Initial Upload

docker/etc/apache2/mods-enabled/mpm_prefork.conf

@@ -0,0 +1,14 @@
+# prefork MPM
+# StartServers: number of server processes to start
+# MinSpareServers: minimum number of server processes which are kept spare
+# MaxSpareServers: maximum number of server processes which are kept spare
+# MaxRequestWorkers: maximum number of server processes allowed to start
+# MaxConnectionsPerChild: maximum number of requests a server process serves
+
+<IfModule mpm_prefork_module>
+        StartServers              ${CMS_APACHE_START_SERVERS}
+        MinSpareServers           ${CMS_APACHE_MIN_SPARE_SERVERS}
+        MaxSpareServers           ${CMS_APACHE_MAX_SPARE_SERVERS}
+        MaxRequestWorkers         ${CMS_APACHE_MAX_REQUEST_WORKERS}
+        MaxConnectionsPerChild    ${CMS_APACHE_MAX_CONNECTIONS_PER_CHILD}
+</IfModule>

docker/etc/apache2/sites-available/000-default.conf

@@ -0,0 +1,66 @@
+TraceEnable Off
+ServerSignature Off
+ServerTokens OS
+
+<VirtualHost *:80>
+  ServerAdmin me@example.org
+  DocumentRoot /var/www/cms/web/
+
+  PassEnv MYSQL_DATABASE
+  PassEnv MYSQL_HOST
+  PassEnv MYSQL_USER
+  PassEnv MYSQL_PORT
+  PassEnv MYSQL_PASSWORD
+  PassEnv MYSQL_ATTR_SSL_CA
+  PassEnv MYSQL_ATTR_SSL_VERIFY_SERVER_CERT
+  PassEnv CMS_SERVER_NAME
+  PassEnv CMS_DEV_MODE
+  PassEnv INSTALL_TYPE
+  PassEnv GIT_COMMIT
+  PassEnv CMS_USE_MEMCACHED
+  PassEnv MEMCACHED_HOST
+  PassEnv MEMCACHED_PORT
+  PassEnv XMR_HOST
+
+  ServerName ${CMS_SERVER_NAME}
+
+  KeepAlive Off
+  LimitRequestBody 0
+
+  XSendFile on
+  XSendFilePath /var/www/cms/library
+
+  <Directory /var/www/cms/web/>
+      DirectoryIndex index.php index.html
+      Options -Indexes +FollowSymLinks -MultiViews
+      AllowOverride All
+      Require all granted
+  </Directory>
+
+  Alias /chromeos /var/www/cms/library/playersoftware/chromeos/latest
+  <Directory /var/www/cms/library/playersoftware/chromeos/latest>
+      php_admin_value engine Off
+      DirectoryIndex index.html
+      Options -Indexes -FollowSymLinks -MultiViews
+      AllowOverride None
+      Require all granted
+  </Directory>
+
+  <Location /xmr>
+      ProxyPass ws://${XMR_HOST}:8080
+  </Location>
+
+  ErrorLog /dev/stderr
+
+  LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" *%Ts* *%Dus*" requesttime
+
+  CustomLog /dev/stdout combined
+  CustomLog /dev/stdout requesttime
+
+  # Hardening
+  Header always append X-Frame-Options SAMEORIGIN
+  Header always append X-Content-Type-Options nosniff
+
+  # Alias /xibo /var/www/cms/web
+
+</VirtualHost>

docker/etc/msmtprc

@@ -0,0 +1,22 @@
+account cms
+
+# CMS_SMTP_SERVER
+host smtp.gmail.com
+# CMS_SMTP_SERVER
+port 587
+auth off
+# CMS_SMTP_USERNAME
+user example
+# CMS_SMTP_PASSWORD
+password password
+# CMS_SMTP_USE_TLS
+tls on
+# CMS_SMTP_USE_STARTTLS
+tls_starttls on
+# CMS_SMTP_REWRITE_DOMAIN
+maildomain gmail.com
+# CMS_SMTP_HOSTNAME
+domain gmail.com
+from cms@example.org
+
+account default : cms

docker/etc/periodic/15min/cms-db-backup

@@ -0,0 +1,89 @@
+#!/bin/bash
+
+#
+# Copyright (c) 2022 Xibo Signage Ltd
+#
+# Xibo - Digital Signage - http://www.xibo.org.uk
+#
+# This file is part of Xibo.
+#
+# Xibo is free software: you can redistribute it and/or modify
+# it under the terms of the GNU Affero General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# any later version.
+#
+# Xibo is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU Affero General Public License for more details.
+#
+# You should have received a copy of the GNU Affero General Public License
+# along with Xibo.  If not, see <http://www.gnu.org/licenses/>.
+#
+
+/bin/mkdir -p /var/www/backup/db
+age=86401
+
+MYSQL_BACKUP_ENABLED=
+MYSQL_DATABASE=
+
+# Is this enabled?
+if [ "$MYSQL_BACKUP_ENABLED" == "false" ]
+then
+  echo "Backup not enabled"
+  exit 0
+fi
+
+# See if there is an existing backup, and if so, get its age
+if [ -e /var/www/backup/db/latest.sql.gz ]
+then
+    age=$((`date +%s` - `date -r /var/www/backup/db/latest.sql.gz +%s`))
+
+    # Age can potentially be negative. If it is, make it 0 so that
+    # we run a backup now
+    if [ $age -lt 0 ]
+    then
+        echo "Last backup was in the future. Resetting"
+        age=86401
+    fi
+
+    echo "Existing backup is $age seconds old"
+fi
+
+# Check if mysqldump is running already
+# pgrep exits with 0 if a process is found and 1 otherwise
+pgrep mysqldump > /dev/null 2>&1
+mysqldump_running=$?
+
+# If the backup is older than 1 day, and mysqldump isn't running,
+# then take a new one
+if [ $age -gt 86400 ] && [ $mysqldump_running -ne 0 ]
+then
+    echo "Creating new backup"
+
+    # Tell bash to consider all exit values when evaluating the
+    # exit code of a pipe rather than just the right-most one
+    # That way we can detect if mysqldump errors or is killed etc
+    set -o pipefail
+
+    /usr/bin/mysqldump --single-transaction --hex-blob --no-tablespaces $MYSQL_DATABASE \
+      | gzip > /var/www/backup/db/backup.sql.gz
+
+    RESULT=$?
+
+    if [ $RESULT -eq 0 ] && [ -e /var/www/backup/db/backup.sql.gz ]
+    then
+        echo "Rotating backups"
+        mv /var/www/backup/db/latest.sql.gz /var/www/backup/db/previous.sql.gz
+        mv /var/www/backup/db/backup.sql.gz /var/www/backup/db/latest.sql.gz
+        exit 0
+    else
+        echo "BACKUP FAILED"
+        echo "Not rotating backups"
+        exit 1
+    fi
+elif [ $mysqldump_running -eq 0 ]
+then
+    echo "Backup already in progress. Exiting"
+    exit 0
+fi