diff options
-rw-r--r-- | .docker/.htaccess | 13 | ||||
-rw-r--r-- | .docker/nginx.conf | 73 | ||||
-rw-r--r-- | .docker/php-fpm.conf | 16 | ||||
-rwxr-xr-x | .docker/services.d/.s6-svscan/finish | 2 | ||||
-rwxr-xr-x | .docker/services.d/nginx/run | 2 | ||||
-rwxr-xr-x | .docker/services.d/php-fpm/run | 2 | ||||
-rw-r--r-- | .dockerignore | 44 | ||||
-rw-r--r-- | .gitattributes | 4 | ||||
-rw-r--r-- | CHANGELOG.md | 7 | ||||
-rw-r--r-- | Dockerfile | 61 | ||||
-rw-r--r-- | Dockerfile.armhf | 50 |
11 files changed, 272 insertions, 2 deletions
diff --git a/.docker/.htaccess b/.docker/.htaccess new file mode 100644 index 00000000..f601c1ee --- /dev/null +++ b/.docker/.htaccess | |||
@@ -0,0 +1,13 @@ | |||
1 | <IfModule version_module> | ||
2 | <IfVersion >= 2.4> | ||
3 | Require all denied | ||
4 | </IfVersion> | ||
5 | <IfVersion < 2.4> | ||
6 | Allow from none | ||
7 | Deny from all | ||
8 | </IfVersion> | ||
9 | </IfModule> | ||
10 | |||
11 | <IfModule !version_module> | ||
12 | Require all denied | ||
13 | </IfModule> | ||
diff --git a/.docker/nginx.conf b/.docker/nginx.conf new file mode 100644 index 00000000..07fba33f --- /dev/null +++ b/.docker/nginx.conf | |||
@@ -0,0 +1,73 @@ | |||
1 | user nginx nginx; | ||
2 | daemon off; | ||
3 | worker_processes 4; | ||
4 | pid /var/run/nginx.pid; | ||
5 | |||
6 | events { | ||
7 | worker_connections 768; | ||
8 | } | ||
9 | |||
10 | http { | ||
11 | include mime.types; | ||
12 | default_type application/octet-stream; | ||
13 | keepalive_timeout 20; | ||
14 | |||
15 | client_max_body_size 10m; | ||
16 | |||
17 | index index.html index.php; | ||
18 | |||
19 | server { | ||
20 | listen 80; | ||
21 | root /var/www/shaarli; | ||
22 | |||
23 | access_log /var/log/nginx/shaarli.access.log; | ||
24 | error_log /var/log/nginx/shaarli.error.log; | ||
25 | |||
26 | location ~ /\. { | ||
27 | # deny access to dotfiles | ||
28 | access_log off; | ||
29 | log_not_found off; | ||
30 | deny all; | ||
31 | } | ||
32 | |||
33 | location ~ ~$ { | ||
34 | # deny access to temp editor files, e.g. "script.php~" | ||
35 | access_log off; | ||
36 | log_not_found off; | ||
37 | deny all; | ||
38 | } | ||
39 | |||
40 | location ~* \.(?:ico|css|js|gif|jpe?g|png)$ { | ||
41 | # cache static assets | ||
42 | expires max; | ||
43 | add_header Pragma public; | ||
44 | add_header Cache-Control "public, must-revalidate, proxy-revalidate"; | ||
45 | } | ||
46 | |||
47 | location = /favicon.ico { | ||
48 | # serve the Shaarli favicon from its custom location | ||
49 | alias /var/www/shaarli/images/favicon.ico; | ||
50 | } | ||
51 | |||
52 | location / { | ||
53 | # Slim - rewrite URLs | ||
54 | try_files $uri /index.php$is_args$args; | ||
55 | } | ||
56 | |||
57 | location ~ (index)\.php$ { | ||
58 | # Slim - split URL path into (script_filename, path_info) | ||
59 | try_files $uri =404; | ||
60 | fastcgi_split_path_info ^(.+\.php)(/.+)$; | ||
61 | |||
62 | # filter and proxy PHP requests to PHP-FPM | ||
63 | fastcgi_pass unix:/var/run/php-fpm.sock; | ||
64 | fastcgi_index index.php; | ||
65 | include fastcgi.conf; | ||
66 | } | ||
67 | |||
68 | location ~ \.php$ { | ||
69 | # deny access to all other PHP scripts | ||
70 | deny all; | ||
71 | } | ||
72 | } | ||
73 | } | ||
diff --git a/.docker/php-fpm.conf b/.docker/php-fpm.conf new file mode 100644 index 00000000..0843c164 --- /dev/null +++ b/.docker/php-fpm.conf | |||
@@ -0,0 +1,16 @@ | |||
1 | [global] | ||
2 | daemonize = no | ||
3 | |||
4 | [www] | ||
5 | user = nginx | ||
6 | group = nginx | ||
7 | listen.owner = nginx | ||
8 | listen.group = nginx | ||
9 | catch_workers_output = yes | ||
10 | listen = /var/run/php-fpm.sock | ||
11 | pm = dynamic | ||
12 | pm.max_children = 20 | ||
13 | pm.start_servers = 1 | ||
14 | pm.min_spare_servers = 1 | ||
15 | pm.max_spare_servers = 3 | ||
16 | pm.max_requests = 2048 | ||
diff --git a/.docker/services.d/.s6-svscan/finish b/.docker/services.d/.s6-svscan/finish new file mode 100755 index 00000000..1dadeeaf --- /dev/null +++ b/.docker/services.d/.s6-svscan/finish | |||
@@ -0,0 +1,2 @@ | |||
1 | #!/bin/sh | ||
2 | /bin/true | ||
diff --git a/.docker/services.d/nginx/run b/.docker/services.d/nginx/run new file mode 100755 index 00000000..21e7b0d6 --- /dev/null +++ b/.docker/services.d/nginx/run | |||
@@ -0,0 +1,2 @@ | |||
1 | #!/bin/execlineb -P | ||
2 | nginx | ||
diff --git a/.docker/services.d/php-fpm/run b/.docker/services.d/php-fpm/run new file mode 100755 index 00000000..21dd0107 --- /dev/null +++ b/.docker/services.d/php-fpm/run | |||
@@ -0,0 +1,2 @@ | |||
1 | #!/bin/execlineb -P | ||
2 | php-fpm7 -F | ||
diff --git a/.dockerignore b/.dockerignore new file mode 100644 index 00000000..cdd0a894 --- /dev/null +++ b/.dockerignore | |||
@@ -0,0 +1,44 @@ | |||
1 | # Docker-ignore | ||
2 | .dev | ||
3 | .git | ||
4 | .github | ||
5 | tests | ||
6 | |||
7 | # Shaarli runtime resources | ||
8 | cache/* | ||
9 | data/* | ||
10 | pagecache/* | ||
11 | tmp/* | ||
12 | |||
13 | # Eclipse project files | ||
14 | .settings | ||
15 | .buildpath | ||
16 | .project | ||
17 | |||
18 | # Raintpl generated pages | ||
19 | *.rtpl.php | ||
20 | |||
21 | # 3rd-party dependencies | ||
22 | vendor/ | ||
23 | |||
24 | # Release archives | ||
25 | *.tar.gz | ||
26 | *.zip | ||
27 | inc/languages/*/LC_MESSAGES/shaarli.mo | ||
28 | |||
29 | # Development and test resources | ||
30 | coverage | ||
31 | doxygen | ||
32 | sandbox | ||
33 | phpmd.html | ||
34 | |||
35 | # User plugin configuration | ||
36 | plugins/*/config.php | ||
37 | |||
38 | # HTML documentation | ||
39 | doc/html/ | ||
40 | |||
41 | # 3rd party themes | ||
42 | tpl/* | ||
43 | !tpl/default | ||
44 | !tpl/vintage | ||
diff --git a/.gitattributes b/.gitattributes index b191e227..00070561 100644 --- a/.gitattributes +++ b/.gitattributes | |||
@@ -32,7 +32,9 @@ Dockerfile text | |||
32 | .travis.yml export-ignore | 32 | .travis.yml export-ignore |
33 | doc/**/*.json export-ignore | 33 | doc/**/*.json export-ignore |
34 | doc/**/*.md export-ignore | 34 | doc/**/*.md export-ignore |
35 | docker/ export-ignore | 35 | .docker/ export-ignore |
36 | .dockerignore export-ignore | ||
37 | Dockerfile* export-ignore | ||
36 | Doxyfile export-ignore | 38 | Doxyfile export-ignore |
37 | Makefile export-ignore | 39 | Makefile export-ignore |
38 | mkdocs.yml export-ignore | 40 | mkdocs.yml export-ignore |
diff --git a/CHANGELOG.md b/CHANGELOG.md index 14a4f143..4f72436b 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md | |||
@@ -4,8 +4,13 @@ All notable changes to this project will be documented in this file. | |||
4 | The format is based on [Keep a Changelog](http://keepachangelog.com/) | 4 | The format is based on [Keep a Changelog](http://keepachangelog.com/) |
5 | and this project adheres to [Semantic Versioning](http://semver.org/). | 5 | and this project adheres to [Semantic Versioning](http://semver.org/). |
6 | 6 | ||
7 | ## [v0.9.7](https://github.com/shaarli/Shaarli/releases/tag/v0.9.7) - UNPUBLISHED | ||
8 | ### Changed | ||
9 | - Build the Docker images from the local Git sources | ||
10 | |||
11 | |||
7 | ## [v0.9.6](https://github.com/shaarli/Shaarli/releases/tag/v0.9.6) - 2018-03-25 | 12 | ## [v0.9.6](https://github.com/shaarli/Shaarli/releases/tag/v0.9.6) - 2018-03-25 |
8 | ## Changed | 13 | ### Changed |
9 | - htaccess: prevent accessing resources not managed by SCM | 14 | - htaccess: prevent accessing resources not managed by SCM |
10 | - htaccess: always forward the 'Authorization' HTTP header | 15 | - htaccess: always forward the 'Authorization' HTTP header |
11 | 16 | ||
diff --git a/Dockerfile b/Dockerfile new file mode 100644 index 00000000..93146c52 --- /dev/null +++ b/Dockerfile | |||
@@ -0,0 +1,61 @@ | |||
1 | # Stage 1: | ||
2 | # - Copy Shaarli sources | ||
3 | # - Build documentation | ||
4 | FROM python:3-alpine as docs | ||
5 | ADD . /usr/src/app/shaarli | ||
6 | RUN cd /usr/src/app/shaarli \ | ||
7 | && pip install --no-cache-dir mkdocs \ | ||
8 | && mkdocs build | ||
9 | |||
10 | # Stage 2: | ||
11 | # - Resolve PHP dependencies with Composer | ||
12 | FROM composer:latest as composer | ||
13 | COPY --from=docs /usr/src/app/shaarli /app/shaarli | ||
14 | RUN cd shaarli \ | ||
15 | && composer --prefer-dist --no-dev install | ||
16 | |||
17 | # Stage 3: | ||
18 | # - Shaarli image | ||
19 | FROM alpine:3.6 | ||
20 | LABEL maintainer="Shaarli Community" | ||
21 | |||
22 | RUN apk --update --no-cache add \ | ||
23 | ca-certificates \ | ||
24 | nginx \ | ||
25 | php7 \ | ||
26 | php7-ctype \ | ||
27 | php7-curl \ | ||
28 | php7-fpm \ | ||
29 | php7-gd \ | ||
30 | php7-iconv \ | ||
31 | php7-intl \ | ||
32 | php7-json \ | ||
33 | php7-mbstring \ | ||
34 | php7-openssl \ | ||
35 | php7-session \ | ||
36 | php7-xml \ | ||
37 | php7-zlib \ | ||
38 | s6 | ||
39 | |||
40 | COPY .docker/nginx.conf /etc/nginx/nginx.conf | ||
41 | COPY .docker/php-fpm.conf /etc/php7/php-fpm.conf | ||
42 | COPY .docker/services.d /etc/services.d | ||
43 | |||
44 | RUN rm -rf /etc/php7/php-fpm.d/www.conf \ | ||
45 | && sed -i 's/post_max_size.*/post_max_size = 10M/' /etc/php7/php.ini \ | ||
46 | && sed -i 's/upload_max_filesize.*/upload_max_filesize = 10M/' /etc/php7/php.ini | ||
47 | |||
48 | |||
49 | WORKDIR /var/www | ||
50 | COPY --from=composer /app/shaarli shaarli | ||
51 | |||
52 | RUN chown -R nginx:nginx . \ | ||
53 | && ln -sf /dev/stdout /var/log/nginx/shaarli.access.log \ | ||
54 | && ln -sf /dev/stderr /var/log/nginx/shaarli.error.log | ||
55 | |||
56 | VOLUME /var/www/shaarli/data | ||
57 | |||
58 | EXPOSE 80 | ||
59 | |||
60 | ENTRYPOINT ["/bin/s6-svscan", "/etc/services.d"] | ||
61 | CMD [] | ||
diff --git a/Dockerfile.armhf b/Dockerfile.armhf new file mode 100644 index 00000000..24695633 --- /dev/null +++ b/Dockerfile.armhf | |||
@@ -0,0 +1,50 @@ | |||
1 | FROM lsiobase/alpine.armhf:3.6 | ||
2 | LABEL maintainer="Shaarli Community" | ||
3 | MAINTAINER Shaarli Community | ||
4 | |||
5 | RUN apk --update --no-cache add \ | ||
6 | ca-certificates \ | ||
7 | curl \ | ||
8 | nginx \ | ||
9 | php7 \ | ||
10 | php7-ctype \ | ||
11 | php7-curl \ | ||
12 | php7-fpm \ | ||
13 | php7-gd \ | ||
14 | php7-iconv \ | ||
15 | php7-intl \ | ||
16 | php7-json \ | ||
17 | php7-mbstring \ | ||
18 | php7-openssl \ | ||
19 | php7-phar \ | ||
20 | php7-session \ | ||
21 | php7-xml \ | ||
22 | php7-zlib \ | ||
23 | s6 | ||
24 | |||
25 | COPY .docker/nginx.conf /etc/nginx/nginx.conf | ||
26 | COPY .docker/php-fpm.conf /etc/php7/php-fpm.conf | ||
27 | COPY .docker/services.d /etc/services.d | ||
28 | |||
29 | RUN curl -sS https://getcomposer.org/installer | php7 -- --install-dir=/usr/local/bin --filename=composer \ | ||
30 | && rm -rf /etc/php7/php-fpm.d/www.conf \ | ||
31 | && sed -i 's/post_max_size.*/post_max_size = 10M/' /etc/php7/php.ini \ | ||
32 | && sed -i 's/upload_max_filesize.*/upload_max_filesize = 10M/' /etc/php7/php.ini | ||
33 | |||
34 | |||
35 | WORKDIR /var/www | ||
36 | RUN curl -L https://github.com/shaarli/Shaarli/archive/latest.tar.gz | tar xzf - \ | ||
37 | && mv Shaarli-latest shaarli \ | ||
38 | && cd shaarli \ | ||
39 | && composer --prefer-dist --no-dev install \ | ||
40 | && rm -rf ~/.composer \ | ||
41 | && chown -R nginx:nginx . \ | ||
42 | && ln -sf /dev/stdout /var/log/nginx/shaarli.access.log \ | ||
43 | && ln -sf /dev/stderr /var/log/nginx/shaarli.error.log | ||
44 | |||
45 | VOLUME /var/www/shaarli/data | ||
46 | |||
47 | EXPOSE 80 | ||
48 | |||
49 | ENTRYPOINT ["/bin/s6-svscan", "/etc/services.d"] | ||
50 | CMD [] | ||