======kartoteka======
Компания ООО «Информационное агентство «Валаам» (10 мая 2011 года переименована в ООО «Коммерсантъ КАРТОТЕКА») была основана в октябре 1995 года и осуществляет деятельность на рынке информационно-аналитических услуг более 22 лет.
Компания одна из наиболее динамично развивающихся в сфере создания и использования баз данных и информационных ресурсов, а также в области разработки программного обеспечения.
\\
====Dockerfile====
FROM php:5.6-apache
RUN apt-get update && apt-get install -y \
libfreetype6-dev \
libjpeg62-turbo-dev \
libpng-dev \
libicu-dev \
libmemcached-dev \
libbz2-dev \
libssh2-1 \
libssh2-1-dev \
libssl-dev \
librabbitmq-dev \
libxml2-dev \
libxslt-dev \
git \
&& a2enmod rewrite \
&& docker-php-ext-install bcmath bz2 calendar exif opcache pdo_mysql mysql mysqli intl zip soap \
&& docker-php-ext-configure gd --with-freetype-dir=/usr/include/ --with-jpeg-dir=/usr/include/ \
&& docker-php-ext-install gd \
&& docker-php-ext-install xsl
RUN pecl install https://xdebug.org/files/xdebug-2.5.5.tgz \
&& pecl install ssh2-0.13 \
&& docker-php-ext-enable xdebug ssh2 \
&& echo "error_reporting = E_ALL" > /usr/local/etc/php/php.ini \
&& echo "post_max_size = 256M" > /usr/local/etc/php/php.ini \
&& echo "upload_max_filesize = 256M" > /usr/local/etc/php/php.ini \
&& echo "date.timezone = Europe/Moscow" > /usr/local/etc/php/php.ini \
&& echo "display_startup_errors = On" >> /usr/local/etc/php/php.ini \
&& echo "display_errors = On" >> /usr/local/etc/php/php.ini \
&& echo "expose_php = Off" >> /usr/local/etc/php/php.ini \
&& echo "xdebug.remote_enable=1" >> /usr/local/etc/php/conf.d/docker-php-ext-xdebug.ini \
&& echo "xdebug.remote_connect_back=0" >> /usr/local/etc/php/conf.d/docker-php-ext-xdebug.ini \
&& echo "xdebug.idekey=\"PHPSTORM\"" >> /usr/local/etc/php/conf.d/docker-php-ext-xdebug.ini \
&& echo "xdebug.remote_port=9000" >> /usr/local/etc/php/conf.d/docker-php-ext-xdebug.ini \
&& echo "xdebug.remote_host=10.0.75.1" >> /usr/local/etc/php/conf.d/docker-php-ext-xdebug.ini \
&& chmod 777 /var/log
RUN pecl install mongo && docker-php-ext-enable mongo
RUN pecl install mongodb && docker-php-ext-enable mongodb
RUN pecl install amqp && docker-php-ext-enable amqp
RUN pecl install redis-3.1.0 && docker-php-ext-enable redis
RUN pecl install memcached-2.2.0 && docker-php-ext-enable memcached
RUN pecl install memcache && docker-php-ext-enable memcache
RUN chmod 777 /etc/apache2/sites-available
#Установка apache2-mpm-itk
#RUN apt install -y libapache2-mpm-itk
#RUN a2enmod mpm_prefork
#RUN a2enmod mpm_itk
# Установить composer
RUN curl -sS https://getcomposer.org/installer | php -- --install-dir=/usr/local/bin --filename=composer
# Установить midnight-commander
RUN apt-get install -y mc
#SSL operation failed with code 1
#RUN apt-get install ca-certificates
# RUN echo IncludeOptioal sites-enabled/*.conf
#A configuration file.
COPY root_rsa_CA.crt /etc/ssl/certs/root_rsa_CA.crt
#A single-file version of CA certificates. This holds all CA certificates that you activated in /etc/ca-certificates.conf.
COPY root_rsa_CA.crt /etc/ca-certificates/update.d/root_rsa_CA.crt
# /usr/share/ca-certificates Directory of CA certificates
# /usr/local/share/ca-certificates Directory of local CA certificates (with .crt extension).
RUN update-ca-certificates
COPY asps.key /mycert/asps.key
COPY asps.pem /mycert/asps.pem
RUN a2enmod ssl
RUN apt-get install iputils-ping -y
RUN echo "nameserver 192.168.0.106" > /etc/resolv.conf && \
echo "nameserver 192.168.0.2" > /etc/resolv.conf
ADD ./hosts /etc/apache2/sites-available/
RUN a2ensite kartoteka asu anchikin vestnik libs srpi asps
# Рабочая директория при входе в контейнер
WORKDIR /var/www/
====docker-compose.yml====
version: "3"
services:
db:
image: "mysql:5.6"
environment:
MYSQL_ROOT_PASSWORD: blackmamba
MYSQL_USER: mysql
MYSQL_PASSWORD: admin
MYSQL_DATABASE: kartoteka_local
ports:
- "3306:3306"
volumes:
- C:\mysql:/var/lib/mysql
container_name: db
site:
environment:
DEVELOP: 1
build: .
depends_on:
- db
ports:
- "80:80"
- "443:443"
volumes:
- C:\docker\server\hosts:/etc/apache2/sites-available/
- C:\server\config\php\php.ini:/usr/local/etc/php/php.ini
- C:\server\libs:/var/www/libs:cached
- C:\server\libs:/var/www/libs_new__:cached
- C:\server\libsasu:/var/www/libsasu:cached
- C:\server\libsv:/var/www/libsv:cached
- C:\server\uni:/var/www/uni:cached
- C:\server\srpi:/var/www/srpi/srpi:cached
- C:\server:/var/www/asps.vgr:cached
- C:\server\kartoteka:/var/www/new.kartoteka.ru/webdata:cached
- C:\server\tmp:/tmp:cached
- C:\server\anchikin:/var/www/anchikin.develop:cached
- C:\server\vestnik:/var/www/vestnik:cached
- C:\server\asu:/var/www/asu:cached
- C:\server\api:/var/www/api:cached
- C:\server\bankruptcy:/var/www/bankruptcy:cached
- C:\server\composer\cache:/.composer/cache/:cached
- C:\server\files:/mnt/nfs/112/:cached
- C:\server\files:/mnt/raid/files/web/:cached
- C:\server\log:/var/www/log:cached
- C:\server\cert:/var/www/cert
container_name: site
asps.key
-----BEGIN PRIVATE KEY-----
MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDK4jF27w+Q9wBf
g/wxDK1QP/C4vQ3Ui0OUyUXCUnKGa69xV8Mffn64jzTxuTL0AwwYaHnhdJIi9b2g
Vr9tOZI7Nd65y7tWN/+xPxaUW8z+ot5AjaEJkIXR17Jsg3Zrbc+5BMRAjbCtygg7
hqdLBIA04hm/jB69To9P798U/9M4VizVNAwDSokgh6bUiE8itE7IrfoV0Uk1kXyU
yAraeKkzzh/fDqLyRXFgVx+m1xX8W9d9Aow8vUJeX8f17BUFnbHw/JI3Jev7iD0R
8++Ej6HbqePEMzHqjRGC5VEE41W63/HPzfk7tnUD+UqXbcqOM1TulstNzJCYW7Ux
U1Eb/B3XAgMBAAECggEAE/36Fdg01noghUkCPusa4P+L/whSJpGalTzILP/m3Swb
W7XkOmRCpHkoJHG1faoXNQiGihrsk5lXmEc0EdVMfZ0vV2umCDb4cUTgOrpZFvaB
pCbQqZqeNTFmGZ9Suf9WKss3c40Czf1MlmEMdy34XD2zf9aU6N6m7J+cgfs7mx9l
ypUxi1MLTMnbvRYIrmVg3PTacxgPM4nSARXLhOGjw9rYKRIVXt+4rrwkV7QcTgD9
Gx03MLm5ktduW3QYmNDjQ8tYq1MjtA+zq99Da6uB73QF6wuL6Oa4NrVYGLxvVh8G
/GOjpCp4bU7QHz3Aq+jsau+EAFWI47Ml9ZEpgPM5IQKBgQDxSwcgIMJMhQkk+nRn
SCkEuvqcA5JeMBnjl6NQmgl0OaeLfP1WKjJl7mW+YqGkMYkP1WNFSCskRlYXYwEN
+zwKcUrUGo8VEStm5HA+TLm9XxG57/L4TH/r+HbSmiSppPKXENIXfc+zafhpn2yo
kmKDre/xJPq6Wjjm1wacqxWdWQKBgQDXP9mDIiwB8hpakfDLDrV/FF8dYTCiu4lL
p0of3SDFm05MjrGCp68q5tm2GpFpJWQPFVXFaWU7fCFtOpSb0NfwaSd1ERnZ4W1q
xKrOW1EclHWza2H2DUIkS3/nYexqLkCOYaURPTkbMs8c0vwkN4fdi/jKyOhN6KtD
WAkJB6o+rwKBgQDDtmxoJcoTUNDS+oaSA1ip6pM9GjSNSwykqqkfxmEmsWDxZgcB
7aYFQXGrE8syJ6+ZdSZY2qmLebV4sKf5VC8l9TCRi51EpDGE+oMENS1uqX7yRurX
dQ1JM7YFKlvUceMGnvEZdsWSK8D+wv3aWSmozttQyALKRkXjDsPhLW+RuQKBgHvm
iPHuzZ4hGgJgV1bLFLYdp9Jli3VgtdsSZJyK0L5uc1emG4+1riLn1xH3oRQBLeNw
yHpl/JuNDECvo7M9N89u+ANu4I6GMFFw+1DlR39IBahNe4oCf7wcqXcq6scD8K0E
j9uofiKl0Ioq+HBwdoiUdZVkqDOQZmTRXAISo3CJAoGBANpuDn+zSLbv4x5NsFcQ
bsvqBtZbMS+9LhEHc3N0h9JvqydLFfGJC66Vlkh8WG1o8Gm9ptOViehsowsLVHBg
EzslzXe0V6xx5VWLxyZuVc/Q3Id97KJ5ESyf4i4NM+QTxepUMwOhdhCea+kFjD+N
8VGF9mT6Zbma3AGPWryph3R/
-----END PRIVATE KEY-----
==asps.pem==
-----BEGIN CERTIFICATE-----
MIIE9TCCBF6gAwIBAgICAOQwDQYJKoZIhvcNAQELBQAwggE+MSEwHwYJKoZIhvcN
AQkBDBJhZG1pbkBrYXJ0b3Rla2EucnUxCzAJBgNVBAYTAlJVMSIwIAYDVQQIDBnQ
ndCw0YXQuNC80L7QstGB0LrQuNC5IDMyMRUwEwYDVQQHDAzQnNC+0YHQutCy0LAx
MDAuBgNVBAoMJ9Ce0J7QniDQmtC+0LzQvNC10YDRgdCw0L3RgtGKIEtBUlRPVEVL
QTFBMD8GA1UECww40JLQvdGD0YLRgNC10L3QvdC40Lkg0KbQtdC90YLRgCDQodC1
0YDRgtC40YTQuNC60LDRhtC40LgxGDAWBgUqhQNkAQwNMTAyNzcwMDE3NzEzMDEa
MBgGCCqFAwOBAwEBDAwwMDc3MTMwMzg5NjIxJjAkBgNVBAMMHdCb0KPQpiDQmtCQ
0KDQotCe0KLQldCa0JAgUlNBMCAXDTE5MDgxNDE0MDAwMVoYDzIwNTkwODE1MTQw
MDAxWjCBuDELMAkGA1UEBhMCUlUxIjAgBgNVBAgMGdCd0LDRhdC40LzQvtCy0YHQ
utC40LkgMzIxMDAuBgNVBAoMJ9Ce0J7QniDQmtC+0LzQvNC10YDRgdCw0L3RgtGK
IEtBUlRPVEVLQTE6MDgGA1UECwwx0JjQvdGE0L7RgNC80LDRhtC40L7QvdC90YvQ
tSDRgtC10YXQvdC+0LvQvtCz0LjQuDEXMBUGA1UEAwwOYXNwcy5sb2NhbGhvc3Qw
ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDK4jF27w+Q9wBfg/wxDK1Q
P/C4vQ3Ui0OUyUXCUnKGa69xV8Mffn64jzTxuTL0AwwYaHnhdJIi9b2gVr9tOZI7
Nd65y7tWN/+xPxaUW8z+ot5AjaEJkIXR17Jsg3Zrbc+5BMRAjbCtygg7hqdLBIA0
4hm/jB69To9P798U/9M4VizVNAwDSokgh6bUiE8itE7IrfoV0Uk1kXyUyAraeKkz
zh/fDqLyRXFgVx+m1xX8W9d9Aow8vUJeX8f17BUFnbHw/JI3Jev7iD0R8++Ej6Hb
qePEMzHqjRGC5VEE41W63/HPzfk7tnUD+UqXbcqOM1TulstNzJCYW7UxU1Eb/B3X
AgMBAAGjgf4wgfswCQYDVR0TBAIwADALBgNVHQ8EBAMCBeAwMQYDVR0lBCowKAYI
KwYBBQUHAwEGCCsGAQUFBwMCBggrBgEFBQcDAwYIKwYBBQUHAwQwGQYDVR0RBBIw
EIIOYXNwcy5sb2NhbGhvc3QwMAYDVR0fBCkwJzAloCOgIYYfaHR0cDovL2NhLmxv
Y2FsL3Jvb3RfcnNhX0NBLmNybDBhBggrBgEFBQcBAQRVMFMwKwYIKwYBBQUHMAKG
H2h0dHA6Ly9jYS5sb2NhbC9yb290X3JzYV9DQS5jcnQwJAYIKwYBBQUHMAGGGGh0
dHA6Ly9jYS5sb2NhbC9vY3NwLnNyZjANBgkqhkiG9w0BAQsFAAOBgQBU2iyA4FOi
d/3JrTjTEGtdkyzyrl84bBP5AZuH8BAY647R7MhVyoKFKKOyPV11G1NjhS5ybyRa
AZz+DnZ9OeF2w8XpdZtLqkKkhh/su+cKHwkL5PEDagJo3nD6s2JVikmKB2Jifsia
5tteg4TTkQdkvf1Ax7xZw3qFxqdStLdkFA==
-----END CERTIFICATE-----
root_rsa_CA.crt
...
----
====hosts====
==000-default.conf==
# The ServerName directive sets the request scheme, hostname and port that
# the server uses to identify itself. This is used when creating
# redirection URLs. In the context of virtual hosts, the ServerName
# specifies what hostname must appear in the request's Host: header to
# match this virtual host. For the default virtual host (this file) this
# value is not decisive as it is used as a last resort host regardless.
# However, you must set it for any further virtual host explicitly.
#ServerName www.example.com
ServerAdmin webmaster@localhost
DocumentRoot /var/www/html
# Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
# error, crit, alert, emerg.
# It is also possible to configure the loglevel for particular
# modules, e.g.
#LogLevel info ssl:warn
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
# For most configuration files from conf-available/, which are
# enabled or disabled at a global level, it is possible to
# include a line for only one particular virtual host. For example the
# following line enables the CGI configuration for this host only
# after it has been globally disabled with "a2disconf".
#Include conf-available/serve-cgi-bin.conf
# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
==anchikin.conf==
DocumentRoot "/var/www/anchikin.develop"
ServerName anchikin.local
ServerAlias www.anchikin.local
==asps.conf==
DocumentRoot "/var/www/asps.vgr"
ServerName asps.localhost
ServerAlias www.asps.localhost
DocumentRoot "/var/www/asps.vgr"
ServerName asps.localhost
ServerAlias www.asps.localhost
SSLEngine on
SSLProtocol all -SSLv2
SSLCertificateFile "/mycert/asps.pem"
SSLCertificateKeyFile "/mycert/asps.key"
==asu.conf==
DocumentRoot "/var/www/asu"
ErrorLog "/var/www/log/asu_error.log"
CustomLog "/var/www/log/asu.localhost-access.log" common
ServerName asu.localhost
ServerAlias www.asu.localhost
KeepAlive On
KeepAliveTimeout 3000
MaxKeepAliveRequests 1000
==default-ssl.conf==
....
==kartoteka.conf==
DocumentRoot "/var/www/new.kartoteka.ru/webdata"
ErrorLog "/var/www/log/kartoteka_error.log"
ServerName kartoteka.local
ServerAlias www.kartoteka.local
KeepAlive On
KeepAliveTimeout 3000
MaxKeepAliveRequests 1000
==libs.conf==
DocumentRoot "/var/www/libs"
ServerName libs.localhost
ServerAlias www.libs.localhost
==srpi.conf==
DocumentRoot "/var/www/srpi"
ServerName srpi.localhost
ServerAlias www.srpi.localhost
==vestnik.conf==
DocumentRoot "/var/www/vestnik"
ServerName vestnik.localhost
ServerAlias www.vestnik.localhost
----
====Config Nginx====
server {
listen 192.168.0.100:80;
server_name asu.local;
return 301 https://asu.local$request_uri;
}
server {
listen 192.168.0.100:443 ssl http2;
set $site_name "asu.local";
server_name asu.local;
set $root_path "/usr/local/www/asu.local/webdata";
root $root_path;
index index.php index.html index.htm;
access_log /var/log/nginx/asu.local.access.log;
error_log /var/log/nginx/asu.local.error.log;
gzip on;
gzip_http_version 1.1;
gzip_buffers 32 4k;
gzip_comp_level 5;
gzip_min_length 256;
gzip_proxied expired no-cache no-store private auth;
gzip_vary on;
gzip_disable "MSIE [1-6]\.(?!.*SV1)";
gzip_static on;
gzip_types text/plain text/css text/js text/json text/xml text/javascript text/x-component application/javascript application/x-javascript application/json application/xml application/rss+xml application/font-woff font/truetype font/opentype application/vnd.ms-fontobject image/svg+xml image/x-icon ;
add_header X-Frame-Options "SAMEORIGIN";
add_header X-Content-Type-Options nosniff;
add_header x-xss-protection "1; mode=block" always;
add_header X-Content-Security-Policy "allow 'self'";
add_header X-WebKit-CSP "allow 'self'";
ssl_certificate /******/cert.crt;
ssl_certificate_key /******/private.key;
ssl_protocols TLSv1.2;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:!DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA;
ssl_session_timeout 5m;
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:50m;
ssl_dhparam /*****/dhparam.pem;
location ~ \.php$ {
add_header Access-Control-Allow-Origin *;
add_header x-xss-protection "1; mode=block" always;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $root_path$fastcgi_script_name;
fastcgi_param DOCUMENT_ROOT $root_path; # ▒▒▒▒ ▒▒▒▒▒▒▒▒ ▒▒▒▒▒ ▒▒▒▒▒▒▒▒ ▒▒ root ▒ ▒▒▒▒▒▒ server
fastcgi_pass php-fpm;
fastcgi_param PHP_VALUE session.save_path="/var/tmp/php";
fastcgi_buffer_size 32k;
fastcgi_buffers 4 32k;
fastcgi_read_timeout 50000;
fastcgi_hide_header X-Powered-By;
}
location ~*\.(js)$ {
root $root_path;
expires 12M;
add_header x-xss-protection "1; mode=block" always;
}
location ~*\.(jpg|jpeg|gif|png|css|zip|tgz|gz|rar|bz2|doc|xls|exe|pdf|ppt|tar|wav|bmp|rtf|swf|ico|flv|txt|xml|docx|xlsx|ttf|woff|woff2|mp3)$ {
root $root_path;
expires 12M;
add_header Pragma public;
add_header Cache-Control "max-age=31536000, public";
access_log off;
log_not_found off;
}
if ($uri ~ ^/(site\/ping|robots\.txt)$) {
set $maintenance off;
}
location = /favicon.ico {
log_not_found off;
access_log off;
}
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
location ~ /\.ht {
deny all;
}
location ~ /.svn/ {
deny all;
}
location ~ ^/(status|ping)$ {
access_log off;
allow 127.0.0.1;
allow 192.168.0.11;
deny all;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $fastcgi_script_name;
fastcgi_pass php-fpm;
}
}