budgethost/wordpress-stack
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Initial commit

Browse Source
This commit is contained in:
Rasmus Pedersen
2026-04-05 16:23:17 +00:00
commit 6c75e00159
42 changed files with 3859 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
.gitignore vendored Normal file
View File

@@ -0,0 +1,7 @@
.env
.env.*
node_modules/
data/
*.log
*.sock
*.pid

40
backup/Dockerfile Normal file
View File

@@ -0,0 +1,40 @@
FROM alpine
# Install required packages
RUN apk add --update --no-cache bash dos2unix
# Install python/pip
#RUN apk add --update --no-cache python3 && ln -sf python3 /usr/bin/python
#RUN python3 -m ensurepip --upgrade
#ENV PYTHONUNBUFFERED=1
# install any Python requirements used by the jobs
#RUN pip3 install colorama
#
RUN apk update && \
apk add mysql-client logrotate rsync perl nano rsnapshot
WORKDIR /usr/scheduler
# Copy files
COPY jobs/*.* ./jobs/
COPY crontab.* ./
COPY logrotate_backup_html ./
COPY logrotate_backup_sql ./
COPY rsnapshot.conf /etc/
COPY start.sh .
# Fix line endings && execute permissions
RUN dos2unix crontab.* *.sh jobs/*.*
#RUN find . -type f -iname "*.sh" -exec chmod +x
#RUN find . -type f -iname "*.py" -exec chmod +x
# create cron.log file
RUN touch /var/log/cron.log
# Run cron on container startup
CMD ["./start.sh"]

3
backup/crontab.Development Normal file
View File

@@ -0,0 +1,3 @@
0 3 * * * perl -le 'sleep rand 5000' && /usr/scheduler/jobs/html.sh
0 4 * * * perl -le 'sleep rand 5000' && /usr/scheduler/jobs/sql.sh

22
backup/jobs/html.sh Executable file
View File

@@ -0,0 +1,22 @@
#!/bin/bash
LOCK="/usr/scheduler/backup-html.lock"
if [ -f "$LOCK" ]; then
echo "Another instance of $0 is running, exiting..."
exit 1
fi
touch $LOCK # Creates the file
trap "rm $LOCK" EXIT
echo "Begining backup of HTML files..."
#if [ -f "/srv/backup/html/html.tar.gz" ]; then
# echo "Rotating existing backup files..."
# logrotate /usr/scheduler/logrotate_backup_html
#fi
#echo "Creating tar gzip archive..."
#tar -zcf /srv/backup/html/html.tar.gz /srv/data/html/
rsnapshot daily
echo "Backup finished!"

22
backup/jobs/sql.sh Executable file
View File

@@ -0,0 +1,22 @@
#!/bin/bash
LOCK="/usr/scheduler/backup-mysql.lock"
if [ -f "$LOCK" ]; then
echo "Another instance of $0 is running, exiting..."
exit 1
fi
touch $LOCK # Creates the file
trap "rm $LOCK" EXIT
echo "Beginging backup of DB_1..."
FILE=/srv/backup
if [ -f "/srv/backup/sql/db_1.sql.gz" ]; then
echo "Rotating existing backup files..."
logrotate /usr/scheduler/logrotate_backup_sql
fi
echo "Dumping datbase DB_1..."
mariadb-dump --skip-ssl --opt -h localhost -u root -p$MARIADB_ROOT_PASSWORD db_1 | gzip -c > /srv/backup/sql/db_1.sql.gz
echo "Backup finished!"

8
backup/logrotate_backup_html Normal file
View File

@@ -0,0 +1,8 @@
/srv/backup/html/html.tar.gz {
rotate 7
nocompress
extension .gz
dateext
dateyesterday
dateformat .%Y-%m-%d
}

9
backup/logrotate_backup_sql Normal file
View File

@@ -0,0 +1,9 @@
/srv/backup/sql/db_1.sql.gz {
rotate 60
size 1
nocompress
extension .gz
dateext
dateyesterday
dateformat .%Y-%m-%d
}

17
backup/rsnapshot.conf Normal file
View File

@@ -0,0 +1,17 @@
config_version 1.2
snapshot_root /srv/backup/html
cmd_cp /bin/cp
cmd_rm /bin/rm
cmd_rsync /usr/bin/rsync
cmd_logger /usr/bin/logger
retain daily 60
verbose 2
loglevel 3
lockfile /var/run/rsnapshot.pid
link_dest 1
backup /srv/data/html/ ./ +rsync_long_args=--no-relative

35
backup/start.sh Executable file
View File

@@ -0,0 +1,35 @@
#!/bin/bash
if [ -z "$SCHEDULER_ENVIRONMENT" ]; then
echo "SCHEDULER_ENVIRONMENT not set, assuming Development"
SCHEDULER_ENVIRONMENT="Development"
fi
# Select the crontab file based on the environment
CRON_FILE="crontab.$SCHEDULER_ENVIRONMENT"
#if [ ! -f "/srv/backup" ]; then
# echo "Creating backup directory"
# mkdir /srv/backup/
#fi
if [ ! -f "/srv/backup/html" ]; then
echo "Creating backup directory: HTML"
mkdir /srv/backup/html
fi
if [ ! -f "/srv/backup/sql" ]; then
echo "Creating backup directory: SQL"
mkdir /srv/backup/sql
fi
echo "Loading crontab file: $CRON_FILE"
# Load the crontab file
crontab $CRON_FILE
# Start cron
echo "Starting cron..."
crond -f

133
docker-compose.yml Normal file
View File

@@ -0,0 +1,133 @@
volumes:
data:
nxc:
mysql:
socket-redis:
socket-mysql:
networks:
default:
name: ${NETWORK}
external: true
services:
nginx:
build:
context: ./nginx
args:
- APP=wordpress
volumes:
- data:/var/www/
- nxc:/var/run/nginx-cache/
ports:
- "${PORT_HTTP}:80"
- "${PORT_SFTP}:22"
- "${PORT_PHPMYADMIN}:81"
restart: unless-stopped
php:
environment:
- UUID=${COMPOSE_PROJECT_NAME:-unknown}
build:
context: ./php
args:
- PHP_VERSION=${PHP_VERSION}
volumes:
- data:/var/www/
- nxc:/var/run/nginx-cache/
- socket-mysql:/var/run/mysqld/
- socket-redis:/var/run/redis/
network_mode: service:nginx
depends_on:
- nginx
restart: unless-stopped
deploy:
resources:
limits:
cpus: "${PHP_RESOURCES_LIMITS_CPUS}"
memory: "${PHP_RESOURCES_LIMITS_MEMORY}"
reservations:
memory: "${PHP_RESOURCES_RES_MEMORY}"
mysql:
build:
context: ./mariadb
environment:
- MARIADB_DATABASE=${MARIADB_DB1}
- MARIADB_ROOT_PASSWORD=${MARIADB_ROOT_PASSWORD}
- MARIADB_USER=${MARIADB_DBUSER1_USERNAME}
- MARIADB_PASSWORD=${MARIADB_DBUSER1_PASSWORD}
volumes:
- data:/var/www/
- mysql:/var/lib/mysql
- socket-mysql:/run/mysqld
network_mode: service:nginx
depends_on:
- nginx
restart: unless-stopped
phpmyadmin:
build:
context: ./phpmyadmin
environment:
- PMA_HOST=localhost
- UPLOAD_LIMIT=${PHPMYADMIN_UPLOAD_LIMIT}
volumes:
- socket-mysql:/var/run/mysqld/
network_mode: service:nginx
restart: unless-stopped
redis:
build:
context: ./redis
volumes:
- socket-redis:/tmp
network_mode: service:nginx
depends_on:
- nginx
restart: unless-stopped
deploy:
resources:
limits:
cpus: "${REDIS_RESOURCES_LIMITS_CPUS}"
memory: ${REDIS_RESOURCES_LIMITS_MEMORY}
reservations:
memory: ${REDIS_RESOURCES_RES_MEMORY}
sftp:
build:
context: ./sftp
args:
- SSHKEY1=${SFTP_SSHKEY1}
- SSHKEY2=${SFTP_SSHKEY2}
environment:
- SFTP_USERSS=${SFTP_USERS}
volumes:
- data:/home/${SFTP_FTPUSER1_USERNAME}
- /mnt/backup_docker/${COMPOSE_PROJECT_NAME}:/home/${SFTP_FTPUSER1_USERNAME}/backup
command: ${SFTP_FTPUSER1_USERNAME}:${SFTP_FTPUSER1_PASSWORD}:33:33
network_mode: service:nginx
restart: unless-stopped
cap_add:
- SYS_ADMIN
backup:
build:
context: ./backup
environment:
- MARIADB_ROOT_PASSWORD=$MARIADB_ROOT_PASSWORD
volumes:
- data:/srv/data/
- /mnt/backup_docker/${COMPOSE_PROJECT_NAME}:/srv/backup/
- socket-mysql:/var/run/mysqld/
restart: unless-stopped
deploy:
resources:
limits:
cpus: "1.0"
memory: 500M
reservations:
memory: 100M

43
mariadb/70-simplehost.cnf Normal file
View File

@@ -0,0 +1,43 @@
[mariadb]
# InnoDB basics
innodb_file_per_table=1
innodb_thread_concurrency=0
innodb_strict_mode=1
# Memory (fit into a 4GB container safely)
innodb_buffer_pool_size=2G
innodb_buffer_pool_instances=2
# Redo / durability
innodb_log_file_size=512M
innodb_log_buffer_size=64M
innodb_flush_log_at_trx_commit=2
innodb_flush_method=O_DIRECT
innodb_log_write_ahead_size=128K
# Disable query cache (WP usually worse with it)
query_cache_type=0
query_cache_size=0
# Temp tables
tmp_table_size=64M
max_heap_table_size=64M
# Connections / packets
max_connections=150
max_allowed_packet=128M
# Per-connection buffers (avoid RAM spikes)
sort_buffer_size=2M
join_buffer_size=2M
innodb_sort_buffer_size=2M
# Container/network sanity
skip-name-resolve
thread_cache_size=100
# Your existing choices
performance-schema=0
sql-mode="NO_ENGINE_SUBSTITUTION"
disable_log_bin
local-infile=0

61
mariadb/70-simplehost.cnf-old Normal file
View File

@@ -0,0 +1,61 @@
[mariadb]
innodb_flush_log_at_trx_commit=2
innodb_file_per_table=1
innodb_thread_concurrency=0
innodb_buffer_pool_size=4G
innodb_buffer_pool_instances=4
#innodb_buffer_pool_instances=8
innodb_log_file_size=1G
#innodb_log_file_size=256M
innodb_strict_mode = 0
query_cache_type=0
#query_cache_limit=2M
query_cache_size=0
#query_cache_min_res_unit=128
#query_cache_type=1
#query_cache_limit=2M
#query_cache_size=96M
#query_cache_min_res_unit=128
max_heap_table_size=64M
tmp_table_size=64M
performance-schema=0
sql-mode="NO_ENGINE_SUBSTITUTION"
# added on 29.Oct.2022
# especially for MySQL 8.0
#innodb_redo_log_capacity=512M # only if you have MySQL 8.0.30+
innodb_log_buffer_size=64M
#innodb_log_buffer_size=512M
innodb_log_write_ahead_size=128K
disable_log_bin
local-infile=1
max_connections=150
max_allowed_packet=128M
sort_buffer_size=2M
innodb_sort_buffer_size=2M
#sort_buffer_size=4M
#innodb_sort_buffer_size=2M
#innodb_force_recovery=5
skip-name-resolve
innodb_flush_method=O_DIRECT
thread_cache_size=100
table_open_cache=4000

3
mariadb/Dockerfile Normal file
View File

@@ -0,0 +1,3 @@
FROM mariadb
ADD 70-simplehost.cnf /etc/mysql/mariadb.conf.d

8
nginx/Dockerfile Normal file
View File

@@ -0,0 +1,8 @@
#FROM nginx:alpine
FROM nginx
#FROM nullunit/nginx-cache-purge
ARG APP
ADD default-${APP}.conf /etc/nginx/conf.d/default.conf
COPY nginx.conf /etc/nginx/nginx.conf

170
nginx/default-nextcloud.conf Normal file
View File

@@ -0,0 +1,170 @@
upstream php-handler {
server 127.0.0.1:9000;
#server unix:/var/run/php/php7.4-fpm.sock;
}
# Set the `immutable` cache control options only for assets with a cache busting `v` argument
map $arg_v $asset_immutable {
"" "";
default "immutable";
}
server {
listen 0.0.0.0:80;
root /var/www/html;
# Prevent nginx HTTP Server Detection
server_tokens off;
# HSTS settings
# WARNING: Only add the preload option once you read about
# the consequences in https://hstspreload.org/. This option
# will add the domain to a hardcoded list that is shipped
# in all major browsers and getting removed from this list
# could take several months.
#add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload" always;
# set max upload size and increase upload timeout:
client_max_body_size 512M;
client_body_timeout 300s;
fastcgi_buffers 64 4K;
# Enable gzip but do not remove ETag headers
gzip on;
gzip_vary on;
gzip_comp_level 4;
gzip_min_length 256;
gzip_proxied expired no-cache no-store private no_last_modified no_etag auth;
gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/wasm application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy;
# Pagespeed is not supported by Nextcloud, so if your server is built
# with the `ngx_pagespeed` module, uncomment this line to disable it.
#pagespeed off;
# The settings allows you to optimize the HTTP2 bandwitdth.
# See https://blog.cloudflare.com/delivering-http-2-upload-speed-improvements/
# for tunning hints
client_body_buffer_size 512k;
# HTTP response headers borrowed from Nextcloud `.htaccess`
add_header Referrer-Policy "no-referrer" always;
add_header X-Content-Type-Options "nosniff" always;
add_header X-Download-Options "noopen" always;
add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-Permitted-Cross-Domain-Policies "none" always;
add_header X-Robots-Tag "none" always;
add_header X-XSS-Protection "1; mode=block" always;
add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;";
# Remove X-Powered-By, which is an information leak
fastcgi_hide_header X-Powered-By;
# Specify how to handle directories -- specifying `/index.php$request_uri`
# here as the fallback means that Nginx always exhibits the desired behaviour
# when a client requests a path that corresponds to a directory that exists
# on the server. In particular, if that directory contains an index.php file,
# that file is correctly served; if it doesn't, then the request is passed to
# the front-end controller. This consistent behaviour means that we don't need
# to specify custom rules for certain paths (e.g. images and other assets,
# `/updater`, `/ocm-provider`, `/ocs-provider`), and thus
# `try_files $uri $uri/ /index.php$request_uri`
# always provides the desired behaviour.
index index.php index.html /index.php$request_uri;
# Rule borrowed from `.htaccess` to handle Microsoft DAV clients
location = / {
if ( $http_user_agent ~ ^DavClnt ) {
return 302 /remote.php/webdav/$is_args$args;
}
}
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
# Make a regex exception for `/.well-known` so that clients can still
# access it despite the existence of the regex rule
# `location ~ /(\.|autotest|...)` which would otherwise handle requests
# for `/.well-known`.
location ^~ /.well-known {
# The rules in this block are an adaptation of the rules
# in `.htaccess` that concern `/.well-known`.
location = /.well-known/carddav { return 301 /remote.php/dav/; }
location = /.well-known/caldav { return 301 /remote.php/dav/; }
location /.well-known/acme-challenge { try_files $uri $uri/ =404; }
location /.well-known/pki-validation { try_files $uri $uri/ =404; }
# Let Nextcloud's API for `/.well-known` URIs handle all other
# requests by passing them to the front-end controller.
return 301 /index.php$request_uri;
}
# Rules borrowed from `.htaccess` to hide certain paths from clients
location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)(?:$|/) { return 404; }
location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) { return 404; }
# Ensure this block, which passes PHP files to the PHP process, is above the blocks
# which handle static assets (as seen below). If this block is not declared first,
# then Nginx will encounter an infinite rewriting loop when it prepends `/index.php`
# to the URI, resulting in a HTTP 500 error response.
location ~ \.php(?:$|/) {
# Required for legacy support
rewrite ^/(?!index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|oc[ms]-provider\/.+|.+\/richdocumentscode\/proxy) /index.php$request_uri;
fastcgi_split_path_info ^(.+?\.php)(/.*)$;
set $path_info $fastcgi_path_info;
try_files $fastcgi_script_name =404;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $path_info;
fastcgi_param HTTPS on;
fastcgi_param modHeadersAvailable true; # Avoid sending the security headers twice
fastcgi_param front_controller_active true; # Enable pretty urls
fastcgi_pass php-handler;
fastcgi_intercept_errors on;
fastcgi_request_buffering off;
fastcgi_max_temp_file_size 0;
}
location ~ \.(?:css|js|svg|gif|png|jpg|ico|wasm|tflite|map)$ {
try_files $uri /index.php$request_uri;
add_header Cache-Control "public, max-age=15778463, $asset_immutable";
access_log off; # Optional: Don't log access to assets
location ~ \.wasm$ {
default_type application/wasm;
}
}
location ~ \.woff2?$ {
try_files $uri /index.php$request_uri;
expires 7d; # Cache-Control policy borrowed from `.htaccess`
access_log off; # Optional: Don't log access to assets
}
# Rule borrowed from `.htaccess`
location /remote {
return 301 /remote.php$request_uri;
}
location / {
try_files $uri $uri/ /index.php$request_uri;
}
}

245
nginx/default-wordpress.conf Normal file
View File

@@ -0,0 +1,245 @@
fastcgi_cache_path /var/run/nginx-cache levels=1:2 keys_zone=localhost:100m inactive=60m;
fastcgi_cache_key "$scheme$request_method$host$request_uri";
fastcgi_cache_use_stale error timeout invalid_header http_500;
fastcgi_ignore_headers Cache-Control Expires Set-Cookie;
map $http_x_forwarded_proto $fcgi_https {
default off;
https on;
}
server {
listen 0.0.0.0:80;
root /var/www/html;
index index.php index.html index.htm;
client_max_body_size 512M;
proxy_read_timeout 300;
proxy_connect_timeout 300;
proxy_send_timeout 300;
# HEADERS
add_header X-Content-Type-Options nosniff;
add_header X-Xss-Protection "1; mode=block" always;
add_header X-Robots-Tag all;
add_header X-Download-Options noopen;
add_header X-Permitted-Cross-Domain-Policies none;
add_header Referrer-Policy no-referrer-when-downgrade always;
add_header X-Frame-Options "SAMEORIGIN" always;
set_real_ip_from 10.0.12.0/24;
real_ip_header X-Forwarded-For;
real_ip_recursive on; # optional but recommended when there can be multiple proxies
# location = /robots.txt {
# allow all;
# log_not_found off;
# access_log off;
# }
location = /robots.txt {
try_files $uri $uri/ /index.php?$args;
access_log off;
log_not_found off;
}
location = /xmlrpc.php {
deny all;
}
# if ($http_user_agent ~* (360Spider|80legs.com|Abonti|AcoonBot|Acunetix|adbeat_bot|AddThis.com|adidxbot|ADmantX|AhrefsBot|AngloINFO|Antelope|Applebot|BaiduSpider|BeetleBot|billigerbot|binlar|bitlybot|BlackWidow|BLP_bbot|BoardReader|Bolt\ 0|BOT\ for\ JCE|Bot\ mailto\:craftbot@yahoo\.com|casper|CazoodleBot|CCBot|checkprivacy|ChinaClaw|chromeframe|Clerkbot|Cliqzbot|clshttp|CommonCrawler|comodo|CPython|crawler4j|Crawlera|CRAZYWEBCRAWLER|Curious|Curl|Custo|CWS_proxy|Default\ Browser\ 0|diavol|DigExt|Digincore|DIIbot|discobot|DISCo|DoCoMo|DotBot|Download\ Demon|DTS.Agent|EasouSpider|eCatch|ecxi|EirGrabber|Elmer|EmailCollector|EmailSiphon|EmailWolf|Exabot|ExaleadCloudView|ExpertSearchSpider|ExpertSearch|Express\ WebPictures|ExtractorPro|extract|EyeNetIE|Ezooms|F2S|FastSeek|feedfinder|FeedlyBot|FHscan|finbot|Flamingo_SearchEngine|FlappyBot|FlashGet|flicky|Flipboard|g00g1e|Genieo|genieo|GetRight|GetWeb\!|GigablastOpenSource|GozaikBot|Go\!Zilla|Go\-Ahead\-Got\-It|GrabNet|grab|Grafula|GrapeshotCrawler|GTB5|GT\:\:WWW|Guzzle|harvest|heritrix|HMView|HomePageBot|HTTP\:\:Lite|HTTrack|HubSpot|ia_archiver|icarus6|IDBot|id\-search|IlseBot|Image\ Stripper|Image\ Sucker|Indigonet|Indy\ Library|integromedb|InterGET|InternetSeer\.com|Internet\ Ninja|IRLbot|ISC\ Systems\ iRc\ Search\ 2\.1|jakarta|Java|JetCar|JobdiggerSpider|JOC\ Web\ Spider|Jooblebot|kanagawa|KINGSpider|kmccrew|larbin|LeechFTP|libwww|Lingewoud|LinkChecker|linkdexbot|LinksCrawler|LinksManager\.com_bot|linkwalker|LinqiaRSSBot|LivelapBot|ltx71|LubbersBot|lwp\-trivial|Mail.RU_Bot|masscan|Mass\ Downloader|maverick|Maxthon$|Mediatoolkitbot|MegaIndex|MegaIndex|megaindex|MFC_Tear_Sample|Microsoft\ URL\ Control|microsoft\.url|MIDown\ tool|miner|Missigua\ Locator|Mister\ PiX|mj12bot|Mozilla.*Indy|Mozilla.*NEWT|MSFrontPage|msnbot|Navroad|NearSite|NetAnts|netEstate|NetSpider|NetZIP|Net\ Vampire|NextGenSearchBot|nutch|Octopus|Offline\ Explorer|Offline\ Navigator|OpenindexSpider|OpenWebSpider|OrangeBot|Owlin|PageGrabber|PagesInventory|panopta|panscient\.com|Papa\ Foto|pavuk|pcBrowser|PECL\:\:HTTP|PeoplePal|Photon|PHPCrawl|planetwork|PleaseCrawl|PNAMAIN.EXE|PodcastPartyBot|prijsbest|proximic|psbot|purebot|pycurl|QuerySeekerSpider|R6_CommentReader|R6_FeedFetcher|RealDownload|ReGet|Riddler|Rippers\ 0|rogerbot|RSSingBot|rv\:1.9.1|RyzeCrawler|SafeSearch|SBIder|Scrapy|Scrapy|Screaming|SeaMonkey$|search.goo.ne.jp|SearchmetricsBot|search_robot|SemrushBot|Semrush|SentiBot|SEOkicks|SeznamBot|ShowyouBot|SightupBot|SISTRIX|sitecheck\.internetseer\.com|siteexplorer.info|SiteSnagger|skygrid|Slackbot|Slurp|SmartDownload|Snoopy|Sogou|Sosospider|spaumbot|Steeler|sucker|SuperBot|Superfeedr|SuperHTTP|SurdotlyBot|Surfbot|tAkeOut|Teleport\ Pro|TinEye-bot|TinEye|Toata\ dragostea\ mea\ pentru\ diavola|Toplistbot|trendictionbot|TurnitinBot|turnit|Twitterbot|URI\:\:Fetch|urllib|Vagabondo|Vagabondo|vikspider|VoidEYE|VoilaBot|WBSearchBot|webalta|WebAuto|WebBandit|WebCollage|WebCopier|WebFetch|WebGo\ IS|WebLeacher|WebReaper|WebSauger|Website\ eXtractor|Website\ Quester|WebStripper|WebWhacker|WebZIP|Web\ Image\ Collector|Web\ Sucker|Wells\ Search\ II|WEP\ Search|WeSEE|Wget|Widow|WinInet|woobot|woopingbot|worldwebheritage.org|Wotbox|WPScan|WWWOFFLE|WWW\-Mechanize|Xaldon\ WebSpider|XoviBot|yacybot|Yahoo|YandexBot|Yandex|YisouSpider|zermelo|Zeus|zh-CN|ZmEu|ZumBot|ZyBorg) ) {
if ($http_user_agent ~* (SemrushBot|DotBot)) {
return 444;
}
# Include W3C config if it exists.
include /var/www/html/nginx[.]conf;
# If no favicon exists return a 204 (no content error)
location ~* /favicon\.ico$
{
try_files $uri =204;
expires max;
log_not_found off;
access_log off;
}
# Do not log + cache images, css, js, etc
location ~* \.(js|css|png|jpg|jpeg|bmp|gif|ico)$ {
expires max;
log_not_found off;
access_log off;
# Send the all shebang in one fell swoop
tcp_nodelay off;
# Set the OS file cache
open_file_cache off;
}
if (!-e $request_filename) {
rewrite /wp-admin$ $scheme://$host$uri/ permanent;
rewrite ^(/[^/]+)?(/wp-.*) $2 last;
rewrite ^(/[^/]+)?(/.*.php) $2 last;
}
# Deny access to htaccess files
location ~ /\. {
deny all;
}
# Deny access to .php files in the /wp-content/ directory (including sub-folders)
location ~* ^/wp-content/.*.(php|phps)$ {
deny all;
}
# Deny access to wp-config.php file
location = /wp-config.php {
deny all;
}
# Deny access to wp-comments-post.php file
location = /wp-comments-post.php {
deny all;
}
# Deny access to readme.html file
location = /readme.html {
deny all;
}
# Deny access to license.txt file
location = /license.txt {
deny all;
}
# Deny access to specific files in the /wp-content/ directory (including sub-folders)
location ~* ^/wp-content/.*.(txt|md|exe)$ {
deny all;
}
###
# Allow only internal access to .php files inside wp-includes directory
# location ~* ^/wp-includes/.*\.(php|phps)$ {
# internal;
# }
# Add trailing slash to */wp-admin requests
rewrite /wp-admin$ $scheme://$host$uri/ permanent;
location ~* /(?:uploads|files)/.*.php$ {
deny all;
}
###
# location ~* .(engine|inc|info|install|make|module|profile|test|po|sh|.*sql|theme|tpl(.php)?|xtmpl)$|^(..*|Entries.*|Repository|Root|Tag|Template)$|.php_
# {
# return 444;
# }
location ~* .(pl|cgi|py|sh|lua)$ {
return 444;
}
###
# location ~ /(.|wp-config.php|wp-comments-post.php|readme.html|license.txt) {
# deny all;
# }
location ~ .(gif|png|jpe?g)$ {
valid_referers none blocked %%HOSTNAME%%;
if ($invalid_referer) {
return 403;
}
}
location / {
try_files $uri $uri/ /index.php?$args;
}
##### FASTCGI CACHE #####
set $nxc_enabled 0;
set $nxc_skip 1;
if (-f "/var/www/html/.enable_nxc") {
set $nxc_enabled 1;
# set $nxc_skip 0;
}
if ($nxc_enabled = 1) {
set $nxc_skip 0;
}
# POST requests and urls with a query string should always go to PHP
if ($request_method = POST) {
set $nxc_skip 1;
}
if ($query_string != "") {
set $nxc_skip 1;
}
# Don't cache uris containing the following segments
if ($request_uri ~* "/wp-admin/|/xmlrpc.php|wp-.*.php|/feed/|index.php|sitemap(_index)?.xml") {
set $nxc_skip 1;
}
# Don't use the cache for logged in users or recent commenters
if ($http_cookie ~* "comment_author|wordpress_[a-f0-9]+|wp-postpass|wordpress_no_cache|wordpress_logged_in|postpass|wordpress_n$") {
set $nxc_skip 1;
}
########################
#####################################################
# LOCATION: PHP #####################################
#####################################################
location ~ \.php$ {
# proxy_buffers 16 4k;
# proxy_buffer_size 2k;
fastcgi_buffer_size 128k;
fastcgi_buffers 4 256k;
fastcgi_busy_buffers_size 256k;
fastcgi_temp_file_write_size 256k;
#############################################
# FastCGI Cache #############################
#############################################
fastcgi_cache_bypass $nxc_skip;
fastcgi_no_cache $nxc_skip;
# fastcgi_no_cache $nxc_exclude;
fastcgi_cache localhost;
# fastcgi_cache_valid 60m;
fastcgi_cache_lock on;
fastcgi_cache_use_stale updating;
fastcgi_cache_background_update on;
fastcgi_cache_valid 200 301 302 60M;
# fastcgi_cache_use_stale error timeout updating invalid_header http_500 http_503;
if ($nxc_enabled = 1) {
add_header x-cache-enabled "true";
}
add_header X-Cache $upstream_cache_status;
#############################################
include fastcgi_params;
# fastcgi_param SCRIPT_FILENAME /var/www/$fastcgi_script_name;
# fastcgi_pass unix:/var/tmp/php-fpm.sock;
fastcgi_param SCRIPT_FILENAME $document_root/$fastcgi_script_name;
fastcgi_param HTTPS $fcgi_https;
fastcgi_pass localhost:9000;
fastcgi_read_timeout 300;
}
# location ~ /purge(/.*) {
# fastcgi_cache_purge localhost "$scheme$request_method$host$1";
# }
}

31
nginx/nginx.conf Normal file
View File

@@ -0,0 +1,31 @@
user www-data;
worker_processes auto;
error_log /var/log/nginx/error.log notice;
pid /var/run/nginx.pid;
events {
worker_connections 1024;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
#tcp_nopush on;
keepalive_timeout 65;
#gzip on;
include /etc/nginx/conf.d/*.conf;
}

122
php/Dockerfile Normal file
View File

@@ -0,0 +1,122 @@
ARG PHP_VERSION=latest
FROM php:${PHP_VERSION}-fpm
# Runtime deps
RUN apt-get update && apt-get install -y --no-install-recommends \
binutils \
default-mysql-client \
msmtp \
redis-tools \
wget \
zip \
libssl-dev \
libxml2-dev \
libicu-dev \
libgmp-dev \
libzip-dev \
zlib1g-dev \
libfreetype6-dev \
libjpeg62-turbo-dev \
libpng-dev \
libwebp-dev \
libmagickwand-dev \
libvips-dev \
libgomp1 \
libvips42 \
libmagickwand-7.q16-10 \
libmagickcore-7.q16-10
# Build deps
RUN apt-get install -y --no-install-recommends \
git \
$PHPIZE_DEPS
# Core PHP extensions
RUN set -eux \
&& docker-php-ext-install \
bcmath \
opcache \
zip \
mysqli \
pdo \
pdo_mysql \
exif \
soap \
shmop \
gmp \
intl \
gmp \
curl \
&& docker-php-ext-configure gd --with-freetype --with-jpeg --with-webp \
&& docker-php-ext-install gd \
&& docker-php-ext-configure intl \
&& docker-php-ext-install intl
# Install: imagick + vips
RUN pecl install imagick \
&& docker-php-ext-enable imagick \
&& pecl install vips \
&& docker-php-ext-enable vips \
&& rm -rf /tmp/pear
# Install igbinary first, enable it, then build phpredis WITH igbinary
RUN set -eux; \
pecl install igbinary; \
docker-php-ext-enable igbinary; \
mkdir -p /tmp/redis-build; \
cd /tmp/redis-build; \
pecl download redis; \
tar -xf redis-*.tgz; \
cd redis-*; \
phpize; \
./configure --enable-redis-igbinary; \
make -j"$(nproc)"; \
make install; \
docker-php-ext-enable redis; \
cd /; \
rm -rf /tmp/redis-build
# Purge unneed packages
RUN apt-get purge -y --auto-remove \
git \
$PHPIZE_DEPS
# Copy PHP ini
COPY mail.ini \
opcache.ini \
upload.ini \
memory.ini \
zz-redis-serializer.ini \
/usr/local/etc/php/conf.d/
# Copy MSMTP conf
COPY msmtprc.template /etc/
# Copy PHP-FPM prepend
COPY prepend-wp-redis.php \
/usr/local/etc/php/
# Copy PHP-FPM config
#COPY php-fpm/www.conf \
# php-fpm/www.conf.default \
# /usr/local/etc/php-fpm.d/www.conf.default
COPY php-fpm/www.conf \
php-fpm/www.conf.default \
/usr/local/etc/php-fpm.d/
# COPY MYSQL config
COPY mysql.ini /usr/local/etc/php/conf.d/mysql.ini
# INSTALL SSHSERVER
#RUN apt-get update \
# && apt install openssh-server
# SET workdir
WORKDIR /var/www/html
COPY entrypoint.sh /entrypoint.sh
RUN chmod +x /entrypoint.sh
ENTRYPOINT ["/entrypoint.sh"]
CMD ["php-fpm"]

103
php/Dockerfile-OLD Normal file
View File

@@ -0,0 +1,103 @@
ARG PHP_VERSION=latest
FROM php:${PHP_VERSION}-fpm
RUN apt-get update && apt-get install -y --no-install-recommends \
wget \
libfreetype6-dev \
libpng-dev \
libwebp-dev \
libjpeg62-turbo-dev \
libmcrypt-dev \
libzip-dev \
libxml2-dev \
zip \
git \
default-mysql-client \
zlib1g-dev \
libicu-dev \
g++ \
redis-tools \
libmagickwand-dev \
msmtp \
libssl-dev \
#pxmlhp8.0-mbstring \
#php8.0-xml \
&& apt-get autoremove \
&& apt-get clean \
&& rm -r /var/lib/apt/lists/*
# INSTALL PLUGIN: opcache, gd, zip, mysqli, pdo, pdo_mysql, exif
RUN docker-php-ext-install \
opcache \
zip \
mysqli \
pdo \
pdo_mysql \
exif \
soap
RUN docker-php-ext-configure gd --with-freetype --with-jpeg --with-webp \
&& docker-php-ext-install gd
RUN apt-get update && apt-get install -y --no-install-recommends libgmp-dev \
&& docker-php-ext-install gmp \
&& rm -rf /var/lib/apt/lists/*
RUN apt-get update && apt-get install -y --no-install-recommends $PHPIZE_DEPS \
&& pecl install igbinary \
&& docker-php-ext-enable igbinary \
&& rm -rf /var/lib/apt/lists/*
# INSTALL PLUGIN: intl
RUN docker-php-ext-configure intl \
&& docker-php-ext-install intl
# INSTALL PLUGIN: redis
RUN pecl install -o -f redis \
&& rm -rf /tmp/pear \
&& docker-php-ext-enable redis
# INSTALL FTP
#RUN docker-php-ext-configure ftp --with-openssl-dir=/usr \
# && docker-php-ext-install ftp
# INSTALL PLUGIN: imagick
RUN pecl install imagick \
&& docker-php-ext-enable imagick
# INSTALL PLUGIN: shmop
RUN docker-php-ext-install shmop
# INSTALL MMTP
COPY msmtprc.template /etc/
# COPY PHP config
COPY mail.ini \
opcache.ini \
upload.ini \
memory.ini \
zz-redis-serializer.ini \
/usr/local/etc/php/conf.d/
# COPY PHP-FPM config
COPY php-fpm/www.conf \
php-fpm/www.conf.default \
/usr/local/etc/php-fpm.d/www.conf.default
# COPY MYSQL config
COPY mysql.ini /usr/local/etc/php/conf.d/mysql.ini
# INSTALL SSHSERVER
#RUN apt-get update \
# && apt install openssh-server
# SET WORKDIR
WORKDIR /var/www/html
COPY msmtprc.template /etc/msmtprc.template
COPY entrypoint.sh /entrypoint.sh
RUN chmod +x /entrypoint.sh
ENTRYPOINT ["/entrypoint.sh"]
CMD ["php-fpm"]

148
php/Dockerfile-OLD2 Normal file
View File

@@ -0,0 +1,148 @@
ARG PHP_VERSION=latest
FROM php:${PHP_VERSION}-fpm
RUN apt-get update && apt-get install -y --no-install-recommends \
wget \
libfreetype6-dev \
libpng-dev \
libwebp-dev \
libjpeg62-turbo-dev \
libmcrypt-dev \
libzip-dev \
libxml2-dev \
zip \
git \
default-mysql-client \
zlib1g-dev \
libicu-dev \
g++ \
redis-tools \
libmagickwand-dev \
msmtp \
libssl-dev \
#pxmlhp8.0-mbstring \
#php8.0-xml \
&& apt-get autoremove \
&& apt-get clean \
&& rm -r /var/lib/apt/lists/*
# INSTALL PLUGIN: opcache, gd, zip, mysqli, pdo, pdo_mysql, exif
RUN docker-php-ext-install \
opcache \
zip \
mysqli \
pdo \
pdo_mysql \
exif \
soap
RUN docker-php-ext-configure gd --with-freetype --with-jpeg --with-webp \
&& docker-php-ext-install gd
RUN apt-get update && apt-get install -y --no-install-recommends libgmp-dev \
&& docker-php-ext-install gmp \
&& rm -rf /var/lib/apt/lists/*
#RUN pecl install igbinary && docker-php-ext-enable igbinary
#RUN apt-get update && apt-get install -y --no-install-recommends $PHPIZE_DEPS \
# && pecl install igbinary \
# && docker-php-ext-enable igbinary \
# && rm -rf /var/lib/apt/lists/*
# INSTALL PLUGIN: intl
RUN docker-php-ext-configure intl \
&& docker-php-ext-install intl
# INSTALL PLUGIN: imagick
RUN pecl install imagick \
&& docker-php-ext-enable imagick
# INSTALL PLUGIN: shmop
RUN docker-php-ext-install shmop
# Build deps for PECL extensions
RUN apt-get update && apt-get install -y --no-install-recommends \
git \
autoconf \
g++ \
make \
pkg-config \
&& rm -rf /var/lib/apt/lists/*
# Install igbinary first, enable it, then build phpredis WITH igbinary
RUN pecl install igbinary \
&& docker-php-ext-enable igbinary \
&& pecl download redis \
&& tar -xf redis-*.tgz \
&& rm redis-*.tgz \
&& cd redis-* \
&& phpize \
&& ./configure --enable-redis-igbinary \
&& make -j"$(nproc)" \
&& make install \
&& docker-php-ext-enable redis \
&& cd / \
&& rm -rf redis-*
# INSTALL PLUGIN: redis
#RUN pecl install -o -f redis \
# && rm -rf /tmp/pear \
# && docker-php-ext-enable redis
# INSTALL FTP
#RUN docker-php-ext-configure ftp --with-openssl-dir=/usr \
# && docker-php-ext-install ftp
# INSTALL PLUGIN: imagick
#RUN pecl install imagick \
# && docker-php-ext-enable imagick
# INSTALL PLUGIN: shmop
#RUN docker-php-ext-install shmop
# INSTALL MMTP
COPY msmtprc.template /etc/
# COPY PHP config
COPY mail.ini \
opcache.ini \
upload.ini \
memory.ini \
zz-redis-serializer.ini \
/usr/local/etc/php/conf.d/
COPY prepend-wp-redis.php \
/usr/local/etc/php/
# COPY PHP-FPM config
#COPY php-fpm/www.conf \
# php-fpm/www.conf.default \
# /usr/local/etc/php-fpm.d/www.conf.default
COPY php-fpm/www.conf \
php-fpm/www.conf.default \
/usr/local/etc/php-fpm.d/
# COPY MYSQL config
COPY mysql.ini /usr/local/etc/php/conf.d/mysql.ini
# INSTALL SSHSERVER
#RUN apt-get update \
# && apt install openssh-server
# SET WORKDIR
WORKDIR /var/www/html
COPY msmtprc.template /etc/msmtprc.template
COPY entrypoint.sh /entrypoint.sh
RUN chmod +x /entrypoint.sh
ENTRYPOINT ["/entrypoint.sh"]
CMD ["php-fpm"]

10
php/entrypoint.sh Normal file
View File

@@ -0,0 +1,10 @@
#!/bin/sh
set -e
#UUID="${UUID:-unknown}"
echo "UUID resolved to: $UUID"
sed "s/__UUID__/${UUID}/g" /etc/msmtprc.template > /etc/msmtprc
exec "$@"

2
php/mail.ini Normal file
View File

@@ -0,0 +1,2 @@
[mail function]
sendmail_path = "/usr/bin/msmtp -t"

5
php/memory.ini Normal file
View File

@@ -0,0 +1,5 @@
memory_limit=2048M
max_execution_time=300
max_input_time=300
post_max_size=2048M
max_input_vars=10000000

16
php/msmtprc Normal file
View File

@@ -0,0 +1,16 @@
defaults
port 25
tls off
account default
auth off
host smtp
domain purrs.budgethost.io
from __UUID__@purrs.budgethost.io
add_missing_date_header on
set_from_header auto
set_date_header auto
set_msgid_header auto
#allow_from_override off

47
php/msmtprc.template Normal file
View File

@@ -0,0 +1,47 @@
#defaults
#port 25
#tls off
#auth off
#domain purrs.budgethost.io
#account default
#host smtp
#set_from_header auto
#add_missing_date_header on
#set_date_header auto
#set_msgid_header auto
#from __UUID__@purrs.budgethost.io
#account default
#auth off
#host smtp
#domain purrs.budgethost.io
#from __UUID__@purrs.budgethost.io
#add_missing_date_header on
#set_from_header auto
#set_date_header auto
#set_msgid_header auto
#allow_from_override off
defaults
port 25
tls off
auth off
domain purrs.budgethost.io
#syslog LOG_MAIL
# If the message already has a From:, use that for envelope sender.
# If not, msmtp inserts this address as both header and envelope From.
set_from_header auto
add_missing_date_header on
set_date_header auto
set_msgid_header auto
account default
host smtp
from __UUID__@purrs.budgethost.io

6
php/mysql.ini Normal file
View File

@@ -0,0 +1,6 @@
[Pdo_mysql]
pdo_mysql.default_socket=/var/run/mysqld/mysqld.sock
[MySQLi]
mysqli.default_socket = /var/run/mysqld/mysqld.sock
mysqli.allow_local_infile = On

27
php/opcache.ini Normal file
View File

@@ -0,0 +1,27 @@
[opcache]
opcache.enable=1
opcache.validate_timestamps=1
opcache.revalidate_freq=10
opcache.memory_consumption=512
opcache.interned_strings_buffer=16
opcache.max_accelerated_files=100000
opcache.max_wasted_percentage=10
opcache.enable_file_override=1
opcache.save_comments=1
opcache.fast_shutdown=1
#opcache.jit_buffer_size=128M
#opcache.jit=tracing
#opcache.enable=1
#opcache.revalidate_freq=10
#opcache.validate_timestamps=1
#opcache.max_accelerated_files=10000
#opcache.memory_consumption=512
#opcache.max_wasted_percentage=10
#opcache.interned_strings_buffer=16
#opcache.jit_buffer_size=256M
#opcache.jit=1235

16
php/php-fpm/docker.conf Normal file
View File

@@ -0,0 +1,16 @@
[global]
error_log = /proc/self/fd/2
; https://github.com/docker-library/php/pull/725#issuecomment-443540114
log_limit = 8192
[www]
; php-fpm closes STDOUT on startup, so sending logs to /proc/self/fd/1 does not work.
; https://bugs.php.net/bug.php?id=73886
access.log = /proc/self/fd/2
clear_env = no
; Ensure worker stdout and stderr are sent to the main error log.
catch_workers_output = yes
decorate_workers_output = no

492
php/php-fpm/www.conf Normal file
View File

@@ -0,0 +1,492 @@
; Start a new pool named 'www'.
; the variable $pool can be used in any directive and will be replaced by the
; pool name ('www' here)
[www]
; Per pool prefix
; It only applies on the following directives:
; - 'access.log'
; - 'slowlog'
; - 'listen' (unixsocket)
; - 'chroot'
; - 'chdir'
; - 'php_values'
; - 'php_admin_values'
; When not set, the global prefix (or NONE) applies instead.
; Note: This directive can also be relative to the global prefix.
; Default Value: none
;prefix = /path/to/pools/$pool
; Unix user/group of the child processes. This can be used only if the master
; process running user is root. It is set after the child process is created.
; The user and group can be specified either by their name or by their numeric
; IDs.
; Note: If the user is root, the executable needs to be started with
; --allow-to-run-as-root option to work.
; Default Values: The user is set to master process running user by default.
; If the group is not set, the user's group is used.
user = www-data
group = www-data
; The address on which to accept FastCGI requests.
; Valid syntaxes are:
; 'ip.add.re.ss:port' - to listen on a TCP socket to a specific IPv4 address on
; a specific port;
; '[ip:6:addr:ess]:port' - to listen on a TCP socket to a specific IPv6 address on
; a specific port;
; 'port' - to listen on a TCP socket to all addresses
; (IPv6 and IPv4-mapped) on a specific port;
; '/path/to/unix/socket' - to listen on a unix socket.
; Note: This value is mandatory.
listen = 127.0.0.1:9000
; Set listen(2) backlog.
; Default Value: 511 (-1 on Linux, FreeBSD and OpenBSD)
;listen.backlog = 511
; Set permissions for unix socket, if one is used. In Linux, read/write
; permissions must be set in order to allow connections from a web server. Many
; BSD-derived systems allow connections regardless of permissions. The owner
; and group can be specified either by name or by their numeric IDs.
; Default Values: Owner is set to the master process running user. If the group
; is not set, the owner's group is used. Mode is set to 0660.
;listen.owner = www-data
;listen.group = www-data
;listen.mode = 0660
; When POSIX Access Control Lists are supported you can set them using
; these options, value is a comma separated list of user/group names.
; When set, listen.owner and listen.group are ignored
;listen.acl_users =
;listen.acl_groups =
; List of addresses (IPv4/IPv6) of FastCGI clients which are allowed to connect.
; Equivalent to the FCGI_WEB_SERVER_ADDRS environment variable in the original
; PHP FCGI (5.2.2+). Makes sense only with a tcp listening socket. Each address
; must be separated by a comma. If this value is left blank, connections will be
; accepted from any ip address.
; Default Value: any
;listen.allowed_clients = 127.0.0.1
; Set the associated the route table (FIB). FreeBSD only
; Default Value: -1
;listen.setfib = 1
; Specify the nice(2) priority to apply to the pool processes (only if set)
; The value can vary from -19 (highest priority) to 20 (lower priority)
; Note: - It will only work if the FPM master process is launched as root
; - The pool processes will inherit the master process priority
; unless it specified otherwise
; Default Value: no set
; process.priority = -19
; Set the process dumpable flag (PR_SET_DUMPABLE prctl for Linux or
; PROC_TRACE_CTL procctl for FreeBSD) even if the process user
; or group is different than the master process user. It allows to create process
; core dump and ptrace the process for the pool user.
; Default Value: no
; process.dumpable = yes
; Choose how the process manager will control the number of child processes.
; Possible Values:
; static - a fixed number (pm.max_children) of child processes;
; dynamic - the number of child processes are set dynamically based on the
; following directives. With this process management, there will be
; always at least 1 children.
; pm.max_children - the maximum number of children that can
; be alive at the same time.
; pm.start_servers - the number of children created on startup.
; pm.min_spare_servers - the minimum number of children in 'idle'
; state (waiting to process). If the number
; of 'idle' processes is less than this
; number then some children will be created.
; pm.max_spare_servers - the maximum number of children in 'idle'
; state (waiting to process). If the number
; of 'idle' processes is greater than this
; number then some children will be killed.
; pm.max_spawn_rate - the maximum number of rate to spawn child
; processes at once.
; ondemand - no children are created at startup. Children will be forked when
; new requests will connect. The following parameter are used:
; pm.max_children - the maximum number of children that
; can be alive at the same time.
; pm.process_idle_timeout - The number of seconds after which
; an idle process will be killed.
; Note: This value is mandatory.
pm = dynamic
; The number of child processes to be created when pm is set to 'static' and the
; maximum number of child processes when pm is set to 'dynamic' or 'ondemand'.
; This value sets the limit on the number of simultaneous requests that will be
; served. Equivalent to the ApacheMaxClients directive with mpm_prefork.
; Equivalent to the PHP_FCGI_CHILDREN environment variable in the original PHP
; CGI. The below defaults are based on a server without much resources. Don't
; forget to tweak pm.* to fit your needs.
; Note: Used when pm is set to 'static', 'dynamic' or 'ondemand'
; Note: This value is mandatory.
pm.max_children = 15
; The number of child processes created on startup.
; Note: Used only when pm is set to 'dynamic'
; Default Value: (min_spare_servers + max_spare_servers) / 2
pm.start_servers = 2
; The desired minimum number of idle server processes.
; Note: Used only when pm is set to 'dynamic'
; Note: Mandatory when pm is set to 'dynamic'
pm.min_spare_servers = 1
; The desired maximum number of idle server processes.
; Note: Used only when pm is set to 'dynamic'
; Note: Mandatory when pm is set to 'dynamic'
pm.max_spare_servers = 3
; The number of rate to spawn child processes at once.
; Note: Used only when pm is set to 'dynamic'
; Note: Mandatory when pm is set to 'dynamic'
; Default Value: 32
;pm.max_spawn_rate = 32
; The number of seconds after which an idle process will be killed.
; Note: Used only when pm is set to 'ondemand'
; Default Value: 10s
;pm.process_idle_timeout = 10s;
; The number of requests each child process should execute before respawning.
; This can be useful to work around memory leaks in 3rd party libraries. For
; endless request processing specify '0'. Equivalent to PHP_FCGI_MAX_REQUESTS.
; Default Value: 0
pm.max_requests = 500
; The URI to view the FPM status page. If this value is not set, no URI will be
; recognized as a status page. It shows the following information:
; pool - the name of the pool;
; process manager - static, dynamic or ondemand;
; start time - the date and time FPM has started;
; start since - number of seconds since FPM has started;
; accepted conn - the number of request accepted by the pool;
; listen queue - the number of request in the queue of pending
; connections (see backlog in listen(2));
; max listen queue - the maximum number of requests in the queue
; of pending connections since FPM has started;
; listen queue len - the size of the socket queue of pending connections;
; idle processes - the number of idle processes;
; active processes - the number of active processes;
; total processes - the number of idle + active processes;
; max active processes - the maximum number of active processes since FPM
; has started;
; max children reached - number of times, the process limit has been reached,
; when pm tries to start more children (works only for
; pm 'dynamic' and 'ondemand');
; Value are updated in real time.
; Example output:
; pool: www
; process manager: static
; start time: 01/Jul/2011:17:53:49 +0200
; start since: 62636
; accepted conn: 190460
; listen queue: 0
; max listen queue: 1
; listen queue len: 42
; idle processes: 4
; active processes: 11
; total processes: 15
; max active processes: 12
; max children reached: 0
;
; By default the status page output is formatted as text/plain. Passing either
; 'html', 'xml' or 'json' in the query string will return the corresponding
; output syntax. Example:
; http://www.foo.bar/status
; http://www.foo.bar/status?json
; http://www.foo.bar/status?html
; http://www.foo.bar/status?xml
;
; By default the status page only outputs short status. Passing 'full' in the
; query string will also return status for each pool process.
; Example:
; http://www.foo.bar/status?full
; http://www.foo.bar/status?json&full
; http://www.foo.bar/status?html&full
; http://www.foo.bar/status?xml&full
; The Full status returns for each process:
; pid - the PID of the process;
; state - the state of the process (Idle, Running, ...);
; start time - the date and time the process has started;
; start since - the number of seconds since the process has started;
; requests - the number of requests the process has served;
; request duration - the duration in µs of the requests;
; request method - the request method (GET, POST, ...);
; request URI - the request URI with the query string;
; content length - the content length of the request (only with POST);
; user - the user (PHP_AUTH_USER) (or '-' if not set);
; script - the main script called (or '-' if not set);
; last request cpu - the %cpu the last request consumed
; it's always 0 if the process is not in Idle state
; because CPU calculation is done when the request
; processing has terminated;
; last request memory - the max amount of memory the last request consumed
; it's always 0 if the process is not in Idle state
; because memory calculation is done when the request
; processing has terminated;
; If the process is in Idle state, then informations are related to the
; last request the process has served. Otherwise informations are related to
; the current request being served.
; Example output:
; ************************
; pid: 31330
; state: Running
; start time: 01/Jul/2011:17:53:49 +0200
; start since: 63087
; requests: 12808
; request duration: 1250261
; request method: GET
; request URI: /test_mem.php?N=10000
; content length: 0
; user: -
; script: /home/fat/web/docs/php/test_mem.php
; last request cpu: 0.00
; last request memory: 0
;
; Note: There is a real-time FPM status monitoring sample web page available
; It's available in: /usr/local/share/php/fpm/status.html
;
; Note: The value must start with a leading slash (/). The value can be
; anything, but it may not be a good idea to use the .php extension or it
; may conflict with a real PHP file.
; Default Value: not set
;pm.status_path = /status
; The address on which to accept FastCGI status request. This creates a new
; invisible pool that can handle requests independently. This is useful
; if the main pool is busy with long running requests because it is still possible
; to get the status before finishing the long running requests.
;
; Valid syntaxes are:
; 'ip.add.re.ss:port' - to listen on a TCP socket to a specific IPv4 address on
; a specific port;
; '[ip:6:addr:ess]:port' - to listen on a TCP socket to a specific IPv6 address on
; a specific port;
; 'port' - to listen on a TCP socket to all addresses
; (IPv6 and IPv4-mapped) on a specific port;
; '/path/to/unix/socket' - to listen on a unix socket.
; Default Value: value of the listen option
;pm.status_listen = 127.0.0.1:9001
; The ping URI to call the monitoring page of FPM. If this value is not set, no
; URI will be recognized as a ping page. This could be used to test from outside
; that FPM is alive and responding, or to
; - create a graph of FPM availability (rrd or such);
; - remove a server from a group if it is not responding (load balancing);
; - trigger alerts for the operating team (24/7).
; Note: The value must start with a leading slash (/). The value can be
; anything, but it may not be a good idea to use the .php extension or it
; may conflict with a real PHP file.
; Default Value: not set
;ping.path = /ping
; This directive may be used to customize the response of a ping request. The
; response is formatted as text/plain with a 200 response code.
; Default Value: pong
;ping.response = pong
; The access log file
; Default: not set
;access.log = log/$pool.access.log
; The access log format.
; The following syntax is allowed
; %%: the '%' character
; %C: %CPU used by the request
; it can accept the following format:
; - %{user}C for user CPU only
; - %{system}C for system CPU only
; - %{total}C for user + system CPU (default)
; %d: time taken to serve the request
; it can accept the following format:
; - %{seconds}d (default)
; - %{milliseconds}d
; - %{milli}d
; - %{microseconds}d
; - %{micro}d
; %e: an environment variable (same as $_ENV or $_SERVER)
; it must be associated with embraces to specify the name of the env
; variable. Some examples:
; - server specifics like: %{REQUEST_METHOD}e or %{SERVER_PROTOCOL}e
; - HTTP headers like: %{HTTP_HOST}e or %{HTTP_USER_AGENT}e
; %f: script filename
; %l: content-length of the request (for POST request only)
; %m: request method
; %M: peak of memory allocated by PHP
; it can accept the following format:
; - %{bytes}M (default)
; - %{kilobytes}M
; - %{kilo}M
; - %{megabytes}M
; - %{mega}M
; %n: pool name
; %o: output header
; it must be associated with embraces to specify the name of the header:
; - %{Content-Type}o
; - %{X-Powered-By}o
; - %{Transfert-Encoding}o
; - ....
; %p: PID of the child that serviced the request
; %P: PID of the parent of the child that serviced the request
; %q: the query string
; %Q: the '?' character if query string exists
; %r: the request URI (without the query string, see %q and %Q)
; %R: remote IP address
; %s: status (response code)
; %t: server time the request was received
; it can accept a strftime(3) format:
; %d/%b/%Y:%H:%M:%S %z (default)
; The strftime(3) format must be encapsulated in a %{<strftime_format>}t tag
; e.g. for a ISO8601 formatted timestring, use: %{%Y-%m-%dT%H:%M:%S%z}t
; %T: time the log has been written (the request has finished)
; it can accept a strftime(3) format:
; %d/%b/%Y:%H:%M:%S %z (default)
; The strftime(3) format must be encapsulated in a %{<strftime_format>}t tag
; e.g. for a ISO8601 formatted timestring, use: %{%Y-%m-%dT%H:%M:%S%z}t
; %u: remote user
;
; Default: "%R - %u %t \"%m %r\" %s"
;access.format = "%R - %u %t \"%m %r%Q%q\" %s %f %{milli}d %{kilo}M %C%%"
; A list of request_uri values which should be filtered from the access log.
;
; As a security precuation, this setting will be ignored if:
; - the request method is not GET or HEAD; or
; - there is a request body; or
; - there are query parameters; or
; - the response code is outwith the successful range of 200 to 299
;
; Note: The paths are matched against the output of the access.format tag "%r".
; On common configurations, this may look more like SCRIPT_NAME than the
; expected pre-rewrite URI.
;
; Default Value: not set
;access.suppress_path[] = /ping
;access.suppress_path[] = /health_check.php
; The log file for slow requests
; Default Value: not set
; Note: slowlog is mandatory if request_slowlog_timeout is set
;slowlog = log/$pool.log.slow
; The timeout for serving a single request after which a PHP backtrace will be
; dumped to the 'slowlog' file. A value of '0s' means 'off'.
; Available units: s(econds)(default), m(inutes), h(ours), or d(ays)
; Default Value: 0
;request_slowlog_timeout = 0
; Depth of slow log stack trace.
; Default Value: 20
;request_slowlog_trace_depth = 20
; The timeout for serving a single request after which the worker process will
; be killed. This option should be used when the 'max_execution_time' ini option
; does not stop script execution for some reason. A value of '0' means 'off'.
; Available units: s(econds)(default), m(inutes), h(ours), or d(ays)
; Default Value: 0
;request_terminate_timeout = 0
; The timeout set by 'request_terminate_timeout' ini option is not engaged after
; application calls 'fastcgi_finish_request' or when application has finished and
; shutdown functions are being called (registered via register_shutdown_function).
; This option will enable timeout limit to be applied unconditionally
; even in such cases.
; Default Value: no
;request_terminate_timeout_track_finished = no
; Set open file descriptor rlimit.
; Default Value: system defined value
;rlimit_files = 1024
; Set max core size rlimit.
; Possible Values: 'unlimited' or an integer greater or equal to 0
; Default Value: system defined value
;rlimit_core = 0
; Chroot to this directory at the start. This value must be defined as an
; absolute path. When this value is not set, chroot is not used.
; Note: you can prefix with '$prefix' to chroot to the pool prefix or one
; of its subdirectories. If the pool prefix is not set, the global prefix
; will be used instead.
; Note: chrooting is a great security feature and should be used whenever
; possible. However, all PHP paths will be relative to the chroot
; (error_log, sessions.save_path, ...).
; Default Value: not set
;chroot =
; Chdir to this directory at the start.
; Note: relative path can be used.
; Default Value: current directory or / when chroot
;chdir = /var/www
; Redirect worker stdout and stderr into main error log. If not set, stdout and
; stderr will be redirected to /dev/null according to FastCGI specs.
; Note: on highloaded environment, this can cause some delay in the page
; process time (several ms).
; Default Value: no
;catch_workers_output = yes
; Decorate worker output with prefix and suffix containing information about
; the child that writes to the log and if stdout or stderr is used as well as
; log level and time. This options is used only if catch_workers_output is yes.
; Settings to "no" will output data as written to the stdout or stderr.
; Default value: yes
;decorate_workers_output = no
; Clear environment in FPM workers
; Prevents arbitrary environment variables from reaching FPM worker processes
; by clearing the environment in workers before env vars specified in this
; pool configuration are added.
; Setting to "no" will make all environment variables available to PHP code
; via getenv(), $_ENV and $_SERVER.
; Default Value: yes
;clear_env = no
; Limits the extensions of the main script FPM will allow to parse. This can
; prevent configuration mistakes on the web server side. You should only limit
; FPM to .php extensions to prevent malicious users to use other extensions to
; execute php code.
; Note: set an empty value to allow all extensions.
; Default Value: .php
;security.limit_extensions = .php .php3 .php4 .php5 .php7
; Pass environment variables like LD_LIBRARY_PATH. All $VARIABLEs are taken from
; the current environment.
; Default Value: clean env
;env[HOSTNAME] = $HOSTNAME
;env[PATH] = /usr/local/bin:/usr/bin:/bin
;env[TMP] = /tmp
;env[TMPDIR] = /tmp
;env[TEMP] = /tmp
; Additional php.ini defines, specific to this pool of workers. These settings
; overwrite the values previously defined in the php.ini. The directives are the
; same as the PHP SAPI:
; php_value/php_flag - you can set classic ini defines which can
; be overwritten from PHP call 'ini_set'.
; php_admin_value/php_admin_flag - these directives won't be overwritten by
; PHP call 'ini_set'
; For php_*flag, valid values are on, off, 1, 0, true, false, yes or no.
; Defining 'extension' will load the corresponding shared extension from
; extension_dir. Defining 'disable_functions' or 'disable_classes' will not
; overwrite previously defined php.ini values, but will append the new value
; instead.
; Note: path INI options can be relative and will be expanded with the prefix
; (pool, global or /usr/local)
; Default Value: nothing is defined by default except the values in php.ini and
; specified at startup with the -d argument
;php_admin_value[sendmail_path] = /usr/sbin/sendmail -t -i -f www@my.domain.com
;php_flag[display_errors] = off
;php_admin_value[error_log] = /var/log/fpm-php.www.log
;php_admin_flag[log_errors] = on
;php_admin_value[memory_limit] = 32M
php_admin_value[auto_prepend_file] = /usr/local/etc/php/prepend-wp-redis.php

492
php/php-fpm/www.conf.default Normal file
View File

@@ -0,0 +1,492 @@
; Start a new pool named 'www'.
; the variable $pool can be used in any directive and will be replaced by the
; pool name ('www' here)
[www]
; Per pool prefix
; It only applies on the following directives:
; - 'access.log'
; - 'slowlog'
; - 'listen' (unixsocket)
; - 'chroot'
; - 'chdir'
; - 'php_values'
; - 'php_admin_values'
; When not set, the global prefix (or NONE) applies instead.
; Note: This directive can also be relative to the global prefix.
; Default Value: none
;prefix = /path/to/pools/$pool
; Unix user/group of the child processes. This can be used only if the master
; process running user is root. It is set after the child process is created.
; The user and group can be specified either by their name or by their numeric
; IDs.
; Note: If the user is root, the executable needs to be started with
; --allow-to-run-as-root option to work.
; Default Values: The user is set to master process running user by default.
; If the group is not set, the user's group is used.
user = www-data
group = www-data
; The address on which to accept FastCGI requests.
; Valid syntaxes are:
; 'ip.add.re.ss:port' - to listen on a TCP socket to a specific IPv4 address on
; a specific port;
; '[ip:6:addr:ess]:port' - to listen on a TCP socket to a specific IPv6 address on
; a specific port;
; 'port' - to listen on a TCP socket to all addresses
; (IPv6 and IPv4-mapped) on a specific port;
; '/path/to/unix/socket' - to listen on a unix socket.
; Note: This value is mandatory.
listen = 127.0.0.1:9000
; Set listen(2) backlog.
; Default Value: 511 (-1 on Linux, FreeBSD and OpenBSD)
;listen.backlog = 511
; Set permissions for unix socket, if one is used. In Linux, read/write
; permissions must be set in order to allow connections from a web server. Many
; BSD-derived systems allow connections regardless of permissions. The owner
; and group can be specified either by name or by their numeric IDs.
; Default Values: Owner is set to the master process running user. If the group
; is not set, the owner's group is used. Mode is set to 0660.
;listen.owner = www-data
;listen.group = www-data
;listen.mode = 0660
; When POSIX Access Control Lists are supported you can set them using
; these options, value is a comma separated list of user/group names.
; When set, listen.owner and listen.group are ignored
;listen.acl_users =
;listen.acl_groups =
; List of addresses (IPv4/IPv6) of FastCGI clients which are allowed to connect.
; Equivalent to the FCGI_WEB_SERVER_ADDRS environment variable in the original
; PHP FCGI (5.2.2+). Makes sense only with a tcp listening socket. Each address
; must be separated by a comma. If this value is left blank, connections will be
; accepted from any ip address.
; Default Value: any
;listen.allowed_clients = 127.0.0.1
; Set the associated the route table (FIB). FreeBSD only
; Default Value: -1
;listen.setfib = 1
; Specify the nice(2) priority to apply to the pool processes (only if set)
; The value can vary from -19 (highest priority) to 20 (lower priority)
; Note: - It will only work if the FPM master process is launched as root
; - The pool processes will inherit the master process priority
; unless it specified otherwise
; Default Value: no set
; process.priority = -19
; Set the process dumpable flag (PR_SET_DUMPABLE prctl for Linux or
; PROC_TRACE_CTL procctl for FreeBSD) even if the process user
; or group is different than the master process user. It allows to create process
; core dump and ptrace the process for the pool user.
; Default Value: no
; process.dumpable = yes
; Choose how the process manager will control the number of child processes.
; Possible Values:
; static - a fixed number (pm.max_children) of child processes;
; dynamic - the number of child processes are set dynamically based on the
; following directives. With this process management, there will be
; always at least 1 children.
; pm.max_children - the maximum number of children that can
; be alive at the same time.
; pm.start_servers - the number of children created on startup.
; pm.min_spare_servers - the minimum number of children in 'idle'
; state (waiting to process). If the number
; of 'idle' processes is less than this
; number then some children will be created.
; pm.max_spare_servers - the maximum number of children in 'idle'
; state (waiting to process). If the number
; of 'idle' processes is greater than this
; number then some children will be killed.
; pm.max_spawn_rate - the maximum number of rate to spawn child
; processes at once.
; ondemand - no children are created at startup. Children will be forked when
; new requests will connect. The following parameter are used:
; pm.max_children - the maximum number of children that
; can be alive at the same time.
; pm.process_idle_timeout - The number of seconds after which
; an idle process will be killed.
; Note: This value is mandatory.
pm = dynamic
; The number of child processes to be created when pm is set to 'static' and the
; maximum number of child processes when pm is set to 'dynamic' or 'ondemand'.
; This value sets the limit on the number of simultaneous requests that will be
; served. Equivalent to the ApacheMaxClients directive with mpm_prefork.
; Equivalent to the PHP_FCGI_CHILDREN environment variable in the original PHP
; CGI. The below defaults are based on a server without much resources. Don't
; forget to tweak pm.* to fit your needs.
; Note: Used when pm is set to 'static', 'dynamic' or 'ondemand'
; Note: This value is mandatory.
pm.max_children = 5
; The number of child processes created on startup.
; Note: Used only when pm is set to 'dynamic'
; Default Value: (min_spare_servers + max_spare_servers) / 2
pm.start_servers = 2
; The desired minimum number of idle server processes.
; Note: Used only when pm is set to 'dynamic'
; Note: Mandatory when pm is set to 'dynamic'
pm.min_spare_servers = 1
; The desired maximum number of idle server processes.
; Note: Used only when pm is set to 'dynamic'
; Note: Mandatory when pm is set to 'dynamic'
pm.max_spare_servers = 3
; The number of rate to spawn child processes at once.
; Note: Used only when pm is set to 'dynamic'
; Note: Mandatory when pm is set to 'dynamic'
; Default Value: 32
;pm.max_spawn_rate = 32
; The number of seconds after which an idle process will be killed.
; Note: Used only when pm is set to 'ondemand'
; Default Value: 10s
;pm.process_idle_timeout = 10s;
; The number of requests each child process should execute before respawning.
; This can be useful to work around memory leaks in 3rd party libraries. For
; endless request processing specify '0'. Equivalent to PHP_FCGI_MAX_REQUESTS.
; Default Value: 0
;pm.max_requests = 500
; The URI to view the FPM status page. If this value is not set, no URI will be
; recognized as a status page. It shows the following information:
; pool - the name of the pool;
; process manager - static, dynamic or ondemand;
; start time - the date and time FPM has started;
; start since - number of seconds since FPM has started;
; accepted conn - the number of request accepted by the pool;
; listen queue - the number of request in the queue of pending
; connections (see backlog in listen(2));
; max listen queue - the maximum number of requests in the queue
; of pending connections since FPM has started;
; listen queue len - the size of the socket queue of pending connections;
; idle processes - the number of idle processes;
; active processes - the number of active processes;
; total processes - the number of idle + active processes;
; max active processes - the maximum number of active processes since FPM
; has started;
; max children reached - number of times, the process limit has been reached,
; when pm tries to start more children (works only for
; pm 'dynamic' and 'ondemand');
; Value are updated in real time.
; Example output:
; pool: www
; process manager: static
; start time: 01/Jul/2011:17:53:49 +0200
; start since: 62636
; accepted conn: 190460
; listen queue: 0
; max listen queue: 1
; listen queue len: 42
; idle processes: 4
; active processes: 11
; total processes: 15
; max active processes: 12
; max children reached: 0
;
; By default the status page output is formatted as text/plain. Passing either
; 'html', 'xml' or 'json' in the query string will return the corresponding
; output syntax. Example:
; http://www.foo.bar/status
; http://www.foo.bar/status?json
; http://www.foo.bar/status?html
; http://www.foo.bar/status?xml
;
; By default the status page only outputs short status. Passing 'full' in the
; query string will also return status for each pool process.
; Example:
; http://www.foo.bar/status?full
; http://www.foo.bar/status?json&full
; http://www.foo.bar/status?html&full
; http://www.foo.bar/status?xml&full
; The Full status returns for each process:
; pid - the PID of the process;
; state - the state of the process (Idle, Running, ...);
; start time - the date and time the process has started;
; start since - the number of seconds since the process has started;
; requests - the number of requests the process has served;
; request duration - the duration in µs of the requests;
; request method - the request method (GET, POST, ...);
; request URI - the request URI with the query string;
; content length - the content length of the request (only with POST);
; user - the user (PHP_AUTH_USER) (or '-' if not set);
; script - the main script called (or '-' if not set);
; last request cpu - the %cpu the last request consumed
; it's always 0 if the process is not in Idle state
; because CPU calculation is done when the request
; processing has terminated;
; last request memory - the max amount of memory the last request consumed
; it's always 0 if the process is not in Idle state
; because memory calculation is done when the request
; processing has terminated;
; If the process is in Idle state, then informations are related to the
; last request the process has served. Otherwise informations are related to
; the current request being served.
; Example output:
; ************************
; pid: 31330
; state: Running
; start time: 01/Jul/2011:17:53:49 +0200
; start since: 63087
; requests: 12808
; request duration: 1250261
; request method: GET
; request URI: /test_mem.php?N=10000
; content length: 0
; user: -
; script: /home/fat/web/docs/php/test_mem.php
; last request cpu: 0.00
; last request memory: 0
;
; Note: There is a real-time FPM status monitoring sample web page available
; It's available in: /usr/local/share/php/fpm/status.html
;
; Note: The value must start with a leading slash (/). The value can be
; anything, but it may not be a good idea to use the .php extension or it
; may conflict with a real PHP file.
; Default Value: not set
;pm.status_path = /status
; The address on which to accept FastCGI status request. This creates a new
; invisible pool that can handle requests independently. This is useful
; if the main pool is busy with long running requests because it is still possible
; to get the status before finishing the long running requests.
;
; Valid syntaxes are:
; 'ip.add.re.ss:port' - to listen on a TCP socket to a specific IPv4 address on
; a specific port;
; '[ip:6:addr:ess]:port' - to listen on a TCP socket to a specific IPv6 address on
; a specific port;
; 'port' - to listen on a TCP socket to all addresses
; (IPv6 and IPv4-mapped) on a specific port;
; '/path/to/unix/socket' - to listen on a unix socket.
; Default Value: value of the listen option
;pm.status_listen = 127.0.0.1:9001
; The ping URI to call the monitoring page of FPM. If this value is not set, no
; URI will be recognized as a ping page. This could be used to test from outside
; that FPM is alive and responding, or to
; - create a graph of FPM availability (rrd or such);
; - remove a server from a group if it is not responding (load balancing);
; - trigger alerts for the operating team (24/7).
; Note: The value must start with a leading slash (/). The value can be
; anything, but it may not be a good idea to use the .php extension or it
; may conflict with a real PHP file.
; Default Value: not set
;ping.path = /ping
; This directive may be used to customize the response of a ping request. The
; response is formatted as text/plain with a 200 response code.
; Default Value: pong
;ping.response = pong
; The access log file
; Default: not set
;access.log = log/$pool.access.log
; The access log format.
; The following syntax is allowed
; %%: the '%' character
; %C: %CPU used by the request
; it can accept the following format:
; - %{user}C for user CPU only
; - %{system}C for system CPU only
; - %{total}C for user + system CPU (default)
; %d: time taken to serve the request
; it can accept the following format:
; - %{seconds}d (default)
; - %{milliseconds}d
; - %{milli}d
; - %{microseconds}d
; - %{micro}d
; %e: an environment variable (same as $_ENV or $_SERVER)
; it must be associated with embraces to specify the name of the env
; variable. Some examples:
; - server specifics like: %{REQUEST_METHOD}e or %{SERVER_PROTOCOL}e
; - HTTP headers like: %{HTTP_HOST}e or %{HTTP_USER_AGENT}e
; %f: script filename
; %l: content-length of the request (for POST request only)
; %m: request method
; %M: peak of memory allocated by PHP
; it can accept the following format:
; - %{bytes}M (default)
; - %{kilobytes}M
; - %{kilo}M
; - %{megabytes}M
; - %{mega}M
; %n: pool name
; %o: output header
; it must be associated with embraces to specify the name of the header:
; - %{Content-Type}o
; - %{X-Powered-By}o
; - %{Transfert-Encoding}o
; - ....
; %p: PID of the child that serviced the request
; %P: PID of the parent of the child that serviced the request
; %q: the query string
; %Q: the '?' character if query string exists
; %r: the request URI (without the query string, see %q and %Q)
; %R: remote IP address
; %s: status (response code)
; %t: server time the request was received
; it can accept a strftime(3) format:
; %d/%b/%Y:%H:%M:%S %z (default)
; The strftime(3) format must be encapsulated in a %{<strftime_format>}t tag
; e.g. for a ISO8601 formatted timestring, use: %{%Y-%m-%dT%H:%M:%S%z}t
; %T: time the log has been written (the request has finished)
; it can accept a strftime(3) format:
; %d/%b/%Y:%H:%M:%S %z (default)
; The strftime(3) format must be encapsulated in a %{<strftime_format>}t tag
; e.g. for a ISO8601 formatted timestring, use: %{%Y-%m-%dT%H:%M:%S%z}t
; %u: remote user
;
; Default: "%R - %u %t \"%m %r\" %s"
;access.format = "%R - %u %t \"%m %r%Q%q\" %s %f %{milli}d %{kilo}M %C%%"
; A list of request_uri values which should be filtered from the access log.
;
; As a security precuation, this setting will be ignored if:
; - the request method is not GET or HEAD; or
; - there is a request body; or
; - there are query parameters; or
; - the response code is outwith the successful range of 200 to 299
;
; Note: The paths are matched against the output of the access.format tag "%r".
; On common configurations, this may look more like SCRIPT_NAME than the
; expected pre-rewrite URI.
;
; Default Value: not set
;access.suppress_path[] = /ping
;access.suppress_path[] = /health_check.php
; The log file for slow requests
; Default Value: not set
; Note: slowlog is mandatory if request_slowlog_timeout is set
;slowlog = log/$pool.log.slow
; The timeout for serving a single request after which a PHP backtrace will be
; dumped to the 'slowlog' file. A value of '0s' means 'off'.
; Available units: s(econds)(default), m(inutes), h(ours), or d(ays)
; Default Value: 0
;request_slowlog_timeout = 0
; Depth of slow log stack trace.
; Default Value: 20
;request_slowlog_trace_depth = 20
; The timeout for serving a single request after which the worker process will
; be killed. This option should be used when the 'max_execution_time' ini option
; does not stop script execution for some reason. A value of '0' means 'off'.
; Available units: s(econds)(default), m(inutes), h(ours), or d(ays)
; Default Value: 0
;request_terminate_timeout = 0
; The timeout set by 'request_terminate_timeout' ini option is not engaged after
; application calls 'fastcgi_finish_request' or when application has finished and
; shutdown functions are being called (registered via register_shutdown_function).
; This option will enable timeout limit to be applied unconditionally
; even in such cases.
; Default Value: no
;request_terminate_timeout_track_finished = no
; Set open file descriptor rlimit.
; Default Value: system defined value
;rlimit_files = 1024
; Set max core size rlimit.
; Possible Values: 'unlimited' or an integer greater or equal to 0
; Default Value: system defined value
;rlimit_core = 0
; Chroot to this directory at the start. This value must be defined as an
; absolute path. When this value is not set, chroot is not used.
; Note: you can prefix with '$prefix' to chroot to the pool prefix or one
; of its subdirectories. If the pool prefix is not set, the global prefix
; will be used instead.
; Note: chrooting is a great security feature and should be used whenever
; possible. However, all PHP paths will be relative to the chroot
; (error_log, sessions.save_path, ...).
; Default Value: not set
;chroot =
; Chdir to this directory at the start.
; Note: relative path can be used.
; Default Value: current directory or / when chroot
;chdir = /var/www
; Redirect worker stdout and stderr into main error log. If not set, stdout and
; stderr will be redirected to /dev/null according to FastCGI specs.
; Note: on highloaded environment, this can cause some delay in the page
; process time (several ms).
; Default Value: no
;catch_workers_output = yes
; Decorate worker output with prefix and suffix containing information about
; the child that writes to the log and if stdout or stderr is used as well as
; log level and time. This options is used only if catch_workers_output is yes.
; Settings to "no" will output data as written to the stdout or stderr.
; Default value: yes
;decorate_workers_output = no
; Clear environment in FPM workers
; Prevents arbitrary environment variables from reaching FPM worker processes
; by clearing the environment in workers before env vars specified in this
; pool configuration are added.
; Setting to "no" will make all environment variables available to PHP code
; via getenv(), $_ENV and $_SERVER.
; Default Value: yes
;clear_env = no
; Limits the extensions of the main script FPM will allow to parse. This can
; prevent configuration mistakes on the web server side. You should only limit
; FPM to .php extensions to prevent malicious users to use other extensions to
; execute php code.
; Note: set an empty value to allow all extensions.
; Default Value: .php
;security.limit_extensions = .php .php3 .php4 .php5 .php7
; Pass environment variables like LD_LIBRARY_PATH. All $VARIABLEs are taken from
; the current environment.
; Default Value: clean env
;env[HOSTNAME] = $HOSTNAME
;env[PATH] = /usr/local/bin:/usr/bin:/bin
;env[TMP] = /tmp
;env[TMPDIR] = /tmp
;env[TEMP] = /tmp
; Additional php.ini defines, specific to this pool of workers. These settings
; overwrite the values previously defined in the php.ini. The directives are the
; same as the PHP SAPI:
; php_value/php_flag - you can set classic ini defines which can
; be overwritten from PHP call 'ini_set'.
; php_admin_value/php_admin_flag - these directives won't be overwritten by
; PHP call 'ini_set'
; For php_*flag, valid values are on, off, 1, 0, true, false, yes or no.
; Defining 'extension' will load the corresponding shared extension from
; extension_dir. Defining 'disable_functions' or 'disable_classes' will not
; overwrite previously defined php.ini values, but will append the new value
; instead.
; Note: path INI options can be relative and will be expanded with the prefix
; (pool, global or /usr/local)
; Default Value: nothing is defined by default except the values in php.ini and
; specified at startup with the -d argument
;php_admin_value[sendmail_path] = /usr/sbin/sendmail -t -i -f www@my.domain.com
;php_flag[display_errors] = off
;php_admin_value[error_log] = /var/log/fpm-php.www.log
;php_admin_flag[log_errors] = on
;php_admin_value[memory_limit] = 32M
php_admin_value[auto_prepend_file] = /usr/local/etc/php/prepend-wp-redis.php

5
php/php-fpm/zz-docker.conf Normal file
View File

@@ -0,0 +1,5 @@
[global]
daemonize = no
[www]
listen = 9000

24
php/prepend-wp-redis.php Normal file
View File

@@ -0,0 +1,24 @@
<?php
/**
* Platform defaults for WordPress Redis Object Cache (Till Krüss redis-cache).
* Runs before WordPress loads.
*/
$fmt = 'redis-v1'; // bump to v2 if you change serializer/encoding
define('WP_REDIS_SCHEME', 'unix');
define('WP_REDIS_PATH', '/var/run/redis/redis.sock');
define('WP_REDIS_IGBINARY', true);
define('WP_REDIS_TIMEOUT', 1.0);
define('WP_REDIS_READ_TIMEOUT', 1.0);
// Optional polish:
if (!defined('WP_REDIS_RETRY_INTERVAL')) {
define('WP_REDIS_RETRY_INTERVAL', 100);
}
if (!defined('WP_CACHE_KEY_SALT')) {
define('WP_CACHE_KEY_SALT', $fmt . ':');
}
// Migration-safe: always enforce namespace
define('WP_REDIS_PREFIX', $fmt . ':');

121
php/sshd_config Normal file
View File

@@ -0,0 +1,121 @@
# This is the sshd server system-wide configuration file. See
# sshd_config(5) for more information.
# This sshd was compiled with PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
# The strategy used for options in the default sshd_config shipped with
# OpenSSH is to specify options with their default value where
# possible, but leave them commented. Uncommented options override the
# default value.
Include /etc/ssh/sshd_config.d/*.conf
Port 2222
#AddressFamily any
#ListenAddress 0.0.0.0
#ListenAddress ::
HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_ecdsa_key
HostKey /etc/ssh/ssh_host_ed25519_key
# Ciphers and keying
#RekeyLimit default none
# Logging
#SyslogFacility AUTH
#LogLevel INFO
# Authentication:
#LoginGraceTime 2m
#PermitRootLogin prohibit-password
#StrictModes yes
#MaxAuthTries 6
#MaxSessions 10
#PubkeyAuthentication yes
# Expect .ssh/authorized_keys2 to be disregarded by default in future.
#AuthorizedKeysFile .ssh/authorized_keys .ssh/authorized_keys2
#AuthorizedPrincipalsFile none
#AuthorizedKeysCommand none
#AuthorizedKeysCommandUser nobody
# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
#HostbasedAuthentication no
# Change to yes if you don't trust ~/.ssh/known_hosts for
# HostbasedAuthentication
#IgnoreUserKnownHosts no
# Don't read the user's ~/.rhosts and ~/.shosts files
#IgnoreRhosts yes
# To disable tunneled clear text passwords, change to no here!
#PasswordAuthentication yes
#PermitEmptyPasswords no
# Change to yes to enable challenge-response passwords (beware issues with
# some PAM modules and threads)
KbdInteractiveAuthentication no
# Kerberos options
#KerberosAuthentication no
#KerberosOrLocalPasswd yes
#KerberosTicketCleanup yes
#KerberosGetAFSToken no
# GSSAPI options
#GSSAPIAuthentication no
#GSSAPICleanupCredentials yes
#GSSAPIStrictAcceptorCheck yes
#GSSAPIKeyExchange no
# Set this to 'yes' to enable PAM authentication, account processing,
# and session processing. If this is enabled, PAM authentication will
# be allowed through the KbdInteractiveAuthentication and
# PasswordAuthentication. Depending on your PAM configuration,
# PAM authentication via KbdInteractiveAuthentication may bypass
# the setting of "PermitRootLogin prohibit-password".
# If you just want the PAM account and session checks to run without
# PAM authentication, then enable this but set PasswordAuthentication
# and KbdInteractiveAuthentication to 'no'.
UsePAM yes
#AllowAgentForwarding yes
#AllowTcpForwarding yes
#GatewayPorts no
#X11Forwarding yes
#X11DisplayOffset 10
#X11UseLocalhost yes
#PermitTTY yes
PrintMotd no
#PrintLastLog yes
#TCPKeepAlive yes
#PermitUserEnvironment no
#Compression delayed
#ClientAliveInterval 0
#ClientAliveCountMax 3
#UseDNS no
#PidFile /run/sshd.pid
#MaxStartups 10:30:100
#PermitTunnel no
#ChrootDirectory none
#VersionAddendum none
# no default banner path
#Banner none
# Allow client to pass locale environment variables
AcceptEnv LANG LC_*
# override default of no subsystems
#Subsystem sftp /usr/lib/openssh/sftp-server
# Example of overriding settings on a per-user basis
#Match User anoncvs
# X11Forwarding no
# AllowTcpForwarding no
# PermitTTY no
# ForceCommand cvs server

2
php/upload.ini Normal file
View File

@@ -0,0 +1,2 @@
upload_max_filesize = 2048M
post_max_size = 2048M

1
php/zz-redis-serializer.ini Normal file
View File

@@ -0,0 +1 @@
redis.serializer=igbinary

7
phpmyadmin/Dockerfile Normal file
View File

@@ -0,0 +1,7 @@
FROM phpmyadmin
# COPY APACHE ports
COPY ports.conf /etc/apache2/ports.conf
# COPY MYSQL config
COPY mysql.ini /usr/local/etc/php/conf.d/mysql.ini

5
phpmyadmin/mysql.ini Normal file
View File

@@ -0,0 +1,5 @@
[Pdo_mysql]
pdo_mysql.default_socket=/var/run/mysqld/mysqld.sock
[MySQLi]
mysqli.default_socket = /var/run/mysqld/mysqld.sock

15
phpmyadmin/ports.conf Normal file
View File

@@ -0,0 +1,15 @@
# If you just change the port or add more ports here, you will likely also
# have to change the VirtualHost statement in
# /etc/apache2/sites-enabled/000-default.conf
Listen 81
<IfModule ssl_module>
Listen 443
</IfModule>
<IfModule mod_gnutls.c>
Listen 443
</IfModule>
# vim: syntax=apache ts=4 sw=4 sts=4 sr noet

3
redis/Dockerfile Normal file
View File

@@ -0,0 +1,3 @@
FROM redis:8.4-alpine
COPY redis.conf /usr/local/etc/redis/redis.conf
CMD [ "redis-server", "/usr/local/etc/redis/redis.conf" ]

1319
redis/redis.conf Normal file
View File

File diff suppressed because it is too large Load Diff

13
sftp/Dockerfile Normal file
View File

@@ -0,0 +1,13 @@
FROM atmoz/sftp
#ADD users.conf /etc/sftp/users.conf
ARG SSHKEY1
ARG SSHKEY2
#ARG SFTPUSERS
RUN echo "${SSHKEY1}" | base64 --decode > /etc/ssh/ssh_host_ed25519_key
RUN echo "${SSHKEY2}" | base64 --decode > /etc/ssh/ssh_host_rsa_key
#RUN echo ${SFTP_USERS} > /etc/test

1
sftp/users.conf Normal file
View File

@@ -0,0 +1 @@
ftp-1:123:33:33