From 5822986a9ac63afe19b64b84cc2130ecd5f6fe41 Mon Sep 17 00:00:00 2001
From: eater <=@eater.me>
Date: Sun, 11 Nov 2018 23:14:01 +0100
Subject: [PATCH] Initial commit

---
 README.md                      |  9 ++++++++
 nginx/Dockerfile               | 10 +++++++++
 nginx/README.md                | 16 ++++++++++++++
 nginx/files/default/index.html | 27 ++++++++++++++++++++++++
 nginx/files/dhparam.pem        | 13 ++++++++++++
 nginx/files/nginx.conf         | 38 ++++++++++++++++++++++++++++++++++
 php-fpm/Dockerfile             |  6 ++++++
 php/Dockerfile                 |  8 +++++++
 php/composer-install.sh        | 18 ++++++++++++++++
 9 files changed, 145 insertions(+)
 create mode 100644 README.md
 create mode 100644 nginx/Dockerfile
 create mode 100644 nginx/README.md
 create mode 100644 nginx/files/default/index.html
 create mode 100644 nginx/files/dhparam.pem
 create mode 100644 nginx/files/nginx.conf
 create mode 100644 php-fpm/Dockerfile
 create mode 100644 php/Dockerfile
 create mode 100644 php/composer-install.sh

diff --git a/README.md b/README.md
new file mode 100644
index 0000000..cea67c1
--- /dev/null
+++ b/README.md
@@ -0,0 +1,9 @@
+# Flavors
+
+A repository of different types of containers based on `d.xr.to/base`
+
+|name||readme|description|
+|---|---|---|---|
+|php|`docker pull d.xr.to/php`||PHP, with composer installed and the following extensions: bz2, curl, gettext, gmp, openssl, pdo_mysql, pdo_sqlite, zip, and phar|
+|php-fpm|`docker pull d.xr.to/php-fpm`||`d.xr.to/php` with an php-fpm server running on port 9000|
+|nginx|`docker pull d.xr.to/nginx`|[README](nginx/)|A simple pre-configured nginx with safe defaults|
diff --git a/nginx/Dockerfile b/nginx/Dockerfile
new file mode 100644
index 0000000..960b3a5
--- /dev/null
+++ b/nginx/Dockerfile
@@ -0,0 +1,10 @@
+FROM d.xr.to/base
+RUN xbps-install -Sy nginx
+RUN useradd -rU www -u 444
+RUN install -d -o www -g www /sites
+RUN chown -R www:www /var/tmp/nginx
+COPY files/nginx.conf /etc/nginx/nginx.conf
+COPY --chown=444:444 files/default /sites/default
+COPY files/dhparam.pem /etc/nginx/dhparam.pem
+EXPOSE 80/tcp 443/tcp
+CMD ["nginx", "-g", "daemon off;"]
diff --git a/nginx/README.md b/nginx/README.md
new file mode 100644
index 0000000..e71989e
--- /dev/null
+++ b/nginx/README.md
@@ -0,0 +1,16 @@
+# `d.xr.to/nginx`
+
+```bash
+docker pull d.xr.to/nginx
+```
+
+A nginx container, contains safe defaults for SSL and pre-generated 4096-bits DH parameters.
+
+# Important paths
+
+| | |
+|---|---|
+|`/sites/default`|Default root directory|
+|[`/etc/nginx/nginx.conf`](files/nginx.conf)|Default nginx config|
+|`/etc/nginx/sites`|Default include path of other config files|
+|[`/etc/nginx/dhparam.pem`](files/dhparam.pem)|Default pre-generated DH parameters|
diff --git a/nginx/files/default/index.html b/nginx/files/default/index.html
new file mode 100644
index 0000000..27e722f
--- /dev/null
+++ b/nginx/files/default/index.html
@@ -0,0 +1,27 @@
+<!DOCTYPE html>
+<html lang="en">
+<head>
+    <meta charset="UTF-8">
+    <title>It works!</title>
+
+    <style>
+        body {
+            font-family: sans-serif;
+            text-align: center;
+            background-color: #212121;
+            color: #ebdbb2;
+        }
+
+        a {
+            color: #fb4934;
+            text-decoration: none;
+        }
+    </style>
+</head>
+<body>
+    <h1>It works!</h1>
+    <p>
+    This <a href="https://github.com/dxrto/flavors/tree/master/nginx">d.xr.to/nginx</a> server works! but has yet to be configured. (for this domain?)
+    </p>
+</body>
+</html>
diff --git a/nginx/files/dhparam.pem b/nginx/files/dhparam.pem
new file mode 100644
index 0000000..25404e0
--- /dev/null
+++ b/nginx/files/dhparam.pem
@@ -0,0 +1,13 @@
+-----BEGIN DH PARAMETERS-----
+MIICCAKCAgEAgVBWGwRq0v/VgsrfUz5Bm/zhuwvmngu3I80OBaVWycF6prJI0qJ8
+KJh+U1T49kLU4foOqCSxdWlsn9JcfOYLV3kUD3HvAh+wYGuwshuL5+DJkLYaGTtQ
+ZBHnNNnHR+3/UjfCQSKwqWGqLdDw1KTzveKlXj1AffydSJjHOjz9hxpMrUts+9bV
+ZLiUpTXTYCrN4jDxwCeBbgwcHwWGcsmXcDTJKjebpxQwJaHYkRjo6EOeC3kKrS4g
+nqLl6LU3DI7c9juZUl6wou7CQuSv/Gix/G2NDoupkhXnBHvH1T0msuICS7Y91L+G
+Y/oFzenHKxsaunW6DTg+rZeirRYKSg76AstVxJFxGHkQBSi+EykttkdEYutRRFp3
+IjiPi/x+XvtDibKrT0nbun13Rkq4C1A2q561HNp+e1PJ38Y46zW/S9Z+89uH2+ct
+J4b0scdUvtT1RKxEAstMtdRstxVO4Fi9FVWHDIhfP/xq864uIz9Mai43KD6bPaOi
+kN9y9zX3FQbYcEtvFc2rEdc+FlhtuLwFSgxrHTG3oJN2zRLMIQzoavI2Toklk7Wk
+uIwcUT/J12x2hehBgtgBrbyfPqnD2N2n6cugm/sq6c0ntUQAGHigBG7Y9XhnZz9Y
+tHaNFNWBKWoK7b0ulhkVjE8i1F1SpXdesmg9xpNR5VQmslzrZNwo2+sCAQI=
+-----END DH PARAMETERS-----
diff --git a/nginx/files/nginx.conf b/nginx/files/nginx.conf
new file mode 100644
index 0000000..27531e2
--- /dev/null
+++ b/nginx/files/nginx.conf
@@ -0,0 +1,38 @@
+user www www;
+worker_processes auto;
+
+events {
+    worker_connections 1024;
+}
+
+http {
+    include mime.types;
+    default_type application/octet-stream;
+    sendfile on;
+    keepalive_timeout 65;
+    gzip on;
+
+    # Secure SSL Settings, source: https://cipherli.st/
+    ssl_protocols TLSv1.3;
+    ssl_prefer_server_ciphers on; 
+    ssl_dhparam /etc/nginx/dhparam.pem;
+    ssl_ciphers ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384;
+    ssl_ecdh_curve secp384r1;
+    ssl_session_timeout  10m;
+    ssl_session_cache shared:SSL:10m;
+    ssl_session_tickets off;
+    ssl_stapling on;
+    ssl_stapling_verify on;
+    add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload";
+    add_header X-Frame-Options DENY;
+    add_header X-Content-Type-Options nosniff;
+    add_header X-XSS-Protection "1; mode=block";
+
+    server {
+        listen 80;
+        listen 443 ssl;
+        root /sites/default;
+    }
+    
+    include sites/*;
+}
diff --git a/php-fpm/Dockerfile b/php-fpm/Dockerfile
new file mode 100644
index 0000000..c42f817
--- /dev/null
+++ b/php-fpm/Dockerfile
@@ -0,0 +1,6 @@
+FROM d.xr.to/php-fpm
+RUN xbps-install -Sy php-fpm
+RUN useradd -rU www -u 444
+RUN sed 's:\(user\|group\)\s*=\s*http:\1 = www:'
+EXPOSE 9000/tcp
+CMD ["/usr/bin/php-fpm", "--nodaemonize"]
diff --git a/php/Dockerfile b/php/Dockerfile
new file mode 100644
index 0000000..9076571
--- /dev/null
+++ b/php/Dockerfile
@@ -0,0 +1,8 @@
+FROM d.xr.to/base
+LABEL maintainer="=@eater.me"
+RUN xbps-install -Sy php php-mysql php-sqlite wget
+RUN sed 's:^open_basedir:;open_basedir:;s:;extension=\(bz2\|curl\|gettext\|gmp\|openssl\|pdo_mysql\|pdo_sqlite\):extension=\1:;s:;extension=xsl:;extension=xsl\nextension=zip\nextension=phar:' -i /etc/php/php.ini
+COPY composer-install.sh /bin/composer-install.sh
+RUN bash /bin/composer-install.sh
+RUN rm -f /bin/composer-install.sh
+
diff --git a/php/composer-install.sh b/php/composer-install.sh
new file mode 100644
index 0000000..0a799a0
--- /dev/null
+++ b/php/composer-install.sh
@@ -0,0 +1,18 @@
+#!/bin/sh
+# Slightly edited version of: https://getcomposer.org/doc/faqs/how-to-install-composer-programmatically.md
+
+EXPECTED_SIGNATURE="$(wget -q -O - https://composer.github.io/installer.sig)"
+php -r "copy('https://getcomposer.org/installer', 'composer-setup.php');"
+ACTUAL_SIGNATURE="$(php -r "echo hash_file('sha384', 'composer-setup.php');")"
+
+if [ "$EXPECTED_SIGNATURE" != "$ACTUAL_SIGNATURE" ]
+then
+    >&2 echo 'ERROR: Invalid installer signature'
+    rm composer-setup.php
+    exit 1
+fi
+
+php composer-setup.php --quiet --install-dir=/bin --filename=composer
+RESULT=$?
+rm composer-setup.php
+exit $RESULT