From 9361e82fc73eb6f0868117ceb4c6fd08fc24e802 Mon Sep 17 00:00:00 2001 From: Philipp Holzer Date: Sat, 26 May 2018 17:40:48 +0200 Subject: [PATCH 1/3] Adding examples for docker-compose - Added `.examples/docker-compose/insecure/mariadb-cron-smtp` - Added `.examples/docker-compose/with-traefik-proxy/mariadb-cron-smtp` - Updated README.md --- .../mariadb-cron-smtp/apache/app/Dockerfile | 12 ++ .../apache/app/smtp-config.sh | 45 ++++++++ .../insecure/mariadb-cron-smtp/apache/db.env | 5 + .../apache/docker-compose.yml | 50 ++++++++ .../fpm-alpine/app/Dockerfile | 18 +++ .../mariadb-cron-smtp/fpm-alpine/db.env | 5 + .../fpm-alpine/docker-compose.yml | 60 ++++++++++ .../fpm-alpine/web/nginx.conf | 109 ++++++++++++++++++ .../mariadb-cron-smtp/fpm/app/Dockerfile | 12 ++ .../mariadb-cron-smtp/fpm/app/smtp-config.sh | 45 ++++++++ .../insecure/mariadb-cron-smtp/fpm/db.env | 5 + .../mariadb-cron-smtp/fpm/docker-compose.yml | 60 ++++++++++ .../mariadb-cron-smtp/fpm/web/nginx.conf | 109 ++++++++++++++++++ .../mariadb-cron-smtp/apache/app/Dockerfile | 1 + .../mariadb-cron-smtp/apache/db.env | 4 +- .../apache/docker-compose.yml | 5 +- .../fpm-alpine/app/Dockerfile | 18 +++ .../mariadb-cron-smtp/fpm-alpine/db.env | 5 + .../fpm-alpine/docker-compose.yml | 87 ++++++++++++++ .../fpm-alpine/proxy/Dockerfile | 3 + .../fpm-alpine/proxy/traefik.toml | 27 +++++ .../fpm-alpine/web/nginx.conf | 109 ++++++++++++++++++ .../mariadb-cron-smtp/fpm/app/Dockerfile | 12 ++ .../mariadb-cron-smtp/fpm/app/smtp-config.sh | 45 ++++++++ .../mariadb-cron-smtp/fpm/db.env | 5 + .../mariadb-cron-smtp/fpm/docker-compose.yml | 87 ++++++++++++++ .../mariadb-cron-smtp/fpm/proxy/Dockerfile | 3 + .../mariadb-cron-smtp/fpm/proxy/traefik.toml | 27 +++++ .../mariadb-cron-smtp/fpm/web/nginx.conf | 109 ++++++++++++++++++ README.md | 18 ++- 30 files changed, 1089 insertions(+), 11 deletions(-) create mode 100644 .examples/docker-compose/insecure/mariadb-cron-smtp/apache/app/Dockerfile create mode 100644 .examples/docker-compose/insecure/mariadb-cron-smtp/apache/app/smtp-config.sh create mode 100644 .examples/docker-compose/insecure/mariadb-cron-smtp/apache/db.env create mode 100644 .examples/docker-compose/insecure/mariadb-cron-smtp/apache/docker-compose.yml create mode 100644 .examples/docker-compose/insecure/mariadb-cron-smtp/fpm-alpine/app/Dockerfile create mode 100644 .examples/docker-compose/insecure/mariadb-cron-smtp/fpm-alpine/db.env create mode 100644 .examples/docker-compose/insecure/mariadb-cron-smtp/fpm-alpine/docker-compose.yml create mode 100644 .examples/docker-compose/insecure/mariadb-cron-smtp/fpm-alpine/web/nginx.conf create mode 100644 .examples/docker-compose/insecure/mariadb-cron-smtp/fpm/app/Dockerfile create mode 100644 .examples/docker-compose/insecure/mariadb-cron-smtp/fpm/app/smtp-config.sh create mode 100644 .examples/docker-compose/insecure/mariadb-cron-smtp/fpm/db.env create mode 100644 .examples/docker-compose/insecure/mariadb-cron-smtp/fpm/docker-compose.yml create mode 100644 .examples/docker-compose/insecure/mariadb-cron-smtp/fpm/web/nginx.conf create mode 100644 .examples/docker-compose/with-traefik-proxy/mariadb-cron-smtp/fpm-alpine/app/Dockerfile create mode 100644 .examples/docker-compose/with-traefik-proxy/mariadb-cron-smtp/fpm-alpine/db.env create mode 100644 .examples/docker-compose/with-traefik-proxy/mariadb-cron-smtp/fpm-alpine/docker-compose.yml create mode 100644 .examples/docker-compose/with-traefik-proxy/mariadb-cron-smtp/fpm-alpine/proxy/Dockerfile create mode 100644 .examples/docker-compose/with-traefik-proxy/mariadb-cron-smtp/fpm-alpine/proxy/traefik.toml create mode 100644 .examples/docker-compose/with-traefik-proxy/mariadb-cron-smtp/fpm-alpine/web/nginx.conf create mode 100644 .examples/docker-compose/with-traefik-proxy/mariadb-cron-smtp/fpm/app/Dockerfile create mode 100644 .examples/docker-compose/with-traefik-proxy/mariadb-cron-smtp/fpm/app/smtp-config.sh create mode 100644 .examples/docker-compose/with-traefik-proxy/mariadb-cron-smtp/fpm/db.env create mode 100644 .examples/docker-compose/with-traefik-proxy/mariadb-cron-smtp/fpm/docker-compose.yml create mode 100644 .examples/docker-compose/with-traefik-proxy/mariadb-cron-smtp/fpm/proxy/Dockerfile create mode 100644 .examples/docker-compose/with-traefik-proxy/mariadb-cron-smtp/fpm/proxy/traefik.toml create mode 100644 .examples/docker-compose/with-traefik-proxy/mariadb-cron-smtp/fpm/web/nginx.conf diff --git a/.examples/docker-compose/insecure/mariadb-cron-smtp/apache/app/Dockerfile b/.examples/docker-compose/insecure/mariadb-cron-smtp/apache/app/Dockerfile new file mode 100644 index 0000000..60c60c6 --- /dev/null +++ b/.examples/docker-compose/insecure/mariadb-cron-smtp/apache/app/Dockerfile @@ -0,0 +1,12 @@ +# Based on .exmples/dockerfiles/smtp/apache +FROM friendica/server:apache + +# simple = using an smtp without any credentials (mostly in local networks) +# custom = you need to set host, port, auth_options, authinfo (e.g. for GMX support) +ENV SMTP_TYPE simple + +ENV SMTP_HOST smtp.example.org + +COPY *.sh / +RUN chmod +x /*.sh +RUN /smtp-config.sh \ No newline at end of file diff --git a/.examples/docker-compose/insecure/mariadb-cron-smtp/apache/app/smtp-config.sh b/.examples/docker-compose/insecure/mariadb-cron-smtp/apache/app/smtp-config.sh new file mode 100644 index 0000000..9fa076d --- /dev/null +++ b/.examples/docker-compose/insecure/mariadb-cron-smtp/apache/app/smtp-config.sh @@ -0,0 +1,45 @@ +#!/bin/sh +set -eu + +IFS=\n + +SMTP_TYPE=${SMTP_TYPE:-simple} + +# config options +SMTP_HOST=${SMTP_HOST:-'localhost'} +SMTP_PORT=${SMTP_PORT:-'25'} +SMTP_AUTH=${SMTP_AUTH:-'A p'} +SMTP_TRUST_AUTH_MECH=${SMTP_TRUST_AUTH_MECH:-'EXTERNAL DIGEST-MD5 CRAM-MD5 LOGIN PLAIN'} +SMTP_AUTH_MECH=${SMTP_AUTH_MECH:-'EXTERNAL GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN PLAIN'} + +SMTP_USERNAME=${SMTP_USERNAME:-''} +SMTP_PASSWORD=${SMTP_PASSWORD:-''} + +smtp_simple() { + sed -i '/MAILER_DEFINITIONS/i define(`SMART_HOST'\'',`'$SMTP_HOST''\'')dnl/' /etc/mail/sendmail.mc +} + +smtp_custom() { + cd /etc/mail + mkdir -m 700 authinfo + cd authinfo/ + echo 'Authinfo: "U:www-data" "I:'$SMTP_USERNAME'" "P:'$SMTP_PASSWORD'"' > auth_file + makemap hash auth < auth_file + + sed -i '/MAILER_DEFINITIONS/i \ +define(`SMART_HOST'\'',`'$SMTP_HOST''\'')dnl \ +define(`RELAY_MAILER_ARGS'\'', `TCP '$SMTP_HOST' '$SMTP_PORT''\'')dnl \ +define(`ESMTP_MAILER_ARGS'\'', `TCP '$SMTP_HOST' '$SMTP_PORT''\'')dnl \ +define(`confAUTH_OPTIONS'\'', `'$SMTP_AUTH''\'')dnl \ +TRUST_AUTH_MECH(`'$SMTP_TRUST_AUTH_MECH''\'')dnl \ +define(`confAUTH_MECHANISMS'\'', `'$SMTP_AUTH_MECH''\'')dnl \ +FEATURE(`authinfo'\'',`hash -o /etc/mail/authinfo/auth.db'\'')dnl' /etc/mail/sendmail.mc +} + +case $SMTP_TYPE in + simple) smtp_simple ;; + custom) smtp_custom ;; + *) + echo "Unknown SMTP-Type '$SMTP_TYPE'" + exit 1 +esac \ No newline at end of file diff --git a/.examples/docker-compose/insecure/mariadb-cron-smtp/apache/db.env b/.examples/docker-compose/insecure/mariadb-cron-smtp/apache/db.env new file mode 100644 index 0000000..d5d6300 --- /dev/null +++ b/.examples/docker-compose/insecure/mariadb-cron-smtp/apache/db.env @@ -0,0 +1,5 @@ +MYSQL_PASSWORD= +MYSQL_DATABASE=friendica +MYSQL_USER=friendica +MYSQL_HOST=db +MYSQL_PORT=3306 \ No newline at end of file diff --git a/.examples/docker-compose/insecure/mariadb-cron-smtp/apache/docker-compose.yml b/.examples/docker-compose/insecure/mariadb-cron-smtp/apache/docker-compose.yml new file mode 100644 index 0000000..79e631e --- /dev/null +++ b/.examples/docker-compose/insecure/mariadb-cron-smtp/apache/docker-compose.yml @@ -0,0 +1,50 @@ +version: '2.1' +services: + + db: + image: mariadb + restart: always + volumes: + - db:/var/lib/mysql/ + environment: + - MYSQL_RANDOM_ROOT_PASSWORD=yes + env_file: + - db.env + + app: + build: ./app + restart: always + volumes: + - friendica:/var/www/html + environment: + - AUTOINSTALL=true + - MAILNAME= + - TZ= + - LANGUAGE= + env_file: + - db.env + depends_on: + - db + hostname: friendica.local + ports: + - "80:80" + + cron: + build: ./app + restart: always + volumes: + - friendica:/var/www/html + entrypoint: /cron.sh + environment: + - MAILNAME= + - TZ= + - LANGUAGE= + env_file: + - db.env + depends_on: + - db + hostname: friendica.local + +volumes: + db: + friendica: \ No newline at end of file diff --git a/.examples/docker-compose/insecure/mariadb-cron-smtp/fpm-alpine/app/Dockerfile b/.examples/docker-compose/insecure/mariadb-cron-smtp/fpm-alpine/app/Dockerfile new file mode 100644 index 0000000..dae8782 --- /dev/null +++ b/.examples/docker-compose/insecure/mariadb-cron-smtp/fpm-alpine/app/Dockerfile @@ -0,0 +1,18 @@ +# Based on .exmples/dockerfiles/smtp/fpm-alpine +FROM friendica/server:fpm-alpine + +ENV SMTP_HOST smtp.example.org + +RUN set -ex; \ + \ + apk add --no-cache \ + ssmtp \ + ; \ + # disable the current mailhub + sed -i "s|mailhub=|#mailhub= |g" /etc/ssmtp/ssmtp.conf; \ + # enable the new mailhub + echo "mailhub=${SMTP_HOST:-localhost}" >> /etc/ssmtp/ssmtp.conf; + +# simple = using an smtp without any credentials (mostly in local networks) +# custom = you need to set host, port, auth_options, authinfo (e.g. for GMX support) +ENV SMTP_TYPE simple \ No newline at end of file diff --git a/.examples/docker-compose/insecure/mariadb-cron-smtp/fpm-alpine/db.env b/.examples/docker-compose/insecure/mariadb-cron-smtp/fpm-alpine/db.env new file mode 100644 index 0000000..d5d6300 --- /dev/null +++ b/.examples/docker-compose/insecure/mariadb-cron-smtp/fpm-alpine/db.env @@ -0,0 +1,5 @@ +MYSQL_PASSWORD= +MYSQL_DATABASE=friendica +MYSQL_USER=friendica +MYSQL_HOST=db +MYSQL_PORT=3306 \ No newline at end of file diff --git a/.examples/docker-compose/insecure/mariadb-cron-smtp/fpm-alpine/docker-compose.yml b/.examples/docker-compose/insecure/mariadb-cron-smtp/fpm-alpine/docker-compose.yml new file mode 100644 index 0000000..35b017b --- /dev/null +++ b/.examples/docker-compose/insecure/mariadb-cron-smtp/fpm-alpine/docker-compose.yml @@ -0,0 +1,60 @@ +version: '2.1' +services: + + db: + image: mariadb + restart: always + volumes: + - db:/var/lib/mysql/ + environment: + - MYSQL_RANDOM_ROOT_PASSWORD=yes + env_file: + - db.env + + app: + build: ./app + restart: always + volumes: + - friendica:/var/www/html + environment: + - AUTOINSTALL=true + - MAILNAME= + - TZ= + - LANGUAGE= + env_file: + - db.env + depends_on: + - db + hostname: friendica.local + + cron: + build: ./app + restart: always + volumes: + - friendica:/var/www/html + entrypoint: /cron.sh + environment: + - MAILNAME= + - TZ= + - LANGUAGE= + env_file: + - db.env + depends_on: + - db + - app + hostname: friendica.local + + web: + image: nginx + restart: always + volumes: + - friendica:/var/www/html:ro + - ./web/nginx.conf:/etc/nginx/nginx.conf:ro + depends_on: + - app + ports: + - "80:80" + +volumes: + db: + friendica: \ No newline at end of file diff --git a/.examples/docker-compose/insecure/mariadb-cron-smtp/fpm-alpine/web/nginx.conf b/.examples/docker-compose/insecure/mariadb-cron-smtp/fpm-alpine/web/nginx.conf new file mode 100644 index 0000000..cb8295d --- /dev/null +++ b/.examples/docker-compose/insecure/mariadb-cron-smtp/fpm-alpine/web/nginx.conf @@ -0,0 +1,109 @@ +## +# Friendica Nginx configuration +# by Olaf Conradi, modified by Philipp Holzer +# +worker_processes 4; + +events { + worker_connections 1024; +} + +error_log /var/log/nginx/error.log warn; +pid /var/run/nginx.pid; + +http { + charset utf-8; + + include /etc/nginx/mime.types; + default_type application/octet-stream; + + log_format main '$remote_addr - $remote_user [$time_local] "$request" ' + '$status $body_bytes_sent "$http_referer" ' + '"$http_user_agent" "$http_x_forwarded_for"'; + + access_log /var/log/nginx/access.log main; + + # If behind reverse proxy, forwards the correct IP + set_real_ip_from 10.0.0.0/8; + set_real_ip_from 172.16.0.0/12; + set_real_ip_from 192.168.0.0/16; + set_real_ip_from fc00::/7; + real_ip_header X-Real-IP; + + upstream php-handler { + server app:9000; + } + + server { + listen 80; + server_name friendica.local; + + index index.php; + + root /var/www/html; + #Uncomment the following line to include a standard configuration file + #Note that the most specific rule wins and your standard configuration + #will therefore *add* to this file, but not override it. + #include standard.conf + # allow uploads up to 20MB in size + client_max_body_size 20m; + client_body_buffer_size 128k; + + # rewrite to front controller as default rule + location / { + if (!-e $request_filename) { + rewrite ^(.*)$ /index.php?pagename=$1; + } + } + # make sure webfinger and other well known services aren't blocked + # by denying dot files and rewrite request to the front controller + location ^~ /.well-known/ { + allow all; + if (!-e $request_filename) { + rewrite ^(.*)$ /index.php?pagename=$1; + } + } + + # statically serve these file types when possible + # otherwise fall back to front controller + # allow browser to cache them + # added .htm for advanced source code editor library + #location ~* \.(jpg|jpeg|gif|png|ico|css|js|htm|html|ttf|woff|svg)$ { + # expires 30d; + # try_files $uri /index.php?pagename=$uri&$args; + #} + + include mime.types; + + # block these file types + location ~* \.(tpl|md|tgz|log|out)$ { + deny all; + } + + # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000 + # or a unix socket + location ~* \.php$ { + # Zero-day exploit defense. + # http://forum.nginx.org/read.php?2,88845,page=3 + # Won't work properly (404 error) if the file is not stored on this + # server, which is entirely possible with php-fpm/php-fcgi. + # Comment the 'try_files' line out if you set up php-fpm/php-fcgi on + # another machine. And then cross your fingers that you won't get hacked. + try_files $uri =404; + + # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini + fastcgi_split_path_info ^(.+\.php)(/.+)$; + + fastcgi_pass php-handler; + + include fastcgi_params; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + } + + # deny access to all dot files + location ~ /\. { + deny all; + } + } +} \ No newline at end of file diff --git a/.examples/docker-compose/insecure/mariadb-cron-smtp/fpm/app/Dockerfile b/.examples/docker-compose/insecure/mariadb-cron-smtp/fpm/app/Dockerfile new file mode 100644 index 0000000..fcb2911 --- /dev/null +++ b/.examples/docker-compose/insecure/mariadb-cron-smtp/fpm/app/Dockerfile @@ -0,0 +1,12 @@ +# Based on .exmples/dockerfiles/smtp/fpm +FROM friendica/server:fpm + +# simple = using an smtp without any credentials (mostly in local networks) +# custom = you need to set host, port, auth_options, authinfo (e.g. for GMX support) +ENV SMTP_TYPE simple + +ENV SMTP_HOST smtp.example.org + +COPY *.sh / +RUN chmod +x /*.sh +RUN /smtp-config.sh \ No newline at end of file diff --git a/.examples/docker-compose/insecure/mariadb-cron-smtp/fpm/app/smtp-config.sh b/.examples/docker-compose/insecure/mariadb-cron-smtp/fpm/app/smtp-config.sh new file mode 100644 index 0000000..9fa076d --- /dev/null +++ b/.examples/docker-compose/insecure/mariadb-cron-smtp/fpm/app/smtp-config.sh @@ -0,0 +1,45 @@ +#!/bin/sh +set -eu + +IFS=\n + +SMTP_TYPE=${SMTP_TYPE:-simple} + +# config options +SMTP_HOST=${SMTP_HOST:-'localhost'} +SMTP_PORT=${SMTP_PORT:-'25'} +SMTP_AUTH=${SMTP_AUTH:-'A p'} +SMTP_TRUST_AUTH_MECH=${SMTP_TRUST_AUTH_MECH:-'EXTERNAL DIGEST-MD5 CRAM-MD5 LOGIN PLAIN'} +SMTP_AUTH_MECH=${SMTP_AUTH_MECH:-'EXTERNAL GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN PLAIN'} + +SMTP_USERNAME=${SMTP_USERNAME:-''} +SMTP_PASSWORD=${SMTP_PASSWORD:-''} + +smtp_simple() { + sed -i '/MAILER_DEFINITIONS/i define(`SMART_HOST'\'',`'$SMTP_HOST''\'')dnl/' /etc/mail/sendmail.mc +} + +smtp_custom() { + cd /etc/mail + mkdir -m 700 authinfo + cd authinfo/ + echo 'Authinfo: "U:www-data" "I:'$SMTP_USERNAME'" "P:'$SMTP_PASSWORD'"' > auth_file + makemap hash auth < auth_file + + sed -i '/MAILER_DEFINITIONS/i \ +define(`SMART_HOST'\'',`'$SMTP_HOST''\'')dnl \ +define(`RELAY_MAILER_ARGS'\'', `TCP '$SMTP_HOST' '$SMTP_PORT''\'')dnl \ +define(`ESMTP_MAILER_ARGS'\'', `TCP '$SMTP_HOST' '$SMTP_PORT''\'')dnl \ +define(`confAUTH_OPTIONS'\'', `'$SMTP_AUTH''\'')dnl \ +TRUST_AUTH_MECH(`'$SMTP_TRUST_AUTH_MECH''\'')dnl \ +define(`confAUTH_MECHANISMS'\'', `'$SMTP_AUTH_MECH''\'')dnl \ +FEATURE(`authinfo'\'',`hash -o /etc/mail/authinfo/auth.db'\'')dnl' /etc/mail/sendmail.mc +} + +case $SMTP_TYPE in + simple) smtp_simple ;; + custom) smtp_custom ;; + *) + echo "Unknown SMTP-Type '$SMTP_TYPE'" + exit 1 +esac \ No newline at end of file diff --git a/.examples/docker-compose/insecure/mariadb-cron-smtp/fpm/db.env b/.examples/docker-compose/insecure/mariadb-cron-smtp/fpm/db.env new file mode 100644 index 0000000..d5d6300 --- /dev/null +++ b/.examples/docker-compose/insecure/mariadb-cron-smtp/fpm/db.env @@ -0,0 +1,5 @@ +MYSQL_PASSWORD= +MYSQL_DATABASE=friendica +MYSQL_USER=friendica +MYSQL_HOST=db +MYSQL_PORT=3306 \ No newline at end of file diff --git a/.examples/docker-compose/insecure/mariadb-cron-smtp/fpm/docker-compose.yml b/.examples/docker-compose/insecure/mariadb-cron-smtp/fpm/docker-compose.yml new file mode 100644 index 0000000..35b017b --- /dev/null +++ b/.examples/docker-compose/insecure/mariadb-cron-smtp/fpm/docker-compose.yml @@ -0,0 +1,60 @@ +version: '2.1' +services: + + db: + image: mariadb + restart: always + volumes: + - db:/var/lib/mysql/ + environment: + - MYSQL_RANDOM_ROOT_PASSWORD=yes + env_file: + - db.env + + app: + build: ./app + restart: always + volumes: + - friendica:/var/www/html + environment: + - AUTOINSTALL=true + - MAILNAME= + - TZ= + - LANGUAGE= + env_file: + - db.env + depends_on: + - db + hostname: friendica.local + + cron: + build: ./app + restart: always + volumes: + - friendica:/var/www/html + entrypoint: /cron.sh + environment: + - MAILNAME= + - TZ= + - LANGUAGE= + env_file: + - db.env + depends_on: + - db + - app + hostname: friendica.local + + web: + image: nginx + restart: always + volumes: + - friendica:/var/www/html:ro + - ./web/nginx.conf:/etc/nginx/nginx.conf:ro + depends_on: + - app + ports: + - "80:80" + +volumes: + db: + friendica: \ No newline at end of file diff --git a/.examples/docker-compose/insecure/mariadb-cron-smtp/fpm/web/nginx.conf b/.examples/docker-compose/insecure/mariadb-cron-smtp/fpm/web/nginx.conf new file mode 100644 index 0000000..cb8295d --- /dev/null +++ b/.examples/docker-compose/insecure/mariadb-cron-smtp/fpm/web/nginx.conf @@ -0,0 +1,109 @@ +## +# Friendica Nginx configuration +# by Olaf Conradi, modified by Philipp Holzer +# +worker_processes 4; + +events { + worker_connections 1024; +} + +error_log /var/log/nginx/error.log warn; +pid /var/run/nginx.pid; + +http { + charset utf-8; + + include /etc/nginx/mime.types; + default_type application/octet-stream; + + log_format main '$remote_addr - $remote_user [$time_local] "$request" ' + '$status $body_bytes_sent "$http_referer" ' + '"$http_user_agent" "$http_x_forwarded_for"'; + + access_log /var/log/nginx/access.log main; + + # If behind reverse proxy, forwards the correct IP + set_real_ip_from 10.0.0.0/8; + set_real_ip_from 172.16.0.0/12; + set_real_ip_from 192.168.0.0/16; + set_real_ip_from fc00::/7; + real_ip_header X-Real-IP; + + upstream php-handler { + server app:9000; + } + + server { + listen 80; + server_name friendica.local; + + index index.php; + + root /var/www/html; + #Uncomment the following line to include a standard configuration file + #Note that the most specific rule wins and your standard configuration + #will therefore *add* to this file, but not override it. + #include standard.conf + # allow uploads up to 20MB in size + client_max_body_size 20m; + client_body_buffer_size 128k; + + # rewrite to front controller as default rule + location / { + if (!-e $request_filename) { + rewrite ^(.*)$ /index.php?pagename=$1; + } + } + # make sure webfinger and other well known services aren't blocked + # by denying dot files and rewrite request to the front controller + location ^~ /.well-known/ { + allow all; + if (!-e $request_filename) { + rewrite ^(.*)$ /index.php?pagename=$1; + } + } + + # statically serve these file types when possible + # otherwise fall back to front controller + # allow browser to cache them + # added .htm for advanced source code editor library + #location ~* \.(jpg|jpeg|gif|png|ico|css|js|htm|html|ttf|woff|svg)$ { + # expires 30d; + # try_files $uri /index.php?pagename=$uri&$args; + #} + + include mime.types; + + # block these file types + location ~* \.(tpl|md|tgz|log|out)$ { + deny all; + } + + # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000 + # or a unix socket + location ~* \.php$ { + # Zero-day exploit defense. + # http://forum.nginx.org/read.php?2,88845,page=3 + # Won't work properly (404 error) if the file is not stored on this + # server, which is entirely possible with php-fpm/php-fcgi. + # Comment the 'try_files' line out if you set up php-fpm/php-fcgi on + # another machine. And then cross your fingers that you won't get hacked. + try_files $uri =404; + + # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini + fastcgi_split_path_info ^(.+\.php)(/.+)$; + + fastcgi_pass php-handler; + + include fastcgi_params; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + } + + # deny access to all dot files + location ~ /\. { + deny all; + } + } +} \ No newline at end of file diff --git a/.examples/docker-compose/with-traefik-proxy/mariadb-cron-smtp/apache/app/Dockerfile b/.examples/docker-compose/with-traefik-proxy/mariadb-cron-smtp/apache/app/Dockerfile index 015f3c9..60c60c6 100644 --- a/.examples/docker-compose/with-traefik-proxy/mariadb-cron-smtp/apache/app/Dockerfile +++ b/.examples/docker-compose/with-traefik-proxy/mariadb-cron-smtp/apache/app/Dockerfile @@ -1,3 +1,4 @@ +# Based on .exmples/dockerfiles/smtp/apache FROM friendica/server:apache # simple = using an smtp without any credentials (mostly in local networks) diff --git a/.examples/docker-compose/with-traefik-proxy/mariadb-cron-smtp/apache/db.env b/.examples/docker-compose/with-traefik-proxy/mariadb-cron-smtp/apache/db.env index aeafdb2..d5d6300 100644 --- a/.examples/docker-compose/with-traefik-proxy/mariadb-cron-smtp/apache/db.env +++ b/.examples/docker-compose/with-traefik-proxy/mariadb-cron-smtp/apache/db.env @@ -1,3 +1,5 @@ MYSQL_PASSWORD= MYSQL_DATABASE=friendica -MYSQL_USER=friendica \ No newline at end of file +MYSQL_USER=friendica +MYSQL_HOST=db +MYSQL_PORT=3306 \ No newline at end of file diff --git a/.examples/docker-compose/with-traefik-proxy/mariadb-cron-smtp/apache/docker-compose.yml b/.examples/docker-compose/with-traefik-proxy/mariadb-cron-smtp/apache/docker-compose.yml index be381cc..281b10e 100644 --- a/.examples/docker-compose/with-traefik-proxy/mariadb-cron-smtp/apache/docker-compose.yml +++ b/.examples/docker-compose/with-traefik-proxy/mariadb-cron-smtp/apache/docker-compose.yml @@ -17,8 +17,7 @@ services: volumes: - friendica:/var/www/html environment: - - MYSQL_HOST=db - - MYSQL_PORT=3306 + - AUTOINSTALL=true - MAILNAME= - TZ= - LANGUAGE= @@ -49,8 +48,6 @@ services: - friendica:/var/www/html entrypoint: /cron.sh environment: - - MYSQL_HOST=db - - MYSQL_PORT=3306 - MAILNAME= - TZ= - LANGUAGE= diff --git a/.examples/docker-compose/with-traefik-proxy/mariadb-cron-smtp/fpm-alpine/app/Dockerfile b/.examples/docker-compose/with-traefik-proxy/mariadb-cron-smtp/fpm-alpine/app/Dockerfile new file mode 100644 index 0000000..dae8782 --- /dev/null +++ b/.examples/docker-compose/with-traefik-proxy/mariadb-cron-smtp/fpm-alpine/app/Dockerfile @@ -0,0 +1,18 @@ +# Based on .exmples/dockerfiles/smtp/fpm-alpine +FROM friendica/server:fpm-alpine + +ENV SMTP_HOST smtp.example.org + +RUN set -ex; \ + \ + apk add --no-cache \ + ssmtp \ + ; \ + # disable the current mailhub + sed -i "s|mailhub=|#mailhub= |g" /etc/ssmtp/ssmtp.conf; \ + # enable the new mailhub + echo "mailhub=${SMTP_HOST:-localhost}" >> /etc/ssmtp/ssmtp.conf; + +# simple = using an smtp without any credentials (mostly in local networks) +# custom = you need to set host, port, auth_options, authinfo (e.g. for GMX support) +ENV SMTP_TYPE simple \ No newline at end of file diff --git a/.examples/docker-compose/with-traefik-proxy/mariadb-cron-smtp/fpm-alpine/db.env b/.examples/docker-compose/with-traefik-proxy/mariadb-cron-smtp/fpm-alpine/db.env new file mode 100644 index 0000000..d5d6300 --- /dev/null +++ b/.examples/docker-compose/with-traefik-proxy/mariadb-cron-smtp/fpm-alpine/db.env @@ -0,0 +1,5 @@ +MYSQL_PASSWORD= +MYSQL_DATABASE=friendica +MYSQL_USER=friendica +MYSQL_HOST=db +MYSQL_PORT=3306 \ No newline at end of file diff --git a/.examples/docker-compose/with-traefik-proxy/mariadb-cron-smtp/fpm-alpine/docker-compose.yml b/.examples/docker-compose/with-traefik-proxy/mariadb-cron-smtp/fpm-alpine/docker-compose.yml new file mode 100644 index 0000000..e06fb26 --- /dev/null +++ b/.examples/docker-compose/with-traefik-proxy/mariadb-cron-smtp/fpm-alpine/docker-compose.yml @@ -0,0 +1,87 @@ +version: '2.1' +services: + + db: + image: mariadb + restart: always + volumes: + - db:/var/lib/mysql/ + environment: + - MYSQL_RANDOM_ROOT_PASSWORD=yes + env_file: + - db.env + + app: + build: ./app + restart: always + volumes: + - friendica:/var/www/html + environment: + - AUTOINSTALL=true + - MAILNAME= + - TZ= + - LANGUAGE= + env_file: + - db.env + depends_on: + - db + hostname: friendica.local + + cron: + build: ./app + restart: always + volumes: + - friendica:/var/www/html + entrypoint: /cron.sh + environment: + - MAILNAME= + - TZ= + - LANGUAGE= + env_file: + - db.env + depends_on: + - db + - app + hostname: friendica.local + + web: + image: nginx + restart: always + volumes: + - friendica:/var/www/html:ro + - ./web/nginx.conf:/etc/nginx/nginx.conf:ro + depends_on: + - app + networks: + - default + - proxy-tier + labels: + - "traefik.backend=friendica" + - "traefik.frontend.entryPoints=https,http" + - "traefik.frontend.headers.STSSeconds=15768000" + - "traefik.frontend.headers.STSIncludeSubdomains=false" + - "traefik.frontend.headers.forceSTSHeader=true" + - "traefik.friendica.frontend.rule=Host:friendica.local" + - "traefik.friendica.frontend.port=80" + - "traefik.enable=true" + - "traefik.docker.network=proxy-tier" + + proxy: + build: ./proxy + restart: always + ports: + - "80:80" + - "443:443" + volumes: + - /var/run/docker.sock:/var/run/docker.sock + container_name: traefik + networks: + - default + - proxy-tier + +volumes: + db: + friendica: + +networks: + proxy-tier: \ No newline at end of file diff --git a/.examples/docker-compose/with-traefik-proxy/mariadb-cron-smtp/fpm-alpine/proxy/Dockerfile b/.examples/docker-compose/with-traefik-proxy/mariadb-cron-smtp/fpm-alpine/proxy/Dockerfile new file mode 100644 index 0000000..ce029f2 --- /dev/null +++ b/.examples/docker-compose/with-traefik-proxy/mariadb-cron-smtp/fpm-alpine/proxy/Dockerfile @@ -0,0 +1,3 @@ +FROM traefik + +COPY ./traefik.toml /traefik.toml \ No newline at end of file diff --git a/.examples/docker-compose/with-traefik-proxy/mariadb-cron-smtp/fpm-alpine/proxy/traefik.toml b/.examples/docker-compose/with-traefik-proxy/mariadb-cron-smtp/fpm-alpine/proxy/traefik.toml new file mode 100644 index 0000000..4bb3e67 --- /dev/null +++ b/.examples/docker-compose/with-traefik-proxy/mariadb-cron-smtp/fpm-alpine/proxy/traefik.toml @@ -0,0 +1,27 @@ +debug = false + +logLevel = "ERROR" +defaultEntryPoints = ["https","http"] + +[entryPoints] + [entryPoints.http] + address = ":80" + [entryPoints.https] + address = ":443" + [entryPoints.https.tls] + +[retry] + +[docker] +endpoint = "unix:///var/run/docker.sock" +domain = "example.org" +watch = true +exposedByDefault = false + +#[acme] +#email = "root@example.org" +#storage = "acme.json" +#entryPoint = "https" +#onHostRule = true +#[acme.httpChallenge] +#entryPoint = "http" \ No newline at end of file diff --git a/.examples/docker-compose/with-traefik-proxy/mariadb-cron-smtp/fpm-alpine/web/nginx.conf b/.examples/docker-compose/with-traefik-proxy/mariadb-cron-smtp/fpm-alpine/web/nginx.conf new file mode 100644 index 0000000..cb8295d --- /dev/null +++ b/.examples/docker-compose/with-traefik-proxy/mariadb-cron-smtp/fpm-alpine/web/nginx.conf @@ -0,0 +1,109 @@ +## +# Friendica Nginx configuration +# by Olaf Conradi, modified by Philipp Holzer +# +worker_processes 4; + +events { + worker_connections 1024; +} + +error_log /var/log/nginx/error.log warn; +pid /var/run/nginx.pid; + +http { + charset utf-8; + + include /etc/nginx/mime.types; + default_type application/octet-stream; + + log_format main '$remote_addr - $remote_user [$time_local] "$request" ' + '$status $body_bytes_sent "$http_referer" ' + '"$http_user_agent" "$http_x_forwarded_for"'; + + access_log /var/log/nginx/access.log main; + + # If behind reverse proxy, forwards the correct IP + set_real_ip_from 10.0.0.0/8; + set_real_ip_from 172.16.0.0/12; + set_real_ip_from 192.168.0.0/16; + set_real_ip_from fc00::/7; + real_ip_header X-Real-IP; + + upstream php-handler { + server app:9000; + } + + server { + listen 80; + server_name friendica.local; + + index index.php; + + root /var/www/html; + #Uncomment the following line to include a standard configuration file + #Note that the most specific rule wins and your standard configuration + #will therefore *add* to this file, but not override it. + #include standard.conf + # allow uploads up to 20MB in size + client_max_body_size 20m; + client_body_buffer_size 128k; + + # rewrite to front controller as default rule + location / { + if (!-e $request_filename) { + rewrite ^(.*)$ /index.php?pagename=$1; + } + } + # make sure webfinger and other well known services aren't blocked + # by denying dot files and rewrite request to the front controller + location ^~ /.well-known/ { + allow all; + if (!-e $request_filename) { + rewrite ^(.*)$ /index.php?pagename=$1; + } + } + + # statically serve these file types when possible + # otherwise fall back to front controller + # allow browser to cache them + # added .htm for advanced source code editor library + #location ~* \.(jpg|jpeg|gif|png|ico|css|js|htm|html|ttf|woff|svg)$ { + # expires 30d; + # try_files $uri /index.php?pagename=$uri&$args; + #} + + include mime.types; + + # block these file types + location ~* \.(tpl|md|tgz|log|out)$ { + deny all; + } + + # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000 + # or a unix socket + location ~* \.php$ { + # Zero-day exploit defense. + # http://forum.nginx.org/read.php?2,88845,page=3 + # Won't work properly (404 error) if the file is not stored on this + # server, which is entirely possible with php-fpm/php-fcgi. + # Comment the 'try_files' line out if you set up php-fpm/php-fcgi on + # another machine. And then cross your fingers that you won't get hacked. + try_files $uri =404; + + # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini + fastcgi_split_path_info ^(.+\.php)(/.+)$; + + fastcgi_pass php-handler; + + include fastcgi_params; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + } + + # deny access to all dot files + location ~ /\. { + deny all; + } + } +} \ No newline at end of file diff --git a/.examples/docker-compose/with-traefik-proxy/mariadb-cron-smtp/fpm/app/Dockerfile b/.examples/docker-compose/with-traefik-proxy/mariadb-cron-smtp/fpm/app/Dockerfile new file mode 100644 index 0000000..fcb2911 --- /dev/null +++ b/.examples/docker-compose/with-traefik-proxy/mariadb-cron-smtp/fpm/app/Dockerfile @@ -0,0 +1,12 @@ +# Based on .exmples/dockerfiles/smtp/fpm +FROM friendica/server:fpm + +# simple = using an smtp without any credentials (mostly in local networks) +# custom = you need to set host, port, auth_options, authinfo (e.g. for GMX support) +ENV SMTP_TYPE simple + +ENV SMTP_HOST smtp.example.org + +COPY *.sh / +RUN chmod +x /*.sh +RUN /smtp-config.sh \ No newline at end of file diff --git a/.examples/docker-compose/with-traefik-proxy/mariadb-cron-smtp/fpm/app/smtp-config.sh b/.examples/docker-compose/with-traefik-proxy/mariadb-cron-smtp/fpm/app/smtp-config.sh new file mode 100644 index 0000000..9fa076d --- /dev/null +++ b/.examples/docker-compose/with-traefik-proxy/mariadb-cron-smtp/fpm/app/smtp-config.sh @@ -0,0 +1,45 @@ +#!/bin/sh +set -eu + +IFS=\n + +SMTP_TYPE=${SMTP_TYPE:-simple} + +# config options +SMTP_HOST=${SMTP_HOST:-'localhost'} +SMTP_PORT=${SMTP_PORT:-'25'} +SMTP_AUTH=${SMTP_AUTH:-'A p'} +SMTP_TRUST_AUTH_MECH=${SMTP_TRUST_AUTH_MECH:-'EXTERNAL DIGEST-MD5 CRAM-MD5 LOGIN PLAIN'} +SMTP_AUTH_MECH=${SMTP_AUTH_MECH:-'EXTERNAL GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN PLAIN'} + +SMTP_USERNAME=${SMTP_USERNAME:-''} +SMTP_PASSWORD=${SMTP_PASSWORD:-''} + +smtp_simple() { + sed -i '/MAILER_DEFINITIONS/i define(`SMART_HOST'\'',`'$SMTP_HOST''\'')dnl/' /etc/mail/sendmail.mc +} + +smtp_custom() { + cd /etc/mail + mkdir -m 700 authinfo + cd authinfo/ + echo 'Authinfo: "U:www-data" "I:'$SMTP_USERNAME'" "P:'$SMTP_PASSWORD'"' > auth_file + makemap hash auth < auth_file + + sed -i '/MAILER_DEFINITIONS/i \ +define(`SMART_HOST'\'',`'$SMTP_HOST''\'')dnl \ +define(`RELAY_MAILER_ARGS'\'', `TCP '$SMTP_HOST' '$SMTP_PORT''\'')dnl \ +define(`ESMTP_MAILER_ARGS'\'', `TCP '$SMTP_HOST' '$SMTP_PORT''\'')dnl \ +define(`confAUTH_OPTIONS'\'', `'$SMTP_AUTH''\'')dnl \ +TRUST_AUTH_MECH(`'$SMTP_TRUST_AUTH_MECH''\'')dnl \ +define(`confAUTH_MECHANISMS'\'', `'$SMTP_AUTH_MECH''\'')dnl \ +FEATURE(`authinfo'\'',`hash -o /etc/mail/authinfo/auth.db'\'')dnl' /etc/mail/sendmail.mc +} + +case $SMTP_TYPE in + simple) smtp_simple ;; + custom) smtp_custom ;; + *) + echo "Unknown SMTP-Type '$SMTP_TYPE'" + exit 1 +esac \ No newline at end of file diff --git a/.examples/docker-compose/with-traefik-proxy/mariadb-cron-smtp/fpm/db.env b/.examples/docker-compose/with-traefik-proxy/mariadb-cron-smtp/fpm/db.env new file mode 100644 index 0000000..d5d6300 --- /dev/null +++ b/.examples/docker-compose/with-traefik-proxy/mariadb-cron-smtp/fpm/db.env @@ -0,0 +1,5 @@ +MYSQL_PASSWORD= +MYSQL_DATABASE=friendica +MYSQL_USER=friendica +MYSQL_HOST=db +MYSQL_PORT=3306 \ No newline at end of file diff --git a/.examples/docker-compose/with-traefik-proxy/mariadb-cron-smtp/fpm/docker-compose.yml b/.examples/docker-compose/with-traefik-proxy/mariadb-cron-smtp/fpm/docker-compose.yml new file mode 100644 index 0000000..e06fb26 --- /dev/null +++ b/.examples/docker-compose/with-traefik-proxy/mariadb-cron-smtp/fpm/docker-compose.yml @@ -0,0 +1,87 @@ +version: '2.1' +services: + + db: + image: mariadb + restart: always + volumes: + - db:/var/lib/mysql/ + environment: + - MYSQL_RANDOM_ROOT_PASSWORD=yes + env_file: + - db.env + + app: + build: ./app + restart: always + volumes: + - friendica:/var/www/html + environment: + - AUTOINSTALL=true + - MAILNAME= + - TZ= + - LANGUAGE= + env_file: + - db.env + depends_on: + - db + hostname: friendica.local + + cron: + build: ./app + restart: always + volumes: + - friendica:/var/www/html + entrypoint: /cron.sh + environment: + - MAILNAME= + - TZ= + - LANGUAGE= + env_file: + - db.env + depends_on: + - db + - app + hostname: friendica.local + + web: + image: nginx + restart: always + volumes: + - friendica:/var/www/html:ro + - ./web/nginx.conf:/etc/nginx/nginx.conf:ro + depends_on: + - app + networks: + - default + - proxy-tier + labels: + - "traefik.backend=friendica" + - "traefik.frontend.entryPoints=https,http" + - "traefik.frontend.headers.STSSeconds=15768000" + - "traefik.frontend.headers.STSIncludeSubdomains=false" + - "traefik.frontend.headers.forceSTSHeader=true" + - "traefik.friendica.frontend.rule=Host:friendica.local" + - "traefik.friendica.frontend.port=80" + - "traefik.enable=true" + - "traefik.docker.network=proxy-tier" + + proxy: + build: ./proxy + restart: always + ports: + - "80:80" + - "443:443" + volumes: + - /var/run/docker.sock:/var/run/docker.sock + container_name: traefik + networks: + - default + - proxy-tier + +volumes: + db: + friendica: + +networks: + proxy-tier: \ No newline at end of file diff --git a/.examples/docker-compose/with-traefik-proxy/mariadb-cron-smtp/fpm/proxy/Dockerfile b/.examples/docker-compose/with-traefik-proxy/mariadb-cron-smtp/fpm/proxy/Dockerfile new file mode 100644 index 0000000..ce029f2 --- /dev/null +++ b/.examples/docker-compose/with-traefik-proxy/mariadb-cron-smtp/fpm/proxy/Dockerfile @@ -0,0 +1,3 @@ +FROM traefik + +COPY ./traefik.toml /traefik.toml \ No newline at end of file diff --git a/.examples/docker-compose/with-traefik-proxy/mariadb-cron-smtp/fpm/proxy/traefik.toml b/.examples/docker-compose/with-traefik-proxy/mariadb-cron-smtp/fpm/proxy/traefik.toml new file mode 100644 index 0000000..4bb3e67 --- /dev/null +++ b/.examples/docker-compose/with-traefik-proxy/mariadb-cron-smtp/fpm/proxy/traefik.toml @@ -0,0 +1,27 @@ +debug = false + +logLevel = "ERROR" +defaultEntryPoints = ["https","http"] + +[entryPoints] + [entryPoints.http] + address = ":80" + [entryPoints.https] + address = ":443" + [entryPoints.https.tls] + +[retry] + +[docker] +endpoint = "unix:///var/run/docker.sock" +domain = "example.org" +watch = true +exposedByDefault = false + +#[acme] +#email = "root@example.org" +#storage = "acme.json" +#entryPoint = "https" +#onHostRule = true +#[acme.httpChallenge] +#entryPoint = "http" \ No newline at end of file diff --git a/.examples/docker-compose/with-traefik-proxy/mariadb-cron-smtp/fpm/web/nginx.conf b/.examples/docker-compose/with-traefik-proxy/mariadb-cron-smtp/fpm/web/nginx.conf new file mode 100644 index 0000000..cb8295d --- /dev/null +++ b/.examples/docker-compose/with-traefik-proxy/mariadb-cron-smtp/fpm/web/nginx.conf @@ -0,0 +1,109 @@ +## +# Friendica Nginx configuration +# by Olaf Conradi, modified by Philipp Holzer +# +worker_processes 4; + +events { + worker_connections 1024; +} + +error_log /var/log/nginx/error.log warn; +pid /var/run/nginx.pid; + +http { + charset utf-8; + + include /etc/nginx/mime.types; + default_type application/octet-stream; + + log_format main '$remote_addr - $remote_user [$time_local] "$request" ' + '$status $body_bytes_sent "$http_referer" ' + '"$http_user_agent" "$http_x_forwarded_for"'; + + access_log /var/log/nginx/access.log main; + + # If behind reverse proxy, forwards the correct IP + set_real_ip_from 10.0.0.0/8; + set_real_ip_from 172.16.0.0/12; + set_real_ip_from 192.168.0.0/16; + set_real_ip_from fc00::/7; + real_ip_header X-Real-IP; + + upstream php-handler { + server app:9000; + } + + server { + listen 80; + server_name friendica.local; + + index index.php; + + root /var/www/html; + #Uncomment the following line to include a standard configuration file + #Note that the most specific rule wins and your standard configuration + #will therefore *add* to this file, but not override it. + #include standard.conf + # allow uploads up to 20MB in size + client_max_body_size 20m; + client_body_buffer_size 128k; + + # rewrite to front controller as default rule + location / { + if (!-e $request_filename) { + rewrite ^(.*)$ /index.php?pagename=$1; + } + } + # make sure webfinger and other well known services aren't blocked + # by denying dot files and rewrite request to the front controller + location ^~ /.well-known/ { + allow all; + if (!-e $request_filename) { + rewrite ^(.*)$ /index.php?pagename=$1; + } + } + + # statically serve these file types when possible + # otherwise fall back to front controller + # allow browser to cache them + # added .htm for advanced source code editor library + #location ~* \.(jpg|jpeg|gif|png|ico|css|js|htm|html|ttf|woff|svg)$ { + # expires 30d; + # try_files $uri /index.php?pagename=$uri&$args; + #} + + include mime.types; + + # block these file types + location ~* \.(tpl|md|tgz|log|out)$ { + deny all; + } + + # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000 + # or a unix socket + location ~* \.php$ { + # Zero-day exploit defense. + # http://forum.nginx.org/read.php?2,88845,page=3 + # Won't work properly (404 error) if the file is not stored on this + # server, which is entirely possible with php-fpm/php-fcgi. + # Comment the 'try_files' line out if you set up php-fpm/php-fcgi on + # another machine. And then cross your fingers that you won't get hacked. + try_files $uri =404; + + # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini + fastcgi_split_path_info ^(.+\.php)(/.+)$; + + fastcgi_pass php-handler; + + include fastcgi_params; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + } + + # deny access to all dot files + location ~ /\. { + deny all; + } + } +} \ No newline at end of file diff --git a/README.md b/README.md index 319b126..01370d0 100644 --- a/README.md +++ b/README.md @@ -246,7 +246,9 @@ An example can be found in the [examples section](https://github.com/friendica/d As this setup does **not include encryption** it should to be run behind a proxy. -Maker sure to set the variable `MYSQL_PASSWORD` before you run the setup. +Prerequisites for this example: +- Make sure to set the variable `MYSQL_PASSWORD` before you run the setup. +- Create a `nginx.conf` in the same directory as the docker-compose.yml file (take it from [example](https://github.com/friendica/docker/tree/master/.examples/docker-compose/with-traefik-proxy/mariadb-cron-smtp/fpm/web/nginx.conf)) ```yaml version: '2' @@ -276,8 +278,9 @@ services: - MYSQL_DATABASE=friendica - MAILNAME=root@friendica.local hostname: friendica.local - depends_on: - - db + networks: + - proxy-tier + - default web: image: nginx @@ -286,14 +289,17 @@ services: links: - app volumes: - - ./nginx.conf:/etc/nginx/nginx.conf:ro - volumes_from: - - app + - ./nginx.conf:/etc/nginx/nginx.conf:ro restart: always + networks: + - proxy-tier volumes: db: friendica: + +networks: + proxy-tier: ``` Then run `docker-compose up -d`, now you can access Friendica at http://localhost:8080/ from your system. From 3ad29a99ba180ca0a4da51a277595b61bdd6f2b0 Mon Sep 17 00:00:00 2001 From: Philipp Holzer Date: Sat, 26 May 2018 17:49:37 +0200 Subject: [PATCH 2/3] Enabling ACME for traefik --- .../fpm-alpine/proxy/traefik.toml | 14 +++++++------- .../mariadb-cron-smtp/fpm/proxy/traefik.toml | 14 +++++++------- 2 files changed, 14 insertions(+), 14 deletions(-) diff --git a/.examples/docker-compose/with-traefik-proxy/mariadb-cron-smtp/fpm-alpine/proxy/traefik.toml b/.examples/docker-compose/with-traefik-proxy/mariadb-cron-smtp/fpm-alpine/proxy/traefik.toml index 4bb3e67..5cebc08 100644 --- a/.examples/docker-compose/with-traefik-proxy/mariadb-cron-smtp/fpm-alpine/proxy/traefik.toml +++ b/.examples/docker-compose/with-traefik-proxy/mariadb-cron-smtp/fpm-alpine/proxy/traefik.toml @@ -18,10 +18,10 @@ domain = "example.org" watch = true exposedByDefault = false -#[acme] -#email = "root@example.org" -#storage = "acme.json" -#entryPoint = "https" -#onHostRule = true -#[acme.httpChallenge] -#entryPoint = "http" \ No newline at end of file +[acme] +email = "root@example.org" +storage = "acme.json" +entryPoint = "https" +onHostRule = true +[acme.httpChallenge] +entryPoint = "http" \ No newline at end of file diff --git a/.examples/docker-compose/with-traefik-proxy/mariadb-cron-smtp/fpm/proxy/traefik.toml b/.examples/docker-compose/with-traefik-proxy/mariadb-cron-smtp/fpm/proxy/traefik.toml index 4bb3e67..5cebc08 100644 --- a/.examples/docker-compose/with-traefik-proxy/mariadb-cron-smtp/fpm/proxy/traefik.toml +++ b/.examples/docker-compose/with-traefik-proxy/mariadb-cron-smtp/fpm/proxy/traefik.toml @@ -18,10 +18,10 @@ domain = "example.org" watch = true exposedByDefault = false -#[acme] -#email = "root@example.org" -#storage = "acme.json" -#entryPoint = "https" -#onHostRule = true -#[acme.httpChallenge] -#entryPoint = "http" \ No newline at end of file +[acme] +email = "root@example.org" +storage = "acme.json" +entryPoint = "https" +onHostRule = true +[acme.httpChallenge] +entryPoint = "http" \ No newline at end of file From b9ed3e8ce68eaf89b08269a15f6360abc2fce544 Mon Sep 17 00:00:00 2001 From: Philipp Holzer Date: Sat, 26 May 2018 18:19:57 +0200 Subject: [PATCH 3/3] Update yml-file for play-with-docker --- pwd.yml => stack.yml | 1 + 1 file changed, 1 insertion(+) rename pwd.yml => stack.yml (93%) diff --git a/pwd.yml b/stack.yml similarity index 93% rename from pwd.yml rename to stack.yml index 9bc2032..1dda286 100644 --- a/pwd.yml +++ b/stack.yml @@ -20,6 +20,7 @@ services: volumes: - friendica:/var/www/html environment: + - AUTOINSTALL=true - MYSQL_HOST=db - MYSQL_PORT=3306 - MYSQL_USER=friendica