info |grep -w $1 |cut -d: -f2 6 | 7 | # get raw data from redis 8 | UserParameter=redis.raw[*],redis-cli --raw $1 $2 9 | UserParameter=redis.discovery[*],/etc/zabbix/zabbix_agentd.conf.d/scripts/redis-discovery.sh $1 $2 10 | -------------------------------------------------------------------------------- /redis/4/root/etc/zabbix/zabbix_agentd.conf.d/scripts/redis-discovery.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | # Author: Lesovsky A.V. 3 | # Description: Get values stored in Redis keys 4 | 5 | getValues=$(redis-cli --raw $1 $2) 6 | 7 | echo -n '{"data":[' 8 | for value in $getValues; do echo -n "{\"{#VALUE}\": \"$value\"},"; done |sed -e 's:\},$:\}:' 9 | echo -n ']}' 10 | 11 | -------------------------------------------------------------------------------- /tomcat/7/root/etc/cont-init.d/10-tomcat: -------------------------------------------------------------------------------- 1 | #!/usr/bin/with-contenv bash 2 | 3 | ### Set Defaults 4 | export CATALINA_OPTS=${CATALINA_OPTS:-"-Xmx${JS_Xmx} -XX:MaxPermSize=${JS_MaxPermSize} ${JS_CATALINA_OPTS}"} 5 | 6 | 7 | 8 | -------------------------------------------------------------------------------- /tomcat/7/root/etc/s6/services/10-tomcat/run: -------------------------------------------------------------------------------- 1 | #!/usr/bin/with-contenv bash 2 | 3 | while [ ! -f /tmp/state/99-container-init ] 4 | do 5 | sleep 1 6 | done 7 | 8 | 9 | if [ ! -f /tmp/state/10-tomcat ]; then 10 | sleep 2 11 | 12 | echo 'Initialization Complete' >/tmp/state/10-tomcat 13 | fi 14 | 15 | echo '' 16 | echo '** Starting Tomcat' 17 | exec /usr/local/tomcat/bin/catalina.sh run 18 | -------------------------------------------------------------------------------- /tomcat/8/root/etc/cont-init.d/10-tomcat: -------------------------------------------------------------------------------- 1 | #!/usr/bin/with-contenv bash 2 | 3 | ### Set Defaults 4 | export CATALINA_OPTS=${CATALINA_OPTS:-"-Xmx${JS_Xmx} -XX:MaxPermSize=${JS_MaxPermSize} ${JS_CATALINA_OPTS}"} 5 | 6 | 7 | 8 | -------------------------------------------------------------------------------- /tomcat/8/root/etc/s6/services/10-tomcat/run: -------------------------------------------------------------------------------- 1 | #!/usr/bin/with-contenv bash 2 | 3 | while [ ! -f /tmp/state/99-container-init ] 4 | do 5 | sleep 1 6 | done 7 | 8 | 9 | if [ ! -f /tmp/state/10-tomcat ]; then 10 | sleep 2 11 | 12 | echo 'Initialization Complete' >/tmp/state/10-tomcat 13 | fi 14 | 15 | echo '' 16 | echo '** Starting Tomcat' 17 | exec /usr/local/tomcat/bin/catalina.sh run 18 | -------------------------------------------------------------------------------- /tomcat/9/root/etc/cont-init.d/10-tomcat: -------------------------------------------------------------------------------- 1 | #!/usr/bin/with-contenv bash 2 | 3 | ### Set Defaults 4 | export CATALINA_OPTS=${CATALINA_OPTS:-"-Xmx${JS_Xmx} -XX:MaxPermSize=${JS_MaxPermSize} ${JS_CATALINA_OPTS}"} 5 | 6 | 7 | 8 | -------------------------------------------------------------------------------- /tomcat/9/root/etc/s6/services/10-tomcat/run: -------------------------------------------------------------------------------- 1 | #!/usr/bin/with-contenv bash 2 | 3 | while [ ! -f /tmp/state/99-container-init ] 4 | do 5 | sleep 1 6 | done 7 | 8 | 9 | if [ ! -f /tmp/state/10-tomcat ]; then 10 | sleep 2 11 | 12 | echo 'Initialization Complete' >/tmp/state/10-tomcat 13 | fi 14 | 15 | echo '' 16 | echo '** Starting Tomcat' 17 | exec /usr/local/tomcat/bin/catalina.sh run 18 | -------------------------------------------------------------------------------- /unbound/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM aqzt/docker-alpine 2 | LABEL maintainer="aqzt.com (ppabc@qq.com)" 3 | 4 | ### Disable Features from Base Image 5 | ENV ENABLE_CRON=FALSE \ 6 | ENABLE_SMTP=FALSE 7 | 8 | ### Install Dependencies 9 | RUN apk update && \ 10 | apk add \ 11 | unbound && \ 12 | 13 | ### Configure Unbound 14 | curl ftp://ftp.internic.net/domain/named.cache > /etc/unbound/root.hints 15 | 16 | 17 | ### Add Files 18 | ADD root / 19 | 20 | ### Networking Configuration 21 | EXPOSE 53 22 | -------------------------------------------------------------------------------- /unbound/root/etc/cont-init.d/10-unbound: -------------------------------------------------------------------------------- 1 | #!/usr/bin/with-contenv bash 2 | 3 | ### Set Defaults 4 | DO_IPV6=${DO_IPV6:-yes} 5 | DO_IPV4=${DO_IPV4:-yes} 6 | DO_UDP=${DO_UDP:-yes} 7 | DO_TCP=${DO_TCP:-yes} 8 | VERBOSITY=${VERBOSITY:-0} 9 | NUM_THREADS=${NUM_THREADS:-1} 10 | SO_RCVBUFF=${SO_RCVBUFF:-0} 11 | SO_SNDBUF=${SO_SNDBUF:-0} 12 | SO_REUSEPORT=${SO_REUSEPORT:-no} 13 | EDNS_BUFFER_SIZE=${EDNS_BUFFER_SIZE:-4096} 14 | MSG_CACHE_SIZE=${MSG_CACHE_SIZE:-4m} 15 | RRSET_CACHE_SIZE=${RRSET_CACHE_SIZE:-4m} 16 | CACHE_MIN_TTL=${CACHE_MIN_TTL:-0} 17 | CACHE_MAX_TTL=${CACHE_MAX_TTL:-86400} 18 | CACHE_MAX_NEGATIVE_TTL=${CACHE_MAX_NEGATIVE_TTL:-3600} 19 | HIDE_IDENTITY=${HIDE_IDENTITY:-no} 20 | HIDE_VERSION=${HIDE_VERSION:-no} 21 | STATISTICS_INTERVAL=${STATISTICS_INTERVAL:-0} 22 | STATISTICS_CUMULATIVE=${STATISTICS_CUMULATIVE:-no} 23 | EXTENDED_STATISTICS=${EXTENDED_STATISTICS:-no} 24 | 25 | ### Adjust Runtime Variables 26 | sed -i 's/{{DO_IPV6}}/'"${DO_IPV6}"'/' /etc/unbound/unbound.conf 27 | sed -i 's/{{DO_IPV4}}/'"${DO_IPV4}"'/' /etc/unbound/unbound.conf 28 | sed -i 's/{{DO_UDP}}/'"${DO_UDP}"'/' /etc/unbound/unbound.conf 29 | sed -i 's/{{DO_TCP}}/'"${DO_TCP}"'/' /etc/unbound/unbound.conf 30 | sed -i 's/{{VERBOSITY}}/'"${VERBOSITY}"'/' /etc/unbound/unbound.conf 31 | sed -i 's/{{NUM_THREADS}}/'"${NUM_THREADS}"'/' /etc/unbound/unbound.conf 32 | sed -i 's/{{SO_RCVBUFF}}/'"${SO_RCVBUFF}"'/' /etc/unbound/unbound.conf 33 | sed -i 's/{{SO_SNDBUF}}/'"${SO_SNDBUF}"'/' /etc/unbound/unbound.conf 34 | sed -i 's/{{SO_REUSEPORT}}/'"${SO_REUSEPORT}"'/' /etc/unbound/unbound.conf 35 | sed -i 's/{{EDNS_BUFFER_SIZE}}/'"${EDNS_BUFFER_SIZE}"'/' /etc/unbound/unbound.conf 36 | sed -i 's/{{MSG_CACHE_SIZE}}/'"${MSG_CACHE_SIZE}"'/' /etc/unbound/unbound.conf 37 | sed -i 's/{{RRSET_CACHE_SIZE}}/'"${RRSET_CACHE_SIZE}"'/' /etc/unbound/unbound.conf 38 | sed -i 's/{{CACHE_MIN_TTL}}/'"${CACHE_MIN_TTL}"'/' /etc/unbound/unbound.conf 39 | sed -i 's/{{CACHE_MAX_TTL}}/'"${CACHE_MAX_TTL}"'/' /etc/unbound/unbound.conf 40 | sed -i 's/{{CACHE_MAX_NEGATIVE_TTL}}/'"${CACHE_MAX_NEGATIVE_TTL}"'/' /etc/unbound/unbound.conf 41 | sed -i 's/{{HIDE_IDENTITY}}/'"${HIDE_IDENTITY}"'/' /etc/unbound/unbound.conf 42 | sed -i 's/{{HIDE_VERSION}}/'"${HIDE_VERSION}"'/' /etc/unbound/unbound.conf 43 | sed -i 's/{{STATISTICS_INTERVAL}}/'"${STATISTICS_INTERVAL}"'/' /etc/unbound/unbound.conf 44 | sed -i 's/{{STATISTICS_CUMULATIVE}}/'"${STATISTICS_CUMULATIVE}"'/' /etc/unbound/unbound.conf 45 | sed -i 's/{{EXTENDED_STATISTICS}}/'"${EXTENDED_STATISTICS}"'/' /etc/unbound/unbound.conf 46 | 47 | mkdir -p /tmp/state 48 | touch /tmp/state/10-unbound-init 49 | 50 | -------------------------------------------------------------------------------- /unbound/root/etc/s6/services/10-unbound/run: -------------------------------------------------------------------------------- 1 | #!/usr/bin/with-contenv bash 2 | 3 | while [ ! -f /tmp/state/99-container-init ] 4 | do 5 | sleep 1 6 | done 7 | 8 | if [ ! -f /tmp/state/10-unbound ]; then 9 | echo 'Initialization Complete' >/tmp/state/10-unbound 10 | fi 11 | 12 | echo '' 13 | echo '** Starting unbound' 14 | exec unbound -d -v 15 | 16 | -------------------------------------------------------------------------------- /varnish/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM aqzt/docker-alpine 2 | LABEL maintainer="aqzt.com (ppabc@qq.com)" 3 | 4 | RUN apk --update upgrade && apk add varnish 5 | 6 | ADD root / 7 | 8 | EXPOSE 80 81 9 | 10 | 11 | -------------------------------------------------------------------------------- /varnish/README.md: -------------------------------------------------------------------------------- 1 | ## 基于Alpine系统的varnish镜像 2 | 3 | ### 概述 4 | 使用Dockerfile构建基于Alpine系统的varnish镜像,并采用supervise守护进程。 5 | 6 | ### 使用说明 7 | ``` 8 | docker run --name=varnish --restart=always -d -p 80:80 -p 81:81 aqzt/docker-alpine:varnish 9 | docker run --name=varnish --restart=always -d -p 80:80 -p 81:81 -v /varnish:/etc/varnish aqzt/docker-alpine:varnish 10 | 或者采用host方式 11 | docker run --name=varnish --restart=always -d --net=host -v /varnish:/etc/varnish aqzt/docker-alpine:varnish 12 | 13 | ``` 14 | 15 | 使用docker exec进入容器 16 | ``` 17 | docker exec -ti "CONTAINER ID" /bin/sh 18 | ``` -------------------------------------------------------------------------------- /varnish/root/etc/s6/services/35-varnish/run: -------------------------------------------------------------------------------- 1 | #!/usr/bin/with-contenv bash 2 | 3 | while [ ! -f /tmp/state/99-container-init ] 4 | do 5 | sleep 1 6 | done 7 | 8 | if [ ! -f /tmp/state/35-varnish ]; then 9 | mkdir -p /tmp/state 10 | echo 'Initialization Complete' >/tmp/state/35-varnish 11 | fi 12 | 13 | exec /usr/sbin/varnishd -F -f /etc/varnish/default.vcl -s malloc,300M -a 0.0.0.0:80 -a 0.0.0.0:81,PROXY 14 | 15 | -------------------------------------------------------------------------------- /varnish/root/etc/varnish/default.vcl: -------------------------------------------------------------------------------- 1 | # varnishd -f /etc/varnish/default.vcl -s malloc,100M -a 0.0.0.0:80 -a 0.0.0.0:81,PROXY 2 | vcl 4.0; 3 | 4 | 5 | backend default { 6 | .host = "172.17.0.4"; 7 | .port = "80"; 8 | } 9 | 10 | -------------------------------------------------------------------------------- /zabbix/agentd/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM alpine:3.7 2 | LABEL maintainer="ppabc (ppabc@qq.com)" 3 | 4 | ### Set Defaults 5 | ARG S6_OVERLAY_VERSION=v1.21.2.2 6 | ENV DEBUG_MODE=FALSE \ 7 | ENABLE_CRON=FALSE \ 8 | ENABLE_SMTP=FALSE \ 9 | ENABLE_ZABBIX=TRUE 10 | 11 | ### Add Zabbix User First 12 | RUN set -x ; \ 13 | addgroup -g 10050 zabbix ; \ 14 | adduser -S -D -H -h /dev/null -s /sbin/nologin -G zabbix -u 10050 zabbix ;\ 15 | 16 | ### Install MailHog 17 | apk --no-cache add --virtual mailhog-build-dependencies \ 18 | go \ 19 | git \ 20 | musl-dev \ 21 | ; \ 22 | mkdir -p /usr/src/gocode ; \ 23 | export GOPATH=/usr/src/gocode ; \ 24 | go get github.com/mailhog/MailHog ; \ 25 | go get github.com/mailhog/mhsendmail ; \ 26 | mv /usr/src/gocode/bin/MailHog /usr/local/bin ; \ 27 | mv /usr/src/gocode/bin/mhsendmail /usr/local/bin ; \ 28 | rm -rf /usr/src/gocode ; \ 29 | apk del --purge mailhog-build-dependencies ; \ 30 | adduser -S -D -H -h /dev/null -u 1025 mailhog ; \ 31 | 32 | ### Add Core Utils 33 | apk --no-cache upgrade ; \ 34 | apk --no-cache add \ 35 | bash \ 36 | curl \ 37 | grep \ 38 | less \ 39 | logrotate \ 40 | msmtp \ 41 | nano \ 42 | sudo \ 43 | tzdata \ 44 | vim \ 45 | zabbix-agent \ 46 | zabbix-utils \ 47 | ; \ 48 | rm -rf /var/cache/apk/* ; \ 49 | rm -rf /etc/logrotate.d/acpid ; \ 50 | cp -R /usr/share/zoneinfo/Asia/Shanghai /etc/localtime ; \ 51 | echo 'Asia/Shanghai' > /etc/timezone ; \ 52 | echo '%zabbix ALL=(ALL) NOPASSWD:ALL' >> /etc/sudoers ; \ 53 | 54 | ### S6 Installation 55 | curl -sSL https://github.com/just-containers/s6-overlay/releases/download/${S6_OVERLAY_VERSION}/s6-overlay-amd64.tar.gz | tar xfz - -C / ; \ 56 | 57 | ### Add Folders 58 | mkdir -p /assets/cron 59 | 60 | ADD root / 61 | 62 | ### Networking Configuration 63 | EXPOSE 1025 8025 10050/TCP 64 | 65 | ### Entrypoint Configuration 66 | ENTRYPOINT ["/init"] 67 | -------------------------------------------------------------------------------- /zabbix/agentd/Dockerfile-aliyun: -------------------------------------------------------------------------------- 1 | FROM alpine:3.7 2 | LABEL maintainer="ppabc (ppabc@qq.com)" 3 | RUN echo "https://mirrors.aliyun.com/alpine/v3.7/main" > /etc/apk/repositories 4 | RUN echo "https://mirrors.aliyun.com/alpine/v3.7/community" >> /etc/apk/repositories 5 | 6 | ### Set Defaults 7 | ARG S6_OVERLAY_VERSION=v1.21.2.2 8 | ENV DEBUG_MODE=FALSE \ 9 | ENABLE_CRON=FALSE \ 10 | ENABLE_SMTP=FALSE \ 11 | ENABLE_ZABBIX=FALSE 12 | 13 | ### Add Zabbix User First 14 | RUN set -x ; \ 15 | addgroup -g 10050 zabbix ; \ 16 | adduser -S -D -H -h /dev/null -s /sbin/nologin -G zabbix -u 10050 zabbix ;\ 17 | 18 | ### Install MailHog 19 | apk --no-cache add --virtual mailhog-build-dependencies \ 20 | go \ 21 | git \ 22 | musl-dev \ 23 | ; \ 24 | mkdir -p /usr/src/gocode ; \ 25 | export GOPATH=/usr/src/gocode ; \ 26 | go get github.com/mailhog/MailHog ; \ 27 | go get github.com/mailhog/mhsendmail ; \ 28 | mv /usr/src/gocode/bin/MailHog /usr/local/bin ; \ 29 | mv /usr/src/gocode/bin/mhsendmail /usr/local/bin ; \ 30 | rm -rf /usr/src/gocode ; \ 31 | apk del --purge mailhog-build-dependencies ; \ 32 | adduser -S -D -H -h /dev/null -u 1025 mailhog ; \ 33 | 34 | ### Add Core Utils 35 | apk --no-cache upgrade ; \ 36 | apk --no-cache add \ 37 | bash \ 38 | curl \ 39 | grep \ 40 | less \ 41 | logrotate \ 42 | msmtp \ 43 | nano \ 44 | sudo \ 45 | tzdata \ 46 | vim \ 47 | zabbix-agent \ 48 | zabbix-utils \ 49 | ; \ 50 | rm -rf /var/cache/apk/* ; \ 51 | rm -rf /etc/logrotate.d/acpid ; \ 52 | cp -R /usr/share/zoneinfo/Asia/Shanghai /etc/localtime ; \ 53 | echo 'Asia/Shanghai' > /etc/timezone ; \ 54 | echo '%zabbix ALL=(ALL) NOPASSWD:ALL' >> /etc/sudoers ; \ 55 | 56 | ### S6 Installation 57 | curl -sSL https://github.com/just-containers/s6-overlay/releases/download/${S6_OVERLAY_VERSION}/s6-overlay-amd64.tar.gz | tar xfz - -C / ; \ 58 | 59 | ### Add Folders 60 | mkdir -p /assets/cron 61 | 62 | ADD root / 63 | 64 | ### Networking Configuration 65 | EXPOSE 1025 8025 10050/TCP 66 | 67 | ### Entrypoint Configuration 68 | ENTRYPOINT ["/init"] 69 | -------------------------------------------------------------------------------- /zabbix/agentd/agent-install.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | echo "agent-install.sh zabbix-server-IP zabbix-agentd-IP" 3 | if [ "$1" == "" ];then 4 | echo "example:agent-install.sh zabbix-server-IP zabbix-agentd-IP" 5 | exit 1 6 | fi 7 | if [ "$2" == "" ];then 8 | echo "example:agent-install.sh zabbix-server-IP zabbix-agentd-IP" 9 | exit 1 10 | fi 11 | 12 | sleep 3 13 | zabbixdir=`pwd` 14 | zabbix_version=3.4.8 15 | ip=`ip addr |grep inet |egrep -v "inet6|127.0.0.1" |awk '{print $2}' |awk -F "/" '{print $1}'` 16 | echo "当前目录为:$zabbixdir" 17 | echo "本机ip为:$ip" 18 | #cat $zabbixdir/Readme 19 | ServerIP=$1 20 | AgentdIP=$2 21 | echo "zabbix服务器ip为:$ServerIP" 22 | isY="y" 23 | if [ "${isY}" != "y" ] && [ "${isY}" != "Y" ] && [ "${isY}" != "yes" ] && [ "${isY}" != "YES" ];then 24 | exit 1 25 | fi 26 | echo "安装相关组件" 27 | yum install -y ntpdate gcc gcc-c++ wget unixODBC unixODBC-devel 28 | echo "同步服务器时间" 29 | ntpdate asia.pool.ntp.org 30 | echo "创建zabbix用户" 31 | groupadd zabbix 32 | useradd -g zabbix zabbix 33 | 34 | echo "安装zabbix-agent" 35 | sleep 3 36 | wget http://netix.dl.sourceforge.net/project/zabbix/ZABBIX%20Latest%20Stable/$zabbix_version/zabbix-${zabbix_version}.tar.gz 37 | #wget http://$ServerIP/zabbix/zabbix-${zabbix_version}.tar.gz 38 | tar zxvf $zabbixdir/zabbix-${zabbix_version}.tar.gz 39 | cd $zabbixdir/zabbix-${zabbix_version} 40 | echo `pwd` 41 | ./configure --prefix=/usr/local/zabbix/ --enable-agent 42 | sleep 3 43 | make 44 | make install 45 | echo "配置zabbix server ip为 $ServerIP" 46 | #sed -i "s/Server=127.0.0.1/Server=$ServerIP/g" /usr/local/zabbix/etc/zabbix_agentd.conf 47 | cat >/usr/local/zabbix/etc/zabbix_agentd.conf<|$ZABBIX_LOGFILE|g" /etc/zabbix/zabbix_agentd.conf 36 | sed -i -e "s//$ZABBIX_LOGFILESIZE/g" /etc/zabbix/zabbix_agentd.conf 37 | sed -i -e "s//$ZABBIX_DEBUGLEVEL/g" /etc/zabbix/zabbix_agentd.conf 38 | sed -i -e "s//$ZABBIX_REMOTECOMMANDS/g" /etc/zabbix/zabbix_agentd.conf 39 | sed -i -e "s//$ZABBIX_REMOTECOMMANDS_LOG/g" /etc/zabbix/zabbix_agentd.conf 40 | sed -i -e "s||$ZABBIX_SERVER|g" /etc/zabbix/zabbix_agentd.conf 41 | sed -i -e "s//$ZABBIX_LISTEN_PORT/g" /etc/zabbix/zabbix_agentd.conf 42 | sed -i -e "s//$ZABBIX_LISTEN_IP/g" /etc/zabbix/zabbix_agentd.conf 43 | sed -i -e "s//$ZABBIX_START_AGENTS/g" /etc/zabbix/zabbix_agentd.conf 44 | sed -i -e "s//$ZABBIX_SERVER_ACTIVE/g" /etc/zabbix/zabbix_agentd.conf 45 | sed -i -e "s//$ZABBIX_HOSTNAME/g" /etc/zabbix/zabbix_agentd.conf 46 | sed -i -e "s//$ZABBIX_REFRESH_ACTIVE_CHECKS/g" /etc/zabbix/zabbix_agentd.conf 47 | sed -i -e "s//$ZABBIX_BUFFER_SEND/g" /etc/zabbix/zabbix_agentd.conf 48 | sed -i -e "s//$ZABBIX_BUFFER_SIZE/g" /etc/zabbix/zabbix_agentd.conf 49 | sed -i -e "s//$ZABBIX_MAXLINES_SECOND/g" /etc/zabbix/zabbix_agentd.conf 50 | sed -i -e "s//$ZABBIX_ALLOW_ROOT/g" /etc/zabbix/zabbix_agentd.conf 51 | sed -i -e "s//$ZABBIX_USER/g" /etc/zabbix/zabbix_agentd.conf 52 | sed -i -e "s//$ZABBIX_TIMEOUT/g" /etc/zabbix/zabbix_agentd.conf 53 | sed -i -e "s//$ZABBIX_UNSAFEUSERPARAMETERS/g" /etc/zabbix/zabbix_agentd.conf 54 | 55 | 56 | mkdir -p ${ZABBIX_LOGFILE%/*} 57 | chown -R $ZABBIX_USER ${ZABBIX_LOGFILE%/*} 58 | chown -R $ZABBIX_USER /etc/zabbix/ 59 | else 60 | echo "**** [zabbix] Disabling Zabbix" 61 | s6-svc -d /var/run/s6/services/`basename $0` 62 | fi 63 | 64 | mkdir -p /tmp/state 65 | touch /tmp/state/`basename $0`-init 66 | -------------------------------------------------------------------------------- /zabbix/agentd/root/etc/cont-init.d/03-cron: -------------------------------------------------------------------------------- 1 | #!/usr/bin/with-contenv bash 2 | 3 | ### Set Defaults 4 | ENABLE_CRON=${ENABLE_CRON:-"TRUE"} 5 | 6 | ### Check to see if Enabled/Disabled 7 | if [ "$ENABLE_CRON" = "FALSE" ] || [ "$ENABLE_CRON" = "false" ]; then 8 | echo "**** [cron] Disabling Cron" 9 | s6-svc -d /var/run/s6/services/`basename $0` 10 | else 11 | echo "**** [cron] Enabling Cron" 12 | fi 13 | 14 | mkdir -p /tmp/state 15 | touch /tmp/state/`basename $0`-init 16 | -------------------------------------------------------------------------------- /zabbix/agentd/root/etc/cont-init.d/04-smtp: -------------------------------------------------------------------------------- 1 | #!/usr/bin/with-contenv bash 2 | 3 | s6-svc -d /var/run/s6/services/`basename $0` 4 | DEBUG_SMTP=${DEBUG_SMTP:-"FALSE"} 5 | ENABLE_SMTP=${ENABLE_SMTP:-"TRUE"} 6 | SMTP_HOST=${SMTP_HOST:-"postfix-relay"} 7 | SMTP_PORT=${SMTP_PORT:-"25"} 8 | SMTP_DOMAIN=${SMTP_DOMAIN:-"docker"} 9 | SMTP_MAILDOMAIN=${SMTP_MAILDOMAIN:-"example.org"} 10 | SMTP_TLS=${SMTP_TLS:-"off"} 11 | SMTP_STARTTLS=${SMTP_STARTTLS:-"off"} 12 | SMTP_SMTP_TLSCERTCHECK=${SMTP_TLSCERTCHECK:-"off"} 13 | DEBUG_SMTP=${DEBUG_SMTP:-"FALSE"} 14 | 15 | ### Debug Mode - Enable MailHog 16 | if [ "$DEBUG_SMTP" = "TRUE" ] || [ "$DEBUG_SMTP" = "true" ] || [ "$DEBUG_MODE" = "true" ] || [ "$DEBUG_MODE" = "TRUE" ]; then 17 | ENABLE_SMTP=FALSE 18 | 19 | case "SMTP_HOST" in 20 | "postfix-relay") 21 | SMTP_HOST=localhost 22 | ;; 23 | "mailcatcher") 24 | echo '' 25 | ;; 26 | esac 27 | 28 | echo '### Automatically Generated on Container Start. See Documentation on how to set!' >/etc/msmtp 29 | echo 'account default ' >>/etc/msmtp 30 | echo 'host '$SMTP_HOST >>/etc/msmtp 31 | echo 'port 1025' >>/etc/msmtp 32 | echo 'domain ' $SMTP_DOMAIN >>/etc/msmtp 33 | echo 'maildomain ' $SMTP_MAILDOMAIN >>/etc/msmtp 34 | echo 'tls '$SMTP_TLS >>/etc/msmtp 35 | echo 'tls_starttls '$SMTP_STARTTLS >>/etc/msmtp 36 | echo 'tls_certcheck '$SMTP_TLSCERTCHECK >>/etc/msmtp 37 | 38 | rm -f /usr/sbin/sendmail 39 | ln -s /usr/bin/msmtp /usr/sbin/sendmail 40 | 41 | s6-svc -u /var/run/s6/services/`basename $0` 42 | echo '**** [smtp] [debug] SMTP Mailcatcher Enabled at Port 1025, Visit http://127.0.0.1:8025 for Web Interface' 43 | fi 44 | 45 | ### Enable or Disable SMTP 46 | if [ "$ENABLE_SMTP" = "TRUE" ] || [ "$ENABLE_SMTP" = "true" ]; then 47 | 48 | rm -f /usr/sbin/sendmail 49 | ln -s /usr/bin/msmtp /usr/sbin/sendmail 50 | 51 | echo '### Automatically Generated on Container Start. See Documentation on how to set!' >/etc/msmtp 52 | echo 'account default ' >>/etc/msmtp 53 | echo 'host ' $SMTP_HOST >>/etc/msmtp 54 | echo 'port ' $SMTP_PORT >>/etc/msmtp 55 | echo 'domain ' $SMTP_DOMAIN >>/etc/msmtp 56 | echo 'maildomain ' $SMTP_MAILDOMAIN >>/etc/msmtp 57 | if [ -n "$SMTP_AUTHENTICATION" ]; then echo 'auth '$SMTP_AUTHENTICATION >>/etc/msmtp; fi 58 | if [ -n "$SMTP_USER" ]; then echo 'user '$SMTP_USER >>/etc/msmtp; fi 59 | if [ -n "$SMTP_PASS" ]; then echo 'password '$SMTP_PASS >>/etc/msmtp; fi 60 | echo 'tls '$SMTP_TLS >>/etc/msmtp 61 | echo 'tls_starttls '$SMTP_STARTTLS >>/etc/msmtp 62 | echo 'tls_certcheck '$SMTP_TLSCERTCHECK >>/etc/msmtp 63 | 64 | export ENABLE_SMTP=TRUE 65 | echo '**** [smtp] Sendmail replaced and enabled to route mail to: '$SMTP_HOST 66 | else 67 | echo '**** [smtp] Disabling SMTP Features' 68 | fi 69 | 70 | mkdir -p /tmp/state 71 | touch /tmp/state/`basename $0`-init 72 | -------------------------------------------------------------------------------- /zabbix/agentd/root/etc/cont-init.d/99-container-init: -------------------------------------------------------------------------------- 1 | #!/usr/bin/with-contenv bash 2 | 3 | ### Timezone Setup 4 | if [ -n "$TIMEZONE" ]; then 5 | set_timezone () { 6 | if [ -f /usr/share/zoneinfo/$TIMEZONE ]; then 7 | echo "**** [timezone] Setting timezone to $TIMEZONE" 8 | cp -R /usr/share/zoneinfo/$1 /etc/localtime 9 | echo $1 > /etc/timezone 10 | else 11 | echo "**** [timezone] ERROR: Timezone $TIMEZONE does not exist - Skipping.." 12 | fi 13 | } 14 | 15 | if [ ! -d /usr/share/zoneinfo ]; then 16 | apk add --update tzdata 17 | set_timezone $TIMEZONE 18 | apk del tzdata 19 | rm -rf /var/cache/apk/* 20 | else 21 | set_timezone $TIMEZONE 22 | fi 23 | fi 24 | 25 | 26 | mkdir -p /tmp/state 27 | touch /tmp/state/99-container-init 28 | -------------------------------------------------------------------------------- /zabbix/agentd/root/etc/fix-attrs.d/02-zabbix: -------------------------------------------------------------------------------- 1 | /etc/zabbix/ true zabbix 0755 0755 2 | -------------------------------------------------------------------------------- /zabbix/agentd/root/etc/fix-attrs.d/03-logrotate: -------------------------------------------------------------------------------- 1 | /etc/logrotate.d true root 0644 0644 2 | -------------------------------------------------------------------------------- /zabbix/agentd/root/etc/s6/services/02-zabbix/run: -------------------------------------------------------------------------------- 1 | #!/usr/bin/with-contenv bash 2 | 3 | while [ ! -f /tmp/state/99-container-init ] 4 | do 5 | sleep 1 6 | done 7 | 8 | ### Start Zabbix 9 | echo '' 10 | echo '** [zabbix] Starting Zabbix Agent' 11 | 12 | exec s6-setuidgid zabbix zabbix_agentd -f >/dev/null 2>&1; 13 | -------------------------------------------------------------------------------- /zabbix/agentd/root/etc/s6/services/03-cron/run: -------------------------------------------------------------------------------- 1 | #!/usr/bin/with-contenv bash 2 | 3 | while [ ! -f /tmp/state/99-container-init ] 4 | do 5 | sleep 1 6 | done 7 | 8 | if [ ! -f /tmp/state/`basename $0` ]; then 9 | echo ' ' 10 | sleep 60 11 | echo '59 23 * * * logrotate -f /etc/logrotate.d/* >/dev/null 2>&1' >>/assets/cron/crontab.txt 12 | mkdir -p /tmp/state/ 13 | echo 'Initialization Complete' >/tmp/state/`basename $0` 14 | fi 15 | 16 | echo '** [cron] Starting cron' 17 | 18 | if [ -d /assets/cron-custom ]; then 19 | echo '** [cron] Found Custom Crontab - Merging' 20 | cat /assets/cron-custom/* >>/assets/cron/crontab.txt 21 | fi 22 | 23 | /usr/bin/crontab /assets/cron/crontab.txt 24 | exec /usr/sbin/crond -f -l 8 >/dev/null 2>&1; 25 | -------------------------------------------------------------------------------- /zabbix/agentd/root/etc/s6/services/04-smtp/run: -------------------------------------------------------------------------------- 1 | #!/usr/bin/with-contenv bash 2 | 3 | while [ ! -f /tmp/state/99-container-init ] 4 | do 5 | sleep 1 6 | done 7 | 8 | if [[ "$DEBUG_SMTP" = "TRUE" ]] || [[ "$DEBUG_SMTP" = "true" ]] || [[ "$DEBUG_MODE" = "true" ]] || [[ "$DEBUG_MODE" = "TRUE" ]]; then 9 | exec s6-setuidgid mailhog MailHog; 10 | fi 11 | -------------------------------------------------------------------------------- /zabbix/agentd/root/etc/zabbix/zabbix_agentd.conf: -------------------------------------------------------------------------------- 1 | LogFile= 2 | LogFileSize= 3 | DebugLevel= 4 | EnableRemoteCommands= 5 | LogRemoteCommands= 6 | Server= 7 | ListenPort= 8 | ListenIP= 9 | StartAgents= 10 | ServerActive= 11 | Hostname= 12 | RefreshActiveChecks= 13 | BufferSend= 14 | BufferSize= 15 | MaxLinesPerSecond= 16 | AllowRoot= 17 | User= 18 | Timeout= 19 | UnsafeUserParameters= 20 | HostMetadataItem=system.uname 21 | Include=/etc/zabbix/zabbix_agentd.conf.d/*.conf 22 | -------------------------------------------------------------------------------- /zabbix/agentd/root/etc/zabbix/zabbix_agentd.conf.d/.hidden: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aqzt/docker-alpine/6495a41fcdba25db9f2b159d02eafcd8b52246dd/zabbix/agentd/root/etc/zabbix/zabbix_agentd.conf.d/.hidden -------------------------------------------------------------------------------- /zabbix/agentd/root/etc/zabbix/zabbix_agentd.conf.d/container_os.conf: -------------------------------------------------------------------------------- 1 | UserParameter=agent.os,grep "PRETTY_NAME" /etc/os-release | cut -d '"' -f2 2 | -------------------------------------------------------------------------------- /zabbix/agentd/root/etc/zabbix/zabbix_agentd.conf.d/updated_packages.conf: -------------------------------------------------------------------------------- 1 | UserParameter=packages.upgradable,sudo apk update >/dev/null && apk version | sed "/Installed/d" | wc -l -------------------------------------------------------------------------------- /zabbix/mysql/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM aqzt/docker-alpine:zabbix-agentd 2 | LABEL maintainer="aqzt.com (ppabc@qq.com)" 3 | 4 | ENV ENABLE_ZABBIX=TRUE 5 | 6 | RUN set -x ; \ 7 | mkdir -p /var/lib/mysql/ /run/mysqld /data/mysql/data/ /data/mysql/logs/ ; \ 8 | addgroup -g 82 -S mysql ; \ 9 | adduser -u 82 -D -S -G mysql mysql ; \ 10 | chown -R mysql:mysql /data/mysql ; \ 11 | chown -R mysql:mysql /run/mysqld ; \ 12 | chmod 777 /tmp 13 | 14 | RUN apk add --update mariadb mariadb-client zabbix-agent zabbix-utils ; \ 15 | rm -f /var/cache/apk/* 16 | 17 | ADD root / 18 | 19 | EXPOSE 3306 20 | 21 | CMD ["/mysql/startup.sh"] 22 | -------------------------------------------------------------------------------- /zabbix/mysql/root/etc/mysql/my.cnf: -------------------------------------------------------------------------------- 1 | [client] 2 | port = 3306 3 | socket = /data/mysql/data/mysql.sock 4 | 5 | [mysqld] 6 | user = root 7 | datadir=/data/mysql/data 8 | 9 | port = 3306 10 | socket = /data/mysql/data/mysql.sock 11 | pid-file = /data/mysql/data/mysql.pid 12 | explicit_defaults_for_timestamp 13 | 14 | skip_name_resolve 15 | skip_external_locking 16 | key_buffer_size = 64M 17 | table_open_cache = 1024 18 | sort_buffer_size = 2M 19 | join_buffer_size = 1M 20 | read_buffer_size = 2M 21 | read_rnd_buffer_size = 2M 22 | binlog_cache_size = 1M 23 | myisam_sort_buffer_size = 16M 24 | bulk_insert_buffer_size = 16M 25 | thread_cache_size = 512 26 | query_cache_type= 0 27 | query_cache_size= 0 28 | #thread_concurrency = 16 29 | max_allowed_packet = 256M 30 | tmp_table_size = 64M 31 | max_heap_table_size = 64M 32 | 33 | #init_connect = 'SET NAMES utf8' 34 | #skip-character-set-client-handshake 35 | character-set-server = utf8 36 | collation-server=utf8_general_ci 37 | 38 | lower_case_table_names=1 39 | 40 | wait_timeout = 3600 41 | interactive_timeout = 3600 42 | 43 | max_connections=3000 44 | back_log = 1000 45 | max_connect_errors=200000 46 | 47 | slow_query_log = 1 48 | slow_query_log_file = /data/mysql/logs/slowquery.log 49 | long_query_time = 1 50 | slow_launch_time = 1 51 | 52 | 53 | server-id = 92201 54 | log_bin=/data/mysql/logs/mysql-bin 55 | log_bin_index=/data/mysql/logs/mysql-bin.index 56 | max_binlog_size = 1G 57 | relay-log=/data/mysql/logs/relay-bin 58 | binlog_format=row 59 | slave_skip_errors = all 60 | expire_logs_days = 1 61 | #log_slave_updates = 1 62 | #skip-slave-start 63 | #read_only=1 64 | relay_log_recovery = 1 65 | slave_allow_batching = 1 66 | binlog_rows_query_log_events = 1 67 | master_info_repository = TABLE 68 | relay_log_info_repository = TABLE 69 | binlog_row_image = minimal 70 | 71 | innodb_buffer_pool_size = 1G 72 | innodb_buffer_pool_instances = 1 73 | 74 | innodb_data_file_path = ibdata1:512M:autoextend 75 | innodb_log_group_home_dir = /data/mysql/logs 76 | innodb_log_files_in_group = 3 77 | innodb_log_file_size = 1G 78 | innodb_log_buffer_size = 32M 79 | innodb_flush_log_at_trx_commit = 2 80 | innodb_lock_wait_timeout = 30 81 | innodb_thread_concurrency = 32 82 | innodb_thread_concurrency = 8 83 | innodb_file_per_table = 1 84 | innodb_io_capacity = 200 85 | innodb_read_io_threads = 4 86 | innodb_write_io_threads = 4 87 | innodb_flush_method = O_DIRECT 88 | innodb_file_format=barracuda 89 | transaction_isolation = read-committed 90 | 91 | innodb_buffer_pool_load_at_startup = 1 92 | innodb_buffer_pool_dump_at_shutdown = 1 93 | 94 | [mysqldump] 95 | quick 96 | max_allowed_packet = 512M 97 | 98 | [mysql] 99 | no-auto-rehash 100 | # Remove the next comment character if you are not familiar with SQL 101 | #safe-updates 102 | 103 | [myisamchk] 104 | key_buffer = 128M 105 | sort_buffer_size = 128M 106 | read_buffer = 2M 107 | write_buffer = 2M 108 | 109 | [mysqlhotcopy] 110 | interactive-timeout 111 | -------------------------------------------------------------------------------- /zabbix/mysql/root/etc/zabbix/.my.cnf: -------------------------------------------------------------------------------- 1 | [mysql] 2 | user=root 3 | password= 4 | 5 | [mysqladmin] 6 | user=root 7 | password= 8 | -------------------------------------------------------------------------------- /zabbix/mysql/root/etc/zabbix/zabbix_agentd.conf.d/.hidden: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aqzt/docker-alpine/6495a41fcdba25db9f2b159d02eafcd8b52246dd/zabbix/mysql/root/etc/zabbix/zabbix_agentd.conf.d/.hidden -------------------------------------------------------------------------------- /zabbix/mysql/root/etc/zabbix/zabbix_agentd.conf.d/mysql.conf: -------------------------------------------------------------------------------- 1 | # For all the following commands HOME should be set to the directory that has .my.cnf file with password information. 2 | 3 | # Flexible parameter to grab global variables. On the frontend side, use keys like mysql.status[Com_insert]. 4 | # Key syntax is mysql.status[variable]. 5 | UserParameter=mysql.status[*],echo "show global status where Variable_name='$1';" | HOME=/etc/zabbix mysql -N | awk '{print $$2}' 6 | 7 | # Flexible parameter to determine database or table size. On the frontend side, use keys like mysql.size[zabbix,history,data]. 8 | # Key syntax is mysql.size[,
,]. 9 | # Database may be a database name or "all". Default is "all". 10 | # Table may be a table name or "all". Default is "all". 11 | # Type may be "data", "index", "free" or "both". Both is a sum of data and index. Default is "both". 12 | # Database is mandatory if a table is specified. Type may be specified always. 13 | # Returns value in bytes. 14 | # 'sum' on data_length or index_length alone needed when we are getting this information for whole database instead of a single table 15 | UserParameter=mysql.size[*],bash -c 'echo "select sum($(case "$3" in both|"") echo "data_length+index_length";; data|index) echo "$3_length";; free) echo "data_free";; esac)) from information_schema.tables$([[ "$1" = "all" || ! "$1" ]] || echo " where table_schema=\"$1\"")$([[ "$2" = "all" || ! "$2" ]] || echo "and table_name=\"$2\"");" | HOME=/etc/zabbix mysql -N' 16 | 17 | # Check if alive 18 | UserParameter=mysql.ping,HOME=/etc/zabbix mysqladmin ping | grep -c alive 19 | 20 | # Get Version 21 | UserParameter=mysql.version,mysql -V -------------------------------------------------------------------------------- /zabbix/mysql/root/mysql/startup.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | if [ -d /data/mysql ]; then 4 | echo "[i] MySQL directory already present, skipping creation" 5 | else 6 | echo "[i] MySQL data directory not found, creating initial DBs" 7 | mkdir -p /data/mysql/ /data/mysql/data/ /data/mysql/logs/ 8 | chown -R mysql:mysql /data/mysql/ 9 | mysql_install_db --user=mysql --datadir=/data/mysql/data/ > /dev/null 10 | 11 | if [ "$MYSQL_ROOT_PASSWORD" = "" ]; then 12 | MYSQL_ROOT_PASSWORD=111111 13 | echo "[i] MySQL root Password: $MYSQL_ROOT_PASSWORD" 14 | fi 15 | 16 | ### Set Defaults 17 | MYSQL_DATABASE=${MYSQL_DATABASE:-""} 18 | MYSQL_USER=${MYSQL_USER:-""} 19 | MYSQL_PASSWORD=${MYSQL_PASSWORD:-"111111"} 20 | 21 | ### Update for Zabbix Monitoring 22 | sed -i -e "s//$MYSQL_PASSWORD/g" /etc/zabbix/.my.cnf 23 | chmod 0700 /etc/zabbix/.my.cnf 24 | 25 | if [ ! -d "/run/mysqld" ]; then 26 | mkdir -p /run/mysqld 27 | chown -R mysql:mysql /run/mysqld 28 | fi 29 | 30 | tfile=`mktemp` 31 | if [ ! -f "$tfile" ]; then 32 | return 1 33 | fi 34 | 35 | cat << EOF > $tfile 36 | DELETE FROM mysql.user ; 37 | USE mysql; 38 | FLUSH PRIVILEGES; 39 | CREATE USER 'root'@'127.0.0.1' IDENTIFIED BY '${MYSQL_ROOT_PASSWORD}' ; 40 | CREATE USER 'root'@'172.17.0.%' IDENTIFIED BY '${MYSQL_ROOT_PASSWORD}' ; 41 | CREATE USER 'root'@'localhost' IDENTIFIED BY '${MYSQL_ROOT_PASSWORD}' ; 42 | GRANT ALL ON *.* TO 'root'@'127.0.0.1' WITH GRANT OPTION ; 43 | GRANT ALL ON *.* TO 'root'@'172.17.0.%' WITH GRANT OPTION ; 44 | GRANT ALL ON *.* TO 'root'@'localhost' WITH GRANT OPTION ; 45 | DROP DATABASE IF EXISTS test ; 46 | create user zabbix@'127.0.0.1' identified by 'zabbix'; 47 | create user zabbix@'172.17.0.%' identified by 'zabbix'; 48 | create database zabbix char set utf8; 49 | grant all on zabbix.* to zabbix@'127.0.0.1'; 50 | grant all on zabbix.* to zabbix@'172.17.0.%'; 51 | FLUSH PRIVILEGES; 52 | EOF 53 | 54 | if [ "$MYSQL_DATABASE" != "" ]; then 55 | echo "[i] Creating database: $MYSQL_DATABASE" 56 | echo "CREATE DATABASE IF NOT EXISTS \`$MYSQL_DATABASE\` CHARACTER SET utf8 COLLATE utf8_general_ci;" >> $tfile 57 | 58 | if [ "$MYSQL_USER" != "" ]; then 59 | echo "[i] Creating user: $MYSQL_USER with password $MYSQL_PASSWORD" 60 | echo "GRANT ALL ON \`$MYSQL_DATABASE\`.* to '$MYSQL_USER'@'%' IDENTIFIED BY '$MYSQL_PASSWORD';" >> $tfile 61 | fi 62 | fi 63 | 64 | /usr/bin/mysqld --user=mysql --bootstrap --datadir=/data/mysql/data/ --verbose=0 < $tfile 65 | rm -f $tfile 66 | fi 67 | 68 | 69 | exec /usr/bin/mysqld --user=mysql --datadir=/data/mysql/data --console & 70 | sleep 5 71 | /usr/bin/mysql -uroot -D zabbix -p"${MYSQL_ROOT_PASSWORD}" < "/mysql/zabbix.sql" 72 | ping 127.0.0.1 >> /dev/null 73 | -------------------------------------------------------------------------------- /zabbix/mysql/root/mysql/zabbix.sql: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aqzt/docker-alpine/6495a41fcdba25db9f2b159d02eafcd8b52246dd/zabbix/mysql/root/mysql/zabbix.sql -------------------------------------------------------------------------------- /zabbix/server/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM aqzt/docker-alpine:zabbix-agentd 2 | LABEL maintainer="aqzt.com (ppabc@qq.com)" 3 | 4 | ADD root / 5 | 6 | RUN apk update && \ 7 | apk add php7-apache2 php7-session php7-mysqli php7-mbstring sudo && \ 8 | apk add zabbix zabbix-mysql zabbix-webif zabbix-setup zabbix-utils && \ 9 | apk add coreutils net-snmp net-snmp-tools zabbix-agent mysql-client nmap && \ 10 | sed -i 's/max_execution_time = 30/max_execution_time = 600/g' /etc/php7/php.ini && \ 11 | sed -i 's/expose_php = On/expose_php = Off/g' /etc/php7/php.ini && \ 12 | sed -i '/;date.timezone =/a\date.timezone = PRC' /etc/php7/php.ini && \ 13 | sed -i 's/post_max_size = 8M/post_max_size = 32M/g' /etc/php7/php.ini && \ 14 | sed -i 's/upload_max_filesize = 2M/upload_max_filesize = 16M/g' /etc/php7/php.ini && \ 15 | sed -i 's/memory_limit = 128M/memory_limit = 256M/g' /etc/php7/php.ini && \ 16 | sed -i 's/max_input_time = 60/max_input_time = 300/g' /etc/php7/php.ini && \ 17 | sed -i '/;always_populate_raw_post_data = -1/a\always_populate_raw_post_data = -1' /etc/php7/php.ini && \ 18 | sed -i '/FpingLocation=/a\FpingLocation=/usr/sbin/fping' /etc/zabbix/zabbix_server.conf && \ 19 | mkdir -p /run/apache2 && \ 20 | chown -R apache /run/apache2 && \ 21 | rm /var/www/localhost/htdocs -R && \ 22 | mv /zabbix/msyh.ttf /usr/share/webapps/zabbix/fonts/ && \ 23 | ln -s /usr/share/webapps/zabbix /var/www/localhost/htdocs && \ 24 | mv /zabbix/zabbix.conf.php /var/www/localhost/htdocs/conf/ && \ 25 | chown -R apache /usr/share/webapps/zabbix/conf && \ 26 | addgroup zabbix readproc && \ 27 | chown -R zabbix /var/log/zabbix && \ 28 | chown -R zabbix /var/run/zabbix && \ 29 | echo "zabbix ALL=(ALL) NOPASSWD: ALL" > /etc/sudoers.d/zabbix && \ 30 | sed -i "s/DejaVuSans/msyh/" /usr/share/webapps/zabbix/include/defines.inc.php && \ 31 | sed -i "s/Listen 80/Listen 8080/" /etc/apache2/httpd.conf 32 | 33 | EXPOSE 8080 443 10050 10051 34 | 35 | CMD ["/zabbix/startup.sh"] 36 | -------------------------------------------------------------------------------- /zabbix/server/Dockerfile-mini: -------------------------------------------------------------------------------- 1 | FROM aqzt/docker-alpine:mini 2 | LABEL maintainer="aqzt.com (ppabc@qq.com)" 3 | 4 | ADD root / 5 | 6 | RUN apk update && \ 7 | apk add php7-apache2 php7-session php7-mysqli php7-mbstring sudo && \ 8 | apk add zabbix zabbix-mysql zabbix-webif zabbix-setup zabbix-utils && \ 9 | apk add coreutils net-snmp net-snmp-tools zabbix-agent mysql-client nmap && \ 10 | sed -i 's/max_execution_time = 30/max_execution_time = 600/g' /etc/php7/php.ini && \ 11 | sed -i 's/expose_php = On/expose_php = Off/g' /etc/php7/php.ini && \ 12 | sed -i '/;date.timezone =/a\date.timezone = PRC' /etc/php7/php.ini && \ 13 | sed -i 's/post_max_size = 8M/post_max_size = 32M/g' /etc/php7/php.ini && \ 14 | sed -i 's/upload_max_filesize = 2M/upload_max_filesize = 16M/g' /etc/php7/php.ini && \ 15 | sed -i 's/memory_limit = 128M/memory_limit = 256M/g' /etc/php7/php.ini && \ 16 | sed -i 's/max_input_time = 60/max_input_time = 300/g' /etc/php7/php.ini && \ 17 | sed -i '/;always_populate_raw_post_data = -1/a\always_populate_raw_post_data = -1' /etc/php7/php.ini && \ 18 | sed -i '/FpingLocation=/a\FpingLocation=/usr/sbin/fping' /etc/zabbix/zabbix_server.conf && \ 19 | mkdir -p /run/apache2 && \ 20 | chown -R apache /run/apache2 && \ 21 | rm /var/www/localhost/htdocs -R && \ 22 | mv /zabbix/msyh.ttf /usr/share/webapps/zabbix/fonts/ && \ 23 | ln -s /usr/share/webapps/zabbix /var/www/localhost/htdocs && \ 24 | mv /zabbix/zabbix.conf.php /var/www/localhost/htdocs/conf/ && \ 25 | chown -R apache /usr/share/webapps/zabbix/conf && \ 26 | addgroup zabbix readproc && \ 27 | chown -R zabbix /var/log/zabbix && \ 28 | chown -R zabbix /var/run/zabbix && \ 29 | echo "zabbix ALL=(ALL) NOPASSWD: ALL" > /etc/sudoers.d/zabbix && \ 30 | sed -i "s/DejaVuSans/msyh/" /usr/share/webapps/zabbix/include/defines.inc.php && \ 31 | sed -i "s/Listen 80/Listen 8080/" /etc/apache2/httpd.conf 32 | 33 | EXPOSE 8080 443 10050 10051 34 | 35 | CMD ["/zabbix/startup.sh"] 36 | -------------------------------------------------------------------------------- /zabbix/server/root/etc/zabbix/.my.cnf: -------------------------------------------------------------------------------- 1 | [mysql] 2 | user=root 3 | password= 4 | 5 | [mysqladmin] 6 | user=root 7 | password= 8 | -------------------------------------------------------------------------------- /zabbix/server/root/etc/zabbix/zabbix_server.conf: -------------------------------------------------------------------------------- 1 | LogFile=/var/log/zabbix/zabbix_server.log 2 | PidFile=/var/run/zabbix/zabbix_server.pid 3 | #DBHost=172.17.0.2 4 | #DBUser=zabbix 5 | #DBPassword=zabbix 6 | #DBPort=3306 7 | DBName=zabbix 8 | Timeout=10 9 | FpingLocation=/usr/sbin/fping 10 | LogSlowQueries=3000 11 | -------------------------------------------------------------------------------- /zabbix/server/root/zabbix/install.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | if [ "$MAINLAND" = "Y" ] 4 | then 5 | echo $MAINLAND 6 | fi 7 | 8 | DBHOST="127.0.0.1" 9 | DBPORT="3306" 10 | DBPASSWORD="zabbix" 11 | 12 | apk update && \ 13 | apk add php7-apache2 php7-session php7-mysqli php7-mbstring sudo && \ 14 | apk add zabbix zabbix-mysql zabbix-webif zabbix-setup zabbix-utils && \ 15 | apk add net-snmp net-snmp-tools zabbix-agent mysql-client nmap && \ 16 | sed -i 's/max_execution_time = 30/max_execution_time = 600/g' /etc/php7/php.ini && \ 17 | sed -i 's/expose_php = On/expose_php = Off/g' /etc/php7/php.ini && \ 18 | sed -i '/;date.timezone =/a\date.timezone = PRC' /etc/php7/php.ini && \ 19 | sed -i 's/post_max_size = 8M/post_max_size = 32M/g' /etc/php7/php.ini && \ 20 | sed -i 's/upload_max_filesize = 2M/upload_max_filesize = 16M/g' /etc/php7/php.ini && \ 21 | sed -i 's/memory_limit = 128M/memory_limit = 256M/g' /etc/php7/php.ini && \ 22 | sed -i 's/max_input_time = 60/max_input_time = 300/g' /etc/php7/php.ini && \ 23 | sed -i '/;always_populate_raw_post_data = -1/a\always_populate_raw_post_data = -1' /etc/php7/php.ini && \ 24 | sed -i '/FpingLocation=/a\FpingLocation=/usr/sbin/fping' /etc/zabbix/zabbix_server.conf && \ 25 | mkdir -p /run/apache2 && \ 26 | chown -R apache /run/apache2 && \ 27 | rm /var/www/localhost/htdocs -R && \ 28 | mv /zabbix/msyh.ttf /usr/share/webapps/zabbix/fonts/ && \ 29 | ln -s /usr/share/webapps/zabbix /var/www/localhost/htdocs && \ 30 | chown -R apache /usr/share/webapps/zabbix/conf && \ 31 | addgroup zabbix readproc && \ 32 | chown -R zabbix /var/log/zabbix && \ 33 | chown -R zabbix /var/run/zabbix && \ 34 | echo "zabbix ALL=(ALL) NOPASSWD: ALL" > /etc/sudoers.d/zabbix && \ 35 | sed -i "s/DejaVuSans/msyh/" /usr/share/webapps/zabbix/include/defines.inc.php && \ 36 | sed -i "s/Listen 80/Listen 8080/" /etc/apache2/httpd.conf && \ 37 | sed -i ''/DBHost=/a\DBHost=$DBHOST'' /etc/zabbix/zabbix_server.conf && \ 38 | sed -i ''/DBPort=/a\DBPort=$DBPORT'' /etc/zabbix/zabbix_server.conf && \ 39 | sed -i ''/DBPassword=/a\DBPassword=$DBPASSWORD'' /etc/zabbix/zabbix_server.conf 40 | -------------------------------------------------------------------------------- /zabbix/server/root/zabbix/msyh.ttf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aqzt/docker-alpine/6495a41fcdba25db9f2b159d02eafcd8b52246dd/zabbix/server/root/zabbix/msyh.ttf -------------------------------------------------------------------------------- /zabbix/server/root/zabbix/startup.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | DOCKER_IP=$(ip a|grep "inet "|awk -F" " '{print $2}'|awk -F"/" '{print $1}'|egrep "^172" |head -n 1) 4 | ZABBIX_SERVER_ACTIVE=${ZABBIX_SERVER_ACTIVE:-"172.17.0.2"} 5 | ZABBIX_HOSTNAME=${ZABBIX_HOSTNAME:-"$DOCKER_IP"} 6 | DBHOST=${DBHOST:-"127.0.0.1"} 7 | DBPORT=${DBPORT:-"3306"} 8 | DBUSER=${DBUSER:-"zabbix"} 9 | DBPASSWORD=${DBPASSWORD:-"zabbix"} 10 | 11 | sed -i ''/DBHost=/a\DBHost=$DBHOST'' /etc/zabbix/zabbix_server.conf 12 | sed -i ''/DBPort=/a\DBPort=$DBPORT'' /etc/zabbix/zabbix_server.conf 13 | sed -i ''/DBUser=/a\DBUser=$DBUSER'' /etc/zabbix/zabbix_server.conf 14 | sed -i ''/DBPassword=/a\DBPassword=$DBPASSWORD'' /etc/zabbix/zabbix_server.conf 15 | sed -i "s/DBHost/$DBHOST/g" /var/www/localhost/htdocs/conf/zabbix.conf.php 16 | sed -i "s/DBPort/$DBPORT/g" /var/www/localhost/htdocs/conf/zabbix.conf.php 17 | sed -i "s/DBUSER/$DBUSER/g" /var/www/localhost/htdocs/conf/zabbix.conf.php 18 | sed -i "s/DBPASSWORD/$DBPASSWORD/g" /var/www/localhost/htdocs/conf/zabbix.conf.php 19 | sed -i "s//$ZABBIX_SERVER_ACTIVE/g" /etc/zabbix/zabbix_agentd.conf 20 | sed -i "s//$ZABBIX_HOSTNAME/g" /etc/zabbix/zabbix_agentd.conf 21 | 22 | /usr/sbin/httpd 23 | ##/usr/sbin/zabbix_agentd 24 | su -p -s /bin/sh zabbix -c "/usr/sbin/zabbix_server -f" 25 | ping 127.0.0.1 >> /dev/null 26 | -------------------------------------------------------------------------------- /zabbix/server/root/zabbix/zabbix.conf.php: -------------------------------------------------------------------------------- 1 |