From 1bb05b3221a1db8a762914a4df92e7bbfde4ac1b Mon Sep 17 00:00:00 2001 From: Marwolf Date: Sat, 1 Sep 2018 22:09:23 -0400 Subject: [PATCH 1/4] Ignoring ghost.db --- .gitignore | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.gitignore b/.gitignore index 1cabde3..4b5abd7 100755 --- a/.gitignore +++ b/.gitignore @@ -41,3 +41,5 @@ etc/ghost/content/data/\.DS_Store etc/ghost/content/themes/ etc/ghost/content/logs/*.log.* + +etc/ghost/content/data/ghost\.db From c0d7a296fc0a51a44ab6f1563133bd354900c8c0 Mon Sep 17 00:00:00 2001 From: Marwolf Date: Tue, 4 Sep 2018 21:42:16 -0400 Subject: [PATCH 2/4] Alpine-based images for size reduction --- docker-compose.yml | 9 ++++++--- etc/nginx/default.conf | 18 ++++++++++++++---- etc/php/fastcgi.conf | 17 +++++++++++++++++ 3 files changed, 37 insertions(+), 7 deletions(-) create mode 100755 etc/php/fastcgi.conf diff --git a/docker-compose.yml b/docker-compose.yml index afbd210..72d0481 100755 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -2,13 +2,14 @@ version: '3.1' services: nginx: - image: nginx:latest + image: nginx:1.15.3-alpine-perl container_name: nginx volumes: - "./etc/nginx:/etc/nginx/conf.d" - "./Website:/var/www/html" - "./etc/nginx/logs:/var/log/nginx" - "./etc/letsencrypt:/etc/letsencrypt" + - "./etc/php:/etc/nginx/php" ports: - "80:80" - "443:443" @@ -64,7 +65,7 @@ services: - "./etc/tomcat:/usr/local/tomcat/conf" ghost: - image: ghost:latest + image: ghost:2.0.3-alpine container_name: ghost ports: - "127.0.0.1:2368:2368" @@ -78,8 +79,10 @@ services: - privacy__useUpdateCheck=false php: - image: nanoninja/php-fpm:7.2 + image: php:7.2.9-fpm-alpine3.6 container_name: php + ports: + - "9001:9001" volumes: - "./etc/php/php.ini:/usr/local/etc/php/conf.d/php.ini" - "./Website:/var/www/html/public" diff --git a/etc/nginx/default.conf b/etc/nginx/default.conf index 4bd4630..29ae090 100755 --- a/etc/nginx/default.conf +++ b/etc/nginx/default.conf @@ -16,7 +16,7 @@ server { access_log /var/log/nginx/access.log; root /app; - index index.jsp index.html index.htm; + index index.php index.jsp index.html index.htm; client_max_body_size 100M; @@ -25,14 +25,24 @@ server { } ####### Proxies ####### -# # PHP proxy -# location /board { + # PHP proxy +# location ~ \.php$ { # fastcgi_pass php:9001; # fastcgi_index index.php; -# include fastcgi.conf; +# include php/fastcgi.conf; # root /app; # } + location ~ \.php$ { + try_files $uri =404; + fastcgi_split_path_info ^(.+\.php)(/.+)$; + fastcgi_pass php:9001; + fastcgi_index index.php; + include fastcgi_params; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_param PATH_INFO $fastcgi_path_info; + } + # Ghost proxy location /blog { proxy_pass http://ghost; diff --git a/etc/php/fastcgi.conf b/etc/php/fastcgi.conf new file mode 100755 index 0000000..a9fb1ba --- /dev/null +++ b/etc/php/fastcgi.conf @@ -0,0 +1,17 @@ +fastcgi_param GATEWAY_INTERFACE CGI/1.1; +fastcgi_param SERVER_SOFTWARE nginx; +fastcgi_param QUERY_STRING $query_string; +fastcgi_param REQUEST_METHOD $request_method; +fastcgi_param CONTENT_TYPE $content_type; +fastcgi_param CONTENT_LENGTH $content_length; +fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; +fastcgi_param SCRIPT_NAME $fastcgi_script_name; +fastcgi_param REQUEST_URI $request_uri; +fastcgi_param DOCUMENT_URI $document_uri; +fastcgi_param DOCUMENT_ROOT $document_root; +fastcgi_param SERVER_PROTOCOL $server_protocol; +fastcgi_param REMOTE_ADDR $remote_addr; +fastcgi_param REMOTE_PORT $remote_port; +fastcgi_param SERVER_ADDR $server_addr; +fastcgi_param SERVER_PORT $server_port; +fastcgi_param SERVER_NAME $server_name; From 8d493a036a0ef6062d019546256249fd0faca4b6 Mon Sep 17 00:00:00 2001 From: Marwolf Date: Tue, 4 Sep 2018 23:46:27 -0400 Subject: [PATCH 3/4] Clean up, making PHP-FPM almost work --- docker-compose.yml | 78 +++++++++++++++++++++--------------------- etc/nginx/default.conf | 16 ++------- etc/php/fastcgi.conf | 17 --------- 3 files changed, 41 insertions(+), 70 deletions(-) delete mode 100755 etc/php/fastcgi.conf diff --git a/docker-compose.yml b/docker-compose.yml index 72d0481..bf1f1fd 100755 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -20,17 +20,38 @@ services: - tomcat - mysqldb - myadmin: - image: phpmyadmin/phpmyadmin:latest - container_name: phpmyadmin + ghost: + image: ghost:2.0.3-alpine + container_name: ghost ports: - - "9000:80" - environment: - - PMA_ARBITRARY=1 - - PMA_HOST=mysql + - "127.0.0.1:2368:2368" restart: always - depends_on: - - mysqldb + env_file: + - ".env" + volumes: + - "./etc/ghost/content:/var/lib/ghost/content" + environment: + - url=${URL} + - privacy__useUpdateCheck=false + + php: + image: php:7.2.9-fpm-alpine3.6 + container_name: php + ports: + - "127.0.0.1:9001:9000" + volumes: + - "./etc/php/php.ini:/usr/local/etc/php/conf.d/php.ini" + - "./Website:/var/www/html" + + tomcat: + image: tomcat:latest + container_name: tomcat + ports: + - "127.0.0.1:8080:8080" + restart: always + volumes: + - "./Website:/usr/local/tomcat/webapps/ROOT" + - "./etc/tomcat:/usr/local/tomcat/conf" mysqldb: image: mariadb:latest @@ -54,35 +75,14 @@ services: - "./data/db/mysql:/var/lib/mysql" - "./etc/mariadb/innodb.cnf:/etc/mysql/conf.d/innodb.cnf:ro" - tomcat: - image: tomcat:latest - container_name: tomcat + myadmin: + image: phpmyadmin/phpmyadmin:latest + container_name: phpmyadmin ports: - - "8080:8080" - restart: always - volumes: - - "./Website:/usr/local/tomcat/webapps/ROOT" - - "./etc/tomcat:/usr/local/tomcat/conf" - - ghost: - image: ghost:2.0.3-alpine - container_name: ghost - ports: - - "127.0.0.1:2368:2368" - restart: always - env_file: - - ".env" - volumes: - - "./etc/ghost/content:/var/lib/ghost/content" + - "9000:80" environment: - - url=${URL} - - privacy__useUpdateCheck=false - - php: - image: php:7.2.9-fpm-alpine3.6 - container_name: php - ports: - - "9001:9001" - volumes: - - "./etc/php/php.ini:/usr/local/etc/php/conf.d/php.ini" - - "./Website:/var/www/html/public" + - PMA_ARBITRARY=1 + - PMA_HOST=mysql + restart: always + depends_on: + - mysqldb diff --git a/etc/nginx/default.conf b/etc/nginx/default.conf index 29ae090..1da4553 100755 --- a/etc/nginx/default.conf +++ b/etc/nginx/default.conf @@ -15,26 +15,14 @@ server { error_log /var/log/nginx/error.log; access_log /var/log/nginx/access.log; - root /app; - index index.php index.jsp index.html index.htm; + index index.jsp index.html index.htm; client_max_body_size 100M; - location / { - root /var/www/html; - } - ####### Proxies ####### # PHP proxy -# location ~ \.php$ { -# fastcgi_pass php:9001; -# fastcgi_index index.php; -# include php/fastcgi.conf; -# root /app; -# } - location ~ \.php$ { - try_files $uri =404; + #try_files $uri =404; fastcgi_split_path_info ^(.+\.php)(/.+)$; fastcgi_pass php:9001; fastcgi_index index.php; diff --git a/etc/php/fastcgi.conf b/etc/php/fastcgi.conf deleted file mode 100755 index a9fb1ba..0000000 --- a/etc/php/fastcgi.conf +++ /dev/null @@ -1,17 +0,0 @@ -fastcgi_param GATEWAY_INTERFACE CGI/1.1; -fastcgi_param SERVER_SOFTWARE nginx; -fastcgi_param QUERY_STRING $query_string; -fastcgi_param REQUEST_METHOD $request_method; -fastcgi_param CONTENT_TYPE $content_type; -fastcgi_param CONTENT_LENGTH $content_length; -fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; -fastcgi_param SCRIPT_NAME $fastcgi_script_name; -fastcgi_param REQUEST_URI $request_uri; -fastcgi_param DOCUMENT_URI $document_uri; -fastcgi_param DOCUMENT_ROOT $document_root; -fastcgi_param SERVER_PROTOCOL $server_protocol; -fastcgi_param REMOTE_ADDR $remote_addr; -fastcgi_param REMOTE_PORT $remote_port; -fastcgi_param SERVER_ADDR $server_addr; -fastcgi_param SERVER_PORT $server_port; -fastcgi_param SERVER_NAME $server_name; From 9df00571225067b453ec91ac2b98f289cc999e91 Mon Sep 17 00:00:00 2001 From: Marwolf Date: Wed, 5 Sep 2018 13:20:22 -0400 Subject: [PATCH 4/4] PHP now functional --- docker-compose.yml | 11 +++--- etc/nginx/HTTPS_default.conf.BAK | 60 +++++++++++++++++++++++++------- etc/nginx/default.conf | 42 ++++++++++++++++++++-- 3 files changed, 92 insertions(+), 21 deletions(-) diff --git a/docker-compose.yml b/docker-compose.yml index bf1f1fd..8e9064a 100755 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -5,11 +5,12 @@ services: image: nginx:1.15.3-alpine-perl container_name: nginx volumes: - - "./etc/nginx:/etc/nginx/conf.d" + #- "./etc/nginx:/etc/nginx/conf.d" + - "./etc/nginx/default.conf:/etc/nginx/conf.d/default.conf" - "./Website:/var/www/html" - "./etc/nginx/logs:/var/log/nginx" - "./etc/letsencrypt:/etc/letsencrypt" - - "./etc/php:/etc/nginx/php" + #- "./etc/php:/etc/nginx/php" ports: - "80:80" - "443:443" @@ -35,10 +36,10 @@ services: - privacy__useUpdateCheck=false php: - image: php:7.2.9-fpm-alpine3.6 + image: nanoninja/php-fpm container_name: php ports: - - "127.0.0.1:9001:9000" + - "127.0.0.1:9000:9000" volumes: - "./etc/php/php.ini:/usr/local/etc/php/conf.d/php.ini" - "./Website:/var/www/html" @@ -79,7 +80,7 @@ services: image: phpmyadmin/phpmyadmin:latest container_name: phpmyadmin ports: - - "9000:80" + - "55555:80" environment: - PMA_ARBITRARY=1 - PMA_HOST=mysql diff --git a/etc/nginx/HTTPS_default.conf.BAK b/etc/nginx/HTTPS_default.conf.BAK index e120cc8..838581c 100755 --- a/etc/nginx/HTTPS_default.conf.BAK +++ b/etc/nginx/HTTPS_default.conf.BAK @@ -40,23 +40,23 @@ server { ssl_certificate_key /etc/letsencrypt/live/openrsc.com/privkey.pem; ssl_trusted_certificate /etc/letsencrypt/live/openrsc.com/chain.pem; - root /app; - index index.jsp index.html index.htm; + root /var/www/html/; + + index index.php index.html index.htm index.jsp; client_max_body_size 100M; - location / { - root /var/www/html; - } - ####### Proxies ####### -# # PHP proxy -# location /board { -# fastcgi_pass php:9001; -# fastcgi_index index.php; -# include fastcgi.conf; -# root /app; -# } + # PHP proxy + location ~ \.php$ { + try_files $uri =404; + fastcgi_split_path_info ^(.+\.php)(/.+)$; + fastcgi_pass php:9000; + fastcgi_index index.php; + include fastcgi_params; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_param PATH_INFO $fastcgi_path_info; + } # Ghost proxy location /blog { @@ -75,4 +75,38 @@ server { proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_pass http://tomcat; } + + ####### PHPBB ####### + # Deny access to internal phpbb files. + location ~ /board(config\.php|common\.php|files|images/avatars/upload|includes|(?