-
Notifications
You must be signed in to change notification settings - Fork 251
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Adds docker-compose configuration #843
Open
insuusvenerati
wants to merge
7
commits into
exodus4d:master
Choose a base branch
from
insuusvenerati:master
base: master
Could not load branches
Branch not found: {{ refName }}
Loading
Could not load tags
Nothing to show
Loading
Are you sure you want to change the base?
Some commits from the old base branch may be removed from the timeline,
and old review comments may become outdated.
Open
Changes from 1 commit
Commits
Show all changes
7 commits
Select commit
Hold shift + click to select a range
8852444
initial: add docker files for the stack
insuusvenerati f2d54f7
git: adds websocket as a submodule
insuusvenerati 55be48f
config(pathfinder): adds recommended redis cache
insuusvenerati e30a634
config(pathfinder): points the websocket host to the container
insuusvenerati abc5f56
docs: adds docker instructions to readme
insuusvenerati 066c3db
initial: adds initial docker-compose file
insuusvenerati b7fc6c1
git: update submodule for websocket
insuusvenerati File filter
Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,2 @@ | ||
CREATE DATABASE IF NOT EXISTS pathfinder CHARACTER SET utf8 COLLATE utf8_general_ci; | ||
CREATE DATABASE IF NOT EXISTS eve_universe CHARACTER SET utf8 COLLATE utf8_general_ci; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,15 @@ | ||
FROM nginx:1.17.2-alpine | ||
|
||
COPY --chown=nginx:nginx . /usr/share/nginx/html/ | ||
COPY ./.docker/nginx/nginx.conf /etc/nginx/nginx.conf | ||
COPY ./.docker/nginx/pathfinder-http.conf /etc/nginx/conf.d/default.conf | ||
COPY ./.docker/nginx/h5bp/ /etc/nginx/h5bp/ | ||
COPY ./.docker/nginx/mime.types /etc/nginx/mime.types | ||
|
||
RUN apk add --no-cache apache2-utils | ||
|
||
COPY ./.docker/nginx/entrypoint.sh /root/entrypoint.sh | ||
RUN chmod +x /root/entrypoint.sh | ||
RUN chmod 0766 /usr/share/nginx/html/logs | ||
|
||
ENTRYPOINT ["sh", "-c", "/root/entrypoint.sh"] | ||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,4 @@ | ||
#!/bin/ash | ||
|
||
htpasswd -B -b -c /etc/nginx/.setup_pass "$SETUP_USER" "$SETUP_PASS" && \ | ||
nginx |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,9 @@ | ||
# Nginx Server Configs | MIT License | ||
# https://github.com/h5bp/server-configs-nginx | ||
|
||
include h5bp/security/referrer-policy.conf; | ||
include h5bp/security/x-content-type-options.conf; | ||
include h5bp/security/x-frame-options.conf; | ||
include h5bp/security/x-xss-protection.conf; | ||
include h5bp/location/security_file_access.conf; | ||
include h5bp/cross-origin/requests.conf; |
Empty file.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,18 @@ | ||
# ---------------------------------------------------------------------- | ||
# | Cross-origin requests | | ||
# ---------------------------------------------------------------------- | ||
|
||
# Allow cross-origin requests. | ||
# | ||
# https://developer.mozilla.org/en-US/docs/Web/HTTP/Access_control_CORS | ||
# https://enable-cors.org/ | ||
# https://www.w3.org/TR/cors/ | ||
|
||
# (!) Do not use this without understanding the consequences. | ||
# This will permit access from any other website. | ||
# Instead of using this file, consider using a specific rule such as | ||
# allowing access based on (sub)domain: | ||
# | ||
# add_header Access-Control-Allow-Origin "subdomain.example.com"; | ||
|
||
add_header Access-Control-Allow-Origin $cors; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,15 @@ | ||
# ---------------------------------------------------------------------- | ||
# | Cross-origin resource timing | | ||
# ---------------------------------------------------------------------- | ||
|
||
# Allow cross-origin access to the timing information for all resources. | ||
# | ||
# If a resource isn't served with a `Timing-Allow-Origin` header that would | ||
# allow its timing information to be shared with the document, some of the | ||
# attributes of the `PerformanceResourceTiming` object will be set to zero. | ||
# | ||
# https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Timing-Allow-Origin | ||
# https://www.w3.org/TR/resource-timing/ | ||
# https://www.stevesouders.com/blog/2014/08/21/resource-timing-practical-tips/ | ||
|
||
add_header Timing-Allow-Origin "*"; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,9 @@ | ||
# ---------------------------------------------------------------------- | ||
# | Custom error messages/pages | | ||
# ---------------------------------------------------------------------- | ||
|
||
# Customize what Nginx returns to the client in case of an error. | ||
# | ||
# https://nginx.org/en/docs/http/ngx_http_core_module.html#error_page | ||
|
||
error_page 404 /404.html; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,19 @@ | ||
# ---------------------------------------------------------------------- | ||
# | Document modes | | ||
# ---------------------------------------------------------------------- | ||
|
||
# Force Internet Explorer 8/9/10 to render pages in the highest mode | ||
# available in the various cases when it may not. | ||
# | ||
# https://hsivonen.fi/doctype/#ie8 | ||
# | ||
# (!) Starting with Internet Explorer 11, document modes are deprecated. | ||
# If your business still relies on older web apps and services that were | ||
# designed for older versions of Internet Explorer, you might want to | ||
# consider enabling `Enterprise Mode` throughout your company. | ||
# | ||
# https://msdn.microsoft.com/en-us/library/ie/bg182625.aspx#docmode | ||
# https://blogs.msdn.microsoft.com/ie/2014/04/02/stay-up-to-date-with-enterprise-mode-for-internet-explorer-11/ | ||
# https://msdn.microsoft.com/en-us/library/ff955275.aspx | ||
|
||
add_header X-UA-Compatible $x_ua_compatible; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,41 @@ | ||
# ---------------------------------------------------------------------- | ||
# | File access | | ||
# ---------------------------------------------------------------------- | ||
|
||
# Block access to all hidden files and directories with the exception of the | ||
# visible content from within the `/.well-known/` hidden directory. | ||
# | ||
# These types of files usually contain user preferences or the preserved state | ||
# of a utility, and can include rather private places like, for example, the | ||
# `.git` or `.svn` directories. | ||
# | ||
# The `/.well-known/` directory represents the standard (RFC 5785) path prefix | ||
# for "well-known locations" (e.g.: `/.well-known/manifest.json`, | ||
# `/.well-known/keybase.txt`), and therefore, access to its visible content | ||
# should not be blocked. | ||
# | ||
# https://www.mnot.net/blog/2010/04/07/well-known | ||
# https://tools.ietf.org/html/rfc5785 | ||
|
||
location ~* /\.(?!well-known\/) { | ||
deny all; | ||
} | ||
|
||
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - | ||
|
||
# Block access to files that can expose sensitive information. | ||
# | ||
# By default, block access to backup and source files that may be left by some | ||
# text editors and can pose a security risk when anyone has access to them. | ||
# | ||
# https://feross.org/cmsploit/ | ||
# | ||
# (!) Update the `location` regular expression from below to include any files | ||
# that might end up on your production server and can expose sensitive | ||
# information about your website. These files may include: configuration | ||
# files, files that contain metadata about the project (e.g.: project | ||
# dependencies, build scripts, etc.). | ||
|
||
location ~* (?:#.*#|\.(?:bak|conf|dist|fla|in[ci]|log|orig|psd|sh|sql|sw[op])|~)$ { | ||
deny all; | ||
} |
14 changes: 14 additions & 0 deletions
14
.docker/nginx/h5bp/location/web_performance_filename-based_cache_busting.conf
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,14 @@ | ||
# ---------------------------------------------------------------------- | ||
# | Filename-based cache busting | | ||
# ---------------------------------------------------------------------- | ||
|
||
# If you're not using a build process to manage your filename version revving, | ||
# you might want to consider enabling the following directives. | ||
# | ||
# To understand why this is important and even a better solution than using | ||
# something like `*.css?v231`, please see: | ||
# https://www.stevesouders.com/blog/2008/08/23/revving-filenames-dont-use-querystring/ | ||
|
||
location ~* (.+)\.(?:\w+)\.(bmp|css|cur|gif|ico|jpe?g|m?js|png|svgz?|webp|webmanifest)$ { | ||
try_files $uri $1.$2; | ||
} |
14 changes: 14 additions & 0 deletions
14
.docker/nginx/h5bp/location/web_performance_svgz-compression.conf
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,14 @@ | ||
# ---------------------------------------------------------------------- | ||
# | SVGZ Compression | | ||
# ---------------------------------------------------------------------- | ||
|
||
# SVGZ files are already compressed. | ||
# Disable gzip function for `.svgz` files. | ||
|
||
location ~* \.svgz$ { | ||
gzip off; | ||
add_header Content-Encoding gzip; | ||
|
||
include h5bp/security/x-content-type-options.conf; | ||
include h5bp/cross-origin/requests.conf; | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,32 @@ | ||
# ---------------------------------------------------------------------- | ||
# | Character encodings | | ||
# ---------------------------------------------------------------------- | ||
|
||
# Serve all resources labeled as `text/html` or `text/plain` with the media type | ||
# `charset` parameter set to `UTF-8`. | ||
# | ||
# https://nginx.org/en/docs/http/ngx_http_charset_module.html#charset | ||
|
||
charset utf-8; | ||
|
||
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - | ||
|
||
# Update charset_types to match updated mime.types. | ||
# `text/html` is always included by charset module. | ||
# Default: text/html text/xml text/plain text/vnd.wap.wml application/javascript application/rss+xml | ||
# | ||
# https://nginx.org/en/docs/http/ngx_http_charset_module.html#charset_types | ||
|
||
charset_types | ||
text/css | ||
text/plain | ||
text/vnd.wap.wml | ||
text/javascript | ||
text/markdown | ||
text/calendar | ||
text/x-component | ||
text/vcard | ||
text/cache-manifest | ||
text/vtt | ||
application/json | ||
application/manifest+json; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,18 @@ | ||
# ---------------------------------------------------------------------- | ||
# | Media types | | ||
# ---------------------------------------------------------------------- | ||
|
||
# Serve resources with the proper media types (f.k.a. MIME types). | ||
# | ||
# https://www.iana.org/assignments/media-types/media-types.xhtml | ||
# https://nginx.org/en/docs/http/ngx_http_core_module.html#types | ||
|
||
include mime.types; | ||
|
||
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - | ||
|
||
# Default: text/plain | ||
# | ||
# https://nginx.org/en/docs/http/ngx_http_core_module.html#default_type | ||
|
||
default_type application/octet-stream; |
Empty file.
Empty file.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,27 @@ | ||
# ---------------------------------------------------------------------- | ||
# | Content Security Policy (CSP) | | ||
# ---------------------------------------------------------------------- | ||
|
||
# Mitigate the risk of cross-site scripting and other content-injection | ||
# attacks. | ||
# | ||
# This can be done by setting a `Content Security Policy` which whitelists | ||
# trusted sources of content for your website. | ||
# | ||
# There is no policy that fits all websites, you will have to modify the | ||
# `Content-Security-Policy` directives in the example depending on your needs. | ||
# | ||
# To make your CSP implementation easier, you can use an online CSP header | ||
# generator such as: | ||
# https://report-uri.com/home/generate/ | ||
# | ||
# It is encouraged that you validate your CSP header using a CSP validator | ||
# such as: | ||
# https://csp-evaluator.withgoogle.com | ||
# | ||
# https://csp.withgoogle.com/docs/ | ||
# https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy | ||
# https://www.html5rocks.com/en/tutorials/security/content-security-policy/ | ||
# https://www.w3.org/TR/CSP/ | ||
|
||
add_header Content-Security-Policy $content_security_policy always; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,18 @@ | ||
# ---------------------------------------------------------------------- | ||
# | Referrer Policy | | ||
# ---------------------------------------------------------------------- | ||
|
||
# A web application uses HTTPS and a URL-based session identifier. | ||
# The web application might wish to link to HTTPS resources on other web | ||
# sites without leaking the user's session identifier in the URL. | ||
# | ||
# This can be done by setting a `Referrer Policy` which whitelists trusted | ||
# sources of content for your website. | ||
# | ||
# To check your referrer policy, you can use an online service such as: | ||
# https://securityheaders.io/. | ||
# | ||
# https://scotthelme.co.uk/a-new-security-header-referrer-policy/ | ||
# https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Referrer-Policy | ||
|
||
add_header Referrer-Policy $referrer_policy always; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,9 @@ | ||
# ---------------------------------------------------------------------- | ||
# | Server software information | | ||
# ---------------------------------------------------------------------- | ||
|
||
# Prevent Nginx from sending its version number in the "Server" response header. | ||
# | ||
# https://nginx.org/en/docs/http/ngx_http_core_module.html#server_tokens | ||
|
||
server_tokens off; |
43 changes: 43 additions & 0 deletions
43
.docker/nginx/h5bp/security/strict-transport-security.conf
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,43 @@ | ||
# ---------------------------------------------------------------------- | ||
# | HTTP Strict Transport Security (HSTS) | | ||
# ---------------------------------------------------------------------- | ||
|
||
# Force client-side SSL redirection. | ||
# | ||
# If a user types `example.com` in their browser, even if the server redirects | ||
# them to the secure version of the website, that still leaves a window of | ||
# opportunity (the initial HTTP connection) for an attacker to downgrade or | ||
# redirect the request. | ||
# | ||
# The following header ensures that browser will ONLY connect to your server | ||
# via HTTPS, regardless of what the users type in the browser's address bar. | ||
# | ||
# (!) Be aware that this, once published, is not revokable and you must ensure | ||
# being able to serve the site via SSL for the duration you've specified | ||
# in max-age. When you don't have a valid SSL connection (anymore) your | ||
# visitors will see a nasty error message even when attempting to connect | ||
# via simple HTTP. | ||
# | ||
# (!) Remove the `includeSubDomains` optional directive if the website's | ||
# subdomains are not using HTTPS. | ||
# | ||
# (1) If you want to submit your site for HSTS preload (2) you must | ||
# * ensure the `includeSubDomains` directive to be present | ||
# * the `preload` directive to be specified | ||
# * the `max-age` to be at least 31536000 seconds (1 year) according to the | ||
# current status. | ||
# | ||
# It is also advised (3) to only serve the HSTS header via a secure | ||
# connection. | ||
# | ||
# (2) https://hstspreload.org/ | ||
# (3) https://tools.ietf.org/html/rfc6797#section-7.2 | ||
# | ||
# https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Strict-Transport-Security | ||
# https://tools.ietf.org/html/rfc6797#section-6.1 | ||
# https://www.html5rocks.com/en/tutorials/security/transport-layer-security/ | ||
# https://blogs.msdn.microsoft.com/ieinternals/2014/08/18/strict-transport-security/ | ||
|
||
add_header Strict-Transport-Security "max-age=16070400; includeSubDomains" always; | ||
# (1) or if HSTS preloading is desired (respect (2) for current requirements): | ||
# add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,16 @@ | ||
# ---------------------------------------------------------------------- | ||
# | Content Type Options | | ||
# ---------------------------------------------------------------------- | ||
|
||
# Prevent some browsers from MIME-sniffing the response. | ||
# | ||
# This reduces exposure to drive-by download attacks and cross-origin data | ||
# leaks, and should be left uncommented, especially if the server is serving | ||
# user-uploaded content or content that could potentially be treated as | ||
# executable by the browser. | ||
# | ||
# https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Content-Type-Options | ||
# https://blogs.msdn.microsoft.com/ie/2008/07/02/ie8-security-part-v-comprehensive-protection/ | ||
# https://mimesniff.spec.whatwg.org/ | ||
|
||
add_header X-Content-Type-Options nosniff always; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,35 @@ | ||
# ---------------------------------------------------------------------- | ||
# | Frame Options | | ||
# ---------------------------------------------------------------------- | ||
|
||
# Protect website against clickjacking. | ||
# | ||
# The example below sends the `X-Frame-Options` response header with the value | ||
# `DENY`, informing browsers not to display the content of the web page in any | ||
# frame. | ||
# | ||
# This might not be the best setting for everyone. You should read about the | ||
# other two possible values the `X-Frame-Options` header field can have: | ||
# `SAMEORIGIN` and `ALLOW-FROM`. | ||
# https://tools.ietf.org/html/rfc7034#section-2.1. | ||
# | ||
# Keep in mind that while you could send the `X-Frame-Options` header for all | ||
# of your website’s pages, this has the potential downside that it forbids even | ||
# non-malicious framing of your content (e.g.: when users visit your website | ||
# using a Google Image Search results page). | ||
# | ||
# Nonetheless, you should ensure that you send the `X-Frame-Options` header for | ||
# all pages that allow a user to make a state-changing operation (e.g: pages | ||
# that contain one-click purchase links, checkout or bank-transfer confirmation | ||
# pages, pages that make permanent configuration changes, etc.). | ||
# | ||
# Sending the `X-Frame-Options` header can also protect your website against | ||
# more than just clickjacking attacks. | ||
# https://cure53.de/xfo-clickjacking.pdf. | ||
# | ||
# https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options | ||
# https://tools.ietf.org/html/rfc7034 | ||
# https://blogs.msdn.microsoft.com/ieinternals/2010/03/30/combating-clickjacking-with-x-frame-options/ | ||
# https://www.owasp.org/index.php/Clickjacking | ||
|
||
add_header X-Frame-Options $x_frame_options always; |
Oops, something went wrong.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
container failed to start. sh: /root/entrypoint.sh: not found