├── .gitattributes ├── .github ├── CODE_OF_CONDUCT.md ├── CONTRIBUTING.md ├── ISSUE_TEMPLATE.md └── PULL_REQUEST_TEMPLATE.md ├── .gitignore ├── .travis.yml ├── LICENSE ├── README.md ├── app ├── index.php └── phpinfo.php ├── config ├── .env.blueprint ├── .gitignore ├── modules.yml ├── orbit │ ├── orbit-build.yml │ ├── orbit-commands.yml │ ├── orbit-down.yml │ ├── orbit-scripts.yml │ ├── orbit-up.yml │ └── whale.txt ├── project.yml └── scripts │ └── fix-permissions.sh ├── docker-sync.blueprint.yml ├── modules ├── graylog │ ├── .gitignore │ ├── docker-compose.blueprint.yml │ └── udp-input.blueprint.json ├── mysql │ ├── .gitignore │ ├── conf.d │ │ └── utf8mb4.cnf │ ├── docker-compose.blueprint.yml │ ├── docker-entrypoint-initdb.d │ │ └── databases.blueprint.sql │ └── secrets │ │ ├── mysql_password.blueprint.txt │ │ └── mysql_root_password.blueprint.txt ├── nginx │ ├── .gitignore │ ├── Dockerfile │ ├── conf.d │ │ └── php-fpm.conf │ └── docker-compose.blueprint.yml ├── php-fpm │ ├── .gitignore │ ├── conf.d │ │ └── memory-limit.blueprint.ini │ ├── docker-compose.blueprint.yml │ ├── docker-entrypoint.sh │ └── php-fpm.d │ │ ├── memory-limit.blueprint.conf │ │ ├── security.blueprint.conf │ │ └── uploads.conf ├── rabbitmq │ ├── .gitignore │ └── docker-compose.blueprint.yml ├── redis │ ├── .gitignore │ └── docker-compose.blueprint.yml ├── toolbox │ ├── .gitignore │ ├── docker-compose.blueprint.yml │ ├── generated │ │ ├── graylog │ │ │ └── .env.blueprint │ │ └── traefik │ │ │ ├── auth │ │ │ └── .gitkeep │ │ │ └── certs │ │ │ └── .gitkeep │ └── scripts │ │ ├── graylog-secrets.sh │ │ ├── health-check.sh │ │ ├── traefik-htdigest.sh │ │ └── traefik-self-signed-certificate.sh └── traefik │ ├── .gitignore │ ├── docker-compose.blueprint.yml │ └── traefik.blueprint.toml ├── orbit-payload.yml └── orbit.yml /.gitattributes: -------------------------------------------------------------------------------- 1 | # Set the default behavior, in case people don't have core.autocrlf set. 2 | * text eol=lf -------------------------------------------------------------------------------- /.github/CODE_OF_CONDUCT.md: -------------------------------------------------------------------------------- 1 | # Contributor Covenant Code of Conduct 2 | 3 | ## Our Pledge 4 | 5 | In the interest of fostering an open and welcoming environment, we as contributors and maintainers pledge to making participation in our project and our community a harassment-free experience for everyone, regardless of age, body size, disability, ethnicity, gender identity and expression, level of experience, nationality, personal appearance, race, religion, or sexual identity and orientation. 6 | 7 | ## Our Standards 8 | 9 | Examples of behavior that contributes to creating a positive environment include: 10 | 11 | * Using welcoming and inclusive language 12 | * Being respectful of differing viewpoints and experiences 13 | * Gracefully accepting constructive criticism 14 | * Focusing on what is best for the community 15 | * Showing empathy towards other community members 16 | 17 | Examples of unacceptable behavior by participants include: 18 | 19 | * The use of sexualized language or imagery and unwelcome sexual attention or advances 20 | * Trolling, insulting/derogatory comments, and personal or political attacks 21 | * Public or private harassment 22 | * Publishing others' private information, such as a physical or electronic address, without explicit permission 23 | * Other conduct which could reasonably be considered inappropriate in a professional setting 24 | 25 | ## Our Responsibilities 26 | 27 | Project maintainers are responsible for clarifying the standards of acceptable behavior and are expected to take appropriate and fair corrective action in response to any instances of unacceptable behavior. 28 | 29 | Project maintainers have the right and responsibility to remove, edit, or reject comments, commits, code, wiki edits, issues, and other contributions that are not aligned to this Code of Conduct, or to ban temporarily or permanently any contributor for other behaviors that they deem inappropriate, threatening, offensive, or harmful. 30 | 31 | ## Scope 32 | 33 | This Code of Conduct applies both within project spaces and in public spaces when an individual is representing the project or its community. Examples of representing a project or community include using an official project e-mail address, posting via an official social media account, or acting as an appointed representative at an online or offline event. Representation of a project may be further defined and clarified by project maintainers. 34 | 35 | ## Enforcement 36 | 37 | Instances of abusive, harassing, or otherwise unacceptable behavior may be reported by contacting the project team at neuhart.julien@gmail.com. The project team will review and investigate all complaints, and will respond in a way that it deems appropriate to the circumstances. The project team is obligated to maintain confidentiality with regard to the reporter of an incident. Further details of specific enforcement policies may be posted separately. 38 | 39 | Project maintainers who do not follow or enforce the Code of Conduct in good faith may face temporary or permanent repercussions as determined by other members of the project's leadership. 40 | 41 | ## Attribution 42 | 43 | This Code of Conduct is adapted from the [Contributor Covenant][homepage], version 1.4, available at [http://contributor-covenant.org/version/1/4][version] 44 | 45 | [homepage]: http://contributor-covenant.org 46 | [version]: http://contributor-covenant.org/version/1/4/ -------------------------------------------------------------------------------- /.github/CONTRIBUTING.md: -------------------------------------------------------------------------------- 1 | # Contributing 2 | 3 | Hi! Thank your for considering contributing to kickoff-docker-php. You'll 4 | find below useful information about how to contribute to the docker-kickoff-php project. 5 | 6 | ## Contributing code 7 | 8 | ### Install from sources 9 | 10 | 1. Fork this repository 11 | 2. Clone it to the folder of your choice 12 | 13 | ### Working with git 14 | 15 | 1. Create your feature branch (`git checkout -b my-new-feature`) 16 | 2. Commit your changes (`git commit -am 'Add some feature'`) 17 | 3. Push to the branch (`git push origin my-new-feature`) 18 | 4. Create a new pull request 19 | 20 | ## Reporting bugs and feature request 21 | 22 | Your issue or feature request may already be reported! 23 | Please search on the [issue tracker](../../../issues) before creating one. 24 | 25 | If you do not find any relevant issue or feature request, feel free to 26 | add a new one! 27 | 28 | ## Additional resources 29 | 30 | * [Code of conduct](CODE_OF_CONDUCT.md) 31 | * [Issue template](ISSUE_TEMPLATE.md) 32 | * [Pull request template](PULL_REQUEST_TEMPLATE.md) -------------------------------------------------------------------------------- /.github/ISSUE_TEMPLATE.md: -------------------------------------------------------------------------------- 1 | Your issue may already be reported! 2 | Please search on the [issue tracker](../../../issues) before creating one. 3 | 4 | ## Expected Behavior 5 | 6 | 7 | 8 | ## Current Behavior 9 | 10 | 11 | 12 | ## Possible Solution 13 | 14 | 15 | 16 | ## Steps to Reproduce (for bugs) 17 | 18 | 19 | 1. 20 | 2. 21 | 3. 22 | 4. 23 | 24 | ## Context 25 | 26 | 27 | 28 | ## Your Environment 29 | 30 | * Version used: 31 | * Operating System and version: 32 | * Link to your project: -------------------------------------------------------------------------------- /.github/PULL_REQUEST_TEMPLATE.md: -------------------------------------------------------------------------------- 1 | A similar PR may already be submitted! 2 | Please search among the [pull requests](../../../pulls) before creating one. 3 | 4 | Thanks for submitting a pull request! Please provide enough information so that others can review your pull request: 5 | 6 | For more information, see the [CONTRIBUTING](CONTRIBUTING.md) guide. 7 | 8 | **Summary** 9 | 10 | 11 | 12 | This PR fixes/implements the following **bugs/features** 13 | 14 | * [ ] Bug 1 15 | * [ ] Bug 2 16 | * [ ] Feature 1 17 | * [ ] Feature 2 18 | * [ ] Breaking changes 19 | 20 | 21 | 22 | Explain the **motivation** for making this change. What existing problem does the pull request solve? 23 | 24 | 25 | 26 | **Test plan (required)** 27 | 28 | Demonstrate the code is solid. Example: The exact commands you ran and their output. 29 | 30 | **Closing issues** 31 | 32 | 33 | Fixes # 34 | 35 | **Checklist** 36 | 37 | - [ ] Have you followed the guidelines in our [CONTRIBUTING](CONTRIBUTING.md) guide? 38 | - [ ] I have squashed any insignificant commits 39 | - [ ] This change has comments for package types, values, functions, and non-obvious lines of code -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | .docker-sync 2 | .idea 3 | docker-sync.yml -------------------------------------------------------------------------------- /.travis.yml: -------------------------------------------------------------------------------- 1 | language: ruby 2 | 3 | sudo: required 4 | 5 | services: 6 | - docker 7 | 8 | before_install: 9 | - curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add - 10 | - sudo add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable" 11 | - sudo apt-get update 12 | - sudo apt-get -y install docker-ce 13 | - sudo rm /usr/local/bin/docker-compose 14 | - curl -L https://github.com/docker/compose/releases/download/1.14.0/docker-compose-`uname -s`-`uname -m` > docker-compose 15 | - chmod +x docker-compose 16 | - sudo mv docker-compose /usr/local/bin 17 | - wget https://github.com/gulien/orbit/releases/download/v3.0.0/orbit_Linux_x86_64.tar.gz && tar -xzf orbit*.tar.gz orbit && rm -f orbit*.tar.gz 18 | - sudo mv ./orbit /usr/local/bin && chmod +x /usr/local/bin/orbit 19 | 20 | script: 21 | - cp ./config/.env.blueprint ./config/.env 22 | # let's start a simple test without updating the configuration 23 | - orbit run kickoff shutdown 24 | # alright, now let's mimic a production environment 25 | - sed -i -e "s#ENV=local#ENV=test#g" ./config/.env 26 | - sed -i -e "s#TRAEFIK_CERT_FILE_PATH=#TRAEFIK_CERT_FILE_PATH=/home/travis/build/thecodingmachine/kickoff-docker-php/modules/toolbox/generated/traefik/certs/my-awesome-project.local.crt#g" ./config/.env 27 | - sed -i -e "s#TRAEFIK_KEY_FILE_PATH=#TRAEFIK_KEY_FILE_PATH=/home/travis/build/thecodingmachine/kickoff-docker-php/modules/toolbox/generated/traefik/certs/my-awesome-project.local.key#g" ./config/.env 28 | - orbit run kickoff shutdown 29 | # last but not least, let's disable optional modules 30 | - sed -i -e "s#true#false#g" ./config/modules.yml 31 | - orbit run kickoff shutdown 32 | 33 | notifications: 34 | email: false -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | MIT License 2 | 3 | Copyright (c) 2018 Julien Neuhart 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 |

2 | kickoff-docker-php's logo 3 |

4 |

kickoff-docker-php

5 |

A complete stack for your PHP project powered by Docker

6 |

7 | Stable release: v2.5.1 8 | Unstable release: master 9 | Travis CI 10 |

11 | 12 | --- 13 | 14 | We're working on a lot of projects at [TheCodingMachine](https://www.thecodingmachine.com/) and we needed a tool to 15 | easily start a PHP project with Docker. That's why we started working on the *kickoff-docker-php* stack with the 16 | following goals in mind: 17 | 18 | * One project = one technical environment 19 | * A `local` environment as close as possible to our distant environment 20 | * Switching quickly between our projects 21 | * Easy to use 22 | 23 | 24 | 25 | # Menu 26 | 27 | * [Features](#features) 28 | * [Install](#install) 29 | * [Quick start](#quick-start) 30 | * [Orbit tasks](#orbit-tasks) 31 | * [Project structure](#project-structure) 32 | * [Configuration](#configuration) 33 | * [Modules](#modules) 34 | * [Advanced](#advanced) 35 | * [Contributing](#contributing) 36 | * [Credits](#credits) 37 | 38 | ## Features 39 | 40 | * **Cross-platform:** Windows, Mac, Linux 41 | * **A complete stack:** NGINX, PHP-FPM 7.2, MySQL 5.7, phpMyAdmin, Redis, RabbitMQ 42 | * **Centralized logging** with Graylog 43 | * Automatic **HTTPS** on your local environment 44 | * A powerful **reverse-proxy** ([Traefik](https://traefik.io/)) which can handle automatic HTTPS (via [Let's Encrypt](https://letsencrypt.org/)) 45 | on your production environment 46 | * **Performance gains** on Mac and Windows using [Docker Sync](http://docker-sync.io/) or Docker for Mac's user-guided cache 47 | * **Lightweight** images, mostly based on Alpine 48 | * **Easily configurable:** disable the modules you don't need, set your own users and so on! 49 | * **Customizable** thanks to [Orbit](https://github.com/gulien/orbit) 50 | 51 | And more! :smiley: 52 | 53 | ## Install 54 | 55 | Download and install [Docker](https://docs.docker.com/engine/installation/) (**>= 17.06**) for your platform. 56 | 57 | **Note:** This project won't work using the legacy desktop solution, aka *Docker Toolbox*. 58 | 59 | On Linux, you also have to install [Docker compose](https://docs.docker.com/compose/install/) (**>= 1.14.0**) as it does not 60 | come with by default. Also add your current user to the `docker` group and don't forget to logout/login from your current 61 | session. 62 | 63 | Then download and install [Orbit](https://github.com/gulien/orbit) (**>= 3.0.0**), a tool for generating files from templates and 64 | running commands. 65 | 66 | You may now fork this project and clone it or download the latest release from the [releases page](../../releases). 67 | 68 | ### Optional install for performance gains with Docker Sync (Mac and Windows) 69 | 70 | Download and install the latest release of [Docker Sync](http://docker-sync.io/). 71 | 72 | **Note:** On Windows, it only works with *Windows Subsystem for Linux*. 73 | 74 | ## Quick start 75 | 76 | Once you've downloaded this project, move to the `config` folder and copy the file `.env.blueprint` and paste it to a file 77 | named `.env`. 78 | 79 | | Linux/Mac | Windows | 80 | |-------------------------- |---------------------------- | 81 | | `cp .env.blueprint .env` | `copy .env.blueprint .env` | 82 | 83 | **Note:** If you wish to enable Docker Sync, don't forget to set `ENABLE_DOCKER_SYNC` to `true` in your `.env` file. 84 | 85 | In the same folder, open the file `project.yml` and set the following variables: 86 | 87 | * `virtualhost.local` with your own virtual host 88 | * `name` with your project name 89 | 90 | Now open your `hosts` file... 91 | 92 | | Linux/Mac | Windows | 93 | |------------------------|-----------------------------------------------------------------------------------------------------| 94 | | `sudo nano /etc/hosts` | Run Notepad as administrator and open the file located at `C:\Windows\System32\drivers\etc\hosts` | 95 | 96 | ...and add the following lines at the end of the file: 97 | 98 | ``` 99 | 127.0.0.1 your-virtualhost.local 100 | 127.0.0.1 www.your-virtualhost.local 101 | 127.0.0.1 traefik.your-virtualhost.local 102 | 127.0.0.1 phpadmin.your-virtualhost.local 103 | 127.0.0.1 rabbitmq.your-virtualhost.local 104 | 127.0.0.1 graylog.your-virtualhost.local 105 | ``` 106 | 107 | **Tip:** Don't want to update your `hosts` file? Set `virtualhost.local` with `your-virtualhost.127.0.0.1.xip.io` 108 | in your `project.yml` file. Your applications will be available under `*.your-virtualhost.127.0.0.1.xip.io/`! 109 | 110 | Good :smiley:? We're now done with the configuration! :metal: 111 | 112 | Last but not least, move to the root directory, **shutdown your local Apache or anything which could use your 80 113 | and 443 ports**, and run: 114 | 115 | ``` 116 | orbit run kickoff 117 | ``` 118 | 119 | The installation might take some time, so go for a coffee break! :coffee: 120 | 121 | Once everything has been installed, open your favorite web browser and copy / paste https://www.your-virtualhost.local 122 | and check if everything is OK! 123 | 124 | ## Orbit tasks 125 | 126 | **Note:** You can use the `-d` flag to have a more detailed output. 127 | 128 | ### Main tasks 129 | 130 | | Command | Description | 131 | |------------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------| 132 | | `orbit run` | Displays available tasks. | 133 | | `orbit run kickoff` | Generates all configuration files, builds the NGINX and PHP-FPM images and starts the containers. It's a combo of `build`, `proxy-up` and `up` commands. | 134 | | `orbit run shutdown` | Stops all containers. It's a combo of `down` and `proxy-down` commands. | 135 | | `orbit run workspace` | Connects through ash to the PHP-FPM container. This is where you're able to run useful commands like `composer` and `yarn`. | 136 | | `orbit run mysql-cli` | Opens the MySQL cli as `root`. On environments <> `local`, it will ask you the MySQL `root` password. | 137 | 138 | ### Others tasks 139 | 140 | **Note:** you should not use them, unless you know what you're doing! 141 | 142 | | Command | Description | 143 | |------------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------| 144 | | `orbit run build` | Generates all configuration files and builds the NGINX and PHP-FPM images. | 145 | | `orbit run proxy-up` | Starts the Traefik container. | 146 | | `orbit run up` | Starts all containers without the Traefik container. | 147 | | `orbit run proxy-down` | Stops the Traefik container. | 148 | | `orbit run down` | Stops all containers without the Traefik container. | 149 | 150 | 151 | ## Project structure 152 | 153 | ``` 154 | ├── config # Kickoff related configuration files 155 | ├── modules # Modules related configuration files 156 | └── app # The source code of your PHP application 157 | ``` 158 | 159 | Only the configuration files of your modules and the application source code are directly mounted in the containers. 160 | The data of modules like MySQL are stored inside named volumes. You can see those named volumes by running 161 | `docker volume ls` command. They are named using the project name, your current environment and the considered module. 162 | If you want to locate those volumes on the host, run `docker inspect {volume name}` command. 163 | 164 | **Note:** For now, the credentials will only be set the first time the Graylog, MySQL, RabbitMQ containers are launched. 165 | If you want to update them after, use the considered dashboard. You could also delete the named volumes, but proceed with 166 | caution: it will delete all your data. 167 | 168 | **Tip:** Your `app` folder should be a git submodule. 169 | 170 | ## Configuration 171 | 172 | | File | Description | 173 | |----------------------|--------------------------------------------------------------------------------------| 174 | | `config/project.yml` | Your project configuration values. | 175 | | `config/modules.yml` | The cross-environments configuration values of your modules. | 176 | | `config/.env` | The sensitive and environment specific configuration values of your modules. | 177 | | `orbit.yml` | The Orbit's commands of your project. | 178 | 179 | Don't hesitate to take a look at those files, as they are provided with nice comments! 180 | 181 | **Note:** If you need to update some values in those files, make sure you have stopped your containers using 182 | `orbit run shutdown`. 183 | 184 | ## Modules 185 | 186 | * [Toolbox](#toolbox) 187 | * [Traefik](#traefik) 188 | * [Graylog](#graylog) 189 | * [NGINX](#nginx) 190 | * [PHP-FPM](#php-fpm) 191 | * [MySQL](#mysql) 192 | * [Redis](#redis) 193 | * [RabbitMQ](#rabbitmq) 194 | 195 | ### Toolbox 196 | 197 | The Toolbox is a simple container which is used to: 198 | 199 | * Generates the self-signed certificate on your `local` environment 200 | * Generates the `.htdigest` file for authentication to the Traefik dashboard on environments <> `local` 201 | * Generates the SHA2 password and secret pepper for Graylog authentication 202 | * Checks if Graylog is ready to receive logs from others containers 203 | * Checks if others containers have been successfully started 204 | 205 | ### Traefik 206 | 207 | The [Traefik](https://traefik.io/) container is used as a reverse-proxy: it's the entry door which will redirect clients requests 208 | to the correct frontend. 209 | 210 | It provides a nice dashboard (https://traefik.your-virtualhost.local/) which requires an authentication on environments <> `local`. 211 | 212 | #### HTTPS 213 | 214 | On your `local` environment, the Toolbox container will automatically generate a self-signed certificate according to the 215 | virtual host specified in your `project.yml` file. 216 | 217 | On others environment, we provided `TRAEFIK_CERT_FILE_PATH` and `TRAEFIK_KEY_FILE_PATH` variables in your `.env` file 218 | to let you specify the absolute path to your certificates. You may also customize the Traefik configuration located at 219 | `modules/traefik/traefik.blueprint.toml` with [ACME configuration](https://docs.traefik.io/toml/#acme-lets-encrypt-configuration) 220 | to enable automatic HTTPS. 221 | 222 | How to enable automatic HTTPS on your production environment: https://gist.github.com/gulien/8fe9debbcb30d97091406a24ef5eea82 223 | 224 | #### Configuration 225 | 226 | | Variable | Location | Description | 227 | |------------------------|----------------------|---------------------------------------------------------------------------------------------------------------------------------------------| 228 | | virtualhost.* | `config/project.yml` | The virtual host to use according to your environments. | 229 | | traefik.user | `config/modules.yml` | The Traefik user used for generating the .htdigest file. Only required for environments <> `local`. | 230 | | TRAEFIK_PREFIX | `config/.env` | If `true`, your URLs will be prefixed with your current environment. This is useful if you wish to have many environments on the same host. | 231 | | TRAEFIK_LOG_LEVEL | `config/.env` | Defines the log level of the Traefik container. | 232 | | TRAEFIK_PASSWORD | `config/.env` | The password of the user defined in the `modules.yml` file. Only required for environments <> `local`. | 233 | | TRAEFIK_CERT_FILE_PATH | `config/.env` | The `.crt` absolute file path. Only required for environments <> `local`. | 234 | | TRAEFIK_KEY_FILE_PATH | `config/.env` | The `.key` absolute file path. Only required for environments <> `local`. | 235 | 236 | ### Graylog 237 | 238 | The [Graylog](https://www.graylog.org/) containers centralize the Docker's logs of the NGINX, PHP-FPM, MySQL, 239 | phpMyAdmin, Redis and RabbitMQ containers. It's actually composed of three containers: Elasticsearch, MongoDB 240 | and the Graylog server. 241 | 242 | You may access the Graylog dashboard (https://graylog.your-virtualhost.local/) using the credentials provided in your configuration files. 243 | 244 | #### Configuration 245 | 246 | | Variable | Location | Description | 247 | |--------------------------|----------------------|--------------------------------------------------------------------------------| 248 | | graylog.enable | `config/modules.yml` | If `true`, enables Graylog. | 249 | | graylog.user | `config/modules.yml` | The Graylog `root` user. | 250 | | GRAYLOG_PORT | `config/.env` | The port on which the Graylog server will receive logs from others containers. | 251 | | GRAYLOG_PASSWORD | `config/.env` | The password of the user defined in the `modules.yml` file. | 252 | | GRAYLOG_SERVER_JAVA_OPTS | `config/.env` | The Java options for the Graylog server. | 253 | | GRAYLOG_ES_JAVA_OPTS | `config/.env` | The Java options for Elasticsearch. | 254 | 255 | ### NGINX 256 | 257 | NGINX is the web server of your PHP application. 258 | 259 | The NGINX configuration located at `modules/nginx/conf.d/php-fpm.conf` provides good security defaults. Still, you might 260 | have to update it according to the PHP framework you wish to use. 261 | 262 | Example for a Symfony application: https://gist.github.com/gulien/64d8c94c5d0e294ac121ea810794757e. 263 | 264 | ### PHP-FPM 265 | 266 | The PHP-FPM container has many roles. First, it handles requests from the NGINX container to execute your PHP files. 267 | Then, it provides a complete set of tools to help you building your application. You can run them by connecting to it with 268 | the `orbit run workspace` command. 269 | 270 | Your PHP application will be accessible under https://your-virtualhost.local/ and https://www.your-virtualhost.local/. 271 | 272 | #### Installed PHP extensions 273 | 274 | apcu, bcmath, gd, intl, mbstring, pdo_mysql, phpredis, opcache, soap, xdebug, yaml, 275 | zip and more! 276 | 277 | You are able to find all installed PHP extensions by running `php -m` inside your workspace. 278 | 279 | #### Xdebug 280 | 281 | Xdebug is a tool for easily debugging your PHP code. We provided simple variables in your `.env` file as described below. 282 | 283 | Example with PhpStorm: https://gist.github.com/gulien/d0933d8f90587a95cec5fd750da41b87. 284 | 285 | #### Available tools 286 | 287 | *Composer* - https://getcomposer.org/ 288 | 289 | > Composer helps you declare, manage and install dependencies of PHP projects. 290 | 291 | *prestissimo* - https://github.com/hirak/prestissimo 292 | 293 | > composer parallel install plugin. 294 | 295 | *npm* - https://www.npmjs.com/ 296 | 297 | > npm is the package manager for JavaScript and the world’s largest software registry. 298 | 299 | *yarn* - https://yarnpkg.com/lang/en/ 300 | 301 | > FAST, RELIABLE, AND SECURE DEPENDENCY MANAGEMENT 302 | 303 | *PHP Coding Standards Fixer* - http://cs.sensiolabs.org/ 304 | 305 | > The PHP Coding Standards Fixer tool fixes most issues in your code when you want to follow the PHP coding standards 306 | as defined in the PSR-1 and PSR-2 documents and many more. 307 | 308 | #### Configuration 309 | 310 | | Variable | Location | Description | 311 | |----------------------|---------------|---------------------------------------------------------------------| 312 | | PHP_MEMORY_LIMIT | `config/.env` | Defines the PHP memory limit of the PHP-FPM container. | 313 | | PHP_FPM_MEMORY_LIMIT | `config/.env` | Defines the PHP-FPM memory limit of the PHP-FPM container. | 314 | | XDEBUG_ENABLED | `config/.env` | If true, enables Xdebug. | 315 | | XDEBUG_REMOTE_HOST | `config/.env` | If Xdebug is enabled, set this variable with your local IP address. | 316 | 317 | ### MySQL 318 | 319 | The MySQL container is the DBMS of this stack. 320 | 321 | In your PHP-FPM container, the hostname of the MySQL DBMS is `mysql`. Also, just use the port `3306` and the 322 | credentials defined in the `modules.yml` and `.env` files. 323 | 324 | There are also three ways to manage MySQL: 325 | 326 | * On `local` environment, you may access the phpMyAdmin dashboard (https://phpadmin.your-virtualhost.local/); 327 | you will automatically be connected as `root` 328 | * By running `orbit run mysql-cli`: it will open the MySQL cli and connect you as `root`. On environments <> `local`, 329 | it will ask you the MySQL `root` password 330 | * By mapping the container's port `3306` to a host port, you are able to use a more powerful tool like MySQL Workbench 331 | using `127.0.0.1` (or your server IP) as host and the port defined in the variable `MYSQL_HOST_PORT_TO_MAP` in your 332 | `.env` file 333 | 334 | **Note:** On `production` environments, we strongly advise to not put the MySQL port on a public facing port. 335 | This should be used only in others environments. 336 | 337 | #### Configuration 338 | 339 | | Variable | Location | Description | 340 | |----------------------------|----------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| 341 | | mysql.enable | `config/modules.yml` | If `true`, enables MySQL. | 342 | | mysql.user | `config/modules.yml` | The MySQL user of your PHP application. | 343 | | mysql.databases | `config/modules.yml` | List of the databases of your PHP application. If they do not exist, they will be created when the MySQL container starts. The previous user will have all privileges on these databases. | 344 | | MYSQL_PASSWORD | `config/.env` | The password of the user defined in the `modules.yml` file. | 345 | | MYSQL_ROOT_PASSWORD | `config/.env` | The MySQL `root` password. | 346 | | MYSQL_ENABLE_PORTS_MAPPING | `config/.env` | If true, it will map the port `3306` of the MySQL container with the host port defined below. | 347 | | MYSQL_HOST_PORT_TO_MAP | `config/.env` | The host port to map. | 348 | 349 | ### Redis 350 | 351 | Redis is the cache store of this stack. 352 | 353 | The hostname of Redis in your PHP-FPM container is `redis`. To configure Redis to be the cache handler of 354 | your PHP application, you should refer to the documentation provided by your PHP framework. 355 | 356 | **Note:** You should not use [predis](https://github.com/nrk/predis), as [phpredis](https://github.com/phpredis/phpredis) 357 | is installed by default. 358 | 359 | #### Configuration 360 | 361 | | Variable | Location | Description | 362 | |----------------|----------------------|--------------------------------------------| 363 | | redis.enable | `config/modules.yml` | If `true`, enables Redis. | 364 | | REDIS_PASSWORD | `.env` | The auth used to access the Redis DBMS. | 365 | 366 | ### RabbitMQ 367 | 368 | RabbitMQ is the message broker of this stack. 369 | 370 | The hostname of RabbitMQ in your PHP-FPM container is `rabbitmq`. To configure RabbitMQ to be the message 371 | broker of your PHP application, you should refer to the documentation provided by your PHP framework. 372 | 373 | You may access the RabbitMQ dashboard (https://rabbitmq.your-virtualhost.local/) using the credentials provided in 374 | your configuration files. 375 | 376 | #### Configuration 377 | 378 | | Variable | Location | Description | 379 | |-------------------|----------------------|-------------------------------------------------------------| 380 | | rabbitmq.enable | `config/modules.yml` | If `true`, enables RabbitMQ. | 381 | | rabbitmq.user | `config/modules.yml` | The RabbitMQ user of your PHP application. | 382 | | RABBITMQ_PASSWORD | `config/.env` | The password of the user defined in the `modules.yml` file. | 383 | 384 | ## Advanced 385 | 386 | ### Restart strategy 387 | 388 | On your `local` environment, your containers will not restart automatically. 389 | 390 | On others environments, if you have enable Graylog, they will also not restart automatically. Indeed, we have to check 391 | that Graylog is ready to receive logs from others containers before we start them. In your production environment, you 392 | should configure your host to restart in the right order your containers after Docker startup. Indeed, your host provider 393 | might restart your server from time to time. Of course, if Graylog is not enable, your containers have been configured 394 | to restart automatically. :wink: 395 | 396 | ### Many environments on the same host 397 | 398 | Let's say you want your `staging` and `production` environments to run on the same host. You have cloned two projects, 399 | one per environment. 400 | 401 | First, check that you have the same virtual host on both environments. 402 | 403 | Then, start your production environment by running `orbit run kickoff`. 404 | 405 | Once done, move to the `staging` environment project folder, and update the following variables in your `.env` file: 406 | 407 | * `TRAEFIK_PREFIX` to `true` 408 | * `GRAYLOG_PORT` to another port than the one used by your `production` environment 409 | * If `MYSQL_ENABLE_PORTS_MAPPING=true` on both your environments, update `MYSQL_HOST_PORT_TO_MAP` in your `staging` 410 | environment to another port than the one used by your `production` environment 411 | 412 | **Reminder:** On `production` environments, we strongly advise to not put the MySQL port on a public facing port. 413 | This should be used only in others environments. 414 | 415 | Last but not least, start your `staging` environment by running `orbit run build up`. 416 | 417 | **Note:** Don't run `kickoff` command, as we only want one Traefik container! 418 | 419 | If your virtual host is `my-awesome-project.com`, your `production` applications will be available under `*.my-awesome-project.com` 420 | while your `staging` applications will be available under `*-staging.my-awesome-project.com`! :metal: 421 | 422 | ## Contributing 423 | 424 | Please read our [contributing guidelines](.github/CONTRIBUTING.md) for instructions. 425 | 426 | If you've found a security vulnerability, please e-mail directly: j dot neuhart dot thecodingmachine dot com. 427 | Provide enough information to reproduce the bug and make a patch! 428 | 429 | ## Credits 430 | 431 | * NGINX and PHP-FPM configuration files from [Cerenit](https://code.cerenit.fr/cerenit/docker-grav) 432 | * MySQL utf8mb4 encoding from [this blog article](https://mathiasbynens.be/notes/mysql-utf8mb4) 433 | 434 | --- 435 | 436 | Would you like to update this documentation ? Feel free to open an [issue](../../issues). 437 | -------------------------------------------------------------------------------- /app/index.php: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | Is my webserver working? 5 | 6 | 7 | 8 |

If you can read this, the web server is working.

9 | If you can read this, php is working, too.

'; 11 | ?> 12 | 13 | -------------------------------------------------------------------------------- /app/phpinfo.php: -------------------------------------------------------------------------------- 1 | "local". 68 | # | 69 | 70 | TRAEFIK_PASSWORD=secret 71 | 72 | # |-------------------------------------------------------------------------- 73 | # | Traefik certifications path 74 | # |-------------------------------------------------------------------------- 75 | # | 76 | # | The absolute path of your certifications for enabling HTTPS. 77 | # | 78 | # | Only required for environments <> "local". 79 | # | 80 | 81 | TRAEFIK_CERT_FILE_PATH= 82 | TRAEFIK_KEY_FILE_PATH= 83 | 84 | # |-------------------------------------------------------------------------- 85 | # | Graylog port 86 | # |-------------------------------------------------------------------------- 87 | # | 88 | # | The port on which the Graylog server will receive logs from others 89 | # | containers. 90 | # | 91 | 92 | GRAYLOG_PORT=12201 93 | 94 | # |-------------------------------------------------------------------------- 95 | # | Graylog password 96 | # |-------------------------------------------------------------------------- 97 | # | 98 | # | The password of the user defined in the "modules.yml" file. 99 | # | 100 | 101 | GRAYLOG_PASSWORD=secret 102 | 103 | # |-------------------------------------------------------------------------- 104 | # | Graylog Java options 105 | # |-------------------------------------------------------------------------- 106 | # | 107 | # | The Java options for the Graylog server and Elasticsearch. 108 | # | 109 | 110 | GRAYLOG_SERVER_JAVA_OPTS="-Xms1g -Xmx2g -XX:NewRatio=1 -XX:MaxMetaspaceSize=256m -server -XX:+ResizeTLAB -XX:+UseConcMarkSweepGC -XX:+CMSConcurrentMTEnabled -XX:+CMSClassUnloadingEnabled -XX:+UseParNewGC -XX:-OmitStackTraceInFastThrow" 111 | GRAYLOG_ES_JAVA_OPTS="-Xms256m -Xmx256m" 112 | 113 | # |-------------------------------------------------------------------------- 114 | # | PHP memory limit 115 | # |-------------------------------------------------------------------------- 116 | # | 117 | # | Defines the PHP memory limit of the PHP-FPM container. 118 | # | 119 | 120 | PHP_MEMORY_LIMIT=-1 121 | 122 | # |-------------------------------------------------------------------------- 123 | # | PHP-FPM memory limit 124 | # |-------------------------------------------------------------------------- 125 | # | 126 | # | Defines the PHP-FPM memory limit of the PHP-FPM container. 127 | # | 128 | 129 | PHP_FPM_MEMORY_LIMIT=128m 130 | 131 | # |-------------------------------------------------------------------------- 132 | # | Xdebug enabled 133 | # |-------------------------------------------------------------------------- 134 | # | 135 | # | If true, enables Xdebug. 136 | # | 137 | 138 | XDEBUG_ENABLED=false 139 | 140 | # |-------------------------------------------------------------------------- 141 | # | Xdebug remote host 142 | # |-------------------------------------------------------------------------- 143 | # | 144 | # | If Xdebug is enabled, set this variable with your local IP address. 145 | # | 146 | # | On MacOS, you should set it with "docker.for.mac.localhost". 147 | # | On Windows, run "ipconfig" and look for the IP4 address in "DockerNAT" 148 | # | entry. 149 | # | 150 | # | 151 | 152 | XDEBUG_REMOTE_HOST=172.18.0.1 153 | 154 | # |-------------------------------------------------------------------------- 155 | # | MySQL password 156 | # |-------------------------------------------------------------------------- 157 | # | 158 | # | The password of the user defined in the "modules.yml" file. 159 | # | 160 | 161 | MYSQL_PASSWORD=secret 162 | 163 | # |-------------------------------------------------------------------------- 164 | # | MySQL root password 165 | # |-------------------------------------------------------------------------- 166 | # | 167 | # | The MySQL root password. 168 | # | 169 | 170 | MYSQL_ROOT_PASSWORD=admin 171 | 172 | # |-------------------------------------------------------------------------- 173 | # | MySQL ports mapping 174 | # |-------------------------------------------------------------------------- 175 | # | 176 | # | If true, it will map the port 3306 of the MySQL container with the host 177 | # | port defined below. 178 | # | 179 | # | On "production" environments, we strongly advise to not put the MySQL 180 | # | port on a public facing port. This should be used only in others 181 | # | environments. 182 | # | 183 | 184 | MYSQL_ENABLE_PORTS_MAPPING=true 185 | MYSQL_HOST_PORT_TO_MAP=3307 186 | 187 | # |-------------------------------------------------------------------------- 188 | # | Redis password 189 | # |-------------------------------------------------------------------------- 190 | # | 191 | # | The auth used to access to the Redis DBMS. 192 | # | 193 | 194 | REDIS_PASSWORD=secret 195 | 196 | # |-------------------------------------------------------------------------- 197 | # | RabbitMQ password 198 | # |-------------------------------------------------------------------------- 199 | # | 200 | # | The password of the user defined in the "modules.yml" file. 201 | # | 202 | 203 | RABBITMQ_PASSWORD=secret -------------------------------------------------------------------------------- /config/.gitignore: -------------------------------------------------------------------------------- 1 | .env -------------------------------------------------------------------------------- /config/modules.yml: -------------------------------------------------------------------------------- 1 | traefik: 2 | 3 | # |-------------------------------------------------------------------------- 4 | # | Traefik user 5 | # |-------------------------------------------------------------------------- 6 | # | 7 | # | The Traefik user used for generating the .htdigest file. 8 | # | 9 | # | Only required for environments <> "local". 10 | # | 11 | 12 | user: kickoff 13 | 14 | graylog: 15 | 16 | # |-------------------------------------------------------------------------- 17 | # | Enable Graylog 18 | # |-------------------------------------------------------------------------- 19 | # | 20 | # | If true, enables Graylog. 21 | # | 22 | 23 | enable: true 24 | 25 | # |-------------------------------------------------------------------------- 26 | # | Graylog user 27 | # |-------------------------------------------------------------------------- 28 | # | 29 | # | The Graylog root user. 30 | # | 31 | 32 | user: kickoff 33 | 34 | mysql: 35 | 36 | # |-------------------------------------------------------------------------- 37 | # | Enable MySQL 38 | # |-------------------------------------------------------------------------- 39 | # | 40 | # | If true, enables MySQL. 41 | # | 42 | 43 | enable: true 44 | 45 | # |-------------------------------------------------------------------------- 46 | # | MySQL user 47 | # |-------------------------------------------------------------------------- 48 | # | 49 | # | The MySQL user of your PHP application. 50 | # | 51 | 52 | user: kickoff 53 | 54 | # |-------------------------------------------------------------------------- 55 | # | MySQL databases 56 | # |-------------------------------------------------------------------------- 57 | # | 58 | # | List of the databases of your PHP application. If they do not exist, 59 | # | they will be created when the MySQL container starts. 60 | # | 61 | # | The previous user will have all privileges on these databases. 62 | # | 63 | 64 | databases: 65 | - my_awesome_database 66 | - my_genious_database 67 | - my_ok_database 68 | 69 | redis: 70 | 71 | # |-------------------------------------------------------------------------- 72 | # | Enable Redis 73 | # |-------------------------------------------------------------------------- 74 | # | 75 | # | If true, enables Redis. 76 | # | 77 | 78 | enable: true 79 | 80 | rabbitmq: 81 | 82 | # |-------------------------------------------------------------------------- 83 | # | Enable RabbitMQ 84 | # |-------------------------------------------------------------------------- 85 | # | 86 | # | If true, enables RabbitMQ. 87 | # | 88 | 89 | enable: true 90 | 91 | # |-------------------------------------------------------------------------- 92 | # | RabbitMQ user 93 | # |-------------------------------------------------------------------------- 94 | # | 95 | # | The RabbitMQ user of your PHP application. 96 | # | 97 | 98 | user: kickoff -------------------------------------------------------------------------------- /config/orbit/orbit-build.yml: -------------------------------------------------------------------------------- 1 | # |-------------------------------------------------------------------------- 2 | # | Build tasks 3 | # |-------------------------------------------------------------------------- 4 | # | 5 | # | This file describes the build tasks of your project. 6 | # | Feel free to add your own tasks! 7 | # | 8 | # | https://github.com/gulien/orbit/ 9 | # | 10 | 11 | tasks: 12 | 13 | # |-------------------------------------------------------------------------- 14 | # | orbit run docker-sync-build 15 | # |-------------------------------------------------------------------------- 16 | # | 17 | # | Generates Docker Sync configuration file. 18 | # | 19 | 20 | - use: docker-sync-build 21 | run: 22 | {{ if eq "true" .Orbit.EnvFile.ENABLE_DOCKER_SYNC }} 23 | - orbit generate -f docker-sync.blueprint.yml -o docker-sync.yml {{ if debug }}-d{{ end }} 24 | - orbit run script-fix-permissions-docker-sync -f config/orbit/orbit-scripts.yml {{ if debug }}-d{{ end }} 25 | {{ else }} 26 | - echo Skipping Docker Sync configuration file generation ... 27 | {{ end }} 28 | 29 | # |-------------------------------------------------------------------------- 30 | # | orbit run toolbox-build 31 | # |-------------------------------------------------------------------------- 32 | # | 33 | # | Generates Toolbox configuration files. 34 | # | 35 | 36 | - use: toolbox-build 37 | run: 38 | - orbit generate -f modules/toolbox/docker-compose.blueprint.yml -o modules/toolbox/docker-compose.yml {{ if debug }}-d{{ end }} 39 | 40 | # |-------------------------------------------------------------------------- 41 | # | orbit run traefik-build 42 | # |-------------------------------------------------------------------------- 43 | # | 44 | # | Generates Traefik configuration files. 45 | # | 46 | 47 | - use: traefik-build 48 | run: 49 | - orbit run script-traefik-self-signed-certificate -f config/orbit/orbit-scripts.yml {{ if debug }}-d{{ end }} 50 | - orbit run script-traefik-htdigest -f config/orbit/orbit-scripts.yml {{ if debug }}-d{{ end }} 51 | - orbit generate -f modules/traefik/traefik.blueprint.toml -o modules/traefik/traefik.toml {{ if debug }}-d{{ end }} 52 | - orbit generate -f modules/traefik/docker-compose.blueprint.yml -o modules/traefik/docker-compose.yml {{ if debug }}-d{{ end }} 53 | 54 | # |-------------------------------------------------------------------------- 55 | # | orbit run graylog-build 56 | # |-------------------------------------------------------------------------- 57 | # | 58 | # | Generates Graylog configuration files. 59 | # | 60 | 61 | - use: graylog-build 62 | run: 63 | {{ if eq true .Orbit.Modules.graylog.enable }} 64 | - orbit generate -f modules/graylog/docker-compose.blueprint.yml -o modules/graylog/docker-compose.yml {{ if debug }}-d{{ end }} 65 | - orbit generate -f modules/graylog/udp-input.blueprint.json -o modules/graylog/udp-input.json {{ if debug }}-d{{ end }} 66 | - orbit run script-graylog-secrets -f config/orbit/orbit-scripts.yml {{ if debug }}-d{{ end }} 67 | {{ else }} 68 | - echo Skipping Graylog configuration files generation ... 69 | {{ end }} 70 | 71 | # |-------------------------------------------------------------------------- 72 | # | orbit run php-fpm-build 73 | # |-------------------------------------------------------------------------- 74 | # | 75 | # | Generates PHP-FPM configuration files. 76 | # | 77 | 78 | - use: php-fpm-build 79 | run: 80 | - orbit generate -f modules/php-fpm/docker-compose.blueprint.yml -o modules/php-fpm/docker-compose.yml {{ if debug }}-d{{ end }} 81 | - orbit run script-fix-permissions-php-fpm -f config/orbit/orbit-scripts.yml {{ if debug }}-d{{ end }} 82 | - orbit generate -f modules/php-fpm/conf.d/memory-limit.blueprint.ini -o modules/php-fpm/conf.d/memory-limit.ini {{ if debug }}-d{{ end }} 83 | - orbit generate -f modules/php-fpm/php-fpm.d/memory-limit.blueprint.conf -o modules/php-fpm/php-fpm.d/memory-limit.conf {{ if debug }}-d{{ end }} 84 | - orbit generate -f modules/php-fpm/php-fpm.d/security.blueprint.conf -o modules/php-fpm/php-fpm.d/security.conf {{ if debug }}-d{{ end }} 85 | 86 | # |-------------------------------------------------------------------------- 87 | # | orbit run nginx-build 88 | # |-------------------------------------------------------------------------- 89 | # | 90 | # | Generates NGINX configuration files and builds the image. 91 | # | 92 | 93 | - use: nginx-build 94 | run: 95 | - orbit generate -f modules/nginx/docker-compose.blueprint.yml -o modules/nginx/docker-compose.yml {{ if debug }}-d{{ end }} 96 | - orbit run script-fix-permissions-nginx -f config/orbit/orbit-scripts.yml {{ if debug }}-d{{ end }} 97 | - docker-compose -p {{ .Orbit.EnvFile.ENV }}{{ .Orbit.Project.name }} -f modules/nginx/docker-compose.yml build 98 | 99 | # |-------------------------------------------------------------------------- 100 | # | orbit run mysql-build 101 | # |-------------------------------------------------------------------------- 102 | # | 103 | # | Generates MySQL configuration files. 104 | # | 105 | 106 | - use: mysql-build 107 | run: 108 | {{ if eq true .Orbit.Modules.mysql.enable }} 109 | - orbit generate -f modules/mysql/docker-compose.blueprint.yml -o modules/mysql/docker-compose.yml {{ if debug }}-d{{ end }} 110 | - orbit generate -f modules/mysql/docker-entrypoint-initdb.d/databases.blueprint.sql -o modules/mysql/docker-entrypoint-initdb.d/databases.sql {{ if debug }}-d{{ end }} 111 | - orbit generate -f modules/mysql/secrets/mysql_password.blueprint.txt -o modules/mysql/secrets/mysql_password.txt {{ if debug }}-d{{ end }} 112 | - orbit generate -f modules/mysql/secrets/mysql_root_password.blueprint.txt -o modules/mysql/secrets/mysql_root_password.txt {{ if debug }}-d{{ end }} 113 | {{ else }} 114 | - echo Skipping MySQL configuration files generation ... 115 | {{ end }} 116 | 117 | # |-------------------------------------------------------------------------- 118 | # | orbit run redis-build 119 | # |-------------------------------------------------------------------------- 120 | # | 121 | # | Generates Redis configuration files. 122 | # | 123 | 124 | - use: redis-build 125 | run: 126 | {{ if eq true .Orbit.Modules.redis.enable }} 127 | - orbit generate -f modules/redis/docker-compose.blueprint.yml -o modules/redis/docker-compose.yml {{ if debug }}-d{{ end }} 128 | {{ else }} 129 | - echo Skipping Redis configuration files generation ... 130 | {{ end }} 131 | 132 | # |-------------------------------------------------------------------------- 133 | # | orbit run rabbitmq-build 134 | # |-------------------------------------------------------------------------- 135 | # | 136 | # | Generates RabbitMQ configuration files. 137 | # | 138 | 139 | - use: rabbitmq-build 140 | run: 141 | {{ if eq true .Orbit.Modules.rabbitmq.enable }} 142 | - orbit generate -f modules/rabbitmq/docker-compose.blueprint.yml -o modules/rabbitmq/docker-compose.yml {{ if debug }}-d{{ end }} 143 | {{ else }} 144 | - echo Skipping RabbitMQ configuration files generation ... 145 | {{ end }} -------------------------------------------------------------------------------- /config/orbit/orbit-commands.yml: -------------------------------------------------------------------------------- 1 | # |-------------------------------------------------------------------------- 2 | # | Tasks for commands 3 | # |-------------------------------------------------------------------------- 4 | # | 5 | # | This file describes the commands from the containers of your project. 6 | # | Feel free to add your own tasks! 7 | # | 8 | # | https://github.com/gulien/orbit/ 9 | # | 10 | 11 | tasks: 12 | 13 | # |-------------------------------------------------------------------------- 14 | # | orbit run command-workspace 15 | # |-------------------------------------------------------------------------- 16 | # | 17 | # | Connects through ash to the PHP-FPM container. 18 | # | 19 | 20 | - use: command-workspace 21 | run: 22 | - docker exec --user www-data -ti {{ .Orbit.EnvFile.ENV }}-{{ .Orbit.Project.name }}-php-fpm ash 23 | 24 | # |-------------------------------------------------------------------------- 25 | # | orbit run command-mysql-cli 26 | # |-------------------------------------------------------------------------- 27 | # | 28 | # | Opens the MySQL CLI as root. 29 | # | 30 | # | On environments <> "local", it will ask you the MySQL root password. 31 | # | 32 | 33 | - use: command-mysql-cli 34 | run: 35 | {{ if eq true .Orbit.Modules.mysql.enable }} 36 | - docker exec -ti {{ .Orbit.EnvFile.ENV }}-{{ .Orbit.Project.name }}-mysql mysql -uroot -p{{ if eq "local" .Orbit.EnvFile.ENV }}{{ .Orbit.EnvFile.MYSQL_ROOT_PASSWORD }}{{ end }} 37 | {{ else }} 38 | - echo MySQL is not enable! 39 | {{ end }} -------------------------------------------------------------------------------- /config/orbit/orbit-down.yml: -------------------------------------------------------------------------------- 1 | # |-------------------------------------------------------------------------- 2 | # | Down tasks 3 | # |-------------------------------------------------------------------------- 4 | # | 5 | # | This file describes the down tasks of your project. 6 | # | Feel free to add your own tasks! 7 | # | 8 | # | https://github.com/gulien/orbit/ 9 | # | 10 | 11 | tasks: 12 | 13 | # |-------------------------------------------------------------------------- 14 | # | orbit run docker-sync-down 15 | # |-------------------------------------------------------------------------- 16 | # | 17 | # | Stops Docker Sync. 18 | # | 19 | 20 | - use: docker-sync-down 21 | run: 22 | {{ if eq "true" .Orbit.EnvFile.ENABLE_DOCKER_SYNC }} 23 | - docker-sync clean 24 | {{ else }} 25 | - echo Skipping Docker Sync shutdown ... 26 | {{ end }} 27 | 28 | # |-------------------------------------------------------------------------- 29 | # | orbit run toolbox-down 30 | # |-------------------------------------------------------------------------- 31 | # | 32 | # | Only useful to remove properly the backend network. 33 | # | 34 | 35 | - use: toolbox-down 36 | run: 37 | - docker-compose -p {{ .Orbit.EnvFile.ENV }}{{ .Orbit.Project.name }} -f modules/toolbox/docker-compose.yml down 38 | 39 | # |-------------------------------------------------------------------------- 40 | # | orbit run traefik-down 41 | # |-------------------------------------------------------------------------- 42 | # | 43 | # | Stops the Traefik container. 44 | # | 45 | # | It should be the last to stop. 46 | # | 47 | 48 | - use: traefik-down 49 | run: 50 | - docker-compose -p kickoff -f modules/traefik/docker-compose.yml down 51 | 52 | # |-------------------------------------------------------------------------- 53 | # | orbit run graylog-down 54 | # |-------------------------------------------------------------------------- 55 | # | 56 | # | Stops the Graylog containers. 57 | # | 58 | # | They should be stop before the Traefik container. 59 | # | 60 | 61 | - use: graylog-down 62 | run: 63 | {{ if eq true .Orbit.Modules.graylog.enable }} 64 | - docker-compose -p {{ .Orbit.EnvFile.ENV }}{{ .Orbit.Project.name }} -f modules/graylog/docker-compose.yml down 65 | {{ else }} 66 | - echo Skipping Graylog containers shutdown ... 67 | {{ end }} 68 | 69 | # |-------------------------------------------------------------------------- 70 | # | orbit run php-fpm-down 71 | # |-------------------------------------------------------------------------- 72 | # | 73 | # | Stops the PHP-FPM container. 74 | # | 75 | # | It should be stop before the Graylog containers. 76 | # | 77 | 78 | - use: php-fpm-down 79 | run: 80 | - docker-compose -p {{ .Orbit.EnvFile.ENV }}{{ .Orbit.Project.name }} -f modules/php-fpm/docker-compose.yml down 81 | 82 | # |-------------------------------------------------------------------------- 83 | # | orbit run nginx-down 84 | # |-------------------------------------------------------------------------- 85 | # | 86 | # | Stops the NGINX container. 87 | # | 88 | # | It should be stop before the Graylog containers. 89 | # | 90 | 91 | - use: nginx-down 92 | run: 93 | - docker-compose -p {{ .Orbit.EnvFile.ENV }}{{ .Orbit.Project.name }} -f modules/nginx/docker-compose.yml down 94 | 95 | # |-------------------------------------------------------------------------- 96 | # | orbit run mysql-down 97 | # |-------------------------------------------------------------------------- 98 | # | 99 | # | Stops the MySQL container. 100 | # | 101 | # | On "local" environment, also stops the phpMyAdmin container. 102 | # | 103 | # | They should be stop before the Graylog containers. 104 | # | 105 | 106 | - use: mysql-down 107 | run: 108 | {{ if eq true .Orbit.Modules.mysql.enable }} 109 | - docker-compose -p {{ .Orbit.EnvFile.ENV }}{{ .Orbit.Project.name }} -f modules/mysql/docker-compose.yml down 110 | {{ else }} 111 | - echo Skipping MySQL container shutdown ... 112 | {{ end }} 113 | 114 | # |-------------------------------------------------------------------------- 115 | # | orbit run redis-down 116 | # |-------------------------------------------------------------------------- 117 | # | 118 | # | Stops the Redis container. 119 | # | 120 | # | It should be stop before the Graylog containers. 121 | # | 122 | 123 | - use: redis-down 124 | run: 125 | {{ if eq true .Orbit.Modules.redis.enable }} 126 | - docker-compose -p {{ .Orbit.EnvFile.ENV }}{{ .Orbit.Project.name }} -f modules/redis/docker-compose.yml down 127 | {{ else }} 128 | - echo Skipping Redis container shutdown ... 129 | {{ end }} 130 | 131 | # |-------------------------------------------------------------------------- 132 | # | orbit run rabbitmq-down 133 | # |-------------------------------------------------------------------------- 134 | # | 135 | # | Stops the RabbitMQ container. 136 | # | 137 | # | It should be stop after the Graylog containers. 138 | # | 139 | 140 | - use: rabbitmq-down 141 | run: 142 | {{ if eq true .Orbit.Modules.rabbitmq.enable }} 143 | - docker-compose -p {{ .Orbit.EnvFile.ENV }}{{ .Orbit.Project.name }} -f modules/rabbitmq/docker-compose.yml down 144 | {{ else }} 145 | - echo Skipping RabbitMQ container shutdown ... 146 | {{ end }} -------------------------------------------------------------------------------- /config/orbit/orbit-scripts.yml: -------------------------------------------------------------------------------- 1 | # |-------------------------------------------------------------------------- 2 | # | Scripts tasks 3 | # |-------------------------------------------------------------------------- 4 | # | 5 | # | This file describes the scripts tasks of your project. 6 | # | Feel free to add your own tasks! 7 | # | 8 | # | https://github.com/gulien/orbit/ 9 | # | 10 | 11 | tasks: 12 | 13 | # |-------------------------------------------------------------------------- 14 | # | orbit run script-fix-permissions-docker-sync 15 | # |-------------------------------------------------------------------------- 16 | # | 17 | # | Fixes "www-data" permissions issues with Docker Sync. 18 | # | 19 | 20 | - use: script-fix-permissions-docker-sync 21 | run: 22 | {{ if and (ne "windows" os) (eq "true" .Orbit.EnvFile.ENABLE_DOCKER_SYNC) }} 23 | - config/scripts/fix-permissions.sh 24 | {{ else }} 25 | - echo Skipping UID binding for "www-data" with Docker Sync ... 26 | {{ end }} 27 | 28 | # |-------------------------------------------------------------------------- 29 | # | orbit run script-fix-permissions-nginx 30 | # |-------------------------------------------------------------------------- 31 | # | 32 | # | Fixes "www-data" permissions issues in the NGINX container. 33 | # | 34 | 35 | - use: script-fix-permissions-nginx 36 | run: 37 | {{ if ne "windows" os }} 38 | - config/scripts/fix-permissions.sh NGINX 39 | {{ else }} 40 | - echo Skipping UID binding for "www-data" user in the NGINX container ... 41 | {{ end }} 42 | 43 | # |-------------------------------------------------------------------------- 44 | # | orbit run script-fix-permissions-php-fpm 45 | # |-------------------------------------------------------------------------- 46 | # | 47 | # | Fixes "www-data" permissions issues in the PHP-FPM container. 48 | # | 49 | 50 | - use: script-fix-permissions-php-fpm 51 | run: 52 | {{ if ne "windows" os }} 53 | - config/scripts/fix-permissions.sh PHP-FPM 54 | {{ else }} 55 | - echo Skipping UID binding for "www-data" user in the PHP-FPM container ... 56 | {{ end }} 57 | 58 | # |-------------------------------------------------------------------------- 59 | # | orbit run script-traefik-self-signed-certificate 60 | # |-------------------------------------------------------------------------- 61 | # | 62 | # | Generates the self-signed certificate if current environment is "local". 63 | # | 64 | 65 | - use: script-traefik-self-signed-certificate 66 | run: 67 | - docker-compose -p {{ .Orbit.EnvFile.ENV }}{{ .Orbit.Project.name }} -f modules/toolbox/docker-compose.yml run --rm toolbox /bin/sh -c /scripts/traefik-self-signed-certificate.sh 68 | 69 | # |-------------------------------------------------------------------------- 70 | # | orbit run script-traefik-htdigest 71 | # |-------------------------------------------------------------------------- 72 | # | 73 | # | Generates the .htdigest file which is used to authenticate on the Traefik 74 | # | dashboard. 75 | # | 76 | # | Only for environments <> "local". 77 | # | 78 | 79 | - use: script-traefik-htdigest 80 | run: 81 | - docker-compose -p {{ .Orbit.EnvFile.ENV }}{{ .Orbit.Project.name }} -f modules/toolbox/docker-compose.yml run --rm toolbox /bin/sh -c /scripts/traefik-htdigest.sh 82 | 83 | # |-------------------------------------------------------------------------- 84 | # | orbit run script-graylog-secrets 85 | # |-------------------------------------------------------------------------- 86 | # | 87 | # | Generates Graylog secrets. 88 | # | 89 | 90 | - use: script-graylog-secrets 91 | run: 92 | - docker-compose -p {{ .Orbit.EnvFile.ENV }}{{ .Orbit.Project.name }} -f modules/toolbox/docker-compose.yml run --rm toolbox /bin/sh -c /scripts/graylog-secrets.sh -------------------------------------------------------------------------------- /config/orbit/orbit-up.yml: -------------------------------------------------------------------------------- 1 | # |-------------------------------------------------------------------------- 2 | # | Up tasks 3 | # |-------------------------------------------------------------------------- 4 | # | 5 | # | This file describes the up tasks of your project. 6 | # | Feel free to add your own tasks! 7 | # | 8 | # | https://github.com/gulien/orbit/ 9 | # | 10 | 11 | tasks: 12 | 13 | # |-------------------------------------------------------------------------- 14 | # | orbit run docker-sync-up 15 | # |-------------------------------------------------------------------------- 16 | # | 17 | # | Starts Docker Sync. 18 | # | 19 | 20 | - use: docker-sync-up 21 | run: 22 | {{ if eq "true" .Orbit.EnvFile.ENABLE_DOCKER_SYNC }} 23 | - docker-sync start 24 | {{ else }} 25 | - echo Skipping Docker Sync startup ... 26 | {{ end }} 27 | 28 | # |-------------------------------------------------------------------------- 29 | # | orbit run traefik-up 30 | # |-------------------------------------------------------------------------- 31 | # | 32 | # | Starts the Traefik container. 33 | # | 34 | # | It should be the first to start. 35 | # | 36 | 37 | - use: traefik-up 38 | run: 39 | - docker-compose -p kickoff -f modules/traefik/docker-compose.yml up -d 40 | 41 | # |-------------------------------------------------------------------------- 42 | # | orbit run graylog-up 43 | # |-------------------------------------------------------------------------- 44 | # | 45 | # | Starts the Graylog containers. 46 | # | 47 | # | They should be start after the Traefik container. 48 | # | 49 | 50 | - use: graylog-up 51 | run: 52 | {{ if eq true .Orbit.Modules.graylog.enable }} 53 | - docker-compose -p {{ .Orbit.EnvFile.ENV }}{{ .Orbit.Project.name }} -f modules/graylog/docker-compose.yml up -d 54 | - docker-compose -p {{ .Orbit.EnvFile.ENV }}{{ .Orbit.Project.name }} -f modules/toolbox/docker-compose.yml run --rm toolbox /bin/sh -c "/scripts/health-check.sh Graylog graylog-server 9000" 55 | {{ else }} 56 | - echo Skipping Graylog containers startup ... 57 | {{ end }} 58 | 59 | # |-------------------------------------------------------------------------- 60 | # | orbit run php-fpm-up 61 | # |-------------------------------------------------------------------------- 62 | # | 63 | # | Starts the PHP-FPM container. 64 | # | 65 | # | It should be start after the Graylog containers. 66 | # | 67 | 68 | - use: php-fpm-up 69 | run: 70 | - docker-compose -p {{ .Orbit.EnvFile.ENV }}{{ .Orbit.Project.name }} -f modules/php-fpm/docker-compose.yml up -d 71 | - docker-compose -p {{ .Orbit.EnvFile.ENV }}{{ .Orbit.Project.name }} -f modules/toolbox/docker-compose.yml run --rm toolbox /bin/sh -c "/scripts/health-check.sh PHP-FPM php-fpm 9000" 72 | 73 | 74 | # |-------------------------------------------------------------------------- 75 | # | orbit run nginx-up 76 | # |-------------------------------------------------------------------------- 77 | # | 78 | # | Starts the NGINX container. 79 | # | 80 | # | It should be start after the Graylog and PHP-FPM containers. 81 | # | 82 | 83 | - use: nginx-up 84 | run: 85 | - docker-compose -p {{ .Orbit.EnvFile.ENV }}{{ .Orbit.Project.name }} -f modules/nginx/docker-compose.yml up -d 86 | - docker-compose -p {{ .Orbit.EnvFile.ENV }}{{ .Orbit.Project.name }} -f modules/toolbox/docker-compose.yml run --rm toolbox /bin/sh -c "/scripts/health-check.sh NGINX nginx 80" 87 | 88 | # |-------------------------------------------------------------------------- 89 | # | orbit run mysql-up 90 | # |-------------------------------------------------------------------------- 91 | # | 92 | # | Starts the MySQL container. 93 | # | 94 | # | On "local" environment, also starts the phpMyAdmin container. 95 | # | 96 | # | They should be start after the Graylog containers. 97 | # | 98 | 99 | - use: mysql-up 100 | run: 101 | {{ if eq true .Orbit.Modules.mysql.enable }} 102 | - docker-compose -p {{ .Orbit.EnvFile.ENV }}{{ .Orbit.Project.name }} -f modules/mysql/docker-compose.yml up -d 103 | - docker-compose -p {{ .Orbit.EnvFile.ENV }}{{ .Orbit.Project.name }} -f modules/toolbox/docker-compose.yml run --rm toolbox /bin/sh -c "/scripts/health-check.sh MySQL mysql 3306" 104 | {{ if eq "local" .Orbit.EnvFile.ENV }} 105 | - docker-compose -p {{ .Orbit.EnvFile.ENV }}{{ .Orbit.Project.name }} -f modules/toolbox/docker-compose.yml run --rm toolbox /bin/sh -c "/scripts/health-check.sh phpMyAdmin phpmyadmin 80" 106 | {{ end }} 107 | {{ else }} 108 | - echo Skipping MySQL container startup ... 109 | {{ end }} 110 | 111 | # |-------------------------------------------------------------------------- 112 | # | orbit run redis-up 113 | # |-------------------------------------------------------------------------- 114 | # | 115 | # | Starts the Redis container. 116 | # | 117 | # | It should be start after the Graylog containers. 118 | # | 119 | 120 | - use: redis-up 121 | run: 122 | {{ if eq true .Orbit.Modules.redis.enable }} 123 | - docker-compose -p {{ .Orbit.EnvFile.ENV }}{{ .Orbit.Project.name }} -f modules/redis/docker-compose.yml up -d 124 | - docker-compose -p {{ .Orbit.EnvFile.ENV }}{{ .Orbit.Project.name }} -f modules/toolbox/docker-compose.yml run --rm toolbox /bin/sh -c "/scripts/health-check.sh Redis redis 6379" 125 | {{ else }} 126 | - echo Skipping Redis container startup ... 127 | {{ end }} 128 | 129 | # |-------------------------------------------------------------------------- 130 | # | orbit run rabbitmq-up 131 | # |-------------------------------------------------------------------------- 132 | # | 133 | # | Starts the RabbitMQ container. 134 | # | 135 | # | It should be start after the Graylog containers. 136 | # | 137 | 138 | - use: rabbitmq-up 139 | run: 140 | {{ if eq true .Orbit.Modules.rabbitmq.enable }} 141 | - docker-compose -p {{ .Orbit.EnvFile.ENV }}{{ .Orbit.Project.name }} -f modules/rabbitmq/docker-compose.yml up -d 142 | - docker-compose -p {{ .Orbit.EnvFile.ENV }}{{ .Orbit.Project.name }} -f modules/toolbox/docker-compose.yml run --rm toolbox /bin/sh -c "/scripts/health-check.sh RabbitMQ rabbitmq 15672" 143 | {{ else }} 144 | - echo Skipping RabbitMQ container startup ... 145 | {{ end }} -------------------------------------------------------------------------------- /config/orbit/whale.txt: -------------------------------------------------------------------------------- 1 | 2 | < {{ .Orbit.Notification }} > 3 | \\ 4 | ## . 5 | ## ## ## == 6 | ## ## ## ## ## === 7 | /"""""""""""""""""\___/ === 8 | ~~~ {~~ ~~~~ ~~~ ~~~~ ~~~ ~ / ===- ~~~ 9 | \______ o __/ 10 | \ \ __/ 11 | \____\_______/ 12 | -------------------------------------------------------------------------------- /config/project.yml: -------------------------------------------------------------------------------- 1 | # |-------------------------------------------------------------------------- 2 | # | Project name 3 | # |-------------------------------------------------------------------------- 4 | # | 5 | # | Its the main identifier of your project. It will be used to name many 6 | # | variables which will be useful to help identifying your project among 7 | # | others Docker projects. 8 | # | 9 | # | Caution: use only alphabetical character 10 | # | 11 | 12 | name: myawesomeproject 13 | 14 | # |-------------------------------------------------------------------------- 15 | # | Project base virtual host 16 | # |-------------------------------------------------------------------------- 17 | # | 18 | # | The base virtual host of your project according to your environments. 19 | # | 20 | # | The following URLs will be available: 21 | # | - {virtualhost}, www.{virtualhost}: the URLs of your PHP application. 22 | # | - traefik.{virtualhost}: the URL of the Traefik dashboard. 23 | # | - graylog.{virtualhost}: the URL of the Graylog dashboard. 24 | # | - rabbitmq.{virtualhost}: the URL of the RabbitMQ dashboard. 25 | # | - phpadmin.{virtualhost} : the URL of the phpMyAdmin dashboard. 26 | # | 27 | # | The later will only be available on your "local" environment. 28 | # | Also, don't forget to update your "hosts" file with the previous URLs. 29 | # | If you don't want to update your "hosts" file, set the "local" virtual 30 | # | host with your-virtualhost.127.0.0.1.xip.io! 31 | # | 32 | 33 | virtualhost: 34 | local: my-awesome-project.local 35 | test: my-awesome-project.local 36 | staging: my-awesome-project.com 37 | production: my-awesome-project.com -------------------------------------------------------------------------------- /config/scripts/fix-permissions.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"; 4 | ROOT=${DIR}/../..; 5 | 6 | sedi() 7 | { 8 | sed --version >/dev/null 2>&1 && sed -i -- "$@" || sed -i "" "$@"; 9 | } 10 | 11 | # permissions issues workaround 12 | NEW_UID=$(id -u); 13 | 14 | if [ "$1" == "NGINX" ]; then 15 | echo "Setting UID ($NEW_UID) to \"www-data\" user in $1 container ..."; 16 | sedi "s/\${UID}/$NEW_UID/g" "${ROOT}/modules/nginx/docker-compose.yml"; 17 | elif [ "$1" == "PHP-FPM" ]; then 18 | echo "Setting UID ($NEW_UID) to \"www-data\" user in $1 container ..."; 19 | sedi "s/\${UID}/$NEW_UID/g" "${ROOT}/modules/php-fpm/docker-compose.yml"; 20 | else 21 | echo "Setting UID ($NEW_UID) to \"www-data\" user in Docker Sync configuration file ..."; 22 | sedi "s/\${UID}/$NEW_UID/g" "${ROOT}/docker-sync.yml"; 23 | fi; 24 | 25 | exit 0; -------------------------------------------------------------------------------- /docker-sync.blueprint.yml: -------------------------------------------------------------------------------- 1 | version: "2" 2 | 3 | options: 4 | verbose: false 5 | 6 | syncs: 7 | {{ .Orbit.EnvFile.ENV }}{{ .Orbit.Project.name }}_sync_app: 8 | src: './{{ .Orbit.EnvFile.DIR }}/' 9 | sync_userid: ${UID} 10 | sync_strategy: {{ if eq "darwin" os }}'native_osx'{{ else }}'unison'{{ end }} 11 | sync_excludes: ['.idea'] -------------------------------------------------------------------------------- /modules/graylog/.gitignore: -------------------------------------------------------------------------------- 1 | docker-compose.yml 2 | udp-input.json -------------------------------------------------------------------------------- /modules/graylog/docker-compose.blueprint.yml: -------------------------------------------------------------------------------- 1 | {{- $virtualhost := index (pick .Orbit.Project.virtualhost .Orbit.EnvFile.ENV) .Orbit.EnvFile.ENV -}} 2 | version: '3.3' 3 | 4 | 5 | services: 6 | 7 | 8 | graylog-mongo: 9 | image: mongo:3.6.1-jessie 10 | container_name: {{ .Orbit.EnvFile.ENV }}{{ .Orbit.Project.name }}-graylog-mongo 11 | restart: "no" 12 | networks: 13 | - backend 14 | labels: 15 | - traefik.enable=false 16 | volumes: 17 | - graylog_mongo_data:/data/db 18 | 19 | 20 | graylog-elasticsearch: 21 | image: elasticsearch:2.4.5-alpine 22 | container_name: {{ .Orbit.EnvFile.ENV }}{{ .Orbit.Project.name }}-graylog-elasticsearch 23 | restart: "no" 24 | command: elasticsearch -Des.cluster.name='graylog' 25 | networks: 26 | - backend 27 | environment: 28 | - ES_JAVA_OPTS={{ .Orbit.EnvFile.GRAYLOG_ES_JAVA_OPTS }} 29 | labels: 30 | - traefik.enable=false 31 | volumes: 32 | - graylog_elasticsearch_data:/usr/share/elasticsearch/data 33 | 34 | 35 | graylog-server: 36 | image: graylog2/server:2.4.3-1 37 | container_name: {{ .Orbit.EnvFile.ENV }}{{ .Orbit.Project.name }}-graylog 38 | restart: "no" 39 | networks: 40 | - proxy 41 | - backend 42 | ports: 43 | - "{{ .Orbit.EnvFile.GRAYLOG_PORT }}:{{ .Orbit.EnvFile.GRAYLOG_PORT }}/udp" 44 | environment: 45 | - GRAYLOG_ROOT_USERNAME={{ .Orbit.Modules.graylog.user }} 46 | {{- if eq "true" .Orbit.EnvFile.TRAEFIK_PREFIX }} 47 | - GRAYLOG_WEB_ENDPOINT_URI=https://graylog-{{ .Orbit.EnvFile.ENV }}.{{ $virtualhost }}/api/ 48 | {{- else }} 49 | - GRAYLOG_WEB_ENDPOINT_URI=https://graylog.{{ $virtualhost }}/api/ 50 | {{- end }} 51 | - GRAYLOG_MONGODB_URI=mongodb://graylog-mongo/graylog 52 | - GRAYLOG_ELASTICSEARCH_HOSTS=http://graylog-elasticsearch:9200 53 | - GRAYLOG_CONTENT_PACKS_AUTO_LOAD=udp-input.json 54 | - GRAYLOG_CONTENT_PACKS_LOADER_ENABLED=true 55 | - GRAYLOG_CONTENT_PACKS_DIR=data/contentpacks 56 | - GRAYLOG_SERVER_JAVA_OPTS={{ .Orbit.EnvFile.GRAYLOG_SERVER_JAVA_OPTS }} 57 | env_file: ../toolbox/generated/graylog/.env 58 | labels: 59 | - traefik.backend={{ .Orbit.EnvFile.ENV }}-{{ .Orbit.Project.name }}-graylog 60 | {{- if eq "true" .Orbit.EnvFile.TRAEFIK_PREFIX }} 61 | - traefik.frontend.rule=Host:graylog-{{ .Orbit.EnvFile.ENV }}.{{ $virtualhost }} 62 | {{- else }} 63 | - traefik.frontend.rule=Host:graylog.{{ $virtualhost }} 64 | {{- end }} 65 | - traefik.port=9000 66 | - traefik.docker.network=kickoff_proxy 67 | volumes: 68 | - graylog_server_data:/usr/share/graylog/data/journal 69 | - ./udp-input.json:/usr/share/graylog/data/contentpacks/udp-input.json:ro 70 | 71 | 72 | volumes: 73 | 74 | 75 | graylog_mongo_data: 76 | driver: local 77 | 78 | 79 | graylog_elasticsearch_data: 80 | driver: local 81 | 82 | 83 | graylog_server_data: 84 | driver: local 85 | 86 | 87 | networks: 88 | 89 | 90 | proxy: 91 | external: 92 | name: kickoff_proxy 93 | 94 | 95 | backend: 96 | external: 97 | name: {{ .Orbit.EnvFile.ENV }}{{ .Orbit.Project.name }}_backend -------------------------------------------------------------------------------- /modules/graylog/udp-input.blueprint.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "UDP GELF input on {{ .Orbit.EnvFile.GRAYLOG_PORT }}", 3 | "description": "Adds a global UDP GELF input on port {{ .Orbit.EnvFile.GRAYLOG_PORT }}", 4 | "category": "Inputs", 5 | "inputs": [ 6 | { 7 | "title": "udp input", 8 | "configuration": { 9 | "override_source": null, 10 | "recv_buffer_size": 262144, 11 | "bind_address": "0.0.0.0", 12 | "port": {{ .Orbit.EnvFile.GRAYLOG_PORT }}, 13 | "decompress_size_limit": 8388608 14 | }, 15 | "static_fields": {}, 16 | "type": "org.graylog2.inputs.gelf.udp.GELFUDPInput", 17 | "global": true, 18 | "extractors": [] 19 | } 20 | ], 21 | "streams": [], 22 | "outputs": [], 23 | "dashboards": [], 24 | "grok_patterns": [] 25 | } -------------------------------------------------------------------------------- /modules/mysql/.gitignore: -------------------------------------------------------------------------------- 1 | docker-entrypoint-initdb.d/databases.sql 2 | secrets/mysql_password.txt 3 | secrets/mysql_root_password.txt 4 | docker-compose.yml -------------------------------------------------------------------------------- /modules/mysql/conf.d/utf8mb4.cnf: -------------------------------------------------------------------------------- 1 | [client] 2 | default-character-set = utf8mb4 3 | 4 | [mysql] 5 | default-character-set = utf8mb4 6 | 7 | [mysqld] 8 | character-set-client-handshake = FALSE 9 | character-set-server = utf8mb4 10 | collation-server = utf8mb4_unicode_ci -------------------------------------------------------------------------------- /modules/mysql/docker-compose.blueprint.yml: -------------------------------------------------------------------------------- 1 | {{- $virtualhost := index (pick .Orbit.Project.virtualhost .Orbit.EnvFile.ENV) .Orbit.EnvFile.ENV -}} 2 | version: '3.3' 3 | 4 | 5 | services: 6 | 7 | 8 | mysql: 9 | image: mysql:5.7.21 10 | container_name: {{ .Orbit.EnvFile.ENV }}-{{ .Orbit.Project.name }}-mysql 11 | restart: {{ if and (ne "local" .Orbit.EnvFile.ENV) (eq false .Orbit.Modules.graylog.enable) }}unless-stopped{{ else }}"no"{{ end }} 12 | networks: 13 | - backend 14 | {{- if eq "true" .Orbit.EnvFile.MYSQL_ENABLE_PORTS_MAPPING }} 15 | ports: 16 | - "{{ .Orbit.EnvFile.MYSQL_HOST_PORT_TO_MAP }}:3306" 17 | {{- end }} 18 | environment: 19 | - MYSQL_USER={{ .Orbit.Modules.mysql.user }} 20 | - MYSQL_PASSWORD_FILE=/run/secrets/mysql_password 21 | - MYSQL_ROOT_PASSWORD_FILE=/run/secrets/mysql_root_password 22 | secrets: 23 | - mysql_password 24 | - mysql_root_password 25 | labels: 26 | - traefik.enable=false 27 | volumes: 28 | - mysql_data:/var/lib/mysql 29 | - ./conf.d/utf8mb4.cnf:/etc/mysql/conf.d/utf8mb4.cnf:ro 30 | - ./docker-entrypoint-initdb.d/databases.sql:/docker-entrypoint-initdb.d/databases.sql:ro 31 | {{- if eq true .Orbit.Modules.graylog.enable }} 32 | logging: 33 | driver: gelf 34 | options: 35 | gelf-address: udp://localhost:{{ .Orbit.EnvFile.GRAYLOG_PORT }} 36 | {{ end }} 37 | {{ if eq "local" .Orbit.EnvFile.ENV }} 38 | phpmyadmin: 39 | image: phpmyadmin/phpmyadmin:4.7.7-1 40 | container_name: {{ .Orbit.EnvFile.ENV }}-{{ .Orbit.Project.name }}-phpmyadmin 41 | restart: "no" 42 | networks: 43 | - proxy 44 | - backend 45 | environment: 46 | - PMA_HOST=mysql 47 | - PMA_USER=root 48 | - PMA_PASSWORD={{ .Orbit.EnvFile.MYSQL_ROOT_PASSWORD }} 49 | labels: 50 | - traefik.backend={{ .Orbit.EnvFile.ENV }}-{{ .Orbit.Project.name }}-phpmyadmin 51 | {{- if eq "true" .Orbit.EnvFile.TRAEFIK_PREFIX }} 52 | - traefik.frontend.rule=Host:phpadmin-{{ .Orbit.EnvFile.ENV }}.{{ $virtualhost }} 53 | {{- else }} 54 | - traefik.frontend.rule=Host:phpadmin.{{ $virtualhost }} 55 | {{- end }} 56 | - traefik.docker.network=kickoff_proxy 57 | volumes: 58 | - phpmyadmin_data:/sessions 59 | {{- if eq true .Orbit.Modules.graylog.enable }} 60 | logging: 61 | driver: gelf 62 | options: 63 | gelf-address: udp://localhost:{{ .Orbit.EnvFile.GRAYLOG_PORT }} 64 | {{ end }} 65 | {{ end }} 66 | networks: 67 | 68 | 69 | proxy: 70 | external: 71 | name: kickoff_proxy 72 | 73 | 74 | backend: 75 | external: 76 | name: {{ .Orbit.EnvFile.ENV }}{{ .Orbit.Project.name }}_backend 77 | 78 | 79 | secrets: 80 | 81 | 82 | mysql_password: 83 | file: ./secrets/mysql_password.txt 84 | 85 | 86 | mysql_root_password: 87 | file: ./secrets/mysql_root_password.txt 88 | 89 | 90 | volumes: 91 | 92 | 93 | mysql_data: 94 | driver: local 95 | 96 | {{ if eq "local" .Orbit.EnvFile.ENV }} 97 | phpmyadmin_data: 98 | driver: local 99 | {{ end }} -------------------------------------------------------------------------------- /modules/mysql/docker-entrypoint-initdb.d/databases.blueprint.sql: -------------------------------------------------------------------------------- 1 | {{- range $database := .Orbit.Modules.mysql.databases }} 2 | CREATE DATABASE IF NOT EXISTS `{{ $database }}` ; 3 | GRANT ALL ON `{{ $database }}`.* TO '{{ $.Orbit.Modules.mysql.user }}'@'%' ; 4 | {{- end }} 5 | FLUSH PRIVILEGES ; -------------------------------------------------------------------------------- /modules/mysql/secrets/mysql_password.blueprint.txt: -------------------------------------------------------------------------------- 1 | {{ .Orbit.EnvFile.MYSQL_PASSWORD }} -------------------------------------------------------------------------------- /modules/mysql/secrets/mysql_root_password.blueprint.txt: -------------------------------------------------------------------------------- 1 | {{ .Orbit.EnvFile.MYSQL_ROOT_PASSWORD }} -------------------------------------------------------------------------------- /modules/nginx/.gitignore: -------------------------------------------------------------------------------- 1 | docker-compose.yml -------------------------------------------------------------------------------- /modules/nginx/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM nginx:1.12.2-alpine 2 | 3 | # |-------------------------------------------------------------------------- 4 | # | Permissions issues workaround 5 | # |-------------------------------------------------------------------------- 6 | # | 7 | # | On Linux and Mac, the UID arg will be set with the UID of the 8 | # | current user from the host. 9 | # | 10 | 11 | # 82 is the standard uid/gid for "www-data" in Alpine 12 | ARG UID=82 13 | 14 | RUN addgroup -g 82 -S www-data &&\ 15 | adduser -u $UID -D -S -G www-data www-data &&\ 16 | rm /etc/nginx/conf.d/default.conf -------------------------------------------------------------------------------- /modules/nginx/conf.d/php-fpm.conf: -------------------------------------------------------------------------------- 1 | server { 2 | listen 80; 3 | server_name _; 4 | charset utf-8; 5 | 6 | root /var/www/html/; 7 | index index.html index.php; 8 | 9 | # Uploads to 100M 10 | client_max_body_size 100m; 11 | 12 | location / { 13 | try_files $uri $uri/ /index.php?_url=$uri; 14 | } 15 | 16 | ## Begin - Security 17 | 18 | # don't send the nginx version number in error pages and Server header 19 | server_tokens off; 20 | 21 | add_header X-Content-Type-Options nosniff; 22 | add_header X-XSS-Protection "1; mode=block"; 23 | add_header X-Frame-Options SAMEORIGIN; 24 | add_header Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data: ; style-src 'self' fonts.googleapis.com 'unsafe-inline' 'unsafe-eval'; font-src 'self' fonts.googleapis.com fonts.gstatic.com; child-src 'none'; object-src 'self'; connect-src 'self'"; 25 | 26 | # deny all direct access for these folders 27 | location ~* /(.git|cache|bin|logs|backup|tests)/.*$ { return 403; } 28 | # deny running scripts inside vendor folder 29 | location ~* /(vendor)/.*\.(txt|xml|md|html|yaml|php|pl|py|cgi|twig|sh|bat)$ { return 403; } 30 | # deny access to specific files in the root folder 31 | location ~ /(LICENSE.txt|composer.lock|composer.json|nginx.conf|web.config|htaccess.txt|\.htaccess) { return 403; } 32 | ## End - Security 33 | 34 | ## Begin - PHP 35 | location ~ \.php$ { 36 | fastcgi_pass php-fpm:9000; 37 | fastcgi_split_path_info ^(.+\.php)(/.+)$; 38 | fastcgi_index index.php; 39 | include fastcgi_params; 40 | fastcgi_param SCRIPT_FILENAME $document_root/$fastcgi_script_name; 41 | } 42 | ## End - PHP 43 | 44 | location ~* ^.+\.(ico|js|gif|jpg|jpeg|png|bmp)$ { 45 | expires 30d; 46 | } 47 | } -------------------------------------------------------------------------------- /modules/nginx/docker-compose.blueprint.yml: -------------------------------------------------------------------------------- 1 | {{- $virtualhost := index (pick .Orbit.Project.virtualhost .Orbit.EnvFile.ENV) .Orbit.EnvFile.ENV -}} 2 | version: '3.3' 3 | 4 | 5 | services: 6 | 7 | 8 | nginx: 9 | build: 10 | context: . 11 | args: 12 | - UID={{ if ne "windows" os }}${UID}{{ else }}82{{ end }} 13 | container_name: {{ .Orbit.EnvFile.ENV }}-{{ .Orbit.Project.name }}-nginx 14 | restart: {{ if and (ne "local" .Orbit.EnvFile.ENV) (eq false .Orbit.Modules.graylog.enable) }}unless-stopped{{ else }}"no"{{ end }} 15 | labels: 16 | - traefik.backend={{ .Orbit.EnvFile.ENV }}-{{ .Orbit.Project.name }}-nginx 17 | {{- if eq "true" .Orbit.EnvFile.TRAEFIK_PREFIX }} 18 | - traefik.frontend.rule=Host:{{ .Orbit.EnvFile.ENV }}.{{ $virtualhost }},www-{{ .Orbit.EnvFile.ENV }}.{{ $virtualhost }} 19 | {{- else }} 20 | - traefik.frontend.rule=Host:{{ $virtualhost }},www.{{ $virtualhost }} 21 | {{- end }} 22 | - traefik.docker.network=kickoff_proxy 23 | networks: 24 | - proxy 25 | - backend 26 | volumes: 27 | {{- if eq "true" .Orbit.EnvFile.ENABLE_DOCKER_SYNC }} 28 | - {{ .Orbit.EnvFile.ENV }}{{ .Orbit.Project.name }}_sync_app:/var/www/html:nocopy 29 | {{- else }} 30 | - ../../{{ .Orbit.EnvFile.DIR }}:/var/www/html:{{ if eq "darwin" os }}cached{{ else }}ro{{ end }} 31 | {{- end }} 32 | - ./conf.d/php-fpm.conf:/etc/nginx/conf.d/php-fpm.conf:ro 33 | {{- if eq true .Orbit.Modules.graylog.enable }} 34 | logging: 35 | driver: gelf 36 | options: 37 | gelf-address: udp://localhost:{{ .Orbit.EnvFile.GRAYLOG_PORT }} 38 | {{ end }} 39 | 40 | networks: 41 | 42 | 43 | proxy: 44 | external: 45 | name: kickoff_proxy 46 | 47 | 48 | backend: 49 | external: 50 | name: {{ .Orbit.EnvFile.ENV }}{{ .Orbit.Project.name }}_backend 51 | 52 | {{ if eq "true" .Orbit.EnvFile.ENABLE_DOCKER_SYNC }} 53 | volumes: 54 | 55 | 56 | {{ .Orbit.EnvFile.ENV }}{{ .Orbit.Project.name }}_sync_app: 57 | external: true 58 | {{- end }} -------------------------------------------------------------------------------- /modules/php-fpm/.gitignore: -------------------------------------------------------------------------------- 1 | conf.d/memory-limit.ini 2 | php-fpm.d/memory-limit.conf 3 | php-fpm.d/security.conf 4 | docker-compose.yml -------------------------------------------------------------------------------- /modules/php-fpm/conf.d/memory-limit.blueprint.ini: -------------------------------------------------------------------------------- 1 | [memory] 2 | 3 | memory_limit={{ .Orbit.EnvFile.PHP_MEMORY_LIMIT }} -------------------------------------------------------------------------------- /modules/php-fpm/docker-compose.blueprint.yml: -------------------------------------------------------------------------------- 1 | version: '3.3' 2 | 3 | 4 | services: 5 | 6 | 7 | php-fpm: 8 | image: gulnap/kickoff-docker-php-images:php-fpm-7.2.1-v2.4.0 9 | container_name: {{ .Orbit.EnvFile.ENV }}-{{ .Orbit.Project.name }}-php-fpm 10 | restart: {{ if and (ne "local" .Orbit.EnvFile.ENV) (eq false .Orbit.Modules.graylog.enable) }}unless-stopped{{ else }}"no"{{ end }} 11 | entrypoint: /usr/local/bin/docker-entrypoint.sh 12 | networks: 13 | - backend 14 | environment: 15 | - UID={{ if ne "windows" os }}${UID}{{ else }}82{{ end }} 16 | - XDEBUG_ENABLED={{ .Orbit.EnvFile.XDEBUG_ENABLED }} 17 | {{- if eq "true" .Orbit.EnvFile.XDEBUG_ENABLED }} 18 | - XDEBUG_REMOTE_HOST={{ .Orbit.EnvFile.XDEBUG_REMOTE_HOST }} 19 | {{- end }} 20 | labels: 21 | - traefik.enable=false 22 | volumes: 23 | {{- if eq "true" .Orbit.EnvFile.ENABLE_DOCKER_SYNC }} 24 | - {{ .Orbit.EnvFile.ENV }}{{ .Orbit.Project.name }}_sync_app:/var/www/html:nocopy 25 | {{- else }} 26 | - ../../{{ .Orbit.EnvFile.DIR }}:/var/www/html:{{ if eq "darwin" os }}cached{{ else }}rw{{ end }} 27 | {{- end }} 28 | - ./docker-entrypoint.sh:/usr/local/bin/docker-entrypoint.sh:ro 29 | - ./conf.d/memory-limit.ini:/usr/local/etc/php/conf.d/memory-limit.ini:ro 30 | - ./php-fpm.d/memory-limit.conf:/usr/local/etc/php-fpm.d/memory-limit.conf:ro 31 | - ./php-fpm.d/security.conf:/usr/local/etc/php-fpm.d/security.conf:ro 32 | - ./php-fpm.d/uploads.conf:/usr/local/etc/php-fpm.d/uploads.conf:ro 33 | {{- if eq true .Orbit.Modules.graylog.enable }} 34 | logging: 35 | driver: gelf 36 | options: 37 | gelf-address: udp://localhost:{{ .Orbit.EnvFile.GRAYLOG_PORT }} 38 | {{ end }} 39 | 40 | networks: 41 | 42 | backend: 43 | external: 44 | name: {{ .Orbit.EnvFile.ENV }}{{ .Orbit.Project.name }}_backend 45 | 46 | {{ if eq "true" .Orbit.EnvFile.ENABLE_DOCKER_SYNC }} 47 | volumes: 48 | 49 | 50 | {{ .Orbit.EnvFile.ENV }}{{ .Orbit.Project.name }}_sync_app: 51 | external: true 52 | {{- end }} -------------------------------------------------------------------------------- /modules/php-fpm/docker-entrypoint.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | sedi() 4 | { 5 | sed --version >/dev/null 2>&1 && sed -i -- "$@" || sed -i "" "$@"; 6 | } 7 | 8 | usermod -u $UID www-data; 9 | chown -R www-data:www-data /var/www/html; 10 | 11 | if [ "$XDEBUG_ENABLED" == "false" ]; then 12 | sedi "s/\zend_extension/;zend_extension/g" /usr/local/etc/php/conf.d/docker-php-ext-xdebug.ini; 13 | else 14 | export XDEBUG_CONFIG="remote_host=$XDEBUG_REMOTE_HOST"; 15 | fi; 16 | 17 | exec php-fpm; -------------------------------------------------------------------------------- /modules/php-fpm/php-fpm.d/memory-limit.blueprint.conf: -------------------------------------------------------------------------------- 1 | [www] 2 | 3 | php_admin_value[memory_limit]={{ .Orbit.EnvFile.PHP_FPM_MEMORY_LIMIT }} -------------------------------------------------------------------------------- /modules/php-fpm/php-fpm.d/security.blueprint.conf: -------------------------------------------------------------------------------- 1 | [www] 2 | 3 | php_admin_flag[display_errors]={{ if eq "local" .Orbit.EnvFile.ENV }}true{{ else }}false{{ end }} 4 | php_admin_flag[expose_php]=off 5 | -------------------------------------------------------------------------------- /modules/php-fpm/php-fpm.d/uploads.conf: -------------------------------------------------------------------------------- 1 | [www] 2 | 3 | php_admin_value[post_max_size]=40M 4 | php_admin_value[upload_max_filesize]=40M -------------------------------------------------------------------------------- /modules/rabbitmq/.gitignore: -------------------------------------------------------------------------------- 1 | docker-compose.yml -------------------------------------------------------------------------------- /modules/rabbitmq/docker-compose.blueprint.yml: -------------------------------------------------------------------------------- 1 | {{- $virtualhost := index (pick .Orbit.Project.virtualhost .Orbit.EnvFile.ENV) .Orbit.EnvFile.ENV -}} 2 | version: '3.3' 3 | 4 | 5 | services: 6 | 7 | 8 | rabbitmq: 9 | image: rabbitmq:3.7.2-management-alpine 10 | container_name: {{ .Orbit.EnvFile.ENV }}-{{ .Orbit.Project.name }}-rabbitmq 11 | restart: {{ if and (ne "local" .Orbit.EnvFile.ENV) (eq false .Orbit.Modules.graylog.enable) }}unless-stopped{{ else }}"no"{{ end }} 12 | hostname: rabbitmq 13 | networks: 14 | - proxy 15 | - backend 16 | environment: 17 | - RABBITMQ_DEFAULT_USER={{ .Orbit.Modules.rabbitmq.user }} 18 | - RABBITMQ_DEFAULT_PASS={{ .Orbit.EnvFile.RABBITMQ_PASSWORD }} 19 | labels: 20 | - traefik.backend={{ .Orbit.EnvFile.ENV }}-{{ .Orbit.Project.name }}-rabbitmq 21 | {{- if eq "true" .Orbit.EnvFile.TRAEFIK_PREFIX }} 22 | - traefik.frontend.rule=Host:rabbitmq-{{ .Orbit.EnvFile.ENV }}.{{ $virtualhost }} 23 | {{- else }} 24 | - traefik.frontend.rule=Host:rabbitmq.{{ $virtualhost }} 25 | {{- end }} 26 | - traefik.port=15672 27 | - traefik.docker.network=kickoff_proxy 28 | volumes: 29 | - rabbitmq_data:/var/lib/rabbitmq 30 | {{- if eq true .Orbit.Modules.graylog.enable }} 31 | logging: 32 | driver: gelf 33 | options: 34 | gelf-address: udp://localhost:{{ .Orbit.EnvFile.GRAYLOG_PORT }} 35 | {{ end }} 36 | 37 | networks: 38 | 39 | proxy: 40 | external: 41 | name: kickoff_proxy 42 | 43 | backend: 44 | external: 45 | name: {{ .Orbit.EnvFile.ENV }}{{ .Orbit.Project.name }}_backend 46 | 47 | 48 | volumes: 49 | 50 | 51 | rabbitmq_data: 52 | driver: local -------------------------------------------------------------------------------- /modules/redis/.gitignore: -------------------------------------------------------------------------------- 1 | docker-compose.yml -------------------------------------------------------------------------------- /modules/redis/docker-compose.blueprint.yml: -------------------------------------------------------------------------------- 1 | version: '3.3' 2 | 3 | 4 | services: 5 | 6 | 7 | redis: 8 | image: redis:3.2.11-alpine 9 | container_name: {{ .Orbit.EnvFile.ENV }}-{{ .Orbit.Project.name }}-redis 10 | restart: {{ if and (ne "local" .Orbit.EnvFile.ENV) (eq false .Orbit.Modules.graylog.enable) }}unless-stopped{{ else }}"no"{{ end }} 11 | command: redis-server --requirepass {{ .Orbit.EnvFile.REDIS_PASSWORD }} 12 | networks: 13 | - backend 14 | labels: 15 | - traefik.enable=false 16 | volumes: 17 | - redis_data:/data 18 | {{- if eq true .Orbit.Modules.graylog.enable }} 19 | logging: 20 | driver: gelf 21 | options: 22 | gelf-address: udp://localhost:{{ .Orbit.EnvFile.GRAYLOG_PORT }} 23 | {{ end }} 24 | 25 | networks: 26 | 27 | 28 | backend: 29 | external: 30 | name: {{ .Orbit.EnvFile.ENV }}{{ .Orbit.Project.name }}_backend 31 | 32 | 33 | volumes: 34 | 35 | 36 | redis_data: 37 | driver: local -------------------------------------------------------------------------------- /modules/toolbox/.gitignore: -------------------------------------------------------------------------------- 1 | generated/graylog/.env 2 | generated/traefik/auth/.htdigest 3 | generated/traefik/certs/*.crt 4 | generated/traefik/certs/*.key 5 | docker-compose.yml -------------------------------------------------------------------------------- /modules/toolbox/docker-compose.blueprint.yml: -------------------------------------------------------------------------------- 1 | {{- $virtualhost := index (pick .Orbit.Project.virtualhost .Orbit.EnvFile.ENV) .Orbit.EnvFile.ENV -}} 2 | version: '3.3' 3 | 4 | 5 | services: 6 | 7 | 8 | toolbox: 9 | image: gulnap/kickoff-docker-php-images:toolbox-3.7-v2.4.0 10 | container_name: {{ .Orbit.EnvFile.ENV }}-{{ .Orbit.Project.name }}-toolbox 11 | networks: 12 | - backend 13 | environment: 14 | - VIRTUAL_HOST={{ $virtualhost }} 15 | - ENV={{ .Orbit.EnvFile.ENV }} 16 | - TRAEFIK_USER={{ .Orbit.Modules.traefik.user }} 17 | - TRAEFIK_PASSWORD={{ .Orbit.EnvFile.TRAEFIK_PASSWORD }} 18 | - GRAYLOG_ROOT_PASSWORD_SHA2={{ .Orbit.EnvFile.GRAYLOG_PASSWORD }} 19 | - GRAYLOG_ENABLED={{ .Orbit.Modules.graylog.enable }} 20 | labels: 21 | - traefik.enable=false 22 | volumes: 23 | - ./generated:/generated:rw 24 | - ./scripts:/scripts:ro 25 | 26 | 27 | networks: 28 | 29 | 30 | backend: 31 | driver: bridge -------------------------------------------------------------------------------- /modules/toolbox/generated/graylog/.env.blueprint: -------------------------------------------------------------------------------- 1 | # |-------------------------------------------------------------------------- 2 | # | Graylog passwords 3 | # |-------------------------------------------------------------------------- 4 | # | 5 | # | This file is used to store the passwords for Graylog which will be 6 | # | generated by the Toolbox container. 7 | # | 8 | 9 | GRAYLOG_PASSWORD_SECRET=${GRAYLOG_PASSWORD_SECRET} 10 | GRAYLOG_ROOT_PASSWORD_SHA2=${GRAYLOG_ROOT_PASSWORD_SHA2} -------------------------------------------------------------------------------- /modules/toolbox/generated/traefik/auth/.gitkeep: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/thecodingmachine/kickoff-docker-php/cc822f1fa060ea8b8fe764025cdc5e4fff9f1060/modules/toolbox/generated/traefik/auth/.gitkeep -------------------------------------------------------------------------------- /modules/toolbox/generated/traefik/certs/.gitkeep: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/thecodingmachine/kickoff-docker-php/cc822f1fa060ea8b8fe764025cdc5e4fff9f1060/modules/toolbox/generated/traefik/certs/.gitkeep -------------------------------------------------------------------------------- /modules/toolbox/scripts/graylog-secrets.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | if [ "$GRAYLOG_ENABLED" == "false" ]; then 4 | echo Skipping Graylog secrets generation ...; 5 | exit 0; 6 | fi; 7 | 8 | sedi() 9 | { 10 | sed --version >/dev/null 2>&1 && sed -i -- "$@" || sed -i "" "$@"; 11 | } 12 | 13 | echo Generating Graylog secrets ...; 14 | 15 | password_secret=$(openssl rand -hex 64); 16 | root_password_sha2=$(echo -n $GRAYLOG_ROOT_PASSWORD_SHA2 | openssl dgst -sha256 | sed 's/^.* //'); 17 | 18 | /bin/cp /generated/graylog/.env.blueprint /generated/graylog/.env; 19 | sedi "s/\${GRAYLOG_PASSWORD_SECRET}/$password_secret/g" /generated/graylog/.env; 20 | sedi "s/\${GRAYLOG_ROOT_PASSWORD_SHA2}/$root_password_sha2/g" /generated/graylog/.env; 21 | 22 | echo Graylog secrets generated!; 23 | exit 0; -------------------------------------------------------------------------------- /modules/toolbox/scripts/health-check.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | SERVICE=$1; 4 | HOST=$2; 5 | PORT=$3; 6 | 7 | spin='-\|/'; 8 | i=0; 9 | 10 | attempts=6000; 11 | while [ $attempts -ne 0 ]; do 12 | 13 | nc -z $HOST $PORT > /dev/null 2>&1; 14 | 15 | if [ $? -eq 0 ]; then 16 | printf "\r[OK] $SERVICE is running!\n"; 17 | exit 0; 18 | fi; 19 | 20 | i=$(( (i+1) %4 )); 21 | printf "\r${spin:$i:1} Waiting $SERVICE ..."; 22 | sleep .1 23 | 24 | attempts=`expr $attempts - 1`; 25 | done; 26 | 27 | printf "\r[error] $SERVICE failed to launch!\n"; 28 | exit 1; -------------------------------------------------------------------------------- /modules/toolbox/scripts/traefik-htdigest.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | if [ "$ENV" == "local" ]; then 4 | echo Skipping .htdigest file generation ...; 5 | exit 0; 6 | fi; 7 | 8 | echo Generating .htdigest file ...; 9 | 10 | rm -f /generated/traefik/auth/.htdigest; 11 | printf "%s:%s:%s" "$TRAEFIK_USER" "traefik" $(printf "$TRAEFIK_USER:traefik:$TRAEFIK_PASSWORD" | openssl dgst -md5 | sed 's/^.* //') > /generated/traefik/auth/.htdigest; 12 | 13 | if [ ! -f "/generated/traefik/auth/.htdigest" ]; then 14 | echo Failed to generate the .htdigest file; 15 | exit 1; 16 | fi; 17 | 18 | echo .htdigest file generated!; 19 | exit 0; -------------------------------------------------------------------------------- /modules/toolbox/scripts/traefik-self-signed-certificate.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | if [ "$ENV" != "local" ]; then 4 | echo Skipping self-signed certificate generation ...; 5 | exit 0; 6 | fi; 7 | 8 | if [ ! -f "/generated/traefik/certs/$VIRTUAL_HOST.key" ]; then 9 | echo Generating the self-signed certificate ... 10 | 11 | rm -rf /generated/traefik/certs/*.crt; 12 | rm -rf /generated/traefik/certs/*.key; 13 | openssl req -x509 -newkey rsa:4096 -sha256 -nodes -keyout /generated/traefik/certs/$VIRTUAL_HOST.key -out /generated/traefik/certs/$VIRTUAL_HOST.crt -days 365 -subj "/C=FR/ST=PARIS/L=PARIS/O=Kickoff/OU=Kickoff/CN=*.$VIRTUAL_HOST"; 14 | 15 | if [ ! -f "/generated/traefik/certs/$VIRTUAL_HOST.key" ]; then 16 | echo Failed to generate the self-signed certificate; 17 | exit 1; 18 | fi; 19 | 20 | echo Self-signed certificate generated!; 21 | exit 0; 22 | fi; 23 | 24 | echo Self-signed certificate already generated, skipping ...; 25 | exit 0; -------------------------------------------------------------------------------- /modules/traefik/.gitignore: -------------------------------------------------------------------------------- 1 | docker-compose.yml 2 | traefik.toml -------------------------------------------------------------------------------- /modules/traefik/docker-compose.blueprint.yml: -------------------------------------------------------------------------------- 1 | {{- $virtualhost := index (pick .Orbit.Project.virtualhost .Orbit.EnvFile.ENV) .Orbit.EnvFile.ENV -}} 2 | version: '3.3' 3 | 4 | 5 | services: 6 | 7 | 8 | proxy: 9 | image: traefik:1.5.1-alpine 10 | container_name: kickoff-proxy 11 | restart: {{ if and (ne "local" .Orbit.EnvFile.ENV) (eq false .Orbit.Modules.graylog.enable) }}unless-stopped{{ else }}"no"{{ end }} 12 | command: --docker --logLevel={{ .Orbit.EnvFile.TRAEFIK_LOG_LEVEL }} 13 | networks: 14 | - proxy 15 | ports: 16 | - "80:80" 17 | - "443:443" 18 | labels: 19 | - traefik.frontend.rule=Host:traefik.{{ $virtualhost }} 20 | - traefik.port=8080 21 | volumes: 22 | - /var/run/docker.sock:/var/run/docker.sock:ro 23 | - ./traefik.toml:/traefik.toml:ro 24 | {{- if eq "local" .Orbit.EnvFile.ENV }} 25 | - ../toolbox/generated/traefik/certs:/certs:ro 26 | {{- else }} 27 | - {{ .Orbit.EnvFile.TRAEFIK_CERT_FILE_PATH }}:/certs/{{ $virtualhost }}.crt:ro 28 | - {{ .Orbit.EnvFile.TRAEFIK_KEY_FILE_PATH }}:/certs/{{ $virtualhost }}.key:ro 29 | - ../toolbox/generated/traefik/auth/:/auth/:ro 30 | {{ end }} 31 | 32 | 33 | networks: 34 | 35 | 36 | proxy: 37 | driver: bridge -------------------------------------------------------------------------------- /modules/traefik/traefik.blueprint.toml: -------------------------------------------------------------------------------- 1 | {{- $virtualhost := index (pick .Orbit.Project.virtualhost .Orbit.EnvFile.ENV) .Orbit.EnvFile.ENV -}} 2 | # Entry points definition 3 | defaultEntryPoints = ["http", "https"] 4 | 5 | [entryPoints] 6 | [entryPoints.http] 7 | address = ":80" 8 | [entryPoints.http.redirect] 9 | entryPoint = "https" 10 | [entryPoints.https] 11 | address = ":443" 12 | [entryPoints.https.tls] 13 | [[entryPoints.https.tls.certificates]] 14 | certFile = "certs/{{ $virtualhost }}.crt" 15 | keyFile = "certs/{{ $virtualhost }}.key" 16 | 17 | # API backend 18 | [web] 19 | address = ":8080" 20 | {{- if ne "local" .Orbit.EnvFile.ENV }} 21 | [web.auth.digest] 22 | usersFile = "auth/.htdigest" 23 | {{- end }} -------------------------------------------------------------------------------- /orbit-payload.yml: -------------------------------------------------------------------------------- 1 | payload: 2 | 3 | - key: EnvFile 4 | value: config/.env 5 | 6 | - key: Modules 7 | value: config/modules.yml 8 | 9 | - key: Project 10 | value: config/project.yml -------------------------------------------------------------------------------- /orbit.yml: -------------------------------------------------------------------------------- 1 | # |-------------------------------------------------------------------------- 2 | # | Tasks 3 | # |-------------------------------------------------------------------------- 4 | # | 5 | # | This file describes the tasks of your project. 6 | # | Feel free to add your own tasks! 7 | # | 8 | # | https://github.com/gulien/orbit/ 9 | # | 10 | 11 | tasks: 12 | 13 | # |-------------------------------------------------------------------------- 14 | # | orbit run kickoff 15 | # |-------------------------------------------------------------------------- 16 | # | 17 | # | Generates all configuration files, builds the NGINX image 18 | # | and starts the containers. 19 | # | 20 | 21 | - use: kickoff 22 | short: Generates all configuration files, builds the NGINX image and starts the containers 23 | run: 24 | - orbit run build proxy-up up {{ if debug }}-d{{ end }} 25 | 26 | # |-------------------------------------------------------------------------- 27 | # | orbit run shutdown 28 | # |-------------------------------------------------------------------------- 29 | # | 30 | # | Stops all containers. 31 | # | 32 | 33 | - use: shutdown 34 | short: Stops all containers 35 | run: 36 | - orbit run down proxy-down {{ if debug }}-d{{ end }} 37 | 38 | # |-------------------------------------------------------------------------- 39 | # | orbit run build 40 | # |-------------------------------------------------------------------------- 41 | # | 42 | # | Generates all configuration files and builds the NGINX image. 43 | # | 44 | # | See config/orbit/orbit-build.yml for more information. 45 | # | 46 | 47 | - use: build 48 | short: Generates all configuration files and builds the NGINX image 49 | run: 50 | - orbit run docker-sync-build -f config/orbit/orbit-build.yml {{ if debug }}-d{{ end }} 51 | - orbit run toolbox-build -f config/orbit/orbit-build.yml {{ if debug }}-d{{ end }} 52 | - orbit run traefik-build -f config/orbit/orbit-build.yml {{ if debug }}-d{{ end }} 53 | - orbit run graylog-build -f config/orbit/orbit-build.yml {{ if debug }}-d{{ end }} 54 | - orbit run php-fpm-build -f config/orbit/orbit-build.yml {{ if debug }}-d{{ end }} 55 | - orbit run nginx-build -f config/orbit/orbit-build.yml {{ if debug }}-d{{ end }} 56 | - orbit run mysql-build -f config/orbit/orbit-build.yml {{ if debug }}-d{{ end }} 57 | - orbit run redis-build -f config/orbit/orbit-build.yml {{ if debug }}-d{{ end }} 58 | - orbit run rabbitmq-build -f config/orbit/orbit-build.yml {{ if debug }}-d{{ end }} 59 | - orbit generate -f config/orbit/whale.txt -p "Notification,Your configuration files have been successfully generated!" {{ if debug }}-d{{ end }} 60 | 61 | # |-------------------------------------------------------------------------- 62 | # | orbit run proxy-up 63 | # |-------------------------------------------------------------------------- 64 | # | 65 | # | Starts the Traefik container. 66 | # | 67 | # | See config/orbit/orbit-up.yml for more information. 68 | # | 69 | 70 | - use: proxy-up 71 | short: Starts the Traefik container 72 | run: 73 | - orbit run traefik-up -f config/orbit/orbit-up.yml {{ if debug }}-d{{ end }} 74 | - docker ps 75 | 76 | # |-------------------------------------------------------------------------- 77 | # | orbit run up 78 | # |-------------------------------------------------------------------------- 79 | # | 80 | # | Starts all containers without the Traefik container. 81 | # | 82 | # | See config/orbit/orbit-up.yml for more information. 83 | # | 84 | 85 | - use: up 86 | short: Starts all containers without the Traefik container 87 | run: 88 | - orbit run graylog-up -f config/orbit/orbit-up.yml {{ if debug }}-d{{ end }} 89 | - orbit run docker-sync-up -f config/orbit/orbit-up.yml {{ if debug }}-d{{ end }} 90 | - orbit run php-fpm-up -f config/orbit/orbit-up.yml {{ if debug }}-d{{ end }} 91 | - orbit run nginx-up -f config/orbit/orbit-up.yml {{ if debug }}-d{{ end }} 92 | - orbit run mysql-up -f config/orbit/orbit-up.yml {{ if debug }}-d{{ end }} 93 | - orbit run redis-up -f config/orbit/orbit-up.yml {{ if debug }}-d{{ end }} 94 | - orbit run rabbitmq-up -f config/orbit/orbit-up.yml {{ if debug }}-d{{ end }} 95 | - orbit generate -f config/orbit/whale.txt -p "Notification,Your containers have been successfully started!" {{ if debug }}-d{{ end }} 96 | - docker ps 97 | 98 | # |-------------------------------------------------------------------------- 99 | # | orbit run proxy-down 100 | # |-------------------------------------------------------------------------- 101 | # | 102 | # | Stops the Traefik container. 103 | # | 104 | # | See config/orbit/orbit-down.yml for more information. 105 | # | 106 | 107 | - use: proxy-down 108 | short: Stops the Traefik container 109 | run: 110 | - orbit run traefik-down -f config/orbit/orbit-down.yml {{ if debug }}-d{{ end }} 111 | - orbit generate -f config/orbit/whale.txt -p "Notification,Your reverse proxy has been successfully stopped!" {{ if debug }}-d{{ end }} 112 | - docker ps 113 | 114 | # |-------------------------------------------------------------------------- 115 | # | orbit run down 116 | # |-------------------------------------------------------------------------- 117 | # | 118 | # | Stops all containers without the Traefik container. 119 | # | 120 | # | See config/orbit/orbit-down.yml for more information. 121 | # | 122 | 123 | - use: down 124 | short: Stops all containers without the Traefik container 125 | run: 126 | - orbit run graylog-down -f config/orbit/orbit-down.yml {{ if debug }}-d{{ end }} 127 | - orbit run php-fpm-down -f config/orbit/orbit-down.yml {{ if debug }}-d{{ end }} 128 | - orbit run nginx-down -f config/orbit/orbit-down.yml {{ if debug }}-d{{ end }} 129 | - orbit run docker-sync-down -f config/orbit/orbit-down.yml {{ if debug }}-d{{ end }} 130 | - orbit run mysql-down -f config/orbit/orbit-down.yml {{ if debug }}-d{{ end }} 131 | - orbit run redis-down -f config/orbit/orbit-down.yml {{ if debug }}-d{{ end }} 132 | - orbit run rabbitmq-down -f config/orbit/orbit-down.yml {{ if debug }}-d{{ end }} 133 | - orbit run toolbox-down -f config/orbit/orbit-down.yml {{ if debug }}-d{{ end }} 134 | - orbit generate -f config/orbit/whale.txt -p "Notification,Your containers have been successfully stopped!" {{ if debug }}-d{{ end }} 135 | - docker ps 136 | 137 | # |-------------------------------------------------------------------------- 138 | # | Commands 139 | # |-------------------------------------------------------------------------- 140 | # | 141 | # | See config/orbit//orbit-commands.yml for more information. 142 | # | 143 | 144 | - use: workspace 145 | short: Connects through ash to the PHP-FPM container 146 | run: 147 | - orbit run command-workspace -f config/orbit/orbit-commands.yml {{ if debug }}-d{{ end }} 148 | 149 | - use: mysql-cli 150 | short: Opens the MySQL CLI as root 151 | run: 152 | - orbit run command-mysql-cli -f config/orbit/orbit-commands.yml {{ if debug }}-d{{ end }} --------------------------------------------------------------------------------