update ghost isso && add piwik

This commit is contained in:
Dryusdan 2017-09-16 22:02:02 +02:00
parent 789e6d7962
commit 7c3a6fae64
7 changed files with 190 additions and 7 deletions

View File

@ -1,6 +1,6 @@
FROM alpine:3.6
ARG VERSION=1.8.4
ARG VERSION=1.8.6
ENV GHOST_NODE_VERSION_CHECK=false \
NODE_ENV=production \
@ -36,8 +36,5 @@ EXPOSE 2368
VOLUME /ghost/content
LABEL description="Ghost CMS ${VERSION}" \
maintainer="Wonderfall <wonderfall@targaryen.house>"
ENTRYPOINT ["run.sh"]
CMD ["/bin/s6-svscan", "/etc/s6.d"]

View File

@ -22,7 +22,7 @@ RUN apk -U upgrade \
&& pip install --no-cache misaka==1.0.2 \
&& pip install --no-cache "isso==${ISSO_VER}" \
&& apk del build-dependencies \
&& rm -rf /tmp/* /var/cache/apk/*
&& rm -rf /tmp/* /var/cache/apk/* /tmp/* /root/.gnupg /root/.cache/
COPY run.sh /usr/local/bin/run.sh
@ -32,6 +32,4 @@ EXPOSE 8080
VOLUME /db /config
LABEL maintainer="Wonderfall <wonderfall@targaryen.house>"
CMD ["run.sh"]

53
piwik/Dockerfile Normal file
View File

@ -0,0 +1,53 @@
FROM wonderfall/nginx-php:7.1
ARG VERSION=3.1.0
ARG GPG_matthieu="814E 346F A01A 20DB B04B 6807 B5DB D592 5590 A237"
ENV UID=991 GID=991 \
UPLOAD_MAX_SIZE=10M \
MEMORY_LIMIT=256M \
OPCACHE_MEM_SIZE=128M
RUN BUILD_DEPS=" \
git \
tar \
build-base \
autoconf \
geoip-dev \
libressl \
ca-certificates \
gnupg" \
&& apk -U upgrade && apk add \
${BUILD_DEPS} \
geoip \
tzdata \
&& pecl install geoip-1.1.1 \
&& echo 'extension=geoip.so' >> /php/conf.d/geoip.ini \
&& mkdir /piwik && cd /tmp \
&& PIWIK_TARBALL="piwik-${VERSION}.tar.gz" \
&& wget -q https://builds.piwik.org/${PIWIK_TARBALL} \
&& wget -q https://builds.piwik.org/${PIWIK_TARBALL}.asc \
&& wget -q https://builds.piwik.org/signature.asc \
&& echo "Verifying authenticity of ${PIWIK_TARBALL}..." \
&& gpg --import signature.asc \
&& FINGERPRINT="$(LANG=C gpg --verify ${PIWIK_TARBALL}.asc ${PIWIK_TARBALL} 2>&1 \
| sed -n "s#Primary key fingerprint: \(.*\)#\1#p")" \
&& if [ -z "${FINGERPRINT}" ]; then echo "Warning! Invalid GPG signature!" && exit 1; fi \
&& if [ "${FINGERPRINT}" != "${GPG_matthieu}" ]; then echo "Warning! Wrong GPG fingerprint!" && exit 1; fi \
&& echo "All seems good, now unpacking ${PIWIK_TARBALL}..." \
&& tar xzf ${PIWIK_TARBALL} --strip 1 -C /piwik \
&& wget -q https://geolite.maxmind.com/download/geoip/database/GeoLiteCity.dat.gz -P /usr/share/GeoIP/ \
&& gzip -d /usr/share/GeoIP/GeoLiteCity.dat.gz \
&& mv /usr/share/GeoIP/GeoLiteCity.dat /usr/share/GeoIP/GeoIPCity.dat \
&& apk del ${BUILD_DEPS} php7-dev php7-pear \
&& rm -rf /tmp/* /var/cache/apk/* /tmp/* /root/.gnupg /root/.cache/
COPY rootfs /
RUN chmod +x /usr/local/bin/run.sh /etc/s6.d/*/* /etc/s6.d/.s6-svscan/*
VOLUME /config
EXPOSE 8888
CMD ["run.sh"]

68
piwik/README.md Normal file
View File

@ -0,0 +1,68 @@
## wonderfall/piwik
![](https://i.goopics.net/m3.png)
#### What is this?
It is a web analytics platform. Piwik respects your privacy and gives you full control over your data.
#### Features
- Based on Alpine Linux.
- Latest Piwik stable.
- nginx stable + PHP7.
- mysql drivers (server not built-in).
- Latest GeoLite City Database from maxmind.com.
#### Build-time variables
- **VERSION** : version of Piwik
- **GPG_matthieu** : fingerprint of signing key
#### Environment variables
- **GID** : piwik group id *(default : 991)*
- **UID** : piwik user id *(default : 991)*
#### Volumes
- **/config** : configuration files
#### Update
Piwik can update itself. It works well. I'm also maintaing this Dockerfile, so if you don't want to do upgrades directly from Piwik, you can recreate the container as well whenever I push an update.
#### Configuration
According to Piwik, everything should be fine running this image. You shoudn't have any difficulties to setup your own instance of Piwik. Your `/config/config.ini.php` overwrites the one (in `/piwik/config`)used by Piwik each time the container is started. Moreover, the old config.ini.php is saved as `/config/config.ini.php.bkp` if you want to revert last changes. This should also guarantee transparency through Piwik's updates.
If you're running Piwik behind a reverse proxy (most likely you do), add this to your `config.ini.php` :
```
[General]
#assume_secure_protocol = 1 #uncomment if you use https
proxy_client_headers[] = HTTP_X_FORWARDED_FOR
proxy_client_headers[] = HTTP_X_REAL_IP
proxy_host_headers[] = HTTP_X_FORWARDED_HOST
```
#### Reverse proxy
Use port **8888**.
https://github.com/Wonderfall/dockerfiles/tree/master/reverse
https://github.com/hardware/mailserver/wiki/Reverse-proxy-configuration
#### Docker Compose (example)
```
piwik:
image: wonderfall/piwik
links:
- db_piwik:db_piwik
volumes:
- /mnt/docker/piwik/config:/config
environment:
- GID=1000
- UID=1000
db_piwik:
image: mariadb:10
volumes:
- /mnt/docker/piwik/db:/var/lib/mysql
environment:
- MYSQL_ROOT_PASSWORD=asupersecretpassword
- MYSQL_DATABASE=piwik
- MYSQL_USER=piwik
- MYSQL_PASSWORD=asupersecretpassword
```

View File

@ -0,0 +1,46 @@
server {
listen 8888;
root /piwik;
index index.php index.html;
location ~* \.(?:bat|git|ini|sh|svn[^.]*|txt|tpl|xml)$ {
return 404;
}
location ~* \.(jpg|jpeg|gif|css|png|js|map|woff|woff2|ttf|svg|eot)$ {
expires 30d;
access_log off;
}
location = /favicon.ico {
try_files /favicon.ico =204;
}
location ~* ^/(?:README|LICENSE[^.]*|LEGALNOTICE)(?:\.txt)*$ {
return 404;
}
location ~ ^/(vendor|config|tmp|libs|misc) {
deny all;
return 404;
}
location ~* /(.*)\.(?:markdown|md|twig|yaml|yml|ht|htaccess|ini)$ {
deny all;
}
location ~ /\. {
deny all;
}
location / {
try_files $uri /index.php;
}
location ~ \.php$ {
fastcgi_index index.php;
fastcgi_pass unix:/php/run/php-fpm.sock;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include /nginx/conf/fastcgi_params;
}
}

View File

@ -0,0 +1,8 @@
zend_extension=opcache.so
opcache.enable=1
opcache.enable_cli=1
opcache.fast_shutdown=1
opcache.memory_consumption=<OPCACHE_MEM_SIZE>
opcache.interned_strings_buffer=16
opcache.max_accelerated_files=10000
opcache.revalidate_freq=60

View File

@ -0,0 +1,13 @@
#!/bin/sh
sed -i -e "s/<UPLOAD_MAX_SIZE>/$UPLOAD_MAX_SIZE/g" /nginx/conf/nginx.conf /php/etc/php-fpm.conf \
-e "s/<MEMORY_LIMIT>/$MEMORY_LIMIT/g" /php/etc/php-fpm.conf \
-e "s/<OPCACHE_MEM_SIZE>/$OPCACHE_MEM_SIZE/g" /php/conf.d/opcache.ini
if [ ! -f /config/config.ini.php ]; then
cp /piwik/config/config.ini.php /config/config.ini.php
fi
ln -s /config/config.ini.php /piwik/config/config.ini.php
mv piwik fix && mv fix piwik # fix strange bug
chown -R $UID:$GID /piwik /config /var/log /php /nginx /tmp /usr/share/GeoIP /etc/s6.d
exec su-exec $UID:$GID /bin/s6-svscan /etc/s6.d