Commit 045dd93c authored by Dave Lane's avatar Dave Lane

updated README, sample docker-compose.yml file, and added other nginx recipies

parent 10f69db3
This [Docker Compose](https://docs.docker.com/compose/) recipe creates a set of 3 Docker containers which should let you run a very efficient [Grav](https://getgrav.org) website (or multiple sites).
This [Docker Compose](https://docs.docker.com/compose/) recipe creates a set of 2 Docker containers which should let you run a very efficient [Piwigo](https://piwigo.org) media gallery website (or multiple sites).
It provides a container based on Debian Stretch running the latest PHP (7.2 as of this edit) in FPM mode, with an Nginx container for serving it (you will need to have a reverse proxy to serve it and - I recommend - provide HTTPS support - I provide an example Nginx proxy configuration for this), and, for caching performance, an optional Redis container. Support for all of these is compiled into the PHP container.
......
version: "3"
services:
redis:
image: redis:4-alpine
restart:
unless-stopped
networks:
default:
aliases:
- redis.[grav.local]
app:
image: kiwilightweight/grav
links:
- redis
image: kiwilightweight/piwigo-php7fpm
volumes:
- [path-to-my-grav-data]:/var/www/html
- [path-to-my-piwigo-install]:/var/www/html
restart:
unless-stopped
networks:
default:
aliases:
- [grav.local]
- [piwigo.local]
nginx:
image: kiwilightweight/nginx-grav
image: kiwilightweight/nginx-piwigo
links:
- app
- redis
ports:
- "127.0.0.1:8081:80"
- "127.0.0.1:[available port]:80"
volumes:
- ./nginx:/etc/nginx/conf.d
- ./nginx/cache:/var/cache/nginx
- [path-to-my-grav-data]:/var/www/html
- [path-to-my-piwigo-install]:/var/www/html
restart: unless-stopped
networks:
default:
aliases:
- nginx.[grav.local]
- nginx.[piwigo.local]
server {
listen 0.0.0.0:80;
index index.html index.php;
## Web root and Domain Name
root /var/www/html;
server_name default;
## Begin - Index
# for subfolders, simply adjust the rewrite:
# to use `/subfolder/index.php`
location / {
try_files $uri $uri/ /index.php?$query_string;
#try_files $uri $uri/ /index.php;
}
## End - Index
## Begin - Security
# deny all direct access for these folders
location ~* /(\.git|cache|bin|logs|backup|tests)/.*$ { return 403; }
# deny running scripts inside core system folders
location ~* /(system|vendor)/.*\.(txt|xml|md|html|yaml|yml|php|pl|py|cgi|twig|sh|bat)$ { return 403; }
# deny running scripts inside user folder
location ~* /user/.*\.(txt|md|yaml|yml|php|pl|py|cgi|twig|sh|bat)$ { return 403; }
# deny access to specific files in the root folder
location ~ /(LICENSE\.txt|composer\.lock|composer\.json|nginx\.conf|web\.config|htaccess\.txt|\.htaccess) { return 403; }
## End - Security
## Begin - PHP
location ~ \.php$ {
# Choose either a socket or TCP/IP address
#fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_pass app:9000;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_index index.php;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root/$fastcgi_script_name;
}
client_max_body_size 100m;
## Begin - Security
# deny all direct access for these folders
location ~* /(\.git|cache|bin|logs|backups)/.*$ { return 403; }
# deny running scripts inside core system folders
location ~* /(system|vendor)/.*\.(txt|xml|md|html|yaml|php|pl|py|cgi|twig|sh|bat)$ { return 403; }
# deny running scripts inside user folder
location ~* /user/.*\.(txt|md|yaml|php|pl|py|cgi|twig|sh|bat)$ { return 403; }
# deny access to specific files in the root folder
location ~ /(LICENSEi\.txt|composer\.lock|composer\.json|nginx\.conf|web\.config|htaccess\.txt|\.htaccess) { return 403; }
## End - Security
}
# this is for silverstripe
server {
listen 0.0.0.0:80;
include mime.types;
default_type application/octet-stream;
client_max_body_size 0; # Manage this in php.ini (upload_max_filesize & post_max_size)
root /var/www/html;
server_name default;
# Defend against SS-2015-013 -- http://www.silverstripe.org/software/download/security-releases/ss-2015-013
if ($http_x_forwarded_host) {
return 400;
}
location / {
try_files $uri /index.php?$query_string;
}
error_page 404 /assets/error-404.html;
error_page 500 /assets/error-500.html;
# See caveats
error_page 502 /assets/error-500.html;
error_page 503 /assets/error-500.html;
location ^~ /assets/ {
sendfile on;
try_files $uri =404;
}
location /index.php {
fastcgi_buffer_size 32k;
fastcgi_busy_buffers_size 64k;
fastcgi_buffers 4 32k;
fastcgi_keep_conn on;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
}
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment