From aa5ed6c6fd6e974fb573228f234b13ee288ffe59 Mon Sep 17 00:00:00 2001 From: Siddharth Kannan Date: Fri, 27 Oct 2017 11:53:05 +0530 Subject: [PATCH 1/9] create a new static volume for peqp --- docker-compose.override.yml | 2 ++ nginx/Dockerfile | 1 + nginx/metakgp.org | 4 --- nginx/static | 60 +++++++++++++++++++++++++++++++++++++ 4 files changed, 63 insertions(+), 4 deletions(-) create mode 100644 nginx/static diff --git a/docker-compose.override.yml b/docker-compose.override.yml index d65ff86..cc81009 100644 --- a/docker-compose.override.yml +++ b/docker-compose.override.yml @@ -7,6 +7,7 @@ services: nginx: volumes: - mediawiki-volume:/srv/mediawiki + - static-volume:/srv/static ports: - "${SERVER_PORT:-8080}:80" php: @@ -19,3 +20,4 @@ services: volumes: mediawiki-volume: db-volume: + static-volume: diff --git a/nginx/Dockerfile b/nginx/Dockerfile index dd627ac..6fc3a3e 100644 --- a/nginx/Dockerfile +++ b/nginx/Dockerfile @@ -1,4 +1,5 @@ FROM nginx:mainline COPY metakgp.org /etc/nginx/sites-enabled/ +COPY static /etc/nginx/sites-enabled/ COPY nginx.conf /etc/nginx/ RUN rm /etc/nginx/conf.d/default.conf diff --git a/nginx/metakgp.org b/nginx/metakgp.org index 3544e44..2c2dd9d 100644 --- a/nginx/metakgp.org +++ b/nginx/metakgp.org @@ -41,10 +41,6 @@ server { } } - location /peqp { - try_files $uri $uri/ =404; - } - location ~ ^/google557cb96b33ddc6b5\.html$ {} location /images { diff --git a/nginx/static b/nginx/static new file mode 100644 index 0000000..56b77bd --- /dev/null +++ b/nginx/static @@ -0,0 +1,60 @@ +# You may add here your +# server { +# ... +# } +# statements for each of your virtual hosts to this file + +## +# You should look at the following URL's in order to grasp a solid understanding +# of Nginx configuration files in order to fully unleash the power of Nginx. +# http://wiki.nginx.org/Pitfalls +# http://wiki.nginx.org/QuickStart +# http://wiki.nginx.org/Configuration +# +# Generally, you will want to move this file somewhere, and start with a clean +# file but keep this around for reference. Or just disable in sites-enabled. +# +# Please see /usr/share/doc/nginx-doc/examples/ for more detailed examples. +## + +server { + # listen 8080 default_server; + listen 80 default_server; + # listen [::]:80 default_server ipv6only=on; + + root /srv/static; + # index index.php index.html; + # autoindex off; + + # Make site accessible from everywhere + server_name _; + + # Location for the wiki's root + + location /peqp { + try_files $uri $uri/ =404; + } + + # Cloudflare masks real IPs + set_real_ip_from 199.27.128.0/21; + set_real_ip_from 173.245.48.0/20; + set_real_ip_from 103.21.244.0/22; + set_real_ip_from 103.22.200.0/22; + set_real_ip_from 103.31.4.0/22; + set_real_ip_from 141.101.64.0/18; + set_real_ip_from 108.162.192.0/18; + set_real_ip_from 190.93.240.0/20; + set_real_ip_from 188.114.96.0/20; + set_real_ip_from 197.234.240.0/22; + set_real_ip_from 198.41.128.0/17; + set_real_ip_from 162.158.0.0/15; + set_real_ip_from 104.16.0.0/12; + set_real_ip_from 172.64.0.0/13; + set_real_ip_from 2400:cb00::/32; + set_real_ip_from 2606:4700::/32; + set_real_ip_from 2803:f800::/32; + set_real_ip_from 2405:b500::/32; + set_real_ip_from 2405:8100::/32; + set_real_ip_from 127.0.0.1/32; + real_ip_header CF-Connecting-IP; +} From 73256ed679b4957caed9b63a96f42d50ea4b4499 Mon Sep 17 00:00:00 2001 From: Siddharth Kannan Date: Fri, 27 Oct 2017 18:32:26 +0530 Subject: [PATCH 2/9] remove default_server from nginx/static --- nginx/static | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/nginx/static b/nginx/static index 56b77bd..31c5de2 100644 --- a/nginx/static +++ b/nginx/static @@ -19,7 +19,7 @@ server { # listen 8080 default_server; - listen 80 default_server; + listen 80; # listen [::]:80 default_server ipv6only=on; root /srv/static; From a6d8da920b2c2354ff8e000832d77b8ee21297c7 Mon Sep 17 00:00:00 2001 From: Siddharth Kannan Date: Sat, 28 Oct 2017 00:37:14 +0530 Subject: [PATCH 3/9] add a script to restore peqp from backup --- scripts/restore-peqp-to-static.sh | 7 +++++++ 1 file changed, 7 insertions(+) create mode 100755 scripts/restore-peqp-to-static.sh diff --git a/scripts/restore-peqp-to-static.sh b/scripts/restore-peqp-to-static.sh new file mode 100755 index 0000000..b13499c --- /dev/null +++ b/scripts/restore-peqp-to-static.sh @@ -0,0 +1,7 @@ +#!/usr/bin/env bash + +set -xe + +source .env +NGINX_CONTAINER=$(docker ps --format '{{ .Names }}' | grep nginx) +docker cp $1/. $NGINX_CONTAINER:/srv/static From 39fa161ada52c44fe73bc4c02ca618c0b52357a4 Mon Sep 17 00:00:00 2001 From: Siddharth Kannan Date: Sat, 28 Oct 2017 00:41:04 +0530 Subject: [PATCH 4/9] serve everything from static folder for this server_name --- nginx/static | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/nginx/static b/nginx/static index 31c5de2..7f0889e 100644 --- a/nginx/static +++ b/nginx/static @@ -27,11 +27,11 @@ server { # autoindex off; # Make site accessible from everywhere - server_name _; + server_name static.metakgp.org; # Location for the wiki's root - location /peqp { + location / { try_files $uri $uri/ =404; } From 788e4c3d96b9d66efb6739afa27c3323d5b3fd1e Mon Sep 17 00:00:00 2001 From: Siddharth Kannan Date: Sat, 28 Oct 2017 01:49:06 +0530 Subject: [PATCH 5/9] serve wiki only for one server_name --- nginx/metakgp.org | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/nginx/metakgp.org b/nginx/metakgp.org index 2c2dd9d..1b640db 100644 --- a/nginx/metakgp.org +++ b/nginx/metakgp.org @@ -27,7 +27,7 @@ server { autoindex off; # Make site accessible from everywhere - server_name _; + server_name wiki.metakgp.org; # Location for the wiki's root location / { From d4f7e5e64bdd68a1cdfa06ef14eca327ceedcc51 Mon Sep 17 00:00:00 2001 From: Siddharth Kannan Date: Sun, 29 Oct 2017 18:55:46 +0530 Subject: [PATCH 6/9] rename conf files appropriately --- nginx/Dockerfile | 4 ++-- nginx/{static => static.metakgp.org} | 0 nginx/{metakgp.org => wiki.metakgp.org} | 0 3 files changed, 2 insertions(+), 2 deletions(-) rename nginx/{static => static.metakgp.org} (100%) rename nginx/{metakgp.org => wiki.metakgp.org} (100%) diff --git a/nginx/Dockerfile b/nginx/Dockerfile index 6fc3a3e..ea142d8 100644 --- a/nginx/Dockerfile +++ b/nginx/Dockerfile @@ -1,5 +1,5 @@ FROM nginx:mainline -COPY metakgp.org /etc/nginx/sites-enabled/ -COPY static /etc/nginx/sites-enabled/ +COPY wiki.metakgp.org /etc/nginx/sites-enabled/ +COPY static.metakgp.org /etc/nginx/sites-enabled/ COPY nginx.conf /etc/nginx/ RUN rm /etc/nginx/conf.d/default.conf diff --git a/nginx/static b/nginx/static.metakgp.org similarity index 100% rename from nginx/static rename to nginx/static.metakgp.org diff --git a/nginx/metakgp.org b/nginx/wiki.metakgp.org similarity index 100% rename from nginx/metakgp.org rename to nginx/wiki.metakgp.org From 4712a97f5d15da7cb0659b7bc1bd11250f370c05 Mon Sep 17 00:00:00 2001 From: Siddharth Kannan Date: Sun, 29 Oct 2017 18:57:00 +0530 Subject: [PATCH 7/9] move definition of static-volume to prod override --- docker-compose.override.yml | 2 -- docker-compose.prod.yml | 4 ++++ 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/docker-compose.override.yml b/docker-compose.override.yml index cc81009..d65ff86 100644 --- a/docker-compose.override.yml +++ b/docker-compose.override.yml @@ -7,7 +7,6 @@ services: nginx: volumes: - mediawiki-volume:/srv/mediawiki - - static-volume:/srv/static ports: - "${SERVER_PORT:-8080}:80" php: @@ -20,4 +19,3 @@ services: volumes: mediawiki-volume: db-volume: - static-volume: diff --git a/docker-compose.prod.yml b/docker-compose.prod.yml index f5af793..c5d9556 100644 --- a/docker-compose.prod.yml +++ b/docker-compose.prod.yml @@ -1,6 +1,9 @@ version: '2.1' services: + nginx: + volumes: + - static-volume:/srv/static backup: build: './backup' links: @@ -18,3 +21,4 @@ services: volumes: mediawiki-volume: + static-volume: From aae29aab8595882a01bc87c7d78955806afda18b Mon Sep 17 00:00:00 2001 From: Siddharth Kannan Date: Sun, 29 Oct 2017 18:57:38 +0530 Subject: [PATCH 8/9] remove boilerplate from nginx conf files --- nginx/static.metakgp.org | 19 ------------- nginx/wiki.metakgp.org | 58 ---------------------------------------- 2 files changed, 77 deletions(-) diff --git a/nginx/static.metakgp.org b/nginx/static.metakgp.org index 7f0889e..20ebb7f 100644 --- a/nginx/static.metakgp.org +++ b/nginx/static.metakgp.org @@ -1,22 +1,3 @@ -# You may add here your -# server { -# ... -# } -# statements for each of your virtual hosts to this file - -## -# You should look at the following URL's in order to grasp a solid understanding -# of Nginx configuration files in order to fully unleash the power of Nginx. -# http://wiki.nginx.org/Pitfalls -# http://wiki.nginx.org/QuickStart -# http://wiki.nginx.org/Configuration -# -# Generally, you will want to move this file somewhere, and start with a clean -# file but keep this around for reference. Or just disable in sites-enabled. -# -# Please see /usr/share/doc/nginx-doc/examples/ for more detailed examples. -## - server { # listen 8080 default_server; listen 80; diff --git a/nginx/wiki.metakgp.org b/nginx/wiki.metakgp.org index 1b640db..bd84b96 100644 --- a/nginx/wiki.metakgp.org +++ b/nginx/wiki.metakgp.org @@ -1,22 +1,3 @@ -# You may add here your -# server { -# ... -# } -# statements for each of your virtual hosts to this file - -## -# You should look at the following URL's in order to grasp a solid understanding -# of Nginx configuration files in order to fully unleash the power of Nginx. -# http://wiki.nginx.org/Pitfalls -# http://wiki.nginx.org/QuickStart -# http://wiki.nginx.org/Configuration -# -# Generally, you will want to move this file somewhere, and start with a clean -# file but keep this around for reference. Or just disable in sites-enabled. -# -# Please see /usr/share/doc/nginx-doc/examples/ for more detailed examples. -## - server { # listen 8080 default_server; listen 80 default_server; @@ -156,42 +137,3 @@ server { set_real_ip_from 127.0.0.1/32; real_ip_header CF-Connecting-IP; } - -# another virtual host using mix of IP-, name-, and port-based configuration -# -#server { -# listen 8000; -# listen somename:8080; -# server_name somename alias another.alias; -# root html; -# index index.html index.htm; -# -# location / { -# try_files $uri $uri/ =404; -# } -#} - - -# HTTPS server -# -#server { -# listen 443; -# server_name localhost; -# -# root html; -# index index.html index.htm; -# -# ssl on; -# ssl_certificate cert.pem; -# ssl_certificate_key cert.key; -# -# ssl_session_timeout 5m; -# -# ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2; -# ssl_ciphers "HIGH:!aNULL:!MD5 or HIGH:!aNULL:!MD5:!3DES"; -# ssl_prefer_server_ciphers on; -# -# location / { -# try_files $uri $uri/ =404; -# } -#} From 392baecd0c53c25dcb86b912a77ef6e94087cc05 Mon Sep 17 00:00:00 2001 From: Siddharth Kannan Date: Sun, 29 Oct 2017 18:58:03 +0530 Subject: [PATCH 9/9] Turn autoindex off https://nginx.org/en/docs/http/ngx_http_autoindex_module.html#autoindex --- nginx/static.metakgp.org | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/nginx/static.metakgp.org b/nginx/static.metakgp.org index 20ebb7f..30fb5da 100644 --- a/nginx/static.metakgp.org +++ b/nginx/static.metakgp.org @@ -4,8 +4,7 @@ server { # listen [::]:80 default_server ipv6only=on; root /srv/static; - # index index.php index.html; - # autoindex off; + autoindex off; # Make site accessible from everywhere server_name static.metakgp.org;