From 7ad4f9d74ec94b72f42ee5f17bc7f7a1feaa5d8c Mon Sep 17 00:00:00 2001 From: Deon George Date: Wed, 1 Jun 2022 20:47:43 +1000 Subject: [PATCH] Change to alpine, add php and mail proxy configuration --- Dockerfile | 40 +++++++++++++++++++++-------------- etc/nginx/include.d/http.conf | 19 +++++++++++++++++ etc/nginx/include.d/mail.conf | 36 +++++++++++++++++++++++++++++++ etc/nginx/nginx.conf | 36 +++++++------------------------ init | 8 +++++++ www.conf | 12 +++++++++++ 6 files changed, 107 insertions(+), 44 deletions(-) create mode 100644 etc/nginx/include.d/http.conf create mode 100644 etc/nginx/include.d/mail.conf create mode 100755 init create mode 100644 www.conf diff --git a/Dockerfile b/Dockerfile index 8c8caa9..5249b4f 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,30 +1,38 @@ # NAME leenooks/nginx # VERSION latest -FROM nginx:latest -COPY etc/nginx/default.d /etc/nginx/default.d -COPY etc/nginx/nginx.conf /etc/nginx -COPY var/www/maintenance /var/www/maintenance -RUN chmod 444 /etc/nginx/default.d/ssl/* && chmod 400 /etc/nginx/default.d/ssl/default.key /etc/nginx/default.d/ssl/dhparams.pem +FROM php:fpm-alpine +RUN apk add nginx nginx-mod-mail bash -RUN apt-get update && apt-get install certbot -yy \ - && rm -rf /var/lib/apt/lists/* /tmp/* - -# Add Cloudflare Certbot -RUN apt-get update && apt-get install python3-certbot-dns-cloudflare -yy \ - && rm -rf /var/lib/apt/lists/* /tmp/* +EXPOSE 80 443 25 110 143 # Add acme-lego Certbot -RUN curl -sL https://github.com/go-acme/lego/releases/download/v4.2.0/lego_v4.2.0_linux_amd64.tar.gz | tar -C /usr/local/sbin -xzf - +RUN curl -sL https://github.com/go-acme/lego/releases/download/v4.6.0/lego_v4.6.0_linux_amd64.tar.gz | tar -C /usr/local/sbin -xzf - -EXPOSE 80 443 +RUN mv /sbin/init /sbin/init.busybox +COPY init /sbin/ + +#RUN apt-get update && apt-get install certbot -yy \ +# && rm -rf /var/lib/apt/lists/* /tmp/* + +# Add Cloudflare Certbot +#RUN apt-get update && apt-get install python3-certbot-dns-cloudflare -yy \ +# && rm -rf /var/lib/apt/lists/* /tmp/* + +COPY etc/nginx/nginx.conf /etc/nginx +COPY etc/nginx/default.d /etc/nginx/default.d +COPY etc/nginx/include.d /etc/nginx/include.d +RUN chmod 444 /etc/nginx/default.d/ssl/* && chmod 400 /etc/nginx/default.d/ssl/default.key /etc/nginx/default.d/ssl/dhparams.pem + +COPY var/www/maintenance /var/www/maintenance +COPY www.conf /usr/local/etc/php-fpm.d/ COPY ssl.sh /usr/local/sbin/ LABEL cron.container.weekly root#/usr/local/sbin/ssl.sh lego renew +RUN mkdir -p /etc/nginx/conf.d/ssl && ln -s ../../default.d/ssl/default.crt /etc/nginx/conf.d/ssl/mail.crt && ln -s ../../default.d/ssl/default.key /etc/nginx/conf.d/ssl/mail.key # Expose our web root and log directories log. -#VOLUME [ "/etc/nginx/conf.d", "/etc/nginx/default.d" ] +#VOLUME [ "/etc/nginx/conf.d", "/etc/nginx/default.d", "/etc/nginx/include.d" ] # Starting -ENTRYPOINT [ "/usr/sbin/nginx" ] -CMD [ "-g daemon off;" ] +ENTRYPOINT [ "/sbin/init" ] diff --git a/etc/nginx/include.d/http.conf b/etc/nginx/include.d/http.conf new file mode 100644 index 0000000..e3acba0 --- /dev/null +++ b/etc/nginx/include.d/http.conf @@ -0,0 +1,19 @@ +http { + include /etc/nginx/mime.types; + default_type application/octet-stream; + + log_format main '$remote_addr - $remote_user [$time_local] "$request" ' + '$status $body_bytes_sent "$http_referer" ' + '"$http_user_agent" "$http_x_forwarded_for"'; + + access_log /var/log/nginx/access.log main; + + sendfile on; + #tcp_nopush on; + + keepalive_timeout 65; + + #gzip on; + + include /etc/nginx/conf.d/*.conf; +} diff --git a/etc/nginx/include.d/mail.conf b/etc/nginx/include.d/mail.conf new file mode 100644 index 0000000..70682ce --- /dev/null +++ b/etc/nginx/include.d/mail.conf @@ -0,0 +1,36 @@ +mail { + #server_name mail.example.net; + auth_http http://localhost/mail-auth.php; + error_log /var/log/nginx/mail.log debug; + + proxy_pass_error_message on; + + #ssl on; + ssl_certificate conf.d/ssl/mail.crt; + ssl_certificate_key conf.d/ssl/mail.key; + + #ssl_protocols TLSv1 TLSv1.1 TLSv1.2; + #ssl_ciphers HIGH:!aNULL:!MD5; + #ssl_session_cache shared:SSL:10m; + #ssl_session_timeout 10m; + + server { + listen 25; + listen 465 ssl; + protocol smtp; + smtp_auth login plain cram-md5; + } + + server { + listen 110; + listen 995 ssl; + protocol pop3; + pop3_auth plain apop cram-md5; + } + + server { + listen 143; + listen 993 ssl; + protocol imap; + } +} diff --git a/etc/nginx/nginx.conf b/etc/nginx/nginx.conf index 201a4fe..c64e48c 100644 --- a/etc/nginx/nginx.conf +++ b/etc/nginx/nginx.conf @@ -1,33 +1,13 @@ +load_module /usr/lib/nginx/modules/ngx_mail_module.so; +user nginx; +worker_processes auto; -user nginx; -worker_processes 1; - -error_log /var/log/nginx/error.log warn; -pid /var/run/nginx.pid; +error_log /var/log/nginx/error.log warn; +pid /var/run/nginx.pid; events { - worker_connections 1024; - multi_accept on; + worker_connections 1024; + multi_accept on; } -http { - include /etc/nginx/mime.types; - default_type application/octet-stream; - - log_format main '$remote_addr - $remote_user [$time_local] "$request" ' - '$status $body_bytes_sent "$http_referer" ' - '"$http_user_agent" "$http_x_forwarded_for"'; - - access_log /var/log/nginx/access.log main; - - sendfile on; - #tcp_nopush on; - - keepalive_timeout 65; - - #gzip on; - - include /etc/nginx/conf.d/*.conf; -} - -include /etc/nginx/include.d/*.conf; +include /etc/nginx/include.d/*.conf; diff --git a/init b/init new file mode 100755 index 0000000..7553ab5 --- /dev/null +++ b/init @@ -0,0 +1,8 @@ +#!/bin/sh + +set -e + +echo '+ Starting PHP-FPM' +php-fpm -D + +exec /usr/sbin/nginx -g "daemon off;" diff --git a/www.conf b/www.conf new file mode 100644 index 0000000..8b67780 --- /dev/null +++ b/www.conf @@ -0,0 +1,12 @@ +[www] +group = www-data +listen = 127.0.0.1:9000 +pm = dynamic +pm.max_children = 25 +pm.max_spare_servers = 10 +pm.min_spare_servers = 5 +pm.start_servers = 10 +user = www-data +prefix = /var/www/html +php_admin_value[memory_limit] = 512M +php_admin_value[max_execution_time] = 300