Skip to content

Instantly share code, notes, and snippets.


Coxxs/dockerfile Secret

Created Nov 7, 2020
What would you like to do?
FROM alpine:latest
EXPOSE 10120
WORKDIR /var/www/html
RUN sed -i 's/' /etc/apk/repositories \
&& apk add nginx supervisor php7-fpm php7-session php7-json php7-gd php7-exif git wget unzip zip\
&& mkdir -p /var/www/html/Public \
&& wget \
&& unzip \
&& cp -rp /var/www/html/_h5ai /var/www/html/Public/_h5ai \
&& rm \
&& mkdir /run/nginx
ADD ./supervisord.conf /etc/supervisor/conf.d/supervisord.conf
ADD ./nginx.conf /etc/nginx/nginx.conf
ADD ./php.ini /etc/php7/php.ini
RUN rm /etc/nginx/conf.d/default.conf
RUN chown -R nobody.nobody /var/www/html && \
chown -R nobody.nobody /run && \
chown -R nobody.nobody /var/lib/nginx && \
chown -R nobody.nobody /var/log/nginx && \
chown -R nobody.nobody /var/log/php7
USER nobody
ADD --chown=nobody ./flag.txt /var/www/html/
ADD --chown=nobody ./dockerfile ./nginx.conf /var/www/html/Public/
CMD ["/usr/bin/supervisord", "-c", "/etc/supervisor/conf.d/supervisord.conf"]
worker_processes 1;
error_log stderr warn;
pid /run/;
user nobody;
events {
worker_connections 1024;
http {
include mime.types;
default_type application/octet-stream;
# Define custom log format to include reponse times
log_format main_timed '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for" '
'$request_time $upstream_response_time $pipe $upstream_cache_status';
access_log /dev/stdout main_timed;
error_log /dev/stderr notice;
keepalive_timeout 65;
server_tokens off;
# Write temporary files to /tmp so they can be created as a non-privileged user
client_body_temp_path /tmp/client_temp;
proxy_temp_path /tmp/proxy_temp_path;
fastcgi_temp_path /tmp/fastcgi_temp;
uwsgi_temp_path /tmp/uwsgi_temp;
scgi_temp_path /tmp/scgi_temp;
# Docker 内部的地址,无关紧要
listen 10120;
server_name _;
root /var/www/html;
index index.php index.html /_h5ai/public/index.php;
# _h5ai/private 文件夹下的内容是不可直接访问的,设置屏蔽
location ~ _h5ai/private {
deny all;
# 根目录是私有目录,使用 basic auth 进行认证,只有我(超极致的小 C)自己可以访问
location / {
auth_basic "easy h5ai. For visitors, please refer to public directory at `/Public!`";
auth_basic_user_file /etc/nginx/conf.d/htpasswd;
# Public 目录是公开的,任何人都可以访问,便于我给大家分享文件
location /Public {
allow all;
index /Public/_h5ai/public/index.php;
# PHP 的 fastcgi 配置,将请求转发给 php-fpm
location ~ \.php$ {
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
location ~ /\. {
log_not_found off;
deny all;
gzip on;
gzip_proxied any;
gzip_types text/plain application/xml text/css text/js text/xml application/x-javascript text/javascript application/json application/xml+rss;
gzip_vary on;
gzip_disable "msie6";
# Include other server configs
include /etc/nginx/conf.d/*.conf;
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment