dockerfile

FROM alpine:latest
EXPOSE 10120
WORKDIR /var/www/html
RUN sed -i 's/dl-cdn.alpinelinux.org/mirrors.aliyun.com/g' /etc/apk/repositories \
    && apk add nginx supervisor php7-fpm php7-session php7-json php7-gd php7-exif git wget unzip zip\
    && mkdir -p /var/www/html/Public \
    && wget https://release.larsjung.de/h5ai/h5ai-0.29.2.zip \
    && unzip h5ai-0.29.2.zip \
    && cp -rp /var/www/html/_h5ai  /var/www/html/Public/_h5ai \
    && rm h5ai-0.29.2.zip \
    && mkdir /run/nginx

ADD ./supervisord.conf /etc/supervisor/conf.d/supervisord.conf
ADD ./nginx.conf /etc/nginx/nginx.conf
ADD ./php.ini /etc/php7/php.ini
RUN rm /etc/nginx/conf.d/default.conf

RUN chown -R nobody.nobody /var/www/html && \
  chown -R nobody.nobody /run && \
  chown -R nobody.nobody /var/lib/nginx && \
  chown -R nobody.nobody /var/log/nginx && \
  chown -R nobody.nobody /var/log/php7

USER nobody
ADD --chown=nobody ./flag.txt /var/www/html/
ADD --chown=nobody ./dockerfile ./nginx.conf /var/www/html/Public/

CMD ["/usr/bin/supervisord", "-c", "/etc/supervisor/conf.d/supervisord.conf"]

nginx.conf

worker_processes 1;
error_log stderr warn;
pid /run/nginx.pid;
user nobody;

events {
    worker_connections 1024;
}

http {
    include mime.types;
    default_type application/octet-stream;

    # Define custom log format to include reponse times
    log_format main_timed '$remote_addr - $remote_user [$time_local] "$request" '
                          '$status $body_bytes_sent "$http_referer" '
                          '"$http_user_agent" "$http_x_forwarded_for" '
                          '$request_time $upstream_response_time $pipe $upstream_cache_status';

    access_log /dev/stdout main_timed;
    error_log /dev/stderr notice;

    keepalive_timeout 65;

    server_tokens off;

    # Write temporary files to /tmp so they can be created as a non-privileged user
    client_body_temp_path /tmp/client_temp;
    proxy_temp_path /tmp/proxy_temp_path;
    fastcgi_temp_path /tmp/fastcgi_temp;
    uwsgi_temp_path /tmp/uwsgi_temp;
    scgi_temp_path /tmp/scgi_temp;

server{
    # Docker 内部的地址，无关紧要
    listen 10120;
    server_name _;

    root /var/www/html;
    index index.php index.html /_h5ai/public/index.php;

    # _h5ai/private 文件夹下的内容是不可直接访问的，设置屏蔽
    location ~ _h5ai/private {
        deny all;
    }

    # 根目录是私有目录，使用 basic auth 进行认证，只有我（超极致的小 C)自己可以访问
    location / {
        auth_basic "easy h5ai. For visitors, please refer to public directory at `/Public!`";
        auth_basic_user_file /etc/nginx/conf.d/htpasswd;
    }

    # Public 目录是公开的，任何人都可以访问，便于我给大家分享文件
    location /Public {
        allow all;
        index /Public/_h5ai/public/index.php;
    }

    # PHP 的 fastcgi 配置，将请求转发给 php-fpm
    location ~ \.php$ {
             fastcgi_pass   127.0.0.1:9000;
             fastcgi_index  index.php;
             fastcgi_param  SCRIPT_FILENAME  $document_root$fastcgi_script_name;
             include        fastcgi_params;
    }

    location ~ /\. {
        log_not_found off;
        deny all;
    }
}
    
    gzip on;
    gzip_proxied any;
    gzip_types text/plain application/xml text/css text/js text/xml application/x-javascript text/javascript application/json application/xml+rss;
    gzip_vary on;
    gzip_disable "msie6";
    
    # Include other server configs
    include /etc/nginx/conf.d/*.conf;
}