init

2025-03-07 13:57:32 -05:00 · 2025-03-07 13:57:32 -05:00 · 78ccbb0a92
commit 78ccbb0a92
19 changed files with 463 additions and 0 deletions
--- a/.editorconfig
+++ b/.editorconfig
@ -0,0 +1,14 @@
 root = true
 [*]
 end_of_line = lf
 insert_final_newline = false
 [*.{js,ts}]
 indent_style = tab
 indent_size = 4
 [{*.{yml,mjs,json}}]
 indent_style = space
 indent_size = 2
--- a/.env
+++ b/.env
@ -0,0 +1 @@
 NPM_TOKEN=88097a2fbf83ef025397b96fba63e4c7b1dac6cc
--- a/.gitignore
+++ b/.gitignore
@ -0,0 +1,2 @@
 .env
--- a/README.md
+++ b/README.md
@ -0,0 +1,17 @@
 # Atlas
 This repository contains the deployment definitions for the full Pantheon suite of services.
 ## Setup
 Login to docker:
 ```bash
 docker login git.palko.ca
 ```
 Start docker compose:
 ```bash
 docker compose up -d
 ```
--- a/config/nginx/.gitignore
+++ b/config/nginx/.gitignore
@ -0,0 +1,4 @@
 keys
 log
 nginx/dhparams.pem
--- a/config/nginx/.migrations
+++ b/config/nginx/.migrations
@ -0,0 +1 @@
 01-nginx-site-confs-default
--- a/config/nginx/nginx/nginx.conf
+++ b/config/nginx/nginx/nginx.conf
@ -0,0 +1,95 @@
 ## Version 2024/12/17 - Changelog: https://github.com/linuxserver/docker-baseimage-alpine-nginx/commits/master/root/defaults/nginx/nginx.conf.sample
 ### Based on alpine defaults
 # https://git.alpinelinux.org/aports/tree/main/nginx/nginx.conf?h=3.21-stable
 user abc;
 # Set number of worker processes automatically based on number of CPU cores.
 include /config/nginx/worker_processes.conf;
 # Enables the use of JIT for regular expressions to speed-up their processing.
 pcre_jit on;
 # Configures default error logger.
 error_log /config/log/nginx/error.log;
 # Includes files with directives to load dynamic modules.
 include /etc/nginx/modules/*.conf;
 # Include files with config snippets into the root context.
 include /etc/nginx/conf.d/*.conf;
 events {
    # The maximum number of simultaneous connections that can be opened by
    # a worker process.
    worker_connections 1024;
 }
 http {
    # Includes mapping of file name extensions to MIME types of responses
    # and defines the default type.
    include /etc/nginx/mime.types;
    default_type application/octet-stream;
    # Name servers used to resolve names of upstream servers into addresses.
    # It's also needed when using tcpsocket and udpsocket in Lua modules.
    #resolver 1.1.1.1 1.0.0.1 2606:4700:4700::1111 2606:4700:4700::1001;
    include /config/nginx/resolver.conf;
    # Don't tell nginx version to the clients. Default is 'on'.
    server_tokens off;
    # Specifies the maximum accepted body size of a client request, as
    # indicated by the request header Content-Length. If the stated content
    # length is greater than this size, then the client receives the HTTP
    # error code 413. Set to 0 to disable. Default is '1m'.
    client_max_body_size 0;
    # Sendfile copies data between one FD and other from within the kernel,
    # which is more efficient than read() + write(). Default is off.
    sendfile on;
    # Causes nginx to attempt to send its HTTP response head in one packet,
    # instead of using partial frames. Default is 'off'.
    tcp_nopush on;
    # all ssl related config moved to ssl.conf
    # included in server blocks where listen 443 is defined
    # Enable gzipping of responses.
    #gzip on;
    # Set the Vary HTTP header as defined in the RFC 2616. Default is 'off'.
    gzip_vary on;
    # Helper variable for proxying websockets.
    map $http_upgrade $connection_upgrade {
        default upgrade;
        '' close;
    }
    # Enable http2 by default for all servers
    http2 on;
    # Sets the path, format, and configuration for a buffered log write.
    access_log /config/log/nginx/access.log;
    client_body_temp_path /tmp/nginx 1 2;
    proxy_temp_path /tmp/nginx-proxy;
    fastcgi_temp_path /tmp/nginx-fastcgi;
    uwsgi_temp_path /tmp/nginx-uwsgi;
    scgi_temp_path /tmp/nginx-scgi;
    proxy_cache_path /tmp/nginx-proxy-cache keys_zone=lsio-proxy:10m;
    fastcgi_cache_path /tmp/nginx-fcgi-cache keys_zone=lsio-fcgi:10m;
    scgi_cache_path /tmp/nginx-scgi-cache keys_zone=lsio-scgi:10m;
    uwsgi_cache_path /tmp/nginx-uwsgi-cache keys_zone=lsio-uwsgi:10m;
    # Includes virtual hosts configs.
    include /etc/nginx/http.d/*.conf;
    include /config/nginx/site-confs/*.conf;
 }
 daemon off;
 pid /run/nginx.pid;
--- a/config/nginx/nginx/nginx.conf.sample
+++ b/config/nginx/nginx/nginx.conf.sample
@ -0,0 +1,95 @@
 ## Version 2024/12/17 - Changelog: https://github.com/linuxserver/docker-baseimage-alpine-nginx/commits/master/root/defaults/nginx/nginx.conf.sample
 ### Based on alpine defaults
 # https://git.alpinelinux.org/aports/tree/main/nginx/nginx.conf?h=3.21-stable
 user abc;
 # Set number of worker processes automatically based on number of CPU cores.
 include /config/nginx/worker_processes.conf;
 # Enables the use of JIT for regular expressions to speed-up their processing.
 pcre_jit on;
 # Configures default error logger.
 error_log /config/log/nginx/error.log;
 # Includes files with directives to load dynamic modules.
 include /etc/nginx/modules/*.conf;
 # Include files with config snippets into the root context.
 include /etc/nginx/conf.d/*.conf;
 events {
    # The maximum number of simultaneous connections that can be opened by
    # a worker process.
    worker_connections 1024;
 }
 http {
    # Includes mapping of file name extensions to MIME types of responses
    # and defines the default type.
    include /etc/nginx/mime.types;
    default_type application/octet-stream;
    # Name servers used to resolve names of upstream servers into addresses.
    # It's also needed when using tcpsocket and udpsocket in Lua modules.
    #resolver 1.1.1.1 1.0.0.1 2606:4700:4700::1111 2606:4700:4700::1001;
    include /config/nginx/resolver.conf;
    # Don't tell nginx version to the clients. Default is 'on'.
    server_tokens off;
    # Specifies the maximum accepted body size of a client request, as
    # indicated by the request header Content-Length. If the stated content
    # length is greater than this size, then the client receives the HTTP
    # error code 413. Set to 0 to disable. Default is '1m'.
    client_max_body_size 0;
    # Sendfile copies data between one FD and other from within the kernel,
    # which is more efficient than read() + write(). Default is off.
    sendfile on;
    # Causes nginx to attempt to send its HTTP response head in one packet,
    # instead of using partial frames. Default is 'off'.
    tcp_nopush on;
    # all ssl related config moved to ssl.conf
    # included in server blocks where listen 443 is defined
    # Enable gzipping of responses.
    #gzip on;
    # Set the Vary HTTP header as defined in the RFC 2616. Default is 'off'.
    gzip_vary on;
    # Helper variable for proxying websockets.
    map $http_upgrade $connection_upgrade {
        default upgrade;
        '' close;
    }
    # Enable http2 by default for all servers
    http2 on;
    # Sets the path, format, and configuration for a buffered log write.
    access_log /config/log/nginx/access.log;
    client_body_temp_path /tmp/nginx 1 2;
    proxy_temp_path /tmp/nginx-proxy;
    fastcgi_temp_path /tmp/nginx-fastcgi;
    uwsgi_temp_path /tmp/nginx-uwsgi;
    scgi_temp_path /tmp/nginx-scgi;
    proxy_cache_path /tmp/nginx-proxy-cache keys_zone=lsio-proxy:10m;
    fastcgi_cache_path /tmp/nginx-fcgi-cache keys_zone=lsio-fcgi:10m;
    scgi_cache_path /tmp/nginx-scgi-cache keys_zone=lsio-scgi:10m;
    uwsgi_cache_path /tmp/nginx-uwsgi-cache keys_zone=lsio-uwsgi:10m;
    # Includes virtual hosts configs.
    include /etc/nginx/http.d/*.conf;
    include /config/nginx/site-confs/*.conf;
 }
 daemon off;
 pid /run/nginx.pid;
--- a/config/nginx/nginx/proxy-confs/theia-storybook.conf
+++ b/config/nginx/nginx/proxy-confs/theia-storybook.conf
@ -0,0 +1,20 @@
 server {
    listen 80;
    listen [::]:80;
    server_name theia.*;
    include /config/nginx/ssl.conf;
    client_max_body_size 0;
    location / {
        include /config/nginx/proxy.conf;
        include /config/nginx/resolver.conf;
        set $upstream_app theia-storybook;
        set $upstream_port 80;
        set $upstream_proto http;
        proxy_pass $upstream_proto://$upstream_app:$upstream_port;
    }
 }
--- a/config/nginx/nginx/resolver.conf
+++ b/config/nginx/nginx/resolver.conf
@ -0,0 +1,3 @@
 # This file is auto-generated only on first start, based on the container's /etc/resolv.conf file. Feel free to modify it as you wish.
 resolver  127.0.0.11 valid=30s;
--- a/config/nginx/nginx/site-confs/default.conf
+++ b/config/nginx/nginx/site-confs/default.conf
@ -0,0 +1,44 @@
 ## Version 2024/07/16 - Changelog: https://github.com/linuxserver/docker-baseimage-alpine-nginx/commits/master/root/defaults/nginx/site-confs/default.conf.sample
 server {
    listen 80 default_server;
    listen [::]:80 default_server;
    listen 443 ssl default_server;
    listen [::]:443 ssl default_server;
    server_name pantheon.ca;
    include /config/nginx/ssl.conf;
    set $root /app/www/public;
    if (!-d /app/www/public) {
        set $root /config/www;
    }
    root $root;
    index index.html index.htm index.php;
    location / {
        # enable for basic auth
        #auth_basic "Restricted";
        #auth_basic_user_file /config/nginx/.htpasswd;
        try_files $uri $uri/ /index.html /index.htm /index.php$is_args$args;
    }
    location ~ ^(.+\.php)(.*)$ {
        # enable the next two lines for http auth
        #auth_basic "Restricted";
        #auth_basic_user_file /config/nginx/.htpasswd;
        fastcgi_split_path_info ^(.+\.php)(.*)$;
        if (!-f $document_root$fastcgi_script_name) { return 404; }
        fastcgi_pass 127.0.0.1:9000;
        fastcgi_index index.php;
        include /etc/nginx/fastcgi_params;
    }
    # deny access to .htaccess/.htpasswd files
    location ~ /\.ht {
        deny all;
    }
 }
--- a/config/nginx/nginx/site-confs/default.conf.sample
+++ b/config/nginx/nginx/site-confs/default.conf.sample
@ -0,0 +1,44 @@
 ## Version 2024/07/16 - Changelog: https://github.com/linuxserver/docker-baseimage-alpine-nginx/commits/master/root/defaults/nginx/site-confs/default.conf.sample
 server {
    listen 80 default_server;
    listen [::]:80 default_server;
    listen 443 ssl default_server;
    listen [::]:443 ssl default_server;
    server_name _;
    include /config/nginx/ssl.conf;
    set $root /app/www/public;
    if (!-d /app/www/public) {
        set $root /config/www;
    }
    root $root;
    index index.html index.htm index.php;
    location / {
        # enable for basic auth
        #auth_basic "Restricted";
        #auth_basic_user_file /config/nginx/.htpasswd;
        try_files $uri $uri/ /index.html /index.htm /index.php$is_args$args;
    }
    location ~ ^(.+\.php)(.*)$ {
        # enable the next two lines for http auth
        #auth_basic "Restricted";
        #auth_basic_user_file /config/nginx/.htpasswd;
        fastcgi_split_path_info ^(.+\.php)(.*)$;
        if (!-f $document_root$fastcgi_script_name) { return 404; }
        fastcgi_pass 127.0.0.1:9000;
        fastcgi_index index.php;
        include /etc/nginx/fastcgi_params;
    }
    # deny access to .htaccess/.htpasswd files
    location ~ /\.ht {
        deny all;
    }
 }
--- a/config/nginx/nginx/ssl.conf
+++ b/config/nginx/nginx/ssl.conf
@ -0,0 +1,32 @@
 ## Version 2024/12/06 - Changelog: https://github.com/linuxserver/docker-baseimage-alpine-nginx/commits/master/root/defaults/nginx/ssl.conf.sample
 ### Mozilla Recommendations
 # generated 2024-12-06, Mozilla Guideline v5.7, nginx 1.26.2, OpenSSL 3.3.2, intermediate config, no OCSP
 # https://ssl-config.mozilla.org/#server=nginx&version=1.26.2&config=intermediate&openssl=3.3.2&ocsp=false&guideline=5.7
 ssl_certificate /config/keys/cert.crt;
 ssl_certificate_key /config/keys/cert.key;
 ssl_session_timeout 1d;
 ssl_session_cache shared:MozSSL:10m; # about 40000 sessions
 ssl_session_tickets off;
 # curl https://ssl-config.mozilla.org/ffdhe2048.txt > /path/to/dhparam
 ssl_dhparam /config/nginx/dhparams.pem;
 # intermediate configuration
 ssl_protocols TLSv1.2 TLSv1.3;
 ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305;
 ssl_prefer_server_ciphers off;
 # HSTS (ngx_http_headers_module is required) (63072000 seconds)
 #add_header Strict-Transport-Security "max-age=63072000" always;
 # Optional additional headers
 #add_header Cache-Control "no-transform" always;
 #add_header Content-Security-Policy "upgrade-insecure-requests; frame-ancestors 'self'" always;
 #add_header Permissions-Policy "interest-cohort=()" always;
 #add_header Referrer-Policy "same-origin" always;
 #add_header X-Content-Type-Options "nosniff" always;
 #add_header X-Frame-Options "SAMEORIGIN" always;
 #add_header X-UA-Compatible "IE=Edge" always;
 #add_header X-XSS-Protection "1; mode=block" always;
--- a/config/nginx/nginx/ssl.conf.sample
+++ b/config/nginx/nginx/ssl.conf.sample
@ -0,0 +1,32 @@
 ## Version 2024/12/06 - Changelog: https://github.com/linuxserver/docker-baseimage-alpine-nginx/commits/master/root/defaults/nginx/ssl.conf.sample
 ### Mozilla Recommendations
 # generated 2024-12-06, Mozilla Guideline v5.7, nginx 1.26.2, OpenSSL 3.3.2, intermediate config, no OCSP
 # https://ssl-config.mozilla.org/#server=nginx&version=1.26.2&config=intermediate&openssl=3.3.2&ocsp=false&guideline=5.7
 ssl_certificate /config/keys/cert.crt;
 ssl_certificate_key /config/keys/cert.key;
 ssl_session_timeout 1d;
 ssl_session_cache shared:MozSSL:10m; # about 40000 sessions
 ssl_session_tickets off;
 # curl https://ssl-config.mozilla.org/ffdhe2048.txt > /path/to/dhparam
 ssl_dhparam /config/nginx/dhparams.pem;
 # intermediate configuration
 ssl_protocols TLSv1.2 TLSv1.3;
 ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305;
 ssl_prefer_server_ciphers off;
 # HSTS (ngx_http_headers_module is required) (63072000 seconds)
 #add_header Strict-Transport-Security "max-age=63072000" always;
 # Optional additional headers
 #add_header Cache-Control "no-transform" always;
 #add_header Content-Security-Policy "upgrade-insecure-requests; frame-ancestors 'self'" always;
 #add_header Permissions-Policy "interest-cohort=()" always;
 #add_header Referrer-Policy "same-origin" always;
 #add_header X-Content-Type-Options "nosniff" always;
 #add_header X-Frame-Options "SAMEORIGIN" always;
 #add_header X-UA-Compatible "IE=Edge" always;
 #add_header X-XSS-Protection "1; mode=block" always;
--- a/config/nginx/nginx/worker_processes.conf
+++ b/config/nginx/nginx/worker_processes.conf
@ -0,0 +1,3 @@
 # This file is auto-generated only on first start, based on the cpu cores detected. Feel free to change it to any other number or to auto to let nginx handle it automatically.
 worker_processes 12;
--- a/config/nginx/php/php-local.ini
+++ b/config/nginx/php/php-local.ini
@ -0,0 +1,3 @@
 ; Edit this file to override php.ini directives
 date.timezone = UTC
--- a/config/nginx/php/www2.conf
+++ b/config/nginx/php/www2.conf
@ -0,0 +1,5 @@
 ; Edit this file to override www.conf and php-fpm.conf directives and restart the container
 ; Pool name
 [www]
--- a/config/nginx/www/index.html
+++ b/config/nginx/www/index.html
@ -0,0 +1,34 @@
    <html>
        <head>
            <title>Welcome to our server</title>
            <style>
            body{
                font-family: Helvetica, Arial, sans-serif;
            }
            .message{
                width:330px;
                padding:20px 40px;
                margin:0 auto;
                background-color:#f9f9f9;
                border:1px solid #ddd;
            }
            center{
                margin:40px 0;
            }
            h1{
                font-size: 18px;
                line-height: 26px;
            }
            p{
                font-size: 12px;
            }
            </style>
        </head>
        <body>
            <div class="message">
                <h1>Welcome to our server</h1>
                <p>The website is currently being setup under this address.</p>
                <p>For help and support, please contact: <a href="me@example.com">me@example.com</a></p>
            </div>
        </body>
    </html>
--- a/docker-compose.yml
+++ b/docker-compose.yml
@ -0,0 +1,14 @@
 name: Pantheon
 services:
  nginx:
    image: lscr.io/linuxserver/nginx:latest
    env_file: .env
    volumes:
      - ./config/nginx:/config
    ports:
      - 80:80
      - 443:443
    restart: unless-stopped
  theia-storybook:
    image: git.palko.ca/pantheon/theia-storybook:latest
		`@ -0,0 +1 @@`
							`NPM_TOKEN=88097a2fbf83ef025397b96fba63e4c7b1dac6cc`
		`@ -0,0 +1,3 @@`
							`# This file is auto-generated only on first start, based on the container's /etc/resolv.conf file. Feel free to modify it as you wish.`

							`resolver 127.0.0.11 valid=30s;`
		`@ -0,0 +1,3 @@`
							`# This file is auto-generated only on first start, based on the cpu cores detected. Feel free to change it to any other number or to auto to let nginx handle it automatically.`

							`worker_processes 12;`
		`@ -0,0 +1,3 @@`
							`; Edit this file to override php.ini directives`

							`date.timezone = UTC`