Merge pull request 'Update for log rotation and backups' (#14) from log-cleanup into trunk
All checks were successful
Cloud Apache Container / Build-and-Push (push) Successful in 1m22s

Reviewed-on: #14
This commit is contained in:
jknapp 2024-10-15 02:32:44 +00:00
commit aab89a7412
14 changed files with 121 additions and 103 deletions

View File

@ -1,10 +1,9 @@
FROM almalinux/9-base FROM almalinux/9-base
ARG PHPVER=81 ARG PHPVER=81
#RUN dnf update -y && dnf upgrade -y
RUN dnf install https://dl.fedoraproject.org/pub/epel/epel-release-latest-9.noarch.rpm -y RUN dnf install https://dl.fedoraproject.org/pub/epel/epel-release-latest-9.noarch.rpm -y
RUN dnf install -y https://rpms.remirepo.net/enterprise/remi-release-9.rpm RUN dnf install -y https://rpms.remirepo.net/enterprise/remi-release-9.rpm
#RUN dnf update -y && dnf upgrade -y RUN dnf update -y && dnf upgrade -y
RUN dnf install -y httpd mod_ssl wget procps RUN dnf install -y httpd mod_ssl wget procps cronie
RUN openssl req -newkey rsa:2048 -nodes -keyout /etc/pki/tls/private/localhost.key -x509 -days 3650 -subj "/CN=localhost" -out /etc/pki/tls/certs/localhost.crt RUN openssl req -newkey rsa:2048 -nodes -keyout /etc/pki/tls/private/localhost.key -x509 -days 3650 -subj "/CN=localhost" -out /etc/pki/tls/certs/localhost.crt
RUN mkdir /run/php-fpm/ RUN mkdir /run/php-fpm/
RUN mkdir /scripts RUN mkdir /scripts
@ -19,5 +18,6 @@ COPY ./configs/prod-php.ini /etc/php.ini
COPY ./configs/phpinfo.php /var/www/html/ COPY ./configs/phpinfo.php /var/www/html/
COPY ./configs/mariadb.repo /etc/yum.repos.d/ COPY ./configs/mariadb.repo /etc/yum.repos.d/
COPY ./configs/index.php /var/www/html/ COPY ./configs/index.php /var/www/html/
RUN echo "15 */12 * * * root /scripts/log-rotate.sh" >> /etc/crontab
RUN yum clean all RUN yum clean all
ENTRYPOINT [ "/scripts/entrypoint.sh" ] ENTRYPOINT [ "/scripts/entrypoint.sh" ]

View File

@ -15,8 +15,9 @@ __You can then run a development version of the server by running the following
```console ```console
mkdir -p local-development/domain.tld mkdir -p local-development/domain.tld
cd local-development/domain.tld cd local-development/domain.tld
mkdir {user,db,logs} mkdir user
docker run -d -it -p 80:80 -p 443:443 -e PHPVER=81 -e environment=DEV --mount type=bind,source="$(pwd)"/user,target=/home/myuser --mount type=bind,source="$(pwd)"/db,target=/var/lib/mysql -e uid=30001 -e user=myuser -e domain=domain.tld -e serveralias=www.domain.tld --name local-dev repo.anhonesthost.net/cloud-hosting-platform/cac:latest mkdir -p user/logs/{apache,system}
docker run -d -it -p 80:80 -p 443:443 -e PHPVER=81 -e environment=DEV --mount type=bind,source="$(pwd)"/user,target=/home/myuser --mount type=bind,source="$(pwd)"/user/logs/apache,target=/etc/httpd/logs --mount type=bind,source="$(pwd)"/user/logs/system,target=/var/log -v"$name-mysql":/var/lib/mysql -e uid=30001 -e user=myuser -e domain=domain.tld -e serveralias=www.domain.tld --name local-dev repo.anhonesthost.net/cloud-hosting-platform/cac:latest
``` ```
*This will start the processes needed to run sites locally.* *This will start the processes needed to run sites locally.*
@ -40,7 +41,7 @@ wp core download
You should be able to then go into your browser and go to https://localhost (accept the SSL warning if it appears) and follow the prompts to setup the site. You should be able to then go into your browser and go to https://localhost (accept the SSL warning if it appears) and follow the prompts to setup the site.
The database credentials are shown in the /var/lib/mysql/creds file, which we had *cat* in the commands above. The database credentials are shown in the /home/```$user```/mysql_creds file, which we had *cat* in the commands above. They will also be stored in your user directory.
### PHPVER ### ### PHPVER ###
*74* - PHP 7.4 *74* - PHP 7.4
@ -62,11 +63,11 @@ __Optional Tags__
### Helpful Notes ### ### Helpful Notes ###
* On your first creation of a dev instance, you will be dumped to the logs output. Hit ```ctrl + c``` to exit the running process. * A cron is set up in the container to backup the database every 15 minutes to your user's directory.
* If you want to restart the instance again, run ```docker start {name-of-your-container}``` in the example, *name-of-your-cintainer* is *local-dev* * If you want to restart the instance again, run ```docker start {name-of-your-container}``` in the example, *name-of-your-cintainer* is *local-dev*
* To stop a restarted instance, run ```docker stop {name-of-your-container}``` * To stop a restarted instance, run ```docker stop {name-of-your-container}```
* To view log stream from container, run ```docker logs -f {name-of-your-container}``` * To view log stream from container, run ```docker logs -f {name-of-your-container}```
* To delete a container, run ```docker rm {name-of-your-container}``` *__Note:__ this does not delete the files in public_html or database, as those are store in your system* * To delete a container, run ```docker rm {name-of-your-container}``` *__Note:__ this does not delete the files in user directory or database, as those are store in your system*
* To view running containers, run ```docker ps``` * To view running containers, run ```docker ps```
* To view all created containers, run ```docker ps --all`` * To view all created containers, run ```docker ps --all``
* To view all container images downloaded on your system, run ```docker images``` * To view all container images downloaded on your system, run ```docker images```

View File

@ -40,6 +40,42 @@
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent] RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost> </VirtualHost>
#
# When we also provide SSL we have to listen to the
# standard HTTPS port in addition.
#
Listen 443 https
##
## SSL Global Context
##
## All SSL configuration in this context applies both to
## the main server and all SSL-enabled virtual hosts.
##
# Pass Phrase Dialog:
# Configure the pass phrase gathering process.
# The filtering dialog program (`builtin' is a internal
# terminal dialog) has to provide the pass phrase on stdout.
SSLPassPhraseDialog exec:/usr/libexec/httpd-ssl-pass-dialog
# Inter-Process Session Cache:
# Configure the SSL Session Cache: First the mechanism
# to use and second the expiring timeout (in seconds).
SSLSessionCache shmcb:/run/httpd/sslcache(512000)
SSLSessionCacheTimeout 300
#
# Use "SSLCryptoDevice" to enable any supported hardware
# accelerators. Use "openssl engine -v" to list supported
# engine names. NOTE: If you enable an accelerator and the
# server does not start, consult the error logs and ensure
# your accelerator is functioning properly.
#
SSLCryptoDevice builtin
<IfModule mod_ssl.c> <IfModule mod_ssl.c>
<VirtualHost _default_:443> <VirtualHost _default_:443>
ServerName "~~domain~~" ServerName "~~domain~~"

View File

@ -44,11 +44,12 @@ fi
echo "Building Docker Image..." echo "Building Docker Image..."
user=$(whoami) user=$(whoami)
uid=$(id -u) uid=$(id -u)
if [ ! -d "$root_path/web" ]; then if [ ! -d "$root_path/user" ]; then
mkdir -p "$root_path/web"; mkdir -p "$root_path/user";
mkdir -p "$root_path/user/logs/{apache,system}";
fi fi
$check_docker volume create "$name-mysql" $check_docker volume create "$name-mysql"
$check_docker run --pull=always -d -p "$http_port":80 -p "$https_port":443 -e PHPVER=$phpver -e environment=DEV --mount type=bind,source="$root_path"/web,target=/home/"$user"/public_html -v"$name-mysql":/var/lib/mysql -e uid="$uid" -e user="$user" -e domain="$name-local.dev" --name "$name" repo.anhonesthost.net/cloud-hosting-platform/cac:latest $check_docker run --pull=always -d -p "$http_port":80 -p "$https_port":443 -e PHPVER=$phpver -e environment=DEV --mount type=bind,source="$root_path"/user,target=/home/"$user" --mount type=bind,source="$(pwd)"/user/logs/apache,target=/etc/httpd/logs --mount type=bind,source="$(pwd)"/user/logs/system,target=/var/log -v"$name-mysql":/var/lib/mysql -e uid="$uid" -e user="$user" -e domain="$name-local.dev" --name "$name" repo.anhonesthost.net/cloud-hosting-platform/cac:latest
echo "Creating management scripts in root directory..." echo "Creating management scripts in root directory..."
echo "#!/usr/bin/env bash" > "$root_path/instance_start" echo "#!/usr/bin/env bash" > "$root_path/instance_start"
echo "docker start $name" >> "$root_path/instance_start" echo "docker start $name" >> "$root_path/instance_start"

View File

@ -1,70 +0,0 @@
---
resources:
- name: cac
type: git
source:
uri: https://repo.anhonesthost.net/cloud-hosting-platform/cloud-apache-container.git
branch: trunk
- name: build-cac-74
type: docker-image
source:
repository: registry.dnspegasus.net/cac
tag: 74
- name: build-cac-80
type: docker-image
source:
repository: registry.dnspegasus.net/cac
tag: 80
- name: build-cac-81
type: docker-image
source:
repository: registry.dnspegasus.net/cac
tag: 81
- name: build-cac-82
type: docker-image
source:
repository: registry.dnspegasus.net/cac
tag: 82
jobs:
- name: publish-cac-74
plan:
- get: cac
trigger: true
- put: build-cac-74
params:
build: cac
build_args:
PHPVER: 74
- name: publish-cac-80
plan:
- get: cac
trigger: true
- put: build-cac-80
params:
build: cac
build_args:
PHPVER: 80
- name: publish-cac-81
plan:
- get: cac
trigger: true
- put: build-cac-81
params:
build: cac
build_args:
PHPVER: 81
- name: publish-cac-82
plan:
- get: cac
trigger: true
- put: build-cac-82
params:
build: cac
build_args:
PHPVER: 82

View File

@ -34,6 +34,12 @@ cat <<EOF > /etc/httpd/conf.d/$domain.conf
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent] RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost> </VirtualHost>
Listen 443 https
SSLPassPhraseDialog exec:/usr/libexec/httpd-ssl-pass-dialog
SSLSessionCache shmcb:/run/httpd/sslcache(512000)
SSLSessionCacheTimeout 300
SSLCryptoDevice builtin
<IfModule mod_ssl.c> <IfModule mod_ssl.c>
<VirtualHost _default_:443> <VirtualHost _default_:443>
ServerName "$domain" ServerName "$domain"

View File

@ -1,4 +1,4 @@
#!/bin/bash #!/usr/bin/env bash
if [ -z "$PHPVER" ]; then if [ -z "$PHPVER" ]; then
PHPVER="81"; PHPVER="81";
@ -7,26 +7,33 @@ fi
adduser -u $uid $user adduser -u $uid $user
mkdir -p /home/$user/public_html mkdir -p /home/$user/public_html
mkdir -p /home/$user/logs/{apache,php-fpm}
chown -R $user:$user /home/$user mv /var/log/httpd /var/log/httpd.bak
chmod -R 755 /home/$user
ln -s /home/$user/logs/apache /var/log/httpd
ln -s /home/$user/logs/php-fpm /var/log/php-fpm
/scripts/install-php$PHPVER.sh /scripts/install-php$PHPVER.sh
/scripts/create-vhost.sh /scripts/create-vhost.sh
/scripts/create-php-config.sh /scripts/create-php-config.sh
if [ -f /etc/httpd/conf.d/ssl.conf ]; then
mv /etc/httpd/conf.d/ssl.conf /etc/httpd/conf.d/ssl.conf.bak
fi
/usr/sbin/httpd -k start /usr/sbin/httpd -k start
/usr/sbin/php-fpm -y /etc/php-fpm.conf /usr/sbin/php-fpm -y /etc/php-fpm.conf
chown -R $user:$user /home/$user
chmod -R 755 /home/$user
if [[ $environment == 'DEV' ]]; then if [[ $environment == 'DEV' ]]; then
echo "Starting Dev Deployment" echo "Starting Dev Deployment"
dnf install -y cronie mkdir -p /home/$user/_db_backups
/usr/sbin/crond
mkdir -p /home/$user/public_html/_db_backups
dnf install -y MariaDB-server MariaDB-client memcached dnf install -y MariaDB-server MariaDB-client memcached
nohup mysqld -umysql & nohup mysqld -umysql &
if [ ! -f /var/lib/mysql/creds ]; then if [ ! -f /home/$user/mysql_creds ]; then
echo "Give MySQL a chance to finish starting..." echo "Give MySQL a chance to finish starting..."
sleep 10 sleep 10
mysql_user=$(tr -dc A-Za-z0-9 </dev/urandom | head -c 13 ; echo '') mysql_user=$(tr -dc A-Za-z0-9 </dev/urandom | head -c 13 ; echo '')
@ -36,14 +43,11 @@ if [[ $environment == 'DEV' ]]; then
mysql -e "CREATE USER '"$mysql_user"'@'localhost' IDENTIFIED BY '"$mysql_password"';" mysql -e "CREATE USER '"$mysql_user"'@'localhost' IDENTIFIED BY '"$mysql_password"';"
mysql -e "GRANT ALL PRIVILEGES ON *.* TO '"$mysql_user"'@'localhost' WITH GRANT OPTION;" mysql -e "GRANT ALL PRIVILEGES ON *.* TO '"$mysql_user"'@'localhost' WITH GRANT OPTION;"
mysql -e "FLUSH PRIVILEGES;" mysql -e "FLUSH PRIVILEGES;"
dt=$(date +%y%m%d-%T) echo "*/15 * * * * root /scripts/mysql-backup.sh $user devdb_$mysql_db" >> /etc/crontab
echo "*/15 * * * * root /usr/bin/mysqldump $mysql_db > /home/$user/public_html/_db_backups/$mysql_db.$dt.sql" >> /etc/crontab echo "MySQL User: "$mysql_user > /home/$user/mysql_creds
echo "*/30 * * * * root /usr/bin/find /home/$user/public_html/_db_backups/ -type f -mmin +360 -delete" >> /etc/crontab echo "MySQL Password: "$mysql_password >> /home/$user/mysql_creds
-type f -mmin +360 echo "MySQL Database: devdb_"$mysql_db >> /home/$user/mysql_creds
echo "MySQL User: "$mysql_user > /var/lib/mysql/creds cat /home/$user/mysql_creds
echo "MySQL Password: "$mysql_password >> /var/lib/mysql/creds
echo "MySQL Database: devdb_"$mysql_db >> /var/lib/mysql/creds
cat /var/lib/mysql/creds
fi fi
/usr/bin/memcached -d -u $user /usr/bin/memcached -d -u $user
@ -53,8 +57,8 @@ fi
if [[ $environment == 'PROD' ]]; then if [[ $environment == 'PROD' ]]; then
sed -r -i 's/;session.save_path="localhost:11211/session.save_path="memcache:11211/' /etc/php.d/50-memcached.ini sed -r -i 's/;session.save_path="localhost:11211/session.save_path="memcache:11211/' /etc/php.d/50-memcached.ini
fi fi
/usr/sbin/crond
tail -f /etc/httpd/logs/* tail -f /var/log/httpd/*
exit 0 exit 0

View File

@ -1,4 +1,4 @@
#!/bin/bash #!/usr/bin/env bash
dnf module enable php:remi-7.4 -y dnf module enable php:remi-7.4 -y
dnf install -y php php-fpm php-mysqlnd php-xml php-pecl-zip php-sodium php-soap php-xmlrpc \ dnf install -y php php-fpm php-mysqlnd php-xml php-pecl-zip php-sodium php-soap php-xmlrpc \
php-pecl-redis5 php-pecl-memcached php-pecl-memcache php-pecl-ip2location php-pecl-imagick php-pecl-geoip \ php-pecl-redis5 php-pecl-memcached php-pecl-memcache php-pecl-ip2location php-pecl-imagick php-pecl-geoip \

View File

@ -1,4 +1,4 @@
#!/bin/bash #!/usr/bin/env bash
dnf module enable php:remi-8.0 -y dnf module enable php:remi-8.0 -y
dnf install -y php php-fpm php-mysqlnd php-xml php-pecl-zip php-sodium php-soap php-pecl-xmlrpc \ dnf install -y php php-fpm php-mysqlnd php-xml php-pecl-zip php-sodium php-soap php-pecl-xmlrpc \
php-pecl-redis5 php-pecl-memcached php-pecl-memcache php-pecl-ip2location php-pecl-imagick php-pecl-geoip \ php-pecl-redis5 php-pecl-memcached php-pecl-memcache php-pecl-ip2location php-pecl-imagick php-pecl-geoip \

View File

@ -1,4 +1,4 @@
#!/bin/bash #!/usr/bin/env bash
dnf module enable php:remi-8.1 -y dnf module enable php:remi-8.1 -y
dnf install -y php php-fpm php-mysqlnd php-xml php-pecl-zip php-sodium php-soap php-pecl-xmlrpc \ dnf install -y php php-fpm php-mysqlnd php-xml php-pecl-zip php-sodium php-soap php-pecl-xmlrpc \
php-pecl-redis5 php-pecl-memcached php-pecl-memcache php-pecl-ip2location php-pecl-imagick php-pecl-geoip \ php-pecl-redis5 php-pecl-memcached php-pecl-memcache php-pecl-ip2location php-pecl-imagick php-pecl-geoip \

View File

@ -1,4 +1,4 @@
#!/bin/bash #!/usr/bin/env bash
dnf module enable php:remi-8.2 -y dnf module enable php:remi-8.2 -y
dnf install -y php php-fpm php-mysqlnd php-xml php-pecl-zip php-sodium php-soap php-pecl-xmlrpc \ dnf install -y php php-fpm php-mysqlnd php-xml php-pecl-zip php-sodium php-soap php-pecl-xmlrpc \
php-pecl-redis5 php-pecl-memcached php-pecl-memcache php-pecl-ip2location php-pecl-imagick php-pecl-geoip \ php-pecl-redis5 php-pecl-memcached php-pecl-memcache php-pecl-ip2location php-pecl-imagick php-pecl-geoip \

View File

@ -1,4 +1,4 @@
#!/bin/bash #!/usr/bin/env bash
dnf module enable php:remi-8.3 -y dnf module enable php:remi-8.3 -y
dnf install -y php php-fpm php-mysqlnd php-xml php-pecl-zip php-sodium php-soap php-pecl-xmlrpc \ dnf install -y php php-fpm php-mysqlnd php-xml php-pecl-zip php-sodium php-soap php-pecl-xmlrpc \
php-pecl-redis5 php-pecl-memcached php-pecl-memcache php-pecl-ip2location php-pecl-imagick php-pecl-geoip \ php-pecl-redis5 php-pecl-memcached php-pecl-memcache php-pecl-ip2location php-pecl-imagick php-pecl-geoip \

26
scripts/log-rotate.sh Normal file
View File

@ -0,0 +1,26 @@
#!/usr/bin/env bash
# Set the log directory
LOG_DIR="/var/log/httpd"
# Get current date
DATE=$(date +%Y%m%d)
# Rotate access log
if [ -f "$LOG_DIR/access_log" ]; then
cp "$LOG_DIR/access_log" "$LOG_DIR/access_log.$DATE"
cat /dev/null > "$LOG_DIR/access_log"
fi
# Rotate error log
if [ -f "$LOG_DIR/error_log" ]; then
cp "$LOG_DIR/error_log" "$LOG_DIR/error_log.$DATE"
cat /dev/null > "$LOG_DIR/error_log"
fi
# Compress logs older than 3 days
find "$LOG_DIR" -name "*.log.*" -type f -mtime +3 -exec gzip {} \;
# Delete logs older than 7 days
find "$LOG_DIR" -name "*.log.*" -type f -mtime +7 -delete

14
scripts/mysql-backup.sh Normal file
View File

@ -0,0 +1,14 @@
#!/usr/bin/env bash
user=$1
mysql_db=$2
dt=$(date +%y%m%d-%T)
if [ ! -d /home/$user/_db_backups ]; then
mkdir -p /home/$user/_db_backups
fi
/usr/bin/mysqldump $mysql_db > /home/$user/_db_backups/$mysql_db.$dt.sql
chown -R $user:$user /home/$user/_db_backups
/usr/bin/find /home/$user/_db_backups/ -type f -mmin +360 -delete
exit 0