Cleanup and initial commit

2024-01-10 17:15:41 -06:00
parent 736f325590
commit bde7e8eca7
14 changed files with 422 additions and 1 deletions
--- a/root/defaults/nginx/http.conf
+++ b/root/defaults/nginx/http.conf
@@ -0,0 +1,49 @@
+# HTTP config file, copied from https://pterodactyl.io/panel/1.0/webserver_configuration.html#nginx-without-ssl
+# Last updated: 01/10/2024
+
+server {
+    # Replace the example <domain> with your domain name or IP address
+    listen 80 default;
+    server_name _;
+
+
+    root /var/www/pterodactyl/public;
+    index index.php;
+    charset utf-8;
+
+    location / {
+        try_files $uri $uri/ /index.php?$query_string;
+    }
+
+    location = /favicon.ico { access_log off; log_not_found off; }
+    location = /robots.txt  { access_log off; log_not_found off; }
+
+    access_log off;
+    error_log  /var/log/nginx/pterodactyl.app-error.log error;
+
+    # allow larger file uploads and longer script runtimes
+    client_max_body_size 100m;
+    client_body_timeout 120s;
+
+    sendfile off;
+
+    location ~ \.php$ {
+        fastcgi_split_path_info ^(.+\.php)(/.+)$;
+        fastcgi_pass unix:/run/php-fpm/php-fpm.sock;
+        fastcgi_index index.php;
+        include fastcgi_params;
+        fastcgi_param PHP_VALUE "upload_max_filesize = 100M \n post_max_size=100M";
+        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
+        fastcgi_param HTTP_PROXY "";
+        fastcgi_intercept_errors off;
+        fastcgi_buffer_size 16k;
+        fastcgi_buffers 4 16k;
+        fastcgi_connect_timeout 300;
+        fastcgi_send_timeout 300;
+        fastcgi_read_timeout 300;
+    }
+
+    location ~ /\.ht {
+        deny all;
+    }
+}
--- a/root/defaults/nginx/https.conf
+++ b/root/defaults/nginx/https.conf
@@ -0,0 +1,69 @@
+# HTTP config file, copied from https://pterodactyl.io/panel/1.0/webserver_configuration.html#nginx-with-ssl
+# Last updated: 01/10/2024
+
+server_tokens off;
+
+server {
+    listen 80;
+    server_name _;
+    return 301 https://$server_name$request_uri;
+}
+
+server {
+    listen 443 ssl http2;
+    server_name _;
+
+    root /var/www/pterodactyl/public;
+    index index.php;
+
+    access_log /var/log/nginx/pterodactyl.app-access.log;
+    error_log  /var/log/nginx/pterodactyl.app-error.log error;
+
+    # allow larger file uploads and longer script runtimes
+    client_max_body_size 100m;
+    client_body_timeout 120s;
+
+    sendfile off;
+
+    # SSL Configuration - Replace the example <domain> with your domain
+    ssl_certificate /etc/letsencrypt/live/<domain>/fullchain.pem;
+    ssl_certificate_key /etc/letsencrypt/live/<domain>/privkey.pem;
+    ssl_session_cache shared:SSL:10m;
+    ssl_protocols TLSv1.2 TLSv1.3;
+    ssl_ciphers "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384";
+    ssl_prefer_server_ciphers on;
+
+    # See https://hstspreload.org/ before uncommenting the line below.
+    # add_header Strict-Transport-Security "max-age=15768000; preload;";
+    add_header X-Content-Type-Options nosniff;
+    add_header X-XSS-Protection "1; mode=block";
+    add_header X-Robots-Tag none;
+    add_header Content-Security-Policy "frame-ancestors 'self'";
+    add_header X-Frame-Options DENY;
+    add_header Referrer-Policy same-origin;
+
+    location / {
+        try_files $uri $uri/ /index.php?$query_string;
+    }
+
+    location ~ \.php$ {
+        fastcgi_split_path_info ^(.+\.php)(/.+)$;
+        fastcgi_pass unix:/run/php-fpm/php-fpm.sock;
+        fastcgi_index index.php;
+        include fastcgi_params;
+        fastcgi_param PHP_VALUE "upload_max_filesize = 100M \n post_max_size=100M";
+        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
+        fastcgi_param HTTP_PROXY "";
+        fastcgi_intercept_errors off;
+        fastcgi_buffer_size 16k;
+        fastcgi_buffers 4 16k;
+        fastcgi_connect_timeout 300;
+        fastcgi_send_timeout 300;
+        fastcgi_read_timeout 300;
+        include /etc/nginx/fastcgi_params;
+    }
+
+    location ~ /\.ht {
+        deny all;
+    }
+}
--- a/root/etc/cont-init.d/10-initializer
+++ b/root/etc/cont-init.d/10-initializer
@@ -0,0 +1,69 @@
+#!/usr/bin/with-contenv bash
+source ContainerTools
+SNAME=${BASH_SOURCE##*/}
+
+# If DBHOST value is present, pause boot until target container is up.
+if [ -n "$DBHOST" ]; then
+    log "Waiting for SQL at $DBHOST:${DBPORT:=3306}"
+    if  wait-for-it $DBHOST:$DBPORT -q -t ${TESTTIME:=30}; then
+        log "SQL found, continuing"        
+    else
+        log "SQL could not be reached!  Exiting..."
+        exit 1
+    fi
+fi
+
+# If REDISHOST value is present, pause boot until target container is up.
+if [ -n "$REDISHOST" ]; then
+    log "Waiting for Redis at $REDISHOST:${REDISPORT:=6379}"
+    if  wait-for-it $REDISHOST:$REDISPORT -q -t ${TESTTIME:=30}; then
+        log "Redis found, continuing"        
+    else
+        log "Redis could not be reached!  Exiting..."
+        exit 1
+    fi
+fi
+
+# Check for persistent storage directory, create file structure if not present.
+if [ ! -d "/config/storage" ]; then
+    log "Creating storage directory"
+    cat .storage.tmpl | while read line; do
+        mkdir -p "/config/${line}"
+    done
+fi
+
+# Check for persistent logging directory, create file path if not present.
+if [ ! -d "/config/log/nginx" ]; then
+    log "Creating log directory."
+    mkdir -p "/config/log/nginx"
+fi
+
+# Check for config file, create template if not present.
+if [ ! -e /config/pterodactyl.conf ]; then
+    log "Config file does not exist, creating template"
+    log "[WARN] Connect to container and finish setup process"
+    cp .env.example /config/pterodactyl.conf
+    log "Generating unique Pterodactyl key"
+    log "$(php artisan key:generate --force --no-interaction)"
+fi
+
+# Clear views and autogenerated configs on launch.  This is necessary for updates, and doesn't affect non-update launches.
+log "$(php artisan view:clear)"
+log "$(php artisan config:clear)"
+log "Checking for database updates, preparing cache"
+log "[NOTE] This will fail if the database connection has not yet been configured"
+log "$(php artisan migrate --seed --force)"
+chown -R nginx:nginx /config/
+
+# Load selected Nginx conf.
+if [ "$HTTPS" == "true" ]; then
+    if [ ! -e "/etc/nginx/http.d/pterodactyl.conf" ]; then
+        log "Symlinking Nginx config file for HTTPS"
+        ln -s /defaults/nginx/https.conf /etc/nginx/http.d/pterodactyl.conf
+    fi
+else
+    if [ ! -e "/etc/nginx/http.d/pterodactyl.conf" ]; then
+        log "Symlinking Nginx config file for HTTP"
+        ln -s /defaults/nginx/http.conf /etc/nginx/http.d/pterodactyl.conf
+    fi
+fi
--- a/root/etc/crontabs/nginx
+++ b/root/etc/crontabs/nginx
@@ -0,0 +1 @@
+* * * * * php /var/www/pterodactyl/artisan schedule:run >> /dev/null 2>&1
--- a/root/etc/nginx/nginx.conf
+++ b/root/etc/nginx/nginx.conf
@@ -0,0 +1,44 @@
+user nginx;
+worker_processes auto;
+pcre_jit on;
+error_log /var/log/nginx/error.log warn;
+include /etc/nginx/modules/*.conf;
+
+events {
+	worker_connections 1024;
+}
+
+http {
+	include /etc/nginx/mime.types;
+	default_type application/octet-stream;
+
+	server_tokens off;
+	client_max_body_size 1m;
+	sendfile on;
+	tcp_nopush on;
+
+	ssl_protocols TLSv1.2 TLSv1.3;
+	ssl_prefer_server_ciphers on;
+	ssl_session_cache shared:SSL:2m;
+	ssl_session_timeout 5M;
+	ssl_session_tickets off;
+
+	gzip on;
+	gzip_vary on;
+	gzip_min_length 1024;
+	gzip_proxied expired no-cache no-store private auth;
+	gzip_types text/plain text/css text/xml text/javascript application/x-javascript application/xml;
+	gzip_disable "MSIE [1-6]\.";
+
+	map $http_upgrade $connection_upgrade {
+		default upgrade;
+		'' close;
+	}
+
+	log_format main '$remote_addr - $remote_user [$time_local] "$request" '
+			'$status $body_bytes_sent "$http_referer" '
+			'"$http_user_agent" "$http_x_forwarded_for"';
+
+	access_log /var/log/nginx/access.log main;
+	include /etc/nginx/http.d/*.conf;
+}
--- a/root/etc/php81/php-fpm.conf
+++ b/root/etc/php81/php-fpm.conf
@@ -0,0 +1,5 @@
+[global]
+pid = /run/php-fpm/php-fpm.pid
+error_log = /var/log/php/error.log
+log_level = warning
+include=/etc/php/php-fpm.d/*.conf
--- a/root/etc/php81/php-fpm.d/nginx.conf
+++ b/root/etc/php81/php-fpm.d/nginx.conf
@@ -0,0 +1,17 @@
+[nginx]
+user = nginx
+group = nginx
+
+listen = /run/php-fpm/php-fpm.sock
+listen.owner = nginx
+listen.group = nginx
+listen.mode = 0750
+
+pm = ondemand
+pm.max_children = 9
+pm.process_idle_timeout = 10s
+pm.max_requests = 200
+
+slowlog = /dev/stdout
+request_slowlog_timeout = 60s
+catch_workers_output = yes
--- a/root/etc/services.d/crond/run
+++ b/root/etc/services.d/crond/run
@@ -0,0 +1,2 @@
+#!/usr/bin/execlineb -P
+/usr/sbin/crond -fL /dev/null
--- a/root/etc/services.d/nginx/run
+++ b/root/etc/services.d/nginx/run
@@ -0,0 +1,2 @@
+#!/usr/bin/execlineb -P
+/usr/sbin/nginx -g "daemon off;"
--- a/root/etc/services.d/php-fpm/run
+++ b/root/etc/services.d/php-fpm/run
@@ -0,0 +1,2 @@
+#!/usr/bin/execlineb -P
+/usr/sbin/php-fpm -Fc /etc/php
--- a/root/etc/services.d/pteroq/run
+++ b/root/etc/services.d/pteroq/run
@@ -0,0 +1,3 @@
+#!/usr/bin/execlineb -P
+s6-setuidgid nginx
+/usr/bin/php /var/www/pterodactyl/artisan queue:work --queue=high,standard,low --sleep=3 --tries=3
				`@@ -0,0 +1 @@`
				`* * * * * php /var/www/pterodactyl/artisan schedule:run >> /dev/null 2>&1`