diff --git a/.examples/docker-compose/insecure/smtp/apache/db.env b/.examples/docker-compose/insecure/smtp/apache/db.env new file mode 100644 index 0000000..17c0d1e --- /dev/null +++ b/.examples/docker-compose/insecure/smtp/apache/db.env @@ -0,0 +1,5 @@ +MYSQL_PASSWORD= +MYSQL_DATABASE=friendica +MYSQL_USER=friendica +MYSQL_HOST=db +MYSQL_PORT=3306 \ No newline at end of file diff --git a/.examples/docker-compose/insecure/smtp/apache/docker-compose.yml b/.examples/docker-compose/insecure/smtp/apache/docker-compose.yml new file mode 100644 index 0000000..892fc2a --- /dev/null +++ b/.examples/docker-compose/insecure/smtp/apache/docker-compose.yml @@ -0,0 +1,67 @@ +version: '2.1' +services: + + db: + image: mariadb + restart: always + volumes: + - db:/var/lib/mysql/ + environment: + - MYSQL_RANDOM_ROOT_PASSWORD=yes + env_file: + - db.env + + app: + image: friendica + restart: always + volumes: + - friendica:/var/www/html + environment: + - FRIENDICA_ADMIN_MAIL= + - FRIENDICA_TZ= + - FRIENDICA_LANG= + - FRIENDICA_URL= + - FRIENDICA_SITENAME= + - SMTP=smtp.office365.com + - SMTP_PORT=587 + - SMTP_DOMAIN=hotmail.com + - SMTP_FROM=user + - SMTP_TLS=true + - SMTP_STARTTLS=true + - SMTP_AUTH=on + - SMTP_AUTH_USER=xxx@hotmail.com + - SMTP_AUTH_PASS=password + env_file: + - db.env + depends_on: + - db + ports: + - "80:80" + + cron: + image: friendica + restart: always + volumes: + - friendica:/var/www/html + entrypoint: /cron.sh + environment: + - FRIENDICA_ADMIN_MAIL= + - FRIENDICA_TZ= + - SMTP=smtp.office365.com + - SMTP_PORT=587 + - SMTP_DOMAIN=hotmail.com + - SMTP_FROM=user + - SMTP_TLS=true + - SMTP_STARTTLS=true + - SMTP_AUTH=on + - SMTP_AUTH_USER=xxx@hotmail.com + - SMTP_AUTH_PASS=password + depends_on: + - app + - db + env_file: + - db.env + +volumes: + db: + friendica: diff --git a/.examples/docker-compose/insecure/smtp/fpm-alpine/db.env b/.examples/docker-compose/insecure/smtp/fpm-alpine/db.env new file mode 100644 index 0000000..17c0d1e --- /dev/null +++ b/.examples/docker-compose/insecure/smtp/fpm-alpine/db.env @@ -0,0 +1,5 @@ +MYSQL_PASSWORD= +MYSQL_DATABASE=friendica +MYSQL_USER=friendica +MYSQL_HOST=db +MYSQL_PORT=3306 \ No newline at end of file diff --git a/.examples/docker-compose/insecure/smtp/fpm-alpine/docker-compose.yml b/.examples/docker-compose/insecure/smtp/fpm-alpine/docker-compose.yml new file mode 100644 index 0000000..cb97d23 --- /dev/null +++ b/.examples/docker-compose/insecure/smtp/fpm-alpine/docker-compose.yml @@ -0,0 +1,74 @@ +version: '2.1' +services: + + db: + image: mariadb + restart: always + volumes: + - db:/var/lib/mysql/ + environment: + - MYSQL_RANDOM_ROOT_PASSWORD=yes + env_file: + - db.env + + app: + image: friendica:fpm-alpine + restart: always + volumes: + - friendica:/var/www/html + environment: + - FRIENDICA_ADMIN_MAIL= + - FRIENDICA_TZ= + - FRIENDICA_LANG= + - FRIENDICA_URL= + - FRIENDICA_SITENAME= + - SMTP=smtp.office365.com + - SMTP_PORT=587 + - SMTP_DOMAIN=hotmail.com + - SMTP_FROM=user + - SMTP_TLS=true + - SMTP_STARTTLS=true + - SMTP_AUTH=on + - SMTP_AUTH_USER=xxx@hotmail.com + - SMTP_AUTH_PASS=password + env_file: + - db.env + depends_on: + - db + + cron: + image: friendica:fpm-alpine + restart: always + volumes: + - friendica:/var/www/html + environment: + - FRIENDICA_ADMIN_MAIL= + - FRIENDICA_TZ= + - SMTP=smtp.office365.com + - SMTP_PORT=587 + - SMTP_DOMAIN=hotmail.com + - SMTP_FROM=user + - SMTP_TLS=true + - SMTP_STARTTLS=true + - SMTP_AUTH=on + - SMTP_AUTH_USER=xxx@hotmail.com + - SMTP_AUTH_PASS=password + entrypoint: /cron.sh + depends_on: + - db + - app + + web: + image: nginx + restart: always + volumes: + - friendica:/var/www/html:ro + - ./web/nginx.conf:/etc/nginx/nginx.conf:ro + depends_on: + - app + ports: + - "80:80" + +volumes: + db: + friendica: diff --git a/.examples/docker-compose/insecure/smtp/fpm-alpine/web/nginx.conf b/.examples/docker-compose/insecure/smtp/fpm-alpine/web/nginx.conf new file mode 100644 index 0000000..c168621 --- /dev/null +++ b/.examples/docker-compose/insecure/smtp/fpm-alpine/web/nginx.conf @@ -0,0 +1,109 @@ +## +# Friendica Nginx configuration +# by Olaf Conradi, modified by Philipp Holzer +# +worker_processes 4; + +events { + worker_connections 1024; +} + +error_log /var/log/nginx/error.log warn; +pid /var/run/nginx.pid; + +http { + charset utf-8; + + include /etc/nginx/mime.types; + default_type application/octet-stream; + + log_format main '$remote_addr - $remote_user [$time_local] "$request" ' + '$status $body_bytes_sent "$http_referer" ' + '"$http_user_agent" "$http_x_forwarded_for"'; + + access_log /var/log/nginx/access.log main; + + # If behind reverse proxy, forwards the correct IP + set_real_ip_from 10.0.0.0/8; + set_real_ip_from 172.16.0.0/12; + set_real_ip_from 192.168.0.0/16; + set_real_ip_from fc00::/7; + real_ip_header X-Real-IP; + + upstream php-handler { + server app:9000; + } + + server { + listen 80; + server_name friendica.local; + + index index.php; + + root /var/www/html; + #Uncomment the following line to include a standard configuration file + #Note that the most specific rule wins and your standard configuration + #will therefore *add* to this file, but not override it. + #include standard.conf + # allow uploads up to 20MB in size + client_max_body_size 20m; + client_body_buffer_size 128k; + + # rewrite to front controller as default rule + location / { + if (!-e $request_filename) { + rewrite ^(.*)$ /index.php?pagename=$1; + } + } + # make sure webfinger and other well known services aren't blocked + # by denying dot files and rewrite request to the front controller + location ^~ /.well-known/ { + allow all; + if (!-e $request_filename) { + rewrite ^(.*)$ /index.php?pagename=$1; + } + } + + # statically serve these file types when possible + # otherwise fall back to front controller + # allow browser to cache them + # added .htm for advanced source code editor library + #location ~* \.(jpg|jpeg|gif|png|ico|css|js|htm|html|ttf|woff|svg)$ { + # expires 30d; + # try_files $uri /index.php?pagename=$uri&$args; + #} + + include mime.types; + + # block these file types + location ~* \.(tpl|md|tgz|log|out)$ { + deny all; + } + + # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000 + # or a unix socket + location ~* \.php$ { + # Zero-day exploit defense. + # http://forum.nginx.org/read.php?2,88845,page=3 + # Won't work properly (404 error) if the file is not stored on this + # server, which is entirely possible with php-fpm/php-fcgi. + # Comment the 'try_files' line out if you set up php-fpm/php-fcgi on + # another machine. And then cross your fingers that you won't get hacked. + try_files $uri =404; + + # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini + fastcgi_split_path_info ^(.+\.php)(/.+)$; + + fastcgi_pass php-handler; + + include fastcgi_params; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + } + + # deny access to all dot files + location ~ /\. { + deny all; + } + } +} \ No newline at end of file diff --git a/.examples/docker-compose/insecure/smtp/fpm/db.env b/.examples/docker-compose/insecure/smtp/fpm/db.env new file mode 100644 index 0000000..17c0d1e --- /dev/null +++ b/.examples/docker-compose/insecure/smtp/fpm/db.env @@ -0,0 +1,5 @@ +MYSQL_PASSWORD= +MYSQL_DATABASE=friendica +MYSQL_USER=friendica +MYSQL_HOST=db +MYSQL_PORT=3306 \ No newline at end of file diff --git a/.examples/docker-compose/insecure/smtp/fpm/docker-compose.yml b/.examples/docker-compose/insecure/smtp/fpm/docker-compose.yml new file mode 100644 index 0000000..a0a9748 --- /dev/null +++ b/.examples/docker-compose/insecure/smtp/fpm/docker-compose.yml @@ -0,0 +1,74 @@ +version: '2.1' +services: + + db: + image: mariadb + restart: always + volumes: + - db:/var/lib/mysql/ + environment: + - MYSQL_RANDOM_ROOT_PASSWORD=yes + env_file: + - db.env + + app: + image: friendica:fpm + restart: always + volumes: + - friendica:/var/www/html + environment: + - FRIENDICA_ADMIN_MAIL= + - FRIENDICA_TZ= + - FRIENDICA_LANG= + - FRIENDICA_URL= + - FRIENDICA_SITENAME= + - SMTP=smtp.office365.com + - SMTP_PORT=587 + - SMTP_DOMAIN=hotmail.com + - SMTP_FROM=user + - SMTP_TLS=true + - SMTP_STARTTLS=true + - SMTP_AUTH=on + - SMTP_AUTH_USER=xxx@hotmail.com + - SMTP_AUTH_PASS=password + env_file: + - db.env + depends_on: + - db + + cron: + image: friendica:fpm + restart: always + volumes: + - friendica:/var/www/html + environment: + - FRIENDICA_ADMIN_MAIL= + - FRIENDICA_TZ= + - SMTP=smtp.office365.com + - SMTP_PORT=587 + - SMTP_DOMAIN=hotmail.com + - SMTP_FROM=user + - SMTP_TLS=true + - SMTP_STARTTLS=true + - SMTP_AUTH=on + - SMTP_AUTH_USER=xxx@hotmail.com + - SMTP_AUTH_PASS=password + entrypoint: /cron.sh + depends_on: + - db + - app + + web: + image: nginx + restart: always + volumes: + - friendica:/var/www/html:ro + - ./web/nginx.conf:/etc/nginx/nginx.conf:ro + depends_on: + - app + ports: + - "80:80" + +volumes: + db: + friendica: diff --git a/.examples/docker-compose/insecure/smtp/fpm/web/nginx.conf b/.examples/docker-compose/insecure/smtp/fpm/web/nginx.conf new file mode 100644 index 0000000..c168621 --- /dev/null +++ b/.examples/docker-compose/insecure/smtp/fpm/web/nginx.conf @@ -0,0 +1,109 @@ +## +# Friendica Nginx configuration +# by Olaf Conradi, modified by Philipp Holzer +# +worker_processes 4; + +events { + worker_connections 1024; +} + +error_log /var/log/nginx/error.log warn; +pid /var/run/nginx.pid; + +http { + charset utf-8; + + include /etc/nginx/mime.types; + default_type application/octet-stream; + + log_format main '$remote_addr - $remote_user [$time_local] "$request" ' + '$status $body_bytes_sent "$http_referer" ' + '"$http_user_agent" "$http_x_forwarded_for"'; + + access_log /var/log/nginx/access.log main; + + # If behind reverse proxy, forwards the correct IP + set_real_ip_from 10.0.0.0/8; + set_real_ip_from 172.16.0.0/12; + set_real_ip_from 192.168.0.0/16; + set_real_ip_from fc00::/7; + real_ip_header X-Real-IP; + + upstream php-handler { + server app:9000; + } + + server { + listen 80; + server_name friendica.local; + + index index.php; + + root /var/www/html; + #Uncomment the following line to include a standard configuration file + #Note that the most specific rule wins and your standard configuration + #will therefore *add* to this file, but not override it. + #include standard.conf + # allow uploads up to 20MB in size + client_max_body_size 20m; + client_body_buffer_size 128k; + + # rewrite to front controller as default rule + location / { + if (!-e $request_filename) { + rewrite ^(.*)$ /index.php?pagename=$1; + } + } + # make sure webfinger and other well known services aren't blocked + # by denying dot files and rewrite request to the front controller + location ^~ /.well-known/ { + allow all; + if (!-e $request_filename) { + rewrite ^(.*)$ /index.php?pagename=$1; + } + } + + # statically serve these file types when possible + # otherwise fall back to front controller + # allow browser to cache them + # added .htm for advanced source code editor library + #location ~* \.(jpg|jpeg|gif|png|ico|css|js|htm|html|ttf|woff|svg)$ { + # expires 30d; + # try_files $uri /index.php?pagename=$uri&$args; + #} + + include mime.types; + + # block these file types + location ~* \.(tpl|md|tgz|log|out)$ { + deny all; + } + + # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000 + # or a unix socket + location ~* \.php$ { + # Zero-day exploit defense. + # http://forum.nginx.org/read.php?2,88845,page=3 + # Won't work properly (404 error) if the file is not stored on this + # server, which is entirely possible with php-fpm/php-fcgi. + # Comment the 'try_files' line out if you set up php-fpm/php-fcgi on + # another machine. And then cross your fingers that you won't get hacked. + try_files $uri =404; + + # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini + fastcgi_split_path_info ^(.+\.php)(/.+)$; + + fastcgi_pass php-handler; + + include fastcgi_params; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + } + + # deny access to all dot files + location ~ /\. { + deny all; + } + } +} \ No newline at end of file