diff --git a/.gitignore b/.gitignore index a794d1f435..c133c6d125 100644 --- a/.gitignore +++ b/.gitignore @@ -25,4 +25,5 @@ DOCUMENTATION/database/* !DOCUMENTATION/database/database.pdf -docker/certbot \ No newline at end of file +docker/certbot +docker/*/*.env \ No newline at end of file diff --git a/docker-compose.yml b/docker-compose.yml index dc4589451b..1476a966ea 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -2,7 +2,7 @@ version: '3.3' services: nginx: - image: nginx:latest + image: nginx:alpine depends_on: - php restart: always @@ -11,10 +11,20 @@ services: - 80:80 - 443:443 volumes: + # Nginx + - ./docker/nginx/nginx.conf:/var/nginx/social.conf + - ./docker/nginx/domain.sh:/var/nginx/domain.sh + # Certbot + - ./docker/certbot/www:/var/www/certbot + - ./docker/certbot/files:/etc/letsencrypt + # Social - ./public:/var/www/social/public - - ./docker/nginx/nginx.conf:/etc/nginx/conf.d/social.conf - command: /bin/sh -c 'sed -ri "s/%hostname%/$domain/" /etc/nginx/conf.d/social.conf - while :; do sleep 6h & wait $${!}; + env_file: + - ./docker/bootstrap/bootstrap.env + - ./docker/db/db.env + command: /bin/sh -c '/var/nginx/domain.sh; + while :; do + sleep 6h & wait $${!}; nginx -s reload; done & nginx -g "daemon off;"' @@ -49,7 +59,7 @@ services: - ./docker/social/install.sh:/var/entrypoint.d/social_install.sh # Main files - .:/var/www/social - env_files: + env_file: - ./docker/social/social.env - ./docker/db/db.env command: /entrypoint.sh diff --git a/docker/bootstrap/bootstrap.env b/docker/bootstrap/bootstrap.env deleted file mode 100644 index 3cce15fa10..0000000000 --- a/docker/bootstrap/bootstrap.env +++ /dev/null @@ -1,2 +0,0 @@ -email=example@foo.bar -domain=domain.foo \ No newline at end of file diff --git a/docker/db/wait_for_db.sh b/docker/db/wait_for_db.sh index cf842eb485..384da26cd9 100755 --- a/docker/db/wait_for_db.sh +++ b/docker/db/wait_for_db.sh @@ -1,15 +1,14 @@ #!/bin/sh -case $SOCIAL_DBMS in +case $DBMS in "mariadb") - CMD=mysqladmin ping --silent -hdb -uroot -p${MYSQL_ROOT_PASSWORD} + CMD="mysqladmin ping --silent -hdb -uroot -p${MYSQL_ROOT_PASSWORD}" ;; "postgres") - CMD=su postgres && pg_isready -hdb -q + CMD="pg_isready -hdb -q" ;; *) exit 1 - esac while ! $CMD; diff --git a/docker/nginx/domain.sh b/docker/nginx/domain.sh new file mode 100755 index 0000000000..11d4816066 --- /dev/null +++ b/docker/nginx/domain.sh @@ -0,0 +1,5 @@ +#!/bin/sh + +cat /var/nginx/social.conf | \ + sed -r "s/%hostname%/$domain/g; s/%hostname_root%/$domain_root/g" > \ + /etc/nginx/conf.d/social.conf diff --git a/docker/nginx/nginx.conf b/docker/nginx/nginx.conf index fbeb6a5dd9..ce3d263ac4 100644 --- a/docker/nginx/nginx.conf +++ b/docker/nginx/nginx.conf @@ -11,7 +11,15 @@ server { server { - include ssl-common.conf + listen [::]:443 ssl http2; + listen 443 ssl http2; + + ssl_certificate /etc/letsencrypt/live/%hostname_root%/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/%hostname_root%/privkey.pem; + + # Let's Encrypt best practices + include /etc/letsencrypt/options-ssl-nginx.conf; + ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; root /var/www/social/public; diff --git a/docker/nginx/ssl-common.conf b/docker/nginx/ssl-common.conf deleted file mode 100644 index cf0a5f69e0..0000000000 --- a/docker/nginx/ssl-common.conf +++ /dev/null @@ -1,10 +0,0 @@ - -listen [::]:443 ssl http2; -listen 443 ssl http2; - -ssl_certificate /etc/letsencrypt/live/hsal.es/fullchain.pem; -ssl_certificate_key /etc/letsencrypt/live/hsal.es/privkey.pem; - -# Let's Encrypt best practices -include /etc/letsencrypt/options-ssl-nginx.conf; -ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; diff --git a/docker/php/Dockerfile b/docker/php/Dockerfile index 1d35b1e636..9bd7e73107 100644 --- a/docker/php/Dockerfile +++ b/docker/php/Dockerfile @@ -1,6 +1,7 @@ FROM php:fpm-alpine -RUN apk update && apk add gettext-dev icu-dev zlib-dev libpng-dev gmp-dev postgresql-dev composer > /dev/null +RUN apk update && apk add gettext-dev icu-dev zlib-dev libpng-dev gmp-dev \ + postgresql-dev postgresql-client composer > /dev/null ARG exts=" bcmath exif gd gettext gmp intl mysqli opcache pdo_mysql"