diff --git a/.dockerignore b/.dockerignore index 345dfe6..59eb350 100644 --- a/.dockerignore +++ b/.dockerignore @@ -1,4 +1,4 @@ .env .git graphdb.zip -drupal-data \ No newline at end of file +drupal_data \ No newline at end of file diff --git a/.gitignore b/.gitignore index 404b79e..f7a29a5 100644 --- a/.gitignore +++ b/.gitignore @@ -1,3 +1,5 @@ .env +.htpasswd graphdb.zip -drupal-data \ No newline at end of file +settings.php +volumes \ No newline at end of file diff --git a/README.md b/README.md index b670a41..6bfa9df 100644 --- a/README.md +++ b/README.md @@ -18,10 +18,16 @@ * TripleStore from slim-buster ## Start * Clone Repo with `git clone git@github.com:rnsrk/performance-drupal.git`. -* Rename .example-env to .env and set environment varibles for postgres service. -* Run `./prepare_volumes.sh` to create drupal-data directory and add absolute path to .env variable. +* Rename .example-env to .env and set environment variables for postgres service. +* Rename ./nginx_context/.example-htpasswd to .htpasswd and set environment variables for nginx service. +* Rename ./drupal_context/.example-settings.php to settings.php and set environment variables for drupal service. * Get [GraphDB free standalone server](https://graphdb.ontotext.com/). * Copy zip-file to to /graphdb_context and rename it to "graphdb.zip". * Start containers with `docker compose up -d`. -* Go to`http://localhost:3001` +* Go to `http://drupal.local` for Drupal installation +* Go to `http://graphdb.local` for GraphDB workbench +* Go to `http://adminer.local` for Adminer workbench +## Roadmap +* implement iipserver correctly +* have readable/writable mount volumes for postgres, solr, graphdb \ No newline at end of file diff --git a/docker-compose.yml b/docker-compose.yml index 3be788b..546160c 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -2,40 +2,30 @@ version: "3.8" services: postgres: - image: postgres:alpine - container_name: dlza_postgresql + image: rnsrk/postgres:alpine + build: + context: ./postgres_context + container_name: postgres restart: unless-stopped env_file: .env volumes: - - db-data:/var/lib/postgresql/data + - ./volumes/db_data:/var/lib/postgresql/data:rw drupal: - image: rnsrk/drupal:9.4.7-fpm-alpine-extended + image: rnsrk/drupal:10.0.9-php8.2-fpm-alpine build: context: ./drupal_context - container_name: dlza_drupal + container_name: drupal depends_on: - postgres restart: unless-stopped volumes: - - drupal-data:/opt/drupal - - ./drupal_context/custom-php-settings.ini:/usr/local/etc/php/conf.d/99-custom-settings.ini - - webserver: - image: nginx:1.23-alpine - container_name: dlza_webserver - depends_on: - - drupal - restart: unless-stopped - ports: - - 3001:80 - volumes: - - drupal-data:/opt/drupal - - ./nginx-conf:/etc/nginx/conf.d + - ./volumes/drupal/data:/opt/drupal:rw + - ./volumes/drupal/private_files:/var/www/private_files solr: image: solr:8-slim - container_name: dlza_solr + container_name: solr restart: unless-stopped volumes: - solr-data:/opt/solr @@ -43,25 +33,35 @@ services: SOLR_JAVA_MEM: "-Xms256M -Xmx512M" graphdb: - image: rnsrk/graphdb:10.0.2 - container_name: dlza_graphdb + image: rnsrk/graphdb + container_name: graphdb restart: unless-stopped build: context: ./graphdb_context volumes: - - graphdb-data:/graphdb/data + - graphdb_data:/graphdb/data adminer: image: adminer:fastcgi - container_name: dlza_adminer + container_name: adminer restart: unless-stopped + webserver: + image: nginx:1.23-alpine + container_name: webserver + depends_on: + - drupal + - solr + - graphdb + - adminer + restart: unless-stopped + ports: + - 80:80 + volumes: + - ./volumes/drupal/data:/opt/drupal + - ./nginx_context/server_conf:/etc/nginx/conf.d/ + - ./nginx_context/.htpasswd:/usr/share/nginx/.htpasswd + volumes: - db-data: - drupal-data: - driver_opts: - type: none - device: ${DRUPAL_DATA} #NOTE needs full path (~ or ./ doesn't work) - o: bind - graphdb-data: + graphdb_data: solr-data: diff --git a/drupal_context/99-custom-opcache-settings.ini b/drupal_context/99-custom-opcache-settings.ini new file mode 100644 index 0000000..43a530f --- /dev/null +++ b/drupal_context/99-custom-opcache-settings.ini @@ -0,0 +1,5 @@ +opcache.memory_consumption=128 +opcache.interned_strings_buffer=8 +opcache.max_accelerated_files=4000 +opcache.revalidate_freq=60 +opcache.fast_shutdown=1 \ No newline at end of file diff --git a/drupal_context/custom-php-settings.ini b/drupal_context/99-custom-php-settings.ini similarity index 88% rename from drupal_context/custom-php-settings.ini rename to drupal_context/99-custom-php-settings.ini index d76d0d6..22a1a6e 100644 --- a/drupal_context/custom-php-settings.ini +++ b/drupal_context/99-custom-php-settings.ini @@ -2,7 +2,7 @@ max_execution_time = 60 max_input_time = 30 max_input_nesting_level = 640 max_input_vars = 10000 -memory_limit = 512M +memory_limit = 2048M upload_max_filesize = 20M max_file_uploads = 50 post_max_size = 20M \ No newline at end of file diff --git a/drupal_context/Dockerfile b/drupal_context/Dockerfile index 3d0fe45..7310db3 100755 --- a/drupal_context/Dockerfile +++ b/drupal_context/Dockerfile @@ -1,15 +1,125 @@ -FROM drupal:9.4.7-fpm-alpine - -MAINTAINER Robert Nasarek "r.nasarek@gnm.de" - -# Install build environment -RUN apk add build-base autoconf vim git - -# Install extensions -RUN pecl install apcu uploadprogress - -# Enable extensions -RUN docker-php-ext-enable apcu uploadprogress - -# Remove build packages -RUN apk del build-base autoconf \ No newline at end of file +FROM drupal:10.0.9-php8.2-fpm-alpine + +MAINTAINER Robert Nasarek "r.nasarek@gnm.de" + +# Install all the stuff we need + +# Install packages +RUN apk update && \ + apk upgrade -U + +RUN apk add \ + autoconf \ + automake \ + build-base \ + coreutils \ + freetype-dev \ + git \ + imagemagick \ + jpeg-dev \ + libpng-dev \ + libpq-dev \ + libtool \ + libwebp-dev \ + libwebp-tools \ + libxml2-dev \ + libzip-dev \ + linux-headers \ + postgresql-dev \ + tiff-dev \ + unzip \ + vim \ + wget; + +# Add php extensions +RUN docker-php-ext-configure gd \ + --with-freetype \ + --with-jpeg=/usr \ + --with-webp; + +RUN docker-php-ext-install -j "$(nproc)" \ + dom \ + gd \ + opcache \ + pdo_mysql \ + pdo_pgsql \ + zip; + +# Runtime Dependencies +RUN runDeps="$( \ + scanelf --needed --nobanner --format '%n#p' --recursive /usr/local \ + | tr ',' '\n' \ + | sort -u \ + | awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \ + )"; \ + apk add --no-network --virtual .drupal-phpexts-rundeps $runDeps; + +# Upload progress +RUN set -eux; \ + git clone https://github.com/php/pecl-php-uploadprogress/ /usr/src/php/ext/uploadprogress/; \ + docker-php-ext-configure uploadprogress; \ + docker-php-ext-install uploadprogress; \ + rm -rf /usr/src/php/ext/uploadprogress; + +# Install apcu +RUN set -eux; \ + pecl install apcu; \ + pecl install xdebug \ + docker-php-ext-enable xdebug; + + +# Add php configs +RUN { \ + echo 'extension=apcu.so'; \ + echo "apc.enable_cli=1"; \ + echo "apc.enable=1"; \ + } >> /usr/local/etc/php/php.ini; + +# Install iipsrv +RUN set -eux; \ + git clone https://github.com/ruven/iipsrv.git; \ + cd iipsrv; \ + ./autogen.sh; \ + ./configure; \ + make; \ + mkdir /fcgi-bin; \ + cp src/iipsrv.fcgi /fcgi-bin/iipsrv.fcgi + +# Add IIPServer config +COPY iipsrv.conf /etc/apache2/mods-available/iipsrv.conf + +# set recommended PHP.ini settings +# see https://secure.php.net/manual/en/opcache.installation.php +COPY 99-custom-opcache-settings.ini /usr/local/etc/php/conf.d/99-custom-opcache-settings.ini; + +# Tweek PHP +COPY 99-custom-php-settings.ini /usr/local/etc/php/conf.d/99-custom-php-settings.ini; + +# Install composer +COPY --from=composer:2 /usr/bin/composer /usr/local/bin/ + +# Add private files directory +RUN mkdir /var/www/private_files && chown -R www-data /var/www/private_files + +# Add Drupal directory +RUN mkdir -p /opt/drupal + +# Change workdir +WORKDIR /opt/drupal + +# Copy entrypoint to image +COPY entrypoint.sh /usr/local/bin +RUN chmod +x /usr/local/bin/entrypoint.sh + +# Copy Drupal settings from context to image +COPY settings.php /settings.php + +# (Re)link html dir +RUN ln -sf /opt/drupal/web /var/www/html + +ENV PATH=${PATH}:/opt/drupal/vendor/bin + +# Define entrypoint +ENTRYPOINT entrypoint.sh + +# vim:set ft=dockerfile: diff --git a/drupal_context/entrypoint.sh b/drupal_context/entrypoint.sh new file mode 100755 index 0000000..661adb7 --- /dev/null +++ b/drupal_context/entrypoint.sh @@ -0,0 +1,77 @@ +#!/bin/sh + +# Entrypoint to install Drupal in container + +# Check if installation already exists +if ! [ -d /opt/drupal/web ] + then + # https://www.drupal.org/node/3060/release + DRUPAL_VERSION='10.0.9' + + # Installed Drupal modules, please check and update versions if necessary + # List Requirements + REQUIREMENTS="drupal/colorbox \ + drupal/conditional_fields:4.x-dev@dev \ + drupal/devel \ + drush/drush \ + drupal/facets \ + drupal/field_permissions \ + drupal/geofield \ + drupal/geofield_map \ + drupal/image_effects \ + drupal/imagemagick \ + drupal/imce \ + drupal/inline_entity_form:^1.0@RC \ + kint-php/kint \ + drupal/leaflet \ + drupal/search_api \ + drupal/search_api_solr \ + drupal/viewfield:^3.0@beta \ + drupal/wisski:3.x-dev@dev" + + # Install Drupal, WissKI and dependencies + set -eux + export COMPOSER_HOME="$(mktemp -d)" + composer create-project --no-interaction "drupal/recommended-project:$DRUPAL_VERSION" ./ + yes | composer require ${REQUIREMENTS} + + + + # delete composer cache + rm -rf "$COMPOSER_HOME" + + # install libraries + set -eux + mkdir -p web/libraries + wget https://github.com/jackmoore/colorbox/archive/refs/heads/master.zip -P web/libraries/ + unzip web/libraries/master.zip -d web/libraries/ + rm -r web/libraries/master.zip + mv web/libraries/colorbox-master web/libraries/colorbox + + # IIPMooViewer + wget https://github.com/ruven/iipmooviewer/archive/refs/heads/master.zip -P web/libraries/ + unzip web/libraries/master.zip -d web/libraries/ + rm -r web/libraries/master.zip + mv web/libraries/iipmooviewer-master web/libraries/iipmooviewer + + # Mirador + wget https://github.com/rnsrk/wisski-mirador-integration/archive/refs/heads/main.zip -P web/libraries/ + unzip web/libraries/main.zip -d web/libraries/ + mv web/libraries/wisski-mirador-integration-main web/libraries/wisski-mirador-integration + + # Move settings-file to the right place + mv /settings.php web/sites/default/settings.php + + # Set permissions + chmod -R 644 web/sites/default/settings.php + chown -R www-data:www-data /opt/drupal + else + echo "/opt/drupal/web already exists." +fi + +# Adjust permissions and links +rm -r /var/www/html +ln -sf /opt/drupal/web /var/www/html + +# Start fpm +php-fpm \ No newline at end of file diff --git a/drupal_context/example-settings.php b/drupal_context/example-settings.php new file mode 100755 index 0000000..02674de --- /dev/null +++ b/drupal_context/example-settings.php @@ -0,0 +1,849 @@ + 'databasename', + * 'username' => 'sqlusername', + * 'password' => 'sqlpassword', + * 'host' => 'localhost', + * 'port' => '3306', + * 'driver' => 'mysql', + * 'prefix' => '', + * 'collation' => 'utf8mb4_general_ci', + * ]; + * @endcode + */ +$databases = []; + +/** + * Customizing database settings. + * + * Many of the values of the $databases array can be customized for your + * particular database system. Refer to the sample in the section above as a + * starting point. + * + * The "driver" property indicates what Drupal database driver the + * connection should use. This is usually the same as the name of the + * database type, such as mysql or sqlite, but not always. The other + * properties will vary depending on the driver. For SQLite, you must + * specify a database file name in a directory that is writable by the + * webserver. For most other drivers, you must specify a + * username, password, host, and database name. + * + * Drupal core implements drivers for mysql, pgsql, and sqlite. Other drivers + * can be provided by contributed or custom modules. To use a contributed or + * custom driver, the "namespace" property must be set to the namespace of the + * driver. The code in this namespace must be autoloadable prior to connecting + * to the database, and therefore, prior to when module root namespaces are + * added to the autoloader. To add the driver's namespace to the autoloader, + * set the "autoload" property to the PSR-4 base directory of the driver's + * namespace. This is optional for projects managed with Composer if the + * driver's namespace is in Composer's autoloader. + * + * For each database, you may optionally specify multiple "target" databases. + * A target database allows Drupal to try to send certain queries to a + * different database if it can but fall back to the default connection if not. + * That is useful for primary/replica replication, as Drupal may try to connect + * to a replica server when appropriate and if one is not available will simply + * fall back to the single primary server (The terms primary/replica are + * traditionally referred to as master/slave in database server documentation). + * + * The general format for the $databases array is as follows: + * @code + * $databases['default']['default'] = $info_array; + * $databases['default']['replica'][] = $info_array; + * $databases['default']['replica'][] = $info_array; + * $databases['extra']['default'] = $info_array; + * @endcode + * + * In the above example, $info_array is an array of settings described above. + * The first line sets a "default" database that has one primary database + * (the second level default). The second and third lines create an array + * of potential replica databases. Drupal will select one at random for a given + * request as needed. The fourth line creates a new database with a name of + * "extra". + * + * For MySQL, MariaDB or equivalent databases the 'isolation_level' option can + * be set. The recommended transaction isolation level for Drupal sites is + * 'READ COMMITTED'. The 'REPEATABLE READ' option is supported but can result + * in deadlocks, the other two options are 'READ UNCOMMITTED' and 'SERIALIZABLE'. + * They are available but not supported; use them at your own risk. For more + * info: + * https://dev.mysql.com/doc/refman/5.7/en/innodb-transaction-isolation-levels.html + * + * On your settings.php, change the isolation level: + * @code + * $databases['default']['default']['init_commands'] = [ + * 'isolation_level' => 'SET SESSION TRANSACTION ISOLATION LEVEL READ COMMITTED', + * ]; + * @endcode + * + * You can optionally set a prefix for all database table names by using the + * 'prefix' setting. If a prefix is specified, the table name will be prepended + * with its value. Be sure to use valid database characters only, usually + * alphanumeric and underscore. If no prefix is desired, do not set the 'prefix' + * key or set its value to an empty string ''. + * + * For example, to have all database table prefixed with 'main_', set: + * @code + * 'prefix' => 'main_', + * @endcode + * + * Advanced users can add or override initial commands to execute when + * connecting to the database server, as well as PDO connection settings. For + * example, to enable MySQL SELECT queries to exceed the max_join_size system + * variable, and to reduce the database connection timeout to 5 seconds: + * @code + * $databases['default']['default'] = [ + * 'init_commands' => [ + * 'big_selects' => 'SET SQL_BIG_SELECTS=1', + * ], + * 'pdo' => [ + * PDO::ATTR_TIMEOUT => 5, + * ], + * ]; + * @endcode + * + * WARNING: The above defaults are designed for database portability. Changing + * them may cause unexpected behavior, including potential data loss. See + * https://www.drupal.org/developing/api/database/configuration for more + * information on these defaults and the potential issues. + * + * More details can be found in the constructor methods for each driver: + * - \Drupal\mysql\Driver\Database\mysql\Connection::__construct() + * - \Drupal\pgsql\Driver\Database\pgsql\Connection::__construct() + * - \Drupal\sqlite\Driver\Database\sqlite\Connection::__construct() + * + * Sample Database configuration format for PostgreSQL (pgsql): + * @code + * $databases['default']['default'] = [ + * 'driver' => 'pgsql', + * 'database' => 'databasename', + * 'username' => 'sqlusername', + * 'password' => 'sqlpassword', + * 'host' => 'localhost', + * 'prefix' => '', + * ]; + * @endcode + * + * Sample Database configuration format for SQLite (sqlite): + * @code + * $databases['default']['default'] = [ + * 'driver' => 'sqlite', + * 'database' => '/path/to/databasefilename', + * ]; + * @endcode + * + * Sample Database configuration format for a driver in a contributed module: + * @code + * $databases['default']['default'] = [ + * 'driver' => 'my_driver', + * 'namespace' => 'Drupal\my_module\Driver\Database\my_driver', + * 'autoload' => 'modules/my_module/src/Driver/Database/my_driver/', + * 'database' => 'databasename', + * 'username' => 'sqlusername', + * 'password' => 'sqlpassword', + * 'host' => 'localhost', + * 'prefix' => '', + * ]; + * @endcode + */ + +/** + * Location of the site configuration files. + * + * The $settings['config_sync_directory'] specifies the location of file system + * directory used for syncing configuration data. On install, the directory is + * created. This is used for configuration imports. + * + * The default location for this directory is inside a randomly-named + * directory in the public files path. The setting below allows you to set + * its location. + */ +# $settings['config_sync_directory'] = '/directory/outside/webroot'; + +/** + * Settings: + * + * $settings contains environment-specific configuration, such as the files + * directory and reverse proxy address, and temporary configuration, such as + * security overrides. + * + * @see \Drupal\Core\Site\Settings::get() + */ + +/** + * Salt for one-time login links, cancel links, form tokens, etc. + * + * This variable will be set to a random value by the installer. All one-time + * login links will be invalidated if the value is changed. Note that if your + * site is deployed on a cluster of web servers, you must ensure that this + * variable has the same value on each server. + * + * For enhanced security, you may set this variable to the contents of a file + * outside your document root; you should also ensure that this file is not + * stored with backups of your database. + * + * Example: + * @code + * $settings['hash_salt'] = file_get_contents('/home/example/salt.txt'); + * @endcode + */ +$settings['hash_salt'] = 'zr8z5qMoocPpCWAeGlFtlixya4JB6QUOYY-v5f-6uUNZ7Rp3g8FerKqarGKQbcXVNeGjHMUOJg'; + +/** + * Deployment identifier. + * + * Drupal's dependency injection container will be automatically invalidated and + * rebuilt when the Drupal core version changes. When updating contributed or + * custom code that changes the container, changing this identifier will also + * allow the container to be invalidated as soon as code is deployed. + */ +# $settings['deployment_identifier'] = \Drupal::VERSION; + +/** + * Access control for update.php script. + * + * If you are updating your Drupal installation using the update.php script but + * are not logged in using either an account with the "Administer software + * updates" permission or the site maintenance account (the account that was + * created during installation), you will need to modify the access check + * statement below. Change the FALSE to a TRUE to disable the access check. + * After finishing the upgrade, be sure to open this file again and change the + * TRUE back to a FALSE! + */ +$settings['update_free_access'] = FALSE; + +/** + * Fallback to HTTP for Update Manager and for fetching security advisories. + * + * If your site fails to connect to updates.drupal.org over HTTPS (either when + * fetching data on available updates, or when fetching the feed of critical + * security announcements), you may uncomment this setting and set it to TRUE to + * allow an insecure fallback to HTTP. Note that doing so will open your site up + * to a potential man-in-the-middle attack. You should instead attempt to + * resolve the issues before enabling this option. + * @see https://www.drupal.org/docs/system-requirements/php-requirements#openssl + * @see https://en.wikipedia.org/wiki/Man-in-the-middle_attack + * @see \Drupal\update\UpdateFetcher + * @see \Drupal\system\SecurityAdvisories\SecurityAdvisoriesFetcher + */ +# $settings['update_fetch_with_http_fallback'] = TRUE; + +/** + * External access proxy settings: + * + * If your site must access the Internet via a web proxy then you can enter the + * proxy settings here. Set the full URL of the proxy, including the port, in + * variables: + * - $settings['http_client_config']['proxy']['http']: The proxy URL for HTTP + * requests. + * - $settings['http_client_config']['proxy']['https']: The proxy URL for HTTPS + * requests. + * You can pass in the user name and password for basic authentication in the + * URLs in these settings. + * + * You can also define an array of host names that can be accessed directly, + * bypassing the proxy, in $settings['http_client_config']['proxy']['no']. + */ +# $settings['http_client_config']['proxy']['http'] = 'http://proxy_user:proxy_pass@example.com:8080'; +# $settings['http_client_config']['proxy']['https'] = 'http://proxy_user:proxy_pass@example.com:8080'; +# $settings['http_client_config']['proxy']['no'] = ['127.0.0.1', 'localhost']; + +/** + * Reverse Proxy Configuration: + * + * Reverse proxy servers are often used to enhance the performance + * of heavily visited sites and may also provide other site caching, + * security, or encryption benefits. In an environment where Drupal + * is behind a reverse proxy, the real IP address of the client should + * be determined such that the correct client IP address is available + * to Drupal's logging, statistics, and access management systems. In + * the most simple scenario, the proxy server will add an + * X-Forwarded-For header to the request that contains the client IP + * address. However, HTTP headers are vulnerable to spoofing, where a + * malicious client could bypass restrictions by setting the + * X-Forwarded-For header directly. Therefore, Drupal's proxy + * configuration requires the IP addresses of all remote proxies to be + * specified in $settings['reverse_proxy_addresses'] to work correctly. + * + * Enable this setting to get Drupal to determine the client IP from the + * X-Forwarded-For header. If you are unsure about this setting, do not have a + * reverse proxy, or Drupal operates in a shared hosting environment, this + * setting should remain commented out. + * + * In order for this setting to be used you must specify every possible + * reverse proxy IP address in $settings['reverse_proxy_addresses']. + * If a complete list of reverse proxies is not available in your + * environment (for example, if you use a CDN) you may set the + * $_SERVER['REMOTE_ADDR'] variable directly in settings.php. + * Be aware, however, that it is likely that this would allow IP + * address spoofing unless more advanced precautions are taken. + */ +# $settings['reverse_proxy'] = TRUE; + +/** + * Reverse proxy addresses. + * + * Specify every reverse proxy IP address in your environment, as an array of + * IPv4/IPv6 addresses or subnets in CIDR notation. This setting is required if + * $settings['reverse_proxy'] is TRUE. + */ +# $settings['reverse_proxy_addresses'] = ['a.b.c.d', 'e.f.g.h/24', ...]; + +/** + * Reverse proxy trusted headers. + * + * Sets which headers to trust from your reverse proxy. + * + * Common values are: + * - \Symfony\Component\HttpFoundation\Request::HEADER_X_FORWARDED_FOR + * - \Symfony\Component\HttpFoundation\Request::HEADER_X_FORWARDED_HOST + * - \Symfony\Component\HttpFoundation\Request::HEADER_X_FORWARDED_PORT + * - \Symfony\Component\HttpFoundation\Request::HEADER_X_FORWARDED_PROTO + * - \Symfony\Component\HttpFoundation\Request::HEADER_FORWARDED + * + * Note the default value of + * @code + * \Symfony\Component\HttpFoundation\Request::HEADER_X_FORWARDED_FOR | \Symfony\Component\HttpFoundation\Request::HEADER_X_FORWARDED_HOST | \Symfony\Component\HttpFoundation\Request::HEADER_X_FORWARDED_PORT | \Symfony\Component\HttpFoundation\Request::HEADER_X_FORWARDED_PROTO | \Symfony\Component\HttpFoundation\Request::HEADER_FORWARDED + * @endcode + * is not secure by default. The value should be set to only the specific + * headers the reverse proxy uses. For example: + * @code + * \Symfony\Component\HttpFoundation\Request::HEADER_X_FORWARDED_FOR | \Symfony\Component\HttpFoundation\Request::HEADER_X_FORWARDED_HOST | \Symfony\Component\HttpFoundation\Request::HEADER_X_FORWARDED_PORT | \Symfony\Component\HttpFoundation\Request::HEADER_X_FORWARDED_PROTO + * @endcode + * This would trust the following headers: + * - X_FORWARDED_FOR + * - X_FORWARDED_HOST + * - X_FORWARDED_PROTO + * - X_FORWARDED_PORT + * + * @see \Symfony\Component\HttpFoundation\Request::HEADER_X_FORWARDED_FOR + * @see \Symfony\Component\HttpFoundation\Request::HEADER_X_FORWARDED_HOST + * @see \Symfony\Component\HttpFoundation\Request::HEADER_X_FORWARDED_PORT + * @see \Symfony\Component\HttpFoundation\Request::HEADER_X_FORWARDED_PROTO + * @see \Symfony\Component\HttpFoundation\Request::HEADER_FORWARDED + * @see \Symfony\Component\HttpFoundation\Request::setTrustedProxies + */ +# $settings['reverse_proxy_trusted_headers'] = \Symfony\Component\HttpFoundation\Request::HEADER_X_FORWARDED_FOR | \Symfony\Component\HttpFoundation\Request::HEADER_X_FORWARDED_HOST | \Symfony\Component\HttpFoundation\Request::HEADER_X_FORWARDED_PORT | \Symfony\Component\HttpFoundation\Request::HEADER_X_FORWARDED_PROTO | \Symfony\Component\HttpFoundation\Request::HEADER_FORWARDED; + + +/** + * Page caching: + * + * By default, Drupal sends a "Vary: Cookie" HTTP header for anonymous page + * views. This tells a HTTP proxy that it may return a page from its local + * cache without contacting the web server, if the user sends the same Cookie + * header as the user who originally requested the cached page. Without "Vary: + * Cookie", authenticated users would also be served the anonymous page from + * the cache. If the site has mostly anonymous users except a few known + * editors/administrators, the Vary header can be omitted. This allows for + * better caching in HTTP proxies (including reverse proxies), i.e. even if + * clients send different cookies, they still get content served from the cache. + * However, authenticated users should access the site directly (i.e. not use an + * HTTP proxy, and bypass the reverse proxy if one is used) in order to avoid + * getting cached pages from the proxy. + */ +# $settings['omit_vary_cookie'] = TRUE; + + +/** + * Cache TTL for client error (4xx) responses. + * + * Items cached per-URL tend to result in a large number of cache items, and + * this can be problematic on 404 pages which by their nature are unbounded. A + * fixed TTL can be set for these items, defaulting to one hour, so that cache + * backends which do not support LRU can purge older entries. To disable caching + * of client error responses set the value to 0. Currently applies only to + * page_cache module. + */ +# $settings['cache_ttl_4xx'] = 3600; + +/** + * Expiration of cached forms. + * + * Drupal's Form API stores details of forms in a cache and these entries are + * kept for at least 6 hours by default. Expired entries are cleared by cron. + * + * @see \Drupal\Core\Form\FormCache::setCache() + */ +# $settings['form_cache_expiration'] = 21600; + +/** + * Class Loader. + * + * If the APCu extension is detected, the classloader will be optimized to use + * it. Set to FALSE to disable this. + * + * @see https://getcomposer.org/doc/articles/autoloader-optimization.md + */ +# $settings['class_loader_auto_detect'] = FALSE; + +/** + * Authorized file system operations: + * + * The Update Manager module included with Drupal provides a mechanism for + * site administrators to securely install missing updates for the site + * directly through the web user interface. On securely-configured servers, + * the Update manager will require the administrator to provide SSH or FTP + * credentials before allowing the installation to proceed; this allows the + * site to update the new files as the user who owns all the Drupal files, + * instead of as the user the webserver is running as. On servers where the + * webserver user is itself the owner of the Drupal files, the administrator + * will not be prompted for SSH or FTP credentials (note that these server + * setups are common on shared hosting, but are inherently insecure). + * + * Some sites might wish to disable the above functionality, and only update + * the code directly via SSH or FTP themselves. This setting completely + * disables all functionality related to these authorized file operations. + * + * @see https://www.drupal.org/node/244924 + * + * Remove the leading hash signs to disable. + */ +# $settings['allow_authorize_operations'] = FALSE; + +/** + * Default mode for directories and files written by Drupal. + * + * Value should be in PHP Octal Notation, with leading zero. + */ +# $settings['file_chmod_directory'] = 0775; +# $settings['file_chmod_file'] = 0664; + +/** + * Public file base URL: + * + * An alternative base URL to be used for serving public files. This must + * include any leading directory path. + * + * A different value from the domain used by Drupal to be used for accessing + * public files. This can be used for a simple CDN integration, or to improve + * security by serving user-uploaded files from a different domain or subdomain + * pointing to the same server. Do not include a trailing slash. + */ +# $settings['file_public_base_url'] = 'http://downloads.example.com/files'; + +/** + * Public file path: + * + * A local file system path where public files will be stored. This directory + * must exist and be writable by Drupal. This directory must be relative to + * the Drupal installation directory and be accessible over the web. + */ +# $settings['file_public_path'] = 'sites/default/files'; + +/** + * Additional public file schemes: + * + * Public schemes are URI schemes that allow download access to all users for + * all files within that scheme. + * + * The "public" scheme is always public, and the "private" scheme is always + * private, but other schemes, such as "https", "s3", "example", or others, + * can be either public or private depending on the site. By default, they're + * private, and access to individual files is controlled via + * hook_file_download(). + * + * Typically, if a scheme should be public, a module makes it public by + * implementing hook_file_download(), and granting access to all users for all + * files. This could be either the same module that provides the stream wrapper + * for the scheme, or a different module that decides to make the scheme + * public. However, in cases where a site needs to make a scheme public, but + * is unable to add code in a module to do so, the scheme may be added to this + * variable, the result of which is that system_file_download() grants public + * access to all files within that scheme. + */ +# $settings['file_additional_public_schemes'] = ['example']; + +/** + * File schemes whose paths should not be normalized: + * + * Normally, Drupal normalizes '/./' and '/../' segments in file URIs in order + * to prevent unintended file access. For example, 'private://css/../image.png' + * is normalized to 'private://image.png' before checking access to the file. + * + * On Windows, Drupal also replaces '\' with '/' in URIs for the local + * filesystem. + * + * If file URIs with one or more scheme should not be normalized like this, then + * list the schemes here. For example, if 'porcelain://china/./plate.png' should + * not be normalized to 'porcelain://china/plate.png', then add 'porcelain' to + * this array. In this case, make sure that the module providing the 'porcelain' + * scheme does not allow unintended file access when using '/../' to move up the + * directory tree. + */ +# $settings['file_sa_core_2023_005_schemes'] = ['porcelain']; + +/** + * Private file path: + * + * A local file system path where private files will be stored. This directory + * must be absolute, outside of the Drupal installation directory and not + * accessible over the web. + * + * Note: Caches need to be cleared when this value is changed to make the + * private:// stream wrapper available to the system. + * + * See https://www.drupal.org/documentation/modules/file for more information + * about securing private files. + */ +# $settings['file_private_path'] = ''; + +/** + * Temporary file path: + * + * A local file system path where temporary files will be stored. This directory + * must be absolute, outside of the Drupal installation directory and not + * accessible over the web. + * + * If this is not set, the default for the operating system will be used. + * + * @see \Drupal\Component\FileSystem\FileSystem::getOsTemporaryDirectory() + */ +# $settings['file_temp_path'] = '/tmp'; + +/** + * Session write interval: + * + * Set the minimum interval between each session write to database. + * For performance reasons it defaults to 180. + */ +# $settings['session_write_interval'] = 180; + +/** + * String overrides: + * + * To override specific strings on your site with or without enabling the Locale + * module, add an entry to this list. This functionality allows you to change + * a small number of your site's default English language interface strings. + * + * Remove the leading hash signs to enable. + * + * The "en" part of the variable name, is dynamic and can be any langcode of + * any added language. (eg locale_custom_strings_de for german). + */ +# $settings['locale_custom_strings_en'][''] = [ +# 'forum' => 'Discussion board', +# '@count min' => '@count minutes', +# ]; + +/** + * A custom theme for the offline page: + * + * This applies when the site is explicitly set to maintenance mode through the + * administration page or when the database is inactive due to an error. + * The template file should also be copied into the theme. It is located inside + * 'core/modules/system/templates/maintenance-page.html.twig'. + * + * Note: This setting does not apply to installation and update pages. + */ +# $settings['maintenance_theme'] = 'claro'; + +/** + * PHP settings: + * + * To see what PHP settings are possible, including whether they can be set at + * runtime (by using ini_set()), read the PHP documentation: + * http://php.net/manual/ini.list.php + * See \Drupal\Core\DrupalKernel::bootEnvironment() for required runtime + * settings and the .htaccess file for non-runtime settings. + * Settings defined there should not be duplicated here so as to avoid conflict + * issues. + */ + +/** + * If you encounter a situation where users post a large amount of text, and + * the result is stripped out upon viewing but can still be edited, Drupal's + * output filter may not have sufficient memory to process it. If you + * experience this issue, you may wish to uncomment the following two lines + * and increase the limits of these variables. For more information, see + * http://php.net/manual/pcre.configuration.php. + */ +# ini_set('pcre.backtrack_limit', 200000); +# ini_set('pcre.recursion_limit', 200000); + +/** + * Configuration overrides. + * + * To globally override specific configuration values for this site, + * set them here. You usually don't need to use this feature. This is + * useful in a configuration file for a vhost or directory, rather than + * the default settings.php. + * + * Note that any values you provide in these variable overrides will not be + * viewable from the Drupal administration interface. The administration + * interface displays the values stored in configuration so that you can stage + * changes to other environments that don't have the overrides. + * + * There are particular configuration values that are risky to override. For + * example, overriding the list of installed modules in 'core.extension' is not + * supported as module install or uninstall has not occurred. Other examples + * include field storage configuration, because it has effects on database + * structure, and 'core.menu.static_menu_link_overrides' since this is cached in + * a way that is not config override aware. Also, note that changing + * configuration values in settings.php will not fire any of the configuration + * change events. + */ +# $config['system.site']['name'] = 'My Drupal site'; +# $config['user.settings']['anonymous'] = 'Visitor'; + +/** + * Load services definition file. + */ +$settings['container_yamls'][] = $app_root . '/' . $site_path . '/services.yml'; + +/** + * Override the default service container class. + * + * This is useful for example to trace the service container for performance + * tracking purposes, for testing a service container with an error condition or + * to test a service container that throws an exception. + */ +# $settings['container_base_class'] = '\Drupal\Core\DependencyInjection\Container'; + +/** + * Override the default yaml parser class. + * + * Provide a fully qualified class name here if you would like to provide an + * alternate implementation YAML parser. The class must implement the + * \Drupal\Component\Serialization\SerializationInterface interface. + */ +# $settings['yaml_parser_class'] = NULL; + +/** + * Trusted host configuration. + * + * Drupal core can use the Symfony trusted host mechanism to prevent HTTP Host + * header spoofing. + * + * To enable the trusted host mechanism, you enable your allowable hosts + * in $settings['trusted_host_patterns']. This should be an array of regular + * expression patterns, without delimiters, representing the hosts you would + * like to allow. + * + * For example: + * @code + * $settings['trusted_host_patterns'] = [ + * '^www\.example\.com$', + * ]; + * @endcode + * will allow the site to only run from www.example.com. + * + * If you are running multisite, or if you are running your site from + * different domain names (eg, you don't redirect http://www.example.com to + * http://example.com), you should specify all of the host patterns that are + * allowed by your site. + * + * For example: + * @code + * $settings['trusted_host_patterns'] = [ + * '^example\.com$', + * '^.+\.example\.com$', + * '^example\.org$', + * '^.+\.example\.org$', + * ]; + * @endcode + * will allow the site to run off of all variants of example.com and + * example.org, with all subdomains included. + * + * @see https://www.drupal.org/docs/installing-drupal/trusted-host-settings + */ + +/** + * The default list of directories that will be ignored by Drupal's file API. + * + * By default ignore node_modules and bower_components folders to avoid issues + * with common frontend tools and recursive scanning of directories looking for + * extensions. + * + * @see \Drupal\Core\File\FileSystemInterface::scanDirectory() + * @see \Drupal\Core\Extension\ExtensionDiscovery::scanDirectory() + */ +$settings['file_scan_ignore_directories'] = [ + 'node_modules', + 'bower_components', +]; + +/** + * The default number of entities to update in a batch process. + * + * This is used by update and post-update functions that need to go through and + * change all the entities on a site, so it is useful to increase this number + * if your hosting configuration (i.e. RAM allocation, CPU speed) allows for a + * larger number of entities to be processed in a single batch run. + */ +$settings['entity_update_batch_size'] = 50; + +/** + * Entity update backup. + * + * This is used to inform the entity storage handler that the backup tables as + * well as the original entity type and field storage definitions should be + * retained after a successful entity update process. + */ +$settings['entity_update_backup'] = TRUE; + +/** + * Node migration type. + * + * This is used to force the migration system to use the classic node migrations + * instead of the default complete node migrations. The migration system will + * use the classic node migration only if there are existing migrate_map tables + * for the classic node migrations and they contain data. These tables may not + * exist if you are developing custom migrations and do not want to use the + * complete node migrations. Set this to TRUE to force the use of the classic + * node migrations. + */ +$settings['migrate_node_migrate_type_classic'] = FALSE; + +/** + * The default settings for migration sources. + * + * These settings are used as the default settings on the Credential form at + * /upgrade/credentials. + * + * - migrate_source_version - The version of the source database. This can be + * '6' or '7'. Defaults to '7'. + * - migrate_source_connection - The key in the $databases array for the source + * site. + * - migrate_file_public_path - The location of the source Drupal 6 or Drupal 7 + * public files. This can be a local file directory containing the source + * Drupal 6 or Drupal 7 site (e.g /var/www/docroot), or the site address + * (e.g http://example.com). + * - migrate_file_private_path - The location of the source Drupal 7 private + * files. This can be a local file directory containing the source Drupal 7 + * site (e.g /var/www/docroot), or empty to use the same value as Public + * files directory. + * + * Sample configuration for a drupal 6 source site with the source files in a + * local directory. + * + * @code + * $settings['migrate_source_version'] = '6'; + * $settings['migrate_source_connection'] = 'migrate'; + * $settings['migrate_file_public_path'] = '/var/www/drupal6'; + * @endcode + * + * Sample configuration for a drupal 7 source site with public source files on + * the source site and the private files in a local directory. + * + * @code + * $settings['migrate_source_version'] = '7'; + * $settings['migrate_source_connection'] = 'migrate'; + * $settings['migrate_file_public_path'] = 'https://drupal7.com'; + * $settings['migrate_file_private_path'] = '/var/www/drupal7'; + * @endcode + */ +# $settings['migrate_source_connection'] = ''; +# $settings['migrate_source_version'] = ''; +# $settings['migrate_file_public_path'] = ''; +# $settings['migrate_file_private_path'] = ''; + +/** + * Load local development override configuration, if available. + * + * Create a settings.local.php file to override variables on secondary (staging, + * development, etc.) installations of this site. + * + * Typical uses of settings.local.php include: + * - Disabling caching. + * - Disabling JavaScript/CSS compression. + * - Rerouting outgoing emails. + * + * Keep this code block at the end of this file to take full effect. + */ +# +# if (file_exists($app_root . '/' . $site_path . '/settings.local.php')) { +# include $app_root . '/' . $site_path . '/settings.local.php'; +# } +$databases['default']['default'] = array ( + 'database' => '', + 'username' => '', + 'password' => '', + 'prefix' => '', + 'host' => 'postgres', + 'port' => '5432', + 'namespace' => 'Drupal\\pgsql\\Driver\\Database\\pgsql', + 'driver' => 'pgsql', + 'autoload' => 'core/modules/pgsql/src/Driver/Database/pgsql/', +); + +$settings['config_sync_directory'] = 'sites/default/files/drupal_sync'; + +$config['system.logging']['error_level'] = 'verbose'; \ No newline at end of file diff --git a/drupal_context/iipsrv.conf b/drupal_context/iipsrv.conf new file mode 100644 index 0000000..e1359a9 --- /dev/null +++ b/drupal_context/iipsrv.conf @@ -0,0 +1,23 @@ + + ScriptAlias /fcgi-bin/ "/fcgi-bin/" + + Options None + Require all granted + + AddHandler fcgid-script .fcgi + + + # Set our environment variables for the IIP server + FcgidInitialEnv VERBOSITY "1" + FcgidInitialEnv LOGFILE "/var/log/iipsrv.log" + FcgidInitialEnv MAX_IMAGE_CACHE_SIZE "10" + FcgidInitialEnv JPEG_QUALITY "90" + FcgidInitialEnv MAX_CVT "5000" + FcgidInitialEnv MEMCACHED_SERVERS "localhost" + + # Define the idle timeout as unlimited and the number of + # processes we want + FcgidConnectTimeout 20 + FcgidIdleTimeout 0 + FcgidMaxProcessesPerClass 1 + diff --git a/nginx_context/.example-htpasswd b/nginx_context/.example-htpasswd new file mode 100644 index 0000000..48a34cb --- /dev/null +++ b/nginx_context/.example-htpasswd @@ -0,0 +1 @@ +USERNAME:PASSWORD diff --git a/nginx-conf/nginx.conf b/nginx_context/server_conf/nginx.conf similarity index 98% rename from nginx-conf/nginx.conf rename to nginx_context/server_conf/nginx.conf index 238d1f8..7eebc69 100644 --- a/nginx-conf/nginx.conf +++ b/nginx_context/server_conf/nginx.conf @@ -20,7 +20,7 @@ server { listen 80; listen [::]:80; - server_name devel.local; + server_name drupal.local; index index.php index.html index.htm; @@ -93,4 +93,3 @@ server { } } - diff --git a/postgres_context/Dockerfile b/postgres_context/Dockerfile new file mode 100644 index 0000000..92eac04 --- /dev/null +++ b/postgres_context/Dockerfile @@ -0,0 +1,7 @@ +FROM postgres:alpine + +# Copy in the extensions script +COPY extensions.sh /docker-entrypoint-initdb.d/ + +# Set permissions +RUN chmod 755 /docker-entrypoint-initdb.d/extensions.sh diff --git a/postgres_context/extensions.sh b/postgres_context/extensions.sh new file mode 100644 index 0000000..8214f1c --- /dev/null +++ b/postgres_context/extensions.sh @@ -0,0 +1,6 @@ +#!/bin/sh + +psql -v ON_ERROR_STOP=1 --username "$POSTGRES_USER" --dbname "$POSTGRES_DB" <<-EOSQL +create extension pg_trgm; +select * FROM pg_extension; +EOSQL \ No newline at end of file diff --git a/prepare_volumes.sh b/prepare_volumes.sh deleted file mode 100755 index 95774c4..0000000 --- a/prepare_volumes.sh +++ /dev/null @@ -1,5 +0,0 @@ -#!/bin/bash - -mkdir -p ./drupal-data - -printf "\nDRUPAL_DATA = ${PWD}/drupal-data" >> ./.env \ No newline at end of file