das Netzwerk docker_subnet muss angelegt sein oder an eigene Umgebung angepasst werden, oder die Zeilen Networks entfernen für Default
Volume ist ein Host bind
services:
webserver:
container_name: webserver
image: erseco/alpine-php-webserver:latest
restart: always
security_opt:
- no-new-privileges:true
environment:
TZ: Europe/Berlin
ports:
- 8080:8080
volumes:
- /var/www/html:/var/www/html
networks:
docker_subnet:
ipv4_address: 172.18.0.15
networks:
docker_subnet:
external: true
wen man noch möchte das ein log geschrieben wird und hinter einem Proxy ist und möchte das die IP gelogt wird, kann noch ein paar Änderungen machen, Zeilen die als Volume hinzugefügt werden können
- /var/www/conf/webserver/nginx:/etc/logrotate.d/nginx
- /var/www/conf/webserver/nginx.conf:/etc/nginx/nginx.conf
- /var/www/log/webserver:/var/log/nginx
Datei anlegen
nginx.conf
worker_processes 1;
error_log stderr warn;
pid /run/nginx.pid;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
# Define custom log format to include reponse times
log_format main_timed '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for" '
'$request_time $upstream_response_time $pipe $upstream_cache_status';
access_log /var/log/nginx/access.log main_timed;
error_log /var/log/nginx/error.log notice;
keepalive_timeout 65;
# Write temporary files to /tmp so they can be created as a non-privileged user
client_body_temp_path /tmp/client_temp;
proxy_temp_path /tmp/proxy_temp_path;
fastcgi_temp_path /tmp/fastcgi_temp;
uwsgi_temp_path /tmp/uwsgi_temp;
scgi_temp_path /tmp/scgi_temp;
# Default server definition
server {
listen 8080 default_server;
server_name _;
sendfile off;
# Set the forwarded_scheme variable based on the X-Forwarded-Proto header
# This is used to maintain the original protocol used by the client
# This is important when behind a reverse proxy that handles SSL termination
set $forwarded_scheme "http";
if ($http_x_forwarded_proto = "https") {
set $forwarded_scheme "https";
}
# Increase proxy buffers for large requests
proxy_buffer_size 128k;
proxy_buffers 4 256k;
proxy_busy_buffers_size 256k;
# Upload limit
client_max_body_size 2M;
client_body_buffer_size 128k;
root /var/www/html;
index index.php index.html;
location / {
# First attempt to serve request as file, then
# as directory, then fall back to index.php
try_files $uri $uri/ /index.php?q=$uri&$args;
}
# Redirect server error pages to the static page /50x.html
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /var/lib/nginx/html;
}
# Pass the PHP scripts to PHP-FPM listening on socket
location ~ [^/]\.php(/|$) {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/run/php-fpm.sock;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param SCRIPT_NAME $fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_index index.php;
include fastcgi_params;
# Pass the original forwarded_scheme and HTTPS status to the PHP backend
fastcgi_param HTTP_X_FORWARDED_PROTO $forwarded_scheme;
fastcgi_param HTTPS $https if_not_empty;
}
location ~* \.(jpg|jpeg|gif|png|css|js|ico|xml)$ {
expires 5d;
}
# Deny access to . files, for security
location ~ /\. {
log_not_found off;
deny all;
}
# Allow fpm ping and status from localhost
location ~ ^/(fpm-status|fpm-ping)$ {
access_log off;
allow 127.0.0.1;
deny all;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
fastcgi_pass unix:/run/php-fpm.sock;
}
# Include additional server-specific configurations
include /etc/nginx/server-conf.d/*.conf;
}
# Include other server configs
include /etc/nginx/conf.d/*.conf;
gzip on;
gzip_proxied any;
# Based on CloudFlare's recommended settings https://developers.cloudflare.com/speed/optimization/content/brotli/content-compression/
gzip_types text/richtext text/plain text/css text/x-script text/x-component text/x-java-source text/x-markdown application/javascript application/x-javascript text/javascript text/js image/x-icon image/vnd.microsoft.icon application/x-perl application/x-httpd-cgi text/xml application/xml application/rss+xml application/vnd.api+json application/x-protobuf application/json multipart/bag multipart/mixed application/xhtml+xml font/ttf font/otf font/x-woff image/svg+xml application/vnd.ms-fontobject application/ttf application/x-ttf application/otf application/x-otf application/truetype application/opentype application/x-opentype application/font-woff application/eot application/font application/font-sfnt application/wasm application/javascript-binast application/manifest+json application/ld+json application/graphql+json application/geo+json;
gzip_vary on;
gzip_disable "msie6";
}
Datei anlegen
nginx
/var/log/nginx/*.log {
weekly
missingok
rotate 7
compress
delaycompress
notifempty
create 0640 nobody nogroup
sharedscripts
postrotate
/etc/init.d/nginx --quiet --ifstarted reopen
endscript
im Nginx-Proxy-Manager zu der Domain bei Advanced noch dieses hinzufügen
proxy_read_timeout 300;
proxy_pass_header X-Transmission-Session-Id;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;