Merge pull request #87 from niiknow/master

bump

Dockerfile

@@ -1,8 +1,8 @@
-FROM niiknow/docker-hostingbase:1.4.1
+FROM niiknow/docker-hostingbase:1.4.2
 LABEL maintainer="noogen <[email protected]>"
 ENV DEBIAN_FRONTEND=noninteractive \
     VESTA=/usr/local/vesta \
-    GOLANG_VERSION=1.12.4 \
+    GOLANG_VERSION=1.12.5 \
     NGINX_BUILD_DIR=/usr/src/nginx \
     NGINX_DEVEL_KIT_VERSION=0.3.0 NGINX_SET_MISC_MODULE_VERSION=0.32 \
     NGINX_VERSION=1.16.0 \
@@ -67,15 +67,15 @@ RUN cd /tmp \
         php7.1-enchant php7.1-imap php7.1-xsl php7.1-mysql php7.1-mysqli php7.1-mysqlnd php7.1-pspell php7.1-gd php7.1-zip \
         php7.1-tidy php7.1-opcache php7.1-json php7.1-bz2 php7.1-pgsql php7.1-mcrypt php7.1-readline php7.1-imagick \
         php7.1-intl php7.1-sqlite3 php7.1-ldap php7.1-xml php7.1-redis php7.1-dev php7.1-fpm php7.1-sodium \
-        php7.1-soap php7.1-bcmath php7.1-fileinfo php7.1-xdebug php7.1-exif php7.1-tokenizer \
+        php7.1-soap php7.1-bcmath php7.1-fileinfo php7.1-xdebug php7.1-exif php7.1-tokenizer php7.1-phar \
     && apt-get install -yq php7.2-mbstring php7.2-cgi php7.2-cli php7.2-dev php7.2-geoip php7.2-common php7.2-xmlrpc php7.2-sybase php7.2-curl \
         php7.2-enchant php7.2-imap php7.2-xsl php7.2-mysql php7.2-mysqli php7.2-mysqlnd php7.2-pspell php7.2-gd php7.2-zip \
-        php7.2-tidy php7.2-opcache php7.2-json php7.2-bz2 php7.2-pgsql php7.2-readline php7.2-imagick \
+        php7.2-tidy php7.2-opcache php7.2-json php7.2-bz2 php7.2-pgsql php7.2-readline php7.2-imagick php7.2-phar \
         php7.2-intl php7.2-sqlite3 php7.2-ldap php7.2-xml php7.2-redis php7.2-dev php7.2-fpm \
         php7.2-soap php7.2-bcmath php7.2-fileinfo php7.2-xdebug php7.2-exif php7.2-tokenizer \
     && apt-get install -yq php7.3-mbstring php7.3-cgi php7.3-cli php7.3-dev php7.3-geoip php7.3-common php7.3-xmlrpc php7.3-sybase php7.3-curl \
         php7.3-enchant php7.3-imap php7.3-xsl php7.3-mysql php7.3-mysqli php7.3-mysqlnd php7.3-pspell php7.3-gd php7.3-zip \
-        php7.3-tidy php7.3-opcache php7.3-json php7.3-bz2 php7.3-pgsql php7.3-readline php7.3-imagick \
+        php7.3-tidy php7.3-opcache php7.3-json php7.3-bz2 php7.3-pgsql php7.3-readline php7.3-imagick php7.3-phar \
         php7.3-intl php7.3-sqlite3 php7.3-ldap php7.3-xml php7.3-redis php7.3-dev php7.3-fpm \
         php7.3-soap php7.3-bcmath php7.3-fileinfo php7.3-xdebug php7.3-exif php7.3-tokenizer \
 
@@ -123,11 +123,6 @@ RUN cd /tmp \
         openvpn mongodb-org php-mongodb couchdb dotnet-sdk-2.2 poppler-utils ghostscript \
         libgs-dev imagemagick python3.7 \
 
-# make sure we default fcgi and php to 7.2
-    && mv /usr/bin/php-cgi /usr/bin/php-cgi-old \
-    && ln -s /usr/bin/php-cgi7.2 /usr/bin/php-cgi \
-    && /usr/bin/switch-php.sh "7.2" \
-
 # default python 3.7
     && ln -sf $(which python3.7) /usr/bin/python3 \
 
@@ -160,9 +155,28 @@ RUN cd /tmp \
     && mv /sysprepz/admin/bin/vesta-*.sh /bin \
 
 # install iconcube loader extension
+    && /bin/vesta-ioncube-install.sh 7.3 \
     && /bin/vesta-ioncube-install.sh 7.1 \
     && /bin/vesta-ioncube-install.sh 7.2 \
-    && /bin/vesta-ioncube-install.sh 7.3 \
+
+# make sure we default fcgi and php to 7.2
+    && mv /usr/bin/php-cgi /usr/bin/php-cgi-old \
+    && ln -s /usr/bin/php-cgi7.2 /usr/bin/php-cgi \
+    && /usr/bin/switch-php.sh "7.2" \
+    && curl -sS https://getcomposer.org/installer | php -- --install-dir=/usr/local/bin --filename=composer \
+
+# remove phpmyadmin, phppgadmin
+    && rm -rf /usr/share/phpmyadmin/* && rm -rf /usr/share/phppgadmin/* \
+
+# install adminer
+    && rm -rf /usr/share/adminer && mkdir -p /usr/share/adminer/public \
+    && curl -SL https://www.adminer.org/latest.php --output /usr/share/adminer/public/index.php \
+
+# overwrite (phpmyadmin, phppgadmin) with adminer
+    && mkdir -p /etc/nginx/conf-d \
+    && rsync -a /etc/nginx/conf.d/* /etc/nginx/conf-d \
+    && echo 'include /etc/nginx/conf.d/dbadmin.inc;' > /etc/nginx/conf.d/phpmyadmin.inc \
+    && echo 'include /etc/nginx/conf.d/dbadmin.inc;' > /etc/nginx/conf.d/phppgadmin.inc \
 
 # activate ini
     && echo "extension=v8js.so" > /etc/php/7.1/mods-available/v8js.ini \
@@ -534,7 +548,6 @@ RUN cd /tmp \
     && apt-get -yf autoremove \
     && apt-get clean 
 
-
 VOLUME ["/vesta", "/home", "/backup"]
 
 EXPOSE 22 25 53 54 80 110 143 443 465 587 993 995 1194 3000 3306 5432 5984 6379 8083 10022 11211 27017

README.md

@@ -39,7 +39,8 @@ FTP was not installed on purpose because it's not secure.  Use SFTP instead on t
 - [x] Use incrond to watch /etc/{passwd,shadow,gshadow,group} and sync to /backup/.etc so remember to attach the backup volume if you want to save password across restart.
 - [x] AWS CLI has been installed to simplify your backup lifestyle.  You just need to setup a cron on VestaCP.
 - [x] Update *index.html* to remove reference to VestaCP from default site for security.
-- [x] **Dovecot/roundcube email, phpmyadmin, phppgadmin, and DNS services** are disabled by default.  Look at /home/admin/bin/my-startup.sh for instruction on how to re-enable these services.  Remember to restart your container after updating my-startup.sh.
+- [x] **Dovecot/roundcube email, and DNS services** are disabled by default.  Look at /home/admin/bin/my-startup.sh for instruction on how to re-enable these services.  Remember to restart your container after updating my-startup.sh.
+- [x] Replace phpmyadmin and phppgadmin with adminer.
 
 ### misc/tested/verified
 - [x] ssh/sftp, nginx, apache2, php7.1+ & v8js 
@@ -48,7 +49,7 @@ FTP was not installed on purpose because it's not secure.  Use SFTP instead on t
 - [x] Vesta FileManager
 - [x] Letsencrypt
 - [x] Sending/outgoing email, dovecot
-- [x] phpmyadmin, phppgadmin
+- [x] adminer
 - [x] Redis, Memcached
 - [x] nodejs, golang
 - [x] MariaDB/MySQL, PostgreSql, Mongodb
@@ -69,8 +70,37 @@ If you use this Docker for hosting and allow your user to login, I also recommen
 
 Enjoy!!!
 
+### GeoIP Blocking
+```
+http {
+    ...
+    geoip2 /etc/nginx/geoip2/GeoLite2-Country.mmdb {
+        auto_reload 5m;
+        $geoip2_country_code default=US source=$remote_addr country iso_code;
+    }
+    ...
+    map $geoip2_country_code $allowed_country {
+        default yes;
+        FK no;
+        FM no;
+        EH no;
+    }
+}
+
+server {
+    ...
+    if ($allowed_country = no) {
+        return 444;
+    }
+    ...
+}
+```
+
+
 ## Release Notes
-1.6.0 - Add wordpress support.  Fix MongoDB weird build issue.  Python 3.7, DotNetCore 2.2, GoLang 1.12.4, and update postgis-2.4 to postgis-2.5
+1.8.0 - replace phpmyadmin and phppgadmin with adminer.
+
+1.6.0 - Add wordpress support.  Fix MongoDB weird build issue.  Python 3.7, DotNetCore 2.2, GoLang 1.12.5, and update postgis-2.4 to postgis-2.5
 
 1.5.2 - with php7.3 support.
 

rootfs/etc/nginx/conf.d/dbadmin.inc

@@ -0,0 +1,22 @@
+location ~ ^/(phpmyadmin|phppgadmin) {
+    # replacing phpmyadmin and phppgadmin
+    rewrite ^ /dbadmin last;
+}
+
+location ~ ^/dbadmin {
+    alias /usr/share/adminer/public/;
+    index index.php;
+
+    # allow for additional adminer config
+    include /etc/nginx/conf.d/adminer*.inc;
+
+    location ~ ^/dbadmin/(.*\.php)$ {
+        try_files $uri /index.php =404;
+
+        fastcgi_split_path_info ^(.+\.php)(/.+)$;
+        fastcgi_pass  unix:/run/php/php7.2-fpm.sock;
+        fastcgi_index index.php;
+        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
+        include fastcgi_params;
+    }
+}

rootfs/sysprepz/admin/bin/my-startup.sh

@@ -1,8 +1,5 @@
 #!/bin/sh
 
-# re-enable phpmyadmin and phppgadmin
-# rsync -a /etc/apache2/conf-d/php*.conf /etc/apache2/conf.d
-
 # required startup and of course vesta
 cd /etc/init.d/
 ./disable-transparent-hugepages defaults
@@ -15,10 +12,8 @@ cd /etc/init.d/
 ./postgresql start
 ./nginx start
 ./vesta start
+./php7.2-fpm start
+./php7.3-fpm start
 
-# && ./exim4 start \
-# && ./dovecot start \
-# && ./clamav-daemon start \
-# && ./spamassassin start \
-# && ./php7.1-fpm start \
-# && ./fail2ban start \ # -- only if you run with: --cap-add=NET_ADMIN --cap-add=NET_RAW
+# ./fail2ban start \ # -- only if you run with: --cap-add=NET_ADMIN --cap-add=NET_RAW
+# other services (exim4, dovecot, clamav-daemon, spamassassin, couchdb, mongodb)