From b56ce2583060364c4b1db0f3f959b703285a6979 Mon Sep 17 00:00:00 2001 From: Nathan Woodburn Date: Tue, 7 Jan 2025 15:00:59 +1100 Subject: [PATCH] feat: Add docker stuff --- 000-default.conf | 19 ++++ Dockerfile | 28 ++++++ apache2.conf | 229 ++++++++++++++++++++++++++++++++++++++++++++ build.sh | 5 + etc/head.php | 32 +++---- nginx.template.conf | 62 ------------ oldnixpacks.json | 47 --------- 7 files changed, 296 insertions(+), 126 deletions(-) create mode 100644 000-default.conf create mode 100644 Dockerfile create mode 100644 apache2.conf create mode 100755 build.sh delete mode 100644 nginx.template.conf delete mode 100644 oldnixpacks.json diff --git a/000-default.conf b/000-default.conf new file mode 100644 index 0000000..bc15ed1 --- /dev/null +++ b/000-default.conf @@ -0,0 +1,19 @@ + + # ServerName localhost + DocumentRoot /var/www/html + + # ProxyPass for WebSocket handling + ProxyPass /wss ws://hnschat-server:4444/ + ProxyPassReverse /wss ws://hnschat-server:4444/ + + + Options +FollowSymLinks +MultiViews + AllowOverride All + Require all granted + + + # PHP settings + DirectoryIndex index.php + AddType application/x-httpd-php .php + + diff --git a/Dockerfile b/Dockerfile new file mode 100644 index 0000000..9d236e3 --- /dev/null +++ b/Dockerfile @@ -0,0 +1,28 @@ +# Start with the official Apache2 image +FROM php:8.1-apache + +# Install additional PHP extensions if needed +RUN docker-php-ext-install mysqli pdo pdo_mysql + +# Enable mod_rewrite (commonly required for Apache) +RUN a2enmod rewrite +RUN a2enmod proxy +RUN a2enmod proxy_http +RUN a2enmod proxy_wstunnel +RUN a2enmod headers + +# Copy your PHP application to the web server's document root +COPY ./ /var/www/html/ + +# Set proper permissions for Apache to access the files +RUN chown -R www-data:www-data /var/www/html/ + +# Copy config +COPY ./000-default.conf /etc/apache2/sites-available/000-default.conf +COPY ./apache2.conf /etc/apache2/apache2.conf + +# Expose port 80 +EXPOSE 80 + +# Start Apache in the foreground +CMD ["apache2-foreground"] diff --git a/apache2.conf b/apache2.conf new file mode 100644 index 0000000..8f0e9ea --- /dev/null +++ b/apache2.conf @@ -0,0 +1,229 @@ +# This is the main Apache server configuration file. It contains the +# configuration directives that give the server its instructions. +# See http://httpd.apache.org/docs/2.4/ for detailed information about +# the directives and /usr/share/doc/apache2/README.Debian about Debian specific +# hints. +# +# +# Summary of how the Apache 2 configuration works in Debian: +# The Apache 2 web server configuration in Debian is quite different to +# upstream's suggested way to configure the web server. This is because Debian's +# default Apache2 installation attempts to make adding and removing modules, +# virtual hosts, and extra configuration directives as flexible as possible, in +# order to make automating the changes and administering the server as easy as +# possible. + +# It is split into several files forming the configuration hierarchy outlined +# below, all located in the /etc/apache2/ directory: +# +# /etc/apache2/ +# |-- apache2.conf +# | `-- ports.conf +# |-- mods-enabled +# | |-- *.load +# | `-- *.conf +# |-- conf-enabled +# | `-- *.conf +# `-- sites-enabled +# `-- *.conf +# +# +# * apache2.conf is the main configuration file (this file). It puts the pieces +# together by including all remaining configuration files when starting up the +# web server. +# +# * ports.conf is always included from the main configuration file. It is +# supposed to determine listening ports for incoming connections which can be +# customized anytime. +# +# * Configuration files in the mods-enabled/, conf-enabled/ and sites-enabled/ +# directories contain particular configuration snippets which manage modules, +# global configuration fragments, or virtual host configurations, +# respectively. +# +# They are activated by symlinking available configuration files from their +# respective *-available/ counterparts. These should be managed by using our +# helpers a2enmod/a2dismod, a2ensite/a2dissite and a2enconf/a2disconf. See +# their respective man pages for detailed information. +# +# * The binary is called apache2. Due to the use of environment variables, in +# the default configuration, apache2 needs to be started/stopped with +# /etc/init.d/apache2 or apache2ctl. Calling /usr/bin/apache2 directly will not +# work with the default configuration. + + +# Global configuration +# + +# +# ServerRoot: The top of the directory tree under which the server's +# configuration, error, and log files are kept. +# +# NOTE! If you intend to place this on an NFS (or otherwise network) +# mounted filesystem then please read the Mutex documentation (available +# at ); +# you will save yourself a lot of trouble. +# +# Do NOT add a slash at the end of the directory path. +# +#ServerRoot "/etc/apache2" + +# +# The accept serialization lock file MUST BE STORED ON A LOCAL DISK. +# +#Mutex file:${APACHE_LOCK_DIR} default + +# +# The directory where shm and other runtime files will be stored. +# + +DefaultRuntimeDir ${APACHE_RUN_DIR} + +# +# PidFile: The file in which the server should record its process +# identification number when it starts. +# This needs to be set in /etc/apache2/envvars +# +PidFile ${APACHE_PID_FILE} + +# +# Timeout: The number of seconds before receives and sends time out. +# +Timeout 300 + +# +# KeepAlive: Whether or not to allow persistent connections (more than +# one request per connection). Set to "Off" to deactivate. +# +KeepAlive On + +# +# MaxKeepAliveRequests: The maximum number of requests to allow +# during a persistent connection. Set to 0 to allow an unlimited amount. +# We recommend you leave this number high, for maximum performance. +# +MaxKeepAliveRequests 100 + +# +# KeepAliveTimeout: Number of seconds to wait for the next request from the +# same client on the same connection. +# +KeepAliveTimeout 5 + + +# These need to be set in /etc/apache2/envvars +User ${APACHE_RUN_USER} +Group ${APACHE_RUN_GROUP} + +# +# HostnameLookups: Log the names of clients or just their IP addresses +# e.g., www.apache.org (on) or 204.62.129.132 (off). +# The default is off because it'd be overall better for the net if people +# had to knowingly turn this feature on, since enabling it means that +# each client request will result in AT LEAST one lookup request to the +# nameserver. +# +HostnameLookups Off + +# ErrorLog: The location of the error log file. +# If you do not specify an ErrorLog directive within a +# container, error messages relating to that virtual host will be +# logged here. If you *do* define an error logfile for a +# container, that host's errors will be logged there and not here. +# +ErrorLog ${APACHE_LOG_DIR}/error.log + +# +# LogLevel: Control the severity of messages logged to the error_log. +# Available values: trace8, ..., trace1, debug, info, notice, warn, +# error, crit, alert, emerg. +# It is also possible to configure the log level for particular modules, e.g. +# "LogLevel info ssl:warn" +# +LogLevel warn + +# Include module configuration: +IncludeOptional mods-enabled/*.load +IncludeOptional mods-enabled/*.conf + +# Include list of ports to listen on +Include ports.conf + + +# Sets the default security model of the Apache2 HTTPD server. It does +# not allow access to the root filesystem outside of /usr/share and /var/www. +# The former is used by web applications packaged in Debian, +# the latter may be used for local directories served by the web server. If +# your system is serving content from a sub-directory in /srv you must allow +# access here, or in any related virtual host. + + Options FollowSymLinks + AllowOverride None + Require all denied + + + + AllowOverride None + Require all granted + + + + Options Indexes FollowSymLinks + AllowOverride None + Require all granted + + +# +# Options Indexes FollowSymLinks +# AllowOverride None +# Require all granted +# + + + + +# AccessFileName: The name of the file to look for in each directory +# for additional configuration directives. See also the AllowOverride +# directive. +# +AccessFileName .htaccess + +# +# The following lines prevent .htaccess and .htpasswd files from being +# viewed by Web clients. +# + + Require all denied + + + +# +# The following directives define some format nicknames for use with +# a CustomLog directive. +# +# These deviate from the Common Log Format definitions in that they use %O +# (the actual bytes sent including headers) instead of %b (the size of the +# requested file), because the latter makes it impossible to detect partial +# requests. +# +# Note that the use of %{X-Forwarded-For}i instead of %h is not recommended. +# Use mod_remoteip instead. +# +LogFormat "%v:%p %h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" vhost_combined +LogFormat "%h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" combined +LogFormat "%h %l %u %t \"%r\" %>s %O" common +LogFormat "%{Referer}i -> %U" referer +LogFormat "%{User-agent}i" agent + +# Include of directories ignores editors' and dpkg's backup files, +# see README.Debian for details. + +# Include generic snippets of statements +IncludeOptional conf-enabled/*.conf + +# Include the virtual host configurations: +IncludeOptional sites-enabled/*.con + +# Global Server Configuration +ServerTokens Prod +ServerSignature Off \ No newline at end of file diff --git a/build.sh b/build.sh new file mode 100755 index 0000000..8744c95 --- /dev/null +++ b/build.sh @@ -0,0 +1,5 @@ +#!/bin/bash + +docker build -t hnschat-web . +docker tag hnschat-web git.woodburn.au/nathanwoodburn/hnschat-web:latest +docker push git.woodburn.au/nathanwoodburn/hnschat-web:latest \ No newline at end of file diff --git a/etc/head.php b/etc/head.php index 732b11d..589a788 100644 --- a/etc/head.php +++ b/etc/head.php @@ -1,7 +1,5 @@ HNSChat @@ -24,22 +22,22 @@ - + - - - - - - - - - - - - - + + + + + + + + + + + + + \ No newline at end of file diff --git a/nginx.template.conf b/nginx.template.conf deleted file mode 100644 index e72154e..0000000 --- a/nginx.template.conf +++ /dev/null @@ -1,62 +0,0 @@ -worker_processes 1; - -events { - worker_connections 1024; -} - -http { - include $!{nginx}/conf/mime.types; - default_type application/octet-stream; - - server { - listen 80; - - root /app; - index index.php; - - location /wss { - proxy_pass http://hnschat-server:4444/; - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection 'upgrade'; - proxy_set_header Host $host; - } - - location / { - try_files $uri $uri/ /index.php?$query_string; - } - - location ~ \.php$ { - include $!{nginx}/conf/fastcgi_params; - fastcgi_pass unix:/var/run/php/php7.4-fpm.sock; # Modify the PHP-FPM socket path as per your setup - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - fastcgi_param DOCUMENT_ROOT $document_root; - } - - location ~* ^/(avatar.php|preview.php|assets|uploads)/ { - add_header Cache-Control "max-age=63072000, public"; - } - - location ~ ^/(avatar|preview)/([A-Za-z0-9]+)/?$ { - rewrite ^/avatar/([A-Za-z0-9]+)/?$ /etc/avatar.php?id=$1 last; - rewrite ^/preview/([A-Za-z0-9]+)/?$ /etc/preview.php?id=$1 last; - } - - location ~ ^/invite/([A-Za-z0-9-]+)/?$ { - rewrite ^/invite/([A-Za-z0-9-]+)/?$ /id.php?invite=$1 last; - } - - # Enable CORS headers - add_header Access-Control-Allow-Origin "*"; - add_header Access-Control-Allow-Methods "GET"; - - # Disable server tokens and signatures - server_tokens off; - add_header X-Powered-By "PHP/7.4"; # Modify PHP version as per your setup - - # Directory permissions for /app - location /app/ { - allow all; - } - } -} diff --git a/oldnixpacks.json b/oldnixpacks.json deleted file mode 100644 index 8fd43f0..0000000 --- a/oldnixpacks.json +++ /dev/null @@ -1,47 +0,0 @@ -{ - "providers": ["php"], - "buildImage": "ghcr.io/railwayapp/nixpacks:ubuntu-1731369831", - "variables": { - "NIXPACKS_METADATA": "php", - "PORT": "80" - }, - "staticAssets": { - "apache.template.conf": "\n ServerName localhost\n DocumentRoot \"${NIXPACKS_PHP_ROOT_DIR:-/app}\"\n\n \n Options Indexes +FollowSymLinks +MultiViews\n AllowOverride All\n Require all granted\n \n\n \n SetHandler \"proxy:fcgi://127.0.0.1:9000\"\n \n\n ServerTokens Prod\n ServerSignature Off\n\n DirectoryIndex index.php\n AddType text/html php\n AddType application/x-httpd-php .php\n\n ErrorLog /dev/stdout\n CustomLog /dev/stdout combined\n\n Header always set X-Frame-Options \"SAMEORIGIN\"\n Header always set X-Content-Type-Options \"nosniff\"\n\n RewriteEngine On\n RewriteCond %{REQUEST_FILENAME} !-f\n RewriteCond %{REQUEST_FILENAME} !-d\n RewriteRule ^ index.php [QSA,L]\n\n \n Require all denied\n \n\n", - "php-fpm.conf": "[www]\nlisten = 127.0.0.1:9000\nuser = nobody\npm = dynamic\npm.max_children = 50\npm.min_spare_servers = 4\npm.max_spare_servers = 32\npm.start_servers = 18\nclear_env = no\ncatch_workers_output = yes\n", - "scripts/config/template.mjs": "import { readFile, writeFile } from \"fs/promises\";\nimport { getNixPath } from \"../util/nix.mjs\";\n\nconst replaceStr = input =>\n input\n .replaceAll(/\\${(\\w+)}/g,\n (_all, name) => process.env[name]\n )\n .replaceAll(/\\$!{(\\w+)}/g,\n (_all, exe) => getNixPath(exe)\n )\n\nexport async function compileTemplate(infile, outfile) {\n await writeFile(outfile,\n replaceStr(await readFile(infile, { encoding: 'utf8' })),\n { encoding: 'utf8' })\n}\n", - "scripts/prestart.mjs": "#!/usr/bin/env node\nimport { compileTemplate } from \"./config/template.mjs\";\nimport { e } from \"./util/cmd.mjs\";\n\nif (process.argv.length != 4) {\n console.error(`Usage: ${process.argv[1]} `);\n process.exit(1);\n}\n\nawait compileTemplate(process.argv[2], process.argv[3]);\nconsole.log(`Server starting on port ${process.env.PORT}`);\n", - "scripts/util/cmd.mjs": "import { execSync } from \"child_process\";\nexport const e = cmd => execSync(cmd).toString().replace('\\n', '');" - }, - "phases": { - "install": { - "dependsOn": [ - "setup" - ], - "cmds": [ - "mkdir -p /var/log/apache2 && mkdir -p /var/cache/apache2 && mkdir -p /etc/apache2/sites-available", - "cp /assets/apache.template.conf /etc/apache2/sites-available/000-default.conf" - ] - }, - "setup": { - "nixPkgs": [ - "(php83.withExtensions (pe: pe.enabled ++ []))", - "apacheHttpd", - "libmysqlclient", - "php83Packages.composer", - "nodejs_18", - "npm-9_x" - ], - "nixLibs": [ - "libmysqlclient" - ], - "nixOverlays": [ - "https://github.com/railwayapp/nix-npm-overlay/archive/main.tar.gz" - ], - "nixpkgsArchive": "dbc4f15b899ac77a8d408d8e0f89fa9c0c5f2b78" - } - }, - "start": { - "cmd": "node /assets/scripts/prestart.mjs /assets/apache.template.conf /etc/apache2/sites-available/000-default.conf && (php-fpm -y /assets/php-fpm.conf & apachectl -D FOREGROUND)" - } - } - \ No newline at end of file