initial commit

2017-03-28 19:46:14 +02:00 · 2017-03-28 19:46:14 +02:00 · 6181af05f9
commit 6181af05f9
10 changed files with 273 additions and 0 deletions
--- a/42
+++ b/42
@ -0,0 +1,42 @@
+FROM php:7.1-fpm-alpine
+
+MAINTAINER Michael Contento <mail@michaelcontento.de>
+
+RUN \
+# Install dependencies
+    apk add --no-cache nginx supervisor \
+# Install PHP extension
+    && docker-php-ext-install opcache
+
+# Remove (some of the) default nginx config
+RUN rm -f /etc/nginx.conf \
+    && rm -rf /etc/nginx/sites-* \
+    && rm -rf /var/log/nginx \
+# Ensure nginx logs, even if the config has errors, are written to stderr
+    && rm /var/lib/nginx/logs \
+    && mkdir -p /var/lib/nginx/logs \
+    && ln -s /dev/stderr /var/lib/nginx/logs/error.log \
+# Remove default content from the default $DOCUMENT_ROOT ...
+    && rm -rf /var/www \
+# ... but ensure it exists with the right owner
+    && mkdir -p /var/www \
+    && chown www-data.www-data /var/www
+
+WORKDIR /var/www
+
+# Where nginx should serve from
+ENV DOCUMENT_ROOT=/var/www
+
+# Should we instantiate a redirect for apex-to-www? Or www-to-apex?
+# Valid values are "none", "www-to-apex" or "apex-to-www"
+ENV REDIRECT_MODE="none"
+
+# Which HTTP code should we use for the above redirect
+ENV REDIRECT_CODE=302
+
+ADD etc/ /etc/
+ADD usr/ /usr/
+
+EXPOSE 80
+
+CMD ["/usr/bin/docker-start"]
--- a/etc/nginx/conf.d/cache-file-descriptors.conf
+++ b/etc/nginx/conf.d/cache-file-descriptors.conf
@ -0,0 +1,19 @@
+# This tells Nginx to cache open file handles, "not found" errors, metadata about files and their permissions, etc.
+#
+# The upside of this is that Nginx can immediately begin sending data when a popular file is requested,
+# and will also know to immediately send a 404 if a file is missing on disk, and so on.
+#
+# However, it also means that the server won't react immediately to changes on disk, which may be undesirable.
+#
+# In the below configuration, inactive files are released from the cache after 20 seconds, whereas
+# active (recently requested) files are re-validated every 30 seconds.
+#
+# Descriptors will not be cached unless they are used at least 2 times within 20 seconds (the inactive time).
+#
+# A maximum of the 1000 most recently used file descriptors can be cached at any time.
+#
+# Production servers with stable file collections will definitely want to enable the cache.
+open_file_cache          max=1000 inactive=20s;
+open_file_cache_valid    30s;
+open_file_cache_min_uses 2;
+open_file_cache_errors   on;
--- a/etc/nginx/conf.d/compression.conf
+++ b/etc/nginx/conf.d/compression.conf
@ -0,0 +1,56 @@
+# Enable gzip compression.
+gzip on;
+
+# Compression level (1-9).
+# 5 is a perfect compromise between size and CPU usage, offering about
+# 75% reduction for most ASCII files (almost identical to level 9).
+gzip_comp_level    5;
+
+# Don't compress anything that's already small and unlikely to shrink much
+# if at all (the default is 20 bytes, which is bad as that usually leads to
+# larger files after gzipping).
+gzip_min_length    256;
+
+# Compress data even for clients that are connecting to us via proxies,
+# identified by the "Via" header (required for CloudFront).
+gzip_proxied       any;
+
+# Tell proxies to cache both the gzipped and regular version of a resource
+# whenever the client's Accept-Encoding capabilities header varies;
+# Avoids the issue where a non-gzip capable client (which is extremely rare
+# today) would display gibberish if their proxy gave them the gzipped version.
+gzip_vary          on;
+
+# Compress all output labeled with one of the following MIME-types.
+gzip_types
+    application/atom+xml
+    application/javascript
+    application/json
+    application/ld+json
+    application/manifest+json
+    application/rss+xml
+    application/vnd.geo+json
+    application/vnd.ms-fontobject
+    application/x-font-ttf
+    application/x-web-app-manifest+json
+    application/xhtml+xml
+    application/xml
+    font/opentype
+    image/bmp
+    image/svg+xml
+    image/x-icon
+    text/cache-manifest
+    text/css
+    text/plain
+    text/vcard
+    text/vnd.rim.location.xloc
+    text/vtt
+    text/x-component
+    text/x-cross-domain-policy;
+    # text/html is always compressed by gzip module
+
+# This should be turned on if you are going to have pre-compressed copies (.gz) of
+# static files available. If not it should be left off as it will cause extra I/O
+# for the check. It is best if you enable this in a location{} block for
+# a specific directory, or on an individual server{} level.
+# gzip_static on;
--- a/etc/nginx/nginx.conf
+++ b/etc/nginx/nginx.conf
@ -0,0 +1,76 @@
+# Run as a unique, less privileged user for security reasons.
+user www-data www-data;
+
+# Sets the worker threads to the number of CPU cores available in the system for best performance.
+# Should be > the number of CPU cores.
+# Maximum number of connections = worker_processes * worker_connections
+worker_processes auto;
+
+# Maximum number of open files per worker process.
+# Should be > worker_connections.
+worker_rlimit_nofile 8192;
+
+events {
+  # If you need more connections than this, you start optimizing your OS.
+  # That's probably the point at which you hire people who are smarter than you as this is *a lot* of requests.
+  # Should be < worker_rlimit_nofile.
+  worker_connections 8000;
+}
+
+# Log errors and warnings to this file
+# This is only used when you don't override it on a server{} level
+error_log stderr warn;
+
+# The file storing the process ID of the main process
+pid /var/run/nginx.pid;
+
+# The process is managed in the docker-env
+daemon off;
+
+# Free some CPU cycles
+timer_resolution 500ms;
+
+http {
+    # Specify MIME types for files.
+    include       mime.types;
+    default_type  application/octet-stream;
+
+    # Update charset_types to match updated mime.types.
+    # text/html is always included by charset module.
+    charset_types text/css text/plain text/vnd.wap.wml application/javascript application/json application/rss+xml application/xml;
+
+    # Include $http_x_forwarded_for within default format used in log files
+    log_format main '$remote_addr - $remote_user [$time_local] "$request" '
+                    '$status $body_bytes_sent "$http_referer" '
+                    '"$http_user_agent" "$http_x_forwarded_for"';
+
+    # Hide used software
+    server_tokens off;
+
+    # Default charset
+    charset utf-8;
+
+    # Log access to this file
+    # This is only used when you don't override it on a server{} level
+    access_log stdout main;
+
+    # How long to allow each connection to stay idle.
+    # Longer values are better for each individual client, particularly for SSL,
+    # but means that worker connections are tied up longer.
+    keepalive_timeout 20s;
+
+    # Speed up file transfers by using sendfile() to copy directly
+    # between descriptors rather than using read()/write().
+    # For performance reasons, on FreeBSD systems w/ ZFS
+    # this option should be disabled as ZFS's ARC caches
+    # frequently used files in RAM by default.
+    sendfile        on;
+
+    # Don't send out partial frames; this increases throughput
+    # since TCP frames are filled up before being sent out.
+    tcp_nopush      on;
+
+    # Load even moar configs
+    include /etc/nginx/conf.d/*.conf;
+    include /etc/nginx/sites-enabled/*.conf;
+}
--- a/etc/nginx/sites-available/redirect-apex-to-www.conf
+++ b/etc/nginx/sites-available/redirect-apex-to-www.conf
@ -0,0 +1,5 @@
+server {
+    listen 80;
+    server_name ~^(?!www.)(?<domain>.+)$;
+    return {{REDIRECT_CODE}} https://www.$domain$request_uri;
+}
--- a/etc/nginx/sites-available/redirect-www-to-apex.conf
+++ b/etc/nginx/sites-available/redirect-www-to-apex.conf
@ -0,0 +1,5 @@
+server {
+    listen 80;
+    server_name ~^www.(?<domain>.+)$;
+    return {{REDIRECT_CODE}} https://$domain$request_uri;
+}
--- a/etc/nginx/sites-available/site.conf
+++ b/etc/nginx/sites-available/site.conf
@ -0,0 +1,21 @@
+server {
+    listen 80 default_server;
+
+    root {{DOCUMENT_ROOT}};
+    index index.php index.html index.htm;
+
+    location / {
+        try_files $uri $uri/ index.php$is_args$args;
+    }
+
+    location ~ \.php$ {
+        fastcgi_pass [::]:9000;
+        fastcgi_index index.php;
+        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
+        include fastcgi_params;
+
+        # Prevent exposing nginx + version to $_SERVER
+        fastcgi_param SERVER_SOFTWARE "";
+    }
+
+}
--- a/etc/nginx/sites-enabled/site.conf
+++ b/etc/nginx/sites-enabled/site.conf
@ -0,0 +1 @@
+/etc/nginx/sites-available/site.conf
--- a/etc/supervisor.d/docker.ini
+++ b/etc/supervisor.d/docker.ini
@ -0,0 +1,25 @@
+[supervisord]
+nodaemon=true
+logfile=/dev/stdout
+logfile_maxbytes=0
+pidfile=/var/run/supervisord.pid
+
+[program:php-fpm]
+command = /usr/local/sbin/php-fpm
+autostart=true
+autorestart=true
+priority=5
+stdout_logfile=/dev/stdout
+stdout_logfile_maxbytes=0
+stderr_logfile=/dev/stderr
+stderr_logfile_maxbytes=0
+
+[program:nginx]
+command=/usr/sbin/nginx
+autostart=true
+autorestart=true
+priority=10
+stdout_logfile=/dev/stdout
+stdout_logfile_maxbytes=0
+stderr_logfile=/dev/stderr
+stderr_logfile_maxbytes=0
--- a/usr/bin/docker-start
+++ b/usr/bin/docker-start
@ -0,0 +1,23 @@
+#!/usr/bin/env sh
+set -eu
+
+chown www-data.www-data "${DOCUMENT_ROOT}"
+
+for file in /etc/nginx/*/*.conf; do
+    sed -i \
+        -e "s#{{REDIRECT_CODE}}#${REDIRECT_CODE}#g" \
+        -e "s#{{DOCUMENT_ROOT}}#${DOCUMENT_ROOT}#g" \
+        "${file}"
+done
+
+if [[ "${REDIRECT_MODE}" == "apex-to-www" ]]; then
+    ln -s \
+        /etc/nginx/sites-available/redirect-apex-to-www.conf \
+        /etc/nginx/sites-enabled/redirect-apex-to-www.conf
+elif [[ "${REDIRECT_MODE}" == "www-to-apex" ]]; then
+    ln -s \
+        /etc/nginx/sites-available/redirect-www-to-apex.conf \
+        /etc/nginx/sites-enabled/redirect-www-to-apex.conf
+fi
+
+exec /usr/bin/supervisord