add dockerfile

2023-06-18 11:14:24 +08:00 · 2023-06-18 11:14:24 +08:00 · f4a396548a
commit f4a396548a
parent b3aa01ff36
9 changed files with 240 additions and 1 deletions
--- a/41
+++ b/41
@ -0,0 +1,41 @@
+FROM alpine:3.18
+
+MAINTAINER Yazzi Huseh
+ENV TZ=Asia/Shanghai PUID=1000 PGID=100
+
+RUN sed -i 's/dl-cdn.alpinelinux.org/mirrors.aliyun.com/g' /etc/apk/repositories \
+    && apk --update add --no-cache \
+    shadow \
+    && rm -rf /var/cache/apk/*
+
+RUN set -eux; BINARY_URL=https://github.com/just-containers/skaware/releases/download/v2.0.7/s6-2.11.0.0-linux-amd64-bin.tar.gz; \
+    wget -O /tmp/s6.tar.gz ${BINARY_URL}; \
+    tar -xzf /tmp/s6.tar.gz -C /;
+
+COPY --chmod=0755 entrypoint.sh /entrypoint.sh
+ENTRYPOINT ["/entrypoint.sh"]
+
+# install all required apks
+RUN sed -i 's/dl-cdn.alpinelinux.org/mirrors.aliyun.com/g' /etc/apk/repositories \
+    && apk --update add --no-cache \
+    nginx \
+    nginx-mod-http-fancyindex \
+    && rm -rf /var/cache/apk/*
+
+# install fancyindex theme
+RUN set -eux; BINARY_URL=https://code.simaek.com/xueye/nginx-fancyindex-theme/archive/v1.0.0.tar.gz; \
+    wget -O /tmp/theme.tar.gz ${BINARY_URL}; \
+    mkdir -p /fancyindex; \
+    tar -xzf /tmp/theme.tar.gz -C /fancyindex --strip-components=1 --no-same-owner; \
+    rm -f /tmp/theme.tar.gz;
+
+#
+RUN adduser -u $PUID -D -s /sbin/nologin -h /public -g "share user" public
+
+COPY nginx/default.conf /etc/nginx/http.d/default.conf
+COPY --chmod=0755 /bin/markdown-renderer /bin/markdown-renderer
+COPY --chmod=0755 services.d/markdown-renderer/run /etc/services.d/nginx/run
+COPY --chmod=0755 services.d/nginx/run /etc/services.d/markdown-renderer/run
+COPY --chmod=0755 init.sh /init.sh
+
+CMD ["/init.sh"]
--- a/2
+++ b/2
@ -1,6 +1,6 @@
 MIT License

-Copyright (c) <year> <copyright holders>
+Copyright (c) 2023 Yazzi Hsueh

 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to deal
--- a/bin/markdown-renderer
+++ b/bin/markdown-renderer
--- a/docker-compose.yml
+++ b/docker-compose.yml
@ -0,0 +1,13 @@
+version: "3"
+services:
+  fancyindex:
+    image: fancyindex
+    build: .
+    container_name: fancyindex
+    hostname: fancyindex
+    ports:
+      - "3004:80/tcp"
+    volumes:
+      - type: bind
+        source: ./data
+        target: /public
--- a/entrypoint.sh
+++ b/entrypoint.sh
@ -0,0 +1,47 @@
+#!/bin/sh
+
+# init timezone
+test -f /usr/share/zoneinfo/${TZ} && \
+ln -sf /usr/share/zoneinfo/${TZ} /etc/localtime && \
+echo "${TZ}" >  /etc/timezone && \
+echo "init TZ: ${TZ}"
+
+echo "current time: `date`"
+
+if [ "$(id -u)x" != "0x" ]; then
+    echo "err: you must run the container as root."
+    echo "you can specific the PUID and PGID if you want the app run as specific user."
+    exit 1
+fi
+
+PUID=${PUID:-1000}
+PGID=${PGID:-100}
+
+groupmod -o -g "$PGID" public
+usermod -o -u "$PUID" public
+
+echo "
+-------------------------------------
+     _                      _
+ ___(_)_ __ ___   __ _  ___| | __
+/ __| | '_ ` _ \ / _` |/ _ \ |/ /
+\__ \ | | | | | | (_| |  __/   <
+|___/_|_| |_| |_|\__,_|\___|_|\_\
+
+Brought to you by simaek.com
+We gratefully accept donations at:
+https://www.simaek.com/
+-------------------------------------
+GID/UID
+-------------------------------------"
+echo "
+User uid:    $(id -u public)
+User gid:    $(id -g public)
+-------------------------------------
+"
+
+if [ $# -gt 0 ]; then
+    $1
+fi
+
+exec /bin/s6-svscan -t0 /etc/services.d/
--- a/init.sh
+++ b/init.sh
@ -0,0 +1,20 @@
+#!/bin/sh
+
+PUID=${PUID:-1000}
+PGID=${PGID:-100}
+
+groupmod -o -g "$PGID" public
+usermod -o -u "$PUID" public
+
+echo "**** Make sure the data folders exist ****"
+[ ! -d /public ] && \
+	mkdir -p /public
+
+[ ! -e /app/ssl/ssl.crt ] && \
+	cp -r /etc/nginx/ssl/ssl.* /app/ssl/
+
+echo "**** Set Permissions ****" && \
+chown -R "$PUID":"$PGID" /public
+chown -R "$PUID":"$PGID" /fancyindex
+
+echo "**** Setup complete, starting the server. ****"
--- a/nginx/default.conf
+++ b/nginx/default.conf
@ -0,0 +1,85 @@
+server {
+    listen   80; ## listen for ipv4; this line is default and implied
+    listen   [::]:80; ## listen for ipv6
+    server_name  localhost;
+
+    root /public;
+    index index.html index.htm;
+
+    location / {
+        #include /fancyindex/fancyindex.conf;
+        fancyindex on;
+        fancyindex_localtime on; #on for local time zone. off for GMT
+        fancyindex_exact_size off; #off for human-readable. on for exact size in bytes
+        fancyindex_header "/fancyindex/header.html";
+        fancyindex_footer "/fancyindex/footer.html";
+        fancyindex_ignore "fancyindex"; #ignore this directory when showing list
+        fancyindex_ignore "cgi"; #ignore this directory when showing list
+        fancyindex_ignore ".php"; #ignore this directory when showing list
+        fancyindex_time_format "%Y-%m-%d %H:%M:%S";
+        fancyindex_name_length 200;
+    }
+
+    location ~ \.(?:md|markdown)$$ {
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_pass http://127.0.0.1:8002; # Markdown Renderer server.
+    }
+    location =/assets/gfm.css {
+        proxy_pass http://127.0.0.1:8002; # Markdown Renderer server.
+    }
+
+    # fixup fancyindex subrequest
+    location ^~ /fancyindex/ {
+        alias /fancyindex/;
+    }
+
+    # fixup favicon.ico
+    location /favicon.ico {
+        alias /fancyindex/favicon.ico;
+    }
+
+    location = /fancyindex/fancyindex.conf {
+        deny all;
+    }
+
+    location = /fancyindex/README.md {
+        deny all;
+    }
+
+    location =passwd {
+        deny all;
+    }
+
+    add_header X-Frame-Options "SAMEORIGIN";
+    add_header X-XSS-Protection "1; mode=block";
+    add_header X-Content-Type-Options "nosniff";
+
+    location = /favicon.ico { access_log off; log_not_found off; }
+    location = /robots.txt  { access_log off; log_not_found off; }
+
+    location ~* \.(?:jpg|jpeg|gif|png|ico|cur|gz|svg|svgz|mp4|ogg|ogv|webm|htc|ttf|ttc|otf|eot|woff)$ {
+        expires 30d;
+        access_log off;
+        add_header Pragma public;
+        add_header Cache-Control "public, must-revalidate, proxy-revalidate";
+    }
+
+    location ~* \.(?:css|js)$ {
+        expires 1d;
+        add_header Cache-Control "public";
+    }
+
+    # deny access to . files, for security
+    location ~ /\.(?!well-known).* {
+        access_log off;
+        log_not_found off;
+        deny all;
+    }
+
+    location ~* (?:\.(?:bak|config|db|sql|fla|psd|ini|log|sh|inc|swp|dist)|~)$ {
+        deny all;
+        access_log off;
+        log_not_found off;
+    }
+}
--- a/services.d/markdown-renderer/run
+++ b/services.d/markdown-renderer/run
@ -0,0 +1,12 @@
+#! /bin/sh
+
+set -eu
+
+exec 2>&1
+
+COMMAND=/bin/markdown-renderer
+
+# Check nginx command is executable or not
+test -x ${COMMAND} || exit 0
+
+exec ${COMMAND} -mode local -root /public
--- a/services.d/nginx/run
+++ b/services.d/nginx/run
@ -0,0 +1,21 @@
+#! /bin/sh
+
+set -eu
+
+exec 2>&1
+
+COMMAND=/usr/sbin/nginx
+PID_FILE=/run/nginx/nginx.pid
+
+# Create pid file's directory
+install -d -o nginx -g nginx ${PID_FILE%/*}
+
+# Check nginx command is executable or not
+test -x ${COMMAND} || exit 0
+
+# Test nginx configuration
+${COMMAND} -t -q || exit 0
+
+${COMMAND} -v
+
+exec ${COMMAND} -c /etc/nginx/nginx.conf -g "pid $PID_FILE; daemon off;"