From e1409accc158be81fc749b07d640f75b143626d7 Mon Sep 17 00:00:00 2001 From: Wonderfall Date: Sat, 29 Apr 2017 03:16:15 +0200 Subject: [PATCH] privatebin: use nginx-php as underlying image --- privatebin/Dockerfile | 34 +++---- privatebin/README.md | 11 ++- privatebin/nginx.conf | 89 ------------------- privatebin/php-fpm.conf | 11 --- .../rootfs/nginx/sites-enabled/nginx.conf | 33 +++++++ privatebin/rootfs/usr/local/bin/run.sh | 6 ++ privatebin/run.sh | 3 - privatebin/s6.d/.s6-svscan/finish | 3 - privatebin/s6.d/nginx/run | 2 - privatebin/s6.d/php/run | 2 - 10 files changed, 61 insertions(+), 133 deletions(-) delete mode 100644 privatebin/nginx.conf delete mode 100644 privatebin/php-fpm.conf create mode 100644 privatebin/rootfs/nginx/sites-enabled/nginx.conf create mode 100644 privatebin/rootfs/usr/local/bin/run.sh delete mode 100644 privatebin/run.sh delete mode 100644 privatebin/s6.d/.s6-svscan/finish delete mode 100644 privatebin/s6.d/nginx/run delete mode 100644 privatebin/s6.d/php/run diff --git a/privatebin/Dockerfile b/privatebin/Dockerfile index ce9d56a..0d74ea0 100644 --- a/privatebin/Dockerfile +++ b/privatebin/Dockerfile @@ -1,36 +1,30 @@ -FROM alpine:3.5 +FROM wonderfall/nginx-php -ENV GID=991 UID=991 +ARG PRIVATEBIN_VER=1.1 + +ENV GID=991 UID=991 \ + UPLOAD_MAX_SIZE=10M \ + MEMORY_LIMIT=128M RUN echo " https://nl.alpinelinux.org/alpine/edge/testing" >> /etc/apk/repositories \ && BUILD_DEPS="tar libressl ca-certificates" \ - && apk -U upgrade && apk add \ - $BUILD_DEPS \ - nginx \ - s6 \ - su-exec \ - php7-fpm \ - php7-gd \ - php7-mcrypt \ - php7-json \ - php7-zlib \ - && mkdir zerobin && cd zerobin \ - && wget -qO- https://github.com/PrivateBin/PrivateBin/archive/master.tar.gz | tar xz --strip 1 \ + && apk -U upgrade && apk add $BUILD_DEPS \ + && mkdir privatebin && cd privatebin \ + && wget -qO- https://github.com/PrivateBin/PrivateBin/archive/${PRIVATEBIN_VER}.tar.gz | tar xz --strip 1 \ && mv cfg/conf.ini.sample cfg/conf.ini \ && apk del $BUILD_DEPS \ && rm -f /var/cache/apk/* -COPY nginx.conf /etc/nginx/nginx.conf -COPY php-fpm.conf /etc/php7/php-fpm.conf -COPY run.sh /usr/local/bin/run.sh -COPY s6.d /etc/s6.d +COPY rootfs / RUN chmod +x /usr/local/bin/run.sh /etc/s6.d/*/* /etc/s6.d/.s6-svscan/* -VOLUME /zerobin/data +VOLUME /zerobin/data /php/session EXPOSE 8888 -LABEL maintainer="Wonderfall " +LABEL maintainer="Wonderfall " \ + description="A minimalist, open source online pastebin where the server has zero knowledge of pasted data" \ + version="PrivateBin 1.1" CMD ["run.sh"] diff --git a/privatebin/README.md b/privatebin/README.md index 4357d7e..a58fab5 100644 --- a/privatebin/README.md +++ b/privatebin/README.md @@ -3,16 +3,21 @@ Paste securely. #### Features -- Based on Alpine Linux. +- Based on Alpine Linux (wonderfall/nginx-php image) - Uses [PrivateBin](https://github.com/PrivateBin/PrivateBin), originally a fork of zerobin by elrido. -- Bundled with nginx and PHP7. +- Bundled with nginx and PHP7.1. + +#### Build-time variables +- **PRIVATEBIN_VER** : version of PrivateBin #### Environment variables - **UID** : zerobin user id - **GID** : zerobin group id +- **MEMORY_LIMIT** : php memory limit *(default : 128M)* +- **UPLOAD_MAX_SIZE** : maximum upload size *(default : 10M)* #### Volumes -- **/zerobin/data** +- **/privatebin/data** #### Ports - **8888** [(reverse proxy!)](https://github.com/hardware/mailserver/wiki/Reverse-proxy-configuration) diff --git a/privatebin/nginx.conf b/privatebin/nginx.conf deleted file mode 100644 index d827e50..0000000 --- a/privatebin/nginx.conf +++ /dev/null @@ -1,89 +0,0 @@ -worker_processes auto; -pid /tmp/nginx.pid; -daemon off; - -events { - worker_connections 1024; - use epoll; -} - -http { - include /etc/nginx/mime.types; - default_type application/octet-stream; - - access_log off; - error_log /tmp/ngx_error.log error; - - sendfile on; - keepalive_timeout 15; - keepalive_disable msie6; - keepalive_requests 100; - tcp_nopush on; - tcp_nodelay on; - server_tokens off; - - fastcgi_temp_path /tmp/fastcgi 1 2; - client_body_temp_path /tmp/client_body 1 2; - proxy_temp_path /tmp/proxy 1 2; - uwsgi_temp_path /tmp/uwsgi 1 2; - scgi_temp_path /tmp/scgi 1 2; - - gzip on; - gzip_comp_level 5; - gzip_min_length 512; - gzip_buffers 4 8k; - gzip_proxied any; - gzip_vary on; - gzip_disable "msie6"; - gzip_types - text/css - text/javascript - text/xml - text/plain - text/x-component - application/javascript - application/x-javascript - application/json - application/xml - application/rss+xml - application/vnd.ms-fontobject - font/truetype - font/opentype - image/svg+xml; - - server { - listen 8888; - root /zerobin; - index index.php index.html; - - location ~* \.(jpg|jpeg|gif|css|png|js|map|woff|woff2|ttf|svg|eot)$ { - expires 30d; - access_log off; - } - - location ~ ^/(data|cfg|tmp) { - deny all; - } - - location ~* /(.*)\.(?:markdown|md|twig|yaml|yml|ht|htaccess|ini)$ { - deny all; - } - - location ~ /\. { - deny all; - } - - location / { - try_files $uri $uri/ /index.php; - } - - location ~ \.php$ { - fastcgi_index index.php; - fastcgi_pass unix:/tmp/php-fpm.sock; - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - include /etc/nginx/fastcgi_params; - } - - } - -} diff --git a/privatebin/php-fpm.conf b/privatebin/php-fpm.conf deleted file mode 100644 index f636044..0000000 --- a/privatebin/php-fpm.conf +++ /dev/null @@ -1,11 +0,0 @@ -[global] -daemonize = no - -[www] -listen = /tmp/php-fpm.sock -pm = dynamic -pm.max_children = 5 -pm.start_servers = 2 -pm.min_spare_servers = 1 -pm.max_spare_servers = 3 -chdir = / diff --git a/privatebin/rootfs/nginx/sites-enabled/nginx.conf b/privatebin/rootfs/nginx/sites-enabled/nginx.conf new file mode 100644 index 0000000..8765f48 --- /dev/null +++ b/privatebin/rootfs/nginx/sites-enabled/nginx.conf @@ -0,0 +1,33 @@ +server { + listen 8888; + root /privatebin; + index index.php index.html; + + location ~* \.(jpg|jpeg|gif|css|png|js|map|woff|woff2|ttf|svg|eot)$ { + expires 30d; + access_log off; + } + + location ~ ^/(data|cfg|tmp) { + deny all; + } + + location ~* /(.*)\.(?:markdown|md|twig|yaml|yml|ht|htaccess|ini)$ { + deny all; + } + + location ~ /\. { + deny all; + } + + location / { + try_files $uri $uri/ /index.php; + } + + location ~ \.php$ { + fastcgi_index index.php; + fastcgi_pass unix:/php/run/php-fpm.sock; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + include /nginx/conf/fastcgi_params; + } +} diff --git a/privatebin/rootfs/usr/local/bin/run.sh b/privatebin/rootfs/usr/local/bin/run.sh new file mode 100644 index 0000000..277b834 --- /dev/null +++ b/privatebin/rootfs/usr/local/bin/run.sh @@ -0,0 +1,6 @@ +#!/bin/sh +sed -i -e "s//$UPLOAD_MAX_SIZE/g" /nginx/conf/nginx.conf /php/etc/php-fpm.conf \ + -e "s//$MEMORY_LIMIT/g" /php/etc/php-fpm.conf + +chown -R $UID:$GID /privatebin /nginx /php /tmp /etc/s6.d +exec su-exec $UID:$GID /bin/s6-svscan /etc/s6.d diff --git a/privatebin/run.sh b/privatebin/run.sh deleted file mode 100644 index 3fa0485..0000000 --- a/privatebin/run.sh +++ /dev/null @@ -1,3 +0,0 @@ -#!/bin/sh -chown -R $UID:$GID /zerobin /etc/nginx /etc/php7 /var/log /var/lib/nginx /tmp /etc/s6.d -exec su-exec $UID:$GID /bin/s6-svscan /etc/s6.d diff --git a/privatebin/s6.d/.s6-svscan/finish b/privatebin/s6.d/.s6-svscan/finish deleted file mode 100644 index c52d3c2..0000000 --- a/privatebin/s6.d/.s6-svscan/finish +++ /dev/null @@ -1,3 +0,0 @@ -#!/bin/sh - -exit 0 diff --git a/privatebin/s6.d/nginx/run b/privatebin/s6.d/nginx/run deleted file mode 100644 index eaf8049..0000000 --- a/privatebin/s6.d/nginx/run +++ /dev/null @@ -1,2 +0,0 @@ -#!/bin/sh -exec nginx diff --git a/privatebin/s6.d/php/run b/privatebin/s6.d/php/run deleted file mode 100644 index e238021..0000000 --- a/privatebin/s6.d/php/run +++ /dev/null @@ -1,2 +0,0 @@ -#!/bin/sh -exec php-fpm7