From f09e766fe494dfb4b93dc5f98db1938d8a9068c8 Mon Sep 17 00:00:00 2001 From: Aditya Prima Date: Sun, 24 Mar 2024 04:53:26 +0700 Subject: [PATCH] Added required scripts and gitea workflows --- .gitea/workflows/alpine-dockerio.yaml | 117 +++++++++++++++++++++++++ .gitea/workflows/alpine-winter.yaml | 117 +++++++++++++++++++++++++ .gitea/workflows/ubuntu-dockerio.yaml | 119 ++++++++++++++++++++++++++ .gitea/workflows/ubuntu-winter.yaml | 111 ++++++++++++++++++++++++ Dockerfile.alpine | 22 +++++ Dockerfile.ubuntu | 22 +++++ etc/nginx/conf.d/default.conf | 16 ++++ etc/nginx/nginx.conf | 70 +++++++++++++++ etc/nginx/proxy_params | 4 + etc/nginx/ssl_params | 22 +++++ usr/www/index.html | 29 +++++++ 11 files changed, 649 insertions(+) create mode 100644 .gitea/workflows/alpine-dockerio.yaml create mode 100644 .gitea/workflows/alpine-winter.yaml create mode 100644 .gitea/workflows/ubuntu-dockerio.yaml create mode 100644 .gitea/workflows/ubuntu-winter.yaml create mode 100644 Dockerfile.alpine create mode 100644 Dockerfile.ubuntu create mode 100644 etc/nginx/conf.d/default.conf create mode 100644 etc/nginx/nginx.conf create mode 100644 etc/nginx/proxy_params create mode 100644 etc/nginx/ssl_params create mode 100644 usr/www/index.html diff --git a/.gitea/workflows/alpine-dockerio.yaml b/.gitea/workflows/alpine-dockerio.yaml new file mode 100644 index 0000000..42d55b0 --- /dev/null +++ b/.gitea/workflows/alpine-dockerio.yaml @@ -0,0 +1,117 @@ +name: Build and Push Alpine Image +on: + push: + branches: + - master + +jobs: + build: + name: Build and push image + runs-on: ubuntu-latest + container: + image: ghcr.io/catthehacker/ubuntu:act-latest + steps: + - name: Check out repository code + uses: actions/checkout@v3 + - name: Login to Docker Winter Access Git Registry + uses: docker/login-action@v3 + with: + registry: docker.io + username: aprimediet + password: ${{ secrets.DOCKER_TOKEN }} + - name: Build and push 5.6 Images + uses: docker/build-push-action@v5 + with: + context: . + file: Dockerfile.alpine + build-args: | + PHP_VERSION=5.6 + REGISTRY_URL=aprimediet + push: true + tags: | + aprimediet/php-fpm-nginx:5.6 + aprimediet/php-fpm-nginx:5.6-alpine + - name: Build and push 7.2 Images + uses: docker/build-push-action@v5 + with: + context: . + file: Dockerfile.alpine + build-args: | + PHP_VERSION=7.2 + REGISTRY_URL=aprimediet + push: true + tags: | + aprimediet/php-fpm-nginx:7.2 + aprimediet/php-fpm-nginx:7.2-alpine + - name: Build and push 7.3 Images + uses: docker/build-push-action@v5 + with: + context: . + file: Dockerfile.alpine + build-args: | + PHP_VERSION=7.3 + REGISTRY_URL=aprimediet + push: true + tags: | + aprimediet/php-fpm-nginx:7.3 + aprimediet/php-fpm-nginx:7.3-alpine + - name: Build and push 7.4 Images + uses: docker/build-push-action@v5 + with: + context: . + file: Dockerfile.alpine + build-args: | + PHP_VERSION=7.4 + REGISTRY_URL=aprimediet + push: true + tags: | + aprimediet/php-fpm-nginx:7.4 + aprimediet/php-fpm-nginx:7.4-alpine + - name: Build and push 8.0 Images + uses: docker/build-push-action@v5 + with: + context: . + file: Dockerfile.alpine + build-args: | + PHP_VERSION=8.0 + REGISTRY_URL=aprimediet + push: true + tags: | + aprimediet/php-fpm-nginx:8.0 + aprimediet/php-fpm-nginx:8.0-alpine + - name: Build and push 8.1 Images + uses: docker/build-push-action@v5 + with: + context: . + file: Dockerfile.alpine + build-args: | + PHP_VERSION=8.1 + REGISTRY_URL=aprimediet + push: true + tags: | + aprimediet/php-fpm-nginx:8.1 + aprimediet/php-fpm-nginx:8.1-alpine + - name: Build and push 8.2 Images + uses: docker/build-push-action@v5 + with: + context: . + file: Dockerfile.alpine + build-args: | + PHP_VERSION=8.2 + REGISTRY_URL=aprimediet + push: true + tags: | + aprimediet/php-fpm-nginx:8.2 + aprimediet/php-fpm-nginx:8.2-alpine + - name: Build and push 8.3 Images + uses: docker/build-push-action@v5 + with: + context: . + file: Dockerfile.alpine + build-args: | + PHP_VERSION=8.3 + REGISTRY_URL=aprimediet + push: true + tags: | + aprimediet/php-fpm-nginx:8.3-alpine + aprimediet/php-fpm-nginx:latest-alpine diff --git a/.gitea/workflows/alpine-winter.yaml b/.gitea/workflows/alpine-winter.yaml new file mode 100644 index 0000000..db8c3a0 --- /dev/null +++ b/.gitea/workflows/alpine-winter.yaml @@ -0,0 +1,117 @@ +name: Build and Push Alpine Image +on: + push: + branches: + - master + +jobs: + build: + name: Build and push image + runs-on: ubuntu-latest + container: + image: ghcr.io/catthehacker/ubuntu:act-latest + steps: + - name: Check out repository code + uses: actions/checkout@v3 + - name: Login to Docker Winter Access Git Registry + uses: docker/login-action@v3 + with: + registry: git.winteraccess.id + username: aditya.prima + password: ${{ secrets.PATOKEN }} + - name: Build and push 5.6 Images + uses: docker/build-push-action@v5 + with: + context: . + file: Dockerfile.alpine + build-args: | + PHP_VERSION=5.6 + ALPINE_VERSION=3.5 + push: true + tags: | + git.winteraccess.id/${{ gitea.repository }}:5.6 + git.winteraccess.id/${{ gitea.repository }}:5.6-alpine + - name: Build and push 7.2 Images + uses: docker/build-push-action@v5 + with: + context: . + file: Dockerfile.alpine + build-args: | + PHP_VERSION=7.2 + ALPINE_VERSION=3.9 + push: true + tags: | + git.winteraccess.id/${{ gitea.repository }}:7.2 + git.winteraccess.id/${{ gitea.repository }}:7.2-alpine + - name: Build and push 7.3 Images + uses: docker/build-push-action@v5 + with: + context: . + file: Dockerfile.alpine + build-args: | + PHP_VERSION=7.3 + ALPINE_VERSION=3.10 + push: true + tags: | + git.winteraccess.id/${{ gitea.repository }}:7.3 + git.winteraccess.id/${{ gitea.repository }}:7.3-alpine + - name: Build and push 7.4 Images + uses: docker/build-push-action@v5 + with: + context: . + file: Dockerfile.alpine + build-args: | + PHP_VERSION=7.4 + ALPINE_VERSION=3.13 + push: true + tags: | + git.winteraccess.id/${{ gitea.repository }}:7.4 + git.winteraccess.id/${{ gitea.repository }}:7.4-alpine + - name: Build and push 8.0 Images + uses: docker/build-push-action@v5 + with: + context: . + file: Dockerfile.alpine + build-args: | + PHP_VERSION=8.0 + ALPINE_VERSION=3.16 + push: true + tags: | + git.winteraccess.id/${{ gitea.repository }}:8.0 + git.winteraccess.id/${{ gitea.repository }}:8.0-alpine + - name: Build and push 8.1 Images + uses: docker/build-push-action@v5 + with: + context: . + file: Dockerfile.alpine + build-args: | + PHP_VERSION=8.1 + ALPINE_VERSION=3.18 + push: true + tags: | + git.winteraccess.id/${{ gitea.repository }}:8.1 + git.winteraccess.id/${{ gitea.repository }}:8.1-alpine + - name: Build and push 8.2 Images + uses: docker/build-push-action@v5 + with: + context: . + file: Dockerfile.alpine + build-args: | + PHP_VERSION=8.2 + ALPINE_VERSION=3.18 + push: true + tags: | + git.winteraccess.id/${{ gitea.repository }}:8.2 + git.winteraccess.id/${{ gitea.repository }}:8.2-alpine + - name: Build and push 8.3 Images + uses: docker/build-push-action@v5 + with: + context: . + file: Dockerfile.alpine + build-args: | + PHP_VERSION=8.3 + ALPINE_VERSION=3.19 + push: true + tags: | + git.winteraccess.id/${{ gitea.repository }}:8.3-alpine + git.winteraccess.id/${{ gitea.repository }}:latest-alpine diff --git a/.gitea/workflows/ubuntu-dockerio.yaml b/.gitea/workflows/ubuntu-dockerio.yaml new file mode 100644 index 0000000..605c98d --- /dev/null +++ b/.gitea/workflows/ubuntu-dockerio.yaml @@ -0,0 +1,119 @@ +name: Build and Push Ubuntu Image +on: + push: + branches: + - master + +jobs: + build: + name: Build and push image + runs-on: ubuntu-latest + container: + image: ghcr.io/catthehacker/ubuntu:act-latest + steps: + - name: Check out repository code + uses: actions/checkout@v3 + - name: Login to Docker Winter Access Git Registry + uses: docker/login-action@v3 + with: + registry: docker.io + username: aprimediet + password: ${{ secrets.DOCKER_TOKEN }} + - name: Build and push 5.6 Images + uses: docker/build-push-action@v5 + with: + context: . + file: Dockerfile.ubuntu + build-args: | + PHP_VERSION=5.6 + REGISTRY_URL=aprimediet + push: true + tags: | + aprimediet/php-fpm-nginx:5.6 + aprimediet/php-fpm-nginx:5.6-ubuntu + - name: Build and push 7.2 Images + uses: docker/build-push-action@v5 + with: + context: . + file: Dockerfile.ubuntu + build-args: | + PHP_VERSION=7.2 + REGISTRY_URL=aprimediet + push: true + tags: | + aprimediet/php-fpm-nginx:7.2 + aprimediet/php-fpm-nginx:7.2-ubuntu + - name: Build and push 7.3 Images + uses: docker/build-push-action@v5 + with: + context: . + file: Dockerfile.ubuntu + build-args: | + PHP_VERSION=7.3 + REGISTRY_URL=aprimediet + push: true + tags: | + aprimediet/php-fpm-nginx:7.3 + aprimediet/php-fpm-nginx:7.3-ubuntu + - name: Build and push 7.4 Images + uses: docker/build-push-action@v5 + with: + context: . + file: Dockerfile.ubuntu + build-args: | + PHP_VERSION=7.4 + REGISTRY_URL=aprimediet + push: true + tags: | + aprimediet/php-fpm-nginx:7.4 + aprimediet/php-fpm-nginx:7.4-ubuntu + - name: Build and push 8.0 Images + uses: docker/build-push-action@v5 + with: + context: . + file: Dockerfile.ubuntu + build-args: | + PHP_VERSION=8.0 + REGISTRY_URL=aprimediet + push: true + tags: | + aprimediet/php-fpm-nginx:8.0 + aprimediet/php-fpm-nginx:8.0-ubuntu + - name: Build and push 8.1 Images + uses: docker/build-push-action@v5 + with: + context: . + file: Dockerfile.ubuntu + build-args: | + PHP_VERSION=8.1 + REGISTRY_URL=aprimediet + push: true + tags: | + aprimediet/php-fpm-nginx:8.1 + aprimediet/php-fpm-nginx:8.1-ubuntu + - name: Build and push 8.2 Images + uses: docker/build-push-action@v5 + with: + context: . + file: Dockerfile.ubuntu + build-args: | + PHP_VERSION=8.2 + REGISTRY_URL=aprimediet + push: true + tags: | + aprimediet/php-fpm-nginx:8.2 + aprimediet/php-fpm-nginx:8.2-ubuntu + - name: Build and push 8.3 Images + uses: docker/build-push-action@v5 + with: + context: . + file: Dockerfile.ubuntu + build-args: | + PHP_VERSION=8.3 + REGISTRY_URL=aprimediet + push: true + tags: | + aprimediet/php-fpm-nginx:8.3 + aprimediet/php-fpm-nginx:8.3-ubuntu + aprimediet/php-fpm-nginx:latest-ubuntu + aprimediet/php-fpm-nginx:latest diff --git a/.gitea/workflows/ubuntu-winter.yaml b/.gitea/workflows/ubuntu-winter.yaml new file mode 100644 index 0000000..ebbf8f6 --- /dev/null +++ b/.gitea/workflows/ubuntu-winter.yaml @@ -0,0 +1,111 @@ +name: Build and Push Ubuntu Image +on: + push: + branches: + - master + +jobs: + build: + name: Build and push image + runs-on: ubuntu-latest + container: + image: ghcr.io/catthehacker/ubuntu:act-latest + steps: + - name: Check out repository code + uses: actions/checkout@v3 + - name: Login to Docker Winter Access Git Registry + uses: docker/login-action@v3 + with: + registry: git.winteraccess.id + username: aditya.prima + password: ${{ secrets.PATOKEN }} + - name: Build and push 5.6 Images + uses: docker/build-push-action@v5 + with: + context: . + file: Dockerfile.ubuntu + build-args: | + PHP_VERSION=5.6 + push: true + tags: | + git.winteraccess.id/${{ gitea.repository }}:5.6 + git.winteraccess.id/${{ gitea.repository }}:5.6-ubuntu + - name: Build and push 7.2 Images + uses: docker/build-push-action@v5 + with: + context: . + file: Dockerfile.ubuntu + build-args: | + PHP_VERSION=7.2 + push: true + tags: | + git.winteraccess.id/${{ gitea.repository }}:7.2 + git.winteraccess.id/${{ gitea.repository }}:7.2-ubuntu + - name: Build and push 7.3 Images + uses: docker/build-push-action@v5 + with: + context: . + file: Dockerfile.ubuntu + build-args: | + PHP_VERSION=7.3 + push: true + tags: | + git.winteraccess.id/${{ gitea.repository }}:7.3 + git.winteraccess.id/${{ gitea.repository }}:7.3-ubuntu + - name: Build and push 7.4 Images + uses: docker/build-push-action@v5 + with: + context: . + file: Dockerfile.ubuntu + build-args: | + PHP_VERSION=7.4 + push: true + tags: | + git.winteraccess.id/${{ gitea.repository }}:7.4 + git.winteraccess.id/${{ gitea.repository }}:7.4-ubuntu + - name: Build and push 8.0 Images + uses: docker/build-push-action@v5 + with: + context: . + file: Dockerfile.ubuntu + build-args: | + PHP_VERSION=8.0 + push: true + tags: | + git.winteraccess.id/${{ gitea.repository }}:8.0 + git.winteraccess.id/${{ gitea.repository }}:8.0-ubuntu + - name: Build and push 8.1 Images + uses: docker/build-push-action@v5 + with: + context: . + file: Dockerfile.ubuntu + build-args: | + PHP_VERSION=8.1 + push: true + tags: | + git.winteraccess.id/${{ gitea.repository }}:8.1 + git.winteraccess.id/${{ gitea.repository }}:8.1-ubuntu + - name: Build and push 8.2 Images + uses: docker/build-push-action@v5 + with: + context: . + file: Dockerfile.ubuntu + build-args: | + PHP_VERSION=8.2 + push: true + tags: | + git.winteraccess.id/${{ gitea.repository }}:8.2 + git.winteraccess.id/${{ gitea.repository }}:8.2-ubuntu + - name: Build and push 8.3 Images + uses: docker/build-push-action@v5 + with: + context: . + file: Dockerfile.ubuntu + build-args: | + PHP_VERSION=8.3 + push: true + tags: | + git.winteraccess.id/${{ gitea.repository }}:8.3 + git.winteraccess.id/${{ gitea.repository }}:8.3-ubuntu + git.winteraccess.id/${{ gitea.repository }}:latest-ubuntu + git.winteraccess.id/${{ gitea.repository }}:latest diff --git a/Dockerfile.alpine b/Dockerfile.alpine new file mode 100644 index 0000000..621453e --- /dev/null +++ b/Dockerfile.alpine @@ -0,0 +1,22 @@ +ARG REGISTRY_URL=git.winteraccess.id/docker +ARG PHP_VERSION=8.3 + +FROM ${REGISTRY_URL}/php-fpm:${PHP_VERSION}-alpine +LABEL maintainer=" aprimediet@gmail.com" + +# Set workdir +WORKDIR /usr/www + +# INSTALL BASE DEPENDENCIES +RUN --mount=type=cache,target=/var/cache/apk \ + apk upgrade && apk add --update \ + nginx openssl + +# COPY CONFIGURATION FILES +ADD ./etc /etc +ADD ./usr /usr + +# CLEAN APK CACHES +RUN rm -vrf /var/cache/apk/* + +EXPOSE 80 \ No newline at end of file diff --git a/Dockerfile.ubuntu b/Dockerfile.ubuntu new file mode 100644 index 0000000..a069f7c --- /dev/null +++ b/Dockerfile.ubuntu @@ -0,0 +1,22 @@ +ARG PHP_VERSION=8.3 +ARG REGISTRY_URL=git.winteraccess.id/docker + +FROM ${REGISTRY_URL}/php-fpm:${PHP_VERSION}-ubuntu +LABEL maintainer=" aprimediet@gmail.com" + +# Set workdir +WORKDIR /usr/www + +# INSTALL BASE DEPENDENCIES +RUN --mount=type=cache,target=/var/cache/apt/archives \ + apt -y update && apt -y upgrade && apt -y install \ + nginx openssl + +# COPY CONFIGURATION FILES +ADD ./etc /etc +ADD ./usr /usr + +# CLEAN APT CACHE +RUN apt -y clean + +EXPOSE 80 \ No newline at end of file diff --git a/etc/nginx/conf.d/default.conf b/etc/nginx/conf.d/default.conf new file mode 100644 index 0000000..4f8e22d --- /dev/null +++ b/etc/nginx/conf.d/default.conf @@ -0,0 +1,16 @@ +server { + listen 80 default_server; + listen [::]:80 default_server; + + server_name _; + root /usr/www; + index index.html; + + location / { + try_files $uri $uri/ =404; + } + + location ~* .(jpg|jpeg|png|gif|ico|css|js)$ { + expires 30d; + } +} \ No newline at end of file diff --git a/etc/nginx/nginx.conf b/etc/nginx/nginx.conf new file mode 100644 index 0000000..5d61f35 --- /dev/null +++ b/etc/nginx/nginx.conf @@ -0,0 +1,70 @@ +# /etc/nginx/nginx.conf + +user root; + +# Do not start as daemon +daemon off; + +worker_processes auto; +worker_rlimit_nofile 100000; + +# Set log to stderr +error_log stderr warn; +pid /var/run/nginx.pid; + +include /etc/nginx/modules/*.conf; + +events { + worker_connections 1024; +} + +http { + include /etc/nginx/mime.types; + default_type application/octet-stream; + server_tokens off; + keepalive_timeout 15; + sendfile on; + tcp_nodelay on; + + log_format custom_log '[$time_local] [NGINX] - $remote_addr - $remote_user - ' + '"$request" $status $body_bytes_sent ' + '"$http_referer" "$http_user_agent" "$gzip_ratio"'; + + # Do not log access + access_log /dev/stdout custom_log; + + # SSL + ssl_prefer_server_ciphers on; + ssl_session_cache shared:SSL:2m; + + # buffering causes issues, disable it + # increase buffer size. still useful even when buffering is off + proxy_buffering off; + proxy_buffer_size 4k; + + # Buffer size + client_body_buffer_size 10k; + client_header_buffer_size 1k; + client_max_body_size 8m; + large_client_header_buffers 2 1k; + + # Timeouts + client_body_timeout 12; + client_header_timeout 12; + send_timeout 10; + + # GZip Compression + gzip on; + gzip_http_version 1.0; + gzip_vary on; + gzip_comp_level 4; + gzip_min_length 1280; + gzip_buffers 128 4k; + # gzip_proxied expired no-cache no-store private auth; + gzip_proxied any; + gzip_disable "msie6"; + # gzip_types text/plain application/x-javascript text/xml text/css application/xml; + gzip_types text/plain text/css application/x-javascript text/xml application/xml application/xml+rss text/javascript image/x-icon image/bmp; + + include /etc/nginx/conf.d/*.conf; +} \ No newline at end of file diff --git a/etc/nginx/proxy_params b/etc/nginx/proxy_params new file mode 100644 index 0000000..366cc8b --- /dev/null +++ b/etc/nginx/proxy_params @@ -0,0 +1,4 @@ +proxy_set_header Host $http_host; +proxy_set_header X-Real-IP $remote_addr; +proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; +proxy_set_header X-Forwarded-Proto $scheme; \ No newline at end of file diff --git a/etc/nginx/ssl_params b/etc/nginx/ssl_params new file mode 100644 index 0000000..43140db --- /dev/null +++ b/etc/nginx/ssl_params @@ -0,0 +1,22 @@ +# secure nginx, see https://cipherli.st/ + +ssl_protocols TLSv1.3 +ssl_prefer_server_ciphers off; +ssl_session_timeout 1d; +ssl_session_cache shared:SSL:10m; +ssl_session_tickets off; # Requires nginx >= 1.5.9 +ssl_stapling on; # Requires nginx >= 1.3.7 +ssl_stapling_verify on; # Requires nginx => 1.3.7 +resolver 8.8.8.8 8.8.4.4 valid=300s; +resolver_timeout 5s; + +# https://hstspreload.org +add_header Strict-Transport-Security "max-age=63072000" always; +# By default, HSTS header is not added to subdomain requests. If you have subdomains and want +# HSTS to apply to all of them, you should add the includeSubDomains variable like this: +#add_header Strict-Transport-Security "max-age=63072000; includeSubDomains" always; + +add_header X-Frame-Options DENY; +add_header X-Content-Type-Options nosniff; +add_header X-XSS-Protection "1; mode=block"; +add_header X-Robots-Tag none; \ No newline at end of file diff --git a/usr/www/index.html b/usr/www/index.html new file mode 100644 index 0000000..866efd3 --- /dev/null +++ b/usr/www/index.html @@ -0,0 +1,29 @@ + + + +Welcome to nginx! + + + +

Welcome to nginx!

+

The aprimediet/nginx variant.

+

If you see this page, the nginx web server is successfully installed and +working. Further configuration is required.

+ +

For online documentation and support please refer to +nginx.org.
+Commercial support is available at +nginx.com.

+ +

For online documentation specific to the aprimediet/nginx,
+please refer to aprimediet/docker-nginx.

+ +

Thank you for using nginx.

+ + \ No newline at end of file