From 21266b284e3ca31ff6644837cc704441af69df2d Mon Sep 17 00:00:00 2001 From: Hannu Kumpula Date: Mon, 3 Aug 2020 10:41:07 +0300 Subject: [PATCH 01/46] initial commit of header changes and security options --- .gitignore | 1 + ubuntu-7.0/Dockerfile | 5 +++++ ubuntu-7.0/rootfs/etc/cont-init.d/00-render-templates | 2 ++ ubuntu-7.0/rootfs/etc/nginx/cache/fastcgicache.conf | 1 - .../rootfs/etc/nginx/cache/fastcgicache_headers.conf | 8 ++++++++ .../rootfs/etc/nginx/cache/fastcgicache_settings.conf | 3 +-- ubuntu-7.0/rootfs/etc/nginx/nginx.conf | 6 ++++++ ubuntu-7.0/rootfs/etc/php/7.0/cli/php.ini | 2 ++ ubuntu-7.1/Dockerfile | 5 +++++ ubuntu-7.1/rootfs/etc/cont-init.d/00-render-templates | 2 ++ ubuntu-7.1/rootfs/etc/nginx/cache/fastcgicache.conf | 3 +-- .../rootfs/etc/nginx/cache/fastcgicache_headers.conf | 8 ++++++++ .../rootfs/etc/nginx/cache/fastcgicache_settings.conf | 3 +-- ubuntu-7.1/rootfs/etc/nginx/nginx.conf | 6 ++++++ ubuntu-7.1/rootfs/etc/php/7.1/cli/php.ini | 2 ++ ubuntu-7.2/Dockerfile | 5 +++++ ubuntu-7.2/rootfs/etc/cont-init.d/00-render-templates | 2 ++ ubuntu-7.2/rootfs/etc/nginx/cache/fastcgicache.conf | 3 --- .../rootfs/etc/nginx/cache/fastcgicache_headers.conf | 8 ++++++++ .../rootfs/etc/nginx/cache/fastcgicache_settings.conf | 3 +-- ubuntu-7.2/rootfs/etc/nginx/nginx.conf | 6 ++++++ ubuntu-7.2/rootfs/etc/php/7.2/cli/php.ini | 2 ++ ubuntu-7.3/Dockerfile | 5 +++++ ubuntu-7.3/rootfs/etc/cont-init.d/00-render-templates | 1 + ubuntu-7.3/rootfs/etc/nginx/cache/fastcgicache.conf | 2 -- .../rootfs/etc/nginx/cache/fastcgicache_headers.conf | 8 ++++++++ .../rootfs/etc/nginx/cache/fastcgicache_settings.conf | 3 +-- .../rootfs/etc/nginx/cache/fastcgicache_skip_rules.conf | 4 +--- ubuntu-7.3/rootfs/etc/nginx/nginx.conf | 6 ++++++ ubuntu-7.3/rootfs/etc/nginx/security_headers.conf | 2 ++ ubuntu-7.3/rootfs/etc/php/7.3/cli/php.ini | 2 ++ ubuntu-7.4/Dockerfile | 7 +++++++ ubuntu-7.4/rootfs/etc/cont-init.d/00-render-templates | 2 ++ ubuntu-7.4/rootfs/etc/nginx/additional.types | 8 +++++--- ubuntu-7.4/rootfs/etc/nginx/cache/fastcgicache.conf | 3 --- .../rootfs/etc/nginx/cache/fastcgicache_headers.conf | 8 ++++++++ .../rootfs/etc/nginx/cache/fastcgicache_settings.conf | 3 +-- .../rootfs/etc/nginx/cache/fastcgicache_skip_rules.conf | 2 -- ubuntu-7.4/rootfs/etc/nginx/nginx.conf | 6 ++++++ ubuntu-7.4/rootfs/etc/php/7.4/cli/php.ini | 2 ++ 40 files changed, 131 insertions(+), 29 deletions(-) create mode 100644 ubuntu-7.0/rootfs/etc/nginx/cache/fastcgicache_headers.conf create mode 100644 ubuntu-7.1/rootfs/etc/nginx/cache/fastcgicache_headers.conf create mode 100644 ubuntu-7.2/rootfs/etc/nginx/cache/fastcgicache_headers.conf create mode 100644 ubuntu-7.3/rootfs/etc/nginx/cache/fastcgicache_headers.conf create mode 100644 ubuntu-7.4/rootfs/etc/nginx/cache/fastcgicache_headers.conf diff --git a/.gitignore b/.gitignore index 1d74e21..a2ac9cd 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1,2 @@ .vscode/ +.DS_Store diff --git a/ubuntu-7.0/Dockerfile b/ubuntu-7.0/Dockerfile index cd1f450..c43851f 100644 --- a/ubuntu-7.0/Dockerfile +++ b/ubuntu-7.0/Dockerfile @@ -180,6 +180,11 @@ ENV \ # Make sure that all files here have execute permissions RUN dpkg-reconfigure tzdata && \ chmod +x /etc/cont-init.d/* + +# Install socklog-overlay +ADD https://github.com/just-containers/socklog-overlay/releases/download/v3.1.0-1/socklog-overlay-amd64.tar.gz /tmp/ +RUN tar xzf /tmp/socklog-overlay-amd64.tar.gz -C / + # Set default path to project folder for easier running commands in project WORKDIR ${PROJECT_ROOT} EXPOSE ${PORT} diff --git a/ubuntu-7.0/rootfs/etc/cont-init.d/00-render-templates b/ubuntu-7.0/rootfs/etc/cont-init.d/00-render-templates index e5cc08b..46565cd 100755 --- a/ubuntu-7.0/rootfs/etc/cont-init.d/00-render-templates +++ b/ubuntu-7.0/rootfs/etc/cont-init.d/00-render-templates @@ -61,6 +61,8 @@ render_env_tmpl "$VARS" /etc/nginx/cache/redis_backend.conf render_env_tmpl "$VARS" /etc/nginx/cache/srcache.conf render_env_tmpl "$VARS" /etc/nginx/cache/fastcgicache_settings.conf render_env_tmpl "$VARS" /etc/nginx/cache/fastcgicache_skip_rules.conf +render_env_tmpl "$VARS" /etc/nginx/cache/fastcgicache_headers.conf + ## # Render all user provided nginx templates ## diff --git a/ubuntu-7.0/rootfs/etc/nginx/cache/fastcgicache.conf b/ubuntu-7.0/rootfs/etc/nginx/cache/fastcgicache.conf index 1455277..e093a44 100644 --- a/ubuntu-7.0/rootfs/etc/nginx/cache/fastcgicache.conf +++ b/ubuntu-7.0/rootfs/etc/nginx/cache/fastcgicache.conf @@ -10,4 +10,3 @@ fastcgi_cache WORDPRESS; #proxy_ignore_headers Set-Cookie Expires Cache-Control; # Add header for easier cache debugging -add_header X-Cache $upstream_cache_status always; diff --git a/ubuntu-7.0/rootfs/etc/nginx/cache/fastcgicache_headers.conf b/ubuntu-7.0/rootfs/etc/nginx/cache/fastcgicache_headers.conf new file mode 100644 index 0000000..c6cba07 --- /dev/null +++ b/ubuntu-7.0/rootfs/etc/nginx/cache/fastcgicache_headers.conf @@ -0,0 +1,8 @@ +# Add header for easier cache debugging +add_header X-Cache $upstream_cache_status always; + +# Add header to force cache rule from project +add_header 'Cache-Control' ${NGINX_CACHE_CONTROL}; + +# If you need to debug the cache mode, uncomment the following line +# add_header X-cache-mode $cachemode; \ No newline at end of file diff --git a/ubuntu-7.0/rootfs/etc/nginx/cache/fastcgicache_settings.conf b/ubuntu-7.0/rootfs/etc/nginx/cache/fastcgicache_settings.conf index a7ed389..6733fed 100644 --- a/ubuntu-7.0/rootfs/etc/nginx/cache/fastcgicache_settings.conf +++ b/ubuntu-7.0/rootfs/etc/nginx/cache/fastcgicache_settings.conf @@ -4,5 +4,4 @@ fastcgi_cache_path /dev/cache levels=1:2 keys_zone=WORDPRESS:10m max_size=1000m inactive=730h; fastcgi_cache_key $scheme$request_method$host$request_uri; fastcgi_cache_lock on; -fastcgi_cache_valid ${NGINX_REDIS_CACHE_TTL_DEFAULT}; -add_header 'Cache-Control' ${NGINX_CACHE_CONTROL}; \ No newline at end of file +fastcgi_cache_valid ${NGINX_REDIS_CACHE_TTL_DEFAULT}; \ No newline at end of file diff --git a/ubuntu-7.0/rootfs/etc/nginx/nginx.conf b/ubuntu-7.0/rootfs/etc/nginx/nginx.conf index c967b96..109bdae 100644 --- a/ubuntu-7.0/rootfs/etc/nginx/nginx.conf +++ b/ubuntu-7.0/rootfs/etc/nginx/nginx.conf @@ -93,6 +93,12 @@ http { # Add few headers which make XSS harder include security_headers.conf; + # Add headers from project + include ${NGINX_INCLUDE_DIR}/headers/*.conf; + + # Include cache headers + include cache/fastcgicache_headers.conf; + # If ${PORT} != 80 means that we are behind reverse proxy as well # This directive helps that we don't redirect clients into mysite.com:8080/resource type urls port_in_redirect off; diff --git a/ubuntu-7.0/rootfs/etc/php/7.0/cli/php.ini b/ubuntu-7.0/rootfs/etc/php/7.0/cli/php.ini index 5eede62..3d0f5f3 100644 --- a/ubuntu-7.0/rootfs/etc/php/7.0/cli/php.ini +++ b/ubuntu-7.0/rootfs/etc/php/7.0/cli/php.ini @@ -51,6 +51,8 @@ memory_limit = ${PHP_MEMORY_LIMIT} error_reporting = E_ALL +error_log = /proc/1/fd/2 + display_errors = On display_startup_errors = On diff --git a/ubuntu-7.1/Dockerfile b/ubuntu-7.1/Dockerfile index 565dc94..e66b269 100644 --- a/ubuntu-7.1/Dockerfile +++ b/ubuntu-7.1/Dockerfile @@ -180,6 +180,11 @@ ENV \ # Make sure that all files here have execute permissions RUN dpkg-reconfigure tzdata && \ chmod +x /etc/cont-init.d/* + +# Install socklog-overlay +ADD https://github.com/just-containers/socklog-overlay/releases/download/v3.1.0-1/socklog-overlay-amd64.tar.gz /tmp/ +RUN tar xzf /tmp/socklog-overlay-amd64.tar.gz -C / + # Set default path to project folder for easier running commands in project WORKDIR ${PROJECT_ROOT} EXPOSE ${PORT} diff --git a/ubuntu-7.1/rootfs/etc/cont-init.d/00-render-templates b/ubuntu-7.1/rootfs/etc/cont-init.d/00-render-templates index 9e31426..67b3b0f 100755 --- a/ubuntu-7.1/rootfs/etc/cont-init.d/00-render-templates +++ b/ubuntu-7.1/rootfs/etc/cont-init.d/00-render-templates @@ -60,6 +60,8 @@ render_env_tmpl "$VARS" /etc/nginx/cache/redis_backend.conf render_env_tmpl "$VARS" /etc/nginx/cache/srcache.conf render_env_tmpl "$VARS" /etc/nginx/cache/fastcgicache_settings.conf render_env_tmpl "$VARS" /etc/nginx/cache/fastcgicache_skip_rules.conf +render_env_tmpl "$VARS" /etc/nginx/cache/fastcgicache_headers.conf + ## # Render all user provided nginx templates ## diff --git a/ubuntu-7.1/rootfs/etc/nginx/cache/fastcgicache.conf b/ubuntu-7.1/rootfs/etc/nginx/cache/fastcgicache.conf index 1455277..79bc464 100644 --- a/ubuntu-7.1/rootfs/etc/nginx/cache/fastcgicache.conf +++ b/ubuntu-7.1/rootfs/etc/nginx/cache/fastcgicache.conf @@ -9,5 +9,4 @@ fastcgi_no_cache $skip_cache; fastcgi_cache WORDPRESS; #proxy_ignore_headers Set-Cookie Expires Cache-Control; -# Add header for easier cache debugging -add_header X-Cache $upstream_cache_status always; + diff --git a/ubuntu-7.1/rootfs/etc/nginx/cache/fastcgicache_headers.conf b/ubuntu-7.1/rootfs/etc/nginx/cache/fastcgicache_headers.conf new file mode 100644 index 0000000..c6cba07 --- /dev/null +++ b/ubuntu-7.1/rootfs/etc/nginx/cache/fastcgicache_headers.conf @@ -0,0 +1,8 @@ +# Add header for easier cache debugging +add_header X-Cache $upstream_cache_status always; + +# Add header to force cache rule from project +add_header 'Cache-Control' ${NGINX_CACHE_CONTROL}; + +# If you need to debug the cache mode, uncomment the following line +# add_header X-cache-mode $cachemode; \ No newline at end of file diff --git a/ubuntu-7.1/rootfs/etc/nginx/cache/fastcgicache_settings.conf b/ubuntu-7.1/rootfs/etc/nginx/cache/fastcgicache_settings.conf index a830d71..6e41824 100644 --- a/ubuntu-7.1/rootfs/etc/nginx/cache/fastcgicache_settings.conf +++ b/ubuntu-7.1/rootfs/etc/nginx/cache/fastcgicache_settings.conf @@ -5,5 +5,4 @@ fastcgi_cache_path /dev/cache levels=1:2 keys_zone=WORDPRESS:10m max_size=1000m fastcgi_cache_key $scheme$request_method$host$request_uri; fastcgi_cache_lock on; fastcgi_cache_use_stale ${NGINX_CACHE_USE_STALE}; -fastcgi_cache_valid ${NGINX_REDIS_CACHE_TTL_DEFAULT}; -add_header 'Cache-Control' ${NGINX_CACHE_CONTROL}; \ No newline at end of file +fastcgi_cache_valid ${NGINX_REDIS_CACHE_TTL_DEFAULT}; \ No newline at end of file diff --git a/ubuntu-7.1/rootfs/etc/nginx/nginx.conf b/ubuntu-7.1/rootfs/etc/nginx/nginx.conf index 2a1dd41..a70db4b 100644 --- a/ubuntu-7.1/rootfs/etc/nginx/nginx.conf +++ b/ubuntu-7.1/rootfs/etc/nginx/nginx.conf @@ -97,6 +97,12 @@ http { # Add few headers which make XSS harder include security_headers.conf; + # Add headers from project + include ${NGINX_INCLUDE_DIR}/headers/*.conf; + + # Include cache headers + include cache/fastcgicache_headers.conf; + # If ${PORT} != 80 means that we are behind reverse proxy as well # This directive helps that we don't redirect clients into mysite.com:8080/resource type urls port_in_redirect off; diff --git a/ubuntu-7.1/rootfs/etc/php/7.1/cli/php.ini b/ubuntu-7.1/rootfs/etc/php/7.1/cli/php.ini index 5eede62..3d0f5f3 100644 --- a/ubuntu-7.1/rootfs/etc/php/7.1/cli/php.ini +++ b/ubuntu-7.1/rootfs/etc/php/7.1/cli/php.ini @@ -51,6 +51,8 @@ memory_limit = ${PHP_MEMORY_LIMIT} error_reporting = E_ALL +error_log = /proc/1/fd/2 + display_errors = On display_startup_errors = On diff --git a/ubuntu-7.2/Dockerfile b/ubuntu-7.2/Dockerfile index 205afc9..86fe398 100644 --- a/ubuntu-7.2/Dockerfile +++ b/ubuntu-7.2/Dockerfile @@ -177,6 +177,11 @@ ENV \ # Make sure that all files here have execute permissions RUN dpkg-reconfigure tzdata && \ chmod +x /etc/cont-init.d/* + +# Install socklog-overlay +ADD https://github.com/just-containers/socklog-overlay/releases/download/v3.1.0-1/socklog-overlay-amd64.tar.gz /tmp/ +RUN tar xzf /tmp/socklog-overlay-amd64.tar.gz -C / + # Set default path to project folder for easier running commands in project WORKDIR ${PROJECT_ROOT} EXPOSE ${PORT} diff --git a/ubuntu-7.2/rootfs/etc/cont-init.d/00-render-templates b/ubuntu-7.2/rootfs/etc/cont-init.d/00-render-templates index 9e31426..67b3b0f 100755 --- a/ubuntu-7.2/rootfs/etc/cont-init.d/00-render-templates +++ b/ubuntu-7.2/rootfs/etc/cont-init.d/00-render-templates @@ -60,6 +60,8 @@ render_env_tmpl "$VARS" /etc/nginx/cache/redis_backend.conf render_env_tmpl "$VARS" /etc/nginx/cache/srcache.conf render_env_tmpl "$VARS" /etc/nginx/cache/fastcgicache_settings.conf render_env_tmpl "$VARS" /etc/nginx/cache/fastcgicache_skip_rules.conf +render_env_tmpl "$VARS" /etc/nginx/cache/fastcgicache_headers.conf + ## # Render all user provided nginx templates ## diff --git a/ubuntu-7.2/rootfs/etc/nginx/cache/fastcgicache.conf b/ubuntu-7.2/rootfs/etc/nginx/cache/fastcgicache.conf index 1455277..ca83caf 100644 --- a/ubuntu-7.2/rootfs/etc/nginx/cache/fastcgicache.conf +++ b/ubuntu-7.2/rootfs/etc/nginx/cache/fastcgicache.conf @@ -8,6 +8,3 @@ fastcgi_no_cache $skip_cache; fastcgi_cache WORDPRESS; #proxy_ignore_headers Set-Cookie Expires Cache-Control; - -# Add header for easier cache debugging -add_header X-Cache $upstream_cache_status always; diff --git a/ubuntu-7.2/rootfs/etc/nginx/cache/fastcgicache_headers.conf b/ubuntu-7.2/rootfs/etc/nginx/cache/fastcgicache_headers.conf new file mode 100644 index 0000000..c6cba07 --- /dev/null +++ b/ubuntu-7.2/rootfs/etc/nginx/cache/fastcgicache_headers.conf @@ -0,0 +1,8 @@ +# Add header for easier cache debugging +add_header X-Cache $upstream_cache_status always; + +# Add header to force cache rule from project +add_header 'Cache-Control' ${NGINX_CACHE_CONTROL}; + +# If you need to debug the cache mode, uncomment the following line +# add_header X-cache-mode $cachemode; \ No newline at end of file diff --git a/ubuntu-7.2/rootfs/etc/nginx/cache/fastcgicache_settings.conf b/ubuntu-7.2/rootfs/etc/nginx/cache/fastcgicache_settings.conf index b906ac1..7e5b4fe 100644 --- a/ubuntu-7.2/rootfs/etc/nginx/cache/fastcgicache_settings.conf +++ b/ubuntu-7.2/rootfs/etc/nginx/cache/fastcgicache_settings.conf @@ -3,5 +3,4 @@ ## fastcgi_cache_path /dev/cache levels=1:2 keys_zone=WORDPRESS:10m max_size=1000m inactive=730h; fastcgi_cache_lock on; -fastcgi_cache_valid ${NGINX_REDIS_CACHE_TTL_DEFAULT}; -add_header 'Cache-Control' ${NGINX_CACHE_CONTROL}; \ No newline at end of file +fastcgi_cache_valid ${NGINX_REDIS_CACHE_TTL_DEFAULT}; \ No newline at end of file diff --git a/ubuntu-7.2/rootfs/etc/nginx/nginx.conf b/ubuntu-7.2/rootfs/etc/nginx/nginx.conf index 5384cdd..cb0af16 100644 --- a/ubuntu-7.2/rootfs/etc/nginx/nginx.conf +++ b/ubuntu-7.2/rootfs/etc/nginx/nginx.conf @@ -100,6 +100,12 @@ http { # Add few headers which make XSS harder include security_headers.conf; + # Add headers from project + include ${NGINX_INCLUDE_DIR}/headers/*.conf; + + # Include cache headers + include cache/fastcgicache_headers.conf; + # If ${PORT} != 80 means that we are behind reverse proxy as well # This directive helps that we don't redirect clients into mysite.com:8080/resource type urls port_in_redirect off; diff --git a/ubuntu-7.2/rootfs/etc/php/7.2/cli/php.ini b/ubuntu-7.2/rootfs/etc/php/7.2/cli/php.ini index 5b4d1fe..9c11183 100644 --- a/ubuntu-7.2/rootfs/etc/php/7.2/cli/php.ini +++ b/ubuntu-7.2/rootfs/etc/php/7.2/cli/php.ini @@ -51,6 +51,8 @@ memory_limit = ${PHP_MEMORY_LIMIT} error_reporting = E_ALL +error_log = /proc/1/fd/2 + display_errors = On display_startup_errors = On diff --git a/ubuntu-7.3/Dockerfile b/ubuntu-7.3/Dockerfile index eae4300..ca7d7fc 100644 --- a/ubuntu-7.3/Dockerfile +++ b/ubuntu-7.3/Dockerfile @@ -179,6 +179,11 @@ ENV \ # Make sure that all files here have execute permissions RUN dpkg-reconfigure tzdata && \ chmod +x /etc/cont-init.d/* + +# Install socklog-overlay +ADD https://github.com/just-containers/socklog-overlay/releases/download/v3.1.0-1/socklog-overlay-amd64.tar.gz /tmp/ +RUN tar xzf /tmp/socklog-overlay-amd64.tar.gz -C / + # Set default path to project folder for easier running commands in project WORKDIR ${PROJECT_ROOT} EXPOSE ${PORT} diff --git a/ubuntu-7.3/rootfs/etc/cont-init.d/00-render-templates b/ubuntu-7.3/rootfs/etc/cont-init.d/00-render-templates index 56f69f3..17887c7 100755 --- a/ubuntu-7.3/rootfs/etc/cont-init.d/00-render-templates +++ b/ubuntu-7.3/rootfs/etc/cont-init.d/00-render-templates @@ -60,6 +60,7 @@ render_env_tmpl "$VARS" /etc/nginx/cache/redis_backend.conf render_env_tmpl "$VARS" /etc/nginx/cache/srcache.conf render_env_tmpl "$VARS" /etc/nginx/cache/fastcgicache_settings.conf render_env_tmpl "$VARS" /etc/nginx/cache/fastcgicache_skip_rules.conf +render_env_tmpl "$VARS" /etc/nginx/cache/fastcgicache_headers.conf ## # Render all user provided nginx templates ## diff --git a/ubuntu-7.3/rootfs/etc/nginx/cache/fastcgicache.conf b/ubuntu-7.3/rootfs/etc/nginx/cache/fastcgicache.conf index 1455277..17c5a4e 100644 --- a/ubuntu-7.3/rootfs/etc/nginx/cache/fastcgicache.conf +++ b/ubuntu-7.3/rootfs/etc/nginx/cache/fastcgicache.conf @@ -9,5 +9,3 @@ fastcgi_no_cache $skip_cache; fastcgi_cache WORDPRESS; #proxy_ignore_headers Set-Cookie Expires Cache-Control; -# Add header for easier cache debugging -add_header X-Cache $upstream_cache_status always; diff --git a/ubuntu-7.3/rootfs/etc/nginx/cache/fastcgicache_headers.conf b/ubuntu-7.3/rootfs/etc/nginx/cache/fastcgicache_headers.conf new file mode 100644 index 0000000..c6cba07 --- /dev/null +++ b/ubuntu-7.3/rootfs/etc/nginx/cache/fastcgicache_headers.conf @@ -0,0 +1,8 @@ +# Add header for easier cache debugging +add_header X-Cache $upstream_cache_status always; + +# Add header to force cache rule from project +add_header 'Cache-Control' ${NGINX_CACHE_CONTROL}; + +# If you need to debug the cache mode, uncomment the following line +# add_header X-cache-mode $cachemode; \ No newline at end of file diff --git a/ubuntu-7.3/rootfs/etc/nginx/cache/fastcgicache_settings.conf b/ubuntu-7.3/rootfs/etc/nginx/cache/fastcgicache_settings.conf index eefc166..03362c7 100644 --- a/ubuntu-7.3/rootfs/etc/nginx/cache/fastcgicache_settings.conf +++ b/ubuntu-7.3/rootfs/etc/nginx/cache/fastcgicache_settings.conf @@ -6,5 +6,4 @@ fastcgi_cache_key $scheme$request_method$host$request_uri; fastcgi_cache_lock on; fastcgi_cache_background_update on; fastcgi_cache_use_stale ${NGINX_CACHE_USE_STALE}; -fastcgi_cache_valid ${NGINX_REDIS_CACHE_TTL_DEFAULT}; -add_header 'Cache-Control' ${NGINX_CACHE_CONTROL}; \ No newline at end of file +fastcgi_cache_valid ${NGINX_REDIS_CACHE_TTL_DEFAULT}; \ No newline at end of file diff --git a/ubuntu-7.3/rootfs/etc/nginx/cache/fastcgicache_skip_rules.conf b/ubuntu-7.3/rootfs/etc/nginx/cache/fastcgicache_skip_rules.conf index ac94512..65523b6 100644 --- a/ubuntu-7.3/rootfs/etc/nginx/cache/fastcgicache_skip_rules.conf +++ b/ubuntu-7.3/rootfs/etc/nginx/cache/fastcgicache_skip_rules.conf @@ -93,8 +93,6 @@ set_by_lua_block $cache_args { end end } -# If you need to debug the cache mode, uncomment the following line -# add_header X-cache-mode $cachemode; # If there were any unaccepted query vars, skip cache if ($without != "") { @@ -102,7 +100,7 @@ if ($without != "") { } # Don't use the cache for logged in users or recent commenters -if ($http_cookie ~* "comment_author|wordpress_[a-f0-9]+|wp-postpass|wordpress_no_cache|wordpress_logged_in|woocommerce_items_in_cart") { +if ($http_cookie ~* "comment_author|wordpress_[a-f0-9]+|wp-postpass|wordpress_no_cache|wordpress_sec|wordpress_logged_in|woocommerce_items_in_cart") { set $skip_cache 1; } diff --git a/ubuntu-7.3/rootfs/etc/nginx/nginx.conf b/ubuntu-7.3/rootfs/etc/nginx/nginx.conf index d9850a0..10d34ee 100644 --- a/ubuntu-7.3/rootfs/etc/nginx/nginx.conf +++ b/ubuntu-7.3/rootfs/etc/nginx/nginx.conf @@ -93,6 +93,12 @@ http { # Add few headers which make XSS harder include security_headers.conf; + # Add headers from project + include ${NGINX_INCLUDE_DIR}/headers/*.conf; + + # Include cache headers + include cache/fastcgicache_headers.conf; + # If ${PORT} != 80 means that we are behind reverse proxy as well # This directive helps that we don't redirect clients into mysite.com:8080/resource type urls port_in_redirect off; diff --git a/ubuntu-7.3/rootfs/etc/nginx/security_headers.conf b/ubuntu-7.3/rootfs/etc/nginx/security_headers.conf index be78f67..b29b11e 100644 --- a/ubuntu-7.3/rootfs/etc/nginx/security_headers.conf +++ b/ubuntu-7.3/rootfs/etc/nginx/security_headers.conf @@ -21,3 +21,5 @@ add_header X-Content-Type-Options nosniff always; # this particular website if it was disabled by the user. # https://www.owasp.org/index.php/List_of_useful_HTTP_headers add_header X-XSS-Protection "1; mode=block"; + +add_header Strict-Transport-Security "max-age=31536000; includeSubdomains; preload"; diff --git a/ubuntu-7.3/rootfs/etc/php/7.3/cli/php.ini b/ubuntu-7.3/rootfs/etc/php/7.3/cli/php.ini index 5b4d1fe..9c11183 100644 --- a/ubuntu-7.3/rootfs/etc/php/7.3/cli/php.ini +++ b/ubuntu-7.3/rootfs/etc/php/7.3/cli/php.ini @@ -51,6 +51,8 @@ memory_limit = ${PHP_MEMORY_LIMIT} error_reporting = E_ALL +error_log = /proc/1/fd/2 + display_errors = On display_startup_errors = On diff --git a/ubuntu-7.4/Dockerfile b/ubuntu-7.4/Dockerfile index 4263cac..3c3db0a 100644 --- a/ubuntu-7.4/Dockerfile +++ b/ubuntu-7.4/Dockerfile @@ -183,6 +183,13 @@ ENV \ # Make sure that all files here have execute permissions RUN dpkg-reconfigure tzdata && \ chmod +x /etc/cont-init.d/* + +# Install socklog-overlay +ADD https://github.com/just-containers/socklog-overlay/releases/download/v3.1.0-1/socklog-overlay-amd64.tar.gz /tmp/ +RUN tar xzf /tmp/socklog-overlay-amd64.tar.gz -C / +RUN echo '+\n1' > /etc/socklog.rules/forward-stdout +RUN echo 'LANG="en_US.UTF-8"' > /etc/default/locale + # Set default path to project folder for easier running commands in project WORKDIR ${PROJECT_ROOT} EXPOSE ${PORT} diff --git a/ubuntu-7.4/rootfs/etc/cont-init.d/00-render-templates b/ubuntu-7.4/rootfs/etc/cont-init.d/00-render-templates index 56f69f3..34af891 100755 --- a/ubuntu-7.4/rootfs/etc/cont-init.d/00-render-templates +++ b/ubuntu-7.4/rootfs/etc/cont-init.d/00-render-templates @@ -60,6 +60,8 @@ render_env_tmpl "$VARS" /etc/nginx/cache/redis_backend.conf render_env_tmpl "$VARS" /etc/nginx/cache/srcache.conf render_env_tmpl "$VARS" /etc/nginx/cache/fastcgicache_settings.conf render_env_tmpl "$VARS" /etc/nginx/cache/fastcgicache_skip_rules.conf +render_env_tmpl "$VARS" /etc/nginx/cache/fastcgicache_headers.conf + ## # Render all user provided nginx templates ## diff --git a/ubuntu-7.4/rootfs/etc/nginx/additional.types b/ubuntu-7.4/rootfs/etc/nginx/additional.types index ac8070e..a2a8bb3 100644 --- a/ubuntu-7.4/rootfs/etc/nginx/additional.types +++ b/ubuntu-7.4/rootfs/etc/nginx/additional.types @@ -1,6 +1,8 @@ +# JUNE 2020 -> This is disabled because new nginx already has this +# # If developers add .woff2 type font files we should provide good Content-Type headers -types { +#types { # Add mime support for woff2 # http://stackoverflow.com/questions/28235550/proper-mime-type-for-woff2-fonts - font/woff2 woff2; -} +# font/woff2 woff2; +#} diff --git a/ubuntu-7.4/rootfs/etc/nginx/cache/fastcgicache.conf b/ubuntu-7.4/rootfs/etc/nginx/cache/fastcgicache.conf index 1455277..ca83caf 100644 --- a/ubuntu-7.4/rootfs/etc/nginx/cache/fastcgicache.conf +++ b/ubuntu-7.4/rootfs/etc/nginx/cache/fastcgicache.conf @@ -8,6 +8,3 @@ fastcgi_no_cache $skip_cache; fastcgi_cache WORDPRESS; #proxy_ignore_headers Set-Cookie Expires Cache-Control; - -# Add header for easier cache debugging -add_header X-Cache $upstream_cache_status always; diff --git a/ubuntu-7.4/rootfs/etc/nginx/cache/fastcgicache_headers.conf b/ubuntu-7.4/rootfs/etc/nginx/cache/fastcgicache_headers.conf new file mode 100644 index 0000000..c6cba07 --- /dev/null +++ b/ubuntu-7.4/rootfs/etc/nginx/cache/fastcgicache_headers.conf @@ -0,0 +1,8 @@ +# Add header for easier cache debugging +add_header X-Cache $upstream_cache_status always; + +# Add header to force cache rule from project +add_header 'Cache-Control' ${NGINX_CACHE_CONTROL}; + +# If you need to debug the cache mode, uncomment the following line +# add_header X-cache-mode $cachemode; \ No newline at end of file diff --git a/ubuntu-7.4/rootfs/etc/nginx/cache/fastcgicache_settings.conf b/ubuntu-7.4/rootfs/etc/nginx/cache/fastcgicache_settings.conf index eefc166..03362c7 100644 --- a/ubuntu-7.4/rootfs/etc/nginx/cache/fastcgicache_settings.conf +++ b/ubuntu-7.4/rootfs/etc/nginx/cache/fastcgicache_settings.conf @@ -6,5 +6,4 @@ fastcgi_cache_key $scheme$request_method$host$request_uri; fastcgi_cache_lock on; fastcgi_cache_background_update on; fastcgi_cache_use_stale ${NGINX_CACHE_USE_STALE}; -fastcgi_cache_valid ${NGINX_REDIS_CACHE_TTL_DEFAULT}; -add_header 'Cache-Control' ${NGINX_CACHE_CONTROL}; \ No newline at end of file +fastcgi_cache_valid ${NGINX_REDIS_CACHE_TTL_DEFAULT}; \ No newline at end of file diff --git a/ubuntu-7.4/rootfs/etc/nginx/cache/fastcgicache_skip_rules.conf b/ubuntu-7.4/rootfs/etc/nginx/cache/fastcgicache_skip_rules.conf index ac94512..f1f2835 100644 --- a/ubuntu-7.4/rootfs/etc/nginx/cache/fastcgicache_skip_rules.conf +++ b/ubuntu-7.4/rootfs/etc/nginx/cache/fastcgicache_skip_rules.conf @@ -93,8 +93,6 @@ set_by_lua_block $cache_args { end end } -# If you need to debug the cache mode, uncomment the following line -# add_header X-cache-mode $cachemode; # If there were any unaccepted query vars, skip cache if ($without != "") { diff --git a/ubuntu-7.4/rootfs/etc/nginx/nginx.conf b/ubuntu-7.4/rootfs/etc/nginx/nginx.conf index 47e5623..da91ea8 100644 --- a/ubuntu-7.4/rootfs/etc/nginx/nginx.conf +++ b/ubuntu-7.4/rootfs/etc/nginx/nginx.conf @@ -93,6 +93,12 @@ http { # Add few headers which make XSS harder include security_headers.conf; + # Add headers from project + include ${NGINX_INCLUDE_DIR}/headers/*.conf; + + # Include cache headers + include cache/fastcgicache_headers.conf; + # If ${PORT} != 80 means that we are behind reverse proxy as well # This directive helps that we don't redirect clients into mysite.com:8080/resource type urls port_in_redirect off; diff --git a/ubuntu-7.4/rootfs/etc/php/7.4/cli/php.ini b/ubuntu-7.4/rootfs/etc/php/7.4/cli/php.ini index 64af1a4..b1ee3e2 100644 --- a/ubuntu-7.4/rootfs/etc/php/7.4/cli/php.ini +++ b/ubuntu-7.4/rootfs/etc/php/7.4/cli/php.ini @@ -51,6 +51,8 @@ memory_limit = ${PHP_MEMORY_LIMIT} error_reporting = E_ALL +error_log = /proc/1/fd/2 + display_errors = On display_startup_errors = On From fbb049086446388897164fdc7b46ff657a42dc5b Mon Sep 17 00:00:00 2001 From: Hannu Kumpula Date: Tue, 4 Aug 2020 10:28:09 +0300 Subject: [PATCH 02/46] changelog --- CHANGELOG.md | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 50d0384..c9739bc 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,6 +4,21 @@ All notable changes to this project will be documented in this file. The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/) and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.html). + + +## [1.5.2] - 2020-08-04 + +### Added +- socklog to log syslog and cronlog for better debugging +- added wordpress_sec cookie to skip fullpage cache +- more security headers + +### Fixed +- headers where added in many places which made them not working correctly. Now headers are added in one place. For any headeres please use XXX_headers.conf files in +- php cli errorlog forwarded to /proc/1/fd/2 to make it work + +## [1.5.1] - 2020-xx-xx + ### Fixed - Updated error page external libraries to new versions From 58b2b47801ded1a11f168e69a966587e167bd7fb Mon Sep 17 00:00:00 2001 From: Hannu Kumpula Date: Mon, 10 Aug 2020 16:18:47 +0300 Subject: [PATCH 03/46] changelog + new socklog version --- CHANGELOG.md | 3 ++- ubuntu-7.0/Dockerfile | 4 +++- ubuntu-7.1/Dockerfile | 4 +++- ubuntu-7.2/Dockerfile | 4 +++- ubuntu-7.3/Dockerfile | 4 +++- ubuntu-7.4/Dockerfile | 2 +- 6 files changed, 15 insertions(+), 6 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index c9739bc..4506707 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -6,12 +6,13 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0. -## [1.5.2] - 2020-08-04 +## [1.5.2] - 2020-08-10 ### Added - socklog to log syslog and cronlog for better debugging - added wordpress_sec cookie to skip fullpage cache - more security headers +- updated socklog to latest version ### Fixed - headers where added in many places which made them not working correctly. Now headers are added in one place. For any headeres please use XXX_headers.conf files in diff --git a/ubuntu-7.0/Dockerfile b/ubuntu-7.0/Dockerfile index c43851f..ea16ab8 100644 --- a/ubuntu-7.0/Dockerfile +++ b/ubuntu-7.0/Dockerfile @@ -182,8 +182,10 @@ RUN dpkg-reconfigure tzdata && \ chmod +x /etc/cont-init.d/* # Install socklog-overlay -ADD https://github.com/just-containers/socklog-overlay/releases/download/v3.1.0-1/socklog-overlay-amd64.tar.gz /tmp/ +ADD https://github.com/just-containers/socklog-overlay/releases/download/v3.1.0-2/socklog-overlay-amd64.tar.gz /tmp/ RUN tar xzf /tmp/socklog-overlay-amd64.tar.gz -C / +RUN echo '+\n1' > /etc/socklog.rules/forward-stdout +RUN echo 'LANG="en_US.UTF-8"' > /etc/default/locale # Set default path to project folder for easier running commands in project WORKDIR ${PROJECT_ROOT} diff --git a/ubuntu-7.1/Dockerfile b/ubuntu-7.1/Dockerfile index e66b269..301cd2c 100644 --- a/ubuntu-7.1/Dockerfile +++ b/ubuntu-7.1/Dockerfile @@ -182,8 +182,10 @@ RUN dpkg-reconfigure tzdata && \ chmod +x /etc/cont-init.d/* # Install socklog-overlay -ADD https://github.com/just-containers/socklog-overlay/releases/download/v3.1.0-1/socklog-overlay-amd64.tar.gz /tmp/ +ADD https://github.com/just-containers/socklog-overlay/releases/download/v3.1.0-2/socklog-overlay-amd64.tar.gz /tmp/ RUN tar xzf /tmp/socklog-overlay-amd64.tar.gz -C / +RUN echo '+\n1' > /etc/socklog.rules/forward-stdout +RUN echo 'LANG="en_US.UTF-8"' > /etc/default/locale # Set default path to project folder for easier running commands in project WORKDIR ${PROJECT_ROOT} diff --git a/ubuntu-7.2/Dockerfile b/ubuntu-7.2/Dockerfile index 86fe398..48264aa 100644 --- a/ubuntu-7.2/Dockerfile +++ b/ubuntu-7.2/Dockerfile @@ -179,8 +179,10 @@ RUN dpkg-reconfigure tzdata && \ chmod +x /etc/cont-init.d/* # Install socklog-overlay -ADD https://github.com/just-containers/socklog-overlay/releases/download/v3.1.0-1/socklog-overlay-amd64.tar.gz /tmp/ +ADD https://github.com/just-containers/socklog-overlay/releases/download/v3.1.0-2/socklog-overlay-amd64.tar.gz /tmp/ RUN tar xzf /tmp/socklog-overlay-amd64.tar.gz -C / +RUN echo '+\n1' > /etc/socklog.rules/forward-stdout +RUN echo 'LANG="en_US.UTF-8"' > /etc/default/locale # Set default path to project folder for easier running commands in project WORKDIR ${PROJECT_ROOT} diff --git a/ubuntu-7.3/Dockerfile b/ubuntu-7.3/Dockerfile index ca7d7fc..e8e85f7 100644 --- a/ubuntu-7.3/Dockerfile +++ b/ubuntu-7.3/Dockerfile @@ -181,8 +181,10 @@ RUN dpkg-reconfigure tzdata && \ chmod +x /etc/cont-init.d/* # Install socklog-overlay -ADD https://github.com/just-containers/socklog-overlay/releases/download/v3.1.0-1/socklog-overlay-amd64.tar.gz /tmp/ +ADD https://github.com/just-containers/socklog-overlay/releases/download/v3.1.0-2/socklog-overlay-amd64.tar.gz /tmp/ RUN tar xzf /tmp/socklog-overlay-amd64.tar.gz -C / +RUN echo '+\n1' > /etc/socklog.rules/forward-stdout +RUN echo 'LANG="en_US.UTF-8"' > /etc/default/locale # Set default path to project folder for easier running commands in project WORKDIR ${PROJECT_ROOT} diff --git a/ubuntu-7.4/Dockerfile b/ubuntu-7.4/Dockerfile index 3c3db0a..af54d31 100644 --- a/ubuntu-7.4/Dockerfile +++ b/ubuntu-7.4/Dockerfile @@ -185,7 +185,7 @@ RUN dpkg-reconfigure tzdata && \ chmod +x /etc/cont-init.d/* # Install socklog-overlay -ADD https://github.com/just-containers/socklog-overlay/releases/download/v3.1.0-1/socklog-overlay-amd64.tar.gz /tmp/ +ADD https://github.com/just-containers/socklog-overlay/releases/download/v3.1.0-2/socklog-overlay-amd64.tar.gz /tmp/ RUN tar xzf /tmp/socklog-overlay-amd64.tar.gz -C / RUN echo '+\n1' > /etc/socklog.rules/forward-stdout RUN echo 'LANG="en_US.UTF-8"' > /etc/default/locale From f2a73d6129809449a506ab07a5d178b1d49fa218 Mon Sep 17 00:00:00 2001 From: Hannu Kumpula Date: Mon, 17 Aug 2020 11:17:25 +0300 Subject: [PATCH 04/46] headerfixes and more --- .../etc/cont-init.d/00-render-templates | 2 +- .../cont-init.d/02-init-directories-and-files | 4 +++ .../rootfs/etc/nginx/cache/fastcgicache.conf | 5 +++ .../etc/nginx/cache/fastcgicache_headers.conf | 5 ++- .../nginx/cache/fastcgicache_settings.conf | 6 ++-- ubuntu-7.3/rootfs/etc/nginx/nginx.conf | 11 +++++++ .../etc/cont-init.d/00-render-templates | 2 +- .../cont-init.d/02-init-directories-and-files | 3 ++ .../rootfs/etc/nginx/cache/fastcgicache.conf | 6 ++++ .../etc/nginx/cache/fastcgicache_headers.conf | 5 ++- .../nginx/cache/fastcgicache_settings.conf | 5 +-- ubuntu-7.4/rootfs/etc/nginx/nginx.conf | 31 ++++++++++++++++++- 12 files changed, 75 insertions(+), 10 deletions(-) diff --git a/ubuntu-7.3/rootfs/etc/cont-init.d/00-render-templates b/ubuntu-7.3/rootfs/etc/cont-init.d/00-render-templates index 17887c7..8fe5e21 100755 --- a/ubuntu-7.3/rootfs/etc/cont-init.d/00-render-templates +++ b/ubuntu-7.3/rootfs/etc/cont-init.d/00-render-templates @@ -47,7 +47,7 @@ export REDIS_CACHE_TTL=${REDIS_CACHE_TTL-14400} VARS+='$AWS_S3_BUCKET_NAME:AWS_S3_REPLICA_BUCKET_NAME' # Add Redis variables -VARS+='$REDIS_HOST:$REDIS_PORT:$REDIS_DATABASE:$REDIS_PASSWORD:$NGINX_REDIS_CACHE_TTL_MAX:$NGINX_REDIS_CACHE_TTL_DEFAULT:$NGINX_REDIS_CACHE_PREFIX' +VARS+='$REDIS_HOST:$REDIS_PORT:$REDIS_DATABASE:$REDIS_PASSWORD:$NGINX_REDIS_CACHE_TTL_MAX:$NGINX_REDIS_CACHE_TTL_DEFAULT:$NGINX_REDIS_CACHE_PREFIX:$NGINX_FASTCGI_CACHE_VALID' # Add image proxy variables VARS+='$GOOGLE_CLOUD_STORAGE_BUCKET_NAME' diff --git a/ubuntu-7.3/rootfs/etc/cont-init.d/02-init-directories-and-files b/ubuntu-7.3/rootfs/etc/cont-init.d/02-init-directories-and-files index 34df974..bc210bd 100755 --- a/ubuntu-7.3/rootfs/etc/cont-init.d/02-init-directories-and-files +++ b/ubuntu-7.3/rootfs/etc/cont-init.d/02-init-directories-and-files @@ -16,3 +16,7 @@ touch /var/log/php/error.log # Chown all files to wordpress chown -R $WEB_USER:$WEB_GROUP /var/log/{nginx,php,mail} + +# Give permissions to docker volume for shared cache +chmod 775 /sharedcache +chmod g+s /sharedcache diff --git a/ubuntu-7.3/rootfs/etc/nginx/cache/fastcgicache.conf b/ubuntu-7.3/rootfs/etc/nginx/cache/fastcgicache.conf index 17c5a4e..3dab680 100644 --- a/ubuntu-7.3/rootfs/etc/nginx/cache/fastcgicache.conf +++ b/ubuntu-7.3/rootfs/etc/nginx/cache/fastcgicache.conf @@ -7,5 +7,10 @@ fastcgi_cache_bypass $skip_cache; fastcgi_no_cache $skip_cache; fastcgi_cache WORDPRESS; +#fastcgi_hide_header Expires; +#fastcgi_hide_header Cache-Control; +fastcgi_ignore_headers Set-Cookie Expires; +# Cache-Control; + #proxy_ignore_headers Set-Cookie Expires Cache-Control; diff --git a/ubuntu-7.3/rootfs/etc/nginx/cache/fastcgicache_headers.conf b/ubuntu-7.3/rootfs/etc/nginx/cache/fastcgicache_headers.conf index c6cba07..fe6a87b 100644 --- a/ubuntu-7.3/rootfs/etc/nginx/cache/fastcgicache_headers.conf +++ b/ubuntu-7.3/rootfs/etc/nginx/cache/fastcgicache_headers.conf @@ -5,4 +5,7 @@ add_header X-Cache $upstream_cache_status always; add_header 'Cache-Control' ${NGINX_CACHE_CONTROL}; # If you need to debug the cache mode, uncomment the following line -# add_header X-cache-mode $cachemode; \ No newline at end of file +add_header X-cache-mode $cachemode; + +# Cache state +add_header X-Cache-State $state; \ No newline at end of file diff --git a/ubuntu-7.3/rootfs/etc/nginx/cache/fastcgicache_settings.conf b/ubuntu-7.3/rootfs/etc/nginx/cache/fastcgicache_settings.conf index 03362c7..be70442 100644 --- a/ubuntu-7.3/rootfs/etc/nginx/cache/fastcgicache_settings.conf +++ b/ubuntu-7.3/rootfs/etc/nginx/cache/fastcgicache_settings.conf @@ -1,9 +1,9 @@ ## # Basic settings of Fast cgi cache ## -fastcgi_cache_path ${NGINX_CACHE_DIRECTORY} levels=1:2 keys_zone=WORDPRESS:10m max_size=1000m inactive=730h; -fastcgi_cache_key $scheme$request_method$host$request_uri; +fastcgi_cache_path ${NGINX_CACHE_DIRECTORY} levels=1:2 keys_zone=WORDPRESS:10m max_size=1000m inactive=730hfastcgi_cache_key $scheme$request_method$host$request_uri$state; fastcgi_cache_lock on; fastcgi_cache_background_update on; fastcgi_cache_use_stale ${NGINX_CACHE_USE_STALE}; -fastcgi_cache_valid ${NGINX_REDIS_CACHE_TTL_DEFAULT}; \ No newline at end of file +fastcgi_cache_valid ${NGINX_REDIS_CACHE_TTL_DEFAULT}; +fastcgi_cache_valid ${NGINX_FASTCGI_CACHE_VALID}; \ No newline at end of file diff --git a/ubuntu-7.3/rootfs/etc/nginx/nginx.conf b/ubuntu-7.3/rootfs/etc/nginx/nginx.conf index 10d34ee..afc0e81 100644 --- a/ubuntu-7.3/rootfs/etc/nginx/nginx.conf +++ b/ubuntu-7.3/rootfs/etc/nginx/nginx.conf @@ -125,10 +125,21 @@ http { disable_symlinks off; + ## state variable must be set as it will crash nginx if logged in cache is not used + set $state ''; + # Include custom nginx server additions from project include ${NGINX_INCLUDE_DIR}/server/*.conf; include ${NGINX_INCLUDE_DIR}/environments/${WP_ENV}/server/*.conf; + set $custom_parameters ""; + + # Include custom cache confs + include ${NGINX_INCLUDE_DIR}/cache/*.conf; + + # Moved the cache key defining variable here so it can be altered by project + fastcgi_cache_key $scheme$request_method$host$uri$cache_args$custom_parameters$state; + # These variables are proxy conscious, so that they work even though we are behind reverse proxy include proxy_real_variables.conf; diff --git a/ubuntu-7.4/rootfs/etc/cont-init.d/00-render-templates b/ubuntu-7.4/rootfs/etc/cont-init.d/00-render-templates index 34af891..5d4a00d 100755 --- a/ubuntu-7.4/rootfs/etc/cont-init.d/00-render-templates +++ b/ubuntu-7.4/rootfs/etc/cont-init.d/00-render-templates @@ -47,7 +47,7 @@ export REDIS_CACHE_TTL=${REDIS_CACHE_TTL-14400} VARS+='$AWS_S3_BUCKET_NAME:AWS_S3_REPLICA_BUCKET_NAME' # Add Redis variables -VARS+='$REDIS_HOST:$REDIS_PORT:$REDIS_DATABASE:$REDIS_PASSWORD:$NGINX_REDIS_CACHE_TTL_MAX:$NGINX_REDIS_CACHE_TTL_DEFAULT:$NGINX_REDIS_CACHE_PREFIX' +VARS+='$REDIS_HOST:$REDIS_PORT:$REDIS_DATABASE:$REDIS_PASSWORD:$NGINX_REDIS_CACHE_TTL_MAX:$NGINX_REDIS_CACHE_TTL_DEFAULT:$NGINX_REDIS_CACHE_PREFIX:$NGINX_FASTCGI_CACHE_VALID' # Add image proxy variables VARS+='$GOOGLE_CLOUD_STORAGE_BUCKET_NAME' diff --git a/ubuntu-7.4/rootfs/etc/cont-init.d/02-init-directories-and-files b/ubuntu-7.4/rootfs/etc/cont-init.d/02-init-directories-and-files index 34df974..d7e2a7d 100755 --- a/ubuntu-7.4/rootfs/etc/cont-init.d/02-init-directories-and-files +++ b/ubuntu-7.4/rootfs/etc/cont-init.d/02-init-directories-and-files @@ -16,3 +16,6 @@ touch /var/log/php/error.log # Chown all files to wordpress chown -R $WEB_USER:$WEB_GROUP /var/log/{nginx,php,mail} + +chmod 775 /sharedcache +chmod g+s /sharedcache \ No newline at end of file diff --git a/ubuntu-7.4/rootfs/etc/nginx/cache/fastcgicache.conf b/ubuntu-7.4/rootfs/etc/nginx/cache/fastcgicache.conf index ca83caf..3dab680 100644 --- a/ubuntu-7.4/rootfs/etc/nginx/cache/fastcgicache.conf +++ b/ubuntu-7.4/rootfs/etc/nginx/cache/fastcgicache.conf @@ -7,4 +7,10 @@ fastcgi_cache_bypass $skip_cache; fastcgi_no_cache $skip_cache; fastcgi_cache WORDPRESS; +#fastcgi_hide_header Expires; +#fastcgi_hide_header Cache-Control; +fastcgi_ignore_headers Set-Cookie Expires; +# Cache-Control; + #proxy_ignore_headers Set-Cookie Expires Cache-Control; + diff --git a/ubuntu-7.4/rootfs/etc/nginx/cache/fastcgicache_headers.conf b/ubuntu-7.4/rootfs/etc/nginx/cache/fastcgicache_headers.conf index c6cba07..fe6a87b 100644 --- a/ubuntu-7.4/rootfs/etc/nginx/cache/fastcgicache_headers.conf +++ b/ubuntu-7.4/rootfs/etc/nginx/cache/fastcgicache_headers.conf @@ -5,4 +5,7 @@ add_header X-Cache $upstream_cache_status always; add_header 'Cache-Control' ${NGINX_CACHE_CONTROL}; # If you need to debug the cache mode, uncomment the following line -# add_header X-cache-mode $cachemode; \ No newline at end of file +add_header X-cache-mode $cachemode; + +# Cache state +add_header X-Cache-State $state; \ No newline at end of file diff --git a/ubuntu-7.4/rootfs/etc/nginx/cache/fastcgicache_settings.conf b/ubuntu-7.4/rootfs/etc/nginx/cache/fastcgicache_settings.conf index 03362c7..35d0735 100644 --- a/ubuntu-7.4/rootfs/etc/nginx/cache/fastcgicache_settings.conf +++ b/ubuntu-7.4/rootfs/etc/nginx/cache/fastcgicache_settings.conf @@ -2,8 +2,9 @@ # Basic settings of Fast cgi cache ## fastcgi_cache_path ${NGINX_CACHE_DIRECTORY} levels=1:2 keys_zone=WORDPRESS:10m max_size=1000m inactive=730h; -fastcgi_cache_key $scheme$request_method$host$request_uri; +fastcgi_cache_key $scheme$request_method$host$request_uri$state; fastcgi_cache_lock on; fastcgi_cache_background_update on; fastcgi_cache_use_stale ${NGINX_CACHE_USE_STALE}; -fastcgi_cache_valid ${NGINX_REDIS_CACHE_TTL_DEFAULT}; \ No newline at end of file +fastcgi_cache_valid ${NGINX_REDIS_CACHE_TTL_DEFAULT}; +fastcgi_cache_valid ${NGINX_FASTCGI_CACHE_VALID}; \ No newline at end of file diff --git a/ubuntu-7.4/rootfs/etc/nginx/nginx.conf b/ubuntu-7.4/rootfs/etc/nginx/nginx.conf index da91ea8..afc0e81 100644 --- a/ubuntu-7.4/rootfs/etc/nginx/nginx.conf +++ b/ubuntu-7.4/rootfs/etc/nginx/nginx.conf @@ -117,7 +117,7 @@ http { # Use index.php if it exists but also allow static websites in subfolders index index.php index.html; - + access_log ${NGINX_ACCESS_LOG} custom; # Blocked log file @@ -125,10 +125,21 @@ http { disable_symlinks off; + ## state variable must be set as it will crash nginx if logged in cache is not used + set $state ''; + # Include custom nginx server additions from project include ${NGINX_INCLUDE_DIR}/server/*.conf; include ${NGINX_INCLUDE_DIR}/environments/${WP_ENV}/server/*.conf; + set $custom_parameters ""; + + # Include custom cache confs + include ${NGINX_INCLUDE_DIR}/cache/*.conf; + + # Moved the cache key defining variable here so it can be altered by project + fastcgi_cache_key $scheme$request_method$host$uri$cache_args$custom_parameters$state; + # These variables are proxy conscious, so that they work even though we are behind reverse proxy include proxy_real_variables.conf; @@ -150,6 +161,11 @@ http { } location = /robots.txt { + if ( $host ~ gpilvi\.com|geniem\.io ) { + add_header Content-Type text/plain; + return 200 "User-agent: *\nDisallow: /\n"; + } + allow all; log_not_found off; access_log off; @@ -174,6 +190,15 @@ http { try_files $uri $uri/ /wp/$uri /wp/$uri/ @index; } + # Deny requesting .dust files from anywhere else in the theme than under the partials/public directory + location ~* \/themes\/[^\/]+\/partials\/public\/.*\.dust$ { + allow all; + } + + location ~* \/themes\/.*\.dust$ { + deny all; + } + # Static files location ~* \.(css|js|jpe?g|gif|ico|png|otf|ttf|eot|woff?2|svg|webp)$ { @@ -275,6 +300,10 @@ http { location @index { + # Include custom nginx index additions from project + include ${NGINX_INCLUDE_DIR}/index/*.conf; + include ${NGINX_INCLUDE_DIR}/environments/${WP_ENV}/index/*.conf; + ## Deny overriding Pagespeed if ($arg_pagespeed != '') { access_log $blocked_log blocked; return 403; } if ($arg_pagespeedspeedfilters != '') { access_log $blocked_log blocked; return 403; } From 428936fbad4e7da18e8cedf2219834eb0180a967 Mon Sep 17 00:00:00 2001 From: Hannu Kumpula Date: Tue, 22 Sep 2020 16:13:55 +0300 Subject: [PATCH 05/46] more stuff --- ubuntu-7.4/rootfs/etc/nginx/cache/fastcgicache_headers.conf | 5 ++++- .../rootfs/etc/nginx/cache/fastcgicache_skip_rules.conf | 3 --- ubuntu-7.4/rootfs/etc/nginx/nginx.conf | 3 +++ 3 files changed, 7 insertions(+), 4 deletions(-) diff --git a/ubuntu-7.4/rootfs/etc/nginx/cache/fastcgicache_headers.conf b/ubuntu-7.4/rootfs/etc/nginx/cache/fastcgicache_headers.conf index fe6a87b..2f031cb 100644 --- a/ubuntu-7.4/rootfs/etc/nginx/cache/fastcgicache_headers.conf +++ b/ubuntu-7.4/rootfs/etc/nginx/cache/fastcgicache_headers.conf @@ -8,4 +8,7 @@ add_header 'Cache-Control' ${NGINX_CACHE_CONTROL}; add_header X-cache-mode $cachemode; # Cache state -add_header X-Cache-State $state; \ No newline at end of file +add_header X-Cache-State $state; + +# Cache key +add_header X-Cache-Key $scheme$request_method$host$request_uri$state; \ No newline at end of file diff --git a/ubuntu-7.4/rootfs/etc/nginx/cache/fastcgicache_skip_rules.conf b/ubuntu-7.4/rootfs/etc/nginx/cache/fastcgicache_skip_rules.conf index f1f2835..8a9714a 100644 --- a/ubuntu-7.4/rootfs/etc/nginx/cache/fastcgicache_skip_rules.conf +++ b/ubuntu-7.4/rootfs/etc/nginx/cache/fastcgicache_skip_rules.conf @@ -17,9 +17,6 @@ if ($request_method = POST) { # Deal with accepted query vars set $without $query_string; -# Init the cache mode variable -set $cachemode ""; - set_by_lua_block $cache_args { local mode = os.getenv( 'CACHE_MODE' ) diff --git a/ubuntu-7.4/rootfs/etc/nginx/nginx.conf b/ubuntu-7.4/rootfs/etc/nginx/nginx.conf index afc0e81..ca03317 100644 --- a/ubuntu-7.4/rootfs/etc/nginx/nginx.conf +++ b/ubuntu-7.4/rootfs/etc/nginx/nginx.conf @@ -113,6 +113,9 @@ http { listen ${PORT} default_server; server_name _; + # Init the cache mode variable + set $cachemode ""; + root ${WEB_ROOT}; # Use index.php if it exists but also allow static websites in subfolders From e8ea2149dddd6a597f48b364afb2b2e1ea1cac5a Mon Sep 17 00:00:00 2001 From: Hannu Kumpula Date: Fri, 25 Sep 2020 16:38:36 +0300 Subject: [PATCH 06/46] php from dynamic to static --- ubuntu-7.4/rootfs/etc/php/7.4/fpm/php-fpm.conf | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/ubuntu-7.4/rootfs/etc/php/7.4/fpm/php-fpm.conf b/ubuntu-7.4/rootfs/etc/php/7.4/fpm/php-fpm.conf index 0f24199..43cb5a9 100644 --- a/ubuntu-7.4/rootfs/etc/php/7.4/fpm/php-fpm.conf +++ b/ubuntu-7.4/rootfs/etc/php/7.4/fpm/php-fpm.conf @@ -11,10 +11,10 @@ group = ${WEB_GROUP} listen = /var/run/php-fpm.sock listen.owner = ${WEB_USER} listen.group = ${WEB_GROUP} -pm = dynamic +pm = static ; Total RAM dedicated to the web server / Max child process size -pm.max_children = 30 +pm.max_children = 8 pm.start_servers = 1 pm.min_spare_servers = 1 From 584fa79185c8eaea26d2374236eaffd7467e08d5 Mon Sep 17 00:00:00 2001 From: Hannu Kumpula Date: Mon, 12 Oct 2020 13:04:42 +0300 Subject: [PATCH 07/46] revert to fpm dynamic and add security headers --- ubuntu-7.4/rootfs/etc/nginx/security_headers.conf | 5 +++++ ubuntu-7.4/rootfs/etc/php/7.4/fpm/php-fpm.conf | 4 ++-- 2 files changed, 7 insertions(+), 2 deletions(-) diff --git a/ubuntu-7.4/rootfs/etc/nginx/security_headers.conf b/ubuntu-7.4/rootfs/etc/nginx/security_headers.conf index be78f67..fd37e2b 100644 --- a/ubuntu-7.4/rootfs/etc/nginx/security_headers.conf +++ b/ubuntu-7.4/rootfs/etc/nginx/security_headers.conf @@ -21,3 +21,8 @@ add_header X-Content-Type-Options nosniff always; # this particular website if it was disabled by the user. # https://www.owasp.org/index.php/List_of_useful_HTTP_headers add_header X-XSS-Protection "1; mode=block"; + +add_header Referrer-Policy: same-origin; + +add_header Strict-Transport-Security: "max-age=15724800; includeSubdomains"; + diff --git a/ubuntu-7.4/rootfs/etc/php/7.4/fpm/php-fpm.conf b/ubuntu-7.4/rootfs/etc/php/7.4/fpm/php-fpm.conf index 43cb5a9..54cd4bb 100644 --- a/ubuntu-7.4/rootfs/etc/php/7.4/fpm/php-fpm.conf +++ b/ubuntu-7.4/rootfs/etc/php/7.4/fpm/php-fpm.conf @@ -11,10 +11,10 @@ group = ${WEB_GROUP} listen = /var/run/php-fpm.sock listen.owner = ${WEB_USER} listen.group = ${WEB_GROUP} -pm = static +pm = dynamic ; Total RAM dedicated to the web server / Max child process size -pm.max_children = 8 +pm.max_children = 20 pm.start_servers = 1 pm.min_spare_servers = 1 From e53dad349e605aac757e440ee7b7a08d0b2859d2 Mon Sep 17 00:00:00 2001 From: Hannu Kumpula Date: Mon, 12 Oct 2020 13:36:04 +0300 Subject: [PATCH 08/46] fix to security headers --- ubuntu-7.4/rootfs/etc/nginx/security_headers.conf | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/ubuntu-7.4/rootfs/etc/nginx/security_headers.conf b/ubuntu-7.4/rootfs/etc/nginx/security_headers.conf index fd37e2b..ae629ea 100644 --- a/ubuntu-7.4/rootfs/etc/nginx/security_headers.conf +++ b/ubuntu-7.4/rootfs/etc/nginx/security_headers.conf @@ -22,7 +22,7 @@ add_header X-Content-Type-Options nosniff always; # https://www.owasp.org/index.php/List_of_useful_HTTP_headers add_header X-XSS-Protection "1; mode=block"; -add_header Referrer-Policy: same-origin; +add_header Referrer-Policy "same-origin"; -add_header Strict-Transport-Security: "max-age=15724800; includeSubdomains"; +add_header Strict-Transport-Security "max-age=15724800; includeSubdomains"; From f4a9df6a610ad2a968fefb9243e431985ef7db07 Mon Sep 17 00:00:00 2001 From: Hannu Kumpula Date: Mon, 12 Oct 2020 13:43:09 +0300 Subject: [PATCH 09/46] add default cache valid header and default max cache size --- ubuntu-7.4/Dockerfile | 8 +++++--- ubuntu-7.4/rootfs/etc/cont-init.d/00-render-templates | 2 +- .../rootfs/etc/nginx/cache/fastcgicache_settings.conf | 2 +- 3 files changed, 7 insertions(+), 5 deletions(-) diff --git a/ubuntu-7.4/Dockerfile b/ubuntu-7.4/Dockerfile index af54d31..ece94f4 100644 --- a/ubuntu-7.4/Dockerfile +++ b/ubuntu-7.4/Dockerfile @@ -130,9 +130,12 @@ ENV \ # Time units supported are "s"(seconds), "ms"(milliseconds), "y"(years), "M"(months), "w"(weeks), "d"(days), "h"(hours), and "m"(minutes). # Also http response codes that are cached can be set NGINX_REDIS_CACHE_TTL_DEFAULT="200 301 302 1m" \ + NGINX_FASTCGI_CACHE_VALID="404 1m" \ NGINX_REDIS_CACHE_TTL_MAX="4h" \ # Default fastcgi cache directory - NGINX_CACHE_DIRECTORY="/dev/cache" \ + NGINX_CACHE_DIRECTORY="/tmp/nginx/fullpage" \ + # Default fastcgi cache size + NGINX_CACHE_MAX_SIZE="1000m" \ # Default operations when fastcgi stale cache is used NGINX_CACHE_USE_STALE="error timeout invalid_header updating http_500 http_503 http_403 http_404 http_429" \ # Default headers for fastcgi stale- and error cache @@ -193,5 +196,4 @@ RUN echo 'LANG="en_US.UTF-8"' > /etc/default/locale # Set default path to project folder for easier running commands in project WORKDIR ${PROJECT_ROOT} EXPOSE ${PORT} -ENTRYPOINT ["/init"] - +ENTRYPOINT ["/init"] \ No newline at end of file diff --git a/ubuntu-7.4/rootfs/etc/cont-init.d/00-render-templates b/ubuntu-7.4/rootfs/etc/cont-init.d/00-render-templates index 5d4a00d..e67db45 100755 --- a/ubuntu-7.4/rootfs/etc/cont-init.d/00-render-templates +++ b/ubuntu-7.4/rootfs/etc/cont-init.d/00-render-templates @@ -47,7 +47,7 @@ export REDIS_CACHE_TTL=${REDIS_CACHE_TTL-14400} VARS+='$AWS_S3_BUCKET_NAME:AWS_S3_REPLICA_BUCKET_NAME' # Add Redis variables -VARS+='$REDIS_HOST:$REDIS_PORT:$REDIS_DATABASE:$REDIS_PASSWORD:$NGINX_REDIS_CACHE_TTL_MAX:$NGINX_REDIS_CACHE_TTL_DEFAULT:$NGINX_REDIS_CACHE_PREFIX:$NGINX_FASTCGI_CACHE_VALID' +VARS+='$REDIS_HOST:$REDIS_PORT:$REDIS_DATABASE:$REDIS_PASSWORD:$NGINX_REDIS_CACHE_TTL_MAX:$NGINX_REDIS_CACHE_TTL_DEFAULT:$NGINX_REDIS_CACHE_PREFIX:$NGINX_FASTCGI_CACHE_VALID:$NGINX_CACHE_MAX_SIZE' # Add image proxy variables VARS+='$GOOGLE_CLOUD_STORAGE_BUCKET_NAME' diff --git a/ubuntu-7.4/rootfs/etc/nginx/cache/fastcgicache_settings.conf b/ubuntu-7.4/rootfs/etc/nginx/cache/fastcgicache_settings.conf index 35d0735..b490e8d 100644 --- a/ubuntu-7.4/rootfs/etc/nginx/cache/fastcgicache_settings.conf +++ b/ubuntu-7.4/rootfs/etc/nginx/cache/fastcgicache_settings.conf @@ -1,7 +1,7 @@ ## # Basic settings of Fast cgi cache ## -fastcgi_cache_path ${NGINX_CACHE_DIRECTORY} levels=1:2 keys_zone=WORDPRESS:10m max_size=1000m inactive=730h; +fastcgi_cache_path ${NGINX_CACHE_DIRECTORY} levels=1:2 keys_zone=WORDPRESS:10m max_size=${NGINX_CACHE_MAX_SIZE} inactive=730h; fastcgi_cache_key $scheme$request_method$host$request_uri$state; fastcgi_cache_lock on; fastcgi_cache_background_update on; From 2469edf2cff7d1fdfdd47f93c969a1d1cf67632e Mon Sep 17 00:00:00 2001 From: Hannu Kumpula Date: Tue, 20 Oct 2020 17:40:28 +0300 Subject: [PATCH 10/46] init stable release of php74 --- ubuntu-7.4/Dockerfile | 25 +++++------ .../etc/cont-init.d/00-render-templates | 6 +-- .../etc/nginx/cache/fastcgicache_headers.conf | 2 +- .../nginx/cache/fastcgicache_settings.conf | 25 ++++++++--- .../nginx/cache/fastcgicache_skip_rules.conf | 8 ++-- .../rootfs/etc/nginx/cache/redis_backend.conf | 45 ------------------- .../rootfs/etc/nginx/cache/skip_rules.conf | 30 ------------- .../rootfs/etc/nginx/cache/srcache.conf | 20 --------- ubuntu-7.4/rootfs/etc/nginx/env.conf | 4 +- 9 files changed, 42 insertions(+), 123 deletions(-) delete mode 100644 ubuntu-7.4/rootfs/etc/nginx/cache/redis_backend.conf delete mode 100644 ubuntu-7.4/rootfs/etc/nginx/cache/skip_rules.conf delete mode 100644 ubuntu-7.4/rootfs/etc/nginx/cache/srcache.conf diff --git a/ubuntu-7.4/Dockerfile b/ubuntu-7.4/Dockerfile index ece94f4..3dfb67f 100644 --- a/ubuntu-7.4/Dockerfile +++ b/ubuntu-7.4/Dockerfile @@ -112,8 +112,6 @@ ENV \ # Set defaults which can be overriden MYSQL_PORT="3306" \ # Use default web port in nginx but allow it to be overridden - # This also works correctly with flynn: - # https://github.com/flynn/flynn/issues/3213#issuecomment-237307457 PORT="8080" \ # Use custom users for nginx and php-fpm WEB_USER="wordpress" \ @@ -129,17 +127,19 @@ ENV \ # This variable uses seconds by default # Time units supported are "s"(seconds), "ms"(milliseconds), "y"(years), "M"(months), "w"(weeks), "d"(days), "h"(hours), and "m"(minutes). # Also http response codes that are cached can be set - NGINX_REDIS_CACHE_TTL_DEFAULT="200 301 302 1m" \ - NGINX_FASTCGI_CACHE_VALID="404 1m" \ - NGINX_REDIS_CACHE_TTL_MAX="4h" \ + NGINX_FASTCGI_CACHE_VALID_HEADER="200 301 302 404 1m" \ # Default fastcgi cache directory - NGINX_CACHE_DIRECTORY="/tmp/nginx/fullpage" \ + NGINX_FASTCGI_CACHE_DIRECTORY="/tmp/nginx/fullpage" \ # Default fastcgi cache size - NGINX_CACHE_MAX_SIZE="1000m" \ + NGINX_FASTCGI_CACHE_MAX_SIZE="1000m" \ # Default operations when fastcgi stale cache is used - NGINX_CACHE_USE_STALE="error timeout invalid_header updating http_500 http_503 http_403 http_404 http_429" \ + NGINX_FASTCGI_CACHE_USE_STALE="error timeout invalid_header updating http_500 http_503 http_403 http_404 http_429" \ # Default headers for fastcgi stale- and error cache - NGINX_CACHE_CONTROL='"max-age=60, stale-while-revalidate=300, stale-if-error=21600"'\ + NGINX_FASTCGI_CACHE_CONTROL='"max-age=60, stale-while-revalidate=300, stale-if-error=21600"'\ + #Default time for fastcgi cache path inactive attribute + NGINX_FASTCGI_CACHE_INACTIVE="730h" + #Fastcgi default value for updating cache on background + NGINX_FASTCGI_CACHE_BACKGROUND_UPDATE="on" # Cronlock is used to stop simultaneous cronjobs in clusterised environments CRONLOCK_HOST="" \ # This is used by nginx and php-fpm @@ -149,7 +149,7 @@ ENV \ # Nginx include files NGINX_INCLUDE_DIR="/var/www/project/nginx" \ # Allow bigger file uploads - NGINX_MAX_BODY_SIZE="10M" \ + NGINX_MAX_BODY_SIZE="20M" \ # Allow storing bigger body in memory NGINX_BODY_BUFFER_SIZE="32k" \ # Have sane fastcgi timeout by default @@ -160,8 +160,6 @@ ENV \ NGINX_ERROR_LOG="/dev/stderr" \ # Have sane fastcgi timeout by default NGINX_ACCESS_LOG="/dev/stdout" \ - # Default cache key for nginx http cache - NGINX_CACHE_KEY='wp_:nginx:$real_scheme$request_method$host$request_uri' \ # PHP settings PHP_MEMORY_LIMIT="128M" \ PHP_MAX_INPUT_VARS="1000" \ @@ -176,7 +174,7 @@ ENV \ # Amount of memory in MB to allocate for opcache PHP_OPCACHE_MAX_MEMORY="128" \ # Use host machine as default SMTP_HOST - SMTP_HOST="172.17.2.1" \ + SMTP_HOST="" \ # This folder is used to mount files into host machine # You should use this path for your uploads since everything else should be ephemeral UPLOADS_ROOT="/var/www/uploads" \ @@ -190,6 +188,7 @@ RUN dpkg-reconfigure tzdata && \ # Install socklog-overlay ADD https://github.com/just-containers/socklog-overlay/releases/download/v3.1.0-2/socklog-overlay-amd64.tar.gz /tmp/ RUN tar xzf /tmp/socklog-overlay-amd64.tar.gz -C / +RUN rm /tmp/socklog-overlay-amd64.tar.gz RUN echo '+\n1' > /etc/socklog.rules/forward-stdout RUN echo 'LANG="en_US.UTF-8"' > /etc/default/locale diff --git a/ubuntu-7.4/rootfs/etc/cont-init.d/00-render-templates b/ubuntu-7.4/rootfs/etc/cont-init.d/00-render-templates index e67db45..97ae647 100755 --- a/ubuntu-7.4/rootfs/etc/cont-init.d/00-render-templates +++ b/ubuntu-7.4/rootfs/etc/cont-init.d/00-render-templates @@ -29,7 +29,7 @@ echo "[cont-init.d] Substituting env into configuration files..." ## # Nginx doesn't support env variables in config files so we will have to do this in hacky way instead ## -VARS='$PORT:$WEB_ROOT:$WEB_USER:$WEB_GROUP:$NGINX_ACCESS_LOG:$NGINX_ERROR_LOG:$NGINX_ERROR_LEVEL:$NGINX_INCLUDE_DIR:$NGINX_MAX_BODY_SIZE:$NGINX_BODY_BUFFER_SIZE:$NGINX_FASTCGI_TIMEOUT:$WP_ENV:$NGINX_CACHE_KEY' +VARS='$PORT:$WEB_ROOT:$WEB_USER:$WEB_GROUP:$NGINX_ACCESS_LOG:$NGINX_ERROR_LOG:$NGINX_ERROR_LEVEL:$NGINX_INCLUDE_DIR:$NGINX_MAX_BODY_SIZE:$NGINX_BODY_BUFFER_SIZE:$NGINX_FASTCGI_TIMEOUT:$WP_ENV' render_env_tmpl "$VARS" /etc/nginx/nginx.conf ## @@ -47,13 +47,13 @@ export REDIS_CACHE_TTL=${REDIS_CACHE_TTL-14400} VARS+='$AWS_S3_BUCKET_NAME:AWS_S3_REPLICA_BUCKET_NAME' # Add Redis variables -VARS+='$REDIS_HOST:$REDIS_PORT:$REDIS_DATABASE:$REDIS_PASSWORD:$NGINX_REDIS_CACHE_TTL_MAX:$NGINX_REDIS_CACHE_TTL_DEFAULT:$NGINX_REDIS_CACHE_PREFIX:$NGINX_FASTCGI_CACHE_VALID:$NGINX_CACHE_MAX_SIZE' +VARS+='$REDIS_HOST:$REDIS_PORT:$REDIS_DATABASE:$REDIS_PASSWORD:$NGINX_FASTCGI_CACHE_VALID:$NGINX_FASTCGI_CACHE_VALID_2:$NGINX_FASTCGI_CACHE_VALID_3:$NGINX_FASTCGI_CACHE_VALID_4:$NGINX_FASTCGI_CACHE_VALID_5:$NGINX_FASTCGI_CACHE_MAX_SIZE:$NGINX_FASTCGI_CACHE_INACTIVE:$NGINX_FASTCGI_CACHE_BACKGROUND_UPDATE' # Add image proxy variables VARS+='$GOOGLE_CLOUD_STORAGE_BUCKET_NAME' # Add cache variables -VARS+='$NGINX_CACHE_USE_STALE:$NGINX_CACHE_CONTROL:$NGINX_CACHE_DIRECTORY' +VARS+='$NGINX_CACHE_USE_STALE:$NGINX_FASTCGI_CACHE_CONTROL:$NGINX_FASTCGI_CACHE_DIRECTORY' render_env_tmpl "$VARS" /etc/nginx/cache/redis_backend.conf diff --git a/ubuntu-7.4/rootfs/etc/nginx/cache/fastcgicache_headers.conf b/ubuntu-7.4/rootfs/etc/nginx/cache/fastcgicache_headers.conf index 2f031cb..4e557ad 100644 --- a/ubuntu-7.4/rootfs/etc/nginx/cache/fastcgicache_headers.conf +++ b/ubuntu-7.4/rootfs/etc/nginx/cache/fastcgicache_headers.conf @@ -2,7 +2,7 @@ add_header X-Cache $upstream_cache_status always; # Add header to force cache rule from project -add_header 'Cache-Control' ${NGINX_CACHE_CONTROL}; +add_header 'Cache-Control' ${NGINX_FASTCGI_CACHE_CONTROL}; # If you need to debug the cache mode, uncomment the following line add_header X-cache-mode $cachemode; diff --git a/ubuntu-7.4/rootfs/etc/nginx/cache/fastcgicache_settings.conf b/ubuntu-7.4/rootfs/etc/nginx/cache/fastcgicache_settings.conf index b490e8d..36093a4 100644 --- a/ubuntu-7.4/rootfs/etc/nginx/cache/fastcgicache_settings.conf +++ b/ubuntu-7.4/rootfs/etc/nginx/cache/fastcgicache_settings.conf @@ -1,10 +1,25 @@ ## # Basic settings of Fast cgi cache ## -fastcgi_cache_path ${NGINX_CACHE_DIRECTORY} levels=1:2 keys_zone=WORDPRESS:10m max_size=${NGINX_CACHE_MAX_SIZE} inactive=730h; +fastcgi_cache_path ${NGINX_FASTCGI_CACHE_DIRECTORY} levels=1:2 keys_zone=WORDPRESS:10m max_size=${NGINX_FASTCGI_CACHE_MAX_SIZE} inactive=${NGINX_FASTCGI_INACTIVE}; fastcgi_cache_key $scheme$request_method$host$request_uri$state; fastcgi_cache_lock on; -fastcgi_cache_background_update on; -fastcgi_cache_use_stale ${NGINX_CACHE_USE_STALE}; -fastcgi_cache_valid ${NGINX_REDIS_CACHE_TTL_DEFAULT}; -fastcgi_cache_valid ${NGINX_FASTCGI_CACHE_VALID}; \ No newline at end of file +fastcgi_cache_background_update "${NGINX_FASTCGI_CACHE_BACKGROUND_UPDATE}"; +fastcgi_cache_use_stale ${NGINX_FASTCGI_CACHE_USE_STALE}; +fastcgi_cache_valid ${NGINX_FASTCGI_CACHE_VALID}; + +if ("${NGINX_FASTCGI_CACHE_VALID_2}" != "") { + fastcgi_cache_valid ${NGINX_FASTCGI_CACHE_VALID_2}; +} + +if ("${NGINX_FASTCGI_CACHE_VALID_3}" != "") { + fastcgi_cache_valid ${NGINX_FASTCGI_CACHE_VALID_3}; +} + +if ("${NGINX_FASTCGI_CACHE_VALID_4}" != "") { + fastcgi_cache_valid ${NGINX_FASTCGI_CACHE_VALID_4}; +} + +if ("${NGINX_FASTCGI_CACHE_VALID_5}" != "") { + fastcgi_cache_valid ${NGINX_FASTCGI_CACHE_VALID_5}; +} \ No newline at end of file diff --git a/ubuntu-7.4/rootfs/etc/nginx/cache/fastcgicache_skip_rules.conf b/ubuntu-7.4/rootfs/etc/nginx/cache/fastcgicache_skip_rules.conf index 8a9714a..2e2199f 100644 --- a/ubuntu-7.4/rootfs/etc/nginx/cache/fastcgicache_skip_rules.conf +++ b/ubuntu-7.4/rootfs/etc/nginx/cache/fastcgicache_skip_rules.conf @@ -18,7 +18,7 @@ if ($request_method = POST) { set $without $query_string; set_by_lua_block $cache_args { - local mode = os.getenv( 'CACHE_MODE' ) + local mode = os.getenv( 'NGINX_FASTCGI_CACHE_MODE' ) if mode == nil then mode = "whitelist" @@ -49,7 +49,7 @@ set_by_lua_block $cache_args { local without = ngx.var.without or "" -- Get a list of accepted query vars from env variable - local accepted = split( ( os.getenv( 'CACHE_QUERYVARS' ) or "" ), "," ) + local accepted = split( ( os.getenv( 'NGINX_FASTCGI_CACHE_MODE' ) or "" ), "," ) -- Loop through the list for key, accept in pairs(accepted) do @@ -77,7 +77,7 @@ set_by_lua_block $cache_args { else -- Get a list of blacklisted query vars from env variable - local blacklist = split( ( os.getenv( 'CACHE_QUERYVARS' ) or "" ), "," ) + local blacklist = split( ( os.getenv( 'NGINX_FASTCGI_CACHE_MODE' ) or "" ), "," ) local queryvars = ngx.decode_args( ngx.var.query_string or "" ) ngx.var.without = "" @@ -97,7 +97,7 @@ if ($without != "") { } # Don't use the cache for logged in users or recent commenters -if ($http_cookie ~* "comment_author|wordpress_[a-f0-9]+|wp-postpass|wordpress_no_cache|wordpress_logged_in|woocommerce_items_in_cart") { +if ($http_cookie ~* "comment_author|wordpress_[a-f0-9]+|wp-postpass|wordpress_no_cache|wordpress_sec|wordpress_logged_in|woocommerce_items_in_cart") { set $skip_cache 1; } diff --git a/ubuntu-7.4/rootfs/etc/nginx/cache/redis_backend.conf b/ubuntu-7.4/rootfs/etc/nginx/cache/redis_backend.conf deleted file mode 100644 index e9f86a3..0000000 --- a/ubuntu-7.4/rootfs/etc/nginx/cache/redis_backend.conf +++ /dev/null @@ -1,45 +0,0 @@ -## -# Adds internal locations for storing and getting full page cache from redis -## - -srcache_default_expire '${NGINX_REDIS_CACHE_TTL_DEFAULT}'; -srcache_max_expire '${NGINX_REDIS_CACHE_TTL_MAX}'; - -location /redis-fetch { - internal; - - ## - # In order to use password authentication we use custom redis module which adds $redis_auth: - # - https://github.com/Yongke/ngx_http_redis-0.3.7 - ## - - # Read the configuration from system envs - set $redis_auth '${REDIS_PASSWORD}'; - set $redis_db ${REDIS_DATABASE}; - - set $redis_key $args; - - redis_pass ${REDIS_HOST}:${REDIS_PORT}; -} - -location /redis-store { - internal; - - set_unescape_uri $exptime $arg_exptime; - set_unescape_uri $key $arg_key; - - # Fix caching problem for now - # There's issue in github https://github.com/openresty/srcache-nginx-module/issues/61 - set_if_empty $srcache_expire '${NGINX_REDIS_CACHE_TTL_DEFAULT}'; - - # redis module pipelines these 3 commands into single request - redis2_query auth '${REDIS_PASSWORD}'; - redis2_query select ${REDIS_DATABASE}; - - # Set and expire with one command: http://redis.io/commands/setex - redis2_query setex $key $srcache_expire $echo_request_body; - - # Pass the request to redis - redis2_pass ${REDIS_HOST}:${REDIS_PORT}; - -} diff --git a/ubuntu-7.4/rootfs/etc/nginx/cache/skip_rules.conf b/ubuntu-7.4/rootfs/etc/nginx/cache/skip_rules.conf deleted file mode 100644 index 43344c8..0000000 --- a/ubuntu-7.4/rootfs/etc/nginx/cache/skip_rules.conf +++ /dev/null @@ -1,30 +0,0 @@ -## -# Add few rules which deny using cache -## - -# Don't skip cache by default -set $skip_cache 0; - -# POST requests and urls with a query string should always go to PHP -if ($request_method = POST) { - set $skip_cache 1; -} - -# If theres any args skip cache -if ($query_string != "") { - set $skip_cache 1; -} - -# Don't use the cache for logged in users or recent commenters -if ($http_cookie ~* "comment_author|wordpress_[a-f0-9]+|wp-postpass|wordpress_no_cache|wordpress_logged_in|woocommerce_items_in_cart") { - set $skip_cache 1; -} - -# Don't cache responses from wp-admin, xmlrpc and wp-login.php -if ($request_uri ~* "/wp-admin/|/xmlrpc.php|wp-.*.php") { - set $skip_cache 1; -} - -# Skip fetch and skip if conditions are met -srcache_fetch_skip $skip_cache; -srcache_store_skip $skip_cache; diff --git a/ubuntu-7.4/rootfs/etc/nginx/cache/srcache.conf b/ubuntu-7.4/rootfs/etc/nginx/cache/srcache.conf deleted file mode 100644 index 85027dd..0000000 --- a/ubuntu-7.4/rootfs/etc/nginx/cache/srcache.conf +++ /dev/null @@ -1,20 +0,0 @@ -## -# Add few rules which deny using cache -## -include cache/skip_rules.conf; -include cache/helper_variables.conf; - -# Use redis caching for all pages -# Allow different cache key from env -# Use 'wp_' prefix so that cache can be flushed with: -# $ wp cache flush -set $cache_key "${NGINX_CACHE_KEY}"; -set_escape_uri $escaped_cache_key $cache_key; - -srcache_response_cache_control on; - -srcache_fetch GET /redis-fetch $cache_key; -srcache_store PUT /redis-store key=$escaped_cache_key; - -# Add header for easier cache debugging -add_header X-Cache $srcache_fetch_status; diff --git a/ubuntu-7.4/rootfs/etc/nginx/env.conf b/ubuntu-7.4/rootfs/etc/nginx/env.conf index 1a133cb..7886e0f 100644 --- a/ubuntu-7.4/rootfs/etc/nginx/env.conf +++ b/ubuntu-7.4/rootfs/etc/nginx/env.conf @@ -10,5 +10,5 @@ env REDIS_HOST; env REDIS_PORT; env REDIS_DATABASE; env REDIS_PASSWORD; -env CACHE_QUERYVARS; -env CACHE_MODE; \ No newline at end of file +env NGINX_FASTCGI_CACHE_QUERYVARS; +env NGINX_FASTCGI_CACHE_MODE; \ No newline at end of file From 2c3dbed00b0167322c92ad0ea022ab583b214f88 Mon Sep 17 00:00:00 2001 From: Hannu Kumpula Date: Mon, 9 Nov 2020 14:15:39 +0200 Subject: [PATCH 11/46] ... --- ubuntu-7.4/Dockerfile | 1 + ubuntu-7.4/rootfs/etc/cont-init.d/00-render-templates | 4 ++-- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/ubuntu-7.4/Dockerfile b/ubuntu-7.4/Dockerfile index 3dfb67f..893ce09 100644 --- a/ubuntu-7.4/Dockerfile +++ b/ubuntu-7.4/Dockerfile @@ -136,6 +136,7 @@ ENV \ NGINX_FASTCGI_CACHE_USE_STALE="error timeout invalid_header updating http_500 http_503 http_403 http_404 http_429" \ # Default headers for fastcgi stale- and error cache NGINX_FASTCGI_CACHE_CONTROL='"max-age=60, stale-while-revalidate=300, stale-if-error=21600"'\ + NGINX_CACHE_CONTROL='"max-age=60, stale-while-revalidate=300, stale-if-error=21600"'\ #Default time for fastcgi cache path inactive attribute NGINX_FASTCGI_CACHE_INACTIVE="730h" #Fastcgi default value for updating cache on background diff --git a/ubuntu-7.4/rootfs/etc/cont-init.d/00-render-templates b/ubuntu-7.4/rootfs/etc/cont-init.d/00-render-templates index 97ae647..102c6c9 100755 --- a/ubuntu-7.4/rootfs/etc/cont-init.d/00-render-templates +++ b/ubuntu-7.4/rootfs/etc/cont-init.d/00-render-templates @@ -47,13 +47,13 @@ export REDIS_CACHE_TTL=${REDIS_CACHE_TTL-14400} VARS+='$AWS_S3_BUCKET_NAME:AWS_S3_REPLICA_BUCKET_NAME' # Add Redis variables -VARS+='$REDIS_HOST:$REDIS_PORT:$REDIS_DATABASE:$REDIS_PASSWORD:$NGINX_FASTCGI_CACHE_VALID:$NGINX_FASTCGI_CACHE_VALID_2:$NGINX_FASTCGI_CACHE_VALID_3:$NGINX_FASTCGI_CACHE_VALID_4:$NGINX_FASTCGI_CACHE_VALID_5:$NGINX_FASTCGI_CACHE_MAX_SIZE:$NGINX_FASTCGI_CACHE_INACTIVE:$NGINX_FASTCGI_CACHE_BACKGROUND_UPDATE' +VARS+='$REDIS_HOST:$REDIS_PORT:$REDIS_DATABASE:$REDIS_PASSWORD' # Add image proxy variables VARS+='$GOOGLE_CLOUD_STORAGE_BUCKET_NAME' # Add cache variables -VARS+='$NGINX_CACHE_USE_STALE:$NGINX_FASTCGI_CACHE_CONTROL:$NGINX_FASTCGI_CACHE_DIRECTORY' +VARS+='$NGINX_FASTCGI_CACHE_VALID:$NGINX_FASTCGI_CACHE_VALID_2:$NGINX_FASTCGI_CACHE_VALID_3:$NGINX_FASTCGI_CACHE_VALID_4:$NGINX_FASTCGI_CACHE_VALID_5:$NGINX_FASTCGI_CACHE_MAX_SIZE:$NGINX_FASTCGI_CACHE_INACTIVE:$NGINX_FASTCGI_CACHE_BACKGROUND_UPDATE:$NGINX_CACHE_USE_STALE:$NGINX_FASTCGI_CACHE_CONTROL:$NGINX_FASTCGI_CACHE_DIRECTORY' render_env_tmpl "$VARS" /etc/nginx/cache/redis_backend.conf From 94060bbca7e3192c9e56acd5301eb61af88ea392 Mon Sep 17 00:00:00 2001 From: Hannu Kumpula Date: Wed, 27 Jan 2021 09:59:28 +0200 Subject: [PATCH 12/46] 1.6 version codename stable --- CHANGELOG.md | 9 + ubuntu-7.0/.dockerignore | 12 - ubuntu-7.0/Dockerfile | 193 --------- ubuntu-7.0/rootfs/etc/ImageMagick | 11 - .../etc/cont-init.d/00-render-templates | 88 ----- .../rootfs/etc/cont-init.d/01-create-web-user | 58 --- .../rootfs/etc/cont-init.d/02-init-crond | 30 -- .../cont-init.d/02-init-directories-and-files | 18 - ubuntu-7.0/rootfs/etc/nginx/additional.types | 6 - .../rootfs/etc/nginx/cache/fastcgicache.conf | 12 - .../etc/nginx/cache/fastcgicache_headers.conf | 8 - .../nginx/cache/fastcgicache_settings.conf | 7 - .../nginx/cache/fastcgicache_skip_rules.conf | 75 ---- .../etc/nginx/cache/helper_variables.conf | 15 - .../rootfs/etc/nginx/cache/redis_backend.conf | 45 --- .../rootfs/etc/nginx/cache/skip_rules.conf | 30 -- .../rootfs/etc/nginx/cache/srcache.conf | 20 - ubuntu-7.0/rootfs/etc/nginx/env.conf | 13 - ubuntu-7.0/rootfs/etc/nginx/error_pages.conf | 31 -- ubuntu-7.0/rootfs/etc/nginx/fastcgi_params | 29 -- .../rootfs/etc/nginx/fastcgi_settings.conf | 23 -- ubuntu-7.0/rootfs/etc/nginx/gzip.conf | 58 --- ubuntu-7.0/rootfs/etc/nginx/log_format.conf | 16 - ubuntu-7.0/rootfs/etc/nginx/log_formats.conf | 19 - ubuntu-7.0/rootfs/etc/nginx/nginx.conf | 356 ----------------- .../rootfs/etc/nginx/pagespeed/locations.conf | 7 - .../rootfs/etc/nginx/pagespeed/settings.conf | 13 - .../etc/nginx/proxy_real_variables.conf | 35 -- ubuntu-7.0/rootfs/etc/nginx/security.conf | 27 -- .../rootfs/etc/nginx/security_headers.conf | 23 -- ubuntu-7.0/rootfs/etc/nginx/static_files.conf | 13 - ubuntu-7.0/rootfs/etc/nginx/upstreams.conf | 4 - ubuntu-7.0/rootfs/etc/php/7.0/cli/php.ini | 72 ---- .../rootfs/etc/php/7.0/fpm/conf.d/blocked.ini | 4 - .../rootfs/etc/php/7.0/fpm/conf.d/common.ini | 4 - .../rootfs/etc/php/7.0/fpm/conf.d/limits.ini | 7 - .../rootfs/etc/php/7.0/fpm/conf.d/logging.ini | 4 - .../rootfs/etc/php/7.0/fpm/conf.d/mail.ini | 3 - .../rootfs/etc/php/7.0/fpm/conf.d/opcache.ini | 24 -- .../7.0/fpm/conf.d/opcache_invalidate.conf | 5 - .../etc/php/7.0/fpm/conf.d/sessions.ini | 6 - .../etc/php/7.0/fpm/conf.d/timezone.ini | 2 - .../rootfs/etc/php/7.0/fpm/php-fpm.conf | 35 -- .../php/7.0/fpm/php-fpm.d/preserve-env.conf | 3 - ubuntu-7.0/rootfs/etc/php/7.0/fpm/php.ini | 46 --- ubuntu-7.0/rootfs/etc/services.d/cron/run | 4 - ubuntu-7.0/rootfs/etc/services.d/nginx/run | 4 - ubuntu-7.0/rootfs/etc/services.d/php-fpm/run | 53 --- ubuntu-7.0/rootfs/usr/bin/wp | 12 - ubuntu-7.0/rootfs/usr/local/bin/phinx | 27 -- .../rootfs/usr/local/bin/print-smtp-password | 5 - ubuntu-7.0/rootfs/usr/local/bin/wp-run-cron | 42 -- ubuntu-7.0/rootfs/usr/sbin/sendmail | 66 ---- .../rootfs/usr/share/nginx/html/403.html | 95 ----- .../rootfs/usr/share/nginx/html/500.html | 89 ----- .../rootfs/usr/share/nginx/html/502.html | 98 ----- .../rootfs/usr/share/nginx/html/504.html | 100 ----- ubuntu-7.1/.dockerignore | 12 - ubuntu-7.1/Dockerfile | 193 --------- ubuntu-7.1/rootfs/etc/ImageMagick | 11 - .../etc/cont-init.d/00-render-templates | 87 ---- .../rootfs/etc/cont-init.d/01-create-web-user | 58 --- .../rootfs/etc/cont-init.d/02-init-crond | 30 -- .../cont-init.d/02-init-directories-and-files | 18 - ubuntu-7.1/rootfs/etc/nginx/additional.types | 6 - .../rootfs/etc/nginx/cache/fastcgicache.conf | 12 - .../etc/nginx/cache/fastcgicache_headers.conf | 8 - .../nginx/cache/fastcgicache_settings.conf | 8 - .../nginx/cache/fastcgicache_skip_rules.conf | 75 ---- .../etc/nginx/cache/helper_variables.conf | 15 - .../rootfs/etc/nginx/cache/redis_backend.conf | 45 --- .../rootfs/etc/nginx/cache/skip_rules.conf | 30 -- .../rootfs/etc/nginx/cache/srcache.conf | 20 - ubuntu-7.1/rootfs/etc/nginx/env.conf | 13 - ubuntu-7.1/rootfs/etc/nginx/error_pages.conf | 31 -- ubuntu-7.1/rootfs/etc/nginx/fastcgi_params | 29 -- .../rootfs/etc/nginx/fastcgi_settings.conf | 23 -- ubuntu-7.1/rootfs/etc/nginx/gzip.conf | 58 --- ubuntu-7.1/rootfs/etc/nginx/log_format.conf | 16 - ubuntu-7.1/rootfs/etc/nginx/log_formats.conf | 19 - ubuntu-7.1/rootfs/etc/nginx/nginx.conf | 360 ----------------- .../rootfs/etc/nginx/pagespeed/locations.conf | 7 - .../rootfs/etc/nginx/pagespeed/settings.conf | 13 - .../etc/nginx/proxy_real_variables.conf | 35 -- ubuntu-7.1/rootfs/etc/nginx/security.conf | 27 -- .../rootfs/etc/nginx/security_headers.conf | 23 -- ubuntu-7.1/rootfs/etc/nginx/static_files.conf | 13 - ubuntu-7.1/rootfs/etc/nginx/upstreams.conf | 4 - ubuntu-7.1/rootfs/etc/php/7.1/cli/php.ini | 72 ---- .../rootfs/etc/php/7.1/fpm/conf.d/blocked.ini | 4 - .../rootfs/etc/php/7.1/fpm/conf.d/common.ini | 4 - .../rootfs/etc/php/7.1/fpm/conf.d/limits.ini | 7 - .../rootfs/etc/php/7.1/fpm/conf.d/logging.ini | 4 - .../rootfs/etc/php/7.1/fpm/conf.d/mail.ini | 3 - .../rootfs/etc/php/7.1/fpm/conf.d/opcache.ini | 24 -- .../7.1/fpm/conf.d/opcache_invalidate.conf | 5 - .../etc/php/7.1/fpm/conf.d/sessions.ini | 6 - .../etc/php/7.1/fpm/conf.d/timezone.ini | 2 - .../rootfs/etc/php/7.1/fpm/php-fpm.conf | 35 -- .../php/7.1/fpm/php-fpm.d/preserve-env.conf | 3 - ubuntu-7.1/rootfs/etc/php/7.1/fpm/php.ini | 46 --- ubuntu-7.1/rootfs/etc/services.d/cron/run | 4 - ubuntu-7.1/rootfs/etc/services.d/nginx/run | 4 - ubuntu-7.1/rootfs/etc/services.d/php-fpm/run | 53 --- ubuntu-7.1/rootfs/usr/bin/wp | 12 - ubuntu-7.1/rootfs/usr/local/bin/phinx | 27 -- .../rootfs/usr/local/bin/print-smtp-password | 5 - ubuntu-7.1/rootfs/usr/local/bin/wp-run-cron | 42 -- ubuntu-7.1/rootfs/usr/sbin/sendmail | 66 ---- .../rootfs/usr/share/nginx/html/403.html | 95 ----- .../rootfs/usr/share/nginx/html/500.html | 89 ----- .../rootfs/usr/share/nginx/html/502.html | 98 ----- .../rootfs/usr/share/nginx/html/504.html | 100 ----- ubuntu-7.2/Dockerfile | 190 --------- ubuntu-7.2/rootfs/etc/ImageMagick | 11 - .../etc/cont-init.d/00-render-templates | 87 ---- .../rootfs/etc/cont-init.d/01-create-web-user | 58 --- .../rootfs/etc/cont-init.d/02-init-crond | 30 -- .../cont-init.d/02-init-directories-and-files | 18 - ubuntu-7.2/rootfs/etc/nginx/additional.types | 6 - .../rootfs/etc/nginx/cache/fastcgicache.conf | 10 - .../etc/nginx/cache/fastcgicache_headers.conf | 8 - .../nginx/cache/fastcgicache_settings.conf | 6 - .../nginx/cache/fastcgicache_skip_rules.conf | 75 ---- .../etc/nginx/cache/helper_variables.conf | 15 - .../rootfs/etc/nginx/cache/redis_backend.conf | 45 --- .../rootfs/etc/nginx/cache/skip_rules.conf | 30 -- .../rootfs/etc/nginx/cache/srcache.conf | 20 - ubuntu-7.2/rootfs/etc/nginx/env.conf | 13 - ubuntu-7.2/rootfs/etc/nginx/error_pages.conf | 31 -- ubuntu-7.2/rootfs/etc/nginx/fastcgi_params | 29 -- .../rootfs/etc/nginx/fastcgi_settings.conf | 23 -- ubuntu-7.2/rootfs/etc/nginx/gzip.conf | 58 --- ubuntu-7.2/rootfs/etc/nginx/log_format.conf | 16 - ubuntu-7.2/rootfs/etc/nginx/log_formats.conf | 19 - ubuntu-7.2/rootfs/etc/nginx/nginx.conf | 370 ------------------ .../rootfs/etc/nginx/pagespeed/locations.conf | 7 - .../rootfs/etc/nginx/pagespeed/settings.conf | 13 - .../etc/nginx/proxy_real_variables.conf | 35 -- ubuntu-7.2/rootfs/etc/nginx/security.conf | 27 -- .../rootfs/etc/nginx/security_headers.conf | 23 -- ubuntu-7.2/rootfs/etc/nginx/static_files.conf | 13 - ubuntu-7.2/rootfs/etc/nginx/upstreams.conf | 4 - ubuntu-7.2/rootfs/etc/php/7.2/cli/php.ini | 73 ---- .../rootfs/etc/php/7.2/fpm/conf.d/blocked.ini | 4 - .../rootfs/etc/php/7.2/fpm/conf.d/common.ini | 4 - .../rootfs/etc/php/7.2/fpm/conf.d/limits.ini | 7 - .../rootfs/etc/php/7.2/fpm/conf.d/logging.ini | 4 - .../rootfs/etc/php/7.2/fpm/conf.d/mail.ini | 3 - .../rootfs/etc/php/7.2/fpm/conf.d/opcache.ini | 24 -- .../7.2/fpm/conf.d/opcache_invalidate.conf | 5 - .../etc/php/7.2/fpm/conf.d/sessions.ini | 6 - .../etc/php/7.2/fpm/conf.d/timezone.ini | 2 - .../rootfs/etc/php/7.2/fpm/php-fpm.conf | 35 -- .../php/7.2/fpm/php-fpm.d/preserve-env.conf | 3 - ubuntu-7.2/rootfs/etc/php/7.2/fpm/php.ini | 47 --- ubuntu-7.2/rootfs/etc/services.d/cron/run | 4 - ubuntu-7.2/rootfs/etc/services.d/nginx/run | 4 - ubuntu-7.2/rootfs/etc/services.d/php-fpm/run | 53 --- ubuntu-7.2/rootfs/usr/bin/wp | 12 - ubuntu-7.2/rootfs/usr/local/bin/phinx | 27 -- .../rootfs/usr/local/bin/print-smtp-password | 5 - ubuntu-7.2/rootfs/usr/local/bin/wp-run-cron | 42 -- ubuntu-7.2/rootfs/usr/sbin/sendmail | 66 ---- .../rootfs/usr/share/nginx/html/403.html | 95 ----- .../rootfs/usr/share/nginx/html/500.html | 89 ----- .../rootfs/usr/share/nginx/html/502.html | 98 ----- .../rootfs/usr/share/nginx/html/504.html | 100 ----- ubuntu-7.3/Dockerfile | 192 --------- ubuntu-7.3/rootfs/etc/ImageMagick | 11 - .../etc/cont-init.d/00-render-templates | 86 ---- .../rootfs/etc/cont-init.d/01-create-web-user | 58 --- .../rootfs/etc/cont-init.d/02-init-crond | 30 -- .../cont-init.d/02-init-directories-and-files | 22 -- ubuntu-7.3/rootfs/etc/nginx/additional.types | 6 - .../rootfs/etc/nginx/cache/fastcgicache.conf | 16 - .../etc/nginx/cache/fastcgicache_headers.conf | 11 - .../nginx/cache/fastcgicache_settings.conf | 10 - .../nginx/cache/fastcgicache_skip_rules.conf | 110 ------ .../etc/nginx/cache/helper_variables.conf | 15 - .../rootfs/etc/nginx/cache/redis_backend.conf | 45 --- .../rootfs/etc/nginx/cache/skip_rules.conf | 30 -- .../rootfs/etc/nginx/cache/srcache.conf | 20 - ubuntu-7.3/rootfs/etc/nginx/env.conf | 14 - ubuntu-7.3/rootfs/etc/nginx/error_pages.conf | 31 -- ubuntu-7.3/rootfs/etc/nginx/fastcgi_params | 29 -- .../rootfs/etc/nginx/fastcgi_settings.conf | 23 -- ubuntu-7.3/rootfs/etc/nginx/gzip.conf | 58 --- ubuntu-7.3/rootfs/etc/nginx/log_format.conf | 16 - ubuntu-7.3/rootfs/etc/nginx/log_formats.conf | 19 - ubuntu-7.3/rootfs/etc/nginx/nginx.conf | 366 ----------------- .../rootfs/etc/nginx/pagespeed/locations.conf | 7 - .../rootfs/etc/nginx/pagespeed/settings.conf | 13 - .../etc/nginx/proxy_real_variables.conf | 35 -- ubuntu-7.3/rootfs/etc/nginx/security.conf | 27 -- .../rootfs/etc/nginx/security_headers.conf | 25 -- ubuntu-7.3/rootfs/etc/nginx/static_files.conf | 13 - ubuntu-7.3/rootfs/etc/nginx/upstreams.conf | 4 - ubuntu-7.3/rootfs/etc/php/7.3/cli/php.ini | 73 ---- .../rootfs/etc/php/7.3/fpm/conf.d/blocked.ini | 4 - .../rootfs/etc/php/7.3/fpm/conf.d/common.ini | 4 - .../rootfs/etc/php/7.3/fpm/conf.d/limits.ini | 7 - .../rootfs/etc/php/7.3/fpm/conf.d/logging.ini | 4 - .../rootfs/etc/php/7.3/fpm/conf.d/mail.ini | 3 - .../rootfs/etc/php/7.3/fpm/conf.d/opcache.ini | 24 -- .../7.3/fpm/conf.d/opcache_invalidate.conf | 5 - .../etc/php/7.3/fpm/conf.d/sessions.ini | 6 - .../etc/php/7.3/fpm/conf.d/timezone.ini | 2 - .../rootfs/etc/php/7.3/fpm/php-fpm.conf | 35 -- .../php/7.3/fpm/php-fpm.d/preserve-env.conf | 3 - ubuntu-7.3/rootfs/etc/php/7.3/fpm/php.ini | 47 --- ubuntu-7.3/rootfs/etc/services.d/cron/run | 4 - ubuntu-7.3/rootfs/etc/services.d/nginx/run | 4 - ubuntu-7.3/rootfs/etc/services.d/php-fpm/run | 53 --- ubuntu-7.3/rootfs/usr/bin/wp | 12 - ubuntu-7.3/rootfs/usr/local/bin/phinx | 27 -- .../rootfs/usr/local/bin/print-smtp-password | 5 - ubuntu-7.3/rootfs/usr/local/bin/wp-run-cron | 42 -- ubuntu-7.3/rootfs/usr/sbin/sendmail | 66 ---- .../rootfs/usr/share/nginx/html/403.html | 95 ----- .../rootfs/usr/share/nginx/html/500.html | 89 ----- .../rootfs/usr/share/nginx/html/502.html | 98 ----- .../rootfs/usr/share/nginx/html/504.html | 100 ----- 223 files changed, 9 insertions(+), 8470 deletions(-) delete mode 100644 ubuntu-7.0/.dockerignore delete mode 100644 ubuntu-7.0/Dockerfile delete mode 100644 ubuntu-7.0/rootfs/etc/ImageMagick delete mode 100755 ubuntu-7.0/rootfs/etc/cont-init.d/00-render-templates delete mode 100755 ubuntu-7.0/rootfs/etc/cont-init.d/01-create-web-user delete mode 100755 ubuntu-7.0/rootfs/etc/cont-init.d/02-init-crond delete mode 100755 ubuntu-7.0/rootfs/etc/cont-init.d/02-init-directories-and-files delete mode 100644 ubuntu-7.0/rootfs/etc/nginx/additional.types delete mode 100644 ubuntu-7.0/rootfs/etc/nginx/cache/fastcgicache.conf delete mode 100644 ubuntu-7.0/rootfs/etc/nginx/cache/fastcgicache_headers.conf delete mode 100644 ubuntu-7.0/rootfs/etc/nginx/cache/fastcgicache_settings.conf delete mode 100644 ubuntu-7.0/rootfs/etc/nginx/cache/fastcgicache_skip_rules.conf delete mode 100644 ubuntu-7.0/rootfs/etc/nginx/cache/helper_variables.conf delete mode 100644 ubuntu-7.0/rootfs/etc/nginx/cache/redis_backend.conf delete mode 100644 ubuntu-7.0/rootfs/etc/nginx/cache/skip_rules.conf delete mode 100644 ubuntu-7.0/rootfs/etc/nginx/cache/srcache.conf delete mode 100644 ubuntu-7.0/rootfs/etc/nginx/env.conf delete mode 100644 ubuntu-7.0/rootfs/etc/nginx/error_pages.conf delete mode 100644 ubuntu-7.0/rootfs/etc/nginx/fastcgi_params delete mode 100644 ubuntu-7.0/rootfs/etc/nginx/fastcgi_settings.conf delete mode 100644 ubuntu-7.0/rootfs/etc/nginx/gzip.conf delete mode 100644 ubuntu-7.0/rootfs/etc/nginx/log_format.conf delete mode 100644 ubuntu-7.0/rootfs/etc/nginx/log_formats.conf delete mode 100644 ubuntu-7.0/rootfs/etc/nginx/nginx.conf delete mode 100644 ubuntu-7.0/rootfs/etc/nginx/pagespeed/locations.conf delete mode 100644 ubuntu-7.0/rootfs/etc/nginx/pagespeed/settings.conf delete mode 100644 ubuntu-7.0/rootfs/etc/nginx/proxy_real_variables.conf delete mode 100644 ubuntu-7.0/rootfs/etc/nginx/security.conf delete mode 100644 ubuntu-7.0/rootfs/etc/nginx/security_headers.conf delete mode 100644 ubuntu-7.0/rootfs/etc/nginx/static_files.conf delete mode 100644 ubuntu-7.0/rootfs/etc/nginx/upstreams.conf delete mode 100644 ubuntu-7.0/rootfs/etc/php/7.0/cli/php.ini delete mode 100644 ubuntu-7.0/rootfs/etc/php/7.0/fpm/conf.d/blocked.ini delete mode 100644 ubuntu-7.0/rootfs/etc/php/7.0/fpm/conf.d/common.ini delete mode 100644 ubuntu-7.0/rootfs/etc/php/7.0/fpm/conf.d/limits.ini delete mode 100644 ubuntu-7.0/rootfs/etc/php/7.0/fpm/conf.d/logging.ini delete mode 100644 ubuntu-7.0/rootfs/etc/php/7.0/fpm/conf.d/mail.ini delete mode 100644 ubuntu-7.0/rootfs/etc/php/7.0/fpm/conf.d/opcache.ini delete mode 100644 ubuntu-7.0/rootfs/etc/php/7.0/fpm/conf.d/opcache_invalidate.conf delete mode 100644 ubuntu-7.0/rootfs/etc/php/7.0/fpm/conf.d/sessions.ini delete mode 100644 ubuntu-7.0/rootfs/etc/php/7.0/fpm/conf.d/timezone.ini delete mode 100644 ubuntu-7.0/rootfs/etc/php/7.0/fpm/php-fpm.conf delete mode 100644 ubuntu-7.0/rootfs/etc/php/7.0/fpm/php-fpm.d/preserve-env.conf delete mode 100644 ubuntu-7.0/rootfs/etc/php/7.0/fpm/php.ini delete mode 100644 ubuntu-7.0/rootfs/etc/services.d/cron/run delete mode 100755 ubuntu-7.0/rootfs/etc/services.d/nginx/run delete mode 100644 ubuntu-7.0/rootfs/etc/services.d/php-fpm/run delete mode 100755 ubuntu-7.0/rootfs/usr/bin/wp delete mode 100755 ubuntu-7.0/rootfs/usr/local/bin/phinx delete mode 100755 ubuntu-7.0/rootfs/usr/local/bin/print-smtp-password delete mode 100755 ubuntu-7.0/rootfs/usr/local/bin/wp-run-cron delete mode 100755 ubuntu-7.0/rootfs/usr/sbin/sendmail delete mode 100644 ubuntu-7.0/rootfs/usr/share/nginx/html/403.html delete mode 100644 ubuntu-7.0/rootfs/usr/share/nginx/html/500.html delete mode 100644 ubuntu-7.0/rootfs/usr/share/nginx/html/502.html delete mode 100644 ubuntu-7.0/rootfs/usr/share/nginx/html/504.html delete mode 100644 ubuntu-7.1/.dockerignore delete mode 100644 ubuntu-7.1/Dockerfile delete mode 100644 ubuntu-7.1/rootfs/etc/ImageMagick delete mode 100755 ubuntu-7.1/rootfs/etc/cont-init.d/00-render-templates delete mode 100755 ubuntu-7.1/rootfs/etc/cont-init.d/01-create-web-user delete mode 100755 ubuntu-7.1/rootfs/etc/cont-init.d/02-init-crond delete mode 100755 ubuntu-7.1/rootfs/etc/cont-init.d/02-init-directories-and-files delete mode 100644 ubuntu-7.1/rootfs/etc/nginx/additional.types delete mode 100644 ubuntu-7.1/rootfs/etc/nginx/cache/fastcgicache.conf delete mode 100644 ubuntu-7.1/rootfs/etc/nginx/cache/fastcgicache_headers.conf delete mode 100644 ubuntu-7.1/rootfs/etc/nginx/cache/fastcgicache_settings.conf delete mode 100644 ubuntu-7.1/rootfs/etc/nginx/cache/fastcgicache_skip_rules.conf delete mode 100644 ubuntu-7.1/rootfs/etc/nginx/cache/helper_variables.conf delete mode 100644 ubuntu-7.1/rootfs/etc/nginx/cache/redis_backend.conf delete mode 100644 ubuntu-7.1/rootfs/etc/nginx/cache/skip_rules.conf delete mode 100644 ubuntu-7.1/rootfs/etc/nginx/cache/srcache.conf delete mode 100644 ubuntu-7.1/rootfs/etc/nginx/env.conf delete mode 100644 ubuntu-7.1/rootfs/etc/nginx/error_pages.conf delete mode 100644 ubuntu-7.1/rootfs/etc/nginx/fastcgi_params delete mode 100644 ubuntu-7.1/rootfs/etc/nginx/fastcgi_settings.conf delete mode 100644 ubuntu-7.1/rootfs/etc/nginx/gzip.conf delete mode 100644 ubuntu-7.1/rootfs/etc/nginx/log_format.conf delete mode 100644 ubuntu-7.1/rootfs/etc/nginx/log_formats.conf delete mode 100644 ubuntu-7.1/rootfs/etc/nginx/nginx.conf delete mode 100644 ubuntu-7.1/rootfs/etc/nginx/pagespeed/locations.conf delete mode 100644 ubuntu-7.1/rootfs/etc/nginx/pagespeed/settings.conf delete mode 100644 ubuntu-7.1/rootfs/etc/nginx/proxy_real_variables.conf delete mode 100644 ubuntu-7.1/rootfs/etc/nginx/security.conf delete mode 100644 ubuntu-7.1/rootfs/etc/nginx/security_headers.conf delete mode 100644 ubuntu-7.1/rootfs/etc/nginx/static_files.conf delete mode 100644 ubuntu-7.1/rootfs/etc/nginx/upstreams.conf delete mode 100644 ubuntu-7.1/rootfs/etc/php/7.1/cli/php.ini delete mode 100644 ubuntu-7.1/rootfs/etc/php/7.1/fpm/conf.d/blocked.ini delete mode 100644 ubuntu-7.1/rootfs/etc/php/7.1/fpm/conf.d/common.ini delete mode 100644 ubuntu-7.1/rootfs/etc/php/7.1/fpm/conf.d/limits.ini delete mode 100644 ubuntu-7.1/rootfs/etc/php/7.1/fpm/conf.d/logging.ini delete mode 100644 ubuntu-7.1/rootfs/etc/php/7.1/fpm/conf.d/mail.ini delete mode 100644 ubuntu-7.1/rootfs/etc/php/7.1/fpm/conf.d/opcache.ini delete mode 100644 ubuntu-7.1/rootfs/etc/php/7.1/fpm/conf.d/opcache_invalidate.conf delete mode 100644 ubuntu-7.1/rootfs/etc/php/7.1/fpm/conf.d/sessions.ini delete mode 100644 ubuntu-7.1/rootfs/etc/php/7.1/fpm/conf.d/timezone.ini delete mode 100644 ubuntu-7.1/rootfs/etc/php/7.1/fpm/php-fpm.conf delete mode 100644 ubuntu-7.1/rootfs/etc/php/7.1/fpm/php-fpm.d/preserve-env.conf delete mode 100644 ubuntu-7.1/rootfs/etc/php/7.1/fpm/php.ini delete mode 100644 ubuntu-7.1/rootfs/etc/services.d/cron/run delete mode 100755 ubuntu-7.1/rootfs/etc/services.d/nginx/run delete mode 100644 ubuntu-7.1/rootfs/etc/services.d/php-fpm/run delete mode 100755 ubuntu-7.1/rootfs/usr/bin/wp delete mode 100755 ubuntu-7.1/rootfs/usr/local/bin/phinx delete mode 100755 ubuntu-7.1/rootfs/usr/local/bin/print-smtp-password delete mode 100755 ubuntu-7.1/rootfs/usr/local/bin/wp-run-cron delete mode 100755 ubuntu-7.1/rootfs/usr/sbin/sendmail delete mode 100644 ubuntu-7.1/rootfs/usr/share/nginx/html/403.html delete mode 100644 ubuntu-7.1/rootfs/usr/share/nginx/html/500.html delete mode 100644 ubuntu-7.1/rootfs/usr/share/nginx/html/502.html delete mode 100644 ubuntu-7.1/rootfs/usr/share/nginx/html/504.html delete mode 100644 ubuntu-7.2/Dockerfile delete mode 100644 ubuntu-7.2/rootfs/etc/ImageMagick delete mode 100755 ubuntu-7.2/rootfs/etc/cont-init.d/00-render-templates delete mode 100755 ubuntu-7.2/rootfs/etc/cont-init.d/01-create-web-user delete mode 100755 ubuntu-7.2/rootfs/etc/cont-init.d/02-init-crond delete mode 100755 ubuntu-7.2/rootfs/etc/cont-init.d/02-init-directories-and-files delete mode 100644 ubuntu-7.2/rootfs/etc/nginx/additional.types delete mode 100644 ubuntu-7.2/rootfs/etc/nginx/cache/fastcgicache.conf delete mode 100644 ubuntu-7.2/rootfs/etc/nginx/cache/fastcgicache_headers.conf delete mode 100644 ubuntu-7.2/rootfs/etc/nginx/cache/fastcgicache_settings.conf delete mode 100644 ubuntu-7.2/rootfs/etc/nginx/cache/fastcgicache_skip_rules.conf delete mode 100644 ubuntu-7.2/rootfs/etc/nginx/cache/helper_variables.conf delete mode 100644 ubuntu-7.2/rootfs/etc/nginx/cache/redis_backend.conf delete mode 100644 ubuntu-7.2/rootfs/etc/nginx/cache/skip_rules.conf delete mode 100644 ubuntu-7.2/rootfs/etc/nginx/cache/srcache.conf delete mode 100644 ubuntu-7.2/rootfs/etc/nginx/env.conf delete mode 100644 ubuntu-7.2/rootfs/etc/nginx/error_pages.conf delete mode 100644 ubuntu-7.2/rootfs/etc/nginx/fastcgi_params delete mode 100644 ubuntu-7.2/rootfs/etc/nginx/fastcgi_settings.conf delete mode 100644 ubuntu-7.2/rootfs/etc/nginx/gzip.conf delete mode 100644 ubuntu-7.2/rootfs/etc/nginx/log_format.conf delete mode 100644 ubuntu-7.2/rootfs/etc/nginx/log_formats.conf delete mode 100644 ubuntu-7.2/rootfs/etc/nginx/nginx.conf delete mode 100644 ubuntu-7.2/rootfs/etc/nginx/pagespeed/locations.conf delete mode 100644 ubuntu-7.2/rootfs/etc/nginx/pagespeed/settings.conf delete mode 100644 ubuntu-7.2/rootfs/etc/nginx/proxy_real_variables.conf delete mode 100644 ubuntu-7.2/rootfs/etc/nginx/security.conf delete mode 100644 ubuntu-7.2/rootfs/etc/nginx/security_headers.conf delete mode 100644 ubuntu-7.2/rootfs/etc/nginx/static_files.conf delete mode 100644 ubuntu-7.2/rootfs/etc/nginx/upstreams.conf delete mode 100644 ubuntu-7.2/rootfs/etc/php/7.2/cli/php.ini delete mode 100644 ubuntu-7.2/rootfs/etc/php/7.2/fpm/conf.d/blocked.ini delete mode 100644 ubuntu-7.2/rootfs/etc/php/7.2/fpm/conf.d/common.ini delete mode 100644 ubuntu-7.2/rootfs/etc/php/7.2/fpm/conf.d/limits.ini delete mode 100644 ubuntu-7.2/rootfs/etc/php/7.2/fpm/conf.d/logging.ini delete mode 100644 ubuntu-7.2/rootfs/etc/php/7.2/fpm/conf.d/mail.ini delete mode 100644 ubuntu-7.2/rootfs/etc/php/7.2/fpm/conf.d/opcache.ini delete mode 100644 ubuntu-7.2/rootfs/etc/php/7.2/fpm/conf.d/opcache_invalidate.conf delete mode 100644 ubuntu-7.2/rootfs/etc/php/7.2/fpm/conf.d/sessions.ini delete mode 100644 ubuntu-7.2/rootfs/etc/php/7.2/fpm/conf.d/timezone.ini delete mode 100644 ubuntu-7.2/rootfs/etc/php/7.2/fpm/php-fpm.conf delete mode 100644 ubuntu-7.2/rootfs/etc/php/7.2/fpm/php-fpm.d/preserve-env.conf delete mode 100644 ubuntu-7.2/rootfs/etc/php/7.2/fpm/php.ini delete mode 100644 ubuntu-7.2/rootfs/etc/services.d/cron/run delete mode 100755 ubuntu-7.2/rootfs/etc/services.d/nginx/run delete mode 100644 ubuntu-7.2/rootfs/etc/services.d/php-fpm/run delete mode 100755 ubuntu-7.2/rootfs/usr/bin/wp delete mode 100755 ubuntu-7.2/rootfs/usr/local/bin/phinx delete mode 100755 ubuntu-7.2/rootfs/usr/local/bin/print-smtp-password delete mode 100755 ubuntu-7.2/rootfs/usr/local/bin/wp-run-cron delete mode 100755 ubuntu-7.2/rootfs/usr/sbin/sendmail delete mode 100644 ubuntu-7.2/rootfs/usr/share/nginx/html/403.html delete mode 100644 ubuntu-7.2/rootfs/usr/share/nginx/html/500.html delete mode 100644 ubuntu-7.2/rootfs/usr/share/nginx/html/502.html delete mode 100644 ubuntu-7.2/rootfs/usr/share/nginx/html/504.html delete mode 100644 ubuntu-7.3/Dockerfile delete mode 100644 ubuntu-7.3/rootfs/etc/ImageMagick delete mode 100755 ubuntu-7.3/rootfs/etc/cont-init.d/00-render-templates delete mode 100755 ubuntu-7.3/rootfs/etc/cont-init.d/01-create-web-user delete mode 100755 ubuntu-7.3/rootfs/etc/cont-init.d/02-init-crond delete mode 100755 ubuntu-7.3/rootfs/etc/cont-init.d/02-init-directories-and-files delete mode 100644 ubuntu-7.3/rootfs/etc/nginx/additional.types delete mode 100644 ubuntu-7.3/rootfs/etc/nginx/cache/fastcgicache.conf delete mode 100644 ubuntu-7.3/rootfs/etc/nginx/cache/fastcgicache_headers.conf delete mode 100644 ubuntu-7.3/rootfs/etc/nginx/cache/fastcgicache_settings.conf delete mode 100644 ubuntu-7.3/rootfs/etc/nginx/cache/fastcgicache_skip_rules.conf delete mode 100644 ubuntu-7.3/rootfs/etc/nginx/cache/helper_variables.conf delete mode 100644 ubuntu-7.3/rootfs/etc/nginx/cache/redis_backend.conf delete mode 100644 ubuntu-7.3/rootfs/etc/nginx/cache/skip_rules.conf delete mode 100644 ubuntu-7.3/rootfs/etc/nginx/cache/srcache.conf delete mode 100644 ubuntu-7.3/rootfs/etc/nginx/env.conf delete mode 100644 ubuntu-7.3/rootfs/etc/nginx/error_pages.conf delete mode 100644 ubuntu-7.3/rootfs/etc/nginx/fastcgi_params delete mode 100644 ubuntu-7.3/rootfs/etc/nginx/fastcgi_settings.conf delete mode 100644 ubuntu-7.3/rootfs/etc/nginx/gzip.conf delete mode 100644 ubuntu-7.3/rootfs/etc/nginx/log_format.conf delete mode 100644 ubuntu-7.3/rootfs/etc/nginx/log_formats.conf delete mode 100644 ubuntu-7.3/rootfs/etc/nginx/nginx.conf delete mode 100644 ubuntu-7.3/rootfs/etc/nginx/pagespeed/locations.conf delete mode 100644 ubuntu-7.3/rootfs/etc/nginx/pagespeed/settings.conf delete mode 100644 ubuntu-7.3/rootfs/etc/nginx/proxy_real_variables.conf delete mode 100644 ubuntu-7.3/rootfs/etc/nginx/security.conf delete mode 100644 ubuntu-7.3/rootfs/etc/nginx/security_headers.conf delete mode 100644 ubuntu-7.3/rootfs/etc/nginx/static_files.conf delete mode 100644 ubuntu-7.3/rootfs/etc/nginx/upstreams.conf delete mode 100644 ubuntu-7.3/rootfs/etc/php/7.3/cli/php.ini delete mode 100644 ubuntu-7.3/rootfs/etc/php/7.3/fpm/conf.d/blocked.ini delete mode 100644 ubuntu-7.3/rootfs/etc/php/7.3/fpm/conf.d/common.ini delete mode 100644 ubuntu-7.3/rootfs/etc/php/7.3/fpm/conf.d/limits.ini delete mode 100644 ubuntu-7.3/rootfs/etc/php/7.3/fpm/conf.d/logging.ini delete mode 100644 ubuntu-7.3/rootfs/etc/php/7.3/fpm/conf.d/mail.ini delete mode 100644 ubuntu-7.3/rootfs/etc/php/7.3/fpm/conf.d/opcache.ini delete mode 100644 ubuntu-7.3/rootfs/etc/php/7.3/fpm/conf.d/opcache_invalidate.conf delete mode 100644 ubuntu-7.3/rootfs/etc/php/7.3/fpm/conf.d/sessions.ini delete mode 100644 ubuntu-7.3/rootfs/etc/php/7.3/fpm/conf.d/timezone.ini delete mode 100644 ubuntu-7.3/rootfs/etc/php/7.3/fpm/php-fpm.conf delete mode 100644 ubuntu-7.3/rootfs/etc/php/7.3/fpm/php-fpm.d/preserve-env.conf delete mode 100644 ubuntu-7.3/rootfs/etc/php/7.3/fpm/php.ini delete mode 100644 ubuntu-7.3/rootfs/etc/services.d/cron/run delete mode 100755 ubuntu-7.3/rootfs/etc/services.d/nginx/run delete mode 100644 ubuntu-7.3/rootfs/etc/services.d/php-fpm/run delete mode 100755 ubuntu-7.3/rootfs/usr/bin/wp delete mode 100755 ubuntu-7.3/rootfs/usr/local/bin/phinx delete mode 100755 ubuntu-7.3/rootfs/usr/local/bin/print-smtp-password delete mode 100755 ubuntu-7.3/rootfs/usr/local/bin/wp-run-cron delete mode 100755 ubuntu-7.3/rootfs/usr/sbin/sendmail delete mode 100644 ubuntu-7.3/rootfs/usr/share/nginx/html/403.html delete mode 100644 ubuntu-7.3/rootfs/usr/share/nginx/html/500.html delete mode 100644 ubuntu-7.3/rootfs/usr/share/nginx/html/502.html delete mode 100644 ubuntu-7.3/rootfs/usr/share/nginx/html/504.html diff --git a/CHANGELOG.md b/CHANGELOG.md index 4506707..6025418 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -5,6 +5,15 @@ The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/) and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.html). +## [1.6] - 2021-01-27 +### Removed +- old php versions + +### Added +- more envs for configuring +- ignore cache key attributes +- renamed envs for clarity + ## [1.5.2] - 2020-08-10 diff --git a/ubuntu-7.0/.dockerignore b/ubuntu-7.0/.dockerignore deleted file mode 100644 index a18daff..0000000 --- a/ubuntu-7.0/.dockerignore +++ /dev/null @@ -1,12 +0,0 @@ -# These files are ignored from being uploaded to docker build context - -# Git is not needed in docker image building -.git - -# No OSX rubbish -.DS_Store - -# Development stuff -docker-compose.yml -.dockerignore -Dockerfile diff --git a/ubuntu-7.0/Dockerfile b/ubuntu-7.0/Dockerfile deleted file mode 100644 index 5fae60f..0000000 --- a/ubuntu-7.0/Dockerfile +++ /dev/null @@ -1,193 +0,0 @@ -FROM devgeniem/ubuntu-docker-openresty-pagespeed:latest -MAINTAINER Ville Pietarinen - Geniem Oy - -## -# Only use these during installation -## -ARG LANG=C.UTF-8 -ARG DEBIAN_FRONTEND=noninteractive - -## -# Install php7 packages from dotdeb.org -# - Dotdeb is an extra repository providing up-to-date packages for your Debian servers -## -RUN \ - apt-get update \ -&& apt-get -y install software-properties-common \ - && add-apt-repository ppa:ondrej/php \ - && apt-get -y --no-install-recommends install \ - apt-utils \ - curl \ - nano \ - ca-certificates \ - git \ - mysql-client \ - msmtp \ - postfix \ - netcat \ - less \ - libmcrypt-dev \ - && apt-get update \ - && apt-get -y --no-install-recommends install \ - php7.0-cli \ - php7.0-common \ - php7.0-apcu \ - php7.0-apcu-bc \ - php7.0-curl \ - php7.0-json \ - php7.0-mcrypt \ - php7.0-opcache \ - php7.0-readline \ - php7.0-xml \ - php7.0-zip \ - php7.0-fpm \ - php7.0-redis \ - php7.0-mongodb \ - php7.0-mysqli \ - php7.0-intl \ - php7.0-gd \ - php7.0-mbstring \ - php7.0-soap \ - php7.0-bcmath \ - php7.0-curl \ - php7.0-ldap \ - php7.0-mcrypt \ - # Force install only cron without extra mailing dependencies - && cd /tmp \ - && apt-get download cron \ - && dpkg --force-all -i cron*.deb \ - && mkdir -p /var/spool/cron/crontabs \ - # Cleanup - && apt-get clean \ - && apt-get autoremove \ - && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* /usr/share/doc/* /var/log/apt/* /var/log/*.log - - -# Install helpers -RUN \ - ## - # Install composer - ## - curl -sS https://getcomposer.org/installer | php -- --install-dir=/usr/local/bin --filename=composer \ - && composer global require hirak/prestissimo \ - - ## - # Install wp-cli - # source: http://wp-cli.org/ - ## - && curl -L https://raw.githubusercontent.com/wp-cli/builds/gh-pages/phar/wp-cli.phar -o /usr/local/bin/wp-cli \ - && chmod +rx /usr/local/bin/wp-cli \ - # Symlink it to /usr/bin as well so that cron can find this script with limited PATH - && ln -s /usr/local/bin/wp-cli /usr/bin/wp-cli \ - - ## - # Install cronlock for running cron correctly with multi container setups - # https://github.com/kvz/cronlock - ## - && curl -L https://raw.githubusercontent.com/kvz/cronlock/master/cronlock -o /usr/local/bin/cronlock \ - && chmod +rx /usr/local/bin/cronlock \ - # Symlink it to /usr/bin as well so that cron can find this script with limited PATH - && ln -s /usr/local/bin/cronlock /usr/bin/cronlock - -## -# Add Project files like nginx and php-fpm processes and configs -# Also custom scripts and bashrc -## -COPY rootfs/ / - -# Run small fixes -RUN set -x \ - && mkdir -p /var/www/uploads \ - && mkdir -p /tmp/php-opcache \ - && ln -sf /usr/sbin/php-fpm7.0 /usr/sbin/php-fpm \ - && ln -sf /usr/bin/wp /usr/local/bin/wp -# This is for your project root -ENV PROJECT_ROOT="/var/www/project" - -ENV \ - # Add interactive term - TERM="xterm" \ - # Set defaults which can be overriden - MYSQL_PORT="3306" \ - # Use default web port in nginx but allow it to be overridden - # This also works correctly with flynn: - # https://github.com/flynn/flynn/issues/3213#issuecomment-237307457 - PORT="8080" \ - # Use custom users for nginx and php-fpm - WEB_USER="wordpress" \ - WEB_GROUP="web" \ - WEB_UID=1000 \ - WEB_GID=1001 \ - # Set defaults for redis - REDIS_PORT="6379" \ - REDIS_DATABASE="0" \ - REDIS_PASSWORD="" \ - REDIS_SCHEME="tcp" \ - # Set defaults for NGINX redis cache - # This variable uses seconds by default - # Time units supported are "s"(seconds), "ms"(milliseconds), "y"(years), "M"(months), "w"(weeks), "d"(days), "h"(hours), and "m"(minutes). - NGINX_REDIS_CACHE_TTL_DEFAULT="900" \ - NGINX_REDIS_CACHE_TTL_MAX="4h" \ - NGINX_CACHE_DIRECTORY="/tmp/nginx/fullpage" \ - # Default operations when fastcgi stale cache is used - NGINX_CACHE_USE_STALE="error timeout invalid_header updating http_500 http_503 http_403 http_404" \ - # Default headers for fastcgi stale- and error cache - NGINX_CACHE_CONTROL='"max-age=60, stale-while-revalidate=300, stale-if-error=21600"'\ - # Cronlock is used to stop simultaneous cronjobs in clusterised environments - CRONLOCK_HOST="" \ - # This is used by nginx and php-fpm - WEB_ROOT="${PROJECT_ROOT}/web" \ - # This is used automatically by wp-cli - WP_CORE="${PROJECT_ROOT}/web/wp" \ - # Nginx include files - NGINX_INCLUDE_DIR="/var/www/project/nginx" \ - # Allow bigger file uploads - NGINX_MAX_BODY_SIZE="10M" \ - # Allow storing bigger body in memory - NGINX_BODY_BUFFER_SIZE="32k" \ - # Have sane fastcgi timeout by default - NGINX_FASTCGI_TIMEOUT="30" \ - # Have sane fastcgi timeout by default - NGINX_ERROR_LEVEL="warn" \ - # Have sane fastcgi timeout by default - NGINX_ERROR_LOG="stderr" \ - # Have sane fastcgi timeout by default - NGINX_ACCESS_LOG="/dev/stdout" \ - # Default cache key for nginx http cache - NGINX_CACHE_KEY='wp_:nginx:$real_scheme$request_method$host$request_uri' \ - # PHP settings - PHP_MEMORY_LIMIT="128M" \ - PHP_MAX_INPUT_VARS="1000" \ - PHP_ERROR_LOG="/proc/self/fd/1" \ - PHP_ERROR_LOG_LEVEL="warning" \ - PHP_ERROR_LOG_MAX_LEN="8192" \ - PHP_SESSION_REDIS_DB="0" \ - PHP_SESSION_HANDLER="files" \ - # You should count the *.php files in your project and set this number to be bigger - # $ find . -type f -print | grep php | wc -l - PHP_OPCACHE_MAX_FILES="8000" \ - # Amount of memory in MB to allocate for opcache - PHP_OPCACHE_MAX_MEMORY="128" \ - # Use host machine as default SMTP_HOST - SMTP_HOST="172.17.0.1" \ - # This folder is used to mount files into host machine - # You should use this path for your uploads since everything else should be ephemeral - UPLOADS_ROOT="/var/www/uploads" \ - # This can be overidden by you, it's just default for us - TZ="Europe/Helsinki" -# Setup $TZ. Remember to run this again in your own build - # Make sure that all files here have execute permissions -RUN dpkg-reconfigure tzdata && \ - chmod +x /etc/cont-init.d/* - -# Install socklog-overlay -ADD https://github.com/just-containers/socklog-overlay/releases/download/v3.1.0-2/socklog-overlay-amd64.tar.gz /tmp/ -RUN tar xzf /tmp/socklog-overlay-amd64.tar.gz -C / -RUN echo '+\n1' > /etc/socklog.rules/forward-stdout -RUN echo 'LANG="en_US.UTF-8"' > /etc/default/locale - -# Set default path to project folder for easier running commands in project -WORKDIR ${PROJECT_ROOT} -EXPOSE ${PORT} -ENTRYPOINT ["/init"] - diff --git a/ubuntu-7.0/rootfs/etc/ImageMagick b/ubuntu-7.0/rootfs/etc/ImageMagick deleted file mode 100644 index d88e8bf..0000000 --- a/ubuntu-7.0/rootfs/etc/ImageMagick +++ /dev/null @@ -1,11 +0,0 @@ - - - - - - - - - - - diff --git a/ubuntu-7.0/rootfs/etc/cont-init.d/00-render-templates b/ubuntu-7.0/rootfs/etc/cont-init.d/00-render-templates deleted file mode 100755 index de3921c..0000000 --- a/ubuntu-7.0/rootfs/etc/cont-init.d/00-render-templates +++ /dev/null @@ -1,88 +0,0 @@ -#!/usr/bin/with-contenv bash -## -# This script uses clever heredoc hack to substitute env variables into static config files -# Source: http://stackoverflow.com/questions/2914220/bash-templating-how-to-build-configuration-files-from-templates-with-bash -## - -## -# Replaces ${ENV} placoholders from file with provided variables -# $1 - ':'' separated list of variables -# $2 - filename to render -## -function render_env_tmpl() { - vars=$1 - input_file=$2 - # If filename ends with .tmpl replace it without the .tmpl - filename=$(dirname $input_file)/$(basename $input_file .tmpl) - - tmp_file=/tmp/$(basename $filename) - - # render all provided $vars to temporary file - envsubst "$vars" < $input_file > $tmp_file - - # replace original file with rendered file - mv $tmp_file $filename -} - -echo "[cont-init.d] Substituting env into configuration files..." - -## -# Nginx doesn't support env variables in config files so we will have to do this in hacky way instead -## -VARS='$PORT:$WEB_ROOT:$WEB_USER:$WEB_GROUP:$NGINX_ACCESS_LOG:$NGINX_ERROR_LOG:$NGINX_ERROR_LEVEL:$NGINX_INCLUDE_DIR:$NGINX_MAX_BODY_SIZE:$NGINX_BODY_BUFFER_SIZE:$NGINX_FASTCGI_TIMEOUT:$WP_ENV:$NGINX_CACHE_KEY' -render_env_tmpl "$VARS" /etc/nginx/nginx.conf - -## -# Redis cache needs to know the redis instance and credentials -## - -# Set defaults if they are not set -export REDIS_HOST=${REDIS_HOST-$REDIS_1_PORT_6379_TCP_ADDR} -export REDIS_PORT=${REDIS_PORT-6379} -export REDIS_DATABASE=${REDIS_DATABASE-0} -export REDIS_PASSWORD=${REDIS_PASSWORD-''} -export REDIS_CACHE_TTL=${REDIS_CACHE_TTL-14400} - -# Add helper variables for AWS s3 bucket storage -VARS+='$AWS_S3_BUCKET_NAME:AWS_S3_REPLICA_BUCKET_NAME' - -# Add Redis variables -VARS+='$REDIS_HOST:$REDIS_PORT:$REDIS_DATABASE:$REDIS_PASSWORD:$NGINX_REDIS_CACHE_TTL_MAX:$NGINX_REDIS_CACHE_TTL_DEFAULT:$NGINX_REDIS_CACHE_PREFIX' - -# Add image proxy variables -VARS+='$GOOGLE_CLOUD_STORAGE_BUCKET_NAME' - -# Add cache variables -VARS+='$NGINX_CACHE_USE_STALE:$NGINX_CACHE_CONTROL:$NGINX_CACHE_DIRECTORY' - - -render_env_tmpl "$VARS" /etc/nginx/cache/redis_backend.conf - -render_env_tmpl "$VARS" /etc/nginx/cache/srcache.conf -render_env_tmpl "$VARS" /etc/nginx/cache/fastcgicache_settings.conf -render_env_tmpl "$VARS" /etc/nginx/cache/fastcgicache_skip_rules.conf -render_env_tmpl "$VARS" /etc/nginx/cache/fastcgicache_headers.conf - -## -# Render all user provided nginx templates -## -VARS+='$BASIC_AUTH_USER:$BASIC_AUTH_PASSWORD_HASH' -for conf_file in $(find $NGINX_INCLUDE_DIR -type f -name '*.tmpl'); do - echo "[cont-init.d] Rendering env in $conf_file..." - - # Add helper variables for easier scripting - export __DIR__=$(dirname $conf_file) - - VARS_TMPL=$VARS':$__DIR__' - render_env_tmpl "$VARS_TMPL" $conf_file -done - -# Encrypt basic auth password if it set -if [[ -z "${BASIC_AUTH_PASSWORD}" ]]; -then - echo "Not encrypting BASIC_AUTH_PASSWORD..." -else - BASIC_AUTH_PASSWORD_HASH=$(openssl passwd -crypt $BASIC_AUTH_PASSWORD) - echo "Encrypting BASIC_AUTH_PASSWORD... ${BASIC_AUTH_PASSWORD} -> ${BASIC_AUTH_PASSWORD_HASH}" - echo "${BASIC_AUTH_USER}:${BASIC_AUTH_PASSWORD_HASH}" > /var/www/project/nginx/environments/${WP_ENV}/server/.htpasswd -fi diff --git a/ubuntu-7.0/rootfs/etc/cont-init.d/01-create-web-user b/ubuntu-7.0/rootfs/etc/cont-init.d/01-create-web-user deleted file mode 100755 index aeb0aa7..0000000 --- a/ubuntu-7.0/rootfs/etc/cont-init.d/01-create-web-user +++ /dev/null @@ -1,58 +0,0 @@ -#!/usr/bin/with-contenv bash - -## -# If $WEB_USER user and web group already exists just skip the user creation -## -if id -u $WEB_USER > /dev/null 2>&1 && getent group $WEB_GROUP > /dev/null 2>&1; then - echo "[cont-init.d] user:$WEB_USER and group:$WEB_GROUP already exist, skipping..." - exit 0 -fi - -## -# Create $WEB_USER user with $WEB_UID and web group with $WEB_GID -## - -# Set defaults if they are not set -export WEB_USER=${WEB_USER-wordpress} -export WEB_GROUP=${WEB_GROUP-web} -export WEB_UID=${WEB_UID-1000} -export WEB_GID=${WEB_GID-1000} - -echo "[cont-init.d] Creating $WEB_USER user with id: $WEB_UID and group web with id: $WEB_GID" - -# Create web group -if [ -n "$WEB_GID" ]; then - - # Check if group with $WEB_GID already exists - web_group=$(getent group $WEB_GID | cut -d':' -f1) - - if [ -n "$web_group" ]; then - - # Replace the existing group name to web - # This is done so that in local development we can just lookup permissions from mounted folders - # This UID/GID can be same as something already existing inside container - # This way we can use same uid/gid in container and host machine - echo "[cont-init.d] Replacing pre-existing group name $web_group -> $WEB_GROUP" - sed -i "s|$web_group|$WEB_GROUP|g" /etc/group - - else - # Create new group - echo "$ groupadd -g $WEB_GID $WEB_GROUP" - groupadd -g $WEB_GID $WEB_GROUP - fi -else - echo "[cont-init.d] ERROR: Please set web user group id in WEB_GID" 1>&2 - exit 2 -fi - -# Create $WEB_USER user -if [ -n "$WEB_UID" ] && [ -n "$WEB_GID" ] ; then - echo "$ useradd -u $WEB_UID -g $WEB_GROUP --home $PROJECT_ROOT $WEB_USER" - useradd -u $WEB_UID -g $WEB_GROUP --home $PROJECT_ROOT $WEB_USER -else - echo "[cont-init.d] ERROR: Please set web user id in WEB_UID" 1>&2 - exit 2 -fi - -# Check that processes can write logs -chown $WEB_USER:$WEB_GROUP /var/log diff --git a/ubuntu-7.0/rootfs/etc/cont-init.d/02-init-crond b/ubuntu-7.0/rootfs/etc/cont-init.d/02-init-crond deleted file mode 100755 index 962a79e..0000000 --- a/ubuntu-7.0/rootfs/etc/cont-init.d/02-init-crond +++ /dev/null @@ -1,30 +0,0 @@ -#!/usr/bin/with-contenv bash - -# Copy cronjob from project and run as nginx -if [ -f $PROJECT_ROOT/tasks.cron ]; then - - # Setup all container env for cron - printenv | grep -v ^_= | grep -v "no_proxy" >> /etc/environment - - # Use default redis for cronlock if cronlock variables are not set - if [ -n "$REDIS_HOST" ] && [ -z "$CRONLOCK_HOST" ] ; then - echo "CRONLOCK_HOST=$REDIS_HOST" >> /etc/environment - fi - if [ -n "$REDIS_PASSWORD" ] && [ -z "$CRONLOCK_AUTH" ] ; then - echo "CRONLOCK_AUTH=$REDIS_PASSWORD" >> /etc/environment - fi - if [ -n "$REDIS_PORT" ] && [ -z "$CRONLOCK_PORT" ] ; then - echo "CRONLOCK_PORT=$REDIS_PORT" >> /etc/environment - fi - # env for running wp cron - echo "CRON_URL=$CRON_URL" >> /etc/environment; - # Copy cron template - cp $PROJECT_ROOT/tasks.cron /var/spool/cron/crontabs/$WEB_USER - chown $WEB_USER /var/spool/cron/crontabs/$WEB_USER - chmod 0600 /var/spool/cron/crontabs/$WEB_USER -else - # No cronjobs found remove crond from s6 - if [ -f /etc/services.d/cron ]; then - rm -r /etc/services.d/cron - fi -fi diff --git a/ubuntu-7.0/rootfs/etc/cont-init.d/02-init-directories-and-files b/ubuntu-7.0/rootfs/etc/cont-init.d/02-init-directories-and-files deleted file mode 100755 index 34df974..0000000 --- a/ubuntu-7.0/rootfs/etc/cont-init.d/02-init-directories-and-files +++ /dev/null @@ -1,18 +0,0 @@ -#!/usr/bin/with-contenv bash - -# Create uploads directory if not exists -mkdir -p $UPLOADS_ROOT -chown $WEB_USER:$WEB_GROUP $UPLOADS_ROOT - -# Create dir for nginx tmp files -mkdir -p /tmp/nginx/body -chown -R $WEB_USER:$WEB_GROUP /tmp/nginx - -# Create log directories if they don't exist already -mkdir -p /var/log/{nginx,php,mail} - -# Create error.log so that php-fpm can write to it -touch /var/log/php/error.log - -# Chown all files to wordpress -chown -R $WEB_USER:$WEB_GROUP /var/log/{nginx,php,mail} diff --git a/ubuntu-7.0/rootfs/etc/nginx/additional.types b/ubuntu-7.0/rootfs/etc/nginx/additional.types deleted file mode 100644 index ac8070e..0000000 --- a/ubuntu-7.0/rootfs/etc/nginx/additional.types +++ /dev/null @@ -1,6 +0,0 @@ -# If developers add .woff2 type font files we should provide good Content-Type headers -types { - # Add mime support for woff2 - # http://stackoverflow.com/questions/28235550/proper-mime-type-for-woff2-fonts - font/woff2 woff2; -} diff --git a/ubuntu-7.0/rootfs/etc/nginx/cache/fastcgicache.conf b/ubuntu-7.0/rootfs/etc/nginx/cache/fastcgicache.conf deleted file mode 100644 index e093a44..0000000 --- a/ubuntu-7.0/rootfs/etc/nginx/cache/fastcgicache.conf +++ /dev/null @@ -1,12 +0,0 @@ -## -# Add few rules which deny using cache -## -include cache/fastcgicache_skip_rules.conf; -include cache/helper_variables.conf; -fastcgi_cache_bypass $skip_cache; -fastcgi_no_cache $skip_cache; - -fastcgi_cache WORDPRESS; -#proxy_ignore_headers Set-Cookie Expires Cache-Control; - -# Add header for easier cache debugging diff --git a/ubuntu-7.0/rootfs/etc/nginx/cache/fastcgicache_headers.conf b/ubuntu-7.0/rootfs/etc/nginx/cache/fastcgicache_headers.conf deleted file mode 100644 index c6cba07..0000000 --- a/ubuntu-7.0/rootfs/etc/nginx/cache/fastcgicache_headers.conf +++ /dev/null @@ -1,8 +0,0 @@ -# Add header for easier cache debugging -add_header X-Cache $upstream_cache_status always; - -# Add header to force cache rule from project -add_header 'Cache-Control' ${NGINX_CACHE_CONTROL}; - -# If you need to debug the cache mode, uncomment the following line -# add_header X-cache-mode $cachemode; \ No newline at end of file diff --git a/ubuntu-7.0/rootfs/etc/nginx/cache/fastcgicache_settings.conf b/ubuntu-7.0/rootfs/etc/nginx/cache/fastcgicache_settings.conf deleted file mode 100644 index e28122b..0000000 --- a/ubuntu-7.0/rootfs/etc/nginx/cache/fastcgicache_settings.conf +++ /dev/null @@ -1,7 +0,0 @@ -## -# Basic settings of Fast cgi cache -## -fastcgi_cache_path ${NGINX_CACHE_DIRECTORY} levels=1:2 keys_zone=WORDPRESS:100m max_size=1000m inactive=730h; -fastcgi_cache_key $scheme$request_method$host$request_uri; -fastcgi_cache_lock on; -fastcgi_cache_valid ${NGINX_REDIS_CACHE_TTL_DEFAULT}; \ No newline at end of file diff --git a/ubuntu-7.0/rootfs/etc/nginx/cache/fastcgicache_skip_rules.conf b/ubuntu-7.0/rootfs/etc/nginx/cache/fastcgicache_skip_rules.conf deleted file mode 100644 index 99bbc0e..0000000 --- a/ubuntu-7.0/rootfs/etc/nginx/cache/fastcgicache_skip_rules.conf +++ /dev/null @@ -1,75 +0,0 @@ -## -# Add few rules which deny using cache -## - -# Don't skip cache by default -set $skip_cache 0; -# insert project specific cache rules to this file (delete this row when all projects are updated) -include /var/www/project/nginx/server/skip_cache.conf; -# insert project specific cache rules to this folder -include ${NGINX_INCLUDE_DIR}/skipcache/*.conf; - -# POST requests and urls with a query string should always go to PHP -if ($request_method = POST) { - set $skip_cache 1; -} - -# Deal with accepted query vars -set $without $query_string; - -set_by_lua_block $cache_args { - -- Helper split string function - function split( inputstr, sep ) - if sep == nil then - sep = "%s" - end - local t={} ; i=1 - for str in string.gmatch(inputstr, "([^" .. sep .. "]+)") do - t[ i ] = str - i = i + 1 - end - return t - end - - -- Helper escape special chars function - function esc( str ) - return str:gsub( "([^%w])", "%%%1" ) - end - - local with = {} - local without = ngx.var.without - - -- Get a list of accepted query vars from env variable - local accepted = split( ( os.getenv( 'CACHE_QUERYVARS' ) or "" ), "," ) - - -- Loop through the list - for key, accept in pairs(accepted) do - -- If there is a value present for the variable, store it in a variable - if ngx.decode_args( without )[ accept ] then - table.insert( with, accept .. "=" .. ngx.decode_args( without )[ accept ] ) - end - -- Remove the accepted key-value pair from the string - without = string.gsub( without, "&?" .. esc( accept ) .. "=[^&]+", "" ) - end - - -- Store all non-accepted query vars to checked later - ngx.var.without = without - - -- Return accepted query var key-value pairs to be used in the cache key - return "?" .. table.concat( with, "&" ) -} - -# If there were any unaccepted query vars, skip cache -if ($without != "") { - set $skip_cache 1; -} - -# Don't use the cache for logged in users or recent commenters -if ($http_cookie ~* "comment_author|wordpress_[a-f0-9]+|wp-postpass|wordpress_no_cache|wordpress_logged_in|woocommerce_items_in_cart") { - set $skip_cache 1; -} - -# Don't cache responses from wp-admin, xmlrpc and wp-login.php -if ($request_uri ~* "/wp-admin/|/xmlrpc.php|wp-.*.php") { - set $skip_cache 1; -} \ No newline at end of file diff --git a/ubuntu-7.0/rootfs/etc/nginx/cache/helper_variables.conf b/ubuntu-7.0/rootfs/etc/nginx/cache/helper_variables.conf deleted file mode 100644 index ea10fb9..0000000 --- a/ubuntu-7.0/rootfs/etc/nginx/cache/helper_variables.conf +++ /dev/null @@ -1,15 +0,0 @@ -## -# This file creates few helper variables -# $prefer_language_slug - 2 first letters from accept-language header to determine the language redirects from cache -## - -## -# Parse first two letters from accept-language header to determine right cache key -## -set_by_lua_block $prefer_language_slug { - if ngx.var.http_accept_language then - return string.lower( string.match( ngx.var.http_accept_language, '%w%w' ) ) - else - return 'en' - end -} diff --git a/ubuntu-7.0/rootfs/etc/nginx/cache/redis_backend.conf b/ubuntu-7.0/rootfs/etc/nginx/cache/redis_backend.conf deleted file mode 100644 index e9f86a3..0000000 --- a/ubuntu-7.0/rootfs/etc/nginx/cache/redis_backend.conf +++ /dev/null @@ -1,45 +0,0 @@ -## -# Adds internal locations for storing and getting full page cache from redis -## - -srcache_default_expire '${NGINX_REDIS_CACHE_TTL_DEFAULT}'; -srcache_max_expire '${NGINX_REDIS_CACHE_TTL_MAX}'; - -location /redis-fetch { - internal; - - ## - # In order to use password authentication we use custom redis module which adds $redis_auth: - # - https://github.com/Yongke/ngx_http_redis-0.3.7 - ## - - # Read the configuration from system envs - set $redis_auth '${REDIS_PASSWORD}'; - set $redis_db ${REDIS_DATABASE}; - - set $redis_key $args; - - redis_pass ${REDIS_HOST}:${REDIS_PORT}; -} - -location /redis-store { - internal; - - set_unescape_uri $exptime $arg_exptime; - set_unescape_uri $key $arg_key; - - # Fix caching problem for now - # There's issue in github https://github.com/openresty/srcache-nginx-module/issues/61 - set_if_empty $srcache_expire '${NGINX_REDIS_CACHE_TTL_DEFAULT}'; - - # redis module pipelines these 3 commands into single request - redis2_query auth '${REDIS_PASSWORD}'; - redis2_query select ${REDIS_DATABASE}; - - # Set and expire with one command: http://redis.io/commands/setex - redis2_query setex $key $srcache_expire $echo_request_body; - - # Pass the request to redis - redis2_pass ${REDIS_HOST}:${REDIS_PORT}; - -} diff --git a/ubuntu-7.0/rootfs/etc/nginx/cache/skip_rules.conf b/ubuntu-7.0/rootfs/etc/nginx/cache/skip_rules.conf deleted file mode 100644 index 43344c8..0000000 --- a/ubuntu-7.0/rootfs/etc/nginx/cache/skip_rules.conf +++ /dev/null @@ -1,30 +0,0 @@ -## -# Add few rules which deny using cache -## - -# Don't skip cache by default -set $skip_cache 0; - -# POST requests and urls with a query string should always go to PHP -if ($request_method = POST) { - set $skip_cache 1; -} - -# If theres any args skip cache -if ($query_string != "") { - set $skip_cache 1; -} - -# Don't use the cache for logged in users or recent commenters -if ($http_cookie ~* "comment_author|wordpress_[a-f0-9]+|wp-postpass|wordpress_no_cache|wordpress_logged_in|woocommerce_items_in_cart") { - set $skip_cache 1; -} - -# Don't cache responses from wp-admin, xmlrpc and wp-login.php -if ($request_uri ~* "/wp-admin/|/xmlrpc.php|wp-.*.php") { - set $skip_cache 1; -} - -# Skip fetch and skip if conditions are met -srcache_fetch_skip $skip_cache; -srcache_store_skip $skip_cache; diff --git a/ubuntu-7.0/rootfs/etc/nginx/cache/srcache.conf b/ubuntu-7.0/rootfs/etc/nginx/cache/srcache.conf deleted file mode 100644 index 85027dd..0000000 --- a/ubuntu-7.0/rootfs/etc/nginx/cache/srcache.conf +++ /dev/null @@ -1,20 +0,0 @@ -## -# Add few rules which deny using cache -## -include cache/skip_rules.conf; -include cache/helper_variables.conf; - -# Use redis caching for all pages -# Allow different cache key from env -# Use 'wp_' prefix so that cache can be flushed with: -# $ wp cache flush -set $cache_key "${NGINX_CACHE_KEY}"; -set_escape_uri $escaped_cache_key $cache_key; - -srcache_response_cache_control on; - -srcache_fetch GET /redis-fetch $cache_key; -srcache_store PUT /redis-store key=$escaped_cache_key; - -# Add header for easier cache debugging -add_header X-Cache $srcache_fetch_status; diff --git a/ubuntu-7.0/rootfs/etc/nginx/env.conf b/ubuntu-7.0/rootfs/etc/nginx/env.conf deleted file mode 100644 index 3089a23..0000000 --- a/ubuntu-7.0/rootfs/etc/nginx/env.conf +++ /dev/null @@ -1,13 +0,0 @@ -# Set custom enviromental variables that we need with lua here -# These are used to dynamically load -env PORT; -env WEB_ROOT; -env NGINX_MAX_BODY_SIZE; -env NGINX_TIMEOUT; - -# For nginx redis cache -env REDIS_HOST; -env REDIS_PORT; -env REDIS_DATABASE; -env REDIS_PASSWORD; -env CACHE_QUERYVARS; \ No newline at end of file diff --git a/ubuntu-7.0/rootfs/etc/nginx/error_pages.conf b/ubuntu-7.0/rootfs/etc/nginx/error_pages.conf deleted file mode 100644 index 700cc6b..0000000 --- a/ubuntu-7.0/rootfs/etc/nginx/error_pages.conf +++ /dev/null @@ -1,31 +0,0 @@ -## -# Custom error pages -## - -## 403 - Forbidden -error_page 403 /403.html; -location = /403.html { - root /usr/share/nginx/html; - internal; -} - -## 500 - Internal Server Error -error_page 500 /500.html; -location = /500.html { - root /usr/share/nginx/html; - internal; -} - -## 502 - Bad Gateway -error_page 502 /502.html; -location = /502.html { - root /usr/share/nginx/html; - internal; -} - -## 504 - Gateway Timeout -error_page 504 /504.html; -location = /504.html { - root /usr/share/nginx/html; - internal; -} diff --git a/ubuntu-7.0/rootfs/etc/nginx/fastcgi_params b/ubuntu-7.0/rootfs/etc/nginx/fastcgi_params deleted file mode 100644 index 6fccf4f..0000000 --- a/ubuntu-7.0/rootfs/etc/nginx/fastcgi_params +++ /dev/null @@ -1,29 +0,0 @@ -# These are just basic things form request -fastcgi_param QUERY_STRING $query_string; -fastcgi_param REQUEST_METHOD $request_method; -fastcgi_param CONTENT_TYPE $content_type; -fastcgi_param CONTENT_LENGTH $content_length; - -fastcgi_param SCRIPT_NAME $fastcgi_script_name; -fastcgi_param REQUEST_URI $request_uri; -fastcgi_param DOCUMENT_URI $document_uri; -fastcgi_param DOCUMENT_ROOT $document_root; -fastcgi_param SERVER_PROTOCOL $server_protocol; - -fastcgi_param GATEWAY_INTERFACE CGI/1.1; -fastcgi_param SERVER_SOFTWARE nginx/$nginx_version; - -## -# Set these using the knowledge that we are behind proxy -## -fastcgi_param REMOTE_ADDR $real_remote; -fastcgi_param REMOTE_PORT $remote_port; -fastcgi_param SERVER_ADDR $server_addr; -fastcgi_param SERVER_PORT $real_port; -fastcgi_param SERVER_NAME $real_host; -fastcgi_param HTTPS $real_https; -fastcgi_param REQUEST_SCHEME $real_scheme; -fastcgi_param HTTP_HOST $real_host; - -# PHP only, required if PHP was built with --enable-force-cgi-redirect -fastcgi_param REDIRECT_STATUS 200; diff --git a/ubuntu-7.0/rootfs/etc/nginx/fastcgi_settings.conf b/ubuntu-7.0/rootfs/etc/nginx/fastcgi_settings.conf deleted file mode 100644 index 25683fb..0000000 --- a/ubuntu-7.0/rootfs/etc/nginx/fastcgi_settings.conf +++ /dev/null @@ -1,23 +0,0 @@ -# regex to split $uri to $fastcgi_script_name and $fastcgi_path -fastcgi_split_path_info ^(.+\.php)(/.+)$; - -# Bypass the fact that try_files resets $fastcgi_path_info -# see: http://trac.nginx.org/nginx/ticket/321 -set $path_info $fastcgi_path_info; -fastcgi_param PATH_INFO $path_info; - -# Intercept errors from php-fpm -# These can be: -# - timeouts for long running requests -# - requested php file might be missing or not existing in the first place -fastcgi_intercept_errors on; - -fastcgi_index index.php; - -# Small optimisation on fastcgi buffer size -# defaults are 8k; -fastcgi_buffers 16 16k; -fastcgi_buffer_size 16k; - -# Include basic fastcgi settings -include fastcgi_params; diff --git a/ubuntu-7.0/rootfs/etc/nginx/gzip.conf b/ubuntu-7.0/rootfs/etc/nginx/gzip.conf deleted file mode 100644 index 69737cc..0000000 --- a/ubuntu-7.0/rootfs/etc/nginx/gzip.conf +++ /dev/null @@ -1,58 +0,0 @@ -# Compression - -# Enable Gzip compressed. -gzip on; - -# Compression level (1-9). -# 5 is a perfect compromise between size and cpu usage, offering about -# 75% reduction for most ascii files (almost identical to level 9). -gzip_comp_level 5; - -# Don't compress anything that's already small and unlikely to shrink much -# if at all (the default is 20 bytes, which is bad as that usually leads to -# larger files after gzipping). -gzip_min_length 256; - -# Compress data even for clients that are connecting to us via proxies, -# identified by the "Via" header (required for CloudFront). -gzip_proxied any; - -# Tell proxies to cache both the gzipped and regular version of a resource -# whenever the client's Accept-Encoding capabilities header varies; -# Avoids the issue where a non-gzip capable client (which is extremely rare -# today) would display gibberish if their proxy gave them the gzipped version. -gzip_vary on; - -# Compress all output labeled with one of the following MIME-types. -gzip_types - application/atom+xml - application/javascript - application/json - application/ld+json - application/manifest+json - application/rss+xml - application/vnd.geo+json - application/vnd.ms-fontobject - application/x-font-ttf - application/x-web-app-manifest+json - application/xhtml+xml - application/xml - font/opentype - image/bmp - image/svg+xml - image/x-icon - text/cache-manifest - text/css - text/plain - text/vcard - text/vnd.rim.location.xloc - text/vtt - text/x-component - text/x-cross-domain-policy; -# text/html is always compressed by HttpGzipModule - -# This should be turned on if you are going to have pre-compressed copies (.gz) of -# static files available. If not it should be left off as it will cause extra I/O -# for the check. It is best if you enable this in a location{} block for -# a specific directory, or on an individual server{} level. -# gzip_static on; diff --git a/ubuntu-7.0/rootfs/etc/nginx/log_format.conf b/ubuntu-7.0/rootfs/etc/nginx/log_format.conf deleted file mode 100644 index 74c5779..0000000 --- a/ubuntu-7.0/rootfs/etc/nginx/log_format.conf +++ /dev/null @@ -1,16 +0,0 @@ -# Log cache status -# Log real requester address -log_format custom '[$time_local] $http_x_real_ip ' - '$host "$request" $status $body_bytes_sent $request_time ' - '"$http_referer" "$http_user_agent" $upstream_cache_status'; - -## -# Legacy formats which might be in use somewhere -## -# This log format makes it so we can see real requester's IP address \ -# not just the reverse proxy server's IP address. Also note, that \ -# "specialLog" can be replaced with any name you would like to \ -# give to this log format. -log_format specialLog '[$time_local] $http_x_real_ip ' - '$host "$request" $status $body_bytes_sent $request_time ' - '"$http_referer" "$http_user_agent" $upstream_cache_status'; \ No newline at end of file diff --git a/ubuntu-7.0/rootfs/etc/nginx/log_formats.conf b/ubuntu-7.0/rootfs/etc/nginx/log_formats.conf deleted file mode 100644 index 9e4e2fc..0000000 --- a/ubuntu-7.0/rootfs/etc/nginx/log_formats.conf +++ /dev/null @@ -1,19 +0,0 @@ -# Log cache status -# Log real requester address -log_format custom '[$time_local] $http_x_forwarded_for ' - '$host "$request" $status $body_bytes_sent $request_time ' - '"$http_referer" "$http_user_agent" $upstream_cache_status'; - -# A new log format for detecting bad bots. -log_format blocked '[$time_local] Blocked request from $http_x_forwarded_for $request'; - -## -# Legacy formats which might be in use somewhere -## -# This log format makes it so we can see real requester's IP address \ -# not just the reverse proxy server's IP address. Also note, that \ -# "specialLog" can be replaced with any name you would like to \ -# give to this log format. -log_format specialLog '[$time_local] $http_x_forwarded_for ' - '$host "$request" $status $body_bytes_sent $request_time ' - '"$http_referer" "$http_user_agent" $upstream_cache_status'; \ No newline at end of file diff --git a/ubuntu-7.0/rootfs/etc/nginx/nginx.conf b/ubuntu-7.0/rootfs/etc/nginx/nginx.conf deleted file mode 100644 index 109bdae..0000000 --- a/ubuntu-7.0/rootfs/etc/nginx/nginx.conf +++ /dev/null @@ -1,356 +0,0 @@ -# Default user and group for the nginx@index -user ${WEB_USER} ${WEB_GROUP}; - -# Default error log -error_log ${NGINX_ERROR_LOG} ${NGINX_ERROR_LEVEL}; - -# Write process id here -pid /var/run/nginx.pid; - -# Load custom environment variables -include env.conf; - -# How many worker threads to run; -# "auto" sets it to the number of CPU cores available in the system, and -# offers the best performance. Don't set it higher than the number of CPU -# cores if changing this parameter. - -# The maximum number of connections for Nginx is calculated by: -# max_clients = worker_processes * worker_connections -worker_processes auto; - -# Maximum open file descriptors per process; -# should be > worker_connections. -worker_rlimit_nofile 8192; - -events { - # When you need > 8000 * cpu_cores connections, you start optimizing your OS, - # and this is probably the point at which you hire people who are smarter than - # you, as this is *a lot* of requests. - worker_connections 8000; -} - -http { - - # Configure hashmaps so that environment does not change defaults - map_hash_max_size 262144; - map_hash_bucket_size 262144; - server_names_hash_bucket_size 64; - - # Hide nginx version information. - server_tokens off; - - #Enable Fastcgicache - include cache/fastcgicache_settings.conf; - - # Remove Server header entirely - more_clear_headers Server; - - # How long to allow each connection to stay idle; longer values are better - # for each individual client, particularly for SSL, but means that worker - # connections are tied up longer. (Default: 65) - keepalive_timeout 20; - - # Speed up file transfers by using sendfile() to copy directly - # between descriptors rather than using read()/write(). - sendfile on; - - # Tell Nginx not to send out partial frames; this increases throughput - # since TCP frames are filled up before being sent out. (adds TCP_CORK) - tcp_nopush on; - - # Gzip all the assets - include gzip.conf; - - # Add default pagespeed settings - include pagespeed/settings.conf; - - # Add all default mime types and additional ones - include additional.types; - include mime.types; - - default_type application/octet-stream; - - client_body_temp_path /tmp/nginx/body 1 2; - fastcgi_temp_path /tmp/nginx/fastcgi_temp 1 2; - - # Include custom log formats - include log_formats.conf; - - # Allow bigger default file uploads - client_max_body_size ${NGINX_MAX_BODY_SIZE}; - - # Allow bigger body buffer size in memory - client_body_buffer_size ${NGINX_BODY_BUFFER_SIZE}; - - # Include custom nginx http additions from project - include ${NGINX_INCLUDE_DIR}/http/*.conf; - include ${NGINX_INCLUDE_DIR}/environments/${WP_ENV}/http/*.conf; - - # load upstreams from one file which can be overwritten depending on situation - include upstreams.conf; - - # Add few headers which make XSS harder - include security_headers.conf; - - # Add headers from project - include ${NGINX_INCLUDE_DIR}/headers/*.conf; - - # Include cache headers - include cache/fastcgicache_headers.conf; - - # If ${PORT} != 80 means that we are behind reverse proxy as well - # This directive helps that we don't redirect clients into mysite.com:8080/resource type urls - port_in_redirect off; - - # Use theme assets straight from corresponding files for pagespeed - pagespeed ProcessScriptVariables on; - pagespeed LoadFromFile "$scheme://$host/app/themes/" "${WEB_ROOT}/app/themes/"; - pagespeed LoadFromFile "$scheme://$host/wp-content/themes/" "${WEB_ROOT}/wp/wp-content/themes/"; - - server { - # This is the default server for this container - listen ${PORT} default_server; - server_name _; - - root ${WEB_ROOT}; - - # Use index.php if it exists but also allow static websites in subfolders - index index.php index.html; - - access_log ${NGINX_ACCESS_LOG} custom; - - # Blocked log file - set $blocked_log /dev/stdout; - - disable_symlinks off; - - # Include custom nginx server additions from project - include ${NGINX_INCLUDE_DIR}/server/*.conf; - include ${NGINX_INCLUDE_DIR}/environments/${WP_ENV}/server/*.conf; - - # These variables are proxy conscious, so that they work even though we are behind reverse proxy - include proxy_real_variables.conf; - - # Include custom error pages - include error_pages.conf; - - # Own handling for WP-activate that for some very odd reason serves itself as 404. - location = /wp-activate.php { - try_files /wp/$uri @index; - - include fastcgi_settings.conf; - - # Append subfolder automatically - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - - # Give sane max execution time to frontend - fastcgi_read_timeout 30; - fastcgi_pass php-fpm; - } - - location = /robots.txt { - if ( $host ~ gpilvi\.com|geniem\.io ) { - add_header Content-Type text/plain; - return 200 "User-agent: *\nDisallow: /\n"; - } - - allow all; - log_not_found off; - access_log off; - try_files $uri @index; - } - - location = /favicon.ico { - allow all; - log_not_found off; - access_log off; - try_files $uri @index; - } - - # deny all dot-files including git - location ~ /\. { - deny all; - log_not_found off; - access_log off; - } - - location / { - try_files $uri $uri/ /wp/$uri /wp/$uri/ @index; - } - - # Deny requesting .dust files from anywhere else in the theme than under the partials/public directory - location ~* \/themes\/[^\/]+\/partials\/public\/.*\.dust$ { - allow all; - } - - location ~* \/themes\/.*\.dust$ { - deny all; - } - - # Static files - location ~* \.(css|js|jpe?g|gif|ico|png|otf|ttf|eot|woff?2|svg|webp)$ { - - ## Deny overriding Pagespeed - if ($arg_pagespeed != '') { access_log $blocked_log blocked; return 403; } - if ($arg_pagespeedspeedfilters != '') { access_log $blocked_log blocked; return 403; } - - include static_files.conf; - - # These files are probably exactly like $uri says but also try from /wp/ - try_files $uri /wp/$uri @index; - - # Deny requesting plain style.css from theme root directory - location ~ ^.*/themes/[^/]+/style\.css { - - # Preserve this url - pagespeed CssPreserveUrls true; - - # Minify and remove comments from css - pagespeed EnableFilters rewrite_css; - - # Wait that nginx has prepared the file - pagespeed InPlaceWaitForOptimized on; - - # Don't ever try to load non modified style.css - pagespeed InPlaceRewriteDeadlineMs 100000000; - - # Don't allow overriding pagespeed with pagespeed fixed urls - # Source: https://github.com/pagespeed/ngx_pagespeed/issues/1306 - location ~ ^(.*)/themes/([^/]+)/style.*pagespeed.* { - return 301 $1/themes/$2/style.css; - } - } - - ## - # Static WordPress files ~ wp-* - # These files are probably in /wp/ subfolder but also try from $uri - ## - location ~ ^wp- { - try_files /wp/$uri $uri @index; - } - } - - # App folder contains our plugins and themes - # We want to server assets from here but deny all php execution - location /app/ { - try_files $uri @index; - - ## - # Deny access into php files under /app/ - ## - location ~ \.php$ { - access_log $blocked_log blocked; - deny all; - } - } - - ## - # Run all php files from wp subfolder - # This is how wordpress is supposed to be run - # It also prevents direct access to possibly insecure code inside our plugins - ## - location ~ \.php$ { - try_files /wp/$uri @index; - - include fastcgi_settings.conf; - - # Append subfolder automatically - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - - # Handover 404 errors from php-fpm to WordPress - error_page 404 = @index; - - # Give sane max execution time to frontend - fastcgi_read_timeout ${NGINX_FASTCGI_TIMEOUT}; - fastcgi_pass php-fpm; - - ## Deny access to all php files in uploads folders - location ~* ^/uploads { access_log $blocked_log blocked; deny all; } - location ~* ^/content/uploads { access_log $blocked_log blocked; deny all; } - location ~* ^/wp-content/uploads { access_log $blocked_log blocked; deny all; } - - ## Fix Full Path Disclosures if display_errors is on - ## Don't allow straight access into core wp-includes - location ~* ^/wp-includes { access_log $blocked_log blocked; deny all; } - } - # Create purge location to empty fullpage cache - location ~ /purge(/.*) { - fastcgi_cache_purge WORDPRESS "$scheme$request_method$host$1"; - } - # Create health location for contena healthcheck - location /__health { - access_log off; - return 200; - } - - # Include redis interfaces /redis-fetch & /redis-store - # include cache/redis_backend.conf; - - location @index { - - # Include custom nginx index additions from project - include ${NGINX_INCLUDE_DIR}/index/*.conf; - include ${NGINX_INCLUDE_DIR}/environments/${WP_ENV}/index/*.conf; - - ## Deny overriding Pagespeed - if ($arg_pagespeed != '') { access_log $blocked_log blocked; return 403; } - if ($arg_pagespeedspeedfilters != '') { access_log $blocked_log blocked; return 403; } - - # Use redis as proxy cache - #include cache/srcache.conf; - # Use fastcgi cache - include cache/fastcgicache.conf; - - # Fallback into php - include fastcgi_settings.conf; - fastcgi_param SCRIPT_FILENAME $document_root/index.php; - - # Give sane max execution time to frontend - fastcgi_read_timeout ${NGINX_FASTCGI_TIMEOUT}; - fastcgi_pass php-fpm; - } - - # WordPress is stupid - location = /wp-admin { rewrite ^ /wp-admin/ permanent; } - - location = / { - - ## Block hackers from enumerating users - if ( $arg_author ~ [0-9]+ ) { access_log $blocked_log blocked; return 403; } - - ## Deny overriding Pagespeed - if ($arg_pagespeed != '') { access_log $blocked_log blocked; return 403; } - if ($arg_pagespeedspeedfilters != '') { access_log $blocked_log blocked; return 403; } - - # Use redis as proxy cache - #include cache/srcache.conf; - # Use fastcgi cache - include cache/fastcgicache.conf; - - #Enable project spesific config to root block - include ${NGINX_INCLUDE_DIR}/environments/${WP_ENV}/root/*.conf; - - # Fallback into php - include fastcgi_settings.conf; - fastcgi_param SCRIPT_FILENAME $document_root/index.php; - - # Give sane max execution time to frontend - fastcgi_read_timeout ${NGINX_FASTCGI_TIMEOUT}; - fastcgi_pass php-fpm; - } - - # Prevent /wp/wp/wp/... rewrite loops - location ^~ /wp/ { - rewrite ^/wp/(.*)$ $1$is_args$args last; - } - - # Block some vulnerabilities always - include security.conf; - - # Include basic pagespeed locations like beacons - include pagespeed/locations.conf; - } - include ${NGINX_INCLUDE_DIR}/environments/${WP_ENV}/end/*.conf; - -} diff --git a/ubuntu-7.0/rootfs/etc/nginx/pagespeed/locations.conf b/ubuntu-7.0/rootfs/etc/nginx/pagespeed/locations.conf deleted file mode 100644 index 46feb53..0000000 --- a/ubuntu-7.0/rootfs/etc/nginx/pagespeed/locations.conf +++ /dev/null @@ -1,7 +0,0 @@ -# Ensure requests for pagespeed optimized resources go to the pagespeed handler -# and no extraneous headers get set. -location ~ "\.pagespeed\.([a-z]\.)?[a-z]{2}\.[^.]{10}\.[^.]+" { - add_header "" ""; -} -location ~ "^/pagespeed_static/" { } -location ~ "^/ngx_pagespeed_beacon$" { } diff --git a/ubuntu-7.0/rootfs/etc/nginx/pagespeed/settings.conf b/ubuntu-7.0/rootfs/etc/nginx/pagespeed/settings.conf deleted file mode 100644 index be5a0a8..0000000 --- a/ubuntu-7.0/rootfs/etc/nginx/pagespeed/settings.conf +++ /dev/null @@ -1,13 +0,0 @@ -# Hide pagespeed version and provide this header instaed -pagespeed XHeaderValue "Enabled"; - -# Don't alter Cache-Control headers -pagespeed ModifyCachingHeaders off; - -# This is for pagespeed temporary files -# Needs to exist and be writable by nginx. Use tmpfs for best performance. -pagespeed FileCachePath /tmp/nginx/pagespeed; - -# Pagespeed sets default TTL from file to 300s, which is bad -# This sets the time to be 1 year -pagespeed LoadFromFileCacheTtlMs 2592000000; diff --git a/ubuntu-7.0/rootfs/etc/nginx/proxy_real_variables.conf b/ubuntu-7.0/rootfs/etc/nginx/proxy_real_variables.conf deleted file mode 100644 index e380f1f..0000000 --- a/ubuntu-7.0/rootfs/etc/nginx/proxy_real_variables.conf +++ /dev/null @@ -1,35 +0,0 @@ -## -# Set few variables since we use jwilder/nginx-proxy in dev and proxy in production -# So the fastcgi params need to be the original ones or you -# will have redirect loops ('canonical_redirect' mostly) -## - -# Set $host first from proxy (if possible) -set $real_host $http_x_forwarded_host; -if ($real_host = '') { - set $real_host $http_host; -} - -# Set server port according to forwarded proto -set $real_port 80; -if ($http_x_forwarded_proto = 'https') { - set $real_port 443; -} - -# Set https according to used proto -set $real_https off; -if ($http_x_forwarded_proto = 'https') { - set $real_https on; -} - -# Set scheme according to used proto -set $real_scheme 'http'; -if ($http_x_forwarded_proto = 'https') { - set $real_scheme 'https'; -} - -# Set original remote -set $real_remote $http_x_forwarded_for; -if ($real_remote = '') { - set $real_remote $remote_addr; -} diff --git a/ubuntu-7.0/rootfs/etc/nginx/security.conf b/ubuntu-7.0/rootfs/etc/nginx/security.conf deleted file mode 100644 index 24afdeb..0000000 --- a/ubuntu-7.0/rootfs/etc/nginx/security.conf +++ /dev/null @@ -1,27 +0,0 @@ -## Block SQL injections -location ~* union.*select.*\( { access_log $blocked_log blocked; return 403; } -location ~* union.*all.*select.* { access_log $blocked_log blocked; return 403; } -location ~* concat.*\( { access_log $blocked_log blocked; return 403; } - -## Block common exploits -location ~* (<|%3C).*script.*(>|%3E) { access_log $blocked_log blocked; return 403; } -location ~* base64_(en|de)code\(.*\) { access_log $blocked_log blocked; return 403; } -location ~* (%24&x) { access_log $blocked_log blocked; return 403; } -location ~* (%0|%A|%B|%C|%D|%E|%F|127\.0) { access_log $blocked_log blocked; return 403; } -location ~* \.\.\/ { access_log $blocked_log blocked; return 403; } -location ~* ~$ { access_log $blocked_log blocked; return 403; } -location ~* proc/self/environ { access_log $blocked_log blocked; return 403; } -location ~* /\.(htaccess|htpasswd|svn|git) { access_log $blocked_log blocked; return 403; } - -## Block file injections -location ~* [a-zA-Z0-9_]=(\.\.//?)+ { access_log $blocked_log blocked; return 403; } -location ~* [a-zA-Z0-9_]=/([a-z0-9_.]//?)+ { access_log $blocked_log blocked; return 403; } - -## wordpress security -location ~* wp-config.php { access_log $blocked_log blocked; return 403; } -location ~* wp-load.php { access_log $blocked_log blocked; return 403; } -location ~* wp-admin/includes { access_log $blocked_log blocked; return 403; } -location ~* wp-app\.log { access_log $blocked_log blocked; return 403; } -location ~* (licence|readme|license)\.(md|html|txt) { access_log $blocked_log blocked; return 403; } -location ~* composer.json { access_log $blocked_log blocked; return 403; } - diff --git a/ubuntu-7.0/rootfs/etc/nginx/security_headers.conf b/ubuntu-7.0/rootfs/etc/nginx/security_headers.conf deleted file mode 100644 index be78f67..0000000 --- a/ubuntu-7.0/rootfs/etc/nginx/security_headers.conf +++ /dev/null @@ -1,23 +0,0 @@ -## -# Security headers, source: https://gist.github.com/plentz/6737338 -## - -# config to don't allow the browser to render the page inside an frame or iframe -# and avoid clickjacking http://en.wikipedia.org/wiki/Clickjacking -# if you need to allow [i]frames, you can use SAMEORIGIN or even set an uri with ALLOW-FROM uri -# https://developer.mozilla.org/en-US/docs/HTTP/X-Frame-Options -add_header X-Frame-Options SAMEORIGIN; - -# when serving user-supplied content, include a X-Content-Type-Options: nosniff header along with the Content-Type: header, -# to disable content-type sniffing on some browsers. -# https://www.owasp.org/index.php/List_of_useful_HTTP_headers -# currently suppoorted in IE > 8 http://blogs.msdn.com/b/ie/archive/2008/09/02/ie8-security-part-vi-beta-2-update.aspx -# http://msdn.microsoft.com/en-us/library/ie/gg622941(v=vs.85).aspx -# 'soon' on Firefox https://bugzilla.mozilla.org/show_bug.cgi?id=471020 -add_header X-Content-Type-Options nosniff always; - -# This header enables the Cross-site scripting (XSS) filter built into most recent web browsers. -# It's usually enabled by default anyway, so the role of this header is to re-enable the filter for -# this particular website if it was disabled by the user. -# https://www.owasp.org/index.php/List_of_useful_HTTP_headers -add_header X-XSS-Protection "1; mode=block"; diff --git a/ubuntu-7.0/rootfs/etc/nginx/static_files.conf b/ubuntu-7.0/rootfs/etc/nginx/static_files.conf deleted file mode 100644 index fa9d42d..0000000 --- a/ubuntu-7.0/rootfs/etc/nginx/static_files.conf +++ /dev/null @@ -1,13 +0,0 @@ -# Use version numbers to bypass cache -# Try to cache as long as we can -expires max; - -## No need to bleed constant updates. Send the all shebang in one -## fell swoop. -tcp_nodelay off; - -## Set the OS file cache. -open_file_cache max=3000 inactive=120s; -open_file_cache_valid 45s; -open_file_cache_min_uses 2; -open_file_cache_errors off; diff --git a/ubuntu-7.0/rootfs/etc/nginx/upstreams.conf b/ubuntu-7.0/rootfs/etc/nginx/upstreams.conf deleted file mode 100644 index 395d445..0000000 --- a/ubuntu-7.0/rootfs/etc/nginx/upstreams.conf +++ /dev/null @@ -1,4 +0,0 @@ -# Default php handler -upstream php-fpm { - server unix:/var/run/php-fpm.sock; -} diff --git a/ubuntu-7.0/rootfs/etc/php/7.0/cli/php.ini b/ubuntu-7.0/rootfs/etc/php/7.0/cli/php.ini deleted file mode 100644 index 3d0f5f3..0000000 --- a/ubuntu-7.0/rootfs/etc/php/7.0/cli/php.ini +++ /dev/null @@ -1,72 +0,0 @@ -[PHP] -; This directive determines whether or not PHP will recognize code between -; tags as PHP source which should be processed as such. -short_open_tag = Off - -; Implicit flush tells PHP to tell the output layer to flush itself -; automatically after every output block. -implicit_flush = Off - -; This directive allows you to disable certain functions for security reasons. -; It receives a comma-delimited list of function names. -; http://php.net/disable-functions -disable_functions = - -; Enables or disables the circular reference collector. -; http://php.net/zend.enable-gc -zend.enable_gc = On - -;;;;;;;;;;;;;;;;; -; Miscellaneous ; -;;;;;;;;;;;;;;;;; - - -; Deny executing anything else than the exact path passed from fastcgi -; This causes the PHP interpreter to only try the literal path given and to stop processing if the file is not found. -; This is for security. -; https://www.nginx.com/resources/wiki/start/topics/tutorials/config_pitfalls/#passing-uncontrolled-requests-to-php -cgi.fix_pathinfo = 0 - -expose_php = Off - -;;;;;;;;;;;;;;;;;;; -; Resource Limits ; -;;;;;;;;;;;;;;;;;;; - -; Maximum execution time of each script, in seconds -max_execution_time = 600 - -; Maximum amount of time each script may spend parsing request data. -max_input_time = 60 - -; How many GET/POST/COOKIE input variables may be accepted -; max_input_vars = 1000 - -; Maximum amount of memory a script may consume (128MB) -memory_limit = ${PHP_MEMORY_LIMIT} - -;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; -; Error handling and logging ; -;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; - -error_reporting = E_ALL - -error_log = /proc/1/fd/2 - -display_errors = On - -display_startup_errors = On - -log_errors = On - -log_errors_max_len = 2048 - -ignore_repeated_errors = Off - -ignore_repeated_source = Off - -report_memleaks = On - -track_errors = On - -html_errors = Off diff --git a/ubuntu-7.0/rootfs/etc/php/7.0/fpm/conf.d/blocked.ini b/ubuntu-7.0/rootfs/etc/php/7.0/fpm/conf.d/blocked.ini deleted file mode 100644 index 4142569..0000000 --- a/ubuntu-7.0/rootfs/etc/php/7.0/fpm/conf.d/blocked.ini +++ /dev/null @@ -1,4 +0,0 @@ -; Disable some functions because they allow bad/vulnerable patterns -; We want to advocate good coding practises and these functions make it difficult -; You can use these with php cli but not with php-fpm -disable_functions = exec,passthru,shell_exec,show_source,system,pcntl_exec,popen,posix_getpwuid,posix_kill,posix_mkfifo,posix_setpgid,posix_setsid,posix_setuid,posix_setuid,posix_uname,proc_nice,proc_open,proc_close,proc_get_status diff --git a/ubuntu-7.0/rootfs/etc/php/7.0/fpm/conf.d/common.ini b/ubuntu-7.0/rootfs/etc/php/7.0/fpm/conf.d/common.ini deleted file mode 100644 index 5600222..0000000 --- a/ubuntu-7.0/rootfs/etc/php/7.0/fpm/conf.d/common.ini +++ /dev/null @@ -1,4 +0,0 @@ -[PHP] - -; Don't brag that we have php 7.0 -expose_php = Off diff --git a/ubuntu-7.0/rootfs/etc/php/7.0/fpm/conf.d/limits.ini b/ubuntu-7.0/rootfs/etc/php/7.0/fpm/conf.d/limits.ini deleted file mode 100644 index 6ccc766..0000000 --- a/ubuntu-7.0/rootfs/etc/php/7.0/fpm/conf.d/limits.ini +++ /dev/null @@ -1,7 +0,0 @@ -; filesize, time and input limits -max_execution_time = ${NGINX_FASTCGI_TIMEOUT} -max_input_time = -1 -max_input_vars = ${PHP_MAX_INPUT_VARS} -memory_limit = ${PHP_MEMORY_LIMIT} -post_max_size = ${NGINX_MAX_BODY_SIZE} -upload_max_filesize = ${NGINX_MAX_BODY_SIZE} diff --git a/ubuntu-7.0/rootfs/etc/php/7.0/fpm/conf.d/logging.ini b/ubuntu-7.0/rootfs/etc/php/7.0/fpm/conf.d/logging.ini deleted file mode 100644 index 6db568d..0000000 --- a/ubuntu-7.0/rootfs/etc/php/7.0/fpm/conf.d/logging.ini +++ /dev/null @@ -1,4 +0,0 @@ -; Log all warnings and errors -error_log = ${PHP_ERROR_LOG} -log_level = ${PHP_ERROR_LOG_LEVEL} -log_errors_max_len = ${PHP_ERROR_MAX_LEN} diff --git a/ubuntu-7.0/rootfs/etc/php/7.0/fpm/conf.d/mail.ini b/ubuntu-7.0/rootfs/etc/php/7.0/fpm/conf.d/mail.ini deleted file mode 100644 index d54d6f8..0000000 --- a/ubuntu-7.0/rootfs/etc/php/7.0/fpm/conf.d/mail.ini +++ /dev/null @@ -1,3 +0,0 @@ -[PHP] -; Use msmtp to send mail instead of sendmail -sendmail_path = "/usr/sbin/sendmail" diff --git a/ubuntu-7.0/rootfs/etc/php/7.0/fpm/conf.d/opcache.ini b/ubuntu-7.0/rootfs/etc/php/7.0/fpm/conf.d/opcache.ini deleted file mode 100644 index 41a7d2a..0000000 --- a/ubuntu-7.0/rootfs/etc/php/7.0/fpm/conf.d/opcache.ini +++ /dev/null @@ -1,24 +0,0 @@ -; Enable php opcache to make site faster -; These are taken from: https://www.scalingphpbook.com/blog/2014/02/14/best-zend-opcache-settings.html -[opcache] -opcache.enable = 1 -opcache.enable_cli = 1 - -; Provides a faster mechanism for calling the deconstructors in your code at the end of a single request to speed up the response and recycle php workers so they're ready for the next incoming request faster. -opcache.fast_shutdown = 1 - -; Give plenty of memory for php process for caching the code -opcache.memory_consumption = ${PHP_OPCACHE_MAX_MEMORY} - -; Log into container output -opcache.error_log = /dev/stderr - -; Log opcache warnings -opcache.log_verbosity_level = 2 - -; PHP uses a technique called string interning to improve performance— so, for example, if you have the string "foobar" 1000 times in your code, internally PHP will store 1 immutable variable for this string and just use a pointer to it for the other 999 times you use it. -; This reserves 16MB to storing the most used strings -opcache.interned_strings_buffer = 16 -opcache.max_accelerated_files = ${PHP_OPCACHE_MAX_FILES} - - diff --git a/ubuntu-7.0/rootfs/etc/php/7.0/fpm/conf.d/opcache_invalidate.conf b/ubuntu-7.0/rootfs/etc/php/7.0/fpm/conf.d/opcache_invalidate.conf deleted file mode 100644 index d152afa..0000000 --- a/ubuntu-7.0/rootfs/etc/php/7.0/fpm/conf.d/opcache_invalidate.conf +++ /dev/null @@ -1,5 +0,0 @@ -; Don't revalidate php files in this container -opcache.validate_timestamps = 0 - -; We don't need to cache php comments into opcache -opcache.save_comments = 0 diff --git a/ubuntu-7.0/rootfs/etc/php/7.0/fpm/conf.d/sessions.ini b/ubuntu-7.0/rootfs/etc/php/7.0/fpm/conf.d/sessions.ini deleted file mode 100644 index d5fb56c..0000000 --- a/ubuntu-7.0/rootfs/etc/php/7.0/fpm/conf.d/sessions.ini +++ /dev/null @@ -1,6 +0,0 @@ -;;;;;;;;;;;;;;;;;;;;;;;;;; -; Define Session backend ; -;;;;;;;;;;;;;;;;;;;;;;;;;; -; These env can also contain redis as backend -session.save_handler = ${PHP_SESSION_HANDLER} -session.save_path = ${PHP_SESSION_SAVE_PATH} diff --git a/ubuntu-7.0/rootfs/etc/php/7.0/fpm/conf.d/timezone.ini b/ubuntu-7.0/rootfs/etc/php/7.0/fpm/conf.d/timezone.ini deleted file mode 100644 index dfb2fec..0000000 --- a/ubuntu-7.0/rootfs/etc/php/7.0/fpm/conf.d/timezone.ini +++ /dev/null @@ -1,2 +0,0 @@ -; Timezone from env formatted like 'Europe/Helsinki' -date.timezone = ${TZ} diff --git a/ubuntu-7.0/rootfs/etc/php/7.0/fpm/php-fpm.conf b/ubuntu-7.0/rootfs/etc/php/7.0/fpm/php-fpm.conf deleted file mode 100644 index ece3a90..0000000 --- a/ubuntu-7.0/rootfs/etc/php/7.0/fpm/php-fpm.conf +++ /dev/null @@ -1,35 +0,0 @@ -; Run this in foregroud so s6 can control it -daemonize = no - -; Log all warnings and errors -error_log = ${PHP_ERROR_LOG} -log_level = ${PHP_ERROR_LOG_LEVEL} - -[www] -user = ${WEB_USER} -group = ${WEB_GROUP} -listen = /var/run/php-fpm.sock -listen.owner = ${WEB_USER} -listen.group = ${WEB_GROUP} -pm = dynamic - -; Total RAM dedicated to the web server / Max child process size -pm.max_children = 30 - -pm.start_servers = 1 -pm.min_spare_servers = 1 -pm.max_spare_servers = 3 - -; Redirect worker stdout and stderr into main error log. If not set, stdout and -; stderr will be redirected to /dev/null according to FastCGI specs. -; Default Value: no -catch_workers_output = yes - -; Project web root -chdir = ${WEB_ROOT} - -pm.process_idle_timeout = 10s -pm.max_requests = 500 - -; Include extra configs -include=/etc/php/7.0/fpm/php-fpm.d/*.conf diff --git a/ubuntu-7.0/rootfs/etc/php/7.0/fpm/php-fpm.d/preserve-env.conf b/ubuntu-7.0/rootfs/etc/php/7.0/fpm/php-fpm.d/preserve-env.conf deleted file mode 100644 index 956d8ff..0000000 --- a/ubuntu-7.0/rootfs/etc/php/7.0/fpm/php-fpm.d/preserve-env.conf +++ /dev/null @@ -1,3 +0,0 @@ -; Just use all envs from system when php-fpm starts -; By default php-fpm flushes all envs and they need to be whitelisted -clear_env = no diff --git a/ubuntu-7.0/rootfs/etc/php/7.0/fpm/php.ini b/ubuntu-7.0/rootfs/etc/php/7.0/fpm/php.ini deleted file mode 100644 index 472d608..0000000 --- a/ubuntu-7.0/rootfs/etc/php/7.0/fpm/php.ini +++ /dev/null @@ -1,46 +0,0 @@ -;;; -; Production settings for php and php-fpm -;;; -; All directives from /etc/php/7.0/fpm/conf.d are also included -;;; - -[PHP] - -; Don't display errors into frontend -display_errors = stderr - -; disable ignoring of repeat errors -ignore_repeated_errors = false - -; disable ignoring of unique source errors -ignore_repeated_source = false - -; enable logging of php memory leaks -report_memleaks = true - -; Deny executing anything else than the exact path passed from fastcgi -; This causes the PHP interpreter to only try the literal path given and to stop processing if the file is not found. -; This is for security. Source: https://www.nginx.com/resources/wiki/start/topics/tutorials/config_pitfalls/#passing-uncontrolled-requests-to-php -cgi.fix_pathinfo = 0 - -; disable html markup of errors -html_errors = false - -; disable formatting of error reference links -docref_root = 0 - -; disable formatting of error reference links -docref_ext = 0 - -; disable max error string length ( by using so big number that bigger messages don't matter ) -log_errors_max_len = 10000 - -; Don't show startup errors -display_startup_errors = Off -track_errors = Off - -; Redirect worker stdout and stderr into main error log. If not set, stdout and -; stderr will be redirected to /dev/null according to FastCGI specs. -; Default Value: no -catch_workers_output = yes - diff --git a/ubuntu-7.0/rootfs/etc/services.d/cron/run b/ubuntu-7.0/rootfs/etc/services.d/cron/run deleted file mode 100644 index 444e2b9..0000000 --- a/ubuntu-7.0/rootfs/etc/services.d/cron/run +++ /dev/null @@ -1,4 +0,0 @@ -#!/usr/bin/with-contenv sh -echo "[services.d] started cron daemon" -# Runs cron daemon in foreground -cron -l 2 -f diff --git a/ubuntu-7.0/rootfs/etc/services.d/nginx/run b/ubuntu-7.0/rootfs/etc/services.d/nginx/run deleted file mode 100755 index ef92c7d..0000000 --- a/ubuntu-7.0/rootfs/etc/services.d/nginx/run +++ /dev/null @@ -1,4 +0,0 @@ -#!/usr/bin/with-contenv sh - -# Run nginx always in foreground -exec nginx -g "daemon off;" diff --git a/ubuntu-7.0/rootfs/etc/services.d/php-fpm/run b/ubuntu-7.0/rootfs/etc/services.d/php-fpm/run deleted file mode 100644 index 60b0cb8..0000000 --- a/ubuntu-7.0/rootfs/etc/services.d/php-fpm/run +++ /dev/null @@ -1,53 +0,0 @@ -#!/usr/bin/with-contenv bash - -## -# Check which kind of session backend we should be using -## -if [ -z "$PHP_SESSION_SAVE_PATH" ]; then - echo "[php-fpm] configuring php-fpm session backend..." - - # Use 'files' as default session handler - export PHP_SESSION_HANDLER=${PHP_SESSION_HANDLER-files} - - case "$PHP_SESSION_HANDLER" in - - files) - mkdir -p /tmp/php - chown $WEB_USER:$WEB_GROUP /tmp/php - - # export new env for php-fpm - export PHP_SESSION_SAVE_PATH='/tmp/php' - ;; - redis) - # Set defaults - REDIS_HOST=${REDIS_HOST-$REDIS_1_PORT_6379_TCP_ADDR} - REDIS_PORT=${REDIS_PORT-6379} - REDIS_SCHEME=${REDIS_SCHEME-tcp} - REDIS_PHP_SESSION_HOST=${REDIS_PHP_SESSION_HOST-$REDIS_1_PORT_6379_TCP_ADDR} - - # After this time php-fpm will timeout from requesting session data - PHP_SESSION_REDIS_TIMEOUT=${PHP_SESSION_REDIS_TIMEOUT-5} - - PHP_SESSION_REDIS_PARAMS="timeout=$PHP_SESSION_REDIS_TIMEOUT" - - # Set these only if they are not 0 and '' because they add complexity for the query - if [ "$PHP_SESSION_REDIS_DB" != "" ]; then - PHP_SESSION_REDIS_PARAMS+="&database=$PHP_SESSION_REDIS_DB" - fi - if [ "$REDIS_PASSWORD" != "" ]; then - PHP_SESSION_REDIS_PARAMS+="&auth=$REDIS_PASSWORD" - fi - if [ "$PHP_SESSION_REDIS_PREFIX" != "" ]; then - PHP_SESSION_REDIS_PARAMS+="&prefix=$PHP_SESSION_REDIS_PREFIX" - fi - - # export new env for php-fpm - export PHP_SESSION_SAVE_PATH="$REDIS_SCHEME://$REDIS_PHP_SESSION_HOST:$REDIS_PORT?$PHP_SESSION_REDIS_PARAMS" - ;; - esac -fi -echo "[php-fpm] using $PHP_SESSION_SAVE_PATH for php sessions..." - -echo "[php-fpm] started php-fpm" -exec php-fpm -c /etc/php/7.0/fpm/php.ini --fpm-config /etc/php/7.0/fpm/php-fpm.conf --pid /var/run/php-fpm.pid - diff --git a/ubuntu-7.0/rootfs/usr/bin/wp b/ubuntu-7.0/rootfs/usr/bin/wp deleted file mode 100755 index e138ef0..0000000 --- a/ubuntu-7.0/rootfs/usr/bin/wp +++ /dev/null @@ -1,12 +0,0 @@ -#!/usr/bin/env bash -## -# WP-cli wrapper: Append path automatically so that user doesn't have to -## -if [ "$(whoami)" = "root" ]; then - # Run as wordpress user instead - # This helps that we don't install things as root - # Or run 3rd party code as root - gosu $WEB_USER /usr/local/bin/wp-cli "$@" --path=$WP_CORE -else - /usr/local/bin/wp-cli "$@" --path=$WP_CORE -fi diff --git a/ubuntu-7.0/rootfs/usr/local/bin/phinx b/ubuntu-7.0/rootfs/usr/local/bin/phinx deleted file mode 100755 index 854aa2f..0000000 --- a/ubuntu-7.0/rootfs/usr/local/bin/phinx +++ /dev/null @@ -1,27 +0,0 @@ -#!/usr/bin/env bash -## -# Phinx wrapper -# You need to install phinx through composer first -## - -# Export database host in prod and dev -if [ ! -z "$MYSQL_HOST" ]; then - export PHINX_DBHOST=$MYSQL_HOST -elif [ ! -z "$DB_HOST" ]; then - export PHINX_DBHOST=$DB_HOST -elif [ ! -z "$DB_PORT_3306_TCP_ADDR" ]; then - export PHINX_DBHOST=$DB_PORT_3306_TCP_ADDR -else - echo "ERROR: You need to set DB_HOST!" -fi - -# Export phinx envs -# Default to MYSQL_ envs but fallback to DB_ -export PHINX_DBPORT=${MYSQL_PORT-$DB_PORT} -export PHINX_DBNAME=${MYSQL_DATABASE-$DB_NAME} -export PHINX_DBUSER=${MYSQL_USER-$DB_USER} -export PHINX_DBPASSWORD=${MYSQL_PWD-$DB_PASSWORD} -export PHINX_ENVIRONMENT=$WP_ENV - -# Run phinx -php $PROJECT_ROOT/vendor/bin/phinx $@ diff --git a/ubuntu-7.0/rootfs/usr/local/bin/print-smtp-password b/ubuntu-7.0/rootfs/usr/local/bin/print-smtp-password deleted file mode 100755 index f59d906..0000000 --- a/ubuntu-7.0/rootfs/usr/local/bin/print-smtp-password +++ /dev/null @@ -1,5 +0,0 @@ -#!/bin/bash -# This is so that we can use msmtp without /etc/msmtprc config file -# msmtp doesn't have --password option and it only has --passwordeval option -# We use this script so that we can use it in passwordeval -echo $SMTP_PASSWORD diff --git a/ubuntu-7.0/rootfs/usr/local/bin/wp-run-cron b/ubuntu-7.0/rootfs/usr/local/bin/wp-run-cron deleted file mode 100755 index e5c4aa8..0000000 --- a/ubuntu-7.0/rootfs/usr/local/bin/wp-run-cron +++ /dev/null @@ -1,42 +0,0 @@ -#!/bin/bash -# Copyright © 2015 Bjørn Johansen -# This work is free. You can redistribute it and/or modify it under the -# terms of the Do What The Fuck You Want To Public License, Version 2, -# as published by Sam Hocevar. See http://www.wtfpl.net/ for more details. -# Source: https://bjornjohansen.no/wordpress-cron-wp-cli -# Github: https://gist.github.com/bjornjohansen/a00a9fee5475c4dadb56#file-run-wp-cron-sh - -# This is modified for our container. In this container you don't need to use --path -# because it's automatically included - -# Check if WP-CLI is available -if ! hash wp 2>/dev/null; then - echo "[wp-cron] ERROR: WP-CLI is not available" - exit -fi - -# If WordPress isn’t installed here, we bail -if ! wp core is-installed --quiet >> /dev/null; then - echo "[wp-cron] ERROR: WordPress is not installed here: ${WP_CORE}" - exit -fi - -# Get a list of site URLs -if wp core is-installed --quiet --network >> /dev/null; -then - SITE_URLS=`wp site list --fields=url --archived=0 --deleted=0 --format=csv | sed 1d` -else - SITE_URLS=(`wp option get siteurl`) -fi - -# Loop through all the sites -for SITE_URL in $SITE_URLS -do - # replaced loop with better solution - wp cron event run --due-now --url="$SITE_URL" - # Run all event hooks that are due - #for EVENT_HOOK in $(wp cron event list --format=csv --fields=hook,next_run_relative --url="$SITE_URL" | grep now$ | awk -F ',' '{print $1}') - #do - # wp cron event run "$EVENT_HOOK" --url="$SITE_URL" --quiet - #done -done diff --git a/ubuntu-7.0/rootfs/usr/sbin/sendmail b/ubuntu-7.0/rootfs/usr/sbin/sendmail deleted file mode 100755 index ec8c40f..0000000 --- a/ubuntu-7.0/rootfs/usr/sbin/sendmail +++ /dev/null @@ -1,66 +0,0 @@ -#!/bin/bash -## -# This is custom wrapper for msmtp which acts like good old sendmail -# - It is used for php and cron -# - This is easier to configure for external mail server than sendmail -# - sendmail is just the default binary which other services will use -# - It needs following env: SMTP_HOST, SMTP_PASSWORD, SMTP_PORT, SMTP_AUTH, SMTP_USER -## - -# Deduce all used msmtp options from system ENVs -declare -a options - -# Act like sendmail -options+=("-t") - -# Use system tls chain -options+=("--tls-trust-file=/etc/ssl/certs/ca-certificates.crt") - -if [ -n "$SMTP_HOST" ]; then - options+=("--host=$SMTP_HOST") -else - echo "[mail error] SMTP_HOST is not defined, mail can't be sent" - exit 1 -fi - -# Log all mail requests -# try /var/log/mail/sent.log but use stdout when logfile is not available -if [ -n "$SMTP_LOG" ]; then - options+=("--logfile=$SMTP_LOG") -elif [ -f /var/log/mail/sent.log ]; then - options+=("--logfile=/var/log/mail/sent.log") -fi - -if [ -n "$SMTP_FROM" ]; then - options+=("--from=$SMTP_FROM") -fi - -# Default port for smtp is 25 and it will work even without this option -if [ -n "$SMTP_PORT" ]; then - options+=("--port=$SMTP_PORT") -fi - -# Setup credentials -if [ -n "$SMTP_USER" ]; then - options+=("--user=$SMTP_USER") -fi - -# msmtp doesn't provide password option because usually it's unsafe -# Use local hack for passwordeval -if [ -n "$SMTP_PASSWORD" ]; then - options+=("--passwordeval=/usr/local/bin/print-smtp-password") -fi - - -if [ -n "$SMTP_AUTH" ]; then - options+=("--auth=$SMTP_AUTH") -elif [ -n "$SMTP_USER" ] || [ -n "$SMTP_PASSWORD" ]; then - options+=("--auth=on") -fi - -if [ -n "$SMTP_TLS" ]; then - options+=("--tls=$SMTP_TLS") -fi - -# Add our options and command line options for msmtp -msmtp ${options[@]} "$@" diff --git a/ubuntu-7.0/rootfs/usr/share/nginx/html/403.html b/ubuntu-7.0/rootfs/usr/share/nginx/html/403.html deleted file mode 100644 index 3f85394..0000000 --- a/ubuntu-7.0/rootfs/usr/share/nginx/html/403.html +++ /dev/null @@ -1,95 +0,0 @@ - - - - - - -403 Forbidden - - - - - - - - -
-
-

403 Forbidden

-

Sorry! You don't have access permissions for that on .

-

Take Me To The Homepage - -

-
-
-
-
-
-
-

What happened?

-

A 403 error status indicates that you don't have permission to access the file or page. In general, web servers and websites have directories and files that are not open to the public web for security reasons.

-
-
-

What can I do?

-

If you're a site visitor

-

Please use your browsers back button and check that you're in the right place. If you need immediate assistance, please send us an email instead.

-

If you're the site owner

-

Please check that you're in the right place and get in touch with your website provider if you believe this to be an error.

-
-
-
-
- - - - - - - diff --git a/ubuntu-7.0/rootfs/usr/share/nginx/html/500.html b/ubuntu-7.0/rootfs/usr/share/nginx/html/500.html deleted file mode 100644 index e5fac20..0000000 --- a/ubuntu-7.0/rootfs/usr/share/nginx/html/500.html +++ /dev/null @@ -1,89 +0,0 @@ - - - - - - -500 Internal Server Error - - - - - - - - -
- -
-

500 Internal Server Error

-

The web server is returning an internal error for .

- Try This Page Again -
-
-
-
-
-
-

What happened?

-

A 500 error status implies there is a problem with the web server's software causing it to malfunction.

-
-
-

What can I do?

-

If you're a site visitor

-

Nothing you can do at the moment. If you need immediate assistance, please send us an email instead. We apologize for any inconvenience.

-

If you're the site owner

-

This error can only be fixed by server admins, please contact your website provider.

-
-
-
-
- - - - - - - diff --git a/ubuntu-7.0/rootfs/usr/share/nginx/html/502.html b/ubuntu-7.0/rootfs/usr/share/nginx/html/502.html deleted file mode 100644 index e7d79c1..0000000 --- a/ubuntu-7.0/rootfs/usr/share/nginx/html/502.html +++ /dev/null @@ -1,98 +0,0 @@ - - - - - - - -502 Bad Gateway - - - - - - - - -
- -
-

502 Bad Gateway

-

The web server is returning an unexpected networking error for .

- Try This Page Again -
-
-
-
-
-
-

What happened?

-

A 502 error status implies that that the server received an invalid response from an upstream server it accessed to fulfill the request.

-
-
-

What can I do?

-

If you're a site visitor

-

Check to see if this website down for everyone or just you. -

-

Also, clearing your browser cache and refreshing the page may clear this issue. If the problem persists and you need immediate assistance, please send us an email instead.

-

If you're the site owner

-

Clearing your browser cache and refreshing the page may clear this issue. If the problem persists and you need immediate assistance, please contact your website provider.

-
-
-
-
- - - - - - - - diff --git a/ubuntu-7.0/rootfs/usr/share/nginx/html/504.html b/ubuntu-7.0/rootfs/usr/share/nginx/html/504.html deleted file mode 100644 index f37b919..0000000 --- a/ubuntu-7.0/rootfs/usr/share/nginx/html/504.html +++ /dev/null @@ -1,100 +0,0 @@ - - - - - - - -504 Gateway Timeout - - - - - - - - -
- -
-

504 Gateway Timeout

-

The web server is returning an unexpected networking error for .

- Try This Page Again -
-
-
-
- - -
-
-

What happened?

-

A 504 error status implies there is a slow IP communication problem between back-end servers attempting to fulfill this request.

-
-
-

What can I do?

-

If you're a site visitor

-

Check to see if this website down for everyone or just you. -

-

Also, clearing your browser cache and refreshing the page may clear this issue. If the problem persists and you need immediate assistance, please send us an email instead.

-

If you're the site owner

-

Clearing your browser cache and refreshing the page may clear this issue. If the problem persists and you need immediate assistance, please contact your website provider.

-
-
-
-
- - - - - - - - diff --git a/ubuntu-7.1/.dockerignore b/ubuntu-7.1/.dockerignore deleted file mode 100644 index a18daff..0000000 --- a/ubuntu-7.1/.dockerignore +++ /dev/null @@ -1,12 +0,0 @@ -# These files are ignored from being uploaded to docker build context - -# Git is not needed in docker image building -.git - -# No OSX rubbish -.DS_Store - -# Development stuff -docker-compose.yml -.dockerignore -Dockerfile diff --git a/ubuntu-7.1/Dockerfile b/ubuntu-7.1/Dockerfile deleted file mode 100644 index 0574cfe..0000000 --- a/ubuntu-7.1/Dockerfile +++ /dev/null @@ -1,193 +0,0 @@ -FROM devgeniem/ubuntu-docker-openresty-pagespeed:latest -MAINTAINER Ville Pietarinen - Geniem Oy - -## -# Only use these during installation -## -ARG LANG=C.UTF-8 -ARG DEBIAN_FRONTEND=noninteractive - -## -# Install php7 packages from dotdeb.org -# - Dotdeb is an extra repository providing up-to-date packages for your Debian servers -## -RUN \ - apt-get update \ -&& apt-get -y install software-properties-common \ - && add-apt-repository ppa:ondrej/php \ - && apt-get -y --no-install-recommends install \ - apt-utils \ - curl \ - nano \ - ca-certificates \ - git \ - mysql-client \ - msmtp \ - postfix \ - netcat \ - less \ - libmcrypt-dev \ - && apt-get update \ - && apt-get -y --no-install-recommends install \ - php7.1-cli \ - php7.1-common \ - php7.1-apcu \ - php7.1-apcu-bc \ - php7.1-curl \ - php7.1-json \ - php7.1-mcrypt \ - php7.1-opcache \ - php7.1-readline \ - php7.1-xml \ - php7.1-zip \ - php7.1-fpm \ - php7.1-redis \ - php7.1-mongodb \ - php7.1-mysqli \ - php7.1-intl \ - php7.1-gd \ - php7.1-mbstring \ - php7.1-soap \ - php7.1-bcmath \ - php7.1-curl \ - php7.1-ldap \ - php7.1-mcrypt \ - # Force install only cron without extra mailing dependencies - && cd /tmp \ - && apt-get download cron \ - && dpkg --force-all -i cron*.deb \ - && mkdir -p /var/spool/cron/crontabs \ - # Cleanup - && apt-get clean \ - && apt-get autoremove \ - && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* /usr/share/doc/* /var/log/apt/* /var/log/*.log - - -# Install helpers -RUN \ - ## - # Install composer - ## - curl -sS https://getcomposer.org/installer | php -- --install-dir=/usr/local/bin --filename=composer \ - && composer global require hirak/prestissimo \ - - ## - # Install wp-cli - # source: http://wp-cli.org/ - ## - && curl -L https://raw.githubusercontent.com/wp-cli/builds/gh-pages/phar/wp-cli.phar -o /usr/local/bin/wp-cli \ - && chmod +rx /usr/local/bin/wp-cli \ - # Symlink it to /usr/bin as well so that cron can find this script with limited PATH - && ln -s /usr/local/bin/wp-cli /usr/bin/wp-cli \ - - ## - # Install cronlock for running cron correctly with multi container setups - # https://github.com/kvz/cronlock - ## - && curl -L https://raw.githubusercontent.com/kvz/cronlock/master/cronlock -o /usr/local/bin/cronlock \ - && chmod +rx /usr/local/bin/cronlock \ - # Symlink it to /usr/bin as well so that cron can find this script with limited PATH - && ln -s /usr/local/bin/cronlock /usr/bin/cronlock - -## -# Add Project files like nginx and php-fpm processes and configs -# Also custom scripts and bashrc -## -COPY rootfs/ / - -# Run small fixes -RUN set -x \ - && mkdir -p /var/www/uploads \ - && mkdir -p /tmp/php-opcache \ - && ln -sf /usr/sbin/php-fpm7.1 /usr/sbin/php-fpm \ - && ln -sf /usr/bin/wp /usr/local/bin/wp -# This is for your project root -ENV PROJECT_ROOT="/var/www/project" - -ENV \ - # Add interactive term - TERM="xterm" \ - # Set defaults which can be overriden - MYSQL_PORT="3306" \ - # Use default web port in nginx but allow it to be overridden - # This also works correctly with flynn: - # https://github.com/flynn/flynn/issues/3213#issuecomment-237307457 - PORT="8080" \ - # Use custom users for nginx and php-fpm - WEB_USER="wordpress" \ - WEB_GROUP="web" \ - WEB_UID=1000 \ - WEB_GID=1001 \ - # Set defaults for redis - REDIS_PORT="6379" \ - REDIS_DATABASE="0" \ - REDIS_PASSWORD="" \ - REDIS_SCHEME="tcp" \ - # Set defaults for NGINX redis cache - # This variable uses seconds by default - # Time units supported are "s"(seconds), "ms"(milliseconds), "y"(years), "M"(months), "w"(weeks), "d"(days), "h"(hours), and "m"(minutes). - NGINX_REDIS_CACHE_TTL_DEFAULT="900" \ - NGINX_REDIS_CACHE_TTL_MAX="4h" \ - NGINX_CACHE_DIRECTORY="/tmp/nginx/fullpage" \ - # Default operations when fastcgi stale cache is used - NGINX_CACHE_USE_STALE="error timeout invalid_header updating http_500 http_503 http_403 http_404" \ - # Default headers for fastcgi stale- and error cache - NGINX_CACHE_CONTROL='"max-age=60, stale-while-revalidate=300, stale-if-error=21600"'\ - # Cronlock is used to stop simultaneous cronjobs in clusterised environments - CRONLOCK_HOST="" \ - # This is used by nginx and php-fpm - WEB_ROOT="${PROJECT_ROOT}/web" \ - # This is used automatically by wp-cli - WP_CORE="${PROJECT_ROOT}/web/wp" \ - # Nginx include files - NGINX_INCLUDE_DIR="/var/www/project/nginx" \ - # Allow bigger file uploads - NGINX_MAX_BODY_SIZE="10M" \ - # Allow storing bigger body in memory - NGINX_BODY_BUFFER_SIZE="32k" \ - # Have sane fastcgi timeout by default - NGINX_FASTCGI_TIMEOUT="30" \ - # Have sane fastcgi timeout by default - NGINX_ERROR_LEVEL="warn" \ - # Have sane fastcgi timeout by default - NGINX_ERROR_LOG="stderr" \ - # Have sane fastcgi timeout by default - NGINX_ACCESS_LOG="/dev/stdout" \ - # Default cache key for nginx http cache - NGINX_CACHE_KEY='wp_:nginx:$real_scheme$request_method$host$request_uri' \ - # PHP settings - PHP_MEMORY_LIMIT="128M" \ - PHP_MAX_INPUT_VARS="1000" \ - PHP_ERROR_LOG="/proc/self/fd/1" \ - PHP_ERROR_LOG_LEVEL="warning" \ - PHP_ERROR_LOG_MAX_LEN="8192" \ - PHP_SESSION_REDIS_DB="0" \ - PHP_SESSION_HANDLER="files" \ - # You should count the *.php files in your project and set this number to be bigger - # $ find . -type f -print | grep php | wc -l - PHP_OPCACHE_MAX_FILES="8000" \ - # Amount of memory in MB to allocate for opcache - PHP_OPCACHE_MAX_MEMORY="128" \ - # Use host machine as default SMTP_HOST - SMTP_HOST="172.17.1.1" \ - # This folder is used to mount files into host machine - # You should use this path for your uploads since everything else should be ephemeral - UPLOADS_ROOT="/var/www/uploads" \ - # This can be overidden by you, it's just default for us - TZ="Europe/Helsinki" -# Setup $TZ. Remember to run this again in your own build - # Make sure that all files here have execute permissions -RUN dpkg-reconfigure tzdata && \ - chmod +x /etc/cont-init.d/* - -# Install socklog-overlay -ADD https://github.com/just-containers/socklog-overlay/releases/download/v3.1.0-2/socklog-overlay-amd64.tar.gz /tmp/ -RUN tar xzf /tmp/socklog-overlay-amd64.tar.gz -C / -RUN echo '+\n1' > /etc/socklog.rules/forward-stdout -RUN echo 'LANG="en_US.UTF-8"' > /etc/default/locale - -# Set default path to project folder for easier running commands in project -WORKDIR ${PROJECT_ROOT} -EXPOSE ${PORT} -ENTRYPOINT ["/init"] - diff --git a/ubuntu-7.1/rootfs/etc/ImageMagick b/ubuntu-7.1/rootfs/etc/ImageMagick deleted file mode 100644 index d88e8bf..0000000 --- a/ubuntu-7.1/rootfs/etc/ImageMagick +++ /dev/null @@ -1,11 +0,0 @@ - - - - - - - - - - - diff --git a/ubuntu-7.1/rootfs/etc/cont-init.d/00-render-templates b/ubuntu-7.1/rootfs/etc/cont-init.d/00-render-templates deleted file mode 100755 index 34af891..0000000 --- a/ubuntu-7.1/rootfs/etc/cont-init.d/00-render-templates +++ /dev/null @@ -1,87 +0,0 @@ -#!/usr/bin/with-contenv bash -## -# This script uses clever heredoc hack to substitute env variables into static config files -# Source: http://stackoverflow.com/questions/2914220/bash-templating-how-to-build-configuration-files-from-templates-with-bash -## - -## -# Replaces ${ENV} placoholders from file with provided variables -# $1 - ':'' separated list of variables -# $2 - filename to render -## -function render_env_tmpl() { - vars=$1 - input_file=$2 - # If filename ends with .tmpl replace it without the .tmpl - filename=$(dirname $input_file)/$(basename $input_file .tmpl) - - tmp_file=/tmp/$(basename $filename) - - # render all provided $vars to temporary file - envsubst "$vars" < $input_file > $tmp_file - - # replace original file with rendered file - mv $tmp_file $filename -} - -echo "[cont-init.d] Substituting env into configuration files..." - -## -# Nginx doesn't support env variables in config files so we will have to do this in hacky way instead -## -VARS='$PORT:$WEB_ROOT:$WEB_USER:$WEB_GROUP:$NGINX_ACCESS_LOG:$NGINX_ERROR_LOG:$NGINX_ERROR_LEVEL:$NGINX_INCLUDE_DIR:$NGINX_MAX_BODY_SIZE:$NGINX_BODY_BUFFER_SIZE:$NGINX_FASTCGI_TIMEOUT:$WP_ENV:$NGINX_CACHE_KEY' -render_env_tmpl "$VARS" /etc/nginx/nginx.conf - -## -# Redis cache needs to know the redis instance and credentials -## - -# Set defaults if they are not set -export REDIS_HOST=${REDIS_HOST-$REDIS_1_PORT_6379_TCP_ADDR} -export REDIS_PORT=${REDIS_PORT-6379} -export REDIS_DATABASE=${REDIS_DATABASE-0} -export REDIS_PASSWORD=${REDIS_PASSWORD-''} -export REDIS_CACHE_TTL=${REDIS_CACHE_TTL-14400} - -# Add helper variables for AWS s3 bucket storage -VARS+='$AWS_S3_BUCKET_NAME:AWS_S3_REPLICA_BUCKET_NAME' - -# Add Redis variables -VARS+='$REDIS_HOST:$REDIS_PORT:$REDIS_DATABASE:$REDIS_PASSWORD:$NGINX_REDIS_CACHE_TTL_MAX:$NGINX_REDIS_CACHE_TTL_DEFAULT:$NGINX_REDIS_CACHE_PREFIX' - -# Add image proxy variables -VARS+='$GOOGLE_CLOUD_STORAGE_BUCKET_NAME' - -# Add cache variables -VARS+='$NGINX_CACHE_USE_STALE:$NGINX_CACHE_CONTROL:$NGINX_CACHE_DIRECTORY' - -render_env_tmpl "$VARS" /etc/nginx/cache/redis_backend.conf - -render_env_tmpl "$VARS" /etc/nginx/cache/srcache.conf -render_env_tmpl "$VARS" /etc/nginx/cache/fastcgicache_settings.conf -render_env_tmpl "$VARS" /etc/nginx/cache/fastcgicache_skip_rules.conf -render_env_tmpl "$VARS" /etc/nginx/cache/fastcgicache_headers.conf - -## -# Render all user provided nginx templates -## -VARS+='$BASIC_AUTH_USER:$BASIC_AUTH_PASSWORD_HASH' -for conf_file in $(find $NGINX_INCLUDE_DIR -type f -name '*.tmpl'); do - echo "[cont-init.d] Rendering env in $conf_file..." - - # Add helper variables for easier scripting - export __DIR__=$(dirname $conf_file) - - VARS_TMPL=$VARS':$__DIR__' - render_env_tmpl "$VARS_TMPL" $conf_file -done - -# Encrypt basic auth password if it set -if [[ -z "${BASIC_AUTH_PASSWORD}" ]]; -then - echo "Not encrypting BASIC_AUTH_PASSWORD..." -else - BASIC_AUTH_PASSWORD_HASH=$(openssl passwd -crypt $BASIC_AUTH_PASSWORD) - echo "Encrypting BASIC_AUTH_PASSWORD... ${BASIC_AUTH_PASSWORD} -> ${BASIC_AUTH_PASSWORD_HASH}" - echo "${BASIC_AUTH_USER}:${BASIC_AUTH_PASSWORD_HASH}" > /var/www/project/nginx/environments/${WP_ENV}/server/.htpasswd -fi diff --git a/ubuntu-7.1/rootfs/etc/cont-init.d/01-create-web-user b/ubuntu-7.1/rootfs/etc/cont-init.d/01-create-web-user deleted file mode 100755 index aeb0aa7..0000000 --- a/ubuntu-7.1/rootfs/etc/cont-init.d/01-create-web-user +++ /dev/null @@ -1,58 +0,0 @@ -#!/usr/bin/with-contenv bash - -## -# If $WEB_USER user and web group already exists just skip the user creation -## -if id -u $WEB_USER > /dev/null 2>&1 && getent group $WEB_GROUP > /dev/null 2>&1; then - echo "[cont-init.d] user:$WEB_USER and group:$WEB_GROUP already exist, skipping..." - exit 0 -fi - -## -# Create $WEB_USER user with $WEB_UID and web group with $WEB_GID -## - -# Set defaults if they are not set -export WEB_USER=${WEB_USER-wordpress} -export WEB_GROUP=${WEB_GROUP-web} -export WEB_UID=${WEB_UID-1000} -export WEB_GID=${WEB_GID-1000} - -echo "[cont-init.d] Creating $WEB_USER user with id: $WEB_UID and group web with id: $WEB_GID" - -# Create web group -if [ -n "$WEB_GID" ]; then - - # Check if group with $WEB_GID already exists - web_group=$(getent group $WEB_GID | cut -d':' -f1) - - if [ -n "$web_group" ]; then - - # Replace the existing group name to web - # This is done so that in local development we can just lookup permissions from mounted folders - # This UID/GID can be same as something already existing inside container - # This way we can use same uid/gid in container and host machine - echo "[cont-init.d] Replacing pre-existing group name $web_group -> $WEB_GROUP" - sed -i "s|$web_group|$WEB_GROUP|g" /etc/group - - else - # Create new group - echo "$ groupadd -g $WEB_GID $WEB_GROUP" - groupadd -g $WEB_GID $WEB_GROUP - fi -else - echo "[cont-init.d] ERROR: Please set web user group id in WEB_GID" 1>&2 - exit 2 -fi - -# Create $WEB_USER user -if [ -n "$WEB_UID" ] && [ -n "$WEB_GID" ] ; then - echo "$ useradd -u $WEB_UID -g $WEB_GROUP --home $PROJECT_ROOT $WEB_USER" - useradd -u $WEB_UID -g $WEB_GROUP --home $PROJECT_ROOT $WEB_USER -else - echo "[cont-init.d] ERROR: Please set web user id in WEB_UID" 1>&2 - exit 2 -fi - -# Check that processes can write logs -chown $WEB_USER:$WEB_GROUP /var/log diff --git a/ubuntu-7.1/rootfs/etc/cont-init.d/02-init-crond b/ubuntu-7.1/rootfs/etc/cont-init.d/02-init-crond deleted file mode 100755 index 962a79e..0000000 --- a/ubuntu-7.1/rootfs/etc/cont-init.d/02-init-crond +++ /dev/null @@ -1,30 +0,0 @@ -#!/usr/bin/with-contenv bash - -# Copy cronjob from project and run as nginx -if [ -f $PROJECT_ROOT/tasks.cron ]; then - - # Setup all container env for cron - printenv | grep -v ^_= | grep -v "no_proxy" >> /etc/environment - - # Use default redis for cronlock if cronlock variables are not set - if [ -n "$REDIS_HOST" ] && [ -z "$CRONLOCK_HOST" ] ; then - echo "CRONLOCK_HOST=$REDIS_HOST" >> /etc/environment - fi - if [ -n "$REDIS_PASSWORD" ] && [ -z "$CRONLOCK_AUTH" ] ; then - echo "CRONLOCK_AUTH=$REDIS_PASSWORD" >> /etc/environment - fi - if [ -n "$REDIS_PORT" ] && [ -z "$CRONLOCK_PORT" ] ; then - echo "CRONLOCK_PORT=$REDIS_PORT" >> /etc/environment - fi - # env for running wp cron - echo "CRON_URL=$CRON_URL" >> /etc/environment; - # Copy cron template - cp $PROJECT_ROOT/tasks.cron /var/spool/cron/crontabs/$WEB_USER - chown $WEB_USER /var/spool/cron/crontabs/$WEB_USER - chmod 0600 /var/spool/cron/crontabs/$WEB_USER -else - # No cronjobs found remove crond from s6 - if [ -f /etc/services.d/cron ]; then - rm -r /etc/services.d/cron - fi -fi diff --git a/ubuntu-7.1/rootfs/etc/cont-init.d/02-init-directories-and-files b/ubuntu-7.1/rootfs/etc/cont-init.d/02-init-directories-and-files deleted file mode 100755 index 34df974..0000000 --- a/ubuntu-7.1/rootfs/etc/cont-init.d/02-init-directories-and-files +++ /dev/null @@ -1,18 +0,0 @@ -#!/usr/bin/with-contenv bash - -# Create uploads directory if not exists -mkdir -p $UPLOADS_ROOT -chown $WEB_USER:$WEB_GROUP $UPLOADS_ROOT - -# Create dir for nginx tmp files -mkdir -p /tmp/nginx/body -chown -R $WEB_USER:$WEB_GROUP /tmp/nginx - -# Create log directories if they don't exist already -mkdir -p /var/log/{nginx,php,mail} - -# Create error.log so that php-fpm can write to it -touch /var/log/php/error.log - -# Chown all files to wordpress -chown -R $WEB_USER:$WEB_GROUP /var/log/{nginx,php,mail} diff --git a/ubuntu-7.1/rootfs/etc/nginx/additional.types b/ubuntu-7.1/rootfs/etc/nginx/additional.types deleted file mode 100644 index ac8070e..0000000 --- a/ubuntu-7.1/rootfs/etc/nginx/additional.types +++ /dev/null @@ -1,6 +0,0 @@ -# If developers add .woff2 type font files we should provide good Content-Type headers -types { - # Add mime support for woff2 - # http://stackoverflow.com/questions/28235550/proper-mime-type-for-woff2-fonts - font/woff2 woff2; -} diff --git a/ubuntu-7.1/rootfs/etc/nginx/cache/fastcgicache.conf b/ubuntu-7.1/rootfs/etc/nginx/cache/fastcgicache.conf deleted file mode 100644 index 79bc464..0000000 --- a/ubuntu-7.1/rootfs/etc/nginx/cache/fastcgicache.conf +++ /dev/null @@ -1,12 +0,0 @@ -## -# Add few rules which deny using cache -## -include cache/fastcgicache_skip_rules.conf; -include cache/helper_variables.conf; -fastcgi_cache_bypass $skip_cache; -fastcgi_no_cache $skip_cache; - -fastcgi_cache WORDPRESS; -#proxy_ignore_headers Set-Cookie Expires Cache-Control; - - diff --git a/ubuntu-7.1/rootfs/etc/nginx/cache/fastcgicache_headers.conf b/ubuntu-7.1/rootfs/etc/nginx/cache/fastcgicache_headers.conf deleted file mode 100644 index c6cba07..0000000 --- a/ubuntu-7.1/rootfs/etc/nginx/cache/fastcgicache_headers.conf +++ /dev/null @@ -1,8 +0,0 @@ -# Add header for easier cache debugging -add_header X-Cache $upstream_cache_status always; - -# Add header to force cache rule from project -add_header 'Cache-Control' ${NGINX_CACHE_CONTROL}; - -# If you need to debug the cache mode, uncomment the following line -# add_header X-cache-mode $cachemode; \ No newline at end of file diff --git a/ubuntu-7.1/rootfs/etc/nginx/cache/fastcgicache_settings.conf b/ubuntu-7.1/rootfs/etc/nginx/cache/fastcgicache_settings.conf deleted file mode 100644 index 613818e..0000000 --- a/ubuntu-7.1/rootfs/etc/nginx/cache/fastcgicache_settings.conf +++ /dev/null @@ -1,8 +0,0 @@ -## -# Basic settings of Fast cgi cache -## -fastcgi_cache_path ${NGINX_CACHE_DIRECTORY} levels=1:2 keys_zone=WORDPRESS:100m max_size=1000m inactive=730h; -fastcgi_cache_key $scheme$request_method$host$request_uri; -fastcgi_cache_lock on; -fastcgi_cache_use_stale ${NGINX_CACHE_USE_STALE}; -fastcgi_cache_valid ${NGINX_REDIS_CACHE_TTL_DEFAULT}; \ No newline at end of file diff --git a/ubuntu-7.1/rootfs/etc/nginx/cache/fastcgicache_skip_rules.conf b/ubuntu-7.1/rootfs/etc/nginx/cache/fastcgicache_skip_rules.conf deleted file mode 100644 index 99bbc0e..0000000 --- a/ubuntu-7.1/rootfs/etc/nginx/cache/fastcgicache_skip_rules.conf +++ /dev/null @@ -1,75 +0,0 @@ -## -# Add few rules which deny using cache -## - -# Don't skip cache by default -set $skip_cache 0; -# insert project specific cache rules to this file (delete this row when all projects are updated) -include /var/www/project/nginx/server/skip_cache.conf; -# insert project specific cache rules to this folder -include ${NGINX_INCLUDE_DIR}/skipcache/*.conf; - -# POST requests and urls with a query string should always go to PHP -if ($request_method = POST) { - set $skip_cache 1; -} - -# Deal with accepted query vars -set $without $query_string; - -set_by_lua_block $cache_args { - -- Helper split string function - function split( inputstr, sep ) - if sep == nil then - sep = "%s" - end - local t={} ; i=1 - for str in string.gmatch(inputstr, "([^" .. sep .. "]+)") do - t[ i ] = str - i = i + 1 - end - return t - end - - -- Helper escape special chars function - function esc( str ) - return str:gsub( "([^%w])", "%%%1" ) - end - - local with = {} - local without = ngx.var.without - - -- Get a list of accepted query vars from env variable - local accepted = split( ( os.getenv( 'CACHE_QUERYVARS' ) or "" ), "," ) - - -- Loop through the list - for key, accept in pairs(accepted) do - -- If there is a value present for the variable, store it in a variable - if ngx.decode_args( without )[ accept ] then - table.insert( with, accept .. "=" .. ngx.decode_args( without )[ accept ] ) - end - -- Remove the accepted key-value pair from the string - without = string.gsub( without, "&?" .. esc( accept ) .. "=[^&]+", "" ) - end - - -- Store all non-accepted query vars to checked later - ngx.var.without = without - - -- Return accepted query var key-value pairs to be used in the cache key - return "?" .. table.concat( with, "&" ) -} - -# If there were any unaccepted query vars, skip cache -if ($without != "") { - set $skip_cache 1; -} - -# Don't use the cache for logged in users or recent commenters -if ($http_cookie ~* "comment_author|wordpress_[a-f0-9]+|wp-postpass|wordpress_no_cache|wordpress_logged_in|woocommerce_items_in_cart") { - set $skip_cache 1; -} - -# Don't cache responses from wp-admin, xmlrpc and wp-login.php -if ($request_uri ~* "/wp-admin/|/xmlrpc.php|wp-.*.php") { - set $skip_cache 1; -} \ No newline at end of file diff --git a/ubuntu-7.1/rootfs/etc/nginx/cache/helper_variables.conf b/ubuntu-7.1/rootfs/etc/nginx/cache/helper_variables.conf deleted file mode 100644 index ea10fb9..0000000 --- a/ubuntu-7.1/rootfs/etc/nginx/cache/helper_variables.conf +++ /dev/null @@ -1,15 +0,0 @@ -## -# This file creates few helper variables -# $prefer_language_slug - 2 first letters from accept-language header to determine the language redirects from cache -## - -## -# Parse first two letters from accept-language header to determine right cache key -## -set_by_lua_block $prefer_language_slug { - if ngx.var.http_accept_language then - return string.lower( string.match( ngx.var.http_accept_language, '%w%w' ) ) - else - return 'en' - end -} diff --git a/ubuntu-7.1/rootfs/etc/nginx/cache/redis_backend.conf b/ubuntu-7.1/rootfs/etc/nginx/cache/redis_backend.conf deleted file mode 100644 index e9f86a3..0000000 --- a/ubuntu-7.1/rootfs/etc/nginx/cache/redis_backend.conf +++ /dev/null @@ -1,45 +0,0 @@ -## -# Adds internal locations for storing and getting full page cache from redis -## - -srcache_default_expire '${NGINX_REDIS_CACHE_TTL_DEFAULT}'; -srcache_max_expire '${NGINX_REDIS_CACHE_TTL_MAX}'; - -location /redis-fetch { - internal; - - ## - # In order to use password authentication we use custom redis module which adds $redis_auth: - # - https://github.com/Yongke/ngx_http_redis-0.3.7 - ## - - # Read the configuration from system envs - set $redis_auth '${REDIS_PASSWORD}'; - set $redis_db ${REDIS_DATABASE}; - - set $redis_key $args; - - redis_pass ${REDIS_HOST}:${REDIS_PORT}; -} - -location /redis-store { - internal; - - set_unescape_uri $exptime $arg_exptime; - set_unescape_uri $key $arg_key; - - # Fix caching problem for now - # There's issue in github https://github.com/openresty/srcache-nginx-module/issues/61 - set_if_empty $srcache_expire '${NGINX_REDIS_CACHE_TTL_DEFAULT}'; - - # redis module pipelines these 3 commands into single request - redis2_query auth '${REDIS_PASSWORD}'; - redis2_query select ${REDIS_DATABASE}; - - # Set and expire with one command: http://redis.io/commands/setex - redis2_query setex $key $srcache_expire $echo_request_body; - - # Pass the request to redis - redis2_pass ${REDIS_HOST}:${REDIS_PORT}; - -} diff --git a/ubuntu-7.1/rootfs/etc/nginx/cache/skip_rules.conf b/ubuntu-7.1/rootfs/etc/nginx/cache/skip_rules.conf deleted file mode 100644 index 43344c8..0000000 --- a/ubuntu-7.1/rootfs/etc/nginx/cache/skip_rules.conf +++ /dev/null @@ -1,30 +0,0 @@ -## -# Add few rules which deny using cache -## - -# Don't skip cache by default -set $skip_cache 0; - -# POST requests and urls with a query string should always go to PHP -if ($request_method = POST) { - set $skip_cache 1; -} - -# If theres any args skip cache -if ($query_string != "") { - set $skip_cache 1; -} - -# Don't use the cache for logged in users or recent commenters -if ($http_cookie ~* "comment_author|wordpress_[a-f0-9]+|wp-postpass|wordpress_no_cache|wordpress_logged_in|woocommerce_items_in_cart") { - set $skip_cache 1; -} - -# Don't cache responses from wp-admin, xmlrpc and wp-login.php -if ($request_uri ~* "/wp-admin/|/xmlrpc.php|wp-.*.php") { - set $skip_cache 1; -} - -# Skip fetch and skip if conditions are met -srcache_fetch_skip $skip_cache; -srcache_store_skip $skip_cache; diff --git a/ubuntu-7.1/rootfs/etc/nginx/cache/srcache.conf b/ubuntu-7.1/rootfs/etc/nginx/cache/srcache.conf deleted file mode 100644 index 85027dd..0000000 --- a/ubuntu-7.1/rootfs/etc/nginx/cache/srcache.conf +++ /dev/null @@ -1,20 +0,0 @@ -## -# Add few rules which deny using cache -## -include cache/skip_rules.conf; -include cache/helper_variables.conf; - -# Use redis caching for all pages -# Allow different cache key from env -# Use 'wp_' prefix so that cache can be flushed with: -# $ wp cache flush -set $cache_key "${NGINX_CACHE_KEY}"; -set_escape_uri $escaped_cache_key $cache_key; - -srcache_response_cache_control on; - -srcache_fetch GET /redis-fetch $cache_key; -srcache_store PUT /redis-store key=$escaped_cache_key; - -# Add header for easier cache debugging -add_header X-Cache $srcache_fetch_status; diff --git a/ubuntu-7.1/rootfs/etc/nginx/env.conf b/ubuntu-7.1/rootfs/etc/nginx/env.conf deleted file mode 100644 index b165833..0000000 --- a/ubuntu-7.1/rootfs/etc/nginx/env.conf +++ /dev/null @@ -1,13 +0,0 @@ -# Set custom enviromental variables that we need with lua here -# These are used to dynamically load -env PORT; -env WEB_ROOT; -env NGINX_MAX_BODY_SIZE; -env NGINX_TIMEOUT; - -# For nginx redis cache -env REDIS_HOST; -env REDIS_PORT; -env REDIS_DATABASE; -env REDIS_PASSWORD; -env CACHE_QUERYVARS; diff --git a/ubuntu-7.1/rootfs/etc/nginx/error_pages.conf b/ubuntu-7.1/rootfs/etc/nginx/error_pages.conf deleted file mode 100644 index 700cc6b..0000000 --- a/ubuntu-7.1/rootfs/etc/nginx/error_pages.conf +++ /dev/null @@ -1,31 +0,0 @@ -## -# Custom error pages -## - -## 403 - Forbidden -error_page 403 /403.html; -location = /403.html { - root /usr/share/nginx/html; - internal; -} - -## 500 - Internal Server Error -error_page 500 /500.html; -location = /500.html { - root /usr/share/nginx/html; - internal; -} - -## 502 - Bad Gateway -error_page 502 /502.html; -location = /502.html { - root /usr/share/nginx/html; - internal; -} - -## 504 - Gateway Timeout -error_page 504 /504.html; -location = /504.html { - root /usr/share/nginx/html; - internal; -} diff --git a/ubuntu-7.1/rootfs/etc/nginx/fastcgi_params b/ubuntu-7.1/rootfs/etc/nginx/fastcgi_params deleted file mode 100644 index 6fccf4f..0000000 --- a/ubuntu-7.1/rootfs/etc/nginx/fastcgi_params +++ /dev/null @@ -1,29 +0,0 @@ -# These are just basic things form request -fastcgi_param QUERY_STRING $query_string; -fastcgi_param REQUEST_METHOD $request_method; -fastcgi_param CONTENT_TYPE $content_type; -fastcgi_param CONTENT_LENGTH $content_length; - -fastcgi_param SCRIPT_NAME $fastcgi_script_name; -fastcgi_param REQUEST_URI $request_uri; -fastcgi_param DOCUMENT_URI $document_uri; -fastcgi_param DOCUMENT_ROOT $document_root; -fastcgi_param SERVER_PROTOCOL $server_protocol; - -fastcgi_param GATEWAY_INTERFACE CGI/1.1; -fastcgi_param SERVER_SOFTWARE nginx/$nginx_version; - -## -# Set these using the knowledge that we are behind proxy -## -fastcgi_param REMOTE_ADDR $real_remote; -fastcgi_param REMOTE_PORT $remote_port; -fastcgi_param SERVER_ADDR $server_addr; -fastcgi_param SERVER_PORT $real_port; -fastcgi_param SERVER_NAME $real_host; -fastcgi_param HTTPS $real_https; -fastcgi_param REQUEST_SCHEME $real_scheme; -fastcgi_param HTTP_HOST $real_host; - -# PHP only, required if PHP was built with --enable-force-cgi-redirect -fastcgi_param REDIRECT_STATUS 200; diff --git a/ubuntu-7.1/rootfs/etc/nginx/fastcgi_settings.conf b/ubuntu-7.1/rootfs/etc/nginx/fastcgi_settings.conf deleted file mode 100644 index 25683fb..0000000 --- a/ubuntu-7.1/rootfs/etc/nginx/fastcgi_settings.conf +++ /dev/null @@ -1,23 +0,0 @@ -# regex to split $uri to $fastcgi_script_name and $fastcgi_path -fastcgi_split_path_info ^(.+\.php)(/.+)$; - -# Bypass the fact that try_files resets $fastcgi_path_info -# see: http://trac.nginx.org/nginx/ticket/321 -set $path_info $fastcgi_path_info; -fastcgi_param PATH_INFO $path_info; - -# Intercept errors from php-fpm -# These can be: -# - timeouts for long running requests -# - requested php file might be missing or not existing in the first place -fastcgi_intercept_errors on; - -fastcgi_index index.php; - -# Small optimisation on fastcgi buffer size -# defaults are 8k; -fastcgi_buffers 16 16k; -fastcgi_buffer_size 16k; - -# Include basic fastcgi settings -include fastcgi_params; diff --git a/ubuntu-7.1/rootfs/etc/nginx/gzip.conf b/ubuntu-7.1/rootfs/etc/nginx/gzip.conf deleted file mode 100644 index 69737cc..0000000 --- a/ubuntu-7.1/rootfs/etc/nginx/gzip.conf +++ /dev/null @@ -1,58 +0,0 @@ -# Compression - -# Enable Gzip compressed. -gzip on; - -# Compression level (1-9). -# 5 is a perfect compromise between size and cpu usage, offering about -# 75% reduction for most ascii files (almost identical to level 9). -gzip_comp_level 5; - -# Don't compress anything that's already small and unlikely to shrink much -# if at all (the default is 20 bytes, which is bad as that usually leads to -# larger files after gzipping). -gzip_min_length 256; - -# Compress data even for clients that are connecting to us via proxies, -# identified by the "Via" header (required for CloudFront). -gzip_proxied any; - -# Tell proxies to cache both the gzipped and regular version of a resource -# whenever the client's Accept-Encoding capabilities header varies; -# Avoids the issue where a non-gzip capable client (which is extremely rare -# today) would display gibberish if their proxy gave them the gzipped version. -gzip_vary on; - -# Compress all output labeled with one of the following MIME-types. -gzip_types - application/atom+xml - application/javascript - application/json - application/ld+json - application/manifest+json - application/rss+xml - application/vnd.geo+json - application/vnd.ms-fontobject - application/x-font-ttf - application/x-web-app-manifest+json - application/xhtml+xml - application/xml - font/opentype - image/bmp - image/svg+xml - image/x-icon - text/cache-manifest - text/css - text/plain - text/vcard - text/vnd.rim.location.xloc - text/vtt - text/x-component - text/x-cross-domain-policy; -# text/html is always compressed by HttpGzipModule - -# This should be turned on if you are going to have pre-compressed copies (.gz) of -# static files available. If not it should be left off as it will cause extra I/O -# for the check. It is best if you enable this in a location{} block for -# a specific directory, or on an individual server{} level. -# gzip_static on; diff --git a/ubuntu-7.1/rootfs/etc/nginx/log_format.conf b/ubuntu-7.1/rootfs/etc/nginx/log_format.conf deleted file mode 100644 index 74c5779..0000000 --- a/ubuntu-7.1/rootfs/etc/nginx/log_format.conf +++ /dev/null @@ -1,16 +0,0 @@ -# Log cache status -# Log real requester address -log_format custom '[$time_local] $http_x_real_ip ' - '$host "$request" $status $body_bytes_sent $request_time ' - '"$http_referer" "$http_user_agent" $upstream_cache_status'; - -## -# Legacy formats which might be in use somewhere -## -# This log format makes it so we can see real requester's IP address \ -# not just the reverse proxy server's IP address. Also note, that \ -# "specialLog" can be replaced with any name you would like to \ -# give to this log format. -log_format specialLog '[$time_local] $http_x_real_ip ' - '$host "$request" $status $body_bytes_sent $request_time ' - '"$http_referer" "$http_user_agent" $upstream_cache_status'; \ No newline at end of file diff --git a/ubuntu-7.1/rootfs/etc/nginx/log_formats.conf b/ubuntu-7.1/rootfs/etc/nginx/log_formats.conf deleted file mode 100644 index 9e4e2fc..0000000 --- a/ubuntu-7.1/rootfs/etc/nginx/log_formats.conf +++ /dev/null @@ -1,19 +0,0 @@ -# Log cache status -# Log real requester address -log_format custom '[$time_local] $http_x_forwarded_for ' - '$host "$request" $status $body_bytes_sent $request_time ' - '"$http_referer" "$http_user_agent" $upstream_cache_status'; - -# A new log format for detecting bad bots. -log_format blocked '[$time_local] Blocked request from $http_x_forwarded_for $request'; - -## -# Legacy formats which might be in use somewhere -## -# This log format makes it so we can see real requester's IP address \ -# not just the reverse proxy server's IP address. Also note, that \ -# "specialLog" can be replaced with any name you would like to \ -# give to this log format. -log_format specialLog '[$time_local] $http_x_forwarded_for ' - '$host "$request" $status $body_bytes_sent $request_time ' - '"$http_referer" "$http_user_agent" $upstream_cache_status'; \ No newline at end of file diff --git a/ubuntu-7.1/rootfs/etc/nginx/nginx.conf b/ubuntu-7.1/rootfs/etc/nginx/nginx.conf deleted file mode 100644 index a70db4b..0000000 --- a/ubuntu-7.1/rootfs/etc/nginx/nginx.conf +++ /dev/null @@ -1,360 +0,0 @@ -# Default user and group for the nginx@index -user ${WEB_USER} ${WEB_GROUP}; - -# Default error log -error_log ${NGINX_ERROR_LOG} ${NGINX_ERROR_LEVEL}; - -# Write process id here -pid /var/run/nginx.pid; - -# Load custom environment variables -include env.conf; - -# How many worker threads to run; -# "auto" sets it to the number of CPU cores available in the system, and -# offers the best performance. Don't set it higher than the number of CPU -# cores if changing this parameter. - -# The maximum number of connections for Nginx is calculated by: -# max_clients = worker_processes * worker_connections -worker_processes auto; - -# Maximum open file descriptors per process; -# should be > worker_connections. -worker_rlimit_nofile 8192; - -# Load root level directives -include ${NGINX_INCLUDE_DIR}/root/*.conf; -include ${NGINX_INCLUDE_DIR}/environments/${WP_ENV}/root/*.conf; - -events { - # When you need > 8000 * cpu_cores connections, you start optimizing your OS, - # and this is probably the point at which you hire people who are smarter than - # you, as this is *a lot* of requests. - worker_connections 8000; -} - -http { - - # Configure hashmaps so that environment does not change defaults - map_hash_max_size 262144; - map_hash_bucket_size 262144; - server_names_hash_bucket_size 64; - - # Hide nginx version information. - server_tokens off; - - #Enable Fastcgicache - include cache/fastcgicache_settings.conf; - - # Remove Server header entirely - more_clear_headers Server; - - # How long to allow each connection to stay idle; longer values are better - # for each individual client, particularly for SSL, but means that worker - # connections are tied up longer. (Default: 65) - keepalive_timeout 20; - - # Speed up file transfers by using sendfile() to copy directly - # between descriptors rather than using read()/write(). - sendfile on; - - # Tell Nginx not to send out partial frames; this increases throughput - # since TCP frames are filled up before being sent out. (adds TCP_CORK) - tcp_nopush on; - - # Gzip all the assets - include gzip.conf; - - # Add default pagespeed settings - include pagespeed/settings.conf; - - # Add all default mime types and additional ones - include additional.types; - include mime.types; - - default_type application/octet-stream; - - client_body_temp_path /tmp/nginx/body 1 2; - fastcgi_temp_path /tmp/nginx/fastcgi_temp 1 2; - - # Include custom log formats - include log_formats.conf; - - # Allow bigger default file uploads - client_max_body_size ${NGINX_MAX_BODY_SIZE}; - - # Allow bigger body buffer size in memory - client_body_buffer_size ${NGINX_BODY_BUFFER_SIZE}; - - # Include custom nginx http additions from project - include ${NGINX_INCLUDE_DIR}/http/*.conf; - include ${NGINX_INCLUDE_DIR}/environments/${WP_ENV}/http/*.conf; - - # load upstreams from one file which can be overwritten depending on situation - include upstreams.conf; - - # Add few headers which make XSS harder - include security_headers.conf; - - # Add headers from project - include ${NGINX_INCLUDE_DIR}/headers/*.conf; - - # Include cache headers - include cache/fastcgicache_headers.conf; - - # If ${PORT} != 80 means that we are behind reverse proxy as well - # This directive helps that we don't redirect clients into mysite.com:8080/resource type urls - port_in_redirect off; - - # Use theme assets straight from corresponding files for pagespeed - pagespeed ProcessScriptVariables on; - pagespeed LoadFromFile "$scheme://$host/app/themes/" "${WEB_ROOT}/app/themes/"; - pagespeed LoadFromFile "$scheme://$host/wp-content/themes/" "${WEB_ROOT}/wp/wp-content/themes/"; - - server { - # This is the default server for this container - listen ${PORT} default_server; - server_name _; - - root ${WEB_ROOT}; - - # Use index.php if it exists but also allow static websites in subfolders - index index.php index.html; - - access_log ${NGINX_ACCESS_LOG} custom; - - # Blocked log file - set $blocked_log /dev/stdout; - - disable_symlinks off; - - # Include custom nginx server additions from project - include ${NGINX_INCLUDE_DIR}/server/*.conf; - include ${NGINX_INCLUDE_DIR}/environments/${WP_ENV}/server/*.conf; - - # These variables are proxy conscious, so that they work even though we are behind reverse proxy - include proxy_real_variables.conf; - - # Include custom error pages - include error_pages.conf; - - # Own handling for WP-activate that for some very odd reason serves itself as 404. - location = /wp-activate.php { - try_files /wp/$uri @index; - - include fastcgi_settings.conf; - - # Append subfolder automatically - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - - # Give sane max execution time to frontend - fastcgi_read_timeout 30; - fastcgi_pass php-fpm; - } - - location = /robots.txt { - if ( $host ~ gpilvi\.com|geniem\.io ) { - add_header Content-Type text/plain; - return 200 "User-agent: *\nDisallow: /\n"; - } - - allow all; - log_not_found off; - access_log off; - try_files $uri @index; - } - - location = /favicon.ico { - allow all; - log_not_found off; - access_log off; - try_files $uri @index; - } - - # deny all dot-files including git - location ~ /\. { - deny all; - log_not_found off; - access_log off; - } - - location / { - try_files $uri $uri/ /wp/$uri /wp/$uri/ @index; - } - - # Deny requesting .dust files from anywhere else in the theme than under the partials/public directory - location ~* \/themes\/[^\/]+\/partials\/public\/.*\.dust$ { - allow all; - } - - location ~* \/themes\/.*\.dust$ { - deny all; - } - - # Static files - location ~* \.(css|js|jpe?g|gif|ico|png|otf|ttf|eot|woff?2|svg|webp)$ { - - ## Deny overriding Pagespeed - if ($arg_pagespeed != '') { access_log $blocked_log blocked; return 403; } - if ($arg_pagespeedspeedfilters != '') { access_log $blocked_log blocked; return 403; } - - include static_files.conf; - - # These files are probably exactly like $uri says but also try from /wp/ - try_files $uri /wp/$uri @index; - - # Deny requesting plain style.css from theme root directory - location ~ ^.*/themes/[^/]+/style\.css { - - # Preserve this url - pagespeed CssPreserveUrls true; - - # Minify and remove comments from css - pagespeed EnableFilters rewrite_css; - - # Wait that nginx has prepared the file - pagespeed InPlaceWaitForOptimized on; - - # Don't ever try to load non modified style.css - pagespeed InPlaceRewriteDeadlineMs 100000000; - - # Don't allow overriding pagespeed with pagespeed fixed urls - # Source: https://github.com/pagespeed/ngx_pagespeed/issues/1306 - location ~ ^(.*)/themes/([^/]+)/style.*pagespeed.* { - return 301 $1/themes/$2/style.css; - } - } - - ## - # Static WordPress files ~ wp-* - # These files are probably in /wp/ subfolder but also try from $uri - ## - location ~ ^wp- { - try_files /wp/$uri $uri @index; - } - } - - # App folder contains our plugins and themes - # We want to server assets from here but deny all php execution - location /app/ { - try_files $uri @index; - - ## - # Deny access into php files under /app/ - ## - location ~ \.php$ { - access_log $blocked_log blocked; - deny all; - } - } - - ## - # Run all php files from wp subfolder - # This is how wordpress is supposed to be run - # It also prevents direct access to possibly insecure code inside our plugins - ## - location ~ \.php$ { - try_files /wp/$uri @index; - - include fastcgi_settings.conf; - - # Append subfolder automatically - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - - # Handover 404 errors from php-fpm to WordPress - error_page 404 = @index; - - # Give sane max execution time to frontend - fastcgi_read_timeout ${NGINX_FASTCGI_TIMEOUT}; - fastcgi_pass php-fpm; - - ## Deny access to all php files in uploads folders - location ~* ^/uploads { access_log $blocked_log blocked; deny all; } - location ~* ^/content/uploads { access_log $blocked_log blocked; deny all; } - location ~* ^/wp-content/uploads { access_log $blocked_log blocked; deny all; } - - ## Fix Full Path Disclosures if display_errors is on - ## Don't allow straight access into core wp-includes - location ~* ^/wp-includes { access_log $blocked_log blocked; deny all; } - } - # Create purge location to empty fullpage cache - location ~ /purge(/.*) { - fastcgi_cache_purge WORDPRESS "$scheme$request_method$host$1"; - } - # Create health location for contena healthcheck - location /__health { - access_log off; - return 200; - } - - # Include redis interfaces /redis-fetch & /redis-store - # include cache/redis_backend.conf; - - location @index { - - # Include custom nginx index additions from project - include ${NGINX_INCLUDE_DIR}/index/*.conf; - include ${NGINX_INCLUDE_DIR}/environments/${WP_ENV}/index/*.conf; - - ## Deny overriding Pagespeed - if ($arg_pagespeed != '') { access_log $blocked_log blocked; return 403; } - if ($arg_pagespeedspeedfilters != '') { access_log $blocked_log blocked; return 403; } - - # Use redis as proxy cache - #include cache/srcache.conf; - # Use fastcgi cache - include cache/fastcgicache.conf; - - # Fallback into php - include fastcgi_settings.conf; - fastcgi_param SCRIPT_FILENAME $document_root/index.php; - - # Give sane max execution time to frontend - fastcgi_read_timeout ${NGINX_FASTCGI_TIMEOUT}; - fastcgi_pass php-fpm; - } - - # WordPress is stupid - location = /wp-admin { rewrite ^ /wp-admin/ permanent; } - - location = / { - - ## Block hackers from enumerating users - if ( $arg_author ~ [0-9]+ ) { access_log $blocked_log blocked; return 403; } - - ## Deny overriding Pagespeed - if ($arg_pagespeed != '') { access_log $blocked_log blocked; return 403; } - if ($arg_pagespeedspeedfilters != '') { access_log $blocked_log blocked; return 403; } - - # Use redis as proxy cache - #include cache/srcache.conf; - # Use fastcgi cache - include cache/fastcgicache.conf; - - #Enable project spesific config to root block - include ${NGINX_INCLUDE_DIR}/environments/${WP_ENV}/root/*.conf; - - # Fallback into php - include fastcgi_settings.conf; - fastcgi_param SCRIPT_FILENAME $document_root/index.php; - - # Give sane max execution time to frontend - fastcgi_read_timeout ${NGINX_FASTCGI_TIMEOUT}; - fastcgi_pass php-fpm; - } - - # Prevent /wp/wp/wp/... rewrite loops - location ^~ /wp/ { - rewrite ^/wp/(.*)$ $1$is_args$args last; - } - - # Block some vulnerabilities always - include security.conf; - - # Include basic pagespeed locations like beacons - include pagespeed/locations.conf; - } - include ${NGINX_INCLUDE_DIR}/environments/${WP_ENV}/end/*.conf; - -} diff --git a/ubuntu-7.1/rootfs/etc/nginx/pagespeed/locations.conf b/ubuntu-7.1/rootfs/etc/nginx/pagespeed/locations.conf deleted file mode 100644 index 46feb53..0000000 --- a/ubuntu-7.1/rootfs/etc/nginx/pagespeed/locations.conf +++ /dev/null @@ -1,7 +0,0 @@ -# Ensure requests for pagespeed optimized resources go to the pagespeed handler -# and no extraneous headers get set. -location ~ "\.pagespeed\.([a-z]\.)?[a-z]{2}\.[^.]{10}\.[^.]+" { - add_header "" ""; -} -location ~ "^/pagespeed_static/" { } -location ~ "^/ngx_pagespeed_beacon$" { } diff --git a/ubuntu-7.1/rootfs/etc/nginx/pagespeed/settings.conf b/ubuntu-7.1/rootfs/etc/nginx/pagespeed/settings.conf deleted file mode 100644 index be5a0a8..0000000 --- a/ubuntu-7.1/rootfs/etc/nginx/pagespeed/settings.conf +++ /dev/null @@ -1,13 +0,0 @@ -# Hide pagespeed version and provide this header instaed -pagespeed XHeaderValue "Enabled"; - -# Don't alter Cache-Control headers -pagespeed ModifyCachingHeaders off; - -# This is for pagespeed temporary files -# Needs to exist and be writable by nginx. Use tmpfs for best performance. -pagespeed FileCachePath /tmp/nginx/pagespeed; - -# Pagespeed sets default TTL from file to 300s, which is bad -# This sets the time to be 1 year -pagespeed LoadFromFileCacheTtlMs 2592000000; diff --git a/ubuntu-7.1/rootfs/etc/nginx/proxy_real_variables.conf b/ubuntu-7.1/rootfs/etc/nginx/proxy_real_variables.conf deleted file mode 100644 index e380f1f..0000000 --- a/ubuntu-7.1/rootfs/etc/nginx/proxy_real_variables.conf +++ /dev/null @@ -1,35 +0,0 @@ -## -# Set few variables since we use jwilder/nginx-proxy in dev and proxy in production -# So the fastcgi params need to be the original ones or you -# will have redirect loops ('canonical_redirect' mostly) -## - -# Set $host first from proxy (if possible) -set $real_host $http_x_forwarded_host; -if ($real_host = '') { - set $real_host $http_host; -} - -# Set server port according to forwarded proto -set $real_port 80; -if ($http_x_forwarded_proto = 'https') { - set $real_port 443; -} - -# Set https according to used proto -set $real_https off; -if ($http_x_forwarded_proto = 'https') { - set $real_https on; -} - -# Set scheme according to used proto -set $real_scheme 'http'; -if ($http_x_forwarded_proto = 'https') { - set $real_scheme 'https'; -} - -# Set original remote -set $real_remote $http_x_forwarded_for; -if ($real_remote = '') { - set $real_remote $remote_addr; -} diff --git a/ubuntu-7.1/rootfs/etc/nginx/security.conf b/ubuntu-7.1/rootfs/etc/nginx/security.conf deleted file mode 100644 index 24afdeb..0000000 --- a/ubuntu-7.1/rootfs/etc/nginx/security.conf +++ /dev/null @@ -1,27 +0,0 @@ -## Block SQL injections -location ~* union.*select.*\( { access_log $blocked_log blocked; return 403; } -location ~* union.*all.*select.* { access_log $blocked_log blocked; return 403; } -location ~* concat.*\( { access_log $blocked_log blocked; return 403; } - -## Block common exploits -location ~* (<|%3C).*script.*(>|%3E) { access_log $blocked_log blocked; return 403; } -location ~* base64_(en|de)code\(.*\) { access_log $blocked_log blocked; return 403; } -location ~* (%24&x) { access_log $blocked_log blocked; return 403; } -location ~* (%0|%A|%B|%C|%D|%E|%F|127\.0) { access_log $blocked_log blocked; return 403; } -location ~* \.\.\/ { access_log $blocked_log blocked; return 403; } -location ~* ~$ { access_log $blocked_log blocked; return 403; } -location ~* proc/self/environ { access_log $blocked_log blocked; return 403; } -location ~* /\.(htaccess|htpasswd|svn|git) { access_log $blocked_log blocked; return 403; } - -## Block file injections -location ~* [a-zA-Z0-9_]=(\.\.//?)+ { access_log $blocked_log blocked; return 403; } -location ~* [a-zA-Z0-9_]=/([a-z0-9_.]//?)+ { access_log $blocked_log blocked; return 403; } - -## wordpress security -location ~* wp-config.php { access_log $blocked_log blocked; return 403; } -location ~* wp-load.php { access_log $blocked_log blocked; return 403; } -location ~* wp-admin/includes { access_log $blocked_log blocked; return 403; } -location ~* wp-app\.log { access_log $blocked_log blocked; return 403; } -location ~* (licence|readme|license)\.(md|html|txt) { access_log $blocked_log blocked; return 403; } -location ~* composer.json { access_log $blocked_log blocked; return 403; } - diff --git a/ubuntu-7.1/rootfs/etc/nginx/security_headers.conf b/ubuntu-7.1/rootfs/etc/nginx/security_headers.conf deleted file mode 100644 index be78f67..0000000 --- a/ubuntu-7.1/rootfs/etc/nginx/security_headers.conf +++ /dev/null @@ -1,23 +0,0 @@ -## -# Security headers, source: https://gist.github.com/plentz/6737338 -## - -# config to don't allow the browser to render the page inside an frame or iframe -# and avoid clickjacking http://en.wikipedia.org/wiki/Clickjacking -# if you need to allow [i]frames, you can use SAMEORIGIN or even set an uri with ALLOW-FROM uri -# https://developer.mozilla.org/en-US/docs/HTTP/X-Frame-Options -add_header X-Frame-Options SAMEORIGIN; - -# when serving user-supplied content, include a X-Content-Type-Options: nosniff header along with the Content-Type: header, -# to disable content-type sniffing on some browsers. -# https://www.owasp.org/index.php/List_of_useful_HTTP_headers -# currently suppoorted in IE > 8 http://blogs.msdn.com/b/ie/archive/2008/09/02/ie8-security-part-vi-beta-2-update.aspx -# http://msdn.microsoft.com/en-us/library/ie/gg622941(v=vs.85).aspx -# 'soon' on Firefox https://bugzilla.mozilla.org/show_bug.cgi?id=471020 -add_header X-Content-Type-Options nosniff always; - -# This header enables the Cross-site scripting (XSS) filter built into most recent web browsers. -# It's usually enabled by default anyway, so the role of this header is to re-enable the filter for -# this particular website if it was disabled by the user. -# https://www.owasp.org/index.php/List_of_useful_HTTP_headers -add_header X-XSS-Protection "1; mode=block"; diff --git a/ubuntu-7.1/rootfs/etc/nginx/static_files.conf b/ubuntu-7.1/rootfs/etc/nginx/static_files.conf deleted file mode 100644 index fa9d42d..0000000 --- a/ubuntu-7.1/rootfs/etc/nginx/static_files.conf +++ /dev/null @@ -1,13 +0,0 @@ -# Use version numbers to bypass cache -# Try to cache as long as we can -expires max; - -## No need to bleed constant updates. Send the all shebang in one -## fell swoop. -tcp_nodelay off; - -## Set the OS file cache. -open_file_cache max=3000 inactive=120s; -open_file_cache_valid 45s; -open_file_cache_min_uses 2; -open_file_cache_errors off; diff --git a/ubuntu-7.1/rootfs/etc/nginx/upstreams.conf b/ubuntu-7.1/rootfs/etc/nginx/upstreams.conf deleted file mode 100644 index 395d445..0000000 --- a/ubuntu-7.1/rootfs/etc/nginx/upstreams.conf +++ /dev/null @@ -1,4 +0,0 @@ -# Default php handler -upstream php-fpm { - server unix:/var/run/php-fpm.sock; -} diff --git a/ubuntu-7.1/rootfs/etc/php/7.1/cli/php.ini b/ubuntu-7.1/rootfs/etc/php/7.1/cli/php.ini deleted file mode 100644 index 3d0f5f3..0000000 --- a/ubuntu-7.1/rootfs/etc/php/7.1/cli/php.ini +++ /dev/null @@ -1,72 +0,0 @@ -[PHP] -; This directive determines whether or not PHP will recognize code between -; tags as PHP source which should be processed as such. -short_open_tag = Off - -; Implicit flush tells PHP to tell the output layer to flush itself -; automatically after every output block. -implicit_flush = Off - -; This directive allows you to disable certain functions for security reasons. -; It receives a comma-delimited list of function names. -; http://php.net/disable-functions -disable_functions = - -; Enables or disables the circular reference collector. -; http://php.net/zend.enable-gc -zend.enable_gc = On - -;;;;;;;;;;;;;;;;; -; Miscellaneous ; -;;;;;;;;;;;;;;;;; - - -; Deny executing anything else than the exact path passed from fastcgi -; This causes the PHP interpreter to only try the literal path given and to stop processing if the file is not found. -; This is for security. -; https://www.nginx.com/resources/wiki/start/topics/tutorials/config_pitfalls/#passing-uncontrolled-requests-to-php -cgi.fix_pathinfo = 0 - -expose_php = Off - -;;;;;;;;;;;;;;;;;;; -; Resource Limits ; -;;;;;;;;;;;;;;;;;;; - -; Maximum execution time of each script, in seconds -max_execution_time = 600 - -; Maximum amount of time each script may spend parsing request data. -max_input_time = 60 - -; How many GET/POST/COOKIE input variables may be accepted -; max_input_vars = 1000 - -; Maximum amount of memory a script may consume (128MB) -memory_limit = ${PHP_MEMORY_LIMIT} - -;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; -; Error handling and logging ; -;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; - -error_reporting = E_ALL - -error_log = /proc/1/fd/2 - -display_errors = On - -display_startup_errors = On - -log_errors = On - -log_errors_max_len = 2048 - -ignore_repeated_errors = Off - -ignore_repeated_source = Off - -report_memleaks = On - -track_errors = On - -html_errors = Off diff --git a/ubuntu-7.1/rootfs/etc/php/7.1/fpm/conf.d/blocked.ini b/ubuntu-7.1/rootfs/etc/php/7.1/fpm/conf.d/blocked.ini deleted file mode 100644 index 4142569..0000000 --- a/ubuntu-7.1/rootfs/etc/php/7.1/fpm/conf.d/blocked.ini +++ /dev/null @@ -1,4 +0,0 @@ -; Disable some functions because they allow bad/vulnerable patterns -; We want to advocate good coding practises and these functions make it difficult -; You can use these with php cli but not with php-fpm -disable_functions = exec,passthru,shell_exec,show_source,system,pcntl_exec,popen,posix_getpwuid,posix_kill,posix_mkfifo,posix_setpgid,posix_setsid,posix_setuid,posix_setuid,posix_uname,proc_nice,proc_open,proc_close,proc_get_status diff --git a/ubuntu-7.1/rootfs/etc/php/7.1/fpm/conf.d/common.ini b/ubuntu-7.1/rootfs/etc/php/7.1/fpm/conf.d/common.ini deleted file mode 100644 index 5600222..0000000 --- a/ubuntu-7.1/rootfs/etc/php/7.1/fpm/conf.d/common.ini +++ /dev/null @@ -1,4 +0,0 @@ -[PHP] - -; Don't brag that we have php 7.0 -expose_php = Off diff --git a/ubuntu-7.1/rootfs/etc/php/7.1/fpm/conf.d/limits.ini b/ubuntu-7.1/rootfs/etc/php/7.1/fpm/conf.d/limits.ini deleted file mode 100644 index 6ccc766..0000000 --- a/ubuntu-7.1/rootfs/etc/php/7.1/fpm/conf.d/limits.ini +++ /dev/null @@ -1,7 +0,0 @@ -; filesize, time and input limits -max_execution_time = ${NGINX_FASTCGI_TIMEOUT} -max_input_time = -1 -max_input_vars = ${PHP_MAX_INPUT_VARS} -memory_limit = ${PHP_MEMORY_LIMIT} -post_max_size = ${NGINX_MAX_BODY_SIZE} -upload_max_filesize = ${NGINX_MAX_BODY_SIZE} diff --git a/ubuntu-7.1/rootfs/etc/php/7.1/fpm/conf.d/logging.ini b/ubuntu-7.1/rootfs/etc/php/7.1/fpm/conf.d/logging.ini deleted file mode 100644 index 6db568d..0000000 --- a/ubuntu-7.1/rootfs/etc/php/7.1/fpm/conf.d/logging.ini +++ /dev/null @@ -1,4 +0,0 @@ -; Log all warnings and errors -error_log = ${PHP_ERROR_LOG} -log_level = ${PHP_ERROR_LOG_LEVEL} -log_errors_max_len = ${PHP_ERROR_MAX_LEN} diff --git a/ubuntu-7.1/rootfs/etc/php/7.1/fpm/conf.d/mail.ini b/ubuntu-7.1/rootfs/etc/php/7.1/fpm/conf.d/mail.ini deleted file mode 100644 index d54d6f8..0000000 --- a/ubuntu-7.1/rootfs/etc/php/7.1/fpm/conf.d/mail.ini +++ /dev/null @@ -1,3 +0,0 @@ -[PHP] -; Use msmtp to send mail instead of sendmail -sendmail_path = "/usr/sbin/sendmail" diff --git a/ubuntu-7.1/rootfs/etc/php/7.1/fpm/conf.d/opcache.ini b/ubuntu-7.1/rootfs/etc/php/7.1/fpm/conf.d/opcache.ini deleted file mode 100644 index 41a7d2a..0000000 --- a/ubuntu-7.1/rootfs/etc/php/7.1/fpm/conf.d/opcache.ini +++ /dev/null @@ -1,24 +0,0 @@ -; Enable php opcache to make site faster -; These are taken from: https://www.scalingphpbook.com/blog/2014/02/14/best-zend-opcache-settings.html -[opcache] -opcache.enable = 1 -opcache.enable_cli = 1 - -; Provides a faster mechanism for calling the deconstructors in your code at the end of a single request to speed up the response and recycle php workers so they're ready for the next incoming request faster. -opcache.fast_shutdown = 1 - -; Give plenty of memory for php process for caching the code -opcache.memory_consumption = ${PHP_OPCACHE_MAX_MEMORY} - -; Log into container output -opcache.error_log = /dev/stderr - -; Log opcache warnings -opcache.log_verbosity_level = 2 - -; PHP uses a technique called string interning to improve performance— so, for example, if you have the string "foobar" 1000 times in your code, internally PHP will store 1 immutable variable for this string and just use a pointer to it for the other 999 times you use it. -; This reserves 16MB to storing the most used strings -opcache.interned_strings_buffer = 16 -opcache.max_accelerated_files = ${PHP_OPCACHE_MAX_FILES} - - diff --git a/ubuntu-7.1/rootfs/etc/php/7.1/fpm/conf.d/opcache_invalidate.conf b/ubuntu-7.1/rootfs/etc/php/7.1/fpm/conf.d/opcache_invalidate.conf deleted file mode 100644 index d152afa..0000000 --- a/ubuntu-7.1/rootfs/etc/php/7.1/fpm/conf.d/opcache_invalidate.conf +++ /dev/null @@ -1,5 +0,0 @@ -; Don't revalidate php files in this container -opcache.validate_timestamps = 0 - -; We don't need to cache php comments into opcache -opcache.save_comments = 0 diff --git a/ubuntu-7.1/rootfs/etc/php/7.1/fpm/conf.d/sessions.ini b/ubuntu-7.1/rootfs/etc/php/7.1/fpm/conf.d/sessions.ini deleted file mode 100644 index d5fb56c..0000000 --- a/ubuntu-7.1/rootfs/etc/php/7.1/fpm/conf.d/sessions.ini +++ /dev/null @@ -1,6 +0,0 @@ -;;;;;;;;;;;;;;;;;;;;;;;;;; -; Define Session backend ; -;;;;;;;;;;;;;;;;;;;;;;;;;; -; These env can also contain redis as backend -session.save_handler = ${PHP_SESSION_HANDLER} -session.save_path = ${PHP_SESSION_SAVE_PATH} diff --git a/ubuntu-7.1/rootfs/etc/php/7.1/fpm/conf.d/timezone.ini b/ubuntu-7.1/rootfs/etc/php/7.1/fpm/conf.d/timezone.ini deleted file mode 100644 index dfb2fec..0000000 --- a/ubuntu-7.1/rootfs/etc/php/7.1/fpm/conf.d/timezone.ini +++ /dev/null @@ -1,2 +0,0 @@ -; Timezone from env formatted like 'Europe/Helsinki' -date.timezone = ${TZ} diff --git a/ubuntu-7.1/rootfs/etc/php/7.1/fpm/php-fpm.conf b/ubuntu-7.1/rootfs/etc/php/7.1/fpm/php-fpm.conf deleted file mode 100644 index ef307ec..0000000 --- a/ubuntu-7.1/rootfs/etc/php/7.1/fpm/php-fpm.conf +++ /dev/null @@ -1,35 +0,0 @@ -; Run this in foregroud so s6 can control it -daemonize = no - -; Log all warnings and errors -error_log = ${PHP_ERROR_LOG} -log_level = ${PHP_ERROR_LOG_LEVEL} - -[www] -user = ${WEB_USER} -group = ${WEB_GROUP} -listen = /var/run/php-fpm.sock -listen.owner = ${WEB_USER} -listen.group = ${WEB_GROUP} -pm = dynamic - -; Total RAM dedicated to the web server / Max child process size -pm.max_children = 30 - -pm.start_servers = 1 -pm.min_spare_servers = 1 -pm.max_spare_servers = 3 - -; Redirect worker stdout and stderr into main error log. If not set, stdout and -; stderr will be redirected to /dev/null according to FastCGI specs. -; Default Value: no -catch_workers_output = yes - -; Project web root -chdir = ${WEB_ROOT} - -pm.process_idle_timeout = 10s -pm.max_requests = 500 - -; Include extra configs -include=/etc/php/7.1/fpm/php-fpm.d/*.conf diff --git a/ubuntu-7.1/rootfs/etc/php/7.1/fpm/php-fpm.d/preserve-env.conf b/ubuntu-7.1/rootfs/etc/php/7.1/fpm/php-fpm.d/preserve-env.conf deleted file mode 100644 index 956d8ff..0000000 --- a/ubuntu-7.1/rootfs/etc/php/7.1/fpm/php-fpm.d/preserve-env.conf +++ /dev/null @@ -1,3 +0,0 @@ -; Just use all envs from system when php-fpm starts -; By default php-fpm flushes all envs and they need to be whitelisted -clear_env = no diff --git a/ubuntu-7.1/rootfs/etc/php/7.1/fpm/php.ini b/ubuntu-7.1/rootfs/etc/php/7.1/fpm/php.ini deleted file mode 100644 index 472d608..0000000 --- a/ubuntu-7.1/rootfs/etc/php/7.1/fpm/php.ini +++ /dev/null @@ -1,46 +0,0 @@ -;;; -; Production settings for php and php-fpm -;;; -; All directives from /etc/php/7.0/fpm/conf.d are also included -;;; - -[PHP] - -; Don't display errors into frontend -display_errors = stderr - -; disable ignoring of repeat errors -ignore_repeated_errors = false - -; disable ignoring of unique source errors -ignore_repeated_source = false - -; enable logging of php memory leaks -report_memleaks = true - -; Deny executing anything else than the exact path passed from fastcgi -; This causes the PHP interpreter to only try the literal path given and to stop processing if the file is not found. -; This is for security. Source: https://www.nginx.com/resources/wiki/start/topics/tutorials/config_pitfalls/#passing-uncontrolled-requests-to-php -cgi.fix_pathinfo = 0 - -; disable html markup of errors -html_errors = false - -; disable formatting of error reference links -docref_root = 0 - -; disable formatting of error reference links -docref_ext = 0 - -; disable max error string length ( by using so big number that bigger messages don't matter ) -log_errors_max_len = 10000 - -; Don't show startup errors -display_startup_errors = Off -track_errors = Off - -; Redirect worker stdout and stderr into main error log. If not set, stdout and -; stderr will be redirected to /dev/null according to FastCGI specs. -; Default Value: no -catch_workers_output = yes - diff --git a/ubuntu-7.1/rootfs/etc/services.d/cron/run b/ubuntu-7.1/rootfs/etc/services.d/cron/run deleted file mode 100644 index 444e2b9..0000000 --- a/ubuntu-7.1/rootfs/etc/services.d/cron/run +++ /dev/null @@ -1,4 +0,0 @@ -#!/usr/bin/with-contenv sh -echo "[services.d] started cron daemon" -# Runs cron daemon in foreground -cron -l 2 -f diff --git a/ubuntu-7.1/rootfs/etc/services.d/nginx/run b/ubuntu-7.1/rootfs/etc/services.d/nginx/run deleted file mode 100755 index ef92c7d..0000000 --- a/ubuntu-7.1/rootfs/etc/services.d/nginx/run +++ /dev/null @@ -1,4 +0,0 @@ -#!/usr/bin/with-contenv sh - -# Run nginx always in foreground -exec nginx -g "daemon off;" diff --git a/ubuntu-7.1/rootfs/etc/services.d/php-fpm/run b/ubuntu-7.1/rootfs/etc/services.d/php-fpm/run deleted file mode 100644 index 18b6baf..0000000 --- a/ubuntu-7.1/rootfs/etc/services.d/php-fpm/run +++ /dev/null @@ -1,53 +0,0 @@ -#!/usr/bin/with-contenv bash - -## -# Check which kind of session backend we should be using -## -if [ -z "$PHP_SESSION_SAVE_PATH" ]; then - echo "[php-fpm] configuring php-fpm session backend..." - - # Use 'files' as default session handler - export PHP_SESSION_HANDLER=${PHP_SESSION_HANDLER-files} - - case "$PHP_SESSION_HANDLER" in - - files) - mkdir -p /tmp/php - chown $WEB_USER:$WEB_GROUP /tmp/php - - # export new env for php-fpm - export PHP_SESSION_SAVE_PATH='/tmp/php' - ;; - redis) - # Set defaults - REDIS_HOST=${REDIS_HOST-$REDIS_1_PORT_6379_TCP_ADDR} - REDIS_PORT=${REDIS_PORT-6379} - REDIS_SCHEME=${REDIS_SCHEME-tcp} - REDIS_PHP_SESSION_HOST=${REDIS_PHP_SESSION_HOST-$REDIS_1_PORT_6379_TCP_ADDR} - - # After this time php-fpm will timeout from requesting session data - PHP_SESSION_REDIS_TIMEOUT=${PHP_SESSION_REDIS_TIMEOUT-5} - - PHP_SESSION_REDIS_PARAMS="timeout=$PHP_SESSION_REDIS_TIMEOUT" - - # Set these only if they are not 0 and '' because they add complexity for the query - if [ "$PHP_SESSION_REDIS_DB" != "" ]; then - PHP_SESSION_REDIS_PARAMS+="&database=$PHP_SESSION_REDIS_DB" - fi - if [ "$REDIS_PASSWORD" != "" ]; then - PHP_SESSION_REDIS_PARAMS+="&auth=$REDIS_PASSWORD" - fi - if [ "$PHP_SESSION_REDIS_PREFIX" != "" ]; then - PHP_SESSION_REDIS_PARAMS+="&prefix=$PHP_SESSION_REDIS_PREFIX" - fi - - # export new env for php-fpm - export PHP_SESSION_SAVE_PATH="$REDIS_SCHEME://$REDIS_PHP_SESSION_HOST:$REDIS_PORT?$PHP_SESSION_REDIS_PARAMS" - ;; - esac -fi -echo "[php-fpm] using $PHP_SESSION_SAVE_PATH for php sessions..." - -echo "[php-fpm] started php-fpm" -exec php-fpm -c /etc/php/7.1/fpm/php.ini --fpm-config /etc/php/7.1/fpm/php-fpm.conf --pid /var/run/php-fpm.pid - diff --git a/ubuntu-7.1/rootfs/usr/bin/wp b/ubuntu-7.1/rootfs/usr/bin/wp deleted file mode 100755 index e138ef0..0000000 --- a/ubuntu-7.1/rootfs/usr/bin/wp +++ /dev/null @@ -1,12 +0,0 @@ -#!/usr/bin/env bash -## -# WP-cli wrapper: Append path automatically so that user doesn't have to -## -if [ "$(whoami)" = "root" ]; then - # Run as wordpress user instead - # This helps that we don't install things as root - # Or run 3rd party code as root - gosu $WEB_USER /usr/local/bin/wp-cli "$@" --path=$WP_CORE -else - /usr/local/bin/wp-cli "$@" --path=$WP_CORE -fi diff --git a/ubuntu-7.1/rootfs/usr/local/bin/phinx b/ubuntu-7.1/rootfs/usr/local/bin/phinx deleted file mode 100755 index 854aa2f..0000000 --- a/ubuntu-7.1/rootfs/usr/local/bin/phinx +++ /dev/null @@ -1,27 +0,0 @@ -#!/usr/bin/env bash -## -# Phinx wrapper -# You need to install phinx through composer first -## - -# Export database host in prod and dev -if [ ! -z "$MYSQL_HOST" ]; then - export PHINX_DBHOST=$MYSQL_HOST -elif [ ! -z "$DB_HOST" ]; then - export PHINX_DBHOST=$DB_HOST -elif [ ! -z "$DB_PORT_3306_TCP_ADDR" ]; then - export PHINX_DBHOST=$DB_PORT_3306_TCP_ADDR -else - echo "ERROR: You need to set DB_HOST!" -fi - -# Export phinx envs -# Default to MYSQL_ envs but fallback to DB_ -export PHINX_DBPORT=${MYSQL_PORT-$DB_PORT} -export PHINX_DBNAME=${MYSQL_DATABASE-$DB_NAME} -export PHINX_DBUSER=${MYSQL_USER-$DB_USER} -export PHINX_DBPASSWORD=${MYSQL_PWD-$DB_PASSWORD} -export PHINX_ENVIRONMENT=$WP_ENV - -# Run phinx -php $PROJECT_ROOT/vendor/bin/phinx $@ diff --git a/ubuntu-7.1/rootfs/usr/local/bin/print-smtp-password b/ubuntu-7.1/rootfs/usr/local/bin/print-smtp-password deleted file mode 100755 index f59d906..0000000 --- a/ubuntu-7.1/rootfs/usr/local/bin/print-smtp-password +++ /dev/null @@ -1,5 +0,0 @@ -#!/bin/bash -# This is so that we can use msmtp without /etc/msmtprc config file -# msmtp doesn't have --password option and it only has --passwordeval option -# We use this script so that we can use it in passwordeval -echo $SMTP_PASSWORD diff --git a/ubuntu-7.1/rootfs/usr/local/bin/wp-run-cron b/ubuntu-7.1/rootfs/usr/local/bin/wp-run-cron deleted file mode 100755 index e5c4aa8..0000000 --- a/ubuntu-7.1/rootfs/usr/local/bin/wp-run-cron +++ /dev/null @@ -1,42 +0,0 @@ -#!/bin/bash -# Copyright © 2015 Bjørn Johansen -# This work is free. You can redistribute it and/or modify it under the -# terms of the Do What The Fuck You Want To Public License, Version 2, -# as published by Sam Hocevar. See http://www.wtfpl.net/ for more details. -# Source: https://bjornjohansen.no/wordpress-cron-wp-cli -# Github: https://gist.github.com/bjornjohansen/a00a9fee5475c4dadb56#file-run-wp-cron-sh - -# This is modified for our container. In this container you don't need to use --path -# because it's automatically included - -# Check if WP-CLI is available -if ! hash wp 2>/dev/null; then - echo "[wp-cron] ERROR: WP-CLI is not available" - exit -fi - -# If WordPress isn’t installed here, we bail -if ! wp core is-installed --quiet >> /dev/null; then - echo "[wp-cron] ERROR: WordPress is not installed here: ${WP_CORE}" - exit -fi - -# Get a list of site URLs -if wp core is-installed --quiet --network >> /dev/null; -then - SITE_URLS=`wp site list --fields=url --archived=0 --deleted=0 --format=csv | sed 1d` -else - SITE_URLS=(`wp option get siteurl`) -fi - -# Loop through all the sites -for SITE_URL in $SITE_URLS -do - # replaced loop with better solution - wp cron event run --due-now --url="$SITE_URL" - # Run all event hooks that are due - #for EVENT_HOOK in $(wp cron event list --format=csv --fields=hook,next_run_relative --url="$SITE_URL" | grep now$ | awk -F ',' '{print $1}') - #do - # wp cron event run "$EVENT_HOOK" --url="$SITE_URL" --quiet - #done -done diff --git a/ubuntu-7.1/rootfs/usr/sbin/sendmail b/ubuntu-7.1/rootfs/usr/sbin/sendmail deleted file mode 100755 index ec8c40f..0000000 --- a/ubuntu-7.1/rootfs/usr/sbin/sendmail +++ /dev/null @@ -1,66 +0,0 @@ -#!/bin/bash -## -# This is custom wrapper for msmtp which acts like good old sendmail -# - It is used for php and cron -# - This is easier to configure for external mail server than sendmail -# - sendmail is just the default binary which other services will use -# - It needs following env: SMTP_HOST, SMTP_PASSWORD, SMTP_PORT, SMTP_AUTH, SMTP_USER -## - -# Deduce all used msmtp options from system ENVs -declare -a options - -# Act like sendmail -options+=("-t") - -# Use system tls chain -options+=("--tls-trust-file=/etc/ssl/certs/ca-certificates.crt") - -if [ -n "$SMTP_HOST" ]; then - options+=("--host=$SMTP_HOST") -else - echo "[mail error] SMTP_HOST is not defined, mail can't be sent" - exit 1 -fi - -# Log all mail requests -# try /var/log/mail/sent.log but use stdout when logfile is not available -if [ -n "$SMTP_LOG" ]; then - options+=("--logfile=$SMTP_LOG") -elif [ -f /var/log/mail/sent.log ]; then - options+=("--logfile=/var/log/mail/sent.log") -fi - -if [ -n "$SMTP_FROM" ]; then - options+=("--from=$SMTP_FROM") -fi - -# Default port for smtp is 25 and it will work even without this option -if [ -n "$SMTP_PORT" ]; then - options+=("--port=$SMTP_PORT") -fi - -# Setup credentials -if [ -n "$SMTP_USER" ]; then - options+=("--user=$SMTP_USER") -fi - -# msmtp doesn't provide password option because usually it's unsafe -# Use local hack for passwordeval -if [ -n "$SMTP_PASSWORD" ]; then - options+=("--passwordeval=/usr/local/bin/print-smtp-password") -fi - - -if [ -n "$SMTP_AUTH" ]; then - options+=("--auth=$SMTP_AUTH") -elif [ -n "$SMTP_USER" ] || [ -n "$SMTP_PASSWORD" ]; then - options+=("--auth=on") -fi - -if [ -n "$SMTP_TLS" ]; then - options+=("--tls=$SMTP_TLS") -fi - -# Add our options and command line options for msmtp -msmtp ${options[@]} "$@" diff --git a/ubuntu-7.1/rootfs/usr/share/nginx/html/403.html b/ubuntu-7.1/rootfs/usr/share/nginx/html/403.html deleted file mode 100644 index 3f85394..0000000 --- a/ubuntu-7.1/rootfs/usr/share/nginx/html/403.html +++ /dev/null @@ -1,95 +0,0 @@ - - - - - - -403 Forbidden - - - - - - - - -
-
-

403 Forbidden

-

Sorry! You don't have access permissions for that on .

-

Take Me To The Homepage - -

-
-
-
-
-
-
-

What happened?

-

A 403 error status indicates that you don't have permission to access the file or page. In general, web servers and websites have directories and files that are not open to the public web for security reasons.

-
-
-

What can I do?

-

If you're a site visitor

-

Please use your browsers back button and check that you're in the right place. If you need immediate assistance, please send us an email instead.

-

If you're the site owner

-

Please check that you're in the right place and get in touch with your website provider if you believe this to be an error.

-
-
-
-
- - - - - - - diff --git a/ubuntu-7.1/rootfs/usr/share/nginx/html/500.html b/ubuntu-7.1/rootfs/usr/share/nginx/html/500.html deleted file mode 100644 index e5fac20..0000000 --- a/ubuntu-7.1/rootfs/usr/share/nginx/html/500.html +++ /dev/null @@ -1,89 +0,0 @@ - - - - - - -500 Internal Server Error - - - - - - - - -
- -
-

500 Internal Server Error

-

The web server is returning an internal error for .

- Try This Page Again -
-
-
-
-
-
-

What happened?

-

A 500 error status implies there is a problem with the web server's software causing it to malfunction.

-
-
-

What can I do?

-

If you're a site visitor

-

Nothing you can do at the moment. If you need immediate assistance, please send us an email instead. We apologize for any inconvenience.

-

If you're the site owner

-

This error can only be fixed by server admins, please contact your website provider.

-
-
-
-
- - - - - - - diff --git a/ubuntu-7.1/rootfs/usr/share/nginx/html/502.html b/ubuntu-7.1/rootfs/usr/share/nginx/html/502.html deleted file mode 100644 index e7d79c1..0000000 --- a/ubuntu-7.1/rootfs/usr/share/nginx/html/502.html +++ /dev/null @@ -1,98 +0,0 @@ - - - - - - - -502 Bad Gateway - - - - - - - - -
- -
-

502 Bad Gateway

-

The web server is returning an unexpected networking error for .

- Try This Page Again -
-
-
-
-
-
-

What happened?

-

A 502 error status implies that that the server received an invalid response from an upstream server it accessed to fulfill the request.

-
-
-

What can I do?

-

If you're a site visitor

-

Check to see if this website down for everyone or just you. -

-

Also, clearing your browser cache and refreshing the page may clear this issue. If the problem persists and you need immediate assistance, please send us an email instead.

-

If you're the site owner

-

Clearing your browser cache and refreshing the page may clear this issue. If the problem persists and you need immediate assistance, please contact your website provider.

-
-
-
-
- - - - - - - - diff --git a/ubuntu-7.1/rootfs/usr/share/nginx/html/504.html b/ubuntu-7.1/rootfs/usr/share/nginx/html/504.html deleted file mode 100644 index f37b919..0000000 --- a/ubuntu-7.1/rootfs/usr/share/nginx/html/504.html +++ /dev/null @@ -1,100 +0,0 @@ - - - - - - - -504 Gateway Timeout - - - - - - - - -
- -
-

504 Gateway Timeout

-

The web server is returning an unexpected networking error for .

- Try This Page Again -
-
-
-
- - -
-
-

What happened?

-

A 504 error status implies there is a slow IP communication problem between back-end servers attempting to fulfill this request.

-
-
-

What can I do?

-

If you're a site visitor

-

Check to see if this website down for everyone or just you. -

-

Also, clearing your browser cache and refreshing the page may clear this issue. If the problem persists and you need immediate assistance, please send us an email instead.

-

If you're the site owner

-

Clearing your browser cache and refreshing the page may clear this issue. If the problem persists and you need immediate assistance, please contact your website provider.

-
-
-
-
- - - - - - - - diff --git a/ubuntu-7.2/Dockerfile b/ubuntu-7.2/Dockerfile deleted file mode 100644 index 0d2e1d0..0000000 --- a/ubuntu-7.2/Dockerfile +++ /dev/null @@ -1,190 +0,0 @@ -FROM devgeniem/ubuntu-docker-openresty-pagespeed:beta -MAINTAINER Ville Pietarinen - Geniem Oy - -## -# Only use these during installation -## -ARG LANG=C.UTF-8 -ARG DEBIAN_FRONTEND=noninteractive - -## -# Install php7 packages from dotdeb.org -# - Dotdeb is an extra repository providing up-to-date packages for your Debian servers -## -RUN \ - apt-get update \ -&& apt-get -y install software-properties-common \ - && add-apt-repository ppa:ondrej/php \ - && apt-get -y --no-install-recommends install \ - apt-utils \ - curl \ - nano \ - ca-certificates \ - git \ - mysql-client \ - msmtp \ - postfix \ - netcat \ - less \ - && apt-get update \ - && apt-get -y --no-install-recommends install \ - php7.2-cli \ - php7.2-common \ - php7.2-apcu \ - php7.2-apcu-bc \ - php7.2-curl \ - php7.2-json \ - php7.2-opcache \ - php7.2-readline \ - php7.2-xml \ - php7.2-zip \ - php7.2-fpm \ - php7.2-redis \ - php7.2-mongodb \ - php7.2-mysqli \ - php7.2-intl \ - php7.2-gd \ - php7.2-mbstring \ - php7.2-soap \ - php7.2-bcmath \ - php7.2-curl \ - php7.2-ldap \ - # Force install only cron without extra mailing dependencies - && cd /tmp \ - && apt-get download cron \ - && dpkg --force-all -i cron*.deb \ - && mkdir -p /var/spool/cron/crontabs \ - # Cleanup - && apt-get clean \ - && apt-get autoremove \ - && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* /usr/share/doc/* /var/log/apt/* /var/log/*.log - - -# Install helpers -RUN \ - ## - # Install composer - ## - curl -sS https://getcomposer.org/installer | php -- --install-dir=/usr/local/bin --filename=composer \ - && composer global require hirak/prestissimo \ - - ## - # Install wp-cli - # source: http://wp-cli.org/ - ## - && curl -L https://raw.githubusercontent.com/wp-cli/builds/gh-pages/phar/wp-cli.phar -o /usr/local/bin/wp-cli \ - && chmod +rx /usr/local/bin/wp-cli \ - # Symlink it to /usr/bin as well so that cron can find this script with limited PATH - && ln -s /usr/local/bin/wp-cli /usr/bin/wp-cli \ - - ## - # Install cronlock for running cron correctly with multi container setups - # https://github.com/kvz/cronlock - ## - && curl -L https://raw.githubusercontent.com/kvz/cronlock/master/cronlock -o /usr/local/bin/cronlock \ - && chmod +rx /usr/local/bin/cronlock \ - # Symlink it to /usr/bin as well so that cron can find this script with limited PATH - && ln -s /usr/local/bin/cronlock /usr/bin/cronlock - -## -# Add Project files like nginx and php-fpm processes and configs -# Also custom scripts and bashrc -## -COPY rootfs/ / - -# Run small fixes -RUN set -x \ - && mkdir -p /var/www/uploads \ - && mkdir -p /tmp/php-opcache \ - && ln -sf /usr/sbin/php-fpm7.2 /usr/sbin/php-fpm \ - && ln -sf /usr/bin/wp /usr/local/bin/wp -# This is for your project root -ENV PROJECT_ROOT="/var/www/project" - -ENV \ - # Add interactive term - TERM="xterm" \ - # Set defaults which can be overriden - MYSQL_PORT="3306" \ - # Use default web port in nginx but allow it to be overridden - # This also works correctly with flynn: - # https://github.com/flynn/flynn/issues/3213#issuecomment-237307457 - PORT="8080" \ - # Use custom users for nginx and php-fpm - WEB_USER="wordpress" \ - WEB_GROUP="web" \ - WEB_UID=1000 \ - WEB_GID=1001 \ - # Set defaults for redis - REDIS_PORT="6379" \ - REDIS_DATABASE="0" \ - REDIS_PASSWORD="" \ - REDIS_SCHEME="tcp" \ - # Set defaults for NGINX redis cache - # This variable uses seconds by default - # Time units supported are "s"(seconds), "ms"(milliseconds), "y"(years), "M"(months), "w"(weeks), "d"(days), "h"(hours), and "m"(minutes). - NGINX_REDIS_CACHE_TTL_DEFAULT="900" \ - NGINX_REDIS_CACHE_TTL_MAX="4h" \ - NGINX_CACHE_DIRECTORY="/tmp/nginx/fullpage" \ - # Default operations when fastcgi stale cache is used - NGINX_CACHE_USE_STALE="error timeout invalid_header updating http_500 http_503 http_403 http_404 http_429" \ - # Default headers for fastcgi stale- and error cache - NGINX_CACHE_CONTROL='"max-age=60, stale-while-revalidate=300, stale-if-error=21600"'\ - # Cronlock is used to stop simultaneous cronjobs in clusterised environments - CRONLOCK_HOST="" \ - # This is used by nginx and php-fpm - WEB_ROOT="${PROJECT_ROOT}/web" \ - # This is used automatically by wp-cli - WP_CORE="${PROJECT_ROOT}/web/wp" \ - # Nginx include files - NGINX_INCLUDE_DIR="/var/www/project/nginx" \ - # Allow bigger file uploads - NGINX_MAX_BODY_SIZE="10M" \ - # Allow storing bigger body in memory - NGINX_BODY_BUFFER_SIZE="32k" \ - # Have sane fastcgi timeout by default - NGINX_FASTCGI_TIMEOUT="30" \ - # Have sane fastcgi timeout by default - NGINX_ERROR_LEVEL="warn" \ - # Have sane fastcgi timeout by default - NGINX_ERROR_LOG="/dev/stderr" \ - # Have sane fastcgi timeout by default - NGINX_ACCESS_LOG="/dev/stdout" \ - # Default cache key for nginx http cache - NGINX_CACHE_KEY='wp_:nginx:$real_scheme$request_method$host$request_uri' \ - # PHP settings - PHP_MEMORY_LIMIT="128M" \ - PHP_MAX_INPUT_VARS="1000" \ - PHP_ERROR_LOG="/proc/self/fd/1" \ - PHP_ERROR_LOG_LEVEL="warning" \ - PHP_ERROR_LOG_MAX_LEN="8192" \ - PHP_SESSION_REDIS_DB="0" \ - PHP_SESSION_HANDLER="files" \ - # You should count the *.php files in your project and set this number to be bigger - # $ find . -type f -print | grep php | wc -l - PHP_OPCACHE_MAX_FILES="8000" \ - # Amount of memory in MB to allocate for opcache - PHP_OPCACHE_MAX_MEMORY="128" \ - # Use host machine as default SMTP_HOST - SMTP_HOST="172.17.2.1" \ - # This folder is used to mount files into host machine - # You should use this path for your uploads since everything else should be ephemeral - UPLOADS_ROOT="/var/www/uploads" \ - # This can be overidden by you, it's just default for us - TZ="Europe/Helsinki" -# Setup $TZ. Remember to run this again in your own build - # Make sure that all files here have execute permissions -RUN dpkg-reconfigure tzdata && \ - chmod +x /etc/cont-init.d/* - -# Install socklog-overlay -ADD https://github.com/just-containers/socklog-overlay/releases/download/v3.1.0-2/socklog-overlay-amd64.tar.gz /tmp/ -RUN tar xzf /tmp/socklog-overlay-amd64.tar.gz -C / -RUN echo '+\n1' > /etc/socklog.rules/forward-stdout -RUN echo 'LANG="en_US.UTF-8"' > /etc/default/locale - -# Set default path to project folder for easier running commands in project -WORKDIR ${PROJECT_ROOT} -EXPOSE ${PORT} -ENTRYPOINT ["/init"] - diff --git a/ubuntu-7.2/rootfs/etc/ImageMagick b/ubuntu-7.2/rootfs/etc/ImageMagick deleted file mode 100644 index d88e8bf..0000000 --- a/ubuntu-7.2/rootfs/etc/ImageMagick +++ /dev/null @@ -1,11 +0,0 @@ - - - - - - - - - - - diff --git a/ubuntu-7.2/rootfs/etc/cont-init.d/00-render-templates b/ubuntu-7.2/rootfs/etc/cont-init.d/00-render-templates deleted file mode 100755 index 34af891..0000000 --- a/ubuntu-7.2/rootfs/etc/cont-init.d/00-render-templates +++ /dev/null @@ -1,87 +0,0 @@ -#!/usr/bin/with-contenv bash -## -# This script uses clever heredoc hack to substitute env variables into static config files -# Source: http://stackoverflow.com/questions/2914220/bash-templating-how-to-build-configuration-files-from-templates-with-bash -## - -## -# Replaces ${ENV} placoholders from file with provided variables -# $1 - ':'' separated list of variables -# $2 - filename to render -## -function render_env_tmpl() { - vars=$1 - input_file=$2 - # If filename ends with .tmpl replace it without the .tmpl - filename=$(dirname $input_file)/$(basename $input_file .tmpl) - - tmp_file=/tmp/$(basename $filename) - - # render all provided $vars to temporary file - envsubst "$vars" < $input_file > $tmp_file - - # replace original file with rendered file - mv $tmp_file $filename -} - -echo "[cont-init.d] Substituting env into configuration files..." - -## -# Nginx doesn't support env variables in config files so we will have to do this in hacky way instead -## -VARS='$PORT:$WEB_ROOT:$WEB_USER:$WEB_GROUP:$NGINX_ACCESS_LOG:$NGINX_ERROR_LOG:$NGINX_ERROR_LEVEL:$NGINX_INCLUDE_DIR:$NGINX_MAX_BODY_SIZE:$NGINX_BODY_BUFFER_SIZE:$NGINX_FASTCGI_TIMEOUT:$WP_ENV:$NGINX_CACHE_KEY' -render_env_tmpl "$VARS" /etc/nginx/nginx.conf - -## -# Redis cache needs to know the redis instance and credentials -## - -# Set defaults if they are not set -export REDIS_HOST=${REDIS_HOST-$REDIS_1_PORT_6379_TCP_ADDR} -export REDIS_PORT=${REDIS_PORT-6379} -export REDIS_DATABASE=${REDIS_DATABASE-0} -export REDIS_PASSWORD=${REDIS_PASSWORD-''} -export REDIS_CACHE_TTL=${REDIS_CACHE_TTL-14400} - -# Add helper variables for AWS s3 bucket storage -VARS+='$AWS_S3_BUCKET_NAME:AWS_S3_REPLICA_BUCKET_NAME' - -# Add Redis variables -VARS+='$REDIS_HOST:$REDIS_PORT:$REDIS_DATABASE:$REDIS_PASSWORD:$NGINX_REDIS_CACHE_TTL_MAX:$NGINX_REDIS_CACHE_TTL_DEFAULT:$NGINX_REDIS_CACHE_PREFIX' - -# Add image proxy variables -VARS+='$GOOGLE_CLOUD_STORAGE_BUCKET_NAME' - -# Add cache variables -VARS+='$NGINX_CACHE_USE_STALE:$NGINX_CACHE_CONTROL:$NGINX_CACHE_DIRECTORY' - -render_env_tmpl "$VARS" /etc/nginx/cache/redis_backend.conf - -render_env_tmpl "$VARS" /etc/nginx/cache/srcache.conf -render_env_tmpl "$VARS" /etc/nginx/cache/fastcgicache_settings.conf -render_env_tmpl "$VARS" /etc/nginx/cache/fastcgicache_skip_rules.conf -render_env_tmpl "$VARS" /etc/nginx/cache/fastcgicache_headers.conf - -## -# Render all user provided nginx templates -## -VARS+='$BASIC_AUTH_USER:$BASIC_AUTH_PASSWORD_HASH' -for conf_file in $(find $NGINX_INCLUDE_DIR -type f -name '*.tmpl'); do - echo "[cont-init.d] Rendering env in $conf_file..." - - # Add helper variables for easier scripting - export __DIR__=$(dirname $conf_file) - - VARS_TMPL=$VARS':$__DIR__' - render_env_tmpl "$VARS_TMPL" $conf_file -done - -# Encrypt basic auth password if it set -if [[ -z "${BASIC_AUTH_PASSWORD}" ]]; -then - echo "Not encrypting BASIC_AUTH_PASSWORD..." -else - BASIC_AUTH_PASSWORD_HASH=$(openssl passwd -crypt $BASIC_AUTH_PASSWORD) - echo "Encrypting BASIC_AUTH_PASSWORD... ${BASIC_AUTH_PASSWORD} -> ${BASIC_AUTH_PASSWORD_HASH}" - echo "${BASIC_AUTH_USER}:${BASIC_AUTH_PASSWORD_HASH}" > /var/www/project/nginx/environments/${WP_ENV}/server/.htpasswd -fi diff --git a/ubuntu-7.2/rootfs/etc/cont-init.d/01-create-web-user b/ubuntu-7.2/rootfs/etc/cont-init.d/01-create-web-user deleted file mode 100755 index aeb0aa7..0000000 --- a/ubuntu-7.2/rootfs/etc/cont-init.d/01-create-web-user +++ /dev/null @@ -1,58 +0,0 @@ -#!/usr/bin/with-contenv bash - -## -# If $WEB_USER user and web group already exists just skip the user creation -## -if id -u $WEB_USER > /dev/null 2>&1 && getent group $WEB_GROUP > /dev/null 2>&1; then - echo "[cont-init.d] user:$WEB_USER and group:$WEB_GROUP already exist, skipping..." - exit 0 -fi - -## -# Create $WEB_USER user with $WEB_UID and web group with $WEB_GID -## - -# Set defaults if they are not set -export WEB_USER=${WEB_USER-wordpress} -export WEB_GROUP=${WEB_GROUP-web} -export WEB_UID=${WEB_UID-1000} -export WEB_GID=${WEB_GID-1000} - -echo "[cont-init.d] Creating $WEB_USER user with id: $WEB_UID and group web with id: $WEB_GID" - -# Create web group -if [ -n "$WEB_GID" ]; then - - # Check if group with $WEB_GID already exists - web_group=$(getent group $WEB_GID | cut -d':' -f1) - - if [ -n "$web_group" ]; then - - # Replace the existing group name to web - # This is done so that in local development we can just lookup permissions from mounted folders - # This UID/GID can be same as something already existing inside container - # This way we can use same uid/gid in container and host machine - echo "[cont-init.d] Replacing pre-existing group name $web_group -> $WEB_GROUP" - sed -i "s|$web_group|$WEB_GROUP|g" /etc/group - - else - # Create new group - echo "$ groupadd -g $WEB_GID $WEB_GROUP" - groupadd -g $WEB_GID $WEB_GROUP - fi -else - echo "[cont-init.d] ERROR: Please set web user group id in WEB_GID" 1>&2 - exit 2 -fi - -# Create $WEB_USER user -if [ -n "$WEB_UID" ] && [ -n "$WEB_GID" ] ; then - echo "$ useradd -u $WEB_UID -g $WEB_GROUP --home $PROJECT_ROOT $WEB_USER" - useradd -u $WEB_UID -g $WEB_GROUP --home $PROJECT_ROOT $WEB_USER -else - echo "[cont-init.d] ERROR: Please set web user id in WEB_UID" 1>&2 - exit 2 -fi - -# Check that processes can write logs -chown $WEB_USER:$WEB_GROUP /var/log diff --git a/ubuntu-7.2/rootfs/etc/cont-init.d/02-init-crond b/ubuntu-7.2/rootfs/etc/cont-init.d/02-init-crond deleted file mode 100755 index 962a79e..0000000 --- a/ubuntu-7.2/rootfs/etc/cont-init.d/02-init-crond +++ /dev/null @@ -1,30 +0,0 @@ -#!/usr/bin/with-contenv bash - -# Copy cronjob from project and run as nginx -if [ -f $PROJECT_ROOT/tasks.cron ]; then - - # Setup all container env for cron - printenv | grep -v ^_= | grep -v "no_proxy" >> /etc/environment - - # Use default redis for cronlock if cronlock variables are not set - if [ -n "$REDIS_HOST" ] && [ -z "$CRONLOCK_HOST" ] ; then - echo "CRONLOCK_HOST=$REDIS_HOST" >> /etc/environment - fi - if [ -n "$REDIS_PASSWORD" ] && [ -z "$CRONLOCK_AUTH" ] ; then - echo "CRONLOCK_AUTH=$REDIS_PASSWORD" >> /etc/environment - fi - if [ -n "$REDIS_PORT" ] && [ -z "$CRONLOCK_PORT" ] ; then - echo "CRONLOCK_PORT=$REDIS_PORT" >> /etc/environment - fi - # env for running wp cron - echo "CRON_URL=$CRON_URL" >> /etc/environment; - # Copy cron template - cp $PROJECT_ROOT/tasks.cron /var/spool/cron/crontabs/$WEB_USER - chown $WEB_USER /var/spool/cron/crontabs/$WEB_USER - chmod 0600 /var/spool/cron/crontabs/$WEB_USER -else - # No cronjobs found remove crond from s6 - if [ -f /etc/services.d/cron ]; then - rm -r /etc/services.d/cron - fi -fi diff --git a/ubuntu-7.2/rootfs/etc/cont-init.d/02-init-directories-and-files b/ubuntu-7.2/rootfs/etc/cont-init.d/02-init-directories-and-files deleted file mode 100755 index 34df974..0000000 --- a/ubuntu-7.2/rootfs/etc/cont-init.d/02-init-directories-and-files +++ /dev/null @@ -1,18 +0,0 @@ -#!/usr/bin/with-contenv bash - -# Create uploads directory if not exists -mkdir -p $UPLOADS_ROOT -chown $WEB_USER:$WEB_GROUP $UPLOADS_ROOT - -# Create dir for nginx tmp files -mkdir -p /tmp/nginx/body -chown -R $WEB_USER:$WEB_GROUP /tmp/nginx - -# Create log directories if they don't exist already -mkdir -p /var/log/{nginx,php,mail} - -# Create error.log so that php-fpm can write to it -touch /var/log/php/error.log - -# Chown all files to wordpress -chown -R $WEB_USER:$WEB_GROUP /var/log/{nginx,php,mail} diff --git a/ubuntu-7.2/rootfs/etc/nginx/additional.types b/ubuntu-7.2/rootfs/etc/nginx/additional.types deleted file mode 100644 index ac8070e..0000000 --- a/ubuntu-7.2/rootfs/etc/nginx/additional.types +++ /dev/null @@ -1,6 +0,0 @@ -# If developers add .woff2 type font files we should provide good Content-Type headers -types { - # Add mime support for woff2 - # http://stackoverflow.com/questions/28235550/proper-mime-type-for-woff2-fonts - font/woff2 woff2; -} diff --git a/ubuntu-7.2/rootfs/etc/nginx/cache/fastcgicache.conf b/ubuntu-7.2/rootfs/etc/nginx/cache/fastcgicache.conf deleted file mode 100644 index ca83caf..0000000 --- a/ubuntu-7.2/rootfs/etc/nginx/cache/fastcgicache.conf +++ /dev/null @@ -1,10 +0,0 @@ -## -# Add few rules which deny using cache -## -include cache/fastcgicache_skip_rules.conf; -include cache/helper_variables.conf; -fastcgi_cache_bypass $skip_cache; -fastcgi_no_cache $skip_cache; - -fastcgi_cache WORDPRESS; -#proxy_ignore_headers Set-Cookie Expires Cache-Control; diff --git a/ubuntu-7.2/rootfs/etc/nginx/cache/fastcgicache_headers.conf b/ubuntu-7.2/rootfs/etc/nginx/cache/fastcgicache_headers.conf deleted file mode 100644 index c6cba07..0000000 --- a/ubuntu-7.2/rootfs/etc/nginx/cache/fastcgicache_headers.conf +++ /dev/null @@ -1,8 +0,0 @@ -# Add header for easier cache debugging -add_header X-Cache $upstream_cache_status always; - -# Add header to force cache rule from project -add_header 'Cache-Control' ${NGINX_CACHE_CONTROL}; - -# If you need to debug the cache mode, uncomment the following line -# add_header X-cache-mode $cachemode; \ No newline at end of file diff --git a/ubuntu-7.2/rootfs/etc/nginx/cache/fastcgicache_settings.conf b/ubuntu-7.2/rootfs/etc/nginx/cache/fastcgicache_settings.conf deleted file mode 100644 index 9ae75ab..0000000 --- a/ubuntu-7.2/rootfs/etc/nginx/cache/fastcgicache_settings.conf +++ /dev/null @@ -1,6 +0,0 @@ -## -# Basic settings of Fast cgi cache -## -fastcgi_cache_path ${NGINX_CACHE_DIRECTORY} levels=1:2 keys_zone=WORDPRESS:100m max_size=1000m inactive=730h; -fastcgi_cache_lock on; -fastcgi_cache_valid ${NGINX_REDIS_CACHE_TTL_DEFAULT}; \ No newline at end of file diff --git a/ubuntu-7.2/rootfs/etc/nginx/cache/fastcgicache_skip_rules.conf b/ubuntu-7.2/rootfs/etc/nginx/cache/fastcgicache_skip_rules.conf deleted file mode 100644 index 99bbc0e..0000000 --- a/ubuntu-7.2/rootfs/etc/nginx/cache/fastcgicache_skip_rules.conf +++ /dev/null @@ -1,75 +0,0 @@ -## -# Add few rules which deny using cache -## - -# Don't skip cache by default -set $skip_cache 0; -# insert project specific cache rules to this file (delete this row when all projects are updated) -include /var/www/project/nginx/server/skip_cache.conf; -# insert project specific cache rules to this folder -include ${NGINX_INCLUDE_DIR}/skipcache/*.conf; - -# POST requests and urls with a query string should always go to PHP -if ($request_method = POST) { - set $skip_cache 1; -} - -# Deal with accepted query vars -set $without $query_string; - -set_by_lua_block $cache_args { - -- Helper split string function - function split( inputstr, sep ) - if sep == nil then - sep = "%s" - end - local t={} ; i=1 - for str in string.gmatch(inputstr, "([^" .. sep .. "]+)") do - t[ i ] = str - i = i + 1 - end - return t - end - - -- Helper escape special chars function - function esc( str ) - return str:gsub( "([^%w])", "%%%1" ) - end - - local with = {} - local without = ngx.var.without - - -- Get a list of accepted query vars from env variable - local accepted = split( ( os.getenv( 'CACHE_QUERYVARS' ) or "" ), "," ) - - -- Loop through the list - for key, accept in pairs(accepted) do - -- If there is a value present for the variable, store it in a variable - if ngx.decode_args( without )[ accept ] then - table.insert( with, accept .. "=" .. ngx.decode_args( without )[ accept ] ) - end - -- Remove the accepted key-value pair from the string - without = string.gsub( without, "&?" .. esc( accept ) .. "=[^&]+", "" ) - end - - -- Store all non-accepted query vars to checked later - ngx.var.without = without - - -- Return accepted query var key-value pairs to be used in the cache key - return "?" .. table.concat( with, "&" ) -} - -# If there were any unaccepted query vars, skip cache -if ($without != "") { - set $skip_cache 1; -} - -# Don't use the cache for logged in users or recent commenters -if ($http_cookie ~* "comment_author|wordpress_[a-f0-9]+|wp-postpass|wordpress_no_cache|wordpress_logged_in|woocommerce_items_in_cart") { - set $skip_cache 1; -} - -# Don't cache responses from wp-admin, xmlrpc and wp-login.php -if ($request_uri ~* "/wp-admin/|/xmlrpc.php|wp-.*.php") { - set $skip_cache 1; -} \ No newline at end of file diff --git a/ubuntu-7.2/rootfs/etc/nginx/cache/helper_variables.conf b/ubuntu-7.2/rootfs/etc/nginx/cache/helper_variables.conf deleted file mode 100644 index ea10fb9..0000000 --- a/ubuntu-7.2/rootfs/etc/nginx/cache/helper_variables.conf +++ /dev/null @@ -1,15 +0,0 @@ -## -# This file creates few helper variables -# $prefer_language_slug - 2 first letters from accept-language header to determine the language redirects from cache -## - -## -# Parse first two letters from accept-language header to determine right cache key -## -set_by_lua_block $prefer_language_slug { - if ngx.var.http_accept_language then - return string.lower( string.match( ngx.var.http_accept_language, '%w%w' ) ) - else - return 'en' - end -} diff --git a/ubuntu-7.2/rootfs/etc/nginx/cache/redis_backend.conf b/ubuntu-7.2/rootfs/etc/nginx/cache/redis_backend.conf deleted file mode 100644 index e9f86a3..0000000 --- a/ubuntu-7.2/rootfs/etc/nginx/cache/redis_backend.conf +++ /dev/null @@ -1,45 +0,0 @@ -## -# Adds internal locations for storing and getting full page cache from redis -## - -srcache_default_expire '${NGINX_REDIS_CACHE_TTL_DEFAULT}'; -srcache_max_expire '${NGINX_REDIS_CACHE_TTL_MAX}'; - -location /redis-fetch { - internal; - - ## - # In order to use password authentication we use custom redis module which adds $redis_auth: - # - https://github.com/Yongke/ngx_http_redis-0.3.7 - ## - - # Read the configuration from system envs - set $redis_auth '${REDIS_PASSWORD}'; - set $redis_db ${REDIS_DATABASE}; - - set $redis_key $args; - - redis_pass ${REDIS_HOST}:${REDIS_PORT}; -} - -location /redis-store { - internal; - - set_unescape_uri $exptime $arg_exptime; - set_unescape_uri $key $arg_key; - - # Fix caching problem for now - # There's issue in github https://github.com/openresty/srcache-nginx-module/issues/61 - set_if_empty $srcache_expire '${NGINX_REDIS_CACHE_TTL_DEFAULT}'; - - # redis module pipelines these 3 commands into single request - redis2_query auth '${REDIS_PASSWORD}'; - redis2_query select ${REDIS_DATABASE}; - - # Set and expire with one command: http://redis.io/commands/setex - redis2_query setex $key $srcache_expire $echo_request_body; - - # Pass the request to redis - redis2_pass ${REDIS_HOST}:${REDIS_PORT}; - -} diff --git a/ubuntu-7.2/rootfs/etc/nginx/cache/skip_rules.conf b/ubuntu-7.2/rootfs/etc/nginx/cache/skip_rules.conf deleted file mode 100644 index 5f2621d..0000000 --- a/ubuntu-7.2/rootfs/etc/nginx/cache/skip_rules.conf +++ /dev/null @@ -1,30 +0,0 @@ -## -# Add few rules which deny using cache -## - -# Don't skip cache by default -set $skip_cache 0; - -# POST requests and urls with a query string should always go to PHP -if ($request_method = POST) { - set $skip_cache 1; -} - -# If theres any args skip cache -if ($without != "") { - set $skip_cache 1; -} - -# Don't use the cache for logged in users or recent commenters -if ($http_cookie ~* "comment_author|wordpress_[a-f0-9]+|wp-postpass|wordpress_no_cache|wordpress_logged_in|woocommerce_items_in_cart") { - set $skip_cache 1; -} - -# Don't cache responses from wp-admin, xmlrpc and wp-login.php -if ($request_uri ~* "/wp-admin/|/xmlrpc.php|wp-.*.php") { - set $skip_cache 1; -} - -# Skip fetch and skip if conditions are met -srcache_fetch_skip $skip_cache; -srcache_store_skip $skip_cache; diff --git a/ubuntu-7.2/rootfs/etc/nginx/cache/srcache.conf b/ubuntu-7.2/rootfs/etc/nginx/cache/srcache.conf deleted file mode 100644 index 85027dd..0000000 --- a/ubuntu-7.2/rootfs/etc/nginx/cache/srcache.conf +++ /dev/null @@ -1,20 +0,0 @@ -## -# Add few rules which deny using cache -## -include cache/skip_rules.conf; -include cache/helper_variables.conf; - -# Use redis caching for all pages -# Allow different cache key from env -# Use 'wp_' prefix so that cache can be flushed with: -# $ wp cache flush -set $cache_key "${NGINX_CACHE_KEY}"; -set_escape_uri $escaped_cache_key $cache_key; - -srcache_response_cache_control on; - -srcache_fetch GET /redis-fetch $cache_key; -srcache_store PUT /redis-store key=$escaped_cache_key; - -# Add header for easier cache debugging -add_header X-Cache $srcache_fetch_status; diff --git a/ubuntu-7.2/rootfs/etc/nginx/env.conf b/ubuntu-7.2/rootfs/etc/nginx/env.conf deleted file mode 100644 index 3089a23..0000000 --- a/ubuntu-7.2/rootfs/etc/nginx/env.conf +++ /dev/null @@ -1,13 +0,0 @@ -# Set custom enviromental variables that we need with lua here -# These are used to dynamically load -env PORT; -env WEB_ROOT; -env NGINX_MAX_BODY_SIZE; -env NGINX_TIMEOUT; - -# For nginx redis cache -env REDIS_HOST; -env REDIS_PORT; -env REDIS_DATABASE; -env REDIS_PASSWORD; -env CACHE_QUERYVARS; \ No newline at end of file diff --git a/ubuntu-7.2/rootfs/etc/nginx/error_pages.conf b/ubuntu-7.2/rootfs/etc/nginx/error_pages.conf deleted file mode 100644 index 700cc6b..0000000 --- a/ubuntu-7.2/rootfs/etc/nginx/error_pages.conf +++ /dev/null @@ -1,31 +0,0 @@ -## -# Custom error pages -## - -## 403 - Forbidden -error_page 403 /403.html; -location = /403.html { - root /usr/share/nginx/html; - internal; -} - -## 500 - Internal Server Error -error_page 500 /500.html; -location = /500.html { - root /usr/share/nginx/html; - internal; -} - -## 502 - Bad Gateway -error_page 502 /502.html; -location = /502.html { - root /usr/share/nginx/html; - internal; -} - -## 504 - Gateway Timeout -error_page 504 /504.html; -location = /504.html { - root /usr/share/nginx/html; - internal; -} diff --git a/ubuntu-7.2/rootfs/etc/nginx/fastcgi_params b/ubuntu-7.2/rootfs/etc/nginx/fastcgi_params deleted file mode 100644 index 6fccf4f..0000000 --- a/ubuntu-7.2/rootfs/etc/nginx/fastcgi_params +++ /dev/null @@ -1,29 +0,0 @@ -# These are just basic things form request -fastcgi_param QUERY_STRING $query_string; -fastcgi_param REQUEST_METHOD $request_method; -fastcgi_param CONTENT_TYPE $content_type; -fastcgi_param CONTENT_LENGTH $content_length; - -fastcgi_param SCRIPT_NAME $fastcgi_script_name; -fastcgi_param REQUEST_URI $request_uri; -fastcgi_param DOCUMENT_URI $document_uri; -fastcgi_param DOCUMENT_ROOT $document_root; -fastcgi_param SERVER_PROTOCOL $server_protocol; - -fastcgi_param GATEWAY_INTERFACE CGI/1.1; -fastcgi_param SERVER_SOFTWARE nginx/$nginx_version; - -## -# Set these using the knowledge that we are behind proxy -## -fastcgi_param REMOTE_ADDR $real_remote; -fastcgi_param REMOTE_PORT $remote_port; -fastcgi_param SERVER_ADDR $server_addr; -fastcgi_param SERVER_PORT $real_port; -fastcgi_param SERVER_NAME $real_host; -fastcgi_param HTTPS $real_https; -fastcgi_param REQUEST_SCHEME $real_scheme; -fastcgi_param HTTP_HOST $real_host; - -# PHP only, required if PHP was built with --enable-force-cgi-redirect -fastcgi_param REDIRECT_STATUS 200; diff --git a/ubuntu-7.2/rootfs/etc/nginx/fastcgi_settings.conf b/ubuntu-7.2/rootfs/etc/nginx/fastcgi_settings.conf deleted file mode 100644 index 25683fb..0000000 --- a/ubuntu-7.2/rootfs/etc/nginx/fastcgi_settings.conf +++ /dev/null @@ -1,23 +0,0 @@ -# regex to split $uri to $fastcgi_script_name and $fastcgi_path -fastcgi_split_path_info ^(.+\.php)(/.+)$; - -# Bypass the fact that try_files resets $fastcgi_path_info -# see: http://trac.nginx.org/nginx/ticket/321 -set $path_info $fastcgi_path_info; -fastcgi_param PATH_INFO $path_info; - -# Intercept errors from php-fpm -# These can be: -# - timeouts for long running requests -# - requested php file might be missing or not existing in the first place -fastcgi_intercept_errors on; - -fastcgi_index index.php; - -# Small optimisation on fastcgi buffer size -# defaults are 8k; -fastcgi_buffers 16 16k; -fastcgi_buffer_size 16k; - -# Include basic fastcgi settings -include fastcgi_params; diff --git a/ubuntu-7.2/rootfs/etc/nginx/gzip.conf b/ubuntu-7.2/rootfs/etc/nginx/gzip.conf deleted file mode 100644 index 69737cc..0000000 --- a/ubuntu-7.2/rootfs/etc/nginx/gzip.conf +++ /dev/null @@ -1,58 +0,0 @@ -# Compression - -# Enable Gzip compressed. -gzip on; - -# Compression level (1-9). -# 5 is a perfect compromise between size and cpu usage, offering about -# 75% reduction for most ascii files (almost identical to level 9). -gzip_comp_level 5; - -# Don't compress anything that's already small and unlikely to shrink much -# if at all (the default is 20 bytes, which is bad as that usually leads to -# larger files after gzipping). -gzip_min_length 256; - -# Compress data even for clients that are connecting to us via proxies, -# identified by the "Via" header (required for CloudFront). -gzip_proxied any; - -# Tell proxies to cache both the gzipped and regular version of a resource -# whenever the client's Accept-Encoding capabilities header varies; -# Avoids the issue where a non-gzip capable client (which is extremely rare -# today) would display gibberish if their proxy gave them the gzipped version. -gzip_vary on; - -# Compress all output labeled with one of the following MIME-types. -gzip_types - application/atom+xml - application/javascript - application/json - application/ld+json - application/manifest+json - application/rss+xml - application/vnd.geo+json - application/vnd.ms-fontobject - application/x-font-ttf - application/x-web-app-manifest+json - application/xhtml+xml - application/xml - font/opentype - image/bmp - image/svg+xml - image/x-icon - text/cache-manifest - text/css - text/plain - text/vcard - text/vnd.rim.location.xloc - text/vtt - text/x-component - text/x-cross-domain-policy; -# text/html is always compressed by HttpGzipModule - -# This should be turned on if you are going to have pre-compressed copies (.gz) of -# static files available. If not it should be left off as it will cause extra I/O -# for the check. It is best if you enable this in a location{} block for -# a specific directory, or on an individual server{} level. -# gzip_static on; diff --git a/ubuntu-7.2/rootfs/etc/nginx/log_format.conf b/ubuntu-7.2/rootfs/etc/nginx/log_format.conf deleted file mode 100644 index 74c5779..0000000 --- a/ubuntu-7.2/rootfs/etc/nginx/log_format.conf +++ /dev/null @@ -1,16 +0,0 @@ -# Log cache status -# Log real requester address -log_format custom '[$time_local] $http_x_real_ip ' - '$host "$request" $status $body_bytes_sent $request_time ' - '"$http_referer" "$http_user_agent" $upstream_cache_status'; - -## -# Legacy formats which might be in use somewhere -## -# This log format makes it so we can see real requester's IP address \ -# not just the reverse proxy server's IP address. Also note, that \ -# "specialLog" can be replaced with any name you would like to \ -# give to this log format. -log_format specialLog '[$time_local] $http_x_real_ip ' - '$host "$request" $status $body_bytes_sent $request_time ' - '"$http_referer" "$http_user_agent" $upstream_cache_status'; \ No newline at end of file diff --git a/ubuntu-7.2/rootfs/etc/nginx/log_formats.conf b/ubuntu-7.2/rootfs/etc/nginx/log_formats.conf deleted file mode 100644 index 9e4e2fc..0000000 --- a/ubuntu-7.2/rootfs/etc/nginx/log_formats.conf +++ /dev/null @@ -1,19 +0,0 @@ -# Log cache status -# Log real requester address -log_format custom '[$time_local] $http_x_forwarded_for ' - '$host "$request" $status $body_bytes_sent $request_time ' - '"$http_referer" "$http_user_agent" $upstream_cache_status'; - -# A new log format for detecting bad bots. -log_format blocked '[$time_local] Blocked request from $http_x_forwarded_for $request'; - -## -# Legacy formats which might be in use somewhere -## -# This log format makes it so we can see real requester's IP address \ -# not just the reverse proxy server's IP address. Also note, that \ -# "specialLog" can be replaced with any name you would like to \ -# give to this log format. -log_format specialLog '[$time_local] $http_x_forwarded_for ' - '$host "$request" $status $body_bytes_sent $request_time ' - '"$http_referer" "$http_user_agent" $upstream_cache_status'; \ No newline at end of file diff --git a/ubuntu-7.2/rootfs/etc/nginx/nginx.conf b/ubuntu-7.2/rootfs/etc/nginx/nginx.conf deleted file mode 100644 index cb0af16..0000000 --- a/ubuntu-7.2/rootfs/etc/nginx/nginx.conf +++ /dev/null @@ -1,370 +0,0 @@ -# Default user and group for the nginx@index -user ${WEB_USER} ${WEB_GROUP}; - -# Default error log -error_log ${NGINX_ERROR_LOG} ${NGINX_ERROR_LEVEL}; - -# Write process id here -pid /var/run/nginx.pid; - -# Load custom environment variables -include env.conf; - -# How many worker threads to run; -# "auto" sets it to the number of CPU cores available in the system, and -# offers the best performance. Don't set it higher than the number of CPU -# cores if changing this parameter. - -# The maximum number of connections for Nginx is calculated by: -# max_clients = worker_processes * worker_connections -worker_processes auto; - -# Maximum open file descriptors per process; -# should be > worker_connections. -worker_rlimit_nofile 8192; - -# Load root level directives -include ${NGINX_INCLUDE_DIR}/root/*.conf; -include ${NGINX_INCLUDE_DIR}/environments/${WP_ENV}/root/*.conf; - -# Load custom environment variables -include env.conf; - -events { - # When you need > 8000 * cpu_cores connections, you start optimizing your OS, - # and this is probably the point at which you hire people who are smarter than - # you, as this is *a lot* of requests. - worker_connections 8000; -} - -http { - - # Configure hashmaps so that environment does not change defaults - map_hash_max_size 262144; - map_hash_bucket_size 262144; - server_names_hash_bucket_size 64; - - # Hide nginx version information. - server_tokens off; - - # Remove Server header entirely - more_clear_headers Server; - - # Enable Fastcgicache - include cache/fastcgicache_settings.conf; - - # How long to allow each connection to stay idle; longer values are better - # for each individual client, particularly for SSL, but means that worker - # connections are tied up longer. (Default: 65) - keepalive_timeout 20; - - # Speed up file transfers by using sendfile() to copy directly - # between descriptors rather than using read()/write(). - sendfile on; - - # Tell Nginx not to send out partial frames; this increases throughput - # since TCP frames are filled up before being sent out. (adds TCP_CORK) - tcp_nopush on; - - # Gzip all the assets - include gzip.conf; - - # Add default pagespeed settings - include pagespeed/settings.conf; - - # Add all default mime types and additional ones - include additional.types; - include mime.types; - - default_type application/octet-stream; - - client_body_temp_path /tmp/nginx/body 1 2; - fastcgi_temp_path /tmp/nginx/fastcgi_temp 1 2; - - # Include custom log formats - include log_formats.conf; - - # Allow bigger default file uploads - client_max_body_size ${NGINX_MAX_BODY_SIZE}; - - # Allow bigger body buffer size in memory - client_body_buffer_size ${NGINX_BODY_BUFFER_SIZE}; - - # Include custom nginx http additions from project - include ${NGINX_INCLUDE_DIR}/http/*.conf; - include ${NGINX_INCLUDE_DIR}/environments/${WP_ENV}/http/*.conf; - - # load upstreams from one file which can be overwritten depending on situation - include upstreams.conf; - - # Add few headers which make XSS harder - include security_headers.conf; - - # Add headers from project - include ${NGINX_INCLUDE_DIR}/headers/*.conf; - - # Include cache headers - include cache/fastcgicache_headers.conf; - - # If ${PORT} != 80 means that we are behind reverse proxy as well - # This directive helps that we don't redirect clients into mysite.com:8080/resource type urls - port_in_redirect off; - - # Use theme assets straight from corresponding files for pagespeed - pagespeed ProcessScriptVariables on; - pagespeed LoadFromFile "$scheme://$host/app/themes/" "${WEB_ROOT}/app/themes/"; - pagespeed LoadFromFile "$scheme://$host/wp-content/themes/" "${WEB_ROOT}/wp/wp-content/themes/"; - - server { - # This is the default server for this container - listen ${PORT} default_server; - server_name _; - - root ${WEB_ROOT}; - - # Use index.php if it exists but also allow static websites in subfolders - index index.php index.html; - - access_log ${NGINX_ACCESS_LOG} custom; - - # Blocked log file - set $blocked_log /dev/stdout; - - disable_symlinks off; - - # Include custom nginx server additions from project - include ${NGINX_INCLUDE_DIR}/server/*.conf; - include ${NGINX_INCLUDE_DIR}/environments/${WP_ENV}/server/*.conf; - - set $custom_parameters ""; - - # Include custom cache confs - include ${NGINX_INCLUDE_DIR}/cache/*.conf; - - # Moved the cache key defining variable here so it can be altered by project - fastcgi_cache_key $scheme$request_method$host$uri$cache_args$custom_parameters; - - # These variables are proxy conscious, so that they work even though we are behind reverse proxy - include proxy_real_variables.conf; - - # Include custom error pages - include error_pages.conf; - - # Own handling for WP-activate that for some very odd reason serves itself as 404. - location = /wp-activate.php { - try_files /wp/$uri @index; - - include fastcgi_settings.conf; - - # Append subfolder automatically - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - - # Give sane max execution time to frontend - fastcgi_read_timeout 30; - fastcgi_pass php-fpm; - } - - location = /robots.txt { - if ( $host ~ gpilvi\.com|geniem\.io ) { - add_header Content-Type text/plain; - return 200 "User-agent: *\nDisallow: /\n"; - } - - allow all; - log_not_found off; - access_log off; - try_files $uri @index; - } - - location = /favicon.ico { - allow all; - log_not_found off; - access_log off; - try_files $uri @index; - } - - # deny all dot-files including git - location ~ /\. { - deny all; - log_not_found off; - access_log off; - } - - location / { - try_files $uri $uri/ /wp/$uri /wp/$uri/ @index; - } - - # Deny requesting .dust files from anywhere else in the theme than under the partials/public directory - location ~* \/themes\/[^\/]+\/partials\/public\/.*\.dust$ { - allow all; - } - - location ~* \/themes\/.*\.dust$ { - deny all; - } - - # Static files - location ~* \.(css|js|jpe?g|gif|ico|png|otf|ttf|eot|woff?2|svg|webp)$ { - - ## Deny overriding Pagespeed - if ($arg_pagespeed != '') { access_log $blocked_log blocked; return 403; } - if ($arg_pagespeedspeedfilters != '') { access_log $blocked_log blocked; return 403; } - - include static_files.conf; - - # These files are probably exactly like $uri says but also try from /wp/ - try_files $uri /wp/$uri @index; - - # Deny requesting plain style.css from theme root directory - location ~ ^.*/themes/[^/]+/style\.css { - - # Preserve this url - pagespeed CssPreserveUrls true; - - # Minify and remove comments from css - pagespeed EnableFilters rewrite_css; - - # Wait that nginx has prepared the file - pagespeed InPlaceWaitForOptimized on; - - # Don't ever try to load non modified style.css - pagespeed InPlaceRewriteDeadlineMs 100000000; - - # Don't allow overriding pagespeed with pagespeed fixed urls - # Source: https://github.com/pagespeed/ngx_pagespeed/issues/1306 - location ~ ^(.*)/themes/([^/]+)/style.*pagespeed.* { - return 301 $1/themes/$2/style.css; - } - } - - ## - # Static WordPress files ~ wp-* - # These files are probably in /wp/ subfolder but also try from $uri - ## - location ~ ^wp- { - try_files /wp/$uri $uri @index; - } - } - - # App folder contains our plugins and themes - # We want to server assets from here but deny all php execution - location /app/ { - try_files $uri @index; - - ## - # Deny access into php files under /app/ - ## - location ~ \.php$ { - access_log $blocked_log blocked; - deny all; - } - } - - ## - # Run all php files from wp subfolder - # This is how wordpress is supposed to be run - # It also prevents direct access to possibly insecure code inside our plugins - ## - location ~ \.php$ { - try_files /wp/$uri @index; - - include fastcgi_settings.conf; - - # Append subfolder automatically - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - - # Handover 404 errors from php-fpm to WordPress - error_page 404 = @index; - - # Give sane max execution time to frontend - fastcgi_read_timeout ${NGINX_FASTCGI_TIMEOUT}; - fastcgi_pass php-fpm; - - ## Deny access to all php files in uploads folders - location ~* ^/uploads { access_log $blocked_log blocked; deny all; } - location ~* ^/content/uploads { access_log $blocked_log blocked; deny all; } - location ~* ^/wp-content/uploads { access_log $blocked_log blocked; deny all; } - - ## Fix Full Path Disclosures if display_errors is on - ## Don't allow straight access into core wp-includes - location ~* ^/wp-includes { access_log $blocked_log blocked; deny all; } - } - # Create purge location to empty fullpage cache - location ~ /purge(/.*) { - fastcgi_cache_purge WORDPRESS "$scheme$request_method$host$1"; - } - # Create health location for contena healthcheck - location /__health { - access_log off; - return 200; - } - - # Include redis interfaces /redis-fetch & /redis-store - # include cache/redis_backend.conf; - - location @index { - - # Include custom nginx index additions from project - include ${NGINX_INCLUDE_DIR}/index/*.conf; - include ${NGINX_INCLUDE_DIR}/environments/${WP_ENV}/index/*.conf; - - ## Deny overriding Pagespeed - if ($arg_pagespeed != '') { access_log $blocked_log blocked; return 403; } - if ($arg_pagespeedspeedfilters != '') { access_log $blocked_log blocked; return 403; } - - # Use redis as proxy cache - #include cache/srcache.conf; - # Use fastcgi cache - include cache/fastcgicache.conf; - - # Fallback into php - include fastcgi_settings.conf; - fastcgi_param SCRIPT_FILENAME $document_root/index.php; - - # Give sane max execution time to frontend - fastcgi_read_timeout ${NGINX_FASTCGI_TIMEOUT}; - fastcgi_pass php-fpm; - } - - # WordPress is stupid - location = /wp-admin { rewrite ^ /wp-admin/ permanent; } - - location = / { - - ## Block hackers from enumerating users - if ( $arg_author ~ [0-9]+ ) { access_log $blocked_log blocked; return 403; } - - ## Deny overriding Pagespeed - if ($arg_pagespeed != '') { access_log $blocked_log blocked; return 403; } - if ($arg_pagespeedspeedfilters != '') { access_log $blocked_log blocked; return 403; } - - # Use redis as proxy cache - #include cache/srcache.conf; - # Use fastcgi cache - include cache/fastcgicache.conf; - - #Enable project spesific config to root block - include ${NGINX_INCLUDE_DIR}/environments/${WP_ENV}/httproot/*.conf; - - # Fallback into php - include fastcgi_settings.conf; - fastcgi_param SCRIPT_FILENAME $document_root/index.php; - - # Give sane max execution time to frontend - fastcgi_read_timeout ${NGINX_FASTCGI_TIMEOUT}; - fastcgi_pass php-fpm; - } - - # Prevent /wp/wp/wp/... rewrite loops - location ^~ /wp/ { - rewrite ^/wp/(.*)$ $1$is_args$args last; - } - - # Block some vulnerabilities always - include security.conf; - - # Include basic pagespeed locations like beacons - include pagespeed/locations.conf; - } - include ${NGINX_INCLUDE_DIR}/environments/${WP_ENV}/end/*.conf; -} diff --git a/ubuntu-7.2/rootfs/etc/nginx/pagespeed/locations.conf b/ubuntu-7.2/rootfs/etc/nginx/pagespeed/locations.conf deleted file mode 100644 index 46feb53..0000000 --- a/ubuntu-7.2/rootfs/etc/nginx/pagespeed/locations.conf +++ /dev/null @@ -1,7 +0,0 @@ -# Ensure requests for pagespeed optimized resources go to the pagespeed handler -# and no extraneous headers get set. -location ~ "\.pagespeed\.([a-z]\.)?[a-z]{2}\.[^.]{10}\.[^.]+" { - add_header "" ""; -} -location ~ "^/pagespeed_static/" { } -location ~ "^/ngx_pagespeed_beacon$" { } diff --git a/ubuntu-7.2/rootfs/etc/nginx/pagespeed/settings.conf b/ubuntu-7.2/rootfs/etc/nginx/pagespeed/settings.conf deleted file mode 100644 index be5a0a8..0000000 --- a/ubuntu-7.2/rootfs/etc/nginx/pagespeed/settings.conf +++ /dev/null @@ -1,13 +0,0 @@ -# Hide pagespeed version and provide this header instaed -pagespeed XHeaderValue "Enabled"; - -# Don't alter Cache-Control headers -pagespeed ModifyCachingHeaders off; - -# This is for pagespeed temporary files -# Needs to exist and be writable by nginx. Use tmpfs for best performance. -pagespeed FileCachePath /tmp/nginx/pagespeed; - -# Pagespeed sets default TTL from file to 300s, which is bad -# This sets the time to be 1 year -pagespeed LoadFromFileCacheTtlMs 2592000000; diff --git a/ubuntu-7.2/rootfs/etc/nginx/proxy_real_variables.conf b/ubuntu-7.2/rootfs/etc/nginx/proxy_real_variables.conf deleted file mode 100644 index e380f1f..0000000 --- a/ubuntu-7.2/rootfs/etc/nginx/proxy_real_variables.conf +++ /dev/null @@ -1,35 +0,0 @@ -## -# Set few variables since we use jwilder/nginx-proxy in dev and proxy in production -# So the fastcgi params need to be the original ones or you -# will have redirect loops ('canonical_redirect' mostly) -## - -# Set $host first from proxy (if possible) -set $real_host $http_x_forwarded_host; -if ($real_host = '') { - set $real_host $http_host; -} - -# Set server port according to forwarded proto -set $real_port 80; -if ($http_x_forwarded_proto = 'https') { - set $real_port 443; -} - -# Set https according to used proto -set $real_https off; -if ($http_x_forwarded_proto = 'https') { - set $real_https on; -} - -# Set scheme according to used proto -set $real_scheme 'http'; -if ($http_x_forwarded_proto = 'https') { - set $real_scheme 'https'; -} - -# Set original remote -set $real_remote $http_x_forwarded_for; -if ($real_remote = '') { - set $real_remote $remote_addr; -} diff --git a/ubuntu-7.2/rootfs/etc/nginx/security.conf b/ubuntu-7.2/rootfs/etc/nginx/security.conf deleted file mode 100644 index 24afdeb..0000000 --- a/ubuntu-7.2/rootfs/etc/nginx/security.conf +++ /dev/null @@ -1,27 +0,0 @@ -## Block SQL injections -location ~* union.*select.*\( { access_log $blocked_log blocked; return 403; } -location ~* union.*all.*select.* { access_log $blocked_log blocked; return 403; } -location ~* concat.*\( { access_log $blocked_log blocked; return 403; } - -## Block common exploits -location ~* (<|%3C).*script.*(>|%3E) { access_log $blocked_log blocked; return 403; } -location ~* base64_(en|de)code\(.*\) { access_log $blocked_log blocked; return 403; } -location ~* (%24&x) { access_log $blocked_log blocked; return 403; } -location ~* (%0|%A|%B|%C|%D|%E|%F|127\.0) { access_log $blocked_log blocked; return 403; } -location ~* \.\.\/ { access_log $blocked_log blocked; return 403; } -location ~* ~$ { access_log $blocked_log blocked; return 403; } -location ~* proc/self/environ { access_log $blocked_log blocked; return 403; } -location ~* /\.(htaccess|htpasswd|svn|git) { access_log $blocked_log blocked; return 403; } - -## Block file injections -location ~* [a-zA-Z0-9_]=(\.\.//?)+ { access_log $blocked_log blocked; return 403; } -location ~* [a-zA-Z0-9_]=/([a-z0-9_.]//?)+ { access_log $blocked_log blocked; return 403; } - -## wordpress security -location ~* wp-config.php { access_log $blocked_log blocked; return 403; } -location ~* wp-load.php { access_log $blocked_log blocked; return 403; } -location ~* wp-admin/includes { access_log $blocked_log blocked; return 403; } -location ~* wp-app\.log { access_log $blocked_log blocked; return 403; } -location ~* (licence|readme|license)\.(md|html|txt) { access_log $blocked_log blocked; return 403; } -location ~* composer.json { access_log $blocked_log blocked; return 403; } - diff --git a/ubuntu-7.2/rootfs/etc/nginx/security_headers.conf b/ubuntu-7.2/rootfs/etc/nginx/security_headers.conf deleted file mode 100644 index be78f67..0000000 --- a/ubuntu-7.2/rootfs/etc/nginx/security_headers.conf +++ /dev/null @@ -1,23 +0,0 @@ -## -# Security headers, source: https://gist.github.com/plentz/6737338 -## - -# config to don't allow the browser to render the page inside an frame or iframe -# and avoid clickjacking http://en.wikipedia.org/wiki/Clickjacking -# if you need to allow [i]frames, you can use SAMEORIGIN or even set an uri with ALLOW-FROM uri -# https://developer.mozilla.org/en-US/docs/HTTP/X-Frame-Options -add_header X-Frame-Options SAMEORIGIN; - -# when serving user-supplied content, include a X-Content-Type-Options: nosniff header along with the Content-Type: header, -# to disable content-type sniffing on some browsers. -# https://www.owasp.org/index.php/List_of_useful_HTTP_headers -# currently suppoorted in IE > 8 http://blogs.msdn.com/b/ie/archive/2008/09/02/ie8-security-part-vi-beta-2-update.aspx -# http://msdn.microsoft.com/en-us/library/ie/gg622941(v=vs.85).aspx -# 'soon' on Firefox https://bugzilla.mozilla.org/show_bug.cgi?id=471020 -add_header X-Content-Type-Options nosniff always; - -# This header enables the Cross-site scripting (XSS) filter built into most recent web browsers. -# It's usually enabled by default anyway, so the role of this header is to re-enable the filter for -# this particular website if it was disabled by the user. -# https://www.owasp.org/index.php/List_of_useful_HTTP_headers -add_header X-XSS-Protection "1; mode=block"; diff --git a/ubuntu-7.2/rootfs/etc/nginx/static_files.conf b/ubuntu-7.2/rootfs/etc/nginx/static_files.conf deleted file mode 100644 index fa9d42d..0000000 --- a/ubuntu-7.2/rootfs/etc/nginx/static_files.conf +++ /dev/null @@ -1,13 +0,0 @@ -# Use version numbers to bypass cache -# Try to cache as long as we can -expires max; - -## No need to bleed constant updates. Send the all shebang in one -## fell swoop. -tcp_nodelay off; - -## Set the OS file cache. -open_file_cache max=3000 inactive=120s; -open_file_cache_valid 45s; -open_file_cache_min_uses 2; -open_file_cache_errors off; diff --git a/ubuntu-7.2/rootfs/etc/nginx/upstreams.conf b/ubuntu-7.2/rootfs/etc/nginx/upstreams.conf deleted file mode 100644 index 395d445..0000000 --- a/ubuntu-7.2/rootfs/etc/nginx/upstreams.conf +++ /dev/null @@ -1,4 +0,0 @@ -# Default php handler -upstream php-fpm { - server unix:/var/run/php-fpm.sock; -} diff --git a/ubuntu-7.2/rootfs/etc/php/7.2/cli/php.ini b/ubuntu-7.2/rootfs/etc/php/7.2/cli/php.ini deleted file mode 100644 index 9c11183..0000000 --- a/ubuntu-7.2/rootfs/etc/php/7.2/cli/php.ini +++ /dev/null @@ -1,73 +0,0 @@ -[PHP] -; This directive determines whether or not PHP will recognize code between -; tags as PHP source which should be processed as such. -short_open_tag = Off - -; Implicit flush tells PHP to tell the output layer to flush itself -; automatically after every output block. -implicit_flush = Off - -; This directive allows you to disable certain functions for security reasons. -; It receives a comma-delimited list of function names. -; http://php.net/disable-functions -disable_functions = - -; Enables or disables the circular reference collector. -; http://php.net/zend.enable-gc -zend.enable_gc = On - -;;;;;;;;;;;;;;;;; -; Miscellaneous ; -;;;;;;;;;;;;;;;;; - - -; Deny executing anything else than the exact path passed from fastcgi -; This causes the PHP interpreter to only try the literal path given and to stop processing if the file is not found. -; This is for security. -; https://www.nginx.com/resources/wiki/start/topics/tutorials/config_pitfalls/#passing-uncontrolled-requests-to-php -cgi.fix_pathinfo = 0 - -expose_php = Off - -;;;;;;;;;;;;;;;;;;; -; Resource Limits ; -;;;;;;;;;;;;;;;;;;; - -; Maximum execution time of each script, in seconds -max_execution_time = 600 - -; Maximum amount of time each script may spend parsing request data. -max_input_time = 60 - -; How many GET/POST/COOKIE input variables may be accepted -; max_input_vars = 1000 - -; Maximum amount of memory a script may consume (128MB) -memory_limit = ${PHP_MEMORY_LIMIT} - -;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; -; Error handling and logging ; -;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; - -error_reporting = E_ALL - -error_log = /proc/1/fd/2 - -display_errors = On - -display_startup_errors = On - -log_errors = On - -log_errors_max_len = 2048 - -ignore_repeated_errors = Off - -ignore_repeated_source = Off - -report_memleaks = On - -;This is deprecated from php7.2 so its disabled as of 5.4.2018 -;track_errors = On - -html_errors = Off diff --git a/ubuntu-7.2/rootfs/etc/php/7.2/fpm/conf.d/blocked.ini b/ubuntu-7.2/rootfs/etc/php/7.2/fpm/conf.d/blocked.ini deleted file mode 100644 index 4142569..0000000 --- a/ubuntu-7.2/rootfs/etc/php/7.2/fpm/conf.d/blocked.ini +++ /dev/null @@ -1,4 +0,0 @@ -; Disable some functions because they allow bad/vulnerable patterns -; We want to advocate good coding practises and these functions make it difficult -; You can use these with php cli but not with php-fpm -disable_functions = exec,passthru,shell_exec,show_source,system,pcntl_exec,popen,posix_getpwuid,posix_kill,posix_mkfifo,posix_setpgid,posix_setsid,posix_setuid,posix_setuid,posix_uname,proc_nice,proc_open,proc_close,proc_get_status diff --git a/ubuntu-7.2/rootfs/etc/php/7.2/fpm/conf.d/common.ini b/ubuntu-7.2/rootfs/etc/php/7.2/fpm/conf.d/common.ini deleted file mode 100644 index 5600222..0000000 --- a/ubuntu-7.2/rootfs/etc/php/7.2/fpm/conf.d/common.ini +++ /dev/null @@ -1,4 +0,0 @@ -[PHP] - -; Don't brag that we have php 7.0 -expose_php = Off diff --git a/ubuntu-7.2/rootfs/etc/php/7.2/fpm/conf.d/limits.ini b/ubuntu-7.2/rootfs/etc/php/7.2/fpm/conf.d/limits.ini deleted file mode 100644 index 6ccc766..0000000 --- a/ubuntu-7.2/rootfs/etc/php/7.2/fpm/conf.d/limits.ini +++ /dev/null @@ -1,7 +0,0 @@ -; filesize, time and input limits -max_execution_time = ${NGINX_FASTCGI_TIMEOUT} -max_input_time = -1 -max_input_vars = ${PHP_MAX_INPUT_VARS} -memory_limit = ${PHP_MEMORY_LIMIT} -post_max_size = ${NGINX_MAX_BODY_SIZE} -upload_max_filesize = ${NGINX_MAX_BODY_SIZE} diff --git a/ubuntu-7.2/rootfs/etc/php/7.2/fpm/conf.d/logging.ini b/ubuntu-7.2/rootfs/etc/php/7.2/fpm/conf.d/logging.ini deleted file mode 100644 index 6db568d..0000000 --- a/ubuntu-7.2/rootfs/etc/php/7.2/fpm/conf.d/logging.ini +++ /dev/null @@ -1,4 +0,0 @@ -; Log all warnings and errors -error_log = ${PHP_ERROR_LOG} -log_level = ${PHP_ERROR_LOG_LEVEL} -log_errors_max_len = ${PHP_ERROR_MAX_LEN} diff --git a/ubuntu-7.2/rootfs/etc/php/7.2/fpm/conf.d/mail.ini b/ubuntu-7.2/rootfs/etc/php/7.2/fpm/conf.d/mail.ini deleted file mode 100644 index d54d6f8..0000000 --- a/ubuntu-7.2/rootfs/etc/php/7.2/fpm/conf.d/mail.ini +++ /dev/null @@ -1,3 +0,0 @@ -[PHP] -; Use msmtp to send mail instead of sendmail -sendmail_path = "/usr/sbin/sendmail" diff --git a/ubuntu-7.2/rootfs/etc/php/7.2/fpm/conf.d/opcache.ini b/ubuntu-7.2/rootfs/etc/php/7.2/fpm/conf.d/opcache.ini deleted file mode 100644 index 41a7d2a..0000000 --- a/ubuntu-7.2/rootfs/etc/php/7.2/fpm/conf.d/opcache.ini +++ /dev/null @@ -1,24 +0,0 @@ -; Enable php opcache to make site faster -; These are taken from: https://www.scalingphpbook.com/blog/2014/02/14/best-zend-opcache-settings.html -[opcache] -opcache.enable = 1 -opcache.enable_cli = 1 - -; Provides a faster mechanism for calling the deconstructors in your code at the end of a single request to speed up the response and recycle php workers so they're ready for the next incoming request faster. -opcache.fast_shutdown = 1 - -; Give plenty of memory for php process for caching the code -opcache.memory_consumption = ${PHP_OPCACHE_MAX_MEMORY} - -; Log into container output -opcache.error_log = /dev/stderr - -; Log opcache warnings -opcache.log_verbosity_level = 2 - -; PHP uses a technique called string interning to improve performance— so, for example, if you have the string "foobar" 1000 times in your code, internally PHP will store 1 immutable variable for this string and just use a pointer to it for the other 999 times you use it. -; This reserves 16MB to storing the most used strings -opcache.interned_strings_buffer = 16 -opcache.max_accelerated_files = ${PHP_OPCACHE_MAX_FILES} - - diff --git a/ubuntu-7.2/rootfs/etc/php/7.2/fpm/conf.d/opcache_invalidate.conf b/ubuntu-7.2/rootfs/etc/php/7.2/fpm/conf.d/opcache_invalidate.conf deleted file mode 100644 index d152afa..0000000 --- a/ubuntu-7.2/rootfs/etc/php/7.2/fpm/conf.d/opcache_invalidate.conf +++ /dev/null @@ -1,5 +0,0 @@ -; Don't revalidate php files in this container -opcache.validate_timestamps = 0 - -; We don't need to cache php comments into opcache -opcache.save_comments = 0 diff --git a/ubuntu-7.2/rootfs/etc/php/7.2/fpm/conf.d/sessions.ini b/ubuntu-7.2/rootfs/etc/php/7.2/fpm/conf.d/sessions.ini deleted file mode 100644 index d5fb56c..0000000 --- a/ubuntu-7.2/rootfs/etc/php/7.2/fpm/conf.d/sessions.ini +++ /dev/null @@ -1,6 +0,0 @@ -;;;;;;;;;;;;;;;;;;;;;;;;;; -; Define Session backend ; -;;;;;;;;;;;;;;;;;;;;;;;;;; -; These env can also contain redis as backend -session.save_handler = ${PHP_SESSION_HANDLER} -session.save_path = ${PHP_SESSION_SAVE_PATH} diff --git a/ubuntu-7.2/rootfs/etc/php/7.2/fpm/conf.d/timezone.ini b/ubuntu-7.2/rootfs/etc/php/7.2/fpm/conf.d/timezone.ini deleted file mode 100644 index dfb2fec..0000000 --- a/ubuntu-7.2/rootfs/etc/php/7.2/fpm/conf.d/timezone.ini +++ /dev/null @@ -1,2 +0,0 @@ -; Timezone from env formatted like 'Europe/Helsinki' -date.timezone = ${TZ} diff --git a/ubuntu-7.2/rootfs/etc/php/7.2/fpm/php-fpm.conf b/ubuntu-7.2/rootfs/etc/php/7.2/fpm/php-fpm.conf deleted file mode 100644 index 6f895bd..0000000 --- a/ubuntu-7.2/rootfs/etc/php/7.2/fpm/php-fpm.conf +++ /dev/null @@ -1,35 +0,0 @@ -; Run this in foregroud so s6 can control it -daemonize = no - -; Log all warnings and errors -error_log = ${PHP_ERROR_LOG} -log_level = ${PHP_ERROR_LOG_LEVEL} - -[www] -user = ${WEB_USER} -group = ${WEB_GROUP} -listen = /var/run/php-fpm.sock -listen.owner = ${WEB_USER} -listen.group = ${WEB_GROUP} -pm = dynamic - -; Total RAM dedicated to the web server / Max child process size -pm.max_children = 30 - -pm.start_servers = 1 -pm.min_spare_servers = 1 -pm.max_spare_servers = 3 - -; Redirect worker stdout and stderr into main error log. If not set, stdout and -; stderr will be redirected to /dev/null according to FastCGI specs. -; Default Value: no -catch_workers_output = yes - -; Project web root -chdir = ${WEB_ROOT} - -pm.process_idle_timeout = 10s -pm.max_requests = 500 - -; Include extra configs -include=/etc/php/7.2/fpm/php-fpm.d/*.conf diff --git a/ubuntu-7.2/rootfs/etc/php/7.2/fpm/php-fpm.d/preserve-env.conf b/ubuntu-7.2/rootfs/etc/php/7.2/fpm/php-fpm.d/preserve-env.conf deleted file mode 100644 index 956d8ff..0000000 --- a/ubuntu-7.2/rootfs/etc/php/7.2/fpm/php-fpm.d/preserve-env.conf +++ /dev/null @@ -1,3 +0,0 @@ -; Just use all envs from system when php-fpm starts -; By default php-fpm flushes all envs and they need to be whitelisted -clear_env = no diff --git a/ubuntu-7.2/rootfs/etc/php/7.2/fpm/php.ini b/ubuntu-7.2/rootfs/etc/php/7.2/fpm/php.ini deleted file mode 100644 index bf0e19b..0000000 --- a/ubuntu-7.2/rootfs/etc/php/7.2/fpm/php.ini +++ /dev/null @@ -1,47 +0,0 @@ -;;; -; Production settings for php and php-fpm -;;; -; All directives from /etc/php/7.0/fpm/conf.d are also included -;;; - -[PHP] - -; Don't display errors into frontend -display_errors = ${PHP_DISPLAY_ERRORS} - -; disable ignoring of repeat errors -ignore_repeated_errors = false - -; disable ignoring of unique source errors -ignore_repeated_source = false - -; enable logging of php memory leaks -report_memleaks = true - -; Deny executing anything else than the exact path passed from fastcgi -; This causes the PHP interpreter to only try the literal path given and to stop processing if the file is not found. -; This is for security. Source: https://www.nginx.com/resources/wiki/start/topics/tutorials/config_pitfalls/#passing-uncontrolled-requests-to-php -cgi.fix_pathinfo = 0 - -; disable html markup of errors -html_errors = false - -; disable formatting of error reference links -docref_root = 0 - -; disable formatting of error reference links -docref_ext = 0 - -; disable max error string length ( by using so big number that bigger messages don't matter ) -log_errors_max_len = 10000 - -; Don't show startup errors -display_startup_errors = Off -;This is deprecated from php7.2 so its disabled as of 5.4.2018 -;track_errors = Off - -; Redirect worker stdout and stderr into main error log. If not set, stdout and -; stderr will be redirected to /dev/null according to FastCGI specs. -; Default Value: no -catch_workers_output = yes - diff --git a/ubuntu-7.2/rootfs/etc/services.d/cron/run b/ubuntu-7.2/rootfs/etc/services.d/cron/run deleted file mode 100644 index 444e2b9..0000000 --- a/ubuntu-7.2/rootfs/etc/services.d/cron/run +++ /dev/null @@ -1,4 +0,0 @@ -#!/usr/bin/with-contenv sh -echo "[services.d] started cron daemon" -# Runs cron daemon in foreground -cron -l 2 -f diff --git a/ubuntu-7.2/rootfs/etc/services.d/nginx/run b/ubuntu-7.2/rootfs/etc/services.d/nginx/run deleted file mode 100755 index ef92c7d..0000000 --- a/ubuntu-7.2/rootfs/etc/services.d/nginx/run +++ /dev/null @@ -1,4 +0,0 @@ -#!/usr/bin/with-contenv sh - -# Run nginx always in foreground -exec nginx -g "daemon off;" diff --git a/ubuntu-7.2/rootfs/etc/services.d/php-fpm/run b/ubuntu-7.2/rootfs/etc/services.d/php-fpm/run deleted file mode 100644 index 9ef8d41..0000000 --- a/ubuntu-7.2/rootfs/etc/services.d/php-fpm/run +++ /dev/null @@ -1,53 +0,0 @@ -#!/usr/bin/with-contenv bash - -## -# Check which kind of session backend we should be using -## -if [ -z "$PHP_SESSION_SAVE_PATH" ]; then - echo "[php-fpm] configuring php-fpm session backend..." - - # Use 'files' as default session handler - export PHP_SESSION_HANDLER=${PHP_SESSION_HANDLER-files} - - case "$PHP_SESSION_HANDLER" in - - files) - mkdir -p /tmp/php - chown $WEB_USER:$WEB_GROUP /tmp/php - - # export new env for php-fpm - export PHP_SESSION_SAVE_PATH='/tmp/php' - ;; - redis) - # Set defaults - REDIS_HOST=${REDIS_HOST-$REDIS_1_PORT_6379_TCP_ADDR} - REDIS_PORT=${REDIS_PORT-6379} - REDIS_SCHEME=${REDIS_SCHEME-tcp} - REDIS_PHP_SESSION_HOST=${REDIS_PHP_SESSION_HOST-$REDIS_1_PORT_6379_TCP_ADDR} - - # After this time php-fpm will timeout from requesting session data - PHP_SESSION_REDIS_TIMEOUT=${PHP_SESSION_REDIS_TIMEOUT-5} - - PHP_SESSION_REDIS_PARAMS="timeout=$PHP_SESSION_REDIS_TIMEOUT" - - # Set these only if they are not 0 and '' because they add complexity for the query - if [ "$PHP_SESSION_REDIS_DB" != "" ]; then - PHP_SESSION_REDIS_PARAMS+="&database=$PHP_SESSION_REDIS_DB" - fi - if [ "$REDIS_PASSWORD" != "" ]; then - PHP_SESSION_REDIS_PARAMS+="&auth=$REDIS_PASSWORD" - fi - if [ "$PHP_SESSION_REDIS_PREFIX" != "" ]; then - PHP_SESSION_REDIS_PARAMS+="&prefix=$PHP_SESSION_REDIS_PREFIX" - fi - - # export new env for php-fpm - export PHP_SESSION_SAVE_PATH="$REDIS_SCHEME://$REDIS_PHP_SESSION_HOST:$REDIS_PORT?$PHP_SESSION_REDIS_PARAMS" - ;; - esac -fi -echo "[php-fpm] using $PHP_SESSION_SAVE_PATH for php sessions..." - -echo "[php-fpm] started php-fpm" -exec php-fpm -c /etc/php/7.2/fpm/php.ini --fpm-config /etc/php/7.2/fpm/php-fpm.conf --pid /var/run/php-fpm.pid - diff --git a/ubuntu-7.2/rootfs/usr/bin/wp b/ubuntu-7.2/rootfs/usr/bin/wp deleted file mode 100755 index e138ef0..0000000 --- a/ubuntu-7.2/rootfs/usr/bin/wp +++ /dev/null @@ -1,12 +0,0 @@ -#!/usr/bin/env bash -## -# WP-cli wrapper: Append path automatically so that user doesn't have to -## -if [ "$(whoami)" = "root" ]; then - # Run as wordpress user instead - # This helps that we don't install things as root - # Or run 3rd party code as root - gosu $WEB_USER /usr/local/bin/wp-cli "$@" --path=$WP_CORE -else - /usr/local/bin/wp-cli "$@" --path=$WP_CORE -fi diff --git a/ubuntu-7.2/rootfs/usr/local/bin/phinx b/ubuntu-7.2/rootfs/usr/local/bin/phinx deleted file mode 100755 index 854aa2f..0000000 --- a/ubuntu-7.2/rootfs/usr/local/bin/phinx +++ /dev/null @@ -1,27 +0,0 @@ -#!/usr/bin/env bash -## -# Phinx wrapper -# You need to install phinx through composer first -## - -# Export database host in prod and dev -if [ ! -z "$MYSQL_HOST" ]; then - export PHINX_DBHOST=$MYSQL_HOST -elif [ ! -z "$DB_HOST" ]; then - export PHINX_DBHOST=$DB_HOST -elif [ ! -z "$DB_PORT_3306_TCP_ADDR" ]; then - export PHINX_DBHOST=$DB_PORT_3306_TCP_ADDR -else - echo "ERROR: You need to set DB_HOST!" -fi - -# Export phinx envs -# Default to MYSQL_ envs but fallback to DB_ -export PHINX_DBPORT=${MYSQL_PORT-$DB_PORT} -export PHINX_DBNAME=${MYSQL_DATABASE-$DB_NAME} -export PHINX_DBUSER=${MYSQL_USER-$DB_USER} -export PHINX_DBPASSWORD=${MYSQL_PWD-$DB_PASSWORD} -export PHINX_ENVIRONMENT=$WP_ENV - -# Run phinx -php $PROJECT_ROOT/vendor/bin/phinx $@ diff --git a/ubuntu-7.2/rootfs/usr/local/bin/print-smtp-password b/ubuntu-7.2/rootfs/usr/local/bin/print-smtp-password deleted file mode 100755 index f59d906..0000000 --- a/ubuntu-7.2/rootfs/usr/local/bin/print-smtp-password +++ /dev/null @@ -1,5 +0,0 @@ -#!/bin/bash -# This is so that we can use msmtp without /etc/msmtprc config file -# msmtp doesn't have --password option and it only has --passwordeval option -# We use this script so that we can use it in passwordeval -echo $SMTP_PASSWORD diff --git a/ubuntu-7.2/rootfs/usr/local/bin/wp-run-cron b/ubuntu-7.2/rootfs/usr/local/bin/wp-run-cron deleted file mode 100755 index e5c4aa8..0000000 --- a/ubuntu-7.2/rootfs/usr/local/bin/wp-run-cron +++ /dev/null @@ -1,42 +0,0 @@ -#!/bin/bash -# Copyright © 2015 Bjørn Johansen -# This work is free. You can redistribute it and/or modify it under the -# terms of the Do What The Fuck You Want To Public License, Version 2, -# as published by Sam Hocevar. See http://www.wtfpl.net/ for more details. -# Source: https://bjornjohansen.no/wordpress-cron-wp-cli -# Github: https://gist.github.com/bjornjohansen/a00a9fee5475c4dadb56#file-run-wp-cron-sh - -# This is modified for our container. In this container you don't need to use --path -# because it's automatically included - -# Check if WP-CLI is available -if ! hash wp 2>/dev/null; then - echo "[wp-cron] ERROR: WP-CLI is not available" - exit -fi - -# If WordPress isn’t installed here, we bail -if ! wp core is-installed --quiet >> /dev/null; then - echo "[wp-cron] ERROR: WordPress is not installed here: ${WP_CORE}" - exit -fi - -# Get a list of site URLs -if wp core is-installed --quiet --network >> /dev/null; -then - SITE_URLS=`wp site list --fields=url --archived=0 --deleted=0 --format=csv | sed 1d` -else - SITE_URLS=(`wp option get siteurl`) -fi - -# Loop through all the sites -for SITE_URL in $SITE_URLS -do - # replaced loop with better solution - wp cron event run --due-now --url="$SITE_URL" - # Run all event hooks that are due - #for EVENT_HOOK in $(wp cron event list --format=csv --fields=hook,next_run_relative --url="$SITE_URL" | grep now$ | awk -F ',' '{print $1}') - #do - # wp cron event run "$EVENT_HOOK" --url="$SITE_URL" --quiet - #done -done diff --git a/ubuntu-7.2/rootfs/usr/sbin/sendmail b/ubuntu-7.2/rootfs/usr/sbin/sendmail deleted file mode 100755 index ec8c40f..0000000 --- a/ubuntu-7.2/rootfs/usr/sbin/sendmail +++ /dev/null @@ -1,66 +0,0 @@ -#!/bin/bash -## -# This is custom wrapper for msmtp which acts like good old sendmail -# - It is used for php and cron -# - This is easier to configure for external mail server than sendmail -# - sendmail is just the default binary which other services will use -# - It needs following env: SMTP_HOST, SMTP_PASSWORD, SMTP_PORT, SMTP_AUTH, SMTP_USER -## - -# Deduce all used msmtp options from system ENVs -declare -a options - -# Act like sendmail -options+=("-t") - -# Use system tls chain -options+=("--tls-trust-file=/etc/ssl/certs/ca-certificates.crt") - -if [ -n "$SMTP_HOST" ]; then - options+=("--host=$SMTP_HOST") -else - echo "[mail error] SMTP_HOST is not defined, mail can't be sent" - exit 1 -fi - -# Log all mail requests -# try /var/log/mail/sent.log but use stdout when logfile is not available -if [ -n "$SMTP_LOG" ]; then - options+=("--logfile=$SMTP_LOG") -elif [ -f /var/log/mail/sent.log ]; then - options+=("--logfile=/var/log/mail/sent.log") -fi - -if [ -n "$SMTP_FROM" ]; then - options+=("--from=$SMTP_FROM") -fi - -# Default port for smtp is 25 and it will work even without this option -if [ -n "$SMTP_PORT" ]; then - options+=("--port=$SMTP_PORT") -fi - -# Setup credentials -if [ -n "$SMTP_USER" ]; then - options+=("--user=$SMTP_USER") -fi - -# msmtp doesn't provide password option because usually it's unsafe -# Use local hack for passwordeval -if [ -n "$SMTP_PASSWORD" ]; then - options+=("--passwordeval=/usr/local/bin/print-smtp-password") -fi - - -if [ -n "$SMTP_AUTH" ]; then - options+=("--auth=$SMTP_AUTH") -elif [ -n "$SMTP_USER" ] || [ -n "$SMTP_PASSWORD" ]; then - options+=("--auth=on") -fi - -if [ -n "$SMTP_TLS" ]; then - options+=("--tls=$SMTP_TLS") -fi - -# Add our options and command line options for msmtp -msmtp ${options[@]} "$@" diff --git a/ubuntu-7.2/rootfs/usr/share/nginx/html/403.html b/ubuntu-7.2/rootfs/usr/share/nginx/html/403.html deleted file mode 100644 index 3f85394..0000000 --- a/ubuntu-7.2/rootfs/usr/share/nginx/html/403.html +++ /dev/null @@ -1,95 +0,0 @@ - - - - - - -403 Forbidden - - - - - - - - -
-
-

403 Forbidden

-

Sorry! You don't have access permissions for that on .

-

Take Me To The Homepage - -

-
-
-
-
-
-
-

What happened?

-

A 403 error status indicates that you don't have permission to access the file or page. In general, web servers and websites have directories and files that are not open to the public web for security reasons.

-
-
-

What can I do?

-

If you're a site visitor

-

Please use your browsers back button and check that you're in the right place. If you need immediate assistance, please send us an email instead.

-

If you're the site owner

-

Please check that you're in the right place and get in touch with your website provider if you believe this to be an error.

-
-
-
-
- - - - - - - diff --git a/ubuntu-7.2/rootfs/usr/share/nginx/html/500.html b/ubuntu-7.2/rootfs/usr/share/nginx/html/500.html deleted file mode 100644 index e5fac20..0000000 --- a/ubuntu-7.2/rootfs/usr/share/nginx/html/500.html +++ /dev/null @@ -1,89 +0,0 @@ - - - - - - -500 Internal Server Error - - - - - - - - -
- -
-

500 Internal Server Error

-

The web server is returning an internal error for .

- Try This Page Again -
-
-
-
-
-
-

What happened?

-

A 500 error status implies there is a problem with the web server's software causing it to malfunction.

-
-
-

What can I do?

-

If you're a site visitor

-

Nothing you can do at the moment. If you need immediate assistance, please send us an email instead. We apologize for any inconvenience.

-

If you're the site owner

-

This error can only be fixed by server admins, please contact your website provider.

-
-
-
-
- - - - - - - diff --git a/ubuntu-7.2/rootfs/usr/share/nginx/html/502.html b/ubuntu-7.2/rootfs/usr/share/nginx/html/502.html deleted file mode 100644 index e7d79c1..0000000 --- a/ubuntu-7.2/rootfs/usr/share/nginx/html/502.html +++ /dev/null @@ -1,98 +0,0 @@ - - - - - - - -502 Bad Gateway - - - - - - - - -
- -
-

502 Bad Gateway

-

The web server is returning an unexpected networking error for .

- Try This Page Again -
-
-
-
-
-
-

What happened?

-

A 502 error status implies that that the server received an invalid response from an upstream server it accessed to fulfill the request.

-
-
-

What can I do?

-

If you're a site visitor

-

Check to see if this website down for everyone or just you. -

-

Also, clearing your browser cache and refreshing the page may clear this issue. If the problem persists and you need immediate assistance, please send us an email instead.

-

If you're the site owner

-

Clearing your browser cache and refreshing the page may clear this issue. If the problem persists and you need immediate assistance, please contact your website provider.

-
-
-
-
- - - - - - - - diff --git a/ubuntu-7.2/rootfs/usr/share/nginx/html/504.html b/ubuntu-7.2/rootfs/usr/share/nginx/html/504.html deleted file mode 100644 index f37b919..0000000 --- a/ubuntu-7.2/rootfs/usr/share/nginx/html/504.html +++ /dev/null @@ -1,100 +0,0 @@ - - - - - - - -504 Gateway Timeout - - - - - - - - -
- -
-

504 Gateway Timeout

-

The web server is returning an unexpected networking error for .

- Try This Page Again -
-
-
-
- - -
-
-

What happened?

-

A 504 error status implies there is a slow IP communication problem between back-end servers attempting to fulfill this request.

-
-
-

What can I do?

-

If you're a site visitor

-

Check to see if this website down for everyone or just you. -

-

Also, clearing your browser cache and refreshing the page may clear this issue. If the problem persists and you need immediate assistance, please send us an email instead.

-

If you're the site owner

-

Clearing your browser cache and refreshing the page may clear this issue. If the problem persists and you need immediate assistance, please contact your website provider.

-
-
-
-
- - - - - - - - diff --git a/ubuntu-7.3/Dockerfile b/ubuntu-7.3/Dockerfile deleted file mode 100644 index e48afee..0000000 --- a/ubuntu-7.3/Dockerfile +++ /dev/null @@ -1,192 +0,0 @@ -FROM devgeniem/ubuntu-docker-openresty-pagespeed:beta -MAINTAINER Ville Pietarinen - Geniem Oy - -## -# Only use these during installation -## -ARG LANG=C.UTF-8 -ARG DEBIAN_FRONTEND=noninteractive - -## -# Install php7 packages from dotdeb.org -# - Dotdeb is an extra repository providing up-to-date packages for your Debian servers -## -RUN \ - apt-get update \ -&& apt-get -y install software-properties-common \ - && add-apt-repository ppa:ondrej/php \ - && apt-get -y --no-install-recommends install \ - apt-utils \ - curl \ - nano \ - ca-certificates \ - git \ - mysql-client \ - msmtp \ - postfix \ - netcat \ - less \ - && apt-get update \ - && apt-get -y --no-install-recommends install \ - php7.3-cli \ - php7.3-common \ - php7.3-apcu \ - php7.3-apcu-bc \ - php7.3-curl \ - php7.3-json \ - php7.3-opcache \ - php7.3-readline \ - php7.3-xml \ - php7.3-zip \ - php7.3-fpm \ - php7.3-redis \ - php7.3-mongodb \ - php7.3-mysqli \ - php7.3-intl \ - php7.3-gd \ - php7.3-mbstring \ - php7.3-soap \ - php7.3-bcmath \ - php7.3-curl \ - php7.3-ldap \ - # Force install only cron without extra mailing dependencies - && cd /tmp \ - && apt-get download cron \ - && dpkg --force-all -i cron*.deb \ - && mkdir -p /var/spool/cron/crontabs \ - # Cleanup - && apt-get clean \ - && apt-get autoremove \ - && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* /usr/share/doc/* /var/log/apt/* /var/log/*.log - - -# Install helpers -RUN \ - ## - # Install composer - ## - curl -sS https://getcomposer.org/installer | php -- --install-dir=/usr/local/bin --filename=composer \ - && composer global require hirak/prestissimo \ - - ## - # Install wp-cli - # source: http://wp-cli.org/ - ## - && curl -L https://raw.githubusercontent.com/wp-cli/builds/gh-pages/phar/wp-cli.phar -o /usr/local/bin/wp-cli \ - && chmod +rx /usr/local/bin/wp-cli \ - # Symlink it to /usr/bin as well so that cron can find this script with limited PATH - && ln -s /usr/local/bin/wp-cli /usr/bin/wp-cli \ - - ## - # Install cronlock for running cron correctly with multi container setups - # https://github.com/kvz/cronlock - ## - && curl -L https://raw.githubusercontent.com/kvz/cronlock/master/cronlock -o /usr/local/bin/cronlock \ - && chmod +rx /usr/local/bin/cronlock \ - # Symlink it to /usr/bin as well so that cron can find this script with limited PATH - && ln -s /usr/local/bin/cronlock /usr/bin/cronlock - -## -# Add Project files like nginx and php-fpm processes and configs -# Also custom scripts and bashrc -## -COPY rootfs/ / - -# Run small fixes -RUN set -x \ - && mkdir -p /var/www/uploads \ - && mkdir -p /tmp/php-opcache \ - && ln -sf /usr/sbin/php-fpm7.3 /usr/sbin/php-fpm \ - && ln -sf /usr/bin/wp /usr/local/bin/wp -# This is for your project root -ENV PROJECT_ROOT="/var/www/project" - -ENV \ - # Add interactive term - TERM="xterm" \ - # Set defaults which can be overriden - MYSQL_PORT="3306" \ - # Use default web port in nginx but allow it to be overridden - # This also works correctly with flynn: - # https://github.com/flynn/flynn/issues/3213#issuecomment-237307457 - PORT="8080" \ - # Use custom users for nginx and php-fpm - WEB_USER="wordpress" \ - WEB_GROUP="web" \ - WEB_UID=1000 \ - WEB_GID=1001 \ - # Set defaults for redis - REDIS_PORT="6379" \ - REDIS_DATABASE="0" \ - REDIS_PASSWORD="" \ - REDIS_SCHEME="tcp" \ - # Set defaults for NGINX fastcgi cache - # This variable uses seconds by default - # Time units supported are "s"(seconds), "ms"(milliseconds), "y"(years), "M"(months), "w"(weeks), "d"(days), "h"(hours), and "m"(minutes). - # Also http response codes that are cached can be set - NGINX_REDIS_CACHE_TTL_DEFAULT="200 301 302 1m" \ - NGINX_REDIS_CACHE_TTL_MAX="4h" \ - # Default fastcgi cache directory - NGINX_CACHE_DIRECTORY="/tmp/nginx/fullpage" \ - # Default operations when fastcgi stale cache is used - NGINX_CACHE_USE_STALE="error timeout invalid_header updating http_500 http_503 http_403 http_404 http_429" \ - # Default headers for fastcgi stale- and error cache - NGINX_CACHE_CONTROL='"max-age=60, stale-while-revalidate=300, stale-if-error=21600"'\ - # Cronlock is used to stop simultaneous cronjobs in clusterised environments - CRONLOCK_HOST="" \ - # This is used by nginx and php-fpm - WEB_ROOT="${PROJECT_ROOT}/web" \ - # This is used automatically by wp-cli - WP_CORE="${PROJECT_ROOT}/web/wp" \ - # Nginx include files - NGINX_INCLUDE_DIR="/var/www/project/nginx" \ - # Allow bigger file uploads - NGINX_MAX_BODY_SIZE="10M" \ - # Allow storing bigger body in memory - NGINX_BODY_BUFFER_SIZE="32k" \ - # Have sane fastcgi timeout by default - NGINX_FASTCGI_TIMEOUT="30" \ - # Have sane fastcgi timeout by default - NGINX_ERROR_LEVEL="warn" \ - # Have sane fastcgi timeout by default - NGINX_ERROR_LOG="/dev/stderr" \ - # Have sane fastcgi timeout by default - NGINX_ACCESS_LOG="/dev/stdout" \ - # Default cache key for nginx http cache - NGINX_CACHE_KEY='wp_:nginx:$real_scheme$request_method$host$request_uri' \ - # PHP settings - PHP_MEMORY_LIMIT="128M" \ - PHP_MAX_INPUT_VARS="1000" \ - PHP_ERROR_LOG="/proc/self/fd/1" \ - PHP_ERROR_LOG_LEVEL="warning" \ - PHP_ERROR_LOG_MAX_LEN="8192" \ - PHP_SESSION_REDIS_DB="0" \ - PHP_SESSION_HANDLER="files" \ - # You should count the *.php files in your project and set this number to be bigger - # $ find . -type f -print | grep php | wc -l - PHP_OPCACHE_MAX_FILES="8000" \ - # Amount of memory in MB to allocate for opcache - PHP_OPCACHE_MAX_MEMORY="128" \ - # Use host machine as default SMTP_HOST - SMTP_HOST="172.17.2.1" \ - # This folder is used to mount files into host machine - # You should use this path for your uploads since everything else should be ephemeral - UPLOADS_ROOT="/var/www/uploads" \ - # This can be overidden by you, it's just default for us - TZ="Europe/Helsinki" -# Setup $TZ. Remember to run this again in your own build - # Make sure that all files here have execute permissions -RUN dpkg-reconfigure tzdata && \ - chmod +x /etc/cont-init.d/* - -# Install socklog-overlay -ADD https://github.com/just-containers/socklog-overlay/releases/download/v3.1.0-2/socklog-overlay-amd64.tar.gz /tmp/ -RUN tar xzf /tmp/socklog-overlay-amd64.tar.gz -C / -RUN echo '+\n1' > /etc/socklog.rules/forward-stdout -RUN echo 'LANG="en_US.UTF-8"' > /etc/default/locale - -# Set default path to project folder for easier running commands in project -WORKDIR ${PROJECT_ROOT} -EXPOSE ${PORT} -ENTRYPOINT ["/init"] - diff --git a/ubuntu-7.3/rootfs/etc/ImageMagick b/ubuntu-7.3/rootfs/etc/ImageMagick deleted file mode 100644 index d88e8bf..0000000 --- a/ubuntu-7.3/rootfs/etc/ImageMagick +++ /dev/null @@ -1,11 +0,0 @@ - - - - - - - - - - - diff --git a/ubuntu-7.3/rootfs/etc/cont-init.d/00-render-templates b/ubuntu-7.3/rootfs/etc/cont-init.d/00-render-templates deleted file mode 100755 index 8fe5e21..0000000 --- a/ubuntu-7.3/rootfs/etc/cont-init.d/00-render-templates +++ /dev/null @@ -1,86 +0,0 @@ -#!/usr/bin/with-contenv bash -## -# This script uses clever heredoc hack to substitute env variables into static config files -# Source: http://stackoverflow.com/questions/2914220/bash-templating-how-to-build-configuration-files-from-templates-with-bash -## - -## -# Replaces ${ENV} placoholders from file with provided variables -# $1 - ':'' separated list of variables -# $2 - filename to render -## -function render_env_tmpl() { - vars=$1 - input_file=$2 - # If filename ends with .tmpl replace it without the .tmpl - filename=$(dirname $input_file)/$(basename $input_file .tmpl) - - tmp_file=/tmp/$(basename $filename) - - # render all provided $vars to temporary file - envsubst "$vars" < $input_file > $tmp_file - - # replace original file with rendered file - mv $tmp_file $filename -} - -echo "[cont-init.d] Substituting env into configuration files..." - -## -# Nginx doesn't support env variables in config files so we will have to do this in hacky way instead -## -VARS='$PORT:$WEB_ROOT:$WEB_USER:$WEB_GROUP:$NGINX_ACCESS_LOG:$NGINX_ERROR_LOG:$NGINX_ERROR_LEVEL:$NGINX_INCLUDE_DIR:$NGINX_MAX_BODY_SIZE:$NGINX_BODY_BUFFER_SIZE:$NGINX_FASTCGI_TIMEOUT:$WP_ENV:$NGINX_CACHE_KEY' -render_env_tmpl "$VARS" /etc/nginx/nginx.conf - -## -# Redis cache needs to know the redis instance and credentials -## - -# Set defaults if they are not set -export REDIS_HOST=${REDIS_HOST-$REDIS_1_PORT_6379_TCP_ADDR} -export REDIS_PORT=${REDIS_PORT-6379} -export REDIS_DATABASE=${REDIS_DATABASE-0} -export REDIS_PASSWORD=${REDIS_PASSWORD-''} -export REDIS_CACHE_TTL=${REDIS_CACHE_TTL-14400} - -# Add helper variables for AWS s3 bucket storage -VARS+='$AWS_S3_BUCKET_NAME:AWS_S3_REPLICA_BUCKET_NAME' - -# Add Redis variables -VARS+='$REDIS_HOST:$REDIS_PORT:$REDIS_DATABASE:$REDIS_PASSWORD:$NGINX_REDIS_CACHE_TTL_MAX:$NGINX_REDIS_CACHE_TTL_DEFAULT:$NGINX_REDIS_CACHE_PREFIX:$NGINX_FASTCGI_CACHE_VALID' - -# Add image proxy variables -VARS+='$GOOGLE_CLOUD_STORAGE_BUCKET_NAME' - -# Add cache variables -VARS+='$NGINX_CACHE_USE_STALE:$NGINX_CACHE_CONTROL:$NGINX_CACHE_DIRECTORY' - -render_env_tmpl "$VARS" /etc/nginx/cache/redis_backend.conf - -render_env_tmpl "$VARS" /etc/nginx/cache/srcache.conf -render_env_tmpl "$VARS" /etc/nginx/cache/fastcgicache_settings.conf -render_env_tmpl "$VARS" /etc/nginx/cache/fastcgicache_skip_rules.conf -render_env_tmpl "$VARS" /etc/nginx/cache/fastcgicache_headers.conf -## -# Render all user provided nginx templates -## -VARS+='$BASIC_AUTH_USER:$BASIC_AUTH_PASSWORD_HASH' -for conf_file in $(find $NGINX_INCLUDE_DIR -type f -name '*.tmpl'); do - echo "[cont-init.d] Rendering env in $conf_file..." - - # Add helper variables for easier scripting - export __DIR__=$(dirname $conf_file) - - VARS_TMPL=$VARS':$__DIR__' - render_env_tmpl "$VARS_TMPL" $conf_file -done - -# Encrypt basic auth password if it set -if [[ -z "${BASIC_AUTH_PASSWORD}" ]]; -then - echo "Not encrypting BASIC_AUTH_PASSWORD..." -else - BASIC_AUTH_PASSWORD_HASH=$(openssl passwd -crypt $BASIC_AUTH_PASSWORD) - echo "Encrypting BASIC_AUTH_PASSWORD... ${BASIC_AUTH_PASSWORD} -> ${BASIC_AUTH_PASSWORD_HASH}" - echo "${BASIC_AUTH_USER}:${BASIC_AUTH_PASSWORD_HASH}" > /var/www/project/nginx/environments/${WP_ENV}/server/.htpasswd -fi diff --git a/ubuntu-7.3/rootfs/etc/cont-init.d/01-create-web-user b/ubuntu-7.3/rootfs/etc/cont-init.d/01-create-web-user deleted file mode 100755 index aeb0aa7..0000000 --- a/ubuntu-7.3/rootfs/etc/cont-init.d/01-create-web-user +++ /dev/null @@ -1,58 +0,0 @@ -#!/usr/bin/with-contenv bash - -## -# If $WEB_USER user and web group already exists just skip the user creation -## -if id -u $WEB_USER > /dev/null 2>&1 && getent group $WEB_GROUP > /dev/null 2>&1; then - echo "[cont-init.d] user:$WEB_USER and group:$WEB_GROUP already exist, skipping..." - exit 0 -fi - -## -# Create $WEB_USER user with $WEB_UID and web group with $WEB_GID -## - -# Set defaults if they are not set -export WEB_USER=${WEB_USER-wordpress} -export WEB_GROUP=${WEB_GROUP-web} -export WEB_UID=${WEB_UID-1000} -export WEB_GID=${WEB_GID-1000} - -echo "[cont-init.d] Creating $WEB_USER user with id: $WEB_UID and group web with id: $WEB_GID" - -# Create web group -if [ -n "$WEB_GID" ]; then - - # Check if group with $WEB_GID already exists - web_group=$(getent group $WEB_GID | cut -d':' -f1) - - if [ -n "$web_group" ]; then - - # Replace the existing group name to web - # This is done so that in local development we can just lookup permissions from mounted folders - # This UID/GID can be same as something already existing inside container - # This way we can use same uid/gid in container and host machine - echo "[cont-init.d] Replacing pre-existing group name $web_group -> $WEB_GROUP" - sed -i "s|$web_group|$WEB_GROUP|g" /etc/group - - else - # Create new group - echo "$ groupadd -g $WEB_GID $WEB_GROUP" - groupadd -g $WEB_GID $WEB_GROUP - fi -else - echo "[cont-init.d] ERROR: Please set web user group id in WEB_GID" 1>&2 - exit 2 -fi - -# Create $WEB_USER user -if [ -n "$WEB_UID" ] && [ -n "$WEB_GID" ] ; then - echo "$ useradd -u $WEB_UID -g $WEB_GROUP --home $PROJECT_ROOT $WEB_USER" - useradd -u $WEB_UID -g $WEB_GROUP --home $PROJECT_ROOT $WEB_USER -else - echo "[cont-init.d] ERROR: Please set web user id in WEB_UID" 1>&2 - exit 2 -fi - -# Check that processes can write logs -chown $WEB_USER:$WEB_GROUP /var/log diff --git a/ubuntu-7.3/rootfs/etc/cont-init.d/02-init-crond b/ubuntu-7.3/rootfs/etc/cont-init.d/02-init-crond deleted file mode 100755 index 962a79e..0000000 --- a/ubuntu-7.3/rootfs/etc/cont-init.d/02-init-crond +++ /dev/null @@ -1,30 +0,0 @@ -#!/usr/bin/with-contenv bash - -# Copy cronjob from project and run as nginx -if [ -f $PROJECT_ROOT/tasks.cron ]; then - - # Setup all container env for cron - printenv | grep -v ^_= | grep -v "no_proxy" >> /etc/environment - - # Use default redis for cronlock if cronlock variables are not set - if [ -n "$REDIS_HOST" ] && [ -z "$CRONLOCK_HOST" ] ; then - echo "CRONLOCK_HOST=$REDIS_HOST" >> /etc/environment - fi - if [ -n "$REDIS_PASSWORD" ] && [ -z "$CRONLOCK_AUTH" ] ; then - echo "CRONLOCK_AUTH=$REDIS_PASSWORD" >> /etc/environment - fi - if [ -n "$REDIS_PORT" ] && [ -z "$CRONLOCK_PORT" ] ; then - echo "CRONLOCK_PORT=$REDIS_PORT" >> /etc/environment - fi - # env for running wp cron - echo "CRON_URL=$CRON_URL" >> /etc/environment; - # Copy cron template - cp $PROJECT_ROOT/tasks.cron /var/spool/cron/crontabs/$WEB_USER - chown $WEB_USER /var/spool/cron/crontabs/$WEB_USER - chmod 0600 /var/spool/cron/crontabs/$WEB_USER -else - # No cronjobs found remove crond from s6 - if [ -f /etc/services.d/cron ]; then - rm -r /etc/services.d/cron - fi -fi diff --git a/ubuntu-7.3/rootfs/etc/cont-init.d/02-init-directories-and-files b/ubuntu-7.3/rootfs/etc/cont-init.d/02-init-directories-and-files deleted file mode 100755 index bc210bd..0000000 --- a/ubuntu-7.3/rootfs/etc/cont-init.d/02-init-directories-and-files +++ /dev/null @@ -1,22 +0,0 @@ -#!/usr/bin/with-contenv bash - -# Create uploads directory if not exists -mkdir -p $UPLOADS_ROOT -chown $WEB_USER:$WEB_GROUP $UPLOADS_ROOT - -# Create dir for nginx tmp files -mkdir -p /tmp/nginx/body -chown -R $WEB_USER:$WEB_GROUP /tmp/nginx - -# Create log directories if they don't exist already -mkdir -p /var/log/{nginx,php,mail} - -# Create error.log so that php-fpm can write to it -touch /var/log/php/error.log - -# Chown all files to wordpress -chown -R $WEB_USER:$WEB_GROUP /var/log/{nginx,php,mail} - -# Give permissions to docker volume for shared cache -chmod 775 /sharedcache -chmod g+s /sharedcache diff --git a/ubuntu-7.3/rootfs/etc/nginx/additional.types b/ubuntu-7.3/rootfs/etc/nginx/additional.types deleted file mode 100644 index ac8070e..0000000 --- a/ubuntu-7.3/rootfs/etc/nginx/additional.types +++ /dev/null @@ -1,6 +0,0 @@ -# If developers add .woff2 type font files we should provide good Content-Type headers -types { - # Add mime support for woff2 - # http://stackoverflow.com/questions/28235550/proper-mime-type-for-woff2-fonts - font/woff2 woff2; -} diff --git a/ubuntu-7.3/rootfs/etc/nginx/cache/fastcgicache.conf b/ubuntu-7.3/rootfs/etc/nginx/cache/fastcgicache.conf deleted file mode 100644 index 3dab680..0000000 --- a/ubuntu-7.3/rootfs/etc/nginx/cache/fastcgicache.conf +++ /dev/null @@ -1,16 +0,0 @@ -## -# Add few rules which deny using cache -## -include cache/fastcgicache_skip_rules.conf; -include cache/helper_variables.conf; -fastcgi_cache_bypass $skip_cache; -fastcgi_no_cache $skip_cache; - -fastcgi_cache WORDPRESS; -#fastcgi_hide_header Expires; -#fastcgi_hide_header Cache-Control; -fastcgi_ignore_headers Set-Cookie Expires; -# Cache-Control; - -#proxy_ignore_headers Set-Cookie Expires Cache-Control; - diff --git a/ubuntu-7.3/rootfs/etc/nginx/cache/fastcgicache_headers.conf b/ubuntu-7.3/rootfs/etc/nginx/cache/fastcgicache_headers.conf deleted file mode 100644 index fe6a87b..0000000 --- a/ubuntu-7.3/rootfs/etc/nginx/cache/fastcgicache_headers.conf +++ /dev/null @@ -1,11 +0,0 @@ -# Add header for easier cache debugging -add_header X-Cache $upstream_cache_status always; - -# Add header to force cache rule from project -add_header 'Cache-Control' ${NGINX_CACHE_CONTROL}; - -# If you need to debug the cache mode, uncomment the following line -add_header X-cache-mode $cachemode; - -# Cache state -add_header X-Cache-State $state; \ No newline at end of file diff --git a/ubuntu-7.3/rootfs/etc/nginx/cache/fastcgicache_settings.conf b/ubuntu-7.3/rootfs/etc/nginx/cache/fastcgicache_settings.conf deleted file mode 100644 index 2f6f1d6..0000000 --- a/ubuntu-7.3/rootfs/etc/nginx/cache/fastcgicache_settings.conf +++ /dev/null @@ -1,10 +0,0 @@ -## -# Basic settings of Fast cgi cache -## -fastcgi_cache_path ${NGINX_CACHE_DIRECTORY} levels=1:2 keys_zone=WORDPRESS:100m max_size=1000m inactive=730h; -fastcgi_cache_key $scheme$request_method$host$request_uri; -fastcgi_cache_lock on; -fastcgi_cache_background_update on; -fastcgi_cache_use_stale ${NGINX_CACHE_USE_STALE}; -fastcgi_cache_valid ${NGINX_REDIS_CACHE_TTL_DEFAULT}; -fastcgi_cache_valid ${NGINX_FASTCGI_CACHE_VALID}; \ No newline at end of file diff --git a/ubuntu-7.3/rootfs/etc/nginx/cache/fastcgicache_skip_rules.conf b/ubuntu-7.3/rootfs/etc/nginx/cache/fastcgicache_skip_rules.conf deleted file mode 100644 index 65523b6..0000000 --- a/ubuntu-7.3/rootfs/etc/nginx/cache/fastcgicache_skip_rules.conf +++ /dev/null @@ -1,110 +0,0 @@ -## -# Add few rules which deny using cache -## - -# Don't skip cache by default -set $skip_cache 0; -# insert project specific cache rules to this file (delete this row when all projects are updated) -include /var/www/project/nginx/server/skip_cache.conf; -# insert project specific cache rules to this folder -include ${NGINX_INCLUDE_DIR}/skipcache/*.conf; - -# POST requests and urls with a query string should always go to PHP -if ($request_method = POST) { - set $skip_cache 1; -} - -# Deal with accepted query vars -set $without $query_string; - -# Init the cache mode variable -set $cachemode ""; - -set_by_lua_block $cache_args { - local mode = os.getenv( 'CACHE_MODE' ) - - if mode == nil then - mode = "whitelist" - end - - -- Helper split string function - function split( inputstr, sep ) - if sep == nil then - sep = "%s" - end - local t={} ; i=1 - for str in string.gmatch(inputstr, "([^" .. sep .. "]+)") do - t[ i ] = str - i = i + 1 - end - return t - end - - -- Helper escape special chars function - function esc( str ) - return str:gsub( "([^%w])", "%%%1" ) - end - - ngx.var.cachemode = mode - - if mode == "whitelist" then - local with = {} - local without = ngx.var.without or "" - - -- Get a list of accepted query vars from env variable - local accepted = split( ( os.getenv( 'CACHE_QUERYVARS' ) or "" ), "," ) - - -- Loop through the list - for key, accept in pairs(accepted) do - -- If there is a value present for the variable, store it in a variable - if ngx.decode_args( without )[ accept ] then - if type( ngx.decode_args( without )[ accept ] ) == "string" then - table.insert( with, accept .. "=" .. ngx.decode_args( without )[ accept ] ) - -- Remove the accepted key-value pair from the string - without = string.gsub( without, "&?" .. esc( accept ) .. "=[^&]+", "" ) - elseif type( ngx.decode_args( without )[ accept ] ) == "boolean" then - table.insert( with, accept .. "=true" ) - -- Remove the accepted key-value pair from the string - without = string.gsub( without, "&?" .. esc( accept ), "" ) - end - end - end - - -- Store all non-accepted query vars to checked later - ngx.var.without = without - - -- Return accepted query var key-value pairs to be used in the cache key - if next(with) == nil then - return "?" .. table.concat( with, "&" ) - end - - else - -- Get a list of blacklisted query vars from env variable - local blacklist = split( ( os.getenv( 'CACHE_QUERYVARS' ) or "" ), "," ) - local queryvars = ngx.decode_args( ngx.var.query_string or "" ) - - ngx.var.without = "" - - for key, queryvar in pairs(blacklist) do - if queryvars[ queryvar ] then - ngx.var.skip_cache = 1 - return - end - end - end -} - -# If there were any unaccepted query vars, skip cache -if ($without != "") { - set $skip_cache 1; -} - -# Don't use the cache for logged in users or recent commenters -if ($http_cookie ~* "comment_author|wordpress_[a-f0-9]+|wp-postpass|wordpress_no_cache|wordpress_sec|wordpress_logged_in|woocommerce_items_in_cart") { - set $skip_cache 1; -} - -# Don't cache responses from wp-admin, xmlrpc and wp-login.php -if ($request_uri ~* "/wp-admin/|/xmlrpc.php|wp-.*.php") { - set $skip_cache 1; -} \ No newline at end of file diff --git a/ubuntu-7.3/rootfs/etc/nginx/cache/helper_variables.conf b/ubuntu-7.3/rootfs/etc/nginx/cache/helper_variables.conf deleted file mode 100644 index ea10fb9..0000000 --- a/ubuntu-7.3/rootfs/etc/nginx/cache/helper_variables.conf +++ /dev/null @@ -1,15 +0,0 @@ -## -# This file creates few helper variables -# $prefer_language_slug - 2 first letters from accept-language header to determine the language redirects from cache -## - -## -# Parse first two letters from accept-language header to determine right cache key -## -set_by_lua_block $prefer_language_slug { - if ngx.var.http_accept_language then - return string.lower( string.match( ngx.var.http_accept_language, '%w%w' ) ) - else - return 'en' - end -} diff --git a/ubuntu-7.3/rootfs/etc/nginx/cache/redis_backend.conf b/ubuntu-7.3/rootfs/etc/nginx/cache/redis_backend.conf deleted file mode 100644 index e9f86a3..0000000 --- a/ubuntu-7.3/rootfs/etc/nginx/cache/redis_backend.conf +++ /dev/null @@ -1,45 +0,0 @@ -## -# Adds internal locations for storing and getting full page cache from redis -## - -srcache_default_expire '${NGINX_REDIS_CACHE_TTL_DEFAULT}'; -srcache_max_expire '${NGINX_REDIS_CACHE_TTL_MAX}'; - -location /redis-fetch { - internal; - - ## - # In order to use password authentication we use custom redis module which adds $redis_auth: - # - https://github.com/Yongke/ngx_http_redis-0.3.7 - ## - - # Read the configuration from system envs - set $redis_auth '${REDIS_PASSWORD}'; - set $redis_db ${REDIS_DATABASE}; - - set $redis_key $args; - - redis_pass ${REDIS_HOST}:${REDIS_PORT}; -} - -location /redis-store { - internal; - - set_unescape_uri $exptime $arg_exptime; - set_unescape_uri $key $arg_key; - - # Fix caching problem for now - # There's issue in github https://github.com/openresty/srcache-nginx-module/issues/61 - set_if_empty $srcache_expire '${NGINX_REDIS_CACHE_TTL_DEFAULT}'; - - # redis module pipelines these 3 commands into single request - redis2_query auth '${REDIS_PASSWORD}'; - redis2_query select ${REDIS_DATABASE}; - - # Set and expire with one command: http://redis.io/commands/setex - redis2_query setex $key $srcache_expire $echo_request_body; - - # Pass the request to redis - redis2_pass ${REDIS_HOST}:${REDIS_PORT}; - -} diff --git a/ubuntu-7.3/rootfs/etc/nginx/cache/skip_rules.conf b/ubuntu-7.3/rootfs/etc/nginx/cache/skip_rules.conf deleted file mode 100644 index 43344c8..0000000 --- a/ubuntu-7.3/rootfs/etc/nginx/cache/skip_rules.conf +++ /dev/null @@ -1,30 +0,0 @@ -## -# Add few rules which deny using cache -## - -# Don't skip cache by default -set $skip_cache 0; - -# POST requests and urls with a query string should always go to PHP -if ($request_method = POST) { - set $skip_cache 1; -} - -# If theres any args skip cache -if ($query_string != "") { - set $skip_cache 1; -} - -# Don't use the cache for logged in users or recent commenters -if ($http_cookie ~* "comment_author|wordpress_[a-f0-9]+|wp-postpass|wordpress_no_cache|wordpress_logged_in|woocommerce_items_in_cart") { - set $skip_cache 1; -} - -# Don't cache responses from wp-admin, xmlrpc and wp-login.php -if ($request_uri ~* "/wp-admin/|/xmlrpc.php|wp-.*.php") { - set $skip_cache 1; -} - -# Skip fetch and skip if conditions are met -srcache_fetch_skip $skip_cache; -srcache_store_skip $skip_cache; diff --git a/ubuntu-7.3/rootfs/etc/nginx/cache/srcache.conf b/ubuntu-7.3/rootfs/etc/nginx/cache/srcache.conf deleted file mode 100644 index 85027dd..0000000 --- a/ubuntu-7.3/rootfs/etc/nginx/cache/srcache.conf +++ /dev/null @@ -1,20 +0,0 @@ -## -# Add few rules which deny using cache -## -include cache/skip_rules.conf; -include cache/helper_variables.conf; - -# Use redis caching for all pages -# Allow different cache key from env -# Use 'wp_' prefix so that cache can be flushed with: -# $ wp cache flush -set $cache_key "${NGINX_CACHE_KEY}"; -set_escape_uri $escaped_cache_key $cache_key; - -srcache_response_cache_control on; - -srcache_fetch GET /redis-fetch $cache_key; -srcache_store PUT /redis-store key=$escaped_cache_key; - -# Add header for easier cache debugging -add_header X-Cache $srcache_fetch_status; diff --git a/ubuntu-7.3/rootfs/etc/nginx/env.conf b/ubuntu-7.3/rootfs/etc/nginx/env.conf deleted file mode 100644 index 1a133cb..0000000 --- a/ubuntu-7.3/rootfs/etc/nginx/env.conf +++ /dev/null @@ -1,14 +0,0 @@ -# Set custom enviromental variables that we need with lua here -# These are used to dynamically load -env PORT; -env WEB_ROOT; -env NGINX_MAX_BODY_SIZE; -env NGINX_TIMEOUT; - -# For nginx redis cache -env REDIS_HOST; -env REDIS_PORT; -env REDIS_DATABASE; -env REDIS_PASSWORD; -env CACHE_QUERYVARS; -env CACHE_MODE; \ No newline at end of file diff --git a/ubuntu-7.3/rootfs/etc/nginx/error_pages.conf b/ubuntu-7.3/rootfs/etc/nginx/error_pages.conf deleted file mode 100644 index 700cc6b..0000000 --- a/ubuntu-7.3/rootfs/etc/nginx/error_pages.conf +++ /dev/null @@ -1,31 +0,0 @@ -## -# Custom error pages -## - -## 403 - Forbidden -error_page 403 /403.html; -location = /403.html { - root /usr/share/nginx/html; - internal; -} - -## 500 - Internal Server Error -error_page 500 /500.html; -location = /500.html { - root /usr/share/nginx/html; - internal; -} - -## 502 - Bad Gateway -error_page 502 /502.html; -location = /502.html { - root /usr/share/nginx/html; - internal; -} - -## 504 - Gateway Timeout -error_page 504 /504.html; -location = /504.html { - root /usr/share/nginx/html; - internal; -} diff --git a/ubuntu-7.3/rootfs/etc/nginx/fastcgi_params b/ubuntu-7.3/rootfs/etc/nginx/fastcgi_params deleted file mode 100644 index 6fccf4f..0000000 --- a/ubuntu-7.3/rootfs/etc/nginx/fastcgi_params +++ /dev/null @@ -1,29 +0,0 @@ -# These are just basic things form request -fastcgi_param QUERY_STRING $query_string; -fastcgi_param REQUEST_METHOD $request_method; -fastcgi_param CONTENT_TYPE $content_type; -fastcgi_param CONTENT_LENGTH $content_length; - -fastcgi_param SCRIPT_NAME $fastcgi_script_name; -fastcgi_param REQUEST_URI $request_uri; -fastcgi_param DOCUMENT_URI $document_uri; -fastcgi_param DOCUMENT_ROOT $document_root; -fastcgi_param SERVER_PROTOCOL $server_protocol; - -fastcgi_param GATEWAY_INTERFACE CGI/1.1; -fastcgi_param SERVER_SOFTWARE nginx/$nginx_version; - -## -# Set these using the knowledge that we are behind proxy -## -fastcgi_param REMOTE_ADDR $real_remote; -fastcgi_param REMOTE_PORT $remote_port; -fastcgi_param SERVER_ADDR $server_addr; -fastcgi_param SERVER_PORT $real_port; -fastcgi_param SERVER_NAME $real_host; -fastcgi_param HTTPS $real_https; -fastcgi_param REQUEST_SCHEME $real_scheme; -fastcgi_param HTTP_HOST $real_host; - -# PHP only, required if PHP was built with --enable-force-cgi-redirect -fastcgi_param REDIRECT_STATUS 200; diff --git a/ubuntu-7.3/rootfs/etc/nginx/fastcgi_settings.conf b/ubuntu-7.3/rootfs/etc/nginx/fastcgi_settings.conf deleted file mode 100644 index 25683fb..0000000 --- a/ubuntu-7.3/rootfs/etc/nginx/fastcgi_settings.conf +++ /dev/null @@ -1,23 +0,0 @@ -# regex to split $uri to $fastcgi_script_name and $fastcgi_path -fastcgi_split_path_info ^(.+\.php)(/.+)$; - -# Bypass the fact that try_files resets $fastcgi_path_info -# see: http://trac.nginx.org/nginx/ticket/321 -set $path_info $fastcgi_path_info; -fastcgi_param PATH_INFO $path_info; - -# Intercept errors from php-fpm -# These can be: -# - timeouts for long running requests -# - requested php file might be missing or not existing in the first place -fastcgi_intercept_errors on; - -fastcgi_index index.php; - -# Small optimisation on fastcgi buffer size -# defaults are 8k; -fastcgi_buffers 16 16k; -fastcgi_buffer_size 16k; - -# Include basic fastcgi settings -include fastcgi_params; diff --git a/ubuntu-7.3/rootfs/etc/nginx/gzip.conf b/ubuntu-7.3/rootfs/etc/nginx/gzip.conf deleted file mode 100644 index 69737cc..0000000 --- a/ubuntu-7.3/rootfs/etc/nginx/gzip.conf +++ /dev/null @@ -1,58 +0,0 @@ -# Compression - -# Enable Gzip compressed. -gzip on; - -# Compression level (1-9). -# 5 is a perfect compromise between size and cpu usage, offering about -# 75% reduction for most ascii files (almost identical to level 9). -gzip_comp_level 5; - -# Don't compress anything that's already small and unlikely to shrink much -# if at all (the default is 20 bytes, which is bad as that usually leads to -# larger files after gzipping). -gzip_min_length 256; - -# Compress data even for clients that are connecting to us via proxies, -# identified by the "Via" header (required for CloudFront). -gzip_proxied any; - -# Tell proxies to cache both the gzipped and regular version of a resource -# whenever the client's Accept-Encoding capabilities header varies; -# Avoids the issue where a non-gzip capable client (which is extremely rare -# today) would display gibberish if their proxy gave them the gzipped version. -gzip_vary on; - -# Compress all output labeled with one of the following MIME-types. -gzip_types - application/atom+xml - application/javascript - application/json - application/ld+json - application/manifest+json - application/rss+xml - application/vnd.geo+json - application/vnd.ms-fontobject - application/x-font-ttf - application/x-web-app-manifest+json - application/xhtml+xml - application/xml - font/opentype - image/bmp - image/svg+xml - image/x-icon - text/cache-manifest - text/css - text/plain - text/vcard - text/vnd.rim.location.xloc - text/vtt - text/x-component - text/x-cross-domain-policy; -# text/html is always compressed by HttpGzipModule - -# This should be turned on if you are going to have pre-compressed copies (.gz) of -# static files available. If not it should be left off as it will cause extra I/O -# for the check. It is best if you enable this in a location{} block for -# a specific directory, or on an individual server{} level. -# gzip_static on; diff --git a/ubuntu-7.3/rootfs/etc/nginx/log_format.conf b/ubuntu-7.3/rootfs/etc/nginx/log_format.conf deleted file mode 100644 index 74c5779..0000000 --- a/ubuntu-7.3/rootfs/etc/nginx/log_format.conf +++ /dev/null @@ -1,16 +0,0 @@ -# Log cache status -# Log real requester address -log_format custom '[$time_local] $http_x_real_ip ' - '$host "$request" $status $body_bytes_sent $request_time ' - '"$http_referer" "$http_user_agent" $upstream_cache_status'; - -## -# Legacy formats which might be in use somewhere -## -# This log format makes it so we can see real requester's IP address \ -# not just the reverse proxy server's IP address. Also note, that \ -# "specialLog" can be replaced with any name you would like to \ -# give to this log format. -log_format specialLog '[$time_local] $http_x_real_ip ' - '$host "$request" $status $body_bytes_sent $request_time ' - '"$http_referer" "$http_user_agent" $upstream_cache_status'; \ No newline at end of file diff --git a/ubuntu-7.3/rootfs/etc/nginx/log_formats.conf b/ubuntu-7.3/rootfs/etc/nginx/log_formats.conf deleted file mode 100644 index 9e4e2fc..0000000 --- a/ubuntu-7.3/rootfs/etc/nginx/log_formats.conf +++ /dev/null @@ -1,19 +0,0 @@ -# Log cache status -# Log real requester address -log_format custom '[$time_local] $http_x_forwarded_for ' - '$host "$request" $status $body_bytes_sent $request_time ' - '"$http_referer" "$http_user_agent" $upstream_cache_status'; - -# A new log format for detecting bad bots. -log_format blocked '[$time_local] Blocked request from $http_x_forwarded_for $request'; - -## -# Legacy formats which might be in use somewhere -## -# This log format makes it so we can see real requester's IP address \ -# not just the reverse proxy server's IP address. Also note, that \ -# "specialLog" can be replaced with any name you would like to \ -# give to this log format. -log_format specialLog '[$time_local] $http_x_forwarded_for ' - '$host "$request" $status $body_bytes_sent $request_time ' - '"$http_referer" "$http_user_agent" $upstream_cache_status'; \ No newline at end of file diff --git a/ubuntu-7.3/rootfs/etc/nginx/nginx.conf b/ubuntu-7.3/rootfs/etc/nginx/nginx.conf deleted file mode 100644 index afc0e81..0000000 --- a/ubuntu-7.3/rootfs/etc/nginx/nginx.conf +++ /dev/null @@ -1,366 +0,0 @@ -# Default user and group for the nginx@index -user ${WEB_USER} ${WEB_GROUP}; - -# Default error log -error_log ${NGINX_ERROR_LOG} ${NGINX_ERROR_LEVEL}; - -# Write process id here -pid /var/run/nginx.pid; - -# Load custom environment variables -include env.conf; - -# How many worker threads to run; -# "auto" sets it to the number of CPU cores available in the system, and -# offers the best performance. Don't set it higher than the number of CPU -# cores if changing this parameter. - -# The maximum number of connections for Nginx is calculated by: -# max_clients = worker_processes * worker_connections -worker_processes auto; - -# Maximum open file descriptors per process; -# should be > worker_connections. -worker_rlimit_nofile 8192; - -events { - # When you need > 8000 * cpu_cores connections, you start optimizing your OS, - # and this is probably the point at which you hire people who are smarter than - # you, as this is *a lot* of requests. - worker_connections 8000; -} - -http { - - # Configure hashmaps so that environment does not change defaults - map_hash_max_size 262144; - map_hash_bucket_size 262144; - server_names_hash_bucket_size 64; - - # Hide nginx version information. - server_tokens off; - - #Enable Fastcgicache - include cache/fastcgicache_settings.conf; - - # Remove Server header entirely - more_clear_headers Server; - - # How long to allow each connection to stay idle; longer values are better - # for each individual client, particularly for SSL, but means that worker - # connections are tied up longer. (Default: 65) - keepalive_timeout 20; - - # Speed up file transfers by using sendfile() to copy directly - # between descriptors rather than using read()/write(). - sendfile on; - - # Tell Nginx not to send out partial frames; this increases throughput - # since TCP frames are filled up before being sent out. (adds TCP_CORK) - tcp_nopush on; - - # Gzip all the assets - include gzip.conf; - - # Add default pagespeed settings - include pagespeed/settings.conf; - - # Add all default mime types and additional ones - include additional.types; - include mime.types; - - default_type application/octet-stream; - - client_body_temp_path /tmp/nginx/body 1 2; - fastcgi_temp_path /tmp/nginx/fastcgi_temp 1 2; - - # Include custom log formats - include log_formats.conf; - - # Allow bigger default file uploads - client_max_body_size ${NGINX_MAX_BODY_SIZE}; - - # Allow bigger body buffer size in memory - client_body_buffer_size ${NGINX_BODY_BUFFER_SIZE}; - - # Include custom nginx http additions from project - include ${NGINX_INCLUDE_DIR}/http/*.conf; - include ${NGINX_INCLUDE_DIR}/environments/${WP_ENV}/http/*.conf; - - # load upstreams from one file which can be overwritten depending on situation - include upstreams.conf; - - # Add few headers which make XSS harder - include security_headers.conf; - - # Add headers from project - include ${NGINX_INCLUDE_DIR}/headers/*.conf; - - # Include cache headers - include cache/fastcgicache_headers.conf; - - # If ${PORT} != 80 means that we are behind reverse proxy as well - # This directive helps that we don't redirect clients into mysite.com:8080/resource type urls - port_in_redirect off; - - # Use theme assets straight from corresponding files for pagespeed - pagespeed ProcessScriptVariables on; - pagespeed LoadFromFile "$scheme://$host/app/themes/" "${WEB_ROOT}/app/themes/"; - pagespeed LoadFromFile "$scheme://$host/wp-content/themes/" "${WEB_ROOT}/wp/wp-content/themes/"; - - server { - # This is the default server for this container - listen ${PORT} default_server; - server_name _; - - root ${WEB_ROOT}; - - # Use index.php if it exists but also allow static websites in subfolders - index index.php index.html; - - access_log ${NGINX_ACCESS_LOG} custom; - - # Blocked log file - set $blocked_log /dev/stdout; - - disable_symlinks off; - - ## state variable must be set as it will crash nginx if logged in cache is not used - set $state ''; - - # Include custom nginx server additions from project - include ${NGINX_INCLUDE_DIR}/server/*.conf; - include ${NGINX_INCLUDE_DIR}/environments/${WP_ENV}/server/*.conf; - - set $custom_parameters ""; - - # Include custom cache confs - include ${NGINX_INCLUDE_DIR}/cache/*.conf; - - # Moved the cache key defining variable here so it can be altered by project - fastcgi_cache_key $scheme$request_method$host$uri$cache_args$custom_parameters$state; - - # These variables are proxy conscious, so that they work even though we are behind reverse proxy - include proxy_real_variables.conf; - - # Include custom error pages - include error_pages.conf; - - # Own handling for WP-activate that for some very odd reason serves itself as 404. - location = /wp-activate.php { - try_files /wp/$uri @index; - - include fastcgi_settings.conf; - - # Append subfolder automatically - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - - # Give sane max execution time to frontend - fastcgi_read_timeout 30; - fastcgi_pass php-fpm; - } - - location = /robots.txt { - if ( $host ~ gpilvi\.com|geniem\.io ) { - add_header Content-Type text/plain; - return 200 "User-agent: *\nDisallow: /\n"; - } - - allow all; - log_not_found off; - access_log off; - try_files $uri @index; - } - - location = /favicon.ico { - allow all; - log_not_found off; - access_log off; - try_files $uri @index; - } - - # deny all dot-files including git - location ~ /\. { - deny all; - log_not_found off; - access_log off; - } - - location / { - try_files $uri $uri/ /wp/$uri /wp/$uri/ @index; - } - - # Deny requesting .dust files from anywhere else in the theme than under the partials/public directory - location ~* \/themes\/[^\/]+\/partials\/public\/.*\.dust$ { - allow all; - } - - location ~* \/themes\/.*\.dust$ { - deny all; - } - - # Static files - location ~* \.(css|js|jpe?g|gif|ico|png|otf|ttf|eot|woff?2|svg|webp)$ { - - ## Deny overriding Pagespeed - if ($arg_pagespeed != '') { access_log $blocked_log blocked; return 403; } - if ($arg_pagespeedspeedfilters != '') { access_log $blocked_log blocked; return 403; } - - include static_files.conf; - - # These files are probably exactly like $uri says but also try from /wp/ - try_files $uri /wp/$uri @index; - - # Deny requesting plain style.css from theme root directory - location ~ ^.*/themes/[^/]+/style\.css { - - # Preserve this url - pagespeed CssPreserveUrls true; - - # Minify and remove comments from css - pagespeed EnableFilters rewrite_css; - - # Wait that nginx has prepared the file - pagespeed InPlaceWaitForOptimized on; - - # Don't ever try to load non modified style.css - pagespeed InPlaceRewriteDeadlineMs 100000000; - - # Don't allow overriding pagespeed with pagespeed fixed urls - # Source: https://github.com/pagespeed/ngx_pagespeed/issues/1306 - location ~ ^(.*)/themes/([^/]+)/style.*pagespeed.* { - return 301 $1/themes/$2/style.css; - } - } - - ## - # Static WordPress files ~ wp-* - # These files are probably in /wp/ subfolder but also try from $uri - ## - location ~ ^wp- { - try_files /wp/$uri $uri @index; - } - } - - # App folder contains our plugins and themes - # We want to server assets from here but deny all php execution - location /app/ { - try_files $uri @index; - - ## - # Deny access into php files under /app/ - ## - location ~ \.php$ { - access_log $blocked_log blocked; - deny all; - } - } - - ## - # Run all php files from wp subfolder - # This is how wordpress is supposed to be run - # It also prevents direct access to possibly insecure code inside our plugins - ## - location ~ \.php$ { - try_files /wp/$uri @index; - - include fastcgi_settings.conf; - - # Append subfolder automatically - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - - # Handover 404 errors from php-fpm to WordPress - error_page 404 = @index; - - # Give sane max execution time to frontend - fastcgi_read_timeout ${NGINX_FASTCGI_TIMEOUT}; - fastcgi_pass php-fpm; - - ## Deny access to all php files in uploads folders - location ~* ^/uploads { access_log $blocked_log blocked; deny all; } - location ~* ^/content/uploads { access_log $blocked_log blocked; deny all; } - location ~* ^/wp-content/uploads { access_log $blocked_log blocked; deny all; } - - ## Fix Full Path Disclosures if display_errors is on - ## Don't allow straight access into core wp-includes - location ~* ^/wp-includes { access_log $blocked_log blocked; deny all; } - } - # Create purge location to empty fullpage cache - location ~ /purge(/.*) { - fastcgi_cache_purge WORDPRESS "$scheme$request_method$host$1"; - } - # Create health location for contena healthcheck - location /__health { - access_log off; - return 200; - } - - # Include redis interfaces /redis-fetch & /redis-store - # include cache/redis_backend.conf; - - location @index { - - # Include custom nginx index additions from project - include ${NGINX_INCLUDE_DIR}/index/*.conf; - include ${NGINX_INCLUDE_DIR}/environments/${WP_ENV}/index/*.conf; - - ## Deny overriding Pagespeed - if ($arg_pagespeed != '') { access_log $blocked_log blocked; return 403; } - if ($arg_pagespeedspeedfilters != '') { access_log $blocked_log blocked; return 403; } - - # Use redis as proxy cache - #include cache/srcache.conf; - # Use fastcgi cache - include cache/fastcgicache.conf; - - # Fallback into php - include fastcgi_settings.conf; - fastcgi_param SCRIPT_FILENAME $document_root/index.php; - - # Give sane max execution time to frontend - fastcgi_read_timeout ${NGINX_FASTCGI_TIMEOUT}; - fastcgi_pass php-fpm; - } - - # WordPress is stupid - location = /wp-admin { rewrite ^ /wp-admin/ permanent; } - - location = / { - - ## Block hackers from enumerating users - if ( $arg_author ~ [0-9]+ ) { access_log $blocked_log blocked; return 403; } - - ## Deny overriding Pagespeed - if ($arg_pagespeed != '') { access_log $blocked_log blocked; return 403; } - if ($arg_pagespeedspeedfilters != '') { access_log $blocked_log blocked; return 403; } - - # Use redis as proxy cache - #include cache/srcache.conf; - # Use fastcgi cache - include cache/fastcgicache.conf; - - #Enable project spesific config to root block - include ${NGINX_INCLUDE_DIR}/environments/${WP_ENV}/root/*.conf; - - # Fallback into php - include fastcgi_settings.conf; - fastcgi_param SCRIPT_FILENAME $document_root/index.php; - - # Give sane max execution time to frontend - fastcgi_read_timeout ${NGINX_FASTCGI_TIMEOUT}; - fastcgi_pass php-fpm; - } - - # Prevent /wp/wp/wp/... rewrite loops - location ^~ /wp/ { - rewrite ^/wp/(.*)$ $1$is_args$args last; - } - - # Block some vulnerabilities always - include security.conf; - - # Include basic pagespeed locations like beacons - include pagespeed/locations.conf; - } - include ${NGINX_INCLUDE_DIR}/environments/${WP_ENV}/end/*.conf; -} diff --git a/ubuntu-7.3/rootfs/etc/nginx/pagespeed/locations.conf b/ubuntu-7.3/rootfs/etc/nginx/pagespeed/locations.conf deleted file mode 100644 index 46feb53..0000000 --- a/ubuntu-7.3/rootfs/etc/nginx/pagespeed/locations.conf +++ /dev/null @@ -1,7 +0,0 @@ -# Ensure requests for pagespeed optimized resources go to the pagespeed handler -# and no extraneous headers get set. -location ~ "\.pagespeed\.([a-z]\.)?[a-z]{2}\.[^.]{10}\.[^.]+" { - add_header "" ""; -} -location ~ "^/pagespeed_static/" { } -location ~ "^/ngx_pagespeed_beacon$" { } diff --git a/ubuntu-7.3/rootfs/etc/nginx/pagespeed/settings.conf b/ubuntu-7.3/rootfs/etc/nginx/pagespeed/settings.conf deleted file mode 100644 index be5a0a8..0000000 --- a/ubuntu-7.3/rootfs/etc/nginx/pagespeed/settings.conf +++ /dev/null @@ -1,13 +0,0 @@ -# Hide pagespeed version and provide this header instaed -pagespeed XHeaderValue "Enabled"; - -# Don't alter Cache-Control headers -pagespeed ModifyCachingHeaders off; - -# This is for pagespeed temporary files -# Needs to exist and be writable by nginx. Use tmpfs for best performance. -pagespeed FileCachePath /tmp/nginx/pagespeed; - -# Pagespeed sets default TTL from file to 300s, which is bad -# This sets the time to be 1 year -pagespeed LoadFromFileCacheTtlMs 2592000000; diff --git a/ubuntu-7.3/rootfs/etc/nginx/proxy_real_variables.conf b/ubuntu-7.3/rootfs/etc/nginx/proxy_real_variables.conf deleted file mode 100644 index e380f1f..0000000 --- a/ubuntu-7.3/rootfs/etc/nginx/proxy_real_variables.conf +++ /dev/null @@ -1,35 +0,0 @@ -## -# Set few variables since we use jwilder/nginx-proxy in dev and proxy in production -# So the fastcgi params need to be the original ones or you -# will have redirect loops ('canonical_redirect' mostly) -## - -# Set $host first from proxy (if possible) -set $real_host $http_x_forwarded_host; -if ($real_host = '') { - set $real_host $http_host; -} - -# Set server port according to forwarded proto -set $real_port 80; -if ($http_x_forwarded_proto = 'https') { - set $real_port 443; -} - -# Set https according to used proto -set $real_https off; -if ($http_x_forwarded_proto = 'https') { - set $real_https on; -} - -# Set scheme according to used proto -set $real_scheme 'http'; -if ($http_x_forwarded_proto = 'https') { - set $real_scheme 'https'; -} - -# Set original remote -set $real_remote $http_x_forwarded_for; -if ($real_remote = '') { - set $real_remote $remote_addr; -} diff --git a/ubuntu-7.3/rootfs/etc/nginx/security.conf b/ubuntu-7.3/rootfs/etc/nginx/security.conf deleted file mode 100644 index 24afdeb..0000000 --- a/ubuntu-7.3/rootfs/etc/nginx/security.conf +++ /dev/null @@ -1,27 +0,0 @@ -## Block SQL injections -location ~* union.*select.*\( { access_log $blocked_log blocked; return 403; } -location ~* union.*all.*select.* { access_log $blocked_log blocked; return 403; } -location ~* concat.*\( { access_log $blocked_log blocked; return 403; } - -## Block common exploits -location ~* (<|%3C).*script.*(>|%3E) { access_log $blocked_log blocked; return 403; } -location ~* base64_(en|de)code\(.*\) { access_log $blocked_log blocked; return 403; } -location ~* (%24&x) { access_log $blocked_log blocked; return 403; } -location ~* (%0|%A|%B|%C|%D|%E|%F|127\.0) { access_log $blocked_log blocked; return 403; } -location ~* \.\.\/ { access_log $blocked_log blocked; return 403; } -location ~* ~$ { access_log $blocked_log blocked; return 403; } -location ~* proc/self/environ { access_log $blocked_log blocked; return 403; } -location ~* /\.(htaccess|htpasswd|svn|git) { access_log $blocked_log blocked; return 403; } - -## Block file injections -location ~* [a-zA-Z0-9_]=(\.\.//?)+ { access_log $blocked_log blocked; return 403; } -location ~* [a-zA-Z0-9_]=/([a-z0-9_.]//?)+ { access_log $blocked_log blocked; return 403; } - -## wordpress security -location ~* wp-config.php { access_log $blocked_log blocked; return 403; } -location ~* wp-load.php { access_log $blocked_log blocked; return 403; } -location ~* wp-admin/includes { access_log $blocked_log blocked; return 403; } -location ~* wp-app\.log { access_log $blocked_log blocked; return 403; } -location ~* (licence|readme|license)\.(md|html|txt) { access_log $blocked_log blocked; return 403; } -location ~* composer.json { access_log $blocked_log blocked; return 403; } - diff --git a/ubuntu-7.3/rootfs/etc/nginx/security_headers.conf b/ubuntu-7.3/rootfs/etc/nginx/security_headers.conf deleted file mode 100644 index b29b11e..0000000 --- a/ubuntu-7.3/rootfs/etc/nginx/security_headers.conf +++ /dev/null @@ -1,25 +0,0 @@ -## -# Security headers, source: https://gist.github.com/plentz/6737338 -## - -# config to don't allow the browser to render the page inside an frame or iframe -# and avoid clickjacking http://en.wikipedia.org/wiki/Clickjacking -# if you need to allow [i]frames, you can use SAMEORIGIN or even set an uri with ALLOW-FROM uri -# https://developer.mozilla.org/en-US/docs/HTTP/X-Frame-Options -add_header X-Frame-Options SAMEORIGIN; - -# when serving user-supplied content, include a X-Content-Type-Options: nosniff header along with the Content-Type: header, -# to disable content-type sniffing on some browsers. -# https://www.owasp.org/index.php/List_of_useful_HTTP_headers -# currently suppoorted in IE > 8 http://blogs.msdn.com/b/ie/archive/2008/09/02/ie8-security-part-vi-beta-2-update.aspx -# http://msdn.microsoft.com/en-us/library/ie/gg622941(v=vs.85).aspx -# 'soon' on Firefox https://bugzilla.mozilla.org/show_bug.cgi?id=471020 -add_header X-Content-Type-Options nosniff always; - -# This header enables the Cross-site scripting (XSS) filter built into most recent web browsers. -# It's usually enabled by default anyway, so the role of this header is to re-enable the filter for -# this particular website if it was disabled by the user. -# https://www.owasp.org/index.php/List_of_useful_HTTP_headers -add_header X-XSS-Protection "1; mode=block"; - -add_header Strict-Transport-Security "max-age=31536000; includeSubdomains; preload"; diff --git a/ubuntu-7.3/rootfs/etc/nginx/static_files.conf b/ubuntu-7.3/rootfs/etc/nginx/static_files.conf deleted file mode 100644 index fa9d42d..0000000 --- a/ubuntu-7.3/rootfs/etc/nginx/static_files.conf +++ /dev/null @@ -1,13 +0,0 @@ -# Use version numbers to bypass cache -# Try to cache as long as we can -expires max; - -## No need to bleed constant updates. Send the all shebang in one -## fell swoop. -tcp_nodelay off; - -## Set the OS file cache. -open_file_cache max=3000 inactive=120s; -open_file_cache_valid 45s; -open_file_cache_min_uses 2; -open_file_cache_errors off; diff --git a/ubuntu-7.3/rootfs/etc/nginx/upstreams.conf b/ubuntu-7.3/rootfs/etc/nginx/upstreams.conf deleted file mode 100644 index 395d445..0000000 --- a/ubuntu-7.3/rootfs/etc/nginx/upstreams.conf +++ /dev/null @@ -1,4 +0,0 @@ -# Default php handler -upstream php-fpm { - server unix:/var/run/php-fpm.sock; -} diff --git a/ubuntu-7.3/rootfs/etc/php/7.3/cli/php.ini b/ubuntu-7.3/rootfs/etc/php/7.3/cli/php.ini deleted file mode 100644 index 9c11183..0000000 --- a/ubuntu-7.3/rootfs/etc/php/7.3/cli/php.ini +++ /dev/null @@ -1,73 +0,0 @@ -[PHP] -; This directive determines whether or not PHP will recognize code between -; tags as PHP source which should be processed as such. -short_open_tag = Off - -; Implicit flush tells PHP to tell the output layer to flush itself -; automatically after every output block. -implicit_flush = Off - -; This directive allows you to disable certain functions for security reasons. -; It receives a comma-delimited list of function names. -; http://php.net/disable-functions -disable_functions = - -; Enables or disables the circular reference collector. -; http://php.net/zend.enable-gc -zend.enable_gc = On - -;;;;;;;;;;;;;;;;; -; Miscellaneous ; -;;;;;;;;;;;;;;;;; - - -; Deny executing anything else than the exact path passed from fastcgi -; This causes the PHP interpreter to only try the literal path given and to stop processing if the file is not found. -; This is for security. -; https://www.nginx.com/resources/wiki/start/topics/tutorials/config_pitfalls/#passing-uncontrolled-requests-to-php -cgi.fix_pathinfo = 0 - -expose_php = Off - -;;;;;;;;;;;;;;;;;;; -; Resource Limits ; -;;;;;;;;;;;;;;;;;;; - -; Maximum execution time of each script, in seconds -max_execution_time = 600 - -; Maximum amount of time each script may spend parsing request data. -max_input_time = 60 - -; How many GET/POST/COOKIE input variables may be accepted -; max_input_vars = 1000 - -; Maximum amount of memory a script may consume (128MB) -memory_limit = ${PHP_MEMORY_LIMIT} - -;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; -; Error handling and logging ; -;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; - -error_reporting = E_ALL - -error_log = /proc/1/fd/2 - -display_errors = On - -display_startup_errors = On - -log_errors = On - -log_errors_max_len = 2048 - -ignore_repeated_errors = Off - -ignore_repeated_source = Off - -report_memleaks = On - -;This is deprecated from php7.2 so its disabled as of 5.4.2018 -;track_errors = On - -html_errors = Off diff --git a/ubuntu-7.3/rootfs/etc/php/7.3/fpm/conf.d/blocked.ini b/ubuntu-7.3/rootfs/etc/php/7.3/fpm/conf.d/blocked.ini deleted file mode 100644 index 4142569..0000000 --- a/ubuntu-7.3/rootfs/etc/php/7.3/fpm/conf.d/blocked.ini +++ /dev/null @@ -1,4 +0,0 @@ -; Disable some functions because they allow bad/vulnerable patterns -; We want to advocate good coding practises and these functions make it difficult -; You can use these with php cli but not with php-fpm -disable_functions = exec,passthru,shell_exec,show_source,system,pcntl_exec,popen,posix_getpwuid,posix_kill,posix_mkfifo,posix_setpgid,posix_setsid,posix_setuid,posix_setuid,posix_uname,proc_nice,proc_open,proc_close,proc_get_status diff --git a/ubuntu-7.3/rootfs/etc/php/7.3/fpm/conf.d/common.ini b/ubuntu-7.3/rootfs/etc/php/7.3/fpm/conf.d/common.ini deleted file mode 100644 index 5600222..0000000 --- a/ubuntu-7.3/rootfs/etc/php/7.3/fpm/conf.d/common.ini +++ /dev/null @@ -1,4 +0,0 @@ -[PHP] - -; Don't brag that we have php 7.0 -expose_php = Off diff --git a/ubuntu-7.3/rootfs/etc/php/7.3/fpm/conf.d/limits.ini b/ubuntu-7.3/rootfs/etc/php/7.3/fpm/conf.d/limits.ini deleted file mode 100644 index 6ccc766..0000000 --- a/ubuntu-7.3/rootfs/etc/php/7.3/fpm/conf.d/limits.ini +++ /dev/null @@ -1,7 +0,0 @@ -; filesize, time and input limits -max_execution_time = ${NGINX_FASTCGI_TIMEOUT} -max_input_time = -1 -max_input_vars = ${PHP_MAX_INPUT_VARS} -memory_limit = ${PHP_MEMORY_LIMIT} -post_max_size = ${NGINX_MAX_BODY_SIZE} -upload_max_filesize = ${NGINX_MAX_BODY_SIZE} diff --git a/ubuntu-7.3/rootfs/etc/php/7.3/fpm/conf.d/logging.ini b/ubuntu-7.3/rootfs/etc/php/7.3/fpm/conf.d/logging.ini deleted file mode 100644 index 6db568d..0000000 --- a/ubuntu-7.3/rootfs/etc/php/7.3/fpm/conf.d/logging.ini +++ /dev/null @@ -1,4 +0,0 @@ -; Log all warnings and errors -error_log = ${PHP_ERROR_LOG} -log_level = ${PHP_ERROR_LOG_LEVEL} -log_errors_max_len = ${PHP_ERROR_MAX_LEN} diff --git a/ubuntu-7.3/rootfs/etc/php/7.3/fpm/conf.d/mail.ini b/ubuntu-7.3/rootfs/etc/php/7.3/fpm/conf.d/mail.ini deleted file mode 100644 index d54d6f8..0000000 --- a/ubuntu-7.3/rootfs/etc/php/7.3/fpm/conf.d/mail.ini +++ /dev/null @@ -1,3 +0,0 @@ -[PHP] -; Use msmtp to send mail instead of sendmail -sendmail_path = "/usr/sbin/sendmail" diff --git a/ubuntu-7.3/rootfs/etc/php/7.3/fpm/conf.d/opcache.ini b/ubuntu-7.3/rootfs/etc/php/7.3/fpm/conf.d/opcache.ini deleted file mode 100644 index 41a7d2a..0000000 --- a/ubuntu-7.3/rootfs/etc/php/7.3/fpm/conf.d/opcache.ini +++ /dev/null @@ -1,24 +0,0 @@ -; Enable php opcache to make site faster -; These are taken from: https://www.scalingphpbook.com/blog/2014/02/14/best-zend-opcache-settings.html -[opcache] -opcache.enable = 1 -opcache.enable_cli = 1 - -; Provides a faster mechanism for calling the deconstructors in your code at the end of a single request to speed up the response and recycle php workers so they're ready for the next incoming request faster. -opcache.fast_shutdown = 1 - -; Give plenty of memory for php process for caching the code -opcache.memory_consumption = ${PHP_OPCACHE_MAX_MEMORY} - -; Log into container output -opcache.error_log = /dev/stderr - -; Log opcache warnings -opcache.log_verbosity_level = 2 - -; PHP uses a technique called string interning to improve performance— so, for example, if you have the string "foobar" 1000 times in your code, internally PHP will store 1 immutable variable for this string and just use a pointer to it for the other 999 times you use it. -; This reserves 16MB to storing the most used strings -opcache.interned_strings_buffer = 16 -opcache.max_accelerated_files = ${PHP_OPCACHE_MAX_FILES} - - diff --git a/ubuntu-7.3/rootfs/etc/php/7.3/fpm/conf.d/opcache_invalidate.conf b/ubuntu-7.3/rootfs/etc/php/7.3/fpm/conf.d/opcache_invalidate.conf deleted file mode 100644 index d152afa..0000000 --- a/ubuntu-7.3/rootfs/etc/php/7.3/fpm/conf.d/opcache_invalidate.conf +++ /dev/null @@ -1,5 +0,0 @@ -; Don't revalidate php files in this container -opcache.validate_timestamps = 0 - -; We don't need to cache php comments into opcache -opcache.save_comments = 0 diff --git a/ubuntu-7.3/rootfs/etc/php/7.3/fpm/conf.d/sessions.ini b/ubuntu-7.3/rootfs/etc/php/7.3/fpm/conf.d/sessions.ini deleted file mode 100644 index d5fb56c..0000000 --- a/ubuntu-7.3/rootfs/etc/php/7.3/fpm/conf.d/sessions.ini +++ /dev/null @@ -1,6 +0,0 @@ -;;;;;;;;;;;;;;;;;;;;;;;;;; -; Define Session backend ; -;;;;;;;;;;;;;;;;;;;;;;;;;; -; These env can also contain redis as backend -session.save_handler = ${PHP_SESSION_HANDLER} -session.save_path = ${PHP_SESSION_SAVE_PATH} diff --git a/ubuntu-7.3/rootfs/etc/php/7.3/fpm/conf.d/timezone.ini b/ubuntu-7.3/rootfs/etc/php/7.3/fpm/conf.d/timezone.ini deleted file mode 100644 index dfb2fec..0000000 --- a/ubuntu-7.3/rootfs/etc/php/7.3/fpm/conf.d/timezone.ini +++ /dev/null @@ -1,2 +0,0 @@ -; Timezone from env formatted like 'Europe/Helsinki' -date.timezone = ${TZ} diff --git a/ubuntu-7.3/rootfs/etc/php/7.3/fpm/php-fpm.conf b/ubuntu-7.3/rootfs/etc/php/7.3/fpm/php-fpm.conf deleted file mode 100644 index 0634b4e..0000000 --- a/ubuntu-7.3/rootfs/etc/php/7.3/fpm/php-fpm.conf +++ /dev/null @@ -1,35 +0,0 @@ -; Run this in foregroud so s6 can control it -daemonize = no - -; Log all warnings and errors -error_log = ${PHP_ERROR_LOG} -log_level = ${PHP_ERROR_LOG_LEVEL} - -[www] -user = ${WEB_USER} -group = ${WEB_GROUP} -listen = /var/run/php-fpm.sock -listen.owner = ${WEB_USER} -listen.group = ${WEB_GROUP} -pm = dynamic - -; Total RAM dedicated to the web server / Max child process size -pm.max_children = 30 - -pm.start_servers = 1 -pm.min_spare_servers = 1 -pm.max_spare_servers = 5 - -; Redirect worker stdout and stderr into main error log. If not set, stdout and -; stderr will be redirected to /dev/null according to FastCGI specs. -; Default Value: no -catch_workers_output = yes - -; Project web root -chdir = ${WEB_ROOT} - -pm.process_idle_timeout = 10s -pm.max_requests = 500 - -; Include extra configs -include=/etc/php/7.3/fpm/php-fpm.d/*.conf diff --git a/ubuntu-7.3/rootfs/etc/php/7.3/fpm/php-fpm.d/preserve-env.conf b/ubuntu-7.3/rootfs/etc/php/7.3/fpm/php-fpm.d/preserve-env.conf deleted file mode 100644 index 956d8ff..0000000 --- a/ubuntu-7.3/rootfs/etc/php/7.3/fpm/php-fpm.d/preserve-env.conf +++ /dev/null @@ -1,3 +0,0 @@ -; Just use all envs from system when php-fpm starts -; By default php-fpm flushes all envs and they need to be whitelisted -clear_env = no diff --git a/ubuntu-7.3/rootfs/etc/php/7.3/fpm/php.ini b/ubuntu-7.3/rootfs/etc/php/7.3/fpm/php.ini deleted file mode 100644 index bf0e19b..0000000 --- a/ubuntu-7.3/rootfs/etc/php/7.3/fpm/php.ini +++ /dev/null @@ -1,47 +0,0 @@ -;;; -; Production settings for php and php-fpm -;;; -; All directives from /etc/php/7.0/fpm/conf.d are also included -;;; - -[PHP] - -; Don't display errors into frontend -display_errors = ${PHP_DISPLAY_ERRORS} - -; disable ignoring of repeat errors -ignore_repeated_errors = false - -; disable ignoring of unique source errors -ignore_repeated_source = false - -; enable logging of php memory leaks -report_memleaks = true - -; Deny executing anything else than the exact path passed from fastcgi -; This causes the PHP interpreter to only try the literal path given and to stop processing if the file is not found. -; This is for security. Source: https://www.nginx.com/resources/wiki/start/topics/tutorials/config_pitfalls/#passing-uncontrolled-requests-to-php -cgi.fix_pathinfo = 0 - -; disable html markup of errors -html_errors = false - -; disable formatting of error reference links -docref_root = 0 - -; disable formatting of error reference links -docref_ext = 0 - -; disable max error string length ( by using so big number that bigger messages don't matter ) -log_errors_max_len = 10000 - -; Don't show startup errors -display_startup_errors = Off -;This is deprecated from php7.2 so its disabled as of 5.4.2018 -;track_errors = Off - -; Redirect worker stdout and stderr into main error log. If not set, stdout and -; stderr will be redirected to /dev/null according to FastCGI specs. -; Default Value: no -catch_workers_output = yes - diff --git a/ubuntu-7.3/rootfs/etc/services.d/cron/run b/ubuntu-7.3/rootfs/etc/services.d/cron/run deleted file mode 100644 index 444e2b9..0000000 --- a/ubuntu-7.3/rootfs/etc/services.d/cron/run +++ /dev/null @@ -1,4 +0,0 @@ -#!/usr/bin/with-contenv sh -echo "[services.d] started cron daemon" -# Runs cron daemon in foreground -cron -l 2 -f diff --git a/ubuntu-7.3/rootfs/etc/services.d/nginx/run b/ubuntu-7.3/rootfs/etc/services.d/nginx/run deleted file mode 100755 index ef92c7d..0000000 --- a/ubuntu-7.3/rootfs/etc/services.d/nginx/run +++ /dev/null @@ -1,4 +0,0 @@ -#!/usr/bin/with-contenv sh - -# Run nginx always in foreground -exec nginx -g "daemon off;" diff --git a/ubuntu-7.3/rootfs/etc/services.d/php-fpm/run b/ubuntu-7.3/rootfs/etc/services.d/php-fpm/run deleted file mode 100644 index 188b655..0000000 --- a/ubuntu-7.3/rootfs/etc/services.d/php-fpm/run +++ /dev/null @@ -1,53 +0,0 @@ -#!/usr/bin/with-contenv bash - -## -# Check which kind of session backend we should be using -## -if [ -z "$PHP_SESSION_SAVE_PATH" ]; then - echo "[php-fpm] configuring php-fpm session backend..." - - # Use 'files' as default session handler - export PHP_SESSION_HANDLER=${PHP_SESSION_HANDLER-files} - - case "$PHP_SESSION_HANDLER" in - - files) - mkdir -p /tmp/php - chown $WEB_USER:$WEB_GROUP /tmp/php - - # export new env for php-fpm - export PHP_SESSION_SAVE_PATH='/tmp/php' - ;; - redis) - # Set defaults - REDIS_HOST=${REDIS_HOST-$REDIS_1_PORT_6379_TCP_ADDR} - REDIS_PORT=${REDIS_PORT-6379} - REDIS_SCHEME=${REDIS_SCHEME-tcp} - REDIS_PHP_SESSION_HOST=${REDIS_PHP_SESSION_HOST-$REDIS_1_PORT_6379_TCP_ADDR} - - # After this time php-fpm will timeout from requesting session data - PHP_SESSION_REDIS_TIMEOUT=${PHP_SESSION_REDIS_TIMEOUT-5} - - PHP_SESSION_REDIS_PARAMS="timeout=$PHP_SESSION_REDIS_TIMEOUT" - - # Set these only if they are not 0 and '' because they add complexity for the query - if [ "$PHP_SESSION_REDIS_DB" != "" ]; then - PHP_SESSION_REDIS_PARAMS+="&database=$PHP_SESSION_REDIS_DB" - fi - if [ "$REDIS_PASSWORD" != "" ]; then - PHP_SESSION_REDIS_PARAMS+="&auth=$REDIS_PASSWORD" - fi - if [ "$PHP_SESSION_REDIS_PREFIX" != "" ]; then - PHP_SESSION_REDIS_PARAMS+="&prefix=$PHP_SESSION_REDIS_PREFIX" - fi - - # export new env for php-fpm - export PHP_SESSION_SAVE_PATH="$REDIS_SCHEME://$REDIS_PHP_SESSION_HOST:$REDIS_PORT?$PHP_SESSION_REDIS_PARAMS" - ;; - esac -fi -echo "[php-fpm] using $PHP_SESSION_SAVE_PATH for php sessions..." - -echo "[php-fpm] started php-fpm" -exec php-fpm -c /etc/php/7.3/fpm/php.ini --fpm-config /etc/php/7.3/fpm/php-fpm.conf --pid /var/run/php-fpm.pid - diff --git a/ubuntu-7.3/rootfs/usr/bin/wp b/ubuntu-7.3/rootfs/usr/bin/wp deleted file mode 100755 index e138ef0..0000000 --- a/ubuntu-7.3/rootfs/usr/bin/wp +++ /dev/null @@ -1,12 +0,0 @@ -#!/usr/bin/env bash -## -# WP-cli wrapper: Append path automatically so that user doesn't have to -## -if [ "$(whoami)" = "root" ]; then - # Run as wordpress user instead - # This helps that we don't install things as root - # Or run 3rd party code as root - gosu $WEB_USER /usr/local/bin/wp-cli "$@" --path=$WP_CORE -else - /usr/local/bin/wp-cli "$@" --path=$WP_CORE -fi diff --git a/ubuntu-7.3/rootfs/usr/local/bin/phinx b/ubuntu-7.3/rootfs/usr/local/bin/phinx deleted file mode 100755 index 854aa2f..0000000 --- a/ubuntu-7.3/rootfs/usr/local/bin/phinx +++ /dev/null @@ -1,27 +0,0 @@ -#!/usr/bin/env bash -## -# Phinx wrapper -# You need to install phinx through composer first -## - -# Export database host in prod and dev -if [ ! -z "$MYSQL_HOST" ]; then - export PHINX_DBHOST=$MYSQL_HOST -elif [ ! -z "$DB_HOST" ]; then - export PHINX_DBHOST=$DB_HOST -elif [ ! -z "$DB_PORT_3306_TCP_ADDR" ]; then - export PHINX_DBHOST=$DB_PORT_3306_TCP_ADDR -else - echo "ERROR: You need to set DB_HOST!" -fi - -# Export phinx envs -# Default to MYSQL_ envs but fallback to DB_ -export PHINX_DBPORT=${MYSQL_PORT-$DB_PORT} -export PHINX_DBNAME=${MYSQL_DATABASE-$DB_NAME} -export PHINX_DBUSER=${MYSQL_USER-$DB_USER} -export PHINX_DBPASSWORD=${MYSQL_PWD-$DB_PASSWORD} -export PHINX_ENVIRONMENT=$WP_ENV - -# Run phinx -php $PROJECT_ROOT/vendor/bin/phinx $@ diff --git a/ubuntu-7.3/rootfs/usr/local/bin/print-smtp-password b/ubuntu-7.3/rootfs/usr/local/bin/print-smtp-password deleted file mode 100755 index f59d906..0000000 --- a/ubuntu-7.3/rootfs/usr/local/bin/print-smtp-password +++ /dev/null @@ -1,5 +0,0 @@ -#!/bin/bash -# This is so that we can use msmtp without /etc/msmtprc config file -# msmtp doesn't have --password option and it only has --passwordeval option -# We use this script so that we can use it in passwordeval -echo $SMTP_PASSWORD diff --git a/ubuntu-7.3/rootfs/usr/local/bin/wp-run-cron b/ubuntu-7.3/rootfs/usr/local/bin/wp-run-cron deleted file mode 100755 index e5c4aa8..0000000 --- a/ubuntu-7.3/rootfs/usr/local/bin/wp-run-cron +++ /dev/null @@ -1,42 +0,0 @@ -#!/bin/bash -# Copyright © 2015 Bjørn Johansen -# This work is free. You can redistribute it and/or modify it under the -# terms of the Do What The Fuck You Want To Public License, Version 2, -# as published by Sam Hocevar. See http://www.wtfpl.net/ for more details. -# Source: https://bjornjohansen.no/wordpress-cron-wp-cli -# Github: https://gist.github.com/bjornjohansen/a00a9fee5475c4dadb56#file-run-wp-cron-sh - -# This is modified for our container. In this container you don't need to use --path -# because it's automatically included - -# Check if WP-CLI is available -if ! hash wp 2>/dev/null; then - echo "[wp-cron] ERROR: WP-CLI is not available" - exit -fi - -# If WordPress isn’t installed here, we bail -if ! wp core is-installed --quiet >> /dev/null; then - echo "[wp-cron] ERROR: WordPress is not installed here: ${WP_CORE}" - exit -fi - -# Get a list of site URLs -if wp core is-installed --quiet --network >> /dev/null; -then - SITE_URLS=`wp site list --fields=url --archived=0 --deleted=0 --format=csv | sed 1d` -else - SITE_URLS=(`wp option get siteurl`) -fi - -# Loop through all the sites -for SITE_URL in $SITE_URLS -do - # replaced loop with better solution - wp cron event run --due-now --url="$SITE_URL" - # Run all event hooks that are due - #for EVENT_HOOK in $(wp cron event list --format=csv --fields=hook,next_run_relative --url="$SITE_URL" | grep now$ | awk -F ',' '{print $1}') - #do - # wp cron event run "$EVENT_HOOK" --url="$SITE_URL" --quiet - #done -done diff --git a/ubuntu-7.3/rootfs/usr/sbin/sendmail b/ubuntu-7.3/rootfs/usr/sbin/sendmail deleted file mode 100755 index ec8c40f..0000000 --- a/ubuntu-7.3/rootfs/usr/sbin/sendmail +++ /dev/null @@ -1,66 +0,0 @@ -#!/bin/bash -## -# This is custom wrapper for msmtp which acts like good old sendmail -# - It is used for php and cron -# - This is easier to configure for external mail server than sendmail -# - sendmail is just the default binary which other services will use -# - It needs following env: SMTP_HOST, SMTP_PASSWORD, SMTP_PORT, SMTP_AUTH, SMTP_USER -## - -# Deduce all used msmtp options from system ENVs -declare -a options - -# Act like sendmail -options+=("-t") - -# Use system tls chain -options+=("--tls-trust-file=/etc/ssl/certs/ca-certificates.crt") - -if [ -n "$SMTP_HOST" ]; then - options+=("--host=$SMTP_HOST") -else - echo "[mail error] SMTP_HOST is not defined, mail can't be sent" - exit 1 -fi - -# Log all mail requests -# try /var/log/mail/sent.log but use stdout when logfile is not available -if [ -n "$SMTP_LOG" ]; then - options+=("--logfile=$SMTP_LOG") -elif [ -f /var/log/mail/sent.log ]; then - options+=("--logfile=/var/log/mail/sent.log") -fi - -if [ -n "$SMTP_FROM" ]; then - options+=("--from=$SMTP_FROM") -fi - -# Default port for smtp is 25 and it will work even without this option -if [ -n "$SMTP_PORT" ]; then - options+=("--port=$SMTP_PORT") -fi - -# Setup credentials -if [ -n "$SMTP_USER" ]; then - options+=("--user=$SMTP_USER") -fi - -# msmtp doesn't provide password option because usually it's unsafe -# Use local hack for passwordeval -if [ -n "$SMTP_PASSWORD" ]; then - options+=("--passwordeval=/usr/local/bin/print-smtp-password") -fi - - -if [ -n "$SMTP_AUTH" ]; then - options+=("--auth=$SMTP_AUTH") -elif [ -n "$SMTP_USER" ] || [ -n "$SMTP_PASSWORD" ]; then - options+=("--auth=on") -fi - -if [ -n "$SMTP_TLS" ]; then - options+=("--tls=$SMTP_TLS") -fi - -# Add our options and command line options for msmtp -msmtp ${options[@]} "$@" diff --git a/ubuntu-7.3/rootfs/usr/share/nginx/html/403.html b/ubuntu-7.3/rootfs/usr/share/nginx/html/403.html deleted file mode 100644 index 3f85394..0000000 --- a/ubuntu-7.3/rootfs/usr/share/nginx/html/403.html +++ /dev/null @@ -1,95 +0,0 @@ - - - - - - -403 Forbidden - - - - - - - - -
-
-

403 Forbidden

-

Sorry! You don't have access permissions for that on .

-

Take Me To The Homepage - -

-
-
-
-
-
-
-

What happened?

-

A 403 error status indicates that you don't have permission to access the file or page. In general, web servers and websites have directories and files that are not open to the public web for security reasons.

-
-
-

What can I do?

-

If you're a site visitor

-

Please use your browsers back button and check that you're in the right place. If you need immediate assistance, please send us an email instead.

-

If you're the site owner

-

Please check that you're in the right place and get in touch with your website provider if you believe this to be an error.

-
-
-
-
- - - - - - - diff --git a/ubuntu-7.3/rootfs/usr/share/nginx/html/500.html b/ubuntu-7.3/rootfs/usr/share/nginx/html/500.html deleted file mode 100644 index e5fac20..0000000 --- a/ubuntu-7.3/rootfs/usr/share/nginx/html/500.html +++ /dev/null @@ -1,89 +0,0 @@ - - - - - - -500 Internal Server Error - - - - - - - - -
- -
-

500 Internal Server Error

-

The web server is returning an internal error for .

- Try This Page Again -
-
-
-
-
-
-

What happened?

-

A 500 error status implies there is a problem with the web server's software causing it to malfunction.

-
-
-

What can I do?

-

If you're a site visitor

-

Nothing you can do at the moment. If you need immediate assistance, please send us an email instead. We apologize for any inconvenience.

-

If you're the site owner

-

This error can only be fixed by server admins, please contact your website provider.

-
-
-
-
- - - - - - - diff --git a/ubuntu-7.3/rootfs/usr/share/nginx/html/502.html b/ubuntu-7.3/rootfs/usr/share/nginx/html/502.html deleted file mode 100644 index e7d79c1..0000000 --- a/ubuntu-7.3/rootfs/usr/share/nginx/html/502.html +++ /dev/null @@ -1,98 +0,0 @@ - - - - - - - -502 Bad Gateway - - - - - - - - -
- -
-

502 Bad Gateway

-

The web server is returning an unexpected networking error for .

- Try This Page Again -
-
-
-
-
-
-

What happened?

-

A 502 error status implies that that the server received an invalid response from an upstream server it accessed to fulfill the request.

-
-
-

What can I do?

-

If you're a site visitor

-

Check to see if this website down for everyone or just you. -

-

Also, clearing your browser cache and refreshing the page may clear this issue. If the problem persists and you need immediate assistance, please send us an email instead.

-

If you're the site owner

-

Clearing your browser cache and refreshing the page may clear this issue. If the problem persists and you need immediate assistance, please contact your website provider.

-
-
-
-
- - - - - - - - diff --git a/ubuntu-7.3/rootfs/usr/share/nginx/html/504.html b/ubuntu-7.3/rootfs/usr/share/nginx/html/504.html deleted file mode 100644 index f37b919..0000000 --- a/ubuntu-7.3/rootfs/usr/share/nginx/html/504.html +++ /dev/null @@ -1,100 +0,0 @@ - - - - - - - -504 Gateway Timeout - - - - - - - - -
- -
-

504 Gateway Timeout

-

The web server is returning an unexpected networking error for .

- Try This Page Again -
-
-
-
- - -
-
-

What happened?

-

A 504 error status implies there is a slow IP communication problem between back-end servers attempting to fulfill this request.

-
-
-

What can I do?

-

If you're a site visitor

-

Check to see if this website down for everyone or just you. -

-

Also, clearing your browser cache and refreshing the page may clear this issue. If the problem persists and you need immediate assistance, please send us an email instead.

-

If you're the site owner

-

Clearing your browser cache and refreshing the page may clear this issue. If the problem persists and you need immediate assistance, please contact your website provider.

-
-
-
-
- - - - - - - - From 069c4ad292ada70b7d984ab2b3bcf459ca06a091 Mon Sep 17 00:00:00 2001 From: Hannu Kumpula Date: Wed, 27 Jan 2021 10:01:48 +0200 Subject: [PATCH 13/46] syntax error dockerfile fix --- ubuntu-7.4/Dockerfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/ubuntu-7.4/Dockerfile b/ubuntu-7.4/Dockerfile index b5c4da6..388fc88 100644 --- a/ubuntu-7.4/Dockerfile +++ b/ubuntu-7.4/Dockerfile @@ -136,9 +136,9 @@ ENV \ NGINX_FASTCGI_CACHE_CONTROL='"max-age=60, stale-while-revalidate=300, stale-if-error=21600"'\ NGINX_CACHE_CONTROL='"max-age=60, stale-while-revalidate=300, stale-if-error=21600"'\ #Default time for fastcgi cache path inactive attribute - NGINX_FASTCGI_CACHE_INACTIVE="730h" + NGINX_FASTCGI_CACHE_INACTIVE="730h" \ #Fastcgi default value for updating cache on background - NGINX_FASTCGI_CACHE_BACKGROUND_UPDATE="on" + NGINX_FASTCGI_CACHE_BACKGROUND_UPDATE="on" \ # Cronlock is used to stop simultaneous cronjobs in clusterised environments CRONLOCK_HOST="" \ # This is used by nginx and php-fpm From 5f73b85bb98889fc16d96dd7fcfb20b52957f54b Mon Sep 17 00:00:00 2001 From: Hannu Kumpula Date: Wed, 27 Jan 2021 10:20:28 +0200 Subject: [PATCH 14/46] configurable pm --- CHANGELOG.md | 1 + ubuntu-7.4/Dockerfile | 7 ++++++- ubuntu-7.4/rootfs/etc/php/7.4/fpm/php-fpm.conf | 10 +++++----- 3 files changed, 12 insertions(+), 6 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 6025418..96317f2 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -11,6 +11,7 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0. ### Added - more envs for configuring +- php process manager configurable from envs - ignore cache key attributes - renamed envs for clarity diff --git a/ubuntu-7.4/Dockerfile b/ubuntu-7.4/Dockerfile index 388fc88..70b20b3 100644 --- a/ubuntu-7.4/Dockerfile +++ b/ubuntu-7.4/Dockerfile @@ -150,7 +150,7 @@ ENV \ # Allow bigger file uploads NGINX_MAX_BODY_SIZE="20M" \ # Allow storing bigger body in memory - NGINX_BODY_BUFFER_SIZE="32k" \ + NGINX_BODY_BUFFER_SIZE="10M" \ # Have sane fastcgi timeout by default NGINX_FASTCGI_TIMEOUT="30" \ # Have sane fastcgi timeout by default @@ -167,6 +167,11 @@ ENV \ PHP_ERROR_LOG_MAX_LEN="8192" \ PHP_SESSION_REDIS_DB="0" \ PHP_SESSION_HANDLER="files" \ + PHP_PM_MODE="dynamic" \ + PHP_PM_MAX_CHILDREN="25" \ + PHP_PM_START_SERVERS="8" \ + PHP_PM_MIN_SPARE_SERVERS="2" \ + PHP_PM_MAX_SPARE_SERVERS="4" \ # You should count the *.php files in your project and set this number to be bigger # $ find . -type f -print | grep php | wc -l PHP_OPCACHE_MAX_FILES="8000" \ diff --git a/ubuntu-7.4/rootfs/etc/php/7.4/fpm/php-fpm.conf b/ubuntu-7.4/rootfs/etc/php/7.4/fpm/php-fpm.conf index 54cd4bb..a6acdb9 100644 --- a/ubuntu-7.4/rootfs/etc/php/7.4/fpm/php-fpm.conf +++ b/ubuntu-7.4/rootfs/etc/php/7.4/fpm/php-fpm.conf @@ -11,14 +11,14 @@ group = ${WEB_GROUP} listen = /var/run/php-fpm.sock listen.owner = ${WEB_USER} listen.group = ${WEB_GROUP} -pm = dynamic +pm = ${PHP_PM_MODE} ; Total RAM dedicated to the web server / Max child process size -pm.max_children = 20 +pm.max_children = ${PHP_PM_MAX_CHILDREN} -pm.start_servers = 1 -pm.min_spare_servers = 1 -pm.max_spare_servers = 5 +pm.start_servers = ${PHP_PM_START_SERVERS} +pm.min_spare_servers = ${PHP_PM_MIN_SPARE_SERVERS} +pm.max_spare_servers = ${PHP_PM_MAX_SPARE_SERVERS} ; Redirect worker stdout and stderr into main error log. If not set, stdout and ; stderr will be redirected to /dev/null according to FastCGI specs. From b6c58760d9e1a0bd52a25a30d6d093ff6a161a0c Mon Sep 17 00:00:00 2001 From: JuhaniGeniem Date: Wed, 27 Jan 2021 10:36:53 +0200 Subject: [PATCH 15/46] Added PHP_DISABLE_FUNCTIONS env --- CHANGELOG.md | 2 +- ubuntu-7.4/Dockerfile | 3 ++- ubuntu-7.4/rootfs/etc/php/7.4/fpm/conf.d/blocked.ini | 2 +- 3 files changed, 4 insertions(+), 3 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 96317f2..f667127 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -14,7 +14,7 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0. - php process manager configurable from envs - ignore cache key attributes - renamed envs for clarity - +- PHP_DISABLE_FUNCTIONS env ## [1.5.2] - 2020-08-10 diff --git a/ubuntu-7.4/Dockerfile b/ubuntu-7.4/Dockerfile index 70b20b3..cf8d5b7 100644 --- a/ubuntu-7.4/Dockerfile +++ b/ubuntu-7.4/Dockerfile @@ -171,7 +171,8 @@ ENV \ PHP_PM_MAX_CHILDREN="25" \ PHP_PM_START_SERVERS="8" \ PHP_PM_MIN_SPARE_SERVERS="2" \ - PHP_PM_MAX_SPARE_SERVERS="4" \ + PHP_PM_MAX_SPARE_SERVERS="4" \ + PHP_DISABLE_FUNCTIONS="exec,passthru,shell_exec,show_source,system,pcntl_exec,popen,posix_getpwuid,posix_kill,posix_mkfifo,posix_setpgid,posix_setsid,posix_setuid,posix_setuid,posix_uname,proc_nice,proc_open,proc_close,proc_get_status" \ # You should count the *.php files in your project and set this number to be bigger # $ find . -type f -print | grep php | wc -l PHP_OPCACHE_MAX_FILES="8000" \ diff --git a/ubuntu-7.4/rootfs/etc/php/7.4/fpm/conf.d/blocked.ini b/ubuntu-7.4/rootfs/etc/php/7.4/fpm/conf.d/blocked.ini index 4142569..694a4c5 100644 --- a/ubuntu-7.4/rootfs/etc/php/7.4/fpm/conf.d/blocked.ini +++ b/ubuntu-7.4/rootfs/etc/php/7.4/fpm/conf.d/blocked.ini @@ -1,4 +1,4 @@ ; Disable some functions because they allow bad/vulnerable patterns ; We want to advocate good coding practises and these functions make it difficult ; You can use these with php cli but not with php-fpm -disable_functions = exec,passthru,shell_exec,show_source,system,pcntl_exec,popen,posix_getpwuid,posix_kill,posix_mkfifo,posix_setpgid,posix_setsid,posix_setuid,posix_setuid,posix_uname,proc_nice,proc_open,proc_close,proc_get_status +disable_functions = ${PHP_DISABLE_FUNCTIONS} From 3a8252d6acbb3ebf5b855d1ead4f47e84600604e Mon Sep 17 00:00:00 2001 From: JuhaniGeniem Date: Wed, 27 Jan 2021 11:33:37 +0200 Subject: [PATCH 16/46] Fixed spare servers --- ubuntu-7.4/Dockerfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/ubuntu-7.4/Dockerfile b/ubuntu-7.4/Dockerfile index cf8d5b7..a60fc11 100644 --- a/ubuntu-7.4/Dockerfile +++ b/ubuntu-7.4/Dockerfile @@ -170,8 +170,8 @@ ENV \ PHP_PM_MODE="dynamic" \ PHP_PM_MAX_CHILDREN="25" \ PHP_PM_START_SERVERS="8" \ - PHP_PM_MIN_SPARE_SERVERS="2" \ - PHP_PM_MAX_SPARE_SERVERS="4" \ + PHP_PM_MIN_SPARE_SERVERS="4" \ + PHP_PM_MAX_SPARE_SERVERS="8" \ PHP_DISABLE_FUNCTIONS="exec,passthru,shell_exec,show_source,system,pcntl_exec,popen,posix_getpwuid,posix_kill,posix_mkfifo,posix_setpgid,posix_setsid,posix_setuid,posix_setuid,posix_uname,proc_nice,proc_open,proc_close,proc_get_status" \ # You should count the *.php files in your project and set this number to be bigger # $ find . -type f -print | grep php | wc -l From 493dde24e5615df7b53b6a61b2bb65ea41e81fc1 Mon Sep 17 00:00:00 2001 From: JuhaniGeniem Date: Thu, 28 Jan 2021 11:29:13 +0200 Subject: [PATCH 17/46] Fixed typo on NGINX_FASTCGI_INACTIVE --- ubuntu-7.4/rootfs/etc/nginx/cache/fastcgicache_settings.conf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ubuntu-7.4/rootfs/etc/nginx/cache/fastcgicache_settings.conf b/ubuntu-7.4/rootfs/etc/nginx/cache/fastcgicache_settings.conf index 3474723..34792b2 100644 --- a/ubuntu-7.4/rootfs/etc/nginx/cache/fastcgicache_settings.conf +++ b/ubuntu-7.4/rootfs/etc/nginx/cache/fastcgicache_settings.conf @@ -1,7 +1,7 @@ ## # Basic settings of Fast cgi cache ## -fastcgi_cache_path ${NGINX_FASTCGI_CACHE_DIRECTORY} levels=1:2 keys_zone=WORDPRESS:100m max_size=${NGINX_FASTCGI_CACHE_MAX_SIZE} inactive=${NGINX_FASTCGI_INACTIVE}; +fastcgi_cache_path ${NGINX_FASTCGI_CACHE_DIRECTORY} levels=1:2 keys_zone=WORDPRESS:100m max_size=${NGINX_FASTCGI_CACHE_MAX_SIZE} inactive=${NGINX_FASTCGI_CACHE_INACTIVE}; fastcgi_cache_key $scheme$request_method$host$request_uri_path$cache_args$state; fastcgi_cache_lock on; fastcgi_cache_background_update "${NGINX_FASTCGI_CACHE_BACKGROUND_UPDATE}"; From 4bd4fcfd4625a956b23c4a7e709de578d159e211 Mon Sep 17 00:00:00 2001 From: JuhaniGeniem Date: Thu, 28 Jan 2021 11:55:35 +0200 Subject: [PATCH 18/46] Fixed NGINX_FASTCGI_CACHE_USE_STALE --- ubuntu-7.4/rootfs/etc/cont-init.d/00-render-templates | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ubuntu-7.4/rootfs/etc/cont-init.d/00-render-templates b/ubuntu-7.4/rootfs/etc/cont-init.d/00-render-templates index 102c6c9..0d4eaf1 100755 --- a/ubuntu-7.4/rootfs/etc/cont-init.d/00-render-templates +++ b/ubuntu-7.4/rootfs/etc/cont-init.d/00-render-templates @@ -53,7 +53,7 @@ VARS+='$REDIS_HOST:$REDIS_PORT:$REDIS_DATABASE:$REDIS_PASSWORD' VARS+='$GOOGLE_CLOUD_STORAGE_BUCKET_NAME' # Add cache variables -VARS+='$NGINX_FASTCGI_CACHE_VALID:$NGINX_FASTCGI_CACHE_VALID_2:$NGINX_FASTCGI_CACHE_VALID_3:$NGINX_FASTCGI_CACHE_VALID_4:$NGINX_FASTCGI_CACHE_VALID_5:$NGINX_FASTCGI_CACHE_MAX_SIZE:$NGINX_FASTCGI_CACHE_INACTIVE:$NGINX_FASTCGI_CACHE_BACKGROUND_UPDATE:$NGINX_CACHE_USE_STALE:$NGINX_FASTCGI_CACHE_CONTROL:$NGINX_FASTCGI_CACHE_DIRECTORY' +VARS+='$NGINX_FASTCGI_CACHE_VALID:$NGINX_FASTCGI_CACHE_VALID_2:$NGINX_FASTCGI_CACHE_VALID_3:$NGINX_FASTCGI_CACHE_VALID_4:$NGINX_FASTCGI_CACHE_VALID_5:$NGINX_FASTCGI_CACHE_MAX_SIZE:$NGINX_FASTCGI_CACHE_INACTIVE:$NGINX_FASTCGI_CACHE_BACKGROUND_UPDATE:$NGINX_CACHE_USE_STALE:$NGINX_FASTCGI_CACHE_CONTROL:$NGINX_FASTCGI_CACHE_DIRECTORY:$NGINX_FASTCGI_CACHE_USE_STALE' render_env_tmpl "$VARS" /etc/nginx/cache/redis_backend.conf From 12d9cb103f9eccea7003e462f61fb1d8b528433d Mon Sep 17 00:00:00 2001 From: JuhaniGeniem Date: Thu, 28 Jan 2021 13:31:55 +0200 Subject: [PATCH 19/46] php74-stable migration --- .../nginx/cache/fastcgicache_settings.conf | 20 ++++--------------- 1 file changed, 4 insertions(+), 16 deletions(-) diff --git a/ubuntu-7.4/rootfs/etc/nginx/cache/fastcgicache_settings.conf b/ubuntu-7.4/rootfs/etc/nginx/cache/fastcgicache_settings.conf index 34792b2..af5ca66 100644 --- a/ubuntu-7.4/rootfs/etc/nginx/cache/fastcgicache_settings.conf +++ b/ubuntu-7.4/rootfs/etc/nginx/cache/fastcgicache_settings.conf @@ -7,19 +7,7 @@ fastcgi_cache_lock on; fastcgi_cache_background_update "${NGINX_FASTCGI_CACHE_BACKGROUND_UPDATE}"; fastcgi_cache_use_stale ${NGINX_FASTCGI_CACHE_USE_STALE}; fastcgi_cache_valid ${NGINX_FASTCGI_CACHE_VALID}; - -if ("${NGINX_FASTCGI_CACHE_VALID_2}" != "") { - fastcgi_cache_valid ${NGINX_FASTCGI_CACHE_VALID_2}; -} - -if ("${NGINX_FASTCGI_CACHE_VALID_3}" != "") { - fastcgi_cache_valid ${NGINX_FASTCGI_CACHE_VALID_3}; -} - -if ("${NGINX_FASTCGI_CACHE_VALID_4}" != "") { - fastcgi_cache_valid ${NGINX_FASTCGI_CACHE_VALID_4}; -} - -if ("${NGINX_FASTCGI_CACHE_VALID_5}" != "") { - fastcgi_cache_valid ${NGINX_FASTCGI_CACHE_VALID_5}; -} \ No newline at end of file +fastcgi_cache_valid ${NGINX_FASTCGI_CACHE_VALID_2}; +fastcgi_cache_valid ${NGINX_FASTCGI_CACHE_VALID_3}; +fastcgi_cache_valid ${NGINX_FASTCGI_CACHE_VALID_4}; +fastcgi_cache_valid ${NGINX_FASTCGI_CACHE_VALID_5}; \ No newline at end of file From 38e563ac427f116d1b70ab34fdcd8016dd26cc6a Mon Sep 17 00:00:00 2001 From: JuhaniGeniem Date: Thu, 28 Jan 2021 13:47:42 +0200 Subject: [PATCH 20/46] php74-stable migration --- .../rootfs/etc/nginx/cache/fastcgicache_settings.conf | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/ubuntu-7.4/rootfs/etc/nginx/cache/fastcgicache_settings.conf b/ubuntu-7.4/rootfs/etc/nginx/cache/fastcgicache_settings.conf index af5ca66..821d51d 100644 --- a/ubuntu-7.4/rootfs/etc/nginx/cache/fastcgicache_settings.conf +++ b/ubuntu-7.4/rootfs/etc/nginx/cache/fastcgicache_settings.conf @@ -6,8 +6,8 @@ fastcgi_cache_key $scheme$request_method$host$request_uri_path$cache_args$state; fastcgi_cache_lock on; fastcgi_cache_background_update "${NGINX_FASTCGI_CACHE_BACKGROUND_UPDATE}"; fastcgi_cache_use_stale ${NGINX_FASTCGI_CACHE_USE_STALE}; -fastcgi_cache_valid ${NGINX_FASTCGI_CACHE_VALID}; -fastcgi_cache_valid ${NGINX_FASTCGI_CACHE_VALID_2}; -fastcgi_cache_valid ${NGINX_FASTCGI_CACHE_VALID_3}; -fastcgi_cache_valid ${NGINX_FASTCGI_CACHE_VALID_4}; -fastcgi_cache_valid ${NGINX_FASTCGI_CACHE_VALID_5}; \ No newline at end of file +${NGINX_FASTCGI_CACHE_VALID} +${NGINX_FASTCGI_CACHE_VALID_2} +${NGINX_FASTCGI_CACHE_VALID_3} +${NGINX_FASTCGI_CACHE_VALID_4} +${NGINX_FASTCGI_CACHE_VALID_5} \ No newline at end of file From ff5beda666bfd9fd8e2a5002fb323566465c5e40 Mon Sep 17 00:00:00 2001 From: JuhaniGeniem Date: Thu, 28 Jan 2021 13:54:32 +0200 Subject: [PATCH 21/46] php74-stable migration --- ubuntu-7.4/rootfs/etc/nginx/cache/fastcgicache_settings.conf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ubuntu-7.4/rootfs/etc/nginx/cache/fastcgicache_settings.conf b/ubuntu-7.4/rootfs/etc/nginx/cache/fastcgicache_settings.conf index 821d51d..f9be5bf 100644 --- a/ubuntu-7.4/rootfs/etc/nginx/cache/fastcgicache_settings.conf +++ b/ubuntu-7.4/rootfs/etc/nginx/cache/fastcgicache_settings.conf @@ -6,7 +6,7 @@ fastcgi_cache_key $scheme$request_method$host$request_uri_path$cache_args$state; fastcgi_cache_lock on; fastcgi_cache_background_update "${NGINX_FASTCGI_CACHE_BACKGROUND_UPDATE}"; fastcgi_cache_use_stale ${NGINX_FASTCGI_CACHE_USE_STALE}; -${NGINX_FASTCGI_CACHE_VALID} +fastcgi_cache_valid ${NGINX_FASTCGI_CACHE_VALID}; ${NGINX_FASTCGI_CACHE_VALID_2} ${NGINX_FASTCGI_CACHE_VALID_3} ${NGINX_FASTCGI_CACHE_VALID_4} From 5621c60226b8da1f5f10d1f88a3ab8311ba5d889 Mon Sep 17 00:00:00 2001 From: JuhaniGeniem Date: Thu, 28 Jan 2021 14:31:03 +0200 Subject: [PATCH 22/46] php74-stable migration --- README.md | 167 +----------------------------------------------------- 1 file changed, 3 insertions(+), 164 deletions(-) diff --git a/README.md b/README.md index e106756..74e17d2 100644 --- a/README.md +++ b/README.md @@ -1,165 +1,4 @@ -# Lightweight PHP-FPM & Nginx Docker Image for WordPress -[![devgeniem/alpine-wordpress docker image](http://dockeri.co/image/devgeniem/wordpress-server)](https://registry.hub.docker.com/u/devgeniem/wordpress-server/) +# Under construction +README was deleted due to legacy reasons. -[![License](https://img.shields.io/:license-mit-blue.svg?style=flat-square)](http://badges.mit-license.org) - -This is maintained repository. We use this project in production and recommend this for your projects too. This container doesn't have mysql or email, you need to provide them from elsewhere. This can be other container or your host machine. - -I tried to include all build, test and project tools in [docker-alpine-wordpress](https://github.com/devgeniem/docker-alpine-wordpress) image. I think that more modular design is better for docker and security as well. - -This project tries to be as minimal as possible and doesn't include anything that we don't absolutely need in the runtime. - -## Aren't you only supposed to run one process per container? -We think that docker container should be small set of processes which provide one service rather than one clumsy process. This container uses [s6-overlay](https://github.com/just-containers/s6-overlay) in order to run php-fpm and nginx together. - -## Container layout -Mount your wordpress project into: -``` -/var/www/project -``` - -Your project should define web root in: -``` -/var/www/project/web -``` -This is the place where nginx will serve requests. This is compatible with [bedrock layout](https://github.com/roots/bedrock). - -### Override project path -You can use `OVERRIDE_PROJECT_ROOT` variable to change project path with symlink. - -For example in `Drone CI` all mounts are done into `/drone/src` folder and we use `OVERRIDE_PROJECT_ROOT=/drone/src/project` in our testing. - -Container creates a symlink from /var/www/project into `$OVERRIDE_PROJECT_ROOT` which allows us to use custom path. - -## User permissions -You can use `WP_GID` and `WP_UID` env to change web user and group. - -If these are not set container will look for owner:group from files mounted in `/var/www/project/web/`. - -If these files are owned by root user or root group the container will automatically use 100:101 as permissions instead. This is so that we won't never run nginx and php-fpm as root. - -## Nginx includes -You can have custom nginx includes in your project mount `/var/www/project/nginx`. - -**Include into http {} block:** -`/var/www/project/nginx/http/*.conf` - -**Include into server {} block:** -`/var/www/project/nginx/server/*.conf` - -**Include into @index {} block:** -`/var/www/project/nginx/index/*.conf` - -See more in our [wp-project template](https://github.com/devgeniem/wp-project). - -## Cron jobs -You can place cron file in `/var/www/project/tasks.cron`. This is symlinked to crond and run as user `wordpress`. - -For example: -``` -# do daily/weekly/monthly maintenance -* * * * * echo "test log from: $(whoami)..." >> /tmp/test.log -``` - -## Environment Variables - -### Timezone -This sets timezone for the environment and php. See candidates here: http://php.net/manual/en/timezones.php -``` -TZ # Default: 'Europe/Helsinki' -``` - -### Development/Production - -``` -WP_ENV # Default: '' Options: development,testing,production,pretty-much-anything-you-want -``` - -### Database variables (mysql/mariadb) - -``` -DB_NAME # Default: '' -DB_PASSWORD # Default: '' -DB_USER # Default: '' -DB_HOST # Default: '' -DB_PORT # Default: '' -``` - -Remember to set `DB_NAME`, `DB_PASSWORD` and `DB_USER` and use these variables in your wp-config.php. These are automatically added as envs in php context. - -### Email variables - -``` -SMTP_HOST -``` - -This variable changes the host where container tries to send mail from. By default this is docker host `172.17.0.1`. - -``` -SMTP_PORT -``` - -This variable changes the port where container tries to connect in order to send mail. By default this is `25`. - -``` -SMTP_TLS -``` - -If this is provided use username in authenticating to mail server. Default: null -``` -SMTP_USER -``` - -If this is provided use password in authenticating to mail server. Default: null -``` -SMTP_PASSWORD -``` - -If this is `on` mail will use username/password authentication in connections to smtp server. -This will automatically activate if you use `SMTP_USER` and `SMTP_PASSWORD`. Default: `off` -``` -SMTP_AUTH -``` - -See more about these variables in [msmtp docs](http://msmtp.sourceforge.net/doc/msmtp.html#Authentication). - -### PHP and Nginx Variables -You can change following env to change php configs: - -``` -# Variables and default values -PHP_MEMORY_LIMIT=128M -NGINX_MAX_BODY_SIZE=64M -NGINX_FASTCGI_TIMEOUT=30 -``` - -``` -# These defaulta are only for PHP 7.3 -# Default fastcgi cache directory -NGINX_CACHE_DIRECTORY=/dev/cache - -# Default operations when fastcgi stale cache is used -NGINX_CACHE_USE_STALE="error timeout invalid_header updating http_500 http_503 http_403 http_404 http_429" - - -NGINX_REDIS_CACHE_TTL_DEFAULT="200 301 302 1m" - -# Default headers for fastcgi stale- and error cache -NGINX_CACHE_CONTROL='"max-age=60, stale-while-revalidate=300, stale-if-error=21600"' - -# list of parameters to be included in cached requests separated by comma (default empty) -CACHE_QUERYVARS= - -# Cache mode blacklist or whitelist, default whitelist (possible values: blacklist, whitelist) -CACHE_MODE= -``` - -## What's inside container: -### For running WordPress -- php7.xx -- php-fpm7 -- nginx -- wp-cli - -### For sending emails with smtp server -- msmtp +New README will come later. \ No newline at end of file From ee384d84c4048f6dc1b23f1ca65e3cf660b4739f Mon Sep 17 00:00:00 2001 From: JuhaniGeniem Date: Thu, 28 Jan 2021 15:12:18 +0200 Subject: [PATCH 23/46] php74-stable migration --- ubuntu-7.4/rootfs/etc/cont-init.d/00-render-templates | 6 +----- .../rootfs/etc/cont-init.d/02-init-directories-and-files | 3 --- 2 files changed, 1 insertion(+), 8 deletions(-) diff --git a/ubuntu-7.4/rootfs/etc/cont-init.d/00-render-templates b/ubuntu-7.4/rootfs/etc/cont-init.d/00-render-templates index 0d4eaf1..b7fe19e 100755 --- a/ubuntu-7.4/rootfs/etc/cont-init.d/00-render-templates +++ b/ubuntu-7.4/rootfs/etc/cont-init.d/00-render-templates @@ -55,9 +55,6 @@ VARS+='$GOOGLE_CLOUD_STORAGE_BUCKET_NAME' # Add cache variables VARS+='$NGINX_FASTCGI_CACHE_VALID:$NGINX_FASTCGI_CACHE_VALID_2:$NGINX_FASTCGI_CACHE_VALID_3:$NGINX_FASTCGI_CACHE_VALID_4:$NGINX_FASTCGI_CACHE_VALID_5:$NGINX_FASTCGI_CACHE_MAX_SIZE:$NGINX_FASTCGI_CACHE_INACTIVE:$NGINX_FASTCGI_CACHE_BACKGROUND_UPDATE:$NGINX_CACHE_USE_STALE:$NGINX_FASTCGI_CACHE_CONTROL:$NGINX_FASTCGI_CACHE_DIRECTORY:$NGINX_FASTCGI_CACHE_USE_STALE' -render_env_tmpl "$VARS" /etc/nginx/cache/redis_backend.conf - -render_env_tmpl "$VARS" /etc/nginx/cache/srcache.conf render_env_tmpl "$VARS" /etc/nginx/cache/fastcgicache_settings.conf render_env_tmpl "$VARS" /etc/nginx/cache/fastcgicache_skip_rules.conf render_env_tmpl "$VARS" /etc/nginx/cache/fastcgicache_headers.conf @@ -77,8 +74,7 @@ for conf_file in $(find $NGINX_INCLUDE_DIR -type f -name '*.tmpl'); do done # Encrypt basic auth password if it set -if [[ -z "${BASIC_AUTH_PASSWORD}" ]]; -then +if [ -z "$BASIC_AUTH_PASSWORD" ]; then echo "Not encrypting BASIC_AUTH_PASSWORD..." else BASIC_AUTH_PASSWORD_HASH=$(openssl passwd -crypt $BASIC_AUTH_PASSWORD) diff --git a/ubuntu-7.4/rootfs/etc/cont-init.d/02-init-directories-and-files b/ubuntu-7.4/rootfs/etc/cont-init.d/02-init-directories-and-files index d7e2a7d..34df974 100755 --- a/ubuntu-7.4/rootfs/etc/cont-init.d/02-init-directories-and-files +++ b/ubuntu-7.4/rootfs/etc/cont-init.d/02-init-directories-and-files @@ -16,6 +16,3 @@ touch /var/log/php/error.log # Chown all files to wordpress chown -R $WEB_USER:$WEB_GROUP /var/log/{nginx,php,mail} - -chmod 775 /sharedcache -chmod g+s /sharedcache \ No newline at end of file From aaf208f5fa1fcd0d430e7a1deaf56206ebc9d7bd Mon Sep 17 00:00:00 2001 From: Hannu Kumpula Date: Fri, 5 Feb 2021 14:39:40 +0200 Subject: [PATCH 24/46] redis envs fix --- CHANGELOG.md | 4 ++++ ubuntu-7.4/rootfs/etc/cont-init.d/00-render-templates | 2 ++ ubuntu-7.4/rootfs/etc/nginx/cache/helper_variables.conf | 8 ++++++++ 3 files changed, 14 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index f667127..8578f92 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -5,6 +5,10 @@ The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/) and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.html). +## [1.6.1] - 2021-02-25 +### Fixed +- Redis envs rendered again to make redis work + ## [1.6] - 2021-01-27 ### Removed - old php versions diff --git a/ubuntu-7.4/rootfs/etc/cont-init.d/00-render-templates b/ubuntu-7.4/rootfs/etc/cont-init.d/00-render-templates index b7fe19e..9ef91bc 100755 --- a/ubuntu-7.4/rootfs/etc/cont-init.d/00-render-templates +++ b/ubuntu-7.4/rootfs/etc/cont-init.d/00-render-templates @@ -55,6 +55,8 @@ VARS+='$GOOGLE_CLOUD_STORAGE_BUCKET_NAME' # Add cache variables VARS+='$NGINX_FASTCGI_CACHE_VALID:$NGINX_FASTCGI_CACHE_VALID_2:$NGINX_FASTCGI_CACHE_VALID_3:$NGINX_FASTCGI_CACHE_VALID_4:$NGINX_FASTCGI_CACHE_VALID_5:$NGINX_FASTCGI_CACHE_MAX_SIZE:$NGINX_FASTCGI_CACHE_INACTIVE:$NGINX_FASTCGI_CACHE_BACKGROUND_UPDATE:$NGINX_CACHE_USE_STALE:$NGINX_FASTCGI_CACHE_CONTROL:$NGINX_FASTCGI_CACHE_DIRECTORY:$NGINX_FASTCGI_CACHE_USE_STALE' + +render_env_tmpl "$VARS" /etc/nginx/cache/helper_variables.conf render_env_tmpl "$VARS" /etc/nginx/cache/fastcgicache_settings.conf render_env_tmpl "$VARS" /etc/nginx/cache/fastcgicache_skip_rules.conf render_env_tmpl "$VARS" /etc/nginx/cache/fastcgicache_headers.conf diff --git a/ubuntu-7.4/rootfs/etc/nginx/cache/helper_variables.conf b/ubuntu-7.4/rootfs/etc/nginx/cache/helper_variables.conf index ea10fb9..f71359f 100644 --- a/ubuntu-7.4/rootfs/etc/nginx/cache/helper_variables.conf +++ b/ubuntu-7.4/rootfs/etc/nginx/cache/helper_variables.conf @@ -3,6 +3,14 @@ # $prefer_language_slug - 2 first letters from accept-language header to determine the language redirects from cache ## +# Render redis envs to not break the redis password nul problem, hacky.... +# ${REDIS_PASSWORD} +# ${REDIS_DATABASE} +# ${REDIS_HOST} +# ${REDIS_PORT} +# ${REDIS_CACHE_TTL} + + ## # Parse first two letters from accept-language header to determine right cache key ## From 124edfadace004600edf464a79b4507e17413ca2 Mon Sep 17 00:00:00 2001 From: Hannu Kumpula Date: Thu, 3 Jun 2021 13:53:33 +0300 Subject: [PATCH 25/46] added $cookie_nocache variable to cache bypass to enable cache bypass via cookie --- ubuntu-7.4/rootfs/etc/nginx/cache/fastcgicache.conf | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/ubuntu-7.4/rootfs/etc/nginx/cache/fastcgicache.conf b/ubuntu-7.4/rootfs/etc/nginx/cache/fastcgicache.conf index 3dab680..7d93b52 100644 --- a/ubuntu-7.4/rootfs/etc/nginx/cache/fastcgicache.conf +++ b/ubuntu-7.4/rootfs/etc/nginx/cache/fastcgicache.conf @@ -3,14 +3,12 @@ ## include cache/fastcgicache_skip_rules.conf; include cache/helper_variables.conf; -fastcgi_cache_bypass $skip_cache; -fastcgi_no_cache $skip_cache; +fastcgi_cache_bypass $skip_cache $cookie_nocache; +fastcgi_no_cache $skip_cache $cookie_nocache; fastcgi_cache WORDPRESS; #fastcgi_hide_header Expires; #fastcgi_hide_header Cache-Control; fastcgi_ignore_headers Set-Cookie Expires; -# Cache-Control; -#proxy_ignore_headers Set-Cookie Expires Cache-Control; From 1b56093c8a60c68f7b907b09abbd53908beb96a6 Mon Sep 17 00:00:00 2001 From: Hannu Kumpula Date: Wed, 30 Jun 2021 14:46:49 +0300 Subject: [PATCH 26/46] changelog modified --- CHANGELOG.md | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 8578f92..baa2696 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -5,6 +5,11 @@ The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/) and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.html). +## [1.6.2] - 2021-02-25 +### Added + +- added $cookie_nocache variable to cache bypass to enable cache bypass control via cookie + ## [1.6.1] - 2021-02-25 ### Fixed - Redis envs rendered again to make redis work From e00f2090746b2a3842d042bebdb085cd46d46364 Mon Sep 17 00:00:00 2001 From: Hannu Kumpula Date: Thu, 12 Aug 2021 15:59:54 +0300 Subject: [PATCH 27/46] updated base image to edge2 tag --- CHANGELOG.md | 8 ++++++++ ubuntu-7.4/Dockerfile | 2 +- ubuntu-7.4/rootfs/etc/nginx/nginx.conf | 2 +- 3 files changed, 10 insertions(+), 2 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index baa2696..a35ec30 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -5,6 +5,14 @@ The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/) and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.html). +## [1.7.0] - 2021-02-25 +### Changed +- Updated repo to use edge2 tag from devgeniem/ubuntu-docker-openresty-pagespeed +- This might ne a breaking change + +### Fixed +- Updated map_hash_bucket_size value to 128 as previous value was out of scope. + ## [1.6.2] - 2021-02-25 ### Added diff --git a/ubuntu-7.4/Dockerfile b/ubuntu-7.4/Dockerfile index a60fc11..13c45ee 100644 --- a/ubuntu-7.4/Dockerfile +++ b/ubuntu-7.4/Dockerfile @@ -1,4 +1,4 @@ -FROM devgeniem/ubuntu-docker-openresty-pagespeed:edge +FROM devgeniem/ubuntu-docker-openresty-pagespeed:edge2 MAINTAINER Ville Pietarinen - Geniem Oy ## diff --git a/ubuntu-7.4/rootfs/etc/nginx/nginx.conf b/ubuntu-7.4/rootfs/etc/nginx/nginx.conf index 2f6a659..6211efb 100644 --- a/ubuntu-7.4/rootfs/etc/nginx/nginx.conf +++ b/ubuntu-7.4/rootfs/etc/nginx/nginx.conf @@ -34,7 +34,7 @@ http { # Configure hashmaps so that environment does not change defaults map_hash_max_size 262144; - map_hash_bucket_size 262144; + map_hash_bucket_size 128; server_names_hash_bucket_size 64; # Hide nginx version information. From 6468d1ccb66356151b85a469ed448f923a936a8b Mon Sep 17 00:00:00 2001 From: Hannu Kumpula Date: Thu, 12 Aug 2021 16:20:40 +0300 Subject: [PATCH 28/46] typo --- CHANGELOG.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index a35ec30..19be14a 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -8,7 +8,7 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0. ## [1.7.0] - 2021-02-25 ### Changed - Updated repo to use edge2 tag from devgeniem/ubuntu-docker-openresty-pagespeed -- This might ne a breaking change +- This might be a breaking change ### Fixed - Updated map_hash_bucket_size value to 128 as previous value was out of scope. From 820983e790b37a207f324c10a0856368e230dd84 Mon Sep 17 00:00:00 2001 From: Hannu Kumpula Date: Thu, 12 Aug 2021 16:31:01 +0300 Subject: [PATCH 29/46] fixed changelo date --- CHANGELOG.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 19be14a..556b749 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -5,7 +5,7 @@ The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/) and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.html). -## [1.7.0] - 2021-02-25 +## [1.7.0] - 2021-08-12 ### Changed - Updated repo to use edge2 tag from devgeniem/ubuntu-docker-openresty-pagespeed - This might be a breaking change From 1725291f1ed94385a1a3d8240e1621dd830501ab Mon Sep 17 00:00:00 2001 From: Hannu Kumpula Date: Wed, 18 Aug 2021 14:53:40 +0300 Subject: [PATCH 30/46] fastcgi_intercept_errors configurable from ENV --- CHANGELOG.md | 6 ++++-- ubuntu-7.4/Dockerfile | 2 ++ ubuntu-7.4/rootfs/etc/nginx/fastcgi_settings.conf | 2 +- 3 files changed, 7 insertions(+), 3 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 556b749..98cef25 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -7,8 +7,10 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0. ## [1.7.0] - 2021-08-12 ### Changed -- Updated repo to use edge2 tag from devgeniem/ubuntu-docker-openresty-pagespeed -- This might be a breaking change +- Updated repo to use edge2 tag from devgeniem/ubuntu-docker-openresty-pagespeed. This might be a breaking change + +### Added +- fastcgi_intercept_errors configurable from env FASTCGI_INTERCEPT_ERRORS, default on ### Fixed - Updated map_hash_bucket_size value to 128 as previous value was out of scope. diff --git a/ubuntu-7.4/Dockerfile b/ubuntu-7.4/Dockerfile index 13c45ee..dfffb56 100644 --- a/ubuntu-7.4/Dockerfile +++ b/ubuntu-7.4/Dockerfile @@ -159,6 +159,8 @@ ENV \ NGINX_ERROR_LOG="/dev/stderr" \ # Have sane fastcgi timeout by default NGINX_ACCESS_LOG="/dev/stdout" \ + # Intercepted and redirect error greater than 300 to nginx for processing + FASTCGI_INTERCEPT_ERRORS="on" \ # PHP settings PHP_MEMORY_LIMIT="128M" \ PHP_MAX_INPUT_VARS="1000" \ diff --git a/ubuntu-7.4/rootfs/etc/nginx/fastcgi_settings.conf b/ubuntu-7.4/rootfs/etc/nginx/fastcgi_settings.conf index 25683fb..3c4a3d2 100644 --- a/ubuntu-7.4/rootfs/etc/nginx/fastcgi_settings.conf +++ b/ubuntu-7.4/rootfs/etc/nginx/fastcgi_settings.conf @@ -10,7 +10,7 @@ fastcgi_param PATH_INFO $path_info; # These can be: # - timeouts for long running requests # - requested php file might be missing or not existing in the first place -fastcgi_intercept_errors on; +fastcgi_intercept_errors ${FASTCGI_INTERCEPT_ERRORS}; fastcgi_index index.php; From 8ba71423a9a01a2bb88886bb38529d6cb65e0db7 Mon Sep 17 00:00:00 2001 From: Hannu Kumpula Date: Wed, 18 Aug 2021 18:12:15 +0300 Subject: [PATCH 31/46] added fastcgi settings to env renderer --- ubuntu-7.4/Dockerfile | 2 +- ubuntu-7.4/rootfs/etc/cont-init.d/00-render-templates | 3 ++- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/ubuntu-7.4/Dockerfile b/ubuntu-7.4/Dockerfile index dfffb56..1d4994f 100644 --- a/ubuntu-7.4/Dockerfile +++ b/ubuntu-7.4/Dockerfile @@ -1,5 +1,5 @@ FROM devgeniem/ubuntu-docker-openresty-pagespeed:edge2 -MAINTAINER Ville Pietarinen - Geniem Oy +MAINTAINER Ville Pietarinen, Hannu Kumpula - Geniem Oy ## # Only use these during installation diff --git a/ubuntu-7.4/rootfs/etc/cont-init.d/00-render-templates b/ubuntu-7.4/rootfs/etc/cont-init.d/00-render-templates index 9ef91bc..12a0dee 100755 --- a/ubuntu-7.4/rootfs/etc/cont-init.d/00-render-templates +++ b/ubuntu-7.4/rootfs/etc/cont-init.d/00-render-templates @@ -29,8 +29,9 @@ echo "[cont-init.d] Substituting env into configuration files..." ## # Nginx doesn't support env variables in config files so we will have to do this in hacky way instead ## -VARS='$PORT:$WEB_ROOT:$WEB_USER:$WEB_GROUP:$NGINX_ACCESS_LOG:$NGINX_ERROR_LOG:$NGINX_ERROR_LEVEL:$NGINX_INCLUDE_DIR:$NGINX_MAX_BODY_SIZE:$NGINX_BODY_BUFFER_SIZE:$NGINX_FASTCGI_TIMEOUT:$WP_ENV' +VARS='$PORT:$WEB_ROOT:$WEB_USER:$WEB_GROUP:$NGINX_ACCESS_LOG:$NGINX_ERROR_LOG:$NGINX_ERROR_LEVEL:$NGINX_INCLUDE_DIR:$NGINX_MAX_BODY_SIZE:$NGINX_BODY_BUFFER_SIZE:$NGINX_FASTCGI_TIMEOUT:$FASTCGI_INTERCEPT_ERRORS:$WP_ENV' render_env_tmpl "$VARS" /etc/nginx/nginx.conf +render_env_tmpl "$VARS" /etc/nginx/fastcgi_settings.conf ## # Redis cache needs to know the redis instance and credentials From c4ebf71f9e19136dd934287b950d4d013bd1e7b4 Mon Sep 17 00:00:00 2001 From: Hannu Kumpula Date: Mon, 23 Aug 2021 16:17:59 +0300 Subject: [PATCH 32/46] added imagemagic for php --- CHANGELOG.md | 1 + ubuntu-7.4/Dockerfile | 9 +++++++++ 2 files changed, 10 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 98cef25..cae4451 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -8,6 +8,7 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0. ## [1.7.0] - 2021-08-12 ### Changed - Updated repo to use edge2 tag from devgeniem/ubuntu-docker-openresty-pagespeed. This might be a breaking change +- Installed Imagemagick for php ### Added - fastcgi_intercept_errors configurable from env FASTCGI_INTERCEPT_ERRORS, default on diff --git a/ubuntu-7.4/Dockerfile b/ubuntu-7.4/Dockerfile index 1d4994f..53cde2a 100644 --- a/ubuntu-7.4/Dockerfile +++ b/ubuntu-7.4/Dockerfile @@ -52,7 +52,9 @@ RUN \ php7.4-curl \ php7.4-ldap \ php-pear \ + libmagickwand-dev \ && pecl install redis \ + && pecl install imagick \ # Force install only cron without extra mailing dependencies && cd /tmp \ && apt-get download cron \ @@ -101,6 +103,13 @@ RUN set -x \ && mkdir -p /tmp/php-opcache \ && ln -sf /usr/sbin/php-fpm7.4 /usr/sbin/php-fpm \ && ln -sf /usr/bin/wp /usr/local/bin/wp + +# Enable Imagemagick lib for php +RUN set -x \ + && echo extension=imagick.so > /etc/php/7.4/mods-available/imagick.ini \ + && ln -s /etc/php/7.4/mods-available/imagick.ini /etc/php/7.4/fpm/conf.d/20-imagick.ini \ + && ln -s /etc/php/7.4/mods-available/imagick.ini /etc/php/7.4/cli/conf.d/20-imagick.ini + # This is for your project root ENV PROJECT_ROOT="/var/www/project" From e0d0da3bb74c569c0605871ed784070699b7db80 Mon Sep 17 00:00:00 2001 From: Hannu Kumpula Date: Mon, 23 Aug 2021 16:41:42 +0300 Subject: [PATCH 33/46] changed pecl installer to apt for imagemagick --- ubuntu-7.4/Dockerfile | 10 ++-------- 1 file changed, 2 insertions(+), 8 deletions(-) diff --git a/ubuntu-7.4/Dockerfile b/ubuntu-7.4/Dockerfile index 53cde2a..9a4afd8 100644 --- a/ubuntu-7.4/Dockerfile +++ b/ubuntu-7.4/Dockerfile @@ -52,9 +52,9 @@ RUN \ php7.4-curl \ php7.4-ldap \ php-pear \ - libmagickwand-dev \ + php7.4-imagick \ + && pecl install redis \ - && pecl install imagick \ # Force install only cron without extra mailing dependencies && cd /tmp \ && apt-get download cron \ @@ -104,12 +104,6 @@ RUN set -x \ && ln -sf /usr/sbin/php-fpm7.4 /usr/sbin/php-fpm \ && ln -sf /usr/bin/wp /usr/local/bin/wp -# Enable Imagemagick lib for php -RUN set -x \ - && echo extension=imagick.so > /etc/php/7.4/mods-available/imagick.ini \ - && ln -s /etc/php/7.4/mods-available/imagick.ini /etc/php/7.4/fpm/conf.d/20-imagick.ini \ - && ln -s /etc/php/7.4/mods-available/imagick.ini /etc/php/7.4/cli/conf.d/20-imagick.ini - # This is for your project root ENV PROJECT_ROOT="/var/www/project" From ce07177ece4a294b15225d061ced02e43701374d Mon Sep 17 00:00:00 2001 From: Hannu Kumpula Date: Mon, 23 Aug 2021 17:57:24 +0300 Subject: [PATCH 34/46] cache fix and skip reason header --- CHANGELOG.md | 6 ++++++ .../rootfs/etc/nginx/cache/fastcgicache_headers.conf | 5 ++++- .../etc/nginx/cache/fastcgicache_skip_rules.conf | 10 ++++++++-- 3 files changed, 18 insertions(+), 3 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index cae4451..979a9c6 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -8,7 +8,13 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0. ## [1.7.0] - 2021-08-12 ### Changed - Updated repo to use edge2 tag from devgeniem/ubuntu-docker-openresty-pagespeed. This might be a breaking change + +### Added - Installed Imagemagick for php +- Skip cache reason to header + +### Fixed +- Fixed blacklist and whitelist modes ### Added - fastcgi_intercept_errors configurable from env FASTCGI_INTERCEPT_ERRORS, default on diff --git a/ubuntu-7.4/rootfs/etc/nginx/cache/fastcgicache_headers.conf b/ubuntu-7.4/rootfs/etc/nginx/cache/fastcgicache_headers.conf index 4e557ad..418e116 100644 --- a/ubuntu-7.4/rootfs/etc/nginx/cache/fastcgicache_headers.conf +++ b/ubuntu-7.4/rootfs/etc/nginx/cache/fastcgicache_headers.conf @@ -11,4 +11,7 @@ add_header X-cache-mode $cachemode; add_header X-Cache-State $state; # Cache key -add_header X-Cache-Key $scheme$request_method$host$request_uri$state; \ No newline at end of file +add_header X-Cache-Key $scheme$request_method$host$request_uri$state; + +# Add skip reason +add_header X-Skip-Reason $skip_reason; \ No newline at end of file diff --git a/ubuntu-7.4/rootfs/etc/nginx/cache/fastcgicache_skip_rules.conf b/ubuntu-7.4/rootfs/etc/nginx/cache/fastcgicache_skip_rules.conf index 41f2abe..94151ba 100644 --- a/ubuntu-7.4/rootfs/etc/nginx/cache/fastcgicache_skip_rules.conf +++ b/ubuntu-7.4/rootfs/etc/nginx/cache/fastcgicache_skip_rules.conf @@ -4,6 +4,7 @@ # Don't skip cache by default set $skip_cache 0; +set $skip_reason ""; # insert project specific cache rules to this file (delete this row when all projects are updated) include /var/www/project/nginx/server/skip_cache.conf; # insert project specific cache rules to this folder @@ -12,6 +13,7 @@ include ${NGINX_INCLUDE_DIR}/skipcache/*.conf; # POST requests and urls with a query string should always go to PHP if ($request_method = POST) { set $skip_cache 1; + set $skip_reason "${skip_reason}-POST"; } # Deal with accepted query vars @@ -56,7 +58,7 @@ set_by_lua_block $cache_args { local without = ngx.decode_args( ngx.unescape_uri( ngx.var.without ) ) -- Get a list of accepted query vars from env variable - local accepted = split( ( os.getenv( 'NGINX_FASTCGI_CACHE_MODE' ) or "" ), "," ) + local accepted = split( ( os.getenv( 'NGINX_FASTCGI_CACHE_QUERYVARS' ) or "" ), "," ) -- Loop through the list for key, accept in pairs(accepted) do @@ -89,7 +91,7 @@ set_by_lua_block $cache_args { return "?" .. table.concat( with, "&" ) else -- Get a list of blacklisted query vars from env variable - local blacklist = split( ( os.getenv( 'NGINX_FASTCGI_CACHE_MODE' ) or "" ), "," ) + local blacklist = split( ( os.getenv( 'NGINX_FASTCGI_CACHE_QUERYVARS' ) or "" ), "," ) local queryvars = ngx.decode_args( ngx.var.query_string or "" ) ngx.var.without = "" @@ -97,6 +99,7 @@ set_by_lua_block $cache_args { for key, queryvar in pairs(blacklist) do if queryvars[ queryvar ] then ngx.var.skip_cache = 1 + ngx.var.skip_reason = ngx.var.skip_reason .. "-Lua" return end end @@ -106,14 +109,17 @@ set_by_lua_block $cache_args { # If there were any unaccepted query vars, skip cache if ($without != "") { set $skip_cache 1; + set $skip_reason "${skip_reason}-QueryString"; } # Don't use the cache for logged in users or recent commenters if ($http_cookie ~* "comment_author|wordpress_[a-f0-9]+|wp-postpass|wordpress_no_cache|wordpress_sec|wordpress_logged_in|woocommerce_items_in_cart") { set $skip_cache 1; + set $skip_reason "${skip_reason}-Cookie"; } # Don't cache responses from wp-admin, xmlrpc and wp-login.php if ($request_uri ~* "/wp-admin/|/xmlrpc.php|wp-.*.php") { set $skip_cache 1; + set $skip_reason "${skip_reason}-URI"; } \ No newline at end of file From 4b96193da3c68dcbbeadd3dac956b12eca52acb0 Mon Sep 17 00:00:00 2001 From: Hannu Kumpula Date: Wed, 22 Sep 2021 11:35:34 +0300 Subject: [PATCH 35/46] changed previous layer to edge as it is now the most recent --- ubuntu-7.4/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ubuntu-7.4/Dockerfile b/ubuntu-7.4/Dockerfile index 9a4afd8..e2a4cf1 100644 --- a/ubuntu-7.4/Dockerfile +++ b/ubuntu-7.4/Dockerfile @@ -1,4 +1,4 @@ -FROM devgeniem/ubuntu-docker-openresty-pagespeed:edge2 +FROM devgeniem/ubuntu-docker-openresty-pagespeed:edge MAINTAINER Ville Pietarinen, Hannu Kumpula - Geniem Oy ## From 4b9fd6f0d27f6ac5d7de53546ab1511e20c77609 Mon Sep 17 00:00:00 2001 From: Miika Arponen Date: Thu, 23 Sep 2021 18:40:56 +0300 Subject: [PATCH 36/46] Initialize skip_reason variable before using --- ubuntu-7.4/rootfs/etc/nginx/nginx.conf | 1 + 1 file changed, 1 insertion(+) diff --git a/ubuntu-7.4/rootfs/etc/nginx/nginx.conf b/ubuntu-7.4/rootfs/etc/nginx/nginx.conf index 6211efb..e4782e4 100644 --- a/ubuntu-7.4/rootfs/etc/nginx/nginx.conf +++ b/ubuntu-7.4/rootfs/etc/nginx/nginx.conf @@ -141,6 +141,7 @@ http { include ${NGINX_INCLUDE_DIR}/environments/${WP_ENV}/server/*.conf; set $custom_parameters ""; + set $skip_reason ""; # Include custom cache confs include ${NGINX_INCLUDE_DIR}/cache/*.conf; From 1d2ecfbf1dbef0023c135b263715fdfd551a6d45 Mon Sep 17 00:00:00 2001 From: Hannu Kumpula Date: Mon, 8 Nov 2021 12:21:37 +0200 Subject: [PATCH 37/46] Update fastcgicache_skip_rules.conf ? was added to cachekey even when no parameters are present. This will fix it. --- .../etc/nginx/cache/fastcgicache_skip_rules.conf | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/ubuntu-7.4/rootfs/etc/nginx/cache/fastcgicache_skip_rules.conf b/ubuntu-7.4/rootfs/etc/nginx/cache/fastcgicache_skip_rules.conf index 94151ba..9bcbb13 100644 --- a/ubuntu-7.4/rootfs/etc/nginx/cache/fastcgicache_skip_rules.conf +++ b/ubuntu-7.4/rootfs/etc/nginx/cache/fastcgicache_skip_rules.conf @@ -88,7 +88,13 @@ set_by_lua_block $cache_args { ngx.var.without = ngx.encode_args( without ) -- Return accepted query var key-value pairs to be used in the cache key - return "?" .. table.concat( with, "&" ) + local len = 0 + + for k, v in pairs(with) do + len = len + 1 + end + return len > 0 and "?" .. table.concat( with, "&" ) or "" + else -- Get a list of blacklisted query vars from env variable local blacklist = split( ( os.getenv( 'NGINX_FASTCGI_CACHE_QUERYVARS' ) or "" ), "," ) @@ -122,4 +128,4 @@ if ($http_cookie ~* "comment_author|wordpress_[a-f0-9]+|wp-postpass|wordpress_no if ($request_uri ~* "/wp-admin/|/xmlrpc.php|wp-.*.php") { set $skip_cache 1; set $skip_reason "${skip_reason}-URI"; -} \ No newline at end of file +} From 909a1b965ccb56ce66a62b2db0fea5e32df267aa Mon Sep 17 00:00:00 2001 From: Miika Arponen Date: Tue, 30 Nov 2021 13:08:32 +0200 Subject: [PATCH 38/46] PHP 8.1 --- {ubuntu-7.4 => ubuntu-8.1}/Dockerfile | 45 +++++++++---------- .../rootfs/etc/ImageMagick | 0 .../etc/cont-init.d/00-render-templates | 0 .../rootfs/etc/cont-init.d/01-create-web-user | 0 .../rootfs/etc/cont-init.d/02-init-crond | 0 .../cont-init.d/02-init-directories-and-files | 0 .../rootfs/etc/nginx/additional.types | 0 .../rootfs/etc/nginx/cache/fastcgicache.conf | 0 .../etc/nginx/cache/fastcgicache_headers.conf | 0 .../nginx/cache/fastcgicache_settings.conf | 0 .../nginx/cache/fastcgicache_skip_rules.conf | 0 .../etc/nginx/cache/helper_variables.conf | 0 .../rootfs/etc/nginx/env.conf | 0 .../rootfs/etc/nginx/error_pages.conf | 0 .../rootfs/etc/nginx/fastcgi_params | 0 .../rootfs/etc/nginx/fastcgi_settings.conf | 0 .../rootfs/etc/nginx/gzip.conf | 0 .../rootfs/etc/nginx/log_format.conf | 0 .../rootfs/etc/nginx/log_formats.conf | 0 .../rootfs/etc/nginx/nginx.conf | 0 .../rootfs/etc/nginx/pagespeed/locations.conf | 0 .../rootfs/etc/nginx/pagespeed/settings.conf | 0 .../etc/nginx/proxy_real_variables.conf | 0 .../rootfs/etc/nginx/security.conf | 0 .../rootfs/etc/nginx/security_headers.conf | 0 .../rootfs/etc/nginx/static_files.conf | 0 .../rootfs/etc/nginx/upstreams.conf | 0 .../rootfs/etc/php/8.1}/cli/php.ini | 0 .../etc/php/8.1}/fpm/conf.d/blocked.ini | 0 .../rootfs/etc/php/8.1}/fpm/conf.d/common.ini | 0 .../rootfs/etc/php/8.1}/fpm/conf.d/limits.ini | 0 .../etc/php/8.1}/fpm/conf.d/logging.ini | 0 .../rootfs/etc/php/8.1}/fpm/conf.d/mail.ini | 0 .../etc/php/8.1}/fpm/conf.d/opcache.ini | 0 .../8.1}/fpm/conf.d/opcache_invalidate.conf | 0 .../etc/php/8.1}/fpm/conf.d/sessions.ini | 0 .../etc/php/8.1}/fpm/conf.d/timezone.ini | 0 .../rootfs/etc/php/8.1}/fpm/php-fpm.conf | 2 +- .../php/8.1}/fpm/php-fpm.d/preserve-env.conf | 0 .../rootfs/etc/php/8.1}/fpm/php.ini | 0 .../rootfs/etc/services.d/cron/run | 0 .../rootfs/etc/services.d/nginx/run | 0 .../rootfs/etc/services.d/php-fpm/run | 2 +- {ubuntu-7.4 => ubuntu-8.1}/rootfs/usr/bin/wp | 0 .../rootfs/usr/local/bin/phinx | 0 .../rootfs/usr/local/bin/print-smtp-password | 0 .../rootfs/usr/local/bin/wp-run-cron | 0 .../rootfs/usr/sbin/sendmail | 0 .../rootfs/usr/share/nginx/html/403.html | 0 .../rootfs/usr/share/nginx/html/500.html | 0 .../rootfs/usr/share/nginx/html/502.html | 0 .../rootfs/usr/share/nginx/html/504.html | 0 52 files changed, 23 insertions(+), 26 deletions(-) rename {ubuntu-7.4 => ubuntu-8.1}/Dockerfile (92%) rename {ubuntu-7.4 => ubuntu-8.1}/rootfs/etc/ImageMagick (100%) rename {ubuntu-7.4 => ubuntu-8.1}/rootfs/etc/cont-init.d/00-render-templates (100%) rename {ubuntu-7.4 => ubuntu-8.1}/rootfs/etc/cont-init.d/01-create-web-user (100%) rename {ubuntu-7.4 => ubuntu-8.1}/rootfs/etc/cont-init.d/02-init-crond (100%) rename {ubuntu-7.4 => ubuntu-8.1}/rootfs/etc/cont-init.d/02-init-directories-and-files (100%) rename {ubuntu-7.4 => ubuntu-8.1}/rootfs/etc/nginx/additional.types (100%) rename {ubuntu-7.4 => ubuntu-8.1}/rootfs/etc/nginx/cache/fastcgicache.conf (100%) rename {ubuntu-7.4 => ubuntu-8.1}/rootfs/etc/nginx/cache/fastcgicache_headers.conf (100%) rename {ubuntu-7.4 => ubuntu-8.1}/rootfs/etc/nginx/cache/fastcgicache_settings.conf (100%) rename {ubuntu-7.4 => ubuntu-8.1}/rootfs/etc/nginx/cache/fastcgicache_skip_rules.conf (100%) rename {ubuntu-7.4 => ubuntu-8.1}/rootfs/etc/nginx/cache/helper_variables.conf (100%) rename {ubuntu-7.4 => ubuntu-8.1}/rootfs/etc/nginx/env.conf (100%) rename {ubuntu-7.4 => ubuntu-8.1}/rootfs/etc/nginx/error_pages.conf (100%) rename {ubuntu-7.4 => ubuntu-8.1}/rootfs/etc/nginx/fastcgi_params (100%) rename {ubuntu-7.4 => ubuntu-8.1}/rootfs/etc/nginx/fastcgi_settings.conf (100%) rename {ubuntu-7.4 => ubuntu-8.1}/rootfs/etc/nginx/gzip.conf (100%) rename {ubuntu-7.4 => ubuntu-8.1}/rootfs/etc/nginx/log_format.conf (100%) rename {ubuntu-7.4 => ubuntu-8.1}/rootfs/etc/nginx/log_formats.conf (100%) rename {ubuntu-7.4 => ubuntu-8.1}/rootfs/etc/nginx/nginx.conf (100%) rename {ubuntu-7.4 => ubuntu-8.1}/rootfs/etc/nginx/pagespeed/locations.conf (100%) rename {ubuntu-7.4 => ubuntu-8.1}/rootfs/etc/nginx/pagespeed/settings.conf (100%) rename {ubuntu-7.4 => ubuntu-8.1}/rootfs/etc/nginx/proxy_real_variables.conf (100%) rename {ubuntu-7.4 => ubuntu-8.1}/rootfs/etc/nginx/security.conf (100%) rename {ubuntu-7.4 => ubuntu-8.1}/rootfs/etc/nginx/security_headers.conf (100%) rename {ubuntu-7.4 => ubuntu-8.1}/rootfs/etc/nginx/static_files.conf (100%) rename {ubuntu-7.4 => ubuntu-8.1}/rootfs/etc/nginx/upstreams.conf (100%) rename {ubuntu-7.4/rootfs/etc/php/7.4 => ubuntu-8.1/rootfs/etc/php/8.1}/cli/php.ini (100%) rename {ubuntu-7.4/rootfs/etc/php/7.4 => ubuntu-8.1/rootfs/etc/php/8.1}/fpm/conf.d/blocked.ini (100%) rename {ubuntu-7.4/rootfs/etc/php/7.4 => ubuntu-8.1/rootfs/etc/php/8.1}/fpm/conf.d/common.ini (100%) rename {ubuntu-7.4/rootfs/etc/php/7.4 => ubuntu-8.1/rootfs/etc/php/8.1}/fpm/conf.d/limits.ini (100%) rename {ubuntu-7.4/rootfs/etc/php/7.4 => ubuntu-8.1/rootfs/etc/php/8.1}/fpm/conf.d/logging.ini (100%) rename {ubuntu-7.4/rootfs/etc/php/7.4 => ubuntu-8.1/rootfs/etc/php/8.1}/fpm/conf.d/mail.ini (100%) rename {ubuntu-7.4/rootfs/etc/php/7.4 => ubuntu-8.1/rootfs/etc/php/8.1}/fpm/conf.d/opcache.ini (100%) rename {ubuntu-7.4/rootfs/etc/php/7.4 => ubuntu-8.1/rootfs/etc/php/8.1}/fpm/conf.d/opcache_invalidate.conf (100%) rename {ubuntu-7.4/rootfs/etc/php/7.4 => ubuntu-8.1/rootfs/etc/php/8.1}/fpm/conf.d/sessions.ini (100%) rename {ubuntu-7.4/rootfs/etc/php/7.4 => ubuntu-8.1/rootfs/etc/php/8.1}/fpm/conf.d/timezone.ini (100%) rename {ubuntu-7.4/rootfs/etc/php/7.4 => ubuntu-8.1/rootfs/etc/php/8.1}/fpm/php-fpm.conf (95%) rename {ubuntu-7.4/rootfs/etc/php/7.4 => ubuntu-8.1/rootfs/etc/php/8.1}/fpm/php-fpm.d/preserve-env.conf (100%) rename {ubuntu-7.4/rootfs/etc/php/7.4 => ubuntu-8.1/rootfs/etc/php/8.1}/fpm/php.ini (100%) rename {ubuntu-7.4 => ubuntu-8.1}/rootfs/etc/services.d/cron/run (100%) rename {ubuntu-7.4 => ubuntu-8.1}/rootfs/etc/services.d/nginx/run (100%) rename {ubuntu-7.4 => ubuntu-8.1}/rootfs/etc/services.d/php-fpm/run (94%) rename {ubuntu-7.4 => ubuntu-8.1}/rootfs/usr/bin/wp (100%) rename {ubuntu-7.4 => ubuntu-8.1}/rootfs/usr/local/bin/phinx (100%) rename {ubuntu-7.4 => ubuntu-8.1}/rootfs/usr/local/bin/print-smtp-password (100%) rename {ubuntu-7.4 => ubuntu-8.1}/rootfs/usr/local/bin/wp-run-cron (100%) rename {ubuntu-7.4 => ubuntu-8.1}/rootfs/usr/sbin/sendmail (100%) rename {ubuntu-7.4 => ubuntu-8.1}/rootfs/usr/share/nginx/html/403.html (100%) rename {ubuntu-7.4 => ubuntu-8.1}/rootfs/usr/share/nginx/html/500.html (100%) rename {ubuntu-7.4 => ubuntu-8.1}/rootfs/usr/share/nginx/html/502.html (100%) rename {ubuntu-7.4 => ubuntu-8.1}/rootfs/usr/share/nginx/html/504.html (100%) diff --git a/ubuntu-7.4/Dockerfile b/ubuntu-8.1/Dockerfile similarity index 92% rename from ubuntu-7.4/Dockerfile rename to ubuntu-8.1/Dockerfile index e2a4cf1..be29b63 100644 --- a/ubuntu-7.4/Dockerfile +++ b/ubuntu-8.1/Dockerfile @@ -29,30 +29,27 @@ RUN \ build-essential \ && apt-get update \ && apt-get -y --no-install-recommends install \ - php7.4-dev \ - php7.4-cli \ - php7.4-common \ - php7.4-apcu \ - # php7.4-apcu-bc \ - php7.4-curl \ - php7.4-json \ - php7.4-opcache \ - php7.4-readline \ - php7.4-xml \ - php7.4-zip \ - php7.4-fpm \ - # php7.4-redis \ - php7.4-mongodb \ - php7.4-mysqli \ - php7.4-intl \ - php7.4-gd \ - php7.4-mbstring \ - php7.4-soap \ - php7.4-bcmath \ - php7.4-curl \ - php7.4-ldap \ + php8.1-dev \ + php8.1-cli \ + php8.1-common \ + php8.1-apcu \ + php8.1-curl \ + php8.1-opcache \ + php8.1-readline \ + php8.1-xml \ + php8.1-zip \ + php8.1-fpm \ + php8.1-mongodb \ + php8.1-mysqli \ + php8.1-intl \ + php8.1-gd \ + php8.1-mbstring \ + php8.1-soap \ + php8.1-bcmath \ + php8.1-curl \ + php8.1-ldap \ php-pear \ - php7.4-imagick \ + php8.1-imagick \ && pecl install redis \ # Force install only cron without extra mailing dependencies @@ -101,7 +98,7 @@ COPY rootfs/ / RUN set -x \ && mkdir -p /var/www/uploads \ && mkdir -p /tmp/php-opcache \ - && ln -sf /usr/sbin/php-fpm7.4 /usr/sbin/php-fpm \ + && ln -sf /usr/sbin/php-fpm8.1 /usr/sbin/php-fpm \ && ln -sf /usr/bin/wp /usr/local/bin/wp # This is for your project root diff --git a/ubuntu-7.4/rootfs/etc/ImageMagick b/ubuntu-8.1/rootfs/etc/ImageMagick similarity index 100% rename from ubuntu-7.4/rootfs/etc/ImageMagick rename to ubuntu-8.1/rootfs/etc/ImageMagick diff --git a/ubuntu-7.4/rootfs/etc/cont-init.d/00-render-templates b/ubuntu-8.1/rootfs/etc/cont-init.d/00-render-templates similarity index 100% rename from ubuntu-7.4/rootfs/etc/cont-init.d/00-render-templates rename to ubuntu-8.1/rootfs/etc/cont-init.d/00-render-templates diff --git a/ubuntu-7.4/rootfs/etc/cont-init.d/01-create-web-user b/ubuntu-8.1/rootfs/etc/cont-init.d/01-create-web-user similarity index 100% rename from ubuntu-7.4/rootfs/etc/cont-init.d/01-create-web-user rename to ubuntu-8.1/rootfs/etc/cont-init.d/01-create-web-user diff --git a/ubuntu-7.4/rootfs/etc/cont-init.d/02-init-crond b/ubuntu-8.1/rootfs/etc/cont-init.d/02-init-crond similarity index 100% rename from ubuntu-7.4/rootfs/etc/cont-init.d/02-init-crond rename to ubuntu-8.1/rootfs/etc/cont-init.d/02-init-crond diff --git a/ubuntu-7.4/rootfs/etc/cont-init.d/02-init-directories-and-files b/ubuntu-8.1/rootfs/etc/cont-init.d/02-init-directories-and-files similarity index 100% rename from ubuntu-7.4/rootfs/etc/cont-init.d/02-init-directories-and-files rename to ubuntu-8.1/rootfs/etc/cont-init.d/02-init-directories-and-files diff --git a/ubuntu-7.4/rootfs/etc/nginx/additional.types b/ubuntu-8.1/rootfs/etc/nginx/additional.types similarity index 100% rename from ubuntu-7.4/rootfs/etc/nginx/additional.types rename to ubuntu-8.1/rootfs/etc/nginx/additional.types diff --git a/ubuntu-7.4/rootfs/etc/nginx/cache/fastcgicache.conf b/ubuntu-8.1/rootfs/etc/nginx/cache/fastcgicache.conf similarity index 100% rename from ubuntu-7.4/rootfs/etc/nginx/cache/fastcgicache.conf rename to ubuntu-8.1/rootfs/etc/nginx/cache/fastcgicache.conf diff --git a/ubuntu-7.4/rootfs/etc/nginx/cache/fastcgicache_headers.conf b/ubuntu-8.1/rootfs/etc/nginx/cache/fastcgicache_headers.conf similarity index 100% rename from ubuntu-7.4/rootfs/etc/nginx/cache/fastcgicache_headers.conf rename to ubuntu-8.1/rootfs/etc/nginx/cache/fastcgicache_headers.conf diff --git a/ubuntu-7.4/rootfs/etc/nginx/cache/fastcgicache_settings.conf b/ubuntu-8.1/rootfs/etc/nginx/cache/fastcgicache_settings.conf similarity index 100% rename from ubuntu-7.4/rootfs/etc/nginx/cache/fastcgicache_settings.conf rename to ubuntu-8.1/rootfs/etc/nginx/cache/fastcgicache_settings.conf diff --git a/ubuntu-7.4/rootfs/etc/nginx/cache/fastcgicache_skip_rules.conf b/ubuntu-8.1/rootfs/etc/nginx/cache/fastcgicache_skip_rules.conf similarity index 100% rename from ubuntu-7.4/rootfs/etc/nginx/cache/fastcgicache_skip_rules.conf rename to ubuntu-8.1/rootfs/etc/nginx/cache/fastcgicache_skip_rules.conf diff --git a/ubuntu-7.4/rootfs/etc/nginx/cache/helper_variables.conf b/ubuntu-8.1/rootfs/etc/nginx/cache/helper_variables.conf similarity index 100% rename from ubuntu-7.4/rootfs/etc/nginx/cache/helper_variables.conf rename to ubuntu-8.1/rootfs/etc/nginx/cache/helper_variables.conf diff --git a/ubuntu-7.4/rootfs/etc/nginx/env.conf b/ubuntu-8.1/rootfs/etc/nginx/env.conf similarity index 100% rename from ubuntu-7.4/rootfs/etc/nginx/env.conf rename to ubuntu-8.1/rootfs/etc/nginx/env.conf diff --git a/ubuntu-7.4/rootfs/etc/nginx/error_pages.conf b/ubuntu-8.1/rootfs/etc/nginx/error_pages.conf similarity index 100% rename from ubuntu-7.4/rootfs/etc/nginx/error_pages.conf rename to ubuntu-8.1/rootfs/etc/nginx/error_pages.conf diff --git a/ubuntu-7.4/rootfs/etc/nginx/fastcgi_params b/ubuntu-8.1/rootfs/etc/nginx/fastcgi_params similarity index 100% rename from ubuntu-7.4/rootfs/etc/nginx/fastcgi_params rename to ubuntu-8.1/rootfs/etc/nginx/fastcgi_params diff --git a/ubuntu-7.4/rootfs/etc/nginx/fastcgi_settings.conf b/ubuntu-8.1/rootfs/etc/nginx/fastcgi_settings.conf similarity index 100% rename from ubuntu-7.4/rootfs/etc/nginx/fastcgi_settings.conf rename to ubuntu-8.1/rootfs/etc/nginx/fastcgi_settings.conf diff --git a/ubuntu-7.4/rootfs/etc/nginx/gzip.conf b/ubuntu-8.1/rootfs/etc/nginx/gzip.conf similarity index 100% rename from ubuntu-7.4/rootfs/etc/nginx/gzip.conf rename to ubuntu-8.1/rootfs/etc/nginx/gzip.conf diff --git a/ubuntu-7.4/rootfs/etc/nginx/log_format.conf b/ubuntu-8.1/rootfs/etc/nginx/log_format.conf similarity index 100% rename from ubuntu-7.4/rootfs/etc/nginx/log_format.conf rename to ubuntu-8.1/rootfs/etc/nginx/log_format.conf diff --git a/ubuntu-7.4/rootfs/etc/nginx/log_formats.conf b/ubuntu-8.1/rootfs/etc/nginx/log_formats.conf similarity index 100% rename from ubuntu-7.4/rootfs/etc/nginx/log_formats.conf rename to ubuntu-8.1/rootfs/etc/nginx/log_formats.conf diff --git a/ubuntu-7.4/rootfs/etc/nginx/nginx.conf b/ubuntu-8.1/rootfs/etc/nginx/nginx.conf similarity index 100% rename from ubuntu-7.4/rootfs/etc/nginx/nginx.conf rename to ubuntu-8.1/rootfs/etc/nginx/nginx.conf diff --git a/ubuntu-7.4/rootfs/etc/nginx/pagespeed/locations.conf b/ubuntu-8.1/rootfs/etc/nginx/pagespeed/locations.conf similarity index 100% rename from ubuntu-7.4/rootfs/etc/nginx/pagespeed/locations.conf rename to ubuntu-8.1/rootfs/etc/nginx/pagespeed/locations.conf diff --git a/ubuntu-7.4/rootfs/etc/nginx/pagespeed/settings.conf b/ubuntu-8.1/rootfs/etc/nginx/pagespeed/settings.conf similarity index 100% rename from ubuntu-7.4/rootfs/etc/nginx/pagespeed/settings.conf rename to ubuntu-8.1/rootfs/etc/nginx/pagespeed/settings.conf diff --git a/ubuntu-7.4/rootfs/etc/nginx/proxy_real_variables.conf b/ubuntu-8.1/rootfs/etc/nginx/proxy_real_variables.conf similarity index 100% rename from ubuntu-7.4/rootfs/etc/nginx/proxy_real_variables.conf rename to ubuntu-8.1/rootfs/etc/nginx/proxy_real_variables.conf diff --git a/ubuntu-7.4/rootfs/etc/nginx/security.conf b/ubuntu-8.1/rootfs/etc/nginx/security.conf similarity index 100% rename from ubuntu-7.4/rootfs/etc/nginx/security.conf rename to ubuntu-8.1/rootfs/etc/nginx/security.conf diff --git a/ubuntu-7.4/rootfs/etc/nginx/security_headers.conf b/ubuntu-8.1/rootfs/etc/nginx/security_headers.conf similarity index 100% rename from ubuntu-7.4/rootfs/etc/nginx/security_headers.conf rename to ubuntu-8.1/rootfs/etc/nginx/security_headers.conf diff --git a/ubuntu-7.4/rootfs/etc/nginx/static_files.conf b/ubuntu-8.1/rootfs/etc/nginx/static_files.conf similarity index 100% rename from ubuntu-7.4/rootfs/etc/nginx/static_files.conf rename to ubuntu-8.1/rootfs/etc/nginx/static_files.conf diff --git a/ubuntu-7.4/rootfs/etc/nginx/upstreams.conf b/ubuntu-8.1/rootfs/etc/nginx/upstreams.conf similarity index 100% rename from ubuntu-7.4/rootfs/etc/nginx/upstreams.conf rename to ubuntu-8.1/rootfs/etc/nginx/upstreams.conf diff --git a/ubuntu-7.4/rootfs/etc/php/7.4/cli/php.ini b/ubuntu-8.1/rootfs/etc/php/8.1/cli/php.ini similarity index 100% rename from ubuntu-7.4/rootfs/etc/php/7.4/cli/php.ini rename to ubuntu-8.1/rootfs/etc/php/8.1/cli/php.ini diff --git a/ubuntu-7.4/rootfs/etc/php/7.4/fpm/conf.d/blocked.ini b/ubuntu-8.1/rootfs/etc/php/8.1/fpm/conf.d/blocked.ini similarity index 100% rename from ubuntu-7.4/rootfs/etc/php/7.4/fpm/conf.d/blocked.ini rename to ubuntu-8.1/rootfs/etc/php/8.1/fpm/conf.d/blocked.ini diff --git a/ubuntu-7.4/rootfs/etc/php/7.4/fpm/conf.d/common.ini b/ubuntu-8.1/rootfs/etc/php/8.1/fpm/conf.d/common.ini similarity index 100% rename from ubuntu-7.4/rootfs/etc/php/7.4/fpm/conf.d/common.ini rename to ubuntu-8.1/rootfs/etc/php/8.1/fpm/conf.d/common.ini diff --git a/ubuntu-7.4/rootfs/etc/php/7.4/fpm/conf.d/limits.ini b/ubuntu-8.1/rootfs/etc/php/8.1/fpm/conf.d/limits.ini similarity index 100% rename from ubuntu-7.4/rootfs/etc/php/7.4/fpm/conf.d/limits.ini rename to ubuntu-8.1/rootfs/etc/php/8.1/fpm/conf.d/limits.ini diff --git a/ubuntu-7.4/rootfs/etc/php/7.4/fpm/conf.d/logging.ini b/ubuntu-8.1/rootfs/etc/php/8.1/fpm/conf.d/logging.ini similarity index 100% rename from ubuntu-7.4/rootfs/etc/php/7.4/fpm/conf.d/logging.ini rename to ubuntu-8.1/rootfs/etc/php/8.1/fpm/conf.d/logging.ini diff --git a/ubuntu-7.4/rootfs/etc/php/7.4/fpm/conf.d/mail.ini b/ubuntu-8.1/rootfs/etc/php/8.1/fpm/conf.d/mail.ini similarity index 100% rename from ubuntu-7.4/rootfs/etc/php/7.4/fpm/conf.d/mail.ini rename to ubuntu-8.1/rootfs/etc/php/8.1/fpm/conf.d/mail.ini diff --git a/ubuntu-7.4/rootfs/etc/php/7.4/fpm/conf.d/opcache.ini b/ubuntu-8.1/rootfs/etc/php/8.1/fpm/conf.d/opcache.ini similarity index 100% rename from ubuntu-7.4/rootfs/etc/php/7.4/fpm/conf.d/opcache.ini rename to ubuntu-8.1/rootfs/etc/php/8.1/fpm/conf.d/opcache.ini diff --git a/ubuntu-7.4/rootfs/etc/php/7.4/fpm/conf.d/opcache_invalidate.conf b/ubuntu-8.1/rootfs/etc/php/8.1/fpm/conf.d/opcache_invalidate.conf similarity index 100% rename from ubuntu-7.4/rootfs/etc/php/7.4/fpm/conf.d/opcache_invalidate.conf rename to ubuntu-8.1/rootfs/etc/php/8.1/fpm/conf.d/opcache_invalidate.conf diff --git a/ubuntu-7.4/rootfs/etc/php/7.4/fpm/conf.d/sessions.ini b/ubuntu-8.1/rootfs/etc/php/8.1/fpm/conf.d/sessions.ini similarity index 100% rename from ubuntu-7.4/rootfs/etc/php/7.4/fpm/conf.d/sessions.ini rename to ubuntu-8.1/rootfs/etc/php/8.1/fpm/conf.d/sessions.ini diff --git a/ubuntu-7.4/rootfs/etc/php/7.4/fpm/conf.d/timezone.ini b/ubuntu-8.1/rootfs/etc/php/8.1/fpm/conf.d/timezone.ini similarity index 100% rename from ubuntu-7.4/rootfs/etc/php/7.4/fpm/conf.d/timezone.ini rename to ubuntu-8.1/rootfs/etc/php/8.1/fpm/conf.d/timezone.ini diff --git a/ubuntu-7.4/rootfs/etc/php/7.4/fpm/php-fpm.conf b/ubuntu-8.1/rootfs/etc/php/8.1/fpm/php-fpm.conf similarity index 95% rename from ubuntu-7.4/rootfs/etc/php/7.4/fpm/php-fpm.conf rename to ubuntu-8.1/rootfs/etc/php/8.1/fpm/php-fpm.conf index a6acdb9..91545d9 100644 --- a/ubuntu-7.4/rootfs/etc/php/7.4/fpm/php-fpm.conf +++ b/ubuntu-8.1/rootfs/etc/php/8.1/fpm/php-fpm.conf @@ -32,4 +32,4 @@ pm.process_idle_timeout = 10s pm.max_requests = 500 ; Include extra configs -include=/etc/php/7.4/fpm/php-fpm.d/*.conf \ No newline at end of file +include=/etc/php/8.1/fpm/php-fpm.d/*.conf \ No newline at end of file diff --git a/ubuntu-7.4/rootfs/etc/php/7.4/fpm/php-fpm.d/preserve-env.conf b/ubuntu-8.1/rootfs/etc/php/8.1/fpm/php-fpm.d/preserve-env.conf similarity index 100% rename from ubuntu-7.4/rootfs/etc/php/7.4/fpm/php-fpm.d/preserve-env.conf rename to ubuntu-8.1/rootfs/etc/php/8.1/fpm/php-fpm.d/preserve-env.conf diff --git a/ubuntu-7.4/rootfs/etc/php/7.4/fpm/php.ini b/ubuntu-8.1/rootfs/etc/php/8.1/fpm/php.ini similarity index 100% rename from ubuntu-7.4/rootfs/etc/php/7.4/fpm/php.ini rename to ubuntu-8.1/rootfs/etc/php/8.1/fpm/php.ini diff --git a/ubuntu-7.4/rootfs/etc/services.d/cron/run b/ubuntu-8.1/rootfs/etc/services.d/cron/run similarity index 100% rename from ubuntu-7.4/rootfs/etc/services.d/cron/run rename to ubuntu-8.1/rootfs/etc/services.d/cron/run diff --git a/ubuntu-7.4/rootfs/etc/services.d/nginx/run b/ubuntu-8.1/rootfs/etc/services.d/nginx/run similarity index 100% rename from ubuntu-7.4/rootfs/etc/services.d/nginx/run rename to ubuntu-8.1/rootfs/etc/services.d/nginx/run diff --git a/ubuntu-7.4/rootfs/etc/services.d/php-fpm/run b/ubuntu-8.1/rootfs/etc/services.d/php-fpm/run similarity index 94% rename from ubuntu-7.4/rootfs/etc/services.d/php-fpm/run rename to ubuntu-8.1/rootfs/etc/services.d/php-fpm/run index d12be22..4c02d32 100644 --- a/ubuntu-7.4/rootfs/etc/services.d/php-fpm/run +++ b/ubuntu-8.1/rootfs/etc/services.d/php-fpm/run @@ -49,5 +49,5 @@ fi echo "[php-fpm] using $PHP_SESSION_SAVE_PATH for php sessions..." echo "[php-fpm] started php-fpm" -exec php-fpm -c /etc/php/7.4/fpm/php.ini --fpm-config /etc/php/7.4/fpm/php-fpm.conf --pid /var/run/php-fpm.pid +exec php-fpm -c /etc/php/8.1/fpm/php.ini --fpm-config /etc/php/8.1/fpm/php-fpm.conf --pid /var/run/php-fpm.pid diff --git a/ubuntu-7.4/rootfs/usr/bin/wp b/ubuntu-8.1/rootfs/usr/bin/wp similarity index 100% rename from ubuntu-7.4/rootfs/usr/bin/wp rename to ubuntu-8.1/rootfs/usr/bin/wp diff --git a/ubuntu-7.4/rootfs/usr/local/bin/phinx b/ubuntu-8.1/rootfs/usr/local/bin/phinx similarity index 100% rename from ubuntu-7.4/rootfs/usr/local/bin/phinx rename to ubuntu-8.1/rootfs/usr/local/bin/phinx diff --git a/ubuntu-7.4/rootfs/usr/local/bin/print-smtp-password b/ubuntu-8.1/rootfs/usr/local/bin/print-smtp-password similarity index 100% rename from ubuntu-7.4/rootfs/usr/local/bin/print-smtp-password rename to ubuntu-8.1/rootfs/usr/local/bin/print-smtp-password diff --git a/ubuntu-7.4/rootfs/usr/local/bin/wp-run-cron b/ubuntu-8.1/rootfs/usr/local/bin/wp-run-cron similarity index 100% rename from ubuntu-7.4/rootfs/usr/local/bin/wp-run-cron rename to ubuntu-8.1/rootfs/usr/local/bin/wp-run-cron diff --git a/ubuntu-7.4/rootfs/usr/sbin/sendmail b/ubuntu-8.1/rootfs/usr/sbin/sendmail similarity index 100% rename from ubuntu-7.4/rootfs/usr/sbin/sendmail rename to ubuntu-8.1/rootfs/usr/sbin/sendmail diff --git a/ubuntu-7.4/rootfs/usr/share/nginx/html/403.html b/ubuntu-8.1/rootfs/usr/share/nginx/html/403.html similarity index 100% rename from ubuntu-7.4/rootfs/usr/share/nginx/html/403.html rename to ubuntu-8.1/rootfs/usr/share/nginx/html/403.html diff --git a/ubuntu-7.4/rootfs/usr/share/nginx/html/500.html b/ubuntu-8.1/rootfs/usr/share/nginx/html/500.html similarity index 100% rename from ubuntu-7.4/rootfs/usr/share/nginx/html/500.html rename to ubuntu-8.1/rootfs/usr/share/nginx/html/500.html diff --git a/ubuntu-7.4/rootfs/usr/share/nginx/html/502.html b/ubuntu-8.1/rootfs/usr/share/nginx/html/502.html similarity index 100% rename from ubuntu-7.4/rootfs/usr/share/nginx/html/502.html rename to ubuntu-8.1/rootfs/usr/share/nginx/html/502.html diff --git a/ubuntu-7.4/rootfs/usr/share/nginx/html/504.html b/ubuntu-8.1/rootfs/usr/share/nginx/html/504.html similarity index 100% rename from ubuntu-7.4/rootfs/usr/share/nginx/html/504.html rename to ubuntu-8.1/rootfs/usr/share/nginx/html/504.html From 44f6f88af5e92a1c6b72cbcb2d5c00266e6ccc5c Mon Sep 17 00:00:00 2001 From: Miika Arponen Date: Wed, 26 Jan 2022 10:41:50 +0200 Subject: [PATCH 39/46] Config changes from the php74-stable branch and a working local test config for Docker-Compose --- docker-compose.yml | 41 +++++++++++++++-------------------------- ubuntu-8.1/Dockerfile | 4 ++-- 2 files changed, 17 insertions(+), 28 deletions(-) diff --git a/docker-compose.yml b/docker-compose.yml index ae2a3bb..624d4cd 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -1,30 +1,19 @@ # Use this if you're testing/debugging the build locally on OSX -web56: - build: ./php5.6/ - command: /init - ports: - - 80 - volumes: - - ./web:/var/www/project/web - environment: - WP_UID: 100 - WP_GID: 101 - # For testing with gdev - VIRTUAL_HOST: php56.test - PORT: 80 +version: '3.4' -web70: - build: ./php7.0/ - command: /init - ports: - - 80 - volumes: - - ./web:/var/www/project/web - environment: - WP_UID: 100 - WP_GID: 101 +services: + web: + build: ./ubuntu-8.1/ + command: /init + ports: + - 80 + volumes: + - ./web:/var/www/project/web + environment: + WP_UID: 100 + WP_GID: 101 - # For testing with gdev - VIRTUAL_HOST: php70.test - PORT: 80 + # For testing with gdev + VIRTUAL_HOST: php81.test + PORT: 80 diff --git a/ubuntu-8.1/Dockerfile b/ubuntu-8.1/Dockerfile index be29b63..366033e 100644 --- a/ubuntu-8.1/Dockerfile +++ b/ubuntu-8.1/Dockerfile @@ -125,7 +125,7 @@ ENV \ # This variable uses seconds by default # Time units supported are "s"(seconds), "ms"(milliseconds), "y"(years), "M"(months), "w"(weeks), "d"(days), "h"(hours), and "m"(minutes). # Also http response codes that are cached can be set - NGINX_FASTCGI_CACHE_VALID_HEADER="200 301 302 404 1m" \ + NGINX_FASTCGI_CACHE_VALID="200 404 1m" \ # Default fastcgi cache directory NGINX_FASTCGI_CACHE_DIRECTORY="/tmp/nginx/fullpage" \ # Default fastcgi cache size @@ -202,4 +202,4 @@ RUN echo 'LANG="en_US.UTF-8"' > /etc/default/locale # Set default path to project folder for easier running commands in project WORKDIR ${PROJECT_ROOT} EXPOSE ${PORT} -ENTRYPOINT ["/init"] \ No newline at end of file +ENTRYPOINT ["/init"] From 445cf83b26b7f4c76eece07685700a98180bd7cf Mon Sep 17 00:00:00 2001 From: Miika Arponen Date: Fri, 28 Jan 2022 11:23:19 +0200 Subject: [PATCH 40/46] Removed WP 404 from favicon --- CHANGELOG.md | 5 +++++ ubuntu-8.1/rootfs/etc/nginx/nginx.conf | 2 +- 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 979a9c6..6f1e0f2 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -5,6 +5,11 @@ The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/) and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.html). +## Unpublished + +### Changed +- favicon to use generic 404 page instead of WP + ## [1.7.0] - 2021-08-12 ### Changed - Updated repo to use edge2 tag from devgeniem/ubuntu-docker-openresty-pagespeed. This might be a breaking change diff --git a/ubuntu-8.1/rootfs/etc/nginx/nginx.conf b/ubuntu-8.1/rootfs/etc/nginx/nginx.conf index e4782e4..66833e7 100644 --- a/ubuntu-8.1/rootfs/etc/nginx/nginx.conf +++ b/ubuntu-8.1/rootfs/etc/nginx/nginx.conf @@ -185,7 +185,7 @@ http { allow all; log_not_found off; access_log off; - try_files $uri @index; + try_files $uri; } # deny all dot-files including git From 8602cc64023ba49f22dbc4f52668007e5514b9bd Mon Sep 17 00:00:00 2001 From: Miika Arponen Date: Fri, 28 Jan 2022 11:29:16 +0200 Subject: [PATCH 41/46] Favicon 404 fix --- ubuntu-8.1/rootfs/etc/nginx/nginx.conf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ubuntu-8.1/rootfs/etc/nginx/nginx.conf b/ubuntu-8.1/rootfs/etc/nginx/nginx.conf index 66833e7..847d56e 100644 --- a/ubuntu-8.1/rootfs/etc/nginx/nginx.conf +++ b/ubuntu-8.1/rootfs/etc/nginx/nginx.conf @@ -185,7 +185,7 @@ http { allow all; log_not_found off; access_log off; - try_files $uri; + try_files $uri =404; } # deny all dot-files including git From 803a44243d28e514e43b758593af548aa0e7244e Mon Sep 17 00:00:00 2001 From: Ville Pietarinen Date: Tue, 21 Feb 2023 13:17:03 +0200 Subject: [PATCH 42/46] php8.1 with shibboleth --- README.md | 5 ++++- ubuntu-8.1/Dockerfile | 8 ++++---- 2 files changed, 8 insertions(+), 5 deletions(-) diff --git a/README.md b/README.md index 74e17d2..1010bf7 100644 --- a/README.md +++ b/README.md @@ -1,4 +1,7 @@ # Under construction README was deleted due to legacy reasons. -New README will come later. \ No newline at end of file +New README will come later. + +# Shibboleth +This image has shibboleth additions, use this if your site is using shibboleth for authentication. diff --git a/ubuntu-8.1/Dockerfile b/ubuntu-8.1/Dockerfile index 366033e..8d3fa01 100644 --- a/ubuntu-8.1/Dockerfile +++ b/ubuntu-8.1/Dockerfile @@ -1,5 +1,5 @@ -FROM devgeniem/ubuntu-docker-openresty-pagespeed:edge -MAINTAINER Ville Pietarinen, Hannu Kumpula - Geniem Oy +FROM devgeniem/ubuntu-docker-openresty-pagespeed:shibboleth +MAINTAINER Ville Pietarinen - Geniem Oy ## # Only use these during installation @@ -58,8 +58,8 @@ RUN \ && dpkg --force-all -i cron*.deb \ && mkdir -p /var/spool/cron/crontabs \ # Cleanup - && apt-get clean \ - && apt-get autoremove \ + && apt-get -y clean \ + && apt-get -y autoremove \ && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* /usr/share/doc/* /var/log/apt/* /var/log/*.log From bc05e252d0adbe3ededb6e15986f97276c61bb12 Mon Sep 17 00:00:00 2001 From: Ville Pietarinen Date: Mon, 26 Jun 2023 21:11:32 +0300 Subject: [PATCH 43/46] include proxy real variables earlier --- ubuntu-8.1/rootfs/etc/nginx/nginx.conf | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/ubuntu-8.1/rootfs/etc/nginx/nginx.conf b/ubuntu-8.1/rootfs/etc/nginx/nginx.conf index 847d56e..b972b47 100644 --- a/ubuntu-8.1/rootfs/etc/nginx/nginx.conf +++ b/ubuntu-8.1/rootfs/etc/nginx/nginx.conf @@ -136,6 +136,9 @@ http { ## state variable must be set as it will crash nginx if logged in cache is not used set $state ''; + # These variables are proxy conscious, so that they work even though we are behind reverse proxy + include proxy_real_variables.conf; + # Include custom nginx server additions from project include ${NGINX_INCLUDE_DIR}/server/*.conf; include ${NGINX_INCLUDE_DIR}/environments/${WP_ENV}/server/*.conf; @@ -149,9 +152,6 @@ http { # Moved the cache key defining variable here so it can be altered by project fastcgi_cache_key $scheme$request_method$host$uri$cache_args$custom_parameters$state; - # These variables are proxy conscious, so that they work even though we are behind reverse proxy - include proxy_real_variables.conf; - # Include custom error pages include error_pages.conf; From 6ac3bc1473988c9eaf160c0ad78d95921a729882 Mon Sep 17 00:00:00 2001 From: Ville Pietarinen Date: Wed, 29 Nov 2023 22:38:36 +0200 Subject: [PATCH 44/46] missing shibboleth configs --- ubuntu-8.1/rootfs/etc/nginx/nginx.conf | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/ubuntu-8.1/rootfs/etc/nginx/nginx.conf b/ubuntu-8.1/rootfs/etc/nginx/nginx.conf index b972b47..2eed60d 100644 --- a/ubuntu-8.1/rootfs/etc/nginx/nginx.conf +++ b/ubuntu-8.1/rootfs/etc/nginx/nginx.conf @@ -275,6 +275,14 @@ http { include fastcgi_settings.conf; + # Shibboleth configs + shib_request /shibauthorizer; + include shib_fastcgi_params; + shib_request_set $shib_commonname $upstream_http_variable_commonname; + shib_request_set $shib_email $upstream_http_variable_email; + fastcgi_param COMMONNAME $shib_commonname; + fastcgi_param EMAIL $shib_email; + # Append subfolder automatically fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; From 1a42d10cecca675770e3add79e36b37d83d75003 Mon Sep 17 00:00:00 2001 From: Ville Pietarinen Date: Thu, 7 Dec 2023 11:10:51 +0200 Subject: [PATCH 45/46] add missing shibboleth fastcgi params --- .../rootfs/etc/nginx/shib_fastcgi_params | 81 +++++++++++++++++++ 1 file changed, 81 insertions(+) create mode 100644 ubuntu-8.1/rootfs/etc/nginx/shib_fastcgi_params diff --git a/ubuntu-8.1/rootfs/etc/nginx/shib_fastcgi_params b/ubuntu-8.1/rootfs/etc/nginx/shib_fastcgi_params new file mode 100644 index 0000000..2a795db --- /dev/null +++ b/ubuntu-8.1/rootfs/etc/nginx/shib_fastcgi_params @@ -0,0 +1,81 @@ +# vim: set filetype=conf : + +# Replace `fastcgi_param` with `sgci_param`, `uwsgi_param` or similar +# directive for use with different upstreams. Consult the relevant upstream +# documentation for more information on environment parameters. +# +# Auth-Type is configured as authType in +# https://wiki.shibboleth.net/confluence/display/SHIB2/NativeSPContentSettings. +# Other default SP variables are as per +# https://wiki.shibboleth.net/confluence/display/SHIB2/NativeSPAttributeAccess#NativeSPAttributeAccess-CustomSPVariables + +shib_request_set $shib_auth_type $upstream_http_variable_auth_type; +fastcgi_param Auth-Type $shib_auth_type; + +shib_request_set $shib_shib_application_id $upstream_http_variable_shib_application_id; +fastcgi_param Shib-Application-ID $shib_shib_application_id; + +shib_request_set $shib_shib_authentication_instant $upstream_http_variable_shib_authentication_instant; +fastcgi_param Shib-Authentication-Instant $shib_shib_authentication_instant; + +shib_request_set $shib_shib_authentication_method $upstream_http_variable_shib_authentication_method; +fastcgi_param Shib-Authentication-Method $shib_shib_authentication_method; + +shib_request_set $shib_shib_authncontext_class $upstream_http_variable_shib_authncontext_class; +fastcgi_param Shib-AuthnContext-Class $shib_shib_authncontext_class; + +shib_request_set $shib_shib_authncontext_decl $upstream_http_variable_shib_authncontext_decl; +fastcgi_param Shib-AuthnContext-Decl $shib_shib_authncontext_decl; + +shib_request_set $shib_shib_identity_provider $upstream_http_variable_shib_identity_provider; +fastcgi_param Shib-Identity-Provider $shib_shib_identity_provider; + +shib_request_set $shib_shib_session_id $upstream_http_variable_shib_session_id; +fastcgi_param Shib-Session-ID $shib_shib_session_id; + +shib_request_set $shib_shib_session_index $upstream_http_variable_shib_session_index; +fastcgi_param Shib-Session-Index $shib_shib_session_index; + +shib_request_set $shib_remote_user $upstream_http_variable_remote_user; +fastcgi_param Remote-User $shib_remote_user; + + +# Uncomment any of the following core attributes. Consult your Shibboleth +# Service Provider (SP) attribute-map.xml file for details about attribute +# IDs. Add additional directives for any Shibboleth attributes released to +# your SP. + +# shib_request_set $shib_eppn $upstream_http_variable_eppn; +# fastcgi_param EPPN $shib_eppn; +# +# shib_request_set $shib_affliation $upstream_http_variable_affiliation; +# fastcgi_param Affiliation $shib_affiliation; +# +# shib_request_set $shib_unscoped_affliation $upstream_http_variable_unscoped_affiliation; +# fastcgi_param Unscoped-Affiliation $shib_unscoped_affiliation; +# +# shib_request_set $shib_entitlement $upstream_http_variable_entitlement; +# fastcgi_param Entitlement $shib_entitlement; + + +# shib_request_set $shib_targeted_id $upstream_http_variable_targeted_id; +# fastcgi_param Targeted-Id $shib_targeted_id; +# +# shib_request_set $shib_persistent_id $upstream_http_variable_persistent_id; +# fastcgi_param Persistent-Id $shib_persistent_id; +# +# shib_request_set $shib_transient_name $upstream_http_variable_transient_name; +# fastcgi_param Transient-Name $shib_transient_name; + + +# shib_request_set $shib_commonname $upstream_http_variable_commonname; +# fastcgi_param Commonname $shib_commonname; +# +# shib_request_set $shib_displayname $upstream_http_variable_displayname; +# fastcgi_param DisplayName $shib_displayname; +# +# shib_request_set $shib_email $upstream_http_variable_email; +# fastcgi_param Email $shib_email; +# +# shib_request_set $shib_organizationname $upstream_http_variable_organizationname; +# fastcgi_param OrganizationName $shib_organizationname; \ No newline at end of file From e7b9d33908bb81214cc35ecfe6816193cf500c33 Mon Sep 17 00:00:00 2001 From: artprgrmr Date: Tue, 12 Aug 2025 21:49:42 +0300 Subject: [PATCH 46/46] build/enable php8.1-ssh2 via PECL --- ubuntu-8.1/Dockerfile | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/ubuntu-8.1/Dockerfile b/ubuntu-8.1/Dockerfile index 8d3fa01..dce2f17 100644 --- a/ubuntu-8.1/Dockerfile +++ b/ubuntu-8.1/Dockerfile @@ -46,12 +46,18 @@ RUN \ php8.1-mbstring \ php8.1-soap \ php8.1-bcmath \ - php8.1-curl \ php8.1-ldap \ - php-pear \ php8.1-imagick \ + php-pear \ + libssh2-1 \ + libssh2-1-dev \ + autoconf \ + pkg-config \ && pecl install redis \ + && printf "\n" | pecl install -f ssh2 \ + && echo "extension=ssh2.so" > /etc/php/8.1/mods-available/ssh2.ini \ + && phpenmod -v 8.1 -s ALL ssh2 \ # Force install only cron without extra mailing dependencies && cd /tmp \ && apt-get download cron \