forked from GNUsocial/gnu-social
[DOCKER] Added preliminary docker container
This commit is contained in:
parent
633a3b0773
commit
d6bb3e7caa
7
DOCKER_INSTALL.md
Normal file
7
DOCKER_INSTALL.md
Normal file
@ -0,0 +1,7 @@
|
|||||||
|
|
||||||
|
Make sure to set the permissions of this folder to group and group 82, as that's what php-fpm uses
|
||||||
|
|
||||||
|
# groupadd -g 82 www-data
|
||||||
|
# useradd -u 82 -g 82 -r -s /usr/bin/nologin www-data
|
||||||
|
# chown $USER:www-data social file public public/install.php public/index.php
|
||||||
|
# chmod -R g=wrx social file public public/install.php public/index.php
|
39
docker-compose.yml
Normal file
39
docker-compose.yml
Normal file
@ -0,0 +1,39 @@
|
|||||||
|
version: '3.3'
|
||||||
|
|
||||||
|
services:
|
||||||
|
nginx:
|
||||||
|
image: nginx:latest
|
||||||
|
restart: always
|
||||||
|
tty: false
|
||||||
|
ports:
|
||||||
|
- 80:80
|
||||||
|
- 443:443
|
||||||
|
volumes:
|
||||||
|
- .:/var/www/gnusocial
|
||||||
|
- ./nginx.conf:/etc/nginx/conf.d/gnusocial.conf
|
||||||
|
|
||||||
|
php:
|
||||||
|
build: docker/php
|
||||||
|
restart: always
|
||||||
|
tty: true
|
||||||
|
ports:
|
||||||
|
- 9000:9000
|
||||||
|
volumes:
|
||||||
|
- .:/var/www/gnusocial
|
||||||
|
|
||||||
|
postgres:
|
||||||
|
image: postgres:alpine
|
||||||
|
restart: always
|
||||||
|
tty: false
|
||||||
|
ports:
|
||||||
|
- 5432:5432
|
||||||
|
environment:
|
||||||
|
- POSTGRES_USER=postgres
|
||||||
|
- POSTGRES_PASSWORD=foobar
|
||||||
|
- POSTGRES_DB=social
|
||||||
|
- PGDATA=/var/lib/postgresql/data
|
||||||
|
volumes:
|
||||||
|
- database:/var/lib/postgresql/data
|
||||||
|
|
||||||
|
volumes:
|
||||||
|
database:
|
8
docker/php/Dockerfile
Normal file
8
docker/php/Dockerfile
Normal file
@ -0,0 +1,8 @@
|
|||||||
|
FROM php:fpm-alpine
|
||||||
|
|
||||||
|
RUN apk update && apk add gettext-dev icu-dev zlib-dev libpng-dev gmp-dev postgresql-dev
|
||||||
|
|
||||||
|
ARG exts="bcmath exif gd gettext gmp intl mysqli opcache pdo pdo_pgsql pgsql"
|
||||||
|
|
||||||
|
RUN docker-php-ext-install ${exts} \
|
||||||
|
&& docker-php-ext-enable ${exts}
|
90
nginx.conf
Normal file
90
nginx.conf
Normal file
@ -0,0 +1,90 @@
|
|||||||
|
# server {
|
||||||
|
|
||||||
|
# server_name social.localhost;
|
||||||
|
|
||||||
|
# # redirect all traffic to HTTPS
|
||||||
|
# rewrite ^ https://$host$request_uri? permanent;
|
||||||
|
# }
|
||||||
|
|
||||||
|
server {
|
||||||
|
listen [::]:80;
|
||||||
|
listen 80;
|
||||||
|
|
||||||
|
# Root
|
||||||
|
root /var/www/gnusocial/public;
|
||||||
|
|
||||||
|
# Server name
|
||||||
|
server_name social.localhost;
|
||||||
|
|
||||||
|
# Index
|
||||||
|
index index.php;
|
||||||
|
|
||||||
|
# X-Accel/X-Sendfile. Still needs to be enabled in the config
|
||||||
|
location /file {
|
||||||
|
internal;
|
||||||
|
# FIXME: Change "/path/to/gnusocial/root/" to the folder where
|
||||||
|
# attachments are stored (normally the same as the site root)
|
||||||
|
root /var/www/gnusocial;
|
||||||
|
}
|
||||||
|
|
||||||
|
# PHP
|
||||||
|
location ~ ^/(index|install)\.php(/.*)?$ {
|
||||||
|
include fastcgi_params;
|
||||||
|
|
||||||
|
fastcgi_split_path_info ^(.+?\.php)(/.*)$;
|
||||||
|
set $path_info $fastcgi_path_info;
|
||||||
|
try_files $fastcgi_script_name =404;
|
||||||
|
|
||||||
|
fastcgi_pass php:9000;
|
||||||
|
fastcgi_index index.php;
|
||||||
|
|
||||||
|
fastcgi_param PATH_INFO $path_info;
|
||||||
|
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
|
||||||
|
}
|
||||||
|
|
||||||
|
# Don't allow any PHP file other than index.php to be executed
|
||||||
|
# This will ensure that nor config.php nor plugin files with eventual hardcoded security information are downloadable
|
||||||
|
# And this is better than allowing php files to be executed in case of forgotten `if (!defined('GNUSOCIAL')) { exit(1); }`
|
||||||
|
location ~ \.php$ {
|
||||||
|
deny all;
|
||||||
|
}
|
||||||
|
|
||||||
|
# Location
|
||||||
|
location / {
|
||||||
|
try_files $uri $uri/ @index_handler;
|
||||||
|
}
|
||||||
|
|
||||||
|
# Fancy URLs
|
||||||
|
error_page 404 @index_handler;
|
||||||
|
location @index_handler {
|
||||||
|
rewrite ^(.*)$ /index.php?p=$1 last;
|
||||||
|
}
|
||||||
|
|
||||||
|
# Restrict access that is unnecessary anyway
|
||||||
|
location ~ /\.(ht|git) {
|
||||||
|
deny all;
|
||||||
|
}
|
||||||
|
|
||||||
|
#
|
||||||
|
# Hardening (optional)
|
||||||
|
#
|
||||||
|
# add_header Strict-Transport-Security "max-age=15768000; preload;";
|
||||||
|
# add_header X-Content-Type-Options nosniff;
|
||||||
|
# add_header Referrer-Policy strict-origin-when-cross-origin;
|
||||||
|
# add_header Content-Security-Policy "default-src 'self' 'unsafe-inline'; frame-ancestors 'self'; form-action 'self'; style-src 'self' 'unsafe-inline'; img-src * blob: data:;";
|
||||||
|
# add_header X-Permitted-Cross-Domain-Policies none;
|
||||||
|
# add_header X-Robots-Tag all; # Not really hardening, just here for strictness purposes
|
||||||
|
#
|
||||||
|
# client_max_body_size 15M;
|
||||||
|
# client_body_buffer_size 128k;
|
||||||
|
# gzip_vary on;
|
||||||
|
#
|
||||||
|
# location ~* \.(?:css|js|woff|svg|gif|png|webp|ttf|ico|jpe?g)$ {
|
||||||
|
# gzip on;
|
||||||
|
# gzip_comp_level 4;
|
||||||
|
# add_header Cache-Control "public";
|
||||||
|
# expires 30d;
|
||||||
|
# access_log off;
|
||||||
|
# log_not_found off;
|
||||||
|
# }
|
||||||
|
}
|
0
public/index.php
Normal file → Executable file
0
public/index.php
Normal file → Executable file
Loading…
Reference in New Issue
Block a user