Navigation Menu

Skip to content

Instantly share code, notes, and snippets.

@lgobatto

lgobatto/docker-compose.yml

Last active February 19, 2019 23:43
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save lgobatto/64a1f4a3647f5fe0cfe85a43dd22a8fd to your computer and use it in GitHub Desktop.
Save lgobatto/64a1f4a3647f5fe0cfe85a43dd22a8fd to your computer and use it in GitHub Desktop.
Download ZIP
Raw
docker-compose.yml
version: '3.5'
services:
php:
image: easyengine/php:v4.0.0
restart: always
labels:
- "io.easyengine.site=${VIRTUAL_HOST}"
volumes:
- "htdocs:/var/www"
- "config_php:/usr/local/etc"
- "log_php:/var/log/php"
environment:
- WORDPRESS_DB_HOST
- WORDPRESS_DB_NAME
- WORDPRESS_DB_USER
- WORDPRESS_DB_PASSWORD
- USER_ID
- GROUP_ID
- VIRTUAL_HOST
external_links:
- services_global-nginx-proxy_1:${VIRTUAL_HOST}
networks:
site-network:
aliases:
- ${VIRTUAL_HOST}_php
global-backend-network:
nginx:
image: easyengine/nginx:v4.0.0
depends_on:
- php
restart: always
labels:
- "io.easyengine.site=${VIRTUAL_HOST}"
volumes:
- "htdocs:/var/www"
- "config_nginx:/usr/local/openresty/nginx/conf"
- "log_nginx:/var/log/nginx"
environment:
- VIRTUAL_HOST
- VIRTUAL_PATH=/
- HSTS=off
external_links:
- services_global-nginx-proxy_1:${VIRTUAL_HOST}
networks:
global-frontend-network:
site-network:
mailhog:
image: easyengine/mailhog:v4.0.0
restart: always
command: ["-invite-jim=false"]
labels:
- "io.easyengine.site=${VIRTUAL_HOST}"
environment:
- VIRTUAL_HOST
- VIRTUAL_PATH=/ee-admin/mailhog/
- VIRTUAL_PORT=8025
external_links:
- services_global-nginx-proxy_1:${VIRTUAL_HOST}
networks:
site-network:
global-frontend-network:
postfix:
image: easyengine/postfix:v4.0.0
hostname: ${VIRTUAL_HOST}
restart: always
labels:
- "io.easyengine.site=${VIRTUAL_HOST}"
volumes:
- "/dev/log:/dev/log"
- "data_postfix:/var/spool/postfix"
- "ssl_postfix:/etc/ssl/postfix"
- "config_postfix:/etc/postfix"
external_links:
- services_global-nginx-proxy_1:${VIRTUAL_HOST}
networks:
site-network:
volumes:
htdocs:
external:
name: exoticospet_htdocs
config_nginx:
external:
name: exoticospet_config_nginx
config_php:
external:
name: exoticospet_config_php
log_php:
external:
name: exoticospet_log_php
log_nginx:
external:
name: exoticospet_log_nginx
data_postfix:
external:
name: exoticospet_data_postfix
ssl_postfix:
external:
name: exoticospet_ssl_postfix
config_postfix:
external:
name: exoticospet_config_postfix
networks:
site-network:
name: ${VIRTUAL_HOST}
labels:
- "org.label-schema.vendor=EasyEngine"
- "io.easyengine.site=${VIRTUAL_HOST}"
global-frontend-network:
external:
name: ee-global-frontend-network
global-backend-network:
external:
name: ee-global-backend-network
Raw
main.conf
# Add your custom config in custom/user.conf
# ALL CHANGES IN THIS FILE WILL BE LOST AFTER EasyEngine Update
upstream php {
server exoticos.pet_php:9000;
}
server {
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
root /var/www/htdocs;
server_name exoticos.pet;
index index.php index.html index.htm;
# PHP NGINX CONFIGURATION
location / {
try_files $uri $uri/ /index.php?$args;
}
location ~ \.php$ {
try_files $uri =404;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
fastcgi_pass php;
}
# WordPress COMMON SETTINGS
# Limit access to avoid brute force attack
location = /wp-login.php {
limit_req zone=one burst=1 nodelay;
include fastcgi_params;
fastcgi_pass php;
}
# Disable wp-config.txt
location = /wp-config.txt {
deny all;
access_log off;
log_not_found off;
}
# Disallow php in upload folder
location /wp-content/uploads/ {
location ~ \.php$ {
#Prevent Direct Access Of PHP Files From Web Browsers
deny all;
}
}
# NGINX CONFIGURATION FOR COMMON LOCATION
# Basic locations files
location = /favicon.ico {
access_log off;
log_not_found off;
expires max;
}
location = /robots.txt {
# Some WordPress plugin gererate robots.txt file
# Refer #340 issue
try_files $uri $uri/ /index.php?$args;
access_log off;
log_not_found off;
}
# Cache static files
location ~* \.(ogg|ogv|svg|svgz|eot|otf|woff|woff2|mp4|ttf|rss|atom|jpg|jpeg|gif|png|ico|zip|tgz|gz|rar|bz2|doc|xls|exe|ppt|tar|mid|midi|wav|bmp|rtf|swf)$ {
add_header "Access-Control-Allow-Origin" "*";
access_log off;
log_not_found off;
expires max;
}
# Security settings for better privacy
# Allow LetsEncrypt HTTP challenge URL
location ^~ /.well-known/acme-challenge/ {
auth_basic off;
allow all;
try_files $uri =404;
break;
}
# Deny hidden files
location ~ /\. {
deny all;
access_log off;
log_not_found off;
}
# Deny backup extensions & log files
location ~* ^.+\.(bak|log|old|orig|original|php#|php~|php_bak|save|swo|swp|sql)$ {
deny all;
access_log off;
log_not_found off;
}
# Return 403 forbidden for readme.(txt|html) or license.(txt|html) or example.(txt|html)
if ($uri ~* "^.+(readme|license|example)\.(txt|html)$") {
return 403;
}
# Status pages
location = /ee-admin/nginx_status {
stub_status on;
access_log off;
}
location = /ee-admin/status {
include fastcgi_params;
fastcgi_pass php;
}
location = /ee-admin/ping {
include fastcgi_params;
fastcgi_pass php;
}
location ~* \.(css|js)$ {
expires 1d;
add_header Cache-Control "public, must-revalidate";
}
client_max_body_size 100m;
include /usr/local/openresty/nginx/conf/custom/*.conf;
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment