remove reverse and selfoss

reverse/Dockerfile

@@ -1,128 +0,0 @@
-FROM alpine:3.3
-MAINTAINER Wonderfall <wonderfall@schrodinger.io>
-
-ARG NGINX_VERSION=1.11.0
-ARG OPENSSL_VERSION=1.0.2h
-ARG SIGNATURE=secret
-ARG BUILD_CORES
-
-ARG GPG_matt="8657 ABB2 60F0 56B1 E519  0839 D9C4 D26D 0E60 4491"
-ARG GPG_mdounin="B0F4 2533 73F8 F6F5 10D4  2178 520A 9993 A1C0 52F8"
-
-ENV UID=991 GID=991
-
-RUN echo "@commuedge http://nl.alpinelinux.org/alpine/edge/community" >> /etc/apk/repositories \
- && NB_CORES=${BUILD_CORES-$(getconf _NPROCESSORS_CONF)} \
- && BUILD_DEPS=" \
-    build-base \
-    linux-headers \
-    ca-certificates \
-    automake \
-    autoconf \
-    git \
-    tar \
-    libtool \
-    pcre-dev \
-    zlib-dev \
-    binutils \
-    gnupg" \
- && apk -U add \
-    ${BUILD_DEPS} \
-    pcre \
-    zlib \
-    libgcc \
-    libstdc++ \
-    su-exec \
-    openssl \
-    tini@commuedge \
- && cd /tmp && git clone https://github.com/bagder/libbrotli && cd libbrotli \
- && ./autogen.sh && ./configure && make -j ${NB_CORES} && make install \
- && mkdir /tmp/ngx_brotli && cd /tmp/ngx_brotli \
- && wget -qO- https://github.com/google/ngx_brotli/archive/master.tar.gz | tar xz --strip 1 \
- && cd /tmp \
- && OPENSSL_TARBALL="openssl-${OPENSSL_VERSION}.tar.gz" \
- && wget -q https://www.openssl.org/source/${OPENSSL_TARBALL} \
- && echo "Verifying both integrity and authenticity of ${OPENSLL_TARBALL} using GPG..." \
- && wget -q https://www.openssl.org/source/${OPENSSL_TARBALL}.asc \
- && wget -q https://www.openssl.org/source/${OPENSSL_TARBALL}.sha256 \
- && echo "$(cat ${OPENSSL_TARBALL}.sha256)  ${OPENSSL_TARBALL}" > ${OPENSSL_TARBALL}.sha256 \
- && CHECKSUM_STATE=$(echo -n $(sha256sum -c ${OPENSSL_TARBALL}.sha256) | tail -c 2) \
- && if [ "${CHECKSUM_STATE}" != "OK" ]; then echo "Warning! Checksum does not match!" && exit 1; fi \
- && gpg --recv-keys 0E604491 \
- && FINGERPRINT="$(LANG=C gpg --verify ${OPENSSL_TARBALL}.asc ${OPENSSL_TARBALL} 2>&1 \
-  | sed -n "s#Primary key fingerprint: \(.*\)#\1#p")" \
- && if [ -z "${FINGERPRINT}" ]; then echo "Warning! Invalid GPG signature!" && exit 1; fi \
- && if [ "${FINGERPRINT}" != "${GPG_matt}" ]; then echo "Warning! Wrong GPG fingerprint!" && exit 1; fi \
- && echo "All seems good, now unpacking ${OPENSSL_TARBALL}..." \
- && tar xzf ${OPENSSL_TARBALL} && cd openssl-${OPENSSL_VERSION} \
- && wget https://raw.githubusercontent.com/cloudflare/sslconfig/master/patches/openssl__chacha20_poly1305_draft_and_rfc_ossl102g.patch -O chacha.patch \
- && patch -p1 < chacha.patch \
- && ./config \
- && cd /tmp \
- && NGINX_TARBALL="nginx-${NGINX_VERSION}.tar.gz" \
- && wget -q http://nginx.org/download/${NGINX_TARBALL} \
- && echo "Verifying ${NGINX_TARBALL} using GPG..." \
- && wget -q http://nginx.org/download/${NGINX_TARBALL}.asc \
- && wget -q http://nginx.org/keys/mdounin.key \
- && gpg --import mdounin.key \
- && FINGERPRINT="$(LANG=C gpg --verify ${NGINX_TARBALL}.asc ${NGINX_TARBALL} 2>&1 \
-  | sed -n "s#Primary key fingerprint: \(.*\)#\1#p")" \
- && if [ -z "${FINGERPRINT}" ]; then echo "Warning! Invalid GPG signature!" && exit 1; fi \
- && if [ "${FINGERPRINT}" != "${GPG_mdounin}" ]; then echo "Warning! Wrong GPG fingerprint!" && exit 1; fi \
- && echo "All seems good, now unpacking ${NGINX_TARBALL}..." \
- && tar xzf ${NGINX_TARBALL} && cd nginx-${NGINX_VERSION} \
- && sed -i -e "s/\"Server: nginx\" CRLF/\"Server: ${SIGNATURE}\" CRLF/g" \
-    -e "s/\"Server: \" NGINX_VER CRLF/\"Server: ${SIGNATURE}\" NGINX_VER CRLF/g" \
-    src/http/ngx_http_header_filter_module.c \
- && ./configure \
-    --with-http_ssl_module \
-    --with-http_v2_module \
-    --with-http_gzip_static_module \
-    --with-http_stub_status_module \
-    --with-openssl=/tmp/openssl-${OPENSSL_VERSION} \
-    --with-openssl-opt='no-ssl2 no-ssl3 no-camellia no-dsa no-rc2 no-rc4 no-rc5 no-md2 no-md4 no-krb5 no-comp no-idea no-shared enable-ec_nistp_64_gcc_128 -DOPENSSL_NO_HEARTBEATS -fstack-protector-strong' \
-    --with-cc-opt='-g -O2 -fstack-protector-strong -Wformat -Werror=format-security' \
-    --with-ld-opt='-lrt' \
-    --with-file-aio \
-    --with-threads \
-    --without-http_ssi_module \
-    --without-http_scgi_module \
-    --without-http_uwsgi_module \
-    --without-http_fastcgi_module \
-    --without-http_geo_module \
-    --without-http_autoindex_module \
-    --without-http_map_module \
-    --without-http_split_clients_module \
-    --without-http_memcached_module \
-    --without-http_empty_gif_module \
-    --without-http_browser_module \
-    --prefix=/etc/nginx \
-    --http-proxy-temp-path=/tmp/proxy-temp \
-    --http-log-path=/var/log/nginx/access.log \
-    --error-log-path=/var/log/nginx/error.log \
-    --sbin-path=/usr/local/sbin/nginx \
-    --add-module=/tmp/ngx_brotli \
- && make -j ${NB_CORES} && make install \
- && make clean \
- && strip -s /usr/local/sbin/nginx \
- && apk del ${BUILD_DEPS} \
- && rm -rf /tmp/* /var/cache/apk/*
-
-COPY nginx.conf /etc/nginx/conf/nginx.conf
-COPY run.sh /usr/local/bin/run.sh
-COPY ngxpasswd /usr/local/bin/ngxpasswd
-COPY ssl_params /etc/nginx/conf/ssl_params
-COPY headers_params /etc/nginx/conf/headers_params
-COPY proxy_params /etc/nginx/conf/proxy_params
-
-RUN chmod +x /usr/local/bin/*
-
-EXPOSE 8000 4430
-
-VOLUME /sites-enabled /conf.d /passwds /certs /var/log/nginx
-
-LABEL description="Secure reverse proxy using nginx" \
-      openssl="OpenSSL v${OPENSSL_VERSION}" \
-      nginx="nginx v${NGINX_VERSION}"
-
-CMD ["/sbin/tini","--","run.sh"]

reverse/README.md

@@ -1,47 +0,0 @@
-## wonderfall/reverse
-
-![](https://upload.wikimedia.org/wikipedia/commons/thumb/c/c5/Nginx_logo.svg/115px-Nginx_logo.svg.png)
-
-![](https://upload.wikimedia.org/wikipedia/commons/thumb/a/a1/OpenSSL_logo.png/220px-OpenSSL_logo.png)
-
-#### What is this?
-It is nginx statically linked against a custom OpenSSL build, with embedded Brotli support. Secured by default (no root processes, even the master one), it should be safe to use...
-
-#### Features
-- Based on Alpine Linux.
-- nginx built against OpenSSL.
-- OpenSSL : no weak algorithms.
-- OpenSSL : ChaCha20 ciphers support.
-- nginx : HTTP/2 (+NPN) support.
-- nginx : Brotli compression support (and configured).
-- nginx : no root master process.
-- nginx : AIO Threads support.
-- nginx : no unnessary modules.
-- nginx : optimized configuration.
-
-#### Notes
-It is required to chown your certs files with the right uid/pid and change the `listen` directive to 8000/4430 instead of 80/443. Linux 3.17+, and the latest Docker stable are recommended.
-
-#### Volumes
-- **/sites-enabled** : vhosts files (*.conf)
-- **/conf.d** : additional configuration files
-- **/certs** : SSL/TLS certificates
-- **/var/log/nginx** : nginx logs
-- **/passwds** : authentication files
-
-#### Build-time variables
-- **NGINX_VERSION** : version of nginx
-- **OPENSSL_VERSION** : version of LibreSSL
-
-#### Environment variables
-- **GID** : nginx group id *(default : 991)*
-- **UID** : nginx user id *(default : 991)*
-
-#### How to use it?
-https://github.com/hardware/mailserver/wiki/Reverse-proxy-configuration
-
-Some configuration files located in `/etc/nginx/conf` are already provided, you can use them with the `include` directive.
-
-- `ssl_params` : TLS (1.0, 1.1, 1.2), CHACHA20, AES 256/128. Nice balance between compatibility and security.
-- `headers_params` : HSTS (+ preload), XSS protection...
-- `proxy_params` : useful with `proxy_pass`.

reverse/headers_params

@@ -1,4 +0,0 @@
-add_header Strict-Transport-Security "max-age=31536000; includeSubdomains; preload";
-add_header X-Frame-Options SAMEORIGIN;
-add_header X-Content-Type-Options nosniff;
-add_header X-XSS-Protection "1; mode=block";

reverse/nginx.conf

@@ -1,80 +0,0 @@
-worker_processes auto;
-pid /var/run/nginx.pid;
-daemon off;
-
-events {
-    worker_connections 2048; 
-    use epoll;
-}
-
-http {
-    limit_conn_zone $binary_remote_addr zone=limit_per_ip:10m;
-    limit_conn limit_per_ip 64;
-    limit_req_zone $binary_remote_addr zone=allips:10m rate=150r/s;
-    limit_req zone=allips burst=150 nodelay;
-
-    include /etc/nginx/conf/mime.types;
-    default_type application/octet-stream;
-
-    access_log /var/log/nginx/access.log combined;
-    error_log /var/log/nginx/error.log crit;
-
-    client_body_buffer_size 10K;
-    client_header_buffer_size 1k;
-    client_max_body_size 8m;
-    large_client_header_buffers 2 1k;
-    
-    aio threads;
-    sendfile on;
-    keepalive_timeout 15;
-    keepalive_disable msie6;
-    keepalive_requests 100;
-    tcp_nopush on;
-    tcp_nodelay on;
-    server_tokens off;
-    
-    gzip on;
-    gzip_comp_level 5;
-    gzip_min_length 512;
-    gzip_buffers 4 8k;
-    gzip_proxied any;
-    gzip_vary on;
-    gzip_disable "msie6";
-    gzip_types
-        text/css
-        text/javascript
-        text/xml
-        text/plain
-        text/x-component
-        application/javascript
-        application/x-javascript
-        application/json
-        application/xml
-        application/rss+xml
-        application/vnd.ms-fontobject
-        font/truetype
-        font/opentype
-        image/svg+xml;
-  
-    brotli on;
-    brotli_static on;
-    brotli_buffers 16 8k;
-    brotli_comp_level 6;
-    brotli_types
-        text/css
-        text/javascript
-        text/xml
-        text/plain
-        text/x-component
-        application/javascript
-        application/x-javascript
-        application/json
-        application/xml
-        application/rss+xml
-        application/vnd.ms-fontobject
-        font/truetype
-        font/opentype
-        image/svg+xml;
-
-    include /sites-enabled/*.conf;
-}

reverse/ngxpasswd

@@ -1,42 +0,0 @@
-#!/bin/sh
-NAME="$1"
-USER="$2"
-PASSWORD="$3"
-
-cd /passwds || exit 1
-
-if [ -z "$NAME" ]; then
-    echo "Service name must be defined" 1>&2
-    exit 1
-elif [ -f $NAME.htpasswd ]; then
-    echo "$NAME.htpasswd exists, aborting" 1>&2
-    exit 1
-fi
-
-if [ -z "$USER" ]; then
-    echo "User must be defined" 1>&2
-    exit 1
-fi
-
-if [ -z "$PASSWORD" ]; then
-    PASSWORD=`cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 20 | head -n 1`
-    echo "Password was not defined, generating a random one..."
-fi
-
-echo -n $USER:`openssl passwd -apr1 $PASSWORD` >> $NAME.htpasswd
-chown $UID:$GID $NAME.htpasswd
-chmod 640 $NAME.htpasswd
-
-echo
-echo  "A new password file has been saved to /passwds/$NAME.htpasswd :"
-echo  "- Service  :  $NAME"
-echo  "- User     :  $USER"
-echo  "- Password :  $PASSWORD"
-echo
-echo  "Paste this to your vhost in order to enable auth :"
-echo  "        auth_basic \"Who's this?\";"
-echo  "        auth_basic_user_file /passwds/$NAME.htpasswd;"
-echo
-echo "Done."
-
-exit 0

reverse/proxy_params

@@ -1,6 +0,0 @@
-proxy_set_header        Host                 $host;
-proxy_set_header        X-Real-IP            $remote_addr;
-proxy_set_header        X-Forwarded-For      $proxy_add_x_forwarded_for;
-proxy_set_header        X-Remote-Port        $remote_port;
-proxy_set_header        X-Forwarded-Proto    $scheme;
-proxy_redirect          off;

reverse/run.sh

@@ -1,5 +0,0 @@
-#!/bin/sh
-touch /var/run/nginx.pid
-chown -R $UID:$GID /etc/nginx /var/log/nginx /var/run/nginx.pid /sites-enabled /conf.d /certs
-chmod -R 700 /certs
-su-exec $UID:$GID nginx

reverse/ssl_params

@@ -1,8 +0,0 @@
-ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
-ssl_ecdh_curve brainpoolP512r1:sect571r1:secp521r1:secp384r1;
-ssl_ciphers 'ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-CHACHA20-POLY1305-D:ECDHE-RSA-CHACHA20-POLY1305-D:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES128-SHA256';
-ssl_prefer_server_ciphers on;
-
-ssl_session_cache shared:SSL:20m;
-ssl_session_timeout 15m;
-ssl_session_tickets off;

selfoss/Dockerfile

@@ -1,47 +0,0 @@
-FROM alpine:3.3
-MAINTAINER Wonderfall <wonderfall@schrodinger.io>
-
-ENV GID=991 UID=991 VERSION=2.15
-
-RUN echo "@commuedge http://nl.alpinelinux.org/alpine/edge/community" >> /etc/apk/repositories \
- && echo "@testing http://nl.alpinelinux.org/alpine/edge/testing" >> /etc/apk/repositories \
- && echo "@edge http://nl.alpinelinux.org/alpine/edge/main" >> /etc/apk/repositories \
- && apk -U add \
-    musl \
-    nginx \
-    libwebp@edge \
-    php7@testing \
-    php7-fpm@testing \
-    php7-gd@testing \
-    php7-json@testing \
-    php7-zlib@testing \
-    php7-xml@testing \
-    php7-dom@testing \
-    php7-curl@testing \
-    php7-iconv@testing \
-    php7-mcrypt@testing \
-    php7-pdo_sqlite@testing \
-    php7-ctype@testing \
-    php7-session@testing \
-    supervisor \
-    ca-certificates \
-    tini@commuedge \
- && rm -f /var/cache/apk/* \
- && sed -i -e 's/max_execution_time = 30/max_execution_time = 300/' /etc/php7/php.ini
-
-RUN wget -q https://github.com/SSilence/selfoss/releases/download/$VERSION/selfoss-$VERSION.zip -P /tmp \
- && mkdir /selfoss && unzip -q /tmp/selfoss-$VERSION.zip -d /selfoss \
- && sed -i -e 's/base_url=/base_url=\//g' /selfoss/defaults.ini \
- && rm -rf /tmp/*
-
-COPY nginx.conf /etc/nginx/nginx.conf
-COPY php-fpm.conf /etc/php7/php-fpm.conf
-COPY supervisord.conf /etc/supervisor/supervisord.conf
-COPY startup /usr/local/bin/startup
-COPY cron /etc/periodic/15min/selfoss
-
-RUN chmod +x /usr/local/bin/startup /etc/periodic/15min/selfoss
-
-VOLUME /selfoss/data
-EXPOSE 80
-CMD ["/sbin/tini","--","startup"]

selfoss/README.md

@@ -1,45 +0,0 @@
-# wonderfall/selfoss
-
-![selfoss](https://i.imgur.com/8hJyBgk.png "selfoss")
-
-The new multipurpose rss reader, live stream, mashup, aggregation web application.
-
-### Requirement
-
-- Docker 1.0 or higher
-
-### How to use
-
-```
-docker run -d \
-  --name selfoss \
-  -p 80:80 \
-  -v /mnt/docker/selfoss:/selfoss/data \
-  hardware/selfoss
-```
-
-### Environment variables
-
-- **VERSION** = selfoss version (*optional*, default: 2.15)
-- **GID** = selfoss user id (*optional*, default: 991)
-- **UID** = selfoss group id (*optional*, default: 991)
-
-### Docker-compose
-
-#### Docker-compose.yml
-
-```
-selfoss:
-  image: hardware/selfoss
-  container_name: selfoss
-  ports:
-    - "80:80"
-  volumes:
-    - /mnt/docker/selfoss:/selfoss/data
-```
-
-#### Run !
-
-```
-docker-compose up -d
-```

selfoss/cron

@@ -1,2 +0,0 @@
-#!/bin/sh
-su - selfoss -c "php7 -f /selfoss/cliupdate.php" > /dev/null 2>&1

selfoss/nginx.conf

@@ -1,81 +0,0 @@
-user selfoss;
-worker_processes auto;
-pid /var/run/nginx.pid;
-daemon off;
-
-events {
-  worker_connections 1024;
-  use epoll;
-}
-
-http {
-
-  include /etc/nginx/mime.types;
-  default_type application/octet-stream;
-
-  access_log /var/log/nginx/access.log combined;
-  error_log /var/log/nginx/error.log error;
-
-  sendfile on;
-  keepalive_timeout 15;
-  keepalive_disable msie6;
-  keepalive_requests 100;
-  tcp_nopush on;
-  tcp_nodelay off;
-  server_tokens off;
-
-  gzip on;
-  gzip_comp_level 5;
-  gzip_min_length 512;
-  gzip_buffers 4 8k;
-  gzip_proxied any;
-  gzip_vary on;
-  gzip_disable "msie6";
-  gzip_types
-    text/css
-    text/javascript
-    text/xml
-    text/plain
-    text/x-component
-    application/javascript
-    application/x-javascript
-    application/json
-    application/xml
-    application/rss+xml
-    application/vnd.ms-fontobject
-    font/truetype
-    font/opentype
-    image/svg+xml;
-
-  server {
-    listen 80;
-    root /selfoss;
-    index index.php;
-    charset utf-8;
-
-    location ~ ^/favicons/.*$ {
-      try_files $uri /data/$uri;
-    }
-
-    location ~ ^/thumbnails/.*$ {
-      try_files $uri /data/$uri;
-    }
-
-    location ~* ^/(data\/logs|data\/sqlite|config\.ini|\.ht) {
-      deny all;
-    }
-
-    location / {
-      try_files $uri /public/$uri /index.php$is_args$args;
-    }
-
-    location ~* \.php$ {
-      try_files $uri =404;
-      fastcgi_index index.php;
-      fastcgi_pass unix:/var/run/php-fpm.sock;
-      fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
-      include /etc/nginx/fastcgi_params;
-    }
-  }
-
-}

selfoss/php-fpm.conf

@@ -1,16 +0,0 @@
-[global]
-daemonize = no
-
-[www]
-user = selfoss
-group = selfoss
-listen = /var/run/php-fpm.sock
-listen.owner = selfoss
-listen.group = selfoss
-pm = dynamic
-pm.max_children = 5
-pm.start_servers = 2
-pm.min_spare_servers = 1
-pm.max_spare_servers = 3
-chdir = /
-request_terminate_timeout = 300

selfoss/startup

@@ -1,26 +0,0 @@
-#!/bin/sh
-
-# Create user and set permission
-addgroup -g ${GID} selfoss && adduser -h /selfoss -s /bin/sh -D -G selfoss -u ${UID} selfoss
-
-# Selfoss custom configuration file
-sed -i "s/lkjl1289/`cat \/dev\/urandom | tr -dc 'a-zA-Z' | fold -w 20 | head -n 1`/g" /selfoss/defaults.ini
-rm /selfoss/config.ini
-
-if [ -e /selfoss/data/config.ini ]; then
-  cp /selfoss/data/config.ini /selfoss/config.ini
-else
-  cp /selfoss/defaults.ini /selfoss/data/config.ini
-  cp /selfoss/defaults.ini /selfoss/config.ini
-fi
-
-# Init data dir
-if [ ! "$(ls -Ad /selfoss/data/*/)" ]; then
-   cd /selfoss/data/ && mkdir cache favicons logs sqlite thumbnails
-fi
-
-# Set permissions
-chown -R selfoss:selfoss /selfoss /var/run/php-fpm.sock /var/lib/nginx /tmp
-
-# RUN !
-supervisord -c /etc/supervisor/supervisord.conf

selfoss/supervisord.conf

@@ -1,11 +0,0 @@
-[supervisord]
-nodaemon=true
-
-[program:cron]
-command=crond -f
-
-[program:php-fpm]
-command=php-fpm7
-
-[program:nginx]
-command=nginx