Mirrored_Repos/nginx-proxy-manager
1
0
Fork 0
mirror of https://github.com/jc21/nginx-proxy-manager.git synced 2024-08-30 18:22:48 +00:00
Code Issues Packages Projects Releases Wiki Activity

cleanup

Browse Source
This commit is contained in:
ahgraber 2021-02-06 20:05:40 -05:00
parent 5abb9458c7
commit 7fcc4a7ef0
5 changed files with 12 additions and 135 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

39
Dockerfile
View File

@ -1,39 +0,0 @@
FROM --platform=${TARGETPLATFORM:-linux/amd64} jc21/alpine-nginx-full:node
LABEL maintainer="Jamie Curnow <jc@jc21.com>"
ENV SUPPRESS_NO_CONFIG_WARNING=1
ENV S6_FIX_ATTRS_HIDDEN=1
ENV NODE_ENV=production
RUN echo "fs.file-max = 65535" > /etc/sysctl.conf \
&& apk update \
&& apk add python3 certbot jq \
&& python3 -m ensurepip \
&& rm -rf /var/cache/apk/*
# s6 overlay
COPY scripts/install-s6 /tmp/install-s6
RUN /tmp/install-s6 "${TARGETPLATFORM}" && rm -f /tmp/install-s6
EXPOSE 80
EXPOSE 81
EXPOSE 443
ADD backend /app
ADD frontend/dist /app/frontend
COPY global /app/global
WORKDIR /app
RUN yarn install
# add late to limit cache-busting by modifications
COPY docker/rootfs /
# Remove frontend service not required for prod, dev nginx config as well
RUN rm -rf /etc/services.d/frontend
RUN rm -f /etc/nginx/conf.d/dev.conf
VOLUME [ "/data", "/etc/letsencrypt" ]
ENTRYPOINT [ "/init" ]
HEALTHCHECK --interval=5s --timeout=3s CMD /bin/check-health

86
docker-compose.yaml
View File

@ -1,86 +0,0 @@
# docker-compose.yml
version: "3.7"
secrets:
# paths assume the .secrets folder is sibling depth to folder where docker-compose resides
DB_ROOT_PWD:
file: ../.secrets/db_root_pwd.txt
MYSQL_PWD:
file: ../.secrets/mysql_pwd.txt
# networks:
# npm-bridge: # arbitrary name
# driver: bridge
services:
mariadb:
image: ahgraber/mariadb-aria:test
container_name: mariadb
secrets:
- DB_ROOT_PWD
- MYSQL_PWD
# networks:
# - npm-bridge
# ports:
# - 3306:3306
environment:
# MYSQL_ROOT_PASSWORD: "npm"
MYSQL_ROOT_PASSWORD__FILE: /run/secrets/DB_ROOT_PWD
MYSQL_DATABASE: "npm"
MYSQL_USER: "npm"
# MYSQL_PASSWORD: "npm"
MYSQL_PASSWORD__FILE: /run/secrets/MYSQL_PWD
volumes:
- ./data/mysql:/var/lib/mysql
# - npm-mount:/var/lib/mysql
# restart: unless-stopped
npm:
build:
context: .
dockerfile: ./Dockerfile
# args:
# TARGETPLATFORM: arm64v8
image: nginx-proxy-manager:test # provide a name and tag for the image
container_name: npm
secrets:
- MYSQL_PWD
# networks:
# - npm-bridge
ports:
- 8080:80
- 8443:443
- 8888:81
environment:
DISABLE_IPV6: 'true'
DB_MYSQL_HOST: "mariadb"
DB_MYSQL_PORT: 3306
DB_MYSQL_NAME: "npm"
DB_MYSQL_USER: "npm"
# DB_MYSQL_PASSWORD: "npm"
DB_MYSQL_PASSWORD__FILE: /run/secrets/MYSQL_PWD
# DB_MYSQL_PASSWORD: "sqlL3tm3in"
volumes:
- ./data/npm:/data
- ./data/letsencrypt:/etc/letsencrypt
# - npm-mount:/data
# - letsencrypt-mount:/etc/letsencrypt
depends_on:
- mariadb
# restart: unless-stopped
# ## https://stackoverflow.com/questions/45282608/how-to-directly-mount-nfs-share-volume-in-container-using-docker-compose-v3
# volumes:
# npm-mount:
# driver: local
# driver_opts:
# type: nfs
# o: nfsvers=4,addr=10.2.1.1,rw,retry=1,soft,nolock
# device: ":/npm"
# letsencrypt-mount:
# driver: local
# driver_opts:
# type: nfs
# o: nfsvers=4,addr=10.2.1.1,rw,retry=1,soft,nolock
# device: ":/letsencrypt"

5
docker/Dockerfile
View File

@ -13,6 +13,7 @@ ARG BUILD_DATE
ENV SUPPRESS_NO_CONFIG_WARNING=1 ENV SUPPRESS_NO_CONFIG_WARNING=1
ENV S6_FIX_ATTRS_HIDDEN=1 ENV S6_FIX_ATTRS_HIDDEN=1
ENV S6_BEHAVIOUR_IF_STAGE2_FAILS=1
ENV NODE_ENV=production ENV NODE_ENV=production
RUN echo "fs.file-max = 65535" > /etc/sysctl.conf \ RUN echo "fs.file-max = 65535" > /etc/sysctl.conf \
@ -31,7 +32,6 @@ EXPOSE 80
EXPOSE 81 EXPOSE 81
EXPOSE 443 EXPOSE 443
COPY docker/rootfs /
ADD backend /app ADD backend /app
ADD frontend/dist /app/frontend ADD frontend/dist /app/frontend
COPY global /app/global COPY global /app/global
@ -39,6 +39,9 @@ COPY global /app/global
WORKDIR /app WORKDIR /app
RUN yarn install RUN yarn install
# add late to limit cache-busting by modifications
COPY docker/rootfs /
# Remove frontend service not required for prod, dev nginx config as well # Remove frontend service not required for prod, dev nginx config as well
RUN rm -rf /etc/services.d/frontend RUN rm -f /etc/nginx/conf.d/dev.conf RUN rm -rf /etc/services.d/frontend RUN rm -f /etc/nginx/conf.d/dev.conf

2
docker/rootfs/etc/cont-init.d/.gitignore vendored
View File

@ -1,3 +1,3 @@
* *
!.gitignore !.gitignore
!01_envfile.sh !*.sh

15
docker/rootfs/etc/cont-init.d/01_envfile.sh → docker/rootfs/etc/cont-init.d/01_s6-secret-init.sh
View File

@ -1,28 +1,27 @@
#! /bin/bash #!/usr/bin/with-contenv bash
# ref: https://github.com/linuxserver/docker-baseimage-alpine/blob/master/root/etc/cont-init.d/01-envfile # ref: https://github.com/linuxserver/docker-baseimage-alpine/blob/master/root/etc/cont-init.d/01-envfile
# in s6, environmental variables are written as text files for s6 to monitor # in s6, environmental variables are written as text files for s6 to monitor
# seach through full-path filenames for files ending in "__FILE" # seach through full-path filenames for files ending in "__FILE"
for FILENAME in $(find /var/run/s6/container_environment/ | grep "__FILE$"); do for FILENAME in $(find /var/run/s6/container_environment/ | grep "__FILE$"); do
echo "[secret-init] Evaluating ${FILENAME##*/}" echo "[secret-init] Evaluating ${FILENAME##*/} ..."
# set SECRETFILE to the contents of the full-path textfile # set SECRETFILE to the contents of the full-path textfile
SECRETFILE=$(cat ${FILENAME}) SECRETFILE=$(cat ${FILENAME})
# SECRETFILE=${FILENAME} # SECRETFILE=${FILENAME}
echo "[secret-init] Setting SECRETFILE to ${SECRETFILE}..." # DEBUG - rm for prod! # echo "[secret-init] Set SECRETFILE to ${SECRETFILE}" # DEBUG - rm for prod!
# if SECRETFILE exists / is not null # if SECRETFILE exists / is not null
if [[ -f ${SECRETFILE} ]]; then if [[ -f ${SECRETFILE} ]]; then
# strip the appended "__FILE" from environmental variable name ... # strip the appended "__FILE" from environmental variable name ...
STRIPFILE=$(echo ${FILENAME} | sed "s/__FILE//g") STRIPFILE=$(echo ${FILENAME} | sed "s/__FILE//g")
echo "[secret-init] Set STRIPFILE to ${STRIPFILE}" # DEBUG - rm for prod! # echo "[secret-init] Set STRIPFILE to ${STRIPFILE}" # DEBUG - rm for prod!
# ... and set value to contents of secretfile # ... and set value to contents of secretfile
# since s6 uses text files, this is effectively "export ..." # since s6 uses text files, this is effectively "export ..."
# cat ${SECRETFILE} > ${STRIPFILE} printf $(cat ${SECRETFILE}) > ${STRIPFILE}
cat $(${SECRETFILE} | sed "s/[^\w.-]+//g") > ${STRIPFILE} # echo "[secret-init] Set ${STRIPFILE##*/} to $(cat ${STRIPFILE})" # DEBUG - rm for prod!"
echo "[secret-init] Set ${STRIPFILE} to $(cat ${STRIPFILE})" # DEBUG - rm for prod!" echo "[secret-init] Success! ${STRIPFILE##*/} set from ${FILENAME##*/}"
echo "[secret-init] Success! ${STRIPFILE} set from ${FILENAME}"
else else
echo "[secret-init] cannot find secret in ${FILENAME}" echo "[secret-init] cannot find secret in ${FILENAME}"