Commit e42775c4 authored by Dave Lane's avatar Dave Lane

working updated Grav with new nginx recipe

parent 3a876579
Pipeline #255 canceled with stages
FROM debian
# Forked from:
# MAINTAINER Real Geeks "kevin@realgeeks.com"
# MAINTAINER Eric McNiece "hello@emc2innovation.com"
MAINTAINER Dave Lane <dave@davelane.nz> @lightweight@mastodon.nzoss.nz
ENV NGINX_VERSION=1.13.7
ENV NGX_CACHE_PURGE_VERSION=2.3
# Install basic packages and build tools
RUN apt-get update && apt-get install -y \
wget \
build-essential \
libssl-dev \
libpcre3 \
libpcre3-dev \
&& apt-get clean
# Get sources
RUN cd /tmp && wget http://nginx.org/download/nginx-$NGINX_VERSION.tar.gz http://labs.frickle.com/files/ngx_cache_purge-$NGX_CACHE_PURGE_VERSION.tar.gz && \
tar -zxvf nginx-$NGINX_VERSION.tar.gz && mv nginx-$NGINX_VERSION nginx && rm nginx-$NGINX_VERSION.tar.gz && \
tar -zxvf ngx_cache_purge-$NGX_CACHE_PURGE_VERSION.tar.gz && mv ngx_cache_purge-$NGX_CACHE_PURGE_VERSION ngx_cache_purge && rm ngx_cache_purge-$NGX_CACHE_PURGE_VERSION.tar.gz
# get build dependencies
RUN apt-get install -y \
libgeoip-dev zlib1g-dev
# Configure and build software
RUN cd /tmp/nginx && ./configure \
--user=www-data \
--group=www-data \
--sbin-path=/usr/local/sbin \
--conf-path=/etc/nginx/nginx.conf \
--error-log-path=/var/log/nginx/error.log \
--http-log-path=/var/log/nginx/access.log \
--http-client-body-temp-path=/var/cache/nginx/client_temp \
--http-fastcgi-temp-path=/var/cache/nginx/fastcgi_temp \
--http-proxy-temp-path=/var/cache/nginx/proxy_temp \
--http-scgi-temp-path=/var/cache/nginx/scgi_temp \
--http-uwsgi-temp-path=/var/cache/nginx/uwsgi_temp \
--with-compat \
--with-file-aio \
--with-http_addition_module \
--with-http_gzip_static_module \
--with-http_ssl_module \
--with-http_geoip_module \
--with-http_flv_module \
--with-http_sub_module \
--with-http_realip_module \
--with-http_dav_module \
--with-http_gunzip_module \
--with-http_random_index_module \
--with-http_secure_link_module \
--with-http_auth_request_module \
--without-http_ssi_module \
--with-threads \
--with-stream \
--with-stream_ssl_module \
--with-http_v2_module \
--with-ipv6 \
--without-mail_pop3_module \
--without-mail_imap_module \
--without-mail_smtp_module \
--with-cc-opt='-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector --param=ssp-buffer-size=4 -m64 -mtune=generic' \
--add-module=/tmp/ngx_cache_purge && \
make && make install
# userful resource https://gist.github.com/ealebed/a55170049830b75c0f339ea4e8d6d21b
# Install basic necessities
RUN apt-get install -y \
less \
dnsutils \
vim \
sudo \
telnet \
&& apt-get clean
# Copy configuration files into /etc/nginx and clean up config file to point to
# correct root
RUN mkdir /var/www && \
mv /usr/local/nginx/html /var/www/html && \
chown -R www-data:www-data /var/www/html && \
mkdir -p /etc/nginx/conf.d
# set up a known good nginx.conf
COPY nginx.conf /etc/nginx/nginx.conf
# Forward request and error logs to docker log collector
RUN ln -sf /dev/stdout /var/log/nginx/access.log && \
ln -sf /dev/stderr /var/log/nginx/error.log \
ls /var/www \
ln -sf /usr/local/nginx /var/www
VOLUME ["/etc/nginx/conf.d", "/var/www/html", "/var/cache/nginx"]
EXPOSE 80
CMD ["nginx", "-g", "daemon off;"]
server {
listen 0.0.0.0:80;
index index.html index.php;
## Web root and Domain Name
root /var/www/html;
server_name default;
## Begin - Index
# for subfolders, simply adjust the rewrite:
# to use `/subfolder/index.php`
location / {
try_files $uri $uri/ /index.php?$query_string;
#try_files $uri $uri/ /index.php;
}
## End - Index
## Begin - Security
# deny all direct access for these folders
location ~* /(\.git|cache|bin|logs|backup|tests)/.*$ { return 403; }
# deny running scripts inside core system folders
location ~* /(system|vendor)/.*\.(txt|xml|md|html|yaml|yml|php|pl|py|cgi|twig|sh|bat)$ { return 403; }
# deny running scripts inside user folder
location ~* /user/.*\.(txt|md|yaml|yml|php|pl|py|cgi|twig|sh|bat)$ { return 403; }
# deny access to specific files in the root folder
location ~ /(LICENSE\.txt|composer\.lock|composer\.json|nginx\.conf|web\.config|htaccess\.txt|\.htaccess) { return 403; }
## End - Security
## Begin - PHP
location ~ \.php$ {
# Choose either a socket or TCP/IP address
#fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_pass app:9000;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_index index.php;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root/$fastcgi_script_name;
}
client_max_body_size 100m;
## Begin - Security
# deny all direct access for these folders
location ~* /(\.git|cache|bin|logs|backups)/.*$ { return 403; }
# deny running scripts inside core system folders
location ~* /(system|vendor)/.*\.(txt|xml|md|html|yaml|php|pl|py|cgi|twig|sh|bat)$ { return 403; }
# deny running scripts inside user folder
location ~* /user/.*\.(txt|md|yaml|php|pl|py|cgi|twig|sh|bat)$ { return 403; }
# deny access to specific files in the root folder
location ~ /(LICENSEi\.txt|composer\.lock|composer\.json|nginx\.conf|web\.config|htaccess\.txt|\.htaccess) { return 403; }
## End - Security
}
user www-data;
worker_processes 1;
error_log /var/log/nginx/error.log warn;
pid /var/run/nginx.pid;
events {
worker_connections 1024;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
#tcp_nopush on;
keepalive_timeout 65;
#gzip on;
include /etc/nginx/conf.d/*.conf;
}
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment