UPD: Removed old AL2-based files

alpine/fpmredis/Dockerfile

@@ -1,10 +1,11 @@
 FROM alpine:latest
 ENV container docker
-RUN apk update; apk upgrade; apk add php82-gd php82-session php82-json php82-fpm php82-mysqlnd php82-mysqli php82-mbstring php82-xml php82-redis php82-curl php82-gmp bash php82-pdo_mysql php82-zip php82-dom php82-xmlwriter php82-xmlreader php82-ctype php82-simplexml php82-intl php82-iconv redis supervisor php82-opcache php82-posix php82-fileinfo php82-pecl-imagick php82-bcmath php82-pcntl php82-cli php82-sysvsem php82-exif php82-sodium php82-bz2
+RUN apk update; apk upgrade; apk add php83-gd php83-session php83-json php83-fpm php83-mysqlnd php83-mysqli php83-mbstring php83-xml php83-redis php83-curl php83-gmp bash php83-pdo_mysql php83-zip php83-dom php83-xmlwriter php83-xmlreader php83-ctype php83-simplexml php83-intl php83-iconv supervisor php83-opcache php83-posix php83-fileinfo php83-pecl-imagick php83-bcmath php83-pcntl php83-cli php83-sysvsem php83-exif php83-sodium php83-bz2
 COPY supervisord.conf /etc/supervisord.conf
-COPY fpm-www.conf /etc/php82/php-fpm.d/www.conf
+COPY fpm-www.conf /etc/php83/php-fpm.d/www.conf
 COPY nc-upgrade.sh /var/www/nc-upgrade.sh
-RUN sed -i -e 's/^disable_functions.*/disable_functions=exec,passthru,shell_exec,system,proc_open,popen,curl_exec,curl_multi_exec,eval,base64_decode/g' -e 's/^expose_php.*/expose_php=off/g' -e 's/^memory_limit.*/memory_limit=512M/g' -e 's/^session.save_handler.*/session.save_handler=redis/g'  /etc/php82/php.ini
+COPY php.ini /etc/php83/php.ini
-RUN echo 'session.save_path = "tcp://192.168.86.212:6379"' >> /etc/php82/php.ini
+# RUN sed -i -e 's/^disable_functions.*/disable_functions=exec,passthru,shell_exec,system,proc_open,popen,curl_exec,curl_multi_exec,eval,base64_decode/g' -e 's/^expose_php.*/expose_php=off/g' -e 's/^memory_limit.*/memory_limit=512M/g' -e 's/^session.save_handler.*/session.save_handler=redis/g'  /etc/php83/php.ini
+RUN echo 'session.save_path = "tcp://192.168.86.212:6379"' >> /etc/php83/php.ini
 EXPOSE 9000
 CMD ["/usr/bin/supervisord", "-n"]

alpine/fpmredis/fpm-www.conf

@@ -1,6 +1,6 @@
 [www]
-user = xfs
+user = nobody
-group = xfs
+group = nobody
 listen = 0.0.0.0:9000
 pm = dynamic
 pm.max_children = 50

alpine/fpmredis/supervisord.conf

@@ -14,10 +14,10 @@ supervisor.rpcinterface_factory = supervisor.rpcinterface:make_main_rpcinterface
 [supervisorctl]
 serverurl=unix:///run/supervisord.sock ; use a unix:// URL  for a unix socket
 
-[program:redis]
+#[program:redis]
-command=redis-server
+#command=redis-server
-stderr_logfile = /var/log/supervisord-redis.err
+#stderr_logfile = /var/log/supervisord-redis.err
-stdout_logfile = /var/log/supervisord-redis.log
+#stdout_logfile = /var/log/supervisord-redis.log
 
 [program:phpfpm]
 command=/usr/sbin/php-fpm82 -c /etc/php82/php-fpm.conf -F

alpine/nginx/nginx.conf

@@ -91,12 +91,13 @@ http {
   }
 
   server {
-		listen 443 ssl http2 default_server;
+		listen 443 ssl default_server;
+		http2 on;
 		root /var/www;
 		# still need TLS1.2 for Lixil Jenkins git pull
 		ssl_protocols TLSv1.2 TLSv1.3;
 		ssl_ecdh_curve secp521r1:secp384r1:prime256v1;
-		ssl_ciphers TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-GCM-SHA256;
+		ssl_ciphers TLS_CHACHA20_POLY1305_SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:AES256-GCM-SHA384;
 		ssl_prefer_server_ciphers on;
 		ssl_session_timeout  10m;
 		ssl_session_cache shared:SSL:10m;
@@ -251,4 +252,43 @@ http {
 			autoindex on;
 		}
   }
+
+  server {
+        listen 443 ssl;
+		server_name mon.headdesk.me;
+        http2 on;
+        root /var/www;
+        ssl_protocols TLSv1.3;
+        ssl_ecdh_curve secp521r1:secp384r1:prime256v1;
+        ssl_ciphers TLS_CHACHA20_POLY1305_SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:AES256-GCM-SHA384;
+        ssl_prefer_server_ciphers on;
+        ssl_session_timeout  10m;
+        ssl_session_cache shared:SSL:10m;
+        ssl_session_tickets off;
+        add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload";
+        add_header X-Frame-Options SAMEORIGIN;
+        add_header X-Content-Type-Options nosniff;
+        add_header X-XSS-Protection "1; mode=block";
+        add_header X-Robots-Tag "noindex, nofollow";
+        add_header X-Download-Options noopen;
+        add_header X-Permitted-Cross-Domain-Policies none;
+        add_header Referrer-Policy no-referrer;
+
+        ssl_certificate /home/ssl/mon.headdesk.me.crt;
+        ssl_certificate_key /home/ssl/mon.headdesk.me.key;
+		location / {
+		    proxy_pass http://192.168.86.57/;
+    		proxy_buffering off;
+    		proxy_redirect default;
+    		proxy_set_header X-Forwarded-For $remote_addr;
+    		proxy_set_header X-Real-IP $remote_addr;
+    		proxy_set_header HTTP_X_FORWARDED_PROTO https;
+    		proxy_set_header Host $host;
+    		proxy_http_version 1.1;
+            #proxy_cookie_path / "/mon; HTTPOnly; Secure";
+            #proxy_cookie_flags express secure httponly;
 		}
+	}
+}
+
+

alpine/valkey/Dockerfile

@@ -0,0 +1,8 @@
+FROM alpine:latest
+LABEL description="Valkey server"
+LABEL maintainer="racken@one27.cf"
+ENV container docker
+RUN apk add bash tini valkey valkey-cli
+COPY valkey.conf /etc/valkey/valkey.conf
+USER valkey
+ENTRYPOINT ["/sbin/tini", "--", "/usr/bin/valkey-server", "/etc/valkey/valkey.conf"]

alpine/valkey/build.sh

@@ -0,0 +1,2 @@
+export DOCKER_BUILDKIT=1
+docker build --network host -t alpine/valkey .

alpine/valkey/restart.sh

@@ -0,0 +1,3 @@
+docker rm -f valkey
+#docker run -d --name valkey --network macvlan --ip 192.168.86.212 --restart=always alpine/valkey
+docker run -d --name valkey --network macvlan --ip 192.168.86.212 --restart=always valkey/valkey

alpine/valkey/valkey.conf

@@ -0,0 +1,79 @@
+#bind 127.0.0.1 -::1
+protected-mode no
+port 6379
+tcp-backlog 511
+unixsocket /run/valkey/valkey.sock
+unixsocketperm 770
+timeout 0
+tcp-keepalive 300
+loglevel notice
+syslog-enabled yes
+syslog-ident valkey
+databases 16
+always-show-logo no
+set-proc-title yes
+proc-title-template "{title} {listen-addr} {server-mode}"
+locale-collate ""
+stop-writes-on-bgsave-error yes
+rdbcompression yes
+rdbchecksum yes
+dbfilename dump.rdb
+rdb-del-sync-files no
+dir /var/lib/valkey
+replica-serve-stale-data yes
+replica-read-only yes
+repl-diskless-sync yes
+repl-diskless-sync-delay 5
+repl-diskless-sync-max-replicas 0
+repl-diskless-load disabled
+repl-disable-tcp-nodelay no
+replica-priority 100
+acllog-max-len 128
+lazyfree-lazy-eviction no
+lazyfree-lazy-expire no
+lazyfree-lazy-server-del no
+replica-lazy-flush no
+lazyfree-lazy-user-del no
+lazyfree-lazy-user-flush no
+io-threads 4
+oom-score-adj no
+oom-score-adj-values 0 200 800
+disable-thp yes
+appendonly no
+appendfilename "appendonly.aof"
+appenddirname "appendonlydir"
+appendfsync everysec
+no-appendfsync-on-rewrite no
+auto-aof-rewrite-percentage 100
+auto-aof-rewrite-min-size 64mb
+aof-load-truncated yes
+aof-use-rdb-preamble yes
+aof-timestamp-enabled no
+ 
+slowlog-log-slower-than 10000
+slowlog-max-len 128
+latency-monitor-threshold 0
+notify-keyspace-events ""
+hash-max-listpack-entries 512
+hash-max-listpack-value 64
+list-max-listpack-size -2
+list-compress-depth 0
+set-max-intset-entries 512
+set-max-listpack-entries 128
+set-max-listpack-value 64
+zset-max-listpack-entries 128
+zset-max-listpack-value 64
+hll-sparse-max-bytes 3000
+stream-node-max-bytes 4096
+stream-node-max-entries 100
+activerehashing yes
+client-output-buffer-limit normal 0 0 0
+client-output-buffer-limit replica 256mb 64mb 60
+client-output-buffer-limit pubsub 32mb 8mb 60
+hz 10
+dynamic-hz yes
+aof-rewrite-incremental-fsync yes
+rdb-save-incremental-fsync yes
+jemalloc-bg-thread yes
+include /etc/valkey/valkey.d/*.conf
+

amazonlinux2/bea-deployer/Dockerfile

@@ -1,16 +0,0 @@
-FROM amazonlinux
-ENV container docker
-RUN yum -q -y install unzip git screen jq wget python3-pip groff
-RUN wget -q -O/tmp/awscli.zip "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip"
-RUN unzip -q /tmp/awscli.zip; ./aws/install
-RUN wget -q -O/tmp/terraform125.zip https://releases.hashicorp.com/terraform/1.2.5/terraform_1.2.5_linux_amd64.zip
-RUN unzip -qd /usr/local/bin /tmp/terraform125.zip
-RUN pip3 install --user git-remote-codecommit
-RUN mkdir -p /root/.terraform.d/plugin-cache
-RUN echo 'plugin_cache_dir   = "$HOME/.terraform.d/plugin-cache"' > ~/.terraformrc
-RUN mkdir /root/terraform-root
-RUN cd /root/terraform-root
-COPY provider.tf /root/terraform-root/provider.tf
-RUN cd /root/terraform-root; terraform init
-ENV PS1 "deployer❯ "
-CMD ["/usr/bin/bash"]

amazonlinux2/bea-deployer/provider.tf

@@ -1,17 +0,0 @@
-provider "aws" {
- region = var.aws-region
-}
-terraform {
- required_version = "~> 1.2.5"
- required_providers {
-   aws = {
-     source = "hashicorp/aws"
-     version = "~> 3.75.2"
-   }
-    random = {
-      source = "hashicorp/random"
-      version = "3.3.2"
-    }
- }
-}
-

amzn2-awscli2/Dockerfile

@@ -1,9 +0,0 @@
-FROM amazonlinux:2
-LABEL maintainer="racken@racker.tech"
-LABEL description="awscli 2.0.9 on amzn2"
-LABEL autobuild="jenkins @weekly"
-ENV container docker
-RUN /usr/bin/yum -y install unzip groff less jq
-RUN curl https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip -o /tmp/awscliv2.zip; cd /tmp; unzip -qq awscliv2.zip; ./aws/install
-ENV PS1 "awscli ❯ "
-ENTRYPOINT ["/bin/bash"]

amzn2-awscli2/README.md

@@ -1,4 +0,0 @@
-## awscli v2 based on amazonlinx2
-
-Image is pushed to: https://hub.racker.tech/repository/amzn2-awscli2
-

dragonfly/start.sh

@@ -0,0 +1,2 @@
+docker run --network macvlan --ulimit memlock=-1 -d --name dragonfly \
+--ip 192.168.86.212 --restart=always docker.dragonflydb.io/dragonflydb/dragonfly