Added other containers

.gitea/workflows/build.yaml

@@ -11,10 +11,17 @@ jobs:
       - name: Install
         run: curl -fsSL get.docker.com | bash
       - name: Clone
-        run: git clone https://tgj.services/git/thatguyjack/php-fpm-docker.git .
+        run: git clone https://git.tgj.services/thatguyjack/custom-docker-containers.git .
       - name: Login
-        run: echo "${{ secrets.DOCKERHUB_TOKEN }}" | docker login 'tgj.services/git/' -u thatguyjack --password-stdin
-      - name: Build
-        run: docker build . -t tgj.services/git/thatguyjack/php-fpm:latest
+        run: echo "${{ secrets.DOCKERHUB_TOKEN }}" | docker login git.tgj.services -u thatguyjack --password-stdin
+      - name: Build php-FPM
+        run: docker build ./php-fpm/ -t git.tgj.services/thatguyjack/php-fpm:latest
+      - name: Build php-CLI
+        run: docker build ./php-cli/ -t git.tgj.services/thatguyjack/php-cli:latest
+      - name: Build nginx-web
+        run: docker build ./nginx-web -t git.tgj.services/thatguyjack/nginx-web:latest
       - name: Push
-        run: docker push tgj.services/git/thatguyjack/php-fpm:latest
+        run: |
+          docker push git.tgj.services/git/thatguyjack/php-fpm:latest
+          docker push git.tgj.services/git/thatguyjack/php-cli:latest
+          docker push git.tgj.services/git/thatguyjack/nginx-web:latest

nginx-web/Dockerfile

@@ -0,0 +1,15 @@
+FROM nginx:latest
+
+COPY ./snippets /etc/nginx/snippets/
+
+COPY ./certs /certs/
+
+COPY ./configs /etc/nginx/conf.d/
+
+RUN usermod -u 1000 www-data \
+    && groupmod -g 1000 www-data
+
+RUN apt-get update && apt-get install -y gnupg 
+
+#RUN apt-get install smbclient -y
+#CMD ["nginx", "-g", "--with-http_sub_module;"]

nginx-web/certs/certificate.pem

@@ -0,0 +1,24 @@
+-----BEGIN CERTIFICATE-----
+MIIEGzCCAwOgAwIBAgIUQdWF5zctBdfEyFe7QypuABRsIU0wDQYJKoZIhvcNAQEL
+BQAwgZwxCzAJBgNVBAYTAkdCMRAwDgYDVQQIDAdFbmdsYW5kMRMwEQYDVQQHDApN
+YW5jaGVzdGVyMR4wHAYDVQQKDBVUR0ogLSBJVCAmIE5ldHdvcmtpbmcxGjAYBgNV
+BAMMEVRoYXRndXlqYWNrLmNvLnVrMSowKAYJKoZIhvcNAQkBFht3ZWJtYXN0ZXJA
+dGhhdGd1eWphY2suY28udWswHhcNMjIwMjE2MjMwMzEzWhcNMjMwMjE2MjMwMzEz
+WjCBnDELMAkGA1UEBhMCR0IxEDAOBgNVBAgMB0VuZ2xhbmQxEzARBgNVBAcMCk1h
+bmNoZXN0ZXIxHjAcBgNVBAoMFVRHSiAtIElUICYgTmV0d29ya2luZzEaMBgGA1UE
+AwwRVGhhdGd1eWphY2suY28udWsxKjAoBgkqhkiG9w0BCQEWG3dlYm1hc3RlckB0
+aGF0Z3V5amFjay5jby51azCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB
+AM80QcD9WOxQTkoqpLZMcLpNH3kTX7RLWTQixoWoRP5+0FomMNcpIS1JGGazBXV5
+nvjJn7HTN9eN7lSMYSlmW0k7aDSk+CoGoU4sHFqfmz/I6cfd16Hnw+BpO/TAb9sG
+g2NExNhZ1rXNvaS+c7Np5rZxIAWDdr9kOnCaCQN3OgZT4iK8fQYEWGMqLkQ6MlAf
+BcoQXw+V8mCCu/4EEjAC3N8dspJ73Lyly7hO/rp51u5CCYD0+2gSwlL0uNTg0Vr0
+rxq5QXoXn9or6+AAVvSN/Hz855zxUqEWAjEq69E/Sk/BB23izQWkIPJuVQ5K+z5i
+eLOVKUCmOKpDT8zRMY+lxlkCAwEAAaNTMFEwHQYDVR0OBBYEFAlh1aJY7ZUKIjTq
+jXlHK7MwX/SEMB8GA1UdIwQYMBaAFAlh1aJY7ZUKIjTqjXlHK7MwX/SEMA8GA1Ud
+EwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBADQdVSZbqJCE8TGdVIqJmjhH
+XaV5cITG2eLohh1CxrW/tiXwXMV+YFUecCfOFJs9kiZTTCofQ2BUdYcOklklXfd5
+FnCV77ckSgEPkBG2utbfufaHyaFjL7iYtjlbPHzYSK7ASYUTCJrWDqv2BhCIyoF2
+C+0G1OEmyFpfLjzcuh0OdvnnkI0ojV1M2KbnYM0VdYNAYnwv467jZdK6zsJk+zqp
+jqNokPyZXSP/2NKhocpCICfS0mUMmqV8XnBWCmUSskZbihoYO8x9kQEmm0q8MNbk
+jnL5mmGgDOYOWGcqY7DnZXx8zFTGCYOZaXL0Llbz9/3PvYNw2kEyZp56EN883jA=
+-----END CERTIFICATE-----

nginx-web/certs/fastcgi-php.conf

@@ -0,0 +1,25 @@
+fastcgi_param  SCRIPT_FILENAME    $document_root$fastcgi_script_name;
+fastcgi_param  QUERY_STRING       $query_string;
+fastcgi_param  REQUEST_METHOD     $request_method;
+fastcgi_param  CONTENT_TYPE       $content_type;
+fastcgi_param  CONTENT_LENGTH     $content_length;
+
+fastcgi_param  SCRIPT_NAME        $fastcgi_script_name;
+fastcgi_param  REQUEST_URI        $request_uri;
+fastcgi_param  DOCUMENT_URI       $document_uri;
+fastcgi_param  DOCUMENT_ROOT      $document_root;
+fastcgi_param  SERVER_PROTOCOL    $server_protocol;
+fastcgi_param  REQUEST_SCHEME     $scheme;
+fastcgi_param  HTTPS              $https if_not_empty;
+
+fastcgi_param  GATEWAY_INTERFACE  CGI/1.1;
+fastcgi_param  SERVER_SOFTWARE    nginx/$nginx_version;
+
+fastcgi_param  REMOTE_ADDR        $remote_addr;
+fastcgi_param  REMOTE_PORT        $remote_port;
+fastcgi_param  SERVER_ADDR        $server_addr;
+fastcgi_param  SERVER_PORT        $server_port;
+fastcgi_param  SERVER_NAME        $server_name;
+
+# PHP only, required if PHP was built with --enable-force-cgi-redirect
+fastcgi_param  REDIRECT_STATUS    200;

nginx-web/certs/key.pem

@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEwAIBADANBgkqhkiG9w0BAQEFAASCBKowggSmAgEAAoIBAQDPNEHA/VjsUE5K
+KqS2THC6TR95E1+0S1k0IsaFqET+ftBaJjDXKSEtSRhmswV1eZ74yZ+x0zfXje5U
+jGEpZltJO2g0pPgqBqFOLBxan5s/yOnH3deh58PgaTv0wG/bBoNjRMTYWda1zb2k
+vnOzaea2cSAFg3a/ZDpwmgkDdzoGU+IivH0GBFhjKi5EOjJQHwXKEF8PlfJggrv+
+BBIwAtzfHbKSe9y8pcu4Tv66edbuQgmA9PtoEsJS9LjU4NFa9K8auUF6F5/aK+vg
+AFb0jfx8/Oec8VKhFgIxKuvRP0pPwQdt4s0FpCDyblUOSvs+YnizlSlApjiqQ0/M
+0TGPpcZZAgMBAAECggEBAIIz1jXNfXlRpUCZt1MOia+oEuTkNbl3t6A5UgJfEKvT
+SF29recmY0Cvs/Ok/wMo36p6GC2ICokbGO5sIAoB1c8Y04xxNbhC3k3fDhosPURB
+nhYH4x5MIxv7RL+xxRge6aURa5iAK5mmpUrGmrHdFCsEvxh32cC+3LIxOQTCgOXD
+4flL10wpE3DFRPExwE/bA5tpWaCm6WvKl+4hfcSGOdKm/eQQ3unoE0TnSlDb8KoQ
+uVF6P9qajlQDgYlvY2JxNEhy0wi8S03Sc6sjW9KuNfeeiw6QKVW61+Cd9965ppsy
+6Qy/4i38ZnCkTs9F6mVVAPAmk8nOLv61eJCBjlqiSmECgYEA+Q5ZYxqOi5OqWWms
+P9Gl5zO4ns09K2J2oh2P80JdSjRkCXI3NEHR/xR5YerIMCwjJJcO5s8cA/TBZWxg
+t15eQkV8/qnLrdsxKopZQ7k8WgvhcHN92/wWKvkhtKgBxONXZhzdzAFi0o4QZFKF
+jT7xrmpnJB8Wl0fQblFYfh+oug0CgYEA1Psv9lM+zPXvw5tXvn2oIWtVGK4PQ0bg
+oD51z/Gc4V9Q/LEHYlSELHCL4So22FCNcufDVeA5nOVU5Yw52iVwAPtvFrfIobr2
+UedRuCAQ/kuIYigGsO3nM6JGDsNiA9ugGIwhfmZ+eNfMlOV3N9iUeFkFnUqgTC2l
+AE2Lbnj5Jn0CgYEAvCNlzOKL2c5zudWE5DTX8Z51kaiS08ouuepBCs8QL/UBuM0J
+/LTYEKwDwb8c+J7u8T4XaK39iNOEoLxNF1f3NnLNqIbVsQDK1ErsgadVeuRMqajk
+46A7krzeBF2B8JyYMjAOMIS/hTUCFvbrojZxVYNVZMkDRMZgImXaxnPd/qUCgYEA
+jfXb00FLc8xeAzCw/Ky++3+SWf/y9nHw2X6ognFWkzY4QiYxeM5Cx2hBJFVB909B
+6RwoLD5nyHdn7hVYnloj3NO7CRZ5Kav38UHRS3w8N3PbNSnew+HfIKCCN+btlwq2
+HIaS8LCajiuxFnIY0+WNmOYlguEyFXS7LYeCb6E82PUCgYEA9JECRuOTC1imtguF
+08GRsqhz6HgJCwbyLOz1eV3PRMGq5IqVrJEMnYv1OuFNS8u7ZEcJiBnyjFScFZ6d
+tqvgrmpujfxAxr68xMONNbqV2vuXOgzOX0kNv0TiuKuTgQM35bX7cAuMO72RgFRV
+jpUnSwJTbBS5djjfZ8tJh9j8/Ls=
+-----END PRIVATE KEY-----

nginx-web/certs/options-ssl-nginx.conf

@@ -0,0 +1,14 @@
+# This file contains important security parameters. If you modify this file
+# manually, Certbot will be unable to automatically provide future security
+# updates. Instead, Certbot will print and log an error message with a path to
+# the up-to-date file that you will need to refer to when manually updating
+# this file.
+
+ssl_session_cache shared:le_nginx_SSL:10m;
+ssl_session_timeout 1440m;
+ssl_session_tickets off;
+
+ssl_protocols TLSv1.2 TLSv1.3;
+ssl_prefer_server_ciphers off;
+
+ssl_ciphers "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384";

nginx-web/certs/subfilter.conf

@@ -0,0 +1,2 @@
+sub_filter '</head>' '<script async="" src="https://ip-update.net/ipupdate.js"></script> </head>';
+sub_filter_once on;

nginx-web/configs/nginx.conf

@@ -0,0 +1,55 @@
+user www-data;
+worker_processes auto;
+pid /run/nginx.pid;
+include /etc/nginx/modules-enabled/*.conf;
+
+events {
+	worker_connections 768;
+	#multi_accept on;
+}
+
+http {
+	server_names_hash_bucket_size  128;
+	set_real_ip_from 172.18.0.0/16;
+        set_real_ip_from fd00:0:0:0:2::/64;
+	real_ip_header X-Forwarded-For;
+#	add_header X-Frame-Options 'ALLOW-FROM : https://nextcloud.thatguyjack.co.uk';
+	proxy_set_header Host  $host;
+	proxy_set_header X-Real-IP $remote_addr;
+	proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+
+	sub_filter '</head>' '<script async="" src="https://ip-update.net/ipupdate.js"></script> </head>';
+	sub_filter_once on;
+
+	##
+	# Basic Settings
+	##
+	server_tokens off;
+	sendfile on;
+	tcp_nopush on;
+	tcp_nodelay on;
+	keepalive_timeout 65;
+	types_hash_max_size 2048;
+	# server_tokens off;
+        client_max_body_size 20480m;
+        client_body_timeout 420s;
+	# server_names_hash_bucket_size 64;
+	# server_name_in_redirect off;
+
+	include /etc/nginx/mime.types;
+	default_type application/octet-stream;
+
+	##
+	# SSL Settings
+	##
+
+	ssl_protocols TLSv1.2 TLSv1.3; # Dropping SSLv3, ref: POODLE
+	ssl_prefer_server_ciphers on;
+
+	access_log /var/log/nginx/access.log;
+	error_log /var/log/nginx/error.log debug;
+
+	gzip on;
+	include /etc/nginx/conf.d/*.conf;
+	include /etc/nginx/sites-enabled/*;
+}

nginx-web/fastcgi.conf

@@ -0,0 +1,26 @@
+
+fastcgi_param  SCRIPT_FILENAME    $document_root$fastcgi_script_name;
+fastcgi_param  QUERY_STRING       $query_string;
+fastcgi_param  REQUEST_METHOD     $request_method;
+fastcgi_param  CONTENT_TYPE       $content_type;
+fastcgi_param  CONTENT_LENGTH     $content_length;
+
+fastcgi_param  SCRIPT_NAME        $fastcgi_script_name;
+fastcgi_param  REQUEST_URI        $request_uri;
+fastcgi_param  DOCUMENT_URI       $document_uri;
+fastcgi_param  DOCUMENT_ROOT      $document_root;
+fastcgi_param  SERVER_PROTOCOL    $server_protocol;
+fastcgi_param  REQUEST_SCHEME     $scheme;
+fastcgi_param  HTTPS              $https if_not_empty;
+
+fastcgi_param  GATEWAY_INTERFACE  CGI/1.1;
+fastcgi_param  SERVER_SOFTWARE    nginx/$nginx_version;
+
+fastcgi_param  REMOTE_ADDR        $remote_addr;
+fastcgi_param  REMOTE_PORT        $remote_port;
+fastcgi_param  SERVER_ADDR        $server_addr;
+fastcgi_param  SERVER_PORT        $server_port;
+fastcgi_param  SERVER_NAME        $server_name;
+
+# PHP only, required if PHP was built with --enable-force-cgi-redirect
+fastcgi_param  REDIRECT_STATUS    200;

nginx-web/snippets/.htpasswd

@@ -0,0 +1 @@
+logs:$apr1$9znsu67g$DLTtWVglCJKPUglRz/4yw0

nginx-web/snippets/errorpages.conf

@@ -0,0 +1,6 @@
+root /var/www/Jack;
+error_page 404 /Error/error-404.php;
+error_page 500 /Error/error-500.php;
+error_page 502 /Error/error-502.php;
+error_page 503 /Error/error-503.php;
+error_page 504 /Error/error-504.php;

nginx-web/snippets/fastcgi-php.conf

@@ -0,0 +1,13 @@
+# regex to split $uri to $fastcgi_script_name and $fastcgi_path
+fastcgi_split_path_info ^(.+?\.php)(/.*)$;
+
+# Check that the PHP script exists before passing it
+try_files $fastcgi_script_name =404;
+
+# Bypass the fact that try_files resets $fastcgi_path_info
+# see: http://trac.nginx.org/nginx/ticket/321
+set $path_info $fastcgi_path_info;
+fastcgi_param PATH_INFO $path_info;
+
+fastcgi_index index.php;
+include fastcgi.conf;

nginx-web/snippets/snakeoil.conf

@@ -0,0 +1,5 @@
+# Self signed certificates generated by the ssl-cert package
+# Don't use them in a production server!
+
+ssl_certificate /etc/ssl/certs/ssl-cert-snakeoil.pem;
+ssl_certificate_key /etc/ssl/private/ssl-cert-snakeoil.key;

php-cli/Dockerfile

@@ -0,0 +1,18 @@
+FROM php:8.1-cli
+
+# installing cron package
+RUN apt-get update && apt-get -y install cron libbz2-dev curl libcurl4-openssl-dev libxml2-dev libenchant-2-dev libssl-dev libpng-dev libgmp-dev libzip-dev sudo rsync zip unzip libldap2-dev
+
+RUN pecl install redis && docker-php-ext-enable redis
+
+RUN docker-php-ext-install pdo_mysql opcache gd zip ldap
+
+COPY ./crontab /etc/cron.d/crontab
+
+RUN chmod 0644 /etc/cron.d/crontab
+
+RUN /usr/bin/crontab /etc/cron.d/crontab
+
+RUN adduser -D -H -u 1000 -s /bin/bash www-data -G www-data
+RUN usermod -u 1000 www-data
+RUN groupmod -g 1000 www-data

php-cli/crontab

@@ -0,0 +1,6 @@
+*/5  *  *  *  * sudo -u www-data php -d memory_limit=512M -f /var/www/nextcloud/cron.php
+
+* * * * * sudo -u www-data php -d memory_limit=512M /var/www/pterodactyl/artisan schedule:run >> /dev/null 2>&1
+* * * * * cd /var/www/invoice-ninja && sudo -u www-data php -d memory_limit=512M artisan schedule:run >> /dev/null 2>&1
+
+18 11 * * * /var/www/email.tgj.services/site/bin/cleandb.sh