env can modify size and time of uploads
This commit is contained in:
lenovo
@@ -1,45 +1,35 @@
|
||||
# debian (~ 180s) --------------------------------------------
|
||||
|
||||
# FROM debian:buster
|
||||
#
|
||||
# # vim for debug
|
||||
# RUN apt update && apt install -y \
|
||||
# nginx openssl \
|
||||
# vim \
|
||||
# && \
|
||||
# rm -rf /var/lib/apt/lists/*
|
||||
#
|
||||
# # nginx conf
|
||||
# COPY ./conf/nginx.conf.debian /etc/nginx/nginx.conf
|
||||
# COPY ./conf/inception_nginx.conf /etc/nginx/conf.d/
|
||||
FROM alpine:3.15
|
||||
|
||||
# alpine (~ 45s) ---------------------------------------------
|
||||
# vim and bash for debug
|
||||
RUN apk update && apk add \
|
||||
nginx openssl \
|
||||
vim bash \
|
||||
&& \
|
||||
rm -rf /var/cache/apk*
|
||||
|
||||
FROM alpine:3.15
|
||||
# nginx conf
|
||||
COPY ./conf/nginx.conf.alpine /etc/nginx/nginx.conf
|
||||
COPY ./conf/inception_nginx.conf /etc/nginx/http.d/
|
||||
|
||||
# vim and bash for debug
|
||||
RUN apk update && apk add \
|
||||
nginx openssl \
|
||||
vim bash \
|
||||
&& \
|
||||
rm -rf /var/cache/apk*
|
||||
# create user www-data and assign it to group www-data
|
||||
RUN adduser -S www-data && \
|
||||
adduser www-data www-data
|
||||
|
||||
# nginx conf
|
||||
COPY ./conf/nginx.conf.alpine /etc/nginx/nginx.conf
|
||||
COPY ./conf/inception_nginx.conf /etc/nginx/http.d/
|
||||
RUN mkdir -p /var/www/html
|
||||
|
||||
# create user www-data and assign it to group www-data
|
||||
RUN adduser -S www-data && \
|
||||
adduser www-data www-data
|
||||
|
||||
RUN mkdir -p /var/www/html
|
||||
|
||||
# common -----------------------------------------------------
|
||||
ARG WP_URL
|
||||
ARG MAX_UPLOAD_SIZE
|
||||
|
||||
# replace WP_URL
|
||||
ARG WP_URL
|
||||
RUN sed -i "s/\${WP_URL}/${WP_URL}/g" /etc/nginx/http.d/inception_nginx.conf
|
||||
|
||||
# replace max file size upload
|
||||
RUN sed -i "s/\(client_max_body_size \).*\(m;\)/\1${MAX_UPLOAD_SIZE}\2/g" /etc/nginx/nginx.conf
|
||||
|
||||
# empty /var/www/html folder to avoid it to rewrite volume
|
||||
#RUN rm -rf /var/www/html/*
|
||||
|
||||
# personalized index.html
|
||||
COPY ./conf/index.html /data/www/
|
||||
|
||||
@@ -52,36 +42,3 @@ RUN openssl req -newkey rsa:2048 -nodes -x509 -days 365 \
|
||||
|
||||
ENTRYPOINT [ "nginx", "-g", "daemon off;" ]
|
||||
|
||||
|
||||
#
|
||||
# -g 'daemon off' :
|
||||
# daemon off, to avoid the main process of nginx to quit after creating its childs, and therefore make docker exit
|
||||
# https://stackoverflow.com/questions/18861300/how-to-run-nginx-within-a-docker-container-without-halting
|
||||
#
|
||||
# ssl certificate :
|
||||
# openssl faq : https://www.openssl.org/docs/faq.html
|
||||
# openssl req : create ertificate request, and optionally create self signed certificates
|
||||
# openssl req man : https://www.openssl.org/docs/man1.0.2/man1/openssl-req.html
|
||||
# exemple of openssl with nginx on docker : https://www.johnmackenzie.co.uk/posts/using-self-signed-ssl-certificates-with-docker-and-nginx/
|
||||
#
|
||||
# usually the steps are :
|
||||
# - create a server private key : `openssl genrsa -out server.key 2048`
|
||||
# - create a CSR (certificate signing request) with the key : `openssl req -new -key server.key -out www.exemple.com.csr`
|
||||
# - it will ask for :
|
||||
# - Country Name (2 letter code)
|
||||
# - State or Province Name (full name)
|
||||
# - Locality Name (eg, city)
|
||||
# - Organization Name (eg, company)
|
||||
# - Organizational Unit Name (eg, section)
|
||||
# - Common Name (eg, fully qualified host name)
|
||||
# - Email Address (put nothing)
|
||||
# - now ask to a CA (certificate authority) for a certificate.crt by giving them your request.csr
|
||||
#
|
||||
# alternatively we can generate our self-signed certificate with the `openssl req` command :
|
||||
# - `x509` option is used to output a certificate instead of a certificate request
|
||||
# - a request is created from scratch, if it is not given with `-in`
|
||||
# - `newkey` generate a new private key, unless `-key` is given
|
||||
# - `nodes` create a private key without encryption (no passphrase needed)
|
||||
#
|
||||
# SO discussion about becomming a real CA to have a certificate that works in deployement : https://stackoverflow.com/questions/10175812/how-to-generate-a-self-signed-ssl-certificate-using-openssl
|
||||
#
|
||||
|
||||
@@ -8,10 +8,6 @@
|
||||
#
|
||||
# < ssl_protocols TLSv1.2 TLSv1.3;
|
||||
# > ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3;
|
||||
#
|
||||
# http :
|
||||
# < client_max_body_size 640m;
|
||||
# > client_max_body_size 1m;
|
||||
|
||||
# /etc/nginx/nginx.conf
|
||||
|
||||
@@ -55,7 +51,7 @@ http {
|
||||
# indicated by the request header Content-Length. If the stated content
|
||||
# length is greater than this size, then the client receives the HTTP
|
||||
# error code 413. Set to 0 to disable. Default is '1m'.
|
||||
client_max_body_size 640m;
|
||||
client_max_body_size 1m;
|
||||
|
||||
# Sendfile copies data between one FD and other from within the kernel,
|
||||
# which is more efficient than read() + write(). Default is off.
|
||||
|
||||
Reference in New Issue
Block a user