lo48576/docker-compose.yaml

## docker-compose.yaml
version: "2.1"

services:
  nginx-proxy:
    restart: always
    # nginx:latest uses debian.
    #image: nginx:latest
    # alpine version uses newer openssl and supports ALPN (i.e. it supports http/2 better) (2017-01-19).
    image: nginx:alpine
    ports:
      - "80:80"
      - "443:443"
    volumes:
      - ./volumes/static/nginx/nginx.conf:/etc/nginx/nginx.conf:ro
      - ./volumes/static/nginx/conf.d:/etc/nginx/conf.d:ro
      - ./volumes/static/nginx/sites-enabled:/etc/nginx/sites-enabled:ro
      - ./volumes/dynamic/nginx/html:/usr/share/nginx/html:ro
      - ./volumes/dynamic/certbot/etc-letsencrypt:/etc/nginx/certs:ro
    links:
      - gnusocial
    networks:
      - open-net
      - internal-net
  mariadb-gnusocial:
    restart: always
    image: mariadb:latest
    volumes:
      - ./volumes/dynamic/mariadb/data:/var/lib/mysql
      - ./volumes/static/mariadb/mariadb.conf.d:/etc/mysql/mariadb.conf.d:ro
    env_file:
      - './mariadb-gnusocial.env'
    networks:
      - internal-net
  gnusocial:
    restart: always
    build: ./docker-gnusocial
    volumes:
      - ./volumes/dynamic/gnusocial/gnu-social-repo:/var/www/gnusocial
      - ./volumes/dynamic/gnusocial/log:/var/log/gnusocial
      #- ./volumes/dynamic/gnusocial/avatar:/var/www/gnusocial/avatar
      #- ./volumes/dynamic/gnusocial/file:/var/www/gnusocial/file
      - ./volumes/static/gnusocial/nginx.conf:/etc/nginx/nginx.conf:ro
      - ./volumes/static/gnusocial/initial_users.txt:/initial_users.txt:ro
    networks:
      - open-net
      - internal-net
    links:
      - mariadb-gnusocial

networks:
  open-net:
    driver: bridge
    enable_ipv6: true
    ipam:
      driver: default
      config:
        - subnet: 172.32.0.0/24
          gateway: 172.32.0.1
        - subnet: 2400:8500:ほげげほ::/64
          gateway: 2400:8500:ほげほげ
          ip_range: 2400:8500:ほげほげ/126
  internal-net:
    driver: bridge
    internal: true
    ipam:
      driver: default

## docker-gnusocial／Dockerfile
FROM debian:stretch

ENV LANG C
ENV DEBIAN_FRONTEND noninteractive

RUN apt-get update -q && apt-get install -y \
    php7.0-bcmath php7.0-curl php7.0-exif php7.0-gd php7.0-intl \
    php7.0-mbstring php7.0-mysql php7.0-opcache php7.0-readline php7.0-xmlwriter \
    php7.0-fpm nginx-full rsync php7.0-gmp php7.0-json \
    git-core make gettext \
    curl php7.0-cli \
    && apt-get clean \
    && rm -rf /var/lib/apt/lists/*

# See http://php.net/manual/en/opcache.installation.php .
RUN sed -i \
        -e 's/^;\?\(opcache\.enable\)=.*$/\1=1/' \
        -e 's/^;\?\(opcache\.enable_cli\)=.*$/\1=1/' \
        -e 's/^;\?\(opcache\.memory_consumption\)=.*$/\1=128/' \
        -e 's/^;\?\(opcache\.interned_strings_buffer\)=.*$/\1=8/' \
        -e 's/^;\?\(opcache\.max_accelerated_files\)=.*$/\1=4000/' \
        -e 's/^;\?\(opcache\.revalidate_freq\)=.*$/\1=60/' \
        -e 's/^;\?\(opcache\.fast_shutdown\)=.*$/\1=1/' \
        /etc/php/7.0/fpm/php.ini \
    && sed -i \
        -e 's/^;\?\(listen\.owner\) *= *.*$/\1 = root/g' \
        -e 's/^;\?\(listen\.group\) *= *.*$/\1 = root/g' \
        -e 's/^;\?\(listen\.mode\) *= *.*$/\1 = 0660/g' \
        /etc/php/7.0/fpm/pool.d/www.conf \
    && sed -i \
        -e 's/^;\?\(memory_limit\) *= *.*$/\1 = 300M/g' \
        /etc/php/7.0/fpm/php.ini \
    && sed -i \
        -e 's/^;\?\(mysqli\.reconnect\)=.*$/\1=On/' \
        -e 's/^;\?\(mysqli\.allow_persistent\)=.*$/\1=On/' \
        -e 's/^;\?\(memory_limit\) *= *.*$/\1 = 300M/g' \
        /etc/php/7.0/cli/php.ini

COPY start.sh /start.sh
RUN chmod 500 /start.sh

EXPOSE 80
CMD ["/start.sh"]

## docker-gnusocial／start.sh
#!/bin/sh
set -eu

sigterm_handler() {
    echo "Shutting down nginx (PID=${NGINX_PID})..."
    kill "${NGINX_PID}"
    echo 'nginx stopped.'
    echo 'Shutting down queuedaemons...'
    /var/www/gnusocial/scripts/stopdaemons.sh
    echo 'queuedaemons stopped.'
    echo 'Shutting down php7.0-fpm...'
    service php7.0-fpm stop
    echo 'php7.0-fpm stopped.'
    echo 'Bye.'
    exit 0
}

setup_plugin() {
    DIR_NAME="$1"
    REPO="$2"
    COMMIT="${3:-master}"
    ORIGIN_COMMIT="origin/${COMMIT}"
    PLUGIN_DIR="/var/www/gnusocial/local/plugins/${DIR_NAME}"

    echo "Setting up plugin: ${DIR_NAME}"
    if [ ! -d "$PLUGIN_DIR" ] ; then
        echo "Installing plugin: ${DIR_NAME}, commit ${COMMIT}"
        git clone "$REPO" "$PLUGIN_DIR"
        git checkout -f "${COMMIT}"
        echo "Install done: ${DIR_NAME}"
    else
        echo "Updating plugin: ${DIR_NAME}, commit ${COMMIT}"
        cd "$PLUGIN_DIR"
        git fetch || true
        git reset --hard "${ORIGIN_COMMIT}"
        git checkout -f "${COMMIT}"
        echo "Update done: ${DIR_NAME}"
    fi
}

: "Setup gnu-social" && {
    echo 'Setup gnu-social'
    cd /var/www/gnusocial
    BRANCH="instance/gnusocial.cardina1.red"
    if [ ! -d /var/www/gnusocial/.git ] ; then
        git init
        git remote add origin https://github.com/lo48576/gnu-social.git
        git fetch
    fi
    git checkout "$BRANCH" && git pull --ff-only origin || {
        git fetch || true
        git reset --hard "origin/${BRANCH}"
        # Note that `git clean -df` may remove data directories (which should not be removed).
        #git clean -df
    }
    if [ -f config.php ] ; then
        chmod 644 config.php
    fi
}
: "Update l10n data" && {
    echo 'Update l10n data'
    cd /var/www/gnusocial
    make || {
        make clean
        make || true
    }
}


: "Install plugins" && {
    echo 'Install plugins'
    mkdir -p /var/www/gnusocial/local/plugins

    # Qvitter plugin.
    setup_plugin Qvitter https://git.gnu.io/h2p/Qvitter.git

    # QvitterPlus plugin.
    #setup_plugin QvitterPlus https://gitgud.io/panjoozek413/qvitterplus.git
    setup_plugin QvitterPlus https://gitgud.io/lo48576/qvitterplus.git fix/queetbox-behavior

    # GSGreenText plugin.
    # See https://gitgud.io/ShitposterClub/GSGreenText .
    setup_plugin GSGreenText https://gitgud.io/ShitposterClub/GSGreenText.git

    echo 'Plugins installed.'
}

: "Check DB schema" && {
    echo 'Check DB schema'
    # Should `checkschema.php` be executed when the gnusocial is running...?
    # You can do `sudo nsenter --target $(docker inspect --format '{{.State.Pid}}'  dockercompose_gnusocial_1) --mount --uts --ipc --net --pid` instead.
    # This would fail if the DB has not been initialized yet.
    php /var/www/gnusocial/scripts/checkschema.php -x TwitterBridge,InfiniteScroll,Qvitter,StoreRemoteMedia,QvitterPlus,GSGreenText || true
}

: "Prepare data directories" && {
    echo 'Prepare data directories'
    cd /var/www/gnusocial
    mkdir -p file avatar

    chmod a+w /var/www/gnusocial
    chmod a+w /var/www/gnusocial/avatar
    chmod a+w /var/www/gnusocial/file
}

: "Setup users" && {
    echo 'Setup users'
    if [ -f /var/www/gnusocial/config.php -a -f /initial_users.txt ] ; then
        cat /initial_users.txt | while read line ; do
            OP="$(echo "$line" | cut -d: -f1)"
            NICKNAME="$(echo "$line" | cut -d: -f2)"
            if echo "$line" | grep -q '^#' ; then
                OP="#"
            fi
            case "$OP" in
                'create')
                    PASSWORD="$(echo "$line" | cut -d: -f3 | base64 -d)"
                    # This will fail if the user already exists.
                    php /var/www/gnusocial/scripts/registeruser.php --nickname "$NICKNAME" --password "$PASSWORD" || true
                    echo "start.sh: created user '${NICKNAME}', with password '${PASSWORD}'"
                    ;;
                'delete')
                    # This will fail if the user doesn't exist.
                    php /var/www/gnusocial/scripts/deleteprofile.php --nickname "$NICKNAME" --yes || true
                    echo "start.sh: deleted user '${NICKNAME}'"
                    ;;
                '#')
                    : 'Comment line.'
                    ;;
                *)
                    echo "start.sh: unexpected op '${OP}'"
                    ;;
            esac
        done
    fi
}

cd

trap 'sigterm_handler' 1 2 3 15

echo 'starting php7.0-fpm for gnu-social'
#systemctl start php7.0-fpm
service php7.0-fpm start
echo 'php7.0-fpm started.'

echo 'starting queuedaemons'
/var/www/gnusocial/scripts/startdaemons.sh
echo 'queuedaemons started.'

echo 'starting nginx for gnu-social'
#/usr/bin/nginx -g "daemon off;"
nginx & NGINX_PID="${!}"

echo 'nginx started.'

sleep infinity & wait $!

# Should never be reached.
echo 'finished gnu-social `start.sh`'
	version: "2.1"

	services:
	nginx-proxy:
	restart: always
	# nginx:latest uses debian.
	#image: nginx:latest
	# alpine version uses newer openssl and supports ALPN (i.e. it supports http/2 better) (2017-01-19).
	image: nginx:alpine
	ports:
	- "80:80"
	- "443:443"
	volumes:
	- ./volumes/static/nginx/nginx.conf:/etc/nginx/nginx.conf:ro
	- ./volumes/static/nginx/conf.d:/etc/nginx/conf.d:ro
	- ./volumes/static/nginx/sites-enabled:/etc/nginx/sites-enabled:ro
	- ./volumes/dynamic/nginx/html:/usr/share/nginx/html:ro
	- ./volumes/dynamic/certbot/etc-letsencrypt:/etc/nginx/certs:ro
	links:
	- gnusocial
	networks:
	- open-net
	- internal-net
	mariadb-gnusocial:
	restart: always
	image: mariadb:latest
	volumes:
	- ./volumes/dynamic/mariadb/data:/var/lib/mysql
	- ./volumes/static/mariadb/mariadb.conf.d:/etc/mysql/mariadb.conf.d:ro
	env_file:
	- './mariadb-gnusocial.env'
	networks:
	- internal-net
	gnusocial:
	restart: always
	build: ./docker-gnusocial
	volumes:
	- ./volumes/dynamic/gnusocial/gnu-social-repo:/var/www/gnusocial
	- ./volumes/dynamic/gnusocial/log:/var/log/gnusocial
	#- ./volumes/dynamic/gnusocial/avatar:/var/www/gnusocial/avatar
	#- ./volumes/dynamic/gnusocial/file:/var/www/gnusocial/file
	- ./volumes/static/gnusocial/nginx.conf:/etc/nginx/nginx.conf:ro
	- ./volumes/static/gnusocial/initial_users.txt:/initial_users.txt:ro
	networks:
	- open-net
	- internal-net
	links:
	- mariadb-gnusocial

	networks:
	open-net:
	driver: bridge
	enable_ipv6: true
	ipam:
	driver: default
	config:
	- subnet: 172.32.0.0/24
	gateway: 172.32.0.1
	- subnet: 2400:8500:ほげげほ::/64
	gateway: 2400:8500:ほげほげ
	ip_range: 2400:8500:ほげほげ/126
	internal-net:
	driver: bridge
	internal: true
	ipam:
	driver: default
	FROM debian:stretch

	ENV LANG C
	ENV DEBIAN_FRONTEND noninteractive

	RUN apt-get update -q && apt-get install -y \
	php7.0-bcmath php7.0-curl php7.0-exif php7.0-gd php7.0-intl \
	php7.0-mbstring php7.0-mysql php7.0-opcache php7.0-readline php7.0-xmlwriter \
	php7.0-fpm nginx-full rsync php7.0-gmp php7.0-json \
	git-core make gettext \
	curl php7.0-cli \
	&& apt-get clean \
	&& rm -rf /var/lib/apt/lists/*

	# See http://php.net/manual/en/opcache.installation.php .
	RUN sed -i \
	-e 's/^;\?\(opcache\.enable\)=.*$/\1=1/' \
	-e 's/^;\?\(opcache\.enable_cli\)=.*$/\1=1/' \
	-e 's/^;\?\(opcache\.memory_consumption\)=.*$/\1=128/' \
	-e 's/^;\?\(opcache\.interned_strings_buffer\)=.*$/\1=8/' \
	-e 's/^;\?\(opcache\.max_accelerated_files\)=.*$/\1=4000/' \
	-e 's/^;\?\(opcache\.revalidate_freq\)=.*$/\1=60/' \
	-e 's/^;\?\(opcache\.fast_shutdown\)=.*$/\1=1/' \
	/etc/php/7.0/fpm/php.ini \
	&& sed -i \
	-e 's/^;\?\(listen\.owner\) = .*$/\1 = root/g' \
	-e 's/^;\?\(listen\.group\) = .*$/\1 = root/g' \
	-e 's/^;\?\(listen\.mode\) = .*$/\1 = 0660/g' \
	/etc/php/7.0/fpm/pool.d/www.conf \
	&& sed -i \
	-e 's/^;\?\(memory_limit\) = .*$/\1 = 300M/g' \
	/etc/php/7.0/fpm/php.ini \
	&& sed -i \
	-e 's/^;\?\(mysqli\.reconnect\)=.*$/\1=On/' \
	-e 's/^;\?\(mysqli\.allow_persistent\)=.*$/\1=On/' \
	-e 's/^;\?\(memory_limit\) = .*$/\1 = 300M/g' \
	/etc/php/7.0/cli/php.ini

	COPY start.sh /start.sh
	RUN chmod 500 /start.sh

	EXPOSE 80
	CMD ["/start.sh"]
	#!/bin/sh
	set -eu

	sigterm_handler() {
	echo "Shutting down nginx (PID=${NGINX_PID})..."
	kill "${NGINX_PID}"
	echo 'nginx stopped.'
	echo 'Shutting down queuedaemons...'
	/var/www/gnusocial/scripts/stopdaemons.sh
	echo 'queuedaemons stopped.'
	echo 'Shutting down php7.0-fpm...'
	service php7.0-fpm stop
	echo 'php7.0-fpm stopped.'
	echo 'Bye.'
	exit 0
	}

	setup_plugin() {
	DIR_NAME="$1"
	REPO="$2"
	COMMIT="${3:-master}"
	ORIGIN_COMMIT="origin/${COMMIT}"
	PLUGIN_DIR="/var/www/gnusocial/local/plugins/${DIR_NAME}"

	echo "Setting up plugin: ${DIR_NAME}"
	if [ ! -d "$PLUGIN_DIR" ] ; then
	echo "Installing plugin: ${DIR_NAME}, commit ${COMMIT}"
	git clone "$REPO" "$PLUGIN_DIR"
	git checkout -f "${COMMIT}"
	echo "Install done: ${DIR_NAME}"
	else
	echo "Updating plugin: ${DIR_NAME}, commit ${COMMIT}"
	cd "$PLUGIN_DIR"
	git fetch \|\| true
	git reset --hard "${ORIGIN_COMMIT}"
	git checkout -f "${COMMIT}"
	echo "Update done: ${DIR_NAME}"
	fi
	}

	: "Setup gnu-social" && {
	echo 'Setup gnu-social'
	cd /var/www/gnusocial
	BRANCH="instance/gnusocial.cardina1.red"
	if [ ! -d /var/www/gnusocial/.git ] ; then
	git init
	git remote add origin https://github.com/lo48576/gnu-social.git
	git fetch
	fi
	git checkout "$BRANCH" && git pull --ff-only origin \|\| {
	git fetch \|\| true
	git reset --hard "origin/${BRANCH}"
	# Note that `git clean -df` may remove data directories (which should not be removed).
	#git clean -df
	}
	if [ -f config.php ] ; then
	chmod 644 config.php
	fi
	}
	: "Update l10n data" && {
	echo 'Update l10n data'
	cd /var/www/gnusocial
	make \|\| {
	make clean
	make \|\| true
	}
	}


	: "Install plugins" && {
	echo 'Install plugins'
	mkdir -p /var/www/gnusocial/local/plugins

	# Qvitter plugin.
	setup_plugin Qvitter https://git.gnu.io/h2p/Qvitter.git

	# QvitterPlus plugin.
	#setup_plugin QvitterPlus https://gitgud.io/panjoozek413/qvitterplus.git
	setup_plugin QvitterPlus https://gitgud.io/lo48576/qvitterplus.git fix/queetbox-behavior

	# GSGreenText plugin.
	# See https://gitgud.io/ShitposterClub/GSGreenText .
	setup_plugin GSGreenText https://gitgud.io/ShitposterClub/GSGreenText.git

	echo 'Plugins installed.'
	}

	: "Check DB schema" && {
	echo 'Check DB schema'
	# Should `checkschema.php` be executed when the gnusocial is running...?
	# You can do `sudo nsenter --target $(docker inspect --format '{{.State.Pid}}' dockercompose_gnusocial_1) --mount --uts --ipc --net --pid` instead.
	# This would fail if the DB has not been initialized yet.
	php /var/www/gnusocial/scripts/checkschema.php -x TwitterBridge,InfiniteScroll,Qvitter,StoreRemoteMedia,QvitterPlus,GSGreenText \|\| true
	}

	: "Prepare data directories" && {
	echo 'Prepare data directories'
	cd /var/www/gnusocial
	mkdir -p file avatar

	chmod a+w /var/www/gnusocial
	chmod a+w /var/www/gnusocial/avatar
	chmod a+w /var/www/gnusocial/file
	}

	: "Setup users" && {
	echo 'Setup users'
	if [ -f /var/www/gnusocial/config.php -a -f /initial_users.txt ] ; then
	cat /initial_users.txt \| while read line ; do
	OP="$(echo "$line" \| cut -d: -f1)"
	NICKNAME="$(echo "$line" \| cut -d: -f2)"
	if echo "$line" \| grep -q '^#' ; then
	OP="#"
	fi
	case "$OP" in
	'create')
	PASSWORD="$(echo "$line" \| cut -d: -f3 \| base64 -d)"
	# This will fail if the user already exists.
	php /var/www/gnusocial/scripts/registeruser.php --nickname "$NICKNAME" --password "$PASSWORD" \|\| true
	echo "start.sh: created user '${NICKNAME}', with password '${PASSWORD}'"
	;;
	'delete')
	# This will fail if the user doesn't exist.
	php /var/www/gnusocial/scripts/deleteprofile.php --nickname "$NICKNAME" --yes \|\| true
	echo "start.sh: deleted user '${NICKNAME}'"
	;;
	'#')
	: 'Comment line.'
	;;
	*)
	echo "start.sh: unexpected op '${OP}'"
	;;
	esac
	done
	fi
	}

	cd

	trap 'sigterm_handler' 1 2 3 15

	echo 'starting php7.0-fpm for gnu-social'
	#systemctl start php7.0-fpm
	service php7.0-fpm start
	echo 'php7.0-fpm started.'

	echo 'starting queuedaemons'
	/var/www/gnusocial/scripts/startdaemons.sh
	echo 'queuedaemons started.'

	echo 'starting nginx for gnu-social'
	#/usr/bin/nginx -g "daemon off;"
	nginx & NGINX_PID="${!}"

	echo 'nginx started.'

	sleep infinity & wait $!

	# Should never be reached.
	echo 'finished gnu-social `start.sh`'