From 6181af05f939b6a774881d5275e6203ece80c248 Mon Sep 17 00:00:00 2001 From: Michael Contento Date: Tue, 28 Mar 2017 19:46:14 +0200 Subject: [PATCH] initial commit --- Dockerfile | 42 ++++++++++ etc/nginx/conf.d/cache-file-descriptors.conf | 19 +++++ etc/nginx/conf.d/compression.conf | 56 ++++++++++++++ etc/nginx/nginx.conf | 76 +++++++++++++++++++ .../sites-available/redirect-apex-to-www.conf | 5 ++ .../sites-available/redirect-www-to-apex.conf | 5 ++ etc/nginx/sites-available/site.conf | 21 +++++ etc/nginx/sites-enabled/site.conf | 1 + etc/supervisor.d/docker.ini | 25 ++++++ usr/bin/docker-start | 23 ++++++ 10 files changed, 273 insertions(+) create mode 100644 Dockerfile create mode 100644 etc/nginx/conf.d/cache-file-descriptors.conf create mode 100644 etc/nginx/conf.d/compression.conf create mode 100644 etc/nginx/nginx.conf create mode 100644 etc/nginx/sites-available/redirect-apex-to-www.conf create mode 100644 etc/nginx/sites-available/redirect-www-to-apex.conf create mode 100644 etc/nginx/sites-available/site.conf create mode 120000 etc/nginx/sites-enabled/site.conf create mode 100644 etc/supervisor.d/docker.ini create mode 100755 usr/bin/docker-start diff --git a/Dockerfile b/Dockerfile new file mode 100644 index 0000000..d01778c --- /dev/null +++ b/Dockerfile @@ -0,0 +1,42 @@ +FROM php:7.1-fpm-alpine + +MAINTAINER Michael Contento + +RUN \ +# Install dependencies + apk add --no-cache nginx supervisor \ +# Install PHP extension + && docker-php-ext-install opcache + +# Remove (some of the) default nginx config +RUN rm -f /etc/nginx.conf \ + && rm -rf /etc/nginx/sites-* \ + && rm -rf /var/log/nginx \ +# Ensure nginx logs, even if the config has errors, are written to stderr + && rm /var/lib/nginx/logs \ + && mkdir -p /var/lib/nginx/logs \ + && ln -s /dev/stderr /var/lib/nginx/logs/error.log \ +# Remove default content from the default $DOCUMENT_ROOT ... + && rm -rf /var/www \ +# ... but ensure it exists with the right owner + && mkdir -p /var/www \ + && chown www-data.www-data /var/www + +WORKDIR /var/www + +# Where nginx should serve from +ENV DOCUMENT_ROOT=/var/www + +# Should we instantiate a redirect for apex-to-www? Or www-to-apex? +# Valid values are "none", "www-to-apex" or "apex-to-www" +ENV REDIRECT_MODE="none" + +# Which HTTP code should we use for the above redirect +ENV REDIRECT_CODE=302 + +ADD etc/ /etc/ +ADD usr/ /usr/ + +EXPOSE 80 + +CMD ["/usr/bin/docker-start"] diff --git a/etc/nginx/conf.d/cache-file-descriptors.conf b/etc/nginx/conf.d/cache-file-descriptors.conf new file mode 100644 index 0000000..ed312c0 --- /dev/null +++ b/etc/nginx/conf.d/cache-file-descriptors.conf @@ -0,0 +1,19 @@ +# This tells Nginx to cache open file handles, "not found" errors, metadata about files and their permissions, etc. +# +# The upside of this is that Nginx can immediately begin sending data when a popular file is requested, +# and will also know to immediately send a 404 if a file is missing on disk, and so on. +# +# However, it also means that the server won't react immediately to changes on disk, which may be undesirable. +# +# In the below configuration, inactive files are released from the cache after 20 seconds, whereas +# active (recently requested) files are re-validated every 30 seconds. +# +# Descriptors will not be cached unless they are used at least 2 times within 20 seconds (the inactive time). +# +# A maximum of the 1000 most recently used file descriptors can be cached at any time. +# +# Production servers with stable file collections will definitely want to enable the cache. +open_file_cache max=1000 inactive=20s; +open_file_cache_valid 30s; +open_file_cache_min_uses 2; +open_file_cache_errors on; diff --git a/etc/nginx/conf.d/compression.conf b/etc/nginx/conf.d/compression.conf new file mode 100644 index 0000000..26537ad --- /dev/null +++ b/etc/nginx/conf.d/compression.conf @@ -0,0 +1,56 @@ +# Enable gzip compression. +gzip on; + +# Compression level (1-9). +# 5 is a perfect compromise between size and CPU usage, offering about +# 75% reduction for most ASCII files (almost identical to level 9). +gzip_comp_level 5; + +# Don't compress anything that's already small and unlikely to shrink much +# if at all (the default is 20 bytes, which is bad as that usually leads to +# larger files after gzipping). +gzip_min_length 256; + +# Compress data even for clients that are connecting to us via proxies, +# identified by the "Via" header (required for CloudFront). +gzip_proxied any; + +# Tell proxies to cache both the gzipped and regular version of a resource +# whenever the client's Accept-Encoding capabilities header varies; +# Avoids the issue where a non-gzip capable client (which is extremely rare +# today) would display gibberish if their proxy gave them the gzipped version. +gzip_vary on; + +# Compress all output labeled with one of the following MIME-types. +gzip_types + application/atom+xml + application/javascript + application/json + application/ld+json + application/manifest+json + application/rss+xml + application/vnd.geo+json + application/vnd.ms-fontobject + application/x-font-ttf + application/x-web-app-manifest+json + application/xhtml+xml + application/xml + font/opentype + image/bmp + image/svg+xml + image/x-icon + text/cache-manifest + text/css + text/plain + text/vcard + text/vnd.rim.location.xloc + text/vtt + text/x-component + text/x-cross-domain-policy; + # text/html is always compressed by gzip module + +# This should be turned on if you are going to have pre-compressed copies (.gz) of +# static files available. If not it should be left off as it will cause extra I/O +# for the check. It is best if you enable this in a location{} block for +# a specific directory, or on an individual server{} level. +# gzip_static on; diff --git a/etc/nginx/nginx.conf b/etc/nginx/nginx.conf new file mode 100644 index 0000000..f8b95e8 --- /dev/null +++ b/etc/nginx/nginx.conf @@ -0,0 +1,76 @@ +# Run as a unique, less privileged user for security reasons. +user www-data www-data; + +# Sets the worker threads to the number of CPU cores available in the system for best performance. +# Should be > the number of CPU cores. +# Maximum number of connections = worker_processes * worker_connections +worker_processes auto; + +# Maximum number of open files per worker process. +# Should be > worker_connections. +worker_rlimit_nofile 8192; + +events { + # If you need more connections than this, you start optimizing your OS. + # That's probably the point at which you hire people who are smarter than you as this is *a lot* of requests. + # Should be < worker_rlimit_nofile. + worker_connections 8000; +} + +# Log errors and warnings to this file +# This is only used when you don't override it on a server{} level +error_log stderr warn; + +# The file storing the process ID of the main process +pid /var/run/nginx.pid; + +# The process is managed in the docker-env +daemon off; + +# Free some CPU cycles +timer_resolution 500ms; + +http { + # Specify MIME types for files. + include mime.types; + default_type application/octet-stream; + + # Update charset_types to match updated mime.types. + # text/html is always included by charset module. + charset_types text/css text/plain text/vnd.wap.wml application/javascript application/json application/rss+xml application/xml; + + # Include $http_x_forwarded_for within default format used in log files + log_format main '$remote_addr - $remote_user [$time_local] "$request" ' + '$status $body_bytes_sent "$http_referer" ' + '"$http_user_agent" "$http_x_forwarded_for"'; + + # Hide used software + server_tokens off; + + # Default charset + charset utf-8; + + # Log access to this file + # This is only used when you don't override it on a server{} level + access_log stdout main; + + # How long to allow each connection to stay idle. + # Longer values are better for each individual client, particularly for SSL, + # but means that worker connections are tied up longer. + keepalive_timeout 20s; + + # Speed up file transfers by using sendfile() to copy directly + # between descriptors rather than using read()/write(). + # For performance reasons, on FreeBSD systems w/ ZFS + # this option should be disabled as ZFS's ARC caches + # frequently used files in RAM by default. + sendfile on; + + # Don't send out partial frames; this increases throughput + # since TCP frames are filled up before being sent out. + tcp_nopush on; + + # Load even moar configs + include /etc/nginx/conf.d/*.conf; + include /etc/nginx/sites-enabled/*.conf; +} diff --git a/etc/nginx/sites-available/redirect-apex-to-www.conf b/etc/nginx/sites-available/redirect-apex-to-www.conf new file mode 100644 index 0000000..0d08eec --- /dev/null +++ b/etc/nginx/sites-available/redirect-apex-to-www.conf @@ -0,0 +1,5 @@ +server { + listen 80; + server_name ~^(?!www.)(?.+)$; + return {{REDIRECT_CODE}} https://www.$domain$request_uri; +} diff --git a/etc/nginx/sites-available/redirect-www-to-apex.conf b/etc/nginx/sites-available/redirect-www-to-apex.conf new file mode 100644 index 0000000..059d7a0 --- /dev/null +++ b/etc/nginx/sites-available/redirect-www-to-apex.conf @@ -0,0 +1,5 @@ +server { + listen 80; + server_name ~^www.(?.+)$; + return {{REDIRECT_CODE}} https://$domain$request_uri; +} diff --git a/etc/nginx/sites-available/site.conf b/etc/nginx/sites-available/site.conf new file mode 100644 index 0000000..308e3c0 --- /dev/null +++ b/etc/nginx/sites-available/site.conf @@ -0,0 +1,21 @@ +server { + listen 80 default_server; + + root {{DOCUMENT_ROOT}}; + index index.php index.html index.htm; + + location / { + try_files $uri $uri/ index.php$is_args$args; + } + + location ~ \.php$ { + fastcgi_pass [::]:9000; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + include fastcgi_params; + + # Prevent exposing nginx + version to $_SERVER + fastcgi_param SERVER_SOFTWARE ""; + } + +} diff --git a/etc/nginx/sites-enabled/site.conf b/etc/nginx/sites-enabled/site.conf new file mode 120000 index 0000000..35141db --- /dev/null +++ b/etc/nginx/sites-enabled/site.conf @@ -0,0 +1 @@ +/etc/nginx/sites-available/site.conf \ No newline at end of file diff --git a/etc/supervisor.d/docker.ini b/etc/supervisor.d/docker.ini new file mode 100644 index 0000000..352b15b --- /dev/null +++ b/etc/supervisor.d/docker.ini @@ -0,0 +1,25 @@ +[supervisord] +nodaemon=true +logfile=/dev/stdout +logfile_maxbytes=0 +pidfile=/var/run/supervisord.pid + +[program:php-fpm] +command = /usr/local/sbin/php-fpm +autostart=true +autorestart=true +priority=5 +stdout_logfile=/dev/stdout +stdout_logfile_maxbytes=0 +stderr_logfile=/dev/stderr +stderr_logfile_maxbytes=0 + +[program:nginx] +command=/usr/sbin/nginx +autostart=true +autorestart=true +priority=10 +stdout_logfile=/dev/stdout +stdout_logfile_maxbytes=0 +stderr_logfile=/dev/stderr +stderr_logfile_maxbytes=0 diff --git a/usr/bin/docker-start b/usr/bin/docker-start new file mode 100755 index 0000000..ab58ada --- /dev/null +++ b/usr/bin/docker-start @@ -0,0 +1,23 @@ +#!/usr/bin/env sh +set -eu + +chown www-data.www-data "${DOCUMENT_ROOT}" + +for file in /etc/nginx/*/*.conf; do + sed -i \ + -e "s#{{REDIRECT_CODE}}#${REDIRECT_CODE}#g" \ + -e "s#{{DOCUMENT_ROOT}}#${DOCUMENT_ROOT}#g" \ + "${file}" +done + +if [[ "${REDIRECT_MODE}" == "apex-to-www" ]]; then + ln -s \ + /etc/nginx/sites-available/redirect-apex-to-www.conf \ + /etc/nginx/sites-enabled/redirect-apex-to-www.conf +elif [[ "${REDIRECT_MODE}" == "www-to-apex" ]]; then + ln -s \ + /etc/nginx/sites-available/redirect-www-to-apex.conf \ + /etc/nginx/sites-enabled/redirect-www-to-apex.conf +fi + +exec /usr/bin/supervisord