From 20ddcba4845db4f8cfb9ece6a38bb5db427ae4b9 Mon Sep 17 00:00:00 2001 From: Harald Eilertsen Date: Tue, 12 Dec 2023 17:04:52 +0100 Subject: Add Hubzilla sandcastle. See hubzilla.castle.yml for installation and usage instructions to get started. --- volumes/hubzilla/crontab | 2 ++ volumes/hubzilla/fpm.conf | 15 ++++++++++ volumes/hubzilla/nginx.conf | 73 +++++++++++++++++++++++++++++++++++++++++++++ 3 files changed, 90 insertions(+) create mode 100644 volumes/hubzilla/crontab create mode 100644 volumes/hubzilla/fpm.conf create mode 100644 volumes/hubzilla/nginx.conf (limited to 'volumes') diff --git a/volumes/hubzilla/crontab b/volumes/hubzilla/crontab new file mode 100644 index 0000000..96c0b78 --- /dev/null +++ b/volumes/hubzilla/crontab @@ -0,0 +1,2 @@ +# Run periodic tasks for Hubzilla +su -s /bin/bash www-data -c "cd /var/www/html; /usr/bin/php Zotlabs/Daemon/Master.php Cron > /dev/null 2>&1" diff --git a/volumes/hubzilla/fpm.conf b/volumes/hubzilla/fpm.conf new file mode 100644 index 0000000..4a0dafa --- /dev/null +++ b/volumes/hubzilla/fpm.conf @@ -0,0 +1,15 @@ +[www] +user = www-data +group = www-data + +listen = 0.0.0.0:9000 + +pm = dynamic +pm.max_children = 5 +pm.start_servers = 2 +pm.min_spare_servers = 1 +pm.max_spare_servers = 3 + +php_value[upload_max_filesize] = 5M +php_value[post_max_size] = 20M +php_value[max_file_uploads] = 4 diff --git a/volumes/hubzilla/nginx.conf b/volumes/hubzilla/nginx.conf new file mode 100644 index 0000000..0680a2b --- /dev/null +++ b/volumes/hubzilla/nginx.conf @@ -0,0 +1,73 @@ +# +# Hubzilla nginx configuration for sandcastles +# +# TLS is terminated by the traefik router, so we will only ever see http +# trafic here. +# + +server { + listen 80; + server_name hubzilla.castle; + + index index.php; + charset utf-8; + root /var/www/html; + + # allow uploads up to 20MB in size + client_max_body_size 20m; + client_body_buffer_size 128k; + + include mime.types; + + # rewrite to front controller as default rule + location / { + if (!-e $request_filename) { + rewrite ^(.*)$ /index.php?q=$1; + } + } + + # make sure webfinger and other well known services aren't blocked + # by denying dot files and rewrite request to the front controller + location ^~ /.well-known/ { + allow all; + if (!-e $request_filename) { + rewrite ^(.*)$ /index.php?q=$1; + } + } + + # block these file types + location ~* \.(tpl|md|tgz|log|out)$ { + deny all; + } + + # pass the PHP scripts to the fpm container + location ~* \.php$ { + try_files $uri =404; + + fastcgi_param HTTPS on; + + # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini + fastcgi_split_path_info ^(.+\.php)(/.+)$; + + fastcgi_pass hubzilla_fpm:9000; + + include fastcgi_params; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + } + + # deny access to all dot files + location ~ /\. { + deny all; + } + + #deny access to store + location ~ /store { + deny all; + } + + #deny access to util + location ~ /util { + deny all; + } +} -- cgit v1.2.3