diff --git a/Dockerfile b/Dockerfile index 307b194..a136af8 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,22 +1,22 @@ -FROM alpine:3.20 +FROM alpine:3.21 -RUN apk add php83 php83-fpm php83-dom php83-curl php83-json php83-openssl nginx --no-cache +RUN apk add php84 php84-fpm php84-dom php84-curl php84-openssl nginx --no-cache RUN sed -i '/user nginx;/d' /etc/nginx/nginx.conf \ - && sed -i 's/^user = nobody/; user = nobody/' /etc/php83/php-fpm.d/www.conf \ - && sed -i 's/^group = nobody/; group = nobody/' /etc/php83/php-fpm.d/www.conf \ - && sed -i 's/listen = 127.0.0.1:9000/listen = \/run\/php\/php-fpm83.sock/' /etc/php83/php-fpm.d/www.conf \ - && sed -i 's/;listen.owner = nobody/listen.owner = nginx/' /etc/php83/php-fpm.d/www.conf \ - && sed -i 's/;listen.group = nobody/listen.group = nginx/' /etc/php83/php-fpm.d/www.conf \ - && sed -i 's/;listen.mode/listen.mode/' /etc/php83/php-fpm.d/www.conf \ - && sed -i 's/;listen.allowed_clients/listen.allowed_clients/' /etc/php83/php-fpm.d/www.conf + && sed -i 's/^; user = nobody/user = nobody/' /etc/php84/php-fpm.d/www.conf \ + && sed -i 's/^; group = nobody/group = nobody/' /etc/php84/php-fpm.d/www.conf \ + && sed -i 's/listen = 127.0.0.1:9000/listen = \/run\/php\/php-fpm84.sock/' /etc/php84/php-fpm.d/www.conf \ + && sed -i 's/;listen.owner = nobody/listen.owner = nginx/' /etc/php84/php-fpm.d/www.conf \ + && sed -i 's/;listen.group = nobody/listen.group = nginx/' /etc/php84/php-fpm.d/www.conf \ + && sed -i 's/;listen.mode/listen.mode/' /etc/php84/php-fpm.d/www.conf \ + && sed -i 's/;listen.allowed_clients/listen.allowed_clients/' /etc/php84/php-fpm.d/www.conf RUN mkdir -p /var/www/binternet /run/php COPY . /var/www/binternet COPY nginx.conf /etc/nginx/http.d/binternet.conf RUN rm /var/www/binternet/nginx.conf /etc/nginx/http.d/default.conf \ - && chown -R nginx:nginx /var/log/php83/ /run + && chown -R nginx:nginx /var/log/php84/ /run USER nginx EXPOSE 8080 -ENTRYPOINT ["/bin/sh", "-c" , "/usr/sbin/php-fpm83 -D && /usr/sbin/nginx -c /etc/nginx/nginx.conf -g 'daemon off;'"] +ENTRYPOINT ["/bin/sh", "-c" , "/usr/sbin/php-fpm84 -D && /usr/sbin/nginx -c /etc/nginx/nginx.conf -g 'daemon off;'"] HEALTHCHECK --timeout=5s CMD wget --no-verbose --tries=1 --spider 127.0.0.1:8080 || exit 1 diff --git a/README.md b/README.md index 9a859fa..189b60c 100644 --- a/README.md +++ b/README.md @@ -33,18 +33,16 @@ | Clearnet | TOR | I2P | Country | |-|-|-|-| -| [binternet.ahwx.org](https://binternet.ahwx.org) | no | no | 🇳🇱 NL (Official Instance) | -| no clearnet address | [yes!](http://binternet.skunky7dhv7nohsoalpwe3sxfz3fbkad7r3wk632riye25vqm3meqead.onion) | [yes!](http://5cv2aw6jhe6la444vpn3jvo46442ls3ccgp3difx5ddlv5yf4hlq.b32.i2p) | 🇷🇺 RU | -| [bn.bloat.cat](https://bn.bloat.cat) | no | no | 🇩🇪 DE | -| [bn.opnxng.com](https://bn.opnxng.com) | no | no | 🇸🇬 SG | -| [binternet.ducks.party](https://binternet.ducks.party) | no | no | 🇳🇱 NL | -| [binternet.4o1x5.dev](https://binternet.4o1x5.dev) | no | no | 🇭🇺 HU | -| [binternet.darkness.services](https://binternet.darkness.services) | [yes!](http://binternet.darknessrdor43qkl2ngwitj72zdavfz2cead4t5ed72bybgauww5lyd.onion/) | no | 🇺🇸 US | -| [binternet.privacyredirect.com](https://binternet.privacyredirect.com) | no | no | 🇫🇮 FI | -| [binternet.lunar.icu](https://binternet.lunar.icu) | no | no | 🇩🇪 DE | -| [binternet.bunk.lol](https://binternet.bunk.lol) | no | no | 🇮🇸 IS | -| [pin.blitzw.in](https://pin.blitzw.in) | no | no | 🇩🇰 DK | -| [binternet.canine.tools](https://binternet.canine.tools) | no | no | 🇺🇸 US | +| [binternet.revvy.de](https://binternet.revvy.de/) | [yes!](http://binternet.revvybrr6pvbx4n3j4475h4ghw4elqr4t5xo2vtd3gfpu2nrsnhh57id.onion/) | [yes!](http://revznkqdwy7nmlzql66x226g3qnapiooss3rg2uajbj4rypxjnba.b32.i2p/) | 🇫🇮 FI | +| [binternet.darkness.services](https://binternet.darkness.services/) | [yes!](http://binternet.darknessrdor43qkl2ngwitj72zdavfz2cead4t5ed72bybgauww5lyd.onion/) | no | 🇺🇸 US | +| [bn.bloat.cat](https://bn.bloat.cat/) | no | no | 🇩🇪 DE | +| [bn.opnxng.com](https://bn.opnxng.com/) | no | no | 🇸🇬 SG | +| [binternet.ducks.party](https://binternet.ducks.party/) | no | no | 🇳🇱 NL | +| [binternet.4o1x5.dev](https://binternet.4o1x5.dev/) | no | no | 🇭🇺 HU | +| [binternet.privacyredirect.com](https://binternet.privacyredirect.com/) | no | no | 🇫🇮 FI | +| [binternet.lunar.icu](https://binternet.lunar.icu/) | no | no | 🇩🇪 DE | +| [pin.blitzw.in](https://pin.blitzw.in/) | no | no | 🇩🇰 DK | +| [binternet.canine.tools](https://binternet.canine.tools/) | no | no | 🇺🇸 US |
diff --git a/nginx.conf b/nginx.conf index 1a8da45..24ffac9 100644 --- a/nginx.conf +++ b/nginx.conf @@ -1,4 +1,9 @@ server { + add_header Content-Security-Policy "default-src 'none'; style-src 'self'; img-src 'self'"; + add_header X-Frame-Options "DENY" always; + add_header X-Content-Type-Options "nosniff"; + add_header Permissions-Policy "accelerometer=(), ambient-light-sensor=(), attribution-reporting=(), autoplay=(), bluetooth=(), browsing-topics=(), camera=(), compute-pressure=(), display-capture=(), document-domain=(), encrypted-media=(), fullscreen=(), gamepad=(), geolocation=(), gyroscope=(), hid=(), indentity-credentials-get=(), idle-detection=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), publickey-credentials-create=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), speaker-selection=(), storage-access=(), usb=(), web-share=(), window-management=(), xr-spatial-tracking=()"; + listen 8080 default_server; server_name _; @@ -6,7 +11,7 @@ server { index index.php; location ~ \.php$ { - fastcgi_pass unix:/run/php/php-fpm83.sock; + fastcgi_pass unix:/run/php/php-fpm84.sock; fastcgi_index index.php; fastcgi_param PATH_INFO $path_info; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;