hpz937/docker-lemp
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Initial Commit

Browse Source
This commit is contained in:
hpz937
2024-09-14 17:13:47 -05:00
parent 8a66d4b350
commit 986404d5b3
14 changed files with 288 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
.env.db.dist Normal file
View File

@@ -0,0 +1,4 @@
MARIADB_ROOT_PASSWORD=supersecret
MARIADB_DATABASE=appuser
MARIADB_USER=appuser
MARIADB_PASSWORD=secrettoo

5
.gitignore vendored Normal file
View File

@@ -0,0 +1,5 @@
*.pem
.env.db
src/
*.sql
*.sql.gz

19
LICENSE
View File

@@ -2,8 +2,21 @@ MIT License
Copyright (c) 2024 hpz937
Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
The above copyright notice and this permission notice shall be included in all
copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
SOFTWARE.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

68
README.md
View File

@@ -1,2 +1,70 @@
# docker-lemp
## Overview
`docker-lemp` is a Docker-based LEMP stack (Linux, Nginx, MySQL, PHP) for local development. This setup allows you to quickly spin up a LEMP environment for your web applications.
## Features
- **Nginx**: High-performance web server.
- **MySQL**: Popular relational database management system.
- **PHP**: Server-side scripting language.
- **Docker Compose**: Tool for defining and running multi-container Docker applications.
## Prerequisites
- Docker
- Docker Compose
## Getting Started
1. Clone the repository:
```sh
git clone https://git.hpz.pw/hpz937/docker-lemp.git
cd docker-lemp
```
2. Build and start the containers:
```sh
docker-compose up --build
```
3. Access your application:
- Web server: `https://localhost:8443`
## Configuration
- **Nginx**: Configuration files are located in the `nginx` directory.
- **PHP**: Configuration files are located in the `phpfpm` directory.
## SSL
To generate a self-signed SSL certificate and `dhparam.pem`, follow these steps:
1. Create the `nginx/ssl` directory if it doesn't exist:
```sh
mkdir -p nginx/ssl
```
2. Generate a self-signed SSL certificate:
```sh
openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout nginx/ssl/key.pem -out nginx/ssl/cert.pem
```
3. Generate a `dhparam.pem` file:
```sh
openssl dhparam -out nginx/ssl/dhparam.pem 2048
```
These files will be used by Nginx for SSL termination.
## Usage
- To stop the containers:
```sh
docker-compose down
```
- To rebuild the containers:
```sh
docker-compose up --build
```
## Contributing
Contributions are welcome! Please open an issue or submit a pull request.
## License
This project is licensed under the MIT License. See the [LICENSE](LICENSE) file for details.

28
docker-compose.yml Normal file
View File

@@ -0,0 +1,28 @@
services:
nginx:
build:
context: "nginx"
dockerfile: "Dockerfile"
volumes:
- ./src:/var/www/html:ro
ports:
- 8080:80
- 8443:443
depends_on:
- phpfpm
phpfpm:
build:
context: "phpfpm"
dockerfile: "Dockerfile"
volumes:
- ./src:/var/www/html:rw
db:
image: mariadb
env_file: .env.db
composer:
image: composer
volumes:
- ./src:/app

2
nginx/Dockerfile Executable file
View File

@@ -0,0 +1,2 @@
FROM nginx:latest
COPY . /etc/nginx/

57
nginx/nginx.conf Executable file
View File

@@ -0,0 +1,57 @@
# Generated by nginxconfig.io
# See nginxconfig.txt for the configuration share link
user nginx;
pid /var/run/nginx.pid;
worker_processes auto;
worker_rlimit_nofile 65535;
# Load modules
include /etc/nginx/modules-enabled/*.conf;
events {
multi_accept on;
worker_connections 65535;
}
http {
charset utf-8;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
server_tokens off;
log_not_found off;
types_hash_max_size 2048;
types_hash_bucket_size 64;
client_max_body_size 16M;
# MIME
include mime.types;
default_type application/octet-stream;
# Logging
access_log off;
error_log /dev/null;
# SSL
ssl_session_timeout 1d;
ssl_session_cache shared:SSL:10m;
ssl_session_tickets off;
# Diffie-Hellman parameter for DHE ciphersuites
ssl_dhparam /etc/nginx/ssl/dhparam.pem;
# Mozilla Intermediate configuration
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
# OCSP Stapling
ssl_stapling on;
ssl_stapling_verify on;
resolver 1.1.1.1 1.0.0.1 8.8.8.8 8.8.4.4 208.67.222.222 208.67.220.220 valid=60s;
resolver_timeout 2s;
# Load configs
include /etc/nginx/conf.d/*.conf;
include /etc/nginx/sites-enabled/*;
}

27
nginx/nginxconfig.io/general.conf Executable file
View File

@@ -0,0 +1,27 @@
# favicon.ico
location = /favicon.ico {
log_not_found off;
}
# robots.txt
location = /robots.txt {
log_not_found off;
}
# assets, media
location ~* \.(?:css(\.map)?|js(\.map)?|jpe?g|png|gif|ico|cur|heic|webp|tiff?|mp3|m4a|aac|ogg|midi?|wav|mp4|mov|webm|mpe?g|avi|ogv|flv|wmv)$ {
expires 7d;
}
# svg, fonts
location ~* \.(?:svgz?|ttf|ttc|otf|eot|woff2?)$ {
add_header Access-Control-Allow-Origin "*";
expires 7d;
}
# gzip
gzip on;
gzip_vary on;
gzip_proxied any;
gzip_comp_level 6;
gzip_types text/plain text/css text/xml application/json application/javascript application/rss+xml application/atom+xml image/svg+xml;

15
nginx/nginxconfig.io/php_fastcgi.conf Executable file
View File

@@ -0,0 +1,15 @@
# 404
try_files $fastcgi_script_name =404;
# default fastcgi_params
include fastcgi_params;
# fastcgi settings
fastcgi_index index.php;
fastcgi_buffers 8 16k;
fastcgi_buffer_size 32k;
# fastcgi params
fastcgi_param DOCUMENT_ROOT $realpath_root;
fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;
fastcgi_param PHP_ADMIN_VALUE "open_basedir=$base/:/usr/lib/php/:/tmp/";

12
nginx/nginxconfig.io/security.conf Executable file
View File

@@ -0,0 +1,12 @@
# security headers
add_header X-XSS-Protection "1; mode=block" always;
add_header X-Content-Type-Options "nosniff" always;
add_header Referrer-Policy "no-referrer-when-downgrade" always;
add_header Content-Security-Policy "default-src 'self' http: https: ws: wss: data: blob: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self';" always;
add_header Permissions-Policy "interest-cohort=()" always;
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
# . files
location ~ /\.(?!well-known) {
deny all;
}

1
nginx/nginxconfig.txt Executable file
View File

@@ -0,0 +1 @@
https://www.digitalocean.com/community/tools/nginx?domains.0.server.domain=&domains.0.server.path=%2Fvar%2Fwww%2Fhtml&domains.0.server.redirectSubdomains=false&domains.0.https.certType=custom&domains.0.https.sslCertificate=%2Fetc%2Fnginx%2Fssl%2Fcert.pem&domains.0.https.sslCertificateKey=%2Fetc%2Fnginx%2Fssl%2Fkey.pem&domains.0.php.phpServer=custom&domains.0.php.phpServerCustom=phpfpm%3A9000&domains.0.routing.fallbackHtml=true&global.nginx.user=nginx&global.nginx.pid=%2Fvar%2Frun%2Fnginx.pid&global.docker.dockerfile=true

49
nginx/sites-available/default.conf Executable file
View File

@@ -0,0 +1,49 @@
server {
listen 443 ssl default_server;
listen [::]:443 ssl default_server;
server_name _;
http2 on;
set $base /var/www/html;
root $base/public;
# SSL
ssl_certificate /etc/nginx/ssl/cert.pem;
ssl_certificate_key /etc/nginx/ssl/key.pem;
# security
include nginxconfig.io/security.conf;
# logging
access_log /var/log/nginx/access.log combined buffer=512k flush=1m;
error_log /var/log/nginx/error.log warn;
# index.php
index index.php;
# index.html fallback
location / {
try_files $uri $uri/ /index.html;
}
# index.php fallback
location ~ ^/api/ {
try_files $uri $uri/ /index.php?$query_string;
}
# additional config
include nginxconfig.io/general.conf;
# handle .php
location ~ \.php$ {
fastcgi_pass phpfpm:9000;
include nginxconfig.io/php_fastcgi.conf;
}
}
# HTTP redirect
server {
listen 80 default_server;
listen [::]:80 default_server;
server_name _;
return 301 https://$host:8443$request_uri;
}

1
nginx/sites-enabled/default.conf Symbolic link
View File

@@ -0,0 +1 @@
../sites-available/default.conf

3
phpfpm/Dockerfile Normal file
View File

@@ -0,0 +1,3 @@
FROM php:8.3-fpm-alpine
RUN docker-php-ext-install mysqli pdo_mysql