hoellen/dockerfiles
1
0
Fork 0
mirror of https://github.com/hoellen/dockerfiles.git synced 2025-04-19 11:59:17 +00:00
Code Issues Projects Releases Wiki Activity

initial commit

Browse Source
This commit is contained in:
Wonderfall 2016-04-11 15:59:32 +02:00
commit 13f2d49927
85 changed files with 4343 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

116
LICENSE Normal file
View File

@ -0,0 +1,116 @@
CC0 1.0 Universal
Statement of Purpose
The laws of most jurisdictions throughout the world automatically confer
exclusive Copyright and Related Rights (defined below) upon the creator and
subsequent owner(s) (each and all, an "owner") of an original work of
authorship and/or a database (each, a "Work").
Certain owners wish to permanently relinquish those rights to a Work for the
purpose of contributing to a commons of creative, cultural and scientific
works ("Commons") that the public can reliably and without fear of later
claims of infringement build upon, modify, incorporate in other works, reuse
and redistribute as freely as possible in any form whatsoever and for any
purposes, including without limitation commercial purposes. These owners may
contribute to the Commons to promote the ideal of a free culture and the
further production of creative, cultural and scientific works, or to gain
reputation or greater distribution for their Work in part through the use and
efforts of others.
For these and/or other purposes and motivations, and without any expectation
of additional consideration or compensation, the person associating CC0 with a
Work (the "Affirmer"), to the extent that he or she is an owner of Copyright
and Related Rights in the Work, voluntarily elects to apply CC0 to the Work
and publicly distribute the Work under its terms, with knowledge of his or her
Copyright and Related Rights in the Work and the meaning and intended legal
effect of CC0 on those rights.
1. Copyright and Related Rights. A Work made available under CC0 may be
protected by copyright and related or neighboring rights ("Copyright and
Related Rights"). Copyright and Related Rights include, but are not limited
to, the following:
i. the right to reproduce, adapt, distribute, perform, display, communicate,
and translate a Work;
ii. moral rights retained by the original author(s) and/or performer(s);
iii. publicity and privacy rights pertaining to a person's image or likeness
depicted in a Work;
iv. rights protecting against unfair competition in regards to a Work,
subject to the limitations in paragraph 4(a), below;
v. rights protecting the extraction, dissemination, use and reuse of data in
a Work;
vi. database rights (such as those arising under Directive 96/9/EC of the
European Parliament and of the Council of 11 March 1996 on the legal
protection of databases, and under any national implementation thereof,
including any amended or successor version of such directive); and
vii. other similar, equivalent or corresponding rights throughout the world
based on applicable law or treaty, and any national implementations thereof.
2. Waiver. To the greatest extent permitted by, but not in contravention of,
applicable law, Affirmer hereby overtly, fully, permanently, irrevocably and
unconditionally waives, abandons, and surrenders all of Affirmer's Copyright
and Related Rights and associated claims and causes of action, whether now
known or unknown (including existing as well as future claims and causes of
action), in the Work (i) in all territories worldwide, (ii) for the maximum
duration provided by applicable law or treaty (including future time
extensions), (iii) in any current or future medium and for any number of
copies, and (iv) for any purpose whatsoever, including without limitation
commercial, advertising or promotional purposes (the "Waiver"). Affirmer makes
the Waiver for the benefit of each member of the public at large and to the
detriment of Affirmer's heirs and successors, fully intending that such Waiver
shall not be subject to revocation, rescission, cancellation, termination, or
any other legal or equitable action to disrupt the quiet enjoyment of the Work
by the public as contemplated by Affirmer's express Statement of Purpose.
3. Public License Fallback. Should any part of the Waiver for any reason be
judged legally invalid or ineffective under applicable law, then the Waiver
shall be preserved to the maximum extent permitted taking into account
Affirmer's express Statement of Purpose. In addition, to the extent the Waiver
is so judged Affirmer hereby grants to each affected person a royalty-free,
non transferable, non sublicensable, non exclusive, irrevocable and
unconditional license to exercise Affirmer's Copyright and Related Rights in
the Work (i) in all territories worldwide, (ii) for the maximum duration
provided by applicable law or treaty (including future time extensions), (iii)
in any current or future medium and for any number of copies, and (iv) for any
purpose whatsoever, including without limitation commercial, advertising or
promotional purposes (the "License"). The License shall be deemed effective as
of the date CC0 was applied by Affirmer to the Work. Should any part of the
License for any reason be judged legally invalid or ineffective under
applicable law, such partial invalidity or ineffectiveness shall not
invalidate the remainder of the License, and in such case Affirmer hereby
affirms that he or she will not (i) exercise any of his or her remaining
Copyright and Related Rights in the Work or (ii) assert any associated claims
and causes of action with respect to the Work, in either case contrary to
Affirmer's express Statement of Purpose.
4. Limitations and Disclaimers.
a. No trademark or patent rights held by Affirmer are waived, abandoned,
surrendered, licensed or otherwise affected by this document.
b. Affirmer offers the Work as-is and makes no representations or warranties
of any kind concerning the Work, express, implied, statutory or otherwise,
including without limitation warranties of title, merchantability, fitness
for a particular purpose, non infringement, or the absence of latent or
other defects, accuracy, or the present or absence of errors, whether or not
discoverable, all to the greatest extent permissible under applicable law.
c. Affirmer disclaims responsibility for clearing rights of other persons
that may apply to the Work or any use thereof, including without limitation
any person's Copyright and Related Rights in the Work. Further, Affirmer
disclaims responsibility for obtaining any necessary consents, permissions
or other rights required for any use of the Work.
d. Affirmer understands and acknowledges that Creative Commons is not a
party to this document and has no duty or obligation with respect to this
CC0 or use of the Work.
For more information, please see
<http://creativecommons.org/publicdomain/zero/1.0/>

47
cowrie/Dockerfile Normal file
View File

@ -0,0 +1,47 @@
FROM alpine:3.3
MAINTAINER Wonderfall <wonderfall@mondedie.fr>
ENV HOSTNAME=svr04 DL_LIMIT=10485760 FACING_IP=9.9.9.9 JSON_LOG=False CUSTOM=False GID=1000 UID=1000
RUN echo "@testing http://nl.alpinelinux.org/alpine/edge/testing" >> /etc/apk/repositories \
&& echo "@commuedge http://nl.alpinelinux.org/alpine/edge/community" >> /etc/apk/repositories \
&& apk -U add \
build-base \
libffi \
libffi-dev \
openssl \
openssl-dev \
python \
python-dev \
py-pip \
tar \
tini@commuedge \
gosu@testing \
&& pip install --no-cache \
pyasn1 \
service_identity \
pyOpenSSL \
twisted==15.4.0 \
pycrypto \
cryptography \
&& apk del \
build-base \
libffi-dev \
openssl-dev \
python-dev \
py-pip \
&& rm -f /var/cache/apk/*
RUN mkdir /cowrie && cd /cowrie \
&& wget -qO- https://github.com/micheloosterhof/cowrie/archive/master.tar.gz \
| tar xz --strip 1 \
&& mv cowrie.cfg.dist cowrie.cfg \
&& sed -i "s|download_path = dl|download_path = /dl|g" cowrie.cfg \
&& sed -i "s|log_path = log|log_path = /log|g" cowrie.cfg
COPY run.sh /usr/local/bin/run.sh
RUN chmod +x /usr/local/bin/run.sh
VOLUME /dl /log /honeyfs /data /txtcmds /utils
EXPOSE 2222
CMD ["tini","--","run.sh"]

50
cowrie/README.md Normal file
View File

@ -0,0 +1,50 @@
## wonderfall/cowrie
[![](https://badge.imagelayers.io/wonderfall/cowrie:latest.svg)](https://imagelayers.io/?images=wonderfall/cowrie:latest 'Get your own badge on imagelayers.io')
![](https://i.goopics.net/lO.jpg)
#### What is this?
Cowrie is a medium interaction SSH honeypot designed to log brute force attacks and the shell interaction performed by the attacker. Cowrie is based on Kippo.
#### Environment variables
- **HOSTNAME** is the hostname displayed in the honeypot.
- **DL_LIMIT** is the maximum size (in bytes!) of a stored downloaded file (0 = no limit).
- **FACING_IP** is your IP (you have to set it manually because cowrie fails to detect it when running in Docker).
- **JSON_LOG** equals False by default, so json logging is disabled. If you want this feature enabled, set `$JSON_LOG` to True (or anything else...).
#### Volumes
- **/dl** : where downloads are stored.
- **/log** : cowrie and tty sessions logs.
#### Custom mode
`$CUSTOM` can be interpreted as a custom mode. You have access, if set to True, to :
- **honeyfs dir** (/honeyfs) : file contents for the fake filesystem, feel free to copy a real system here
- **data dir** (/data) : fake filesystem + users database
- **txtcmds dir** (/txtcmds) : modify, or add new text commands (if new, must be added to the fake fs)
- **utils dir** (/utils) : useful for fake fs creation
You have to know that, once these directories are polluted by the run.sh script, nothing will be done for you. You'll have to update manually (except utils) and things may break in the future. Always backup your changes. If you just want to run the honeypot without any customisation, do not enable this mode.
#### Docker compose (example)
```
cowrie:
image: wonderfall/cowrie
ports:
- "2222:2222"
volumes:
- /mnt/cowrie/dl:/dl
- /mnt/cowrie/log:/log
### IF CUSTOM MODE
#- /mnt/cowrie/honeyfs:/honeyfs
#- /mnt/cowrie/data:/data
#- /mnt/cowrie/txtcmds:/txtcmds
#- /mnt/cowrie/utils:/utils
environment:
- HOSTNAME=foobar
- DL_LIMIT=2048
- FACING_IP=9.9.9.9
- JSON_LOG=False
- CUSTOM=False
- GID=1000
- UID=1000
```

41
cowrie/run.sh Normal file
View File

@ -0,0 +1,41 @@
#!/bin/sh
cd /cowrie
sed -i "s/hostname = svr04/hostname = $HOSTNAME/g" cowrie.cfg
sed -i "s/#download_limit_size = 10485760/download_limit_size = $DL_LIMIT/g" cowrie.cfg
sed -i "s/#internet_facing_ip = 9.9.9.9/internet_facing_ip = $FACING_IP/g" cowrie.cfg
if [ "$JSON_LOG" == "False" ]; then
sed -i "s/\[output_jsonlog\]/#\[output_jsonlog\]/g" cowrie.cfg
sed -i "s|logfile = log/cowrie.json|#logfile = log/cowrie.json|g" cowrie.cfg
fi
if [ "$CUSTOM" == "True"]; then
sed -i "s|contents_path = honeyfs|contents_path = /honeyfs|g" cowrie.cfg
sed -i "s|data_path = data|data_path = /data|g" cowrie.cfg
sed -i "s|txtcmds_path = txtcmds|txtcmds_path = /txtcmds|g" cowrie.cfg
if [ -d honeyfs ] && [ ! -d /honeyfs/etc ]; then
mv honeyfs/* /honeyfs
fi
if [ -d data ] && [ ! -f /data/userdb.txt ]; then
mv data/* /data
fi
if [ -d txtcmds ] && [ ! -d /txtcmds/bin ]; then
mv txtcmds/* /txtcmds
fi
if [ -d utils ]; then
rm -rf /utils/*
mv utils/* /utils
fi
rm -rf honeyfs data txtcmds utils
ln -s /data data #fix
chown -R $UID:$GID /honeyfs /data /txtcmds /utils
fi
mkdir /log/tty
chown -R $UID:$GID /cowrie /dl /log
gosu $UID:$GID twistd -n -l /log/cowrie.log cowrie

60
ghost/Dockerfile Normal file
View File

@ -0,0 +1,60 @@
FROM wonderfall/node:stable
MAINTAINER Wonderfall <wonderfall@mondedie.fr>
ENV VERSION=0.7.8 \
GHOST_NODE_VERSION_CHECK=false \
GID=991 \
UID=991 \
DOMAIN=my-ghost-blog.com \
SSL=False \
SYNTAX_HIGHLIGHTING=False \
HIGHLIGHTER_COLOR=light \
CUSTOM_SMTP=False \
SMTP_HOST=mail.domain.tld \
SMTP_PASS=12345 \
SMTP_USER=user \
SMTP_PORT=666 \
ENABLE_ISSO=False \
ISSO_HOST=isso.domain.tld \
ISSO_AVATAR=false \
ISSO_VOTE=false
VOLUME /ghost/content
RUN echo "@testing http://nl.alpinelinux.org/alpine/edge/testing" >> /etc/apk/repositories \
&& echo "@commuedge http://nl.alpinelinux.org/alpine/edge/community" >> /etc/apk/repositories \
&& apk -U add \
ca-certificates \
bash \
grep \
tini@commuedge \
gosu@testing \
&& wget -q https://ghost.org/zip/ghost-$VERSION.zip -P /tmp \
&& unzip -q /tmp/ghost-$VERSION.zip -d /ghost \
&& cd /ghost \
&& npm install --production \
&& mv content/themes/casper casper \
&& mv config.example.js config.js \
&& sed -i 's/127.0.0.1/0.0.0.0/g' config.js \
&& npm cache clean \
&& apk del ca-certificates \
&& rm -rf /tmp/* /var/cache/apk/*
COPY run.sh /usr/local/bin/run.sh
COPY smtp.conf /usr/local/etc/smtp.conf
COPY isso.conf /usr/local/etc/isso.conf
COPY prism_light.js /ghost/prismjs/light/prism.js
COPY prism_light.css /ghost/prismjs/light/prism.css
COPY prism_dark.js /ghost/prismjs/dark/prism.js
COPY prism_dark.css /ghost/prismjs/dark/prism.css
COPY prism.js.conf /usr/local/etc/prism.js.conf
COPY prism.css.conf /usr/local/etc/prism.css.conf
RUN chmod +x /usr/local/bin/run.sh
EXPOSE 2368
LABEL description="Ghost CMS ready for production" \
ghost="Ghost v$VERSION"
CMD ["tini","--","run.sh"]

23
ghost/README.md Normal file
View File

@ -0,0 +1,23 @@
## wonderfall/ghost
**SIZE = ±188MB**
![](https://i.goopics.net/lt.png)
#### What is this?
- A **simple** Ghost CMS build made for production.
- It is based on Alpine Linux so it's lightweight.
- It uses node.js 5.x (version check is disabled).
- Environment variables for basic flexibility.
#### Environment variables
- **SSL** : set to *True* if you use https on your blog.
- **DOMAIN** : your domain without http(s)://
- **GID** : ghost user id.
- **UID** : ghost group id.
- **CUSTOM_SMTP** : enable SMTP if set to *True*
- **SMTP_PORT**, **SMTP_USER**, **SMTP_HOST**
- **ENABLE_ISSO** : enable Isso support if set to *True*
- **ISSO_HOST**, **ISSO_AVATAR**, **ISSO_VOTE**
#### Volumes
- **/ghost/content** : contents of your blog, including themes

8
ghost/isso.conf Normal file
View File

@ -0,0 +1,8 @@
<script data-isso="//<HOST>/"
data-isso-avatar="<AVATAR>"
data-isso-vote="<VOTE>"
src="//<HOST>/js/embed.min.js"></script>
<section id="isso-thread"></section>

1
ghost/prism.css.conf Normal file
View File

@ -0,0 +1 @@
<link rel="stylesheet" type="text/css" href="{{asset "css/prism.css"}}" />

1
ghost/prism.js.conf Normal file
View File

@ -0,0 +1 @@
<script type="text/javascript" src="{{asset "js/prism.js"}}"></script>

552
ghost/prism_dark.css Normal file
View File

@ -0,0 +1,552 @@
/* http://prismjs.com/download.html?themes=prism-okaidia&languages=markup+css+clike+javascript+abap+actionscript+apacheconf+apl+applescript+asciidoc+aspnet+autoit+autohotkey+bash+basic+batch+c+brainfuck+bison+csharp+cpp+coffeescript+ruby+css-extras+d+dart+diff+docker+eiffel+elixir+erlang+fsharp+fortran+gherkin+git+glsl+go+groovy+haml+handlebars+haskell+haxe+http+icon+inform7+ini+j+jade+java+json+julia+keyman+kotlin+latex+less+lolcode+lua+makefile+markdown+matlab+mel+mizar+monkey+nasm+nginx+nim+nix+nsis+objectivec+ocaml+oz+parigp+parser+pascal+perl+php+php-extras+powershell+processing+prolog+puppet+pure+python+q+qore+r+jsx+rest+rip+roboconf+crystal+rust+sas+sass+scss+scala+scheme+smalltalk+smarty+sql+stylus+swift+tcl+textile+twig+typescript+verilog+vhdl+vim+wiki+yaml&plugins=line-highlight+line-numbers+autolinker+wpd+file-highlight+show-language+jsonp-highlight+highlight-keywords+previewer-base+previewer-color+previewer-gradient+previewer-easing+previewer-time+previewer-angle+autoloader+keep-markup+command-line+normalize-whitespace */
/**
* okaidia theme for JavaScript, CSS and HTML
* Loosely based on Monokai textmate theme by http://www.monokai.nl/
* @author ocodia
*/
code[class*="language-"],
pre[class*="language-"] {
color: #f8f8f2;
background: none;
text-shadow: 0 1px rgba(0, 0, 0, 0.3);
font-family: Consolas, Monaco, 'Andale Mono', 'Ubuntu Mono', monospace;
direction: ltr;
text-align: left;
white-space: pre;
word-spacing: normal;
word-break: normal;
word-wrap: normal;
line-height: 1.5;
-moz-tab-size: 4;
-o-tab-size: 4;
tab-size: 4;
-webkit-hyphens: none;
-moz-hyphens: none;
-ms-hyphens: none;
hyphens: none;
}
/* Code blocks */
pre[class*="language-"] {
padding: 1em;
overflow: auto;
border-radius: 0.3em;
}
:not(pre) > code[class*="language-"],
pre[class*="language-"] {
background: #272822;
}
/* Inline code */
:not(pre) > code[class*="language-"] {
padding: .1em;
border-radius: .3em;
white-space: normal;
}
.token.comment,
.token.prolog,
.token.doctype,
.token.cdata {
color: slategray;
}
.token.punctuation {
color: #f8f8f2;
}
.namespace {
opacity: .7;
}
.token.property,
.token.tag,
.token.constant,
.token.symbol,
.token.deleted {
color: #f92672;
}
.token.boolean,
.token.number {
color: #ae81ff;
}
.token.selector,
.token.attr-name,
.token.string,
.token.char,
.token.builtin,
.token.inserted {
color: #a6e22e;
}
.token.operator,
.token.entity,
.token.url,
.language-css .token.string,
.style .token.string,
.token.variable {
color: #f8f8f2;
}
.token.atrule,
.token.attr-value,
.token.function {
color: #e6db74;
}
.token.keyword {
color: #66d9ef;
}
.token.regex,
.token.important {
color: #fd971f;
}
.token.important,
.token.bold {
font-weight: bold;
}
.token.italic {
font-style: italic;
}
.token.entity {
cursor: help;
}
pre[data-line] {
position: relative;
padding: 1em 0 1em 3em;
}
.line-highlight {
position: absolute;
left: 0;
right: 0;
padding: inherit 0;
margin-top: 1em; /* Same as .prisms padding-top */
background: hsla(24, 20%, 50%,.08);
background: -moz-linear-gradient(left, hsla(24, 20%, 50%,.1) 70%, hsla(24, 20%, 50%,0));
background: -webkit-linear-gradient(left, hsla(24, 20%, 50%,.1) 70%, hsla(24, 20%, 50%,0));
background: -o-linear-gradient(left, hsla(24, 20%, 50%,.1) 70%, hsla(24, 20%, 50%,0));
background: linear-gradient(left, hsla(24, 20%, 50%,.1) 70%, hsla(24, 20%, 50%,0));
pointer-events: none;
line-height: inherit;
white-space: pre;
}
.line-highlight:before,
.line-highlight[data-end]:after {
content: attr(data-start);
position: absolute;
top: .4em;
left: .6em;
min-width: 1em;
padding: 0 .5em;
background-color: hsla(24, 20%, 50%,.4);
color: hsl(24, 20%, 95%);
font: bold 65%/1.5 sans-serif;
text-align: center;
vertical-align: .3em;
border-radius: 999px;
text-shadow: none;
box-shadow: 0 1px white;
}
.line-highlight[data-end]:after {
content: attr(data-end);
top: auto;
bottom: .4em;
}
pre.line-numbers {
position: relative;
padding-left: 3.8em;
counter-reset: linenumber;
}
pre.line-numbers > code {
position: relative;
}
.line-numbers .line-numbers-rows {
position: absolute;
pointer-events: none;
top: 0;
font-size: 100%;
left: -3.8em;
width: 3em; /* works for line-numbers below 1000 lines */
letter-spacing: -1px;
border-right: 1px solid #999;
-webkit-user-select: none;
-moz-user-select: none;
-ms-user-select: none;
user-select: none;
}
.line-numbers-rows > span {
pointer-events: none;
display: block;
counter-increment: linenumber;
}
.line-numbers-rows > span:before {
content: counter(linenumber);
color: #999;
display: block;
padding-right: 0.8em;
text-align: right;
}
.token a {
color: inherit;
}
code[class*="language-"] a[href],
pre[class*="language-"] a[href] {
cursor: help;
text-decoration: none;
}
code[class*="language-"] a[href]:hover,
pre[class*="language-"] a[href]:hover {
cursor: help;
text-decoration: underline;
}
div.prism-show-language {
position: relative;
}
div.prism-show-language > div.prism-show-language-label {
color: black;
background-color: #CFCFCF;
display: inline-block;
position: absolute;
bottom: auto;
left: auto;
top: 0;
right: 0;
width: auto;
height: auto;
font-size: 0.9em;
border-radius: 0 0 0 5px;
padding: 0 0.5em;
text-shadow: none;
z-index: 1;
-webkit-box-shadow: none;
-moz-box-shadow: none;
box-shadow: none;
-webkit-transform: none;
-moz-transform: none;
-ms-transform: none;
-o-transform: none;
transform: none;
}
.prism-previewer,
.prism-previewer:before,
.prism-previewer:after {
position: absolute;
pointer-events: none;
}
.prism-previewer,
.prism-previewer:after {
left: 50%;
}
.prism-previewer {
margin-top: -48px;
width: 32px;
height: 32px;
margin-left: -16px;
-ms-filter: "progid:DXImageTransform.Microsoft.Alpha(Opacity=$opacity)";
filter: alpha(opacity=0);
-khtml-opacity: 0;
-moz-opacity: 0;
opacity: 0;
-webkit-transition: opacity .25s;
-moz-transition: opacity .25s;
-o-transition: opacity .25s;
transition: opacity .25s;
}
.prism-previewer.flipped {
margin-top: 0;
margin-bottom: -48px;
}
.prism-previewer:before,
.prism-previewer:after {
content: '';
position: absolute;
pointer-events: none;
}
.prism-previewer:before {
top: -5px;
right: -5px;
left: -5px;
bottom: -5px;
-webkit-border-radius: 10px;
-moz-border-radius: 10px;
border-radius: 10px;
border: 5px solid #fff;
-webkit-box-shadow: 0 0 3px rgba(0, 0, 0, 0.5) inset, 0 0 10px rgba(0, 0, 0, 0.75);
-moz-box-shadow: 0 0 3px rgba(0, 0, 0, 0.5) inset, 0 0 10px rgba(0, 0, 0, 0.75);
-ms-box-shadow: 0 0 3px rgba(0, 0, 0, 0.5) inset, 0 0 10px rgba(0, 0, 0, 0.75);
-o-box-shadow: 0 0 3px rgba(0, 0, 0, 0.5) inset, 0 0 10px rgba(0, 0, 0, 0.75);
box-shadow: 0 0 3px rgba(0, 0, 0, 0.5) inset, 0 0 10px rgba(0, 0, 0, 0.75);
}
.prism-previewer:after {
top: 100%;
width: 0;
height: 0;
margin: 5px 0 0 -7px;
border: 7px solid transparent;
border-color: rgba(255, 0, 0, 0);
border-top-color: #fff;
}
.prism-previewer.flipped:after {
top: auto;
bottom: 100%;
margin-top: 0;
margin-bottom: 5px;
border-top-color: rgba(255, 0, 0, 0);
border-bottom-color: #fff;
}
.prism-previewer.active {
-ms-filter: "progid:DXImageTransform.Microsoft.Alpha(Opacity=$opacity)";
filter: alpha(opacity=1);
-khtml-opacity: 1;
-moz-opacity: 1;
opacity: 1;
}
.prism-previewer-color {
background-image: linear-gradient(45deg, #bbb 25%, transparent 25%, transparent 75%, #bbb 75%, #bbb), linear-gradient(45deg, #bbb 25%, #eee 25%, #eee 75%, #bbb 75%, #bbb);
background-size: 10px 10px;
background-position: 0 0, 5px 5px;
}
.prism-previewer-color:before {
background-color: inherit;
background-clip: padding-box;
}
.prism-previewer-gradient {
background-image: linear-gradient(45deg, #bbb 25%, transparent 25%, transparent 75%, #bbb 75%, #bbb), linear-gradient(45deg, #bbb 25%, #eee 25%, #eee 75%, #bbb 75%, #bbb);
background-size: 10px 10px;
background-position: 0 0, 5px 5px;
width: 64px;
margin-left: -32px;
}
.prism-previewer-gradient:before {
content: none;
}
.prism-previewer-gradient div {
position: absolute;
top: -5px;
left: -5px;
right: -5px;
bottom: -5px;
-webkit-border-radius: 10px;
-moz-border-radius: 10px;
border-radius: 10px;
border: 5px solid #fff;
-webkit-box-shadow: 0 0 3px rgba(0, 0, 0, 0.5) inset, 0 0 10px rgba(0, 0, 0, 0.75);
-moz-box-shadow: 0 0 3px rgba(0, 0, 0, 0.5) inset, 0 0 10px rgba(0, 0, 0, 0.75);
-ms-box-shadow: 0 0 3px rgba(0, 0, 0, 0.5) inset, 0 0 10px rgba(0, 0, 0, 0.75);
-o-box-shadow: 0 0 3px rgba(0, 0, 0, 0.5) inset, 0 0 10px rgba(0, 0, 0, 0.75);
box-shadow: 0 0 3px rgba(0, 0, 0, 0.5) inset, 0 0 10px rgba(0, 0, 0, 0.75);
}
.prism-previewer-easing {
margin-top: -76px;
margin-left: -30px;
width: 60px;
height: 60px;
background: #333;
}
.prism-previewer-easing.flipped {
margin-bottom: -116px;
}
.prism-previewer-easing svg {
width: 60px;
height: 60px;
}
.prism-previewer-easing circle {
fill: hsl(200, 10%, 20%);
stroke: white;
}
.prism-previewer-easing path {
fill: none;
stroke: white;
stroke-linecap: round;
stroke-width: 4;
}
.prism-previewer-easing line {
stroke: white;
stroke-opacity: 0.5;
stroke-width: 2;
}
@-webkit-keyframes prism-previewer-time {
0% {
stroke-dasharray: 0, 500;
stroke-dashoffset: 0;
}
50% {
stroke-dasharray: 100, 500;
stroke-dashoffset: 0;
}
100% {
stroke-dasharray: 0, 500;
stroke-dashoffset: -100;
}
}
@-o-keyframes prism-previewer-time {
0% {
stroke-dasharray: 0, 500;
stroke-dashoffset: 0;
}
50% {
stroke-dasharray: 100, 500;
stroke-dashoffset: 0;
}
100% {
stroke-dasharray: 0, 500;
stroke-dashoffset: -100;
}
}
@-moz-keyframes prism-previewer-time {
0% {
stroke-dasharray: 0, 500;
stroke-dashoffset: 0;
}
50% {
stroke-dasharray: 100, 500;
stroke-dashoffset: 0;
}
100% {
stroke-dasharray: 0, 500;
stroke-dashoffset: -100;
}
}
@keyframes prism-previewer-time {
0% {
stroke-dasharray: 0, 500;
stroke-dashoffset: 0;
}
50% {
stroke-dasharray: 100, 500;
stroke-dashoffset: 0;
}
100% {
stroke-dasharray: 0, 500;
stroke-dashoffset: -100;
}
}
.prism-previewer-time:before {
-webkit-border-radius: 50%;
-moz-border-radius: 50%;
border-radius: 50%;
background: #fff;
}
.prism-previewer-time:after {
margin-top: 4px;
}
.prism-previewer-time svg {
width: 32px;
height: 32px;
-webkit-transform: rotate(-90deg);
-moz-transform: rotate(-90deg);
-ms-transform: rotate(-90deg);
-o-transform: rotate(-90deg);
transform: rotate(-90deg);
}
.prism-previewer-time circle {
fill: transparent;
stroke: hsl(200, 10%, 20%);
stroke-opacity: 0.9;
stroke-width: 32;
stroke-dasharray: 0, 500;
stroke-dashoffset: 0;
-webkit-animation: prism-previewer-time linear infinite 3s;
-moz-animation: prism-previewer-time linear infinite 3s;
-o-animation: prism-previewer-time linear infinite 3s;
animation: prism-previewer-time linear infinite 3s;
}
.prism-previewer-angle:before {
-webkit-border-radius: 50%;
-moz-border-radius: 50%;
border-radius: 50%;
background: #fff;
}
.prism-previewer-angle:after {
margin-top: 4px;
}
.prism-previewer-angle svg {
width: 32px;
height: 32px;
-webkit-transform: rotate(-90deg);
-moz-transform: rotate(-90deg);
-ms-transform: rotate(-90deg);
-o-transform: rotate(-90deg);
transform: rotate(-90deg);
}
.prism-previewer-angle[data-negative] svg {
-webkit-transform: scaleX(-1) rotate(-90deg);
-moz-transform: scaleX(-1) rotate(-90deg);
-ms-transform: scaleX(-1) rotate(-90deg);
-o-transform: scaleX(-1) rotate(-90deg);
transform: scaleX(-1) rotate(-90deg);
}
.prism-previewer-angle circle {
fill: transparent;
stroke: hsl(200, 10%, 20%);
stroke-opacity: 0.9;
stroke-width: 32;
stroke-dasharray: 0, 500;
}
.command-line-prompt {
border-right: 1px solid #999;
display: block;
float: left;
font-size: 100%;
letter-spacing: -1px;
margin-right: 1em;
pointer-events: none;
-webkit-user-select: none;
-moz-user-select: none;
-ms-user-select: none;
user-select: none;
}
.command-line-prompt > span:before {
color: #999;
content: ' ';
display: block;
padding-right: 0.8em;
}
.command-line-prompt > span[data-user]:before {
content: "[" attr(data-user) "@" attr(data-host) "] $";
}
.command-line-prompt > span[data-user="root"]:before {
content: "[" attr(data-user) "@" attr(data-host) "] #";
}
.command-line-prompt > span[data-prompt]:before {
content: attr(data-prompt);
}

131
ghost/prism_dark.js Normal file
View File

File diff suppressed because one or more lines are too long

538
ghost/prism_light.css Normal file
View File

@ -0,0 +1,538 @@
/* http://prismjs.com/download.html?themes=prism&languages=markup+css+clike+javascript+abap+actionscript+apacheconf+apl+applescript+asciidoc+aspnet+autoit+autohotkey+bash+basic+batch+c+brainfuck+bison+csharp+cpp+coffeescript+ruby+css-extras+d+dart+diff+docker+eiffel+elixir+erlang+fsharp+fortran+gherkin+git+glsl+go+groovy+haml+handlebars+haskell+haxe+http+icon+inform7+ini+j+jade+java+json+julia+keyman+kotlin+latex+less+lolcode+lua+makefile+markdown+matlab+mel+mizar+monkey+nasm+nginx+nim+nix+nsis+objectivec+ocaml+oz+parigp+parser+pascal+perl+php+php-extras+powershell+processing+prolog+puppet+pure+python+q+qore+r+jsx+rest+rip+roboconf+crystal+rust+sas+sass+scss+scala+scheme+smalltalk+smarty+sql+stylus+swift+tcl+textile+twig+typescript+verilog+vhdl+vim+wiki+yaml&plugins=line-highlight+line-numbers+autolinker+wpd+file-highlight+jsonp-highlight+highlight-keywords+previewer-base+previewer-color+previewer-gradient+previewer-easing+previewer-time+previewer-angle+autoloader+keep-markup+command-line+normalize-whitespace */
/**
* prism.js default theme for JavaScript, CSS and HTML
* Based on dabblet (http://dabblet.com)
* @author Lea Verou
*/
code[class*="language-"],
pre[class*="language-"] {
color: black;
background: none;
text-shadow: 0 1px white;
font-family: Consolas, Monaco, 'Andale Mono', 'Ubuntu Mono', monospace;
direction: ltr;
text-align: left;
white-space: pre;
word-spacing: normal;
word-break: normal;
word-wrap: normal;
line-height: 1.5;
-moz-tab-size: 4;
-o-tab-size: 4;
tab-size: 4;
-webkit-hyphens: none;
-moz-hyphens: none;
-ms-hyphens: none;
hyphens: none;
}
pre[class*="language-"]::-moz-selection, pre[class*="language-"] ::-moz-selection,
code[class*="language-"]::-moz-selection, code[class*="language-"] ::-moz-selection {
text-shadow: none;
background: #b3d4fc;
}
pre[class*="language-"]::selection, pre[class*="language-"] ::selection,
code[class*="language-"]::selection, code[class*="language-"] ::selection {
text-shadow: none;
background: #b3d4fc;
}
@media print {
code[class*="language-"],
pre[class*="language-"] {
text-shadow: none;
}
}
/* Code blocks */
pre[class*="language-"] {
padding: 1em;
overflow: auto;
}
:not(pre) > code[class*="language-"],
pre[class*="language-"] {
background: #f5f2f0;
}
/* Inline code */
:not(pre) > code[class*="language-"] {
padding: .1em;
border-radius: .3em;
white-space: normal;
}
.token.comment,
.token.prolog,
.token.doctype,
.token.cdata {
color: slategray;
}
.token.punctuation {
color: #999;
}
.namespace {
opacity: .7;
}
.token.property,
.token.tag,
.token.boolean,
.token.number,
.token.constant,
.token.symbol,
.token.deleted {
color: #905;
}
.token.selector,
.token.attr-name,
.token.string,
.token.char,
.token.builtin,
.token.inserted {
color: #690;
}
.token.operator,
.token.entity,
.token.url,
.language-css .token.string,
.style .token.string {
color: #a67f59;
background: hsla(0, 0%, 100%, .5);
}
.token.atrule,
.token.attr-value,
.token.keyword {
color: #07a;
}
.token.function {
color: #DD4A68;
}
.token.regex,
.token.important,
.token.variable {
color: #e90;
}
.token.important,
.token.bold {
font-weight: bold;
}
.token.italic {
font-style: italic;
}
.token.entity {
cursor: help;
}
pre[data-line] {
position: relative;
padding: 1em 0 1em 3em;
}
.line-highlight {
position: absolute;
left: 0;
right: 0;
padding: inherit 0;
margin-top: 1em; /* Same as .prisms padding-top */
background: hsla(24, 20%, 50%,.08);
background: -moz-linear-gradient(left, hsla(24, 20%, 50%,.1) 70%, hsla(24, 20%, 50%,0));
background: -webkit-linear-gradient(left, hsla(24, 20%, 50%,.1) 70%, hsla(24, 20%, 50%,0));
background: -o-linear-gradient(left, hsla(24, 20%, 50%,.1) 70%, hsla(24, 20%, 50%,0));
background: linear-gradient(left, hsla(24, 20%, 50%,.1) 70%, hsla(24, 20%, 50%,0));
pointer-events: none;
line-height: inherit;
white-space: pre;
}
.line-highlight:before,
.line-highlight[data-end]:after {
content: attr(data-start);
position: absolute;
top: .4em;
left: .6em;
min-width: 1em;
padding: 0 .5em;
background-color: hsla(24, 20%, 50%,.4);
color: hsl(24, 20%, 95%);
font: bold 65%/1.5 sans-serif;
text-align: center;
vertical-align: .3em;
border-radius: 999px;
text-shadow: none;
box-shadow: 0 1px white;
}
.line-highlight[data-end]:after {
content: attr(data-end);
top: auto;
bottom: .4em;
}
pre.line-numbers {
position: relative;
padding-left: 3.8em;
counter-reset: linenumber;
}
pre.line-numbers > code {
position: relative;
}
.line-numbers .line-numbers-rows {
position: absolute;
pointer-events: none;
top: 0;
font-size: 100%;
left: -3.8em;
width: 3em; /* works for line-numbers below 1000 lines */
letter-spacing: -1px;
border-right: 1px solid #999;
-webkit-user-select: none;
-moz-user-select: none;
-ms-user-select: none;
user-select: none;
}
.line-numbers-rows > span {
pointer-events: none;
display: block;
counter-increment: linenumber;
}
.line-numbers-rows > span:before {
content: counter(linenumber);
color: #999;
display: block;
padding-right: 0.8em;
text-align: right;
}
.token a {
color: inherit;
}
code[class*="language-"] a[href],
pre[class*="language-"] a[href] {
cursor: help;
text-decoration: none;
}
code[class*="language-"] a[href]:hover,
pre[class*="language-"] a[href]:hover {
cursor: help;
text-decoration: underline;
}
.prism-previewer,
.prism-previewer:before,
.prism-previewer:after {
position: absolute;
pointer-events: none;
}
.prism-previewer,
.prism-previewer:after {
left: 50%;
}
.prism-previewer {
margin-top: -48px;
width: 32px;
height: 32px;
margin-left: -16px;
-ms-filter: "progid:DXImageTransform.Microsoft.Alpha(Opacity=$opacity)";
filter: alpha(opacity=0);
-khtml-opacity: 0;
-moz-opacity: 0;
opacity: 0;
-webkit-transition: opacity .25s;
-moz-transition: opacity .25s;
-o-transition: opacity .25s;
transition: opacity .25s;
}
.prism-previewer.flipped {
margin-top: 0;
margin-bottom: -48px;
}
.prism-previewer:before,
.prism-previewer:after {
content: '';
position: absolute;
pointer-events: none;
}
.prism-previewer:before {
top: -5px;
right: -5px;
left: -5px;
bottom: -5px;
-webkit-border-radius: 10px;
-moz-border-radius: 10px;
border-radius: 10px;
border: 5px solid #fff;
-webkit-box-shadow: 0 0 3px rgba(0, 0, 0, 0.5) inset, 0 0 10px rgba(0, 0, 0, 0.75);
-moz-box-shadow: 0 0 3px rgba(0, 0, 0, 0.5) inset, 0 0 10px rgba(0, 0, 0, 0.75);
-ms-box-shadow: 0 0 3px rgba(0, 0, 0, 0.5) inset, 0 0 10px rgba(0, 0, 0, 0.75);
-o-box-shadow: 0 0 3px rgba(0, 0, 0, 0.5) inset, 0 0 10px rgba(0, 0, 0, 0.75);
box-shadow: 0 0 3px rgba(0, 0, 0, 0.5) inset, 0 0 10px rgba(0, 0, 0, 0.75);
}
.prism-previewer:after {
top: 100%;
width: 0;
height: 0;
margin: 5px 0 0 -7px;
border: 7px solid transparent;
border-color: rgba(255, 0, 0, 0);
border-top-color: #fff;
}
.prism-previewer.flipped:after {
top: auto;
bottom: 100%;
margin-top: 0;
margin-bottom: 5px;
border-top-color: rgba(255, 0, 0, 0);
border-bottom-color: #fff;
}
.prism-previewer.active {
-ms-filter: "progid:DXImageTransform.Microsoft.Alpha(Opacity=$opacity)";
filter: alpha(opacity=1);
-khtml-opacity: 1;
-moz-opacity: 1;
opacity: 1;
}
.prism-previewer-color {
background-image: linear-gradient(45deg, #bbb 25%, transparent 25%, transparent 75%, #bbb 75%, #bbb), linear-gradient(45deg, #bbb 25%, #eee 25%, #eee 75%, #bbb 75%, #bbb);
background-size: 10px 10px;
background-position: 0 0, 5px 5px;
}
.prism-previewer-color:before {
background-color: inherit;
background-clip: padding-box;
}
.prism-previewer-gradient {
background-image: linear-gradient(45deg, #bbb 25%, transparent 25%, transparent 75%, #bbb 75%, #bbb), linear-gradient(45deg, #bbb 25%, #eee 25%, #eee 75%, #bbb 75%, #bbb);
background-size: 10px 10px;
background-position: 0 0, 5px 5px;
width: 64px;
margin-left: -32px;
}
.prism-previewer-gradient:before {
content: none;
}
.prism-previewer-gradient div {
position: absolute;
top: -5px;
left: -5px;
right: -5px;
bottom: -5px;
-webkit-border-radius: 10px;
-moz-border-radius: 10px;
border-radius: 10px;
border: 5px solid #fff;
-webkit-box-shadow: 0 0 3px rgba(0, 0, 0, 0.5) inset, 0 0 10px rgba(0, 0, 0, 0.75);
-moz-box-shadow: 0 0 3px rgba(0, 0, 0, 0.5) inset, 0 0 10px rgba(0, 0, 0, 0.75);
-ms-box-shadow: 0 0 3px rgba(0, 0, 0, 0.5) inset, 0 0 10px rgba(0, 0, 0, 0.75);
-o-box-shadow: 0 0 3px rgba(0, 0, 0, 0.5) inset, 0 0 10px rgba(0, 0, 0, 0.75);
box-shadow: 0 0 3px rgba(0, 0, 0, 0.5) inset, 0 0 10px rgba(0, 0, 0, 0.75);
}
.prism-previewer-easing {
margin-top: -76px;
margin-left: -30px;
width: 60px;
height: 60px;
background: #333;
}
.prism-previewer-easing.flipped {
margin-bottom: -116px;
}
.prism-previewer-easing svg {
width: 60px;
height: 60px;
}
.prism-previewer-easing circle {
fill: hsl(200, 10%, 20%);
stroke: white;
}
.prism-previewer-easing path {
fill: none;
stroke: white;
stroke-linecap: round;
stroke-width: 4;
}
.prism-previewer-easing line {
stroke: white;
stroke-opacity: 0.5;
stroke-width: 2;
}
@-webkit-keyframes prism-previewer-time {
0% {
stroke-dasharray: 0, 500;
stroke-dashoffset: 0;
}
50% {
stroke-dasharray: 100, 500;
stroke-dashoffset: 0;
}
100% {
stroke-dasharray: 0, 500;
stroke-dashoffset: -100;
}
}
@-o-keyframes prism-previewer-time {
0% {
stroke-dasharray: 0, 500;
stroke-dashoffset: 0;
}
50% {
stroke-dasharray: 100, 500;
stroke-dashoffset: 0;
}
100% {
stroke-dasharray: 0, 500;
stroke-dashoffset: -100;
}
}
@-moz-keyframes prism-previewer-time {
0% {
stroke-dasharray: 0, 500;
stroke-dashoffset: 0;
}
50% {
stroke-dasharray: 100, 500;
stroke-dashoffset: 0;
}
100% {
stroke-dasharray: 0, 500;
stroke-dashoffset: -100;
}
}
@keyframes prism-previewer-time {
0% {
stroke-dasharray: 0, 500;
stroke-dashoffset: 0;
}
50% {
stroke-dasharray: 100, 500;
stroke-dashoffset: 0;
}
100% {
stroke-dasharray: 0, 500;
stroke-dashoffset: -100;
}
}
.prism-previewer-time:before {
-webkit-border-radius: 50%;
-moz-border-radius: 50%;
border-radius: 50%;
background: #fff;
}
.prism-previewer-time:after {
margin-top: 4px;
}
.prism-previewer-time svg {
width: 32px;
height: 32px;
-webkit-transform: rotate(-90deg);
-moz-transform: rotate(-90deg);
-ms-transform: rotate(-90deg);
-o-transform: rotate(-90deg);
transform: rotate(-90deg);
}
.prism-previewer-time circle {
fill: transparent;
stroke: hsl(200, 10%, 20%);
stroke-opacity: 0.9;
stroke-width: 32;
stroke-dasharray: 0, 500;
stroke-dashoffset: 0;
-webkit-animation: prism-previewer-time linear infinite 3s;
-moz-animation: prism-previewer-time linear infinite 3s;
-o-animation: prism-previewer-time linear infinite 3s;
animation: prism-previewer-time linear infinite 3s;
}
.prism-previewer-angle:before {
-webkit-border-radius: 50%;
-moz-border-radius: 50%;
border-radius: 50%;
background: #fff;
}
.prism-previewer-angle:after {
margin-top: 4px;
}
.prism-previewer-angle svg {
width: 32px;
height: 32px;
-webkit-transform: rotate(-90deg);
-moz-transform: rotate(-90deg);
-ms-transform: rotate(-90deg);
-o-transform: rotate(-90deg);
transform: rotate(-90deg);
}
.prism-previewer-angle[data-negative] svg {
-webkit-transform: scaleX(-1) rotate(-90deg);
-moz-transform: scaleX(-1) rotate(-90deg);
-ms-transform: scaleX(-1) rotate(-90deg);
-o-transform: scaleX(-1) rotate(-90deg);
transform: scaleX(-1) rotate(-90deg);
}
.prism-previewer-angle circle {
fill: transparent;
stroke: hsl(200, 10%, 20%);
stroke-opacity: 0.9;
stroke-width: 32;
stroke-dasharray: 0, 500;
}
.command-line-prompt {
border-right: 1px solid #999;
display: block;
float: left;
font-size: 100%;
letter-spacing: -1px;
margin-right: 1em;
pointer-events: none;
-webkit-user-select: none;
-moz-user-select: none;
-ms-user-select: none;
user-select: none;
}
.command-line-prompt > span:before {
color: #999;
content: ' ';
display: block;
padding-right: 0.8em;
}
.command-line-prompt > span[data-user]:before {
content: "[" attr(data-user) "@" attr(data-host) "] $";
}
.command-line-prompt > span[data-user="root"]:before {
content: "[" attr(data-user) "@" attr(data-host) "] #";
}
.command-line-prompt > span[data-prompt]:before {
content: attr(data-prompt);
}

130
ghost/prism_light.js Normal file
View File

File diff suppressed because one or more lines are too long

50
ghost/run.sh Normal file
View File

@ -0,0 +1,50 @@
#!/bin/bash
cd /ghost/content
mkdir apps data images themes
sed -i "s|my-ghost-blog.com|$DOMAIN|g" /ghost/config.js
if [ "$SSL" == "True" ] && ! grep -q 'urlSSL' /ghost/config.js; then
sed -i "/url/a \ \ \ \ \ \ \ \ urlSSL: 'https://$DOMAIN'," /ghost/config.js
fi
if [ "$CUSTOM_SMTP" == "True" ]; then
cd /usr/local/etc
sed -i -e "/mail: {},/r smtp.conf" \
-e "/mail: {},/d" /ghost/config.js
sed -i -e "s/<HOST>/$SMTP_HOST/g" \
-e "s/<PORT>/$SMTP_PORT/g" \
-e "s/<USER>/$SMTP_USER/g" \
-e "s/<PASS>/$SMTP_PASS/g" /ghost/config.js
fi
if [ ! -d /ghost/content/themes/casper ]; then
cp -r /ghost/casper /ghost/content/themes/casper
else
CASPER=`md5sum /ghost/casper/package.json | awk '{ print $1 }'`
INSTALLED_CASPER=`md5sum /ghost/content/themes/casper/package.json | awk '{ print $1 }'`
if [ "$CASPER" != "$INSTALLED_CASPER" ]; then
rm -rf /ghost/content/themes/casper
cp -r /ghost/casper /ghost/content/themes/casper
fi
fi
if [ "$ENABLE_ISSO" == "True" ] && ! grep -q 'isso' /ghost/content/themes/casper/post.hbs; then
cd /usr/local/etc
sed -i -e "/\/author/r isso.conf" /ghost/content/themes/casper/post.hbs
sed -i -e "s/<HOST>/$ISSO_HOST/g" \
-e "s/<AVATAR>/$ISSO_AVATAR/g" \
-e "s/<VOTE>/$ISSO_VOTE/g" /ghost/content/themes/casper/post.hbs
fi
if [ "$SYNTAX_HIGHLIGHTING" == "True" ] && [ ! -f /ghost/content/themes/casper/assets/js/prism.js ]; then
cp /ghost/prismjs/$HIGHLIGHTER_COLOR/prism.css /ghost/content/themes/casper/assets/css
cp /ghost/prismjs/$HIGHLIGHTER_COLOR/prism.js /ghost/content/themes/casper/assets/js
cd /usr/local/etc
sed -i -e "/Styles'n'Scripts/r prism.css.conf" \
-e "/The main JavaScript file for Casper/r prism.js.conf" \
/ghost/content/themes/casper/default.hbs
fi
chown -R $UID:$GID /ghost && cd /ghost
gosu $UID:$GID npm start --production

13
ghost/smtp.conf Normal file
View File

@ -0,0 +1,13 @@
mail: {
transport: 'SMTP',
options: {
host: '<HOST>',
port: '<PORT>',
auth: {
user: '<USER>',
pass: '<PASS>'
}
}
},

35
isso/Dockerfile Normal file
View File

@ -0,0 +1,35 @@
FROM alpine:3.3
MAINTAINER Wonderfall <wonderfall@mondedie.fr>
ENV ISSO_VER=0.10.2 GID=1000 UID=1000
RUN echo "@testing http://nl.alpinelinux.org/alpine/edge/testing" >> /etc/apk/repositories \
&& echo "@commuedge http://nl.alpinelinux.org/alpine/edge/community" >> /etc/apk/repositories \
&& apk -U add \
python \
python-dev \
libffi-dev \
py-setuptools \
py-pip \
sqlite \
ca-certificates \
build-base \
gosu@testing \
tini@commuedge \
&& pip install --no-cache cffi \
&& pip install --no-cache misaka==1.0.2 \
&& wget https://github.com/posativ/isso/releases/download/$ISSO_VER/isso-$ISSO_VER.tar.gz -P /tmp \
&& pip install /tmp/isso-$ISSO_VER.tar.gz \
&& apk del \
python-dev \
libffi-dev \
py-pip \
build-base \
&& rm -rf /var/cache/apk/* /tmp/*
COPY run.sh /usr/local/bin/run.sh
RUN chmod +x /usr/local/bin/run.sh
EXPOSE 8080
VOLUME /db /config
CMD ["tini","--","run.sh"]

3
isso/run.sh Normal file
View File

@ -0,0 +1,3 @@
#!/bin/sh
chown -R $UID:$GID /db /config
gosu $UID:$GID isso -c /config/isso.conf run

38
lufi/Dockerfile Normal file
View File

@ -0,0 +1,38 @@
FROM debian:jessie
MAINTAINER Wonderfall <wonderfall@mondedie.fr>
ENV TINI_VER=0.9.0 \
USERID=1000 \
GROUPID=1000 \
SECRET=ZyCnLAhYKBIJrukuKZZJ \
CONTACT=contact@domain.tld \
MAX_FILE_SIZE=1000000000 \
WEBROOT=/ \
DOMAIN=domain.tld
RUN apt-get update && apt-get install -y --no-install-recommends --no-install-suggests \
wget \
perl \
build-essential \
ca-certificates \
&& cpan install Carton \
&& mkdir /lufi && cd /lufi \
&& wget -qO- https://github.com/ldidry/lufi/archive/master.tar.gz | tar xz --strip 1 \
&& carton install \
&& wget -q https://github.com/krallin/tini/releases/download/v$TINI_VER/tini_$TINI_VER.deb -P /tmp \
&& dpkg -i /tmp/tini_$TINI_VER.deb \
&& apt-get purge -y \
wget \
build-essential \
ca-certificates \
&& apt-get autoremove --purge -y && apt-get clean \
&& rm -rf /var/lib/apt/lists/* /root/.cpan* /lufi/local/cache/* /lufi/utilities /tmp/*
COPY run.sh /usr/local/bin/run.sh
COPY lufi.conf /lufi/lufi.conf
RUN chmod +x /usr/local/bin/run.sh
EXPOSE 8080
VOLUME /data /files
CMD ["tini","--","run.sh"]

44
lufi/README.md Normal file
View File

@ -0,0 +1,44 @@
## wonderfall/lufi
[![](https://badge.imagelayers.io/wonderfall/lufi:latest.svg)](https://imagelayers.io/?images=wonderfall/lufi:latest 'Get your own badge on imagelayers.io')
![](https://pix.schrodinger.io/H1JZuROt/zh7BXdOK.png)
#### What is this?
Lufi means Let's Upload that FIle.
Is that all? No. All the files are encrypted by the browser! It means that your files never leave your computer unencrypted. The administrator of the Lufi instance you use will not be able to see what is in your file, neither will your network administrator, or your ISP.
#### Environment variables
- **GROUPID** : lufi group id. *(default : 1000)*
- **USERID** : lufi user id. *(default : 1000)*
- **SECRET** : random string used to encrypt cookies. *(default : ZyCnLAhYKBIJrukuKZZJ)*
- **CONTACT** : lufi contact. *(default : contact@domain.tld)*
- **MAX_FILE_SIZE** : maximum file size of an uploaded file in bytes. *(default : 1GB)*
- **WEBROOT** : webroot of lufi. *(default : /)*
- **DOMAIN** : domain used with lufi. *(default : domain.tld)*
*Tip : you can use the following command to generate SECRET.*
`cat /dev/urandom | tr -dc 'a-zA-Z' | fold -w 20 | head -n 1`
#### Volumes
- **/data** : where lufi's database is stored.
- **/files** : location of uploaded files.
#### Reverse proxy
https://github.com/Wonderfall/dockerfiles/tree/master/reverse
#### Docker-compose (example)
```
lufi:
image: wonderfall/lufi
environment:
- GROUPID=1000
- USERID=1000
- SECRET=EFDLZGzfvzvbpdghZZopg
- CONTACT=john.doe@domain.tld
- WEBROOT=/
- MAX_FILE_SIZE=1000000000
- DOMAIN=domain.tld
volumes:
- /mnt/lufi/files:/files
- /mnt/lufi/data:/data
```

21
lufi/lufi.conf Normal file
View File

@ -0,0 +1,21 @@
{
hypnotoad => {
listen => ['http://0.0.0.0:8080'],
proxy => 1,
},
contact => '<contact>',
secrets => ['<secret>'],
length => 8,
provis_step => 5,
provisioning => 100,
token_length => 32,
max_file_size => <max_file_size>,
#piwik_img => 'https://piwik.example.org/piwik.php?idsite=1&amp;rec=1',
default_delay => 1,
max_delay => 0,
prefix => '<webroot>',
allowed_domains => ['http://<domain>', 'https://<domain>'],
fixed_domain => '<domain>',
db_path => '/data/lufi.db',
upload_dir => '/files',
};

11
lufi/run.sh Normal file
View File

@ -0,0 +1,11 @@
#!/bin/bash
deluser lufi
addgroup --gid $GROUPID lufi
adduser --system --shell /bin/sh --no-create-home --ingroup lufi --uid $USERID lufi
sed -i -e 's/<contact>/'$CONTACT'/g' \
-e 's/<secret>/'$SECRET'/g' \
-e 's/<max_file_size>/'$MAX_FILE_SIZE'/g' \
-e 's/<domain>/'$DOMAIN'/g' \
-e 's|<webroot>|'$WEBROOT'|g' /lufi/lufi.conf
chown -R lufi:lufi /lufi /data /files
cd /lufi && su lufi -c "carton exec hypnotoad -f /lufi/script/lufi"

44
lutim/Dockerfile Normal file
View File

@ -0,0 +1,44 @@
FROM debian:jessie
MAINTAINER Wonderfall <wonderfall@mondedie.fr>
ENV TINI_VER=0.9.0 \
USERID=1000 \
GROUPID=1000 \
SECRET=ZyCnLAhYKBIJrukuKZZJ \
CONTACT=contact@domain.tld \
MAX_FILE_SIZE=100000000 \
WEBROOT=/ \
DOMAIN=domain.tld
RUN apt-get update && apt-get install -y --no-install-recommends --no-install-suggests \
wget \
perl \
make \
gcc \
ca-certificates \
libssl-dev \
shared-mime-info \
perlmagick \
&& cpan install Carton \
&& mkdir /lutim && cd /lutim \
&& wget -qO- https://github.com/ldidry/lutim/archive/master.tar.gz | tar xz --strip 1 \
&& carton install \
&& wget -q https://github.com/krallin/tini/releases/download/v$TINI_VER/tini_$TINI_VER.deb -P /tmp \
&& dpkg -i /tmp/tini_$TINI_VER.deb \
&& apt-get purge -y \
wget \
make \
gcc \
libssl-dev \
ca-certificates \
&& apt-get autoremove --purge -y && apt-get clean \
&& rm -rf /var/lib/apt/lists/* /root/.cpan* /lutim/local/cache/* /lutim/utilities /tmp/*
COPY run.sh /usr/local/bin/run.sh
COPY lutim.conf /lutim/lutim.conf
RUN chmod +x /usr/local/bin/run.sh
EXPOSE 8181
VOLUME /data /lutim/files
CMD ["tini","--","run.sh"]

46
lutim/README.md Normal file
View File

@ -0,0 +1,46 @@
## wonderfall/lutim
[![](https://badge.imagelayers.io/wonderfall/lutim:latest.svg)](https://imagelayers.io/?images=wonderfall/lutim:latest 'Get your own badge on imagelayers.io')
![](https://i.goopics.net/rf.png)
#### What is this?
LUTIM means Let's Upload That Image.
It stores images and allows you to see them, download them or share them on social networks. From version 0.5, the gif images can be displayed as animated gifs in Twitter, but you need a HTTPS server (Twitter requires that. Lutim detects if you have a HTTPS server and displays an static image twitter card if you don't);
Images are indefinitly stored unless you request that they will be deleted at first view or after 24 hours / one week / one month / one year.
#### Environment variables
- **GROUPID** : lutim group id. *(default : 1000)*
- **USERID** : lutim user id. *(default : 1000)*
- **SECRET** : random string used to encrypt cookies. *(default : ZyCnLAhYKBIJrukuKZZJ)*
- **CONTACT** : lutim contact. *(default : contact@domain.tld)*
- **MAX_FILE_SIZE** : maximum file size of an uploaded file in bytes. *(default : 1GB)*
- **WEBROOT** : webroot of lutim. *(default : /)*
- **DOMAIN** : your domain used with lutim *(default : domain.tld)*
*Tip : you can use the following command to generate SECRET.*
`cat /dev/urandom | tr -dc 'a-zA-Z' | fold -w 20 | head -n 1`
#### Volumes
- **/data** : where lutim's database is stored.
- **/lutim/files** : location of uploaded files.
#### Reverse proxy
https://github.com/Wonderfall/dockerfiles/tree/master/reverse
#### Docker compose (example)
```
lutim:
image: wonderfall/lutim
environment:
- GROUPID=1000
- USERID=1000
- SECRET=ZyCnLAhYKBIJrukuKZZJ
- CONTACT=user@domain.tld
- MAX_FILE_SIZE=100000000
- WEBROOT=/
- DOMAIN=domain.tld
volumes:
- /mnt/docker/lutim/data:/data
- /mnt/docker/lutim/files:/lutim/files
```

24
lutim/lutim.conf Normal file
View File

@ -0,0 +1,24 @@
{
hypnotoad => {
listen => ['http://0.0.0.0:8181'],
},
contact => '<contact>',
secrets => ['<secret>'],
length => 8,
crypto_key_length => 8,
provis_step => 5,
provisioning => 100,
anti_flood_delay => 5,
max_file_size => <max_file_size>,
allowed_domains => ['http://<domain>', 'https://<domain>'],
default_delay => 1,
max_delay => 0,
always_encrypt => 1,
token_length => 24,
stats_day_num => 365,
keep_ip_during => 365,
policy_when_full => 'warn',
prefix => '<webroot>',
db_path => '/data/lutim.db',
delete_no_longer_viewed_files => 90
};

11
lutim/run.sh Normal file
View File

@ -0,0 +1,11 @@
#!/bin/bash
deluser lutim
addgroup --gid $GROUPID lutim
adduser --system --shell /bin/sh --no-create-home --ingroup lutim --uid $USERID lutim
sed -i -e 's/<contact>/'$CONTACT'/g' \
-e 's/<secret>/'$SECRET'/g' \
-e 's/<max_file_size>/'$MAX_FILE_SIZE'/g' \
-e 's/<domain>/'$DOMAIN'/g' \
-e 's|<webroot>|'$WEBROOT'|g' /lutim/lutim.conf
chown -R lutim:lutim /lutim /data
cd /lutim && su lutim -c "carton exec hypnotoad -f /lutim/script/lutim"

40
lychee/Dockerfile Normal file
View File

@ -0,0 +1,40 @@
FROM alpine:3.3
MAINTAINER Wonderfall <wonderfall@schrodinger.io>
ENV UID=991 GID=991
RUN echo "@commuedge http://nl.alpinelinux.org/alpine/edge/community" >> /etc/apk/repositories \
&& apk -U add \
nginx \
php-fpm \
php-exif \
php-gd \
php-json \
php-mysqli \
php-zip \
tar \
supervisor \
ca-certificates \
tini@commuedge \
&& sed -i -e "s/max_execution_time = 30/max_execution_time = 200/g" \
-e "s/post_max_size = 8M/post_max_size = 100M/g" \
-e "s/upload_max_filesize = 2M/upload_max_filesize = 20M/g" \
-e "s/memory_limit = 256M/memory_limit = 512M/g" \
/etc/php/php.ini \
&& mkdir /lychee && cd /lychee \
&& wget -qO- https://github.com/electerious/Lychee/archive/master.tar.gz | tar xz --strip 1 \
&& apk del \
tar \
ca-certificates \
&& rm -f /var/cache/apk/*
COPY nginx.conf /etc/nginx/nginx.conf
COPY php-fpm.conf /etc/php/php-fpm.conf
COPY supervisord.conf /usr/local/etc/supervisord.conf
COPY run.sh /usr/local/bin/run.sh
RUN chmod +x /usr/local/bin/run.sh
VOLUME /lychee/uploads /lychee/data
EXPOSE 80
CMD ["tini","--","run.sh"]

82
lychee/nginx.conf Normal file
View File

@ -0,0 +1,82 @@
user lychee;
worker_processes auto;
pid /var/run/nginx.pid;
daemon off;
events {
worker_connections 1024;
use epoll;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
access_log off;
error_log /var/log/nginx/error.log error;
sendfile on;
keepalive_timeout 15;
keepalive_disable msie6;
keepalive_requests 100;
tcp_nopush on;
tcp_nodelay on;
server_tokens off;
gzip on;
gzip_comp_level 5;
gzip_min_length 512;
gzip_buffers 4 8k;
gzip_proxied any;
gzip_vary on;
gzip_disable "msie6";
gzip_types
text/css
text/javascript
text/xml
text/plain
text/x-component
application/javascript
application/x-javascript
application/json
application/xml
application/rss+xml
application/vnd.ms-fontobject
font/truetype
font/opentype
image/svg+xml;
server {
listen 80;
root /lychee;
index index.php index.html;
location / {
try_files $uri $uri/ /index.html;
}
location ~* \.(?:ico|css|js|gif|jpe?g|png|ttf|woff)\$ {
access_log off;
expires 30d;
add_header Pragma public;
add_header Cache-Control "public, mustrevalidate, proxy-revalidate";
}
location ~ \.php$ {
fastcgi_split_path_info ^(.*\.php)(/.*)?$;
fastcgi_pass unix:/var/run/php-fpm.sock;
fastcgi_index index.php;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_intercept_errors off;
fastcgi_buffer_size 16k;
fastcgi_buffers 4 16k;
}
location ~ /\.ht {
deny all;
}
}
}

15
lychee/php-fpm.conf Normal file
View File

@ -0,0 +1,15 @@
[global]
daemonize = no
[www]
user = lychee
group = lychee
listen = /var/run/php-fpm.sock
listen.owner = lychee
listen.group = lychee
pm = dynamic
pm.max_children = 5
pm.start_servers = 2
pm.min_spare_servers = 1
pm.max_spare_servers = 3
chdir = /

4
lychee/run.sh Normal file
View File

@ -0,0 +1,4 @@
#!/bin/sh
addgroup -g ${GID} lychee && adduser -h /lychee -s /bin/sh -D -G lychee -u ${UID} lychee
chown -R lychee:lychee /lychee /var/run/php-fpm.sock /var/lib/nginx /tmp
supervisord -c /usr/local/etc/supervisord.conf

8
lychee/supervisord.conf Normal file
View File

@ -0,0 +1,8 @@
[supervisord]
nodaemon=true
[program:php-fpm]
command=php-fpm
[program:nginx]
command=nginx

4
nodejs/README.md Normal file
View File

@ -0,0 +1,4 @@
## wonderfall/node
**SIZE : ±38MB**
![](https://i.goopics.net/lq.png)

49
nodejs/lts/Dockerfile Normal file
View File

@ -0,0 +1,49 @@
FROM alpine:3.3
MAINTAINER Wonderfall <wonderfall@mondedie.fr>
ARG NODE_VER=4.4.2
ARG NPM_VER=3
RUN apk -U add \
git \
make \
gcc \
g++ \
python \
linux-headers \
paxctl \
libgcc \
libstdc++ \
binutils-gold \
ca-certificates \
&& NB_CORES=`getconf _NPROCESSORS_CONF` \
&& cd /tmp \
&& wget -qO- https://nodejs.org/dist/v$NODE_VER/node-v$NODE_VER.tar.gz | tar zxf - \
&& cd node-v$NODE_VER \
&& ./configure --prefix=/usr \
&& make -j$NB_CORES && make install \
&& paxctl -cm /usr/bin/node \
&& npm install -g npm@$NPM_VER \
&& find /usr/lib/node_modules/npm -name test -o -name .bin -type d | xargs rm -rf \
&& apk del \
git \
make \
gcc \
g++ \
python \
linux-headers \
paxctl \
binutils-gold \
grep \
ca-certificates \
&& rm -rf \
/tmp/* \
/var/cache/apk/* \
/root/.npm \
/root/.node-gyp \
/usr/lib/node_modules/npm/man \
/usr/lib/node_modules/npm/doc \
/usr/lib/node_modules/npm/html \
/usr/share/man
CMD ["node", "-v"]

50
nodejs/stable/Dockerfile Normal file
View File

@ -0,0 +1,50 @@
FROM alpine:3.3
MAINTAINER Wonderfall <wonderfall@mondedie.fr>
ARG NODE_VER=5.10.1
ARG NPM_VER=3
RUN apk -U add \
git \
make \
gcc \
g++ \
python \
linux-headers \
paxctl \
libgcc \
libstdc++ \
binutils-gold \
ca-certificates \
&& NB_CORES=`getconf _NPROCESSORS_CONF` \
&& cd /tmp \
&& wget -qO- https://nodejs.org/dist/v$NODE_VER/node-v$NODE_VER.tar.gz | tar zxf - \
&& cd node-v$NODE_VER \
&& ./configure --prefix=/usr \
&& make -j$NB_CORES && make install \
&& paxctl -cm /usr/bin/node \
&& npm install -g npm@$NPM_VER \
&& find /usr/lib/node_modules/npm -name test -o -name .bin -type d \
| xargs rm -rf \
&& apk del \
git \
make \
gcc \
g++ \
python \
linux-headers \
paxctl \
grep \
binutils-gold \
ca-certificates \
&& rm -rf \
/tmp/* \
/var/cache/apk/* \
/root/.npm \
/root/.node-gyp \
/usr/lib/node_modules/npm/man \
/usr/lib/node_modules/npm/doc \
/usr/lib/node_modules/npm/html \
/usr/share/man
CMD ["node", "-v"]

65
owncloud/Dockerfile Normal file
View File

@ -0,0 +1,65 @@
FROM debian:jessie
MAINTAINER Wonderfall <wonderfall@mondedie.fr>
ENV VERSION=9.0.0 TINI_VER=0.9.0 USERID=1000 GROUPID=1000
ADD https://www.dotdeb.org/dotdeb.gpg /tmp/dotdeb.gpg
ADD http://nginx.org/keys/nginx_signing.key /tmp/nginx.key
RUN echo "deb http://packages.dotdeb.org jessie all" > /etc/apt/sources.list.d/dotdeb.list \
&& echo "deb http://nginx.org/packages/mainline/debian/ jessie nginx" > /etc/apt/sources.list.d/nginx.list \
&& echo "deb-src http://nginx.org/packages/mainline/debian/ jessie nginx" >> /etc/apt/sources.list.d/nginx.list \
&& apt-key add /tmp/dotdeb.gpg \
&& apt-key add /tmp/nginx.key
RUN apt-get update \
&& apt-get install -y --no-install-recommends --no-install-suggests \
cron \
nginx \
openssl \
supervisor \
php7.0-fpm \
php7.0-cli \
php7.0-intl \
php7.0-curl \
php7.0-gd \
php7.0-mcrypt \
php7.0-mysql \
&& mkdir /run/php && touch /run/php/php7.0-fpm.sock \
&& chown www-data:www-data /run/php/php7.0-fpm.sock \
&& sed -i "s/;env\[PATH\]/env\[PATH\]/g" /etc/php/7.0/fpm/pool.d/www.conf \
&& apt-get clean && rm -rf /var/lib/apt/lists/*
RUN apt-get update && apt-get install -y --no-install-recommends --no-install-suggests \
bzip2 \
wget \
ca-certificates \
&& mkdir /owncloud && cd /tmp \
&& wget -q https://download.owncloud.org/community/owncloud-$VERSION.tar.bz2 \
&& wget -q https://download.owncloud.org/community/owncloud-$VERSION.tar.bz2.sha256 \
&& wget -q https://download.owncloud.org/community/owncloud-$VERSION.tar.bz2.asc \
&& wget -q https://owncloud.org/owncloud.asc \
&& sha256sum -c owncloud-$VERSION.tar.bz2.sha256 \
&& gpg --import owncloud.asc \
&& gpg --verify owncloud-$VERSION.tar.bz2.asc \
&& tar xjf /tmp/owncloud-$VERSION.tar.bz2 --strip 1 -C /owncloud \
&& wget -q https://github.com/krallin/tini/releases/download/v$TINI_VER/tini_$TINI_VER.deb \
&& dpkg -i tini_$TINI_VER.deb \
&& apt-get purge -y wget bzip2 ca-certificates && apt-get autoremove -y --purge \
&& apt-get clean && rm -rf /var/lib/apt/lists/* /tmp/*
COPY nginx.conf /etc/nginx/nginx.conf
COPY supervisord.conf /etc/supervisord.conf
COPY cron.conf /etc/cron.conf
COPY opcache.ini /etc/php/mods-available/opcache.ini
COPY run.sh /usr/local/bin/run.sh
RUN chmod +x /usr/local/bin/run.sh
VOLUME /data /config /apps2
EXPOSE 80
LABEL description="A server software for creating file hosting services" \
owncloud="ownCloud v$VERSION"
CMD ["tini","--","run.sh"]

111
owncloud/README.md Normal file
View File

@ -0,0 +1,111 @@
## wonderfall/owncloud
[![](https://badge.imagelayers.io/wonderfall/owncloud:latest.svg)](https://imagelayers.io/?images=wonderfall/owncloud:latest 'Get your own badge on imagelayers.io')
![](https://i.goopics.net/lu.png)
#### Features
- Based on `debian/jessie`.
- **Lightweight**, even though it's based on Debian, I did my best.
- **Functional by design**, and even through updates.
- **nginx 1.9.10** (mainline) is the webserver.
- **PHP 7.0.3** (latest stable) is used.
- **supervisor** is running the services.
- **OPCache** is configured to provide best performances.
- **system cron** is already configured (you can disable AJAX cron).
- **MySQL/MariaDB** compatibility (server not built-in)
- **Secure installation**, it verifies both integrity and authenticity (sha256sum && gpg).
- **UID/GID flexibility**, so you won't bother about permissions.
#### Tags
- `latest`, `8.2` : ownCloud 8.2.x (actual version : 8.2.2).
- `dev` *(if present)* : don't use it unless you have a reason.
If you want some security, versioning with tags should be available since 8.2 (e.g. the next tags will be 8.3, 8.4, etc. major updates as you can notice). I do not make tags for minor updates, like 8.2.1, 8.2.2, 8.2.x, since it's only bugfixes and security patches, which are strongly recommended.
#### Environment variables
- **USERID** : owncloud user id.
- **GROUPID** : owncloud group id.
#### Volumes
- **/data** : owncloud data (e.g. your files)
- **/config** : configuration files
- **/apps2** : owncloud downloaded apps
#### About the database
You have to use an external database container, thus allowing better security and less complexity. I suggest you to use MySQL/MariaDB, a reliable database server. For instance, you can use the official `mariadb` build, which is very easy to run and of course available on Docker Hub. I decided not to use sqlite since it's not recommended by ownCloud (sqlite is supected to cause some troubles with sync clients).
#### Once runned!
Go to your ownCloud instance, change `/ocwww/data` to `/data` (recommended), and fill in all the fields to configure your database. **Note #1 :** when you mount `/config`, you don't really mount `/ocwww/owncloud/config`. `/config` should contain `config.php`, although this is not the one actually used by ownCloud. However, each time you restart the container, `/config/config.php` overwrites `/ocwww/config/config.php`. Before that, `/ocwww/config/config.php` is copied as `/config/config.php.bkp`, so you can easily revert changes you're not satisfied of. **Note #2 :** this build doesn't make use of https, because I use it behind a reverse proxy (nginx), which is using https. You can do the same, it's easy to setup : take a look at my build `wonderfall/reverse` if you're interested.
#### Configure
Now, ownCloud should be 100% functionnal. APCu was installed and configured before, but I had too many problems using this... on top of that, I didn't notice any performance improvement over Opcache + PHP7. As ownCloud recommends, **system cron is already active**. You should switch from `AJAX cron` to `cron` (system cron) in the admin pannel. By the way, I highly recommend encryption! My buid is fully-compatible with the encryption module.
*config.php parameters can be found [here](https://doc.owncloud.org/server/8.2/admin_manual/configuration_server/config_sample_php_parameters.html) and [there](https://doc.owncloud.org/server/8.2/admin_manual/installation/apps_management_installation.html)* This is espacially useful when you're using a reverse proxy, and/or if you'd like to keep your 3rd-party plugins across updates (you should use the /apps volume to do that). **READ THE DOCUMENTATION, I WON'T DO SOME MAGIC TRICKS FOR YOU.**
#### How do I update?
Just pull the newer image, and recreate the container. As you may know, backups are highly recommended (don't fear that, Docker just makes things a lot easier!), and even if it's boring, do it, do it, do it! There should be no issue with config.php, but if you see the setup screen, don't panic (your volumes should be intact...) and just restart the container and check `/ocwww/config/config.php`.
#### config.php (example, behind reverse proxy + external apps path)
```
<?php
$CONFIG = array (
...
'trusted_domains' =>
array (
0 => 'owncloud',
1 => 'your.domain.tld',
),
...
"apps_paths" => array (
0 => array (
"path" => "/owncloud/apps",
"url" => "/apps",
"writable" => false,
),
1 => array (
"path" => "/apps2",
"url" => "/apps2",
"writable" => true,
),
),
...
'overwritehost' => 'your.domain.tld',
'overwriteprotocol' => 'https',
'updatechecker' => false,
...
);
```
#### Docker Compose (example)
```
reverse: # if any
...
links:
- owncloud:owncloud
...
owncloud:
image: wonderfall/owncloud:8.2
links:
- db_owncloud:db_owncloud
environment:
- USERID=1000
- GROUPID=1000
volumes:
- /mnt/owncloud/data:/data
- /mnt/owncloud/config:/config
- /mnt/owncloud/apps:/apps2
db_owncloud:
image: mariadb:10
volumes:
- /mnt/owncloud/db:/var/lib/mysql
environment:
- MYSQL_ROOT_PASSWORD=supersecretpassword
- MYSQL_DATABASE=owncloud
- MYSQL_USER=owncloud
- MYSQL_PASSWORD=supersecretpassword
```
#### Reverse proxy
https://github.com/Wonderfall/dockerfiles/tree/master/reverse

1
owncloud/cron.conf Normal file
View File

@ -0,0 +1 @@
*/15 * * * * php -f /owncloud/cron.php > /dev/null 2>&1

93
owncloud/nginx.conf Normal file
View File

@ -0,0 +1,93 @@
user www-data;
worker_processes auto;
pid /var/run/nginx.pid;
daemon off;
events {
worker_connections 1024;
use epoll;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
access_log off;
error_log /var/log/nginx/error.log error;
sendfile on;
keepalive_timeout 15;
keepalive_disable msie6;
keepalive_requests 100;
tcp_nopush on;
tcp_nodelay off;
server_tokens off;
gzip on;
gzip_comp_level 5;
gzip_min_length 512;
gzip_buffers 4 8k;
gzip_proxied any;
gzip_vary on;
gzip_disable "msie6";
gzip_types
text/css
text/javascript
text/xml
text/plain
text/x-component
application/javascript
application/x-javascript
application/json
application/xml
application/rss+xml
application/vnd.ms-fontobject
font/truetype
font/opentype
image/svg+xml;
server {
listen 80;
index index.php;
root /owncloud;
client_max_body_size 10G;
fastcgi_buffers 64 4K;
rewrite ^/caldav(.*)$ /remote.php/caldav$1 redirect;
rewrite ^/carddav(.*)$ /remote.php/carddav$1 redirect;
rewrite ^/webdav(.*)$ /remote.php/webdav$1 redirect;
error_page 403 /core/templates/403.php;
error_page 404 /core/templates/404.php;
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
location ~ ^/(data|config|\.ht|db_structure\.xml|README) {
deny all;
}
location / {
rewrite ^/.well-known/host-meta /public.php?service=host-meta last;
rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json last;
rewrite ^/.well-known/carddav /remote.php/carddav/ redirect;
rewrite ^/.well-known/caldav /remote.php/caldav/ redirect;
rewrite ^(/core/doc/[^\/]+/)$ $1/index.html;
try_files $uri $uri/ index.php;
}
location ~ ^(.+?\.php)(/.*)?$ {
try_files $1 = 404;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$1;
fastcgi_param PATH_INFO $2;
fastcgi_pass unix:/run/php/php7.0-fpm.sock;
}
location ~* ^.+\.(jpg|jpeg|gif|bmp|ico|png|css|js|swf)$ {
expires 30d;
access_log off;
}
}
}

10
owncloud/opcache.ini Normal file
View File

@ -0,0 +1,10 @@
; configuration for php opcache module
; priority=10
zend_extension=opcache.so
opcache.enable=1
opcache.enable_cli=1
opcache.fast_shutdown=1
opcache.memory_consumption=256
opcache.interned_strings_buffer=16
opcache.max_accelerated_files=5413
opcache.revalidate_freq=60

17
owncloud/run.sh Normal file
View File

@ -0,0 +1,17 @@
#!/bin/bash
deluser www-data
addgroup --gid $GROUPID www-data
adduser --system --no-create-home --ingroup www-data --uid $USERID www-data
crontab -u www-data /etc/cron.conf
if [ -f /owncloud/config/config.php ] && [ ! -f /config/config.php ]; then
cp /owncloud/config/config.php /config/config.php
elif [ -f /config/config.php ]; then
mv /owncloud/config/config.php /config/config.php.bkp
cp /config/config.php /owncloud/config/config.php
fi
chown -R www-data:www-data /owncloud /data /config /apps2
ln -s /apps2 /owncloud
supervisord -c /etc/supervisord.conf

11
owncloud/supervisord.conf Normal file
View File

@ -0,0 +1,11 @@
[supervisord]
nodaemon=true
[program:cron]
command=cron -f
[program:php-fpm]
command=php-fpm7.0 --nodaemonize
[program:nginx]
command=nginx

48
piwik/Dockerfile Normal file
View File

@ -0,0 +1,48 @@
FROM alpine:3.3
MAINTAINER Wonderfall <wonderfall@mondedie.fr>
ENV VER=2.16.0 GID=991 UID=991
RUN echo "@testing http://nl.alpinelinux.org/alpine/edge/testing" >> /etc/apk/repositories \
&& echo "@commuedge http://nl.alpinelinux.org/alpine/edge/community" >> /etc/apk/repositories \
&& apk -U add \
nginx \
php-fpm \
php-gd \
php-curl \
php-cli \
php-json \
php-ctype \
php-iconv \
php-zlib \
php-dom \
php-openssl \
php-geoip@testing \
php-mysqli \
php-pdo_mysql \
supervisor \
tini@commuedge \
&& sed -i 's/;always_populate_raw_post_data/always_populate_raw_post_data/g' /etc/php/php.ini \
&& echo 'geoip.custom_directory=/piwik/misc' >> /etc/php/php.ini \
&& rm -f /var/cache/apk/*
RUN wget -qO- http://builds.piwik.org/piwik-$VER.tar.gz | tar xz
RUN wget -q http://geolite.maxmind.com/download/geoip/database/GeoLiteCity.dat.gz -P /piwik/misc \
&& gzip -d /piwik/misc/GeoLiteCity.dat.gz \
&& mv /piwik/misc/GeoLiteCity.dat /piwik/misc/GeoIPCity.dat
COPY nginx.conf /etc/nginx/nginx.conf
COPY php-fpm.conf /etc/php/php-fpm.conf
COPY supervisord.conf /usr/local/etc/supervisord.conf
COPY run.sh /usr/local/bin/run.sh
RUN chmod +x /usr/local/bin/run.sh
VOLUME /config
EXPOSE 80
LABEL description "Open web analytics platform" \
piwik "Piwik v$VER"
CMD ["tini","--","run.sh"]

66
piwik/README.md Normal file
View File

@ -0,0 +1,66 @@
## wonderfall/piwik
[![](https://badge.imagelayers.io/wonderfall/analytics:latest.svg)](https://imagelayers.io/?images=wonderfall/analytics:latest 'Get your own badge on imagelayers.io')
![](https://i.goopics.net/m3.png)
#### What is this?
It is a web analytics platform. Piwik respects your privacy and gives you full control over your data.
#### Features
- Based on Alpine Linux 3.3 : lightweight and secure.
- Functional installation. Pull and run.
- Latest Piwik stable.
- nginx stable + php-fpm stable.
- pdo_mysql and mysqli available (mysql server not built-in).
- Latest GeoLite City Database from maxmind.com.
- External + automatic backup of configuration.
#### Environment variables
- **GID** : piwik group id.
- **UID** : piwik user id.
#### Volumes
- **/config** : configuration files
#### Update
Piwik can update itself. It works well. I'm also maintaing this Dockerfile, so if you don't want to do upgrades directly from Piwik, you can recreate the container as well whenever I push an update.
#### Configuration
According to Piwik, everything should be fine running this image. You shoudn't have any difficulties to setup your own instance of Piwik. Your `/config/config.ini.php` overwrites the one (in `/piwik/config`)used by Piwik each time the container is started. Moreover, the old config.ini.php is saved as `/config/config.ini.php.bkp` if you want to revert last changes. This should also guarantee transparency through Piwik's updates.
If you're running Piwik behind a reverse proxy (most likely you do), add this to your `config.ini.php` :
```
[General]
#assume_secure_protocol = 1 #uncomment if you use https
proxy_client_headers[] = HTTP_X_FORWARDED_FOR
proxy_client_headers[] = HTTP_X_REAL_IP
proxy_host_headers[] = HTTP_X_FORWARDED_HOST
```
#### Reverse proxy
https://github.com/Wonderfall/dockerfiles/tree/master/reverse
#### Docker Compose (example)
```
piwik:
image: wonderfall/piwik
links:
- db_piwik:db_piwik
volumes:
- /mnt/docker/piwik/config:/config
environment:
- GID=1000
- UID=1000
db_piwik:
image: mariadb:10
volumes:
- /mnt/docker/piwik/db:/var/lib/mysql
environment:
- MYSQL_ROOT_PASSWORD=asupersecretpassword
- MYSQL_DATABASE=piwik
- MYSQL_USER=piwik
- MYSQL_PASSWORD=asupersecretpassword
```

97
piwik/nginx.conf Normal file
View File

@ -0,0 +1,97 @@
user piwik;
worker_processes auto;
pid /var/run/nginx.pid;
daemon off;
events {
worker_connections 1024;
use epoll;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
access_log off;
error_log /var/log/nginx/error.log error;
sendfile on;
keepalive_timeout 15;
keepalive_disable msie6;
keepalive_requests 100;
tcp_nopush on;
tcp_nodelay off;
server_tokens off;
gzip on;
gzip_comp_level 5;
gzip_min_length 512;
gzip_buffers 4 8k;
gzip_proxied any;
gzip_vary on;
gzip_disable "msie6";
gzip_types
text/css
text/javascript
text/xml
text/plain
text/x-component
application/javascript
application/x-javascript
application/json
application/xml
application/rss+xml
application/vnd.ms-fontobject
font/truetype
font/opentype
image/svg+xml;
server {
listen 80;
root /piwik;
index index.php index.html;
location ~* \.(?:bat|git|ini|sh|svn[^.]*|txt|tpl|xml)$ {
return 404;
}
location ~* \.(jpg|jpeg|gif|css|png|js|map|woff|woff2|ttf|svg|eot)$ {
expires 30d;
access_log off;
}
location = /favicon.ico {
try_files /favicon.ico =204;
}
location ~* ^/(?:README|LICENSE[^.]*|LEGALNOTICE)(?:\.txt)*$ {
return 404;
}
location ~ ^/(vendor|config|tmp|libs|misc) {
deny all;
return 404;
}
location ~* /(.*)\.(?:markdown|md|twig|yaml|yml|ht|htaccess|ini)$ {
deny all;
}
location ~ /\. {
deny all;
}
location / {
try_files $uri /index.php;
}
location ~ \.php$ {
fastcgi_index index.php;
fastcgi_pass unix:/var/run/php-fpm.sock;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include /etc/nginx/fastcgi_params;
}
}
}

15
piwik/php-fpm.conf Normal file
View File

@ -0,0 +1,15 @@
[global]
daemonize = no
[www]
user = piwik
group = piwik
listen = /var/run/php-fpm.sock
listen.owner = piwik
listen.group = piwik
pm = dynamic
pm.max_children = 5
pm.start_servers = 2
pm.min_spare_servers = 1
pm.max_spare_servers = 3
chdir = /

12
piwik/run.sh Normal file
View File

@ -0,0 +1,12 @@
#!/bin/sh
addgroup -g ${GID} piwik && adduser -h /piwik -s /bin/sh -D -G piwik -u ${UID} piwik
if [ -f /piwik/config/config.ini.php ] && [ ! -f /config/config.ini.php ]; then
cp /piwik/config/config.ini.php /config/config.ini.php
elif [ -f /config/config.ini.php ]; then
mv /piwik/config/config.ini.php /config/config.ini.php.bkp
cp /config/config.ini.php /piwik/config/config.ini.php
fi
chown -R piwik:piwik /piwik /config /var/run/php-fpm.sock /var/lib/nginx /tmp
supervisord -c /usr/local/etc/supervisord.conf

8
piwik/supervisord.conf Normal file
View File

@ -0,0 +1,8 @@
[supervisord]
nodaemon=true
[program:php-fpm]
command=php-fpm
[program:nginx]
command=nginx

42
rainloop/Dockerfile Normal file
View File

@ -0,0 +1,42 @@
FROM alpine:3.3
MAINTAINER Wonderfall <wonderfall@mondedie.fr>
ENV GID=1000 UID=1000
RUN echo "@commuedge http://nl.alpinelinux.org/alpine/edge/community" >> /etc/apk/repositories \
&& apk -U add \
nginx \
php-fpm \
php-curl \
php-iconv \
php-xml \
php-dom \
php-openssl \
php-json \
php-zlib \
php-pdo_mysql \
php-pdo_sqlite \
php-sqlite3 \
supervisor \
gnupg \
tini@commuedge \
&& wget -q http://repository.rainloop.net/v2/webmail/rainloop-community-latest.zip -P /tmp \
&& wget -q http://repository.rainloop.net/v2/webmail/rainloop-community-latest.zip.asc -P /tmp \
&& wget -q http://repository.rainloop.net/RainLoop.asc -P /tmp \
&& gpg --import /tmp/RainLoop.asc \
&& gpg --verify /tmp/rainloop-community-latest.zip.asc \
&& mkdir /rainloop && unzip -q /tmp/rainloop-community-latest.zip -d /rainloop \
&& apk del gnupg \
&& rm -rf /tmp/* /var/cache/apk/*
COPY nginx.conf /etc/nginx/nginx.conf
COPY php-fpm.conf /etc/php/php-fpm.conf
COPY supervisord.conf /usr/local/etc/supervisord.conf
COPY run.sh /usr/local/bin/run.sh
RUN chmod +x /usr/local/bin/run.sh
VOLUME /rainloop/data
EXPOSE 80
LABEL description "Fast, simple and modern webmail client"
CMD ["tini","--","run.sh"]

46
rainloop/README.md Normal file
View File

@ -0,0 +1,46 @@
## wonderfall/rainloop
[![](https://badge.imagelayers.io/wonderfall/rainloop:latest.svg)](https://imagelayers.io/?images=wonderfall/rainloop:latest 'Get your own badge on imagelayers.io')
![](https://i.goopics.net/nI.png)
#### What is this?
Rainloop is a SIMPLE, MODERN & FAST WEB-BASED EMAIL CLIENT. More info on the [official website](http://www.rainloop.net/).
#### Features
- Based on Alpine 3.3
- Latest Rainloop **Community Edition** (stable)
- Extremely lightweight
- Contacts (DB) : sqlite, or mysql (server not built-in)
#### Environment variables
- **GID** : rainloop group id.
- **UID** : rainloop user id.
#### Volumes
- **/rainloop/data** : rainloop's data
#### Docker Compose (example)
```
rainloop:
image: wonderfall/rainloop
environment:
- GID=1000
- UID=1000
volumes:
- /mnt/rainloop:/rainloop/data
# if using mysql as contacts database
db_rainloop:
image: mariadb:10
volumes:
- /mnt/rainloop/db:/var/lib/mysql
environment:
- MYSQL_ROOT_PASSWORD=supersecretpassword
- MYSQL_DATABASE=rainloop
- MYSQL_USER=rainloop
- MYSQL_PASSWORD=supersecretpassword
```
#### Reverse proxy
https://github.com/Wonderfall/dockerfiles/tree/master/reverse

71
rainloop/nginx.conf Normal file
View File

@ -0,0 +1,71 @@
user rainloop;
worker_processes auto;
pid /var/run/nginx.pid;
daemon off;
events {
worker_connections 1024;
use epoll;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
access_log off;
error_log /var/log/nginx/error.log error;
sendfile on;
keepalive_timeout 15;
keepalive_disable msie6;
keepalive_requests 100;
tcp_nopush on;
tcp_nodelay off;
server_tokens off;
gzip on;
gzip_comp_level 5;
gzip_min_length 512;
gzip_buffers 4 8k;
gzip_proxied any;
gzip_vary on;
gzip_disable "msie6";
gzip_types
text/css
text/javascript
text/xml
text/plain
text/x-component
application/javascript
application/x-javascript
application/json
application/xml
application/rss+xml
application/vnd.ms-fontobject
font/truetype
font/opentype
image/svg+xml;
server {
listen 80;
root /rainloop;
index index.php index.html;
location ^~ /data {
deny all;
}
location / {
try_files $uri $uri/ index.php;
}
location ~ \.php$ {
fastcgi_index index.php;
fastcgi_pass unix:/var/run/php-fpm.sock;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include /etc/nginx/fastcgi_params;
}
}
}

15
rainloop/php-fpm.conf Normal file
View File

@ -0,0 +1,15 @@
[global]
daemonize = no
[www]
user = rainloop
group = rainloop
listen = /var/run/php-fpm.sock
listen.owner = rainloop
listen.group = rainloop
pm = dynamic
pm.max_children = 5
pm.start_servers = 2
pm.min_spare_servers = 1
pm.max_spare_servers = 3
chdir = /

5
rainloop/run.sh Normal file
View File

@ -0,0 +1,5 @@
#!/bin/sh
addgroup -g ${GID} rainloop && adduser -h /rainloop -s /bin/sh -D -G rainloop -u ${UID} rainloop
chown -R rainloop:rainloop /rainloop /var/run/php-fpm.sock /var/lib/nginx /tmp
supervisord -c /usr/local/etc/supervisord.conf

8
rainloop/supervisord.conf Normal file
View File

@ -0,0 +1,8 @@
[supervisord]
nodaemon=true
[program:php-fpm]
command=php-fpm
[program:nginx]
command=nginx

95
reverse/Dockerfile Normal file
View File

@ -0,0 +1,95 @@
FROM alpine:3.3
MAINTAINER Wonderfall <wonderfall@mondedie.fr>
ARG NGINX_VER=1.9.14
ARG LIBRESSL_VER=2.3.3
ARG SIGNATURE=nginx
ARG BUILD_CORES
ENV UID=991 GID=991
RUN echo "@testing http://nl.alpinelinux.org/alpine/edge/testing" >> /etc/apk/repositories \
&& echo "@commuedge http://nl.alpinelinux.org/alpine/edge/community" >> /etc/apk/repositories \
&& NB_CORES=${BUILD_CORES-`getconf _NPROCESSORS_CONF`} \
&& BUILD_DEPS=" \
build-base \
linux-headers \
ca-certificates \
automake \
autoconf \
git \
tar \
libtool \
pcre-dev \
zlib-dev" \
&& apk -U add \
$BUILD_DEPS \
pcre \
zlib \
libgcc \
libstdc++ \
gosu@testing \
libressl@testing \
tini@commuedge \
&& cd /tmp && git clone https://github.com/bagder/libbrotli && cd libbrotli \
&& ./autogen.sh && ./configure && make -j $NB_CORES && make install \
&& mkdir /tmp/ngx_brotli && cd /tmp/ngx_brotli \
&& wget -qO- https://github.com/google/ngx_brotli/archive/master.tar.gz | tar xz --strip 1 \
&& mkdir /tmp/libressl && cd /tmp/libressl \
&& wget -qO- http://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-$LIBRESSL_VER.tar.gz | tar xz --strip 1 \
&& ./configure \
LDFLAGS=-lrt \
CFLAGS=-fstack-protector-strong \
--prefix=/tmp/libressl/.openssl/ \
--enable-shared=no \
&& make install-strip -j $NB_CORES \
&& mkdir /tmp/nginx && cd /tmp/nginx \
&& wget -qO- http://nginx.org/download/nginx-$NGINX_VER.tar.gz | tar zxf - \
&& cd nginx-$NGINX_VER \
&& sed -i -e "s/\"Server: nginx\" CRLF/\"Server: $SIGNATURE\" CRLF/g" \
-e "s/\"Server: \" NGINX_VER CRLF/\"Server: $SIGNATURE\" NGINX_VER CRLF/g" \
src/http/ngx_http_header_filter_module.c \
&& ./configure \
--with-http_ssl_module \
--with-http_v2_module \
--with-http_gzip_static_module \
--with-http_stub_status_module \
--with-openssl=/tmp/libressl \
--with-cc-opt='-g -O2 -fstack-protector-strong -Wformat -Werror=format-security' \
--with-ld-opt="-lrt" \
--with-file-aio \
--with-threads \
--without-http_ssi_module \
--without-http_scgi_module \
--without-http_uwsgi_module \
--without-http_fastcgi_module \
--without-http_geo_module \
--without-http_autoindex_module \
--without-http_map_module \
--without-http_split_clients_module \
--without-http_memcached_module \
--without-http_empty_gif_module \
--without-http_browser_module \
--prefix=/etc/nginx \
--http-log-path=/var/log/nginx/access.log \
--error-log-path=/var/log/nginx/error.log \
--sbin-path=/usr/local/sbin/nginx \
--add-module=/tmp/ngx_brotli \
&& make -j $NB_CORES && make install \
&& apk del $BUILD_DEPS \
&& rm -rf /tmp/* /var/cache/apk/*
COPY nginx.conf /etc/nginx/conf/nginx.conf
COPY run.sh /usr/local/bin/run.sh
COPY ngxpasswd /usr/local/bin/ngxpasswd
RUN chmod +x /usr/local/bin/*
EXPOSE 8000 4430
VOLUME /sites-enabled /conf.d /passwds /certs /var/log/nginx
LABEL description="Secure reverse proxy using nginx" \
libressl="LibreSSL v$LIBRESSL_VER" \
nginx="nginx v$NGINX_VER"
CMD ["tini","--","run.sh"]

123
reverse/README.md Normal file
View File

@ -0,0 +1,123 @@
## wonderfall/reverse
**SIZE : ±39MB**
![](https://i.goopics.net/lv.jpg) ![](https://i.goopics.net/lL.png) ![](https://upload.wikimedia.org/wikipedia/en/2/25/LibreSSL_logo.jpg)
#### What is this?
It is nginx latest mainline statically linked against LibreSSL latest snapshot, with embedded Brotli support.
Secured by default (no root processes, even the master one). I made this image for my own purpose, but I added some flexibility so you can use it easily.
#### Features
- Based on Alpine Linux (3.3) : lightweight and secure distribution.
- nginx mainline + LibreSSL snapshot
- HTTP/2 support.
- Brotli compression support.
- No root master process. Better security.
- AIO Threads support.
- No unnessary modules.
- Optimized nginx configuration.
#### Notes
It is required to :
- chown your certs files with the right uid/pid (no other way)
- change `listen` directive to 8000/4430 instead of 80/443
By the way, it is recommended to **build this image** (using docker-compose 1.6 and later for args compatibily) directly instead of pulling it from Docker Hub.
#### Volumes
- **/sites-enabled** : should contain your vhosts files (.conf)
- **/conf.d** : additional configuration files if you want
- **/certs** : SSL/TLS certificates
- **/var/log/nginx** : nginx logs (access and error)
#### Build arguments
- **NGINX_VER** : nginx's version, change it if needed but the default version is tested
- **LIBRESSL_VER** : same as NGINX_VER
- **GID** : nginx group id *(default : 991)*
- **UID** : nginx user id *(default : 991)*
#### Source (Dockerfile)
https://github.com/Wonderfall/dockerfiles/tree/master/reverse
#### Examples : compose, vhost, TLS conf
**NOTES** :
- compose file must use version 2. [See more here](https://docs.docker.com/compose/compose-file/#version-2:91de898b5f5cdb090642a917d3dedf68).
- Docker 1.10+ and docker-compose 1.6+ are needed.
- if you're using docker-compose inside a container, pay attention to `context`.
```
# docker-compose.yml
nginx:
#image: wonderfall/reverse
build:
context: /path/to/reverse/dockerfile
dockerfile: Dockerfile
args:
- NGINX_VER=1.9.10
- LIBRESSL_VER=2.3.2
- GID=1000
- UID=1000
- BUILD_CORES=8
ports:
- "80:8000"
- "443:4430"
links:
- container_1:container_1
- container_2:container_2
- container_n:container_n
volumes:
- /mnt/docker/nginx/sites:/sites-enabled
- /mnt/docker/nginx/conf:/conf.d
- /etc/letsencrypt:/certs
- /mnt/docker/nginx/log:/var/log/nginx
```
```
# /mnt/docker/nginx/sites/service.conf
server {
listen 8000;
server_name service.domain.tld;
return 301 https://$host$request_uri;
}
server {
listen 4430 ssl http2;
server_name service.domain.tld;
ssl_certificate /certs/live/service.domain.tld/fullchain.pem;
ssl_certificate_key /certs/live/service.domain.tld/privkey.pem;
include /conf.d/ssl_params.conf;
include /conf.d/headers.conf;
#client_max_body_size 10M; #(M = Megabytes / G = Gigabytes)
location / {
proxy_pass http://container_n:$PORT;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Remote-Port $remote_port;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_redirect off;
}
}
```
```
# /mnt/docker/conf/ssl_params.conf
ssl_protocols TLSv1.2;
ssl_ciphers "ECDHE-RSA-CHACHA20-POLY1305:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256";
ssl_prefer_server_ciphers on;
ssl_ecdh_curve secp384r1;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 5m;
ssl_session_tickets off;
```
```
# /mnt/docker/conf/headers.conf
add_header Strict-Transport-Security "max-age=31536000";
add_header X-Frame-Options SAMEORIGIN;
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block";
```

80
reverse/nginx.conf Normal file
View File

@ -0,0 +1,80 @@
worker_processes auto;
pid /var/run/nginx.pid;
daemon off;
events {
worker_connections 2048;
use epoll;
}
http {
limit_conn_zone $binary_remote_addr zone=limit_per_ip:10m;
limit_conn limit_per_ip 64;
limit_req_zone $binary_remote_addr zone=allips:10m rate=150r/s;
limit_req zone=allips burst=150 nodelay;
include /etc/nginx/conf/mime.types;
default_type application/octet-stream;
access_log /var/log/nginx/access.log combined;
error_log /var/log/nginx/error.log crit;
client_body_buffer_size 10K;
client_header_buffer_size 1k;
client_max_body_size 8m;
large_client_header_buffers 2 1k;
aio threads;
sendfile on;
keepalive_timeout 15;
keepalive_disable msie6;
keepalive_requests 100;
tcp_nopush on;
tcp_nodelay on;
server_tokens off;
gzip on;
gzip_comp_level 5;
gzip_min_length 512;
gzip_buffers 4 8k;
gzip_proxied any;
gzip_vary on;
gzip_disable "msie6";
gzip_types
text/css
text/javascript
text/xml
text/plain
text/x-component
application/javascript
application/x-javascript
application/json
application/xml
application/rss+xml
application/vnd.ms-fontobject
font/truetype
font/opentype
image/svg+xml;
brotli on;
brotli_static on;
brotli_buffers 16 8k;
brotli_comp_level 6;
brotli_types
text/css
text/javascript
text/xml
text/plain
text/x-component
application/javascript
application/x-javascript
application/json
application/xml
application/rss+xml
application/vnd.ms-fontobject
font/truetype
font/opentype
image/svg+xml;
include /sites-enabled/*.conf;
}

42
reverse/ngxpasswd Normal file
View File

@ -0,0 +1,42 @@
#!/bin/sh
NAME="$1"
USER="$2"
PASSWORD="$3"
cd /passwds || exit 1
if [ -z "$NAME" ]; then
echo "Service name must be defined" 1>&2
exit 1
elif [ -f $NAME.htpasswd ]; then
echo "$NAME.htpasswd exists, aborting" 1>&2
exit 1
fi
if [ -z "$USER" ]; then
echo "User must be defined" 1>&2
exit 1
fi
if [ -z "$PASSWORD" ]; then
PASSWORD=`cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 20 | head -n 1`
echo "Password was not defined, generating a random one..."
fi
echo -n $USER:`openssl passwd -apr1 $PASSWORD` >> $NAME.htpasswd
chown $UID:$GID $NAME.htpasswd
chmod 640 $NAME.htpasswd
echo
echo "A new password file has been saved to /passwds/$NAME.htpasswd :"
echo "- Service : $NAME"
echo "- User : $USER"
echo "- Password : $PASSWORD"
echo
echo "Paste this to your vhost in order to enable auth :"
echo " auth_basic \"Who's this?\";"
echo " auth_basic_user_file /passwds/$NAME.htpasswd;"
echo
echo "Done."
exit 0

5
reverse/run.sh Normal file
View File

@ -0,0 +1,5 @@
#!/bin/sh
touch /var/run/nginx.pid
chown -R $UID:$GID /etc/nginx /var/log/nginx /var/run/nginx.pid /sites-enabled /conf.d /certs
chmod -R 700 /certs
gosu $UID:$GID nginx

119
rutorrent/Dockerfile Normal file
View File

@ -0,0 +1,119 @@
FROM alpine:3.3
MAINTAINER xataz <https://github.com/xataz/dockerfiles>
MAINTAINER Wonderfall <wonderfall@schrodinger.io>
ARG MEDIAINFO_VER=0.7.84
ARG RTORRENT_VER=0.9.6
ARG LIBTORRENT_VER=0.13.6
ARG FILEBOT_VER=4.6.1
ARG BUILD_CORES
ENV UID=991 \
GID=991 \
WEBROOT=/ \
PKG_CONFIG_PATH=/usr/local/lib/pkgconfig
RUN echo "@commuedge http://nl.alpinelinux.org/alpine/edge/community" >> /etc/apk/repositories \
&& echo "@testing http://nl.alpinelinux.org/alpine/edge/testing" >> /etc/apk/repositories \
&& echo "@community http://nl.alpinelinux.org/alpine/v3.3/community/" >> /etc/apk/repositories \
&& NB_CORES=${BUILD_CORES-`getconf _NPROCESSORS_CONF`} \
&& BUILD_DEPS=" \
build-base \
git \
libtool \
automake \
autoconf \
wget \
subversion \
cppunit-dev \
openssl-dev \
ncurses-dev \
curl-dev" \
&& apk -U add \
${BUILD_DEPS} \
ffmpeg \
ca-certificates \
nginx \
php7@testing \
php7-fpm@testing \
php7-json@testing \
curl \
gzip \
zip \
unrar \
supervisor \
geoip \
tini@commuedge \
openjdk8-jre@community \
&& cd /tmp \
&& wget -q http://downloads.sourceforge.net/mktorrent/mktorrent-1.0.tar.gz \
&& tar xzvf mktorrent-1.0.tar.gz \
&& svn checkout http://svn.code.sf.net/p/xmlrpc-c/code/stable xmlrpc-c \
&& git clone https://github.com/rakshasa/libtorrent.git \
&& git clone https://github.com/rakshasa/rtorrent.git \
&& wget http://mediaarea.net/download/binary/mediainfo/${MEDIAINFO_VER}/MediaInfo_CLI_${MEDIAINFO_VER}_GNU_FromSource.tar.gz \
&& wget http://mediaarea.net/download/binary/libmediainfo0/${MEDIAINFO_VER}/MediaInfo_DLL_${MEDIAINFO_VER}_GNU_FromSource.tar.gz \
&& tar xzf MediaInfo_DLL_${MEDIAINFO_VER}_GNU_FromSource.tar.gz \
&& tar xzf MediaInfo_CLI_${MEDIAINFO_VER}_GNU_FromSource.tar.gz \
&& tar xzvf mktorrent-1.0.tar.gz \
&& cd /tmp/mktorrent-1.0 \
&& make -j ${NB_CORES} \
&& make install \
&& cd /tmp/MediaInfo_DLL_GNU_FromSource \
&& ./SO_Compile.sh \
&& cd /tmp/MediaInfo_DLL_GNU_FromSource/ZenLib/Project/GNU/Library \
&& make install \
&& cd /tmp/MediaInfo_DLL_GNU_FromSource/MediaInfoLib/Project/GNU/Library \
&& make install \
&& cd /tmp/MediaInfo_CLI_GNU_FromSource \
&& ./CLI_Compile.sh \
&& cd /tmp/MediaInfo_CLI_GNU_FromSource/MediaInfo/Project/GNU/CLI \
&& make install \
&& cd /tmp/xmlrpc-c \
&& ./configure \
&& make -j ${NB_CORES} \
&& make install \
&& cd /tmp/libtorrent \
&& git checkout ${LIBTORRENT_VER} \
&& ./autogen.sh \
&& ./configure \
&& make -j ${NB_CORES} \
&& make install \
&& cd /tmp/rtorrent \
&& git checkout ${RTORRENT_VER} \
&& ./autogen.sh \
&& ./configure --with-xmlrpc-c \
&& make -j ${NB_CORES} \
&& make install \
&& mkdir -p /var/www \
&& cd /var/www \
&& git clone https://github.com/Novik/ruTorrent.git rutorrent \
&& cd /var/www/rutorrent/plugins/ \
&& git clone https://github.com/xombiemp/rutorrentMobile.git mobile \
&& cd /var/www/rutorrent/plugins/theme/themes \
&& git clone https://github.com/exetico/FlatUI.git \
&& mv FlatUI/FlatUI_* . \
&& rm -rf FlatUI \
&& mv /var/www/rutorrent /var/www/torrent \
&& mkdir /filebot \
&& wget -q http://downloads.sourceforge.net/project/filebot/filebot/FileBot_${FILEBOT_VER}/FileBot_${FILEBOT_VER}-portable.zip -P /tmp \
&& unzip -q /tmp/FileBot_${FILEBOT_VER}-portable.zip -d /filebot \
&& apk del ${BUILD_DEPS} \
&& deluser svn \
&& delgroup svnusers \
&& rm -rf /var/cache/apk/* /tmp/*
COPY rootfs /
RUN chmod +x /usr/bin/*
VOLUME /data /var/www/torrent/share/users
EXPOSE 80 49184 49184/udp
LABEL description="BitTorrent client with WebUI front-end" \
rtorrent="rTorrent BiTorrent client v$RTORRENT_VER" \
libtorrent="libtorrent v$LIBTORRENT_VER" \
mediainfo="mediainfo v$MEDIAINFO_VER" \
filebot="Filebot v$FILEBOT_VER"
CMD ["tini","--","startup"]

61
rutorrent/README.md Normal file
View File

@ -0,0 +1,61 @@
# RuTorrent Image
## ImageLayer
* latest [![](https://badge.imagelayers.io/xataz/rutorrent:latest.svg)](https://imagelayers.io/?images=xataz/rutorrent:latest 'Get your own badge on imagelayers.io')
* latest-filebot, filebot [![](https://badge.imagelayers.io/xataz/rutorrent:filebot.svg)](https://imagelayers.io/?images=xataz/rutorrent:filebot 'Get your own badge on imagelayers.io')
## Tag available
* latest [(rutorrent/latest/Dockerfile)](https://github.com/xataz/dockerfiles/blob/master/rutorrent/latest/Dockerfile)
* latest-filebot, filebot [(rutorrent/latest-filebot/Dockerfile)](https://github.com/xataz/dockerfiles/blob/master/rutorrent/latest-filebot/Dockerfile)
## Description
What is [RuTorrent](https://github.com/Novik/ruTorrent) ?
ruTorrent is a front-end for the popular Bittorrent client rtorrent.
This project is released under the GPLv3 license, for more details, take a look at the LICENSE.md file in the source.
What is [rtorrent](https://github.com/rakshasa/rtorrent/) ?
rtorrent is the popular Bittorrent client.
## BUILD IMAGE
```shell
docker build -t xataz/rutorrent github.com/xataz/dockerfiles.git#master:rutorrent/latest
```
## Configuration
### Environments
* UID : Choose uid for launch rtorrent (default : 991)
* GID : Choose gid for launch rtorrent (default : 991)
* WEBROOT : (default : /)
### Volumes
* /data : Folder for download torrents
#### data Folder tree
* /data/.watch : Rtorrent watch this folder and add automatly torrent file
* /data/.session : Rtorrent save statement here
* /data/torrents : Rtorrent download torrent here
* /data/Media : If filebot version, rtorrent create a symlink
### Ports
* 80
## Usage
### Simple launch
```shell
docker run -d -p 80:80 xataz/rutorrent
```
URI access : http://XX.XX.XX.XX
### Advanced launch
```shell
docker run -d -p 80:80 \
-v /docker/data:/data \
-e UID=1001 \
-e GID=1001 \
-e WEBROOT=/rutorrent \
xataz/rutorrent:filebot
```
URI access : http://XX.XX.XX.XX/rutorrent

4
rutorrent/rootfs/etc/nginx/conf.d/cache.conf Normal file
View File

@ -0,0 +1,4 @@
location ~* \.(jpg|jpeg|gif|css|png|js|map|woff|woff2|ttf|svg|eot)$ {
expires 30d;
access_log off;
}

6
rutorrent/rootfs/etc/nginx/conf.d/php.conf Normal file
View File

@ -0,0 +1,6 @@
location ~ \.php$ {
fastcgi_index index.php;
fastcgi_pass unix:/var/run/php-fpm.sock;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include /etc/nginx/fastcgi_params;
}

50
rutorrent/rootfs/etc/nginx/nginx.conf Normal file
View File

@ -0,0 +1,50 @@
user torrent;
worker_processes auto;
pid /var/run/nginx.pid;
daemon off;
events {
worker_connections 1024;
use epoll;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
access_log /var/log/nginx/access.log combined;
error_log /var/log/nginx/error.log error;
sendfile on;
keepalive_timeout 15;
keepalive_disable msie6;
keepalive_requests 100;
tcp_nopush on;
tcp_nodelay off;
server_tokens off;
gzip on;
gzip_comp_level 5;
gzip_min_length 512;
gzip_buffers 4 8k;
gzip_proxied any;
gzip_vary on;
gzip_disable "msie6";
gzip_types
text/css
text/javascript
text/xml
text/plain
text/x-component
application/javascript
application/x-javascript
application/json
application/xml
application/rss+xml
application/vnd.ms-fontobject
font/truetype
font/opentype
image/svg+xml;
include /sites/*.conf;
}

12
rutorrent/rootfs/etc/php7/php-fpm.conf Normal file
View File

@ -0,0 +1,12 @@
[www]
user = torrent
group = torrent
listen = /var/run/php-fpm.sock
listen.owner = torrent
listen.group = torrent
pm = dynamic
pm.max_children = 5
pm.start_servers = 2
pm.min_spare_servers = 1
pm.max_spare_servers = 3
chdir = /

174
rutorrent/rootfs/etc/php7/php.ini Normal file
View File

@ -0,0 +1,174 @@
[PHP]
engine = On
short_open_tag = Off
asp_tags = Off
precision = 14
output_buffering = 4096
zlib.output_compression = Off
implicit_flush = Off
unserialize_callback_func =
serialize_precision = 17
disable_functions = pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,
disable_classes =
zend.enable_gc = On
expose_php = Off
max_execution_time = 30
max_input_time = 60
memory_limit = 128M
error_reporting = E_ALL & ~E_DEPRECATED & ~E_STRICT
display_errors = Off
display_startup_errors = Off
log_errors = On
log_errors_max_len = 1024
ignore_repeated_errors = Off
ignore_repeated_source = Off
report_memleaks = On
track_errors = Off
html_errors = On
variables_order = "GPCS"
request_order = "GP"
register_argc_argv = Off
auto_globals_jit = On
post_max_size = 10M
auto_prepend_file =
auto_append_file =
default_mimetype = "text/html"
default_charset = "UTF-8"
doc_root =
user_dir =
enable_dl = Off
file_uploads = On
upload_max_filesize = 10M
max_file_uploads = 20
allow_url_fopen = On
allow_url_include = Off
default_socket_timeout = 60
[CLI Server]
cli_server.color = On
[Date]
[filter]
[iconv]
[intl]
[sqlite]
[sqlite3]
[Pcre]
[Pdo]
[Pdo_mysql]
pdo_mysql.cache_size = 2000
pdo_mysql.default_socket=
[Phar]
[mail function]
SMTP = localhost
smtp_port = 25
mail.add_x_header = On
[SQL]
sql.safe_mode = Off
[ODBC]
odbc.allow_persistent = On
odbc.check_persistent = On
odbc.max_persistent = -1
odbc.max_links = -1
odbc.defaultlrl = 4096
odbc.defaultbinmode = 1
[Interbase]
ibase.allow_persistent = 1
ibase.max_persistent = -1
ibase.max_links = -1
ibase.timestampformat = "%Y-%m-%d %H:%M:%S"
ibase.dateformat = "%Y-%m-%d"
ibase.timeformat = "%H:%M:%S"
[MySQL]
mysql.allow_local_infile = On
mysql.allow_persistent = On
mysql.cache_size = 2000
mysql.max_persistent = -1
mysql.max_links = -1
mysql.default_port =
mysql.default_socket =
mysql.default_host =
mysql.default_user =
mysql.default_password =
mysql.connect_timeout = 60
mysql.trace_mode = Off
[MySQLi]
mysqli.max_persistent = -1
mysqli.allow_persistent = On
mysqli.max_links = -1
mysqli.cache_size = 2000
mysqli.default_port = 3306
mysqli.default_socket =
mysqli.default_host =
mysqli.default_user =
mysqli.default_pw =
mysqli.reconnect = Off
[mysqlnd]
mysqlnd.collect_statistics = On
mysqlnd.collect_memory_statistics = Off
[OCI8]
[PostgreSQL]
pgsql.allow_persistent = On
pgsql.auto_reset_persistent = Off
pgsql.max_persistent = -1
pgsql.max_links = -1
pgsql.ignore_notice = 0
pgsql.log_notice = 0
[Sybase-CT]
sybct.allow_persistent = On
sybct.max_persistent = -1
sybct.max_links = -1
sybct.min_server_severity = 10
sybct.min_client_severity = 10
[bcmath]
bcmath.scale = 0
[browscap]
[Session]
session.save_handler = files
session.use_strict_mode = 0
session.use_cookies = 1
session.use_only_cookies = 1
session.name = PHPSESSID
session.auto_start = 0
session.cookie_lifetime = 0
session.cookie_path = /
session.cookie_domain =
session.cookie_httponly =
session.serialize_handler = php
session.gc_probability = 0
session.gc_divisor = 1000
session.gc_maxlifetime = 1440
session.referer_check =
session.cache_limiter = nocache
session.cache_expire = 180
session.use_trans_sid = 0
session.hash_function = 0
session.hash_bits_per_character = 5
url_rewriter.tags = "a=href,area=href,frame=src,input=src,form=fakeentry"
[MSSQL]
mssql.allow_persistent = On
mssql.max_persistent = -1
mssql.max_links = -1
mssql.min_error_severity = 10
mssql.min_message_severity = 10
mssql.compatibility_mode = Off
mssql.secure_connection = Off
[Assertion]
[COM]
[mbstring]
[gd]
[exif]
[Tidy]
tidy.clean_output = Off
[soap]
soap.wsdl_cache_enabled=1
soap.wsdl_cache_dir="/tmp"
soap.wsdl_cache_ttl=86400
soap.wsdl_cache_limit = 5
[sysvshm]
[ldap]
ldap.max_links = -1
[mcrypt]
[dba]
[opcache]
[curl]
[openssl]

17
rutorrent/rootfs/etc/supervisor.d/supervisord.ini Normal file
View File

@ -0,0 +1,17 @@
[supervisord]
nodaemon=true
[program:rtorrent]
user=torrent
directory=/home/torrent
priority=2
redirect_stderr=true
environment=HOME="/home/torrent",PWD="/home/torrent",LOGNAME="rtorrent",USER="torrent",TERM="xterm"
startsecs=5
command=rtorrent
[program:php-fpm]
command=php-fpm7 --nodaemonize
[program:nginx]
command=nginx

23
rutorrent/rootfs/home/torrent/.rtorrent.rc Normal file
View File

@ -0,0 +1,23 @@
scgi_port = 0.0.0.0:5000
encoding_list = UTF-8
port_range = 49184-49184
port_random = no
check_hash = no
directory = /data/torrents
session = /data/.session
encryption = require,require_RC4,allow_incoming,try_outgoing
use_udp_trackers = yes
dht = off
peer_exchange = no
min_peers = 1
max_peers = 100
min_peers_seed = 1
max_peers_seed = 50
max_uploads = 15
execute = {sh,-c,/usr/bin/php7 /var/www/torrent/php/initplugins.php torrent &}
schedule = watch_directory,1,1,"load_start=/data/.watch/*.torrent"
schedule = untied_directory,5,5,"stop_untied=/data/.watch/*.torrent"
schedule = espace_disque_insuffisant,1,30,close_low_diskspace=500M
system.method.set_key=event.download.finished,filebot,"execute={/usr/bin/postdl,$d.get_base_path=,$d.get_name=,$d.get_custom1=}"
system.method.set_key=event.download.erased,filebot_cleaner,"execute={/usr/bin/postrm}"

48
rutorrent/rootfs/sites/rutorrent.conf Normal file
View File

@ -0,0 +1,48 @@
server {
listen 80 default_server;
server_name _;
charset utf-8;
index index.html index.php;
client_max_body_size 10M;
access_log /var/log/nginx/rutorrent-access.log combined;
error_log /var/log/nginx/rutorrent-error.log error;
error_page 500 502 503 504 /50x.html;
location = /50x.html { root /usr/share/nginx/html; }
root /var/www;
location = /favicon.ico {
access_log off;
log_not_found off;
}
location ^~ <webroot> {
root /var/www<folder>;
include /etc/nginx/conf.d/php.conf;
include /etc/nginx/conf.d/cache.conf;
location ~ /\.svn {
deny all;
}
location ~ /\.ht {
deny all;
}
}
location /RPC {
include scgi_params;
scgi_pass 127.0.0.1:5000;
}
location ^~ <folder>/conf/ {
deny all;
}
location ^~ <folder>/share/ {
deny all;
}
}

10
rutorrent/rootfs/usr/bin/postdl Normal file
View File

@ -0,0 +1,10 @@
#!/bin/sh
# rtorrent.rc
# system.method.set_key=event.download.finished,filebot,"execute={rtorrent-postprocess.sh,$d.get_base_path=,$d.get_name=,$d.get_custom1=}"
TORRENT_PATH="$1"
TORRENT_NAME="$2"
TORRENT_LABEL="$3"
/filebot/filebot.sh -script fn:amc --output "/data/Media" --action symlink --conflict skip -non-strict --log-file amc.log --def excludeList=amc.excludes unsorted=y music=y "seriesFormat=/data/Media/TV/{n}/Season {s.pad(2)}/{s00e00} - {t}" "animeFormat=/data/Media/Animes/{n}/{e.pad(3)} - {t}" "movieFormat=/data/Media/Movies/{n}" "musicFormat=/data/Media/Music/{n}/{fn}" "ut_dir=$TORRENT_PATH" "ut_kind=multi" "ut_title=$TORRENT_NAME" "ut_label=$TORRENT_LABEL" &

3
rutorrent/rootfs/usr/bin/postrm Normal file
View File

@ -0,0 +1,3 @@
#!/bin/sh
/filebot/filebot.sh -script fn:cleaner /data/Media

29
rutorrent/rootfs/usr/bin/startup Normal file
View File

@ -0,0 +1,29 @@
#!/bin/sh
addgroup -g ${GID} torrent && adduser -h /home/torrent -s /bin/sh -G torrent -D -u ${UID} torrent
mkdir -p /data/torrents
mkdir -p /data/.watch
mkdir -p /data/.session
mkdir -p /data/Media/Movies
mkdir -p /data/Media/TV
mkdir -p /data/Media/Animes
mkdir -p /data/Media/Music
if [ $WEBROOT != "/" ]; then
sed -i 's|<webroot>|'${WEBROOT}'|g' /sites/rutorrent.conf
sed -i 's|<folder>||g' /sites/rutorrent.conf
mv /var/www/torrent /var/www${WEBROOT}
else
sed -i 's|<webroot>|/|g' /sites/rutorrent.conf
sed -i 's|<folder>|/torrent|g' /sites/rutorrent.conf
fi
chown -R torrent:torrent /data
chown -R torrent:torrent /var/www
chown -R torrent:torrent /home/torrent
chown -R torrent:torrent /var/lib/nginx
chown -R torrent:torrent /filebot
rm -f /data/.session/rtorrent.lock
/usr/bin/supervisord -c /etc/supervisord.conf

36
rutorrent/rootfs/var/www/torrent/conf/config.php Normal file
View File

@ -0,0 +1,36 @@
<?php
@define('HTTP_USER_AGENT', 'Mozilla/5.0 (Windows NT 6.0; WOW64; rv:12.0) Gecko/20100101 Firefox/12.0', true);
@define('HTTP_TIME_OUT', 30, true);
@define('HTTP_USE_GZIP', true, true);
$httpIP = null;
@define('RPC_TIME_OUT', 5, true);
@define('LOG_RPC_CALLS', false, true);
@define('LOG_RPC_FAULTS', true, true);
@define('PHP_USE_GZIP', false, true);
@define('PHP_GZIP_LEVEL', 2, true);
$schedule_rand = 10;
$do_diagnostic = true;
$log_file = '/tmp/errors.log';
$saveUploadedTorrents = true;
$overwriteUploadedTorrents = false;
$topDirectory = '/data/torrents';
$forbidUserSettings = false;
$scgi_port = 5000;
$scgi_host = "127.0.0.1";
$XMLRPCMountPoint = "/RPC";
$pathToExternals = array(
"php" => '/usr/bin/php7',
"curl" => '/usr/bin/curl',
"gzip" => '/usr/bin/gzip',
"id" => '/usr/bin/id',
"stat" => '/usr/bin/stat',
);
$localhosts = array(
"127.0.0.1",
"localhost",
);
$profilePath = '../share';
$profileMask = 0777;
$tempDirectory = null;
$canUseXSendFile = true;
$locale = "UTF8";

20
rutorrent/rootfs/var/www/torrent/conf/plugins.ini Normal file
View File

@ -0,0 +1,20 @@
[default]
enabled = user-defined
canChangeToolbar = yes
canChangeMenu = yes
canChangeOptions = yes
canChangeTabs = yes
canChangeColumns = yes
canChangeStatusBar = yes
canChangeCategory = yes
canBeShutdowned = yes
[ipad]
enabled = no
[httprpc]
enabled = no
[retrackers]
enabled = no
[rpc]
enabled = no
[rutracker_check]
enabled = no

5
rutorrent/rootfs/var/www/torrent/plugins/create/conf.php Normal file
View File

@ -0,0 +1,5 @@
<?php
$useExternal = 'mktorrent';
$pathToCreatetorrent = '/usr/local/bin/mktorrent';
$recentTrackersMaxCount = 15;

18
rutorrent/rootfs/var/www/torrent/plugins/filemanager/conf.php Normal file
View File

@ -0,0 +1,18 @@
<?php
$fm['tempdir'] = '/tmp'; // path were to store temporary data ; must be writable
$fm['mkdperm'] = 755; // default permission to set to new created directories
$pathToExternals['rar'] = '/usr/bin/rar';
$pathToExternals['zip'] = '/usr/bin/zip';
$pathToExternals['unzip'] = '/usr/bin/unzip';
$pathToExternals['tar'] = '/bin/tar';
$pathToExternals['gzip'] = '/bin/gzip';
$pathToExternals['bzip2'] = '/bin/bzip2';
$fm['archive']['types'] = array('rar', 'zip', 'tar', 'gzip', 'bzip2');
$fm['archive']['compress'][0] = range(0, 5);
$fm['archive']['compress'][1] = array('-0', '-1', '-9');
$fm['archive']['compress'][2] = $fm['archive']['compress'][3] = $fm['archive']['compress'][4] = array(0);
?>

49
searx/Dockerfile Normal file
View File

@ -0,0 +1,49 @@
FROM alpine:3.3
MAINTAINER Wonderfall <wonderfall@mondedie.fr>
ENV BASE_URL=False IMAGE_PROXY=False
RUN echo "@commuedge http://nl.alpinelinux.org/alpine/edge/community" >> /etc/apk/repositories \
&& apk -U add \
build-base \
python \
python-dev \
py-pip \
libxml2 \
libxml2-dev \
libxslt \
libxslt-dev \
libffi-dev \
openssl \
openssl-dev \
ca-certificates \
tar \
tini@commuedge \
&& pip install --no-cache -r https://raw.githubusercontent.com/asciimoo/searx/master/requirements.txt \
&& apk del \
build-base \
python-dev \
py-pip \
libffi-dev \
libxslt-dev \
libxml2-dev \
openssl-dev \
ca-certificates \
&& rm -f /var/cache/apk/*
RUN adduser -D -h /usr/local/searx -s /bin/sh searx searx
COPY run.sh /usr/local/bin/run.sh
RUN chmod +x /usr/local/bin/run.sh
USER searx
WORKDIR /usr/local/searx
RUN wget -qO- https://github.com/asciimoo/searx/archive/master.tar.gz | tar xz --strip 1 \
&& sed -i "s/127.0.0.1/0.0.0.0/g" searx/settings.yml
EXPOSE 8888
LABEL description "A powerful meta-search engine"
CMD ["tini","--","run.sh"]

31
searx/README.md Normal file
View File

@ -0,0 +1,31 @@
## wonderfall/searx
[![](https://badge.imagelayers.io/wonderfall/searx:latest.svg)](https://imagelayers.io/?images=wonderfall/searx:latest 'Get your own badge on imagelayers.io')
![](https://i.goopics.net/ls.png)
#### What is searx?
Searx is a metasearch engine, inspired by the seeks project.
It provides basic privacy by mixing your queries with searches on other platforms without storing search data. Queries are made using a POST request on every browser (except chrome*). Therefore they show up in neither our logs, nor your url history. In case of Chrome* users there is an exception, Searx uses the search bar to perform GET requests. Searx can be added to your browser's search bar; moreover, it can be set as the default search engine.
#### Tags
- `latest` : latest code from [asciimoo/searx](https://github.com/asciimoo/searx)
- `release`, `0.8.1` : latest stable released
#### Secret key
When the container starts the first time, it generates a new secret key. It doesn't depend on the build, so no one can know your key.
#### Environment variables
- **IMAGE_PROXY** is a boolean value (True or False, False by default), it can enable proxying through the searx instance (useful for public instances because it doesn't break TLS connection).
- **BASE_URL** should be set if searx is used behind a custom domain name (http address or False, False by default).
#### Docker Compose (example)
```
searx:
image: wonderfall/searx:latest
environment:
- BASE_URL="https://searx.domain.tld"
- IMAGE_PROXY=True
```
#### Reverse proxy
https://github.com/Wonderfall/dockerfiles/tree/master/reverse

5
searx/run.sh Normal file
View File

@ -0,0 +1,5 @@
#!/bin/sh
sed -i "s|base_url : False|base_url : $BASE_URL|g" searx/settings.yml
sed -i "s/image_proxy : False/image_proxy : $IMAGE_PROXY/g" searx/settings.yml
sed -i "s/ultrasecretkey/`openssl rand -hex 16`/g" searx/settings.yml
python searx/webapp.py

28
subsonic/Dockerfile Normal file
View File

@ -0,0 +1,28 @@
FROM alpine:3.3
MAINTAINER Wonderfall <wonderfall@mondedie.fr>
ENV VER=6.0.beta2 GID=1000 UID=1000
RUN echo "@community http://dl-4.alpinelinux.org/alpine/v3.3/community/" >> /etc/apk/repositories \
&& echo "@commuedge http://nl.alpinelinux.org/alpine/edge/community" >> /etc/apk/repositories \
&& echo "@edge http://nl.alpinelinux.org/alpine/edge/main" >> /etc/apk/repositories \
&& apk -U add \
libva@edge \ #libva was missing
ffmpeg \
openjdk8-jre@community \
tini@commuedge \
&& rm -f /var/cache/apk/*
WORKDIR /subsonic
RUN wget -qO- http://subsonic.org/download/subsonic-$VER-standalone.tar.gz | tar zxf -
COPY run.sh /usr/local/bin/run.sh
RUN chmod +x /usr/local/bin/run.sh
EXPOSE 4040
VOLUME /data /musics /playlists /podcasts
LABEL description "Open source media streamer" \
subsonisc "Subsonic v$VER"
CMD ["tini","--","run.sh"]

51
subsonic/README.md Normal file
View File

@ -0,0 +1,51 @@
## wonderfall/subsonic
[![](https://badge.imagelayers.io/wonderfall/subsonic:latest.svg)](https://imagelayers.io/?images=wonderfall/subsonic:latest 'Get your own badge on imagelayers.io')
![](https://i.goopics.net/lr.png)
#### What is Subsonic?
Subsonic is an open-source web-based media streamer and jukebox. Supports MP3, OGG, AAC and other streamable audio and video formats. Indeed, this build comes with **transcoding abilities**.
#### Tags
- **Stable 5.x** : `5.3`, `latest`, `old-5.3`
- **Beta 6.0** : `6.0b1`, `6`
#### Environment variables
- **GID** : subsonic group id.
- **UID** : subsonic user id.
#### Volumes
- **/musics** : your music files
- **/data** : subsonic data
- **/playlists** : subsonic playlists
#### Known issues (only with alpine) :
- Can't retrieve pictures through TLS (although it's not automatic, you have to choose clear-HTTP sources only when picking a cover picture) -> **fixed !**
- "Default covers" (when no cover image is detected) are not generated (not sure it's a problem since I find this feature useless... such ugly fonts/colors)
#### Docker Compose (example)
```
subsonic:
image: wonderfall/subsonic
volumes:
- /mnt/music:/musics
- /mnt/subsonic:/data
- /mnt/playlists:/playlists
environment:
- GID=1000
- UID=1000
```
#### Reverse proxy
https://github.com/Wonderfall/dockerfiles/tree/master/reverse
Fully working configuration with TLS :
```
location / {
proxy_pass http://subsonic:4040;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Remote-Port $remote_port;
proxy_set_header X-Forwarded-Proto $scheme;
}
```

22
subsonic/run.sh Normal file
View File

@ -0,0 +1,22 @@
#!/bin/sh
addgroup -g ${GID} subsonic && adduser -h /subsonic -s /bin/sh -D -G subsonic -u ${UID} subsonic
mkdir -p /data/transcode
ln -s /usr/bin/ffmpeg /data/transcode/ffmpeg
ln -s /usr/bin/lame /data/transcode/lame
chown -R subsonic:subsonic /data /playlists /subsonic
su subsonic << EOF
java -Xmx200m \
-Dsubsonic.home=/data \
-Dsubsonic.host=0.0.0.0 \
-Dsubsonic.port=4040 \
-Dsubsonic.httpsPort=0 \
-Dsubsonic.contextPath=/ \
-Dsubsonic.defaultMusicFolder=/musics \
-Dsubsonic.defaultPodcastFolder=/podcasts \
-Dsubsonic.defaultPlaylistFolder=/playlists \
-Djava.awt.headless=true \
-jar subsonic-booter-jar-with-dependencies.jar
EOF

37
zerobin/Dockerfile Normal file
View File

@ -0,0 +1,37 @@
FROM alpine:3.3
MAINTAINER Wonderfall <wonderfall@schrodinger.io>
ENV GID=991 UID=991
RUN echo "@commuedge http://nl.alpinelinux.org/alpine/edge/community" >> /etc/apk/repositories \
&& echo "@testing http://nl.alpinelinux.org/alpine/edge/testing" >> /etc/apk/repositories \
&& echo "@edge http://nl.alpinelinux.org/alpine/edge/main" >> /etc/apk/repositories \
&& apk -U add \
nginx \
libwebp@edge \
php7-fpm@testing \
php7-gd@testing \
php7-mcrypt@testing \
php7-json@testing \
php7-zlib@testing \
supervisor \
tini@commuedge \
ca-certificates \
tar \
&& mkdir zerobin && cd zerobin \
&& wget -qO- https://github.com/elrido/ZeroBin/archive/master.tar.gz | tar xz --strip 1 \
&& mv cfg/conf.ini.sample cfg/conf.ini \
&& apk del tar ca-certificates \
&& rm -f /var/cache/apk/*
COPY nginx.conf /etc/nginx/nginx.conf
COPY php-fpm.conf /etc/php7/php-fpm.conf
COPY supervisord.conf /usr/local/etc/supervisord.conf
COPY run.sh /usr/local/bin/run.sh
RUN chmod +x /usr/local/bin/run.sh
VOLUME /zerobin/data
EXPOSE 80
CMD ["tini","--","run.sh"]

84
zerobin/nginx.conf Normal file
View File

@ -0,0 +1,84 @@
user zerobin;
worker_processes auto;
pid /var/run/nginx.pid;
daemon off;
events {
worker_connections 1024;
use epoll;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
access_log off;
error_log /var/log/nginx/error.log error;
sendfile on;
keepalive_timeout 15;
keepalive_disable msie6;
keepalive_requests 100;
tcp_nopush on;
tcp_nodelay off;
server_tokens off;
gzip on;
gzip_comp_level 5;
gzip_min_length 512;
gzip_buffers 4 8k;
gzip_proxied any;
gzip_vary on;
gzip_disable "msie6";
gzip_types
text/css
text/javascript
text/xml
text/plain
text/x-component
application/javascript
application/x-javascript
application/json
application/xml
application/rss+xml
application/vnd.ms-fontobject
font/truetype
font/opentype
image/svg+xml;
server {
listen 80;
root /zerobin;
index index.php index.html;
location ~* \.(jpg|jpeg|gif|css|png|js|map|woff|woff2|ttf|svg|eot)$ {
expires 30d;
access_log off;
}
location ~ ^/(data|cfg|tmp) {
deny all;
}
location ~* /(.*)\.(?:markdown|md|twig|yaml|yml|ht|htaccess|ini)$ {
deny all;
}
location ~ /\. {
deny all;
}
location / {
try_files $uri $uri/ /index.php;
}
location ~ \.php$ {
fastcgi_index index.php;
fastcgi_pass unix:/var/run/php-fpm.sock;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include /etc/nginx/fastcgi_params;
}
}
}

12
zerobin/php-fpm.conf Normal file
View File

@ -0,0 +1,12 @@
[www]
user = zerobin
group = zerobin
listen = /var/run/php-fpm.sock
listen.owner = zerobin
listen.group = zerobin
pm = dynamic
pm.max_children = 5
pm.start_servers = 2
pm.min_spare_servers = 1
pm.max_spare_servers = 3
chdir = /

5
zerobin/run.sh Normal file
View File

@ -0,0 +1,5 @@
#!/bin/sh
addgroup -g ${GID} zerobin && adduser -h /zerobin -s /bin/sh -D -G zerobin -u ${UID} zerobin
touch /var/run/php-fpm.sock
chown -R zerobin:zerobin /zerobin /var/run/php-fpm.sock /var/lib/nginx /tmp
supervisord -c /usr/local/etc/supervisord.conf

8
zerobin/supervisord.conf Normal file
View File

@ -0,0 +1,8 @@
[supervisord]
nodaemon=true
[program:php-fpm]
command=php-fpm7 --nodaemonize
[program:nginx]
command=nginx