cloud-hosting-platform/cloud-nginx-container
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

First commit

Browse Source
This commit is contained in:
Josh Knapp
2023-04-11 21:24:39 -07:00
commit f844dcb194
16 changed files with 1997 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

21
Dockerfile Normal file
View File

@@ -0,0 +1,21 @@
FROM almalinux/8-base:latest
ARG PHPVER=81
RUN dnf update -y && dnf upgrade -y
RUN dnf install https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm -y
RUN dnf install -y https://rpms.remirepo.net/enterprise/remi-release-8.rpm
RUN dnf update -y && dnf upgrade -y
RUN dnf install -y memcached nginx wget procps
RUN mv /etc/nginx/nginx.conf /etc/nginx/nginx.bak
COPY ./configs/nginx-default.conf /etc/nginx/nginx.conf
RUN mkdir /run/php-fpm/
RUN mkdir /scripts
COPY ./scripts/* /scripts/
RUN chmod +x /scripts/*
RUN /scripts/install-php$PHPVER.sh
RUN curl -O https://raw.githubusercontent.com/wp-cli/builds/gh-pages/phar/wp-cli.phar
RUN chmod +x wp-cli.phar
RUN mv wp-cli.phar /usr/local/bin/wp
COPY ./configs/prod-php.ini /etc/php.ini
COPY ./configs/mariadb.repo /etc/yum.repos.d/
RUN yum clean all
ENTRYPOINT [ "/scripts/entrypoint.sh" ]

57
README.md Normal file
View File

@@ -0,0 +1,57 @@
# Cloud Nginx Container #
This is the base container for running PHP based applications. Select the PHP version with the tags
*__You mush have docker or compatable containerization software running.__*
__You can pull this image locally by running:__
```console
docker pull registry.dnspegasus.net/cnc:81
```
__You can then run a development version of the server by running the following commands:__
```console
mkdir -p local-development/domain.tld
cd local-development/domain.tld
mkdir web
mkdir db
docker run -it --rm -p 80:80 -e environment=DEV --mount type=bind,source="$(pwd)"/web,target=/home/myuser/public_html --mount type=bind,source="$(pwd)"/db,target=/var/lib/mysql -e uid=30001 -e user=myuser -e domain=domain.tld -e serveralias=www.domain.tld --name local-dev cnc:81
```
*This will start the processes needed to run sites locally.*
__If you need to get into the container you can run from another terminal:__
```console
docker exec -it local-dev /bin/bash
```
__To install WordPress for your site__
```console
cat /var/lib/mysql/creds
su - myuser
cd ~/public_html
wp core download
```
You should be able to then go into your browser and go to https://localhost (accept the SSL warning if it appears) and follow the prompts to setup the site.
The database credentials are shown in the /var/lib/mysql/creds file, which we had *cat* in the commands above.
### Tags ###
*74* - PHP 7.4
*80* - PHP 8.0
*81* - PHP 8.1
*82* - PHP 8.2
### Environment Variables ###
__Required Tags__
*uid* - User ID for File Permissions
*user* - Username for File Permissions
*domain* - Primary Domain for configuration
__Optional Tags__
*environment* - Set to DEV to start memcached and mysql locally for development purposes
*serveralias* - Set to allow alternative hostnames for a site.

2
configs/index.php Normal file
View File

@@ -0,0 +1,2 @@
<?php
echo "pong";

11
configs/mariadb.repo Normal file
View File

@@ -0,0 +1,11 @@
# MariaDB 10.11 CentOS repository list - created 2023-04-03 23:52 UTC
# https://mariadb.org/download/
[mariadb]
name = MariaDB
# rpm.mariadb.org is a dynamic mirror if your preferred mirror goes offline. See https://mariadb.org/mirrorbits/ for details.
# baseurl = https://rpm.mariadb.org/10.11/centos/$releasever/$basearch
baseurl = https://mirrors.xtom.com/mariadb/yum/10.11/centos/$releasever/$basearch
module_hotfixes = 1
# gpgkey = https://rpm.mariadb.org/RPM-GPG-KEY-MariaDB
gpgkey = https://mirrors.xtom.com/mariadb/yum/RPM-GPG-KEY-MariaDB
gpgcheck = 1

89
configs/nginx-default.conf Normal file
View File

@@ -0,0 +1,89 @@
# For more information on configuration, see:
# * Official English Documentation: http://nginx.org/en/docs/
# * Official Russian Documentation: http://nginx.org/ru/docs/
user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;
# Load dynamic modules. See /usr/share/doc/nginx/README.dynamic.
include /usr/share/nginx/modules/*.conf;
events {
worker_connections 1024;
}
http {
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
include /etc/nginx/mime.types;
default_type application/octet-stream;
# Load modular configuration files from the /etc/nginx/conf.d directory.
# See http://nginx.org/en/docs/ngx_core_module.html#include
# for more information.
include /etc/nginx/conf.d/*.conf;
# server {
# listen 80 default_server;
# listen [::]:80 default_server;
# server_name _;
# root /usr/share/nginx/html;
#
# # Load configuration files for the default server block.
# include /etc/nginx/default.d/*.conf;
#
# location / {
# }
#
# error_page 404 /404.html;
# location = /40x.html {
# }
#
# error_page 500 502 503 504 /50x.html;
# location = /50x.html {
# }
# }
# Settings for a TLS enabled server.
#
# server {
# listen 443 ssl http2 default_server;
# listen [::]:443 ssl http2 default_server;
# server_name _;
# root /usr/share/nginx/html;
#
# ssl_certificate "/etc/pki/nginx/server.crt";
# ssl_certificate_key "/etc/pki/nginx/private/server.key";
# ssl_session_cache shared:SSL:1m;
# ssl_session_timeout 10m;
# ssl_ciphers PROFILE=SYSTEM;
# ssl_prefer_server_ciphers on;
#
# # Load configuration files for the default server block.
# include /etc/nginx/default.d/*.conf;
#
# location / {
# }
#
# error_page 404 /404.html;
# location = /40x.html {
# }
#
# error_page 500 502 503 504 /50x.html;
# location = /50x.html {
# }
# }
}

13
configs/phpinfo.php Normal file
View File

@@ -0,0 +1,13 @@
<?php
session_start();
echo shell_exec("whoami");
if ( !isset($_SESSION["number"]) ) {
$_SESSION["number"] = 1;
echo "New Session";
echo $_SESSION["number"];
}else {
$_SESSION["number"] = $_SESSION["number"] + 1;
echo $_SESSION["number"];
}
phpinfo();
?>

1525
configs/prod-php.ini Normal file
View File

File diff suppressed because it is too large Load Diff

53
configs/vhost-template.tpl Normal file
View File

@@ -0,0 +1,53 @@
<Directory "/home/~~user~~">
AllowOverride None
# Allow open access:
Require all granted
</Directory>
<Directory "/home/~~user~~/public_html">
#
# Possible values for the Options directive are "None", "All",
# or any combination of:
# Indexes Includes FollowSymLinks SymLinksifOwnerMatch ExecCGI MultiViews
#
# Note that "MultiViews" must be named *explicitly* --- "Options All"
# doesn't give it to you.
#
# The Options directive is both complicated and important. Please see
# http://httpd.apache.org/docs/2.4/mod/core.html#options
# for more information.
#
Options All MultiViews
#
# AllowOverride controls what directives may be placed in .htaccess files.
# It can be "All", "None", or any combination of the keywords:
# Options FileInfo AuthConfig Limit
#
AllowOverride All
#
# Controls who can get stuff from this server.
#
Require all granted
</Directory>
<VirtualHost _default_:*>
ServerName "~~domain~~"
DocumentRoot "/home/~~user~~/public_html"
RewriteEngine on
RewriteCond %{SERVER_NAME} =~~domain~~
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>
<IfModule mod_ssl.c>
<VirtualHost _default_:443>
ServerName "~~domain~~"
DocumentRoot "/home/~~user~~/public_html"
SSLCertificateFile /etc/pki/tls/certs/localhost.crt
SSLCertificateKeyFile /etc/pki/tls/private/localhost.key
</VirtualHost>
</IfModule>

70
pipeline/automated-build.yml Normal file
View File

@@ -0,0 +1,70 @@
---
resources:
- name: cnc
type: git
source:
uri: https://repo.anhonesthost.net/cloud-hosting-platform/cloud-nginx-container.git
branch: trunk
- name: build-cnc-74
type: docker-image
source:
repository: registry.dnspegasus.net/cnc
tag: 74
- name: build-cnc-80
type: docker-image
source:
repository: registry.dnspegasus.net/cnc
tag: 80
- name: build-cnc-81
type: docker-image
source:
repository: registry.dnspegasus.net/cnc
tag: 81
- name: build-cnc-82
type: docker-image
source:
repository: registry.dnspegasus.net/cnc
tag: 82
jobs:
- name: publish-cnc-74
plan:
- get: cnc
trigger: true
- put: build-cnc-74
params:
build: cnc
build_args:
PHPVER: 74
- name: publish-cnc-80
plan:
- get: cnc
trigger: true
- put: build-cnc-80
params:
build: cnc
build_args:
PHPVER: 80
- name: publish-cnc-81
plan:
- get: cnc
trigger: true
- put: build-cnc-81
params:
build: cnc
build_args:
PHPVER: 81
- name: publish-cnc-82
plan:
- get: cnc
trigger: true
- put: build-cnc-82
params:
build: cnc
build_args:
PHPVER: 82

28
scripts/create-php-config.sh Normal file
View File

@@ -0,0 +1,28 @@
#!/bin/bash
rm /etc/php-fpm.d/www.conf
cat <<EOF > /etc/php-fpm.d/$user.conf
[$user]
user = $user
group = $user
listen = /run/php-fpm/www.sock
listen.owner = nginx
listen.group = nginx
pm = static
pm.max_children = 25
pm.max_requests = 1000
slowlog = /var/log/nginx/error_log
request_slowlog_timeout = 3s
php_admin_value[error_log] = /var/log/nginx/error_log
php_admin_flag[log_errors] = on
php_value[soap.wsdl_cache_dir] = /var/lib/php/wsdlcache
EOF
exit 0

64
scripts/create-vhost.sh Normal file
View File

@@ -0,0 +1,64 @@
#!/bin/bash
alias_block=''
#Create Server Alias Block
if [ ! -z $serveralias ]; then
for alias in $(echo $serveralias | tr ',' ' ')
do
alias_block=$alias_block"ServerAlias $alias
"
done
fi
cat <<EOF > /etc/nginx/conf.d/$domain.conf
# Upstream to abstract backend connection(s) for php
upstream php {
server unix:/run/php-fpm/www.sock;
}
server {
## Your website name goes here.
listen 80 default_server;
server_name _;
#server_name $domain;
## Your only path reference.
root /home/$user/public_html;
## This should be in your http block and if it is, it's not needed here.
index index.php;
location = /favicon.ico {
log_not_found off;
access_log off;
}
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
location / {
# This is cool because no php is touched for static content.
# include the "?\$args" part so non-default permalinks doesn't break when using query string
try_files \$uri \$uri/ /index.php?\$args;
}
location ~ \.php$ {
#NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini
include fastcgi_params;
fastcgi_intercept_errors on;
fastcgi_pass php;
#The following parameter can be also included in fastcgi_params file
fastcgi_param SCRIPT_FILENAME \$document_root\$fastcgi_script_name;
}
location ~* \.(js|css|png|jpg|jpeg|gif|ico)$ {
expires max;
log_not_found off;
}
}
EOF

40
scripts/entrypoint.sh Normal file
View File

@@ -0,0 +1,40 @@
#!/bin/bash
adduser -u $uid $user
mkdir -p /home/$user/public_html
chown -R $user:$user /home/$user
chmod -R 755 /home/$user
/scripts/create-vhost.sh
/scripts/create-php-config.sh
/usr/sbin/nginx
/usr/sbin/php-fpm -y /etc/php-fpm.conf
if [[ $environment == 'DEV' ]]; then
echo "Starting Dev Deployment"
yum install -y MariaDB-server MariaDB-client
nohup mysqld -umysql &
if [ ! -f /var/lib/mysql/creds ]; then
echo "Give MySQL a chance to finish starting..."
sleep 10
mysql_user=$(tr -dc A-Za-z0-9 </dev/urandom | head -c 13 ; echo '')
mysql_password=$(tr -dc A-Za-z0-9 </dev/urandom | head -c 18 ; echo '')
mysql_db=$(tr -dc A-Za-z0-9 </dev/urandom | head -c 6 ; echo '')
mysql -e "CREATE DATABASE devdb_"$mysql_db";"
mysql -e "CREATE USER '"$mysql_user"'@'localhost' IDENTIFIED BY '"$mysql_password"';"
mysql -e "GRANT ALL PRIVILEGES ON *.* TO '"$mysql_user"'@'localhost' WITH GRANT OPTION;"
mysql -e "FLUSH PRIVILEGES;"
echo "MySQL User: "$mysql_user > /var/lib/mysql/creds
echo "MySQL Password: "$mysql_password >> /var/lib/mysql/creds
echo "MySQL Database: devdb_"$mysql_db >> /var/lib/mysql/creds
cat /var/lib/mysql/creds
fi
/usr/bin/memcached -d -u $user
fi
tail -f /var/log/nginx/*
exit 0

6
scripts/install-php74.sh Normal file
View File

@@ -0,0 +1,6 @@
#!/bin/bash
dnf module enable php:remi-7.4 -y
dnf install -y php php-fpm php-mysqlnd php-xml php-pecl-zip php-sodium php-soap php-xmlrpc \
php-pecl-redis5 php-pecl-memcached php-pecl-memcache php-pecl-ip2location php-pecl-imagick php-pecl-geoip \
php-mysqlnd php-mbstring php-ioncube-loader php-intl php-gd libzip php-cli
exit 0

6
scripts/install-php80.sh Normal file
View File

@@ -0,0 +1,6 @@
#!/bin/bash
dnf module enable php:remi-8.0 -y
dnf install -y php php-fpm php-mysqlnd php-xml php-pecl-zip php-sodium php-soap php-pecl-xmlrpc \
php-pecl-redis5 php-pecl-memcached php-pecl-memcache php-pecl-ip2location php-pecl-imagick php-pecl-geoip \
php-mysqlnd php-mbstring php-ioncube-loader php-intl php-gd libzip php-cli
exit 0

6
scripts/install-php81.sh Normal file
View File

@@ -0,0 +1,6 @@
#!/bin/bash
dnf module enable php:remi-8.1 -y
dnf install -y php php-fpm php-mysqlnd php-xml php-pecl-zip php-sodium php-soap php-pecl-xmlrpc \
php-pecl-redis5 php-pecl-memcached php-pecl-memcache php-pecl-ip2location php-pecl-imagick php-pecl-geoip \
php-mysqlnd php-mbstring php-ioncube-loader php-intl php-gd libzip php-cli
exit 0

6
scripts/install-php82.sh Normal file
View File

@@ -0,0 +1,6 @@
#!/bin/bash
dnf module enable php:remi-8.2 -y
dnf install -y php php-fpm php-mysqlnd php-xml php-pecl-zip php-sodium php-soap php-pecl-xmlrpc \
php-pecl-redis5 php-pecl-memcached php-pecl-memcache php-pecl-ip2location php-pecl-imagick php-pecl-geoip \
php-mysqlnd php-mbstring php-intl php-gd libzip php-cli
exit 0