diff --git a/.sandstorm/launcher.sh b/.sandstorm/launcher.sh index 438bb98..4c14e82 100644 --- a/.sandstorm/launcher.sh +++ b/.sandstorm/launcher.sh @@ -44,4 +44,4 @@ cd /var/lib/dokuwiki grep -Ev '^($|#)' /opt/app/dokuwiki/data.orig/deleted.files | xargs -n 1 rm -vrf # Start nginx. -/usr/sbin/nginx -g "daemon off;" +/usr/sbin/nginx -c /opt/app/.sandstorm/service-config/nginx.conf -g "daemon off;" diff --git a/.sandstorm/sandstorm-files.list b/.sandstorm/sandstorm-files.list index 4b3bc27..a8aed5f 100644 --- a/.sandstorm/sandstorm-files.list +++ b/.sandstorm/sandstorm-files.list @@ -22,13 +22,10 @@ etc/ld.so.cache etc/localtime etc/magic etc/nginx/conf.d -etc/nginx/conf.d/50sandstorm.conf etc/nginx/fastcgi_params etc/nginx/mime.types etc/nginx/nginx.conf -etc/nginx/sites-available/sandstorm-php etc/nginx/sites-enabled -etc/nginx/sites-enabled/sandstorm-php etc/php5/fpm/conf.d etc/php5/fpm/conf.d/05-opcache.ini etc/php5/fpm/conf.d/10-pdo.ini @@ -119,6 +116,9 @@ lib64/ld-linux-x86-64.so.2 opt opt/app opt/app/.sandstorm/launcher.sh +opt/app/.sandstorm/service-config/fastcgi_params +opt/app/.sandstorm/service-config/mime.types +opt/app/.sandstorm/service-config/nginx.conf opt/app/dokuwiki opt/app/dokuwiki/.editorconfig opt/app/dokuwiki/.git diff --git a/.sandstorm/service-config/fastcgi_params b/.sandstorm/service-config/fastcgi_params new file mode 100644 index 0000000..3d32274 --- /dev/null +++ b/.sandstorm/service-config/fastcgi_params @@ -0,0 +1,24 @@ + +fastcgi_param QUERY_STRING $query_string; +fastcgi_param REQUEST_METHOD $request_method; +fastcgi_param CONTENT_TYPE $content_type; +fastcgi_param CONTENT_LENGTH $content_length; + +fastcgi_param SCRIPT_NAME $fastcgi_script_name; +fastcgi_param REQUEST_URI $request_uri; +fastcgi_param DOCUMENT_URI $document_uri; +fastcgi_param DOCUMENT_ROOT $document_root; +fastcgi_param SERVER_PROTOCOL $server_protocol; +fastcgi_param HTTPS $fe_https if_not_empty; + +fastcgi_param GATEWAY_INTERFACE CGI/1.1; +fastcgi_param SERVER_SOFTWARE nginx/$nginx_version; + +fastcgi_param REMOTE_ADDR $remote_addr; +fastcgi_param REMOTE_PORT $remote_port; +fastcgi_param SERVER_ADDR $server_addr; +fastcgi_param SERVER_PORT $server_port; +fastcgi_param SERVER_NAME $server_name; + +# PHP only, required if PHP was built with --enable-force-cgi-redirect +fastcgi_param REDIRECT_STATUS 200; diff --git a/.sandstorm/service-config/mime.types b/.sandstorm/service-config/mime.types new file mode 100644 index 0000000..89be9a4 --- /dev/null +++ b/.sandstorm/service-config/mime.types @@ -0,0 +1,89 @@ + +types { + text/html html htm shtml; + text/css css; + text/xml xml; + image/gif gif; + image/jpeg jpeg jpg; + application/javascript js; + application/atom+xml atom; + application/rss+xml rss; + + text/mathml mml; + text/plain txt; + text/vnd.sun.j2me.app-descriptor jad; + text/vnd.wap.wml wml; + text/x-component htc; + + image/png png; + image/tiff tif tiff; + image/vnd.wap.wbmp wbmp; + image/x-icon ico; + image/x-jng jng; + image/x-ms-bmp bmp; + image/svg+xml svg svgz; + image/webp webp; + + application/font-woff woff; + application/java-archive jar war ear; + application/json json; + application/mac-binhex40 hqx; + application/msword doc; + application/pdf pdf; + application/postscript ps eps ai; + application/rtf rtf; + application/vnd.apple.mpegurl m3u8; + application/vnd.ms-excel xls; + application/vnd.ms-fontobject eot; + application/vnd.ms-powerpoint ppt; + application/vnd.wap.wmlc wmlc; + application/vnd.google-earth.kml+xml kml; + application/vnd.google-earth.kmz kmz; + application/x-7z-compressed 7z; + application/x-cocoa cco; + application/x-java-archive-diff jardiff; + application/x-java-jnlp-file jnlp; + application/x-makeself run; + application/x-perl pl pm; + application/x-pilot prc pdb; + application/x-rar-compressed rar; + application/x-redhat-package-manager rpm; + application/x-sea sea; + application/x-shockwave-flash swf; + application/x-stuffit sit; + application/x-tcl tcl tk; + application/x-x509-ca-cert der pem crt; + application/x-xpinstall xpi; + application/xhtml+xml xhtml; + application/xspf+xml xspf; + application/zip zip; + + application/octet-stream bin exe dll; + application/octet-stream deb; + application/octet-stream dmg; + application/octet-stream iso img; + application/octet-stream msi msp msm; + + application/vnd.openxmlformats-officedocument.wordprocessingml.document docx; + application/vnd.openxmlformats-officedocument.spreadsheetml.sheet xlsx; + application/vnd.openxmlformats-officedocument.presentationml.presentation pptx; + + audio/midi mid midi kar; + audio/mpeg mp3; + audio/ogg ogg; + audio/x-m4a m4a; + audio/x-realaudio ra; + + video/3gpp 3gpp 3gp; + video/mp2t ts; + video/mp4 mp4; + video/mpeg mpeg mpg; + video/quicktime mov; + video/webm webm; + video/x-flv flv; + video/x-m4v m4v; + video/x-mng mng; + video/x-ms-asf asx asf; + video/x-ms-wmv wmv; + video/x-msvideo avi; +} diff --git a/.sandstorm/service-config/nginx.conf b/.sandstorm/service-config/nginx.conf new file mode 100644 index 0000000..de977aa --- /dev/null +++ b/.sandstorm/service-config/nginx.conf @@ -0,0 +1,72 @@ +worker_processes 4; +pid /var/run/nginx.pid; + +events { + worker_connections 768; + # multi_accept on; +} + +http { + # Basic Settings + sendfile on; + tcp_nopush on; + tcp_nodelay on; + keepalive_timeout 65; + types_hash_max_size 2048; + # server_names_hash_bucket_size 64; + server_tokens off; + server_name_in_redirect off; + + include mime.types; + default_type application/octet-stream; + + # Logging + access_log off; + error_log stderr; + + # Prevent nginx from adding compression; this interacts badly with Sandstorm + # WebSession due to https://github.com/sandstorm-io/sandstorm/issues/289 + gzip off; + + # Trust the sandstorm-http-bridge's X-Forwarded-Proto. + map $http_x_forwarded_proto $fe_https { + default ""; + https on; + } + + server { + listen 8000 default_server; + listen [::]:8000 default_server ipv6only=on; + + # Allow arbitrarily large bodies - Sandstorm can handle them, and requests + # are authenticated already, so there's no reason for apps to add additional + # limits by default. + client_max_body_size 0; + + server_name localhost; + root /opt/app/dokuwiki; + index doku.php; + + location ~ /(data/|conf/|bin/|inc/|install.php) { deny all; } + + location / { + try_files $uri $uri/ @dokuwiki; + } + + location @dokuwiki { + rewrite ^/_media/(.*) /lib/exe/fetch.php?media=$1 last; + rewrite ^/_detail/(.*) /lib/exe/detail.php?media=$1 last; + rewrite ^/_export/([^/]+)/(.*) /doku.php?do=export_$1&id=$2 last; + rewrite ^/(.*) /doku.php?id=$1&$args last; + } + + location ~ \.php$ { + if (!-f $request_filename) { return 404; } + include fastcgi_params; + fastcgi_pass unix:/var/run/php5-fpm.sock; + fastcgi_param REDIRECT_STATUS 200; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + } + + } +} diff --git a/.sandstorm/setup.sh b/.sandstorm/setup.sh index 7dac1ab..23f39d2 100644 --- a/.sandstorm/setup.sh +++ b/.sandstorm/setup.sh @@ -1,5 +1,8 @@ #!/bin/bash +# When you change this file, you must take manual action. Read this doc: +# - https://docs.sandstorm.io/en/latest/vagrant-spk/customizing/#setupsh + set -euo pipefail export DEBIAN_FRONTEND=noninteractive @@ -14,44 +17,6 @@ make make install cp /opt/app/leveldb.ini /etc/php5/mods-available php5enmod leveldb -unlink /etc/nginx/sites-enabled/default -cat > /etc/nginx/sites-available/sandstorm-php < /etc/nginx/conf.d/50sandstorm.conf << EOF - # Trust the sandstorm-http-bridge's X-Forwarded-Proto. - map \$http_x_forwarded_proto \$fe_https { - default ""; - https on; - } -EOF # Adjust fastcgi_params to use the patched fe_https sed --in-place='' \ --expression 's/^fastcgi_param *HTTPS.*$/fastcgi_param HTTPS \$fe_https if_not_empty;/' \