docker-compose.yml-sample

-version: "2"
+version: "3"
 
 services:
     redis:
-        image: redis:3-alpine
+        image: redis:4-alpine
+        restart:
+            unless-stopped
+        networks:
+            default:
+                aliases:
+                    - redis.grav.troy
     app:
         image: kiwilightweight/grav
+        links:
+            - redis
         volumes:
-            - [PATH_TO_YOUR_GRAV]:/var/www/html
+            - /home/dave/Projects/grav/new:/var/www/html
         restart:
             unless-stopped
-       networks:
+        networks:
             default:
                 aliases:
-                    - [YOUR_GRAV_DOMAIN]
+                    - grav.troy
     nginx:
         image: oeru/nginx-jessie
         links:
             - app
             - redis
         ports:
-            - "127.0.0.1:8080:80"
+            - "127.0.0.1:8081:80"
         volumes:
             - ./nginx:/etc/nginx/conf.d
             - ./nginx/cache:/var/cache/nginx
-            - [PATH_TO_YOUR_GRAV]:/var/www/html
+            - /home/dave/Projects/grav/new:/var/www/html
         restart: unless-stopped
+        networks:
+            default:
+                aliases:
+                    - nginx.grav.troy

docker-compose.yml.sample

@@ -2,13 +2,17 @@ version: "3"
 
 services:
     redis:
-        image: redis:3-alpine
+        image: redis:4-alpine
         restart:
             unless-stopped
         networks:
             default:
                 aliases:
+<<<<<<< HEAD:docker-compose.yml
+                    - redis.grav.troy
+=======
                     - redis.grav.nzoss.nz
+>>>>>>> 55ff8f1fcedb9b67997ba36bc88ccd2bdae35535:docker-compose.yml.sample
     app:
         image: kiwilightweight/grav
         links:
@@ -20,14 +24,18 @@ services:
         networks:
             default:
                 aliases:
+<<<<<<< HEAD:docker-compose.yml
+                    - grav.troy
+=======
                     - grav.nzoss.nz
+>>>>>>> 55ff8f1fcedb9b67997ba36bc88ccd2bdae35535:docker-compose.yml.sample
     nginx:
         image: oeru/nginx-jessie
         links:
             - app
             - redis
         ports:
-            - "127.0.0.1:8080:80"
+            - "127.0.0.1:8081:80"
         volumes:
             - ./nginx:/etc/nginx/conf.d
             - ./nginx/cache:/var/cache/nginx
@@ -36,4 +44,8 @@ services:
         networks:
             default:
                 aliases:
+<<<<<<< HEAD:docker-compose.yml
+                    - nginx.grav.troy
+=======
                     - nginx.grav.nzoss.nz
+>>>>>>> 55ff8f1fcedb9b67997ba36bc88ccd2bdae35535:docker-compose.yml.sample

nginx/default.conf

@@ -38,5 +38,19 @@ server {
         fastcgi_param SCRIPT_FILENAME $document_root/$fastcgi_script_name;
     }
     client_max_body_size 100m;
+<<<<<<< HEAD
+ 
+    ## Begin - Security
+    # deny all direct access for these folders
+    location ~* /(\.git|cache|bin|logs|backups)/.*$ { return 403; }
+    # deny running scripts inside core system folders
+    location ~* /(system|vendor)/.*\.(txt|xml|md|html|yaml|php|pl|py|cgi|twig|sh|bat)$ { return 403; }
+    # deny running scripts inside user folder
+    location ~* /user/.*\.(txt|md|yaml|php|pl|py|cgi|twig|sh|bat)$ { return 403; }
+    # deny access to specific files in the root folder
+    location ~ /(LICENSEi\.txt|composer\.lock|composer\.json|nginx\.conf|web\.config|htaccess\.txt|\.htaccess) { return 403; }
+    ## End - Security
+=======
     ## End - PHP
+>>>>>>> 55ff8f1fcedb9b67997ba36bc88ccd2bdae35535
  }

php/Dockerfile

-FROM php:7.0-fpm-jessie
+FROM php:7-fpm
 MAINTAINER Dave Lane <dave@oerfoundation.org> (@lightweight)
 
 RUN apt-get update && apt-get install -y software-properties-common apt-utils
@@ -13,11 +13,12 @@ RUN apt-get install -y net-tools vim dnsutils
 # install cron and msmtp for outgoing email
 RUN apt-get install -y cron msmtp
 RUN docker-php-ext-configure imap --with-imap --with-imap-ssl --with-kerberos
-RUN docker-php-ext-install bz2 curl imap intl mbstring mcrypt \
+# RUN docker-php-ext-install bz2 curl imap intl mbstring mcrypt \
+RUN docker-php-ext-install bz2 curl imap intl mbstring \
     pspell opcache soap xmlrpc zip
 
 # install PHPRedis
-ENV PHPREDIS_VERSION 3.1.4
+ENV PHPREDIS_VERSION 4.1.1
 RUN docker-php-source extract \
     && curl -L -o /tmp/redis.tar.gz https://github.com/phpredis/phpredis/archive/$PHPREDIS_VERSION.tar.gz \
     && tar xfz /tmp/redis.tar.gz \
@@ -32,7 +33,8 @@ RUN apt-get update && apt-get install -y \
     libjpeg62-turbo-dev \
     libmcrypt-dev \
     libpng-dev \
-    && docker-php-ext-install -j$(nproc) iconv mcrypt \
+#    && docker-php-ext-install -j$(nproc) iconv mcrypt \
+    && docker-php-ext-install -j$(nproc) iconv \
     && docker-php-ext-configure gd --with-freetype-dir=/usr/include/ --with-jpeg-dir=/usr/include/ \
     && docker-php-ext-install -j$(nproc) gd
 
@@ -48,51 +50,49 @@ RUN docker-php-ext-enable apcu
 RUN rm -rf /var/lib/apt/lists/*
 
 # address app-specific config requirements
-RUN echo "log_errors = on" > /usr/local/etc/php/conf.d/php.ini
-RUN echo "display_errors = off" >> /usr/local/etc/php/conf.d/php.ini
-RUN echo "always_populate_raw_post_data = -1" >> /usr/local/etc/php/conf.d/php.ini
-RUN echo 'date.timezone = "Pacific/Auckland"' >> /usr/local/etc/php/conf.d/php.ini
-RUN echo 'cgi.fix_pathinfo = 0' >> /usr/local/etc/php/conf.d/php.ini
-RUN echo 'sendmail_path = /usr/bin/msmtp -t' >> /usr/local/etc/php/conf.d/php.ini
-RUN echo 'upload_max_filesize = 100M' >> /usr/local/etc/php/conf.d/php.ini
-RUN echo 'post_max_size = 150M' >> /usr/local/etc/php/conf.d/php.ini
-RUN echo 'memory_limit = 250M' >> /usr/local/etc/php/conf.d/php.ini
-# OpCache work
-RUN echo '[opcache]' >> /usr/local/etc/php/conf.d/php.ini
-RUN echo 'opcache.enable = 1' >> /usr/local/etc/php/conf.d/php.ini
-#RUN echo 'opcache.enable_cli = 1' >> /usr/local/etc/php/conf.d/php.ini
-#RUN echo 'opcache.interned_strings_buffer = 8' >> /usr/local/etc/php/conf.d/php.ini
-RUN echo 'opcache.memory_consumption = 128' >> /usr/local/etc/php/conf.d/php.ini
-RUN echo 'opcache.max_accelerated_files = 8000' >> /usr/local/etc/php/conf.d/php.ini
-RUN echo 'opcache.revalidate_freq = 60' >> /usr/local/etc/php/conf.d/php.ini
-#RUN echo 'opcache.fast_shutdown = 1' >> /usr/local/etc/php/conf.d/php.ini
-RUN echo 'opcache.use_cwd = 1' >> /usr/local/etc/php/conf.d/php.ini
-RUN echo 'opcache.validate_timestamps = 1' >> /usr/local/etc/php/conf.d/php.ini
-RUN echo 'opcache.save_comments = 1' >> /usr/local/etc/php/conf.d/php.ini
-RUN echo 'opcache.enable_file_override = 0' >> /usr/local/etc/php/conf.d/php.ini
+RUN set -ex \
+    && { \
+        echo 'log_errors = on'; \
+        echo 'display_errors = off'; \
+        echo 'always_populate_raw_post_data = -1'; \
+        echo 'date.timezone = "Pacific/Auckland"'; \
+        echo 'cgi.fix_pathinfo = 0'; \
+        echo 'sendmail_path = /usr/bin/msmtp -t'; \
+        echo 'upload_max_filesize = 100M'; \
+        echo 'post_max_size = 150M'; \
+        echo 'memory_limit = 250M'; \
+        echo '[opcache]'; \
+        echo 'opcache.enable = 1'; \
+        echo 'opcache.memory_consumption = 128'; \
+        echo 'opcache.max_accelerated_files = 8000'; \
+        echo 'opcache.revalidate_freq = 60'; \
+        echo 'opcache.use_cwd = 1'; \
+        echo 'opcache.validate_timestamps = 1'; \
+        echo 'opcache.save_comments = 1'; \
+        echo 'opcache.enable_file_override = 0'; \
+    } | tee /usr/local/etc/php/conf.d/php.ini
 
 # the PHP-fpm configuration - create new www.conf file!
-RUN echo '[global]' > /usr/local/etc/php-fpm.d/www.conf
-RUN echo 'error_log = /proc/self/fd/2' >> /usr/local/etc/php-fpm.d/www.conf
-RUN echo '[www]' >> /usr/local/etc/php-fpm.d/www.conf
-RUN echo 'user = www-data' >> /usr/local/etc/php-fpm.d/www.conf
-RUN echo 'group = www-data' >> /usr/local/etc/php-fpm.d/www.conf
-RUN echo '; if we send this to /proc/self/fd/1, it never appears' >> /usr/local/etc/php-fpm.d/www.conf
-RUN echo 'access.log = /proc/self/fd/2' >> /usr/local/etc/php-fpm.d/www.conf
-RUN echo 'clear_env = no' >> /usr/local/etc/php-fpm.d/www.conf
-RUN echo 'catch_workers_output = yes' >> /usr/local/etc/php-fpm.d/www.conf
-RUN echo '; Ensure worker stdout and stderr are sent to the main error log.' >> /usr/local/etc/php-fpm.d/www.conf
-RUN echo 'security.limit_extensions = .php' >> /usr/local/etc/php-fpm.d/www.conf
-RUN echo '; process management stuff' >> /usr/local/etc/php-fpm.d/www.conf
-RUN echo 'pm = ondemand' >> /usr/local/etc/php-fpm.d/www.conf
-RUN echo 'pm.max_children = 10' >> /usr/local/etc/php-fpm.d/www.conf
-RUN echo 'pm.start_servers = 2' >> /usr/local/etc/php-fpm.d/www.conf
-RUN echo 'pm.min_spare_servers = 1' >> /usr/local/etc/php-fpm.d/www.conf
-RUN echo 'pm.max_spare_servers = 3' >> /usr/local/etc/php-fpm.d/www.conf
-#RUN echo 'php_flag[display_errors] = off' >> /usr/local/etc/php-fpm.d/www.conf
-#RUN echo 'php_admin_value[error_log] = /usr/local/var/log/fpm-php.www.log' >> /usr/local/etc/php-fpm.d/www.conf
-#RUN echo 'php_admin_flag[log_errors] = on' >> /usr/local/etc/php-fpm.d/www.conf
-#RUN echo 'php_admin_value[memory_limit] = 250M' >> /usr/local/etc/php-fpm.d/www.conf
+RUN set -ex \  
+    && { \
+        echo '[global]'; \
+        echo 'error_log = /proc/self/fd/2'; \
+        echo '[www]'; \
+        echo 'user = www-data'; \
+        echo 'group = www-data'; \
+        echo '; if we send this to /proc/self/fd/1, it never appears'; \
+        echo 'access.log = /proc/self/fd/2'; \
+        echo 'clear_env = no'; \
+        echo 'catch_workers_output = yes'; \
+        echo '; Ensure worker stdout and stderr are sent to the main error log.'; \
+        echo 'security.limit_extensions = .php'; \
+        echo '; process management stuff'; \
+        echo 'pm = ondemand'; \
+        echo 'pm.max_children = 10'; \
+        echo 'pm.start_servers = 2'; \
+        echo 'pm.min_spare_servers = 1'; \
+        echo 'pm.max_spare_servers = 3'; \
+    } | tee /usr/local/etc/php-fpm.d/www.conf
 
 VOLUME /var/www/html