Обновлен конфиг докера

.docker/certbot/conf/live/test-app.loc/README

@@ -0,0 +1,14 @@
+This directory contains your keys and certificates.
+
+`privkey.pem`  : the private key for your certificate.
+`fullchain.pem`: the certificate file used in most server software.
+`chain.pem`    : used for OCSP stapling in Nginx >=1.3.7.
+`cert.pem`     : will break many server configurations, and should not be used
+                 without reading further documentation (see link below).
+
+WARNING: DO NOT MOVE OR RENAME THESE FILES!
+         Certbot expects these files to remain in this location in order
+         to function properly!
+
+We recommend not moving these files. For more information, see the Certbot
+User Guide at https://certbot.eff.org/docs/using.html#where-are-my-certificates.

.docker/certbot/conf/live/test-app.loc/cert.pem

@@ -0,0 +1,21 @@
+-----BEGIN CERTIFICATE-----
+MIIDfzCCAwSgAwIBAgISA5p18wwaWadzhk7dUR7LwAXjMAoGCCqGSM49BAMDMDIx
+CzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQDEwJF
+NjAeFw0yNDExMDIwNTU0MDJaFw0yNTAxMzEwNTU0MDFaMBoxGDAWBgNVBAMTD2x1
+Y2t5dHJ5Lm9ubGluZTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABLTvILfuX05D
+oVqFzAWfKKC4aeQ6moYD+J7qzmghr1oa/mtXCO4EjtUUQqhU5s1eZlickXUTdb4F
+SHVVAlxTQJSjggIQMIICDDAOBgNVHQ8BAf8EBAMCB4AwHQYDVR0lBBYwFAYIKwYB
+BQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFFKv6XdcslTY
+5zFz+NqWPZaV0s5IMB8GA1UdIwQYMBaAFJMnRpgDqVFojpjWxEJI2yO/WJTSMFUG
+CCsGAQUFBwEBBEkwRzAhBggrBgEFBQcwAYYVaHR0cDovL2U2Lm8ubGVuY3Iub3Jn
+MCIGCCsGAQUFBzAChhZodHRwOi8vZTYuaS5sZW5jci5vcmcvMBoGA1UdEQQTMBGC
+D2x1Y2t5dHJ5Lm9ubGluZTATBgNVHSAEDDAKMAgGBmeBDAECATCCAQMGCisGAQQB
+1nkCBAIEgfQEgfEA7wB2AKLjCuRF772tm3447Udnd1PXgluElNcrXhssxLlQpEfn
+AAABkuulm+4AAAQDAEcwRQIhAK9rCPO4Yo7Yg9MO9Of7dao7Kv7bFGe2kJfCLKKF
+mrE1AiAZ6WfLogP9c9LCMLnXD0ixiP91/nlAOkB1Io9YTt9SmwB1ABNK3xq1mEIJ
+eAxv70x6kaQWtyNJzlhXat+u2qfCq+AiAAABkuulnRAAAAQDAEYwRAIgCJTwAQbX
+/fcxlpOQ0N8T8fjRbilr4gSJ6cu6Tb5U9BECIHXe4ZlORx/fDnSu1e5ni9QB9em6
+UfdX32fmr9rjb98IMAoGCCqGSM49BAMDA2kAMGYCMQCAyKhA63hRtEhI78wHLg9x
+vI/MoKBer107cqwAHsjshJI/vVwPI1I3BoR1ZBMtE4wCMQDDtc7BIA2Bi7Upeo8P
+y02qVmjm57OTkb45rTzkfDMCQAbC7P0Uh8MwsOIeTvvtzmU=
+-----END CERTIFICATE-----

.docker/certbot/conf/live/test-app.loc/chain.pem

@@ -0,0 +1,26 @@
+-----BEGIN CERTIFICATE-----
+MIIEVzCCAj+gAwIBAgIRALBXPpFzlydw27SHyzpFKzgwDQYJKoZIhvcNAQELBQAw
+TzELMAkGA1UEBhMCVVMxKTAnBgNVBAoTIEludGVybmV0IFNlY3VyaXR5IFJlc2Vh
+cmNoIEdyb3VwMRUwEwYDVQQDEwxJU1JHIFJvb3QgWDEwHhcNMjQwMzEzMDAwMDAw
+WhcNMjcwMzEyMjM1OTU5WjAyMQswCQYDVQQGEwJVUzEWMBQGA1UEChMNTGV0J3Mg
+RW5jcnlwdDELMAkGA1UEAxMCRTYwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAATZ8Z5G
+h/ghcWCoJuuj+rnq2h25EqfUJtlRFLFhfHWWvyILOR/VvtEKRqotPEoJhC6+QJVV
+6RlAN2Z17TJOdwRJ+HB7wxjnzvdxEP6sdNgA1O1tHHMWMxCcOrLqbGL0vbijgfgw
+gfUwDgYDVR0PAQH/BAQDAgGGMB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcD
+ATASBgNVHRMBAf8ECDAGAQH/AgEAMB0GA1UdDgQWBBSTJ0aYA6lRaI6Y1sRCSNsj
+v1iU0jAfBgNVHSMEGDAWgBR5tFnme7bl5AFzgAiIyBpY9umbbjAyBggrBgEFBQcB
+AQQmMCQwIgYIKwYBBQUHMAKGFmh0dHA6Ly94MS5pLmxlbmNyLm9yZy8wEwYDVR0g
+BAwwCjAIBgZngQwBAgEwJwYDVR0fBCAwHjAcoBqgGIYWaHR0cDovL3gxLmMubGVu
+Y3Iub3JnLzANBgkqhkiG9w0BAQsFAAOCAgEAfYt7SiA1sgWGCIpunk46r4AExIRc
+MxkKgUhNlrrv1B21hOaXN/5miE+LOTbrcmU/M9yvC6MVY730GNFoL8IhJ8j8vrOL
+pMY22OP6baS1k9YMrtDTlwJHoGby04ThTUeBDksS9RiuHvicZqBedQdIF65pZuhp
+eDcGBcLiYasQr/EO5gxxtLyTmgsHSOVSBcFOn9lgv7LECPq9i7mfH3mpxgrRKSxH
+pOoZ0KXMcB+hHuvlklHntvcI0mMMQ0mhYj6qtMFStkF1RpCG3IPdIwpVCQqu8GV7
+s8ubknRzs+3C/Bm19RFOoiPpDkwvyNfvmQ14XkyqqKK5oZ8zhD32kFRQkxa8uZSu
+h4aTImFxknu39waBxIRXE4jKxlAmQc4QjFZoq1KmQqQg0J/1JF8RlFvJas1VcjLv
+YlvUB2t6npO6oQjB3l+PNf0DpQH7iUx3Wz5AjQCi6L25FjyE06q6BZ/QlmtYdl/8
+ZYao4SRqPEs/6cAiF+Qf5zg2UkaWtDphl1LKMuTNLotvsX99HP69V2faNyegodQ0
+LyTApr/vT01YPE46vNsDLgK+4cL6TrzC/a4WcmF5SRJ938zrv/duJHLXQIku5v0+
+EwOy59Hdm0PT/Er/84dDV0CSjdR/2XuZM3kpysSKLgD1cKiDA+IRguODCxfO9cyY
+Ig46v9mFmBvyH04=
+-----END CERTIFICATE-----

.docker/certbot/conf/live/test-app.loc/fullchain.pem

@@ -0,0 +1,47 @@
+-----BEGIN CERTIFICATE-----
+MIIDfzCCAwSgAwIBAgISA5p18wwaWadzhk7dUR7LwAXjMAoGCCqGSM49BAMDMDIx
+CzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQDEwJF
+NjAeFw0yNDExMDIwNTU0MDJaFw0yNTAxMzEwNTU0MDFaMBoxGDAWBgNVBAMTD2x1
+Y2t5dHJ5Lm9ubGluZTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABLTvILfuX05D
+oVqFzAWfKKC4aeQ6moYD+J7qzmghr1oa/mtXCO4EjtUUQqhU5s1eZlickXUTdb4F
+SHVVAlxTQJSjggIQMIICDDAOBgNVHQ8BAf8EBAMCB4AwHQYDVR0lBBYwFAYIKwYB
+BQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFFKv6XdcslTY
+5zFz+NqWPZaV0s5IMB8GA1UdIwQYMBaAFJMnRpgDqVFojpjWxEJI2yO/WJTSMFUG
+CCsGAQUFBwEBBEkwRzAhBggrBgEFBQcwAYYVaHR0cDovL2U2Lm8ubGVuY3Iub3Jn
+MCIGCCsGAQUFBzAChhZodHRwOi8vZTYuaS5sZW5jci5vcmcvMBoGA1UdEQQTMBGC
+D2x1Y2t5dHJ5Lm9ubGluZTATBgNVHSAEDDAKMAgGBmeBDAECATCCAQMGCisGAQQB
+1nkCBAIEgfQEgfEA7wB2AKLjCuRF772tm3447Udnd1PXgluElNcrXhssxLlQpEfn
+AAABkuulm+4AAAQDAEcwRQIhAK9rCPO4Yo7Yg9MO9Of7dao7Kv7bFGe2kJfCLKKF
+mrE1AiAZ6WfLogP9c9LCMLnXD0ixiP91/nlAOkB1Io9YTt9SmwB1ABNK3xq1mEIJ
+eAxv70x6kaQWtyNJzlhXat+u2qfCq+AiAAABkuulnRAAAAQDAEYwRAIgCJTwAQbX
+/fcxlpOQ0N8T8fjRbilr4gSJ6cu6Tb5U9BECIHXe4ZlORx/fDnSu1e5ni9QB9em6
+UfdX32fmr9rjb98IMAoGCCqGSM49BAMDA2kAMGYCMQCAyKhA63hRtEhI78wHLg9x
+vI/MoKBer107cqwAHsjshJI/vVwPI1I3BoR1ZBMtE4wCMQDDtc7BIA2Bi7Upeo8P
+y02qVmjm57OTkb45rTzkfDMCQAbC7P0Uh8MwsOIeTvvtzmU=
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIEVzCCAj+gAwIBAgIRALBXPpFzlydw27SHyzpFKzgwDQYJKoZIhvcNAQELBQAw
+TzELMAkGA1UEBhMCVVMxKTAnBgNVBAoTIEludGVybmV0IFNlY3VyaXR5IFJlc2Vh
+cmNoIEdyb3VwMRUwEwYDVQQDEwxJU1JHIFJvb3QgWDEwHhcNMjQwMzEzMDAwMDAw
+WhcNMjcwMzEyMjM1OTU5WjAyMQswCQYDVQQGEwJVUzEWMBQGA1UEChMNTGV0J3Mg
+RW5jcnlwdDELMAkGA1UEAxMCRTYwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAATZ8Z5G
+h/ghcWCoJuuj+rnq2h25EqfUJtlRFLFhfHWWvyILOR/VvtEKRqotPEoJhC6+QJVV
+6RlAN2Z17TJOdwRJ+HB7wxjnzvdxEP6sdNgA1O1tHHMWMxCcOrLqbGL0vbijgfgw
+gfUwDgYDVR0PAQH/BAQDAgGGMB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcD
+ATASBgNVHRMBAf8ECDAGAQH/AgEAMB0GA1UdDgQWBBSTJ0aYA6lRaI6Y1sRCSNsj
+v1iU0jAfBgNVHSMEGDAWgBR5tFnme7bl5AFzgAiIyBpY9umbbjAyBggrBgEFBQcB
+AQQmMCQwIgYIKwYBBQUHMAKGFmh0dHA6Ly94MS5pLmxlbmNyLm9yZy8wEwYDVR0g
+BAwwCjAIBgZngQwBAgEwJwYDVR0fBCAwHjAcoBqgGIYWaHR0cDovL3gxLmMubGVu
+Y3Iub3JnLzANBgkqhkiG9w0BAQsFAAOCAgEAfYt7SiA1sgWGCIpunk46r4AExIRc
+MxkKgUhNlrrv1B21hOaXN/5miE+LOTbrcmU/M9yvC6MVY730GNFoL8IhJ8j8vrOL
+pMY22OP6baS1k9YMrtDTlwJHoGby04ThTUeBDksS9RiuHvicZqBedQdIF65pZuhp
+eDcGBcLiYasQr/EO5gxxtLyTmgsHSOVSBcFOn9lgv7LECPq9i7mfH3mpxgrRKSxH
+pOoZ0KXMcB+hHuvlklHntvcI0mMMQ0mhYj6qtMFStkF1RpCG3IPdIwpVCQqu8GV7
+s8ubknRzs+3C/Bm19RFOoiPpDkwvyNfvmQ14XkyqqKK5oZ8zhD32kFRQkxa8uZSu
+h4aTImFxknu39waBxIRXE4jKxlAmQc4QjFZoq1KmQqQg0J/1JF8RlFvJas1VcjLv
+YlvUB2t6npO6oQjB3l+PNf0DpQH7iUx3Wz5AjQCi6L25FjyE06q6BZ/QlmtYdl/8
+ZYao4SRqPEs/6cAiF+Qf5zg2UkaWtDphl1LKMuTNLotvsX99HP69V2faNyegodQ0
+LyTApr/vT01YPE46vNsDLgK+4cL6TrzC/a4WcmF5SRJ938zrv/duJHLXQIku5v0+
+EwOy59Hdm0PT/Er/84dDV0CSjdR/2XuZM3kpysSKLgD1cKiDA+IRguODCxfO9cyY
+Ig46v9mFmBvyH04=
+-----END CERTIFICATE-----

.docker/certbot/conf/live/test-app.loc/privkey.pem

@@ -0,0 +1,5 @@
+-----BEGIN PRIVATE KEY-----
+MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgpU0TV/yKlds2wr61
+MvuoC5ZOK5AK0Dk6qAfBfDhljTChRANCAAS07yC37l9OQ6FahcwFnyiguGnkOpqG
+A/ie6s5oIa9aGv5rVwjuBI7VFEKoVObNXmZYnJF1E3W+BUh1VQJcU0CU
+-----END PRIVATE KEY-----

.docker/docker-compose.dev.yml

@@ -0,0 +1,41 @@
+# Production environment override
+services:
+  nginx:
+    build:
+      context: .docker/nginx
+      target: nginx_dev
+    hostname: ${APP_HOST}
+    environment:
+      - COMPOSE_PROJECT_NAME=${COMPOSE_PROJECT_NAME}
+      - APP_HOST=${APP_HOST}
+      - NGINX_SERVER_NAME=${NGINX_SERVER_NAME}
+    volumes:
+      - .:/app
+      - ./.docker/certbot/www:/var/www/certbot/:ro
+      - ./.docker/certbot/conf/:/etc/nginx/ssl/:ro
+    networks:
+      - web
+    extra_hosts:
+      - "host.docker.internal:host-gateway"
+    labels:
+      - traefik.enable=true
+      - traefik.http.routers.web-http-${COMPOSE_PROJECT_NAME}.rule=Host(`${APP_HOST:-test-app.loc}`)
+      - traefik.http.routers.web-https-${COMPOSE_PROJECT_NAME}.rule=Host(`${APP_HOST:-test-app.loc}`)
+      - traefik.http.routers.web-https-${COMPOSE_PROJECT_NAME}.tls=true
+
+  php-fpm:
+    build:
+      context: .docker/php-fpm
+      target: php_dev
+    volumes:
+      - .:/app
+    labels:
+      ofelia.enabled: "true"
+      ofelia.job-exec.php-cli.schedule: "@every 1m"
+      ofelia.job-exec.php-cli.user: www-data
+      ofelia.job-exec.php-cli.command: "php /app/artisan schedule:run"
+
+networks:
+  web:
+    name: traefik_default
+    external: true

.docker/docker-compose.prod.yml

@@ -0,0 +1,33 @@
+# Production environment override
+services:
+  nginx:
+    build:
+      context: .docker/nginx
+      target: nginx_prod
+    hostname: ${APP_HOST}
+    environment:
+      - COMPOSE_PROJECT_NAME=${COMPOSE_PROJECT_NAME}
+      - APP_HOST=${APP_HOST}
+      - NGINX_SERVER_NAME=${NGINX_SERVER_NAME}
+    volumes:
+      - .:/app
+      - ./.docker/certbot/www:/var/www/certbot/:ro
+      - ./.docker/certbot/conf/:/etc/nginx/ssl/:ro
+
+  certbot:
+    image: certbot/certbot:latest
+    volumes:
+      - ./.docker/certbot/www/:/var/www/certbot/:rw
+      - ./.docker/certbot/conf/:/etc/letsencrypt/:rw
+
+  php-fpm:
+    build:
+      context: .docker/php-fpm
+      target: php_prod
+    volumes:
+      - .:/app
+    labels:
+      ofelia.enabled: "true"
+      ofelia.job-exec.php-cli.schedule: "@every 1m"
+      ofelia.job-exec.php-cli.user: www-data
+      ofelia.job-exec.php-cli.command: "php /app/artisan schedule:run"

.docker/nginx/Dockerfile

@@ -1,3 +1,9 @@
-FROM nginx:mainline-alpine
+FROM nginx:mainline-alpine AS nginx_base
 
-WORKDIR /app
+RUN mkdir /etc/nginx/templates
+
+FROM nginx_base AS nginx_dev
+COPY default.conf.dev.template /etc/nginx/templates/default.conf.template
+
+FROM nginx_base AS nginx_prod
+COPY default.conf.template /etc/nginx/templates

.docker/nginx/default.conf.dev.template

@@ -0,0 +1,50 @@
+server {
+    listen [::]:80;
+    listen 80;
+    listen [::]:443 ssl;
+    listen 443 ssl;
+    http2  on;
+    server_name ${NGINX_SERVER_NAME};
+
+    root /app/public;
+    index index.php;
+    charset utf-8;
+
+    ssl_certificate /etc/nginx/ssl/live/${APP_HOST}/fullchain.pem;
+    ssl_certificate_key /etc/nginx/ssl/live/${APP_HOST}/privkey.pem;
+
+    gzip on;
+	gzip_comp_level 5;
+	gzip_disable "msie6";
+	gzip_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript application/javascript image/svg+xml application/wasm application/octet-stream;
+
+    add_header X-Frame-Options "ALLOWALL";
+    add_header X-XSS-Protection "1; mode=block";
+    add_header X-Content-Type-Options "nosniff";
+    add_header Access-Control-Allow-Origin *;
+    add_header X-Request-ID $request_id;
+
+    client_max_body_size 100m;
+
+    location /.well-known/acme-challenge/ {
+        root /var/www/certbot;
+    }
+
+    location / {
+        try_files $uri $uri/ /index.php?$query_string;
+    }
+
+    location = /favicon.ico { access_log off; log_not_found off; }
+    location = /robots.txt  { access_log off; log_not_found off; }
+
+    error_page 404 /index.php;
+
+    location ~ \.php$ {
+        fastcgi_pass ${COMPOSE_PROJECT_NAME}.php-fpm:9000;
+        fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;
+        include fastcgi_params;
+    }
+
+    error_log /var/log/nginx/error.log;
+    access_log /var/log/nginx/access.log timings;
+}