This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| FROM alpine:latest | |
| EXPOSE 10120 | |
| WORKDIR /var/www/html | |
| RUN sed -i 's/dl-cdn.alpinelinux.org/mirrors.aliyun.com/g' /etc/apk/repositories \ | |
| && apk add nginx supervisor php7-fpm php7-session php7-json php7-gd php7-exif git wget unzip zip\ | |
| && mkdir -p /var/www/html/Public \ | |
| && wget https://release.larsjung.de/h5ai/h5ai-0.29.2.zip \ | |
| && unzip h5ai-0.29.2.zip \ | |
| && cp -rp /var/www/html/_h5ai /var/www/html/Public/_h5ai \ | |
| && rm h5ai-0.29.2.zip \ | |
| && mkdir /run/nginx | |
| ADD ./supervisord.conf /etc/supervisor/conf.d/supervisord.conf | |
| ADD ./nginx.conf /etc/nginx/nginx.conf | |
| ADD ./php.ini /etc/php7/php.ini | |
| RUN rm /etc/nginx/conf.d/default.conf | |
| RUN chown -R nobody.nobody /var/www/html && \ | |
| chown -R nobody.nobody /run && \ | |
| chown -R nobody.nobody /var/lib/nginx && \ | |
| chown -R nobody.nobody /var/log/nginx && \ | |
| chown -R nobody.nobody /var/log/php7 | |
| USER nobody | |
| ADD --chown=nobody ./flag.txt /var/www/html/ | |
| ADD --chown=nobody ./dockerfile ./nginx.conf /var/www/html/Public/ | |
| CMD ["/usr/bin/supervisord", "-c", "/etc/supervisor/conf.d/supervisord.conf"] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| worker_processes 1; | |
| error_log stderr warn; | |
| pid /run/nginx.pid; | |
| user nobody; | |
| events { | |
| worker_connections 1024; | |
| } | |
| http { | |
| include mime.types; | |
| default_type application/octet-stream; | |
| # Define custom log format to include reponse times | |
| log_format main_timed '$remote_addr - $remote_user [$time_local] "$request" ' | |
| '$status $body_bytes_sent "$http_referer" ' | |
| '"$http_user_agent" "$http_x_forwarded_for" ' | |
| '$request_time $upstream_response_time $pipe $upstream_cache_status'; | |
| access_log /dev/stdout main_timed; | |
| error_log /dev/stderr notice; | |
| keepalive_timeout 65; | |
| server_tokens off; | |
| # Write temporary files to /tmp so they can be created as a non-privileged user | |
| client_body_temp_path /tmp/client_temp; | |
| proxy_temp_path /tmp/proxy_temp_path; | |
| fastcgi_temp_path /tmp/fastcgi_temp; | |
| uwsgi_temp_path /tmp/uwsgi_temp; | |
| scgi_temp_path /tmp/scgi_temp; | |
| server{ | |
| # Docker 内部的地址,无关紧要 | |
| listen 10120; | |
| server_name _; | |
| root /var/www/html; | |
| index index.php index.html /_h5ai/public/index.php; | |
| # _h5ai/private 文件夹下的内容是不可直接访问的,设置屏蔽 | |
| location ~ _h5ai/private { | |
| deny all; | |
| } | |
| # 根目录是私有目录,使用 basic auth 进行认证,只有我(超极致的小 C)自己可以访问 | |
| location / { | |
| auth_basic "easy h5ai. For visitors, please refer to public directory at `/Public!`"; | |
| auth_basic_user_file /etc/nginx/conf.d/htpasswd; | |
| } | |
| # Public 目录是公开的,任何人都可以访问,便于我给大家分享文件 | |
| location /Public { | |
| allow all; | |
| index /Public/_h5ai/public/index.php; | |
| } | |
| # PHP 的 fastcgi 配置,将请求转发给 php-fpm | |
| location ~ \.php$ { | |
| fastcgi_pass 127.0.0.1:9000; | |
| fastcgi_index index.php; | |
| fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; | |
| include fastcgi_params; | |
| } | |
| location ~ /\. { | |
| log_not_found off; | |
| deny all; | |
| } | |
| } | |
| gzip on; | |
| gzip_proxied any; | |
| gzip_types text/plain application/xml text/css text/js text/xml application/x-javascript text/javascript application/json application/xml+rss; | |
| gzip_vary on; | |
| gzip_disable "msie6"; | |
| # Include other server configs | |
| include /etc/nginx/conf.d/*.conf; | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment