From 1e3d9aec30101ff51014d2f1e60dfe3609ccda42 Mon Sep 17 00:00:00 2001
From: hugo gogo <me@tmp.com>
Date: Sat, 17 Sep 2022 19:39:49 +0200
Subject: [PATCH]   nginx cleaned and works with alpine (45s instead of 180s, 4
 times faster + in Makefile resolved super-clean rule + wordpress and mariadb
 pbm connections

---
 Makefile                                      |  21 ++--
 README.md                                     |   3 +
 srcs/requirements/nginx/Dockerfile            |  48 ++++++--
 .../nginx/conf/inception_nginx.conf           |  16 ++-
 .../requirements/nginx/conf/nginx_alpine.conf | 103 ++++++++++++++++++
 .../conf/{nginx.conf => nginx_debian.conf}    |  11 ++
 6 files changed, 172 insertions(+), 30 deletions(-)
 create mode 100644 srcs/requirements/nginx/conf/nginx_alpine.conf
 rename srcs/requirements/nginx/conf/{nginx.conf => nginx_debian.conf} (93%)

diff --git a/Makefile b/Makefile
index cb274ad..a969dd3 100644
--- a/Makefile
+++ b/Makefile
@@ -22,23 +22,26 @@ RESET    = "\e[0m"
 # - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - #
 # - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - #
 
-COMPOSE		=	./srcs/docker-compose.yml
+COMPOSE		 =	./srcs/docker-compose.yml
 
-IMAGES		=	nginx \
+IMAGES		 =	nginx \
 				mariadb \
 				wordpress
 
-HOME_D		=	$(shell echo $(HOME))
+HOME_D		 =	$(shell echo $(HOME))
 
-VOLUMES_D	=	$(VOLUMES:%=$(HOME_D)/%)
-VOLUMES		=	v_wp_site \
+VOLUMES_D	 =	$(VOLUMES:%=$(HOME_D)/%)
+VOLUMES		 =	v_wp_site \
 				v_wp_db
 
-CONTAINERS	=	$(IMAGES:%=my%)
+CONTAINERS	 =	$(IMAGES:%=my%)
 
-CONT		=	mytest
+CONT		 =	mytest
 
-SUDO		=
+SUDO		 =
+
+# for rule super-clean, see : https://stackoverflow.com/questions/10024279/how-to-use-shell-commands-in-makefile
+STOP		 =	$(shell $(SUDO) docker ps -q)
 
 
 # - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - #
@@ -95,7 +98,7 @@ fclean: rm-images clean rm-volumes
 
 # remove all dockers, even not related to the project
 super-clean:
-	- $(SUDO) docker stop $(sudo docker ps -q)
+	- $(SUDO) docker stop $(STOP)
 	$(SUDO) docker system prune -af --volumes
 	/bin/rm -rf $(VOLUMES_D)
 
diff --git a/README.md b/README.md
index 933ef29..1f4e2fb 100644
--- a/README.md
+++ b/README.md
@@ -14,6 +14,9 @@
 
 ---
 ## git next commit
+- nginx cleaned and works with alpine (45s instead of 180s, 4 times faster)
+- in Makefile resolved super-clean rule
+- wordpress and mariadb pbm connections
 
 ---
 ## questions
diff --git a/srcs/requirements/nginx/Dockerfile b/srcs/requirements/nginx/Dockerfile
index c2f47cd..fe87f93 100644
--- a/srcs/requirements/nginx/Dockerfile
+++ b/srcs/requirements/nginx/Dockerfile
@@ -1,19 +1,43 @@
-FROM debian:buster
+# debian (~ 180s) --------------------------------------------
 
-RUN apt update && apt install -y \
-	nginx openssl
-RUN rm -rf /var/lib/apt/lists/*
+#	FROM debian:buster
+#
+#	# vim for debug
+#	RUN apt update && apt install -y \
+#		nginx openssl \
+#		vim \
+#		&& \
+#		rm -rf /var/lib/apt/lists/*
+#
+#	# nginx conf
+#	COPY ./conf/nginx_debian.conf /etc/nginx/nginx.conf
+
+# alpine (~ 45s) ---------------------------------------------
+
+	FROM alpine:3.15
+
+	# vim and bash for debug
+	RUN apk update && apk add \
+		nginx openssl \
+		vim bash \
+		&& \
+		rm -rf /var/cache/apk*
+
+	# nginx conf
+	COPY ./conf/nginx_alpine.conf /etc/nginx/nginx.conf
+
+# common -----------------------------------------------------
+
+# inception conf & personalized index.html
+COPY ./conf/inception_nginx.conf /etc/nginx/conf.d/
+COPY ./conf/index.html /data/www/
 
 # create ssl certificate
+RUN mkdir -p /etc/ssl/private /etc/ssl/certs
 RUN openssl req -newkey rsa:2048 -nodes -x509 -days 365 \
-	-keyout /etc/ssl/private/hulamy.42.fr.key -out /etc/ssl/certs/hulamy.42.fr.crt \
-	-subj "/C=fr/ST=ile-de-france/L=paris/O=42/OU=inception/CN=hulamy.42.fr"
-
-# import sites conf files
-COPY ./conf/nginx.conf /etc/nginx/
-COPY ./conf/inception_nginx.conf /etc/nginx/conf.d/
-
-COPY ./conf/index.html /data/www/
+	-subj "/C=fr/ST=ile-de-france/L=paris/O=42/OU=inception/CN=hulamy.42.fr" \
+	-keyout /etc/ssl/private/hulamy.42.fr.key \
+	-out /etc/ssl/certs/hulamy.42.fr.crt
 
 ENTRYPOINT [ "nginx", "-g", "daemon off;" ]
 
diff --git a/srcs/requirements/nginx/conf/inception_nginx.conf b/srcs/requirements/nginx/conf/inception_nginx.conf
index 9a91f86..2d7de8b 100644
--- a/srcs/requirements/nginx/conf/inception_nginx.conf
+++ b/srcs/requirements/nginx/conf/inception_nginx.conf
@@ -17,15 +17,13 @@ server {
 
 	# pass PHP scripts to FastCGI (PHP-FPM) server
 	location ~ \.php$ {
-		fastcgi_pass	wordpress:9000;
+		try_files	$uri =404;
+		include		fastcgi_params;
+		include		/etc/nginx/fastcgi.conf;
 
-		fastcgi_split_path_info ^(.+\.php)(/.+)$;
-		try_files		$uri =404;
-
-		include			fastcgi_params;
-		fastcgi_param	SCRIPT_FILENAME $document_root$fastcgi_script_name;
-
-		include			/etc/nginx/fastcgi.conf;
-		fastcgi_index	index.php;
+		fastcgi_split_path_info	^(.+\.php)(/.+)$;
+		fastcgi_index			index.php;
+		fastcgi_param			SCRIPT_FILENAME $document_root$fastcgi_script_name;
+	#	fastcgi_pass			wordpress:9000;
 	}
 }
diff --git a/srcs/requirements/nginx/conf/nginx_alpine.conf b/srcs/requirements/nginx/conf/nginx_alpine.conf
new file mode 100644
index 0000000..58765cd
--- /dev/null
+++ b/srcs/requirements/nginx/conf/nginx_alpine.conf
@@ -0,0 +1,103 @@
+# /etc/nginx/nginx.conf
+
+user nginx;
+
+# Set number of worker processes automatically based on number of CPU cores.
+worker_processes auto;
+
+# Enables the use of JIT for regular expressions to speed-up their processing.
+pcre_jit on;
+
+# Configures default error logger.
+error_log /var/log/nginx/error.log warn;
+
+# Includes files with directives to load dynamic modules.
+include /etc/nginx/modules/*.conf;
+
+# Uncomment to include files with config snippets into the root context.
+# NOTE: This will be enabled by default in Alpine 3.15.
+#include /etc/nginx/conf.d/*.conf;
+
+events {
+	# The maximum number of simultaneous connections that can be opened by
+	# a worker process.
+	worker_connections 1024;
+}
+http {
+	# Includes mapping of file name extensions to MIME types of responses
+	# and defines the default type.
+	include /etc/nginx/mime.types;
+	default_type application/octet-stream;
+
+	# Name servers used to resolve names of upstream servers into addresses.
+	# It's also needed when using tcpsocket and udpsocket in Lua modules.
+	#resolver 1.1.1.1 1.0.0.1 2606:4700:4700::1111 2606:4700:4700::1001;
+
+	# Don't tell nginx version to the clients. Default is 'on'.
+	server_tokens off;
+
+	# Specifies the maximum accepted body size of a client request, as
+	# indicated by the request header Content-Length. If the stated content
+	# length is greater than this size, then the client receives the HTTP
+	# error code 413. Set to 0 to disable. Default is '1m'.
+	client_max_body_size 1m;
+
+	# Sendfile copies data between one FD and other from within the kernel,
+	# which is more efficient than read() + write(). Default is off.
+	sendfile on;
+
+	# Causes nginx to attempt to send its HTTP response head in one packet,
+	# instead of using partial frames. Default is 'off'.
+	tcp_nopush on;
+
+
+	# Enables the specified protocols. Default is TLSv1 TLSv1.1 TLSv1.2.
+	# TIP: If you're not obligated to support ancient clients, remove TLSv1.1.
+	ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3;
+
+	# Path of the file with Diffie-Hellman parameters for EDH ciphers.
+	# TIP: Generate with: `openssl dhparam -out /etc/ssl/nginx/dh2048.pem 2048`
+	#ssl_dhparam /etc/ssl/nginx/dh2048.pem;
+
+	# Specifies that our cipher suits should be preferred over client ciphers.
+	# Default is 'off'.
+	ssl_prefer_server_ciphers on;
+
+	# Enables a shared SSL cache with size that can hold around 8000 sessions.
+	# Default is 'none'.
+	ssl_session_cache shared:SSL:2m;
+
+	# Specifies a time during which a client may reuse the session parameters.
+	# Default is '5m'.
+	ssl_session_timeout 1h;
+
+	# Disable TLS session tickets (they are insecure). Default is 'on'.
+	ssl_session_tickets off;
+
+
+	# Enable gzipping of responses.
+	#gzip on;
+
+	# Set the Vary HTTP header as defined in the RFC 2616. Default is 'off'.
+	gzip_vary on;
+
+	# Helper variable for proxying websockets.
+	map $http_upgrade $connection_upgrade {
+		default upgrade;
+		'' close;
+	}
+
+	# Specifies the main log format.
+	log_format main '$remote_addr - $remote_user [$time_local] "$request" '
+					'$status $body_bytes_sent "$http_referer" '
+					'"$http_user_agent" "$http_x_forwarded_for"';
+
+	# Sets the path, format, and configuration for a buffered log write.
+	access_log /var/log/nginx/access.log main;
+
+	# Includes virtual hosts configs.
+	include /etc/nginx/http.d/*.conf;
+}
+
+# TIP: Uncomment if you use stream module.
+#include /etc/nginx/stream.conf;
diff --git a/srcs/requirements/nginx/conf/nginx.conf b/srcs/requirements/nginx/conf/nginx_debian.conf
similarity index 93%
rename from srcs/requirements/nginx/conf/nginx.conf
rename to srcs/requirements/nginx/conf/nginx_debian.conf
index 03eb7ed..c4c0837 100644
--- a/srcs/requirements/nginx/conf/nginx.conf
+++ b/srcs/requirements/nginx/conf/nginx_debian.conf
@@ -1,3 +1,14 @@
+# inception modifications :
+#
+# ssl_protocols :
+#   < ssl_protocols TLSv1.3; # Dropping SSLv3, ref: POODLE
+#   > ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE
+# gzip :
+#   < gzip off;
+#   > gzip on;
+# sites-enabled :
+#   < # include /etc/nginx/sites-enabled/*;
+#   > include /etc/nginx/sites-enabled/*;
 																			# doc : https://nginx.org/en/docs/dirindex.html
 
 user www-data;																# process owner name, can be anything