diff --git a/README.md b/README.md index 5b96d1fde31eccb2b0658ccc821e3e6a794035a0..0dedd5383411308bb8108e18e97b6f7a5d71a971 100644 --- a/README.md +++ b/README.md @@ -2,3 +2,10 @@ WIP libre app for prestashop + +Currently tested with PS 1.5-fpm + +as usual : + +- change some values in scripts/INSTALL file if needed +- check the generated .env file after install for admin password diff --git a/docker-compose.yml b/docker-compose.yml new file mode 100644 index 0000000000000000000000000000000000000000..7619f31854d10ddf855a16c00770df45090e894c --- /dev/null +++ b/docker-compose.yml @@ -0,0 +1,51 @@ +version: '2.4' +networks: + lb_web: + external: true + back: + driver: bridge + ipam: + driver: default + config: + - subnet: 10.0.${SUBNET}.0/24 +services: + web: + image: nginx + volumes: + - ./nginx.conf:/etc/nginx/conf.d/default.conf + links: + - app + volumes_from: + - app + environment: + - VIRTUAL_HOST + networks: + - back + - lb_web + app: + image: prestashop/prestashop:${PRESTASHOP_VERSION} + links: + - db + depends_on: + - "db" + volumes: + - ./data/html:/var/www/html/ + environment: + - DB_SERVER=db + - PS_INSTALL_AUTO=1 + - PS_DOMAIN=$VIRTUAL_HOST + - PS_LANGUAGE=fr + - PS_COUNTRY=fr + - PS_ERASE_DB=0 + - PS_FOLDER_ADMIN=admin001 + - ADMIN_PASSWD + networks: + - back + db: + image: mysql:5.5 + volumes: + - ./mysql/runtime:/var/lib/mysql + environment: + - MYSQL_ROOT_PASSWORD + networks: + - back diff --git a/nginx.conf b/nginx.conf new file mode 100644 index 0000000000000000000000000000000000000000..7479a788e5355129dfbd3afe843e9082ff65930a --- /dev/null +++ b/nginx.conf @@ -0,0 +1,158 @@ +server { + listen 80; ## listen for ipv4; this line is default and implied + listen [::]:80 default ipv6only=on; ## listen for ipv6 + + root /var/www/html/; + index index.php index.html index.htm; + + # Make site accessible from http://localhost/ + server_name _; + + # Add stdout logging + error_log /dev/stdout info; + access_log /dev/stdout; + + # Redirect 404 errors to prestashop + error_page 404 /index.php?controller=404; + + + + + #Mime Type + + + #location ~ \.js { + # add_header Content-Type application/javascript; + #} + + +# include mime.types; + +# default_type application/javascript; + + # Gzip Settings, convert all types. + gzip on; + gzip_vary on; + gzip_proxied any; + + # Can be enhance to 5, but it can slow you server + # gzip_comp_level 5; + # gzip_min_length 256; + + gzip_types + application/atom+xml + application/javascript + application/json + application/ld+json + application/manifest+json + application/rss+xml + application/vnd.geo+json + application/vnd.ms-fontobject + application/x-font-ttf + application/x-web-app-manifest+json + application/xhtml+xml + application/xml + font/opentype + image/bmp + image/svg+xml + image/x-icon + text/cache-manifest + text/css + text/plain + text/vcard + text/vnd.rim.location.xloc + text/vtt + text/x-component + text/x-cross-domain-policy; + + gzip_disable "MSIE [1-6]\.(?!.*SV1)"; + + # Symfony controllers + location /admin001/ { # [REQUIRED EDIT] the name of your admin directory + if (!-e $request_filename) { + rewrite ^/.*$ /admin001/index.php last; # [REQUIRED EDIT] the name of your admin directory + } + } + + # Cloudflare / Max CDN fix + location ~* \.(eot|otf|ttf|woff|woff2)$ { + add_header Access-Control-Allow-Origin *; + } + + # Do not save logs for these + location = /favicon.ico { + log_not_found off; + access_log off; + } + location = /robots.txt { + auth_basic off; + allow all; + log_not_found off; + access_log off; + } + + location / { + # Redirect pretty urls to index.php + try_files $uri $uri/ /index.php?$args; + + # Images + rewrite ^/([0-9])(-[_a-zA-Z0-9-]*)?(-[0-9]+)?/.+.jpg$ /img/p/$1/$1$2$3.jpg last; + rewrite ^/([0-9])([0-9])(-[_a-zA-Z0-9-]*)?(-[0-9]+)?/.+.jpg$ /img/p/$1/$2/$1$2$3$4.jpg last; + rewrite ^/([0-9])([0-9])([0-9])(-[_a-zA-Z0-9-]*)?(-[0-9]+)?/.+.jpg$ /img/p/$1/$2/$3/$1$2$3$4$5.jpg last; + rewrite ^/([0-9])([0-9])([0-9])([0-9])(-[_a-zA-Z0-9-]*)?(-[0-9]+)?/.+.jpg$ /img/p/$1/$2/$3/$4/$1$2$3$4$5$6.jpg last; + rewrite ^/([0-9])([0-9])([0-9])([0-9])([0-9])(-[_a-zA-Z0-9-]*)?(-[0-9]+)?/.+.jpg$ /img/p/$1/$2/$3/$4/$5/$1$2$3$4$5$6$7.jpg last; + rewrite ^/([0-9])([0-9])([0-9])([0-9])([0-9])([0-9])(-[_a-zA-Z0-9-]*)?(-[0-9]+)?/.+.jpg$ /img/p/$1/$2/$3/$4/$5/$6/$1$2$3$4$5$6$7$8.jpg last; + rewrite ^/([0-9])([0-9])([0-9])([0-9])([0-9])([0-9])([0-9])(-[_a-zA-Z0-9-]*)?(-[0-9]+)?/.+.jpg$ /img/p/$1/$2/$3/$4/$5/$6/$7/$1$2$3$4$5$6$7$8$9.jpg last; + rewrite ^/([0-9])([0-9])([0-9])([0-9])([0-9])([0-9])([0-9])([0-9])(-[_a-zA-Z0-9-]*)?(-[0-9]+)?/.+.jpg$ /img/p/$1/$2/$3/$4/$5/$6/$7/$8/$1$2$3$4$5$6$7$8$9$10.jpg last; + rewrite ^/c/([0-9]+)(-[.*_a-zA-Z0-9-]*)(-[0-9]+)?/.+.jpg$ /img/c/$1$2$3.jpg last; + rewrite ^/c/([a-zA-Z_-]+)(-[0-9]+)?/.+.jpg$ /img/c/$1$2.jpg last; + + # AlphaImageLoader for IE and fancybox + rewrite ^images_ie/?([^/]+)\.(jpe?g|png|gif)$ js/jquery/plugins/fancybox/images/$1.$2 last; + + # Web service API + rewrite ^/api/?(.*)$ /webservice/dispatcher.php?url=$1 last; + + # Installation sandbox + rewrite ^(/install(?:-dev)?/sandbox)/(.*) /$1/test.php last; + } + + # File security + # .htaccess .DS_Store .htpasswd etc + location ~ /\. { + deny all; + } + # Source code directories + location ~ ^/(app|bin|cache|classes|config|controllers|docs|localization|override|src|tests|tools|translations|travis-scripts|vendor)/ { + deny all; + } + # Prevent exposing other sensitive files + location ~ \.(yml|log|tpl|twig|sass)$ { + deny all; + } + + # Prevent injection of php files + location /upload { + location ~ \.php$ { + deny all; + } + } + location /img { + location ~ \.php$ { + deny all; + } + } + + location ~ \.php$ { + # Verify that the file exists, redirect to index if not + try_files $fastcgi_script_name /index.php$uri&$args; + fastcgi_index index.php; + include fastcgi_params; + + fastcgi_split_path_info ^(.+\.php)(/.+)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_param SCRIPT_NAME $fastcgi_script_name; + + fastcgi_pass app:9000; + } +} diff --git a/scripts/install b/scripts/install new file mode 100755 index 0000000000000000000000000000000000000000..e1e27373724d31e8174ffc3c4887cff6877108c0 --- /dev/null +++ b/scripts/install @@ -0,0 +1,43 @@ +#!/bin/bash -eux + +PRESTASHOP_VERSION=1.5-5.6-fpm +MYSQL_ROOT_PASSWORD=`tr -dc A-Za-z0-9_ < /dev/urandom | head -c 20 | xargs` +ADMIN_PASSWD=`tr -dc A-Za-z0-9_ < /dev/urandom | head -c 20 | xargs` + + +DB_SERVER=db +PS_INSTALL_AUTO=1 +PS_DOMAIN=$URL +PS_LANGUAGE=fr +PS_COUNTRY=fr +PS_ERASE_DB=0 +PS_FOLDER_ADMIN=admin001 + + +var=$(for folder in `ls /data/domains`; do cat /data/domains/$folder/.env | grep SUBNET | cut -d"=" -f2; done | sort | tail -n1) +SUBNET=$(($var +1)) + + +echo "SUBNET=${SUBNET}" >> .env + +echo "URL=${URL}" >> .env +echo "VIRTUAL_HOST=${URL}" >> .env + +#echo "MAIL_DOMAIN=${MAIL_DOMAIN}" >> .env +#echo "SMTP_HOST=${MAIL_HOST}" >> .env +#echo "SMTP_PORT=${MAIL_PORT}" >> .env +#echo "SMTP_PASSWORD=${MAIL_PASS}" >> .env +#echo "MAIL_FROM_ADDRESS=${MAIL_USER}" >> .env +#echo "SMTP_NAME=${MAIL_USER}" >> .env + + +#APP specific + + +echo "ADMIN_PASSWD=${ADMIN_PASSWD}" >> .env +echo "PRESTASHOP_VERSION=${PRESTASHOP_VERSION}" >> .env + + + +echo "MYSQL_ROOT_PASSWORD=${MYSQL_ROOT_PASSWORD}" >> .env +echo "MYSQL_VERSION=5.5" >> .env diff --git a/scripts/pre-backup b/scripts/pre-backup new file mode 100755 index 0000000000000000000000000000000000000000..8d9511f0584a9ffb804490744d8e552f330ef110 --- /dev/null +++ b/scripts/pre-backup @@ -0,0 +1,5 @@ +#!/bin/bash -eux +URL=${PWD##*/} +db_container_name=`echo ${URL}_db_1 | sed "s/\.//g" | sed "s/-//g"`; \ + +docker exec $db_container_name bash -c 'mysqldump --all-databases --events -uroot -p$MYSQL_ROOT_PASSWORD' > ./mysql/dump.sql