Remove remaining ties to nlss/php-nginx:7.4 image

2024-11-23 15:22:29 +01:00 · 2023-01-20 18:00:51 +01:00 · 2023-01-20 18:00:51 +01:00 · e344128779
commit e344128779
parent 6d526d71e1
10 changed files with 138 additions and 6 deletions
--- a/6
+++ b/6
@ -17,12 +17,6 @@ COPY --from=nlss/attr ["/usr/local/bin/attr", "/usr/local/bin/"]
 # Add crond service
 COPY --from=nlss/base-alpine:3.14 ["/etc/services.d/cron/", "/etc/services.d/cron/"]

-# Add nginx service and configuration
-COPY --from=nlss/php-nginx:7.4 ["/etc/services.d/nginx/", "/etc/services.d/nginx/"]
-COPY --from=nlss/php-nginx:7.4 ["/etc/nginx/",            "/etc/nginx/"]
-COPY --from=nlss/php-nginx:7.4 ["/var/log/nginx/",        "/var/log/nginx/"]
-COPY --from=nlss/php-nginx:7.4 ["/var/www/",              "/var/www/"]
-
 # Install gomplate
 COPY --from=hairyhenderson/gomplate:v3.10.0-alpine ["/bin/gomplate", "/usr/local/bin/"]

--- a/rootfs/etc/nginx/nginx.conf
+++ b/rootfs/etc/nginx/nginx.conf
@ -0,0 +1,40 @@
+# Generated by nginxconfig.io
+# https://www.digitalocean.com/community/tools/nginx#?0.domain=test.com&0.path=%2Fvar%2Fwww&0.non_www=false&0.https=false&0.access_log_domain&0.error_log_domain&php_server=%2Fvar%2Frun%2Fphp%2Fphp7.3-fpm.sock&php_server_backup=%2Fvar%2Frun%2Fphp%2Fphp7.3-fpm.sock&client_max_body_size=100
+
+user www-data;
+pid /run/nginx.pid;
+worker_processes auto;
+worker_rlimit_nofile 65535;
+
+events {
+	multi_accept on;
+	worker_connections 65535;
+}
+
+http {
+	upstream php {
+		server unix:/var/run/php-fpm.sock;
+		#server unix:/var/run/php/php-fpm.sock backup;
+	}
+
+	charset utf-8;
+	sendfile on;
+	tcp_nopush on;
+	tcp_nodelay on;
+	server_tokens off;
+	log_not_found off;
+	types_hash_max_size 2048;
+	client_max_body_size 100M;
+
+	# MIME
+	include mime.types;
+	default_type application/octet-stream;
+
+	# logging
+	access_log /var/log/nginx/access.log;
+	error_log /var/log/nginx/error.log warn;
+
+	# load configs
+	include /etc/nginx/conf.d/*.conf;
+	include /etc/nginx/sites-enabled/*;
+}
--- a/rootfs/etc/nginx/nginxconfig.io/general.conf
+++ b/rootfs/etc/nginx/nginxconfig.io/general.conf
@ -0,0 +1,34 @@
+# favicon.ico
+location = /favicon.ico {
+	log_not_found off;
+	access_log off;
+}
+
+# robots.txt
+location = /robots.txt {
+	log_not_found off;
+	access_log off;
+}
+
+# assets, media
+location ~* \.(?:css(\.map)?|js(\.map)?|jpe?g|png|gif|ico|cur|heic|webp|tiff?|mp3|m4a|aac|ogg|midi?|wav|mp4|mov|webm|mpe?g|avi|ogv|flv|wmv)$ {
+	expires 7d;
+	access_log off;
+}
+
+# svg, fonts
+location ~* \.(?:svgz?|ttf|ttc|otf|eot|woff2?)$ {
+	add_header Access-Control-Allow-Origin "*";
+	expires 7d;
+	access_log off;
+}
+
+# gzip
+gzip on;
+gzip_vary on;
+gzip_proxied any;
+gzip_comp_level 6;
+gzip_types text/plain text/css text/xml application/json application/javascript application/rss+xml application/atom+xml image/svg+xml;
+
+# Fix permission error on file(s) upload
+client_body_temp_path /tmp;
--- a/rootfs/etc/nginx/nginxconfig.io/php_fastcgi.conf
+++ b/rootfs/etc/nginx/nginxconfig.io/php_fastcgi.conf
@ -0,0 +1,16 @@
+# 404
+try_files $fastcgi_script_name =404;
+
+# default fastcgi_params
+include fastcgi_params;
+
+# fastcgi settings
+fastcgi_pass		    	php;
+fastcgi_index	  	  	index.php;
+fastcgi_buffers			  8 16k;
+fastcgi_buffer_size		32k;
+
+# fastcgi params
+fastcgi_param DOCUMENT_ROOT		$realpath_root;
+fastcgi_param SCRIPT_FILENAME	$realpath_root$fastcgi_script_name;
+fastcgi_param PHP_ADMIN_VALUE	"open_basedir=$base/:/usr/lib/php/:/tmp/";
--- a/rootfs/etc/nginx/nginxconfig.io/security.conf
+++ b/rootfs/etc/nginx/nginxconfig.io/security.conf
@ -0,0 +1,11 @@
+# security headers
+add_header X-Frame-Options "SAMEORIGIN" always;
+add_header X-XSS-Protection "1; mode=block" always;
+add_header X-Content-Type-Options "nosniff" always;
+add_header Referrer-Policy "no-referrer-when-downgrade" always;
+add_header Content-Security-Policy "default-src 'self' http: https: data: blob: 'unsafe-inline'" always;
+
+# . files
+location ~ /\.(?!well-known) {
+	deny all;
+}
--- a/rootfs/etc/nginx/sites-available/app.conf
+++ b/rootfs/etc/nginx/sites-available/app.conf
@ -0,0 +1,31 @@
+server {
+	listen 80;
+	listen [::]:80;
+
+	server_name ;
+	set $base /var/www;
+	root $base/html;
+
+	# security
+	include nginxconfig.io/security.conf;
+
+	# logging
+	access_log /var/log/nginx/app-access.log;
+	error_log /var/log/nginx/app-error.log warn;
+
+	# index files
+	index index.php index.html index.htm index.nginx-debian.html;
+
+	# index.php fallback
+	location / {
+		try_files $uri $uri/ /index.php?$query_string;
+	}
+
+	# handle .php
+	location ~ \.php$ {
+		include nginxconfig.io/php_fastcgi.conf;
+	}
+
+	# additional config
+	include nginxconfig.io/general.conf;
+}
--- a/rootfs/etc/nginx/sites-enabled/.gitkeep
+++ b/rootfs/etc/nginx/sites-enabled/.gitkeep
--- a/rootfs/etc/services.d/nginx/run
+++ b/rootfs/etc/services.d/nginx/run
@ -0,0 +1,3 @@
+#!/bin/execlineb -P
+
+nginx -g "daemon off;"
--- a/rootfs/var/log/nginx/.gitkeep
+++ b/rootfs/var/log/nginx/.gitkeep
--- a/rootfs/var/www/html/index.php
+++ b/rootfs/var/www/html/index.php
@ -0,0 +1,3 @@
+<?php
+
+echo 'Hello World!';