From c4ca518cc584087fe0d18c71f1edca663dd35322 Mon Sep 17 00:00:00 2001 From: nas user Date: Tue, 4 May 2021 10:34:58 +0900 Subject: [PATCH] =?UTF-8?q?=E5=90=84=E7=A8=AE=E8=A8=AD=E5=AE=9A=E3=83=95?= =?UTF-8?q?=E3=82=A1=E3=82=A4=E3=83=AB=E3=82=92=E8=BF=BD=E5=8A=A0=E3=80=82?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- django/Dockerfile | 69 +++++++++++ django/Readme.md | 52 ++++++++ django/requirements.txt | 11 ++ django/start.sh | 20 +++ .../conf.supervisord/syslog_ng.conf | 6 + .../supervisord/conf.supervisord/uwsgi.conf | 9 ++ django/supervisord/supervisord.conf | 20 +++ django/uwsgi.ini | 22 ++++ docker-compose.yml | 116 ++++++++++++++++++ env_file/django/Readme.md | 14 +++ env_file/mysql/Readme.md | 11 ++ env_file/nginx/Readme.md | 14 +++ mysql/Dockerfile | 29 +++++ mysql/entrypoint.sh | 112 +++++++++++++++++ nginx/Dockerfile | 50 ++++++++ nginx/default.template | 104 ++++++++++++++++ nginx/direct_edit/txtdelete.php | 100 +++++++++++++++ nginx/direct_edit/txtedit.conf | 13 ++ nginx/direct_edit/txtregist.php | 100 +++++++++++++++ nginx/execute.sh | 52 ++++++++ nginx/local_certs/default.crt | 30 +++++ nginx/local_certs/default.key | 52 ++++++++ nginx/local_certs/dhparam.pem | 8 ++ nginx/nginx.conf | 25 ++++ nginx/supervisord/conf.supervisord/cron.conf | 6 + nginx/supervisord/conf.supervisord/nginx.conf | 6 + .../conf.supervisord/syslog_ng.conf | 6 + nginx/supervisord/supervisord.conf | 20 +++ nginx/uwsgi_params | 16 +++ staticfiles/media/.gitkeep | 0 staticfiles/static/.gitkeep | 0 syslog-ng.conf | 7 ++ wrapper.sh | 47 +++++++ 33 files changed, 1147 insertions(+) create mode 100644 django/Dockerfile create mode 100644 django/Readme.md create mode 100644 django/requirements.txt create mode 100644 django/start.sh create mode 100644 django/supervisord/conf.supervisord/syslog_ng.conf create mode 100644 django/supervisord/conf.supervisord/uwsgi.conf create mode 100644 django/supervisord/supervisord.conf create mode 100644 django/uwsgi.ini create mode 100644 docker-compose.yml create mode 100644 env_file/django/Readme.md create mode 100644 env_file/mysql/Readme.md create mode 100644 env_file/nginx/Readme.md create mode 100644 mysql/Dockerfile create mode 100644 mysql/entrypoint.sh create mode 100644 nginx/Dockerfile create mode 100644 nginx/default.template create mode 100644 nginx/direct_edit/txtdelete.php create mode 100644 nginx/direct_edit/txtedit.conf create mode 100644 nginx/direct_edit/txtregist.php create mode 100644 nginx/execute.sh create mode 100644 nginx/local_certs/default.crt create mode 100644 nginx/local_certs/default.key create mode 100644 nginx/local_certs/dhparam.pem create mode 100644 nginx/nginx.conf create mode 100644 nginx/supervisord/conf.supervisord/cron.conf create mode 100644 nginx/supervisord/conf.supervisord/nginx.conf create mode 100644 nginx/supervisord/conf.supervisord/syslog_ng.conf create mode 100644 nginx/supervisord/supervisord.conf create mode 100644 nginx/uwsgi_params create mode 100644 staticfiles/media/.gitkeep create mode 100644 staticfiles/static/.gitkeep create mode 100644 syslog-ng.conf create mode 100755 wrapper.sh diff --git a/django/Dockerfile b/django/Dockerfile new file mode 100644 index 0000000..81f73c6 --- /dev/null +++ b/django/Dockerfile @@ -0,0 +1,69 @@ +FROM alpine:3.12.3 +ARG TZ=Asia/Tokyo + +LABEL maintainer="user" +LABEL description="build django" + +ENV PYTHONUNBUFFERED 1 +ENV PYTHONIOENCODING utf-8 +ENV SRC_ROOT_PATH /code + +# copy python libraries to root directory +COPY ./requirements.txt / + +# Install +RUN apk --no-cache update \ + && apk add --no-cache bash tzdata gettext pcre-dev mysql-client bind-tools libuuid syslog-ng \ + mariadb-dev mariadb-connector-c-dev libsodium libxml2-dev supervisor \ + && cp /usr/share/zoneinfo/${TZ} /etc/localtime \ + && echo ${TZ} > /etc/timezone \ + \ + # install temporary libraries + \ + && apk add --no-cache --virtual .build-deps \ + gcc musl-dev libffi-dev g++ libgcc libstdc++ libxslt-dev python3-dev \ + libc-dev linux-headers openssl-dev curl shadow cargo rust \ + jpeg-dev zlib-dev freetype-dev lcms2-dev openjpeg-dev tiff-dev tk-dev tcl-dev \ + \ + # install python3 + \ + && apk add --no-cache python3 \ + \ + # install pip + \ + && python3 -m ensurepip \ + && rm -r /usr/lib/python*/ensurepip \ + && pip3 install --upgrade pip setuptools \ + \ + # create symbolic link + \ + && ln -sf /usr/bin/python3 /usr/bin/python \ + && ln -sf /usr/bin/pip3 /usr/bin/pip \ + \ + # install python libraries + \ + && pip install -r /requirements.txt \ + \ + # create user + \ + && useradd -s /sbin/nologin -M -d /dev/null nginx \ + \ + # delete temporary libraries + \ + && apk --purge del .build-deps \ + && mkdir -p ${SRC_ROOT_PATH} \ + && mkdir -p /data \ + && echo -n > /var/log/uwsgi.log \ + && echo -n > /var/log/daphne.log \ + && rm -rf /root/.cache /var/cache/apk/* /tmp/* + +EXPOSE 8081 +# change work directory +WORKDIR ${SRC_ROOT_PATH} +# add supervisor configuration +COPY ./supervisord /data/supervisord +# add shell script +COPY ./start.sh /start.sh +RUN chmod 777 /start.sh + +CMD ["/start.sh"] diff --git a/django/Readme.md b/django/Readme.md new file mode 100644 index 0000000..92815d2 --- /dev/null +++ b/django/Readme.md @@ -0,0 +1,52 @@ +# Django +## Run makemigrations and migrate +Migrations are how Django stores changes to your models. To do this, from the command line, run the following command, where "app-name" is a Django's application name. + +```bash +python manage.py makemigrations app-name +# ex. +# python manage.py makemigrations sns +``` + +By running makemigrations, you're telling Django that you've made some changes to your models and that you'd like the chages to be stored as a migration. + +There's a command that will run the migrations for you and manage your database schema automatically - that's called migrate. +Now, run migrate to create your model tables in your database. + +```bash +python manage.py migrate +``` + +Please remember the tree-step guid to making model changes: +1. Change your models (in models.py). +1. Run `python manage.py makemigrations app-name` to create migrations for those changes in your application. +1. Run `python manage.py migrate` to apply those changes to the database. + +## Create superuser account +To create superuser account, let's run following command, where `DJANGO_SUPERUSER_NAME`, `DJANGO_SUPERUSER_EMAIL`, and `DJANGO_SUPERUSER_PASSWORD` are environment variables +defined by `env_file/django/.env`. + +```bash +python manage.py custom_createsuperuser \ + --username ${DJANGO_SUPERUSER_NAME} \ + --email ${DJANGO_SUPERUSER_EMAIL} \ + --password ${DJANGO_SUPERUSER_PASSWORD} +``` + +## Create multilingual localization messages +```bash +django-admin.py makemessages -l ja +# edit .po files +django-admin.py compilemessages +``` + +## Set Time Zone for AXES +In MySQL container, let's run following command to set time zone. + +```bash +mysql_tzinfo_to_sql /usr/share/zoneinfo | mysql -D mysql -u root -proot_password # Must not set space between "-p" and "root_password". +# +# please wait for few minutes ... +# +mysql -u root -proot_password -e "flush tables;" mysql # if this command succeeded, no message is displayed. +``` diff --git a/django/requirements.txt b/django/requirements.txt new file mode 100644 index 0000000..4af3c2b --- /dev/null +++ b/django/requirements.txt @@ -0,0 +1,11 @@ +Django==3.1.8 +pytz==2021.1 +sqlparse==0.3.0 +mysqlclient==2.0.3 +requests==2.25.1 +uWSGI==2.0.19.1 +django-import-export==2.5.0 +django-filter==2.4.0 +django-axes==5.13.0 +django-bootstrap-breadcrumbs==0.9.2 +django-markdownx==3.0.1 \ No newline at end of file diff --git a/django/start.sh b/django/start.sh new file mode 100644 index 0000000..284463a --- /dev/null +++ b/django/start.sh @@ -0,0 +1,20 @@ +#!/bin/bash + +# Waiting for MySQL database to be ready ... +db_cmd="mysql -h ${DB_HOST} -u ${MYSQL_USER} "-p${MYSQL_PASSWORD}"" +counter=1 + +while ! ${db_cmd} -e "show databases;" > /dev/null 2>&1; do + sleep 1 + counter=$(expr ${counter} + 1) +done +echo "[Django]" $(date "+%Y/%m/%d-%H:%M:%S") MySQL database ready! "(${counter}sec)" + +# update permission +if [ -e /media ]; then + chmod 777 /media +fi + +# start supervisor +echo "[supervisord]" $(date "+%Y/%m/%d-%H:%M:%S") start +exec /usr/bin/supervisord -c /data/supervisord/supervisord.conf diff --git a/django/supervisord/conf.supervisord/syslog_ng.conf b/django/supervisord/conf.supervisord/syslog_ng.conf new file mode 100644 index 0000000..a439860 --- /dev/null +++ b/django/supervisord/conf.supervisord/syslog_ng.conf @@ -0,0 +1,6 @@ +[program:syslog-ng] +command=/usr/sbin/syslog-ng --foreground --no-caps +stdout_logfile=/dev/stdout +stdout_logfile_maxbytes=0 +stderr_logfile=/dev/stderr +stderr_logfile_maxbytes=0 diff --git a/django/supervisord/conf.supervisord/uwsgi.conf b/django/supervisord/conf.supervisord/uwsgi.conf new file mode 100644 index 0000000..40db49d --- /dev/null +++ b/django/supervisord/conf.supervisord/uwsgi.conf @@ -0,0 +1,9 @@ +[program:uwsgi] +# Project directory +directory=/code +# Application +command=uwsgi --ini /uwsgi.ini +user=root +redirect_stderr=true +autostart=true +autorestart=true diff --git a/django/supervisord/supervisord.conf b/django/supervisord/supervisord.conf new file mode 100644 index 0000000..d427554 --- /dev/null +++ b/django/supervisord/supervisord.conf @@ -0,0 +1,20 @@ +[supervisord] +nodaemon=true +user=root +logfile=/dev/stdout +pidfile=/var/run/supervisord.pid +logfile_maxbytes=0 +loglevel=info + +[unix_http_server] +file=/var/run/supervisord.sock + +; rpc interface for supervisorctl +[rpcinterface:supervisor] +supervisor.rpcinterface_factory=supervisor.rpcinterface:make_main_rpcinterface + +[supervisorctl] +serverurl=unix:///var/run/supervisord.sock + +[include] +files=/data/supervisord/conf.supervisord/*.conf diff --git a/django/uwsgi.ini b/django/uwsgi.ini new file mode 100644 index 0000000..489cded --- /dev/null +++ b/django/uwsgi.ini @@ -0,0 +1,22 @@ +[uwsgi] +user = nginx +uid = nginx +gid = nginx +project = manager +base = /code + +chdir = %(base) +wsgi-file = %(base)/%(project)/wsgi.py +logger = syslog:uwsgi +module = %(project).wsgi:application +master = true +enable-threads = true +thunder-lock = true +max-requests = 1024 +processes = 2 +threads = 4 +vacuum = true +socket = :8081 +close-on-exec = true +die-on-term = true +py-autoreload = 1 diff --git a/docker-compose.yml b/docker-compose.yml new file mode 100644 index 0000000..725549d --- /dev/null +++ b/docker-compose.yml @@ -0,0 +1,116 @@ +version: '3.4' + +services: + # Setup reverse proxy + nginx: + # Build target + build: + context: ./nginx + # Dockerfile + dockerfile: Dockerfile + # image name + image: custom_nginx + restart: always + # Container name + container_name: nginx + # Setup port + ports : + - "443:443" + env_file: + - env_file/nginx/.env + environment: + DEVELOP_MODE: "TRUE" + volumes: + - certs:/etc/letsencrypt + - ./staticfiles/static:/static:ro + - ./staticfiles/media:/media + - ./nginx/uwsgi_params:/etc/nginx/uwsgi_params:ro + - ./nginx/nginx.conf:/etc/nginx/nginx.conf:ro + - ./syslog-ng.conf:/etc/syslog-ng/conf.d/syslog-ng-extra.conf:ro + - ./nginx/default.template:/etc/nginx/template/default.template:ro + logging: + driver: "json-file" + options: + max-size: "10m" + max-file: "3" + depends_on: + - django + networks: + - frontend_bridge + + django: + # Build target + build: + context: ./django + # Dockerfile + dockerfile: Dockerfile + # Image name + image: custom_django + # Container name + container_name: django + restart: always + # Setup environment variables + env_file: + - env_file/django/.env # for django + - env_file/mysql/.env # for mysql root information + environment: + DB_HOST: mysql + # Relationship config file to container directory + volumes: + - ./staticfiles/media:/media + - ./django/src:/code + - ./django/uwsgi.ini:/uwsgi.ini:ro + - ./syslog-ng.conf:/etc/syslog-ng/conf.d/syslog-ng-extra.conf:ro + logging: + driver: "json-file" + options: + max-size: "10m" + max-file: "3" + depends_on: + - mysql + # Setup port + expose: + - "8081" + networks: + - frontend_bridge + - backend_bridge + + # database + mysql: + # Build target + build: + context: ./mysql + # Dockerfile + dockerfile: Dockerfile + # Image name + image: custom_mysql.utf8mb4_jp + # Container name + container_name: mysql + restart: always + # Setup environment variables + env_file: + - env_file/mysql/.env # for mysql root information + # Relationship config file to container directory + volumes: + - database:/var/lib/mysql + logging: + driver: "json-file" + options: + max-size: "10m" + max-file: "3" + # Setup port + expose: + - "3306" + networks: + - backend_bridge + +# Setup network +networks: + frontend_bridge: + name: frontend_network + backend_bridge: + name: backend_network + +volumes: + database: + certs: diff --git a/env_file/django/Readme.md b/env_file/django/Readme.md new file mode 100644 index 0000000..65e2604 --- /dev/null +++ b/env_file/django/Readme.md @@ -0,0 +1,14 @@ +# Create .env file +An example follows: + +```bash +DJANGO_SECRET_KEY=abcdefghijklmnopqrstuvwxyz0123456789 +DJANGO_EMAIL_ADDR=user@example.com +DJANGO_EMAIL_PASSWORD=password +DJANGO_SUPERUSER_NAME=superuser +DJANGO_SUPERUSER_EMAIL=superuser@django.local +DJANGO_SUPERUSER_PASSWORD=superuserpassword +DJANGO_DEBUG_FLAG=True +DJANGO_WWW_VHOST=www.example.com +DJANGO_MEDIA_ROOT=/storage +``` diff --git a/env_file/mysql/Readme.md b/env_file/mysql/Readme.md new file mode 100644 index 0000000..793cc2d --- /dev/null +++ b/env_file/mysql/Readme.md @@ -0,0 +1,11 @@ +# Create .env file +An example follows: + +```bash +MYSQL_ROOT_PASSWORD=rootpassowrd +MYSQL_DATABASE=database +MYSQL_USER=user +MYSQL_PASSWORD=password +MYSQL_CHARSET=utf8mb4 +MYSQL_COLLATION=utf8mb4_unicode_ci +``` diff --git a/env_file/nginx/Readme.md b/env_file/nginx/Readme.md new file mode 100644 index 0000000..f626c21 --- /dev/null +++ b/env_file/nginx/Readme.md @@ -0,0 +1,14 @@ +# Create .evn file +An example follows: + +```bash +MYDNSJP_MASTER_ID=masterid +MYDNSJP_PASSWORD=password +MYDNS_EMAIL_ADDR=user@example.com +BASE_DOMAIN_NAME=example.com +VHOST_NAME=www.example.com +SSL_CERT_PATH=/etc/nginx/default_certs/default.crt +SSL_CERTKEY_PATH=/etc/nginx/default_certs/default.key +SSL_STAPLING_VERIFY=off +SSL_TRUSTED_CERTIFICATE_PATH=/etc/nginx/default_certs/default.crt +``` \ No newline at end of file diff --git a/mysql/Dockerfile b/mysql/Dockerfile new file mode 100644 index 0000000..0659220 --- /dev/null +++ b/mysql/Dockerfile @@ -0,0 +1,29 @@ +FROM alpine:3.12.3 +ARG TZ=Asia/Tokyo + +LABEL maintainer="user" +LABEL description="build mariadb" + +# Install +RUN apk --no-cache update \ + && apk --no-cache add bash tzdata \ + && cp /usr/share/zoneinfo/${TZ} /etc/localtime \ + && echo ${TZ} > /etc/timezone \ + && apk add --no-cache mariadb mariadb-client mariadb-server-utils pwgen \ + && mkdir /scripts \ + && mkdir /docker-entrypoint-initdb.d \ + && rm -f /var/cache/apk/* + +# Add shell script +COPY ./entrypoint.sh /scripts/entrypoint.sh +RUN mkdir -p /scripts/pre-init.d \ + && mkdir -p /scripts/pre-exec.d \ + && chmod -R 755 /scripts + +VOLUME ["/var/lib/mysql"] + +EXPOSE 3306 + +ENTRYPOINT ["/scripts/entrypoint.sh"] + +CMD ["--character-set-server=utf8mb4", "--collation-server=utf8mb4_unicode_ci"] diff --git a/mysql/entrypoint.sh b/mysql/entrypoint.sh new file mode 100644 index 0000000..1c915e1 --- /dev/null +++ b/mysql/entrypoint.sh @@ -0,0 +1,112 @@ +#!/bin/bash + +if [ -d "/run/mysqld" ]; then + echo "[info] mysqld already present, skipping creation" + chown -R mysql:mysql /run/mysqld +else + echo "[info] mysqld not found, creating...." + mkdir -p /run/mysqld + chown -R mysql:mysql /run/mysqld +fi + +if [ -d /var/lib/mysql/mysql ]; then + echo "[info] MySQL directory already present, skipping creation" + chown -R mysql:mysql /var/lib/mysql +else + # execute pre-init scripts in initialization + for file in /scripts/pre-init.d/*.sh; do + if [ -e "${file}" ]; then + echo "[info] pre-init.d - processing ${file}" + . "${file}" + fi + done + echo "[info] MySQL data directory not found, creating initial DBs" + + chown -R mysql:mysql /var/lib/mysql + + mysql_install_db --user=mysql --ldata=/var/lib/mysql > /dev/null + + if [ "${MYSQL_ROOT_PASSWORD}" = "" ]; then + MYSQL_ROOT_PASSWORD=`pwgen 16 1` + echo "[info] MySQL root Password: ${MYSQL_ROOT_PASSWORD}" + fi + + MYSQL_DATABASE=${MYSQL_DATABASE:-""} + MYSQL_USER=${MYSQL_USER:-""} + MYSQL_PASSWORD=${MYSQL_PASSWORD:-""} + + tfile=`mktemp` + if [ ! -f "${tfile}" ]; then + return 1 + fi + + cat << _EOF_ > ${tfile} +USE mysql ; +FLUSH PRIVILEGES ; +GRANT ALL ON *.* TO 'root'@'%' identified by '${MYSQL_ROOT_PASSWORD}' WITH GRANT OPTION ; +GRANT ALL ON *.* TO 'root'@'localhost' identified by '${MYSQL_ROOT_PASSWORD}' WITH GRANT OPTION ; +SET PASSWORD FOR 'root'@'localhost'=PASSWORD('${MYSQL_ROOT_PASSWORD}') ; +DROP USER IF EXISTS ''@'localhost' ; +DROP DATABASE IF EXISTS test ; +FLUSH PRIVILEGES ; +_EOF_ + + if [ "${MYSQL_DATABASE}" != "" ]; then + echo "[info] Creating database: ${MYSQL_DATABASE}" + if [ "${MYSQL_CHARSET}" != "" ] && [ "${MYSQL_COLLATION}" != "" ]; then + echo "[info] with character set [${MYSQL_CHARSET}] and collation [${MYSQL_COLLATION}]" + echo "CREATE DATABASE IF NOT EXISTS \`${MYSQL_DATABASE}\` CHARACTER SET ${MYSQL_CHARSET} COLLATE ${MYSQL_COLLATION};" >> ${tfile} + else + echo "[info] with character set: 'utf8' and collation: 'utf8_general_ci'" + echo "CREATE DATABASE IF NOT EXISTS \`${MYSQL_DATABASE}\` CHARACTER SET utf8 COLLATE utf8_general_ci;" >> ${tfile} + fi + + if [ "${MYSQL_USER}" != "" ]; then + echo "[info] Creating user: ${MYSQL_USER} with password ${MYSQL_PASSWORD}" + echo "GRANT ALL ON \`${MYSQL_DATABASE}\`.* to '${MYSQL_USER}'@'%' IDENTIFIED BY '${MYSQL_PASSWORD}';" >> ${tfile} + fi + fi + + mysqld_cmd="/usr/bin/mysqld --user=mysql --bootstrap --verbose=0 --skip-name-resolve --skip-networking=0" + cat ${tfile} | ${mysqld_cmd} + rm -f ${tfile} + + echo "$0: running sql in /docker-entrypoint-initdb.d" + target_dir=/docker-entrypoint-initdb.d + ls -v ${target_dir} | while read file; do + file_path=${target_dir}/${file} + + case "${file}" in + *.sql) + echo "=== ${file_path} ===" + cat "${file_path}" | ${mysqld_cmd} + echo "====================" + ;; + + *.sql.gz) + echo "=== ${file_path} ===" + gunzip -c "${file_path}" | ${mysqld_cmd} + echo "====================" + ;; + *) + echo "$0: ignoring or entrypoint initdb empty ${file_path}" + ;; + esac + done + + echo + echo 'MySQL init process done. Ready for start up.' + echo + + echo "exec /usr/bin/mysqld --user=mysql --console --skip-name-resolve --skip-networking=0" "$@" +fi + +# execute any pre-exec scripts +for file in /scripts/pre-exec.d/*sh; do + if [ -e "${file}" ]; then + echo "[info] pre-exec.d - processing ${file}" + . ${file} + fi +done + +exec /usr/bin/mysqld --user=mysql --console --skip-name-resolve --skip-networking=0 $@ diff --git a/nginx/Dockerfile b/nginx/Dockerfile new file mode 100644 index 0000000..0b44737 --- /dev/null +++ b/nginx/Dockerfile @@ -0,0 +1,50 @@ +FROM alpine:3.12.3 +ARG TZ=Asia/Tokyo + +LABEL maintainer="user" +LABEL description="build nginx" + +# Install +RUN apk --no-cache update \ + && apk --no-cache add bash tzdata shadow gettext \ + && useradd -s /sbin/nologin -M -d /dev/null nginx \ + && cp /usr/share/zoneinfo/${TZ} /etc/localtime \ + && echo ${TZ} > /etc/timezone \ + && apk add --no-cache php php-mbstring php-openssl certbot supervisor syslog-ng \ + && apk add --no-cache nginx \ + && mkdir -p /static \ + && mkdir -p /etc/letsencrypt \ + && mkdir -p /etc/nginx/template \ + && mkdir -p /data \ + && apk del shadow \ + && rm -rf /var/cache/apk/* + +# Set environment +ENV MYDNSJP_MASTER_ID masterid +ENV MYDNSJP_PASSWORD password +ENV MYDNS_EMAIL_ADDR user@example.com +ENV BASE_DOMAIN_NAME example.com +ENV VHOST_NAME www.example.com +ENV SSL_CERT_PATH /etc/nginx/default_certs/default.crt +ENV SSL_CERTKEY_PATH /etc/nginx/default_certs/default.key +ENV SSL_STAPLING_VERIFY off +ENV SSL_TRUSTED_CERTIFICATE_PATH /etc/nginx/default_certs/default.crt + +VOLUME ["/etc/letsencrypt"] + +# add supervisor +COPY ./supervisord /data/supervisord +# add dns-01 script +COPY ./direct_edit /data/direct_edit +# copy certs to default_certs +COPY ./local_certs /etc/nginx/default_certs + +COPY ./execute.sh /execute.sh +RUN chmod 755 /execute.sh \ + && chmod 600 /data/direct_edit/*.conf \ + && chmod 700 /data/direct_edit/*.php \ + && cp -f /var/spool/cron/crontabs/root /data/original.root + +EXPOSE 443 + +CMD ["/execute.sh"] diff --git a/nginx/default.template b/nginx/default.template new file mode 100644 index 0000000..7db5dfb --- /dev/null +++ b/nginx/default.template @@ -0,0 +1,104 @@ +# If we receive X-Forwarded-Proto, pass it through; otherwise, pass along the +# scheme used to connect to this server +map $http_x_forwarded_proto $proxy_x_forwarded_proto { + default $http_x_forwarded_proto; + '' $scheme; +} +# If we receive X-Forwarded-Port, pass it through; otherwise, pass along the +# server port the client connected to +map $http_x_forwarded_port $proxy_x_forwarded_port { + default $http_x_forwarded_port; + '' $server_port; +} +# If we receive Upgrade, set Connection to "upgrade"; otherwise, delete any +# Connection header that may have been passed to this server +map $http_upgrade $proxy_connection { + default upgrade; + '' close; +} +# Set appropriate X-Forwarded-Ssl header +map $scheme $proxy_x_forwarded_ssl { + default off; + https on; +} +gzip_types text/plain text/css application/javascript application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript; + +# HTTP 1.1 support +proxy_http_version 1.1; +proxy_buffering off; +proxy_set_header Upgrade $http_upgrade; +proxy_set_header Connection $proxy_connection; +proxy_set_header X-Forwarded-Proto $proxy_x_forwarded_proto; +proxy_set_header X-Forwarded-Ssl $proxy_x_forwarded_ssl; +proxy_set_header X-Forwarded-Port $proxy_x_forwarded_port; +# Mitigate httpoxy attack (see README for details) +proxy_set_header Proxy ""; + +upstream backend { + ip_hash; + server django:8081; +} + +server { + server_name _; # This is just an invalid value which will never trigger on a real hostname. + listen 80; + access_log off; + error_log /dev/null crit; + return 503; +} +server { + server_name _; # This is just an invalid value which will never trigger on a real hostname. + listen 443 ssl http2; + access_log off; + error_log /dev/null crit; + ssl_protocols TLSv1.2 TLSv1.3; + ssl_ciphers 'ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384'; + ssl_prefer_server_ciphers off; + ssl_session_cache shared:SSL:1m; + ssl_session_tickets off; + ssl_certificate /etc/nginx/default_certs/default.crt; + ssl_certificate_key /etc/nginx/default_certs/default.key; + ssl_dhparam /etc/nginx/default_certs/dhparam.pem; + return 503; +} + +server { + server_name ${VHOST_NAME}; + listen 443 ssl http2; + access_log /dev/stdout main; + error_log /dev/stderr error; + # setup SSL/TLS + ssl_protocols TLSv1.3; + ssl_ciphers 'HIGH !aNULL !eNULL !kECDH !DSS !MD5 !EXP !PSK !SRP !CAMELLIA !SEED !RSA'; + ssl_prefer_server_ciphers on; + ssl_session_timeout 5m; + ssl_session_tickets off; + ssl_certificate ${SSL_CERT_PATH}; + ssl_certificate_key ${SSL_CERTKEY_PATH}; + ssl_dhparam /etc/nginx/default_certs/dhparam.pem; + ssl_stapling on; + ssl_stapling_verify ${SSL_STAPLING_VERIFY}; + ssl_trusted_certificate ${SSL_TRUSTED_CERTIFICATE_PATH}; + resolver 8.8.4.4 8.8.8.8 valid=300s; + resolver_timeout 15s; + add_header Strict-Transport-Security "max-age=31536000" always; + client_max_body_size 32M; + + location /static/ { + alias /static/; + } + location /media/ { + alias /media/; + } + + location / { + uwsgi_pass backend; + include /etc/nginx/uwsgi_params; + + proxy_redirect off; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Host $server_name; + } +} \ No newline at end of file diff --git a/nginx/direct_edit/txtdelete.php b/nginx/direct_edit/txtdelete.php new file mode 100644 index 0000000..a3ae845 --- /dev/null +++ b/nginx/direct_edit/txtdelete.php @@ -0,0 +1,100 @@ +#!/usr/bin/php + + + + + + + + array('method' => 'POST', + 'header' => implode("\r\n", $MYDNSJP_HEADERS), + 'content' => $MYDNSJP_QUERY) + ); + +// 指定したURIに対してコンテクストリソースを投げてコンテンツを取得する。 +$MYDNSJP_CONTENTS = file_get_contents($MYDNSJP_URL, false, stream_context_create($POST_OPTIONS)); + +// -------------------------------- +// 以下はデバッグ用 +// -------------------------------- +$DEBUG = ""; +/* +foreach ($CERTBOT_ENV as $CERTBOT_ENV_NAME => $CERTBOT_ENV_VALUE) +{ + if ($CERTBOT_ENV_VALUE === FALSE) + { + $DEBUG .= $CERTBOT_ENV_NAME.'=FALSE'."\n"; + } + else + { + $DEBUG .= $CERTBOT_ENV_NAME.'='.$CERTBOT_ENV_VALUE."\n"; + } +} +*/ +$DEBUG .= 'MYDNSJP_CONTENTS='.$MYDNSJP_CONTENTS."\n"; + +$DEBUG_LOG = fopen(__DIR__.'/debug.log', 'a+'); +fwrite($DEBUG_LOG, $DEBUG); +fclose($DEBUG_LOG); + +?> diff --git a/nginx/direct_edit/txtedit.conf b/nginx/direct_edit/txtedit.conf new file mode 100644 index 0000000..2125e3e --- /dev/null +++ b/nginx/direct_edit/txtedit.conf @@ -0,0 +1,13 @@ + + diff --git a/nginx/direct_edit/txtregist.php b/nginx/direct_edit/txtregist.php new file mode 100644 index 0000000..c564cfb --- /dev/null +++ b/nginx/direct_edit/txtregist.php @@ -0,0 +1,100 @@ +#!/usr/bin/php + + + + + + + + array('method' => 'POST', + 'header' => implode("\r\n", $MYDNSJP_HEADERS), + 'content' => $MYDNSJP_QUERY) + ); + +// 指定したURIに対してコンテクストリソースを投げてコンテンツを取得する。 +$MYDNSJP_CONTENTS = file_get_contents($MYDNSJP_URL, false, stream_context_create($POST_OPTIONS)); + +// -------------------------------- +// 以下はデバッグ用 +// -------------------------------- +$DEBUG = ""; +/* +foreach ($CERTBOT_ENV as $CERTBOT_ENV_NAME => $CERTBOT_ENV_VALUE) +{ + if ($CERTBOT_ENV_VALUE === FALSE) + { + $DEBUG .= $CERTBOT_ENV_NAME.'=FALSE'."\n"; + } + else + { + $DEBUG .= $CERTBOT_ENV_NAME.'='.$CERTBOT_ENV_VALUE."\n"; + } +} +*/ +$DEBUG .= 'MYDNSJP_CONTENTS='.$MYDNSJP_CONTENTS."\n"; + +$DEBUG_LOG = fopen(__DIR__.'/debug.log', 'a+'); +fwrite($DEBUG_LOG, $DEBUG); +fclose($DEBUG_LOG); + +?> diff --git a/nginx/execute.sh b/nginx/execute.sh new file mode 100644 index 0000000..398eb8c --- /dev/null +++ b/nginx/execute.sh @@ -0,0 +1,52 @@ +#!/bin/bash + +readonly certs_path=/etc/letsencrypt +readonly challenges="--preferred-challenges=dns" +readonly hooks="--manual-auth-hook /data/direct_edit/txtregist.php --manual-cleanup-hook /data/direct_edit/txtdelete.php" +readonly domains="-d ${BASE_DOMAIN_NAME} -d *.${BASE_DOMAIN_NAME}" +readonly server_name="--server https://acme-v02.api.letsencrypt.org/directory" +readonly email_addr="-m ${MYDNS_EMAIL_ADDR}" +readonly options="${challenges} ${hooks} ${domains} ${server_name} ${email_addr}" +readonly develop_mode="${DEVELOP_MODE:-FALSE}" + +if [ "${develop_mode}" = "TRUE" ]; then + # setup cron + echo "" > /var/spool/cron/crontabs/root +else + # ============== + # initialization + # ============== + # cron script + { + echo '#!/bin/bash' + echo "" + echo 'echo "[start]" $(date "+%Y/%m/%d-%H:%M:%S")' + echo "certbot renew --post-hook '/usr/bin/supervisorctl restart nginx'" + echo 'echo "[ end ]" $(date "+%Y/%m/%d-%H:%M:%S")' + } > /data/cron_script.sh + chmod 755 /data/cron_script.sh + + # setup cron + { + # cat /data/original.root + echo '23 1 * * *' "/data/cron_script.sh" + } > /var/spool/cron/crontabs/root + + # get cert + if [ ! -e ${certs_path}/live/${BASE_DOMAIN_NAME} ]; then + cp -f /etc/nginx/default_certs/dhparam.pem ${certs_path} + echo ============================================= + echo execute command + echo certbot certonly --manual ${options} --agree-tos --manual-public-ip-logging-ok + echo ============================================= + echo + echo -e "1\n" | certbot certonly --manual ${options} --agree-tos --manual-public-ip-logging-ok + fi +fi + +# create config file +cat /etc/nginx/template/default.template | envsubst '$$VHOST_NAME $$WORDPRESS_VHOST_NAME $$SSL_CERT_PATH $$SSL_CERTKEY_PATH $$SSL_STAPLING_VERIFY $$SSL_TRUSTED_CERTIFICATE_PATH' > /etc/nginx/conf.d/default.conf + +# start supervisor +echo "[supervisord]" $(date "+%Y/%m/%d-%H:%M:%S") start +exec /usr/bin/supervisord -c /data/supervisord/supervisord.conf diff --git a/nginx/local_certs/default.crt b/nginx/local_certs/default.crt new file mode 100644 index 0000000..380a99c --- /dev/null +++ b/nginx/local_certs/default.crt @@ -0,0 +1,30 @@ +-----BEGIN CERTIFICATE----- +MIIFOTCCAyGgAwIBAgIUCLe82n5LnUeEE6lzmuZv2ij0+fswDQYJKoZIhvcNAQEL +BQAwLDEqMCgGA1UEAwwhbGV0c2VuY3J5cHQtbmdpbngtcHJveHktY29tcGFuaW9u +MB4XDTIwMDQzMDEwMDIyNloXDTIxMDQzMDEwMDIyNlowLDEqMCgGA1UEAwwhbGV0 +c2VuY3J5cHQtbmdpbngtcHJveHktY29tcGFuaW9uMIICIjANBgkqhkiG9w0BAQEF +AAOCAg8AMIICCgKCAgEAt1j3mj0FDmbTLzZTrEeqH6tHx1tEHx+yto03AK1DDosI +oravRu4pLhl4uIw/3W67QDk8L1DOptjNNLZINU1hZ7tJCh7lddLEOO60T+24fo2R +iLP+KUs/VhL6TmTxMzEdBpCVroRaxh+DFGEIns648XvzUIPE4riCn7nbg2US7moe +O1trHcB8McwyNYAhfg0SsSexnfoqQr7mcH4+UmrXtQgIAVZ+ab7Ncp7jTQAdZgp9 +DkvvAqqqtKOw1WtHAhDAFZHWFCz6fYJRd3rjlnsDSIHcx8A/A7B4ksUZOnHfyYiq +GBqApBRAWTt7zF5zgXnrWboyiv0uCVQbRZs5/BQdCVWKZBx/K7p3uZ/Ff20mj0wA +Db0LALJIiDG87pg2j4U+4mS1Aov9GJJRkk+UfYEPsLtJgXairZt6K/huNEHEuDBn +vN3p6L4BDAJUeS5aGIpJvENVLHrM1IyiL0OK7eesb1NMnOGzKTS7g7Wh8hFD4/5P +2gM+rbStm8ytWZcXuz6HZMS1PwhT6KJd7MvVtu4jWckaGSbLAn0YrSId2h4mWNdX +fL/F/TLgLjwtztHFkNgw4FMkhjdY04zVglN4xK05ftK77SRSAe686YxGsvEJ0/Mv +VfrjSvqT4HCsBGBYD0OfiM1SqWrP/a8RA0q2FWmAF7gL0U7SXwGqXeAbQYfi9RsC +AwEAAaNTMFEwHQYDVR0OBBYEFDWzsg5w9M0HCV+ZJWj09pc9LjVTMB8GA1UdIwQY +MBaAFDWzsg5w9M0HCV+ZJWj09pc9LjVTMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZI +hvcNAQELBQADggIBAKhXnt+v7FhSYuZzpQZcSjRPlSwYnBZopg8GFxB+ApZEpK85 +SP9Ht4HFKH6Eq80Eav1ymQ2UxonHyKGK6hJoBAYf0zXT9PyBRe3vYoS9Hid4aORi +Iudc9OvHuVcVij2C0NhNKiDzc4zB+JvH3phEG5ahi36PMNbzfEAQBysMdB8MkF7U +5qjaMhqnSRDrhgzv2A9VRnGreQv+81CBcULrIMv2CbCavJwd3OOTNI7a9PTI9hLz +6JYIGlyZLrQFv2kt+Am9cs1PutkjrEMaa0sqWP3L+KmuP+/o67WPua8H6wiTdjt8 +RSho+hBnl6xnyKZZ2cEeau3bY/ajmQZuEWXceKYS2lQRcCHsUDpaIrLMttstkwWN +ccCTIXvZpLFSpSPkEqflGKs5j8tPbI15avQ4hdw0nrY3/EEJnlDXIviJD+6qG6HK +7bLuOzKO+WpNsTRsLJdLA/8x/+oa/KpTNUUFZCaNbfHT7PQ2xfSv+NJ/rYhEhBCR +/QviXtlzstU/2P+yW74GJU+6lwb3FxJ4PFBfDyioISz92KHvDAFqGQUZzJXpWzth +0TU0BgKLMqyfsxKEA0P3STNAgeWnMUH5dOS/mUCswjjFPPJkmptjZWYcX5flGYAE +1seQ8bWdgPdcuj72lHx3RyiEZlUc7FqUUUdjWgauDnDJUTiahR2g4rlW/g4H +-----END CERTIFICATE----- diff --git a/nginx/local_certs/default.key b/nginx/local_certs/default.key new file mode 100644 index 0000000..7ed1dde --- /dev/null +++ b/nginx/local_certs/default.key @@ -0,0 +1,52 @@ +-----BEGIN PRIVATE KEY----- +MIIJQwIBADANBgkqhkiG9w0BAQEFAASCCS0wggkpAgEAAoICAQC3WPeaPQUOZtMv +NlOsR6ofq0fHW0QfH7K2jTcArUMOiwiitq9G7ikuGXi4jD/dbrtAOTwvUM6m2M00 +tkg1TWFnu0kKHuV10sQ47rRP7bh+jZGIs/4pSz9WEvpOZPEzMR0GkJWuhFrGH4MU +YQiezrjxe/NQg8TiuIKfuduDZRLuah47W2sdwHwxzDI1gCF+DRKxJ7Gd+ipCvuZw +fj5Sate1CAgBVn5pvs1ynuNNAB1mCn0OS+8Cqqq0o7DVa0cCEMAVkdYULPp9glF3 +euOWewNIgdzHwD8DsHiSxRk6cd/JiKoYGoCkFEBZO3vMXnOBeetZujKK/S4JVBtF +mzn8FB0JVYpkHH8rune5n8V/bSaPTAANvQsAskiIMbzumDaPhT7iZLUCi/0YklGS +T5R9gQ+wu0mBdqKtm3or+G40QcS4MGe83enovgEMAlR5LloYikm8Q1UseszUjKIv +Q4rt56xvU0yc4bMpNLuDtaHyEUPj/k/aAz6ttK2bzK1Zlxe7PodkxLU/CFPool3s +y9W27iNZyRoZJssCfRitIh3aHiZY11d8v8X9MuAuPC3O0cWQ2DDgUySGN1jTjNWC +U3jErTl+0rvtJFIB7rzpjEay8QnT8y9V+uNK+pPgcKwEYFgPQ5+IzVKpas/9rxED +SrYVaYAXuAvRTtJfAapd4BtBh+L1GwIDAQABAoICAHq3sJpqxyyZhDZwfVatbN/f +i56SpqjSVZK8OBla3qwoQPJvpieqlqOFZvjW3pQ+XlShOnhM9NRV/huO+gu7LDv6 +7es5PMo89RtKIiPxb/A8nzFJkA9hjxX0g9be11Y1REE1mwoBCqTbSKfmPpfUs5Lm +LLgySiCZ8Mwp4RQ0HZS4MF34VVzHjhjinKSUi1ZMN7udXtPnMkwUbDbVOK9/VbuU +kY8brmbmz6otUOQj9Ils8cEU7/fv9WwMt/pQ4GkwfvCw+QHuDQbep9p5xUTeNxdb +3ENSmJrGjh1mkPk+aNQChh619m5cI6nWF4l1mogJ643WA6hlx191DP/s4sWnTLrl +QW5E7ipGHQF0CDF9xZiHf9fcZTZ16+Q2Jx9Rxk9AWYn5/O5XjI6uiAFp+aY0EEIc +JWt+STHA2U1OvEgL0qVNEmz0j7Tko86wyykarMTv77WYcUF6MVE8RYfj+8DUrOOl +cXRMSelvv559eV3c2wiJVKmmjSNccUpCO7CZleLLmKme5IvgQ0et/7ZLzVt5T8Xw +O2B4fdTBz8wqwzqjuePexN0THRFZ0KUvhZthIImJk4BdD8aasg+r4CNkNe1YO5Nh +PyOaG2jHU0x/82OxSomjmvNVDfM3nju5K6Oa3tqHFcIxOPdu7e8nXjhZQicuQKN7 +pJlWRzIjvopD3OJcelT5AoIBAQDkBH9SDrLlJWHS9f8WIjxgGg0kZgiiBBeG5D6X +ki1e3hbOKlYcEf8+RVos2VDb9cqgu6J0jpAUOB9nOTu8BLm8iE5Dq3cqvzCYV+Py +wSyFrzK0GEqw3sDxQstpSLDVJPKLu2ytKV3O9uQgg4BUOzsJEolLB8bAcFaQYgQ+ +6pRbIh4YuNnQHmwCEnz8LAaygr/5EWV4z2m7pdS6xzigkJHwo00Joc2G0mWyIrTV +3TUYem2sbMd1ZXGqYTUQsJgB7jeBxFpmr7jAEoFwR4BWfSBAgzu9lSu511PJTVSR +HULr9G7ibXHg6F0Djc46F401XSoFgGnS6ogXuVUScDpfZhS/AoIBAQDN2RiDkDgZ +B8Kin5/1xQefq87/8tW9oFQa9Ks2ML281Wv3bVhmilRUpRQTGIz+nMWolv08JMV0 +qHc3NgRIFPL8gkU5h74FJndlwCIialWwGuGpBEW8KfJPAMBIEpmDdY0eYNx1eCdU +Xs+5TbJ3FUT9T0XncPpDJTFHZRJNvpRD8fciZjAAW04U67elA8XMmCYSQRYHt3t1 +6K0Swm7E9pIiHeV3BHPkC5hGGFIg9KO1CcsbBLyc7zIcWXLKbCRYjmnR/QBsOez0 +xW3E12RMw9ACCiVFB86rsp1KRT4jFHVoj+pFl9UaHMVCrrqIkMGd4a697ialUjwb +KjvcaL8HH+qlAoIBAQDbkQkZd1YFGg4tGvzbz3PcBroJBsfhW5dcKYWsZvKRm8LS +HCp3NU1YJWhEL6+RYAoS5Rv2qSFMlw6GU7KVxuckCQ10VDSYUSr2SAwUwregs6hb +i9jAoH+i0vMVGw5M8RsuOvjXdjIDDfN266ozciXTAqp6Oa7FuGdi+T+lZjYd26in +nbkAk4rmI+9+1NZOJ2G88WeJAhGKxJEompaI5y3hTx7r24cSAKA0/P6twilSvPHH +S6h1/42Ix7pVq/d0RHPm3bE/mI6LRkamW/PVVQAtnzFzyaUle5gPDAwXANpkZCgy +mblDHf4TYgXoIq2zaVcBnTpKA9WxIqIs8y0CmEX5AoIBAF5LVWxm8xucL2+ZWYgW +woBFDqS2U2zy9bQHYiqHt1K6HSQRhc4rDahcmk6JD4VOwUiSKdyUJ5Nh3IKBDwMJ +/ajn79gDs2rejREiK0DCnw/1sGthFqS0PlgsSuh5BLNwdL12t2ZkLPf8GoGS8u6T +4q960dXMLgf2EJXY2cKdS4O4YnHyh4iSSrlQpSZFDSXEiKQSBopwZXDErguK330A +Sj6wnT2g34mWOiHZ4D1Sc29p1g1BZTkqZTURUIEjep7KVfUoRTpOappRmg/ybvKv +PCjDBwGRKv4B6wVrpKQjKglE65cHj0nP5hi+u5n1XYv6JrbAUhmnCvuSpCs6HE+i +MjUCggEBAMMdE2Mi5njGA1ecoujr44StLTctBewWmJaHtVhLX+mecAsdbd6qSIqg +M/o31RcT1RtRJJiV+097gyjywr9NieeRjLdYhRA+FZ6CSo2cBTTu1Wyce8U024fh +WW8xwzA4KDqi+e5ZkG1zUisKeAuh9hdEi1RZwVBCQFqHM5Rtof8aN6UCtL7bzzIs +iEmIaDc2veebR4qDaOCvpOzHiI31cwKwiVR4XLKNVb2mvoSkhpaVDlWzi1g7N15W +E957yX24C1jxkUKC8LD6CYCKwx8OCE0SQyBv7In9rGI74uZrt45fwzfNZBXNfVO7 +hFBWdco8HwcL2uaZnI+cxKXFHDaQjlo= +-----END PRIVATE KEY----- diff --git a/nginx/local_certs/dhparam.pem b/nginx/local_certs/dhparam.pem new file mode 100644 index 0000000..7751280 --- /dev/null +++ b/nginx/local_certs/dhparam.pem @@ -0,0 +1,8 @@ +-----BEGIN DH PARAMETERS----- +MIIBCAKCAQEA9E+DUN59qnA03GXzG2+DTI3KZ90H/DWegeKd6M4+EIYT5EX/gVYs +gWG1v3DLllaGmqNSAdCdODXF1S+lWmiXRo9xglq6yYyTKRHSrRIvHEqKatwKEXMk +dL1fmQuUVHc1b9UkiXw7ZhgSPGfDkl3CPvcp1h4vZsYGkW7OSuLuKYmCT9iIiB+o +biwrkzDzL0gRZ1xpsRntY+dlDvhY8y6+aJ489glSAxvisSHfVjvlIRnHb/fYRBSs ++Fmp6eZTBLwqUUNldP8Nxiwma5I6XNZw7dDOT3V7QHu8upmTXMMrdGDT4icEwqPV +d0BUc8eo4w0q1ItfxDZpikDakwSxR485AwIBAg== +-----END DH PARAMETERS----- diff --git a/nginx/nginx.conf b/nginx/nginx.conf new file mode 100644 index 0000000..1aabe4e --- /dev/null +++ b/nginx/nginx.conf @@ -0,0 +1,25 @@ +user nginx; +worker_processes auto; +error_log /dev/stderr error; +pid /var/run/nginx.pid; + +events { + worker_connections 1024; +} + +http { + include /etc/nginx/mime.types; + default_type application/octet-stream; + + log_format main '$remote_addr - $remote_user [$time_local] "$request" ' + '$status $body_bytes_sent "$http_referer" ' + '"$http_user_agent" "$http_x_forwarded_for"'; + access_log /dev/stdout main; + + sendfile on; + server_names_hash_bucket_size 128; + server_tokens off; + keepalive_timeout 65; + autoindex off; + include /etc/nginx/conf.d/*.conf; +} diff --git a/nginx/supervisord/conf.supervisord/cron.conf b/nginx/supervisord/conf.supervisord/cron.conf new file mode 100644 index 0000000..c2d3425 --- /dev/null +++ b/nginx/supervisord/conf.supervisord/cron.conf @@ -0,0 +1,6 @@ +[program:cron] +command=/usr/sbin/crond -f +stdout_syslog=true +stderr_syslog=true +autorestart=false +startentries=0 diff --git a/nginx/supervisord/conf.supervisord/nginx.conf b/nginx/supervisord/conf.supervisord/nginx.conf new file mode 100644 index 0000000..1943cc6 --- /dev/null +++ b/nginx/supervisord/conf.supervisord/nginx.conf @@ -0,0 +1,6 @@ +[program:nginx] +command=/usr/sbin/nginx -g 'daemon off;' +stdout_syslog=true +stderr_syslog=true +autorestart=false +startentries=0 diff --git a/nginx/supervisord/conf.supervisord/syslog_ng.conf b/nginx/supervisord/conf.supervisord/syslog_ng.conf new file mode 100644 index 0000000..a439860 --- /dev/null +++ b/nginx/supervisord/conf.supervisord/syslog_ng.conf @@ -0,0 +1,6 @@ +[program:syslog-ng] +command=/usr/sbin/syslog-ng --foreground --no-caps +stdout_logfile=/dev/stdout +stdout_logfile_maxbytes=0 +stderr_logfile=/dev/stderr +stderr_logfile_maxbytes=0 diff --git a/nginx/supervisord/supervisord.conf b/nginx/supervisord/supervisord.conf new file mode 100644 index 0000000..d427554 --- /dev/null +++ b/nginx/supervisord/supervisord.conf @@ -0,0 +1,20 @@ +[supervisord] +nodaemon=true +user=root +logfile=/dev/stdout +pidfile=/var/run/supervisord.pid +logfile_maxbytes=0 +loglevel=info + +[unix_http_server] +file=/var/run/supervisord.sock + +; rpc interface for supervisorctl +[rpcinterface:supervisor] +supervisor.rpcinterface_factory=supervisor.rpcinterface:make_main_rpcinterface + +[supervisorctl] +serverurl=unix:///var/run/supervisord.sock + +[include] +files=/data/supervisord/conf.supervisord/*.conf diff --git a/nginx/uwsgi_params b/nginx/uwsgi_params new file mode 100644 index 0000000..5abf809 --- /dev/null +++ b/nginx/uwsgi_params @@ -0,0 +1,16 @@ +uwsgi_param QUERY_STRING $query_string; +uwsgi_param REQUEST_METHOD $request_method; +uwsgi_param CONTENT_TYPE $content_type; +uwsgi_param CONTENT_LENGTH $content_length; + +uwsgi_param REQUEST_URI $request_uri; +uwsgi_param PATH_INFO $document_uri; +uwsgi_param DOCUMENT_ROOT $document_root; +uwsgi_param SERVER_PROTOCOL $server_protocol; +uwsgi_param REQUEST_SCHEME $scheme; +uwsgi_param HTTPS $https if_not_empty; + +uwsgi_param REMOTE_ADDR $remote_addr; +uwsgi_param REMOTE_PORT $remote_port; +uwsgi_param SERVER_PORT $server_port; +uwsgi_param SERVER_NAME $server_name; diff --git a/staticfiles/media/.gitkeep b/staticfiles/media/.gitkeep new file mode 100644 index 0000000..e69de29 diff --git a/staticfiles/static/.gitkeep b/staticfiles/static/.gitkeep new file mode 100644 index 0000000..e69de29 diff --git a/syslog-ng.conf b/syslog-ng.conf new file mode 100644 index 0000000..bb68e74 --- /dev/null +++ b/syslog-ng.conf @@ -0,0 +1,7 @@ +destination d_stdout { + pipe("/dev/stdout"); +}; +log { + source(s_sys); + destination(d_stdout); +}; diff --git a/wrapper.sh b/wrapper.sh new file mode 100755 index 0000000..707cea9 --- /dev/null +++ b/wrapper.sh @@ -0,0 +1,47 @@ +#!/bin/bash + +readonly CURRENT_DIR=$(cd $(dirname $0) && pwd) + +# ================ +# = main routine = +# ================ +while [ -n "$1" ]; do + case "$1" in + ps ) + docker-compose ps + shift + ;; + + logs ) + docker-compose logs -t | sort -t "|" -k 1,+2d + shift + ;; + + stop | restart | down ) + exe_opt="$1" + docker-compose ${exe_opt} + shift + ;; + + start ) + docker-compose up -d + shift + ;; + + build ) + docker-compose build + # delete image of none + docker images | grep '' | awk '{print $3;}' | xargs -I{} docker rmi {} + shift + ;; + + -h | --help | --usage ) + echo "Usage: $0 [build|start|stop|restart|down|ps|logs]" + shift + ;; + + * ) + shift + ;; + esac +done