generating all files from template

fabriciojs · fabriciojs · commit 2f565343eaaf · 2021-04-13T13:52:29.000-03:00
diff --git a/7.1-nginx-prod/Dockerfile b/7.1-nginx-prod/Dockerfile
@@ -13,11 +13,21 @@ ENV PHP_FPM_LISTEN=/run/php-fpm.sock \
 RUN curl -L https://github.com/ochinchina/supervisord/releases/download/v0.6.3/supervisord_static_0.6.3_linux_amd64 -o /usr/local/bin/supervisord \
     && chmod +x /usr/local/bin/supervisord \
     && apk add --no-cache nginx \
-    && sed -i "s|^user .*|user\ kool kool;|g" /etc/nginx/nginx.conf \
     && chown -R kool:kool /var/tmp/nginx \
     && chmod 770 /var/tmp/nginx \
     && ln -sf /dev/stdout /var/log/nginx/access.log \
-    && ln -sf /dev/stderr /var/log/nginx/error.log
+    && ln -sf /dev/stderr /var/log/nginx/error.log \
+    # add h5bp/server-configs-nginx
+    && mkdir /etc/nginx/h5bp \
+    && cd /etc/nginx/h5bp \
+    && wget https://github.com/h5bp/server-configs-nginx/archive/refs/tags/3.3.0.tar.gz -O h5bp.tgz \
+    && tar xzvf h5bp.tgz \
+    && rm -f h5bp.tgz \
+    && mv server-configs-nginx-*/h5bp/* . \
+    && mv server-configs-nginx-*/nginx.conf /etc/nginx/nginx.conf \
+    && sed -i "s|^user .*|user\ kool kool;|g" /etc/nginx/nginx.conf \
+    && mv server-configs-nginx-*/mime.types /etc/nginx/mime.types \
+    && rm -rf server-configs-nginx-*
 
 COPY supervisor.conf /kool/supervisor.conf
 COPY default.tmpl /kool/default.tmpl
diff --git a/7.1-nginx-prod/default.tmpl b/7.1-nginx-prod/default.tmpl
@@ -30,4 +30,15 @@ server {
     location ~ /\.ht {
         deny all;
     }
+
+    # basic H5BP suggestions
+    include h5bp/internet_explorer/x-ua-compatible.conf;
+    include h5bp/security/referrer-policy.conf;
+    include h5bp/security/x-content-type-options.conf;
+    include h5bp/security/x-frame-options.conf;
+    include h5bp/security/x-xss-protection.conf;
+
+    # performance enhancements (mostly for caching static data)
+    include h5bp/web_performance/cache-file-descriptors.conf;
+    include h5bp/web_performance/pre-compressed_content_gzip.conf;
 }
diff --git a/7.1-nginx-prod/supervisor.conf b/7.1-nginx-prod/supervisor.conf
@@ -1,6 +1,6 @@
 [program:nginx]
 depends_on = php-fpm
-command = nginx -g "pid /run/nginx.pid; daemon off;"
+command = nginx -g "daemon off;"
 stopasgroup = true
 stderr_logfile = /dev/stderr
 stdout_logfile = /dev/stdout
diff --git a/7.1-nginx/Dockerfile b/7.1-nginx/Dockerfile
@@ -13,11 +13,21 @@ ENV PHP_FPM_LISTEN=/run/php-fpm.sock \
 RUN curl -L https://github.com/ochinchina/supervisord/releases/download/v0.6.3/supervisord_static_0.6.3_linux_amd64 -o /usr/local/bin/supervisord \
     && chmod +x /usr/local/bin/supervisord \
     && apk add --no-cache nginx \
-    && sed -i "s|^user .*|user\ kool kool;|g" /etc/nginx/nginx.conf \
     && chown -R kool:kool /var/tmp/nginx \
     && chmod 770 /var/tmp/nginx \
     && ln -sf /dev/stdout /var/log/nginx/access.log \
-    && ln -sf /dev/stderr /var/log/nginx/error.log
+    && ln -sf /dev/stderr /var/log/nginx/error.log \
+    # add h5bp/server-configs-nginx
+    && mkdir /etc/nginx/h5bp \
+    && cd /etc/nginx/h5bp \
+    && wget https://github.com/h5bp/server-configs-nginx/archive/refs/tags/3.3.0.tar.gz -O h5bp.tgz \
+    && tar xzvf h5bp.tgz \
+    && rm -f h5bp.tgz \
+    && mv server-configs-nginx-*/h5bp/* . \
+    && mv server-configs-nginx-*/nginx.conf /etc/nginx/nginx.conf \
+    && sed -i "s|^user .*|user\ kool kool;|g" /etc/nginx/nginx.conf \
+    && mv server-configs-nginx-*/mime.types /etc/nginx/mime.types \
+    && rm -rf server-configs-nginx-*
 
 COPY supervisor.conf /kool/supervisor.conf
 COPY default.tmpl /kool/default.tmpl
diff --git a/7.1-nginx/default.tmpl b/7.1-nginx/default.tmpl
@@ -30,4 +30,15 @@ server {
     location ~ /\.ht {
         deny all;
     }
+
+    # basic H5BP suggestions
+    include h5bp/internet_explorer/x-ua-compatible.conf;
+    include h5bp/security/referrer-policy.conf;
+    include h5bp/security/x-content-type-options.conf;
+    include h5bp/security/x-frame-options.conf;
+    include h5bp/security/x-xss-protection.conf;
+
+    # performance enhancements (mostly for caching static data)
+    include h5bp/web_performance/cache-file-descriptors.conf;
+    include h5bp/web_performance/pre-compressed_content_gzip.conf;
 }
diff --git a/7.1-nginx/supervisor.conf b/7.1-nginx/supervisor.conf
@@ -1,6 +1,6 @@
 [program:nginx]
 depends_on = php-fpm
-command = nginx -g "pid /run/nginx.pid; daemon off;"
+command = nginx -g "daemon off;"
 stopasgroup = true
 stderr_logfile = /dev/stderr
 stdout_logfile = /dev/stdout
diff --git a/7.2-nginx-prod/Dockerfile b/7.2-nginx-prod/Dockerfile
@@ -13,11 +13,21 @@ ENV PHP_FPM_LISTEN=/run/php-fpm.sock \
 RUN curl -L https://github.com/ochinchina/supervisord/releases/download/v0.6.3/supervisord_static_0.6.3_linux_amd64 -o /usr/local/bin/supervisord \
     && chmod +x /usr/local/bin/supervisord \
     && apk add --no-cache nginx \
-    && sed -i "s|^user .*|user\ kool kool;|g" /etc/nginx/nginx.conf \
     && chown -R kool:kool /var/lib/nginx \
     && chmod 770 /var/lib/nginx/tmp \
     && ln -sf /dev/stdout /var/log/nginx/access.log \
-    && ln -sf /dev/stderr /var/log/nginx/error.log
+    && ln -sf /dev/stderr /var/log/nginx/error.log \
+    # add h5bp/server-configs-nginx
+    && mkdir /etc/nginx/h5bp \
+    && cd /etc/nginx/h5bp \
+    && wget https://github.com/h5bp/server-configs-nginx/archive/refs/tags/3.3.0.tar.gz -O h5bp.tgz \
+    && tar xzvf h5bp.tgz \
+    && rm -f h5bp.tgz \
+    && mv server-configs-nginx-*/h5bp/* . \
+    && mv server-configs-nginx-*/nginx.conf /etc/nginx/nginx.conf \
+    && sed -i "s|^user .*|user\ kool kool;|g" /etc/nginx/nginx.conf \
+    && mv server-configs-nginx-*/mime.types /etc/nginx/mime.types \
+    && rm -rf server-configs-nginx-*
 
 COPY supervisor.conf /kool/supervisor.conf
 COPY default.tmpl /kool/default.tmpl
diff --git a/7.2-nginx-prod/default.tmpl b/7.2-nginx-prod/default.tmpl
@@ -30,4 +30,15 @@ server {
     location ~ /\.ht {
         deny all;
     }
+
+    # basic H5BP suggestions
+    include h5bp/internet_explorer/x-ua-compatible.conf;
+    include h5bp/security/referrer-policy.conf;
+    include h5bp/security/x-content-type-options.conf;
+    include h5bp/security/x-frame-options.conf;
+    include h5bp/security/x-xss-protection.conf;
+
+    # performance enhancements (mostly for caching static data)
+    include h5bp/web_performance/cache-file-descriptors.conf;
+    include h5bp/web_performance/pre-compressed_content_gzip.conf;
 }
diff --git a/7.2-nginx-prod/supervisor.conf b/7.2-nginx-prod/supervisor.conf
@@ -1,6 +1,6 @@
 [program:nginx]
 depends_on = php-fpm
-command = nginx -g "pid /run/nginx.pid; daemon off;"
+command = nginx -g "daemon off;"
 stopasgroup = true
 stderr_logfile = /dev/stderr
 stdout_logfile = /dev/stdout
diff --git a/7.2-nginx/Dockerfile b/7.2-nginx/Dockerfile
@@ -13,11 +13,21 @@ ENV PHP_FPM_LISTEN=/run/php-fpm.sock \
 RUN curl -L https://github.com/ochinchina/supervisord/releases/download/v0.6.3/supervisord_static_0.6.3_linux_amd64 -o /usr/local/bin/supervisord \
     && chmod +x /usr/local/bin/supervisord \
     && apk add --no-cache nginx \
-    && sed -i "s|^user .*|user\ kool kool;|g" /etc/nginx/nginx.conf \
     && chown -R kool:kool /var/lib/nginx \
     && chmod 770 /var/lib/nginx/tmp \
     && ln -sf /dev/stdout /var/log/nginx/access.log \
-    && ln -sf /dev/stderr /var/log/nginx/error.log
+    && ln -sf /dev/stderr /var/log/nginx/error.log \
+    # add h5bp/server-configs-nginx
+    && mkdir /etc/nginx/h5bp \
+    && cd /etc/nginx/h5bp \
+    && wget https://github.com/h5bp/server-configs-nginx/archive/refs/tags/3.3.0.tar.gz -O h5bp.tgz \
+    && tar xzvf h5bp.tgz \
+    && rm -f h5bp.tgz \
+    && mv server-configs-nginx-*/h5bp/* . \
+    && mv server-configs-nginx-*/nginx.conf /etc/nginx/nginx.conf \
+    && sed -i "s|^user .*|user\ kool kool;|g" /etc/nginx/nginx.conf \
+    && mv server-configs-nginx-*/mime.types /etc/nginx/mime.types \
+    && rm -rf server-configs-nginx-*
 
 COPY supervisor.conf /kool/supervisor.conf
 COPY default.tmpl /kool/default.tmpl
diff --git a/7.2-nginx/default.tmpl b/7.2-nginx/default.tmpl
@@ -30,4 +30,15 @@ server {
     location ~ /\.ht {
         deny all;
     }
+
+    # basic H5BP suggestions
+    include h5bp/internet_explorer/x-ua-compatible.conf;
+    include h5bp/security/referrer-policy.conf;
+    include h5bp/security/x-content-type-options.conf;
+    include h5bp/security/x-frame-options.conf;
+    include h5bp/security/x-xss-protection.conf;
+
+    # performance enhancements (mostly for caching static data)
+    include h5bp/web_performance/cache-file-descriptors.conf;
+    include h5bp/web_performance/pre-compressed_content_gzip.conf;
 }
diff --git a/7.2-nginx/supervisor.conf b/7.2-nginx/supervisor.conf
@@ -1,6 +1,6 @@
 [program:nginx]
 depends_on = php-fpm
-command = nginx -g "pid /run/nginx.pid; daemon off;"
+command = nginx -g "daemon off;"
 stopasgroup = true
 stderr_logfile = /dev/stderr
 stdout_logfile = /dev/stdout
diff --git a/7.3-nginx-prod/Dockerfile b/7.3-nginx-prod/Dockerfile
@@ -13,11 +13,21 @@ ENV PHP_FPM_LISTEN=/run/php-fpm.sock \
 RUN curl -L https://github.com/ochinchina/supervisord/releases/download/v0.6.3/supervisord_static_0.6.3_linux_amd64 -o /usr/local/bin/supervisord \
     && chmod +x /usr/local/bin/supervisord \
     && apk add --no-cache nginx \
-    && sed -i "s|^user .*|user\ kool kool;|g" /etc/nginx/nginx.conf \
     && chown -R kool:kool /var/lib/nginx \
     && chmod 770 /var/lib/nginx/tmp \
     && ln -sf /dev/stdout /var/log/nginx/access.log \
-    && ln -sf /dev/stderr /var/log/nginx/error.log
+    && ln -sf /dev/stderr /var/log/nginx/error.log \
+    # add h5bp/server-configs-nginx
+    && mkdir /etc/nginx/h5bp \
+    && cd /etc/nginx/h5bp \
+    && wget https://github.com/h5bp/server-configs-nginx/archive/refs/tags/3.3.0.tar.gz -O h5bp.tgz \
+    && tar xzvf h5bp.tgz \
+    && rm -f h5bp.tgz \
+    && mv server-configs-nginx-*/h5bp/* . \
+    && mv server-configs-nginx-*/nginx.conf /etc/nginx/nginx.conf \
+    && sed -i "s|^user .*|user\ kool kool;|g" /etc/nginx/nginx.conf \
+    && mv server-configs-nginx-*/mime.types /etc/nginx/mime.types \
+    && rm -rf server-configs-nginx-*
 
 COPY supervisor.conf /kool/supervisor.conf
 COPY default.tmpl /kool/default.tmpl
diff --git a/7.3-nginx-prod/default.tmpl b/7.3-nginx-prod/default.tmpl
@@ -30,4 +30,15 @@ server {
     location ~ /\.ht {
         deny all;
     }
+
+    # basic H5BP suggestions
+    include h5bp/internet_explorer/x-ua-compatible.conf;
+    include h5bp/security/referrer-policy.conf;
+    include h5bp/security/x-content-type-options.conf;
+    include h5bp/security/x-frame-options.conf;
+    include h5bp/security/x-xss-protection.conf;
+
+    # performance enhancements (mostly for caching static data)
+    include h5bp/web_performance/cache-file-descriptors.conf;
+    include h5bp/web_performance/pre-compressed_content_gzip.conf;
 }
diff --git a/7.3-nginx-prod/supervisor.conf b/7.3-nginx-prod/supervisor.conf
@@ -1,6 +1,6 @@
 [program:nginx]
 depends_on = php-fpm
-command = nginx -g "pid /run/nginx.pid; daemon off;"
+command = nginx -g "daemon off;"
 stopasgroup = true
 stderr_logfile = /dev/stderr
 stdout_logfile = /dev/stdout
diff --git a/7.3-nginx/Dockerfile b/7.3-nginx/Dockerfile
@@ -13,11 +13,21 @@ ENV PHP_FPM_LISTEN=/run/php-fpm.sock \
 RUN curl -L https://github.com/ochinchina/supervisord/releases/download/v0.6.3/supervisord_static_0.6.3_linux_amd64 -o /usr/local/bin/supervisord \
     && chmod +x /usr/local/bin/supervisord \
     && apk add --no-cache nginx \
-    && sed -i "s|^user .*|user\ kool kool;|g" /etc/nginx/nginx.conf \
     && chown -R kool:kool /var/lib/nginx \
     && chmod 770 /var/lib/nginx/tmp \
     && ln -sf /dev/stdout /var/log/nginx/access.log \
-    && ln -sf /dev/stderr /var/log/nginx/error.log
+    && ln -sf /dev/stderr /var/log/nginx/error.log \
+    # add h5bp/server-configs-nginx
+    && mkdir /etc/nginx/h5bp \
+    && cd /etc/nginx/h5bp \
+    && wget https://github.com/h5bp/server-configs-nginx/archive/refs/tags/3.3.0.tar.gz -O h5bp.tgz \
+    && tar xzvf h5bp.tgz \
+    && rm -f h5bp.tgz \
+    && mv server-configs-nginx-*/h5bp/* . \
+    && mv server-configs-nginx-*/nginx.conf /etc/nginx/nginx.conf \
+    && sed -i "s|^user .*|user\ kool kool;|g" /etc/nginx/nginx.conf \
+    && mv server-configs-nginx-*/mime.types /etc/nginx/mime.types \
+    && rm -rf server-configs-nginx-*
 
 COPY supervisor.conf /kool/supervisor.conf
 COPY default.tmpl /kool/default.tmpl
diff --git a/7.3-nginx/default.tmpl b/7.3-nginx/default.tmpl
@@ -30,4 +30,15 @@ server {
     location ~ /\.ht {
         deny all;
     }
+
+    # basic H5BP suggestions
+    include h5bp/internet_explorer/x-ua-compatible.conf;
+    include h5bp/security/referrer-policy.conf;
+    include h5bp/security/x-content-type-options.conf;
+    include h5bp/security/x-frame-options.conf;
+    include h5bp/security/x-xss-protection.conf;
+
+    # performance enhancements (mostly for caching static data)
+    include h5bp/web_performance/cache-file-descriptors.conf;
+    include h5bp/web_performance/pre-compressed_content_gzip.conf;
 }
diff --git a/7.3-nginx/supervisor.conf b/7.3-nginx/supervisor.conf
@@ -1,6 +1,6 @@
 [program:nginx]
 depends_on = php-fpm
-command = nginx -g "pid /run/nginx.pid; daemon off;"
+command = nginx -g "daemon off;"
 stopasgroup = true
 stderr_logfile = /dev/stderr
 stdout_logfile = /dev/stdout
diff --git a/7.4-nginx-prod/Dockerfile b/7.4-nginx-prod/Dockerfile
@@ -13,11 +13,21 @@ ENV PHP_FPM_LISTEN=/run/php-fpm.sock \
 RUN curl -L https://github.com/ochinchina/supervisord/releases/download/v0.6.3/supervisord_static_0.6.3_linux_amd64 -o /usr/local/bin/supervisord \
     && chmod +x /usr/local/bin/supervisord \
     && apk add --no-cache nginx \
-    && sed -i "s|^user .*|user\ kool kool;|g" /etc/nginx/nginx.conf \
     && chown -R kool:kool /var/lib/nginx \
     && chmod 770 /var/lib/nginx/tmp \
     && ln -sf /dev/stdout /var/log/nginx/access.log \
-    && ln -sf /dev/stderr /var/log/nginx/error.log
+    && ln -sf /dev/stderr /var/log/nginx/error.log \
+    # add h5bp/server-configs-nginx
+    && mkdir /etc/nginx/h5bp \
+    && cd /etc/nginx/h5bp \
+    && wget https://github.com/h5bp/server-configs-nginx/archive/refs/tags/3.3.0.tar.gz -O h5bp.tgz \
+    && tar xzvf h5bp.tgz \
+    && rm -f h5bp.tgz \
+    && mv server-configs-nginx-*/h5bp/* . \
+    && mv server-configs-nginx-*/nginx.conf /etc/nginx/nginx.conf \
+    && sed -i "s|^user .*|user\ kool kool;|g" /etc/nginx/nginx.conf \
+    && mv server-configs-nginx-*/mime.types /etc/nginx/mime.types \
+    && rm -rf server-configs-nginx-*
 
 COPY supervisor.conf /kool/supervisor.conf
 COPY default.tmpl /kool/default.tmpl
diff --git a/7.4-nginx-prod/default.tmpl b/7.4-nginx-prod/default.tmpl
@@ -30,4 +30,15 @@ server {
     location ~ /\.ht {
         deny all;
     }
+
+    # basic H5BP suggestions
+    include h5bp/internet_explorer/x-ua-compatible.conf;
+    include h5bp/security/referrer-policy.conf;
+    include h5bp/security/x-content-type-options.conf;
+    include h5bp/security/x-frame-options.conf;
+    include h5bp/security/x-xss-protection.conf;
+
+    # performance enhancements (mostly for caching static data)
+    include h5bp/web_performance/cache-file-descriptors.conf;
+    include h5bp/web_performance/pre-compressed_content_gzip.conf;
 }
diff --git a/7.4-nginx-prod/supervisor.conf b/7.4-nginx-prod/supervisor.conf
@@ -1,6 +1,6 @@
 [program:nginx]
 depends_on = php-fpm
-command = nginx -g "pid /run/nginx.pid; daemon off;"
+command = nginx -g "daemon off;"
 stopasgroup = true
 stderr_logfile = /dev/stderr
 stdout_logfile = /dev/stdout
diff --git a/7.4-nginx/Dockerfile b/7.4-nginx/Dockerfile
@@ -13,11 +13,21 @@ ENV PHP_FPM_LISTEN=/run/php-fpm.sock \
 RUN curl -L https://github.com/ochinchina/supervisord/releases/download/v0.6.3/supervisord_static_0.6.3_linux_amd64 -o /usr/local/bin/supervisord \
     && chmod +x /usr/local/bin/supervisord \
     && apk add --no-cache nginx \
-    && sed -i "s|^user .*|user\ kool kool;|g" /etc/nginx/nginx.conf \
     && chown -R kool:kool /var/lib/nginx \
     && chmod 770 /var/lib/nginx/tmp \
     && ln -sf /dev/stdout /var/log/nginx/access.log \
-    && ln -sf /dev/stderr /var/log/nginx/error.log
+    && ln -sf /dev/stderr /var/log/nginx/error.log \
+    # add h5bp/server-configs-nginx
+    && mkdir /etc/nginx/h5bp \
+    && cd /etc/nginx/h5bp \
+    && wget https://github.com/h5bp/server-configs-nginx/archive/refs/tags/3.3.0.tar.gz -O h5bp.tgz \
+    && tar xzvf h5bp.tgz \
+    && rm -f h5bp.tgz \
+    && mv server-configs-nginx-*/h5bp/* . \
+    && mv server-configs-nginx-*/nginx.conf /etc/nginx/nginx.conf \
+    && sed -i "s|^user .*|user\ kool kool;|g" /etc/nginx/nginx.conf \
+    && mv server-configs-nginx-*/mime.types /etc/nginx/mime.types \
+    && rm -rf server-configs-nginx-*
 
 COPY supervisor.conf /kool/supervisor.conf
 COPY default.tmpl /kool/default.tmpl
diff --git a/7.4-nginx/default.tmpl b/7.4-nginx/default.tmpl
@@ -30,4 +30,15 @@ server {
     location ~ /\.ht {
         deny all;
     }
+
+    # basic H5BP suggestions
+    include h5bp/internet_explorer/x-ua-compatible.conf;
+    include h5bp/security/referrer-policy.conf;
+    include h5bp/security/x-content-type-options.conf;
+    include h5bp/security/x-frame-options.conf;
+    include h5bp/security/x-xss-protection.conf;
+
+    # performance enhancements (mostly for caching static data)
+    include h5bp/web_performance/cache-file-descriptors.conf;
+    include h5bp/web_performance/pre-compressed_content_gzip.conf;
 }
diff --git a/7.4-nginx/supervisor.conf b/7.4-nginx/supervisor.conf
@@ -1,6 +1,6 @@
 [program:nginx]
 depends_on = php-fpm
-command = nginx -g "pid /run/nginx.pid; daemon off;"
+command = nginx -g "daemon off;"
 stopasgroup = true
 stderr_logfile = /dev/stderr
 stdout_logfile = /dev/stdout
diff --git a/8.0-nginx-prod/Dockerfile b/8.0-nginx-prod/Dockerfile
diff --git a/8.0-nginx-prod/default.tmpl b/8.0-nginx-prod/default.tmpl
diff --git a/8.0-nginx-prod/supervisor.conf b/8.0-nginx-prod/supervisor.conf
diff --git a/8.0-nginx/Dockerfile b/8.0-nginx/Dockerfile
diff --git a/8.0-nginx/default.tmpl b/8.0-nginx/default.tmpl
diff --git a/8.0-nginx/supervisor.conf b/8.0-nginx/supervisor.conf
