diff --git a/.gitignore b/.gitignore index 2135082..23e863e 100644 --- a/.gitignore +++ b/.gitignore @@ -5,4 +5,7 @@ log/* *.sql bin/syncfiles.sh solr_cores/* +solr_data/* +var_solr/* ressources/xdebug.ini +ressources/*.sql.gz \ No newline at end of file diff --git a/Docker/nginx/default.conf b/Docker/nginx/default.conf index ac1c935..045431b 100644 --- a/Docker/nginx/default.conf +++ b/Docker/nginx/default.conf @@ -6,9 +6,9 @@ server { charset utf-8; - location / { - try_files $uri $uri/ /index.php?$query_string; - } + # location / { + # try_files $uri $uri/ /index.php?$query_string; + # } location = /favicon.ico { access_log off; log_not_found off; } location = /robots.txt { access_log off; log_not_found off; } @@ -20,18 +20,95 @@ server { client_max_body_size 100m; - location ~ \.php$ { - fastcgi_split_path_info ^(.+\.php)(/.+)$; - fastcgi_pass php:9000; - fastcgi_index index.php; + + # Very rarely should these ever be accessed outside of your lan + location ~* \.(txt|log)$ { + allow 192.168.0.0/16; + deny all; + } + + location ~ \..*/.*\.php$ { + return 403; + } + + location ~ ^/sites/.*/private/ { + return 403; + } + + # Allow "Well-Known URIs" as per RFC 5785 + location ~* ^/.well-known/ { + allow all; + } + + # Block access to "hidden" files and directories whose names begin with a + # period. This includes directories used by version control systems such + # as Subversion or Git to store control files. + location ~ (^|/)\. { + return 403; + } + + location / { + # try_files $uri @rewrite; # For Drupal <= 6 + try_files $uri /index.php?$query_string; # For Drupal >= 7 + } + + location @rewrite { + rewrite ^/(.*)$ /index.php?q=$1; + } + + # Don't allow direct access to PHP files in the vendor directory. + location ~ /vendor/.*\.php$ { + deny all; + return 404; + } + + # In Drupal 10, we must also match new paths where the '.php' appears in + # the middle, such as update.php/selection. The rule we use is strict, + # and only allows this pattern with the update.php front controller. + # This allows legacy path aliases in the form of + # blog/index.php/legacy-path to continue to route to Drupal nodes. If + # you do not have any paths like that, then you might prefer to use a + # laxer rule, such as: + # location ~ \.php(/|$) { + # The laxer rule will continue to work if Drupal uses this new URL + # pattern with front controllers other than update.php in a future + # release. + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + # Security note: If you're running a version of PHP older than the + # latest 5.3, you should have "cgi.fix_pathinfo = 0;" in php.ini. + # See http://serverfault.com/q/627903/94922 for details. include fastcgi_params; + # Block httpoxy attacks. See https://httpoxy.org/. + fastcgi_param HTTP_PROXY ""; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - fastcgi_intercept_errors off; + fastcgi_param PATH_INFO $fastcgi_path_info; + fastcgi_param QUERY_STRING $query_string; + fastcgi_intercept_errors on; fastcgi_buffer_size 16k; fastcgi_buffers 4 16k; fastcgi_read_timeout 150; + + # PHP 5 socket location. + #fastcgi_pass unix:/var/run/php5-fpm.sock; + # PHP 7 socket location. + #fastcgi_pass unix:/var/run/php/php7.0-fpm.sock; + #lando + fastcgi_pass php:9000; } + # location ~ \.php$ { + # fastcgi_split_path_info ^(.+\.php)(/.+)$; + # fastcgi_pass php:9000; + # fastcgi_index index.php; + # include fastcgi_params; + # fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + # fastcgi_intercept_errors off; + # fastcgi_buffer_size 16k; + # fastcgi_buffers 4 16k; + # fastcgi_read_timeout 150; + # } + location ~ /\.ht { deny all; } @@ -42,11 +119,29 @@ server { gzip_http_version 1.0; gzip_static on; + + # Fighting with Styles? This little gem is amazing. + # location ~ ^/sites/.*/files/imagecache/ { # For Drupal <= 6 + location ~ ^(/[a-z\-]+)?/sites/.*/files/(css|js|styles)/ { # For Drupal >= 7 + try_files $uri @rewrite; + } + # Handle private files through Drupal. Private file's path can come + # with a language prefix. + location ~ ^(/[a-z\-]+)?/system/files/ { # For Drupal >= 7 + try_files $uri /index.php?$query_string; + } + + location ~* \.(js|css|png|jpg|jpeg|gif|ico)$ { + expires max; + log_not_found off; + } + ## PWA serviceworker support. # location ~ ^/pwa/[0-9a-z]+/serviceworker.js { # try_files $uri /index.php?$query_string; # } + ## PWA manifest support. location ~ /manifest.json { try_files $uri /index.php?$query_string; @@ -55,5 +150,7 @@ server { location ~* \.(js|css|ttf|json)$ { gzip_static on; } + + } diff --git a/Docker/php/Dockerfile b/Docker/php/Dockerfile index 48cffd4..fc91cad 100644 --- a/Docker/php/Dockerfile +++ b/Docker/php/Dockerfile @@ -1,4 +1,4 @@ -FROM php:7.4-fpm +FROM php:8.1-fpm-bullseye RUN apt-get update && apt-get install -y \ libfreetype6-dev \ @@ -19,7 +19,7 @@ RUN apt-get update && apt-get install -y \ docker-php-ext-install opcache && \ docker-php-ext-install bcmath && \ apt-get install -y git vim && \ - pecl install redis-4.3.0 && \ + pecl install redis-5.3.7 && \ pecl install xdebug-3.1.3 && \ docker-php-ext-enable redis xdebug @@ -69,6 +69,10 @@ RUN if getent group ${USER_GNAME} ; then groupdel ${USER_GNAME}; fi &&\ COPY ./bashrc /home/${USER_UNAME}/.bashrc COPY ./inputrc /home/${USER_UNAME}/.inputrc +# https://github.com/ProgDroid/composer_update_autocomplete +RUN mkdir /home/${USER_UNAME}/.bin +COPY ./composer_update_autocomplete /home/${USER_UNAME}/.bin/composer_update_autocomplete +RUN printf "complete -C /home/${USER_UNAME}/.composer_update_autocomplete/src/main.rs composer update" >> /home/${USER_UNAME}/.bashrc # https://dev.to/s1ntaxe770r/how-to-setup-ssh-within-a-docker-container-i5i RUN apt-get install -y openssh-server openssh-client diff --git a/Docker/php/composer_update_autocomplete b/Docker/php/composer_update_autocomplete new file mode 100755 index 0000000..4195acd Binary files /dev/null and b/Docker/php/composer_update_autocomplete differ diff --git a/Makefile b/Makefile index 69a4b37..7e38bde 100644 --- a/Makefile +++ b/Makefile @@ -41,6 +41,12 @@ buildnpm: buildnpmnc: docker-compose build --no-cache --build-arg USER_UID=$(USER_UID) --build-arg USER_UNAME=$(USER_UNAME) --build-arg USER_GID=$(USER_GID) --build-arg USER_GNAME=$(USER_GNAME) npm +buildmysql: + docker-compose build --build-arg USER_UID=$(USER_UID) --build-arg USER_UNAME=$(USER_UNAME) --build-arg USER_GID=$(USER_GID) --build-arg USER_GNAME=$(USER_GNAME) mysql + +buildmysqlnc: + docker-compose build --no-cache --build-arg USER_UID=$(USER_UID) --build-arg USER_UNAME=$(USER_UNAME) --build-arg USER_GID=$(USER_GID) --build-arg USER_GNAME=$(USER_GNAME) mysql + up: docker-compose up -d @@ -72,6 +78,9 @@ restart_php: restart_npm : docker-compose restart npm +restart_mysql : + docker-compose restart mysql + exec_php: docker exec -it materiod8-php-1 bash diff --git a/docker-compose.yml b/docker-compose.yml index 9b95c1d..8b80c2b 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -17,21 +17,21 @@ services: MYSQL_USER: "${DB_USERNAME}" MYSQL_PASSWORD: "${DB_PASSWORD}" - mysql-legacy: - image: mariadb:latest - volumes: - - db-data-legacy:/var/lib/mysql - - ./Docker/mysql/mysql.cnf:/etc/mysql/conf.d/custom.cnf:ro - - ./Docker/mysql/bashrc:/root/.bashrc:ro - - "${DB_IMPORTE_FILE_D7}:/docker-entrypoint-initdb.d/materio_d7.sql" - networks: - - database - hostname: mysql-legacy - environment: - MYSQL_ROOT_PASSWORD: "${DB_ROOT_PASSWORD}" - MYSQL_DATABASE: "${DB_LEGACY_NAME}" - MYSQL_USER: "${DB_USERNAME}" - MYSQL_PASSWORD: "${DB_PASSWORD}" + # mysql-legacy: + # image: mariadb:latest + # volumes: + # - db-data-legacy:/var/lib/mysql + # - ./Docker/mysql/mysql.cnf:/etc/mysql/conf.d/custom.cnf:ro + # - ./Docker/mysql/bashrc:/root/.bashrc:ro + # - "${DB_IMPORTE_FILE_D7}:/docker-entrypoint-initdb.d/materio_d7.sql" + # networks: + # - database + # hostname: mysql-legacy + # environment: + # MYSQL_ROOT_PASSWORD: "${DB_ROOT_PASSWORD}" + # MYSQL_DATABASE: "${DB_LEGACY_NAME}" + # MYSQL_USER: "${DB_USERNAME}" + # MYSQL_PASSWORD: "${DB_PASSWORD}" redis: image: redis:4 @@ -44,16 +44,16 @@ services: ports: - "6389" - redis-legacy: - image: redis:3 - command: redis-server /usr/local/etc/redis.conf - volumes: - - redis-legacy-data:/data - - ./Docker/redis/redis.conf:/usr/local/etc/redis.conf - networks: - - redis - ports: - - "6388" + # redis-legacy: + # image: redis:3 + # command: redis-server /usr/local/etc/redis.conf + # volumes: + # - redis-legacy-data:/data + # - ./Docker/redis/redis.conf:/usr/local/etc/redis.conf + # networks: + # - redis + # ports: + # - "6388" solr-new: build: ./Docker/solr/ @@ -73,14 +73,14 @@ services: ports: - 8985:8983 - solr-legacy: - build: ./Docker/solr-legacy/ - volumes: - - solr-cores-legacy:/opt/solr/server/solr - networks: - - solr - ports: - - 8983:8983 + # solr-legacy: + # build: ./Docker/solr-legacy/ + # volumes: + # - solr-cores-legacy:/opt/solr/server/solr + # networks: + # - solr + # ports: + # - 8983:8983 php: @@ -109,28 +109,28 @@ services: # mem_limit: 512m depends_on: - mysql - - mysql-legacy + # - mysql-legacy - redis - solr-new - php-legacy: - build: ./Docker/php-legacy/ - expose: - - 9000 - volumes: - - php-legacy-root-data:/root - - "${LEGACY_ROOT}:/var/www/html" - - "${LOG_ROOT}/php-legacy:/var/log:rw" - working_dir: "/var/www/html" - networks: - - database - - redis - - server - - solr - depends_on: - - mysql-legacy - - redis-legacy - - solr-legacy + # php-legacy: + # build: ./Docker/php-legacy/ + # expose: + # - 9000 + # volumes: + # - php-legacy-root-data:/root + # - "${LEGACY_ROOT}:/var/www/html" + # - "${LOG_ROOT}/php-legacy:/var/log:rw" + # working_dir: "/var/www/html" + # networks: + # - database + # - redis + # - server + # - solr + # depends_on: + # - mysql-legacy + # - redis-legacy + # - solr-legacy phpmyadmin: image: phpmyadmin/phpmyadmin @@ -140,9 +140,9 @@ services: - database depends_on: - mysql - - mysql-legacy + # - mysql-legacy environment: - PMA_HOSTS: mysql,mysql-legacy + PMA_HOSTS: mysql #,mysql-legacy nginx: build: ./Docker/nginx/ @@ -150,7 +150,7 @@ services: - 8890:80 volumes: - "${PROJECT_ROOT}:/var/www/html/d8.materio.com/public_html" - - "${LEGACY_ROOT}:/var/www/html/d7.materio.com/public_html" + # - "${LEGACY_ROOT}:/var/www/html/d7.materio.com/public_html" - "${LOG_ROOT}:/var/log:rw" working_dir: "/var/www/html/d8.materio.com/public_html" networks: @@ -159,18 +159,18 @@ services: depends_on: - php - nginx-legacy: - build: ./Docker/nginx-legacy/ - ports: - - 8880:80 - volumes: - - "${LEGACY_ROOT}:/var/www/html" - - "${LOG_ROOT}:/var/log:rw" - networks: - - server - - solr - depends_on: - - php-legacy + # nginx-legacy: + # build: ./Docker/nginx-legacy/ + # ports: + # - 8880:80 + # volumes: + # - "${LEGACY_ROOT}:/var/www/html" + # - "${LOG_ROOT}:/var/log:rw" + # networks: + # - server + # - solr + # depends_on: + # - php-legacy npm: build: ./Docker/npm @@ -189,12 +189,12 @@ services: volumes: php-user-data: - php-legacy-root-data: + # php-legacy-root-data: db-data: - db-data-legacy: + # db-data-legacy: redis-data: - redis-legacy-data: - solr-cores-legacy: + # redis-legacy-data: + # solr-cores-legacy: # solr-cores: npm-user-data: diff --git a/solr_data/.gitkeep b/solr_data/.gitkeep new file mode 100644 index 0000000..e69de29 diff --git a/var_solr/.gitkeep b/var_solr/.gitkeep new file mode 100644 index 0000000..e69de29