friendica/docker
2
0
Fork 0
mirror of https://github.com/friendica/docker synced 2025-01-06 10:12:19 +01:00
Code Issues Releases Wiki Activity

Adding examples for docker-compose

Browse source 
- Added `.examples/docker-compose/insecure/mariadb-cron-smtp`
- Added `.examples/docker-compose/with-traefik-proxy/mariadb-cron-smtp`
- Updated README.md
This commit is contained in:
Philipp Holzer 2018-05-26 17:40:48 +02:00
parent e604b821b7
commit 9361e82fc7
No known key found for this signature in database
GPG key ID: 58160D7D6AF942B6
30 changed files with 1089 additions and 11 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

12
.examples/docker-compose/insecure/mariadb-cron-smtp/apache/app/Dockerfile Normal file
View file

@ -0,0 +1,12 @@
# Based on .exmples/dockerfiles/smtp/apache
FROM friendica/server:apache
# simple = using an smtp without any credentials (mostly in local networks)
# custom = you need to set host, port, auth_options, authinfo (e.g. for GMX support)
ENV SMTP_TYPE simple
ENV SMTP_HOST smtp.example.org
COPY *.sh /
RUN chmod +x /*.sh
RUN /smtp-config.sh

45
.examples/docker-compose/insecure/mariadb-cron-smtp/apache/app/smtp-config.sh Normal file
View file

@ -0,0 +1,45 @@
#!/bin/sh
set -eu
IFS=\n
SMTP_TYPE=${SMTP_TYPE:-simple}
# config options
SMTP_HOST=${SMTP_HOST:-'localhost'}
SMTP_PORT=${SMTP_PORT:-'25'}
SMTP_AUTH=${SMTP_AUTH:-'A p'}
SMTP_TRUST_AUTH_MECH=${SMTP_TRUST_AUTH_MECH:-'EXTERNAL DIGEST-MD5 CRAM-MD5 LOGIN PLAIN'}
SMTP_AUTH_MECH=${SMTP_AUTH_MECH:-'EXTERNAL GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN PLAIN'}
SMTP_USERNAME=${SMTP_USERNAME:-''}
SMTP_PASSWORD=${SMTP_PASSWORD:-''}
smtp_simple() {
sed -i '/MAILER_DEFINITIONS/i define(`SMART_HOST'\'',`'$SMTP_HOST''\'')dnl/' /etc/mail/sendmail.mc
}
smtp_custom() {
cd /etc/mail
mkdir -m 700 authinfo
cd authinfo/
echo 'Authinfo: "U:www-data" "I:'$SMTP_USERNAME'" "P:'$SMTP_PASSWORD'"' > auth_file
makemap hash auth < auth_file
sed -i '/MAILER_DEFINITIONS/i \
define(`SMART_HOST'\'',`'$SMTP_HOST''\'')dnl \
define(`RELAY_MAILER_ARGS'\'', `TCP '$SMTP_HOST' '$SMTP_PORT''\'')dnl \
define(`ESMTP_MAILER_ARGS'\'', `TCP '$SMTP_HOST' '$SMTP_PORT''\'')dnl \
define(`confAUTH_OPTIONS'\'', `'$SMTP_AUTH''\'')dnl \
TRUST_AUTH_MECH(`'$SMTP_TRUST_AUTH_MECH''\'')dnl \
define(`confAUTH_MECHANISMS'\'', `'$SMTP_AUTH_MECH''\'')dnl \
FEATURE(`authinfo'\'',`hash -o /etc/mail/authinfo/auth.db'\'')dnl' /etc/mail/sendmail.mc
}
case $SMTP_TYPE in
simple) smtp_simple ;;
custom) smtp_custom ;;
*)
echo "Unknown SMTP-Type '$SMTP_TYPE'"
exit 1
esac

5
.examples/docker-compose/insecure/mariadb-cron-smtp/apache/db.env Normal file
View file

@ -0,0 +1,5 @@
MYSQL_PASSWORD=
MYSQL_DATABASE=friendica
MYSQL_USER=friendica
MYSQL_HOST=db
MYSQL_PORT=3306

50
.examples/docker-compose/insecure/mariadb-cron-smtp/apache/docker-compose.yml Normal file
View file

@ -0,0 +1,50 @@
version: '2.1'
services:
db:
image: mariadb
restart: always
volumes:
- db:/var/lib/mysql/
environment:
- MYSQL_RANDOM_ROOT_PASSWORD=yes
env_file:
- db.env
app:
build: ./app
restart: always
volumes:
- friendica:/var/www/html
environment:
- AUTOINSTALL=true
- MAILNAME=
- TZ=
- LANGUAGE=
env_file:
- db.env
depends_on:
- db
hostname: friendica.local
ports:
- "80:80"
cron:
build: ./app
restart: always
volumes:
- friendica:/var/www/html
entrypoint: /cron.sh
environment:
- MAILNAME=
- TZ=
- LANGUAGE=
env_file:
- db.env
depends_on:
- db
hostname: friendica.local
volumes:
db:
friendica:

18
.examples/docker-compose/insecure/mariadb-cron-smtp/fpm-alpine/app/Dockerfile Normal file
View file

@ -0,0 +1,18 @@
# Based on .exmples/dockerfiles/smtp/fpm-alpine
FROM friendica/server:fpm-alpine
ENV SMTP_HOST smtp.example.org
RUN set -ex; \
\
apk add --no-cache \
ssmtp \
; \
# disable the current mailhub
sed -i "s|mailhub=|#mailhub= |g" /etc/ssmtp/ssmtp.conf; \
# enable the new mailhub
echo "mailhub=${SMTP_HOST:-localhost}" >> /etc/ssmtp/ssmtp.conf;
# simple = using an smtp without any credentials (mostly in local networks)
# custom = you need to set host, port, auth_options, authinfo (e.g. for GMX support)
ENV SMTP_TYPE simple

5
.examples/docker-compose/insecure/mariadb-cron-smtp/fpm-alpine/db.env Normal file
View file

@ -0,0 +1,5 @@
MYSQL_PASSWORD=
MYSQL_DATABASE=friendica
MYSQL_USER=friendica
MYSQL_HOST=db
MYSQL_PORT=3306

60
.examples/docker-compose/insecure/mariadb-cron-smtp/fpm-alpine/docker-compose.yml Normal file
View file

@ -0,0 +1,60 @@
version: '2.1'
services:
db:
image: mariadb
restart: always
volumes:
- db:/var/lib/mysql/
environment:
- MYSQL_RANDOM_ROOT_PASSWORD=yes
env_file:
- db.env
app:
build: ./app
restart: always
volumes:
- friendica:/var/www/html
environment:
- AUTOINSTALL=true
- MAILNAME=
- TZ=
- LANGUAGE=
env_file:
- db.env
depends_on:
- db
hostname: friendica.local
cron:
build: ./app
restart: always
volumes:
- friendica:/var/www/html
entrypoint: /cron.sh
environment:
- MAILNAME=
- TZ=
- LANGUAGE=
env_file:
- db.env
depends_on:
- db
- app
hostname: friendica.local
web:
image: nginx
restart: always
volumes:
- friendica:/var/www/html:ro
- ./web/nginx.conf:/etc/nginx/nginx.conf:ro
depends_on:
- app
ports:
- "80:80"
volumes:
db:
friendica:

109
.examples/docker-compose/insecure/mariadb-cron-smtp/fpm-alpine/web/nginx.conf Normal file
View file

@ -0,0 +1,109 @@
##
# Friendica Nginx configuration
# by Olaf Conradi, modified by Philipp Holzer
#
worker_processes 4;
events {
worker_connections 1024;
}
error_log /var/log/nginx/error.log warn;
pid /var/run/nginx.pid;
http {
charset utf-8;
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
# If behind reverse proxy, forwards the correct IP
set_real_ip_from 10.0.0.0/8;
set_real_ip_from 172.16.0.0/12;
set_real_ip_from 192.168.0.0/16;
set_real_ip_from fc00::/7;
real_ip_header X-Real-IP;
upstream php-handler {
server app:9000;
}
server {
listen 80;
server_name friendica.local;
index index.php;
root /var/www/html;
#Uncomment the following line to include a standard configuration file
#Note that the most specific rule wins and your standard configuration
#will therefore *add* to this file, but not override it.
#include standard.conf
# allow uploads up to 20MB in size
client_max_body_size 20m;
client_body_buffer_size 128k;
# rewrite to front controller as default rule
location / {
if (!-e $request_filename) {
rewrite ^(.*)$ /index.php?pagename=$1;
}
}
# make sure webfinger and other well known services aren't blocked
# by denying dot files and rewrite request to the front controller
location ^~ /.well-known/ {
allow all;
if (!-e $request_filename) {
rewrite ^(.*)$ /index.php?pagename=$1;
}
}
# statically serve these file types when possible
# otherwise fall back to front controller
# allow browser to cache them
# added .htm for advanced source code editor library
#location ~* \.(jpg|jpeg|gif|png|ico|css|js|htm|html|ttf|woff|svg)$ {
# expires 30d;
# try_files $uri /index.php?pagename=$uri&$args;
#}
include mime.types;
# block these file types
location ~* \.(tpl|md|tgz|log|out)$ {
deny all;
}
# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
# or a unix socket
location ~* \.php$ {
# Zero-day exploit defense.
# http://forum.nginx.org/read.php?2,88845,page=3
# Won't work properly (404 error) if the file is not stored on this
# server, which is entirely possible with php-fpm/php-fcgi.
# Comment the 'try_files' line out if you set up php-fpm/php-fcgi on
# another machine. And then cross your fingers that you won't get hacked.
try_files $uri =404;
# NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass php-handler;
include fastcgi_params;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
}
# deny access to all dot files
location ~ /\. {
deny all;
}
}
}

12
.examples/docker-compose/insecure/mariadb-cron-smtp/fpm/app/Dockerfile Normal file
View file

@ -0,0 +1,12 @@
# Based on .exmples/dockerfiles/smtp/fpm
FROM friendica/server:fpm
# simple = using an smtp without any credentials (mostly in local networks)
# custom = you need to set host, port, auth_options, authinfo (e.g. for GMX support)
ENV SMTP_TYPE simple
ENV SMTP_HOST smtp.example.org
COPY *.sh /
RUN chmod +x /*.sh
RUN /smtp-config.sh

45
.examples/docker-compose/insecure/mariadb-cron-smtp/fpm/app/smtp-config.sh Normal file
View file

@ -0,0 +1,45 @@
#!/bin/sh
set -eu
IFS=\n
SMTP_TYPE=${SMTP_TYPE:-simple}
# config options
SMTP_HOST=${SMTP_HOST:-'localhost'}
SMTP_PORT=${SMTP_PORT:-'25'}
SMTP_AUTH=${SMTP_AUTH:-'A p'}
SMTP_TRUST_AUTH_MECH=${SMTP_TRUST_AUTH_MECH:-'EXTERNAL DIGEST-MD5 CRAM-MD5 LOGIN PLAIN'}
SMTP_AUTH_MECH=${SMTP_AUTH_MECH:-'EXTERNAL GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN PLAIN'}
SMTP_USERNAME=${SMTP_USERNAME:-''}
SMTP_PASSWORD=${SMTP_PASSWORD:-''}
smtp_simple() {
sed -i '/MAILER_DEFINITIONS/i define(`SMART_HOST'\'',`'$SMTP_HOST''\'')dnl/' /etc/mail/sendmail.mc
}
smtp_custom() {
cd /etc/mail
mkdir -m 700 authinfo
cd authinfo/
echo 'Authinfo: "U:www-data" "I:'$SMTP_USERNAME'" "P:'$SMTP_PASSWORD'"' > auth_file
makemap hash auth < auth_file
sed -i '/MAILER_DEFINITIONS/i \
define(`SMART_HOST'\'',`'$SMTP_HOST''\'')dnl \
define(`RELAY_MAILER_ARGS'\'', `TCP '$SMTP_HOST' '$SMTP_PORT''\'')dnl \
define(`ESMTP_MAILER_ARGS'\'', `TCP '$SMTP_HOST' '$SMTP_PORT''\'')dnl \
define(`confAUTH_OPTIONS'\'', `'$SMTP_AUTH''\'')dnl \
TRUST_AUTH_MECH(`'$SMTP_TRUST_AUTH_MECH''\'')dnl \
define(`confAUTH_MECHANISMS'\'', `'$SMTP_AUTH_MECH''\'')dnl \
FEATURE(`authinfo'\'',`hash -o /etc/mail/authinfo/auth.db'\'')dnl' /etc/mail/sendmail.mc
}
case $SMTP_TYPE in
simple) smtp_simple ;;
custom) smtp_custom ;;
*)
echo "Unknown SMTP-Type '$SMTP_TYPE'"
exit 1
esac

5
.examples/docker-compose/insecure/mariadb-cron-smtp/fpm/db.env Normal file
View file

@ -0,0 +1,5 @@
MYSQL_PASSWORD=
MYSQL_DATABASE=friendica
MYSQL_USER=friendica
MYSQL_HOST=db
MYSQL_PORT=3306

60
.examples/docker-compose/insecure/mariadb-cron-smtp/fpm/docker-compose.yml Normal file
View file

@ -0,0 +1,60 @@
version: '2.1'
services:
db:
image: mariadb
restart: always
volumes:
- db:/var/lib/mysql/
environment:
- MYSQL_RANDOM_ROOT_PASSWORD=yes
env_file:
- db.env
app:
build: ./app
restart: always
volumes:
- friendica:/var/www/html
environment:
- AUTOINSTALL=true
- MAILNAME=
- TZ=
- LANGUAGE=
env_file:
- db.env
depends_on:
- db
hostname: friendica.local
cron:
build: ./app
restart: always
volumes:
- friendica:/var/www/html
entrypoint: /cron.sh
environment:
- MAILNAME=
- TZ=
- LANGUAGE=
env_file:
- db.env
depends_on:
- db
- app
hostname: friendica.local
web:
image: nginx
restart: always
volumes:
- friendica:/var/www/html:ro
- ./web/nginx.conf:/etc/nginx/nginx.conf:ro
depends_on:
- app
ports:
- "80:80"
volumes:
db:
friendica:

109
.examples/docker-compose/insecure/mariadb-cron-smtp/fpm/web/nginx.conf Normal file
View file

@ -0,0 +1,109 @@
##
# Friendica Nginx configuration
# by Olaf Conradi, modified by Philipp Holzer
#
worker_processes 4;
events {
worker_connections 1024;
}
error_log /var/log/nginx/error.log warn;
pid /var/run/nginx.pid;
http {
charset utf-8;
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
# If behind reverse proxy, forwards the correct IP
set_real_ip_from 10.0.0.0/8;
set_real_ip_from 172.16.0.0/12;
set_real_ip_from 192.168.0.0/16;
set_real_ip_from fc00::/7;
real_ip_header X-Real-IP;
upstream php-handler {
server app:9000;
}
server {
listen 80;
server_name friendica.local;
index index.php;
root /var/www/html;
#Uncomment the following line to include a standard configuration file
#Note that the most specific rule wins and your standard configuration
#will therefore *add* to this file, but not override it.
#include standard.conf
# allow uploads up to 20MB in size
client_max_body_size 20m;
client_body_buffer_size 128k;
# rewrite to front controller as default rule
location / {
if (!-e $request_filename) {
rewrite ^(.*)$ /index.php?pagename=$1;
}
}
# make sure webfinger and other well known services aren't blocked
# by denying dot files and rewrite request to the front controller
location ^~ /.well-known/ {
allow all;
if (!-e $request_filename) {
rewrite ^(.*)$ /index.php?pagename=$1;
}
}
# statically serve these file types when possible
# otherwise fall back to front controller
# allow browser to cache them
# added .htm for advanced source code editor library
#location ~* \.(jpg|jpeg|gif|png|ico|css|js|htm|html|ttf|woff|svg)$ {
# expires 30d;
# try_files $uri /index.php?pagename=$uri&$args;
#}
include mime.types;
# block these file types
location ~* \.(tpl|md|tgz|log|out)$ {
deny all;
}
# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
# or a unix socket
location ~* \.php$ {
# Zero-day exploit defense.
# http://forum.nginx.org/read.php?2,88845,page=3
# Won't work properly (404 error) if the file is not stored on this
# server, which is entirely possible with php-fpm/php-fcgi.
# Comment the 'try_files' line out if you set up php-fpm/php-fcgi on
# another machine. And then cross your fingers that you won't get hacked.
try_files $uri =404;
# NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass php-handler;
include fastcgi_params;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
}
# deny access to all dot files
location ~ /\. {
deny all;
}
}
}

1
.examples/docker-compose/with-traefik-proxy/mariadb-cron-smtp/apache/app/Dockerfile
View file

@ -1,3 +1,4 @@
# Based on .exmples/dockerfiles/smtp/apache
FROM friendica/server:apache FROM friendica/server:apache
# simple = using an smtp without any credentials (mostly in local networks) # simple = using an smtp without any credentials (mostly in local networks)

2
.examples/docker-compose/with-traefik-proxy/mariadb-cron-smtp/apache/db.env
View file

@ -1,3 +1,5 @@
MYSQL_PASSWORD= MYSQL_PASSWORD=
MYSQL_DATABASE=friendica MYSQL_DATABASE=friendica
MYSQL_USER=friendica MYSQL_USER=friendica
MYSQL_HOST=db
MYSQL_PORT=3306

5
.examples/docker-compose/with-traefik-proxy/mariadb-cron-smtp/apache/docker-compose.yml
View file

@ -17,8 +17,7 @@ services:
volumes: volumes:
- friendica:/var/www/html - friendica:/var/www/html
environment: environment:
- MYSQL_HOST=db - AUTOINSTALL=true
- MYSQL_PORT=3306
- MAILNAME= - MAILNAME=
- TZ= - TZ=
- LANGUAGE= - LANGUAGE=
@ -49,8 +48,6 @@ services:
- friendica:/var/www/html - friendica:/var/www/html
entrypoint: /cron.sh entrypoint: /cron.sh
environment: environment:
- MYSQL_HOST=db
- MYSQL_PORT=3306
- MAILNAME= - MAILNAME=
- TZ= - TZ=
- LANGUAGE= - LANGUAGE=

18
.examples/docker-compose/with-traefik-proxy/mariadb-cron-smtp/fpm-alpine/app/Dockerfile Normal file
View file

@ -0,0 +1,18 @@
# Based on .exmples/dockerfiles/smtp/fpm-alpine
FROM friendica/server:fpm-alpine
ENV SMTP_HOST smtp.example.org
RUN set -ex; \
\
apk add --no-cache \
ssmtp \
; \
# disable the current mailhub
sed -i "s|mailhub=|#mailhub= |g" /etc/ssmtp/ssmtp.conf; \
# enable the new mailhub
echo "mailhub=${SMTP_HOST:-localhost}" >> /etc/ssmtp/ssmtp.conf;
# simple = using an smtp without any credentials (mostly in local networks)
# custom = you need to set host, port, auth_options, authinfo (e.g. for GMX support)
ENV SMTP_TYPE simple

5
.examples/docker-compose/with-traefik-proxy/mariadb-cron-smtp/fpm-alpine/db.env Normal file
View file

@ -0,0 +1,5 @@
MYSQL_PASSWORD=
MYSQL_DATABASE=friendica
MYSQL_USER=friendica
MYSQL_HOST=db
MYSQL_PORT=3306

87
.examples/docker-compose/with-traefik-proxy/mariadb-cron-smtp/fpm-alpine/docker-compose.yml Normal file
View file

@ -0,0 +1,87 @@
version: '2.1'
services:
db:
image: mariadb
restart: always
volumes:
- db:/var/lib/mysql/
environment:
- MYSQL_RANDOM_ROOT_PASSWORD=yes
env_file:
- db.env
app:
build: ./app
restart: always
volumes:
- friendica:/var/www/html
environment:
- AUTOINSTALL=true
- MAILNAME=
- TZ=
- LANGUAGE=
env_file:
- db.env
depends_on:
- db
hostname: friendica.local
cron:
build: ./app
restart: always
volumes:
- friendica:/var/www/html
entrypoint: /cron.sh
environment:
- MAILNAME=
- TZ=
- LANGUAGE=
env_file:
- db.env
depends_on:
- db
- app
hostname: friendica.local
web:
image: nginx
restart: always
volumes:
- friendica:/var/www/html:ro
- ./web/nginx.conf:/etc/nginx/nginx.conf:ro
depends_on:
- app
networks:
- default
- proxy-tier
labels:
- "traefik.backend=friendica"
- "traefik.frontend.entryPoints=https,http"
- "traefik.frontend.headers.STSSeconds=15768000"
- "traefik.frontend.headers.STSIncludeSubdomains=false"
- "traefik.frontend.headers.forceSTSHeader=true"
- "traefik.friendica.frontend.rule=Host:friendica.local"
- "traefik.friendica.frontend.port=80"
- "traefik.enable=true"
- "traefik.docker.network=proxy-tier"
proxy:
build: ./proxy
restart: always
ports:
- "80:80"
- "443:443"
volumes:
- /var/run/docker.sock:/var/run/docker.sock
container_name: traefik
networks:
- default
- proxy-tier
volumes:
db:
friendica:
networks:
proxy-tier:

3
.examples/docker-compose/with-traefik-proxy/mariadb-cron-smtp/fpm-alpine/proxy/Dockerfile Normal file
View file

@ -0,0 +1,3 @@
FROM traefik
COPY ./traefik.toml /traefik.toml

27
.examples/docker-compose/with-traefik-proxy/mariadb-cron-smtp/fpm-alpine/proxy/traefik.toml Normal file
View file

@ -0,0 +1,27 @@
debug = false
logLevel = "ERROR"
defaultEntryPoints = ["https","http"]
[entryPoints]
[entryPoints.http]
address = ":80"
[entryPoints.https]
address = ":443"
[entryPoints.https.tls]
[retry]
[docker]
endpoint = "unix:///var/run/docker.sock"
domain = "example.org"
watch = true
exposedByDefault = false
#[acme]
#email = "root@example.org"
#storage = "acme.json"
#entryPoint = "https"
#onHostRule = true
#[acme.httpChallenge]
#entryPoint = "http"

109
.examples/docker-compose/with-traefik-proxy/mariadb-cron-smtp/fpm-alpine/web/nginx.conf Normal file
View file

@ -0,0 +1,109 @@
##
# Friendica Nginx configuration
# by Olaf Conradi, modified by Philipp Holzer
#
worker_processes 4;
events {
worker_connections 1024;
}
error_log /var/log/nginx/error.log warn;
pid /var/run/nginx.pid;
http {
charset utf-8;
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
# If behind reverse proxy, forwards the correct IP
set_real_ip_from 10.0.0.0/8;
set_real_ip_from 172.16.0.0/12;
set_real_ip_from 192.168.0.0/16;
set_real_ip_from fc00::/7;
real_ip_header X-Real-IP;
upstream php-handler {
server app:9000;
}
server {
listen 80;
server_name friendica.local;
index index.php;
root /var/www/html;
#Uncomment the following line to include a standard configuration file
#Note that the most specific rule wins and your standard configuration
#will therefore *add* to this file, but not override it.
#include standard.conf
# allow uploads up to 20MB in size
client_max_body_size 20m;
client_body_buffer_size 128k;
# rewrite to front controller as default rule
location / {
if (!-e $request_filename) {
rewrite ^(.*)$ /index.php?pagename=$1;
}
}
# make sure webfinger and other well known services aren't blocked
# by denying dot files and rewrite request to the front controller
location ^~ /.well-known/ {
allow all;
if (!-e $request_filename) {
rewrite ^(.*)$ /index.php?pagename=$1;
}
}
# statically serve these file types when possible
# otherwise fall back to front controller
# allow browser to cache them
# added .htm for advanced source code editor library
#location ~* \.(jpg|jpeg|gif|png|ico|css|js|htm|html|ttf|woff|svg)$ {
# expires 30d;
# try_files $uri /index.php?pagename=$uri&$args;
#}
include mime.types;
# block these file types
location ~* \.(tpl|md|tgz|log|out)$ {
deny all;
}
# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
# or a unix socket
location ~* \.php$ {
# Zero-day exploit defense.
# http://forum.nginx.org/read.php?2,88845,page=3
# Won't work properly (404 error) if the file is not stored on this
# server, which is entirely possible with php-fpm/php-fcgi.
# Comment the 'try_files' line out if you set up php-fpm/php-fcgi on
# another machine. And then cross your fingers that you won't get hacked.
try_files $uri =404;
# NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass php-handler;
include fastcgi_params;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
}
# deny access to all dot files
location ~ /\. {
deny all;
}
}
}

12
.examples/docker-compose/with-traefik-proxy/mariadb-cron-smtp/fpm/app/Dockerfile Normal file
View file

@ -0,0 +1,12 @@
# Based on .exmples/dockerfiles/smtp/fpm
FROM friendica/server:fpm
# simple = using an smtp without any credentials (mostly in local networks)
# custom = you need to set host, port, auth_options, authinfo (e.g. for GMX support)
ENV SMTP_TYPE simple
ENV SMTP_HOST smtp.example.org
COPY *.sh /
RUN chmod +x /*.sh
RUN /smtp-config.sh

45
.examples/docker-compose/with-traefik-proxy/mariadb-cron-smtp/fpm/app/smtp-config.sh Normal file
View file

@ -0,0 +1,45 @@
#!/bin/sh
set -eu
IFS=\n
SMTP_TYPE=${SMTP_TYPE:-simple}
# config options
SMTP_HOST=${SMTP_HOST:-'localhost'}
SMTP_PORT=${SMTP_PORT:-'25'}
SMTP_AUTH=${SMTP_AUTH:-'A p'}
SMTP_TRUST_AUTH_MECH=${SMTP_TRUST_AUTH_MECH:-'EXTERNAL DIGEST-MD5 CRAM-MD5 LOGIN PLAIN'}
SMTP_AUTH_MECH=${SMTP_AUTH_MECH:-'EXTERNAL GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN PLAIN'}
SMTP_USERNAME=${SMTP_USERNAME:-''}
SMTP_PASSWORD=${SMTP_PASSWORD:-''}
smtp_simple() {
sed -i '/MAILER_DEFINITIONS/i define(`SMART_HOST'\'',`'$SMTP_HOST''\'')dnl/' /etc/mail/sendmail.mc
}
smtp_custom() {
cd /etc/mail
mkdir -m 700 authinfo
cd authinfo/
echo 'Authinfo: "U:www-data" "I:'$SMTP_USERNAME'" "P:'$SMTP_PASSWORD'"' > auth_file
makemap hash auth < auth_file
sed -i '/MAILER_DEFINITIONS/i \
define(`SMART_HOST'\'',`'$SMTP_HOST''\'')dnl \
define(`RELAY_MAILER_ARGS'\'', `TCP '$SMTP_HOST' '$SMTP_PORT''\'')dnl \
define(`ESMTP_MAILER_ARGS'\'', `TCP '$SMTP_HOST' '$SMTP_PORT''\'')dnl \
define(`confAUTH_OPTIONS'\'', `'$SMTP_AUTH''\'')dnl \
TRUST_AUTH_MECH(`'$SMTP_TRUST_AUTH_MECH''\'')dnl \
define(`confAUTH_MECHANISMS'\'', `'$SMTP_AUTH_MECH''\'')dnl \
FEATURE(`authinfo'\'',`hash -o /etc/mail/authinfo/auth.db'\'')dnl' /etc/mail/sendmail.mc
}
case $SMTP_TYPE in
simple) smtp_simple ;;
custom) smtp_custom ;;
*)
echo "Unknown SMTP-Type '$SMTP_TYPE'"
exit 1
esac

5
.examples/docker-compose/with-traefik-proxy/mariadb-cron-smtp/fpm/db.env Normal file
View file

@ -0,0 +1,5 @@
MYSQL_PASSWORD=
MYSQL_DATABASE=friendica
MYSQL_USER=friendica
MYSQL_HOST=db
MYSQL_PORT=3306

87
.examples/docker-compose/with-traefik-proxy/mariadb-cron-smtp/fpm/docker-compose.yml Normal file
View file

@ -0,0 +1,87 @@
version: '2.1'
services:
db:
image: mariadb
restart: always
volumes:
- db:/var/lib/mysql/
environment:
- MYSQL_RANDOM_ROOT_PASSWORD=yes
env_file:
- db.env
app:
build: ./app
restart: always
volumes:
- friendica:/var/www/html
environment:
- AUTOINSTALL=true
- MAILNAME=
- TZ=
- LANGUAGE=
env_file:
- db.env
depends_on:
- db
hostname: friendica.local
cron:
build: ./app
restart: always
volumes:
- friendica:/var/www/html
entrypoint: /cron.sh
environment:
- MAILNAME=
- TZ=
- LANGUAGE=
env_file:
- db.env
depends_on:
- db
- app
hostname: friendica.local
web:
image: nginx
restart: always
volumes:
- friendica:/var/www/html:ro
- ./web/nginx.conf:/etc/nginx/nginx.conf:ro
depends_on:
- app
networks:
- default
- proxy-tier
labels:
- "traefik.backend=friendica"
- "traefik.frontend.entryPoints=https,http"
- "traefik.frontend.headers.STSSeconds=15768000"
- "traefik.frontend.headers.STSIncludeSubdomains=false"
- "traefik.frontend.headers.forceSTSHeader=true"
- "traefik.friendica.frontend.rule=Host:friendica.local"
- "traefik.friendica.frontend.port=80"
- "traefik.enable=true"
- "traefik.docker.network=proxy-tier"
proxy:
build: ./proxy
restart: always
ports:
- "80:80"
- "443:443"
volumes:
- /var/run/docker.sock:/var/run/docker.sock
container_name: traefik
networks:
- default
- proxy-tier
volumes:
db:
friendica:
networks:
proxy-tier:

3
.examples/docker-compose/with-traefik-proxy/mariadb-cron-smtp/fpm/proxy/Dockerfile Normal file
View file

@ -0,0 +1,3 @@
FROM traefik
COPY ./traefik.toml /traefik.toml

27
.examples/docker-compose/with-traefik-proxy/mariadb-cron-smtp/fpm/proxy/traefik.toml Normal file
View file

@ -0,0 +1,27 @@
debug = false
logLevel = "ERROR"
defaultEntryPoints = ["https","http"]
[entryPoints]
[entryPoints.http]
address = ":80"
[entryPoints.https]
address = ":443"
[entryPoints.https.tls]
[retry]
[docker]
endpoint = "unix:///var/run/docker.sock"
domain = "example.org"
watch = true
exposedByDefault = false
#[acme]
#email = "root@example.org"
#storage = "acme.json"
#entryPoint = "https"
#onHostRule = true
#[acme.httpChallenge]
#entryPoint = "http"

109
.examples/docker-compose/with-traefik-proxy/mariadb-cron-smtp/fpm/web/nginx.conf Normal file
View file

@ -0,0 +1,109 @@
##
# Friendica Nginx configuration
# by Olaf Conradi, modified by Philipp Holzer
#
worker_processes 4;
events {
worker_connections 1024;
}
error_log /var/log/nginx/error.log warn;
pid /var/run/nginx.pid;
http {
charset utf-8;
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
# If behind reverse proxy, forwards the correct IP
set_real_ip_from 10.0.0.0/8;
set_real_ip_from 172.16.0.0/12;
set_real_ip_from 192.168.0.0/16;
set_real_ip_from fc00::/7;
real_ip_header X-Real-IP;
upstream php-handler {
server app:9000;
}
server {
listen 80;
server_name friendica.local;
index index.php;
root /var/www/html;
#Uncomment the following line to include a standard configuration file
#Note that the most specific rule wins and your standard configuration
#will therefore *add* to this file, but not override it.
#include standard.conf
# allow uploads up to 20MB in size
client_max_body_size 20m;
client_body_buffer_size 128k;
# rewrite to front controller as default rule
location / {
if (!-e $request_filename) {
rewrite ^(.*)$ /index.php?pagename=$1;
}
}
# make sure webfinger and other well known services aren't blocked
# by denying dot files and rewrite request to the front controller
location ^~ /.well-known/ {
allow all;
if (!-e $request_filename) {
rewrite ^(.*)$ /index.php?pagename=$1;
}
}
# statically serve these file types when possible
# otherwise fall back to front controller
# allow browser to cache them
# added .htm for advanced source code editor library
#location ~* \.(jpg|jpeg|gif|png|ico|css|js|htm|html|ttf|woff|svg)$ {
# expires 30d;
# try_files $uri /index.php?pagename=$uri&$args;
#}
include mime.types;
# block these file types
location ~* \.(tpl|md|tgz|log|out)$ {
deny all;
}
# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
# or a unix socket
location ~* \.php$ {
# Zero-day exploit defense.
# http://forum.nginx.org/read.php?2,88845,page=3
# Won't work properly (404 error) if the file is not stored on this
# server, which is entirely possible with php-fpm/php-fcgi.
# Comment the 'try_files' line out if you set up php-fpm/php-fcgi on
# another machine. And then cross your fingers that you won't get hacked.
try_files $uri =404;
# NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass php-handler;
include fastcgi_params;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
}
# deny access to all dot files
location ~ /\. {
deny all;
}
}
}

16
README.md
View file

@ -246,7 +246,9 @@ An example can be found in the [examples section](https://github.com/friendica/d
As this setup does **not include encryption** it should to be run behind a proxy. As this setup does **not include encryption** it should to be run behind a proxy.
Maker sure to set the variable `MYSQL_PASSWORD` before you run the setup. Prerequisites for this example:
- Make sure to set the variable `MYSQL_PASSWORD` before you run the setup.
- Create a `nginx.conf` in the same directory as the docker-compose.yml file (take it from [example](https://github.com/friendica/docker/tree/master/.examples/docker-compose/with-traefik-proxy/mariadb-cron-smtp/fpm/web/nginx.conf))
```yaml ```yaml
version: '2' version: '2'
@ -276,8 +278,9 @@ services:
- MYSQL_DATABASE=friendica - MYSQL_DATABASE=friendica
- MAILNAME=root@friendica.local - MAILNAME=root@friendica.local
hostname: friendica.local hostname: friendica.local
depends_on: networks:
- db - proxy-tier
- default
web: web:
image: nginx image: nginx
@ -287,13 +290,16 @@ services:
- app - app
volumes: volumes:
- ./nginx.conf:/etc/nginx/nginx.conf:ro - ./nginx.conf:/etc/nginx/nginx.conf:ro
volumes_from:
- app
restart: always restart: always
networks:
- proxy-tier
volumes: volumes:
db: db:
friendica: friendica:
networks:
proxy-tier:
``` ```
Then run `docker-compose up -d`, now you can access Friendica at http://localhost:8080/ from your system. Then run `docker-compose up -d`, now you can access Friendica at http://localhost:8080/ from your system.