JJTC-Container-Images
/
zola
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Initial commit

This commit is contained in:
TBK 2019-07-24 14:32:17 +02:00
commit 5912fc8963
No known key found for this signature in database
GPG Key ID: 5FFB25718720C7D7
12 changed files with 308 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
.drone.yml Normal file
View File

@ -0,0 +1,18 @@
kind: pipeline
name: default
steps:
- name: docker
image: plugins/docker
settings:
tags:
- latest
- ${DRONE_TAG}
repo: jjtc/zola
username:
from_secret: docker_username
password:
from_secret: docker_password
when:
event:
- tag

7
.gitignore vendored Normal file
View File

@ -0,0 +1,7 @@
# IDEs
.idea/
.vscode/
# Dev files
.env
*.sql

36
Dockerfile Normal file
View File

@ -0,0 +1,36 @@
FROM alpine:3.10
LABEL maintainer="JJTC <docker@jjtc.eu>"
COPY docker-entrypoint.sh /docker-entrypoint.sh
RUN set -ex \
&& echo "Getting software ready:" \
&& apk add -U --no-cache zola
VOLUME [ "~/zola/public" ]
ENTRYPOINT [ "./docker-entrypoint.sh" ]
----------------------------------------------------
FROM nginx:1.17-alpine
ENV APP_HOME="/app"
# RUN mkdir -p $APP_HOME
# RUN set -ex \
# && echo "Changing ownership:" \
# && chown -R nginx:nginx $APP_HOME
COPY --chown=nginx:nginx /tmp/zola/public/* $APP_HOME
USER nginx:nginx
WORKDIR $APP_HOME
EXPOSE 80
CMD [ "nginx" ]

21
LICENSE Normal file
View File

@ -0,0 +1,21 @@
MIT License
Copyright (c) 2019 JJTC
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all
copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
SOFTWARE.

48
README.md Normal file
View File

@ -0,0 +1,48 @@
# Zola
[![Build Status](https://cloud.drone.io/api/badges/JJTC-Docker/zola/status.svg)](https://cloud.drone.io/JJTC-Docker/zola)
[![Docker Pulls](https://img.shields.io/docker/pulls/jjtc/zola.svg?style=flat)](https://hub.docker.com/r/jjtc/zola/)
[![Github Stars](https://img.shields.io/github/stars/jjtc-docker/zola.svg?style=flat)](https://github.com/jjtc-docker/zola)
[![Github Forks](https://img.shields.io/github/forks/jjtc-docker/zola.svg?style=flat?label=github%20forks)](https://github.com/jjtc-docker/zola)
## Intro
Zola setup based on Alpine, Nginx & Drone CI for use with Træfik
This design has two distinct parts.
The first part is the `jjtc/zola image` (main purpose of this repo) which is used for generating the static site (`zola build`).
The second part (see the `site-example` folder) is the files used to maintain/generate your site.
## Setup
### Requirements
- zola installed locally for first time setup
- Git repo
- Drone CI (Cloud with GH or git + own instance)
- Docker image repo
### Description
The Zola files, your content, Drone CI and Nginx files will live in a git repo dedicated to a specific site (e.g. testsite_com).
Drone CI will use the zola image (jjtc/zola:latest) to generate the static output and then build a new "website" image based on Nginx, static output and the Nginx config files (found in `site-example`).
### Steps
#### Init
To get started, do the following: run `zola init`, copy all of the files from `site-example` into the newly created site project folder, `cd` to the folder and init a new repo (`git init`).
Update .drone.yml to match your Docker Hub repo. Update Drone CI with the `docker_username` and `docker_password` info and lastly modify the Nginx files to fit your needs.
Remember to add, commit and push.
#### Update content
Push all of the content changes you desire, when the "website" image should be updated push a git tag and Drone CI will take care of the rest. I recommend using the current date for the tag.
#### Update production
Either configure the CD part of .drone.yml to make Drone CI handle the rollout of the new Docker image or access your production box (ssh...) and run
```
docker-compose pull && docker-compose up -d
```
See docker-compose.yml found in `site-example`.
## Note
Currently you have to manually init the site locally with `zola init` and go through the interactive setup process. Atm it is not worth the effort to automate the process, that might change in the future in which case the setup instructions above will be updated.

8
docker-entrypoint.sh Normal file
View File

@ -0,0 +1,8 @@
#!/bin/sh
set -ex
echo "Building site:"
zola check || exit 1
echo "Building site:"
zola build

18
site-example/.drone.yml Normal file
View File

@ -0,0 +1,18 @@
kind: pipeline
name: default
steps:
- name: docker
image: plugins/docker
settings:
tags:
- latest
- ${DRONE_TAG}
repo: jjtc/zola <------ private repo
username:
from_secret: docker_username
password:
from_secret: docker_password
when:
event:
- tag

7
site-example/.gitignore vendored Normal file
View File

@ -0,0 +1,7 @@
# IDEs
.idea/
.vscode/
# Dev files
.env
*.sql

17
site-example/Dockerfile Normal file
View File

@ -0,0 +1,17 @@
FROM nginx:1.17-alpine
ENV APP_HOME="/app"
COPY /tmp/zola/public $APP_HOME
RUN set -ex \
&& echo "Changing ownership:" \
&& chown -R nginx:nginx $APP_HOME
USER nginx:nginx
WORKDIR $APP_HOME
EXPOSE 80
CMD ["nginx", "-g", "daemon off;"]

44
site-example/app/default.conf Normal file
View File

@ -0,0 +1,44 @@
server {
listen 80;
listen [::]:80;
server_name _;
root /app/public/;
client_max_body_size 0m;
client_body_timeout 60s; # Default is 60, May need to be increased for very large uploads
client_body_buffer_size 128k;
add_header Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; img-src 'self'; connect-src 'self'; font-src 'self'; form-action 'self'; report-uri https://<YOUR_ACCOUNT>.report-uri.com/r/d/csp/enforce;" always;
add_header Expect-CT "enforce; max-age=604800; report-uri=https://<YOUR_ACCOUNT>.report-uri.com/r/d/ct/enforce";
add_header Feature-Policy "accelerometer 'none'; ambient-light-sensor 'none'; encrypted-media 'none'; camera 'none'; geolocation 'none'; gyroscope 'none'; magnetometer 'none'; microphone 'none'; midi 'none'; payment 'none'; sync-xhr 'none'; usb 'none'; vr 'none'";
add_header Strict-Transport-Security "max-age=31536000; includeSubdomains; preload" always;
add_header Referrer-Policy "strict-origin";
add_header X-Xss-Protection "1; mode=block; report=https://<YOUR_ACCOUNT>.report-uri.com/r/d/xss/enforce" always;
add_header X-Frame-Options "DENY" always;
add_header X-Content-Type-Options nosniff;
# Firefox CSP bug workaround - https://bugzilla.mozilla.org/show_bug.cgi?id=1262842
location ~ \.svg$ {
add_header Content-Security-Policy "default-src 'none'; frame-ancestors 'none'; style-src 'self' 'unsafe-inline'";
}
location ~* \.(jpg|jpeg|gif|png|ico|css|js|html|xml|txt)$ {
access_log off;
log_not_found off;
expires 360d;
}
# Block access to PHP files
location ~* \.(php|php3|php4|php5|php7|phtml|inc)$ {
deny all;
}
# Block access to stuff begining with .
location ~ /\. {
access_log off;
log_not_found off;
deny all;
}
}

55
site-example/app/nginx.conf Normal file
View File

@ -0,0 +1,55 @@
user nginx;
worker_processes auto;
pid /run/nginx.pid;
daemon off;
events {
worker_connections 1024;
}
http {
##
# Basic Settings
##
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
server_tokens off; # Do not announce nginx's version to the world!
# server_names_hash_bucket_size 64;
# server_name_in_redirect off;
include /etc/nginx/mime.types;
default_type application/octet-stream;
##
# Logging Settings
##
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
##
# Proxy Settings
##
proxy_buffering off;
##
# Gzip Settings
##
gzip on;
gzip_disable "msie6";
gzip_vary on;
gzip_proxied any;
gzip_comp_level 6;
gzip_buffers 16 8k;
gzip_http_version 1.1;
gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;
##
# Virtual Host Configs
##
include /etc/nginx/sites-enabled/*;
}

29
site-example/docker-compose.yml Normal file
View File

@ -0,0 +1,29 @@
version: '3.5'
services:
app:
image: jjtc/inventorstale-com:0.8.0-r0
restart: unless-stopped
volumes:
- ./app/nginx.conf:/etc/nginx/nginx.conf:ro
- ./app/default.conf:/etc/nginx/sites-enabled/default:ro
- data:/app/public:ro
expose:
- "80/tcp"
networks:
- web
labels:
- "traefik.frontend.headers.STSPreload=true"
- "traefik.frontend.headers.STSSeconds=31536000"
- "traefik.backend=zola"
- "traefik.docker.network=web"
- "traefik.frontend.rule=Host:${APP_URL_BASE}"
- "traefik.enable=true"
- "traefik.port=80"
- "traefik.default.protocol=http"
networks:
web:
external: true
volumes:
data: