diff --git a/CHANGELOG.md b/CHANGELOG.md index 50d0384..6f1e0f2 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,6 +4,63 @@ All notable changes to this project will be documented in this file. The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/) and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.html). + +## Unpublished + +### Changed +- favicon to use generic 404 page instead of WP + +## [1.7.0] - 2021-08-12 +### Changed +- Updated repo to use edge2 tag from devgeniem/ubuntu-docker-openresty-pagespeed. This might be a breaking change + +### Added +- Installed Imagemagick for php +- Skip cache reason to header + +### Fixed +- Fixed blacklist and whitelist modes + +### Added +- fastcgi_intercept_errors configurable from env FASTCGI_INTERCEPT_ERRORS, default on + +### Fixed +- Updated map_hash_bucket_size value to 128 as previous value was out of scope. + +## [1.6.2] - 2021-02-25 +### Added + +- added $cookie_nocache variable to cache bypass to enable cache bypass control via cookie + +## [1.6.1] - 2021-02-25 +### Fixed +- Redis envs rendered again to make redis work + +## [1.6] - 2021-01-27 +### Removed +- old php versions + +### Added +- more envs for configuring +- php process manager configurable from envs +- ignore cache key attributes +- renamed envs for clarity +- PHP_DISABLE_FUNCTIONS env + +## [1.5.2] - 2020-08-10 + +### Added +- socklog to log syslog and cronlog for better debugging +- added wordpress_sec cookie to skip fullpage cache +- more security headers +- updated socklog to latest version + +### Fixed +- headers where added in many places which made them not working correctly. Now headers are added in one place. For any headeres please use XXX_headers.conf files in +- php cli errorlog forwarded to /proc/1/fd/2 to make it work + +## [1.5.1] - 2020-xx-xx + ### Fixed - Updated error page external libraries to new versions diff --git a/README.md b/README.md index e106756..1010bf7 100644 --- a/README.md +++ b/README.md @@ -1,165 +1,7 @@ -# Lightweight PHP-FPM & Nginx Docker Image for WordPress -[![devgeniem/alpine-wordpress docker image](http://dockeri.co/image/devgeniem/wordpress-server)](https://registry.hub.docker.com/u/devgeniem/wordpress-server/) +# Under construction +README was deleted due to legacy reasons. -[![License](https://img.shields.io/:license-mit-blue.svg?style=flat-square)](http://badges.mit-license.org) +New README will come later. -This is maintained repository. We use this project in production and recommend this for your projects too. This container doesn't have mysql or email, you need to provide them from elsewhere. This can be other container or your host machine. - -I tried to include all build, test and project tools in [docker-alpine-wordpress](https://github.com/devgeniem/docker-alpine-wordpress) image. I think that more modular design is better for docker and security as well. - -This project tries to be as minimal as possible and doesn't include anything that we don't absolutely need in the runtime. - -## Aren't you only supposed to run one process per container? -We think that docker container should be small set of processes which provide one service rather than one clumsy process. This container uses [s6-overlay](https://github.com/just-containers/s6-overlay) in order to run php-fpm and nginx together. - -## Container layout -Mount your wordpress project into: -``` -/var/www/project -``` - -Your project should define web root in: -``` -/var/www/project/web -``` -This is the place where nginx will serve requests. This is compatible with [bedrock layout](https://github.com/roots/bedrock). - -### Override project path -You can use `OVERRIDE_PROJECT_ROOT` variable to change project path with symlink. - -For example in `Drone CI` all mounts are done into `/drone/src` folder and we use `OVERRIDE_PROJECT_ROOT=/drone/src/project` in our testing. - -Container creates a symlink from /var/www/project into `$OVERRIDE_PROJECT_ROOT` which allows us to use custom path. - -## User permissions -You can use `WP_GID` and `WP_UID` env to change web user and group. - -If these are not set container will look for owner:group from files mounted in `/var/www/project/web/`. - -If these files are owned by root user or root group the container will automatically use 100:101 as permissions instead. This is so that we won't never run nginx and php-fpm as root. - -## Nginx includes -You can have custom nginx includes in your project mount `/var/www/project/nginx`. - -**Include into http {} block:** -`/var/www/project/nginx/http/*.conf` - -**Include into server {} block:** -`/var/www/project/nginx/server/*.conf` - -**Include into @index {} block:** -`/var/www/project/nginx/index/*.conf` - -See more in our [wp-project template](https://github.com/devgeniem/wp-project). - -## Cron jobs -You can place cron file in `/var/www/project/tasks.cron`. This is symlinked to crond and run as user `wordpress`. - -For example: -``` -# do daily/weekly/monthly maintenance -* * * * * echo "test log from: $(whoami)..." >> /tmp/test.log -``` - -## Environment Variables - -### Timezone -This sets timezone for the environment and php. See candidates here: http://php.net/manual/en/timezones.php -``` -TZ # Default: 'Europe/Helsinki' -``` - -### Development/Production - -``` -WP_ENV # Default: '' Options: development,testing,production,pretty-much-anything-you-want -``` - -### Database variables (mysql/mariadb) - -``` -DB_NAME # Default: '' -DB_PASSWORD # Default: '' -DB_USER # Default: '' -DB_HOST # Default: '' -DB_PORT # Default: '' -``` - -Remember to set `DB_NAME`, `DB_PASSWORD` and `DB_USER` and use these variables in your wp-config.php. These are automatically added as envs in php context. - -### Email variables - -``` -SMTP_HOST -``` - -This variable changes the host where container tries to send mail from. By default this is docker host `172.17.0.1`. - -``` -SMTP_PORT -``` - -This variable changes the port where container tries to connect in order to send mail. By default this is `25`. - -``` -SMTP_TLS -``` - -If this is provided use username in authenticating to mail server. Default: null -``` -SMTP_USER -``` - -If this is provided use password in authenticating to mail server. Default: null -``` -SMTP_PASSWORD -``` - -If this is `on` mail will use username/password authentication in connections to smtp server. -This will automatically activate if you use `SMTP_USER` and `SMTP_PASSWORD`. Default: `off` -``` -SMTP_AUTH -``` - -See more about these variables in [msmtp docs](http://msmtp.sourceforge.net/doc/msmtp.html#Authentication). - -### PHP and Nginx Variables -You can change following env to change php configs: - -``` -# Variables and default values -PHP_MEMORY_LIMIT=128M -NGINX_MAX_BODY_SIZE=64M -NGINX_FASTCGI_TIMEOUT=30 -``` - -``` -# These defaulta are only for PHP 7.3 -# Default fastcgi cache directory -NGINX_CACHE_DIRECTORY=/dev/cache - -# Default operations when fastcgi stale cache is used -NGINX_CACHE_USE_STALE="error timeout invalid_header updating http_500 http_503 http_403 http_404 http_429" - - -NGINX_REDIS_CACHE_TTL_DEFAULT="200 301 302 1m" - -# Default headers for fastcgi stale- and error cache -NGINX_CACHE_CONTROL='"max-age=60, stale-while-revalidate=300, stale-if-error=21600"' - -# list of parameters to be included in cached requests separated by comma (default empty) -CACHE_QUERYVARS= - -# Cache mode blacklist or whitelist, default whitelist (possible values: blacklist, whitelist) -CACHE_MODE= -``` - -## What's inside container: -### For running WordPress -- php7.xx -- php-fpm7 -- nginx -- wp-cli - -### For sending emails with smtp server -- msmtp +# Shibboleth +This image has shibboleth additions, use this if your site is using shibboleth for authentication. diff --git a/docker-compose.yml b/docker-compose.yml index ae2a3bb..624d4cd 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -1,30 +1,19 @@ # Use this if you're testing/debugging the build locally on OSX -web56: - build: ./php5.6/ - command: /init - ports: - - 80 - volumes: - - ./web:/var/www/project/web - environment: - WP_UID: 100 - WP_GID: 101 - # For testing with gdev - VIRTUAL_HOST: php56.test - PORT: 80 +version: '3.4' -web70: - build: ./php7.0/ - command: /init - ports: - - 80 - volumes: - - ./web:/var/www/project/web - environment: - WP_UID: 100 - WP_GID: 101 +services: + web: + build: ./ubuntu-8.1/ + command: /init + ports: + - 80 + volumes: + - ./web:/var/www/project/web + environment: + WP_UID: 100 + WP_GID: 101 - # For testing with gdev - VIRTUAL_HOST: php70.test - PORT: 80 + # For testing with gdev + VIRTUAL_HOST: php81.test + PORT: 80 diff --git a/ubuntu-7.0/.dockerignore b/ubuntu-7.0/.dockerignore deleted file mode 100644 index a18daff..0000000 --- a/ubuntu-7.0/.dockerignore +++ /dev/null @@ -1,12 +0,0 @@ -# These files are ignored from being uploaded to docker build context - -# Git is not needed in docker image building -.git - -# No OSX rubbish -.DS_Store - -# Development stuff -docker-compose.yml -.dockerignore -Dockerfile diff --git a/ubuntu-7.0/Dockerfile b/ubuntu-7.0/Dockerfile deleted file mode 100644 index 4f9203c..0000000 --- a/ubuntu-7.0/Dockerfile +++ /dev/null @@ -1,186 +0,0 @@ -FROM devgeniem/ubuntu-docker-openresty-pagespeed:latest -MAINTAINER Ville Pietarinen - Geniem Oy - -## -# Only use these during installation -## -ARG LANG=C.UTF-8 -ARG DEBIAN_FRONTEND=noninteractive - -## -# Install php7 packages from dotdeb.org -# - Dotdeb is an extra repository providing up-to-date packages for your Debian servers -## -RUN \ - apt-get update \ -&& apt-get -y install software-properties-common \ - && add-apt-repository ppa:ondrej/php \ - && apt-get -y --no-install-recommends install \ - apt-utils \ - curl \ - nano \ - ca-certificates \ - git \ - mysql-client \ - msmtp \ - postfix \ - netcat \ - less \ - libmcrypt-dev \ - && apt-get update \ - && apt-get -y --no-install-recommends install \ - php7.0-cli \ - php7.0-common \ - php7.0-apcu \ - php7.0-apcu-bc \ - php7.0-curl \ - php7.0-json \ - php7.0-mcrypt \ - php7.0-opcache \ - php7.0-readline \ - php7.0-xml \ - php7.0-zip \ - php7.0-fpm \ - php7.0-redis \ - php7.0-mongodb \ - php7.0-mysqli \ - php7.0-intl \ - php7.0-gd \ - php7.0-mbstring \ - php7.0-soap \ - php7.0-bcmath \ - php7.0-curl \ - php7.0-ldap \ - php7.0-mcrypt \ - # Force install only cron without extra mailing dependencies - && cd /tmp \ - && apt-get download cron \ - && dpkg --force-all -i cron*.deb \ - && mkdir -p /var/spool/cron/crontabs \ - # Cleanup - && apt-get clean \ - && apt-get autoremove \ - && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* /usr/share/doc/* /var/log/apt/* /var/log/*.log - - -# Install helpers -RUN \ - ## - # Install composer - ## - curl -sS https://getcomposer.org/installer | php -- --install-dir=/usr/local/bin --filename=composer \ - && composer global require hirak/prestissimo \ - - ## - # Install wp-cli - # source: http://wp-cli.org/ - ## - && curl -L https://raw.githubusercontent.com/wp-cli/builds/gh-pages/phar/wp-cli.phar -o /usr/local/bin/wp-cli \ - && chmod +rx /usr/local/bin/wp-cli \ - # Symlink it to /usr/bin as well so that cron can find this script with limited PATH - && ln -s /usr/local/bin/wp-cli /usr/bin/wp-cli \ - - ## - # Install cronlock for running cron correctly with multi container setups - # https://github.com/kvz/cronlock - ## - && curl -L https://raw.githubusercontent.com/kvz/cronlock/master/cronlock -o /usr/local/bin/cronlock \ - && chmod +rx /usr/local/bin/cronlock \ - # Symlink it to /usr/bin as well so that cron can find this script with limited PATH - && ln -s /usr/local/bin/cronlock /usr/bin/cronlock - -## -# Add Project files like nginx and php-fpm processes and configs -# Also custom scripts and bashrc -## -COPY rootfs/ / - -# Run small fixes -RUN set -x \ - && mkdir -p /var/www/uploads \ - && mkdir -p /tmp/php-opcache \ - && ln -sf /usr/sbin/php-fpm7.0 /usr/sbin/php-fpm \ - && ln -sf /usr/bin/wp /usr/local/bin/wp -# This is for your project root -ENV PROJECT_ROOT="/var/www/project" - -ENV \ - # Add interactive term - TERM="xterm" \ - # Set defaults which can be overriden - MYSQL_PORT="3306" \ - # Use default web port in nginx but allow it to be overridden - # This also works correctly with flynn: - # https://github.com/flynn/flynn/issues/3213#issuecomment-237307457 - PORT="8080" \ - # Use custom users for nginx and php-fpm - WEB_USER="wordpress" \ - WEB_GROUP="web" \ - WEB_UID=1000 \ - WEB_GID=1001 \ - # Set defaults for redis - REDIS_PORT="6379" \ - REDIS_DATABASE="0" \ - REDIS_PASSWORD="" \ - REDIS_SCHEME="tcp" \ - # Set defaults for NGINX redis cache - # This variable uses seconds by default - # Time units supported are "s"(seconds), "ms"(milliseconds), "y"(years), "M"(months), "w"(weeks), "d"(days), "h"(hours), and "m"(minutes). - NGINX_REDIS_CACHE_TTL_DEFAULT="900" \ - NGINX_REDIS_CACHE_TTL_MAX="4h" \ - NGINX_CACHE_DIRECTORY="/tmp/nginx/fullpage" \ - # Default operations when fastcgi stale cache is used - NGINX_CACHE_USE_STALE="error timeout invalid_header updating http_500 http_503 http_403 http_404" \ - # Default headers for fastcgi stale- and error cache - NGINX_CACHE_CONTROL='"max-age=60, stale-while-revalidate=300, stale-if-error=21600"'\ - # Cronlock is used to stop simultaneous cronjobs in clusterised environments - CRONLOCK_HOST="" \ - # This is used by nginx and php-fpm - WEB_ROOT="${PROJECT_ROOT}/web" \ - # This is used automatically by wp-cli - WP_CORE="${PROJECT_ROOT}/web/wp" \ - # Nginx include files - NGINX_INCLUDE_DIR="/var/www/project/nginx" \ - # Allow bigger file uploads - NGINX_MAX_BODY_SIZE="10M" \ - # Allow storing bigger body in memory - NGINX_BODY_BUFFER_SIZE="32k" \ - # Have sane fastcgi timeout by default - NGINX_FASTCGI_TIMEOUT="30" \ - # Have sane fastcgi timeout by default - NGINX_ERROR_LEVEL="warn" \ - # Have sane fastcgi timeout by default - NGINX_ERROR_LOG="stderr" \ - # Have sane fastcgi timeout by default - NGINX_ACCESS_LOG="/dev/stdout" \ - # Default cache key for nginx http cache - NGINX_CACHE_KEY='wp_:nginx:$real_scheme$request_method$host$request_uri' \ - # PHP settings - PHP_MEMORY_LIMIT="128M" \ - PHP_MAX_INPUT_VARS="1000" \ - PHP_ERROR_LOG="/proc/self/fd/1" \ - PHP_ERROR_LOG_LEVEL="warning" \ - PHP_ERROR_LOG_MAX_LEN="8192" \ - PHP_SESSION_REDIS_DB="0" \ - PHP_SESSION_HANDLER="files" \ - # You should count the *.php files in your project and set this number to be bigger - # $ find . -type f -print | grep php | wc -l - PHP_OPCACHE_MAX_FILES="8000" \ - # Amount of memory in MB to allocate for opcache - PHP_OPCACHE_MAX_MEMORY="128" \ - # Use host machine as default SMTP_HOST - SMTP_HOST="172.17.0.1" \ - # This folder is used to mount files into host machine - # You should use this path for your uploads since everything else should be ephemeral - UPLOADS_ROOT="/var/www/uploads" \ - # This can be overidden by you, it's just default for us - TZ="Europe/Helsinki" -# Setup $TZ. Remember to run this again in your own build - # Make sure that all files here have execute permissions -RUN dpkg-reconfigure tzdata && \ - chmod +x /etc/cont-init.d/* -# Set default path to project folder for easier running commands in project -WORKDIR ${PROJECT_ROOT} -EXPOSE ${PORT} -ENTRYPOINT ["/init"] - diff --git a/ubuntu-7.0/rootfs/etc/nginx/additional.types b/ubuntu-7.0/rootfs/etc/nginx/additional.types deleted file mode 100644 index ac8070e..0000000 --- a/ubuntu-7.0/rootfs/etc/nginx/additional.types +++ /dev/null @@ -1,6 +0,0 @@ -# If developers add .woff2 type font files we should provide good Content-Type headers -types { - # Add mime support for woff2 - # http://stackoverflow.com/questions/28235550/proper-mime-type-for-woff2-fonts - font/woff2 woff2; -} diff --git a/ubuntu-7.0/rootfs/etc/nginx/cache/fastcgicache.conf b/ubuntu-7.0/rootfs/etc/nginx/cache/fastcgicache.conf deleted file mode 100644 index 1455277..0000000 --- a/ubuntu-7.0/rootfs/etc/nginx/cache/fastcgicache.conf +++ /dev/null @@ -1,13 +0,0 @@ -## -# Add few rules which deny using cache -## -include cache/fastcgicache_skip_rules.conf; -include cache/helper_variables.conf; -fastcgi_cache_bypass $skip_cache; -fastcgi_no_cache $skip_cache; - -fastcgi_cache WORDPRESS; -#proxy_ignore_headers Set-Cookie Expires Cache-Control; - -# Add header for easier cache debugging -add_header X-Cache $upstream_cache_status always; diff --git a/ubuntu-7.0/rootfs/etc/nginx/cache/fastcgicache_settings.conf b/ubuntu-7.0/rootfs/etc/nginx/cache/fastcgicache_settings.conf deleted file mode 100644 index f76fa4d..0000000 --- a/ubuntu-7.0/rootfs/etc/nginx/cache/fastcgicache_settings.conf +++ /dev/null @@ -1,8 +0,0 @@ -## -# Basic settings of Fast cgi cache -## -fastcgi_cache_path ${NGINX_CACHE_DIRECTORY} levels=1:2 keys_zone=WORDPRESS:100m max_size=1000m inactive=730h; -fastcgi_cache_key $scheme$request_method$host$request_uri; -fastcgi_cache_lock on; -fastcgi_cache_valid ${NGINX_REDIS_CACHE_TTL_DEFAULT}; -add_header 'Cache-Control' ${NGINX_CACHE_CONTROL}; \ No newline at end of file diff --git a/ubuntu-7.0/rootfs/etc/nginx/cache/fastcgicache_skip_rules.conf b/ubuntu-7.0/rootfs/etc/nginx/cache/fastcgicache_skip_rules.conf deleted file mode 100644 index 99bbc0e..0000000 --- a/ubuntu-7.0/rootfs/etc/nginx/cache/fastcgicache_skip_rules.conf +++ /dev/null @@ -1,75 +0,0 @@ -## -# Add few rules which deny using cache -## - -# Don't skip cache by default -set $skip_cache 0; -# insert project specific cache rules to this file (delete this row when all projects are updated) -include /var/www/project/nginx/server/skip_cache.conf; -# insert project specific cache rules to this folder -include ${NGINX_INCLUDE_DIR}/skipcache/*.conf; - -# POST requests and urls with a query string should always go to PHP -if ($request_method = POST) { - set $skip_cache 1; -} - -# Deal with accepted query vars -set $without $query_string; - -set_by_lua_block $cache_args { - -- Helper split string function - function split( inputstr, sep ) - if sep == nil then - sep = "%s" - end - local t={} ; i=1 - for str in string.gmatch(inputstr, "([^" .. sep .. "]+)") do - t[ i ] = str - i = i + 1 - end - return t - end - - -- Helper escape special chars function - function esc( str ) - return str:gsub( "([^%w])", "%%%1" ) - end - - local with = {} - local without = ngx.var.without - - -- Get a list of accepted query vars from env variable - local accepted = split( ( os.getenv( 'CACHE_QUERYVARS' ) or "" ), "," ) - - -- Loop through the list - for key, accept in pairs(accepted) do - -- If there is a value present for the variable, store it in a variable - if ngx.decode_args( without )[ accept ] then - table.insert( with, accept .. "=" .. ngx.decode_args( without )[ accept ] ) - end - -- Remove the accepted key-value pair from the string - without = string.gsub( without, "&?" .. esc( accept ) .. "=[^&]+", "" ) - end - - -- Store all non-accepted query vars to checked later - ngx.var.without = without - - -- Return accepted query var key-value pairs to be used in the cache key - return "?" .. table.concat( with, "&" ) -} - -# If there were any unaccepted query vars, skip cache -if ($without != "") { - set $skip_cache 1; -} - -# Don't use the cache for logged in users or recent commenters -if ($http_cookie ~* "comment_author|wordpress_[a-f0-9]+|wp-postpass|wordpress_no_cache|wordpress_logged_in|woocommerce_items_in_cart") { - set $skip_cache 1; -} - -# Don't cache responses from wp-admin, xmlrpc and wp-login.php -if ($request_uri ~* "/wp-admin/|/xmlrpc.php|wp-.*.php") { - set $skip_cache 1; -} \ No newline at end of file diff --git a/ubuntu-7.0/rootfs/etc/nginx/cache/helper_variables.conf b/ubuntu-7.0/rootfs/etc/nginx/cache/helper_variables.conf deleted file mode 100644 index ea10fb9..0000000 --- a/ubuntu-7.0/rootfs/etc/nginx/cache/helper_variables.conf +++ /dev/null @@ -1,15 +0,0 @@ -## -# This file creates few helper variables -# $prefer_language_slug - 2 first letters from accept-language header to determine the language redirects from cache -## - -## -# Parse first two letters from accept-language header to determine right cache key -## -set_by_lua_block $prefer_language_slug { - if ngx.var.http_accept_language then - return string.lower( string.match( ngx.var.http_accept_language, '%w%w' ) ) - else - return 'en' - end -} diff --git a/ubuntu-7.0/rootfs/etc/nginx/cache/redis_backend.conf b/ubuntu-7.0/rootfs/etc/nginx/cache/redis_backend.conf deleted file mode 100644 index e9f86a3..0000000 --- a/ubuntu-7.0/rootfs/etc/nginx/cache/redis_backend.conf +++ /dev/null @@ -1,45 +0,0 @@ -## -# Adds internal locations for storing and getting full page cache from redis -## - -srcache_default_expire '${NGINX_REDIS_CACHE_TTL_DEFAULT}'; -srcache_max_expire '${NGINX_REDIS_CACHE_TTL_MAX}'; - -location /redis-fetch { - internal; - - ## - # In order to use password authentication we use custom redis module which adds $redis_auth: - # - https://github.com/Yongke/ngx_http_redis-0.3.7 - ## - - # Read the configuration from system envs - set $redis_auth '${REDIS_PASSWORD}'; - set $redis_db ${REDIS_DATABASE}; - - set $redis_key $args; - - redis_pass ${REDIS_HOST}:${REDIS_PORT}; -} - -location /redis-store { - internal; - - set_unescape_uri $exptime $arg_exptime; - set_unescape_uri $key $arg_key; - - # Fix caching problem for now - # There's issue in github https://github.com/openresty/srcache-nginx-module/issues/61 - set_if_empty $srcache_expire '${NGINX_REDIS_CACHE_TTL_DEFAULT}'; - - # redis module pipelines these 3 commands into single request - redis2_query auth '${REDIS_PASSWORD}'; - redis2_query select ${REDIS_DATABASE}; - - # Set and expire with one command: http://redis.io/commands/setex - redis2_query setex $key $srcache_expire $echo_request_body; - - # Pass the request to redis - redis2_pass ${REDIS_HOST}:${REDIS_PORT}; - -} diff --git a/ubuntu-7.0/rootfs/etc/nginx/cache/skip_rules.conf b/ubuntu-7.0/rootfs/etc/nginx/cache/skip_rules.conf deleted file mode 100644 index 43344c8..0000000 --- a/ubuntu-7.0/rootfs/etc/nginx/cache/skip_rules.conf +++ /dev/null @@ -1,30 +0,0 @@ -## -# Add few rules which deny using cache -## - -# Don't skip cache by default -set $skip_cache 0; - -# POST requests and urls with a query string should always go to PHP -if ($request_method = POST) { - set $skip_cache 1; -} - -# If theres any args skip cache -if ($query_string != "") { - set $skip_cache 1; -} - -# Don't use the cache for logged in users or recent commenters -if ($http_cookie ~* "comment_author|wordpress_[a-f0-9]+|wp-postpass|wordpress_no_cache|wordpress_logged_in|woocommerce_items_in_cart") { - set $skip_cache 1; -} - -# Don't cache responses from wp-admin, xmlrpc and wp-login.php -if ($request_uri ~* "/wp-admin/|/xmlrpc.php|wp-.*.php") { - set $skip_cache 1; -} - -# Skip fetch and skip if conditions are met -srcache_fetch_skip $skip_cache; -srcache_store_skip $skip_cache; diff --git a/ubuntu-7.0/rootfs/etc/nginx/cache/srcache.conf b/ubuntu-7.0/rootfs/etc/nginx/cache/srcache.conf deleted file mode 100644 index 85027dd..0000000 --- a/ubuntu-7.0/rootfs/etc/nginx/cache/srcache.conf +++ /dev/null @@ -1,20 +0,0 @@ -## -# Add few rules which deny using cache -## -include cache/skip_rules.conf; -include cache/helper_variables.conf; - -# Use redis caching for all pages -# Allow different cache key from env -# Use 'wp_' prefix so that cache can be flushed with: -# $ wp cache flush -set $cache_key "${NGINX_CACHE_KEY}"; -set_escape_uri $escaped_cache_key $cache_key; - -srcache_response_cache_control on; - -srcache_fetch GET /redis-fetch $cache_key; -srcache_store PUT /redis-store key=$escaped_cache_key; - -# Add header for easier cache debugging -add_header X-Cache $srcache_fetch_status; diff --git a/ubuntu-7.0/rootfs/etc/nginx/env.conf b/ubuntu-7.0/rootfs/etc/nginx/env.conf deleted file mode 100644 index 3089a23..0000000 --- a/ubuntu-7.0/rootfs/etc/nginx/env.conf +++ /dev/null @@ -1,13 +0,0 @@ -# Set custom enviromental variables that we need with lua here -# These are used to dynamically load -env PORT; -env WEB_ROOT; -env NGINX_MAX_BODY_SIZE; -env NGINX_TIMEOUT; - -# For nginx redis cache -env REDIS_HOST; -env REDIS_PORT; -env REDIS_DATABASE; -env REDIS_PASSWORD; -env CACHE_QUERYVARS; \ No newline at end of file diff --git a/ubuntu-7.0/rootfs/etc/nginx/nginx.conf b/ubuntu-7.0/rootfs/etc/nginx/nginx.conf deleted file mode 100644 index c967b96..0000000 --- a/ubuntu-7.0/rootfs/etc/nginx/nginx.conf +++ /dev/null @@ -1,350 +0,0 @@ -# Default user and group for the nginx@index -user ${WEB_USER} ${WEB_GROUP}; - -# Default error log -error_log ${NGINX_ERROR_LOG} ${NGINX_ERROR_LEVEL}; - -# Write process id here -pid /var/run/nginx.pid; - -# Load custom environment variables -include env.conf; - -# How many worker threads to run; -# "auto" sets it to the number of CPU cores available in the system, and -# offers the best performance. Don't set it higher than the number of CPU -# cores if changing this parameter. - -# The maximum number of connections for Nginx is calculated by: -# max_clients = worker_processes * worker_connections -worker_processes auto; - -# Maximum open file descriptors per process; -# should be > worker_connections. -worker_rlimit_nofile 8192; - -events { - # When you need > 8000 * cpu_cores connections, you start optimizing your OS, - # and this is probably the point at which you hire people who are smarter than - # you, as this is *a lot* of requests. - worker_connections 8000; -} - -http { - - # Configure hashmaps so that environment does not change defaults - map_hash_max_size 262144; - map_hash_bucket_size 262144; - server_names_hash_bucket_size 64; - - # Hide nginx version information. - server_tokens off; - - #Enable Fastcgicache - include cache/fastcgicache_settings.conf; - - # Remove Server header entirely - more_clear_headers Server; - - # How long to allow each connection to stay idle; longer values are better - # for each individual client, particularly for SSL, but means that worker - # connections are tied up longer. (Default: 65) - keepalive_timeout 20; - - # Speed up file transfers by using sendfile() to copy directly - # between descriptors rather than using read()/write(). - sendfile on; - - # Tell Nginx not to send out partial frames; this increases throughput - # since TCP frames are filled up before being sent out. (adds TCP_CORK) - tcp_nopush on; - - # Gzip all the assets - include gzip.conf; - - # Add default pagespeed settings - include pagespeed/settings.conf; - - # Add all default mime types and additional ones - include additional.types; - include mime.types; - - default_type application/octet-stream; - - client_body_temp_path /tmp/nginx/body 1 2; - fastcgi_temp_path /tmp/nginx/fastcgi_temp 1 2; - - # Include custom log formats - include log_formats.conf; - - # Allow bigger default file uploads - client_max_body_size ${NGINX_MAX_BODY_SIZE}; - - # Allow bigger body buffer size in memory - client_body_buffer_size ${NGINX_BODY_BUFFER_SIZE}; - - # Include custom nginx http additions from project - include ${NGINX_INCLUDE_DIR}/http/*.conf; - include ${NGINX_INCLUDE_DIR}/environments/${WP_ENV}/http/*.conf; - - # load upstreams from one file which can be overwritten depending on situation - include upstreams.conf; - - # Add few headers which make XSS harder - include security_headers.conf; - - # If ${PORT} != 80 means that we are behind reverse proxy as well - # This directive helps that we don't redirect clients into mysite.com:8080/resource type urls - port_in_redirect off; - - # Use theme assets straight from corresponding files for pagespeed - pagespeed ProcessScriptVariables on; - pagespeed LoadFromFile "$scheme://$host/app/themes/" "${WEB_ROOT}/app/themes/"; - pagespeed LoadFromFile "$scheme://$host/wp-content/themes/" "${WEB_ROOT}/wp/wp-content/themes/"; - - server { - # This is the default server for this container - listen ${PORT} default_server; - server_name _; - - root ${WEB_ROOT}; - - # Use index.php if it exists but also allow static websites in subfolders - index index.php index.html; - - access_log ${NGINX_ACCESS_LOG} custom; - - # Blocked log file - set $blocked_log /dev/stdout; - - disable_symlinks off; - - # Include custom nginx server additions from project - include ${NGINX_INCLUDE_DIR}/server/*.conf; - include ${NGINX_INCLUDE_DIR}/environments/${WP_ENV}/server/*.conf; - - # These variables are proxy conscious, so that they work even though we are behind reverse proxy - include proxy_real_variables.conf; - - # Include custom error pages - include error_pages.conf; - - # Own handling for WP-activate that for some very odd reason serves itself as 404. - location = /wp-activate.php { - try_files /wp/$uri @index; - - include fastcgi_settings.conf; - - # Append subfolder automatically - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - - # Give sane max execution time to frontend - fastcgi_read_timeout 30; - fastcgi_pass php-fpm; - } - - location = /robots.txt { - if ( $host ~ gpilvi\.com|geniem\.io ) { - add_header Content-Type text/plain; - return 200 "User-agent: *\nDisallow: /\n"; - } - - allow all; - log_not_found off; - access_log off; - try_files $uri @index; - } - - location = /favicon.ico { - allow all; - log_not_found off; - access_log off; - try_files $uri @index; - } - - # deny all dot-files including git - location ~ /\. { - deny all; - log_not_found off; - access_log off; - } - - location / { - try_files $uri $uri/ /wp/$uri /wp/$uri/ @index; - } - - # Deny requesting .dust files from anywhere else in the theme than under the partials/public directory - location ~* \/themes\/[^\/]+\/partials\/public\/.*\.dust$ { - allow all; - } - - location ~* \/themes\/.*\.dust$ { - deny all; - } - - # Static files - location ~* \.(css|js|jpe?g|gif|ico|png|otf|ttf|eot|woff?2|svg|webp)$ { - - ## Deny overriding Pagespeed - if ($arg_pagespeed != '') { access_log $blocked_log blocked; return 403; } - if ($arg_pagespeedspeedfilters != '') { access_log $blocked_log blocked; return 403; } - - include static_files.conf; - - # These files are probably exactly like $uri says but also try from /wp/ - try_files $uri /wp/$uri @index; - - # Deny requesting plain style.css from theme root directory - location ~ ^.*/themes/[^/]+/style\.css { - - # Preserve this url - pagespeed CssPreserveUrls true; - - # Minify and remove comments from css - pagespeed EnableFilters rewrite_css; - - # Wait that nginx has prepared the file - pagespeed InPlaceWaitForOptimized on; - - # Don't ever try to load non modified style.css - pagespeed InPlaceRewriteDeadlineMs 100000000; - - # Don't allow overriding pagespeed with pagespeed fixed urls - # Source: https://github.com/pagespeed/ngx_pagespeed/issues/1306 - location ~ ^(.*)/themes/([^/]+)/style.*pagespeed.* { - return 301 $1/themes/$2/style.css; - } - } - - ## - # Static WordPress files ~ wp-* - # These files are probably in /wp/ subfolder but also try from $uri - ## - location ~ ^wp- { - try_files /wp/$uri $uri @index; - } - } - - # App folder contains our plugins and themes - # We want to server assets from here but deny all php execution - location /app/ { - try_files $uri @index; - - ## - # Deny access into php files under /app/ - ## - location ~ \.php$ { - access_log $blocked_log blocked; - deny all; - } - } - - ## - # Run all php files from wp subfolder - # This is how wordpress is supposed to be run - # It also prevents direct access to possibly insecure code inside our plugins - ## - location ~ \.php$ { - try_files /wp/$uri @index; - - include fastcgi_settings.conf; - - # Append subfolder automatically - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - - # Handover 404 errors from php-fpm to WordPress - error_page 404 = @index; - - # Give sane max execution time to frontend - fastcgi_read_timeout ${NGINX_FASTCGI_TIMEOUT}; - fastcgi_pass php-fpm; - - ## Deny access to all php files in uploads folders - location ~* ^/uploads { access_log $blocked_log blocked; deny all; } - location ~* ^/content/uploads { access_log $blocked_log blocked; deny all; } - location ~* ^/wp-content/uploads { access_log $blocked_log blocked; deny all; } - - ## Fix Full Path Disclosures if display_errors is on - ## Don't allow straight access into core wp-includes - location ~* ^/wp-includes { access_log $blocked_log blocked; deny all; } - } - # Create purge location to empty fullpage cache - location ~ /purge(/.*) { - fastcgi_cache_purge WORDPRESS "$scheme$request_method$host$1"; - } - # Create health location for contena healthcheck - location /__health { - access_log off; - return 200; - } - - # Include redis interfaces /redis-fetch & /redis-store - # include cache/redis_backend.conf; - - location @index { - - # Include custom nginx index additions from project - include ${NGINX_INCLUDE_DIR}/index/*.conf; - include ${NGINX_INCLUDE_DIR}/environments/${WP_ENV}/index/*.conf; - - ## Deny overriding Pagespeed - if ($arg_pagespeed != '') { access_log $blocked_log blocked; return 403; } - if ($arg_pagespeedspeedfilters != '') { access_log $blocked_log blocked; return 403; } - - # Use redis as proxy cache - #include cache/srcache.conf; - # Use fastcgi cache - include cache/fastcgicache.conf; - - # Fallback into php - include fastcgi_settings.conf; - fastcgi_param SCRIPT_FILENAME $document_root/index.php; - - # Give sane max execution time to frontend - fastcgi_read_timeout ${NGINX_FASTCGI_TIMEOUT}; - fastcgi_pass php-fpm; - } - - # WordPress is stupid - location = /wp-admin { rewrite ^ /wp-admin/ permanent; } - - location = / { - - ## Block hackers from enumerating users - if ( $arg_author ~ [0-9]+ ) { access_log $blocked_log blocked; return 403; } - - ## Deny overriding Pagespeed - if ($arg_pagespeed != '') { access_log $blocked_log blocked; return 403; } - if ($arg_pagespeedspeedfilters != '') { access_log $blocked_log blocked; return 403; } - - # Use redis as proxy cache - #include cache/srcache.conf; - # Use fastcgi cache - include cache/fastcgicache.conf; - - #Enable project spesific config to root block - include ${NGINX_INCLUDE_DIR}/environments/${WP_ENV}/root/*.conf; - - # Fallback into php - include fastcgi_settings.conf; - fastcgi_param SCRIPT_FILENAME $document_root/index.php; - - # Give sane max execution time to frontend - fastcgi_read_timeout ${NGINX_FASTCGI_TIMEOUT}; - fastcgi_pass php-fpm; - } - - # Prevent /wp/wp/wp/... rewrite loops - location ^~ /wp/ { - rewrite ^/wp/(.*)$ $1$is_args$args last; - } - - # Block some vulnerabilities always - include security.conf; - - # Include basic pagespeed locations like beacons - include pagespeed/locations.conf; - } - include ${NGINX_INCLUDE_DIR}/environments/${WP_ENV}/end/*.conf; - -} diff --git a/ubuntu-7.0/rootfs/etc/nginx/security_headers.conf b/ubuntu-7.0/rootfs/etc/nginx/security_headers.conf deleted file mode 100644 index be78f67..0000000 --- a/ubuntu-7.0/rootfs/etc/nginx/security_headers.conf +++ /dev/null @@ -1,23 +0,0 @@ -## -# Security headers, source: https://gist.github.com/plentz/6737338 -## - -# config to don't allow the browser to render the page inside an frame or iframe -# and avoid clickjacking http://en.wikipedia.org/wiki/Clickjacking -# if you need to allow [i]frames, you can use SAMEORIGIN or even set an uri with ALLOW-FROM uri -# https://developer.mozilla.org/en-US/docs/HTTP/X-Frame-Options -add_header X-Frame-Options SAMEORIGIN; - -# when serving user-supplied content, include a X-Content-Type-Options: nosniff header along with the Content-Type: header, -# to disable content-type sniffing on some browsers. -# https://www.owasp.org/index.php/List_of_useful_HTTP_headers -# currently suppoorted in IE > 8 http://blogs.msdn.com/b/ie/archive/2008/09/02/ie8-security-part-vi-beta-2-update.aspx -# http://msdn.microsoft.com/en-us/library/ie/gg622941(v=vs.85).aspx -# 'soon' on Firefox https://bugzilla.mozilla.org/show_bug.cgi?id=471020 -add_header X-Content-Type-Options nosniff always; - -# This header enables the Cross-site scripting (XSS) filter built into most recent web browsers. -# It's usually enabled by default anyway, so the role of this header is to re-enable the filter for -# this particular website if it was disabled by the user. -# https://www.owasp.org/index.php/List_of_useful_HTTP_headers -add_header X-XSS-Protection "1; mode=block"; diff --git a/ubuntu-7.0/rootfs/etc/php/7.0/cli/php.ini b/ubuntu-7.0/rootfs/etc/php/7.0/cli/php.ini deleted file mode 100644 index 5eede62..0000000 --- a/ubuntu-7.0/rootfs/etc/php/7.0/cli/php.ini +++ /dev/null @@ -1,70 +0,0 @@ -[PHP] -; This directive determines whether or not PHP will recognize code between -; tags as PHP source which should be processed as such. -short_open_tag = Off - -; Implicit flush tells PHP to tell the output layer to flush itself -; automatically after every output block. -implicit_flush = Off - -; This directive allows you to disable certain functions for security reasons. -; It receives a comma-delimited list of function names. -; http://php.net/disable-functions -disable_functions = - -; Enables or disables the circular reference collector. -; http://php.net/zend.enable-gc -zend.enable_gc = On - -;;;;;;;;;;;;;;;;; -; Miscellaneous ; -;;;;;;;;;;;;;;;;; - - -; Deny executing anything else than the exact path passed from fastcgi -; This causes the PHP interpreter to only try the literal path given and to stop processing if the file is not found. -; This is for security. -; https://www.nginx.com/resources/wiki/start/topics/tutorials/config_pitfalls/#passing-uncontrolled-requests-to-php -cgi.fix_pathinfo = 0 - -expose_php = Off - -;;;;;;;;;;;;;;;;;;; -; Resource Limits ; -;;;;;;;;;;;;;;;;;;; - -; Maximum execution time of each script, in seconds -max_execution_time = 600 - -; Maximum amount of time each script may spend parsing request data. -max_input_time = 60 - -; How many GET/POST/COOKIE input variables may be accepted -; max_input_vars = 1000 - -; Maximum amount of memory a script may consume (128MB) -memory_limit = ${PHP_MEMORY_LIMIT} - -;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; -; Error handling and logging ; -;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; - -error_reporting = E_ALL - -display_errors = On - -display_startup_errors = On - -log_errors = On - -log_errors_max_len = 2048 - -ignore_repeated_errors = Off - -ignore_repeated_source = Off - -report_memleaks = On - -track_errors = On - -html_errors = Off diff --git a/ubuntu-7.0/rootfs/etc/php/7.0/fpm/conf.d/blocked.ini b/ubuntu-7.0/rootfs/etc/php/7.0/fpm/conf.d/blocked.ini deleted file mode 100644 index 4142569..0000000 --- a/ubuntu-7.0/rootfs/etc/php/7.0/fpm/conf.d/blocked.ini +++ /dev/null @@ -1,4 +0,0 @@ -; Disable some functions because they allow bad/vulnerable patterns -; We want to advocate good coding practises and these functions make it difficult -; You can use these with php cli but not with php-fpm -disable_functions = exec,passthru,shell_exec,show_source,system,pcntl_exec,popen,posix_getpwuid,posix_kill,posix_mkfifo,posix_setpgid,posix_setsid,posix_setuid,posix_setuid,posix_uname,proc_nice,proc_open,proc_close,proc_get_status diff --git a/ubuntu-7.0/rootfs/etc/php/7.0/fpm/php-fpm.conf b/ubuntu-7.0/rootfs/etc/php/7.0/fpm/php-fpm.conf deleted file mode 100644 index ece3a90..0000000 --- a/ubuntu-7.0/rootfs/etc/php/7.0/fpm/php-fpm.conf +++ /dev/null @@ -1,35 +0,0 @@ -; Run this in foregroud so s6 can control it -daemonize = no - -; Log all warnings and errors -error_log = ${PHP_ERROR_LOG} -log_level = ${PHP_ERROR_LOG_LEVEL} - -[www] -user = ${WEB_USER} -group = ${WEB_GROUP} -listen = /var/run/php-fpm.sock -listen.owner = ${WEB_USER} -listen.group = ${WEB_GROUP} -pm = dynamic - -; Total RAM dedicated to the web server / Max child process size -pm.max_children = 30 - -pm.start_servers = 1 -pm.min_spare_servers = 1 -pm.max_spare_servers = 3 - -; Redirect worker stdout and stderr into main error log. If not set, stdout and -; stderr will be redirected to /dev/null according to FastCGI specs. -; Default Value: no -catch_workers_output = yes - -; Project web root -chdir = ${WEB_ROOT} - -pm.process_idle_timeout = 10s -pm.max_requests = 500 - -; Include extra configs -include=/etc/php/7.0/fpm/php-fpm.d/*.conf diff --git a/ubuntu-7.0/rootfs/etc/php/7.0/fpm/php.ini b/ubuntu-7.0/rootfs/etc/php/7.0/fpm/php.ini deleted file mode 100644 index 472d608..0000000 --- a/ubuntu-7.0/rootfs/etc/php/7.0/fpm/php.ini +++ /dev/null @@ -1,46 +0,0 @@ -;;; -; Production settings for php and php-fpm -;;; -; All directives from /etc/php/7.0/fpm/conf.d are also included -;;; - -[PHP] - -; Don't display errors into frontend -display_errors = stderr - -; disable ignoring of repeat errors -ignore_repeated_errors = false - -; disable ignoring of unique source errors -ignore_repeated_source = false - -; enable logging of php memory leaks -report_memleaks = true - -; Deny executing anything else than the exact path passed from fastcgi -; This causes the PHP interpreter to only try the literal path given and to stop processing if the file is not found. -; This is for security. Source: https://www.nginx.com/resources/wiki/start/topics/tutorials/config_pitfalls/#passing-uncontrolled-requests-to-php -cgi.fix_pathinfo = 0 - -; disable html markup of errors -html_errors = false - -; disable formatting of error reference links -docref_root = 0 - -; disable formatting of error reference links -docref_ext = 0 - -; disable max error string length ( by using so big number that bigger messages don't matter ) -log_errors_max_len = 10000 - -; Don't show startup errors -display_startup_errors = Off -track_errors = Off - -; Redirect worker stdout and stderr into main error log. If not set, stdout and -; stderr will be redirected to /dev/null according to FastCGI specs. -; Default Value: no -catch_workers_output = yes - diff --git a/ubuntu-7.0/rootfs/etc/services.d/php-fpm/run b/ubuntu-7.0/rootfs/etc/services.d/php-fpm/run deleted file mode 100644 index 60b0cb8..0000000 --- a/ubuntu-7.0/rootfs/etc/services.d/php-fpm/run +++ /dev/null @@ -1,53 +0,0 @@ -#!/usr/bin/with-contenv bash - -## -# Check which kind of session backend we should be using -## -if [ -z "$PHP_SESSION_SAVE_PATH" ]; then - echo "[php-fpm] configuring php-fpm session backend..." - - # Use 'files' as default session handler - export PHP_SESSION_HANDLER=${PHP_SESSION_HANDLER-files} - - case "$PHP_SESSION_HANDLER" in - - files) - mkdir -p /tmp/php - chown $WEB_USER:$WEB_GROUP /tmp/php - - # export new env for php-fpm - export PHP_SESSION_SAVE_PATH='/tmp/php' - ;; - redis) - # Set defaults - REDIS_HOST=${REDIS_HOST-$REDIS_1_PORT_6379_TCP_ADDR} - REDIS_PORT=${REDIS_PORT-6379} - REDIS_SCHEME=${REDIS_SCHEME-tcp} - REDIS_PHP_SESSION_HOST=${REDIS_PHP_SESSION_HOST-$REDIS_1_PORT_6379_TCP_ADDR} - - # After this time php-fpm will timeout from requesting session data - PHP_SESSION_REDIS_TIMEOUT=${PHP_SESSION_REDIS_TIMEOUT-5} - - PHP_SESSION_REDIS_PARAMS="timeout=$PHP_SESSION_REDIS_TIMEOUT" - - # Set these only if they are not 0 and '' because they add complexity for the query - if [ "$PHP_SESSION_REDIS_DB" != "" ]; then - PHP_SESSION_REDIS_PARAMS+="&database=$PHP_SESSION_REDIS_DB" - fi - if [ "$REDIS_PASSWORD" != "" ]; then - PHP_SESSION_REDIS_PARAMS+="&auth=$REDIS_PASSWORD" - fi - if [ "$PHP_SESSION_REDIS_PREFIX" != "" ]; then - PHP_SESSION_REDIS_PARAMS+="&prefix=$PHP_SESSION_REDIS_PREFIX" - fi - - # export new env for php-fpm - export PHP_SESSION_SAVE_PATH="$REDIS_SCHEME://$REDIS_PHP_SESSION_HOST:$REDIS_PORT?$PHP_SESSION_REDIS_PARAMS" - ;; - esac -fi -echo "[php-fpm] using $PHP_SESSION_SAVE_PATH for php sessions..." - -echo "[php-fpm] started php-fpm" -exec php-fpm -c /etc/php/7.0/fpm/php.ini --fpm-config /etc/php/7.0/fpm/php-fpm.conf --pid /var/run/php-fpm.pid - diff --git a/ubuntu-7.1/.dockerignore b/ubuntu-7.1/.dockerignore deleted file mode 100644 index a18daff..0000000 --- a/ubuntu-7.1/.dockerignore +++ /dev/null @@ -1,12 +0,0 @@ -# These files are ignored from being uploaded to docker build context - -# Git is not needed in docker image building -.git - -# No OSX rubbish -.DS_Store - -# Development stuff -docker-compose.yml -.dockerignore -Dockerfile diff --git a/ubuntu-7.1/Dockerfile b/ubuntu-7.1/Dockerfile deleted file mode 100644 index 12eb760..0000000 --- a/ubuntu-7.1/Dockerfile +++ /dev/null @@ -1,186 +0,0 @@ -FROM devgeniem/ubuntu-docker-openresty-pagespeed:latest -MAINTAINER Ville Pietarinen - Geniem Oy - -## -# Only use these during installation -## -ARG LANG=C.UTF-8 -ARG DEBIAN_FRONTEND=noninteractive - -## -# Install php7 packages from dotdeb.org -# - Dotdeb is an extra repository providing up-to-date packages for your Debian servers -## -RUN \ - apt-get update \ -&& apt-get -y install software-properties-common \ - && add-apt-repository ppa:ondrej/php \ - && apt-get -y --no-install-recommends install \ - apt-utils \ - curl \ - nano \ - ca-certificates \ - git \ - mysql-client \ - msmtp \ - postfix \ - netcat \ - less \ - libmcrypt-dev \ - && apt-get update \ - && apt-get -y --no-install-recommends install \ - php7.1-cli \ - php7.1-common \ - php7.1-apcu \ - php7.1-apcu-bc \ - php7.1-curl \ - php7.1-json \ - php7.1-mcrypt \ - php7.1-opcache \ - php7.1-readline \ - php7.1-xml \ - php7.1-zip \ - php7.1-fpm \ - php7.1-redis \ - php7.1-mongodb \ - php7.1-mysqli \ - php7.1-intl \ - php7.1-gd \ - php7.1-mbstring \ - php7.1-soap \ - php7.1-bcmath \ - php7.1-curl \ - php7.1-ldap \ - php7.1-mcrypt \ - # Force install only cron without extra mailing dependencies - && cd /tmp \ - && apt-get download cron \ - && dpkg --force-all -i cron*.deb \ - && mkdir -p /var/spool/cron/crontabs \ - # Cleanup - && apt-get clean \ - && apt-get autoremove \ - && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* /usr/share/doc/* /var/log/apt/* /var/log/*.log - - -# Install helpers -RUN \ - ## - # Install composer - ## - curl -sS https://getcomposer.org/installer | php -- --install-dir=/usr/local/bin --filename=composer \ - && composer global require hirak/prestissimo \ - - ## - # Install wp-cli - # source: http://wp-cli.org/ - ## - && curl -L https://raw.githubusercontent.com/wp-cli/builds/gh-pages/phar/wp-cli.phar -o /usr/local/bin/wp-cli \ - && chmod +rx /usr/local/bin/wp-cli \ - # Symlink it to /usr/bin as well so that cron can find this script with limited PATH - && ln -s /usr/local/bin/wp-cli /usr/bin/wp-cli \ - - ## - # Install cronlock for running cron correctly with multi container setups - # https://github.com/kvz/cronlock - ## - && curl -L https://raw.githubusercontent.com/kvz/cronlock/master/cronlock -o /usr/local/bin/cronlock \ - && chmod +rx /usr/local/bin/cronlock \ - # Symlink it to /usr/bin as well so that cron can find this script with limited PATH - && ln -s /usr/local/bin/cronlock /usr/bin/cronlock - -## -# Add Project files like nginx and php-fpm processes and configs -# Also custom scripts and bashrc -## -COPY rootfs/ / - -# Run small fixes -RUN set -x \ - && mkdir -p /var/www/uploads \ - && mkdir -p /tmp/php-opcache \ - && ln -sf /usr/sbin/php-fpm7.1 /usr/sbin/php-fpm \ - && ln -sf /usr/bin/wp /usr/local/bin/wp -# This is for your project root -ENV PROJECT_ROOT="/var/www/project" - -ENV \ - # Add interactive term - TERM="xterm" \ - # Set defaults which can be overriden - MYSQL_PORT="3306" \ - # Use default web port in nginx but allow it to be overridden - # This also works correctly with flynn: - # https://github.com/flynn/flynn/issues/3213#issuecomment-237307457 - PORT="8080" \ - # Use custom users for nginx and php-fpm - WEB_USER="wordpress" \ - WEB_GROUP="web" \ - WEB_UID=1000 \ - WEB_GID=1001 \ - # Set defaults for redis - REDIS_PORT="6379" \ - REDIS_DATABASE="0" \ - REDIS_PASSWORD="" \ - REDIS_SCHEME="tcp" \ - # Set defaults for NGINX redis cache - # This variable uses seconds by default - # Time units supported are "s"(seconds), "ms"(milliseconds), "y"(years), "M"(months), "w"(weeks), "d"(days), "h"(hours), and "m"(minutes). - NGINX_REDIS_CACHE_TTL_DEFAULT="900" \ - NGINX_REDIS_CACHE_TTL_MAX="4h" \ - NGINX_CACHE_DIRECTORY="/tmp/nginx/fullpage" \ - # Default operations when fastcgi stale cache is used - NGINX_CACHE_USE_STALE="error timeout invalid_header updating http_500 http_503 http_403 http_404" \ - # Default headers for fastcgi stale- and error cache - NGINX_CACHE_CONTROL='"max-age=60, stale-while-revalidate=300, stale-if-error=21600"'\ - # Cronlock is used to stop simultaneous cronjobs in clusterised environments - CRONLOCK_HOST="" \ - # This is used by nginx and php-fpm - WEB_ROOT="${PROJECT_ROOT}/web" \ - # This is used automatically by wp-cli - WP_CORE="${PROJECT_ROOT}/web/wp" \ - # Nginx include files - NGINX_INCLUDE_DIR="/var/www/project/nginx" \ - # Allow bigger file uploads - NGINX_MAX_BODY_SIZE="10M" \ - # Allow storing bigger body in memory - NGINX_BODY_BUFFER_SIZE="32k" \ - # Have sane fastcgi timeout by default - NGINX_FASTCGI_TIMEOUT="30" \ - # Have sane fastcgi timeout by default - NGINX_ERROR_LEVEL="warn" \ - # Have sane fastcgi timeout by default - NGINX_ERROR_LOG="stderr" \ - # Have sane fastcgi timeout by default - NGINX_ACCESS_LOG="/dev/stdout" \ - # Default cache key for nginx http cache - NGINX_CACHE_KEY='wp_:nginx:$real_scheme$request_method$host$request_uri' \ - # PHP settings - PHP_MEMORY_LIMIT="128M" \ - PHP_MAX_INPUT_VARS="1000" \ - PHP_ERROR_LOG="/proc/self/fd/1" \ - PHP_ERROR_LOG_LEVEL="warning" \ - PHP_ERROR_LOG_MAX_LEN="8192" \ - PHP_SESSION_REDIS_DB="0" \ - PHP_SESSION_HANDLER="files" \ - # You should count the *.php files in your project and set this number to be bigger - # $ find . -type f -print | grep php | wc -l - PHP_OPCACHE_MAX_FILES="8000" \ - # Amount of memory in MB to allocate for opcache - PHP_OPCACHE_MAX_MEMORY="128" \ - # Use host machine as default SMTP_HOST - SMTP_HOST="172.17.1.1" \ - # This folder is used to mount files into host machine - # You should use this path for your uploads since everything else should be ephemeral - UPLOADS_ROOT="/var/www/uploads" \ - # This can be overidden by you, it's just default for us - TZ="Europe/Helsinki" -# Setup $TZ. Remember to run this again in your own build - # Make sure that all files here have execute permissions -RUN dpkg-reconfigure tzdata && \ - chmod +x /etc/cont-init.d/* -# Set default path to project folder for easier running commands in project -WORKDIR ${PROJECT_ROOT} -EXPOSE ${PORT} -ENTRYPOINT ["/init"] - diff --git a/ubuntu-7.1/rootfs/etc/ImageMagick b/ubuntu-7.1/rootfs/etc/ImageMagick deleted file mode 100644 index d88e8bf..0000000 --- a/ubuntu-7.1/rootfs/etc/ImageMagick +++ /dev/null @@ -1,11 +0,0 @@ - - - - - - - - - - - diff --git a/ubuntu-7.1/rootfs/etc/cont-init.d/00-render-templates b/ubuntu-7.1/rootfs/etc/cont-init.d/00-render-templates deleted file mode 100755 index 56f69f3..0000000 --- a/ubuntu-7.1/rootfs/etc/cont-init.d/00-render-templates +++ /dev/null @@ -1,85 +0,0 @@ -#!/usr/bin/with-contenv bash -## -# This script uses clever heredoc hack to substitute env variables into static config files -# Source: http://stackoverflow.com/questions/2914220/bash-templating-how-to-build-configuration-files-from-templates-with-bash -## - -## -# Replaces ${ENV} placoholders from file with provided variables -# $1 - ':'' separated list of variables -# $2 - filename to render -## -function render_env_tmpl() { - vars=$1 - input_file=$2 - # If filename ends with .tmpl replace it without the .tmpl - filename=$(dirname $input_file)/$(basename $input_file .tmpl) - - tmp_file=/tmp/$(basename $filename) - - # render all provided $vars to temporary file - envsubst "$vars" < $input_file > $tmp_file - - # replace original file with rendered file - mv $tmp_file $filename -} - -echo "[cont-init.d] Substituting env into configuration files..." - -## -# Nginx doesn't support env variables in config files so we will have to do this in hacky way instead -## -VARS='$PORT:$WEB_ROOT:$WEB_USER:$WEB_GROUP:$NGINX_ACCESS_LOG:$NGINX_ERROR_LOG:$NGINX_ERROR_LEVEL:$NGINX_INCLUDE_DIR:$NGINX_MAX_BODY_SIZE:$NGINX_BODY_BUFFER_SIZE:$NGINX_FASTCGI_TIMEOUT:$WP_ENV:$NGINX_CACHE_KEY' -render_env_tmpl "$VARS" /etc/nginx/nginx.conf - -## -# Redis cache needs to know the redis instance and credentials -## - -# Set defaults if they are not set -export REDIS_HOST=${REDIS_HOST-$REDIS_1_PORT_6379_TCP_ADDR} -export REDIS_PORT=${REDIS_PORT-6379} -export REDIS_DATABASE=${REDIS_DATABASE-0} -export REDIS_PASSWORD=${REDIS_PASSWORD-''} -export REDIS_CACHE_TTL=${REDIS_CACHE_TTL-14400} - -# Add helper variables for AWS s3 bucket storage -VARS+='$AWS_S3_BUCKET_NAME:AWS_S3_REPLICA_BUCKET_NAME' - -# Add Redis variables -VARS+='$REDIS_HOST:$REDIS_PORT:$REDIS_DATABASE:$REDIS_PASSWORD:$NGINX_REDIS_CACHE_TTL_MAX:$NGINX_REDIS_CACHE_TTL_DEFAULT:$NGINX_REDIS_CACHE_PREFIX' - -# Add image proxy variables -VARS+='$GOOGLE_CLOUD_STORAGE_BUCKET_NAME' - -# Add cache variables -VARS+='$NGINX_CACHE_USE_STALE:$NGINX_CACHE_CONTROL:$NGINX_CACHE_DIRECTORY' - -render_env_tmpl "$VARS" /etc/nginx/cache/redis_backend.conf - -render_env_tmpl "$VARS" /etc/nginx/cache/srcache.conf -render_env_tmpl "$VARS" /etc/nginx/cache/fastcgicache_settings.conf -render_env_tmpl "$VARS" /etc/nginx/cache/fastcgicache_skip_rules.conf -## -# Render all user provided nginx templates -## -VARS+='$BASIC_AUTH_USER:$BASIC_AUTH_PASSWORD_HASH' -for conf_file in $(find $NGINX_INCLUDE_DIR -type f -name '*.tmpl'); do - echo "[cont-init.d] Rendering env in $conf_file..." - - # Add helper variables for easier scripting - export __DIR__=$(dirname $conf_file) - - VARS_TMPL=$VARS':$__DIR__' - render_env_tmpl "$VARS_TMPL" $conf_file -done - -# Encrypt basic auth password if it set -if [[ -z "${BASIC_AUTH_PASSWORD}" ]]; -then - echo "Not encrypting BASIC_AUTH_PASSWORD..." -else - BASIC_AUTH_PASSWORD_HASH=$(openssl passwd -crypt $BASIC_AUTH_PASSWORD) - echo "Encrypting BASIC_AUTH_PASSWORD... ${BASIC_AUTH_PASSWORD} -> ${BASIC_AUTH_PASSWORD_HASH}" - echo "${BASIC_AUTH_USER}:${BASIC_AUTH_PASSWORD_HASH}" > /var/www/project/nginx/environments/${WP_ENV}/server/.htpasswd -fi diff --git a/ubuntu-7.1/rootfs/etc/cont-init.d/01-create-web-user b/ubuntu-7.1/rootfs/etc/cont-init.d/01-create-web-user deleted file mode 100755 index aeb0aa7..0000000 --- a/ubuntu-7.1/rootfs/etc/cont-init.d/01-create-web-user +++ /dev/null @@ -1,58 +0,0 @@ -#!/usr/bin/with-contenv bash - -## -# If $WEB_USER user and web group already exists just skip the user creation -## -if id -u $WEB_USER > /dev/null 2>&1 && getent group $WEB_GROUP > /dev/null 2>&1; then - echo "[cont-init.d] user:$WEB_USER and group:$WEB_GROUP already exist, skipping..." - exit 0 -fi - -## -# Create $WEB_USER user with $WEB_UID and web group with $WEB_GID -## - -# Set defaults if they are not set -export WEB_USER=${WEB_USER-wordpress} -export WEB_GROUP=${WEB_GROUP-web} -export WEB_UID=${WEB_UID-1000} -export WEB_GID=${WEB_GID-1000} - -echo "[cont-init.d] Creating $WEB_USER user with id: $WEB_UID and group web with id: $WEB_GID" - -# Create web group -if [ -n "$WEB_GID" ]; then - - # Check if group with $WEB_GID already exists - web_group=$(getent group $WEB_GID | cut -d':' -f1) - - if [ -n "$web_group" ]; then - - # Replace the existing group name to web - # This is done so that in local development we can just lookup permissions from mounted folders - # This UID/GID can be same as something already existing inside container - # This way we can use same uid/gid in container and host machine - echo "[cont-init.d] Replacing pre-existing group name $web_group -> $WEB_GROUP" - sed -i "s|$web_group|$WEB_GROUP|g" /etc/group - - else - # Create new group - echo "$ groupadd -g $WEB_GID $WEB_GROUP" - groupadd -g $WEB_GID $WEB_GROUP - fi -else - echo "[cont-init.d] ERROR: Please set web user group id in WEB_GID" 1>&2 - exit 2 -fi - -# Create $WEB_USER user -if [ -n "$WEB_UID" ] && [ -n "$WEB_GID" ] ; then - echo "$ useradd -u $WEB_UID -g $WEB_GROUP --home $PROJECT_ROOT $WEB_USER" - useradd -u $WEB_UID -g $WEB_GROUP --home $PROJECT_ROOT $WEB_USER -else - echo "[cont-init.d] ERROR: Please set web user id in WEB_UID" 1>&2 - exit 2 -fi - -# Check that processes can write logs -chown $WEB_USER:$WEB_GROUP /var/log diff --git a/ubuntu-7.1/rootfs/etc/cont-init.d/02-init-crond b/ubuntu-7.1/rootfs/etc/cont-init.d/02-init-crond deleted file mode 100755 index 962a79e..0000000 --- a/ubuntu-7.1/rootfs/etc/cont-init.d/02-init-crond +++ /dev/null @@ -1,30 +0,0 @@ -#!/usr/bin/with-contenv bash - -# Copy cronjob from project and run as nginx -if [ -f $PROJECT_ROOT/tasks.cron ]; then - - # Setup all container env for cron - printenv | grep -v ^_= | grep -v "no_proxy" >> /etc/environment - - # Use default redis for cronlock if cronlock variables are not set - if [ -n "$REDIS_HOST" ] && [ -z "$CRONLOCK_HOST" ] ; then - echo "CRONLOCK_HOST=$REDIS_HOST" >> /etc/environment - fi - if [ -n "$REDIS_PASSWORD" ] && [ -z "$CRONLOCK_AUTH" ] ; then - echo "CRONLOCK_AUTH=$REDIS_PASSWORD" >> /etc/environment - fi - if [ -n "$REDIS_PORT" ] && [ -z "$CRONLOCK_PORT" ] ; then - echo "CRONLOCK_PORT=$REDIS_PORT" >> /etc/environment - fi - # env for running wp cron - echo "CRON_URL=$CRON_URL" >> /etc/environment; - # Copy cron template - cp $PROJECT_ROOT/tasks.cron /var/spool/cron/crontabs/$WEB_USER - chown $WEB_USER /var/spool/cron/crontabs/$WEB_USER - chmod 0600 /var/spool/cron/crontabs/$WEB_USER -else - # No cronjobs found remove crond from s6 - if [ -f /etc/services.d/cron ]; then - rm -r /etc/services.d/cron - fi -fi diff --git a/ubuntu-7.1/rootfs/etc/cont-init.d/02-init-directories-and-files b/ubuntu-7.1/rootfs/etc/cont-init.d/02-init-directories-and-files deleted file mode 100755 index 34df974..0000000 --- a/ubuntu-7.1/rootfs/etc/cont-init.d/02-init-directories-and-files +++ /dev/null @@ -1,18 +0,0 @@ -#!/usr/bin/with-contenv bash - -# Create uploads directory if not exists -mkdir -p $UPLOADS_ROOT -chown $WEB_USER:$WEB_GROUP $UPLOADS_ROOT - -# Create dir for nginx tmp files -mkdir -p /tmp/nginx/body -chown -R $WEB_USER:$WEB_GROUP /tmp/nginx - -# Create log directories if they don't exist already -mkdir -p /var/log/{nginx,php,mail} - -# Create error.log so that php-fpm can write to it -touch /var/log/php/error.log - -# Chown all files to wordpress -chown -R $WEB_USER:$WEB_GROUP /var/log/{nginx,php,mail} diff --git a/ubuntu-7.1/rootfs/etc/nginx/cache/fastcgicache.conf b/ubuntu-7.1/rootfs/etc/nginx/cache/fastcgicache.conf deleted file mode 100644 index 1455277..0000000 --- a/ubuntu-7.1/rootfs/etc/nginx/cache/fastcgicache.conf +++ /dev/null @@ -1,13 +0,0 @@ -## -# Add few rules which deny using cache -## -include cache/fastcgicache_skip_rules.conf; -include cache/helper_variables.conf; -fastcgi_cache_bypass $skip_cache; -fastcgi_no_cache $skip_cache; - -fastcgi_cache WORDPRESS; -#proxy_ignore_headers Set-Cookie Expires Cache-Control; - -# Add header for easier cache debugging -add_header X-Cache $upstream_cache_status always; diff --git a/ubuntu-7.1/rootfs/etc/nginx/cache/fastcgicache_settings.conf b/ubuntu-7.1/rootfs/etc/nginx/cache/fastcgicache_settings.conf deleted file mode 100644 index 79cae30..0000000 --- a/ubuntu-7.1/rootfs/etc/nginx/cache/fastcgicache_settings.conf +++ /dev/null @@ -1,9 +0,0 @@ -## -# Basic settings of Fast cgi cache -## -fastcgi_cache_path ${NGINX_CACHE_DIRECTORY} levels=1:2 keys_zone=WORDPRESS:100m max_size=1000m inactive=730h; -fastcgi_cache_key $scheme$request_method$host$request_uri; -fastcgi_cache_lock on; -fastcgi_cache_use_stale ${NGINX_CACHE_USE_STALE}; -fastcgi_cache_valid ${NGINX_REDIS_CACHE_TTL_DEFAULT}; -add_header 'Cache-Control' ${NGINX_CACHE_CONTROL}; \ No newline at end of file diff --git a/ubuntu-7.1/rootfs/etc/nginx/cache/fastcgicache_skip_rules.conf b/ubuntu-7.1/rootfs/etc/nginx/cache/fastcgicache_skip_rules.conf deleted file mode 100644 index 99bbc0e..0000000 --- a/ubuntu-7.1/rootfs/etc/nginx/cache/fastcgicache_skip_rules.conf +++ /dev/null @@ -1,75 +0,0 @@ -## -# Add few rules which deny using cache -## - -# Don't skip cache by default -set $skip_cache 0; -# insert project specific cache rules to this file (delete this row when all projects are updated) -include /var/www/project/nginx/server/skip_cache.conf; -# insert project specific cache rules to this folder -include ${NGINX_INCLUDE_DIR}/skipcache/*.conf; - -# POST requests and urls with a query string should always go to PHP -if ($request_method = POST) { - set $skip_cache 1; -} - -# Deal with accepted query vars -set $without $query_string; - -set_by_lua_block $cache_args { - -- Helper split string function - function split( inputstr, sep ) - if sep == nil then - sep = "%s" - end - local t={} ; i=1 - for str in string.gmatch(inputstr, "([^" .. sep .. "]+)") do - t[ i ] = str - i = i + 1 - end - return t - end - - -- Helper escape special chars function - function esc( str ) - return str:gsub( "([^%w])", "%%%1" ) - end - - local with = {} - local without = ngx.var.without - - -- Get a list of accepted query vars from env variable - local accepted = split( ( os.getenv( 'CACHE_QUERYVARS' ) or "" ), "," ) - - -- Loop through the list - for key, accept in pairs(accepted) do - -- If there is a value present for the variable, store it in a variable - if ngx.decode_args( without )[ accept ] then - table.insert( with, accept .. "=" .. ngx.decode_args( without )[ accept ] ) - end - -- Remove the accepted key-value pair from the string - without = string.gsub( without, "&?" .. esc( accept ) .. "=[^&]+", "" ) - end - - -- Store all non-accepted query vars to checked later - ngx.var.without = without - - -- Return accepted query var key-value pairs to be used in the cache key - return "?" .. table.concat( with, "&" ) -} - -# If there were any unaccepted query vars, skip cache -if ($without != "") { - set $skip_cache 1; -} - -# Don't use the cache for logged in users or recent commenters -if ($http_cookie ~* "comment_author|wordpress_[a-f0-9]+|wp-postpass|wordpress_no_cache|wordpress_logged_in|woocommerce_items_in_cart") { - set $skip_cache 1; -} - -# Don't cache responses from wp-admin, xmlrpc and wp-login.php -if ($request_uri ~* "/wp-admin/|/xmlrpc.php|wp-.*.php") { - set $skip_cache 1; -} \ No newline at end of file diff --git a/ubuntu-7.1/rootfs/etc/nginx/cache/redis_backend.conf b/ubuntu-7.1/rootfs/etc/nginx/cache/redis_backend.conf deleted file mode 100644 index e9f86a3..0000000 --- a/ubuntu-7.1/rootfs/etc/nginx/cache/redis_backend.conf +++ /dev/null @@ -1,45 +0,0 @@ -## -# Adds internal locations for storing and getting full page cache from redis -## - -srcache_default_expire '${NGINX_REDIS_CACHE_TTL_DEFAULT}'; -srcache_max_expire '${NGINX_REDIS_CACHE_TTL_MAX}'; - -location /redis-fetch { - internal; - - ## - # In order to use password authentication we use custom redis module which adds $redis_auth: - # - https://github.com/Yongke/ngx_http_redis-0.3.7 - ## - - # Read the configuration from system envs - set $redis_auth '${REDIS_PASSWORD}'; - set $redis_db ${REDIS_DATABASE}; - - set $redis_key $args; - - redis_pass ${REDIS_HOST}:${REDIS_PORT}; -} - -location /redis-store { - internal; - - set_unescape_uri $exptime $arg_exptime; - set_unescape_uri $key $arg_key; - - # Fix caching problem for now - # There's issue in github https://github.com/openresty/srcache-nginx-module/issues/61 - set_if_empty $srcache_expire '${NGINX_REDIS_CACHE_TTL_DEFAULT}'; - - # redis module pipelines these 3 commands into single request - redis2_query auth '${REDIS_PASSWORD}'; - redis2_query select ${REDIS_DATABASE}; - - # Set and expire with one command: http://redis.io/commands/setex - redis2_query setex $key $srcache_expire $echo_request_body; - - # Pass the request to redis - redis2_pass ${REDIS_HOST}:${REDIS_PORT}; - -} diff --git a/ubuntu-7.1/rootfs/etc/nginx/cache/skip_rules.conf b/ubuntu-7.1/rootfs/etc/nginx/cache/skip_rules.conf deleted file mode 100644 index 43344c8..0000000 --- a/ubuntu-7.1/rootfs/etc/nginx/cache/skip_rules.conf +++ /dev/null @@ -1,30 +0,0 @@ -## -# Add few rules which deny using cache -## - -# Don't skip cache by default -set $skip_cache 0; - -# POST requests and urls with a query string should always go to PHP -if ($request_method = POST) { - set $skip_cache 1; -} - -# If theres any args skip cache -if ($query_string != "") { - set $skip_cache 1; -} - -# Don't use the cache for logged in users or recent commenters -if ($http_cookie ~* "comment_author|wordpress_[a-f0-9]+|wp-postpass|wordpress_no_cache|wordpress_logged_in|woocommerce_items_in_cart") { - set $skip_cache 1; -} - -# Don't cache responses from wp-admin, xmlrpc and wp-login.php -if ($request_uri ~* "/wp-admin/|/xmlrpc.php|wp-.*.php") { - set $skip_cache 1; -} - -# Skip fetch and skip if conditions are met -srcache_fetch_skip $skip_cache; -srcache_store_skip $skip_cache; diff --git a/ubuntu-7.1/rootfs/etc/nginx/cache/srcache.conf b/ubuntu-7.1/rootfs/etc/nginx/cache/srcache.conf deleted file mode 100644 index 85027dd..0000000 --- a/ubuntu-7.1/rootfs/etc/nginx/cache/srcache.conf +++ /dev/null @@ -1,20 +0,0 @@ -## -# Add few rules which deny using cache -## -include cache/skip_rules.conf; -include cache/helper_variables.conf; - -# Use redis caching for all pages -# Allow different cache key from env -# Use 'wp_' prefix so that cache can be flushed with: -# $ wp cache flush -set $cache_key "${NGINX_CACHE_KEY}"; -set_escape_uri $escaped_cache_key $cache_key; - -srcache_response_cache_control on; - -srcache_fetch GET /redis-fetch $cache_key; -srcache_store PUT /redis-store key=$escaped_cache_key; - -# Add header for easier cache debugging -add_header X-Cache $srcache_fetch_status; diff --git a/ubuntu-7.1/rootfs/etc/nginx/error_pages.conf b/ubuntu-7.1/rootfs/etc/nginx/error_pages.conf deleted file mode 100644 index 700cc6b..0000000 --- a/ubuntu-7.1/rootfs/etc/nginx/error_pages.conf +++ /dev/null @@ -1,31 +0,0 @@ -## -# Custom error pages -## - -## 403 - Forbidden -error_page 403 /403.html; -location = /403.html { - root /usr/share/nginx/html; - internal; -} - -## 500 - Internal Server Error -error_page 500 /500.html; -location = /500.html { - root /usr/share/nginx/html; - internal; -} - -## 502 - Bad Gateway -error_page 502 /502.html; -location = /502.html { - root /usr/share/nginx/html; - internal; -} - -## 504 - Gateway Timeout -error_page 504 /504.html; -location = /504.html { - root /usr/share/nginx/html; - internal; -} diff --git a/ubuntu-7.1/rootfs/etc/nginx/fastcgi_params b/ubuntu-7.1/rootfs/etc/nginx/fastcgi_params deleted file mode 100644 index 6fccf4f..0000000 --- a/ubuntu-7.1/rootfs/etc/nginx/fastcgi_params +++ /dev/null @@ -1,29 +0,0 @@ -# These are just basic things form request -fastcgi_param QUERY_STRING $query_string; -fastcgi_param REQUEST_METHOD $request_method; -fastcgi_param CONTENT_TYPE $content_type; -fastcgi_param CONTENT_LENGTH $content_length; - -fastcgi_param SCRIPT_NAME $fastcgi_script_name; -fastcgi_param REQUEST_URI $request_uri; -fastcgi_param DOCUMENT_URI $document_uri; -fastcgi_param DOCUMENT_ROOT $document_root; -fastcgi_param SERVER_PROTOCOL $server_protocol; - -fastcgi_param GATEWAY_INTERFACE CGI/1.1; -fastcgi_param SERVER_SOFTWARE nginx/$nginx_version; - -## -# Set these using the knowledge that we are behind proxy -## -fastcgi_param REMOTE_ADDR $real_remote; -fastcgi_param REMOTE_PORT $remote_port; -fastcgi_param SERVER_ADDR $server_addr; -fastcgi_param SERVER_PORT $real_port; -fastcgi_param SERVER_NAME $real_host; -fastcgi_param HTTPS $real_https; -fastcgi_param REQUEST_SCHEME $real_scheme; -fastcgi_param HTTP_HOST $real_host; - -# PHP only, required if PHP was built with --enable-force-cgi-redirect -fastcgi_param REDIRECT_STATUS 200; diff --git a/ubuntu-7.1/rootfs/etc/nginx/fastcgi_settings.conf b/ubuntu-7.1/rootfs/etc/nginx/fastcgi_settings.conf deleted file mode 100644 index 25683fb..0000000 --- a/ubuntu-7.1/rootfs/etc/nginx/fastcgi_settings.conf +++ /dev/null @@ -1,23 +0,0 @@ -# regex to split $uri to $fastcgi_script_name and $fastcgi_path -fastcgi_split_path_info ^(.+\.php)(/.+)$; - -# Bypass the fact that try_files resets $fastcgi_path_info -# see: http://trac.nginx.org/nginx/ticket/321 -set $path_info $fastcgi_path_info; -fastcgi_param PATH_INFO $path_info; - -# Intercept errors from php-fpm -# These can be: -# - timeouts for long running requests -# - requested php file might be missing or not existing in the first place -fastcgi_intercept_errors on; - -fastcgi_index index.php; - -# Small optimisation on fastcgi buffer size -# defaults are 8k; -fastcgi_buffers 16 16k; -fastcgi_buffer_size 16k; - -# Include basic fastcgi settings -include fastcgi_params; diff --git a/ubuntu-7.1/rootfs/etc/nginx/gzip.conf b/ubuntu-7.1/rootfs/etc/nginx/gzip.conf deleted file mode 100644 index 69737cc..0000000 --- a/ubuntu-7.1/rootfs/etc/nginx/gzip.conf +++ /dev/null @@ -1,58 +0,0 @@ -# Compression - -# Enable Gzip compressed. -gzip on; - -# Compression level (1-9). -# 5 is a perfect compromise between size and cpu usage, offering about -# 75% reduction for most ascii files (almost identical to level 9). -gzip_comp_level 5; - -# Don't compress anything that's already small and unlikely to shrink much -# if at all (the default is 20 bytes, which is bad as that usually leads to -# larger files after gzipping). -gzip_min_length 256; - -# Compress data even for clients that are connecting to us via proxies, -# identified by the "Via" header (required for CloudFront). -gzip_proxied any; - -# Tell proxies to cache both the gzipped and regular version of a resource -# whenever the client's Accept-Encoding capabilities header varies; -# Avoids the issue where a non-gzip capable client (which is extremely rare -# today) would display gibberish if their proxy gave them the gzipped version. -gzip_vary on; - -# Compress all output labeled with one of the following MIME-types. -gzip_types - application/atom+xml - application/javascript - application/json - application/ld+json - application/manifest+json - application/rss+xml - application/vnd.geo+json - application/vnd.ms-fontobject - application/x-font-ttf - application/x-web-app-manifest+json - application/xhtml+xml - application/xml - font/opentype - image/bmp - image/svg+xml - image/x-icon - text/cache-manifest - text/css - text/plain - text/vcard - text/vnd.rim.location.xloc - text/vtt - text/x-component - text/x-cross-domain-policy; -# text/html is always compressed by HttpGzipModule - -# This should be turned on if you are going to have pre-compressed copies (.gz) of -# static files available. If not it should be left off as it will cause extra I/O -# for the check. It is best if you enable this in a location{} block for -# a specific directory, or on an individual server{} level. -# gzip_static on; diff --git a/ubuntu-7.1/rootfs/etc/nginx/log_format.conf b/ubuntu-7.1/rootfs/etc/nginx/log_format.conf deleted file mode 100644 index 74c5779..0000000 --- a/ubuntu-7.1/rootfs/etc/nginx/log_format.conf +++ /dev/null @@ -1,16 +0,0 @@ -# Log cache status -# Log real requester address -log_format custom '[$time_local] $http_x_real_ip ' - '$host "$request" $status $body_bytes_sent $request_time ' - '"$http_referer" "$http_user_agent" $upstream_cache_status'; - -## -# Legacy formats which might be in use somewhere -## -# This log format makes it so we can see real requester's IP address \ -# not just the reverse proxy server's IP address. Also note, that \ -# "specialLog" can be replaced with any name you would like to \ -# give to this log format. -log_format specialLog '[$time_local] $http_x_real_ip ' - '$host "$request" $status $body_bytes_sent $request_time ' - '"$http_referer" "$http_user_agent" $upstream_cache_status'; \ No newline at end of file diff --git a/ubuntu-7.1/rootfs/etc/nginx/log_formats.conf b/ubuntu-7.1/rootfs/etc/nginx/log_formats.conf deleted file mode 100644 index 9e4e2fc..0000000 --- a/ubuntu-7.1/rootfs/etc/nginx/log_formats.conf +++ /dev/null @@ -1,19 +0,0 @@ -# Log cache status -# Log real requester address -log_format custom '[$time_local] $http_x_forwarded_for ' - '$host "$request" $status $body_bytes_sent $request_time ' - '"$http_referer" "$http_user_agent" $upstream_cache_status'; - -# A new log format for detecting bad bots. -log_format blocked '[$time_local] Blocked request from $http_x_forwarded_for $request'; - -## -# Legacy formats which might be in use somewhere -## -# This log format makes it so we can see real requester's IP address \ -# not just the reverse proxy server's IP address. Also note, that \ -# "specialLog" can be replaced with any name you would like to \ -# give to this log format. -log_format specialLog '[$time_local] $http_x_forwarded_for ' - '$host "$request" $status $body_bytes_sent $request_time ' - '"$http_referer" "$http_user_agent" $upstream_cache_status'; \ No newline at end of file diff --git a/ubuntu-7.1/rootfs/etc/nginx/nginx.conf b/ubuntu-7.1/rootfs/etc/nginx/nginx.conf deleted file mode 100644 index 2a1dd41..0000000 --- a/ubuntu-7.1/rootfs/etc/nginx/nginx.conf +++ /dev/null @@ -1,354 +0,0 @@ -# Default user and group for the nginx@index -user ${WEB_USER} ${WEB_GROUP}; - -# Default error log -error_log ${NGINX_ERROR_LOG} ${NGINX_ERROR_LEVEL}; - -# Write process id here -pid /var/run/nginx.pid; - -# Load custom environment variables -include env.conf; - -# How many worker threads to run; -# "auto" sets it to the number of CPU cores available in the system, and -# offers the best performance. Don't set it higher than the number of CPU -# cores if changing this parameter. - -# The maximum number of connections for Nginx is calculated by: -# max_clients = worker_processes * worker_connections -worker_processes auto; - -# Maximum open file descriptors per process; -# should be > worker_connections. -worker_rlimit_nofile 8192; - -# Load root level directives -include ${NGINX_INCLUDE_DIR}/root/*.conf; -include ${NGINX_INCLUDE_DIR}/environments/${WP_ENV}/root/*.conf; - -events { - # When you need > 8000 * cpu_cores connections, you start optimizing your OS, - # and this is probably the point at which you hire people who are smarter than - # you, as this is *a lot* of requests. - worker_connections 8000; -} - -http { - - # Configure hashmaps so that environment does not change defaults - map_hash_max_size 262144; - map_hash_bucket_size 262144; - server_names_hash_bucket_size 64; - - # Hide nginx version information. - server_tokens off; - - #Enable Fastcgicache - include cache/fastcgicache_settings.conf; - - # Remove Server header entirely - more_clear_headers Server; - - # How long to allow each connection to stay idle; longer values are better - # for each individual client, particularly for SSL, but means that worker - # connections are tied up longer. (Default: 65) - keepalive_timeout 20; - - # Speed up file transfers by using sendfile() to copy directly - # between descriptors rather than using read()/write(). - sendfile on; - - # Tell Nginx not to send out partial frames; this increases throughput - # since TCP frames are filled up before being sent out. (adds TCP_CORK) - tcp_nopush on; - - # Gzip all the assets - include gzip.conf; - - # Add default pagespeed settings - include pagespeed/settings.conf; - - # Add all default mime types and additional ones - include additional.types; - include mime.types; - - default_type application/octet-stream; - - client_body_temp_path /tmp/nginx/body 1 2; - fastcgi_temp_path /tmp/nginx/fastcgi_temp 1 2; - - # Include custom log formats - include log_formats.conf; - - # Allow bigger default file uploads - client_max_body_size ${NGINX_MAX_BODY_SIZE}; - - # Allow bigger body buffer size in memory - client_body_buffer_size ${NGINX_BODY_BUFFER_SIZE}; - - # Include custom nginx http additions from project - include ${NGINX_INCLUDE_DIR}/http/*.conf; - include ${NGINX_INCLUDE_DIR}/environments/${WP_ENV}/http/*.conf; - - # load upstreams from one file which can be overwritten depending on situation - include upstreams.conf; - - # Add few headers which make XSS harder - include security_headers.conf; - - # If ${PORT} != 80 means that we are behind reverse proxy as well - # This directive helps that we don't redirect clients into mysite.com:8080/resource type urls - port_in_redirect off; - - # Use theme assets straight from corresponding files for pagespeed - pagespeed ProcessScriptVariables on; - pagespeed LoadFromFile "$scheme://$host/app/themes/" "${WEB_ROOT}/app/themes/"; - pagespeed LoadFromFile "$scheme://$host/wp-content/themes/" "${WEB_ROOT}/wp/wp-content/themes/"; - - server { - # This is the default server for this container - listen ${PORT} default_server; - server_name _; - - root ${WEB_ROOT}; - - # Use index.php if it exists but also allow static websites in subfolders - index index.php index.html; - - access_log ${NGINX_ACCESS_LOG} custom; - - # Blocked log file - set $blocked_log /dev/stdout; - - disable_symlinks off; - - # Include custom nginx server additions from project - include ${NGINX_INCLUDE_DIR}/server/*.conf; - include ${NGINX_INCLUDE_DIR}/environments/${WP_ENV}/server/*.conf; - - # These variables are proxy conscious, so that they work even though we are behind reverse proxy - include proxy_real_variables.conf; - - # Include custom error pages - include error_pages.conf; - - # Own handling for WP-activate that for some very odd reason serves itself as 404. - location = /wp-activate.php { - try_files /wp/$uri @index; - - include fastcgi_settings.conf; - - # Append subfolder automatically - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - - # Give sane max execution time to frontend - fastcgi_read_timeout 30; - fastcgi_pass php-fpm; - } - - location = /robots.txt { - if ( $host ~ gpilvi\.com|geniem\.io ) { - add_header Content-Type text/plain; - return 200 "User-agent: *\nDisallow: /\n"; - } - - allow all; - log_not_found off; - access_log off; - try_files $uri @index; - } - - location = /favicon.ico { - allow all; - log_not_found off; - access_log off; - try_files $uri @index; - } - - # deny all dot-files including git - location ~ /\. { - deny all; - log_not_found off; - access_log off; - } - - location / { - try_files $uri $uri/ /wp/$uri /wp/$uri/ @index; - } - - # Deny requesting .dust files from anywhere else in the theme than under the partials/public directory - location ~* \/themes\/[^\/]+\/partials\/public\/.*\.dust$ { - allow all; - } - - location ~* \/themes\/.*\.dust$ { - deny all; - } - - # Static files - location ~* \.(css|js|jpe?g|gif|ico|png|otf|ttf|eot|woff?2|svg|webp)$ { - - ## Deny overriding Pagespeed - if ($arg_pagespeed != '') { access_log $blocked_log blocked; return 403; } - if ($arg_pagespeedspeedfilters != '') { access_log $blocked_log blocked; return 403; } - - include static_files.conf; - - # These files are probably exactly like $uri says but also try from /wp/ - try_files $uri /wp/$uri @index; - - # Deny requesting plain style.css from theme root directory - location ~ ^.*/themes/[^/]+/style\.css { - - # Preserve this url - pagespeed CssPreserveUrls true; - - # Minify and remove comments from css - pagespeed EnableFilters rewrite_css; - - # Wait that nginx has prepared the file - pagespeed InPlaceWaitForOptimized on; - - # Don't ever try to load non modified style.css - pagespeed InPlaceRewriteDeadlineMs 100000000; - - # Don't allow overriding pagespeed with pagespeed fixed urls - # Source: https://github.com/pagespeed/ngx_pagespeed/issues/1306 - location ~ ^(.*)/themes/([^/]+)/style.*pagespeed.* { - return 301 $1/themes/$2/style.css; - } - } - - ## - # Static WordPress files ~ wp-* - # These files are probably in /wp/ subfolder but also try from $uri - ## - location ~ ^wp- { - try_files /wp/$uri $uri @index; - } - } - - # App folder contains our plugins and themes - # We want to server assets from here but deny all php execution - location /app/ { - try_files $uri @index; - - ## - # Deny access into php files under /app/ - ## - location ~ \.php$ { - access_log $blocked_log blocked; - deny all; - } - } - - ## - # Run all php files from wp subfolder - # This is how wordpress is supposed to be run - # It also prevents direct access to possibly insecure code inside our plugins - ## - location ~ \.php$ { - try_files /wp/$uri @index; - - include fastcgi_settings.conf; - - # Append subfolder automatically - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - - # Handover 404 errors from php-fpm to WordPress - error_page 404 = @index; - - # Give sane max execution time to frontend - fastcgi_read_timeout ${NGINX_FASTCGI_TIMEOUT}; - fastcgi_pass php-fpm; - - ## Deny access to all php files in uploads folders - location ~* ^/uploads { access_log $blocked_log blocked; deny all; } - location ~* ^/content/uploads { access_log $blocked_log blocked; deny all; } - location ~* ^/wp-content/uploads { access_log $blocked_log blocked; deny all; } - - ## Fix Full Path Disclosures if display_errors is on - ## Don't allow straight access into core wp-includes - location ~* ^/wp-includes { access_log $blocked_log blocked; deny all; } - } - # Create purge location to empty fullpage cache - location ~ /purge(/.*) { - fastcgi_cache_purge WORDPRESS "$scheme$request_method$host$1"; - } - # Create health location for contena healthcheck - location /__health { - access_log off; - return 200; - } - - # Include redis interfaces /redis-fetch & /redis-store - # include cache/redis_backend.conf; - - location @index { - - # Include custom nginx index additions from project - include ${NGINX_INCLUDE_DIR}/index/*.conf; - include ${NGINX_INCLUDE_DIR}/environments/${WP_ENV}/index/*.conf; - - ## Deny overriding Pagespeed - if ($arg_pagespeed != '') { access_log $blocked_log blocked; return 403; } - if ($arg_pagespeedspeedfilters != '') { access_log $blocked_log blocked; return 403; } - - # Use redis as proxy cache - #include cache/srcache.conf; - # Use fastcgi cache - include cache/fastcgicache.conf; - - # Fallback into php - include fastcgi_settings.conf; - fastcgi_param SCRIPT_FILENAME $document_root/index.php; - - # Give sane max execution time to frontend - fastcgi_read_timeout ${NGINX_FASTCGI_TIMEOUT}; - fastcgi_pass php-fpm; - } - - # WordPress is stupid - location = /wp-admin { rewrite ^ /wp-admin/ permanent; } - - location = / { - - ## Block hackers from enumerating users - if ( $arg_author ~ [0-9]+ ) { access_log $blocked_log blocked; return 403; } - - ## Deny overriding Pagespeed - if ($arg_pagespeed != '') { access_log $blocked_log blocked; return 403; } - if ($arg_pagespeedspeedfilters != '') { access_log $blocked_log blocked; return 403; } - - # Use redis as proxy cache - #include cache/srcache.conf; - # Use fastcgi cache - include cache/fastcgicache.conf; - - #Enable project spesific config to root block - include ${NGINX_INCLUDE_DIR}/environments/${WP_ENV}/root/*.conf; - - # Fallback into php - include fastcgi_settings.conf; - fastcgi_param SCRIPT_FILENAME $document_root/index.php; - - # Give sane max execution time to frontend - fastcgi_read_timeout ${NGINX_FASTCGI_TIMEOUT}; - fastcgi_pass php-fpm; - } - - # Prevent /wp/wp/wp/... rewrite loops - location ^~ /wp/ { - rewrite ^/wp/(.*)$ $1$is_args$args last; - } - - # Block some vulnerabilities always - include security.conf; - - # Include basic pagespeed locations like beacons - include pagespeed/locations.conf; - } - include ${NGINX_INCLUDE_DIR}/environments/${WP_ENV}/end/*.conf; - -} diff --git a/ubuntu-7.1/rootfs/etc/nginx/pagespeed/locations.conf b/ubuntu-7.1/rootfs/etc/nginx/pagespeed/locations.conf deleted file mode 100644 index 46feb53..0000000 --- a/ubuntu-7.1/rootfs/etc/nginx/pagespeed/locations.conf +++ /dev/null @@ -1,7 +0,0 @@ -# Ensure requests for pagespeed optimized resources go to the pagespeed handler -# and no extraneous headers get set. -location ~ "\.pagespeed\.([a-z]\.)?[a-z]{2}\.[^.]{10}\.[^.]+" { - add_header "" ""; -} -location ~ "^/pagespeed_static/" { } -location ~ "^/ngx_pagespeed_beacon$" { } diff --git a/ubuntu-7.1/rootfs/etc/nginx/pagespeed/settings.conf b/ubuntu-7.1/rootfs/etc/nginx/pagespeed/settings.conf deleted file mode 100644 index be5a0a8..0000000 --- a/ubuntu-7.1/rootfs/etc/nginx/pagespeed/settings.conf +++ /dev/null @@ -1,13 +0,0 @@ -# Hide pagespeed version and provide this header instaed -pagespeed XHeaderValue "Enabled"; - -# Don't alter Cache-Control headers -pagespeed ModifyCachingHeaders off; - -# This is for pagespeed temporary files -# Needs to exist and be writable by nginx. Use tmpfs for best performance. -pagespeed FileCachePath /tmp/nginx/pagespeed; - -# Pagespeed sets default TTL from file to 300s, which is bad -# This sets the time to be 1 year -pagespeed LoadFromFileCacheTtlMs 2592000000; diff --git a/ubuntu-7.1/rootfs/etc/nginx/proxy_real_variables.conf b/ubuntu-7.1/rootfs/etc/nginx/proxy_real_variables.conf deleted file mode 100644 index e380f1f..0000000 --- a/ubuntu-7.1/rootfs/etc/nginx/proxy_real_variables.conf +++ /dev/null @@ -1,35 +0,0 @@ -## -# Set few variables since we use jwilder/nginx-proxy in dev and proxy in production -# So the fastcgi params need to be the original ones or you -# will have redirect loops ('canonical_redirect' mostly) -## - -# Set $host first from proxy (if possible) -set $real_host $http_x_forwarded_host; -if ($real_host = '') { - set $real_host $http_host; -} - -# Set server port according to forwarded proto -set $real_port 80; -if ($http_x_forwarded_proto = 'https') { - set $real_port 443; -} - -# Set https according to used proto -set $real_https off; -if ($http_x_forwarded_proto = 'https') { - set $real_https on; -} - -# Set scheme according to used proto -set $real_scheme 'http'; -if ($http_x_forwarded_proto = 'https') { - set $real_scheme 'https'; -} - -# Set original remote -set $real_remote $http_x_forwarded_for; -if ($real_remote = '') { - set $real_remote $remote_addr; -} diff --git a/ubuntu-7.1/rootfs/etc/nginx/security.conf b/ubuntu-7.1/rootfs/etc/nginx/security.conf deleted file mode 100644 index 24afdeb..0000000 --- a/ubuntu-7.1/rootfs/etc/nginx/security.conf +++ /dev/null @@ -1,27 +0,0 @@ -## Block SQL injections -location ~* union.*select.*\( { access_log $blocked_log blocked; return 403; } -location ~* union.*all.*select.* { access_log $blocked_log blocked; return 403; } -location ~* concat.*\( { access_log $blocked_log blocked; return 403; } - -## Block common exploits -location ~* (<|%3C).*script.*(>|%3E) { access_log $blocked_log blocked; return 403; } -location ~* base64_(en|de)code\(.*\) { access_log $blocked_log blocked; return 403; } -location ~* (%24&x) { access_log $blocked_log blocked; return 403; } -location ~* (%0|%A|%B|%C|%D|%E|%F|127\.0) { access_log $blocked_log blocked; return 403; } -location ~* \.\.\/ { access_log $blocked_log blocked; return 403; } -location ~* ~$ { access_log $blocked_log blocked; return 403; } -location ~* proc/self/environ { access_log $blocked_log blocked; return 403; } -location ~* /\.(htaccess|htpasswd|svn|git) { access_log $blocked_log blocked; return 403; } - -## Block file injections -location ~* [a-zA-Z0-9_]=(\.\.//?)+ { access_log $blocked_log blocked; return 403; } -location ~* [a-zA-Z0-9_]=/([a-z0-9_.]//?)+ { access_log $blocked_log blocked; return 403; } - -## wordpress security -location ~* wp-config.php { access_log $blocked_log blocked; return 403; } -location ~* wp-load.php { access_log $blocked_log blocked; return 403; } -location ~* wp-admin/includes { access_log $blocked_log blocked; return 403; } -location ~* wp-app\.log { access_log $blocked_log blocked; return 403; } -location ~* (licence|readme|license)\.(md|html|txt) { access_log $blocked_log blocked; return 403; } -location ~* composer.json { access_log $blocked_log blocked; return 403; } - diff --git a/ubuntu-7.1/rootfs/etc/nginx/static_files.conf b/ubuntu-7.1/rootfs/etc/nginx/static_files.conf deleted file mode 100644 index fa9d42d..0000000 --- a/ubuntu-7.1/rootfs/etc/nginx/static_files.conf +++ /dev/null @@ -1,13 +0,0 @@ -# Use version numbers to bypass cache -# Try to cache as long as we can -expires max; - -## No need to bleed constant updates. Send the all shebang in one -## fell swoop. -tcp_nodelay off; - -## Set the OS file cache. -open_file_cache max=3000 inactive=120s; -open_file_cache_valid 45s; -open_file_cache_min_uses 2; -open_file_cache_errors off; diff --git a/ubuntu-7.1/rootfs/etc/nginx/upstreams.conf b/ubuntu-7.1/rootfs/etc/nginx/upstreams.conf deleted file mode 100644 index 395d445..0000000 --- a/ubuntu-7.1/rootfs/etc/nginx/upstreams.conf +++ /dev/null @@ -1,4 +0,0 @@ -# Default php handler -upstream php-fpm { - server unix:/var/run/php-fpm.sock; -} diff --git a/ubuntu-7.1/rootfs/etc/php/7.1/cli/php.ini b/ubuntu-7.1/rootfs/etc/php/7.1/cli/php.ini deleted file mode 100644 index 5eede62..0000000 --- a/ubuntu-7.1/rootfs/etc/php/7.1/cli/php.ini +++ /dev/null @@ -1,70 +0,0 @@ -[PHP] -; This directive determines whether or not PHP will recognize code between -; tags as PHP source which should be processed as such. -short_open_tag = Off - -; Implicit flush tells PHP to tell the output layer to flush itself -; automatically after every output block. -implicit_flush = Off - -; This directive allows you to disable certain functions for security reasons. -; It receives a comma-delimited list of function names. -; http://php.net/disable-functions -disable_functions = - -; Enables or disables the circular reference collector. -; http://php.net/zend.enable-gc -zend.enable_gc = On - -;;;;;;;;;;;;;;;;; -; Miscellaneous ; -;;;;;;;;;;;;;;;;; - - -; Deny executing anything else than the exact path passed from fastcgi -; This causes the PHP interpreter to only try the literal path given and to stop processing if the file is not found. -; This is for security. -; https://www.nginx.com/resources/wiki/start/topics/tutorials/config_pitfalls/#passing-uncontrolled-requests-to-php -cgi.fix_pathinfo = 0 - -expose_php = Off - -;;;;;;;;;;;;;;;;;;; -; Resource Limits ; -;;;;;;;;;;;;;;;;;;; - -; Maximum execution time of each script, in seconds -max_execution_time = 600 - -; Maximum amount of time each script may spend parsing request data. -max_input_time = 60 - -; How many GET/POST/COOKIE input variables may be accepted -; max_input_vars = 1000 - -; Maximum amount of memory a script may consume (128MB) -memory_limit = ${PHP_MEMORY_LIMIT} - -;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; -; Error handling and logging ; -;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; - -error_reporting = E_ALL - -display_errors = On - -display_startup_errors = On - -log_errors = On - -log_errors_max_len = 2048 - -ignore_repeated_errors = Off - -ignore_repeated_source = Off - -report_memleaks = On - -track_errors = On - -html_errors = Off diff --git a/ubuntu-7.1/rootfs/etc/php/7.1/fpm/conf.d/blocked.ini b/ubuntu-7.1/rootfs/etc/php/7.1/fpm/conf.d/blocked.ini deleted file mode 100644 index 4142569..0000000 --- a/ubuntu-7.1/rootfs/etc/php/7.1/fpm/conf.d/blocked.ini +++ /dev/null @@ -1,4 +0,0 @@ -; Disable some functions because they allow bad/vulnerable patterns -; We want to advocate good coding practises and these functions make it difficult -; You can use these with php cli but not with php-fpm -disable_functions = exec,passthru,shell_exec,show_source,system,pcntl_exec,popen,posix_getpwuid,posix_kill,posix_mkfifo,posix_setpgid,posix_setsid,posix_setuid,posix_setuid,posix_uname,proc_nice,proc_open,proc_close,proc_get_status diff --git a/ubuntu-7.1/rootfs/etc/php/7.1/fpm/conf.d/common.ini b/ubuntu-7.1/rootfs/etc/php/7.1/fpm/conf.d/common.ini deleted file mode 100644 index 5600222..0000000 --- a/ubuntu-7.1/rootfs/etc/php/7.1/fpm/conf.d/common.ini +++ /dev/null @@ -1,4 +0,0 @@ -[PHP] - -; Don't brag that we have php 7.0 -expose_php = Off diff --git a/ubuntu-7.1/rootfs/etc/php/7.1/fpm/conf.d/limits.ini b/ubuntu-7.1/rootfs/etc/php/7.1/fpm/conf.d/limits.ini deleted file mode 100644 index 6ccc766..0000000 --- a/ubuntu-7.1/rootfs/etc/php/7.1/fpm/conf.d/limits.ini +++ /dev/null @@ -1,7 +0,0 @@ -; filesize, time and input limits -max_execution_time = ${NGINX_FASTCGI_TIMEOUT} -max_input_time = -1 -max_input_vars = ${PHP_MAX_INPUT_VARS} -memory_limit = ${PHP_MEMORY_LIMIT} -post_max_size = ${NGINX_MAX_BODY_SIZE} -upload_max_filesize = ${NGINX_MAX_BODY_SIZE} diff --git a/ubuntu-7.1/rootfs/etc/php/7.1/fpm/conf.d/logging.ini b/ubuntu-7.1/rootfs/etc/php/7.1/fpm/conf.d/logging.ini deleted file mode 100644 index 6db568d..0000000 --- a/ubuntu-7.1/rootfs/etc/php/7.1/fpm/conf.d/logging.ini +++ /dev/null @@ -1,4 +0,0 @@ -; Log all warnings and errors -error_log = ${PHP_ERROR_LOG} -log_level = ${PHP_ERROR_LOG_LEVEL} -log_errors_max_len = ${PHP_ERROR_MAX_LEN} diff --git a/ubuntu-7.1/rootfs/etc/php/7.1/fpm/conf.d/mail.ini b/ubuntu-7.1/rootfs/etc/php/7.1/fpm/conf.d/mail.ini deleted file mode 100644 index d54d6f8..0000000 --- a/ubuntu-7.1/rootfs/etc/php/7.1/fpm/conf.d/mail.ini +++ /dev/null @@ -1,3 +0,0 @@ -[PHP] -; Use msmtp to send mail instead of sendmail -sendmail_path = "/usr/sbin/sendmail" diff --git a/ubuntu-7.1/rootfs/etc/php/7.1/fpm/conf.d/opcache.ini b/ubuntu-7.1/rootfs/etc/php/7.1/fpm/conf.d/opcache.ini deleted file mode 100644 index 41a7d2a..0000000 --- a/ubuntu-7.1/rootfs/etc/php/7.1/fpm/conf.d/opcache.ini +++ /dev/null @@ -1,24 +0,0 @@ -; Enable php opcache to make site faster -; These are taken from: https://www.scalingphpbook.com/blog/2014/02/14/best-zend-opcache-settings.html -[opcache] -opcache.enable = 1 -opcache.enable_cli = 1 - -; Provides a faster mechanism for calling the deconstructors in your code at the end of a single request to speed up the response and recycle php workers so they're ready for the next incoming request faster. -opcache.fast_shutdown = 1 - -; Give plenty of memory for php process for caching the code -opcache.memory_consumption = ${PHP_OPCACHE_MAX_MEMORY} - -; Log into container output -opcache.error_log = /dev/stderr - -; Log opcache warnings -opcache.log_verbosity_level = 2 - -; PHP uses a technique called string interning to improve performance— so, for example, if you have the string "foobar" 1000 times in your code, internally PHP will store 1 immutable variable for this string and just use a pointer to it for the other 999 times you use it. -; This reserves 16MB to storing the most used strings -opcache.interned_strings_buffer = 16 -opcache.max_accelerated_files = ${PHP_OPCACHE_MAX_FILES} - - diff --git a/ubuntu-7.1/rootfs/etc/php/7.1/fpm/conf.d/opcache_invalidate.conf b/ubuntu-7.1/rootfs/etc/php/7.1/fpm/conf.d/opcache_invalidate.conf deleted file mode 100644 index d152afa..0000000 --- a/ubuntu-7.1/rootfs/etc/php/7.1/fpm/conf.d/opcache_invalidate.conf +++ /dev/null @@ -1,5 +0,0 @@ -; Don't revalidate php files in this container -opcache.validate_timestamps = 0 - -; We don't need to cache php comments into opcache -opcache.save_comments = 0 diff --git a/ubuntu-7.1/rootfs/etc/php/7.1/fpm/conf.d/sessions.ini b/ubuntu-7.1/rootfs/etc/php/7.1/fpm/conf.d/sessions.ini deleted file mode 100644 index d5fb56c..0000000 --- a/ubuntu-7.1/rootfs/etc/php/7.1/fpm/conf.d/sessions.ini +++ /dev/null @@ -1,6 +0,0 @@ -;;;;;;;;;;;;;;;;;;;;;;;;;; -; Define Session backend ; -;;;;;;;;;;;;;;;;;;;;;;;;;; -; These env can also contain redis as backend -session.save_handler = ${PHP_SESSION_HANDLER} -session.save_path = ${PHP_SESSION_SAVE_PATH} diff --git a/ubuntu-7.1/rootfs/etc/php/7.1/fpm/conf.d/timezone.ini b/ubuntu-7.1/rootfs/etc/php/7.1/fpm/conf.d/timezone.ini deleted file mode 100644 index dfb2fec..0000000 --- a/ubuntu-7.1/rootfs/etc/php/7.1/fpm/conf.d/timezone.ini +++ /dev/null @@ -1,2 +0,0 @@ -; Timezone from env formatted like 'Europe/Helsinki' -date.timezone = ${TZ} diff --git a/ubuntu-7.1/rootfs/etc/php/7.1/fpm/php-fpm.conf b/ubuntu-7.1/rootfs/etc/php/7.1/fpm/php-fpm.conf deleted file mode 100644 index ef307ec..0000000 --- a/ubuntu-7.1/rootfs/etc/php/7.1/fpm/php-fpm.conf +++ /dev/null @@ -1,35 +0,0 @@ -; Run this in foregroud so s6 can control it -daemonize = no - -; Log all warnings and errors -error_log = ${PHP_ERROR_LOG} -log_level = ${PHP_ERROR_LOG_LEVEL} - -[www] -user = ${WEB_USER} -group = ${WEB_GROUP} -listen = /var/run/php-fpm.sock -listen.owner = ${WEB_USER} -listen.group = ${WEB_GROUP} -pm = dynamic - -; Total RAM dedicated to the web server / Max child process size -pm.max_children = 30 - -pm.start_servers = 1 -pm.min_spare_servers = 1 -pm.max_spare_servers = 3 - -; Redirect worker stdout and stderr into main error log. If not set, stdout and -; stderr will be redirected to /dev/null according to FastCGI specs. -; Default Value: no -catch_workers_output = yes - -; Project web root -chdir = ${WEB_ROOT} - -pm.process_idle_timeout = 10s -pm.max_requests = 500 - -; Include extra configs -include=/etc/php/7.1/fpm/php-fpm.d/*.conf diff --git a/ubuntu-7.1/rootfs/etc/php/7.1/fpm/php-fpm.d/preserve-env.conf b/ubuntu-7.1/rootfs/etc/php/7.1/fpm/php-fpm.d/preserve-env.conf deleted file mode 100644 index 956d8ff..0000000 --- a/ubuntu-7.1/rootfs/etc/php/7.1/fpm/php-fpm.d/preserve-env.conf +++ /dev/null @@ -1,3 +0,0 @@ -; Just use all envs from system when php-fpm starts -; By default php-fpm flushes all envs and they need to be whitelisted -clear_env = no diff --git a/ubuntu-7.1/rootfs/etc/php/7.1/fpm/php.ini b/ubuntu-7.1/rootfs/etc/php/7.1/fpm/php.ini deleted file mode 100644 index 472d608..0000000 --- a/ubuntu-7.1/rootfs/etc/php/7.1/fpm/php.ini +++ /dev/null @@ -1,46 +0,0 @@ -;;; -; Production settings for php and php-fpm -;;; -; All directives from /etc/php/7.0/fpm/conf.d are also included -;;; - -[PHP] - -; Don't display errors into frontend -display_errors = stderr - -; disable ignoring of repeat errors -ignore_repeated_errors = false - -; disable ignoring of unique source errors -ignore_repeated_source = false - -; enable logging of php memory leaks -report_memleaks = true - -; Deny executing anything else than the exact path passed from fastcgi -; This causes the PHP interpreter to only try the literal path given and to stop processing if the file is not found. -; This is for security. Source: https://www.nginx.com/resources/wiki/start/topics/tutorials/config_pitfalls/#passing-uncontrolled-requests-to-php -cgi.fix_pathinfo = 0 - -; disable html markup of errors -html_errors = false - -; disable formatting of error reference links -docref_root = 0 - -; disable formatting of error reference links -docref_ext = 0 - -; disable max error string length ( by using so big number that bigger messages don't matter ) -log_errors_max_len = 10000 - -; Don't show startup errors -display_startup_errors = Off -track_errors = Off - -; Redirect worker stdout and stderr into main error log. If not set, stdout and -; stderr will be redirected to /dev/null according to FastCGI specs. -; Default Value: no -catch_workers_output = yes - diff --git a/ubuntu-7.1/rootfs/etc/services.d/cron/run b/ubuntu-7.1/rootfs/etc/services.d/cron/run deleted file mode 100644 index 444e2b9..0000000 --- a/ubuntu-7.1/rootfs/etc/services.d/cron/run +++ /dev/null @@ -1,4 +0,0 @@ -#!/usr/bin/with-contenv sh -echo "[services.d] started cron daemon" -# Runs cron daemon in foreground -cron -l 2 -f diff --git a/ubuntu-7.1/rootfs/etc/services.d/nginx/run b/ubuntu-7.1/rootfs/etc/services.d/nginx/run deleted file mode 100755 index ef92c7d..0000000 --- a/ubuntu-7.1/rootfs/etc/services.d/nginx/run +++ /dev/null @@ -1,4 +0,0 @@ -#!/usr/bin/with-contenv sh - -# Run nginx always in foreground -exec nginx -g "daemon off;" diff --git a/ubuntu-7.1/rootfs/usr/bin/wp b/ubuntu-7.1/rootfs/usr/bin/wp deleted file mode 100755 index e138ef0..0000000 --- a/ubuntu-7.1/rootfs/usr/bin/wp +++ /dev/null @@ -1,12 +0,0 @@ -#!/usr/bin/env bash -## -# WP-cli wrapper: Append path automatically so that user doesn't have to -## -if [ "$(whoami)" = "root" ]; then - # Run as wordpress user instead - # This helps that we don't install things as root - # Or run 3rd party code as root - gosu $WEB_USER /usr/local/bin/wp-cli "$@" --path=$WP_CORE -else - /usr/local/bin/wp-cli "$@" --path=$WP_CORE -fi diff --git a/ubuntu-7.1/rootfs/usr/local/bin/phinx b/ubuntu-7.1/rootfs/usr/local/bin/phinx deleted file mode 100755 index 854aa2f..0000000 --- a/ubuntu-7.1/rootfs/usr/local/bin/phinx +++ /dev/null @@ -1,27 +0,0 @@ -#!/usr/bin/env bash -## -# Phinx wrapper -# You need to install phinx through composer first -## - -# Export database host in prod and dev -if [ ! -z "$MYSQL_HOST" ]; then - export PHINX_DBHOST=$MYSQL_HOST -elif [ ! -z "$DB_HOST" ]; then - export PHINX_DBHOST=$DB_HOST -elif [ ! -z "$DB_PORT_3306_TCP_ADDR" ]; then - export PHINX_DBHOST=$DB_PORT_3306_TCP_ADDR -else - echo "ERROR: You need to set DB_HOST!" -fi - -# Export phinx envs -# Default to MYSQL_ envs but fallback to DB_ -export PHINX_DBPORT=${MYSQL_PORT-$DB_PORT} -export PHINX_DBNAME=${MYSQL_DATABASE-$DB_NAME} -export PHINX_DBUSER=${MYSQL_USER-$DB_USER} -export PHINX_DBPASSWORD=${MYSQL_PWD-$DB_PASSWORD} -export PHINX_ENVIRONMENT=$WP_ENV - -# Run phinx -php $PROJECT_ROOT/vendor/bin/phinx $@ diff --git a/ubuntu-7.1/rootfs/usr/local/bin/print-smtp-password b/ubuntu-7.1/rootfs/usr/local/bin/print-smtp-password deleted file mode 100755 index f59d906..0000000 --- a/ubuntu-7.1/rootfs/usr/local/bin/print-smtp-password +++ /dev/null @@ -1,5 +0,0 @@ -#!/bin/bash -# This is so that we can use msmtp without /etc/msmtprc config file -# msmtp doesn't have --password option and it only has --passwordeval option -# We use this script so that we can use it in passwordeval -echo $SMTP_PASSWORD diff --git a/ubuntu-7.1/rootfs/usr/local/bin/wp-run-cron b/ubuntu-7.1/rootfs/usr/local/bin/wp-run-cron deleted file mode 100755 index e5c4aa8..0000000 --- a/ubuntu-7.1/rootfs/usr/local/bin/wp-run-cron +++ /dev/null @@ -1,42 +0,0 @@ -#!/bin/bash -# Copyright © 2015 Bjørn Johansen -# This work is free. You can redistribute it and/or modify it under the -# terms of the Do What The Fuck You Want To Public License, Version 2, -# as published by Sam Hocevar. See http://www.wtfpl.net/ for more details. -# Source: https://bjornjohansen.no/wordpress-cron-wp-cli -# Github: https://gist.github.com/bjornjohansen/a00a9fee5475c4dadb56#file-run-wp-cron-sh - -# This is modified for our container. In this container you don't need to use --path -# because it's automatically included - -# Check if WP-CLI is available -if ! hash wp 2>/dev/null; then - echo "[wp-cron] ERROR: WP-CLI is not available" - exit -fi - -# If WordPress isn’t installed here, we bail -if ! wp core is-installed --quiet >> /dev/null; then - echo "[wp-cron] ERROR: WordPress is not installed here: ${WP_CORE}" - exit -fi - -# Get a list of site URLs -if wp core is-installed --quiet --network >> /dev/null; -then - SITE_URLS=`wp site list --fields=url --archived=0 --deleted=0 --format=csv | sed 1d` -else - SITE_URLS=(`wp option get siteurl`) -fi - -# Loop through all the sites -for SITE_URL in $SITE_URLS -do - # replaced loop with better solution - wp cron event run --due-now --url="$SITE_URL" - # Run all event hooks that are due - #for EVENT_HOOK in $(wp cron event list --format=csv --fields=hook,next_run_relative --url="$SITE_URL" | grep now$ | awk -F ',' '{print $1}') - #do - # wp cron event run "$EVENT_HOOK" --url="$SITE_URL" --quiet - #done -done diff --git a/ubuntu-7.1/rootfs/usr/sbin/sendmail b/ubuntu-7.1/rootfs/usr/sbin/sendmail deleted file mode 100755 index ec8c40f..0000000 --- a/ubuntu-7.1/rootfs/usr/sbin/sendmail +++ /dev/null @@ -1,66 +0,0 @@ -#!/bin/bash -## -# This is custom wrapper for msmtp which acts like good old sendmail -# - It is used for php and cron -# - This is easier to configure for external mail server than sendmail -# - sendmail is just the default binary which other services will use -# - It needs following env: SMTP_HOST, SMTP_PASSWORD, SMTP_PORT, SMTP_AUTH, SMTP_USER -## - -# Deduce all used msmtp options from system ENVs -declare -a options - -# Act like sendmail -options+=("-t") - -# Use system tls chain -options+=("--tls-trust-file=/etc/ssl/certs/ca-certificates.crt") - -if [ -n "$SMTP_HOST" ]; then - options+=("--host=$SMTP_HOST") -else - echo "[mail error] SMTP_HOST is not defined, mail can't be sent" - exit 1 -fi - -# Log all mail requests -# try /var/log/mail/sent.log but use stdout when logfile is not available -if [ -n "$SMTP_LOG" ]; then - options+=("--logfile=$SMTP_LOG") -elif [ -f /var/log/mail/sent.log ]; then - options+=("--logfile=/var/log/mail/sent.log") -fi - -if [ -n "$SMTP_FROM" ]; then - options+=("--from=$SMTP_FROM") -fi - -# Default port for smtp is 25 and it will work even without this option -if [ -n "$SMTP_PORT" ]; then - options+=("--port=$SMTP_PORT") -fi - -# Setup credentials -if [ -n "$SMTP_USER" ]; then - options+=("--user=$SMTP_USER") -fi - -# msmtp doesn't provide password option because usually it's unsafe -# Use local hack for passwordeval -if [ -n "$SMTP_PASSWORD" ]; then - options+=("--passwordeval=/usr/local/bin/print-smtp-password") -fi - - -if [ -n "$SMTP_AUTH" ]; then - options+=("--auth=$SMTP_AUTH") -elif [ -n "$SMTP_USER" ] || [ -n "$SMTP_PASSWORD" ]; then - options+=("--auth=on") -fi - -if [ -n "$SMTP_TLS" ]; then - options+=("--tls=$SMTP_TLS") -fi - -# Add our options and command line options for msmtp -msmtp ${options[@]} "$@" diff --git a/ubuntu-7.1/rootfs/usr/share/nginx/html/403.html b/ubuntu-7.1/rootfs/usr/share/nginx/html/403.html deleted file mode 100644 index 3f85394..0000000 --- a/ubuntu-7.1/rootfs/usr/share/nginx/html/403.html +++ /dev/null @@ -1,95 +0,0 @@ - - - - - - -403 Forbidden - - - - - - - - -
-
-

403 Forbidden

-

Sorry! You don't have access permissions for that on .

-

Take Me To The Homepage - -

-
-
-
-
-
-
-

What happened?

-

A 403 error status indicates that you don't have permission to access the file or page. In general, web servers and websites have directories and files that are not open to the public web for security reasons.

-
-
-

What can I do?

-

If you're a site visitor

-

Please use your browsers back button and check that you're in the right place. If you need immediate assistance, please send us an email instead.

-

If you're the site owner

-

Please check that you're in the right place and get in touch with your website provider if you believe this to be an error.

-
-
-
-
- - - - - - - diff --git a/ubuntu-7.1/rootfs/usr/share/nginx/html/500.html b/ubuntu-7.1/rootfs/usr/share/nginx/html/500.html deleted file mode 100644 index e5fac20..0000000 --- a/ubuntu-7.1/rootfs/usr/share/nginx/html/500.html +++ /dev/null @@ -1,89 +0,0 @@ - - - - - - -500 Internal Server Error - - - - - - - - -
- -
-

500 Internal Server Error

-

The web server is returning an internal error for .

- Try This Page Again -
-
-
-
-
-
-

What happened?

-

A 500 error status implies there is a problem with the web server's software causing it to malfunction.

-
-
-

What can I do?

-

If you're a site visitor

-

Nothing you can do at the moment. If you need immediate assistance, please send us an email instead. We apologize for any inconvenience.

-

If you're the site owner

-

This error can only be fixed by server admins, please contact your website provider.

-
-
-
-
- - - - - - - diff --git a/ubuntu-7.1/rootfs/usr/share/nginx/html/502.html b/ubuntu-7.1/rootfs/usr/share/nginx/html/502.html deleted file mode 100644 index e7d79c1..0000000 --- a/ubuntu-7.1/rootfs/usr/share/nginx/html/502.html +++ /dev/null @@ -1,98 +0,0 @@ - - - - - - - -502 Bad Gateway - - - - - - - - -
- -
-

502 Bad Gateway

-

The web server is returning an unexpected networking error for .

- Try This Page Again -
-
-
-
-
-
-

What happened?

-

A 502 error status implies that that the server received an invalid response from an upstream server it accessed to fulfill the request.

-
-
-

What can I do?

-

If you're a site visitor

-

Check to see if this website down for everyone or just you. -

-

Also, clearing your browser cache and refreshing the page may clear this issue. If the problem persists and you need immediate assistance, please send us an email instead.

-

If you're the site owner

-

Clearing your browser cache and refreshing the page may clear this issue. If the problem persists and you need immediate assistance, please contact your website provider.

-
-
-
-
- - - - - - - - diff --git a/ubuntu-7.1/rootfs/usr/share/nginx/html/504.html b/ubuntu-7.1/rootfs/usr/share/nginx/html/504.html deleted file mode 100644 index f37b919..0000000 --- a/ubuntu-7.1/rootfs/usr/share/nginx/html/504.html +++ /dev/null @@ -1,100 +0,0 @@ - - - - - - - -504 Gateway Timeout - - - - - - - - -
- -
-

504 Gateway Timeout

-

The web server is returning an unexpected networking error for .

- Try This Page Again -
-
-
-
- - -
-
-

What happened?

-

A 504 error status implies there is a slow IP communication problem between back-end servers attempting to fulfill this request.

-
-
-

What can I do?

-

If you're a site visitor

-

Check to see if this website down for everyone or just you. -

-

Also, clearing your browser cache and refreshing the page may clear this issue. If the problem persists and you need immediate assistance, please send us an email instead.

-

If you're the site owner

-

Clearing your browser cache and refreshing the page may clear this issue. If the problem persists and you need immediate assistance, please contact your website provider.

-
-
-
-
- - - - - - - - diff --git a/ubuntu-7.2/Dockerfile b/ubuntu-7.2/Dockerfile deleted file mode 100644 index 3d62d00..0000000 --- a/ubuntu-7.2/Dockerfile +++ /dev/null @@ -1,183 +0,0 @@ -FROM devgeniem/ubuntu-docker-openresty-pagespeed:beta -MAINTAINER Ville Pietarinen - Geniem Oy - -## -# Only use these during installation -## -ARG LANG=C.UTF-8 -ARG DEBIAN_FRONTEND=noninteractive - -## -# Install php7 packages from dotdeb.org -# - Dotdeb is an extra repository providing up-to-date packages for your Debian servers -## -RUN \ - apt-get update \ -&& apt-get -y install software-properties-common \ - && add-apt-repository ppa:ondrej/php \ - && apt-get -y --no-install-recommends install \ - apt-utils \ - curl \ - nano \ - ca-certificates \ - git \ - mysql-client \ - msmtp \ - postfix \ - netcat \ - less \ - && apt-get update \ - && apt-get -y --no-install-recommends install \ - php7.2-cli \ - php7.2-common \ - php7.2-apcu \ - php7.2-apcu-bc \ - php7.2-curl \ - php7.2-json \ - php7.2-opcache \ - php7.2-readline \ - php7.2-xml \ - php7.2-zip \ - php7.2-fpm \ - php7.2-redis \ - php7.2-mongodb \ - php7.2-mysqli \ - php7.2-intl \ - php7.2-gd \ - php7.2-mbstring \ - php7.2-soap \ - php7.2-bcmath \ - php7.2-curl \ - php7.2-ldap \ - # Force install only cron without extra mailing dependencies - && cd /tmp \ - && apt-get download cron \ - && dpkg --force-all -i cron*.deb \ - && mkdir -p /var/spool/cron/crontabs \ - # Cleanup - && apt-get clean \ - && apt-get autoremove \ - && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* /usr/share/doc/* /var/log/apt/* /var/log/*.log - - -# Install helpers -RUN \ - ## - # Install composer - ## - curl -sS https://getcomposer.org/installer | php -- --install-dir=/usr/local/bin --filename=composer \ - && composer global require hirak/prestissimo \ - - ## - # Install wp-cli - # source: http://wp-cli.org/ - ## - && curl -L https://raw.githubusercontent.com/wp-cli/builds/gh-pages/phar/wp-cli.phar -o /usr/local/bin/wp-cli \ - && chmod +rx /usr/local/bin/wp-cli \ - # Symlink it to /usr/bin as well so that cron can find this script with limited PATH - && ln -s /usr/local/bin/wp-cli /usr/bin/wp-cli \ - - ## - # Install cronlock for running cron correctly with multi container setups - # https://github.com/kvz/cronlock - ## - && curl -L https://raw.githubusercontent.com/kvz/cronlock/master/cronlock -o /usr/local/bin/cronlock \ - && chmod +rx /usr/local/bin/cronlock \ - # Symlink it to /usr/bin as well so that cron can find this script with limited PATH - && ln -s /usr/local/bin/cronlock /usr/bin/cronlock - -## -# Add Project files like nginx and php-fpm processes and configs -# Also custom scripts and bashrc -## -COPY rootfs/ / - -# Run small fixes -RUN set -x \ - && mkdir -p /var/www/uploads \ - && mkdir -p /tmp/php-opcache \ - && ln -sf /usr/sbin/php-fpm7.2 /usr/sbin/php-fpm \ - && ln -sf /usr/bin/wp /usr/local/bin/wp -# This is for your project root -ENV PROJECT_ROOT="/var/www/project" - -ENV \ - # Add interactive term - TERM="xterm" \ - # Set defaults which can be overriden - MYSQL_PORT="3306" \ - # Use default web port in nginx but allow it to be overridden - # This also works correctly with flynn: - # https://github.com/flynn/flynn/issues/3213#issuecomment-237307457 - PORT="8080" \ - # Use custom users for nginx and php-fpm - WEB_USER="wordpress" \ - WEB_GROUP="web" \ - WEB_UID=1000 \ - WEB_GID=1001 \ - # Set defaults for redis - REDIS_PORT="6379" \ - REDIS_DATABASE="0" \ - REDIS_PASSWORD="" \ - REDIS_SCHEME="tcp" \ - # Set defaults for NGINX redis cache - # This variable uses seconds by default - # Time units supported are "s"(seconds), "ms"(milliseconds), "y"(years), "M"(months), "w"(weeks), "d"(days), "h"(hours), and "m"(minutes). - NGINX_REDIS_CACHE_TTL_DEFAULT="900" \ - NGINX_REDIS_CACHE_TTL_MAX="4h" \ - NGINX_CACHE_DIRECTORY="/tmp/nginx/fullpage" \ - # Default operations when fastcgi stale cache is used - NGINX_CACHE_USE_STALE="error timeout invalid_header updating http_500 http_503 http_403 http_404 http_429" \ - # Default headers for fastcgi stale- and error cache - NGINX_CACHE_CONTROL='"max-age=60, stale-while-revalidate=300, stale-if-error=21600"'\ - # Cronlock is used to stop simultaneous cronjobs in clusterised environments - CRONLOCK_HOST="" \ - # This is used by nginx and php-fpm - WEB_ROOT="${PROJECT_ROOT}/web" \ - # This is used automatically by wp-cli - WP_CORE="${PROJECT_ROOT}/web/wp" \ - # Nginx include files - NGINX_INCLUDE_DIR="/var/www/project/nginx" \ - # Allow bigger file uploads - NGINX_MAX_BODY_SIZE="10M" \ - # Allow storing bigger body in memory - NGINX_BODY_BUFFER_SIZE="32k" \ - # Have sane fastcgi timeout by default - NGINX_FASTCGI_TIMEOUT="30" \ - # Have sane fastcgi timeout by default - NGINX_ERROR_LEVEL="warn" \ - # Have sane fastcgi timeout by default - NGINX_ERROR_LOG="/dev/stderr" \ - # Have sane fastcgi timeout by default - NGINX_ACCESS_LOG="/dev/stdout" \ - # Default cache key for nginx http cache - NGINX_CACHE_KEY='wp_:nginx:$real_scheme$request_method$host$request_uri' \ - # PHP settings - PHP_MEMORY_LIMIT="128M" \ - PHP_MAX_INPUT_VARS="1000" \ - PHP_ERROR_LOG="/proc/self/fd/1" \ - PHP_ERROR_LOG_LEVEL="warning" \ - PHP_ERROR_LOG_MAX_LEN="8192" \ - PHP_SESSION_REDIS_DB="0" \ - PHP_SESSION_HANDLER="files" \ - # You should count the *.php files in your project and set this number to be bigger - # $ find . -type f -print | grep php | wc -l - PHP_OPCACHE_MAX_FILES="8000" \ - # Amount of memory in MB to allocate for opcache - PHP_OPCACHE_MAX_MEMORY="128" \ - # Use host machine as default SMTP_HOST - SMTP_HOST="172.17.2.1" \ - # This folder is used to mount files into host machine - # You should use this path for your uploads since everything else should be ephemeral - UPLOADS_ROOT="/var/www/uploads" \ - # This can be overidden by you, it's just default for us - TZ="Europe/Helsinki" -# Setup $TZ. Remember to run this again in your own build - # Make sure that all files here have execute permissions -RUN dpkg-reconfigure tzdata && \ - chmod +x /etc/cont-init.d/* -# Set default path to project folder for easier running commands in project -WORKDIR ${PROJECT_ROOT} -EXPOSE ${PORT} -ENTRYPOINT ["/init"] - diff --git a/ubuntu-7.2/rootfs/etc/ImageMagick b/ubuntu-7.2/rootfs/etc/ImageMagick deleted file mode 100644 index d88e8bf..0000000 --- a/ubuntu-7.2/rootfs/etc/ImageMagick +++ /dev/null @@ -1,11 +0,0 @@ - - - - - - - - - - - diff --git a/ubuntu-7.2/rootfs/etc/cont-init.d/00-render-templates b/ubuntu-7.2/rootfs/etc/cont-init.d/00-render-templates deleted file mode 100755 index 56f69f3..0000000 --- a/ubuntu-7.2/rootfs/etc/cont-init.d/00-render-templates +++ /dev/null @@ -1,85 +0,0 @@ -#!/usr/bin/with-contenv bash -## -# This script uses clever heredoc hack to substitute env variables into static config files -# Source: http://stackoverflow.com/questions/2914220/bash-templating-how-to-build-configuration-files-from-templates-with-bash -## - -## -# Replaces ${ENV} placoholders from file with provided variables -# $1 - ':'' separated list of variables -# $2 - filename to render -## -function render_env_tmpl() { - vars=$1 - input_file=$2 - # If filename ends with .tmpl replace it without the .tmpl - filename=$(dirname $input_file)/$(basename $input_file .tmpl) - - tmp_file=/tmp/$(basename $filename) - - # render all provided $vars to temporary file - envsubst "$vars" < $input_file > $tmp_file - - # replace original file with rendered file - mv $tmp_file $filename -} - -echo "[cont-init.d] Substituting env into configuration files..." - -## -# Nginx doesn't support env variables in config files so we will have to do this in hacky way instead -## -VARS='$PORT:$WEB_ROOT:$WEB_USER:$WEB_GROUP:$NGINX_ACCESS_LOG:$NGINX_ERROR_LOG:$NGINX_ERROR_LEVEL:$NGINX_INCLUDE_DIR:$NGINX_MAX_BODY_SIZE:$NGINX_BODY_BUFFER_SIZE:$NGINX_FASTCGI_TIMEOUT:$WP_ENV:$NGINX_CACHE_KEY' -render_env_tmpl "$VARS" /etc/nginx/nginx.conf - -## -# Redis cache needs to know the redis instance and credentials -## - -# Set defaults if they are not set -export REDIS_HOST=${REDIS_HOST-$REDIS_1_PORT_6379_TCP_ADDR} -export REDIS_PORT=${REDIS_PORT-6379} -export REDIS_DATABASE=${REDIS_DATABASE-0} -export REDIS_PASSWORD=${REDIS_PASSWORD-''} -export REDIS_CACHE_TTL=${REDIS_CACHE_TTL-14400} - -# Add helper variables for AWS s3 bucket storage -VARS+='$AWS_S3_BUCKET_NAME:AWS_S3_REPLICA_BUCKET_NAME' - -# Add Redis variables -VARS+='$REDIS_HOST:$REDIS_PORT:$REDIS_DATABASE:$REDIS_PASSWORD:$NGINX_REDIS_CACHE_TTL_MAX:$NGINX_REDIS_CACHE_TTL_DEFAULT:$NGINX_REDIS_CACHE_PREFIX' - -# Add image proxy variables -VARS+='$GOOGLE_CLOUD_STORAGE_BUCKET_NAME' - -# Add cache variables -VARS+='$NGINX_CACHE_USE_STALE:$NGINX_CACHE_CONTROL:$NGINX_CACHE_DIRECTORY' - -render_env_tmpl "$VARS" /etc/nginx/cache/redis_backend.conf - -render_env_tmpl "$VARS" /etc/nginx/cache/srcache.conf -render_env_tmpl "$VARS" /etc/nginx/cache/fastcgicache_settings.conf -render_env_tmpl "$VARS" /etc/nginx/cache/fastcgicache_skip_rules.conf -## -# Render all user provided nginx templates -## -VARS+='$BASIC_AUTH_USER:$BASIC_AUTH_PASSWORD_HASH' -for conf_file in $(find $NGINX_INCLUDE_DIR -type f -name '*.tmpl'); do - echo "[cont-init.d] Rendering env in $conf_file..." - - # Add helper variables for easier scripting - export __DIR__=$(dirname $conf_file) - - VARS_TMPL=$VARS':$__DIR__' - render_env_tmpl "$VARS_TMPL" $conf_file -done - -# Encrypt basic auth password if it set -if [[ -z "${BASIC_AUTH_PASSWORD}" ]]; -then - echo "Not encrypting BASIC_AUTH_PASSWORD..." -else - BASIC_AUTH_PASSWORD_HASH=$(openssl passwd -crypt $BASIC_AUTH_PASSWORD) - echo "Encrypting BASIC_AUTH_PASSWORD... ${BASIC_AUTH_PASSWORD} -> ${BASIC_AUTH_PASSWORD_HASH}" - echo "${BASIC_AUTH_USER}:${BASIC_AUTH_PASSWORD_HASH}" > /var/www/project/nginx/environments/${WP_ENV}/server/.htpasswd -fi diff --git a/ubuntu-7.2/rootfs/etc/cont-init.d/01-create-web-user b/ubuntu-7.2/rootfs/etc/cont-init.d/01-create-web-user deleted file mode 100755 index aeb0aa7..0000000 --- a/ubuntu-7.2/rootfs/etc/cont-init.d/01-create-web-user +++ /dev/null @@ -1,58 +0,0 @@ -#!/usr/bin/with-contenv bash - -## -# If $WEB_USER user and web group already exists just skip the user creation -## -if id -u $WEB_USER > /dev/null 2>&1 && getent group $WEB_GROUP > /dev/null 2>&1; then - echo "[cont-init.d] user:$WEB_USER and group:$WEB_GROUP already exist, skipping..." - exit 0 -fi - -## -# Create $WEB_USER user with $WEB_UID and web group with $WEB_GID -## - -# Set defaults if they are not set -export WEB_USER=${WEB_USER-wordpress} -export WEB_GROUP=${WEB_GROUP-web} -export WEB_UID=${WEB_UID-1000} -export WEB_GID=${WEB_GID-1000} - -echo "[cont-init.d] Creating $WEB_USER user with id: $WEB_UID and group web with id: $WEB_GID" - -# Create web group -if [ -n "$WEB_GID" ]; then - - # Check if group with $WEB_GID already exists - web_group=$(getent group $WEB_GID | cut -d':' -f1) - - if [ -n "$web_group" ]; then - - # Replace the existing group name to web - # This is done so that in local development we can just lookup permissions from mounted folders - # This UID/GID can be same as something already existing inside container - # This way we can use same uid/gid in container and host machine - echo "[cont-init.d] Replacing pre-existing group name $web_group -> $WEB_GROUP" - sed -i "s|$web_group|$WEB_GROUP|g" /etc/group - - else - # Create new group - echo "$ groupadd -g $WEB_GID $WEB_GROUP" - groupadd -g $WEB_GID $WEB_GROUP - fi -else - echo "[cont-init.d] ERROR: Please set web user group id in WEB_GID" 1>&2 - exit 2 -fi - -# Create $WEB_USER user -if [ -n "$WEB_UID" ] && [ -n "$WEB_GID" ] ; then - echo "$ useradd -u $WEB_UID -g $WEB_GROUP --home $PROJECT_ROOT $WEB_USER" - useradd -u $WEB_UID -g $WEB_GROUP --home $PROJECT_ROOT $WEB_USER -else - echo "[cont-init.d] ERROR: Please set web user id in WEB_UID" 1>&2 - exit 2 -fi - -# Check that processes can write logs -chown $WEB_USER:$WEB_GROUP /var/log diff --git a/ubuntu-7.2/rootfs/etc/cont-init.d/02-init-crond b/ubuntu-7.2/rootfs/etc/cont-init.d/02-init-crond deleted file mode 100755 index 962a79e..0000000 --- a/ubuntu-7.2/rootfs/etc/cont-init.d/02-init-crond +++ /dev/null @@ -1,30 +0,0 @@ -#!/usr/bin/with-contenv bash - -# Copy cronjob from project and run as nginx -if [ -f $PROJECT_ROOT/tasks.cron ]; then - - # Setup all container env for cron - printenv | grep -v ^_= | grep -v "no_proxy" >> /etc/environment - - # Use default redis for cronlock if cronlock variables are not set - if [ -n "$REDIS_HOST" ] && [ -z "$CRONLOCK_HOST" ] ; then - echo "CRONLOCK_HOST=$REDIS_HOST" >> /etc/environment - fi - if [ -n "$REDIS_PASSWORD" ] && [ -z "$CRONLOCK_AUTH" ] ; then - echo "CRONLOCK_AUTH=$REDIS_PASSWORD" >> /etc/environment - fi - if [ -n "$REDIS_PORT" ] && [ -z "$CRONLOCK_PORT" ] ; then - echo "CRONLOCK_PORT=$REDIS_PORT" >> /etc/environment - fi - # env for running wp cron - echo "CRON_URL=$CRON_URL" >> /etc/environment; - # Copy cron template - cp $PROJECT_ROOT/tasks.cron /var/spool/cron/crontabs/$WEB_USER - chown $WEB_USER /var/spool/cron/crontabs/$WEB_USER - chmod 0600 /var/spool/cron/crontabs/$WEB_USER -else - # No cronjobs found remove crond from s6 - if [ -f /etc/services.d/cron ]; then - rm -r /etc/services.d/cron - fi -fi diff --git a/ubuntu-7.2/rootfs/etc/cont-init.d/02-init-directories-and-files b/ubuntu-7.2/rootfs/etc/cont-init.d/02-init-directories-and-files deleted file mode 100755 index 34df974..0000000 --- a/ubuntu-7.2/rootfs/etc/cont-init.d/02-init-directories-and-files +++ /dev/null @@ -1,18 +0,0 @@ -#!/usr/bin/with-contenv bash - -# Create uploads directory if not exists -mkdir -p $UPLOADS_ROOT -chown $WEB_USER:$WEB_GROUP $UPLOADS_ROOT - -# Create dir for nginx tmp files -mkdir -p /tmp/nginx/body -chown -R $WEB_USER:$WEB_GROUP /tmp/nginx - -# Create log directories if they don't exist already -mkdir -p /var/log/{nginx,php,mail} - -# Create error.log so that php-fpm can write to it -touch /var/log/php/error.log - -# Chown all files to wordpress -chown -R $WEB_USER:$WEB_GROUP /var/log/{nginx,php,mail} diff --git a/ubuntu-7.2/rootfs/etc/nginx/additional.types b/ubuntu-7.2/rootfs/etc/nginx/additional.types deleted file mode 100644 index ac8070e..0000000 --- a/ubuntu-7.2/rootfs/etc/nginx/additional.types +++ /dev/null @@ -1,6 +0,0 @@ -# If developers add .woff2 type font files we should provide good Content-Type headers -types { - # Add mime support for woff2 - # http://stackoverflow.com/questions/28235550/proper-mime-type-for-woff2-fonts - font/woff2 woff2; -} diff --git a/ubuntu-7.2/rootfs/etc/nginx/cache/fastcgicache.conf b/ubuntu-7.2/rootfs/etc/nginx/cache/fastcgicache.conf deleted file mode 100644 index 1455277..0000000 --- a/ubuntu-7.2/rootfs/etc/nginx/cache/fastcgicache.conf +++ /dev/null @@ -1,13 +0,0 @@ -## -# Add few rules which deny using cache -## -include cache/fastcgicache_skip_rules.conf; -include cache/helper_variables.conf; -fastcgi_cache_bypass $skip_cache; -fastcgi_no_cache $skip_cache; - -fastcgi_cache WORDPRESS; -#proxy_ignore_headers Set-Cookie Expires Cache-Control; - -# Add header for easier cache debugging -add_header X-Cache $upstream_cache_status always; diff --git a/ubuntu-7.2/rootfs/etc/nginx/cache/fastcgicache_settings.conf b/ubuntu-7.2/rootfs/etc/nginx/cache/fastcgicache_settings.conf deleted file mode 100644 index 542ae23..0000000 --- a/ubuntu-7.2/rootfs/etc/nginx/cache/fastcgicache_settings.conf +++ /dev/null @@ -1,7 +0,0 @@ -## -# Basic settings of Fast cgi cache -## -fastcgi_cache_path ${NGINX_CACHE_DIRECTORY} levels=1:2 keys_zone=WORDPRESS:100m max_size=1000m inactive=730h; -fastcgi_cache_lock on; -fastcgi_cache_valid ${NGINX_REDIS_CACHE_TTL_DEFAULT}; -add_header 'Cache-Control' ${NGINX_CACHE_CONTROL}; \ No newline at end of file diff --git a/ubuntu-7.2/rootfs/etc/nginx/cache/fastcgicache_skip_rules.conf b/ubuntu-7.2/rootfs/etc/nginx/cache/fastcgicache_skip_rules.conf deleted file mode 100644 index 99bbc0e..0000000 --- a/ubuntu-7.2/rootfs/etc/nginx/cache/fastcgicache_skip_rules.conf +++ /dev/null @@ -1,75 +0,0 @@ -## -# Add few rules which deny using cache -## - -# Don't skip cache by default -set $skip_cache 0; -# insert project specific cache rules to this file (delete this row when all projects are updated) -include /var/www/project/nginx/server/skip_cache.conf; -# insert project specific cache rules to this folder -include ${NGINX_INCLUDE_DIR}/skipcache/*.conf; - -# POST requests and urls with a query string should always go to PHP -if ($request_method = POST) { - set $skip_cache 1; -} - -# Deal with accepted query vars -set $without $query_string; - -set_by_lua_block $cache_args { - -- Helper split string function - function split( inputstr, sep ) - if sep == nil then - sep = "%s" - end - local t={} ; i=1 - for str in string.gmatch(inputstr, "([^" .. sep .. "]+)") do - t[ i ] = str - i = i + 1 - end - return t - end - - -- Helper escape special chars function - function esc( str ) - return str:gsub( "([^%w])", "%%%1" ) - end - - local with = {} - local without = ngx.var.without - - -- Get a list of accepted query vars from env variable - local accepted = split( ( os.getenv( 'CACHE_QUERYVARS' ) or "" ), "," ) - - -- Loop through the list - for key, accept in pairs(accepted) do - -- If there is a value present for the variable, store it in a variable - if ngx.decode_args( without )[ accept ] then - table.insert( with, accept .. "=" .. ngx.decode_args( without )[ accept ] ) - end - -- Remove the accepted key-value pair from the string - without = string.gsub( without, "&?" .. esc( accept ) .. "=[^&]+", "" ) - end - - -- Store all non-accepted query vars to checked later - ngx.var.without = without - - -- Return accepted query var key-value pairs to be used in the cache key - return "?" .. table.concat( with, "&" ) -} - -# If there were any unaccepted query vars, skip cache -if ($without != "") { - set $skip_cache 1; -} - -# Don't use the cache for logged in users or recent commenters -if ($http_cookie ~* "comment_author|wordpress_[a-f0-9]+|wp-postpass|wordpress_no_cache|wordpress_logged_in|woocommerce_items_in_cart") { - set $skip_cache 1; -} - -# Don't cache responses from wp-admin, xmlrpc and wp-login.php -if ($request_uri ~* "/wp-admin/|/xmlrpc.php|wp-.*.php") { - set $skip_cache 1; -} \ No newline at end of file diff --git a/ubuntu-7.2/rootfs/etc/nginx/cache/helper_variables.conf b/ubuntu-7.2/rootfs/etc/nginx/cache/helper_variables.conf deleted file mode 100644 index ea10fb9..0000000 --- a/ubuntu-7.2/rootfs/etc/nginx/cache/helper_variables.conf +++ /dev/null @@ -1,15 +0,0 @@ -## -# This file creates few helper variables -# $prefer_language_slug - 2 first letters from accept-language header to determine the language redirects from cache -## - -## -# Parse first two letters from accept-language header to determine right cache key -## -set_by_lua_block $prefer_language_slug { - if ngx.var.http_accept_language then - return string.lower( string.match( ngx.var.http_accept_language, '%w%w' ) ) - else - return 'en' - end -} diff --git a/ubuntu-7.2/rootfs/etc/nginx/cache/redis_backend.conf b/ubuntu-7.2/rootfs/etc/nginx/cache/redis_backend.conf deleted file mode 100644 index e9f86a3..0000000 --- a/ubuntu-7.2/rootfs/etc/nginx/cache/redis_backend.conf +++ /dev/null @@ -1,45 +0,0 @@ -## -# Adds internal locations for storing and getting full page cache from redis -## - -srcache_default_expire '${NGINX_REDIS_CACHE_TTL_DEFAULT}'; -srcache_max_expire '${NGINX_REDIS_CACHE_TTL_MAX}'; - -location /redis-fetch { - internal; - - ## - # In order to use password authentication we use custom redis module which adds $redis_auth: - # - https://github.com/Yongke/ngx_http_redis-0.3.7 - ## - - # Read the configuration from system envs - set $redis_auth '${REDIS_PASSWORD}'; - set $redis_db ${REDIS_DATABASE}; - - set $redis_key $args; - - redis_pass ${REDIS_HOST}:${REDIS_PORT}; -} - -location /redis-store { - internal; - - set_unescape_uri $exptime $arg_exptime; - set_unescape_uri $key $arg_key; - - # Fix caching problem for now - # There's issue in github https://github.com/openresty/srcache-nginx-module/issues/61 - set_if_empty $srcache_expire '${NGINX_REDIS_CACHE_TTL_DEFAULT}'; - - # redis module pipelines these 3 commands into single request - redis2_query auth '${REDIS_PASSWORD}'; - redis2_query select ${REDIS_DATABASE}; - - # Set and expire with one command: http://redis.io/commands/setex - redis2_query setex $key $srcache_expire $echo_request_body; - - # Pass the request to redis - redis2_pass ${REDIS_HOST}:${REDIS_PORT}; - -} diff --git a/ubuntu-7.2/rootfs/etc/nginx/cache/skip_rules.conf b/ubuntu-7.2/rootfs/etc/nginx/cache/skip_rules.conf deleted file mode 100644 index 5f2621d..0000000 --- a/ubuntu-7.2/rootfs/etc/nginx/cache/skip_rules.conf +++ /dev/null @@ -1,30 +0,0 @@ -## -# Add few rules which deny using cache -## - -# Don't skip cache by default -set $skip_cache 0; - -# POST requests and urls with a query string should always go to PHP -if ($request_method = POST) { - set $skip_cache 1; -} - -# If theres any args skip cache -if ($without != "") { - set $skip_cache 1; -} - -# Don't use the cache for logged in users or recent commenters -if ($http_cookie ~* "comment_author|wordpress_[a-f0-9]+|wp-postpass|wordpress_no_cache|wordpress_logged_in|woocommerce_items_in_cart") { - set $skip_cache 1; -} - -# Don't cache responses from wp-admin, xmlrpc and wp-login.php -if ($request_uri ~* "/wp-admin/|/xmlrpc.php|wp-.*.php") { - set $skip_cache 1; -} - -# Skip fetch and skip if conditions are met -srcache_fetch_skip $skip_cache; -srcache_store_skip $skip_cache; diff --git a/ubuntu-7.2/rootfs/etc/nginx/cache/srcache.conf b/ubuntu-7.2/rootfs/etc/nginx/cache/srcache.conf deleted file mode 100644 index 85027dd..0000000 --- a/ubuntu-7.2/rootfs/etc/nginx/cache/srcache.conf +++ /dev/null @@ -1,20 +0,0 @@ -## -# Add few rules which deny using cache -## -include cache/skip_rules.conf; -include cache/helper_variables.conf; - -# Use redis caching for all pages -# Allow different cache key from env -# Use 'wp_' prefix so that cache can be flushed with: -# $ wp cache flush -set $cache_key "${NGINX_CACHE_KEY}"; -set_escape_uri $escaped_cache_key $cache_key; - -srcache_response_cache_control on; - -srcache_fetch GET /redis-fetch $cache_key; -srcache_store PUT /redis-store key=$escaped_cache_key; - -# Add header for easier cache debugging -add_header X-Cache $srcache_fetch_status; diff --git a/ubuntu-7.2/rootfs/etc/nginx/env.conf b/ubuntu-7.2/rootfs/etc/nginx/env.conf deleted file mode 100644 index 3089a23..0000000 --- a/ubuntu-7.2/rootfs/etc/nginx/env.conf +++ /dev/null @@ -1,13 +0,0 @@ -# Set custom enviromental variables that we need with lua here -# These are used to dynamically load -env PORT; -env WEB_ROOT; -env NGINX_MAX_BODY_SIZE; -env NGINX_TIMEOUT; - -# For nginx redis cache -env REDIS_HOST; -env REDIS_PORT; -env REDIS_DATABASE; -env REDIS_PASSWORD; -env CACHE_QUERYVARS; \ No newline at end of file diff --git a/ubuntu-7.2/rootfs/etc/nginx/error_pages.conf b/ubuntu-7.2/rootfs/etc/nginx/error_pages.conf deleted file mode 100644 index 700cc6b..0000000 --- a/ubuntu-7.2/rootfs/etc/nginx/error_pages.conf +++ /dev/null @@ -1,31 +0,0 @@ -## -# Custom error pages -## - -## 403 - Forbidden -error_page 403 /403.html; -location = /403.html { - root /usr/share/nginx/html; - internal; -} - -## 500 - Internal Server Error -error_page 500 /500.html; -location = /500.html { - root /usr/share/nginx/html; - internal; -} - -## 502 - Bad Gateway -error_page 502 /502.html; -location = /502.html { - root /usr/share/nginx/html; - internal; -} - -## 504 - Gateway Timeout -error_page 504 /504.html; -location = /504.html { - root /usr/share/nginx/html; - internal; -} diff --git a/ubuntu-7.2/rootfs/etc/nginx/fastcgi_params b/ubuntu-7.2/rootfs/etc/nginx/fastcgi_params deleted file mode 100644 index 6fccf4f..0000000 --- a/ubuntu-7.2/rootfs/etc/nginx/fastcgi_params +++ /dev/null @@ -1,29 +0,0 @@ -# These are just basic things form request -fastcgi_param QUERY_STRING $query_string; -fastcgi_param REQUEST_METHOD $request_method; -fastcgi_param CONTENT_TYPE $content_type; -fastcgi_param CONTENT_LENGTH $content_length; - -fastcgi_param SCRIPT_NAME $fastcgi_script_name; -fastcgi_param REQUEST_URI $request_uri; -fastcgi_param DOCUMENT_URI $document_uri; -fastcgi_param DOCUMENT_ROOT $document_root; -fastcgi_param SERVER_PROTOCOL $server_protocol; - -fastcgi_param GATEWAY_INTERFACE CGI/1.1; -fastcgi_param SERVER_SOFTWARE nginx/$nginx_version; - -## -# Set these using the knowledge that we are behind proxy -## -fastcgi_param REMOTE_ADDR $real_remote; -fastcgi_param REMOTE_PORT $remote_port; -fastcgi_param SERVER_ADDR $server_addr; -fastcgi_param SERVER_PORT $real_port; -fastcgi_param SERVER_NAME $real_host; -fastcgi_param HTTPS $real_https; -fastcgi_param REQUEST_SCHEME $real_scheme; -fastcgi_param HTTP_HOST $real_host; - -# PHP only, required if PHP was built with --enable-force-cgi-redirect -fastcgi_param REDIRECT_STATUS 200; diff --git a/ubuntu-7.2/rootfs/etc/nginx/fastcgi_settings.conf b/ubuntu-7.2/rootfs/etc/nginx/fastcgi_settings.conf deleted file mode 100644 index 25683fb..0000000 --- a/ubuntu-7.2/rootfs/etc/nginx/fastcgi_settings.conf +++ /dev/null @@ -1,23 +0,0 @@ -# regex to split $uri to $fastcgi_script_name and $fastcgi_path -fastcgi_split_path_info ^(.+\.php)(/.+)$; - -# Bypass the fact that try_files resets $fastcgi_path_info -# see: http://trac.nginx.org/nginx/ticket/321 -set $path_info $fastcgi_path_info; -fastcgi_param PATH_INFO $path_info; - -# Intercept errors from php-fpm -# These can be: -# - timeouts for long running requests -# - requested php file might be missing or not existing in the first place -fastcgi_intercept_errors on; - -fastcgi_index index.php; - -# Small optimisation on fastcgi buffer size -# defaults are 8k; -fastcgi_buffers 16 16k; -fastcgi_buffer_size 16k; - -# Include basic fastcgi settings -include fastcgi_params; diff --git a/ubuntu-7.2/rootfs/etc/nginx/gzip.conf b/ubuntu-7.2/rootfs/etc/nginx/gzip.conf deleted file mode 100644 index 69737cc..0000000 --- a/ubuntu-7.2/rootfs/etc/nginx/gzip.conf +++ /dev/null @@ -1,58 +0,0 @@ -# Compression - -# Enable Gzip compressed. -gzip on; - -# Compression level (1-9). -# 5 is a perfect compromise between size and cpu usage, offering about -# 75% reduction for most ascii files (almost identical to level 9). -gzip_comp_level 5; - -# Don't compress anything that's already small and unlikely to shrink much -# if at all (the default is 20 bytes, which is bad as that usually leads to -# larger files after gzipping). -gzip_min_length 256; - -# Compress data even for clients that are connecting to us via proxies, -# identified by the "Via" header (required for CloudFront). -gzip_proxied any; - -# Tell proxies to cache both the gzipped and regular version of a resource -# whenever the client's Accept-Encoding capabilities header varies; -# Avoids the issue where a non-gzip capable client (which is extremely rare -# today) would display gibberish if their proxy gave them the gzipped version. -gzip_vary on; - -# Compress all output labeled with one of the following MIME-types. -gzip_types - application/atom+xml - application/javascript - application/json - application/ld+json - application/manifest+json - application/rss+xml - application/vnd.geo+json - application/vnd.ms-fontobject - application/x-font-ttf - application/x-web-app-manifest+json - application/xhtml+xml - application/xml - font/opentype - image/bmp - image/svg+xml - image/x-icon - text/cache-manifest - text/css - text/plain - text/vcard - text/vnd.rim.location.xloc - text/vtt - text/x-component - text/x-cross-domain-policy; -# text/html is always compressed by HttpGzipModule - -# This should be turned on if you are going to have pre-compressed copies (.gz) of -# static files available. If not it should be left off as it will cause extra I/O -# for the check. It is best if you enable this in a location{} block for -# a specific directory, or on an individual server{} level. -# gzip_static on; diff --git a/ubuntu-7.2/rootfs/etc/nginx/log_format.conf b/ubuntu-7.2/rootfs/etc/nginx/log_format.conf deleted file mode 100644 index 74c5779..0000000 --- a/ubuntu-7.2/rootfs/etc/nginx/log_format.conf +++ /dev/null @@ -1,16 +0,0 @@ -# Log cache status -# Log real requester address -log_format custom '[$time_local] $http_x_real_ip ' - '$host "$request" $status $body_bytes_sent $request_time ' - '"$http_referer" "$http_user_agent" $upstream_cache_status'; - -## -# Legacy formats which might be in use somewhere -## -# This log format makes it so we can see real requester's IP address \ -# not just the reverse proxy server's IP address. Also note, that \ -# "specialLog" can be replaced with any name you would like to \ -# give to this log format. -log_format specialLog '[$time_local] $http_x_real_ip ' - '$host "$request" $status $body_bytes_sent $request_time ' - '"$http_referer" "$http_user_agent" $upstream_cache_status'; \ No newline at end of file diff --git a/ubuntu-7.2/rootfs/etc/nginx/log_formats.conf b/ubuntu-7.2/rootfs/etc/nginx/log_formats.conf deleted file mode 100644 index 9e4e2fc..0000000 --- a/ubuntu-7.2/rootfs/etc/nginx/log_formats.conf +++ /dev/null @@ -1,19 +0,0 @@ -# Log cache status -# Log real requester address -log_format custom '[$time_local] $http_x_forwarded_for ' - '$host "$request" $status $body_bytes_sent $request_time ' - '"$http_referer" "$http_user_agent" $upstream_cache_status'; - -# A new log format for detecting bad bots. -log_format blocked '[$time_local] Blocked request from $http_x_forwarded_for $request'; - -## -# Legacy formats which might be in use somewhere -## -# This log format makes it so we can see real requester's IP address \ -# not just the reverse proxy server's IP address. Also note, that \ -# "specialLog" can be replaced with any name you would like to \ -# give to this log format. -log_format specialLog '[$time_local] $http_x_forwarded_for ' - '$host "$request" $status $body_bytes_sent $request_time ' - '"$http_referer" "$http_user_agent" $upstream_cache_status'; \ No newline at end of file diff --git a/ubuntu-7.2/rootfs/etc/nginx/pagespeed/locations.conf b/ubuntu-7.2/rootfs/etc/nginx/pagespeed/locations.conf deleted file mode 100644 index 46feb53..0000000 --- a/ubuntu-7.2/rootfs/etc/nginx/pagespeed/locations.conf +++ /dev/null @@ -1,7 +0,0 @@ -# Ensure requests for pagespeed optimized resources go to the pagespeed handler -# and no extraneous headers get set. -location ~ "\.pagespeed\.([a-z]\.)?[a-z]{2}\.[^.]{10}\.[^.]+" { - add_header "" ""; -} -location ~ "^/pagespeed_static/" { } -location ~ "^/ngx_pagespeed_beacon$" { } diff --git a/ubuntu-7.2/rootfs/etc/nginx/pagespeed/settings.conf b/ubuntu-7.2/rootfs/etc/nginx/pagespeed/settings.conf deleted file mode 100644 index be5a0a8..0000000 --- a/ubuntu-7.2/rootfs/etc/nginx/pagespeed/settings.conf +++ /dev/null @@ -1,13 +0,0 @@ -# Hide pagespeed version and provide this header instaed -pagespeed XHeaderValue "Enabled"; - -# Don't alter Cache-Control headers -pagespeed ModifyCachingHeaders off; - -# This is for pagespeed temporary files -# Needs to exist and be writable by nginx. Use tmpfs for best performance. -pagespeed FileCachePath /tmp/nginx/pagespeed; - -# Pagespeed sets default TTL from file to 300s, which is bad -# This sets the time to be 1 year -pagespeed LoadFromFileCacheTtlMs 2592000000; diff --git a/ubuntu-7.2/rootfs/etc/nginx/proxy_real_variables.conf b/ubuntu-7.2/rootfs/etc/nginx/proxy_real_variables.conf deleted file mode 100644 index e380f1f..0000000 --- a/ubuntu-7.2/rootfs/etc/nginx/proxy_real_variables.conf +++ /dev/null @@ -1,35 +0,0 @@ -## -# Set few variables since we use jwilder/nginx-proxy in dev and proxy in production -# So the fastcgi params need to be the original ones or you -# will have redirect loops ('canonical_redirect' mostly) -## - -# Set $host first from proxy (if possible) -set $real_host $http_x_forwarded_host; -if ($real_host = '') { - set $real_host $http_host; -} - -# Set server port according to forwarded proto -set $real_port 80; -if ($http_x_forwarded_proto = 'https') { - set $real_port 443; -} - -# Set https according to used proto -set $real_https off; -if ($http_x_forwarded_proto = 'https') { - set $real_https on; -} - -# Set scheme according to used proto -set $real_scheme 'http'; -if ($http_x_forwarded_proto = 'https') { - set $real_scheme 'https'; -} - -# Set original remote -set $real_remote $http_x_forwarded_for; -if ($real_remote = '') { - set $real_remote $remote_addr; -} diff --git a/ubuntu-7.2/rootfs/etc/nginx/security.conf b/ubuntu-7.2/rootfs/etc/nginx/security.conf deleted file mode 100644 index 24afdeb..0000000 --- a/ubuntu-7.2/rootfs/etc/nginx/security.conf +++ /dev/null @@ -1,27 +0,0 @@ -## Block SQL injections -location ~* union.*select.*\( { access_log $blocked_log blocked; return 403; } -location ~* union.*all.*select.* { access_log $blocked_log blocked; return 403; } -location ~* concat.*\( { access_log $blocked_log blocked; return 403; } - -## Block common exploits -location ~* (<|%3C).*script.*(>|%3E) { access_log $blocked_log blocked; return 403; } -location ~* base64_(en|de)code\(.*\) { access_log $blocked_log blocked; return 403; } -location ~* (%24&x) { access_log $blocked_log blocked; return 403; } -location ~* (%0|%A|%B|%C|%D|%E|%F|127\.0) { access_log $blocked_log blocked; return 403; } -location ~* \.\.\/ { access_log $blocked_log blocked; return 403; } -location ~* ~$ { access_log $blocked_log blocked; return 403; } -location ~* proc/self/environ { access_log $blocked_log blocked; return 403; } -location ~* /\.(htaccess|htpasswd|svn|git) { access_log $blocked_log blocked; return 403; } - -## Block file injections -location ~* [a-zA-Z0-9_]=(\.\.//?)+ { access_log $blocked_log blocked; return 403; } -location ~* [a-zA-Z0-9_]=/([a-z0-9_.]//?)+ { access_log $blocked_log blocked; return 403; } - -## wordpress security -location ~* wp-config.php { access_log $blocked_log blocked; return 403; } -location ~* wp-load.php { access_log $blocked_log blocked; return 403; } -location ~* wp-admin/includes { access_log $blocked_log blocked; return 403; } -location ~* wp-app\.log { access_log $blocked_log blocked; return 403; } -location ~* (licence|readme|license)\.(md|html|txt) { access_log $blocked_log blocked; return 403; } -location ~* composer.json { access_log $blocked_log blocked; return 403; } - diff --git a/ubuntu-7.2/rootfs/etc/nginx/security_headers.conf b/ubuntu-7.2/rootfs/etc/nginx/security_headers.conf deleted file mode 100644 index be78f67..0000000 --- a/ubuntu-7.2/rootfs/etc/nginx/security_headers.conf +++ /dev/null @@ -1,23 +0,0 @@ -## -# Security headers, source: https://gist.github.com/plentz/6737338 -## - -# config to don't allow the browser to render the page inside an frame or iframe -# and avoid clickjacking http://en.wikipedia.org/wiki/Clickjacking -# if you need to allow [i]frames, you can use SAMEORIGIN or even set an uri with ALLOW-FROM uri -# https://developer.mozilla.org/en-US/docs/HTTP/X-Frame-Options -add_header X-Frame-Options SAMEORIGIN; - -# when serving user-supplied content, include a X-Content-Type-Options: nosniff header along with the Content-Type: header, -# to disable content-type sniffing on some browsers. -# https://www.owasp.org/index.php/List_of_useful_HTTP_headers -# currently suppoorted in IE > 8 http://blogs.msdn.com/b/ie/archive/2008/09/02/ie8-security-part-vi-beta-2-update.aspx -# http://msdn.microsoft.com/en-us/library/ie/gg622941(v=vs.85).aspx -# 'soon' on Firefox https://bugzilla.mozilla.org/show_bug.cgi?id=471020 -add_header X-Content-Type-Options nosniff always; - -# This header enables the Cross-site scripting (XSS) filter built into most recent web browsers. -# It's usually enabled by default anyway, so the role of this header is to re-enable the filter for -# this particular website if it was disabled by the user. -# https://www.owasp.org/index.php/List_of_useful_HTTP_headers -add_header X-XSS-Protection "1; mode=block"; diff --git a/ubuntu-7.2/rootfs/etc/nginx/static_files.conf b/ubuntu-7.2/rootfs/etc/nginx/static_files.conf deleted file mode 100644 index fa9d42d..0000000 --- a/ubuntu-7.2/rootfs/etc/nginx/static_files.conf +++ /dev/null @@ -1,13 +0,0 @@ -# Use version numbers to bypass cache -# Try to cache as long as we can -expires max; - -## No need to bleed constant updates. Send the all shebang in one -## fell swoop. -tcp_nodelay off; - -## Set the OS file cache. -open_file_cache max=3000 inactive=120s; -open_file_cache_valid 45s; -open_file_cache_min_uses 2; -open_file_cache_errors off; diff --git a/ubuntu-7.2/rootfs/etc/nginx/upstreams.conf b/ubuntu-7.2/rootfs/etc/nginx/upstreams.conf deleted file mode 100644 index 395d445..0000000 --- a/ubuntu-7.2/rootfs/etc/nginx/upstreams.conf +++ /dev/null @@ -1,4 +0,0 @@ -# Default php handler -upstream php-fpm { - server unix:/var/run/php-fpm.sock; -} diff --git a/ubuntu-7.2/rootfs/etc/php/7.2/cli/php.ini b/ubuntu-7.2/rootfs/etc/php/7.2/cli/php.ini deleted file mode 100644 index 5b4d1fe..0000000 --- a/ubuntu-7.2/rootfs/etc/php/7.2/cli/php.ini +++ /dev/null @@ -1,71 +0,0 @@ -[PHP] -; This directive determines whether or not PHP will recognize code between -; tags as PHP source which should be processed as such. -short_open_tag = Off - -; Implicit flush tells PHP to tell the output layer to flush itself -; automatically after every output block. -implicit_flush = Off - -; This directive allows you to disable certain functions for security reasons. -; It receives a comma-delimited list of function names. -; http://php.net/disable-functions -disable_functions = - -; Enables or disables the circular reference collector. -; http://php.net/zend.enable-gc -zend.enable_gc = On - -;;;;;;;;;;;;;;;;; -; Miscellaneous ; -;;;;;;;;;;;;;;;;; - - -; Deny executing anything else than the exact path passed from fastcgi -; This causes the PHP interpreter to only try the literal path given and to stop processing if the file is not found. -; This is for security. -; https://www.nginx.com/resources/wiki/start/topics/tutorials/config_pitfalls/#passing-uncontrolled-requests-to-php -cgi.fix_pathinfo = 0 - -expose_php = Off - -;;;;;;;;;;;;;;;;;;; -; Resource Limits ; -;;;;;;;;;;;;;;;;;;; - -; Maximum execution time of each script, in seconds -max_execution_time = 600 - -; Maximum amount of time each script may spend parsing request data. -max_input_time = 60 - -; How many GET/POST/COOKIE input variables may be accepted -; max_input_vars = 1000 - -; Maximum amount of memory a script may consume (128MB) -memory_limit = ${PHP_MEMORY_LIMIT} - -;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; -; Error handling and logging ; -;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; - -error_reporting = E_ALL - -display_errors = On - -display_startup_errors = On - -log_errors = On - -log_errors_max_len = 2048 - -ignore_repeated_errors = Off - -ignore_repeated_source = Off - -report_memleaks = On - -;This is deprecated from php7.2 so its disabled as of 5.4.2018 -;track_errors = On - -html_errors = Off diff --git a/ubuntu-7.2/rootfs/etc/php/7.2/fpm/conf.d/blocked.ini b/ubuntu-7.2/rootfs/etc/php/7.2/fpm/conf.d/blocked.ini deleted file mode 100644 index 4142569..0000000 --- a/ubuntu-7.2/rootfs/etc/php/7.2/fpm/conf.d/blocked.ini +++ /dev/null @@ -1,4 +0,0 @@ -; Disable some functions because they allow bad/vulnerable patterns -; We want to advocate good coding practises and these functions make it difficult -; You can use these with php cli but not with php-fpm -disable_functions = exec,passthru,shell_exec,show_source,system,pcntl_exec,popen,posix_getpwuid,posix_kill,posix_mkfifo,posix_setpgid,posix_setsid,posix_setuid,posix_setuid,posix_uname,proc_nice,proc_open,proc_close,proc_get_status diff --git a/ubuntu-7.2/rootfs/etc/php/7.2/fpm/conf.d/common.ini b/ubuntu-7.2/rootfs/etc/php/7.2/fpm/conf.d/common.ini deleted file mode 100644 index 5600222..0000000 --- a/ubuntu-7.2/rootfs/etc/php/7.2/fpm/conf.d/common.ini +++ /dev/null @@ -1,4 +0,0 @@ -[PHP] - -; Don't brag that we have php 7.0 -expose_php = Off diff --git a/ubuntu-7.2/rootfs/etc/php/7.2/fpm/conf.d/limits.ini b/ubuntu-7.2/rootfs/etc/php/7.2/fpm/conf.d/limits.ini deleted file mode 100644 index 6ccc766..0000000 --- a/ubuntu-7.2/rootfs/etc/php/7.2/fpm/conf.d/limits.ini +++ /dev/null @@ -1,7 +0,0 @@ -; filesize, time and input limits -max_execution_time = ${NGINX_FASTCGI_TIMEOUT} -max_input_time = -1 -max_input_vars = ${PHP_MAX_INPUT_VARS} -memory_limit = ${PHP_MEMORY_LIMIT} -post_max_size = ${NGINX_MAX_BODY_SIZE} -upload_max_filesize = ${NGINX_MAX_BODY_SIZE} diff --git a/ubuntu-7.2/rootfs/etc/php/7.2/fpm/conf.d/logging.ini b/ubuntu-7.2/rootfs/etc/php/7.2/fpm/conf.d/logging.ini deleted file mode 100644 index 6db568d..0000000 --- a/ubuntu-7.2/rootfs/etc/php/7.2/fpm/conf.d/logging.ini +++ /dev/null @@ -1,4 +0,0 @@ -; Log all warnings and errors -error_log = ${PHP_ERROR_LOG} -log_level = ${PHP_ERROR_LOG_LEVEL} -log_errors_max_len = ${PHP_ERROR_MAX_LEN} diff --git a/ubuntu-7.2/rootfs/etc/php/7.2/fpm/conf.d/mail.ini b/ubuntu-7.2/rootfs/etc/php/7.2/fpm/conf.d/mail.ini deleted file mode 100644 index d54d6f8..0000000 --- a/ubuntu-7.2/rootfs/etc/php/7.2/fpm/conf.d/mail.ini +++ /dev/null @@ -1,3 +0,0 @@ -[PHP] -; Use msmtp to send mail instead of sendmail -sendmail_path = "/usr/sbin/sendmail" diff --git a/ubuntu-7.2/rootfs/etc/php/7.2/fpm/conf.d/opcache.ini b/ubuntu-7.2/rootfs/etc/php/7.2/fpm/conf.d/opcache.ini deleted file mode 100644 index 41a7d2a..0000000 --- a/ubuntu-7.2/rootfs/etc/php/7.2/fpm/conf.d/opcache.ini +++ /dev/null @@ -1,24 +0,0 @@ -; Enable php opcache to make site faster -; These are taken from: https://www.scalingphpbook.com/blog/2014/02/14/best-zend-opcache-settings.html -[opcache] -opcache.enable = 1 -opcache.enable_cli = 1 - -; Provides a faster mechanism for calling the deconstructors in your code at the end of a single request to speed up the response and recycle php workers so they're ready for the next incoming request faster. -opcache.fast_shutdown = 1 - -; Give plenty of memory for php process for caching the code -opcache.memory_consumption = ${PHP_OPCACHE_MAX_MEMORY} - -; Log into container output -opcache.error_log = /dev/stderr - -; Log opcache warnings -opcache.log_verbosity_level = 2 - -; PHP uses a technique called string interning to improve performance— so, for example, if you have the string "foobar" 1000 times in your code, internally PHP will store 1 immutable variable for this string and just use a pointer to it for the other 999 times you use it. -; This reserves 16MB to storing the most used strings -opcache.interned_strings_buffer = 16 -opcache.max_accelerated_files = ${PHP_OPCACHE_MAX_FILES} - - diff --git a/ubuntu-7.2/rootfs/etc/php/7.2/fpm/conf.d/opcache_invalidate.conf b/ubuntu-7.2/rootfs/etc/php/7.2/fpm/conf.d/opcache_invalidate.conf deleted file mode 100644 index d152afa..0000000 --- a/ubuntu-7.2/rootfs/etc/php/7.2/fpm/conf.d/opcache_invalidate.conf +++ /dev/null @@ -1,5 +0,0 @@ -; Don't revalidate php files in this container -opcache.validate_timestamps = 0 - -; We don't need to cache php comments into opcache -opcache.save_comments = 0 diff --git a/ubuntu-7.2/rootfs/etc/php/7.2/fpm/conf.d/sessions.ini b/ubuntu-7.2/rootfs/etc/php/7.2/fpm/conf.d/sessions.ini deleted file mode 100644 index d5fb56c..0000000 --- a/ubuntu-7.2/rootfs/etc/php/7.2/fpm/conf.d/sessions.ini +++ /dev/null @@ -1,6 +0,0 @@ -;;;;;;;;;;;;;;;;;;;;;;;;;; -; Define Session backend ; -;;;;;;;;;;;;;;;;;;;;;;;;;; -; These env can also contain redis as backend -session.save_handler = ${PHP_SESSION_HANDLER} -session.save_path = ${PHP_SESSION_SAVE_PATH} diff --git a/ubuntu-7.2/rootfs/etc/php/7.2/fpm/conf.d/timezone.ini b/ubuntu-7.2/rootfs/etc/php/7.2/fpm/conf.d/timezone.ini deleted file mode 100644 index dfb2fec..0000000 --- a/ubuntu-7.2/rootfs/etc/php/7.2/fpm/conf.d/timezone.ini +++ /dev/null @@ -1,2 +0,0 @@ -; Timezone from env formatted like 'Europe/Helsinki' -date.timezone = ${TZ} diff --git a/ubuntu-7.2/rootfs/etc/php/7.2/fpm/php-fpm.d/preserve-env.conf b/ubuntu-7.2/rootfs/etc/php/7.2/fpm/php-fpm.d/preserve-env.conf deleted file mode 100644 index 956d8ff..0000000 --- a/ubuntu-7.2/rootfs/etc/php/7.2/fpm/php-fpm.d/preserve-env.conf +++ /dev/null @@ -1,3 +0,0 @@ -; Just use all envs from system when php-fpm starts -; By default php-fpm flushes all envs and they need to be whitelisted -clear_env = no diff --git a/ubuntu-7.2/rootfs/etc/php/7.2/fpm/php.ini b/ubuntu-7.2/rootfs/etc/php/7.2/fpm/php.ini deleted file mode 100644 index bf0e19b..0000000 --- a/ubuntu-7.2/rootfs/etc/php/7.2/fpm/php.ini +++ /dev/null @@ -1,47 +0,0 @@ -;;; -; Production settings for php and php-fpm -;;; -; All directives from /etc/php/7.0/fpm/conf.d are also included -;;; - -[PHP] - -; Don't display errors into frontend -display_errors = ${PHP_DISPLAY_ERRORS} - -; disable ignoring of repeat errors -ignore_repeated_errors = false - -; disable ignoring of unique source errors -ignore_repeated_source = false - -; enable logging of php memory leaks -report_memleaks = true - -; Deny executing anything else than the exact path passed from fastcgi -; This causes the PHP interpreter to only try the literal path given and to stop processing if the file is not found. -; This is for security. Source: https://www.nginx.com/resources/wiki/start/topics/tutorials/config_pitfalls/#passing-uncontrolled-requests-to-php -cgi.fix_pathinfo = 0 - -; disable html markup of errors -html_errors = false - -; disable formatting of error reference links -docref_root = 0 - -; disable formatting of error reference links -docref_ext = 0 - -; disable max error string length ( by using so big number that bigger messages don't matter ) -log_errors_max_len = 10000 - -; Don't show startup errors -display_startup_errors = Off -;This is deprecated from php7.2 so its disabled as of 5.4.2018 -;track_errors = Off - -; Redirect worker stdout and stderr into main error log. If not set, stdout and -; stderr will be redirected to /dev/null according to FastCGI specs. -; Default Value: no -catch_workers_output = yes - diff --git a/ubuntu-7.2/rootfs/etc/services.d/cron/run b/ubuntu-7.2/rootfs/etc/services.d/cron/run deleted file mode 100644 index 444e2b9..0000000 --- a/ubuntu-7.2/rootfs/etc/services.d/cron/run +++ /dev/null @@ -1,4 +0,0 @@ -#!/usr/bin/with-contenv sh -echo "[services.d] started cron daemon" -# Runs cron daemon in foreground -cron -l 2 -f diff --git a/ubuntu-7.2/rootfs/etc/services.d/nginx/run b/ubuntu-7.2/rootfs/etc/services.d/nginx/run deleted file mode 100755 index ef92c7d..0000000 --- a/ubuntu-7.2/rootfs/etc/services.d/nginx/run +++ /dev/null @@ -1,4 +0,0 @@ -#!/usr/bin/with-contenv sh - -# Run nginx always in foreground -exec nginx -g "daemon off;" diff --git a/ubuntu-7.2/rootfs/etc/services.d/php-fpm/run b/ubuntu-7.2/rootfs/etc/services.d/php-fpm/run deleted file mode 100644 index 9ef8d41..0000000 --- a/ubuntu-7.2/rootfs/etc/services.d/php-fpm/run +++ /dev/null @@ -1,53 +0,0 @@ -#!/usr/bin/with-contenv bash - -## -# Check which kind of session backend we should be using -## -if [ -z "$PHP_SESSION_SAVE_PATH" ]; then - echo "[php-fpm] configuring php-fpm session backend..." - - # Use 'files' as default session handler - export PHP_SESSION_HANDLER=${PHP_SESSION_HANDLER-files} - - case "$PHP_SESSION_HANDLER" in - - files) - mkdir -p /tmp/php - chown $WEB_USER:$WEB_GROUP /tmp/php - - # export new env for php-fpm - export PHP_SESSION_SAVE_PATH='/tmp/php' - ;; - redis) - # Set defaults - REDIS_HOST=${REDIS_HOST-$REDIS_1_PORT_6379_TCP_ADDR} - REDIS_PORT=${REDIS_PORT-6379} - REDIS_SCHEME=${REDIS_SCHEME-tcp} - REDIS_PHP_SESSION_HOST=${REDIS_PHP_SESSION_HOST-$REDIS_1_PORT_6379_TCP_ADDR} - - # After this time php-fpm will timeout from requesting session data - PHP_SESSION_REDIS_TIMEOUT=${PHP_SESSION_REDIS_TIMEOUT-5} - - PHP_SESSION_REDIS_PARAMS="timeout=$PHP_SESSION_REDIS_TIMEOUT" - - # Set these only if they are not 0 and '' because they add complexity for the query - if [ "$PHP_SESSION_REDIS_DB" != "" ]; then - PHP_SESSION_REDIS_PARAMS+="&database=$PHP_SESSION_REDIS_DB" - fi - if [ "$REDIS_PASSWORD" != "" ]; then - PHP_SESSION_REDIS_PARAMS+="&auth=$REDIS_PASSWORD" - fi - if [ "$PHP_SESSION_REDIS_PREFIX" != "" ]; then - PHP_SESSION_REDIS_PARAMS+="&prefix=$PHP_SESSION_REDIS_PREFIX" - fi - - # export new env for php-fpm - export PHP_SESSION_SAVE_PATH="$REDIS_SCHEME://$REDIS_PHP_SESSION_HOST:$REDIS_PORT?$PHP_SESSION_REDIS_PARAMS" - ;; - esac -fi -echo "[php-fpm] using $PHP_SESSION_SAVE_PATH for php sessions..." - -echo "[php-fpm] started php-fpm" -exec php-fpm -c /etc/php/7.2/fpm/php.ini --fpm-config /etc/php/7.2/fpm/php-fpm.conf --pid /var/run/php-fpm.pid - diff --git a/ubuntu-7.2/rootfs/usr/bin/wp b/ubuntu-7.2/rootfs/usr/bin/wp deleted file mode 100755 index e138ef0..0000000 --- a/ubuntu-7.2/rootfs/usr/bin/wp +++ /dev/null @@ -1,12 +0,0 @@ -#!/usr/bin/env bash -## -# WP-cli wrapper: Append path automatically so that user doesn't have to -## -if [ "$(whoami)" = "root" ]; then - # Run as wordpress user instead - # This helps that we don't install things as root - # Or run 3rd party code as root - gosu $WEB_USER /usr/local/bin/wp-cli "$@" --path=$WP_CORE -else - /usr/local/bin/wp-cli "$@" --path=$WP_CORE -fi diff --git a/ubuntu-7.2/rootfs/usr/local/bin/phinx b/ubuntu-7.2/rootfs/usr/local/bin/phinx deleted file mode 100755 index 854aa2f..0000000 --- a/ubuntu-7.2/rootfs/usr/local/bin/phinx +++ /dev/null @@ -1,27 +0,0 @@ -#!/usr/bin/env bash -## -# Phinx wrapper -# You need to install phinx through composer first -## - -# Export database host in prod and dev -if [ ! -z "$MYSQL_HOST" ]; then - export PHINX_DBHOST=$MYSQL_HOST -elif [ ! -z "$DB_HOST" ]; then - export PHINX_DBHOST=$DB_HOST -elif [ ! -z "$DB_PORT_3306_TCP_ADDR" ]; then - export PHINX_DBHOST=$DB_PORT_3306_TCP_ADDR -else - echo "ERROR: You need to set DB_HOST!" -fi - -# Export phinx envs -# Default to MYSQL_ envs but fallback to DB_ -export PHINX_DBPORT=${MYSQL_PORT-$DB_PORT} -export PHINX_DBNAME=${MYSQL_DATABASE-$DB_NAME} -export PHINX_DBUSER=${MYSQL_USER-$DB_USER} -export PHINX_DBPASSWORD=${MYSQL_PWD-$DB_PASSWORD} -export PHINX_ENVIRONMENT=$WP_ENV - -# Run phinx -php $PROJECT_ROOT/vendor/bin/phinx $@ diff --git a/ubuntu-7.2/rootfs/usr/local/bin/print-smtp-password b/ubuntu-7.2/rootfs/usr/local/bin/print-smtp-password deleted file mode 100755 index f59d906..0000000 --- a/ubuntu-7.2/rootfs/usr/local/bin/print-smtp-password +++ /dev/null @@ -1,5 +0,0 @@ -#!/bin/bash -# This is so that we can use msmtp without /etc/msmtprc config file -# msmtp doesn't have --password option and it only has --passwordeval option -# We use this script so that we can use it in passwordeval -echo $SMTP_PASSWORD diff --git a/ubuntu-7.2/rootfs/usr/local/bin/wp-run-cron b/ubuntu-7.2/rootfs/usr/local/bin/wp-run-cron deleted file mode 100755 index e5c4aa8..0000000 --- a/ubuntu-7.2/rootfs/usr/local/bin/wp-run-cron +++ /dev/null @@ -1,42 +0,0 @@ -#!/bin/bash -# Copyright © 2015 Bjørn Johansen -# This work is free. You can redistribute it and/or modify it under the -# terms of the Do What The Fuck You Want To Public License, Version 2, -# as published by Sam Hocevar. See http://www.wtfpl.net/ for more details. -# Source: https://bjornjohansen.no/wordpress-cron-wp-cli -# Github: https://gist.github.com/bjornjohansen/a00a9fee5475c4dadb56#file-run-wp-cron-sh - -# This is modified for our container. In this container you don't need to use --path -# because it's automatically included - -# Check if WP-CLI is available -if ! hash wp 2>/dev/null; then - echo "[wp-cron] ERROR: WP-CLI is not available" - exit -fi - -# If WordPress isn’t installed here, we bail -if ! wp core is-installed --quiet >> /dev/null; then - echo "[wp-cron] ERROR: WordPress is not installed here: ${WP_CORE}" - exit -fi - -# Get a list of site URLs -if wp core is-installed --quiet --network >> /dev/null; -then - SITE_URLS=`wp site list --fields=url --archived=0 --deleted=0 --format=csv | sed 1d` -else - SITE_URLS=(`wp option get siteurl`) -fi - -# Loop through all the sites -for SITE_URL in $SITE_URLS -do - # replaced loop with better solution - wp cron event run --due-now --url="$SITE_URL" - # Run all event hooks that are due - #for EVENT_HOOK in $(wp cron event list --format=csv --fields=hook,next_run_relative --url="$SITE_URL" | grep now$ | awk -F ',' '{print $1}') - #do - # wp cron event run "$EVENT_HOOK" --url="$SITE_URL" --quiet - #done -done diff --git a/ubuntu-7.2/rootfs/usr/sbin/sendmail b/ubuntu-7.2/rootfs/usr/sbin/sendmail deleted file mode 100755 index ec8c40f..0000000 --- a/ubuntu-7.2/rootfs/usr/sbin/sendmail +++ /dev/null @@ -1,66 +0,0 @@ -#!/bin/bash -## -# This is custom wrapper for msmtp which acts like good old sendmail -# - It is used for php and cron -# - This is easier to configure for external mail server than sendmail -# - sendmail is just the default binary which other services will use -# - It needs following env: SMTP_HOST, SMTP_PASSWORD, SMTP_PORT, SMTP_AUTH, SMTP_USER -## - -# Deduce all used msmtp options from system ENVs -declare -a options - -# Act like sendmail -options+=("-t") - -# Use system tls chain -options+=("--tls-trust-file=/etc/ssl/certs/ca-certificates.crt") - -if [ -n "$SMTP_HOST" ]; then - options+=("--host=$SMTP_HOST") -else - echo "[mail error] SMTP_HOST is not defined, mail can't be sent" - exit 1 -fi - -# Log all mail requests -# try /var/log/mail/sent.log but use stdout when logfile is not available -if [ -n "$SMTP_LOG" ]; then - options+=("--logfile=$SMTP_LOG") -elif [ -f /var/log/mail/sent.log ]; then - options+=("--logfile=/var/log/mail/sent.log") -fi - -if [ -n "$SMTP_FROM" ]; then - options+=("--from=$SMTP_FROM") -fi - -# Default port for smtp is 25 and it will work even without this option -if [ -n "$SMTP_PORT" ]; then - options+=("--port=$SMTP_PORT") -fi - -# Setup credentials -if [ -n "$SMTP_USER" ]; then - options+=("--user=$SMTP_USER") -fi - -# msmtp doesn't provide password option because usually it's unsafe -# Use local hack for passwordeval -if [ -n "$SMTP_PASSWORD" ]; then - options+=("--passwordeval=/usr/local/bin/print-smtp-password") -fi - - -if [ -n "$SMTP_AUTH" ]; then - options+=("--auth=$SMTP_AUTH") -elif [ -n "$SMTP_USER" ] || [ -n "$SMTP_PASSWORD" ]; then - options+=("--auth=on") -fi - -if [ -n "$SMTP_TLS" ]; then - options+=("--tls=$SMTP_TLS") -fi - -# Add our options and command line options for msmtp -msmtp ${options[@]} "$@" diff --git a/ubuntu-7.2/rootfs/usr/share/nginx/html/403.html b/ubuntu-7.2/rootfs/usr/share/nginx/html/403.html deleted file mode 100644 index 3f85394..0000000 --- a/ubuntu-7.2/rootfs/usr/share/nginx/html/403.html +++ /dev/null @@ -1,95 +0,0 @@ - - - - - - -403 Forbidden - - - - - - - - -
-
-

403 Forbidden

-

Sorry! You don't have access permissions for that on .

-

Take Me To The Homepage - -

-
-
-
-
-
-
-

What happened?

-

A 403 error status indicates that you don't have permission to access the file or page. In general, web servers and websites have directories and files that are not open to the public web for security reasons.

-
-
-

What can I do?

-

If you're a site visitor

-

Please use your browsers back button and check that you're in the right place. If you need immediate assistance, please send us an email instead.

-

If you're the site owner

-

Please check that you're in the right place and get in touch with your website provider if you believe this to be an error.

-
-
-
-
- - - - - - - diff --git a/ubuntu-7.2/rootfs/usr/share/nginx/html/500.html b/ubuntu-7.2/rootfs/usr/share/nginx/html/500.html deleted file mode 100644 index e5fac20..0000000 --- a/ubuntu-7.2/rootfs/usr/share/nginx/html/500.html +++ /dev/null @@ -1,89 +0,0 @@ - - - - - - -500 Internal Server Error - - - - - - - - -
- -
-

500 Internal Server Error

-

The web server is returning an internal error for .

- Try This Page Again -
-
-
-
-
-
-

What happened?

-

A 500 error status implies there is a problem with the web server's software causing it to malfunction.

-
-
-

What can I do?

-

If you're a site visitor

-

Nothing you can do at the moment. If you need immediate assistance, please send us an email instead. We apologize for any inconvenience.

-

If you're the site owner

-

This error can only be fixed by server admins, please contact your website provider.

-
-
-
-
- - - - - - - diff --git a/ubuntu-7.2/rootfs/usr/share/nginx/html/502.html b/ubuntu-7.2/rootfs/usr/share/nginx/html/502.html deleted file mode 100644 index e7d79c1..0000000 --- a/ubuntu-7.2/rootfs/usr/share/nginx/html/502.html +++ /dev/null @@ -1,98 +0,0 @@ - - - - - - - -502 Bad Gateway - - - - - - - - -
- -
-

502 Bad Gateway

-

The web server is returning an unexpected networking error for .

- Try This Page Again -
-
-
-
-
-
-

What happened?

-

A 502 error status implies that that the server received an invalid response from an upstream server it accessed to fulfill the request.

-
-
-

What can I do?

-

If you're a site visitor

-

Check to see if this website down for everyone or just you. -

-

Also, clearing your browser cache and refreshing the page may clear this issue. If the problem persists and you need immediate assistance, please send us an email instead.

-

If you're the site owner

-

Clearing your browser cache and refreshing the page may clear this issue. If the problem persists and you need immediate assistance, please contact your website provider.

-
-
-
-
- - - - - - - - diff --git a/ubuntu-7.2/rootfs/usr/share/nginx/html/504.html b/ubuntu-7.2/rootfs/usr/share/nginx/html/504.html deleted file mode 100644 index f37b919..0000000 --- a/ubuntu-7.2/rootfs/usr/share/nginx/html/504.html +++ /dev/null @@ -1,100 +0,0 @@ - - - - - - - -504 Gateway Timeout - - - - - - - - -
- -
-

504 Gateway Timeout

-

The web server is returning an unexpected networking error for .

- Try This Page Again -
-
-
-
- - -
-
-

What happened?

-

A 504 error status implies there is a slow IP communication problem between back-end servers attempting to fulfill this request.

-
-
-

What can I do?

-

If you're a site visitor

-

Check to see if this website down for everyone or just you. -

-

Also, clearing your browser cache and refreshing the page may clear this issue. If the problem persists and you need immediate assistance, please send us an email instead.

-

If you're the site owner

-

Clearing your browser cache and refreshing the page may clear this issue. If the problem persists and you need immediate assistance, please contact your website provider.

-
-
-
-
- - - - - - - - diff --git a/ubuntu-7.3/Dockerfile b/ubuntu-7.3/Dockerfile deleted file mode 100644 index ae36dc0..0000000 --- a/ubuntu-7.3/Dockerfile +++ /dev/null @@ -1,185 +0,0 @@ -FROM devgeniem/ubuntu-docker-openresty-pagespeed:beta -MAINTAINER Ville Pietarinen - Geniem Oy - -## -# Only use these during installation -## -ARG LANG=C.UTF-8 -ARG DEBIAN_FRONTEND=noninteractive - -## -# Install php7 packages from dotdeb.org -# - Dotdeb is an extra repository providing up-to-date packages for your Debian servers -## -RUN \ - apt-get update \ -&& apt-get -y install software-properties-common \ - && add-apt-repository ppa:ondrej/php \ - && apt-get -y --no-install-recommends install \ - apt-utils \ - curl \ - nano \ - ca-certificates \ - git \ - mysql-client \ - msmtp \ - postfix \ - netcat \ - less \ - && apt-get update \ - && apt-get -y --no-install-recommends install \ - php7.3-cli \ - php7.3-common \ - php7.3-apcu \ - php7.3-apcu-bc \ - php7.3-curl \ - php7.3-json \ - php7.3-opcache \ - php7.3-readline \ - php7.3-xml \ - php7.3-zip \ - php7.3-fpm \ - php7.3-redis \ - php7.3-mongodb \ - php7.3-mysqli \ - php7.3-intl \ - php7.3-gd \ - php7.3-mbstring \ - php7.3-soap \ - php7.3-bcmath \ - php7.3-curl \ - php7.3-ldap \ - # Force install only cron without extra mailing dependencies - && cd /tmp \ - && apt-get download cron \ - && dpkg --force-all -i cron*.deb \ - && mkdir -p /var/spool/cron/crontabs \ - # Cleanup - && apt-get clean \ - && apt-get autoremove \ - && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* /usr/share/doc/* /var/log/apt/* /var/log/*.log - - -# Install helpers -RUN \ - ## - # Install composer - ## - curl -sS https://getcomposer.org/installer | php -- --install-dir=/usr/local/bin --filename=composer \ - && composer global require hirak/prestissimo \ - - ## - # Install wp-cli - # source: http://wp-cli.org/ - ## - && curl -L https://raw.githubusercontent.com/wp-cli/builds/gh-pages/phar/wp-cli.phar -o /usr/local/bin/wp-cli \ - && chmod +rx /usr/local/bin/wp-cli \ - # Symlink it to /usr/bin as well so that cron can find this script with limited PATH - && ln -s /usr/local/bin/wp-cli /usr/bin/wp-cli \ - - ## - # Install cronlock for running cron correctly with multi container setups - # https://github.com/kvz/cronlock - ## - && curl -L https://raw.githubusercontent.com/kvz/cronlock/master/cronlock -o /usr/local/bin/cronlock \ - && chmod +rx /usr/local/bin/cronlock \ - # Symlink it to /usr/bin as well so that cron can find this script with limited PATH - && ln -s /usr/local/bin/cronlock /usr/bin/cronlock - -## -# Add Project files like nginx and php-fpm processes and configs -# Also custom scripts and bashrc -## -COPY rootfs/ / - -# Run small fixes -RUN set -x \ - && mkdir -p /var/www/uploads \ - && mkdir -p /tmp/php-opcache \ - && ln -sf /usr/sbin/php-fpm7.3 /usr/sbin/php-fpm \ - && ln -sf /usr/bin/wp /usr/local/bin/wp -# This is for your project root -ENV PROJECT_ROOT="/var/www/project" - -ENV \ - # Add interactive term - TERM="xterm" \ - # Set defaults which can be overriden - MYSQL_PORT="3306" \ - # Use default web port in nginx but allow it to be overridden - # This also works correctly with flynn: - # https://github.com/flynn/flynn/issues/3213#issuecomment-237307457 - PORT="8080" \ - # Use custom users for nginx and php-fpm - WEB_USER="wordpress" \ - WEB_GROUP="web" \ - WEB_UID=1000 \ - WEB_GID=1001 \ - # Set defaults for redis - REDIS_PORT="6379" \ - REDIS_DATABASE="0" \ - REDIS_PASSWORD="" \ - REDIS_SCHEME="tcp" \ - # Set defaults for NGINX fastcgi cache - # This variable uses seconds by default - # Time units supported are "s"(seconds), "ms"(milliseconds), "y"(years), "M"(months), "w"(weeks), "d"(days), "h"(hours), and "m"(minutes). - # Also http response codes that are cached can be set - NGINX_REDIS_CACHE_TTL_DEFAULT="200 301 302 1m" \ - NGINX_REDIS_CACHE_TTL_MAX="4h" \ - # Default fastcgi cache directory - NGINX_CACHE_DIRECTORY="/tmp/nginx/fullpage" \ - # Default operations when fastcgi stale cache is used - NGINX_CACHE_USE_STALE="error timeout invalid_header updating http_500 http_503 http_403 http_404 http_429" \ - # Default headers for fastcgi stale- and error cache - NGINX_CACHE_CONTROL='"max-age=60, stale-while-revalidate=300, stale-if-error=21600"'\ - # Cronlock is used to stop simultaneous cronjobs in clusterised environments - CRONLOCK_HOST="" \ - # This is used by nginx and php-fpm - WEB_ROOT="${PROJECT_ROOT}/web" \ - # This is used automatically by wp-cli - WP_CORE="${PROJECT_ROOT}/web/wp" \ - # Nginx include files - NGINX_INCLUDE_DIR="/var/www/project/nginx" \ - # Allow bigger file uploads - NGINX_MAX_BODY_SIZE="10M" \ - # Allow storing bigger body in memory - NGINX_BODY_BUFFER_SIZE="32k" \ - # Have sane fastcgi timeout by default - NGINX_FASTCGI_TIMEOUT="30" \ - # Have sane fastcgi timeout by default - NGINX_ERROR_LEVEL="warn" \ - # Have sane fastcgi timeout by default - NGINX_ERROR_LOG="/dev/stderr" \ - # Have sane fastcgi timeout by default - NGINX_ACCESS_LOG="/dev/stdout" \ - # Default cache key for nginx http cache - NGINX_CACHE_KEY='wp_:nginx:$real_scheme$request_method$host$request_uri' \ - # PHP settings - PHP_MEMORY_LIMIT="128M" \ - PHP_MAX_INPUT_VARS="1000" \ - PHP_ERROR_LOG="/proc/self/fd/1" \ - PHP_ERROR_LOG_LEVEL="warning" \ - PHP_ERROR_LOG_MAX_LEN="8192" \ - PHP_SESSION_REDIS_DB="0" \ - PHP_SESSION_HANDLER="files" \ - # You should count the *.php files in your project and set this number to be bigger - # $ find . -type f -print | grep php | wc -l - PHP_OPCACHE_MAX_FILES="8000" \ - # Amount of memory in MB to allocate for opcache - PHP_OPCACHE_MAX_MEMORY="128" \ - # Use host machine as default SMTP_HOST - SMTP_HOST="172.17.2.1" \ - # This folder is used to mount files into host machine - # You should use this path for your uploads since everything else should be ephemeral - UPLOADS_ROOT="/var/www/uploads" \ - # This can be overidden by you, it's just default for us - TZ="Europe/Helsinki" -# Setup $TZ. Remember to run this again in your own build - # Make sure that all files here have execute permissions -RUN dpkg-reconfigure tzdata && \ - chmod +x /etc/cont-init.d/* -# Set default path to project folder for easier running commands in project -WORKDIR ${PROJECT_ROOT} -EXPOSE ${PORT} -ENTRYPOINT ["/init"] - diff --git a/ubuntu-7.3/rootfs/etc/ImageMagick b/ubuntu-7.3/rootfs/etc/ImageMagick deleted file mode 100644 index d88e8bf..0000000 --- a/ubuntu-7.3/rootfs/etc/ImageMagick +++ /dev/null @@ -1,11 +0,0 @@ - - - - - - - - - - - diff --git a/ubuntu-7.3/rootfs/etc/cont-init.d/00-render-templates b/ubuntu-7.3/rootfs/etc/cont-init.d/00-render-templates deleted file mode 100755 index 56f69f3..0000000 --- a/ubuntu-7.3/rootfs/etc/cont-init.d/00-render-templates +++ /dev/null @@ -1,85 +0,0 @@ -#!/usr/bin/with-contenv bash -## -# This script uses clever heredoc hack to substitute env variables into static config files -# Source: http://stackoverflow.com/questions/2914220/bash-templating-how-to-build-configuration-files-from-templates-with-bash -## - -## -# Replaces ${ENV} placoholders from file with provided variables -# $1 - ':'' separated list of variables -# $2 - filename to render -## -function render_env_tmpl() { - vars=$1 - input_file=$2 - # If filename ends with .tmpl replace it without the .tmpl - filename=$(dirname $input_file)/$(basename $input_file .tmpl) - - tmp_file=/tmp/$(basename $filename) - - # render all provided $vars to temporary file - envsubst "$vars" < $input_file > $tmp_file - - # replace original file with rendered file - mv $tmp_file $filename -} - -echo "[cont-init.d] Substituting env into configuration files..." - -## -# Nginx doesn't support env variables in config files so we will have to do this in hacky way instead -## -VARS='$PORT:$WEB_ROOT:$WEB_USER:$WEB_GROUP:$NGINX_ACCESS_LOG:$NGINX_ERROR_LOG:$NGINX_ERROR_LEVEL:$NGINX_INCLUDE_DIR:$NGINX_MAX_BODY_SIZE:$NGINX_BODY_BUFFER_SIZE:$NGINX_FASTCGI_TIMEOUT:$WP_ENV:$NGINX_CACHE_KEY' -render_env_tmpl "$VARS" /etc/nginx/nginx.conf - -## -# Redis cache needs to know the redis instance and credentials -## - -# Set defaults if they are not set -export REDIS_HOST=${REDIS_HOST-$REDIS_1_PORT_6379_TCP_ADDR} -export REDIS_PORT=${REDIS_PORT-6379} -export REDIS_DATABASE=${REDIS_DATABASE-0} -export REDIS_PASSWORD=${REDIS_PASSWORD-''} -export REDIS_CACHE_TTL=${REDIS_CACHE_TTL-14400} - -# Add helper variables for AWS s3 bucket storage -VARS+='$AWS_S3_BUCKET_NAME:AWS_S3_REPLICA_BUCKET_NAME' - -# Add Redis variables -VARS+='$REDIS_HOST:$REDIS_PORT:$REDIS_DATABASE:$REDIS_PASSWORD:$NGINX_REDIS_CACHE_TTL_MAX:$NGINX_REDIS_CACHE_TTL_DEFAULT:$NGINX_REDIS_CACHE_PREFIX' - -# Add image proxy variables -VARS+='$GOOGLE_CLOUD_STORAGE_BUCKET_NAME' - -# Add cache variables -VARS+='$NGINX_CACHE_USE_STALE:$NGINX_CACHE_CONTROL:$NGINX_CACHE_DIRECTORY' - -render_env_tmpl "$VARS" /etc/nginx/cache/redis_backend.conf - -render_env_tmpl "$VARS" /etc/nginx/cache/srcache.conf -render_env_tmpl "$VARS" /etc/nginx/cache/fastcgicache_settings.conf -render_env_tmpl "$VARS" /etc/nginx/cache/fastcgicache_skip_rules.conf -## -# Render all user provided nginx templates -## -VARS+='$BASIC_AUTH_USER:$BASIC_AUTH_PASSWORD_HASH' -for conf_file in $(find $NGINX_INCLUDE_DIR -type f -name '*.tmpl'); do - echo "[cont-init.d] Rendering env in $conf_file..." - - # Add helper variables for easier scripting - export __DIR__=$(dirname $conf_file) - - VARS_TMPL=$VARS':$__DIR__' - render_env_tmpl "$VARS_TMPL" $conf_file -done - -# Encrypt basic auth password if it set -if [[ -z "${BASIC_AUTH_PASSWORD}" ]]; -then - echo "Not encrypting BASIC_AUTH_PASSWORD..." -else - BASIC_AUTH_PASSWORD_HASH=$(openssl passwd -crypt $BASIC_AUTH_PASSWORD) - echo "Encrypting BASIC_AUTH_PASSWORD... ${BASIC_AUTH_PASSWORD} -> ${BASIC_AUTH_PASSWORD_HASH}" - echo "${BASIC_AUTH_USER}:${BASIC_AUTH_PASSWORD_HASH}" > /var/www/project/nginx/environments/${WP_ENV}/server/.htpasswd -fi diff --git a/ubuntu-7.3/rootfs/etc/cont-init.d/01-create-web-user b/ubuntu-7.3/rootfs/etc/cont-init.d/01-create-web-user deleted file mode 100755 index aeb0aa7..0000000 --- a/ubuntu-7.3/rootfs/etc/cont-init.d/01-create-web-user +++ /dev/null @@ -1,58 +0,0 @@ -#!/usr/bin/with-contenv bash - -## -# If $WEB_USER user and web group already exists just skip the user creation -## -if id -u $WEB_USER > /dev/null 2>&1 && getent group $WEB_GROUP > /dev/null 2>&1; then - echo "[cont-init.d] user:$WEB_USER and group:$WEB_GROUP already exist, skipping..." - exit 0 -fi - -## -# Create $WEB_USER user with $WEB_UID and web group with $WEB_GID -## - -# Set defaults if they are not set -export WEB_USER=${WEB_USER-wordpress} -export WEB_GROUP=${WEB_GROUP-web} -export WEB_UID=${WEB_UID-1000} -export WEB_GID=${WEB_GID-1000} - -echo "[cont-init.d] Creating $WEB_USER user with id: $WEB_UID and group web with id: $WEB_GID" - -# Create web group -if [ -n "$WEB_GID" ]; then - - # Check if group with $WEB_GID already exists - web_group=$(getent group $WEB_GID | cut -d':' -f1) - - if [ -n "$web_group" ]; then - - # Replace the existing group name to web - # This is done so that in local development we can just lookup permissions from mounted folders - # This UID/GID can be same as something already existing inside container - # This way we can use same uid/gid in container and host machine - echo "[cont-init.d] Replacing pre-existing group name $web_group -> $WEB_GROUP" - sed -i "s|$web_group|$WEB_GROUP|g" /etc/group - - else - # Create new group - echo "$ groupadd -g $WEB_GID $WEB_GROUP" - groupadd -g $WEB_GID $WEB_GROUP - fi -else - echo "[cont-init.d] ERROR: Please set web user group id in WEB_GID" 1>&2 - exit 2 -fi - -# Create $WEB_USER user -if [ -n "$WEB_UID" ] && [ -n "$WEB_GID" ] ; then - echo "$ useradd -u $WEB_UID -g $WEB_GROUP --home $PROJECT_ROOT $WEB_USER" - useradd -u $WEB_UID -g $WEB_GROUP --home $PROJECT_ROOT $WEB_USER -else - echo "[cont-init.d] ERROR: Please set web user id in WEB_UID" 1>&2 - exit 2 -fi - -# Check that processes can write logs -chown $WEB_USER:$WEB_GROUP /var/log diff --git a/ubuntu-7.3/rootfs/etc/cont-init.d/02-init-crond b/ubuntu-7.3/rootfs/etc/cont-init.d/02-init-crond deleted file mode 100755 index 962a79e..0000000 --- a/ubuntu-7.3/rootfs/etc/cont-init.d/02-init-crond +++ /dev/null @@ -1,30 +0,0 @@ -#!/usr/bin/with-contenv bash - -# Copy cronjob from project and run as nginx -if [ -f $PROJECT_ROOT/tasks.cron ]; then - - # Setup all container env for cron - printenv | grep -v ^_= | grep -v "no_proxy" >> /etc/environment - - # Use default redis for cronlock if cronlock variables are not set - if [ -n "$REDIS_HOST" ] && [ -z "$CRONLOCK_HOST" ] ; then - echo "CRONLOCK_HOST=$REDIS_HOST" >> /etc/environment - fi - if [ -n "$REDIS_PASSWORD" ] && [ -z "$CRONLOCK_AUTH" ] ; then - echo "CRONLOCK_AUTH=$REDIS_PASSWORD" >> /etc/environment - fi - if [ -n "$REDIS_PORT" ] && [ -z "$CRONLOCK_PORT" ] ; then - echo "CRONLOCK_PORT=$REDIS_PORT" >> /etc/environment - fi - # env for running wp cron - echo "CRON_URL=$CRON_URL" >> /etc/environment; - # Copy cron template - cp $PROJECT_ROOT/tasks.cron /var/spool/cron/crontabs/$WEB_USER - chown $WEB_USER /var/spool/cron/crontabs/$WEB_USER - chmod 0600 /var/spool/cron/crontabs/$WEB_USER -else - # No cronjobs found remove crond from s6 - if [ -f /etc/services.d/cron ]; then - rm -r /etc/services.d/cron - fi -fi diff --git a/ubuntu-7.3/rootfs/etc/cont-init.d/02-init-directories-and-files b/ubuntu-7.3/rootfs/etc/cont-init.d/02-init-directories-and-files deleted file mode 100755 index 34df974..0000000 --- a/ubuntu-7.3/rootfs/etc/cont-init.d/02-init-directories-and-files +++ /dev/null @@ -1,18 +0,0 @@ -#!/usr/bin/with-contenv bash - -# Create uploads directory if not exists -mkdir -p $UPLOADS_ROOT -chown $WEB_USER:$WEB_GROUP $UPLOADS_ROOT - -# Create dir for nginx tmp files -mkdir -p /tmp/nginx/body -chown -R $WEB_USER:$WEB_GROUP /tmp/nginx - -# Create log directories if they don't exist already -mkdir -p /var/log/{nginx,php,mail} - -# Create error.log so that php-fpm can write to it -touch /var/log/php/error.log - -# Chown all files to wordpress -chown -R $WEB_USER:$WEB_GROUP /var/log/{nginx,php,mail} diff --git a/ubuntu-7.3/rootfs/etc/nginx/additional.types b/ubuntu-7.3/rootfs/etc/nginx/additional.types deleted file mode 100644 index ac8070e..0000000 --- a/ubuntu-7.3/rootfs/etc/nginx/additional.types +++ /dev/null @@ -1,6 +0,0 @@ -# If developers add .woff2 type font files we should provide good Content-Type headers -types { - # Add mime support for woff2 - # http://stackoverflow.com/questions/28235550/proper-mime-type-for-woff2-fonts - font/woff2 woff2; -} diff --git a/ubuntu-7.3/rootfs/etc/nginx/cache/fastcgicache.conf b/ubuntu-7.3/rootfs/etc/nginx/cache/fastcgicache.conf deleted file mode 100644 index 1455277..0000000 --- a/ubuntu-7.3/rootfs/etc/nginx/cache/fastcgicache.conf +++ /dev/null @@ -1,13 +0,0 @@ -## -# Add few rules which deny using cache -## -include cache/fastcgicache_skip_rules.conf; -include cache/helper_variables.conf; -fastcgi_cache_bypass $skip_cache; -fastcgi_no_cache $skip_cache; - -fastcgi_cache WORDPRESS; -#proxy_ignore_headers Set-Cookie Expires Cache-Control; - -# Add header for easier cache debugging -add_header X-Cache $upstream_cache_status always; diff --git a/ubuntu-7.3/rootfs/etc/nginx/cache/fastcgicache_settings.conf b/ubuntu-7.3/rootfs/etc/nginx/cache/fastcgicache_settings.conf deleted file mode 100644 index 859f075..0000000 --- a/ubuntu-7.3/rootfs/etc/nginx/cache/fastcgicache_settings.conf +++ /dev/null @@ -1,10 +0,0 @@ -## -# Basic settings of Fast cgi cache -## -fastcgi_cache_path ${NGINX_CACHE_DIRECTORY} levels=1:2 keys_zone=WORDPRESS:100m max_size=1000m inactive=730h; -fastcgi_cache_key $scheme$request_method$host$request_uri; -fastcgi_cache_lock on; -fastcgi_cache_background_update on; -fastcgi_cache_use_stale ${NGINX_CACHE_USE_STALE}; -fastcgi_cache_valid ${NGINX_REDIS_CACHE_TTL_DEFAULT}; -add_header 'Cache-Control' ${NGINX_CACHE_CONTROL}; \ No newline at end of file diff --git a/ubuntu-7.3/rootfs/etc/nginx/cache/fastcgicache_skip_rules.conf b/ubuntu-7.3/rootfs/etc/nginx/cache/fastcgicache_skip_rules.conf deleted file mode 100644 index ac94512..0000000 --- a/ubuntu-7.3/rootfs/etc/nginx/cache/fastcgicache_skip_rules.conf +++ /dev/null @@ -1,112 +0,0 @@ -## -# Add few rules which deny using cache -## - -# Don't skip cache by default -set $skip_cache 0; -# insert project specific cache rules to this file (delete this row when all projects are updated) -include /var/www/project/nginx/server/skip_cache.conf; -# insert project specific cache rules to this folder -include ${NGINX_INCLUDE_DIR}/skipcache/*.conf; - -# POST requests and urls with a query string should always go to PHP -if ($request_method = POST) { - set $skip_cache 1; -} - -# Deal with accepted query vars -set $without $query_string; - -# Init the cache mode variable -set $cachemode ""; - -set_by_lua_block $cache_args { - local mode = os.getenv( 'CACHE_MODE' ) - - if mode == nil then - mode = "whitelist" - end - - -- Helper split string function - function split( inputstr, sep ) - if sep == nil then - sep = "%s" - end - local t={} ; i=1 - for str in string.gmatch(inputstr, "([^" .. sep .. "]+)") do - t[ i ] = str - i = i + 1 - end - return t - end - - -- Helper escape special chars function - function esc( str ) - return str:gsub( "([^%w])", "%%%1" ) - end - - ngx.var.cachemode = mode - - if mode == "whitelist" then - local with = {} - local without = ngx.var.without or "" - - -- Get a list of accepted query vars from env variable - local accepted = split( ( os.getenv( 'CACHE_QUERYVARS' ) or "" ), "," ) - - -- Loop through the list - for key, accept in pairs(accepted) do - -- If there is a value present for the variable, store it in a variable - if ngx.decode_args( without )[ accept ] then - if type( ngx.decode_args( without )[ accept ] ) == "string" then - table.insert( with, accept .. "=" .. ngx.decode_args( without )[ accept ] ) - -- Remove the accepted key-value pair from the string - without = string.gsub( without, "&?" .. esc( accept ) .. "=[^&]+", "" ) - elseif type( ngx.decode_args( without )[ accept ] ) == "boolean" then - table.insert( with, accept .. "=true" ) - -- Remove the accepted key-value pair from the string - without = string.gsub( without, "&?" .. esc( accept ), "" ) - end - end - end - - -- Store all non-accepted query vars to checked later - ngx.var.without = without - - -- Return accepted query var key-value pairs to be used in the cache key - if next(with) == nil then - return "?" .. table.concat( with, "&" ) - end - - else - -- Get a list of blacklisted query vars from env variable - local blacklist = split( ( os.getenv( 'CACHE_QUERYVARS' ) or "" ), "," ) - local queryvars = ngx.decode_args( ngx.var.query_string or "" ) - - ngx.var.without = "" - - for key, queryvar in pairs(blacklist) do - if queryvars[ queryvar ] then - ngx.var.skip_cache = 1 - return - end - end - end -} -# If you need to debug the cache mode, uncomment the following line -# add_header X-cache-mode $cachemode; - -# If there were any unaccepted query vars, skip cache -if ($without != "") { - set $skip_cache 1; -} - -# Don't use the cache for logged in users or recent commenters -if ($http_cookie ~* "comment_author|wordpress_[a-f0-9]+|wp-postpass|wordpress_no_cache|wordpress_logged_in|woocommerce_items_in_cart") { - set $skip_cache 1; -} - -# Don't cache responses from wp-admin, xmlrpc and wp-login.php -if ($request_uri ~* "/wp-admin/|/xmlrpc.php|wp-.*.php") { - set $skip_cache 1; -} \ No newline at end of file diff --git a/ubuntu-7.3/rootfs/etc/nginx/cache/helper_variables.conf b/ubuntu-7.3/rootfs/etc/nginx/cache/helper_variables.conf deleted file mode 100644 index ea10fb9..0000000 --- a/ubuntu-7.3/rootfs/etc/nginx/cache/helper_variables.conf +++ /dev/null @@ -1,15 +0,0 @@ -## -# This file creates few helper variables -# $prefer_language_slug - 2 first letters from accept-language header to determine the language redirects from cache -## - -## -# Parse first two letters from accept-language header to determine right cache key -## -set_by_lua_block $prefer_language_slug { - if ngx.var.http_accept_language then - return string.lower( string.match( ngx.var.http_accept_language, '%w%w' ) ) - else - return 'en' - end -} diff --git a/ubuntu-7.3/rootfs/etc/nginx/cache/redis_backend.conf b/ubuntu-7.3/rootfs/etc/nginx/cache/redis_backend.conf deleted file mode 100644 index e9f86a3..0000000 --- a/ubuntu-7.3/rootfs/etc/nginx/cache/redis_backend.conf +++ /dev/null @@ -1,45 +0,0 @@ -## -# Adds internal locations for storing and getting full page cache from redis -## - -srcache_default_expire '${NGINX_REDIS_CACHE_TTL_DEFAULT}'; -srcache_max_expire '${NGINX_REDIS_CACHE_TTL_MAX}'; - -location /redis-fetch { - internal; - - ## - # In order to use password authentication we use custom redis module which adds $redis_auth: - # - https://github.com/Yongke/ngx_http_redis-0.3.7 - ## - - # Read the configuration from system envs - set $redis_auth '${REDIS_PASSWORD}'; - set $redis_db ${REDIS_DATABASE}; - - set $redis_key $args; - - redis_pass ${REDIS_HOST}:${REDIS_PORT}; -} - -location /redis-store { - internal; - - set_unescape_uri $exptime $arg_exptime; - set_unescape_uri $key $arg_key; - - # Fix caching problem for now - # There's issue in github https://github.com/openresty/srcache-nginx-module/issues/61 - set_if_empty $srcache_expire '${NGINX_REDIS_CACHE_TTL_DEFAULT}'; - - # redis module pipelines these 3 commands into single request - redis2_query auth '${REDIS_PASSWORD}'; - redis2_query select ${REDIS_DATABASE}; - - # Set and expire with one command: http://redis.io/commands/setex - redis2_query setex $key $srcache_expire $echo_request_body; - - # Pass the request to redis - redis2_pass ${REDIS_HOST}:${REDIS_PORT}; - -} diff --git a/ubuntu-7.3/rootfs/etc/nginx/cache/skip_rules.conf b/ubuntu-7.3/rootfs/etc/nginx/cache/skip_rules.conf deleted file mode 100644 index 43344c8..0000000 --- a/ubuntu-7.3/rootfs/etc/nginx/cache/skip_rules.conf +++ /dev/null @@ -1,30 +0,0 @@ -## -# Add few rules which deny using cache -## - -# Don't skip cache by default -set $skip_cache 0; - -# POST requests and urls with a query string should always go to PHP -if ($request_method = POST) { - set $skip_cache 1; -} - -# If theres any args skip cache -if ($query_string != "") { - set $skip_cache 1; -} - -# Don't use the cache for logged in users or recent commenters -if ($http_cookie ~* "comment_author|wordpress_[a-f0-9]+|wp-postpass|wordpress_no_cache|wordpress_logged_in|woocommerce_items_in_cart") { - set $skip_cache 1; -} - -# Don't cache responses from wp-admin, xmlrpc and wp-login.php -if ($request_uri ~* "/wp-admin/|/xmlrpc.php|wp-.*.php") { - set $skip_cache 1; -} - -# Skip fetch and skip if conditions are met -srcache_fetch_skip $skip_cache; -srcache_store_skip $skip_cache; diff --git a/ubuntu-7.3/rootfs/etc/nginx/cache/srcache.conf b/ubuntu-7.3/rootfs/etc/nginx/cache/srcache.conf deleted file mode 100644 index 85027dd..0000000 --- a/ubuntu-7.3/rootfs/etc/nginx/cache/srcache.conf +++ /dev/null @@ -1,20 +0,0 @@ -## -# Add few rules which deny using cache -## -include cache/skip_rules.conf; -include cache/helper_variables.conf; - -# Use redis caching for all pages -# Allow different cache key from env -# Use 'wp_' prefix so that cache can be flushed with: -# $ wp cache flush -set $cache_key "${NGINX_CACHE_KEY}"; -set_escape_uri $escaped_cache_key $cache_key; - -srcache_response_cache_control on; - -srcache_fetch GET /redis-fetch $cache_key; -srcache_store PUT /redis-store key=$escaped_cache_key; - -# Add header for easier cache debugging -add_header X-Cache $srcache_fetch_status; diff --git a/ubuntu-7.3/rootfs/etc/nginx/env.conf b/ubuntu-7.3/rootfs/etc/nginx/env.conf deleted file mode 100644 index 1a133cb..0000000 --- a/ubuntu-7.3/rootfs/etc/nginx/env.conf +++ /dev/null @@ -1,14 +0,0 @@ -# Set custom enviromental variables that we need with lua here -# These are used to dynamically load -env PORT; -env WEB_ROOT; -env NGINX_MAX_BODY_SIZE; -env NGINX_TIMEOUT; - -# For nginx redis cache -env REDIS_HOST; -env REDIS_PORT; -env REDIS_DATABASE; -env REDIS_PASSWORD; -env CACHE_QUERYVARS; -env CACHE_MODE; \ No newline at end of file diff --git a/ubuntu-7.3/rootfs/etc/nginx/error_pages.conf b/ubuntu-7.3/rootfs/etc/nginx/error_pages.conf deleted file mode 100644 index 700cc6b..0000000 --- a/ubuntu-7.3/rootfs/etc/nginx/error_pages.conf +++ /dev/null @@ -1,31 +0,0 @@ -## -# Custom error pages -## - -## 403 - Forbidden -error_page 403 /403.html; -location = /403.html { - root /usr/share/nginx/html; - internal; -} - -## 500 - Internal Server Error -error_page 500 /500.html; -location = /500.html { - root /usr/share/nginx/html; - internal; -} - -## 502 - Bad Gateway -error_page 502 /502.html; -location = /502.html { - root /usr/share/nginx/html; - internal; -} - -## 504 - Gateway Timeout -error_page 504 /504.html; -location = /504.html { - root /usr/share/nginx/html; - internal; -} diff --git a/ubuntu-7.3/rootfs/etc/nginx/fastcgi_params b/ubuntu-7.3/rootfs/etc/nginx/fastcgi_params deleted file mode 100644 index 6fccf4f..0000000 --- a/ubuntu-7.3/rootfs/etc/nginx/fastcgi_params +++ /dev/null @@ -1,29 +0,0 @@ -# These are just basic things form request -fastcgi_param QUERY_STRING $query_string; -fastcgi_param REQUEST_METHOD $request_method; -fastcgi_param CONTENT_TYPE $content_type; -fastcgi_param CONTENT_LENGTH $content_length; - -fastcgi_param SCRIPT_NAME $fastcgi_script_name; -fastcgi_param REQUEST_URI $request_uri; -fastcgi_param DOCUMENT_URI $document_uri; -fastcgi_param DOCUMENT_ROOT $document_root; -fastcgi_param SERVER_PROTOCOL $server_protocol; - -fastcgi_param GATEWAY_INTERFACE CGI/1.1; -fastcgi_param SERVER_SOFTWARE nginx/$nginx_version; - -## -# Set these using the knowledge that we are behind proxy -## -fastcgi_param REMOTE_ADDR $real_remote; -fastcgi_param REMOTE_PORT $remote_port; -fastcgi_param SERVER_ADDR $server_addr; -fastcgi_param SERVER_PORT $real_port; -fastcgi_param SERVER_NAME $real_host; -fastcgi_param HTTPS $real_https; -fastcgi_param REQUEST_SCHEME $real_scheme; -fastcgi_param HTTP_HOST $real_host; - -# PHP only, required if PHP was built with --enable-force-cgi-redirect -fastcgi_param REDIRECT_STATUS 200; diff --git a/ubuntu-7.3/rootfs/etc/nginx/fastcgi_settings.conf b/ubuntu-7.3/rootfs/etc/nginx/fastcgi_settings.conf deleted file mode 100644 index 25683fb..0000000 --- a/ubuntu-7.3/rootfs/etc/nginx/fastcgi_settings.conf +++ /dev/null @@ -1,23 +0,0 @@ -# regex to split $uri to $fastcgi_script_name and $fastcgi_path -fastcgi_split_path_info ^(.+\.php)(/.+)$; - -# Bypass the fact that try_files resets $fastcgi_path_info -# see: http://trac.nginx.org/nginx/ticket/321 -set $path_info $fastcgi_path_info; -fastcgi_param PATH_INFO $path_info; - -# Intercept errors from php-fpm -# These can be: -# - timeouts for long running requests -# - requested php file might be missing or not existing in the first place -fastcgi_intercept_errors on; - -fastcgi_index index.php; - -# Small optimisation on fastcgi buffer size -# defaults are 8k; -fastcgi_buffers 16 16k; -fastcgi_buffer_size 16k; - -# Include basic fastcgi settings -include fastcgi_params; diff --git a/ubuntu-7.3/rootfs/etc/nginx/gzip.conf b/ubuntu-7.3/rootfs/etc/nginx/gzip.conf deleted file mode 100644 index 69737cc..0000000 --- a/ubuntu-7.3/rootfs/etc/nginx/gzip.conf +++ /dev/null @@ -1,58 +0,0 @@ -# Compression - -# Enable Gzip compressed. -gzip on; - -# Compression level (1-9). -# 5 is a perfect compromise between size and cpu usage, offering about -# 75% reduction for most ascii files (almost identical to level 9). -gzip_comp_level 5; - -# Don't compress anything that's already small and unlikely to shrink much -# if at all (the default is 20 bytes, which is bad as that usually leads to -# larger files after gzipping). -gzip_min_length 256; - -# Compress data even for clients that are connecting to us via proxies, -# identified by the "Via" header (required for CloudFront). -gzip_proxied any; - -# Tell proxies to cache both the gzipped and regular version of a resource -# whenever the client's Accept-Encoding capabilities header varies; -# Avoids the issue where a non-gzip capable client (which is extremely rare -# today) would display gibberish if their proxy gave them the gzipped version. -gzip_vary on; - -# Compress all output labeled with one of the following MIME-types. -gzip_types - application/atom+xml - application/javascript - application/json - application/ld+json - application/manifest+json - application/rss+xml - application/vnd.geo+json - application/vnd.ms-fontobject - application/x-font-ttf - application/x-web-app-manifest+json - application/xhtml+xml - application/xml - font/opentype - image/bmp - image/svg+xml - image/x-icon - text/cache-manifest - text/css - text/plain - text/vcard - text/vnd.rim.location.xloc - text/vtt - text/x-component - text/x-cross-domain-policy; -# text/html is always compressed by HttpGzipModule - -# This should be turned on if you are going to have pre-compressed copies (.gz) of -# static files available. If not it should be left off as it will cause extra I/O -# for the check. It is best if you enable this in a location{} block for -# a specific directory, or on an individual server{} level. -# gzip_static on; diff --git a/ubuntu-7.3/rootfs/etc/nginx/log_format.conf b/ubuntu-7.3/rootfs/etc/nginx/log_format.conf deleted file mode 100644 index 74c5779..0000000 --- a/ubuntu-7.3/rootfs/etc/nginx/log_format.conf +++ /dev/null @@ -1,16 +0,0 @@ -# Log cache status -# Log real requester address -log_format custom '[$time_local] $http_x_real_ip ' - '$host "$request" $status $body_bytes_sent $request_time ' - '"$http_referer" "$http_user_agent" $upstream_cache_status'; - -## -# Legacy formats which might be in use somewhere -## -# This log format makes it so we can see real requester's IP address \ -# not just the reverse proxy server's IP address. Also note, that \ -# "specialLog" can be replaced with any name you would like to \ -# give to this log format. -log_format specialLog '[$time_local] $http_x_real_ip ' - '$host "$request" $status $body_bytes_sent $request_time ' - '"$http_referer" "$http_user_agent" $upstream_cache_status'; \ No newline at end of file diff --git a/ubuntu-7.3/rootfs/etc/nginx/log_formats.conf b/ubuntu-7.3/rootfs/etc/nginx/log_formats.conf deleted file mode 100644 index 9e4e2fc..0000000 --- a/ubuntu-7.3/rootfs/etc/nginx/log_formats.conf +++ /dev/null @@ -1,19 +0,0 @@ -# Log cache status -# Log real requester address -log_format custom '[$time_local] $http_x_forwarded_for ' - '$host "$request" $status $body_bytes_sent $request_time ' - '"$http_referer" "$http_user_agent" $upstream_cache_status'; - -# A new log format for detecting bad bots. -log_format blocked '[$time_local] Blocked request from $http_x_forwarded_for $request'; - -## -# Legacy formats which might be in use somewhere -## -# This log format makes it so we can see real requester's IP address \ -# not just the reverse proxy server's IP address. Also note, that \ -# "specialLog" can be replaced with any name you would like to \ -# give to this log format. -log_format specialLog '[$time_local] $http_x_forwarded_for ' - '$host "$request" $status $body_bytes_sent $request_time ' - '"$http_referer" "$http_user_agent" $upstream_cache_status'; \ No newline at end of file diff --git a/ubuntu-7.3/rootfs/etc/nginx/nginx.conf b/ubuntu-7.3/rootfs/etc/nginx/nginx.conf deleted file mode 100644 index d9850a0..0000000 --- a/ubuntu-7.3/rootfs/etc/nginx/nginx.conf +++ /dev/null @@ -1,349 +0,0 @@ -# Default user and group for the nginx@index -user ${WEB_USER} ${WEB_GROUP}; - -# Default error log -error_log ${NGINX_ERROR_LOG} ${NGINX_ERROR_LEVEL}; - -# Write process id here -pid /var/run/nginx.pid; - -# Load custom environment variables -include env.conf; - -# How many worker threads to run; -# "auto" sets it to the number of CPU cores available in the system, and -# offers the best performance. Don't set it higher than the number of CPU -# cores if changing this parameter. - -# The maximum number of connections for Nginx is calculated by: -# max_clients = worker_processes * worker_connections -worker_processes auto; - -# Maximum open file descriptors per process; -# should be > worker_connections. -worker_rlimit_nofile 8192; - -events { - # When you need > 8000 * cpu_cores connections, you start optimizing your OS, - # and this is probably the point at which you hire people who are smarter than - # you, as this is *a lot* of requests. - worker_connections 8000; -} - -http { - - # Configure hashmaps so that environment does not change defaults - map_hash_max_size 262144; - map_hash_bucket_size 262144; - server_names_hash_bucket_size 64; - - # Hide nginx version information. - server_tokens off; - - #Enable Fastcgicache - include cache/fastcgicache_settings.conf; - - # Remove Server header entirely - more_clear_headers Server; - - # How long to allow each connection to stay idle; longer values are better - # for each individual client, particularly for SSL, but means that worker - # connections are tied up longer. (Default: 65) - keepalive_timeout 20; - - # Speed up file transfers by using sendfile() to copy directly - # between descriptors rather than using read()/write(). - sendfile on; - - # Tell Nginx not to send out partial frames; this increases throughput - # since TCP frames are filled up before being sent out. (adds TCP_CORK) - tcp_nopush on; - - # Gzip all the assets - include gzip.conf; - - # Add default pagespeed settings - include pagespeed/settings.conf; - - # Add all default mime types and additional ones - include additional.types; - include mime.types; - - default_type application/octet-stream; - - client_body_temp_path /tmp/nginx/body 1 2; - fastcgi_temp_path /tmp/nginx/fastcgi_temp 1 2; - - # Include custom log formats - include log_formats.conf; - - # Allow bigger default file uploads - client_max_body_size ${NGINX_MAX_BODY_SIZE}; - - # Allow bigger body buffer size in memory - client_body_buffer_size ${NGINX_BODY_BUFFER_SIZE}; - - # Include custom nginx http additions from project - include ${NGINX_INCLUDE_DIR}/http/*.conf; - include ${NGINX_INCLUDE_DIR}/environments/${WP_ENV}/http/*.conf; - - # load upstreams from one file which can be overwritten depending on situation - include upstreams.conf; - - # Add few headers which make XSS harder - include security_headers.conf; - - # If ${PORT} != 80 means that we are behind reverse proxy as well - # This directive helps that we don't redirect clients into mysite.com:8080/resource type urls - port_in_redirect off; - - # Use theme assets straight from corresponding files for pagespeed - pagespeed ProcessScriptVariables on; - pagespeed LoadFromFile "$scheme://$host/app/themes/" "${WEB_ROOT}/app/themes/"; - pagespeed LoadFromFile "$scheme://$host/wp-content/themes/" "${WEB_ROOT}/wp/wp-content/themes/"; - - server { - # This is the default server for this container - listen ${PORT} default_server; - server_name _; - - root ${WEB_ROOT}; - - # Use index.php if it exists but also allow static websites in subfolders - index index.php index.html; - - access_log ${NGINX_ACCESS_LOG} custom; - - # Blocked log file - set $blocked_log /dev/stdout; - - disable_symlinks off; - - # Include custom nginx server additions from project - include ${NGINX_INCLUDE_DIR}/server/*.conf; - include ${NGINX_INCLUDE_DIR}/environments/${WP_ENV}/server/*.conf; - - # These variables are proxy conscious, so that they work even though we are behind reverse proxy - include proxy_real_variables.conf; - - # Include custom error pages - include error_pages.conf; - - # Own handling for WP-activate that for some very odd reason serves itself as 404. - location = /wp-activate.php { - try_files /wp/$uri @index; - - include fastcgi_settings.conf; - - # Append subfolder automatically - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - - # Give sane max execution time to frontend - fastcgi_read_timeout 30; - fastcgi_pass php-fpm; - } - - location = /robots.txt { - if ( $host ~ gpilvi\.com|geniem\.io ) { - add_header Content-Type text/plain; - return 200 "User-agent: *\nDisallow: /\n"; - } - - allow all; - log_not_found off; - access_log off; - try_files $uri @index; - } - - location = /favicon.ico { - allow all; - log_not_found off; - access_log off; - try_files $uri @index; - } - - # deny all dot-files including git - location ~ /\. { - deny all; - log_not_found off; - access_log off; - } - - location / { - try_files $uri $uri/ /wp/$uri /wp/$uri/ @index; - } - - # Deny requesting .dust files from anywhere else in the theme than under the partials/public directory - location ~* \/themes\/[^\/]+\/partials\/public\/.*\.dust$ { - allow all; - } - - location ~* \/themes\/.*\.dust$ { - deny all; - } - - # Static files - location ~* \.(css|js|jpe?g|gif|ico|png|otf|ttf|eot|woff?2|svg|webp)$ { - - ## Deny overriding Pagespeed - if ($arg_pagespeed != '') { access_log $blocked_log blocked; return 403; } - if ($arg_pagespeedspeedfilters != '') { access_log $blocked_log blocked; return 403; } - - include static_files.conf; - - # These files are probably exactly like $uri says but also try from /wp/ - try_files $uri /wp/$uri @index; - - # Deny requesting plain style.css from theme root directory - location ~ ^.*/themes/[^/]+/style\.css { - - # Preserve this url - pagespeed CssPreserveUrls true; - - # Minify and remove comments from css - pagespeed EnableFilters rewrite_css; - - # Wait that nginx has prepared the file - pagespeed InPlaceWaitForOptimized on; - - # Don't ever try to load non modified style.css - pagespeed InPlaceRewriteDeadlineMs 100000000; - - # Don't allow overriding pagespeed with pagespeed fixed urls - # Source: https://github.com/pagespeed/ngx_pagespeed/issues/1306 - location ~ ^(.*)/themes/([^/]+)/style.*pagespeed.* { - return 301 $1/themes/$2/style.css; - } - } - - ## - # Static WordPress files ~ wp-* - # These files are probably in /wp/ subfolder but also try from $uri - ## - location ~ ^wp- { - try_files /wp/$uri $uri @index; - } - } - - # App folder contains our plugins and themes - # We want to server assets from here but deny all php execution - location /app/ { - try_files $uri @index; - - ## - # Deny access into php files under /app/ - ## - location ~ \.php$ { - access_log $blocked_log blocked; - deny all; - } - } - - ## - # Run all php files from wp subfolder - # This is how wordpress is supposed to be run - # It also prevents direct access to possibly insecure code inside our plugins - ## - location ~ \.php$ { - try_files /wp/$uri @index; - - include fastcgi_settings.conf; - - # Append subfolder automatically - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - - # Handover 404 errors from php-fpm to WordPress - error_page 404 = @index; - - # Give sane max execution time to frontend - fastcgi_read_timeout ${NGINX_FASTCGI_TIMEOUT}; - fastcgi_pass php-fpm; - - ## Deny access to all php files in uploads folders - location ~* ^/uploads { access_log $blocked_log blocked; deny all; } - location ~* ^/content/uploads { access_log $blocked_log blocked; deny all; } - location ~* ^/wp-content/uploads { access_log $blocked_log blocked; deny all; } - - ## Fix Full Path Disclosures if display_errors is on - ## Don't allow straight access into core wp-includes - location ~* ^/wp-includes { access_log $blocked_log blocked; deny all; } - } - # Create purge location to empty fullpage cache - location ~ /purge(/.*) { - fastcgi_cache_purge WORDPRESS "$scheme$request_method$host$1"; - } - # Create health location for contena healthcheck - location /__health { - access_log off; - return 200; - } - - # Include redis interfaces /redis-fetch & /redis-store - # include cache/redis_backend.conf; - - location @index { - - # Include custom nginx index additions from project - include ${NGINX_INCLUDE_DIR}/index/*.conf; - include ${NGINX_INCLUDE_DIR}/environments/${WP_ENV}/index/*.conf; - - ## Deny overriding Pagespeed - if ($arg_pagespeed != '') { access_log $blocked_log blocked; return 403; } - if ($arg_pagespeedspeedfilters != '') { access_log $blocked_log blocked; return 403; } - - # Use redis as proxy cache - #include cache/srcache.conf; - # Use fastcgi cache - include cache/fastcgicache.conf; - - # Fallback into php - include fastcgi_settings.conf; - fastcgi_param SCRIPT_FILENAME $document_root/index.php; - - # Give sane max execution time to frontend - fastcgi_read_timeout ${NGINX_FASTCGI_TIMEOUT}; - fastcgi_pass php-fpm; - } - - # WordPress is stupid - location = /wp-admin { rewrite ^ /wp-admin/ permanent; } - - location = / { - - ## Block hackers from enumerating users - if ( $arg_author ~ [0-9]+ ) { access_log $blocked_log blocked; return 403; } - - ## Deny overriding Pagespeed - if ($arg_pagespeed != '') { access_log $blocked_log blocked; return 403; } - if ($arg_pagespeedspeedfilters != '') { access_log $blocked_log blocked; return 403; } - - # Use redis as proxy cache - #include cache/srcache.conf; - # Use fastcgi cache - include cache/fastcgicache.conf; - - #Enable project spesific config to root block - include ${NGINX_INCLUDE_DIR}/environments/${WP_ENV}/root/*.conf; - - # Fallback into php - include fastcgi_settings.conf; - fastcgi_param SCRIPT_FILENAME $document_root/index.php; - - # Give sane max execution time to frontend - fastcgi_read_timeout ${NGINX_FASTCGI_TIMEOUT}; - fastcgi_pass php-fpm; - } - - # Prevent /wp/wp/wp/... rewrite loops - location ^~ /wp/ { - rewrite ^/wp/(.*)$ $1$is_args$args last; - } - - # Block some vulnerabilities always - include security.conf; - - # Include basic pagespeed locations like beacons - include pagespeed/locations.conf; - } - include ${NGINX_INCLUDE_DIR}/environments/${WP_ENV}/end/*.conf; -} diff --git a/ubuntu-7.3/rootfs/etc/nginx/pagespeed/locations.conf b/ubuntu-7.3/rootfs/etc/nginx/pagespeed/locations.conf deleted file mode 100644 index 46feb53..0000000 --- a/ubuntu-7.3/rootfs/etc/nginx/pagespeed/locations.conf +++ /dev/null @@ -1,7 +0,0 @@ -# Ensure requests for pagespeed optimized resources go to the pagespeed handler -# and no extraneous headers get set. -location ~ "\.pagespeed\.([a-z]\.)?[a-z]{2}\.[^.]{10}\.[^.]+" { - add_header "" ""; -} -location ~ "^/pagespeed_static/" { } -location ~ "^/ngx_pagespeed_beacon$" { } diff --git a/ubuntu-7.3/rootfs/etc/nginx/pagespeed/settings.conf b/ubuntu-7.3/rootfs/etc/nginx/pagespeed/settings.conf deleted file mode 100644 index be5a0a8..0000000 --- a/ubuntu-7.3/rootfs/etc/nginx/pagespeed/settings.conf +++ /dev/null @@ -1,13 +0,0 @@ -# Hide pagespeed version and provide this header instaed -pagespeed XHeaderValue "Enabled"; - -# Don't alter Cache-Control headers -pagespeed ModifyCachingHeaders off; - -# This is for pagespeed temporary files -# Needs to exist and be writable by nginx. Use tmpfs for best performance. -pagespeed FileCachePath /tmp/nginx/pagespeed; - -# Pagespeed sets default TTL from file to 300s, which is bad -# This sets the time to be 1 year -pagespeed LoadFromFileCacheTtlMs 2592000000; diff --git a/ubuntu-7.3/rootfs/etc/nginx/proxy_real_variables.conf b/ubuntu-7.3/rootfs/etc/nginx/proxy_real_variables.conf deleted file mode 100644 index e380f1f..0000000 --- a/ubuntu-7.3/rootfs/etc/nginx/proxy_real_variables.conf +++ /dev/null @@ -1,35 +0,0 @@ -## -# Set few variables since we use jwilder/nginx-proxy in dev and proxy in production -# So the fastcgi params need to be the original ones or you -# will have redirect loops ('canonical_redirect' mostly) -## - -# Set $host first from proxy (if possible) -set $real_host $http_x_forwarded_host; -if ($real_host = '') { - set $real_host $http_host; -} - -# Set server port according to forwarded proto -set $real_port 80; -if ($http_x_forwarded_proto = 'https') { - set $real_port 443; -} - -# Set https according to used proto -set $real_https off; -if ($http_x_forwarded_proto = 'https') { - set $real_https on; -} - -# Set scheme according to used proto -set $real_scheme 'http'; -if ($http_x_forwarded_proto = 'https') { - set $real_scheme 'https'; -} - -# Set original remote -set $real_remote $http_x_forwarded_for; -if ($real_remote = '') { - set $real_remote $remote_addr; -} diff --git a/ubuntu-7.3/rootfs/etc/nginx/security.conf b/ubuntu-7.3/rootfs/etc/nginx/security.conf deleted file mode 100644 index 24afdeb..0000000 --- a/ubuntu-7.3/rootfs/etc/nginx/security.conf +++ /dev/null @@ -1,27 +0,0 @@ -## Block SQL injections -location ~* union.*select.*\( { access_log $blocked_log blocked; return 403; } -location ~* union.*all.*select.* { access_log $blocked_log blocked; return 403; } -location ~* concat.*\( { access_log $blocked_log blocked; return 403; } - -## Block common exploits -location ~* (<|%3C).*script.*(>|%3E) { access_log $blocked_log blocked; return 403; } -location ~* base64_(en|de)code\(.*\) { access_log $blocked_log blocked; return 403; } -location ~* (%24&x) { access_log $blocked_log blocked; return 403; } -location ~* (%0|%A|%B|%C|%D|%E|%F|127\.0) { access_log $blocked_log blocked; return 403; } -location ~* \.\.\/ { access_log $blocked_log blocked; return 403; } -location ~* ~$ { access_log $blocked_log blocked; return 403; } -location ~* proc/self/environ { access_log $blocked_log blocked; return 403; } -location ~* /\.(htaccess|htpasswd|svn|git) { access_log $blocked_log blocked; return 403; } - -## Block file injections -location ~* [a-zA-Z0-9_]=(\.\.//?)+ { access_log $blocked_log blocked; return 403; } -location ~* [a-zA-Z0-9_]=/([a-z0-9_.]//?)+ { access_log $blocked_log blocked; return 403; } - -## wordpress security -location ~* wp-config.php { access_log $blocked_log blocked; return 403; } -location ~* wp-load.php { access_log $blocked_log blocked; return 403; } -location ~* wp-admin/includes { access_log $blocked_log blocked; return 403; } -location ~* wp-app\.log { access_log $blocked_log blocked; return 403; } -location ~* (licence|readme|license)\.(md|html|txt) { access_log $blocked_log blocked; return 403; } -location ~* composer.json { access_log $blocked_log blocked; return 403; } - diff --git a/ubuntu-7.3/rootfs/etc/nginx/security_headers.conf b/ubuntu-7.3/rootfs/etc/nginx/security_headers.conf deleted file mode 100644 index be78f67..0000000 --- a/ubuntu-7.3/rootfs/etc/nginx/security_headers.conf +++ /dev/null @@ -1,23 +0,0 @@ -## -# Security headers, source: https://gist.github.com/plentz/6737338 -## - -# config to don't allow the browser to render the page inside an frame or iframe -# and avoid clickjacking http://en.wikipedia.org/wiki/Clickjacking -# if you need to allow [i]frames, you can use SAMEORIGIN or even set an uri with ALLOW-FROM uri -# https://developer.mozilla.org/en-US/docs/HTTP/X-Frame-Options -add_header X-Frame-Options SAMEORIGIN; - -# when serving user-supplied content, include a X-Content-Type-Options: nosniff header along with the Content-Type: header, -# to disable content-type sniffing on some browsers. -# https://www.owasp.org/index.php/List_of_useful_HTTP_headers -# currently suppoorted in IE > 8 http://blogs.msdn.com/b/ie/archive/2008/09/02/ie8-security-part-vi-beta-2-update.aspx -# http://msdn.microsoft.com/en-us/library/ie/gg622941(v=vs.85).aspx -# 'soon' on Firefox https://bugzilla.mozilla.org/show_bug.cgi?id=471020 -add_header X-Content-Type-Options nosniff always; - -# This header enables the Cross-site scripting (XSS) filter built into most recent web browsers. -# It's usually enabled by default anyway, so the role of this header is to re-enable the filter for -# this particular website if it was disabled by the user. -# https://www.owasp.org/index.php/List_of_useful_HTTP_headers -add_header X-XSS-Protection "1; mode=block"; diff --git a/ubuntu-7.3/rootfs/etc/nginx/static_files.conf b/ubuntu-7.3/rootfs/etc/nginx/static_files.conf deleted file mode 100644 index fa9d42d..0000000 --- a/ubuntu-7.3/rootfs/etc/nginx/static_files.conf +++ /dev/null @@ -1,13 +0,0 @@ -# Use version numbers to bypass cache -# Try to cache as long as we can -expires max; - -## No need to bleed constant updates. Send the all shebang in one -## fell swoop. -tcp_nodelay off; - -## Set the OS file cache. -open_file_cache max=3000 inactive=120s; -open_file_cache_valid 45s; -open_file_cache_min_uses 2; -open_file_cache_errors off; diff --git a/ubuntu-7.3/rootfs/etc/nginx/upstreams.conf b/ubuntu-7.3/rootfs/etc/nginx/upstreams.conf deleted file mode 100644 index 395d445..0000000 --- a/ubuntu-7.3/rootfs/etc/nginx/upstreams.conf +++ /dev/null @@ -1,4 +0,0 @@ -# Default php handler -upstream php-fpm { - server unix:/var/run/php-fpm.sock; -} diff --git a/ubuntu-7.3/rootfs/etc/php/7.3/cli/php.ini b/ubuntu-7.3/rootfs/etc/php/7.3/cli/php.ini deleted file mode 100644 index 5b4d1fe..0000000 --- a/ubuntu-7.3/rootfs/etc/php/7.3/cli/php.ini +++ /dev/null @@ -1,71 +0,0 @@ -[PHP] -; This directive determines whether or not PHP will recognize code between -; tags as PHP source which should be processed as such. -short_open_tag = Off - -; Implicit flush tells PHP to tell the output layer to flush itself -; automatically after every output block. -implicit_flush = Off - -; This directive allows you to disable certain functions for security reasons. -; It receives a comma-delimited list of function names. -; http://php.net/disable-functions -disable_functions = - -; Enables or disables the circular reference collector. -; http://php.net/zend.enable-gc -zend.enable_gc = On - -;;;;;;;;;;;;;;;;; -; Miscellaneous ; -;;;;;;;;;;;;;;;;; - - -; Deny executing anything else than the exact path passed from fastcgi -; This causes the PHP interpreter to only try the literal path given and to stop processing if the file is not found. -; This is for security. -; https://www.nginx.com/resources/wiki/start/topics/tutorials/config_pitfalls/#passing-uncontrolled-requests-to-php -cgi.fix_pathinfo = 0 - -expose_php = Off - -;;;;;;;;;;;;;;;;;;; -; Resource Limits ; -;;;;;;;;;;;;;;;;;;; - -; Maximum execution time of each script, in seconds -max_execution_time = 600 - -; Maximum amount of time each script may spend parsing request data. -max_input_time = 60 - -; How many GET/POST/COOKIE input variables may be accepted -; max_input_vars = 1000 - -; Maximum amount of memory a script may consume (128MB) -memory_limit = ${PHP_MEMORY_LIMIT} - -;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; -; Error handling and logging ; -;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; - -error_reporting = E_ALL - -display_errors = On - -display_startup_errors = On - -log_errors = On - -log_errors_max_len = 2048 - -ignore_repeated_errors = Off - -ignore_repeated_source = Off - -report_memleaks = On - -;This is deprecated from php7.2 so its disabled as of 5.4.2018 -;track_errors = On - -html_errors = Off diff --git a/ubuntu-7.3/rootfs/etc/php/7.3/fpm/conf.d/blocked.ini b/ubuntu-7.3/rootfs/etc/php/7.3/fpm/conf.d/blocked.ini deleted file mode 100644 index 4142569..0000000 --- a/ubuntu-7.3/rootfs/etc/php/7.3/fpm/conf.d/blocked.ini +++ /dev/null @@ -1,4 +0,0 @@ -; Disable some functions because they allow bad/vulnerable patterns -; We want to advocate good coding practises and these functions make it difficult -; You can use these with php cli but not with php-fpm -disable_functions = exec,passthru,shell_exec,show_source,system,pcntl_exec,popen,posix_getpwuid,posix_kill,posix_mkfifo,posix_setpgid,posix_setsid,posix_setuid,posix_setuid,posix_uname,proc_nice,proc_open,proc_close,proc_get_status diff --git a/ubuntu-7.3/rootfs/etc/php/7.3/fpm/conf.d/common.ini b/ubuntu-7.3/rootfs/etc/php/7.3/fpm/conf.d/common.ini deleted file mode 100644 index 5600222..0000000 --- a/ubuntu-7.3/rootfs/etc/php/7.3/fpm/conf.d/common.ini +++ /dev/null @@ -1,4 +0,0 @@ -[PHP] - -; Don't brag that we have php 7.0 -expose_php = Off diff --git a/ubuntu-7.3/rootfs/etc/php/7.3/fpm/conf.d/limits.ini b/ubuntu-7.3/rootfs/etc/php/7.3/fpm/conf.d/limits.ini deleted file mode 100644 index 6ccc766..0000000 --- a/ubuntu-7.3/rootfs/etc/php/7.3/fpm/conf.d/limits.ini +++ /dev/null @@ -1,7 +0,0 @@ -; filesize, time and input limits -max_execution_time = ${NGINX_FASTCGI_TIMEOUT} -max_input_time = -1 -max_input_vars = ${PHP_MAX_INPUT_VARS} -memory_limit = ${PHP_MEMORY_LIMIT} -post_max_size = ${NGINX_MAX_BODY_SIZE} -upload_max_filesize = ${NGINX_MAX_BODY_SIZE} diff --git a/ubuntu-7.3/rootfs/etc/php/7.3/fpm/conf.d/logging.ini b/ubuntu-7.3/rootfs/etc/php/7.3/fpm/conf.d/logging.ini deleted file mode 100644 index 6db568d..0000000 --- a/ubuntu-7.3/rootfs/etc/php/7.3/fpm/conf.d/logging.ini +++ /dev/null @@ -1,4 +0,0 @@ -; Log all warnings and errors -error_log = ${PHP_ERROR_LOG} -log_level = ${PHP_ERROR_LOG_LEVEL} -log_errors_max_len = ${PHP_ERROR_MAX_LEN} diff --git a/ubuntu-7.3/rootfs/etc/php/7.3/fpm/conf.d/mail.ini b/ubuntu-7.3/rootfs/etc/php/7.3/fpm/conf.d/mail.ini deleted file mode 100644 index d54d6f8..0000000 --- a/ubuntu-7.3/rootfs/etc/php/7.3/fpm/conf.d/mail.ini +++ /dev/null @@ -1,3 +0,0 @@ -[PHP] -; Use msmtp to send mail instead of sendmail -sendmail_path = "/usr/sbin/sendmail" diff --git a/ubuntu-7.3/rootfs/etc/php/7.3/fpm/conf.d/opcache.ini b/ubuntu-7.3/rootfs/etc/php/7.3/fpm/conf.d/opcache.ini deleted file mode 100644 index 41a7d2a..0000000 --- a/ubuntu-7.3/rootfs/etc/php/7.3/fpm/conf.d/opcache.ini +++ /dev/null @@ -1,24 +0,0 @@ -; Enable php opcache to make site faster -; These are taken from: https://www.scalingphpbook.com/blog/2014/02/14/best-zend-opcache-settings.html -[opcache] -opcache.enable = 1 -opcache.enable_cli = 1 - -; Provides a faster mechanism for calling the deconstructors in your code at the end of a single request to speed up the response and recycle php workers so they're ready for the next incoming request faster. -opcache.fast_shutdown = 1 - -; Give plenty of memory for php process for caching the code -opcache.memory_consumption = ${PHP_OPCACHE_MAX_MEMORY} - -; Log into container output -opcache.error_log = /dev/stderr - -; Log opcache warnings -opcache.log_verbosity_level = 2 - -; PHP uses a technique called string interning to improve performance— so, for example, if you have the string "foobar" 1000 times in your code, internally PHP will store 1 immutable variable for this string and just use a pointer to it for the other 999 times you use it. -; This reserves 16MB to storing the most used strings -opcache.interned_strings_buffer = 16 -opcache.max_accelerated_files = ${PHP_OPCACHE_MAX_FILES} - - diff --git a/ubuntu-7.3/rootfs/etc/php/7.3/fpm/conf.d/opcache_invalidate.conf b/ubuntu-7.3/rootfs/etc/php/7.3/fpm/conf.d/opcache_invalidate.conf deleted file mode 100644 index d152afa..0000000 --- a/ubuntu-7.3/rootfs/etc/php/7.3/fpm/conf.d/opcache_invalidate.conf +++ /dev/null @@ -1,5 +0,0 @@ -; Don't revalidate php files in this container -opcache.validate_timestamps = 0 - -; We don't need to cache php comments into opcache -opcache.save_comments = 0 diff --git a/ubuntu-7.3/rootfs/etc/php/7.3/fpm/conf.d/sessions.ini b/ubuntu-7.3/rootfs/etc/php/7.3/fpm/conf.d/sessions.ini deleted file mode 100644 index d5fb56c..0000000 --- a/ubuntu-7.3/rootfs/etc/php/7.3/fpm/conf.d/sessions.ini +++ /dev/null @@ -1,6 +0,0 @@ -;;;;;;;;;;;;;;;;;;;;;;;;;; -; Define Session backend ; -;;;;;;;;;;;;;;;;;;;;;;;;;; -; These env can also contain redis as backend -session.save_handler = ${PHP_SESSION_HANDLER} -session.save_path = ${PHP_SESSION_SAVE_PATH} diff --git a/ubuntu-7.3/rootfs/etc/php/7.3/fpm/conf.d/timezone.ini b/ubuntu-7.3/rootfs/etc/php/7.3/fpm/conf.d/timezone.ini deleted file mode 100644 index dfb2fec..0000000 --- a/ubuntu-7.3/rootfs/etc/php/7.3/fpm/conf.d/timezone.ini +++ /dev/null @@ -1,2 +0,0 @@ -; Timezone from env formatted like 'Europe/Helsinki' -date.timezone = ${TZ} diff --git a/ubuntu-7.3/rootfs/etc/php/7.3/fpm/php-fpm.conf b/ubuntu-7.3/rootfs/etc/php/7.3/fpm/php-fpm.conf deleted file mode 100644 index 0634b4e..0000000 --- a/ubuntu-7.3/rootfs/etc/php/7.3/fpm/php-fpm.conf +++ /dev/null @@ -1,35 +0,0 @@ -; Run this in foregroud so s6 can control it -daemonize = no - -; Log all warnings and errors -error_log = ${PHP_ERROR_LOG} -log_level = ${PHP_ERROR_LOG_LEVEL} - -[www] -user = ${WEB_USER} -group = ${WEB_GROUP} -listen = /var/run/php-fpm.sock -listen.owner = ${WEB_USER} -listen.group = ${WEB_GROUP} -pm = dynamic - -; Total RAM dedicated to the web server / Max child process size -pm.max_children = 30 - -pm.start_servers = 1 -pm.min_spare_servers = 1 -pm.max_spare_servers = 5 - -; Redirect worker stdout and stderr into main error log. If not set, stdout and -; stderr will be redirected to /dev/null according to FastCGI specs. -; Default Value: no -catch_workers_output = yes - -; Project web root -chdir = ${WEB_ROOT} - -pm.process_idle_timeout = 10s -pm.max_requests = 500 - -; Include extra configs -include=/etc/php/7.3/fpm/php-fpm.d/*.conf diff --git a/ubuntu-7.3/rootfs/etc/php/7.3/fpm/php-fpm.d/preserve-env.conf b/ubuntu-7.3/rootfs/etc/php/7.3/fpm/php-fpm.d/preserve-env.conf deleted file mode 100644 index 956d8ff..0000000 --- a/ubuntu-7.3/rootfs/etc/php/7.3/fpm/php-fpm.d/preserve-env.conf +++ /dev/null @@ -1,3 +0,0 @@ -; Just use all envs from system when php-fpm starts -; By default php-fpm flushes all envs and they need to be whitelisted -clear_env = no diff --git a/ubuntu-7.3/rootfs/etc/php/7.3/fpm/php.ini b/ubuntu-7.3/rootfs/etc/php/7.3/fpm/php.ini deleted file mode 100644 index bf0e19b..0000000 --- a/ubuntu-7.3/rootfs/etc/php/7.3/fpm/php.ini +++ /dev/null @@ -1,47 +0,0 @@ -;;; -; Production settings for php and php-fpm -;;; -; All directives from /etc/php/7.0/fpm/conf.d are also included -;;; - -[PHP] - -; Don't display errors into frontend -display_errors = ${PHP_DISPLAY_ERRORS} - -; disable ignoring of repeat errors -ignore_repeated_errors = false - -; disable ignoring of unique source errors -ignore_repeated_source = false - -; enable logging of php memory leaks -report_memleaks = true - -; Deny executing anything else than the exact path passed from fastcgi -; This causes the PHP interpreter to only try the literal path given and to stop processing if the file is not found. -; This is for security. Source: https://www.nginx.com/resources/wiki/start/topics/tutorials/config_pitfalls/#passing-uncontrolled-requests-to-php -cgi.fix_pathinfo = 0 - -; disable html markup of errors -html_errors = false - -; disable formatting of error reference links -docref_root = 0 - -; disable formatting of error reference links -docref_ext = 0 - -; disable max error string length ( by using so big number that bigger messages don't matter ) -log_errors_max_len = 10000 - -; Don't show startup errors -display_startup_errors = Off -;This is deprecated from php7.2 so its disabled as of 5.4.2018 -;track_errors = Off - -; Redirect worker stdout and stderr into main error log. If not set, stdout and -; stderr will be redirected to /dev/null according to FastCGI specs. -; Default Value: no -catch_workers_output = yes - diff --git a/ubuntu-7.3/rootfs/etc/services.d/cron/run b/ubuntu-7.3/rootfs/etc/services.d/cron/run deleted file mode 100644 index 444e2b9..0000000 --- a/ubuntu-7.3/rootfs/etc/services.d/cron/run +++ /dev/null @@ -1,4 +0,0 @@ -#!/usr/bin/with-contenv sh -echo "[services.d] started cron daemon" -# Runs cron daemon in foreground -cron -l 2 -f diff --git a/ubuntu-7.3/rootfs/etc/services.d/nginx/run b/ubuntu-7.3/rootfs/etc/services.d/nginx/run deleted file mode 100755 index ef92c7d..0000000 --- a/ubuntu-7.3/rootfs/etc/services.d/nginx/run +++ /dev/null @@ -1,4 +0,0 @@ -#!/usr/bin/with-contenv sh - -# Run nginx always in foreground -exec nginx -g "daemon off;" diff --git a/ubuntu-7.3/rootfs/etc/services.d/php-fpm/run b/ubuntu-7.3/rootfs/etc/services.d/php-fpm/run deleted file mode 100644 index 188b655..0000000 --- a/ubuntu-7.3/rootfs/etc/services.d/php-fpm/run +++ /dev/null @@ -1,53 +0,0 @@ -#!/usr/bin/with-contenv bash - -## -# Check which kind of session backend we should be using -## -if [ -z "$PHP_SESSION_SAVE_PATH" ]; then - echo "[php-fpm] configuring php-fpm session backend..." - - # Use 'files' as default session handler - export PHP_SESSION_HANDLER=${PHP_SESSION_HANDLER-files} - - case "$PHP_SESSION_HANDLER" in - - files) - mkdir -p /tmp/php - chown $WEB_USER:$WEB_GROUP /tmp/php - - # export new env for php-fpm - export PHP_SESSION_SAVE_PATH='/tmp/php' - ;; - redis) - # Set defaults - REDIS_HOST=${REDIS_HOST-$REDIS_1_PORT_6379_TCP_ADDR} - REDIS_PORT=${REDIS_PORT-6379} - REDIS_SCHEME=${REDIS_SCHEME-tcp} - REDIS_PHP_SESSION_HOST=${REDIS_PHP_SESSION_HOST-$REDIS_1_PORT_6379_TCP_ADDR} - - # After this time php-fpm will timeout from requesting session data - PHP_SESSION_REDIS_TIMEOUT=${PHP_SESSION_REDIS_TIMEOUT-5} - - PHP_SESSION_REDIS_PARAMS="timeout=$PHP_SESSION_REDIS_TIMEOUT" - - # Set these only if they are not 0 and '' because they add complexity for the query - if [ "$PHP_SESSION_REDIS_DB" != "" ]; then - PHP_SESSION_REDIS_PARAMS+="&database=$PHP_SESSION_REDIS_DB" - fi - if [ "$REDIS_PASSWORD" != "" ]; then - PHP_SESSION_REDIS_PARAMS+="&auth=$REDIS_PASSWORD" - fi - if [ "$PHP_SESSION_REDIS_PREFIX" != "" ]; then - PHP_SESSION_REDIS_PARAMS+="&prefix=$PHP_SESSION_REDIS_PREFIX" - fi - - # export new env for php-fpm - export PHP_SESSION_SAVE_PATH="$REDIS_SCHEME://$REDIS_PHP_SESSION_HOST:$REDIS_PORT?$PHP_SESSION_REDIS_PARAMS" - ;; - esac -fi -echo "[php-fpm] using $PHP_SESSION_SAVE_PATH for php sessions..." - -echo "[php-fpm] started php-fpm" -exec php-fpm -c /etc/php/7.3/fpm/php.ini --fpm-config /etc/php/7.3/fpm/php-fpm.conf --pid /var/run/php-fpm.pid - diff --git a/ubuntu-7.3/rootfs/usr/bin/wp b/ubuntu-7.3/rootfs/usr/bin/wp deleted file mode 100755 index e138ef0..0000000 --- a/ubuntu-7.3/rootfs/usr/bin/wp +++ /dev/null @@ -1,12 +0,0 @@ -#!/usr/bin/env bash -## -# WP-cli wrapper: Append path automatically so that user doesn't have to -## -if [ "$(whoami)" = "root" ]; then - # Run as wordpress user instead - # This helps that we don't install things as root - # Or run 3rd party code as root - gosu $WEB_USER /usr/local/bin/wp-cli "$@" --path=$WP_CORE -else - /usr/local/bin/wp-cli "$@" --path=$WP_CORE -fi diff --git a/ubuntu-7.3/rootfs/usr/local/bin/phinx b/ubuntu-7.3/rootfs/usr/local/bin/phinx deleted file mode 100755 index 854aa2f..0000000 --- a/ubuntu-7.3/rootfs/usr/local/bin/phinx +++ /dev/null @@ -1,27 +0,0 @@ -#!/usr/bin/env bash -## -# Phinx wrapper -# You need to install phinx through composer first -## - -# Export database host in prod and dev -if [ ! -z "$MYSQL_HOST" ]; then - export PHINX_DBHOST=$MYSQL_HOST -elif [ ! -z "$DB_HOST" ]; then - export PHINX_DBHOST=$DB_HOST -elif [ ! -z "$DB_PORT_3306_TCP_ADDR" ]; then - export PHINX_DBHOST=$DB_PORT_3306_TCP_ADDR -else - echo "ERROR: You need to set DB_HOST!" -fi - -# Export phinx envs -# Default to MYSQL_ envs but fallback to DB_ -export PHINX_DBPORT=${MYSQL_PORT-$DB_PORT} -export PHINX_DBNAME=${MYSQL_DATABASE-$DB_NAME} -export PHINX_DBUSER=${MYSQL_USER-$DB_USER} -export PHINX_DBPASSWORD=${MYSQL_PWD-$DB_PASSWORD} -export PHINX_ENVIRONMENT=$WP_ENV - -# Run phinx -php $PROJECT_ROOT/vendor/bin/phinx $@ diff --git a/ubuntu-7.3/rootfs/usr/local/bin/print-smtp-password b/ubuntu-7.3/rootfs/usr/local/bin/print-smtp-password deleted file mode 100755 index f59d906..0000000 --- a/ubuntu-7.3/rootfs/usr/local/bin/print-smtp-password +++ /dev/null @@ -1,5 +0,0 @@ -#!/bin/bash -# This is so that we can use msmtp without /etc/msmtprc config file -# msmtp doesn't have --password option and it only has --passwordeval option -# We use this script so that we can use it in passwordeval -echo $SMTP_PASSWORD diff --git a/ubuntu-7.3/rootfs/usr/local/bin/wp-run-cron b/ubuntu-7.3/rootfs/usr/local/bin/wp-run-cron deleted file mode 100755 index e5c4aa8..0000000 --- a/ubuntu-7.3/rootfs/usr/local/bin/wp-run-cron +++ /dev/null @@ -1,42 +0,0 @@ -#!/bin/bash -# Copyright © 2015 Bjørn Johansen -# This work is free. You can redistribute it and/or modify it under the -# terms of the Do What The Fuck You Want To Public License, Version 2, -# as published by Sam Hocevar. See http://www.wtfpl.net/ for more details. -# Source: https://bjornjohansen.no/wordpress-cron-wp-cli -# Github: https://gist.github.com/bjornjohansen/a00a9fee5475c4dadb56#file-run-wp-cron-sh - -# This is modified for our container. In this container you don't need to use --path -# because it's automatically included - -# Check if WP-CLI is available -if ! hash wp 2>/dev/null; then - echo "[wp-cron] ERROR: WP-CLI is not available" - exit -fi - -# If WordPress isn’t installed here, we bail -if ! wp core is-installed --quiet >> /dev/null; then - echo "[wp-cron] ERROR: WordPress is not installed here: ${WP_CORE}" - exit -fi - -# Get a list of site URLs -if wp core is-installed --quiet --network >> /dev/null; -then - SITE_URLS=`wp site list --fields=url --archived=0 --deleted=0 --format=csv | sed 1d` -else - SITE_URLS=(`wp option get siteurl`) -fi - -# Loop through all the sites -for SITE_URL in $SITE_URLS -do - # replaced loop with better solution - wp cron event run --due-now --url="$SITE_URL" - # Run all event hooks that are due - #for EVENT_HOOK in $(wp cron event list --format=csv --fields=hook,next_run_relative --url="$SITE_URL" | grep now$ | awk -F ',' '{print $1}') - #do - # wp cron event run "$EVENT_HOOK" --url="$SITE_URL" --quiet - #done -done diff --git a/ubuntu-7.3/rootfs/usr/sbin/sendmail b/ubuntu-7.3/rootfs/usr/sbin/sendmail deleted file mode 100755 index ec8c40f..0000000 --- a/ubuntu-7.3/rootfs/usr/sbin/sendmail +++ /dev/null @@ -1,66 +0,0 @@ -#!/bin/bash -## -# This is custom wrapper for msmtp which acts like good old sendmail -# - It is used for php and cron -# - This is easier to configure for external mail server than sendmail -# - sendmail is just the default binary which other services will use -# - It needs following env: SMTP_HOST, SMTP_PASSWORD, SMTP_PORT, SMTP_AUTH, SMTP_USER -## - -# Deduce all used msmtp options from system ENVs -declare -a options - -# Act like sendmail -options+=("-t") - -# Use system tls chain -options+=("--tls-trust-file=/etc/ssl/certs/ca-certificates.crt") - -if [ -n "$SMTP_HOST" ]; then - options+=("--host=$SMTP_HOST") -else - echo "[mail error] SMTP_HOST is not defined, mail can't be sent" - exit 1 -fi - -# Log all mail requests -# try /var/log/mail/sent.log but use stdout when logfile is not available -if [ -n "$SMTP_LOG" ]; then - options+=("--logfile=$SMTP_LOG") -elif [ -f /var/log/mail/sent.log ]; then - options+=("--logfile=/var/log/mail/sent.log") -fi - -if [ -n "$SMTP_FROM" ]; then - options+=("--from=$SMTP_FROM") -fi - -# Default port for smtp is 25 and it will work even without this option -if [ -n "$SMTP_PORT" ]; then - options+=("--port=$SMTP_PORT") -fi - -# Setup credentials -if [ -n "$SMTP_USER" ]; then - options+=("--user=$SMTP_USER") -fi - -# msmtp doesn't provide password option because usually it's unsafe -# Use local hack for passwordeval -if [ -n "$SMTP_PASSWORD" ]; then - options+=("--passwordeval=/usr/local/bin/print-smtp-password") -fi - - -if [ -n "$SMTP_AUTH" ]; then - options+=("--auth=$SMTP_AUTH") -elif [ -n "$SMTP_USER" ] || [ -n "$SMTP_PASSWORD" ]; then - options+=("--auth=on") -fi - -if [ -n "$SMTP_TLS" ]; then - options+=("--tls=$SMTP_TLS") -fi - -# Add our options and command line options for msmtp -msmtp ${options[@]} "$@" diff --git a/ubuntu-7.3/rootfs/usr/share/nginx/html/403.html b/ubuntu-7.3/rootfs/usr/share/nginx/html/403.html deleted file mode 100644 index 3f85394..0000000 --- a/ubuntu-7.3/rootfs/usr/share/nginx/html/403.html +++ /dev/null @@ -1,95 +0,0 @@ - - - - - - -403 Forbidden - - - - - - - - -
-
-

403 Forbidden

-

Sorry! You don't have access permissions for that on .

-

Take Me To The Homepage - -

-
-
-
-
-
-
-

What happened?

-

A 403 error status indicates that you don't have permission to access the file or page. In general, web servers and websites have directories and files that are not open to the public web for security reasons.

-
-
-

What can I do?

-

If you're a site visitor

-

Please use your browsers back button and check that you're in the right place. If you need immediate assistance, please send us an email instead.

-

If you're the site owner

-

Please check that you're in the right place and get in touch with your website provider if you believe this to be an error.

-
-
-
-
- - - - - - - diff --git a/ubuntu-7.3/rootfs/usr/share/nginx/html/500.html b/ubuntu-7.3/rootfs/usr/share/nginx/html/500.html deleted file mode 100644 index e5fac20..0000000 --- a/ubuntu-7.3/rootfs/usr/share/nginx/html/500.html +++ /dev/null @@ -1,89 +0,0 @@ - - - - - - -500 Internal Server Error - - - - - - - - -
- -
-

500 Internal Server Error

-

The web server is returning an internal error for .

- Try This Page Again -
-
-
-
-
-
-

What happened?

-

A 500 error status implies there is a problem with the web server's software causing it to malfunction.

-
-
-

What can I do?

-

If you're a site visitor

-

Nothing you can do at the moment. If you need immediate assistance, please send us an email instead. We apologize for any inconvenience.

-

If you're the site owner

-

This error can only be fixed by server admins, please contact your website provider.

-
-
-
-
- - - - - - - diff --git a/ubuntu-7.3/rootfs/usr/share/nginx/html/502.html b/ubuntu-7.3/rootfs/usr/share/nginx/html/502.html deleted file mode 100644 index e7d79c1..0000000 --- a/ubuntu-7.3/rootfs/usr/share/nginx/html/502.html +++ /dev/null @@ -1,98 +0,0 @@ - - - - - - - -502 Bad Gateway - - - - - - - - -
- -
-

502 Bad Gateway

-

The web server is returning an unexpected networking error for .

- Try This Page Again -
-
-
-
-
-
-

What happened?

-

A 502 error status implies that that the server received an invalid response from an upstream server it accessed to fulfill the request.

-
-
-

What can I do?

-

If you're a site visitor

-

Check to see if this website down for everyone or just you. -

-

Also, clearing your browser cache and refreshing the page may clear this issue. If the problem persists and you need immediate assistance, please send us an email instead.

-

If you're the site owner

-

Clearing your browser cache and refreshing the page may clear this issue. If the problem persists and you need immediate assistance, please contact your website provider.

-
-
-
-
- - - - - - - - diff --git a/ubuntu-7.3/rootfs/usr/share/nginx/html/504.html b/ubuntu-7.3/rootfs/usr/share/nginx/html/504.html deleted file mode 100644 index f37b919..0000000 --- a/ubuntu-7.3/rootfs/usr/share/nginx/html/504.html +++ /dev/null @@ -1,100 +0,0 @@ - - - - - - - -504 Gateway Timeout - - - - - - - - -
- -
-

504 Gateway Timeout

-

The web server is returning an unexpected networking error for .

- Try This Page Again -
-
-
-
- - -
-
-

What happened?

-

A 504 error status implies there is a slow IP communication problem between back-end servers attempting to fulfill this request.

-
-
-

What can I do?

-

If you're a site visitor

-

Check to see if this website down for everyone or just you. -

-

Also, clearing your browser cache and refreshing the page may clear this issue. If the problem persists and you need immediate assistance, please send us an email instead.

-

If you're the site owner

-

Clearing your browser cache and refreshing the page may clear this issue. If the problem persists and you need immediate assistance, please contact your website provider.

-
-
-
-
- - - - - - - - diff --git a/ubuntu-7.4/rootfs/etc/ImageMagick b/ubuntu-7.4/rootfs/etc/ImageMagick deleted file mode 100644 index d88e8bf..0000000 --- a/ubuntu-7.4/rootfs/etc/ImageMagick +++ /dev/null @@ -1,11 +0,0 @@ - - - - - - - - - - - diff --git a/ubuntu-7.4/rootfs/etc/cont-init.d/00-render-templates b/ubuntu-7.4/rootfs/etc/cont-init.d/00-render-templates deleted file mode 100755 index 56f69f3..0000000 --- a/ubuntu-7.4/rootfs/etc/cont-init.d/00-render-templates +++ /dev/null @@ -1,85 +0,0 @@ -#!/usr/bin/with-contenv bash -## -# This script uses clever heredoc hack to substitute env variables into static config files -# Source: http://stackoverflow.com/questions/2914220/bash-templating-how-to-build-configuration-files-from-templates-with-bash -## - -## -# Replaces ${ENV} placoholders from file with provided variables -# $1 - ':'' separated list of variables -# $2 - filename to render -## -function render_env_tmpl() { - vars=$1 - input_file=$2 - # If filename ends with .tmpl replace it without the .tmpl - filename=$(dirname $input_file)/$(basename $input_file .tmpl) - - tmp_file=/tmp/$(basename $filename) - - # render all provided $vars to temporary file - envsubst "$vars" < $input_file > $tmp_file - - # replace original file with rendered file - mv $tmp_file $filename -} - -echo "[cont-init.d] Substituting env into configuration files..." - -## -# Nginx doesn't support env variables in config files so we will have to do this in hacky way instead -## -VARS='$PORT:$WEB_ROOT:$WEB_USER:$WEB_GROUP:$NGINX_ACCESS_LOG:$NGINX_ERROR_LOG:$NGINX_ERROR_LEVEL:$NGINX_INCLUDE_DIR:$NGINX_MAX_BODY_SIZE:$NGINX_BODY_BUFFER_SIZE:$NGINX_FASTCGI_TIMEOUT:$WP_ENV:$NGINX_CACHE_KEY' -render_env_tmpl "$VARS" /etc/nginx/nginx.conf - -## -# Redis cache needs to know the redis instance and credentials -## - -# Set defaults if they are not set -export REDIS_HOST=${REDIS_HOST-$REDIS_1_PORT_6379_TCP_ADDR} -export REDIS_PORT=${REDIS_PORT-6379} -export REDIS_DATABASE=${REDIS_DATABASE-0} -export REDIS_PASSWORD=${REDIS_PASSWORD-''} -export REDIS_CACHE_TTL=${REDIS_CACHE_TTL-14400} - -# Add helper variables for AWS s3 bucket storage -VARS+='$AWS_S3_BUCKET_NAME:AWS_S3_REPLICA_BUCKET_NAME' - -# Add Redis variables -VARS+='$REDIS_HOST:$REDIS_PORT:$REDIS_DATABASE:$REDIS_PASSWORD:$NGINX_REDIS_CACHE_TTL_MAX:$NGINX_REDIS_CACHE_TTL_DEFAULT:$NGINX_REDIS_CACHE_PREFIX' - -# Add image proxy variables -VARS+='$GOOGLE_CLOUD_STORAGE_BUCKET_NAME' - -# Add cache variables -VARS+='$NGINX_CACHE_USE_STALE:$NGINX_CACHE_CONTROL:$NGINX_CACHE_DIRECTORY' - -render_env_tmpl "$VARS" /etc/nginx/cache/redis_backend.conf - -render_env_tmpl "$VARS" /etc/nginx/cache/srcache.conf -render_env_tmpl "$VARS" /etc/nginx/cache/fastcgicache_settings.conf -render_env_tmpl "$VARS" /etc/nginx/cache/fastcgicache_skip_rules.conf -## -# Render all user provided nginx templates -## -VARS+='$BASIC_AUTH_USER:$BASIC_AUTH_PASSWORD_HASH' -for conf_file in $(find $NGINX_INCLUDE_DIR -type f -name '*.tmpl'); do - echo "[cont-init.d] Rendering env in $conf_file..." - - # Add helper variables for easier scripting - export __DIR__=$(dirname $conf_file) - - VARS_TMPL=$VARS':$__DIR__' - render_env_tmpl "$VARS_TMPL" $conf_file -done - -# Encrypt basic auth password if it set -if [[ -z "${BASIC_AUTH_PASSWORD}" ]]; -then - echo "Not encrypting BASIC_AUTH_PASSWORD..." -else - BASIC_AUTH_PASSWORD_HASH=$(openssl passwd -crypt $BASIC_AUTH_PASSWORD) - echo "Encrypting BASIC_AUTH_PASSWORD... ${BASIC_AUTH_PASSWORD} -> ${BASIC_AUTH_PASSWORD_HASH}" - echo "${BASIC_AUTH_USER}:${BASIC_AUTH_PASSWORD_HASH}" > /var/www/project/nginx/environments/${WP_ENV}/server/.htpasswd -fi diff --git a/ubuntu-7.4/rootfs/etc/cont-init.d/01-create-web-user b/ubuntu-7.4/rootfs/etc/cont-init.d/01-create-web-user deleted file mode 100755 index aeb0aa7..0000000 --- a/ubuntu-7.4/rootfs/etc/cont-init.d/01-create-web-user +++ /dev/null @@ -1,58 +0,0 @@ -#!/usr/bin/with-contenv bash - -## -# If $WEB_USER user and web group already exists just skip the user creation -## -if id -u $WEB_USER > /dev/null 2>&1 && getent group $WEB_GROUP > /dev/null 2>&1; then - echo "[cont-init.d] user:$WEB_USER and group:$WEB_GROUP already exist, skipping..." - exit 0 -fi - -## -# Create $WEB_USER user with $WEB_UID and web group with $WEB_GID -## - -# Set defaults if they are not set -export WEB_USER=${WEB_USER-wordpress} -export WEB_GROUP=${WEB_GROUP-web} -export WEB_UID=${WEB_UID-1000} -export WEB_GID=${WEB_GID-1000} - -echo "[cont-init.d] Creating $WEB_USER user with id: $WEB_UID and group web with id: $WEB_GID" - -# Create web group -if [ -n "$WEB_GID" ]; then - - # Check if group with $WEB_GID already exists - web_group=$(getent group $WEB_GID | cut -d':' -f1) - - if [ -n "$web_group" ]; then - - # Replace the existing group name to web - # This is done so that in local development we can just lookup permissions from mounted folders - # This UID/GID can be same as something already existing inside container - # This way we can use same uid/gid in container and host machine - echo "[cont-init.d] Replacing pre-existing group name $web_group -> $WEB_GROUP" - sed -i "s|$web_group|$WEB_GROUP|g" /etc/group - - else - # Create new group - echo "$ groupadd -g $WEB_GID $WEB_GROUP" - groupadd -g $WEB_GID $WEB_GROUP - fi -else - echo "[cont-init.d] ERROR: Please set web user group id in WEB_GID" 1>&2 - exit 2 -fi - -# Create $WEB_USER user -if [ -n "$WEB_UID" ] && [ -n "$WEB_GID" ] ; then - echo "$ useradd -u $WEB_UID -g $WEB_GROUP --home $PROJECT_ROOT $WEB_USER" - useradd -u $WEB_UID -g $WEB_GROUP --home $PROJECT_ROOT $WEB_USER -else - echo "[cont-init.d] ERROR: Please set web user id in WEB_UID" 1>&2 - exit 2 -fi - -# Check that processes can write logs -chown $WEB_USER:$WEB_GROUP /var/log diff --git a/ubuntu-7.4/rootfs/etc/cont-init.d/02-init-crond b/ubuntu-7.4/rootfs/etc/cont-init.d/02-init-crond deleted file mode 100755 index 962a79e..0000000 --- a/ubuntu-7.4/rootfs/etc/cont-init.d/02-init-crond +++ /dev/null @@ -1,30 +0,0 @@ -#!/usr/bin/with-contenv bash - -# Copy cronjob from project and run as nginx -if [ -f $PROJECT_ROOT/tasks.cron ]; then - - # Setup all container env for cron - printenv | grep -v ^_= | grep -v "no_proxy" >> /etc/environment - - # Use default redis for cronlock if cronlock variables are not set - if [ -n "$REDIS_HOST" ] && [ -z "$CRONLOCK_HOST" ] ; then - echo "CRONLOCK_HOST=$REDIS_HOST" >> /etc/environment - fi - if [ -n "$REDIS_PASSWORD" ] && [ -z "$CRONLOCK_AUTH" ] ; then - echo "CRONLOCK_AUTH=$REDIS_PASSWORD" >> /etc/environment - fi - if [ -n "$REDIS_PORT" ] && [ -z "$CRONLOCK_PORT" ] ; then - echo "CRONLOCK_PORT=$REDIS_PORT" >> /etc/environment - fi - # env for running wp cron - echo "CRON_URL=$CRON_URL" >> /etc/environment; - # Copy cron template - cp $PROJECT_ROOT/tasks.cron /var/spool/cron/crontabs/$WEB_USER - chown $WEB_USER /var/spool/cron/crontabs/$WEB_USER - chmod 0600 /var/spool/cron/crontabs/$WEB_USER -else - # No cronjobs found remove crond from s6 - if [ -f /etc/services.d/cron ]; then - rm -r /etc/services.d/cron - fi -fi diff --git a/ubuntu-7.4/rootfs/etc/cont-init.d/02-init-directories-and-files b/ubuntu-7.4/rootfs/etc/cont-init.d/02-init-directories-and-files deleted file mode 100755 index 34df974..0000000 --- a/ubuntu-7.4/rootfs/etc/cont-init.d/02-init-directories-and-files +++ /dev/null @@ -1,18 +0,0 @@ -#!/usr/bin/with-contenv bash - -# Create uploads directory if not exists -mkdir -p $UPLOADS_ROOT -chown $WEB_USER:$WEB_GROUP $UPLOADS_ROOT - -# Create dir for nginx tmp files -mkdir -p /tmp/nginx/body -chown -R $WEB_USER:$WEB_GROUP /tmp/nginx - -# Create log directories if they don't exist already -mkdir -p /var/log/{nginx,php,mail} - -# Create error.log so that php-fpm can write to it -touch /var/log/php/error.log - -# Chown all files to wordpress -chown -R $WEB_USER:$WEB_GROUP /var/log/{nginx,php,mail} diff --git a/ubuntu-7.4/rootfs/etc/nginx/additional.types b/ubuntu-7.4/rootfs/etc/nginx/additional.types deleted file mode 100644 index ac8070e..0000000 --- a/ubuntu-7.4/rootfs/etc/nginx/additional.types +++ /dev/null @@ -1,6 +0,0 @@ -# If developers add .woff2 type font files we should provide good Content-Type headers -types { - # Add mime support for woff2 - # http://stackoverflow.com/questions/28235550/proper-mime-type-for-woff2-fonts - font/woff2 woff2; -} diff --git a/ubuntu-7.4/rootfs/etc/nginx/cache/fastcgicache.conf b/ubuntu-7.4/rootfs/etc/nginx/cache/fastcgicache.conf deleted file mode 100644 index 1455277..0000000 --- a/ubuntu-7.4/rootfs/etc/nginx/cache/fastcgicache.conf +++ /dev/null @@ -1,13 +0,0 @@ -## -# Add few rules which deny using cache -## -include cache/fastcgicache_skip_rules.conf; -include cache/helper_variables.conf; -fastcgi_cache_bypass $skip_cache; -fastcgi_no_cache $skip_cache; - -fastcgi_cache WORDPRESS; -#proxy_ignore_headers Set-Cookie Expires Cache-Control; - -# Add header for easier cache debugging -add_header X-Cache $upstream_cache_status always; diff --git a/ubuntu-7.4/rootfs/etc/nginx/cache/fastcgicache_settings.conf b/ubuntu-7.4/rootfs/etc/nginx/cache/fastcgicache_settings.conf deleted file mode 100644 index d1872e6..0000000 --- a/ubuntu-7.4/rootfs/etc/nginx/cache/fastcgicache_settings.conf +++ /dev/null @@ -1,10 +0,0 @@ -## -# Basic settings of Fast cgi cache -## -fastcgi_cache_path ${NGINX_CACHE_DIRECTORY} levels=1:2 keys_zone=WORDPRESS:100m max_size=1000m inactive=730h; -fastcgi_cache_key $scheme$request_method$host$request_uri_path$cache_args; -fastcgi_cache_lock on; -fastcgi_cache_background_update on; -fastcgi_cache_use_stale ${NGINX_CACHE_USE_STALE}; -fastcgi_cache_valid ${NGINX_REDIS_CACHE_TTL_DEFAULT}; -add_header 'Cache-Control' ${NGINX_CACHE_CONTROL}; \ No newline at end of file diff --git a/ubuntu-7.4/rootfs/etc/nginx/cache/helper_variables.conf b/ubuntu-7.4/rootfs/etc/nginx/cache/helper_variables.conf deleted file mode 100644 index ea10fb9..0000000 --- a/ubuntu-7.4/rootfs/etc/nginx/cache/helper_variables.conf +++ /dev/null @@ -1,15 +0,0 @@ -## -# This file creates few helper variables -# $prefer_language_slug - 2 first letters from accept-language header to determine the language redirects from cache -## - -## -# Parse first two letters from accept-language header to determine right cache key -## -set_by_lua_block $prefer_language_slug { - if ngx.var.http_accept_language then - return string.lower( string.match( ngx.var.http_accept_language, '%w%w' ) ) - else - return 'en' - end -} diff --git a/ubuntu-7.4/rootfs/etc/nginx/cache/redis_backend.conf b/ubuntu-7.4/rootfs/etc/nginx/cache/redis_backend.conf deleted file mode 100644 index e9f86a3..0000000 --- a/ubuntu-7.4/rootfs/etc/nginx/cache/redis_backend.conf +++ /dev/null @@ -1,45 +0,0 @@ -## -# Adds internal locations for storing and getting full page cache from redis -## - -srcache_default_expire '${NGINX_REDIS_CACHE_TTL_DEFAULT}'; -srcache_max_expire '${NGINX_REDIS_CACHE_TTL_MAX}'; - -location /redis-fetch { - internal; - - ## - # In order to use password authentication we use custom redis module which adds $redis_auth: - # - https://github.com/Yongke/ngx_http_redis-0.3.7 - ## - - # Read the configuration from system envs - set $redis_auth '${REDIS_PASSWORD}'; - set $redis_db ${REDIS_DATABASE}; - - set $redis_key $args; - - redis_pass ${REDIS_HOST}:${REDIS_PORT}; -} - -location /redis-store { - internal; - - set_unescape_uri $exptime $arg_exptime; - set_unescape_uri $key $arg_key; - - # Fix caching problem for now - # There's issue in github https://github.com/openresty/srcache-nginx-module/issues/61 - set_if_empty $srcache_expire '${NGINX_REDIS_CACHE_TTL_DEFAULT}'; - - # redis module pipelines these 3 commands into single request - redis2_query auth '${REDIS_PASSWORD}'; - redis2_query select ${REDIS_DATABASE}; - - # Set and expire with one command: http://redis.io/commands/setex - redis2_query setex $key $srcache_expire $echo_request_body; - - # Pass the request to redis - redis2_pass ${REDIS_HOST}:${REDIS_PORT}; - -} diff --git a/ubuntu-7.4/rootfs/etc/nginx/cache/skip_rules.conf b/ubuntu-7.4/rootfs/etc/nginx/cache/skip_rules.conf deleted file mode 100644 index 43344c8..0000000 --- a/ubuntu-7.4/rootfs/etc/nginx/cache/skip_rules.conf +++ /dev/null @@ -1,30 +0,0 @@ -## -# Add few rules which deny using cache -## - -# Don't skip cache by default -set $skip_cache 0; - -# POST requests and urls with a query string should always go to PHP -if ($request_method = POST) { - set $skip_cache 1; -} - -# If theres any args skip cache -if ($query_string != "") { - set $skip_cache 1; -} - -# Don't use the cache for logged in users or recent commenters -if ($http_cookie ~* "comment_author|wordpress_[a-f0-9]+|wp-postpass|wordpress_no_cache|wordpress_logged_in|woocommerce_items_in_cart") { - set $skip_cache 1; -} - -# Don't cache responses from wp-admin, xmlrpc and wp-login.php -if ($request_uri ~* "/wp-admin/|/xmlrpc.php|wp-.*.php") { - set $skip_cache 1; -} - -# Skip fetch and skip if conditions are met -srcache_fetch_skip $skip_cache; -srcache_store_skip $skip_cache; diff --git a/ubuntu-7.4/rootfs/etc/nginx/cache/srcache.conf b/ubuntu-7.4/rootfs/etc/nginx/cache/srcache.conf deleted file mode 100644 index 85027dd..0000000 --- a/ubuntu-7.4/rootfs/etc/nginx/cache/srcache.conf +++ /dev/null @@ -1,20 +0,0 @@ -## -# Add few rules which deny using cache -## -include cache/skip_rules.conf; -include cache/helper_variables.conf; - -# Use redis caching for all pages -# Allow different cache key from env -# Use 'wp_' prefix so that cache can be flushed with: -# $ wp cache flush -set $cache_key "${NGINX_CACHE_KEY}"; -set_escape_uri $escaped_cache_key $cache_key; - -srcache_response_cache_control on; - -srcache_fetch GET /redis-fetch $cache_key; -srcache_store PUT /redis-store key=$escaped_cache_key; - -# Add header for easier cache debugging -add_header X-Cache $srcache_fetch_status; diff --git a/ubuntu-7.4/rootfs/etc/nginx/env.conf b/ubuntu-7.4/rootfs/etc/nginx/env.conf deleted file mode 100644 index 35d0243..0000000 --- a/ubuntu-7.4/rootfs/etc/nginx/env.conf +++ /dev/null @@ -1,15 +0,0 @@ -# Set custom enviromental variables that we need with lua here -# These are used to dynamically load -env PORT; -env WEB_ROOT; -env NGINX_MAX_BODY_SIZE; -env NGINX_TIMEOUT; - -# For nginx redis cache -env REDIS_HOST; -env REDIS_PORT; -env REDIS_DATABASE; -env REDIS_PASSWORD; -env CACHE_MODE; -env CACHE_QUERYVARS; -env CACHE_QUERYVARS_IGNORE; \ No newline at end of file diff --git a/ubuntu-7.4/rootfs/etc/nginx/error_pages.conf b/ubuntu-7.4/rootfs/etc/nginx/error_pages.conf deleted file mode 100644 index 700cc6b..0000000 --- a/ubuntu-7.4/rootfs/etc/nginx/error_pages.conf +++ /dev/null @@ -1,31 +0,0 @@ -## -# Custom error pages -## - -## 403 - Forbidden -error_page 403 /403.html; -location = /403.html { - root /usr/share/nginx/html; - internal; -} - -## 500 - Internal Server Error -error_page 500 /500.html; -location = /500.html { - root /usr/share/nginx/html; - internal; -} - -## 502 - Bad Gateway -error_page 502 /502.html; -location = /502.html { - root /usr/share/nginx/html; - internal; -} - -## 504 - Gateway Timeout -error_page 504 /504.html; -location = /504.html { - root /usr/share/nginx/html; - internal; -} diff --git a/ubuntu-7.4/rootfs/etc/nginx/fastcgi_params b/ubuntu-7.4/rootfs/etc/nginx/fastcgi_params deleted file mode 100644 index 6fccf4f..0000000 --- a/ubuntu-7.4/rootfs/etc/nginx/fastcgi_params +++ /dev/null @@ -1,29 +0,0 @@ -# These are just basic things form request -fastcgi_param QUERY_STRING $query_string; -fastcgi_param REQUEST_METHOD $request_method; -fastcgi_param CONTENT_TYPE $content_type; -fastcgi_param CONTENT_LENGTH $content_length; - -fastcgi_param SCRIPT_NAME $fastcgi_script_name; -fastcgi_param REQUEST_URI $request_uri; -fastcgi_param DOCUMENT_URI $document_uri; -fastcgi_param DOCUMENT_ROOT $document_root; -fastcgi_param SERVER_PROTOCOL $server_protocol; - -fastcgi_param GATEWAY_INTERFACE CGI/1.1; -fastcgi_param SERVER_SOFTWARE nginx/$nginx_version; - -## -# Set these using the knowledge that we are behind proxy -## -fastcgi_param REMOTE_ADDR $real_remote; -fastcgi_param REMOTE_PORT $remote_port; -fastcgi_param SERVER_ADDR $server_addr; -fastcgi_param SERVER_PORT $real_port; -fastcgi_param SERVER_NAME $real_host; -fastcgi_param HTTPS $real_https; -fastcgi_param REQUEST_SCHEME $real_scheme; -fastcgi_param HTTP_HOST $real_host; - -# PHP only, required if PHP was built with --enable-force-cgi-redirect -fastcgi_param REDIRECT_STATUS 200; diff --git a/ubuntu-7.4/rootfs/etc/nginx/fastcgi_settings.conf b/ubuntu-7.4/rootfs/etc/nginx/fastcgi_settings.conf deleted file mode 100644 index 25683fb..0000000 --- a/ubuntu-7.4/rootfs/etc/nginx/fastcgi_settings.conf +++ /dev/null @@ -1,23 +0,0 @@ -# regex to split $uri to $fastcgi_script_name and $fastcgi_path -fastcgi_split_path_info ^(.+\.php)(/.+)$; - -# Bypass the fact that try_files resets $fastcgi_path_info -# see: http://trac.nginx.org/nginx/ticket/321 -set $path_info $fastcgi_path_info; -fastcgi_param PATH_INFO $path_info; - -# Intercept errors from php-fpm -# These can be: -# - timeouts for long running requests -# - requested php file might be missing or not existing in the first place -fastcgi_intercept_errors on; - -fastcgi_index index.php; - -# Small optimisation on fastcgi buffer size -# defaults are 8k; -fastcgi_buffers 16 16k; -fastcgi_buffer_size 16k; - -# Include basic fastcgi settings -include fastcgi_params; diff --git a/ubuntu-7.4/rootfs/etc/nginx/gzip.conf b/ubuntu-7.4/rootfs/etc/nginx/gzip.conf deleted file mode 100644 index 69737cc..0000000 --- a/ubuntu-7.4/rootfs/etc/nginx/gzip.conf +++ /dev/null @@ -1,58 +0,0 @@ -# Compression - -# Enable Gzip compressed. -gzip on; - -# Compression level (1-9). -# 5 is a perfect compromise between size and cpu usage, offering about -# 75% reduction for most ascii files (almost identical to level 9). -gzip_comp_level 5; - -# Don't compress anything that's already small and unlikely to shrink much -# if at all (the default is 20 bytes, which is bad as that usually leads to -# larger files after gzipping). -gzip_min_length 256; - -# Compress data even for clients that are connecting to us via proxies, -# identified by the "Via" header (required for CloudFront). -gzip_proxied any; - -# Tell proxies to cache both the gzipped and regular version of a resource -# whenever the client's Accept-Encoding capabilities header varies; -# Avoids the issue where a non-gzip capable client (which is extremely rare -# today) would display gibberish if their proxy gave them the gzipped version. -gzip_vary on; - -# Compress all output labeled with one of the following MIME-types. -gzip_types - application/atom+xml - application/javascript - application/json - application/ld+json - application/manifest+json - application/rss+xml - application/vnd.geo+json - application/vnd.ms-fontobject - application/x-font-ttf - application/x-web-app-manifest+json - application/xhtml+xml - application/xml - font/opentype - image/bmp - image/svg+xml - image/x-icon - text/cache-manifest - text/css - text/plain - text/vcard - text/vnd.rim.location.xloc - text/vtt - text/x-component - text/x-cross-domain-policy; -# text/html is always compressed by HttpGzipModule - -# This should be turned on if you are going to have pre-compressed copies (.gz) of -# static files available. If not it should be left off as it will cause extra I/O -# for the check. It is best if you enable this in a location{} block for -# a specific directory, or on an individual server{} level. -# gzip_static on; diff --git a/ubuntu-7.4/rootfs/etc/nginx/log_format.conf b/ubuntu-7.4/rootfs/etc/nginx/log_format.conf deleted file mode 100644 index 74c5779..0000000 --- a/ubuntu-7.4/rootfs/etc/nginx/log_format.conf +++ /dev/null @@ -1,16 +0,0 @@ -# Log cache status -# Log real requester address -log_format custom '[$time_local] $http_x_real_ip ' - '$host "$request" $status $body_bytes_sent $request_time ' - '"$http_referer" "$http_user_agent" $upstream_cache_status'; - -## -# Legacy formats which might be in use somewhere -## -# This log format makes it so we can see real requester's IP address \ -# not just the reverse proxy server's IP address. Also note, that \ -# "specialLog" can be replaced with any name you would like to \ -# give to this log format. -log_format specialLog '[$time_local] $http_x_real_ip ' - '$host "$request" $status $body_bytes_sent $request_time ' - '"$http_referer" "$http_user_agent" $upstream_cache_status'; \ No newline at end of file diff --git a/ubuntu-7.4/rootfs/etc/nginx/log_formats.conf b/ubuntu-7.4/rootfs/etc/nginx/log_formats.conf deleted file mode 100644 index 9e4e2fc..0000000 --- a/ubuntu-7.4/rootfs/etc/nginx/log_formats.conf +++ /dev/null @@ -1,19 +0,0 @@ -# Log cache status -# Log real requester address -log_format custom '[$time_local] $http_x_forwarded_for ' - '$host "$request" $status $body_bytes_sent $request_time ' - '"$http_referer" "$http_user_agent" $upstream_cache_status'; - -# A new log format for detecting bad bots. -log_format blocked '[$time_local] Blocked request from $http_x_forwarded_for $request'; - -## -# Legacy formats which might be in use somewhere -## -# This log format makes it so we can see real requester's IP address \ -# not just the reverse proxy server's IP address. Also note, that \ -# "specialLog" can be replaced with any name you would like to \ -# give to this log format. -log_format specialLog '[$time_local] $http_x_forwarded_for ' - '$host "$request" $status $body_bytes_sent $request_time ' - '"$http_referer" "$http_user_agent" $upstream_cache_status'; \ No newline at end of file diff --git a/ubuntu-7.4/rootfs/etc/nginx/nginx.conf b/ubuntu-7.4/rootfs/etc/nginx/nginx.conf deleted file mode 100644 index 8d5dcfc..0000000 --- a/ubuntu-7.4/rootfs/etc/nginx/nginx.conf +++ /dev/null @@ -1,336 +0,0 @@ -# Default user and group for the nginx@index -user ${WEB_USER} ${WEB_GROUP}; - -# Default error log -error_log ${NGINX_ERROR_LOG} ${NGINX_ERROR_LEVEL}; - -# Write process id here -pid /var/run/nginx.pid; - -# Load custom environment variables -include env.conf; - -# How many worker threads to run; -# "auto" sets it to the number of CPU cores available in the system, and -# offers the best performance. Don't set it higher than the number of CPU -# cores if changing this parameter. - -# The maximum number of connections for Nginx is calculated by: -# max_clients = worker_processes * worker_connections -worker_processes auto; - -# Maximum open file descriptors per process; -# should be > worker_connections. -worker_rlimit_nofile 8192; - -events { - # When you need > 8000 * cpu_cores connections, you start optimizing your OS, - # and this is probably the point at which you hire people who are smarter than - # you, as this is *a lot* of requests. - worker_connections 8000; -} - -http { - - # Configure hashmaps so that environment does not change defaults - map_hash_max_size 262144; - map_hash_bucket_size 262144; - server_names_hash_bucket_size 64; - - # Hide nginx version information. - server_tokens off; - - # Get the request uri without the query string to its own variable - map $request_uri $request_uri_path { - "~^(?P[^?]*)(\?.*)?$" $path; - } - - #Enable Fastcgicache - include cache/fastcgicache_settings.conf; - - # Remove Server header entirely - more_clear_headers Server; - - # How long to allow each connection to stay idle; longer values are better - # for each individual client, particularly for SSL, but means that worker - # connections are tied up longer. (Default: 65) - keepalive_timeout 20; - - # Speed up file transfers by using sendfile() to copy directly - # between descriptors rather than using read()/write(). - sendfile on; - - # Tell Nginx not to send out partial frames; this increases throughput - # since TCP frames are filled up before being sent out. (adds TCP_CORK) - tcp_nopush on; - - # Gzip all the assets - include gzip.conf; - - # Add default pagespeed settings - include pagespeed/settings.conf; - - # Add all default mime types and additional ones - include additional.types; - include mime.types; - - default_type application/octet-stream; - - client_body_temp_path /tmp/nginx/body 1 2; - fastcgi_temp_path /tmp/nginx/fastcgi_temp 1 2; - - # Include custom log formats - include log_formats.conf; - - # Allow bigger default file uploads - client_max_body_size ${NGINX_MAX_BODY_SIZE}; - - # Allow bigger body buffer size in memory - client_body_buffer_size ${NGINX_BODY_BUFFER_SIZE}; - - # Include custom nginx http additions from project - include ${NGINX_INCLUDE_DIR}/http/*.conf; - include ${NGINX_INCLUDE_DIR}/environments/${WP_ENV}/http/*.conf; - - # load upstreams from one file which can be overwritten depending on situation - include upstreams.conf; - - # Add few headers which make XSS harder - include security_headers.conf; - - # If ${PORT} != 80 means that we are behind reverse proxy as well - # This directive helps that we don't redirect clients into mysite.com:8080/resource type urls - port_in_redirect off; - - # Use theme assets straight from corresponding files for pagespeed - pagespeed ProcessScriptVariables on; - pagespeed LoadFromFile "$scheme://$host/app/themes/" "${WEB_ROOT}/app/themes/"; - pagespeed LoadFromFile "$scheme://$host/wp-content/themes/" "${WEB_ROOT}/wp/wp-content/themes/"; - - server { - # This is the default server for this container - listen ${PORT} default_server; - server_name _; - - root ${WEB_ROOT}; - - # Use index.php if it exists but also allow static websites in subfolders - index index.php index.html; - - access_log ${NGINX_ACCESS_LOG} custom; - - # Blocked log file - set $blocked_log /dev/stdout; - - disable_symlinks off; - - # Include custom nginx server additions from project - include ${NGINX_INCLUDE_DIR}/server/*.conf; - include ${NGINX_INCLUDE_DIR}/environments/${WP_ENV}/server/*.conf; - - # These variables are proxy conscious, so that they work even though we are behind reverse proxy - include proxy_real_variables.conf; - - # Include custom error pages - include error_pages.conf; - - # Own handling for WP-activate that for some very odd reason serves itself as 404. - location = /wp-activate.php { - try_files /wp/$uri @index; - - include fastcgi_settings.conf; - - # Append subfolder automatically - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - - # Give sane max execution time to frontend - fastcgi_read_timeout 30; - fastcgi_pass php-fpm; - } - - location = /robots.txt { - allow all; - log_not_found off; - access_log off; - try_files $uri @index; - } - - location = /favicon.ico { - allow all; - log_not_found off; - access_log off; - try_files $uri @index; - } - - # deny all dot-files including git - location ~ /\. { - deny all; - log_not_found off; - access_log off; - } - - location / { - try_files $uri $uri/ /wp/$uri /wp/$uri/ @index; - } - - # Static files - location ~* \.(css|js|jpe?g|gif|ico|png|otf|ttf|eot|woff?2|svg|webp)$ { - - ## Deny overriding Pagespeed - if ($arg_pagespeed != '') { access_log $blocked_log blocked; return 403; } - if ($arg_pagespeedspeedfilters != '') { access_log $blocked_log blocked; return 403; } - - include static_files.conf; - - # These files are probably exactly like $uri says but also try from /wp/ - try_files $uri /wp/$uri @index; - - # Deny requesting plain style.css from theme root directory - location ~ ^.*/themes/[^/]+/style\.css { - - # Preserve this url - pagespeed CssPreserveUrls true; - - # Minify and remove comments from css - pagespeed EnableFilters rewrite_css; - - # Wait that nginx has prepared the file - pagespeed InPlaceWaitForOptimized on; - - # Don't ever try to load non modified style.css - pagespeed InPlaceRewriteDeadlineMs 100000000; - - # Don't allow overriding pagespeed with pagespeed fixed urls - # Source: https://github.com/pagespeed/ngx_pagespeed/issues/1306 - location ~ ^(.*)/themes/([^/]+)/style.*pagespeed.* { - return 301 $1/themes/$2/style.css; - } - } - - ## - # Static WordPress files ~ wp-* - # These files are probably in /wp/ subfolder but also try from $uri - ## - location ~ ^wp- { - try_files /wp/$uri $uri @index; - } - } - - # App folder contains our plugins and themes - # We want to server assets from here but deny all php execution - location /app/ { - try_files $uri @index; - - ## - # Deny access into php files under /app/ - ## - location ~ \.php$ { - access_log $blocked_log blocked; - deny all; - } - } - - ## - # Run all php files from wp subfolder - # This is how wordpress is supposed to be run - # It also prevents direct access to possibly insecure code inside our plugins - ## - location ~ \.php$ { - try_files /wp/$uri @index; - - include fastcgi_settings.conf; - - # Append subfolder automatically - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - - # Handover 404 errors from php-fpm to WordPress - error_page 404 = @index; - - # Give sane max execution time to frontend - fastcgi_read_timeout ${NGINX_FASTCGI_TIMEOUT}; - fastcgi_pass php-fpm; - - ## Deny access to all php files in uploads folders - location ~* ^/uploads { access_log $blocked_log blocked; deny all; } - location ~* ^/content/uploads { access_log $blocked_log blocked; deny all; } - location ~* ^/wp-content/uploads { access_log $blocked_log blocked; deny all; } - - ## Fix Full Path Disclosures if display_errors is on - ## Don't allow straight access into core wp-includes - location ~* ^/wp-includes { access_log $blocked_log blocked; deny all; } - } - # Create purge location to empty fullpage cache - location ~ /purge(/.*) { - fastcgi_cache_purge WORDPRESS "$scheme$request_method$host$1"; - } - # Create health location for contena healthcheck - location /__health { - access_log off; - return 200; - } - - # Include redis interfaces /redis-fetch & /redis-store - # include cache/redis_backend.conf; - - location @index { - - ## Deny overriding Pagespeed - if ($arg_pagespeed != '') { access_log $blocked_log blocked; return 403; } - if ($arg_pagespeedspeedfilters != '') { access_log $blocked_log blocked; return 403; } - - # Use redis as proxy cache - #include cache/srcache.conf; - # Use fastcgi cache - include cache/fastcgicache.conf; - - # Fallback into php - include fastcgi_settings.conf; - fastcgi_param SCRIPT_FILENAME $document_root/index.php; - - # Give sane max execution time to frontend - fastcgi_read_timeout ${NGINX_FASTCGI_TIMEOUT}; - fastcgi_pass php-fpm; - } - - # WordPress is stupid - location = /wp-admin { rewrite ^ /wp-admin/ permanent; } - - location = / { - - ## Block hackers from enumerating users - if ( $arg_author ~ [0-9]+ ) { access_log $blocked_log blocked; return 403; } - - ## Deny overriding Pagespeed - if ($arg_pagespeed != '') { access_log $blocked_log blocked; return 403; } - if ($arg_pagespeedspeedfilters != '') { access_log $blocked_log blocked; return 403; } - - # Use redis as proxy cache - #include cache/srcache.conf; - # Use fastcgi cache - include cache/fastcgicache.conf; - - #Enable project spesific config to root block - include ${NGINX_INCLUDE_DIR}/environments/${WP_ENV}/root/*.conf; - - # Fallback into php - include fastcgi_settings.conf; - fastcgi_param SCRIPT_FILENAME $document_root/index.php; - - # Give sane max execution time to frontend - fastcgi_read_timeout ${NGINX_FASTCGI_TIMEOUT}; - fastcgi_pass php-fpm; - } - - # Prevent /wp/wp/wp/... rewrite loops - location ^~ /wp/ { - rewrite ^/wp/(.*)$ $1$is_args$args last; - } - - # Block some vulnerabilities always - include security.conf; - - # Include basic pagespeed locations like beacons - include pagespeed/locations.conf; - } - include ${NGINX_INCLUDE_DIR}/environments/${WP_ENV}/end/*.conf; -} diff --git a/ubuntu-7.4/rootfs/etc/nginx/pagespeed/locations.conf b/ubuntu-7.4/rootfs/etc/nginx/pagespeed/locations.conf deleted file mode 100644 index 46feb53..0000000 --- a/ubuntu-7.4/rootfs/etc/nginx/pagespeed/locations.conf +++ /dev/null @@ -1,7 +0,0 @@ -# Ensure requests for pagespeed optimized resources go to the pagespeed handler -# and no extraneous headers get set. -location ~ "\.pagespeed\.([a-z]\.)?[a-z]{2}\.[^.]{10}\.[^.]+" { - add_header "" ""; -} -location ~ "^/pagespeed_static/" { } -location ~ "^/ngx_pagespeed_beacon$" { } diff --git a/ubuntu-7.4/rootfs/etc/nginx/pagespeed/settings.conf b/ubuntu-7.4/rootfs/etc/nginx/pagespeed/settings.conf deleted file mode 100644 index be5a0a8..0000000 --- a/ubuntu-7.4/rootfs/etc/nginx/pagespeed/settings.conf +++ /dev/null @@ -1,13 +0,0 @@ -# Hide pagespeed version and provide this header instaed -pagespeed XHeaderValue "Enabled"; - -# Don't alter Cache-Control headers -pagespeed ModifyCachingHeaders off; - -# This is for pagespeed temporary files -# Needs to exist and be writable by nginx. Use tmpfs for best performance. -pagespeed FileCachePath /tmp/nginx/pagespeed; - -# Pagespeed sets default TTL from file to 300s, which is bad -# This sets the time to be 1 year -pagespeed LoadFromFileCacheTtlMs 2592000000; diff --git a/ubuntu-7.4/rootfs/etc/nginx/proxy_real_variables.conf b/ubuntu-7.4/rootfs/etc/nginx/proxy_real_variables.conf deleted file mode 100644 index e380f1f..0000000 --- a/ubuntu-7.4/rootfs/etc/nginx/proxy_real_variables.conf +++ /dev/null @@ -1,35 +0,0 @@ -## -# Set few variables since we use jwilder/nginx-proxy in dev and proxy in production -# So the fastcgi params need to be the original ones or you -# will have redirect loops ('canonical_redirect' mostly) -## - -# Set $host first from proxy (if possible) -set $real_host $http_x_forwarded_host; -if ($real_host = '') { - set $real_host $http_host; -} - -# Set server port according to forwarded proto -set $real_port 80; -if ($http_x_forwarded_proto = 'https') { - set $real_port 443; -} - -# Set https according to used proto -set $real_https off; -if ($http_x_forwarded_proto = 'https') { - set $real_https on; -} - -# Set scheme according to used proto -set $real_scheme 'http'; -if ($http_x_forwarded_proto = 'https') { - set $real_scheme 'https'; -} - -# Set original remote -set $real_remote $http_x_forwarded_for; -if ($real_remote = '') { - set $real_remote $remote_addr; -} diff --git a/ubuntu-7.4/rootfs/etc/nginx/security.conf b/ubuntu-7.4/rootfs/etc/nginx/security.conf deleted file mode 100644 index 24afdeb..0000000 --- a/ubuntu-7.4/rootfs/etc/nginx/security.conf +++ /dev/null @@ -1,27 +0,0 @@ -## Block SQL injections -location ~* union.*select.*\( { access_log $blocked_log blocked; return 403; } -location ~* union.*all.*select.* { access_log $blocked_log blocked; return 403; } -location ~* concat.*\( { access_log $blocked_log blocked; return 403; } - -## Block common exploits -location ~* (<|%3C).*script.*(>|%3E) { access_log $blocked_log blocked; return 403; } -location ~* base64_(en|de)code\(.*\) { access_log $blocked_log blocked; return 403; } -location ~* (%24&x) { access_log $blocked_log blocked; return 403; } -location ~* (%0|%A|%B|%C|%D|%E|%F|127\.0) { access_log $blocked_log blocked; return 403; } -location ~* \.\.\/ { access_log $blocked_log blocked; return 403; } -location ~* ~$ { access_log $blocked_log blocked; return 403; } -location ~* proc/self/environ { access_log $blocked_log blocked; return 403; } -location ~* /\.(htaccess|htpasswd|svn|git) { access_log $blocked_log blocked; return 403; } - -## Block file injections -location ~* [a-zA-Z0-9_]=(\.\.//?)+ { access_log $blocked_log blocked; return 403; } -location ~* [a-zA-Z0-9_]=/([a-z0-9_.]//?)+ { access_log $blocked_log blocked; return 403; } - -## wordpress security -location ~* wp-config.php { access_log $blocked_log blocked; return 403; } -location ~* wp-load.php { access_log $blocked_log blocked; return 403; } -location ~* wp-admin/includes { access_log $blocked_log blocked; return 403; } -location ~* wp-app\.log { access_log $blocked_log blocked; return 403; } -location ~* (licence|readme|license)\.(md|html|txt) { access_log $blocked_log blocked; return 403; } -location ~* composer.json { access_log $blocked_log blocked; return 403; } - diff --git a/ubuntu-7.4/rootfs/etc/nginx/security_headers.conf b/ubuntu-7.4/rootfs/etc/nginx/security_headers.conf deleted file mode 100644 index be78f67..0000000 --- a/ubuntu-7.4/rootfs/etc/nginx/security_headers.conf +++ /dev/null @@ -1,23 +0,0 @@ -## -# Security headers, source: https://gist.github.com/plentz/6737338 -## - -# config to don't allow the browser to render the page inside an frame or iframe -# and avoid clickjacking http://en.wikipedia.org/wiki/Clickjacking -# if you need to allow [i]frames, you can use SAMEORIGIN or even set an uri with ALLOW-FROM uri -# https://developer.mozilla.org/en-US/docs/HTTP/X-Frame-Options -add_header X-Frame-Options SAMEORIGIN; - -# when serving user-supplied content, include a X-Content-Type-Options: nosniff header along with the Content-Type: header, -# to disable content-type sniffing on some browsers. -# https://www.owasp.org/index.php/List_of_useful_HTTP_headers -# currently suppoorted in IE > 8 http://blogs.msdn.com/b/ie/archive/2008/09/02/ie8-security-part-vi-beta-2-update.aspx -# http://msdn.microsoft.com/en-us/library/ie/gg622941(v=vs.85).aspx -# 'soon' on Firefox https://bugzilla.mozilla.org/show_bug.cgi?id=471020 -add_header X-Content-Type-Options nosniff always; - -# This header enables the Cross-site scripting (XSS) filter built into most recent web browsers. -# It's usually enabled by default anyway, so the role of this header is to re-enable the filter for -# this particular website if it was disabled by the user. -# https://www.owasp.org/index.php/List_of_useful_HTTP_headers -add_header X-XSS-Protection "1; mode=block"; diff --git a/ubuntu-7.4/rootfs/etc/nginx/static_files.conf b/ubuntu-7.4/rootfs/etc/nginx/static_files.conf deleted file mode 100644 index fa9d42d..0000000 --- a/ubuntu-7.4/rootfs/etc/nginx/static_files.conf +++ /dev/null @@ -1,13 +0,0 @@ -# Use version numbers to bypass cache -# Try to cache as long as we can -expires max; - -## No need to bleed constant updates. Send the all shebang in one -## fell swoop. -tcp_nodelay off; - -## Set the OS file cache. -open_file_cache max=3000 inactive=120s; -open_file_cache_valid 45s; -open_file_cache_min_uses 2; -open_file_cache_errors off; diff --git a/ubuntu-7.4/rootfs/etc/nginx/upstreams.conf b/ubuntu-7.4/rootfs/etc/nginx/upstreams.conf deleted file mode 100644 index 395d445..0000000 --- a/ubuntu-7.4/rootfs/etc/nginx/upstreams.conf +++ /dev/null @@ -1,4 +0,0 @@ -# Default php handler -upstream php-fpm { - server unix:/var/run/php-fpm.sock; -} diff --git a/ubuntu-7.4/rootfs/etc/php/7.4/fpm/conf.d/blocked.ini b/ubuntu-7.4/rootfs/etc/php/7.4/fpm/conf.d/blocked.ini deleted file mode 100644 index 4142569..0000000 --- a/ubuntu-7.4/rootfs/etc/php/7.4/fpm/conf.d/blocked.ini +++ /dev/null @@ -1,4 +0,0 @@ -; Disable some functions because they allow bad/vulnerable patterns -; We want to advocate good coding practises and these functions make it difficult -; You can use these with php cli but not with php-fpm -disable_functions = exec,passthru,shell_exec,show_source,system,pcntl_exec,popen,posix_getpwuid,posix_kill,posix_mkfifo,posix_setpgid,posix_setsid,posix_setuid,posix_setuid,posix_uname,proc_nice,proc_open,proc_close,proc_get_status diff --git a/ubuntu-7.4/rootfs/etc/php/7.4/fpm/conf.d/common.ini b/ubuntu-7.4/rootfs/etc/php/7.4/fpm/conf.d/common.ini deleted file mode 100644 index 5600222..0000000 --- a/ubuntu-7.4/rootfs/etc/php/7.4/fpm/conf.d/common.ini +++ /dev/null @@ -1,4 +0,0 @@ -[PHP] - -; Don't brag that we have php 7.0 -expose_php = Off diff --git a/ubuntu-7.4/rootfs/etc/php/7.4/fpm/conf.d/limits.ini b/ubuntu-7.4/rootfs/etc/php/7.4/fpm/conf.d/limits.ini deleted file mode 100644 index 6ccc766..0000000 --- a/ubuntu-7.4/rootfs/etc/php/7.4/fpm/conf.d/limits.ini +++ /dev/null @@ -1,7 +0,0 @@ -; filesize, time and input limits -max_execution_time = ${NGINX_FASTCGI_TIMEOUT} -max_input_time = -1 -max_input_vars = ${PHP_MAX_INPUT_VARS} -memory_limit = ${PHP_MEMORY_LIMIT} -post_max_size = ${NGINX_MAX_BODY_SIZE} -upload_max_filesize = ${NGINX_MAX_BODY_SIZE} diff --git a/ubuntu-7.4/rootfs/etc/php/7.4/fpm/conf.d/logging.ini b/ubuntu-7.4/rootfs/etc/php/7.4/fpm/conf.d/logging.ini deleted file mode 100644 index 6db568d..0000000 --- a/ubuntu-7.4/rootfs/etc/php/7.4/fpm/conf.d/logging.ini +++ /dev/null @@ -1,4 +0,0 @@ -; Log all warnings and errors -error_log = ${PHP_ERROR_LOG} -log_level = ${PHP_ERROR_LOG_LEVEL} -log_errors_max_len = ${PHP_ERROR_MAX_LEN} diff --git a/ubuntu-7.4/rootfs/etc/php/7.4/fpm/conf.d/mail.ini b/ubuntu-7.4/rootfs/etc/php/7.4/fpm/conf.d/mail.ini deleted file mode 100644 index d54d6f8..0000000 --- a/ubuntu-7.4/rootfs/etc/php/7.4/fpm/conf.d/mail.ini +++ /dev/null @@ -1,3 +0,0 @@ -[PHP] -; Use msmtp to send mail instead of sendmail -sendmail_path = "/usr/sbin/sendmail" diff --git a/ubuntu-7.4/rootfs/etc/php/7.4/fpm/conf.d/opcache.ini b/ubuntu-7.4/rootfs/etc/php/7.4/fpm/conf.d/opcache.ini deleted file mode 100644 index 41a7d2a..0000000 --- a/ubuntu-7.4/rootfs/etc/php/7.4/fpm/conf.d/opcache.ini +++ /dev/null @@ -1,24 +0,0 @@ -; Enable php opcache to make site faster -; These are taken from: https://www.scalingphpbook.com/blog/2014/02/14/best-zend-opcache-settings.html -[opcache] -opcache.enable = 1 -opcache.enable_cli = 1 - -; Provides a faster mechanism for calling the deconstructors in your code at the end of a single request to speed up the response and recycle php workers so they're ready for the next incoming request faster. -opcache.fast_shutdown = 1 - -; Give plenty of memory for php process for caching the code -opcache.memory_consumption = ${PHP_OPCACHE_MAX_MEMORY} - -; Log into container output -opcache.error_log = /dev/stderr - -; Log opcache warnings -opcache.log_verbosity_level = 2 - -; PHP uses a technique called string interning to improve performance— so, for example, if you have the string "foobar" 1000 times in your code, internally PHP will store 1 immutable variable for this string and just use a pointer to it for the other 999 times you use it. -; This reserves 16MB to storing the most used strings -opcache.interned_strings_buffer = 16 -opcache.max_accelerated_files = ${PHP_OPCACHE_MAX_FILES} - - diff --git a/ubuntu-7.4/rootfs/etc/php/7.4/fpm/conf.d/opcache_invalidate.conf b/ubuntu-7.4/rootfs/etc/php/7.4/fpm/conf.d/opcache_invalidate.conf deleted file mode 100644 index d152afa..0000000 --- a/ubuntu-7.4/rootfs/etc/php/7.4/fpm/conf.d/opcache_invalidate.conf +++ /dev/null @@ -1,5 +0,0 @@ -; Don't revalidate php files in this container -opcache.validate_timestamps = 0 - -; We don't need to cache php comments into opcache -opcache.save_comments = 0 diff --git a/ubuntu-7.4/rootfs/etc/php/7.4/fpm/conf.d/sessions.ini b/ubuntu-7.4/rootfs/etc/php/7.4/fpm/conf.d/sessions.ini deleted file mode 100644 index d5fb56c..0000000 --- a/ubuntu-7.4/rootfs/etc/php/7.4/fpm/conf.d/sessions.ini +++ /dev/null @@ -1,6 +0,0 @@ -;;;;;;;;;;;;;;;;;;;;;;;;;; -; Define Session backend ; -;;;;;;;;;;;;;;;;;;;;;;;;;; -; These env can also contain redis as backend -session.save_handler = ${PHP_SESSION_HANDLER} -session.save_path = ${PHP_SESSION_SAVE_PATH} diff --git a/ubuntu-7.4/rootfs/etc/php/7.4/fpm/conf.d/timezone.ini b/ubuntu-7.4/rootfs/etc/php/7.4/fpm/conf.d/timezone.ini deleted file mode 100644 index dfb2fec..0000000 --- a/ubuntu-7.4/rootfs/etc/php/7.4/fpm/conf.d/timezone.ini +++ /dev/null @@ -1,2 +0,0 @@ -; Timezone from env formatted like 'Europe/Helsinki' -date.timezone = ${TZ} diff --git a/ubuntu-7.4/rootfs/etc/php/7.4/fpm/php-fpm.conf b/ubuntu-7.4/rootfs/etc/php/7.4/fpm/php-fpm.conf deleted file mode 100644 index 0f24199..0000000 --- a/ubuntu-7.4/rootfs/etc/php/7.4/fpm/php-fpm.conf +++ /dev/null @@ -1,35 +0,0 @@ -; Run this in foregroud so s6 can control it -daemonize = no - -; Log all warnings and errors -error_log = ${PHP_ERROR_LOG} -log_level = ${PHP_ERROR_LOG_LEVEL} - -[www] -user = ${WEB_USER} -group = ${WEB_GROUP} -listen = /var/run/php-fpm.sock -listen.owner = ${WEB_USER} -listen.group = ${WEB_GROUP} -pm = dynamic - -; Total RAM dedicated to the web server / Max child process size -pm.max_children = 30 - -pm.start_servers = 1 -pm.min_spare_servers = 1 -pm.max_spare_servers = 5 - -; Redirect worker stdout and stderr into main error log. If not set, stdout and -; stderr will be redirected to /dev/null according to FastCGI specs. -; Default Value: no -catch_workers_output = yes - -; Project web root -chdir = ${WEB_ROOT} - -pm.process_idle_timeout = 10s -pm.max_requests = 500 - -; Include extra configs -include=/etc/php/7.4/fpm/php-fpm.d/*.conf \ No newline at end of file diff --git a/ubuntu-7.4/rootfs/etc/php/7.4/fpm/php-fpm.d/preserve-env.conf b/ubuntu-7.4/rootfs/etc/php/7.4/fpm/php-fpm.d/preserve-env.conf deleted file mode 100644 index 956d8ff..0000000 --- a/ubuntu-7.4/rootfs/etc/php/7.4/fpm/php-fpm.d/preserve-env.conf +++ /dev/null @@ -1,3 +0,0 @@ -; Just use all envs from system when php-fpm starts -; By default php-fpm flushes all envs and they need to be whitelisted -clear_env = no diff --git a/ubuntu-7.4/rootfs/etc/services.d/cron/run b/ubuntu-7.4/rootfs/etc/services.d/cron/run deleted file mode 100644 index 444e2b9..0000000 --- a/ubuntu-7.4/rootfs/etc/services.d/cron/run +++ /dev/null @@ -1,4 +0,0 @@ -#!/usr/bin/with-contenv sh -echo "[services.d] started cron daemon" -# Runs cron daemon in foreground -cron -l 2 -f diff --git a/ubuntu-7.4/rootfs/etc/services.d/nginx/run b/ubuntu-7.4/rootfs/etc/services.d/nginx/run deleted file mode 100755 index ef92c7d..0000000 --- a/ubuntu-7.4/rootfs/etc/services.d/nginx/run +++ /dev/null @@ -1,4 +0,0 @@ -#!/usr/bin/with-contenv sh - -# Run nginx always in foreground -exec nginx -g "daemon off;" diff --git a/ubuntu-7.4/rootfs/etc/services.d/php-fpm/run b/ubuntu-7.4/rootfs/etc/services.d/php-fpm/run deleted file mode 100644 index d12be22..0000000 --- a/ubuntu-7.4/rootfs/etc/services.d/php-fpm/run +++ /dev/null @@ -1,53 +0,0 @@ -#!/usr/bin/with-contenv bash - -## -# Check which kind of session backend we should be using -## -if [ -z "$PHP_SESSION_SAVE_PATH" ]; then - echo "[php-fpm] configuring php-fpm session backend..." - - # Use 'files' as default session handler - export PHP_SESSION_HANDLER=${PHP_SESSION_HANDLER-files} - - case "$PHP_SESSION_HANDLER" in - - files) - mkdir -p /tmp/php - chown $WEB_USER:$WEB_GROUP /tmp/php - - # export new env for php-fpm - export PHP_SESSION_SAVE_PATH='/tmp/php' - ;; - redis) - # Set defaults - REDIS_HOST=${REDIS_HOST-$REDIS_1_PORT_6379_TCP_ADDR} - REDIS_PORT=${REDIS_PORT-6379} - REDIS_SCHEME=${REDIS_SCHEME-tcp} - REDIS_PHP_SESSION_HOST=${REDIS_PHP_SESSION_HOST-$REDIS_1_PORT_6379_TCP_ADDR} - - # After this time php-fpm will timeout from requesting session data - PHP_SESSION_REDIS_TIMEOUT=${PHP_SESSION_REDIS_TIMEOUT-5} - - PHP_SESSION_REDIS_PARAMS="timeout=$PHP_SESSION_REDIS_TIMEOUT" - - # Set these only if they are not 0 and '' because they add complexity for the query - if [ "$PHP_SESSION_REDIS_DB" != "" ]; then - PHP_SESSION_REDIS_PARAMS+="&database=$PHP_SESSION_REDIS_DB" - fi - if [ "$REDIS_PASSWORD" != "" ]; then - PHP_SESSION_REDIS_PARAMS+="&auth=$REDIS_PASSWORD" - fi - if [ "$PHP_SESSION_REDIS_PREFIX" != "" ]; then - PHP_SESSION_REDIS_PARAMS+="&prefix=$PHP_SESSION_REDIS_PREFIX" - fi - - # export new env for php-fpm - export PHP_SESSION_SAVE_PATH="$REDIS_SCHEME://$REDIS_PHP_SESSION_HOST:$REDIS_PORT?$PHP_SESSION_REDIS_PARAMS" - ;; - esac -fi -echo "[php-fpm] using $PHP_SESSION_SAVE_PATH for php sessions..." - -echo "[php-fpm] started php-fpm" -exec php-fpm -c /etc/php/7.4/fpm/php.ini --fpm-config /etc/php/7.4/fpm/php-fpm.conf --pid /var/run/php-fpm.pid - diff --git a/ubuntu-7.4/rootfs/usr/bin/wp b/ubuntu-7.4/rootfs/usr/bin/wp deleted file mode 100755 index e138ef0..0000000 --- a/ubuntu-7.4/rootfs/usr/bin/wp +++ /dev/null @@ -1,12 +0,0 @@ -#!/usr/bin/env bash -## -# WP-cli wrapper: Append path automatically so that user doesn't have to -## -if [ "$(whoami)" = "root" ]; then - # Run as wordpress user instead - # This helps that we don't install things as root - # Or run 3rd party code as root - gosu $WEB_USER /usr/local/bin/wp-cli "$@" --path=$WP_CORE -else - /usr/local/bin/wp-cli "$@" --path=$WP_CORE -fi diff --git a/ubuntu-7.4/rootfs/usr/local/bin/phinx b/ubuntu-7.4/rootfs/usr/local/bin/phinx deleted file mode 100755 index 854aa2f..0000000 --- a/ubuntu-7.4/rootfs/usr/local/bin/phinx +++ /dev/null @@ -1,27 +0,0 @@ -#!/usr/bin/env bash -## -# Phinx wrapper -# You need to install phinx through composer first -## - -# Export database host in prod and dev -if [ ! -z "$MYSQL_HOST" ]; then - export PHINX_DBHOST=$MYSQL_HOST -elif [ ! -z "$DB_HOST" ]; then - export PHINX_DBHOST=$DB_HOST -elif [ ! -z "$DB_PORT_3306_TCP_ADDR" ]; then - export PHINX_DBHOST=$DB_PORT_3306_TCP_ADDR -else - echo "ERROR: You need to set DB_HOST!" -fi - -# Export phinx envs -# Default to MYSQL_ envs but fallback to DB_ -export PHINX_DBPORT=${MYSQL_PORT-$DB_PORT} -export PHINX_DBNAME=${MYSQL_DATABASE-$DB_NAME} -export PHINX_DBUSER=${MYSQL_USER-$DB_USER} -export PHINX_DBPASSWORD=${MYSQL_PWD-$DB_PASSWORD} -export PHINX_ENVIRONMENT=$WP_ENV - -# Run phinx -php $PROJECT_ROOT/vendor/bin/phinx $@ diff --git a/ubuntu-7.4/rootfs/usr/local/bin/print-smtp-password b/ubuntu-7.4/rootfs/usr/local/bin/print-smtp-password deleted file mode 100755 index f59d906..0000000 --- a/ubuntu-7.4/rootfs/usr/local/bin/print-smtp-password +++ /dev/null @@ -1,5 +0,0 @@ -#!/bin/bash -# This is so that we can use msmtp without /etc/msmtprc config file -# msmtp doesn't have --password option and it only has --passwordeval option -# We use this script so that we can use it in passwordeval -echo $SMTP_PASSWORD diff --git a/ubuntu-7.4/rootfs/usr/local/bin/wp-run-cron b/ubuntu-7.4/rootfs/usr/local/bin/wp-run-cron deleted file mode 100755 index e5c4aa8..0000000 --- a/ubuntu-7.4/rootfs/usr/local/bin/wp-run-cron +++ /dev/null @@ -1,42 +0,0 @@ -#!/bin/bash -# Copyright © 2015 Bjørn Johansen -# This work is free. You can redistribute it and/or modify it under the -# terms of the Do What The Fuck You Want To Public License, Version 2, -# as published by Sam Hocevar. See http://www.wtfpl.net/ for more details. -# Source: https://bjornjohansen.no/wordpress-cron-wp-cli -# Github: https://gist.github.com/bjornjohansen/a00a9fee5475c4dadb56#file-run-wp-cron-sh - -# This is modified for our container. In this container you don't need to use --path -# because it's automatically included - -# Check if WP-CLI is available -if ! hash wp 2>/dev/null; then - echo "[wp-cron] ERROR: WP-CLI is not available" - exit -fi - -# If WordPress isn’t installed here, we bail -if ! wp core is-installed --quiet >> /dev/null; then - echo "[wp-cron] ERROR: WordPress is not installed here: ${WP_CORE}" - exit -fi - -# Get a list of site URLs -if wp core is-installed --quiet --network >> /dev/null; -then - SITE_URLS=`wp site list --fields=url --archived=0 --deleted=0 --format=csv | sed 1d` -else - SITE_URLS=(`wp option get siteurl`) -fi - -# Loop through all the sites -for SITE_URL in $SITE_URLS -do - # replaced loop with better solution - wp cron event run --due-now --url="$SITE_URL" - # Run all event hooks that are due - #for EVENT_HOOK in $(wp cron event list --format=csv --fields=hook,next_run_relative --url="$SITE_URL" | grep now$ | awk -F ',' '{print $1}') - #do - # wp cron event run "$EVENT_HOOK" --url="$SITE_URL" --quiet - #done -done diff --git a/ubuntu-7.4/rootfs/usr/sbin/sendmail b/ubuntu-7.4/rootfs/usr/sbin/sendmail deleted file mode 100755 index ec8c40f..0000000 --- a/ubuntu-7.4/rootfs/usr/sbin/sendmail +++ /dev/null @@ -1,66 +0,0 @@ -#!/bin/bash -## -# This is custom wrapper for msmtp which acts like good old sendmail -# - It is used for php and cron -# - This is easier to configure for external mail server than sendmail -# - sendmail is just the default binary which other services will use -# - It needs following env: SMTP_HOST, SMTP_PASSWORD, SMTP_PORT, SMTP_AUTH, SMTP_USER -## - -# Deduce all used msmtp options from system ENVs -declare -a options - -# Act like sendmail -options+=("-t") - -# Use system tls chain -options+=("--tls-trust-file=/etc/ssl/certs/ca-certificates.crt") - -if [ -n "$SMTP_HOST" ]; then - options+=("--host=$SMTP_HOST") -else - echo "[mail error] SMTP_HOST is not defined, mail can't be sent" - exit 1 -fi - -# Log all mail requests -# try /var/log/mail/sent.log but use stdout when logfile is not available -if [ -n "$SMTP_LOG" ]; then - options+=("--logfile=$SMTP_LOG") -elif [ -f /var/log/mail/sent.log ]; then - options+=("--logfile=/var/log/mail/sent.log") -fi - -if [ -n "$SMTP_FROM" ]; then - options+=("--from=$SMTP_FROM") -fi - -# Default port for smtp is 25 and it will work even without this option -if [ -n "$SMTP_PORT" ]; then - options+=("--port=$SMTP_PORT") -fi - -# Setup credentials -if [ -n "$SMTP_USER" ]; then - options+=("--user=$SMTP_USER") -fi - -# msmtp doesn't provide password option because usually it's unsafe -# Use local hack for passwordeval -if [ -n "$SMTP_PASSWORD" ]; then - options+=("--passwordeval=/usr/local/bin/print-smtp-password") -fi - - -if [ -n "$SMTP_AUTH" ]; then - options+=("--auth=$SMTP_AUTH") -elif [ -n "$SMTP_USER" ] || [ -n "$SMTP_PASSWORD" ]; then - options+=("--auth=on") -fi - -if [ -n "$SMTP_TLS" ]; then - options+=("--tls=$SMTP_TLS") -fi - -# Add our options and command line options for msmtp -msmtp ${options[@]} "$@" diff --git a/ubuntu-7.4/rootfs/usr/share/nginx/html/403.html b/ubuntu-7.4/rootfs/usr/share/nginx/html/403.html deleted file mode 100644 index 3f85394..0000000 --- a/ubuntu-7.4/rootfs/usr/share/nginx/html/403.html +++ /dev/null @@ -1,95 +0,0 @@ - - - - - - -403 Forbidden - - - - - - - - -
-
-

403 Forbidden

-

Sorry! You don't have access permissions for that on .

-

Take Me To The Homepage - -

-
-
-
-
-
-
-

What happened?

-

A 403 error status indicates that you don't have permission to access the file or page. In general, web servers and websites have directories and files that are not open to the public web for security reasons.

-
-
-

What can I do?

-

If you're a site visitor

-

Please use your browsers back button and check that you're in the right place. If you need immediate assistance, please send us an email instead.

-

If you're the site owner

-

Please check that you're in the right place and get in touch with your website provider if you believe this to be an error.

-
-
-
-
- - - - - - - diff --git a/ubuntu-7.4/rootfs/usr/share/nginx/html/500.html b/ubuntu-7.4/rootfs/usr/share/nginx/html/500.html deleted file mode 100644 index e5fac20..0000000 --- a/ubuntu-7.4/rootfs/usr/share/nginx/html/500.html +++ /dev/null @@ -1,89 +0,0 @@ - - - - - - -500 Internal Server Error - - - - - - - - -
- -
-

500 Internal Server Error

-

The web server is returning an internal error for .

- Try This Page Again -
-
-
-
-
-
-

What happened?

-

A 500 error status implies there is a problem with the web server's software causing it to malfunction.

-
-
-

What can I do?

-

If you're a site visitor

-

Nothing you can do at the moment. If you need immediate assistance, please send us an email instead. We apologize for any inconvenience.

-

If you're the site owner

-

This error can only be fixed by server admins, please contact your website provider.

-
-
-
-
- - - - - - - diff --git a/ubuntu-7.4/rootfs/usr/share/nginx/html/502.html b/ubuntu-7.4/rootfs/usr/share/nginx/html/502.html deleted file mode 100644 index e7d79c1..0000000 --- a/ubuntu-7.4/rootfs/usr/share/nginx/html/502.html +++ /dev/null @@ -1,98 +0,0 @@ - - - - - - - -502 Bad Gateway - - - - - - - - -
- -
-

502 Bad Gateway

-

The web server is returning an unexpected networking error for .

- Try This Page Again -
-
-
-
-
-
-

What happened?

-

A 502 error status implies that that the server received an invalid response from an upstream server it accessed to fulfill the request.

-
-
-

What can I do?

-

If you're a site visitor

-

Check to see if this website down for everyone or just you. -

-

Also, clearing your browser cache and refreshing the page may clear this issue. If the problem persists and you need immediate assistance, please send us an email instead.

-

If you're the site owner

-

Clearing your browser cache and refreshing the page may clear this issue. If the problem persists and you need immediate assistance, please contact your website provider.

-
-
-
-
- - - - - - - - diff --git a/ubuntu-7.4/rootfs/usr/share/nginx/html/504.html b/ubuntu-7.4/rootfs/usr/share/nginx/html/504.html deleted file mode 100644 index f37b919..0000000 --- a/ubuntu-7.4/rootfs/usr/share/nginx/html/504.html +++ /dev/null @@ -1,100 +0,0 @@ - - - - - - - -504 Gateway Timeout - - - - - - - - -
- -
-

504 Gateway Timeout

-

The web server is returning an unexpected networking error for .

- Try This Page Again -
-
-
-
- - -
-
-

What happened?

-

A 504 error status implies there is a slow IP communication problem between back-end servers attempting to fulfill this request.

-
-
-

What can I do?

-

If you're a site visitor

-

Check to see if this website down for everyone or just you. -

-

Also, clearing your browser cache and refreshing the page may clear this issue. If the problem persists and you need immediate assistance, please send us an email instead.

-

If you're the site owner

-

Clearing your browser cache and refreshing the page may clear this issue. If the problem persists and you need immediate assistance, please contact your website provider.

-
-
-
-
- - - - - - - - diff --git a/ubuntu-7.4/Dockerfile b/ubuntu-8.1/Dockerfile similarity index 68% rename from ubuntu-7.4/Dockerfile rename to ubuntu-8.1/Dockerfile index 7336b08..dce2f17 100644 --- a/ubuntu-7.4/Dockerfile +++ b/ubuntu-8.1/Dockerfile @@ -1,4 +1,4 @@ -FROM devgeniem/ubuntu-docker-openresty-pagespeed:edge +FROM devgeniem/ubuntu-docker-openresty-pagespeed:shibboleth MAINTAINER Ville Pietarinen - Geniem Oy ## @@ -29,38 +29,43 @@ RUN \ build-essential \ && apt-get update \ && apt-get -y --no-install-recommends install \ - php7.4-dev \ - php7.4-cli \ - php7.4-common \ - php7.4-apcu \ - # php7.4-apcu-bc \ - php7.4-curl \ - php7.4-json \ - php7.4-opcache \ - php7.4-readline \ - php7.4-xml \ - php7.4-zip \ - php7.4-fpm \ - # php7.4-redis \ - php7.4-mongodb \ - php7.4-mysqli \ - php7.4-intl \ - php7.4-gd \ - php7.4-mbstring \ - php7.4-soap \ - php7.4-bcmath \ - php7.4-curl \ - php7.4-ldap \ + php8.1-dev \ + php8.1-cli \ + php8.1-common \ + php8.1-apcu \ + php8.1-curl \ + php8.1-opcache \ + php8.1-readline \ + php8.1-xml \ + php8.1-zip \ + php8.1-fpm \ + php8.1-mongodb \ + php8.1-mysqli \ + php8.1-intl \ + php8.1-gd \ + php8.1-mbstring \ + php8.1-soap \ + php8.1-bcmath \ + php8.1-ldap \ + php8.1-imagick \ php-pear \ + libssh2-1 \ + libssh2-1-dev \ + autoconf \ + pkg-config \ + && pecl install redis \ + && printf "\n" | pecl install -f ssh2 \ + && echo "extension=ssh2.so" > /etc/php/8.1/mods-available/ssh2.ini \ + && phpenmod -v 8.1 -s ALL ssh2 \ # Force install only cron without extra mailing dependencies && cd /tmp \ && apt-get download cron \ && dpkg --force-all -i cron*.deb \ && mkdir -p /var/spool/cron/crontabs \ # Cleanup - && apt-get clean \ - && apt-get autoremove \ + && apt-get -y clean \ + && apt-get -y autoremove \ && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* /usr/share/doc/* /var/log/apt/* /var/log/*.log @@ -99,8 +104,9 @@ COPY rootfs/ / RUN set -x \ && mkdir -p /var/www/uploads \ && mkdir -p /tmp/php-opcache \ - && ln -sf /usr/sbin/php-fpm7.4 /usr/sbin/php-fpm \ + && ln -sf /usr/sbin/php-fpm8.1 /usr/sbin/php-fpm \ && ln -sf /usr/bin/wp /usr/local/bin/wp + # This is for your project root ENV PROJECT_ROOT="/var/www/project" @@ -110,8 +116,6 @@ ENV \ # Set defaults which can be overriden MYSQL_PORT="3306" \ # Use default web port in nginx but allow it to be overridden - # This also works correctly with flynn: - # https://github.com/flynn/flynn/issues/3213#issuecomment-237307457 PORT="8080" \ # Use custom users for nginx and php-fpm WEB_USER="wordpress" \ @@ -127,14 +131,20 @@ ENV \ # This variable uses seconds by default # Time units supported are "s"(seconds), "ms"(milliseconds), "y"(years), "M"(months), "w"(weeks), "d"(days), "h"(hours), and "m"(minutes). # Also http response codes that are cached can be set - NGINX_REDIS_CACHE_TTL_DEFAULT="200 301 302 1m" \ - NGINX_REDIS_CACHE_TTL_MAX="4h" \ + NGINX_FASTCGI_CACHE_VALID="200 404 1m" \ # Default fastcgi cache directory - NGINX_CACHE_DIRECTORY="/tmp/nginx/fullpage" \ + NGINX_FASTCGI_CACHE_DIRECTORY="/tmp/nginx/fullpage" \ + # Default fastcgi cache size + NGINX_FASTCGI_CACHE_MAX_SIZE="1000m" \ # Default operations when fastcgi stale cache is used - NGINX_CACHE_USE_STALE="error timeout invalid_header updating http_500 http_503 http_403 http_404 http_429" \ + NGINX_FASTCGI_CACHE_USE_STALE="error timeout invalid_header updating http_500 http_503 http_403 http_404 http_429" \ # Default headers for fastcgi stale- and error cache + NGINX_FASTCGI_CACHE_CONTROL='"max-age=60, stale-while-revalidate=300, stale-if-error=21600"'\ NGINX_CACHE_CONTROL='"max-age=60, stale-while-revalidate=300, stale-if-error=21600"'\ + #Default time for fastcgi cache path inactive attribute + NGINX_FASTCGI_CACHE_INACTIVE="730h" \ + #Fastcgi default value for updating cache on background + NGINX_FASTCGI_CACHE_BACKGROUND_UPDATE="on" \ # Cronlock is used to stop simultaneous cronjobs in clusterised environments CRONLOCK_HOST="" \ # This is used by nginx and php-fpm @@ -144,9 +154,9 @@ ENV \ # Nginx include files NGINX_INCLUDE_DIR="/var/www/project/nginx" \ # Allow bigger file uploads - NGINX_MAX_BODY_SIZE="10M" \ + NGINX_MAX_BODY_SIZE="20M" \ # Allow storing bigger body in memory - NGINX_BODY_BUFFER_SIZE="32k" \ + NGINX_BODY_BUFFER_SIZE="10M" \ # Have sane fastcgi timeout by default NGINX_FASTCGI_TIMEOUT="30" \ # Have sane fastcgi timeout by default @@ -155,8 +165,8 @@ ENV \ NGINX_ERROR_LOG="/dev/stderr" \ # Have sane fastcgi timeout by default NGINX_ACCESS_LOG="/dev/stdout" \ - # Default cache key for nginx http cache - NGINX_CACHE_KEY='wp_:nginx:$real_scheme$request_method$host$request_uri' \ + # Intercepted and redirect error greater than 300 to nginx for processing + FASTCGI_INTERCEPT_ERRORS="on" \ # PHP settings PHP_MEMORY_LIMIT="128M" \ PHP_MAX_INPUT_VARS="1000" \ @@ -165,13 +175,19 @@ ENV \ PHP_ERROR_LOG_MAX_LEN="8192" \ PHP_SESSION_REDIS_DB="0" \ PHP_SESSION_HANDLER="files" \ + PHP_PM_MODE="dynamic" \ + PHP_PM_MAX_CHILDREN="25" \ + PHP_PM_START_SERVERS="8" \ + PHP_PM_MIN_SPARE_SERVERS="4" \ + PHP_PM_MAX_SPARE_SERVERS="8" \ + PHP_DISABLE_FUNCTIONS="exec,passthru,shell_exec,show_source,system,pcntl_exec,popen,posix_getpwuid,posix_kill,posix_mkfifo,posix_setpgid,posix_setsid,posix_setuid,posix_setuid,posix_uname,proc_nice,proc_open,proc_close,proc_get_status" \ # You should count the *.php files in your project and set this number to be bigger # $ find . -type f -print | grep php | wc -l PHP_OPCACHE_MAX_FILES="8000" \ # Amount of memory in MB to allocate for opcache PHP_OPCACHE_MAX_MEMORY="128" \ # Use host machine as default SMTP_HOST - SMTP_HOST="172.17.2.1" \ + SMTP_HOST="" \ # This folder is used to mount files into host machine # You should use this path for your uploads since everything else should be ephemeral UPLOADS_ROOT="/var/www/uploads" \ @@ -181,8 +197,15 @@ ENV \ # Make sure that all files here have execute permissions RUN dpkg-reconfigure tzdata && \ chmod +x /etc/cont-init.d/* + +# Install socklog-overlay +ADD https://github.com/just-containers/socklog-overlay/releases/download/v3.1.0-2/socklog-overlay-amd64.tar.gz /tmp/ +RUN tar xzf /tmp/socklog-overlay-amd64.tar.gz -C / +RUN rm /tmp/socklog-overlay-amd64.tar.gz +RUN echo '+\n1' > /etc/socklog.rules/forward-stdout +RUN echo 'LANG="en_US.UTF-8"' > /etc/default/locale + # Set default path to project folder for easier running commands in project WORKDIR ${PROJECT_ROOT} EXPOSE ${PORT} ENTRYPOINT ["/init"] - diff --git a/ubuntu-7.0/rootfs/etc/ImageMagick b/ubuntu-8.1/rootfs/etc/ImageMagick similarity index 100% rename from ubuntu-7.0/rootfs/etc/ImageMagick rename to ubuntu-8.1/rootfs/etc/ImageMagick diff --git a/ubuntu-7.0/rootfs/etc/cont-init.d/00-render-templates b/ubuntu-8.1/rootfs/etc/cont-init.d/00-render-templates similarity index 77% rename from ubuntu-7.0/rootfs/etc/cont-init.d/00-render-templates rename to ubuntu-8.1/rootfs/etc/cont-init.d/00-render-templates index fbcacc0..12a0dee 100755 --- a/ubuntu-7.0/rootfs/etc/cont-init.d/00-render-templates +++ b/ubuntu-8.1/rootfs/etc/cont-init.d/00-render-templates @@ -29,8 +29,9 @@ echo "[cont-init.d] Substituting env into configuration files..." ## # Nginx doesn't support env variables in config files so we will have to do this in hacky way instead ## -VARS='$PORT:$WEB_ROOT:$WEB_USER:$WEB_GROUP:$NGINX_ACCESS_LOG:$NGINX_ERROR_LOG:$NGINX_ERROR_LEVEL:$NGINX_INCLUDE_DIR:$NGINX_MAX_BODY_SIZE:$NGINX_BODY_BUFFER_SIZE:$NGINX_FASTCGI_TIMEOUT:$WP_ENV:$NGINX_CACHE_KEY' +VARS='$PORT:$WEB_ROOT:$WEB_USER:$WEB_GROUP:$NGINX_ACCESS_LOG:$NGINX_ERROR_LOG:$NGINX_ERROR_LEVEL:$NGINX_INCLUDE_DIR:$NGINX_MAX_BODY_SIZE:$NGINX_BODY_BUFFER_SIZE:$NGINX_FASTCGI_TIMEOUT:$FASTCGI_INTERCEPT_ERRORS:$WP_ENV' render_env_tmpl "$VARS" /etc/nginx/nginx.conf +render_env_tmpl "$VARS" /etc/nginx/fastcgi_settings.conf ## # Redis cache needs to know the redis instance and credentials @@ -47,20 +48,20 @@ export REDIS_CACHE_TTL=${REDIS_CACHE_TTL-14400} VARS+='$AWS_S3_BUCKET_NAME:AWS_S3_REPLICA_BUCKET_NAME' # Add Redis variables -VARS+='$REDIS_HOST:$REDIS_PORT:$REDIS_DATABASE:$REDIS_PASSWORD:$NGINX_REDIS_CACHE_TTL_MAX:$NGINX_REDIS_CACHE_TTL_DEFAULT:$NGINX_REDIS_CACHE_PREFIX' +VARS+='$REDIS_HOST:$REDIS_PORT:$REDIS_DATABASE:$REDIS_PASSWORD' # Add image proxy variables VARS+='$GOOGLE_CLOUD_STORAGE_BUCKET_NAME' # Add cache variables -VARS+='$NGINX_CACHE_USE_STALE:$NGINX_CACHE_CONTROL:$NGINX_CACHE_DIRECTORY' +VARS+='$NGINX_FASTCGI_CACHE_VALID:$NGINX_FASTCGI_CACHE_VALID_2:$NGINX_FASTCGI_CACHE_VALID_3:$NGINX_FASTCGI_CACHE_VALID_4:$NGINX_FASTCGI_CACHE_VALID_5:$NGINX_FASTCGI_CACHE_MAX_SIZE:$NGINX_FASTCGI_CACHE_INACTIVE:$NGINX_FASTCGI_CACHE_BACKGROUND_UPDATE:$NGINX_CACHE_USE_STALE:$NGINX_FASTCGI_CACHE_CONTROL:$NGINX_FASTCGI_CACHE_DIRECTORY:$NGINX_FASTCGI_CACHE_USE_STALE' -render_env_tmpl "$VARS" /etc/nginx/cache/redis_backend.conf - -render_env_tmpl "$VARS" /etc/nginx/cache/srcache.conf +render_env_tmpl "$VARS" /etc/nginx/cache/helper_variables.conf render_env_tmpl "$VARS" /etc/nginx/cache/fastcgicache_settings.conf render_env_tmpl "$VARS" /etc/nginx/cache/fastcgicache_skip_rules.conf +render_env_tmpl "$VARS" /etc/nginx/cache/fastcgicache_headers.conf + ## # Render all user provided nginx templates ## @@ -76,8 +77,7 @@ for conf_file in $(find $NGINX_INCLUDE_DIR -type f -name '*.tmpl'); do done # Encrypt basic auth password if it set -if [[ -z "${BASIC_AUTH_PASSWORD}" ]]; -then +if [ -z "$BASIC_AUTH_PASSWORD" ]; then echo "Not encrypting BASIC_AUTH_PASSWORD..." else BASIC_AUTH_PASSWORD_HASH=$(openssl passwd -crypt $BASIC_AUTH_PASSWORD) diff --git a/ubuntu-7.0/rootfs/etc/cont-init.d/01-create-web-user b/ubuntu-8.1/rootfs/etc/cont-init.d/01-create-web-user similarity index 100% rename from ubuntu-7.0/rootfs/etc/cont-init.d/01-create-web-user rename to ubuntu-8.1/rootfs/etc/cont-init.d/01-create-web-user diff --git a/ubuntu-7.0/rootfs/etc/cont-init.d/02-init-crond b/ubuntu-8.1/rootfs/etc/cont-init.d/02-init-crond similarity index 100% rename from ubuntu-7.0/rootfs/etc/cont-init.d/02-init-crond rename to ubuntu-8.1/rootfs/etc/cont-init.d/02-init-crond diff --git a/ubuntu-7.0/rootfs/etc/cont-init.d/02-init-directories-and-files b/ubuntu-8.1/rootfs/etc/cont-init.d/02-init-directories-and-files similarity index 100% rename from ubuntu-7.0/rootfs/etc/cont-init.d/02-init-directories-and-files rename to ubuntu-8.1/rootfs/etc/cont-init.d/02-init-directories-and-files diff --git a/ubuntu-7.1/rootfs/etc/nginx/additional.types b/ubuntu-8.1/rootfs/etc/nginx/additional.types similarity index 60% rename from ubuntu-7.1/rootfs/etc/nginx/additional.types rename to ubuntu-8.1/rootfs/etc/nginx/additional.types index ac8070e..a2a8bb3 100644 --- a/ubuntu-7.1/rootfs/etc/nginx/additional.types +++ b/ubuntu-8.1/rootfs/etc/nginx/additional.types @@ -1,6 +1,8 @@ +# JUNE 2020 -> This is disabled because new nginx already has this +# # If developers add .woff2 type font files we should provide good Content-Type headers -types { +#types { # Add mime support for woff2 # http://stackoverflow.com/questions/28235550/proper-mime-type-for-woff2-fonts - font/woff2 woff2; -} +# font/woff2 woff2; +#} diff --git a/ubuntu-8.1/rootfs/etc/nginx/cache/fastcgicache.conf b/ubuntu-8.1/rootfs/etc/nginx/cache/fastcgicache.conf new file mode 100644 index 0000000..7d93b52 --- /dev/null +++ b/ubuntu-8.1/rootfs/etc/nginx/cache/fastcgicache.conf @@ -0,0 +1,14 @@ +## +# Add few rules which deny using cache +## +include cache/fastcgicache_skip_rules.conf; +include cache/helper_variables.conf; +fastcgi_cache_bypass $skip_cache $cookie_nocache; +fastcgi_no_cache $skip_cache $cookie_nocache; + +fastcgi_cache WORDPRESS; +#fastcgi_hide_header Expires; +#fastcgi_hide_header Cache-Control; +fastcgi_ignore_headers Set-Cookie Expires; + + diff --git a/ubuntu-8.1/rootfs/etc/nginx/cache/fastcgicache_headers.conf b/ubuntu-8.1/rootfs/etc/nginx/cache/fastcgicache_headers.conf new file mode 100644 index 0000000..418e116 --- /dev/null +++ b/ubuntu-8.1/rootfs/etc/nginx/cache/fastcgicache_headers.conf @@ -0,0 +1,17 @@ +# Add header for easier cache debugging +add_header X-Cache $upstream_cache_status always; + +# Add header to force cache rule from project +add_header 'Cache-Control' ${NGINX_FASTCGI_CACHE_CONTROL}; + +# If you need to debug the cache mode, uncomment the following line +add_header X-cache-mode $cachemode; + +# Cache state +add_header X-Cache-State $state; + +# Cache key +add_header X-Cache-Key $scheme$request_method$host$request_uri$state; + +# Add skip reason +add_header X-Skip-Reason $skip_reason; \ No newline at end of file diff --git a/ubuntu-8.1/rootfs/etc/nginx/cache/fastcgicache_settings.conf b/ubuntu-8.1/rootfs/etc/nginx/cache/fastcgicache_settings.conf new file mode 100644 index 0000000..f9be5bf --- /dev/null +++ b/ubuntu-8.1/rootfs/etc/nginx/cache/fastcgicache_settings.conf @@ -0,0 +1,13 @@ +## +# Basic settings of Fast cgi cache +## +fastcgi_cache_path ${NGINX_FASTCGI_CACHE_DIRECTORY} levels=1:2 keys_zone=WORDPRESS:100m max_size=${NGINX_FASTCGI_CACHE_MAX_SIZE} inactive=${NGINX_FASTCGI_CACHE_INACTIVE}; +fastcgi_cache_key $scheme$request_method$host$request_uri_path$cache_args$state; +fastcgi_cache_lock on; +fastcgi_cache_background_update "${NGINX_FASTCGI_CACHE_BACKGROUND_UPDATE}"; +fastcgi_cache_use_stale ${NGINX_FASTCGI_CACHE_USE_STALE}; +fastcgi_cache_valid ${NGINX_FASTCGI_CACHE_VALID}; +${NGINX_FASTCGI_CACHE_VALID_2} +${NGINX_FASTCGI_CACHE_VALID_3} +${NGINX_FASTCGI_CACHE_VALID_4} +${NGINX_FASTCGI_CACHE_VALID_5} \ No newline at end of file diff --git a/ubuntu-7.4/rootfs/etc/nginx/cache/fastcgicache_skip_rules.conf b/ubuntu-8.1/rootfs/etc/nginx/cache/fastcgicache_skip_rules.conf similarity index 78% rename from ubuntu-7.4/rootfs/etc/nginx/cache/fastcgicache_skip_rules.conf rename to ubuntu-8.1/rootfs/etc/nginx/cache/fastcgicache_skip_rules.conf index 3b1c069..9bcbb13 100644 --- a/ubuntu-7.4/rootfs/etc/nginx/cache/fastcgicache_skip_rules.conf +++ b/ubuntu-8.1/rootfs/etc/nginx/cache/fastcgicache_skip_rules.conf @@ -4,6 +4,7 @@ # Don't skip cache by default set $skip_cache 0; +set $skip_reason ""; # insert project specific cache rules to this file (delete this row when all projects are updated) include /var/www/project/nginx/server/skip_cache.conf; # insert project specific cache rules to this folder @@ -12,19 +13,20 @@ include ${NGINX_INCLUDE_DIR}/skipcache/*.conf; # POST requests and urls with a query string should always go to PHP if ($request_method = POST) { set $skip_cache 1; + set $skip_reason "${skip_reason}-POST"; } # Deal with accepted query vars set $without $query_string; - # Init the cache mode variable set $cachemode ""; set_by_lua_block $cache_args { + -- avoid race conditions from declaring global variables local split, esc - local mode = os.getenv( 'CACHE_MODE' ) + local mode = os.getenv( 'NGINX_FASTCGI_CACHE_MODE' ) if mode == nil then mode = "whitelist" @@ -56,7 +58,7 @@ set_by_lua_block $cache_args { local without = ngx.decode_args( ngx.unescape_uri( ngx.var.without ) ) -- Get a list of accepted query vars from env variable - local accepted = split( ( os.getenv( 'CACHE_QUERYVARS' ) or "" ), "," ) + local accepted = split( ( os.getenv( 'NGINX_FASTCGI_CACHE_QUERYVARS' ) or "" ), "," ) -- Loop through the list for key, accept in pairs(accepted) do @@ -72,7 +74,7 @@ set_by_lua_block $cache_args { end -- Get a list of ignored query vars from env variable - local ignored = split( ( os.getenv( 'CACHE_QUERYVARS_IGNORE' ) or "" ), "," ) + local ignored = split( ( os.getenv( 'NGINX_FASTCGI_CACHE_QUERYVARS_IGNORE' ) or "" ), "," ) for index, ignore in ipairs(ignored) do for key, val in pairs(without) do @@ -86,10 +88,16 @@ set_by_lua_block $cache_args { ngx.var.without = ngx.encode_args( without ) -- Return accepted query var key-value pairs to be used in the cache key - return "?" .. table.concat( with, "&" ) + local len = 0 + + for k, v in pairs(with) do + len = len + 1 + end + return len > 0 and "?" .. table.concat( with, "&" ) or "" + else -- Get a list of blacklisted query vars from env variable - local blacklist = split( ( os.getenv( 'CACHE_QUERYVARS' ) or "" ), "," ) + local blacklist = split( ( os.getenv( 'NGINX_FASTCGI_CACHE_QUERYVARS' ) or "" ), "," ) local queryvars = ngx.decode_args( ngx.var.query_string or "" ) ngx.var.without = "" @@ -97,25 +105,27 @@ set_by_lua_block $cache_args { for key, queryvar in pairs(blacklist) do if queryvars[ queryvar ] then ngx.var.skip_cache = 1 + ngx.var.skip_reason = ngx.var.skip_reason .. "-Lua" return end end end } -# If you need to debug the cache mode, uncomment the following line -# add_header X-cache-mode $cachemode; # If there were any unaccepted query vars, skip cache if ($without != "") { set $skip_cache 1; + set $skip_reason "${skip_reason}-QueryString"; } # Don't use the cache for logged in users or recent commenters -if ($http_cookie ~* "comment_author|wordpress_[a-f0-9]+|wp-postpass|wordpress_no_cache|wordpress_logged_in|woocommerce_items_in_cart") { +if ($http_cookie ~* "comment_author|wordpress_[a-f0-9]+|wp-postpass|wordpress_no_cache|wordpress_sec|wordpress_logged_in|woocommerce_items_in_cart") { set $skip_cache 1; + set $skip_reason "${skip_reason}-Cookie"; } # Don't cache responses from wp-admin, xmlrpc and wp-login.php if ($request_uri ~* "/wp-admin/|/xmlrpc.php|wp-.*.php") { set $skip_cache 1; -} \ No newline at end of file + set $skip_reason "${skip_reason}-URI"; +} diff --git a/ubuntu-7.1/rootfs/etc/nginx/cache/helper_variables.conf b/ubuntu-8.1/rootfs/etc/nginx/cache/helper_variables.conf similarity index 72% rename from ubuntu-7.1/rootfs/etc/nginx/cache/helper_variables.conf rename to ubuntu-8.1/rootfs/etc/nginx/cache/helper_variables.conf index ea10fb9..f71359f 100644 --- a/ubuntu-7.1/rootfs/etc/nginx/cache/helper_variables.conf +++ b/ubuntu-8.1/rootfs/etc/nginx/cache/helper_variables.conf @@ -3,6 +3,14 @@ # $prefer_language_slug - 2 first letters from accept-language header to determine the language redirects from cache ## +# Render redis envs to not break the redis password nul problem, hacky.... +# ${REDIS_PASSWORD} +# ${REDIS_DATABASE} +# ${REDIS_HOST} +# ${REDIS_PORT} +# ${REDIS_CACHE_TTL} + + ## # Parse first two letters from accept-language header to determine right cache key ## diff --git a/ubuntu-7.1/rootfs/etc/nginx/env.conf b/ubuntu-8.1/rootfs/etc/nginx/env.conf similarity index 71% rename from ubuntu-7.1/rootfs/etc/nginx/env.conf rename to ubuntu-8.1/rootfs/etc/nginx/env.conf index b165833..a170516 100644 --- a/ubuntu-7.1/rootfs/etc/nginx/env.conf +++ b/ubuntu-8.1/rootfs/etc/nginx/env.conf @@ -10,4 +10,6 @@ env REDIS_HOST; env REDIS_PORT; env REDIS_DATABASE; env REDIS_PASSWORD; -env CACHE_QUERYVARS; +env NGINX_FASTCGI_CACHE_QUERYVARS; +env NGINX_FASTCGI_CACHE_MODE; +env NGINX_FASTCGI_CACHE_QUERYVARS_IGNORE; diff --git a/ubuntu-7.0/rootfs/etc/nginx/error_pages.conf b/ubuntu-8.1/rootfs/etc/nginx/error_pages.conf similarity index 100% rename from ubuntu-7.0/rootfs/etc/nginx/error_pages.conf rename to ubuntu-8.1/rootfs/etc/nginx/error_pages.conf diff --git a/ubuntu-7.0/rootfs/etc/nginx/fastcgi_params b/ubuntu-8.1/rootfs/etc/nginx/fastcgi_params similarity index 100% rename from ubuntu-7.0/rootfs/etc/nginx/fastcgi_params rename to ubuntu-8.1/rootfs/etc/nginx/fastcgi_params diff --git a/ubuntu-7.0/rootfs/etc/nginx/fastcgi_settings.conf b/ubuntu-8.1/rootfs/etc/nginx/fastcgi_settings.conf similarity index 92% rename from ubuntu-7.0/rootfs/etc/nginx/fastcgi_settings.conf rename to ubuntu-8.1/rootfs/etc/nginx/fastcgi_settings.conf index 25683fb..3c4a3d2 100644 --- a/ubuntu-7.0/rootfs/etc/nginx/fastcgi_settings.conf +++ b/ubuntu-8.1/rootfs/etc/nginx/fastcgi_settings.conf @@ -10,7 +10,7 @@ fastcgi_param PATH_INFO $path_info; # These can be: # - timeouts for long running requests # - requested php file might be missing or not existing in the first place -fastcgi_intercept_errors on; +fastcgi_intercept_errors ${FASTCGI_INTERCEPT_ERRORS}; fastcgi_index index.php; diff --git a/ubuntu-7.0/rootfs/etc/nginx/gzip.conf b/ubuntu-8.1/rootfs/etc/nginx/gzip.conf similarity index 100% rename from ubuntu-7.0/rootfs/etc/nginx/gzip.conf rename to ubuntu-8.1/rootfs/etc/nginx/gzip.conf diff --git a/ubuntu-7.0/rootfs/etc/nginx/log_format.conf b/ubuntu-8.1/rootfs/etc/nginx/log_format.conf similarity index 100% rename from ubuntu-7.0/rootfs/etc/nginx/log_format.conf rename to ubuntu-8.1/rootfs/etc/nginx/log_format.conf diff --git a/ubuntu-7.0/rootfs/etc/nginx/log_formats.conf b/ubuntu-8.1/rootfs/etc/nginx/log_formats.conf similarity index 100% rename from ubuntu-7.0/rootfs/etc/nginx/log_formats.conf rename to ubuntu-8.1/rootfs/etc/nginx/log_formats.conf diff --git a/ubuntu-7.2/rootfs/etc/nginx/nginx.conf b/ubuntu-8.1/rootfs/etc/nginx/nginx.conf similarity index 92% rename from ubuntu-7.2/rootfs/etc/nginx/nginx.conf rename to ubuntu-8.1/rootfs/etc/nginx/nginx.conf index 5384cdd..2eed60d 100644 --- a/ubuntu-7.2/rootfs/etc/nginx/nginx.conf +++ b/ubuntu-8.1/rootfs/etc/nginx/nginx.conf @@ -23,13 +23,6 @@ worker_processes auto; # should be > worker_connections. worker_rlimit_nofile 8192; -# Load root level directives -include ${NGINX_INCLUDE_DIR}/root/*.conf; -include ${NGINX_INCLUDE_DIR}/environments/${WP_ENV}/root/*.conf; - -# Load custom environment variables -include env.conf; - events { # When you need > 8000 * cpu_cores connections, you start optimizing your OS, # and this is probably the point at which you hire people who are smarter than @@ -41,18 +34,23 @@ http { # Configure hashmaps so that environment does not change defaults map_hash_max_size 262144; - map_hash_bucket_size 262144; + map_hash_bucket_size 128; server_names_hash_bucket_size 64; # Hide nginx version information. server_tokens off; - # Remove Server header entirely - more_clear_headers Server; + # Get the request uri without the query string to its own variable + map $request_uri $request_uri_path { + "~^(?P[^?]*)(\?.*)?$" $path; + } - # Enable Fastcgicache + #Enable Fastcgicache include cache/fastcgicache_settings.conf; + # Remove Server header entirely + more_clear_headers Server; + # How long to allow each connection to stay idle; longer values are better # for each individual client, particularly for SSL, but means that worker # connections are tied up longer. (Default: 65) @@ -100,6 +98,12 @@ http { # Add few headers which make XSS harder include security_headers.conf; + # Add headers from project + include ${NGINX_INCLUDE_DIR}/headers/*.conf; + + # Include cache headers + include cache/fastcgicache_headers.conf; + # If ${PORT} != 80 means that we are behind reverse proxy as well # This directive helps that we don't redirect clients into mysite.com:8080/resource type urls port_in_redirect off; @@ -114,6 +118,9 @@ http { listen ${PORT} default_server; server_name _; + # Init the cache mode variable + set $cachemode ""; + root ${WEB_ROOT}; # Use index.php if it exists but also allow static websites in subfolders @@ -126,20 +133,24 @@ http { disable_symlinks off; + ## state variable must be set as it will crash nginx if logged in cache is not used + set $state ''; + + # These variables are proxy conscious, so that they work even though we are behind reverse proxy + include proxy_real_variables.conf; + # Include custom nginx server additions from project include ${NGINX_INCLUDE_DIR}/server/*.conf; include ${NGINX_INCLUDE_DIR}/environments/${WP_ENV}/server/*.conf; set $custom_parameters ""; + set $skip_reason ""; # Include custom cache confs include ${NGINX_INCLUDE_DIR}/cache/*.conf; # Moved the cache key defining variable here so it can be altered by project - fastcgi_cache_key $scheme$request_method$host$uri$cache_args$custom_parameters; - - # These variables are proxy conscious, so that they work even though we are behind reverse proxy - include proxy_real_variables.conf; + fastcgi_cache_key $scheme$request_method$host$uri$cache_args$custom_parameters$state; # Include custom error pages include error_pages.conf; @@ -174,7 +185,7 @@ http { allow all; log_not_found off; access_log off; - try_files $uri @index; + try_files $uri =404; } # deny all dot-files including git @@ -264,6 +275,14 @@ http { include fastcgi_settings.conf; + # Shibboleth configs + shib_request /shibauthorizer; + include shib_fastcgi_params; + shib_request_set $shib_commonname $upstream_http_variable_commonname; + shib_request_set $shib_email $upstream_http_variable_email; + fastcgi_param COMMONNAME $shib_commonname; + fastcgi_param EMAIL $shib_email; + # Append subfolder automatically fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; @@ -297,7 +316,7 @@ http { # include cache/redis_backend.conf; location @index { - + # Include custom nginx index additions from project include ${NGINX_INCLUDE_DIR}/index/*.conf; include ${NGINX_INCLUDE_DIR}/environments/${WP_ENV}/index/*.conf; @@ -338,7 +357,7 @@ http { include cache/fastcgicache.conf; #Enable project spesific config to root block - include ${NGINX_INCLUDE_DIR}/environments/${WP_ENV}/httproot/*.conf; + include ${NGINX_INCLUDE_DIR}/environments/${WP_ENV}/root/*.conf; # Fallback into php include fastcgi_settings.conf; diff --git a/ubuntu-7.0/rootfs/etc/nginx/pagespeed/locations.conf b/ubuntu-8.1/rootfs/etc/nginx/pagespeed/locations.conf similarity index 100% rename from ubuntu-7.0/rootfs/etc/nginx/pagespeed/locations.conf rename to ubuntu-8.1/rootfs/etc/nginx/pagespeed/locations.conf diff --git a/ubuntu-7.0/rootfs/etc/nginx/pagespeed/settings.conf b/ubuntu-8.1/rootfs/etc/nginx/pagespeed/settings.conf similarity index 100% rename from ubuntu-7.0/rootfs/etc/nginx/pagespeed/settings.conf rename to ubuntu-8.1/rootfs/etc/nginx/pagespeed/settings.conf diff --git a/ubuntu-7.0/rootfs/etc/nginx/proxy_real_variables.conf b/ubuntu-8.1/rootfs/etc/nginx/proxy_real_variables.conf similarity index 100% rename from ubuntu-7.0/rootfs/etc/nginx/proxy_real_variables.conf rename to ubuntu-8.1/rootfs/etc/nginx/proxy_real_variables.conf diff --git a/ubuntu-7.0/rootfs/etc/nginx/security.conf b/ubuntu-8.1/rootfs/etc/nginx/security.conf similarity index 100% rename from ubuntu-7.0/rootfs/etc/nginx/security.conf rename to ubuntu-8.1/rootfs/etc/nginx/security.conf diff --git a/ubuntu-7.1/rootfs/etc/nginx/security_headers.conf b/ubuntu-8.1/rootfs/etc/nginx/security_headers.conf similarity index 91% rename from ubuntu-7.1/rootfs/etc/nginx/security_headers.conf rename to ubuntu-8.1/rootfs/etc/nginx/security_headers.conf index be78f67..ae629ea 100644 --- a/ubuntu-7.1/rootfs/etc/nginx/security_headers.conf +++ b/ubuntu-8.1/rootfs/etc/nginx/security_headers.conf @@ -21,3 +21,8 @@ add_header X-Content-Type-Options nosniff always; # this particular website if it was disabled by the user. # https://www.owasp.org/index.php/List_of_useful_HTTP_headers add_header X-XSS-Protection "1; mode=block"; + +add_header Referrer-Policy "same-origin"; + +add_header Strict-Transport-Security "max-age=15724800; includeSubdomains"; + diff --git a/ubuntu-8.1/rootfs/etc/nginx/shib_fastcgi_params b/ubuntu-8.1/rootfs/etc/nginx/shib_fastcgi_params new file mode 100644 index 0000000..2a795db --- /dev/null +++ b/ubuntu-8.1/rootfs/etc/nginx/shib_fastcgi_params @@ -0,0 +1,81 @@ +# vim: set filetype=conf : + +# Replace `fastcgi_param` with `sgci_param`, `uwsgi_param` or similar +# directive for use with different upstreams. Consult the relevant upstream +# documentation for more information on environment parameters. +# +# Auth-Type is configured as authType in +# https://wiki.shibboleth.net/confluence/display/SHIB2/NativeSPContentSettings. +# Other default SP variables are as per +# https://wiki.shibboleth.net/confluence/display/SHIB2/NativeSPAttributeAccess#NativeSPAttributeAccess-CustomSPVariables + +shib_request_set $shib_auth_type $upstream_http_variable_auth_type; +fastcgi_param Auth-Type $shib_auth_type; + +shib_request_set $shib_shib_application_id $upstream_http_variable_shib_application_id; +fastcgi_param Shib-Application-ID $shib_shib_application_id; + +shib_request_set $shib_shib_authentication_instant $upstream_http_variable_shib_authentication_instant; +fastcgi_param Shib-Authentication-Instant $shib_shib_authentication_instant; + +shib_request_set $shib_shib_authentication_method $upstream_http_variable_shib_authentication_method; +fastcgi_param Shib-Authentication-Method $shib_shib_authentication_method; + +shib_request_set $shib_shib_authncontext_class $upstream_http_variable_shib_authncontext_class; +fastcgi_param Shib-AuthnContext-Class $shib_shib_authncontext_class; + +shib_request_set $shib_shib_authncontext_decl $upstream_http_variable_shib_authncontext_decl; +fastcgi_param Shib-AuthnContext-Decl $shib_shib_authncontext_decl; + +shib_request_set $shib_shib_identity_provider $upstream_http_variable_shib_identity_provider; +fastcgi_param Shib-Identity-Provider $shib_shib_identity_provider; + +shib_request_set $shib_shib_session_id $upstream_http_variable_shib_session_id; +fastcgi_param Shib-Session-ID $shib_shib_session_id; + +shib_request_set $shib_shib_session_index $upstream_http_variable_shib_session_index; +fastcgi_param Shib-Session-Index $shib_shib_session_index; + +shib_request_set $shib_remote_user $upstream_http_variable_remote_user; +fastcgi_param Remote-User $shib_remote_user; + + +# Uncomment any of the following core attributes. Consult your Shibboleth +# Service Provider (SP) attribute-map.xml file for details about attribute +# IDs. Add additional directives for any Shibboleth attributes released to +# your SP. + +# shib_request_set $shib_eppn $upstream_http_variable_eppn; +# fastcgi_param EPPN $shib_eppn; +# +# shib_request_set $shib_affliation $upstream_http_variable_affiliation; +# fastcgi_param Affiliation $shib_affiliation; +# +# shib_request_set $shib_unscoped_affliation $upstream_http_variable_unscoped_affiliation; +# fastcgi_param Unscoped-Affiliation $shib_unscoped_affiliation; +# +# shib_request_set $shib_entitlement $upstream_http_variable_entitlement; +# fastcgi_param Entitlement $shib_entitlement; + + +# shib_request_set $shib_targeted_id $upstream_http_variable_targeted_id; +# fastcgi_param Targeted-Id $shib_targeted_id; +# +# shib_request_set $shib_persistent_id $upstream_http_variable_persistent_id; +# fastcgi_param Persistent-Id $shib_persistent_id; +# +# shib_request_set $shib_transient_name $upstream_http_variable_transient_name; +# fastcgi_param Transient-Name $shib_transient_name; + + +# shib_request_set $shib_commonname $upstream_http_variable_commonname; +# fastcgi_param Commonname $shib_commonname; +# +# shib_request_set $shib_displayname $upstream_http_variable_displayname; +# fastcgi_param DisplayName $shib_displayname; +# +# shib_request_set $shib_email $upstream_http_variable_email; +# fastcgi_param Email $shib_email; +# +# shib_request_set $shib_organizationname $upstream_http_variable_organizationname; +# fastcgi_param OrganizationName $shib_organizationname; \ No newline at end of file diff --git a/ubuntu-7.0/rootfs/etc/nginx/static_files.conf b/ubuntu-8.1/rootfs/etc/nginx/static_files.conf similarity index 100% rename from ubuntu-7.0/rootfs/etc/nginx/static_files.conf rename to ubuntu-8.1/rootfs/etc/nginx/static_files.conf diff --git a/ubuntu-7.0/rootfs/etc/nginx/upstreams.conf b/ubuntu-8.1/rootfs/etc/nginx/upstreams.conf similarity index 100% rename from ubuntu-7.0/rootfs/etc/nginx/upstreams.conf rename to ubuntu-8.1/rootfs/etc/nginx/upstreams.conf diff --git a/ubuntu-7.4/rootfs/etc/php/7.4/cli/php.ini b/ubuntu-8.1/rootfs/etc/php/8.1/cli/php.ini similarity index 98% rename from ubuntu-7.4/rootfs/etc/php/7.4/cli/php.ini rename to ubuntu-8.1/rootfs/etc/php/8.1/cli/php.ini index 64af1a4..b1ee3e2 100644 --- a/ubuntu-7.4/rootfs/etc/php/7.4/cli/php.ini +++ b/ubuntu-8.1/rootfs/etc/php/8.1/cli/php.ini @@ -51,6 +51,8 @@ memory_limit = ${PHP_MEMORY_LIMIT} error_reporting = E_ALL +error_log = /proc/1/fd/2 + display_errors = On display_startup_errors = On diff --git a/ubuntu-8.1/rootfs/etc/php/8.1/fpm/conf.d/blocked.ini b/ubuntu-8.1/rootfs/etc/php/8.1/fpm/conf.d/blocked.ini new file mode 100644 index 0000000..694a4c5 --- /dev/null +++ b/ubuntu-8.1/rootfs/etc/php/8.1/fpm/conf.d/blocked.ini @@ -0,0 +1,4 @@ +; Disable some functions because they allow bad/vulnerable patterns +; We want to advocate good coding practises and these functions make it difficult +; You can use these with php cli but not with php-fpm +disable_functions = ${PHP_DISABLE_FUNCTIONS} diff --git a/ubuntu-7.0/rootfs/etc/php/7.0/fpm/conf.d/common.ini b/ubuntu-8.1/rootfs/etc/php/8.1/fpm/conf.d/common.ini similarity index 100% rename from ubuntu-7.0/rootfs/etc/php/7.0/fpm/conf.d/common.ini rename to ubuntu-8.1/rootfs/etc/php/8.1/fpm/conf.d/common.ini diff --git a/ubuntu-7.0/rootfs/etc/php/7.0/fpm/conf.d/limits.ini b/ubuntu-8.1/rootfs/etc/php/8.1/fpm/conf.d/limits.ini similarity index 100% rename from ubuntu-7.0/rootfs/etc/php/7.0/fpm/conf.d/limits.ini rename to ubuntu-8.1/rootfs/etc/php/8.1/fpm/conf.d/limits.ini diff --git a/ubuntu-7.0/rootfs/etc/php/7.0/fpm/conf.d/logging.ini b/ubuntu-8.1/rootfs/etc/php/8.1/fpm/conf.d/logging.ini similarity index 100% rename from ubuntu-7.0/rootfs/etc/php/7.0/fpm/conf.d/logging.ini rename to ubuntu-8.1/rootfs/etc/php/8.1/fpm/conf.d/logging.ini diff --git a/ubuntu-7.0/rootfs/etc/php/7.0/fpm/conf.d/mail.ini b/ubuntu-8.1/rootfs/etc/php/8.1/fpm/conf.d/mail.ini similarity index 100% rename from ubuntu-7.0/rootfs/etc/php/7.0/fpm/conf.d/mail.ini rename to ubuntu-8.1/rootfs/etc/php/8.1/fpm/conf.d/mail.ini diff --git a/ubuntu-7.0/rootfs/etc/php/7.0/fpm/conf.d/opcache.ini b/ubuntu-8.1/rootfs/etc/php/8.1/fpm/conf.d/opcache.ini similarity index 100% rename from ubuntu-7.0/rootfs/etc/php/7.0/fpm/conf.d/opcache.ini rename to ubuntu-8.1/rootfs/etc/php/8.1/fpm/conf.d/opcache.ini diff --git a/ubuntu-7.0/rootfs/etc/php/7.0/fpm/conf.d/opcache_invalidate.conf b/ubuntu-8.1/rootfs/etc/php/8.1/fpm/conf.d/opcache_invalidate.conf similarity index 100% rename from ubuntu-7.0/rootfs/etc/php/7.0/fpm/conf.d/opcache_invalidate.conf rename to ubuntu-8.1/rootfs/etc/php/8.1/fpm/conf.d/opcache_invalidate.conf diff --git a/ubuntu-7.0/rootfs/etc/php/7.0/fpm/conf.d/sessions.ini b/ubuntu-8.1/rootfs/etc/php/8.1/fpm/conf.d/sessions.ini similarity index 100% rename from ubuntu-7.0/rootfs/etc/php/7.0/fpm/conf.d/sessions.ini rename to ubuntu-8.1/rootfs/etc/php/8.1/fpm/conf.d/sessions.ini diff --git a/ubuntu-7.0/rootfs/etc/php/7.0/fpm/conf.d/timezone.ini b/ubuntu-8.1/rootfs/etc/php/8.1/fpm/conf.d/timezone.ini similarity index 100% rename from ubuntu-7.0/rootfs/etc/php/7.0/fpm/conf.d/timezone.ini rename to ubuntu-8.1/rootfs/etc/php/8.1/fpm/conf.d/timezone.ini diff --git a/ubuntu-7.2/rootfs/etc/php/7.2/fpm/php-fpm.conf b/ubuntu-8.1/rootfs/etc/php/8.1/fpm/php-fpm.conf similarity index 73% rename from ubuntu-7.2/rootfs/etc/php/7.2/fpm/php-fpm.conf rename to ubuntu-8.1/rootfs/etc/php/8.1/fpm/php-fpm.conf index 6f895bd..91545d9 100644 --- a/ubuntu-7.2/rootfs/etc/php/7.2/fpm/php-fpm.conf +++ b/ubuntu-8.1/rootfs/etc/php/8.1/fpm/php-fpm.conf @@ -11,14 +11,14 @@ group = ${WEB_GROUP} listen = /var/run/php-fpm.sock listen.owner = ${WEB_USER} listen.group = ${WEB_GROUP} -pm = dynamic +pm = ${PHP_PM_MODE} ; Total RAM dedicated to the web server / Max child process size -pm.max_children = 30 +pm.max_children = ${PHP_PM_MAX_CHILDREN} -pm.start_servers = 1 -pm.min_spare_servers = 1 -pm.max_spare_servers = 3 +pm.start_servers = ${PHP_PM_START_SERVERS} +pm.min_spare_servers = ${PHP_PM_MIN_SPARE_SERVERS} +pm.max_spare_servers = ${PHP_PM_MAX_SPARE_SERVERS} ; Redirect worker stdout and stderr into main error log. If not set, stdout and ; stderr will be redirected to /dev/null according to FastCGI specs. @@ -32,4 +32,4 @@ pm.process_idle_timeout = 10s pm.max_requests = 500 ; Include extra configs -include=/etc/php/7.2/fpm/php-fpm.d/*.conf +include=/etc/php/8.1/fpm/php-fpm.d/*.conf \ No newline at end of file diff --git a/ubuntu-7.0/rootfs/etc/php/7.0/fpm/php-fpm.d/preserve-env.conf b/ubuntu-8.1/rootfs/etc/php/8.1/fpm/php-fpm.d/preserve-env.conf similarity index 100% rename from ubuntu-7.0/rootfs/etc/php/7.0/fpm/php-fpm.d/preserve-env.conf rename to ubuntu-8.1/rootfs/etc/php/8.1/fpm/php-fpm.d/preserve-env.conf diff --git a/ubuntu-7.4/rootfs/etc/php/7.4/fpm/php.ini b/ubuntu-8.1/rootfs/etc/php/8.1/fpm/php.ini similarity index 100% rename from ubuntu-7.4/rootfs/etc/php/7.4/fpm/php.ini rename to ubuntu-8.1/rootfs/etc/php/8.1/fpm/php.ini diff --git a/ubuntu-7.0/rootfs/etc/services.d/cron/run b/ubuntu-8.1/rootfs/etc/services.d/cron/run similarity index 100% rename from ubuntu-7.0/rootfs/etc/services.d/cron/run rename to ubuntu-8.1/rootfs/etc/services.d/cron/run diff --git a/ubuntu-7.0/rootfs/etc/services.d/nginx/run b/ubuntu-8.1/rootfs/etc/services.d/nginx/run similarity index 100% rename from ubuntu-7.0/rootfs/etc/services.d/nginx/run rename to ubuntu-8.1/rootfs/etc/services.d/nginx/run diff --git a/ubuntu-7.1/rootfs/etc/services.d/php-fpm/run b/ubuntu-8.1/rootfs/etc/services.d/php-fpm/run similarity index 96% rename from ubuntu-7.1/rootfs/etc/services.d/php-fpm/run rename to ubuntu-8.1/rootfs/etc/services.d/php-fpm/run index 18b6baf..4c02d32 100644 --- a/ubuntu-7.1/rootfs/etc/services.d/php-fpm/run +++ b/ubuntu-8.1/rootfs/etc/services.d/php-fpm/run @@ -49,5 +49,5 @@ fi echo "[php-fpm] using $PHP_SESSION_SAVE_PATH for php sessions..." echo "[php-fpm] started php-fpm" -exec php-fpm -c /etc/php/7.1/fpm/php.ini --fpm-config /etc/php/7.1/fpm/php-fpm.conf --pid /var/run/php-fpm.pid +exec php-fpm -c /etc/php/8.1/fpm/php.ini --fpm-config /etc/php/8.1/fpm/php-fpm.conf --pid /var/run/php-fpm.pid diff --git a/ubuntu-7.0/rootfs/usr/bin/wp b/ubuntu-8.1/rootfs/usr/bin/wp similarity index 100% rename from ubuntu-7.0/rootfs/usr/bin/wp rename to ubuntu-8.1/rootfs/usr/bin/wp diff --git a/ubuntu-7.0/rootfs/usr/local/bin/phinx b/ubuntu-8.1/rootfs/usr/local/bin/phinx similarity index 100% rename from ubuntu-7.0/rootfs/usr/local/bin/phinx rename to ubuntu-8.1/rootfs/usr/local/bin/phinx diff --git a/ubuntu-7.0/rootfs/usr/local/bin/print-smtp-password b/ubuntu-8.1/rootfs/usr/local/bin/print-smtp-password similarity index 100% rename from ubuntu-7.0/rootfs/usr/local/bin/print-smtp-password rename to ubuntu-8.1/rootfs/usr/local/bin/print-smtp-password diff --git a/ubuntu-7.0/rootfs/usr/local/bin/wp-run-cron b/ubuntu-8.1/rootfs/usr/local/bin/wp-run-cron similarity index 100% rename from ubuntu-7.0/rootfs/usr/local/bin/wp-run-cron rename to ubuntu-8.1/rootfs/usr/local/bin/wp-run-cron diff --git a/ubuntu-7.0/rootfs/usr/sbin/sendmail b/ubuntu-8.1/rootfs/usr/sbin/sendmail similarity index 100% rename from ubuntu-7.0/rootfs/usr/sbin/sendmail rename to ubuntu-8.1/rootfs/usr/sbin/sendmail diff --git a/ubuntu-7.0/rootfs/usr/share/nginx/html/403.html b/ubuntu-8.1/rootfs/usr/share/nginx/html/403.html similarity index 100% rename from ubuntu-7.0/rootfs/usr/share/nginx/html/403.html rename to ubuntu-8.1/rootfs/usr/share/nginx/html/403.html diff --git a/ubuntu-7.0/rootfs/usr/share/nginx/html/500.html b/ubuntu-8.1/rootfs/usr/share/nginx/html/500.html similarity index 100% rename from ubuntu-7.0/rootfs/usr/share/nginx/html/500.html rename to ubuntu-8.1/rootfs/usr/share/nginx/html/500.html diff --git a/ubuntu-7.0/rootfs/usr/share/nginx/html/502.html b/ubuntu-8.1/rootfs/usr/share/nginx/html/502.html similarity index 100% rename from ubuntu-7.0/rootfs/usr/share/nginx/html/502.html rename to ubuntu-8.1/rootfs/usr/share/nginx/html/502.html diff --git a/ubuntu-7.0/rootfs/usr/share/nginx/html/504.html b/ubuntu-8.1/rootfs/usr/share/nginx/html/504.html similarity index 100% rename from ubuntu-7.0/rootfs/usr/share/nginx/html/504.html rename to ubuntu-8.1/rootfs/usr/share/nginx/html/504.html