refactor, cleanup and strip off the nginx

master
Andy 3 years ago
parent f6232364e3
commit 611ac8ef61
Signed by: arno
GPG Key ID: 9076D5E6B31AE99C
  1. 39
      .drone.sh
  2. 28
      .drone.yml
  3. 42
      DRONE.md
  4. 50
      Dockerfile
  5. 64
      Jenkinsfile
  6. 2
      LICENSE
  7. 20
      Makefile
  8. 93
      README.md
  9. 13
      docker-compose.yml
  10. 26
      k8s/deployment.yaml
  11. 22
      k8s/ingress.yml
  12. 11
      k8s/service.yaml
  13. 12
      k8s/storage.yaml
  14. 25
      nginx.conf
  15. 533
      php-fpm.conf
  16. 12
      rainloop.conf
  17. 8
      start

@ -1,39 +0,0 @@
#!/bin/sh
set -e
# set -x
# echo "--------------------------"
# echo "--- export ---"
# export
# echo "--- env ---"
# env
# echo "--- set ---"
# set
# echo "--------------------------"
# only execute this script as part of the pipeline.
[ -z "$CI" ] && ( echo "I am not running in Drone CI"; exit 2; )
# only execute the script when the client key and certificate exist.
[ -z "$KUB_KEY" ] && ( echo "I need kub_key secret"; exit 3; )
[ -z "$KUB_CRT" ] && ( echo "I need kub_crt secret"; exit 4; )
# only execute the script when the CA certificate is present.
[ -z "$KUB_CA" ] && ( echo "I need kub_ca"; exit 5; )
# write the client key and the certificate
echo -n "$KUB_KEY" > /root/kub.key
chmod 600 /root/kub.key
echo -n "$KUB_CRT" > /root/kub.crt
# write the Kubernetes CA
echo -n "$KUB_CA" > /root/ca.crt
# check whether the certificate is signed by the CA
# TODO: (install openssl ? ) openssl verify -CAfile /root/ca.crt /root/kub.crt && ( echo "kub_crt is not signed by kub_ca"; exit 6; )
# Configure the cluster and the context
kubectl config set-credentials arno --client-certificate=/root/kub.crt --client-key=/root/kub.key
kubectl config set-cluster kubernetes --server=https://k8s.nixaid.com:6443 --certificate-authority=/root/ca.crt
kubectl config set-context kub-context --cluster=kubernetes --namespace=arno --user=arno

@ -1,28 +0,0 @@
pipeline:
publish:
# image: plugins/docker:17.10
image: docker.nixaid.com:5010/plugins/docker:17.12
# privileged: true -- rather pass DRONE_ESCALATE=docker.nixaid.com:5010/plugins/docker:17.12 to a Drone server
registry: docker.nixaid.com:5010
repo: docker.nixaid.com:5010/andrey01/rainloop
# repo: andrey01/rainloop
tag:
- 1.11.3
- latest
dockerfile: Dockerfile
secrets: [ docker_username, docker_password ]
when:
event: [ push, tag ]
kubectl:
image: docker.nixaid.com:5010/andrey01/kubectl:1.9.1
pull: true # always pull the image
secrets: [ kub_key, kub_crt, kub_ca ]
commands:
- "sh .drone.sh"
- "kubectl --context=kub-context version"
- "kubectl --context=kub-context get pods"
- "kubectl --context=kub-context replace --force -f k8s/"
- "sleep 3"
- "kubectl --context=kub-context get pods"
# XXX - kubectl --context=kub-context patch deployment testapp1 -p '{"spec":{"template":{"spec":{"containers":[{"name":"testapp1","image":"andrey01/testapp1:latest"}]}}}}'

@ -1,42 +0,0 @@
# Drone CI
- Registry cannot be removed if it has https:// in its name #2341
https://github.com/drone/drone/issues/2341
https://discourse.drone.io/t/unable-to-delete-registry-from-repository/943
## Limitations
- Drone DIND would always reuse cached docker images which could lead to the image leak across the private repos;
- Drone runs plugins/drone in privileged mode despite the repo does not have Trusted: true nor privileged: true [ref](https://github.com/drone-plugins/drone-docker/issues/170)
- Registry cannot be removed if it has https:// in its name #2341
https://github.com/drone/drone/issues/2341
https://discourse.drone.io/t/unable-to-delete-registry-from-repository/943
- Builds history cannot be removed (could lead to info leaks)
## Troubleshooting
- Set the Registry creds in your Drone repo
```
Error response from daemon: Get https://docker.nixaid.com:5010/v2/plugins/docker/manifests/17.12: no basic auth credentials
```
- Make sure plugins/drone is running in a privileged mode, by passing DRONE_ESCALATE=custom-docker-registry.com:5010/plugins/docker to the Drone server installation.
- https://discourse.drone.io/t/plugins-docker-cannot-pull-when-image-repo-set-to-the-same-custom-docker-registry/1748
- https://github.com/drone-plugins/drone-docker/issues/170
```
environment:
DOCKER_LAUNCH_DEBUG: 'true'
```
```
+ /usr/local/bin/dockerd -g /var/lib/docker
time="2018-02-11T21:13:26Z" level=fatal msg="Error authenticating: exit status 1"
```

@ -1,17 +1,17 @@
# http://product_installation_URL/?admin
# Default login is "admin", password is "12345".
FROM alpine:3.7
FROM alpine:3.11
MAINTAINER Andrey Arapov <andrey.arapov@nixaid.com>
# Install the dependencies
RUN apk update && \
apk add tzdata wget unzip gnupg1 nginx php7-fpm \
apk add tzdata wget unzip gnupg1 php7-fpm \
php7-curl php7-json php7-dom php7-zlib php7-iconv php7-openssl \
php7-pdo_sqlite php7-pdo_mysql php7-pdo_pgsql
# Create the application user so that PHP-FPM can run
ENV USER rainloop
ENV UID 7008
# Create the application user under which PHP-FPM will run
ENV USER user
ENV UID 1000
ENV HOME /home/$USER
ENV DATA /opt/rainloop
RUN adduser -D -u $UID -h $HOME -s /bin/true $USER && \
@ -19,44 +19,24 @@ RUN adduser -D -u $UID -h $HOME -s /bin/true $USER && \
touch /var/log/php-fpm.log && \
chown -Rh $USER:$USER $DATA /var/log/php-fpm.log
# Prepare the environment so that nginx can run as non-root
RUN mkdir -p /var/log/rainloop /var/lib/nginx/tmp && \
( cd /var/lib/nginx/tmp && \
for i in client_body proxy fastcgi uwsgi scgi; do mkdir $i; done ) && \
( cd /var/log/nginx && \
touch error.log access.log ) && \
touch /var/run/nginx.pid && \
chown -Rh nginx:nginx /var/log/nginx /var/lib/nginx /var/run/nginx.pid /var/log/rainloop /var/tmp/nginx
# Obtain the latest version of the RainLoop Webmail Community edition,
# Obtain RainLoop Webmail Community edition,
# verify its integrity using GnuPG and then decompress it
USER $USER
ENV RLFILE rainloop-1.11.3.zip
ENV RLFILESIG rainloop-1.11.3.zip.asc
ENV RLFILE rainloop-1.14.0.zip
ENV RLFILESIG rainloop-1.14.0.zip.asc
ENV FINGERPRINT "3B797ECE694F3B7B70F311A4ED7C49D987DA4591"
WORKDIR $DATA
RUN wget --progress=bar:force:noscroll -O $RLFILE https://github.com/RainLoop/rainloop-webmail/releases/download/v1.11.3/$RLFILE && \
wget --progress=bar:force:noscroll -O $RLFILESIG https://github.com/RainLoop/rainloop-webmail/releases/download/v1.11.3/$RLFILESIG && \
RUN wget --progress=bar:force:noscroll -O $RLFILE https://github.com/RainLoop/rainloop-webmail/releases/download/v1.14.0/$RLFILE && \
wget --progress=bar:force:noscroll -O $RLFILESIG https://github.com/RainLoop/rainloop-webmail/releases/download/v1.14.0/$RLFILESIG && \
export GNUPGHOME="$(mktemp -d)" && \
gpg --keyserver ha.pool.sks-keyservers.net --recv-keys "$FINGERPRINT" && \
gpg --keyserver keyserver.ubuntu.com --recv-keys "$FINGERPRINT" && \
gpg --batch --verify $RLFILESIG $RLFILE && \
unzip $RLFILE && \
rm -rf "$GNUPGHOME" $RLFILE
# Copy the nginx configs and then launch the PHP-FPM and Nginx
USER root
COPY rainloop.conf /etc/nginx/conf.d/rainloop.conf
COPY nginx.conf /etc/nginx/nginx.conf
# Copy the php-fpm & nginx configs
COPY php-fpm.conf /etc/php7/php-fpm.conf
COPY rainloop.conf /etc/nginx/conf.d/rainloop.conf
# Set correct permissions and ownership
RUN find $DATA -xdev -type d -exec chmod u=rwx,g=rx,o= '{}' \; && \
find $DATA -xdev -type f -exec chmod u=rw,g=r,o= '{}' \; && \
chown -Rh $USER:nginx /opt/rainloop /var/lib/nginx/tmp && \
chgrp -Rh nginx /etc/nginx
CMD /bin/sh -c "su -s /bin/sh $USER -c php-fpm7 && \
su -s /bin/sh nginx -c nginx"
VOLUME [ "/opt/rainloop/data", "/var/log/rainloop" ]
EXPOSE 80/tcp
USER $USER
CMD php-fpm7 -F

64
Jenkinsfile vendored

@ -1,64 +0,0 @@
// https://jenkins.io/doc/book/pipeline/
// Inspired by Lachlan Evenson https://github.com/lachie83/croc-hunter/blob/master/Jenkinsfile
//Lets define a unique label for this build.
def label = "buildpod.${env.JOB_NAME}.${env.BUILD_NUMBER}".replace('-', '_').replace('/', '_')
podTemplate(label: label, containers: [
containerTemplate(name: 'jnlp', image: 'jenkins/jnlp-slave:alpine', args: '${computer.jnlpmac} ${computer.name}', workingDir: '/home/jenkins', resourceRequestCpu: '200m', resourceLimitCpu: '200m', resourceRequestMemory: '256Mi', resourceLimitMemory: '256Mi'),
containerTemplate(name: 'docker', image: 'docker:1.12.6', command: 'cat', ttyEnabled: true),
containerTemplate(name: 'make', image: 'andrey01/make:0.2', command: 'cat', ttyEnabled: true),
],
volumes:[
hostPathVolume(mountPath: '/var/run/docker.sock', hostPath: '/var/run/docker.sock'),
],)
{
node (label) {
stage ('Checkout repo') {
checkout scm
}
sh 'git rev-parse HEAD > git_commit_id.txt'
try {
env.GIT_COMMIT_ID = readFile('git_commit_id.txt').trim()
env.GIT_SHA = env.GIT_COMMIT_ID.substring(0, 7)
} catch (e) {
error "${e}"
}
println "env.GIT_COMMIT_ID ==> ${env.GIT_COMMIT_ID}"
container('make') {
stage ('Build') {
sh "VERSION=${env.GIT_SHA} make"
}
stage ('Test') {
sh "VERSION=${env.GIT_SHA} make check"
}
if (env.BRANCH_NAME == 'master') {
// perform docker login to Docker Hub as the docker-pipeline-plugin doesn't work with the next auth json format
// withCredentials([[$class: 'UsernamePasswordMultiBinding', credentialsId: config.container_repo.jenkins_creds_id,
// sh "docker login -e ${config.container_repo.dockeremail} -u ${env.USERNAME} -p ${env.PASSWORD}"
withCredentials([[$class: 'UsernamePasswordMultiBinding', credentialsId: 'my-dockerhub-creds',
usernameVariable: 'USERNAME', passwordVariable: 'PASSWORD']]) {
sh "docker login -u ${env.USERNAME} -p ${env.PASSWORD}"
}
stage ('Deploy') {
sh "VERSION=${env.GIT_SHA} make publish"
}
sh 'docker logout'
} else {
println "Current branch ${env.BRANCH_NAME}"
}
} // node
} // PodTemplate
}

@ -1,4 +1,4 @@
Copyright (c) 2016, Andrey Arapov
Copyright (c) 2020, Andrey Arapov
Permission to use, copy, modify, and/or distribute this software for any
purpose with or without fee is hereby granted, provided that the above

@ -1,20 +0,0 @@
NS ?= andrey01
NAME ?= rainloop
VERSION ?= 1.11.3
default: build
build:
docker build --pull -t $(NS)/$(NAME):$(VERSION) -f Dockerfile .
publish:
docker push $(NS)/$(NAME):$(VERSION)
check:
docker run --rm -i $(NS)/$(NAME):$(VERSION) sh -c "set -x; exit 0"
console:
docker run --rm -ti --entrypoint sh $(NS)/$(NAME):$(VERSION)
clean:
docker rmi $(NS)/$(NAME):$(VERSION)

@ -1,56 +1,77 @@
# RainLoop webmail client
# Rainloop in docker
[RainLoop](http://www.rainloop.net/) is a Simple, modern & fast web-based email client.
## docker-compose.yml example
This will automatically populate the data under the /srv/data/rainloop/html and /srv/data/rainloop/nginx directories.
## Run the container
Make sure to create these directories first.
There are two ways of running the container, it could be either using the
Docker Compose or a classic docker command.
**Docker Compose way**
```
docker-compose up webmail
```
version: '3.3'
services:
rainloop-fpm:
image: yourrepo/rainloop:1.14.0
restart: always
networks:
- backend
volumes:
- rainloop_html:/opt/rainloop
- rainloop_nginx:/etc/nginx/conf.d
rainloop-nginx:
image: nginx:mainline-alpine
restart: always
networks:
- backend
volumes:
- rainloop_html:/opt/rainloop
- rainloop_nginx:/etc/nginx/conf.d
depends_on:
- rainloop-fpm
# add whatever lables/directives you need to expose your nginx container
volumes:
rainloop_html:
driver: local
driver_opts:
type: none
device: /srv/data/rainloop/html
o: bind
rainloop_nginx:
driver: local
driver_opts:
type: none
device: /srv/data/rainloop/nginx
o: bind
**Classic way**
```
docker run -d --name webmail -p 80:8080/tcp -v rainloop_data:/opt/rainloop/data andrey01/rainloop
```
## Accessing the container
## updating the Rainloop
First, access the RainLoop admin page in order to set the admin password, your
domains and configure the rest.
1. Backup the data
The default user is **admin** and a password is **12345**
**RainLoop admin page**
```
http://hostip/?admin
cp -pr /srv/data/rainloop /srv/data/rainloop-1.13.0-bkp
```
## Stopping the container
**Docker Compose way**
```
docker-compose stop webmail
```
2. Update and reset the containers
**Classic way**
```
docker stop webmail
docker-compose stop rainloop-fpm rainloop-nginx
docker-compose rm -f rainloop-fpm rainloop-nginx
docker volume rm srv_rainloop_html srv_rainloop_nginx
rm -rf -- /srv/data/rainloop/nginx/* /srv/data/rainloop/html/*
docker pull yourrepo/rainloop:1.14.0
docker-compose up -d
```
## Building the image
If you wish, you can build the image by yourself.
3. Restore the backup
```
docker build -t andrey01/rainloop .
cd /srv/data
cp -pvi rainloop-1.13.0-bkp/html/data/_data_/_default_/configs/application.ini rainloop/html/data/_data_/_default_/configs/
cp -pvi rainloop-1.13.0-bkp/html/data/_data_/_default_/domains/yourdomain.com.ini rainloop/html/data/_data_/_default_/domains/
chown --reference rainloop/html/data/_data_ rainloop/html/data/_data_/_default_/configs/application.ini rainloop/html/data/_data_/_default_/domains/yourdomain.com.ini
```
## Additional notes
The persistent data will be kept in the `rainloop_data` Docker's volume.
So before you delete it, keep in mind that you may want to [back it up](https://docs.docker.com/engine/userguide/containers/dockervolumes/#backup-restore-or-migrate-data-volumes) at the first.

@ -1,13 +0,0 @@
version: '2'
volumes:
rainloop_data: {}
services:
webmail:
image: andrey01/rainloop
network_mode: bridge
ports:
- "80:8080/tcp"
volumes:
- rainloop_data:/opt/rainloop/data

@ -1,26 +0,0 @@
kind: Deployment
apiVersion: extensions/v1beta1
metadata:
name: rainloop
spec:
replicas: 1
template:
metadata:
labels:
app: rainloop
spec:
imagePullSecrets:
- name: regsecret
containers:
- name: rainloop
# command: ["sleep", "3600"]
image: docker.nixaid.com:5010/andrey01/rainloop:1.11.3
imagePullPolicy: Always
volumeMounts:
- mountPath: /opt/rainloop/data
name: rainloop
# rainloop also mounts /var/log/rainloop to a docker volume
volumes:
- name: rainloop
persistentVolumeClaim:
claimName: rainloop

@ -1,22 +0,0 @@
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: rainloop
annotations:
ingress.kubernetes.io/rewrite-target: /
kubernetes.io/ingress.class: "nginx"
kubernetes.io/tls-acme: "true"
ingress.kubernetes.io/proxy-body-size: 2g
spec:
rules:
- host: "webmail.nixaid.com"
http:
paths:
- backend:
serviceName: rainloop
servicePort: 80
path: /
tls:
- hosts:
- webmail.nixaid.com
secretName: webmail-nixaid-com-tls

@ -1,11 +0,0 @@
kind: Service
apiVersion: v1
metadata:
name: rainloop
spec:
selector:
app: rainloop
ports:
- protocol: TCP
port: 80
targetPort: 8080

@ -1,12 +0,0 @@
kind: PersistentVolumeClaim
apiVersion: v1
metadata:
name: rainloop
spec:
storageClassName: cinder
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 1Gi
volumeName: rainloop

@ -1,25 +0,0 @@
daemon off;
error_log stderr info;
user nginx;
worker_processes 1;
pid /var/run/nginx.pid;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
keepalive_timeout 65;
gzip on;
server_tokens off;
include conf.d/rainloop.conf;
}

@ -1,542 +1,15 @@
;;;;;;;;;;;;;;;;;;;;;
; FPM Configuration ;
;;;;;;;;;;;;;;;;;;;;;
; All relative paths in this configuration file are relative to PHP's install
; prefix (/usr). This prefix can be dynamically changed by using the
; '-p' argument from the command line.
; Include one or more files. If glob(3) exists, it is used to include a bunch of
; files from a glob(3) pattern. This directive can be used everywhere in the
; file.
; Relative path can also be used. They will be prefixed by:
; - the global prefix if it's been set (-p argument)
; - /usr otherwise
;include=etc/fpm.d/*.conf
;;;;;;;;;;;;;;;;;;
; Global Options ;
;;;;;;;;;;;;;;;;;;
[global]
; Pid file
; Note: the default prefix is /var
; Default Value: none
;pid = run/php-fpm.pid
; Error log file
; If it's set to "syslog", log is sent to syslogd instead of being written
; in a local file.
; Note: the default prefix is /var
; Default Value: log/php-fpm.log
error_log = /var/log/php-fpm.log
; syslog_facility is used to specify what type of program is logging the
; message. This lets syslogd specify that messages from different facilities
; will be handled differently.
; See syslog(3) for possible values (ex daemon equiv LOG_DAEMON)
; Default Value: daemon
;syslog.facility = daemon
; syslog_ident is prepended to every message. If you have multiple FPM
; instances running on the same server, you can change the default value
; which must suit common needs.
; Default Value: php-fpm
;syslog.ident = php-fpm
; Log level
; Possible Values: alert, error, warning, notice, debug
; Default Value: notice
;log_level = notice
; If this number of child processes exit with SIGSEGV or SIGBUS within the time
; interval set by emergency_restart_interval then FPM will restart. A value
; of '0' means 'Off'.
; Default Value: 0
;emergency_restart_threshold = 0
; Interval of time used by emergency_restart_interval to determine when
; a graceful restart will be initiated. This can be useful to work around
; accidental corruptions in an accelerator's shared memory.
; Available Units: s(econds), m(inutes), h(ours), or d(ays)
; Default Unit: seconds
; Default Value: 0
;emergency_restart_interval = 0
; Time limit for child processes to wait for a reaction on signals from master.
; Available units: s(econds), m(inutes), h(ours), or d(ays)
; Default Unit: seconds
; Default Value: 0
;process_control_timeout = 0
; The maximum number of processes FPM will fork. This has been design to control
; the global number of processes when using dynamic PM within a lot of pools.
; Use it with caution.
; Note: A value of 0 indicates no limit
; Default Value: 0
; process.max = 128
; Specify the nice(2) priority to apply to the master process (only if set)
; The value can vary from -19 (highest priority) to 20 (lower priority)
; Note: - It will only work if the FPM master process is launched as root
; - The pool process will inherit the master process priority
; unless it specified otherwise
; Default Value: no set
; process.priority = -19
; Send FPM to background. Set to 'no' to keep FPM in foreground for debugging.
; Default Value: yes
;daemonize = yes
; Set open file descriptor rlimit for the master process.
; Default Value: system defined value
;rlimit_files = 1024
; Set max core size rlimit for the master process.
; Possible Values: 'unlimited' or an integer greater or equal to 0
; Default Value: system defined value
;rlimit_core = 0
; Specify the event mechanism FPM will use. The following is available:
; - select (any POSIX os)
; - poll (any POSIX os)
; - epoll (linux >= 2.5.44)
; - kqueue (FreeBSD >= 4.1, OpenBSD >= 2.9, NetBSD >= 2.0)
; - /dev/poll (Solaris >= 7)
; - port (Solaris >= 10)
; Default Value: not set (auto detection)
;events.mechanism = epoll
; When FPM is build with systemd integration, specify the interval,
; in second, between health report notification to systemd.
; Set to 0 to disable.
; Available Units: s(econds), m(inutes), h(ours)
; Default Unit: seconds
; Default value: 10
;systemd_interval = 10
;;;;;;;;;;;;;;;;;;;;
; Pool Definitions ;
;;;;;;;;;;;;;;;;;;;;
; Multiple pools of child processes may be started with different listening
; ports and different management options. The name of the pool will be
; used in logs and stats. There is no limitation on the number of pools which
; FPM can handle. Your system will tell you anyway :)
; Start a new pool named 'www'.
; the variable $pool can we used in any directive and will be replaced by the
; pool name ('www' here)
[www]
; Per pool prefix
; It only applies on the following directives:
; - 'access.log'
; - 'slowlog'
; - 'listen' (unixsocket)
; - 'chroot'
; - 'chdir'
; - 'php_values'
; - 'php_admin_values'
; When not set, the global prefix (or /usr) applies instead.
; Note: This directive can also be relative to the global prefix.
; Default Value: none
;prefix = /path/to/pools/$pool
; Unix user/group of processes
; Note: The user is mandatory. If the group is not set, the default user's group
; will be used.
user = nobody
group = nobody
; The address on which to accept FastCGI requests.
; Valid syntaxes are:
; 'ip.add.re.ss:port' - to listen on a TCP socket to a specific IPv4 address on
; a specific port;
; '[ip:6:addr:ess]:port' - to listen on a TCP socket to a specific IPv6 address on
; a specific port;
; 'port' - to listen on a TCP socket to all IPv4 addresses on a
; specific port;
; '[::]:port' - to listen on a TCP socket to all addresses
; (IPv6 and IPv4-mapped) on a specific port;
; '/path/to/unix/socket' - to listen on a unix socket.
; Note: This value is mandatory.
listen = 127.0.0.1:9000
; Set listen(2) backlog.
; Default Value: 65535 (-1 on FreeBSD and OpenBSD)
;listen.backlog = 65535
; Set permissions for unix socket, if one is used. In Linux, read/write
; permissions must be set in order to allow connections from a web server. Many
; BSD-derived systems allow connections regardless of permissions.
; Default Values: user and group are set as the running user
; mode is set to 0660
;listen.owner = nobody
;listen.group = nobody
;listen.mode = 0660
; When POSIX Access Control Lists are supported you can set them using
; these options, value is a comma separated list of user/group names.
; When set, listen.owner and listen.group are ignored
;listen.acl_users =
;listen.acl_groups =
; List of addresses (IPv4/IPv6) of FastCGI clients which are allowed to connect.
; Equivalent to the FCGI_WEB_SERVER_ADDRS environment variable in the original
; PHP FCGI (5.2.2+). Makes sense only with a tcp listening socket. Each address
; must be separated by a comma. If this value is left blank, connections will be
; accepted from any ip address.
; Default Value: any
;listen.allowed_clients = 127.0.0.1
; Specify the nice(2) priority to apply to the pool processes (only if set)
; The value can vary from -19 (highest priority) to 20 (lower priority)
; Note: - It will only work if the FPM master process is launched as root
; - The pool processes will inherit the master process priority
; unless it specified otherwise
; Default Value: no set
; process.priority = -19
; Choose how the process manager will control the number of child processes.
; Possible Values:
; static - a fixed number (pm.max_children) of child processes;
; dynamic - the number of child processes are set dynamically based on the
; following directives. With this process management, there will be
; always at least 1 children.
; pm.max_children - the maximum number of children that can
; be alive at the same time.
; pm.start_servers - the number of children created on startup.
; pm.min_spare_servers - the minimum number of children in 'idle'
; state (waiting to process). If the number
; of 'idle' processes is less than this
; number then some children will be created.
; pm.max_spare_servers - the maximum number of children in 'idle'
; state (waiting to process). If the number
; of 'idle' processes is greater than this
; number then some children will be killed.
; ondemand - no children are created at startup. Children will be forked when
; new requests will connect. The following parameter are used:
; pm.max_children - the maximum number of children that
; can be alive at the same time.
; pm.process_idle_timeout - The number of seconds after which
; an idle process will be killed.
; Note: This value is mandatory.
user = user
group = user
listen = 0.0.0.0:9000
pm = dynamic
; The number of child processes to be created when pm is set to 'static' and the
; maximum number of child processes when pm is set to 'dynamic' or 'ondemand'.
; This value sets the limit on the number of simultaneous requests that will be
; served. Equivalent to the ApacheMaxClients directive with mpm_prefork.
; Equivalent to the PHP_FCGI_CHILDREN environment variable in the original PHP
; CGI. The below defaults are based on a server without much resources. Don't
; forget to tweak pm.* to fit your needs.
; Note: Used when pm is set to 'static', 'dynamic' or 'ondemand'
; Note: This value is mandatory.
pm.max_children = 5
; The number of child processes created on startup.
; Note: Used only when pm is set to 'dynamic'
; Default Value: min_spare_servers + (max_spare_servers - min_spare_servers) / 2
pm.start_servers = 2
; The desired minimum number of idle server processes.
; Note: Used only when pm is set to 'dynamic'
; Note: Mandatory when pm is set to 'dynamic'
pm.min_spare_servers = 1
; The desired maximum number of idle server processes.
; Note: Used only when pm is set to 'dynamic'
; Note: Mandatory when pm is set to 'dynamic'
pm.max_spare_servers = 3
; The number of seconds after which an idle process will be killed.
; Note: Used only when pm is set to 'ondemand'
; Default Value: 10s
;pm.process_idle_timeout = 10s;
; The number of requests each child process should execute before respawning.
; This can be useful to work around memory leaks in 3rd party libraries. For
; endless request processing specify '0'. Equivalent to PHP_FCGI_MAX_REQUESTS.
; Default Value: 0
;pm.max_requests = 500
; The URI to view the FPM status page. If this value is not set, no URI will be
; recognized as a status page. It shows the following informations:
; pool - the name of the pool;
; process manager - static, dynamic or ondemand;
; start time - the date and time FPM has started;
; start since - number of seconds since FPM has started;
; accepted conn - the number of request accepted by the pool;
; listen queue - the number of request in the queue of pending
; connections (see backlog in listen(2));
; max listen queue - the maximum number of requests in the queue
; of pending connections since FPM has started;
; listen queue len - the size of the socket queue of pending connections;
; idle processes - the number of idle processes;
; active processes - the number of active processes;
; total processes - the number of idle + active processes;
; max active processes - the maximum number of active processes since FPM
; has started;
; max children reached - number of times, the process limit has been reached,
; when pm tries to start more children (works only for
; pm 'dynamic' and 'ondemand');
; Value are updated in real time.
; Example output:
; pool: www
; process manager: static
; start time: 01/Jul/2011:17:53:49 +0200
; start since: 62636
; accepted conn: 190460
; listen queue: 0
; max listen queue: 1
; listen queue len: 42
; idle processes: 4
; active processes: 11
; total processes: 15
; max active processes: 12
; max children reached: 0
;
; By default the status page output is formatted as text/plain. Passing either
; 'html', 'xml' or 'json' in the query string will return the corresponding
; output syntax. Example:
; http://www.foo.bar/status
; http://www.foo.bar/status?json
; http://www.foo.bar/status?html
; http://www.foo.bar/status?xml
;
; By default the status page only outputs short status. Passing 'full' in the
; query string will also return status for each pool process.
; Example:
; http://www.foo.bar/status?full
; http://www.foo.bar/status?json&full
; http://www.foo.bar/status?html&full
; http://www.foo.bar/status?xml&full
; The Full status returns for each process:
; pid - the PID of the process;
; state - the state of the process (Idle, Running, ...);
; start time - the date and time the process has started;
; start since - the number of seconds since the process has started;
; requests - the number of requests the process has served;
; request duration - the duration in µs of the requests;
; request method - the request method (GET, POST, ...);
; request URI - the request URI with the query string;
; content length - the content length of the request (only with POST);
; user - the user (PHP_AUTH_USER) (or '-' if not set);
; script - the main script called (or '-' if not set);
; last request cpu - the %cpu the last request consumed
; it's always 0 if the process is not in Idle state
; because CPU calculation is done when the request
; processing has terminated;
; last request memory - the max amount of memory the last request consumed
; it's always 0 if the process is not in Idle state
; because memory calculation is done when the request
; processing has terminated;
; If the process is in Idle state, then informations are related to the
; last request the process has served. Otherwise informations are related to
; the current request being served.
; Example output:
; ************************
; pid: 31330
; state: Running
; start time: 01/Jul/2011:17:53:49 +0200
; start since: 63087
; requests: 12808
; request duration: 1250261
; request method: GET
; request URI: /test_mem.php?N=10000
; content length: 0
; user: -
; script: /home/fat/web/docs/php/test_mem.php
; last request cpu: 0.00
; last request memory: 0
;
; Note: There is a real-time FPM status monitoring sample web page available
; It's available in: /usr/share/php/fpm/status.html
;
; Note: The value must start with a leading slash (/). The value can be
; anything, but it may not be a good idea to use the .php extension or it
; may conflict with a real PHP file.
; Default Value: not set
;pm.status_path = /status
; The ping URI to call the monitoring page of FPM. If this value is not set, no
; URI will be recognized as a ping page. This could be used to test from outside
; that FPM is alive and responding, or to
; - create a graph of FPM availability (rrd or such);
; - remove a server from a group if it is not responding (load balancing);
; - trigger alerts for the operating team (24/7).
; Note: The value must start with a leading slash (/). The value can be
; anything, but it may not be a good idea to use the .php extension or it
; may conflict with a real PHP file.
; Default Value: not set
;ping.path = /ping
; This directive may be used to customize the response of a ping request. The
; response is formatted as text/plain with a 200 response code.
; Default Value: pong
;ping.response = pong
; The access log file
; Default: not set
;access.log = log/$pool.access.log
; The access log format.
; The following syntax is allowed
; %%: the '%' character
; %C: %CPU used by the request
; it can accept the following format:
; - %{user}C for user CPU only
; - %{system}C for system CPU only
; - %{total}C for user + system CPU (default)
; %d: time taken to serve the request
; it can accept the following format:
; - %{seconds}d (default)
; - %{miliseconds}d
; - %{mili}d
; - %{microseconds}d
; - %{micro}d
; %e: an environment variable (same as $_ENV or $_SERVER)
; it must be associated with embraces to specify the name of the env
; variable. Some exemples:
; - server specifics like: %{REQUEST_METHOD}e or %{SERVER_PROTOCOL}e
; - HTTP headers like: %{HTTP_HOST}e or %{HTTP_USER_AGENT}e
; %f: script filename
; %l: content-length of the request (for POST request only)
; %m: request method
; %M: peak of memory allocated by PHP
; it can accept the following format:
; - %{bytes}M (default)
; - %{kilobytes}M
; - %{kilo}M
; - %{megabytes}M
; - %{mega}M
; %n: pool name
; %o: output header
; it must be associated with embraces to specify the name of the header:
; - %{Content-Type}o
; - %{X-Powered-By}o
; - %{Transfert-Encoding}o
; - ....
; %p: PID of the child that serviced the request
; %P: PID of the parent of the child that serviced the request
; %q: the query string
; %Q: the '?' character if query string exists
; %r: the request URI (without the query string, see %q and %Q)
; %R: remote IP address
; %s: status (response code)
; %t: server time the request was received
; it can accept a strftime(3) format:
; %d/%b/%Y:%H:%M:%S %z (default)
; %T: time the log has been written (the request has finished)
; it can accept a strftime(3) format:
; %d/%b/%Y:%H:%M:%S %z (default)
; %u: remote user
;
; Default: "%R - %u %t \"%m %r\" %s"
;access.format = "%R - %u %t \"%m %r%Q%q\" %s %f %{mili}d %{kilo}M %C%%"
; The log file for slow requests
; Default Value: not set
; Note: slowlog is mandatory if request_slowlog_timeout is set
;slowlog = log/$pool.log.slow
; The timeout for serving a single request after which a PHP backtrace will be
; dumped to the 'slowlog' file. A value of '0s' means 'off'.
; Available units: s(econds)(default), m(inutes), h(ours), or d(ays)
; Default Value: 0
;request_slowlog_timeout = 0
; The timeout for serving a single request after which the worker process will
; be killed. This option should be used when the 'max_execution_time' ini option
; does not stop script execution for some reason. A value of '0' means 'off'.
; Available units: s(econds)(default), m(inutes), h(ours), or d(ays)
; Default Value: 0
;request_terminate_timeout = 0
; Set open file descriptor rlimit.
; Default Value: system defined value
;rlimit_files = 1024
; Set max core size rlimit.
; Possible Values: 'unlimited' or an integer greater or equal to 0
; Default Value: system defined value
;rlimit_core = 0
; Chroot to this directory at the start. This value must be defined as an
; absolute path. When this value is not set, chroot is not used.
; Note: you can prefix with '$prefix' to chroot to the pool prefix or one
; of its subdirectories. If the pool prefix is not set, the global prefix
; will be used instead.
; Note: chrooting is a great security feature and should be used whenever
; possible. However, all PHP paths will be relative to the chroot
; (error_log, sessions.save_path, ...).
; Default Value: not set
;chroot =
; Chdir to this directory at the start.
; Note: relative path can be used.
; Default Value: current directory or / when chroot
;chdir = /var/www
; Redirect worker stdout and stderr into main error log. If not set, stdout and
; stderr will be redirected to /dev/null according to FastCGI specs.
; Note: on highloaded environement, this can cause some delay in the page
; process time (several ms).
; Default Value: no
;catch_workers_output = yes
; Clear environment in FPM workers
; Prevents arbitrary environment variables from reaching FPM worker processes
; by clearing the environment in workers before env vars specified in this
; pool configuration are added.
; Setting to "no" will make all environment variables available to PHP code
; via getenv(), $_ENV and $_SERVER.
; Default Value: yes
;clear_env = no
; Limits the extensions of the main script FPM will allow to parse. This can
; prevent configuration mistakes on the web server side. You should only limit
; FPM to .php extensions to prevent malicious users to use other extensions to
; exectute php code.
; Note: set an empty value to allow all extensions.
; Default Value: .php
;security.limit_extensions = .php .php3 .php4 .php5
; Pass environment variables like LD_LIBRARY_PATH. All $VARIABLEs are taken from
; the current environment.
; Default Value: clean env
;env[HOSTNAME] = $HOSTNAME
;env[PATH] = /usr/local/bin:/usr/bin:/bin
;env[TMP] = /tmp
;env[TMPDIR] = /tmp
;env[TEMP] = /tmp
; Additional php.ini defines, specific to this pool of workers. These settings
; overwrite the values previously defined in the php.ini. The directives are the
; same as the PHP SAPI:
; php_value/php_flag - you can set classic ini defines which can
; be overwritten from PHP call 'ini_set'.
; php_admin_value/php_admin_flag - these directives won't be overwritten by
; PHP call 'ini_set'
; For php_*flag, valid values are on, off, 1, 0, true, false, yes or no.
; Defining 'extension' will load the corresponding shared extension from
; extension_dir. Defining 'disable_functions' or 'disable_classes' will not
; overwrite previously defined php.ini values, but will append the new value
; instead.
; Note: path INI options can be relative and will be expanded with the prefix
; (pool, global or /usr)
; Default Value: nothing is defined by default except the values in php.ini and
; specified at startup with the -d argument
;php_admin_value[sendmail_path] = /usr/sbin/sendmail -t -i -f www@my.domain.com
;php_flag[display_errors] = off
;php_admin_value[error_log] = /var/log/fpm-php.www.log
;php_admin_flag[log_errors] = on
;php_admin_value[memory_limit] = 32M
php_admin_value[upload_max_filesize] = 80M
php_admin_value[post_max_size] = 90M
php_admin_value[output_buffering] = 0
;php_admin_value[upload_tmp_dir] = /tmp

@ -1,9 +1,9 @@
server {
listen 8080 default_server;
listen 80 default_server;
server_name _;
access_log /var/log/rainloop/access.log;
error_log /var/log/rainloop/error.log;
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
large_client_header_buffers 4 32k;
client_max_body_size 200M;
@ -26,12 +26,16 @@ server {
try_files $uri $uri/ /index.php?$query_string;
}
# since I am running in Docker
resolver 127.0.0.11 ipv6=off;
set $rainloop rainloop-fpm:9000;
location ~ \.php$ {
fastcgi_index index.php;
fastcgi_split_path_info ^(.+\.php)(.*)$;
fastcgi_keep_conn on;
include fastcgi_params;
fastcgi_pass 127.0.0.1:9000;
fastcgi_pass $rainloop;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
}
}

@ -0,0 +1,8 @@
#!/usr/bin/env sh
# Set correct permissions and ownership
find $DATA -xdev -type d -exec chmod u=rwx,g=rx,o= '{}' \;
find $DATA -xdev -type f -exec chmod u=rw,g=r,o= '{}' \;
chown -Rh $USER:nginx /opt/rainloop /var/lib/nginx/tmp
chgrp -Rh nginx /etc/nginx
Loading…
Cancel
Save