├── src └── index.php ├── .gitattributes ├── README.md ├── docs ├── building.md ├── logs.md ├── php_modules.md ├── xdebug.md ├── git_commands.md ├── UID_GID_Mapping.md ├── lets_encrypt.md ├── scripting_templating.md ├── guides │ ├── docker_compose.md │ └── kubernetes.md ├── nginx_configs.md ├── versioning.md ├── repo_layout.md ├── config_flags.md └── git_auth.md ├── php-conf ├── msmtprc │ └── .msmtprc ├── bitrixenv.ini └── php-fpm.conf ├── errors ├── sad.svg ├── 404.html └── style.css ├── conf ├── orignginx.conf ├── nginx.conf ├── supervisord.conf ├── orignginx-site.conf ├── orignginx-site-ssl.conf ├── nginx-site.conf └── nginx-site-ssl.conf ├── nginx-conf ├── nginx.conf ├── conf.d │ └── default.conf └── sites-available │ ├── defaultx.conf │ └── default.conf ├── scripts └── start.sh └── Dockerfile /src/index.php: -------------------------------------------------------------------------------- 1 | 5 | ``` 6 | All logs should now print out in stdout/stderr and are available via the docker logs command: 7 | ``` 8 | docker logs 9 | ``` 10 | -------------------------------------------------------------------------------- /php-conf/msmtprc/.msmtprc: -------------------------------------------------------------------------------- 1 | 2 | # smtp account configuration for default 3 | account default 4 | logfile /home/bitrix/msmtp_default.log 5 | host smtp.yandex.ru 6 | port 587 7 | from site@infoservice.ru 8 | keepbcc on 9 | auth on 10 | user site@infoservice.ru 11 | password mkmUx4WFjm 12 | 13 | tls on 14 | tls_certcheck off -------------------------------------------------------------------------------- /docs/php_modules.md: -------------------------------------------------------------------------------- 1 | ## Install PHP Modules 2 | To install and configure extra PHP modules in this image, first of all drop into the container: 3 | ``` 4 | docker exec -t -i nginx /bin/bash 5 | ``` 6 | Then configure and install your module: 7 | ``` 8 | /usr/local/bin/docker-php-ext-configure sockets 9 | /usr/local/bin/docker-php-ext-install sockets 10 | ``` 11 | Now restart php-fpm: 12 | ``` 13 | supervisorctl restart php-fpm 14 | ``` 15 | 16 | We may include a env var to do this in the future. 17 | -------------------------------------------------------------------------------- /docs/xdebug.md: -------------------------------------------------------------------------------- 1 | ## Install PHP Modules 2 | Xdebug comes pre-installed. To enable xdebug you need to add a couple environment variables: 3 | 4 | - `ENABLE_XDEBUG=1` This will add the xdebug.ini to your php extensions 5 | - `XDEBUG_CONFIG=remote_host=you.local.ip.here` Sets an xdebug remote host environment var. This is usually your actual local computers IP. 6 | - `PHP_IDE_CONFIG=serverName=NameUsedInPhpStormServerConfig` This is an example of how to use this in PhpStorm. You configure a server in php storm with a name, set that in this var. 7 | -------------------------------------------------------------------------------- /docs/git_commands.md: -------------------------------------------------------------------------------- 1 | ## Git Commands 2 | Specify the ```GIT_EMAIL``` and ```GIT_NAME``` variables for this to work. They are used to set up git correctly and allow the following commands to work. 3 | 4 | ### Push code to Git 5 | To push code changes made within the container back to git run: 6 | ``` 7 | sudo docker exec -t -i /usr/bin/push 8 | ``` 9 | ### Pull code from Git (Refresh) 10 | In order to refresh the code in a container and pull newer code from git run: 11 | ``` 12 | sudo docker exec -t -i /usr/bin/pull 13 | ``` 14 | -------------------------------------------------------------------------------- /docs/UID_GID_Mapping.md: -------------------------------------------------------------------------------- 1 | ## User / Group Identifiers 2 | Sometimes when using data volumes (`-v` flags) permissions issues can arise between the host OS and the container. We avoid this issue by allowing you to specify the user `PUID` and optionally the group `PGID`. Ensure the data volume directory on the host is owned by the same user you specify and it will "just work" ™. 3 | 4 | An example of mapping the UID and GID to the container is as follows: 5 | ``` 6 | docker run -d -e "PUID=`id -u $USER`" -e "PGID=`id -g $USER`" -v local_dir:/var/www/html richarvey/nginx-php-fpm:latest 7 | ``` 8 | This will pull your local UID/GID and map it into the container so you can edit on your host machine and the code will still run in the container. 9 | -------------------------------------------------------------------------------- /errors/sad.svg: -------------------------------------------------------------------------------- 1 | Artboard 2 -------------------------------------------------------------------------------- /docs/lets_encrypt.md: -------------------------------------------------------------------------------- 1 | ## Lets Encrypt Guide 2 | This container includes support for lets encrypt SSL certificates. The scripts includes allow you to easily setup and renew your certificates. **Please note** your container must be a fully resolvable (by dns), Internet facing server to allow this to work. 3 | ### Setup 4 | You can use Lets Encrypt to secure your container. Make sure you start the container with the ```DOMAIN, GIT_EMAIL``` and ```WEBROOT``` variables set to enable this functionality. Then run: 5 | ``` 6 | sudo docker exec -t /usr/bin/letsencrypt-setup 7 | ``` 8 | Ensure your container is accessible on the ```DOMAIN``` you supplied in order for this to work 9 | ### Renewal 10 | Lets Encrypt certs expire every 90 days, to renew simply run: 11 | ``` 12 | sudo docker exec -t /usr/bin/letsencrypt-renew 13 | ``` 14 | -------------------------------------------------------------------------------- /conf/orignginx.conf: -------------------------------------------------------------------------------- 1 | #user nobody; 2 | worker_processes auto; 3 | 4 | #error_log logs/error.log; 5 | #error_log logs/error.log notice; 6 | #error_log logs/error.log info; 7 | 8 | #pid run/nginx.pid; 9 | 10 | 11 | events { 12 | worker_connections 1024; 13 | } 14 | 15 | 16 | http { 17 | include mime.types; 18 | default_type application/octet-stream; 19 | 20 | #log_format main '$remote_addr - $remote_user [$time_local] "$request" ' 21 | # '$status $body_bytes_sent "$http_referer" ' 22 | # '"$http_user_agent" "$http_x_forwarded_for"'; 23 | 24 | #access_log logs/access.log main; 25 | 26 | sendfile on; 27 | #tcp_nopush on; 28 | 29 | #keepalive_timeout 0; 30 | keepalive_timeout 2; 31 | client_max_body_size 100m; 32 | 33 | server_tokens off; 34 | #gzip on; 35 | 36 | include /etc/nginx/sites-enabled/*; 37 | } 38 | #daemon off; 39 | 40 | -------------------------------------------------------------------------------- /docs/scripting_templating.md: -------------------------------------------------------------------------------- 1 | ## Scripting 2 | There is often an occasion where you need to run a script on code to do a transformation once code lands in the container. For this reason we have developed scripting support. By including a scripts folder in your git repository and passing the __RUN_SCRIPTS=1__ flag to your command line the container will execute your scripts. Please see the [repo layout guidelines](https://github.com/ngineered/nginx-php-fpm/blob/master/docs/repo_layout.md) for more details on how to organise this. 3 | 4 | ## Using environment variables / templating 5 | To set the variables pass them in as environment variables on the docker command line. 6 | Example: 7 | ``` 8 | sudo docker run -d -e 'YOUR_VAR=VALUE' richarvey/nginx-php-fpm 9 | ``` 10 | You can then use PHP to get the environment variable into your code: 11 | ``` 12 | string getenv ( string $YOUR_VAR ) 13 | ``` 14 | Another example would be: 15 | ``` 16 | 19 | ``` 20 | -------------------------------------------------------------------------------- /docs/guides/docker_compose.md: -------------------------------------------------------------------------------- 1 | 2 | ## Docker Compose Guide 3 | This guide will show you how to make a quick and easy docker compose file to get your container running using the compose tool. 4 | 5 | 6 | ### Creating a compose file 7 | Create a docker-compose.yml file with the following contents: 8 | 9 | ``` 10 | version: '2' 11 | 12 | services: 13 | nginx-php-fpm: 14 | image: richarvey/nginx-php-fpm:latest 15 | restart: always 16 | environment: 17 | SSH_KEY: '' 18 | GIT_REPO: 'git@github.com:/' 21 | ``` 22 | You can of course expand on this and add volumes, or extra environment parameters as defined in the [config flags](../config_flags.md) documentation. 23 | 24 | ### Running 25 | To start the container simply run: ```docker-compose up -d``` 26 | 27 | ### Clean Up 28 | To shut down the compose network and container runt he following command: ```docker-compose down``` 29 | -------------------------------------------------------------------------------- /conf/nginx.conf: -------------------------------------------------------------------------------- 1 | #user nobody; 2 | worker_processes auto; 3 | 4 | #error_log logs/error.log; 5 | #error_log logs/error.log notice; 6 | #error_log logs/error.log info; 7 | 8 | #pid run/nginx.pid; 9 | 10 | events { 11 | worker_connections 1024; 12 | } 13 | 14 | 15 | http { 16 | include mime.types; 17 | default_type application/octet-stream; 18 | 19 | #log_format main '$remote_addr - $remote_user [$time_local] "$request" ' 20 | # '$status $body_bytes_sent "$http_referer" ' 21 | # '"$http_user_agent" "$http_x_forwarded_for"'; 22 | 23 | #access_log logs/access.log main; 24 | 25 | sendfile on; 26 | #tcp_nopush on; 27 | 28 | #keepalive_timeout 0; 29 | keepalive_timeout 2; 30 | client_max_body_size 100m; 31 | 32 | server_tokens off; 33 | #gzip on; 34 | 35 | include /etc/nginx/sites-enabled/*; 36 | #include /etc/nginx/conf.d/*; 37 | 38 | # Set available website 39 | #include /etc/nginx/bx/site_available/*.conf; 40 | 41 | # Set default website 42 | #include /etc/nginx/bx/site_enabled/*.conf; 43 | 44 | # Set additional websites 45 | #include /etc/nginx/bx/site_ext_enabled/*.conf; 46 | } 47 | #daemon of -------------------------------------------------------------------------------- /nginx-conf/nginx.conf: -------------------------------------------------------------------------------- 1 | #user nobody; 2 | worker_processes auto; 3 | 4 | #error_log logs/error.log; 5 | #error_log logs/error.log notice; 6 | #error_log logs/error.log info; 7 | 8 | #pid run/nginx.pid; 9 | 10 | events { 11 | worker_connections 1024; 12 | } 13 | 14 | 15 | http { 16 | include mime.types; 17 | default_type application/octet-stream; 18 | 19 | #log_format main '$remote_addr - $remote_user [$time_local] "$request" ' 20 | # '$status $body_bytes_sent "$http_referer" ' 21 | # '"$http_user_agent" "$http_x_forwarded_for"'; 22 | 23 | #access_log logs/access.log main; 24 | 25 | sendfile on; 26 | #tcp_nopush on; 27 | 28 | #keepalive_timeout 0; 29 | keepalive_timeout 2; 30 | client_max_body_size 100m; 31 | 32 | server_tokens off; 33 | #gzip on; 34 | 35 | include /etc/nginx/sites-enabled/*; 36 | #include /etc/nginx/conf.d/*; 37 | 38 | # Set available website 39 | #include /etc/nginx/bx/site_available/*.conf; 40 | 41 | # Set default website 42 | #include /etc/nginx/bx/site_enabled/*.conf; 43 | 44 | # Set additional websites 45 | #include /etc/nginx/bx/site_ext_enabled/*.conf; 46 | } 47 | #daemon of -------------------------------------------------------------------------------- /docs/nginx_configs.md: -------------------------------------------------------------------------------- 1 | ## Custom Nginx Config files 2 | Sometimes you need a custom config file for nginx to do rewrites or password protection, etc. For this reason we've included the ability to have custom nginx configs pulled directly from your git source. Please have a read of the [repo layout guidelines](repo_layout.md) for more information. Its pretty simple to enable this, all you need to do is include a folder in the root of your repository called ```conf/nginx/``` within this folder you need to include a file called ```nginx-site.conf``` which will contain your default nginx site config. If you wish to have a custom file for SSL you simply include a file called ```nginx-site-ssl.conf``` in the same directory. These files will then be swapped in after you code is cloned. 3 | 4 | ## REAL IP / X-Forwarded-For Headers 5 | If you operate your container behind a load balancer, an ELB on AWS for example, you need to configure nginx to get the real IP and not the load balancer IP in the logs by using the X-Forwarded-For. We've provided some handy flags to let you do this. You need to set both of these to get this to work: 6 | ``` 7 | -e "REAL_IP_HEADER=1" 8 | -e "REAL_IP_FROM=Your_CIDR" 9 | ``` 10 | For example: 11 | ``` 12 | docker run -d -e "REAL_IP_HEADER=1" -e "REAL_IP_FROM=10.1.0.0/16" richarvey/nginx-php-fpm:latest 13 | ``` 14 | -------------------------------------------------------------------------------- /errors/404.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | Error - 404 8 | 9 | 10 |
11 |
12 |
13 |
14 |
15 |
16 |
17 |
18 |
19 |
20 | 21 |

Error: 404

22 |

Looks like we can't find that page

23 |
24 |
25 |
26 |
27 |
28 | 29 | 30 | 31 |
32 | 36 |
37 |
38 | 39 | 40 | -------------------------------------------------------------------------------- /php-conf/bitrixenv.ini: -------------------------------------------------------------------------------- 1 | ; Set parameters required for proper Bitrix engine functioning. 2 | ; You can redefine parameters specified in this file 3 | ; by editing /etc/php.d/z_bx_custom_settings.ini 4 | 5 | ; Configure error processing 6 | #display_errors = On 7 | #error_reporting = E_ALL & ~E_NOTICE & ~E_WARNING 8 | 9 | ; Set some more PHP parameters 10 | #enable_dl = Off 11 | short_open_tag = On 12 | allow_url_fopen = On 13 | 14 | ; Change default values of important constants 15 | max_input_vars = 10000 16 | max_file_uploads = 100 17 | max_execution_time = 300 18 | post_max_size = 1024M 19 | upload_max_filesize = 1024M 20 | pcre.backtrack_limit = 1000000 21 | pcre.recursion_limit = 14000 22 | realpath_cache_size = 4096k 23 | mysql.default_socket = /var/lib/mysqld/mysqld.sock 24 | mysqli.default_socket = /var/lib/mysqld/mysqld.sock 25 | 26 | ; Utf-8 support 27 | mbstring.func_overload = 2 28 | mbstring.internal_encoding = UTF-8 29 | 30 | ; Configure PHP sessions 31 | session.entropy_length = 128 32 | session.entropy_file = /dev/urandom 33 | session.save_path = "" 34 | session.cookie_httponly = On 35 | 36 | ; Set directory for temporary files 37 | #upload_tmp_dir = "/tmp/php_upload/www" 38 | 39 | sendmail_path = /usr/local/bin/msmtp -t -i 40 | date.timezone = Europe/Moscow 41 | memory_limit = 512M 42 | 43 | # Configure opcache 44 | opcache.validate_timestamps = 1 45 | opcache.revalidate_freq = 1 -------------------------------------------------------------------------------- /conf/supervisord.conf: -------------------------------------------------------------------------------- 1 | [unix_http_server] 2 | file=/dev/shm/supervisor.sock ; (the path to the socket file) 3 | 4 | [supervisord] 5 | logfile=/tmp/supervisord.log ; (main log file;default $CWD/supervisord.log) 6 | logfile_maxbytes=50MB ; (max main logfile bytes b4 rotation;default 50MB) 7 | logfile_backups=10 ; (num of main logfile rotation backups;default 10) 8 | loglevel=info ; (log level;default info; others: debug,warn,trace) 9 | pidfile=/tmp/supervisord.pid ; (supervisord pidfile;default supervisord.pid) 10 | nodaemon=false ; (start in foreground if true;default false) 11 | minfds=1024 ; (min. avail startup file descriptors;default 1024) 12 | minprocs=200 ; (min. avail process descriptors;default 200) 13 | user=root ; 14 | 15 | ; the below section must remain in the config file for RPC 16 | ; (supervisorctl/web interface) to work, additional interfaces may be 17 | ; added by defining them in separate rpcinterface: sections 18 | [rpcinterface:supervisor] 19 | supervisor.rpcinterface_factory = supervisor.rpcinterface:make_main_rpcinterface 20 | 21 | [supervisorctl] 22 | serverurl=unix:///dev/shm/supervisor.sock ; use a unix:// URL for a unix socket 23 | 24 | [program:php-fpm] 25 | command = /usr/local/sbin/php-fpm --nodaemonize --fpm-config /usr/local/etc/php-fpm.d/www.conf 26 | autostart=true 27 | autorestart=true 28 | priority=5 29 | stdout_logfile=/dev/stdout 30 | stdout_logfile_maxbytes=0 31 | stderr_logfile=/dev/stderr 32 | stderr_logfile_maxbytes=0 33 | 34 | [program:nginx] 35 | command=/usr/sbin/nginx -g "daemon off; error_log /dev/stderr info;" 36 | autostart=true 37 | autorestart=true 38 | priority=10 39 | stdout_events_enabled=true 40 | stderr_events_enabled=true 41 | stdout_logfile=/dev/stdout 42 | stdout_logfile_maxbytes=0 43 | stderr_logfile=/dev/stderr 44 | stderr_logfile_maxbytes=0 45 | 46 | [include] 47 | files = /etc/supervisor/conf.d/*.conf 48 | -------------------------------------------------------------------------------- /conf/orignginx-site.conf: -------------------------------------------------------------------------------- 1 | server { 2 | listen 80; ## listen for ipv4; this line is default and implied 3 | listen [::]:80 default ipv6only=on; ## listen for ipv6 4 | 5 | root /var/www/html; 6 | index index.php index.html index.htm; 7 | 8 | # Make site accessible from http://localhost/ 9 | server_name _; 10 | 11 | # Disable sendfile as per https://docs.vagrantup.com/v2/synced-folders/virtualbox.html 12 | sendfile off; 13 | 14 | # Add stdout logging 15 | error_log /dev/stdout info; 16 | access_log /dev/stdout; 17 | 18 | # Add option for x-forward-for (real ip when behind elb) 19 | #real_ip_header X-Forwarded-For; 20 | #set_real_ip_from 172.16.0.0/12; 21 | 22 | location / { 23 | # First attempt to serve request as file, then 24 | # as directory, then fall back to index.html 25 | try_files $uri $uri/ =404; 26 | } 27 | 28 | error_page 404 /404.html; 29 | location = /404.html { 30 | root /var/www/errors; 31 | internal; 32 | } 33 | 34 | location ^~ /ngd-style.css { 35 | alias /var/www/errors/style.css; 36 | access_log off; 37 | } 38 | 39 | location ^~ /ngd-sad.svg { 40 | alias /var/www/errors/sad.svg; 41 | access_log off; 42 | } 43 | 44 | # pass the PHP scripts to FastCGI server listening on socket 45 | # 46 | location ~ \.php$ { 47 | try_files $uri =404; 48 | fastcgi_split_path_info ^(.+\.php)(/.+)$; 49 | fastcgi_pass unix:/var/run/php-fpm.sock; 50 | fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; 51 | fastcgi_param SCRIPT_NAME $fastcgi_script_name; 52 | fastcgi_index index.php; 53 | include fastcgi_params; 54 | } 55 | 56 | location ~* \.(jpg|jpeg|gif|png|css|js|ico|xml)$ { 57 | expires 5d; 58 | } 59 | 60 | # deny access to . files, for security 61 | # 62 | location ~ /\. { 63 | log_not_found off; 64 | deny all; 65 | } 66 | 67 | location ^~ /.well-known { 68 | allow all; 69 | auth_basic off; 70 | } 71 | 72 | } 73 | -------------------------------------------------------------------------------- /docs/versioning.md: -------------------------------------------------------------------------------- 1 | ## Versioning 2 | We are now introducing versioning so users can stick to specific versions of software. As we are dealing with three upstream sources (nginx, php and alpine) plus our own scripts this all gets a little complex, but this document will provide a definitive source of tags and versions. 3 | 4 | We will use the [semver](http://ricostacruz.com/cheatsheets/semver.html) style notation for versioning: 5 | 6 | >This follows the format MAJOR.MINOR.PATCH (eg, 1.2.6) 7 | > 8 | - MAJOR version changes to nginx, php-fpm, alpine or potential breaking feature changes 9 | - MINOR version changes to nginx, php-fpm or scripts that are still backwards-compatible with previous versions 10 | - PATCH version minor changes and bug fixes 11 | 12 | ### Current versions and tags 13 | 14 | The latest tag will always follow the master branch in git. the other versions will have releases attached. 15 | 16 | | Docker Tag | GitHub Release | Nginx Version | PHP Version | Alpine Version | Container Scripts | 17 | |-----|-------|-----|--------|--------|--------| 18 | | latest | Master Branch |1.13.2 | 7.1.7 | 3.4 | 0.2.9 | 19 | | 1.1.1 | 1.1.1 |1.11.9 | 7.1.1 | 3.4 | 0.2.5 | 20 | | 1.1.2 | 1.1.2 |1.11.10 | 7.1.1 | 3.4 | 0.2.6 | 21 | | 1.1.3 | 1.1.3 |1.11.10 | 7.1.2 | 3.4 | 0.2.6 | 22 | | 1.1.4 | 1.1.4 |1.11.10 | 7.1.2 | 3.4 | 0.2.6 | 23 | | 1.1.5 | 1.1.5 |1.11.10 | 7.1.2 | 3.4 | 0.2.7 | 24 | | 1.1.6 | 1.1.6 |1.11.10 | 7.1.2 | 3.4 | 0.2.8 | 25 | | 1.2.0 | 1.2.0 |1.12.10 | 7.1.3 | 3.4 | 0.2.9 | 26 | | 1.2.1 | 1.2.1 |1.13.1 | 7.1.6 | 3.4 | 0.2.9 | 27 | | 1.2.2 | 1.2.2 |1.13.2 | 7.1.7 | 3.4 | 0.2.9 | 28 | | 1.2.3 | 1.2.3 |1.13.3 | 7.1.7 | 3.4 | 0.2.9 | 29 | | 1.2.4 | 1.2.4 |1.13.4 | 7.1.8 | 3.4 | 0.2.9 | 30 | | 1.2.5 | 1.2.5 |1.13.4 | 7.1.8 | 3.4 | 0.2.10 | 31 | | 1.2.6 | 1.2.6 |1.13.4 | 7.1.8 | 3.4 | 0.2.11 | 32 | | 1.3.0 | 1.3.0 |1.13.4 | 7.1.8 | 3.4 | 0.3.0 | 33 | | 1.3.1 | 1.3.1 |1.13.4 | 7.1.8 | 3.4 | 0.3.1 | 34 | | 1.3.2 | 1.3.2 |1.13.4 | 7.1.8 | 3.4 | 0.3.2 | 35 | | 1.3.3 | 1.3.3 |1.13.4 | 7.1.9 | 3.4 | 0.3.2 | 36 | | 1.3.4 | 1.3.4 |1.13.4 | 7.1.9 | 3.4 | 0.3.3 | 37 | | 1.3.5 | 1.3.5 |1.13.5 | 7.1.9 | 3.4 | 0.3.3 | 38 | 39 | These tags will be created as releases on GitHub and as tags in docker hub. 40 | 41 | ### Unmaintained tags: 42 | 43 | - php5 44 | - php7 45 | -------------------------------------------------------------------------------- /docs/repo_layout.md: -------------------------------------------------------------------------------- 1 | ## Repository Layout Guidelines 2 | 3 | We recommend laying out your source git repository in the following way, to enable you to use all the features of the container. 4 | 5 | It's important to note code will always be checked out to ```/var/www/html/``` this is for historic reasons and we may improve this in the future with a user configurable variable. If you just wish to check code out into a container and not do anything special simply put all your files in the root directory of your repository like so: 6 | 7 | ``` 8 | - repo root (/var/www/html) 9 | - index.html 10 | - more code here 11 | ``` 12 | 13 | However if you wish to use scripting support you'll want to split code and scripts up to ensure your scripts are not in the public part of your site. 14 | 15 | ``` 16 | - repo root (/var/www/html) 17 | - src 18 | - your code here 19 | - conf 20 | - nginx 21 | - nginx-site.conf 22 | - nginx-site-ssl.conf 23 | - scripts 24 | - 00-firstscript.sh 25 | - 01-second.sh 26 | - ...... 27 | ``` 28 | 29 | ### src / Webroot 30 | If you use an alternative directory for your application root like the previous example of __src/__, you can use the __WEBROOT__ variable to instruct nginx that that is where the code should be served from. 31 | 32 | ``` docker run -e 'WEBROOT=/var/www/html/src/' -e OTHER_VARS ........ ``` 33 | 34 | One example would be, if you are running craft CMS you'll end up with a repo structure like this: 35 | 36 | ``` 37 | - repo root (/var/www/html) 38 | - craft 39 | - core craft 40 | - public 41 | - index.php 42 | - other public files 43 | ``` 44 | 45 | In this case __WEBROOT__ would be set as __/var/www/html/public__ 46 | 47 | Note that if you are managing dependencies with composer, your composer.json and composer.lock files should *always* be located in the repo root, not in the directory you set as __WEBROOT__. 48 | 49 | ### conf 50 | This directory is where you can put config files you call from your scripts. It is also home to the nginx folder where you can include custom nginx config files. 51 | 52 | ### scripts 53 | Scripts are executed in order so its worth numbering them ```00,01,..,99``` to control their run order. Bash scripts are supported but, of course, you could install other run times in the first script then write your scripts in your preferred language. 54 | -------------------------------------------------------------------------------- /docs/config_flags.md: -------------------------------------------------------------------------------- 1 | ## Available Configuration Parameters 2 | The following flags are a list of all the currently supported options that can be changed by passing in the variables to docker with the -e flag. 3 | 4 | - **GIT_REPO** : URL to the repository containing your source code. If you are using a personal token, this is the https URL without https://, e.g github.com/project/ for ssh prepend with git@ e.g git@github.com:project.git 5 | - **GIT_BRANCH** : Select a specific branch (optional) 6 | - **GIT_EMAIL** : Set your email for code pushing (required for git to work) 7 | - **GIT_NAME** : Set your name for code pushing (required for git to work) 8 | - **GIT_USE_SSH** : Set this to 1 if you want to use git over SSH (instead of HTTP), useful if you want to use Bitbucket instead of GitHub 9 | - **SSH_KEY** : Private SSH deploy key for your repository base64 encoded (requires write permissions for pushing) 10 | - **GIT_PERSONAL_TOKEN** : Personal access token for your git account (required for HTTPS git access) 11 | - **GIT_USERNAME** : Git username for use with personal tokens. (required for HTTPS git access) 12 | - **WEBROOT** : Change the default webroot directory from `/var/www/html` to your own setting 13 | - **ERRORS** : Set to 1 to display PHP Errors in the browser 14 | - **HIDE_NGINX_HEADERS** : Disable by setting to 0, default behaviour is to hide nginx + php version in headers 15 | - **PHP_MEM_LIMIT** : Set higher PHP memory limit, default is 128 Mb 16 | - **PHP_POST_MAX_SIZE** : Set a larger post_max_size, default is 100 Mb 17 | - **PHP_UPLOAD_MAX_FILESIZE** : Set a larger upload_max_filesize, default is 100 Mb 18 | - **DOMAIN** : Set domain name for Lets Encrypt scripts 19 | - **REAL_IP_HEADER** : set to 1 to enable real ip support in the logs 20 | - **REAL_IP_FROM** : set to your CIDR block for real ip in logs 21 | - **RUN_SCRIPTS** : Set to 1 to execute scripts 22 | - **PGID** : Set to GroupId you want to use for nginx (helps permissions when using local volume) 23 | - **PUID** : Set to UserID you want to use for nginx (helps permissions when using local volume) 24 | - **REMOVE_FILES** : Use REMOVE_FILES=0 to prevent the script from clearing out /var/www/html (useful for working with local files) 25 | - **APPLICATION_ENV** : set this to development to prevent composer deleteing local dev dependancies 26 | - **SKIP_CHOWN** : set to 1 to avoid running chown -Rf on /var/www/html 27 | -------------------------------------------------------------------------------- /conf/orignginx-site-ssl.conf: -------------------------------------------------------------------------------- 1 | server { 2 | listen 443 ssl; 3 | listen [::]:443 ssl ipv6only=on; ## listen for ipv6 4 | 5 | root /var/www/html; 6 | index index.php index.html index.htm; 7 | 8 | # Make site accessible from http://localhost/ 9 | server_name _; 10 | ssl_certificate /etc/letsencrypt/live/##DOMAIN##/fullchain.pem; 11 | ssl_certificate_key /etc/letsencrypt/live/##DOMAIN##/privkey.pem; 12 | ssl_protocols TLSv1 TLSv1.1 TLSv1.2; 13 | ssl_ciphers HIGH:!aNULL:!MD5; 14 | 15 | # Make site accessible from http://localhost/ 16 | server_name _; 17 | 18 | # Disable sendfile as per https://docs.vagrantup.com/v2/synced-folders/virtualbox.html 19 | sendfile off; 20 | 21 | # Add stdout logging 22 | error_log /dev/stdout info; 23 | access_log /dev/stdout; 24 | 25 | # Add option for x-forward-for (real ip when behind elb) 26 | #real_ip_header X-Forwarded-For; 27 | #set_real_ip_from 172.16.0.0/12; 28 | 29 | location / { 30 | # First attempt to serve request as file, then 31 | # as directory, then fall back to index.html 32 | try_files $uri $uri/ =404; 33 | } 34 | 35 | error_page 404 /404.html; 36 | location = /404.html { 37 | root /var/www/errors; 38 | internal; 39 | } 40 | 41 | location ^~ /ngd-style.css { 42 | alias /var/www/errors/style.css; 43 | access_log off; 44 | } 45 | 46 | location ^~ /ngd-sad.svg { 47 | alias /var/www/errors/sad.svg; 48 | access_log off; 49 | } 50 | 51 | # pass the PHP scripts to FastCGI server listening on socket 52 | # 53 | location ~ \.php$ { 54 | try_files $uri =404; 55 | fastcgi_split_path_info ^(.+\.php)(/.+)$; 56 | fastcgi_pass unix:/var/run/php-fpm.sock; 57 | fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; 58 | fastcgi_param SCRIPT_NAME $fastcgi_script_name; 59 | fastcgi_index index.php; 60 | include fastcgi_params; 61 | } 62 | 63 | location ~* \.(jpg|jpeg|gif|png|css|js|ico|xml)$ { 64 | expires 5d; 65 | } 66 | 67 | # deny access to . files, for security 68 | # 69 | location ~ /\. { 70 | log_not_found off; 71 | deny all; 72 | } 73 | 74 | location ^~ /.well-known { 75 | allow all; 76 | auth_basic off; 77 | } 78 | 79 | } 80 | -------------------------------------------------------------------------------- /nginx-conf/conf.d/default.conf: -------------------------------------------------------------------------------- 1 | server { 2 | listen 80; 3 | server_name localhost; 4 | 5 | error_log /dev/stdout info; 6 | access_log /dev/stdout; 7 | 8 | #fastcgi_buffer_size 128k; 9 | #fastcgi_buffers 4 256k; 10 | #fastcgi_busy_buffers_size 256k; 11 | #charset koi8-r; 12 | #access_log /var/log/nginx/log/host.access.log main; 13 | 14 | location / { 15 | root /usr/share/nginx/html; 16 | index index.html index.htm; 17 | if (!-e $request_filename) { 18 | rewrite ^(.*)$ /bitrix/urlrewrite.php last; 19 | } 20 | } 21 | 22 | location ~ \.php$ { 23 | root html; 24 | fastcgi_pass 127.0.0.1:9000; 25 | fastcgi_index index.php; 26 | fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name; 27 | include fastcgi_params; 28 | fastcgi_read_timeout 600; 29 | if (!-f $request_filename) { 30 | rewrite ^(.*)/index.php$ / redirect; 31 | } 32 | } 33 | 34 | location ~* ^.+\.(jpg|jpeg|gif|png|svg|js|css|mp3|ogg|mpe?g|avi|zip|gz|bz2?|rar|swf)$ { 35 | access_log off; 36 | expires max; 37 | } 38 | 39 | if (!-e $request_filename) { 40 | rewrite ^(.*)$ /bitrix/urlrewrite.php last; 41 | } 42 | 43 | location ~ (/\.ht|/bitrix/modules|/upload/support/not_image) { 44 | deny all; 45 | } 46 | 47 | location ~ /.svn/ { 48 | deny all; 49 | } 50 | 51 | error_page 404 /404.html; 52 | location = /404.html { 53 | root /usr/share/nginx/html; 54 | } 55 | 56 | #error_page 404 /404.html; 57 | 58 | # redirect server error pages to the static page /50x.html 59 | # 60 | error_page 500 502 503 504 /50x.html; 61 | location = /50x.html { 62 | root /usr/share/nginx/html; 63 | } 64 | 65 | # proxy the PHP scripts to Apache listening on 127.0.0.1:80 66 | # 67 | #location ~ \.php$ { 68 | # proxy_pass http://127.0.0.1; 69 | #} 70 | 71 | # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000 72 | 73 | #location ~ \.php$ { 74 | # if (!-f $request_filename) { 75 | # rewrite ^(.*)/index.php$ $1/ redirect; 76 | # } 77 | 78 | 79 | #location @bitrix { 80 | #fastcgi_pass 127.0.0.1:9000; 81 | #include fastcgi_params; 82 | #fastcgi_param SCRIPT_FILENAME $document_root/bitrix/urlrewrite.php; 83 | #fastcgi_read_timeout 300; 84 | #} 85 | 86 | # deny access to .htaccess files, if Apache's document root 87 | # concurs with nginx's one 88 | # 89 | #location ~ /\.ht { 90 | # deny all; 91 | #} 92 | } -------------------------------------------------------------------------------- /nginx-conf/sites-available/defaultx.conf: -------------------------------------------------------------------------------- 1 | server { 2 | listen 80; 3 | server_name localhost; 4 | 5 | error_log /dev/stdout info; 6 | access_log /dev/stdout; 7 | 8 | #fastcgi_buffer_size 128k; 9 | #fastcgi_buffers 4 256k; 10 | #fastcgi_busy_buffers_size 256k; 11 | #charset koi8-r; 12 | #access_log /var/log/nginx/log/host.access.log main; 13 | 14 | location / { 15 | root /usr/share/nginx/html; 16 | index index.html index.htm; 17 | if (!-e $request_filename) { 18 | rewrite ^(.*)$ /bitrix/urlrewrite.php last; 19 | } 20 | } 21 | 22 | location ~ \.php$ { 23 | root html; 24 | fastcgi_pass 127.0.0.1:9000; 25 | fastcgi_index index.php; 26 | fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name; 27 | include fastcgi_params; 28 | fastcgi_read_timeout 600; 29 | if (!-f $request_filename) { 30 | rewrite ^(.*)/index.php$ / redirect; 31 | } 32 | } 33 | 34 | location ~* ^.+\.(jpg|jpeg|gif|png|svg|js|css|mp3|ogg|mpe?g|avi|zip|gz|bz2?|rar|swf)$ { 35 | access_log off; 36 | expires max; 37 | } 38 | 39 | if (!-e $request_filename) { 40 | rewrite ^(.*)$ /bitrix/urlrewrite.php last; 41 | } 42 | 43 | location ~ (/\.ht|/bitrix/modules|/upload/support/not_image) { 44 | deny all; 45 | } 46 | 47 | location ~ /.svn/ { 48 | deny all; 49 | } 50 | 51 | error_page 404 /404.html; 52 | location = /404.html { 53 | root /usr/share/nginx/html; 54 | } 55 | 56 | #error_page 404 /404.html; 57 | 58 | # redirect server error pages to the static page /50x.html 59 | # 60 | error_page 500 502 503 504 /50x.html; 61 | location = /50x.html { 62 | root /usr/share/nginx/html; 63 | } 64 | 65 | # proxy the PHP scripts to Apache listening on 127.0.0.1:80 66 | # 67 | #location ~ \.php$ { 68 | # proxy_pass http://127.0.0.1; 69 | #} 70 | 71 | # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000 72 | 73 | #location ~ \.php$ { 74 | # if (!-f $request_filename) { 75 | # rewrite ^(.*)/index.php$ $1/ redirect; 76 | # } 77 | 78 | 79 | #location @bitrix { 80 | #fastcgi_pass 127.0.0.1:9000; 81 | #include fastcgi_params; 82 | #fastcgi_param SCRIPT_FILENAME $document_root/bitrix/urlrewrite.php; 83 | #fastcgi_read_timeout 300; 84 | #} 85 | 86 | # deny access to .htaccess files, if Apache's document root 87 | # concurs with nginx's one 88 | # 89 | #location ~ /\.ht { 90 | # deny all; 91 | #} 92 | } -------------------------------------------------------------------------------- /docs/git_auth.md: -------------------------------------------------------------------------------- 1 | ## Git Auth 2 | There are two methods of pulling code from git, you can either use a Personal Token (recommended method) or an SSH key. 3 | 4 | **Note:** We would recommend using a git personal token over an SSH key as it simplifies the set up process. To create a personal access token on Github follow this [guide](https://help.github.com/articles/creating-an-access-token-for-command-line-use/). 5 | If your repository is on BitBucket, you can create an "app password" and use it as the personnal access token. To get an app password for BitBucket, follow this [guide](https://confluence.atlassian.com/bitbucket/app-passwords-828781300.html). 6 | 7 | ### Personal Access token 8 | 9 | You can pass the container your personal access token from your git account using the __GIT_PERSONAL_TOKEN__ flag. This token must be setup with the correct permissions in git in order to push and pull code. 10 | 11 | Since the access token acts as a password with limited access, the git push/pull uses HTTPS to authenticate. You will need to specify your __GIT_USERNAME__ and __GIT_PERSONAL_TOKEN__ variables to push and pull. You'll need to also have the __GIT_EMAIL__, __GIT_NAME__ and __GIT_REPO__ common variables defined. 12 | 13 | ``` 14 | docker run -d -e 'GIT_EMAIL=email_address' -e 'GIT_NAME=full_name' -e 'GIT_USERNAME=git_username' -e 'GIT_REPO=github.com/project' -e 'GIT_PERSONAL_TOKEN=' richarvey/nginx-php-fpm:latest 15 | ``` 16 | 17 | To pull a repository and specify a branch add the __GIT_BRANCH__ environment variable: 18 | ``` 19 | docker run -d -e 'GIT_EMAIL=email_address' -e 'GIT_NAME=full_name' -e 'GIT_USERNAME=git_username' -e 'GIT_REPO=github.com/project' -e 'GIT_PERSONAL_TOKEN=' -e 'GIT_BRANCH=stage' richarvey/nginx-php-fpm:latest 20 | ``` 21 | 22 | ### SSH keys 23 | 24 | #### Preparing your SSH key 25 | The container has the option for you to pass it the __SSH_KEY__ variable with a **base64** encoded **private** key. First generate your key and then make sure to add it to github and give it write permissions if you want to be able to push code from the container. Then run: 26 | ``` 27 | base64 -w 0 /path_to_your_private_key 28 | ``` 29 | **Note:** Copy the output, but be careful not to copy your prompt 30 | 31 | #### Running with SSH Keys 32 | 33 | To run the container and pull code simply specify the GIT_REPO URL including *git@* and then make sure you have also supplied your base64 version of your ssh deploy key: 34 | ``` 35 | sudo docker run -d -e 'GIT_NAME=full_name' -e 'GIT_USERNAME=git_username' -e 'GIT_REPO=github.com/project' -e 'SSH_KEY=BIG_LONG_BASE64_STRING_GOES_IN_HERE' richarvey/nginx-php-fpm:latest 36 | ``` 37 | 38 | To pull a repository and specify a branch add the GIT_BRANCH environment variable: 39 | ``` 40 | sudo docker run -d -e 'GIT_NAME=full_name' -e 'GIT_USERNAME=git_username' -e 'GIT_REPO=github.com/project' -e 'SSH_KEY=BIG_LONG_BASE64_STRING_GOES_IN_HERE' -e 'GIT_BRANCH=stage' richarvey/nginx-php-fpm:latest 41 | -------------------------------------------------------------------------------- /conf/nginx-site.conf: -------------------------------------------------------------------------------- 1 | server { 2 | listen 80; ## listen for ipv4; this line is default and implied 3 | listen [::]:80 default ipv6only=on; ## listen for ipv6 4 | 5 | root /var/www/html; 6 | index index.php index.html index.htm; 7 | 8 | # Make site accessible from http://localhost/ 9 | server_name _; 10 | 11 | # Disable sendfile as per https://docs.vagrantup.com/v2/synced-folders/virtualbox.html 12 | sendfile off; 13 | 14 | # Add stdout logging 15 | error_log /dev/stdout info; 16 | access_log /dev/stdout; 17 | 18 | # Add option for x-forward-for (real ip when behind elb) 19 | #real_ip_header X-Forwarded-For; 20 | #set_real_ip_from 172.16.0.0/12; 21 | 22 | location / { 23 | # First attempt to serve request as file, then 24 | # as directory, then fall back to index.html 25 | try_files $uri $uri/ =404; 26 | if (!-e $request_filename) { 27 | rewrite ^(.*)$ /bitrix/urlrewrite.php last; 28 | } 29 | } 30 | 31 | error_page 404 /404.html; 32 | location = /404.html { 33 | root /var/www/errors; 34 | internal; 35 | } 36 | 37 | #location ^~ /ngd-style.css { 38 | # alias /var/www/errors/style.css; 39 | # access_log off; 40 | #} 41 | 42 | #ocation ^~ /ngd-sad.svg { 43 | # alias /var/www/errors/sad.svg; 44 | # access_log off; 45 | #} 46 | 47 | # pass the PHP scripts to FastCGI server listening on socket 48 | # 49 | location ~ \.php$ { 50 | try_files $uri =404; 51 | fastcgi_split_path_info ^(.+\.php)(/.+)$; 52 | fastcgi_pass unix:/var/run/php-fpm.sock; 53 | fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; 54 | fastcgi_param SCRIPT_NAME $fastcgi_script_name; 55 | fastcgi_index index.php; 56 | include fastcgi_params; 57 | fastcgi_intercept_errors on; 58 | fastcgi_ignore_client_abort off; 59 | fastcgi_connect_timeout 60; 60 | fastcgi_send_timeout 300; 61 | fastcgi_read_timeout 300; 62 | fastcgi_buffer_size 128k; 63 | fastcgi_buffers 4 256k; 64 | fastcgi_busy_buffers_size 256k; 65 | fastcgi_temp_file_write_size 256k; 66 | if (!-f $request_filename) { 67 | rewrite ^(.*)/index.php$ / redirect; 68 | } 69 | } 70 | 71 | location ~* ^.+\.(jpg|jpeg|gif|png|svg|js|css|mp3|ogg|mpe?g|avi|zip|gz|bz2?|rar|swf)$ { 72 | access_log off; 73 | expires max; 74 | } 75 | 76 | if (!-e $request_filename) { 77 | rewrite ^(.*)$ /bitrix/urlrewrite.php last; 78 | } 79 | 80 | location ~ (/\.ht|/bitrix/modules|/upload/support/not_image) { 81 | deny all; 82 | } 83 | 84 | location ~ /.svn/ { 85 | deny all; 86 | } 87 | 88 | error_page 500 502 503 504 /50x.html; 89 | location = /50x.html { 90 | root /usr/share/nginx/html; 91 | } 92 | #error_page 404 /404.html; 93 | #location = /404.html { 94 | #root /usr/share/nginx/html; 95 | #} 96 | 97 | #location ~* \.(jpg|jpeg|gif|png|css|js|ico|xml)$ { 98 | # expires 5d; 99 | #} 100 | 101 | # deny access to . files, for security 102 | # 103 | 104 | #location ~ /\. { 105 | # log_not_found off; 106 | # deny all; 107 | #} 108 | 109 | #location ^~ /.well-known { 110 | # allow all; 111 | # auth_basic off; 112 | #} 113 | 114 | } -------------------------------------------------------------------------------- /nginx-conf/sites-available/default.conf: -------------------------------------------------------------------------------- 1 | server { 2 | listen 80; ## listen for ipv4; this line is default and implied 3 | listen [::]:80 default ipv6only=on; ## listen for ipv6 4 | 5 | root /var/www/html; 6 | index index.php index.html index.htm; 7 | 8 | # Make site accessible from http://localhost/ 9 | server_name _; 10 | 11 | # Disable sendfile as per https://docs.vagrantup.com/v2/synced-folders/virtualbox.html 12 | sendfile off; 13 | 14 | # Add stdout logging 15 | error_log /dev/stdout info; 16 | access_log /dev/stdout; 17 | 18 | # Add option for x-forward-for (real ip when behind elb) 19 | #real_ip_header X-Forwarded-For; 20 | #set_real_ip_from 172.16.0.0/12; 21 | 22 | location / { 23 | # First attempt to serve request as file, then 24 | # as directory, then fall back to index.html 25 | try_files $uri $uri/ =404; 26 | if (!-e $request_filename) { 27 | rewrite ^(.*)$ /bitrix/urlrewrite.php last; 28 | } 29 | } 30 | 31 | error_page 404 /404.html; 32 | location = /404.html { 33 | root /var/www/errors; 34 | internal; 35 | } 36 | 37 | #location ^~ /ngd-style.css { 38 | # alias /var/www/errors/style.css; 39 | # access_log off; 40 | #} 41 | 42 | #ocation ^~ /ngd-sad.svg { 43 | # alias /var/www/errors/sad.svg; 44 | # access_log off; 45 | #} 46 | 47 | # pass the PHP scripts to FastCGI server listening on socket 48 | # 49 | location ~ \.php$ { 50 | try_files $uri =404; 51 | fastcgi_split_path_info ^(.+\.php)(/.+)$; 52 | fastcgi_pass unix:/var/run/php-fpm.sock; 53 | fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; 54 | fastcgi_param SCRIPT_NAME $fastcgi_script_name; 55 | fastcgi_index index.php; 56 | include fastcgi_params; 57 | fastcgi_intercept_errors on; 58 | fastcgi_ignore_client_abort off; 59 | fastcgi_connect_timeout 60; 60 | fastcgi_send_timeout 300; 61 | fastcgi_read_timeout 300; 62 | fastcgi_buffer_size 128k; 63 | fastcgi_buffers 4 256k; 64 | fastcgi_busy_buffers_size 256k; 65 | fastcgi_temp_file_write_size 256k; 66 | if (!-f $request_filename) { 67 | rewrite ^(.*)/index.php$ / redirect; 68 | } 69 | } 70 | 71 | location ~* ^.+\.(jpg|jpeg|gif|png|svg|js|css|mp3|ogg|mpe?g|avi|zip|gz|bz2?|rar|swf)$ { 72 | access_log off; 73 | expires max; 74 | } 75 | 76 | if (!-e $request_filename) { 77 | rewrite ^(.*)$ /bitrix/urlrewrite.php last; 78 | } 79 | 80 | location ~ (/\.ht|/bitrix/modules|/upload/support/not_image) { 81 | deny all; 82 | } 83 | 84 | location ~ /.svn/ { 85 | deny all; 86 | } 87 | 88 | error_page 500 502 503 504 /50x.html; 89 | location = /50x.html { 90 | root /usr/share/nginx/html; 91 | } 92 | #error_page 404 /404.html; 93 | #location = /404.html { 94 | #root /usr/share/nginx/html; 95 | #} 96 | 97 | #location ~* \.(jpg|jpeg|gif|png|css|js|ico|xml)$ { 98 | # expires 5d; 99 | #} 100 | 101 | # deny access to . files, for security 102 | # 103 | 104 | #location ~ /\. { 105 | # log_not_found off; 106 | # deny all; 107 | #} 108 | 109 | #location ^~ /.well-known { 110 | # allow all; 111 | # auth_basic off; 112 | #} 113 | 114 | } -------------------------------------------------------------------------------- /docs/guides/kubernetes.md: -------------------------------------------------------------------------------- 1 | ## Kubernetes Guide 2 | The container can be configured to run in kubernetes pretty easily and you can take advantage of the ```kubectl exec``` command to run the pull and push scripts to sync up with github when there are changes. the guide assumes you have a working kubernetes setup and kubectl is working. 3 | 4 | The configuration below is an example of how to get quickly running. 5 | 6 | ### Configure the application 7 | 8 | In this example we'll deploy an example app to its own namespace for ease of separation. Create the following ```example-namespace.yml``` file: 9 | 10 | ``` 11 | apiVersion: v1 12 | kind: Namespace 13 | metadata: 14 | name: example 15 | ``` 16 | 17 | Now create the namespace in kubernetes: 18 | 19 | ```kubectl create -f example-namespace.yml``` 20 | 21 | Create the following ```example-app.yml```, this is the bit that actually creates your container and replication controller which references the docker image and your github credentials. 22 | 23 | ``` 24 | apiVersion: v1 25 | kind: ReplicationController 26 | metadata: 27 | namespace: example 28 | name: example-app 29 | labels: 30 | example-component: example-app 31 | spec: 32 | replicas: 1 33 | selector: 34 | example-component: example-app 35 | template: 36 | metadata: 37 | labels: 38 | example-component: example-app 39 | spec: 40 | containers: 41 | - name: example-app 42 | image: richarvey/nginx-php-fpm:latest 43 | imagePullPolicy: Always 44 | env: 45 | - name: SSH_KEY 46 | value: '' 47 | - name: GIT_REPO 48 | value: 'git@gitlab.com:/.git' 49 | - name: GIT_EMAIL 50 | value: '' 51 | - name: GIT_NAME 52 | value: '' 53 | ports: 54 | - containerPort: 80 55 | ``` 56 | Now run: 57 | 58 | ```kubectl create -f example-app.yml``` 59 | 60 | ### Using the application 61 | 62 | Your container should now be up and running and you can see its details with the following commands: 63 | 64 | ``` 65 | kubectl get pods --namespace example 66 | 67 | # make a note of the pod namespace 68 | 69 | kubectl describe pod --namespace example 70 | ``` 71 | 72 | ### Create a Service for the application 73 | 74 | To help expose the application to the outside world you may want to create a service. The example below isn't the only way to do this as it depends on the exact setup of the kubernetes system you have, for example you may want to use an ELB on AWS or you may be on GKE and use googles http load balancer. 75 | 76 | Create the file ```example-service.yml``` with the following content: 77 | 78 | ``` 79 | apiVersion: v1 80 | kind: Service 81 | metadata: 82 | namespace: example 83 | name: example-app 84 | spec: 85 | type: ClusterIP 86 | ports: 87 | - protocol: TCP 88 | name: http 89 | port: 80 90 | targetPort: 80 91 | selector: 92 | app: example-app 93 | ``` 94 | Now run: 95 | ``` 96 | kubectl create -f example-service.yml 97 | ``` 98 | This will create you a service load balancer and allow you to scale your replication controller in the background underneath a unifying IP address. You can get the details by running: 99 | ``` 100 | kubectl describe service example-app --namespace example 101 | ``` 102 | ### Running commands in the container/pod 103 | If you want to push or pull code to the container you can run the following commands: 104 | ``` 105 | kubectl get pods --namespace example 106 | 107 | # make a note of the pod namespace 108 | 109 | # update code in the container 110 | kubectl exec -t /usr/bin/pull --namespace example 111 | # push code back to github 112 | kubectl exec -t /usr/bin/push --namespace example 113 | ``` 114 | If you want to drop into the shell run the following: 115 | ``` 116 | kubectl exec -it bash --namespace example 117 | ``` 118 | 119 | ### Scale your app 120 | You can scale the replication controller with the following command: 121 | ``` 122 | kubectl scale --replicas=3 rc/example-app --namespace example 123 | ``` 124 | -------------------------------------------------------------------------------- /conf/nginx-site-ssl.conf: -------------------------------------------------------------------------------- 1 | server { 2 | listen 80; ## listen for ipv4; this line is default and implied 3 | listen [::]:80 default ipv6only=on; ## listen for ipv6 4 | 5 | root /var/www/html; 6 | index index.php index.html index.htm; 7 | 8 | # Make site accessible from http://localhost/ 9 | server_name _; 10 | #ssl_certificate /etc/letsencrypt/live/##DOMAIN##/fullchain.pem; 11 | #ssl_certificate_key /etc/letsencrypt/live/##DOMAIN##/privkey.pem; 12 | ssl_protocols TLSv1 TLSv1.1 TLSv1.2; 13 | ssl_ciphers HIGH:!aNULL:!MD5; 14 | 15 | # Disable sendfile as per https://docs.vagrantup.com/v2/synced-folders/virtualbox.html 16 | sendfile off; 17 | 18 | # Add stdout logging 19 | error_log /dev/stdout info; 20 | access_log /dev/stdout; 21 | 22 | # Add option for x-forward-for (real ip when behind elb) 23 | #real_ip_header X-Forwarded-For; 24 | #set_real_ip_from 172.16.0.0/12; 25 | 26 | location / { 27 | # First attempt to serve request as file, then 28 | # as directory, then fall back to index.html 29 | try_files $uri $uri/ =404; 30 | if (!-e $request_filename) { 31 | rewrite ^(.*)$ /bitrix/urlrewrite.php last; 32 | } 33 | } 34 | 35 | error_page 404 /404.html; 36 | location = /404.html { 37 | root /var/www/errors; 38 | internal; 39 | } 40 | 41 | #location ^~ /ngd-style.css { 42 | # alias /var/www/errors/style.css; 43 | # access_log off; 44 | #} 45 | 46 | #ocation ^~ /ngd-sad.svg { 47 | # alias /var/www/errors/sad.svg; 48 | # access_log off; 49 | #} 50 | 51 | # pass the PHP scripts to FastCGI server listening on socket 52 | # 53 | location ~ \.php$ { 54 | try_files $uri =404; 55 | fastcgi_split_path_info ^(.+\.php)(/.+)$; 56 | fastcgi_pass unix:/var/run/php-fpm.sock; 57 | fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; 58 | fastcgi_param SCRIPT_NAME $fastcgi_script_name; 59 | fastcgi_index index.php; 60 | include fastcgi_params; 61 | fastcgi_intercept_errors on; 62 | fastcgi_ignore_client_abort off; 63 | fastcgi_connect_timeout 60; 64 | fastcgi_send_timeout 300; 65 | fastcgi_read_timeout 300; 66 | fastcgi_buffer_size 128k; 67 | fastcgi_buffers 4 256k; 68 | fastcgi_busy_buffers_size 256k; 69 | fastcgi_temp_file_write_size 256k; 70 | if (!-f $request_filename) { 71 | rewrite ^(.*)/index.php$ / redirect; 72 | } 73 | } 74 | 75 | location ~* ^.+\.(jpg|jpeg|gif|png|svg|js|css|mp3|ogg|mpe?g|avi|zip|gz|bz2?|rar|swf)$ { 76 | access_log off; 77 | expires max; 78 | } 79 | 80 | if (!-e $request_filename) { 81 | rewrite ^(.*)$ /bitrix/urlrewrite.php last; 82 | } 83 | 84 | location ~ (/\.ht|/bitrix/modules|/upload/support/not_image) { 85 | deny all; 86 | } 87 | 88 | location ~ /.svn/ { 89 | deny all; 90 | } 91 | 92 | error_page 500 502 503 504 /50x.html; 93 | location = /50x.html { 94 | root /usr/share/nginx/html; 95 | } 96 | #error_page 404 /404.html; 97 | #location = /404.html { 98 | #root /usr/share/nginx/html; 99 | #} 100 | 101 | #location ~* \.(jpg|jpeg|gif|png|css|js|ico|xml)$ { 102 | # expires 5d; 103 | #} 104 | 105 | # deny access to . files, for security 106 | # 107 | 108 | #location ~ /\. { 109 | # log_not_found off; 110 | # deny all; 111 | #} 112 | 113 | #location ^~ /.well-known { 114 | # allow all; 115 | # auth_basic off; 116 | #} 117 | 118 | } -------------------------------------------------------------------------------- /scripts/start.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # Disable Strict Host checking for non interactive git clones 4 | 5 | mkdir -p -m 0700 /root/.ssh 6 | # Prevent config files from being filled to infinity by force of stop and restart the container 7 | echo "" > /root/.ssh/config 8 | echo -e "Host *\n\tStrictHostKeyChecking no\n" >> /root/.ssh/config 9 | 10 | if [[ "$GIT_USE_SSH" == "1" ]] ; then 11 | echo -e "Host *\n\tUser ${GIT_USERNAME}\n\n" >> /root/.ssh/config 12 | fi 13 | 14 | if [ ! -z "$SSH_KEY" ]; then 15 | echo $SSH_KEY > /root/.ssh/id_rsa.base64 16 | base64 -d /root/.ssh/id_rsa.base64 > /root/.ssh/id_rsa 17 | chmod 600 /root/.ssh/id_rsa 18 | fi 19 | 20 | # Set custom webroot 21 | if [ ! -z "$WEBROOT" ]; then 22 | sed -i "s#root /var/www/html;#root ${WEBROOT};#g" /etc/nginx/sites-available/default.conf 23 | else 24 | webroot=/var/www/html 25 | fi 26 | 27 | # Enable custom nginx config files if they exist 28 | if [ -f /var/www/html/conf/nginx/nginx.conf ]; then 29 | cp /var/www/html/conf/nginx/nginx.conf /etc/nginx/nginx.conf 30 | fi 31 | 32 | if [ -f /var/www/html/conf/nginx/nginx-site.conf ]; then 33 | cp /var/www/html/conf/nginx/nginx-site.conf /etc/nginx/sites-available/default.conf 34 | fi 35 | 36 | if [ -f /var/www/html/conf/nginx/nginx-site-ssl.conf ]; then 37 | cp /var/www/html/conf/nginx/nginx-site-ssl.conf /etc/nginx/sites-available/default-ssl.conf 38 | fi 39 | 40 | 41 | # Prevent config files from being filled to infinity by force of stop and restart the container 42 | lastlinephpconf="$(grep "." /usr/local/etc/php-fpm.conf | tail -1)" 43 | if [[ $lastlinephpconf == *"php_flag[display_errors]"* ]]; then 44 | sed -i '$ d' /usr/local/etc/php-fpm.conf 45 | fi 46 | 47 | # Display PHP error's or not 48 | if [[ "$ERRORS" != "1" ]] ; then 49 | echo php_flag[display_errors] = off >> /usr/local/etc/php-fpm.conf 50 | else 51 | echo php_flag[display_errors] = on >> /usr/local/etc/php-fpm.conf 52 | fi 53 | 54 | # Display Version Details or not 55 | if [[ "$HIDE_NGINX_HEADERS" == "0" ]] ; then 56 | sed -i "s/server_tokens off;/server_tokens on;/g" /etc/nginx/nginx.conf 57 | else 58 | sed -i "s/expose_php = On/expose_php = Off/g" /usr/local/etc/php-fpm.conf 59 | fi 60 | 61 | # Increase the memory_limit 62 | if [ ! -z "$PHP_MEM_LIMIT" ]; then 63 | sed -i "s/memory_limit = 128M/memory_limit = ${PHP_MEM_LIMIT}M/g" /usr/local/etc/php/conf.d/docker-vars.ini 64 | fi 65 | 66 | # Increase the post_max_size 67 | if [ ! -z "$PHP_POST_MAX_SIZE" ]; then 68 | sed -i "s/post_max_size = 100M/post_max_size = ${PHP_POST_MAX_SIZE}M/g" /usr/local/etc/php/conf.d/docker-vars.ini 69 | fi 70 | 71 | # Increase the upload_max_filesize 72 | if [ ! -z "$PHP_UPLOAD_MAX_FILESIZE" ]; then 73 | sed -i "s/upload_max_filesize = 100M/upload_max_filesize= ${PHP_UPLOAD_MAX_FILESIZE}M/g" /usr/local/etc/php/conf.d/docker-vars.ini 74 | fi 75 | 76 | # Enable xdebug 77 | XdebugFile='/usr/local/etc/php/conf.d/docker-php-ext-xdebug.ini' 78 | if [[ "$ENABLE_XDEBUG" == "1" ]] ; then 79 | if [ -f $XdebugFile ]; then 80 | echo "Xdebug enabled" 81 | else 82 | echo "Enabling xdebug" 83 | echo "If you get this error, you can safely ignore it: /usr/local/bin/docker-php-ext-enable: line 83: nm: not found" 84 | # see https://github.com/docker-library/php/pull/420 85 | docker-php-ext-enable xdebug 86 | # see if file exists 87 | if [ -f $XdebugFile ]; then 88 | # See if file contains xdebug text. 89 | if grep -q xdebug.remote_enable "$XdebugFile"; then 90 | echo "Xdebug already enabled... skipping" 91 | else 92 | echo "zend_extension=$(find /usr/local/lib/php/extensions/ -name xdebug.so)" > $XdebugFile # Note, single arrow to overwrite file. 93 | echo "xdebug.remote_enable=1 " >> $XdebugFile 94 | echo "xdebug.remote_log=/tmp/xdebug.log" >> $XdebugFile 95 | echo "xdebug.remote_autostart=false " >> $XdebugFile # I use the xdebug chrome extension instead of using autostart 96 | # NOTE: xdebug.remote_host is not needed here if you set an environment variable in docker-compose like so `- XDEBUG_CONFIG=remote_host=192.168.111.27`. 97 | # you also need to set an env var `- PHP_IDE_CONFIG=serverName=docker` 98 | fi 99 | fi 100 | fi 101 | else 102 | if [ -f $XdebugFile ]; then 103 | echo "Disabling Xdebug" 104 | rm $XdebugFile 105 | fi 106 | fi 107 | 108 | if [ ! -z "$PUID" ]; then 109 | if [ -z "$PGID" ]; then 110 | PGID=${PUID} 111 | fi 112 | deluser nginx 113 | addgroup -g ${PGID} nginx 114 | adduser -D -S -h /var/cache/nginx -s /sbin/nologin -G nginx -u ${PUID} nginx 115 | else 116 | if [ -z "$SKIP_CHOWN" ]; then 117 | chown -Rf nginx.nginx /var/www/html 118 | fi 119 | fi 120 | 121 | # Run custom scripts 122 | if [[ "$RUN_SCRIPTS" == "1" ]] ; then 123 | if [ -d "/var/www/html/scripts/" ]; then 124 | # make scripts executable incase they aren't 125 | chmod -Rf 750 /var/www/html/scripts/* 126 | # run scripts in number order 127 | for i in `ls /var/www/html/scripts/`; do /var/www/html/scripts/$i ; done 128 | else 129 | echo "Can't find script directory" 130 | fi 131 | fi 132 | 133 | # Try auto install for composer 134 | if [ -f "/var/www/html/composer.lock" ]; then 135 | if [ "$APPLICATION_ENV" == "development" ]; then 136 | composer global require hirak/prestissimo 137 | composer install --working-dir=/var/www/html 138 | else 139 | composer global require hirak/prestissimo 140 | composer install --no-dev --working-dir=/var/www/html 141 | fi 142 | fi 143 | 144 | # Start supervisord and services 145 | exec /usr/bin/supervisord -n -c /etc/supervisord.conf 146 | 147 | -------------------------------------------------------------------------------- /php-conf/php-fpm.conf: -------------------------------------------------------------------------------- 1 | ;;;;;;;;;;;;;;;;;;;;; 2 | ; FPM Configuration ; 3 | ;;;;;;;;;;;;;;;;;;;;; 4 | 5 | ; All relative paths in this configuration file are relative to PHP's install 6 | ; prefix (/usr/local). This prefix can be dynamically changed by using the 7 | ; '-p' argument from the command line. 8 | 9 | ;;;;;;;;;;;;;;;;;; 10 | ; Global Options ; 11 | ;;;;;;;;;;;;;;;;;; 12 | 13 | [global] 14 | ; Pid file 15 | ; Note: the default prefix is /usr/local/var 16 | ; Default Value: none 17 | ;pid = run/php-fpm.pid 18 | 19 | ; Error log file 20 | ; If it's set to "syslog", log is sent to syslogd instead of being written 21 | ; into a local file. 22 | ; Note: the default prefix is /usr/local/var 23 | ; Default Value: log/php-fpm.log 24 | ;error_log = log/php-fpm.log 25 | 26 | ; syslog_facility is used to specify what type of program is logging the 27 | ; message. This lets syslogd specify that messages from different facilities 28 | ; will be handled differently. 29 | ; See syslog(3) for possible values (ex daemon equiv LOG_DAEMON) 30 | ; Default Value: daemon 31 | ;syslog.facility = daemon 32 | 33 | ; syslog_ident is prepended to every message. If you have multiple FPM 34 | ; instances running on the same server, you can change the default value 35 | ; which must suit common needs. 36 | ; Default Value: php-fpm 37 | ;syslog.ident = php-fpm 38 | 39 | ; Log level 40 | ; Possible Values: alert, error, warning, notice, debug 41 | ; Default Value: notice 42 | ;log_level = notice 43 | 44 | ; If this number of child processes exit with SIGSEGV or SIGBUS within the time 45 | ; interval set by emergency_restart_interval then FPM will restart. A value 46 | ; of '0' means 'Off'. 47 | ; Default Value: 0 48 | ;emergency_restart_threshold = 0 49 | 50 | ; Interval of time used by emergency_restart_interval to determine when 51 | ; a graceful restart will be initiated. This can be useful to work around 52 | ; accidental corruptions in an accelerator's shared memory. 53 | ; Available Units: s(econds), m(inutes), h(ours), or d(ays) 54 | ; Default Unit: seconds 55 | ; Default Value: 0 56 | ;emergency_restart_interval = 0 57 | 58 | ; Time limit for child processes to wait for a reaction on signals from master. 59 | ; Available units: s(econds), m(inutes), h(ours), or d(ays) 60 | ; Default Unit: seconds 61 | ; Default Value: 0 62 | ;process_control_timeout = 0 63 | 64 | ; The maximum number of processes FPM will fork. This has been designed to control 65 | ; the global number of processes when using dynamic PM within a lot of pools. 66 | ; Use it with caution. 67 | ; Note: A value of 0 indicates no limit 68 | ; Default Value: 0 69 | ; process.max = 128 70 | 71 | ; Specify the nice(2) priority to apply to the master process (only if set) 72 | ; The value can vary from -19 (highest priority) to 20 (lowest priority) 73 | ; Note: - It will only work if the FPM master process is launched as root 74 | ; - The pool process will inherit the master process priority 75 | ; unless specified otherwise 76 | ; Default Value: no set 77 | ; process.priority = -19 78 | 79 | ; Send FPM to background. Set to 'no' to keep FPM in foreground for debugging. 80 | ; Default Value: yes 81 | ;daemonize = yes 82 | 83 | ; Set open file descriptor rlimit for the master process. 84 | ; Default Value: system defined value 85 | ;rlimit_files = 1024 86 | 87 | ; Set max core size rlimit for the master process. 88 | ; Possible Values: 'unlimited' or an integer greater or equal to 0 89 | ; Default Value: system defined value 90 | ;rlimit_core = 0 91 | 92 | ; Specify the event mechanism FPM will use. The following is available: 93 | ; - select (any POSIX os) 94 | ; - poll (any POSIX os) 95 | ; - epoll (linux >= 2.5.44) 96 | ; - kqueue (FreeBSD >= 4.1, OpenBSD >= 2.9, NetBSD >= 2.0) 97 | ; - /dev/poll (Solaris >= 7) 98 | ; - port (Solaris >= 10) 99 | ; Default Value: not set (auto detection) 100 | ;events.mechanism = epoll 101 | 102 | ; When FPM is built with systemd integration, specify the interval, 103 | ; in seconds, between health report notification to systemd. 104 | ; Set to 0 to disable. 105 | ; Available Units: s(econds), m(inutes), h(ours) 106 | ; Default Unit: seconds 107 | ; Default value: 10 108 | ;systemd_interval = 10 109 | 110 | ;;;;;;;;;;;;;;;;;;;; 111 | ; Pool Definitions ; 112 | ;;;;;;;;;;;;;;;;;;;; 113 | 114 | ; Multiple pools of child processes may be started with different listening 115 | ; ports and different management options. The name of the pool will be 116 | ; used in logs and stats. There is no limitation on the number of pools which 117 | ; FPM can handle. Your system will tell you anyway :) 118 | 119 | ; Include one or more files. If glob(3) exists, it is used to include a bunch of 120 | ; files from a glob(3) pattern. This directive can be used everywhere in the 121 | ; file. 122 | ; Relative path can also be used. They will be prefixed by: 123 | ; - the global prefix if it's been set (-p argument) 124 | ; - /usr/local otherwise 125 | include=etc/php-fpm.d/*.conf 126 | php_flag[display_errors] = offphp_flag[display_errors] = off 127 | php_flag[display_errors] = off 128 | php_flag[display_errors] = off 129 | php_flag[display_errors] = off 130 | php_flag[display_errors] = off 131 | php_flag[display_errors] = off 132 | php_flag[display_errors] = off 133 | php_flag[display_errors] = off 134 | php_flag[display_errors] = off 135 | php_flag[display_errors] = off 136 | php_flag[display_errors] = off 137 | php_flag[display_errors] = off 138 | php_flag[display_errors] = off 139 | php_flag[display_errors] = off 140 | php_flag[display_errors] = off 141 | php_flag[display_errors] = off 142 | php_flag[display_errors] = off 143 | php_flag[display_errors] = off 144 | php_flag[display_errors] = off 145 | php_flag[display_errors] = off 146 | php_flag[display_errors] = off 147 | php_flag[display_errors] = off 148 | php_flag[display_errors] = off 149 | php_flag[display_errors] = off 150 | php_flag[display_errors] = off 151 | php_flag[display_errors] = off 152 | php_flag[display_errors] = off 153 | php_flag[display_errors] = off 154 | php_flag[display_errors] = off 155 | php_flag[display_errors] = off 156 | php_flag[display_errors] = off 157 | php_flag[display_errors] = off 158 | php_flag[display_errors] = off 159 | php_flag[display_errors] = off 160 | php_flag[display_errors] = off 161 | php_flag[display_errors] = off 162 | php_flag[display_errors] = off 163 | -------------------------------------------------------------------------------- /errors/style.css: -------------------------------------------------------------------------------- 1 | /*! normalize.css v2.1.3 | MIT License | git.io/normalize */ 2 | 3 | img { 4 | border: 0; 5 | } 6 | 7 | body,html { 8 | min-height: 100%; 9 | height: 100%; 10 | } 11 | 12 | figure,footer,nav,section { 13 | display: block; 14 | } 15 | 16 | [hidden] { 17 | display: none; 18 | } 19 | 20 | html { 21 | font-family: sans-serif; 22 | -ms-text-size-adjust: 100%; 23 | -webkit-text-size-adjust: 100%; 24 | } 25 | 26 | body,figure { 27 | margin: 0; 28 | } 29 | 30 | a { 31 | background: 0 0; 32 | } 33 | 34 | a:focus { 35 | outline: dotted thin; 36 | } 37 | 38 | a:active,a:hover { 39 | outline: 0; 40 | } 41 | 42 | h1 { 43 | margin: .67em 0; 44 | } 45 | 46 | code { 47 | font-family: monospace, serif; 48 | font-size: 1em; 49 | } 50 | 51 | svg:not(:root) { 52 | overflow: hidden; 53 | } 54 | 55 | .navbar { 56 | -ms-box-sizing: border-box; 57 | -o-box-sizing: border-box; 58 | -khtml-box-sizing: border-box; 59 | } 60 | 61 | .navbar-container { 62 | border-bottom: 1px solid #EBEBEB; 63 | } 64 | 65 | /*! 66 | Ionicons, v2.0.0 67 | Created by Ben Sperry for the Ionic Framework, http://ionicons.com/ 68 | https://twitter.com/benjsperry https://twitter.com/ionicframework 69 | MIT License: https://github.com/driftyco/ionicons 70 | 71 | Android-style icons originally built by Google’s 72 | Material Design Icons: https://github.com/google/material-design-icons 73 | used under CC BY http://creativecommons.org/licenses/by/4.0/ 74 | Modified icons to fit ionicon’s grid from original. 75 | */ 76 | 77 | @font-face { 78 | font-family: Ionicons; 79 | src: url(../fonts/ionicons/ionicons.eot?v=2.0.0); 80 | src: url(../fonts/ionicons/ionicons.eot?v=2.0.0#iefix) format("embedded-opentype"), url(../fonts/ionicons/ionicons.ttf?v=2.0.0) format("truetype"), url(../fonts/ionicons/ionicons.woff?v=2.0.0) format("woff"), url(../fonts/ionicons/ionicons.svg?v=2.0.0#Ionicons) format("svg"); 81 | font-weight: 400; 82 | font-style: normal; 83 | } 84 | 85 | .ion,.ion-code:before,.ion-link:before,.ion-sad:before,.ion-social-chrome:before,.ion-social-css3:before,.ion-social-github:before,.ion-social-html5:before,.ion-social-twitter:before,.ionicons { 86 | display: inline-block; 87 | font-family: Ionicons; 88 | speak: none; 89 | font-style: normal; 90 | font-weight: 400; 91 | font-variant: normal; 92 | text-transform: none; 93 | text-rendering: auto; 94 | line-height: 1; 95 | -webkit-font-smoothing: antialiased; 96 | -moz-osx-font-smoothing: grayscale; 97 | } 98 | 99 | .ion-code:before { 100 | content: ""; 101 | } 102 | 103 | .ion-link:before { 104 | content: ""; 105 | } 106 | 107 | .ion-sad:before { 108 | content: ""; 109 | } 110 | 111 | .ion-social-chrome:before { 112 | content: ""; 113 | } 114 | 115 | .ion-social-css3:before { 116 | content: ""; 117 | } 118 | 119 | .ion-social-github:before { 120 | content: ""; 121 | } 122 | 123 | .ion-social-html5:before { 124 | content: ""; 125 | } 126 | 127 | .ion-social-twitter:before { 128 | content: ""; 129 | } 130 | 131 | code[class*=language-] { 132 | color: #000; 133 | background: 0 0; 134 | text-shadow: 0 1px #fff; 135 | font-family: Consolas, Monaco, 'Andale Mono', 'Ubuntu Mono', monospace; 136 | direction: ltr; 137 | text-align: left; 138 | white-space: pre; 139 | word-spacing: normal; 140 | word-break: normal; 141 | word-wrap: normal; 142 | line-height: 1.5; 143 | -moz-tab-size: 4; 144 | tab-size: 4; 145 | -webkit-hyphens: none; 146 | -moz-hyphens: none; 147 | -ms-hyphens: none; 148 | hyphens: none; 149 | } 150 | 151 | code[class*=language-]::-moz-selection,code[class*=language-]::-moz-selection { 152 | text-shadow: none; 153 | background: #b3d4fc; 154 | } 155 | 156 | code[class*=language-]::selection,code[class*=language-]::selection { 157 | text-shadow: none; 158 | background: #b3d4fc; 159 | } 160 | 161 | @media print { 162 | code[class*=language-] { 163 | text-shadow: none; 164 | } 165 | } 166 | 167 | :not(pre)>code[class*=language-] { 168 | background: #f5f2f0; 169 | } 170 | 171 | :not(pre)>code[class*=language-] { 172 | padding: .1em; 173 | border-radius: .3em; 174 | white-space: normal; 175 | } 176 | 177 | .pad { 178 | max-width: 1100px; 179 | margin: 0 auto; 180 | padding: 0 2em; 181 | } 182 | 183 | .interface:after,.interface:before,.navbar:after,.navbar:before,.site-footer .social-links:after,.site-footer .social-links:before,.site-footer section:after,.site-footer section:before { 184 | content: ""; 185 | display: table; 186 | } 187 | 188 | .interface:after,.navbar:after,.site-footer .social-links:after,.site-footer section:after { 189 | clear: both; 190 | } 191 | 192 | body { 193 | background-color: #202B30; 194 | line-height: 1.5; 195 | font-size: 1em; 196 | font-family: proxima-nova, "Helvetica Neue", Helvetica, Arial, sans-serif; 197 | color: #031C2B; 198 | } 199 | 200 | .navbar,.site-footer section { 201 | max-width: 1070px; 202 | margin: 0 5%; 203 | } 204 | 205 | @media all and (min-width:1180px) { 206 | .navbar, .site-footer section { 207 | margin: 0 auto; 208 | } 209 | } 210 | 211 | .interface { 212 | background-color: #fff; 213 | } 214 | 215 | img { 216 | width: 100%; 217 | max-width: 100%; 218 | } 219 | 220 | h1,h2,h3,h4 { 221 | font-weight: 300; 222 | line-height: 1.2; 223 | } 224 | 225 | h1 a,h2 a,h3 a,h4 a { 226 | color: inherit; 227 | text-decoration: none; 228 | } 229 | 230 | h1 a:hover,h2 a:hover,h3 a:hover,h4 a:hover { 231 | color: #2796D8; 232 | } 233 | 234 | h1 { 235 | font-size: 2.3em; 236 | } 237 | 238 | h2 { 239 | font-size: 2em; 240 | } 241 | 242 | h3 { 243 | font-size: 1.5em; 244 | } 245 | 246 | h6 { 247 | text-transform: uppercase; 248 | font-size: .75em; 249 | } 250 | 251 | a { 252 | color: #1577C1; 253 | } 254 | 255 | a:hover { 256 | color: #FF6A39; 257 | } 258 | 259 | .navbar-container { 260 | border-top: 10px solid #FF6A39; 261 | } 262 | 263 | .navbar-container:before { 264 | content: ''; 265 | position: absolute; 266 | background-color: #F45B29; 267 | width: 33.33%; 268 | height: 10px; 269 | top: 0; 270 | } 271 | 272 | .navbar { 273 | padding: 1em 0; 274 | box-sizing: border-box; 275 | min-height: 60px; 276 | } 277 | 278 | .navbar .brand { 279 | width: 60%; 280 | float: left; 281 | margin-top: 3px; 282 | } 283 | 284 | .navbar .brand img { 285 | width: 100px; 286 | } 287 | 288 | @media all and (min-width:980px) { 289 | .navbar { 290 | padding: 2.5em 0 2em; 291 | } 292 | 293 | .navbar .brand { 294 | width: 15%; 295 | margin-top: 0; 296 | } 297 | 298 | .navbar .brand img { 299 | width: 150px; 300 | } 301 | } 302 | 303 | .status-page .interface { 304 | height: 90%; 305 | } 306 | 307 | .status-page-panel { 308 | margin: 0 auto; 309 | width: 80%; 310 | max-width: 500px; 311 | text-align: center; 312 | position: relative; 313 | top: 30%; 314 | -webkit-transform: translateY(-50%); 315 | transform: translateY(-50%); 316 | } 317 | 318 | .status-page-panel .status-page-brand { 319 | margin: 2em 0; 320 | } 321 | 322 | .status-page-panel .status-page-brand img { 323 | width: 150px; 324 | } 325 | 326 | .status-page-panel img { 327 | width: 80px; 328 | } 329 | 330 | .status-page-panel h1 { 331 | margin: 0; 332 | } 333 | 334 | .status-page-panel p { 335 | margin: .5em 0 0; 336 | } 337 | 338 | .site-footer { 339 | font-size: .875em; 340 | border-top: 4px solid #FF6A39; 341 | color: #70858F; 342 | } 343 | 344 | .site-footer .footer-section { 345 | background-color: #1D2529; 346 | } 347 | 348 | .site-footer a { 349 | color: #fff; 350 | text-decoration: none; 351 | } 352 | 353 | .site-footer section { 354 | padding: 2em 0; 355 | } 356 | 357 | .site-footer section.extra-pad { 358 | padding: 3em 0; 359 | } 360 | 361 | .site-footer .brand { 362 | width: 100px; 363 | } 364 | 365 | .site-footer .social-links { 366 | margin-top: 1em; 367 | } 368 | 369 | .site-footer .social-links i { 370 | display: inline-block; 371 | margin-right: 5px; 372 | } 373 | 374 | .site-footer .social-links a { 375 | display: inline-block; 376 | margin-top: 1em; 377 | margin-right: 20px; 378 | } 379 | 380 | @media all and (min-width:787px) { 381 | .site-footer .brand { 382 | width: 10%; 383 | float: left; 384 | } 385 | 386 | .site-footer .social-links { 387 | width: 80%; 388 | float: right; 389 | margin-top: 0; 390 | text-align: right; 391 | } 392 | 393 | .site-footer .social-links a { 394 | margin-top: 0; 395 | margin-left: 20px; 396 | margin-right: 0; 397 | } 398 | } -------------------------------------------------------------------------------- /Dockerfile: -------------------------------------------------------------------------------- 1 | FROM php:7.1.9-fpm-alpine 2 | 3 | MAINTAINER Infoservice dev@infoservice.ru 4 | 5 | ENV php_conf /usr/local/etc/php-fpm.conf 6 | ENV fpm_conf /usr/local/etc/php-fpm.d/www.conf 7 | ENV php_vars /usr/local/etc/php/conf.d/docker-vars.ini 8 | 9 | ENV NGINX_VERSION 1.13.5 10 | # ENV LUA_MODULE_VERSION 0.10.10 11 | #ENV DEVEL_KIT_MODULE_VERSION 0.3.0 12 | # ENV LUAJIT_LIB=/usr/lib 13 | # ENV LUAJIT_INC=/usr/include/luajit-2.0 14 | 15 | # resolves #166 16 | ENV LD_PRELOAD /usr/lib/preloadable_libiconv.so php 17 | RUN apk add --no-cache --repository http://dl-3.alpinelinux.org/alpine/edge/testing gnu-libiconv 18 | 19 | RUN GPG_KEYS=B0F4253373F8F6F510D42178520A9993A1C052F8 \ 20 | && CONFIG="\ 21 | --prefix=/etc/nginx \ 22 | --sbin-path=/usr/sbin/nginx \ 23 | --modules-path=/usr/lib/nginx/modules \ 24 | --conf-path=/etc/nginx/nginx.conf \ 25 | --error-log-path=/var/log/nginx/error.log \ 26 | --http-log-path=/var/log/nginx/access.log \ 27 | --pid-path=/var/run/nginx.pid \ 28 | --lock-path=/var/run/nginx.lock \ 29 | --http-client-body-temp-path=/var/cache/nginx/client_temp \ 30 | --http-proxy-temp-path=/var/cache/nginx/proxy_temp \ 31 | --http-fastcgi-temp-path=/var/cache/nginx/fastcgi_temp \ 32 | --http-uwsgi-temp-path=/var/cache/nginx/uwsgi_temp \ 33 | --http-scgi-temp-path=/var/cache/nginx/scgi_temp \ 34 | --user=nginx \ 35 | --group=nginx \ 36 | --with-http_realip_module \ 37 | --with-http_addition_module \ 38 | --with-http_sub_module \ 39 | --with-http_dav_module \ 40 | --with-http_flv_module \ 41 | --with-http_mp4_module \ 42 | --with-http_gunzip_module \ 43 | --with-http_gzip_static_module \ 44 | --with-http_random_index_module \ 45 | --with-http_secure_link_module \ 46 | --with-http_stub_status_module \ 47 | --with-http_auth_request_module \ 48 | --with-http_xslt_module=dynamic \ 49 | --with-http_image_filter_module=dynamic \ 50 | --with-http_geoip_module=dynamic \ 51 | --with-http_perl_module=dynamic \ 52 | --with-threads \ 53 | --with-stream \ 54 | --with-stream_realip_module \ 55 | --with-stream_geoip_module=dynamic \ 56 | --with-http_slice_module \ 57 | --with-mail \ 58 | --with-compat \ 59 | --with-file-aio \ 60 | --with-http_v2_module \ 61 | " \ 62 | && addgroup -S nginx \ 63 | && adduser -D -S -h /var/cache/nginx -s /sbin/nologin -G nginx nginx \ 64 | && apk add --no-cache --virtual .build-deps \ 65 | autoconf \ 66 | gcc \ 67 | libc-dev \ 68 | make \ 69 | openssl-dev \ 70 | pcre-dev \ 71 | zlib-dev \ 72 | linux-headers \ 73 | curl \ 74 | gnupg \ 75 | libxslt-dev \ 76 | gd-dev \ 77 | geoip-dev \ 78 | perl-dev \ 79 | # luajit-dev \ 80 | && curl -fSL http://nginx.org/download/nginx-$NGINX_VERSION.tar.gz -o nginx.tar.gz \ 81 | && curl -fSL http://nginx.org/download/nginx-$NGINX_VERSION.tar.gz.asc -o nginx.tar.gz.asc \ 82 | #&& curl -fSL https://github.com/simpl/ngx_devel_kit/archive/v$DEVEL_KIT_MODULE_VERSION.tar.gz -o ndk.tar.gz \ 83 | #&& curl -fSL https://github.com/openresty/lua-nginx-module/archive/v$LUA_MODULE_VERSION.tar.gz -o lua.tar.gz \ 84 | && export GNUPGHOME="$(mktemp -d)" \ 85 | && gpg --keyserver ha.pool.sks-keyservers.net --recv-keys "$GPG_KEYS" \ 86 | && gpg --batch --verify nginx.tar.gz.asc nginx.tar.gz \ 87 | && rm -r "$GNUPGHOME" nginx.tar.gz.asc \ 88 | && mkdir -p /usr/src \ 89 | && tar -zxC /usr/src -f nginx.tar.gz \ 90 | #&& tar -zxC /usr/src -f ndk.tar.gz \ 91 | #&& tar -zxC /usr/src -f lua.tar.gz \ 92 | && rm nginx.tar.gz \ 93 | # ndk.tar.gz 94 | #lua.tar.gz 95 | && cd /usr/src/nginx-$NGINX_VERSION \ 96 | && ./configure $CONFIG --with-debug \ 97 | && make -j$(getconf _NPROCESSORS_ONLN) \ 98 | && mv objs/nginx objs/nginx-debug \ 99 | && mv objs/ngx_http_xslt_filter_module.so objs/ngx_http_xslt_filter_module-debug.so \ 100 | && mv objs/ngx_http_image_filter_module.so objs/ngx_http_image_filter_module-debug.so \ 101 | && mv objs/ngx_http_geoip_module.so objs/ngx_http_geoip_module-debug.so \ 102 | && mv objs/ngx_http_perl_module.so objs/ngx_http_perl_module-debug.so \ 103 | && mv objs/ngx_stream_geoip_module.so objs/ngx_stream_geoip_module-debug.so \ 104 | && ./configure $CONFIG \ 105 | && make -j$(getconf _NPROCESSORS_ONLN) \ 106 | && make install \ 107 | && rm -rf /etc/nginx/html/ \ 108 | && mkdir /etc/nginx/conf.d/ \ 109 | && mkdir -p /usr/share/nginx/html/ \ 110 | && install -m644 html/index.html /usr/share/nginx/html/ \ 111 | && install -m644 html/50x.html /usr/share/nginx/html/ \ 112 | && install -m755 objs/nginx-debug /usr/sbin/nginx-debug \ 113 | && install -m755 objs/ngx_http_xslt_filter_module-debug.so /usr/lib/nginx/modules/ngx_http_xslt_filter_module-debug.so \ 114 | && install -m755 objs/ngx_http_image_filter_module-debug.so /usr/lib/nginx/modules/ngx_http_image_filter_module-debug.so \ 115 | && install -m755 objs/ngx_http_geoip_module-debug.so /usr/lib/nginx/modules/ngx_http_geoip_module-debug.so \ 116 | && install -m755 objs/ngx_http_perl_module-debug.so /usr/lib/nginx/modules/ngx_http_perl_module-debug.so \ 117 | && install -m755 objs/ngx_stream_geoip_module-debug.so /usr/lib/nginx/modules/ngx_stream_geoip_module-debug.so \ 118 | && ln -s ../../usr/lib/nginx/modules /etc/nginx/modules \ 119 | && strip /usr/sbin/nginx* \ 120 | && strip /usr/lib/nginx/modules/*.so \ 121 | && rm -rf /usr/src/nginx-$NGINX_VERSION \ 122 | \ 123 | # Bring in gettext so we can get `envsubst`, then throw 124 | # the rest away. To do this, we need to install `gettext` 125 | # then move `envsubst` out of the way so `gettext` can 126 | # be deleted completely, then move `envsubst` back. 127 | && apk add --no-cache --virtual .gettext gettext \ 128 | && mv /usr/bin/envsubst /tmp/ \ 129 | \ 130 | && runDeps="$( \ 131 | scanelf --needed --nobanner /usr/sbin/nginx /usr/lib/nginx/modules/*.so /tmp/envsubst \ 132 | | awk '{ gsub(/,/, "\nso:", $2); print "so:" $2 }' \ 133 | | sort -u \ 134 | | xargs -r apk info --installed \ 135 | | sort -u \ 136 | )" \ 137 | && apk add --no-cache --virtual .nginx-rundeps $runDeps \ 138 | && apk del .build-deps \ 139 | && apk del .gettext \ 140 | && mv /tmp/envsubst /usr/local/bin/ \ 141 | \ 142 | # forward request and error logs to docker log collector 143 | && ln -sf /dev/stdout /var/log/nginx/access.log \ 144 | && ln -sf /dev/stderr /var/log/nginx/error.log 145 | 146 | #curl iconv session 147 | #RUN mkdir -p /etc/nginx && \ 148 | # mkdir -p /var/www/app && \ 149 | # mkdir -p /run/nginx && \ 150 | # mkdir -p /var/log/supervisor && \ 151 | # EXPECTED_COMPOSER_SIGNATURE=$(wget -q -O - https://composer.github.io/installer.sig) && \ 152 | # php -r "copy('https://getcomposer.org/installer', 'composer-setup.php');" && \ 153 | #php -r "if (hash_file('SHA384', 'composer-setup.php') === '${EXPECTED_COMPOSER_SIGNATURE}') { echo 'Composer.phar Installer verified'; } else { echo 'Composer.phar Installer corrupt'; unlink('composer-setup.php'); } echo PHP_EOL;" && \ 154 | #php composer-setup.php --install-dir=/usr/bin --filename=composer && \ 155 | # php -r "unlink('composer-setup.php');" && \ 156 | # pip install -U pip && \ 157 | # #pip install -U certbot && \ 158 | ##mkdir -p /etc/letsencrypt/webrootauth && \ 159 | #apk del gcc musl-dev linux-headers libffi-dev augeas-dev python-dev make autoconf 160 | #ln -s /usr/bin/php7 /usr/bin/php 161 | 162 | ADD conf/supervisord.conf /etc/supervisord.conf 163 | 164 | # Copy our nginx config 165 | RUN rm -Rf /etc/nginx/nginx.conf 166 | ADD conf/nginx.conf /etc/nginx/nginx.conf 167 | 168 | # nginx site conf 169 | RUN mkdir -p /etc/nginx/sites-available/ && \ 170 | mkdir -p /etc/nginx/sites-enabled/ && \ 171 | mkdir -p /etc/nginx/ssl/ && \ 172 | rm -Rf /var/www/* && \ 173 | mkdir /var/www/html/ 174 | ADD conf/nginx-site.conf /etc/nginx/sites-available/default.conf 175 | ADD conf/nginx-site-ssl.conf /etc/nginx/sites-available/default-ssl.conf 176 | RUN ln -s /etc/nginx/sites-available/default.conf /etc/nginx/sites-enabled/default.conf 177 | 178 | # tweak php-fpm config 179 | RUN echo "cgi.fix_pathinfo=0" > ${php_vars} &&\ 180 | echo "upload_max_filesize = 100M" >> ${php_vars} &&\ 181 | echo "post_max_size = 100M" >> ${php_vars} &&\ 182 | echo "variables_order = \"EGPCS\"" >> ${php_vars} && \ 183 | echo "memory_limit = 128M" >> ${php_vars} && \ 184 | sed -i \ 185 | -e "s/;catch_workers_output\s*=\s*yes/catch_workers_output = yes/g" \ 186 | -e "s/pm.max_children = 5/pm.max_children = 4/g" \ 187 | -e "s/pm.start_servers = 2/pm.start_servers = 3/g" \ 188 | -e "s/pm.min_spare_servers = 1/pm.min_spare_servers = 2/g" \ 189 | -e "s/pm.max_spare_servers = 3/pm.max_spare_servers = 4/g" \ 190 | -e "s/;pm.max_requests = 500/pm.max_requests = 200/g" \ 191 | -e "s/user = www-data/user = nginx/g" \ 192 | -e "s/group = www-data/group = nginx/g" \ 193 | -e "s/;listen.mode = 0660/listen.mode = 0666/g" \ 194 | -e "s/;listen.owner = www-data/listen.owner = nginx/g" \ 195 | -e "s/;listen.group = www-data/listen.group = nginx/g" \ 196 | -e "s/listen = 127.0.0.1:9000/listen = \/var\/run\/php-fpm.sock/g" \ 197 | -e "s/^;clear_env = no$/clear_env = no/" \ 198 | ${fpm_conf} 199 | # ln -s /etc/php7/php.ini /etc/php7/conf.d/php.ini && \ 200 | # find /etc/php7/conf.d/ -name "*.ini" -exec sed -i -re 's/^(\s*)#(.*)/\1;\2/g' {} \; 201 | 202 | 203 | # Add Scripts 204 | ADD scripts/start.sh /start.sh 205 | #ADD scripts/pull /usr/bin/pull 206 | #ADD scripts/push /usr/bin/push 207 | #ADD scripts/letsencrypt-setup /usr/bin/letsencrypt-setup 208 | #ADD scripts/letsencrypt-renew /usr/bin/letsencrypt-renew 209 | RUN chmod 755 /start.sh 210 | #chmod 755 /usr/bin/pull && chmod 755 /usr/bin/push && chmod 755 /usr/bin/letsencrypt-setup && chmod 755 /usr/bin/letsencrypt-renew && 211 | 212 | # copy in code 213 | ADD src/ /var/www/html/ 214 | ADD errors/ /var/www/errors 215 | 216 | 217 | EXPOSE 443 80 218 | 219 | CMD ["/start.sh"] --------------------------------------------------------------------------------