mirror/dockerpress
1
0
Fork 0
mirror of https://github.com/luizeof/dockerpress.git synced 2026-06-19 07:37:10 +00:00
Code Issues Packages Projects Releases Wiki Activity

start

Browse Source
This commit is contained in:
luizeof
2022-03-07 09:00:41 -08:00
parent e8fadcea7a
commit f8b60f43e5
8 changed files with 495 additions and 189 deletions
Download Patch File Download Diff File Expand all files Collapse all files
Dockerfile
+141 -84
View File
@@ -1,8 +1,8 @@
FROM php:7.4-apache
FROM bitnami/minideb:buster
LABEL name="DockerPress"
LABEL version="2.2.0"
LABEL release="2021-10-05"
LABEL version="3.0.0"
LABEL release="2022-03-07"
# ENV Defaults
ENV WP_CLI_CACHE_DIR "/var/www/.wp-cli/cache/"
@@ -15,6 +15,15 @@ ENV CRON_MEDIA_REGENERATE 1
ENV CRON_CLEAR_TRANSIENT 1
ENV WP_DEBUG false
ENV WORDPRESS_DB_PORT 3306
ENV APT_KEY_DONT_WARN_ON_DANGEROUS_USAGE="1"
ENV DEBIAN_FRONTEND="noninteractive"
# HTTP port
EXPOSE "80/tcp"
# Webadmin port (HTTPS)
EXPOSE "7080/tcp"
# Install System Libraries
RUN apt-get update \
@@ -81,103 +90,144 @@ RUN apt-get update \
&& rm -rf /var/lib/apt/lists/* \
&& sudo apt-get clean
# Configure PHP and System Libraries
RUN docker-php-ext-configure gd --with-freetype --with-jpeg
# Make sure we have required tools
RUN install_packages \
"curl" \
"gnupg"
RUN docker-php-ext-install -j "$(nproc)" \
bcmath \
exif \
gd \
pdo \
intl \
xml \
pdo_mysql \
soap \
opcache \
mysqli \
opcache \
zip
# Install the Litespeed keys
RUN curl --silent --show-error \
"http://rpms.litespeedtech.com/debian/lst_debian_repo.gpg" |\
apt-key add -
RUN printf "\n" | printf "\n" | pecl install redis \
; \
pecl install imagick \
apcu \
memcached
RUN curl --silent --show-error \
"http://rpms.litespeedtech.com/debian/lst_repo.gpg" |\
apt-key add -
RUN docker-php-ext-enable imagick \
bcmath \
redis \
opcache \
apcu \
memcached
# Install the Litespeed repository
RUN \
echo "deb http://rpms.litespeedtech.com/debian/ buster main" > "/etc/apt/sources.list.d/openlitespeed.list"
# Install the Litespeed
RUN install_packages \
"openlitespeed" && \
echo "cloud-docker" > "/usr/local/lsws/PLAT"
# Install PageSpeed module
RUN install_packages \
"ols-pagespeed"
# Install the PHP
RUN install_packages \
"lsphp80"
# Install PHP modules
RUN install_packages \
"lsphp80-apcu" \
"lsphp80-common" \
"lsphp80-curl" \
"lsphp80-igbinary" \
"lsphp80-imagick" \
"lsphp80-imap" \
"lsphp80-intl" \
"lsphp80-ldap" \
"lsphp80-memcached" \
"lsphp80-msgpack" \
"lsphp80-mysql" \
"lsphp80-opcache" \
"lsphp80-pear" \
"lsphp80-pgsql" \
"lsphp80-pspell" \
"lsphp80-redis" \
"lsphp80-sqlite3" \
"lsphp80-tidy"
# Set the default PHP CLI
RUN ln --symbolic --force \
"/usr/local/lsws/lsphp80/bin/lsphp" \
"/usr/local/lsws/fcgi-bin/lsphp5"
RUN ln --symbolic --force \
"/usr/local/lsws/lsphp80/bin/php8.0" \
"/usr/bin/php"
# Install the certificates
RUN install_packages \
"ca-certificates"
# Install requirements
RUN install_packages \
"procps" \
"tzdata"
# Create the directories
RUN mkdir --parents \
"/tmp/lshttpd/gzcache" \
"/tmp/lshttpd/pagespeed" \
"/tmp/lshttpd/stats" \
"/tmp/lshttpd/swap" \
"/tmp/lshttpd/upload" \
"/var/log/litespeed"
# Make sure logfiles exist
RUN touch \
"/var/log/litespeed/server.log" \
"/var/log/litespeed/access.log"
# Make sure we have access to files
RUN chown --recursive "lsadm:lsadm" \
"/tmp/lshttpd" \
"/var/log/litespeed"
# Configure the admin interface
COPY --chown="lsadm:lsadm" \
"litespeed/config/admin_config.conf" \
"/usr/local/lsws/admin/conf/admin_config.conf"
# Configure the server
COPY --chown="lsadm:lsadm" \
"litespeed/config/httpd_config.conf" \
"/usr/local/lsws/conf/httpd_config.conf"
# Create the virtual host folders
RUN mkdir --parents \
"/usr/local/lsws/conf/vhosts/container" \
"/var/www/container" \
"/var/www/container/web" \
"/var/www/container/tmp"
# Configure the virtual host
COPY --chown="lsadm:lsadm" \
"litespeed/config/vhconf.conf" \
"/usr/local/lsws/conf/vhosts/container/vhconf.conf"
# Set up the virtual host configuration permissions
RUN chown --recursive "lsadm:lsadm" \
"/usr/local/lsws/conf/vhosts/container"
# Set up the virtual host document root permissions
RUN chown --recursive "www-data:www-data" \
"/var/www/container"
RUN chown "www-data:www-data" \
"/var/www"
RUN apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false \
; \
rm -rf /var/lib/apt/lists/*
# set recommended opcache settings
RUN { \
echo 'opcache.memory_consumption=768'; \
echo 'opcache.interned_strings_buffer=16'; \
echo 'opcache.max_accelerated_files=99999'; \
echo 'opcache.revalidate_freq=2'; \
echo 'opcache.fast_shutdown=1'; \
} > /usr/local/etc/php/conf.d/opcache-recommended.ini
# set recommended PHP.ini settings
RUN { \
echo 'file_uploads=On'; \
echo 'upload_max_filesize=256M'; \
echo 'post_max_size=256M'; \
echo 'max_execution_time=300'; \
echo 'memory_limit=512M'; \
echo 'expose_php=Off'; \
} > /usr/local/etc/php/conf.d/php73-recommended.ini
# https://wordpress.org/support/article/editing-wp-config-php/#configure-error-logging
RUN { \
echo 'error_reporting = E_ERROR | E_WARNING | E_PARSE | E_CORE_ERROR | E_CORE_WARNING | E_COMPILE_ERROR | E_COMPILE_WARNING | E_RECOVERABLE_ERROR'; \
echo 'display_errors=Off'; \
echo 'display_startup_errors=Off'; \
echo 'log_errors=On'; \
echo 'error_log=/dev/stderr'; \
echo 'log_errors_max_len=1024'; \
echo 'ignore_repeated_errors=On'; \
echo 'ignore_repeated_source=Off'; \
echo 'html_errors=Off'; \
} > /usr/local/etc/php/conf.d/error-logging.ini
# Enable apache modules
RUN a2enmod setenvif \
headers \
security2 \
deflate \
filter \
expires \
rewrite \
include \
ext_filter
# Default Volume for Apache
VOLUME /var/www/html
VOLUME /var/www/container/html
# Copy Apache Configs
COPY apache/conf/dockerpress.conf /etc/apache2/conf-available/dockerpress.conf
COPY apache/conf/mozilla-observatory.conf /etc/apache2/conf-available/mozilla-observatory.conf
VOLUME /tmp/lshttpd
# Enable Apache Configs
RUN a2enconf dockerpress
VOLUME /var/log/litespeed
# Installing Apache mod-pagespeed
RUN curl -o /home/mod-pagespeed-beta_current_amd64.deb https://dl-ssl.google.com/dl/linux/direct/mod-pagespeed-beta_current_amd64.deb
RUN dpkg -i /home/mod-pagespeed-*.deb
RUN apt-get -f install
COPY wordpress/.htaccess /var/www/.htaccess-template
COPY wordpress/wp-config-sample.php /var/www/wp-config-sample.php
# Copy commands
COPY bin/* /usr/local/bin/
# Fix Permissions
RUN chmod -R +777 /usr/local/bin/
@@ -200,6 +250,13 @@ RUN chmod +x /usr/local/bin/entrypoint.sh
# Default Port for Apache
EXPOSE 80
# Set the workdir and command
ENV PATH="/usr/local/lsws/bin:${PATH}"
WORKDIR "/var/www/container"
STOPSIGNAL "SIGTERM"
ENTRYPOINT ["entrypoint.sh"]
CMD ["apache2-foreground"]
apache/conf/dockerpress.conf
-52
View File
@@ -1,52 +0,0 @@
<filesMatch ".(ico|pdf|flv|jpg|svg|jpeg|png|gif|js|css|swf)$">
Header set Cache-Control "max-age=8400600, public"
</filesMatch>
<IfModule mod_expires.c>
ExpiresActive On
ExpiresByType image/jpg "access 1 year"
ExpiresByType image/jpeg "access 1 year"
ExpiresByType image/gif "access 1 year"
ExpiresByType image/png "access 1 year"
ExpiresByType text/css "access 1 month"
ExpiresByType application/pdf "access 1 month"
ExpiresByType application/javascript "access 1 month"
ExpiresByType text/x-javascript "access 1 month"
ExpiresByType application/x-javascript "access 1 month"
ExpiresByType application/x-shockwave-flash "access 1 month"
ExpiresByType image/x-icon "access 1 year"
ExpiresByType image/svg "access 1 year"
ExpiresByType image/svg+xml "access 1 year"
ExpiresDefault "access 1 month"
</IfModule>
<IfModule mod_deflate.c>
AddOutputFilterByType DEFLATE application/javascript
AddOutputFilterByType DEFLATE application/rss+xml
AddOutputFilterByType DEFLATE application/vnd.ms-fontobject
AddOutputFilterByType DEFLATE application/x-font
AddOutputFilterByType DEFLATE application/x-font-opentype
AddOutputFilterByType DEFLATE application/x-font-otf
AddOutputFilterByType DEFLATE application/x-font-truetype
AddOutputFilterByType DEFLATE application/x-font-ttf
AddOutputFilterByType DEFLATE application/x-javascript
AddOutputFilterByType DEFLATE application/xhtml+xml
AddOutputFilterByType DEFLATE application/xml
AddOutputFilterByType DEFLATE font/opentype
AddOutputFilterByType DEFLATE font/otf
AddOutputFilterByType DEFLATE font/ttf
AddOutputFilterByType DEFLATE image/svg+xml
AddOutputFilterByType DEFLATE image/x-icon
AddOutputFilterByType DEFLATE text/css
AddOutputFilterByType DEFLATE text/html
AddOutputFilterByType DEFLATE text/javascript
AddOutputFilterByType DEFLATE text/plain
AddOutputFilterByType DEFLATE text/xml
BrowserMatch ^Mozilla/4 gzip-only-text/html
BrowserMatch ^Mozilla/4\.0[678] no-gzip
BrowserMatch \bMSIE !no-gzip !gzip-only-text/html
Header append Vary User-Agent
</IfModule>
ServerSignature Off
ServerTokens Prod
apache/conf/mozilla-observatory.conf
-27
View File
@@ -1,27 +0,0 @@
<IfModule mod_headers.c>
# Pre-existing site that uses too much inline code to fix
# but wants to ensure resources are loaded only over https and disable plugins
Header set Content-Security-Policy "default-src *; object-src 'none'"
#This directive will add the CORS header for all resources in the directory from any website.
Header set Access-Control-Allow-Origin "*"
# Prevent browsers from incorrectly detecting non-scripts as scripts
Header set X-Content-Type-Options "nosniff"
# Block pages from loading when they detect reflected XSS attacks
Header set X-XSS-Protection "1; mode=block"
# Permissions-Policy header
Header set Permissions-Policy "geolocation=(), midi=(), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), fullscreen=(self), payment=()"
# X-Frame-Options header
Header set X-Frame-Options "SAMEORIGIN"
Header set Content-Security-Policy "upgrade-insecure-requests"
Header set Strict-Transport-Security "max-age=63072000; includeSubDomains; preload"
# Clickjacking protection, using frame-ancestors
Header set Content-Security-Policy "frame-ancestors 'self';"
</IfModule>
entrypoint.sh
+33 -16
View File
@@ -1,7 +1,23 @@
#!/bin/bash
# Force this for PHP 7.4 compatibility
docker-php-ext-enable imagick
# Start the LiteSpeed
/usr/local/lsws/bin/litespeed
function finish()
{
/usr/local/lsws/bin/lswsctrl "stop"
pkill "tail"
}
trap cleanup SIGTERM
# Update the credentials
if [ -n "${ADMIN_PASSWORD}" ]
then
ENCRYPT_PASSWORD="$(/usr/local/lsws/admin/fcgi-bin/admin_php -q '/usr/local/lsws/admin/misc/htpasswd.php' "${ADMIN_PASSWORD}")"
echo "admin:${ENCRYPT_PASSWORD}" >'/usr/local/lsws/admin/conf/htpasswd'
echo "WebAdmin user/password is admin/${ADMIN_PASSWORD}" >'/usr/local/lsws/adminpasswd'
fi
#### Setting Up Env
@@ -85,19 +101,19 @@ else
mysql --no-defaults -h $WORDPRESS_DB_HOST --port $WORDPRESS_DB_PORT -u $WORDPRESS_DB_USER -p$WORDPRESS_DB_PASSWORD -e "CREATE DATABASE IF NOT EXISTS $WORDPRESS_DB_NAME;"
fi
chown -R www-data:www-data /var/www/html/
chown -R www-data:www-data /var/www/container/html
if [ ! -e wp-config.php ]; then
echo "Wordpress not found, downloading latest version ..."
wp core download --locale=$WP_LOCALE --path=/var/www/html
wp core download --locale=$WP_LOCALE --path=/var/www/container/html
echo "Creating wp-config.file ..."
cp /var/www/wp-config-sample.php /var/www/html/wp-config.php
cp /var/www/wp-config-sample.php /var/www/container/html/wp-config.php
chown www-data:www-data /var/www/html/wp-config.php
chown www-data:www-data /var/www/container/html/wp-config.php
echo "Shuffling wp-config.php salts ..."
@@ -122,7 +138,7 @@ if [ ! -e wp-config.php ]; then
--admin_password=dockerpress \
--admin_email=$ADMIN_EMAIL \
--skip-email \
--path=/var/www/html
--path=/var/www/container/html
# Updating Plugins ...
echo "Updating plugins ..."
@@ -196,20 +212,14 @@ echo "CRON: Enabling Action Scheduler ..."
echo '*/2 * * * * root /usr/local/bin/wpcli-run-schedule ' >>/etc/cron.d/dockerpress
echo '*/3 * * * * root /usr/local/bin/wpcli-run-actionscheduler ' >>/etc/cron.d/dockerpress
if [ ! -e /var/www/html/.htaccess ]; then
echo ".htaccess not found, copying now ..."
cp -f /var/www/.htaccess-template /var/www/html/.htaccess
chown www-data:www-data /var/www/html/.htaccess
fi
# Redis Cache
if [ -n "$WP_REDIS_HOST" ]; then
echo "Enabling Redis Cache ..."
rm -f /var/www/html/wp-content/object-cache.php
rm -f /var/www/container/html/wp-content/object-cache.php
wp plugin install redis-cache --force --activate
wp redis update-dropin
wp redis enable
chmod +777 /var/www/html/wp-content/object-cache.php
chmod +777 /var/www/container/html/wp-content/object-cache.php
fi
# Enabling WPVULN Daily Report
@@ -248,10 +258,17 @@ service apache2 reload
service cron reload
chown -R www-data:www-data /var/www/html/
chown -R www-data:www-data /var/www/container/html
wp core verify-checksums
sysvbanner dockerpress
# Read the credentials
cat '/usr/local/lsws/adminpasswd'
# Tail the logs to stdout
tail -f \
'/var/log/litespeed/server.log'
exec "$@"
litespeed/config/admin_config.conf
+23
View File
@@ -0,0 +1,23 @@
enableCoreDump 0
sessionTimeout 3600
errorlog /var/log/litespeed/admin-error.log {
useServer 1
logLevel INFO
rollingSize 10M
}
accesslog /var/log/litespeed/admin-access.log {
useServer 1
rollingSize 10M
keepDays 90
}
accessControl {
allow ALL
}
listener adminListener {
address *:7080
secure 0
}
litespeed/config/httpd_config.conf
+259
View File
@@ -0,0 +1,259 @@
#
# PLAIN TEXT CONFIGURATION FILE
#
#It not set, will use host name as serverName
user nobody
group nogroup
priority 0
cpuAffinity 0
enableLVE 0
inMemBufSize 64M
swappingDir /tmp/lshttpd/swap
autoFix503 1
enableh2c 1
gracefulRestartTimeout 300
statDir /tmp/lshttpd/stats
mime conf/mime.properties
disableInitLogRotation 1
showVersionNumber 0
enableIpGeo 0
useIpInProxyHeader 3
adminEmails root@localhost
errorlog /var/log/litespeed/server.log {
logLevel NOTICE
debugLevel 0
rollingSize 10M
enableStderrLog 1
}
accesslog /var/log/litespeed/access.log {
rollingSize 10M
keepDays 30
compressArchive 0
}
indexFiles index.html, index.php
autoIndex 0
expires {
enableExpires 1
expiresByType image/*=A604800,text/css=A604800,application/x-javascript=A604800,application/javascript=A604800,font/*=A604800,application/x-font-ttf=A604800
}
autoLoadHtaccess 1
uploadTmpDir /tmp/lshttpd/upload
uploadTmpFilePermission 640
tuning {
shmDefaultDir /dev/shm
maxConnections 10000
maxSSLConnections 10000
connTimeout 300
maxKeepAliveReq 10000
keepAliveTimeout 5
sndBufSize 0
rcvBufSize 0
maxReqURLLen 32768
maxReqHeaderSize 65536
maxReqBodySize 2047M
maxDynRespHeaderSize 32768
maxDynRespSize 2047M
maxCachedFileSize 4096
totalInMemCacheSize 32M
maxMMapFileSize 256K
totalMMapCacheSize 64M
useSendfile 1
fileETag 28
enableGzipCompress 1
compressibleTypes text/*, application/x-javascript, application/xml, application/javascript, image/svg+xml, application/rss+xml
enableDynGzipCompress 1
gzipCompressLevel 6
gzipAutoUpdateStatic 1
gzipStaticCompressLevel 6
brStaticCompressLevel 6
gzipCacheDir /tmp/lshttpd/gzcache
gzipMaxFileSize 10M
gzipMinFileSize 300
sslStrongDhKey 1
sslEnableMultiCerts 1
sslSessionCache 1
sslSessionCacheSize 1000000
sslSessionCacheTimeout 3600
sslSessionTickets 1
sslSessionTicketLifetime 216000
quicEnable 1
quicShmDir /dev/shm
quicCfcw 2M
quicSfcw 1M
quicMaxStreams 100
quicHandshakeTimeout 10
quicIdleTimeout 30
}
fileAccessControl {
followSymbolLink 1
checkSymbolLink 0
forceStrictOwnership 0
requiredPermissionMask 000
restrictedPermissionMask 000
}
perClientConnLimit {
staticReqPerSec 0
dynReqPerSec 0
outBandwidth 0
inBandwidth 0
softLimit 10000
hardLimit 10000
gracePeriod 15
banPeriod 300
}
CGIRLimit {
maxCGIInstances 20
minUID 11
minGID 10
priority 0
CPUSoftLimit 10
CPUHardLimit 50
memSoftLimit 1460M
memHardLimit 1470M
procSoftLimit 400
procHardLimit 450
}
accessDenyDir {
dir /
dir /etc/*
dir /dev/*
dir conf/*
dir admin/conf/*
}
accessControl {
allow ALL
}
extprocessor PHP-7.4 {
type lsapi
address uds:///tmp/lshttpd/lsphp74.sock
maxConns 10
env PHP_LSAPI_CHILDREN=10
env LSAPI_AVOID_FORK=200M
initTimeout 60
retryTimeout 0
persistConn 1
respBuffer 0
autoStart 2
path lsphp74/bin/lsphp
backlog 100
instances 1
priority 0
memSoftLimit 2047M
memHardLimit 2047M
procSoftLimit 1400
procHardLimit 1500
}
scripthandler {
add lsapi:PHP-7.4 php
}
railsDefaults {
maxConns 1
env LSAPI_MAX_IDLE=60
initTimeout 60
retryTimeout 0
pcKeepAliveTimeout 60
respBuffer 0
backlog 50
runOnStartUp 3
extMaxIdleTime 300
priority 3
memSoftLimit 2047M
memHardLimit 2047M
procSoftLimit 500
procHardLimit 600
}
wsgiDefaults {
maxConns 5
env LSAPI_MAX_IDLE=60
initTimeout 60
retryTimeout 0
pcKeepAliveTimeout 60
respBuffer 0
backlog 50
runOnStartUp 3
extMaxIdleTime 300
priority 3
memSoftLimit 2047M
memHardLimit 2047M
procSoftLimit 500
procHardLimit 600
}
nodeDefaults {
maxConns 5
env LSAPI_MAX_IDLE=60
initTimeout 60
retryTimeout 0
pcKeepAliveTimeout 60
respBuffer 0
backlog 50
runOnStartUp 3
extMaxIdleTime 300
priority 3
memSoftLimit 2047M
memHardLimit 2047M
procSoftLimit 500
procHardLimit 600
}
module uploadprogress {
ls_enabled 1
}
module cache {
internal 1
checkPrivateCache 1
checkPublicCache 1
maxCacheObjSize 10000000
maxStaleAge 200
qsCache 1
reqCookieCache 1
respCookieCache 1
ignoreReqCacheCtrl 1
ignoreRespCacheCtrl 0
enableCache 1
expireInSeconds 3600
enablePrivateCache 1
privateExpireInSeconds 3600
ls_enabled 1
}
module modpagespeed {
pagespeed off
pagespeed FileCachePath /tmp/lshttpd/pagespeed
pagespeed RewriteLevel CoreFilters
ls_enabled 0
}
virtualhost container {
vhRoot /var/www/container/
configFile $SERVER_ROOT/conf/vhosts/$VH_NAME/vhconf.conf
allowSymbolLink 1
enableScript 1
restrained 1
setUIDMode 2
user www-data
group www-data
}
listener HTTP {
address *:80
secure 0
map container *
}
litespeed/config/vhconf.conf
+39
View File
@@ -0,0 +1,39 @@
docRoot $VH_ROOT/web
adminEmails root@localhost
enableGzip 1
enableIpGeo 1
cgroups 0
errorlog /var/log/litespeed/container-error.log {
useServer 1
logLevel INFO
rollingSize 20M
}
accesslog /var/log/litespeed/container-access.log {
useServer 1
rollingSize 50M
keepDays 30
}
index {
useServer 1
autoIndex 0
}
scripthandler {
add lsapi:PHP-7.4 php
}
uploadTmpDir $VH_ROOT/tmp
uploadTmpFilePermission 640
rewrite {
enable 1
autoLoadHtaccess 1
}
context /progress/ {
type module
handler uploadprogress
addDefaultCharset off
}
wordpress/.htaccess
-10
View File
@@ -1,10 +0,0 @@
# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
# END WordPress