commit 9fe3464f122d72d616f16cfbb5a9a4a8181c0a1d Author: Sergey Paramoshkin Date: Wed Oct 2 17:32:20 2024 +0300 first commit diff --git a/.env b/.env new file mode 100644 index 0000000..af96ee1 --- /dev/null +++ b/.env @@ -0,0 +1,31 @@ +COMPOSE_PROJECT_NAME=local +NETWORK=local + +FRONT_TAG=master +DOTDOT_TAG=master +LMS_TAG=master +HELP_TAG=master + +PHP_SOCKER_HOST=ws +PHP_SOCKET_PORT=8080 + +MYSQL_PORT=0.0.0.0:3306 +MYSQL_ROOT_PASSWORD=root +MYSQL_DATABASE=dot +MYSQL_USER=dot +MYSQL_PASSWORD=dot + +MAIL_DRIVER=smtp +MAIL_HOST=smtp.mail.ru +MAIL_PORT=465 +MAIL_USERNAME=no_reply@dot-dot.ru +MAIL_PASSWORD=NRTk7rXhesHQpi3YWB92 +MAIL_ENCRYPTION=ssl +MAIL_FROM=no_reply@dot-dot.ru +MAIL_FROM_NAME="No Reply" + +RABBITMQ_USERNAME=ddadmin +RABBITMQ_PASSWORD=local + +REDIS_USERNAME=ddadmin +REDIS_PASSWORD=local diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..2cacb57 --- /dev/null +++ b/.gitignore @@ -0,0 +1,4 @@ +bookstack/ +backups/ +dot-dot +LMS/ \ No newline at end of file diff --git a/.my.cnf b/.my.cnf new file mode 100644 index 0000000..cb50e6b --- /dev/null +++ b/.my.cnf @@ -0,0 +1,5 @@ +[client] +user = root +password = ahwaireiNeebeeW9keiZ +host = db +port = 3306 diff --git a/README.md b/README.md new file mode 100644 index 0000000..732ee7e --- /dev/null +++ b/README.md @@ -0,0 +1,11 @@ +клонируем локальный проект +``` +``` + +клонируем проекты +``` +git clone git@gitea.dot-dot.ru:dot-dot/dot-dot.git +``` + +``` +``` \ No newline at end of file diff --git a/app.sh b/app.sh new file mode 100755 index 0000000..fb89fa3 --- /dev/null +++ b/app.sh @@ -0,0 +1,178 @@ +DIRECTORY=`dirname $0` + +MYSQL_ROOT_PASSWORD=$(grep MYSQL_ROOT_PASSWORD $DIRECTORY"/.env" | xargs) +MYSQL_ROOT_PASSWORD=${MYSQL_ROOT_PASSWORD#*=} + +help() { + echo "run $0 [COMMAND] " + echo ' + "init" - run init flow + "up" - up -d all services + "down" - down all services without volumes + "composer" - run composer ${@:2} + "psalm" - run composer analyse + "php-fixer" - run composer cs + "deptrac" - run composer deptrac + "tests" - run composer tests + "console" - run docker compose exec php ./bin/console ${@:2} + "db" - run mysql shell + "db-create" - crate database + "backup-dev" - + "backup-create" - + "backup-exec" - + "restore-dev" - + "purge-db" - purge database + "restore-db" - restore database from s3 backup + "front" - exec front container + +' +} + +log() { + RED='\e[31m' + GREEN='\e[32m' + + case $2 in + info) + printf "${GREEN}${1}\e[0m\n" + ;; + error) + printf "${RED}${1}\e[0m\n" + ;; + *) + printf "${1}" + ;; + esac +} + +## restore last backup from s3 storage +restoredb() { + log "run restore database" + # rclone copy --verbose selectel:backup_db/dot/dot.$(date +%a).sql.gz backups/ + cat backups/dot.$(date +%a).sql | docker compose exec -T db mysql -uroot -p${MYSQL_ROOT_PASSWORD} dot + # zcat backups/dot.$(date +%a).sql.gz | docker compose exec -T db mysql -uroot -p${MYSQL_ROOT_PASSWORD} dot +} + +checkDockerCompose() { + if ! [ -f "docker-compose.yml" ]; then + log "docker-compose.yml not exist. Run init command" "error" + exit + fi +} + +init() { + dumpfile=$(ls backups/ | sort | tail -1) + if ! [ -f backups/${dumpfile} ]; then + log "put dot.sql to backups directory" "error" + exit + fi + + if ! [ -f ".env" ]; then + log ".env not exist. Run init command" "error" + exit + fi + + up + + docker compose exec php composer install +# docker compose exec front npm i + +# docker compose exec front npm run build + + if ! docker compose exec db mysql -uroot -proot -e "show databases" | grep "dot "; then + createDatabase "dot" + execBackup "dot" ${dumpfile} + fi +} + +up() { + checkDockerCompose + docker compose up -d +} + +down() { + checkDockerCompose + docker compose down +} + +createDatabase() { + docker compose exec db mysql -uroot -p${MYSQL_ROOT_PASSWORD} -e "create database $1" + log "create database $1" "info" +} + +createBackup() { + docker compose exec db mysqldump -uroot -p${MYSQL_ROOT_PASSWORD} $1 > backups/$2.sql +} + +createBackupWithExceptions() { + docker compose exec db mysqldump -uroot -p${MYSQL_ROOT_PASSWORD} --ignore-table=dot.ml_calculator_log dot > backups/dot_develop.sql + docker compose exec db mysqldump -uroot -p${MYSQL_ROOT_PASSWORD} --no-data dot ml_calculator_log >> backups/dot_develop.sql +} + +execBackup() { + zcat backups/$2 | docker compose exec -T db mysql -uroot -p${MYSQL_ROOT_PASSWORD} $1 + log "exec $2.sql backup" "info" +} + +execDevBackup() { + docker compose exec -T db mysql -uroot -p${MYSQL_ROOT_PASSWORD} dot < backups/dot_develop.sql + log "exec dot_develop.sql backup" "info" +} + +purgeDb() { + docker compose exec db mysql -uroot -p${MYSQL_ROOT_PASSWORD} -e "drop database dot" + log "dropped database dot" "info" + docker compose exec db mysql -uroot -p${MYSQL_ROOT_PASSWORD} -e "create database dot" + log "created database dot" "info" +} + +composer() { + docker compose exec php php -d memory_limit=-1 /usr/local/bin/composer ${@:1} +} + +case "$1" in + "help") + help;; + "init") + init;; + "up") + up;; + "down") + down;; + "composer"*) + composer ${@:2};; + "psalm"*) + composer analyse;; + "php-fixer") + composer cs;; + "deptrac") + composer deptrac;; + "tests") + composer tests;; + "console"*) + docker compose exec php ./bin/console ${@:2};; + "db") + docker compose exec db mysql -uroot -p${MYSQL_ROOT_PASSWORD};; + "db-create") + createDatabase $2;; + "backup-dev"*) + createBackupWithExceptions $2;; + "backup-create"*) + createBackup $2 $3;; + "backup-exec"*) + execBackup $2 $3;; + "restore-dev"*) + execDevBackup;; + "purge-db"*) + purgeDb;; + "restore-db") + restoredb;; + "front"*) + case $2 in + *) + docker compose exec nuxt ${@:2};; + esac;; + *) + help + #docker compose exec php ./bin/console ${@:1};; +esac diff --git a/configs/nginx/conf.d/default.conf b/configs/nginx/conf.d/default.conf new file mode 100644 index 0000000..a9fe37d --- /dev/null +++ b/configs/nginx/conf.d/default.conf @@ -0,0 +1,122 @@ +# server { +# listen 80; +# server_name local.dot-dot.ru; +# return 301 https://$server_name$request_uri; +# } + +server { + listen 80; + server_name local.dot-dot.ru; + + + root /application/public; + + client_max_body_size 30m; + + location / { + proxy_pass http://nuxt:3000; + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection 'upgrade'; + proxy_set_header Host $host; + proxy_cache_bypass $http_upgrade; + chunked_transfer_encoding off; + proxy_buffering off; + proxy_cache off; + } + + location /socket.io/auctionreload { + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection $connection_upgrade; + proxy_set_header Host $host; + proxy_pass http://php:8080/; + } + + location @rewriteapp { + rewrite ^(.*)$ /index.php/$1 last; + } + + # location /storybook { + # alias /application/nuxt/storybook-static; + # } + + location /logout { + try_files $uri @rewriteapp; + } + + #location /help { + # proxy_pass http://help-platform; + #} + + location /api { + rewrite ^(.*)$ /index.php/$1 last; + } + + location /clockwork { + rewrite ^(.*)$ /index.php/$1 last; + } + + location /__clockwork { + rewrite ^(.*)$ /index.php/$1 last; + } + + location /pdf { + rewrite ^(.*)$ /index.php/$1 last; + } + + location /1c { + rewrite ^(.*)$ /index.php/$1 last; + } + + location /socket { + try_files $uri @rewriteapp; + } + + location /admin { + try_files $uri @rewriteapp; + } + + location ~* \/admin\/.*(js|jpg|png|css|woff|woff2)$ { + proxy_pass http://static; + } + + location /media { + try_files $uri @rewriteapp; + } + + location /img { + proxy_pass http://static; + # alias /application/public/img; + # try_files $uri /index.php$request_uri; + # expires 6M; + } + + location /robots.txt { + proxy_pass http://static; + } + + location ~ ^/index\.php(/|$) { + if ($request_method = 'OPTIONS') { + add_header 'Access-Control-Allow-Origin' $http_origin; + add_header 'Access-Control-Allow-Credentials' 'true'; + add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS, DELETE'; + add_header 'Access-Control-Allow-Headers' 'DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,X-Expeditor-Domain,Authorization'; + add_header 'Access-Control-Max-Age' 1728000; + add_header 'Content-Type' 'text/plain charset=UTF-8'; + add_header 'Content-Length' 0; + return 204; + } + + #add_header 'Access-Control-Allow-Origin' $http_origin; + add_header 'Access-Control-Allow-Origin' *; + add_header 'Access-Control-Allow-Credentials' 'true'; + add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS, DELETE'; + add_header 'Access-Control-Allow-Headers' 'DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,X-Expeditor-Domain,Authorization'; + + fastcgi_pass backend:9001; + fastcgi_split_path_info ^(.+\.php)(/.*)$; + include fastcgi_params; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + } +} diff --git a/configs/nginx/conf.d/lms.dot-dot.ru.conf.WIP b/configs/nginx/conf.d/lms.dot-dot.ru.conf.WIP new file mode 100644 index 0000000..7117063 --- /dev/null +++ b/configs/nginx/conf.d/lms.dot-dot.ru.conf.WIP @@ -0,0 +1,118 @@ +server { + listen 80; + server_name locallms.dot-dot.ru; + return 301 https://$server_name$request_uri; +} + +server { + listen 443 ssl; + server_name locallms.dot-dot.ru; + + root /application/public; + + + client_max_body_size 30m; + + location / { + proxy_pass http://lms:3000; + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection 'upgrade'; + proxy_set_header Host $host; + proxy_cache_bypass $http_upgrade; + chunked_transfer_encoding off; + proxy_buffering off; + proxy_cache off; + } + + location /socket.io/auctionreload { + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection $connection_upgrade; + proxy_set_header Host $host; + proxy_pass http://php:8080/; + } + + location @rewriteapp { + rewrite ^(.*)$ /index.php/$1 last; + } + + # location /storybook { + # alias /application/nuxt/storybook-static; + # } + + location /logout { + try_files $uri @rewriteapp; + } + + location /api { + rewrite ^(.*)$ /index.php/$1 last; + } + + location /clockwork { + rewrite ^(.*)$ /index.php/$1 last; + } + + location /__clockwork { + rewrite ^(.*)$ /index.php/$1 last; + } + + location /pdf { + rewrite ^(.*)$ /index.php/$1 last; + } + + location /1c { + rewrite ^(.*)$ /index.php/$1 last; + } + + location /socket { + try_files $uri @rewriteapp; + } + + location /admin { + try_files $uri @rewriteapp; + } + + location ~* \/admin\/.*(js|jpg|png|css|woff|woff2)$ { + proxy_pass http://static; + } + + location /media { + try_files $uri @rewriteapp; + } + + location /img { + proxy_pass http://static; + # alias /application/public/img; + # try_files $uri /index.php$request_uri; + # expires 6M; + } + + location /robots.txt { + proxy_pass http://static; + } + + location ~ ^/index\.php(/|$) { + if ($request_method = 'OPTIONS') { + add_header 'Access-Control-Allow-Origin' $http_origin; + add_header 'Access-Control-Allow-Credentials' 'true'; + add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS, DELETE'; + add_header 'Access-Control-Allow-Headers' 'DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,X-Expeditor-Domain,Authorization'; + add_header 'Access-Control-Max-Age' 1728000; + add_header 'Content-Type' 'text/plain charset=UTF-8'; + add_header 'Content-Length' 0; + return 204; + } + + #add_header 'Access-Control-Allow-Origin' $http_origin; + #add_header 'Access-Control-Allow-Origin' *; + #add_header 'Access-Control-Allow-Credentials' 'true'; + #add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS, DELETE'; + #add_header 'Access-Control-Allow-Headers' 'DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,X-Expeditor-Domain,Authorization'; + + fastcgi_pass backend:9001; + fastcgi_split_path_info ^(.+\.php)(/.*)$; + include fastcgi_params; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + } +} diff --git a/configs/nginx/conf.d/rabbitmq.conf b/configs/nginx/conf.d/rabbitmq.conf new file mode 100644 index 0000000..e6b68fe --- /dev/null +++ b/configs/nginx/conf.d/rabbitmq.conf @@ -0,0 +1,42 @@ +# server { +# listen 80; +# server_name localrabbitmq.dot-dot.ru; +# return 301 https://$server_name$request_uri; +# } + +server { + listen 80; + server_name localrabbitmq.dot-dot.ru; + + proxy_buffer_size 128k; + proxy_buffers 4 128k; + client_body_buffer_size 32k; + client_header_buffer_size 256k; + large_client_header_buffers 4 256k; + + location / { + client_max_body_size 600m; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Scheme $scheme; + proxy_set_header Host $http_host; + proxy_redirect off; + proxy_pass http://rabbitmq:15672; + proxy_connect_timeout 600; + proxy_send_timeout 600; + proxy_read_timeout 600; + send_timeout 600; + } + + location /metrics { + client_max_body_size 600m; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Scheme $scheme; + proxy_set_header Host $http_host; + proxy_redirect off; + proxy_pass http://rabbitmq:15692/metrics; + proxy_connect_timeout 600; + proxy_send_timeout 600; + proxy_read_timeout 600; + send_timeout 600; + } +} diff --git a/configs/nginx/nginx.conf b/configs/nginx/nginx.conf new file mode 100644 index 0000000..232db2b --- /dev/null +++ b/configs/nginx/nginx.conf @@ -0,0 +1,65 @@ +user nginx; +worker_processes 16; + +error_log /var/log/nginx/error.log warn; +pid /var/run/nginx.pid; + +events { + worker_connections 10240; + use epoll; + multi_accept on; +} +http { + include /etc/nginx/mime.types; + default_type application/octet-stream; + log_format upstream_time '$remote_addr - $remote_user [$time_local] "$request" $status $body_bytes_sent "$http_referer" rt=$request_time uct=$upstream_connect_time uht=$upstream_header_time urt=$upstream_response_time "$http_user_agent"'; + + log_format json escape=json '{' + '"time":"$time_iso8601",' + '"proxy_protocol_addr":"$proxy_protocol_addr",' + '"remote_addr":"$remote_addr",' + '"x-forward-for":"$proxy_add_x_forwarded_for",' + '"request_id":"$request_id",' + '"request":"$request",' + '"remote_user":"$remote_user",' + '"bytes_sent":"$bytes_sent",' + '"body_bytes_sent":"$body_bytes_sent",' + '"request_time":"$request_time",' + '"status":"$status",' + '"vhost":"$host",' + '"request_proto":"$server_protocol",' + '"path":"$uri",' + '"request_query":"$args",' + '"request_length":"$request_length",' + '"method":"$request_method",' + '"http_referrer":"$http_referer",' + '"http_user_agent":"$http_user_agent",' + '"upstream_addr":"$upstream_addr",' + '"upstream_latency":"$upstream_response_time",' + '"upstream_status":"$upstream_status",' + '"upstream_response_time":"$upstream_response_time",' + '"upstream_connect_time":"$upstream_connect_time",' + '"upstream_header_time":"$upstream_header_time",' + '"upstream_bytes_received":"$upstream_bytes_received",' + '"upstream_bytes_sent":"$upstream_bytes_sent",' + '"tls":"$ssl_protocol/$ssl_cipher"' + '}'; + + access_log /var/log/nginx/access.log json; + +# server_tokens off; +# charset UTF-8; +# sendfile on; +# tcp_nopush on; +# tcp_nodelay on; +# keepalive_requests 1000; +# keepalive_timeout 65; +# #gzip on; + client_max_body_size 30M; + map $http_upgrade $connection_upgrade { + default upgrade; + '' close; + } + resolver 127.0.0.11 ipv6=off valid=1s; + include /etc/nginx/conf.d/*.conf; +} diff --git a/configs/nginx/ssl/dot2023.crt b/configs/nginx/ssl/dot2023.crt new file mode 100644 index 0000000..6dac8f0 --- /dev/null +++ b/configs/nginx/ssl/dot2023.crt @@ -0,0 +1,89 @@ +-----BEGIN CERTIFICATE----- +MIIHQTCCBimgAwIBAgIMYVwKHoDdXb8WTFQpMA0GCSqGSIb3DQEBCwUAMEwxCzAJ +BgNVBAYTAkJFMRkwFwYDVQQKExBHbG9iYWxTaWduIG52LXNhMSIwIAYDVQQDExlB +bHBoYVNTTCBDQSAtIFNIQTI1NiAtIEc0MB4XDTIzMDgwMjE0MTYxN1oXDTI0MDkw +MjE0MTYxNlowFzEVMBMGA1UEAwwMKi5kb3QtZG90LnJ1MIICIjANBgkqhkiG9w0B +AQEFAAOCAg8AMIICCgKCAgEAz6xhGhA8PUZbJ1F9viMiaO4ZiAjSW9YwooX9ATCV +dDp4+ffuBFGel8IxxzxcBIQy4GToEfMgoViifL6OnX0OOQLDEfrWQYATXmkEz9Cq +VVT1F3s+YVxBrdTRpgvPwPb5mFyJ1XtKnyNf7Flb9SKER5Nk8PRY3XOKellv4Nex +VqHnL4ClHvOdsZYNzV3jHJ7CMwQb17h6Qfr9Q7dReLl02xVGbE2sFOLqDbBMq7KZ +yebOxix+4L1p9uT3cqE2Us2rRT5RFP5tmgdB3ALIlID4hfiwlNtSSvgPOaML+6ON +hUo3nNd8zvKa4n9ta9hWAhSe0iBXs2IS3DBTaDJqCm83HW34hp0K0WrBaH8v+RbR +2CCzy9maj4u2wJ95Rqkyj3usc/60wYMBe86cQh1WYMJJDVUPKlctwWFBqsuWr7Or +ikVdMcDb68w+FcEIQGYjVe9tASDAlu4pV0e2KdbtqjX/JgrMf1gRBp0JuPDryzEe +hdTSpoASD/lOp4dXrm6OIGDhQdl2KCvpG3TysFaUDdvoSkLm9CAPqNcICf+XQGpt +/GmjwJlFCWaxlKIec7v9wOdZNr4bbz2Gy8QzbbDfhj34hCUqrJbaNs8KidW8VK5A +bRb6YRW+wjkoeeouoyE2BpspVhuqjwI49Rrc4tWWbqsdV15eaGHuxH8MhzKqIivz +jxcCAwEAAaOCA1YwggNSMA4GA1UdDwEB/wQEAwIFoDCBkwYIKwYBBQUHAQEEgYYw +gYMwRgYIKwYBBQUHMAKGOmh0dHA6Ly9zZWN1cmUuZ2xvYmFsc2lnbi5jb20vY2Fj +ZXJ0L2FscGhhc3NsY2FzaGEyNTZnNC5jcnQwOQYIKwYBBQUHMAGGLWh0dHA6Ly9v +Y3NwLmdsb2JhbHNpZ24uY29tL2FscGhhc3NsY2FzaGEyNTZnNDBXBgNVHSAEUDBO +MAgGBmeBDAECATBCBgorBgEEAaAyCgEDMDQwMgYIKwYBBQUHAgEWJmh0dHBzOi8v +d3d3Lmdsb2JhbHNpZ24uY29tL3JlcG9zaXRvcnkvMAkGA1UdEwQCMAAwQQYDVR0f +BDowODA2oDSgMoYwaHR0cDovL2NybC5nbG9iYWxzaWduLmNvbS9hbHBoYXNzbGNh +c2hhMjU2ZzQuY3JsMCMGA1UdEQQcMBqCDCouZG90LWRvdC5ydYIKZG90LWRvdC5y +dTAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwHwYDVR0jBBgwFoAUT8us +qMLvq92Db2u/zpg9XFgldhUwHQYDVR0OBBYEFIt9yZp7jkyW2E7F5+NDJJmTMtN/ +MIIBfQYKKwYBBAHWeQIEAgSCAW0EggFpAWcAdgDuzdBk1dsazsVct520zROiModG +fLzs3sNRSFlGcR+1mwAAAYm2m1GuAAAEAwBHMEUCIQDVSAsUx+m51oyOz+83SGL2 +JpUGiUKiXgInZsWbG25VygIgLF23BEmAoRV+PFPclVuHrztd4lQecA+32tvUZ3xf +OWQAdQBIsONr2qZHNA/lagL6nTDrHFIBy1bdLIHZu7+rOdiEcwAAAYm2m07AAAAE +AwBGMEQCIE14pWcPqQC25z/q0FR5PaU+xIilbLwXvYm1UvJSajPDAiBEYH/fq9iP +pnK9z+7aLua2mh6uF2RMHRtcE/nbsr2tcQB2ANq2v2s/tbYin5vCu1xr6HCRcWy7 +UYSFNL2kPTBI1/urAAABibabTscAAAQDAEcwRQIgQlo7NdtTa6cyiAKdsfozkLMQ +wt+D4WZCcdzk9GYul74CIQCa7MvbM4pP0jSLN6MYWPEAt0hXiDzHKihtVt0ChW0R +qDANBgkqhkiG9w0BAQsFAAOCAQEAB338wY8/u9tawPiCdr6dD10SO9+mQNCv83xI +Qa7IQ/33VQUMQ6qCMYTLZqu7c/e1x587UG7TLf0I3awEfBbLeMkTJKEooCK9VG3O +nfWD/lTwvr13lEpKuEEx643eqirxJEv3bQTHpQBn1Pkm9Svw/LJWi/bUKg0VNjYs +jQrZYH0q3jzx3dV3S5hUCjGL6d0tflD5w5YHWWMaEuVsn7yYovAROKnYOWuVisPJ +YRA6cADR39usU1CyLTSb50PHUOosnp+YqZCzVkU2Z/gPLyXjiRKU6wou8baSoDHu +KoxoGK4YfjizRTAdEexD+LHh0s1Ev6gr9OetJWPjbhghNGPIbw== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDdTCCAl2gAwIBAgILBAAAAAABFUtaw5QwDQYJKoZIhvcNAQEFBQAwVzELMAkG +A1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExEDAOBgNVBAsTB1Jv +b3QgQ0ExGzAZBgNVBAMTEkdsb2JhbFNpZ24gUm9vdCBDQTAeFw05ODA5MDExMjAw +MDBaFw0yODAxMjgxMjAwMDBaMFcxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9i +YWxTaWduIG52LXNhMRAwDgYDVQQLEwdSb290IENBMRswGQYDVQQDExJHbG9iYWxT +aWduIFJvb3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDaDuaZ +jc6j40+Kfvvxi4Mla+pIH/EqsLmVEQS98GPR4mdmzxzdzxtIK+6NiY6arymAZavp +xy0Sy6scTHAHoT0KMM0VjU/43dSMUBUc71DuxC73/OlS8pF94G3VNTCOXkNz8kHp +1Wrjsok6Vjk4bwY8iGlbKk3Fp1S4bInMm/k8yuX9ifUSPJJ4ltbcdG6TRGHRjcdG +snUOhugZitVtbNV4FpWi6cgKOOvyJBNPc1STE4U6G7weNLWLBYy5d4ux2x8gkasJ +U26Qzns3dLlwR5EiUWMWea6xrkEmCMgZK9FGqkjWZCrXgzT/LCrBbBlDSgeF59N8 +9iFo7+ryUp9/k5DPAgMBAAGjQjBAMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8E +BTADAQH/MB0GA1UdDgQWBBRge2YaRQ2XyolQL30EzTSo//z9SzANBgkqhkiG9w0B +AQUFAAOCAQEA1nPnfE920I2/7LqivjTFKDK1fPxsnCwrvQmeU79rXqoRSLblCKOz +yj1hTdNGCbM+w6DjY1Ub8rrvrTnhQ7k4o+YviiY776BQVvnGCv04zcQLcFGUl5gE +38NflNUVyRRBnMRddWQVDf9VMOyGj/8N7yy5Y0b2qvzfvGn9LhJIZJrglfCm7ymP +AbEVtQwdpf5pLGkkeB6zpxxxYu7KyJesF12KwvhHhm4qxFYxldBniYUr+WymXUad +DKqC5JlR3XC321Y9YeRq4VzW9v493kHMB65jUr9TU/Qr6cf9tveCX4XSQRjbgbME +HMUfpIBvFSDJ3gyICh3WZlXi/EjJKSZp4A== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIEijCCA3KgAwIBAgIQfU1CqStDHX5kU+fBmo1YdzANBgkqhkiG9w0BAQsFADBX +MQswCQYDVQQGEwJCRTEZMBcGA1UEChMQR2xvYmFsU2lnbiBudi1zYTEQMA4GA1UE +CxMHUm9vdCBDQTEbMBkGA1UEAxMSR2xvYmFsU2lnbiBSb290IENBMB4XDTIyMTAx +MjAzNDk0M1oXDTI3MTAxMjAwMDAwMFowTDELMAkGA1UEBhMCQkUxGTAXBgNVBAoT +EEdsb2JhbFNpZ24gbnYtc2ExIjAgBgNVBAMTGUFscGhhU1NMIENBIC0gU0hBMjU2 +IC0gRzQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCtJCmVZhWIPzOH +A3jP1QwkuDFT8/+DImyZlSt85UpZwq7G0Sqd+n8gLlHIZypQkad5VkT7OLU+MI78 +lC7LVwxpU19ExlaWL67ANyWG8XHx3AJFQoZhuDbvUeNzRQyQs6XS5wN6uDlF0Bf1 +AtCUQWrGGLGYwyC1xTrzgrFKpESsIXMqklUGTsh8i7DKZhRUVfgrPLJUkbbLUrLY +42+KRCiwfSvBloC5PgDYnj3oMZ1aTe3Wfk3l1I4D3RKaJ4PU1qHXhHJOge2bjGIG +l6MsaBN+BB2sr6EnxX0xnMIbew2oIfOFoLqs47vh/GH4JN0qql2WBHfDPVDm3b+G +QxY6N/LXAgMBAAGjggFbMIIBVzAOBgNVHQ8BAf8EBAMCAYYwHQYDVR0lBBYwFAYI +KwYBBQUHAwEGCCsGAQUFBwMCMBIGA1UdEwEB/wQIMAYBAf8CAQAwHQYDVR0OBBYE +FE/LrKjC76vdg29rv86YPVxYJXYVMB8GA1UdIwQYMBaAFGB7ZhpFDZfKiVAvfQTN +NKj//P1LMHoGCCsGAQUFBwEBBG4wbDAtBggrBgEFBQcwAYYhaHR0cDovL29jc3Au +Z2xvYmFsc2lnbi5jb20vcm9vdHIxMDsGCCsGAQUFBzAChi9odHRwOi8vc2VjdXJl +Lmdsb2JhbHNpZ24uY29tL2NhY2VydC9yb290LXIxLmNydDAzBgNVHR8ELDAqMCig +JqAkhiJodHRwOi8vY3JsLmdsb2JhbHNpZ24uY29tL3Jvb3QuY3JsMCEGA1UdIAQa +MBgwCAYGZ4EMAQIBMAwGCisGAQQBoDIKAQMwDQYJKoZIhvcNAQELBQADggEBABol +9nNkiECpWQenQ7oVP1FhvRX/LWTdzXpdMmp/SELnEJhoOe+366E0dt8tWGg+ezAc +DPeGYPmp83nAVLeDpji7Nqu8ldB8+G/B6U9GB8i2DDIAqSsFEvcMbWb5gZ2/DmRN +cifGi9FKAuFu2wyft4s4DHwzL2CJ2zjMlUOM3RaE1cxuOs+Om6MCD9G7vnkAtSiC +/OOfHO902f4yI2a48K+gKaAf3lISFXjd32pwQ21LpM3ueIGydaJ+1/z8nv+C7SUT +5bHoz7cYU27LUvh1n2WSNnC6/QwFSoP6gNKa4POO/oO13xjhrLRHJ/04cKMbRALt +JWQkPacJ8SJVhB2R7BI= +-----END CERTIFICATE----- diff --git a/configs/nginx/ssl/dot2023.key b/configs/nginx/ssl/dot2023.key new file mode 100644 index 0000000..a9c3884 --- /dev/null +++ b/configs/nginx/ssl/dot2023.key @@ -0,0 +1,51 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIJKQIBAAKCAgEAz6xhGhA8PUZbJ1F9viMiaO4ZiAjSW9YwooX9ATCVdDp4+ffu +BFGel8IxxzxcBIQy4GToEfMgoViifL6OnX0OOQLDEfrWQYATXmkEz9CqVVT1F3s+ +YVxBrdTRpgvPwPb5mFyJ1XtKnyNf7Flb9SKER5Nk8PRY3XOKellv4NexVqHnL4Cl +HvOdsZYNzV3jHJ7CMwQb17h6Qfr9Q7dReLl02xVGbE2sFOLqDbBMq7KZyebOxix+ +4L1p9uT3cqE2Us2rRT5RFP5tmgdB3ALIlID4hfiwlNtSSvgPOaML+6ONhUo3nNd8 +zvKa4n9ta9hWAhSe0iBXs2IS3DBTaDJqCm83HW34hp0K0WrBaH8v+RbR2CCzy9ma +j4u2wJ95Rqkyj3usc/60wYMBe86cQh1WYMJJDVUPKlctwWFBqsuWr7OrikVdMcDb +68w+FcEIQGYjVe9tASDAlu4pV0e2KdbtqjX/JgrMf1gRBp0JuPDryzEehdTSpoAS +D/lOp4dXrm6OIGDhQdl2KCvpG3TysFaUDdvoSkLm9CAPqNcICf+XQGpt/GmjwJlF +CWaxlKIec7v9wOdZNr4bbz2Gy8QzbbDfhj34hCUqrJbaNs8KidW8VK5AbRb6YRW+ +wjkoeeouoyE2BpspVhuqjwI49Rrc4tWWbqsdV15eaGHuxH8MhzKqIivzjxcCAwEA +AQKCAgEAri0Pi8KOI348uW9ZnPzuwT7hXvy3IZs1Uzo5hqPu1XqtOEm+8RRbhUC0 +azuumYMfAKDhGxzlAy3JqgJQrrnSEfLFFPFifbEjjY1bIckK82K75SPSn+m2lEro +QvGpH1iE4krKt6geX/ZVX29a9vAqLbXrdUQavDFJtXAJq3R8IgLMWUT2OE1utyD5 +FoNmFfz5N7x8daMdtvUBMagwxqYU4iKn2/IRH7tpPm3dACxdW78fMYrkJy32D8Ld +3uBjJXOl7/9iFc+GsSbhD9utyw+YYRTBVTfVf1cpvdeIF1eHPIGQvxTkctV7Hfhu +F4NsL3aH9gh2Rdc9pjtJ2RxfX70DZUJ+mDguAwkVDeLlrxUqanqRAUew9mw4yqFd +Jni5MeSU6+1aSA6rDlCMsXdpaIfozcj9UHfvs8aNTLV0iHs6QG0NVOJhm/DtzPfb +SFQhtJ93CPeuWqdNylFiq0mdhHv09RWiSXOwDZbRmZGdfR8KVEg91LBLw9v+F51L +ewSFZMH6akr+6H6D1kjLumAQsUF6nEsPpVoRZHzvlpUVUKV7q+BI1N/Fqlncw9I+ +9IysFimQbfx9itFlzNfMYOQ1pfP51nuiCflojlOJUP4n3YnzdJA37AwXSZYndyiW +PsX5CWYEOn+IW8TnS9ZoGT1YfsOnNx0oDW6RTu+5m7LjNvnu8jECggEBAO3onsfT +oU/E8AAFf3FVNrGI4GuUWu9Nl1+vClMFRpyOeiSafVvodXg6fgckhOr8KQlfwB1r +QBXz/zkUKV3lWGuONx4z9NAlUB5Nvb3uHof6nWgE4ZZ74CjXR3IZM9WlbcOxB4YV +KjBT+IgvbKv7UdbKGpFq/wZWT1t8MwbjcDcwLSvxXcZOF/VQB7EJftht24Z5Mqfn +B8u2Z6afS2VlX3GbVg8ymsT+ohrKZSsIScrD/c52rDUkiIYldLSljRBaRCxlXwBx +kUMNQvYMtRSv/b22cSAZDXV8vN8gby7XZMM6f3UKYF9BCbxbJvpwbGOsBqrsWySo +JwiayvBMw8kNn9sCggEBAN93KqwxIKplr8yaLc9vFqXR/dLIJkK2YvaYTK9NjGVb +4U5Z18K+Yv57dy7M7sDay61uHG52YEpbiyALD+XaVcWpYBNOvuNiu35Oa4WOdV7N +4yU5+DcjhgJySeiQ64NW8s88yD6pmHzFxXYgKkLkkr2EqaL+yvCYVCs1o5bV0boo +2Y8n8UxjgLSxVWHWALW38IfbI1nkK/IabWO1hl1m8pdXaPZax68NIp3R8YFyWHep +JiJryUAtSbo3QLdXM90OFPLtiSY1faHcvzb7FZ6ux8RKbbXAIkNTcjnf66AQhVNp +jykYRcALX+r+Xj6RLPypwniGDqlhao1dlw2s+VokgHUCggEBALTj2EaLrO1gCjOZ ++oqLhih6sFhb1sB5OI1yI+F383Z6BnjqVkKZfyfJIaYAqGebDwCnowU7VODcQsR9 +he50wUQWP+ZhDtVsaXyBE7Hj6abucNx0SaoHyiqDdTlV3EmnnMvcQKI8WXWhgyjZ +FkG1t0YfKRBEUF/bJD+lMY8dQ2dS5CWzQd/T5PeKwC5lz+JztSSL5m4vhYfoyuqv +173i1C0nNModafw6t7qzBTUw+hqH5uUi6lEF1CBbPl9UOOukFo3DDfbiYtaesLkw +dEakgcPLgjwrkEYyb9Efciolb+HZCqxNFXWXl/V1QS/OZztpwzAWwj4e9H7gY0lO +tNab210CggEAJtLTTRsz66bDBi77KoDIVILJMGepjgmV4/XNzN8SN0HhQPWG8MSW ++lOE/1KHYGYi4Lyyn9ZdIE4LO8PwPSTTpgWpNXGG5IZwwJ7rO0bmyVPH1N3fa+T2 +EVK92HPlFupyQOL0fz6DyZmqlr072mdPvzFfL3xI0cgFR4SIKVp4l3klYyOzXmwj +HkF47gh6Exgj59aAq8tifytsOdh9wZhzKSv8hmB7NMR5cSXaaXzuNcvjXjOPwWCc +4Idc7P1ve0ZJCXOPUl4Ut5xcdDbnKKyA9G9h5CO/UCcdP0TR8PstzrIWNzOKWrUf +MvqCcShTwonTyZCw12ifVHQgHDYjFDAnSQKCAQAqlEkgCuA9ObOsj7W4KM/OjWd/ +wK8EC9oESdBOl9fn/pAktyh73GYYsIqwaHFRDcTLr74ULdqx+4vsOvCXl0wMMFOq +iAZdba8CYtjFVDudJf3oJceSHiITocJqo4H4zOxeL0K1ssoX5caN5kYzYufCfKKH +dGEPWnI+l3akR1kqHL6Xoq0YluPGh6PhkV2X6tuUf4G5K1NEdT4+KE1IeJqFviLd +mOE5sErWyUrQotsI2n14gsdONOwS0FkElGlEZgCPu2uiXhrYeUf+R4r/V3MNtwVl +aFk8InJnkfr7XitOv/Q+eJThwhnnNCrefLj/x9vAHUrNvRf+NpKr1xSDk9fk +-----END RSA PRIVATE KEY----- diff --git a/configs/nginx/ssl/dot2024.crt b/configs/nginx/ssl/dot2024.crt new file mode 100644 index 0000000..c3da3d4 --- /dev/null +++ b/configs/nginx/ssl/dot2024.crt @@ -0,0 +1,107 @@ +-----BEGIN CERTIFICATE----- +MIIHVjCCBj6gAwIBAgIMUR4H/7XMBL9Q9JAXMA0GCSqGSIb3DQEBCwUAMFUxCzAJ +BgNVBAYTAkJFMRkwFwYDVQQKExBHbG9iYWxTaWduIG52LXNhMSswKQYDVQQDEyJH +bG9iYWxTaWduIEdDQyBSNiBBbHBoYVNTTCBDQSAyMDIzMB4XDTI0MDgxNDA0MjQz +MVoXDTI1MDkxNTA0MjQzMFowFzEVMBMGA1UEAwwMKi5kb3QtZG90LnJ1MIICIjAN +BgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA8eI42aZ18C3CHE8CEcUhMwCbfPle +RZg0Egj+gqyiGa/RXjpWm0Zq9MKhOPnal0h2VlFxFNAeyRcy/x7QZloUIDegZYUZ +UW4lMYiEwF9jSXINlfuzgKQhMPB9wnJhNt+O1gdO3u0FVy1ChBv6eat480gvi0wq +EEE6YC09OjFRbErlF1jAFL1QIPOw0xqZrafRp+qfK3DJc8IZsuzhVFIV+CyBA897 +zrUwbF7aYTGwKotk6w11L1TZwK1iiUSkvAGOu1V6LMod3WlHE8YICp3lPuEsj9Zr +nJl0x+3/4XSS7ogcInUdFopf9odLD6umGk1xDIA7uCm9hlyA/YQBmyYinngXyfy1 +6WTDLdIsCNzZpiRvbPxbxvAp7Exmqs5xWmb4qSYSThdZgp/ucJUiN3MWbYcc9fP2 +/wifmes9OlfoAV/QlrpehpaP86VavkS0rBrUGf0OSdC0w79ZAllZeamU9zLHWwIi +LfpzmlqCC9EXrK0GWTl/K2CLgYifoIi8m3053kKKVIXLfuYSlotv9y3hRKxkW0b6 +dtLhP3LjN+lvR7BNKTCNhafyIuHLcXHnj6yKkSYoH/wd/rkQCjlQx8dG419ouW9t +oiSch6x4O/aLyFY3aO4/GnoECLUyUtsrPowF87QE6iiaxI6EokW9HF9hN85OxQ+u +wd7w3gTvSLWR3DcCAwEAAaOCA2IwggNeMA4GA1UdDwEB/wQEAwIFoDAMBgNVHRMB +Af8EAjAAMIGZBggrBgEFBQcBAQSBjDCBiTBJBggrBgEFBQcwAoY9aHR0cDovL3Nl +Y3VyZS5nbG9iYWxzaWduLmNvbS9jYWNlcnQvZ3NnY2NyNmFscGhhc3NsY2EyMDIz +LmNydDA8BggrBgEFBQcwAYYwaHR0cDovL29jc3AuZ2xvYmFsc2lnbi5jb20vZ3Nn +Y2NyNmFscGhhc3NsY2EyMDIzMFcGA1UdIARQME4wCAYGZ4EMAQIBMEIGCisGAQQB +oDIKAQMwNDAyBggrBgEFBQcCARYmaHR0cHM6Ly93d3cuZ2xvYmFsc2lnbi5jb20v +cmVwb3NpdG9yeS8wRAYDVR0fBD0wOzA5oDegNYYzaHR0cDovL2NybC5nbG9iYWxz +aWduLmNvbS9nc2djY3I2YWxwaGFzc2xjYTIwMjMuY3JsMCMGA1UdEQQcMBqCDCou +ZG90LWRvdC5ydYIKZG90LWRvdC5ydTAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYB +BQUHAwIwHwYDVR0jBBgwFoAUvQW384qTPHPLefoPhRKhd5YYkXQwHQYDVR0OBBYE +FEFaB0lwsh68jY4d3zGJ8RSUenjoMIIBfQYKKwYBBAHWeQIEAgSCAW0EggFpAWcA +dQCvGBoo1oyj4KmKTJxnqwn4u7wiuq68sTijoZ3T+bYDDQAAAZFPIWD2AAAEAwBG +MEQCIBr9tqm+1D7C4ecXmA7ne6gHVeLgGOFf3jjnYdz80JWhAiASjtZlH8rYzLwF +3AX/Cfo+7KfRG+mbk2FY9OKJuu7bWgB1ABLxTjS9U3JMhAYZw48/ehP457Vih4ic +bTAFhOvlhiY6AAABkU8hYO0AAAQDAEYwRAIgSFiFncqd8KmZrv8brFZAaKzbCjR1 +GU5ygJCv2K9xWnsCIFuwzf8leBa2eSKvSY7MCUgxXgRFl7rYjPjc6Foap0hyAHcA +DeHyMCvTDcFAYhIJ6lUu/Ed0fLHX6TDvDkIetH5OqjQAAAGRTyFhEgAABAMASDBG +AiEAxlxp+G3ArhozCos4yDTtLSB4sZ8496/R0WAlUqRLeRYCIQDKszlCeQNZB83Y +XGVCkPV+unVCmfKuuUJei1Md9GHjhjANBgkqhkiG9w0BAQsFAAOCAQEAg/1URGZb +xq8lMzrDb95Exkqm45FHLVbifPBSqiyCVtqa9VWDkyAQqCHhaCCB0N1YmCZGbXZy +HefWc8f/v4Kxam/8IpUXAH7U7sWZhX6p1yRn6Z5+FnWoyr1I6t/tDv1yBvB2EsKe +jJPLLPq41Aw6QP5EZ8Eks1VREW5aq2a+8WDJKnL3CCCtlIBh6cntADzZBBE2Zb2E +0/lM83sGLj9vAFw/PIkE/OCVobtpcj56O1UYZs/RDbLNhPUmhUhpSHSaiWU7VXeR +PoLgStsJrBZTSg1bdj8HK32lTzKcYspWwvjzbPclllxGzqKLTIdtCA9SbIl+363n +YMEkGJPyfIu4uQ== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIFjDCCA3SgAwIBAgIQfx8skC6D0OO2+zvuR4tegDANBgkqhkiG9w0BAQsFADBM +MSAwHgYDVQQLExdHbG9iYWxTaWduIFJvb3QgQ0EgLSBSNjETMBEGA1UEChMKR2xv +YmFsU2lnbjETMBEGA1UEAxMKR2xvYmFsU2lnbjAeFw0yMzA3MTkwMzQzMjVaFw0y +NjA3MTkwMDAwMDBaMFUxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9iYWxTaWdu +IG52LXNhMSswKQYDVQQDEyJHbG9iYWxTaWduIEdDQyBSNiBBbHBoYVNTTCBDQSAy +MDIzMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA00Jvk5ADppO0rgDn +j1M14XIb032Aas409JJFAb8cUjipFOth7ySLdaWLe3s63oSs5x3eWwzTpX4BFkzZ +bxT1eoJSHfT2M0wZ5QOPcCIjsr+YB8TAvV2yJSyq+emRrN/FtgCSTaWXSJ5jipW8 +SJ/VAuXPMzuAP2yYpuPcjjQ5GyrssDXgu+FhtYxqyFP7BSvx9jQhh5QV5zhLycua +n8n+J0Uw09WRQK6JGQ5HzDZQinkNel+fZZNRG1gE9Qeh+tHBplrkalB1g85qJkPO +J7SoEvKsmDkajggk/sSq7NPyzFaa/VBGZiRRG+FkxCBniGD5618PQ4trcwHyMojS +FObOHQIDAQABo4IBXzCCAVswDgYDVR0PAQH/BAQDAgGGMB0GA1UdJQQWMBQGCCsG +AQUFBwMBBggrBgEFBQcDAjASBgNVHRMBAf8ECDAGAQH/AgEAMB0GA1UdDgQWBBS9 +BbfzipM8c8t5+g+FEqF3lhiRdDAfBgNVHSMEGDAWgBSubAWjkxPioufi1xzWx/B/ +yGdToDB7BggrBgEFBQcBAQRvMG0wLgYIKwYBBQUHMAGGImh0dHA6Ly9vY3NwMi5n +bG9iYWxzaWduLmNvbS9yb290cjYwOwYIKwYBBQUHMAKGL2h0dHA6Ly9zZWN1cmUu +Z2xvYmFsc2lnbi5jb20vY2FjZXJ0L3Jvb3QtcjYuY3J0MDYGA1UdHwQvMC0wK6Ap +oCeGJWh0dHA6Ly9jcmwuZ2xvYmFsc2lnbi5jb20vcm9vdC1yNi5jcmwwIQYDVR0g +BBowGDAIBgZngQwBAgEwDAYKKwYBBAGgMgoBAzANBgkqhkiG9w0BAQsFAAOCAgEA +fMkkMo5g4mn1ft4d4xR2kHzYpDukhC1XYPwfSZN3A9nEBadjdKZMH7iuS1vF8uSc +g26/30DRPen2fFRsr662ECyUCR4OfeiiGNdoQvcesM9Xpew3HLQP4qHg+s774hNL +vGRD4aKSKwFqLMrcqCw6tEAfX99tFWsD4jzbC6k8tjSLzEl0fTUlfkJaWpvLVkpg +9et8tD8d51bymCg5J6J6wcXpmsSGnksBobac1+nXmgB7jQC9edU8Z41FFo87BV3k +CtrWWsdkQavObMsXUPl/AO8y/jOuAWz0wyvPnKom+o6W4vKDY6/6XPypNdebOJ6m +jyaILp0quoQvhjx87BzENh5s57AIOyIGpS0sDEChVDPzLEfRsH2FJ8/W5woF0nvs +BTqfYSCqblQbHeDDtCj7Mlf8JfqaMuqcbE4rMSyfeHyCdZQwnc/r9ujnth691AJh +xyYeCM04metJIe7cB6d4dFm+Pd5ervY4x32r0uQ1Q0spy1VjNqUJjussYuXNyMmF +HSuLQQ6PrePmH5lcSMQpYKzPoD/RiNVD/PK0O3vuO5vh3o7oKb1FfzoanDsFFTrw +0aLOdRW/tmLPWVNVlAb8ad+B80YJsL4HXYnQG8wYAFb8LhwSDyT9v+C1C1lcIHE7 +nE0AAp9JSHxDYsma9pi4g0Phg3BgOm2euTRzw7R0SzU= +-----END CERTIFICATE----- + +-----BEGIN CERTIFICATE----- +MIIFgzCCA2ugAwIBAgIORea7A4Mzw4VlSOb/RVEwDQYJKoZIhvcNAQEMBQAwTDEg +MB4GA1UECxMXR2xvYmFsU2lnbiBSb290IENBIC0gUjYxEzARBgNVBAoTCkdsb2Jh +bFNpZ24xEzARBgNVBAMTCkdsb2JhbFNpZ24wHhcNMTQxMjEwMDAwMDAwWhcNMzQx +MjEwMDAwMDAwWjBMMSAwHgYDVQQLExdHbG9iYWxTaWduIFJvb3QgQ0EgLSBSNjET +MBEGA1UEChMKR2xvYmFsU2lnbjETMBEGA1UEAxMKR2xvYmFsU2lnbjCCAiIwDQYJ +KoZIhvcNAQEBBQADggIPADCCAgoCggIBAJUH6HPKZvnsFMp7PPcNCPG0RQssgrRI +xutbPK6DuEGSMxSkb3/pKszGsIhrxbaJ0cay/xTOURQh7ErdG1rG1ofuTToVBu1k +ZguSgMpE3nOUTvOniX9PeGMIyBJQbUJmL025eShNUhqKGoC3GYEOfsSKvGRMIRxD +aNc9PIrFsmbVkJq3MQbFvuJtMgamHvm566qjuL++gmNQ0PAYid/kD3n16qIfKtJw +LnvnvJO7bVPiSHyMEAc4/2ayd2F+4OqMPKq0pPbzlUoSB239jLKJz9CgYXfIWHSw +1CM69106yqLbnQneXUQtkPGBzVeS+n68UARjNN9rkxi+azayOeSsJDa38O+2HBNX +k7besvjihbdzorg1qkXy4J02oW9UivFyVm4uiMVRQkQVlO6jxTiWm05OWgtH8wY2 +SXcwvHE35absIQh1/OZhFj931dmRl4QKbNQCTXTAFO39OfuD8l4UoQSwC+n+7o/h +bguyCLNhZglqsQY6ZZZZwPA1/cnaKI0aEYdwgQqomnUdnjqGBQCe24DWJfncBZ4n +WUx2OVvq+aWh2IMP0f/fMBH5hc8zSPXKbWQULHpYT9NLCEnFlWQaYw55PfWzjMpY +rZxCRXluDocZXFSxZba/jJvcE+kNb7gu3GduyYsRtYQUigAZcIN5kZeR1Bonvzce +MgfYFGM8KEyvAgMBAAGjYzBhMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTAD +AQH/MB0GA1UdDgQWBBSubAWjkxPioufi1xzWx/B/yGdToDAfBgNVHSMEGDAWgBSu +bAWjkxPioufi1xzWx/B/yGdToDANBgkqhkiG9w0BAQwFAAOCAgEAgyXt6NH9lVLN +nsAEoJFp5lzQhN7craJP6Ed41mWYqVuoPId8AorRbrcWc+ZfwFSY1XS+wc3iEZGt +Ixg93eFyRJa0lV7Ae46ZeBZDE1ZXs6KzO7V33EByrKPrmzU+sQghoefEQzd5Mr61 +55wsTLxDKZmOMNOsIeDjHfrYBzN2VAAiKrlNIC5waNrlU/yDXNOd8v9EDERm8tLj +vUYAGm0CuiVdjaExUd1URhxN25mW7xocBFymFe944Hn+Xds+qkxV/ZoVqW/hpvvf +cDDpw+5CRu3CkwWJ+n1jez/QcYF8AOiYrg54NMMl+68KnyBr3TsTjxKM4kEaSHpz +oHdpx7Zcf4LIHv5YGygrqGytXm3ABdJ7t+uA/iU3/gKbaKxCXcPu9czc8FB10jZp +nOZ7BN9uBmm23goJSFmH63sUYHpkqmlD75HHTOwY3WzvUy2MmeFe8nI+z1TIvWfs +pA9MRf/TuTAjB0yPEL+GltmZWrSZVxykzLsViVO6LAUP5MSeGbEYNNVMnbrt9x+v +JJUEeKgDu+6B5dpffItKoZB0JaezPkvILFa9x8jvOOJckvB595yEunQtYQEgfn7R +8k8HWV+LLUNS60YMlOH1Zkd5d9VUWx+tJDfLRVpOoERIyNiwmcUVhAn21klJwGW4 +5hpxbqCo8YLoRT5s1gLXCmeDBVrJpBA= +-----END CERTIFICATE----- \ No newline at end of file diff --git a/configs/nginx/ssl/dot2024.key b/configs/nginx/ssl/dot2024.key new file mode 100644 index 0000000..50b5bbd --- /dev/null +++ b/configs/nginx/ssl/dot2024.key @@ -0,0 +1,51 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIJKAIBAAKCAgEA8eI42aZ18C3CHE8CEcUhMwCbfPleRZg0Egj+gqyiGa/RXjpW +m0Zq9MKhOPnal0h2VlFxFNAeyRcy/x7QZloUIDegZYUZUW4lMYiEwF9jSXINlfuz +gKQhMPB9wnJhNt+O1gdO3u0FVy1ChBv6eat480gvi0wqEEE6YC09OjFRbErlF1jA +FL1QIPOw0xqZrafRp+qfK3DJc8IZsuzhVFIV+CyBA897zrUwbF7aYTGwKotk6w11 +L1TZwK1iiUSkvAGOu1V6LMod3WlHE8YICp3lPuEsj9ZrnJl0x+3/4XSS7ogcInUd +Fopf9odLD6umGk1xDIA7uCm9hlyA/YQBmyYinngXyfy16WTDLdIsCNzZpiRvbPxb +xvAp7Exmqs5xWmb4qSYSThdZgp/ucJUiN3MWbYcc9fP2/wifmes9OlfoAV/Qlrpe +hpaP86VavkS0rBrUGf0OSdC0w79ZAllZeamU9zLHWwIiLfpzmlqCC9EXrK0GWTl/ +K2CLgYifoIi8m3053kKKVIXLfuYSlotv9y3hRKxkW0b6dtLhP3LjN+lvR7BNKTCN +hafyIuHLcXHnj6yKkSYoH/wd/rkQCjlQx8dG419ouW9toiSch6x4O/aLyFY3aO4/ +GnoECLUyUtsrPowF87QE6iiaxI6EokW9HF9hN85OxQ+uwd7w3gTvSLWR3DcCAwEA +AQKCAgBHE8zU2D9r1mZl3ymigyTgUdte/AAhvzn92rq/N29i0PFbGRV+B1FCnza1 +AWakcdykPMZX8Vg6iyCnKyzeBrZHSVFOw6/O5+jyB0XLKbyJRoSLgC0dLh26vdCW +pPnAIC1e40Lf6xJYraoQHBCcVDD0fE/MRRNPN3up62FEil18zv1GwQOglIjJRhK9 +1eE20EuhZiZjo37vDyhyFX2ZQ43FIX6/2eZttXyHO9A8I1e7CL8c+xVmVS6vmcOM +xqkJvgNtNQ7zvmjMOTVzsAuI4yEMOyrXEZEJsWZJobxBSforMb/iuDtV9k+Ap/z8 +m9nxfLQtkjj6Qvm4U9JrrLC0IJ6nFC1Xnxx71YuwVsjvJhDidS30OSRfKTnJrRBA +Elx42ymkWuYgsw7Tt50ePGNTU6YlfrRZC/nA/65vnknzR6y7BSo+X7BdPMXKf2Kh +sFossaKbdk3FGLoNBmame4pTirR17ogE2vvNhRn2v7bs76/der6uKQkTmcWHExbB +hURVXxqaNwW3nH3rL7ooByno2zaNPbX3KgI8auUqKq66lnxG5+Ggdsl2B+yQF5x/ +S4vAAb+eJlBeFcMqvBzjLKnN5mQ0j9Cw/svvl+ckdCxVriH4EmHe4WmS6L3JbG44 +P+D4ttRL2LON1BVySB659iCzZ8Ru+774yr7NvBwsUDf1ONqaQQKCAQEA+95aRS+C +YrFcI2YoePb2+49CT9+bzQZEU6c+JMKEiSGHe+1gGVKwqLqwa8KPe9glhi/389Hg +cGFdBotrZtBM2G3QMF5VtN7LYKYqVSzMGcSmrtUU0o40pTk1mdY4zGnEjeH9c/Mr +7S5mTgQGKCCC40dAUrwVIJkqPWDCfUmLwMX85UhKaAT4jbeKcczvdGmPtugimoBD +Yc3w2U7VqEKH2LaOvpGP5rK2+dINJhYds+TesMjUV5+a1PfDWJwyjExwH9mYTHuR +Ja9Spu8W6sFjwCJg0O2vdGTfSKHyHYEdR+ABhLb1nE7w/MOFSYCCpTLhUOXkiQSC +gm2Pq3XKrD6JpwKCAQEA9dnw3gwXs1qPlS4Rv2v+6vomRb9ZIxLQozGf1Vtq97qV +jB8xPXD+6tQRfu8zGxa0n8gDjYVE92BpH5bNZ51K2Xe7Ug2hnoVutOKBO31i1o7d +PXUqzbi7666i86oU5ypJEd/Djc17ihmhWX2dWoZr7UODCbTobiODtibMcbqmaJKz +9bR8P63o/DdRhrHkRRtknImwZHZ/8TNbJpTs3BT9QSfXB7FmphGPUR2JhDhyWaOm +vByVw3oMzb2getBAeHHPbEK8bygBQkKSN0Sv0hOHfU3vsPIudD0At6zXxESx86hs +QYz8Bgt0vdkDZdsCGVy/ZbH7fQUBxnX0Pj8duthK8QKCAQAtYEbFFiUYYLmnyvzZ +piyi75FT0IZCLrHanFPOzZiRGBBPnFlm1oXrMA8equOsvSktfrDeJV6ZAIGA71c/ +I6HkkAwk2qn4NvdPB0CzLanrrokVEGB6+pGzfpYQjA6ZjSiTIzbFT/cG+QgHYCQ3 +0HukNK76+NWZlN6ORkNjzP83kLPaHucAzHx3E60GiZROVcJFgpbRXPBGy5JrpA9M +DAhrW6Bl5tWVC3d5lIU36l4Zjc8s7FGNI70CR0zTRvi4XAELS+lrRgvFTUvHtWVc +j9DHyanFmjy07INpk3uKIzvCOjIr1cZ0DajO8O6vak6fMoZzS6ebo8tbch+jFUqZ +M38bAoIBAQCZRLKWK6HG7alfzmXAGbrFkQe1KdKPPBaX9sL3R1PLdyXuQi/3Zu91 +RJpXsRYCSEh46D/WxYO2WQOQbvpFI1lbc/py8A6W/gaDfEYm6UdqDYy92MLDl+yH +xMrP73OynbkKDJ8kUzs2YD4nxVkI645zT0htD7xrlXZyY4PHTx6ZSQQqJMflBy2d +t3r65wIxVx+FO42dRAcFPwgPaH61wdwU95plsGIXHBFl920Y4fvgCFdVJNj1EazT +wuk+R4A51nICwyQohB8syMXQ8OBPrl8kbicFACaXzsQYvgeR02XBSnma8CLaPeAc +zyMAJ+YKG7ky1B+91BZEPJr1B3IoXtlxAoIBADilYIz2QK+MjhkaTroe3B80yPn9 +HEZrJU97fWbwFxgj2prITitwVg4wo98/+bnyFyJUESVMZBaiE8zShHW5gmXMdChS +DUTKIp9qPB6+YHDnqixgKvRNdR8F2UErxD6Q+sqa9+w7KMjhQirEm7Ffpy+hGqKm +fT7mMAWNIV43QaHXD40xakJ+uIqjhXa09V1M+nUbhn9W6Tyqv6i5xu3iNd86MzEh +3QCbDqjtE8Dr2DcTkRXLECG9tiQHi5q0OOJPzn0bNoUFQPT8gJ3p14Q7kzhPnXo2 +qjItUwFJxX+pPx6GQgNt7BYOxRVX34VWH3iaqTVtzCLX5xpUs1fx77bZ+ww= +-----END RSA PRIVATE KEY----- \ No newline at end of file diff --git a/configs/nginx/templates/default b/configs/nginx/templates/default new file mode 100644 index 0000000..2237cc4 --- /dev/null +++ b/configs/nginx/templates/default @@ -0,0 +1,102 @@ +server { + server_name teste.dot-dot.ru; + + root /application/public; + + location / { + proxy_pass http://nuxt:3000; + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection 'upgrade'; + proxy_set_header Host $host; + proxy_cache_bypass $http_upgrade; + chunked_transfer_encoding off; + proxy_buffering off; + proxy_cache off; + } + + location /socket.io/auctionreload { + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "Upgrade"; + proxy_pass http://php:${PHP_SOCKET_PORT}/; + } + + location @rewriteapp { + rewrite ^(.*)$ /index.php/$1 last; + } + + location /storybook { + alias /application/nuxt/storybook-static; + } + + location /logout { + try_files $uri @rewriteapp; + } + + location /help { + alias /application/help-platform/src/.vuepress/dist; + } + + location /api { + rewrite ^(.*)$ /index.php/$1 last; + } + + location /clockwork { + rewrite ^(.*)$ /index.php/$1 last; + } + + location /__clockwork { + rewrite ^(.*)$ /index.php/$1 last; + } + + location /pdf { + rewrite ^(.*)$ /index.php/$1 last; + } + + location /1c { + rewrite ^(.*)$ /index.php/$1 last; + } + + location /socket { + try_files $uri @rewriteapp; + } + + location /admin { + try_files $uri @rewriteapp; + } + + location /media { + try_files $uri @rewriteapp; + } + + location /img { + alias /application/public/img; + } + + location ~ ^/index\.php(/|$) { + if ($request_method = 'OPTIONS') { + add_header 'Access-Control-Allow-Origin' $http_origin; + add_header 'Access-Control-Allow-Credentials' 'true'; + add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS, DELETE'; + add_header 'Access-Control-Allow-Headers' 'DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,X-Expeditor-Domain,Authorization'; + add_header 'Access-Control-Max-Age' 1728000; + add_header 'Content-Type' 'text/plain charset=UTF-8'; + add_header 'Content-Length' 0; + return 204; + } + + add_header 'Access-Control-Allow-Origin' $http_origin; + add_header 'Access-Control-Allow-Credentials' 'true'; + add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS, DELETE'; + add_header 'Access-Control-Allow-Headers' 'DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,X-Expeditor-Domain,Authorization'; + + fastcgi_pass php:9001; + fastcgi_split_path_info ^(.+\.php)(/.*)$; + include fastcgi_params; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + } + + error_log /var/log/nginx/dot_dot_error.log; + access_log /var/log/nginx/dot_dot_access.log; +} \ No newline at end of file diff --git a/configs/nuxt/.env b/configs/nuxt/.env new file mode 100644 index 0000000..93d56ea --- /dev/null +++ b/configs/nuxt/.env @@ -0,0 +1,16 @@ +NUXT_HOST=0.0.0.0 +NUXT_PORT=3000 +NUXT_ENV_DEVALUE_LOG_LEVEL=silent +WS_PROTOCOL=ws +BASE_URL=local.dot-dot.ru +API_URL=http://local.dot-dot.ru/ +DOMAIN=local.dot-dot.ru + +APP_HOST=local.dot-dot.ru +APP_SCHEME=http +APP_ENVIRONMENT=local +DADATA_API_TOKEN=c9aa5fdc338a746e23ce91ceb6fdb9e635749833 +YANDEX_METRIKA_ID=50156956 +PHONE_KEY=qwefghzcx + +SMARTCAPTCHA_CLIENT_KEY=ysc1_GLQZ8QPaFh0eXqZ5KaRM0WJYqoP9vL0uqhujfcw75c1487df diff --git a/configs/nuxt/entrypoint.sh b/configs/nuxt/entrypoint.sh new file mode 100755 index 0000000..ede5ebd --- /dev/null +++ b/configs/nuxt/entrypoint.sh @@ -0,0 +1,55 @@ +#!/bin/sh + +DOMAIN="${DOMAIN:-dot-dot.local}" +APP_HOST="${APP_HOST:-dot-dot.local}" +API_URL="{API_URL:-${DOMAIN}}" +APP_SCHEME="${APP_SCHEME:-http}" +API_URL="${APP_SCHEME}://${DOMAIN}/" +BASE_URL="${APP_SCHEME}://${DOMAIN}" +APP_ENVIRONMENT="${APP_ENVIRONMENT:-development}" +WS_PROTOCOL=${WS_PROTOCOL:-ws} + +for x in $(grep -lr baseURL .nuxt/);do + sed -i -e "s#\"baseURL\":\"http://dot-dot.local\"#\"baseURL\":\"${BASE_URL}\"#g" $x +done + +for x in $(grep -lr APP_SCHEME .nuxt/);do + sed -i -e "s#\"APP_SCHEME\":\"http\"#\"APP_SCHEME\":\"${APP_SCHEME}\"#g" $x + sed -i -e "s#APP_SCHEME:\"http\"#\"APP_SCHEME\":\"${APP_SCHEME}\"#g" $x +done + +for x in $(grep -lr APP_HOST .nuxt/);do + sed -i -e "s#\"APP_HOST\":\"dot-dot.local\"#\"APP_HOST\":\"${APP_HOST}\"#g" $x +done + +for x in $(grep -lr BASE_URL .nuxt/);do + sed -i -e "s#\"BASE_URL\":\"http://dot-dot.local\"#\"BASE_URL\":\"${BASE_URL}\"#g" $x +done + +for x in $(grep -lr API_URL .nuxt/);do + sed -i -e "s#\"API_URL\":\"http://dot-dot.local/\"#\"API_URL\":\"${API_URL}\"#g" $x +done + +for x in $(grep -lr APP_ENVIRONMENT .nuxt/);do + sed -i -e "s#\"APP_ENVIRONMENT\":\"development\"#\"APP_ENVIRONMENT\":\"${APP_ENVIRONMENT}\"#g" $x + sed -i -e "s#\"APP_ENVIRONMENT\": \"development\"#\"APP_ENVIRONMENT\":\"${APP_ENVIRONMENT}\"#g" $x + sed -i -e "s#APP_ENVIRONMENT:\"development\"#\"APP_ENVIRONMENT\":\"${APP_ENVIRONMENT}\"#g" $x +done + +for x in $(grep -lr WS_PROTOCOL .nuxt/);do + sed -i -e "s#\"WS_PROTOCOL\":\"ws\"#\"WS_PROTOCOL\":\"${WS_PROTOCOL}\"#g" $x + sed -i -e "s#WS_PROTOCOL:\"ws\"#\"WS_PROTOCOL\":\"${WS_PROTOCOL}\"#g" $x + sed -i -e "s#\"WS_PROTOCOL\": \"ws\"#\"WS_PROTOCOL\": \"${WS_PROTOCOL}\"#g" $x +done + +for x in $(grep -lr dot-dot.local .nuxt/);do + echo "replace dot-dot.local to ${DOMAIN} in $x" + sed -i -e "s#dot-dot.local#${DOMAIN}#g" $x; +done + +for x in $(grep -lr http://${DOMAIN} .nuxt/);do + echo "replace http://${DOMAIN} to ${APP_SCHEME}://${DOMAIN} in $x" + sed -i -e "s#http://${DOMAIN}#${APP_SCHEME}://${DOMAIN}#g" $x; +done + +"$@" diff --git a/configs/php/.env b/configs/php/.env new file mode 100644 index 0000000..0cfe9fa --- /dev/null +++ b/configs/php/.env @@ -0,0 +1,134 @@ +APP_ENV=prod +APP_SECRET=c35a0abba25a5396d74ec17fca238d9a + +CONTAINER_NAME=php + +LOCK_DSN=flock +PHP_SOCKET_PORT=8080 + +DATABASE_URL_DOT=mysql://root:root@db:3306/dot?serverVersion=mariadb-10.3.25 +DATABASE_URL_DOT_STATISTIC=mysql://root:root@db:3306/dot_statistic?serverVersion=mariadb-10.3.25 + +DOCUMENT_ROOT=/application +APP_HOST=local.dot-dot.ru +APP_SCHEME=http + +MAILER_DSN=null://null + +WKHTMLTOPDF_PATH="xvfb-run /usr/bin/wkhtmltopdf --enable-local-file-access" + +SP_WSDL=http://91.208.205.54:84/orawsv/XMLWEB/ +SP_LOGIN=xmlweb +SP_PASSWORD=xmlweb +SP_KEY=secret +SP_TEST=true + +SP_V3_URL=https://spasskievorota.ru/services/work/cargo_3.php +SP_V3_KEY=secret + +DEFAULT_EMAIL=no_reply@dot-dot.ru +ADMIN_EMAIL=change.this@dot-dot.ru +ACCOUNTANT_EMAIL=noreplay@dot-dot.ru +SALES_EMAIL=sale.ftl@dot-dot.ru +LOGIST_EMAIL=nd@dot-dot.ru +LEAD_EMAIL=change.this@dot-dot.ru +VOSTOK_EMAIL=vostok@dot-dot.ru + +SMSC_LOGIN=secret +SMSC_PASS=secret + +DADATA_API_TOKEN=secret +DADATA_API_SECRET=secret + +UNISENDER_API_KEY=secret + +VOICIA_API_KEY=secret +VOICIA_API_URL=https://app.voicia.ru + +UAT_1C_API_URL=http://1c.nwtlk.ru/UATtest/hs +UAT_1C_USER=secret +UAT_1C_PASSWORD=secret + +FNS_ACCESS_TOKEN=secret + +GOOGLE_MAPS_ACCESS_KEY=secret +GOOGLE_MAPS_BASE_URL=https://maps.google.com + +ML_CALCULATOR_URL=https://calc.dev.dot-dot.ru/v1/calculate + +ML_REGULAR_DIRECTION_URL=https://calc.dev.dot-dot.ru/v2/schedule/transport +ML_REGULAR_DIRECTION_CHAIN_URL=https://calc.dev.dot-dot.ru/v1/schedule/chains +ML_REGULAR_DIRECTION_RELEVANCE_CARRIERS_URL=https://calc.dev.dot-dot.ru/v1/schedule/carrier/scoring +ML_REGULAR_DIRECTION_CHAIN_RELEVANCE_CARRIERS_URL=https://calc.dev.dot-dot.ru/v1/schedule/chains/carrier/scoring +ML_UNCERTAIN_DIRECTIONS_URL=https://calc.dev.dot-dot.ru/v1/classification/direction/uncertain + +YANDEX_MAPS_ACCESS_KEY=secret +YANDEX_MAPS_BASE_URL=https://api.routing.yandex.net + +GRAFANA_ADMIN_PASSWORD=admin +GRAFANA_API_URL=http://grafana:3000 +GRAFANA_PUBLIC_URL=http://grafana.dot-dot.local + +THREESELLER_USERNAME=savrickijj@rambler.ru +THREESELLER_PASSWORD=123123 + +ATISU_CLIENT_ID=f26841019e0243418395d44ed7430f2a +ATISU_APIKEY=46b599c3ab7f4574b560f48ea005d9f3 + +###> google/apiclient ### +ANALITIC_GOOGLE_CLIENT_ID=secret +ANALITIC_GOOGLE_CLIENT_SECRET=secret +ANALITIC_GOOGLE_CLIENT_REDIRECT_URI=http://localhost/admin/analitic/google-callback +###< google/apiclient ### + +###> telegramm ### +TELEGRAM_URL=https://api.telegram.org/ +TELEGRAM_BOT_TOKEN=secret +TELEGRAM_CHAT_ID=secret +###< telegramm ### + +DEFAULT_SLUG=dotdot + +###> voicia ### +VOICIA_CALL_ID=secret +###< voicia ### + +###> openssl_encrypt parameters ### +OPENSSL_CIPHER=aes-128-gcm +OPENSSL_PASS_PHRASE=secret +OPENSSL_IV=secret +###> openssl_encrypt parameters ### + +TKKIT_API_TOKEN=secret +TKKIT_API_URL=https://capi.tk-kit.com + +###> BAIKAL### +BAIKAL_API_KEY=secret +###< BAIKAL### + +TELEGRAM_CHAT_BOT_ACCESS_TOKEN=secret + +###> NORDWHEEL### +NORDWHEEL_API_URL=https://nordw.ru +###< NORDWHEEL### + +JDE_API_URL=https://api.jde.ru + +###> SKIF### +SKIF_API_URL=sekret +SKIF_API_LOGIN=sekret +SKIF_API_PASSWORD=sekret +###< SKIF### + +###> DPD ### +DPD_PATH=https://ws.dpd.ru/services/ +DPD_CLIENT_NUMBER=secret +DPD_CLIENT_KEY=secret +###< DPD### + +###> SOVKOM### +SOVKOM_API_KEY=secret +SOVKOM_API_URL=secret +###< SOVKOM### + +MAGIC_API_URL=https://magic-trans.ru/ diff --git a/configs/php/.env.local b/configs/php/.env.local new file mode 100644 index 0000000..01b5930 --- /dev/null +++ b/configs/php/.env.local @@ -0,0 +1,195 @@ +APP_ENV=prod + +DATABASE_URL=mysql://root:root@db:3306/dot?serverVersion=mariadb-10.3.25 + +DOCUMENT_ROOT=/application +APP_HOST=dot-dot.ru +APP_SCHEME=https +TEST_HOST=https://dot-dot.ru + +MAILER_DSN_YANDEX=smtp://no_reply@dot-dot.ru:gqwaofmeyvxefrqk@smtp.yandex.ru:587 +MAILER_DSN=smtp://no_reply@dot-dot.ru:NRTk7rXhesHQpi3YWB92@smtp.mail.ru:465 + +SP_KEY=16e93b225c730920ac5741a8d8df788f +SP_TEST=false + +SBERBANK_LOGIN=dot-dot_1-api +SBERBANK_PASSWORD=kepwir-2gocfi-Mudpet +SBERBANK_TESTMODE=false + +DEFAULT_EMAIL=no_reply@dot-dot.ru +ADMIN_EMAIL=orders@dot-dot.ru +ACCOUNTANT_EMAIL=ksg@dot-dot.ru +SALES_EMAIL=sale.ftl@dot-dot.ru +LOGIST_EMAIL=nd@dot-dot.ru +LEAD_EMAIL=lead.hunter@dot-dot.ru + +APP_SEND_REAL_SMS=true +SMSC_LOGIN=Dot-Dot +SMSC_PASS=OY4loBiCYTHjMoadyfru + +DADATA_API_TOKEN=c9aa5fdc338a746e23ce91ceb6fdb9e635749833 +DADATA_API_SECRET=1ea37a4d310e7a6ac64211ffe5686363f04d4e68 + +ROISTAT_API_KEY=c63a71dd721df7f1b1d7b5803a84ccc7 +ROISTAT_PROJECT_ID=154928 + +UNISENDER_API_KEY=6ugo1c6yqfux9wrs8pbaom3izz9pc9huetqbdo9y + +GTD_ACCESS_TOKEN=5fgNQ_gZ95OmyOLl7nKJhtJ4LcWVQNbl + +FNS_ACCESS_TOKEN=a5639b93fe4e7c9a3f1dd85537e066d36439c352 + +GOOGLE_MAPS_ACCESS_KEY=AIzaSyCLqawvvNm0Oj1Nt8yaQ-CdvQ1190oPaug + +GRAFANA_ADMIN_PASSWORD=uyt>bE8AZ2ctthyx +GRAFANA_API_URL=https://grafana.dev.dot-dot.ru +GRAFANA_PUBLIC_URL=https://grafana.dev.dot-dot.ru + +YANDEX_MAPS_ACCESS_KEY=f706092a-d705-4665-a16a-0811bd2a2c89 + +THREESELLER_USERNAME=tk@dot-dot.ru +THREESELLER_PASSWORD=Logistika01 + +NUXT_BASE_URL=dot-dot.ru + +ATISU_API_TOKEN_OLD=a9698671a68441c7b3959e43995d1506 +ATISU_API_TOKEN=46b599c3ab7f4574b560f48ea005d9f3 + +###> google/apiclient ### +ANALITIC_GOOGLE_CLIENT_ID=672035500859-32f85hchubthu9givkdtgkqhvjg00c8e.apps.googleusercontent.com +ANALITIC_GOOGLE_CLIENT_SECRET=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 +ANALITIC_GOOGLE_CLIENT_REDIRECT_URI=https://dot-dot.ru/admin/analitic/google-callback +###< google/apiclient ### + +###> telegramm ### +TELEGRAM_BOT_TOKEN=5807192360:AAHSUZcWeY1bC7aqdmcYXOfb1CYyK0xx0Cc +TELEGRAM_CHAT_ID=-875661421 +TELEGRAM_CHAT_BOT_ACCESS_TOKEN=88c53d63aa87b39e1c27c8db2764e5b7 +###< telegramm ### + +VOICIA_API_KEY=7589ed2721e50e299eb3baf2e3100a6b + +###> voicia ### +VOICIA_CALL_ID=8788 +###< voicia ### + +###> ml_calculator ### +ML_CALCULATOR_URL=https://ml.dot-dot.ru/v2/classification/order/relevance +###< ml_calculator ### + +UAT_1C_API_URL=http://1c.nwtlk.ru/UAT/hs +UAT_1C_USER=ТТ_Запросы +UAT_1C_PASSWORD=9421354 + +###> carrier_scoring ### +ML_CARRIER_SCORING=https://ml.dot-dot.ru/v2/classification/carrier/scoring +###< carrier_scoring ### + +###> direction_scoring ### +ML_DIRECTION_SCORING_URL=https://ml.dot-dot.ru/v3/classification/direction/confidence +###< direction_scoring ### + +###< Vozovoz ### +VOZOVOZ_API_KEY=5Thue256i0n5jXpB8vQfzng0VNJKGDar7ol5x0iD +VOZOVOZ_API_URL=https://vozovoz.ru/ +###> Vozovoz ### + +###< Pek ### +PECOM_API_LOGIN=TochkaTochka +PECOM_API_PASSWORD=EB77132653DD37BCD4EF591968F504CFB04BDFC4 +PECOM_API_URL=https://kabinet.pecom.ru/ +###> Pek ### + +###< TkKit ### +TKKIT_API_TOKEN=FKIICpqz25v10RuFcNorHACFdhEtkQK8 +TKKIT_API_URL=https://capi.tk-kit.com/ +###> TkKit ### + +###> Baikal ### +BAIKAL_API_KEY=NjJiZjdiMjU0N2Y4ZTk5OTY3OTY3OGUxM2VjZjA3N2M6 +BAIKAL_API_URL=https://api.baikalsr.ru/v2 +BAIKAL_API_PARTNER_GUID=PROVERKA +###< Baikal ### + +###> DelovieLinii ### +DELLIN_API_KEY=BE38996C-F722-4691-BCF3-640B76DAB18B +DELLIN_API_URL=https://api.dellin.ru/ +DELLIN_PASSWORD=Logistika01 +DELLIN_LOGIN=km@dot-dot.ru +###< DelovieLinii ### + +###> JelDorEksp ### +JDE_API_USER=2252131242955194 +JDE_API_TOKEN=159687460352596660 +###< JelDorEksp ### + +###> Nordweel ### +NORDWHEEL_API_URL=https://nordw.ru/ +###< Nordweel ### + +###> SKIF ### +SKIF_API_URL=http://api.skif-cargo.ru/integrations/ws/orders.1cws +SKIF_API_LOGIN=DotDotAPI +SKIF_API_PASSWORD=H*GYU#7g8YG*#! +###< SKIF ### + +###> DPD ### +DPD_CLIENT_NUMBER=1001066989 +DPD_CLIENT_KEY=8D52BF0F4D272FA91AF7B8EFC64C74EA31B89C4D +###< DPD ### + + +ACCOUNTING_AUDIT_URL="https://crm.dot-dot.ru/TTLBuhreport/hs/TT/reconciliationreport" + +PAPA_FINANCE_API_URL=https://prod.papafinance.ru/api/ttn +PAPA_FINANCE_PASSWORD='4sw$!cN#2j$tvcm2' +PAPA_FINANCE_LOGIN=tochka-tochka-logistika + +ML_REGULAR_DIRECTION_URL=https://ml.dot-dot.ru/v2/schedule/transport + +###> SP_V3 ### +SP_V3_KEY=16e93b225c730920ac5741a8d8df788f +SP_V3_URL=https://spasskievorota.ru/services/work/cargo_3.php +###< SP_V3 ### + +ML_DIRECTION_RECALCULATE_URL=https://ml.dot-dot.ru/v2/schedule/calculate +ML_REGULAR_DIRECTION_CHAIN_URL=https://ml.dot-dot.ru/v1/schedule/chains + +###> YandexTracker ### +YTRACKER_API_TOKEN="y0_AgAEA7qkKFmeAAjF8AAAAADXovQd6htdkt7LTDW_sNHCz7qV9zdVHaQ" +YTRACKER_ORGANISATION_ID=355207 +###< YandexTracker ### + +SMARTCAPTCHA_SERVER_KEY=ysc2_GLQZ8QPaFh0eXqZ5KaRMuRRZOX7qNNMy7P9Mq82V6c4e7b81 + +ML_REGULAR_DIRECTION_RELEVANCE_CARRIERS_URL=https://ml.dot-dot.ru/v2/schedule/carrier/scoring + +ML_UNCERTAIN_DIRECTIONS_URL=https://ml.dot-dot.ru/v1/classification/direction/uncertain + +###> sentry/sentry-symfony ### +SENTRY_DSN="https://eedc2e8b1310ec9b04c2b0da8490dc01@sentry.dot-dot.ru/3" +SENTRY_SERVER_NAME=prod +SENTRY_SERVER_USER_NAME=admin +###< sentry/sentry-symfony ### + +ML_CALCULATOR_TRADE_ONLY_URL=https://ml.dot-dot.ru/v1/tender/price + +ML_REGULAR_DIRECTION_HISTORY_ORDER_URL=https://ml.dot-dot.ru/v1/schedule/transport/orders + +QUEUE_DSN_OC_CARRIER_OFFERS=amqp://ddadmin:local@rabbitmq:5672/%2f/OC_CARRIER_OFFERS +QUEUE_DSN_STATISTIC_EXPORT=amqp://ddadmin:local@rabbitmq:5672/%2f/STATISTIC_EXPORT + +CRYPTOPRO_PATH='/opt/cprocsp/bin/amd64/cryptcp -sign -dn '"ООО ""ТОЧКА-ТОЧКА ЛОГИСТИКА"""' -der' +SIGNED_DOC_PATH="/application/var/documents/signeddocs" +ABSOLUTE_SIGNED_DOC_PATH="/home/ddadmin/demolms/signeddocs" + +CHROMIUM_BROWSER_SYS_PATH="/usr/bin/chromium-browser" + +###> API_KONTUR_FOCUS### +USER_TRUST_API_KONTUR_FOCUS_END_POINT_URL=https://focus-api.kontur.ru +USER_TRUST_API_KONTUR_FOCUS_API_TOKEN=90ac3a27a097dbab7045f2dcc2cd8f9883503610 +USER_TRUST_CHECK_BACKEND=true +###< API_KONTUR_FOCUS### + +QUEUE_DSN_USER_TRUST=amqp://ddadmin:Utahth9aeshahgh3saik@rabbitmq:5672/%2f/USER_TRUST diff --git a/configs/php/www.conf b/configs/php/www.conf new file mode 100644 index 0000000..302be9c --- /dev/null +++ b/configs/php/www.conf @@ -0,0 +1,455 @@ +; Start a new pool named 'www'. +; the variable $pool can be used in any directive and will be replaced by the +; pool name ('www' here) +[www] + +; Per pool prefix +; It only applies on the following directives: +; - 'access.log' +; - 'slowlog' +; - 'listen' (unixsocket) +; - 'chroot' +; - 'chdir' +; - 'php_values' +; - 'php_admin_values' +; When not set, the global prefix (or NONE) applies instead. +; Note: This directive can also be relative to the global prefix. +; Default Value: none +;prefix = /path/to/pools/$pool + +; Unix user/group of processes +; Note: The user is mandatory. If the group is not set, the default user's group +; will be used. +user = www-data +group = www-data + +; The address on which to accept FastCGI requests. +; Valid syntaxes are: +; 'ip.add.re.ss:port' - to listen on a TCP socket to a specific IPv4 address on +; a specific port; +; '[ip:6:addr:ess]:port' - to listen on a TCP socket to a specific IPv6 address on +; a specific port; +; 'port' - to listen on a TCP socket to all addresses +; (IPv6 and IPv4-mapped) on a specific port; +; '/path/to/unix/socket' - to listen on a unix socket. +; Note: This value is mandatory. +listen = 127.0.0.1:9000 + +; Set listen(2) backlog. +; Default Value: 511 (-1 on FreeBSD and OpenBSD) +;listen.backlog = 511 + +; Set permissions for unix socket, if one is used. In Linux, read/write +; permissions must be set in order to allow connections from a web server. Many +; BSD-derived systems allow connections regardless of permissions. The owner +; and group can be specified either by name or by their numeric IDs. +; Default Values: user and group are set as the running user +; mode is set to 0660 +;listen.owner = www-data +;listen.group = www-data +;listen.mode = 0660 +; When POSIX Access Control Lists are supported you can set them using +; these options, value is a comma separated list of user/group names. +; When set, listen.owner and listen.group are ignored +;listen.acl_users = +;listen.acl_groups = + +; List of addresses (IPv4/IPv6) of FastCGI clients which are allowed to connect. +; Equivalent to the FCGI_WEB_SERVER_ADDRS environment variable in the original +; PHP FCGI (5.2.2+). Makes sense only with a tcp listening socket. Each address +; must be separated by a comma. If this value is left blank, connections will be +; accepted from any ip address. +; Default Value: any +;listen.allowed_clients = 127.0.0.1 + +; Specify the nice(2) priority to apply to the pool processes (only if set) +; The value can vary from -19 (highest priority) to 20 (lower priority) +; Note: - It will only work if the FPM master process is launched as root +; - The pool processes will inherit the master process priority +; unless it specified otherwise +; Default Value: no set +; process.priority = -19 + +; Set the process dumpable flag (PR_SET_DUMPABLE prctl) even if the process user +; or group is different than the master process user. It allows to create process +; core dump and ptrace the process for the pool user. +; Default Value: no +; process.dumpable = yes + +; Choose how the process manager will control the number of child processes. +; Possible Values: +; static - a fixed number (pm.max_children) of child processes; +; dynamic - the number of child processes are set dynamically based on the +; following directives. With this process management, there will be +; always at least 1 children. +; pm.max_children - the maximum number of children that can +; be alive at the same time. +; pm.start_servers - the number of children created on startup. +; pm.min_spare_servers - the minimum number of children in 'idle' +; state (waiting to process). If the number +; of 'idle' processes is less than this +; number then some children will be created. +; pm.max_spare_servers - the maximum number of children in 'idle' +; state (waiting to process). If the number +; of 'idle' processes is greater than this +; number then some children will be killed. +; ondemand - no children are created at startup. Children will be forked when +; new requests will connect. The following parameter are used: +; pm.max_children - the maximum number of children that +; can be alive at the same time. +; pm.process_idle_timeout - The number of seconds after which +; an idle process will be killed. +; Note: This value is mandatory. +pm = dynamic + +; The number of child processes to be created when pm is set to 'static' and the +; maximum number of child processes when pm is set to 'dynamic' or 'ondemand'. +; This value sets the limit on the number of simultaneous requests that will be +; served. Equivalent to the ApacheMaxClients directive with mpm_prefork. +; Equivalent to the PHP_FCGI_CHILDREN environment variable in the original PHP +; CGI. The below defaults are based on a server without much resources. Don't +; forget to tweak pm.* to fit your needs. +; Note: Used when pm is set to 'static', 'dynamic' or 'ondemand' +; Note: This value is mandatory. +pm.max_children = 25 + +; The number of child processes created on startup. +; Note: Used only when pm is set to 'dynamic' +; Default Value: (min_spare_servers + max_spare_servers) / 2 +pm.start_servers = 10 + +; The desired minimum number of idle server processes. +; Note: Used only when pm is set to 'dynamic' +; Note: Mandatory when pm is set to 'dynamic' +pm.min_spare_servers = 10 + +; The desired maximum number of idle server processes. +; Note: Used only when pm is set to 'dynamic' +; Note: Mandatory when pm is set to 'dynamic' +pm.max_spare_servers = 20 + +; The number of seconds after which an idle process will be killed. +; Note: Used only when pm is set to 'ondemand' +; Default Value: 10s +;pm.process_idle_timeout = 10s; + +; The number of requests each child process should execute before respawning. +; This can be useful to work around memory leaks in 3rd party libraries. For +; endless request processing specify '0'. Equivalent to PHP_FCGI_MAX_REQUESTS. +; Default Value: 0 +;pm.max_requests = 500 + +; The URI to view the FPM status page. If this value is not set, no URI will be +; recognized as a status page. It shows the following information: +; pool - the name of the pool; +; process manager - static, dynamic or ondemand; +; start time - the date and time FPM has started; +; start since - number of seconds since FPM has started; +; accepted conn - the number of request accepted by the pool; +; listen queue - the number of request in the queue of pending +; connections (see backlog in listen(2)); +; max listen queue - the maximum number of requests in the queue +; of pending connections since FPM has started; +; listen queue len - the size of the socket queue of pending connections; +; idle processes - the number of idle processes; +; active processes - the number of active processes; +; total processes - the number of idle + active processes; +; max active processes - the maximum number of active processes since FPM +; has started; +; max children reached - number of times, the process limit has been reached, +; when pm tries to start more children (works only for +; pm 'dynamic' and 'ondemand'); +; Value are updated in real time. +; Example output: +; pool: www +; process manager: static +; start time: 01/Jul/2011:17:53:49 +0200 +; start since: 62636 +; accepted conn: 190460 +; listen queue: 0 +; max listen queue: 1 +; listen queue len: 42 +; idle processes: 4 +; active processes: 11 +; total processes: 15 +; max active processes: 12 +; max children reached: 0 +; +; By default the status page output is formatted as text/plain. Passing either +; 'html', 'xml' or 'json' in the query string will return the corresponding +; output syntax. Example: +; http://www.foo.bar/status +; http://www.foo.bar/status?json +; http://www.foo.bar/status?html +; http://www.foo.bar/status?xml +; +; By default the status page only outputs short status. Passing 'full' in the +; query string will also return status for each pool process. +; Example: +; http://www.foo.bar/status?full +; http://www.foo.bar/status?json&full +; http://www.foo.bar/status?html&full +; http://www.foo.bar/status?xml&full +; The Full status returns for each process: +; pid - the PID of the process; +; state - the state of the process (Idle, Running, ...); +; start time - the date and time the process has started; +; start since - the number of seconds since the process has started; +; requests - the number of requests the process has served; +; request duration - the duration in µs of the requests; +; request method - the request method (GET, POST, ...); +; request URI - the request URI with the query string; +; content length - the content length of the request (only with POST); +; user - the user (PHP_AUTH_USER) (or '-' if not set); +; script - the main script called (or '-' if not set); +; last request cpu - the %cpu the last request consumed +; it's always 0 if the process is not in Idle state +; because CPU calculation is done when the request +; processing has terminated; +; last request memory - the max amount of memory the last request consumed +; it's always 0 if the process is not in Idle state +; because memory calculation is done when the request +; processing has terminated; +; If the process is in Idle state, then informations are related to the +; last request the process has served. Otherwise informations are related to +; the current request being served. +; Example output: +; ************************ +; pid: 31330 +; state: Running +; start time: 01/Jul/2011:17:53:49 +0200 +; start since: 63087 +; requests: 12808 +; request duration: 1250261 +; request method: GET +; request URI: /test_mem.php?N=10000 +; content length: 0 +; user: - +; script: /home/fat/web/docs/php/test_mem.php +; last request cpu: 0.00 +; last request memory: 0 +; +; Note: There is a real-time FPM status monitoring sample web page available +; It's available in: /usr/local/share/php/fpm/status.html +; +; Note: The value must start with a leading slash (/). The value can be +; anything, but it may not be a good idea to use the .php extension or it +; may conflict with a real PHP file. +; Default Value: not set +;pm.status_path = /status + +; The address on which to accept FastCGI status request. This creates a new +; invisible pool that can handle requests independently. This is useful +; if the main pool is busy with long running requests because it is still possible +; to get the status before finishing the long running requests. +; +; Valid syntaxes are: +; 'ip.add.re.ss:port' - to listen on a TCP socket to a specific IPv4 address on +; a specific port; +; '[ip:6:addr:ess]:port' - to listen on a TCP socket to a specific IPv6 address on +; a specific port; +; 'port' - to listen on a TCP socket to all addresses +; (IPv6 and IPv4-mapped) on a specific port; +; '/path/to/unix/socket' - to listen on a unix socket. +; Default Value: value of the listen option +;pm.status_listen = 127.0.0.1:9001 + +; The ping URI to call the monitoring page of FPM. If this value is not set, no +; URI will be recognized as a ping page. This could be used to test from outside +; that FPM is alive and responding, or to +; - create a graph of FPM availability (rrd or such); +; - remove a server from a group if it is not responding (load balancing); +; - trigger alerts for the operating team (24/7). +; Note: The value must start with a leading slash (/). The value can be +; anything, but it may not be a good idea to use the .php extension or it +; may conflict with a real PHP file. +; Default Value: not set +;ping.path = /ping + +; This directive may be used to customize the response of a ping request. The +; response is formatted as text/plain with a 200 response code. +; Default Value: pong +;ping.response = pong + +; The access log file +; Default: not set +;access.log = log/$pool.access.log + +; The access log format. +; The following syntax is allowed +; %%: the '%' character +; %C: %CPU used by the request +; it can accept the following format: +; - %{user}C for user CPU only +; - %{system}C for system CPU only +; - %{total}C for user + system CPU (default) +; %d: time taken to serve the request +; it can accept the following format: +; - %{seconds}d (default) +; - %{milliseconds}d +; - %{mili}d +; - %{microseconds}d +; - %{micro}d +; %e: an environment variable (same as $_ENV or $_SERVER) +; it must be associated with embraces to specify the name of the env +; variable. Some examples: +; - server specifics like: %{REQUEST_METHOD}e or %{SERVER_PROTOCOL}e +; - HTTP headers like: %{HTTP_HOST}e or %{HTTP_USER_AGENT}e +; %f: script filename +; %l: content-length of the request (for POST request only) +; %m: request method +; %M: peak of memory allocated by PHP +; it can accept the following format: +; - %{bytes}M (default) +; - %{kilobytes}M +; - %{kilo}M +; - %{megabytes}M +; - %{mega}M +; %n: pool name +; %o: output header +; it must be associated with embraces to specify the name of the header: +; - %{Content-Type}o +; - %{X-Powered-By}o +; - %{Transfert-Encoding}o +; - .... +; %p: PID of the child that serviced the request +; %P: PID of the parent of the child that serviced the request +; %q: the query string +; %Q: the '?' character if query string exists +; %r: the request URI (without the query string, see %q and %Q) +; %R: remote IP address +; %s: status (response code) +; %t: server time the request was received +; it can accept a strftime(3) format: +; %d/%b/%Y:%H:%M:%S %z (default) +; The strftime(3) format must be encapsuled in a %{}t tag +; e.g. for a ISO8601 formatted timestring, use: %{%Y-%m-%dT%H:%M:%S%z}t +; %T: time the log has been written (the request has finished) +; it can accept a strftime(3) format: +; %d/%b/%Y:%H:%M:%S %z (default) +; The strftime(3) format must be encapsuled in a %{}t tag +; e.g. for a ISO8601 formatted timestring, use: %{%Y-%m-%dT%H:%M:%S%z}t +; %u: remote user +; +; Default: "%R - %u %t \"%m %r\" %s" +;access.format = "%R - %u %t \"%m %r%Q%q\" %s %f %{mili}d %{kilo}M %C%%" + +; The log file for slow requests +; Default Value: not set +; Note: slowlog is mandatory if request_slowlog_timeout is set +;slowlog = log/$pool.log.slow + +; The timeout for serving a single request after which a PHP backtrace will be +; dumped to the 'slowlog' file. A value of '0s' means 'off'. +; Available units: s(econds)(default), m(inutes), h(ours), or d(ays) +; Default Value: 0 +;request_slowlog_timeout = 0 + +; Depth of slow log stack trace. +; Default Value: 20 +;request_slowlog_trace_depth = 20 + +; The timeout for serving a single request after which the worker process will +; be killed. This option should be used when the 'max_execution_time' ini option +; does not stop script execution for some reason. A value of '0' means 'off'. +; Available units: s(econds)(default), m(inutes), h(ours), or d(ays) +; Default Value: 0 +;request_terminate_timeout = 0 + +; The timeout set by 'request_terminate_timeout' ini option is not engaged after +; application calls 'fastcgi_finish_request' or when application has finished and +; shutdown functions are being called (registered via register_shutdown_function). +; This option will enable timeout limit to be applied unconditionally +; even in such cases. +; Default Value: no +;request_terminate_timeout_track_finished = no + +; Set open file descriptor rlimit. +; Default Value: system defined value +;rlimit_files = 1024 + +; Set max core size rlimit. +; Possible Values: 'unlimited' or an integer greater or equal to 0 +; Default Value: system defined value +;rlimit_core = 0 + +; Chroot to this directory at the start. This value must be defined as an +; absolute path. When this value is not set, chroot is not used. +; Note: you can prefix with '$prefix' to chroot to the pool prefix or one +; of its subdirectories. If the pool prefix is not set, the global prefix +; will be used instead. +; Note: chrooting is a great security feature and should be used whenever +; possible. However, all PHP paths will be relative to the chroot +; (error_log, sessions.save_path, ...). +; Default Value: not set +;chroot = + +; Chdir to this directory at the start. +; Note: relative path can be used. +; Default Value: current directory or / when chroot +;chdir = /var/www + +; Redirect worker stdout and stderr into main error log. If not set, stdout and +; stderr will be redirected to /dev/null according to FastCGI specs. +; Note: on highloaded environment, this can cause some delay in the page +; process time (several ms). +; Default Value: no +;catch_workers_output = yes + +; Decorate worker output with prefix and suffix containing information about +; the child that writes to the log and if stdout or stderr is used as well as +; log level and time. This options is used only if catch_workers_output is yes. +; Settings to "no" will output data as written to the stdout or stderr. +; Default value: yes +;decorate_workers_output = no + +; Clear environment in FPM workers +; Prevents arbitrary environment variables from reaching FPM worker processes +; by clearing the environment in workers before env vars specified in this +; pool configuration are added. +; Setting to "no" will make all environment variables available to PHP code +; via getenv(), $_ENV and $_SERVER. +; Default Value: yes +;clear_env = no + +; Limits the extensions of the main script FPM will allow to parse. This can +; prevent configuration mistakes on the web server side. You should only limit +; FPM to .php extensions to prevent malicious users to use other extensions to +; execute php code. +; Note: set an empty value to allow all extensions. +; Default Value: .php +;security.limit_extensions = .php .php3 .php4 .php5 .php7 + +; Pass environment variables like LD_LIBRARY_PATH. All $VARIABLEs are taken from +; the current environment. +; Default Value: clean env +;env[HOSTNAME] = $HOSTNAME +;env[PATH] = /usr/local/bin:/usr/bin:/bin +;env[TMP] = /tmp +;env[TMPDIR] = /tmp +;env[TEMP] = /tmp + +; Additional php.ini defines, specific to this pool of workers. These settings +; overwrite the values previously defined in the php.ini. The directives are the +; same as the PHP SAPI: +; php_value/php_flag - you can set classic ini defines which can +; be overwritten from PHP call 'ini_set'. +; php_admin_value/php_admin_flag - these directives won't be overwritten by +; PHP call 'ini_set' +; For php_*flag, valid values are on, off, 1, 0, true, false, yes or no. + +; Defining 'extension' will load the corresponding shared extension from +; extension_dir. Defining 'disable_functions' or 'disable_classes' will not +; overwrite previously defined php.ini values, but will append the new value +; instead. + +; Note: path INI options can be relative and will be expanded with the prefix +; (pool, global or /usr/local) + +; Default Value: nothing is defined by default except the values in php.ini and +; specified at startup with the -d argument +;php_admin_value[sendmail_path] = /usr/sbin/sendmail -t -i -f www@my.domain.com +;php_flag[display_errors] = off +;php_admin_value[error_log] = /var/log/fpm-php.www.log +;php_admin_flag[log_errors] = on +;php_admin_value[memory_limit] = 32M diff --git a/configs/php/zz-docker.conf b/configs/php/zz-docker.conf new file mode 100644 index 0000000..363ab1f --- /dev/null +++ b/configs/php/zz-docker.conf @@ -0,0 +1,5 @@ +[global] +daemonize = no + +[www] +listen = 0.0.0.0:9000 diff --git a/configs/rabbitmq/enabled_plugins b/configs/rabbitmq/enabled_plugins new file mode 100644 index 0000000..318ea04 --- /dev/null +++ b/configs/rabbitmq/enabled_plugins @@ -0,0 +1 @@ +[rabbitmq_management,rabbitmq_prometheus]. \ No newline at end of file diff --git a/configs/redis/redis.conf b/configs/redis/redis.conf new file mode 100644 index 0000000..e69de29 diff --git a/docker-compose.yml b/docker-compose.yml new file mode 100644 index 0000000..590c130 --- /dev/null +++ b/docker-compose.yml @@ -0,0 +1,161 @@ +volumes: + certbot_volume: + nginx_log_volume: + mysql_data_volume: + mysql_backup_volume: + php_var_volume: + bookstack_data_volume: + rabbitmq_volume: + redis_volume: + php_support_volume: + + + +x-defaults-php: &defaults-php + build: + context: dot-dot + restart: unless-stopped + volumes: + - ./configs/php/.env:/application/.env + - ./configs/php/.env.local:/application/.env.local + - ./configs/php/zz-docker.conf:/usr/local/etc/php-fpm.d/zz-docker.conf + - php_var_volume:/application/var + - php_support_volume:/application/var/support-issue + - ./configs/php/www.conf:/usr/local/etc/php-fpm.d/www.conf + depends_on: + - db + - rabbitmq + networks: + - dd + +networks: + dd: + name: ${NETWORK} + +services: + db: + image: mariadb:10.3.25 + restart: unless-stopped + environment: + MYSQL_ROOT_PASSWORD: ${MYSQL_ROOT_PASSWORD} + MYSQL_USER: ${MYSQL_USER} + MYSQL_DATABASE: ${MYSQL_DATABASE} + MYSQL_PASSWORD: ${MYSQL_PASSWORD} + ports: + - ${MYSQL_PORT}:3306 + volumes: + - mysql_data_volume:/var/lib/mysql + - mysql_backup_volume:/backups + networks: + - dd + + backend: + <<: *defaults-php + # command: "php-fpm && nginx -g 'daemon off;'" + + php: + # TODO: Денис должен переделать и добавить + command: ./bin/console app:auction:reload + <<: *defaults-php + + statistic-export: + <<: *defaults-php + command: ./bin/console messenger:consume StatisticExport + + carrier-offers: + <<: *defaults-php + command: ./bin/console messenger:consume CarrierOffers + + user-trust: + <<: *defaults-php + command: ./bin/console messenger:consume UserTrust + + auction: + <<: *defaults-php + command: sh -c 'while true; do echo run; ./bin/console app:auction:process; sleep 60;done' + + lms: + build: + context: LMS + dockerfile: Dockerfile + restart: unless-stopped + command: npm run start + volumes: + - ./configs/lms/.env:/app/.env + env_file: + - ./configs/lms/.env + networks: + - dd + + static: + build: + context: dot-dot + dockerfile: Dockerfile_static + restart: unless-stopped + volumes: + - ./configs/static:/app + networks: + - dd + + nuxt: + build: + context: dot-dot + dockerfile: Dockerfile_nuxt + restart: unless-stopped + command: npm run start + volumes: + - ./configs/nuxt/.env:/application/nuxt/.env + - ./configs/nuxt/entrypoint.sh:/entrypoint.sh + env_file: + - ./configs/nuxt/.env + networks: + - dd + + nginx: + image: nginx:1.25.3-alpine3.18 + restart: unless-stopped + volumes: + - ./configs/nginx/conf.d:/etc/nginx/conf.d + - ./configs/nginx/nginx.conf:/etc/nginx/nginx.conf + - ./configs/nginx/www:/var/www + - ./configs/nginx/ssl:/etc/nginx/ssl + - ./configs/nginx/other:/etc/nginx/other + - certbot_volume:/etc/letsencrypt + - nginx_log_volume:/var/log/nginx + ports: + - 80:80 + - 443:443 + depends_on: + - nuxt + - php + - static + networks: + dd: + aliases: + - nginx + + rabbitmq: + image: rabbitmq:3.12.1-management-alpine + restart: unless-stopped + hostname: ${COMPOSE_PROJECT_NAME} + volumes: + - rabbitmq_volume:/var/lib/rabbitmq + - ./configs/rabbitmq/enabled_plugins:/etc/rabbitmq/enabled_plugins + environment: + - RABBITMQ_DEFAULT_USER=${RABBITMQ_USERNAME} + - RABBITMQ_DEFAULT_PASS=${RABBITMQ_PASSWORD} + - RABBITMQ_CONFIG_FILE=/etc/rabbitmq/rabbitmq.conf + networks: + dd: {} + + redis: + image: redis:7.2.4-alpine3.19 + restart: unless-stopped + volumes: + - redis_volume:/data + - ./configs/redis:/usr/local/etc/redis + environment: + - REDIS_PASSWORD=${REDIS_PASSWORD} + - REDIS_PORT=6379 + networks: + dd: {} diff --git a/scripts/chowner.sh b/scripts/chowner.sh new file mode 100755 index 0000000..286b742 --- /dev/null +++ b/scripts/chowner.sh @@ -0,0 +1,7 @@ +#!/bin/bash + + +volume='/var/lib/docker/volumes/prod_php_var_volume/_data/log' +for x in $(sudo ls -l $volume | grep root | awk -F' ' '{print $9}');do + sudo chown 82:82 $volume/$x; +done diff --git a/scripts/make_backup_mysql.sh b/scripts/make_backup_mysql.sh new file mode 100755 index 0000000..1dc21e5 --- /dev/null +++ b/scripts/make_backup_mysql.sh @@ -0,0 +1,16 @@ +#!/bin/bash + +SS_CONTAINER='backup_db' +BACK_DIR='/var/tmp/db/backups' + +# Remote backup +MYSQL_CRED='-uroot -pahwaireiNeebeeW9keiZ' + +HOST=$(hostname -s) +DATABASES=$(docker exec -i -u root prod-db-1 mysql ${MYSQL_CRED} -s -AN -e 'show databases' | grep -vE "information_schema|analytics|performance_schema|trash|sys") +for database in ${DATABASES}; do + DUMPFILE="${database}.$(date +%a).sql.gz" + docker exec -i -u root prod-db-1 mysqldump ${MYSQL_CRED} --max_allowed_packet=1G --add-drop-table --single-transaction --extended-insert ${database} | gzip -c > $BACK_DIR/${DUMPFILE} 2>&1 + rclone move $BACK_DIR/${DUMPFILE} selectel:backup_db/dot/${DUMPFILE} + #rm -vf $BACK_DIR/${DUMPFILE} 2>&1 +done