From 77fee1694fba9d9130db3f96ef093243d1e876b6 Mon Sep 17 00:00:00 2001 From: Wonderfall Date: Mon, 16 Jan 2017 22:13:29 +0100 Subject: [PATCH] update dockerfiles, clean up --- boinc/Dockerfile | 2 +- boring-nginx/ssl_params | 2 +- cowrie/Dockerfile | 10 +- ghost/Dockerfile | 6 +- isso/Dockerfile | 8 +- lychee/Dockerfile | 4 +- piwik/Dockerfile | 4 +- privatebin/Dockerfile | 4 +- rtorrent-flood/Dockerfile | 11 +- subsonic/Dockerfile | 2 +- tor/Dockerfile | 14 +- unmaintained/lutim/Dockerfile | 47 +++++ unmaintained/lutim/README.md | 31 ++++ unmaintained/lutim/lutim.conf | 24 +++ unmaintained/lutim/run.sh | 11 ++ unmaintained/nginx/Dockerfile | 124 +++++++++++++ unmaintained/nginx/README.md | 56 ++++++ unmaintained/nginx/headers_params | 3 + unmaintained/nginx/nginx.conf | 87 +++++++++ unmaintained/nginx/ngxpasswd | 76 ++++++++ unmaintained/nginx/ngxproxy | 139 ++++++++++++++ unmaintained/nginx/proxy_params | 6 + unmaintained/nginx/run.sh | 4 + unmaintained/nginx/ssl_params | 10 + unmaintained/nginx/vhost_http.conf | 14 ++ unmaintained/nginx/vhost_https.conf | 26 +++ unmaintained/rainloop/Dockerfile | 54 ++++++ unmaintained/rainloop/README.md | 29 +++ unmaintained/rainloop/nginx.conf | 76 ++++++++ unmaintained/rainloop/php-fpm.conf | 11 ++ unmaintained/rainloop/run.sh | 3 + unmaintained/rainloop/s6.d/.s6-svscan/finish | 3 + unmaintained/rainloop/s6.d/nginx/run | 2 + unmaintained/rainloop/s6.d/php/run | 2 + unmaintained/rutorrent/Dockerfile | 103 +++++++++++ unmaintained/rutorrent/README.md | 24 +++ .../rootfs/etc/nginx/conf.d/cache.conf | 4 + .../rootfs/etc/nginx/conf.d/php.conf | 6 + .../rutorrent/rootfs/etc/nginx/nginx.conf | 54 ++++++ .../rutorrent/rootfs/etc/php7/php-fpm.conf | 12 ++ .../rutorrent/rootfs/etc/php7/php.ini | 174 ++++++++++++++++++ .../rootfs/etc/supervisor.d/supervisord.ini | 17 ++ .../rootfs/home/torrent/.rtorrent.rc | 23 +++ .../rutorrent/rootfs/sites/rutorrent.conf | 48 +++++ unmaintained/rutorrent/rootfs/usr/bin/postdl | 10 + unmaintained/rutorrent/rootfs/usr/bin/postrm | 3 + unmaintained/rutorrent/rootfs/usr/bin/startup | 25 +++ .../rootfs/var/www/torrent/conf/config.php | 36 ++++ .../rootfs/var/www/torrent/conf/plugins.ini | 20 ++ .../var/www/torrent/plugins/create/conf.php | 5 + .../www/torrent/plugins/filemanager/conf.php | 18 ++ .../var/www/torrent/plugins/theme/conf.php | 3 + 52 files changed, 1458 insertions(+), 32 deletions(-) create mode 100644 unmaintained/lutim/Dockerfile create mode 100644 unmaintained/lutim/README.md create mode 100644 unmaintained/lutim/lutim.conf create mode 100644 unmaintained/lutim/run.sh create mode 100644 unmaintained/nginx/Dockerfile create mode 100644 unmaintained/nginx/README.md create mode 100644 unmaintained/nginx/headers_params create mode 100644 unmaintained/nginx/nginx.conf create mode 100644 unmaintained/nginx/ngxpasswd create mode 100644 unmaintained/nginx/ngxproxy create mode 100644 unmaintained/nginx/proxy_params create mode 100644 unmaintained/nginx/run.sh create mode 100644 unmaintained/nginx/ssl_params create mode 100644 unmaintained/nginx/vhost_http.conf create mode 100644 unmaintained/nginx/vhost_https.conf create mode 100644 unmaintained/rainloop/Dockerfile create mode 100644 unmaintained/rainloop/README.md create mode 100644 unmaintained/rainloop/nginx.conf create mode 100644 unmaintained/rainloop/php-fpm.conf create mode 100644 unmaintained/rainloop/run.sh create mode 100644 unmaintained/rainloop/s6.d/.s6-svscan/finish create mode 100644 unmaintained/rainloop/s6.d/nginx/run create mode 100644 unmaintained/rainloop/s6.d/php/run create mode 100644 unmaintained/rutorrent/Dockerfile create mode 100644 unmaintained/rutorrent/README.md create mode 100644 unmaintained/rutorrent/rootfs/etc/nginx/conf.d/cache.conf create mode 100644 unmaintained/rutorrent/rootfs/etc/nginx/conf.d/php.conf create mode 100644 unmaintained/rutorrent/rootfs/etc/nginx/nginx.conf create mode 100644 unmaintained/rutorrent/rootfs/etc/php7/php-fpm.conf create mode 100644 unmaintained/rutorrent/rootfs/etc/php7/php.ini create mode 100644 unmaintained/rutorrent/rootfs/etc/supervisor.d/supervisord.ini create mode 100644 unmaintained/rutorrent/rootfs/home/torrent/.rtorrent.rc create mode 100644 unmaintained/rutorrent/rootfs/sites/rutorrent.conf create mode 100644 unmaintained/rutorrent/rootfs/usr/bin/postdl create mode 100644 unmaintained/rutorrent/rootfs/usr/bin/postrm create mode 100644 unmaintained/rutorrent/rootfs/usr/bin/startup create mode 100644 unmaintained/rutorrent/rootfs/var/www/torrent/conf/config.php create mode 100644 unmaintained/rutorrent/rootfs/var/www/torrent/conf/plugins.ini create mode 100644 unmaintained/rutorrent/rootfs/var/www/torrent/plugins/create/conf.php create mode 100644 unmaintained/rutorrent/rootfs/var/www/torrent/plugins/filemanager/conf.php create mode 100644 unmaintained/rutorrent/rootfs/var/www/torrent/plugins/theme/conf.php diff --git a/boinc/Dockerfile b/boinc/Dockerfile index dfe4100..04979c1 100644 --- a/boinc/Dockerfile +++ b/boinc/Dockerfile @@ -5,7 +5,7 @@ ARG BUILD_CORES ENV UID=991 GID=991 -RUN echo "@community https://nl.alpinelinux.org/alpine/v3.4/community" >> /etc/apk/repositories \ +RUN echo "@community https://nl.alpinelinux.org/alpine/v3.5/community" >> /etc/apk/repositories \ && NB_CORES=${BUILD_CORES-`getconf _NPROCESSORS_CONF`} \ && BUILD_DEPS=" \ build-base \ diff --git a/boring-nginx/ssl_params b/boring-nginx/ssl_params index 3fe9b59..b018a25 100644 --- a/boring-nginx/ssl_params +++ b/boring-nginx/ssl_params @@ -1,6 +1,6 @@ ssl_protocols TLSv1.2; ssl_ecdh_curve X25519:P-521:P-384; -ssl_ciphers [CECPQ1-ECDSA-CHACHA20-POLY1305-SHA256|CECPQ1-ECDSA-AES256-GCM-SHA384|CECPQ1-RSA-CHACHA20-POLY1305-SHA256|CECPQ1-RSA-AES256-GCM-SHA384]:[ECDHE-ECDSA-CHACHA20-POLY1305|ECDHE-RSA-CHACHA20-POLY1305|ECDHE-ECDSA-CHACHA20-POLY1305-D|ECDHE-RSA-CHACHA20-POLY1305-D|ECDHE-ECDSA-AES256-GCM-SHA384|ECDHE-RSA-AES256-GCM-SHA384]:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256; +ssl_ciphers [ECDHE-ECDSA-CHACHA20-POLY1305|ECDHE-RSA-CHACHA20-POLY1305|ECDHE-ECDSA-CHACHA20-POLY1305-D|ECDHE-RSA-CHACHA20-POLY1305-D|ECDHE-ECDSA-AES256-GCM-SHA384|ECDHE-RSA-AES256-GCM-SHA384]:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256; ssl_prefer_server_ciphers on; ssl_session_cache shared:SSL:20m; diff --git a/cowrie/Dockerfile b/cowrie/Dockerfile index d2aba8b..a5ea9ef 100644 --- a/cowrie/Dockerfile +++ b/cowrie/Dockerfile @@ -1,7 +1,7 @@ -FROM alpine:3.4 +FROM alpine:3.5 MAINTAINER Wonderfall -ARG MPFR_VERSION=3.1.4 +ARG MPFR_VERSION=3.1.5 ARG MPC_VERSION=1.0.3 ARG GPG_MPFR="07F3 DBBE CC1A 3960 5078 094D 980C 1976 98C3 739D" @@ -20,17 +20,17 @@ RUN echo "@commuedge https://nl.alpinelinux.org/alpine/edge/community" >> /etc/a build-base \ libtool \ libffi-dev \ - openssl-dev \ + libressl-dev \ python-dev \ gmp-dev \ - py-pip \ + py2-pip \ tar \ gnupg" \ && apk -U add \ ${BUILD_DEPS} \ libffi \ gmp \ - openssl \ + libressl \ python \ py-setuptools \ openssh-client \ diff --git a/ghost/Dockerfile b/ghost/Dockerfile index 51eec4a..6ee7ad5 100644 --- a/ghost/Dockerfile +++ b/ghost/Dockerfile @@ -1,7 +1,7 @@ FROM mhart/alpine-node-auto:6 MAINTAINER Wonderfall -ARG GHOST_VERSION=0.11.3 +ARG GHOST_VERSION=0.11.4 ENV GHOST_NODE_VERSION_CHECK=false \ GID=991 \ @@ -34,8 +34,8 @@ RUN echo "@commuedge https://nl.alpinelinux.org/alpine/edge/community" >> /etc/a grep \ tini@commuedge \ su-exec \ - && wget -q https://ghost.org/zip/ghost-${GHOST_VERSION}.zip -P /tmp \ - && unzip -q /tmp/ghost-${GHOST_VERSION}.zip -d /ghost \ + && wget -q https://github.com/TryGhost/Ghost/releases/download/${GHOST_VERSION}/Ghost-${GHOST_VERSION}.zip -P /tmp \ + && unzip -q /tmp/Ghost-${GHOST_VERSION}.zip -d /ghost \ && cd /ghost \ && npm install --production \ && mv content/themes/casper casper \ diff --git a/isso/Dockerfile b/isso/Dockerfile index c27dcda..d6e0c94 100644 --- a/isso/Dockerfile +++ b/isso/Dockerfile @@ -1,4 +1,4 @@ -FROM alpine:3.4 +FROM alpine:3.5 MAINTAINER Wonderfall ARG ISSO_VER=0.10.5 @@ -9,20 +9,20 @@ RUN echo "@community https://nl.alpinelinux.org/alpine/v3.4/community" >> /etc/a && BUILD_DEPS=" \ python-dev \ libffi-dev \ - py-pip \ + py2-pip \ build-base" \ && apk -U add \ ${BUILD_DEPS} \ python \ py-setuptools \ sqlite \ - openssl \ + libressl \ ca-certificates \ su-exec \ tini@community \ && pip install --no-cache cffi \ && pip install --no-cache misaka==1.0.2 \ - && wget https://github.com/posativ/isso/releases/download/$ISSO_VER/isso-$ISSO_VER.tar.gz -P /tmp \ + && wget -q https://github.com/posativ/isso/releases/download/$ISSO_VER/isso-$ISSO_VER.tar.gz -P /tmp \ && pip install /tmp/isso-$ISSO_VER.tar.gz \ && apk del ${BUILD_DEPS} \ && rm -rf /var/cache/apk/* /tmp/* diff --git a/lychee/Dockerfile b/lychee/Dockerfile index 63186c3..3751234 100644 --- a/lychee/Dockerfile +++ b/lychee/Dockerfile @@ -1,4 +1,4 @@ -FROM alpine:3.4 +FROM alpine:edge MAINTAINER Wonderfall ARG LYCHEE_VERSION=3.1.5 @@ -10,7 +10,7 @@ RUN echo "@commuedge https://nl.alpinelinux.org/alpine/edge/community" >> /etc/a && BUILD_DEPS=" \ imagemagick-dev \ tar \ - openssl \ + libressl \ ca-certificates \ build-base \ autoconf \ diff --git a/piwik/Dockerfile b/piwik/Dockerfile index 5faf629..943f0da 100644 --- a/piwik/Dockerfile +++ b/piwik/Dockerfile @@ -1,7 +1,7 @@ FROM alpine:edge MAINTAINER Wonderfall -ARG VERSION=2.17.1 +ARG VERSION=3.0.1 ARG GPG_matthieu="814E 346F A01A 20DB B04B 6807 B5DB D592 5590 A237" @@ -14,7 +14,7 @@ RUN echo "@commuedge https://nl.alpinelinux.org/alpine/edge/community" >> /etc/a build-base \ autoconf \ geoip-dev \ - openssl \ + libressl \ ca-certificates \ gnupg" \ && apk -U add \ diff --git a/privatebin/Dockerfile b/privatebin/Dockerfile index ffeef0a..e51ec0f 100644 --- a/privatebin/Dockerfile +++ b/privatebin/Dockerfile @@ -1,10 +1,10 @@ -FROM alpine:3.4 +FROM alpine:edge MAINTAINER Wonderfall ENV GID=991 UID=991 RUN echo "@commuedge https://nl.alpinelinux.org/alpine/edge/community" >> /etc/apk/repositories \ - && BUILD_DEPS="tar openssl ca-certificates" \ + && BUILD_DEPS="tar libressl ca-certificates" \ && apk -U add \ $BUILD_DEPS \ nginx \ diff --git a/rtorrent-flood/Dockerfile b/rtorrent-flood/Dockerfile index 12cfeb7..cdd9c56 100644 --- a/rtorrent-flood/Dockerfile +++ b/rtorrent-flood/Dockerfile @@ -3,7 +3,7 @@ MAINTAINER Wonderfall ARG RTORRENT_VER=0.9.6 ARG LIBTORRENT_VER=0.13.6 -ARG FILEBOT_VER=4.7.2 +ARG FILEBOT_VER=4.7.7 ARG BUILD_CORES ENV UID=991 GID=991 \ @@ -20,6 +20,7 @@ RUN echo "@community https://nl.alpinelinux.org/alpine/v3.4/community" >> /etc/a autoconf \ wget \ tar \ + xz \ subversion \ cppunit-dev \ openssl-dev \ @@ -44,14 +45,14 @@ RUN echo "@community https://nl.alpinelinux.org/alpine/v3.4/community" >> /etc/a && git clone https://github.com/mirror/xmlrpc-c.git \ && git clone https://github.com/Rudde/mktorrent.git \ && cd /tmp/mktorrent && make -j ${NB_CORES} && make install \ - && cd /tmp/xmlrpc-c/advanced && ./configure && make -j ${NB_CORES} && make install \ + && cd /tmp/xmlrpc-c/stable && ./configure && make -j ${NB_CORES} && make install \ && cd /tmp/libtorrent && ./autogen.sh && ./configure && make -j ${NB_CORES} && make install \ && cd /tmp/rtorrent && ./autogen.sh && ./configure --with-xmlrpc-c && make -j ${NB_CORES} && make install \ && strip -s /usr/local/bin/rtorrent \ && strip -s /usr/local/bin/mktorrent \ - && mkdir /filebot \ - && wget -q http://downloads.sourceforge.net/project/filebot/filebot/FileBot_${FILEBOT_VER}/FileBot_${FILEBOT_VER}-portable.zip -P /tmp \ - && unzip -q /tmp/FileBot_${FILEBOT_VER}-portable.zip -d /filebot \ + && mkdir /filebot && cd /filebot \ + && wget -q http://sourceforge.mirrorservice.org/f/fi/filebot/filebot/FileBot_${FILEBOT_VER}/FileBot_${FILEBOT_VER}-portable.tar.xz \ + && tar xJf FileBot_${FILEBOT_VER}-portable.tar.xz && rm FileBot_${FILEBOT_VER}-portable.tar.xz \ && cd /usr && git clone https://github.com/jfurrow/flood && cd flood \ && npm install \ && apk del ${BUILD_DEPS} \ diff --git a/subsonic/Dockerfile b/subsonic/Dockerfile index 9cab0bd..1cf1dbb 100644 --- a/subsonic/Dockerfile +++ b/subsonic/Dockerfile @@ -1,4 +1,4 @@ -FROM alpine:3.4 +FROM alpine:3.5 MAINTAINER Wonderfall ARG VERSION=6.0 diff --git a/tor/Dockerfile b/tor/Dockerfile index ceaa9a7..9a61a82 100644 --- a/tor/Dockerfile +++ b/tor/Dockerfile @@ -1,10 +1,10 @@ -FROM alpine:3.4 +FROM alpine:3.5 MAINTAINER Wonderfall -ARG TOR_VERSION=0.2.8.9 +ARG TOR_VERSION=0.2.9.8 ARG ARM_VERSION=1.4.5.0 -ARG GPG_Mathewson="B35B F85B F194 89D0 4E28 C33C 2119 4EBB 1657 33EA" +ARG GPG_Mathewson="2133 BC60 0AB1 33E1 D826 D173 FE43 009C 4607 B1FB" ARG GPG_Johnson="6827 8CC5 DD2D 1E85 C4E4 5AD9 0445 B7AB 9ABB EEC6" ENV TERM=xterm \ @@ -13,7 +13,8 @@ ENV TERM=xterm \ RUN echo "@community https://nl.alpinelinux.org/alpine/v3.4/community" >> /etc/apk/repositories \ && BUILD_DEPS=" \ libevent-dev \ - openssl-dev \ + libressl-dev \ + zlib-dev \ build-base \ gnupg \ ca-certificates" \ @@ -23,13 +24,14 @@ RUN echo "@community https://nl.alpinelinux.org/alpine/v3.4/community" >> /etc/a tini@community \ python \ libevent \ - openssl \ + libressl \ + zlib \ && cd /tmp \ && TOR_TARBALL="tor-${TOR_VERSION}.tar.gz" \ && wget -q https://www.torproject.org/dist/${TOR_TARBALL} \ && echo "Verifying ${TOR_TARBALL} using GPG..." \ && wget -q https://www.torproject.org/dist/${TOR_TARBALL}.asc \ - && gpg --keyserver keys.gnupg.net --recv-keys 0x165733EA \ + && gpg --keyserver pool.sks-keyservers.net --recv-keys 0xFE43009C4607B1FB \ && FINGERPRINT="$(LANG=C gpg --verify ${TOR_TARBALL}.asc ${TOR_TARBALL} 2>&1 \ | sed -n "s#Primary key fingerprint: \(.*\)#\1#p")" \ && if [ -z "${FINGERPRINT}" ]; then echo "Warning! Invalid GPG signature!" && exit 1; fi \ diff --git a/unmaintained/lutim/Dockerfile b/unmaintained/lutim/Dockerfile new file mode 100644 index 0000000..7ebdb18 --- /dev/null +++ b/unmaintained/lutim/Dockerfile @@ -0,0 +1,47 @@ +FROM debian:jessie +MAINTAINER Wonderfall + +ARG TINI_VER=0.9.0 + +ENV USERID=1000 \ + GROUPID=1000 \ + SECRET=ZyCnLAhYKBIJrukuKZZJ \ + CONTACT=contact@domain.tld \ + MAX_FILE_SIZE=100000000 \ + WEBROOT=/ \ + DOMAIN=domain.tld + +RUN apt-get update && apt-get install -y --no-install-recommends --no-install-suggests \ + wget \ + git \ + perl \ + make \ + gcc \ + ca-certificates \ + libssl-dev \ + shared-mime-info \ + perlmagick \ + && cpan install Carton \ + && git clone https://framagit.org/luc/lutim.git --depth=1 \ + && cd /lutim \ + && carton install \ + && wget -q https://github.com/krallin/tini/releases/download/v$TINI_VER/tini_$TINI_VER.deb -P /tmp \ + && dpkg -i /tmp/tini_$TINI_VER.deb \ + && apt-get purge -y \ + wget \ + git \ + make \ + gcc \ + libssl-dev \ + ca-certificates \ + && apt-get autoremove --purge -y && apt-get clean \ + && rm -rf /var/lib/apt/lists/* /root/.cpan* /lutim/local/cache/* /lutim/utilities /tmp/* + +COPY run.sh /usr/local/bin/run.sh +COPY lutim.conf /lutim/lutim.conf + +RUN chmod +x /usr/local/bin/run.sh + +EXPOSE 8181 +VOLUME /data /lutim/files +CMD ["tini","--","run.sh"] diff --git a/unmaintained/lutim/README.md b/unmaintained/lutim/README.md new file mode 100644 index 0000000..692e048 --- /dev/null +++ b/unmaintained/lutim/README.md @@ -0,0 +1,31 @@ +## wonderfall/lutim + +![](https://i.goopics.net/rf.png) + +#### What is this? +LUTIM means Let's Upload That Image. +It stores images and allows you to see them, download them or share them on social networks. From version 0.5, the gif images can be displayed as animated gifs in Twitter, but you need a HTTPS server (Twitter requires that. Lutim detects if you have a HTTPS server and displays an static image twitter card if you don't); + +Images are indefinitly stored unless you request that they will be deleted at first view or after 24 hours / one week / one month / one year. + +#### Build-time variables +- **TINI_VER** : version of `tini`. + +#### Environment variables +- **GROUPID** : lutim group id. *(default : 1000)* +- **USERID** : lutim user id. *(default : 1000)* +- **SECRET** : random string used to encrypt cookies. *(default : ZyCnLAhYKBIJrukuKZZJ)* +- **CONTACT** : lutim contact. *(default : contact@domain.tld)* +- **MAX_FILE_SIZE** : maximum file size of an uploaded file in bytes. *(default : 1GB)* +- **WEBROOT** : webroot of lutim. *(default : /)* +- **DOMAIN** : your domain used with lutim *(default : domain.tld)* + +*Tip : you can use the following command to generate SECRET.* +`cat /dev/urandom | tr -dc 'a-zA-Z' | fold -w 20 | head -n 1` + +#### Volumes +- **/data** : where lutim's database is stored. +- **/lutim/files** : location of uploaded files. + +#### Ports +- **8181** [(reverse proxy!)](https://github.com/hardware/mailserver/wiki/Reverse-proxy-configuration). \ No newline at end of file diff --git a/unmaintained/lutim/lutim.conf b/unmaintained/lutim/lutim.conf new file mode 100644 index 0000000..ba421f2 --- /dev/null +++ b/unmaintained/lutim/lutim.conf @@ -0,0 +1,24 @@ +{ + hypnotoad => { + listen => ['http://0.0.0.0:8181'], + }, + contact => '', + secrets => [''], + length => 8, + crypto_key_length => 8, + provis_step => 5, + provisioning => 100, + anti_flood_delay => 5, + max_file_size => , + allowed_domains => ['http://', 'https://'], + default_delay => 1, + max_delay => 0, + always_encrypt => 1, + token_length => 24, + stats_day_num => 365, + keep_ip_during => 365, + policy_when_full => 'warn', + prefix => '', + db_path => '/data/lutim.db', + delete_no_longer_viewed_files => 90 +}; diff --git a/unmaintained/lutim/run.sh b/unmaintained/lutim/run.sh new file mode 100644 index 0000000..b369ea1 --- /dev/null +++ b/unmaintained/lutim/run.sh @@ -0,0 +1,11 @@ +#!/bin/bash +deluser lutim +addgroup --gid $GROUPID lutim +adduser --system --shell /bin/sh --no-create-home --ingroup lutim --uid $USERID lutim +sed -i -e 's//'$CONTACT'/g' \ + -e 's//'$SECRET'/g' \ + -e 's//'$MAX_FILE_SIZE'/g' \ + -e 's//'$DOMAIN'/g' \ + -e 's||'$WEBROOT'|g' /lutim/lutim.conf +chown -R lutim:lutim /lutim /data +cd /lutim && exec su lutim -c "carton exec hypnotoad -f /lutim/script/lutim" diff --git a/unmaintained/nginx/Dockerfile b/unmaintained/nginx/Dockerfile new file mode 100644 index 0000000..7c185f1 --- /dev/null +++ b/unmaintained/nginx/Dockerfile @@ -0,0 +1,124 @@ +FROM alpine:3.4 +MAINTAINER Wonderfall + +ENV UID=991 GID=991 + +ARG NGINX_VERSION=1.11.4 +ARG LIBRESSL_VERSION=2.5.0 +ARG GPG_LIBRESSL="A1EB 079B 8D3E B92B 4EBD 3139 663A F51B D5E4 D8D5" +ARG GPG_NGINX="B0F4 2533 73F8 F6F5 10D4 2178 520A 9993 A1C0 52F8" +ARG BUILD_CORES + +RUN echo "@commuedge https://nl.alpinelinux.org/alpine/edge/community" >> /etc/apk/repositories \ + && NB_CORES=${BUILD_CORES-$(getconf _NPROCESSORS_CONF)} \ + && BUILD_DEPS=" \ + build-base \ + linux-headers \ + ca-certificates \ + automake \ + autoconf \ + git \ + tar \ + libtool \ + pcre-dev \ + zlib-dev \ + binutils \ + gnupg" \ + && apk -U add \ + ${BUILD_DEPS} \ + pcre \ + zlib \ + libgcc \ + libstdc++ \ + su-exec \ + openssl \ + bind-tools \ + tini@commuedge \ + && cd /tmp \ + && git clone https://github.com/bagder/libbrotli --depth=1 && cd libbrotli \ + && ./autogen.sh && ./configure && make -j ${NB_CORES} && make install \ + && cd /tmp \ + && git clone https://github.com/google/ngx_brotli --depth=1 \ + && git clone https://github.com/openresty/headers-more-nginx-module --depth=1 \ + && LIBRESSL_TARBALL="libressl-${LIBRESSL_VERSION}.tar.gz" \ + && wget -q http://ftp.openbsd.org/pub/OpenBSD/LibreSSL/${LIBRESSL_TARBALL} \ + && echo "Verifying ${LIBRESSL_TARBALL} using GPG..." \ + && wget -q http://ftp.openbsd.org/pub/OpenBSD/LibreSSL/${LIBRESSL_TARBALL}.asc \ + && wget -q http://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl.asc \ + && gpg --import libressl.asc \ + && FINGERPRINT="$(LANG=C gpg --verify ${LIBRESSL_TARBALL}.asc ${LIBRESSL_TARBALL} 2>&1 \ + | sed -n "s#Primary key fingerprint: \(.*\)#\1#p")" \ + && if [ -z "${FINGERPRINT}" ]; then echo "Warning! Invalid GPG signature!" && exit 1; fi \ + && if [ "${FINGERPRINT}" != "${GPG_LIBRESSL}" ]; then echo "Warning! Wrong GPG fingerprint!" && exit 1; fi \ + && echo "All seems good, now unpacking ${LIBRESSL_TARBALL}..." \ + && tar xzf ${LIBRESSL_TARBALL} \ + && NGINX_TARBALL="nginx-${NGINX_VERSION}.tar.gz" \ + && wget -q https://nginx.org/download/${NGINX_TARBALL} \ + && echo "Verifying ${NGINX_TARBALL} using GPG..." \ + && wget -q https://nginx.org/download/${NGINX_TARBALL}.asc \ + && wget -q https://nginx.org/keys/mdounin.key \ + && gpg --import mdounin.key \ + && FINGERPRINT="$(LANG=C gpg --verify ${NGINX_TARBALL}.asc ${NGINX_TARBALL} 2>&1 \ + | sed -n "s#Primary key fingerprint: \(.*\)#\1#p")" \ + && if [ -z "${FINGERPRINT}" ]; then echo "Warning! Invalid GPG signature!" && exit 1; fi \ + && if [ "${FINGERPRINT}" != "${GPG_NGINX}" ]; then echo "Warning! Wrong GPG fingerprint!" && exit 1; fi \ + && echo "All seems good, now unpacking ${NGINX_TARBALL}..." \ + && tar xzf ${NGINX_TARBALL} && cd nginx-${NGINX_VERSION} \ + && wget -q https://raw.githubusercontent.com/felixbuenemann/sslconfig/updated-nginx-1.9.15-spdy-patch/patches/nginx_1_9_15_http2_spdy.patch -O spdy.patch \ + && patch -p1 < spdy.patch \ + && wget -q https://raw.githubusercontent.com/cloudflare/sslconfig/master/patches/nginx__dynamic_tls_records.patch \ + && patch -p1 < nginx__dynamic_tls_records.patch \ + && ./configure \ + --prefix=/etc/nginx \ + --sbin-path=/usr/sbin/nginx \ + --with-cc-opt='-O3 -fPIE -fstack-protector-strong -Wformat -Werror=format-security -Wno-deprecated-declarations' \ + --with-ld-opt='-Wl,-Bsymbolic-functions -Wl,-z,relro' \ + --with-openssl=/tmp/libressl-${LIBRESSL_VERSION} \ + --with-http_ssl_module \ + --with-http_v2_module \ + --with-http_spdy_module \ + --with-http_gzip_static_module \ + --with-http_stub_status_module \ + --with-file-aio \ + --with-threads \ + --with-pcre-jit \ + --without-http_ssi_module \ + --without-http_scgi_module \ + --without-http_uwsgi_module \ + --without-http_geo_module \ + --without-http_autoindex_module \ + --without-http_map_module \ + --without-http_split_clients_module \ + --without-http_memcached_module \ + --without-http_empty_gif_module \ + --without-http_browser_module \ + --http-log-path=/var/log/nginx/access.log \ + --error-log-path=/var/log/nginx/error.log \ + --add-module=/tmp/headers-more-nginx-module \ + --add-module=/tmp/ngx_brotli \ + && make -j ${NB_CORES} && make install && make clean \ + && strip -s /usr/sbin/nginx \ + && apk del ${BUILD_DEPS} \ + && rm -rf /tmp/* /var/cache/apk/* /root/.gnupg + +COPY nginx.conf /etc/nginx/conf/nginx.conf +COPY run.sh /usr/local/bin/run.sh +COPY ngxpasswd /usr/local/bin/ngxpasswd +COPY ngxproxy /usr/local/bin/ngxproxy +COPY vhost_http.conf /etc/nginx/conf/vhost_http.conf +COPY vhost_https.conf /etc/nginx/conf/vhost_https.conf +COPY ssl_params /etc/nginx/conf/ssl_params +COPY headers_params /etc/nginx/conf/headers_params +COPY proxy_params /etc/nginx/conf/proxy_params + +RUN chmod +x /usr/local/bin/* + +EXPOSE 8000 4430 + +VOLUME /sites-enabled /www /conf.d /passwds /certs /var/log/nginx + +LABEL description="nginx built from source." \ + openssl="LibreSSL ${LIBRESSL_VERSION}." \ + nginx="nginx ${NGINX_VERSION}." + +CMD ["run.sh"] diff --git a/unmaintained/nginx/README.md b/unmaintained/nginx/README.md new file mode 100644 index 0000000..fa65095 --- /dev/null +++ b/unmaintained/nginx/README.md @@ -0,0 +1,56 @@ +## wonderfall/nginx + +![](https://upload.wikimedia.org/wikipedia/commons/thumb/c/c5/Nginx_logo.svg/115px-Nginx_logo.svg.png) + +#### What is this? +It is nginx statically linked against LibreSSL, with the following modules embedded : ngx_brotli (Brotli compression support) and headers_more. Secured by default (no root processes, even the master one), so it should be safe to use. + +#### Features +- Based on Alpine Linux Edge. +- nginx built against **LibreSSL**. +- nginx : Cloudfare's SPDY patch. +- nginx : Cloudfare's dynamic TLS records patch. +- nginx : securely built using hardening gcc flags. +- nginx : HTTP/2 (+NPN) support. +- nginx : Brotli compression support (and configured). +- nginx : Headers More module. +- nginx : no root master process. +- nginx : AIO Threads support. +- nginx : no unnessary modules (except fastcgi). +- nginx : pcre-jit enabled. +- nginx : optimized configuration. +- ngxpasswd : generates a htpasswd file easily. +- ngxproxy : generates a *proxy vhost* after asking you a few questions. + +#### Notes +It is required to chown your certs files with the right uid/pid and change the `listen` directive to 8000/4430 instead of 80/443. Linux 3.17+, and the latest Docker stable are recommended. + +#### Volumes +- **/sites-enabled** : vhosts files (*.conf) +- **/conf.d** : additional configuration files +- **/certs** : SSL/TLS certificates +- **/var/log/nginx** : nginx logs +- **/passwds** : authentication files +- **/www** : put your websites there + +#### Build-time variables +- **NGINX_VERSION** : version of nginx +- **LIBRESSL_VERSION** : version of LibreSSL +- **GPG_NGINX** : fingerprint of signing key package +- **GPG_LIBRESSL** : fingerprint of signing key package +- **BUILD_CORES** : number of cores you'd like to build with (default : all) + +#### Environment variables +- **GID** : nginx group id *(default : 991)* +- **UID** : nginx user id *(default : 991)* + +#### How to use it? +https://github.com/hardware/mailserver/wiki/Reverse-proxy-configuration + +You can use `ngxproxy` to generate a *vhost* through an easy process : `docker exec -ti nginx ngxproxy`. `ngxpasswd` can generate htpasswd files : `docker exec -ti nginx ngxpasswd`. Both utilites are interactive so you won't feel lost. + +Some configuration files located in `/etc/nginx/conf` are already provided, you can use them with the `include` directive. + +- `ssl_params` : Provides a nice balance between compatibility and security. +- `headers_params` : HSTS (+ preload), XSS protection, etc. +- `proxy_params` : use with `proxy_pass`. diff --git a/unmaintained/nginx/headers_params b/unmaintained/nginx/headers_params new file mode 100644 index 0000000..30e1890 --- /dev/null +++ b/unmaintained/nginx/headers_params @@ -0,0 +1,3 @@ +add_header X-Frame-Options SAMEORIGIN; +add_header X-Content-Type-Options nosniff; +add_header X-XSS-Protection "1; mode=block"; diff --git a/unmaintained/nginx/nginx.conf b/unmaintained/nginx/nginx.conf new file mode 100644 index 0000000..352cd59 --- /dev/null +++ b/unmaintained/nginx/nginx.conf @@ -0,0 +1,87 @@ +worker_processes auto; +pid /tmp/nginx.pid; +daemon off; +pcre_jit on; + +events { + worker_connections 2048; + use epoll; +} + +http { + limit_conn_zone $binary_remote_addr zone=limit_per_ip:10m; + limit_conn limit_per_ip 128; + limit_req_zone $binary_remote_addr zone=allips:10m rate=150r/s; + limit_req zone=allips burst=150 nodelay; + + more_set_headers 'Server: secret'; + + include /etc/nginx/conf/mime.types; + default_type application/octet-stream; + + access_log /var/log/nginx/access.log combined; + error_log /var/log/nginx/error.log crit; + + fastcgi_temp_path /tmp/fastcgi 1 2; + proxy_temp_path /tmp/proxy 1 2; + client_body_temp_path /tmp/client_body 1 2; + + client_body_buffer_size 10K; + client_header_buffer_size 1k; + client_max_body_size 8m; + large_client_header_buffers 2 1k; + + aio threads; + sendfile on; + keepalive_timeout 15; + keepalive_disable msie6; + keepalive_requests 100; + tcp_nopush on; + tcp_nodelay on; + server_tokens off; + + gzip on; + gzip_comp_level 5; + gzip_min_length 512; + gzip_buffers 4 8k; + gzip_proxied any; + gzip_vary on; + gzip_disable "msie6"; + gzip_types + text/css + text/javascript + text/xml + text/plain + text/x-component + application/javascript + application/x-javascript + application/json + application/xml + application/rss+xml + application/vnd.ms-fontobject + font/truetype + font/opentype + image/svg+xml; + + brotli on; + brotli_static on; + brotli_buffers 16 8k; + brotli_comp_level 6; + brotli_types + text/css + text/javascript + text/xml + text/plain + text/x-component + application/javascript + application/x-javascript + application/json + application/xml + application/rss+xml + application/vnd.ms-fontobject + font/truetype + font/opentype + image/svg+xml; + + include /sites-enabled/*.conf; +} diff --git a/unmaintained/nginx/ngxpasswd b/unmaintained/nginx/ngxpasswd new file mode 100644 index 0000000..70e5bf6 --- /dev/null +++ b/unmaintained/nginx/ngxpasswd @@ -0,0 +1,76 @@ +#!/bin/sh + +echo +echo "Welcome to ngxpasswd utility." +echo "We're about to create a password file." +echo + +cd /passwds || exit 1 + +while [ "$NAME" == "" ]; do + read -p "Name: " NAME +done + +if [ -f "/passwds/$NAME.htpasswd" ]; then + echo "ERROR: /passwds/$NAME.htpasswd already exists." + exit 1 +fi + +while [ "$USER" == "" ]; do + read -p "User: " USER +done + +read -p "Password (leave blank to generate one): " PASSWORD + +if [ "$PASSWORD" == "" ]; then + echo "Password was not defined, generating a random one..." + PASSWORD=$(cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 20 | head -n 1) +elif [ ${#PASSWORD} -le 6 ]; then + echo "WARNING: Non-secure password." +fi + +echo -n $USER:$(openssl passwd -apr1 $PASSWORD) >> $NAME.htpasswd +chown $UID:$GID $NAME.htpasswd +chmod 640 $NAME.htpasswd + +echo +echo "A new password file has been saved to /passwds/$NAME.htpasswd :" +echo "- Service : $NAME" +echo "- User : $USER" +echo "- Password : $PASSWORD" +echo + +if [ -f "/sites-enabled/$NAME.conf" ] && grep -q '#auth' /sites-enabled/$NAME.conf; then + echo "vhost at /sites-enabled/$NAME.conf detected." + + while [[ "$ADD" != "y" && "$ADD" != "n" ]]; do + read -p "Add authentication to $NAME.conf? [y/n]: " ADD + done + + if [ "$ADD" == "y" ]; then + cd /etc/nginx/conf + sed -i -e 's/#auth/auth/g' -e "s//$NAME/g" /sites-enabled/$NAME.conf + echo "Automatically added, please verify. Otherwise follow these instructions." + echo + fi +fi + +echo "Paste this to your vhost in order to enable auth :" +echo " auth_basic \"Who's this?\";" +echo " auth_basic_user_file /passwds/$NAME.htpasswd;" +echo + +if [ "$ADD" == "y" ]; then + while [[ "$RELOAD" != "y" && "$RELOAD" != "n" ]]; do + read -p "Reload nginx now? [y/n]: " RELOAD + done + + if [ "$RELOAD" == "y" ]; then + su-exec $UID:$GID nginx -s reload + echo "nginx successfully reloaded." + else + echo "Restart manually nginx to enable authentication." + fi +fi + +exit 0 diff --git a/unmaintained/nginx/ngxproxy b/unmaintained/nginx/ngxproxy new file mode 100644 index 0000000..11e106a --- /dev/null +++ b/unmaintained/nginx/ngxproxy @@ -0,0 +1,139 @@ +#!/bin/sh + +echo +echo "Welcome to ngxproxy utility." +echo "We're about to create a new virtual host (AKA server block)." +echo + +while [ "$NAME" == "" ]; do + read -p "Name: " NAME +done + +if [ -f "/sites-enabled/$NAME.conf" ]; then + echo "ERROR: /sites-enabled/$NAME.conf already exists." + exit 1 +fi + +while [ "$DOMAIN" == "" ]; do + read -p "Domain: " DOMAIN +done + +if [ "$(dig +short $DOMAIN)" == "" ]; then + echo "WARNING: $DOMAIN couldn't be resolved: it may not work!" + echo "HINT: Is this domain correct? Did you update your DNS zone?" +fi + +read -p "Webroot (default is /): " WEBROOT + +if [ "$WEBROOT" == "" ]; then + WEBROOT="/" +elif [ "$WEBROOT" != "/" ]; then + echo "WARNING: You might have to add a proxy header to get your custom webroot working." + + while [[ "$CONFIGURE_WEBROOT" != "y" && "$CONFIGURE_WEBROOT" != "n" ]]; do + read -p "Is it required (by the app) to configure it? [y/n]: " CONFIGURE_WEBROOT + done + + if [ "$CONFIGURE_WEBROOT" == "y" ]; then + while [ "$WEBROOT_HEADER" == "" ]; do + read -p "Type the required proxy_set_header (like X-Script-Name): " WEBROOT_HEADER + done + fi +fi + +while [ "$CONTAINER" == "" ]; do + read -p "Container: " CONTAINER +done + +ping -c 1 $CONTAINER >/dev/null 2>&1 + +if [ "$?" != "0" ]; then + echo "WARNING: $CONTAINER seems to be unavailable. It may not work!" + echo "HINT: Did you correctly link the container?" +fi + +read -p "Port (default is 80): " PORT + +if [ "$PORT" == "" ]; then + PORT="80" +elif ! [ "$PORT" -eq "$PORT" ] 2>/dev/null; then + echo "ERROR: an integer value was expected." + exit 1 +elif [ "$PORT" -gt "65535" ]; then + echo "ERROR: $PORT exceeds the maximum TCP port which is 65535" + exit 1 +fi + +while [[ "$HTTPS" != "y" && "$HTTPS" != "n" ]]; do + read -p "HTTPS [y/n]: " HTTPS +done + +if [ "$HTTPS" == "y" ]; then + while [ ! -f "$CERTIFICATE_PATH" ]; do + read -p "Certificate path: " CERTIFICATE_PATH + done + + while [ ! -f "$KEY_PATH" ]; do + read -p "Certificate key path: " KEY_PATH + done + + cp -f /etc/nginx/conf/vhost_https.conf /tmp/${NAME}.conf + + sed -i \ + -e "s||$CERTIFICATE_PATH|g" \ + -e "s||$KEY_PATH|g" \ + /tmp/$NAME.conf + + while [[ "$HEADERS" != "y" && "$HEADERS" != "n" ]]; do + read -p "Secure headers [y/n]: " HEADERS + done + + if [ "$HEADERS" == "y" ]; then + sed -i 's|#include /etc/nginx/conf/headers_params|include /etc/nginx/conf/headers_params|g' /tmp/$NAME.conf + fi +else + cp -f /etc/nginx/conf/vhost_http.conf /tmp/${NAME}.conf +fi + +while [ "$MAX_BODY_SIZE" == "" ]; do + read -p "Max body size in MB (integer/n): " MAX_BODY_SIZE +done + +if ! [ "$MAX_BODY_SIZE" -eq "$MAX_BODY_SIZE" ] 2>/dev/null && [ "$MAX_BODY_SIZE" != "n" ]; then + echo "ERROR: Incorrect value." + exit 1 +fi + +if [ "$MAX_BODY_SIZE" != "n" ]; then + sed -i "s|#client_max_body_size |client_max_body_size $MAX_BODY_SIZE|g" /tmp/$NAME.conf +fi + +if [ "$CONFIGURE_WEBROOT" == "y" ]; then + sed -i "/proxy_pass/a \ \ \ \ proxy_set_header $WEBROOT_HEADER $WEBROOT;" /tmp/$NAME.conf +fi + +sed -i \ + -e "s||$DOMAIN|g" \ + -e "s||$CONTAINER|g" \ + -e "s||$PORT|g" \ + -e "s||$WEBROOT|g" \ + /tmp/$NAME.conf + +mv /tmp/$NAME.conf /sites-enabled/ + +echo +echo "Done! $NAME.conf has been generated." + +while [[ "$RELOAD" != "y" && "$RELOAD" != "n" ]]; do + read -p "Reload nginx now? [y/n]: " RELOAD +done + +if [ "$RELOAD" == "y" ]; then + su-exec $UID:$GID nginx -s reload + echo "nginx successfully reloaded." +else + echo "Restart manually nginx to enable this new vhost." +fi + +echo +exit 0 diff --git a/unmaintained/nginx/proxy_params b/unmaintained/nginx/proxy_params new file mode 100644 index 0000000..6f9827e --- /dev/null +++ b/unmaintained/nginx/proxy_params @@ -0,0 +1,6 @@ +proxy_set_header Host $host; +proxy_set_header X-Real-IP $remote_addr; +proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; +proxy_set_header X-Remote-Port $remote_port; +proxy_set_header X-Forwarded-Proto $scheme; +proxy_redirect off; diff --git a/unmaintained/nginx/run.sh b/unmaintained/nginx/run.sh new file mode 100644 index 0000000..ddfb1be --- /dev/null +++ b/unmaintained/nginx/run.sh @@ -0,0 +1,4 @@ +#!/bin/sh +chown -R $UID:$GID /etc/nginx /var/log/nginx /sites-enabled /conf.d /certs /www /tmp +chmod -R 700 /certs +exec su-exec $UID:$GID /sbin/tini -- nginx diff --git a/unmaintained/nginx/ssl_params b/unmaintained/nginx/ssl_params new file mode 100644 index 0000000..62ff6ed --- /dev/null +++ b/unmaintained/nginx/ssl_params @@ -0,0 +1,10 @@ +ssl_protocols TLSv1.2; +ssl_ecdh_curve secp384r1; +ssl_ciphers ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256; +ssl_prefer_server_ciphers on; + +ssl_session_cache shared:SSL:20m; +ssl_session_timeout 15m; +ssl_session_tickets off; + +add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"; diff --git a/unmaintained/nginx/vhost_http.conf b/unmaintained/nginx/vhost_http.conf new file mode 100644 index 0000000..7e3a99b --- /dev/null +++ b/unmaintained/nginx/vhost_http.conf @@ -0,0 +1,14 @@ +server { + listen 8000; + server_name ; + + #client_max_body_size M; + + #auth_basic "Who's this?"; + #auth_basic_user_file /passwds/.htpasswd; + + location { + proxy_pass http://:; + include /etc/nginx/conf/proxy_params; + } +} diff --git a/unmaintained/nginx/vhost_https.conf b/unmaintained/nginx/vhost_https.conf new file mode 100644 index 0000000..ebe2481 --- /dev/null +++ b/unmaintained/nginx/vhost_https.conf @@ -0,0 +1,26 @@ +server { + listen 8000; + server_name ; + return 301 https://$host$request_uri; +} + +server { + listen 4430 ssl spdy http2; + server_name ; + + ssl_certificate ; + ssl_certificate_key ; + + include /etc/nginx/conf/ssl_params; + include /etc/nginx/conf/headers_params; + + #client_max_body_size M; + + #auth_basic "Who's this?"; + #auth_basic_user_file /passwds/.htpasswd; + + location { + proxy_pass http://:; + include /etc/nginx/conf/proxy_params; + } +} diff --git a/unmaintained/rainloop/Dockerfile b/unmaintained/rainloop/Dockerfile new file mode 100644 index 0000000..a78382c --- /dev/null +++ b/unmaintained/rainloop/Dockerfile @@ -0,0 +1,54 @@ +FROM alpine:edge +MAINTAINER Wonderfall + +ARG GPG_rainloop="3B79 7ECE 694F 3B7B 70F3 11A4 ED7C 49D9 87DA 4591" + +ENV UID=991 GID=991 + +RUN echo "@commuedge https://nl.alpinelinux.org/alpine/edge/community" >> /etc/apk/repositories \ + && apk -U add \ + gnupg \ + nginx \ + s6 \ + su-exec \ + php7-fpm@commuedge \ + php7-curl@commuedge \ + php7-iconv@commuedge \ + php7-xml@commuedge \ + php7-dom@commuedge \ + php7-openssl@commuedge \ + php7-json@commuedge \ + php7-zlib@commuedge \ + php7-pdo_mysql@commuedge \ + php7-pdo_pgsql@commuedge \ + php7-pdo_sqlite@commuedge \ + php7-sqlite3@commuedge \ + && cd /tmp \ + && wget -q http://repository.rainloop.net/v2/webmail/rainloop-community-latest.zip \ + && wget -q http://repository.rainloop.net/v2/webmail/rainloop-community-latest.zip.asc \ + && wget -q http://repository.rainloop.net/RainLoop.asc \ + && echo "Verifying authenticity of rainloop-community-latest.zip using GPG..." \ + && gpg --import RainLoop.asc \ + && FINGERPRINT="$(LANG=C gpg --verify rainloop-community-latest.zip.asc rainloop-community-latest.zip 2>&1 \ + | sed -n "s#Primary key fingerprint: \(.*\)#\1#p")" \ + && if [ -z "${FINGERPRINT}" ]; then echo "Warning! Invalid GPG signature!" && exit 1; fi \ + && if [ "${FINGERPRINT}" != "${GPG_rainloop}" ]; then echo "Warning! Wrong GPG fingerprint!" && exit 1; fi \ + && echo "All seems good, now unzipping rainloop-community-latest.zip..." \ + && mkdir /rainloop && unzip -q /tmp/rainloop-community-latest.zip -d /rainloop \ + && find /rainloop -type d -exec chmod 755 {} \; \ + && find /rainloop -type f -exec chmod 644 {} \; \ + && apk del gnupg \ + && rm -rf /tmp/* /var/cache/apk/* /root/.gnupg + +COPY nginx.conf /etc/nginx/nginx.conf +COPY php-fpm.conf /etc/php7/php-fpm.conf +COPY s6.d /etc/s6.d +COPY run.sh /usr/local/bin/run.sh + +RUN chmod +x /usr/local/bin/run.sh /etc/s6.d/*/* /etc/s6.d/.s6-svscan/* + +VOLUME /rainloop/data + +EXPOSE 8888 + +CMD ["run.sh"] diff --git a/unmaintained/rainloop/README.md b/unmaintained/rainloop/README.md new file mode 100644 index 0000000..d16ef4e --- /dev/null +++ b/unmaintained/rainloop/README.md @@ -0,0 +1,29 @@ +## wonderfall/rainloop + +![](https://i.goopics.net/nI.png) + +#### What is this? +Rainloop is a simple, modern & fast web-based client. More info on the [official website](http://www.rainloop.net/). + +#### Features +- Based on Alpine 3.3 +- Latest Rainloop **Community Edition** +- Contacts (DB) : sqlite, or mysql (server not built-in) +- nginx + PHP7 + +#### Build-time variables +- **GPG_rainloop** : fingerprint of signing key + +#### Environment variables +- **GID** : rainloop group id *(default : 991)* +- **UID** : rainloop user id *(default : 991)* + +#### Volumes +- **/rainloop/data** : data files. + +#### Ports +- **8888*** + +#### Reverse proxy +https://github.com/Wonderfall/dockerfiles/tree/master/reverse +https://github.com/hardware/mailserver/wiki/Reverse-proxy-configuration diff --git a/unmaintained/rainloop/nginx.conf b/unmaintained/rainloop/nginx.conf new file mode 100644 index 0000000..803b509 --- /dev/null +++ b/unmaintained/rainloop/nginx.conf @@ -0,0 +1,76 @@ +worker_processes auto; +pid /tmp/nginx.pid; +daemon off; + +events { + worker_connections 1024; + use epoll; +} + +http { + include /etc/nginx/mime.types; + default_type application/octet-stream; + + access_log off; + error_log /tmp/ngx_error.log error; + + sendfile on; + keepalive_timeout 15; + keepalive_disable msie6; + keepalive_requests 100; + tcp_nopush on; + tcp_nodelay on; + server_tokens off; + + fastcgi_temp_path /tmp/fastcgi 1 2; + client_body_temp_path /tmp/client_body 1 2; + proxy_temp_path /tmp/proxy 1 2; + uwsgi_temp_path /tmp/uwsgi 1 2; + scgi_temp_path /tmp/scgi 1 2; + + gzip on; + gzip_comp_level 5; + gzip_min_length 512; + gzip_buffers 4 8k; + gzip_proxied any; + gzip_vary on; + gzip_disable "msie6"; + gzip_types + text/css + text/javascript + text/xml + text/plain + text/x-component + application/javascript + application/x-javascript + application/json + application/xml + application/rss+xml + application/vnd.ms-fontobject + font/truetype + font/opentype + image/svg+xml; + + server { + listen 8888; + root /rainloop; + index index.php index.html; + + location ^~ /data { + deny all; + } + + location / { + try_files $uri $uri/ index.php; + } + + location ~ \.php$ { + fastcgi_index index.php; + fastcgi_pass unix:/tmp/php-fpm.sock; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + include /etc/nginx/fastcgi_params; + } + + } + +} diff --git a/unmaintained/rainloop/php-fpm.conf b/unmaintained/rainloop/php-fpm.conf new file mode 100644 index 0000000..f636044 --- /dev/null +++ b/unmaintained/rainloop/php-fpm.conf @@ -0,0 +1,11 @@ +[global] +daemonize = no + +[www] +listen = /tmp/php-fpm.sock +pm = dynamic +pm.max_children = 5 +pm.start_servers = 2 +pm.min_spare_servers = 1 +pm.max_spare_servers = 3 +chdir = / diff --git a/unmaintained/rainloop/run.sh b/unmaintained/rainloop/run.sh new file mode 100644 index 0000000..7363eb0 --- /dev/null +++ b/unmaintained/rainloop/run.sh @@ -0,0 +1,3 @@ +#!/bin/sh +chown -R $UID:$GID /rainloop /etc/nginx /etc/php7 /var/log /var/lib/nginx /tmp /etc/s6.d +exec su-exec $UID:$GID /bin/s6-svscan /etc/s6.d diff --git a/unmaintained/rainloop/s6.d/.s6-svscan/finish b/unmaintained/rainloop/s6.d/.s6-svscan/finish new file mode 100644 index 0000000..c52d3c2 --- /dev/null +++ b/unmaintained/rainloop/s6.d/.s6-svscan/finish @@ -0,0 +1,3 @@ +#!/bin/sh + +exit 0 diff --git a/unmaintained/rainloop/s6.d/nginx/run b/unmaintained/rainloop/s6.d/nginx/run new file mode 100644 index 0000000..eaf8049 --- /dev/null +++ b/unmaintained/rainloop/s6.d/nginx/run @@ -0,0 +1,2 @@ +#!/bin/sh +exec nginx diff --git a/unmaintained/rainloop/s6.d/php/run b/unmaintained/rainloop/s6.d/php/run new file mode 100644 index 0000000..e238021 --- /dev/null +++ b/unmaintained/rainloop/s6.d/php/run @@ -0,0 +1,2 @@ +#!/bin/sh +exec php-fpm7 diff --git a/unmaintained/rutorrent/Dockerfile b/unmaintained/rutorrent/Dockerfile new file mode 100644 index 0000000..6ddcc99 --- /dev/null +++ b/unmaintained/rutorrent/Dockerfile @@ -0,0 +1,103 @@ +FROM alpine:3.4 +MAINTAINER xataz +MAINTAINER Wonderfall + +ARG MEDIAINFO_VER=0.7.85 +ARG RTORRENT_VER=0.9.6 +ARG LIBTORRENT_VER=0.13.6 +ARG FILEBOT_VER=4.7 +ARG BUILD_CORES + +ENV UID=991 \ + GID=991 \ + WEBROOT=/ \ + PKG_CONFIG_PATH=/usr/local/lib/pkgconfig + +RUN echo "@commuedge https://nl.alpinelinux.org/alpine/edge/community" >> /etc/apk/repositories \ + && NB_CORES=${BUILD_CORES-`getconf _NPROCESSORS_CONF`} \ + && BUILD_DEPS=" \ + build-base \ + git \ + libtool \ + automake \ + autoconf \ + wget \ + tar \ + subversion \ + cppunit-dev \ + openssl-dev \ + ncurses-dev \ + curl-dev \ + binutils" \ + && apk -U add \ + ${BUILD_DEPS} \ + ffmpeg \ + ca-certificates \ + nginx \ + php7@commuedge \ + php7-fpm@commuedge \ + php7-json@commuedge \ + curl \ + gzip \ + zip \ + unrar \ + supervisor \ + geoip \ + tini@commuedge \ + openjdk8-jre@commuedge \ + && cd /tmp \ + && wget -q http://downloads.sourceforge.net/mktorrent/mktorrent-1.0.tar.gz \ + && tar xzvf mktorrent-1.0.tar.gz \ + && svn checkout http://svn.code.sf.net/p/xmlrpc-c/code/stable xmlrpc-c \ + && mkdir libtorrent rtorrent \ + && cd libtorrent && wget -qO- https://github.com/rakshasa/libtorrent/archive/${LIBTORRENT_VER}.tar.gz | tar xz --strip 1 \ + && cd ../rtorrent && wget -qO- https://github.com/rakshasa/rtorrent/archive/${RTORRENT_VER}.tar.gz | tar xz --strip 1 \ + && cd /tmp \ + && wget -q http://mediaarea.net/download/binary/mediainfo/${MEDIAINFO_VER}/MediaInfo_CLI_${MEDIAINFO_VER}_GNU_FromSource.tar.gz \ + && wget -q http://mediaarea.net/download/binary/libmediainfo0/${MEDIAINFO_VER}/MediaInfo_DLL_${MEDIAINFO_VER}_GNU_FromSource.tar.gz \ + && tar xzf MediaInfo_DLL_${MEDIAINFO_VER}_GNU_FromSource.tar.gz \ + && tar xzf MediaInfo_CLI_${MEDIAINFO_VER}_GNU_FromSource.tar.gz \ + && tar xzvf mktorrent-1.0.tar.gz \ + && cd /tmp/mktorrent-1.0 && make -j ${NB_CORES} && make install \ + && cd /tmp/MediaInfo_DLL_GNU_FromSource && ./SO_Compile.sh \ + && cd /tmp/MediaInfo_DLL_GNU_FromSource/ZenLib/Project/GNU/Library && make install \ + && cd /tmp/MediaInfo_DLL_GNU_FromSource/MediaInfoLib/Project/GNU/Library && make install \ + && cd /tmp/MediaInfo_CLI_GNU_FromSource && ./CLI_Compile.sh \ + && cd /tmp/MediaInfo_CLI_GNU_FromSource/MediaInfo/Project/GNU/CLI && make install \ + && cd /tmp/xmlrpc-c && ./configure && make -j ${NB_CORES} && make install \ + && cd /tmp/libtorrent && ./autogen.sh && ./configure \ + && make -j ${NB_CORES} && make install \ + && cd /tmp/rtorrent && ./autogen.sh && ./configure --with-xmlrpc-c \ + && make -j ${NB_CORES} && make install \ + && mkdir -p /var/www && cd /var/www \ + && git clone https://github.com/Novik/ruTorrent.git rutorrent --depth=1 \ + && cd /var/www/rutorrent/plugins/ \ + && git clone https://github.com/Korni22/rutorrent-logoff logoff --depth=1 \ + && git clone https://github.com/xombiemp/rutorrentMobile.git mobile --depth=1 \ + && git clone https://github.com/Ardakilic/rutorrent-pausewebui pausewebui --depth=1 \ + && cd /var/www/rutorrent/plugins/theme/themes \ + && git clone https://github.com/Phlooo/ruTorrent-MaterialDesign.git Material --depth=1 \ + && mv /var/www/rutorrent /var/www/torrent \ + && mkdir /filebot \ + && wget -q http://downloads.sourceforge.net/project/filebot/filebot/FileBot_${FILEBOT_VER}/FileBot_${FILEBOT_VER}-portable.zip -P /tmp \ + && unzip -q /tmp/FileBot_${FILEBOT_VER}-portable.zip -d /filebot \ + && strip -s /usr/local/bin/rtorrent \ + && strip -s /usr/local/bin/mediainfo \ + && apk del ${BUILD_DEPS} \ + && deluser svn && delgroup svnusers \ + && rm -rf /var/cache/apk/* /tmp/* + +COPY rootfs / + +RUN chmod +x /usr/bin/* + +VOLUME /data /var/www/torrent/share/users +EXPOSE 80 49184 49184/udp + +LABEL description="BitTorrent client with WebUI front-end" \ + rtorrent="rTorrent BiTorrent client v$RTORRENT_VER" \ + libtorrent="libtorrent v$LIBTORRENT_VER" \ + mediainfo="mediainfo v$MEDIAINFO_VER" \ + filebot="Filebot v$FILEBOT_VER" + +CMD ["/sbin/tini","--","startup"] diff --git a/unmaintained/rutorrent/README.md b/unmaintained/rutorrent/README.md new file mode 100644 index 0000000..75fbef7 --- /dev/null +++ b/unmaintained/rutorrent/README.md @@ -0,0 +1,24 @@ +## wonderfall/rutorrent +Originally forked from [xataz/rutorrent](https://github.com/xataz/dockerfiles/tree/master/rutorrent). + +#### What is this? +This container contains both rtorrent (whis is a BitTorrent client) and rutorrent (which is a front-end for rtorrent). Filebolt is also included, the default behavior is set to create clean symlinks, so media players like Emby/Plex can easily detect your TV shows and movies. + +![](https://pix.schrodinger.io/KDVxwnJA/nEMCzJEd.jpg) + +#### Main features +- Lightweight, since it's based on Alpine Linux. +- Everything is almost compiled from source. +- Secured, don't bother about configuration files. +- Filebot is included, and creates symlinks in `/data/Media`. +- rutorrent : Material theme by phlo set by default. +- rutorrent : nginx + PHP7. + +#### Ports + +- **49184** (bind it). +- **80** [(reverse proxy!)](https://github.com/hardware/mailserver/wiki/Reverse-proxy-configuration) + +#### Volumes +- **/data** : your files, symlinks, and so on. +- **/var/www/torrent/share/users** : rutorrent settings. \ No newline at end of file diff --git a/unmaintained/rutorrent/rootfs/etc/nginx/conf.d/cache.conf b/unmaintained/rutorrent/rootfs/etc/nginx/conf.d/cache.conf new file mode 100644 index 0000000..2d1f2f9 --- /dev/null +++ b/unmaintained/rutorrent/rootfs/etc/nginx/conf.d/cache.conf @@ -0,0 +1,4 @@ +location ~* \.(jpg|jpeg|gif|css|png|js|map|woff|woff2|ttf|svg|eot)$ { + expires 30d; + access_log off; +} diff --git a/unmaintained/rutorrent/rootfs/etc/nginx/conf.d/php.conf b/unmaintained/rutorrent/rootfs/etc/nginx/conf.d/php.conf new file mode 100644 index 0000000..fb9fdd7 --- /dev/null +++ b/unmaintained/rutorrent/rootfs/etc/nginx/conf.d/php.conf @@ -0,0 +1,6 @@ +location ~ \.php$ { + fastcgi_index index.php; + fastcgi_pass unix:/var/run/php-fpm.sock; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + include /etc/nginx/fastcgi_params; +} diff --git a/unmaintained/rutorrent/rootfs/etc/nginx/nginx.conf b/unmaintained/rutorrent/rootfs/etc/nginx/nginx.conf new file mode 100644 index 0000000..9b17b57 --- /dev/null +++ b/unmaintained/rutorrent/rootfs/etc/nginx/nginx.conf @@ -0,0 +1,54 @@ +user torrent; +worker_processes auto; +pid /var/run/nginx.pid; +daemon off; + +events { + worker_connections 1024; + use epoll; +} + +http { + include /etc/nginx/mime.types; + default_type application/octet-stream; + + access_log /var/log/nginx/access.log combined; + error_log /var/log/nginx/error.log error; + + fastcgi_temp_path /tmp/fastcgi 1 2; + scgi_temp_path /tmp/scgi 1 2; + client_body_temp_path /tmp/client_body 1 2; + + sendfile on; + keepalive_timeout 15; + keepalive_disable msie6; + keepalive_requests 100; + tcp_nopush on; + tcp_nodelay on; + server_tokens off; + + gzip on; + gzip_comp_level 5; + gzip_min_length 512; + gzip_buffers 4 8k; + gzip_proxied any; + gzip_vary on; + gzip_disable "msie6"; + gzip_types + text/css + text/javascript + text/xml + text/plain + text/x-component + application/javascript + application/x-javascript + application/json + application/xml + application/rss+xml + application/vnd.ms-fontobject + font/truetype + font/opentype + image/svg+xml; + + include /sites/*.conf; +} diff --git a/unmaintained/rutorrent/rootfs/etc/php7/php-fpm.conf b/unmaintained/rutorrent/rootfs/etc/php7/php-fpm.conf new file mode 100644 index 0000000..e619b69 --- /dev/null +++ b/unmaintained/rutorrent/rootfs/etc/php7/php-fpm.conf @@ -0,0 +1,12 @@ +[www] +user = torrent +group = torrent +listen = /var/run/php-fpm.sock +listen.owner = torrent +listen.group = torrent +pm = dynamic +pm.max_children = 5 +pm.start_servers = 2 +pm.min_spare_servers = 1 +pm.max_spare_servers = 3 +chdir = / diff --git a/unmaintained/rutorrent/rootfs/etc/php7/php.ini b/unmaintained/rutorrent/rootfs/etc/php7/php.ini new file mode 100644 index 0000000..b4e52d3 --- /dev/null +++ b/unmaintained/rutorrent/rootfs/etc/php7/php.ini @@ -0,0 +1,174 @@ +[PHP] +engine = On +short_open_tag = Off +asp_tags = Off +precision = 14 +output_buffering = 4096 +zlib.output_compression = Off +implicit_flush = Off +unserialize_callback_func = +serialize_precision = 17 +disable_functions = pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority, +disable_classes = +zend.enable_gc = On +expose_php = Off +max_execution_time = 30 +max_input_time = 60 +memory_limit = 128M +error_reporting = E_ALL & ~E_DEPRECATED & ~E_STRICT +display_errors = Off +display_startup_errors = Off +log_errors = On +log_errors_max_len = 1024 +ignore_repeated_errors = Off +ignore_repeated_source = Off +report_memleaks = On +track_errors = Off +html_errors = On +variables_order = "GPCS" +request_order = "GP" +register_argc_argv = Off +auto_globals_jit = On +post_max_size = 10M +auto_prepend_file = +auto_append_file = +default_mimetype = "text/html" +default_charset = "UTF-8" +doc_root = +user_dir = +enable_dl = Off +file_uploads = On +upload_max_filesize = 10M +max_file_uploads = 20 +allow_url_fopen = On +allow_url_include = Off +default_socket_timeout = 60 +[CLI Server] +cli_server.color = On +[Date] +[filter] +[iconv] +[intl] +[sqlite] +[sqlite3] +[Pcre] +[Pdo] +[Pdo_mysql] +pdo_mysql.cache_size = 2000 +pdo_mysql.default_socket= +[Phar] +[mail function] +SMTP = localhost +smtp_port = 25 +mail.add_x_header = On +[SQL] +sql.safe_mode = Off +[ODBC] +odbc.allow_persistent = On +odbc.check_persistent = On +odbc.max_persistent = -1 +odbc.max_links = -1 +odbc.defaultlrl = 4096 +odbc.defaultbinmode = 1 +[Interbase] +ibase.allow_persistent = 1 +ibase.max_persistent = -1 +ibase.max_links = -1 +ibase.timestampformat = "%Y-%m-%d %H:%M:%S" +ibase.dateformat = "%Y-%m-%d" +ibase.timeformat = "%H:%M:%S" +[MySQL] +mysql.allow_local_infile = On +mysql.allow_persistent = On +mysql.cache_size = 2000 +mysql.max_persistent = -1 +mysql.max_links = -1 +mysql.default_port = +mysql.default_socket = +mysql.default_host = +mysql.default_user = +mysql.default_password = +mysql.connect_timeout = 60 +mysql.trace_mode = Off +[MySQLi] +mysqli.max_persistent = -1 +mysqli.allow_persistent = On +mysqli.max_links = -1 +mysqli.cache_size = 2000 +mysqli.default_port = 3306 +mysqli.default_socket = +mysqli.default_host = +mysqli.default_user = +mysqli.default_pw = +mysqli.reconnect = Off +[mysqlnd] +mysqlnd.collect_statistics = On +mysqlnd.collect_memory_statistics = Off +[OCI8] +[PostgreSQL] +pgsql.allow_persistent = On +pgsql.auto_reset_persistent = Off +pgsql.max_persistent = -1 +pgsql.max_links = -1 +pgsql.ignore_notice = 0 +pgsql.log_notice = 0 +[Sybase-CT] +sybct.allow_persistent = On +sybct.max_persistent = -1 +sybct.max_links = -1 +sybct.min_server_severity = 10 +sybct.min_client_severity = 10 +[bcmath] +bcmath.scale = 0 +[browscap] +[Session] +session.save_handler = files +session.use_strict_mode = 0 +session.use_cookies = 1 +session.use_only_cookies = 1 +session.name = PHPSESSID +session.auto_start = 0 +session.cookie_lifetime = 0 +session.cookie_path = / +session.cookie_domain = +session.cookie_httponly = +session.serialize_handler = php +session.gc_probability = 0 +session.gc_divisor = 1000 +session.gc_maxlifetime = 1440 +session.referer_check = +session.cache_limiter = nocache +session.cache_expire = 180 +session.use_trans_sid = 0 +session.hash_function = 0 +session.hash_bits_per_character = 5 +url_rewriter.tags = "a=href,area=href,frame=src,input=src,form=fakeentry" +[MSSQL] +mssql.allow_persistent = On +mssql.max_persistent = -1 +mssql.max_links = -1 +mssql.min_error_severity = 10 +mssql.min_message_severity = 10 +mssql.compatibility_mode = Off +mssql.secure_connection = Off +[Assertion] +[COM] +[mbstring] +[gd] +[exif] +[Tidy] +tidy.clean_output = Off +[soap] +soap.wsdl_cache_enabled=1 +soap.wsdl_cache_dir="/tmp" +soap.wsdl_cache_ttl=86400 +soap.wsdl_cache_limit = 5 +[sysvshm] +[ldap] +ldap.max_links = -1 +[mcrypt] +[dba] +[opcache] +[curl] +[openssl] + diff --git a/unmaintained/rutorrent/rootfs/etc/supervisor.d/supervisord.ini b/unmaintained/rutorrent/rootfs/etc/supervisor.d/supervisord.ini new file mode 100644 index 0000000..4ed1247 --- /dev/null +++ b/unmaintained/rutorrent/rootfs/etc/supervisor.d/supervisord.ini @@ -0,0 +1,17 @@ +[supervisord] +nodaemon=true + +[program:rtorrent] +user=torrent +directory=/home/torrent +priority=2 +redirect_stderr=true +environment=HOME="/home/torrent",PWD="/home/torrent",LOGNAME="rtorrent",USER="torrent",TERM="xterm" +startsecs=5 +command=rtorrent + +[program:php-fpm] +command=php-fpm7 --nodaemonize + +[program:nginx] +command=nginx diff --git a/unmaintained/rutorrent/rootfs/home/torrent/.rtorrent.rc b/unmaintained/rutorrent/rootfs/home/torrent/.rtorrent.rc new file mode 100644 index 0000000..e3aba91 --- /dev/null +++ b/unmaintained/rutorrent/rootfs/home/torrent/.rtorrent.rc @@ -0,0 +1,23 @@ +scgi_port = 0.0.0.0:5000 +encoding_list = UTF-8 +port_range = 49184-49184 +port_random = no +check_hash = no +directory = /data/torrents +session = /data/.session +encryption = require,require_RC4,allow_incoming,try_outgoing +use_udp_trackers = yes +dht = off +peer_exchange = no +min_peers = 1 +max_peers = 100 +min_peers_seed = 1 +max_peers_seed = 50 +max_uploads = 15 + +execute = {sh,-c,/usr/bin/php7 /var/www/torrent/php/initplugins.php torrent &} +schedule = watch_directory,1,1,"load_start=/data/.watch/*.torrent" +schedule = untied_directory,5,5,"stop_untied=/data/.watch/*.torrent" +schedule = espace_disque_insuffisant,1,30,close_low_diskspace=500M +system.method.set_key=event.download.finished,filebot,"execute={/usr/bin/postdl,$d.get_base_path=,$d.get_name=,$d.get_custom1=}" +system.method.set_key=event.download.erased,filebot_cleaner,"execute={/usr/bin/postrm}" diff --git a/unmaintained/rutorrent/rootfs/sites/rutorrent.conf b/unmaintained/rutorrent/rootfs/sites/rutorrent.conf new file mode 100644 index 0000000..11c1b74 --- /dev/null +++ b/unmaintained/rutorrent/rootfs/sites/rutorrent.conf @@ -0,0 +1,48 @@ +server { + listen 80 default_server; + server_name _; + + charset utf-8; + index index.html index.php; + client_max_body_size 10M; + + access_log /var/log/nginx/rutorrent-access.log combined; + error_log /var/log/nginx/rutorrent-error.log error; + + error_page 500 502 503 504 /50x.html; + location = /50x.html { root /usr/share/nginx/html; } + root /var/www; + + location = /favicon.ico { + access_log off; + log_not_found off; + } + + location ^~ { + root /var/www; + include /etc/nginx/conf.d/php.conf; + include /etc/nginx/conf.d/cache.conf; + + location ~ /\.svn { + deny all; + } + + location ~ /\.ht { + deny all; + } + } + + location /RPC { + include scgi_params; + scgi_pass 127.0.0.1:5000; + } + + location ^~ /conf/ { + deny all; + } + + location ^~ /share/ { + deny all; + } + +} diff --git a/unmaintained/rutorrent/rootfs/usr/bin/postdl b/unmaintained/rutorrent/rootfs/usr/bin/postdl new file mode 100644 index 0000000..6061cf0 --- /dev/null +++ b/unmaintained/rutorrent/rootfs/usr/bin/postdl @@ -0,0 +1,10 @@ +#!/bin/sh + +# rtorrent.rc +# system.method.set_key=event.download.finished,filebot,"execute={rtorrent-postprocess.sh,$d.get_base_path=,$d.get_name=,$d.get_custom1=}" + +TORRENT_PATH="$1" +TORRENT_NAME="$2" +TORRENT_LABEL="$3" + +/filebot/filebot.sh -script fn:amc --output "/data/Media" --action symlink --conflict skip -non-strict --log-file amc.log --def excludeList=amc.excludes unsorted=y music=y "seriesFormat=/data/Media/TV/{n}/Season {s.pad(2)}/{s00e00} - {t}" "animeFormat=/data/Media/Animes/{n}/{e.pad(3)} - {t}" "movieFormat=/data/Media/Movies/{n}" "musicFormat=/data/Media/Music/{n}/{fn}" "ut_dir=$TORRENT_PATH" "ut_kind=multi" "ut_title=$TORRENT_NAME" "ut_label=$TORRENT_LABEL" & diff --git a/unmaintained/rutorrent/rootfs/usr/bin/postrm b/unmaintained/rutorrent/rootfs/usr/bin/postrm new file mode 100644 index 0000000..95490f2 --- /dev/null +++ b/unmaintained/rutorrent/rootfs/usr/bin/postrm @@ -0,0 +1,3 @@ +#!/bin/sh + +/filebot/filebot.sh -script fn:cleaner /data/Media diff --git a/unmaintained/rutorrent/rootfs/usr/bin/startup b/unmaintained/rutorrent/rootfs/usr/bin/startup new file mode 100644 index 0000000..9eb26ff --- /dev/null +++ b/unmaintained/rutorrent/rootfs/usr/bin/startup @@ -0,0 +1,25 @@ +#!/bin/sh +addgroup -g ${GID} torrent && adduser -h /home/torrent -s /bin/sh -G torrent -D -u ${UID} torrent + +mkdir -p /data/torrents +mkdir -p /data/.watch +mkdir -p /data/.session +mkdir -p /data/Media/Movies +mkdir -p /data/Media/TV +mkdir -p /data/Media/Animes +mkdir -p /data/Media/Music +mkdir /tmp/fastcgi /tmp/scgi /tmp/client_body + +if [ $WEBROOT != "/" ]; then + sed -i 's||'${WEBROOT}'|g' /sites/rutorrent.conf + sed -i 's|||g' /sites/rutorrent.conf + mv /var/www/torrent /var/www${WEBROOT} +else + sed -i 's||/|g' /sites/rutorrent.conf + sed -i 's||/torrent|g' /sites/rutorrent.conf +fi + +chown -R torrent:torrent /data /var/www /home/torrent /var/lib/nginx /filebot /tmp +rm -f /data/.session/rtorrent.lock + +/usr/bin/supervisord -c /etc/supervisord.conf diff --git a/unmaintained/rutorrent/rootfs/var/www/torrent/conf/config.php b/unmaintained/rutorrent/rootfs/var/www/torrent/conf/config.php new file mode 100644 index 0000000..02a676f --- /dev/null +++ b/unmaintained/rutorrent/rootfs/var/www/torrent/conf/config.php @@ -0,0 +1,36 @@ + '/usr/bin/php7', + "curl" => '/usr/bin/curl', + "gzip" => '/usr/bin/gzip', + "id" => '/usr/bin/id', + "stat" => '/usr/bin/stat', + ); + $localhosts = array( + "127.0.0.1", + "localhost", + ); + $profilePath = '../share'; + $profileMask = 0777; + $tempDirectory = null; + $canUseXSendFile = true; + $locale = "UTF8"; diff --git a/unmaintained/rutorrent/rootfs/var/www/torrent/conf/plugins.ini b/unmaintained/rutorrent/rootfs/var/www/torrent/conf/plugins.ini new file mode 100644 index 0000000..8da94c6 --- /dev/null +++ b/unmaintained/rutorrent/rootfs/var/www/torrent/conf/plugins.ini @@ -0,0 +1,20 @@ +[default] +enabled = user-defined +canChangeToolbar = yes +canChangeMenu = yes +canChangeOptions = yes +canChangeTabs = yes +canChangeColumns = yes +canChangeStatusBar = yes +canChangeCategory = yes +canBeShutdowned = yes +[ipad] +enabled = no +[httprpc] +enabled = no +[retrackers] +enabled = no +[rpc] +enabled = no +[rutracker_check] +enabled = no diff --git a/unmaintained/rutorrent/rootfs/var/www/torrent/plugins/create/conf.php b/unmaintained/rutorrent/rootfs/var/www/torrent/plugins/create/conf.php new file mode 100644 index 0000000..19ea4c1 --- /dev/null +++ b/unmaintained/rutorrent/rootfs/var/www/torrent/plugins/create/conf.php @@ -0,0 +1,5 @@ + diff --git a/unmaintained/rutorrent/rootfs/var/www/torrent/plugins/theme/conf.php b/unmaintained/rutorrent/rootfs/var/www/torrent/plugins/theme/conf.php new file mode 100644 index 0000000..76c64a4 --- /dev/null +++ b/unmaintained/rutorrent/rootfs/var/www/torrent/plugins/theme/conf.php @@ -0,0 +1,3 @@ +