Initial code base for Sandstorm.IO support. Very beta.

This commit is contained in:
James Cole 2017-02-04 03:04:55 +01:00
parent df1da32745
commit 96b5d174d1
No known key found for this signature in database
GPG Key ID: C16961E655E74B5E
17 changed files with 1897 additions and 0 deletions

55
.env.sandstorm Executable file
View File

@ -0,0 +1,55 @@
APP_ENV=production
APP_DEBUG=true
APP_FORCE_SSL=false
APP_FORCE_ROOT=
APP_KEY=SomeRandomStringOf32CharsExactly
APP_LOG=syslog
APP_LOG_LEVEL=debug
APP_URL=http://localhost
DB_CONNECTION=mysql
DB_HOST=127.0.0.1
DB_PORT=3306
DB_DATABASE=firefly
DB_USERNAME=firefly
DB_PASSWORD=firefly
BROADCAST_DRIVER=log
CACHE_DRIVER=file
SESSION_DRIVER=file
QUEUE_DRIVER=sync
COOKIE_PATH="/"
COOKIE_DOMAIN=
COOKIE_SECURE=false
REDIS_HOST=127.0.0.1
REDIS_PASSWORD=null
REDIS_PORT=6379
MAIL_DRIVER=smtp
MAIL_HOST=mailtrap.io
MAIL_PORT=2525
MAIL_FROM=changeme@example.com
MAIL_USERNAME=null
MAIL_PASSWORD=null
MAIL_ENCRYPTION=null
SEND_REGISTRATION_MAIL=true
SEND_ERROR_MESSAGE=true
SHOW_INCOMPLETE_TRANSLATIONS=false
CACHE_PREFIX=firefly
GOOGLE_MAPS_API_KEY=
ANALYTICS_ID=
SITE_OWNER=mail@example.com
USE_ENCRYPTION=true
PUSHER_KEY=
PUSHER_SECRET=
PUSHER_APP_ID=
DEMO_USERNAME=
DEMO_PASSWORD=

5
.sandstorm/.gitattributes vendored Normal file
View File

@ -0,0 +1,5 @@
# vagrant-spk creates shell scripts, which must end in \n, even on a \r\n system.
*.sh text eol=lf

5
.sandstorm/.gitignore vendored Normal file
View File

@ -0,0 +1,5 @@
# This file stores a list of sub-paths of .sandstorm/ that should be ignored by git.
.vagrant

103
.sandstorm/Vagrantfile vendored Normal file
View File

@ -0,0 +1,103 @@
# -*- mode: ruby -*-
# vi: set ft=ruby :
# Guess at a reasonable name for the VM based on the folder vagrant-spk is
# run from. The timestamp is there to avoid conflicts if you have multiple
# folders with the same name.
VM_NAME = File.basename(File.dirname(File.dirname(__FILE__))) + "_sandstorm_#{Time.now.utc.to_i}"
# Vagrantfile API/syntax version. Don't touch unless you know what you're doing!
VAGRANTFILE_API_VERSION = "2"
Vagrant.configure(VAGRANTFILE_API_VERSION) do |config|
# Base on the Sandstorm snapshots of the official Debian 8 (jessie) box.
config.vm.box = "sandstorm/debian-jessie64"
if Vagrant.has_plugin?("vagrant-vbguest") then
# vagrant-vbguest is a Vagrant plugin that upgrades
# the version of VirtualBox Guest Additions within each
# guest. If you have the vagrant-vbguest plugin, then it
# needs to know how to compile kernel modules, etc., and so
# we give it this hint about operating system type.
config.vm.guest = "debian"
end
# We forward port 6080, the Sandstorm web port, so that developers can
# visit their sandstorm app from their browser as local.sandstorm.io:6080
# (aka 127.0.0.1:6080).
config.vm.network :forwarded_port, guest: 6080, host: 6080
# Use a shell script to "provision" the box. This installs Sandstorm using
# the bundled installer.
config.vm.provision "shell", inline: "sudo bash /opt/app/.sandstorm/global-setup.sh", keep_color: true
# Then, do stack-specific and app-specific setup.
config.vm.provision "shell", inline: "sudo bash /opt/app/.sandstorm/setup.sh", keep_color: true
# Shared folders are configured per-provider since vboxsf can't handle >4096 open files,
# NFS requires privilege escalation every time you bring a VM up,
# and 9p is only available on libvirt.
# Calculate the number of CPUs and the amount of RAM the system has,
# in a platform-dependent way; further logic below.
cpus = nil
total_kB_ram = nil
host = RbConfig::CONFIG['host_os']
if host =~ /darwin/
cpus = `sysctl -n hw.ncpu`.to_i
total_kB_ram = `sysctl -n hw.memsize`.to_i / 1024
elsif host =~ /linux/
cpus = `nproc`.to_i
total_kB_ram = `grep MemTotal /proc/meminfo | awk '{print $2}'`.to_i
elsif host =~ /mingw/
# powershell may not be available on Windows XP and Vista, so wrap this in a rescue block
begin
cpus = `powershell -Command "(Get-WmiObject Win32_Processor -Property NumberOfLogicalProcessors | Select-Object -Property NumberOfLogicalProcessors | Measure-Object NumberOfLogicalProcessors -Sum).Sum"`.to_i
total_kB_ram = `powershell -Command "Get-CimInstance -class cim_physicalmemory | % $_.Capacity}"`.to_i / 1024
rescue
end
end
# Use the same number of CPUs within Vagrant as the system, with 1
# as a default.
#
# Use at least 512MB of RAM, and if the system has more than 2GB of
# RAM, use 1/4 of the system RAM. This seems a reasonable compromise
# between having the Vagrant guest operating system not run out of
# RAM entirely (which it basically would if we went much lower than
# 512MB) and also allowing it to use up a healthily large amount of
# RAM so it can run faster on systems that can afford it.
if cpus.nil? or cpus.zero?
cpus = 1
end
if total_kB_ram.nil? or total_kB_ram < 2048000
assign_ram_mb = 512
else
assign_ram_mb = (total_kB_ram / 1024 / 4)
end
# Actually apply these CPU/memory values to the providers.
config.vm.provider :virtualbox do |vb, override|
vb.cpus = cpus
vb.memory = assign_ram_mb
vb.name = VM_NAME
vb.customize ["modifyvm", :id, "--nictype1", "Am79C973"]
# /opt/app and /host-dot-sandstorm are used by vagrant-spk
override.vm.synced_folder "..", "/opt/app"
override.vm.synced_folder ENV["HOME"] + "/.sandstorm", "/host-dot-sandstorm"
# /vagrant is not used by vagrant-spk; we need this line so it gets disabled; if we removed the
# line, vagrant would automatically insert a synced folder in /vagrant, which is not what we want.
override.vm.synced_folder "..", "/vagrant", disabled: true
end
config.vm.provider :libvirt do |libvirt, override|
libvirt.cpus = cpus
libvirt.memory = assign_ram_mb
libvirt.default_prefix = VM_NAME
# /opt/app and /host-dot-sandstorm are used by vagrant-spk
override.vm.synced_folder "..", "/opt/app", type: "9p", accessmode: "passthrough"
override.vm.synced_folder ENV["HOME"] + "/.sandstorm", "/host-dot-sandstorm", type: "9p", accessmode: "passthrough"
# /vagrant is not used by vagrant-spk; we need this line so it gets disabled; if we removed the
# line, vagrant would automatically insert a synced folder in /vagrant, which is not what we want.
override.vm.synced_folder "..", "/vagrant", type: "9p", accessmode: "passthrough", disabled: true
end
end

21
.sandstorm/build.sh Executable file
View File

@ -0,0 +1,21 @@
#!/bin/bash
# Checks if there's a composer.json, and if so, installs/runs composer.
# Only runs when we connect the app to sandstorm (so once).
set -euo pipefail
cd /opt/app
cp .env.sandstorm .env
if [ -f /opt/app/composer.json ] ; then
if [ ! -f composer.phar ] ; then
curl -sS https://getcomposer.org/installer | php
fi
php composer.phar install --no-dev --no-suggest
fi
# link storage folder
rm -rf /opt/app/storage
ln -s /var/storage /opt/app

44
.sandstorm/global-setup.sh Executable file
View File

@ -0,0 +1,44 @@
#!/bin/bash
set -euo pipefail
# Set options for curl. Since we only want to show errors from these curl commands, we also use
# 'cat' to buffer the output; for more information:
# https://github.com/sandstorm-io/vagrant-spk/issues/158
CURL_OPTS="--silent --show-error"
echo localhost > /etc/hostname
hostname localhost
# The following line copies stderr through stderr to cat without accidentally leaving it in the
# output file. Be careful when changing. See: https://github.com/sandstorm-io/vagrant-spk/pull/159
curl $CURL_OPTS https://install.sandstorm.io/ 2>&1 > /host-dot-sandstorm/caches/install.sh | cat
SANDSTORM_CURRENT_VERSION=$(curl $CURL_OPTS -f "https://install.sandstorm.io/dev?from=0&type=install")
SANDSTORM_PACKAGE="sandstorm-$SANDSTORM_CURRENT_VERSION.tar.xz"
if [[ ! -f /host-dot-sandstorm/caches/$SANDSTORM_PACKAGE ]] ; then
echo -n "Downloading Sandstorm version ${SANDSTORM_CURRENT_VERSION}..."
curl $CURL_OPTS --output "/host-dot-sandstorm/caches/$SANDSTORM_PACKAGE.partial" "https://dl.sandstorm.io/$SANDSTORM_PACKAGE" 2>&1 | cat
mv "/host-dot-sandstorm/caches/$SANDSTORM_PACKAGE.partial" "/host-dot-sandstorm/caches/$SANDSTORM_PACKAGE"
echo "...done."
fi
if [ ! -e /opt/sandstorm/latest/sandstorm ] ; then
echo -n "Installing Sandstorm version ${SANDSTORM_CURRENT_VERSION}..."
bash /host-dot-sandstorm/caches/install.sh -d -e "/host-dot-sandstorm/caches/$SANDSTORM_PACKAGE" >/dev/null
echo "...done."
fi
modprobe ip_tables
# Make the vagrant user part of the sandstorm group so that commands like
# `spk dev` work.
usermod -a -G 'sandstorm' 'vagrant'
# Bind to all addresses, so the vagrant port-forward works.
sudo sed --in-place='' \
--expression='s/^BIND_IP=.*/BIND_IP=0.0.0.0/' \
/opt/sandstorm/sandstorm.conf
sudo service sandstorm restart
# Enable apt-cacher-ng proxy to make things faster if one appears to be running on the gateway IP
GATEWAY_IP=$(ip route | grep ^default | cut -d ' ' -f 3)
if nc -z "$GATEWAY_IP" 3142 ; then
echo "Acquire::http::Proxy \"http://$GATEWAY_IP:3142\";" > /etc/apt/apt.conf.d/80httpproxy
fi
# Configure apt to retry fetching things that fail to download.
echo "APT::Acquire::Retries \"10\";" > /etc/apt/apt.conf.d/80sandstorm-retry

66
.sandstorm/launcher.sh Executable file
View File

@ -0,0 +1,66 @@
#!/bin/bash
# Runs every time we create a new grain!
# Create a bunch of folders under the clean /var that php, nginx, and mysql expect to exist
mkdir -p /var/lib/mysql
mkdir -p /var/lib/nginx
mkdir -p /var/lib/php/sessions/
mkdir -p /var/log
mkdir -p /var/log/mysql
mkdir -p /var/log/nginx
# Wipe /var/run, since pidfiles and socket files from previous launches should go away
# TODO someday: I'd prefer a tmpfs for these.
rm -rf /var/run
mkdir -p /var/run
rm -rf /var/tmp
mkdir -p /var/tmp
mkdir -p /var/run/mysqld
# make storage directories
rm -rf /var/storage
mkdir -p /var/storage/app/public
mkdir -p /var/storage/build
mkdir -p /var/storage/database
mkdir -p /var/storage/debugbar
mkdir -p /var/storage/export
mkdir -p /var/storage/framework/cache
mkdir -p /var/storage/framework/sessions
mkdir -p /var/storage/framework/views
mkdir -p /var/storage/logs
mkdir -p /var/storage/upload
# Ensure mysql tables created
HOME=/etc/mysql /usr/bin/mysql_install_db --force
# Spawn mysqld, php
HOME=/etc/mysql /usr/sbin/mysqld &
/usr/sbin/php-fpm7.0 --nodaemonize --fpm-config /etc/php/7.0/fpm/php-fpm.conf &
# Wait until mysql and php have bound their sockets, indicating readiness
while [ ! -e /var/run/mysqld/mysqld.sock ] ; do
echo "waiting for mysql to be available at /var/run/mysqld/mysqld.sock"
sleep .5
done
while [ ! -e /var/run/php7.0-fpm.sock ] ; do
echo "waiting for php7.0-fpm to be available at /var/run/php7.0-fpm.sock"
sleep .5
done
echo "Installing database.."
# Install database for Firefly III
echo "CREATE DATABASE IF NOT EXISTS firefly; GRANT ALL on firefly.* TO 'firefly'@'localhost' IDENTIFIED BY 'firefly';" | mysql -uroot
echo "Done!"
#echo "Generate key..."
#php /opt/app/artisan key:generate
#echo "Done!"
echo "Migrating..."
php /opt/app/artisan migrate:refresh --seed --force
echo "Done!"
# Start nginx.
/usr/sbin/nginx -c /opt/app/.sandstorm/service-config/nginx.conf -g "daemon off;"

File diff suppressed because it is too large Load Diff

View File

@ -0,0 +1,247 @@
@0x9411e6c8b3c8a4b6;
using Spk = import "/sandstorm/package.capnp";
# This imports:
# $SANDSTORM_HOME/latest/usr/include/sandstorm/package.capnp
# Check out that file to see the full, documented package definition format.
const pkgdef :Spk.PackageDefinition = (
# The package definition. Note that the spk tool looks specifically for the
# "pkgdef" constant.
id = "uws252ya9mep4t77tevn85333xzsgrpgth8q4y1rhknn1hammw70",
# Your app ID is actually its public key. The private key was placed in
# your keyring. All updates must be signed with the same key.
manifest = (
# This manifest is included in your app package to tell Sandstorm
# about your app.
appTitle = (defaultText = "Firefly III"),
appVersion = 0, # Increment this for every release.
appMarketingVersion = (defaultText = "3.4.3"),
# Human-readable representation of appVersion. Should match the way you
# identify versions of your app in documentation and marketing.
actions = [
# Define your "new document" handlers here.
( nounPhrase = (defaultText = "administration"),
command = .myCommand
# The command to run when starting for the first time. (".myCommand"
# is just a constant defined at the bottom of the file.)
)
],
continueCommand = .myCommand,
# This is the command called to start your app back up after it has been
# shut down for inactivity. Here we're using the same command as for
# starting a new instance, but you could use different commands for each
# case.
metadata = (
# Data which is not needed specifically to execute the app, but is useful
# for purposes like marketing and display. These fields are documented at
# https://docs.sandstorm.io/en/latest/developing/publishing-apps/#add-required-metadata
# and (in deeper detail) in the sandstorm source code, in the Metadata section of
# https://github.com/sandstorm-io/sandstorm/blob/master/src/sandstorm/package.capnp
icons = (
# Various icons to represent the app in various contexts.
appGrid = (png = (dpi1x = embed "public/images/logo/firefly-iii-128.png")),
grain = (png = (dpi1x = embed "public/images/logo/firefly-iii-24.png",
dpi2x = embed "public/images/logo/firefly-iii-48.png")),
market = (png = (dpi1x = embed "public/images/logo/firefly-iii-150.png"))
),
website = "https://firefly-iii.github.io/",
# This should be the app's main website url.
codeUrl = "https://github.com/firefly-iii/firefly-iii",
# URL of the app's source code repository, e.g. a GitHub URL.
# Required if you specify a license requiring redistributing code, but optional otherwise.
license = (openSource = void),
# The license this package is distributed under. See
# https://docs.sandstorm.io/en/latest/developing/publishing-apps/#license
categories = [productivity],
# A list of categories/genres to which this app belongs, sorted with best fit first.
# See the list of categories at
# https://docs.sandstorm.io/en/latest/developing/publishing-apps/#categories
author = (
# Fields relating to the author of this app.
contactEmail = "thegrumpydictator@gmail.com",
# Email address to contact for any issues with this app. This includes end-user support
# requests as well as app store administrator requests, so it is very important that this be a
# valid address with someone paying attention to it.
#pgpSignature = embed "path/to/pgp-signature",
# PGP signature attesting responsibility for the app ID. This is a binary-format detached
# signature of the following ASCII message (not including the quotes, no newlines, and
# replacing <app-id> with the standard base-32 text format of the app's ID):
#
# "I am the author of the Sandstorm.io app with the following ID: <app-id>"
#
# You can create a signature file using `gpg` like so:
#
# echo -n "I am the author of the Sandstorm.io app with the following ID: <app-id>" | gpg --sign > pgp-signature
#
# Further details including how to set up GPG and how to use keybase.io can be found
# at https://docs.sandstorm.io/en/latest/developing/publishing-apps/#verify-your-identity
# upstreamAuthor = "Example App Team",
# Name of the original primary author of this app, if it is different from the person who
# produced the Sandstorm package. Setting this implies that the author connected to the PGP
# signature only "packaged" the app for Sandstorm, rather than developing the app.
# Remove this line if you consider yourself as the author of the app.
),
#pgpKeyring = embed "path/to/pgp-keyring",
# A keyring in GPG keyring format containing all public keys needed to verify PGP signatures in
# this manifest (as of this writing, there is only one: `author.pgpSignature`).
#
# To generate a keyring containing just your public key, do:
#
# gpg --export <key-id> > keyring
#
# Where `<key-id>` is a PGP key ID or email address associated with the key.
#description = (defaultText = embed "path/to/description.md"),
# The app's description in Github-flavored Markdown format, to be displayed e.g.
# in an app store. Note that the Markdown is not permitted to contain HTML nor image tags (but
# you can include a list of screenshots separately).
shortDescription = (defaultText = "Financial management"),
# A very short (one-to-three words) description of what the app does. For example,
# "Document editor", or "Notetaking", or "Email client". This will be displayed under the app
# title in the grid view in the app market.
screenshots = [
# Screenshots to use for marketing purposes. Examples below.
# Sizes are given in device-independent pixels, so if you took these
# screenshots on a Retina-style high DPI screen, divide each dimension by two.
#(width = 746, height = 795, jpeg = embed "path/to/screenshot-1.jpeg"),
#(width = 640, height = 480, png = embed "path/to/screenshot-2.png"),
],
#changeLog = (defaultText = embed "path/to/sandstorm-specific/changelog.md"),
# Documents the history of changes in Github-flavored markdown format (with the same restrictions
# as govern `description`). We recommend formatting this with an H1 heading for each version
# followed by a bullet list of changes.
),
),
sourceMap = (
# Here we defined where to look for files to copy into your package. The
# `spk dev` command actually figures out what files your app needs
# automatically by running it on a FUSE filesystem. So, the mappings
# here are only to tell it where to find files that the app wants.
searchPath = [
( sourcePath = "." ), # Search this directory first.
( sourcePath = "/", # Then search the system root directory.
hidePaths = [ "home", "proc", "sys",
"etc/passwd", "etc/hosts", "etc/host.conf",
"etc/nsswitch.conf", "etc/resolv.conf" ]
# You probably don't want the app pulling files from these places,
# so we hide them. Note that /dev, /var, and /tmp are implicitly
# hidden because Sandstorm itself provides them.
)
]
),
fileList = "sandstorm-files.list",
# `spk dev` will write a list of all the files your app uses to this file.
# You should review it later, before shipping your app.
alwaysInclude = [],
# Fill this list with more names of files or directories that should be
# included in your package, even if not listed in sandstorm-files.list.
# Use this to force-include stuff that you know you need but which may
# not have been detected as a dependency during `spk dev`. If you list
# a directory here, its entire contents will be included recursively.
#bridgeConfig = (
# # Used for integrating permissions and roles into the Sandstorm shell
# # and for sandstorm-http-bridge to pass to your app.
# # Uncomment this block and adjust the permissions and roles to make
# # sense for your app.
# # For more information, see high-level documentation at
# # https://docs.sandstorm.io/en/latest/developing/auth/
# # and advanced details in the "BridgeConfig" section of
# # https://github.com/sandstorm-io/sandstorm/blob/master/src/sandstorm/package.capnp
# viewInfo = (
# # For details on the viewInfo field, consult "ViewInfo" in
# # https://github.com/sandstorm-io/sandstorm/blob/master/src/sandstorm/grain.capnp
#
# permissions = [
# # Permissions which a user may or may not possess. A user's current
# # permissions are passed to the app as a comma-separated list of `name`
# # fields in the X-Sandstorm-Permissions header with each request.
# #
# # IMPORTANT: only ever append to this list! Reordering or removing fields
# # will change behavior and permissions for existing grains! To deprecate a
# # permission, or for more information, see "PermissionDef" in
# # https://github.com/sandstorm-io/sandstorm/blob/master/src/sandstorm/grain.capnp
# (
# name = "editor",
# # Name of the permission, used as an identifier for the permission in cases where string
# # names are preferred. Used in sandstorm-http-bridge's X-Sandstorm-Permissions HTTP header.
#
# title = (defaultText = "editor"),
# # Display name of the permission, e.g. to display in a checklist of permissions
# # that may be assigned when sharing.
#
# description = (defaultText = "grants ability to modify data"),
# # Prose describing what this role means, suitable for a tool tip or similar help text.
# ),
# ],
# roles = [
# # Roles are logical collections of permissions. For instance, your app may have
# # a "viewer" role and an "editor" role
# (
# title = (defaultText = "editor"),
# # Name of the role. Shown in the Sandstorm UI to indicate which users have which roles.
#
# permissions = [true],
# # An array indicating which permissions this role carries.
# # It should be the same length as the permissions array in
# # viewInfo, and the order of the lists must match.
#
# verbPhrase = (defaultText = "can make changes to the document"),
# # Brief explanatory text to show in the sharing UI indicating
# # what a user assigned this role will be able to do with the grain.
#
# description = (defaultText = "editors may view all site data and change settings."),
# # Prose describing what this role means, suitable for a tool tip or similar help text.
# ),
# (
# title = (defaultText = "viewer"),
# permissions = [false],
# verbPhrase = (defaultText = "can view the document"),
# description = (defaultText = "viewers may view what other users have written."),
# ),
# ],
# ),
# #apiPath = "/api",
# # Apps can export an API to the world. The API is to be used primarily by Javascript
# # code and native apps, so it can't serve out regular HTML to browsers. If a request
# # comes in to your app's API, sandstorm-http-bridge will prefix the request's path with
# # this string, if specified.
#),
);
const myCommand :Spk.Manifest.Command = (
# Here we define the command used to start up your server.
argv = ["/sandstorm-http-bridge", "8000", "--", "/opt/app/.sandstorm/launcher.sh"],
environ = [
# Note that this defines the *entire* environment seen by your app.
(key = "PATH", value = "/usr/local/bin:/usr/bin:/bin"),
(key = "SANDSTORM", value = "1"),
# Export SANDSTORM=1 into the environment, so that apps running within Sandstorm
# can detect if $SANDSTORM="1" at runtime, switching UI and/or backend to use
# the app's Sandstorm-specific integration code.
]
);

View File

@ -0,0 +1,89 @@
types {
text/html html htm shtml;
text/css css;
text/xml xml;
image/gif gif;
image/jpeg jpeg jpg;
application/javascript js;
application/atom+xml atom;
application/rss+xml rss;
text/mathml mml;
text/plain txt;
text/vnd.sun.j2me.app-descriptor jad;
text/vnd.wap.wml wml;
text/x-component htc;
image/png png;
image/tiff tif tiff;
image/vnd.wap.wbmp wbmp;
image/x-icon ico;
image/x-jng jng;
image/x-ms-bmp bmp;
image/svg+xml svg svgz;
image/webp webp;
application/font-woff woff;
application/java-archive jar war ear;
application/json json;
application/mac-binhex40 hqx;
application/msword doc;
application/pdf pdf;
application/postscript ps eps ai;
application/rtf rtf;
application/vnd.apple.mpegurl m3u8;
application/vnd.ms-excel xls;
application/vnd.ms-fontobject eot;
application/vnd.ms-powerpoint ppt;
application/vnd.wap.wmlc wmlc;
application/vnd.google-earth.kml+xml kml;
application/vnd.google-earth.kmz kmz;
application/x-7z-compressed 7z;
application/x-cocoa cco;
application/x-java-archive-diff jardiff;
application/x-java-jnlp-file jnlp;
application/x-makeself run;
application/x-perl pl pm;
application/x-pilot prc pdb;
application/x-rar-compressed rar;
application/x-redhat-package-manager rpm;
application/x-sea sea;
application/x-shockwave-flash swf;
application/x-stuffit sit;
application/x-tcl tcl tk;
application/x-x509-ca-cert der pem crt;
application/x-xpinstall xpi;
application/xhtml+xml xhtml;
application/xspf+xml xspf;
application/zip zip;
application/octet-stream bin exe dll;
application/octet-stream deb;
application/octet-stream dmg;
application/octet-stream iso img;
application/octet-stream msi msp msm;
application/vnd.openxmlformats-officedocument.wordprocessingml.document docx;
application/vnd.openxmlformats-officedocument.spreadsheetml.sheet xlsx;
application/vnd.openxmlformats-officedocument.presentationml.presentation pptx;
audio/midi mid midi kar;
audio/mpeg mp3;
audio/ogg ogg;
audio/x-m4a m4a;
audio/x-realaudio ra;
video/3gpp 3gpp 3gp;
video/mp2t ts;
video/mp4 mp4;
video/mpeg mpeg mpg;
video/quicktime mov;
video/webm webm;
video/x-flv flv;
video/x-m4v m4v;
video/x-mng mng;
video/x-ms-asf asx asf;
video/x-ms-wmv wmv;
video/x-msvideo avi;
}

View File

@ -0,0 +1,87 @@
worker_processes 4;
pid /var/run/nginx.pid;
events {
worker_connections 768;
# multi_accept on;
}
http {
# Basic Settings
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
# server_names_hash_bucket_size 64;
server_tokens off;
server_name_in_redirect off;
include mime.types;
default_type application/octet-stream;
# Logging
access_log off;
error_log stderr;
# Prevent nginx from adding compression; this interacts badly with Sandstorm
# WebSession due to https://github.com/sandstorm-io/sandstorm/issues/289
gzip off;
# Trust the sandstorm-http-bridge's X-Forwarded-Proto.
map $http_x_forwarded_proto $fe_https {
default "";
https on;
}
server {
listen 8000 default_server;
listen [::]:8000 default_server ipv6only=on;
# Allow arbitrarily large bodies - Sandstorm can handle them, and requests
# are authenticated already, so there's no reason for apps to add additional
# limits by default.
client_max_body_size 0;
server_name localhost;
root /opt/app/public;
location / {
index index.php;
try_files $uri $uri/ /index.php?$query_string;
autoindex on;
sendfile off;
}
location ~ \.php$ {
try_files $uri =404;
fastcgi_pass unix:/var/run/php7.0-fpm.sock;
fastcgi_index index.php;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param QUERY_STRING $query_string;
fastcgi_param REQUEST_METHOD $request_method;
fastcgi_param CONTENT_TYPE $content_type;
fastcgi_param CONTENT_LENGTH $content_length;
fastcgi_param SCRIPT_NAME $fastcgi_script_name;
fastcgi_param REQUEST_URI $request_uri;
fastcgi_param DOCUMENT_URI $document_uri;
fastcgi_param DOCUMENT_ROOT $document_root;
fastcgi_param SERVER_PROTOCOL $server_protocol;
fastcgi_param HTTPS $fe_https if_not_empty;
fastcgi_param GATEWAY_INTERFACE CGI/1.1;
fastcgi_param SERVER_SOFTWARE nginx/$nginx_version;
fastcgi_param REMOTE_ADDR $remote_addr;
fastcgi_param REMOTE_PORT $remote_port;
fastcgi_param SERVER_ADDR $server_addr;
fastcgi_param SERVER_PORT $server_port;
fastcgi_param SERVER_NAME $server_name;
# PHP only, required if PHP was built with --enable-force-cgi-redirect
#fastcgi_param REDIRECT_STATUS 200;
}
}
}

61
.sandstorm/setup.sh Executable file
View File

@ -0,0 +1,61 @@
#!/bin/bash
# When you change this file, you must take manual action. Read this doc:
# - https://docs.sandstorm.io/en/latest/vagrant-spk/customizing/#setupsh
set -euo pipefail
export DEBIAN_FRONTEND=noninteractive
# install packages so we can install apt-add-repository.
apt-get update
apt-get install -y python-software-properties software-properties-common
# actually add repository
apt-key adv --keyserver keyserver.ubuntu.com --recv-keys E9C74FEEA2098A6E
add-apt-repository "deb http://packages.dotdeb.org jessie all"
# install packages.
apt-get update
apt-get install -y nginx php7.0-fpm php7.0-mysql php7.0-cli php7.0-curl git php7.0-dev php7.0-intl php7.0-dom php7.0-mbstring php7.0-bcmath mysql-server
service nginx stop
service php7.0-fpm stop
service mysql stop
systemctl disable nginx
systemctl disable php7.0-fpm
systemctl disable mysql
# patch /etc/php/7.0/fpm/pool.d/www.conf to not change uid/gid to www-data
sed --in-place='' \
--expression='s/^listen.owner = www-data/;listen.owner = www-data/' \
--expression='s/^listen.group = www-data/;listen.group = www-data/' \
/etc/php/7.0/fpm/pool.d/www.conf
# patch /etc/php/7.0/fpm/php-fpm.conf to not have a pidfile
sed --in-place='' \
--expression='s/^pid =/;pid =/' \
/etc/php/7.0/fpm/php-fpm.conf
# move sock file to better dir:
sed --in-place='' \
--expression='s/^listen = \/run\/php\/php7.0-fpm.sock/listen = \/var\/run\/php7.0-fpm.sock/' \
/etc/php/7.0/fpm/pool.d/www.conf
# patch /etc/php/7.0/fpm/pool.d/www.conf to no clear environment variables
# so we can pass in SANDSTORM=1 to apps
sed --in-place='' \
--expression='s/^;clear_env = no/clear_env=no/' \
/etc/php/7.0/fpm/pool.d/www.conf
# patch mysql conf to not change uid, and to use /var/tmp over /tmp
# for secure-file-priv see https://github.com/sandstorm-io/vagrant-spk/issues/195
sed --in-place='' \
--expression='s/^user\t\t= mysql/#user\t\t= mysql/' \
--expression='s,^tmpdir\t\t= /tmp,tmpdir\t\t= /var/tmp,' \
--expression='/\[mysqld]/ a\ secure-file-priv = ""\' \
/etc/mysql/my.cnf
# patch mysql conf to use smaller transaction logs to save disk space
cat <<EOF > /etc/mysql/conf.d/sandstorm.cnf
[mysqld]
# Set the transaction log file to the minimum allowed size to save disk space.
# innodb_log_file_size = 1048576
# Set the main data file to grow by 1MB at a time, rather than 8MB at a time.
innodb_autoextend_increment = 1
EOF

1
.sandstorm/stack Normal file
View File

@ -0,0 +1 @@
lemp

Binary file not shown.

After

Width:  |  Height:  |  Size: 14 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 15 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 2.5 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 4.7 KiB