licsber · March 9, 2021 12:26
diff --git a/docker-compose.yml b/docker-compose.yml
 version: "3.9"

 services:
  nginx:
    image: nginx:1.19
    restart: always
    container_name: nginx
    links:
      - "php-fpm:php"
    ports:
      - "80:80"
      - "443:443"
    volumes:
      - /home/licsber/.acme.sh/licsber.site/:/certs/licsber.site/
      - ./conf.d/:/etc/nginx/conf.d/
      - ./static/:/static/
      - ./php/:/php/
      - ./nginx.conf:/etc/nginx/nginx.conf

  php-fpm:
    image: registry.cn-shanghai.aliyuncs.com/licsber/licsber:php-fpm-7.3-alpine-gd
    container_name: php-fpm
    restart: always
    volumes:
      - ./static/:/static/
      - ./php/:/var/www/html/

diff --git a/Dockerfile b/Dockerfile
 FROM php:7.3-fpm-alpine

 LABEL MAINTAINER licsber@gmail.com

 RUN set -x \
    && apk add --no-cache --update \
            freetype libpng libjpeg-turbo \
            freetype-dev libpng-dev libjpeg-turbo-dev \
    && docker-php-ext-configure gd --with-freetype-dir=/usr/include/ --with-jpeg-dir=/usr/include/ \
    && docker-php-ext-install -j "$(getconf _NPROCESSORS_ONLN)" gd \
    && apk del --no-cache freetype-dev libpng-dev libjpeg-turbo-dev
diff --git a/nginx.conf b/nginx.conf
 user  nginx;
 worker_processes  auto;

 error_log  /var/log/nginx/error.log warn;
 pid        /var/run/nginx.pid;


 events {
    worker_connections  1024;
 }


 http {
    include       /etc/nginx/mime.types;
    default_type  application/octet-stream;

    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';

    access_log  /var/log/nginx/access.log  main;

    sendfile        on;
    tcp_nopush      on;
    tcp_nodelay     on;
    keepalive_timeout 65;
    types_hash_max_size 2048;

    client_max_body_size    500M;        
    client_header_timeout   3600s;
    client_body_timeout     3600s;
    fastcgi_connect_timeout 3600s;
    fastcgi_send_timeout    3600s;
    fastcgi_read_timeout    3600s;

    ssl_protocols TLSv1.2; # Dropping SSLv3, ref: POODLE
    ssl_prefer_server_ciphers on;

    gzip  on;

    include /etc/nginx/conf.d/*.conf;
 }
diff --git a/php.licsber.site.conf b/php.licsber.site.conf
 server {
    listen 443 http2 ssl;
    server_name php.licsber.site;

    ssl_certificate /certs/licsber.site/fullchain.cer;
    ssl_certificate_key /certs/licsber.site/licsber.site.key;
    ssl_trusted_certificate /certs/licsber.site/ca.cer;

    root /php;
    index index.php;

    location ~ \.php$ {
        fastcgi_pass   php:9000;
        fastcgi_index  index.php;
        fastcgi_param SCRIPT_FILENAME /var/www/html$fastcgi_script_name;
        include fastcgi_params;
    }
 }

 server{
    if ($host = php.licsber.site) {
        return 301 https://$host$request_uri;
    }

    listen 80;
    server_name php.licsber.site;
    add_header Strict-Transport-Security max-age=15768000;
    return 301 https://$server_name$request_uri;
 }
	version: "3.9"

	services:
	nginx:
	image: nginx:1.19
	restart: always
	container_name: nginx
	links:
	- "php-fpm:php"
	ports:
	- "80:80"
	- "443:443"
	volumes:
	- /home/licsber/.acme.sh/licsber.site/:/certs/licsber.site/
	- ./conf.d/:/etc/nginx/conf.d/
	- ./static/:/static/
	- ./php/:/php/
	- ./nginx.conf:/etc/nginx/nginx.conf

	php-fpm:
	image: registry.cn-shanghai.aliyuncs.com/licsber/licsber:php-fpm-7.3-alpine-gd
	container_name: php-fpm
	restart: always
	volumes:
	- ./static/:/static/
	- ./php/:/var/www/html/
	FROM php:7.3-fpm-alpine

	LABEL MAINTAINER licsber@gmail.com

	RUN set -x \
	&& apk add --no-cache --update \
	freetype libpng libjpeg-turbo \
	freetype-dev libpng-dev libjpeg-turbo-dev \
	&& docker-php-ext-configure gd --with-freetype-dir=/usr/include/ --with-jpeg-dir=/usr/include/ \
	&& docker-php-ext-install -j "$(getconf _NPROCESSORS_ONLN)" gd \
	&& apk del --no-cache freetype-dev libpng-dev libjpeg-turbo-dev
	user nginx;
	worker_processes auto;

	error_log /var/log/nginx/error.log warn;
	pid /var/run/nginx.pid;


	events {
	worker_connections 1024;
	}


	http {
	include /etc/nginx/mime.types;
	default_type application/octet-stream;

	log_format main '$remote_addr - $remote_user [$time_local] "$request" '
	'$status $body_bytes_sent "$http_referer" '
	'"$http_user_agent" "$http_x_forwarded_for"';

	access_log /var/log/nginx/access.log main;

	sendfile on;
	tcp_nopush on;
	tcp_nodelay on;
	keepalive_timeout 65;
	types_hash_max_size 2048;

	client_max_body_size 500M;
	client_header_timeout 3600s;
	client_body_timeout 3600s;
	fastcgi_connect_timeout 3600s;
	fastcgi_send_timeout 3600s;
	fastcgi_read_timeout 3600s;

	ssl_protocols TLSv1.2; # Dropping SSLv3, ref: POODLE
	ssl_prefer_server_ciphers on;

	gzip on;

	include /etc/nginx/conf.d/*.conf;
	}
	server {
	listen 443 http2 ssl;
	server_name php.licsber.site;

	ssl_certificate /certs/licsber.site/fullchain.cer;
	ssl_certificate_key /certs/licsber.site/licsber.site.key;
	ssl_trusted_certificate /certs/licsber.site/ca.cer;

	root /php;
	index index.php;

	location ~ \.php$ {
	fastcgi_pass php:9000;
	fastcgi_index index.php;
	fastcgi_param SCRIPT_FILENAME /var/www/html$fastcgi_script_name;
	include fastcgi_params;
	}
	}

	server{
	if ($host = php.licsber.site) {
	return 301 https://$host$request_uri;
	}

	listen 80;
	server_name php.licsber.site;
	add_header Strict-Transport-Security max-age=15768000;
	return 301 https://$server_name$request_uri;
	}