add docker-compose file, .dockerignore rules

.dockerignore

@@ -0,0 +1,10 @@
+hoaxy_botometer_flowchart.png
+*.pdf
+*.doc
+*.txt
+.git
+.git/
+.git/*
+.git/**
+docker-compose.*
+config.example.js

docker-compose.yml

@@ -0,0 +1,16 @@
+---
+services:
+  php:
+    image: php:7.2-fpm-alpine3.8
+    volumes:
+    - ./code:/code
+
+  web:
+    image: nginx:1-alpine
+    ports:
+      - "8080:80"
+    links:
+      - php
+    volumes:
+      - ./code:/code
+      - ./nginx.conf:/etc/nginx/conf.d/default.conf

nginx.conf

@@ -0,0 +1,63 @@
+server {
+    listen      80 default_server;
+    server_name _;
+    index index.php index.html;
+    root /code/;
+
+    error_log  /var/log/nginx/error.log;
+    access_log /var/log/nginx/access.log;
+
+    # Hide Nginx Server Version
+    server_tokens off;
+
+    # Size Limits & Buffer Overflows
+    client_body_buffer_size  100K;
+    client_header_buffer_size 1k;
+    client_max_body_size 100k;
+    large_client_header_buffers 2 1k;
+
+    # Allow a larger response buffer
+    subrequest_output_buffer_size 100k;
+
+    # X-Frame-Options is to prevent from clickJacking attack
+    add_header X-Frame-Options "SAMEORIGIN";
+
+    # Disable content-type sniffing on some browsers.
+    add_header X-Content-Type-Options "nosniff";
+
+    # This header enables the Cross-site scripting (XSS) filter
+    add_header X-XSS-Protection "1; mode=block";
+
+    # This will enforce HTTP browsing into HTTPS and avoid ssl stripping attack
+    add_header Strict-Transport-Security "max-age=31536000; includeSubdomains;";
+
+    # Limit HTTP methods
+    if ($request_method !~ ^(GET|HEAD|POST)$ ) {
+        return 405;
+    }
+
+    # Deny access to (dot) hidden files
+    location ~ /\. {
+        access_log off;
+        log_not_found off;
+        deny all;
+    }
+
+    # Serve static assets
+    location ~* \.(jpg|jpeg|gif|png|css|js|ico|xml)$ {
+        access_log        off;
+        log_not_found     off;
+        expires           7d;
+    }
+
+    # Handle PHP reverse proxy
+    location ~ \.php$ {
+        try_files $uri =404;
+        fastcgi_split_path_info ^(.+\.php)(/.+)$;
+        fastcgi_pass php:9000;
+        fastcgi_index index.php;
+        include fastcgi_params;
+        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
+        fastcgi_param PATH_INFO $fastcgi_path_info;
+    }
+}

php.ini

@@ -0,0 +1,4 @@
+# TODO: Add hardened php configs
+# https://www.owasp.org/index.php/PHP_Configuration_Cheat_Sheet
+# https://gist.github.com/yohang88/bab3c43eb2f4414eafd0cb145548651d
+# https://www.if-not-true-then-false.com/2011/nginx-and-php-fpm-configuration-and-optimizing-tips-and-tricks/