add openresty and ssdb

docker-compose.yml

@@ -5,7 +5,6 @@ networks:
     driver: ${NETWORKS_DRIVER}
   backend:
     driver: ${NETWORKS_DRIVER}
-
 volumes:
   mysql:
     driver: ${VOLUMES_DRIVER}
@@ -415,6 +414,32 @@ services:
         - frontend
         - backend
 
+### OpenResty Server #########################################
+    openresty:
+      build:
+        context: ./openresty
+        args:
+          - CHANGE_SOURCE=${CHANGE_SOURCE}
+          - PHP_UPSTREAM_CONTAINER=${OPENRESTY_PHP_UPSTREAM_CONTAINER}
+          - PHP_UPSTREAM_PORT=${OPENRESTY_PHP_UPSTREAM_PORT}
+          - http_proxy
+          - https_proxy
+          - no_proxy
+      volumes:
+        - ${APP_CODE_PATH_HOST}:${APP_CODE_PATH_CONTAINER}${APP_CODE_CONTAINER_FLAG}
+        - ${OPENRESTY_HOST_LOG_PATH}:/var/log/nginx
+        - ${OPENRESTY_SITES_PATH}:/etc/nginx/sites-available
+        - ${OPENRESTY_SSL_PATH}:/etc/nginx/ssl
+      ports:
+        - "${OPENRESTY_HOST_HTTP_PORT}:80"
+        - "${OPENRESTY_HOST_HTTPS_PORT}:443"
+        - "${VARNISH_BACKEND_PORT}:81"
+      depends_on:
+        - php-fpm
+      networks:
+        - frontend
+        - backend
+
 ### Blackfire ########################################
     blackfire:
       image: blackfire/blackfire
@@ -694,6 +719,16 @@ services:
         - "${REDIS_CLUSTER_PORT_RANGE}:7000-7005"
       networks:
         - backend
+### SSDB ################################################
+    ssdb:
+      build: ./ssdb
+      volumes:
+        - ${DATA_PATH_HOST}/ssdb:/data
+      ports:
+        - "${SSDB_PORT}:8888"
+      dns: 172.17.0.1
+      networks:
+        - backend
 
 ### ZooKeeper #########################################
     zookeeper:

openresty/Dockerfile

@@ -0,0 +1,211 @@
+# Dockerfile - alpine
+# https://github.com/openresty/docker-openresty
+
+ARG RESTY_IMAGE_BASE="alpine"
+ARG RESTY_IMAGE_TAG="3.13"
+
+FROM ${RESTY_IMAGE_BASE}:${RESTY_IMAGE_TAG}
+
+LABEL maintainer="Evan Wies <evan@neomantra.net>"
+
+# Docker Build Arguments
+ARG RESTY_IMAGE_BASE="alpine"
+ARG RESTY_IMAGE_TAG="3.13"
+ARG RESTY_VERSION="1.19.3.2"
+ARG RESTY_OPENSSL_VERSION="1.1.1k"
+ARG RESTY_OPENSSL_PATCH_VERSION="1.1.1f"
+ARG RESTY_OPENSSL_URL_BASE="https://www.openssl.org/source"
+ARG RESTY_PCRE_VERSION="8.44"
+ARG RESTY_J="1"
+ARG RESTY_CONFIG_OPTIONS="\
+    --with-compat \
+    --with-file-aio \
+    --with-http_addition_module \
+    --with-http_auth_request_module \
+    --with-http_dav_module \
+    --with-http_flv_module \
+    --with-http_geoip_module=dynamic \
+    --with-http_gunzip_module \
+    --with-http_gzip_static_module \
+    --with-http_image_filter_module=dynamic \
+    --with-http_mp4_module \
+    --with-http_random_index_module \
+    --with-http_realip_module \
+    --with-http_secure_link_module \
+    --with-http_slice_module \
+    --with-http_ssl_module \
+    --with-http_stub_status_module \
+    --with-http_sub_module \
+    --with-http_v2_module \
+    --with-http_xslt_module=dynamic \
+    --with-ipv6 \
+    --with-mail \
+    --with-mail_ssl_module \
+    --with-md5-asm \
+    --with-pcre-jit \
+    --with-sha1-asm \
+    --with-stream \
+    --with-stream_ssl_module \
+    --with-threads \
+    "
+ARG RESTY_CONFIG_OPTIONS_MORE="\
+    --conf-path=/etc/nginx/nginx.conf \
+    --error-log-path=/var/log/nginx/error.log \
+    --http-log-path=/var/log/nginx/access.log \
+    --pid-path=/var/run/nginx.pid \
+    --user=www-data \
+    --group=www-data \
+    --with-http_iconv_module \
+    --add-module=/tmp/nginx-ct-master \
+    --add-module=/tmp/nginx-dav-ext-module-master \
+    --add-module=/tmp/ngx_brotli \
+    --add-module=/tmp/ngx_cache_purge-master \
+    --add-module=/tmp/ngx_http_substitutions_filter_module-master \
+    "
+ARG RESTY_LUAJIT_OPTIONS="--with-luajit-xcflags='-DLUAJIT_NUMMODE=2 -DLUAJIT_ENABLE_LUA52COMPAT'"
+
+ARG RESTY_ADD_PACKAGE_BUILDDEPS=""
+ARG RESTY_ADD_PACKAGE_RUNDEPS=""
+ARG RESTY_EVAL_PRE_CONFIGURE=""
+ARG RESTY_EVAL_POST_MAKE=""
+
+# These are not intended to be user-specified
+ARG _RESTY_CONFIG_DEPS="--with-pcre \
+    --with-cc-opt='-DNGX_LUA_ABORT_AT_PANIC -I/usr/local/openresty/pcre/include -I/usr/local/openresty/openssl/include' \
+    --with-ld-opt='-L/usr/local/openresty/pcre/lib -L/usr/local/openresty/openssl/lib -Wl,-rpath,/usr/local/openresty/pcre/lib:/usr/local/openresty/openssl/lib' \
+    "
+
+LABEL resty_image_base="${RESTY_IMAGE_BASE}"
+LABEL resty_image_tag="${RESTY_IMAGE_TAG}"
+LABEL resty_version="${RESTY_VERSION}"
+LABEL resty_openssl_version="${RESTY_OPENSSL_VERSION}"
+LABEL resty_openssl_patch_version="${RESTY_OPENSSL_PATCH_VERSION}"
+LABEL resty_openssl_url_base="${RESTY_OPENSSL_URL_BASE}"
+LABEL resty_pcre_version="${RESTY_PCRE_VERSION}"
+LABEL resty_config_options="${RESTY_CONFIG_OPTIONS}"
+LABEL resty_config_options_more="${RESTY_CONFIG_OPTIONS_MORE}"
+LABEL resty_config_deps="${_RESTY_CONFIG_DEPS}"
+LABEL resty_add_package_builddeps="${RESTY_ADD_PACKAGE_BUILDDEPS}"
+LABEL resty_add_package_rundeps="${RESTY_ADD_PACKAGE_RUNDEPS}"
+LABEL resty_eval_pre_configure="${RESTY_EVAL_PRE_CONFIGURE}"
+LABEL resty_eval_post_make="${RESTY_EVAL_POST_MAKE}"
+
+ARG CHANGE_SOURCE=false
+RUN if [ ${CHANGE_SOURCE} = true ]; then \
+    # Change application source from dl-cdn.alpinelinux.org to aliyun source
+    sed -i 's/dl-cdn.alpinelinux.org/mirrors.aliyun.com/' /etc/apk/repositories \
+;fi
+
+RUN set -x ; \
+    addgroup -g 82 -S www-data ; \
+    adduser -u 82 -D -S -G www-data www-data && exit 0 ; exit 1
+
+
+RUN apk add --no-cache --virtual .build-deps \
+        build-base \
+        coreutils \
+        curl \
+        gd-dev \
+        geoip-dev \
+        libxslt-dev \
+        linux-headers \
+        make \
+        perl-dev \
+        readline-dev \
+        zlib-dev \
+        ${RESTY_ADD_PACKAGE_BUILDDEPS} \
+    && apk add --no-cache \
+        gd \
+        geoip \
+        libgcc \
+        libxslt \
+        zlib \
+        bash \
+        logrotate \
+        openssl \
+        ${RESTY_ADD_PACKAGE_RUNDEPS} \
+    && cd /tmp \
+    && if [ -n "${RESTY_EVAL_PRE_CONFIGURE}" ]; then eval $(echo ${RESTY_EVAL_PRE_CONFIGURE}); fi \
+    && cd /tmp \
+    && curl -fSL "${RESTY_OPENSSL_URL_BASE}/openssl-${RESTY_OPENSSL_VERSION}.tar.gz" -o openssl-${RESTY_OPENSSL_VERSION}.tar.gz \
+    && tar xzf openssl-${RESTY_OPENSSL_VERSION}.tar.gz \
+    && cd openssl-${RESTY_OPENSSL_VERSION} \
+    && if [ $(echo ${RESTY_OPENSSL_VERSION} | cut -c 1-5) = "1.1.1" ] ; then \
+        echo 'patching OpenSSL 1.1.1 for OpenResty' \
+        && curl -s https://raw.githubusercontent.com/openresty/openresty/master/patches/openssl-${RESTY_OPENSSL_PATCH_VERSION}-sess_set_get_cb_yield.patch | patch -p1 ; \
+    fi \
+    && if [ $(echo ${RESTY_OPENSSL_VERSION} | cut -c 1-5) = "1.1.0" ] ; then \
+        echo 'patching OpenSSL 1.1.0 for OpenResty' \
+        && curl -s https://raw.githubusercontent.com/openresty/openresty/ed328977028c3ec3033bc25873ee360056e247cd/patches/openssl-1.1.0j-parallel_build_fix.patch | patch -p1 \
+        && curl -s https://raw.githubusercontent.com/openresty/openresty/master/patches/openssl-${RESTY_OPENSSL_PATCH_VERSION}-sess_set_get_cb_yield.patch | patch -p1 ; \
+    fi \
+    && ./config \
+      no-threads shared zlib -g \
+      enable-ssl3 enable-ssl3-method \
+      --prefix=/usr/local/openresty/openssl \
+      --libdir=lib \
+      -Wl,-rpath,/usr/local/openresty/openssl/lib \
+    && make -j${RESTY_J} \
+    && make -j${RESTY_J} install_sw \
+    && cd /tmp \
+    && curl -fSL https://ftp.pcre.org/pub/pcre/pcre-${RESTY_PCRE_VERSION}.tar.gz -o pcre-${RESTY_PCRE_VERSION}.tar.gz \
+    && tar xzf pcre-${RESTY_PCRE_VERSION}.tar.gz \
+    && cd /tmp/pcre-${RESTY_PCRE_VERSION} \
+    && ./configure \
+        --prefix=/usr/local/openresty/pcre \
+        --disable-cpp \
+        --enable-jit \
+        --enable-utf \
+        --enable-unicode-properties \
+    && make -j${RESTY_J} \
+    && make -j${RESTY_J} install \
+    && cd /tmp \
+    && curl -fSL https://openresty.org/download/openresty-${RESTY_VERSION}.tar.gz -o openresty-${RESTY_VERSION}.tar.gz \
+    && tar xzf openresty-${RESTY_VERSION}.tar.gz \
+    && curl -fSL https://github.com/grahamedgecombe/nginx-ct/archive/master.tar.gz -o nginx-ct.tar.gz \
+    && tar xzf nginx-ct.tar.gz \
+    && curl -fSL https://github.com/arut/nginx-dav-ext-module/archive/master.tar.gz -o nginx-dav-ext-module.tar.gz \
+    && tar xzf nginx-dav-ext-module.tar.gz \
+    && curl -fSL https://www.downsoft.cn/software/linux/nginx/ngx_brotli.tar.gz -o ngx_brotli.tar.gz \
+    && tar xzf ngx_brotli.tar.gz \
+    && curl -fSL https://github.com/yaoweibin/ngx_http_substitutions_filter_module/archive/master.tar.gz -o ngx_http_substitutions_filter_module.tar.gz \
+    && tar xzf ngx_http_substitutions_filter_module.tar.gz \
+    && curl -fSL https://github.com/FRiCKLE/ngx_cache_purge/archive/master.tar.gz -o ngx_cache_purge.tar.gz \
+    && tar xzf ngx_cache_purge.tar.gz \
+    && cd /tmp/openresty-${RESTY_VERSION} \
+    && eval ./configure -j${RESTY_J} ${_RESTY_CONFIG_DEPS} ${RESTY_CONFIG_OPTIONS} ${RESTY_CONFIG_OPTIONS_MORE} ${RESTY_LUAJIT_OPTIONS} \
+    && make -j${RESTY_J} \
+    && make -j${RESTY_J} install \
+    && cd /tmp \
+    && if [ -n "${RESTY_EVAL_POST_MAKE}" ]; then eval $(echo ${RESTY_EVAL_POST_MAKE}); fi \
+    && rm -rf \
+        openssl-${RESTY_OPENSSL_VERSION}.tar.gz openssl-${RESTY_OPENSSL_VERSION} \
+        pcre-${RESTY_PCRE_VERSION}.tar.gz pcre-${RESTY_PCRE_VERSION} \
+        openresty-${RESTY_VERSION}.tar.gz openresty-${RESTY_VERSION} \
+    && apk del .build-deps \
+    && mkdir -p /etc/nginx/conf.d/ /var/run/openresty/
+
+# Add additional binaries into PATH for convenience
+ENV PATH=$PATH:/usr/local/openresty/luajit/bin:/usr/local/openresty/nginx/sbin:/usr/local/openresty/bin
+
+
+ARG PHP_UPSTREAM_CONTAINER=php-fpm
+ARG PHP_UPSTREAM_PORT=9000
+
+# Create 'messages' file used from 'logrotate'
+RUN touch /var/log/messages
+
+# Copy 'logrotate' config file
+COPY logrotate/nginx /etc/logrotate.d/
+
+# Set upstream conf and remove the default conf
+RUN echo "upstream php-upstream { server ${PHP_UPSTREAM_CONTAINER}:${PHP_UPSTREAM_PORT}; }" > /etc/nginx/conf.d/upstream.conf
+    
+# Copy nginx configuration files
+COPY nginx.conf /etc/nginx/
+
+ADD ./startup.sh /opt/startup.sh
+RUN sed -i 's/\r//g' /opt/startup.sh
+CMD ["/bin/bash", "/opt/startup.sh"]
+
+EXPOSE 80 81 443

openresty/logrotate/nginx

@@ -0,0 +1,14 @@
+/var/log/nginx/*.log {
+        daily
+        missingok
+        rotate 32
+        compress
+        delaycompress
+        nodateext
+        notifempty
+        create 644 www-data root
+        sharedscripts
+        postrotate
+                [ -f /var/run/nginx.pid ] && kill -USR1 `cat /var/run/nginx.pid`
+        endscript
+}

openresty/nginx.conf

@@ -0,0 +1,100 @@
+# nginx.conf  --  docker-openresty
+#
+# This file is installed to:
+#   `/usr/local/openresty/nginx/conf/nginx.conf`
+# and is the file loaded by nginx at startup,
+# unless the user specifies otherwise.
+#
+# It tracks the upstream OpenResty's `nginx.conf`, but removes the `server`
+# section and adds this directive:
+#     `include /etc/nginx/conf.d/*.conf;`
+#
+# The `docker-openresty` file `nginx.vh.default.conf` is copied to
+# `/etc/nginx/conf.d/default.conf`.  It contains the `server section
+# of the upstream `nginx.conf`.
+#
+# See https://github.com/openresty/docker-openresty/blob/master/README.md#nginx-config-files
+#
+
+user www-data;
+worker_processes 4;
+
+# Enables the use of JIT for regular expressions to speed-up their processing.
+pcre_jit on;
+
+
+#error_log  logs/error.log;
+#error_log  logs/error.log  notice;
+#error_log  logs/error.log  info;
+
+pid /var/run/nginx.pid;
+daemon off;
+
+worker_rlimit_nofile 65535;
+events {
+    use epoll;
+    worker_connections  65535;
+    multi_accept on;
+    accept_mutex on;
+}
+
+http {
+    include       mime.types;
+    default_type  application/octet-stream;
+
+    # Enables or disables the use of underscores in client request header fields.
+    # When the use of underscores is disabled, request header fields whose names contain underscores are marked as invalid and become subject to the ignore_invalid_headers directive.
+    # underscores_in_headers off;
+
+    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
+                      '$status $body_bytes_sent "$http_referer" '
+                      '"$http_user_agent" "$http_x_forwarded_for" "$host"';
+    #access_log  logs/access.log  main;
+
+        # Log in JSON Format
+        # log_format nginxlog_json escape=json '{ "timestamp": "$time_iso8601", '
+        # '"remote_addr": "$remote_addr", '
+        #  '"body_bytes_sent": $body_bytes_sent, '
+        #  '"request_time": $request_time, '
+        #  '"response_status": $status, '
+        #  '"request": "$request", '
+        #  '"request_method": "$request_method", '
+        #  '"host": "$host",'
+        #  '"upstream_addr": "$upstream_addr",'
+        #  '"http_x_forwarded_for": "$http_x_forwarded_for",'
+        #  '"http_referrer": "$http_referer", '
+        #  '"http_user_agent": "$http_user_agent", '
+        #  '"http_version": "$server_protocol", '
+        #  '"nginx_access": true }';
+        # access_log /dev/stdout nginxlog_json;
+
+    # See Move default writable paths to a dedicated directory (#119)
+    # https://github.com/openresty/docker-openresty/issues/119
+    client_body_temp_path /var/run/openresty/nginx-client-body;
+    proxy_temp_path       /var/run/openresty/nginx-proxy;
+    fastcgi_temp_path     /var/run/openresty/nginx-fastcgi;
+    uwsgi_temp_path       /var/run/openresty/nginx-uwsgi;
+    scgi_temp_path        /var/run/openresty/nginx-scgi;
+
+    sendfile        on;
+    tcp_nopush on;
+    tcp_nodelay on;
+
+    #keepalive_timeout  0;
+    keepalive_timeout  65;  
+    types_hash_max_size 2048;
+    client_max_body_size 128M;
+
+    gzip  on;
+    gzip_disable "msie6";
+  
+    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
+    ssl_ciphers 'ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS';
+
+    include /etc/nginx/conf.d/*.conf;
+    include /etc/nginx/sites-available/*.conf;
+
+    # Don't reveal OpenResty version to clients.
+    server_tokens off;
+    charset UTF-8;
+}

openresty/sites/.gitignore

@@ -0,0 +1,2 @@
+*.conf
+!default.conf

openresty/sites/app.conf.example

@@ -0,0 +1,43 @@
+server {
+
+    listen 80;
+    listen [::]:80;
+
+    # For https
+    # listen 443 ssl;
+    # listen [::]:443 ssl ipv6only=on;
+    # ssl_certificate /etc/nginx/ssl/default.crt;
+    # ssl_certificate_key /etc/nginx/ssl/default.key;
+
+    server_name app.test;
+    root /var/www/app;
+    index index.php index.html index.htm;
+
+    location / {
+         try_files $uri $uri/ /index.php$is_args$args;
+    }
+
+    location ~ \.php$ {
+        try_files $uri /index.php =404;
+        fastcgi_pass php-upstream;
+        fastcgi_index index.php;
+        fastcgi_buffers 16 16k;
+        fastcgi_buffer_size 32k;
+        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
+        #fixes timeouts
+        fastcgi_read_timeout 600;
+        include fastcgi_params;
+    }
+
+    location ~ /\.ht {
+        deny all;
+    }
+
+    location /.well-known/acme-challenge/ {
+        root /var/www/letsencrypt/;
+        log_not_found off;
+    }
+
+    error_log /var/log/nginx/app_error.log;
+    access_log /var/log/nginx/app_access.log;
+}

openresty/sites/confluence.conf.example

@@ -0,0 +1,43 @@
+server {
+    listen 80;
+    listen [::]:80;
+    server_name www.confluence-domain.com;
+    rewrite ^(.*) https://confluence-domain.com$1/ permanent;
+}
+
+server {
+    listen 80;
+    listen [::]:80;
+    server_name confluence-domain.com;
+    rewrite ^(.*) https://confluence-domain.com/ permanent;
+}
+
+server {
+    listen 443 ssl;
+    listen [::]:443 ssl;
+    ssl_certificate /etc/nginx/ssl/confluence-domain.com.crt;
+    ssl_certificate_key /etc/nginx/ssl/confluence-domain.com.key;
+
+    server_name confluence-domain.com;
+
+    location / {
+            client_max_body_size 100m;
+            proxy_set_header X-Forwarded-Host $host;
+            proxy_set_header X-Forwarded-Server $host;
+            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+            proxy_pass http://confluence-domain.com:8090/;
+    }
+
+    location /synchrony {
+        proxy_set_header X-Forwarded-Host $host;
+        proxy_set_header X-Forwarded-Server $host;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_pass http://confluence-domain.com:8090/synchrony-proxy;
+        proxy_http_version 1.1;
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header Connection "Upgrade";
+    }
+
+    error_log /var/log/nginx/bookchangerru_error.log;
+    access_log /var/log/nginx/bookchangerru_access.log;
+}

openresty/sites/default.conf

@@ -0,0 +1,40 @@
+server {
+
+    listen 80 default_server;
+    listen [::]:80 default_server ipv6only=on;
+
+    # For https
+    # listen 443 ssl default_server;
+    # listen [::]:443 ssl default_server ipv6only=on;
+    # ssl_certificate /etc/nginx/ssl/default.crt;
+    # ssl_certificate_key /etc/nginx/ssl/default.key;
+
+    server_name localhost;
+    root /opt/www/default;
+    index index.php index.html index.htm;
+
+    location / {
+         try_files $uri $uri/ /index.php$is_args$args;
+    }
+
+    location ~ \.php$ {
+        try_files $uri /index.php =404;
+        fastcgi_pass php-upstream;
+        fastcgi_index index.php;
+        fastcgi_buffers 16 16k;
+        fastcgi_buffer_size 32k;
+        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
+        #fixes timeouts
+        fastcgi_read_timeout 600;
+        include fastcgi_params;
+    }
+
+    location ~ /\.ht {
+        deny all;
+    }
+
+    location /.well-known/acme-challenge/ {
+        root /var/www/letsencrypt/;
+        log_not_found off;
+    }
+}

openresty/sites/laravel.conf.example

@@ -0,0 +1,49 @@
+#server {
+#    listen 80;
+#    server_name laravel.com.co;
+#    return 301 https://laravel.com.co$request_uri;
+#}
+
+server {
+
+    listen 80;
+    listen [::]:80;
+
+    # For https
+    # listen 443 ssl;
+    # listen [::]:443 ssl ipv6only=on;
+    # ssl_certificate /etc/nginx/ssl/default.crt;
+    # ssl_certificate_key /etc/nginx/ssl/default.key;
+
+    server_name laravel.test;
+    root /var/www/laravel/public;
+    index index.php index.html index.htm;
+
+    location / {
+         try_files $uri $uri/ /index.php$is_args$args;
+    }
+
+    location ~ \.php$ {
+        try_files $uri /index.php =404;
+        fastcgi_pass php-upstream;
+        fastcgi_index index.php;
+        fastcgi_buffers 16 16k;
+        fastcgi_buffer_size 32k;
+        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
+        #fixes timeouts
+        fastcgi_read_timeout 600;
+        include fastcgi_params;
+    }
+
+    location ~ /\.ht {
+        deny all;
+    }
+
+    location /.well-known/acme-challenge/ {
+        root /var/www/letsencrypt/;
+        log_not_found off;
+    }
+
+    error_log /var/log/nginx/laravel_error.log;
+    access_log /var/log/nginx/laravel_access.log;
+}

openresty/sites/laravel_varnish.conf.example

@@ -0,0 +1,110 @@
+server {
+    listen 80;
+    listen [::]:80;
+    server_name www.laravel.test;
+    rewrite ^(.*) https://laravel.test$1/ permanent;
+}
+
+server {
+    listen 80;
+    listen [::]:80;
+    server_name laravel.test;
+    rewrite ^(.*) https://laravel.test$1/ permanent;
+}
+
+server {
+    listen 443 ssl ;
+    listen [::]:443 ssl;
+    ssl_certificate /etc/nginx/ssl/laravel.test.crt;
+    ssl_certificate_key /etc/nginx/ssl/laravel.test.key;
+    server_name www.laravel.test;
+    rewrite ^(.*) https://laravel.test$1/ permanent;
+}
+
+server {
+    server_name laravel.test;
+
+    # For https
+    listen 443 ssl ;
+    listen [::]:443 ssl;
+    ssl_certificate /etc/nginx/ssl/laravel.test.crt;
+    ssl_certificate_key /etc/nginx/ssl/laravel.test.key;
+
+    port_in_redirect off;
+
+    add_header Strict-Transport-Security "max-age=31536000";
+    add_header X-Content-Type-Options nosniff;
+
+    location / {
+         proxy_pass http://proxy:6081;
+         proxy_set_header Host $http_host;
+         proxy_set_header X-Forwarded-Host $http_host;
+         proxy_set_header X-Real-IP $remote_addr;
+         proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+         proxy_set_header X-Forwarded-Proto https;
+         proxy_set_header HTTPS "on";
+         proxy_redirect     off;
+    }
+}
+
+server {
+    server_name laravel.test;
+
+    listen 81;
+    listen [::]:81;
+
+    root /var/www/laravel.test/www;
+
+    index index.php index.html index.htm;
+
+    location / {
+         try_files $uri $uri/ /index.php$is_args$args;
+    }
+
+    location ~ \.php$ {
+        fastcgi_max_temp_file_size 4m;
+        fastcgi_pass php-upstream;
+
+        # Additional configs
+        fastcgi_pass_header Set-Cookie;
+        fastcgi_pass_header Cookie;
+        fastcgi_ignore_headers Cache-Control Expires Set-Cookie;
+        try_files $uri /index.php =404;
+        fastcgi_index index.php;
+        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
+        fastcgi_split_path_info ^(.+\.php)(/.+)$;
+        fastcgi_param  PATH_INFO $fastcgi_path_info;
+        fastcgi_param  PATH_TRANSLATED $document_root$fastcgi_path_info;
+        fastcgi_param HTTPS on;
+
+        fastcgi_buffers 16 16k;
+        fastcgi_buffer_size 32k;
+
+        fastcgi_intercept_errors on;
+
+        #fixes timeouts
+        fastcgi_read_timeout 600;
+        include fastcgi_params;
+    }
+
+    # Caching
+    location ~* \.(ico|jpg|webp|jpeg|gif|css|png|js|ico|bmp|zip|woff)$ {
+        access_log off;
+        log_not_found off;
+        add_header Pragma public;
+        add_header Cache-Control "public";
+        expires 14d;
+    }
+
+    location ~* \.(php|html)$ {
+        access_log on;
+        log_not_found on;
+        add_header Pragma public;
+        add_header Cache-Control "public";
+        expires 14d;
+    }
+
+    location ~ /\.ht {
+        deny all;
+    }
+}

openresty/sites/node.conf.example

@@ -0,0 +1,47 @@
+#server {
+#    listen 80;
+#    server_name node.com.co;
+#    return 301 https://node.com.co$request_uri;
+#}
+
+server {
+
+    listen 80;
+    listen [::]:80;
+
+    #listen 443;
+    #listen [::]:443;
+
+    server_name node.com.co;
+
+    #ssl on;
+    #ssl_certificate /var/certs/node.com.co/cert.pem;
+    #ssl_certificate_key /var/certs/node.com.co/privkey.pem;
+    #ssl_protocols       SSLv3 TLSv1 TLSv1.1 TLSv1.2;
+    #ssl_ciphers         HIGH:!aNULL:!MD5;
+
+
+    location / {
+        proxy_pass http://node.com.co:3001;
+        proxy_http_version 1.1;
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header Connection 'upgrade';
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-Proto $scheme;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_cache_bypass $http_upgrade;
+    }
+
+    location ~ /\.ht {
+        deny all;
+    }
+
+    location /.well-known/acme-challenge/ {
+        root /var/www/letsencrypt/;
+        log_not_found off;
+    }
+
+    error_log /var/log/nginx/node.com.co.local_error.log;
+    access_log /var/log/nginx/node.com.co.local_access.log;
+}

openresty/sites/symfony.conf.example

@@ -0,0 +1,42 @@
+server {
+
+    listen 80;
+    listen [::]:80;
+
+    # For https
+    # listen 443 ssl;
+    # listen [::]:443 ssl ipv6only=on;
+    # ssl_certificate /etc/nginx/ssl/default.crt;
+    # ssl_certificate_key /etc/nginx/ssl/default.key;
+
+    server_name symfony.test;
+    root /var/www/projects/symfony/web;
+    index index.php index.html index.htm;
+
+    location / {
+      try_files $uri @rewriteapp;
+    }
+
+    # For Symfony 3
+    location @rewriteapp {
+        rewrite ^(.*)$ /app.php/$1 last;
+    }
+    
+    # For Symfony 4 config
+    # location @rewriteapp {
+    #     rewrite ^(.*)$ /index.php/$1 last;
+    # }
+
+    location ~ ^/(app|app_dev|config|index)\.php(/|$) {
+        fastcgi_pass php-upstream;
+        fastcgi_split_path_info ^(.+\.php)(/.*)$;
+        include fastcgi_params;
+        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
+        #fixes timeouts
+        fastcgi_read_timeout 600;
+        fastcgi_param HTTPS off;
+    }
+
+    error_log /var/log/nginx/symfony_error.log;
+    access_log /var/log/nginx/symfony_access.log;
+}

openresty/ssl/.gitignore

@@ -0,0 +1,4 @@
+*.crt
+*.csr
+*.key
+*.pem

openresty/startup.sh

@@ -0,0 +1,14 @@
+#!/bin/bash
+
+if [ ! -f /etc/nginx/ssl/default.crt ]; then
+    openssl genrsa -out "/etc/nginx/ssl/default.key" 2048
+    openssl req -new -key "/etc/nginx/ssl/default.key" -out "/etc/nginx/ssl/default.csr" -subj "/CN=default/O=default/C=UK"
+    openssl x509 -req -days 365 -in "/etc/nginx/ssl/default.csr" -signkey "/etc/nginx/ssl/default.key" -out "/etc/nginx/ssl/default.crt"
+    chmod 644 /etc/nginx/ssl/default.key
+fi
+
+# Start crond in background
+crond -l 2 -b
+
+# Start nginx in foreground
+nginx

ssdb/Dockerfile

@@ -0,0 +1,22 @@
+FROM alpine
+LABEL maintainer="Leonard Buskin <leonardbuskin@gmail.com>"
+
+ARG VERSION=${VERSION:-master}
+
+RUN apk add --no-cache --virtual .build-deps \
+      curl gcc g++ make autoconf libc-dev libevent-dev linux-headers perl tar \
+    && mkdir -p /ssdb/tmp \
+    && curl -Lk "https://github.com/ideawu/ssdb/archive/${VERSION}.tar.gz" | \
+       tar -xz -C /ssdb/tmp --strip-components=1 \
+    && cd /ssdb/tmp \
+    && make -j$(getconf _NPROCESSORS_ONLN) \
+    && make install PREFIX=/ssdb \
+    && rm -rf /ssdb/tmp \
+    && apk add --virtual .rundeps libstdc++ \
+    && apk add --no-cache bash python2 \
+    && apk del .build-deps
+
+EXPOSE 8888
+VOLUME /ssdb/var
+COPY ssdb.conf /ssdb/ssdb.conf
+CMD ["/ssdb/ssdb-server", "/ssdb/ssdb.conf"]

ssdb/ssdb.conf

@@ -0,0 +1,52 @@
+# ssdb-server config
+# MUST indent by TAB!
+
+# relative to path of this file, directory must exists
+work_dir = /data
+pidfile = /run/ssdb.pid
+
+server:
+	#ip: 127.0.0.1
+	port: 8888
+	# bind to public ip
+	ip: 0.0.0.0
+	# format: allow|deny: all|ip_prefix
+	# multiple allows or denys is supported
+	deny: all
+	allow: 127.0.0.1
+	allow: 192.
+	allow: 172.
+	# auth password must be at least 32 characters
+	#auth: very-strong-password
+
+replication:
+	binlog: yes
+	# Limit sync speed to *MB/s, -1: no limit
+	sync_speed: -1
+	slaveof:
+		# to identify a master even if it moved(ip, port changed)
+		# if set to empty or not defined, ip:port will be used.
+		#id: svc_2
+		# sync|mirror, default is sync
+		#type: sync
+		#host: s1.ssdb.db
+		#port: 8888
+
+logger:
+	level: warn
+	output: /var/log/ssdb.log
+	rotate:
+		size: 1000000000
+
+leveldb:
+	# in MB
+	cache_size: 500
+	# in KB
+	block_size: 32
+	# in MB
+	write_buffer_size: 64
+	# in MB
+	compaction_speed: 1000
+	# yes|no
+	compression: yes
+