privatebin: use nginx-php as underlying image

privatebin/Dockerfile

@@ -1,36 +1,30 @@
-FROM alpine:3.5
+FROM wonderfall/nginx-php
 
-ENV GID=991 UID=991
+ARG PRIVATEBIN_VER=1.1
+
+ENV GID=991 UID=991 \
+    UPLOAD_MAX_SIZE=10M \
+    MEMORY_LIMIT=128M
 
 RUN echo " https://nl.alpinelinux.org/alpine/edge/testing" >> /etc/apk/repositories \
  && BUILD_DEPS="tar libressl ca-certificates" \
- && apk -U upgrade && apk add \
+ && apk -U upgrade && apk add $BUILD_DEPS \
-    $BUILD_DEPS \
+ && mkdir privatebin && cd privatebin \
-    nginx \
+ && wget -qO- https://github.com/PrivateBin/PrivateBin/archive/${PRIVATEBIN_VER}.tar.gz | tar xz --strip 1 \
-    s6 \
-    su-exec \
-    php7-fpm \
-    php7-gd \
-    php7-mcrypt \
-    php7-json \
-    php7-zlib \
- && mkdir zerobin && cd zerobin \
- && wget -qO- https://github.com/PrivateBin/PrivateBin/archive/master.tar.gz | tar xz --strip 1 \
  && mv cfg/conf.ini.sample cfg/conf.ini \
  && apk del $BUILD_DEPS \
  && rm -f /var/cache/apk/*
 
-COPY nginx.conf /etc/nginx/nginx.conf
+COPY rootfs /
-COPY php-fpm.conf /etc/php7/php-fpm.conf
-COPY run.sh /usr/local/bin/run.sh
-COPY s6.d /etc/s6.d
 
 RUN chmod +x /usr/local/bin/run.sh /etc/s6.d/*/* /etc/s6.d/.s6-svscan/*
 
-VOLUME /zerobin/data
+VOLUME /zerobin/data /php/session
 
 EXPOSE 8888
 
-LABEL maintainer="Wonderfall <wonderfall@targaryen.house>"
+LABEL maintainer="Wonderfall <wonderfall@targaryen.house>" \
+      description="A minimalist, open source online pastebin where the server has zero knowledge of pasted data" \
+      version="PrivateBin 1.1"
 
 CMD ["run.sh"]

privatebin/README.md

@@ -3,16 +3,21 @@
 Paste securely.
 
 #### Features
-- Based on Alpine Linux.
+- Based on Alpine Linux (wonderfall/nginx-php image)
 - Uses [PrivateBin](https://github.com/PrivateBin/PrivateBin), originally a fork of zerobin by elrido.
-- Bundled with nginx and PHP7.
+- Bundled with nginx and PHP7.1.
+
+#### Build-time variables
+- **PRIVATEBIN_VER** : version of PrivateBin
 
 #### Environment variables
 - **UID** : zerobin user id
 - **GID** : zerobin group id
+- **MEMORY_LIMIT** : php memory limit *(default : 128M)*
+- **UPLOAD_MAX_SIZE** : maximum upload size *(default : 10M)*
 
 #### Volumes
-- **/zerobin/data**
+- **/privatebin/data**
 
 #### Ports
 - **8888** [(reverse proxy!)](https://github.com/hardware/mailserver/wiki/Reverse-proxy-configuration)

privatebin/nginx.conf

@@ -1,89 +0,0 @@
-worker_processes auto;
-pid /tmp/nginx.pid;
-daemon off;
-
-events {
-    worker_connections 1024; 
-    use epoll;
-}
-
-http {
-    include /etc/nginx/mime.types;
-    default_type  application/octet-stream;
-
-    access_log off;
-    error_log /tmp/ngx_error.log error;
-    
-    sendfile on;
-    keepalive_timeout 15;
-    keepalive_disable msie6;
-    keepalive_requests 100;
-    tcp_nopush on;
-    tcp_nodelay on;
-    server_tokens off;
-
-    fastcgi_temp_path /tmp/fastcgi 1 2;
-    client_body_temp_path /tmp/client_body 1 2;
-    proxy_temp_path /tmp/proxy 1 2;
-    uwsgi_temp_path /tmp/uwsgi 1 2;
-    scgi_temp_path /tmp/scgi 1 2;
-    
-    gzip on;
-    gzip_comp_level 5;
-    gzip_min_length 512;
-    gzip_buffers 4 8k;
-    gzip_proxied any;
-    gzip_vary on;
-    gzip_disable "msie6";
-    gzip_types
-        text/css
-        text/javascript
-        text/xml
-        text/plain
-        text/x-component
-        application/javascript
-        application/x-javascript
-        application/json
-        application/xml
-        application/rss+xml
-        application/vnd.ms-fontobject
-        font/truetype
-        font/opentype
-        image/svg+xml;
-
-    server {
-    	listen 8888;
-    	root /zerobin;
-    	index index.php index.html;
-
-    	location ~* \.(jpg|jpeg|gif|css|png|js|map|woff|woff2|ttf|svg|eot)$ {
-    		expires 30d;
-    		access_log off;
-	}
-
-        location ~ ^/(data|cfg|tmp) {                                        
-            deny all;                                                        
-        }                                                                    
-                                                                             
-        location ~* /(.*)\.(?:markdown|md|twig|yaml|yml|ht|htaccess|ini)$ {  
-            deny all;                                                        
-        } 
-    
-        location ~ /\. {
-            deny all;
-        }
-
-    	location / {
-        	try_files $uri $uri/ /index.php;
-    	}
-
-	location ~ \.php$ {
-    		fastcgi_index index.php;
-    		fastcgi_pass unix:/tmp/php-fpm.sock;
-    		fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
-    		include /etc/nginx/fastcgi_params;
-	}
-
-    }
-
-}

privatebin/php-fpm.conf

@@ -1,11 +0,0 @@
-[global]
-daemonize = no
-
-[www]
-listen = /tmp/php-fpm.sock
-pm = dynamic
-pm.max_children = 5
-pm.start_servers = 2
-pm.min_spare_servers = 1
-pm.max_spare_servers = 3
-chdir = /

privatebin/rootfs/nginx/sites-enabled/nginx.conf

@@ -0,0 +1,33 @@
+server {
+        listen 8888;
+        root /privatebin;
+        index index.php index.html;
+
+        location ~* \.(jpg|jpeg|gif|css|png|js|map|woff|woff2|ttf|svg|eot)$ {
+            expires 30d;
+            access_log off;
+	}
+
+        location ~ ^/(data|cfg|tmp) {                                        
+            deny all;                                                        
+        }                                                                    
+                                                                             
+        location ~* /(.*)\.(?:markdown|md|twig|yaml|yml|ht|htaccess|ini)$ {  
+            deny all;                                                        
+        } 
+    
+        location ~ /\. {
+            deny all;
+        }
+
+        location / {
+	    try_files $uri $uri/ /index.php;
+        }
+
+	location ~ \.php$ {
+            fastcgi_index index.php;
+            fastcgi_pass unix:/php/run/php-fpm.sock;
+            fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
+            include /nginx/conf/fastcgi_params;
+	}
+}

privatebin/rootfs/usr/local/bin/run.sh

@@ -0,0 +1,6 @@
+#!/bin/sh
+sed -i -e "s/<UPLOAD_MAX_SIZE>/$UPLOAD_MAX_SIZE/g" /nginx/conf/nginx.conf /php/etc/php-fpm.conf \
+       -e "s/<MEMORY_LIMIT>/$MEMORY_LIMIT/g" /php/etc/php-fpm.conf
+
+chown -R $UID:$GID /privatebin /nginx /php /tmp /etc/s6.d
+exec su-exec $UID:$GID /bin/s6-svscan /etc/s6.d

privatebin/run.sh

@@ -1,3 +0,0 @@
-#!/bin/sh
-chown -R $UID:$GID /zerobin /etc/nginx /etc/php7 /var/log /var/lib/nginx /tmp /etc/s6.d
-exec su-exec $UID:$GID /bin/s6-svscan /etc/s6.d

privatebin/s6.d/.s6-svscan/finish

@@ -1,3 +0,0 @@
-#!/bin/sh
-
-exit 0

privatebin/s6.d/nginx/run

@@ -1,2 +0,0 @@
-#!/bin/sh
-exec nginx

privatebin/s6.d/php/run

@@ -1,2 +0,0 @@
-#!/bin/sh
-exec php-fpm7