add openresty and ssdb
This commit is contained in:
parent
0b6c266744
commit
e0a88ac371
|
@ -5,7 +5,6 @@ networks:
|
|||
driver: ${NETWORKS_DRIVER}
|
||||
backend:
|
||||
driver: ${NETWORKS_DRIVER}
|
||||
|
||||
volumes:
|
||||
mysql:
|
||||
driver: ${VOLUMES_DRIVER}
|
||||
|
@ -415,6 +414,32 @@ services:
|
|||
- frontend
|
||||
- backend
|
||||
|
||||
### OpenResty Server #########################################
|
||||
openresty:
|
||||
build:
|
||||
context: ./openresty
|
||||
args:
|
||||
- CHANGE_SOURCE=${CHANGE_SOURCE}
|
||||
- PHP_UPSTREAM_CONTAINER=${OPENRESTY_PHP_UPSTREAM_CONTAINER}
|
||||
- PHP_UPSTREAM_PORT=${OPENRESTY_PHP_UPSTREAM_PORT}
|
||||
- http_proxy
|
||||
- https_proxy
|
||||
- no_proxy
|
||||
volumes:
|
||||
- ${APP_CODE_PATH_HOST}:${APP_CODE_PATH_CONTAINER}${APP_CODE_CONTAINER_FLAG}
|
||||
- ${OPENRESTY_HOST_LOG_PATH}:/var/log/nginx
|
||||
- ${OPENRESTY_SITES_PATH}:/etc/nginx/sites-available
|
||||
- ${OPENRESTY_SSL_PATH}:/etc/nginx/ssl
|
||||
ports:
|
||||
- "${OPENRESTY_HOST_HTTP_PORT}:80"
|
||||
- "${OPENRESTY_HOST_HTTPS_PORT}:443"
|
||||
- "${VARNISH_BACKEND_PORT}:81"
|
||||
depends_on:
|
||||
- php-fpm
|
||||
networks:
|
||||
- frontend
|
||||
- backend
|
||||
|
||||
### Blackfire ########################################
|
||||
blackfire:
|
||||
image: blackfire/blackfire
|
||||
|
@ -694,6 +719,16 @@ services:
|
|||
- "${REDIS_CLUSTER_PORT_RANGE}:7000-7005"
|
||||
networks:
|
||||
- backend
|
||||
### SSDB ################################################
|
||||
ssdb:
|
||||
build: ./ssdb
|
||||
volumes:
|
||||
- ${DATA_PATH_HOST}/ssdb:/data
|
||||
ports:
|
||||
- "${SSDB_PORT}:8888"
|
||||
dns: 172.17.0.1
|
||||
networks:
|
||||
- backend
|
||||
|
||||
### ZooKeeper #########################################
|
||||
zookeeper:
|
||||
|
|
|
@ -0,0 +1,211 @@
|
|||
# Dockerfile - alpine
|
||||
# https://github.com/openresty/docker-openresty
|
||||
|
||||
ARG RESTY_IMAGE_BASE="alpine"
|
||||
ARG RESTY_IMAGE_TAG="3.13"
|
||||
|
||||
FROM ${RESTY_IMAGE_BASE}:${RESTY_IMAGE_TAG}
|
||||
|
||||
LABEL maintainer="Evan Wies <evan@neomantra.net>"
|
||||
|
||||
# Docker Build Arguments
|
||||
ARG RESTY_IMAGE_BASE="alpine"
|
||||
ARG RESTY_IMAGE_TAG="3.13"
|
||||
ARG RESTY_VERSION="1.19.3.2"
|
||||
ARG RESTY_OPENSSL_VERSION="1.1.1k"
|
||||
ARG RESTY_OPENSSL_PATCH_VERSION="1.1.1f"
|
||||
ARG RESTY_OPENSSL_URL_BASE="https://www.openssl.org/source"
|
||||
ARG RESTY_PCRE_VERSION="8.44"
|
||||
ARG RESTY_J="1"
|
||||
ARG RESTY_CONFIG_OPTIONS="\
|
||||
--with-compat \
|
||||
--with-file-aio \
|
||||
--with-http_addition_module \
|
||||
--with-http_auth_request_module \
|
||||
--with-http_dav_module \
|
||||
--with-http_flv_module \
|
||||
--with-http_geoip_module=dynamic \
|
||||
--with-http_gunzip_module \
|
||||
--with-http_gzip_static_module \
|
||||
--with-http_image_filter_module=dynamic \
|
||||
--with-http_mp4_module \
|
||||
--with-http_random_index_module \
|
||||
--with-http_realip_module \
|
||||
--with-http_secure_link_module \
|
||||
--with-http_slice_module \
|
||||
--with-http_ssl_module \
|
||||
--with-http_stub_status_module \
|
||||
--with-http_sub_module \
|
||||
--with-http_v2_module \
|
||||
--with-http_xslt_module=dynamic \
|
||||
--with-ipv6 \
|
||||
--with-mail \
|
||||
--with-mail_ssl_module \
|
||||
--with-md5-asm \
|
||||
--with-pcre-jit \
|
||||
--with-sha1-asm \
|
||||
--with-stream \
|
||||
--with-stream_ssl_module \
|
||||
--with-threads \
|
||||
"
|
||||
ARG RESTY_CONFIG_OPTIONS_MORE="\
|
||||
--conf-path=/etc/nginx/nginx.conf \
|
||||
--error-log-path=/var/log/nginx/error.log \
|
||||
--http-log-path=/var/log/nginx/access.log \
|
||||
--pid-path=/var/run/nginx.pid \
|
||||
--user=www-data \
|
||||
--group=www-data \
|
||||
--with-http_iconv_module \
|
||||
--add-module=/tmp/nginx-ct-master \
|
||||
--add-module=/tmp/nginx-dav-ext-module-master \
|
||||
--add-module=/tmp/ngx_brotli \
|
||||
--add-module=/tmp/ngx_cache_purge-master \
|
||||
--add-module=/tmp/ngx_http_substitutions_filter_module-master \
|
||||
"
|
||||
ARG RESTY_LUAJIT_OPTIONS="--with-luajit-xcflags='-DLUAJIT_NUMMODE=2 -DLUAJIT_ENABLE_LUA52COMPAT'"
|
||||
|
||||
ARG RESTY_ADD_PACKAGE_BUILDDEPS=""
|
||||
ARG RESTY_ADD_PACKAGE_RUNDEPS=""
|
||||
ARG RESTY_EVAL_PRE_CONFIGURE=""
|
||||
ARG RESTY_EVAL_POST_MAKE=""
|
||||
|
||||
# These are not intended to be user-specified
|
||||
ARG _RESTY_CONFIG_DEPS="--with-pcre \
|
||||
--with-cc-opt='-DNGX_LUA_ABORT_AT_PANIC -I/usr/local/openresty/pcre/include -I/usr/local/openresty/openssl/include' \
|
||||
--with-ld-opt='-L/usr/local/openresty/pcre/lib -L/usr/local/openresty/openssl/lib -Wl,-rpath,/usr/local/openresty/pcre/lib:/usr/local/openresty/openssl/lib' \
|
||||
"
|
||||
|
||||
LABEL resty_image_base="${RESTY_IMAGE_BASE}"
|
||||
LABEL resty_image_tag="${RESTY_IMAGE_TAG}"
|
||||
LABEL resty_version="${RESTY_VERSION}"
|
||||
LABEL resty_openssl_version="${RESTY_OPENSSL_VERSION}"
|
||||
LABEL resty_openssl_patch_version="${RESTY_OPENSSL_PATCH_VERSION}"
|
||||
LABEL resty_openssl_url_base="${RESTY_OPENSSL_URL_BASE}"
|
||||
LABEL resty_pcre_version="${RESTY_PCRE_VERSION}"
|
||||
LABEL resty_config_options="${RESTY_CONFIG_OPTIONS}"
|
||||
LABEL resty_config_options_more="${RESTY_CONFIG_OPTIONS_MORE}"
|
||||
LABEL resty_config_deps="${_RESTY_CONFIG_DEPS}"
|
||||
LABEL resty_add_package_builddeps="${RESTY_ADD_PACKAGE_BUILDDEPS}"
|
||||
LABEL resty_add_package_rundeps="${RESTY_ADD_PACKAGE_RUNDEPS}"
|
||||
LABEL resty_eval_pre_configure="${RESTY_EVAL_PRE_CONFIGURE}"
|
||||
LABEL resty_eval_post_make="${RESTY_EVAL_POST_MAKE}"
|
||||
|
||||
ARG CHANGE_SOURCE=false
|
||||
RUN if [ ${CHANGE_SOURCE} = true ]; then \
|
||||
# Change application source from dl-cdn.alpinelinux.org to aliyun source
|
||||
sed -i 's/dl-cdn.alpinelinux.org/mirrors.aliyun.com/' /etc/apk/repositories \
|
||||
;fi
|
||||
|
||||
RUN set -x ; \
|
||||
addgroup -g 82 -S www-data ; \
|
||||
adduser -u 82 -D -S -G www-data www-data && exit 0 ; exit 1
|
||||
|
||||
|
||||
RUN apk add --no-cache --virtual .build-deps \
|
||||
build-base \
|
||||
coreutils \
|
||||
curl \
|
||||
gd-dev \
|
||||
geoip-dev \
|
||||
libxslt-dev \
|
||||
linux-headers \
|
||||
make \
|
||||
perl-dev \
|
||||
readline-dev \
|
||||
zlib-dev \
|
||||
${RESTY_ADD_PACKAGE_BUILDDEPS} \
|
||||
&& apk add --no-cache \
|
||||
gd \
|
||||
geoip \
|
||||
libgcc \
|
||||
libxslt \
|
||||
zlib \
|
||||
bash \
|
||||
logrotate \
|
||||
openssl \
|
||||
${RESTY_ADD_PACKAGE_RUNDEPS} \
|
||||
&& cd /tmp \
|
||||
&& if [ -n "${RESTY_EVAL_PRE_CONFIGURE}" ]; then eval $(echo ${RESTY_EVAL_PRE_CONFIGURE}); fi \
|
||||
&& cd /tmp \
|
||||
&& curl -fSL "${RESTY_OPENSSL_URL_BASE}/openssl-${RESTY_OPENSSL_VERSION}.tar.gz" -o openssl-${RESTY_OPENSSL_VERSION}.tar.gz \
|
||||
&& tar xzf openssl-${RESTY_OPENSSL_VERSION}.tar.gz \
|
||||
&& cd openssl-${RESTY_OPENSSL_VERSION} \
|
||||
&& if [ $(echo ${RESTY_OPENSSL_VERSION} | cut -c 1-5) = "1.1.1" ] ; then \
|
||||
echo 'patching OpenSSL 1.1.1 for OpenResty' \
|
||||
&& curl -s https://raw.githubusercontent.com/openresty/openresty/master/patches/openssl-${RESTY_OPENSSL_PATCH_VERSION}-sess_set_get_cb_yield.patch | patch -p1 ; \
|
||||
fi \
|
||||
&& if [ $(echo ${RESTY_OPENSSL_VERSION} | cut -c 1-5) = "1.1.0" ] ; then \
|
||||
echo 'patching OpenSSL 1.1.0 for OpenResty' \
|
||||
&& curl -s https://raw.githubusercontent.com/openresty/openresty/ed328977028c3ec3033bc25873ee360056e247cd/patches/openssl-1.1.0j-parallel_build_fix.patch | patch -p1 \
|
||||
&& curl -s https://raw.githubusercontent.com/openresty/openresty/master/patches/openssl-${RESTY_OPENSSL_PATCH_VERSION}-sess_set_get_cb_yield.patch | patch -p1 ; \
|
||||
fi \
|
||||
&& ./config \
|
||||
no-threads shared zlib -g \
|
||||
enable-ssl3 enable-ssl3-method \
|
||||
--prefix=/usr/local/openresty/openssl \
|
||||
--libdir=lib \
|
||||
-Wl,-rpath,/usr/local/openresty/openssl/lib \
|
||||
&& make -j${RESTY_J} \
|
||||
&& make -j${RESTY_J} install_sw \
|
||||
&& cd /tmp \
|
||||
&& curl -fSL https://ftp.pcre.org/pub/pcre/pcre-${RESTY_PCRE_VERSION}.tar.gz -o pcre-${RESTY_PCRE_VERSION}.tar.gz \
|
||||
&& tar xzf pcre-${RESTY_PCRE_VERSION}.tar.gz \
|
||||
&& cd /tmp/pcre-${RESTY_PCRE_VERSION} \
|
||||
&& ./configure \
|
||||
--prefix=/usr/local/openresty/pcre \
|
||||
--disable-cpp \
|
||||
--enable-jit \
|
||||
--enable-utf \
|
||||
--enable-unicode-properties \
|
||||
&& make -j${RESTY_J} \
|
||||
&& make -j${RESTY_J} install \
|
||||
&& cd /tmp \
|
||||
&& curl -fSL https://openresty.org/download/openresty-${RESTY_VERSION}.tar.gz -o openresty-${RESTY_VERSION}.tar.gz \
|
||||
&& tar xzf openresty-${RESTY_VERSION}.tar.gz \
|
||||
&& curl -fSL https://github.com/grahamedgecombe/nginx-ct/archive/master.tar.gz -o nginx-ct.tar.gz \
|
||||
&& tar xzf nginx-ct.tar.gz \
|
||||
&& curl -fSL https://github.com/arut/nginx-dav-ext-module/archive/master.tar.gz -o nginx-dav-ext-module.tar.gz \
|
||||
&& tar xzf nginx-dav-ext-module.tar.gz \
|
||||
&& curl -fSL https://www.downsoft.cn/software/linux/nginx/ngx_brotli.tar.gz -o ngx_brotli.tar.gz \
|
||||
&& tar xzf ngx_brotli.tar.gz \
|
||||
&& curl -fSL https://github.com/yaoweibin/ngx_http_substitutions_filter_module/archive/master.tar.gz -o ngx_http_substitutions_filter_module.tar.gz \
|
||||
&& tar xzf ngx_http_substitutions_filter_module.tar.gz \
|
||||
&& curl -fSL https://github.com/FRiCKLE/ngx_cache_purge/archive/master.tar.gz -o ngx_cache_purge.tar.gz \
|
||||
&& tar xzf ngx_cache_purge.tar.gz \
|
||||
&& cd /tmp/openresty-${RESTY_VERSION} \
|
||||
&& eval ./configure -j${RESTY_J} ${_RESTY_CONFIG_DEPS} ${RESTY_CONFIG_OPTIONS} ${RESTY_CONFIG_OPTIONS_MORE} ${RESTY_LUAJIT_OPTIONS} \
|
||||
&& make -j${RESTY_J} \
|
||||
&& make -j${RESTY_J} install \
|
||||
&& cd /tmp \
|
||||
&& if [ -n "${RESTY_EVAL_POST_MAKE}" ]; then eval $(echo ${RESTY_EVAL_POST_MAKE}); fi \
|
||||
&& rm -rf \
|
||||
openssl-${RESTY_OPENSSL_VERSION}.tar.gz openssl-${RESTY_OPENSSL_VERSION} \
|
||||
pcre-${RESTY_PCRE_VERSION}.tar.gz pcre-${RESTY_PCRE_VERSION} \
|
||||
openresty-${RESTY_VERSION}.tar.gz openresty-${RESTY_VERSION} \
|
||||
&& apk del .build-deps \
|
||||
&& mkdir -p /etc/nginx/conf.d/ /var/run/openresty/
|
||||
|
||||
# Add additional binaries into PATH for convenience
|
||||
ENV PATH=$PATH:/usr/local/openresty/luajit/bin:/usr/local/openresty/nginx/sbin:/usr/local/openresty/bin
|
||||
|
||||
|
||||
ARG PHP_UPSTREAM_CONTAINER=php-fpm
|
||||
ARG PHP_UPSTREAM_PORT=9000
|
||||
|
||||
# Create 'messages' file used from 'logrotate'
|
||||
RUN touch /var/log/messages
|
||||
|
||||
# Copy 'logrotate' config file
|
||||
COPY logrotate/nginx /etc/logrotate.d/
|
||||
|
||||
# Set upstream conf and remove the default conf
|
||||
RUN echo "upstream php-upstream { server ${PHP_UPSTREAM_CONTAINER}:${PHP_UPSTREAM_PORT}; }" > /etc/nginx/conf.d/upstream.conf
|
||||
|
||||
# Copy nginx configuration files
|
||||
COPY nginx.conf /etc/nginx/
|
||||
|
||||
ADD ./startup.sh /opt/startup.sh
|
||||
RUN sed -i 's/\r//g' /opt/startup.sh
|
||||
CMD ["/bin/bash", "/opt/startup.sh"]
|
||||
|
||||
EXPOSE 80 81 443
|
|
@ -0,0 +1,14 @@
|
|||
/var/log/nginx/*.log {
|
||||
daily
|
||||
missingok
|
||||
rotate 32
|
||||
compress
|
||||
delaycompress
|
||||
nodateext
|
||||
notifempty
|
||||
create 644 www-data root
|
||||
sharedscripts
|
||||
postrotate
|
||||
[ -f /var/run/nginx.pid ] && kill -USR1 `cat /var/run/nginx.pid`
|
||||
endscript
|
||||
}
|
|
@ -0,0 +1,100 @@
|
|||
# nginx.conf -- docker-openresty
|
||||
#
|
||||
# This file is installed to:
|
||||
# `/usr/local/openresty/nginx/conf/nginx.conf`
|
||||
# and is the file loaded by nginx at startup,
|
||||
# unless the user specifies otherwise.
|
||||
#
|
||||
# It tracks the upstream OpenResty's `nginx.conf`, but removes the `server`
|
||||
# section and adds this directive:
|
||||
# `include /etc/nginx/conf.d/*.conf;`
|
||||
#
|
||||
# The `docker-openresty` file `nginx.vh.default.conf` is copied to
|
||||
# `/etc/nginx/conf.d/default.conf`. It contains the `server section
|
||||
# of the upstream `nginx.conf`.
|
||||
#
|
||||
# See https://github.com/openresty/docker-openresty/blob/master/README.md#nginx-config-files
|
||||
#
|
||||
|
||||
user www-data;
|
||||
worker_processes 4;
|
||||
|
||||
# Enables the use of JIT for regular expressions to speed-up their processing.
|
||||
pcre_jit on;
|
||||
|
||||
|
||||
#error_log logs/error.log;
|
||||
#error_log logs/error.log notice;
|
||||
#error_log logs/error.log info;
|
||||
|
||||
pid /var/run/nginx.pid;
|
||||
daemon off;
|
||||
|
||||
worker_rlimit_nofile 65535;
|
||||
events {
|
||||
use epoll;
|
||||
worker_connections 65535;
|
||||
multi_accept on;
|
||||
accept_mutex on;
|
||||
}
|
||||
|
||||
http {
|
||||
include mime.types;
|
||||
default_type application/octet-stream;
|
||||
|
||||
# Enables or disables the use of underscores in client request header fields.
|
||||
# When the use of underscores is disabled, request header fields whose names contain underscores are marked as invalid and become subject to the ignore_invalid_headers directive.
|
||||
# underscores_in_headers off;
|
||||
|
||||
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
|
||||
'$status $body_bytes_sent "$http_referer" '
|
||||
'"$http_user_agent" "$http_x_forwarded_for" "$host"';
|
||||
#access_log logs/access.log main;
|
||||
|
||||
# Log in JSON Format
|
||||
# log_format nginxlog_json escape=json '{ "timestamp": "$time_iso8601", '
|
||||
# '"remote_addr": "$remote_addr", '
|
||||
# '"body_bytes_sent": $body_bytes_sent, '
|
||||
# '"request_time": $request_time, '
|
||||
# '"response_status": $status, '
|
||||
# '"request": "$request", '
|
||||
# '"request_method": "$request_method", '
|
||||
# '"host": "$host",'
|
||||
# '"upstream_addr": "$upstream_addr",'
|
||||
# '"http_x_forwarded_for": "$http_x_forwarded_for",'
|
||||
# '"http_referrer": "$http_referer", '
|
||||
# '"http_user_agent": "$http_user_agent", '
|
||||
# '"http_version": "$server_protocol", '
|
||||
# '"nginx_access": true }';
|
||||
# access_log /dev/stdout nginxlog_json;
|
||||
|
||||
# See Move default writable paths to a dedicated directory (#119)
|
||||
# https://github.com/openresty/docker-openresty/issues/119
|
||||
client_body_temp_path /var/run/openresty/nginx-client-body;
|
||||
proxy_temp_path /var/run/openresty/nginx-proxy;
|
||||
fastcgi_temp_path /var/run/openresty/nginx-fastcgi;
|
||||
uwsgi_temp_path /var/run/openresty/nginx-uwsgi;
|
||||
scgi_temp_path /var/run/openresty/nginx-scgi;
|
||||
|
||||
sendfile on;
|
||||
tcp_nopush on;
|
||||
tcp_nodelay on;
|
||||
|
||||
#keepalive_timeout 0;
|
||||
keepalive_timeout 65;
|
||||
types_hash_max_size 2048;
|
||||
client_max_body_size 128M;
|
||||
|
||||
gzip on;
|
||||
gzip_disable "msie6";
|
||||
|
||||
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
|
||||
ssl_ciphers 'ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS';
|
||||
|
||||
include /etc/nginx/conf.d/*.conf;
|
||||
include /etc/nginx/sites-available/*.conf;
|
||||
|
||||
# Don't reveal OpenResty version to clients.
|
||||
server_tokens off;
|
||||
charset UTF-8;
|
||||
}
|
|
@ -0,0 +1,2 @@
|
|||
*.conf
|
||||
!default.conf
|
|
@ -0,0 +1,43 @@
|
|||
server {
|
||||
|
||||
listen 80;
|
||||
listen [::]:80;
|
||||
|
||||
# For https
|
||||
# listen 443 ssl;
|
||||
# listen [::]:443 ssl ipv6only=on;
|
||||
# ssl_certificate /etc/nginx/ssl/default.crt;
|
||||
# ssl_certificate_key /etc/nginx/ssl/default.key;
|
||||
|
||||
server_name app.test;
|
||||
root /var/www/app;
|
||||
index index.php index.html index.htm;
|
||||
|
||||
location / {
|
||||
try_files $uri $uri/ /index.php$is_args$args;
|
||||
}
|
||||
|
||||
location ~ \.php$ {
|
||||
try_files $uri /index.php =404;
|
||||
fastcgi_pass php-upstream;
|
||||
fastcgi_index index.php;
|
||||
fastcgi_buffers 16 16k;
|
||||
fastcgi_buffer_size 32k;
|
||||
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
|
||||
#fixes timeouts
|
||||
fastcgi_read_timeout 600;
|
||||
include fastcgi_params;
|
||||
}
|
||||
|
||||
location ~ /\.ht {
|
||||
deny all;
|
||||
}
|
||||
|
||||
location /.well-known/acme-challenge/ {
|
||||
root /var/www/letsencrypt/;
|
||||
log_not_found off;
|
||||
}
|
||||
|
||||
error_log /var/log/nginx/app_error.log;
|
||||
access_log /var/log/nginx/app_access.log;
|
||||
}
|
|
@ -0,0 +1,43 @@
|
|||
server {
|
||||
listen 80;
|
||||
listen [::]:80;
|
||||
server_name www.confluence-domain.com;
|
||||
rewrite ^(.*) https://confluence-domain.com$1/ permanent;
|
||||
}
|
||||
|
||||
server {
|
||||
listen 80;
|
||||
listen [::]:80;
|
||||
server_name confluence-domain.com;
|
||||
rewrite ^(.*) https://confluence-domain.com/ permanent;
|
||||
}
|
||||
|
||||
server {
|
||||
listen 443 ssl;
|
||||
listen [::]:443 ssl;
|
||||
ssl_certificate /etc/nginx/ssl/confluence-domain.com.crt;
|
||||
ssl_certificate_key /etc/nginx/ssl/confluence-domain.com.key;
|
||||
|
||||
server_name confluence-domain.com;
|
||||
|
||||
location / {
|
||||
client_max_body_size 100m;
|
||||
proxy_set_header X-Forwarded-Host $host;
|
||||
proxy_set_header X-Forwarded-Server $host;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_pass http://confluence-domain.com:8090/;
|
||||
}
|
||||
|
||||
location /synchrony {
|
||||
proxy_set_header X-Forwarded-Host $host;
|
||||
proxy_set_header X-Forwarded-Server $host;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_pass http://confluence-domain.com:8090/synchrony-proxy;
|
||||
proxy_http_version 1.1;
|
||||
proxy_set_header Upgrade $http_upgrade;
|
||||
proxy_set_header Connection "Upgrade";
|
||||
}
|
||||
|
||||
error_log /var/log/nginx/bookchangerru_error.log;
|
||||
access_log /var/log/nginx/bookchangerru_access.log;
|
||||
}
|
|
@ -0,0 +1,40 @@
|
|||
server {
|
||||
|
||||
listen 80 default_server;
|
||||
listen [::]:80 default_server ipv6only=on;
|
||||
|
||||
# For https
|
||||
# listen 443 ssl default_server;
|
||||
# listen [::]:443 ssl default_server ipv6only=on;
|
||||
# ssl_certificate /etc/nginx/ssl/default.crt;
|
||||
# ssl_certificate_key /etc/nginx/ssl/default.key;
|
||||
|
||||
server_name localhost;
|
||||
root /opt/www/default;
|
||||
index index.php index.html index.htm;
|
||||
|
||||
location / {
|
||||
try_files $uri $uri/ /index.php$is_args$args;
|
||||
}
|
||||
|
||||
location ~ \.php$ {
|
||||
try_files $uri /index.php =404;
|
||||
fastcgi_pass php-upstream;
|
||||
fastcgi_index index.php;
|
||||
fastcgi_buffers 16 16k;
|
||||
fastcgi_buffer_size 32k;
|
||||
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
|
||||
#fixes timeouts
|
||||
fastcgi_read_timeout 600;
|
||||
include fastcgi_params;
|
||||
}
|
||||
|
||||
location ~ /\.ht {
|
||||
deny all;
|
||||
}
|
||||
|
||||
location /.well-known/acme-challenge/ {
|
||||
root /var/www/letsencrypt/;
|
||||
log_not_found off;
|
||||
}
|
||||
}
|
|
@ -0,0 +1,49 @@
|
|||
#server {
|
||||
# listen 80;
|
||||
# server_name laravel.com.co;
|
||||
# return 301 https://laravel.com.co$request_uri;
|
||||
#}
|
||||
|
||||
server {
|
||||
|
||||
listen 80;
|
||||
listen [::]:80;
|
||||
|
||||
# For https
|
||||
# listen 443 ssl;
|
||||
# listen [::]:443 ssl ipv6only=on;
|
||||
# ssl_certificate /etc/nginx/ssl/default.crt;
|
||||
# ssl_certificate_key /etc/nginx/ssl/default.key;
|
||||
|
||||
server_name laravel.test;
|
||||
root /var/www/laravel/public;
|
||||
index index.php index.html index.htm;
|
||||
|
||||
location / {
|
||||
try_files $uri $uri/ /index.php$is_args$args;
|
||||
}
|
||||
|
||||
location ~ \.php$ {
|
||||
try_files $uri /index.php =404;
|
||||
fastcgi_pass php-upstream;
|
||||
fastcgi_index index.php;
|
||||
fastcgi_buffers 16 16k;
|
||||
fastcgi_buffer_size 32k;
|
||||
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
|
||||
#fixes timeouts
|
||||
fastcgi_read_timeout 600;
|
||||
include fastcgi_params;
|
||||
}
|
||||
|
||||
location ~ /\.ht {
|
||||
deny all;
|
||||
}
|
||||
|
||||
location /.well-known/acme-challenge/ {
|
||||
root /var/www/letsencrypt/;
|
||||
log_not_found off;
|
||||
}
|
||||
|
||||
error_log /var/log/nginx/laravel_error.log;
|
||||
access_log /var/log/nginx/laravel_access.log;
|
||||
}
|
|
@ -0,0 +1,110 @@
|
|||
server {
|
||||
listen 80;
|
||||
listen [::]:80;
|
||||
server_name www.laravel.test;
|
||||
rewrite ^(.*) https://laravel.test$1/ permanent;
|
||||
}
|
||||
|
||||
server {
|
||||
listen 80;
|
||||
listen [::]:80;
|
||||
server_name laravel.test;
|
||||
rewrite ^(.*) https://laravel.test$1/ permanent;
|
||||
}
|
||||
|
||||
server {
|
||||
listen 443 ssl ;
|
||||
listen [::]:443 ssl;
|
||||
ssl_certificate /etc/nginx/ssl/laravel.test.crt;
|
||||
ssl_certificate_key /etc/nginx/ssl/laravel.test.key;
|
||||
server_name www.laravel.test;
|
||||
rewrite ^(.*) https://laravel.test$1/ permanent;
|
||||
}
|
||||
|
||||
server {
|
||||
server_name laravel.test;
|
||||
|
||||
# For https
|
||||
listen 443 ssl ;
|
||||
listen [::]:443 ssl;
|
||||
ssl_certificate /etc/nginx/ssl/laravel.test.crt;
|
||||
ssl_certificate_key /etc/nginx/ssl/laravel.test.key;
|
||||
|
||||
port_in_redirect off;
|
||||
|
||||
add_header Strict-Transport-Security "max-age=31536000";
|
||||
add_header X-Content-Type-Options nosniff;
|
||||
|
||||
location / {
|
||||
proxy_pass http://proxy:6081;
|
||||
proxy_set_header Host $http_host;
|
||||
proxy_set_header X-Forwarded-Host $http_host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Forwarded-Proto https;
|
||||
proxy_set_header HTTPS "on";
|
||||
proxy_redirect off;
|
||||
}
|
||||
}
|
||||
|
||||
server {
|
||||
server_name laravel.test;
|
||||
|
||||
listen 81;
|
||||
listen [::]:81;
|
||||
|
||||
root /var/www/laravel.test/www;
|
||||
|
||||
index index.php index.html index.htm;
|
||||
|
||||
location / {
|
||||
try_files $uri $uri/ /index.php$is_args$args;
|
||||
}
|
||||
|
||||
location ~ \.php$ {
|
||||
fastcgi_max_temp_file_size 4m;
|
||||
fastcgi_pass php-upstream;
|
||||
|
||||
# Additional configs
|
||||
fastcgi_pass_header Set-Cookie;
|
||||
fastcgi_pass_header Cookie;
|
||||
fastcgi_ignore_headers Cache-Control Expires Set-Cookie;
|
||||
try_files $uri /index.php =404;
|
||||
fastcgi_index index.php;
|
||||
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
|
||||
fastcgi_split_path_info ^(.+\.php)(/.+)$;
|
||||
fastcgi_param PATH_INFO $fastcgi_path_info;
|
||||
fastcgi_param PATH_TRANSLATED $document_root$fastcgi_path_info;
|
||||
fastcgi_param HTTPS on;
|
||||
|
||||
fastcgi_buffers 16 16k;
|
||||
fastcgi_buffer_size 32k;
|
||||
|
||||
fastcgi_intercept_errors on;
|
||||
|
||||
#fixes timeouts
|
||||
fastcgi_read_timeout 600;
|
||||
include fastcgi_params;
|
||||
}
|
||||
|
||||
# Caching
|
||||
location ~* \.(ico|jpg|webp|jpeg|gif|css|png|js|ico|bmp|zip|woff)$ {
|
||||
access_log off;
|
||||
log_not_found off;
|
||||
add_header Pragma public;
|
||||
add_header Cache-Control "public";
|
||||
expires 14d;
|
||||
}
|
||||
|
||||
location ~* \.(php|html)$ {
|
||||
access_log on;
|
||||
log_not_found on;
|
||||
add_header Pragma public;
|
||||
add_header Cache-Control "public";
|
||||
expires 14d;
|
||||
}
|
||||
|
||||
location ~ /\.ht {
|
||||
deny all;
|
||||
}
|
||||
}
|
|
@ -0,0 +1,47 @@
|
|||
#server {
|
||||
# listen 80;
|
||||
# server_name node.com.co;
|
||||
# return 301 https://node.com.co$request_uri;
|
||||
#}
|
||||
|
||||
server {
|
||||
|
||||
listen 80;
|
||||
listen [::]:80;
|
||||
|
||||
#listen 443;
|
||||
#listen [::]:443;
|
||||
|
||||
server_name node.com.co;
|
||||
|
||||
#ssl on;
|
||||
#ssl_certificate /var/certs/node.com.co/cert.pem;
|
||||
#ssl_certificate_key /var/certs/node.com.co/privkey.pem;
|
||||
#ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;
|
||||
#ssl_ciphers HIGH:!aNULL:!MD5;
|
||||
|
||||
|
||||
location / {
|
||||
proxy_pass http://node.com.co:3001;
|
||||
proxy_http_version 1.1;
|
||||
proxy_set_header Upgrade $http_upgrade;
|
||||
proxy_set_header Connection 'upgrade';
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-Proto $scheme;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_cache_bypass $http_upgrade;
|
||||
}
|
||||
|
||||
location ~ /\.ht {
|
||||
deny all;
|
||||
}
|
||||
|
||||
location /.well-known/acme-challenge/ {
|
||||
root /var/www/letsencrypt/;
|
||||
log_not_found off;
|
||||
}
|
||||
|
||||
error_log /var/log/nginx/node.com.co.local_error.log;
|
||||
access_log /var/log/nginx/node.com.co.local_access.log;
|
||||
}
|
|
@ -0,0 +1,42 @@
|
|||
server {
|
||||
|
||||
listen 80;
|
||||
listen [::]:80;
|
||||
|
||||
# For https
|
||||
# listen 443 ssl;
|
||||
# listen [::]:443 ssl ipv6only=on;
|
||||
# ssl_certificate /etc/nginx/ssl/default.crt;
|
||||
# ssl_certificate_key /etc/nginx/ssl/default.key;
|
||||
|
||||
server_name symfony.test;
|
||||
root /var/www/projects/symfony/web;
|
||||
index index.php index.html index.htm;
|
||||
|
||||
location / {
|
||||
try_files $uri @rewriteapp;
|
||||
}
|
||||
|
||||
# For Symfony 3
|
||||
location @rewriteapp {
|
||||
rewrite ^(.*)$ /app.php/$1 last;
|
||||
}
|
||||
|
||||
# For Symfony 4 config
|
||||
# location @rewriteapp {
|
||||
# rewrite ^(.*)$ /index.php/$1 last;
|
||||
# }
|
||||
|
||||
location ~ ^/(app|app_dev|config|index)\.php(/|$) {
|
||||
fastcgi_pass php-upstream;
|
||||
fastcgi_split_path_info ^(.+\.php)(/.*)$;
|
||||
include fastcgi_params;
|
||||
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
|
||||
#fixes timeouts
|
||||
fastcgi_read_timeout 600;
|
||||
fastcgi_param HTTPS off;
|
||||
}
|
||||
|
||||
error_log /var/log/nginx/symfony_error.log;
|
||||
access_log /var/log/nginx/symfony_access.log;
|
||||
}
|
|
@ -0,0 +1,4 @@
|
|||
*.crt
|
||||
*.csr
|
||||
*.key
|
||||
*.pem
|
|
@ -0,0 +1,14 @@
|
|||
#!/bin/bash
|
||||
|
||||
if [ ! -f /etc/nginx/ssl/default.crt ]; then
|
||||
openssl genrsa -out "/etc/nginx/ssl/default.key" 2048
|
||||
openssl req -new -key "/etc/nginx/ssl/default.key" -out "/etc/nginx/ssl/default.csr" -subj "/CN=default/O=default/C=UK"
|
||||
openssl x509 -req -days 365 -in "/etc/nginx/ssl/default.csr" -signkey "/etc/nginx/ssl/default.key" -out "/etc/nginx/ssl/default.crt"
|
||||
chmod 644 /etc/nginx/ssl/default.key
|
||||
fi
|
||||
|
||||
# Start crond in background
|
||||
crond -l 2 -b
|
||||
|
||||
# Start nginx in foreground
|
||||
nginx
|
|
@ -0,0 +1,22 @@
|
|||
FROM alpine
|
||||
LABEL maintainer="Leonard Buskin <leonardbuskin@gmail.com>"
|
||||
|
||||
ARG VERSION=${VERSION:-master}
|
||||
|
||||
RUN apk add --no-cache --virtual .build-deps \
|
||||
curl gcc g++ make autoconf libc-dev libevent-dev linux-headers perl tar \
|
||||
&& mkdir -p /ssdb/tmp \
|
||||
&& curl -Lk "https://github.com/ideawu/ssdb/archive/${VERSION}.tar.gz" | \
|
||||
tar -xz -C /ssdb/tmp --strip-components=1 \
|
||||
&& cd /ssdb/tmp \
|
||||
&& make -j$(getconf _NPROCESSORS_ONLN) \
|
||||
&& make install PREFIX=/ssdb \
|
||||
&& rm -rf /ssdb/tmp \
|
||||
&& apk add --virtual .rundeps libstdc++ \
|
||||
&& apk add --no-cache bash python2 \
|
||||
&& apk del .build-deps
|
||||
|
||||
EXPOSE 8888
|
||||
VOLUME /ssdb/var
|
||||
COPY ssdb.conf /ssdb/ssdb.conf
|
||||
CMD ["/ssdb/ssdb-server", "/ssdb/ssdb.conf"]
|
|
@ -0,0 +1,52 @@
|
|||
# ssdb-server config
|
||||
# MUST indent by TAB!
|
||||
|
||||
# relative to path of this file, directory must exists
|
||||
work_dir = /data
|
||||
pidfile = /run/ssdb.pid
|
||||
|
||||
server:
|
||||
#ip: 127.0.0.1
|
||||
port: 8888
|
||||
# bind to public ip
|
||||
ip: 0.0.0.0
|
||||
# format: allow|deny: all|ip_prefix
|
||||
# multiple allows or denys is supported
|
||||
deny: all
|
||||
allow: 127.0.0.1
|
||||
allow: 192.
|
||||
allow: 172.
|
||||
# auth password must be at least 32 characters
|
||||
#auth: very-strong-password
|
||||
|
||||
replication:
|
||||
binlog: yes
|
||||
# Limit sync speed to *MB/s, -1: no limit
|
||||
sync_speed: -1
|
||||
slaveof:
|
||||
# to identify a master even if it moved(ip, port changed)
|
||||
# if set to empty or not defined, ip:port will be used.
|
||||
#id: svc_2
|
||||
# sync|mirror, default is sync
|
||||
#type: sync
|
||||
#host: s1.ssdb.db
|
||||
#port: 8888
|
||||
|
||||
logger:
|
||||
level: warn
|
||||
output: /var/log/ssdb.log
|
||||
rotate:
|
||||
size: 1000000000
|
||||
|
||||
leveldb:
|
||||
# in MB
|
||||
cache_size: 500
|
||||
# in KB
|
||||
block_size: 32
|
||||
# in MB
|
||||
write_buffer_size: 64
|
||||
# in MB
|
||||
compaction_speed: 1000
|
||||
# yes|no
|
||||
compression: yes
|
||||
|
Loading…
Reference in New Issue