Merge pull request #18 from skilld-labs/add-16

jbguerraz · web-flow · commit 4cfc1e9d7d7a · 2019-10-25T16:11:09.000+02:00
Add 1.16 version
diff --git a/16/Dockerfile b/16/Dockerfile
@@ -0,0 +1,14 @@
+FROM alpine:3.10
+
+RUN set -ex &&\
+  apk add --no-cache --upgrade nginx nginx-mod-http-upload-progress
+
+COPY fastcgi_params nginx.conf upstream /etc/nginx/
+COPY default.conf /etc/nginx/conf.d/
+
+WORKDIR /var/www/html
+VOLUME /var/www/html
+
+EXPOSE 80 443
+
+CMD ["nginx", "-g", "daemon off;"]
diff --git a/16/default.conf b/16/default.conf
@@ -0,0 +1,250 @@
+include upstream;
+
+server {
+    server_name SERVER_NAME;
+    listen 80;
+
+    root /var/www/html/web;
+    index index.php;
+
+    fastcgi_keep_conn on;
+    fastcgi_index index.php;
+    fastcgi_param QUERY_STRING $query_string;
+    fastcgi_param SCRIPT_NAME $fastcgi_script_name;
+    fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
+
+    location / {
+
+        proxy_http_version 1.1;
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header Connection 'upgrade';
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+        proxy_cache_bypass $http_upgrade;
+
+        location ~* /system/files/ {
+            include fastcgi_params;
+            fastcgi_param QUERY_STRING q=$uri&$args;
+            fastcgi_param SCRIPT_NAME /index.php;
+            fastcgi_param SCRIPT_FILENAME $document_root/index.php;
+            fastcgi_hide_header 'X-Drupal-Cache';
+            fastcgi_hide_header 'X-Generator';
+            fastcgi_pass upstream;
+            log_not_found off;
+        }
+
+        location ~* /sites/.*/files/private/ {
+            internal;
+        }
+
+        location ~* /files/styles/ {
+            access_log off;
+            expires 30d;
+            try_files $uri @drupal;
+        }
+
+        location ~* /sites/.+/files/.+\.txt {
+            access_log off;
+            expires 7d;
+            tcp_nodelay off;
+            open_file_cache max=1000 inactive=30s;
+            open_file_cache_valid 30s;
+            open_file_cache_min_uses 2;
+            open_file_cache_errors off;
+        }
+
+        location ~* /sites/.*/files/advagg_css/ {
+            expires max;
+            add_header ETag '';
+            add_header Last-Modified 'Wed, 20 Jan 1988 04:20:42 GMT';
+            add_header Accept-Ranges '';
+            location ~* /sites/.*/files/advagg_css/css[_[:alnum:]]+\.css$ {
+                access_log off;
+                try_files $uri @drupal;
+            }
+        }
+
+        location ~* /sites/.*/files/advagg_js/ {
+            expires max;
+            add_header ETag '';
+            add_header Last-Modified 'Wed, 20 Jan 1988 04:20:42 GMT';
+            add_header Accept-Ranges '';
+            location ~* /sites/.*/files/advagg_js/js[_[:alnum:]]+\.js$ {
+                access_log off;
+                try_files $uri @drupal;
+            }
+        }
+
+        location ~* /admin/reports/hacked/.+/diff/ {
+            try_files $uri @drupal;
+        }
+
+        location ~* ^.+\.(?:cur|jpe?g|gif|htc|ico|png|xml|otf|ttf|eot|woff|woff2|svg)$ {
+            access_log off;
+            expires 30d;
+            tcp_nodelay off;
+            open_file_cache max=3000 inactive=120s;
+            open_file_cache_valid 45s;
+            open_file_cache_min_uses 2;
+            open_file_cache_errors off;
+        }
+
+        location ~* ^.+\.(?:css|js)$ {
+            access_log off;
+            expires 30d;
+            tcp_nodelay off;
+            open_file_cache off;
+        }
+
+        location ~* ^.+\.(?:pdf|pptx?)$ {
+            expires 30d;
+            tcp_nodelay off;
+        }
+
+        location ~* ^(?:.+\.(?:htaccess|make|txt|engine|inc|info|install|module|profile|po|pot|sh|.*sql|theme|tpl(?:\.php)?|xtmpl)|code-style\.pl|/Entries.*|/Repository|/Root|/Tag|/Template)$ {
+            return 404;
+        }
+        try_files $uri @drupal;
+    }
+
+    location @drupal {
+        include fastcgi_params;
+        fastcgi_param QUERY_STRING $query_string;
+        fastcgi_param SCRIPT_NAME /index.php;
+        fastcgi_param SCRIPT_FILENAME $document_root/index.php;
+        fastcgi_hide_header 'X-Drupal-Cache';
+        fastcgi_hide_header 'X-Generator';
+        fastcgi_pass upstream;
+        track_uploads uploads 60s;
+    }
+
+    location @drupal-no-args {
+        include fastcgi_params;
+        fastcgi_param QUERY_STRING q=$uri;
+        fastcgi_param SCRIPT_NAME /index.php;
+        fastcgi_param SCRIPT_FILENAME $document_root/index.php;
+        fastcgi_hide_header 'X-Drupal-Cache';
+        fastcgi_hide_header 'X-Generator';
+        fastcgi_pass upstream;
+    }
+
+    location = /index.php {
+        include fastcgi_params;
+        fastcgi_param QUERY_STRING $query_string;
+        fastcgi_param SCRIPT_NAME /index.php;
+        fastcgi_param SCRIPT_FILENAME $document_root/index.php;
+        fastcgi_hide_header 'X-Drupal-Cache';
+        fastcgi_hide_header 'X-Generator';
+        fastcgi_pass upstream;
+    }
+
+    location = /cron {
+        include fastcgi_params;
+        fastcgi_param QUERY_STRING q=$uri&$args;
+        fastcgi_param SCRIPT_NAME /index.php;
+        fastcgi_param SCRIPT_FILENAME $document_root/index.php;
+        fastcgi_hide_header 'X-Drupal-Cache';
+        fastcgi_hide_header 'X-Generator';
+        fastcgi_pass upstream;
+    }
+
+    location ~* ^/update.php {
+        include fastcgi_params;
+        fastcgi_param QUERY_STRING $args;
+        fastcgi_param SCRIPT_NAME /update.php;
+        fastcgi_param SCRIPT_FILENAME $document_root/update.php;
+        fastcgi_hide_header 'X-Drupal-Cache';
+        fastcgi_hide_header 'X-Generator';
+        fastcgi_pass upstream;
+    }
+
+    location = /core/install.php {
+        include fastcgi_params;
+        fastcgi_param QUERY_STRING $args;
+        fastcgi_param SCRIPT_NAME /core/install.php;
+        fastcgi_param SCRIPT_FILENAME $document_root/core/install.php;
+        fastcgi_hide_header 'X-Drupal-Cache';
+        fastcgi_hide_header 'X-Generator';
+        fastcgi_pass upstream;
+    }
+
+    location ~* ^/core/authorize.php {
+        include fastcgi_params;
+        fastcgi_param QUERY_STRING $args;
+        fastcgi_param SCRIPT_NAME /core/authorize.php;
+        fastcgi_param SCRIPT_FILENAME $document_root/core/authorize.php;
+        fastcgi_hide_header 'X-Drupal-Cache';
+        fastcgi_hide_header 'X-Generator';
+        fastcgi_pass upstream;
+    }
+
+    location ^~ /.bzr {
+        return 404;
+    }
+
+    location ^~ /.git {
+        return 404;
+    }
+
+    location ^~ /.hg {
+        return 404;
+    }
+
+    location ^~ /.svn {
+        return 404;
+    }
+
+    location ^~ /.cvs {
+        return 404;
+    }
+
+    location ^~ /patches {
+        return 404;
+    }
+
+    location ^~ /backup {
+        return 404;
+    }
+
+    location = /robots.txt {
+        access_log off;
+        try_files $uri @drupal-no-args;
+    }
+
+    location = /rss.xml {
+        try_files $uri @drupal-no-args;
+    }
+
+    location = /sitemap.xml {
+        try_files $uri @drupal-no-args;
+    }
+
+    location = /favicon.ico {
+        expires 30d;
+        try_files /favicon.ico @empty;
+    }
+
+    location ~* ^/.well-known/ {
+        allow all;
+    }
+
+    location @empty {
+        expires 30d;
+        empty_gif;
+    }
+
+    location ~* ^.+\.php$ {
+        return 404;
+    }
+
+    location ~ (?<upload_form_uri>.*)/x-progress-id:(?<upload_id>\d*) {
+        rewrite ^ $upload_form_uri?X-Progress-ID=$upload_id;
+    }
+
+    location ~ ^/progress$ {
+        upload_progress_json_output;
+        report_uploads uploads;
+    }
+}
diff --git a/16/fastcgi_params b/16/fastcgi_params
@@ -0,0 +1,25 @@
+fastcgi_param REQUEST_METHOD $request_method;
+fastcgi_param CONTENT_TYPE $content_type;
+fastcgi_param CONTENT_LENGTH $content_length;
+
+fastcgi_param REQUEST_URI $request_uri;
+fastcgi_param DOCUMENT_URI $document_uri;
+fastcgi_param DOCUMENT_ROOT $document_root;
+fastcgi_param SERVER_PROTOCOL $server_protocol;
+
+fastcgi_param GATEWAY_INTERFACE CGI/1.1;
+fastcgi_param SERVER_SOFTWARE nginx/$nginx_version;
+fastcgi_param REMOTE_ADDR $remote_addr;
+fastcgi_param REMOTE_PORT $remote_port;
+fastcgi_param SERVER_ADDR $server_addr;
+fastcgi_param SERVER_PORT $server_port;
+fastcgi_param SERVER_NAME $server_name;
+
+fastcgi_param REDIRECT_STATUS 200;
+
+fastcgi_param HTTPS $fastcgi_https if_not_empty;
+
+fastcgi_param HTTP_MOD_REWRITE On;
+
+## Fix HTTPoxy vulnerability https://httpoxy.org/#mitigate-nginx.
+fastcgi_param HTTP_PROXY '';
diff --git a/16/nginx.conf b/16/nginx.conf
@@ -0,0 +1,63 @@
+user                                    nginx;
+worker_processes                        1;
+error_log                               /proc/self/fd/2;
+pid                                     /var/run/nginx.pid;
+
+pcre_jit on;
+
+include /etc/nginx/modules/*.conf;
+
+events {
+    worker_connections                  1024;
+    multi_accept                        on;
+}
+
+http {
+    include                             /etc/nginx/mime.types;
+    default_type                        application/octet-stream;
+    fastcgi_buffers                     256 4k;
+    fastcgi_buffer_size                 32k;
+    fastcgi_intercept_errors            on;
+    fastcgi_read_timeout                900;
+    include                             fastcgi_params;
+    access_log                          /proc/self/fd/2;
+    port_in_redirect                    off;
+    send_timeout                        600;
+    sendfile                            on;
+    client_body_timeout                 600;
+    client_header_timeout               600;
+    client_max_body_size                256M;
+    keepalive_timeout                   60;
+    keepalive_requests                  100;
+    reset_timedout_connection           off;
+    tcp_nodelay                         on;
+    tcp_nopush                          on;
+    server_tokens                       off;
+    upload_progress uploads             1m;
+
+    gzip                                on;
+    gzip_buffers                        16 8k;
+    gzip_comp_level                     2;
+    gzip_http_version                   1.1;
+    gzip_min_length                     10240;
+    gzip_types                          text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript image/x-icon application/vnd.ms-fontobject font/opentype application/x-font-ttf;
+    gzip_vary                           on;
+    gzip_proxied                        any;
+    gzip_disable                        msie6;
+
+    add_header                          X-XSS-Protection '1; mode=block';
+    add_header                          X-Frame-Options SAMEORIGIN;
+    add_header                          X-Content-Type-Options nosniff;
+
+    map $http_x_forwarded_proto $fastcgi_https {
+        default $https;
+        http '';
+        https on;
+    }
+
+    map $uri $no_slash_uri {
+        ~^/(?<no_slash>.*)$ $no_slash;
+    }
+
+    include /etc/nginx/conf.d/*.conf;
+}
diff --git a/16/upstream b/16/upstream
@@ -0,0 +1,3 @@
+upstream upstream {
+	server php:9000;
+}

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,3 @@`
	`1`	`+upstream upstream {`
	`2`	`+ server php:9000;`
	`3`	`+}`