diff --git a/.github/auto-release.yml b/.github/auto-release.yml
new file mode 100644
index 0000000..c1f8916
--- /dev/null
+++ b/.github/auto-release.yml
@@ -0,0 +1,80 @@
+name-template: 'v$RESOLVED_VERSION 🌈'
+tag-template: 'v$RESOLVED_VERSION'
+version-template: '$MAJOR.$MINOR.$PATCH'
+version-resolver:
+ major:
+ labels:
+ - 'major'
+ minor:
+ labels:
+ - 'minor'
+ - 'enhancement'
+ - 'feature'
+ patch:
+ labels:
+ - 'auto-update'
+ - 'patch'
+ - 'fix'
+ - 'chore'
+ - 'bugfix'
+ - 'bug'
+ - 'hotfix'
+ default: 'patch'
+
+categories:
+ - title: '🚀 Enhancements'
+ labels:
+ - 'enhancement'
+ - 'feature'
+ - 'patch'
+ - title: '🐛 Bug Fixes'
+ labels:
+ - 'fix'
+ - 'bugfix'
+ - 'bug'
+ - 'hotfix'
+ - title: '🤖 Automatic Updates'
+ labels:
+ - 'auto-update'
+ - title: '📝 Documentation'
+ labels:
+ - 'chore'
+
+autolabeler:
+ - label: 'chore'
+ files:
+ - '*.md'
+ - label: 'enhancement'
+ title: '/enhancement/i'
+
+ - label: 'bugfix'
+ title: '/bugfix/i'
+
+ - label: 'bug'
+ title: '/🐛|🐞|fixes/i'
+
+ - label: 'auto-update'
+ title: '/🤖/i'
+
+ - label: 'feature'
+ title: '/🚀|🎉/i'
+
+change-template: |
+
+ $TITLE @$AUTHOR (#$NUMBER)
+
+ $BODY
+
+
+template: |
+ ## Changes
+
+ $CHANGES
+
+replacers:
+ # Remove irrelevant information from Renovate bot
+ - search: '/(?<=---\s+)+^#.*(Renovate configuration|Configuration)(?:.|\n)*?This PR has been generated .*/gm'
+ replace: ''
+ # Remove Renovate bot banner image
+ - search: '/\[!\[[^\]]*Renovate\][^\]]*\](\([^)]*\))?\s*\n+/gm'
+ replace: ''
diff --git a/.github/workflows/auto-release.yml b/.github/workflows/auto-release.yml
new file mode 100644
index 0000000..f13471b
--- /dev/null
+++ b/.github/workflows/auto-release.yml
@@ -0,0 +1,27 @@
+name: auto-release
+
+on:
+ push:
+ # branches to consider in the event; optional, defaults to all
+ branches:
+ - main
+ # pull_request event is required only for autolabeler
+ pull_request:
+ # Only following types are handled by the action, but one can default to all as well
+ types: [ opened, reopened, synchronize ]
+
+jobs:
+ publish:
+ runs-on: ubuntu-latest
+ steps:
+ - uses: actions/checkout@v2
+ # Drafts your next Release notes as Pull Requests are merged into "main"
+ - uses: release-drafter/release-drafter@v5
+ with:
+ publish: false
+ prerelease: true
+ config-name: auto-release.yml
+ # allows autolabeler to run without unmerged PRs from being added to draft
+ disable-releaser: ${{ github.ref_name != 'main' }}
+ env:
+ GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
diff --git a/.github/workflows/build-test-scan.yml b/.github/workflows/build-test-scan.yml
new file mode 100644
index 0000000..65f9712
--- /dev/null
+++ b/.github/workflows/build-test-scan.yml
@@ -0,0 +1,57 @@
+# This workflow uses actions that are not certified by GitHub.
+# They are provided by a third-party and are governed by
+# separate terms of service, privacy policy, and support
+# documentation.
+
+# A sample workflow which checks out the code, builds a container
+# image using Docker and scans that image for vulnerabilities using
+# Snyk. The results are then uploaded to GitHub Security Code Scanning
+#
+# For more examples, including how to limit scans to only high-severity
+# issues, monitor images for newly disclosed vulnerabilities in Snyk and
+# fail PR checks for new vulnerabilities, see https://github.com/snyk/actions/
+
+name: Build, Test, and Scan
+
+on:
+ push:
+ branches: [ main ]
+ pull_request:
+ # The branches below must be a subset of the branches above
+ branches: [ main ]
+ schedule:
+ - cron: '41 5 * * 5'
+
+env:
+ APP_BASE_DIR: "./app"
+
+jobs:
+ Build-Test-Scan:
+ runs-on: ubuntu-latest
+ steps:
+ - uses: actions/checkout@v2
+ - name: Install Demo App
+ uses: php-actions/composer@v6
+ with:
+ dev: no
+ command: create-project
+ args: --no-install --no-scripts symfony/symfony-demo app
+ php_version: 7.4
+ - name: Build & Deploy
+ run: make deploy
+ - name: Test the App Startup
+ run: sleep 5 && curl localhost:8080 -I
+ - name: Run Snyk to check Docker image for vulnerabilities
+ # Snyk can be used to break the build when it detects vulnerabilities.
+ # In this case we want to upload the issues to GitHub Code Scanning
+ continue-on-error: true
+ uses: snyk/actions/docker@14818c4695ecc4045f33c9cee9e795a788711ca4
+ env:
+ SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
+ with:
+ image: kubephp_app:latest kubephp_web:latest
+ args: --file=Dockerfile --print-deps
+ - name: Upload result to GitHub Code Scanning
+ uses: github/codeql-action/upload-sarif@v1
+ with:
+ sarif_file: snyk.sarif
diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml
new file mode 100644
index 0000000..54e4ab3
--- /dev/null
+++ b/.github/workflows/lint.yml
@@ -0,0 +1,32 @@
+# This workflow uses actions that are not certified by GitHub.
+# They are provided by a third-party and are governed by
+# separate terms of service, privacy policy, and support
+# documentation.
+
+# A sample workflow which checks out the code, builds a container
+# image using Docker and scans that image for vulnerabilities using
+# Snyk. The results are then uploaded to GitHub Security Code Scanning
+#
+# For more examples, including how to limit scans to only high-severity
+# issues, monitor images for newly disclosed vulnerabilities in Snyk and
+# fail PR checks for new vulnerabilities, see https://github.com/snyk/actions/
+
+name: Lint
+
+on:
+ push:
+ branches: [ main ]
+ pull_request:
+ branches: [ main ]
+
+
+jobs:
+ Lint:
+ runs-on: ubuntu-latest
+ steps:
+ - uses: actions/checkout@v2
+ - name: Hadolint Action
+ uses: hadolint/hadolint-action@v1.6.0
+ with:
+ dockerfile: Dockerfile
+ ignore: DL3018 SC2086 DL3019
diff --git a/.github/workflows/snyk-container.yml b/.github/workflows/snyk-container.yml
deleted file mode 100644
index 7ee9f47..0000000
--- a/.github/workflows/snyk-container.yml
+++ /dev/null
@@ -1,48 +0,0 @@
-# This workflow uses actions that are not certified by GitHub.
-# They are provided by a third-party and are governed by
-# separate terms of service, privacy policy, and support
-# documentation.
-
-# A sample workflow which checks out the code, builds a container
-# image using Docker and scans that image for vulnerabilities using
-# Snyk. The results are then uploaded to GitHub Security Code Scanning
-#
-# For more examples, including how to limit scans to only high-severity
-# issues, monitor images for newly disclosed vulnerabilities in Snyk and
-# fail PR checks for new vulnerabilities, see https://github.com/snyk/actions/
-
-name: Snyk Container
-
-on:
- push:
- branches: [ master ]
- pull_request:
- # The branches below must be a subset of the branches above
- branches: [ master ]
- schedule:
- - cron: '41 5 * * 5'
-
-jobs:
- snyk:
- runs-on: ubuntu-latest
- steps:
- - uses: actions/checkout@v2
- - name: Build a Docker image
- run: docker build -t your/image-to-test .
- - name: Run Snyk to check Docker image for vulnerabilities
- # Snyk can be used to break the build when it detects vulnerabilities.
- # In this case we want to upload the issues to GitHub Code Scanning
- continue-on-error: true
- uses: snyk/actions/docker@14818c4695ecc4045f33c9cee9e795a788711ca4
- env:
- # In order to use the Snyk Action you will need to have a Snyk API token.
- # More details in https://github.com/snyk/actions#getting-your-snyk-token
- # or you can signup for free at https://snyk.io/login
- SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
- with:
- image: your/image-to-test
- args: --file=Dockerfile
- - name: Upload result to GitHub Code Scanning
- uses: github/codeql-action/upload-sarif@v1
- with:
- sarif_file: snyk.sarif
diff --git a/Dockerfile b/Dockerfile
index 1265cf5..4094da9 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,9 +1,11 @@
# ---------------------------------------------- Build Time Arguments --------------------------------------------------
ARG PHP_VERSION="7.4"
-ARG NGINX_VERSION="1.17.4"
-ARG COMPOSER_VERSION="2.0"
-ARG XDEBUG_VERSION="3.0.3"
+ARG NGINX_VERSION="1.20.1"
+ARG COMPOSER_VERSION="2"
+ARG XDEBUG_VERSION="3.1.3"
ARG COMPOSER_AUTH
+ARG APP_BASE_DIR="."
+
# -------------------------------------------------- Composer Image ----------------------------------------------------
FROM composer:${COMPOSER_VERSION} as composer
@@ -45,21 +47,34 @@ RUN apk add --no-cache --virtual .build-deps \
pdo_mysql \
zip \
# Pecl Extensions -------------------------------- \
- && pecl install apcu-5.1.20 && docker-php-ext-enable apcu \
+ && pecl install apcu && docker-php-ext-enable apcu \
# ---------------------------------------------------------------------
# Install Xdebug at this step to make editing dev image cache-friendly, we delete xdebug from production image later
&& pecl install xdebug-${XDEBUG_VERSION} \
# Cleanup ---------------------------------------- \
+ && rm -r /tmp/pear; \
# - Detect Runtime Dependencies of the installed extensions. \
- # - src: https://github.com/docker-library/wordpress/blob/master/latest/php7.4/fpm-alpine/Dockerfile \
- && runDeps="$( \
- scanelf --needed --nobanner --format '%n#p' --recursive /usr/local/lib/php/extensions \
- | tr ',' '\n' | sort -u | awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \
- )"; \
- # Save Runtime Deps in a virtual deps
- apk add --no-network --virtual .php-extensions-rundeps $runDeps; \
- # Uninstall Everything we Installed (minus the runtime Deps)
- apk del --no-network .build-deps
+ # - src: https://github.com/docker-library/wordpress/blob/master/latest/php8.0/fpm-alpine/Dockerfile \
+ out="$(php -r 'exit(0);')"; \
+ [ -z "$out" ]; \
+ err="$(php -r 'exit(0);' 3>&1 1>&2 2>&3)"; \
+ [ -z "$err" ]; \
+ \
+ extDir="$(php -r 'echo ini_get("extension_dir");')"; \
+ [ -d "$extDir" ]; \
+ runDeps="$( \
+ scanelf --needed --nobanner --format '%n#p' --recursive "$extDir" \
+ | tr ',' '\n' \
+ | sort -u \
+ | awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \
+ )"; \
+ # Save Runtime Deps in a virtual deps
+ apk add --no-network --virtual .php-extensions-rundeps $runDeps; \
+ # Uninstall Everything we Installed (minus the runtime Deps)
+ apk del --no-network .build-deps; \
+ # check for output like "PHP Warning: PHP Startup: Unable to load dynamic library 'foo' (tried: ...)
+ err="$(php --version 3>&1 1>&2 2>&3)"; [ -z "$err" ]
+# -----------------------------------------------
# ------------------------------------------------- Permissions --------------------------------------------------------
@@ -126,19 +141,22 @@ FROM composer as vendor
ARG PHP_VERSION
ARG COMPOSER_AUTH
+ARG APP_BASE_DIR
+
# A Json Object with remote repository token to clone private Repos with composer
# Reference: https://getcomposer.org/doc/03-cli.md#composer-auth
ENV COMPOSER_AUTH $COMPOSER_AUTH
-# Copy Dependencies files
-COPY composer.json composer.json
-COPY composer.lock composer.lock
+WORKDIR /app
-# Set PHP Version of the Image
-RUN composer config platform.php ${PHP_VERSION}
+# Copy Dependencies files
+COPY $APP_BASE_DIR/composer.json composer.json
+COPY $APP_BASE_DIR/composer.lock composer.lock
-# Install Dependeinces
-RUN composer install -n --no-progress --ignore-platform-reqs --no-dev --prefer-dist --no-scripts --no-autoloader
+ # Set PHP Version of the Image
+RUN composer config platform.php ${PHP_VERSION}; \
+ # Install Dependencies
+ composer install -n --no-progress --ignore-platform-reqs --no-dev --prefer-dist --no-scripts --no-autoloader
# ======================================================================================================================
# ============================================== PRODUCTION IMAGE ====================================================
@@ -147,6 +165,7 @@ RUN composer install -n --no-progress --ignore-platform-reqs --no-dev --prefer-d
FROM base AS app
+ARG APP_BASE_DIR
USER root
# Copy Prod Scripts && delete xdebug
@@ -164,10 +183,10 @@ USER www-data
COPY --chown=www-data:www-data --from=vendor /app/vendor /app/vendor
# Copy App Code
-COPY --chown=www-data:www-data . .
+COPY --chown=www-data:www-data $APP_BASE_DIR/ .
-# Run Composer Install again
-# ( this time to run post-install scripts, autoloader, and post-autoload scripts using one command )
+## Run Composer Install again
+## ( this time to run post-install scripts, autoloader, and post-autoload scripts using one command )
RUN post-build-base && post-build-prod
ENTRYPOINT ["entrypoint-prod"]
@@ -188,7 +207,7 @@ ENV APP_DEBUG 1
USER root
# For Composer Installs
-RUN apk add git openssh; \
+RUN apk --no-cache add git openssh; \
# Enable Xdebug
docker-php-ext-enable xdebug
@@ -197,15 +216,16 @@ RUN apk add git openssh; \
# - in Linux, `172.17.0.1` is the host IP
ENV XDEBUG_CLIENT_HOST="host.docker.internal"
-# ---------------------------------------- ---------- Scripts ---------------------------------------------------------
+# ---------------------------------------------------- Scripts ---------------------------------------------------------
# Copy Dev Scripts
COPY docker/*-dev /usr/local/bin/
-RUN chmod +x /usr/local/bin/*-dev
+RUN chmod +x /usr/local/bin/*-dev; \
# ------------------------------------------------------ PHP -----------------------------------------------------------
-RUN mv "$PHP_INI_DIR/php.ini-development" "$PHP_INI_DIR/php.ini"
+ mv "$PHP_INI_DIR/php.ini-development" "$PHP_INI_DIR/php.ini" \
+
COPY docker/php/dev-* $PHP_INI_DIR/conf.d/
USER www-data
@@ -255,7 +275,12 @@ FROM nginx AS web
# Copy Public folder + Assets that's going to be served from Nginx
COPY --chown=www-data:www-data --from=app /app/public /app/public
-# ----------------------------------------------------- NGINX ----------------------------------------------------------
+# ======================================================================================================================
+# --- NGINX DEV ---
+# ======================================================================================================================
FROM nginx AS web-dev
ENV NGINX_LOG_FORMAT "combined"
+
+COPY --chown=www-data:www-data docker/nginx/dev/*.conf /etc/nginx/conf.d/
+COPY --chown=www-data:www-data docker/nginx/dev/certs/ /etc/nginx/certs/
diff --git a/README.md b/README.md
index ff656f0..0b6f059 100644
--- a/README.md
+++ b/README.md
@@ -9,10 +9,10 @@
- 
+ 
- 
+ 
@@ -23,6 +23,9 @@
+
+
+
# Introduction
diff --git a/docker-compose.prod.yml b/docker-compose.prod.yml
index 4873611..86b8250 100644
--- a/docker-compose.prod.yml
+++ b/docker-compose.prod.yml
@@ -9,15 +9,21 @@ services:
# To authenticate to private registry either use username / password, or Oauth key/secret / etc
# Please add Composer Auth JSON Object
COMPOSER_AUTH: "{}"
+ APP_BASE_DIR: ${APP_BASE_DIR-.}
restart: unless-stopped
web:
build:
context: .
target: web
+ args:
+ APP_BASE_DIR: ${APP_BASE_DIR-.}
restart: unless-stopped
environment:
# The Hostname for the FPM (needs to match the hostname for the `app`)
PHP_FPM_HOST: app
ports:
- - 8080:8080
\ No newline at end of file
+ - 8080:8080
+ depends_on:
+ app:
+ condition: service_healthy
\ No newline at end of file
diff --git a/docker-compose.yml b/docker-compose.yml
index 2cf2921..f952681 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -9,19 +9,22 @@ services:
# To authenticate to private registry either use username / password, or Oauth key/secret / etc
# Please add Composer Auth JSON Object
COMPOSER_AUTH: "{}"
+ APP_BASE_DIR: ${APP_BASE_DIR-.}
restart: unless-stopped
environment:
# For Xdebuger to work, it needs the docker host ID
# - in Mac AND Windows, `host.docker.internal` resolve to Docker host IP
# - in Linux, `172.17.0.1` is the host IP
- XDEBUG_CLIENT_HOST: 'host.docker.internal'
+ XDEBUG_CLIENT_HOST: ${XDEBUG_CLIENT_HOST-host.docker.internal}
volumes:
- - .:/app
+ - ${APP_BASE_DIR-.}:/app
web:
build:
context: .
target: web-dev
+ args:
+ APP_BASE_DIR: ${APP_BASE_DIR-.}
restart: unless-stopped
ports:
- 8080:8080
@@ -29,7 +32,7 @@ services:
# The Hostname for the FPM (needs to match the hostname for the `app`)
PHP_FPM_HOST: app
volumes:
- - ./public:/app/public
+ - ${APP_BASE_DIR-.}/public:/app/public
depends_on:
app:
condition: service_healthy
\ No newline at end of file
diff --git a/docker/nginx/conf.d/php.conf b/docker/nginx/conf.d/app.conf
similarity index 71%
rename from docker/nginx/conf.d/php.conf
rename to docker/nginx/conf.d/app.conf
index 000c366..6736879 100644
--- a/docker/nginx/conf.d/php.conf
+++ b/docker/nginx/conf.d/app.conf
@@ -1,3 +1,12 @@
+upstream backend {
+ # The number of idle keepalive connections to an upstream server that remain open for each worker process
+ server ${PHP_FPM_HOST}:${PHP_FPM_PORT};
+ keepalive 40;
+ keepalive_requests 250; # Must be less than php-fpm.conf:pm.max_requests
+ keepalive_timeout 10;
+}
+
+
server {
listen 8080;
listen [::]:8080;
@@ -6,7 +15,7 @@ server {
set $base /app;
root $base/public;
- # deny all dot files
+ # deny all dot files except .well-known
location ~ /\.(?!well-known) {
deny all;
}
@@ -14,16 +23,18 @@ server {
# index.php
index index.php;
- # index.php fallback
- location / {
- # try to serve file directly, fallback to index.php
- try_files $uri /index.php$is_args$args;
- }
- # Disable falling back to PHP script for the asset directories;
- location /bundles {
- try_files $uri =404;
- }
+
+ # index.php fallback
+ location / {
+ # try to serve file directly, fallback to index.php
+ try_files $uri /index.php$is_args$args;
+ }
+
+ # Disable falling back to PHP script for the asset directories;
+ location ~ ^/(public|bundles)/ {
+ try_files $uri =404;
+ }
# handle non-files
location ~ ^/index\.php(/|$) {
@@ -31,7 +42,7 @@ server {
include fastcgi_params;
# fastcgi settings
- fastcgi_pass ${PHP_FPM_HOST}:${PHP_FPM_PORT};
+ fastcgi_pass backend;
fastcgi_index index.php;
fastcgi_buffers 8 16k;
fastcgi_buffer_size 32k;
diff --git a/docker/nginx/dev/certs/dev-selfsigned.crt b/docker/nginx/dev/certs/dev-selfsigned.crt
new file mode 100644
index 0000000..abf28c5
--- /dev/null
+++ b/docker/nginx/dev/certs/dev-selfsigned.crt
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE-----
+MIICxDCCAawCCQCUYv2tOO4zGDANBgkqhkiG9w0BAQsFADAkMRAwDgYDVQQKDAdr
+dWJlcGhwMRAwDgYDVQQDDAdrdWJlcGhwMB4XDTIyMDIyNTE0MzEwNloXDTMyMDIy
+MzE0MzEwNlowJDEQMA4GA1UECgwHa3ViZXBocDEQMA4GA1UEAwwHa3ViZXBocDCC
+ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALLdT4dDwxjNfc1POHfy/pTf
+JBGonmisS1i0NlN/sSz+QrktsyNtH3dvAJp/kHnOoTGgY3QyDCBNtr8/mULLig7B
+aAfGNDDuWJm7ayahxLoCfk2DZTcSf3NoOIPpvimwLfKxFOtuyOF742Lz3E3gVQ5+
+aDsePRp8NPSc1dBzGkrxGkPLvv4GGa8+MzeznKSamDOQ4fdqGdJyCOvTcYl2Pu4E
+ON6F5Z9cFOVu44l6VL7SzGpI86X6XGJY34PJ+KXg47Hs6/kGDt2UocgI0K3PfhDj
+6FlAf6ZeQ2GG//JRCPmWt4/womawo9nVHKtIkNMq20Ja3ITXrQ//Gism6HHZFEMC
+AwEAATANBgkqhkiG9w0BAQsFAAOCAQEAH3jtGiuTaga9O+83MJNW4XursYhR0VHs
+BXDmWr87uXuKemAhBiN+YvWVkLu/Egr1lSWiQoO3besPQnQu75fEwTNpkBZliS3+
+Rm5rtf+7stAC9vTKKaljksGj9ipnTktvwM2WjqrfnpYPokGIHsNOZRf9GXNXfAOw
+YBKEz0sd8D3C26EgJjX9thoEW+pt2HkFYqp40jp8x3mGWXHTX2jpcXoyD1F2oB1i
+4G4GHR5pSz79OGrO7YdR8g/8mV5lMmcVwzbX/lIVmBVAdXeC/CDQFW8I9B0eCHHJ
+vCWTwoIb6aDWsDVKCqmot7CXczze5tvYomxZiEddq2vtSvfpduFlmw==
+-----END CERTIFICATE-----
diff --git a/docker/nginx/dev/certs/dev-selfsigned.key b/docker/nginx/dev/certs/dev-selfsigned.key
new file mode 100644
index 0000000..492b3a3
--- /dev/null
+++ b/docker/nginx/dev/certs/dev-selfsigned.key
@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQCy3U+HQ8MYzX3N
+Tzh38v6U3yQRqJ5orEtYtDZTf7Es/kK5LbMjbR93bwCaf5B5zqExoGN0MgwgTba/
+P5lCy4oOwWgHxjQw7liZu2smocS6An5Ng2U3En9zaDiD6b4psC3ysRTrbsjhe+Ni
+89xN4FUOfmg7Hj0afDT0nNXQcxpK8RpDy77+BhmvPjM3s5ykmpgzkOH3ahnScgjr
+03GJdj7uBDjeheWfXBTlbuOJelS+0sxqSPOl+lxiWN+Dyfil4OOx7Ov5Bg7dlKHI
+CNCtz34Q4+hZQH+mXkNhhv/yUQj5lreP8KJmsKPZ1RyrSJDTKttCWtyE160P/xor
+Juhx2RRDAgMBAAECggEBALLPVksGbgrkm6hdUzlu3h0b+mYA6OQBoo16E3lkBU7S
+nQec7SI0XCm8+aB6eIedDz6adfJaeg7tQg1tWh0Rd+IKbaKf/dsQ29hMKfGD9TRz
+e6qn+c6Vmn5YKW+OhEIO09B0QVKf/QiWHpr06T+dTcrgifjX4QQSOap1A7eQ6i8R
+ryXdALrfG70RTYHSKu9B2mjn4vOXl0YNBhNlNAN5GBRh6iaqmSxRMWfURNK2P9Tc
+lcHJFMW7duue38q6U5hPrVK/euXUtEoEDFXRzBXAZ2jcOzKxfJ6ZHXgP1wmWC6hS
+fLWpnc2f7uc5A5EAS2cOOZBLbTZFkiGB1FSfmB+Bf6ECgYEA3kVeBE6Xv/E7PgPJ
+AHQnMoISREASNxxS7Foly4VelzsL9qXO8Xb6hK/y/Cx6X5LFX108LvKLCn2d09qG
+HPseA/A54uw2uUPztFNpHOnLgBCMo0qu4Rsp/FsermcUvTy8XL4NeUMM85vAJ4dQ
+BjwDs7iDjZ7lVR0my5PJVEcXVZMCgYEAzgG30pdUuTrsL/Am5+ilR7qC/S7zOF/W
+aQvvcX2EjzqtViCcalk80sJmsCLrkx2p8Qx54z3jW9pie6z6A90bVrAZ7QprjhMZ
+mw+kEy+Me/htCp1Oh0Bj/X/GBGYVdJyEz3BkmUe4oUTQikYGNTN3INrTVBiiUpte
+2r1QeHKZdJECgYAO6MBBsbPkIB5FLqPQ7/mhHbBz+4g9Qh0d1X4rhKqvojpPNRgI
+gl6Tf+ngmGss9f9fQjXDQGmrLnnjuAi+8Ok2gmqfmhChpLk4I1AtrFEGKhYE7gGE
+//l0//ey4x81AlnwLp9gvuqjfJMLE7x+bpAhAgNxAHOJngb4KNWcXZhnGQKBgBwe
+Den3b7/sc+pDG/xRO6XjphdKfjX2lrw1vdO+rwYhmyEDSHYXgf6+O+fUjFTDGrvk
+2QoUG2EhGIoK3QED/8RAOvmoj2+P2dHZO6rGtaUCDlgBioNZXYxvESbujAUji9kI
+XSKysFeKnfARiK1gPeVFGM0Eo7skq7itWDtoYNuRAoGBAMpxteZlaIFY4Z0AIJ/Y
+MkkIWIq0OujGD2ApXFXw6Dh3KHyF5z4YMUVIKYKW/dMDYd2WRPYFD6AZiWBFQadA
+YUg0ks7ayF1FSPn2kldyr3AIysJjs6EGaj3svDN3rmIlLkS7vyYp0xfP7JG8l8Vm
+Dq7DO0YZ9hJs1M/np0HU8z7f
+-----END PRIVATE KEY-----
diff --git a/docker/nginx/dev/dev-https.conf b/docker/nginx/dev/dev-https.conf
new file mode 100644
index 0000000..1ad0c13
--- /dev/null
+++ b/docker/nginx/dev/dev-https.conf
@@ -0,0 +1,16 @@
+server {
+ listen 443 ssl;
+ server_name localhost;
+
+ ssl_certificate /etc/nginx/certs/dev-selfsigned.crt;
+ ssl_certificate_key /etc/nginx/certs/dev-selfsigned.key;
+
+ location / {
+ access_log off;
+ proxy_pass http://127.0.0.1:8080;
+ proxy_set_header Host $host;
+ proxy_set_header X-Real-IP $remote_addr;
+ proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+ proxy_set_header X-Forwarded-Proto https;
+ }
+}
\ No newline at end of file
diff --git a/docker/nginx/nginx.conf b/docker/nginx/nginx.conf
index decf0c9..b9325d6 100644
--- a/docker/nginx/nginx.conf
+++ b/docker/nginx/nginx.conf
@@ -16,7 +16,7 @@ http {
# send headers in one piece, it is better than sending them one by one
tcp_nopush on;
- # don't buffer data sent, good for small data bursts in real time
+ # don't buffer data sent, good for small data bursts in real time
tcp_nodelay on;
# allow the server to close connection on non responding client, this will free up memory
@@ -28,8 +28,8 @@ http {
log_not_found off;
types_hash_max_size 2048;
- # if the request body size is more than the buffer size, then the entire (or partial)
- # request body is written into a temporary file
+ # if the request body size is more than the buffer size, then the entire (or partial)
+ # request body is written into a temporary file
client_body_buffer_size 128k;
# maximum body size
@@ -40,9 +40,9 @@ http {
# cache information about FDs, frequently accessed files
open_file_cache max=200000 inactive=20s;
- open_file_cache_valid 30s;
- open_file_cache_min_uses 2;
- open_file_cache_errors on;
+ open_file_cache_valid 60s;
+ open_file_cache_min_uses 5;
+ open_file_cache_errors off;
# MIME
include mime.types;