These are various Dockerfiles in use by EasyEngine.
Build status:
DockerHub Image | Build Status |
---|---|
nginx-proxy | |
nginx | |
php | |
redis | |
mariadb | |
phpmyadmin | |
base |
Various Dockerfiles in use by EasyEngine
These are various Dockerfiles in use by EasyEngine.
Build status:
DockerHub Image | Build Status |
---|---|
nginx-proxy | |
nginx | |
php | |
redis | |
mariadb | |
phpmyadmin | |
base |
There is a duplicate block of /ee-admin/
in it. Due to this docker exec ee-global-nginx-proxy nginx -t
is failing.
X-Powered-By: EasyEngine
header is static and does not contain the actual version of EasyEngine that has created a particular site.
X-Powered-By: PHP/<version-number>
needs to be removed, so as to not reveal the version of PHP being used by the site.
Need to move inclusion of custom conf files into site template ngix conf.
Skip /etc/hosts
entry for ssl site and remove aliasing in nginx network in this case.
Bring all nginx and php configurations in common parent directory.
Seems we made it php
dependent.
2018/06/02 12:50:56 [emerg] 1#1: host not found in upstream "php" in /usr/local/openresty/nginx/conf/common/php.conf:10
nginx: [emerg] host not found in upstream "php" in /usr/local/openresty/nginx/conf/common/php.conf:10
This may need changes in Dockerfiles or ee installer/core. To be decided after research:
We haven't encountered any issue but it's good to do a performance check sooner than later:
Following are PHP extensions persent in VIP image, but not in EE:
a8c
apcu
calendar
cgi-fcgi
gmagick
gmp
mcrypt
pcntl
shmop
sockets
sysvsem
sysvshm
timezonedb
Have to check which versions we are on and if updates are available.
Replace: upstream_cache_status
with srcache_fetch_status
log_format rt_cache '$remote_addr $upstream_response_time $srcache_fetch_status [$time_local] '
'$http_host "$request" $status $body_bytes_sent '
'"$http_referer" "$http_user_agent"'
' $request_time' ;
Check upstream_response_time
as well.
nginx-proxy was not properly forwarding real IP of the visitor to the site's nginx. This could cause issues wherever the visitor's true IP is required.
Currently, we have bash as the default shell, it will be nice to have ZSH as the default shell as it has better features and aesthetics.
Issue:
In the case of docker rm and start it is not able to sed
in the newrelic.ini file.
Solution:
add in PHP dockerfile/entry-point at a later stage after sed
su www-data
folder - nginx/conf
we need to clean it up keeping v4 structure in mind.
nginx/conf/ nginx.conf
in the repo. /usr/local/openresty/nginx/conf/nginx.conf
inside container/var/www/conf/nginx/site.conf
. EEv4 will create/generate this file.Users can create additional conf files in /var/www/conf/nginx/custom/
with .conf
extension. Something like /var/www/conf/nginx/custom/redirects.conf
.
https://blog.martinfjordvald.com/2013/04/nginx-config-history-fastcgi_params-versus-fastcgi-conf/
We need to pin the docker images to a specific hash to avoid any unnecessary surprises.
Something like
FROM debian@sha256:de3eac83cd481c04c5d6c7344cd7327625a1d8b2540e82a8231b5675cef0ae5f
Here is a link to an Example Dockerfile
Make defaults
log_bin = /var/log/mysql/mariadb-bin
log_bin_index = /var/log/mysql/mariadb-bin.index
binlog_format = statement
# not fab for performance, but safer
#sync_binlog = 1
expire_logs_days = 10
max_binlog_size = 100M
SOmetimes while importing database of big site, global mysql crashes.
We need to set max_allowed_packet_size to 512M
to prevent that from happening.
Following need to be increased to allow long url requests to be handled:
On site nginx configuration:
fastcgi_buffers 16 16k;
fastcgi_buffer_size 32k;
On proxy nginx configuration:
proxy_buffers 16 16k;
proxy_buffer_size 32k;
I think rather than copy-pasting mime.types, we can include another type {}
block in our nginx.conf with additional types
types{
application/font-woff2 woff2;
}
We need to add following tags to postfix image:
LABEL org.label-schema.schema-version="1.0.0-rc1"
LABEL org.label-schema.vendor="EasyEngine"
LABEL org.label-schema.name="postfix
Due to this Postfix containers are not getting removed while running ee cli self-uninstall
Why Easyengine v4 is not yet allowing easy methods for upgrading php version on php/wp websites? I'm looking for a solution all over the web and that seems there's no way to update a site to a newer php version once it is created.
Perhaps EE v4 could maintain an alternate php docker image with the most up to date php version, and then allow EE users to override it by command line.
File: newrelic.ini
Docs: https://docs.newrelic.com/docs/agents/php-agent/configuration/php-agent-configuration
Add following in default NewRelic configuration:
newrelic.transaction_tracer.record_sql = "raw"
newrelic.transaction_tracer.threshold = "1s"
Add following in WP sites: No need, this is being managed automatically now.
newrelic.framework="wordpress"
Enable php_exif module.
Need to install mysql
extension in php 5.6 image. Although it's depreceted in 7.0, many legacy codebase depends on it hence we should add it.
It is there in multiple plugins.
Planning to add it, but keep it disabled by default so that it does not hamper anything. Whoever wants it can enable this extension.
Label schema hasn't been updated in a while and it has been superseded by opencontainers image spec. https://github.com/opencontainers/image-spec/blob/master/annotations.md.
So we need to migrate our labels in images.
http auth was not getting applied to subsites of subdom sites. This is an bug in EE.
Aug 27 07:12:19 ip-10-1-2-123 example.com/smtp[76]: A4997FB6AA: to=<[email protected]>, relay=smtp.example.com[IP]:PORT, delay=6, delays=0.01/0.03/6/0, dsn=4.7.0, status=deferred (SASL authentication failed; cannot authenticate to server smtp.example.com[IP]: no mechanism available)
fix:
apt-get install libsasl2-modules
Need to check both the below configs and apply the relevant configuration to Nginx, Nginx-proxy and Mysql.
https://github.com/dev-sec/ansible-collection-hardening/blob/master/roles/nginx_hardening/defaults/main.yml
https://github.com/dev-sec/ansible-collection-hardening/blob/master/roles/mysql_hardening/defaults/main.yml
A large number of the dockerfile containers use the :latest parameter to pull the most recent version of the software.
This recently caused problems with the nginx-proxy version 0.6.0. See: https://community.easyengine.io/t/site-down-after-updating-to-v4-0-12/12610/17
There should be a config file available to specifically define the version the dockerfile uses. This would allow a user the ability to downgrade from the latest due to known issues.
For example, the config file could look like:
cron:latest
mailhog:v1.0.0
mariadb:10.2
nginx-proxy:latest
nginx:stretch
The other options are to place the dockerfiles on the server and build the dockers from on server dockerfiles.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.