commit 7a37693c549ad4cf6febb8fce7332e514b914329
Author: root <root@ns333570.ip-188-165-217.eu>
Date:   Fri Nov 3 19:37:24 2017 +0000

    first commit

diff --git a/Dockerfile b/Dockerfile
new file mode 100644
index 0000000..78d5962
--- /dev/null
+++ b/Dockerfile
@@ -0,0 +1,53 @@
+FROM wonderfall/nginx-php
+
+ARG VERSION=3.2.0
+ARG GPG_matthieu="814E 346F A01A 20DB B04B  6807 B5DB D592 5590 A237"
+
+ENV UID=991 GID=991 \
+    UPLOAD_MAX_SIZE=10M \
+    MEMORY_LIMIT=256M \
+    OPCACHE_MEM_SIZE=128M
+
+RUN BUILD_DEPS=" \
+    git \
+    tar \
+    build-base \
+    autoconf \
+    geoip-dev \
+    libressl \
+    ca-certificates \
+    gnupg" \
+ && apk -U upgrade && apk add \
+    ${BUILD_DEPS} \
+    geoip \
+    tzdata \
+ && pecl install geoip-1.1.1 \
+ && echo 'extension=geoip.so' >> /php/conf.d/geoip.ini \
+ && mkdir /piwik && cd /tmp \
+ && PIWIK_TARBALL="piwik-${VERSION}.tar.gz" \
+ && wget -q https://builds.piwik.org/${PIWIK_TARBALL} \
+ && wget -q https://builds.piwik.org/${PIWIK_TARBALL}.asc \
+ && wget -q https://builds.piwik.org/signature.asc \
+ && echo "Verifying authenticity of ${PIWIK_TARBALL}..." \
+ && gpg --import signature.asc \
+ && FINGERPRINT="$(LANG=C gpg --verify ${PIWIK_TARBALL}.asc ${PIWIK_TARBALL} 2>&1 \
+  | sed -n "s#Primary key fingerprint: \(.*\)#\1#p")" \
+ && if [ -z "${FINGERPRINT}" ]; then echo "Warning! Invalid GPG signature!" && exit 1; fi \
+ && if [ "${FINGERPRINT}" != "${GPG_matthieu}" ]; then echo "Warning! Wrong GPG fingerprint!" && exit 1; fi \
+ && echo "All seems good, now unpacking ${PIWIK_TARBALL}..." \
+ && tar xzf ${PIWIK_TARBALL} --strip 1 -C /piwik \
+ && wget -q https://geolite.maxmind.com/download/geoip/database/GeoLiteCity.dat.gz -P /usr/share/GeoIP/ \
+ && gzip -d /usr/share/GeoIP/GeoLiteCity.dat.gz \
+ && mv /usr/share/GeoIP/GeoLiteCity.dat /usr/share/GeoIP/GeoIPCity.dat \
+ && apk del ${BUILD_DEPS} php7-dev php7-pear \
+ && rm -rf /tmp/*  /var/cache/apk/* /tmp/* /root/.gnupg /root/.cache/
+
+COPY rootfs /
+
+RUN chmod +x /usr/local/bin/startup /etc/s6.d/*/* /etc/s6.d/.s6-svscan/*
+
+VOLUME /config
+
+EXPOSE 8888
+
+ENTRYPOINT ["/usr/local/bin/startup"]
diff --git a/README.md b/README.md
new file mode 100644
index 0000000..3724e8a
--- /dev/null
+++ b/README.md
@@ -0,0 +1,68 @@
+## wonderfall/piwik
+
+![](https://i.goopics.net/m3.png)
+
+#### What is this?
+It is a web analytics platform. Piwik respects your privacy and gives you full control over your data.
+
+#### Features
+- Based on Alpine Linux.
+- Latest Piwik stable.
+- nginx stable + PHP7.
+- mysql drivers (server not built-in).
+- Latest GeoLite City Database from maxmind.com.
+
+#### Build-time variables
+- **VERSION** : version of Piwik
+- **GPG_matthieu** : fingerprint of signing key
+
+#### Environment variables
+- **GID** : piwik group id *(default : 991)*
+- **UID** : piwik user id *(default : 991)*
+
+#### Volumes
+- **/config** : configuration files
+
+#### Update
+Piwik can update itself. It works well. I'm also maintaing this Dockerfile, so if you don't want to do upgrades directly from Piwik, you can recreate the container as well whenever I push an update.
+
+#### Configuration
+According to Piwik, everything should be fine running this image. You shoudn't have any difficulties to setup your own instance of Piwik. Your `/config/config.ini.php` overwrites the one (in `/piwik/config`)used by Piwik each time the container is started. Moreover, the old config.ini.php is saved as `/config/config.ini.php.bkp` if you want to revert last changes. This should also guarantee transparency through Piwik's updates.
+
+If you're running Piwik behind a reverse proxy (most likely you do), add this to your `config.ini.php` :
+
+```
+[General]
+#assume_secure_protocol = 1 #uncomment if you use https
+proxy_client_headers[] = HTTP_X_FORWARDED_FOR
+proxy_client_headers[] = HTTP_X_REAL_IP
+proxy_host_headers[] = HTTP_X_FORWARDED_HOST
+```
+
+#### Reverse proxy
+Use port **8888**.
+https://github.com/Wonderfall/dockerfiles/tree/master/reverse
+https://github.com/hardware/mailserver/wiki/Reverse-proxy-configuration
+
+#### Docker Compose (example)
+```
+piwik:
+  image: wonderfall/piwik
+  links:
+    - db_piwik:db_piwik
+  volumes:
+    - /mnt/docker/piwik/config:/config
+  environment:
+    - GID=1000
+    - UID=1000
+
+db_piwik:
+  image: mariadb:10
+  volumes:
+    - /mnt/docker/piwik/db:/var/lib/mysql
+  environment:
+    - MYSQL_ROOT_PASSWORD=asupersecretpassword
+    - MYSQL_DATABASE=piwik
+    - MYSQL_USER=piwik
+    - MYSQL_PASSWORD=asupersecretpassword
+```
diff --git a/rootfs/nginx/sites-enabled/nginx.conf b/rootfs/nginx/sites-enabled/nginx.conf
new file mode 100644
index 0000000..69ea84d
--- /dev/null
+++ b/rootfs/nginx/sites-enabled/nginx.conf
@@ -0,0 +1,46 @@
+server {
+        listen 8888;
+        root /piwik;
+        index index.php index.html;
+
+        location ~* \.(?:bat|git|ini|sh|svn[^.]*|txt|tpl|xml)$ {
+            return 404;
+        }
+
+        location ~* \.(jpg|jpeg|gif|css|png|js|map|woff|woff2|ttf|svg|eot)$ {
+            expires 30d;
+            access_log off;
+	}
+
+        location = /favicon.ico {
+            try_files /favicon.ico =204;
+        }
+
+        location ~* ^/(?:README|LICENSE[^.]*|LEGALNOTICE)(?:\.txt)*$ {
+            return 404;
+        }
+
+        location ~ ^/(vendor|config|tmp|libs|misc) {            
+            deny all;                                                 
+            return 404;                                                      
+        }                                                                    
+                                                                             
+        location ~* /(.*)\.(?:markdown|md|twig|yaml|yml|ht|htaccess|ini)$ {
+            deny all;                                                        
+        }                                                                    
+                                                                             
+        location ~ /\. {                                                     
+            deny all;                                                        
+        }
+
+        location / {
+            try_files $uri /index.php;
+        }
+
+	location ~ \.php$ {
+            fastcgi_index index.php;
+            fastcgi_pass unix:/php/run/php-fpm.sock;
+            fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
+            include /nginx/conf/fastcgi_params;
+	}
+}
diff --git a/rootfs/php/conf.d/opcache.ini b/rootfs/php/conf.d/opcache.ini
new file mode 100644
index 0000000..d77112b
--- /dev/null
+++ b/rootfs/php/conf.d/opcache.ini
@@ -0,0 +1,8 @@
+zend_extension=opcache.so
+opcache.enable=1
+opcache.enable_cli=1
+opcache.fast_shutdown=1
+opcache.memory_consumption=<OPCACHE_MEM_SIZE>
+opcache.interned_strings_buffer=16
+opcache.max_accelerated_files=10000
+opcache.revalidate_freq=60
diff --git a/rootfs/usr/local/bin/startup b/rootfs/usr/local/bin/startup
new file mode 100644
index 0000000..887825e
--- /dev/null
+++ b/rootfs/usr/local/bin/startup
@@ -0,0 +1,13 @@
+#!/bin/sh
+sed -i -e "s/<UPLOAD_MAX_SIZE>/$UPLOAD_MAX_SIZE/g" /nginx/conf/nginx.conf /php/etc/php-fpm.conf \
+       -e "s/<MEMORY_LIMIT>/$MEMORY_LIMIT/g" /php/etc/php-fpm.conf \
+       -e "s/<OPCACHE_MEM_SIZE>/$OPCACHE_MEM_SIZE/g" /php/conf.d/opcache.ini
+
+if [ ! -f /config/config.ini.php ]; then
+  cp /piwik/config/config.ini.php /config/config.ini.php
+fi
+
+ln -s /config/config.ini.php /piwik/config/config.ini.php
+mv piwik fix && mv fix piwik # fix strange bug
+chown -R $UID:$GID /piwik /config /var/log /php /nginx /tmp /usr/share/GeoIP /etc/s6.d
+exec su-exec $UID:$GID /bin/s6-svscan /etc/s6.d