From dc73712554b2c73a1248982fbc868693e417b874 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Adam=20=C5=A0trauch?= Date: Sun, 2 Feb 2020 22:06:11 +0100 Subject: [PATCH] Initial commit --- .gitignore | 2 + Dockerfile | 101 ++++ Makefile | 17 + README.md | 53 ++ build_node.sh | 14 + build_php.sh | 69 +++ build_python.sh | 17 + etc/bash_profile | 3 + etc/bashrc/common.sh | 29 ++ etc/bashrc_local | 18 + etc/locale.gen | 2 + etc/nginx.conf | 84 ++++ etc/supervisord.conf | 32 ++ etc/vimrc | 26 + examples/cron/supervisor.conf | 11 + examples/default/index.html | 66 +++ examples/dropbear/supervisor.conf | 11 + examples/memcached/supervisor.conf | 11 + examples/nginx/default.conf | 10 + examples/nginx/nginx.conf | 13 + examples/nginx/supervisor.conf | 11 + examples/node/app.js | 81 +++ examples/node/package.json | 9 + examples/node/supervisor.conf | 14 + examples/php/index.php | 65 +++ examples/php/nginx.conf | 28 ++ examples/php/php-fpm.conf | 125 +++++ examples/php/php.ini | 10 + examples/php/pool_app.conf | 413 ++++++++++++++++ examples/php/supervisor.conf | 10 + examples/python/app.py | 95 ++++ examples/python/supervisor.conf | 9 + examples/redis/redis.conf | 761 +++++++++++++++++++++++++++++ examples/redis/supervisor.conf | 11 + rosti.sh | 205 ++++++++ scripts/enable_memcached.sh | 17 + scripts/enable_redis.sh | 21 + start.sh | 140 ++++++ tests.sh | 113 +++++ 39 files changed, 2727 insertions(+) create mode 100644 .gitignore create mode 100644 Dockerfile create mode 100644 Makefile create mode 100644 README.md create mode 100755 build_node.sh create mode 100755 build_php.sh create mode 100755 build_python.sh create mode 100644 etc/bash_profile create mode 100644 etc/bashrc/common.sh create mode 100644 etc/bashrc_local create mode 100644 etc/locale.gen create mode 100644 etc/nginx.conf create mode 100644 etc/supervisord.conf create mode 100644 etc/vimrc create mode 100644 examples/cron/supervisor.conf create mode 100644 examples/default/index.html create mode 100644 examples/dropbear/supervisor.conf create mode 100644 examples/memcached/supervisor.conf create mode 100644 examples/nginx/default.conf create mode 100644 examples/nginx/nginx.conf create mode 100644 examples/nginx/supervisor.conf create mode 100644 examples/node/app.js create mode 100644 examples/node/package.json create mode 100644 examples/node/supervisor.conf create mode 100644 examples/php/index.php create mode 100644 examples/php/nginx.conf create mode 100644 examples/php/php-fpm.conf create mode 100644 examples/php/php.ini create mode 100644 examples/php/pool_app.conf create mode 100644 examples/php/supervisor.conf create mode 100644 examples/python/app.py create mode 100644 examples/python/supervisor.conf create mode 100644 examples/redis/redis.conf create mode 100644 examples/redis/supervisor.conf create mode 100755 rosti.sh create mode 100644 scripts/enable_memcached.sh create mode 100644 scripts/enable_redis.sh create mode 100755 start.sh create mode 100755 tests.sh diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..e1f8820 --- /dev/null +++ b/.gitignore @@ -0,0 +1,2 @@ +.history/ +.vscode/ diff --git a/Dockerfile b/Dockerfile new file mode 100644 index 0000000..cf30668 --- /dev/null +++ b/Dockerfile @@ -0,0 +1,101 @@ +FROM debian:buster + +RUN DEBIAN_FRONTEND=noninteractive apt-get update +RUN DEBIAN_FRONTEND=noninteractive apt-get upgrade -y +RUN DEBIAN_FRONTEND=noninteractive apt-get install -y locales libffi-dev \ +libssl-dev default-libmysqlclient-dev ca-certificates libpq-dev libjpeg62 libjpeg-dev \ +libpng-dev libpng-dev build-essential git mercurial build-essential \ +libbz2-dev libsqlite3-dev libreadline-dev zlib1g-dev libncurses5-dev \ +libssl-dev libgdbm-dev cron git mercurial subversion vim nano mc htop procps \ +subversion dropbear gettext wget redis-server memcached supervisor curl ssh \ +mariadb-client postgresql-client bind9-host dnsutils nginx \ +libxml2-dev libxslt1-dev openssh-sftp-server links2 lynx \ +imagemagick libmagickwand-dev ncdu \ +libcurl4-openssl-dev python3 python3-pip python3-virtualenv \ +libcurl4-openssl-dev python-dev libproj-dev gdal-bin libmemcached-dev swig mutt \ +imagemagick ffmpeg libyaml-dev libc-client2007e-dev libonig-dev libkrb5-dev dialog \ +whiptail tmux + +WORKDIR /srv + +RUN useradd -d /srv app -s /bin/bash +RUN usermod -G crontab -a app +RUN rm /etc/localtime +RUN ln -s /usr/share/zoneinfo/Europe/Prague /etc/localtime + +ADD /etc/locale.gen /etc/ +RUN locale-gen +ENV LANG en_US.UTF-8 +ENV LC_ALL en_US.UTF-8 + +ENV TERM xterm + +############# +# Techs +############# + +## Node.js + +WORKDIR /usr/src +ADD build_node.sh /usr/local/bin/build_node.sh +# 2020/01 +RUN build_node.sh 13.7.0 +# 2020/01 +RUN build_node.sh 12.14.1 + +## Python + +WORKDIR /usr/src +ADD build_python.sh /usr/local/bin/build_python.sh +# 2020/01 +RUN build_python.sh 3.8.1 + +## PHP + +WORKDIR /usr/src +ADD build_php.sh /usr/local/bin/build_php.sh +# 2020/01 +RUN build_php.sh 7.4.2 + +## Roští script + +ADD rosti.sh /usr/local/bin/rosti + +############# + +## Support tools and miscellaneous stuff + +ADD /start.sh /start.sh +RUN chmod 755 /start.sh + +RUN rm -f /etc/cron.d/* /etc/cron.daily/* /etc/cron.hourly/* /etc/cron.monthly/* /etc/cron.weekly/* + +ADD /scripts/enable_redis.sh /usr/local/bin/enable-redis +ADD /scripts/enable_memcached.sh /usr/local/bin/enable-memcached +RUN chmod 755 /usr/local/bin/* + +ADD /etc/supervisord.conf /etc/supervisor/supervisord.conf +ADD /examples /opt/examples +ADD /etc/bashrc_local /opt/etc/bashrc_local +ADD /etc/bash_profile /opt/etc/bash_profile +ADD /etc/vimrc /opt/etc/vimrc +RUN mkdir -p /opt/etc/bashrc +RUN mkdir -p /opt/etc/appinit +ADD /etc/bashrc/common.sh /opt/etc/bashrc/ +ADD /etc/nginx.conf /etc/nginx/nginx.conf + +RUN rmdir /var/lib/nginx +RUN ln -s /srv/var/nginx /var/lib/nginx +RUN chown app:app /var/log/nginx -R + +RUN chown app:app /home -R + +## Cleaning +RUN apt-get clean && rm -rf /usr/src/* + + +VOLUME /srv +WORKDIR /srv +EXPOSE 8000 22 + +ENTRYPOINT ["/start.sh"] diff --git a/Makefile b/Makefile new file mode 100644 index 0000000..9b82291 --- /dev/null +++ b/Makefile @@ -0,0 +1,17 @@ +DOCKER=docker +VERSION=2020.01-beta-1 + +all: build + +build: + $(DOCKER) build -t rosti/runtime:dev . + +test: build + DOCKER=$(DOCKER) ./tests.sh + +squashed: + $(DOCKER) build --squash -t rosti/runtime:dev-squashed . + +push: squashed + $(DOCKER) tag rosti/runtime:dev-squashed rosti/runtime:$(VERSION) + $(DOCKER) push rosti/runtime:$(VERSION) diff --git a/README.md b/README.md new file mode 100644 index 0000000..465eb6c --- /dev/null +++ b/README.md @@ -0,0 +1,53 @@ +# Roští.cz Runtime + +Runtime image designed for our hosting service. It's designed for multiple versions of Node.js, PHP and Python interpreters. It runs SSH, cron daemon and supervisord as process manager. + +The goal of the image is to deliver versatile environment different kind of applications. + +* [Documentation (czech)](https://docs.rosti.cz/runtime/main/). + +The image is based on Debian 10 Buster and it's size is around 2.5 GB when it's squashed. + +** Supported languages ** + +* Python 3.8.1 +* Node.js 13.7.0 +* Node.js 12.14.1 +* PHP 7.4.2 + +** Additional tools ** + +* Memcached +* Redis +* crond +* Supervisord +* Nginx +* Dropbear + +## Test + +To run tests you can check integrated workflow, but all you need are those two commands: + + make test + +If you prefer Podman, use this command to build the image: + + make DOCKER=podman test + +This is useful in Fedora. + +## Additional info + +### Default user + +Image uses system user *app* to run the application code. + +### SSH password + +The image runs dropbear at start along crond and supervisord. If you want to set password for next start of the container, save it into this file: + + /srv/.rosti + +Dynamically it can be set like this: + + echo "app:PASSWORD" | chpasswd diff --git a/build_node.sh b/build_node.sh new file mode 100755 index 0000000..2664482 --- /dev/null +++ b/build_node.sh @@ -0,0 +1,14 @@ +#!/bin/bash + +set -e + +mkdir -p /opt/techs + +VERSION=$1 + +cd /usr/src + +wget http://nodejs.org/dist/v$VERSION/node-v$VERSION-linux-x64.tar.gz +tar xf node-v$VERSION-linux-x64.tar.gz +mv node-v$VERSION-linux-x64 /opt/techs/node-$VERSION +rm node-v$VERSION-linux-x64.tar.gz diff --git a/build_php.sh b/build_php.sh new file mode 100755 index 0000000..eb1283c --- /dev/null +++ b/build_php.sh @@ -0,0 +1,69 @@ +#!/bin/bash + +set -e + +VERSION=$1 + +mkdir -p /opt/techs + +cd /usr/src + +wget https://www.php.net/distributions/php-$VERSION.tar.bz2 +tar xf php-$VERSION.tar.bz2 +rm php-$VERSION.tar.bz2 + +test -e /usr/lib/x86_64-linux-gnu/libc-client.a || ln -s /usr/lib/libc-client.a /usr/lib/x86_64-linux-gnu/libc-client.a + +cd php-$VERSION +./configure --enable-fpm --with-mysqli --prefix=/opt/techs/php-$VERSION \ + --with-config-file-path=/opt/techs/php-$VERSION/etc \ + --with-config-file-scan-dir=/opt/techs/php-$VERSION/etc/conf.d/ \ + --sbindir=/opt/techs/php-$VERSION/bin \ + --with-pdo-pgsql \ + --with-zlib-dir \ + --with-freetype-dir \ + --enable-mbstring \ + --with-libxml-dir=/usr \ + --enable-soap \ + --enable-calendar \ + --with-curl \ + --with-mcrypt \ + --with-zlib \ + --with-gd \ + --with-pgsql \ + --disable-rpath \ + --enable-inline-optimization \ + --with-bz2 \ + --with-zlib \ + --enable-sockets \ + --enable-sysvsem \ + --enable-sysvshm \ + --enable-pcntl \ + --enable-mbregex \ + --enable-exif \ + --enable-bcmath \ + --with-mhash \ + --enable-zip \ + --with-pcre-regex \ + --with-mysql \ + --with-pdo-mysql \ + --with-jpeg-dir=/usr \ + --with-png-dir=/usr \ + --enable-gd-native-ttf \ + --with-openssl \ + --with-fpm-user=app\ + --with-fpm-group=app\ + --with-libdir=/lib/x86_64-linux-gnu \ + --enable-ftp \ + --with-gettext \ + --with-xmlrpc \ + --with-xsl \ + --enable-opcache \ + --with-imap \ + --with-imap-ssl \ + --with-kerberos +make -j +make install + +mkdir -p /opt/techs/php-$VERSION/etc/conf.d/ +ln -s /srv/conf/php-fpm/php.ini /opt/techs/php-$VERSION/etc/conf.d/app.ini diff --git a/build_python.sh b/build_python.sh new file mode 100755 index 0000000..92cc3c0 --- /dev/null +++ b/build_python.sh @@ -0,0 +1,17 @@ +#!/bin/sh + +set -e + +mkdir -p /opt/techs + +VERSION=$1 + +wget https://www.python.org/ftp/python/`echo $VERSION | sed s/[a-z][0-9]\$//`/Python-$VERSION.tar.xz +tar xf Python-$VERSION.tar.xz +cd /usr/src/Python-$VERSION +./configure --prefix=/opt/techs/python-$VERSION +make -j +make install + +test -e /opt/techs/python-$VERSION/bin/python || ln -s /opt/techs/python-$VERSION/bin/python3 /opt/techs/python-$VERSION/bin/python +test -e /opt/techs/python-$VERSION/bin/pip || ln -s /opt/techs/python-$VERSION/bin/pip3 /opt/techs/python-$VERSION/bin/pip diff --git a/etc/bash_profile b/etc/bash_profile new file mode 100644 index 0000000..1dc2a02 --- /dev/null +++ b/etc/bash_profile @@ -0,0 +1,3 @@ +if [ -f ~/.bashrc ]; then + source ~/.bashrc +fi diff --git a/etc/bashrc/common.sh b/etc/bashrc/common.sh new file mode 100644 index 0000000..81d66b3 --- /dev/null +++ b/etc/bashrc/common.sh @@ -0,0 +1,29 @@ +export PATH=$PATH:~/bin:/srv/.npm-packages/bin +export TERM=xterm + +# Use only if the shell is opened via SSH +if [ -n "$SSH_TTY" ]; then + GREEN="\e[32m" + YELLOW="\e[93m" + RED="\e[91m" + NC='\033[0m' + + echo "" + echo -e " >> ${GREEN}Before you start, check our documentation at ${YELLOW}https://docs.rosti.cz${NC}" + echo -e " >> ${GREEN}and if you encounter a problem let us know at ${YELLOW}podpora@rosti.cz${GREEN}.${NC}" + echo "" + + if [ ! -e /srv/app ]; then + echo "" + echo -e "${RED}WARNING: ${YELLOW}No technology (Python/Node/PHP/..) has been selected yet, please run command:" + echo "" + echo -e "${NC} rosti" + echo "" + echo -e "${RED}to fix it." + echo "" + fi + + if [ -e /srv/venv ]; then + . /srv/venv/bin/activate + fi +fi diff --git a/etc/bashrc_local b/etc/bashrc_local new file mode 100644 index 0000000..763973c --- /dev/null +++ b/etc/bashrc_local @@ -0,0 +1,18 @@ +export PATH=/srv/bin/primary_tech:/srv/bin/primary_tech/sbin:$PATH:/usr/sbin:/sbin + +# Use only if the shell is opened via SSH +if [ -n "$SSH_TTY" ]; then + export PS1="\[\033[38;5;2m\]\u@\[$(tput sgr0)\]\[\033[38;5;3m\]\h\[$(tput sgr0)\]\[\033[38;5;15m\] \[$(tput sgr0)\]\[$(tput sgr0)\]\[\033[38;5;67m\]\w\[$(tput sgr0)\]\[\033[38;5;15m\] \[$(tput sgr0)\]\[\033[38;5;40m\]\\$\[$(tput sgr0)\]\[\033[38;5;15m\] \[$(tput sgr0)\]" + + alias ll='ls -alh' + + if [ -e /opt/etc/bashrc/ ]; then + . /opt/etc/bashrc/* + fi +fi + +# Default path +cd /srv + +# DO NOT REWRITE ME +# This is information for initialization script. If it finds the line above, you can edit this file as you wish and changes remain diff --git a/etc/locale.gen b/etc/locale.gen new file mode 100644 index 0000000..a6f1c26 --- /dev/null +++ b/etc/locale.gen @@ -0,0 +1,2 @@ +en_US.UTF-8 UTF-8 +cs_CZ.UTF-8 UTF-8 diff --git a/etc/nginx.conf b/etc/nginx.conf new file mode 100644 index 0000000..29367c2 --- /dev/null +++ b/etc/nginx.conf @@ -0,0 +1,84 @@ +worker_processes 1; + +error_log stderr; + +pid /srv/run/nginx.pid; + + +events { + worker_connections 1024; +} + + +http { + include mime.types; + default_type application/octet-stream; + + access_log off; + + #log_format main '$remote_addr - $remote_user [$time_local] "$request" ' + # '$status $body_bytes_sent "$http_referer" ' + # '"$http_user_agent" "$http_x_forwarded_for"'; + + # spool uploads to disk instead of clobbering downstream servers + client_body_temp_path /srv/var/nginx/client-body 1 2; + client_max_body_size 2g; + client_body_buffer_size 128k; + + server_names_hash_max_size 4096; + server_names_hash_bucket_size 512; + + server_tokens off; + + sendfile on; + tcp_nopush on; + tcp_nodelay off; + + keepalive_timeout 5; + + ## Compression + gzip on; + gzip_http_version 1.0; + gzip_comp_level 2; + gzip_proxied any; + gzip_min_length 1100; + gzip_buffers 16 8k; + gzip_types text/xml text/plain text/css application/x-javascript application/xml application/xml+rss text/javascript application/json;#text/html + # Some version of IE 6 don't handle compression well on some mime-types, + # so just disable for them + gzip_disable "MSIE [1-6].(?!.*SV1)"; + # Set a vary header so downstream proxies don't send cached gzipped + # content to IE6 + gzip_vary on; + + # proxy settings + set_real_ip_from 83.167.253.64/27; + set_real_ip_from 10.0.0.0/8; + set_real_ip_from 2a01:430:225::/64; + real_ip_header X-Real-IP; + + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Real-Port $remote_port; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_max_temp_file_size 0; + + proxy_connect_timeout 600; + proxy_send_timeout 600; + proxy_read_timeout 600; + + proxy_buffer_size 512k; + proxy_buffers 4 512k; + proxy_busy_buffers_size 512k; + proxy_temp_file_write_size 512k; + + proxy_temp_path /srv/var/nginx/cache/; + + map $http_x_forwarded_proto $thescheme { + default $scheme; + https https; + } + proxy_set_header X-Forwarded-Proto $thescheme; + + include /srv/conf/nginx.d/*; +} diff --git a/etc/supervisord.conf b/etc/supervisord.conf new file mode 100644 index 0000000..473853c --- /dev/null +++ b/etc/supervisord.conf @@ -0,0 +1,32 @@ +; supervisor config file + +[unix_http_server] +file=/srv/run//supervisor.sock +chmod=0700 + +[supervisord] +logfile=/srv/log/supervisord.log +logfile_maxbytes=2MB +logfile_backups=5 +loglevel=error +pidfile=/srv/run/supervisord.pid +#childlogdir= +user=app + +; the below section must remain in the config file for RPC +; (supervisorctl/web interface) to work, additional interfaces may be +; added by defining them in separate rpcinterface: sections +[rpcinterface:supervisor] +supervisor.rpcinterface_factory = supervisor.rpcinterface:make_main_rpcinterface + +[supervisorctl] +serverurl=unix:///srv/run//supervisor.sock ; use a unix:// URL for a unix socket + +; The [include] section can just contain the "files" setting. This +; setting can list multiple files (separated by whitespace or +; newlines). It can also contain wildcards. The filenames are +; interpreted as relative to this file. Included files *cannot* +; include files themselves. + +[include] +files = /srv/conf/supervisor.d/* diff --git a/etc/vimrc b/etc/vimrc new file mode 100644 index 0000000..43bafae --- /dev/null +++ b/etc/vimrc @@ -0,0 +1,26 @@ +set expandtab +set tabstop=4 +set shiftwidth=4 +set softtabstop=4 +syn on +set noerrorbells +set number +set wildmenu +set pastetoggle= +set scrolloff=3 +set smartindent + +autocmd FileType make set noexpandtab shiftwidth=8 softtabstop=0 + +function! ResCur() + if line("'\"") <= line("$") + normal! g`" + return 1 + endif +endfunction + +augroup resCur + autocmd! + autocmd BufWinEnter * call ResCur() +augroup END + diff --git a/examples/cron/supervisor.conf b/examples/cron/supervisor.conf new file mode 100644 index 0000000..73d20d1 --- /dev/null +++ b/examples/cron/supervisor.conf @@ -0,0 +1,11 @@ +[program:cron] +command=/usr/sbin/cron -f +process_name=cron +autostart=true +autorestart=true +stdout_logfile=/srv/log/cron.log +stdout_logfile_maxbytes=2MB +stdout_logfile_backups=5 +stdout_capture_maxbytes=2MB +stdout_events_enabled=false +redirect_stderr=true diff --git a/examples/default/index.html b/examples/default/index.html new file mode 100644 index 0000000..9920a81 --- /dev/null +++ b/examples/default/index.html @@ -0,0 +1,66 @@ + + + + + + + Roští.cz + + + +
+ +
+
+

Kde to jsem?

+

+

+ Na Roští.cz a prostředí pro vaši aplikaci je připraveno. +

+

Nyní je nutné přihlásit se do kontejneru s vaší aplikací přes SSH a použít příkaz rosti k základnímu nastavení prostředí. Přístupy najdete v naší administraci v info kartě aplikace.

+
+

V případě problémů se prosím obraťte na technickou podporu nebo na dokumentaci.

+

Tým Roští.cz | @rosti_cz

+
+
+ + + diff --git a/examples/dropbear/supervisor.conf b/examples/dropbear/supervisor.conf new file mode 100644 index 0000000..718da6b --- /dev/null +++ b/examples/dropbear/supervisor.conf @@ -0,0 +1,11 @@ +[program:dropbear] +command=/usr/sbin/dropbear -F -w -d /etc/dropbear/dropbear_dss_host_key -r /etc/dropbear/dropbear_rsa_host_key -p 2222 +autostart=true +autorestart=true +process_name=dropbear +stdout_logfile=/srv/log/dropbear.log +stdout_logfile_maxbytes=2MB +stdout_logfile_backups=5 +stdout_capture_maxbytes=2MB +stdout_events_enabled=false +redirect_stderr=true diff --git a/examples/memcached/supervisor.conf b/examples/memcached/supervisor.conf new file mode 100644 index 0000000..5d3776b --- /dev/null +++ b/examples/memcached/supervisor.conf @@ -0,0 +1,11 @@ +[program:memcached] +command=memcached -m 32 -p 11211 -u app -l 127.0.0.1 +process_name=memcached +autostart=true +autorestart=true +stdout_logfile=/srv/log/memcached.log +stdout_logfile_maxbytes=2MB +stdout_logfile_backups=5 +stdout_capture_maxbytes=2MB +stdout_events_enabled=false +redirect_stderr=true diff --git a/examples/nginx/default.conf b/examples/nginx/default.conf new file mode 100644 index 0000000..3ce676c --- /dev/null +++ b/examples/nginx/default.conf @@ -0,0 +1,10 @@ +server { + listen 8000; + + root /opt/examples/default/; + index index.html; + + location / { + try_files $uri $uri/ =404; + } +} diff --git a/examples/nginx/nginx.conf b/examples/nginx/nginx.conf new file mode 100644 index 0000000..fa456d9 --- /dev/null +++ b/examples/nginx/nginx.conf @@ -0,0 +1,13 @@ +server { + listen 0.0.0.0:8000; + listen [::]:8000; + location / { + proxy_pass http://127.0.0.1:8080/; + proxy_redirect default; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header Host $host; + } + #location /static/ { + # alias /srv/static/; + #} +} diff --git a/examples/nginx/supervisor.conf b/examples/nginx/supervisor.conf new file mode 100644 index 0000000..600cf9c --- /dev/null +++ b/examples/nginx/supervisor.conf @@ -0,0 +1,11 @@ +[program:nginx] +command=/usr/sbin/nginx -g "daemon off;" +autostart=true +autorestart=true +process_name=nginx +stdout_logfile=/srv/log/nginx.log +stdout_logfile_maxbytes=2MB +stdout_logfile_backups=5 +stdout_capture_maxbytes=2MB +stdout_events_enabled=false +redirect_stderr=true diff --git a/examples/node/app.js b/examples/node/app.js new file mode 100644 index 0000000..09922b9 --- /dev/null +++ b/examples/node/app.js @@ -0,0 +1,81 @@ +// Load the http module to create an http server. +var http = require('http'); + +// Configure our HTTP server to respond with Hello World to all requests. +var server = http.createServer(function (request, response) { + response.writeHead(200, {"Content-Type": "text/html"}); + response.end(` + + + + + + Roští.cz + + + +
+
+ +
+
+
+

Kde to jsem?

+

+

Na Roští.cz a prostředí pro vaši aplikaci je připraveno.

+

Nyní můžete obsah adresáře /srv/app vymazat a nahradit ho svoji aplikací. +
Nezapomeňte napsat správně soubor package.json a uložit ho do /srv/app/package.json.
+ Podle něj se automaticky nakonfiguruje prostředí a nakonec se vaše aplikace spustí automaticky pomocí npm start.
+ Pokud v package.json něco změníte, nezapomeňte celou aplikaci restartovat z administrace, aby se změny projevily.

+

HTTP server vaší aplikace spusťte na portu 8080. Na jiném nebude fungovat. Původní port 8000 nyní patří Nginxu, za kterým je vaše aplikace schovaná.

+
+

V případě problémů se prosím obraťte na technickou podporu nebo na dokumentaci.

+

Tým Roští.cz | @rosti_cz

+
+
+ + +`); +}); + +// Listen on port 8080, IP defaults to 127.0.0.1 +server.listen(8080); + +// Put a friendly message on the terminal +console.log("Server running at http://127.0.0.1:8080/"); diff --git a/examples/node/package.json b/examples/node/package.json new file mode 100644 index 0000000..b5d0f9b --- /dev/null +++ b/examples/node/package.json @@ -0,0 +1,9 @@ +{ + "name": "welcome", + "version": "0.1.0", + "description": "Welcome page by Roští.cz", + "author": "Adam Štrauch ", + "scripts": { + "start": "/srv/bin/primary_tech/node app.js" + } + } diff --git a/examples/node/supervisor.conf b/examples/node/supervisor.conf new file mode 100644 index 0000000..f039e2b --- /dev/null +++ b/examples/node/supervisor.conf @@ -0,0 +1,14 @@ +[program:app] +command=/srv/bin/primary_tech/npm start +environment=PATH="/srv/bin/primary_tech:/usr/local/bin:/usr/bin:/bin:/srv/.npm-packages/bin" +stopasgroup=true +directory=/srv/app +process_name=app +autostart=true +autorestart=true +stdout_logfile=/srv/log/node.log +stdout_logfile_maxbytes=2MB +stdout_logfile_backups=5 +stdout_capture_maxbytes=2MB +stdout_events_enabled=false +redirect_stderr=true diff --git a/examples/php/index.php b/examples/php/index.php new file mode 100644 index 0000000..bce8b38 --- /dev/null +++ b/examples/php/index.php @@ -0,0 +1,65 @@ + + + + + + + Roští.cz + + + +
+ +
+
+

Kde to jsem?

+

+

+ Na Roští.cz a prostředí pro vaši PHP aplikaci je připraveno. Nyní můžete svůj web nahrát do složky /srv/app. Použijte k tomu SSH či SFTP přístup uvedený v administraci. +

+
+

V případě problémů se prosím obraťte na technickou podporu nebo na dokumentaci.

+

Tým Roští.cz | @rosti_cz

+
+
+ + + diff --git a/examples/php/nginx.conf b/examples/php/nginx.conf new file mode 100644 index 0000000..4502f71 --- /dev/null +++ b/examples/php/nginx.conf @@ -0,0 +1,28 @@ +server { + listen 0.0.0.0:8000; + listen [::]:8000; + + root /srv/app; + index index.php index.html; + + port_in_redirect off; + + + location / { + try_files $uri $uri/ /index.php$is_args$args; + } + + location ~ \.php$ { + try_files $uri =404; + fastcgi_split_path_info ^(.+\.php)(/.+)$; + + fastcgi_pass unix:/srv/run/php-fpm.sock; + fastcgi_index index.php; + include fastcgi_params; + fastcgi_param SCRIPT_FILENAME $document_root/$fastcgi_script_name; + } + + #location /static/ { + # alias /srv/static/; + #} +} diff --git a/examples/php/php-fpm.conf b/examples/php/php-fpm.conf new file mode 100644 index 0000000..972a6ac --- /dev/null +++ b/examples/php/php-fpm.conf @@ -0,0 +1,125 @@ +;;;;;;;;;;;;;;;;;;;;; +; FPM Configuration ; +;;;;;;;;;;;;;;;;;;;;; + +; All relative paths in this configuration file are relative to PHP's install +; prefix (/usr). This prefix can be dynamically changed by using the +; '-p' argument from the command line. + +;;;;;;;;;;;;;;;;;; +; Global Options ; +;;;;;;;;;;;;;;;;;; + +[global] +; Pid file +; Note: the default prefix is /var +; Default Value: none +pid = /srv/run/php-fpm.pid + +; Error log file +; If it's set to "syslog", log is sent to syslogd instead of being written +; in a local file. +; Note: the default prefix is /var +; Default Value: log/php-fpm.log +error_log = /proc/self/fd/2 + +; syslog_facility is used to specify what type of program is logging the +; message. This lets syslogd specify that messages from different facilities +; will be handled differently. +; See syslog(3) for possible values (ex daemon equiv LOG_DAEMON) +; Default Value: daemon +;syslog.facility = daemon + +; syslog_ident is prepended to every message. If you have multiple FPM +; instances running on the same server, you can change the default value +; which must suit common needs. +; Default Value: php-fpm +;syslog.ident = php-fpm + +; Log level +; Possible Values: alert, error, warning, notice, debug +; Default Value: notice +;log_level = notice + +; If this number of child processes exit with SIGSEGV or SIGBUS within the time +; interval set by emergency_restart_interval then FPM will restart. A value +; of '0' means 'Off'. +; Default Value: 0 +;emergency_restart_threshold = 0 + +; Interval of time used by emergency_restart_interval to determine when +; a graceful restart will be initiated. This can be useful to work around +; accidental corruptions in an accelerator's shared memory. +; Available Units: s(econds), m(inutes), h(ours), or d(ays) +; Default Unit: seconds +; Default Value: 0 +;emergency_restart_interval = 0 + +; Time limit for child processes to wait for a reaction on signals from master. +; Available units: s(econds), m(inutes), h(ours), or d(ays) +; Default Unit: seconds +; Default Value: 0 +;process_control_timeout = 0 + +; The maximum number of processes FPM will fork. This has been design to control +; the global number of processes when using dynamic PM within a lot of pools. +; Use it with caution. +; Note: A value of 0 indicates no limit +; Default Value: 0 +; process.max = 128 + +; Specify the nice(2) priority to apply to the master process (only if set) +; The value can vary from -19 (highest priority) to 20 (lower priority) +; Note: - It will only work if the FPM master process is launched as root +; - The pool process will inherit the master process priority +; unless it specified otherwise +; Default Value: no set +; process.priority = -19 + +; Send FPM to background. Set to 'no' to keep FPM in foreground for debugging. +; Default Value: yes +;daemonize = yes + +; Set open file descriptor rlimit for the master process. +; Default Value: system defined value +;rlimit_files = 1024 + +; Set max core size rlimit for the master process. +; Possible Values: 'unlimited' or an integer greater or equal to 0 +; Default Value: system defined value +;rlimit_core = 0 + +; Specify the event mechanism FPM will use. The following is available: +; - select (any POSIX os) +; - poll (any POSIX os) +; - epoll (linux >= 2.5.44) +; - kqueue (FreeBSD >= 4.1, OpenBSD >= 2.9, NetBSD >= 2.0) +; - /dev/poll (Solaris >= 7) +; - port (Solaris >= 10) +; Default Value: not set (auto detection) +;events.mechanism = epoll + +; When FPM is build with systemd integration, specify the interval, +; in second, between health report notification to systemd. +; Set to 0 to disable. +; Available Units: s(econds), m(inutes), h(ours) +; Default Unit: seconds +; Default value: 10 +;systemd_interval = 10 + +;;;;;;;;;;;;;;;;;;;; +; Pool Definitions ; +;;;;;;;;;;;;;;;;;;;; + +; Multiple pools of child processes may be started with different listening +; ports and different management options. The name of the pool will be +; used in logs and stats. There is no limitation on the number of pools which +; FPM can handle. Your system will tell you anyway :) + +; Include one or more files. If glob(3) exists, it is used to include a bunch of +; files from a glob(3) pattern. This directive can be used everywhere in the +; file. +; Relative path can also be used. They will be prefixed by: +; - the global prefix if it's been set (-p argument) +; - /usr otherwise +include=/srv/conf/php-fpm/pool.d/*.conf diff --git a/examples/php/php.ini b/examples/php/php.ini new file mode 100644 index 0000000..b326dde --- /dev/null +++ b/examples/php/php.ini @@ -0,0 +1,10 @@ +error_log = /proc/self/fd/2 +memory_limit = 256M +post_max_size = 256M +upload_max_filesize = 256M +max_file_uploads = 20 +max_execution_time = 30 +allow_url_fopen = Off +display_errors = On +date.timezone = "Europe/Prague" +catch_workers_output = On diff --git a/examples/php/pool_app.conf b/examples/php/pool_app.conf new file mode 100644 index 0000000..4cd00a9 --- /dev/null +++ b/examples/php/pool_app.conf @@ -0,0 +1,413 @@ +; Start a new pool named 'www'. +; the variable $pool can we used in any directive and will be replaced by the +; pool name ('www' here) +[www] + +; Per pool prefix +; It only applies on the following directives: +; - 'access.log' +; - 'slowlog' +; - 'listen' (unixsocket) +; - 'chroot' +; - 'chdir' +; - 'php_values' +; - 'php_admin_values' +; When not set, the global prefix (or /usr) applies instead. +; Note: This directive can also be relative to the global prefix. +; Default Value: none +;prefix = /path/to/pools/$pool + +; Unix user/group of processes +; Note: The user is mandatory. If the group is not set, the default user's group +; will be used. +user = app +group = app + +; The address on which to accept FastCGI requests. +; Valid syntaxes are: +; 'ip.add.re.ss:port' - to listen on a TCP socket to a specific IPv4 address on +; a specific port; +; '[ip:6:addr:ess]:port' - to listen on a TCP socket to a specific IPv6 address on +; a specific port; +; 'port' - to listen on a TCP socket to all addresses +; (IPv6 and IPv4-mapped) on a specific port; +; '/path/to/unix/socket' - to listen on a unix socket. +; Note: This value is mandatory. +listen = /srv/run/php-fpm.sock + +; Set listen(2) backlog. +; Default Value: 511 (-1 on FreeBSD and OpenBSD) +;listen.backlog = 511 + +; Set permissions for unix socket, if one is used. In Linux, read/write +; permissions must be set in order to allow connections from a web server. Many +; BSD-derived systems allow connections regardless of permissions. +; Default Values: user and group are set as the running user +; mode is set to 0660 +listen.owner = app +listen.group = app +;listen.mode = 0660 +; When POSIX Access Control Lists are supported you can set them using +; these options, value is a comma separated list of user/group names. +; When set, listen.owner and listen.group are ignored +;listen.acl_users = +;listen.acl_groups = + +; List of addresses (IPv4/IPv6) of FastCGI clients which are allowed to connect. +; Equivalent to the FCGI_WEB_SERVER_ADDRS environment variable in the original +; PHP FCGI (5.2.2+). Makes sense only with a tcp listening socket. Each address +; must be separated by a comma. If this value is left blank, connections will be +; accepted from any ip address. +; Default Value: any +;listen.allowed_clients = 127.0.0.1 + +; Specify the nice(2) priority to apply to the pool processes (only if set) +; The value can vary from -19 (highest priority) to 20 (lower priority) +; Note: - It will only work if the FPM master process is launched as root +; - The pool processes will inherit the master process priority +; unless it specified otherwise +; Default Value: no set +; process.priority = -19 + +; Choose how the process manager will control the number of child processes. +; Possible Values: +; static - a fixed number (pm.max_children) of child processes; +; dynamic - the number of child processes are set dynamically based on the +; following directives. With this process management, there will be +; always at least 1 children. +; pm.max_children - the maximum number of children that can +; be alive at the same time. +; pm.start_servers - the number of children created on startup. +; pm.min_spare_servers - the minimum number of children in 'idle' +; state (waiting to process). If the number +; of 'idle' processes is less than this +; number then some children will be created. +; pm.max_spare_servers - the maximum number of children in 'idle' +; state (waiting to process). If the number +; of 'idle' processes is greater than this +; number then some children will be killed. +; ondemand - no children are created at startup. Children will be forked when +; new requests will connect. The following parameter are used: +; pm.max_children - the maximum number of children that +; can be alive at the same time. +; pm.process_idle_timeout - The number of seconds after which +; an idle process will be killed. +; Note: This value is mandatory. +pm = dynamic + +; The number of child processes to be created when pm is set to 'static' and the +; maximum number of child processes when pm is set to 'dynamic' or 'ondemand'. +; This value sets the limit on the number of simultaneous requests that will be +; served. Equivalent to the ApacheMaxClients directive with mpm_prefork. +; Equivalent to the PHP_FCGI_CHILDREN environment variable in the original PHP +; CGI. The below defaults are based on a server without much resources. Don't +; forget to tweak pm.* to fit your needs. +; Note: Used when pm is set to 'static', 'dynamic' or 'ondemand' +; Note: This value is mandatory. +pm.max_children = 5 + +; The number of child processes created on startup. +; Note: Used only when pm is set to 'dynamic' +; Default Value: min_spare_servers + (max_spare_servers - min_spare_servers) / 2 +pm.start_servers = 2 + +; The desired minimum number of idle server processes. +; Note: Used only when pm is set to 'dynamic' +; Note: Mandatory when pm is set to 'dynamic' +pm.min_spare_servers = 1 + +; The desired maximum number of idle server processes. +; Note: Used only when pm is set to 'dynamic' +; Note: Mandatory when pm is set to 'dynamic' +pm.max_spare_servers = 3 + +; The number of seconds after which an idle process will be killed. +; Note: Used only when pm is set to 'ondemand' +; Default Value: 10s +;pm.process_idle_timeout = 10s; + +; The number of requests each child process should execute before respawning. +; This can be useful to work around memory leaks in 3rd party libraries. For +; endless request processing specify '0'. Equivalent to PHP_FCGI_MAX_REQUESTS. +; Default Value: 0 +;pm.max_requests = 500 + +; The URI to view the FPM status page. If this value is not set, no URI will be +; recognized as a status page. It shows the following informations: +; pool - the name of the pool; +; process manager - static, dynamic or ondemand; +; start time - the date and time FPM has started; +; start since - number of seconds since FPM has started; +; accepted conn - the number of request accepted by the pool; +; listen queue - the number of request in the queue of pending +; connections (see backlog in listen(2)); +; max listen queue - the maximum number of requests in the queue +; of pending connections since FPM has started; +; listen queue len - the size of the socket queue of pending connections; +; idle processes - the number of idle processes; +; active processes - the number of active processes; +; total processes - the number of idle + active processes; +; max active processes - the maximum number of active processes since FPM +; has started; +; max children reached - number of times, the process limit has been reached, +; when pm tries to start more children (works only for +; pm 'dynamic' and 'ondemand'); +; Value are updated in real time. +; Example output: +; pool: www +; process manager: static +; start time: 01/Jul/2011:17:53:49 +0200 +; start since: 62636 +; accepted conn: 190460 +; listen queue: 0 +; max listen queue: 1 +; listen queue len: 42 +; idle processes: 4 +; active processes: 11 +; total processes: 15 +; max active processes: 12 +; max children reached: 0 +; +; By default the status page output is formatted as text/plain. Passing either +; 'html', 'xml' or 'json' in the query string will return the corresponding +; output syntax. Example: +; http://www.foo.bar/status +; http://www.foo.bar/status?json +; http://www.foo.bar/status?html +; http://www.foo.bar/status?xml +; +; By default the status page only outputs short status. Passing 'full' in the +; query string will also return status for each pool process. +; Example: +; http://www.foo.bar/status?full +; http://www.foo.bar/status?json&full +; http://www.foo.bar/status?html&full +; http://www.foo.bar/status?xml&full +; The Full status returns for each process: +; pid - the PID of the process; +; state - the state of the process (Idle, Running, ...); +; start time - the date and time the process has started; +; start since - the number of seconds since the process has started; +; requests - the number of requests the process has served; +; request duration - the duration in µs of the requests; +; request method - the request method (GET, POST, ...); +; request URI - the request URI with the query string; +; content length - the content length of the request (only with POST); +; user - the user (PHP_AUTH_USER) (or '-' if not set); +; script - the main script called (or '-' if not set); +; last request cpu - the %cpu the last request consumed +; it's always 0 if the process is not in Idle state +; because CPU calculation is done when the request +; processing has terminated; +; last request memory - the max amount of memory the last request consumed +; it's always 0 if the process is not in Idle state +; because memory calculation is done when the request +; processing has terminated; +; If the process is in Idle state, then informations are related to the +; last request the process has served. Otherwise informations are related to +; the current request being served. +; Example output: +; ************************ +; pid: 31330 +; state: Running +; start time: 01/Jul/2011:17:53:49 +0200 +; start since: 63087 +; requests: 12808 +; request duration: 1250261 +; request method: GET +; request URI: /test_mem.php?N=10000 +; content length: 0 +; user: - +; script: /home/fat/web/docs/php/test_mem.php +; last request cpu: 0.00 +; last request memory: 0 +; +; Note: There is a real-time FPM status monitoring sample web page available +; It's available in: /usr/share/php/7.0/fpm/status.html +; +; Note: The value must start with a leading slash (/). The value can be +; anything, but it may not be a good idea to use the .php extension or it +; may conflict with a real PHP file. +; Default Value: not set +;pm.status_path = /status + +; The ping URI to call the monitoring page of FPM. If this value is not set, no +; URI will be recognized as a ping page. This could be used to test from outside +; that FPM is alive and responding, or to +; - create a graph of FPM availability (rrd or such); +; - remove a server from a group if it is not responding (load balancing); +; - trigger alerts for the operating team (24/7). +; Note: The value must start with a leading slash (/). The value can be +; anything, but it may not be a good idea to use the .php extension or it +; may conflict with a real PHP file. +; Default Value: not set +;ping.path = /ping + +; This directive may be used to customize the response of a ping request. The +; response is formatted as text/plain with a 200 response code. +; Default Value: pong +;ping.response = pong + +; The access log file +; Default: not set +;access.log = log/$pool.access.log + +; The access log format. +; The following syntax is allowed +; %%: the '%' character +; %C: %CPU used by the request +; it can accept the following format: +; - %{user}C for user CPU only +; - %{system}C for system CPU only +; - %{total}C for user + system CPU (default) +; %d: time taken to serve the request +; it can accept the following format: +; - %{seconds}d (default) +; - %{miliseconds}d +; - %{mili}d +; - %{microseconds}d +; - %{micro}d +; %e: an environment variable (same as $_ENV or $_SERVER) +; it must be associated with embraces to specify the name of the env +; variable. Some exemples: +; - server specifics like: %{REQUEST_METHOD}e or %{SERVER_PROTOCOL}e +; - HTTP headers like: %{HTTP_HOST}e or %{HTTP_USER_AGENT}e +; %f: script filename +; %l: content-length of the request (for POST request only) +; %m: request method +; %M: peak of memory allocated by PHP +; it can accept the following format: +; - %{bytes}M (default) +; - %{kilobytes}M +; - %{kilo}M +; - %{megabytes}M +; - %{mega}M +; %n: pool name +; %o: output header +; it must be associated with embraces to specify the name of the header: +; - %{Content-Type}o +; - %{X-Powered-By}o +; - %{Transfert-Encoding}o +; - .... +; %p: PID of the child that serviced the request +; %P: PID of the parent of the child that serviced the request +; %q: the query string +; %Q: the '?' character if query string exists +; %r: the request URI (without the query string, see %q and %Q) +; %R: remote IP address +; %s: status (response code) +; %t: server time the request was received +; it can accept a strftime(3) format: +; %d/%b/%Y:%H:%M:%S %z (default) +; The strftime(3) format must be encapsuled in a %{}t tag +; e.g. for a ISO8601 formatted timestring, use: %{%Y-%m-%dT%H:%M:%S%z}t +; %T: time the log has been written (the request has finished) +; it can accept a strftime(3) format: +; %d/%b/%Y:%H:%M:%S %z (default) +; The strftime(3) format must be encapsuled in a %{}t tag +; e.g. for a ISO8601 formatted timestring, use: %{%Y-%m-%dT%H:%M:%S%z}t +; %u: remote user +; +; Default: "%R - %u %t \"%m %r\" %s" +;access.format = "%R - %u %t \"%m %r%Q%q\" %s %f %{mili}d %{kilo}M %C%%" + +; The log file for slow requests +; Default Value: not set +; Note: slowlog is mandatory if request_slowlog_timeout is set +;slowlog = log/$pool.log.slow + +; The timeout for serving a single request after which a PHP backtrace will be +; dumped to the 'slowlog' file. A value of '0s' means 'off'. +; Available units: s(econds)(default), m(inutes), h(ours), or d(ays) +; Default Value: 0 +;request_slowlog_timeout = 0 + +; The timeout for serving a single request after which the worker process will +; be killed. This option should be used when the 'max_execution_time' ini option +; does not stop script execution for some reason. A value of '0' means 'off'. +; Available units: s(econds)(default), m(inutes), h(ours), or d(ays) +; Default Value: 0 +;request_terminate_timeout = 0 + +; Set open file descriptor rlimit. +; Default Value: system defined value +;rlimit_files = 1024 + +; Set max core size rlimit. +; Possible Values: 'unlimited' or an integer greater or equal to 0 +; Default Value: system defined value +;rlimit_core = 0 + +; Chroot to this directory at the start. This value must be defined as an +; absolute path. When this value is not set, chroot is not used. +; Note: you can prefix with '$prefix' to chroot to the pool prefix or one +; of its subdirectories. If the pool prefix is not set, the global prefix +; will be used instead. +; Note: chrooting is a great security feature and should be used whenever +; possible. However, all PHP paths will be relative to the chroot +; (error_log, sessions.save_path, ...). +; Default Value: not set +;chroot = + +; Chdir to this directory at the start. +; Note: relative path can be used. +; Default Value: current directory or / when chroot +;chdir = /var/www + +; Redirect worker stdout and stderr into main error log. If not set, stdout and +; stderr will be redirected to /dev/null according to FastCGI specs. +; Note: on highloaded environement, this can cause some delay in the page +; process time (several ms). +; Default Value: no +;catch_workers_output = yes + +; Clear environment in FPM workers +; Prevents arbitrary environment variables from reaching FPM worker processes +; by clearing the environment in workers before env vars specified in this +; pool configuration are added. +; Setting to "no" will make all environment variables available to PHP code +; via getenv(), $_ENV and $_SERVER. +; Default Value: yes +;clear_env = no + +; Limits the extensions of the main script FPM will allow to parse. This can +; prevent configuration mistakes on the web server side. You should only limit +; FPM to .php extensions to prevent malicious users to use other extensions to +; exectute php code. +; Note: set an empty value to allow all extensions. +; Default Value: .php +;security.limit_extensions = .php .php3 .php4 .php5 .php7 + +; Pass environment variables like LD_LIBRARY_PATH. All $VARIABLEs are taken from +; the current environment. +; Default Value: clean env +;env[HOSTNAME] = $HOSTNAME +;env[PATH] = /usr/local/bin:/usr/bin:/bin +;env[TMP] = /tmp +;env[TMPDIR] = /tmp +;env[TEMP] = /tmp + +; Additional php.ini defines, specific to this pool of workers. These settings +; overwrite the values previously defined in the php.ini. The directives are the +; same as the PHP SAPI: +; php_value/php_flag - you can set classic ini defines which can +; be overwritten from PHP call 'ini_set'. +; php_admin_value/php_admin_flag - these directives won't be overwritten by +; PHP call 'ini_set' +; For php_*flag, valid values are on, off, 1, 0, true, false, yes or no. + +; Defining 'extension' will load the corresponding shared extension from +; extension_dir. Defining 'disable_functions' or 'disable_classes' will not +; overwrite previously defined php.ini values, but will append the new value +; instead. + +; Note: path INI options can be relative and will be expanded with the prefix +; (pool, global or /usr) + +; Default Value: nothing is defined by default except the values in php.ini and +; specified at startup with the -d argument +;php_admin_value[sendmail_path] = /usr/sbin/sendmail -t -i -f www@my.domain.com +;php_flag[display_errors] = off +;php_admin_value[error_log] = /var/log/fpm-php.www.log +;php_admin_flag[log_errors] = on +;php_admin_value[memory_limit] = 32M diff --git a/examples/php/supervisor.conf b/examples/php/supervisor.conf new file mode 100644 index 0000000..216df42 --- /dev/null +++ b/examples/php/supervisor.conf @@ -0,0 +1,10 @@ + +[program:app] +command=/srv/bin/primary_tech/php-fpm -F -O -g /srv/run/php-fpm.pid -y /srv/conf/php-fpm/php-fpm.conf +directory=/srv/app +autostart=true +autorestart=true +stdout_logfile=/srv/log/app.log +stdout_logfile_maxbytes=2MB +stdout_logfile_backups=5 +redirect_stderr=true diff --git a/examples/python/app.py b/examples/python/app.py new file mode 100644 index 0000000..e081d3a --- /dev/null +++ b/examples/python/app.py @@ -0,0 +1,95 @@ +#coding: utf-8 + +import bottle + +content = """ + + + + + + + Roští.cz + + + +
+ +
+
+

Kde to jsem?

+

+

+ Na Roští.cz a prostředí pro vaši aplikaci je připraveno. Nyní můžete obsah adresáře /srv/app vymazat a nahradit ho svoji aplikací. K aplikaci také nezapomeňte nahrát soubor app.py (místo tohoto) a vložit do něj volání své aplikace pro webový server gunicorn. +

+

+ Nejčastěji naši uživatelé používají Django. V takovém případě vypadá soubor app.py takto: +

+ 
+import os
+
+# Pokud se settings nachází v /srv/app/moje_aplikace,
+# bude obsah pro DJANGO_SETTINGS_MODULE: moje_aplikace.settings
+os.environ.setdefault("DJANGO_SETTINGS_MODULE", "moje_aplikace.settings")
+
+from django.core.wsgi import get_wsgi_application
+application = get_wsgi_application()
+
+ +

Příkladem vám může být i aktuální app.py, přes který se vám zobrazila tato stránka. V něm používáme framework bottle.

+

Pravděpodobně nemáte svou aplikaci bez závislostí, takže během příprav spuštění vaší aplikace nezapomeňte nahrát soubor requirements.txt do adresáře /srv/app/. Po restartu kontejneru proběhne instalace závislostí automaticky.

+

Do souboru /srv/app/init.sh můžete napsat příkazy, které se mají spustit po každém restart kontejneru. Můžete si tak usnadnit třeba deployment.

+
+

V případě problémů se prosím obraťte na technickou podporu nebo na dokumentaci.

+

Tým Roští.cz | @rosti_cz

+
+
+ + + + +""" + +@bottle.route('/') +def home(): + return content + +application = bottle.default_app() diff --git a/examples/python/supervisor.conf b/examples/python/supervisor.conf new file mode 100644 index 0000000..764dca5 --- /dev/null +++ b/examples/python/supervisor.conf @@ -0,0 +1,9 @@ +[program:app] +command=/srv/venv/bin/gunicorn -u app -g app -b 0.0.0.0:8080 --access-logfile - --error-logfile - --reload app +directory=/srv/app +autostart=true +autorestart=true +stdout_logfile=/srv/log/python.log +stdout_logfile_maxbytes=2MB +stdout_logfile_backups=5 +redirect_stderr=true diff --git a/examples/redis/redis.conf b/examples/redis/redis.conf new file mode 100644 index 0000000..0ecf4a2 --- /dev/null +++ b/examples/redis/redis.conf @@ -0,0 +1,761 @@ +# Redis configuration file example + +# Note on units: when memory size is needed, it is possible to specify +# it in the usual form of 1k 5GB 4M and so forth: +# +# 1k => 1000 bytes +# 1kb => 1024 bytes +# 1m => 1000000 bytes +# 1mb => 1024*1024 bytes +# 1g => 1000000000 bytes +# 1gb => 1024*1024*1024 bytes +# +# units are case insensitive so 1GB 1Gb 1gB are all the same. + +################################## INCLUDES ################################### + +# Include one or more other config files here. This is useful if you +# have a standard template that goes to all Redis server but also need +# to customize a few per-server settings. Include files can include +# other files, so use this wisely. +# +# Notice option "include" won't be rewritten by command "CONFIG REWRITE" +# from admin or Redis Sentinel. Since Redis always uses the last processed +# line as value of a configuration directive, you'd better put includes +# at the beginning of this file to avoid overwriting config change at runtime. +# +# If instead you are interested in using includes to override configuration +# options, it is better to use include as the last line. +# +# include /path/to/local.conf +# include /path/to/other.conf + +################################ GENERAL ##################################### + +# By default Redis does not run as a daemon. Use 'yes' if you need it. +# Note that Redis will write a pid file in /var/run/redis.pid when daemonized. +daemonize no + +# When running daemonized, Redis writes a pid file in /var/run/redis.pid by +# default. You can specify a custom pid file location here. +pidfile /srv/run/redis/redis-server.pid + +# Accept connections on the specified port, default is 6379. +# If port 0 is specified Redis will not listen on a TCP socket. +port 6379 + +# TCP listen() backlog. +# +# In high requests-per-second environments you need an high backlog in order +# to avoid slow clients connections issues. Note that the Linux kernel +# will silently truncate it to the value of /proc/sys/net/core/somaxconn so +# make sure to raise both the value of somaxconn and tcp_max_syn_backlog +# in order to get the desired effect. +tcp-backlog 511 + +# By default Redis listens for connections from all the network interfaces +# available on the server. It is possible to listen to just one or multiple +# interfaces using the "bind" configuration directive, followed by one or +# more IP addresses. +# +# Examples: +# +# bind 192.168.1.100 10.0.0.1 +bind 127.0.0.1 + +# Specify the path for the Unix socket that will be used to listen for +# incoming connections. There is no default, so Redis will not listen +# on a unix socket when not specified. +# +# unixsocket /tmp/redis.sock +# unixsocketperm 700 + +# Close the connection after a client is idle for N seconds (0 to disable) +timeout 0 + +# TCP keepalive. +# +# If non-zero, use SO_KEEPALIVE to send TCP ACKs to clients in absence +# of communication. This is useful for two reasons: +# +# 1) Detect dead peers. +# 2) Take the connection alive from the point of view of network +# equipment in the middle. +# +# On Linux, the specified value (in seconds) is the period used to send ACKs. +# Note that to close the connection the double of the time is needed. +# On other kernels the period depends on the kernel configuration. +# +# A reasonable value for this option is 60 seconds. +tcp-keepalive 0 + +# Specify the server verbosity level. +# This can be one of: +# debug (a lot of information, useful for development/testing) +# verbose (many rarely useful info, but not a mess like the debug level) +# notice (moderately verbose, what you want in production probably) +# warning (only very important / critical messages are logged) +loglevel warning + +# Specify the log file name. Also the empty string can be used to force +# Redis to log on the standard output. Note that if you use standard +# output for logging but daemonize, logs will be sent to /dev/null +# logfile + +# To enable logging to the system logger, just set 'syslog-enabled' to yes, +# and optionally update the other syslog parameters to suit your needs. +# syslog-enabled no + +# Specify the syslog identity. +# syslog-ident redis + +# Specify the syslog facility. Must be USER or between LOCAL0-LOCAL7. +# syslog-facility local0 + +# Set the number of databases. The default database is DB 0, you can select +# a different one on a per-connection basis using SELECT where +# dbid is a number between 0 and 'databases'-1 +databases 16 + +################################ SNAPSHOTTING ################################ +# +# Save the DB on disk: +# +# save +# +# Will save the DB if both the given number of seconds and the given +# number of write operations against the DB occurred. +# +# In the example below the behaviour will be to save: +# after 900 sec (15 min) if at least 1 key changed +# after 300 sec (5 min) if at least 10 keys changed +# after 60 sec if at least 10000 keys changed +# +# Note: you can disable saving at all commenting all the "save" lines. +# +# It is also possible to remove all the previously configured save +# points by adding a save directive with a single empty string argument +# like in the following example: +# +# save "" + +save 900 1 +save 300 10 +save 60 10000 + +# By default Redis will stop accepting writes if RDB snapshots are enabled +# (at least one save point) and the latest background save failed. +# This will make the user aware (in a hard way) that data is not persisting +# on disk properly, otherwise chances are that no one will notice and some +# disaster will happen. +# +# If the background saving process will start working again Redis will +# automatically allow writes again. +# +# However if you have setup your proper monitoring of the Redis server +# and persistence, you may want to disable this feature so that Redis will +# continue to work as usual even if there are problems with disk, +# permissions, and so forth. +stop-writes-on-bgsave-error yes + +# Compress string objects using LZF when dump .rdb databases? +# For default that's set to 'yes' as it's almost always a win. +# If you want to save some CPU in the saving child set it to 'no' but +# the dataset will likely be bigger if you have compressible values or keys. +rdbcompression yes + +# Since version 5 of RDB a CRC64 checksum is placed at the end of the file. +# This makes the format more resistant to corruption but there is a performance +# hit to pay (around 10%) when saving and loading RDB files, so you can disable it +# for maximum performances. +# +# RDB files created with checksum disabled have a checksum of zero that will +# tell the loading code to skip the check. +rdbchecksum yes + +# The filename where to dump the DB +dbfilename dump.rdb + +# The working directory. +# +# The DB will be written inside this directory, with the filename specified +# above using the 'dbfilename' configuration directive. +# +# The Append Only File will also be created inside this directory. +# +# Note that you must specify a directory here, not a file name. +dir /srv/var/redis + +################################# REPLICATION ################################# + +# Master-Slave replication. Use slaveof to make a Redis instance a copy of +# another Redis server. A few things to understand ASAP about Redis replication. +# +# 1) Redis replication is asynchronous, but you can configure a master to +# stop accepting writes if it appears to be not connected with at least +# a given number of slaves. +# 2) Redis slaves are able to perform a partial resynchronization with the +# master if the replication link is lost for a relatively small amount of +# time. You may want to configure the replication backlog size (see the next +# sections of this file) with a sensible value depending on your needs. +# 3) Replication is automatic and does not need user intervention. After a +# network partition slaves automatically try to reconnect to masters +# and resynchronize with them. +# +# slaveof + +# If the master is password protected (using the "requirepass" configuration +# directive below) it is possible to tell the slave to authenticate before +# starting the replication synchronization process, otherwise the master will +# refuse the slave request. +# +# masterauth + +# When a slave loses its connection with the master, or when the replication +# is still in progress, the slave can act in two different ways: +# +# 1) if slave-serve-stale-data is set to 'yes' (the default) the slave will +# still reply to client requests, possibly with out of date data, or the +# data set may just be empty if this is the first synchronization. +# +# 2) if slave-serve-stale-data is set to 'no' the slave will reply with +# an error "SYNC with master in progress" to all the kind of commands +# but to INFO and SLAVEOF. +# +slave-serve-stale-data yes + +# You can configure a slave instance to accept writes or not. Writing against +# a slave instance may be useful to store some ephemeral data (because data +# written on a slave will be easily deleted after resync with the master) but +# may also cause problems if clients are writing to it because of a +# misconfiguration. +# +# Since Redis 2.6 by default slaves are read-only. +# +# Note: read only slaves are not designed to be exposed to untrusted clients +# on the internet. It's just a protection layer against misuse of the instance. +# Still a read only slave exports by default all the administrative commands +# such as CONFIG, DEBUG, and so forth. To a limited extent you can improve +# security of read only slaves using 'rename-command' to shadow all the +# administrative / dangerous commands. +slave-read-only yes + +# Slaves send PINGs to server in a predefined interval. It's possible to change +# this interval with the repl_ping_slave_period option. The default value is 10 +# seconds. +# +# repl-ping-slave-period 10 + +# The following option sets the replication timeout for: +# +# 1) Bulk transfer I/O during SYNC, from the point of view of slave. +# 2) Master timeout from the point of view of slaves (data, pings). +# 3) Slave timeout from the point of view of masters (REPLCONF ACK pings). +# +# It is important to make sure that this value is greater than the value +# specified for repl-ping-slave-period otherwise a timeout will be detected +# every time there is low traffic between the master and the slave. +# +# repl-timeout 60 + +# Disable TCP_NODELAY on the slave socket after SYNC? +# +# If you select "yes" Redis will use a smaller number of TCP packets and +# less bandwidth to send data to slaves. But this can add a delay for +# the data to appear on the slave side, up to 40 milliseconds with +# Linux kernels using a default configuration. +# +# If you select "no" the delay for data to appear on the slave side will +# be reduced but more bandwidth will be used for replication. +# +# By default we optimize for low latency, but in very high traffic conditions +# or when the master and slaves are many hops away, turning this to "yes" may +# be a good idea. +repl-disable-tcp-nodelay no + +# Set the replication backlog size. The backlog is a buffer that accumulates +# slave data when slaves are disconnected for some time, so that when a slave +# wants to reconnect again, often a full resync is not needed, but a partial +# resync is enough, just passing the portion of data the slave missed while +# disconnected. +# +# The biggest the replication backlog, the longer the time the slave can be +# disconnected and later be able to perform a partial resynchronization. +# +# The backlog is only allocated once there is at least a slave connected. +# +# repl-backlog-size 1mb + +# After a master has no longer connected slaves for some time, the backlog +# will be freed. The following option configures the amount of seconds that +# need to elapse, starting from the time the last slave disconnected, for +# the backlog buffer to be freed. +# +# A value of 0 means to never release the backlog. +# +# repl-backlog-ttl 3600 + +# The slave priority is an integer number published by Redis in the INFO output. +# It is used by Redis Sentinel in order to select a slave to promote into a +# master if the master is no longer working correctly. +# +# A slave with a low priority number is considered better for promotion, so +# for instance if there are three slaves with priority 10, 100, 25 Sentinel will +# pick the one with priority 10, that is the lowest. +# +# However a special priority of 0 marks the slave as not able to perform the +# role of master, so a slave with priority of 0 will never be selected by +# Redis Sentinel for promotion. +# +# By default the priority is 100. +slave-priority 100 + +# It is possible for a master to stop accepting writes if there are less than +# N slaves connected, having a lag less or equal than M seconds. +# +# The N slaves need to be in "online" state. +# +# The lag in seconds, that must be <= the specified value, is calculated from +# the last ping received from the slave, that is usually sent every second. +# +# This option does not GUARANTEES that N replicas will accept the write, but +# will limit the window of exposure for lost writes in case not enough slaves +# are available, to the specified number of seconds. +# +# For example to require at least 3 slaves with a lag <= 10 seconds use: +# +# min-slaves-to-write 3 +# min-slaves-max-lag 10 +# +# Setting one or the other to 0 disables the feature. +# +# By default min-slaves-to-write is set to 0 (feature disabled) and +# min-slaves-max-lag is set to 10. + +################################## SECURITY ################################### + +# Require clients to issue AUTH before processing any other +# commands. This might be useful in environments in which you do not trust +# others with access to the host running redis-server. +# +# This should stay commented out for backward compatibility and because most +# people do not need auth (e.g. they run their own servers). +# +# Warning: since Redis is pretty fast an outside user can try up to +# 150k passwords per second against a good box. This means that you should +# use a very strong password otherwise it will be very easy to break. +# +# requirepass foobared + +# Command renaming. +# +# It is possible to change the name of dangerous commands in a shared +# environment. For instance the CONFIG command may be renamed into something +# hard to guess so that it will still be available for internal-use tools +# but not available for general clients. +# +# Example: +# +# rename-command CONFIG b840fc02d524045429941cc15f59e41cb7be6c52 +# +# It is also possible to completely kill a command by renaming it into +# an empty string: +# +# rename-command CONFIG "" +# +# Please note that changing the name of commands that are logged into the +# AOF file or transmitted to slaves may cause problems. + +################################### LIMITS #################################### + +# Set the max number of connected clients at the same time. By default +# this limit is set to 10000 clients, however if the Redis server is not +# able to configure the process file limit to allow for the specified limit +# the max number of allowed clients is set to the current file limit +# minus 32 (as Redis reserves a few file descriptors for internal uses). +# +# Once the limit is reached Redis will close all the new connections sending +# an error 'max number of clients reached'. +# +# maxclients 10000 + +# Don't use more memory than the specified amount of bytes. +# When the memory limit is reached Redis will try to remove keys +# according to the eviction policy selected (see maxmemory-policy). +# +# If Redis can't remove keys according to the policy, or if the policy is +# set to 'noeviction', Redis will start to reply with errors to commands +# that would use more memory, like SET, LPUSH, and so on, and will continue +# to reply to read-only commands like GET. +# +# This option is usually useful when using Redis as an LRU cache, or to set +# a hard memory limit for an instance (using the 'noeviction' policy). +# +# WARNING: If you have slaves attached to an instance with maxmemory on, +# the size of the output buffers needed to feed the slaves are subtracted +# from the used memory count, so that network problems / resyncs will +# not trigger a loop where keys are evicted, and in turn the output +# buffer of slaves is full with DELs of keys evicted triggering the deletion +# of more keys, and so forth until the database is completely emptied. +# +# In short... if you have slaves attached it is suggested that you set a lower +# limit for maxmemory so that there is some free RAM on the system for slave +# output buffers (but this is not needed if the policy is 'noeviction'). +# +# maxmemory + +# MAXMEMORY POLICY: how Redis will select what to remove when maxmemory +# is reached. You can select among five behaviors: +# +# volatile-lru -> remove the key with an expire set using an LRU algorithm +# allkeys-lru -> remove any key accordingly to the LRU algorithm +# volatile-random -> remove a random key with an expire set +# allkeys-random -> remove a random key, any key +# volatile-ttl -> remove the key with the nearest expire time (minor TTL) +# noeviction -> don't expire at all, just return an error on write operations +# +# Note: with any of the above policies, Redis will return an error on write +# operations, when there are not suitable keys for eviction. +# +# At the date of writing this commands are: set setnx setex append +# incr decr rpush lpush rpushx lpushx linsert lset rpoplpush sadd +# sinter sinterstore sunion sunionstore sdiff sdiffstore zadd zincrby +# zunionstore zinterstore hset hsetnx hmset hincrby incrby decrby +# getset mset msetnx exec sort +# +# The default is: +# +# maxmemory-policy volatile-lru + +# LRU and minimal TTL algorithms are not precise algorithms but approximated +# algorithms (in order to save memory), so you can select as well the sample +# size to check. For instance for default Redis will check three keys and +# pick the one that was used less recently, you can change the sample size +# using the following configuration directive. +# +# maxmemory-samples 3 + +############################## APPEND ONLY MODE ############################### + +# By default Redis asynchronously dumps the dataset on disk. This mode is +# good enough in many applications, but an issue with the Redis process or +# a power outage may result into a few minutes of writes lost (depending on +# the configured save points). +# +# The Append Only File is an alternative persistence mode that provides +# much better durability. For instance using the default data fsync policy +# (see later in the config file) Redis can lose just one second of writes in a +# dramatic event like a server power outage, or a single write if something +# wrong with the Redis process itself happens, but the operating system is +# still running correctly. +# +# AOF and RDB persistence can be enabled at the same time without problems. +# If the AOF is enabled on startup Redis will load the AOF, that is the file +# with the better durability guarantees. +# +# Please check http://redis.io/topics/persistence for more information. + +appendonly no + +# The name of the append only file (default: "appendonly.aof") + +appendfilename "appendonly.aof" + +# The fsync() call tells the Operating System to actually write data on disk +# instead to wait for more data in the output buffer. Some OS will really flush +# data on disk, some other OS will just try to do it ASAP. +# +# Redis supports three different modes: +# +# no: don't fsync, just let the OS flush the data when it wants. Faster. +# always: fsync after every write to the append only log . Slow, Safest. +# everysec: fsync only one time every second. Compromise. +# +# The default is "everysec", as that's usually the right compromise between +# speed and data safety. It's up to you to understand if you can relax this to +# "no" that will let the operating system flush the output buffer when +# it wants, for better performances (but if you can live with the idea of +# some data loss consider the default persistence mode that's snapshotting), +# or on the contrary, use "always" that's very slow but a bit safer than +# everysec. +# +# More details please check the following article: +# http://antirez.com/post/redis-persistence-demystified.html +# +# If unsure, use "everysec". + +# appendfsync always +appendfsync everysec +# appendfsync no + +# When the AOF fsync policy is set to always or everysec, and a background +# saving process (a background save or AOF log background rewriting) is +# performing a lot of I/O against the disk, in some Linux configurations +# Redis may block too long on the fsync() call. Note that there is no fix for +# this currently, as even performing fsync in a different thread will block +# our synchronous write(2) call. +# +# In order to mitigate this problem it's possible to use the following option +# that will prevent fsync() from being called in the main process while a +# BGSAVE or BGREWRITEAOF is in progress. +# +# This means that while another child is saving, the durability of Redis is +# the same as "appendfsync none". In practical terms, this means that it is +# possible to lose up to 30 seconds of log in the worst scenario (with the +# default Linux settings). +# +# If you have latency problems turn this to "yes". Otherwise leave it as +# "no" that is the safest pick from the point of view of durability. + +no-appendfsync-on-rewrite no + +# Automatic rewrite of the append only file. +# Redis is able to automatically rewrite the log file implicitly calling +# BGREWRITEAOF when the AOF log size grows by the specified percentage. +# +# This is how it works: Redis remembers the size of the AOF file after the +# latest rewrite (if no rewrite has happened since the restart, the size of +# the AOF at startup is used). +# +# This base size is compared to the current size. If the current size is +# bigger than the specified percentage, the rewrite is triggered. Also +# you need to specify a minimal size for the AOF file to be rewritten, this +# is useful to avoid rewriting the AOF file even if the percentage increase +# is reached but it is still pretty small. +# +# Specify a percentage of zero in order to disable the automatic AOF +# rewrite feature. + +auto-aof-rewrite-percentage 100 +auto-aof-rewrite-min-size 64mb + +################################ LUA SCRIPTING ############################### + +# Max execution time of a Lua script in milliseconds. +# +# If the maximum execution time is reached Redis will log that a script is +# still in execution after the maximum allowed time and will start to +# reply to queries with an error. +# +# When a long running script exceed the maximum execution time only the +# SCRIPT KILL and SHUTDOWN NOSAVE commands are available. The first can be +# used to stop a script that did not yet called write commands. The second +# is the only way to shut down the server in the case a write commands was +# already issue by the script but the user don't want to wait for the natural +# termination of the script. +# +# Set it to 0 or a negative value for unlimited execution without warnings. +lua-time-limit 5000 + +################################## SLOW LOG ################################### + +# The Redis Slow Log is a system to log queries that exceeded a specified +# execution time. The execution time does not include the I/O operations +# like talking with the client, sending the reply and so forth, +# but just the time needed to actually execute the command (this is the only +# stage of command execution where the thread is blocked and can not serve +# other requests in the meantime). +# +# You can configure the slow log with two parameters: one tells Redis +# what is the execution time, in microseconds, to exceed in order for the +# command to get logged, and the other parameter is the length of the +# slow log. When a new command is logged the oldest one is removed from the +# queue of logged commands. + +# The following time is expressed in microseconds, so 1000000 is equivalent +# to one second. Note that a negative number disables the slow log, while +# a value of zero forces the logging of every command. +slowlog-log-slower-than 10000 + +# There is no limit to this length. Just be aware that it will consume memory. +# You can reclaim memory used by the slow log with SLOWLOG RESET. +slowlog-max-len 128 + +################################ LATENCY MONITOR ############################## + +# The Redis latency monitoring subsystem samples different operations +# at runtime in order to collect data related to possible sources of +# latency of a Redis instance. +# +# Via the LATENCY command this information is available to the user that can +# print graphs and obtain reports. +# +# The system only logs operations that were performed in a time equal or +# greater than the amount of milliseconds specified via the +# latency-monitor-threshold configuration directive. When its value is set +# to zero, the latency monitor is turned off. +# +# By default latency monitoring is disabled since it is mostly not needed +# if you don't have latency issues, and collecting data has a performance +# impact, that while very small, can be measured under big load. Latency +# monitoring can easily be enalbed at runtime using the command +# "CONFIG SET latency-monitor-threshold " if needed. +latency-monitor-threshold 0 + +############################# Event notification ############################## + +# Redis can notify Pub/Sub clients about events happening in the key space. +# This feature is documented at http://redis.io/topics/notifications +# +# For instance if keyspace events notification is enabled, and a client +# performs a DEL operation on key "foo" stored in the Database 0, two +# messages will be published via Pub/Sub: +# +# PUBLISH __keyspace@0__:foo del +# PUBLISH __keyevent@0__:del foo +# +# It is possible to select the events that Redis will notify among a set +# of classes. Every class is identified by a single character: +# +# K Keyspace events, published with __keyspace@__ prefix. +# E Keyevent events, published with __keyevent@__ prefix. +# g Generic commands (non-type specific) like DEL, EXPIRE, RENAME, ... +# $ String commands +# l List commands +# s Set commands +# h Hash commands +# z Sorted set commands +# x Expired events (events generated every time a key expires) +# e Evicted events (events generated when a key is evicted for maxmemory) +# A Alias for g$lshzxe, so that the "AKE" string means all the events. +# +# The "notify-keyspace-events" takes as argument a string that is composed +# by zero or multiple characters. The empty string means that notifications +# are disabled at all. +# +# Example: to enable list and generic events, from the point of view of the +# event name, use: +# +# notify-keyspace-events Elg +# +# Example 2: to get the stream of the expired keys subscribing to channel +# name __keyevent@0__:expired use: +# +# notify-keyspace-events Ex +# +# By default all notifications are disabled because most users don't need +# this feature and the feature has some overhead. Note that if you don't +# specify at least one of K or E, no events will be delivered. +notify-keyspace-events "" + +############################### ADVANCED CONFIG ############################### + +# Hashes are encoded using a memory efficient data structure when they have a +# small number of entries, and the biggest entry does not exceed a given +# threshold. These thresholds can be configured using the following directives. +hash-max-ziplist-entries 512 +hash-max-ziplist-value 64 + +# Similarly to hashes, small lists are also encoded in a special way in order +# to save a lot of space. The special representation is only used when +# you are under the following limits: +list-max-ziplist-entries 512 +list-max-ziplist-value 64 + +# Sets have a special encoding in just one case: when a set is composed +# of just strings that happens to be integers in radix 10 in the range +# of 64 bit signed integers. +# The following configuration setting sets the limit in the size of the +# set in order to use this special memory saving encoding. +set-max-intset-entries 512 + +# Similarly to hashes and lists, sorted sets are also specially encoded in +# order to save a lot of space. This encoding is only used when the length and +# elements of a sorted set are below the following limits: +zset-max-ziplist-entries 128 +zset-max-ziplist-value 64 + +# HyperLogLog sparse representation bytes limit. The limit includes the +# 16 bytes header. When an HyperLogLog using the sparse representation crosses +# this limit, it is converted into the dense representation. +# +# A value greater than 16000 is totally useless, since at that point the +# dense representation is more memory efficient. +# +# The suggested value is ~ 3000 in order to have the benefits of +# the space efficient encoding without slowing down too much PFADD, +# which is O(N) with the sparse encoding. The value can be raised to +# ~ 10000 when CPU is not a concern, but space is, and the data set is +# composed of many HyperLogLogs with cardinality in the 0 - 15000 range. +hll-sparse-max-bytes 3000 + +# Active rehashing uses 1 millisecond every 100 milliseconds of CPU time in +# order to help rehashing the main Redis hash table (the one mapping top-level +# keys to values). The hash table implementation Redis uses (see dict.c) +# performs a lazy rehashing: the more operation you run into a hash table +# that is rehashing, the more rehashing "steps" are performed, so if the +# server is idle the rehashing is never complete and some more memory is used +# by the hash table. +# +# The default is to use this millisecond 10 times every second in order to +# active rehashing the main dictionaries, freeing memory when possible. +# +# If unsure: +# use "activerehashing no" if you have hard latency requirements and it is +# not a good thing in your environment that Redis can reply form time to time +# to queries with 2 milliseconds delay. +# +# use "activerehashing yes" if you don't have such hard requirements but +# want to free memory asap when possible. +activerehashing yes + +# The client output buffer limits can be used to force disconnection of clients +# that are not reading data from the server fast enough for some reason (a +# common reason is that a Pub/Sub client can't consume messages as fast as the +# publisher can produce them). +# +# The limit can be set differently for the three different classes of clients: +# +# normal -> normal clients including MONITOR clients +# slave -> slave clients +# pubsub -> clients subscribed to at least one pubsub channel or pattern +# +# The syntax of every client-output-buffer-limit directive is the following: +# +# client-output-buffer-limit +# +# A client is immediately disconnected once the hard limit is reached, or if +# the soft limit is reached and remains reached for the specified number of +# seconds (continuously). +# So for instance if the hard limit is 32 megabytes and the soft limit is +# 16 megabytes / 10 seconds, the client will get disconnected immediately +# if the size of the output buffers reach 32 megabytes, but will also get +# disconnected if the client reaches 16 megabytes and continuously overcomes +# the limit for 10 seconds. +# +# By default normal clients are not limited because they don't receive data +# without asking (in a push way), but just after a request, so only +# asynchronous clients may create a scenario where data is requested faster +# than it can read. +# +# Instead there is a default limit for pubsub and slave clients, since +# subscribers and slaves receive data in a push fashion. +# +# Both the hard or the soft limit can be disabled by setting them to zero. +client-output-buffer-limit normal 0 0 0 +client-output-buffer-limit slave 256mb 64mb 60 +client-output-buffer-limit pubsub 32mb 8mb 60 + +# Redis calls an internal function to perform many background tasks, like +# closing connections of clients in timeout, purging expired keys that are +# never requested, and so forth. +# +# Not all tasks are performed with the same frequency, but Redis checks for +# tasks to perform accordingly to the specified "hz" value. +# +# By default "hz" is set to 10. Raising the value will use more CPU when +# Redis is idle, but at the same time will make Redis more responsive when +# there are many keys expiring at the same time, and timeouts may be +# handled with more precision. +# +# The range is between 1 and 500, however a value over 100 is usually not +# a good idea. Most users should use the default of 10 and raise this up to +# 100 only in environments where very low latency is required. +hz 10 + +# When a child rewrites the AOF file, if the following option is enabled +# the file will be fsync-ed every 32 MB of data generated. This is useful +# in order to commit the file to the disk more incrementally and avoid +# big latency spikes. +aof-rewrite-incremental-fsync yes + diff --git a/examples/redis/supervisor.conf b/examples/redis/supervisor.conf new file mode 100644 index 0000000..cb67a21 --- /dev/null +++ b/examples/redis/supervisor.conf @@ -0,0 +1,11 @@ +[program:redis] +command=redis-server /srv/conf/redis.conf +process_name=redis +autostart=true +autorestart=true +stdout_logfile=/srv/log/redis.log +stdout_logfile_maxbytes=2MB +stdout_logfile_backups=5 +stdout_capture_maxbytes=2MB +stdout_events_enabled=false +redirect_stderr=true diff --git a/rosti.sh b/rosti.sh new file mode 100755 index 0000000..88095e7 --- /dev/null +++ b/rosti.sh @@ -0,0 +1,205 @@ +#!/bin/bash + +WIDTH=180 +HEIGHT=25 + +TECHDIR=/opt/techs +PRIMARYDIR=/srv/bin/primary_tech + +# These environment variables can be set for testing: +# TESTMODE - 1 if test mode is enabled, it skips whiptail +# MENUITEM - selected menu item +# TECH - selected tech +# SERVICE - selected service + + +# We will use EDITOR environment variables if possible +if [ "$EDITOR" = "" ]; then + export EDITOR=nano +fi + +while /bin/true; do + if [ ! "$TESTMODE" = "1" ]; then + menuitem=$(whiptail --menu "Choose what to do" $HEIGHT $WIDTH 6 \ + "tech" " Activaton of primary tech" \ + "services" " Enable additional services (Redis, Memcached, ..)" \ + "cron" " Update crontab" \ + "exit" " Exit" \ + 3>&1 1>&2 2>&3) + else + menuitem=$MENUITEM + fi + + case $menuitem in + # Activation of one of the available tech + # Only one tech can be enabled same time but it's possible to use any of them from /opt/techs + "tech") + if [ ! "$TESTMODE" = "1" ]; then + tech=$(whiptail --menu "Select tech" $HEIGHT $WIDTH 6 \ + "python-3.8.1" " Python 3.8.1" \ + "node-13.7.0" " Node 13.7.0" \ + "node-12.14.1" " Node 12.14.1" \ + "php-7.4.2" " PHP 7.4.2" \ + "back" " Go back" \ + 3>&1 1>&2 2>&3) + else + tech=$TECH + fi + + if [ "$tech" = "back" -o "$tech" = "" ]; then + continue + fi + + # Activation of primary tech bin directory + test ! -e $PRIMARYDIR || unlink $PRIMARYDIR + ln -s $TECHDIR/$tech/bin $PRIMARYDIR + + # Parse name of the tech - like python or node + name=`echo $tech | cut -d"-" -f 1` + + # If /srv/app doesn't exist we will use examples files to create it + if [ ! -e /srv/app ]; then + mkdir -p /srv/conf/supervisor.d + echo "NOTE: /srv/app doesn't exists, creating from $tech example application" + mkdir -p /srv/app + cp -a /opt/examples/$name/* /srv/app/ + mv /srv/app/supervisor.conf /srv/conf/supervisor.d/$name.conf + else + echo "IMPORTANT: /srv/app found so no configuration or files are copied, make sure the application is ok after its process is restarted" + fi + + # Pythoon specific stuff + if [ "$name" = "python" ]; then + if [ -e /srv/venv ]; then + echo "IMPORTANT: /srv/venv exists, if you have changed python version, make sure to create or update the virtualenv:" + echo + echo " rm -rf /srv/venv" + echo " python3 -m venv /srv/venv)" + echo + echo "Don't forget to backup the old venv if necessary." + else + echo ".. creating new venv in /srv/venv" + test -e /srv/venv || $PRIMARYDIR/python3 -m venv /srv/venv + /srv/venv/bin/pip install gunicorn + /srv/venv/bin/pip install bottle + fi + fi + + # PHP specific stuff + if [ "$name" = "php" ]; then + mkdir -p /srv/conf/php-fpm/pool.d/ + + # Copy config if needed + test -e /srv/conf/php-fpm/php-fpm.conf || mv /srv/app/php-fpm.conf /srv/conf/php-fpm/php-fpm.conf + test -e /srv/conf/php-fpm/pool.d/app.conf || mv /srv/app/pool_app.conf /srv/conf/php-fpm/pool.d/app.conf + test -e /srv/conf/php-fpm/php.ini || mv /srv/app/php.ini /srv/conf/php-fpm/php.ini + + ln -s /srv/conf/php-fpm/php.ini /opt/techs/$tech/etc/conf.d/app.ini + + # And remove unneeded ones + # TODO: not sure how good idea this is + rm -f /srv/app/php-fpm.conf /srv/app/pool_app.conf /srv/app/php.ini /srv/app/nginx.conf + fi + + # Node specific stuff + if [ "$name" = "node" ]; then + /opt/techs/$tech/bin/npm config set prefix "/srv/.npm-packages" + /opt/techs/$tech/bin/npm install -g yarn@berry + fi + + # Remove default config in Nginx + test -e /srv/conf/nginx.d/default.conf && rm -f /srv/conf/nginx.d/default.conf + + # Same thing we do for nginx but if the file exist it's not rewritten. + if [ ! -e /srv/conf/nginx.d/app.conf ]; then + mkdir -p /srv/conf/nginx.d + if [ "$name" = "php" ]; then + cp /opt/examples/php/nginx.conf /srv/conf/nginx.d/app.conf + else + cp /opt/examples/nginx/nginx.conf /srv/conf/nginx.d/app.conf + fi + echo ".. app configuration for nginx not found, adding it - please check /srv/conf/nginx.d/app.conf and make sure it fits your code" + + fi + + # We load new configuration into supervisor and it's automatically started or restarted if needed + supervisorctl reread + supervisorctl update + nginx -s reload + + echo "NOTE: this tool doesn't restart existing processes, if it's needed, please, do it manually" + + echo + if [ ! "$TESTMODE" = "1" ]; then + read -p "Check the output and hit enter to continue" + else + exit 0 + fi + ;; + # Services like small tools, databases or so to support the running app + "services") + if [ ! "$TESTMODE" = "1" ]; then + service=$(whiptail --menu "Select service to be enabled" $HEIGHT $WIDTH 6 \ + "memcached" " Memcached" \ + "redis" " Redis" \ + "back" " Go back" \ + 3>&1 1>&2 2>&3) + else + service=$SERVICE + fi + + case $service in + "redis") + echo ".. adding redis into supervisor and copying config file into /srv/conf/redis.conf" + mkdir -p /srv/var/redis + cp /opt/examples/redis/supervisor.conf /srv/conf/supervisor.d/redis.conf + cp /opt/examples/redis/redis.conf /srv/conf/redis.conf + supervisorctl reread + supervisorctl update + echo "NOTE: please, check configuration file /srv/conf/redis.conf and update it if needed" + echo "NOTE: Redis server is available at localhost:6379" + + echo + if [ ! "$TESTMODE" = "1" ]; then + read -p "Check the output and hit enter to continue" + else + exit 0 + fi + ;; + "memcached") + echo ".. adding memcached into supervisor" + cp /opt/examples/memcached/supervisor.conf /srv/conf/supervisor.d/memcached.conf + supervisorctl reread + supervisorctl update + echo "NOTE: Memcached server is available at localhost:11211" + + echo + if [ ! "$TESTMODE" = "1" ]; then + read -p "Check the output and hit enter to continue" + else + exit 0 + fi + ;; + "*") + continue + ;; + esac + ;; + # Simpler crontab editor + "cron") + $EDITOR /srv/conf/crontab && \ + crontab /srv/conf/crontab + + echo + if [ ! "$TESTMODE" = "1" ]; then + read -p "Check the output and hit enter to continue" + else + exit 0 + fi + ;; + "exit") + echo "Bye bye!" + exit 0 + ;; + esac +done diff --git a/scripts/enable_memcached.sh b/scripts/enable_memcached.sh new file mode 100644 index 0000000..535cae5 --- /dev/null +++ b/scripts/enable_memcached.sh @@ -0,0 +1,17 @@ +#!/bin/sh + +cat << EOF > /srv/conf/supervisor.d/memcached.conf +[program:memcached] +command=/usr/bin/memcached -m 64 +autostart=true +autorestart=true +stdout_logfile=/srv/log/memcached.log +stdout_logfile_maxbytes=2MB +stdout_logfile_backups=5 +stdout_capture_maxbytes=2MB +stdout_events_enabled=false +redirect_stderr=true +EOF + +supervisorctl reread +supervisorctl update diff --git a/scripts/enable_redis.sh b/scripts/enable_redis.sh new file mode 100644 index 0000000..cd72908 --- /dev/null +++ b/scripts/enable_redis.sh @@ -0,0 +1,21 @@ +#!/bin/sh + +mkdir -p /srv/var/redis +mkdir -p /srv/run +cp /opt/conf/redis.conf /srv/conf/ + +cat << EOF > /srv/conf/supervisor.d/redis.conf +[program:redis] +command=redis-server /srv/conf/redis.conf +autostart=true +autorestart=true +stdout_logfile=/srv/log/redis.log +stdout_logfile_maxbytes=2MB +stdout_logfile_backups=5 +stdout_capture_maxbytes=2MB +stdout_events_enabled=false +redirect_stderr=true +EOF + +supervisorctl reread +supervisorctl update diff --git a/start.sh b/start.sh new file mode 100755 index 0000000..664bacb --- /dev/null +++ b/start.sh @@ -0,0 +1,140 @@ +#!/bin/sh + +################################## +# Basic structure and purpose file +################################## + +for d in /srv/log /srv/conf /srv/run /srv/conf/supervisor.d /srv/var; do + test ! -e $d && mkdir -p $d +done + +# Bin directory where active tech is located along other tools +mkdir -p /srv/bin +# Directory where Nginx stored request bodies +mkdir -p /srv/var/nginx/ +# Run directory where PID files, socket files a other runtime stuff is located +mkdir -p /srv/run +# Configuration store for Nginx +mkdir -p /srv/conf/nginx.d + +################### +# Clear tmp files +################### + +rm -f /srv/run/*.sock +rm -f /srv/run/*.pid + +################ +# Common things +################ + +# SSH password from file and from system env +if [ -e /srv/.rosti ]; then + echo "app:`cat /srv/.rosti`" | chpasswd + # file with ssh password has different owner + test chown root:root /srv/.rosti + chmod 600 /srv/.rosti +fi +if [ -n "$SSHPASS" ]; then + echo "app:$SSHPASS" | chpasswd +fi + +# Dropbear settings and certificates +if [ ! -e /srv/conf/dropbear ]; then + mkdir -p /srv/conf/dropbear + + chmod 700 /srv/conf/dropbear + chown root:root /srv/conf/dropbear +fi +#rm /etc/dropbear/dropbear_rsa_host_key /etc/dropbear/dropbear_dss_host_key +test -e /srv/conf/dropbear/dropbear_rsa_host_key || dropbearkey -t rsa -f /srv/conf/dropbear/dropbear_rsa_host_key +test -e /srv/conf/dropbear/dropbear_dss_host_key || dropbearkey -t dss -f /srv/conf/dropbear/dropbear_dss_host_key +chmod 700 /srv/conf/dropbear +chmod 600 /srv/conf/dropbear/* +chown -R root:root /srv/conf/dropbear +cp /srv/conf/dropbear/* /etc/dropbear/ + +# vimrc +if [ ! -e /srv/.vimrc ]; then + cp /opt/etc/vimrc /srv/.vimrc +fi + +# Crontab +test ! -e /srv/conf/crontab && touch /srv/conf/crontab +if [ -e /srv/conf/crontab ]; then + crontab -u app /srv/conf/crontab +fi +chown app:app /srv/conf/crontab + +# Start secondary daemons +echo "Starting cron .." +/usr/sbin/cron +echo "Starting dropbear .." +dropbear -w -d /srv/conf/dropbear/dropbear_dss_host_key -r /srv/conf/dropbear/dropbear_rsa_host_key + +# BASHRC +if [ ! -e /srv/.bashrc ]; then + cp /opt/etc/bashrc_local /srv/.bashrc + chown app:app /srv/.bashrc +fi +if [ ! -e /srv/.bash_profile ]; then + cp /opt/etc/bash_profile /srv/.bash_profile +fi + +cd /srv + +################# +# Initialization +################# + +# Install custom packages +if [ -e /srv/.extra_packages ]; then + apt-get update -y + apt-get install -y `cat /srv/.extra_packages | sed "s/;//g" | sed "s/\n/ /g"` +fi + +# Init scripts runned under root +if [ -e /opt/etc/script.d/* ]; then + for f in `ls /opt/script.d`; do + /bin/sh /opt/etc/script.d/$f + done +fi + +# Init scripts runned under app user +if [ -e /opt/etc/appinit/* ]; then + for f in `ls /opt/etc/appinit/*`; do + su app -c "/bin/sh $f" + done +fi + +# Permissions for app on /srv +if [ ! -e /srv/.chowned ]; then + chown app:app /srv -R + touch /srv/.chowned + chown root:root /srv/.chowned + chmod 644 /srv/.chowned +fi + +# User's init script +if [ -e /srv/app/init.sh ]; then + echo "Starting /srv/app/init.sh .." + chmod 755 /srv/app/init.sh + su app -c /srv/app/init.sh +fi + +#################### +# Default Nginx page +#################### + +if [ `ls /srv/conf/nginx.d | wc -l` -eq 0 ]; then + echo ".. no nginx configuration found, adding default page" + su app -c "mkdir -p /srv/conf/nginx.d" + su app -c "cp /opt/examples/nginx/default.conf /srv/conf/nginx.d/default.conf" +fi + +if [ ! -e /srv/conf/supervisor.d/nginx.conf ]; then + echo ".. nginx configuration not found in supervisor, adding it now" + su app -c "cp /opt/examples/nginx/supervisor.conf /srv/conf/supervisor.d/nginx.conf" +fi + +su app -c "supervisord -n -c /etc/supervisor/supervisord.conf" diff --git a/tests.sh b/tests.sh new file mode 100755 index 0000000..adc236b --- /dev/null +++ b/tests.sh @@ -0,0 +1,113 @@ +#!/bin/bash + +if [ -z "$DOCKER" ]; then + DOCKER=docker +fi + +CONTAINER_NAME=runtime-test +I=1 +COUNT=5 +PROBLEM=0 + +function run() { + $DOCKER run -d --rm --name $CONTAINER_NAME rosti/runtime:dev > /dev/null + sleep 5 +} +function stop() { + $DOCKER stop $CONTAINER_NAME > /dev/null + sleep 5 +} + +# Default page +run +$DOCKER exec -ti $CONTAINER_NAME curl http://localhost:8000 | grep "Roští.cz" > /dev/null +if [ $? -eq 0 ]; then + echo "$I/$COUNT default response correct" +else + echo "$I/$COUNT default response incorrect" + PROBLEM=1 +fi + +I=$((I+1)) +stop +############### + + +# Node.js 12.14.1 +run + +$DOCKER exec -ti -e TESTMODE=1 -e MENUITEM=tech -e TECH=node-12.14.1 $CONTAINER_NAME su app -c rosti > /dev/null +sleep 3 +$DOCKER exec -ti $CONTAINER_NAME curl http://localhost:8000 | grep package.json > /dev/null +if [ $? -eq 0 ]; then + echo "$I/$COUNT Node.js 12.14.1 response correct" +else + echo "$I/$COUNT Node.js 12.14.1 response incorrect" + PROBLEM=1 +fi + +I=$((I+1)) +stop +############### + +# Node.js 13.7.0 +run + +$DOCKER exec -ti -e TESTMODE=1 -e MENUITEM=tech -e TECH=node-13.7.0 $CONTAINER_NAME su app -c rosti > /dev/null +sleep 3 +$DOCKER exec -ti $CONTAINER_NAME curl http://localhost:8000 | grep package.json > /dev/null +if [ $? -eq 0 ]; then + echo "$I/$COUNT Node.js 13.7.0 response correct" +else + echo "$I/$COUNT Node.js 13.7.0 response incorrect" + PROBLEM=1 +fi + +I=$((I+1)) +stop +############### + + +# Python 3.8.2 +run + +$DOCKER exec -ti -e TESTMODE=1 -e MENUITEM=tech -e TECH=python-3.8.1 $CONTAINER_NAME su app -c rosti > /dev/null +sleep 5 +$DOCKER exec -ti $CONTAINER_NAME curl http://localhost:8000 | grep "app.py" > /dev/null +if [ $? -eq 0 ]; then + echo "$I/$COUNT Python 3.8.1 response correct" +else + echo "$I/$COUNT Python 3.8.1 response incorrect" + PROBLEM=1 +fi + +I=$((I+1)) +stop +############### + +# PHP 7.4.2 +run + +$DOCKER exec -ti -e TESTMODE=1 -e MENUITEM=tech -e TECH=php-7.4.2 $CONTAINER_NAME su app -c rosti > /dev/null +sleep 5 +$DOCKER exec -ti $CONTAINER_NAME curl http://localhost:8000 | grep "PHP aplikaci" > /dev/null +if [ $? -eq 0 ]; then + echo "$I/$COUNT PHP 7.4.2 response correct" +else + echo "$I/$COUNT PHP 7.4.2 response incorrect" + PROBLEM=1 +fi + +I=$((I+1)) +stop +############### + +if [ "$PROBLEM" = "0" ]; then + echo + echo "All OK" + exit 0 +else + echo + echo "Problem found" + exit 1 +fi