xpk/collection.dockerfile
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

HistoryPurge

Browse Source
This commit is contained in:
KF 2024-10-24 23:02:19 +08:00
commit 5febeb6fd9
Signed by: xpk
GPG Key ID: CD4FF6793F09AB86
153 changed files with 4560 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
LICENSE Normal file
View File

@ -0,0 +1,12 @@
BSD Zero Clause License
Permission to use, copy, modify, and/or distribute this software for any
purpose with or without fee is hereby granted.
THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES WITH
REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY SPECIAL, DIRECT,
INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR
OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
PERFORMANCE OF THIS SOFTWARE.

8
README.md Normal file
View File

@ -0,0 +1,8 @@
Collection of Dockerfiles
## docker on macvlan
On Linux, docker macvlan driver can be used to simplify routing. To create a macvlan network:
```bash
docker network create -d macvlan --subnet=192.168.86.0/24 --ip-range=192.168.86.96/27 --gateway=192.168.86.1 -o parent=enp7s0f1 macvlan
```

10
alpine/adminer/Dockerfile Normal file
View File

@ -0,0 +1,10 @@
FROM alpine:latest
LABEL description="adminer on alpine"
LABEL maintainer="racken@one27.cf"
ENV container docker
RUN apk update; apk add bash tini php8-pdo_mysql php8-fpm nginx php8-session supervisor
RUN mkdir -p /var/www/html /etc/supervisor.d
COPY nginx-default.conf /etc/nginx/http.d/default.conf
RUN wget https://github.com/vrana/adminer/releases/download/v4.8.1/adminer-4.8.1-mysql-en.php -O /var/www/html/adminer.php
COPY run.ini /etc/supervisor.d/run.ini
CMD ["/usr/bin/supervisord", "-n"]

19
alpine/adminer/nginx-default.conf Normal file
View File

@ -0,0 +1,19 @@
server {
listen 80 default_server;
listen [::]:80 default_server;
root /var/www/html;
# You may need this to prevent return 404 recursion.
location = /404.html {
internal;
}
location ~ [^/]\.php(/|$) {
fastcgi_split_path_info ^(.+?\.php)(/.*)$;
fastcgi_param HTTP_PROXY "";
fastcgi_pass 127.0.0.1:9000;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_index index.php;
include fastcgi_params;
}
}

10
alpine/adminer/run.ini Normal file
View File

@ -0,0 +1,10 @@
[program:nginx]
command=/usr/sbin/nginx -g 'daemon off;'
autostart=true
autorestart=true
[program:phpfpm]
command=/usr/sbin/php-fpm8 -F
autostart=true
autorestart=true

9
alpine/aliyuncli/Dockerfile Normal file
View File

@ -0,0 +1,9 @@
# aliyuncli requires python2
FROM alpine:3.10
ENV container docker
RUN apk update; apk upgrade; apk add py2-pip jq bash gcc libc-dev python2-dev libffi-dev rust cargo openssl-dev py2-cryptography sqlite
RUN pip install aliyuncli aliyun-python-sdk-ecs aliyun-python-sdk-nas aliyun-python-sdk-ram aliyun-python-sdk-slb aliyun-python-sdk-rds
COPY get-instances.sh /root/get-instances.sh
COPY ec2-matching.sh /root/ec2-matching.sh
RUN chmod 755 /root/*.sh
ENTRYPOINT ["/bin/bash"]

17
alpine/aliyuncli/README.md Normal file
View File

@ -0,0 +1,17 @@
# Authentication
```
$ aliyuncli configure
Aliyun Access Key ID [None]:
Aliyun Access Key Secret [None]:
Default Region Id [None]: cn-hongkong
Default output format [None]:
```
# Sample usage
/root/get-instances.sh
# More aliyuncli usage
```
aliyuncli ecs DescribeInstances --MaxResults 100 | jq -cr '.Instances.Instance[] | [.InstanceName,.InstanceType,.CpuOptions.CoreCount,.Memory,.OSType,.InstanceId,.OSNameEn,.ZoneId] | @csv'
aliyuncli ecs DescribeDisks --MaxResults 200 | jq -cr '.Disks.Disk[] | [.InstanceId, .Size, .ZoneId] | @csv'
```

33
alpine/aliyuncli/ec2-matching.sh Normal file
View File

@ -0,0 +1,33 @@
#!/bin/bash
cat <<EOF > /tmp/ec2-raw.txt
m5.large 2 8
m5.xlarge 4 16
m5.2xlarge 8 32
m5.4xlarge 16 64
m5.8xlarge 32 128
c5.large 2 4
c5.xlarge 4 8
c5.2xlarge 8 16
c5.4xlarge 16 32
c5.9xlarge 36 72
c5.12xlarge 48 96
r5.large 2 16
r5.xlarge 4 32
r5.2xlarge 8 64
r5.4xlarge 16 128
r5.8xlarge 32 256
EOF
if [ ! -f ec2-size-match.db ]; then
echo "create table instances(instance varchar(30), cpu int, ram int)" | sqlite3 ec2-size-match.db
cat /tmp/ec2-raw.txt | while read a b c; do
echo "insert into instances values(\"$a\", \"$b\", \"$c\");" | sqlite3 ec2-size-match.db
done
fi
RESULT=$(echo "select instance from instances where cpu = \"$1\" and ram = \"$2\";" | sqlite3 ec2-size-match.db)
if [ -z "$RESULT" ]; then
echo manual-match
else
echo $RESULT
fi

15
alpine/aliyuncli/get-instances.sh Normal file
View File

@ -0,0 +1,15 @@
#!/bin/bash
echo "InstanceName","InstanceSize","vcpu","ram","OS","InstanceId","OSVersion","Location","TotalDiskSize","MatchingEC2"
aliyuncli ecs DescribeInstances --MaxResults 100 | \
jq -cr '.Instances.Instance[] | [.InstanceName,.InstanceType,.Cpu,.Memory,.OSType,.InstanceId,.OSNameEn,.ZoneId] | @csv' \
> /tmp/instances.csv
aliyuncli ecs DescribeDisks --MaxResults 200 | jq -cr '.Disks.Disk[] | [.Size,.InstanceId] | @csv' > /tmp/disks.csv
cat /tmp/instances.csv | while read l; do
i=$(echo $l | awk -F, '{print $6}')
DISK=$(grep $i /tmp/disks.csv | awk -F, '{SUM+=$1}; END {print SUM}')
CPU=$(echo $l | awk -F, '{print $3}')
RAM=$(echo $l | awk -F, '{print $4/1024}')
echo -n "$l,$DISK,"
./ec2-matching.sh $CPU $RAM
done

7
alpine/azcli/Dockerfile Normal file
View File

@ -0,0 +1,7 @@
FROM alpine:latest
ENV container docker
RUN apk update; apk add python3 py3-apipkg gcc python3-dev linux-headers libffi libffi-dev py3-cffi musl-dev openssl-dev jq make bash
RUN pip3 install azure-cli
ENV PS1 "azcli-2.0.80 $ "
ENTRYPOINT ["/bin/bash"]

1
alpine/azcli/build.sh Executable file
View File

@ -0,0 +1 @@
docker build --network macvlan -t alpine/azcli .

10
alpine/dante/Dockerfile Normal file
View File

@ -0,0 +1,10 @@
FROM alpine:latest
LABEL description="Dante socks5 server"
LABEL maintainer="xpk@headdesk.me"
ENV container docker
RUN apk update; apk add tini dante-server dante
#RUN addgroup -g 3000 ctnuser && adduser -u 3000 -G ctnuser -D ctnuser
#USER ctnuser
COPY sockd.conf /etc/sockd.conf
ENTRYPOINT ["/sbin/tini", "--"]
CMD ["/usr/sbin/sockd"]

2
alpine/dante/build.sh Executable file
View File

@ -0,0 +1,2 @@
export DOCKER_BUILDKIT=1
docker build --network host -t alpine/dante .

2
alpine/dante/restart.sh Executable file
View File

@ -0,0 +1,2 @@
docker rm -f sockd
./start.sh

30
alpine/dante/sockd.conf Normal file
View File

@ -0,0 +1,30 @@
# logoutput: stdout
errorlog: stderr
#user.privileged: root
user.unprivileged: nobody
# The listening network interface or address.
internal: 0.0.0.0 port=11080
# The proxying network interface or address.
external: eth0
# socks-rules determine what is proxied through the external interface.
# The default of "none" permits anonymous access.
socksmethod: none
# client-rules determine who can connect to the internal interface.
# The default of "none" permits anonymous access.
clientmethod: none
client pass {
from: 192.168.86.0/24 to: 0.0.0.0/0
log: connect disconnect error
}
socks pass {
from: 192.168.86.0/24 to: 0.0.0.0/0
log: connect disconnect error
}

2
alpine/dante/start.sh Executable file
View File

@ -0,0 +1,2 @@
#!/bin/bash
docker run -d --name sockd --network macvlan --cpus 2 --memory 1g --restart always --ip 192.168.86.18 alpine/dante

10
alpine/ebcli/Dockerfile Normal file
View File

@ -0,0 +1,10 @@
FROM alpine:latest
LABEL description="AWS ebcli on Alpine"
LABEL maintainer="racken@one27.cf"
ENV container docker
RUN apk add python openssl wget curl git bash gcc make musl-dev zlib-dev libffi-dev bzip2-dev openssl-dev readline-dev
RUN git clone https://github.com/aws/aws-elastic-beanstalk-cli-setup.git
RUN ./aws-elastic-beanstalk-cli-setup/scripts/bundled_installer
RUN /root/.pyenv/versions/3.7.2/bin/pip install awscli
ENV PATH="/root/.ebcli-virtual-env/executables:/root/.pyenv/versions/3.7.2/bin:$PATH"
CMD ["/bin/bash"]

10
alpine/ebcli/Dockerfile-new Normal file
View File

@ -0,0 +1,10 @@
LABEL maintainer="racken@one27.cf"
LABEL description="AWS ebcli on Alpine"
FROM alpine:latest
ENV container docker
RUN apk add python openssl wget curl git bash gcc make musl-dev zlib-dev libffi-dev bzip2-dev openssl-dev readline-dev
RUN git clone https://github.com/aws/aws-elastic-beanstalk-cli-setup.git
RUN ./aws-elastic-beanstalk-cli-setup/scripts/bundled_installer
RUN /root/.pyenv/versions/3.7.2/bin/pip install awscli
ENV PATH="/root/.ebcli-virtual-env/executables:/root/.pyenv/versions/3.7.2/bin:$PATH"
CMD ["/bin/bash"]

8
alpine/flarectl/Dockerfile Normal file
View File

@ -0,0 +1,8 @@
FROM alpine:latest
# Set a working directory
RUN apk add go bash jq
RUN go install github.com/cloudflare/cloudflare-go/cmd/flarectl@latest
RUN echo "export PATH=/root/go/bin:$PATH" >> /root/.bashrc
ENTRYPOINT [ "/bin/bash" ]

9
alpine/flarectl/README.md Normal file
View File

@ -0,0 +1,9 @@
# Usage:
```
export CF_API_KEY=xxx
export CF_API_EMAIL=yyy
flarectl dns l --zone your-domain.com
```
# Reference:
https://pkg.go.dev/github.com/cloudflare/cloudflare-go/cmd/flarectl#section-readme

9
alpine/flarectl/monitoring.sh Normal file
View File

@ -0,0 +1,9 @@
cfcli zones -f json | jq -cr '.[] | .name,.id' | paste - - | awk '{print $1,$2}' | while read d k; do
cfcli ls -d $d -f json | jq -cr '.[] | select(.type == "A") | .name' | while read s; do
echo curl -X POST \"https://api.cloudflare.com/client/v4/zones/$k/healthchecks\" \
-H \"X-Auth-Email: ken.fong@rackspace.com\" \
-H \"X-Auth-Key: xxx\" \
-H \"Content-Type: application/json\" \
--data \'\{\"name\":\"site-monitor\",\"description\":\"Health check\",\"check_regions\":[\"SEAS\"],\"type\":\"HTTPS\",\"consecutive_successes\":1,\"consecutive_fails\":2,\"http_config\":\{\"method\":\"GET\",\"port\":443,\"path\":\"/\",\"expected_codes\":[\"200\"],\"follow_redirects\":true,\"allow_insecure\":false,\"timeout\":5,\"retries\":2,\"interval\":60,\"address\":\"$s\"\}\'
done
done

17
alpine/flarectl/setenv-cl.sh.asc Normal file
View File

@ -0,0 +1,17 @@
-----BEGIN PGP MESSAGE-----
Comment: To decrypt, save the entire message to a file and then run gpg -d <file>
hQGMA3pyazT9EturAQwA1qGGGxhOFYt5ibmXHxS6TzVO1ETRF3bzv8Zk2u3Yg1fn
FBa3Vsqnar4KFHxWhc1nNA3qqR4+RXLgSe9Uq9nUiJ2XYLqysqbD9LnMdSKLWTWW
XY8jkQMHlQ5esHxx4N7aiztaCr1Ga/yT4d2zPrWeUMm75iZhpXE4K/0IR97GssaP
neH5zMbTQq60M4Umcx9HJyIfI9t6vcP9dGw+OyB5aqCgyGZMmfGMdfGLGrhJu3Nz
LA+0rZ6iotM1YDX4WOFP0+IfGqSffceeDdVJUVsZUAp5eDQUbTsJyGtS43LGzZ1X
1ith1Sm2lDAX0yH0v06GGPQYptlF1g7JcwQMEc96wQbl78/mjqA6owU/N7zHjs6E
xdEVKg4CIkDHf4q7e961MXoKcDt9LBpzIm4osGF0PAVcQFJezyyCe3fUPBsHwJ0C
L6SugTZe6AjiVRG/vhXieYD01z9fPPX7m66w+0mqfYQ9rVWVXjImBJR37ApvIyfJ
ic0SA18Sbrj+i4CevLGo0p8B+hZe5A5hG9WzVa30Z+ubOWB7lJLm59vP6tzTFqUa
9vOQC/8jSs5z6NVEqlxBijdvWs5oIyzC8Ufc+62DchdPVq85bRDuma6/KagpI7Hy
4bzm9eNBz+pk7dJl0XybGnFvwpTISzN3ZtWazwtvhFzZSUt/zY0ZiZOLxjAUnwO4
FrHaT/3Cs7gPuIDg/rIg9q3GLuh7RHd7ZhoBxdbammQ=
=bzPr
-----END PGP MESSAGE-----

17
alpine/flarectl/setenv-rs.sh.asc Normal file
View File

@ -0,0 +1,17 @@
-----BEGIN PGP MESSAGE-----
Comment: To decrypt, save the entire message to a file and then run gpg -d <file>
hQGMA3pyazT9EturAQv+Jek+09cSCj1XccwH37c3deVa2UFHB1p1oI7B4iRLkaKH
CBzQCUR4f0W7DI9AwBbmd21OHzirgfs9S1UL/ygHQPukNI8D3esRKq6dCMLyctHQ
MG/q1MvRQVF4EtHmFkQoChnGEQBmpREv2xaEzOPNM7RyDZk6vktplUfGDKW78jB6
oORrAyIMI+kKFG7QI5Zx8XlZWh1+IueXUybK040InVck9t5ge3cvMIgtvnSh4bng
9X7ZhLKopURGrniNNNjO2i9aD3+jDJu/LFkzo1pQfgcSRix2l1la2YYB6e11AV/Q
A8AWcorXofD6vo6n7PuCISmX9PWxxPjzggkFjRXyg85vLUDVWFk7lPgAT4PQ9T3Q
OKcY5KWHPQSIv77iqN72JbKoTKbFvYvZOXbnJRaapn+Mce6WpSuBprhhxsSW4y/T
8vum3w/yooDEB/ZV46IZcat9h1c9MOlJlpzzkULtYbwKZstkheM27ac2ht1wqwt0
yY8nork7HE6OrxCDFRkz0p8B1IxalHAyMEuUnaZFxG590hY9lajKelUhXGfNusDk
FvEBvu6RcXU+wH11rnzHJeOr+QXkPCPM6bGGVGRpPsi0FYuquwOm9zv0YjWR/Ljv
07KrAwql3Lrd8GljqtY4viouJ58FPj44vLfpZxHI1EZHtTOVVheZ7IgGKRRY0Z01
E6CuZIrAyCzD9HJ3kjBh/N3PjWfS1dRckarYAwm4mF8=
=y9Ol
-----END PGP MESSAGE-----

4
alpine/flarectl/setenv.sh Normal file
View File

@ -0,0 +1,4 @@
export CF_API_KEY=
export CF_API_EMAIL=
#CF_API_DOMAIN

11
alpine/fpmredis/Dockerfile Normal file
View File

@ -0,0 +1,11 @@
FROM alpine:latest
ENV container docker
RUN apk update; apk upgrade; apk add php83-gd php83-session php83-json php83-fpm php83-mysqlnd php83-mysqli php83-mbstring php83-xml php83-redis php83-curl php83-gmp bash php83-pdo_mysql php83-zip php83-dom php83-xmlwriter php83-xmlreader php83-ctype php83-simplexml php83-intl php83-iconv supervisor php83-opcache php83-posix php83-fileinfo php83-pecl-imagick php83-bcmath php83-pcntl php83-cli php83-sysvsem php83-exif php83-sodium php83-bz2
COPY supervisord.conf /etc/supervisord.conf
COPY fpm-www.conf /etc/php83/php-fpm.d/www.conf
COPY nc-upgrade.sh /var/www/nc-upgrade.sh
COPY php.ini /etc/php83/php.ini
# RUN sed -i -e 's/^disable_functions.*/disable_functions=exec,passthru,shell_exec,system,proc_open,popen,curl_exec,curl_multi_exec,eval,base64_decode/g' -e 's/^expose_php.*/expose_php=off/g' -e 's/^memory_limit.*/memory_limit=512M/g' -e 's/^session.save_handler.*/session.save_handler=redis/g' /etc/php83/php.ini
RUN echo 'session.save_path = "tcp://192.168.86.212:6379"' >> /etc/php83/php.ini
EXPOSE 9000
CMD ["/usr/bin/supervisord", "-n"]

7
alpine/fpmredis/Dockerfile-old Normal file
View File

@ -0,0 +1,7 @@
FROM alpine
ENV container docker
RUN apk update; apk upgrade; apk add supervisor php7-gd php7-session php7-json php7-fpm php7-mysqlnd php7-mysqli php7-mbstring php7-xml php7-redis php7-curl php7-gmp bash apache2-webdav php7-pdo_mysql php7-zip php7-dom php7-xmlwriter php7-xmlreader php7-ctype php7-simplexml php7-intl php7-iconv
COPY supervisord.conf /etc/supervisord.conf
COPY fpm-www.conf /etc/php7/php-fpm.d/www.conf
EXPOSE 9000
CMD ["/usr/bin/supervisord", "-n"]

10
alpine/fpmredis/Dockerfile-php7 Normal file
View File

@ -0,0 +1,10 @@
FROM alpine
ENV container docker
RUN apk update; apk upgrade; apk add php7-gd php7-session php7-json php7-fpm php7-mysqlnd php7-mysqli php7-mbstring php7-xml php7-redis php7-curl php7-gmp bash php7-pdo_mysql php7-zip php7-dom php7-xmlwriter php7-xmlreader php7-ctype php7-simplexml php7-intl php7-iconv redis supervisor php7-opcache php7-posix php7-fileinfo php7-pecl-imagick php7-bcmath php7-pcntl php7-cli
COPY supervisord.conf /etc/supervisord.conf
COPY fpm-www.conf /etc/php7/php-fpm.d/www.conf
RUN sed -i -e 's/^disable_functions.*/disable_functions=exec,passthru,shell_exec,system,proc_open,popen,curl_exec,curl_multi_exec,eval,base64_decode/g' /etc/php7/php.ini
RUN sed -i -e 's/^expose_php.*/expose_php=off/g' /etc/php7/php.ini
RUN sed -i -e 's/^memory_limit.*/memory_limit=512M/g' /etc/php7/php.ini
EXPOSE 9000
CMD ["/usr/bin/supervisord", "-n"]

9
alpine/fpmredis/Dockerfile-php81 Normal file
View File

@ -0,0 +1,9 @@
FROM alpine:3.16
ENV container docker
RUN apk update; apk upgrade; apk add php81-gd php81-session php81-json php81-fpm php81-mysqlnd php81-mysqli php81-mbstring php81-xml php81-redis php81-curl php81-gmp bash php81-pdo_mysql php81-zip php81-dom php81-xmlwriter php81-xmlreader php81-ctype php81-simplexml php81-intl php81-iconv redis supervisor php81-opcache php81-posix php81-fileinfo php81-pecl-imagick php81-bcmath php81-pcntl php81-cli
COPY supervisord.conf /etc/supervisord.conf
COPY fpm-www.conf /etc/php81/php-fpm.d/www.conf
RUN sed -i -e 's/^disable_functions.*/disable_functions=exec,passthru,shell_exec,system,proc_open,popen,curl_exec,curl_multi_exec,eval,base64_decode/g' -e 's/^expose_php.*/expose_php=off/g' -e 's/^memory_limit.*/memory_limit=512M/g' -e 's/^session.save_handler.*/session.save_handler=redis/g' /etc/php81/php.ini
RUN echo 'session.save_path = "tcp://192.168.86.212:6379"' >> /etc/php81/php.ini
EXPOSE 9000
CMD ["/usr/bin/supervisord", "-n"]

1
alpine/fpmredis/README.md Normal file
View File

@ -0,0 +1 @@
nextcloud does not support php 7.4+.

67
alpine/fpmredis/apache-vhosts.conf Normal file
View File

@ -0,0 +1,67 @@
LoadModule dav_module /usr/lib/apache2/mod_dav.so
# Enable php-fpm integration
<Proxy "fcgi://127.0.0.1:9000" enablereuse=on max=10>
</Proxy>
<FilesMatch ".+\.ph(ar|p|tml)$">
SetHandler "proxy:fcgi://127.0.0.1:9000"
</FilesMatch>
DirectoryIndex /index.php index.php
<VirtualHost *:80>
# this site is now behind nginx
# https://www.headdesk.me/Nginx_reverse_proxy_container
# requires ondrej ppa
# Protocols h2c http/1.1
# vhost for music share
# access with user xpk.music / qwer-tyui-asdf-ghjk-zxcv
ServerName xpk.headdesk.me
ServerAlias localhost
DocumentRoot /var/www/nextcloud
ErrorLog /var/log/apache2/xpk.headdesk.me.err
LogLevel error
CustomLog /var/log/apache2/xpk.headdesk.me.log combined
Alias /music /nas/music
<Location /music>
Options Indexes
DAV on
#AuthType Digest
#AuthName "XPKMusic"
#AuthDigestProvider file
AuthType Basic
AuthName "XPK Music"
#AuthUserFile "/etc/apache2/webdav.passwd"
AuthUserFile "/etc/apache2/xpkmusic.paswd"
<Limit GET PROPFIND>
require valid-user
</Limit>
</Location>
Alias /nextcloud /var/www/nextcloud
<Location /nextcloud>
Require all granted
</Location>
<Directory /var/www/nextcloud/>
Options +FollowSymlinks
AllowOverride All
<IfModule mod_dav.c>
Dav off
</IfModule>
SetEnv HOME /var/www/nextcloud
SetEnv HTTP_HOME /var/www/nextcloud
</Directory>
<Directory /var/www/nextcloud/data/>
Require all denied
</Directory>
</VirtualHost>

BIN
alpine/fpmredis/backup.tar Normal file
View File

Binary file not shown.

2
alpine/fpmredis/build.sh Executable file
View File

@ -0,0 +1,2 @@
export DOCKER_BUILDKIT=1
docker build --pull --network host -t alpine/fpmredis .

BIN
alpine/fpmredis/c8-php8-backup.tar Normal file
View File

Binary file not shown.

23
alpine/fpmredis/fpm-www.conf Normal file
View File

@ -0,0 +1,23 @@
[www]
user = nobody
group = nobody
listen = 0.0.0.0:9000
pm = dynamic
pm.max_children = 50
pm.start_servers = 10
pm.min_spare_servers = 10
pm.max_spare_servers = 20
pm.process_idle_timeout = 20s
pm.max_requests = 500
php_admin_flag[log_errors] = on
php_admin_value[error_log] = /var/log/fpm-$pool.error.log
php_admin_value[disable_functions] = pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignal
php_admin_value[memory_limit] = 512M
php_admin_value[upload_max_filesize] = 800M
php_admin_value[post_max_size] = 850M
; needed by nextcloud
env[HOSTNAME] = $HOSTNAME
env[PATH] = /usr/local/bin:/usr/bin:/bin
env[TMP] = /tmp
env[TMPDIR] = /tmp
env[TEMP] = /tmp

17
alpine/fpmredis/nc-upgrade.sh Normal file
View File

@ -0,0 +1,17 @@
#!/bin/bash
cp /etc/php81/php.ini /etc/php81/php.ini-orig
sed -i -e '/^disable_function/d' /etc/php81/php.ini
VERSION=$1
cd /var/www/nextcloud
cp nextcloud/config/config.php .
cp -ap nextcloud/data/ data/
apk add axel sudo
axel https://download.nextcloud.com/server/releases/nextcloud-$VERSION.zip
unzip -o -q nextcloud-$VERSION.zip
cp config.php nextcloud/config/
cp -ap data nextcloud/
chown -R xfs:xfs nextcloud
cd nextcloud
sudo -u xfs php81 occ upgrade
sudo -u xfs php81 occ maintenance:mode --off
cp /etc/php81/php.ini-orig /etc/php81/php.ini

1964
alpine/fpmredis/php.ini Normal file
View File

File diff suppressed because it is too large Load Diff

2
alpine/fpmredis/restart.sh Executable file
View File

@ -0,0 +1,2 @@
docker ps -a | grep nextcloud-fpm | awk '{print $1}' | xargs docker rm -f
./start.sh

3
alpine/fpmredis/start.sh Executable file
View File

@ -0,0 +1,3 @@
docker run --cpus=4 --name nextcloud-fpm -v /var/www/nextcloud:/var/www/nextcloud:rw \
-v /var/run/mysqld/mysqld.sock:/var/run/mysqld/mysqld.sock:rw \
-it -d -m 4g --net macvlan --ip 192.168.86.210 --restart=always alpine/fpmredis

25
alpine/fpmredis/supervisord.conf Normal file
View File

@ -0,0 +1,25 @@
[unix_http_server]
file=/run/supervisord.sock ; (the path to the socket file)
[supervisord]
logfile=/var/log/supervisord.log ; (main log file;default $CWD/supervisord.log)
loglevel=error
logfile_maxbytes=10MB
logfile_backups=7
user=root
[rpcinterface:supervisor]
supervisor.rpcinterface_factory = supervisor.rpcinterface:make_main_rpcinterface
[supervisorctl]
serverurl=unix:///run/supervisord.sock ; use a unix:// URL for a unix socket
#[program:redis]
#command=redis-server
#stderr_logfile = /var/log/supervisord-redis.err
#stdout_logfile = /var/log/supervisord-redis.log
[program:phpfpm]
command=/usr/sbin/php-fpm82 -c /etc/php82/php-fpm.conf -F
stderr_logfile = /var/log/supervisord-fpm.err
stdout_logfile = /var/log/supervisord-fpm.log

9
alpine/gcloudcli/Dockerfile Normal file
View File

@ -0,0 +1,9 @@
FROM alpine:3.16
ENV container docker
RUN apk update; apk upgrade; apk add jq bash wget curl python3 sqlite
RUN wget -q -O- https://dl.google.com/dl/cloudsdk/channels/rapid/downloads/google-cloud-sdk-368.0.0-linux-x86_64.tar.gz | tar zxf -
COPY *.sh /root/
RUN chmod 755 /root/*.sh
RUN /google-cloud-sdk/install.sh -q
RUN echo 'export PATH=/google-cloud-sdk/bin:$PATH' > /root/.bashrc
ENTRYPOINT ["/bin/bash"]

96
alpine/gcloudcli/README.md Normal file
View File

@ -0,0 +1,96 @@
# notes
There is no need to build your own image. Use the ones on docker hub. e.g. google/cloud-sdk:alpine
See https://hub.docker.com/r/google/cloud-sdk/
# usage
gcloud init
You will then be prompted to sign in with a URL and enter a default region. For Hong Kong, it is asia-northeast1-c.
asia-east1-a Changhua County, Taiwan
asia-east1-b Changhua County, Taiwan
asia-east1-c Changhua County, Taiwan
asia-east2-a Hong Kong, APAC
asia-east2-b Hong Kong, APAC
asia-east2-c Hong Kong, APAC
asia-northeast1-a Tokyo, Japan, APAC
asia-northeast1-b Tokyo, Japan, APAC
asia-northeast1-c Tokyo, Japan, APAC
asia-northeast2-a Osaka, Japan, APAC
asia-northeast2-b Osaka, Japan, APAC
asia-northeast2-c Osaka, Japan, APAC
asia-northeast3-a Seoul, South Korea, APAC
asia-northeast3-b Seoul, South Korea, APAC
asia-northeast3-c Seoul, South Korea, APAC
asia-south1-a Mumbai, India APAC
asia-south1-b Mumbai, India APAC
asia-south1-c Mumbai, India APAC
asia-south2-a Delhi, India APAC
asia-south2-b Delhi, India APAC
asia-south2-c Delhi, India APAC
asia-southeast1-a Jurong West, Singapore
asia-southeast1-b Jurong West, Singapore
asia-southeast1-c Jurong West, Singapore
asia-southeast2-a Jakarta, Indonesia, APAC
asia-southeast2-b Jakarta, Indonesia, APAC
asia-southeast2-c Jakarta, Indonesia, APAC
australia-southeast1-a Sydney, Australia
australia-southeast1-b Sydney, Australia
australia-southeast1-c Sydney, Australia
australia-southeast2-a Melbourne, Australia
australia-southeast2-b
australia-southeast2-c Melbourne, Australia
europe-central2-a
europe-central2-b
europe-central2-c Warsaw, Poland, Europe
europe-north1-a Hamina, Finland, Europe
europe-north1-b Hamina, Finland, Europe
europe-north1-c Hamina, Finland, Europe
europe-west1-b St. Ghislain, Belgium, Europe
europe-west1-c St. Ghislain, Belgium, Europe
europe-west1-d St. Ghislain, Belgium, Europe
europe-west2-a London, England, Europe
europe-west2-b London, England, Europe
europe-west2-c London, England, Europe
europe-west3-a Frankfurt, Germany Europe
europe-west3-b Frankfurt, Germany Europe
europe-west3-c Frankfurt, Germany Europe
europe-west4-a Eemshaven, Netherlands, Europe
europe-west4-b Eemshaven, Netherlands, Europe
europe-west4-c Eemshaven, Netherlands, Europe
europe-west6-a Zurich, Switzerland, Europe
europe-west6-b Zurich, Switzerland, Europe
europe-west6-c Zurich, Switzerland, Europe
northamerica-northeast1-a Montréal, Québec, North America
northamerica-northeast1-b Montréal, Québec, North America
northamerica-northeast1-c Montréal, Québec, North America
northamerica-northeast2-a Toronto, Ontario, North America
northamerica-northeast2-b Toronto, Ontario, North America
northamerica-northeast2-c Toronto, Ontario, North America
southamerica-east1-a Osasco, São Paulo, Brazil, South
southamerica-east1-b Osasco, São Paulo, Brazil, South
southamerica-east1-c Osasco, São Paulo, Brazil, South
southamerica-west1-a,b,c Santiago, Chile, South America
us-central1-a Council Bluffs, Iowa, North America
us-central1-b Council Bluffs, Iowa, North America
us-central1-c Council Bluffs, Iowa, North America
us-central1-f Council Bluffs, Iowa, North America
us-east1-b Moncks Corner, South Carolina, North
us-east1-c Moncks Corner, South Carolina, North
us-east1-d Moncks Corner, South Carolina, North
us-east4-a Ashburn, Virginia, North America
us-east4-b Ashburn, Virginia, North America
us-east4-c Ashburn, Virginia, North America
us-west1-a The Dalles, Oregon, North America
us-west1-b The Dalles, Oregon, North America
us-west1-c The Dalles, Oregon, North America
us-west2-a Los Angeles, California, North America
us-west2-b Los Angeles, California, North America
us-west2-c Los Angeles, California, North America
us-west3-a
us-west3-b
us-west3-c Salt Lake City, Utah, North
us-west4-a Las Vegas, Nevada, North America
us-west4-b Las Vegas, Nevada, North America
us-west4-c Las Vegas, Nevada, North America

34
alpine/gcloudcli/ec2-matching.sh Normal file
View File

@ -0,0 +1,34 @@
#!/bin/bash
cat <<EOF > /tmp/ec2-raw.txt
m5.large 2 8
m5.xlarge 4 16
m5.2xlarge 8 32
m5.4xlarge 16 64
m5.8xlarge 32 128
c5.large 2 4
c5.xlarge 4 8
c5.2xlarge 8 16
c5.4xlarge 16 32
c5.9xlarge 36 72
c5.12xlarge 48 96
r5.large 2 16
r5.xlarge 4 32
r5.2xlarge 8 64
r5.4xlarge 16 128
r5.8xlarge 32 256
EOF
if [ ! -f ec2-size-match.db ]; then
echo "create table instances(instance varchar(30), cpu int, ram int)" | sqlite3 ec2-size-match.db
cat /tmp/ec2-raw.txt | while read a b c; do
echo "insert into instances values(\"$a\", \"$b\", \"$c\");" | sqlite3 ec2-size-match.db
done
fi
RESULT=$(echo "select instance from instances where cpu = \"$1\" and ram = \"$2\";" | sqlite3 ec2-size-match.db)
if [ -z "$RESULT" ]; then
echo manual-match
else
echo $RESULT
fi

20
alpine/gcloudcli/get-instances.sh Normal file
View File

@ -0,0 +1,20 @@
#!/bin/bash
echo "id,name,size,disksize,os,cpu,ram,ec2"
gcloud compute instances list --filter="status=running" --format=json | jq -cr '.[] | [.id, .name, (.machineType | split("/")[10]), (.disks[] | .diskSizeGb), (.disks[] | .licenses[0] | split("/")[9]),(.zone | split("/")[8])] | @csv' > /tmp/instances.csv
cat /tmp/instances.csv | while read l; do
echo -n $l,
INSTSIZE=$(echo $l | awk -F, '{print $3}' | tr -d \")
gcloud compute machine-types describe $INSTSIZE --zone asia-northeast1-c --format json | jq -cr '[.guestCpus,.memoryMb] | @csv'
done > /tmp/instances2.csv
cat /tmp/instances2.csv | while read l; do
echo -n $l,
CPU=$(echo $l | awk -F, '{print $(NF-1)}')
RAM1=$(echo $l | awk -F, '{print $NF}')
RAM2=$(echo $RAM1/1024 | bc)
/root/ec2-matching.sh $CPU $RAM2
done

7
alpine/haproxy/Dockerfile Normal file
View File

@ -0,0 +1,7 @@
FROM alpine:latest
ENV container docker
RUN apk update; apk upgrade; apk add haproxy tzdata
COPY haproxy.cfg /etc/haproxy/haproxy.cfg
RUN ln -s /usr/share/zoneinfo/Asia/Hong_Kong /etc/localtime
EXPOSE 41080
CMD [ "/usr/sbin/haproxy", "-f", "/etc/haproxy/haproxy.cfg", "-db" ]

3
alpine/haproxy/README.md Normal file
View File

@ -0,0 +1,3 @@
Access stats:
http://192.168.86.208:44644/stats

2
alpine/haproxy/build.sh Executable file
View File

@ -0,0 +1,2 @@
export DOCKER_BUILDKIT=1
docker build --network host -t alpine/haproxy .

31
alpine/haproxy/haproxy.cfg Normal file
View File

@ -0,0 +1,31 @@
global
log 192.168.86.10 local0 notice
chroot /var/lib/haproxy
pidfile /var/run/haproxy.pid
maxconn 600
user haproxy
group haproxy
daemon
defaults
log global
mode tcp
timeout client 10s
timeout connect 5s
timeout server 10s
frontend stats
mode http
bind *:44644
stats enable
stats uri /stats
stats refresh 10s
stats auth admin:qwerty-asdf-1234
frontend socks-front
bind *:41080
default_backend socks-back
backend socks-back
server appgate 192.168.86.22:9080 check
server ism 192.168.86.18:11080 check backup

4
alpine/haproxy/restart-haproxy.sh Executable file
View File

@ -0,0 +1,4 @@
docker stop haproxy
docker rm haproxy
sleep 5
/my/container-config/alpine/haproxy/start-haproxy.sh

3
alpine/haproxy/start-haproxy.sh Executable file
View File

@ -0,0 +1,3 @@
# haproxy socks container
docker run --name haproxy \
--net macvlan --ip 192.168.86.208 -d --restart=always alpine/haproxy

10
alpine/iamctl/Dockerfile Normal file
View File

@ -0,0 +1,10 @@
FROM alpine:3.16
LABEL description="iamctl on alpine"
ENV container docker
RUN apk add bash git py3-pip vim aws-cli aws-cli-doc jq
RUN git clone https://github.com/aws-samples/aws-iamctl.git /tmp/aws-iamctl
RUN cd /tmp/aws-iamctl; python3 setup.py install
COPY equivalency_list.json /tmp/aws-iamctl/
COPY iam.json /tmp/aws-iamctl/
ENV PS1 "[iamctl] \w $ "
ENTRYPOINT ["/bin/bash"]

1
alpine/iamctl/equivalency_list.json Normal file
View File

@ -0,0 +1 @@
{"accountid": ["123456789012", "234567890123"], "accountprefix1": ["apples-production", "oranges-production", "apples-development", "oranges-development"]}

1
alpine/iamctl/iam.json Normal file
View File

File diff suppressed because one or more lines are too long

18
alpine/jenkins/Dockerfile Normal file
View File

@ -0,0 +1,18 @@
FROM alpine:latest
LABEL description="Jenkins"
LABEL maintainer="racken@one27.cf"
LABEL notes="Get initial admin password by docker exec -it <container-id> and cat /root/.jenkins/secrets/initialAdminPassword"
LABEL java-version="openjdk11"
LABEL jenkins-version="2.222.3"
LABEL exposed-port="8080"
LABEL jenkins-path="/jenkins"
ENV container docker
RUN apk add openjdk11 wget openjdk11-jre-headless ttf-dejavu; mkdir /opt/tomcat
WORKDIR /opt/tomcat
RUN wget -q -O- http://ftp.cuhk.edu.hk/pub/packages/apache.org/tomcat/tomcat-9/v9.0.34/bin/apache-tomcat-9.0.34.tar.gz | tar zxf - --strip-components=1
RUN rm -rf /opt/tomcat/webapps/ROOT
RUN wget -q -O /opt/tomcat/webapps/jenkins.war http://mirrors.jenkins.io/war-stable/latest/jenkins.war
ENV JAVA_HOME="/usr"
ENV JAVA_OPTS="-Djava.awt.headless=true -Xmx2g -Dhudson.DNSMultiCast.disabled=true -Duser.timezone=Asia/Hong_Kong"
EXPOSE 8080
CMD ["/opt/tomcat/bin/catalina.sh", "run"]

3
alpine/jenkins/start.sh Executable file
View File

@ -0,0 +1,3 @@
docker run --name jenkins --cpus 2 \
--net macvlan --ip 192.168.86.211 -d --restart=always alpine-jenkins

8
alpine/nginx-with-volume/Dockerfile Normal file
View File

@ -0,0 +1,8 @@
FROM alpine:latest
ENV container docker
VOLUME /var/www
RUN apk update; apk upgrade; apk add nginx nginx-mod-http-dav-ext
RUN mkdir -p /run/nginx
COPY index.html /var/www/index.html
EXPOSE 80
CMD [ "/usr/sbin/nginx", "-c", "/etc/nginx/nginx.conf" ]

6
alpine/nginx-with-volume/README.md Normal file
View File

@ -0,0 +1,6 @@
# Revision notes
20191206: since 1.17.6, /var/www/nextcloud needs to be mounted. not sure why it worked before... also created xpknet and assigned static IP to containers. nginx is on 192.168.188.2 and fpm on 192.168.188.10
20191206: changed to macvlan. nginx is on 192.168.86.3 and fpm on 192.168.86.4
# General notes
dav is needed for enpass

2
alpine/nginx-with-volume/build.sh Executable file
View File

@ -0,0 +1,2 @@
export DOCKER_BUILDKIT=1
docker build --network host -t alpine/nginx-v .

5
alpine/nginx-with-volume/index.html Normal file
View File

@ -0,0 +1,5 @@
<p>
<br>
<center>
<a href=https://xpk.headdesk.me/mon>Go to observium</a>
</center>

254
alpine/nginx-with-volume/nginx.conf Normal file
View File

@ -0,0 +1,254 @@
user nginx;
worker_processes 2;
daemon off;
load_module "modules/ngx_http_dav_ext_module.so";
error_log /var/log/nginx/error-local.log warn;
pid /var/run/nginx.pid;
events {
worker_connections 2000;
}
http {
server_tokens off;
include /etc/nginx/mime.types;
default_type application/octet-stream;
sendfile on;
keepalive_timeout 65;
client_max_body_size 200M;
gzip on;
gzip_min_length 1100;
gzip_buffers 4 8k;
gzip_types text/plain;
# caching
proxy_cache_path /tmp/nginx-cache levels=1:2 keys_zone=zone1:10m max_size=1G;
proxy_temp_path /tmp/nginx-proxy 1 2;
proxy_cache_key "$scheme$request_method$host$request_uri";
proxy_ignore_headers Expires Cache-Control;
proxy_cache_use_stale error timeout invalid_header http_502;
proxy_cache_bypass $cookie_session;
proxy_no_cache $cookie_session;
proxy_headers_hash_max_size 1024;
proxy_headers_hash_bucket_size 128;
log_format cached '$remote_addr '
'"$request" $status $body_bytes_sent '
'"$http_referer" "$http_user_agent" $upstream_cache_status';
# Useragent ACL: works but ubuntu online accounts does not provide any useragent
#map $http_user_agent $useragent_acl {
# default deny;
# ~(Desktop|Chrome|Nextcloud-iOS|Nextcloud-android|mirall|Mozilla/5\.0|git|ansible-httpget|Go-http-client) allow;
#}
# _ _ _ _
# _ __ | |__ _ __ | |__ __ _ _ __ __| | | ___ _ __
# | '_ \| '_ \| '_ \ _____| '_ \ / _` | '_ \ / _` | |/ _ \ '__|
# | |_) | | | | |_) |_____| | | | (_| | | | | (_| | | __/ |
# | .__/|_| |_| .__/ |_| |_|\__,_|_| |_|\__,_|_|\___|_|
# |_| |_|
#
upstream php-handler {
server 192.168.86.210:9000;
#server unix:/var/run/php/php7.2-fpm.sock;
}
server {
listen 80 default_server;
# root /var/www/null;
root /var/www/letsencrypt;
# for letsencrypt / acme-tiny
location /.well-known {
try_files $uri $uri/ =404;
}
location /.well-known/acme-challenge/ {
alias /var/www/letsencrypt/;
}
location / {
return 301 https://$host$request_uri;
}
# Useragent ACL
# if ($useragent_acl = deny) {
# return 403;
# }
# letsencrypt validation
#location /.well-known/acme-challenge/ {
# alias /var/www/letsencrypt/;
#}
#if ($http_x_forwarded_proto != "https") {
# return 301 https://$host$request_uri;
# }
}
server {
listen 443 ssl http2 default_server;
root /var/www;
# still need TLS1.2 for Lixil Jenkins git pull
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ecdh_curve secp521r1:secp384r1:prime256v1;
ssl_ciphers TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-GCM-SHA256;
ssl_prefer_server_ciphers on;
ssl_session_timeout 10m;
ssl_session_cache shared:SSL:10m;
ssl_session_tickets off;
add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload";
add_header X-Frame-Options SAMEORIGIN;
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block";
add_header X-Robots-Tag "noindex, nofollow";
add_header X-Download-Options noopen;
add_header X-Permitted-Cross-Domain-Policies none;
add_header Referrer-Policy no-referrer;
ssl_certificate /home/ssl/xpk.headdesk.me.crt;
ssl_certificate_key /home/ssl/xpk.headdesk.me.key;
# filter out PROPFIND in access log
set $logme 1;
if ($request_method = PROPFIND) {
set $logme 0;
}
access_log /var/log/nginx/access.log cached if=$logme;
# Useragent ACL
# if ($useragent_acl = deny) {
# return 403;
#}
#location / {
# proxy_pass http://192.168.86.10:8080/;
# proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
# proxy_set_header X-Real-IP $remote_addr;
# proxy_set_header HTTP_X_FORWARDED_PROTO https;
# proxy_set_header Host $host;
# proxy_cache_bypass $http_pragma $http_authorization;
# }
# letsencrypt validation
location /.well-known/acme-challenge/ {
alias /var/www/letsencrypt/;
}
fastcgi_hide_header X-Powered-By;
location = /.well-known/carddav {
return 301 $scheme://$host:$server_port/nextcloud/remote.php/dav;
}
location = /.well-known/caldav {
return 301 $scheme://$host:$server_port/nextcloud/remote.php/dav;
}
location /nextcloud/ {
rewrite ^ /nextcloud/index.php;
}
location ~ ^\/nextcloud\/(?:build|tests|config|lib|3rdparty|templates|data)\/ {
deny all;
}
location ~ ^\/nextcloud\/(?:\.|autotest|occ|issue|indie|db_|console) {
deny all;
}
location ~ ^\/nextcloud\/(?:index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|oc[ms]-provider\/.+)\.php(?:$|\/) {
fastcgi_split_path_info ^(.+?\.php)(\/.*|)$;
set $path_info $fastcgi_path_info;
try_files $fastcgi_script_name =404;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $path_info;
fastcgi_param HTTPS on;
# Avoid sending the security headers twice
fastcgi_param modHeadersAvailable true;
# Enable pretty urls
fastcgi_param front_controller_active true;
fastcgi_pass php-handler;
fastcgi_intercept_errors on;
fastcgi_request_buffering off;
}
location ~ ^\/nextcloud\/(?:updater|oc[ms]-provider)(?:$|\/) {
try_files $uri/ =404;
index index.php;
}
location ~ ^\/nextcloud.*\.(?:css|js|woff2?|svg|gif|map)$ {
try_files $uri /nextcloud/index.php$request_uri;
add_header Cache-Control "public, max-age=15778463";
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block";
add_header X-Robots-Tag "noindex, nofollow";
add_header X-Download-Options noopen;
add_header X-Permitted-Cross-Domain-Policies none;
add_header Referrer-Policy no-referrer;
}
location ~ ^\/nextcloud.*\.(?:png|html|ttf|ico|jpg|jpeg|bcmap)$ {
try_files $uri /nextcloud/index.php$request_uri;
}
location /git/ {
proxy_pass http://192.168.86.53:3000/;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header HTTP_X_FORWARDED_PROTO https;
proxy_set_header Host $host;
proxy_http_version 1.1;
# caching: do not enable, causes cross account caching!
# proxy_cache zone1;
# proxy_cache_valid 200 302 5m;
# proxy_cache_valid any 10m;
}
location /pad/ {
proxy_pass http://192.168.86.51:9001/;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header HTTP_X_FORWARDED_PROTO https;
proxy_set_header Host $host;
proxy_http_version 1.1;
proxy_cookie_path / "/pad; HTTPOnly; Secure";
proxy_cookie_flags express secure httponly;
}
location /jenkins/ {
proxy_pass http://192.168.86.55:8080/jenkins/;
proxy_redirect default;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header HTTP_X_FORWARDED_PROTO https;
proxy_set_header Host $host;
proxy_http_version 1.1;
}
location /mon/ {
proxy_pass http://192.168.86.57/;
proxy_buffering off;
proxy_redirect default;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header HTTP_X_FORWARDED_PROTO https;
proxy_set_header Host $host;
proxy_http_version 1.1;
proxy_cookie_path / "/mon; HTTPOnly; Secure";
proxy_cookie_flags express secure httponly;
}
location /enpass/ {
root /var/www;
auth_basic enpass;
auth_basic_user_file /var/www/enpass/.htpass;
dav_methods PUT DELETE MKCOL COPY MOVE;
dav_ext_methods PROPFIND OPTIONS;
dav_access user:rw group:rw all:r;
create_full_put_path on;
autoindex on;
}
}
}

4
alpine/nginx-with-volume/restart-nginx.sh Executable file
View File

@ -0,0 +1,4 @@
docker stop nginx
docker rm nginx
sleep 5
/my/container-config/alpine/nginx/start-nginx.sh

14
alpine/nginx-with-volume/start-nginx.sh Executable file
View File

@ -0,0 +1,14 @@
# nginx container
docker run --name nginx -v /my/container-config/alpine/nginx/nginx.conf:/etc/nginx/nginx.conf:ro \
-m 2g -v /my/sites/ssl-cert:/home/ssl \
-v /var/www/nextcloud:/var/www/nextcloud:ro \
-v /var/www/enpass:/var/www/enpass:rw \
-v /var/www/letsencrypt:/var/www/letsencrypt:ro \
--net macvlan --ip 192.168.86.209 -d --restart=always alpine/nginx
# clearlinux/nginx
#docker run --name nginx -v /my/container-config/nginx/nginx.conf:/etc/nginx/nginx.conf:ro \
#-v /etc/letsencrypt:/etc/letsencrypt:ro -m 2g \
#-v /var/www/nextcloud:/var/www/nextcloud:ro \
#--net macvlan --ip 192.168.86.3 -d --restart=always clearlinux/nginx

7
alpine/nginx/Dockerfile Normal file
View File

@ -0,0 +1,7 @@
FROM alpine:latest
ENV container docker
RUN apk update; apk upgrade; apk add nginx nginx-mod-http-dav-ext
RUN mkdir -p /run/nginx
COPY index.html /var/www/index.html
EXPOSE 80
CMD [ "/usr/sbin/nginx", "-c", "/etc/nginx/nginx.conf" ]

6
alpine/nginx/README.md Normal file
View File

@ -0,0 +1,6 @@
# Revision notes
20191206: since 1.17.6, /var/www/nextcloud needs to be mounted. not sure why it worked before... also created xpknet and assigned static IP to containers. nginx is on 192.168.188.2 and fpm on 192.168.188.10
20191206: changed to macvlan. nginx is on 192.168.86.3 and fpm on 192.168.86.4
# General notes
dav is needed for enpass

2
alpine/nginx/build.sh Executable file
View File

@ -0,0 +1,2 @@
export DOCKER_BUILDKIT=1
docker build --network host -t alpine/nginx .

5
alpine/nginx/index.html Normal file
View File

@ -0,0 +1,5 @@
<p>
<br>
<center>
<a href=https://xpk.headdesk.me/mon>Go to observium</a>
</center>

301
alpine/nginx/nginx.conf Normal file
View File

@ -0,0 +1,301 @@
user nginx;
worker_processes 2;
daemon off;
load_module "modules/ngx_http_dav_ext_module.so";
error_log /var/log/nginx/error-local.log warn;
pid /var/run/nginx.pid;
events {
worker_connections 2000;
}
http {
server_tokens off;
include /etc/nginx/mime.types;
default_type application/octet-stream;
sendfile on;
keepalive_timeout 65;
client_max_body_size 200M;
gzip on;
gzip_min_length 1100;
gzip_buffers 4 8k;
gzip_types text/plain;
# caching
proxy_cache_path /tmp/nginx-cache levels=1:2 keys_zone=zone1:10m max_size=1G;
proxy_temp_path /tmp/nginx-proxy 1 2;
proxy_cache_key "$scheme$request_method$host$request_uri";
proxy_ignore_headers Expires Cache-Control;
proxy_cache_use_stale error timeout invalid_header http_502;
proxy_cache_bypass $cookie_session;
proxy_no_cache $cookie_session;
proxy_headers_hash_max_size 1024;
proxy_headers_hash_bucket_size 128;
log_format cached '$remote_addr '
'"$request" $status $body_bytes_sent '
'"$http_referer" "$http_user_agent" $upstream_cache_status';
# Useragent ACL
map $http_user_agent $blockagent {
default 0;
~*Bytespider 1;
~*Yandex 1;
~*DotBot 1;
~*Chrome/104.0.0.0 1;
~*l9explore 1;
~*ImagesiftBot 1;
}
# _ _ _ _
# _ __ | |__ _ __ | |__ __ _ _ __ __| | | ___ _ __
# | '_ \| '_ \| '_ \ _____| '_ \ / _` | '_ \ / _` | |/ _ \ '__|
# | |_) | | | | |_) |_____| | | | (_| | | | | (_| | | __/ |
# | .__/|_| |_| .__/ |_| |_|\__,_|_| |_|\__,_|_|\___|_|
# |_| |_|
#
upstream php-handler {
server 192.168.86.210:9000;
#server unix:/var/run/php/php7.2-fpm.sock;
}
server {
listen 80 default_server;
# root /var/www/null;
root /var/www/letsencrypt;
# for letsencrypt / acme-tiny
location /.well-known {
try_files $uri $uri/ =404;
}
location /.well-known/acme-challenge/ {
alias /var/www/letsencrypt/;
}
location / {
return 301 https://$host$request_uri;
}
# Useragent ACL
if ($blockagent) {return 403;}
# letsencrypt validation
#location /.well-known/acme-challenge/ {
# alias /var/www/letsencrypt/;
#}
#if ($http_x_forwarded_proto != "https") {
# return 301 https://$host$request_uri;
# }
}
server {
listen 443 ssl default_server;
http2 on;
root /var/www;
# still need TLS1.2 for Lixil Jenkins git pull
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ecdh_curve secp521r1:secp384r1:prime256v1;
ssl_ciphers TLS_CHACHA20_POLY1305_SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:AES256-GCM-SHA384;
ssl_prefer_server_ciphers on;
ssl_session_timeout 10m;
ssl_session_cache shared:SSL:10m;
ssl_session_tickets off;
add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload";
add_header X-Frame-Options SAMEORIGIN;
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block";
add_header X-Robots-Tag "noindex, nofollow";
add_header X-Download-Options noopen;
add_header X-Permitted-Cross-Domain-Policies none;
add_header Referrer-Policy no-referrer;
ssl_certificate /home/ssl/xpk.headdesk.me.crt;
ssl_certificate_key /home/ssl/xpk.headdesk.me.key;
# filter out PROPFIND in access log
set $logme 1;
if ($request_method = PROPFIND) {
set $logme 0;
}
#access_log /var/log/nginx/access.log cached if=$logme;
access_log syslog:server=192.168.86.10,nohostname cached if=$logme;
# Useragent ACL
# if ($useragent_acl = deny) {
# return 403;
#}
# try again
if ($blockagent) {return 403;}
#location / {
# proxy_pass http://192.168.86.10:8080/;
# proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
# proxy_set_header X-Real-IP $remote_addr;
# proxy_set_header HTTP_X_FORWARDED_PROTO https;
# proxy_set_header Host $host;
# proxy_cache_bypass $http_pragma $http_authorization;
# }
# letsencrypt validation
location /.well-known/acme-challenge/ {
alias /var/www/letsencrypt/;
}
fastcgi_hide_header X-Powered-By;
location = /.well-known/carddav {
return 301 $scheme://$host:$server_port/nextcloud/remote.php/dav;
}
location = /.well-known/caldav {
return 301 $scheme://$host:$server_port/nextcloud/remote.php/dav;
}
location /nextcloud/ {
rewrite ^ /nextcloud/index.php;
}
location ~ ^\/nextcloud\/(?:build|tests|config|lib|3rdparty|templates|data)\/ {
deny all;
}
location ~ ^\/nextcloud\/(?:\.|autotest|occ|issue|indie|db_|console) {
deny all;
}
location ~ ^\/nextcloud\/(?:index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|oc[ms]-provider\/.+)\.php(?:$|\/) {
fastcgi_split_path_info ^(.+?\.php)(\/.*|)$;
set $path_info $fastcgi_path_info;
try_files $fastcgi_script_name =404;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $path_info;
fastcgi_param HTTPS on;
# Avoid sending the security headers twice
fastcgi_param modHeadersAvailable true;
# Enable pretty urls
fastcgi_param front_controller_active true;
fastcgi_pass php-handler;
fastcgi_intercept_errors on;
fastcgi_request_buffering off;
}
location ~ ^\/nextcloud\/(?:updater|oc[ms]-provider)(?:$|\/) {
try_files $uri/ =404;
index index.php;
}
location ~ ^\/nextcloud.*\.(?:css|js|woff2?|svg|gif|map)$ {
try_files $uri /nextcloud/index.php$request_uri;
add_header Cache-Control "public, max-age=15778463";
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block";
add_header X-Robots-Tag "noindex, nofollow";
add_header X-Download-Options noopen;
add_header X-Permitted-Cross-Domain-Policies none;
add_header Referrer-Policy no-referrer;
}
location ~ ^\/nextcloud.*\.(?:png|html|ttf|ico|jpg|jpeg|bcmap)$ {
try_files $uri /nextcloud/index.php$request_uri;
}
location /git/ {
proxy_pass http://192.168.86.53:3000/;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header HTTP_X_FORWARDED_PROTO https;
proxy_set_header Host $host;
proxy_http_version 1.1;
# caching: do not enable, causes cross account caching!
# proxy_cache zone1;
# proxy_cache_valid 200 302 5m;
# proxy_cache_valid any 10m;
}
location /pad/ {
proxy_pass http://192.168.86.51:9001/;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header HTTP_X_FORWARDED_PROTO https;
proxy_set_header Host $host;
proxy_http_version 1.1;
proxy_cookie_path / "/pad; HTTPOnly; Secure";
proxy_cookie_flags express secure httponly;
}
location /jenkins/ {
proxy_pass http://192.168.86.55:8080/jenkins/;
proxy_redirect default;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header HTTP_X_FORWARDED_PROTO https;
proxy_set_header Host $host;
proxy_http_version 1.1;
}
location /mon/ {
proxy_pass http://192.168.86.57/;
proxy_buffering off;
proxy_redirect default;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header HTTP_X_FORWARDED_PROTO https;
proxy_set_header Host $host;
proxy_http_version 1.1;
proxy_cookie_path / "/mon; HTTPOnly; Secure";
proxy_cookie_flags express secure httponly;
}
location /enpass/ {
root /var/www;
auth_basic enpass;
auth_basic_user_file /var/www/enpass/.htpass;
dav_methods PUT DELETE MKCOL COPY MOVE;
dav_ext_methods PROPFIND OPTIONS;
dav_access user:rw group:rw all:r;
create_full_put_path on;
autoindex on;
}
}
server {
listen 443 ssl;
server_name mon.headdesk.me;
http2 on;
root /var/www;
ssl_protocols TLSv1.3;
ssl_ecdh_curve secp521r1:secp384r1:prime256v1;
ssl_ciphers TLS_CHACHA20_POLY1305_SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:AES256-GCM-SHA384;
ssl_prefer_server_ciphers on;
ssl_session_timeout 10m;
ssl_session_cache shared:SSL:10m;
ssl_session_tickets off;
add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload";
add_header X-Frame-Options SAMEORIGIN;
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block";
add_header X-Robots-Tag "noindex, nofollow";
add_header X-Download-Options noopen;
add_header X-Permitted-Cross-Domain-Policies none;
add_header Referrer-Policy no-referrer;
ssl_certificate /home/ssl/mon.headdesk.me.crt;
ssl_certificate_key /home/ssl/mon.headdesk.me.key;
location / {
proxy_pass http://192.168.86.57/;
proxy_buffering off;
proxy_redirect default;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header HTTP_X_FORWARDED_PROTO https;
proxy_set_header Host $host;
proxy_http_version 1.1;
#proxy_cookie_path / "/mon; HTTPOnly; Secure";
#proxy_cookie_flags express secure httponly;
}
}
}

4
alpine/nginx/restart-nginx.sh Executable file
View File

@ -0,0 +1,4 @@
docker stop nginx
docker rm nginx
sleep 5
/my/container-config/alpine/nginx/start-nginx.sh

14
alpine/nginx/start-nginx.sh Executable file
View File

@ -0,0 +1,14 @@
# nginx container
docker run --name nginx -v /my/container-config/alpine/nginx/nginx.conf:/etc/nginx/nginx.conf:ro \
-m 2g -v /my/sites/ssl-cert:/home/ssl \
-v /var/www/nextcloud:/var/www/nextcloud:ro \
-v /var/www/enpass:/var/www/enpass:rw \
-v /var/www/letsencrypt:/var/www/letsencrypt:ro \
--net macvlan --ip 192.168.86.209 -d --restart=always alpine/nginx
# clearlinux/nginx
#docker run --name nginx -v /my/container-config/nginx/nginx.conf:/etc/nginx/nginx.conf:ro \
#-v /etc/letsencrypt:/etc/letsencrypt:ro -m 2g \
#-v /var/www/nextcloud:/var/www/nextcloud:ro \
#--net macvlan --ip 192.168.86.3 -d --restart=always clearlinux/nginx

7
alpine/openstack-cli/Dockerfile Normal file
View File

@ -0,0 +1,7 @@
FROM alpine
LABEL description="Openstack cli on alpine"
LABEL maintainer="racken@one27.cf"
ENV container docker
RUN apk update; apk add py3-pip gcc python3-dev musl-dev linux-headers libffi-dev bash
RUN pip3 install python-openstackclient
ENTRYPOINT ["/bin/bash"]

5
alpine/ping/Dockerfile Normal file
View File

@ -0,0 +1,5 @@
FROM alpine:latest
LABEL description="ping test on alpine"
LABEL maintainer="racken@one27.cf"
ENV container docker
CMD ["ping", "-qi5", "210.0.248.38"]

13
alpine/pma/Dockerfile Normal file
View File

@ -0,0 +1,13 @@
FROM alpine:latest
LABEL description="phpmyadmin on alpine"
LABEL maintainer="racken@one27.cf"
ENV container docker
RUN apk update; apk add bash tini php81-pdo_mysql php81-fpm nginx php81-session supervisor unzip php81-iconv php81-mysqli php81-xml php81-mbstring
RUN mkdir -p /var/www/html /etc/supervisor.d
COPY nginx-default.conf /etc/nginx/http.d/default.conf
RUN wget -O /tmp/pma.zip https://files.phpmyadmin.net/phpMyAdmin/5.2.1/phpMyAdmin-5.2.1-all-languages.zip
RUN unzip -qd /var/www/html /tmp/pma.zip; mv /var/www/html/phpMyAdmin* /var/www/html/pma; rm -f /tmp/pma.zip
COPY config.inc.php /var/www/html/pma/config.inc.php
RUN mkdir -p /var/www/html/pma/tmp/; chmod 777 /var/www/html/pma/tmp/
COPY run.ini /etc/supervisor.d/run.ini
CMD ["/usr/bin/supervisord", "-n"]

36
alpine/pma/config.inc.php Normal file
View File

@ -0,0 +1,36 @@
<?php
/**
* phpMyAdmin sample configuration, you can use it as base for
* manual configuration. For easier setup you can use setup/
*
* All directives are explained in documentation in the doc/ folder
* or at <https://docs.phpmyadmin.net/>.
*/
declare(strict_types=1);
/**
* This is needed for cookie based authentication to encrypt password in
* cookie. Needs to be 32 chars long.
*/
$cfg['blowfish_secret'] = 'Z2RVfRex/rIuhv2AAJXQuzbllMs5PelMIWWMCO4Aoag=';
/**
* Servers configuration
*/
$i = 0;
/**
* First server
*/
$i++;
/* Authentication type */
$cfg['Servers'][$i]['auth_type'] = 'cookie';
/* Server parameters */
$cfg['Servers'][$i]['host'] = 'localhost';
$cfg['Servers'][$i]['compress'] = false;
$cfg['Servers'][$i]['AllowNoPassword'] = false;
$cfg['UploadDir'] = '';
$cfg['SaveDir'] = '';
$cfg['AllowArbitraryServer'] = true;

23
alpine/pma/nginx-default.conf Normal file
View File

@ -0,0 +1,23 @@
server {
listen 80 default_server;
listen [::]:80 default_server;
root /var/www/html;
# You may need this to prevent return 404 recursion.
location = /404.html {
internal;
}
location / {
index index.php index.html;
}
location ~ [^/]\.php(/|$) {
fastcgi_split_path_info ^(.+?\.php)(/.*)$;
fastcgi_param HTTP_PROXY "";
fastcgi_pass 127.0.0.1:9000;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_index index.php;
include fastcgi_params;
}
}

5
alpine/pma/refresh-service.sh Normal file
View File

@ -0,0 +1,5 @@
aws ecr get-login-password --region ap-southeast-1 | docker login --username AWS --password-stdin 728959568254.dkr.ecr.ap-southeast-1.amazonaws.com/
docker push 728959568254.dkr.ecr.ap-southeast-1.amazonaws.com/lixil-cms/phpmyadmin
aws ecs update-service --cluster dev-apse1-lixil-cms-ecs-cluster --service dev-lixil-pma-service --force-new-deployment
aws ecs update-service --cluster staging-apse1-lixil-cms-ecs-cluster --service staging-apse1-lixil-cms-pma-service --force-new-deployment
aws ecs update-service --cluster prod-apse1-lixil-cms-ecs-cluster --service prod-apse1-lixil-cms-pma-service --force-new-deployment

10
alpine/pma/run.ini Normal file
View File

@ -0,0 +1,10 @@
[program:nginx]
command=/usr/sbin/nginx -g 'daemon off;'
autostart=true
autorestart=true
[program:phpfpm]
command=/usr/sbin/php-fpm81 -F
autostart=true
autorestart=true

10
alpine/privoxy/Dockerfile Normal file
View File

@ -0,0 +1,10 @@
FROM alpine:latest
LABEL description="Privoxy web proxy"
LABEL maintainer="racken@one27.cf"
ENV container docker
RUN apk update; apk add tini privoxy
RUN cd /etc/privoxy; touch default.filter user.filter; mv match-all.action.new match-all.action; mv user.action.new user.action
COPY default.action /etc/privoxy/default.action
COPY config /etc/privoxy/config
ENTRYPOINT ["/sbin/tini", "--"]
CMD ["/usr/sbin/privoxy", "--no-daemon", "--user", "privoxy", "/etc/privoxy/config"]

33
alpine/privoxy/config Normal file
View File

@ -0,0 +1,33 @@
user-manual /usr/share/doc/privoxy/user-manual
confdir /etc/privoxy
#actionsfile match-all.action # Actions that are applied to all sites and maybe overruled later on.
#actionsfile default.action # Main actions file
#actionsfile user.action # User customizations
#filterfile default.filter
#filterfile user.filter # User customizations
listen-address :8086
toggle 0
enable-remote-toggle 0
enable-remote-http-toggle 0
enable-edit-actions 0
enforce-blocks 0
buffer-limit 4096
enable-proxy-authentication-forwarding 1
forwarded-connect-retries 0
accept-intercepted-requests 0
allow-cgi-request-crunching 0
split-large-forms 0
keep-alive-timeout 15
tolerate-pipelining 1
socket-timeout 300
permit-access 192.168.86.0/24
permit-access [fc00::0]/64
logdir /var/log/privoxy
logfile privoxy.log
#debug 1024
#log-messages 1
receive-buffer-size 32768
listen-backlog 512
max-client-connections 512
socket-timeout 180
tolerate-pipelining 1

2
alpine/privoxy/default.action Normal file
View File

@ -0,0 +1,2 @@
{-block}
.*

2
alpine/privoxy/restart.sh Executable file
View File

@ -0,0 +1,2 @@
docker rm -f privoxy
./start.sh

2
alpine/privoxy/start.sh Executable file
View File

@ -0,0 +1,2 @@
#!/bin/bash
docker run -d --name privoxy --network macvlan --cpus 2 --memory 1g --restart always --ip 192.168.86.18 alpine/privoxy

10
alpine/redis/Dockerfile Normal file
View File

@ -0,0 +1,10 @@
FROM alpine:latest
LABEL description="Redis for use with gitea"
LABEL maintainer="racken@one27.cf"
ENV container docker
RUN apk add bash tini redis
#RUN addgroup -g 3000 ctnuser && adduser -u 3000 -G ctnuser -D ctnuser
RUN sed -i -e 's/^bind.*/bind 0.0.0.0/g' -e 's/^protected-mode.*/protected-mode no/g' -e 's/^timeout.*/timeout 60/g' -e 's/^\(logfile.*\)/## \1/g' /etc/redis.conf
RUN chown -R redis:redis /var/log/redis
USER redis
ENTRYPOINT ["/sbin/tini", "--", "/usr/bin/redis-server", "/etc/redis.conf"]

2
alpine/redis/build.sh Executable file
View File

@ -0,0 +1,2 @@
export DOCKER_BUILDKIT=1
docker build --network host -t alpine/redis .

2
alpine/redis/restart.sh Executable file
View File

@ -0,0 +1,2 @@
docker rm -f redis
docker run -d --name redis --network macvlan --ip 192.168.86.212 --restart=always alpine/redis

7
alpine/squid/Dockerfile Normal file
View File

@ -0,0 +1,7 @@
FROM alpine:latest
LABEL description="squid on alpine"
LABEL maintainer="racken@one27.cf"
ENV container docker
RUN apk update; apk add squid bash tini
ENTRYPOINT ["/sbin/tini", "--"]
CMD ["/usr/sbin/squid", "-N"]

3
alpine/squid/start.sh Executable file
View File

@ -0,0 +1,3 @@
docker run --name squid --cpus 2 -m 800m \
--net macvlan --ip 192.168.86.88 -d --restart=always alpine-squid

9
alpine/terraform13/Dockerfile Normal file
View File

@ -0,0 +1,9 @@
FROM alpine:latest
LABEL description="Terraform1.3 on Alpine"
LABEL maintainer="xpk@headdesk.me"
ENV container docker
RUN apk update
RUN apk add wget curl git bash libarchive-tools aws-cli
RUN wget -qO - https://releases.hashicorp.com/terraform/1.3.9/terraform_1.3.9_linux_amd64.zip | bsdtar -xOf - > /usr/bin/terraform
RUN chmod 755 /usr/bin/terraform
CMD ["/bin/bash"]

3
alpine/terraform13/build.sh Executable file
View File

@ -0,0 +1,3 @@
#!/bin/bash
export DOCKER_BUILDKIT=1
docker buildx build --network host -t alpine/terraform13 .

10
alpine/tini-test/Dockerfile Normal file
View File

@ -0,0 +1,10 @@
FROM alpine:latest
LABEL description="tini test"
LABEL maintainer="racken@one27.cf"
ENV container docker
RUN apk add bash tini
#ENV TINI_VERSION v0.19.0
#ADD https://github.com/krallin/tini/releases/download/${TINI_VERSION}/tini /tini
#RUN chmod +x /tini
ENTRYPOINT ["/sbin/tini", "--"]
CMD ["/bin/bash"]

8
alpine/valkey/Dockerfile Normal file
View File

@ -0,0 +1,8 @@
FROM alpine:latest
LABEL description="Valkey server"
LABEL maintainer="racken@one27.cf"
ENV container docker
RUN apk add bash tini valkey valkey-cli
COPY valkey.conf /etc/valkey/valkey.conf
USER valkey
ENTRYPOINT ["/sbin/tini", "--", "/usr/bin/valkey-server", "/etc/valkey/valkey.conf"]

2
alpine/valkey/build.sh Executable file
View File

@ -0,0 +1,2 @@
export DOCKER_BUILDKIT=1
docker build --network host -t alpine/valkey .

3
alpine/valkey/restart.sh Executable file
View File

@ -0,0 +1,3 @@
docker rm -f valkey
#docker run -d --name valkey --network macvlan --ip 192.168.86.212 --restart=always alpine/valkey
docker run -d --name valkey --network macvlan --ip 192.168.86.212 --restart=always valkey/valkey

79
alpine/valkey/valkey.conf Normal file
View File

@ -0,0 +1,79 @@
#bind 127.0.0.1 -::1
protected-mode no
port 6379
tcp-backlog 511
unixsocket /run/valkey/valkey.sock
unixsocketperm 770
timeout 0
tcp-keepalive 300
loglevel notice
syslog-enabled yes
syslog-ident valkey
databases 16
always-show-logo no
set-proc-title yes
proc-title-template "{title} {listen-addr} {server-mode}"
locale-collate ""
stop-writes-on-bgsave-error yes
rdbcompression yes
rdbchecksum yes
dbfilename dump.rdb
rdb-del-sync-files no
dir /var/lib/valkey
replica-serve-stale-data yes
replica-read-only yes
repl-diskless-sync yes
repl-diskless-sync-delay 5
repl-diskless-sync-max-replicas 0
repl-diskless-load disabled
repl-disable-tcp-nodelay no
replica-priority 100
acllog-max-len 128
lazyfree-lazy-eviction no
lazyfree-lazy-expire no
lazyfree-lazy-server-del no
replica-lazy-flush no
lazyfree-lazy-user-del no
lazyfree-lazy-user-flush no
io-threads 4
oom-score-adj no
oom-score-adj-values 0 200 800
disable-thp yes
appendonly no
appendfilename "appendonly.aof"
appenddirname "appendonlydir"
appendfsync everysec
no-appendfsync-on-rewrite no
auto-aof-rewrite-percentage 100
auto-aof-rewrite-min-size 64mb
aof-load-truncated yes
aof-use-rdb-preamble yes
aof-timestamp-enabled no
slowlog-log-slower-than 10000
slowlog-max-len 128
latency-monitor-threshold 0
notify-keyspace-events ""
hash-max-listpack-entries 512
hash-max-listpack-value 64
list-max-listpack-size -2
list-compress-depth 0
set-max-intset-entries 512
set-max-listpack-entries 128
set-max-listpack-value 64
zset-max-listpack-entries 128
zset-max-listpack-value 64
hll-sparse-max-bytes 3000
stream-node-max-bytes 4096
stream-node-max-entries 100
activerehashing yes
client-output-buffer-limit normal 0 0 0
client-output-buffer-limit replica 256mb 64mb 60
client-output-buffer-limit pubsub 32mb 8mb 60
hz 10
dynamic-hz yes
aof-rewrite-incremental-fsync yes
rdb-save-incremental-fsync yes
jemalloc-bg-thread yes
include /etc/valkey/valkey.d/*.conf

15
centos6/dp-tools/Dockerfile Normal file
View File

@ -0,0 +1,15 @@
FROM centos:6
LABEL description="Legacy Datapipe tools for Linux team"
LABEL notes="These tools may be supported by Dan Drowns from LDP"
ENV container docker
RUN yum -y install epel-release
RUN rpm -ivh http://repo.openfusion.net/centos6-x86_64/openfusion-release-0.7-1.of.el6.noarch.rpm
RUN yum -y install wget perl perl-SOAP-Lite perl-PAR-Dist perl-parent perl-DBI perl-Frontier-RPC perl-Frontier-RPC-Client perl-Crypt-SSLeay expect perl-Expect perl-IO-Stty perl-TermReadKey perl-Mozilla-CA perl-Try-Tiny
RUN rpm -e httpd mod_perl --nodeps
RUN wget -q --no-check-certificate -O/dp-tools.tgz https://files.unix.cl.datapipe.net/index.php/s/jfTZMT6EZrAmHrb/download
WORKDIR /
RUN tar zxf dp-tools.tgz
COPY README /root/README
ENV PATH="$PATH:/dp/tools/maps-3.1.5/bin:/dp/tools/ssutils/bin:/dp/tools/serverlogin"
ENV PS1 "see /root/README $ "
ENTRYPOINT ["/bin/bash"]

8
centos6/dp-tools/README Normal file
View File

@ -0,0 +1,8 @@
# LDP tools
3 tools can be found under /dp/tools:
- maps: works with vDNS, use Rackspace RSA token
- serverlogin: works with vDNS, use Rackspace RSA token
- ssutils: cli tool for logging into LDP servers, talks to secretserver
# sources
https://github.datapipe.net/abob/ssutils

9
centos7/filegw/Dockerfile Normal file
View File

@ -0,0 +1,9 @@
FROM centos:7
LABEL description="Smb file File gateway"
ENV container docker
RUN rm -f /etc/yum.repos.d/*.repo
COPY centos-vault.repo /etc/yum.repos.d/centos-vault.repo
RUN yum -y install samba4 samba4-client
COPY smb.conf /etc/samba/smb.conf
COPY run.sh /run.sh
ENTRYPOINT ["/run.sh"]

36
centos7/filegw/centos-vault.repo Normal file
View File

@ -0,0 +1,36 @@
# C7.8.2003
[C7.8.2003-base]
name=CentOS-7.8.2003 - Base
baseurl=http://vault.centos.org/7.8.2003/os/$basearch/
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7
enabled=1
[C7.8.2003-updates]
name=CentOS-7.8.2003 - Updates
baseurl=http://vault.centos.org/7.8.2003/updates/$basearch/
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7
enabled=1
[C7.8.2003-extras]
name=CentOS-7.8.2003 - Extras
baseurl=http://vault.centos.org/7.8.2003/extras/$basearch/
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7
enabled=0
[C7.8.2003-centosplus]
name=CentOS-7.8.2003 - CentOSPlus
baseurl=http://vault.centos.org/7.8.2003/centosplus/$basearch/
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7
enabled=0
[C7.8.2003-fasttrack]
name=CentOS-7.8.2003 - Fasttrack
baseurl=http://vault.centos.org/7.8.2003/fasttrack/$basearch/
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7
enabled=0

6
centos7/filegw/run.sh Executable file
View File

@ -0,0 +1,6 @@
#!/bin/bash
/usr/sbin/smbd -FS --no-process-group &
/usr/sbin/nmbd -F &
wait
exit $?

30
centos7/filegw/smb.conf Normal file
View File

@ -0,0 +1,30 @@
[global]
map to guest = Bad Password
workgroup = ZOOLO
server string = File Gateway
netbios name = FILEGW
hosts allow = 127. 192.168.86.
security = user
passdb backend = tdbsam
load printers = no
printing = bsd
[music]
comment = Music
browseable = Yes
read only = Yes
path = /nas/music
public = Yes
writable = No
printable = No
guest ok = yes
guest only = yes
[movies]
comment = Movies
browseable = Yes
read only = Yes
path = /nas/movies
public = Yes
writable = No
printable = No
guest ok = yes
guest only = yes

1
centos7/filegw/start.sh Executable file
View File

@ -0,0 +1 @@
docker run -d --name filegw --network macvlan -v /nas/music:/nas/music:ro -v /nas/movies:/nas/movies:ro --restart always centos7/filegw

7
centos8/ebcli/Dockerfile Normal file
View File

@ -0,0 +1,7 @@
FROM centos:8
ENV container docker
RUN yum -y install gcc make git python3 zlib-devel openssl-devel ncurses-devel libffi-devel sqlite-devel readline-devel bzip2-devel
RUN git clone https://github.com/aws/aws-elastic-beanstalk-cli-setup.git
RUN ./aws-elastic-beanstalk-cli-setup/scripts/bundled_installer
ENV PATH="/root/.ebcli-virtual-env/executables:/root/.pyenv/versions/3.7.2/bin:$PATH"
CMD ["/bin/bash"]

Some files were not shown because too many files have changed in this diff Show More