mirror of https://gitgud.io/fatchan/jschan.git
parent
99ae6f3592
commit
8662411a25
10 changed files with 228 additions and 98 deletions
@ -1,16 +0,0 @@ |
||||
FROM node:16 |
||||
|
||||
WORKDIR /opt |
||||
ENV NODE_ENV development |
||||
|
||||
COPY . /opt/ |
||||
COPY ./docker/secrets.js /opt/configs/secrets.js |
||||
|
||||
RUN npm install |
||||
RUN npm run-script setup |
||||
RUN gulp reset |
||||
RUN gulp |
||||
|
||||
EXPOSE 7000 |
||||
|
||||
CMD [ "pm2-runtime", "start", "ecosystem.config.js" ] |
@ -0,0 +1,18 @@ |
||||
FROM node:16 |
||||
|
||||
RUN apt-get update -y |
||||
RUN apt-get install ffmpeg imagemagick graphicsmagick -y |
||||
|
||||
WORKDIR /opt |
||||
|
||||
COPY . . |
||||
|
||||
RUN npm install |
||||
|
||||
RUN npm install -g pm2 gulp |
||||
|
||||
RUN rm /opt/gulp/res/js/socket.io.js |
||||
|
||||
COPY ./docker/jschan/secrets.js ./configs/secrets.js |
||||
|
||||
CMD ["/bin/sh", "-c", "gulp; pm2-runtime start ecosystem.config.js"] |
@ -0,0 +1,18 @@ |
||||
FROM node:16 |
||||
|
||||
WORKDIR /opt |
||||
|
||||
COPY . . |
||||
RUN npm install |
||||
RUN npm i -g pm2 gulp |
||||
|
||||
RUN rm /opt/gulp/res/js/socket.io.js |
||||
|
||||
COPY ./docker/jschan/secrets.js ./configs/secrets.js |
||||
|
||||
#i fucking hate docker |
||||
ENV MONGO_USERNAME jschan |
||||
ENV MONGO_PASSWORD changeme |
||||
ENV REDIS_PASSWORD changeme |
||||
|
||||
CMD ["/bin/sh", "-c", "gulp reset; gulp"] |
@ -0,0 +1,40 @@ |
||||
module.exports = { |
||||
|
||||
//mongodb connection string
|
||||
dbURL: `mongodb://${process.env.MONGO_USERNAME}:${process.env.MONGO_PASSWORD}@mongodb:27017`, |
||||
|
||||
//database name
|
||||
dbName: 'jschan', |
||||
|
||||
//redis connection info
|
||||
redis: { |
||||
host: 'redis', |
||||
port: '6379', |
||||
password: process.env.REDIS_PASSWORD, |
||||
}, |
||||
|
||||
//backend webserver port
|
||||
port: 7000, |
||||
|
||||
//secrets/salts for various things
|
||||
cookieSecret: process.env.COOKIE_SECRET, |
||||
tripcodeSecret: process.env.TRIPCODE_SECRET, |
||||
ipHashSecret: process.env.IP_HASH_SECRET, |
||||
postPasswordSecret: process.env.POST_PASSWORD_SECRET, |
||||
|
||||
//keys for google recaptcha
|
||||
google: { |
||||
siteKey: process.env.GOOGLE_SITEKEY, |
||||
secretKey: process.env.GOOGLE_SECRETKEY, |
||||
}, |
||||
|
||||
//keys for hcaptcha
|
||||
hcaptcha: { |
||||
siteKey: process.env.HCAPTCHA_SITEKEY, |
||||
secretKey: process.env.HCAPTCHA_SECRETKEY, |
||||
}, |
||||
|
||||
//enable debug logging
|
||||
debugLogs: true, |
||||
|
||||
}; |
@ -1,40 +0,0 @@ |
||||
location / { |
||||
proxy_buffering off; |
||||
proxy_pass http://chan$request_uri; |
||||
proxy_http_version 1.1; |
||||
|
||||
proxy_set_header Host $host; |
||||
proxy_set_header Upgrade $http_upgrade; |
||||
proxy_set_header Connection 'upgrade'; |
||||
proxy_cache_bypass $http_upgrade; |
||||
|
||||
proxy_set_header X-Forwarded-Proto https; |
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; |
||||
proxy_set_header X-Real-IP $remote_addr; |
||||
proxy_set_header X-Country-Code 'XX'; |
||||
} |
||||
|
||||
location @backend { |
||||
proxy_buffering off; |
||||
proxy_pass http://chan$request_uri; |
||||
proxy_http_version 1.1; |
||||
proxy_set_header X-Forwarded-Proto https; |
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; |
||||
proxy_set_header X-Real-IP $remote_addr; |
||||
proxy_set_header X-Country-Code 'XX'; |
||||
proxy_set_header Connection ''; |
||||
proxy_set_header Host $host; |
||||
} |
||||
|
||||
location @backend-private { |
||||
include /etc/nginx/snippets/security_headers_nocache.conf; |
||||
proxy_buffering off; |
||||
proxy_pass http://chan$request_uri; |
||||
proxy_http_version 1.1; |
||||
proxy_set_header X-Forwarded-Proto https; |
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; |
||||
proxy_set_header X-Real-IP $remote_addr; |
||||
proxy_set_header X-Country-Code 'XX'; |
||||
proxy_set_header Connection ''; |
||||
proxy_set_header Host $host; |
||||
} |
@ -0,0 +1,88 @@ |
||||
FROM nginx:mainline as builder |
||||
|
||||
ARG ENABLED_MODULES |
||||
|
||||
RUN set -ex \ |
||||
&& if [ "$ENABLED_MODULES" = "" ]; then \ |
||||
echo "No additional modules enabled, exiting"; \ |
||||
exit 1; \ |
||||
fi |
||||
|
||||
#COPY ./ /modules/ |
||||
|
||||
RUN set -ex \ |
||||
&& apt update \ |
||||
&& apt install -y --no-install-suggests --no-install-recommends \ |
||||
patch make wget mercurial devscripts debhelper dpkg-dev \ |
||||
quilt lsb-release build-essential libxml2-utils xsltproc \ |
||||
equivs git g++ \ |
||||
&& hg clone -r ${NGINX_VERSION}-${PKG_RELEASE%%~*} https://hg.nginx.org/pkg-oss/ \ |
||||
&& cd pkg-oss \ |
||||
&& mkdir /tmp/packages \ |
||||
&& for module in $ENABLED_MODULES; do \ |
||||
echo "Building $module for nginx-$NGINX_VERSION"; \ |
||||
if [ -d /modules/$module ]; then \ |
||||
echo "Building $module from user-supplied sources"; \ |
||||
# check if module sources file is there and not empty |
||||
if [ ! -s /modules/$module/source ]; then \ |
||||
echo "No source file for $module in modules/$module/source, exiting"; \ |
||||
exit 1; \ |
||||
fi; \ |
||||
# some modules require build dependencies |
||||
if [ -f /modules/$module/build-deps ]; then \ |
||||
echo "Installing $module build dependencies"; \ |
||||
apt update && apt install -y --no-install-suggests --no-install-recommends $(cat /modules/$module/build-deps | xargs); \ |
||||
fi; \ |
||||
# if a module has a build dependency that is not in a distro, provide a |
||||
# shell script to fetch/build/install those |
||||
# note that shared libraries produced as a result of this script will |
||||
# not be copied from the builder image to the main one so build static |
||||
if [ -x /modules/$module/prebuild ]; then \ |
||||
echo "Running prebuild script for $module"; \ |
||||
/modules/$module/prebuild; \ |
||||
fi; \ |
||||
/pkg-oss/build_module.sh -v $NGINX_VERSION -f -y -o /tmp/packages -n $module $(cat /modules/$module/source); \ |
||||
BUILT_MODULES="$BUILT_MODULES $(echo $module | tr '[A-Z]' '[a-z]' | tr -d '[/_\-\.\t ]')"; \ |
||||
elif make -C /pkg-oss/debian list | grep -P "^$module\s+\d" > /dev/null; then \ |
||||
echo "Building $module from pkg-oss sources"; \ |
||||
cd /pkg-oss/debian; \ |
||||
make rules-module-$module BASE_VERSION=$NGINX_VERSION NGINX_VERSION=$NGINX_VERSION; \ |
||||
mk-build-deps --install --tool="apt-get -o Debug::pkgProblemResolver=yes --no-install-recommends --yes" debuild-module-$module/nginx-$NGINX_VERSION/debian/control; \ |
||||
make module-$module BASE_VERSION=$NGINX_VERSION NGINX_VERSION=$NGINX_VERSION; \ |
||||
find ../../ -maxdepth 1 -mindepth 1 -type f -name "*.deb" -exec mv -v {} /tmp/packages/ \;; \ |
||||
BUILT_MODULES="$BUILT_MODULES $module"; \ |
||||
else \ |
||||
echo "Don't know how to build $module module, exiting"; \ |
||||
exit 1; \ |
||||
fi; \ |
||||
done \ |
||||
&& echo "BUILT_MODULES=\"$BUILT_MODULES\"" > /tmp/packages/modules.env |
||||
|
||||
FROM nginx:mainline |
||||
COPY --from=builder /tmp/packages /tmp/packages |
||||
RUN set -ex \ |
||||
&& apt update \ |
||||
&& apt-get install wget -y \ |
||||
&& . /tmp/packages/modules.env \ |
||||
&& for module in $BUILT_MODULES; do \ |
||||
apt install --no-install-suggests --no-install-recommends -y /tmp/packages/nginx-module-${module}_${NGINX_VERSION}*.deb; \ |
||||
done \ |
||||
&& rm -rf /tmp/packages \ |
||||
&& rm -rf /var/lib/apt/lists/ |
||||
|
||||
RUN mkdir /usr/share/GeoIP |
||||
RUN wget https://dl.miyuru.lk/geoip/dbip/country/dbip.dat.gz |
||||
RUN gunzip dbip.dat.gz |
||||
RUN mv dbip.dat /usr/share/GeoIP/GeoIP.dat |
||||
|
||||
RUN rm /etc/nginx/conf.d/default.conf |
||||
|
||||
COPY ./docker/nginx/nginx.conf /etc/nginx/nginx.conf |
||||
|
||||
COPY ./docker/nginx/jschan.conf /etc/nginx/conf.d/ |
||||
|
||||
COPY ./configs/nginx/snippets/ /etc/nginx/snippets/ |
||||
|
||||
EXPOSE 80 |
||||
|
||||
CMD ["nginx", "-g", "daemon off;"] |
@ -0,0 +1,44 @@ |
||||
load_module /etc/nginx/modules/ngx_http_geoip_module-debug.so; |
||||
|
||||
worker_processes auto; |
||||
pid /run/nginx.pid; |
||||
|
||||
events { |
||||
worker_connections 1000; |
||||
} |
||||
|
||||
http { |
||||
include /etc/nginx/mime.types; |
||||
default_type application/octet-stream; |
||||
geoip_country /usr/share/GeoIP/GeoIP.dat; |
||||
|
||||
map_hash_max_size 4096; |
||||
map_hash_bucket_size 256; |
||||
|
||||
aio threads; |
||||
sendfile on; |
||||
tcp_nopush on; |
||||
tcp_nodelay on; |
||||
server_tokens off; |
||||
types_hash_max_size 2048; |
||||
server_names_hash_bucket_size 128; |
||||
client_max_body_size 0; |
||||
|
||||
#proxy_request_buffering off; |
||||
|
||||
log_format custom '[$time_local] $remote_addr $status "$request" "$http_referer" "$http_user_agent" $bytes_sent'; |
||||
access_log /var/log/nginx/access.log custom; |
||||
error_log /var/log/nginx/error.log; |
||||
|
||||
gzip on; |
||||
#gzip_vary off; |
||||
gzip_comp_level 6; |
||||
gzip_proxied any; |
||||
gzip_types text/plain text/css text/js text/xml text/javascript image/x-icon application/javascript application/json application/xml application/rss+xml image/svg+xml; |
||||
|
||||
ssl_protocols TLSv1.2 TLSv1.3; # Dropping SSLv3, ref: POODLE |
||||
ssl_prefer_server_ciphers on; |
||||
|
||||
include /etc/nginx/conf.d/*; |
||||
|
||||
} |
@ -1,40 +0,0 @@ |
||||
module.exports = { |
||||
|
||||
//mongodb connection string
|
||||
dbURL: 'mongodb://mongodb:27017', |
||||
|
||||
//database name
|
||||
dbName: 'jschan', |
||||
|
||||
//redis connection info
|
||||
redis: { |
||||
host: 'redis', |
||||
port: '6379', |
||||
password: '' |
||||
}, |
||||
|
||||
//backend webserver port
|
||||
port: 7000, |
||||
|
||||
//secrets/salts for various things
|
||||
cookieSecret: 'changeme', |
||||
tripcodeSecret: 'changeme', |
||||
ipHashSecret: 'changeme', |
||||
postPasswordSecret: 'changeme', |
||||
|
||||
//keys for google recaptcha
|
||||
google: { |
||||
siteKey: 'changeme', |
||||
secretKey: 'changeme' |
||||
}, |
||||
|
||||
//keys for hcaptcha
|
||||
hcaptcha: { |
||||
siteKey: '10000000-ffff-ffff-ffff-000000000001', |
||||
secretKey: '0x0000000000000000000000000000000000000000' |
||||
}, |
||||
|
||||
//enable debug logging
|
||||
debugLogs: true, |
||||
|
||||
}; |
Loading…
Reference in new issue