Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
28 changed files
with
686 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,3 @@ | ||
.DS_Store | ||
vendor/ | ||
composer.lock |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,19 @@ | ||
{ | ||
"name": "fideloper/vessel", | ||
"description": "Simple Docker dev environment", | ||
"license": "MIT", | ||
"authors": [ | ||
{ | ||
"name": "fideloper", | ||
"email": "fideloper@gmail.com" | ||
} | ||
], | ||
"require": {}, | ||
"extra": { | ||
"laravel": { | ||
"providers": [ | ||
"Fideloper\\Vessel\\VesselServiceProvider" | ||
] | ||
} | ||
}, | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,54 @@ | ||
version: '2' | ||
services: | ||
app: | ||
build: | ||
context: ./docker/app | ||
dockerfile: Dockerfile | ||
image: vessel/app | ||
ports: | ||
- "${APP_PORT}:80" | ||
environment: | ||
CONTAINER_ENV: "${APP_ENV}" | ||
XDEBUG_HOST: ${XDEBUG_HOST} | ||
volumes: | ||
- .:/var/www/html | ||
networks: | ||
- vessel | ||
node: | ||
build: | ||
context: ./docker/node | ||
dockerfile: Dockerfile | ||
image: vessel/node | ||
volumes: | ||
- .:/var/www/html | ||
networks: | ||
- vessel | ||
mysql: | ||
image: mysql:5.7 | ||
ports: | ||
- "${DB_PORT}:3306" | ||
environment: | ||
MYSQL_ROOT_PASSWORD: "${DB_PASSWORD}" | ||
MYSQL_DATABASE: "${DB_DATABASE}" | ||
MYSQL_USER: "${DB_USERNAME}" | ||
MYSQL_PASSWORD: "${DB_PASSWORD}" | ||
volumes: | ||
- mysqldata:/var/lib/mysql | ||
# - ./docker/mysql/conf.d:/etc/mysql/conf.d | ||
# - ./docker/mysql/logs:/var/log/mysql | ||
networks: | ||
- vessel | ||
redis: | ||
image: redis:alpine | ||
volumes: | ||
- redisdata:/data | ||
networks: | ||
- vessel | ||
networks: | ||
vessel: | ||
driver: "bridge" | ||
volumes: | ||
mysqldata: | ||
driver: "local" | ||
redisdata: | ||
driver: "local" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,37 @@ | ||
FROM ubuntu:16.04 | ||
|
||
MAINTAINER Chris Fidao | ||
|
||
RUN echo "deb http://ppa.launchpad.net/ondrej/php/ubuntu xenial main" > /etc/apt/sources.list.d/ppa_ondrej_php.list \ | ||
&& echo "deb http://ppa.launchpad.net/nginx/development/ubuntu xenial main" > /etc/apt/sources.list.d/ppa_nginx_mainline.list \ | ||
&& apt-key adv --keyserver keyserver.ubuntu.com --recv-keys E5267A6C \ | ||
&& apt-key adv --keyserver keyserver.ubuntu.com --recv-keys C300EE8C \ | ||
&& apt-get update \ | ||
&& apt-get install -y curl zip unzip git supervisor sqlite3 \ | ||
&& apt-get install -y nginx php7.1-fpm php7.1-cli php7.1-mcrypt php7.1-gd php7.1-mysql \ | ||
php7.1-pgsql php7.1-imap php-memcached php7.1-mbstring php7.1-xml php7.1-curl \ | ||
php7.1-imagick php7.1-zip php7.1-bcmath php7.1-sqlite3 php7.1-xdebug \ | ||
&& php -r "readfile('http://getcomposer.org/installer');" | php -- --install-dir=/usr/bin/ --filename=composer \ | ||
&& mkdir /run/php \ | ||
&& apt-get -y autoremove \ | ||
&& apt-get clean \ | ||
&& rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* \ | ||
&& echo "daemon off;" >> /etc/nginx/nginx.conf | ||
|
||
RUN ln -sf /dev/stdout /var/log/nginx/access.log \ | ||
&& ln -sf /dev/stderr /var/log/nginx/error.log | ||
|
||
COPY h5bp /etc/nginx/h5bp | ||
COPY default /etc/nginx/sites-available/default | ||
COPY php-fpm.conf /etc/php/7.1/fpm/php-fpm.conf | ||
COPY xdebug.ini /etc/php/7.1/mods-available/xdebug.ini | ||
|
||
EXPOSE 80 | ||
|
||
COPY supervisord.conf /etc/supervisor/conf.d/supervisord.conf | ||
COPY start-container /usr/local/bin/start-container | ||
RUN chmod +x usr/local/bin/start-container | ||
|
||
ENTRYPOINT ["start-container"] | ||
|
||
RUN chown -R www-data: /var/www/html |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,32 @@ | ||
server { | ||
listen 80 default_server; | ||
|
||
root /var/www/html/public; | ||
|
||
index index.html index.htm index.php; | ||
|
||
server_name _; | ||
|
||
charset utf-8; | ||
|
||
location = /favicon.ico { log_not_found off; access_log off; } | ||
location = /robots.txt { log_not_found off; access_log off; } | ||
|
||
include h5bp/basic.conf; | ||
|
||
location / { | ||
try_files $uri $uri/ /index.php$is_args$args; | ||
} | ||
|
||
location ~ \.php$ { | ||
add_header X-Served-By Vessel; | ||
include snippets/fastcgi-php.conf; | ||
fastcgi_pass unix:/run/php/php7.1-fpm.sock; | ||
} | ||
|
||
error_page 404 /index.php; | ||
|
||
location ~ /\.ht { | ||
deny all; | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,7 @@ | ||
Component-config files | ||
---------------------- | ||
|
||
Each of these files is intended to be included in a server block. Not all of | ||
the files here are used - they are available to be included as required. The | ||
`basic.conf` file includes the rules which are recommended to always be | ||
defined. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,6 @@ | ||
# Basic h5bp rules | ||
|
||
include h5bp/directive-only/x-ua-compatible.conf; | ||
include h5bp/location/expires.conf; | ||
include h5bp/location/cross-domain-fonts.conf; | ||
include h5bp/location/protect-system-files.conf; |
19 changes: 19 additions & 0 deletions
19
docker-files/docker/app/h5bp/directive-only/cache-file-descriptors.conf
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,19 @@ | ||
# This tells Nginx to cache open file handles, "not found" errors, metadata about files and their permissions, etc. | ||
# | ||
# The upside of this is that Nginx can immediately begin sending data when a popular file is requested, | ||
# and will also know to immediately send a 404 if a file is missing on disk, and so on. | ||
# | ||
# However, it also means that the server won't react immediately to changes on disk, which may be undesirable. | ||
# | ||
# In the below configuration, inactive files are released from the cache after 20 seconds, whereas | ||
# active (recently requested) files are re-validated every 30 seconds. | ||
# | ||
# Descriptors will not be cached unless they are used at least 2 times within 20 seconds (the inactive time). | ||
# | ||
# A maximum of the 1000 most recently used file descriptors can be cached at any time. | ||
# | ||
# Production servers with stable file collections will definitely want to enable the cache. | ||
open_file_cache max=1000 inactive=20s; | ||
open_file_cache_valid 30s; | ||
open_file_cache_min_uses 2; | ||
open_file_cache_errors on; |
14 changes: 14 additions & 0 deletions
14
docker-files/docker/app/h5bp/directive-only/cross-domain-insecure.conf
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,14 @@ | ||
# Cross domain AJAX requests | ||
|
||
# http://www.w3.org/TR/cors/#access-control-allow-origin-response-header | ||
|
||
# **Security Warning** | ||
# Do not use this without understanding the consequences. | ||
# This will permit access from any other website. | ||
# | ||
add_header "Access-Control-Allow-Origin" "*"; | ||
|
||
# Instead of using this file, consider using a specific rule such as: | ||
# | ||
# Allow access based on [sub]domain: | ||
# add_header "Access-Control-Allow-Origin" "subdomain.example.com"; |
17 changes: 17 additions & 0 deletions
17
docker-files/docker/app/h5bp/directive-only/extra-security.conf
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,17 @@ | ||
# The X-Frame-Options header indicates whether a browser should be allowed | ||
# to render a page within a frame or iframe. | ||
add_header X-Frame-Options SAMEORIGIN always; | ||
|
||
# MIME type sniffing security protection | ||
# There are very few edge cases where you wouldn't want this enabled. | ||
add_header X-Content-Type-Options nosniff always; | ||
|
||
# The X-XSS-Protection header is used by Internet Explorer version 8+ | ||
# The header instructs IE to enable its inbuilt anti-cross-site scripting filter. | ||
add_header X-XSS-Protection "1; mode=block" always; | ||
|
||
# with Content Security Policy (CSP) enabled (and a browser that supports it (http://caniuse.com/#feat=contentsecuritypolicy), | ||
# you can tell the browser that it can only download content from the domains you explicitly allow | ||
# CSP can be quite difficult to configure, and cause real issues if you get it wrong | ||
# There is website that helps you generate a policy here http://cspisawesome.com/ | ||
# add_header Content-Security-Policy "default-src 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' https://www.google-analytics.com;" always; |
11 changes: 11 additions & 0 deletions
11
docker-files/docker/app/h5bp/directive-only/no-transform.conf
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,11 @@ | ||
# Prevent mobile network providers from modifying your site | ||
# | ||
# (!) If you are using `ngx_pagespeed`, please note that setting | ||
# the `Cache-Control: no-transform` response header will prevent | ||
# `PageSpeed` from rewriting `HTML` files, and, if | ||
# `pagespeed DisableRewriteOnNoTransform off` is not used, also | ||
# from rewriting other resources. | ||
# | ||
# https://developers.google.com/speed/pagespeed/module/configuration#notransform | ||
|
||
add_header "Cache-Control" "no-transform"; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,11 @@ | ||
# Nginx's spdy module is compiled by default from 1.6 | ||
# SPDY only works on HTTPS connections | ||
|
||
# Inform browser of SPDY availability | ||
add_header Alternate-Protocol 443:npn-spdy/3; | ||
|
||
# Adjust connection keepalive for SPDY clients: | ||
spdy_keepalive_timeout 300s; # up from 180 secs default | ||
|
||
# enable SPDY header compression | ||
spdy_headers_comp 6; |
9 changes: 9 additions & 0 deletions
9
docker-files/docker/app/h5bp/directive-only/ssl-stapling.conf
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,9 @@ | ||
# OCSP stapling... | ||
ssl_stapling on; | ||
ssl_stapling_verify on; | ||
|
||
#trusted cert must be made up of your intermediate certificate followed by root certificate | ||
#ssl_trusted_certificate /path/to/ca.crt; | ||
|
||
resolver 8.8.8.8 8.8.4.4 216.146.35.35 216.146.36.36 valid=60s; | ||
resolver_timeout 2s; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,47 @@ | ||
# Protect against the BEAST and POODLE attacks by not using SSLv3 at all. If you need to support older browsers (IE6) you may need to add | ||
# SSLv3 to the list of protocols below. | ||
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; | ||
|
||
# Ciphers set to best allow protection from Beast, while providing forwarding secrecy, as defined by Mozilla (Intermediate Set) - https://wiki.mozilla.org/Security/Server_Side_TLS#Nginx | ||
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:ECDHE-RSA-DES-CBC3-SHA:ECDHE-ECDSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA; | ||
ssl_prefer_server_ciphers on; | ||
|
||
# Optimize SSL by caching session parameters for 10 minutes. This cuts down on the number of expensive SSL handshakes. | ||
# The handshake is the most CPU-intensive operation, and by default it is re-negotiated on every new/parallel connection. | ||
# By enabling a cache (of type "shared between all Nginx workers"), we tell the client to re-use the already negotiated state. | ||
# Further optimization can be achieved by raising keepalive_timeout, but that shouldn't be done unless you serve primarily HTTPS. | ||
ssl_session_cache shared:SSL:10m; # a 1mb cache can hold about 4000 sessions, so we can hold 40000 sessions | ||
ssl_session_timeout 24h; | ||
|
||
# SSL buffer size was added in 1.5.9 | ||
#ssl_buffer_size 1400; # 1400 bytes to fit in one MTU | ||
|
||
# Session tickets appeared in version 1.5.9 | ||
# | ||
# nginx does not auto-rotate session ticket keys: only a HUP / restart will do so and | ||
# when a restart is performed the previous key is lost, which resets all previous | ||
# sessions. The fix for this is to setup a manual rotation mechanism: | ||
# http://trac.nginx.org/nginx/changeset/1356a3b9692441e163b4e78be4e9f5a46c7479e9/nginx | ||
# | ||
# Note that you'll have to define and rotate the keys securely by yourself. In absence | ||
# of such infrastructure, consider turning off session tickets: | ||
#ssl_session_tickets off; | ||
|
||
# Use a higher keepalive timeout to reduce the need for repeated handshakes | ||
keepalive_timeout 300s; # up from 75 secs default | ||
|
||
# HSTS (HTTP Strict Transport Security) | ||
# This header tells browsers to cache the certificate for a year and to connect exclusively via HTTPS. | ||
#add_header Strict-Transport-Security "max-age=31536000;" always; | ||
# This version tells browsers to treat all subdomains the same as this site and to load exclusively over HTTPS | ||
#add_header Strict-Transport-Security "max-age=31536000; includeSubDomains;" always; | ||
# This version tells browsers to treat all subdomains the same as this site and to load exclusively over HTTPS | ||
# Recommend is also to use preload service | ||
#add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload;" always; | ||
|
||
# This default SSL certificate will be served whenever the client lacks support for SNI (Server Name Indication). | ||
# Make it a symlink to the most important certificate you have, so that users of IE 8 and below on WinXP can see your main site without SSL errors. | ||
#ssl_certificate /etc/nginx/default_ssl.crt; | ||
#ssl_certificate_key /etc/nginx/default_ssl.key; | ||
|
||
# Consider using OCSP Stapling as shown in ssl-stapling.conf |
2 changes: 2 additions & 0 deletions
2
docker-files/docker/app/h5bp/directive-only/x-ua-compatible.conf
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,2 @@ | ||
# Force the latest IE version | ||
add_header "X-UA-Compatible" "IE=Edge"; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,10 @@ | ||
# Built-in filename-based cache busting | ||
|
||
# https://github.com/h5bp/html5-boilerplate/blob/5370479476dceae7cc3ea105946536d6bc0ee468/.htaccess#L403 | ||
# This will route all requests for /css/style.20120716.css to /css/style.css | ||
# Read also this: github.com/h5bp/html5-boilerplate/wiki/cachebusting | ||
# This is not included by default, because it'd be better if you use the build | ||
# script to manage the file names. | ||
location ~* (.+)\.(?:\d+)\.(js|css|png|jpg|jpeg|gif)$ { | ||
try_files $uri $1.$2; | ||
} |
13 changes: 13 additions & 0 deletions
13
docker-files/docker/app/h5bp/location/cross-domain-fonts.conf
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,13 @@ | ||
# Cross domain webfont access | ||
location ~* \.(?:ttf|ttc|otf|eot|woff|woff2)$ { | ||
include h5bp/directive-only/cross-domain-insecure.conf; | ||
|
||
# Also, set cache rules for webfonts. | ||
# | ||
# See http://wiki.nginx.org/HttpCoreModule#location | ||
# And https://github.com/h5bp/server-configs/issues/85 | ||
# And https://github.com/h5bp/server-configs/issues/86 | ||
expires 1M; | ||
access_log off; | ||
add_header Cache-Control "public"; | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,39 @@ | ||
# Expire rules for static content | ||
|
||
# No default expire rule. This config mirrors that of apache as outlined in the | ||
# html5-boilerplate .htaccess file. However, nginx applies rules by location, | ||
# the apache rules are defined by type. A consequence of this difference is that | ||
# if you use no file extension in the url and serve html, with apache you get an | ||
# expire time of 0s, with nginx you'd get an expire header of one month in the | ||
# future (if the default expire rule is 1 month). Therefore, do not use a | ||
# default expire rule with nginx unless your site is completely static | ||
|
||
# cache.appcache, your document html and data | ||
location ~* \.(?:manifest|appcache|html?|xml|json)$ { | ||
expires -1; | ||
} | ||
|
||
# Feed | ||
location ~* \.(?:rss|atom)$ { | ||
expires 1h; | ||
} | ||
|
||
# Media: images, icons, video, audio, HTC | ||
location ~* \.(?:jpg|jpeg|gif|png|ico|cur|gz|svg|svgz|mp4|ogg|ogv|webm|htc)$ { | ||
expires 1M; | ||
access_log off; | ||
add_header Cache-Control "public"; | ||
} | ||
|
||
# CSS and Javascript | ||
location ~* \.(?:css|js)$ { | ||
expires 1y; | ||
access_log off; | ||
} | ||
|
||
# WebFonts | ||
# If you are NOT using cross-domain-fonts.conf, uncomment the following directive | ||
# location ~* \.(?:ttf|ttc|otf|eot|woff|woff2)$ { | ||
# expires 1M; | ||
# access_log off; | ||
# } |
13 changes: 13 additions & 0 deletions
13
docker-files/docker/app/h5bp/location/protect-system-files.conf
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,13 @@ | ||
# Prevent clients from accessing hidden files (starting with a dot) | ||
# This is particularly important if you store .htpasswd files in the site hierarchy | ||
# Access to `/.well-known/` is allowed. | ||
# https://www.mnot.net/blog/2010/04/07/well-known | ||
# https://tools.ietf.org/html/rfc5785 | ||
location ~* /\.(?!well-known\/) { | ||
deny all; | ||
} | ||
|
||
# Prevent clients from accessing to backup/config/source files | ||
location ~* (?:\.(?:bak|conf|dist|fla|in[ci]|log|psd|sh|sql|sw[op])|~)$ { | ||
deny all; | ||
} |
Oops, something went wrong.