From a0c1042086c8cc179ff234a1127b9c03b41db051 Mon Sep 17 00:00:00 2001
From: Fred Boniface <fred@fjla.uk>
Date: Thu, 6 Mar 2025 10:19:44 +0000
Subject: [PATCH] Initial

---
 README.md         | 22 +++++++++++++++++
 nginx/Dockerfile  | 21 ++++++++++++++++
 nginx/nginx.conf  | 63 +++++++++++++++++++++++++++++++++++++++++++++++
 php/Dockerfile    | 32 ++++++++++++++++++++++++
 php/entrypoint.sh | 15 +++++++++++
 php/php.ini       | 20 +++++++++++++++
 stack.yaml        | 27 ++++++++++++++++++++
 7 files changed, 200 insertions(+)
 create mode 100644 README.md
 create mode 100644 nginx/Dockerfile
 create mode 100644 nginx/nginx.conf
 create mode 100644 php/Dockerfile
 create mode 100644 php/entrypoint.sh
 create mode 100644 php/php.ini
 create mode 100644 stack.yaml

diff --git a/README.md b/README.md
new file mode 100644
index 0000000..bc9d286
--- /dev/null
+++ b/README.md
@@ -0,0 +1,22 @@
+# Containerised OWA
+
+Run OWA in a Docker, Docker Swarm, or Kubernetes environment.
+
+This setup assumes a database on a separate host - to use a containerised database add that to your compose/stack/manifest and ensure the configuration mount is correct for your environment.
+
+## Versions
+
+This repo provides one nginx and one php-fpm container, both are required to run OWA.  Ensure that both the nginx and php-fpm container are of the same version to avoid incomatibilities.
+
+## php-fpm
+
+Configure the database connection and OWA config with environment variables passed to the php-fpm container.
+
+|Variable|Value|
+|OWA_DB_TYPE|mysql|
+|OWA_DB_NAME|Name of the database|
+|OWA_DB_HOST|Host/IP of the database server|
+|OWA_DB_USER|Username for the database|
+|OWA_DB_PASS|Password for the user|
+|OWA_PUBLIC_URL|Public URL for the OWA installation|
+|OWA_SITE_ID|Site ID|
\ No newline at end of file
diff --git a/nginx/Dockerfile b/nginx/Dockerfile
new file mode 100644
index 0000000..3152977
--- /dev/null
+++ b/nginx/Dockerfile
@@ -0,0 +1,21 @@
+FROM nginx:alpine
+
+ENV OWA_VERSION=1.7.8
+ENV OWA_URL="https://github.com/Open-Web-Analytics/Open-Web-Analytics/archive/refs/tags/${OWA_VERSION}.zip"
+
+COPY nginx.conf /etc/nginx/nginx.conf
+
+RUN apk add --no-cache curl unzip && \
+    curl -L $OWA_URL -o /tmp/owa.zip && \
+    unzip /tmp/owa.zip -d /usr/share/nginx/html/ && \
+    mv /usr/share/nginx/html/Open-Web-Analytics-${OWA_VERSION} /usr/share/nginx/html/owa && \
+    chown -R nginx:nginx /usr/share/nginx/html/owa && \
+    rm /tmp/owa.zip
+
+WORKDIR /usr/share/nginx/html/owa
+
+WORKDIR /var/www/html
+
+EXPOSE 80
+
+CMD ["nginx", "-g", "daemon off;"]
\ No newline at end of file
diff --git a/nginx/nginx.conf b/nginx/nginx.conf
new file mode 100644
index 0000000..7238919
--- /dev/null
+++ b/nginx/nginx.conf
@@ -0,0 +1,63 @@
+worker_processes auto;
+events {
+    worker_connections 1024;
+}
+
+http {
+    include       mime.types;
+    default_type  application/octet-stream;
+    sendfile        on;
+    keepalive_timeout  65;
+    server_tokens off; # Hide Nginx version for security
+
+    server {
+        listen 80;
+        server_name _; # Change to your domain if needed
+
+        root /usr/share/nginx/html/owa;
+        index index.php index.html;
+
+        # Logging (Optional)
+        access_log /var/log/nginx/owa_access.log;
+        error_log  /var/log/nginx/owa_error.log;
+
+        # Serve static files directly
+        location ~* \.(css|js|gif|png|jpg|jpeg|ico|woff|woff2|ttf|svg|eot|otf)$ {
+            expires max;
+            log_not_found off;
+        }
+
+        # Pass PHP scripts to PHP-FPM
+        location ~ \.php$ {
+            include fastcgi_params;
+            fastcgi_pass php:9000; # PHP container (same as `php` service in Docker)
+            fastcgi_index index.php;
+            fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
+        }
+
+        # Handle OWA tracking requests
+        location ~* ^/modules/base/js.php$ {
+            include fastcgi_params;
+            fastcgi_pass php:9000;
+            fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
+            expires max;
+            add_header Cache-Control "public, max-age=31536000, immutable";
+        }
+
+        location ~* ^/owa.php$ {
+            include fastcgi_params;
+            fastcgi_pass php:9000;
+            fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
+        }
+
+        # Deny access to sensitive files
+        location ~* /(config|logs|cache|modules/base/i18n)/ {
+            deny all;
+        }
+
+        # Security headers
+        add_header X-Frame-Options DENY;
+        add_header X-Content-Type-Options nosniff;
+        add_header X-XSS-Protection "1; mode=block";
+    }
+}
diff --git a/php/Dockerfile b/php/Dockerfile
new file mode 100644
index 0000000..9cc4598
--- /dev/null
+++ b/php/Dockerfile
@@ -0,0 +1,32 @@
+FROM php:8.3-fpm
+
+COPY entrypoint.sh /entrypoint.sh
+RUN chmod +x /entrypoint.sh
+ENTRYPOINT [ "/entrypoint.sh" ]
+CMD ["php-fpm"]
+COPY php.ini /usr/local/etc/php/php.ini
+EXPOSE 9000
+
+ENV OWA_VERSION=1.7.8
+ENV OWA_URL="https://github.com/Open-Web-Analytics/Open-Web-Analytics/archive/refs/tags/${OWA_VERSION}.zip"
+
+RUN apt-get update && apt-get install -y \
+    libpng-dev \
+    libjpeg-dev \
+    libfreetype6-dev \
+    libxml2-dev \
+    zip unzip curl git \
+    && docker-php-ext-configure gd --with-freetype --with-jpeg \
+    && docker-php-ext-install gd mysqli pdo pdo_mysql xml \
+    && apt-get clean \
+    && rm -rf /var/lib/apt/lists/*
+
+RUN curl -L $OWA_URL -o /tmp/owa.zip && \
+    unzip /tmp/owa.zip -d /var/www/html/ && \
+    mv /var/www/html/Open-Web-Analytics-${OWA_VERSION} /var/www/html/owa && \
+    chown -R www-data:www-data /var/www/html/owa && \
+    rm /tmp/owa.zip
+
+WORKDIR /var/www/html/owa
+
+RUN chown -R www-data:www-data /var/www/html/owa
\ No newline at end of file
diff --git a/php/entrypoint.sh b/php/entrypoint.sh
new file mode 100644
index 0000000..9bbc513
--- /dev/null
+++ b/php/entrypoint.sh
@@ -0,0 +1,15 @@
+#!/bin/sh
+
+cat <<EOL > /var/www/html/owa/config/owa-config.php
+<?php
+define('OWA_DB_TYPE', getenv('OWA_DB_TYPE') ?: 'mysql');
+define('OWA_DB_NAME', getenv('OWA_DB_NAME') ?: 'owadb');
+define('OWA_DB_HOST', getenv('OWA_DB_HOST') ?: 'db');
+define('OWA_DB_USER', getenv('OWA_DB_USER') ?: 'owauser');
+define('OWA_DB_PASSWORD', getenv('OWA_DB_PASS') ?: 'strongpassword');
+define('OWA_PUBLIC_URL', 'https://your-owa-domain.com/owa/');
+define('OWA_SITE_ID', 'your-site-id');
+?>
+EOL
+
+exec "$@"
diff --git a/php/php.ini b/php/php.ini
new file mode 100644
index 0000000..c447b53
--- /dev/null
+++ b/php/php.ini
@@ -0,0 +1,20 @@
+[PHP]
+memory_limit = 256M
+upload_max_filesize = 32M
+post_max_size = 32M
+max_execution_time = 300
+max_input_time = 300
+date.timezone = UTC
+display_errors = Off
+log_errors = On
+error_log = /var/log/php_errors.log
+session.save_handler = files
+session.gc_maxlifetime = 1440
+zlib.output_compression = On
+
+[opcache]
+opcache.enable=1
+opcache.memory_consumption=128
+opcache.max_accelerated_files=10000
+opcache.validate_timestamps=1
+opcache.revalidate_freq=2
diff --git a/stack.yaml b/stack.yaml
new file mode 100644
index 0000000..d1c457b
--- /dev/null
+++ b/stack.yaml
@@ -0,0 +1,27 @@
+version: '3.8'
+
+services:
+  php:
+    image: git.fjla.uk/fred.boniface/owa-php:1.7.8
+    container_name: owa_php
+    environment:
+      OWA_DB_HOST: "db_host"
+      OWA_DB_NAME: "owa_db"
+      OWA_DB_USER: "owa_user"
+      OWA_DB_PASS: "owa_password"
+    deploy:
+      replicas: 1
+      restart_policy:
+        condition: on-failure
+
+  nginx:
+    image: git.fjla.uk/fred.boniface/owa-nginx:1.7.8
+    container_name: owa_nginx
+    ports:
+      - "80:80"
+    depends_on:
+      - php
+    deploy:
+      replicas: 1
+      restart_policy:
+        condition: on-failure
\ No newline at end of file