fossilfranv/monica
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Add doc about maxsize upload (#18)

Browse Source
This commit is contained in:
Alexis Saettler 2020-05-20 23:45:06 +02:00 committed by GitHub
parent ab75daf47b
commit 6c88325e2d
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
5 changed files with 226 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
.examples/maxsize/app/Dockerfile Normal file
View File

@ -0,0 +1,11 @@
FROM monica:fpm-alpine
RUN set -ex;\
\
{ \
echo '[www]'; \
echo 'upload_max_filesize = 500M'; \
echo 'post_max_size = 500M'; \
echo 'max_execution_time = 600'; \
} \
> $PHP_INI_DIR/conf.d/uploads.ini

39
.examples/maxsize/docker-compose.yml Normal file
View File

@ -0,0 +1,39 @@
version: "3.4"
services:
app:
build: ./app
depends_on:
- db
env_file: .env
environment:
- DB_HOST=db
- DEFAULT_MAX_UPLOAD_SIZE=500000
volumes:
- data:/var/www/html/storage
restart: always
web:
build: ./web
restart: always
ports:
- 8881:80
volumes:
- data:/var/www/html/storage:ro
depends_on:
- app
db:
image: mysql:5.7
environment:
- MYSQL_RANDOM_ROOT_PASSWORD=true
- MYSQL_DATABASE=monica
- MYSQL_USER=homestead
- MYSQL_PASSWORD=secret
volumes:
- mysql:/var/lib/mysql
restart: always
volumes:
data:
mysql:

9
.examples/maxsize/web/Dockerfile Normal file
View File

@ -0,0 +1,9 @@
FROM monica:fpm-alpine AS monica
FROM nginx:alpine
COPY nginx.conf /etc/nginx/nginx.conf
# Copy content of monica image
COPY --from=monica /var/www/html /var/www/html
RUN ln -sf /var/www/html/storage/app/public /var/www/html/public/storage

161
.examples/maxsize/web/nginx.conf Normal file
View File

@ -0,0 +1,161 @@
worker_processes 1;
error_log /var/log/nginx/error.log warn;
pid /var/run/nginx.pid;
events {
worker_connections 1024;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
#tcp_nopush on;
keepalive_timeout 65;
set_real_ip_from 10.0.0.0/8;
set_real_ip_from 172.16.0.0/12;
set_real_ip_from 192.168.0.0/16;
real_ip_header X-Real-IP;
# Connect to app service
upstream php-handler {
server app:9000;
}
server {
listen 80;
server_name monica;
## HSTS ##
# Add the 'Strict-Transport-Security' headers to enable HSTS protocol.
# WARNING: Only add the preload option once you read about the consequences: https://hstspreload.org/.
# This form will add the domain to a hardcoded list that is shipped in all major browsers and getting
# removed from this list could take several months.
#
#add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload;" always;
add_header Referrer-Policy "no-referrer" always;
add_header X-Content-Type-Options "nosniff" always;
add_header X-Download-Options "noopen" always;
add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-Permitted-Cross-Domain-Policies "none" always;
add_header X-Robots-Tag "none" always;
add_header X-XSS-Protection "1; mode=block" always;
# Remove X-Powered-By, which is an information leak
fastcgi_hide_header X-Powered-By;
root /var/www/html/public;
index index.html index.htm index.php;
charset utf-8;
location / {
try_files $uri $uri/ /index.php?$query_string;
}
location ~ ^/(?:robots.txt|security.txt) {
allow all;
log_not_found off;
access_log off;
}
error_page 404 500 502 503 504 /index.php;
location ~ /\.well-known/(?:carddav|caldav) {
return 301 $scheme://$host/dav;
}
location = /.well-known/security.txt {
return 301 $scheme://$host/security.txt;
}
location ~ /\.(?!well-known).* {
deny all;
}
# set max upload size
client_max_body_size 10G;
fastcgi_buffers 64 4K;
# Enable gzip but do not remove ETag headers
gzip on;
gzip_vary on;
gzip_comp_level 4;
gzip_min_length 256;
gzip_proxied expired no-cache no-store private no_last_modified no_etag auth;
gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy;
# Uncomment if your server is build with the ngx_pagespeed module
# This module is currently not supported.
#pagespeed off;
location ~ \.php$ {
# regex to split $uri to $fastcgi_script_name and $fastcgi_path
fastcgi_split_path_info ^(.+?\.php)(/.*)$;
# Check that the PHP script exists before passing it
try_files $fastcgi_script_name =404;
fastcgi_pass php-handler;
fastcgi_index index.php;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
# Bypass the fact that try_files resets $fastcgi_path_info
# see: http://trac.nginx.org/nginx/ticket/321
set $path_info $fastcgi_path_info;
fastcgi_param PATH_INFO $path_info;
}
# Adding the cache control header for js and css files
# Make sure it is BELOW the PHP block
location ~ \.(?:css|js|woff2?|svg|gif|json)$ {
try_files $uri /index.php$request_uri;
add_header Cache-Control "public, max-age=15778463";
## HSTS ##
# Add the 'Strict-Transport-Security' headers to enable HSTS protocol.
# Note it is intended to have those duplicated to the ones above.
# WARNING: Only add the preload option once you read about the consequences: https://hstspreload.org/.
# This form will add the domain to a hardcoded list that is shipped in all major browsers and getting
# removed from this list could take several months.
#
#add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload;" always;
add_header Referrer-Policy "no-referrer" always;
add_header X-Content-Type-Options "nosniff" always;
add_header X-Download-Options "noopen" always;
add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-Permitted-Cross-Domain-Policies "none" always;
add_header X-Robots-Tag "none" always;
add_header X-XSS-Protection "1; mode=block" always;
# Optional: Don't log access to assets
access_log off;
}
location ~ \.(?:png|html|ttf|ico|jpg|jpeg)$ {
try_files $uri /index.php$request_uri;
# Optional: Don't log access to assets
access_log off;
}
# deny access to .htaccess files
location ~ /\.ht {
deny all;
}
}
}

11
.examples/readme.md
View File

@ -2,11 +2,12 @@
In this section you will find some examples about how to use monica's docker images.
Example|Description
-------|-----------
[`supervisor`](supervisor)| uses supervisor to run a cron and a queue inside your container.
[`nginx-proxy-self-signed-ssl`](nginx-proxy-self-signed-ssl)| shows you how to run monica with a self signed ssl certificate.
[`nginx-proxy`](nginx-proxy)| shows you how to run monica with https and generate a [Let's Encrypt](https://letsencrypt.org/) certificate.
| Example | Description |
|---------|-------------|
| [`supervisor`](supervisor) | uses supervisor to run a cron and a queue inside your container.
| [`nginx-proxy-self-signed-ssl`](nginx-proxy-self-signed-ssl) | shows you how to run monica with a self signed ssl certificate.
| [`nginx-proxy`](nginx-proxy) | shows you how to run monica with https and generate a [Let's Encrypt](https://letsencrypt.org/) certificate.
| [`maxsize`](maxsize) | shows you how to adapt the max upload size of you php settings in the app container.
## Run with docker-compose