diff --git a/.dockerignore b/.dockerignore index 757a67a51..e6465a7a1 100644 --- a/.dockerignore +++ b/.dockerignore @@ -1,30 +1,20 @@ -.DS_Store -/.bash_history -/.bash_profile -/.bashrc -/.composer -/.env -/.env.dottie-backup -/.git -/.git-credentials -/.gitconfig -/.gitignore -/.idea -/.vagrant -/bootstrap/cache -/docker-compose-state/ -/Homestead.json -/Homestead.yaml -/node_modules -/npm-debug.log -/public/hot -/public/storage -/public/vendor/horizon -/storage/*.key -/storage/docker -/vendor -/yarn-error.log +# Folders +.git/ +tests/ +mariadb-11-data/ +redis-data/ +node_modules/ +vendor/ +.ddev/ -# Exceptions - these *MUST* be last -!/bootstrap/cache/.gitignore -!/public/vendor/horizon/.gitignore +#Files +.gitignore +.env +.env.* +.env.example +.env.docker.example +docker-compose.yml +Dockerfile +README.md +.editorconfig +.phpunit.result.cache diff --git a/.env.docker b/.env.docker deleted file mode 100644 index d97beea8f..000000000 --- a/.env.docker +++ /dev/null @@ -1,1302 +0,0 @@ -#!/bin/bash -# -*- mode: bash -*- -# vi: ft=bash -# shellcheck disable=SC2034,SC2148 - -# Use Dottie (https://github.com/jippi/dottie) to manage this .env file easier! -# -# For example: -# -# Run [dottie update] to update your [.env] file with upstream (as part of upgrade) -# Run [dottie validate] to validate youe [.env] file -# -# @dottie/source .env.docker - -################################################################################ -# app -################################################################################ - -# The name/title for your site -# @see https://docs.pixelfed.org/technical-documentation/config/#app_name-1 -# @dottie/example My Pixelfed Site -# @dottie/validate required,ne=My Pixelfed Site -APP_NAME= - -# Application domain used for routing. (e.g., pixelfed.org) -# -# @see https://docs.pixelfed.org/technical-documentation/config/#app_domain -# @dottie/example example.com -# @dottie/validate required,ne=example.com,fqdn -APP_DOMAIN="example.com" - -# This URL is used by the console to properly generate URLs when using the Artisan command line tool. -# You should set this to the root of your application so that it is used when running Artisan tasks. -# -# @see https://docs.pixelfed.org/technical-documentation/config/#app_url -# @dottie/validate required,http_url -APP_URL="https://${APP_DOMAIN}" - -# Application domains used for routing. -# -# @see https://docs.pixelfed.org/technical-documentation/config/#admin_domain -# @dottie/validate required,fqdn -ADMIN_DOMAIN="${APP_DOMAIN}" - -# This value determines the “environment” your application is currently running in. -# This may determine how you prefer to configure various services your application utilizes. -# -# @default "production" -# @see https://docs.pixelfed.org/technical-documentation/config/#app_env -# @dottie/validate required,oneof=production dev staging -#APP_ENV="production" - -# When your application is in debug mode, detailed error messages with stack traces will -# be shown on every error that occurs within your application. -# -# If disabled, a simple generic error page is shown. -# -# @default "false" -# @see https://docs.pixelfed.org/technical-documentation/config/#app_debug -# @dottie/validate required,boolean -#APP_DEBUG="false" - -# Disable config cache -# -# If disabled, settings must be managed by .env variables. -# -# @default "false" -# @see https://docs.pixelfed.org/technical-documentation/config/#config_cache -# @dottie/validate required,boolean -ENABLE_CONFIG_CACHE="true" - -# Enable/disable new local account registrations. -# -# @default "true" -# @see https://docs.pixelfed.org/technical-documentation/config/#open_registration -# @dottie/validate required,boolean -#OPEN_REGISTRATION="true" - -# Require email verification before a new user can do anything. -# -# @default "true" -# @see https://docs.pixelfed.org/technical-documentation/config/#enforce_email_verification -# @dottie/validate required,boolean -#ENFORCE_EMAIL_VERIFICATION="true" - -# Allow a maximum number of user accounts. -# -# @default "1000" -# @see https://docs.pixelfed.org/technical-documentation/config/#pf_max_users -# @dottie/validate required,number -#PF_MAX_USERS="1000" - -# Enforce the maximum number of user accounts -# -# @default "true" -# @dottie/validate boolean -#PF_ENFORCE_MAX_USERS="true" - -# @default "false" -# @see https://docs.pixelfed.org/technical-documentation/config/#oauth_enabled -# @dottie/validate required,boolean -#OAUTH_ENABLED="false" - -# ! Do not edit your timezone once the service is running - or things will break! -# -# @default "UTC" -# @see https://docs.pixelfed.org/technical-documentation/config/#app_timezone -# @see https://www.php.net/manual/en/timezones.php -# @dottie/validate required,timezone -APP_TIMEZONE="UTC" - -# The application locale determines the default locale that will be used by the translation service provider. -# You are free to set this value to any of the locales which will be supported by the application. -# -# @default "en" -# @see https://docs.pixelfed.org/technical-documentation/config/#app_locale -# @dottie/validate required -#APP_LOCALE="en" - -# The fallback locale determines the locale to use when the current one is not available. -# -# You may change the value to correspond to any of the language folders that are provided through your application. -# -# @default "en" -# @see https://docs.pixelfed.org/technical-documentation/config/#app_fallback_locale -# @dottie/validate required -#APP_FALLBACK_LOCALE="en" - -# @see https://docs.pixelfed.org/technical-documentation/config/#limit_account_size -# @dottie/validate required,boolean -#LIMIT_ACCOUNT_SIZE="true" - -# Update the max account size, the per user limit of files in kB. -# -# @default "1000000" (1GB) -# @see https://docs.pixelfed.org/technical-documentation/config/#max_account_size-kb -# @dottie/validate required,number -#MAX_ACCOUNT_SIZE="1000000" - -# Update the max photo size, in kB. -# -# @default "15000" (15MB) -# @see https://docs.pixelfed.org/technical-documentation/config/#max_photo_size-kb -# @dottie/validate required,number -#MAX_PHOTO_SIZE="15000" - -# The max number of photos allowed per post. -# -# @default "4" -# @see https://docs.pixelfed.org/technical-documentation/config/#max_album_length -# @dottie/validate required,number -#MAX_ALBUM_LENGTH="4" - -# Update the max avatar size, in kB. -# -# @default "2000" (2MB). -# @see https://docs.pixelfed.org/technical-documentation/config/#max_avatar_size-kb -# @dottie/validate required,number -#MAX_AVATAR_SIZE="2000" - -# Change the caption length limit for new local posts. -# -# @default "500" -# @see https://docs.pixelfed.org/technical-documentation/config/#max_caption_length -# @dottie/validate required,number -#MAX_CAPTION_LENGTH="500" - -# Change the bio length limit for user profiles. -# -# @default "125" -# @see https://docs.pixelfed.org/technical-documentation/config/#max_bio_length -# @dottie/validate required,number -#MAX_BIO_LENGTH="125" - -# Change the length limit for user names. -# -# @default "30" -# @see https://docs.pixelfed.org/technical-documentation/config/#max_name_length -# @dottie/validate required,number -#MAX_NAME_LENGTH="30" - -# Resize and optimize image uploads. -# -# @default "true" -# @see https://docs.pixelfed.org/technical-documentation/config/#pf_optimize_images -# @dottie/validate required,boolean -#PF_OPTIMIZE_IMAGES="true" - -# Set the image optimization quality, must be a value between 1-100. -# -# @default "80" -# @see https://docs.pixelfed.org/technical-documentation/config/#image_quality -# @dottie/validate required,number -#IMAGE_QUALITY="80" - -# Resize and optimize video uploads. -# -# @default "true" -# @see https://docs.pixelfed.org/technical-documentation/config/#pf_optimize_videos -# @dottie/validate required,boolean -#PF_OPTIMIZE_VIDEOS="true" - -# Enable account deletion. -# -# @default "true" -# @see https://docs.pixelfed.org/technical-documentation/config/#account_deletion -# @dottie/validate required,boolean -#ACCOUNT_DELETION="true" - -# Set account deletion queue after X days, set to false to delete accounts immediately. -# -# @default "false" -# @see https://docs.pixelfed.org/technical-documentation/config/#account_delete_after -# @dottie/validate required,boolean|number -#ACCOUNT_DELETE_AFTER="false" - -# @default "Pixelfed - Photo sharing for everyone" -# @see https://docs.pixelfed.org/technical-documentation/config/#instance_description -# @dottie/validate required -#INSTANCE_DESCRIPTION="" - -# @default "false" -# @see https://docs.pixelfed.org/technical-documentation/config/#instance_public_hashtags -# @dottie/validate required,boolean -#INSTANCE_PUBLIC_HASHTAGS="false" - -# The public e-mail address people can use to contact you by -# -# @default "" -# @see https://docs.pixelfed.org/technical-documentation/config/#instance_contact_email -# @dottie/validate required,ne=__CHANGE_ME__,email -INSTANCE_CONTACT_EMAIL="__CHANGE_ME__" - -# @default "false" -# @see https://docs.pixelfed.org/technical-documentation/config/#instance_public_local_timeline -# @dottie/validate required,boolean -#INSTANCE_PUBLIC_LOCAL_TIMELINE="false" - -# @default "" -# @see https://docs.pixelfed.org/technical-documentation/config/#banned_usernames -#BANNED_USERNAMES="" - -# @default "false" -# @see https://docs.pixelfed.org/technical-documentation/config/#stories_enabled -# @dottie/validate required,boolean -#STORIES_ENABLED="false" - -# Level is hardcoded to 1. -# -# @default "false" -# @see https://docs.pixelfed.org/technical-documentation/config/#restricted_instance -# @dottie/validate required,boolean -#RESTRICTED_INSTANCE="false" - -# @default false -# @see https://docs.pixelfed.org/technical-documentation/config/#media_exif_database -# @dottie/validate required,boolean -#MEDIA_EXIF_DATABASE="false" - -# Pixelfed supports GD or ImageMagick to process images. -# -# Possible values: -# - "gd" (default) -# - "imagick" -# -# @default "gd" -# @see https://docs.pixelfed.org/technical-documentation/config/#image_driver -# @dottie/validate required,oneof=gd imagick -#IMAGE_DRIVER="gd" - -# Set trusted proxy IP addresses. -# -# Both IPv4 and IPv6 addresses are supported, along with CIDR notation. -# -# The “*” character is syntactic sugar within TrustedProxy to trust any -# proxy that connects directly to your server, a requirement when you cannot -# know the address of your proxy (e.g. if using Rackspace balancers). -# -# The “**” character is syntactic sugar within TrustedProxy to trust not just any -# proxy that connects directly to your server, but also proxies that connect to those proxies, -# and all the way back until you reach the original source IP. It will mean that -# $request->getClientIp() always gets the originating client IP, no matter how many proxies -# that client’s request has subsequently passed through. -# -# @default "*" -# @see https://docs.pixelfed.org/technical-documentation/config/#trust_proxies -# @dottie/validate required -#TRUST_PROXIES="*" - -# This option controls the default cache connection that gets used while using this caching library. -# -# This connection is used when another is not explicitly specified when executing a given caching function. -# -# Possible values: -# - "apc" -# - "array" -# - "database" -# - "file" (default) -# - "memcached" -# - "redis" -# -# @default "file" -# @see https://docs.pixelfed.org/technical-documentation/config/#cache_driver -# @dottie/validate required,oneof=apc array database file memcached redis -CACHE_DRIVER="redis" - -# @default ${APP_NAME}_cache, or laravel_cache if no APP_NAME is set. -# @see https://docs.pixelfed.org/technical-documentation/config/#cache_prefix -# @dottie/validate required -#CACHE_PREFIX="{APP_NAME}_cache" - -# This option controls the default broadcaster that will be used by the framework when an event needs to be broadcast. -# -# Possible values: -# - "pusher" -# - "redis" -# - "log" -# - "null" (default) -# -# @default null -# @see https://docs.pixelfed.org/technical-documentation/config/#broadcast_driver -# @dottie/validate required,oneof=pusher redis log null -BROADCAST_DRIVER="redis" - -# @default "true" -# @see https://docs.pixelfed.org/technical-documentation/config/#restrict_html_types -# @dottie/validate required,boolean -#RESTRICT_HTML_TYPES="true" - -# Passport uses encryption keys while generating secure access tokens -# for your application. -# -# By default, the keys are stored as local files but can be set via environment -# variables when that is more convenient. - -# @see https://docs.pixelfed.org/technical-documentation/config/#passport_private_key -# @dottie/validate required -#PASSPORT_PRIVATE_KEY="" - -# @see https://docs.pixelfed.org/technical-documentation/config/#passport_public_key -# @dottie/validate required -#PASSPORT_PUBLIC_KEY="" - -################################################################################ -# database -################################################################################ - -# Database version to use (as Docker tag) -# -# @see https://hub.docker.com/_/mariadb -# @dottie/validate required -DB_VERSION="11.2" - -# Here you may specify which of the database connections below -# you wish to use as your default connection for all database work. -# -# Of course you may use many connections at once using the database library. -# -# Possible values: -# -# - "sqlite" -# - "mysql" (default) -# - "pgsql" -# - "sqlsrv" -# -# @see https://docs.pixelfed.org/technical-documentation/config/#db_connection -# @dottie/validate required,oneof=sqlite mysql pgsql sqlsrv -DB_CONNECTION="mysql" - -# @see https://docs.pixelfed.org/technical-documentation/config/#db_host -# @dottie/validate required,hostname -DB_HOST="db" - -# @see https://docs.pixelfed.org/technical-documentation/config/#db_username -# @dottie/validate required -DB_USERNAME="pixelfed" - -# The password to your database. Please make it secure. -# Use a site like https://pwgen.io/ to generate it -# -# @see https://docs.pixelfed.org/technical-documentation/config/#db_password -# @dottie/validate required -DB_PASSWORD= - -# @see https://docs.pixelfed.org/technical-documentation/config/#db_database -# @dottie/validate required -DB_DATABASE="pixelfed_prod" - -# Use "3306" for MySQL/MariaDB and "5432" for PostgreeSQL -# -# @see https://docs.pixelfed.org/technical-documentation/config/#db_port -# @dottie/validate required,number -DB_PORT="3306" - -# Automatically run [artisan migrate --force] if new migrations are detected. -# @dottie/validate required,boolean -DB_APPLY_NEW_MIGRATIONS_AUTOMATICALLY="false" - -################################################################################ -# mail -################################################################################ - -# Laravel supports both SMTP and PHP’s “mail” function as drivers for the sending of e-mail. -# You may specify which one you’re using throughout your application here. -# -# Possible values: -# -# "smtp" (default) -# "sendmail" -# "mailgun" -# "mandrill" -# "ses" -# "sparkpost" -# "log" -# "array" -# -# @default "smtp" -# @see https://docs.pixelfed.org/technical-documentation/config/#mail_driver -# @dottie/validate required,oneof=smtp sendmail mailgun mandrill ses sparkpost log array -#MAIL_DRIVER="smtp" - -# The host address of the SMTP server used by your applications. -# -# A default option is provided that is compatible with the Mailgun mail service which will provide reliable deliveries. -# -# @default "smtp.mailgun.org" -# @see https://docs.pixelfed.org/technical-documentation/config/#mail_host -# @dottie/validate required_with=MAIL_DRIVER,fqdn -#MAIL_HOST="smtp.mailgun.org" - -# This is the SMTP port used by your application to deliver e-mails to users of the application. -# -# Like the host we have set this value to stay compatible with the Mailgun e-mail application by default. -# -# @default 587. -# @see https://docs.pixelfed.org/technical-documentation/config/#mail_port -# @dottie/validate required_with=MAIL_DRIVER,number -#MAIL_PORT="587" - -# Here, you may specify a name and address that is used globally for all e-mails that are sent by your application. -# -# You may wish for all e-mails sent by your application to be sent from the same address. -# -# @default "bot@example.com" -# @see https://docs.pixelfed.org/technical-documentation/config/#mail_from_address -# @dottie/validate required_with=MAIL_DRIVER,email,ne=__CHANGE_ME__ -#MAIL_FROM_ADDRESS="__CHANGE_ME__" - -# The 'name' you send e-mail from -# -# @default "Example" -# @see https://docs.pixelfed.org/technical-documentation/config/#mail_from_name -# @dottie/validate required_with=MAIL_DRIVER -#MAIL_FROM_NAME="${APP_NAME}" - -# If your SMTP server requires a username for authentication, you should set it here. -# -# This will get used to authenticate with your server on connection. -# You may also set the “password” value below this one. -# -# @default "" -# @see https://docs.pixelfed.org/technical-documentation/config/#mail_username -# @dottie/validate required_with=MAIL_DRIVER -#MAIL_USERNAME="" - -# @default "" -# @see https://docs.pixelfed.org/technical-documentation/config/#mail_password -# @dottie/validate required_with=MAIL_DRIVER -#MAIL_PASSWORD="" - -# Here you may specify the encryption protocol that should be used when the application send e-mail messages. -# -# A sensible default using the transport layer security protocol should provide great security. -# -# @default "tls" -# @see https://docs.pixelfed.org/technical-documentation/config/#mail_encryption -# @dottie/validate required_with=MAIL_DRIVER -#MAIL_ENCRYPTION="tls" - -################################################################################ -# redis -################################################################################ - -# @default "phpredis" -# @see https://docs.pixelfed.org/technical-documentation/config/#redis_client -# @dottie/validate required -#REDIS_CLIENT="phpredis" - -# @default "tcp" -# @see https://docs.pixelfed.org/technical-documentation/config/#redis_scheme -# @dottie/validate required -#REDIS_SCHEME="tcp" - -# @default "localhost" -# @see https://docs.pixelfed.org/technical-documentation/config/#redis_host -# @dottie/validate required -REDIS_HOST="redis" - -# @default "null" (not set/commented out). -# @see https://docs.pixelfed.org/technical-documentation/config/#redis_password -# @dottie/validate omitempty -#REDIS_PASSWORD= - -# @default "6379" -# @see https://docs.pixelfed.org/technical-documentation/config/#redis_port -# @dottie/validate required,number -REDIS_PORT="6379" - -# @default "0" -# @see https://docs.pixelfed.org/technical-documentation/config/#redis_database -# @dottie/validate required,number -#REDIS_DATABASE="0" - -################################################################################ -# experiments -################################################################################ - -# Text only posts (alpha). -# -# @default "false" -# @see https://docs.pixelfed.org/technical-documentation/config/#exp_top -# @dottie/validate required,boolean -#EXP_TOP="false" - -# Poll statuses (alpha). -# -# @default "false" -# @see https://docs.pixelfed.org/technical-documentation/config/#exp_polls -# @dottie/validate required,boolean -#EXP_POLLS="false" - -# Cached public timeline for larger instances (beta). -# -# @default "false" -# @see https://docs.pixelfed.org/technical-documentation/config/#exp_cpt -# @dottie/validate required,boolean -#EXP_CPT="false" - -# Enforce Mastodon API Compatibility (alpha). -# -# @default "true" -# @see https://docs.pixelfed.org/technical-documentation/config/#exp_emc -# @dottie/validate required,boolean -#EXP_EMC="true" - -################################################################################ -# ActivityPub -################################################################################ - -# @default "false" -# @see https://docs.pixelfed.org/technical-documentation/config/#activity_pub -# @dottie/validate required,boolean -#ACTIVITY_PUB="true" - -# @default "true" -# @see https://docs.pixelfed.org/technical-documentation/config/#ap_remote_follow -# @dottie/validate required,boolean -#AP_REMOTE_FOLLOW="true" - -# @default "true" -# @see https://docs.pixelfed.org/technical-documentation/config/#ap_sharedinbox -# @dottie/validate required,boolean -#AP_SHAREDINBOX="true" - -# @default "true" -# @see https://docs.pixelfed.org/technical-documentation/config/#ap_inbox -# @dottie/validate required,boolean -#AP_INBOX="true" - -# @default "true" -# @see https://docs.pixelfed.org/technical-documentation/config/#ap_outbox -# @dottie/validate required,boolean -#AP_OUTBOX="true" - -################################################################################ -# Federation -################################################################################ - -# @default "true" -# @see https://docs.pixelfed.org/technical-documentation/config/#atom_feeds -# @dottie/validate required,boolean -#ATOM_FEEDS="true" - -# @default "true" -# @see https://docs.pixelfed.org/technical-documentation/config/#nodeinfo -# @dottie/validate required,boolean -#NODEINFO="true" - -# @default "true" -# @see https://docs.pixelfed.org/technical-documentation/config/#webfinger -# @dottie/validate required,boolean -#WEBFINGER="true" - -################################################################################ -# Storage -################################################################################ - -# Store media on object storage like S3, Digital Ocean Spaces, Rackspace -# -# @default "false" -# @see https://docs.pixelfed.org/technical-documentation/config/#pf_enable_cloud -# @dottie/validate required,boolean -#PF_ENABLE_CLOUD="false" - -# Many applications store files both locally and in the cloud. -# -# For this reason, you may specify a default “cloud” driver here. -# This driver will be bound as the Cloud disk implementation in the container. -# -# @default "s3" -# @see https://docs.pixelfed.org/technical-documentation/config/#filesystem_cloud -# @dottie/validate required_with=PF_ENABLE_CLOUD -#FILESYSTEM_CLOUD="s3" - -# @default true. -# @see https://docs.pixelfed.org/technical-documentation/config/#media_delete_local_after_cloud -# @dottie/validate required_with=PF_ENABLE_CLOUD,boolean -#MEDIA_DELETE_LOCAL_AFTER_CLOUD="true" - -# @see https://docs.pixelfed.org/technical-documentation/config/#aws_access_key_id -# @dottie/validate required_if=FILESYSTEM_CLOUD s3 -#AWS_ACCESS_KEY_ID="" - -# @see https://docs.pixelfed.org/technical-documentation/config/#aws_secret_access_key -# @dottie/validate required_if=FILESYSTEM_CLOUD s3 -#AWS_SECRET_ACCESS_KEY="" - -# @see https://docs.pixelfed.org/technical-documentation/config/#aws_default_region -# @dottie/validate required_if=FILESYSTEM_CLOUD s3 -#AWS_DEFAULT_REGION="" - -# @see https://docs.pixelfed.org/technical-documentation/config/#aws_bucket -# @dottie/validate required_if=FILESYSTEM_CLOUD s3 -#AWS_BUCKET="" - -# @see https://docs.pixelfed.org/technical-documentation/config/#aws_url -# @dottie/validate required_if=FILESYSTEM_CLOUD s3 -#AWS_URL="" - -# @see https://docs.pixelfed.org/technical-documentation/config/#aws_endpoint -# @dottie/validate required_if=FILESYSTEM_CLOUD s3 -#AWS_ENDPOINT="" - -# @see https://docs.pixelfed.org/technical-documentation/config/#aws_use_path_style_endpoint -# @dottie/validate required_if=FILESYSTEM_CLOUD s3 -#AWS_USE_PATH_STYLE_ENDPOINT="false" - -################################################################################ -# COSTAR -################################################################################ - -# Comma-separated list of domains to block. -# -# @default null (not set/commented out). -# @see https://docs.pixelfed.org/technical-documentation/config/#cs_blocked_domains -# @dottie/validate -#CS_BLOCKED_DOMAINS="" - -# Comma-separated list of domains to add warnings. -# -# @default null (not set/commented out). -# @see https://docs.pixelfed.org/technical-documentation/config/#cs_cw_domains -# @dottie/validate -#CS_CW_DOMAINS="" - -# Comma-separated list of domains to remove from public timelines. -# -# @default null (not set/commented out). -# @see https://docs.pixelfed.org/technical-documentation/config/#cs_unlisted_domains -# @dottie/validate -#CS_UNLISTED_DOMAINS="" - -# Comma-separated list of keywords to block. -# -# @default null (not set/commented out). -# @see https://docs.pixelfed.org/technical-documentation/config/#cs_blocked_keywords -# @dottie/validate -#CS_BLOCKED_KEYWORDS="" - -# Comma-separated list of keywords to add warnings. -# -# @default null (not set/commented out). -# @see https://docs.pixelfed.org/technical-documentation/config/#cs_cw_keywords -# @dottie/validate -#CS_CW_KEYWORDS="" - -# Comma-separated list of keywords to remove from public timelines. -# -# @default null (not set/commented out). -# @see https://docs.pixelfed.org/technical-documentation/config/#cs_unlisted_keywords -# @dottie/validate -#CS_UNLISTED_KEYWORDS="" - -# @default null (not set/commented out). -# @see https://docs.pixelfed.org/technical-documentation/config/#cs_blocked_actor -# @dottie/validate -#CS_BLOCKED_ACTOR="" - -# @default null (not set/commented out). -# @see https://docs.pixelfed.org/technical-documentation/config/#cs_cw_actor -# @dottie/validate -#CS_CW_ACTOR="" - -# @default null (not set/commented out). -# @see https://docs.pixelfed.org/technical-documentation/config/#cs_unlisted_actor -# @dottie/validate -#CS_UNLISTED_ACTOR="" - -################################################################################ -# logging -################################################################################ - -# Possible values: -# -# - "stack" (default) -# - "single" -# - "daily" -# - "slack" -# - "stderr" -# - "syslog" -# - "errorlog" -# - "null" -# - "emergency" -# - "media" -# -# @default "stack" -# @dottie/validate required,oneof=stack single daily slack stderr syslog errorlog null emergency media -LOG_CHANNEL="stderr" - -# Used by single, stderr and syslog. -# -# @default "debug" -# @see https://docs.pixelfed.org/technical-documentation/config/#log_level -# @dottie/validate required,oneof=debug info notice warning error critical alert emergency -#LOG_LEVEL="debug" - -# Used by stderr. -# -# @default "" -# @see https://docs.pixelfed.org/technical-documentation/config/#log_stderr_formatter -#LOG_STDERR_FORMATTER="" - -# Used by slack. -# -# @default "" -# @see https://docs.pixelfed.org/technical-documentation/config/#log_slack_webhook_url -# @dottie/validate required,http_url -#LOG_SLACK_WEBHOOK_URL="" - -################################################################################ -# queue -################################################################################ - -# Possible values: -# - "sync" (default) -# - "database" -# - "beanstalkd" -# - "sqs" -# - "redis" -# - "null" -# -# @default "sync" -# @see https://docs.pixelfed.org/technical-documentation/config/#queue_driver -# @dottie/validate required,oneof=sync database beanstalkd sqs redis null -QUEUE_DRIVER="redis" - -# @default "your-public-key" -# @see https://docs.pixelfed.org/technical-documentation/config/#sqs_key -# @dottie/validate required_if=QUEUE_DRIVER sqs -#SQS_KEY="your-public-key" - -# @default "your-secret-key" -# @see https://docs.pixelfed.org/technical-documentation/config/#sqs_secret -# @dottie/validate required_if=QUEUE_DRIVER sqs -#SQS_SECRET="your-secret-key" - -# @default "https://sqs.us-east-1.amazonaws.com/your-account-id" -# @see https://docs.pixelfed.org/technical-documentation/config/#sqs_prefix -# @dottie/validate required_if=QUEUE_DRIVER sqs -#SQS_PREFIX="" - -# @default "your-queue-name" -# @see https://docs.pixelfed.org/technical-documentation/config/#sqs_queue -# @dottie/validate required_if=QUEUE_DRIVER sqs -#SQS_QUEUE="your-queue-name" - -# @default "us-east-1" -# @see https://docs.pixelfed.org/technical-documentation/config/#sqs_region -# @dottie/validate required_if=QUEUE_DRIVER sqs -#SQS_REGION="us-east-1" - -################################################################################ -# session -################################################################################ - -# This option controls the default session “driver” that will be used on requests. -# -# By default, we will use the lightweight native driver but you may specify any of the other wonderful drivers provided here. -# -# Possible values: -# - "file" -# - "cookie" -# - "database" (default) -# - "apc" -# - "memcached" -# - "redis" -# - "array" -# -# @default "database" -# @dottie/validate required,oneof=file cookie database apc memcached redis array -SESSION_DRIVER="redis" - -# Here you may specify the number of minutes that you wish the session to be allowed to remain idle before it expires. -# -# If you want them to immediately expire on the browser closing, set that option. -# -# @default 86400. -# @see https://docs.pixelfed.org/technical-documentation/config/#session_lifetime -# @dottie/validate required,number -#SESSION_LIFETIME="86400" - -# Here you may change the domain of the cookie used to identify a session in your application. -# -# This will determine which domains the cookie is available to in your application. -# -# A sensible default has been set. -# -# @default the value of APP_DOMAIN, or null. -# @see https://docs.pixelfed.org/technical-documentation/config/#session_domain -# @dottie/validate required,hostname -#SESSION_DOMAIN="${APP_DOMAIN}" - -################################################################################ -# horizon -################################################################################ - -# This prefix will be used when storing all Horizon data in Redis. -# -# You may modify the prefix when you are running multiple installations -# of Horizon on the same server so that they don’t have problems. -# -# @default "horizon-" -# @see https://docs.pixelfed.org/technical-documentation/config/#horizon_prefix -# @dottie/validate required -#HORIZON_PREFIX="horizon-" - -# @default "false" -# @see https://docs.pixelfed.org/technical-documentation/config/#horizon_darkmode -# @dottie/validate required,boolean -#HORIZON_DARKMODE="false" - -# This value (in MB) describes the maximum amount of memory (in MB) the Horizon worker -# may consume before it is terminated and restarted. -# -# You should set this value according to the resources available to your server. -# -# @default "64" -# @dottie/validate required,number -#HORIZON_MEMORY_LIMIT="64" - -# @see https://docs.pixelfed.org/technical-documentation/config/#horizon_balance_strategy -# @dottie/validate required -#HORIZON_BALANCE_STRATEGY="auto" - -# @see https://docs.pixelfed.org/technical-documentation/config/#horizon_min_processes -# @dottie/validate required,number -#HORIZON_MIN_PROCESSES="1" - -# @see https://docs.pixelfed.org/technical-documentation/config/#horizon_max_processes -# @dottie/validate required,number -#HORIZON_MAX_PROCESSES="20" - -# @see https://docs.pixelfed.org/technical-documentation/config/#horizon_supervisor_memory -# @dottie/validate required,number -#HORIZON_SUPERVISOR_MEMORY="64" - -# @see https://docs.pixelfed.org/technical-documentation/config/#horizon_supervisor_tries -# @dottie/validate required,number -#HORIZON_SUPERVISOR_TRIES="3" - -# @see https://docs.pixelfed.org/technical-documentation/config/#horizon_supervisor_nice -# @dottie/validate required,number -#HORIZON_SUPERVISOR_NICE="0" - -# @see https://docs.pixelfed.org/technical-documentation/config/#horizon_supervisor_timeout -# @dottie/validate required,number -#HORIZON_SUPERVISOR_TIMEOUT="300" - -################################################################################ -# docker shared -################################################################################ - -# A random 32-character string to be used as an encryption key. -# -# !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! -# ! NOTE: This will be auto-generated by Docker during bootstrap -# !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! -# -# This key is used by the Illuminate encrypter service and should be set to a random, -# 32 character string, otherwise these encrypted strings will not be safe. -# -# @see https://docs.pixelfed.org/technical-documentation/config/#app_key -# @dottie/validate required -APP_KEY= - -# Prefix for container names (without any dash at the end) -# @dottie/validate required -DOCKER_ALL_CONTAINER_NAME_PREFIX="${APP_DOMAIN}" - -# How often Docker health check should run for all services -# -# Can be overridden by individual [DOCKER_*_HEALTHCHECK_INTERVAL] settings further down -# -# @default "10s" -# @dottie/validate required -DOCKER_ALL_DEFAULT_HEALTHCHECK_INTERVAL="10s" - -# Path (relative to the docker-compose.yml) or absolute (/some/other/path) where containers will *all* data -# will be stored (data, config, overrides) -# -# @default "./docker-compose-state" -# @dottie/validate required,dir -DOCKER_ALL_HOST_ROOT_PATH="./docker-compose-state" - -# Path (relative to the docker-compose.yml) or absolute (/some/other/path) where containers will store their data -# -# @default "${DOCKER_ALL_HOST_ROOT_PATH}/data" -# @dottie/validate required,dir -DOCKER_ALL_HOST_DATA_ROOT_PATH="${DOCKER_ALL_HOST_ROOT_PATH:?error}/data" - -# Path (relative to the docker-compose.yml) or absolute (/some/other/path) where containers will store their confguration -# -# @default "${DOCKER_ALL_HOST_ROOT_PATH}/config" -# @dottie/validate required,dir -DOCKER_ALL_HOST_CONFIG_ROOT_PATH="${DOCKER_ALL_HOST_ROOT_PATH:?error}/config" - -# Path (relative to the docker-compose.yml) or absolute (/some/other/path) where containers will store overrides -# -# @default "${DOCKER_ALL_HOST_ROOT_PATH}/overrides" -# @dottie/validate required,dir -DOCKER_APP_HOST_OVERRIDES_PATH="${DOCKER_ALL_HOST_ROOT_PATH:?error}/overrides" - -# Set timezone used by *all* containers - these must be in sync. -# -# ! Do not edit your timezone once the service is running - or things will break! -# -# @see https://www.php.net/manual/en/timezones.php -# @dottie/validate required,timezone -TZ="${APP_TIMEZONE}" - -################################################################################ -# docker app -################################################################################ - -# The docker tag prefix to use for pulling images, can be one of -# -# * latest -# * -# * staging -# * edge -# * branch- -# * pr- -# -# Combined with [DOCKER_APP_RUNTIME] and [PHP_VERSION] configured -# elsewhere in this file, the final Docker tag is computed. -# @dottie/validate required -DOCKER_APP_RELEASE="v0.12" - -# The PHP version to use for [web] and [worker] container -# -# Any version published on https://hub.docker.com/_/php should work -# -# Example: -# -# * 8.1 -# * 8.2 -# * 8.2.14 -# * latest -# -# Do *NOT* use the full Docker tag (e.g. "8.3.2RC1-fpm-bullseye") -# *only* the version part. The rest of the full tag is derived from -# the [DOCKER_APP_RUNTIME] and [PHP_DEBIAN_RELEASE] settings -# @dottie/validate required -DOCKER_APP_PHP_VERSION="8.3" - -# The container runtime to use. -# -# @see https://docs.pixelfed.org/running-pixelfed/docker/runtimes.html -# @dottie/validate required,oneof=apache nginx fpm -DOCKER_APP_RUNTIME="apache" - -# The Debian release variant to use of the [php] Docker image -# -# Examlpe: [bookworm] or [bullseye] -# @dottie/validate required,oneof=bookworm bullseye -DOCKER_APP_DEBIAN_RELEASE="bookworm" - -# The [php] Docker image base type -# -# @see https://docs.pixelfed.org/running-pixelfed/docker/runtimes.html -# @dottie/validate required,oneof=apache fpm cli -DOCKER_APP_BASE_TYPE="apache" - -# Image to pull the Pixelfed Docker images from. -# -# Example values: -# -# * "ghcr.io/pixelfed/pixelfed" to pull from GitHub -# * "pixelfed/pixelfed" to pull from DockerHub -# * "your/fork" to pull from a custom fork -# -# @dottie/validate required -DOCKER_APP_IMAGE="ghcr.io/jippi/docker-pixelfed" - -# Pixelfed version (image tag) to pull from the registry. -# -# @see https://github.com/pixelfed/pixelfed/pkgs/container/pixelfed -# @dottie/validate required -DOCKER_APP_TAG="${DOCKER_APP_RELEASE:?error}-${DOCKER_APP_RUNTIME:?error}-${DOCKER_APP_PHP_VERSION:?error}" - -# Path (on host system) where the [app] + [worker] container will write -# its [storage] data (e.g uploads/images/profile pictures etc.). -# -# Path is relative (./some/other/path) to the docker-compose.yml or absolute (/some/other/path) -# @dottie/validate required,dir -DOCKER_APP_HOST_STORAGE_PATH="${DOCKER_ALL_HOST_DATA_ROOT_PATH:?error}/pixelfed/storage" - -# Path (on host system) where the [app] + [worker] container will write -# its [cache] data. -# -# Path is relative (./some/other/path) to the docker-compose.yml or absolute (/some/other/path) -# @dottie/validate required,dir -DOCKER_APP_HOST_CACHE_PATH="${DOCKER_ALL_HOST_DATA_ROOT_PATH:?error}/pixelfed/cache" - -# Automatically run "One-time setup tasks" commands. -# -# If you are migrating to this docker-compose setup or have manually run the "One time setup" -# tasks (https://docs.pixelfed.org/running-pixelfed/installation/#setting-up-services) -# you can set this to "0" to prevent them from running. -# -# Otherwise, leave it at "1" to have them run *once*. -# @dottie/validate required,boolean -#DOCKER_APP_RUN_ONE_TIME_SETUP_TASKS="1" - -# A space-seperated list of paths (inside the container) to *recursively* [chown] -# to the container user/group id (UID/GID) in case of permission issues. -# -# ! You should *not* leave this on permanently, at it can significantly slow down startup -# ! time for the container, and during normal operations there should never be permission -# ! issues. Please report a bug if you see behavior requiring this to be permanently on -# -# Example: "/var/www/storage /var/www/bootstrap/cache" -# @dottie/validate required -#DOCKER_APP_ENSURE_OWNERSHIP_PATHS="" - -# Enable Docker Entrypoint debug mode (will call [set -x] in bash scripts) -# by setting this to "1" -# @dottie/validate required,boolean -#DOCKER_APP_ENTRYPOINT_DEBUG="0" - -# Show the "diff" when applying templating to files -# -# @default "1" -# @dottie/validate required,boolean -#DOCKER_APP_ENTRYPOINT_SHOW_TEMPLATE_DIFF="1" - -# Docker entrypoints that should be skipped on startup -# @default "" -#ENTRYPOINT_SKIP_SCRIPTS="" - -# List of extra APT packages (separated by space) to install when building -# locally using [docker compose build]. -# -# @see https://github.com/pixelfed/pixelfed/blob/dev/docker/customizing.md -# @dottie/validate required -#DOCKER_APP_APT_PACKAGES_EXTRA="" - -# List of *extra* PECL extensions (separated by space) to install when -# building locally using [docker compose build]. -# -# @see https://github.com/pixelfed/pixelfed/blob/dev/docker/customizing.md -# @dottie/validate required -#DOCKER_APP_PHP_PECL_EXTENSIONS_EXTRA="" - -# List of *extra* PHP extensions (separated by space) to install when -# building locally using [docker compose build]. -# -# @see https://github.com/pixelfed/pixelfed/blob/dev/docker/customizing.md -# @dottie/validate required -#DOCKER_APP_PHP_EXTENSIONS_EXTRA="" - -# @default "128M" -# @see https://www.php.net/manual/en/ini.core.php#ini.memory-limit -# @dottie/validate required -#DOCKER_APP_PHP_MEMORY_LIMIT="128M" - -# @default "E_ALL & ~E_DEPRECATED & ~E_STRICT" -# @see http://php.net/error-reporting -# @dottie/validate required -#DOCKER_APP_PHP_ERROR_REPORTING="E_ALL & ~E_DEPRECATED & ~E_STRICT" - -# @default "off" -# @see http://php.net/display-errors -# @dottie/validate required,oneof=on off -#DOCKER_APP_PHP_DISPLAY_ERRORS="off" - -# Enables the opcode cache. -# -# When disabled, code is not optimised or cached. -# -# @default "1" -# @see https://www.php.net/manual/en/opcache.configuration.php#ini.opcache.enable -# @dottie/validate required,oneof=0 1 -#DOCKER_APP_PHP_OPCACHE_ENABLE="1" - -# If enabled, OPcache will check for updated scripts every [opcache.revalidate_freq] seconds. -# -# When this directive is disabled, you must reset OPcache manually via opcache_reset(), -# opcache_invalidate() or by restarting the Web server for changes to the filesystem to take effect. -# -# @default "0" -# @see https://www.php.net/manual/en/opcache.configuration.php#ini.opcache.validate-timestamps -# @dottie/validate required,oneof=0 1 -#DOCKER_APP_PHP_OPCACHE_VALIDATE_TIMESTAMPS="0" - -# How often to check script timestamps for updates, in seconds. -# 0 will result in OPcache checking for updates on every request. -# -# @default "2" -# @see https://www.php.net/manual/en/opcache.configuration.php#ini.opcache.revalidate-freq -# @dottie/validate required,oneof=0 1 2 -#DOCKER_APP_PHP_OPCACHE_REVALIDATE_FREQ="2" - -# When doing [docker compose build], should the frontend be built in the Dockerfile? -# If set to "0" the included pre-compiled frontend will be used. -# -# @default "0" -# @dottie/validate required,oneof=0 1 -#DOCKER_APP_BUILD_FRONTEND="0" - -################################################################################ -# docker redis -################################################################################ - -# Set this to a non-empty value (e.g. "disabled") to disable the [redis] service -#DOCKER_REDIS_PROFILE= - -# Redis version to use as Docker tag -# -# @see https://hub.docker.com/_/redis -# @dottie/validate required -DOCKER_REDIS_VERSION="7.2" - -# Path (on host system) where the [redis] container will store its data -# -# Path is relative (./some/other/path) to the docker-compose.yml or absolute (/some/other/path) -# @dottie/validate required,dir -DOCKER_REDIS_HOST_DATA_PATH="${DOCKER_ALL_HOST_DATA_ROOT_PATH:?error}/redis" - -# Port that Redis will listen on *outside* the container (e.g. the host machine) -# @dottie/validate required,number -DOCKER_REDIS_HOST_PORT="${REDIS_PORT:?error}" - -# The filename that Redis should store its config file within -# -# NOTE: The file *MUST* exists (even empty) before enabling this setting! -# -# Use a command like [touch "${DOCKER_ALL_HOST_CONFIG_ROOT_PATH}/redis/redis.conf"] to create it. -# -# @default "" -# @dottie/validate required -#DOCKER_REDIS_CONFIG_FILE="/etc/redis/redis.conf" -# How often Docker health check should run for [redis] service -# -# @default "10s" -# @dottie/validate required -DOCKER_REDIS_HEALTHCHECK_INTERVAL="${DOCKER_ALL_DEFAULT_HEALTHCHECK_INTERVAL:?error}" - -################################################################################ -# docker db -################################################################################ - -# Set this to a non-empty value (e.g. "disabled") to disable the [db] service -#DOCKER_DB_PROFILE= - -# Docker image for the DB service -# @dottie/validate required -DOCKER_DB_IMAGE="mariadb:${DB_VERSION}" - -# Command to pass to the [db] server container -# @dottie/validate required -DOCKER_DB_COMMAND="--default-authentication-plugin=mysql_native_password" - -# Path (on host system) where the [db] container will store its data -# -# Path is relative (./some/other/path) to the docker-compose.yml or absolute (/some/other/path) -# @dottie/validate required,dir -DOCKER_DB_HOST_DATA_PATH="${DOCKER_ALL_HOST_DATA_ROOT_PATH:?error}/db" - -# Path (inside the container) where the [db] will store its data. -# -# Path MUST be absolute. -# -# For MySQL this should be [/var/lib/mysql] -# For PostgreSQL this should be [/var/lib/postgresql/data] -# @dottie/validate required -DOCKER_DB_CONTAINER_DATA_PATH="/var/lib/mysql" - -# Port that the database will listen on *OUTSIDE* the container (e.g. the host machine) -# -# Use "3306" for MySQL/MariaDB and "5432" for PostgreeSQL -# @dottie/validate required,number -DOCKER_DB_HOST_PORT="${DB_PORT:?error}" - -# Port that the database will listen on *INSIDE* the container -# -# Use "3306" for MySQL/MariaDB and "5432" for PostgreeSQL -# @dottie/validate required,number -DOCKER_DB_CONTAINER_PORT="${DB_PORT:?error}" - -# root password for the database. By default uses DB_PASSWORD -# but can be changed in situations where you are migrating -# to the included docker-compose and have a different password -# set already -# -# @dottie/validate required -DOCKER_DB_ROOT_PASSWORD="${DB_PASSWORD:?error}" - -# How often Docker health check should run for [db] service -# @dottie/validate required -DOCKER_DB_HEALTHCHECK_INTERVAL="${DOCKER_ALL_DEFAULT_HEALTHCHECK_INTERVAL:?error}" - -################################################################################ -# docker web -################################################################################ - -# Set this to a non-empty value (e.g. "disabled") to disable the [web] service -#DOCKER_WEB_PROFILE="" - -# Port to expose [web] container will listen on *outside* the container (e.g. the host machine) for *HTTP* traffic only -# @dottie/validate required,number -DOCKER_WEB_PORT_EXTERNAL_HTTP="8080" - -# How often Docker health check should run for [web] service -# @dottie/validate required -DOCKER_WEB_HEALTHCHECK_INTERVAL="${DOCKER_ALL_DEFAULT_HEALTHCHECK_INTERVAL:?error}" - -################################################################################ -# docker worker -################################################################################ - -# Set this to a non-empty value (e.g. "disabled") to disable the [worker] service -#DOCKER_WORKER_PROFILE="" - -# How often Docker health check should run for [worker] service -# @dottie/validate required -DOCKER_WORKER_HEALTHCHECK_INTERVAL="${DOCKER_ALL_DEFAULT_HEALTHCHECK_INTERVAL:?error}" - -################################################################################ -# docker proxy -################################################################################ - -# Set this to a non-empty value (e.g. "disabled") to disable the [proxy] and [proxy-acme] service -#DOCKER_PROXY_PROFILE= - -# Set this to a non-empty value (e.g. "disabled") to disable the [proxy-acme] service -#DOCKER_PROXY_ACME_PROFILE="${DOCKER_PROXY_PROFILE:-}" - -# The version of nginx-proxy to use -# -# @see https://hub.docker.com/r/nginxproxy/nginx-proxy -# @dottie/validate required -DOCKER_PROXY_VERSION="1.6" - -# How often Docker health check should run for [proxy] service -# @dottie/validate required -DOCKER_PROXY_HEALTHCHECK_INTERVAL="${DOCKER_ALL_DEFAULT_HEALTHCHECK_INTERVAL:?error}" - -# Port that the [proxy] will listen on *outside* the container (e.g. the host machine) for HTTP traffic -# @dottie/validate required,number -DOCKER_PROXY_HOST_PORT_HTTP="80" - -# Port that the [proxy] will listen on *outside* the container (e.g. the host machine) for HTTPS traffic -# @dottie/validate required,number -DOCKER_PROXY_HOST_PORT_HTTPS="443" - -# Path to the Docker socket on the *host* -# @dottie/validate required,file -DOCKER_PROXY_HOST_DOCKER_SOCKET_PATH="/var/run/docker.sock" - -# The host to request LetsEncrypt certificate for -# @dottie/validate required,fqdn -DOCKER_PROXY_LETSENCRYPT_HOST="${APP_DOMAIN}" - -# The e-mail to use for Lets Encrypt certificate requests. -# @dottie/validate required,email -DOCKER_PROXY_LETSENCRYPT_EMAIL="${INSTANCE_CONTACT_EMAIL:?error}" - -# Lets Encrypt staging/test servers for certificate requests. -# -# Setting this to any value will change to letsencrypt test servers. -#DOCKER_PROXY_LETSENCRYPT_TEST="1" diff --git a/.env.docker.example b/.env.docker.example new file mode 100644 index 000000000..6cd6af88a --- /dev/null +++ b/.env.docker.example @@ -0,0 +1,87 @@ +# Pixelfed Docker Environment Configuration +# Copy this file to .env.docker and update the values + +# Application Configuration +APP_NAME="Pixelfed" +APP_ENV="production" +APP_KEY= +APP_DEBUG="false" + +# Instance Configuration +OPEN_REGISTRATION="false" +ENFORCE_EMAIL_VERIFICATION="true" +PF_MAX_USERS="1000" +OAUTH_ENABLED="true" +ENABLE_CONFIG_CACHE="true" +INSTANCE_DISCOVER_PUBLIC="true" + +# Media Configuration +PF_OPTIMIZE_IMAGES="true" +IMAGE_QUALITY="80" +MAX_PHOTO_SIZE="15000" +MAX_CAPTION_LENGTH="500" +MAX_ALBUM_LENGTH="4" + +# Instance URL Configuration +# IMPORTANT: Update these with your actual domain +APP_URL="https://yourdomain.com" +APP_DOMAIN="yourdomain.com" +ADMIN_DOMAIN="yourdomain.com" +SESSION_DOMAIN="yourdomain.com" +TRUST_PROXIES="*" + +# Database Configuration +DB_CONNECTION="mysql" +DB_HOST="db" +DB_PORT="3306" +DB_DATABASE="pixelfed" +DB_USERNAME="pixelfed" +DB_PASSWORD="change_this_secure_password" +DB_ROOT_PASSWORD="change_this_root_password" + +# Redis Configuration +REDIS_CLIENT="phpredis" +REDIS_SCHEME="tcp" +REDIS_HOST="redis" +REDIS_PASSWORD="null" +REDIS_PORT="6379" + +# Laravel Configuration +SESSION_DRIVER="database" +CACHE_DRIVER="redis" +QUEUE_DRIVER="redis" +BROADCAST_DRIVER="log" +LOG_CHANNEL="stack" +HORIZON_PREFIX="horizon-" + +# ActivityPub Configuration +ACTIVITY_PUB="true" +AP_REMOTE_FOLLOW="true" +AP_INBOX="true" +AP_OUTBOX="true" +AP_SHAREDINBOX="true" + +# Experimental Configuration +EXP_EMC="true" + +# Mail Configuration +# Configure after initial setup +MAIL_DRIVER="smtp" +MAIL_HOST="smtp.mailtrap.io" +MAIL_PORT="2525" +MAIL_USERNAME="null" +MAIL_PASSWORD="null" +MAIL_ENCRYPTION="tls" +MAIL_FROM_ADDRESS="pixelfed@yourdomain.com" +MAIL_FROM_NAME="Pixelfed" + +# S3 Configuration (Optional) +PF_ENABLE_CLOUD="false" +FILESYSTEM_CLOUD="s3" +#AWS_ACCESS_KEY_ID= +#AWS_SECRET_ACCESS_KEY= +#AWS_DEFAULT_REGION= +#AWS_BUCKET= +#AWS_URL= +#AWS_ENDPOINT= +#AWS_USE_PATH_STYLE_ENDPOINT=false diff --git a/.hadolint.yaml b/.hadolint.yaml deleted file mode 100644 index 27fa2ff27..000000000 --- a/.hadolint.yaml +++ /dev/null @@ -1,6 +0,0 @@ -ignored: - - DL3002 # warning: Last USER should not be root - - DL3008 # warning: Pin versions in apt get install. Instead of `apt-get install ` use `apt-get install =` - - DL3029 # warning: Do not use --platform flag with FROM - - SC2046 # warning: Quote this to prevent word splitting. - - SC2086 # info: Double quote to prevent globbing and word splitting. diff --git a/DOCKER_COMPOSE_SETUP.md b/DOCKER_COMPOSE_SETUP.md new file mode 100644 index 000000000..47d4ba346 --- /dev/null +++ b/DOCKER_COMPOSE_SETUP.md @@ -0,0 +1,121 @@ +# Pixelfed Docker Compose Setup with serversideup/php container + +This setup uses `serversideup/php:8.4-fpm-nginx` as the base image and is designed to work behind a reverse proxy like Cloudflare Tunnel, or Nginx (Proxy Manager) for HTTPS termination. + +## Prerequisites + +- Docker and Docker Compose installed +- A reverse proxy (e.g., Nginx Proxy Manager) for HTTPS +- Domain name +- Email Provider for sending emails + +## Quick Start + +1. **Clone and prepare the privledges** + ```bash + git clone https://github.com/pixelfed/pixelfed + cd pixelfed + sudo chown -R www-data:www-data storage/ bootstrap/cache/ + ``` + +1. **Copy the environment file:** + ```bash + cp .env.docker.example .env + ``` + +2. **Update `.env` with your configuration:** + - Set `APP_KEY` ( generate with https://laravel-encryption-key-generator.vercel.app/ ) + - Update `APP_URL`, `APP_DOMAIN`, `ADMIN_DOMAIN`, `SESSION_DOMAIN` with your domain + - Set secure database passwords for `DB_PASSWORD` and `DB_ROOT_PASSWORD` + - Configure mail settings + +3. **Build container** + ```bash + docker compose build + ``` + +4. **Build and start the containers:** + ```bash + docker compose up -d db redis # Bootstrap the database and Redis. + # Wait 30 seconds for them to complete first boot. + docker compose up -d + ``` + +5. **Generate application keys (Critical for Federation) and other tasks:** + ```bash + docker compose exec pixelfed php artisan instance:actor + docker compose exec pixelfed php artisan import:cities + docker compose exec pixelfed php artisan passport:keys + ``` + +6. **Create admin user:** + ```bash + docker compose exec pixelfed php artisan user:create + ``` + +## Reverse Proxy Configuration + +### Cloudflare Tunnel + +1. Doco coming soon + +### Nginx Proxy Manager + +1. Add a new Proxy Host in Nginx Proxy Manager +2. Set the following: + - **Domain Names:** Your domain (e.g., `pixelfed.yourdomain.com`) + - **Scheme:** `http` + - **Forward Hostname/IP:** `pixelfed-app` (or the Docker host IP) + - **Forward Port:** `8080` + - **Enable:** Websockets Support, Block Common Exploits +3. Configure SSL certificate (Let's Encrypt recommended) +4. Add custom Nginx configuration if needed: + ```nginx + client_max_body_size 500M; + proxy_read_timeout 300s; + ``` + +### Manual Nginx Configuration + +```nginx +server { + listen 443 ssl http2; + server_name yourdomain.com; + + ssl_certificate /path/to/cert.pem; + ssl_certificate_key /path/to/key.pem; + + client_max_body_size 500M; + + location / { + proxy_pass http://localhost:8080; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_read_timeout 300s; + } +} +``` + +## Useful Commands + +```bash +# View logs +docker compose logs -f + +# Run artisan commands +docker compose exec pixelfed php artisan [command] + +# Access container shell +docker compose exec pixelfed bash + +# Restart services +docker compose restart + +# Stop services +docker compose down + +# Stop and remove volumes (WARNING: deletes data) +docker compose down -v +``` diff --git a/Dockerfile b/Dockerfile index 29d22f611..c68332c31 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,364 +1,53 @@ -# syntax=docker/dockerfile:1 -# See https://hub.docker.com/r/docker/dockerfile +FROM serversideup/php:8.4-fpm-nginx -####################################################### -# Configuration -####################################################### - -# See: https://github.com/mlocati/docker-php-extension-installer -ARG DOCKER_PHP_EXTENSION_INSTALLER_VERSION="2.1.80" - -# See: https://github.com/composer/composer -ARG COMPOSER_VERSION="2.6" - -# See: https://nginx.org/ -ARG NGINX_VERSION="1.25.3" - -# See: https://github.com/ddollar/forego -ARG FOREGO_VERSION="0.17.2" - -# See: https://github.com/hairyhenderson/gomplate -ARG GOMPLATE_VERSION="v3.11.6" - -# See: https://github.com/jippi/dottie -ARG DOTTIE_VERSION="v0.9.5" - -### -# PHP base configuration -### - -# See: https://hub.docker.com/_/php/tags -ARG PHP_VERSION="8.3" - -# See: https://github.com/docker-library/docs/blob/master/php/README.md#image-variants -ARG PHP_BASE_TYPE="apache" -ARG PHP_DEBIAN_RELEASE="bookworm" - -ARG RUNTIME_UID=33 # often called 'www-data' -ARG RUNTIME_GID=33 # often called 'www-data' - -# APT extra packages -ARG APT_PACKAGES_EXTRA= - -# Extensions installed via [pecl install] -# ! NOTE: imagick is installed from [master] branch on GitHub due to 8.3 bug on ARM that haven't -# ! been released yet (after +10 months)! -# ! See: https://github.com/Imagick/imagick/pull/641 -ARG PHP_PECL_EXTENSIONS="redis https://codeload.github.com/Imagick/imagick/tar.gz/28f27044e435a2b203e32675e942eb8de620ee58" -ARG PHP_PECL_EXTENSIONS_EXTRA= - -# Extensions installed via [docker-php-ext-install] -ARG PHP_EXTENSIONS="intl bcmath zip pcntl exif curl gd" -ARG PHP_EXTENSIONS_EXTRA="" -ARG PHP_EXTENSIONS_DATABASE="pdo_pgsql pdo_mysql pdo_sqlite" - -# GPG key for nginx apt repository -ARG NGINX_GPGKEY="573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62" - -# GPP key path for nginx apt repository -ARG NGINX_GPGKEY_PATH="/usr/share/keyrings/nginx-archive-keyring.gpg" - -####################################################### -# Docker "copy from" images -####################################################### - -# Composer docker image from Docker Hub -# -# NOTE: Docker will *not* pull this image unless it's referenced (via build target) -FROM composer:${COMPOSER_VERSION} AS composer-image - -# php-extension-installer image from Docker Hub -# -# NOTE: Docker will *not* pull this image unless it's referenced (via build target) -FROM mlocati/php-extension-installer:${DOCKER_PHP_EXTENSION_INSTALLER_VERSION} AS php-extension-installer - -# nginx webserver from Docker Hub. -# Used to copy some docker-entrypoint files for [nginx-runtime] -# -# NOTE: Docker will *not* pull this image unless it's referenced (via build target) -FROM nginx:${NGINX_VERSION} AS nginx-image - -# Forego is a Procfile "runner" that makes it trival to run multiple -# processes under a simple init / PID 1 process. -# -# NOTE: Docker will *not* pull this image unless it's referenced (via build target) -# -# See: https://github.com/nginx-proxy/forego -FROM nginxproxy/forego:${FOREGO_VERSION}-debian AS forego-image - -# Dottie makes working with .env files easier and safer -# -# NOTE: Docker will *not* pull this image unless it's referenced (via build target) -# -# See: https://github.com/jippi/dottie -FROM ghcr.io/jippi/dottie:${DOTTIE_VERSION} AS dottie-image - -# gomplate-image grabs the gomplate binary from GitHub releases -# -# It's in its own layer so it can be fetched in parallel with other build steps -FROM php:${PHP_VERSION}-${PHP_BASE_TYPE}-${PHP_DEBIAN_RELEASE} AS gomplate-image - -ARG TARGETARCH -ARG TARGETOS -ARG GOMPLATE_VERSION - -RUN set -ex \ - && curl \ - --silent \ - --show-error \ - --location \ - --output /usr/local/bin/gomplate \ - https://github.com/hairyhenderson/gomplate/releases/download/${GOMPLATE_VERSION}/gomplate_${TARGETOS}-${TARGETARCH} \ - && chmod +x /usr/local/bin/gomplate \ - && /usr/local/bin/gomplate --version - -####################################################### -# Base image -####################################################### - -FROM php:${PHP_VERSION}-${PHP_BASE_TYPE}-${PHP_DEBIAN_RELEASE} AS base - -ARG BUILDKIT_SBOM_SCAN_STAGE="true" - -ARG APT_PACKAGES_EXTRA -ARG PHP_DEBIAN_RELEASE -ARG PHP_VERSION -ARG RUNTIME_GID -ARG RUNTIME_UID -ARG TARGETPLATFORM - -ENV DEBIAN_FRONTEND="noninteractive" - -# Ensure we run all scripts through 'bash' rather than 'sh' -SHELL ["/bin/bash", "-c"] - -# Set www-data to be RUNTIME_UID/RUNTIME_GID -RUN groupmod --gid ${RUNTIME_GID} www-data \ - && usermod --uid ${RUNTIME_UID} --gid ${RUNTIME_GID} www-data - -RUN set -ex \ - && mkdir -pv /var/www/ \ - && chown -R ${RUNTIME_UID}:${RUNTIME_GID} /var/www - -WORKDIR /var/www/ - -ENV APT_PACKAGES_EXTRA=${APT_PACKAGES_EXTRA} - -# Install and configure base layer -COPY docker/shared/root/docker/install/base.sh /docker/install/base.sh - -RUN --mount=type=cache,id=pixelfed-apt-${PHP_VERSION}-${PHP_DEBIAN_RELEASE}-${TARGETPLATFORM},sharing=locked,target=/var/lib/apt \ - --mount=type=cache,id=pixelfed-apt-cache-${PHP_VERSION}-${PHP_DEBIAN_RELEASE}-${TARGETPLATFORM},sharing=locked,target=/var/cache/apt \ - /docker/install/base.sh - -####################################################### -# PHP: extensions -####################################################### - -FROM base AS php-extensions - -ARG PHP_DEBIAN_RELEASE -ARG PHP_EXTENSIONS -ARG PHP_EXTENSIONS_DATABASE -ARG PHP_EXTENSIONS_EXTRA -ARG PHP_PECL_EXTENSIONS -ARG PHP_PECL_EXTENSIONS_EXTRA -ARG PHP_VERSION -ARG TARGETPLATFORM - -COPY --from=php-extension-installer /usr/bin/install-php-extensions /usr/local/bin/ - -COPY docker/shared/root/docker/install/php-extensions.sh /docker/install/php-extensions.sh - -RUN --mount=type=cache,id=pixelfed-pear-${PHP_VERSION}-${PHP_DEBIAN_RELEASE}-${TARGETPLATFORM},sharing=locked,target=/tmp/pear \ - --mount=type=cache,id=pixelfed-apt-${PHP_VERSION}-${PHP_DEBIAN_RELEASE}-${TARGETPLATFORM},sharing=locked,target=/var/lib/apt \ - --mount=type=cache,id=pixelfed-apt-cache-${PHP_VERSION}-${PHP_DEBIAN_RELEASE}-${TARGETPLATFORM},sharing=locked,target=/var/cache/apt \ - PHP_EXTENSIONS=${PHP_EXTENSIONS} \ - PHP_EXTENSIONS_DATABASE=${PHP_EXTENSIONS_DATABASE} \ - PHP_EXTENSIONS_EXTRA=${PHP_EXTENSIONS_EXTRA} \ - PHP_PECL_EXTENSIONS=${PHP_PECL_EXTENSIONS} \ - PHP_PECL_EXTENSIONS_EXTRA=${PHP_PECL_EXTENSIONS_EXTRA} \ - /docker/install/php-extensions.sh - -####################################################### -# Node: Build frontend -####################################################### - -# NOTE: Since the nodejs build is CPU architecture agnostic, -# we only want to build once and cache it for other architectures. -# We force the (CPU) [--platform] here to be architecture -# of the "builder"/"server" and not the *target* CPU architecture -# (e.g.) building the ARM version of Pixelfed on AMD64. -FROM --platform=${BUILDARCH} node:lts AS frontend-build - -ARG BUILDARCH -ARG BUILD_FRONTEND=0 -ARG RUNTIME_UID -ARG RUNTIME_GID - -ARG NODE_ENV=production -ENV NODE_ENV=$NODE_ENV - -WORKDIR /var/www/ - -SHELL [ "/usr/bin/bash", "-c" ] - -# Install NPM dependencies -RUN --mount=type=cache,id=pixelfed-node-${BUILDARCH},sharing=locked,target=/tmp/cache \ - --mount=type=bind,source=package.json,target=/var/www/package.json \ - --mount=type=bind,source=package-lock.json,target=/var/www/package-lock.json \ -< "$NGINX_GPGKEY_PATH" \ - && echo "deb [signed-by=${NGINX_GPGKEY_PATH}] https://nginx.org/packages/mainline/debian/ ${PHP_DEBIAN_RELEASE} nginx" >> /etc/apt/sources.list.d/nginx.list \ - && apt-get update \ - && apt-get install -y --no-install-recommends nginx=${NGINX_VERSION}* - -# copy docker entrypoints from the *real* nginx image directly -COPY --link --from=nginx-image /docker-entrypoint.d /docker/entrypoint.d/ -COPY docker/nginx/root / -COPY docker/nginx/Procfile . +# Install composer dependencies +RUN composer install --no-ansi --no-interaction --optimize-autoloader -STOPSIGNAL SIGQUIT +# Switch back to www-data user +USER www-data -CMD ["forego", "start", "-r"] +# Expose port 8080 (default for serversideup/php) +EXPOSE 8080 diff --git a/composer.lock b/composer.lock index 7f36813c2..935696543 100644 --- a/composer.lock +++ b/composer.lock @@ -62,16 +62,16 @@ }, { "name": "aws/aws-sdk-php", - "version": "3.359.9", + "version": "3.359.10", "source": { "type": "git", "url": "https://github.com/aws/aws-sdk-php.git", - "reference": "754b25dae2f50b568b55735931a3cd73263ac5ae" + "reference": "10989892e99083c73e8421b85b5d6f7d2ca0f2f5" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/aws/aws-sdk-php/zipball/754b25dae2f50b568b55735931a3cd73263ac5ae", - "reference": "754b25dae2f50b568b55735931a3cd73263ac5ae", + "url": "https://api.github.com/repos/aws/aws-sdk-php/zipball/10989892e99083c73e8421b85b5d6f7d2ca0f2f5", + "reference": "10989892e99083c73e8421b85b5d6f7d2ca0f2f5", "shasum": "" }, "require": { @@ -153,9 +153,9 @@ "support": { "forum": "https://github.com/aws/aws-sdk-php/discussions", "issues": "https://github.com/aws/aws-sdk-php/issues", - "source": "https://github.com/aws/aws-sdk-php/tree/3.359.9" + "source": "https://github.com/aws/aws-sdk-php/tree/3.359.10" }, - "time": "2025-11-10T19:14:56+00:00" + "time": "2025-11-11T19:08:54+00:00" }, { "name": "bacon/bacon-qr-code", diff --git a/docker-compose.migrate.yml b/docker-compose.migrate.yml deleted file mode 100644 index d0040b051..000000000 --- a/docker-compose.migrate.yml +++ /dev/null @@ -1,40 +0,0 @@ ---- -services: - migrate: - image: "servercontainers/rsync" - entrypoint: "" - working_dir: /migrate - command: 'bash -c "exit 1"' - restart: never - volumes: - ################################ - # Storage volume - ################################ - # OLD - - "app-storage:/migrate/app-storage/old" - # NEW - - "${DOCKER_APP_HOST_STORAGE_PATH}:/migrate/app-storage/new" - - ################################ - # MySQL/DB volume - ################################ - # OLD - - "db-data:/migrate/db-data/old" - # NEW - - "${DOCKER_DB_HOST_DATA_PATH}:/migrate/db-data/new" - - ################################ - # Redis volume - ################################ - # OLD - - "redis-data:/migrate/redis-data/old" - # NEW - - "${DOCKER_REDIS_HOST_DATA_PATH}:/migrate/redis-data/new" - -# Volumes from the old [docker-compose.yml] file -# https://github.com/pixelfed/pixelfed/blob/b1ff44ca2f75c088a11576fb03b5bad2fbed4d5c/docker-compose.yml#L72-L76 -volumes: - db-data: - redis-data: - app-storage: - app-bootstrap: diff --git a/docker-compose.yml b/docker-compose.yml index ea61e595e..f482b9038 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -1,217 +1,147 @@ ---- -############################################################### -# Please see docker/README.md for usage information -############################################################### - services: - # HTTP/HTTPS proxy - # - # Sits in front of the *real* webserver and manages SSL and (optionally) - # load-balancing between multiple web servers - # - # You can disable this service by setting [DOCKER_PROXY_PROFILE="disabled"] - # in your [.env] file - the setting is near the bottom of the file. - # - # This also disables the [proxy-acme] service, if this is not desired, change the - # [DOCKER_PROXY_ACME_PROFILE] setting to an empty string [""] - # - # See: https://github.com/nginx-proxy/nginx-proxy/tree/main/docs - proxy: - image: "nginxproxy/nginx-proxy:${DOCKER_PROXY_VERSION}" - container_name: "${DOCKER_ALL_CONTAINER_NAME_PREFIX}-proxy" +## MariaDB and Redis (optional) + db: + image: mariadb:11 + container_name: pixelfed-db restart: unless-stopped - profiles: - - ${DOCKER_PROXY_PROFILE:-} + env_file: + - .env environment: - DOCKER_SERVICE_NAME: "proxy" + MARIADB_DATABASE: ${DB_DATABASE} + MARIADB_USER: ${DB_USERNAME} + MARIADB_PASSWORD: ${DB_PASSWORD} + MARIADB_ROOT_PASSWORD: ${DB_ROOT_PASSWORD} volumes: - - "${DOCKER_PROXY_HOST_DOCKER_SOCKET_PATH}:/tmp/docker.sock:ro" - - "${DOCKER_ALL_HOST_CONFIG_ROOT_PATH}/proxy/conf.d:/etc/nginx/conf.d" - - "${DOCKER_ALL_HOST_CONFIG_ROOT_PATH}/proxy/vhost.d:/etc/nginx/vhost.d" - - "${DOCKER_ALL_HOST_CONFIG_ROOT_PATH}/proxy/certs:/etc/nginx/certs" - - "${DOCKER_ALL_HOST_DATA_ROOT_PATH}/proxy/html:/usr/share/nginx/html" - ports: - - "${DOCKER_PROXY_HOST_PORT_HTTP}:80" - - "${DOCKER_PROXY_HOST_PORT_HTTPS}:443" + - ./mariadb-11-data:/var/lib/mysql healthcheck: - test: "curl --fail https://${APP_DOMAIN}/api/service/health-check" - interval: "${DOCKER_PROXY_HEALTHCHECK_INTERVAL}" - retries: 2 + test: ["CMD", "healthcheck.sh", "--connect", "--innodb_initialized"] + interval: 10s timeout: 5s + retries: 3 + start_period: 30s + networks: + - pixelfed-network - # Proxy companion for managing letsencrypt SSL certificates - # - # You can disable this service by setting [DOCKER_PROXY_ACME_PROFILE="disabled"] - # in your [.env] file - the setting is near the bottom of the file. - # - # See: https://github.com/nginx-proxy/acme-companion/tree/main/docs - proxy-acme: - image: nginxproxy/acme-companion - container_name: "${DOCKER_ALL_CONTAINER_NAME_PREFIX}-proxy-acme" + redis: + image: redis:7-alpine + container_name: pixelfed-redis restart: unless-stopped - profiles: - - ${DOCKER_PROXY_ACME_PROFILE:-} - environment: - DEBUG: 0 - DEFAULT_EMAIL: "${DOCKER_PROXY_LETSENCRYPT_EMAIL:?error}" - NGINX_PROXY_CONTAINER: "${DOCKER_ALL_CONTAINER_NAME_PREFIX}-proxy" - depends_on: - - proxy + command: redis-server --appendonly yes volumes: - - "${DOCKER_ALL_HOST_CONFIG_ROOT_PATH}/proxy-acme:/etc/acme.sh" - - "${DOCKER_ALL_HOST_CONFIG_ROOT_PATH}/proxy/certs:/etc/nginx/certs" - - "${DOCKER_ALL_HOST_CONFIG_ROOT_PATH}/proxy/conf.d:/etc/nginx/conf.d" - - "${DOCKER_ALL_HOST_CONFIG_ROOT_PATH}/proxy/vhost.d:/etc/nginx/vhost.d" - - "${DOCKER_ALL_HOST_DATA_ROOT_PATH}/proxy/html:/usr/share/nginx/html" - - "${DOCKER_PROXY_HOST_DOCKER_SOCKET_PATH}:/var/run/docker.sock:ro" + - ./redis-data:/data + healthcheck: + test: ["CMD", "redis-cli", "ping"] + interval: 10s + timeout: 3s + retries: 3 + start_period: 10s + networks: + - pixelfed-network - web: - image: "${DOCKER_APP_IMAGE}:${DOCKER_APP_TAG}" - container_name: "${DOCKER_ALL_CONTAINER_NAME_PREFIX}-web" - restart: unless-stopped - profiles: - - ${DOCKER_WEB_PROFILE:-} +## Pixelfed containers - App (Web/API), Horizon Queue, Scheduled task. + pixelfed: build: - target: ${DOCKER_APP_RUNTIME}-runtime - cache_from: - - "type=registry,ref=${DOCKER_APP_IMAGE}-cache:${DOCKER_APP_TAG}" - args: - APT_PACKAGES_EXTRA: "${DOCKER_APP_APT_PACKAGES_EXTRA:-}" - BUILD_FRONTEND: "${DOCKER_APP_BUILD_FRONTEND:-0}" - PHP_BASE_TYPE: "${DOCKER_APP_BASE_TYPE}" - PHP_DEBIAN_RELEASE: "${DOCKER_APP_DEBIAN_RELEASE}" - PHP_EXTENSIONS_EXTRA: "${DOCKER_APP_PHP_EXTENSIONS_EXTRA:-}" - PHP_PECL_EXTENSIONS_EXTRA: "${DOCKER_APP_PHP_PECL_EXTENSIONS_EXTRA:-}" - PHP_VERSION: "${DOCKER_APP_PHP_VERSION:?error}" + context: . + dockerfile: Dockerfile + container_name: pixelfed-app + restart: unless-stopped + ports: + - "8080:8080" + env_file: + - .env environment: - # Used by Pixelfed Docker init script - DOCKER_SERVICE_NAME: "web" - DOCKER_APP_ENTRYPOINT_DEBUG: ${DOCKER_APP_ENTRYPOINT_DEBUG:-0} - ENTRYPOINT_SKIP_SCRIPTS: ${ENTRYPOINT_SKIP_SCRIPTS:-} - # Used by [proxy] service - LETSENCRYPT_HOST: "${DOCKER_PROXY_LETSENCRYPT_HOST:?error}" - LETSENCRYPT_EMAIL: "${DOCKER_PROXY_LETSENCRYPT_EMAIL:?error}" - LETSENCRYPT_TEST: "${DOCKER_PROXY_LETSENCRYPT_TEST:-}" - VIRTUAL_HOST: "${APP_DOMAIN}" - VIRTUAL_PORT: "80" + # SSL Configuration (handled by reverse proxy) + SSL_MODE: "off" + + # PHP Configuration + PHP_POST_MAX_SIZE: "500M" + PHP_UPLOAD_MAX_FILE_SIZE: "500M" + PHP_OPCACHE_ENABLE: "1" + + # Laravel Auto-run Configuration + AUTORUN_ENABLED: "true" + AUTORUN_LARAVEL_MIGRATION: "true" + AUTORUN_LARAVEL_MIGRATION_ISOLATION: "true" + AUTORUN_LARAVEL_STORAGE_LINK: "true" + AUTORUN_LARAVEL_EVENT_CACHE: "true" + AUTORUN_LARAVEL_ROUTE_CACHE: "true" + AUTORUN_LARAVEL_VIEW_CACHE: "true" + AUTORUN_LARAVEL_CONFIG_CACHE: "true" + volumes: - - "./.env:/var/www/.env" - - "${DOCKER_ALL_HOST_CONFIG_ROOT_PATH}/proxy/conf.d:/shared/proxy/conf.d" - - "${DOCKER_APP_HOST_CACHE_PATH}:/var/www/bootstrap/cache" - - "${DOCKER_APP_HOST_OVERRIDES_PATH}:/docker/overrides:ro" - - "${DOCKER_APP_HOST_STORAGE_PATH}:/var/www/storage" - labels: - com.github.nginx-proxy.nginx-proxy.keepalive: 30 - com.github.nginx-proxy.nginx-proxy.http2.enable: true - com.github.nginx-proxy.nginx-proxy.http3.enable: true - ports: - - "${DOCKER_WEB_PORT_EXTERNAL_HTTP}:80" + - ./storage:/var/www/html/storage + - ./bootstrap/cache:/var/www/html/bootstrap/cache depends_on: - db - redis - healthcheck: - test: 'curl --header "Host: ${APP_DOMAIN}" --fail http://localhost/api/service/health-check' - interval: "${DOCKER_WEB_HEALTHCHECK_INTERVAL}" - retries: 2 - timeout: 5s + networks: + - pixelfed-network - worker: - image: "${DOCKER_APP_IMAGE}:${DOCKER_APP_TAG}" - container_name: "${DOCKER_ALL_CONTAINER_NAME_PREFIX}-worker" - command: gosu www-data php artisan horizon - restart: unless-stopped - stop_signal: SIGTERM - profiles: - - ${DOCKER_WORKER_PROFILE:-} + horizon: build: - target: ${DOCKER_APP_RUNTIME}-runtime - cache_from: - - "type=registry,ref=${DOCKER_APP_IMAGE}-cache:${DOCKER_APP_TAG}" - args: - APT_PACKAGES_EXTRA: "${DOCKER_APP_APT_PACKAGES_EXTRA:-}" - BUILD_FRONTEND: "${DOCKER_APP_BUILD_FRONTEND:-0}" - PHP_BASE_TYPE: "${DOCKER_APP_BASE_TYPE}" - PHP_DEBIAN_RELEASE: "${DOCKER_APP_DEBIAN_RELEASE}" - PHP_EXTENSIONS_EXTRA: "${DOCKER_APP_PHP_EXTENSIONS_EXTRA:-}" - PHP_PECL_EXTENSIONS_EXTRA: "${DOCKER_APP_PHP_PECL_EXTENSIONS_EXTRA:-}" - PHP_VERSION: "${DOCKER_APP_PHP_VERSION:?error}" + context: . + dockerfile: Dockerfile + container_name: pixelfed-horizon + restart: unless-stopped + command: ["php", "artisan", "horizon"] + env_file: + - .env environment: - # Used by Pixelfed Docker init script - DOCKER_SERVICE_NAME: "worker" - DOCKER_APP_ENTRYPOINT_DEBUG: ${DOCKER_APP_ENTRYPOINT_DEBUG:-0} - ENTRYPOINT_SKIP_SCRIPTS: ${ENTRYPOINT_SKIP_SCRIPTS:-} + # Laravel Auto-run Configuration + AUTORUN_LARAVEL_STORAGE_LINK: "true" + AUTORUN_LARAVEL_EVENT_CACHE: "true" + AUTORUN_LARAVEL_ROUTE_CACHE: "true" + AUTORUN_LARAVEL_VIEW_CACHE: "true" + AUTORUN_LARAVEL_CONFIG_CACHE: "true" + PHP_POST_MAX_SIZE: "500M" + PHP_UPLOAD_MAX_FILE_SIZE: "500M" + PHP_OPCACHE_ENABLE: "1" volumes: - - "./.env:/var/www/.env" - - "${DOCKER_ALL_HOST_CONFIG_ROOT_PATH}/proxy/conf.d:/shared/proxy/conf.d" - - "${DOCKER_APP_HOST_CACHE_PATH}:/var/www/bootstrap/cache" - - "${DOCKER_APP_HOST_OVERRIDES_PATH}:/docker/overrides:ro" - - "${DOCKER_APP_HOST_STORAGE_PATH}:/var/www/storage" + - ./storage:/var/www/html/storage + - ./bootstrap/cache:/var/www/html/bootstrap/cache depends_on: - db - redis healthcheck: - test: gosu www-data php artisan horizon:status | grep running - interval: "${DOCKER_WORKER_HEALTHCHECK_INTERVAL:?error}" + test: ["CMD", "php", "artisan", "horizon:status"] + interval: 10s timeout: 5s - retries: 2 + retries: 3 + networks: + - pixelfed-network - db: - image: ${DOCKER_DB_IMAGE:?error} - container_name: "${DOCKER_ALL_CONTAINER_NAME_PREFIX}-db" - command: ${DOCKER_DB_COMMAND:-} + scheduler: + build: + context: . + dockerfile: Dockerfile + container_name: pixelfed-scheduler restart: unless-stopped - profiles: - - ${DOCKER_DB_PROFILE:-} + command: ["php", "artisan", "schedule:work"] + stop_signal: SIGTERM + env_file: + - .env environment: - TZ: "${TZ:?error}" - # MySQL (Oracle) - "Environment Variables" at https://hub.docker.com/_/mysql - MYSQL_ROOT_PASSWORD: "${DOCKER_DB_ROOT_PASSWORD:?error}" - MYSQL_USER: "${DB_USERNAME:?error}" - MYSQL_PASSWORD: "${DB_PASSWORD:?error}" - MYSQL_DATABASE: "${DB_DATABASE:?error}" - # MySQL (MariaDB) - "Start a mariadb server instance with user, password and database" at https://hub.docker.com/_/mariadb - MARIADB_ROOT_PASSWORD: "${DOCKER_DB_ROOT_PASSWORD:?error}" - MARIADB_USER: "${DB_USERNAME:?error}" - MARIADB_PASSWORD: "${DB_PASSWORD:?error}" - MARIADB_DATABASE: "${DB_DATABASE:?error}" - # PostgreSQL - "Environment Variables" at https://hub.docker.com/_/postgres - POSTGRES_USER: "${DB_USERNAME:?error}" - POSTGRES_PASSWORD: "${DB_PASSWORD:?error}" - POSTGRES_DB: "${DB_DATABASE:?error}" + # Laravel Auto-run Configuration + AUTORUN_LARAVEL_STORAGE_LINK: "true" + AUTORUN_LARAVEL_EVENT_CACHE: "true" + AUTORUN_LARAVEL_ROUTE_CACHE: "true" + AUTORUN_LARAVEL_VIEW_CACHE: "true" + AUTORUN_LARAVEL_CONFIG_CACHE: "true" + PHP_POST_MAX_SIZE: "500M" + PHP_UPLOAD_MAX_FILE_SIZE: "500M" + PHP_OPCACHE_ENABLE: "1" volumes: - - "${DOCKER_DB_HOST_DATA_PATH:?error}:${DOCKER_DB_CONTAINER_DATA_PATH:?error}" - ports: - - "${DOCKER_DB_HOST_PORT:?error}:${DOCKER_DB_CONTAINER_PORT:?error}" + - ./storage:/var/www/html/storage + - ./bootstrap/cache:/var/www/html/bootstrap/cache + depends_on: + - db + - redis healthcheck: - test: - [ - "CMD", - "healthcheck.sh", - "--su-mysql", - "--connect", - "--innodb_initialized", - ] - interval: "${DOCKER_DB_HEALTHCHECK_INTERVAL:?error}" - retries: 2 - timeout: 5s + test: ["CMD", "healthcheck-schedule"] + start_period: 10s + networks: + - pixelfed-network - redis: - image: redis:${DOCKER_REDIS_VERSION} - container_name: "${DOCKER_ALL_CONTAINER_NAME_PREFIX}-redis" - restart: unless-stopped - command: "${DOCKER_REDIS_CONFIG_FILE:-} --requirepass '${REDIS_PASSWORD:-}'" - profiles: - - ${DOCKER_REDIS_PROFILE:-} - environment: - TZ: "${TZ:?error}" - REDISCLI_AUTH: ${REDIS_PASSWORD:-} - volumes: - - "${DOCKER_ALL_HOST_CONFIG_ROOT_PATH}/redis:/etc/redis" - - "${DOCKER_REDIS_HOST_DATA_PATH}:/data" - ports: - - "${DOCKER_REDIS_HOST_PORT}:6379" - healthcheck: - test: ["CMD", "redis-cli", "-p", "6379", "ping"] - interval: "${DOCKER_REDIS_HEALTHCHECK_INTERVAL:?error}" - retries: 2 - timeout: 5s +networks: + pixelfed-network: + driver: bridge diff --git a/docker/README.md b/docker/README.md deleted file mode 100644 index 5598908c6..000000000 --- a/docker/README.md +++ /dev/null @@ -1,5 +0,0 @@ -# Pixelfed + Docker + Docker Compose - -Please see the [Pixelfed Docs (Next)](https://jippi.github.io/docker-pixelfed/) for current documentation on Docker usage. - -The docs can be [reviewed in the pixelfed/docs-next](https://github.com/pixelfed/docs-next/pull/1) repository. diff --git a/docker/apache/root/etc/apache2/conf-available/remoteip.conf b/docker/apache/root/etc/apache2/conf-available/remoteip.conf deleted file mode 100644 index 516da9f5d..000000000 --- a/docker/apache/root/etc/apache2/conf-available/remoteip.conf +++ /dev/null @@ -1,8 +0,0 @@ -RemoteIPHeader X-Real-IP - -# All private IPs as outlined in rfc1918 -# -# See: https://datatracker.ietf.org/doc/html/rfc1918 -RemoteIPTrustedProxy 10.0.0.0/8 -RemoteIPTrustedProxy 172.16.0.0/12 -RemoteIPTrustedProxy 192.168.0.0/16 diff --git a/docker/artisan b/docker/artisan deleted file mode 100755 index 3bbf58aea..000000000 --- a/docker/artisan +++ /dev/null @@ -1,11 +0,0 @@ -#!/bin/bash - -declare service="${PF_SERVICE:=worker}" -declare user="${PF_USER:=www-data}" - -exec docker compose exec \ - --user "${user}" \ - --env TERM \ - --env COLORTERM \ - "${service}" \ - php artisan "${@}" diff --git a/docker/check-requirements b/docker/check-requirements deleted file mode 100755 index 4da1d6427..000000000 --- a/docker/check-requirements +++ /dev/null @@ -1,126 +0,0 @@ -#!/bin/bash - -set -e -o errexit -o nounset -o pipefail - -# -# Colors -# - -declare -r RED="\e[31m" -declare -r GREEN="\e[32m" -declare -r BLUE="\e[34m" -declare -r NO_COLOR="\e[0m" - -# -# Helper functions -# - -function highlight() { - local reset="${2:-$NO_COLOR}" - echo "${BLUE}$1${reset}" -} - -function action_start() { - echo -en "⚙️ $1: " -} - -function action_ok() { - echo -e "\n\t✅ ${GREEN}${*}${NO_COLOR}\n" -} - -function action_error() { - echo -e "\n\t❌ ${RED}${*}${NO_COLOR}" >&2 -} - -function action_error_exit() { - action_error "${*}\n\n${RED}Aborting!${NO_COLOR}" - - exit 1 -} - -# -# Configuration -# - -declare -r min_docker_compose_version_arr=(2 17) -min_docker_compose_version=$( - IFS=. - echo "${min_docker_compose_version[*]}" -) - -# -# Help text -# - -DOCKER_HELP=" - -\tWe recommend installing Docker (and Compose) directly from Docker.com instead of your Operation System package registry. -\tPlease see $(highlight "https://docs.docker.com/engine/install/")${RED} for information on how to install Docker on your system. - -\tA convinience script is provided by Docker to automate the installation that should work on all supported platforms: - -\t\t ${GREEN}\$${BLUE} curl -fsSL https://get.docker.com -o get-docker.sh -\t\t ${GREEN}\$${BLUE} sudo sh ./get-docker.sh -${RED} -\tPlease see $(highlight "https://docs.docker.com/engine/install/ubuntu/#install-using-the-convenience-script")${RED} for more information - -\tAlternatively, you can update *JUST* the Compose plugin by following the guide here: -\t$(highlight "https://docs.docker.com/compose/install/linux/#install-the-plugin-manually")${RED} - -\tLearn more about Docker compose release history here: -\t$(highlight "https://docs.docker.com/compose/release-notes/")${RED}${NO_COLOR}" -declare -r DOCKER_HELP - -# -# System checks -# - -echo -e "👋 ${GREEN}Hello!" -echo -e "" -echo -e "This script will check your system for the minimum requirements outlined in the Pixelfed Docker install guide" -echo -e "You can find the guide here ${BLUE}https://jippi.github.io/pixelfed-docs-next/pr-preview/pr-1/running-pixelfed/docker/prerequisites.html#software${GREEN}." -echo -e "${NO_COLOR}" - -# git installed? -action_start "Checking if [$(highlight "git")] command is available" -command -v git >/dev/null 2>&1 || { - action_error_exit "Pixelfed require the 'git' command, but it's not installed" -} -action_ok "git is installed" - -# docker installed? -action_start "Checking if [$(highlight "docker")] command is available" -command -v docker >/dev/null 2>&1 || { - action_error_exit "Pixelfed require the 'docker' command, but it's not installed. ${DOCKER_HELP}" -} -action_ok "docker is installed" - -# docker compose installed? -action_start "Checking if [$(highlight "docker compose")] command is available" -docker compose >/dev/null 2>&1 || { - action_error_exit "Pixelfed require the 'docker compose' command, but it's not installed. ${DOCKER_HELP}" -} -action_ok "docker compose is installed" - -# docker compose version is acceptable? -compose_version=$(docker compose version --short) - -declare -a compose_version_arr -IFS="." read -r -a compose_version_arr <<<"$compose_version" - -## major version -action_start "Checking if [$(highlight "docker compose version")] major version (${min_docker_compose_version_arr[0]}) is acceptable" -[[ ${compose_version_arr[0]} -eq ${min_docker_compose_version_arr[0]} ]] || { - action_error_exit "Pixelfed require minimum Docker Compose major version ${min_docker_compose_version_arr[0]}.x.x - found ${compose_version}.${DOCKER_HELP}" -} -action_ok "You're using major version ${compose_version_arr[0]}" - -## minor version -action_start "Checking if [$(highlight "docker compose version")] minor version (${min_docker_compose_version_arr[1]}) is acceptable" -[[ ${compose_version_arr[1]} -ge ${min_docker_compose_version_arr[1]} ]] || { - action_error_exit "Pixelfed require minimum Docker Compose minor version ${min_docker_compose_version_arr[0]}.${min_docker_compose_version_arr[1]} - found ${compose_version}.${DOCKER_HELP}" -} -action_ok "You're using minor version ${compose_version_arr[1]}" - -# Yay, everything is fine -echo -e "🎉 ${GREEN}All checks passed, you should be ready to run Pixelfed on this server!${NO_COLOR}" diff --git a/docker/dottie b/docker/dottie deleted file mode 100755 index 8bd304a03..000000000 --- a/docker/dottie +++ /dev/null @@ -1,45 +0,0 @@ -#!/bin/bash - -set -e -o errexit -o nounset -o pipefail - -declare project_root="${PWD}" -declare user="${PF_USER:=www-data}" - -if command -v git &>/dev/null; then - project_root=$(git rev-parse --show-toplevel) -fi - -declare -r release="${DOTTIE_VERSION:-latest}" - -declare -r update_check_file="/tmp/.dottie-update-check" # file to check age of since last update -declare -i update_check_max_age=$((8 * 60 * 60)) # 8 hours between checking for dottie version -declare -i update_check_cur_age=$((update_check_max_age + 1)) # by default the "update" event should happen - -# default [docker run] flags -declare -a flags=( - --rm - --interactive - --tty - --user "${user}" - --env TERM - --env COLORTERM - --volume "${project_root}:/var/www" - --workdir /var/www -) - -# if update file exists, find its age since last modification -if [[ -f "${update_check_file}" ]]; then - now=$(date +%s) - changed=$(date -r "${update_check_file}" +%s) - update_check_cur_age=$((now - changed)) -fi - -# if update file is older than max allowed poll for new version of dottie -if [[ $update_check_cur_age -gt $update_check_max_age ]]; then - flags+=(--pull always) - - touch "${update_check_file}" -fi - -# run dottie -exec docker run "${flags[@]}" "ghcr.io/jippi/dottie:${release}" "$@" diff --git a/docker/fpm/root/.gitkeep b/docker/fpm/root/.gitkeep deleted file mode 100644 index e69de29bb..000000000 diff --git a/docker/nginx/Procfile b/docker/nginx/Procfile deleted file mode 100644 index bd375bf6a..000000000 --- a/docker/nginx/Procfile +++ /dev/null @@ -1,2 +0,0 @@ -fpm: php-fpm -nginx: nginx -g "daemon off;" diff --git a/docker/nginx/root/docker/templates/etc/nginx/conf.d/default.conf b/docker/nginx/root/docker/templates/etc/nginx/conf.d/default.conf deleted file mode 100644 index 15bf17beb..000000000 --- a/docker/nginx/root/docker/templates/etc/nginx/conf.d/default.conf +++ /dev/null @@ -1,49 +0,0 @@ -server { - listen 80 default_server; - - server_name {{ getenv "APP_DOMAIN" }}; - root /var/www/public; - - add_header X-Frame-Options "SAMEORIGIN"; - add_header X-XSS-Protection "1; mode=block"; - add_header X-Content-Type-Options "nosniff"; - - access_log /dev/stdout; - error_log /dev/stderr warn; - - index index.html index.htm index.php; - - charset utf-8; - client_max_body_size {{ getenv "POST_MAX_SIZE" "61M" }}; - - location / { - try_files $uri $uri/ /index.php?$query_string; - } - - location = /favicon.ico { - access_log off; - log_not_found off; - } - - location = /robots.txt { - access_log off; - log_not_found off; - } - - error_page 404 /index.php; - - location ~ \.php$ { - fastcgi_split_path_info ^(.+\.php)(/.+)$; - - fastcgi_pass 127.0.0.1:9000; - fastcgi_index index.php; - - include fastcgi_params; - - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - } - - location ~ /\.(?!well-known).* { - deny all; - } -} diff --git a/docker/nginx/root/docker/templates/etc/nginx/nginx.conf b/docker/nginx/root/docker/templates/etc/nginx/nginx.conf deleted file mode 100644 index 4e87a4565..000000000 --- a/docker/nginx/root/docker/templates/etc/nginx/nginx.conf +++ /dev/null @@ -1,41 +0,0 @@ -# This is changed from the original "nginx" in upstream to work properly -# with permissions within pixelfed when serving static files. -user www-data; - -worker_processes auto; - -# Ensure the PID is writable -# Lifted from: https://hub.docker.com/r/nginxinc/nginx-unprivileged -pid /tmp/nginx.pid; - -# Write error log to stderr (/proc/self/fd/2 -> /dev/stderr) -error_log /proc/self/fd/2 notice; - -events { - worker_connections 1024; -} - -http { - include /etc/nginx/mime.types; - default_type application/octet-stream; - - log_format main '$remote_addr - $remote_user [$time_local] "$request" $status $body_bytes_sent "$http_referer" "$http_user_agent" "$http_x_forwarded_for"'; - - # Write error log to stdout (/proc/self/fd/1 -> /dev/stdout) - access_log /proc/self/fd/1 main; - - sendfile on; - tcp_nopush on; - keepalive_timeout 65; - gzip on; - - # Ensure all temp paths are in a writable by "www-data" user. - # Lifted from: https://hub.docker.com/r/nginxinc/nginx-unprivileged - client_body_temp_path /tmp/client_temp; - proxy_temp_path /tmp/proxy_temp_path; - fastcgi_temp_path /tmp/fastcgi_temp; - uwsgi_temp_path /tmp/uwsgi_temp; - scgi_temp_path /tmp/scgi_temp; - - include /etc/nginx/conf.d/*.conf; -} diff --git a/docker/shared/root/docker/entrypoint.d/01-permissions.sh b/docker/shared/root/docker/entrypoint.d/01-permissions.sh deleted file mode 100755 index dc9dc7591..000000000 --- a/docker/shared/root/docker/entrypoint.d/01-permissions.sh +++ /dev/null @@ -1,31 +0,0 @@ -#!/bin/bash -: "${ENTRYPOINT_ROOT:="/docker"}" - -# shellcheck source=SCRIPTDIR/../helpers.sh -source "${ENTRYPOINT_ROOT}/helpers.sh" - -entrypoint-set-script-name "$0" - -# Ensure the Docker volumes and required files are owned by the runtime user as other scripts -# will be writing to these -run-as-current-user chown --verbose "${RUNTIME_UID}:${RUNTIME_GID}" "./.env" -run-as-current-user chown --verbose "${RUNTIME_UID}:${RUNTIME_GID}" "./bootstrap/cache" -run-as-current-user chown --verbose "${RUNTIME_UID}:${RUNTIME_GID}" "./storage" -run-as-current-user chown --verbose --recursive "${RUNTIME_UID}:${RUNTIME_GID}" "./storage/docker" - -# Optionally fix ownership of configured paths -: "${DOCKER_APP_ENSURE_OWNERSHIP_PATHS:=""}" - -declare -a ensure_ownership_paths=() -IFS=' ' read -r -a ensure_ownership_paths <<<"${DOCKER_APP_ENSURE_OWNERSHIP_PATHS}" - -if [[ ${#ensure_ownership_paths[@]} == 0 ]]; then - log-info "No paths has been configured for ownership fixes via [\$DOCKER_APP_ENSURE_OWNERSHIP_PATHS]." - - exit 0 -fi - -for path in "${ensure_ownership_paths[@]}"; do - log-info "Ensure ownership of [${path}] is correct" - stream-prefix-command-output run-as-current-user chown --recursive "${RUNTIME_UID}:${RUNTIME_GID}" "${path}" -done diff --git a/docker/shared/root/docker/entrypoint.d/02-check-config.sh b/docker/shared/root/docker/entrypoint.d/02-check-config.sh deleted file mode 100755 index 627960352..000000000 --- a/docker/shared/root/docker/entrypoint.d/02-check-config.sh +++ /dev/null @@ -1,21 +0,0 @@ -#!/bin/bash -: "${ENTRYPOINT_ROOT:="/docker"}" - -# shellcheck source=SCRIPTDIR/../helpers.sh -source "${ENTRYPOINT_ROOT}/helpers.sh" - -entrypoint-set-script-name "$0" - -# Validating dot-env files for any issues -for file in "${dot_env_files[@]}"; do - if ! file-exists "${file}"; then - log-warning "Could not source file [${file}]: does not exists" - continue - fi - - # We ignore 'dir' + 'file' rules since they are validate *host* paths - # which do not (and should not) exists inside the container - # - # We disable fixer since its not interactive anyway - run-as-current-user dottie validate --file "${file}" --ignore-rule dir,file --exclude-prefix APP_KEY --no-fix -done diff --git a/docker/shared/root/docker/entrypoint.d/04-defaults.envsh b/docker/shared/root/docker/entrypoint.d/04-defaults.envsh deleted file mode 100755 index a55a56e6c..000000000 --- a/docker/shared/root/docker/entrypoint.d/04-defaults.envsh +++ /dev/null @@ -1,33 +0,0 @@ -#!/bin/bash - -# NOTE: -# -# This file is *sourced* not run by the entrypoint runner -# so any environment values set here will be accessible to all sub-processes -# and future entrypoint.d scripts -# -# We also don't need to source `helpers.sh` since it's already available - -entrypoint-set-script-name "${BASH_SOURCE[0]}" - -load-config-files - -: "${MAX_PHOTO_SIZE:=15000}" -: "${MAX_ALBUM_LENGTH:=4}" - -# We assign a 1MB buffer to the just-in-time calculated max post size to allow for fields and overhead -: "${POST_MAX_SIZE_BUFFER:=1M}" -log-info "POST_MAX_SIZE_BUFFER is set to [${POST_MAX_SIZE_BUFFER}]" -buffer=$(numfmt --invalid=fail --from=auto --to=none --to-unit=K "${POST_MAX_SIZE_BUFFER}") -log-info "POST_MAX_SIZE_BUFFER converted to KB is [${buffer}]" - -# Automatically calculate the [post_max_size] value for [php.ini] and [nginx] -log-info "POST_MAX_SIZE will be calculated by [({MAX_PHOTO_SIZE} * {MAX_ALBUM_LENGTH}) + {POST_MAX_SIZE_BUFFER}]" -log-info " MAX_PHOTO_SIZE=${MAX_PHOTO_SIZE}" -log-info " MAX_ALBUM_LENGTH=${MAX_ALBUM_LENGTH}" -log-info " POST_MAX_SIZE_BUFFER=${buffer}" -: "${POST_MAX_SIZE:=$(numfmt --invalid=fail --from=auto --from-unit=K --to=si $(((MAX_PHOTO_SIZE * MAX_ALBUM_LENGTH) + buffer)))}" -log-info "POST_MAX_SIZE was calculated to [${POST_MAX_SIZE}]" - -# NOTE: must export the value so it's available in other scripts! -export POST_MAX_SIZE diff --git a/docker/shared/root/docker/entrypoint.d/05-templating.sh b/docker/shared/root/docker/entrypoint.d/05-templating.sh deleted file mode 100755 index e699778cf..000000000 --- a/docker/shared/root/docker/entrypoint.d/05-templating.sh +++ /dev/null @@ -1,56 +0,0 @@ -#!/bin/bash -: "${ENTRYPOINT_ROOT:="/docker"}" - -# shellcheck source=SCRIPTDIR/../helpers.sh -source "${ENTRYPOINT_ROOT}/helpers.sh" - -entrypoint-set-script-name "$0" - -# Show [git diff] of templates being rendered (will help verify output) -: "${ENTRYPOINT_SHOW_TEMPLATE_DIFF:=1}" -# Directory where templates can be found -: "${ENTRYPOINT_TEMPLATE_DIR:=/docker/templates/}" -# Root path to write template template_files to (default is '', meaning it will be written to /) -: "${ENTRYPOINT_TEMPLATE_OUTPUT_PREFIX:=}" - -declare template_file relative_template_file_path output_file_dir - -# load all dot-env config files -load-and-export-config-files - - -find "${ENTRYPOINT_TEMPLATE_DIR}" -follow -type f -print | while read -r template_file; do - # Example: template_file=/docker/templates/usr/local/etc/php/php.ini - - # The file path without the template dir prefix ($ENTRYPOINT_TEMPLATE_DIR) - # - # Example: /usr/local/etc/php/php.ini - relative_template_file_path="${template_file#"${ENTRYPOINT_TEMPLATE_DIR}"}" - - # Adds optional prefix to the output file path - # - # Example: /usr/local/etc/php/php.ini - output_file_path="${ENTRYPOINT_TEMPLATE_OUTPUT_PREFIX}/${relative_template_file_path}" - - # Remove the file from the path - # - # Example: /usr/local/etc/php - output_file_dir=$(dirname "${output_file_path}") - - # Ensure the output directory is writable - if ! is-writable "${output_file_dir}"; then - log-error-and-exit "${output_file_dir} is not writable" - fi - - # Create the output directory if it doesn't exists - ensure-directory-exists "${output_file_dir}" - - # Render the template - log-info "Running [gomplate] on [${template_file}] --> [${output_file_path}]" - gomplate <"${template_file}" >"${output_file_path}" - - # Show the diff from the envsubst command - if is-true "${ENTRYPOINT_SHOW_TEMPLATE_DIFF}"; then - git --no-pager diff --color=always "${template_file}" "${output_file_path}" || : # ignore diff exit code - fi -done diff --git a/docker/shared/root/docker/entrypoint.d/10-storage.sh b/docker/shared/root/docker/entrypoint.d/10-storage.sh deleted file mode 100755 index 54145a365..000000000 --- a/docker/shared/root/docker/entrypoint.d/10-storage.sh +++ /dev/null @@ -1,13 +0,0 @@ -#!/bin/bash -: "${ENTRYPOINT_ROOT:="/docker"}" - -# shellcheck source=SCRIPTDIR/../helpers.sh -source "${ENTRYPOINT_ROOT}/helpers.sh" - -entrypoint-set-script-name "$0" - -# Copy the [storage/] skeleton files over the "real" [storage/] directory so assets are updated between versions -run-as-runtime-user cp --force --recursive storage.skel/. ./storage/ - -# Ensure storage linkk are correctly configured -run-as-runtime-user php artisan storage:link diff --git a/docker/shared/root/docker/entrypoint.d/11-first-time-setup.sh b/docker/shared/root/docker/entrypoint.d/11-first-time-setup.sh deleted file mode 100755 index fb5c86a39..000000000 --- a/docker/shared/root/docker/entrypoint.d/11-first-time-setup.sh +++ /dev/null @@ -1,38 +0,0 @@ -#!/bin/bash -: "${ENTRYPOINT_ROOT:="/docker"}" - -# shellcheck source=SCRIPTDIR/../helpers.sh -source "${ENTRYPOINT_ROOT}/helpers.sh" - -entrypoint-set-script-name "$0" - -load-config-files - -# Allow automatic applying of outstanding/new migrations on startup -: "${DOCKER_APP_RUN_ONE_TIME_SETUP_TASKS:=1}" - -if is-false "${DOCKER_APP_RUN_ONE_TIME_SETUP_TASKS}"; then - log-warning "Automatic run of the 'One-time setup tasks' is disabled." - log-warning "Please set [DOCKER_APP_RUN_ONE_TIME_SETUP_TASKS=1] in your [.env] file to enable this." - - exit 0 -fi - -await-database-ready - -# Following https://docs.pixelfed.org/running-pixelfed/installation/#one-time-setup-tasks -# -# NOTE: Caches happens in [30-cache.sh] - -only-once "key:generate" run-as-runtime-user php artisan key:generate -only-once "storage:link" run-as-runtime-user php artisan storage:link -only-once "initial:migrate" run-as-runtime-user php artisan migrate --force -only-once "import:cities" run-as-runtime-user php artisan import:cities - -if is-true "${ACTIVITY_PUB:-false}"; then - only-once "instance:actor" run-as-runtime-user php artisan instance:actor -fi - -if is-true "${OAUTH_ENABLED:-false}"; then - only-once "passport:keys" run-as-runtime-user php artisan passport:keys -fi diff --git a/docker/shared/root/docker/entrypoint.d/12-migrations.sh b/docker/shared/root/docker/entrypoint.d/12-migrations.sh deleted file mode 100755 index 3b87daf1f..000000000 --- a/docker/shared/root/docker/entrypoint.d/12-migrations.sh +++ /dev/null @@ -1,42 +0,0 @@ -#!/bin/bash -: "${ENTRYPOINT_ROOT:="/docker"}" - -# shellcheck source=SCRIPTDIR/../helpers.sh -source "${ENTRYPOINT_ROOT}/helpers.sh" - -entrypoint-set-script-name "$0" - -# Allow automatic applying of outstanding/new migrations on startup -: "${DB_APPLY_NEW_MIGRATIONS_AUTOMATICALLY:=0}" - -# Wait for the database to be ready -await-database-ready - -# Run the migrate:status command and capture output -output=$(run-as-runtime-user php artisan migrate:status || :) - -# By default we have no new migrations -declare -i new_migrations=0 - -# Detect if any new migrations are available by checking for "No" in the output -echo "$output" | grep No && new_migrations=1 - -if is-false "${new_migrations}"; then - log-info "No new migrations detected" - - exit 0 -fi - -log-warning "New migrations available" - -# Print the output -echo "$output" - -if is-false "${DB_APPLY_NEW_MIGRATIONS_AUTOMATICALLY}"; then - log-info "Automatic applying of new database migrations is disabled" - log-info "Please set [DB_APPLY_NEW_MIGRATIONS_AUTOMATICALLY=1] in your [.env] file to enable this." - - exit 0 -fi - -run-as-runtime-user php artisan migrate --force diff --git a/docker/shared/root/docker/entrypoint.d/20-horizon.sh b/docker/shared/root/docker/entrypoint.d/20-horizon.sh deleted file mode 100755 index 55efd768d..000000000 --- a/docker/shared/root/docker/entrypoint.d/20-horizon.sh +++ /dev/null @@ -1,9 +0,0 @@ -#!/bin/bash -: "${ENTRYPOINT_ROOT:="/docker"}" - -# shellcheck source=SCRIPTDIR/../helpers.sh -source "${ENTRYPOINT_ROOT}/helpers.sh" - -entrypoint-set-script-name "$0" - -run-as-runtime-user php artisan horizon:publish diff --git a/docker/shared/root/docker/entrypoint.d/30-cache.sh b/docker/shared/root/docker/entrypoint.d/30-cache.sh deleted file mode 100755 index c970db60b..000000000 --- a/docker/shared/root/docker/entrypoint.d/30-cache.sh +++ /dev/null @@ -1,11 +0,0 @@ -#!/bin/bash -: "${ENTRYPOINT_ROOT:="/docker"}" - -# shellcheck source=SCRIPTDIR/../helpers.sh -source "${ENTRYPOINT_ROOT}/helpers.sh" - -entrypoint-set-script-name "$0" - -run-as-runtime-user php artisan config:cache -run-as-runtime-user php artisan route:cache -run-as-runtime-user php artisan view:cache diff --git a/docker/shared/root/docker/entrypoint.sh b/docker/shared/root/docker/entrypoint.sh deleted file mode 100755 index 055cf25d7..000000000 --- a/docker/shared/root/docker/entrypoint.sh +++ /dev/null @@ -1,105 +0,0 @@ -#!/bin/bash -# short curcuit the entrypoint if $ENTRYPOINT_SKIP isn't set to 0 -if [[ ${ENTRYPOINT_SKIP:=0} != 0 ]]; then - exec "$@" -fi - -: "${ENTRYPOINT_ROOT:="/docker"}" -export ENTRYPOINT_ROOT - -# Directory where entrypoint scripts lives -: "${ENTRYPOINT_D_ROOT:="${ENTRYPOINT_ROOT}/entrypoint.d/"}" -export ENTRYPOINT_D_ROOT - -: "${DOCKER_APP_HOST_OVERRIDES_PATH:="${ENTRYPOINT_ROOT}/overrides"}" -export DOCKER_APP_HOST_OVERRIDES_PATH - -# Space separated list of scripts the entrypoint runner should skip -: "${ENTRYPOINT_SKIP_SCRIPTS:=""}" - -# Load helper scripts -# -# shellcheck source=SCRIPTDIR/helpers.sh -source "${ENTRYPOINT_ROOT}/helpers.sh" - -# Set the entrypoint name for logging -entrypoint-set-script-name "entrypoint.sh" - -# Convert ENTRYPOINT_SKIP_SCRIPTS into a native bash array for easier lookup -declare -a skip_scripts -# shellcheck disable=SC2034 -IFS=' ' read -r -a skip_scripts <<< "$ENTRYPOINT_SKIP_SCRIPTS" - -# Ensure the entrypoint root folder exists -mkdir -p "${ENTRYPOINT_D_ROOT}" - -# If ENTRYPOINT_D_ROOT directory is empty, warn and run the regular command -if directory-is-empty "${ENTRYPOINT_D_ROOT}"; then - log-warning "No files found in ${ENTRYPOINT_D_ROOT}, skipping configuration" - - exec "$@" -fi - -# If the overridess directory exists, then copy all files into the container -if ! directory-is-empty "${DOCKER_APP_HOST_OVERRIDES_PATH}"; then - log-info "Overrides directory is not empty, copying files" - run-as-current-user cp --verbose --recursive "${DOCKER_APP_HOST_OVERRIDES_PATH}/." / -fi - -acquire-lock "entrypoint.sh" - -# Start scanning for entrypoint.d files to source or run -log-info "looking for shell scripts in [${ENTRYPOINT_D_ROOT}]" - -find "${ENTRYPOINT_D_ROOT}" -follow -type f -print | sort -V | while read -r file; do - # Skip the script if it's in the skip-script list - if in-array "$(get-entrypoint-script-name "${file}")" skip_scripts; then - log-warning "Skipping script [${file}] since it's in the skip list (\$ENTRYPOINT_SKIP_SCRIPTS)" - - continue - fi - - # Inspect the file extension of the file we're processing - case "${file}" in - *.envsh) - if ! is-executable "${file}"; then - # warn on shell scripts without exec bit - log-error-and-exit "File [${file}] is not executable (please 'chmod +x' it)" - fi - - log-info "${section_message_color}============================================================${color_clear}" - log-info "${section_message_color}Sourcing [${file}]${color_clear}" - log-info "${section_message_color}============================================================${color_clear}" - - # shellcheck disable=SC1090 - source "${file}" - - # the sourced file will (should) than the log prefix, so this restores our own - # "global" log prefix once the file is done being sourced - entrypoint-restore-script-name - ;; - - *.sh) - if ! is-executable "${file}"; then - # warn on shell scripts without exec bit - log-error-and-exit "File [${file}] is not executable (please 'chmod +x' it)" - fi - - log-info "${section_message_color}============================================================${color_clear}" - log-info "${section_message_color}Executing [${file}]${color_clear}" - log-info "${section_message_color}============================================================${color_clear}" - - "${file}" - ;; - - *) - log-warning "Ignoring unrecognized file [${file}]" - ;; - esac -done - -release-lock "entrypoint.sh" - -log-info "Configuration complete; ready for start up" - -exec "$@" diff --git a/docker/shared/root/docker/helpers.sh b/docker/shared/root/docker/helpers.sh deleted file mode 100644 index 631b0ef0e..000000000 --- a/docker/shared/root/docker/helpers.sh +++ /dev/null @@ -1,592 +0,0 @@ -#!/bin/bash -set -e -o errexit -o nounset -o pipefail - -[[ ${DOCKER_APP_ENTRYPOINT_DEBUG:=0} == 1 ]] && set -x - -: "${RUNTIME_UID:="33"}" -: "${RUNTIME_GID:="33"}" - -# Some splash of color for important messages -declare -g error_message_color="\033[1;31m" -declare -g warn_message_color="\033[1;33m" -declare -g notice_message_color="\033[1;34m" -declare -g success_message_color="\033[1;32m" -# shellcheck disable=SC2034 -declare -g section_message_color="\033[1;35m" -declare -g color_clear="\033[1;0m" - -# Current and previous log prefix -declare -g script_name= -declare -g script_name_previous= -declare -g log_prefix= - -declare -Ag lock_fds=() - -# dot-env files to source when reading config -declare -a dot_env_files=( - /var/www/.env -) - -declare -g docker_state_path -docker_state_path="$(readlink -f ./storage/docker)" - -declare -g docker_locks_path="${docker_state_path}/lock" -declare -g docker_once_path="${docker_state_path}/once" - -declare -g runtime_username -runtime_username=$(id -un "${RUNTIME_UID}") - -# We should already be in /var/www, but just to be explicit -cd /var/www || log-error-and-exit "could not change to /var/www" - -# @description Restore the log prefix to the previous value that was captured in [entrypoint-set-script-name ] -# @arg $1 string The name (or path) of the entrypoint script being run -function entrypoint-set-script-name() -{ - script_name_previous="${script_name}" - script_name="${1}" - - log_prefix="[entrypoint / $(get-entrypoint-script-name "$1")] - " -} - -# @description Restore the log prefix to the previous value that was captured in [entrypoint-set-script-name ] -function entrypoint-restore-script-name() -{ - entrypoint-set-script-name "${script_name_previous}" -} - -# @description Run a command as the [runtime user] -# @arg $@ string The command to run -# @exitcode 0 if the command succeeeds -# @exitcode 1 if the command fails -function run-as-runtime-user() -{ - run-command-as "${runtime_username}" "${@}" -} - -# @description Run a command as the [runtime user] -# @arg $@ string The command to run -# @exitcode 0 if the command succeeeds -# @exitcode 1 if the command fails -function run-as-current-user() -{ - run-command-as "$(id -un)" "${@}" -} - -# @description Run a command as the a named user -# @arg $1 string The user to run the command as -# @arg $@ string The command to run -# @exitcode 0 If the command succeeeds -# @exitcode 1 If the command fails -function run-command-as() -{ - local -i exit_code - local target_user - - target_user=${1} - shift - - log-info-stderr "${notice_message_color}👷 Running [${*}] as [${target_user}]${color_clear}" - - # disable error on exit behavior temporarily while we run the command - set +e - - if [[ ${target_user} != "root" ]]; then - stream-prefix-command-output su --preserve-environment "${target_user}" --shell /bin/bash --command "${*}" - else - stream-prefix-command-output "${@}" - fi - - # capture exit code - exit_code=$? - - # re-enable exit code handling - set -e - - if [[ $exit_code != 0 ]]; then - log-error "${error_message_color}❌ Error!${color_clear}" - - return "$exit_code" - fi - - log-info-stderr "${success_message_color}✅ OK!${color_clear}" - - return "$exit_code" -} - -# @description Streams stdout from the command and echo it -# with log prefixing. -# @see stream-prefix-command-output -function stream-stdout-handler() -{ - while read -r line; do - log-info "(stdout) ${line}" - done -} - -# @description Streams stderr from the command and echo it -# with a bit of color and log prefixing. -# @see stream-prefix-command-output -function stream-stderr-handler() -{ - while read -r line; do - log-info-stderr "(${error_message_color}stderr${color_clear}) ${line}" - done -} - -# @description Steam stdout and stderr from a command with log prefix -# and stdout/stderr prefix. If stdout or stderr is being piped/redirected -# it will automatically fall back to non-prefixed output. -# @arg $@ string The command to run -function stream-prefix-command-output() -{ - local stdout=stream-stdout-handler - local stderr=stream-stderr-handler - - # if stdout is being piped, print it like normal with echo - if [ ! -t 1 ]; then - # shellcheck disable=SC1007 - stdout= echo >&1 -ne - fi - - # if stderr is being piped, print it like normal with echo - if [ ! -t 2 ]; then - # shellcheck disable=SC1007 - stderr= echo >&2 -ne - fi - - "$@" > >($stdout) 2> >($stderr) -} - -# @description Print the given error message to stderr -# @arg $message string A error message. -# @stderr The error message provided with log prefix -function log-error() -{ - local msg - - if [[ $# -gt 0 ]]; then - msg="$*" - elif [[ ! -t 0 ]]; then - read -r msg || log-error-and-exit "[${FUNCNAME[0]}] could not read from stdin" - else - log-error-and-exit "[${FUNCNAME[0]}] did not receive any input arguments and STDIN is empty" - fi - - echo -e "${error_message_color}${log_prefix}ERROR -${color_clear} ${msg}" >/dev/stderr -} - -# @description Print the given error message to stderr and exit 1 -# @arg $@ string A error message. -# @stderr The error message provided with log prefix -# @exitcode 1 -function log-error-and-exit() -{ - log-error "$@" - - show-call-stack - - exit 1 -} - -# @description Print the given warning message to stderr -# @arg $@ string A warning message. -# @stderr The warning message provided with log prefix -function log-warning() -{ - local msg - - if [[ $# -gt 0 ]]; then - msg="$*" - elif [[ ! -t 0 ]]; then - read -r msg || log-error-and-exit "[${FUNCNAME[0]}] could not read from stdin" - else - log-error-and-exit "[${FUNCNAME[0]}] did not receive any input arguments and STDIN is empty" - fi - - echo -e "${warn_message_color}${log_prefix}WARNING -${color_clear} ${msg}" >/dev/stderr -} - -# @description Print the given message to stdout unless [ENTRYPOINT_QUIET_LOGS] is set -# @arg $@ string A info message. -# @stdout The info message provided with log prefix unless $ENTRYPOINT_QUIET_LOGS -function log-info() -{ - local msg - - if [[ $# -gt 0 ]]; then - msg="$*" - elif [[ ! -t 0 ]]; then - read -r msg || log-error-and-exit "[${FUNCNAME[0]}] could not read from stdin" - else - log-error-and-exit "[${FUNCNAME[0]}] did not receive any input arguments and STDIN is empty" - fi - - if [ -z "${ENTRYPOINT_QUIET_LOGS:-}" ]; then - echo -e "${notice_message_color}${log_prefix}${color_clear}${msg}" - fi -} - -# @description Print the given message to stderr unless [ENTRYPOINT_QUIET_LOGS] is set -# @arg $@ string A info message. -# @stderr The info message provided with log prefix unless $ENTRYPOINT_QUIET_LOGS -function log-info-stderr() -{ - local msg - - if [[ $# -gt 0 ]]; then - msg="$*" - elif [[ ! -t 0 ]]; then - read -r msg || log-error-and-exit "[${FUNCNAME[0]}] could not read from stdin" - else - log-error-and-exit "[${FUNCNAME[0]}] did not receive any input arguments and STDIN is empty" - fi - - if [ -z "${ENTRYPOINT_QUIET_LOGS:-}" ]; then - echo -e "${notice_message_color}${log_prefix}${color_clear}${msg}" >/dev/stderr - fi -} - -# @description Loads the dot-env files used by Docker -function load-config-files() { - local export_vars=0 - load-config-files-impl "$export_vars" -} - -# @description Loads the dot-env files used by Docker and exports the variables to subshells -function load-and-export-config-files() { - local export_vars=1 - load-config-files-impl "$export_vars" -} - -# @description Implementation of the [load-config-files] and [load-and-export-config-files] functions. Loads th -# @arg $1 int Whether to export the variables or just have them available in the current shell -function load-config-files-impl() -{ - local export_vars=${1:-0} - for file in "${dot_env_files[@]}"; do - if ! file-exists "${file}"; then - log-warning "Could not source file [${file}]: does not exists" - continue - fi - - log-info "Sourcing ${file}" - if ((export_vars)); then set -o allexport; fi - # shellcheck disable=SC1090 - source "${file}" - if ((export_vars)); then set +o allexport; fi - done -} - -# @description Checks if $needle exists in $haystack -# @arg $1 string The needle (value) to search for -# @arg $2 array The haystack (array) to search in -# @exitcode 0 If $needle was found in $haystack -# @exitcode 1 If $needle was *NOT* found in $haystack -function in-array() -{ - local -r needle="\<${1}\>" - local -nr haystack=$2 - - [[ ${haystack[*]} =~ $needle ]] -} - -# @description Checks if $1 has executable bit set or not -# @arg $1 string The path to check -# @exitcode 0 If $1 has executable bit -# @exitcode 1 If $1 does *NOT* have executable bit -function is-executable() -{ - [[ -x "$1" ]] -} - -# @description Checks if $1 is writable or not -# @arg $1 string The path to check -# @exitcode 0 If $1 is writable -# @exitcode 1 If $1 is *NOT* writable -function is-writable() -{ - [[ -w "$1" ]] -} - -# @description Checks if $1 exists (directory or file) -# @arg $1 string The path to check -# @exitcode 0 If $1 exists -# @exitcode 1 If $1 does *NOT* exists -function path-exists() -{ - [[ -e "$1" ]] -} - -# @description Checks if $1 exists (file only) -# @arg $1 string The path to check -# @exitcode 0 If $1 exists -# @exitcode 1 If $1 does *NOT* exists -function file-exists() -{ - [[ -f "$1" ]] -} - -# @description Checks if $1 contains any files or not -# @arg $1 string The path to check -# @exitcode 0 If $1 contains files -# @exitcode 1 If $1 does *NOT* contain files -function directory-is-empty() -{ - ! path-exists "${1}" || [[ -z "$(ls -A "${1}")" ]] -} - -# @description Ensures a directory exists (via mkdir) -# @arg $1 string The path to create -# @exitcode 0 If $1 If the path exists *or* was created -# @exitcode 1 If $1 If the path does *NOT* exists and could *NOT* be created -function ensure-directory-exists() -{ - stream-prefix-command-output mkdir -pv "$@" -} - -# @description Find the relative path for a entrypoint script by removing the ENTRYPOINT_D_ROOT prefix -# @arg $1 string The path to manipulate -# @stdout The relative path to the entrypoint script -function get-entrypoint-script-name() -{ - echo "${1#"$ENTRYPOINT_D_ROOT"}" -} - -# @description Ensure a command is only run once (via a 'lock' file) in the storage directory. -# The 'lock' is only written if the passed in command ($2) successfully ran. -# @arg $1 string The name of the lock file -# @arg $@ string The command to run -function only-once() -{ - local name="${1:-$script_name}" - local file="${docker_once_path}/${name}" - shift - - if [[ -e "${file}" ]]; then - log-info "Command [${*}] has already run once before (remove file [${file}] to run it again)" - - return 0 - fi - - ensure-directory-exists "$(dirname "${file}")" - - if ! "$@"; then - return 1 - fi - - stream-prefix-command-output touch "${file}" - return 0 -} - -# @description Best effort file lock to ensure *something* is not running in multiple containers. -# The script uses "trap" to clean up after itself if the script crashes -# @arg $1 string The lock identifier -function acquire-lock() -{ - local name="${1:-$script_name}" - local file="${docker_locks_path}/${name}" - local lock_fd - - ensure-directory-exists "$(dirname "${file}")" - - exec {lock_fd}>"$file" - - log-info "🔑 Trying to acquire lock: ${file}: " - while ! ([[ -v lock_fds[$name] ]] || flock -n -x "$lock_fd"); do - log-info "🔒 Waiting on lock ${file}" - - staggered-sleep - done - - [[ -v lock_fds[$name] ]] || lock_fds[$name]=$lock_fd - - log-info "🔐 Lock acquired [${file}]" - - on-trap "release-lock ${name}" EXIT INT QUIT TERM -} - -# @description Release a lock aquired by [acquire-lock] -# @arg $1 string The lock identifier -function release-lock() -{ - local name="${1:-$script_name}" - local file="${docker_locks_path}/${name}" - - log-info "🔓 Releasing lock [${file}]" - - [[ -v lock_fds[$name] ]] || return - - # shellcheck disable=SC1083,SC2086 - flock --unlock ${lock_fds[$name]} - unset 'lock_fds[$name]' -} - -# @description Helper function to append multiple actions onto -# the bash [trap] logic -# @arg $1 string The command to run -# @arg $@ string The list of trap signals to register -function on-trap() -{ - local trap_add_cmd=$1 - shift || log-error-and-exit "${FUNCNAME[0]} usage error" - - for trap_add_name in "$@"; do - trap -- "$( - # helper fn to get existing trap command from output - # of trap -p - # - # shellcheck disable=SC2317 - extract_trap_cmd() - { - printf '%s\n' "${3:-}" - } - # print existing trap command with newline - eval "extract_trap_cmd $(trap -p "${trap_add_name}")" - # print the new trap command - printf '%s\n' "${trap_add_cmd}" - )" "${trap_add_name}" \ - || log-error-and-exit "unable to add to trap ${trap_add_name}" - done -} - -# Set the trace attribute for the above function. -# -# This is required to modify DEBUG or RETURN traps because functions don't -# inherit them unless the trace attribute is set -declare -f -t on-trap - -# @description Waits for the database to be healthy and responsive -function await-database-ready() -{ - log-info "❓ Waiting for database to be ready" - - load-config-files - - case "${DB_CONNECTION:-}" in - mysql) - # shellcheck disable=SC2154 - while ! echo "SELECT 1" | mysql --user="${DB_USERNAME}" --password="${DB_PASSWORD}" --host="${DB_HOST}" --port="${DOCKER_DB_HOST_PORT}" "${DB_DATABASE}" --silent >/dev/null; do - staggered-sleep - done - ;; - - pgsql) - # shellcheck disable=SC2154 - while ! echo "SELECT 1" | PGPASSWORD="${DB_PASSWORD}" psql --user="${DB_USERNAME}" --host="${DB_HOST}" --port="${DOCKER_DB_HOST_PORT}" "${DB_DATABASE}" >/dev/null; do - staggered-sleep - done - ;; - - sqlsrv) - log-warning "Don't know how to check if SQLServer is *truely* ready or not - so will just check if we're able to connect to it" - - # shellcheck disable=SC2154 - while ! timeout 1 bash -c "cat < /dev/null > /dev/tcp/${DB_HOST}/${DB_PORT}"; do - staggered-sleep - done - ;; - - sqlite) - log-info "${success_message_color}sqlite is always ready${color_clear}" - ;; - - *) - log-error-and-exit "Unknown database type: [${DB_CONNECTION:-}]" - ;; - esac - - log-info "${success_message_color}✅ Successfully connected to database${color_clear}" -} - -# @description sleeps between 1 and 3 seconds to ensure a bit of randomness -# in multiple scripts/containers doing work almost at the same time. -function staggered-sleep() -{ - sleep "$(get-random-number-between 1 3)" -} - -# @description Helper function to get a random number between $1 and $2 -# @arg $1 int Minimum number in the range (inclusive) -# @arg $2 int Maximum number in the range (inclusive) -function get-random-number-between() -{ - local -i from=${1:-1} - local -i to="${2:-10}" - - shuf -i "${from}-${to}" -n 1 -} - -# @description Helper function to show the bask call stack when something -# goes wrong. Is super useful when needing to debug an issue -function show-call-stack() -{ - local stack_size=${#FUNCNAME[@]} - local func - local lineno - local src - - # to avoid noise we start with 1 to skip the get_stack function - for ((i = 1; i < stack_size; i++)); do - func="${FUNCNAME[$i]}" - [ -z "$func" ] && func="MAIN" - - lineno="${BASH_LINENO[$((i - 1))]}" - src="${BASH_SOURCE[$i]}" - [ -z "$src" ] && src="non_file_source" - - log-error " at: ${func} ${src}:${lineno}" - done -} - -# @description Helper function see if $1 could be considered truthy -# returns [0] if input is truthy, otherwise [1] -# @arg $1 string The string to evaluate -# @see as-boolean -function is-true() -{ - as-boolean "${1:-}" && return 0 - - return 1 -} - -# @description Helper function see if $1 could be considered falsey -# returns [0] if input is falsey, otherwise [1] -# @arg $1 string The string to evaluate -# @see as-boolean -function is-false() -{ - as-boolean "${1:-}" && return 1 - - return 0 -} - -# @description Helper function see if $1 could be truethy or falsey. -# since this is a bash context, returning 0 is true and 1 is false -# so it works with [if is-false $input; then .... fi] -# -# This is a bit confusing, *especially* in a PHP world where [1] would be truthy and -# [0] would be falsely as return values -# @arg $1 string The string to evaluate -function as-boolean() -{ - local input="${1:-}" - local var="${input,,}" # convert input to lower-case - - case "$var" in - 1 | true) - return 0 - ;; - - 0 | false) - return 1 - ;; - - *) - log-warning "[as-boolean] variable [${var}] could not be detected as true or false, returning [1] (false) as default" - - return 1 - ;; - - esac -} diff --git a/docker/shared/root/docker/install/base.sh b/docker/shared/root/docker/install/base.sh deleted file mode 100755 index b1fa02a0f..000000000 --- a/docker/shared/root/docker/install/base.sh +++ /dev/null @@ -1,62 +0,0 @@ -#!/bin/bash -set -ex -o errexit -o nounset -o pipefail - -# Ensure we keep apt cache around in a Docker environment -rm -f /etc/apt/apt.conf.d/docker-clean -echo 'Binary::apt::APT::Keep-Downloaded-Packages "true";' > /etc/apt/apt.conf.d/keep-cache - -# Don't install recommended packages by default -echo 'APT::Install-Recommends "false";' >> /etc/apt/apt.conf - -# Don't install suggested packages by default -echo 'APT::Install-Suggests "false";' >> /etc/apt/apt.conf - -declare -a packages=() - -# Standard packages -packages+=( - apt-utils - bzip2 - ca-certificates - curl - git - gnupg1 - gosu - locales - locales-all - moreutils - nano - procps - software-properties-common - unzip - wget - zip -) - -# Image Optimization -packages+=( - gifsicle - jpegoptim - optipng - pngquant -) - -# Video Processing -packages+=( - ffmpeg -) - -# Database -packages+=( - mariadb-client - postgresql-client -) - -readarray -d ' ' -t -O "${#packages[@]}" packages < <(echo -n "${APT_PACKAGES_EXTRA:-}") - -apt-get update -apt-get upgrade -y -apt-get install -y "${packages[@]}" - -locale-gen -update-locale diff --git a/docker/shared/root/docker/install/php-extensions.sh b/docker/shared/root/docker/install/php-extensions.sh deleted file mode 100755 index 222f2374d..000000000 --- a/docker/shared/root/docker/install/php-extensions.sh +++ /dev/null @@ -1,27 +0,0 @@ -#!/bin/bash -set -ex -o errexit -o nounset -o pipefail - -declare -a pecl_extensions=() - -readarray -d ' ' -t pecl_extensions < <(echo -n "${PHP_PECL_EXTENSIONS:-}") -readarray -d ' ' -t -O "${#pecl_extensions[@]}" pecl_extensions < <(echo -n "${PHP_PECL_EXTENSIONS_EXTRA:-}") - -declare -a php_extensions=() -readarray -d ' ' -t php_extensions < <(echo -n "${PHP_EXTENSIONS:-}") -readarray -d ' ' -t -O "${#php_extensions[@]}" php_extensions < <(echo -n "${PHP_EXTENSIONS_EXTRA:-}") -readarray -d ' ' -t -O "${#php_extensions[@]}" php_extensions < <(echo -n "${PHP_EXTENSIONS_DATABASE:-}") - -# Optional script folks can copy into their image to do any [docker-php-ext-configure] work before the [docker-php-ext-install] -# this can also overwirte the [gd] configure above by simply running it again -declare -r custom_pre_configure_script="" -if [[ -e "${custom_pre_configure_script}" ]]; then - if [ ! -x "${custom_pre_configure_script}" ]; then - echo >&2 "ERROR: found ${custom_pre_configure_script} but its not executable - please [chmod +x] the file!" - exit 1 - fi - - "${custom_pre_configure_script}" -fi - -# PECL + PHP extensions -IPE_KEEP_SYSPKG_CACHE=1 install-php-extensions "${pecl_extensions[@]}" "${php_extensions[@]}" diff --git a/docker/shared/root/docker/templates/shared/proxy/conf.d/docker-pixelfed.conf b/docker/shared/root/docker/templates/shared/proxy/conf.d/docker-pixelfed.conf deleted file mode 100644 index 0b221e604..000000000 --- a/docker/shared/root/docker/templates/shared/proxy/conf.d/docker-pixelfed.conf +++ /dev/null @@ -1,16 +0,0 @@ -########################################################### -# DO NOT CHANGE -########################################################### -# This file is generated by the Pixelfed Docker setup, and -# will be rewritten on every container start -# -# You can put any [.conf] file in this directory -# (docker-compose-state/config/proxy/conf.d) and it will -# be loaded by nginx on startup. -# -# Run [docker compose exec proxy bash -c 'nginx -t && nginx -s reload'] -# to test your config and reload the proxy -# -# See: https://github.com/nginx-proxy/nginx-proxy/blob/main/docs/README.md#custom-nginx-configuration - -client_max_body_size {{ getenv "POST_MAX_SIZE" "61M" }}; diff --git a/docker/shared/root/docker/templates/usr/local/etc/php/php.ini b/docker/shared/root/docker/templates/usr/local/etc/php/php.ini deleted file mode 100644 index 130166e80..000000000 --- a/docker/shared/root/docker/templates/usr/local/etc/php/php.ini +++ /dev/null @@ -1,1917 +0,0 @@ -[PHP] - -;;;;;;;;;;;;;;;;;;; -; About php.ini ; -;;;;;;;;;;;;;;;;;;; -; PHP's initialization file, generally called php.ini, is responsible for -; configuring many of the aspects of PHP's behavior. - -; PHP attempts to find and load this configuration from a number of locations. -; The following is a summary of its search order: -; 1. SAPI module specific location. -; 2. The PHPRC environment variable. (As of PHP 5.2.0) -; 3. A number of predefined registry keys on Windows (As of PHP 5.2.0) -; 4. Current working directory (except CLI) -; 5. The web server's directory (for SAPI modules), or directory of PHP -; (otherwise in Windows) -; 6. The directory from the --with-config-file-path compile time option, or the -; Windows directory (usually C:\windows) -; See the PHP docs for more specific information. -; http://php.net/configuration.file - -; The syntax of the file is extremely simple. Whitespace and lines -; beginning with a semicolon are silently ignored (as you probably guessed). -; Section headers (e.g. [Foo]) are also silently ignored, even though -; they might mean something in the future. - -; Directives following the section heading [PATH=/www/mysite] only -; apply to PHP files in the /www/mysite directory. Directives -; following the section heading [HOST=www.example.com] only apply to -; PHP files served from www.example.com. Directives set in these -; special sections cannot be overridden by user-defined INI files or -; at runtime. Currently, [PATH=] and [HOST=] sections only work under -; CGI/FastCGI. -; http://php.net/ini.sections - -; Directives are specified using the following syntax: -; directive = value -; Directive names are *case sensitive* - foo=bar is different from FOO=bar. -; Directives are variables used to configure PHP or PHP extensions. -; There is no name validation. If PHP can't find an expected -; directive because it is not set or is mistyped, a default value will be used. - -; The value can be a string, a number, a PHP constant (e.g. E_ALL or M_PI), one -; of the INI constants (On, Off, True, False, Yes, No and None) or an expression -; (e.g. E_ALL & ~E_NOTICE), a quoted string ("bar"), or a reference to a -; previously set variable or directive (e.g. ${foo}) - -; Expressions in the INI file are limited to bitwise operators and parentheses: -; | bitwise OR -; ^ bitwise XOR -; & bitwise AND -; ~ bitwise NOT -; ! boolean NOT - -; Boolean flags can be turned on using the values 1, On, True or Yes. -; They can be turned off using the values 0, Off, False or No. - -; An empty string can be denoted by simply not writing anything after the equal -; sign, or by using the None keyword: - -; foo = ; sets foo to an empty string -; foo = None ; sets foo to an empty string -; foo = "None" ; sets foo to the string 'None' - -; If you use constants in your value, and these constants belong to a -; dynamically loaded extension (either a PHP extension or a Zend extension), -; you may only use these constants *after* the line that loads the extension. - -;;;;;;;;;;;;;;;;;;; -; About this file ; -;;;;;;;;;;;;;;;;;;; -; PHP comes packaged with two INI files. One that is recommended to be used -; in production environments and one that is recommended to be used in -; development environments. - -; php.ini-production contains settings which hold security, performance and -; best practices at its core. But please be aware, these settings may break -; compatibility with older or less security conscience applications. We -; recommending using the production ini in production and testing environments. - -; php.ini-development is very similar to its production variant, except it is -; much more verbose when it comes to errors. We recommend using the -; development version only in development environments, as errors shown to -; application users can inadvertently leak otherwise secure information. - -; This is the php.ini-production INI file. - -;;;;;;;;;;;;;;;;;;; -; Quick Reference ; -;;;;;;;;;;;;;;;;;;; -; The following are all the settings which are different in either the production -; or development versions of the INIs with respect to PHP's default behavior. -; Please see the actual settings later in the document for more details as to why -; we recommend these changes in PHP's behavior. - -; display_errors -; Default Value: On -; Development Value: On -; Production Value: Off - -; display_startup_errors -; Default Value: On -; Development Value: On -; Production Value: Off - -; error_reporting -; Default Value: E_ALL -; Development Value: E_ALL -; Production Value: E_ALL & ~E_DEPRECATED & ~E_STRICT - -; log_errors -; Default Value: Off -; Development Value: On -; Production Value: On - -; max_input_time -; Default Value: -1 (Unlimited) -; Development Value: 60 (60 seconds) -; Production Value: 60 (60 seconds) - -; output_buffering -; Default Value: Off -; Development Value: 4096 -; Production Value: 4096 - -; register_argc_argv -; Default Value: On -; Development Value: Off -; Production Value: Off - -; request_order -; Default Value: None -; Development Value: "GP" -; Production Value: "GP" - -; session.gc_divisor -; Default Value: 100 -; Development Value: 1000 -; Production Value: 1000 - -; session.sid_bits_per_character -; Default Value: 4 -; Development Value: 5 -; Production Value: 5 - -; short_open_tag -; Default Value: On -; Development Value: Off -; Production Value: Off - -; variables_order -; Default Value: "EGPCS" -; Development Value: "GPCS" -; Production Value: "GPCS" - -;;;;;;;;;;;;;;;;;;;; -; php.ini Options ; -;;;;;;;;;;;;;;;;;;;; -; Name for user-defined php.ini (.htaccess) files. Default is ".user.ini" -;user_ini.filename = ".user.ini" - -; To disable this feature set this option to an empty value -;user_ini.filename = - -; TTL for user-defined php.ini files (time-to-live) in seconds. Default is 300 seconds (5 minutes) -;user_ini.cache_ttl = 300 - -;;;;;;;;;;;;;;;;;;;; -; Language Options ; -;;;;;;;;;;;;;;;;;;;; - -; Enable the PHP scripting language engine under Apache. -; http://php.net/engine -engine = On - -; This directive determines whether or not PHP will recognize code between -; tags as PHP source which should be processed as such. It is -; generally recommended that should be used and that this feature -; should be disabled, as enabling it may result in issues when generating XML -; documents, however this remains supported for backward compatibility reasons. -; Note that this directive does not control the would work. -; http://php.net/syntax-highlighting -;highlight.string = #DD0000 -;highlight.comment = #FF9900 -;highlight.keyword = #007700 -;highlight.default = #0000BB -;highlight.html = #000000 - -; If enabled, the request will be allowed to complete even if the user aborts -; the request. Consider enabling it if executing long requests, which may end up -; being interrupted by the user or a browser timing out. PHP's default behavior -; is to disable this feature. -; http://php.net/ignore-user-abort -;ignore_user_abort = On - -; Determines the size of the realpath cache to be used by PHP. This value should -; be increased on systems where PHP opens many files to reflect the quantity of -; the file operations performed. -; Note: if open_basedir is set, the cache is disabled -; http://php.net/realpath-cache-size -;realpath_cache_size = 4096k - -; Duration of time, in seconds for which to cache realpath information for a given -; file or directory. For systems with rarely changing files, consider increasing this -; value. -; http://php.net/realpath-cache-ttl -;realpath_cache_ttl = 120 - -; Enables or disables the circular reference collector. -; http://php.net/zend.enable-gc -zend.enable_gc = On - -; If enabled, scripts may be written in encodings that are incompatible with -; the scanner. CP936, Big5, CP949 and Shift_JIS are the examples of such -; encodings. To use this feature, mbstring extension must be enabled. -; Default: Off -;zend.multibyte = Off - -; Allows to set the default encoding for the scripts. This value will be used -; unless "declare(encoding=...)" directive appears at the top of the script. -; Only affects if zend.multibyte is set. -; Default: "" -;zend.script_encoding = - -; Allows to include or exclude arguments from stack traces generated for exceptions -; Default: Off -; In production, it is recommended to turn this setting on to prohibit the output -; of sensitive information in stack traces -zend.exception_ignore_args = On - -;;;;;;;;;;;;;;;;; -; Miscellaneous ; -;;;;;;;;;;;;;;;;; - -; Decides whether PHP may expose the fact that it is installed on the server -; (e.g. by adding its signature to the Web server header). It is no security -; threat in any way, but it makes it possible to determine whether you use PHP -; on your server or not. -; http://php.net/expose-php -expose_php = Off - -;;;;;;;;;;;;;;;;;;; -; Resource Limits ; -;;;;;;;;;;;;;;;;;;; - -; Maximum execution time of each script, in seconds -; http://php.net/max-execution-time -; Note: This directive is hardcoded to 0 for the CLI SAPI -max_execution_time = 600 - -; Maximum amount of time each script may spend parsing request data. It's a good -; idea to limit this time on productions servers in order to eliminate unexpectedly -; long running scripts. -; Note: This directive is hardcoded to -1 for the CLI SAPI -; Default Value: -1 (Unlimited) -; Development Value: 60 (60 seconds) -; Production Value: 60 (60 seconds) -; http://php.net/max-input-time -max_input_time = 60 - -; Maximum input variable nesting level -; http://php.net/max-input-nesting-level -;max_input_nesting_level = 64 - -; How many GET/POST/COOKIE input variables may be accepted -;max_input_vars = 1000 - -; Maximum amount of memory a script may consume (128MB) -; http://php.net/memory-limit -memory_limit = {{ getenv "DOCKER_APP_PHP_MEMORY_LIMIT" "128M" }} - -;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; -; Error handling and logging ; -;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; - -; This directive informs PHP of which errors, warnings and notices you would like -; it to take action for. The recommended way of setting values for this -; directive is through the use of the error level constants and bitwise -; operators. The error level constants are below here for convenience as well as -; some common settings and their meanings. -; By default, PHP is set to take action on all errors, notices and warnings EXCEPT -; those related to E_NOTICE and E_STRICT, which together cover best practices and -; recommended coding standards in PHP. For performance reasons, this is the -; recommend error reporting setting. Your production server shouldn't be wasting -; resources complaining about best practices and coding standards. That's what -; development servers and development settings are for. -; Note: The php.ini-development file has this setting as E_ALL. This -; means it pretty much reports everything which is exactly what you want during -; development and early testing. -; -; Error Level Constants: -; E_ALL - All errors and warnings (includes E_STRICT as of PHP 5.4.0) -; E_ERROR - fatal run-time errors -; E_RECOVERABLE_ERROR - almost fatal run-time errors -; E_WARNING - run-time warnings (non-fatal errors) -; E_PARSE - compile-time parse errors -; E_NOTICE - run-time notices (these are warnings which often result -; from a bug in your code, but it's possible that it was -; intentional (e.g., using an uninitialized variable and -; relying on the fact it is automatically initialized to an -; empty string) -; E_STRICT - run-time notices, enable to have PHP suggest changes -; to your code which will ensure the best interoperability -; and forward compatibility of your code -; E_CORE_ERROR - fatal errors that occur during PHP's initial startup -; E_CORE_WARNING - warnings (non-fatal errors) that occur during PHP's -; initial startup -; E_COMPILE_ERROR - fatal compile-time errors -; E_COMPILE_WARNING - compile-time warnings (non-fatal errors) -; E_USER_ERROR - user-generated error message -; E_USER_WARNING - user-generated warning message -; E_USER_NOTICE - user-generated notice message -; E_DEPRECATED - warn about code that will not work in future versions -; of PHP -; E_USER_DEPRECATED - user-generated deprecation warnings -; -; Common Values: -; E_ALL (Show all errors, warnings and notices including coding standards.) -; E_ALL & ~E_NOTICE (Show all errors, except for notices) -; E_ALL & ~E_NOTICE & ~E_STRICT (Show all errors, except for notices and coding standards warnings.) -; E_COMPILE_ERROR|E_RECOVERABLE_ERROR|E_ERROR|E_CORE_ERROR (Show only errors) -; Default Value: E_ALL -; Development Value: E_ALL -; Production Value: E_ALL & ~E_DEPRECATED & ~E_STRICT -; http://php.net/error-reporting -error_reporting = {{ getenv "DOCKER_APP_PHP_ERROR_REPORTING" "E_ALL & ~E_DEPRECATED & ~E_STRICT" }} - -; This directive controls whether or not and where PHP will output errors, -; notices and warnings too. Error output is very useful during development, but -; it could be very dangerous in production environments. Depending on the code -; which is triggering the error, sensitive information could potentially leak -; out of your application such as database usernames and passwords or worse. -; For production environments, we recommend logging errors rather than -; sending them to STDOUT. -; Possible Values: -; Off = Do not display any errors -; stderr = Display errors to STDERR (affects only CGI/CLI binaries!) -; On or stdout = Display errors to STDOUT -; Default Value: On -; Development Value: On -; Production Value: Off -; http://php.net/display-errors -display_errors = {{ getenv "DOCKER_APP_PHP_DISPLAY_ERRORS" "off" }} - -; The display of errors which occur during PHP's startup sequence are handled -; separately from display_errors. We strongly recommend you set this to 'off' -; for production servers to avoid leaking configuration details. -; Default Value: On -; Development Value: On -; Production Value: Off -; http://php.net/display-startup-errors -display_startup_errors = {{ getenv "DOCKER_APP_PHP_DISPLAY_ERRORS" "off" }} - -; Besides displaying errors, PHP can also log errors to locations such as a -; server-specific log, STDERR, or a location specified by the error_log -; directive found below. While errors should not be displayed on productions -; servers they should still be monitored and logging is a great way to do that. -; Default Value: Off -; Development Value: On -; Production Value: On -; http://php.net/log-errors -log_errors = On - -; Set maximum length of log_errors. In error_log information about the source is -; added. The default is 1024 and 0 allows to not apply any maximum length at all. -; http://php.net/log-errors-max-len -log_errors_max_len = 1024 - -; Do not log repeated messages. Repeated errors must occur in same file on same -; line unless ignore_repeated_source is set true. -; http://php.net/ignore-repeated-errors -ignore_repeated_errors = Off - -; Ignore source of message when ignoring repeated messages. When this setting -; is On you will not log errors with repeated messages from different files or -; source lines. -; http://php.net/ignore-repeated-source -ignore_repeated_source = Off - -; If this parameter is set to Off, then memory leaks will not be shown (on -; stdout or in the log). This is only effective in a debug compile, and if -; error reporting includes E_WARNING in the allowed list -; http://php.net/report-memleaks -report_memleaks = On - -; This setting is on by default. -;report_zend_debug = 0 - -; Turn off normal error reporting and emit XML-RPC error XML -; http://php.net/xmlrpc-errors -;xmlrpc_errors = 0 - -; An XML-RPC faultCode -;xmlrpc_error_number = 0 - -; When PHP displays or logs an error, it has the capability of formatting the -; error message as HTML for easier reading. This directive controls whether -; the error message is formatted as HTML or not. -; Note: This directive is hardcoded to Off for the CLI SAPI -; http://php.net/html-errors -;html_errors = On - -; If html_errors is set to On *and* docref_root is not empty, then PHP -; produces clickable error messages that direct to a page describing the error -; or function causing the error in detail. -; You can download a copy of the PHP manual from http://php.net/docs -; and change docref_root to the base URL of your local copy including the -; leading '/'. You must also specify the file extension being used including -; the dot. PHP's default behavior is to leave these settings empty, in which -; case no links to documentation are generated. -; Note: Never use this feature for production boxes. -; http://php.net/docref-root -; Examples -;docref_root = "/phpmanual/" - -; http://php.net/docref-ext -;docref_ext = .html - -; String to output before an error message. PHP's default behavior is to leave -; this setting blank. -; http://php.net/error-prepend-string -; Example: -;error_prepend_string = "" - -; String to output after an error message. PHP's default behavior is to leave -; this setting blank. -; http://php.net/error-append-string -; Example: -;error_append_string = "" - -; Log errors to specified file. PHP's default behavior is to leave this value -; empty. -; http://php.net/error-log -; -; NOTE: Write error log to stderr (/proc/self/fd/2 -> /dev/stderr) -error_log = /proc/self/fd/2 -; Log errors to syslog (Event Log on Windows). -;error_log = syslog - -; The syslog ident is a string which is prepended to every message logged -; to syslog. Only used when error_log is set to syslog. -;syslog.ident = php - -; The syslog facility is used to specify what type of program is logging -; the message. Only used when error_log is set to syslog. -;syslog.facility = user - -; Set this to disable filtering control characters (the default). -; Some loggers only accept NVT-ASCII, others accept anything that's not -; control characters. If your logger accepts everything, then no filtering -; is needed at all. -; Allowed values are: -; ascii (all printable ASCII characters and NL) -; no-ctrl (all characters except control characters) -; all (all characters) -; raw (like "all", but messages are not split at newlines) -; http://php.net/syslog.filter -;syslog.filter = ascii - -;windows.show_crt_warning -; Default value: 0 -; Development value: 0 -; Production value: 0 - -;;;;;;;;;;;;;;;;; -; Data Handling ; -;;;;;;;;;;;;;;;;; - -; The separator used in PHP generated URLs to separate arguments. -; PHP's default setting is "&". -; http://php.net/arg-separator.output -; Example: -;arg_separator.output = "&" - -; List of separator(s) used by PHP to parse input URLs into variables. -; PHP's default setting is "&". -; NOTE: Every character in this directive is considered as separator! -; http://php.net/arg-separator.input -; Example: -;arg_separator.input = ";&" - -; This directive determines which super global arrays are registered when PHP -; starts up. G,P,C,E & S are abbreviations for the following respective super -; globals: GET, POST, COOKIE, ENV and SERVER. There is a performance penalty -; paid for the registration of these arrays and because ENV is not as commonly -; used as the others, ENV is not recommended on productions servers. You -; can still get access to the environment variables through getenv() should you -; need to. -; Default Value: "EGPCS" -; Development Value: "GPCS" -; Production Value: "GPCS"; -; http://php.net/variables-order -variables_order = "GPCS" - -; This directive determines which super global data (G,P & C) should be -; registered into the super global array REQUEST. If so, it also determines -; the order in which that data is registered. The values for this directive -; are specified in the same manner as the variables_order directive, -; EXCEPT one. Leaving this value empty will cause PHP to use the value set -; in the variables_order directive. It does not mean it will leave the super -; globals array REQUEST empty. -; Default Value: None -; Development Value: "GP" -; Production Value: "GP" -; http://php.net/request-order -request_order = "GP" - -; This directive determines whether PHP registers $argv & $argc each time it -; runs. $argv contains an array of all the arguments passed to PHP when a script -; is invoked. $argc contains an integer representing the number of arguments -; that were passed when the script was invoked. These arrays are extremely -; useful when running scripts from the command line. When this directive is -; enabled, registering these variables consumes CPU cycles and memory each time -; a script is executed. For performance reasons, this feature should be disabled -; on production servers. -; Note: This directive is hardcoded to On for the CLI SAPI -; Default Value: On -; Development Value: Off -; Production Value: Off -; http://php.net/register-argc-argv -register_argc_argv = Off - -; When enabled, the ENV, REQUEST and SERVER variables are created when they're -; first used (Just In Time) instead of when the script starts. If these -; variables are not used within a script, having this directive on will result -; in a performance gain. The PHP directive register_argc_argv must be disabled -; for this directive to have any effect. -; http://php.net/auto-globals-jit -auto_globals_jit = On - -; Whether PHP will read the POST data. -; This option is enabled by default. -; Most likely, you won't want to disable this option globally. It causes $_POST -; and $_FILES to always be empty; the only way you will be able to read the -; POST data will be through the php://input stream wrapper. This can be useful -; to proxy requests or to process the POST data in a memory efficient fashion. -; http://php.net/enable-post-data-reading -;enable_post_data_reading = Off - -; Maximum size of POST data that PHP will accept. -; Its value may be 0 to disable the limit. It is ignored if POST data reading -; is disabled through enable_post_data_reading. -; http://php.net/post-max-size -post_max_size = {{ getenv "POST_MAX_SIZE" "61M" }} - -; Automatically add files before PHP document. -; http://php.net/auto-prepend-file -auto_prepend_file = - -; Automatically add files after PHP document. -; http://php.net/auto-append-file -auto_append_file = - -; By default, PHP will output a media type using the Content-Type header. To -; disable this, simply set it to be empty. -; -; PHP's built-in default media type is set to text/html. -; http://php.net/default-mimetype -default_mimetype = "text/html" - -; PHP's default character set is set to UTF-8. -; http://php.net/default-charset -default_charset = "UTF-8" - -; PHP internal character encoding is set to empty. -; If empty, default_charset is used. -; http://php.net/internal-encoding -;internal_encoding = - -; PHP input character encoding is set to empty. -; If empty, default_charset is used. -; http://php.net/input-encoding -;input_encoding = - -; PHP output character encoding is set to empty. -; If empty, default_charset is used. -; See also output_buffer. -; http://php.net/output-encoding -;output_encoding = - -;;;;;;;;;;;;;;;;;;;;;;;;; -; Paths and Directories ; -;;;;;;;;;;;;;;;;;;;;;;;;; - -; UNIX: "/path1:/path2" -;include_path = ".:/php/includes" -; -; Windows: "\path1;\path2" -;include_path = ".;c:\php\includes" -; -; PHP's default setting for include_path is ".;/path/to/php/pear" -; http://php.net/include-path - -; The root of the PHP pages, used only if nonempty. -; if PHP was not compiled with FORCE_REDIRECT, you SHOULD set doc_root -; if you are running php as a CGI under any web server (other than IIS) -; see documentation for security issues. The alternate is to use the -; cgi.force_redirect configuration below -; http://php.net/doc-root -doc_root = - -; The directory under which PHP opens the script using /~username used only -; if nonempty. -; http://php.net/user-dir -user_dir = - -; Directory in which the loadable extensions (modules) reside. -; http://php.net/extension-dir -;extension_dir = "./" -; On windows: -;extension_dir = "ext" - -; Directory where the temporary files should be placed. -; Defaults to the system default (see sys_get_temp_dir) -;sys_temp_dir = "/tmp" - -; Whether or not to enable the dl() function. The dl() function does NOT work -; properly in multithreaded servers, such as IIS or Zeus, and is automatically -; disabled on them. -; http://php.net/enable-dl -enable_dl = Off - -; cgi.force_redirect is necessary to provide security running PHP as a CGI under -; most web servers. Left undefined, PHP turns this on by default. You can -; turn it off here AT YOUR OWN RISK -; **You CAN safely turn this off for IIS, in fact, you MUST.** -; http://php.net/cgi.force-redirect -;cgi.force_redirect = 1 - -; if cgi.nph is enabled it will force cgi to always sent Status: 200 with -; every request. PHP's default behavior is to disable this feature. -;cgi.nph = 1 - -; if cgi.force_redirect is turned on, and you are not running under Apache or Netscape -; (iPlanet) web servers, you MAY need to set an environment variable name that PHP -; will look for to know it is OK to continue execution. Setting this variable MAY -; cause security issues, KNOW WHAT YOU ARE DOING FIRST. -; http://php.net/cgi.redirect-status-env -;cgi.redirect_status_env = - -; cgi.fix_pathinfo provides *real* PATH_INFO/PATH_TRANSLATED support for CGI. PHP's -; previous behaviour was to set PATH_TRANSLATED to SCRIPT_FILENAME, and to not grok -; what PATH_INFO is. For more information on PATH_INFO, see the cgi specs. Setting -; this to 1 will cause PHP CGI to fix its paths to conform to the spec. A setting -; of zero causes PHP to behave as before. Default is 1. You should fix your scripts -; to use SCRIPT_FILENAME rather than PATH_TRANSLATED. -; http://php.net/cgi.fix-pathinfo -;cgi.fix_pathinfo=1 - -; if cgi.discard_path is enabled, the PHP CGI binary can safely be placed outside -; of the web tree and people will not be able to circumvent .htaccess security. -;cgi.discard_path=1 - -; FastCGI under IIS supports the ability to impersonate -; security tokens of the calling client. This allows IIS to define the -; security context that the request runs under. mod_fastcgi under Apache -; does not currently support this feature (03/17/2002) -; Set to 1 if running under IIS. Default is zero. -; http://php.net/fastcgi.impersonate -;fastcgi.impersonate = 1 - -; Disable logging through FastCGI connection. PHP's default behavior is to enable -; this feature. -;fastcgi.logging = 0 - -; cgi.rfc2616_headers configuration option tells PHP what type of headers to -; use when sending HTTP response code. If set to 0, PHP sends Status: header that -; is supported by Apache. When this option is set to 1, PHP will send -; RFC2616 compliant header. -; Default is zero. -; http://php.net/cgi.rfc2616-headers -;cgi.rfc2616_headers = 0 - -; cgi.check_shebang_line controls whether CGI PHP checks for line starting with #! -; (shebang) at the top of the running script. This line might be needed if the -; script support running both as stand-alone script and via PHP CGI<. PHP in CGI -; mode skips this line and ignores its content if this directive is turned on. -; http://php.net/cgi.check-shebang-line -;cgi.check_shebang_line=1 - -;;;;;;;;;;;;;;;; -; File Uploads ; -;;;;;;;;;;;;;;;; - -; Whether to allow HTTP file uploads. -; http://php.net/file-uploads -file_uploads = On - -; Temporary directory for HTTP uploaded files (will use system default if not -; specified). -; http://php.net/upload-tmp-dir -;upload_tmp_dir = - -; Maximum allowed size for uploaded files. -; http://php.net/upload-max-filesize -upload_max_filesize = {{ getenv "POST_MAX_SIZE" "61M" }} - -; Maximum number of files that can be uploaded via a single request -max_file_uploads = {{ getenv "MAX_ALBUM_LENGTH" "4" }} - -;;;;;;;;;;;;;;;;;; -; Fopen wrappers ; -;;;;;;;;;;;;;;;;;; - -; Whether to allow the treatment of URLs (like http:// or ftp://) as files. -; http://php.net/allow-url-fopen -allow_url_fopen = On - -; Whether to allow include/require to open URLs (like http:// or ftp://) as files. -; http://php.net/allow-url-include -allow_url_include = Off - -; Define the anonymous ftp password (your email address). PHP's default setting -; for this is empty. -; http://php.net/from -;from="john@doe.com" - -; Define the User-Agent string. PHP's default setting for this is empty. -; http://php.net/user-agent -;user_agent="PHP" - -; Default timeout for socket based streams (seconds) -; http://php.net/default-socket-timeout -default_socket_timeout = 60 - -; If your scripts have to deal with files from Macintosh systems, -; or you are running on a Mac and need to deal with files from -; unix or win32 systems, setting this flag will cause PHP to -; automatically detect the EOL character in those files so that -; fgets() and file() will work regardless of the source of the file. -; http://php.net/auto-detect-line-endings -;auto_detect_line_endings = Off - -;;;;;;;;;;;;;;;;;;;;;; -; Dynamic Extensions ; -;;;;;;;;;;;;;;;;;;;;;; - -; If you wish to have an extension loaded automatically, use the following -; syntax: -; -; extension=modulename -; -; For example: -; -; extension=mysqli -; -; When the extension library to load is not located in the default extension -; directory, You may specify an absolute path to the library file: -; -; extension=/path/to/extension/mysqli.so -; -; Note : The syntax used in previous PHP versions ('extension=.so' and -; 'extension='php_.dll') is supported for legacy reasons and may be -; deprecated in a future PHP major version. So, when it is possible, please -; move to the new ('extension=) syntax. -; -; Notes for Windows environments : -; -; - Many DLL files are located in the extensions/ (PHP 4) or ext/ (PHP 5+) -; extension folders as well as the separate PECL DLL download (PHP 5+). -; Be sure to appropriately set the extension_dir directive. -; -;extension=bz2 -;extension=curl -;extension=ffi -;extension=ftp -;extension=fileinfo -;extension=gd2 -;extension=gettext -;extension=gmp -;extension=intl -;extension=imap -;extension=ldap -;extension=mbstring -;extension=exif ; Must be after mbstring as it depends on it -;extension=mysqli -;extension=oci8_12c ; Use with Oracle Database 12c Instant Client -;extension=odbc -;extension=openssl -;extension=pdo_firebird -;extension=pdo_mysql -;extension=pdo_oci -;extension=pdo_odbc -;extension=pdo_pgsql -;extension=pdo_sqlite -;extension=pgsql -;extension=shmop - -; The MIBS data available in the PHP distribution must be installed. -; See http://www.php.net/manual/en/snmp.installation.php -;extension=snmp - -;extension=soap -;extension=sockets -;extension=sodium -;extension=sqlite3 -;extension=tidy -;extension=xmlrpc -;extension=xsl - -;;;;;;;;;;;;;;;;;;; -; Module Settings ; -;;;;;;;;;;;;;;;;;;; - -[CLI Server] -; Whether the CLI web server uses ANSI color coding in its terminal output. -cli_server.color = On - -[Date] -; Defines the default timezone used by the date functions -; http://php.net/date.timezone -date.timezone = {{ getenv "TZ" "UTC" }} - -; http://php.net/date.default-latitude -;date.default_latitude = 31.7667 - -; http://php.net/date.default-longitude -;date.default_longitude = 35.2333 - -; http://php.net/date.sunrise-zenith -;date.sunrise_zenith = 90.833333 - -; http://php.net/date.sunset-zenith -;date.sunset_zenith = 90.833333 - -[filter] -; http://php.net/filter.default -;filter.default = unsafe_raw - -; http://php.net/filter.default-flags -;filter.default_flags = - -[iconv] -; Use of this INI entry is deprecated, use global input_encoding instead. -; If empty, default_charset or input_encoding or iconv.input_encoding is used. -; The precedence is: default_charset < input_encoding < iconv.input_encoding -;iconv.input_encoding = - -; Use of this INI entry is deprecated, use global internal_encoding instead. -; If empty, default_charset or internal_encoding or iconv.internal_encoding is used. -; The precedence is: default_charset < internal_encoding < iconv.internal_encoding -;iconv.internal_encoding = - -; Use of this INI entry is deprecated, use global output_encoding instead. -; If empty, default_charset or output_encoding or iconv.output_encoding is used. -; The precedence is: default_charset < output_encoding < iconv.output_encoding -; To use an output encoding conversion, iconv's output handler must be set -; otherwise output encoding conversion cannot be performed. -;iconv.output_encoding = - -[imap] -; rsh/ssh logins are disabled by default. Use this INI entry if you want to -; enable them. Note that the IMAP library does not filter mailbox names before -; passing them to rsh/ssh command, thus passing untrusted data to this function -; with rsh/ssh enabled is insecure. -;imap.enable_insecure_rsh=0 - -[intl] -;intl.default_locale = -; This directive allows you to produce PHP errors when some error -; happens within intl functions. The value is the level of the error produced. -; Default is 0, which does not produce any errors. -;intl.error_level = E_WARNING -;intl.use_exceptions = 0 - -[sqlite3] -; Directory pointing to SQLite3 extensions -; http://php.net/sqlite3.extension-dir -;sqlite3.extension_dir = - -; SQLite defensive mode flag (only available from SQLite 3.26+) -; When the defensive flag is enabled, language features that allow ordinary -; SQL to deliberately corrupt the database file are disabled. This forbids -; writing directly to the schema, shadow tables (eg. FTS data tables), or -; the sqlite_dbpage virtual table. -; https://www.sqlite.org/c3ref/c_dbconfig_defensive.html -; (for older SQLite versions, this flag has no use) -;sqlite3.defensive = 1 - -[Pcre] -; PCRE library backtracking limit. -; http://php.net/pcre.backtrack-limit -;pcre.backtrack_limit=100000 - -; PCRE library recursion limit. -; Please note that if you set this value to a high number you may consume all -; the available process stack and eventually crash PHP (due to reaching the -; stack size limit imposed by the Operating System). -; http://php.net/pcre.recursion-limit -;pcre.recursion_limit=100000 - -; Enables or disables JIT compilation of patterns. This requires the PCRE -; library to be compiled with JIT support. -;pcre.jit=1 - -[Pdo] -; Whether to pool ODBC connections. Can be one of "strict", "relaxed" or "off" -; http://php.net/pdo-odbc.connection-pooling -;pdo_odbc.connection_pooling=strict - -[Pdo_mysql] -; Default socket name for local MySQL connects. If empty, uses the built-in -; MySQL defaults. -pdo_mysql.default_socket= - -[Phar] -; http://php.net/phar.readonly -;phar.readonly = On - -; http://php.net/phar.require-hash -;phar.require_hash = On - -;phar.cache_list = - -[mail function] -; For Win32 only. -; http://php.net/smtp -SMTP = localhost -; http://php.net/smtp-port -smtp_port = 25 - -; For Win32 only. -; http://php.net/sendmail-from -;sendmail_from = me@example.com - -; For Unix only. You may supply arguments as well (default: "sendmail -t -i"). -; http://php.net/sendmail-path -;sendmail_path = - -; Force the addition of the specified parameters to be passed as extra parameters -; to the sendmail binary. These parameters will always replace the value of -; the 5th parameter to mail(). -;mail.force_extra_parameters = - -; Add X-PHP-Originating-Script: that will include uid of the script followed by the filename -mail.add_x_header = Off - -; The path to a log file that will log all mail() calls. Log entries include -; the full path of the script, line number, To address and headers. -;mail.log = -; Log mail to syslog (Event Log on Windows). -;mail.log = syslog - -[ODBC] -; http://php.net/odbc.default-db -;odbc.default_db = Not yet implemented - -; http://php.net/odbc.default-user -;odbc.default_user = Not yet implemented - -; http://php.net/odbc.default-pw -;odbc.default_pw = Not yet implemented - -; Controls the ODBC cursor model. -; Default: SQL_CURSOR_STATIC (default). -;odbc.default_cursortype - -; Allow or prevent persistent links. -; http://php.net/odbc.allow-persistent -odbc.allow_persistent = On - -; Check that a connection is still valid before reuse. -; http://php.net/odbc.check-persistent -odbc.check_persistent = On - -; Maximum number of persistent links. -1 means no limit. -; http://php.net/odbc.max-persistent -odbc.max_persistent = -1 - -; Maximum number of links (persistent + non-persistent). -1 means no limit. -; http://php.net/odbc.max-links -odbc.max_links = -1 - -; Handling of LONG fields. Returns number of bytes to variables. 0 means -; passthru. -; http://php.net/odbc.defaultlrl -odbc.defaultlrl = 4096 - -; Handling of binary data. 0 means passthru, 1 return as is, 2 convert to char. -; See the documentation on odbc_binmode and odbc_longreadlen for an explanation -; of odbc.defaultlrl and odbc.defaultbinmode -; http://php.net/odbc.defaultbinmode -odbc.defaultbinmode = 1 - -[MySQLi] - -; Maximum number of persistent links. -1 means no limit. -; http://php.net/mysqli.max-persistent -mysqli.max_persistent = -1 - -; Allow accessing, from PHP's perspective, local files with LOAD DATA statements -; http://php.net/mysqli.allow_local_infile -;mysqli.allow_local_infile = On - -; Allow or prevent persistent links. -; http://php.net/mysqli.allow-persistent -mysqli.allow_persistent = On - -; Maximum number of links. -1 means no limit. -; http://php.net/mysqli.max-links -mysqli.max_links = -1 - -; Default port number for mysqli_connect(). If unset, mysqli_connect() will use -; the $MYSQL_TCP_PORT or the mysql-tcp entry in /etc/services or the -; compile-time value defined MYSQL_PORT (in that order). Win32 will only look -; at MYSQL_PORT. -; http://php.net/mysqli.default-port -mysqli.default_port = 3306 - -; Default socket name for local MySQL connects. If empty, uses the built-in -; MySQL defaults. -; http://php.net/mysqli.default-socket -mysqli.default_socket = - -; Default host for mysqli_connect() (doesn't apply in safe mode). -; http://php.net/mysqli.default-host -mysqli.default_host = - -; Default user for mysqli_connect() (doesn't apply in safe mode). -; http://php.net/mysqli.default-user -mysqli.default_user = - -; Default password for mysqli_connect() (doesn't apply in safe mode). -; Note that this is generally a *bad* idea to store passwords in this file. -; *Any* user with PHP access can run 'echo get_cfg_var("mysqli.default_pw") -; and reveal this password! And of course, any users with read access to this -; file will be able to reveal the password as well. -; http://php.net/mysqli.default-pw -mysqli.default_pw = - -; Allow or prevent reconnect -mysqli.reconnect = Off - -[mysqlnd] -; Enable / Disable collection of general statistics by mysqlnd which can be -; used to tune and monitor MySQL operations. -mysqlnd.collect_statistics = On - -; Enable / Disable collection of memory usage statistics by mysqlnd which can be -; used to tune and monitor MySQL operations. -mysqlnd.collect_memory_statistics = Off - -; Records communication from all extensions using mysqlnd to the specified log -; file. -; http://php.net/mysqlnd.debug -;mysqlnd.debug = - -; Defines which queries will be logged. -;mysqlnd.log_mask = 0 - -; Default size of the mysqlnd memory pool, which is used by result sets. -;mysqlnd.mempool_default_size = 16000 - -; Size of a pre-allocated buffer used when sending commands to MySQL in bytes. -;mysqlnd.net_cmd_buffer_size = 2048 - -; Size of a pre-allocated buffer used for reading data sent by the server in -; bytes. -;mysqlnd.net_read_buffer_size = 32768 - -; Timeout for network requests in seconds. -;mysqlnd.net_read_timeout = 31536000 - -; SHA-256 Authentication Plugin related. File with the MySQL server public RSA -; key. -;mysqlnd.sha256_server_public_key = - -[OCI8] - -; Connection: Enables privileged connections using external -; credentials (OCI_SYSOPER, OCI_SYSDBA) -; http://php.net/oci8.privileged-connect -;oci8.privileged_connect = Off - -; Connection: The maximum number of persistent OCI8 connections per -; process. Using -1 means no limit. -; http://php.net/oci8.max-persistent -;oci8.max_persistent = -1 - -; Connection: The maximum number of seconds a process is allowed to -; maintain an idle persistent connection. Using -1 means idle -; persistent connections will be maintained forever. -; http://php.net/oci8.persistent-timeout -;oci8.persistent_timeout = -1 - -; Connection: The number of seconds that must pass before issuing a -; ping during oci_pconnect() to check the connection validity. When -; set to 0, each oci_pconnect() will cause a ping. Using -1 disables -; pings completely. -; http://php.net/oci8.ping-interval -;oci8.ping_interval = 60 - -; Connection: Set this to a user chosen connection class to be used -; for all pooled server requests with Oracle 11g Database Resident -; Connection Pooling (DRCP). To use DRCP, this value should be set to -; the same string for all web servers running the same application, -; the database pool must be configured, and the connection string must -; specify to use a pooled server. -;oci8.connection_class = - -; High Availability: Using On lets PHP receive Fast Application -; Notification (FAN) events generated when a database node fails. The -; database must also be configured to post FAN events. -;oci8.events = Off - -; Tuning: This option enables statement caching, and specifies how -; many statements to cache. Using 0 disables statement caching. -; http://php.net/oci8.statement-cache-size -;oci8.statement_cache_size = 20 - -; Tuning: Enables statement prefetching and sets the default number of -; rows that will be fetched automatically after statement execution. -; http://php.net/oci8.default-prefetch -;oci8.default_prefetch = 100 - -; Compatibility. Using On means oci_close() will not close -; oci_connect() and oci_new_connect() connections. -; http://php.net/oci8.old-oci-close-semantics -;oci8.old_oci_close_semantics = Off - -[PostgreSQL] -; Allow or prevent persistent links. -; http://php.net/pgsql.allow-persistent -pgsql.allow_persistent = On - -; Detect broken persistent links always with pg_pconnect(). -; Auto reset feature requires a little overheads. -; http://php.net/pgsql.auto-reset-persistent -pgsql.auto_reset_persistent = Off - -; Maximum number of persistent links. -1 means no limit. -; http://php.net/pgsql.max-persistent -pgsql.max_persistent = -1 - -; Maximum number of links (persistent+non persistent). -1 means no limit. -; http://php.net/pgsql.max-links -pgsql.max_links = -1 - -; Ignore PostgreSQL backends Notice message or not. -; Notice message logging require a little overheads. -; http://php.net/pgsql.ignore-notice -pgsql.ignore_notice = 0 - -; Log PostgreSQL backends Notice message or not. -; Unless pgsql.ignore_notice=0, module cannot log notice message. -; http://php.net/pgsql.log-notice -pgsql.log_notice = 0 - -[bcmath] -; Number of decimal digits for all bcmath functions. -; http://php.net/bcmath.scale -bcmath.scale = 0 - -[browscap] -; http://php.net/browscap -;browscap = extra/browscap.ini - -[Session] -; Handler used to store/retrieve data. -; http://php.net/session.save-handler -session.save_handler = files - -; Argument passed to save_handler. In the case of files, this is the path -; where data files are stored. Note: Windows users have to change this -; variable in order to use PHP's session functions. -; -; The path can be defined as: -; -; session.save_path = "N;/path" -; -; where N is an integer. Instead of storing all the session files in -; /path, what this will do is use subdirectories N-levels deep, and -; store the session data in those directories. This is useful if -; your OS has problems with many files in one directory, and is -; a more efficient layout for servers that handle many sessions. -; -; NOTE 1: PHP will not create this directory structure automatically. -; You can use the script in the ext/session dir for that purpose. -; NOTE 2: See the section on garbage collection below if you choose to -; use subdirectories for session storage -; -; The file storage module creates files using mode 600 by default. -; You can change that by using -; -; session.save_path = "N;MODE;/path" -; -; where MODE is the octal representation of the mode. Note that this -; does not overwrite the process's umask. -; http://php.net/session.save-path -;session.save_path = "/tmp" - -; Whether to use strict session mode. -; Strict session mode does not accept an uninitialized session ID, and -; regenerates the session ID if the browser sends an uninitialized session ID. -; Strict mode protects applications from session fixation via a session adoption -; vulnerability. It is disabled by default for maximum compatibility, but -; enabling it is encouraged. -; https://wiki.php.net/rfc/strict_sessions -session.use_strict_mode = 0 - -; Whether to use cookies. -; http://php.net/session.use-cookies -session.use_cookies = 1 - -; http://php.net/session.cookie-secure -;session.cookie_secure = - -; This option forces PHP to fetch and use a cookie for storing and maintaining -; the session id. We encourage this operation as it's very helpful in combating -; session hijacking when not specifying and managing your own session id. It is -; not the be-all and end-all of session hijacking defense, but it's a good start. -; http://php.net/session.use-only-cookies -session.use_only_cookies = 1 - -; Name of the session (used as cookie name). -; http://php.net/session.name -session.name = PHPSESSID - -; Initialize session on request startup. -; http://php.net/session.auto-start -session.auto_start = 0 - -; Lifetime in seconds of cookie or, if 0, until browser is restarted. -; http://php.net/session.cookie-lifetime -session.cookie_lifetime = 0 - -; The path for which the cookie is valid. -; http://php.net/session.cookie-path -session.cookie_path = / - -; The domain for which the cookie is valid. -; http://php.net/session.cookie-domain -session.cookie_domain = - -; Whether or not to add the httpOnly flag to the cookie, which makes it -; inaccessible to browser scripting languages such as JavaScript. -; http://php.net/session.cookie-httponly -session.cookie_httponly = - -; Add SameSite attribute to cookie to help mitigate Cross-Site Request Forgery (CSRF/XSRF) -; Current valid values are "Lax" or "Strict" -; https://tools.ietf.org/html/draft-west-first-party-cookies-07 -session.cookie_samesite = - -; Handler used to serialize data. php is the standard serializer of PHP. -; http://php.net/session.serialize-handler -session.serialize_handler = php - -; Defines the probability that the 'garbage collection' process is started on every -; session initialization. The probability is calculated by using gc_probability/gc_divisor, -; e.g. 1/100 means there is a 1% chance that the GC process starts on each request. -; Default Value: 1 -; Development Value: 1 -; Production Value: 1 -; http://php.net/session.gc-probability -session.gc_probability = 1 - -; Defines the probability that the 'garbage collection' process is started on every -; session initialization. The probability is calculated by using gc_probability/gc_divisor, -; e.g. 1/100 means there is a 1% chance that the GC process starts on each request. -; For high volume production servers, using a value of 1000 is a more efficient approach. -; Default Value: 100 -; Development Value: 1000 -; Production Value: 1000 -; http://php.net/session.gc-divisor -session.gc_divisor = 1000 - -; After this number of seconds, stored data will be seen as 'garbage' and -; cleaned up by the garbage collection process. -; http://php.net/session.gc-maxlifetime -session.gc_maxlifetime = 1440 - -; NOTE: If you are using the subdirectory option for storing session files -; (see session.save_path above), then garbage collection does *not* -; happen automatically. You will need to do your own garbage -; collection through a shell script, cron entry, or some other method. -; For example, the following script would is the equivalent of -; setting session.gc_maxlifetime to 1440 (1440 seconds = 24 minutes): -; find /path/to/sessions -cmin +24 -type f | xargs rm - -; Check HTTP Referer to invalidate externally stored URLs containing ids. -; HTTP_REFERER has to contain this substring for the session to be -; considered as valid. -; http://php.net/session.referer-check -session.referer_check = - -; Set to {nocache,private,public,} to determine HTTP caching aspects -; or leave this empty to avoid sending anti-caching headers. -; http://php.net/session.cache-limiter -session.cache_limiter = nocache - -; Document expires after n minutes. -; http://php.net/session.cache-expire -session.cache_expire = 180 - -; trans sid support is disabled by default. -; Use of trans sid may risk your users' security. -; Use this option with caution. -; - User may send URL contains active session ID -; to other person via. email/irc/etc. -; - URL that contains active session ID may be stored -; in publicly accessible computer. -; - User may access your site with the same session ID -; always using URL stored in browser's history or bookmarks. -; http://php.net/session.use-trans-sid -session.use_trans_sid = 0 - -; Set session ID character length. This value could be between 22 to 256. -; Shorter length than default is supported only for compatibility reason. -; Users should use 32 or more chars. -; http://php.net/session.sid-length -; Default Value: 32 -; Development Value: 26 -; Production Value: 26 -session.sid_length = 26 - -; The URL rewriter will look for URLs in a defined set of HTML tags. -;
is special; if you include them here, the rewriter will -; add a hidden field with the info which is otherwise appended -; to URLs. tag's action attribute URL will not be modified -; unless it is specified. -; Note that all valid entries require a "=", even if no value follows. -; Default Value: "a=href,area=href,frame=src,form=" -; Development Value: "a=href,area=href,frame=src,form=" -; Production Value: "a=href,area=href,frame=src,form=" -; http://php.net/url-rewriter.tags -session.trans_sid_tags = "a=href,area=href,frame=src,form=" - -; URL rewriter does not rewrite absolute URLs by default. -; To enable rewrites for absolute paths, target hosts must be specified -; at RUNTIME. i.e. use ini_set() -; tags is special. PHP will check action attribute's URL regardless -; of session.trans_sid_tags setting. -; If no host is defined, HTTP_HOST will be used for allowed host. -; Example value: php.net,www.php.net,wiki.php.net -; Use "," for multiple hosts. No spaces are allowed. -; Default Value: "" -; Development Value: "" -; Production Value: "" -;session.trans_sid_hosts="" - -; Define how many bits are stored in each character when converting -; the binary hash data to something readable. -; Possible values: -; 4 (4 bits: 0-9, a-f) -; 5 (5 bits: 0-9, a-v) -; 6 (6 bits: 0-9, a-z, A-Z, "-", ",") -; Default Value: 4 -; Development Value: 5 -; Production Value: 5 -; http://php.net/session.hash-bits-per-character -session.sid_bits_per_character = 5 - -; Enable upload progress tracking in $_SESSION -; Default Value: On -; Development Value: On -; Production Value: On -; http://php.net/session.upload-progress.enabled -;session.upload_progress.enabled = On - -; Cleanup the progress information as soon as all POST data has been read -; (i.e. upload completed). -; Default Value: On -; Development Value: On -; Production Value: On -; http://php.net/session.upload-progress.cleanup -;session.upload_progress.cleanup = On - -; A prefix used for the upload progress key in $_SESSION -; Default Value: "upload_progress_" -; Development Value: "upload_progress_" -; Production Value: "upload_progress_" -; http://php.net/session.upload-progress.prefix -;session.upload_progress.prefix = "upload_progress_" - -; The index name (concatenated with the prefix) in $_SESSION -; containing the upload progress information -; Default Value: "PHP_SESSION_UPLOAD_PROGRESS" -; Development Value: "PHP_SESSION_UPLOAD_PROGRESS" -; Production Value: "PHP_SESSION_UPLOAD_PROGRESS" -; http://php.net/session.upload-progress.name -;session.upload_progress.name = "PHP_SESSION_UPLOAD_PROGRESS" - -; How frequently the upload progress should be updated. -; Given either in percentages (per-file), or in bytes -; Default Value: "1%" -; Development Value: "1%" -; Production Value: "1%" -; http://php.net/session.upload-progress.freq -;session.upload_progress.freq = "1%" - -; The minimum delay between updates, in seconds -; Default Value: 1 -; Development Value: 1 -; Production Value: 1 -; http://php.net/session.upload-progress.min-freq -;session.upload_progress.min_freq = "1" - -; Only write session data when session data is changed. Enabled by default. -; http://php.net/session.lazy-write -;session.lazy_write = On - -[Assertion] -; Switch whether to compile assertions at all (to have no overhead at run-time) -; -1: Do not compile at all -; 0: Jump over assertion at run-time -; 1: Execute assertions -; Changing from or to a negative value is only possible in php.ini! (For turning assertions on and off at run-time, see assert.active, when zend.assertions = 1) -; Default Value: 1 -; Development Value: 1 -; Production Value: -1 -; http://php.net/zend.assertions -zend.assertions = -1 - -; Assert(expr); active by default. -; http://php.net/assert.active -;assert.active = On - -; Throw an AssertionError on failed assertions -; http://php.net/assert.exception -;assert.exception = On - -; Issue a PHP warning for each failed assertion. (Overridden by assert.exception if active) -; http://php.net/assert.warning -;assert.warning = On - -; Don't bail out by default. -; http://php.net/assert.bail -;assert.bail = Off - -; User-function to be called if an assertion fails. -; http://php.net/assert.callback -;assert.callback = 0 - -[COM] -; path to a file containing GUIDs, IIDs or filenames of files with TypeLibs -; http://php.net/com.typelib-file -;com.typelib_file = - -; allow Distributed-COM calls -; http://php.net/com.allow-dcom -;com.allow_dcom = true - -; autoregister constants of a component's typlib on com_load() -; http://php.net/com.autoregister-typelib -;com.autoregister_typelib = true - -; register constants casesensitive -; http://php.net/com.autoregister-casesensitive -;com.autoregister_casesensitive = false - -; show warnings on duplicate constant registrations -; http://php.net/com.autoregister-verbose -;com.autoregister_verbose = true - -; The default character set code-page to use when passing strings to and from COM objects. -; Default: system ANSI code page -;com.code_page= - -[mbstring] -; language for internal character representation. -; This affects mb_send_mail() and mbstring.detect_order. -; http://php.net/mbstring.language -;mbstring.language = Japanese - -; Use of this INI entry is deprecated, use global internal_encoding instead. -; internal/script encoding. -; Some encoding cannot work as internal encoding. (e.g. SJIS, BIG5, ISO-2022-*) -; If empty, default_charset or internal_encoding or iconv.internal_encoding is used. -; The precedence is: default_charset < internal_encoding < iconv.internal_encoding -;mbstring.internal_encoding = - -; Use of this INI entry is deprecated, use global input_encoding instead. -; http input encoding. -; mbstring.encoding_translation = On is needed to use this setting. -; If empty, default_charset or input_encoding or mbstring.input is used. -; The precedence is: default_charset < input_encoding < mbsting.http_input -; http://php.net/mbstring.http-input -;mbstring.http_input = - -; Use of this INI entry is deprecated, use global output_encoding instead. -; http output encoding. -; mb_output_handler must be registered as output buffer to function. -; If empty, default_charset or output_encoding or mbstring.http_output is used. -; The precedence is: default_charset < output_encoding < mbstring.http_output -; To use an output encoding conversion, mbstring's output handler must be set -; otherwise output encoding conversion cannot be performed. -; http://php.net/mbstring.http-output -;mbstring.http_output = - -; enable automatic encoding translation according to -; mbstring.internal_encoding setting. Input chars are -; converted to internal encoding by setting this to On. -; Note: Do _not_ use automatic encoding translation for -; portable libs/applications. -; http://php.net/mbstring.encoding-translation -;mbstring.encoding_translation = Off - -; automatic encoding detection order. -; "auto" detect order is changed according to mbstring.language -; http://php.net/mbstring.detect-order -;mbstring.detect_order = auto - -; substitute_character used when character cannot be converted -; one from another -; http://php.net/mbstring.substitute-character -;mbstring.substitute_character = none - -; enable strict encoding detection. -; Default: Off -;mbstring.strict_detection = On - -; This directive specifies the regex pattern of content types for which mb_output_handler() -; is activated. -; Default: mbstring.http_output_conv_mimetype=^(text/|application/xhtml\+xml) -;mbstring.http_output_conv_mimetype= - -; This directive specifies maximum stack depth for mbstring regular expressions. It is similar -; to the pcre.recursion_limit for PCRE. -; Default: 100000 -;mbstring.regex_stack_limit=100000 - -; This directive specifies maximum retry count for mbstring regular expressions. It is similar -; to the pcre.backtrack_limit for PCRE. -; Default: 1000000 -;mbstring.regex_retry_limit=1000000 - -[gd] -; Tell the jpeg decode to ignore warnings and try to create -; a gd image. The warning will then be displayed as notices -; disabled by default -; http://php.net/gd.jpeg-ignore-warning -;gd.jpeg_ignore_warning = 1 - -[exif] -; Exif UNICODE user comments are handled as UCS-2BE/UCS-2LE and JIS as JIS. -; With mbstring support this will automatically be converted into the encoding -; given by corresponding encode setting. When empty mbstring.internal_encoding -; is used. For the decode settings you can distinguish between motorola and -; intel byte order. A decode setting cannot be empty. -; http://php.net/exif.encode-unicode -;exif.encode_unicode = ISO-8859-15 - -; http://php.net/exif.decode-unicode-motorola -;exif.decode_unicode_motorola = UCS-2BE - -; http://php.net/exif.decode-unicode-intel -;exif.decode_unicode_intel = UCS-2LE - -; http://php.net/exif.encode-jis -;exif.encode_jis = - -; http://php.net/exif.decode-jis-motorola -;exif.decode_jis_motorola = JIS - -; http://php.net/exif.decode-jis-intel -;exif.decode_jis_intel = JIS - -[Tidy] -; The path to a default tidy configuration file to use when using tidy -; http://php.net/tidy.default-config -;tidy.default_config = /usr/local/lib/php/default.tcfg - -; Should tidy clean and repair output automatically? -; WARNING: Do not use this option if you are generating non-html content -; such as dynamic images -; http://php.net/tidy.clean-output -tidy.clean_output = Off - -[soap] -; Enables or disables WSDL caching feature. -; http://php.net/soap.wsdl-cache-enabled -soap.wsdl_cache_enabled=1 - -; Sets the directory name where SOAP extension will put cache files. -; http://php.net/soap.wsdl-cache-dir -soap.wsdl_cache_dir="/tmp" - -; (time to live) Sets the number of second while cached file will be used -; instead of original one. -; http://php.net/soap.wsdl-cache-ttl -soap.wsdl_cache_ttl=86400 - -; Sets the size of the cache limit. (Max. number of WSDL files to cache) -soap.wsdl_cache_limit = 5 - -[sysvshm] -; A default size of the shared memory segment -;sysvshm.init_mem = 10000 - -[ldap] -; Sets the maximum number of open links or -1 for unlimited. -ldap.max_links = -1 - -[dba] -;dba.default_handler= - -[opcache] -; Determines if Zend OPCache is enabled -opcache.enable={{ getenv "DOCKER_APP_PHP_OPCACHE_ENABLE" "1" }} - -; Determines if Zend OPCache is enabled for the CLI version of PHP -;opcache.enable_cli=0 - -; The OPcache shared memory storage size. -;opcache.memory_consumption=128 - -; The amount of memory for interned strings in Mbytes. -;opcache.interned_strings_buffer=8 - -; The maximum number of keys (scripts) in the OPcache hash table. -; Only numbers between 200 and 1000000 are allowed. -;opcache.max_accelerated_files=10000 - -; The maximum percentage of "wasted" memory until a restart is scheduled. -;opcache.max_wasted_percentage=5 - -; When this directive is enabled, the OPcache appends the current working -; directory to the script key, thus eliminating possible collisions between -; files with the same name (basename). Disabling the directive improves -; performance, but may break existing applications. -;opcache.use_cwd=1 - -; When disabled, you must reset the OPcache manually or restart the -; webserver for changes to the filesystem to take effect. -opcache.validate_timestamps={{ getenv "DOCKER_APP_PHP_OPCACHE_VALIDATE_TIMESTAMPS" "0" }} - -; How often (in seconds) to check file timestamps for changes to the shared -; memory storage allocation. ("1" means validate once per second, but only -; once per request. "0" means always validate) -opcache.revalidate_freq={{ getenv "DOCKER_APP_PHP_OPCACHE_REVALIDATE_FREQ" "2" }} - -; Enables or disables file search in include_path optimization -;opcache.revalidate_path=0 - -; If disabled, all PHPDoc comments are dropped from the code to reduce the -; size of the optimized code. -;opcache.save_comments=1 - -; Allow file existence override (file_exists, etc.) performance feature. -;opcache.enable_file_override=0 - -; A bitmask, where each bit enables or disables the appropriate OPcache -; passes -;opcache.optimization_level=0x7FFFBFFF - -;opcache.dups_fix=0 - -; The location of the OPcache blacklist file (wildcards allowed). -; Each OPcache blacklist file is a text file that holds the names of files -; that should not be accelerated. The file format is to add each filename -; to a new line. The filename may be a full path or just a file prefix -; (i.e., /var/www/x blacklists all the files and directories in /var/www -; that start with 'x'). Line starting with a ; are ignored (comments). -;opcache.blacklist_filename= - -; Allows exclusion of large files from being cached. By default all files -; are cached. -;opcache.max_file_size=0 - -; Check the cache checksum each N requests. -; The default value of "0" means that the checks are disabled. -;opcache.consistency_checks=0 - -; How long to wait (in seconds) for a scheduled restart to begin if the cache -; is not being accessed. -;opcache.force_restart_timeout=180 - -; OPcache error_log file name. Empty string assumes "stderr". -;opcache.error_log= - -; All OPcache errors go to the Web server log. -; By default, only fatal errors (level 0) or errors (level 1) are logged. -; You can also enable warnings (level 2), info messages (level 3) or -; debug messages (level 4). -;opcache.log_verbosity_level=1 - -; Preferred Shared Memory back-end. Leave empty and let the system decide. -;opcache.preferred_memory_model= - -; Protect the shared memory from unexpected writing during script execution. -; Useful for internal debugging only. -;opcache.protect_memory=0 - -; Allows calling OPcache API functions only from PHP scripts which path is -; started from specified string. The default "" means no restriction -;opcache.restrict_api= - -; Mapping base of shared memory segments (for Windows only). All the PHP -; processes have to map shared memory into the same address space. This -; directive allows to manually fix the "Unable to reattach to base address" -; errors. -;opcache.mmap_base= - -; Facilitates multiple OPcache instances per user (for Windows only). All PHP -; processes with the same cache ID and user share an OPcache instance. -;opcache.cache_id= - -; Enables and sets the second level cache directory. -; It should improve performance when SHM memory is full, at server restart or -; SHM reset. The default "" disables file based caching. -;opcache.file_cache= - -; Enables or disables opcode caching in shared memory. -;opcache.file_cache_only=0 - -; Enables or disables checksum validation when script loaded from file cache. -;opcache.file_cache_consistency_checks=1 - -; Implies opcache.file_cache_only=1 for a certain process that failed to -; reattach to the shared memory (for Windows only). Explicitly enabled file -; cache is required. -;opcache.file_cache_fallback=1 - -; Enables or disables copying of PHP code (text segment) into HUGE PAGES. -; This should improve performance, but requires appropriate OS configuration. -;opcache.huge_code_pages=1 - -; Validate cached file permissions. -;opcache.validate_permission=0 - -; Prevent name collisions in chroot'ed environment. -;opcache.validate_root=0 - -; If specified, it produces opcode dumps for debugging different stages of -; optimizations. -;opcache.opt_debug_level=0 - -; Specifies a PHP script that is going to be compiled and executed at server -; start-up. -; http://php.net/opcache.preload -;opcache.preload= - -; Preloading code as root is not allowed for security reasons. This directive -; facilitates to let the preloading to be run as another user. -; http://php.net/opcache.preload_user -;opcache.preload_user= - -; Prevents caching files that are less than this number of seconds old. It -; protects from caching of incompletely updated files. In case all file updates -; on your site are atomic, you may increase performance by setting it to "0". -;opcache.file_update_protection=2 - -; Absolute path used to store shared lockfiles (for *nix only). -;opcache.lockfile_path=/tmp - -[curl] -; A default value for the CURLOPT_CAINFO option. This is required to be an -; absolute path. -;curl.cainfo = - -[openssl] -; The location of a Certificate Authority (CA) file on the local filesystem -; to use when verifying the identity of SSL/TLS peers. Most users should -; not specify a value for this directive as PHP will attempt to use the -; OS-managed cert stores in its absence. If specified, this value may still -; be overridden on a per-stream basis via the "cafile" SSL stream context -; option. -;openssl.cafile= - -; If openssl.cafile is not specified or if the CA file is not found, the -; directory pointed to by openssl.capath is searched for a suitable -; certificate. This value must be a correctly hashed certificate directory. -; Most users should not specify a value for this directive as PHP will -; attempt to use the OS-managed cert stores in its absence. If specified, -; this value may still be overridden on a per-stream basis via the "capath" -; SSL stream context option. -;openssl.capath= - -[ffi] -; FFI API restriction. Possible values: -; "preload" - enabled in CLI scripts and preloaded files (default) -; "false" - always disabled -; "true" - always enabled -;ffi.enable=preload - -; List of headers files to preload, wildcard patterns allowed. -;ffi.preload= diff --git a/docker/shared/root/shared/proxy/conf.d/.gitignore b/docker/shared/root/shared/proxy/conf.d/.gitignore deleted file mode 100644 index e69de29bb..000000000 diff --git a/docker/shell b/docker/shell deleted file mode 100755 index 7b725e1b0..000000000 --- a/docker/shell +++ /dev/null @@ -1,17 +0,0 @@ -#!/bin/bash - -declare service="${PF_SERVICE:=worker}" -declare user="${PF_USER:=www-data}" - -declare -a command=("bash") - -if [[ $# -ge 1 ]]; then - command=("$@") -fi - -exec docker compose exec \ - --user "${user}" \ - --env TERM \ - --env COLORTERM \ - "${service}" \ - "${command[@]}" diff --git a/goss.yaml b/goss.yaml deleted file mode 100644 index 73f245c64..000000000 --- a/goss.yaml +++ /dev/null @@ -1,123 +0,0 @@ -# See: https://github.com/goss-org/goss/blob/master/docs/manual.md#goss-manual - -package: - curl: { installed: true } - ffmpeg: { installed: true } - gifsicle: { installed: true } - gosu: { installed: true } - jpegoptim: { installed: true } - locales-all: { installed: true } - locales: { installed: true } - mariadb-client: { installed: true } - nano: { installed: true } - optipng: { installed: true } - pngquant: { installed: true } - postgresql-client: { installed: true } - unzip: { installed: true } - wget: { installed: true } - zip: { installed: true } - -user: - www-data: - exists: true - uid: 33 - gid: 33 - groups: - - www-data - home: /var/www - shell: /usr/sbin/nologin - -command: - php-version: - exit-status: 0 - exec: 'php -v' - stdout: - - PHP {{ .Env.EXPECTED_PHP_VERSION }} - stderr: [] - - php-extensions: - exit-status: 0 - exec: 'php -m' - stdout: - - bcmath - - Core - - ctype - - curl - - date - - dom - - exif - - fileinfo - - filter - - gd - - hash - - iconv - - imagick - - intl - - json - - libxml - - mbstring - - mysqlnd - - openssl - - pcntl - - pcre - - PDO - - pdo_mysql - - pdo_pgsql - - pdo_sqlite - - Phar - - posix - - readline - - redis - - Reflection - - session - - SimpleXML - - sodium - - SPL - - sqlite3 - - standard - - tokenizer - - xml - - xmlreader - - xmlwriter - - zip - - zlib - stderr: [] - - forego-version: - exit-status: 0 - exec: 'forego version' - stdout: - - dev - stderr: [] - - gomplate-version: - exit-status: 0 - exec: 'gomplate -v' - stdout: - - gomplate version - stderr: [] - - gosu-version: - exit-status: 0 - exec: 'gosu -v' - stdout: - - '1.12' - stderr: [] - -{{ if eq .Env.PHP_BASE_TYPE "nginx" }} - nginx-version: - exit-status: 0 - exec: 'nginx -v' - stdout: [] - stderr: - - 'nginx version: nginx' -{{ end }} - -{{ if eq .Env.PHP_BASE_TYPE "apache" }} - apache-version: - exit-status: 0 - exec: 'apachectl -v' - stdout: - - 'Server version: Apache/' - stderr: [] -{{ end }}