Reorganize configuration files

Author: Luis Elizondo

.gitignore

@@ -0,0 +1 @@
+.DS_Store

Dockerfile

@@ -11,13 +11,13 @@ ENV LC_ALL     en_US.UTF-8
 # Update system
 RUN apt-get update && apt-get dist-upgrade -y
 
-# Basic packages
-RUN apt-get -y install php5-fpm php5-mysql php-apc php5-imagick php5-imap php5-mcrypt php5-curl php5-cli php5-gd php5-pgsql php5-sqlite php5-common php-pear curl php5-json php5-redis php5-memcache
-RUN apt-get -y install nginx-extras
-RUN apt-get -y install git curl supervisor
-
+# Prevent restarts when installing
 RUN echo '#!/bin/sh\nexit 101' > /usr/sbin/policy-rc.d && chmod +x /usr/sbin/policy-rc.d
 
+# Basic packages
+RUN apt-get -y install php5-fpm php5-mysql php-apc php5-imagick php5-imap php5-mcrypt php5-curl php5-cli php5-gd php5-pgsql php5-sqlite php5-common php-pear curl php5-json php5-redis php5-memcache 
+RUN apt-get -y install nginx-extras git curl supervisor
+
 RUN php5enmod mcrypt
 
 RUN /usr/bin/curl -sS https://getcomposer.org/installer | /usr/bin/php
@@ -29,12 +29,7 @@ RUN /usr/local/bin/composer self-update
 RUN /usr/local/bin/composer global require drush/drush:6.*
 RUN ln -s /.composer/vendor/drush/drush/drush /usr/local/bin/drush
 
-# PHP
-RUN sed -i 's/memory_limit = .*/memory_limit = 196M/' /etc/php5/fpm/php.ini
-RUN sed -i 's/cgi.fix_pathinfo = .*/cgi.fix_pathinfo = 0/' /etc/php5/fpm/php.ini
-RUN sed -i 's/upload_max_filesize = .*/upload_max_filesize = 500M/' /etc/php5/fpm/php.ini
-RUN sed -i 's/post_max_size = .*/post_max_size = 500M/' /etc/php5/fpm/php.ini
-
+# Prepare directory
 RUN mkdir /var/www
 RUN usermod -u 1000 www-data
 RUN usermod -a -G users www-data
@@ -50,19 +45,31 @@ CMD ["/usr/bin/supervisord", "-n"]
 ADD ./startup.sh /opt/startup.sh
 RUN chmod +x /opt/startup.sh
 
-# Add configuration files
-#ADD ./config/realip.conf /etc/nginx/conf.d/realip.conf
-ADD ./config/supervisord-nginx.conf /etc/supervisor/conf.d/supervisord-nginx.conf
 RUN mkdir -p /var/cache/nginx/microcache
-ADD ./config/nginx.conf /etc/nginx/nginx.conf
-ADD ./config/mime.types /etc/nginx/mime.types
-ADD ./config/fastcgi.conf /etc/nginx/fastcgi.conf
-ADD ./config/blacklist.conf /etc/nginx/blacklist.conf
-ADD ./config/fastcgi_microcache_zone.conf /etc/nginx/fastcgi_microcache_zone.conf
-ADD ./config/drupal.conf /etc/nginx/drupal.conf
-ADD ./config/fastcgi_drupal.conf /etc/nginx/fastcgi_drupal.conf
-ADD ./config/map_cache.conf /etc/nginx/map_cache.conf
-ADD ./config/microcache_fcgi_auth.conf /etc/nginx/microcache_fcgi_auth.conf
-ADD ./config/fastcgi_no_args_drupal.conf /etc/nginx/fastcgi_no_args_drupal.conf
-ADD ./config/drupal_upload_progress.conf /etc/nginx/drupal_upload_progress.conf
-ADD ./config/default /etc/nginx/sites-enabled/default
+
+### Add configuration files
+# Supervisor
+ADD ./config/supervisor/supervisord-nginx.conf /etc/supervisor/conf.d/supervisord-nginx.conf
+
+# PHP
+ADD ./config/php/www.conf /etc/php5/fpm/pool.d/www.conf
+ADD ./config/php/php.ini /etc/php5/fpm/php.ini
+
+# Nginx
+ADD ./config/nginx/blacklist.conf /etc/nginx/blacklist.conf
+ADD ./config/nginx/drupal.conf /etc/nginx/drupal.conf
+ADD ./config/nginx/drupal_upload_progress.conf /etc/nginx/drupal_upload_progress.conf
+ADD ./config/nginx/fastcgi.conf /etc/nginx/fastcgi.conf
+ADD ./config/nginx/fastcgi_drupal.conf /etc/nginx/fastcgi_drupal.conf
+ADD ./config/nginx/fastcgi_microcache_zone.conf /etc/nginx/fastcgi_microcache_zone.conf
+ADD ./config/nginx/fastcgi_no_args_drupal.conf /etc/nginx/fastcgi_no_args_drupal.conf
+ADD ./config/nginx/map_cache.conf /etc/nginx/map_cache.conf
+ADD ./config/nginx/microcache_fcgi_auth.conf /etc/nginx/microcache_fcgi_auth.conf
+ADD ./config/nginx/mime.types /etc/nginx/mime.types
+ADD ./config/nginx/nginx.conf /etc/nginx/nginx.conf
+ADD ./config/nginx/upstream_phpcgi_unix.conf /etc/nginx/upstream_phpcgi_unix.conf
+ADD ./config/nginx/map_block_http_methods.conf /etc/nginx/map_block_http_methods.conf
+ADD ./config/nginx/map_https_fcgi.conf /etc/nginx/map_https_fcgi.conf
+ADD ./config/nginx/nginx_status_allowed_hosts.conf /etc/nginx/nginx_status_allowed_hosts.conf
+ADD ./config/nginx/cron_allowed_hosts.conf /etc/nginx/cron_allowed_hosts.conf
+ADD ./config/nginx/default /etc/nginx/sites-enabled/default

Makefile

@@ -3,5 +3,8 @@ CURRENT_DIRECTORY := $(shell pwd)
 build:
 	@docker build --tag=iiiepe/nginx-drupal $(CURRENT_DIRECTORY)
 
+build-no-cache:
+	@docker build --no-cache --tag=iiiepe/nginx-drupal $(CURRENT_DIRECTORY)
+
 .PHONY: build
 

config/blacklist.conf renamed to config/nginx/blacklist.conf

@@ -0,0 +1,10 @@
+# -*- mode: nginx; mode:autopair; mode: flyspell-prog; ispell-local-dictionary: "american" -*-
+### Configuration file for specifying which hosts can invoke Drupal's
+### cron. This only applies if you're not using drush to run cron.
+
+geo $not_allowed_cron {
+    default 1;
+    ## Add your set of hosts.
+    127.0.0.1 0; # allow the localhost
+    192.168.1.0/24 0; # allow on an internal network
+}

config/nginx/cron_allowed_hosts.conf

@@ -96,21 +96,21 @@ location / {
 
 ## Run the update from the web interface with Drupal 7.
 location = /authorize.php {
-    fastcgi_pass unix:/var/run/php5-fpm.sock;
+    fastcgi_pass phpcgi;
 }
 
 location = /update.php {
     #auth_basic "Restricted Access"; # auth realm
     #auth_basic_user_file .htpasswd-users; # htpasswd file
-    fastcgi_pass unix:/var/run/php5-fpm.sock;
+    fastcgi_pass phpcgi;
 }
 
 ## Restrict access to the strictly necessary PHP files. Reducing the
 ## scope for exploits. Handling of PHP code and the Drupal event loop.
 location @drupal {
     ## Include the FastCGI config.
     include fastcgi_drupal.conf;
-    fastcgi_pass unix:/var/run/php5-fpm.sock;
+    fastcgi_pass phpcgi;
 
     ## FCGI microcache for authenticated users also.
     include microcache_fcgi_auth.conf;
@@ -125,7 +125,7 @@ location @drupal-no-args {
     ## Include the specific FastCGI configuration. This is for a
     ## FCGI backend like php-cgi or php-fpm.
     include fastcgi_no_args_drupal.conf;
-    fastcgi_pass unix:/var/run/php5-fpm.sock;
+    fastcgi_pass phpcgi;
 
     ## FCGI microcache for authenticated users also.
     include microcache_fcgi_auth.conf;