Change to alpine, add php and mail proxy configuration

2022-06-01 20:47:43 +10:00 · 2022-06-01 20:47:43 +10:00 · 7ad4f9d74e
commit 7ad4f9d74e
parent ad00aa25e9
6 changed files with 107 additions and 44 deletions
--- a/40
+++ b/40
@ -1,30 +1,38 @@
 # NAME leenooks/nginx
 # VERSION latest

-FROM nginx:latest
-COPY etc/nginx/default.d /etc/nginx/default.d
-COPY etc/nginx/nginx.conf /etc/nginx
-COPY var/www/maintenance /var/www/maintenance
-RUN chmod 444 /etc/nginx/default.d/ssl/* && chmod 400 /etc/nginx/default.d/ssl/default.key /etc/nginx/default.d/ssl/dhparams.pem
+FROM php:fpm-alpine
+RUN apk add nginx nginx-mod-mail bash

-RUN apt-get update && apt-get install certbot -yy \
-	&& rm -rf /var/lib/apt/lists/* /tmp/*
-
-# Add Cloudflare Certbot
-RUN apt-get update && apt-get install python3-certbot-dns-cloudflare -yy \
-	&& rm -rf /var/lib/apt/lists/* /tmp/*
+EXPOSE 80 443 25 110 143

 # Add acme-lego Certbot
-RUN curl -sL https://github.com/go-acme/lego/releases/download/v4.2.0/lego_v4.2.0_linux_amd64.tar.gz | tar -C /usr/local/sbin -xzf -
+RUN curl -sL https://github.com/go-acme/lego/releases/download/v4.6.0/lego_v4.6.0_linux_amd64.tar.gz | tar -C /usr/local/sbin -xzf -

-EXPOSE 80 443
+RUN mv /sbin/init /sbin/init.busybox
+COPY init /sbin/
+
+#RUN apt-get update && apt-get install certbot -yy \
+#	&& rm -rf /var/lib/apt/lists/* /tmp/*
+
+# Add Cloudflare Certbot
+#RUN apt-get update && apt-get install python3-certbot-dns-cloudflare -yy \
+#	&& rm -rf /var/lib/apt/lists/* /tmp/*
+
+COPY etc/nginx/nginx.conf /etc/nginx
+COPY etc/nginx/default.d /etc/nginx/default.d
+COPY etc/nginx/include.d /etc/nginx/include.d
+RUN chmod 444 /etc/nginx/default.d/ssl/* && chmod 400 /etc/nginx/default.d/ssl/default.key /etc/nginx/default.d/ssl/dhparams.pem
+
+COPY var/www/maintenance /var/www/maintenance
+COPY www.conf /usr/local/etc/php-fpm.d/

 COPY ssl.sh /usr/local/sbin/
 LABEL cron.container.weekly root#/usr/local/sbin/ssl.sh lego renew

+RUN mkdir -p /etc/nginx/conf.d/ssl && ln -s ../../default.d/ssl/default.crt /etc/nginx/conf.d/ssl/mail.crt && ln -s ../../default.d/ssl/default.key /etc/nginx/conf.d/ssl/mail.key
 # Expose our web root and log directories log.
-#VOLUME [ "/etc/nginx/conf.d", "/etc/nginx/default.d" ]
+#VOLUME [ "/etc/nginx/conf.d", "/etc/nginx/default.d", "/etc/nginx/include.d" ]

 # Starting
-ENTRYPOINT [ "/usr/sbin/nginx" ]
-CMD [ "-g daemon off;" ]
+ENTRYPOINT [ "/sbin/init" ]
--- a/etc/nginx/include.d/http.conf
+++ b/etc/nginx/include.d/http.conf
@ -0,0 +1,19 @@
+http {
+	include			/etc/nginx/mime.types;
+	default_type		application/octet-stream;
+
+	log_format		main '$remote_addr - $remote_user [$time_local] "$request" '
+				'$status $body_bytes_sent "$http_referer" '
+				'"$http_user_agent" "$http_x_forwarded_for"';
+
+	access_log		/var/log/nginx/access.log main;
+
+	sendfile		on;
+	#tcp_nopush		on;
+
+	keepalive_timeout	65;
+
+	#gzip			on;
+
+	include			/etc/nginx/conf.d/*.conf;
+}
--- a/etc/nginx/include.d/mail.conf
+++ b/etc/nginx/include.d/mail.conf
@ -0,0 +1,36 @@
+mail {
+	#server_name		mail.example.net;
+	auth_http		http://localhost/mail-auth.php;
+	error_log		/var/log/nginx/mail.log debug;
+
+	proxy_pass_error_message	on;
+
+	#ssl			on;
+	ssl_certificate		conf.d/ssl/mail.crt;
+	ssl_certificate_key	conf.d/ssl/mail.key;
+
+	#ssl_protocols		TLSv1 TLSv1.1 TLSv1.2;
+	#ssl_ciphers		HIGH:!aNULL:!MD5;
+	#ssl_session_cache	shared:SSL:10m;
+	#ssl_session_timeout	10m;
+
+	server {
+		listen		25;
+		listen		465 ssl;
+		protocol	smtp;
+		smtp_auth	login plain cram-md5;
+	}
+
+	server {
+		listen		110;
+		listen		995 ssl;
+		protocol	pop3;
+		pop3_auth	plain apop cram-md5;
+	}
+
+	 server {
+		listen		143;
+		listen		993 ssl;
+		protocol	imap;
+	}
+}
--- a/etc/nginx/nginx.conf
+++ b/etc/nginx/nginx.conf
@ -1,33 +1,13 @@
+load_module		/usr/lib/nginx/modules/ngx_mail_module.so;
+user			nginx;
+worker_processes	auto;

-user  nginx;
-worker_processes  1;
-
-error_log  /var/log/nginx/error.log warn;
-pid        /var/run/nginx.pid;
+error_log		/var/log/nginx/error.log warn;
+pid			/var/run/nginx.pid;

 events {
-    worker_connections  1024;
-    multi_accept on;
+	worker_connections	1024;
+	multi_accept		on;
 }

-http {
-    include       /etc/nginx/mime.types;
-    default_type  application/octet-stream;
-
-    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
-                      '$status $body_bytes_sent "$http_referer" '
-                      '"$http_user_agent" "$http_x_forwarded_for"';
-
-    access_log  /var/log/nginx/access.log  main;
-
-    sendfile        on;
-    #tcp_nopush     on;
-
-    keepalive_timeout  65;
-
-    #gzip  on;
-
-    include /etc/nginx/conf.d/*.conf;
-}
-
-include /etc/nginx/include.d/*.conf;
+include			/etc/nginx/include.d/*.conf;
--- a/8
+++ b/8
@ -0,0 +1,8 @@
+#!/bin/sh
+
+set -e
+
+echo '+ Starting PHP-FPM'
+php-fpm -D
+
+exec /usr/sbin/nginx -g "daemon off;"
--- a/www.conf
+++ b/www.conf
@ -0,0 +1,12 @@
+[www]
+group = www-data
+listen = 127.0.0.1:9000
+pm = dynamic
+pm.max_children = 25
+pm.max_spare_servers = 10
+pm.min_spare_servers = 5
+pm.start_servers = 10
+user = www-data
+prefix = /var/www/html
+php_admin_value[memory_limit] = 512M
+php_admin_value[max_execution_time] = 300