hoellen/dockerfiles
1
0
Fork 0
mirror of https://github.com/hoellen/dockerfiles.git synced 2025-04-19 20:09:16 +00:00
Code Issues Projects Releases Wiki Activity

Merge pull request #11 from elrido/master

Browse Source 
Making the PrivateBin container image more robust
This commit is contained in:
hoellen 2018-08-12 10:08:06 +02:00 committed by GitHub
commit a785f9c665
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 47 additions and 35 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
privatebin/Dockerfile
View File

@ -1,6 +1,6 @@
FROM hoellen/nginx-php
ARG PRIVATEBIN_VER=1.2
ARG PRIVATEBIN_VER=1.2.1
ENV GID=991 UID=991 \
UPLOAD_MAX_SIZE=10M \
@ -10,19 +10,31 @@ ENV GID=991 UID=991 \
PHP_MIN_SPARE_SERVERS=1 \
PHP_MAX_SPARE_SERVERS=6
RUN BUILD_DEPS="tar libressl ca-certificates" \
RUN BUILD_DEPS="tar gnupg" \
&& apk -U upgrade && apk add $BUILD_DEPS \
&& mkdir privatebin && cd privatebin \
&& wget -qO- https://github.com/PrivateBin/PrivateBin/archive/${PRIVATEBIN_VER}.tar.gz | tar xz --strip 1 \
&& mv cfg/conf.sample.php cfg/conf.php \
&& mkdir -p privatebin/data privatebin/cfg \
&& export GNUPGHOME="$(mktemp -d)" \
&& gpg2 --list-public-keys || /bin/true \
&& wget -qO- https://privatebin.info/key/release.asc | gpg2 --import - \
&& wget -qO /privatebin.tar.gz.asc https://github.com/PrivateBin/PrivateBin/releases/download/${PRIVATEBIN_VER}/PrivateBin-${PRIVATEBIN_VER}.tar.gz.asc \
&& wget -qO /privatebin.tar.gz https://github.com/PrivateBin/PrivateBin/archive/${PRIVATEBIN_VER}.tar.gz \
&& gpg2 --verify /privatebin.tar.gz.asc \
&& cd srv \
&& tar -xzf /privatebin.tar.gz --strip 1 \
&& mv cfg /privatebin \
&& mv lib /privatebin \
&& mv tpl /privatebin \
&& mv vendor /privatebin \
&& sed -i "s#define('PATH', '');#define('PATH', '/privatebin/');#" index.php \
&& apk del $BUILD_DEPS \
&& rm -f /var/cache/apk/*
&& rm -rf /var/cache/apk/* *.md /privatebin.tar.gz* "${GNUPGHOME}"
COPY rootfs /
RUN chmod +x /usr/local/bin/run.sh /etc/s6.d/*/* /etc/s6.d/.s6-svscan/*
VOLUME /privatebin/data /php/session
# mark dirs as volumes that need to be writable, allows running the container --read-only
VOLUME /privatebin/data /php /nginx /tmp /etc/s6.d
EXPOSE 8888

54
privatebin/rootfs/nginx/sites-enabled/nginx.conf
View File

@ -1,33 +1,33 @@
server {
listen 8888;
root /privatebin;
index index.php index.html;
listen 8888;
root /srv;
index index.php;
location ~* \.(jpg|jpeg|gif|css|png|js|map|woff|woff2|ttf|svg|eot)$ {
expires 30d;
access_log off;
}
location ~* \.(jpg|jpeg|gif|css|png|js|map|woff|woff2|ttf|svg|eot)$ {
expires 30d;
access_log off;
}
location ~ ^/(data|cfg|tmp) {
deny all;
}
location ~* /(.*)\.(?:markdown|md|twig|yaml|yml|ht|htaccess|ini)$ {
deny all;
}
location ~ /\. {
deny all;
}
location ~ ^/(data|cfg|tmp) {
deny all;
}
location / {
try_files $uri $uri/ /index.php;
}
location ~* /(.*)\.(?:markdown|md|twig|yaml|yml|ht|htaccess|ini)$ {
deny all;
}
location ~ \.php$ {
fastcgi_index index.php;
fastcgi_pass unix:/php/run/php-fpm.sock;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include /nginx/conf/fastcgi_params;
}
location ~ /\. {
deny all;
}
location / {
try_files $uri $uri/ /index.php;
}
location ~ \.php$ {
fastcgi_index index.php;
fastcgi_pass unix:/php/run/php-fpm.sock;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include /nginx/conf/fastcgi_params;
}
}

2
privatebin/rootfs/usr/local/bin/run.sh
View File

@ -6,5 +6,5 @@ sed -i -e "s/<UPLOAD_MAX_SIZE>/$UPLOAD_MAX_SIZE/g" /nginx/conf/nginx.conf /php/e
-e "s/<PHP_MIN_SPARE_SERVERS>/$PHP_MIN_SPARE_SERVERS/g" /php/etc/php-fpm.conf \
-e "s/<PHP_MAX_SPARE_SERVERS>/$PHP_MAX_SPARE_SERVERS/g" /php/etc/php-fpm.conf
chown -R $UID:$GID /privatebin /nginx /php /tmp /etc/s6.d
chown -R $UID:$GID /privatebin/data /nginx /php /tmp /etc/s6.d
exec su-exec $UID:$GID /bin/s6-svscan /etc/s6.d