From ee78a34da41e93bb5b2f732fc53d6606f9fab7a6 Mon Sep 17 00:00:00 2001 From: Dimitri Huisman Date: Wed, 6 Jul 2022 13:42:13 +0000 Subject: [PATCH] Process code review feedback Remove unneeded IF statement in /admin block in nginx.conf of front. Fix contributions made to Dockerfile, add missing trailing \ and add back curl Change healthcheck to monitoring page of fpm. Now we check nginx and fpm. --- core/nginx/conf/nginx.conf | 3 -- webmails/snappymail/Dockerfile | 6 ++-- .../snappymail/config/nginx-snappymail.conf | 19 ++++++++---- .../snappymail/config/php-snappymail.conf | 29 +++++++++++++++---- 4 files changed, 39 insertions(+), 18 deletions(-) diff --git a/core/nginx/conf/nginx.conf b/core/nginx/conf/nginx.conf index cc8125bf..80ebdaee 100644 --- a/core/nginx/conf/nginx.conf +++ b/core/nginx/conf/nginx.conf @@ -213,9 +213,6 @@ http { {% endif %} {% if ADMIN == 'true' %} location {{ WEB_ADMIN }} { - {% if WEB_ADMIN != '/' %} - rewrite ^({{ WEB_ADMIN }})$ $1/ permanent; - {% endif %} include /etc/nginx/proxy.conf; proxy_pass http://$admin; expires $expires; diff --git a/webmails/snappymail/Dockerfile b/webmails/snappymail/Dockerfile index cb667e83..92d48207 100644 --- a/webmails/snappymail/Dockerfile +++ b/webmails/snappymail/Dockerfile @@ -43,7 +43,7 @@ RUN apk add --no-cache \ # zip php7-zip #php7-curl php7-iconv php7-json php7-xml php7-simplexml php7-dom php7-openssl php7-pdo php7-pdo_sqlite php7-mbstring \ RUN apk add --no-cache \ - nginx \ + nginx curl \ php7 php7-fpm php7-mbstring php7-zip php7-json php7-xml php7-simplexml \ php7-dom php7-curl php7-exif gd php7-gd php7-iconv php7-intl php7-openssl \ php7-pdo_sqlite php7-pdo php7-sodium libsodium php7-tidy php7-pecl-uuid \ @@ -66,7 +66,7 @@ COPY defaults/default.ini /defaults/default.ini ENV SNAPPYMAIL_URL https://github.com/the-djmaze/snappymail/releases/download/v2.13.4/snappymail-2.13.4.zip RUN cd /var/www/webmail \ - && busybox wget ${SNAPPYMAIL_URL} -O - |busybox unzip - + && busybox wget ${SNAPPYMAIL_URL} -O - | busybox unzip - \ && chmod -R u+w,a+rX /var/www/webmail \ && chown -R nginx:nginx /var/www/webmail @@ -82,5 +82,5 @@ VOLUME ["/data"] CMD /start.py -HEALTHCHECK CMD curl -f -L http://localhost/health || exit 1 +HEALTHCHECK CMD curl -f -L http://localhost/ping || exit 1 RUN echo $VERSION >> /version diff --git a/webmails/snappymail/config/nginx-snappymail.conf b/webmails/snappymail/config/nginx-snappymail.conf index 7819125f..98ffcc7f 100644 --- a/webmails/snappymail/config/nginx-snappymail.conf +++ b/webmails/snappymail/config/nginx-snappymail.conf @@ -22,10 +22,12 @@ server { } location ~ \.php$ { + fastcgi_split_path_info ^(.+?\.php)(/.*)$; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } include /etc/nginx/fastcgi_params; - fastcgi_split_path_info ^(.+\.php)(/.*)$; - fastcgi_intercept_errors on; fastcgi_index index.php; @@ -45,11 +47,16 @@ server { } location ^~ /data { - deny all; + deny all; } - location /health { - add_header Content-Type text/plain; - return 200; + location = /ping { + allow 127.0.0.1; + deny all; + + include /etc/nginx/fastcgi_params; + fastcgi_index index.php; + fastcgi_pass unix:/var/run/php7-fpm.sock; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; } } diff --git a/webmails/snappymail/config/php-snappymail.conf b/webmails/snappymail/config/php-snappymail.conf index d6010400..974c00d1 100644 --- a/webmails/snappymail/config/php-snappymail.conf +++ b/webmails/snappymail/config/php-snappymail.conf @@ -3,9 +3,9 @@ ; pool name ('snappymail' here) [snappymail] -; Redirect worker stdout and stderr into main error log. If not set, stdout and -; stderr will be redirected to /dev/null according to FastCGI specs. -; Default value: no. +; Redirect worker stdout and stderr into main error log. If not set, stdout and +; stderr will be redirected to /dev/null according to FastCGI specs. +; Default value: no. catch_workers_output = 1 ; Unix user/group of processes @@ -87,15 +87,32 @@ pm.max_children = 5 ; Note: Mandatory when pm is set to 'dynamic' ; pm.max_spare_servers = 3 -; This sets the maximum time in seconds a script is allowed to run before it is -; terminated by the parser. This helps prevent poorly written scripts from tying up +; This sets the maximum time in seconds a script is allowed to run before it is +; terminated by the parser. This helps prevent poorly written scripts from tying up ; the server. The default setting is 30s. ; Note: Used only when pm is set to 'ondemand' pm.process_idle_timeout = 10s -; The number of requests each child process should execute before respawning. +; The number of requests each child process should execute before respawning. ; This can be useful to work around memory leaks in 3rd party libraries. For endless ; request processing specify '0'. ; Equivalent to PHP_FCGI_MAX_REQUESTS. Default value: 0. ; Noted: Used only when pm is set to 'ondemand' pm.max_requests = 200 + +; The ping URI to call the monitoring page of FPM. If this value is not set, no +; URI will be recognized as a ping page. This could be used to test from outside +; that FPM is alive and responding, or to +; - create a graph of FPM availability (rrd or such); +; - remove a server from a group if it is not responding (load balancing); +; - trigger alerts for the operating team (24/7). +; Note: The value must start with a leading slash (/). The value can be +; anything, but it may not be a good idea to use the .php extension or it +; may conflict with a real PHP file. +; Default Value: not set +ping.path = /ping + +; This directive may be used to customize the response of a ping request. The +; response is formatted as text/plain with a 200 response code. +; Default Value: pong +;ping.response = pong