Implement support for multiple PHP versions
This commit provides docker images and scripts to support multiple Debian and PHP releases via containers.
This commit is contained in:
commit
5b73173912
35 changed files with 1851 additions and 0 deletions
19
LICENSE
Normal file
19
LICENSE
Normal file
|
@ -0,0 +1,19 @@
|
|||
Copyright 2018 Jan Dittberner IT-Consulting & -Solutions
|
||||
|
||||
Permission is hereby granted, free of charge, to any person obtaining a copy of
|
||||
this software and associated documentation files (the "Software"), to deal in
|
||||
the Software without restriction, including without limitation the rights to
|
||||
use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies
|
||||
of the Software, and to permit persons to whom the Software is furnished to do
|
||||
so, subject to the following conditions:
|
||||
|
||||
The above copyright notice and this permission notice shall be included in all
|
||||
copies or substantial portions of the Software.
|
||||
|
||||
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
||||
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
||||
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
|
||||
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
|
||||
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
|
||||
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
|
||||
SOFTWARE.
|
12
build.sh
Executable file
12
build.sh
Executable file
|
@ -0,0 +1,12 @@
|
|||
#!/bin/sh
|
||||
|
||||
set -e
|
||||
|
||||
for dist in wheezy_php5 jessie_php5 stretch_php7 buster_php7; do
|
||||
docker build --pull -t gnuviech/${dist}-base ${dist} -f ${dist}/Dockerfile-base
|
||||
docker build -t gnuviech/${dist} ${dist} -f ${dist}/Dockerfile
|
||||
docker build -t gnuviech/${dist}-mysql ${dist} -f ${dist}/Dockerfile-mysql
|
||||
docker build -t gnuviech/${dist}-pgsql ${dist} -f ${dist}/Dockerfile-pgsql
|
||||
done
|
||||
|
||||
docker image prune -f
|
8
buster_php7/Dockerfile
Normal file
8
buster_php7/Dockerfile
Normal file
|
@ -0,0 +1,8 @@
|
|||
FROM gnuviech/buster_php7-base:latest
|
||||
LABEL maintainer="jan@dittberner.info"
|
||||
|
||||
COPY start-fpm.sh /usr/local/sbin
|
||||
COPY fpm-pool.conf.tmpl /usr/local/etc
|
||||
|
||||
ENTRYPOINT ["/usr/bin/dumb-init", "--"]
|
||||
CMD ["/usr/local/sbin/start-fpm.sh"]
|
31
buster_php7/Dockerfile-base
Normal file
31
buster_php7/Dockerfile-base
Normal file
|
@ -0,0 +1,31 @@
|
|||
FROM debian:buster
|
||||
LABEL maintainer="jan@dittberner.info"
|
||||
VOLUME /srv
|
||||
|
||||
RUN apt-get update \
|
||||
&& DEBIAN_FRONTEND=noninteractive \
|
||||
apt-get install -y --no-install-recommends \
|
||||
dumb-init \
|
||||
libnss-ldap \
|
||||
nullmailer \
|
||||
php-curl \
|
||||
php-fpm \
|
||||
php-gd \
|
||||
php-imagick \
|
||||
php-imap \
|
||||
php-json \
|
||||
php-mail \
|
||||
php-mail-mime \
|
||||
php-mbstring \
|
||||
php-net-smtp \
|
||||
php-net-socket \
|
||||
php7.2-opcache \
|
||||
php-pspell \
|
||||
php-sqlite3 \
|
||||
psmisc \
|
||||
&& apt-get clean \
|
||||
&& rm -rf /var/lib/apt/lists/*.*
|
||||
|
||||
ADD --chown=root:root nsswitch.conf libnss-ldap.conf /etc/
|
||||
|
||||
RUN rm -f /etc/php/7.2/fpm/pool.d/www.conf
|
15
buster_php7/Dockerfile-mysql
Normal file
15
buster_php7/Dockerfile-mysql
Normal file
|
@ -0,0 +1,15 @@
|
|||
FROM gnuviech/buster_php7-base:latest
|
||||
LABEL maintainer="jan@dittberner.info"
|
||||
|
||||
RUN apt-get update \
|
||||
&& DEBIAN_FRONTEND=noninteractive \
|
||||
apt-get install -y --no-install-recommends \
|
||||
php-mysql \
|
||||
&& apt-get clean \
|
||||
&& rm -rf /var/lib/apt/lists/*.*
|
||||
|
||||
COPY start-fpm.sh /usr/local/sbin
|
||||
COPY fpm-pool.conf.tmpl /usr/local/etc
|
||||
|
||||
ENTRYPOINT ["/usr/bin/dumb-init", "--"]
|
||||
CMD ["/usr/local/sbin/start-fpm.sh"]
|
15
buster_php7/Dockerfile-pgsql
Normal file
15
buster_php7/Dockerfile-pgsql
Normal file
|
@ -0,0 +1,15 @@
|
|||
FROM gnuviech/buster_php7-base:latest
|
||||
LABEL maintainer="jan@dittberner.info"
|
||||
|
||||
RUN apt-get update \
|
||||
&& DEBIAN_FRONTEND=noninteractive \
|
||||
apt-get install -y --no-install-recommends \
|
||||
php-mysql \
|
||||
&& apt-get clean \
|
||||
&& rm -rf /var/lib/apt/lists/*.*
|
||||
|
||||
COPY start-fpm.sh /usr/local/sbin
|
||||
COPY fpm-pool.conf.tmpl /usr/local/etc
|
||||
|
||||
ENTRYPOINT ["/usr/bin/dumb-init", "--"]
|
||||
CMD ["/usr/local/sbin/start-fpm.sh"]
|
15
buster_php7/fpm-pool.conf.tmpl
Normal file
15
buster_php7/fpm-pool.conf.tmpl
Normal file
|
@ -0,0 +1,15 @@
|
|||
[@user@]
|
||||
user = @user@
|
||||
group = @user@
|
||||
listen = /var/run/php-fpm-docker/@user@-@variant@.sock
|
||||
listen.owner = www-data
|
||||
listen.group = www-data
|
||||
pm = dynamic
|
||||
pm.max_children = 20
|
||||
pm.start_servers = 2
|
||||
pm.min_spare_servers = 1
|
||||
pm.max_spare_servers = 3
|
||||
pm.max_requests = 1000
|
||||
chdir = /
|
||||
request_slowlog_timeout = 10s
|
||||
slowlog = /var/log/php-fpm-docker/@user@-@variant@.slow.log
|
323
buster_php7/libnss-ldap.conf
Normal file
323
buster_php7/libnss-ldap.conf
Normal file
|
@ -0,0 +1,323 @@
|
|||
###DEBCONF###
|
||||
# the configuration of this file will be done by debconf as long as the
|
||||
# first line of the file says '###DEBCONF###'
|
||||
#
|
||||
# you should use dpkg-reconfigure libnss-ldap to configure this file.
|
||||
#
|
||||
# @(#)$Id: ldap.conf,v 2.48 2008/07/03 02:30:29 lukeh Exp $
|
||||
#
|
||||
# This is the configuration file for the LDAP nameservice
|
||||
# switch library and the LDAP PAM module.
|
||||
#
|
||||
# PADL Software
|
||||
# http://www.padl.com
|
||||
#
|
||||
|
||||
# Your LDAP server. Must be resolvable without using LDAP.
|
||||
# Multiple hosts may be specified, each separated by a
|
||||
# space. How long nss_ldap takes to failover depends on
|
||||
# whether your LDAP client library supports configurable
|
||||
# network or connect timeouts (see bind_timelimit).
|
||||
#host 127.0.0.1
|
||||
|
||||
# The distinguished name of the search base.
|
||||
base dc=gnuviech,dc=internal
|
||||
|
||||
# Another way to specify your LDAP server is to provide an
|
||||
uri ldap://10.0.0.11/
|
||||
# Unix Domain Sockets to connect to a local LDAP Server.
|
||||
#uri ldap://127.0.0.1/
|
||||
#uri ldaps://127.0.0.1/
|
||||
#uri ldapi://%2fvar%2frun%2fldapi_sock/
|
||||
# Note: %2f encodes the '/' used as directory separator
|
||||
|
||||
# The LDAP version to use (defaults to 3
|
||||
# if supported by client library)
|
||||
ldap_version 3
|
||||
|
||||
# The distinguished name to bind to the server with.
|
||||
# Optional: default is to bind anonymously.
|
||||
# Please do not put double quotes around it as they
|
||||
# would be included literally.
|
||||
#binddn cn=proxyuser,dc=padl,dc=com
|
||||
|
||||
# The credentials to bind with.
|
||||
# Optional: default is no credential.
|
||||
#bindpw secret
|
||||
|
||||
# The distinguished name to bind to the server with
|
||||
# if the effective user ID is root. Password is
|
||||
# stored in /etc/libnss-ldap.secret (mode 600)
|
||||
# Use 'echo -n "mypassword" > /etc/libnss-ldap.secret' instead
|
||||
# of an editor to create the file.
|
||||
#rootbinddn cn=manager,dc=example,dc=net
|
||||
|
||||
# The port.
|
||||
# Optional: default is 389.
|
||||
#port 389
|
||||
|
||||
# The search scope.
|
||||
#scope sub
|
||||
#scope one
|
||||
#scope base
|
||||
|
||||
# Search timelimit
|
||||
#timelimit 30
|
||||
|
||||
# Bind/connect timelimit
|
||||
#bind_timelimit 30
|
||||
|
||||
# Reconnect policy:
|
||||
# hard_open: reconnect to DSA with exponential backoff if
|
||||
# opening connection failed
|
||||
# hard_init: reconnect to DSA with exponential backoff if
|
||||
# initializing connection failed
|
||||
# hard: alias for hard_open
|
||||
# soft: return immediately on server failure
|
||||
#bind_policy hard
|
||||
|
||||
# Connection policy:
|
||||
# persist: DSA connections are kept open (default)
|
||||
# oneshot: DSA connections destroyed after request
|
||||
#nss_connect_policy persist
|
||||
|
||||
# Idle timelimit; client will close connections
|
||||
# (nss_ldap only) if the server has not been contacted
|
||||
# for the number of seconds specified below.
|
||||
#idle_timelimit 3600
|
||||
|
||||
# Use paged rseults
|
||||
#nss_paged_results yes
|
||||
|
||||
# Pagesize: when paged results enable, used to set the
|
||||
# pagesize to a custom value
|
||||
#pagesize 1000
|
||||
|
||||
# Filter to AND with uid=%s
|
||||
#pam_filter objectclass=account
|
||||
|
||||
# The user ID attribute (defaults to uid)
|
||||
#pam_login_attribute uid
|
||||
|
||||
# Search the root DSE for the password policy (works
|
||||
# with Netscape Directory Server)
|
||||
#pam_lookup_policy yes
|
||||
|
||||
# Check the 'host' attribute for access control
|
||||
# Default is no; if set to yes, and user has no
|
||||
# value for the host attribute, and pam_ldap is
|
||||
# configured for account management (authorization)
|
||||
# then the user will not be allowed to login.
|
||||
#pam_check_host_attr yes
|
||||
|
||||
# Check the 'authorizedService' attribute for access
|
||||
# control
|
||||
# Default is no; if set to yes, and the user has no
|
||||
# value for the authorizedService attribute, and
|
||||
# pam_ldap is configured for account management
|
||||
# (authorization) then the user will not be allowed
|
||||
# to login.
|
||||
#pam_check_service_attr yes
|
||||
|
||||
# Group to enforce membership of
|
||||
#pam_groupdn cn=PAM,ou=Groups,dc=padl,dc=com
|
||||
|
||||
# Group member attribute
|
||||
#pam_member_attribute uniquemember
|
||||
|
||||
# Specify a minium or maximum UID number allowed
|
||||
#pam_min_uid 0
|
||||
#pam_max_uid 0
|
||||
|
||||
# Template login attribute, default template user
|
||||
# (can be overriden by value of former attribute
|
||||
# in user's entry)
|
||||
#pam_login_attribute userPrincipalName
|
||||
#pam_template_login_attribute uid
|
||||
#pam_template_login nobody
|
||||
|
||||
# HEADS UP: the pam_crypt, pam_nds_passwd,
|
||||
# and pam_ad_passwd options are no
|
||||
# longer supported.
|
||||
#
|
||||
# Do not hash the password at all; presume
|
||||
# the directory server will do it, if
|
||||
# necessary. This is the default.
|
||||
#pam_password clear
|
||||
|
||||
# Hash password locally; required for University of
|
||||
# Michigan LDAP server, and works with Netscape
|
||||
# Directory Server if you're using the UNIX-Crypt
|
||||
# hash mechanism and not using the NT Synchronization
|
||||
# service.
|
||||
#pam_password crypt
|
||||
|
||||
# Remove old password first, then update in
|
||||
# cleartext. Necessary for use with Novell
|
||||
# Directory Services (NDS)
|
||||
#pam_password nds
|
||||
|
||||
# RACF is an alias for the above. For use with
|
||||
# IBM RACF
|
||||
#pam_password racf
|
||||
|
||||
# Update Active Directory password, by
|
||||
# creating Unicode password and updating
|
||||
# unicodePwd attribute.
|
||||
#pam_password ad
|
||||
|
||||
# Use the OpenLDAP password change
|
||||
# extended operation to update the password.
|
||||
#pam_password exop
|
||||
|
||||
# Redirect users to a URL or somesuch on password
|
||||
# changes.
|
||||
#pam_password_prohibit_message Please visit http://internal to change your password.
|
||||
|
||||
# Use backlinks for answering initgroups()
|
||||
#nss_initgroups backlink
|
||||
|
||||
# Enable support for RFC2307bis (distinguished names in group
|
||||
# members)
|
||||
#nss_schema rfc2307bis
|
||||
|
||||
# RFC2307bis naming contexts
|
||||
# Syntax:
|
||||
# nss_base_XXX base?scope?filter
|
||||
# where scope is {base,one,sub}
|
||||
# and filter is a filter to be &'d with the
|
||||
# default filter.
|
||||
# You can omit the suffix eg:
|
||||
# nss_base_passwd ou=People,
|
||||
# to append the default base DN but this
|
||||
# may incur a small performance impact.
|
||||
#nss_base_passwd ou=People,dc=padl,dc=com?one
|
||||
#nss_base_shadow ou=People,dc=padl,dc=com?one
|
||||
#nss_base_group ou=Group,dc=padl,dc=com?one
|
||||
#nss_base_hosts ou=Hosts,dc=padl,dc=com?one
|
||||
#nss_base_services ou=Services,dc=padl,dc=com?one
|
||||
#nss_base_networks ou=Networks,dc=padl,dc=com?one
|
||||
#nss_base_protocols ou=Protocols,dc=padl,dc=com?one
|
||||
#nss_base_rpc ou=Rpc,dc=padl,dc=com?one
|
||||
#nss_base_ethers ou=Ethers,dc=padl,dc=com?one
|
||||
#nss_base_netmasks ou=Networks,dc=padl,dc=com?ne
|
||||
#nss_base_bootparams ou=Ethers,dc=padl,dc=com?one
|
||||
#nss_base_aliases ou=Aliases,dc=padl,dc=com?one
|
||||
#nss_base_netgroup ou=Netgroup,dc=padl,dc=com?one
|
||||
|
||||
# attribute/objectclass mapping
|
||||
# Syntax:
|
||||
#nss_map_attribute rfc2307attribute mapped_attribute
|
||||
#nss_map_objectclass rfc2307objectclass mapped_objectclass
|
||||
|
||||
# configure --enable-nds is no longer supported.
|
||||
# NDS mappings
|
||||
#nss_map_attribute uniqueMember member
|
||||
|
||||
# Services for UNIX 3.5 mappings
|
||||
#nss_map_objectclass posixAccount User
|
||||
#nss_map_objectclass shadowAccount User
|
||||
#nss_map_attribute uid msSFU30Name
|
||||
#nss_map_attribute uniqueMember msSFU30PosixMember
|
||||
#nss_map_attribute userPassword msSFU30Password
|
||||
#nss_map_attribute homeDirectory msSFU30HomeDirectory
|
||||
#nss_map_attribute homeDirectory msSFUHomeDirectory
|
||||
#nss_map_objectclass posixGroup Group
|
||||
#pam_login_attribute msSFU30Name
|
||||
#pam_filter objectclass=User
|
||||
#pam_password ad
|
||||
|
||||
# configure --enable-mssfu-schema is no longer supported.
|
||||
# Services for UNIX 2.0 mappings
|
||||
#nss_map_objectclass posixAccount User
|
||||
#nss_map_objectclass shadowAccount user
|
||||
#nss_map_attribute uid msSFUName
|
||||
#nss_map_attribute uniqueMember posixMember
|
||||
#nss_map_attribute userPassword msSFUPassword
|
||||
#nss_map_attribute homeDirectory msSFUHomeDirectory
|
||||
#nss_map_attribute shadowLastChange pwdLastSet
|
||||
#nss_map_objectclass posixGroup Group
|
||||
#nss_map_attribute cn msSFUName
|
||||
#pam_login_attribute msSFUName
|
||||
#pam_filter objectclass=User
|
||||
#pam_password ad
|
||||
|
||||
# RFC 2307 (AD) mappings
|
||||
#nss_map_objectclass posixAccount user
|
||||
#nss_map_objectclass shadowAccount user
|
||||
#nss_map_attribute uid sAMAccountName
|
||||
#nss_map_attribute homeDirectory unixHomeDirectory
|
||||
#nss_map_attribute shadowLastChange pwdLastSet
|
||||
#nss_map_objectclass posixGroup group
|
||||
#nss_map_attribute uniqueMember member
|
||||
#pam_login_attribute sAMAccountName
|
||||
#pam_filter objectclass=User
|
||||
#pam_password ad
|
||||
|
||||
# configure --enable-authpassword is no longer supported
|
||||
# AuthPassword mappings
|
||||
#nss_map_attribute userPassword authPassword
|
||||
|
||||
# AIX SecureWay mappings
|
||||
#nss_map_objectclass posixAccount aixAccount
|
||||
#nss_base_passwd ou=aixaccount,?one
|
||||
#nss_map_attribute uid userName
|
||||
#nss_map_attribute gidNumber gid
|
||||
#nss_map_attribute uidNumber uid
|
||||
#nss_map_attribute userPassword passwordChar
|
||||
#nss_map_objectclass posixGroup aixAccessGroup
|
||||
#nss_base_group ou=aixgroup,?one
|
||||
#nss_map_attribute cn groupName
|
||||
#nss_map_attribute uniqueMember member
|
||||
#pam_login_attribute userName
|
||||
#pam_filter objectclass=aixAccount
|
||||
#pam_password clear
|
||||
|
||||
# For pre-RFC2307bis automount schema
|
||||
#nss_map_objectclass automountMap nisMap
|
||||
#nss_map_attribute automountMapName nisMapName
|
||||
#nss_map_objectclass automount nisObject
|
||||
#nss_map_attribute automountKey cn
|
||||
#nss_map_attribute automountInformation nisMapEntry
|
||||
|
||||
# Netscape SDK LDAPS
|
||||
#ssl on
|
||||
|
||||
# Netscape SDK SSL options
|
||||
#sslpath /etc/ssl/certs
|
||||
|
||||
# OpenLDAP SSL mechanism
|
||||
# start_tls mechanism uses the normal LDAP port, LDAPS typically 636
|
||||
#ssl start_tls
|
||||
#ssl on
|
||||
|
||||
# OpenLDAP SSL options
|
||||
# Require and verify server certificate (yes/no)
|
||||
# Default is to use libldap's default behavior, which can be configured in
|
||||
# /etc/openldap/ldap.conf using the TLS_REQCERT setting. The default for
|
||||
# OpenLDAP 2.0 and earlier is "no", for 2.1 and later is "yes".
|
||||
#tls_checkpeer yes
|
||||
|
||||
# CA certificates for server certificate verification
|
||||
# At least one of these are required if tls_checkpeer is "yes"
|
||||
#tls_cacertfile /etc/ssl/ca.cert
|
||||
#tls_cacertdir /etc/ssl/certs
|
||||
|
||||
# Seed the PRNG if /dev/urandom is not provided
|
||||
#tls_randfile /var/run/egd-pool
|
||||
|
||||
# SSL cipher suite
|
||||
# See man ciphers for syntax
|
||||
#tls_ciphers TLSv1
|
||||
|
||||
# Client certificate and key
|
||||
# Use these, if your server requires client authentication.
|
||||
#tls_cert
|
||||
#tls_key
|
||||
|
||||
# Disable SASL security layers. This is needed for AD.
|
||||
#sasl_secprops maxssf=0
|
||||
|
||||
# Override the default Kerberos ticket cache location.
|
||||
#krb5_ccname FILE:/etc/.ldapcache
|
||||
|
19
buster_php7/nsswitch.conf
Normal file
19
buster_php7/nsswitch.conf
Normal file
|
@ -0,0 +1,19 @@
|
|||
# /etc/nsswitch.conf
|
||||
#
|
||||
# Example configuration of GNU Name Service Switch functionality.
|
||||
# If you have the `glibc-doc-reference' and `info' packages installed, try:
|
||||
# `info libc "Name Service Switch"' for information about this file.
|
||||
|
||||
passwd: compat ldap
|
||||
group: compat ldap
|
||||
shadow: compat
|
||||
|
||||
hosts: files dns
|
||||
networks: files
|
||||
|
||||
protocols: db files
|
||||
services: db files
|
||||
ethers: db files
|
||||
rpc: db files
|
||||
|
||||
netgroup: nis
|
11
buster_php7/start-fpm.sh
Executable file
11
buster_php7/start-fpm.sh
Executable file
|
@ -0,0 +1,11 @@
|
|||
#!/bin/sh
|
||||
|
||||
set -e
|
||||
|
||||
sed "s/@user@/${FPM_USER}/g; s/@variant@/${FPM_VARIANT}/g" \
|
||||
< /usr/local/etc/fpm-pool.conf.tmpl \
|
||||
> "/etc/php/7.2/fpm/pool.d/${FPM_USER}.conf"
|
||||
|
||||
/etc/init.d/nullmailer start
|
||||
mkdir -p /run/php
|
||||
/usr/sbin/php-fpm7.2 --nodaemonize
|
8
jessie_php5/Dockerfile
Normal file
8
jessie_php5/Dockerfile
Normal file
|
@ -0,0 +1,8 @@
|
|||
FROM gnuviech/jessie_php5-base:latest
|
||||
LABEL maintainer="jan@dittberner.info"
|
||||
|
||||
COPY start-fpm.sh /usr/local/sbin
|
||||
COPY fpm-pool.conf.tmpl /usr/local/etc
|
||||
|
||||
ENTRYPOINT ["/usr/bin/dumb-init", "--"]
|
||||
CMD ["/usr/local/sbin/start-fpm.sh"]
|
38
jessie_php5/Dockerfile-base
Normal file
38
jessie_php5/Dockerfile-base
Normal file
|
@ -0,0 +1,38 @@
|
|||
FROM debian:jessie
|
||||
LABEL maintainer="jan@dittberner.info"
|
||||
VOLUME /srv
|
||||
|
||||
RUN apt-get update \
|
||||
&& DEBIAN_FRONTEND=noninteractive \
|
||||
apt-get install -y --no-install-recommends \
|
||||
ca-certificates \
|
||||
curl \
|
||||
libnss-ldap \
|
||||
nullmailer \
|
||||
php-apc \
|
||||
php-mail \
|
||||
php-mail-mime \
|
||||
php-mail-mimedecode \
|
||||
php-net-smtp \
|
||||
php-net-socket \
|
||||
php5-apcu \
|
||||
php5-curl \
|
||||
php5-fpm \
|
||||
php5-gd \
|
||||
php5-imagick \
|
||||
php5-imap \
|
||||
php5-json \
|
||||
php5-mcrypt \
|
||||
php5-pspell \
|
||||
php5-sqlite \
|
||||
psmisc \
|
||||
&& apt-get clean \
|
||||
&& rm -rf /var/lib/apt/lists/*.*
|
||||
|
||||
RUN curl -o dumb-init_1.2.2.deb -L https://github.com/Yelp/dumb-init/releases/download/v1.2.2/dumb-init_1.2.2_amd64.deb && \
|
||||
dpkg -i dumb-init_1.2.2.deb && \
|
||||
rm -f dumb-init_1.2.2.deb
|
||||
|
||||
ADD --chown=root:root nsswitch.conf libnss-ldap.conf /etc/
|
||||
|
||||
RUN rm -f /etc/php5/fpm/pool.d/www.conf
|
15
jessie_php5/Dockerfile-mysql
Normal file
15
jessie_php5/Dockerfile-mysql
Normal file
|
@ -0,0 +1,15 @@
|
|||
FROM gnuviech/jessie_php5-base:latest
|
||||
LABEL maintainer="jan@dittberner.info"
|
||||
|
||||
RUN apt-get update \
|
||||
&& DEBIAN_FRONTEND=noninteractive \
|
||||
apt-get install -y --no-install-recommends \
|
||||
php5-mysql \
|
||||
&& apt-get clean \
|
||||
&& rm -rf /var/lib/apt/lists/*.*
|
||||
|
||||
COPY start-fpm.sh /usr/local/sbin
|
||||
COPY fpm-pool.conf.tmpl /usr/local/etc
|
||||
|
||||
ENTRYPOINT ["/usr/bin/dumb-init", "--"]
|
||||
CMD ["/usr/local/sbin/start-fpm.sh"]
|
15
jessie_php5/Dockerfile-pgsql
Normal file
15
jessie_php5/Dockerfile-pgsql
Normal file
|
@ -0,0 +1,15 @@
|
|||
FROM gnuviech/jessie_php5-base:latest
|
||||
LABEL maintainer="jan@dittberner.info"
|
||||
|
||||
RUN apt-get update \
|
||||
&& DEBIAN_FRONTEND=noninteractive \
|
||||
apt-get install -y --no-install-recommends \
|
||||
php5-pgsql \
|
||||
&& apt-get clean \
|
||||
&& rm -rf /var/lib/apt/lists/*.*
|
||||
|
||||
COPY start-fpm.sh /usr/local/sbin
|
||||
COPY fpm-pool.conf.tmpl /usr/local/etc
|
||||
|
||||
ENTRYPOINT ["/usr/bin/dumb-init", "--"]
|
||||
CMD ["/usr/local/sbin/start-fpm.sh"]
|
15
jessie_php5/fpm-pool.conf.tmpl
Normal file
15
jessie_php5/fpm-pool.conf.tmpl
Normal file
|
@ -0,0 +1,15 @@
|
|||
[@user@]
|
||||
user = @user@
|
||||
group = @user@
|
||||
listen = /var/run/php-fpm-docker/@user@-@variant@.sock
|
||||
listen.owner = www-data
|
||||
listen.group = www-data
|
||||
pm = dynamic
|
||||
pm.max_children = 20
|
||||
pm.start_servers = 2
|
||||
pm.min_spare_servers = 1
|
||||
pm.max_spare_servers = 3
|
||||
pm.max_requests = 1000
|
||||
chdir = /
|
||||
request_slowlog_timeout = 10s
|
||||
slowlog = /var/log/php-fpm-docker/@user@-@variant@.slow.log
|
323
jessie_php5/libnss-ldap.conf
Normal file
323
jessie_php5/libnss-ldap.conf
Normal file
|
@ -0,0 +1,323 @@
|
|||
###DEBCONF###
|
||||
# the configuration of this file will be done by debconf as long as the
|
||||
# first line of the file says '###DEBCONF###'
|
||||
#
|
||||
# you should use dpkg-reconfigure libnss-ldap to configure this file.
|
||||
#
|
||||
# @(#)$Id: ldap.conf,v 2.48 2008/07/03 02:30:29 lukeh Exp $
|
||||
#
|
||||
# This is the configuration file for the LDAP nameservice
|
||||
# switch library and the LDAP PAM module.
|
||||
#
|
||||
# PADL Software
|
||||
# http://www.padl.com
|
||||
#
|
||||
|
||||
# Your LDAP server. Must be resolvable without using LDAP.
|
||||
# Multiple hosts may be specified, each separated by a
|
||||
# space. How long nss_ldap takes to failover depends on
|
||||
# whether your LDAP client library supports configurable
|
||||
# network or connect timeouts (see bind_timelimit).
|
||||
#host 127.0.0.1
|
||||
|
||||
# The distinguished name of the search base.
|
||||
base dc=gnuviech,dc=internal
|
||||
|
||||
# Another way to specify your LDAP server is to provide an
|
||||
uri ldap://10.0.0.11/
|
||||
# Unix Domain Sockets to connect to a local LDAP Server.
|
||||
#uri ldap://127.0.0.1/
|
||||
#uri ldaps://127.0.0.1/
|
||||
#uri ldapi://%2fvar%2frun%2fldapi_sock/
|
||||
# Note: %2f encodes the '/' used as directory separator
|
||||
|
||||
# The LDAP version to use (defaults to 3
|
||||
# if supported by client library)
|
||||
ldap_version 3
|
||||
|
||||
# The distinguished name to bind to the server with.
|
||||
# Optional: default is to bind anonymously.
|
||||
# Please do not put double quotes around it as they
|
||||
# would be included literally.
|
||||
#binddn cn=proxyuser,dc=padl,dc=com
|
||||
|
||||
# The credentials to bind with.
|
||||
# Optional: default is no credential.
|
||||
#bindpw secret
|
||||
|
||||
# The distinguished name to bind to the server with
|
||||
# if the effective user ID is root. Password is
|
||||
# stored in /etc/libnss-ldap.secret (mode 600)
|
||||
# Use 'echo -n "mypassword" > /etc/libnss-ldap.secret' instead
|
||||
# of an editor to create the file.
|
||||
#rootbinddn cn=manager,dc=example,dc=net
|
||||
|
||||
# The port.
|
||||
# Optional: default is 389.
|
||||
#port 389
|
||||
|
||||
# The search scope.
|
||||
#scope sub
|
||||
#scope one
|
||||
#scope base
|
||||
|
||||
# Search timelimit
|
||||
#timelimit 30
|
||||
|
||||
# Bind/connect timelimit
|
||||
#bind_timelimit 30
|
||||
|
||||
# Reconnect policy:
|
||||
# hard_open: reconnect to DSA with exponential backoff if
|
||||
# opening connection failed
|
||||
# hard_init: reconnect to DSA with exponential backoff if
|
||||
# initializing connection failed
|
||||
# hard: alias for hard_open
|
||||
# soft: return immediately on server failure
|
||||
#bind_policy hard
|
||||
|
||||
# Connection policy:
|
||||
# persist: DSA connections are kept open (default)
|
||||
# oneshot: DSA connections destroyed after request
|
||||
#nss_connect_policy persist
|
||||
|
||||
# Idle timelimit; client will close connections
|
||||
# (nss_ldap only) if the server has not been contacted
|
||||
# for the number of seconds specified below.
|
||||
#idle_timelimit 3600
|
||||
|
||||
# Use paged rseults
|
||||
#nss_paged_results yes
|
||||
|
||||
# Pagesize: when paged results enable, used to set the
|
||||
# pagesize to a custom value
|
||||
#pagesize 1000
|
||||
|
||||
# Filter to AND with uid=%s
|
||||
#pam_filter objectclass=account
|
||||
|
||||
# The user ID attribute (defaults to uid)
|
||||
#pam_login_attribute uid
|
||||
|
||||
# Search the root DSE for the password policy (works
|
||||
# with Netscape Directory Server)
|
||||
#pam_lookup_policy yes
|
||||
|
||||
# Check the 'host' attribute for access control
|
||||
# Default is no; if set to yes, and user has no
|
||||
# value for the host attribute, and pam_ldap is
|
||||
# configured for account management (authorization)
|
||||
# then the user will not be allowed to login.
|
||||
#pam_check_host_attr yes
|
||||
|
||||
# Check the 'authorizedService' attribute for access
|
||||
# control
|
||||
# Default is no; if set to yes, and the user has no
|
||||
# value for the authorizedService attribute, and
|
||||
# pam_ldap is configured for account management
|
||||
# (authorization) then the user will not be allowed
|
||||
# to login.
|
||||
#pam_check_service_attr yes
|
||||
|
||||
# Group to enforce membership of
|
||||
#pam_groupdn cn=PAM,ou=Groups,dc=padl,dc=com
|
||||
|
||||
# Group member attribute
|
||||
#pam_member_attribute uniquemember
|
||||
|
||||
# Specify a minium or maximum UID number allowed
|
||||
#pam_min_uid 0
|
||||
#pam_max_uid 0
|
||||
|
||||
# Template login attribute, default template user
|
||||
# (can be overriden by value of former attribute
|
||||
# in user's entry)
|
||||
#pam_login_attribute userPrincipalName
|
||||
#pam_template_login_attribute uid
|
||||
#pam_template_login nobody
|
||||
|
||||
# HEADS UP: the pam_crypt, pam_nds_passwd,
|
||||
# and pam_ad_passwd options are no
|
||||
# longer supported.
|
||||
#
|
||||
# Do not hash the password at all; presume
|
||||
# the directory server will do it, if
|
||||
# necessary. This is the default.
|
||||
#pam_password clear
|
||||
|
||||
# Hash password locally; required for University of
|
||||
# Michigan LDAP server, and works with Netscape
|
||||
# Directory Server if you're using the UNIX-Crypt
|
||||
# hash mechanism and not using the NT Synchronization
|
||||
# service.
|
||||
#pam_password crypt
|
||||
|
||||
# Remove old password first, then update in
|
||||
# cleartext. Necessary for use with Novell
|
||||
# Directory Services (NDS)
|
||||
#pam_password nds
|
||||
|
||||
# RACF is an alias for the above. For use with
|
||||
# IBM RACF
|
||||
#pam_password racf
|
||||
|
||||
# Update Active Directory password, by
|
||||
# creating Unicode password and updating
|
||||
# unicodePwd attribute.
|
||||
#pam_password ad
|
||||
|
||||
# Use the OpenLDAP password change
|
||||
# extended operation to update the password.
|
||||
#pam_password exop
|
||||
|
||||
# Redirect users to a URL or somesuch on password
|
||||
# changes.
|
||||
#pam_password_prohibit_message Please visit http://internal to change your password.
|
||||
|
||||
# Use backlinks for answering initgroups()
|
||||
#nss_initgroups backlink
|
||||
|
||||
# Enable support for RFC2307bis (distinguished names in group
|
||||
# members)
|
||||
#nss_schema rfc2307bis
|
||||
|
||||
# RFC2307bis naming contexts
|
||||
# Syntax:
|
||||
# nss_base_XXX base?scope?filter
|
||||
# where scope is {base,one,sub}
|
||||
# and filter is a filter to be &'d with the
|
||||
# default filter.
|
||||
# You can omit the suffix eg:
|
||||
# nss_base_passwd ou=People,
|
||||
# to append the default base DN but this
|
||||
# may incur a small performance impact.
|
||||
#nss_base_passwd ou=People,dc=padl,dc=com?one
|
||||
#nss_base_shadow ou=People,dc=padl,dc=com?one
|
||||
#nss_base_group ou=Group,dc=padl,dc=com?one
|
||||
#nss_base_hosts ou=Hosts,dc=padl,dc=com?one
|
||||
#nss_base_services ou=Services,dc=padl,dc=com?one
|
||||
#nss_base_networks ou=Networks,dc=padl,dc=com?one
|
||||
#nss_base_protocols ou=Protocols,dc=padl,dc=com?one
|
||||
#nss_base_rpc ou=Rpc,dc=padl,dc=com?one
|
||||
#nss_base_ethers ou=Ethers,dc=padl,dc=com?one
|
||||
#nss_base_netmasks ou=Networks,dc=padl,dc=com?ne
|
||||
#nss_base_bootparams ou=Ethers,dc=padl,dc=com?one
|
||||
#nss_base_aliases ou=Aliases,dc=padl,dc=com?one
|
||||
#nss_base_netgroup ou=Netgroup,dc=padl,dc=com?one
|
||||
|
||||
# attribute/objectclass mapping
|
||||
# Syntax:
|
||||
#nss_map_attribute rfc2307attribute mapped_attribute
|
||||
#nss_map_objectclass rfc2307objectclass mapped_objectclass
|
||||
|
||||
# configure --enable-nds is no longer supported.
|
||||
# NDS mappings
|
||||
#nss_map_attribute uniqueMember member
|
||||
|
||||
# Services for UNIX 3.5 mappings
|
||||
#nss_map_objectclass posixAccount User
|
||||
#nss_map_objectclass shadowAccount User
|
||||
#nss_map_attribute uid msSFU30Name
|
||||
#nss_map_attribute uniqueMember msSFU30PosixMember
|
||||
#nss_map_attribute userPassword msSFU30Password
|
||||
#nss_map_attribute homeDirectory msSFU30HomeDirectory
|
||||
#nss_map_attribute homeDirectory msSFUHomeDirectory
|
||||
#nss_map_objectclass posixGroup Group
|
||||
#pam_login_attribute msSFU30Name
|
||||
#pam_filter objectclass=User
|
||||
#pam_password ad
|
||||
|
||||
# configure --enable-mssfu-schema is no longer supported.
|
||||
# Services for UNIX 2.0 mappings
|
||||
#nss_map_objectclass posixAccount User
|
||||
#nss_map_objectclass shadowAccount user
|
||||
#nss_map_attribute uid msSFUName
|
||||
#nss_map_attribute uniqueMember posixMember
|
||||
#nss_map_attribute userPassword msSFUPassword
|
||||
#nss_map_attribute homeDirectory msSFUHomeDirectory
|
||||
#nss_map_attribute shadowLastChange pwdLastSet
|
||||
#nss_map_objectclass posixGroup Group
|
||||
#nss_map_attribute cn msSFUName
|
||||
#pam_login_attribute msSFUName
|
||||
#pam_filter objectclass=User
|
||||
#pam_password ad
|
||||
|
||||
# RFC 2307 (AD) mappings
|
||||
#nss_map_objectclass posixAccount user
|
||||
#nss_map_objectclass shadowAccount user
|
||||
#nss_map_attribute uid sAMAccountName
|
||||
#nss_map_attribute homeDirectory unixHomeDirectory
|
||||
#nss_map_attribute shadowLastChange pwdLastSet
|
||||
#nss_map_objectclass posixGroup group
|
||||
#nss_map_attribute uniqueMember member
|
||||
#pam_login_attribute sAMAccountName
|
||||
#pam_filter objectclass=User
|
||||
#pam_password ad
|
||||
|
||||
# configure --enable-authpassword is no longer supported
|
||||
# AuthPassword mappings
|
||||
#nss_map_attribute userPassword authPassword
|
||||
|
||||
# AIX SecureWay mappings
|
||||
#nss_map_objectclass posixAccount aixAccount
|
||||
#nss_base_passwd ou=aixaccount,?one
|
||||
#nss_map_attribute uid userName
|
||||
#nss_map_attribute gidNumber gid
|
||||
#nss_map_attribute uidNumber uid
|
||||
#nss_map_attribute userPassword passwordChar
|
||||
#nss_map_objectclass posixGroup aixAccessGroup
|
||||
#nss_base_group ou=aixgroup,?one
|
||||
#nss_map_attribute cn groupName
|
||||
#nss_map_attribute uniqueMember member
|
||||
#pam_login_attribute userName
|
||||
#pam_filter objectclass=aixAccount
|
||||
#pam_password clear
|
||||
|
||||
# For pre-RFC2307bis automount schema
|
||||
#nss_map_objectclass automountMap nisMap
|
||||
#nss_map_attribute automountMapName nisMapName
|
||||
#nss_map_objectclass automount nisObject
|
||||
#nss_map_attribute automountKey cn
|
||||
#nss_map_attribute automountInformation nisMapEntry
|
||||
|
||||
# Netscape SDK LDAPS
|
||||
#ssl on
|
||||
|
||||
# Netscape SDK SSL options
|
||||
#sslpath /etc/ssl/certs
|
||||
|
||||
# OpenLDAP SSL mechanism
|
||||
# start_tls mechanism uses the normal LDAP port, LDAPS typically 636
|
||||
#ssl start_tls
|
||||
#ssl on
|
||||
|
||||
# OpenLDAP SSL options
|
||||
# Require and verify server certificate (yes/no)
|
||||
# Default is to use libldap's default behavior, which can be configured in
|
||||
# /etc/openldap/ldap.conf using the TLS_REQCERT setting. The default for
|
||||
# OpenLDAP 2.0 and earlier is "no", for 2.1 and later is "yes".
|
||||
#tls_checkpeer yes
|
||||
|
||||
# CA certificates for server certificate verification
|
||||
# At least one of these are required if tls_checkpeer is "yes"
|
||||
#tls_cacertfile /etc/ssl/ca.cert
|
||||
#tls_cacertdir /etc/ssl/certs
|
||||
|
||||
# Seed the PRNG if /dev/urandom is not provided
|
||||
#tls_randfile /var/run/egd-pool
|
||||
|
||||
# SSL cipher suite
|
||||
# See man ciphers for syntax
|
||||
#tls_ciphers TLSv1
|
||||
|
||||
# Client certificate and key
|
||||
# Use these, if your server requires client authentication.
|
||||
#tls_cert
|
||||
#tls_key
|
||||
|
||||
# Disable SASL security layers. This is needed for AD.
|
||||
#sasl_secprops maxssf=0
|
||||
|
||||
# Override the default Kerberos ticket cache location.
|
||||
#krb5_ccname FILE:/etc/.ldapcache
|
||||
|
19
jessie_php5/nsswitch.conf
Normal file
19
jessie_php5/nsswitch.conf
Normal file
|
@ -0,0 +1,19 @@
|
|||
# /etc/nsswitch.conf
|
||||
#
|
||||
# Example configuration of GNU Name Service Switch functionality.
|
||||
# If you have the `glibc-doc-reference' and `info' packages installed, try:
|
||||
# `info libc "Name Service Switch"' for information about this file.
|
||||
|
||||
passwd: compat ldap
|
||||
group: compat ldap
|
||||
shadow: compat
|
||||
|
||||
hosts: files dns
|
||||
networks: files
|
||||
|
||||
protocols: db files
|
||||
services: db files
|
||||
ethers: db files
|
||||
rpc: db files
|
||||
|
||||
netgroup: nis
|
10
jessie_php5/start-fpm.sh
Executable file
10
jessie_php5/start-fpm.sh
Executable file
|
@ -0,0 +1,10 @@
|
|||
#!/bin/sh
|
||||
|
||||
set -e
|
||||
|
||||
sed "s/@user@/${FPM_USER}/g; s/@variant@/${FPM_VARIANT}/g" \
|
||||
< /usr/local/etc/fpm-pool.conf.tmpl \
|
||||
> "/etc/php5/fpm/pool.d/${FPM_USER}.conf"
|
||||
|
||||
/etc/init.d/nullmailer start
|
||||
/usr/sbin/php5-fpm --nodaemonize
|
58
run.sh
Executable file
58
run.sh
Executable file
|
@ -0,0 +1,58 @@
|
|||
#!/bin/sh
|
||||
|
||||
set -e
|
||||
valid_users=$(getent passwd | grep ^usr | cut -d : -f 1)
|
||||
|
||||
if [ $# -lt 2 ]; then
|
||||
echo "Usage: $0 <dist> [<variant>] <user>"
|
||||
echo
|
||||
echo "<dist> is one of wheezy, jessie, stretch, buster"
|
||||
echo "<variant> is one of mysql or pgsql"
|
||||
echo "<user> is a user name defined in ldap and on file"
|
||||
echo
|
||||
for u in $valid_users; do echo $u; done | xargs -n 10 echo
|
||||
exit 1
|
||||
fi
|
||||
|
||||
if [ $# -eq 3 ]; then
|
||||
dist=$1
|
||||
username="$3"
|
||||
variant="-$2"
|
||||
else
|
||||
dist=$1
|
||||
username="$2"
|
||||
variant=""
|
||||
fi
|
||||
|
||||
case $dist in
|
||||
wheezy|jessie)
|
||||
image=gnuviech/${dist}_php5${variant}
|
||||
;;
|
||||
stretch|buster)
|
||||
image=gnuviech/${dist}_php7${variant}
|
||||
;;
|
||||
*)
|
||||
echo "Unknown distribution $dist"
|
||||
exit 2
|
||||
esac
|
||||
|
||||
for u in $valid_users; do
|
||||
if [ "$u" = "${username}" ]; then
|
||||
choosen_user=$u
|
||||
fi
|
||||
done
|
||||
|
||||
if [ -z "$choosen_user" ]; then
|
||||
echo "Invalid user ${username}"
|
||||
exit 3
|
||||
fi
|
||||
|
||||
docker run \
|
||||
--volume-driver=nfs --net=host --rm --detach \
|
||||
-v "file/web/$choosen_user:/srv" \
|
||||
-v "/var/run/php-fpm-docker:/var/run/php-fpm-docker" \
|
||||
-v "/var/log/php-fpm-docker:/var/log/php-fpm-docker" \
|
||||
-e "FPM_USER=$choosen_user" \
|
||||
-e "FPM_VARIANT=${dist}${variant}" \
|
||||
--name "${choosen_user}_${dist}${variant}" \
|
||||
"$image"
|
8
stretch_php7/Dockerfile
Normal file
8
stretch_php7/Dockerfile
Normal file
|
@ -0,0 +1,8 @@
|
|||
FROM gnuviech/stretch_php7-base:latest
|
||||
LABEL maintainer="jan@dittberner.info"
|
||||
|
||||
COPY start-fpm.sh /usr/local/sbin
|
||||
COPY fpm-pool.conf.tmpl /usr/local/etc
|
||||
|
||||
ENTRYPOINT ["/usr/bin/dumb-init", "--"]
|
||||
CMD ["/usr/local/sbin/start-fpm.sh"]
|
32
stretch_php7/Dockerfile-base
Normal file
32
stretch_php7/Dockerfile-base
Normal file
|
@ -0,0 +1,32 @@
|
|||
FROM debian:stretch
|
||||
LABEL maintainer="jan@dittberner.info"
|
||||
VOLUME /srv
|
||||
|
||||
RUN apt-get update \
|
||||
&& DEBIAN_FRONTEND=noninteractive \
|
||||
apt-get install -y --no-install-recommends \
|
||||
dumb-init \
|
||||
libnss-ldap \
|
||||
nullmailer \
|
||||
php-curl \
|
||||
php-fpm \
|
||||
php-gd \
|
||||
php-imagick \
|
||||
php-imap \
|
||||
php-json \
|
||||
php-mail \
|
||||
php-mail-mime \
|
||||
php-mbstring \
|
||||
php-mcrypt \
|
||||
php-net-smtp \
|
||||
php-net-socket \
|
||||
php-opcache \
|
||||
php-pspell \
|
||||
php-sqlite3 \
|
||||
psmisc \
|
||||
&& apt-get clean \
|
||||
&& rm -rf /var/lib/apt/lists/*.*
|
||||
|
||||
ADD --chown=root:root nsswitch.conf libnss-ldap.conf /etc/
|
||||
|
||||
RUN rm -f /etc/php/7.0/fpm/pool.d/www.conf
|
15
stretch_php7/Dockerfile-mysql
Normal file
15
stretch_php7/Dockerfile-mysql
Normal file
|
@ -0,0 +1,15 @@
|
|||
FROM gnuviech/stretch_php7-base:latest
|
||||
LABEL maintainer="jan@dittberner.info"
|
||||
|
||||
RUN apt-get update \
|
||||
&& DEBIAN_FRONTEND=noninteractive \
|
||||
apt-get install -y --no-install-recommends \
|
||||
php-mysql \
|
||||
&& apt-get clean \
|
||||
&& rm -rf /var/lib/apt/lists/*.*
|
||||
|
||||
COPY start-fpm.sh /usr/local/sbin
|
||||
COPY fpm-pool.conf.tmpl /usr/local/etc
|
||||
|
||||
ENTRYPOINT ["/usr/bin/dumb-init", "--"]
|
||||
CMD ["/usr/local/sbin/start-fpm.sh"]
|
15
stretch_php7/Dockerfile-pgsql
Normal file
15
stretch_php7/Dockerfile-pgsql
Normal file
|
@ -0,0 +1,15 @@
|
|||
FROM gnuviech/stretch_php7-base:latest
|
||||
LABEL maintainer="jan@dittberner.info"
|
||||
|
||||
RUN apt-get update \
|
||||
&& DEBIAN_FRONTEND=noninteractive \
|
||||
apt-get install -y --no-install-recommends \
|
||||
php-pgsql \
|
||||
&& apt-get clean \
|
||||
&& rm -rf /var/lib/apt/lists/*.*
|
||||
|
||||
COPY start-fpm.sh /usr/local/sbin
|
||||
COPY fpm-pool.conf.tmpl /usr/local/etc
|
||||
|
||||
ENTRYPOINT ["/usr/bin/dumb-init", "--"]
|
||||
CMD ["/usr/local/sbin/start-fpm.sh"]
|
15
stretch_php7/fpm-pool.conf.tmpl
Normal file
15
stretch_php7/fpm-pool.conf.tmpl
Normal file
|
@ -0,0 +1,15 @@
|
|||
[@user@]
|
||||
user = @user@
|
||||
group = @user@
|
||||
listen = /var/run/php-fpm-docker/@user@-@variant@.sock
|
||||
listen.owner = www-data
|
||||
listen.group = www-data
|
||||
pm = dynamic
|
||||
pm.max_children = 20
|
||||
pm.start_servers = 2
|
||||
pm.min_spare_servers = 1
|
||||
pm.max_spare_servers = 3
|
||||
pm.max_requests = 1000
|
||||
chdir = /
|
||||
request_slowlog_timeout = 10s
|
||||
slowlog = /var/log/php-fpm-docker/@user@-@variant@.slow.log
|
323
stretch_php7/libnss-ldap.conf
Normal file
323
stretch_php7/libnss-ldap.conf
Normal file
|
@ -0,0 +1,323 @@
|
|||
###DEBCONF###
|
||||
# the configuration of this file will be done by debconf as long as the
|
||||
# first line of the file says '###DEBCONF###'
|
||||
#
|
||||
# you should use dpkg-reconfigure libnss-ldap to configure this file.
|
||||
#
|
||||
# @(#)$Id: ldap.conf,v 2.48 2008/07/03 02:30:29 lukeh Exp $
|
||||
#
|
||||
# This is the configuration file for the LDAP nameservice
|
||||
# switch library and the LDAP PAM module.
|
||||
#
|
||||
# PADL Software
|
||||
# http://www.padl.com
|
||||
#
|
||||
|
||||
# Your LDAP server. Must be resolvable without using LDAP.
|
||||
# Multiple hosts may be specified, each separated by a
|
||||
# space. How long nss_ldap takes to failover depends on
|
||||
# whether your LDAP client library supports configurable
|
||||
# network or connect timeouts (see bind_timelimit).
|
||||
#host 127.0.0.1
|
||||
|
||||
# The distinguished name of the search base.
|
||||
base dc=gnuviech,dc=internal
|
||||
|
||||
# Another way to specify your LDAP server is to provide an
|
||||
uri ldap://10.0.0.11/
|
||||
# Unix Domain Sockets to connect to a local LDAP Server.
|
||||
#uri ldap://127.0.0.1/
|
||||
#uri ldaps://127.0.0.1/
|
||||
#uri ldapi://%2fvar%2frun%2fldapi_sock/
|
||||
# Note: %2f encodes the '/' used as directory separator
|
||||
|
||||
# The LDAP version to use (defaults to 3
|
||||
# if supported by client library)
|
||||
ldap_version 3
|
||||
|
||||
# The distinguished name to bind to the server with.
|
||||
# Optional: default is to bind anonymously.
|
||||
# Please do not put double quotes around it as they
|
||||
# would be included literally.
|
||||
#binddn cn=proxyuser,dc=padl,dc=com
|
||||
|
||||
# The credentials to bind with.
|
||||
# Optional: default is no credential.
|
||||
#bindpw secret
|
||||
|
||||
# The distinguished name to bind to the server with
|
||||
# if the effective user ID is root. Password is
|
||||
# stored in /etc/libnss-ldap.secret (mode 600)
|
||||
# Use 'echo -n "mypassword" > /etc/libnss-ldap.secret' instead
|
||||
# of an editor to create the file.
|
||||
#rootbinddn cn=manager,dc=example,dc=net
|
||||
|
||||
# The port.
|
||||
# Optional: default is 389.
|
||||
#port 389
|
||||
|
||||
# The search scope.
|
||||
#scope sub
|
||||
#scope one
|
||||
#scope base
|
||||
|
||||
# Search timelimit
|
||||
#timelimit 30
|
||||
|
||||
# Bind/connect timelimit
|
||||
#bind_timelimit 30
|
||||
|
||||
# Reconnect policy:
|
||||
# hard_open: reconnect to DSA with exponential backoff if
|
||||
# opening connection failed
|
||||
# hard_init: reconnect to DSA with exponential backoff if
|
||||
# initializing connection failed
|
||||
# hard: alias for hard_open
|
||||
# soft: return immediately on server failure
|
||||
#bind_policy hard
|
||||
|
||||
# Connection policy:
|
||||
# persist: DSA connections are kept open (default)
|
||||
# oneshot: DSA connections destroyed after request
|
||||
#nss_connect_policy persist
|
||||
|
||||
# Idle timelimit; client will close connections
|
||||
# (nss_ldap only) if the server has not been contacted
|
||||
# for the number of seconds specified below.
|
||||
#idle_timelimit 3600
|
||||
|
||||
# Use paged rseults
|
||||
#nss_paged_results yes
|
||||
|
||||
# Pagesize: when paged results enable, used to set the
|
||||
# pagesize to a custom value
|
||||
#pagesize 1000
|
||||
|
||||
# Filter to AND with uid=%s
|
||||
#pam_filter objectclass=account
|
||||
|
||||
# The user ID attribute (defaults to uid)
|
||||
#pam_login_attribute uid
|
||||
|
||||
# Search the root DSE for the password policy (works
|
||||
# with Netscape Directory Server)
|
||||
#pam_lookup_policy yes
|
||||
|
||||
# Check the 'host' attribute for access control
|
||||
# Default is no; if set to yes, and user has no
|
||||
# value for the host attribute, and pam_ldap is
|
||||
# configured for account management (authorization)
|
||||
# then the user will not be allowed to login.
|
||||
#pam_check_host_attr yes
|
||||
|
||||
# Check the 'authorizedService' attribute for access
|
||||
# control
|
||||
# Default is no; if set to yes, and the user has no
|
||||
# value for the authorizedService attribute, and
|
||||
# pam_ldap is configured for account management
|
||||
# (authorization) then the user will not be allowed
|
||||
# to login.
|
||||
#pam_check_service_attr yes
|
||||
|
||||
# Group to enforce membership of
|
||||
#pam_groupdn cn=PAM,ou=Groups,dc=padl,dc=com
|
||||
|
||||
# Group member attribute
|
||||
#pam_member_attribute uniquemember
|
||||
|
||||
# Specify a minium or maximum UID number allowed
|
||||
#pam_min_uid 0
|
||||
#pam_max_uid 0
|
||||
|
||||
# Template login attribute, default template user
|
||||
# (can be overriden by value of former attribute
|
||||
# in user's entry)
|
||||
#pam_login_attribute userPrincipalName
|
||||
#pam_template_login_attribute uid
|
||||
#pam_template_login nobody
|
||||
|
||||
# HEADS UP: the pam_crypt, pam_nds_passwd,
|
||||
# and pam_ad_passwd options are no
|
||||
# longer supported.
|
||||
#
|
||||
# Do not hash the password at all; presume
|
||||
# the directory server will do it, if
|
||||
# necessary. This is the default.
|
||||
#pam_password clear
|
||||
|
||||
# Hash password locally; required for University of
|
||||
# Michigan LDAP server, and works with Netscape
|
||||
# Directory Server if you're using the UNIX-Crypt
|
||||
# hash mechanism and not using the NT Synchronization
|
||||
# service.
|
||||
#pam_password crypt
|
||||
|
||||
# Remove old password first, then update in
|
||||
# cleartext. Necessary for use with Novell
|
||||
# Directory Services (NDS)
|
||||
#pam_password nds
|
||||
|
||||
# RACF is an alias for the above. For use with
|
||||
# IBM RACF
|
||||
#pam_password racf
|
||||
|
||||
# Update Active Directory password, by
|
||||
# creating Unicode password and updating
|
||||
# unicodePwd attribute.
|
||||
#pam_password ad
|
||||
|
||||
# Use the OpenLDAP password change
|
||||
# extended operation to update the password.
|
||||
#pam_password exop
|
||||
|
||||
# Redirect users to a URL or somesuch on password
|
||||
# changes.
|
||||
#pam_password_prohibit_message Please visit http://internal to change your password.
|
||||
|
||||
# Use backlinks for answering initgroups()
|
||||
#nss_initgroups backlink
|
||||
|
||||
# Enable support for RFC2307bis (distinguished names in group
|
||||
# members)
|
||||
#nss_schema rfc2307bis
|
||||
|
||||
# RFC2307bis naming contexts
|
||||
# Syntax:
|
||||
# nss_base_XXX base?scope?filter
|
||||
# where scope is {base,one,sub}
|
||||
# and filter is a filter to be &'d with the
|
||||
# default filter.
|
||||
# You can omit the suffix eg:
|
||||
# nss_base_passwd ou=People,
|
||||
# to append the default base DN but this
|
||||
# may incur a small performance impact.
|
||||
#nss_base_passwd ou=People,dc=padl,dc=com?one
|
||||
#nss_base_shadow ou=People,dc=padl,dc=com?one
|
||||
#nss_base_group ou=Group,dc=padl,dc=com?one
|
||||
#nss_base_hosts ou=Hosts,dc=padl,dc=com?one
|
||||
#nss_base_services ou=Services,dc=padl,dc=com?one
|
||||
#nss_base_networks ou=Networks,dc=padl,dc=com?one
|
||||
#nss_base_protocols ou=Protocols,dc=padl,dc=com?one
|
||||
#nss_base_rpc ou=Rpc,dc=padl,dc=com?one
|
||||
#nss_base_ethers ou=Ethers,dc=padl,dc=com?one
|
||||
#nss_base_netmasks ou=Networks,dc=padl,dc=com?ne
|
||||
#nss_base_bootparams ou=Ethers,dc=padl,dc=com?one
|
||||
#nss_base_aliases ou=Aliases,dc=padl,dc=com?one
|
||||
#nss_base_netgroup ou=Netgroup,dc=padl,dc=com?one
|
||||
|
||||
# attribute/objectclass mapping
|
||||
# Syntax:
|
||||
#nss_map_attribute rfc2307attribute mapped_attribute
|
||||
#nss_map_objectclass rfc2307objectclass mapped_objectclass
|
||||
|
||||
# configure --enable-nds is no longer supported.
|
||||
# NDS mappings
|
||||
#nss_map_attribute uniqueMember member
|
||||
|
||||
# Services for UNIX 3.5 mappings
|
||||
#nss_map_objectclass posixAccount User
|
||||
#nss_map_objectclass shadowAccount User
|
||||
#nss_map_attribute uid msSFU30Name
|
||||
#nss_map_attribute uniqueMember msSFU30PosixMember
|
||||
#nss_map_attribute userPassword msSFU30Password
|
||||
#nss_map_attribute homeDirectory msSFU30HomeDirectory
|
||||
#nss_map_attribute homeDirectory msSFUHomeDirectory
|
||||
#nss_map_objectclass posixGroup Group
|
||||
#pam_login_attribute msSFU30Name
|
||||
#pam_filter objectclass=User
|
||||
#pam_password ad
|
||||
|
||||
# configure --enable-mssfu-schema is no longer supported.
|
||||
# Services for UNIX 2.0 mappings
|
||||
#nss_map_objectclass posixAccount User
|
||||
#nss_map_objectclass shadowAccount user
|
||||
#nss_map_attribute uid msSFUName
|
||||
#nss_map_attribute uniqueMember posixMember
|
||||
#nss_map_attribute userPassword msSFUPassword
|
||||
#nss_map_attribute homeDirectory msSFUHomeDirectory
|
||||
#nss_map_attribute shadowLastChange pwdLastSet
|
||||
#nss_map_objectclass posixGroup Group
|
||||
#nss_map_attribute cn msSFUName
|
||||
#pam_login_attribute msSFUName
|
||||
#pam_filter objectclass=User
|
||||
#pam_password ad
|
||||
|
||||
# RFC 2307 (AD) mappings
|
||||
#nss_map_objectclass posixAccount user
|
||||
#nss_map_objectclass shadowAccount user
|
||||
#nss_map_attribute uid sAMAccountName
|
||||
#nss_map_attribute homeDirectory unixHomeDirectory
|
||||
#nss_map_attribute shadowLastChange pwdLastSet
|
||||
#nss_map_objectclass posixGroup group
|
||||
#nss_map_attribute uniqueMember member
|
||||
#pam_login_attribute sAMAccountName
|
||||
#pam_filter objectclass=User
|
||||
#pam_password ad
|
||||
|
||||
# configure --enable-authpassword is no longer supported
|
||||
# AuthPassword mappings
|
||||
#nss_map_attribute userPassword authPassword
|
||||
|
||||
# AIX SecureWay mappings
|
||||
#nss_map_objectclass posixAccount aixAccount
|
||||
#nss_base_passwd ou=aixaccount,?one
|
||||
#nss_map_attribute uid userName
|
||||
#nss_map_attribute gidNumber gid
|
||||
#nss_map_attribute uidNumber uid
|
||||
#nss_map_attribute userPassword passwordChar
|
||||
#nss_map_objectclass posixGroup aixAccessGroup
|
||||
#nss_base_group ou=aixgroup,?one
|
||||
#nss_map_attribute cn groupName
|
||||
#nss_map_attribute uniqueMember member
|
||||
#pam_login_attribute userName
|
||||
#pam_filter objectclass=aixAccount
|
||||
#pam_password clear
|
||||
|
||||
# For pre-RFC2307bis automount schema
|
||||
#nss_map_objectclass automountMap nisMap
|
||||
#nss_map_attribute automountMapName nisMapName
|
||||
#nss_map_objectclass automount nisObject
|
||||
#nss_map_attribute automountKey cn
|
||||
#nss_map_attribute automountInformation nisMapEntry
|
||||
|
||||
# Netscape SDK LDAPS
|
||||
#ssl on
|
||||
|
||||
# Netscape SDK SSL options
|
||||
#sslpath /etc/ssl/certs
|
||||
|
||||
# OpenLDAP SSL mechanism
|
||||
# start_tls mechanism uses the normal LDAP port, LDAPS typically 636
|
||||
#ssl start_tls
|
||||
#ssl on
|
||||
|
||||
# OpenLDAP SSL options
|
||||
# Require and verify server certificate (yes/no)
|
||||
# Default is to use libldap's default behavior, which can be configured in
|
||||
# /etc/openldap/ldap.conf using the TLS_REQCERT setting. The default for
|
||||
# OpenLDAP 2.0 and earlier is "no", for 2.1 and later is "yes".
|
||||
#tls_checkpeer yes
|
||||
|
||||
# CA certificates for server certificate verification
|
||||
# At least one of these are required if tls_checkpeer is "yes"
|
||||
#tls_cacertfile /etc/ssl/ca.cert
|
||||
#tls_cacertdir /etc/ssl/certs
|
||||
|
||||
# Seed the PRNG if /dev/urandom is not provided
|
||||
#tls_randfile /var/run/egd-pool
|
||||
|
||||
# SSL cipher suite
|
||||
# See man ciphers for syntax
|
||||
#tls_ciphers TLSv1
|
||||
|
||||
# Client certificate and key
|
||||
# Use these, if your server requires client authentication.
|
||||
#tls_cert
|
||||
#tls_key
|
||||
|
||||
# Disable SASL security layers. This is needed for AD.
|
||||
#sasl_secprops maxssf=0
|
||||
|
||||
# Override the default Kerberos ticket cache location.
|
||||
#krb5_ccname FILE:/etc/.ldapcache
|
||||
|
19
stretch_php7/nsswitch.conf
Normal file
19
stretch_php7/nsswitch.conf
Normal file
|
@ -0,0 +1,19 @@
|
|||
# /etc/nsswitch.conf
|
||||
#
|
||||
# Example configuration of GNU Name Service Switch functionality.
|
||||
# If you have the `glibc-doc-reference' and `info' packages installed, try:
|
||||
# `info libc "Name Service Switch"' for information about this file.
|
||||
|
||||
passwd: compat ldap
|
||||
group: compat ldap
|
||||
shadow: compat
|
||||
|
||||
hosts: files dns
|
||||
networks: files
|
||||
|
||||
protocols: db files
|
||||
services: db files
|
||||
ethers: db files
|
||||
rpc: db files
|
||||
|
||||
netgroup: nis
|
11
stretch_php7/start-fpm.sh
Executable file
11
stretch_php7/start-fpm.sh
Executable file
|
@ -0,0 +1,11 @@
|
|||
#!/bin/sh
|
||||
|
||||
set -e
|
||||
|
||||
sed "s/@user@/${FPM_USER}/g; s/@variant@/${FPM_VARIANT}/g" \
|
||||
< /usr/local/etc/fpm-pool.conf.tmpl \
|
||||
> "/etc/php/7.0/fpm/pool.d/${FPM_USER}.conf"
|
||||
|
||||
/etc/init.d/nullmailer start
|
||||
mkdir -p /run/php
|
||||
/usr/sbin/php-fpm7.0 --nodaemonize
|
8
wheezy_php5/Dockerfile
Normal file
8
wheezy_php5/Dockerfile
Normal file
|
@ -0,0 +1,8 @@
|
|||
FROM gnuviech/wheezy_php5-base:latest
|
||||
LABEL maintainer="jan@dittberner.info"
|
||||
|
||||
COPY start-fpm.sh /usr/local/sbin
|
||||
COPY fpm-pool.conf.tmpl /usr/local/etc
|
||||
|
||||
ENTRYPOINT ["/usr/bin/dumb-init", "--"]
|
||||
CMD ["/usr/local/sbin/start-fpm.sh"]
|
39
wheezy_php5/Dockerfile-base
Normal file
39
wheezy_php5/Dockerfile-base
Normal file
|
@ -0,0 +1,39 @@
|
|||
FROM debian:wheezy
|
||||
LABEL maintainer="jan@dittberner.info"
|
||||
VOLUME /srv
|
||||
|
||||
RUN apt-get update \
|
||||
&& DEBIAN_FRONTEND=noninteractive \
|
||||
apt-get install -y --no-install-recommends \
|
||||
ca-certificates \
|
||||
curl \
|
||||
libnss-ldap \
|
||||
libphp-adodb \
|
||||
nullmailer \
|
||||
php-apc \
|
||||
php-mail-mime \
|
||||
php-mail-mimedecode \
|
||||
php-net-smtp \
|
||||
php-net-socket \
|
||||
php5-adodb \
|
||||
php5-curl \
|
||||
php5-fpm \
|
||||
php5-gd \
|
||||
php5-gmp \
|
||||
php5-imap \
|
||||
php5-intl \
|
||||
php5-mcrypt \
|
||||
php5-pspell \
|
||||
php5-sqlite \
|
||||
php5-xmlrpc \
|
||||
procps \
|
||||
&& apt-get clean \
|
||||
&& rm -rf /var/lib/apt/lists/*.*
|
||||
|
||||
RUN curl -o dumb-init_1.2.2.deb -L https://github.com/Yelp/dumb-init/releases/download/v1.2.2/dumb-init_1.2.2_amd64.deb && \
|
||||
dpkg -i dumb-init_1.2.2.deb && \
|
||||
rm -f dumb-init_1.2.2.deb
|
||||
|
||||
ADD --chown=root:root nsswitch.conf libnss-ldap.conf /etc/
|
||||
|
||||
RUN rm -f /etc/php5/fpm/pool.d/www.conf
|
15
wheezy_php5/Dockerfile-mysql
Normal file
15
wheezy_php5/Dockerfile-mysql
Normal file
|
@ -0,0 +1,15 @@
|
|||
FROM gnuviech/wheezy_php5-base:latest
|
||||
LABEL maintainer="jan@dittberner.info"
|
||||
|
||||
RUN apt-get update \
|
||||
&& DEBIAN_FRONTEND=noninteractive \
|
||||
apt-get install -y --no-install-recommends \
|
||||
php5-mysql \
|
||||
&& apt-get clean \
|
||||
&& rm -rf /var/lib/apt/lists/*.*
|
||||
|
||||
COPY start-fpm.sh /usr/local/sbin
|
||||
COPY fpm-pool.conf.tmpl /usr/local/etc
|
||||
|
||||
ENTRYPOINT ["/usr/bin/dumb-init", "--"]
|
||||
CMD ["/usr/local/sbin/start-fpm.sh"]
|
15
wheezy_php5/Dockerfile-pgsql
Normal file
15
wheezy_php5/Dockerfile-pgsql
Normal file
|
@ -0,0 +1,15 @@
|
|||
FROM gnuviech/wheezy_php5-base:latest
|
||||
LABEL maintainer="jan@dittberner.info"
|
||||
|
||||
RUN apt-get update \
|
||||
&& DEBIAN_FRONTEND=noninteractive \
|
||||
apt-get install -y --no-install-recommends \
|
||||
php5-pgsql \
|
||||
&& apt-get clean \
|
||||
&& rm -rf /var/lib/apt/lists/*.*
|
||||
|
||||
COPY start-fpm.sh /usr/local/sbin
|
||||
COPY fpm-pool.conf.tmpl /usr/local/etc
|
||||
|
||||
ENTRYPOINT ["/usr/bin/dumb-init", "--"]
|
||||
CMD ["/usr/local/sbin/start-fpm.sh"]
|
15
wheezy_php5/fpm-pool.conf.tmpl
Normal file
15
wheezy_php5/fpm-pool.conf.tmpl
Normal file
|
@ -0,0 +1,15 @@
|
|||
[@user@]
|
||||
user = @user@
|
||||
group = @user@
|
||||
listen = /var/run/php-fpm-docker/@user@-@variant@.sock
|
||||
listen.owner = www-data
|
||||
listen.group = www-data
|
||||
pm = dynamic
|
||||
pm.max_children = 20
|
||||
pm.start_servers = 2
|
||||
pm.min_spare_servers = 1
|
||||
pm.max_spare_servers = 3
|
||||
pm.max_requests = 1000
|
||||
chdir = /
|
||||
request_slowlog_timeout = 10s
|
||||
slowlog = /var/log/php-fpm-docker/@user@-@variant@.slow.log
|
323
wheezy_php5/libnss-ldap.conf
Normal file
323
wheezy_php5/libnss-ldap.conf
Normal file
|
@ -0,0 +1,323 @@
|
|||
###DEBCONF###
|
||||
# the configuration of this file will be done by debconf as long as the
|
||||
# first line of the file says '###DEBCONF###'
|
||||
#
|
||||
# you should use dpkg-reconfigure libnss-ldap to configure this file.
|
||||
#
|
||||
# @(#)$Id: ldap.conf,v 2.48 2008/07/03 02:30:29 lukeh Exp $
|
||||
#
|
||||
# This is the configuration file for the LDAP nameservice
|
||||
# switch library and the LDAP PAM module.
|
||||
#
|
||||
# PADL Software
|
||||
# http://www.padl.com
|
||||
#
|
||||
|
||||
# Your LDAP server. Must be resolvable without using LDAP.
|
||||
# Multiple hosts may be specified, each separated by a
|
||||
# space. How long nss_ldap takes to failover depends on
|
||||
# whether your LDAP client library supports configurable
|
||||
# network or connect timeouts (see bind_timelimit).
|
||||
#host 127.0.0.1
|
||||
|
||||
# The distinguished name of the search base.
|
||||
base dc=gnuviech,dc=internal
|
||||
|
||||
# Another way to specify your LDAP server is to provide an
|
||||
uri ldap://10.0.0.11/
|
||||
# Unix Domain Sockets to connect to a local LDAP Server.
|
||||
#uri ldap://127.0.0.1/
|
||||
#uri ldaps://127.0.0.1/
|
||||
#uri ldapi://%2fvar%2frun%2fldapi_sock/
|
||||
# Note: %2f encodes the '/' used as directory separator
|
||||
|
||||
# The LDAP version to use (defaults to 3
|
||||
# if supported by client library)
|
||||
ldap_version 3
|
||||
|
||||
# The distinguished name to bind to the server with.
|
||||
# Optional: default is to bind anonymously.
|
||||
# Please do not put double quotes around it as they
|
||||
# would be included literally.
|
||||
#binddn cn=proxyuser,dc=padl,dc=com
|
||||
|
||||
# The credentials to bind with.
|
||||
# Optional: default is no credential.
|
||||
#bindpw secret
|
||||
|
||||
# The distinguished name to bind to the server with
|
||||
# if the effective user ID is root. Password is
|
||||
# stored in /etc/libnss-ldap.secret (mode 600)
|
||||
# Use 'echo -n "mypassword" > /etc/libnss-ldap.secret' instead
|
||||
# of an editor to create the file.
|
||||
#rootbinddn cn=manager,dc=example,dc=net
|
||||
|
||||
# The port.
|
||||
# Optional: default is 389.
|
||||
#port 389
|
||||
|
||||
# The search scope.
|
||||
#scope sub
|
||||
#scope one
|
||||
#scope base
|
||||
|
||||
# Search timelimit
|
||||
#timelimit 30
|
||||
|
||||
# Bind/connect timelimit
|
||||
#bind_timelimit 30
|
||||
|
||||
# Reconnect policy:
|
||||
# hard_open: reconnect to DSA with exponential backoff if
|
||||
# opening connection failed
|
||||
# hard_init: reconnect to DSA with exponential backoff if
|
||||
# initializing connection failed
|
||||
# hard: alias for hard_open
|
||||
# soft: return immediately on server failure
|
||||
#bind_policy hard
|
||||
|
||||
# Connection policy:
|
||||
# persist: DSA connections are kept open (default)
|
||||
# oneshot: DSA connections destroyed after request
|
||||
#nss_connect_policy persist
|
||||
|
||||
# Idle timelimit; client will close connections
|
||||
# (nss_ldap only) if the server has not been contacted
|
||||
# for the number of seconds specified below.
|
||||
#idle_timelimit 3600
|
||||
|
||||
# Use paged rseults
|
||||
#nss_paged_results yes
|
||||
|
||||
# Pagesize: when paged results enable, used to set the
|
||||
# pagesize to a custom value
|
||||
#pagesize 1000
|
||||
|
||||
# Filter to AND with uid=%s
|
||||
#pam_filter objectclass=account
|
||||
|
||||
# The user ID attribute (defaults to uid)
|
||||
#pam_login_attribute uid
|
||||
|
||||
# Search the root DSE for the password policy (works
|
||||
# with Netscape Directory Server)
|
||||
#pam_lookup_policy yes
|
||||
|
||||
# Check the 'host' attribute for access control
|
||||
# Default is no; if set to yes, and user has no
|
||||
# value for the host attribute, and pam_ldap is
|
||||
# configured for account management (authorization)
|
||||
# then the user will not be allowed to login.
|
||||
#pam_check_host_attr yes
|
||||
|
||||
# Check the 'authorizedService' attribute for access
|
||||
# control
|
||||
# Default is no; if set to yes, and the user has no
|
||||
# value for the authorizedService attribute, and
|
||||
# pam_ldap is configured for account management
|
||||
# (authorization) then the user will not be allowed
|
||||
# to login.
|
||||
#pam_check_service_attr yes
|
||||
|
||||
# Group to enforce membership of
|
||||
#pam_groupdn cn=PAM,ou=Groups,dc=padl,dc=com
|
||||
|
||||
# Group member attribute
|
||||
#pam_member_attribute uniquemember
|
||||
|
||||
# Specify a minium or maximum UID number allowed
|
||||
#pam_min_uid 0
|
||||
#pam_max_uid 0
|
||||
|
||||
# Template login attribute, default template user
|
||||
# (can be overriden by value of former attribute
|
||||
# in user's entry)
|
||||
#pam_login_attribute userPrincipalName
|
||||
#pam_template_login_attribute uid
|
||||
#pam_template_login nobody
|
||||
|
||||
# HEADS UP: the pam_crypt, pam_nds_passwd,
|
||||
# and pam_ad_passwd options are no
|
||||
# longer supported.
|
||||
#
|
||||
# Do not hash the password at all; presume
|
||||
# the directory server will do it, if
|
||||
# necessary. This is the default.
|
||||
#pam_password clear
|
||||
|
||||
# Hash password locally; required for University of
|
||||
# Michigan LDAP server, and works with Netscape
|
||||
# Directory Server if you're using the UNIX-Crypt
|
||||
# hash mechanism and not using the NT Synchronization
|
||||
# service.
|
||||
#pam_password crypt
|
||||
|
||||
# Remove old password first, then update in
|
||||
# cleartext. Necessary for use with Novell
|
||||
# Directory Services (NDS)
|
||||
#pam_password nds
|
||||
|
||||
# RACF is an alias for the above. For use with
|
||||
# IBM RACF
|
||||
#pam_password racf
|
||||
|
||||
# Update Active Directory password, by
|
||||
# creating Unicode password and updating
|
||||
# unicodePwd attribute.
|
||||
#pam_password ad
|
||||
|
||||
# Use the OpenLDAP password change
|
||||
# extended operation to update the password.
|
||||
#pam_password exop
|
||||
|
||||
# Redirect users to a URL or somesuch on password
|
||||
# changes.
|
||||
#pam_password_prohibit_message Please visit http://internal to change your password.
|
||||
|
||||
# Use backlinks for answering initgroups()
|
||||
#nss_initgroups backlink
|
||||
|
||||
# Enable support for RFC2307bis (distinguished names in group
|
||||
# members)
|
||||
#nss_schema rfc2307bis
|
||||
|
||||
# RFC2307bis naming contexts
|
||||
# Syntax:
|
||||
# nss_base_XXX base?scope?filter
|
||||
# where scope is {base,one,sub}
|
||||
# and filter is a filter to be &'d with the
|
||||
# default filter.
|
||||
# You can omit the suffix eg:
|
||||
# nss_base_passwd ou=People,
|
||||
# to append the default base DN but this
|
||||
# may incur a small performance impact.
|
||||
#nss_base_passwd ou=People,dc=padl,dc=com?one
|
||||
#nss_base_shadow ou=People,dc=padl,dc=com?one
|
||||
#nss_base_group ou=Group,dc=padl,dc=com?one
|
||||
#nss_base_hosts ou=Hosts,dc=padl,dc=com?one
|
||||
#nss_base_services ou=Services,dc=padl,dc=com?one
|
||||
#nss_base_networks ou=Networks,dc=padl,dc=com?one
|
||||
#nss_base_protocols ou=Protocols,dc=padl,dc=com?one
|
||||
#nss_base_rpc ou=Rpc,dc=padl,dc=com?one
|
||||
#nss_base_ethers ou=Ethers,dc=padl,dc=com?one
|
||||
#nss_base_netmasks ou=Networks,dc=padl,dc=com?ne
|
||||
#nss_base_bootparams ou=Ethers,dc=padl,dc=com?one
|
||||
#nss_base_aliases ou=Aliases,dc=padl,dc=com?one
|
||||
#nss_base_netgroup ou=Netgroup,dc=padl,dc=com?one
|
||||
|
||||
# attribute/objectclass mapping
|
||||
# Syntax:
|
||||
#nss_map_attribute rfc2307attribute mapped_attribute
|
||||
#nss_map_objectclass rfc2307objectclass mapped_objectclass
|
||||
|
||||
# configure --enable-nds is no longer supported.
|
||||
# NDS mappings
|
||||
#nss_map_attribute uniqueMember member
|
||||
|
||||
# Services for UNIX 3.5 mappings
|
||||
#nss_map_objectclass posixAccount User
|
||||
#nss_map_objectclass shadowAccount User
|
||||
#nss_map_attribute uid msSFU30Name
|
||||
#nss_map_attribute uniqueMember msSFU30PosixMember
|
||||
#nss_map_attribute userPassword msSFU30Password
|
||||
#nss_map_attribute homeDirectory msSFU30HomeDirectory
|
||||
#nss_map_attribute homeDirectory msSFUHomeDirectory
|
||||
#nss_map_objectclass posixGroup Group
|
||||
#pam_login_attribute msSFU30Name
|
||||
#pam_filter objectclass=User
|
||||
#pam_password ad
|
||||
|
||||
# configure --enable-mssfu-schema is no longer supported.
|
||||
# Services for UNIX 2.0 mappings
|
||||
#nss_map_objectclass posixAccount User
|
||||
#nss_map_objectclass shadowAccount user
|
||||
#nss_map_attribute uid msSFUName
|
||||
#nss_map_attribute uniqueMember posixMember
|
||||
#nss_map_attribute userPassword msSFUPassword
|
||||
#nss_map_attribute homeDirectory msSFUHomeDirectory
|
||||
#nss_map_attribute shadowLastChange pwdLastSet
|
||||
#nss_map_objectclass posixGroup Group
|
||||
#nss_map_attribute cn msSFUName
|
||||
#pam_login_attribute msSFUName
|
||||
#pam_filter objectclass=User
|
||||
#pam_password ad
|
||||
|
||||
# RFC 2307 (AD) mappings
|
||||
#nss_map_objectclass posixAccount user
|
||||
#nss_map_objectclass shadowAccount user
|
||||
#nss_map_attribute uid sAMAccountName
|
||||
#nss_map_attribute homeDirectory unixHomeDirectory
|
||||
#nss_map_attribute shadowLastChange pwdLastSet
|
||||
#nss_map_objectclass posixGroup group
|
||||
#nss_map_attribute uniqueMember member
|
||||
#pam_login_attribute sAMAccountName
|
||||
#pam_filter objectclass=User
|
||||
#pam_password ad
|
||||
|
||||
# configure --enable-authpassword is no longer supported
|
||||
# AuthPassword mappings
|
||||
#nss_map_attribute userPassword authPassword
|
||||
|
||||
# AIX SecureWay mappings
|
||||
#nss_map_objectclass posixAccount aixAccount
|
||||
#nss_base_passwd ou=aixaccount,?one
|
||||
#nss_map_attribute uid userName
|
||||
#nss_map_attribute gidNumber gid
|
||||
#nss_map_attribute uidNumber uid
|
||||
#nss_map_attribute userPassword passwordChar
|
||||
#nss_map_objectclass posixGroup aixAccessGroup
|
||||
#nss_base_group ou=aixgroup,?one
|
||||
#nss_map_attribute cn groupName
|
||||
#nss_map_attribute uniqueMember member
|
||||
#pam_login_attribute userName
|
||||
#pam_filter objectclass=aixAccount
|
||||
#pam_password clear
|
||||
|
||||
# For pre-RFC2307bis automount schema
|
||||
#nss_map_objectclass automountMap nisMap
|
||||
#nss_map_attribute automountMapName nisMapName
|
||||
#nss_map_objectclass automount nisObject
|
||||
#nss_map_attribute automountKey cn
|
||||
#nss_map_attribute automountInformation nisMapEntry
|
||||
|
||||
# Netscape SDK LDAPS
|
||||
#ssl on
|
||||
|
||||
# Netscape SDK SSL options
|
||||
#sslpath /etc/ssl/certs
|
||||
|
||||
# OpenLDAP SSL mechanism
|
||||
# start_tls mechanism uses the normal LDAP port, LDAPS typically 636
|
||||
#ssl start_tls
|
||||
#ssl on
|
||||
|
||||
# OpenLDAP SSL options
|
||||
# Require and verify server certificate (yes/no)
|
||||
# Default is to use libldap's default behavior, which can be configured in
|
||||
# /etc/openldap/ldap.conf using the TLS_REQCERT setting. The default for
|
||||
# OpenLDAP 2.0 and earlier is "no", for 2.1 and later is "yes".
|
||||
#tls_checkpeer yes
|
||||
|
||||
# CA certificates for server certificate verification
|
||||
# At least one of these are required if tls_checkpeer is "yes"
|
||||
#tls_cacertfile /etc/ssl/ca.cert
|
||||
#tls_cacertdir /etc/ssl/certs
|
||||
|
||||
# Seed the PRNG if /dev/urandom is not provided
|
||||
#tls_randfile /var/run/egd-pool
|
||||
|
||||
# SSL cipher suite
|
||||
# See man ciphers for syntax
|
||||
#tls_ciphers TLSv1
|
||||
|
||||
# Client certificate and key
|
||||
# Use these, if your server requires client authentication.
|
||||
#tls_cert
|
||||
#tls_key
|
||||
|
||||
# Disable SASL security layers. This is needed for AD.
|
||||
#sasl_secprops maxssf=0
|
||||
|
||||
# Override the default Kerberos ticket cache location.
|
||||
#krb5_ccname FILE:/etc/.ldapcache
|
||||
|
19
wheezy_php5/nsswitch.conf
Normal file
19
wheezy_php5/nsswitch.conf
Normal file
|
@ -0,0 +1,19 @@
|
|||
# /etc/nsswitch.conf
|
||||
#
|
||||
# Example configuration of GNU Name Service Switch functionality.
|
||||
# If you have the `glibc-doc-reference' and `info' packages installed, try:
|
||||
# `info libc "Name Service Switch"' for information about this file.
|
||||
|
||||
passwd: compat ldap
|
||||
group: compat ldap
|
||||
shadow: compat
|
||||
|
||||
hosts: files dns
|
||||
networks: files
|
||||
|
||||
protocols: db files
|
||||
services: db files
|
||||
ethers: db files
|
||||
rpc: db files
|
||||
|
||||
netgroup: nis
|
10
wheezy_php5/start-fpm.sh
Executable file
10
wheezy_php5/start-fpm.sh
Executable file
|
@ -0,0 +1,10 @@
|
|||
#!/bin/sh
|
||||
|
||||
set -e
|
||||
|
||||
sed "s/@user@/${FPM_USER}/g; s/@variant@/${FPM_VARIANT}/g" \
|
||||
< /usr/local/etc/fpm-pool.conf.tmpl \
|
||||
> "/etc/php5/fpm/pool.d/${FPM_USER}.conf"
|
||||
|
||||
/etc/init.d/nullmailer start
|
||||
/usr/sbin/php5-fpm --nodaemonize
|
Loading…
Reference in a new issue