From 351439bc9458a677af9f98527a7290dd35db35d4 Mon Sep 17 00:00:00 2001 From: Yubao Liu Date: Sun, 27 Nov 2022 00:45:28 +0800 Subject: [PATCH 1/3] import https://github.com/Dieken/foswiki-docker/commit/15a8a62e7fc82043400d400168f006ddf01033d5 --- docker/Dockerfile | 67 +++++++++++ docker/LICENCE | 21 ++++ docker/README.md | 44 +++++++ docker/foswiki.conf | 287 ++++++++++++++++++++++++++++++++++++++++++++ 4 files changed, 419 insertions(+) create mode 100644 docker/Dockerfile create mode 100644 docker/LICENCE create mode 100644 docker/README.md create mode 100644 docker/foswiki.conf diff --git a/docker/Dockerfile b/docker/Dockerfile new file mode 100644 index 000000000..642939f67 --- /dev/null +++ b/docker/Dockerfile @@ -0,0 +1,67 @@ +FROM debian:11 + +ARG url=https://github.com/foswiki/distro/releases/download/FoswikiRelease02x01x07/Foswiki-2.1.7.tgz +ARG sha512=7196ce5a586a3770e2d198a79d0856f34724893746a40500b7f72d3efc48dcbdfb0292a3583186cf4e5b217a70df3b5dd8af80aa3e5c34987ca202a62dada0bf +ARG root=/var/www/foswiki +ARG user=www-data +ARG group=www-data +ARG port=80 +ARG lang=C.UTF-8 +ARG tz=Asia/Shanghai +ARG mirror + +ENV LANG=$lang TZ=$tz + +RUN set -eux; \ + [ -z "$mirror" ] || sed -i -E "s|http(s?)://deb.debian.org|$mirror|" /etc/apt/sources.list; \ + apt update -y \ + && apt install -y curl diffutils grep less logrotate vim w3m \ + apache2 libapache2-mod-perl2 \ + libalgorithm-diff-perl \ + libapache2-request-perl \ + libarchive-zip-perl \ + libcgi-session-perl \ + libconvert-pem-perl \ + libcrypt-eksblowfish-perl \ + libcrypt-passwdmd5-perl \ + libcrypt-smime-perl \ + libcrypt-x509-perl \ + libdbd-mariadb-perl \ + libdbd-mysql-perl \ + libdbd-pg-perl \ + libdbd-sqlite3-perl \ + libemail-address-xs-perl \ + libemail-mime-perl \ + libemail-simple-perl \ + liberror-perl \ + libfcgi-procmanager-perl \ + libfile-copy-recursive-perl \ + libjson-perl \ + liblocale-codes-perl \ + liblocale-maketext-lexicon-perl \ + liblocale-msgfmt-perl \ + && apt install -y --no-install-recommends \ + libimage-magick-perl \ + && rm -rf /var/lib/apt/lists/* \ + && a2enmod access_compat perl rewrite \ + && a2dissite 000-default + +COPY foswiki.conf /etc/apache2/sites-enabled/ + +RUN set -eux; \ + mkdir -p $root \ + && cd $root \ + && curl -L -s -o foswiki.tgz "$url" \ + && echo "$sha512 foswiki.tgz" > foswiki.tgz.sha512 \ + && sha512sum -c --status foswiki.tgz.sha512 \ + && tar -xzvf foswiki.tgz --strip-components=1 \ + && rm foswiki.tgz foswiki.tgz.sha512 \ + && sh tools/fix_file_permissions.sh \ + && chown -R $user:$group $root \ + && echo "0,30 * * * * cd $root/bin && perl ../tools/tick_foswiki.pl" | crontab -u $user - + +VOLUME $root + +EXPOSE $port + +CMD ["/bin/sh", "-c", "service cron start && exec apache2ctl -DFOREGROUND -k start"] diff --git a/docker/LICENCE b/docker/LICENCE new file mode 100644 index 000000000..08a8d849a --- /dev/null +++ b/docker/LICENCE @@ -0,0 +1,21 @@ +MIT License + +Copyright (c) 2022 Yubao Liu + +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is +furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in all +copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +SOFTWARE. diff --git a/docker/README.md b/docker/README.md new file mode 100644 index 000000000..338f50ab4 --- /dev/null +++ b/docker/README.md @@ -0,0 +1,44 @@ +# Dockerfile for Foswiki + +Run pristine Foswiki in Debian container with Apache 2 and mod_perl. + +## Build + +```sh +docker build . -t foswiki --progress plain + +``` + +Notice this Dockerfile uses volume for `/var/www/foswiki`. + +## Run + +```sh +docker run -dt --init --name foswiki -p 8888:80 -e TZ=Asia/Shanghai foswiki +``` + +Access http://localhost:8888 to further configure Foswiki: + +1. http://localhost:8888/bin/configure Security and Authentication -> Registration: select `Enable User Registration` and click button `Save 1 change` on the top right corner +2. http://localhost:8888/System/UserRegistration Register your first user, such as WikiName `FirstAdmin` +3. http://localhost:8888/Main/WikiGroups Click `Add Members...` in the group `AdminGroup`, add newly registered user's WikiName +4. Run `docker restart foswiki` to restart the Docker container + +Although you can directly access Foswiki in the container, this container is expected to be behind a reverse proxy that terminates HTTPS connections and handles virtual site, you must replace the hostname above to `https://your-reverse-proxy?SSL=1`. + +## Install extension + +``` sh +su -s /bin/bash www-data +cd /var/www/foswiki +tools/extension_installer NatSkin -r install +``` + +Check https://foswiki.org/Extensions for more extensions. + +## Reference + +* https://github.com/timlegge/docker-foswiki +* https://foswiki.org/System/InstallationGuide +* https://foswiki.org/System/InstallationGuidePart2 + diff --git a/docker/foswiki.conf b/docker/foswiki.conf new file mode 100644 index 000000000..1e48c424c --- /dev/null +++ b/docker/foswiki.conf @@ -0,0 +1,287 @@ +# Autogenerated httpd.conf file for Foswiki. +# Generated at https://foswiki.org/Support/ApacheConfigGenerator?vhost=;port=;dir=/var/www/foswiki;symlink=;pathurl=/;shorterurls=enabled;engine=mod_perl;fastcgimodule=fcgid;fcgidreqlen=;apver=2;confighost=;configip=;configuser=;loginmanager=Template;htpath=;errordocument=UserRegistration;errorcustom=;disablephp=on;blockpubhtml=on;blocktrashpub=on;controlattach=;blockspiders=on;foswikiversion=2.x;apacheversion=2.4;timeout=;ssl=;sslcert=/etc/ssl/apache2/yourservercert.pem;sslchain=/etc/ssl/apache2/sub.class1.server.ca.pem;sslkey=/etc/ssl/apache2/yourservercertkey.pem + +# Configuration generated for Foswiki 2.x, Apache 2.4 + +Define foswikiroot "/var/www/foswiki" + +# The Alias defines a url that points to the root of the Foswiki installation. +# The first parameter will be part of the URL to your installation e.g. +# http://my.co.uk/foswiki/bin/view/... +# The second parameter must point to the physical path on your disc. + +Alias /bin "${foswikiroot}/bin" + +# The following Alias is used to access files in the pub directory (attachments etc) +# It must come _after_ the ScriptAlias. +# If short URLs are enabled, and any other local directories or files need to be accessed directly, they +# must also be specified in an Alias statement, and must not conflict with a web name. + +Alias /pub "${foswikiroot}/pub" +Alias /robots.txt "${foswikiroot}/robots.txt" +# Add aliases for any other files that must be read at the root level. eg. +# Alias /google[somehashkey].html "${foswikiroot}/google[somehashkey].html" + +# Rewriting is required for Short URLs, and Attachment redirecting to viewfile +RewriteEngine on +#LogLevel alert rewrite:trace3 + +# Shortest URLs block access to the Apache standard error documents. The following alias will +# restore access to these error messages. The actual location may vary by OS distribution. +# This may need to be tailored depending upon location of the Apache error documents. Below +# are examples for Linux, and FreeBSD +# Alias /error/ "/usr/share/apache2/error/" +# Alias /error/ "/usr/local/www/apache24/error/" + +# short urls +Alias / "${foswikiroot}/bin/view/" +RewriteRule ^/+bin/+view/+(.*) /$1 [L,NE,R] +RewriteRule ^/+bin/+view$ / [L,NE,R] + +# Block access to typical spam related attachments +# Except the Foswiki directory which is read only and does have attached html files. +SetEnvIf Request_URI "/pub/.*\.[hH][tT][mM][lL]?$" blockAccess +SetEnvIf Request_URI "/pub/System/.*\.[hH][tT][mM][lL]?$" !blockAccess + +# This enables access to the documents in the Foswiki root directory + + + + Require all granted + Require not env blockAccess + + + + +# mod_perl_startup.pl must exist, otherwise Apache will not start. +PerlRequire "${foswikiroot}/tools/mod_perl_startup.pl" + + +# This specifies the options on the Foswiki scripts directory. The ExecCGI +# and SetHandler tell apache that it contains scripts. "Allow from all" +# lets any IP address access this URL. +# Note: If you use SELinux, you also have to "Allow httpd cgi support" in your SELinux policies + + + AllowOverride None + + + Require all granted + Require not env blockAccess + + + Options +ExecCGI -FollowSymLinks + + SetHandler perl-script + PerlResponseHandler Foswiki::Engine::Apache + + + SetHandler cgi-script + + + # Password file for Foswiki users + AuthUserFile "${foswikiroot}/data/.htpasswd" + AuthName 'Enter your WikiName: (First name and last name, no space, no dots, capitalized, e.g. JohnSmith). Cancel to register if you do not have one.' + AuthType Basic + + # File to return on access control error (e.g. wrong password) + ErrorDocument 401 /System/UserRegistration + + + +# This sets the options on the pub directory, which contains attachments and +# other files like CSS stylesheets and icons. AllowOverride None stops a +# user installing a .htaccess file that overrides these options. +# Note that files in pub are *not* protected by Foswiki Access Controls, +# so if you want to control access to files attached to topics you need to +# block access to the specific directories same way as the ApacheConfigGenerator +# blocks access to the pub directory of the Trash web + + Options None + Options -FollowSymLinks + AllowOverride None + + + Require all granted + Require not env blockAccess + + ErrorDocument 404 /bin/viewfile + + # If you have PHP installed as Apache module, one of the below directives will ensure + # that it is disabled. The "ifmodule" statements should prevent this from causing + # errors if php is not installed. + + + php3_engine off + + + php_admin_flag engine off + + + php_admin_flag engine off + + + # This line will redefine the mime type for the most common types of scripts + AddType text/plain .shtml .php .php3 .phtml .phtm .pl .py .cgi + + # add an Expires header that is sufficiently in the future that the browser does not even ask if its uptodate + # reducing the load on the server significantly + # IF you can, you should enable this - it _will_ improve your Foswiki experience, even if you set it to under one day. + # you may need to enable expires_module in your main apache config + + # + # + # ExpiresActive on + # ExpiresDefault "access plus 11 days" + # + # + # + # Serve pre-compressed versions of .js and .css files, if they exist + # Some browsers do not handle this correctly, which is why it is disabled by default + # + # RewriteCond %{HTTP:Accept-encoding} gzip + # RewriteCond %{REQUEST_FILENAME}.gz -f + # RewriteRule ^(.*)$ %{REQUEST_URI}.gz [L,QSA] + # + # + # RewriteCond %{HTTP:Accept-encoding} gzip + # RewriteCond %{REQUEST_FILENAME}.gz -f + # RewriteRule ^([^?]*)\?(.*)$ $1.gz?$2 [L] + # + # + # AddEncoding x-gzip .gz + # AddType application/x-javascript .gz + # + # + # AddEncoding x-gzip .gz + # AddType text/css .gz + # + + + +# Spammers are known to attach their stuff and then move it to trash where it remains unnoticed. +# We prevent viewing any attachments directly from pub + + Require all denied + + +# Security note: All other directories should be set so +# that they are *not* visible as URLs, so we set them as =deny from all=. + + Require all denied + + + + Require all denied + + + + Require all denied + + + + Require all denied + + + + Require all denied + + + + Require all denied + + +# We set an environment variable called blockAccess. +# +# Setting a BrowserMatchNoCase to ^$ is important. It prevents Foswiki from +# including its own topics as URLs and also prevents other Foswikis from +# doing the same. This is important to prevent the most obvious +# Denial of Service attacks. +# +# You can expand this by adding more BrowserMatchNoCase statements to +# block evil browser agents trying to crawl your Foswiki +# +# Example: +# BrowserMatchNoCase ^SiteSucker blockAccess +# BrowserMatchNoCase ^$ blockAccess + +BrowserMatchNoCase ^Accoona blockAccess +BrowserMatchNoCase ^ActiveAgent blockAccess +BrowserMatchNoCase ^Attache blockAccess +BrowserMatchNoCase BecomeBot blockAccess +BrowserMatchNoCase ^bot blockAccess +BrowserMatchNoCase Charlotte/ blockAccess +BrowserMatchNoCase ^ConveraCrawler blockAccess +BrowserMatchNoCase ^CrownPeak-HttpAgent blockAccess +BrowserMatchNoCase ^EmailCollector blockAccess +BrowserMatchNoCase ^EmailSiphon blockAccess +BrowserMatchNoCase ^e-SocietyRobot blockAccess +BrowserMatchNoCase ^Exabot blockAccess +BrowserMatchNoCase ^FAST blockAccess +BrowserMatchNoCase ^FDM blockAccess +BrowserMatchNoCase ^GetRight/6.0a blockAccess +BrowserMatchNoCase ^GetWebPics blockAccess +BrowserMatchNoCase ^Gigabot blockAccess +BrowserMatchNoCase ^gonzo1 blockAccess +BrowserMatchNoCase ^Google\sSpider blockAccess +BrowserMatchNoCase ^ichiro blockAccess +BrowserMatchNoCase ^ie_crawler blockAccess +BrowserMatchNoCase ^iGetter blockAccess +BrowserMatchNoCase ^IRLbot blockAccess +BrowserMatchNoCase Jakarta blockAccess +BrowserMatchNoCase ^Java blockAccess +BrowserMatchNoCase ^KrakSpider blockAccess +BrowserMatchNoCase ^larbin blockAccess +BrowserMatchNoCase ^LeechGet blockAccess +BrowserMatchNoCase ^LinkWalker blockAccess +BrowserMatchNoCase ^Lsearch blockAccess +BrowserMatchNoCase ^Microsoft blockAccess +BrowserMatchNoCase MJ12bot blockAccess +BrowserMatchNoCase MSIECrawler blockAccess +BrowserMatchNoCase ^MSRBOT blockAccess +BrowserMatchNoCase ^noxtrumbot blockAccess +BrowserMatchNoCase ^NutchCVS blockAccess +BrowserMatchNoCase ^RealDownload blockAccess +BrowserMatchNoCase ^Rome blockAccess +BrowserMatchNoCase ^Roverbot blockAccess +BrowserMatchNoCase ^schibstedsokbot blockAccess +BrowserMatchNoCase SemrushBot blockAccess +BrowserMatchNoCase ^Seekbot blockAccess +BrowserMatchNoCase ^SiteSnagger blockAccess +BrowserMatchNoCase ^SiteSucker blockAccess +BrowserMatchNoCase ^Snapbot blockAccess +BrowserMatchNoCase ^sogou blockAccess +BrowserMatchNoCase ^SpiderKU blockAccess +BrowserMatchNoCase ^SpiderMan blockAccess +BrowserMatchNoCase ^Squid blockAccess +BrowserMatchNoCase ^Teleport blockAccess +BrowserMatchNoCase ^User-Agent\: blockAccess +BrowserMatchNoCase VoilaBot blockAccess +BrowserMatchNoCase ^voyager blockAccess +BrowserMatchNoCase ^w3search blockAccess +BrowserMatchNoCase ^Web\sDownloader blockAccess +BrowserMatchNoCase ^WebCopier blockAccess +BrowserMatchNoCase ^WebDevil blockAccess +BrowserMatchNoCase ^WebSec blockAccess +BrowserMatchNoCase ^WebVac blockAccess +BrowserMatchNoCase ^Webwhacker blockAccess +BrowserMatchNoCase ^Webzip blockAccess +BrowserMatchNoCase ^Wells blockAccess +BrowserMatchNoCase ^WhoWhere blockAccess +BrowserMatchNoCase www\.netforex\.org blockAccess +BrowserMatchNoCase ^WX_mail blockAccess +BrowserMatchNoCase ^yacybot blockAccess +BrowserMatchNoCase ^ZIBB blockAccess + +# Setting the NO_FOSWIKI_SESSION environment variable prevents a +# session being created for the Google Search Appliance bot. This +# is useful if you have the Google Search Appliance installed on +# your intranet, as they can be very aggressive when indexing, creating +# a lot of session files and slowing Foswiki down. +# You can also set this environment variable for public sites, to +# prevent Google and other search engines' bots. However, these tend +# to index your site a lot less often than the Google Search Appliance. +# *Works on Foswiki 1.1 and later only* +BrowserMatch "^gsa-crawler" NO_FOSWIKI_SESSION + +BrowserMatchNoCase ^$ blockAccess From 0d6f6eca8c2d1992b7b4aac92589b3958fc25e89 Mon Sep 17 00:00:00 2001 From: Yubao Liu Date: Tue, 29 Nov 2022 02:40:27 +0800 Subject: [PATCH 2/3] support Apache mod_fcgid/mod_proxy_fcgi and Nginx TODO: Actually mod_proxy_fcgi requires further manual configuration. Import from https://github.com/Dieken/foswiki-docker/commit/4fb9363eecfa1bfb3114522aca0a609cc5bf4232 --- docker/Dockerfile | 26 ++++-- docker/README.md | 28 ++++++- docker/{foswiki.conf => foswiki-apache.conf} | 26 +++++- docker/foswiki-nginx.conf | 87 ++++++++++++++++++++ docker/start.sh | 62 ++++++++++++++ 5 files changed, 216 insertions(+), 13 deletions(-) rename docker/{foswiki.conf => foswiki-apache.conf} (90%) create mode 100644 docker/foswiki-nginx.conf create mode 100755 docker/start.sh diff --git a/docker/Dockerfile b/docker/Dockerfile index 642939f67..539dc5f73 100644 --- a/docker/Dockerfile +++ b/docker/Dockerfile @@ -1,4 +1,5 @@ -FROM debian:11 +ARG base=debian:11 +FROM $base ARG url=https://github.com/foswiki/distro/releases/download/FoswikiRelease02x01x07/Foswiki-2.1.7.tgz ARG sha512=7196ce5a586a3770e2d198a79d0856f34724893746a40500b7f72d3efc48dcbdfb0292a3583186cf4e5b217a70df3b5dd8af80aa3e5c34987ca202a62dada0bf @@ -16,7 +17,7 @@ RUN set -eux; \ [ -z "$mirror" ] || sed -i -E "s|http(s?)://deb.debian.org|$mirror|" /etc/apt/sources.list; \ apt update -y \ && apt install -y curl diffutils grep less logrotate vim w3m \ - apache2 libapache2-mod-perl2 \ + apache2 libapache2-mod-fcgid libapache2-mod-perl2 nginx \ libalgorithm-diff-perl \ libapache2-request-perl \ libarchive-zip-perl \ @@ -36,6 +37,7 @@ RUN set -eux; \ liberror-perl \ libfcgi-procmanager-perl \ libfile-copy-recursive-perl \ + libfile-mmagic-xs-perl \ libjson-perl \ liblocale-codes-perl \ liblocale-maketext-lexicon-perl \ @@ -43,10 +45,9 @@ RUN set -eux; \ && apt install -y --no-install-recommends \ libimage-magick-perl \ && rm -rf /var/lib/apt/lists/* \ - && a2enmod access_compat perl rewrite \ - && a2dissite 000-default - -COPY foswiki.conf /etc/apache2/sites-enabled/ + && a2enmod access_compat rewrite \ + && a2dissite 000-default \ + && rm /etc/nginx/sites-enabled/default RUN set -eux; \ mkdir -p $root \ @@ -58,10 +59,19 @@ RUN set -eux; \ && rm foswiki.tgz foswiki.tgz.sha512 \ && sh tools/fix_file_permissions.sh \ && chown -R $user:$group $root \ - && echo "0,30 * * * * cd $root/bin && perl ../tools/tick_foswiki.pl" | crontab -u $user - + && echo "0,30 * * * * cd $root/bin && perl ../tools/tick_foswiki.pl" | crontab -u $user - \ + && cp tools/foswiki.init-script /etc/init.d/foswiki \ + && chmod 755 /etc/init.d/foswiki \ + && update-rc.d foswiki defaults \ + && cp tools/foswiki.defaults /etc/default/foswiki \ + && chmod 644 /etc/default/foswiki + +COPY foswiki-apache.conf /etc/apache2/sites-enabled/foswiki.conf +COPY foswiki-nginx.conf /etc/nginx/sites-enabled/foswiki.conf +COPY start.sh /start.sh VOLUME $root EXPOSE $port -CMD ["/bin/sh", "-c", "service cron start && exec apache2ctl -DFOREGROUND -k start"] +CMD ["/bin/sh", "/start.sh"] diff --git a/docker/README.md b/docker/README.md index 338f50ab4..b2be8d52b 100644 --- a/docker/README.md +++ b/docker/README.md @@ -1,12 +1,11 @@ # Dockerfile for Foswiki -Run pristine Foswiki in Debian container with Apache 2 and mod_perl. +Run pristine Foswiki in Debian container with Apache 2 + mod_fcgid/mod_proxy_fcgi/mod_perl or Nginx. ## Build ```sh docker build . -t foswiki --progress plain - ``` Notice this Dockerfile uses volume for `/var/www/foswiki`. @@ -14,20 +13,39 @@ Notice this Dockerfile uses volume for `/var/www/foswiki`. ## Run ```sh +# Use Apache, may use `-e MODULE=[fcigd|proxy_fcgi|perl]` to choose different Apache module. +docker run -dt --init --name foswiki -p 8888:80 -e TZ=Asia/Shanghai -e HTTPD=apache foswiki + + +# Use Nginx docker run -dt --init --name foswiki -p 8888:80 -e TZ=Asia/Shanghai foswiki ``` Access http://localhost:8888 to further configure Foswiki: -1. http://localhost:8888/bin/configure Security and Authentication -> Registration: select `Enable User Registration` and click button `Save 1 change` on the top right corner +1. http://localhost:8888/bin/configure + 1. `Security and Authentication` -> `Registration`: select `Enable User Registration` + 2. `General settings` -> `File System Paths`: set `Safe PATH` to `/bin:/usr/bin` + 3. Click button `Save 2 changes` on the top right corner 2. http://localhost:8888/System/UserRegistration Register your first user, such as WikiName `FirstAdmin` 3. http://localhost:8888/Main/WikiGroups Click `Add Members...` in the group `AdminGroup`, add newly registered user's WikiName 4. Run `docker restart foswiki` to restart the Docker container Although you can directly access Foswiki in the container, this container is expected to be behind a reverse proxy that terminates HTTPS connections and handles virtual site, you must replace the hostname above to `https://your-reverse-proxy?SSL=1`. -## Install extension +## Extensions + +Highly recommended extension for Nginx: + +``` sh +su -s /bin/bash www-data +cd /var/www/foswiki +tools/extension_installer XSendFileContrib -r install +tools/configure -save -set '{XSendFileContrib}{Header}=X-Accel-Redirect' +tools/configure -save -set '{XSendFileContrib}{Location}=/files' +``` +Beautiful skin extension [NatSkin](https://foswiki.org/Extensions/NatSkin): ``` sh su -s /bin/bash www-data cd /var/www/foswiki @@ -41,4 +59,6 @@ Check https://foswiki.org/Extensions for more extensions. * https://github.com/timlegge/docker-foswiki * https://foswiki.org/System/InstallationGuide * https://foswiki.org/System/InstallationGuidePart2 +* https://foswiki.org/Support/FoswikiOnNginx +* https://foswiki.org/System/FastCGIEngineContrib#Nginx diff --git a/docker/foswiki.conf b/docker/foswiki-apache.conf similarity index 90% rename from docker/foswiki.conf rename to docker/foswiki-apache.conf index 1e48c424c..48ec00a46 100644 --- a/docker/foswiki.conf +++ b/docker/foswiki-apache.conf @@ -1,5 +1,6 @@ -# Autogenerated httpd.conf file for Foswiki. +# Merge autogenerated httpd.conf files for Foswiki. # Generated at https://foswiki.org/Support/ApacheConfigGenerator?vhost=;port=;dir=/var/www/foswiki;symlink=;pathurl=/;shorterurls=enabled;engine=mod_perl;fastcgimodule=fcgid;fcgidreqlen=;apver=2;confighost=;configip=;configuser=;loginmanager=Template;htpath=;errordocument=UserRegistration;errorcustom=;disablephp=on;blockpubhtml=on;blocktrashpub=on;controlattach=;blockspiders=on;foswikiversion=2.x;apacheversion=2.4;timeout=;ssl=;sslcert=/etc/ssl/apache2/yourservercert.pem;sslchain=/etc/ssl/apache2/sub.class1.server.ca.pem;sslkey=/etc/ssl/apache2/yourservercertkey.pem +# Generated at https://foswiki.org/Support/ApacheConfigGenerator?vhost=;port=;dir=/var/www/foswiki;symlink=;pathurl=/;shorterurls=enabled;engine=FastCGI;fastcgimodule=fcgid;fcgidreqlen=;apver=2;confighost=;configip=;configuser=;loginmanager=Template;htpath=;errordocument=UserRegistration;errorcustom=;disablephp=on;blockpubhtml=on;blocktrashpub=on;controlattach=;blockspiders=on;foswikiversion=2.x;apacheversion=2.4;timeout=;ssl=;sslcert=/etc/ssl/apache2/yourservercert.pem;sslchain=/etc/ssl/apache2/sub.class1.server.ca.pem;sslkey=/etc/ssl/apache2/yourservercertkey.pem # Configuration generated for Foswiki 2.x, Apache 2.4 @@ -10,7 +11,12 @@ Define foswikiroot "/var/www/foswiki" # http://my.co.uk/foswiki/bin/view/... # The second parameter must point to the physical path on your disc. + Alias /bin "${foswikiroot}/bin" + + +Alias /bin "${foswikiroot}/bin/foswiki.fcgi" + # The following Alias is used to access files in the pub directory (attachments etc) # It must come _after_ the ScriptAlias. @@ -34,7 +40,12 @@ RewriteEngine on # Alias /error/ "/usr/local/www/apache24/error/" # short urls + Alias / "${foswikiroot}/bin/view/" + + +Alias / "${foswikiroot}/bin/foswiki.fcgi/" + RewriteRule ^/+bin/+view/+(.*) /$1 [L,NE,R] RewriteRule ^/+bin/+view$ / [L,NE,R] @@ -56,6 +67,14 @@ SetEnvIf Request_URI "/pub/System/.*\.[hH][tT][mM][lL]?$" !blockAccess # mod_perl_startup.pl must exist, otherwise Apache will not start. PerlRequire "${foswikiroot}/tools/mod_perl_startup.pl" + + DefaultMaxClassProcessCount 3 + # Request length must be larger than largest ATTACHFILESIZELIMIT x 1024 + FcgidMaxRequestLen 52428800 + # Limit requests to control memory growth. + FcgidMaxRequestsPerProcess 400 + + # This specifies the options on the Foswiki scripts directory. The ExecCGI # and SetHandler tell apache that it contains scripts. "Allow from all" @@ -78,6 +97,11 @@ PerlRequire "${foswikiroot}/tools/mod_perl_startup.pl" SetHandler cgi-script + + + SetHandler fcgid-script + + # Password file for Foswiki users AuthUserFile "${foswikiroot}/data/.htpasswd" diff --git a/docker/foswiki-nginx.conf b/docker/foswiki-nginx.conf new file mode 100644 index 000000000..bd99aa26f --- /dev/null +++ b/docker/foswiki-nginx.conf @@ -0,0 +1,87 @@ +server { + listen 80 default_server; + listen [::]:80 default_server; + server_name _; + + set $foswiki_root /var/www/foswiki; # <=== Path to expanded foswiki distribution + root /var/www/html; + index index.html; + + #access_log /var/log/nginx/foswiki-access.log; + #error_log /var/log/nginx/foswiki-error.log debug; + + # Uncomment for htpasswd + #auth_basic "FOSWiki"; + #auth_basic_user_file $foswiki_root/data/.htpasswd; + + # raise upload limit (foswiki has its own limit : %ATTACHFILESIZELIMIT% in System/PreferenceSettings) + client_max_body_size 50M; + + # browsers tend to search for a favicons and robots.txt in the root directory: if it is there fine, if not don't bother + location /favicon.ico { + root $foswiki_root; + log_not_found off; + access_log off; + } + location /robots.txt { + root $foswiki_root; + allow all; + log_not_found off; + access_log off; + } + + location = / { + root $foswiki_root; + rewrite .* /Main/WebHome; + } + + # redirect short urls to view + location ~ ^/(?:bin/)?([A-Z_].*)$ { + rewrite ^/(.*)$ /bin/view/$1 last; + } + + # static files that we don't need to authenticate, i.e. css and js + location ~ ^/pub/(System|Applications|images|cache)/ { + root $foswiki_root; + expires 8h; + gzip_static on; + } + + # any other static files need to be sanctioned by the foswiki backened + location /pub { + # either by the standard viewfile approach ... + rewrite ^/pub/(.*)$ /bin/viewfile/$1; + + # or by XSendFileContrib using + # + # The following setting must be in LocalSite.cfg + # {XSendFileContrib}{Header} = 'X-Accel-Redirect'; + # {XSendFileContrib}{Location} = '/files'; + #rewrite ^/pub/(.*)$ /bin/xsendfile/$1; + } + + # internal location that sendfile serves sanctioned static files from + location /files { + internal; + alias $foswiki_root/pub/; + expires 8h; + access_log off; + } + + # deny any direct access to these directores + # note that this only is required in case the document root equals the $foswiki_root + location ~ (^/lib|^/data|^/locale|^/templates|^/tools|^/work) { + deny all; + } + + location ~ ^/bin/([a-z]+) { + gzip off; + # a request taking more than 2 minutes is considered an error + fastcgi_read_timeout 120s; + fastcgi_split_path_info ^/bin/(.+?)(/.*)$; + fastcgi_param SCRIPT_FILENAME $foswiki_root/bin/foswiki.fcgi; + fastcgi_param PATH_INFO $fastcgi_path_info; + fastcgi_pass 127.0.0.1:9000; + include fastcgi_params; + } +} diff --git a/docker/start.sh b/docker/start.sh new file mode 100755 index 000000000..a741a4638 --- /dev/null +++ b/docker/start.sh @@ -0,0 +1,62 @@ +#!/bin/sh + +set -eux + +service cron start + +httpd=${HTTPD:-nginx} +module=${MODULE:-fcgid} # for Apache only + +unset HTTPD MODULE # unset environment variables + +case "$httpd" in + apache) + case "$module" in + *fcgid) + a2enmod fcgid + a2dismod proxy_fcgi + a2dismod perl + ;; + + *proxy_fcgi) + a2enmod proxy_fcgi + a2dismod fcgid + a2dismod perl + + rm -f /var/run/foswiki.pid + service foswiki start + ;; + + *perl) + a2enmod perl + a2dismod fcgid + a2dismod proxy_fcgi + ;; + + *) + echo "ERROR: unknown engine $module" >&2 + exit 1 + esac + + exec apache2ctl -DFOREGROUND -k start + ;; + + nginx) + # Enable xsendfile in Nginx if XSendFileContrib is properly configured + foswiki_conf=/etc/nginx/sites-enabled/foswiki.conf + localsite_cfg=/var/www/foswiki/lib/LocalSite.cfg + if grep -q '^\s*#rewrite.*xsendfile' $foswiki_conf && + grep -q '{XSendFileContrib}{Header}\s*=\s*.X-Accel-Redirect.' $localsite_cfg && + grep -q '{XSendFileContrib}{Location}\s*=\s*./files.' $localsite_cfg; then + sed -i -E 's|^(\s*)(rewrite.*viewfile)|\1#\2|; s|^(\s*)#(rewrite.*sendfile)|\1\2|' $foswiki_conf + fi + + rm -f /var/run/foswiki.pid + service foswiki start + exec nginx -g "daemon off;" + ;; + + *) + echo "ERROR: unknown httpd $httpd" >&2 + exit 1 +esac From c167f586e0c545ce97fb58fabe91ec6860fcd7fe Mon Sep 17 00:00:00 2001 From: Yubao Liu Date: Fri, 6 Jan 2023 00:35:06 +0800 Subject: [PATCH 3/3] fix build error when no build-arg set for "mirror" Import from https://github.com/Dieken/foswiki-docker/commit/e510ea2d8627707adc81b4142f3326444970334c --- docker/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docker/Dockerfile b/docker/Dockerfile index 539dc5f73..0a28d7323 100644 --- a/docker/Dockerfile +++ b/docker/Dockerfile @@ -9,7 +9,7 @@ ARG group=www-data ARG port=80 ARG lang=C.UTF-8 ARG tz=Asia/Shanghai -ARG mirror +ARG mirror="" ENV LANG=$lang TZ=$tz