STI
/
myos
3
2
Fork 1
Code Issues 3 Pull Requests Projects Releases Wiki Activity

olympe

This commit is contained in:
Yann Autissier 2022-12-22 02:57:43 +00:00
parent 2dec68807e
commit 94a749e229
27 changed files with 2182 additions and 29 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

32
docker/apache/php5/Dockerfile Normal file
View File

@ -0,0 +1,32 @@
FROM nimmis/alpine-apache-php5
ARG DOCKER_BUILD_DIR
RUN apk add --no-cache \
memcached \
php5-bz2 \
php5-enchant \
php5-gmp \
php5-imap \
php5-ldap \
php5-memcache \
php5-mssql \
php5-mysqli \
php5-opcache \
php5-pdo \
php5-pdo_mysql \
php5-pdo_pgsql \
php5-pdo_sqlite \
php5-pspell \
php5-snmp \
php5-xcache \
php5-xmlrpc \
php5-xsl
COPY ${DOCKER_BUILD_DIR}/apache-php5-config.sh /etc/run_always/51-config-apache
COPY ${DOCKER_BUILD_DIR}/php.ini /etc/php5/
COPY ${DOCKER_BUILD_DIR}/header.php /etc/php5/
RUN mkdir -p /etc/sv/memcached \
&& echo -e '#!/bin/sh\n\nexec 2>&1\nexec chpst -u apache /usr/bin/memcached -s /var/tmp/memcached\n' > /etc/sv/memcached/run \
&& chmod +x /etc/sv/memcached/run \
&& ln -s ../sv/memcached /etc/service/memcached

22
docker/apache/php5/apache-php5-config.sh Executable file
View File

@ -0,0 +1,22 @@
#!/bin/sh
set -eu
DOCUMENT_ROOT=${DOCUMENT_ROOT:-/web/html}
LOAD_MODULE=${LOAD_MODULE:-env expires headers remoteip reqtimeout rewrite setenvif slotmem_shm vhost_alias}
PREFIX=${PREFIX:-/web/config}
SERVER_NAME=${SERVER_NAME:-$(hostname)}
VIRTUAL_ROOT=${VIRTUAL_ROOT:-%0}
sed -E -i \
-e 's!^#?\s*(LoadModule ('${LOAD_MODULE// /|}')_module modules/mod_('${LOAD_MODULE// /|}').so)\s*!\1!g' \
-e 's!^ServerName .*!ServerName '${SERVER_NAME}'!g' \
-e 's!^ServerSignature .*!ServerSignature Off!g' \
-e 's!DocumentRoot .*!DocumentRoot "'${DOCUMENT_ROOT}'"!; /DocumentRoot/,/Directory/{s!Directory .*"!Directory "'${DOCUMENT_ROOT}'"!}' \
"$PREFIX/httpd.conf"
sed -ni \
-e '/^VirtualDocumentRoot/!p;$a VirtualDocumentRoot '"${DOCUMENT_ROOT}/${VIRTUAL_ROOT:-%-1/%-2/%-3}"'' \
"$PREFIX/conf.d/default.conf"
sed -i \
-e 's!internal!localhost!g' \
-e 's!^Alias .*!Alias "/localhost" "'${DOCUMENT_ROOT}'/localhost"!g; /Alias/,/Directory/{s!Directory .*"!Directory "'${DOCUMENT_ROOT}/localhost'"!}' \
"$PREFIX/conf.d/errordocs.conf"

33
docker/apache/php5/header.php Normal file
View File

@ -0,0 +1,33 @@
<?php
if( PHP_SAPI != 'cli' ) {
if( $_SERVER["HTTP_X_FORWARDED_PROTO"] == 'https' )
$_SERVER["SERVER_PORT"] = 443;
else
$_SERVER["SERVER_PORT"] = 80;
}
function error_handler() {
$error = error_get_last();
if ($error) switch ($error['type']) {
case E_ERROR: // 1
readfile("/var/www/html/500.html");
break;
case E_PARSE: // 4
case E_CORE_ERROR: // 16
case E_CORE_WARNING: // 32
case E_COMPILE_ERROR: // 64
case E_COMPILE_WARNING: // 128
case E_USER_ERROR: // 256
case E_RECOVERABLE_ERROR: // 4096
readfile("/var/www/html/50x.html");
break;
case E_WARNING: // 2
case E_NOTICE: // 8
case E_USER_WARNING: // 512
case E_USER_NOTICE: // 1024
case E_STRICT: // 2048
case E_DEPRECATED: // 8192
case E_USER_DEPRECATED: // 16384
}
}
register_shutdown_function('error_handler');
?>

1926
docker/apache/php5/php.ini Normal file
View File

File diff suppressed because it is too large Load Diff

5
docker/nginx/Dockerfile
View File

@ -2,7 +2,10 @@ FROM pinidh/nginx-proxy:alpine
ARG DOCKER_BUILD_DIR
RUN sed -i 's/\(function _resolvers() {\)$/function _nginx_config() {\n\t\/app\/nginx-config.sh\n}\n\n\1/;s/\(\t_default_certificate\)$/\1\n\n\t_nginx_config/' /app/docker-entrypoint.sh \
&& sed -i 's|\(\treturn 503;\)$|\t{{ if (exists (printf "/etc/nginx/vhost.d/default")) }}\n\tinclude {{ printf "/etc/nginx/vhost.d/default" }};\n\t {{ if (exists (printf "/etc/nginx/vhost.d/default_location")) }}\n\tinclude {{ printf "/etc/nginx/vhost.d/default_location" }};\n\t {{ end }}\n\t{{ else }}\n\1\n\t{{ end }}|' /app/nginx.tmpl \
&& sed -i 's|\(\treturn 503;\)$|\t{{ if (exists (printf "/etc/nginx/vhost.d/%s" (or $.Env.DEFAULT "default"))) }}\n\tinclude {{ printf "/etc/nginx/vhost.d/%s" (or $.Env.DEFAULT "default") }};\n\t {{ if (exists (printf "/etc/nginx/vhost.d/default_location")) }}\n{{ if $.Env.DEFAULT_LOCATION }}\tinclude {{ printf "/etc/nginx/vhost.d/default_location" }};{{ end }}\n\t {{ if (exists (printf "/etc/nginx/vhost.d/default_location_php")) }}\n{{ if $.Env.DEFAULT_LOCATION_PHP }}\tinclude {{ printf "/etc/nginx/vhost.d/default_location_php" }};{{ end }}\n\t {{ end }}\n\t {{ if (exists (printf "/etc/nginx/vhost.d/default_location_ipfs")) }}\n{{ if $.Env.DEFAULT_LOCATION_IPFS }}\tinclude {{ printf "/etc/nginx/vhost.d/default_location_ipfs" }};{{ end }}\n\t {{ end }}\n\t {{ end }}\n\t{{ else }}\n\1\n\t{{ end }}|' /app/nginx.tmpl \
&& sed -i 's|\({{ if (exists "/etc/nginx/proxy.conf") }}\)|{{ if (exists "/etc/nginx/vhost.d/nginx.conf") }}\ninclude /etc/nginx/vhost.d/nginx.conf;\n{{ end }}\n\n\1|' /app/nginx.tmpl \
&& sed -i 's|exists "/etc/nginx/vhost.d/default"|exists (printf "/etc/nginx/vhost.d/%s" (or $.Env.DEFAULT "default"))|;s|include /etc/nginx/vhost.d/default;|include {{ printf "/etc/nginx/vhost.d/%s" (or $.Env.DEFAULT "default") }};|' /app/nginx.tmpl \
&& sed -i 's|\(include /etc/nginx/vhost.d/default_location;\)|\1\n\t\t{{ if (exists (printf "/etc/nginx/vhost.d/default_location_php")) }}\n{{ if $.Env.DEFAULT_LOCATION_PHP }}\tinclude {{ printf "/etc/nginx/vhost.d/default_location_php" }};{{ end }}\n\t\t{{ end }}\n\t\t{{ if (exists (printf "/etc/nginx/vhost.d/default_location_ipfs")) }}\n{{ if $.Env.DEFAULT_LOCATION_IPFS }}\tinclude {{ printf "/etc/nginx/vhost.d/default_location_ipfs" }};{{ end }}\n\t\t{{ end }}|' /app/nginx.tmpl \
&& awk '/proxy_pass \{\{ trim .Proto \}\}/{sub(/else/, "else if ne .Proto \"local\"", last)} NR>1{print last} {last=$0} END {print last}' /app/nginx.tmpl > /tmp/nginx.tmpl && mv /tmp/nginx.tmpl /app/
COPY ${DOCKER_BUILD_DIR}/nginx* /app

4
docker/nginx/nginx-config.sh
View File

@ -12,4 +12,8 @@ sed -i 's/fastcgi_param * SERVER_SOFTWARE *.*/fastcgi_param SERVER_SOFTWARE
mkdir -p /etc/nginx/htpasswd /etc/nginx/vhost.d
[ -f "/etc/nginx/htpasswd/default" ] || echo "default:{PLAIN}$(head -c 15 /dev/random |base64)" > /etc/nginx/htpasswd/default
[ -f "/etc/nginx/vhost.d/default" ] || cp /app/nginx_default /etc/nginx/vhost.d/default
[ -f "/etc/nginx/vhost.d/default_dns" ] || cp /app/nginx_default_dns /etc/nginx/vhost.d/default_dns
[ -f "/etc/nginx/vhost.d/default_location" ] || cp /app/nginx_default_location /etc/nginx/vhost.d/default_location
[ -f "/etc/nginx/vhost.d/default_location_php" ] || cp /app/nginx_default_location_php /etc/nginx/vhost.d/default_location_php
[ -f "/etc/nginx/vhost.d/default_location_ipfs" ] || cp /app/nginx_default_location_ipfs /etc/nginx/vhost.d/default_location_ipfs
[ -f "/etc/nginx/vhost.d/nginx.conf" ] || cp /app/nginx.conf /etc/nginx/vhost.d/nginx.conf

9
docker/nginx/nginx.conf Normal file
View File

@ -0,0 +1,9 @@
map $host $host_dir {
hostnames;
~(?:(?<sssssd>[a-z0-9-]+)\.)(?:(?<ssssd>[a-z0-9-]+)\.)(?:(?<sssd>[a-z0-9-]+)\.)(?:(?<ssd>[a-z0-9-]+)\.)(?:(?<sd>[a-z0-9-]+)\.)(?<dom>[a-z0-9-]+)\.(?<tld>[a-z0-9-]+)$ ${tld}/${dom}/${sd}/${ssd}/${sssd}/${ssssd}/${sssssd};
~(?:(?<ssssd>[a-z0-9-]+)\.)(?:(?<sssd>[a-z0-9-]+)\.)(?:(?<ssd>[a-z0-9-]+)\.)(?:(?<sd>[a-z0-9-]+)\.)(?<dom>[a-z0-9-]+)\.(?<tld>[a-z0-9-]+)$ ${tld}/${dom}/${sd}/${ssd}/${sssd}/${ssssd};
~(?:(?<sssd>[a-z0-9-]+)\.)(?:(?<ssd>[a-z0-9-]+)\.)(?:(?<sd>[a-z0-9-]+)\.)(?<dom>[a-z0-9-]+)\.(?<tld>[a-z0-9-]+)$ ${tld}/${dom}/${sd}/${ssd}/${sssd};
~(?:(?<ssd>[a-z0-9-]+)\.)(?:(?<sd>[a-z0-9-]+)\.)(?<dom>[a-z0-9-]+)\.(?<tld>[a-z0-9-]+)$ ${tld}/${dom}/${sd}/${ssd};
~(?:(?<sd>[a-z0-9-]+)\.)(?<dom>[a-z0-9-]+)\.(?<tld>[a-z0-9-]+)$ ${tld}/${dom}/${sd};
~(?<dom>[a-z0-9-]+)\.(?<tld>[a-z0-9-]+)$ ${tld}/${dom};
}

1
docker/nginx/nginx_default_dns Normal file
View File

@ -0,0 +1 @@
root /dns/$host_dir;

21
docker/nginx/nginx_default_location
View File

@ -1,6 +1,23 @@
error_page 403 /localhost/403.html;
error_page 404 /localhost/404.html;
error_page 500 /localhost/500.html;
error_page 502 503 504 /localhost/50x.html;
index index.php index.html index.htm;
try_files $uri $uri/ index.php$uri =404;
try_files $uri $uri/ =404;
location ~ /\.ht {
location /localhost/ {
alias /usr/share/nginx/html/;
}
location ^~ /.well-known/acme-challenge/ {
auth_basic off;
auth_request off;
allow all;
root /usr/share/nginx/html;
try_files $uri =404;
break;
}
location ~ /\. {
deny all;
}

3
docker/nginx/nginx_default_location_ipfs Normal file
View File

@ -0,0 +1,3 @@
location ~ /ip(f|n)s {
proxy_pass http://$host:8080;
}

10
docker/nginx/nginx_default_location_php Normal file
View File

@ -0,0 +1,10 @@
location ~ ^(.+\.php)(.*)$ {
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_pass php;
fastcgi_split_path_info ^(.+\.php)(.*)$;
include fastcgi_params;
try_files $uri index.php$uri =404;
}
fastcgi_intercept_errors on;

4
make/apps/def.mk
View File

@ -29,10 +29,10 @@ NFS_CONFIG ?= addr=$(NFS_HOST),actimeo=3,intr,noacl,noatime
NFS_HOST ?= host.docker.internal
SERVICES ?= $(DOCKER_SERVICES)
tagprefix = $(call urlprefix,$(or $($(call UPPERCASE,$(1)_SERVICE_$(2)_PATH)),$($(call UPPERCASE,$(1)_SERVICE_PATH))),$(or $($(call UPPERCASE,$(1)_SERVICE_$(2)_OPTS)),$($(call UPPERCASE,$(1)_SERVICE_OPTS)),$(call envprefix,$(1),$(2),allow auth deny preprend proto register strip)),$(or $(foreach env,$(3),$($(call UPPERCASE,$(1)_SERVICE_$(2)_$(env)))),$($(call UPPERCASE,$(1)_SERVICE_$(2)_URIS)),$(call uriprefix,$(1),$(2))))
envprefix = $(foreach env,$(3),$(if $($(call UPPERCASE,$(1)_SERVICE_$(2)_$(env))),$(env)=$($(call UPPERCASE,$(1)_SERVICE_$(2)_$(env)))))
patsublist = $(patsubst $(1),$(2),$(firstword $(3)))$(foreach pattern,$(wordlist 2,16,$(3)),$(comma)$(patsubst $(1),$(2),$(pattern)))
patsublist = $(patsubst $(1),$(2),$(firstword $(3)))$(foreach pattern,$(wordlist 2,255,$(3)),$(comma)$(patsubst $(1),$(2),$(pattern)))
servicenvs = $(foreach env,$(call UPPERCASE,$($(1)_SERVICE_$(2)_ENVS)),$(if $(3),$($(1)_SERVICE_$(env)_$(3)),$($(1)_SERVICE_$(2)_$(env))))
tagprefix = $(call urlprefix,$(or $($(call UPPERCASE,$(1)_SERVICE_$(2)_PATH)),$($(call UPPERCASE,$(1)_SERVICE_PATH))),$(or $($(call UPPERCASE,$(1)_SERVICE_$(2)_OPTS)),$($(call UPPERCASE,$(1)_SERVICE_OPTS)),$(call envprefix,$(1),$(2),allow auth deny preprend proto register strip)),$(or $(foreach env,$(3),$($(call UPPERCASE,$(1)_SERVICE_$(2)_$(env)))),$($(call UPPERCASE,$(1)_SERVICE_$(2)_URIS)),$(call uriprefix,$(1),$(2))))
uriprefix = $(foreach svc,$(1),$(patsubst %,$(addsuffix .,$(or $($(call UPPERCASE,$(svc)_SERVICE_$(2)_NAME)),$($(call UPPERCASE,$(svc)_SERVICE_NAME)),$(svc)))%,$(or $(3),$(APP_URIS))))
url_suffix = *
urlprefix = $(strip $(call patsublist,%,urlprefix-%$(1)$(url_suffix) $(2),$(or $(3),$(APP_URIS))))

4
make/apps/docker.mk
View File

@ -39,7 +39,7 @@ docker-compose-config:
docker-compose-connect: SERVICE ?= $(DOCKER_SERVICE)
docker-compose-connect: DOCKER_RUN_OPTIONS += -it
docker-compose-connect:
$(call docker-compose,exec $(SERVICE) $(DOCKER_SHELL)) || true
$(call docker-compose,exec $(SERVICE) $(DOCKER_SHELL))
# target docker-compose-down: Call docker-compose rm SERVICE or docker-compose down
.PHONY: docker-compose-down
@ -51,7 +51,7 @@ docker-compose-down:
.PHONY: docker-compose-exec
docker-compose-exec: SERVICE ?= $(DOCKER_SERVICE)
docker-compose-exec:
$(call docker-compose-exec-sh,$(SERVICE),$(ARGS)) || true
$(call docker-compose-exec-sh,$(SERVICE),$(ARGS))
# target docker-compose-logs: Call docker-compose logs SERVICE
.PHONY: docker-compose-logs

2
stack/User/User.mk
View File

@ -1,4 +1,4 @@
ENV_VARS += USER_DOMAIN user_domain
ENV_VARS += USER_DOMAIN USER_HOST user_domain
MAKECMDARGS += user-exec user-exec:% user-exec@% user-run user-run:% user-run@%
USER_DOMAIN ?= $(patsubst %,$(USER).%,$(DOMAIN))
USER_HOST ?= $(patsubst %,$(USER).%,$(HOST))$(USER_HOST_LB)

6
stack/User/ipfs.mk
View File

@ -1,5 +1,6 @@
ENV_VARS += USER_IPFS_API_HTTPHEADERS_ACA_ORIGIN USER_IPFS_SERVICE_5001_TAGS USER_IPFS_SERVICE_8080_TAGS
USER_IPFS_API_HTTPHEADERS_ACA_ORIGIN ?= [$(call patsublist,%,"https://%",$(USER_IPFS_SERVICE_8080_URIS))]
ENV_VARS += USER_IPFS_API_HTTPHEADERS_ACA_ORIGIN USER_IPFS_LETSENCRYPT_HOST USER_IPFS_SERVICE_5001_TAGS USER_IPFS_SERVICE_8080_TAGS
USER_IPFS_API_HTTPHEADERS_ACA_ORIGIN ?= [$(call patsublist,%,"https://%",$(patsubst %/,%,$(USER_IPFS_SERVICE_8080_URIS)))]
USER_IPFS_LETSENCRYPT_HOST ?= $(subst $(space),$(comma),$(call uriprefix,USER_IPFS,,$(USER_HOST)))
USER_IPFS_SERVICE_NAME ?= ipfs
USER_IPFS_SERVICE_5001_PATH ?= api/
USER_IPFS_SERVICE_5001_TAGS ?= $(or $(USER_IPFS_SERVICE_5001_TAGS_LOCALHOST),$(USER_IPFS_SERVICE_5001_TAGS_URIS),$(USER_IPFS_SERVICE_5001_TAGS_PROXY_TCP))
@ -8,6 +9,5 @@ USER_IPFS_SERVICE_5001_TAGS_PROXY_TCP ?= $(call patsublist,%,urlprefix-% pro
USER_IPFS_SERVICE_5001_TAGS_URIS ?= $(strip $(if $(call servicenvs,USER_IPFS,5001,URIS),$(call urlprefix,$(USER_IPFS_SERVICE_5001_PATH),,$(call servicenvs,USER_IPFS,5001,URIS))))
USER_IPFS_SERVICE_5001_URIS ?= $(call uriprefix,USER_IPFS,5001,$(USER_URIS))
USER_IPFS_SERVICE_8080_OPTS ?= $(patsubst %/,%,$(if $(USER_PATH),strip=/$(USER_PATH)))
USER_IPFS_SERVICE_8080_PATH ?= ip(f|n)s/
USER_IPFS_SERVICE_8080_TAGS ?= $(call tagprefix,USER_IPFS,8080)
USER_IPFS_SERVICE_8080_URIS ?= $(call uriprefix,USER_IPFS,8080,$(USER_URIS))

1
stack/User/ipfs.yml
View File

@ -60,6 +60,7 @@ services:
- IPFS_SWARM_RELAYCLIENT_ENABLED=${USER_IPFS_SWARM_RELAYCLIENT_ENABLED:-}
- IPFS_SWARM_RELAYSERVICE_ENABLED=${USER_IPFS_SWARM_RELAYSERVICE_ENABLED:-}
- IPFS_SWARM_TRANSPORTS_NETWORK_RELAY=${USER_IPFS_SWARM_TRANSPORTS_NETWORK_RELAY:-}
- LETSENCRYPT_HOST=${USER_IPFS_LETSENCRYPT_HOST}
image: ${USER_DOCKER_REPOSITORY}/ipfs:${DOCKER_IMAGE_TAG}
labels:
- SERVICE_4001_CHECK_TCP=true

7
stack/host/apache.php5.mk Normal file
View File

@ -0,0 +1,7 @@
ENV_VARS += HOST_APACHE_PHP5_SERVICE_80_TAGS HOST_APACHE_PHP5_VIRTUAL_ROOT
HOST_APACHE_PHP5_SERVICE_HOST ?= $(subst $(comma),$(space),$(HOST_APACHE_PHP5_VIRTUAL_HOST))
HOST_APACHE_PHP5_SERVICE_PATH ?= /
HOST_APACHE_PHP5_SERVICE_80_HOST ?= $(HOST_APACHE_PHP5_SERVICE_HOST)
HOST_APACHE_PHP5_SERVICE_80_TAGS ?= $(call tagprefix,HOST_APACHE_PHP5,80,host)
HOST_APACHE_PHP5_VIRTUAL_HOST ?= $(subst $(space),$(comma),$(APP_HOST))
HOST_APACHE_PHP5_VIRTUAL_ROOT ?= %-1/%-2/%-3

36
stack/host/apache/php5.yml Normal file
View File

@ -0,0 +1,36 @@
version: '3.6'
services:
apache-php5:
build:
args:
- DOCKER_BUILD_DIR=docker/apache/php5
context: ../..
dockerfile: docker/apache/php5/Dockerfile
domainname: ${DOMAINNAME}
environment:
- DOCUMENT_ROOT=${HOST_APACHE_PHP5_DOCUMENT_ROOT:-/web/html}
- VIRTUAL_ROOT=${HOST_APACHE_PHP5_VIRTUAL_ROOT:-%0}
hostname: ${HOSTNAME}
image: ${DOCKER_REPOSITORY:-apache-php5}/apache-php5:${DOCKER_IMAGE_TAG:-latest}
labels:
- SERVICE_80_CHECK_HTTP=${HOST_APACHE_PHP5_SERVICE_80_CHECK_HTTP:-/}
- SERVICE_80_NAME=${COMPOSE_SERVICE_NAME:-docker}-apache-php5-80
- SERVICE_80_TAGS=${HOST_APACHE_PHP5_SERVICE_80_TAGS:-urlprefix-localhost/*}
networks:
- public
ports:
- 80
restart: unless-stopped
volumes:
- backup:/backup
- web:/web
volumes:
backup:
web:
networks:
public:
external: true
name: ${DOCKER_NETWORK_PUBLIC:-localhost}

6
stack/host/host.mk
View File

@ -24,15 +24,15 @@ host-ssl-certs:
alpine sh -c "mkdir -p /host/htpasswd && chmod 700 /host/htpasswd \
; mkdir -p /host/certs && chmod 0700 /host/certs \
; [ -f /host/htpasswd/default.htpasswd ] \
|| echo "default:{PLAIN}$(shell head -c 15 /dev/random |base64)" > /host/htpasswd/default.htpasswd \
|| echo "${HOSTNAME}:{PLAIN}$(shell head -c 15 /dev/random |base64)" > /host/htpasswd/default.htpasswd \
; apk --no-cache add openssl \
; for domain in ${DOMAIN}; do \
[ -f /host/live/\$${domain}/privkey.pem ] \
&& openssl x509 -in /host/live/\$${domain}/fullchain.pem -noout -issuer 2>/dev/null |grep -iqv staging \
&& cp -L /host/live/\$${domain}/fullchain.pem /host/certs/\$${domain}-cert.pem \
&& cp -L /host/live/\$${domain}/privkey.pem /host/certs/\$${domain}-key.pem \
; if [ ! -f /host/certs/\$${domain}-key.pem ]; then \
apk --no-cache add openssl \
&& openssl genrsa -out /host/certs/\$${domain}-key.pem 2048 \
openssl genrsa -out /host/certs/\$${domain}-key.pem 2048 \
&& openssl req -key /host/certs/\$${domain}-key.pem -out /host/certs/\$${domain}-cert.pem \
-addext extendedKeyUsage=serverAuth \
-addext subjectAltName=DNS:\$${domain},DNS:*.\$${domain} \

4
stack/host/ipfs.mk
View File

@ -1,10 +1,10 @@
ENV_VARS += HOST_IPFS_API_HTTPHEADERS_ACA_ORIGIN HOST_IPFS_SERVICE_5001_TAGS HOST_IPFS_SERVICE_8080_TAGS
HOST_IPFS_API_HTTPHEADERS_ACA_ORIGIN ?= [$(call patsublist,%,"https://%",$(HOST_IPFS_SERVICE_8080_URIS))]
HOST_IPFS_API_HTTPHEADERS_ACA_ORIGIN ?= [$(call patsublist,%,"https://%",$(patsubst %/,%,$(HOST_IPFS_SERVICE_8080_URIS)))]
HOST_IPFS_SERVICE_HOST_URIS ?= */ipfs/ */ipns/
HOST_IPFS_SERVICE_NAME ?= ipfs
HOST_IPFS_SERVICE_5001_PATH ?= api/
HOST_IPFS_SERVICE_5001_TAGS ?= $(call tagprefix,HOST_IPFS,5001)
HOST_IPFS_SERVICE_8080_ENVS ?= host
HOST_IPFS_SERVICE_8080_TAGS ?= $(call urlprefix,,,$(HOST_IPFS_SERVICE_8080_URIS) $(call servicenvs,HOST_IPFS,8080,URIS))
HOST_IPFS_SERVICE_8080_URIS ?= $(call uriprefix,ipfs *.ipfs ipns *.ipns)
HOST_IPFS_SERVICE_8080_URIS ?= $(call uriprefix,*ipfs *ipns)
HOST_IPFS_UFW_DOCKER ?= 4001/tcp 4001/udp 8080

8
stack/host/nginx.mk
View File

@ -1,12 +1,12 @@
ENV_VARS += HOST_NGINX_DEFAULT_HOST HOST_NGINX_LETSENCRYPT_HOST HOST_NGINX_SERVICE_80_TAGS HOST_NGINX_SERVICE_443_TAGS HOST_NGINX_VIRTUAL_HOST
HOST_NGINX_DEFAULT_HOST ?= $(firstword $(APP_HOST))
ENV_VARS += HOST_NGINX_LETSENCRYPT_HOST HOST_NGINX_SERVICE_80_TAGS HOST_NGINX_SERVICE_443_TAGS HOST_NGINX_VIRTUAL_HOST
HOST_NGINX_HOST_URIS ?= true
HOST_NGINX_LETSENCRYPT_HOST ?= $(subst $(space),$(comma),$(filter-out *.%,$(subst $(comma),$(space),$(HOST_NGINX_VIRTUAL_HOST))))
HOST_NGINX_SERVICE_ACME_URIS ?= *:80/.well-known/acme-challenge/
HOST_NGINX_SERVICE_HOST_URIS ?= */
HOST_NGINX_SERVICE_HOST ?= $(subst $(comma),$(space),$(HOST_NGINX_VIRTUAL_HOST))
HOST_NGINX_SERVICE_80_HOST ?= $(HOST_NGINX_SERVICE_HOST)
HOST_NGINX_SERVICE_80_TAGS ?= $(call urlprefix,,,$(HOST_NGINX_SERVICE_80_URIS) $(call servicenvs,HOST_NGINX,80,URIS))
HOST_NGINX_SERVICE_80_URIS ?= $(patsubst %,%:80/,$(HOST_NGINX_SERVICE_80_HOST))
HOST_NGINX_SERVICE_80_ENVS ?= $(if $(SETUP_LETSENCRYPT),acme)
HOST_NGINX_SERVICE_80_ENVS ?= $(if $(HOST_NGINX_HOST_URIS),host)
HOST_NGINX_SERVICE_443_PATH ?= /
HOST_NGINX_SERVICE_443_HOST ?= $(patsubst %,%:443,$(HOST_NGINX_SERVICE_HOST))
HOST_NGINX_SERVICE_443_PROTO ?= https tlsskipverify=true

10
stack/host/nginx.yml
View File

@ -7,8 +7,13 @@ services:
- DOCKER_BUILD_DIR=docker/nginx
context: ../..
dockerfile: docker/nginx/Dockerfile
domainname: ${DOMAINNAME}
environment:
- DEFAULT_HOST=${HOST_NGINX_DEFAULT_HOST:-localhost}
- DEFAULT=${HOST_NGINX_DEFAULT:-default}
- DEFAULT_HOST=${HOST_NGINX_DEFAULT_HOST:-}
- DEFAULT_LOCATION=${HOST_NGINX_DEFAULT_LOCATION:-}
- DEFAULT_LOCATION_PHP=${HOST_NGINX_DEFAULT_LOCATION_PHP:-}
- DEFAULT_LOCATION_IPFS=${HOST_NGINX_DEFAULT_LOCATION_IPFS:-}
- LETSENCRYPT_HOST=${HOST_NGINX_LETSENCRYPT_HOST:-${HOST_NGINX_VIRTUAL_HOST:-}}
- LETSENCRYPT_EMAIL=${HOST_NGINX_LETSENCRYPT_EMAIL:-${DEFAULT_EMAIL:-${MAIL:-nginx@localhost}}}
- LETSENCRYPT_SINGLE_DOMAIN_CERTS=${HOST_NGINX_LETSENCRYPT_SINGLE_DOMAIN_CERTS:-true}
@ -17,6 +22,7 @@ services:
- VIRTUAL_HOST=${HOST_NGINX_VIRTUAL_HOST:-localhost}
- VIRTUAL_PATH=${HOST_NGINX_VIRTUAL_PATH:-/}
- VIRTUAL_PROTO=${HOST_NGINX_VIRTUAL_PROTO:-local}
hostname: ${HOSTNAME}
image: ${DOCKER_REPOSITORY:-nginx}/nginx:${DOCKER_IMAGE_TAG:-latest}
labels:
- SERVICE_80_CHECK_TCP=${HOST_NGINX_SERVICE_80_CHECK_TCP:-true}
@ -38,7 +44,6 @@ services:
- htpasswd:/etc/nginx/htpasswd
- log:/var/log/nginx
- vhost:/etc/nginx/vhost.d
- www:/var/www
volumes:
certs:
@ -46,7 +51,6 @@ volumes:
htpasswd:
log:
vhost:
www:
networks:
public:

10
stack/host/php.yml
View File

@ -1,18 +1,18 @@
version: '3.6'
services:
nginx:
environment:
- DEFAULT_LOCATION_PHP=true
php:
depends_on:
- nginx
environment:
- VIRTUAL_HOST=php
- VIRTUAL_PROTO=fastcgi
image: php:fpm-alpine
networks:
- public
volumes:
- www:/var/www
volumes:
www:
networks:
public:

9
stack/host/volumes.dns.local.yml Normal file
View File

@ -0,0 +1,9 @@
version: '3.6'
volumes:
dns:
driver: local
driver_opts:
device: /dns
o: bind
type: none

19
stack/host/volumes.dns.yml Normal file
View File

@ -0,0 +1,19 @@
version: '3.6'
services:
apache-php5:
environment:
- DOCUMENT_ROOT=/dns
volumes:
- dns:/dns
nginx:
environment:
- DEFAULT=default_dns
volumes:
- dns:/dns
php:
volumes:
- dns:/dns
volumes:
dns:

17
stack/host/volumes.www.yml Normal file
View File

@ -0,0 +1,17 @@
version: '3.6'
services:
apache-php5:
environment:
- DOCUMENT_ROOT=/var/www
volumes:
- www:/var/www
nginx:
volumes:
- www:/var/www
php:
volumes:
- www:/var/www
volumes:
www:

2
stack/ipfs/ipfs.mk
View File

@ -1,5 +1,5 @@
ENV_VARS += IPFS_API_HTTPHEADERS_ACA_ORIGIN IPFS_DAEMON_ARGS IPFS_PROFILE IPFS_SERVICE_5001_TAGS IPFS_SERVICE_8080_TAGS IPFS_VERSION
IPFS_API_HTTPHEADERS_ACA_ORIGIN ?= [$(call patsublist,%,"https://%",$(IPFS_SERVICE_8080_URIS))]
IPFS_API_HTTPHEADERS_ACA_ORIGIN ?= [$(call patsublist,%,"https://%",$(patsubst,%/,%,$(IPFS_SERVICE_8080_URIS)))]
IPFS_PROFILE ?= $(if $(filter-out amd64 x86_64,$(MACHINE)),lowpower,server)
IPFS_SERVICE_NAME ?= ipfs
IPFS_SERVICE_5001_PATH ?= api/