diff --git a/Dockerfile b/Dockerfile new file mode 100644 index 0000000..5f3db4a --- /dev/null +++ b/Dockerfile @@ -0,0 +1,41 @@ +FROM alpine:3.18 + +MAINTAINER Yazzi Huseh +ENV TZ=Asia/Shanghai PUID=1000 PGID=100 + +RUN sed -i 's/dl-cdn.alpinelinux.org/mirrors.aliyun.com/g' /etc/apk/repositories \ + && apk --update add --no-cache \ + shadow \ + && rm -rf /var/cache/apk/* + +RUN set -eux; BINARY_URL=https://github.com/just-containers/skaware/releases/download/v2.0.7/s6-2.11.0.0-linux-amd64-bin.tar.gz; \ + wget -O /tmp/s6.tar.gz ${BINARY_URL}; \ + tar -xzf /tmp/s6.tar.gz -C /; + +COPY --chmod=0755 entrypoint.sh /entrypoint.sh +ENTRYPOINT ["/entrypoint.sh"] + +# install all required apks +RUN sed -i 's/dl-cdn.alpinelinux.org/mirrors.aliyun.com/g' /etc/apk/repositories \ + && apk --update add --no-cache \ + nginx \ + nginx-mod-http-fancyindex \ + && rm -rf /var/cache/apk/* + +# install fancyindex theme +RUN set -eux; BINARY_URL=https://code.simaek.com/xueye/nginx-fancyindex-theme/archive/v1.0.0.tar.gz; \ + wget -O /tmp/theme.tar.gz ${BINARY_URL}; \ + mkdir -p /fancyindex; \ + tar -xzf /tmp/theme.tar.gz -C /fancyindex --strip-components=1 --no-same-owner; \ + rm -f /tmp/theme.tar.gz; + +# +RUN adduser -u $PUID -D -s /sbin/nologin -h /public -g "share user" public + +COPY nginx/default.conf /etc/nginx/http.d/default.conf +COPY --chmod=0755 /bin/markdown-renderer /bin/markdown-renderer +COPY --chmod=0755 services.d/markdown-renderer/run /etc/services.d/nginx/run +COPY --chmod=0755 services.d/nginx/run /etc/services.d/markdown-renderer/run +COPY --chmod=0755 init.sh /init.sh + +CMD ["/init.sh"] \ No newline at end of file diff --git a/LICENSE b/LICENSE index d449d3e..70cb615 100644 --- a/LICENSE +++ b/LICENSE @@ -1,6 +1,6 @@ MIT License -Copyright (c) +Copyright (c) 2023 Yazzi Hsueh Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal diff --git a/bin/markdown-renderer b/bin/markdown-renderer new file mode 100755 index 0000000..106d30b Binary files /dev/null and b/bin/markdown-renderer differ diff --git a/docker-compose.yml b/docker-compose.yml new file mode 100644 index 0000000..d306561 --- /dev/null +++ b/docker-compose.yml @@ -0,0 +1,13 @@ +version: "3" +services: + fancyindex: + image: fancyindex + build: . + container_name: fancyindex + hostname: fancyindex + ports: + - "3004:80/tcp" + volumes: + - type: bind + source: ./data + target: /public \ No newline at end of file diff --git a/entrypoint.sh b/entrypoint.sh new file mode 100644 index 0000000..85447f4 --- /dev/null +++ b/entrypoint.sh @@ -0,0 +1,47 @@ +#!/bin/sh + +# init timezone +test -f /usr/share/zoneinfo/${TZ} && \ +ln -sf /usr/share/zoneinfo/${TZ} /etc/localtime && \ +echo "${TZ}" > /etc/timezone && \ +echo "init TZ: ${TZ}" + +echo "current time: `date`" + +if [ "$(id -u)x" != "0x" ]; then + echo "err: you must run the container as root." + echo "you can specific the PUID and PGID if you want the app run as specific user." + exit 1 +fi + +PUID=${PUID:-1000} +PGID=${PGID:-100} + +groupmod -o -g "$PGID" public +usermod -o -u "$PUID" public + +echo " +------------------------------------- + _ _ + ___(_)_ __ ___ __ _ ___| | __ +/ __| | '_ ` _ \ / _` |/ _ \ |/ / +\__ \ | | | | | | (_| | __/ < +|___/_|_| |_| |_|\__,_|\___|_|\_\ + +Brought to you by simaek.com +We gratefully accept donations at: +https://www.simaek.com/ +------------------------------------- +GID/UID +-------------------------------------" +echo " +User uid: $(id -u public) +User gid: $(id -g public) +------------------------------------- +" + +if [ $# -gt 0 ]; then + $1 +fi + +exec /bin/s6-svscan -t0 /etc/services.d/ \ No newline at end of file diff --git a/init.sh b/init.sh new file mode 100755 index 0000000..2248de9 --- /dev/null +++ b/init.sh @@ -0,0 +1,20 @@ +#!/bin/sh + +PUID=${PUID:-1000} +PGID=${PGID:-100} + +groupmod -o -g "$PGID" public +usermod -o -u "$PUID" public + +echo "**** Make sure the data folders exist ****" +[ ! -d /public ] && \ + mkdir -p /public + +[ ! -e /app/ssl/ssl.crt ] && \ + cp -r /etc/nginx/ssl/ssl.* /app/ssl/ + +echo "**** Set Permissions ****" && \ +chown -R "$PUID":"$PGID" /public +chown -R "$PUID":"$PGID" /fancyindex + +echo "**** Setup complete, starting the server. ****" \ No newline at end of file diff --git a/nginx/default.conf b/nginx/default.conf new file mode 100644 index 0000000..cd8de99 --- /dev/null +++ b/nginx/default.conf @@ -0,0 +1,85 @@ +server { + listen 80; ## listen for ipv4; this line is default and implied + listen [::]:80; ## listen for ipv6 + server_name localhost; + + root /public; + index index.html index.htm; + + location / { + #include /fancyindex/fancyindex.conf; + fancyindex on; + fancyindex_localtime on; #on for local time zone. off for GMT + fancyindex_exact_size off; #off for human-readable. on for exact size in bytes + fancyindex_header "/fancyindex/header.html"; + fancyindex_footer "/fancyindex/footer.html"; + fancyindex_ignore "fancyindex"; #ignore this directory when showing list + fancyindex_ignore "cgi"; #ignore this directory when showing list + fancyindex_ignore ".php"; #ignore this directory when showing list + fancyindex_time_format "%Y-%m-%d %H:%M:%S"; + fancyindex_name_length 200; + } + + location ~ \.(?:md|markdown)$$ { + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_pass http://127.0.0.1:8002; # Markdown Renderer server. + } + location =/assets/gfm.css { + proxy_pass http://127.0.0.1:8002; # Markdown Renderer server. + } + + # fixup fancyindex subrequest + location ^~ /fancyindex/ { + alias /fancyindex/; + } + + # fixup favicon.ico + location /favicon.ico { + alias /fancyindex/favicon.ico; + } + + location = /fancyindex/fancyindex.conf { + deny all; + } + + location = /fancyindex/README.md { + deny all; + } + + location =passwd { + deny all; + } + + add_header X-Frame-Options "SAMEORIGIN"; + add_header X-XSS-Protection "1; mode=block"; + add_header X-Content-Type-Options "nosniff"; + + location = /favicon.ico { access_log off; log_not_found off; } + location = /robots.txt { access_log off; log_not_found off; } + + location ~* \.(?:jpg|jpeg|gif|png|ico|cur|gz|svg|svgz|mp4|ogg|ogv|webm|htc|ttf|ttc|otf|eot|woff)$ { + expires 30d; + access_log off; + add_header Pragma public; + add_header Cache-Control "public, must-revalidate, proxy-revalidate"; + } + + location ~* \.(?:css|js)$ { + expires 1d; + add_header Cache-Control "public"; + } + + # deny access to . files, for security + location ~ /\.(?!well-known).* { + access_log off; + log_not_found off; + deny all; + } + + location ~* (?:\.(?:bak|config|db|sql|fla|psd|ini|log|sh|inc|swp|dist)|~)$ { + deny all; + access_log off; + log_not_found off; + } +} \ No newline at end of file diff --git a/services.d/markdown-renderer/run b/services.d/markdown-renderer/run new file mode 100755 index 0000000..3d0f67d --- /dev/null +++ b/services.d/markdown-renderer/run @@ -0,0 +1,12 @@ +#! /bin/sh + +set -eu + +exec 2>&1 + +COMMAND=/bin/markdown-renderer + +# Check nginx command is executable or not +test -x ${COMMAND} || exit 0 + +exec ${COMMAND} -mode local -root /public diff --git a/services.d/nginx/run b/services.d/nginx/run new file mode 100755 index 0000000..55f36f3 --- /dev/null +++ b/services.d/nginx/run @@ -0,0 +1,21 @@ +#! /bin/sh + +set -eu + +exec 2>&1 + +COMMAND=/usr/sbin/nginx +PID_FILE=/run/nginx/nginx.pid + +# Create pid file's directory +install -d -o nginx -g nginx ${PID_FILE%/*} + +# Check nginx command is executable or not +test -x ${COMMAND} || exit 0 + +# Test nginx configuration +${COMMAND} -t -q || exit 0 + +${COMMAND} -v + +exec ${COMMAND} -c /etc/nginx/nginx.conf -g "pid $PID_FILE; daemon off;"