Commit edce1048 authored by ale's avatar ale

Use the docker-apache2-base image

parent cfa768b0
Pipeline #932 passed with stages
in 1 minute and 40 seconds
FROM bitnami/minideb:stretch
FROM registry.git.autistici.org/ai3/docker-apache2-base:master
COPY noblogs /opt/noblogs/www
COPY wp-config.php /opt/noblogs/www/wp-config.php
......@@ -6,5 +6,5 @@ COPY conf /tmp/conf
COPY build.sh /tmp/build.sh
RUN /tmp/build.sh && rm /tmp/build.sh
EXPOSE 83
EXPOSE 8083
ENTRYPOINT ["/usr/local/bin/chaperone"]
......@@ -15,59 +15,36 @@ BUILD_PACKAGES="rsync"
# We have to keep the python3 packages around in order to run
# chaperone (installed via pip).
PACKAGES="
apache2
apache-exporter
libapache2-mod-removeip
libapache2-mod-xsendfile
libapache2-mod-security2
modsecurity-crs
php-cli
php-fpm
php-mysql
php-gd
php-memcache
php-mcrypt
python3-pip
python3-setuptools
python3-wheel
"
# Apache modules to enable.
# Additional Apache modules to enable.
APACHE_MODULES_ENABLE="
headers
proxy_fcgi
removeip
rewrite
security2
setenvif
xsendfile
"
export APACHE_MODULES_ENABLE
# Apache modules that are enabled by default by the Debian package,
# and that we want to disable.
APACHE_MODULES_DISABLE="
ssl
"
# Config snippets to enable for Apache.
# Additional config snippets to enable for Apache.
APACHE_CONFIG_ENABLE="
metrics
php7.0-fpm
"
# Config snippets to disable.
APACHE_CONFIG_DISABLE="
other-vhosts-access-log
serve-cgi-bin
"
export APACHE_CONFIG_ENABLE
# Sites to enable.
APACHE_SITES="
noblogs.org
noblogs.ai-cdn.net
"
export APACHE_SITES
export APACHE_PORT=8083
# The default bitnami/minideb image defines an 'install_packages'
# command which is just a convenient helper. Define our own in
......@@ -80,12 +57,6 @@ fi
set -e
# Install the main A/I package repository.
install_packages curl gnupg
echo "deb http://deb.autistici.org/urepo stretch-ai/" > /etc/apt/sources.list.d/ai.list
curl -s http://deb.autistici.org/repo.key | apt-key add -
apt-get -q update
install_packages ${BUILD_PACKAGES} ${PACKAGES}
# Install the configuration, overlayed over /etc.
......@@ -95,26 +66,13 @@ rsync -a /tmp/conf/ /etc/
# since we won't be using the init script.
#mkdir /var/run/apache2 /var/lock/apache2
# Enable/disable Apache modules and configs.
a2enmod -q ${APACHE_MODULES_ENABLE}
a2dismod -q -f ${APACHE_MODULES_DISABLE}
a2enconf -q ${APACHE_CONFIG_ENABLE}
a2disconf -q ${APACHE_CONFIG_DISABLE}
a2ensite ${APACHE_SITES}
/usr/local/bin/setup-apache.sh
# Set up modsecurity.
mv /etc/modsecurity/modsecurity.conf-recommended /etc/modsecurity/modsecurity.conf
# Create runtime directories (since we're not going to use init
# scripts or systemd units to start the services).
mkdir -p /var/run/apache2 /var/run/php
# Install Chaperone (minimalistic init service).
pip3 install chaperone
rm -fr /root/.cache/pip
# Remove packages used for installation.
apt-get remove -y --purge curl gnupg ${BUILD_PACKAGES}
apt-get remove -y --purge ${BUILD_PACKAGES}
apt-get autoremove -y
apt-get clean
rm -fr /var/lib/apt/lists/*
......
# Forward Prometheus scrapes to the apache-exporter.
ProxyPass /metrics http://127.0.0.1:9117/metrics
<Directory />
AllowOverride None
Require all denied
</Directory>
ServerTokens Prod
ServerSignature Off
TraceEnable Off
Header set X-Content-Type-Options: "nosniff"
<VirtualHost *:83>
DocumentRoot /var/www/html
</VirtualHost>
<VirtualHost *:83>
<VirtualHost *:${APACHE_PORT}>
ServerName noblogs.ai-cdn.net
DocumentRoot /opt/noblogs/www
......
<VirtualHost *:83>
<VirtualHost *:${APACHE_PORT}>
ServerName noblogs.org
ServerAlias *.noblogs.org
......
apache2.service: {
command: "bash -c 'source /etc/apache2/envvars && exec /usr/sbin/apache2 -DFOREGROUND'",
kill_signal: SIGWINCH
}
fpm.service: {
command: "/usr/sbin/php-fpm7.0 --force-stderr --nodaemonize"
}
#fakemail.service: {
# command: "python3 -m smtpd -n -c DebuggingServer 0.0.0.0:25",
# env_set: {
# 'PYTHONUNBUFFERED': '1'
# }
#}
console.logging: {
selector: '*.warn',
stdout: true,
}
settings: {
env_set: {
"LANG": "en_us.UTF-8",
"LC_CTYPE": "$(LANG)",
}
}
[www]
user = www-data
group = www-data
listen = /run/php/php7.0-fpm.sock
listen.owner = www-data
listen.group = www-data
pm = dynamic
pm.max_children = 125
pm.start_servers = 3
pm.min_spare_servers = 3
pm.max_spare_servers = 10
pm.max_requests = 10000
pm.status_path = /status
; Redirect worker stdout and stderr into main error log. If not set, stdout and
; stderr will be redirected to /dev/null according to FastCGI specs.
; Note: on highloaded environement, this can cause some delay in the page
; process time (several ms).
; Default Value: no
catch_workers_output = yes
access.log = /proc/self/fd/2
chdir = /
; Already enabled by default - do not enable twice.
; php_admin_value[opcache.enable] = 1
php_admin_value[opcache.memory_consumption] = 256
php_admin_value[opcache.interned_strings_buffer] = 16
php_admin_value[opcache.max_accelerated_files] = 4000
php_admin_value[opcache.validate_timestamps] = 0
php_admin_value[opcache.fast_shutdown] = 1
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment