diff --git a/docker-grav-nginx/Dockerfile b/docker-grav-nginx/Dockerfile new file mode 100644 index 0000000..ac49a6a --- /dev/null +++ b/docker-grav-nginx/Dockerfile @@ -0,0 +1,61 @@ +FROM nginx:latest +LABEL maintainer="gushmazuko " +LABEL description="Docker Image for Grav based on nginx & php" + +# Install dependencies +RUN apt update && apt install -y --no-install-recommends \ + vim\ + zip \ + unzip \ + git \ + php-fpm \ + php-cli \ + php-gd \ + php-curl \ + php-mbstring \ + php-xml \ + php-zip \ + php-apcu \ + cron + +# Configure PHP FPM +# https://learn.getgrav.org/17/webservers-hosting/vps/digitalocean#configure-php7-2-fpm +RUN sed -i "s/.*cgi.fix_pathinfo=1/cgi.fix_pathinfo=0/g" /etc/php/7.*/fpm/php.ini + +# Set user to www-data +RUN chown www-data:www-data /usr/share/nginx +RUN rm -rf /usr/share/nginx/html +USER www-data + +# Define a specific version of Grav or use latest stable +ENV GRAV_VERSION latest + +# Install grav +WORKDIR /usr/share/nginx +RUN curl -o grav-admin.zip -SL https://getgrav.org/download/core/grav-admin/${GRAV_VERSION} && \ + unzip grav-admin.zip && \ + mv -T /usr/share/nginx/grav-admin /usr/share/nginx/html && \ + rm grav-admin.zip + +# Create cron job for Grav maintenance scripts +# https://learn.getgrav.org/17/advanced/scheduler +RUN (crontab -l; echo "* * * * * cd /usr/share/nginx/html;/usr/bin/php bin/grav scheduler 1>> /dev/null 2>&1") | crontab - + +# Return to root user +USER root + +# Add nginx to www-data group +RUN usermod -aG www-data nginx + +# Replace dafault config files by provided by Grav +# https://learn.getgrav.org/17/webservers-hosting/vps/digitalocean#configure-nginx-connection-pool +RUN rm /etc/php/7.3/fpm/pool.d/www.conf +RUN rm /etc/nginx/conf.d/default.conf +COPY ./conf/php/grav.conf /etc/php/7.3/fpm/pool.d/ +COPY ./conf/nginx/grav.conf /etc/nginx/conf.d/ + +# Provide container inside image for data persistence +VOLUME ["/usr/share/nginx/html"] + +# Run startup script +CMD bash -c "service php7.3-fpm start && nginx -g 'daemon off;'" diff --git a/docker-grav-nginx/conf/nginx/grav.conf b/docker-grav-nginx/conf/nginx/grav.conf new file mode 100644 index 0000000..c120982 --- /dev/null +++ b/docker-grav-nginx/conf/nginx/grav.conf @@ -0,0 +1,43 @@ +server { + listen 80; + index index.html index.php; + + ## Begin - Server Info + root /usr/share/nginx/html; + server_name gravsite; + ## End - Server Info + + ## Begin - Index + # for subfolders, simply adjust: + # `location /subfolder {` + # and the rewrite to use `/subfolder/index.php` + location / { + try_files $uri $uri/ /index.php?$query_string; + } + ## End - Index + + ## Begin - Security + # deny all direct access for these folders + location ~* /(\.git|cache|bin|logs|backup|tests)/.*$ { return 403; } + # deny running scripts inside core system folders + location ~* /(system|vendor)/.*\.(txt|xml|md|html|yaml|yml|php|pl|py|cgi|twig|sh|bat)$ { return 403; } + # deny running scripts inside user folder + location ~* /user/.*\.(txt|md|yaml|yml|php|pl|py|cgi|twig|sh|bat)$ { return 403; } + # deny access to specific files in the root folder + location ~ /(LICENSE\.txt|composer\.lock|composer\.json|nginx\.conf|web\.config|htaccess\.txt|\.htaccess) { return 403; } + ## End - Security + + ## Begin - PHP + location ~ \.php$ { + # Choose either a socket or TCP/IP address + fastcgi_pass unix:/var/run/php/php7.3-fpm.sock; + # fastcgi_pass unix:/var/run/php5-fpm.sock; #legacy + # fastcgi_pass 127.0.0.1:9000; + + fastcgi_split_path_info ^(.+\.php)(/.+)$; + fastcgi_index index.php; + include fastcgi_params; + fastcgi_param SCRIPT_FILENAME $document_root/$fastcgi_script_name; + } + ## End - PHP +} diff --git a/docker-grav-nginx/conf/php/grav.conf b/docker-grav-nginx/conf/php/grav.conf new file mode 100644 index 0000000..5f333de --- /dev/null +++ b/docker-grav-nginx/conf/php/grav.conf @@ -0,0 +1,17 @@ +[grav] + +user = www-data +group = www-data + +listen = /var/run/php/php7.3-fpm.sock + +listen.owner = www-data +listen.group = www-data + +pm = dynamic +pm.max_children = 5 +pm.start_servers = 2 +pm.min_spare_servers = 1 +pm.max_spare_servers = 3 + +chdir = /