update alpine, php, instance list; add nginx security headers

This commit is contained in:
Revvy 2025-02-08 21:20:44 -05:00
parent a01f9e3617
commit 758a7668a7
No known key found for this signature in database
GPG key ID: 1846DE3699085927
3 changed files with 27 additions and 24 deletions

View file

@ -1,22 +1,22 @@
FROM alpine:3.20
FROM alpine:3.21
RUN apk add php83 php83-fpm php83-dom php83-curl php83-json php83-openssl nginx --no-cache
RUN apk add php84 php84-fpm php84-dom php84-curl php84-openssl nginx --no-cache
RUN sed -i '/user nginx;/d' /etc/nginx/nginx.conf \
&& sed -i 's/^user = nobody/; user = nobody/' /etc/php83/php-fpm.d/www.conf \
&& sed -i 's/^group = nobody/; group = nobody/' /etc/php83/php-fpm.d/www.conf \
&& sed -i 's/listen = 127.0.0.1:9000/listen = \/run\/php\/php-fpm83.sock/' /etc/php83/php-fpm.d/www.conf \
&& sed -i 's/;listen.owner = nobody/listen.owner = nginx/' /etc/php83/php-fpm.d/www.conf \
&& sed -i 's/;listen.group = nobody/listen.group = nginx/' /etc/php83/php-fpm.d/www.conf \
&& sed -i 's/;listen.mode/listen.mode/' /etc/php83/php-fpm.d/www.conf \
&& sed -i 's/;listen.allowed_clients/listen.allowed_clients/' /etc/php83/php-fpm.d/www.conf
&& sed -i 's/^; user = nobody/user = nobody/' /etc/php84/php-fpm.d/www.conf \
&& sed -i 's/^; group = nobody/group = nobody/' /etc/php84/php-fpm.d/www.conf \
&& sed -i 's/listen = 127.0.0.1:9000/listen = \/run\/php\/php-fpm84.sock/' /etc/php84/php-fpm.d/www.conf \
&& sed -i 's/;listen.owner = nobody/listen.owner = nginx/' /etc/php84/php-fpm.d/www.conf \
&& sed -i 's/;listen.group = nobody/listen.group = nginx/' /etc/php84/php-fpm.d/www.conf \
&& sed -i 's/;listen.mode/listen.mode/' /etc/php84/php-fpm.d/www.conf \
&& sed -i 's/;listen.allowed_clients/listen.allowed_clients/' /etc/php84/php-fpm.d/www.conf
RUN mkdir -p /var/www/binternet /run/php
COPY . /var/www/binternet
COPY nginx.conf /etc/nginx/http.d/binternet.conf
RUN rm /var/www/binternet/nginx.conf /etc/nginx/http.d/default.conf \
&& chown -R nginx:nginx /var/log/php83/ /run
&& chown -R nginx:nginx /var/log/php84/ /run
USER nginx
EXPOSE 8080
ENTRYPOINT ["/bin/sh", "-c" , "/usr/sbin/php-fpm83 -D && /usr/sbin/nginx -c /etc/nginx/nginx.conf -g 'daemon off;'"]
ENTRYPOINT ["/bin/sh", "-c" , "/usr/sbin/php-fpm84 -D && /usr/sbin/nginx -c /etc/nginx/nginx.conf -g 'daemon off;'"]
HEALTHCHECK --timeout=5s CMD wget --no-verbose --tries=1 --spider 127.0.0.1:8080 || exit 1

View file

@ -33,18 +33,16 @@
| Clearnet | TOR | I2P | Country |
|-|-|-|-|
| [binternet.ahwx.org](https://binternet.ahwx.org) | no | no | 🇳🇱 NL (Official Instance) |
| no clearnet address | [yes!](http://binternet.skunky7dhv7nohsoalpwe3sxfz3fbkad7r3wk632riye25vqm3meqead.onion) | [yes!](http://5cv2aw6jhe6la444vpn3jvo46442ls3ccgp3difx5ddlv5yf4hlq.b32.i2p) | 🇷🇺 RU |
| [bn.bloat.cat](https://bn.bloat.cat) | no | no | 🇩🇪 DE |
| [bn.opnxng.com](https://bn.opnxng.com) | no | no | 🇸🇬 SG |
| [binternet.ducks.party](https://binternet.ducks.party) | no | no | 🇳🇱 NL |
| [binternet.4o1x5.dev](https://binternet.4o1x5.dev) | no | no | 🇭🇺 HU |
| [binternet.darkness.services](https://binternet.darkness.services) | [yes!](http://binternet.darknessrdor43qkl2ngwitj72zdavfz2cead4t5ed72bybgauww5lyd.onion/) | no | 🇺🇸 US |
| [binternet.privacyredirect.com](https://binternet.privacyredirect.com) | no | no | 🇫🇮 FI |
| [binternet.lunar.icu](https://binternet.lunar.icu) | no | no | 🇩🇪 DE |
| [binternet.bunk.lol](https://binternet.bunk.lol) | no | no | 🇮🇸 IS |
| [pin.blitzw.in](https://pin.blitzw.in) | no | no | 🇩🇰 DK |
| [binternet.canine.tools](https://binternet.canine.tools) | no | no | 🇺🇸 US |
| [binternet.revvy.de](https://binternet.revvy.de/) | [yes!](http://binternet.revvybrr6pvbx4n3j4475h4ghw4elqr4t5xo2vtd3gfpu2nrsnhh57id.onion/) | [yes!](http://revznkqdwy7nmlzql66x226g3qnapiooss3rg2uajbj4rypxjnba.b32.i2p/) | 🇫🇮 FI |
| [binternet.darkness.services](https://binternet.darkness.services/) | [yes!](http://binternet.darknessrdor43qkl2ngwitj72zdavfz2cead4t5ed72bybgauww5lyd.onion/) | no | 🇺🇸 US |
| [bn.bloat.cat](https://bn.bloat.cat/) | no | no | 🇩🇪 DE |
| [bn.opnxng.com](https://bn.opnxng.com/) | no | no | 🇸🇬 SG |
| [binternet.ducks.party](https://binternet.ducks.party/) | no | no | 🇳🇱 NL |
| [binternet.4o1x5.dev](https://binternet.4o1x5.dev/) | no | no | 🇭🇺 HU |
| [binternet.privacyredirect.com](https://binternet.privacyredirect.com/) | no | no | 🇫🇮 FI |
| [binternet.lunar.icu](https://binternet.lunar.icu/) | no | no | 🇩🇪 DE |
| [pin.blitzw.in](https://pin.blitzw.in/) | no | no | 🇩🇰 DK |
| [binternet.canine.tools](https://binternet.canine.tools/) | no | no | 🇺🇸 US |
<br>

View file

@ -1,4 +1,9 @@
server {
add_header Content-Security-Policy "default-src 'none'; style-src 'self'; img-src 'self'";
add_header X-Frame-Options "DENY" always;
add_header X-Content-Type-Options "nosniff";
add_header Permissions-Policy "accelerometer=(), ambient-light-sensor=(), attribution-reporting=(), autoplay=(), bluetooth=(), browsing-topics=(), camera=(), compute-pressure=(), display-capture=(), document-domain=(), encrypted-media=(), fullscreen=(), gamepad=(), geolocation=(), gyroscope=(), hid=(), indentity-credentials-get=(), idle-detection=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), publickey-credentials-create=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), speaker-selection=(), storage-access=(), usb=(), web-share=(), window-management=(), xr-spatial-tracking=()";
listen 8080 default_server;
server_name _;
@ -6,7 +11,7 @@ server {
index index.php;
location ~ \.php$ {
fastcgi_pass unix:/run/php/php-fpm83.sock;
fastcgi_pass unix:/run/php/php-fpm84.sock;
fastcgi_index index.php;
fastcgi_param PATH_INFO $path_info;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;