Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Contrib proposal GitOneFlow #124

Open
wants to merge 12 commits into
base: master
Choose a base branch
from
Open
77 changes: 77 additions & 0 deletions .examples/default-reverse-nginx/04_nginx_ampache_reverse.conf
Original file line number Diff line number Diff line change
@@ -0,0 +1,77 @@
## NEED TO REPLACE ____HOST____ with the server name and ____HOST_WERE_IS_AMPACHE___ the ip where ampache is

server {
listen 80;
server_name ____HOST____;

# Redirect all HTTP requests to HTTPS
location / {
return 301 https://$host$request_uri;
}
}

server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
client_max_body_size 15G;

# Path to the root of the domain
root /usr/share/nginx/html;
index index.html index.htm;

error_log /var/log/nginx/____HOST____.log warn; #warn; #debug;


server_name ____HOST____;

ssl_certificate /etc/nginx/ssl/keys/fullchain.pem;
ssl_certificate_key /etc/nginx/ssl/keys/privkey.pem;


##### Modern
ssl_session_timeout 1d;
ssl_session_cache shared:MozSSL:10m; # about 40000 sessions
ssl_session_tickets off;
ssl_protocols TLSv1.3;
ssl_prefer_server_ciphers off;
# HSTS (ngx_http_headers_module is required) (63072000 seconds)
add_header Strict-Transport-Security "max-age=63072000" always;
# OCSP stapling
ssl_stapling on;
ssl_stapling_verify on;

# verify chain of trust of OCSP response using Root CA and Intermediate certs
ssl_trusted_certificate /etc/nginx/ssl/keys/chain.pem;

# replace with the IP address of your resolver
resolver 192.168.1.1;


# Use secure headers to avoid XSS and many other things
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block";
add_header X-Robots-Tag none;
add_header X-Download-Options noopen;
add_header X-Permitted-Cross-Domain-Policies none;
add_header X-Frame-Options "SAMEORIGIN" always;
add_header Referrer-Policy "no-referrer";
add_header Content-Security-Policy "script-src 'self' 'unsafe-inline' 'unsafe-eval'; frame-src 'self'; object-src 'self'";

# Avoid information leak
server_tokens off;
fastcgi_hide_header X-Powered-By;

# Somebody said this helps, in my setup it doesn't prevent temporary saving in files
proxy_max_temp_file_size 0;


location / {
proxy_pass http://____HOST_WERE_IS_AMPACHE___:2308;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_send_timeout 1200;
proxy_read_timeout 1200;
}
}
15 changes: 15 additions & 0 deletions .examples/default-reverse-nginx/docker-compose.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,15 @@
services:
ampache:
image: ampache/ampache:latest
container_name: ampache
restart: unless-stopped
ports:
- 2308:80
volumes:
- ./data/config:/var/www/config
- ./data/log:/var/log/ampache
- ./data/media:/media
- ./data/mysql:/var/lib/mysql
- ./supervisord.conf:/etc/supervisor/conf.d/supervisord.conf
environment:
DISABLE_INOTIFYWAIT_CLEAN: ${DISABLE_INOTIFYWAIT_CLEAN-0}
29 changes: 29 additions & 0 deletions .examples/default-reverse-nginx/supervisord.conf
Original file line number Diff line number Diff line change
@@ -0,0 +1,29 @@
[supervisord]
nodaemon=true
user=root
loglevel=debug
logfile=/var/log/supervisor/supervisord.log
pidfile=/tmp/supervisord.pid

[program:cron]
command=cron.sh
priority=40

[program:mysql]
command=mysql.sh
stopwaitsecs=120
stopasgroup=true
killasgroup=true
priority=10

[program:apache2]
command=apache2.sh
autostart=true
autorestart=unexpected
startsecs=10
startretries=6
priority=30

[program:inotifywait]
command=inotifywait.sh
priority=20
54 changes: 54 additions & 0 deletions .github/workflows/build-image-dynamic-strategy.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,54 @@
name: Dynamic Docker Multi-Platform Build

on:
push:
branches:
- master
pull_request:
branches:
- master

jobs:
generate-matrix:
name: Generate Jobs
runs-on: ubuntu-latest
outputs:
strategy: ${{ steps.generate-jobs.outputs.strategy }}
steps:
- name: Checkout repository
uses: actions/checkout@v2

- id: generate-jobs
name: Generate Jobs
run: |
strategy_content=""
versions=$(ls -d */ | grep '^[0-9]' | sed 's#/##')
for version in $versions; do
variants=$(cd $version; ls -d */ | sed 's#/##')
for variant in $variants; do
strategy_content="$strategy_content,{\"version\":\"$version\",\"variant\":\"$variant\"}"
done
done
strategy="{\"include\":[ ${strategy_content:1} ]}"
echo "strategy=$strategy" >> "$GITHUB_OUTPUT"
jq . <<<"$strategy" # sanity check / debugging aid


build:
needs: generate-matrix
runs-on: ubuntu-latest
strategy:
fail-fast: false
matrix: ${{ fromJson(needs.generate-matrix.outputs.strategy) }}
steps:
- name: Checkout repository
uses: actions/checkout@v2

- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v1

- name: Build Docker image for ${{ matrix.version }}-${{ matrix.variant }}
run: |
cd ${{ matrix.version }}/${{ matrix.variant }}
docker buildx build --platform linux/amd64,linux/arm64 -t odyssey/ampache:${{ matrix.version }}-${{ matrix.variant }} .
cd ../../
12 changes: 0 additions & 12 deletions .travis.yml

This file was deleted.

25 changes: 13 additions & 12 deletions Dockerfile → 6.4.0/default/Dockerfile
Original file line number Diff line number Diff line change
@@ -1,10 +1,11 @@
FROM debian:stable
# DO NOT EDIT: created by update_maintainer_version from Dockerfile-debian.template
FROM debian:bookworm
LABEL maintainer="lachlan-00"

ENV DEBIAN_FRONTEND=noninteractive
ENV MYSQL_PASS **Random**
ENV DISABLE_INOTIFYWAIT_CLEAN 0
ARG VERSION=5.6.1
ARG VERSION=

RUN sh -c 'echo "Types: deb\n# http://snapshot.debian.org/archive/debian/20230612T000000Z\nURIs: http://deb.debian.org/debian\nSuites: stable stable-updates\nComponents: main contrib non-free\nSigned-By: /usr/share/keyrings/debian-archive-keyring.gpg\n\nTypes: deb\n# http://snapshot.debian.org/archive/debian-security/20230612T000000Z\nURIs: http://deb.debian.org/debian-security\nSuites: stable-security\nComponents: main\nSigned-By: /usr/share/keyrings/debian-archive-keyring.gpg\n" > /etc/apt/sources.list.d/debian.sources' \
&& apt-get -q -q update \
Expand All @@ -31,14 +32,14 @@ RUN sh -c 'echo "Types: deb\n# http://snapshot.debian.org/archive/debian/202
locales \
logrotate \
mariadb-server \
php8.2 \
php8.2-curl \
php8.2-gd \
php8.2-intl \
php8.2-ldap \
php8.2-mysql \
php8.2-xml \
php8.2-zip \
php8.3 \
php8.3-curl \
php8.3-gd \
php8.3-intl \
php8.3-ldap \
php8.3-mysql \
php8.3-xml \
php8.3-zip \
pwgen \
supervisor \
vorbis-tools \
Expand All @@ -51,7 +52,7 @@ RUN sh -c 'echo "Types: deb\n# http://snapshot.debian.org/archive/debian/202
&& chown -R www-data:www-data /var/log/ampache \
&& ln -s /etc/apache2/sites-available/001-ampache.conf /etc/apache2/sites-enabled/ \
&& a2enmod rewrite \
&& wget -q -O /tmp/master.zip https://github.com/ampache/ampache/releases/download/${VERSION}/ampache-${VERSION}_all_php8.2.zip \
&& wget -q -O /tmp/master.zip https://github.com/ampache/ampache/releases/download/6.4.0/ampache-6.4.0_all_php8.3.zip \
&& unzip /tmp/master.zip -d /var/www/ \
&& cp -f /var/www/public/rest/.htaccess.dist /var/www/public/rest/.htaccess \
&& cp -f /var/www/public/play/.htaccess.dist /var/www/public/play/.htaccess \
Expand All @@ -77,7 +78,7 @@ EXPOSE 80

COPY data/bin/run.sh data/bin/inotifywait.sh data/bin/cron.sh data/bin/apache2.sh data/bin/mysql.sh data/bin/create_mysql_admin_user.sh data/bin/ampache_cron.sh data/bin/docker-entrypoint.sh /usr/local/bin/
COPY data/sites-enabled/001-ampache.conf /etc/apache2/sites-available/
COPY data/apache2/php.ini /etc/php/8.2/apache2/
COPY data/apache2/php.ini /etc/php/8.3/apache2/
COPY data/logrotate.d/* /etc/logrotate.d/
COPY data/supervisord/supervisord.conf /etc/supervisor/conf.d/supervisord.conf

Expand Down
Loading
Loading