Add deploy feature

bin/site-start.sh

@@ -39,6 +39,7 @@ elif [ "$ACTION" = "init" ]; then
  if [ ! -d "$TARGET_DIR" ]; then
  cp -r "$VENDOR_DIR/sample" "$TARGET_DIR/"
  mv "$TARGET_DIR/.env-sample" "$TARGET_DIR/.env-local"
+ mv "$TARGET_DIR/.env-sample-prod" "$TARGET_DIR/.env-prod"
  mv "$TARGET_DIR/docker-compose.local-sample.yml" "$TARGET_DIR/docker-compose.local.yml"
  echo "Server init success."
  echo "Change root-path in: $TARGET_DIR/nginx/conf-dynamic.d/sample.conf"

docker/.env-default

@@ -91,6 +91,26 @@ HOST_ETC_KEEP_CONF=no
 # Keep empty for get nginx container ip
 HOST_ETC_HOST_IP=
 
+# FTP
+#FTP_DB_TABLE_NAME=ftp_users
+#
+#FTP_PORT_BIND=21
+#FTP_PASSIVE_PORT_1=30000
+#FTP_PASSIVE_PORT_2=30001
+#FTP_PASSIVE_PORT_3=30002
+#FTP_PASSIVE_PORT_4=30003
+#FTP_PASSIVE_PORT_5=30004
+#FTP_PASSIVE_PORT_6=30005
+#FTP_PASSIVE_PORT_7=30006
+#FTP_PASSIVE_PORT_8=30007
+#FTP_PASSIVE_PORT_9=30008
+#FTP_PASSIVE_PORT_10=30009
+#
+#FTP_SUBJECT_COUNTRY=BY
+#FTP_SUBJECT_CITY=Minsk
+#FTP_SUBJECT_ORGANIZATION=NoName
+#FTP_SUBJECT_DOMAIN=sample.com
+
 # DEPLOY CONFIG
 #DEPLOY_SERVER_NAME=
 #DEPLOY_CONTAINER_NAME=

docker/Dockerfile-dev-server

@@ -1,6 +1,6 @@
 FROM matthewpatell/universal-docker-server:3.7
 
-# TODO: write script which will generate gourp of dockerfiles with same version
+# TODO: write script which will generate group of dockerfiles with same version
 
 RUN apt-get install -y \
  php7.1-dev \

docker/Dockerfile-server

@@ -1,4 +1,4 @@
-FROM matthewpatell/universal-docker-php-fpm:3.7
+FROM matthewpatell/universal-docker-server-php-fpm:3.7
 
 # Utils
 RUN apt-get update -y --fix-missing \
@@ -37,4 +37,7 @@ RUN apt-get update -y --fix-missing \
  && apt-get install -y supervisor \
  && mkdir -p /var/log/supervisord
 
+# Install java
+RUN apt-get install -y default-jre
+
 CMD ["supervisord", "-n"]

docker/docker-compose.ftp.yml

@@ -0,0 +1,36 @@
+version: '2'
+
+services:
+ ftp:
+ image: drummerroma/pureftpd-mysql
+ hostname: ftpserver
+ container_name: ${COMPOSE_PROJECT_NAME}_ftp
+ entrypoint: /bin/bash -c "chmod 764 /home/run.sh && /home/run.sh"
+ environment:
+ - MYSQL_HOST=${MYSQL_HOST}
+ - MYSQL_PORT=${MYSQL_PORT}
+ - MYSQL_DATABASE=${MYSQL_DATABASE}
+ - MYSQL_USER=${MYSQL_USER}
+ - MYSQL_PASSWORD=${MYSQL_PASSWORD}
+ - SUBJ_C=${FTP_SUBJECT_COUNTRY}
+ - SUBJ_L=${FTP_SUBJECT_CITY}
+ - SUBJ_O=${FTP_SUBJECT_ORGANIZATION}
+ - SUBJ_CN=${FTP_SUBJECT_DOMAIN}
+ - FTP_DB_TABLE_NAME=${FTP_DB_TABLE_NAME}
+ ports:
+ - ${FTP_PORT_BIND}:21
+ - ${FTP_PASSIVE_PORT_1}:30000
+ - ${FTP_PASSIVE_PORT_2}:30001
+ - ${FTP_PASSIVE_PORT_3}:30002
+ - ${FTP_PASSIVE_PORT_4}:30003
+ - ${FTP_PASSIVE_PORT_5}:30004
+ - ${FTP_PASSIVE_PORT_6}:30005
+ - ${FTP_PASSIVE_PORT_7}:30006
+ - ${FTP_PASSIVE_PORT_8}:30007
+ - ${FTP_PASSIVE_PORT_9}:30008
+ - ${FTP_PASSIVE_PORT_10}:30009
+ volumes:
+ - ${PACKAGE_DOCKER_FOLDER}/ftp/run.sh:/home/run.sh
+ - ${PROJECT_DOCKER_FOLDER}/ftp/logs:/var/log/pure-ftpd
+ # Override to your folder if needed
+ - ${PROJECT_DOCKER_FOLDER}/ftp/data:/ftpdata

docker/docker-compose.nginx.yml

@@ -0,0 +1,28 @@
+version: '2'
+
+services:
+ nginx:
+ image: ${NGINX_REPOSITORY}
+ container_name: ${COMPOSE_PROJECT_NAME}_nginx
+ hostname: nginx
+ environment:
+ ENV_PATH: ${PROJECT_DOCKER_FOLDER_CONTAINER}/.env
+ volumes:
+ - ${PROJECT_ROOT}:${PROJECT_ROOT_CONTAINER}
+ - ${PACKAGE_DOCKER_FOLDER}:${PACKAGE_DOCKER_FOLDER_CONTAINER}
+ - ${PACKAGE_DOCKER_FOLDER}/scripts:/scripts
+ - ${PROJECT_DOCKER_FOLDER}/letsencrypt/${PROJECT_ENVIRONMENT}:/etc/letsencrypt
+ - ${PACKAGE_DOCKER_FOLDER}/nginx/php-fpm.conf:/etc/nginx/php-fpm.conf
+ - ${PACKAGE_DOCKER_FOLDER}/nginx/php-fpm-unprotected.conf:/etc/nginx/php-fpm-unprotected.conf
+ - ${PACKAGE_DOCKER_FOLDER}/nginx/conf.d:/etc/nginx/conf.d
+ - ${PACKAGE_DOCKER_FOLDER}/nginx/lua:/etc/nginx/lua
+ - ${PACKAGE_DOCKER_FOLDER}/nginx/snippets:/etc/nginx/snippets
+ - ${PROJECT_DOCKER_FOLDER}/nginx/logs:/var/log/nginx
+ networks:
+ common:
+ aliases:
+ - nginx
+
+networks:
+ common:
+ driver: bridge

docker/docker-compose.server.yml

@@ -0,0 +1,39 @@
+version: '2'
+
+services:
+ server:
+ hostname: server
+ image: ${SERVER_REPOSITORY}
+ container_name: ${COMPOSE_PROJECT_NAME}_server
+ expose:
+ - ${DEBUG_PORT}
+ environment:
+ ENV_PATH: ${PROJECT_DOCKER_FOLDER_CONTAINER}/.env
+ volumes:
+ - ${PROJECT_ROOT}:${PROJECT_ROOT_CONTAINER}
+ - ${PACKAGE_DOCKER_FOLDER}:${PACKAGE_DOCKER_FOLDER_CONTAINER}
+ - ${PACKAGE_DOCKER_FOLDER}/scripts:/scripts
+ - ${PROJECT_DOCKER_FOLDER}/letsencrypt/${PROJECT_ENVIRONMENT}:/etc/letsencrypt
+ # cron
+ - ${PACKAGE_DOCKER_FOLDER}/pam/pam.d/cron:/etc/pam.d/cron
+ - ${PROJECT_DOCKER_FOLDER}/cron/server/logs:/var/log/cron
+ # php
+ - ${PACKAGE_DOCKER_FOLDER}/php/php.ini:/etc/php/7.1/cli/php.ini
+ - ${PACKAGE_DOCKER_FOLDER}/php/php.ini:/etc/php/7.1/fpm/php.ini
+ - ${PACKAGE_DOCKER_FOLDER}/php/php-fpm.conf:/etc/php/7.1/fpm/php-fpm.conf
+ - ${PACKAGE_DOCKER_FOLDER}/php/pool.d:/etc/php/7.1/fpm/pool.d/
+ - ${PACKAGE_DOCKER_FOLDER}/php/mods-available/xdebug.ini:/etc/php/7.1/mods-available/xdebug.ini
+ - ${PROJECT_DOCKER_FOLDER}/php/logs:/var/log/php7.1-fpm/
+ # supervisor
+ - ${PACKAGE_DOCKER_FOLDER}/supervisord/supervisord.conf:/etc/supervisor/supervisord.conf
+ - ${PROJECT_DOCKER_FOLDER}/supervisord/server/logs:/var/log/supervisord
+ - ${PACKAGE_DOCKER_FOLDER}/supervisord/server/services:/etc/supervisor/conf.d
+ working_dir: ${PROJECT_ROOT_CONTAINER}
+ networks:
+ common:
+ aliases:
+ - server
+
+networks:
+ common:
+ driver: bridge

docker/docker-compose.ssh.yml

@@ -0,0 +1,8 @@
+version: '2'
+
+services:
+ server:
+ volumes:
+ - ${PACKAGE_DOCKER_FOLDER}/ssh/sshd_config:/etc/ssh/sshd_config
+ - ${PROJECT_DOCKER_FOLDER}/ssh/files:${PACKAGE_DOCKER_FOLDER_CONTAINER}/ssh/files
+ - ${PACKAGE_DOCKER_FOLDER}/supervisord/other/services/6.sshd.conf:/etc/supervisor/conf.d/6.sshd.conf

docker/docker-compose.static-ports.yml

@@ -6,6 +6,10 @@ services:
  - ${SERVER_HTTP_PORT}:80
  - ${SERVER_SSL_PORT}:443
 
+ server:
+ ports:
+ - ${SSH_PORT}:22
+
  mysql:
  ports:
  - ${MYSQL_PORT}:3306

docker/docker-compose.terminal.prod.yml

@@ -1,43 +1,12 @@
 version: '2'
 
 services:
- terminal:
- env_file: .env
+ server:
  hostname: terminal
  image: ${TERMINAL_REPOSITORY}
  container_name: ${COMPOSE_PROJECT_NAME}_terminal
  mem_limit: 568500000
- expose:
- - ${DEBUG_PORT}
- environment:
- ENV_PATH: ${PROJECT_DOCKER_FOLDER_CONTAINER}/.env
- volumes:
- - ${PROJECT_ROOT}:${PROJECT_ROOT_CONTAINER}
- - ${PACKAGE_DOCKER_FOLDER}:${PACKAGE_DOCKER_FOLDER_CONTAINER}
- - ${PACKAGE_DOCKER_FOLDER}/scripts:/scripts
- - ${PROJECT_DOCKER_FOLDER}/letsencrypt/${PROJECT_ENVIRONMENT}:/etc/letsencrypt
- # cron
- - ${PACKAGE_DOCKER_FOLDER}/pam/pam.d/cron:/etc/pam.d/cron
- - ${PROJECT_DOCKER_FOLDER}/cron/server/logs:/var/log/cron
- # php
- - ${PACKAGE_DOCKER_FOLDER}/php/php.ini:/etc/php/7.1/cli/php.ini
- - ${PACKAGE_DOCKER_FOLDER}/php/php-fpm.conf:/etc/php/7.1/fpm/php-fpm.conf
- - ${PACKAGE_DOCKER_FOLDER}/php/pool.d:/etc/php/7.1/fpm/pool.d/
- - ${PACKAGE_DOCKER_FOLDER}/php/mods-available/xdebug.ini:/etc/php/7.1/mods-available/xdebug.ini
- - ${PROJECT_DOCKER_FOLDER}/php/logs:/var/log/php7.1-fpm/
- # ssh
- - ${PACKAGE_DOCKER_FOLDER}/ssh/sshd_config:/etc/ssh/sshd_config
- - ${PROJECT_DOCKER_FOLDER}/ssh/files:${PACKAGE_DOCKER_FOLDER_CONTAINER}/ssh/files
- # supervisor
- - ${PACKAGE_DOCKER_FOLDER}/supervisord/supervisord.conf:/etc/supervisor/supervisord.conf
- - ${PROJECT_DOCKER_FOLDER}/supervisord/server/logs:/var/log/supervisord
- - ${PACKAGE_DOCKER_FOLDER}/supervisord/server/services:/etc/supervisor/conf.d
- working_dir: ${PROJECT_ROOT_CONTAINER}
  networks:
  common:
  aliases:
  - terminal
-
-networks:
- common:
- driver: bridge

docker/ftp/data/.gitignore

@@ -0,0 +1,2 @@
+*
+!.gitignore

docker/ftp/ftp_users.sql

@@ -0,0 +1,21 @@
+create table ftp_users
+(
+ User varchar(16) default '' not null,
+ status enum ('0', '1') default '0' not null,
+ Password varchar(64) default '' not null,
+ Uid varchar(11) default '-1' not null,
+ Gid varchar(11) default '-1' not null,
+ Dir varchar(128) default '' not null,
+ ULBandwidth smallint default '0' not null,
+ DLBandwidth smallint default '0' not null,
+ comment tinytext not null,
+ ipaccess varchar(15) default '*' not null,
+ QuotaSize smallint default '0' not null,
+ QuotaFiles int default '0' not null,
+ constraint User
+ unique (User)
+)
+ charset = utf8;
+
+alter table ftp_users
+ add primary key (User);

docker/ftp/logs/.gitignore

@@ -0,0 +1,2 @@
+*
+!.gitignore

docker/ftp/run.sh

@@ -0,0 +1,40 @@
+#!/bin/bash
+
+cat << EOM > /etc/pure-ftpd/db/mysql.conf
+MYSQLServer $MYSQL_HOST
+MYSQLPort $MYSQL_PORT
+MYSQLUser $MYSQL_USER
+MYSQLPassword $MYSQL_PASSWORD
+MYSQLDatabase $MYSQL_DATABASE
+MYSQLCrypt md5
+MYSQLGetPW SELECT Password FROM $FTP_DB_TABLE_NAME WHERE User="\L" AND status="1" AND (ipaccess="*" OR ipaccess="\R")
+MYSQLGetUID SELECT Uid FROM $FTP_DB_TABLE_NAME WHERE User="\L" AND status="1" AND (ipaccess="*" OR ipaccess="\R")
+MYSQLGetGID SELECT Gid FROM $FTP_DB_TABLE_NAME WHERE User="\L" AND status="1" AND (ipaccess="*" OR ipaccess="\R")
+MYSQLGetDir SELECT Dir FROM $FTP_DB_TABLE_NAME WHERE User="\L" AND status="1" AND (ipaccess="*" OR ipaccess="\R")
+MYSQLGetDir SELECT CONCAT('/ftpdata/', Dir) FROM $FTP_DB_TABLE_NAME WHERE User="\L" AND status="1" AND (ipaccess="*" OR ipaccess="\R")
+MySQLGetQTAFS SELECT QuotaFiles FROM $FTP_DB_TABLE_NAME WHERE User="\L" AND status="1" AND (ipaccess="*" OR ipaccess="\R")
+MySQLGetQTASZ SELECT QuotaSize FROM $FTP_DB_TABLE_NAME WHERE User="\L" AND status="1" AND (ipaccess="*" OR ipaccess="\R")
+MySQLGetBandwidthUL SELECT ULBandwidth FROM $FTP_DB_TABLE_NAME WHERE User="\L" AND status="1" AND (ipaccess="*" OR ipaccess="\R")
+MySQLGetBandwidthDL SELECT DLBandwidth FROM $FTP_DB_TABLE_NAME WHERE User="\L" AND status="1" AND (ipaccess="*" OR ipaccess="\R")
+EOM
+
+# for options see: https://go2linux.garron.me/linux/2010/05/how-install-secure-pure-ftp-server-chrooted-virtual-users-743/
+echo ",21" > /etc/pure-ftpd/conf/Bind
+echo "yes" > /etc/pure-ftpd/conf/ChrootEveryone
+echo "yes" > /etc/pure-ftpd/conf/CreateHomeDir
+echo "yes" > /etc/pure-ftpd/conf/DontResolve
+echo "no" > /etc/pure-ftpd/conf/PAMAuthentication
+echo "no" > /etc/pure-ftpd/conf/UnixAuthentication
+echo "30000 30009" > /etc/pure-ftpd/conf/PassivePortRange
+echo "yes" > /etc/pure-ftpd/conf/VerboseLog
+echo "yes" > /etc/pure-ftpd/conf/BrokenClientsCompatibility
+# If you want to allow FTP and TLS sessions, run
+echo 1 > /etc/pure-ftpd/conf/TLS
+echo 10 > /etc/pure-ftpd/conf/MaxIdleTime
+echo "yes" > /etc/pure-ftpd/conf/IPV4Only
+
+openssl req -x509 -nodes -days 7300 -newkey rsa:2048 -keyout /etc/ssl/private/pure-ftpd.pem -out /etc/ssl/private/pure-ftpd.pem -subj "/C=${SUBJ_C}/ST=/L=${SUBJ_L}/O=${SUBJ_O}/OU=/CN=${SUBJ_CN}"
+chmod 600 /etc/ssl/private/pure-ftpd.pem
+
+chown -R ftpuser:ftpgroup /ftpdata
+service pure-ftpd-mysql restart && tail -f /var/log/*.log

docker/nginx/snippets/rewrite-autobalance.conf

@@ -1,5 +1,6 @@
 
 # Rewrite http to https for autobalancer (container work on 80 port, autobalancer work on 443 port)
-if ($http_x_forwarded_proto = 'http'){
+# proxy_set_header X-Forwarded-Ssl on;
+if ($http_x_forwarded_proto = 'http') {
  return 301 https://$host$request_uri;
 }

docker/nginx/templates/admin.conf

@@ -1,5 +1,5 @@
 # Variable automaticaly replaced:
-# TOPDOMAIN, SSL_INCLUDE, COMMON_DOMAIN, C_DOMAIN, PARSED_DOMAINS
+# SSL_INCLUDE, COMMON_DOMAIN, PARSED_DOMAINS, DOMAIN_1LVL, DOMAIN_2LVL, CERTIFICATE_DOMAIN
 
 # allow domains:
 #

docker/nginx/templates/api.conf

@@ -1,5 +1,5 @@
 # Variable automaticaly replaced:
-# TOPDOMAIN, SSL_INCLUDE, COMMON_DOMAIN, C_DOMAIN, PARSED_DOMAINS
+# SSL_INCLUDE, COMMON_DOMAIN, PARSED_DOMAINS, DOMAIN_1LVL, DOMAIN_2LVL, CERTIFICATE_DOMAIN
 
 # allow domains:
 #

docker/nginx/templates/coverage.conf

@@ -1,5 +1,5 @@
 # Variable automaticaly replaced:
-# TOPDOMAIN, SSL_INCLUDE, COMMON_DOMAIN, C_DOMAIN, PARSED_DOMAINS
+# SSL_INCLUDE, COMMON_DOMAIN, PARSED_DOMAINS, DOMAIN_1LVL, DOMAIN_2LVL, CERTIFICATE_DOMAIN
 
 # allow domains:
 #

docker/nginx/templates/domain.conf

@@ -1,5 +1,5 @@
 # Variable automaticaly replaced:
-# TOPDOMAIN, SSL_INCLUDE, COMMON_DOMAIN, C_DOMAIN, PARSED_DOMAINS
+# SSL_INCLUDE, COMMON_DOMAIN, PARSED_DOMAINS, DOMAIN_1LVL, DOMAIN_2LVL, CERTIFICATE_DOMAIN
 
 # allow domains:
 #
@@ -41,28 +41,28 @@ server {
 
  include snippets/blacklist_ip.conf;
 
- $CUSTOM_SNIPETS
+ $CUSTOM_SNIPPETS
 
  # robots.txt (robots.txt -> robots_[by].txt)
  location ~ ^(.*)robots\.(.*)$ {
  log_not_found off;
  access_log off;
- try_files $uri $uri/ /robots_$TOPDOMAIN.txt
+ try_files $uri $uri/ /robots_$DOMAIN_1LVL.txt
  break;
  }
 
  # sitemap.xml (sitemap.xml -> sitemap_[by].xml)
  location ~ ^(.*)sitemap\.(.*)$ {
  log_not_found off;
  access_log off;
- try_files $uri $uri/ /sitemap_$TOPDOMAIN.xml;
+ try_files $uri $uri/ /sitemap_$DOMAIN_1LVL.xml;
  break;
  }
 
  location / {
  try_files $uri $uri/ /index.php$is_args$args;
  }
- 
+
  # allow only `/index.php` to be executed via php
  location ~ ^/index\.php$ {
  # Redirect everything that isn't a real file to index.php

docker/nginx/templates/opcache.conf

@@ -1,5 +1,5 @@
 # Variable automaticaly replaced:
-# TOPDOMAIN, SSL_INCLUDE, COMMON_DOMAIN, C_DOMAIN, PARSED_DOMAINS
+# SSL_INCLUDE, COMMON_DOMAIN, PARSED_DOMAINS, DOMAIN_1LVL, DOMAIN_2LVL, CERTIFICATE_DOMAIN
 
 # allow domains:
 #

docker/php/pool.d/www.conf

@@ -33,7 +33,7 @@ group = www-data
 ; (IPv6 and IPv4-mapped) on a specific port;
 ; '/path/to/unix/socket' - to listen on a unix socket.
 ; Note: This value is mandatory.
-listen = server:9000
+listen = 9000
 
 ; Set listen(2) backlog.
 ; Default Value: 511 (-1 on FreeBSD and OpenBSD)

docker/scripts/add-cron.sh

@@ -3,4 +3,6 @@
 # RUN ON CONTAINER
 
 cp ${1} /var/spool/cron/crontabs/root
-chmod 0600 /var/spool/cron/crontabs/root
+chmod 0600 /var/spool/cron/crontabs/root
+
+exit 0