hoellen/dockerfiles
1
0
Fork 0
mirror of https://github.com/hoellen/dockerfiles.git synced 2025-04-19 20:09:16 +00:00
Code Issues Projects Releases Wiki Activity

update dockerfiles, clean up

Browse Source
This commit is contained in:
Wonderfall 2017-01-16 22:13:29 +01:00
parent b444049489
commit 77fee1694f
52 changed files with 1458 additions and 32 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
boinc/Dockerfile
View File

@ -5,7 +5,7 @@ ARG BUILD_CORES
ENV UID=991 GID=991
RUN echo "@community https://nl.alpinelinux.org/alpine/v3.4/community" >> /etc/apk/repositories \
RUN echo "@community https://nl.alpinelinux.org/alpine/v3.5/community" >> /etc/apk/repositories \
&& NB_CORES=${BUILD_CORES-`getconf _NPROCESSORS_CONF`} \
&& BUILD_DEPS=" \
build-base \

2
boring-nginx/ssl_params
View File

@ -1,6 +1,6 @@
ssl_protocols TLSv1.2;
ssl_ecdh_curve X25519:P-521:P-384;
ssl_ciphers [CECPQ1-ECDSA-CHACHA20-POLY1305-SHA256|CECPQ1-ECDSA-AES256-GCM-SHA384|CECPQ1-RSA-CHACHA20-POLY1305-SHA256|CECPQ1-RSA-AES256-GCM-SHA384]:[ECDHE-ECDSA-CHACHA20-POLY1305|ECDHE-RSA-CHACHA20-POLY1305|ECDHE-ECDSA-CHACHA20-POLY1305-D|ECDHE-RSA-CHACHA20-POLY1305-D|ECDHE-ECDSA-AES256-GCM-SHA384|ECDHE-RSA-AES256-GCM-SHA384]:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256;
ssl_ciphers [ECDHE-ECDSA-CHACHA20-POLY1305|ECDHE-RSA-CHACHA20-POLY1305|ECDHE-ECDSA-CHACHA20-POLY1305-D|ECDHE-RSA-CHACHA20-POLY1305-D|ECDHE-ECDSA-AES256-GCM-SHA384|ECDHE-RSA-AES256-GCM-SHA384]:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256;
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:20m;

10
cowrie/Dockerfile
View File

@ -1,7 +1,7 @@
FROM alpine:3.4
FROM alpine:3.5
MAINTAINER Wonderfall <wonderfall@schrodinger.io>
ARG MPFR_VERSION=3.1.4
ARG MPFR_VERSION=3.1.5
ARG MPC_VERSION=1.0.3
ARG GPG_MPFR="07F3 DBBE CC1A 3960 5078 094D 980C 1976 98C3 739D"
@ -20,17 +20,17 @@ RUN echo "@commuedge https://nl.alpinelinux.org/alpine/edge/community" >> /etc/a
build-base \
libtool \
libffi-dev \
openssl-dev \
libressl-dev \
python-dev \
gmp-dev \
py-pip \
py2-pip \
tar \
gnupg" \
&& apk -U add \
${BUILD_DEPS} \
libffi \
gmp \
openssl \
libressl \
python \
py-setuptools \
openssh-client \

6
ghost/Dockerfile
View File

@ -1,7 +1,7 @@
FROM mhart/alpine-node-auto:6
MAINTAINER Wonderfall <wonderfall@schrodinger.io>
ARG GHOST_VERSION=0.11.3
ARG GHOST_VERSION=0.11.4
ENV GHOST_NODE_VERSION_CHECK=false \
GID=991 \
@ -34,8 +34,8 @@ RUN echo "@commuedge https://nl.alpinelinux.org/alpine/edge/community" >> /etc/a
grep \
tini@commuedge \
su-exec \
&& wget -q https://ghost.org/zip/ghost-${GHOST_VERSION}.zip -P /tmp \
&& unzip -q /tmp/ghost-${GHOST_VERSION}.zip -d /ghost \
&& wget -q https://github.com/TryGhost/Ghost/releases/download/${GHOST_VERSION}/Ghost-${GHOST_VERSION}.zip -P /tmp \
&& unzip -q /tmp/Ghost-${GHOST_VERSION}.zip -d /ghost \
&& cd /ghost \
&& npm install --production \
&& mv content/themes/casper casper \

8
isso/Dockerfile
View File

@ -1,4 +1,4 @@
FROM alpine:3.4
FROM alpine:3.5
MAINTAINER Wonderfall <wonderfall@schrodinger.io>
ARG ISSO_VER=0.10.5
@ -9,20 +9,20 @@ RUN echo "@community https://nl.alpinelinux.org/alpine/v3.4/community" >> /etc/a
&& BUILD_DEPS=" \
python-dev \
libffi-dev \
py-pip \
py2-pip \
build-base" \
&& apk -U add \
${BUILD_DEPS} \
python \
py-setuptools \
sqlite \
openssl \
libressl \
ca-certificates \
su-exec \
tini@community \
&& pip install --no-cache cffi \
&& pip install --no-cache misaka==1.0.2 \
&& wget https://github.com/posativ/isso/releases/download/$ISSO_VER/isso-$ISSO_VER.tar.gz -P /tmp \
&& wget -q https://github.com/posativ/isso/releases/download/$ISSO_VER/isso-$ISSO_VER.tar.gz -P /tmp \
&& pip install /tmp/isso-$ISSO_VER.tar.gz \
&& apk del ${BUILD_DEPS} \
&& rm -rf /var/cache/apk/* /tmp/*

4
lychee/Dockerfile
View File

@ -1,4 +1,4 @@
FROM alpine:3.4
FROM alpine:edge
MAINTAINER Wonderfall <wonderfall@schrodinger.io>
ARG LYCHEE_VERSION=3.1.5
@ -10,7 +10,7 @@ RUN echo "@commuedge https://nl.alpinelinux.org/alpine/edge/community" >> /etc/a
&& BUILD_DEPS=" \
imagemagick-dev \
tar \
openssl \
libressl \
ca-certificates \
build-base \
autoconf \

4
piwik/Dockerfile
View File

@ -1,7 +1,7 @@
FROM alpine:edge
MAINTAINER Wonderfall <wonderfall@mondedie.fr>
ARG VERSION=2.17.1
ARG VERSION=3.0.1
ARG GPG_matthieu="814E 346F A01A 20DB B04B 6807 B5DB D592 5590 A237"
@ -14,7 +14,7 @@ RUN echo "@commuedge https://nl.alpinelinux.org/alpine/edge/community" >> /etc/a
build-base \
autoconf \
geoip-dev \
openssl \
libressl \
ca-certificates \
gnupg" \
&& apk -U add \

4
privatebin/Dockerfile
View File

@ -1,10 +1,10 @@
FROM alpine:3.4
FROM alpine:edge
MAINTAINER Wonderfall <wonderfall@schrodinger.io>
ENV GID=991 UID=991
RUN echo "@commuedge https://nl.alpinelinux.org/alpine/edge/community" >> /etc/apk/repositories \
&& BUILD_DEPS="tar openssl ca-certificates" \
&& BUILD_DEPS="tar libressl ca-certificates" \
&& apk -U add \
$BUILD_DEPS \
nginx \

11
rtorrent-flood/Dockerfile
View File

@ -3,7 +3,7 @@ MAINTAINER Wonderfall <wonderfall@schrodinger.io>
ARG RTORRENT_VER=0.9.6
ARG LIBTORRENT_VER=0.13.6
ARG FILEBOT_VER=4.7.2
ARG FILEBOT_VER=4.7.7
ARG BUILD_CORES
ENV UID=991 GID=991 \
@ -20,6 +20,7 @@ RUN echo "@community https://nl.alpinelinux.org/alpine/v3.4/community" >> /etc/a
autoconf \
wget \
tar \
xz \
subversion \
cppunit-dev \
openssl-dev \
@ -44,14 +45,14 @@ RUN echo "@community https://nl.alpinelinux.org/alpine/v3.4/community" >> /etc/a
&& git clone https://github.com/mirror/xmlrpc-c.git \
&& git clone https://github.com/Rudde/mktorrent.git \
&& cd /tmp/mktorrent && make -j ${NB_CORES} && make install \
&& cd /tmp/xmlrpc-c/advanced && ./configure && make -j ${NB_CORES} && make install \
&& cd /tmp/xmlrpc-c/stable && ./configure && make -j ${NB_CORES} && make install \
&& cd /tmp/libtorrent && ./autogen.sh && ./configure && make -j ${NB_CORES} && make install \
&& cd /tmp/rtorrent && ./autogen.sh && ./configure --with-xmlrpc-c && make -j ${NB_CORES} && make install \
&& strip -s /usr/local/bin/rtorrent \
&& strip -s /usr/local/bin/mktorrent \
&& mkdir /filebot \
&& wget -q http://downloads.sourceforge.net/project/filebot/filebot/FileBot_${FILEBOT_VER}/FileBot_${FILEBOT_VER}-portable.zip -P /tmp \
&& unzip -q /tmp/FileBot_${FILEBOT_VER}-portable.zip -d /filebot \
&& mkdir /filebot && cd /filebot \
&& wget -q http://sourceforge.mirrorservice.org/f/fi/filebot/filebot/FileBot_${FILEBOT_VER}/FileBot_${FILEBOT_VER}-portable.tar.xz \
&& tar xJf FileBot_${FILEBOT_VER}-portable.tar.xz && rm FileBot_${FILEBOT_VER}-portable.tar.xz \
&& cd /usr && git clone https://github.com/jfurrow/flood && cd flood \
&& npm install \
&& apk del ${BUILD_DEPS} \

2
subsonic/Dockerfile
View File

@ -1,4 +1,4 @@
FROM alpine:3.4
FROM alpine:3.5
MAINTAINER Wonderfall <wonderfall@schrodinger.io>
ARG VERSION=6.0

14
tor/Dockerfile
View File

@ -1,10 +1,10 @@
FROM alpine:3.4
FROM alpine:3.5
MAINTAINER Wonderfall <wonderfall@schrodinger.io>
ARG TOR_VERSION=0.2.8.9
ARG TOR_VERSION=0.2.9.8
ARG ARM_VERSION=1.4.5.0
ARG GPG_Mathewson="B35B F85B F194 89D0 4E28 C33C 2119 4EBB 1657 33EA"
ARG GPG_Mathewson="2133 BC60 0AB1 33E1 D826 D173 FE43 009C 4607 B1FB"
ARG GPG_Johnson="6827 8CC5 DD2D 1E85 C4E4 5AD9 0445 B7AB 9ABB EEC6"
ENV TERM=xterm \
@ -13,7 +13,8 @@ ENV TERM=xterm \
RUN echo "@community https://nl.alpinelinux.org/alpine/v3.4/community" >> /etc/apk/repositories \
&& BUILD_DEPS=" \
libevent-dev \
openssl-dev \
libressl-dev \
zlib-dev \
build-base \
gnupg \
ca-certificates" \
@ -23,13 +24,14 @@ RUN echo "@community https://nl.alpinelinux.org/alpine/v3.4/community" >> /etc/a
tini@community \
python \
libevent \
openssl \
libressl \
zlib \
&& cd /tmp \
&& TOR_TARBALL="tor-${TOR_VERSION}.tar.gz" \
&& wget -q https://www.torproject.org/dist/${TOR_TARBALL} \
&& echo "Verifying ${TOR_TARBALL} using GPG..." \
&& wget -q https://www.torproject.org/dist/${TOR_TARBALL}.asc \
&& gpg --keyserver keys.gnupg.net --recv-keys 0x165733EA \
&& gpg --keyserver pool.sks-keyservers.net --recv-keys 0xFE43009C4607B1FB \
&& FINGERPRINT="$(LANG=C gpg --verify ${TOR_TARBALL}.asc ${TOR_TARBALL} 2>&1 \
| sed -n "s#Primary key fingerprint: \(.*\)#\1#p")" \
&& if [ -z "${FINGERPRINT}" ]; then echo "Warning! Invalid GPG signature!" && exit 1; fi \

47
unmaintained/lutim/Dockerfile Normal file
View File

@ -0,0 +1,47 @@
FROM debian:jessie
MAINTAINER Wonderfall <wonderfall@mondedie.fr>
ARG TINI_VER=0.9.0
ENV USERID=1000 \
GROUPID=1000 \
SECRET=ZyCnLAhYKBIJrukuKZZJ \
CONTACT=contact@domain.tld \
MAX_FILE_SIZE=100000000 \
WEBROOT=/ \
DOMAIN=domain.tld
RUN apt-get update && apt-get install -y --no-install-recommends --no-install-suggests \
wget \
git \
perl \
make \
gcc \
ca-certificates \
libssl-dev \
shared-mime-info \
perlmagick \
&& cpan install Carton \
&& git clone https://framagit.org/luc/lutim.git --depth=1 \
&& cd /lutim \
&& carton install \
&& wget -q https://github.com/krallin/tini/releases/download/v$TINI_VER/tini_$TINI_VER.deb -P /tmp \
&& dpkg -i /tmp/tini_$TINI_VER.deb \
&& apt-get purge -y \
wget \
git \
make \
gcc \
libssl-dev \
ca-certificates \
&& apt-get autoremove --purge -y && apt-get clean \
&& rm -rf /var/lib/apt/lists/* /root/.cpan* /lutim/local/cache/* /lutim/utilities /tmp/*
COPY run.sh /usr/local/bin/run.sh
COPY lutim.conf /lutim/lutim.conf
RUN chmod +x /usr/local/bin/run.sh
EXPOSE 8181
VOLUME /data /lutim/files
CMD ["tini","--","run.sh"]

31
unmaintained/lutim/README.md Normal file
View File

@ -0,0 +1,31 @@
## wonderfall/lutim
![](https://i.goopics.net/rf.png)
#### What is this?
LUTIM means Let's Upload That Image.
It stores images and allows you to see them, download them or share them on social networks. From version 0.5, the gif images can be displayed as animated gifs in Twitter, but you need a HTTPS server (Twitter requires that. Lutim detects if you have a HTTPS server and displays an static image twitter card if you don't);
Images are indefinitly stored unless you request that they will be deleted at first view or after 24 hours / one week / one month / one year.
#### Build-time variables
- **TINI_VER** : version of `tini`.
#### Environment variables
- **GROUPID** : lutim group id. *(default : 1000)*
- **USERID** : lutim user id. *(default : 1000)*
- **SECRET** : random string used to encrypt cookies. *(default : ZyCnLAhYKBIJrukuKZZJ)*
- **CONTACT** : lutim contact. *(default : contact@domain.tld)*
- **MAX_FILE_SIZE** : maximum file size of an uploaded file in bytes. *(default : 1GB)*
- **WEBROOT** : webroot of lutim. *(default : /)*
- **DOMAIN** : your domain used with lutim *(default : domain.tld)*
*Tip : you can use the following command to generate SECRET.*
`cat /dev/urandom | tr -dc 'a-zA-Z' | fold -w 20 | head -n 1`
#### Volumes
- **/data** : where lutim's database is stored.
- **/lutim/files** : location of uploaded files.
#### Ports
- **8181** [(reverse proxy!)](https://github.com/hardware/mailserver/wiki/Reverse-proxy-configuration).

24
unmaintained/lutim/lutim.conf Normal file
View File

@ -0,0 +1,24 @@
{
hypnotoad => {
listen => ['http://0.0.0.0:8181'],
},
contact => '<contact>',
secrets => ['<secret>'],
length => 8,
crypto_key_length => 8,
provis_step => 5,
provisioning => 100,
anti_flood_delay => 5,
max_file_size => <max_file_size>,
allowed_domains => ['http://<domain>', 'https://<domain>'],
default_delay => 1,
max_delay => 0,
always_encrypt => 1,
token_length => 24,
stats_day_num => 365,
keep_ip_during => 365,
policy_when_full => 'warn',
prefix => '<webroot>',
db_path => '/data/lutim.db',
delete_no_longer_viewed_files => 90
};

11
unmaintained/lutim/run.sh Normal file
View File

@ -0,0 +1,11 @@
#!/bin/bash
deluser lutim
addgroup --gid $GROUPID lutim
adduser --system --shell /bin/sh --no-create-home --ingroup lutim --uid $USERID lutim
sed -i -e 's/<contact>/'$CONTACT'/g' \
-e 's/<secret>/'$SECRET'/g' \
-e 's/<max_file_size>/'$MAX_FILE_SIZE'/g' \
-e 's/<domain>/'$DOMAIN'/g' \
-e 's|<webroot>|'$WEBROOT'|g' /lutim/lutim.conf
chown -R lutim:lutim /lutim /data
cd /lutim && exec su lutim -c "carton exec hypnotoad -f /lutim/script/lutim"

124
unmaintained/nginx/Dockerfile Normal file
View File

@ -0,0 +1,124 @@
FROM alpine:3.4
MAINTAINER Wonderfall <wonderfall@schrodinger.io>
ENV UID=991 GID=991
ARG NGINX_VERSION=1.11.4
ARG LIBRESSL_VERSION=2.5.0
ARG GPG_LIBRESSL="A1EB 079B 8D3E B92B 4EBD 3139 663A F51B D5E4 D8D5"
ARG GPG_NGINX="B0F4 2533 73F8 F6F5 10D4 2178 520A 9993 A1C0 52F8"
ARG BUILD_CORES
RUN echo "@commuedge https://nl.alpinelinux.org/alpine/edge/community" >> /etc/apk/repositories \
&& NB_CORES=${BUILD_CORES-$(getconf _NPROCESSORS_CONF)} \
&& BUILD_DEPS=" \
build-base \
linux-headers \
ca-certificates \
automake \
autoconf \
git \
tar \
libtool \
pcre-dev \
zlib-dev \
binutils \
gnupg" \
&& apk -U add \
${BUILD_DEPS} \
pcre \
zlib \
libgcc \
libstdc++ \
su-exec \
openssl \
bind-tools \
tini@commuedge \
&& cd /tmp \
&& git clone https://github.com/bagder/libbrotli --depth=1 && cd libbrotli \
&& ./autogen.sh && ./configure && make -j ${NB_CORES} && make install \
&& cd /tmp \
&& git clone https://github.com/google/ngx_brotli --depth=1 \
&& git clone https://github.com/openresty/headers-more-nginx-module --depth=1 \
&& LIBRESSL_TARBALL="libressl-${LIBRESSL_VERSION}.tar.gz" \
&& wget -q http://ftp.openbsd.org/pub/OpenBSD/LibreSSL/${LIBRESSL_TARBALL} \
&& echo "Verifying ${LIBRESSL_TARBALL} using GPG..." \
&& wget -q http://ftp.openbsd.org/pub/OpenBSD/LibreSSL/${LIBRESSL_TARBALL}.asc \
&& wget -q http://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl.asc \
&& gpg --import libressl.asc \
&& FINGERPRINT="$(LANG=C gpg --verify ${LIBRESSL_TARBALL}.asc ${LIBRESSL_TARBALL} 2>&1 \
| sed -n "s#Primary key fingerprint: \(.*\)#\1#p")" \
&& if [ -z "${FINGERPRINT}" ]; then echo "Warning! Invalid GPG signature!" && exit 1; fi \
&& if [ "${FINGERPRINT}" != "${GPG_LIBRESSL}" ]; then echo "Warning! Wrong GPG fingerprint!" && exit 1; fi \
&& echo "All seems good, now unpacking ${LIBRESSL_TARBALL}..." \
&& tar xzf ${LIBRESSL_TARBALL} \
&& NGINX_TARBALL="nginx-${NGINX_VERSION}.tar.gz" \
&& wget -q https://nginx.org/download/${NGINX_TARBALL} \
&& echo "Verifying ${NGINX_TARBALL} using GPG..." \
&& wget -q https://nginx.org/download/${NGINX_TARBALL}.asc \
&& wget -q https://nginx.org/keys/mdounin.key \
&& gpg --import mdounin.key \
&& FINGERPRINT="$(LANG=C gpg --verify ${NGINX_TARBALL}.asc ${NGINX_TARBALL} 2>&1 \
| sed -n "s#Primary key fingerprint: \(.*\)#\1#p")" \
&& if [ -z "${FINGERPRINT}" ]; then echo "Warning! Invalid GPG signature!" && exit 1; fi \
&& if [ "${FINGERPRINT}" != "${GPG_NGINX}" ]; then echo "Warning! Wrong GPG fingerprint!" && exit 1; fi \
&& echo "All seems good, now unpacking ${NGINX_TARBALL}..." \
&& tar xzf ${NGINX_TARBALL} && cd nginx-${NGINX_VERSION} \
&& wget -q https://raw.githubusercontent.com/felixbuenemann/sslconfig/updated-nginx-1.9.15-spdy-patch/patches/nginx_1_9_15_http2_spdy.patch -O spdy.patch \
&& patch -p1 < spdy.patch \
&& wget -q https://raw.githubusercontent.com/cloudflare/sslconfig/master/patches/nginx__dynamic_tls_records.patch \
&& patch -p1 < nginx__dynamic_tls_records.patch \
&& ./configure \
--prefix=/etc/nginx \
--sbin-path=/usr/sbin/nginx \
--with-cc-opt='-O3 -fPIE -fstack-protector-strong -Wformat -Werror=format-security -Wno-deprecated-declarations' \
--with-ld-opt='-Wl,-Bsymbolic-functions -Wl,-z,relro' \
--with-openssl=/tmp/libressl-${LIBRESSL_VERSION} \
--with-http_ssl_module \
--with-http_v2_module \
--with-http_spdy_module \
--with-http_gzip_static_module \
--with-http_stub_status_module \
--with-file-aio \
--with-threads \
--with-pcre-jit \
--without-http_ssi_module \
--without-http_scgi_module \
--without-http_uwsgi_module \
--without-http_geo_module \
--without-http_autoindex_module \
--without-http_map_module \
--without-http_split_clients_module \
--without-http_memcached_module \
--without-http_empty_gif_module \
--without-http_browser_module \
--http-log-path=/var/log/nginx/access.log \
--error-log-path=/var/log/nginx/error.log \
--add-module=/tmp/headers-more-nginx-module \
--add-module=/tmp/ngx_brotli \
&& make -j ${NB_CORES} && make install && make clean \
&& strip -s /usr/sbin/nginx \
&& apk del ${BUILD_DEPS} \
&& rm -rf /tmp/* /var/cache/apk/* /root/.gnupg
COPY nginx.conf /etc/nginx/conf/nginx.conf
COPY run.sh /usr/local/bin/run.sh
COPY ngxpasswd /usr/local/bin/ngxpasswd
COPY ngxproxy /usr/local/bin/ngxproxy
COPY vhost_http.conf /etc/nginx/conf/vhost_http.conf
COPY vhost_https.conf /etc/nginx/conf/vhost_https.conf
COPY ssl_params /etc/nginx/conf/ssl_params
COPY headers_params /etc/nginx/conf/headers_params
COPY proxy_params /etc/nginx/conf/proxy_params
RUN chmod +x /usr/local/bin/*
EXPOSE 8000 4430
VOLUME /sites-enabled /www /conf.d /passwds /certs /var/log/nginx
LABEL description="nginx built from source." \
openssl="LibreSSL ${LIBRESSL_VERSION}." \
nginx="nginx ${NGINX_VERSION}."
CMD ["run.sh"]

56
unmaintained/nginx/README.md Normal file
View File

@ -0,0 +1,56 @@
## wonderfall/nginx
![](https://upload.wikimedia.org/wikipedia/commons/thumb/c/c5/Nginx_logo.svg/115px-Nginx_logo.svg.png)
#### What is this?
It is nginx statically linked against LibreSSL, with the following modules embedded : ngx_brotli (Brotli compression support) and headers_more. Secured by default (no root processes, even the master one), so it should be safe to use.
#### Features
- Based on Alpine Linux Edge.
- nginx built against **LibreSSL**.
- nginx : Cloudfare's SPDY patch.
- nginx : Cloudfare's dynamic TLS records patch.
- nginx : securely built using hardening gcc flags.
- nginx : HTTP/2 (+NPN) support.
- nginx : Brotli compression support (and configured).
- nginx : Headers More module.
- nginx : no root master process.
- nginx : AIO Threads support.
- nginx : no unnessary modules (except fastcgi).
- nginx : pcre-jit enabled.
- nginx : optimized configuration.
- ngxpasswd : generates a htpasswd file easily.
- ngxproxy : generates a *proxy vhost* after asking you a few questions.
#### Notes
It is required to chown your certs files with the right uid/pid and change the `listen` directive to 8000/4430 instead of 80/443. Linux 3.17+, and the latest Docker stable are recommended.
#### Volumes
- **/sites-enabled** : vhosts files (*.conf)
- **/conf.d** : additional configuration files
- **/certs** : SSL/TLS certificates
- **/var/log/nginx** : nginx logs
- **/passwds** : authentication files
- **/www** : put your websites there
#### Build-time variables
- **NGINX_VERSION** : version of nginx
- **LIBRESSL_VERSION** : version of LibreSSL
- **GPG_NGINX** : fingerprint of signing key package
- **GPG_LIBRESSL** : fingerprint of signing key package
- **BUILD_CORES** : number of cores you'd like to build with (default : all)
#### Environment variables
- **GID** : nginx group id *(default : 991)*
- **UID** : nginx user id *(default : 991)*
#### How to use it?
https://github.com/hardware/mailserver/wiki/Reverse-proxy-configuration
You can use `ngxproxy` to generate a *vhost* through an easy process : `docker exec -ti nginx ngxproxy`. `ngxpasswd` can generate htpasswd files : `docker exec -ti nginx ngxpasswd`. Both utilites are interactive so you won't feel lost.
Some configuration files located in `/etc/nginx/conf` are already provided, you can use them with the `include` directive.
- `ssl_params` : Provides a nice balance between compatibility and security.
- `headers_params` : HSTS (+ preload), XSS protection, etc.
- `proxy_params` : use with `proxy_pass`.

3
unmaintained/nginx/headers_params Normal file
View File

@ -0,0 +1,3 @@
add_header X-Frame-Options SAMEORIGIN;
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block";

87
unmaintained/nginx/nginx.conf Normal file
View File

@ -0,0 +1,87 @@
worker_processes auto;
pid /tmp/nginx.pid;
daemon off;
pcre_jit on;
events {
worker_connections 2048;
use epoll;
}
http {
limit_conn_zone $binary_remote_addr zone=limit_per_ip:10m;
limit_conn limit_per_ip 128;
limit_req_zone $binary_remote_addr zone=allips:10m rate=150r/s;
limit_req zone=allips burst=150 nodelay;
more_set_headers 'Server: secret';
include /etc/nginx/conf/mime.types;
default_type application/octet-stream;
access_log /var/log/nginx/access.log combined;
error_log /var/log/nginx/error.log crit;
fastcgi_temp_path /tmp/fastcgi 1 2;
proxy_temp_path /tmp/proxy 1 2;
client_body_temp_path /tmp/client_body 1 2;
client_body_buffer_size 10K;
client_header_buffer_size 1k;
client_max_body_size 8m;
large_client_header_buffers 2 1k;
aio threads;
sendfile on;
keepalive_timeout 15;
keepalive_disable msie6;
keepalive_requests 100;
tcp_nopush on;
tcp_nodelay on;
server_tokens off;
gzip on;
gzip_comp_level 5;
gzip_min_length 512;
gzip_buffers 4 8k;
gzip_proxied any;
gzip_vary on;
gzip_disable "msie6";
gzip_types
text/css
text/javascript
text/xml
text/plain
text/x-component
application/javascript
application/x-javascript
application/json
application/xml
application/rss+xml
application/vnd.ms-fontobject
font/truetype
font/opentype
image/svg+xml;
brotli on;
brotli_static on;
brotli_buffers 16 8k;
brotli_comp_level 6;
brotli_types
text/css
text/javascript
text/xml
text/plain
text/x-component
application/javascript
application/x-javascript
application/json
application/xml
application/rss+xml
application/vnd.ms-fontobject
font/truetype
font/opentype
image/svg+xml;
include /sites-enabled/*.conf;
}

76
unmaintained/nginx/ngxpasswd Normal file
View File

@ -0,0 +1,76 @@
#!/bin/sh
echo
echo "Welcome to ngxpasswd utility."
echo "We're about to create a password file."
echo
cd /passwds || exit 1
while [ "$NAME" == "" ]; do
read -p "Name: " NAME
done
if [ -f "/passwds/$NAME.htpasswd" ]; then
echo "ERROR: /passwds/$NAME.htpasswd already exists."
exit 1
fi
while [ "$USER" == "" ]; do
read -p "User: " USER
done
read -p "Password (leave blank to generate one): " PASSWORD
if [ "$PASSWORD" == "" ]; then
echo "Password was not defined, generating a random one..."
PASSWORD=$(cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 20 | head -n 1)
elif [ ${#PASSWORD} -le 6 ]; then
echo "WARNING: Non-secure password."
fi
echo -n $USER:$(openssl passwd -apr1 $PASSWORD) >> $NAME.htpasswd
chown $UID:$GID $NAME.htpasswd
chmod 640 $NAME.htpasswd
echo
echo "A new password file has been saved to /passwds/$NAME.htpasswd :"
echo "- Service : $NAME"
echo "- User : $USER"
echo "- Password : $PASSWORD"
echo
if [ -f "/sites-enabled/$NAME.conf" ] && grep -q '#auth' /sites-enabled/$NAME.conf; then
echo "vhost at /sites-enabled/$NAME.conf detected."
while [[ "$ADD" != "y" && "$ADD" != "n" ]]; do
read -p "Add authentication to $NAME.conf? [y/n]: " ADD
done
if [ "$ADD" == "y" ]; then
cd /etc/nginx/conf
sed -i -e 's/#auth/auth/g' -e "s/<NAME>/$NAME/g" /sites-enabled/$NAME.conf
echo "Automatically added, please verify. Otherwise follow these instructions."
echo
fi
fi
echo "Paste this to your vhost in order to enable auth :"
echo " auth_basic \"Who's this?\";"
echo " auth_basic_user_file /passwds/$NAME.htpasswd;"
echo
if [ "$ADD" == "y" ]; then
while [[ "$RELOAD" != "y" && "$RELOAD" != "n" ]]; do
read -p "Reload nginx now? [y/n]: " RELOAD
done
if [ "$RELOAD" == "y" ]; then
su-exec $UID:$GID nginx -s reload
echo "nginx successfully reloaded."
else
echo "Restart manually nginx to enable authentication."
fi
fi
exit 0

139
unmaintained/nginx/ngxproxy Normal file
View File

@ -0,0 +1,139 @@
#!/bin/sh
echo
echo "Welcome to ngxproxy utility."
echo "We're about to create a new virtual host (AKA server block)."
echo
while [ "$NAME" == "" ]; do
read -p "Name: " NAME
done
if [ -f "/sites-enabled/$NAME.conf" ]; then
echo "ERROR: /sites-enabled/$NAME.conf already exists."
exit 1
fi
while [ "$DOMAIN" == "" ]; do
read -p "Domain: " DOMAIN
done
if [ "$(dig +short $DOMAIN)" == "" ]; then
echo "WARNING: $DOMAIN couldn't be resolved: it may not work!"
echo "HINT: Is this domain correct? Did you update your DNS zone?"
fi
read -p "Webroot (default is /): " WEBROOT
if [ "$WEBROOT" == "" ]; then
WEBROOT="/"
elif [ "$WEBROOT" != "/" ]; then
echo "WARNING: You might have to add a proxy header to get your custom webroot working."
while [[ "$CONFIGURE_WEBROOT" != "y" && "$CONFIGURE_WEBROOT" != "n" ]]; do
read -p "Is it required (by the app) to configure it? [y/n]: " CONFIGURE_WEBROOT
done
if [ "$CONFIGURE_WEBROOT" == "y" ]; then
while [ "$WEBROOT_HEADER" == "" ]; do
read -p "Type the required proxy_set_header (like X-Script-Name): " WEBROOT_HEADER
done
fi
fi
while [ "$CONTAINER" == "" ]; do
read -p "Container: " CONTAINER
done
ping -c 1 $CONTAINER >/dev/null 2>&1
if [ "$?" != "0" ]; then
echo "WARNING: $CONTAINER seems to be unavailable. It may not work!"
echo "HINT: Did you correctly link the container?"
fi
read -p "Port (default is 80): " PORT
if [ "$PORT" == "" ]; then
PORT="80"
elif ! [ "$PORT" -eq "$PORT" ] 2>/dev/null; then
echo "ERROR: an integer value was expected."
exit 1
elif [ "$PORT" -gt "65535" ]; then
echo "ERROR: $PORT exceeds the maximum TCP port which is 65535"
exit 1
fi
while [[ "$HTTPS" != "y" && "$HTTPS" != "n" ]]; do
read -p "HTTPS [y/n]: " HTTPS
done
if [ "$HTTPS" == "y" ]; then
while [ ! -f "$CERTIFICATE_PATH" ]; do
read -p "Certificate path: " CERTIFICATE_PATH
done
while [ ! -f "$KEY_PATH" ]; do
read -p "Certificate key path: " KEY_PATH
done
cp -f /etc/nginx/conf/vhost_https.conf /tmp/${NAME}.conf
sed -i \
-e "s|<CERTIFICATE_PATH>|$CERTIFICATE_PATH|g" \
-e "s|<KEY_PATH>|$KEY_PATH|g" \
/tmp/$NAME.conf
while [[ "$HEADERS" != "y" && "$HEADERS" != "n" ]]; do
read -p "Secure headers [y/n]: " HEADERS
done
if [ "$HEADERS" == "y" ]; then
sed -i 's|#include /etc/nginx/conf/headers_params|include /etc/nginx/conf/headers_params|g' /tmp/$NAME.conf
fi
else
cp -f /etc/nginx/conf/vhost_http.conf /tmp/${NAME}.conf
fi
while [ "$MAX_BODY_SIZE" == "" ]; do
read -p "Max body size in MB (integer/n): " MAX_BODY_SIZE
done
if ! [ "$MAX_BODY_SIZE" -eq "$MAX_BODY_SIZE" ] 2>/dev/null && [ "$MAX_BODY_SIZE" != "n" ]; then
echo "ERROR: Incorrect value."
exit 1
fi
if [ "$MAX_BODY_SIZE" != "n" ]; then
sed -i "s|#client_max_body_size <MAX_BODY_SIZE>|client_max_body_size $MAX_BODY_SIZE|g" /tmp/$NAME.conf
fi
if [ "$CONFIGURE_WEBROOT" == "y" ]; then
sed -i "/proxy_pass/a \ \ \ \ proxy_set_header $WEBROOT_HEADER $WEBROOT;" /tmp/$NAME.conf
fi
sed -i \
-e "s|<DOMAIN>|$DOMAIN|g" \
-e "s|<CONTAINER>|$CONTAINER|g" \
-e "s|<PORT>|$PORT|g" \
-e "s|<WEBROOT>|$WEBROOT|g" \
/tmp/$NAME.conf
mv /tmp/$NAME.conf /sites-enabled/
echo
echo "Done! $NAME.conf has been generated."
while [[ "$RELOAD" != "y" && "$RELOAD" != "n" ]]; do
read -p "Reload nginx now? [y/n]: " RELOAD
done
if [ "$RELOAD" == "y" ]; then
su-exec $UID:$GID nginx -s reload
echo "nginx successfully reloaded."
else
echo "Restart manually nginx to enable this new vhost."
fi
echo
exit 0

6
unmaintained/nginx/proxy_params Normal file
View File

@ -0,0 +1,6 @@
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Remote-Port $remote_port;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_redirect off;

4
unmaintained/nginx/run.sh Normal file
View File

@ -0,0 +1,4 @@
#!/bin/sh
chown -R $UID:$GID /etc/nginx /var/log/nginx /sites-enabled /conf.d /certs /www /tmp
chmod -R 700 /certs
exec su-exec $UID:$GID /sbin/tini -- nginx

10
unmaintained/nginx/ssl_params Normal file
View File

@ -0,0 +1,10 @@
ssl_protocols TLSv1.2;
ssl_ecdh_curve secp384r1;
ssl_ciphers ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256;
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:20m;
ssl_session_timeout 15m;
ssl_session_tickets off;
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload";

14
unmaintained/nginx/vhost_http.conf Normal file
View File

@ -0,0 +1,14 @@
server {
listen 8000;
server_name <DOMAIN>;
#client_max_body_size <MAX_BODY_SIZE>M;
#auth_basic "Who's this?";
#auth_basic_user_file /passwds/<NAME>.htpasswd;
location <WEBROOT> {
proxy_pass http://<CONTAINER>:<PORT>;
include /etc/nginx/conf/proxy_params;
}
}

26
unmaintained/nginx/vhost_https.conf Normal file
View File

@ -0,0 +1,26 @@
server {
listen 8000;
server_name <DOMAIN>;
return 301 https://$host$request_uri;
}
server {
listen 4430 ssl spdy http2;
server_name <DOMAIN>;
ssl_certificate <CERTIFICATE_PATH>;
ssl_certificate_key <KEY_PATH>;
include /etc/nginx/conf/ssl_params;
include /etc/nginx/conf/headers_params;
#client_max_body_size <MAX_BODY_SIZE>M;
#auth_basic "Who's this?";
#auth_basic_user_file /passwds/<NAME>.htpasswd;
location <WEBROOT> {
proxy_pass http://<CONTAINER>:<PORT>;
include /etc/nginx/conf/proxy_params;
}
}

54
unmaintained/rainloop/Dockerfile Normal file
View File

@ -0,0 +1,54 @@
FROM alpine:edge
MAINTAINER Wonderfall <wonderfall@schrodinger.io>
ARG GPG_rainloop="3B79 7ECE 694F 3B7B 70F3 11A4 ED7C 49D9 87DA 4591"
ENV UID=991 GID=991
RUN echo "@commuedge https://nl.alpinelinux.org/alpine/edge/community" >> /etc/apk/repositories \
&& apk -U add \
gnupg \
nginx \
s6 \
su-exec \
php7-fpm@commuedge \
php7-curl@commuedge \
php7-iconv@commuedge \
php7-xml@commuedge \
php7-dom@commuedge \
php7-openssl@commuedge \
php7-json@commuedge \
php7-zlib@commuedge \
php7-pdo_mysql@commuedge \
php7-pdo_pgsql@commuedge \
php7-pdo_sqlite@commuedge \
php7-sqlite3@commuedge \
&& cd /tmp \
&& wget -q http://repository.rainloop.net/v2/webmail/rainloop-community-latest.zip \
&& wget -q http://repository.rainloop.net/v2/webmail/rainloop-community-latest.zip.asc \
&& wget -q http://repository.rainloop.net/RainLoop.asc \
&& echo "Verifying authenticity of rainloop-community-latest.zip using GPG..." \
&& gpg --import RainLoop.asc \
&& FINGERPRINT="$(LANG=C gpg --verify rainloop-community-latest.zip.asc rainloop-community-latest.zip 2>&1 \
| sed -n "s#Primary key fingerprint: \(.*\)#\1#p")" \
&& if [ -z "${FINGERPRINT}" ]; then echo "Warning! Invalid GPG signature!" && exit 1; fi \
&& if [ "${FINGERPRINT}" != "${GPG_rainloop}" ]; then echo "Warning! Wrong GPG fingerprint!" && exit 1; fi \
&& echo "All seems good, now unzipping rainloop-community-latest.zip..." \
&& mkdir /rainloop && unzip -q /tmp/rainloop-community-latest.zip -d /rainloop \
&& find /rainloop -type d -exec chmod 755 {} \; \
&& find /rainloop -type f -exec chmod 644 {} \; \
&& apk del gnupg \
&& rm -rf /tmp/* /var/cache/apk/* /root/.gnupg
COPY nginx.conf /etc/nginx/nginx.conf
COPY php-fpm.conf /etc/php7/php-fpm.conf
COPY s6.d /etc/s6.d
COPY run.sh /usr/local/bin/run.sh
RUN chmod +x /usr/local/bin/run.sh /etc/s6.d/*/* /etc/s6.d/.s6-svscan/*
VOLUME /rainloop/data
EXPOSE 8888
CMD ["run.sh"]

29
unmaintained/rainloop/README.md Normal file
View File

@ -0,0 +1,29 @@
## wonderfall/rainloop
![](https://i.goopics.net/nI.png)
#### What is this?
Rainloop is a simple, modern & fast web-based client. More info on the [official website](http://www.rainloop.net/).
#### Features
- Based on Alpine 3.3
- Latest Rainloop **Community Edition**
- Contacts (DB) : sqlite, or mysql (server not built-in)
- nginx + PHP7
#### Build-time variables
- **GPG_rainloop** : fingerprint of signing key
#### Environment variables
- **GID** : rainloop group id *(default : 991)*
- **UID** : rainloop user id *(default : 991)*
#### Volumes
- **/rainloop/data** : data files.
#### Ports
- **8888***
#### Reverse proxy
https://github.com/Wonderfall/dockerfiles/tree/master/reverse
https://github.com/hardware/mailserver/wiki/Reverse-proxy-configuration

76
unmaintained/rainloop/nginx.conf Normal file
View File

@ -0,0 +1,76 @@
worker_processes auto;
pid /tmp/nginx.pid;
daemon off;
events {
worker_connections 1024;
use epoll;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
access_log off;
error_log /tmp/ngx_error.log error;
sendfile on;
keepalive_timeout 15;
keepalive_disable msie6;
keepalive_requests 100;
tcp_nopush on;
tcp_nodelay on;
server_tokens off;
fastcgi_temp_path /tmp/fastcgi 1 2;
client_body_temp_path /tmp/client_body 1 2;
proxy_temp_path /tmp/proxy 1 2;
uwsgi_temp_path /tmp/uwsgi 1 2;
scgi_temp_path /tmp/scgi 1 2;
gzip on;
gzip_comp_level 5;
gzip_min_length 512;
gzip_buffers 4 8k;
gzip_proxied any;
gzip_vary on;
gzip_disable "msie6";
gzip_types
text/css
text/javascript
text/xml
text/plain
text/x-component
application/javascript
application/x-javascript
application/json
application/xml
application/rss+xml
application/vnd.ms-fontobject
font/truetype
font/opentype
image/svg+xml;
server {
listen 8888;
root /rainloop;
index index.php index.html;
location ^~ /data {
deny all;
}
location / {
try_files $uri $uri/ index.php;
}
location ~ \.php$ {
fastcgi_index index.php;
fastcgi_pass unix:/tmp/php-fpm.sock;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include /etc/nginx/fastcgi_params;
}
}
}

11
unmaintained/rainloop/php-fpm.conf Normal file
View File

@ -0,0 +1,11 @@
[global]
daemonize = no
[www]
listen = /tmp/php-fpm.sock
pm = dynamic
pm.max_children = 5
pm.start_servers = 2
pm.min_spare_servers = 1
pm.max_spare_servers = 3
chdir = /

3
unmaintained/rainloop/run.sh Normal file
View File

@ -0,0 +1,3 @@
#!/bin/sh
chown -R $UID:$GID /rainloop /etc/nginx /etc/php7 /var/log /var/lib/nginx /tmp /etc/s6.d
exec su-exec $UID:$GID /bin/s6-svscan /etc/s6.d

3
unmaintained/rainloop/s6.d/.s6-svscan/finish Normal file
View File

@ -0,0 +1,3 @@
#!/bin/sh
exit 0

2
unmaintained/rainloop/s6.d/nginx/run Normal file
View File

@ -0,0 +1,2 @@
#!/bin/sh
exec nginx

2
unmaintained/rainloop/s6.d/php/run Normal file
View File

@ -0,0 +1,2 @@
#!/bin/sh
exec php-fpm7

103
unmaintained/rutorrent/Dockerfile Normal file
View File

@ -0,0 +1,103 @@
FROM alpine:3.4
MAINTAINER xataz <https://github.com/xataz/dockerfiles>
MAINTAINER Wonderfall <wonderfall@schrodinger.io>
ARG MEDIAINFO_VER=0.7.85
ARG RTORRENT_VER=0.9.6
ARG LIBTORRENT_VER=0.13.6
ARG FILEBOT_VER=4.7
ARG BUILD_CORES
ENV UID=991 \
GID=991 \
WEBROOT=/ \
PKG_CONFIG_PATH=/usr/local/lib/pkgconfig
RUN echo "@commuedge https://nl.alpinelinux.org/alpine/edge/community" >> /etc/apk/repositories \
&& NB_CORES=${BUILD_CORES-`getconf _NPROCESSORS_CONF`} \
&& BUILD_DEPS=" \
build-base \
git \
libtool \
automake \
autoconf \
wget \
tar \
subversion \
cppunit-dev \
openssl-dev \
ncurses-dev \
curl-dev \
binutils" \
&& apk -U add \
${BUILD_DEPS} \
ffmpeg \
ca-certificates \
nginx \
php7@commuedge \
php7-fpm@commuedge \
php7-json@commuedge \
curl \
gzip \
zip \
unrar \
supervisor \
geoip \
tini@commuedge \
openjdk8-jre@commuedge \
&& cd /tmp \
&& wget -q http://downloads.sourceforge.net/mktorrent/mktorrent-1.0.tar.gz \
&& tar xzvf mktorrent-1.0.tar.gz \
&& svn checkout http://svn.code.sf.net/p/xmlrpc-c/code/stable xmlrpc-c \
&& mkdir libtorrent rtorrent \
&& cd libtorrent && wget -qO- https://github.com/rakshasa/libtorrent/archive/${LIBTORRENT_VER}.tar.gz | tar xz --strip 1 \
&& cd ../rtorrent && wget -qO- https://github.com/rakshasa/rtorrent/archive/${RTORRENT_VER}.tar.gz | tar xz --strip 1 \
&& cd /tmp \
&& wget -q http://mediaarea.net/download/binary/mediainfo/${MEDIAINFO_VER}/MediaInfo_CLI_${MEDIAINFO_VER}_GNU_FromSource.tar.gz \
&& wget -q http://mediaarea.net/download/binary/libmediainfo0/${MEDIAINFO_VER}/MediaInfo_DLL_${MEDIAINFO_VER}_GNU_FromSource.tar.gz \
&& tar xzf MediaInfo_DLL_${MEDIAINFO_VER}_GNU_FromSource.tar.gz \
&& tar xzf MediaInfo_CLI_${MEDIAINFO_VER}_GNU_FromSource.tar.gz \
&& tar xzvf mktorrent-1.0.tar.gz \
&& cd /tmp/mktorrent-1.0 && make -j ${NB_CORES} && make install \
&& cd /tmp/MediaInfo_DLL_GNU_FromSource && ./SO_Compile.sh \
&& cd /tmp/MediaInfo_DLL_GNU_FromSource/ZenLib/Project/GNU/Library && make install \
&& cd /tmp/MediaInfo_DLL_GNU_FromSource/MediaInfoLib/Project/GNU/Library && make install \
&& cd /tmp/MediaInfo_CLI_GNU_FromSource && ./CLI_Compile.sh \
&& cd /tmp/MediaInfo_CLI_GNU_FromSource/MediaInfo/Project/GNU/CLI && make install \
&& cd /tmp/xmlrpc-c && ./configure && make -j ${NB_CORES} && make install \
&& cd /tmp/libtorrent && ./autogen.sh && ./configure \
&& make -j ${NB_CORES} && make install \
&& cd /tmp/rtorrent && ./autogen.sh && ./configure --with-xmlrpc-c \
&& make -j ${NB_CORES} && make install \
&& mkdir -p /var/www && cd /var/www \
&& git clone https://github.com/Novik/ruTorrent.git rutorrent --depth=1 \
&& cd /var/www/rutorrent/plugins/ \
&& git clone https://github.com/Korni22/rutorrent-logoff logoff --depth=1 \
&& git clone https://github.com/xombiemp/rutorrentMobile.git mobile --depth=1 \
&& git clone https://github.com/Ardakilic/rutorrent-pausewebui pausewebui --depth=1 \
&& cd /var/www/rutorrent/plugins/theme/themes \
&& git clone https://github.com/Phlooo/ruTorrent-MaterialDesign.git Material --depth=1 \
&& mv /var/www/rutorrent /var/www/torrent \
&& mkdir /filebot \
&& wget -q http://downloads.sourceforge.net/project/filebot/filebot/FileBot_${FILEBOT_VER}/FileBot_${FILEBOT_VER}-portable.zip -P /tmp \
&& unzip -q /tmp/FileBot_${FILEBOT_VER}-portable.zip -d /filebot \
&& strip -s /usr/local/bin/rtorrent \
&& strip -s /usr/local/bin/mediainfo \
&& apk del ${BUILD_DEPS} \
&& deluser svn && delgroup svnusers \
&& rm -rf /var/cache/apk/* /tmp/*
COPY rootfs /
RUN chmod +x /usr/bin/*
VOLUME /data /var/www/torrent/share/users
EXPOSE 80 49184 49184/udp
LABEL description="BitTorrent client with WebUI front-end" \
rtorrent="rTorrent BiTorrent client v$RTORRENT_VER" \
libtorrent="libtorrent v$LIBTORRENT_VER" \
mediainfo="mediainfo v$MEDIAINFO_VER" \
filebot="Filebot v$FILEBOT_VER"
CMD ["/sbin/tini","--","startup"]

24
unmaintained/rutorrent/README.md Normal file
View File

@ -0,0 +1,24 @@
## wonderfall/rutorrent
Originally forked from [xataz/rutorrent](https://github.com/xataz/dockerfiles/tree/master/rutorrent).
#### What is this?
This container contains both rtorrent (whis is a BitTorrent client) and rutorrent (which is a front-end for rtorrent). Filebolt is also included, the default behavior is set to create clean symlinks, so media players like Emby/Plex can easily detect your TV shows and movies.
![](https://pix.schrodinger.io/KDVxwnJA/nEMCzJEd.jpg)
#### Main features
- Lightweight, since it's based on Alpine Linux.
- Everything is almost compiled from source.
- Secured, don't bother about configuration files.
- Filebot is included, and creates symlinks in `/data/Media`.
- rutorrent : Material theme by phlo set by default.
- rutorrent : nginx + PHP7.
#### Ports
- **49184** (bind it).
- **80** [(reverse proxy!)](https://github.com/hardware/mailserver/wiki/Reverse-proxy-configuration)
#### Volumes
- **/data** : your files, symlinks, and so on.
- **/var/www/torrent/share/users** : rutorrent settings.

4
unmaintained/rutorrent/rootfs/etc/nginx/conf.d/cache.conf Normal file
View File

@ -0,0 +1,4 @@
location ~* \.(jpg|jpeg|gif|css|png|js|map|woff|woff2|ttf|svg|eot)$ {
expires 30d;
access_log off;
}

6
unmaintained/rutorrent/rootfs/etc/nginx/conf.d/php.conf Normal file
View File

@ -0,0 +1,6 @@
location ~ \.php$ {
fastcgi_index index.php;
fastcgi_pass unix:/var/run/php-fpm.sock;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include /etc/nginx/fastcgi_params;
}

54
unmaintained/rutorrent/rootfs/etc/nginx/nginx.conf Normal file
View File

@ -0,0 +1,54 @@
user torrent;
worker_processes auto;
pid /var/run/nginx.pid;
daemon off;
events {
worker_connections 1024;
use epoll;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
access_log /var/log/nginx/access.log combined;
error_log /var/log/nginx/error.log error;
fastcgi_temp_path /tmp/fastcgi 1 2;
scgi_temp_path /tmp/scgi 1 2;
client_body_temp_path /tmp/client_body 1 2;
sendfile on;
keepalive_timeout 15;
keepalive_disable msie6;
keepalive_requests 100;
tcp_nopush on;
tcp_nodelay on;
server_tokens off;
gzip on;
gzip_comp_level 5;
gzip_min_length 512;
gzip_buffers 4 8k;
gzip_proxied any;
gzip_vary on;
gzip_disable "msie6";
gzip_types
text/css
text/javascript
text/xml
text/plain
text/x-component
application/javascript
application/x-javascript
application/json
application/xml
application/rss+xml
application/vnd.ms-fontobject
font/truetype
font/opentype
image/svg+xml;
include /sites/*.conf;
}

12
unmaintained/rutorrent/rootfs/etc/php7/php-fpm.conf Normal file
View File

@ -0,0 +1,12 @@
[www]
user = torrent
group = torrent
listen = /var/run/php-fpm.sock
listen.owner = torrent
listen.group = torrent
pm = dynamic
pm.max_children = 5
pm.start_servers = 2
pm.min_spare_servers = 1
pm.max_spare_servers = 3
chdir = /

174
unmaintained/rutorrent/rootfs/etc/php7/php.ini Normal file
View File

@ -0,0 +1,174 @@
[PHP]
engine = On
short_open_tag = Off
asp_tags = Off
precision = 14
output_buffering = 4096
zlib.output_compression = Off
implicit_flush = Off
unserialize_callback_func =
serialize_precision = 17
disable_functions = pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,
disable_classes =
zend.enable_gc = On
expose_php = Off
max_execution_time = 30
max_input_time = 60
memory_limit = 128M
error_reporting = E_ALL & ~E_DEPRECATED & ~E_STRICT
display_errors = Off
display_startup_errors = Off
log_errors = On
log_errors_max_len = 1024
ignore_repeated_errors = Off
ignore_repeated_source = Off
report_memleaks = On
track_errors = Off
html_errors = On
variables_order = "GPCS"
request_order = "GP"
register_argc_argv = Off
auto_globals_jit = On
post_max_size = 10M
auto_prepend_file =
auto_append_file =
default_mimetype = "text/html"
default_charset = "UTF-8"
doc_root =
user_dir =
enable_dl = Off
file_uploads = On
upload_max_filesize = 10M
max_file_uploads = 20
allow_url_fopen = On
allow_url_include = Off
default_socket_timeout = 60
[CLI Server]
cli_server.color = On
[Date]
[filter]
[iconv]
[intl]
[sqlite]
[sqlite3]
[Pcre]
[Pdo]
[Pdo_mysql]
pdo_mysql.cache_size = 2000
pdo_mysql.default_socket=
[Phar]
[mail function]
SMTP = localhost
smtp_port = 25
mail.add_x_header = On
[SQL]
sql.safe_mode = Off
[ODBC]
odbc.allow_persistent = On
odbc.check_persistent = On
odbc.max_persistent = -1
odbc.max_links = -1
odbc.defaultlrl = 4096
odbc.defaultbinmode = 1
[Interbase]
ibase.allow_persistent = 1
ibase.max_persistent = -1
ibase.max_links = -1
ibase.timestampformat = "%Y-%m-%d %H:%M:%S"
ibase.dateformat = "%Y-%m-%d"
ibase.timeformat = "%H:%M:%S"
[MySQL]
mysql.allow_local_infile = On
mysql.allow_persistent = On
mysql.cache_size = 2000
mysql.max_persistent = -1
mysql.max_links = -1
mysql.default_port =
mysql.default_socket =
mysql.default_host =
mysql.default_user =
mysql.default_password =
mysql.connect_timeout = 60
mysql.trace_mode = Off
[MySQLi]
mysqli.max_persistent = -1
mysqli.allow_persistent = On
mysqli.max_links = -1
mysqli.cache_size = 2000
mysqli.default_port = 3306
mysqli.default_socket =
mysqli.default_host =
mysqli.default_user =
mysqli.default_pw =
mysqli.reconnect = Off
[mysqlnd]
mysqlnd.collect_statistics = On
mysqlnd.collect_memory_statistics = Off
[OCI8]
[PostgreSQL]
pgsql.allow_persistent = On
pgsql.auto_reset_persistent = Off
pgsql.max_persistent = -1
pgsql.max_links = -1
pgsql.ignore_notice = 0
pgsql.log_notice = 0
[Sybase-CT]
sybct.allow_persistent = On
sybct.max_persistent = -1
sybct.max_links = -1
sybct.min_server_severity = 10
sybct.min_client_severity = 10
[bcmath]
bcmath.scale = 0
[browscap]
[Session]
session.save_handler = files
session.use_strict_mode = 0
session.use_cookies = 1
session.use_only_cookies = 1
session.name = PHPSESSID
session.auto_start = 0
session.cookie_lifetime = 0
session.cookie_path = /
session.cookie_domain =
session.cookie_httponly =
session.serialize_handler = php
session.gc_probability = 0
session.gc_divisor = 1000
session.gc_maxlifetime = 1440
session.referer_check =
session.cache_limiter = nocache
session.cache_expire = 180
session.use_trans_sid = 0
session.hash_function = 0
session.hash_bits_per_character = 5
url_rewriter.tags = "a=href,area=href,frame=src,input=src,form=fakeentry"
[MSSQL]
mssql.allow_persistent = On
mssql.max_persistent = -1
mssql.max_links = -1
mssql.min_error_severity = 10
mssql.min_message_severity = 10
mssql.compatibility_mode = Off
mssql.secure_connection = Off
[Assertion]
[COM]
[mbstring]
[gd]
[exif]
[Tidy]
tidy.clean_output = Off
[soap]
soap.wsdl_cache_enabled=1
soap.wsdl_cache_dir="/tmp"
soap.wsdl_cache_ttl=86400
soap.wsdl_cache_limit = 5
[sysvshm]
[ldap]
ldap.max_links = -1
[mcrypt]
[dba]
[opcache]
[curl]
[openssl]

17
unmaintained/rutorrent/rootfs/etc/supervisor.d/supervisord.ini Normal file
View File

@ -0,0 +1,17 @@
[supervisord]
nodaemon=true
[program:rtorrent]
user=torrent
directory=/home/torrent
priority=2
redirect_stderr=true
environment=HOME="/home/torrent",PWD="/home/torrent",LOGNAME="rtorrent",USER="torrent",TERM="xterm"
startsecs=5
command=rtorrent
[program:php-fpm]
command=php-fpm7 --nodaemonize
[program:nginx]
command=nginx

23
unmaintained/rutorrent/rootfs/home/torrent/.rtorrent.rc Normal file
View File

@ -0,0 +1,23 @@
scgi_port = 0.0.0.0:5000
encoding_list = UTF-8
port_range = 49184-49184
port_random = no
check_hash = no
directory = /data/torrents
session = /data/.session
encryption = require,require_RC4,allow_incoming,try_outgoing
use_udp_trackers = yes
dht = off
peer_exchange = no
min_peers = 1
max_peers = 100
min_peers_seed = 1
max_peers_seed = 50
max_uploads = 15
execute = {sh,-c,/usr/bin/php7 /var/www/torrent/php/initplugins.php torrent &}
schedule = watch_directory,1,1,"load_start=/data/.watch/*.torrent"
schedule = untied_directory,5,5,"stop_untied=/data/.watch/*.torrent"
schedule = espace_disque_insuffisant,1,30,close_low_diskspace=500M
system.method.set_key=event.download.finished,filebot,"execute={/usr/bin/postdl,$d.get_base_path=,$d.get_name=,$d.get_custom1=}"
system.method.set_key=event.download.erased,filebot_cleaner,"execute={/usr/bin/postrm}"

48
unmaintained/rutorrent/rootfs/sites/rutorrent.conf Normal file
View File

@ -0,0 +1,48 @@
server {
listen 80 default_server;
server_name _;
charset utf-8;
index index.html index.php;
client_max_body_size 10M;
access_log /var/log/nginx/rutorrent-access.log combined;
error_log /var/log/nginx/rutorrent-error.log error;
error_page 500 502 503 504 /50x.html;
location = /50x.html { root /usr/share/nginx/html; }
root /var/www;
location = /favicon.ico {
access_log off;
log_not_found off;
}
location ^~ <webroot> {
root /var/www<folder>;
include /etc/nginx/conf.d/php.conf;
include /etc/nginx/conf.d/cache.conf;
location ~ /\.svn {
deny all;
}
location ~ /\.ht {
deny all;
}
}
location /RPC {
include scgi_params;
scgi_pass 127.0.0.1:5000;
}
location ^~ <folder>/conf/ {
deny all;
}
location ^~ <folder>/share/ {
deny all;
}
}

10
unmaintained/rutorrent/rootfs/usr/bin/postdl Normal file
View File

@ -0,0 +1,10 @@
#!/bin/sh
# rtorrent.rc
# system.method.set_key=event.download.finished,filebot,"execute={rtorrent-postprocess.sh,$d.get_base_path=,$d.get_name=,$d.get_custom1=}"
TORRENT_PATH="$1"
TORRENT_NAME="$2"
TORRENT_LABEL="$3"
/filebot/filebot.sh -script fn:amc --output "/data/Media" --action symlink --conflict skip -non-strict --log-file amc.log --def excludeList=amc.excludes unsorted=y music=y "seriesFormat=/data/Media/TV/{n}/Season {s.pad(2)}/{s00e00} - {t}" "animeFormat=/data/Media/Animes/{n}/{e.pad(3)} - {t}" "movieFormat=/data/Media/Movies/{n}" "musicFormat=/data/Media/Music/{n}/{fn}" "ut_dir=$TORRENT_PATH" "ut_kind=multi" "ut_title=$TORRENT_NAME" "ut_label=$TORRENT_LABEL" &

3
unmaintained/rutorrent/rootfs/usr/bin/postrm Normal file
View File

@ -0,0 +1,3 @@
#!/bin/sh
/filebot/filebot.sh -script fn:cleaner /data/Media

25
unmaintained/rutorrent/rootfs/usr/bin/startup Normal file
View File

@ -0,0 +1,25 @@
#!/bin/sh
addgroup -g ${GID} torrent && adduser -h /home/torrent -s /bin/sh -G torrent -D -u ${UID} torrent
mkdir -p /data/torrents
mkdir -p /data/.watch
mkdir -p /data/.session
mkdir -p /data/Media/Movies
mkdir -p /data/Media/TV
mkdir -p /data/Media/Animes
mkdir -p /data/Media/Music
mkdir /tmp/fastcgi /tmp/scgi /tmp/client_body
if [ $WEBROOT != "/" ]; then
sed -i 's|<webroot>|'${WEBROOT}'|g' /sites/rutorrent.conf
sed -i 's|<folder>||g' /sites/rutorrent.conf
mv /var/www/torrent /var/www${WEBROOT}
else
sed -i 's|<webroot>|/|g' /sites/rutorrent.conf
sed -i 's|<folder>|/torrent|g' /sites/rutorrent.conf
fi
chown -R torrent:torrent /data /var/www /home/torrent /var/lib/nginx /filebot /tmp
rm -f /data/.session/rtorrent.lock
/usr/bin/supervisord -c /etc/supervisord.conf

36
unmaintained/rutorrent/rootfs/var/www/torrent/conf/config.php Normal file
View File

@ -0,0 +1,36 @@
<?php
@define('HTTP_USER_AGENT', 'Mozilla/5.0 (Windows NT 6.0; WOW64; rv:12.0) Gecko/20100101 Firefox/12.0', true);
@define('HTTP_TIME_OUT', 30, true);
@define('HTTP_USE_GZIP', true, true);
$httpIP = null;
@define('RPC_TIME_OUT', 5, true);
@define('LOG_RPC_CALLS', false, true);
@define('LOG_RPC_FAULTS', true, true);
@define('PHP_USE_GZIP', false, true);
@define('PHP_GZIP_LEVEL', 2, true);
$schedule_rand = 10;
$do_diagnostic = true;
$log_file = '/tmp/errors.log';
$saveUploadedTorrents = true;
$overwriteUploadedTorrents = false;
$topDirectory = '/data/torrents';
$forbidUserSettings = false;
$scgi_port = 5000;
$scgi_host = "127.0.0.1";
$XMLRPCMountPoint = "/RPC";
$pathToExternals = array(
"php" => '/usr/bin/php7',
"curl" => '/usr/bin/curl',
"gzip" => '/usr/bin/gzip',
"id" => '/usr/bin/id',
"stat" => '/usr/bin/stat',
);
$localhosts = array(
"127.0.0.1",
"localhost",
);
$profilePath = '../share';
$profileMask = 0777;
$tempDirectory = null;
$canUseXSendFile = true;
$locale = "UTF8";

20
unmaintained/rutorrent/rootfs/var/www/torrent/conf/plugins.ini Normal file
View File

@ -0,0 +1,20 @@
[default]
enabled = user-defined
canChangeToolbar = yes
canChangeMenu = yes
canChangeOptions = yes
canChangeTabs = yes
canChangeColumns = yes
canChangeStatusBar = yes
canChangeCategory = yes
canBeShutdowned = yes
[ipad]
enabled = no
[httprpc]
enabled = no
[retrackers]
enabled = no
[rpc]
enabled = no
[rutracker_check]
enabled = no

5
unmaintained/rutorrent/rootfs/var/www/torrent/plugins/create/conf.php Normal file
View File

@ -0,0 +1,5 @@
<?php
$useExternal = 'mktorrent';
$pathToCreatetorrent = '/usr/local/bin/mktorrent';
$recentTrackersMaxCount = 15;

18
unmaintained/rutorrent/rootfs/var/www/torrent/plugins/filemanager/conf.php Normal file
View File

@ -0,0 +1,18 @@
<?php
$fm['tempdir'] = '/tmp'; // path were to store temporary data ; must be writable
$fm['mkdperm'] = 755; // default permission to set to new created directories
$pathToExternals['rar'] = '/usr/bin/rar';
$pathToExternals['zip'] = '/usr/bin/zip';
$pathToExternals['unzip'] = '/usr/bin/unzip';
$pathToExternals['tar'] = '/bin/tar';
$pathToExternals['gzip'] = '/bin/gzip';
$pathToExternals['bzip2'] = '/bin/bzip2';
$fm['archive']['types'] = array('rar', 'zip', 'tar', 'gzip', 'bzip2');
$fm['archive']['compress'][0] = range(0, 5);
$fm['archive']['compress'][1] = array('-0', '-1', '-9');
$fm['archive']['compress'][2] = $fm['archive']['compress'][3] = $fm['archive']['compress'][4] = array(0);
?>

3
unmaintained/rutorrent/rootfs/var/www/torrent/plugins/theme/conf.php Normal file
View File

@ -0,0 +1,3 @@
<?php
$defaultTheme = "Material"; // May be "", "Oblivion", "Dark", "Blue" or "Acid"