commit
161fabc51b
18 changed files with 405 additions and 0 deletions
@ -0,0 +1,82 @@
@@ -0,0 +1,82 @@
|
||||
FROM debian:buster-slim |
||||
|
||||
LABEL nl.rug.webhosting.version="0.1.9" nl.rug.webhosting.release-date="2021-01-04" nl.rug.webhosting.version.is-production="true" |
||||
|
||||
# ONBUILD apt-get update && apt-get upgrade -y |
||||
|
||||
ENV DEBIAN_FRONTEND noninteractive |
||||
|
||||
RUN export LANG=en_US.UTF-8 \ |
||||
&& apt-get update && apt-get install --no-install-recommends -y wget curl apt-transport-https ca-certificates gnupg2 \ |
||||
&& wget -4 --no-check-certificate https://packages.microsoft.com/keys/microsoft.asc -O /tmp/microsoft.asc \ |
||||
&& cat /tmp/microsoft.asc | apt-key add - \ |
||||
&& wget --no-check-certificate -q https://packages.sury.org/php/apt.gpg -O- | apt-key add - \ |
||||
&& curl https://packages.microsoft.com/config/debian/10/prod.list > /etc/apt/sources.list.d/mssql-release.list \ |
||||
&& echo "deb https://packages.sury.org/php/ buster main" > /etc/apt/sources.list.d/php.list \ |
||||
&& apt-get update && apt-get upgrade -y \ |
||||
&& ACCEPT_EULA=Y apt-get -y install --no-install-recommends msodbcsql17 php8.0 php8.0-xml php8.0-cli php8.0-common php8.0-curl php8.0-mbstring php8.0-mysql \ |
||||
php8.0-xml apache2 php8.0-mysqli libimage-exiftool-perl imagemagick \ |
||||
libapache2-mod-php8.0 ghostscript libimage-exiftool-perl libodbc1 odbcinst1debian2 php8.0-odbc \ |
||||
php-pear nano ruby locales cron logrotate mailutils msmtp msmtp-mta && \ |
||||
apt-get autoclean && \ |
||||
apt-get clean |
||||
|
||||
RUN apt-get -y install --no-install-recommends make g++ gcc php8.0-dev unixodbc-dev |
||||
|
||||
RUN pecl channel-update pecl.php.net \ |
||||
&& pecl install sqlsrv \ |
||||
&& pecl install pdo_sqlsrv \ |
||||
&& pecl install pecl mongodb \ |
||||
&& printf "; priority=20\nextension=sqlsrv.so\n" > /etc/php/8.0/mods-available/sqlsrv.ini \ |
||||
&& printf "; priority=30\nextension=pdo_sqlsrv.so\n" > /etc/php/8.0/mods-available/pdo_sqlsrv.ini \ |
||||
&& printf "; priority=40\nextension=pdo_mongodb.so\n" > /etc/php/8.0/mods-available/pdo_mongodb.ini \ |
||||
&& phpenmod sqlsrv pdo_sqlsrv mongodb |
||||
|
||||
RUN apt-get remove make g++ gcc php8.0-dev unixodbc-dev -y \ |
||||
&& apt-get autoremove -y |
||||
|
||||
RUN a2enmod headers \ |
||||
&& a2enmod rewrite \ |
||||
&& a2enmod proxy \ |
||||
&& a2enmod remoteip \ |
||||
&& a2enmod expires \ |
||||
&& a2enmod proxy_fcgi \ |
||||
&& a2dismod status \ |
||||
&& a2dissite 000-default \ |
||||
&& rm /etc/localtime \ |
||||
&& ln -s /usr/share/zoneinfo/Europe/Amsterdam /etc/localtime \ |
||||
&& echo "en_US.UTF-8 UTF-8" >> /etc/locale.gen \ |
||||
&& echo "nl_NL.UTF-8 UTF-8" >> /etc/locale.gen \ |
||||
&& locale-gen \ |
||||
&& echo "TLS_REQCERT never" >> /etc/ldap/ldap.conf |
||||
|
||||
ENV LANG=en_US.UTF-8 \ |
||||
LC_ALL=en_US.UTF-8 \ |
||||
APACHE_RUN_USER=www-data \ |
||||
APACHE_RUN_GROUP=www-data \ |
||||
APACHE_CGI_DIR=/home/www/cgi-bin \ |
||||
APACHE_LOG_DIR=/home/www/log \ |
||||
APACHE_SERVERADMIN=webhosting.cit@rug.nl \ |
||||
APACHE_SERVERNAME=localhost \ |
||||
APACHE_SERVER_NAME=localhost \ |
||||
APACHE_SERVERALIAS=web.rug.nl \ |
||||
APACHE_DOCUMENTROOT=/home/www/site \ |
||||
APACHE_CRON_DIR=/home/www/crons \ |
||||
APACHE_HOME_DIR=/home/www \ |
||||
APACHE_RUN_DIR=/var/run/apache2 \ |
||||
APACHE_PID_FILE=/var/run/apache2/apache2.pid \ |
||||
APACHE_LOCK_DIR=/var/lock/apache2 \ |
||||
PHP_MEMORY_LIMIT="512M" |
||||
RUN env |
||||
|
||||
RUN mkdir -p $APACHE_RUN_DIR DIR $APACHE_LOCK_DIR |
||||
|
||||
ADD ./conf / |
||||
|
||||
WORKDIR /home/www |
||||
|
||||
RUN chmod +x /start.sh |
||||
|
||||
ENTRYPOINT ["/start.sh"] |
||||
CMD ["apache2", "-DFOREGROUND"] |
||||
|
@ -0,0 +1,31 @@
@@ -0,0 +1,31 @@
|
||||
<LocationMatch ".*"> |
||||
SetEnvIfNoCase User-Agent "MJ12bot" bad_user |
||||
SetEnvIfNoCase User-Agent "YandexBot" bad_user |
||||
SetEnvIfNoCase User-Agent "YAhrefsBot" bad_user |
||||
SetEnvIfNoCase User-Agent " SemrushBot" bad_user |
||||
Deny from env=bad_user |
||||
</LocationMatch> |
||||
|
||||
<If "%{HTTP_USER_AGENT} == 'MJ12bot'"> |
||||
Deny from all |
||||
</If> |
||||
|
||||
<If "%{HTTP_USER_AGENT} == 'YandexBot'"> |
||||
Deny from all |
||||
</If> |
||||
|
||||
<If "%{HTTP_USER_AGENT} == 'YAhrefsBot'"> |
||||
Deny from all |
||||
</If> |
||||
|
||||
<If "%{HTTP_USER_AGENT} == ' SemrushBot'"> |
||||
Deny from all |
||||
</If> |
||||
|
||||
<Directory /> |
||||
SetEnvIfNoCase User-Agent "MJ12bot" bad_user |
||||
SetEnvIfNoCase User-Agent "YandexBot" bad_user |
||||
SetEnvIfNoCase User-Agent "YAhrefsBot" bad_user |
||||
SetEnvIfNoCase User-Agent " SemrushBot" bad_user |
||||
Deny from env=bad_user |
||||
</Directory> |
@ -0,0 +1 @@
@@ -0,0 +1 @@
|
||||
KeepAlive Off |
@ -0,0 +1,3 @@
@@ -0,0 +1,3 @@
|
||||
Header set X-XSS-Protection "1; mode=block" |
||||
Header always append X-Frame-Options SAMEORIGIN |
||||
Header set X-Content-Type-Options nosniff |
@ -0,0 +1,7 @@
@@ -0,0 +1,7 @@
|
||||
<IfModule mpm_prefork_module> |
||||
StartServers 2 |
||||
MinSpareServers 2 |
||||
MaxSpareServers 10 |
||||
MaxRequestWorkers 250 |
||||
MaxConnectionsPerChild 0 |
||||
</IfModule> |
@ -0,0 +1,15 @@
@@ -0,0 +1,15 @@
|
||||
<IfModule rpaf_module> |
||||
RPAFenable On |
||||
|
||||
# When enabled, take the incoming X-Host header and |
||||
# update the virtualhost settings accordingly: |
||||
RPAFsethostname On |
||||
|
||||
# Define which IP's are your frontend proxies that sends |
||||
# the correct X-Forwarded-For headers: |
||||
RPAFproxy_ips 127.0.0.1 ::1 10.42.0.0/16 192.168.64.0/24 |
||||
|
||||
# Change the header name to parse from the default |
||||
# X-Forwarded-For to something of your choice: |
||||
RPAFheader X-Forwarded-For |
||||
</IfModule> |
@ -0,0 +1,29 @@
@@ -0,0 +1,29 @@
|
||||
<VirtualHost *:80> |
||||
ServerAdmin ${APACHE_SERVERADMIN} |
||||
|
||||
ServerName ${APACHE_SERVERNAME} |
||||
ServerAlias ${APACHE_SERVERALIAS} |
||||
|
||||
DocumentRoot ${APACHE_DOCUMENTROOT} |
||||
<Directory ${APACHE_DOCUMENTROOT}> |
||||
Options Indexes FollowSymLinks |
||||
AllowOverride All |
||||
Require all granted |
||||
</Directory> |
||||
|
||||
Alias /cgi-bin/ ${APACHE_CGI_DIR} |
||||
<Directory /home/www/${APACHE_CGI_DIR}> |
||||
Options +ExecCGI |
||||
AddHandler cgi-script cgi pl |
||||
</Directory> |
||||
|
||||
# Possible values include: debug, info, notice, warn, error, crit, |
||||
# alert, emerg. |
||||
LogLevel warn |
||||
|
||||
|
||||
ErrorLog ${APACHE_LOG_DIR}/${APACHE_SERVERNAME}_error.log |
||||
CustomLog ${APACHE_LOG_DIR}/${APACHE_SERVERNAME}_access.log combined |
||||
|
||||
|
||||
</VirtualHost> |
@ -0,0 +1,20 @@
@@ -0,0 +1,20 @@
|
||||
$MODLOAD IMFILE |
||||
$INPUTFILEPOLLINTERVAL 10 |
||||
$PRIVDROPTOGROUP ADM |
||||
$WORKDIRECTORY /VAR/SPOOL/RSYSLOG |
||||
|
||||
# APACHE ACCESS FILE: |
||||
$INPUTFILENAME ${APACHE_LOG_DIR}/${APACHE_SERVERNAME}_access.log |
||||
$INPUTFILETAG APACHE-ACCESS: |
||||
$INPUTFILESTATEFILE STAT-APACHE-ACCESS |
||||
$INPUTFILESEVERITY INFO |
||||
$INPUTFILEPERSISTSTATEINTERVAL 20000 |
||||
$INPUTRUNFILEMONITOR |
||||
|
||||
#APACHE ERROR FILE: |
||||
$INPUTFILENAME ${APACHE_LOG_DIR}/${APACHE_SERVERNAME}_error.log |
||||
$INPUTFILETAG APACHE-ERROR: |
||||
$INPUTFILESTATEFILE STAT-APACHE-ERROR |
||||
$INPUTFILESEVERITY ERROR |
||||
$INPUTFILEPERSISTSTATEINTERVAL 20000 |
||||
$INPUTRUNFILEMONITOR |
@ -0,0 +1,9 @@
@@ -0,0 +1,9 @@
|
||||
[supervisord] |
||||
nodaemon=true |
||||
|
||||
[program:cron] |
||||
command=/usr/sbin/cron -f -L 15 |
||||
stdout_logfile=/var/log/supervisor/%(program_name)s.log |
||||
stderr_logfile=/var/log/supervisor/%(program_name)s.log |
||||
autorestart=false |
||||
priority=10 |
@ -0,0 +1,11 @@
@@ -0,0 +1,11 @@
|
||||
[supervisord] |
||||
nodaemon=true |
||||
|
||||
[program:start] |
||||
command=/start.sh |
||||
stdout_logfile=/var/log/supervisor/%(program_name)s.log |
||||
stderr_logfile=/var/log/supervisor/%(program_name)s.log |
||||
startsecs=0 |
||||
autorestart=false |
||||
priority=1 |
||||
|
@ -0,0 +1,11 @@
@@ -0,0 +1,11 @@
|
||||
[supervisord] |
||||
nodaemon=true |
||||
|
||||
[program:perm] |
||||
command=/perm.sh |
||||
stdout_logfile=/var/log/supervisor/%(program_name)s.log |
||||
stderr_logfile=/var/log/supervisor/%(program_name)s.log |
||||
priority=999 |
||||
autorestart=false |
||||
|
||||
|
@ -0,0 +1,11 @@
@@ -0,0 +1,11 @@
|
||||
[supervisord] |
||||
nodaemon=true |
||||
user=root |
||||
|
||||
[program:php] |
||||
command=/usr/sbin/php5-fpm -F -O |
||||
stdout_logfile=/var/log/supervisor/%(program_name)s.log |
||||
stderr_logfile=/var/log/supervisor/%(program_name)s.log |
||||
priority=90 |
||||
autorestart=true |
||||
startsecs = 65 |
@ -0,0 +1,8 @@
@@ -0,0 +1,8 @@
|
||||
[supervisord] |
||||
nodaemon=true |
||||
|
||||
[program:td-agent-bit] |
||||
command=/opt/td-agent-bit/bin/td-agent-bit -i tail -p path=%(ENV_APACHE_LOG_DIR)s/%(ENV_APACHE_SERVERNAME)s_*.log -t apache.access -o forward://192.168.64.12:5001 -p -R /opt/parser.conf |
||||
stdout_logfile=/var/log/supervisor/%(program_name)s.log |
||||
stderr_logfile=/var/log/supervisor/%(program_name)s.log |
||||
priority=20 |
@ -0,0 +1,50 @@
@@ -0,0 +1,50 @@
|
||||
cat<<EOD |
||||
<VirtualHost *:80> |
||||
ServerAdmin ${APACHE_SERVERADMIN} |
||||
|
||||
ServerName ${APACHE_SERVERNAME} |
||||
ServerAlias ${APACHE_SERVERALIAS} |
||||
|
||||
DocumentRoot ${APACHE_DOCUMENTROOT} |
||||
|
||||
|
||||
<IfModule mod_ruid2.c> |
||||
|
||||
RMode config |
||||
|
||||
RDefaultUidGid ${APACHE_RUN_USER} ${APACHE_RUN_USER} |
||||
RUidGid ${APACHE_RUN_USER} ${APACHE_RUN_USER} |
||||
RGroups ${APACHE_RUN_USER} |
||||
</IfModule> |
||||
|
||||
DirectoryIndex index.html index.htm index.php welcome.html |
||||
|
||||
<Directory ${APACHE_DOCUMENTROOT}> |
||||
Options Indexes FollowSymLinks |
||||
AllowOverride All |
||||
|
||||
SetEnvIfNoCase User-agent "^Baidu" bad_bot |
||||
SetEnvIfNoCase User-agent "^Yandex" bad_bot |
||||
SetEnvIfNoCase User-agent "^Sosospider" bad_bot |
||||
SetEnvIfNoCase User-agent "^AhrefsBot" bad_bot |
||||
SetEnvIfNoCase User-agent "^linkdexbot" bad_bot |
||||
|
||||
<RequireAll> |
||||
Require all granted |
||||
Require not env bad_bot |
||||
</RequireAll> |
||||
</Directory> |
||||
|
||||
Alias /cgi-bin/ ${APACHE_CGI_DIR} |
||||
<Directory /home/www/${APACHE_CGI_DIR}> |
||||
Options +ExecCGI |
||||
AddHandler cgi-script cgi pl |
||||
</Directory> |
||||
|
||||
LogLevel warn |
||||
|
||||
ErrorLog ${APACHE_LOG_DIR}/${APACHE_SERVERNAME}_error.log |
||||
CustomLog ${APACHE_LOG_DIR}/${APACHE_SERVERNAME}_access.log combined |
||||
|
||||
</VirtualHost> |
||||
EOD |
@ -0,0 +1,8 @@
@@ -0,0 +1,8 @@
|
||||
#!/bin/bash |
||||
test=`/usr/bin/curl -s -o /dev/null -w "%{http_code}" http://localhost | awk {'print $1'}` |
||||
|
||||
if [ "$test" == "200" ] || [ "$test" == "302" ] || [ "$test" == "301" ]; then |
||||
exit "$?" |
||||
else |
||||
exit 1 |
||||
fi |
@ -0,0 +1,107 @@
@@ -0,0 +1,107 @@
|
||||
#!/bin/bash |
||||
|
||||
/usr/sbin/useradd -d /home/www -s /bin/false -M ${APACHE_RUN_USER} |
||||
/usr/sbin/adduser ${APACHE_RUN_USER} crontab |
||||
|
||||
if [[ ! $RUN_USER == lokaal ]]; then |
||||
|
||||
USER_UID=`echo ${APACHE_RUN_USER} | tr -d '{p,f},'` |
||||
|
||||
if echo ${APACHE_RUN_USER} | grep "p" ; then |
||||
sed -i "s/1000/10${USER_UID}/g" /etc/passwd |
||||
sed -i "s/1000/10${USER_UID}/g" /etc/group |
||||
fi |
||||
|
||||
if echo ${APACHE_RUN_USER} | grep "f" ;then |
||||
sed -i "s/1000/20${USER_UID}/g" /etc/passwd |
||||
sed -i "s/1000/20${USER_UID}/g" /etc/group |
||||
fi |
||||
|
||||
if echo ${APACHE_RUN_USER} | grep "s" ;then |
||||
sed -i "s/1000/3${USER_UID}/g" /etc/passwd |
||||
sed -i "s/1000/3${USER_UID}/g" /etc/group |
||||
fi |
||||
|
||||
fi |
||||
|
||||
sed -i "s/memory_limit = 128M/memory_limit = ${PHP_MEMORY_LIMIT}/g" /etc/php/7.3/apache2/php.ini |
||||
sed -i 's@;mail.log = syslog@mail.log = /home/www/log/mail.log@g' /etc/php/7.3/apache2/php.ini |
||||
sed -i 's@SMTP = localhost@SMTP = smtp.rug.nl@g' /etc/php/7.3/apache2/php.ini |
||||
|
||||
echo "$APACHE_SERVERNAME" > /etc/mailname |
||||
|
||||
cat> /etc/php/7.3/apache2/conf.d/10-opcache.ini << EOF |
||||
zend_extension=opcache.so |
||||
opcache.enable=1 |
||||
opcache.validate_timestamps=1 |
||||
opcache.revalidate_freq=60 |
||||
opcache.max_accelerated_files=10000 |
||||
opcache.memory_consumption=64 |
||||
opcache.interned_strings_buffer=8 |
||||
opcache.fast_shutdown=1 |
||||
EOF |
||||
|
||||
. /etc/tpl/001-docker.tpl > /etc/apache2/sites-enabled/001-docker.conf |
||||
|
||||
if [ ! -d ${APACHE_DOCUMENTROOT} ]; then |
||||
mkdir ${APACHE_DOCUMENTROOT} -p |
||||
chown ${APACHE_RUN_USER}:${APACHE_RUN_USER} $APACHE_DOCUMENTROOT |
||||
fi |
||||
|
||||
[[ -d $APACHE_LOG_DIR ]] || mkdir -p $APACHE_LOG_DIR && chown $APACHE_RUN_USER:$APACHE_RUN_USER $APACHE_LOG_DIR |
||||
|
||||
if [ ! -d ${APACHE_CRON_DIR} ]; then |
||||
mkdir ${APACHE_CRON_DIR} -p |
||||
touch ${APACHE_CRON_DIR}/${APACHE_RUN_USER} |
||||
chmod 600 ${APACHE_CRON_DIR}/${APACHE_RUN_USER} |
||||
chown -R ${APACHE_RUN_USER}:crontab ${APACHE_CRON_DIR}/${APACHE_RUN_USER} |
||||
fi |
||||
|
||||
if [ ! -d ${APACHE_CGI_DIR} ]; then |
||||
mkdir ${APACHE_CGI_DIR} -p |
||||
chmod 755 ${APACHE_CGI_DIR} |
||||
chown -R ${APACHE_RUN_USER}:${APACHE_RUN_USER} ${APACHE_CGI_DIR} |
||||
fi |
||||
|
||||
cp ${APACHE_CRON_DIR}/${APACHE_RUN_USER} /var/spool/cron/crontabs/${APACHE_RUN_USER} |
||||
chmod 600 /var/spool/cron/crontabs/${APACHE_RUN_USER} |
||||
chown -R ${APACHE_RUN_USER}:crontab /var/spool/cron/crontabs/${APACHE_RUN_USER} |
||||
|
||||
cat << EOF > /etc/msmtprc |
||||
defaults |
||||
port 25 |
||||
logfile ${APACHE_LOG_DIR}/mail.log |
||||
tls off |
||||
|
||||
account rug |
||||
host smtp.rug.nl |
||||
from no-reply@${APACHE_SERVERNAME} |
||||
auth off |
||||
|
||||
# Set a default account |
||||
account default: rug |
||||
|
||||
aliases /etc/aliases |
||||
EOF |
||||
|
||||
chmod 666 ${APACHE_LOG_DIR}/msmtp.log |
||||
|
||||
|
||||
cat << EOF > /etc/logrotate.d/apache2 |
||||
${APACHE_LOG_DIR}/*.log { |
||||
weekly |
||||
missingok |
||||
rotate 52 |
||||
compress |
||||
delaycompress |
||||
notifempty |
||||
sharedscripts |
||||
create 664 root ${APACHE_RUN_USER} |
||||
postrotate |
||||
/usr/sbin/apachectl graceful > /dev/null 2>/dev/null || true |
||||
endscript |
||||
} |
||||
EOF |
||||
/etc/init.d/cron start |
||||
|
||||
exec "$@" |
Loading…
Reference in new issue