From 7c3a6fae644adff3def6f24c233f33030f99d2c9 Mon Sep 17 00:00:00 2001
From: Dryusdan <contact@dryusdan.fr>
Date: Sat, 16 Sep 2017 22:02:02 +0200
Subject: [PATCH] update ghost isso && add piwik

---
 ghost/Dockerfile                            |  5 +-
 isso/Dockerfile                             |  4 +-
 piwik/Dockerfile                            | 53 ++++++++++++++++
 piwik/README.md                             | 68 +++++++++++++++++++++
 piwik/rootfs/nginx/sites-enabled/nginx.conf | 46 ++++++++++++++
 piwik/rootfs/php/conf.d/opcache.ini         |  8 +++
 piwik/rootfs/usr/local/bin/run.sh           | 13 ++++
 7 files changed, 190 insertions(+), 7 deletions(-)
 create mode 100644 piwik/Dockerfile
 create mode 100644 piwik/README.md
 create mode 100644 piwik/rootfs/nginx/sites-enabled/nginx.conf
 create mode 100644 piwik/rootfs/php/conf.d/opcache.ini
 create mode 100644 piwik/rootfs/usr/local/bin/run.sh

diff --git a/ghost/Dockerfile b/ghost/Dockerfile
index f205fb2..ebdac57 100644
--- a/ghost/Dockerfile
+++ b/ghost/Dockerfile
@@ -1,6 +1,6 @@
 FROM alpine:3.6
 
-ARG VERSION=1.8.4
+ARG VERSION=1.8.6
 
 ENV GHOST_NODE_VERSION_CHECK=false \
     NODE_ENV=production \
@@ -36,8 +36,5 @@ EXPOSE 2368
 
 VOLUME /ghost/content
 
-LABEL description="Ghost CMS ${VERSION}" \
-      maintainer="Wonderfall <wonderfall@targaryen.house>"
-
 ENTRYPOINT ["run.sh"]
 CMD ["/bin/s6-svscan", "/etc/s6.d"]
diff --git a/isso/Dockerfile b/isso/Dockerfile
index d241a99..6ff7294 100644
--- a/isso/Dockerfile
+++ b/isso/Dockerfile
@@ -22,7 +22,7 @@ RUN apk -U upgrade \
  && pip install --no-cache misaka==1.0.2 \
  && pip install --no-cache "isso==${ISSO_VER}" \
  && apk del build-dependencies \
- && rm -rf /tmp/* /var/cache/apk/*
+ && rm -rf /tmp/*  /var/cache/apk/* /tmp/* /root/.gnupg /root/.cache/
 
 COPY run.sh /usr/local/bin/run.sh
 
@@ -32,6 +32,4 @@ EXPOSE 8080
 
 VOLUME /db /config
 
-LABEL maintainer="Wonderfall <wonderfall@targaryen.house>"
-
 CMD ["run.sh"]
diff --git a/piwik/Dockerfile b/piwik/Dockerfile
new file mode 100644
index 0000000..98e6c0e
--- /dev/null
+++ b/piwik/Dockerfile
@@ -0,0 +1,53 @@
+FROM wonderfall/nginx-php:7.1
+
+ARG VERSION=3.1.0
+ARG GPG_matthieu="814E 346F A01A 20DB B04B  6807 B5DB D592 5590 A237"
+
+ENV UID=991 GID=991 \
+    UPLOAD_MAX_SIZE=10M \
+    MEMORY_LIMIT=256M \
+    OPCACHE_MEM_SIZE=128M
+
+RUN BUILD_DEPS=" \
+    git \
+    tar \
+    build-base \
+    autoconf \
+    geoip-dev \
+    libressl \
+    ca-certificates \
+    gnupg" \
+ && apk -U upgrade && apk add \
+    ${BUILD_DEPS} \
+    geoip \
+    tzdata \
+ && pecl install geoip-1.1.1 \
+ && echo 'extension=geoip.so' >> /php/conf.d/geoip.ini \
+ && mkdir /piwik && cd /tmp \
+ && PIWIK_TARBALL="piwik-${VERSION}.tar.gz" \
+ && wget -q https://builds.piwik.org/${PIWIK_TARBALL} \
+ && wget -q https://builds.piwik.org/${PIWIK_TARBALL}.asc \
+ && wget -q https://builds.piwik.org/signature.asc \
+ && echo "Verifying authenticity of ${PIWIK_TARBALL}..." \
+ && gpg --import signature.asc \
+ && FINGERPRINT="$(LANG=C gpg --verify ${PIWIK_TARBALL}.asc ${PIWIK_TARBALL} 2>&1 \
+  | sed -n "s#Primary key fingerprint: \(.*\)#\1#p")" \
+ && if [ -z "${FINGERPRINT}" ]; then echo "Warning! Invalid GPG signature!" && exit 1; fi \
+ && if [ "${FINGERPRINT}" != "${GPG_matthieu}" ]; then echo "Warning! Wrong GPG fingerprint!" && exit 1; fi \
+ && echo "All seems good, now unpacking ${PIWIK_TARBALL}..." \
+ && tar xzf ${PIWIK_TARBALL} --strip 1 -C /piwik \
+ && wget -q https://geolite.maxmind.com/download/geoip/database/GeoLiteCity.dat.gz -P /usr/share/GeoIP/ \
+ && gzip -d /usr/share/GeoIP/GeoLiteCity.dat.gz \
+ && mv /usr/share/GeoIP/GeoLiteCity.dat /usr/share/GeoIP/GeoIPCity.dat \
+ && apk del ${BUILD_DEPS} php7-dev php7-pear \
+ && rm -rf /tmp/*  /var/cache/apk/* /tmp/* /root/.gnupg /root/.cache/
+
+COPY rootfs /
+
+RUN chmod +x /usr/local/bin/run.sh /etc/s6.d/*/* /etc/s6.d/.s6-svscan/*
+
+VOLUME /config
+
+EXPOSE 8888
+
+CMD ["run.sh"]
diff --git a/piwik/README.md b/piwik/README.md
new file mode 100644
index 0000000..3724e8a
--- /dev/null
+++ b/piwik/README.md
@@ -0,0 +1,68 @@
+## wonderfall/piwik
+
+![](https://i.goopics.net/m3.png)
+
+#### What is this?
+It is a web analytics platform. Piwik respects your privacy and gives you full control over your data.
+
+#### Features
+- Based on Alpine Linux.
+- Latest Piwik stable.
+- nginx stable + PHP7.
+- mysql drivers (server not built-in).
+- Latest GeoLite City Database from maxmind.com.
+
+#### Build-time variables
+- **VERSION** : version of Piwik
+- **GPG_matthieu** : fingerprint of signing key
+
+#### Environment variables
+- **GID** : piwik group id *(default : 991)*
+- **UID** : piwik user id *(default : 991)*
+
+#### Volumes
+- **/config** : configuration files
+
+#### Update
+Piwik can update itself. It works well. I'm also maintaing this Dockerfile, so if you don't want to do upgrades directly from Piwik, you can recreate the container as well whenever I push an update.
+
+#### Configuration
+According to Piwik, everything should be fine running this image. You shoudn't have any difficulties to setup your own instance of Piwik. Your `/config/config.ini.php` overwrites the one (in `/piwik/config`)used by Piwik each time the container is started. Moreover, the old config.ini.php is saved as `/config/config.ini.php.bkp` if you want to revert last changes. This should also guarantee transparency through Piwik's updates.
+
+If you're running Piwik behind a reverse proxy (most likely you do), add this to your `config.ini.php` :
+
+```
+[General]
+#assume_secure_protocol = 1 #uncomment if you use https
+proxy_client_headers[] = HTTP_X_FORWARDED_FOR
+proxy_client_headers[] = HTTP_X_REAL_IP
+proxy_host_headers[] = HTTP_X_FORWARDED_HOST
+```
+
+#### Reverse proxy
+Use port **8888**.
+https://github.com/Wonderfall/dockerfiles/tree/master/reverse
+https://github.com/hardware/mailserver/wiki/Reverse-proxy-configuration
+
+#### Docker Compose (example)
+```
+piwik:
+  image: wonderfall/piwik
+  links:
+    - db_piwik:db_piwik
+  volumes:
+    - /mnt/docker/piwik/config:/config
+  environment:
+    - GID=1000
+    - UID=1000
+
+db_piwik:
+  image: mariadb:10
+  volumes:
+    - /mnt/docker/piwik/db:/var/lib/mysql
+  environment:
+    - MYSQL_ROOT_PASSWORD=asupersecretpassword
+    - MYSQL_DATABASE=piwik
+    - MYSQL_USER=piwik
+    - MYSQL_PASSWORD=asupersecretpassword
+```
diff --git a/piwik/rootfs/nginx/sites-enabled/nginx.conf b/piwik/rootfs/nginx/sites-enabled/nginx.conf
new file mode 100644
index 0000000..69ea84d
--- /dev/null
+++ b/piwik/rootfs/nginx/sites-enabled/nginx.conf
@@ -0,0 +1,46 @@
+server {
+        listen 8888;
+        root /piwik;
+        index index.php index.html;
+
+        location ~* \.(?:bat|git|ini|sh|svn[^.]*|txt|tpl|xml)$ {
+            return 404;
+        }
+
+        location ~* \.(jpg|jpeg|gif|css|png|js|map|woff|woff2|ttf|svg|eot)$ {
+            expires 30d;
+            access_log off;
+	}
+
+        location = /favicon.ico {
+            try_files /favicon.ico =204;
+        }
+
+        location ~* ^/(?:README|LICENSE[^.]*|LEGALNOTICE)(?:\.txt)*$ {
+            return 404;
+        }
+
+        location ~ ^/(vendor|config|tmp|libs|misc) {            
+            deny all;                                                 
+            return 404;                                                      
+        }                                                                    
+                                                                             
+        location ~* /(.*)\.(?:markdown|md|twig|yaml|yml|ht|htaccess|ini)$ {
+            deny all;                                                        
+        }                                                                    
+                                                                             
+        location ~ /\. {                                                     
+            deny all;                                                        
+        }
+
+        location / {
+            try_files $uri /index.php;
+        }
+
+	location ~ \.php$ {
+            fastcgi_index index.php;
+            fastcgi_pass unix:/php/run/php-fpm.sock;
+            fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
+            include /nginx/conf/fastcgi_params;
+	}
+}
diff --git a/piwik/rootfs/php/conf.d/opcache.ini b/piwik/rootfs/php/conf.d/opcache.ini
new file mode 100644
index 0000000..d77112b
--- /dev/null
+++ b/piwik/rootfs/php/conf.d/opcache.ini
@@ -0,0 +1,8 @@
+zend_extension=opcache.so
+opcache.enable=1
+opcache.enable_cli=1
+opcache.fast_shutdown=1
+opcache.memory_consumption=<OPCACHE_MEM_SIZE>
+opcache.interned_strings_buffer=16
+opcache.max_accelerated_files=10000
+opcache.revalidate_freq=60
diff --git a/piwik/rootfs/usr/local/bin/run.sh b/piwik/rootfs/usr/local/bin/run.sh
new file mode 100644
index 0000000..887825e
--- /dev/null
+++ b/piwik/rootfs/usr/local/bin/run.sh
@@ -0,0 +1,13 @@
+#!/bin/sh
+sed -i -e "s/<UPLOAD_MAX_SIZE>/$UPLOAD_MAX_SIZE/g" /nginx/conf/nginx.conf /php/etc/php-fpm.conf \
+       -e "s/<MEMORY_LIMIT>/$MEMORY_LIMIT/g" /php/etc/php-fpm.conf \
+       -e "s/<OPCACHE_MEM_SIZE>/$OPCACHE_MEM_SIZE/g" /php/conf.d/opcache.ini
+
+if [ ! -f /config/config.ini.php ]; then
+  cp /piwik/config/config.ini.php /config/config.ini.php
+fi
+
+ln -s /config/config.ini.php /piwik/config/config.ini.php
+mv piwik fix && mv fix piwik # fix strange bug
+chown -R $UID:$GID /piwik /config /var/log /php /nginx /tmp /usr/share/GeoIP /etc/s6.d
+exec su-exec $UID:$GID /bin/s6-svscan /etc/s6.d