examples

Author: Tob1as

examples/fpm-nginx-dhi-k8s/wsc-backup-cronjob.yaml

@@ -1,6 +1,5 @@
 # WSC Backup Cronjob for Database and Files with simple Shell-Script
 #
-# Docker Image: Toolbox from https://github.com/Tob1as/docker-tools
 # Requirements: kubectl, jq, tar, gzip, mariadb-connector-c, mariadb-client (mysql-client)
 #
 # Docs (WSC Backup):
@@ -120,7 +119,8 @@ spec:
             fsGroup: 65534
           containers:
           - name: backup
-            image: docker.io/tobi312/tools:toolbox-extended
+            image: docker.io/tobi312/php:dhi-helper-alpine
+            #image: docker.io/tobi312/tools:toolbox-extended # source: https://github.com/Tob1as/docker-tools
             imagePullPolicy: Always
             command:
             #- /bin/sh

examples/fpm-nginx-dhi/config/nginx_default_withoutTraefik.conf

@@ -0,0 +1,226 @@
+# Server (http)
+server {
+    listen 8080;
+    listen [::]:8080;
+    server_name _;
+    
+    # disable any limits to avoid HTTP 413 for large image uploads
+    client_max_body_size 0;
+    
+    # Error Page
+    location  @error_page {
+        add_header Content-Type text/plain;
+        return 200 'Maintenance mode!';
+    }
+
+    ##############################################
+    # Use this Block for access also over http !
+    ##############################################
+    
+    root /var/www/html;
+    index index.php index.html test.php;
+    
+    location / {
+        #root /var/www/html;
+        #index index.php index.html;
+        
+        try_files $uri $uri/ /index.php?$query_string;
+    }
+    
+    location ~ \.php$ {
+        #root /var/www/html;
+        
+        try_files $uri =404;
+        
+        fastcgi_pass wsc-php:9000;
+        fastcgi_index index.php;
+        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
+        include fastcgi_params;
+        
+        # Error Page (redirect)
+        error_page 502 503 504 = @error_page;
+    }
+
+    ##############################################
+    # Use this Block for redirect to https !
+    ##############################################
+    
+    #location / {
+    #    return 301 https://$server_name$request_uri;
+    #}
+
+    #location ^~ /.well-known/acme-challenge/ {
+    #  default_type "text/plain";
+    #  root /tmp/letsencrypt-webroot;
+    #}
+
+    ##############################################
+    # --------------------------------------------
+    ##############################################
+    
+    # nginx status
+    location = /nginx_status {
+        stub_status on;
+        access_log off;
+        allow 127.0.0.1;
+        allow 10.0.0.0/8;
+        allow 172.16.0.0/12;
+        allow 192.168.0.0/16;
+        allow ::1;
+        allow fd00::/8;
+        deny all;
+    }
+
+    # nginx ping
+    location = /nginx_ping {
+        add_header Content-Type text/plain;
+        return 200 'pong';
+        access_log off;
+        allow 127.0.0.1;
+        allow 10.0.0.0/8;
+        allow 172.16.0.0/12;
+        allow 192.168.0.0/16;
+        allow ::1;
+        allow fd00::/8;
+        deny all;
+    }
+    
+    # php-fpm status/ping
+    location ~ ^/(php_fpm_status|php_fpm_ping)$ {
+        fastcgi_pass wsc-php:9001;
+        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
+        include fastcgi_params;
+        access_log off;
+        allow 127.0.0.1;
+        allow 10.0.0.0/8;
+        allow 172.16.0.0/12;
+        allow 192.168.0.0/16;
+        allow ::1;
+        allow fd00::/8;
+        deny all;
+        
+        # Error Page (redirect)
+        error_page 502 503 504 = @error_page;
+    }
+    
+    location ~ /\.ht {
+        deny all;
+    }
+    #location = /favicon.ico { log_not_found off; access_log off; }
+    #location = /robots.txt { log_not_found off; access_log off; }
+}
+
+# Server (https)
+server {
+    # TCP (HTTPS)
+    listen 8443 ssl reuseport;
+    listen [::]:8443 ssl reuseport;
+    http2 on;
+
+    # UDP (QUIC / HTTP/3)
+    listen 8443 quic reuseport;
+    listen [::]:8443 quic reuseport;
+    http3 on;
+
+    # Advertise HTTP/3 availability
+    add_header Alt-Svc 'h3=":443"; ma=86400';
+    #add_header Alt-Svc 'h3=":443"; ma=86400' always;
+
+    server_name _;
+
+    # # https://raymii.org/s/tutorials/Strong_SSL_Security_On_nginx.html 
+    ssl_certificate     /ssl/ssl.crt;
+    ssl_certificate_key /ssl/ssl.key;
+    ssl_prefer_server_ciphers on;
+    ssl_session_cache shared:SSL:10m;
+    ssl_session_timeout 10m;
+    ssl_protocols TLSv1.2 TLSv1.3;
+    ssl_ciphers ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384;
+    # openssl dhparam -out dhparam.pem 4096
+    #ssl_dhparam /ssl/dhparam.pem;
+    #ssl_ecdh_curve secp384r1
+    
+    # disable any limits to avoid HTTP 413 for large image uploads
+    client_max_body_size 0;
+    
+    # Error Page
+    location  @error_page {
+        add_header Content-Type text/plain;
+        return 200 'Maintenance mode!';
+    }
+    
+    root /var/www/html;
+    index index.php index.html test.php;
+    
+    location / {
+        #root /var/www/html;
+        #index index.php index.html;
+        
+        try_files $uri $uri/ /index.php?$query_string;
+    }
+    
+    location ~ \.php$ {
+        #root /var/www/html;
+        
+        try_files $uri =404;
+        
+        fastcgi_pass wsc-php:9000;
+        fastcgi_index index.php;
+        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
+        include fastcgi_params;
+        
+        # Error Page (redirect)
+        error_page 502 503 504 = @error_page;
+    }
+    
+    # nginx status
+    location = /nginx_status {
+        stub_status on;
+        access_log off;
+        allow 127.0.0.1;
+        allow 10.0.0.0/8;
+        allow 172.16.0.0/12;
+        allow 192.168.0.0/16;
+        allow ::1;
+        allow fd00::/8;
+        deny all;
+    }
+
+    # nginx ping
+    location = /nginx_ping {
+        add_header Content-Type text/plain;
+        return 200 'pong';
+        access_log off;
+        allow 127.0.0.1;
+        allow 10.0.0.0/8;
+        allow 172.16.0.0/12;
+        allow 192.168.0.0/16;
+        allow ::1;
+        allow fd00::/8;
+        deny all;
+    }
+    
+    # php-fpm status/ping
+    location ~ ^/(php_fpm_status|php_fpm_ping)$ {
+        fastcgi_pass wsc-php:9001;
+        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
+        include fastcgi_params;
+        access_log off;
+        allow 127.0.0.1;
+        allow 10.0.0.0/8;
+        allow 172.16.0.0/12;
+        allow 192.168.0.0/16;
+        allow ::1;
+        allow fd00::/8;
+        deny all;
+        
+        # Error Page (redirect)
+        error_page 502 503 504 = @error_page;
+    }
+    
+    location ~ /\.ht {
+        deny all;
+    }
+    #location = /favicon.ico { log_not_found off; access_log off; }
+    #location = /robots.txt { log_not_found off; access_log off; }
+}

examples/fpm-nginx-dhi/docker-compose.yml

@@ -26,9 +26,14 @@ services:
     restart: unless-stopped
     #ports:
     #  - 80:8080/tcp
+    #  - 443:8443/tcp
+    #  - 443:8443/udp
     volumes:
       - ./html:/var/www/html:rw
       - ./config/nginx_default.conf:/etc/nginx/conf.d/default.conf:ro
+      # Without Traefik:
+      #- ./config/nginx_default_withoutTraefik.conf:/etc/nginx/conf.d/default.conf:ro
+      #- ./ssl-certs:/ssl:ro
     depends_on:
       wsc-php:
         condition: service_started