From 030e89d23902e8771f3ed3cecde483ba74400c3b Mon Sep 17 00:00:00 2001 From: KemoNine Date: Sun, 6 Jan 2019 19:15:33 +0000 Subject: [PATCH 1/4] Convert the example file to a proper readme with examples and additional details --- docker/README.md | 56 ++++++++++++++++++++++++++++++++++++++++++++++++ docker/example | 12 ----------- 2 files changed, 56 insertions(+), 12 deletions(-) create mode 100644 docker/README.md delete mode 100644 docker/example diff --git a/docker/README.md b/docker/README.md new file mode 100644 index 0000000..a7cd859 --- /dev/null +++ b/docker/README.md @@ -0,0 +1,56 @@ +# Halcyon Docker + +This Docker setup for Halcyon includes just Halcyon, php-fpm and the necessary locales for internationalization support in Halcyon. + +You'll need to use the main repo's nginx/apache/caddy configs for reverse proxy to the container. traefik will likely work but is untested. + +# Build Halcyon Container + +``` sh + +cd /opt/halcyon/docker +docker build -t halcyon/halcyon:latest . + +``` + +# Configuration + +The container has the official example configs stored at ```/var/www/html/config``` inside the image. You can copy the examples from the container to the server via a temporary container and volume. + +The configs must be adjusted ahead of running the container for production use. + +Please note: The container build will checkout the latest release of Halcyon which may *not* match the current master brach HEAD. It's advisable to use the below to copy the configs so you're using the same config examples as the version deployed in the container. + +Example: + +``` sh + +cd /opt/halcyon +mkdir config +docker run --rm -it \ + --entrypoint /bin/sh \ + -v /opt/halcyon/config:/var/www/html/config \ + halcyon/halcyon:latest +cp /var/www/html/config.example/* /var/www/html/config/ +exit + +``` + +# Running + +An example for running the container is below. + +``` sh + +docker run \ + --name halcyon \ + --restart unless-stopped \ + --net docker-private \ + --ip 172.30.12.13 \ + -e TZ=UTC \ + -e DEBUG=1 \ + -v /opt/halcyon/config:/var/www/html/config \ + halcyon/halcyon:latest + +``` + diff --git a/docker/example b/docker/example deleted file mode 100644 index 5abd7c3..0000000 --- a/docker/example +++ /dev/null @@ -1,12 +0,0 @@ -docker build -t halcyon/halcyon:latest . -docker run --rm -it -p 9081:80 -v ${PWD}/config:/var/www/html/config test/halcyon:latest -docker run \ - --name halcyon \ - --restart unless-stopped \ - --net docker-private \ - --ip 172.30.12.13 \ - -e TZ=UTC \ - -e DEBUG=1 \ - -v /opt/halcyon/config:/var/www/html/config \ - test/halcyon:latest - From 6470a7282b23c5907aea82861c6c5402388e41d4 Mon Sep 17 00:00:00 2001 From: KemoNine Date: Sun, 6 Jan 2019 19:16:57 +0000 Subject: [PATCH 2/4] Update path in Docker README --- docker/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docker/README.md b/docker/README.md index a7cd859..a18fbaf 100644 --- a/docker/README.md +++ b/docker/README.md @@ -15,7 +15,7 @@ docker build -t halcyon/halcyon:latest . # Configuration -The container has the official example configs stored at ```/var/www/html/config``` inside the image. You can copy the examples from the container to the server via a temporary container and volume. +The container has the official example configs stored at ```/var/www/html/config.example``` inside the image. You can copy the examples from the container to the server via a temporary container and volume. The configs must be adjusted ahead of running the container for production use. From 12edd8677a4d4ad126437b16450ab830af70a6e6 Mon Sep 17 00:00:00 2001 From: KemoNine Date: Sun, 6 Jan 2019 19:46:25 +0000 Subject: [PATCH 3/4] Update Docker README paths to reflect new container paths --- docker/README.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/docker/README.md b/docker/README.md index a18fbaf..c42d8ae 100644 --- a/docker/README.md +++ b/docker/README.md @@ -15,7 +15,7 @@ docker build -t halcyon/halcyon:latest . # Configuration -The container has the official example configs stored at ```/var/www/html/config.example``` inside the image. You can copy the examples from the container to the server via a temporary container and volume. +The container has the official example configs stored at ```/opt/halcyon/config.example``` inside the image. You can copy the examples from the container to the server via a temporary container and volume. The configs must be adjusted ahead of running the container for production use. @@ -29,9 +29,9 @@ cd /opt/halcyon mkdir config docker run --rm -it \ --entrypoint /bin/sh \ - -v /opt/halcyon/config:/var/www/html/config \ + -v /opt/halcyon/config:/opt/halcyon/config \ halcyon/halcyon:latest -cp /var/www/html/config.example/* /var/www/html/config/ +cp /opt/halcyon/config.example/* /opt/halcyon/config/ exit ``` @@ -49,7 +49,7 @@ docker run \ --ip 172.30.12.13 \ -e TZ=UTC \ -e DEBUG=1 \ - -v /opt/halcyon/config:/var/www/html/config \ + -v /opt/halcyon/config:/opt/halcyon/config \ halcyon/halcyon:latest ``` From 7ea6f98149097d29b431e00f694a4bb073f76d21 Mon Sep 17 00:00:00 2001 From: KemoNine Date: Sun, 6 Jan 2019 19:47:24 +0000 Subject: [PATCH 4/4] Docker updates - Update to be pure php-fpm - Remove nginx from container - Update halcyon path to match standard docs (/opt/halcyon) - Updated halcyon path allows this container to work as-is with the provided web server configs --- docker/Dockerfile | 27 ++----- docker/etc/nginx/conf.d/access_log.conf | 5 -- .../nginx/conf.d/cache-file-descriptors.conf | 19 ----- docker/etc/nginx/conf.d/compression.conf | 56 -------------- docker/etc/nginx/nginx.conf | 75 ------------------- docker/etc/nginx/sites-available/site.conf | 24 ------ docker/etc/nginx/sites-enabled/site.conf | 1 - docker/etc/supervisord.conf | 9 --- docker/usr/local/etc/php-fpm.d/50-socket.conf | 3 +- 9 files changed, 9 insertions(+), 210 deletions(-) delete mode 100644 docker/etc/nginx/conf.d/access_log.conf delete mode 100644 docker/etc/nginx/conf.d/cache-file-descriptors.conf delete mode 100644 docker/etc/nginx/conf.d/compression.conf delete mode 100644 docker/etc/nginx/nginx.conf delete mode 100644 docker/etc/nginx/sites-available/site.conf delete mode 120000 docker/etc/nginx/sites-enabled/site.conf diff --git a/docker/Dockerfile b/docker/Dockerfile index e89d8c7..ca97239 100644 --- a/docker/Dockerfile +++ b/docker/Dockerfile @@ -26,28 +26,17 @@ RUN apt-get install -y --no-install-recommends \ && apt-get autoremove -y --purge # Halcyon +WORKDIR /opt/halcyon RUN apt-get install -y --no-install-recommends git \ - && git clone https://notabug.org/halcyon-suite/halcyon.git /var/www/html/ \ + && git clone https://notabug.org/halcyon-suite/halcyon.git /opt/halcyon/ \ && git checkout `git describe --tags` \ - && cp -r /var/www/html/config /var/www/html/config.example \ - && chown -R www-data: /var/www + && cp -r /opt/halcyon/config /opt/halcyon/config.example \ + && chown -R www-data: /opt/halcyon -# PHP-fpm + nginx -RUN apt-get install -y --no-install-recommends nginx \ -# Remove (some of the) default nginx config - && rm -f /etc/nginx.conf \ - && rm -f /etc/nginx/conf.d/default.conf \ - && rm -rf /etc/nginx/sites-* \ - && rm -rf /var/log/nginx \ -# Ensure nginx logs, even if the config has errors, are written to stderr - && mkdir -p /var/log/nginx \ - && chown www-data: /var/log/nginx \ - && ln -s /dev/stderr /var/log/nginx/error.log \ -# Create folder where the user hook into our default configs - && mkdir -p /etc/nginx/server.d/ \ - && mkdir -p /etc/nginx/location.d/ \ +# PHP-fpm +RUN \ # Bring php-fpm configs into a more controallable state - && rm /usr/local/etc/php-fpm.d/www.conf.default \ + rm /usr/local/etc/php-fpm.d/www.conf.default \ && mv /usr/local/etc/php-fpm.d/docker.conf /usr/local/etc/php-fpm.d/00-docker.conf \ && mv /usr/local/etc/php-fpm.d/www.conf /usr/local/etc/php-fpm.d/10-www.conf \ && mv /usr/local/etc/php-fpm.d/zz-docker.conf /usr/local/etc/php-fpm.d/20-docker.conf @@ -56,7 +45,7 @@ RUN apt-get install -y --no-install-recommends nginx \ ADD etc/ /etc/ ADD usr/ /usr/ -EXPOSE 80 +EXPOSE 9000 ENTRYPOINT ["/usr/bin/supervisord","-c","/etc/supervisord.conf"] diff --git a/docker/etc/nginx/conf.d/access_log.conf b/docker/etc/nginx/conf.d/access_log.conf deleted file mode 100644 index a54704b..0000000 --- a/docker/etc/nginx/conf.d/access_log.conf +++ /dev/null @@ -1,5 +0,0 @@ -# Log access to this file -# This is only used when you don't override it on a server{} level -access_log /dev/stdout main; - -# Note: Feel free to overwrite this file if you want a custom logging format! diff --git a/docker/etc/nginx/conf.d/cache-file-descriptors.conf b/docker/etc/nginx/conf.d/cache-file-descriptors.conf deleted file mode 100644 index ed312c0..0000000 --- a/docker/etc/nginx/conf.d/cache-file-descriptors.conf +++ /dev/null @@ -1,19 +0,0 @@ -# This tells Nginx to cache open file handles, "not found" errors, metadata about files and their permissions, etc. -# -# The upside of this is that Nginx can immediately begin sending data when a popular file is requested, -# and will also know to immediately send a 404 if a file is missing on disk, and so on. -# -# However, it also means that the server won't react immediately to changes on disk, which may be undesirable. -# -# In the below configuration, inactive files are released from the cache after 20 seconds, whereas -# active (recently requested) files are re-validated every 30 seconds. -# -# Descriptors will not be cached unless they are used at least 2 times within 20 seconds (the inactive time). -# -# A maximum of the 1000 most recently used file descriptors can be cached at any time. -# -# Production servers with stable file collections will definitely want to enable the cache. -open_file_cache max=1000 inactive=20s; -open_file_cache_valid 30s; -open_file_cache_min_uses 2; -open_file_cache_errors on; diff --git a/docker/etc/nginx/conf.d/compression.conf b/docker/etc/nginx/conf.d/compression.conf deleted file mode 100644 index 26537ad..0000000 --- a/docker/etc/nginx/conf.d/compression.conf +++ /dev/null @@ -1,56 +0,0 @@ -# Enable gzip compression. -gzip on; - -# Compression level (1-9). -# 5 is a perfect compromise between size and CPU usage, offering about -# 75% reduction for most ASCII files (almost identical to level 9). -gzip_comp_level 5; - -# Don't compress anything that's already small and unlikely to shrink much -# if at all (the default is 20 bytes, which is bad as that usually leads to -# larger files after gzipping). -gzip_min_length 256; - -# Compress data even for clients that are connecting to us via proxies, -# identified by the "Via" header (required for CloudFront). -gzip_proxied any; - -# Tell proxies to cache both the gzipped and regular version of a resource -# whenever the client's Accept-Encoding capabilities header varies; -# Avoids the issue where a non-gzip capable client (which is extremely rare -# today) would display gibberish if their proxy gave them the gzipped version. -gzip_vary on; - -# Compress all output labeled with one of the following MIME-types. -gzip_types - application/atom+xml - application/javascript - application/json - application/ld+json - application/manifest+json - application/rss+xml - application/vnd.geo+json - application/vnd.ms-fontobject - application/x-font-ttf - application/x-web-app-manifest+json - application/xhtml+xml - application/xml - font/opentype - image/bmp - image/svg+xml - image/x-icon - text/cache-manifest - text/css - text/plain - text/vcard - text/vnd.rim.location.xloc - text/vtt - text/x-component - text/x-cross-domain-policy; - # text/html is always compressed by gzip module - -# This should be turned on if you are going to have pre-compressed copies (.gz) of -# static files available. If not it should be left off as it will cause extra I/O -# for the check. It is best if you enable this in a location{} block for -# a specific directory, or on an individual server{} level. -# gzip_static on; diff --git a/docker/etc/nginx/nginx.conf b/docker/etc/nginx/nginx.conf deleted file mode 100644 index 4b72170..0000000 --- a/docker/etc/nginx/nginx.conf +++ /dev/null @@ -1,75 +0,0 @@ -# Run as a unique, less privileged user for security reasons. -user www-data www-data; - -# Sets the worker threads to the number of CPU cores available in the system for best performance. -# Should be > the number of CPU cores. -# Maximum number of connections = worker_processes * worker_connections -worker_processes auto; - -# Maximum number of open files per worker process. -# Should be > worker_connections. -worker_rlimit_nofile 8192; - -events { - # If you need more connections than this, you start optimizing your OS. - # That's probably the point at which you hire people who are smarter than you as this is *a lot* of requests. - # Should be < worker_rlimit_nofile. - worker_connections 8000; -} - -# Log errors and warnings to this file -# This is only used when you don't override it on a server{} level -error_log /dev/stderr warn; - -# The file storing the process ID of the main process -pid /var/run/nginx.pid; - -# The process is managed in the docker-env -daemon off; - -# Free some CPU cycles -timer_resolution 500ms; - -http { - # Specify MIME types for files. - include mime.types; - default_type application/octet-stream; - - # Update charset_types to match updated mime.types. - # text/html is always included by charset module. - charset_types text/css text/plain text/vnd.wap.wml application/javascript application/json application/rss+xml application/xml; - - # Include $http_x_forwarded_for within default format used in log files - log_format main '$remote_addr - $remote_user [$time_local] "$request" ' - '$status $body_bytes_sent "$http_referer" ' - '"$http_user_agent" "$http_x_forwarded_for"'; - - # Hide used software - server_tokens off; - - # Default charset - charset utf-8; - - # How long to allow each connection to stay idle. - # Longer values are better for each individual client, particularly for SSL, - # but means that worker connections are tied up longer. - keepalive_timeout 20s; - - # Speed up file transfers by using sendfile() to copy directly - # between descriptors rather than using read()/write(). - # For performance reasons, on FreeBSD systems w/ ZFS - # this option should be disabled as ZFS's ARC caches - # frequently used files in RAM by default. - sendfile on; - - # Don't send out partial frames; this increases throughput - # since TCP frames are filled up before being sent out. - tcp_nopush on; - - # Allow up to 3 MiB payload, privatebin defaults to 2 MiB. - client_max_body_size 3M; - - # Load even moar configs - include /etc/nginx/conf.d/*.conf; - include /etc/nginx/sites-enabled/*.conf; -} diff --git a/docker/etc/nginx/sites-available/site.conf b/docker/etc/nginx/sites-available/site.conf deleted file mode 100644 index 3716e44..0000000 --- a/docker/etc/nginx/sites-available/site.conf +++ /dev/null @@ -1,24 +0,0 @@ -server { - listen 80 default_server; - - root /var/www/html; - index index.php index.html index.htm; - - location / { - include /etc/nginx/location.d/*.conf; - try_files $uri $uri/ /index.php$is_args$args; - } - - location ~ \.php$ { - include /etc/nginx/location.d/*.conf; - fastcgi_pass unix:/run/php-fpm.sock; - fastcgi_index index.php; - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - include fastcgi_params; - - # Prevent exposing nginx + version to $_SERVER - fastcgi_param SERVER_SOFTWARE ""; - } - - include /etc/nginx/server.d/*.conf; -} diff --git a/docker/etc/nginx/sites-enabled/site.conf b/docker/etc/nginx/sites-enabled/site.conf deleted file mode 120000 index 35141db..0000000 --- a/docker/etc/nginx/sites-enabled/site.conf +++ /dev/null @@ -1 +0,0 @@ -/etc/nginx/sites-available/site.conf \ No newline at end of file diff --git a/docker/etc/supervisord.conf b/docker/etc/supervisord.conf index 633eae4..ae3cf0a 100644 --- a/docker/etc/supervisord.conf +++ b/docker/etc/supervisord.conf @@ -12,12 +12,3 @@ stdout_logfile_maxbytes=0 stderr_logfile=/dev/stderr stderr_logfile_maxbytes=0 -[program:nginx] -command=/usr/sbin/nginx -autostart=true -autorestart=true -priority=20 -stdout_logfile=/dev/stdout -stdout_logfile_maxbytes=0 -stderr_logfile=/dev/stderr -stderr_logfile_maxbytes=0 diff --git a/docker/usr/local/etc/php-fpm.d/50-socket.conf b/docker/usr/local/etc/php-fpm.d/50-socket.conf index 081fb58..7d65f11 100644 --- a/docker/usr/local/etc/php-fpm.d/50-socket.conf +++ b/docker/usr/local/etc/php-fpm.d/50-socket.conf @@ -1,5 +1,4 @@ [www] -listen = /run/php-fpm.sock +listen = 0.0.0.0:9000 listen.owner = www-data listen.group = www-data -listen.mode = 0660