mirror of https://github.com/vimagick/dockerfiles
add openresty
This commit is contained in:
parent
b47ca6fb2a
commit
cfb356646e
|
@ -360,6 +360,7 @@ A collection of delicious docker recipes.
|
||||||
- [x] notaitech/nudenet
|
- [x] notaitech/nudenet
|
||||||
- [x] odoo
|
- [x] odoo
|
||||||
- [x] osixia/openldap
|
- [x] osixia/openldap
|
||||||
|
- [x] openresty/openresty
|
||||||
- [x] kylemanna/openvpn
|
- [x] kylemanna/openvpn
|
||||||
- [x] campbellsoftwaresolutions/osticket
|
- [x] campbellsoftwaresolutions/osticket
|
||||||
- [x] outlinewiki/outline
|
- [x] outlinewiki/outline
|
||||||
|
|
|
@ -1,11 +1,30 @@
|
||||||
nextcloud:
|
version: "3.8"
|
||||||
image: arm32v7/nextcloud
|
|
||||||
ports:
|
services:
|
||||||
- "8080:80"
|
|
||||||
volumes:
|
nextcloud:
|
||||||
- ./data:/var/www/html
|
image: arm32v7/nextcloud:22
|
||||||
environment:
|
ports:
|
||||||
- SQLITE_DATABASE=/var/www/html/data/nextcloud.db
|
- "8080:80"
|
||||||
- NEXTCLOUD_ADMIN_USER=admin
|
volumes:
|
||||||
- NEXTCLOUD_ADMIN_PASSWORD=admin
|
- ./data/nextcloud:/var/www/html
|
||||||
restart: always
|
environment:
|
||||||
|
- POSTGRES_HOST=postgres
|
||||||
|
- POSTGRES_DB=nextcloud
|
||||||
|
- POSTGRES_USER=nextcloud
|
||||||
|
- POSTGRES_PASSWORD=nextcloud
|
||||||
|
depends_on:
|
||||||
|
- postgres
|
||||||
|
restart: unless-stopped
|
||||||
|
|
||||||
|
postgres:
|
||||||
|
image: arm32v7/postgres:13-alpine
|
||||||
|
ports:
|
||||||
|
- "5432:5432"
|
||||||
|
volumes:
|
||||||
|
- ./data/postgres:/var/lib/postgresql/data
|
||||||
|
environment:
|
||||||
|
- POSTGRES_USER=nextcloud
|
||||||
|
- POSTGRES_PASSWORD=nextcloud
|
||||||
|
- POSTGRES_DB=nextcloud
|
||||||
|
restart: unless-stopped
|
||||||
|
|
|
@ -0,0 +1,20 @@
|
||||||
|
openresty
|
||||||
|
=========
|
||||||
|
|
||||||
|
[OpenResty®][1] is a dynamic web platform based on NGINX and LuaJIT.
|
||||||
|
|
||||||
|
```bash
|
||||||
|
# up and running
|
||||||
|
$ docker-compose up -d
|
||||||
|
|
||||||
|
# edit config
|
||||||
|
$ vim data/conf.d/default.conf
|
||||||
|
|
||||||
|
# check config
|
||||||
|
$ docker-compose exec openresty openresty -t
|
||||||
|
|
||||||
|
# reload config
|
||||||
|
$ docker-compose exec openresty openresty -s reload
|
||||||
|
```
|
||||||
|
|
||||||
|
[1]: https://openresty.org/
|
|
@ -0,0 +1,37 @@
|
||||||
|
#
|
||||||
|
# https://github.com/openresty/lua-nginx-module
|
||||||
|
#
|
||||||
|
|
||||||
|
server {
|
||||||
|
listen 80;
|
||||||
|
server_name localhost;
|
||||||
|
|
||||||
|
location / {
|
||||||
|
root /usr/local/openresty/nginx/html;
|
||||||
|
index index.html index.htm;
|
||||||
|
}
|
||||||
|
|
||||||
|
error_page 500 502 503 504 /50x.html;
|
||||||
|
location = /50x.html {
|
||||||
|
root /usr/local/openresty/nginx/html;
|
||||||
|
}
|
||||||
|
|
||||||
|
location /about {
|
||||||
|
default_type 'text/plain';
|
||||||
|
content_by_lua_block {
|
||||||
|
ngx.say('hello, world!')
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
location /webhook {
|
||||||
|
default_type 'application/json';
|
||||||
|
content_by_lua_block {
|
||||||
|
local http = require "resty.http"
|
||||||
|
local cjson = require "cjson"
|
||||||
|
ngx.req.read_body()
|
||||||
|
local body = ngx.req.get_body_data()
|
||||||
|
local obj = cjson.decode(body)
|
||||||
|
# TODO
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
File diff suppressed because it is too large
Load Diff
|
@ -0,0 +1,234 @@
|
||||||
|
local ngx_re_gmatch = ngx.re.gmatch
|
||||||
|
local ngx_re_sub = ngx.re.sub
|
||||||
|
local ngx_re_find = ngx.re.find
|
||||||
|
|
||||||
|
--[[
|
||||||
|
A connection function that incorporates:
|
||||||
|
- tcp connect
|
||||||
|
- ssl handshake
|
||||||
|
- http proxy
|
||||||
|
Due to this it will be better at setting up a socket pool where connections can
|
||||||
|
be kept alive.
|
||||||
|
|
||||||
|
|
||||||
|
Call it with a single options table as follows:
|
||||||
|
|
||||||
|
client:connect {
|
||||||
|
scheme = "https" -- scheme to use, or nil for unix domain socket
|
||||||
|
host = "myhost.com", -- target machine, or a unix domain socket
|
||||||
|
port = nil, -- port on target machine, will default to 80/443 based on scheme
|
||||||
|
pool = nil, -- connection pool name, leave blank! this function knows best!
|
||||||
|
pool_size = nil, -- options as per: https://github.com/openresty/lua-nginx-module#tcpsockconnect
|
||||||
|
backlog = nil,
|
||||||
|
|
||||||
|
-- ssl options as per: https://github.com/openresty/lua-nginx-module#tcpsocksslhandshake
|
||||||
|
ssl_server_name = nil,
|
||||||
|
ssl_send_status_req = nil,
|
||||||
|
ssl_verify = true, -- NOTE: defaults to true
|
||||||
|
ctx = nil, -- NOTE: not supported
|
||||||
|
|
||||||
|
proxy_opts, -- proxy opts, defaults to global proxy options
|
||||||
|
}
|
||||||
|
]]
|
||||||
|
local function connect(self, options)
|
||||||
|
local sock = self.sock
|
||||||
|
if not sock then
|
||||||
|
return nil, "not initialized"
|
||||||
|
end
|
||||||
|
|
||||||
|
local ok, err
|
||||||
|
|
||||||
|
local request_scheme = options.scheme
|
||||||
|
local request_host = options.host
|
||||||
|
local request_port = options.port
|
||||||
|
|
||||||
|
local poolname = options.pool
|
||||||
|
local pool_size = options.pool_size
|
||||||
|
local backlog = options.backlog
|
||||||
|
|
||||||
|
if request_scheme and not request_port then
|
||||||
|
request_port = (request_scheme == "https" and 443 or 80)
|
||||||
|
elseif request_port and not request_scheme then
|
||||||
|
return nil, "'scheme' is required when providing a port"
|
||||||
|
end
|
||||||
|
|
||||||
|
-- ssl settings
|
||||||
|
local ssl, ssl_server_name, ssl_verify, ssl_send_status_req
|
||||||
|
if request_scheme == "https" then
|
||||||
|
ssl = true
|
||||||
|
ssl_server_name = options.ssl_server_name
|
||||||
|
ssl_send_status_req = options.ssl_send_status_req
|
||||||
|
ssl_verify = true -- default
|
||||||
|
if options.ssl_verify == false then
|
||||||
|
ssl_verify = false
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
-- proxy related settings
|
||||||
|
local proxy, proxy_uri, proxy_authorization, proxy_host, proxy_port, path_prefix
|
||||||
|
proxy = options.proxy_opts or self.proxy_opts
|
||||||
|
|
||||||
|
if proxy then
|
||||||
|
if request_scheme == "https" then
|
||||||
|
proxy_uri = proxy.https_proxy
|
||||||
|
proxy_authorization = proxy.https_proxy_authorization
|
||||||
|
else
|
||||||
|
proxy_uri = proxy.http_proxy
|
||||||
|
proxy_authorization = proxy.http_proxy_authorization
|
||||||
|
-- When a proxy is used, the target URI must be in absolute-form
|
||||||
|
-- (RFC 7230, Section 5.3.2.). That is, it must be an absolute URI
|
||||||
|
-- to the remote resource with the scheme, host and an optional port
|
||||||
|
-- in place.
|
||||||
|
--
|
||||||
|
-- Since _format_request() constructs the request line by concatenating
|
||||||
|
-- params.path and params.query together, we need to modify the path
|
||||||
|
-- to also include the scheme, host and port so that the final form
|
||||||
|
-- in conformant to RFC 7230.
|
||||||
|
path_prefix = "http://" .. request_host .. (request_port == 80 and "" or (":" .. request_port))
|
||||||
|
end
|
||||||
|
if not proxy_uri then
|
||||||
|
proxy = nil
|
||||||
|
proxy_authorization = nil
|
||||||
|
path_prefix = nil
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
if proxy and proxy.no_proxy then
|
||||||
|
-- Check if the no_proxy option matches this host. Implementation adapted
|
||||||
|
-- from lua-http library (https://github.com/daurnimator/lua-http)
|
||||||
|
if proxy.no_proxy == "*" then
|
||||||
|
-- all hosts are excluded
|
||||||
|
proxy = nil
|
||||||
|
|
||||||
|
else
|
||||||
|
local host = request_host
|
||||||
|
local no_proxy_set = {}
|
||||||
|
-- wget allows domains in no_proxy list to be prefixed by "."
|
||||||
|
-- e.g. no_proxy=.mit.edu
|
||||||
|
for host_suffix in ngx_re_gmatch(proxy.no_proxy, "\\.?([^,]+)") do
|
||||||
|
no_proxy_set[host_suffix[1]] = true
|
||||||
|
end
|
||||||
|
|
||||||
|
-- From curl docs:
|
||||||
|
-- matched as either a domain which contains the hostname, or the
|
||||||
|
-- hostname itself. For example local.com would match local.com,
|
||||||
|
-- local.com:80, and www.local.com, but not www.notlocal.com.
|
||||||
|
--
|
||||||
|
-- Therefore, we keep stripping subdomains from the host, compare
|
||||||
|
-- them to the ones in the no_proxy list and continue until we find
|
||||||
|
-- a match or until there's only the TLD left
|
||||||
|
repeat
|
||||||
|
if no_proxy_set[host] then
|
||||||
|
proxy = nil
|
||||||
|
proxy_uri = nil
|
||||||
|
proxy_authorization = nil
|
||||||
|
break
|
||||||
|
end
|
||||||
|
|
||||||
|
-- Strip the next level from the domain and check if that one
|
||||||
|
-- is on the list
|
||||||
|
host = ngx_re_sub(host, "^[^.]+\\.", "")
|
||||||
|
until not ngx_re_find(host, "\\.")
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
if proxy then
|
||||||
|
local proxy_uri_t, err = self:parse_uri(proxy_uri)
|
||||||
|
if not proxy_uri_t then
|
||||||
|
return nil, err
|
||||||
|
end
|
||||||
|
|
||||||
|
local proxy_scheme = proxy_uri_t[1]
|
||||||
|
if proxy_scheme ~= "http" then
|
||||||
|
return nil, "protocol " .. tostring(proxy_scheme) ..
|
||||||
|
" not supported for proxy connections"
|
||||||
|
end
|
||||||
|
proxy_host = proxy_uri_t[2]
|
||||||
|
proxy_port = proxy_uri_t[3]
|
||||||
|
end
|
||||||
|
|
||||||
|
-- construct a poolname unique within proxy and ssl info
|
||||||
|
if not poolname then
|
||||||
|
poolname = (request_scheme or "")
|
||||||
|
.. ":" .. request_host
|
||||||
|
.. ":" .. tostring(request_port)
|
||||||
|
.. ":" .. tostring(ssl)
|
||||||
|
.. ":" .. (ssl_server_name or "")
|
||||||
|
.. ":" .. tostring(ssl_verify)
|
||||||
|
.. ":" .. (proxy_uri or "")
|
||||||
|
.. ":" .. (request_scheme == "https" and proxy_authorization or "")
|
||||||
|
-- in the above we only add the 'proxy_authorization' as part of the poolname
|
||||||
|
-- when the request is https. Because in that case the CONNECT request (which
|
||||||
|
-- carries the authorization header) is part of the connect procedure, whereas
|
||||||
|
-- with a plain http request the authorization is part of the actual request.
|
||||||
|
end
|
||||||
|
|
||||||
|
-- do TCP level connection
|
||||||
|
local tcp_opts = { pool = poolname, pool_size = pool_size, backlog = backlog }
|
||||||
|
if proxy then
|
||||||
|
-- proxy based connection
|
||||||
|
ok, err = sock:connect(proxy_host, proxy_port, tcp_opts)
|
||||||
|
if not ok then
|
||||||
|
return nil, err
|
||||||
|
end
|
||||||
|
|
||||||
|
if ssl and sock:getreusedtimes() == 0 then
|
||||||
|
-- Make a CONNECT request to create a tunnel to the destination through
|
||||||
|
-- the proxy. The request-target and the Host header must be in the
|
||||||
|
-- authority-form of RFC 7230 Section 5.3.3. See also RFC 7231 Section
|
||||||
|
-- 4.3.6 for more details about the CONNECT request
|
||||||
|
local destination = request_host .. ":" .. request_port
|
||||||
|
local res, err = self:request({
|
||||||
|
method = "CONNECT",
|
||||||
|
path = destination,
|
||||||
|
headers = {
|
||||||
|
["Host"] = destination,
|
||||||
|
["Proxy-Authorization"] = proxy_authorization,
|
||||||
|
}
|
||||||
|
})
|
||||||
|
|
||||||
|
if not res then
|
||||||
|
return nil, err
|
||||||
|
end
|
||||||
|
|
||||||
|
if res.status < 200 or res.status > 299 then
|
||||||
|
return nil, "failed to establish a tunnel through a proxy: " .. res.status
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
elseif not request_port then
|
||||||
|
-- non-proxy, without port -> unix domain socket
|
||||||
|
ok, err = sock:connect(request_host, tcp_opts)
|
||||||
|
if not ok then
|
||||||
|
return nil, err
|
||||||
|
end
|
||||||
|
|
||||||
|
else
|
||||||
|
-- non-proxy, regular network tcp
|
||||||
|
ok, err = sock:connect(request_host, request_port, tcp_opts)
|
||||||
|
if not ok then
|
||||||
|
return nil, err
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
-- Now do the ssl handshake
|
||||||
|
if ssl and sock:getreusedtimes() == 0 then
|
||||||
|
local ok, err = sock:sslhandshake(nil, ssl_server_name, ssl_verify, ssl_send_status_req)
|
||||||
|
if not ok then
|
||||||
|
self:close()
|
||||||
|
return nil, err
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
self.host = request_host
|
||||||
|
self.port = request_port
|
||||||
|
self.keepalive = true
|
||||||
|
self.ssl = ssl
|
||||||
|
-- set only for http, https has already been handled
|
||||||
|
self.http_proxy_auth = request_scheme ~= "https" and proxy_authorization or nil
|
||||||
|
self.path_prefix = path_prefix
|
||||||
|
|
||||||
|
return true
|
||||||
|
end
|
||||||
|
|
||||||
|
return connect
|
|
@ -0,0 +1,44 @@
|
||||||
|
local rawget, rawset, setmetatable =
|
||||||
|
rawget, rawset, setmetatable
|
||||||
|
|
||||||
|
local str_lower = string.lower
|
||||||
|
|
||||||
|
local _M = {
|
||||||
|
_VERSION = '0.16.1',
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
-- Returns an empty headers table with internalised case normalisation.
|
||||||
|
function _M.new()
|
||||||
|
local mt = {
|
||||||
|
normalised = {},
|
||||||
|
}
|
||||||
|
|
||||||
|
mt.__index = function(t, k)
|
||||||
|
return rawget(t, mt.normalised[str_lower(k)])
|
||||||
|
end
|
||||||
|
|
||||||
|
mt.__newindex = function(t, k, v)
|
||||||
|
local k_normalised = str_lower(k)
|
||||||
|
|
||||||
|
-- First time seeing this header field?
|
||||||
|
if not mt.normalised[k_normalised] then
|
||||||
|
-- Create a lowercased entry in the metatable proxy, with the value
|
||||||
|
-- of the given field case
|
||||||
|
mt.normalised[k_normalised] = k
|
||||||
|
|
||||||
|
-- Set the header using the given field case
|
||||||
|
rawset(t, k, v)
|
||||||
|
else
|
||||||
|
-- We're being updated just with a different field case. Use the
|
||||||
|
-- normalised metatable proxy to give us the original key case, and
|
||||||
|
-- perorm a rawset() to update the value.
|
||||||
|
rawset(t, mt.normalised[k_normalised], v)
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
return setmetatable({}, mt)
|
||||||
|
end
|
||||||
|
|
||||||
|
|
||||||
|
return _M
|
|
@ -0,0 +1,10 @@
|
||||||
|
version: "3.8"
|
||||||
|
services:
|
||||||
|
openresty:
|
||||||
|
image: openresty/openresty:alpine
|
||||||
|
ports:
|
||||||
|
- "8000:80"
|
||||||
|
volumes:
|
||||||
|
- ./data/conf.d:/etc/nginx/conf.d
|
||||||
|
- ./data/lualib:/usr/local/openresty/site/lualib
|
||||||
|
restart: unless-stopped
|
|
@ -3,7 +3,7 @@ version: '3.8'
|
||||||
services:
|
services:
|
||||||
|
|
||||||
yourls:
|
yourls:
|
||||||
image: yourls:1.7
|
image: yourls:1.8
|
||||||
ports:
|
ports:
|
||||||
- "8080:80"
|
- "8080:80"
|
||||||
environment:
|
environment:
|
||||||
|
|
Loading…
Reference in New Issue