Commit aacd4848 authored by Dominik Hebeler's avatar Dominik Hebeler
Browse files

Merge branch '29-optimize-pipeline' into 'master'

Resolve "optimize pipeline"

Closes #29

See merge request !28
parents 7786af55 2c85f03c
.composer
.npm
.gitlab
.vscode
node_modules
vendor
.editorconfig
.git
.gitattributes
.gitignore
.gitlab-ci.yaml
.gitlab
.gitlab-ci.yaml
\ No newline at end of file
APP_ENV=local
APP_KEY=
APP_DEBUG=true
APP_LOG_LEVEL=debug
LOG_CHANNEL=stderr
APP_URL=https://localhost:8080
DB_CONNECTION=mysql
DB_HOST=127.0.0.1
DB_PORT=3306
DB_DATABASE=homestead
DB_USERNAME=homestead
DB_PASSWORD=secret
BROADCAST_DRIVER=log
CACHE_DRIVER=redis
SESSION_DRIVER=array
QUEUE_DRIVER=sync
CENTRAL_REDIS_HOST=redis
CENTRAL_REDIS_PASSWORD=null
CENTRAL_REDIS_PORT=6379
REDIS_HOST=redis
REDIS_PASSWORD=null
REDIS_PORT=6379
MAIL_DRIVER=smtp
MAIL_HOST=mailtrap.io
MAIL_PORT=2525
MAIL_USERNAME=null
MAIL_PASSWORD=null
MAIL_ENCRYPTION=null
PUSHER_APP_ID=
PUSHER_APP_KEY=
PUSHER_APP_SECRET=
PROXY_PASSWORD_OLD=secure_password
PROXY_PASSWORD=very_secure_password
PROXY_TIMEOUT=3600
PROXY_URL=https://localhost:8080
PROXY_LOG_LOCATION=/var/log/proxy/proxy.log
PROXY_MEMORY_CACHE=5242880
PROXY_FREE_DOWNLOAD_LIMIT=104857600
CACHE_ENABLED=true
\ No newline at end of file
...@@ -4,6 +4,7 @@ ...@@ -4,6 +4,7 @@
/storage/*.key /storage/*.key
/vendor /vendor
.npm .npm
.composer
.env .env
.env.backup .env.backup
.phpunit.result.cache .phpunit.result.cache
......
...@@ -14,6 +14,7 @@ variables: ...@@ -14,6 +14,7 @@ variables:
SAST_DISABLED: "true" SAST_DISABLED: "true"
TEST_DISABLED: "true" TEST_DISABLED: "true"
CACHE_FALLBACK_KEY: proxy-master CACHE_FALLBACK_KEY: proxy-master
AUTO_DEVOPS_BUILD_IMAGE_FORWARDED_CI_VARIABLES: "AWS_ACCESS_KEY_ID,AWS_SECRET_ACCESS_KEY,S3_HOST,S3_BUCKETNAME"
include: include:
- template: Jobs/Build.gitlab-ci.yml - template: Jobs/Build.gitlab-ci.yml
...@@ -23,7 +24,6 @@ include: ...@@ -23,7 +24,6 @@ include:
image: "registry.gitlab.com/gitlab-org/cluster-integration/auto-deploy-image:v2.12.0" image: "registry.gitlab.com/gitlab-org/cluster-integration/auto-deploy-image:v2.12.0"
stages: stages:
- prepare
- build - build
- test - test
- deploy # dummy stage to follow the template guidelines - deploy # dummy stage to follow the template guidelines
...@@ -38,30 +38,6 @@ stages: ...@@ -38,30 +38,6 @@ stages:
- incremental rollout 100% - incremental rollout 100%
- performance - performance
- cleanup - cleanup
prepare_node:
stage: prepare
image: node:16
before_script:
- npm i --cache .npm --prefer-offline --no-audit --progress=false
script:
- npm run prod
artifacts:
paths:
- public/js/
- public/css/
- public/mix-manifest.json
cache:
# Reuse existing cache or create new one if package-lock changed
key:
files:
- package-lock.json
paths:
- .npm
- node_modules
only:
- branches
- tags
build: build:
services: services:
......
...@@ -4,7 +4,7 @@ podDisruptionBudget: ...@@ -4,7 +4,7 @@ podDisruptionBudget:
maxUnavailable: maxUnavailable:
service: service:
externalPort: 80 externalPort: 80
internalPort: 80 internalPort: 8080
commonName: commonName:
ingress: ingress:
tls: tls:
......
...@@ -4,7 +4,7 @@ podDisruptionBudget: ...@@ -4,7 +4,7 @@ podDisruptionBudget:
maxUnavailable: maxUnavailable:
service: service:
externalPort: 80 externalPort: 80
internalPort: 80 internalPort: 8080
commonName: commonName:
ingress: ingress:
tls: tls:
......
service: service:
enabled: true enabled: true
externalPort: 80 externalPort: 80
internalPort: 80 internalPort: 8080
commonName: "" commonName: ""
ingress: ingress:
tls: tls:
......
FROM debian:10 # syntax = docker/dockerfile:experimental
FROM debian:10 AS dependencies
WORKDIR /html
EXPOSE 8080
# Install System Components # Install System Components
RUN apt update \ RUN apt update \
&& apt install -y \ && apt install -y \
nginx \ nginx \
tzdata \ tzdata \
cron \
lsb-release \ lsb-release \
apt-transport-https \ apt-transport-https \
zip \ curl \
curl zip
RUN curl -o /etc/apt/trusted.gpg.d/php.gpg https://packages.sury.org/php/apt.gpg \ RUN curl -o /etc/apt/trusted.gpg.d/php.gpg https://packages.sury.org/php/apt.gpg \
&& echo "deb https://packages.sury.org/php/ $(lsb_release -sc) main" | tee /etc/apt/sources.list.d/php.list && echo "deb https://packages.sury.org/php/ $(lsb_release -sc) main" | tee /etc/apt/sources.list.d/php.list
...@@ -30,15 +33,34 @@ RUN apt update \ ...@@ -30,15 +33,34 @@ RUN apt update \
php7.4-dom \ php7.4-dom \
php7.4-fileinfo \ php7.4-fileinfo \
php7.4-redis \ php7.4-redis \
php7.4-xdebug \
php7.4-zip php7.4-zip
WORKDIR /html # Install Composer
COPY ./helpers/installComposer.sh /usr/bin/installComposer
RUN chmod +x /usr/bin/installComposer && \
/usr/bin/installComposer && \
rm /usr/bin/installComposer
RUN sed -i 's/error_log = \/var\/log\/php7.4-fpm.log/error_log = \/dev\/stderr/g' /etc/php/7.4/fpm/php-fpm.conf && \ # Install Nodejs
COPY ./helpers/installNodejs.sh /usr/bin/installNodejs
RUN chmod +x /usr/bin/installNodejs && \
/usr/bin/installNodejs && \
rm /usr/bin/installNodejs
ENV PATH /usr/local/lib/nodejs/bin:$PATH
# Install Minio Client
RUN curl -o /usr/bin/mc "https://dl.min.io/client/mc/release/linux-amd64/mc" &&\
chmod +x /usr/bin/mc
FROM dependencies AS development
RUN sed -i 's/pid = \/run\/php\/php7.4-fpm.pid/;pid = \/run\/php\/php7.4-fpm.pid/g' /etc/php/7.4/fpm/php-fpm.conf && \
sed -i 's/error_log = \/var\/log\/php7.4-fpm.log/error_log = \/dev\/stderr/g' /etc/php/7.4/fpm/php-fpm.conf && \
sed -i 's/;daemonize = yes/daemonize = no/g' /etc/php/7.4/fpm/php-fpm.conf && \ sed -i 's/;daemonize = yes/daemonize = no/g' /etc/php/7.4/fpm/php-fpm.conf && \
mkdir -p /run/php && \
sed -i 's/listen = \/run\/php\/php7.4-fpm.sock/listen = 9000/g' /etc/php/7.4/fpm/pool.d/www.conf && \ sed -i 's/listen = \/run\/php\/php7.4-fpm.sock/listen = 9000/g' /etc/php/7.4/fpm/pool.d/www.conf && \
sed -i 's/decorate_workers_output = no/decorate_workers_output = no/g' /etc/php/7.4/fpm/pool.d/www.conf && \ sed -i 's/decorate_workers_output = no/decorate_workers_output = no/g' /etc/php/7.4/fpm/pool.d/www.conf && \
sed -i 's/;catch_workers_output = yes/catch_workers_output = yes/g' /etc/php/7.4/fpm/pool.d/www.conf && \
sed -i 's/user = nobody/user = www-data/g' /etc/php/7.4/fpm/pool.d/www.conf && \ sed -i 's/user = nobody/user = www-data/g' /etc/php/7.4/fpm/pool.d/www.conf && \
sed -i 's/group = nobody/group = www-data/g' /etc/php/7.4/fpm/pool.d/www.conf && \ sed -i 's/group = nobody/group = www-data/g' /etc/php/7.4/fpm/pool.d/www.conf && \
sed -i 's/pm.max_children = 5/pm.max_children = 1024/g' /etc/php/7.4/fpm/pool.d/www.conf && \ sed -i 's/pm.max_children = 5/pm.max_children = 1024/g' /etc/php/7.4/fpm/pool.d/www.conf && \
...@@ -46,33 +68,54 @@ RUN sed -i 's/error_log = \/var\/log\/php7.4-fpm.log/error_log = \/dev\/stderr/g ...@@ -46,33 +68,54 @@ RUN sed -i 's/error_log = \/var\/log\/php7.4-fpm.log/error_log = \/dev\/stderr/g
sed -i 's/pm.min_spare_servers = 1/pm.min_spare_servers = 5/g' /etc/php/7.4/fpm/pool.d/www.conf && \ sed -i 's/pm.min_spare_servers = 1/pm.min_spare_servers = 5/g' /etc/php/7.4/fpm/pool.d/www.conf && \
sed -i 's/pm.max_spare_servers = 3/pm.max_spare_servers = 50/g' /etc/php/7.4/fpm/pool.d/www.conf && \ sed -i 's/pm.max_spare_servers = 3/pm.max_spare_servers = 50/g' /etc/php/7.4/fpm/pool.d/www.conf && \
sed -i 's/;cgi.fix_pathinfo=1/cgi.fix_pathinfo=0/g' /etc/php/7.4/fpm/php.ini && \ sed -i 's/;cgi.fix_pathinfo=1/cgi.fix_pathinfo=0/g' /etc/php/7.4/fpm/php.ini && \
sed -i 's/expose_php = On/expose_php = Off/g' /etc/php/7.4/fpm/php.ini && \ sed -i 's/;zend_extension=xdebug.so/zend_extension=xdebug.so/g' /etc/php/7.4/fpm/conf.d/20-xdebug.ini && \
# Opcache configuration echo "xdebug.mode = debug" >> /etc/php/7.4/fpm/conf.d/20-xdebug.ini && \
echo "xdebug.start_with_request = yes" >> /etc/php/7.4/fpm/conf.d/20-xdebug.ini && \
echo "xdebug.discover_client_host = true" >> /etc/php/7.4/fpm/conf.d/20-xdebug.ini && \
echo "xdebug.idekey=VSCODE" >> /etc/php/7.4/fpm/conf.d/20-xdebug.ini && \
cp /usr/share/zoneinfo/Europe/Berlin /etc/localtime && \
echo "Europe/Berlin" > /etc/timezone
# Using image as non-root
RUN groupadd -g 1000 metager-proxy && \
useradd -b /home/metager-proxy -g 1000 -u 1000 -M -s /bin/bash metager-proxy
RUN chown -R 1000:1000 /var/lib/nginx /var/log/nginx
RUN mkdir -p /home/metager-proxy &&\
chown 1000:1000 /home/metager-proxy
RUN touch /run/nginx.pid && \
chown 1000:1000 /run/nginx.pid
USER 1000:1000
CMD /entrypoint.sh
# Just the changes we need for production use (i.e. enable opcache, disable xdebug, etc.)
FROM development AS production
USER 0:0
# Opcache configuration
RUN apt purge -y php7.4-xdebug
RUN sed -i 's/expose_php = On/expose_php = Off/g' /etc/php/7.4/fpm/php.ini && \
sed -i 's/;opcache.enable=1/opcache.enable=1/g' /etc/php/7.4/fpm/php.ini && \ sed -i 's/;opcache.enable=1/opcache.enable=1/g' /etc/php/7.4/fpm/php.ini && \
sed -i 's/;opcache.memory_consumption=128/opcache.memory_consumption=128/g' /etc/php/7.4/fpm/php.ini && \ sed -i 's/;opcache.memory_consumption=128/opcache.memory_consumption=128/g' /etc/php/7.4/fpm/php.ini && \
sed -i 's/;opcache.interned_strings_buffer=8/opcache.interned_strings_buffer=8/g' /etc/php/7.4/fpm/php.ini && \ sed -i 's/;opcache.interned_strings_buffer=8/opcache.interned_strings_buffer=8/g' /etc/php/7.4/fpm/php.ini && \
sed -i 's/;opcache.max_accelerated_files=10000/opcache.max_accelerated_files=10000/g' /etc/php/7.4/fpm/php.ini && \ sed -i 's/;opcache.max_accelerated_files=10000/opcache.max_accelerated_files=10000/g' /etc/php/7.4/fpm/php.ini && \
sed -i 's/;opcache.max_wasted_percentage=5/opcache.max_wasted_percentage=5/g' /etc/php/7.4/fpm/php.ini && \ sed -i 's/;opcache.max_wasted_percentage=5/opcache.max_wasted_percentage=5/g' /etc/php/7.4/fpm/php.ini && \
sed -i 's/;opcache.validate_timestamps=1/opcache.validate_timestamps=1/g' /etc/php/7.4/fpm/php.ini && \ sed -i 's/;opcache.validate_timestamps=1/opcache.validate_timestamps=1/g' /etc/php/7.4/fpm/php.ini && \
sed -i 's/;opcache.revalidate_freq=2/opcache.revalidate_freq=300/g' /etc/php/7.4/fpm/php.ini && \ sed -i 's/;opcache.revalidate_freq=2/opcache.revalidate_freq=300/g' /etc/php/7.4/fpm/php.ini
cp /usr/share/zoneinfo/Europe/Berlin /etc/localtime && \
echo "Europe/Berlin" > /etc/timezone && \
(crontab -l ; echo "* * * * * php /html/artisan schedule:run >> /dev/null 2>&1") | crontab -
COPY config/nginx.conf /etc/nginx/nginx.conf COPY config/nginx.conf /etc/nginx/nginx.conf
COPY config/nginx-default.conf /etc/nginx/sites-available/default COPY config/nginx-default.conf /etc/nginx/sites-available/default
RUN sed -i 's/fastcgi_pass phpfpm:9000;/fastcgi_pass localhost:9000;/g' /etc/nginx/sites-available/default RUN sed -i 's/fastcgi_pass phpfpm:9000;/fastcgi_pass localhost:9000;/g' /etc/nginx/sites-available/default
COPY --chown=root:www-data . /html
COPY ./helpers/installComposer.sh /usr/bin/installComposer # Install Entrypoint
RUN chmod +x /usr/bin/installComposer && \ COPY ./helpers/entrypoint.sh /entrypoint.sh
/usr/bin/installComposer && \ RUN chmod +x /entrypoint.sh
rm /usr/bin/installComposer && \
composer install --no-dev
WORKDIR /html COPY --chown=1000:1000 . /html
EXPOSE 80
# Install packages
RUN --mount=type=secret,id=auto-devops-build-secrets . /run/secrets/auto-devops-build-secrets && \
chmod +x ./helpers/installPackages.sh && \
/bin/sh -c ./helpers/installPackages.sh
CMD cron -L /dev/stdout && \ USER 1000:1000
php-fpm7.4 -F -R
FROM debian:10
# Install System Components
RUN apt update \
&& apt install -y \
nginx \
tzdata \
cron \
lsb-release \
apt-transport-https \
curl \
zip
RUN curl -o /etc/apt/trusted.gpg.d/php.gpg https://packages.sury.org/php/apt.gpg \
&& echo "deb https://packages.sury.org/php/ $(lsb_release -sc) main" | tee /etc/apt/sources.list.d/php.list
# Install PHP Components
RUN apt update \
&& apt install -y \
php7.4 \
php7.4-fpm \
php7.4-json \
php7.4-bcmath \
php7.4-ctype \
php7.4-mbstring \
php7.4-pdo \
php7.4-tokenizer \
php7.4-xml \
php7.4-curl \
php7.4-dom \
php7.4-fileinfo \
php7.4-redis \
php7.4-xdebug \
php7.4-zip
WORKDIR /html
RUN sed -i 's/error_log = \/var\/log\/php7.4-fpm.log/error_log = \/dev\/stderr/g' /etc/php/7.4/fpm/php-fpm.conf && \
sed -i 's/;daemonize = yes/daemonize = no/g' /etc/php/7.4/fpm/php-fpm.conf && \
mkdir -p /run/php && \
sed -i 's/listen = \/run\/php\/php7.4-fpm.sock/listen = 9000/g' /etc/php/7.4/fpm/pool.d/www.conf && \
sed -i 's/decorate_workers_output = no/decorate_workers_output = no/g' /etc/php/7.4/fpm/pool.d/www.conf && \
sed -i 's/user = nobody/user = www-data/g' /etc/php/7.4/fpm/pool.d/www.conf && \
sed -i 's/group = nobody/group = www-data/g' /etc/php/7.4/fpm/pool.d/www.conf && \
sed -i 's/pm.max_children = 5/pm.max_children = 100/g' /etc/php/7.4/fpm/pool.d/www.conf && \
sed -i 's/pm.start_servers = 2/pm.start_servers = 5/g' /etc/php/7.4/fpm/pool.d/www.conf && \
sed -i 's/pm.min_spare_servers = 1/pm.min_spare_servers = 5/g' /etc/php/7.4/fpm/pool.d/www.conf && \
sed -i 's/pm.max_spare_servers = 3/pm.max_spare_servers = 25/g' /etc/php/7.4/fpm/pool.d/www.conf && \
sed -i 's/;cgi.fix_pathinfo=1/cgi.fix_pathinfo=0/g' /etc/php/7.4/fpm/php.ini && \
sed -i 's/expose_php = On/expose_php = Off/g' /etc/php/7.4/fpm/php.ini && \
sed -i 's/;zend_extension=xdebug.so/zend_extension=xdebug.so/g' /etc/php/7.4/fpm/conf.d/20-xdebug.ini && \
echo "xdebug.mode = debug" >> /etc/php/7.4/fpm/conf.d/20-xdebug.ini && \
echo "xdebug.start_with_request = yes" >> /etc/php/7.4/fpm/conf.d/20-xdebug.ini && \
echo "xdebug.discover_client_host = true" >> /etc/php/7.4/fpm/conf.d/20-xdebug.ini && \
echo "xdebug.idekey=VSCODE" >> /etc/php/7.4/fpm/conf.d/20-xdebug.ini && \
cp /usr/share/zoneinfo/Europe/Berlin /etc/localtime && \
echo "Europe/Berlin" > /etc/timezone && \
(crontab -l ; echo "* * * * * php /html/artisan schedule:run >> /dev/null 2>&1") | crontab -
COPY ./helpers/installComposer.sh /usr/bin/installComposer
RUN chmod +x /usr/bin/installComposer && \
/usr/bin/installComposer && \
rm /usr/bin/installComposer
WORKDIR /html
EXPOSE 80
CMD cron -L /dev/stdout && \
composer install && \
php-fpm7.4 -F -R
...@@ -41,10 +41,10 @@ class RequestFetcher extends Command ...@@ -41,10 +41,10 @@ class RequestFetcher extends Command
{ {
parent::__construct(); parent::__construct();
$this->multicurl = curl_multi_init(); $this->multicurl = curl_multi_init();
$this->proxyhost = env("PROXY_HOST", ""); $this->proxyhost = config("requestfetcher.proxy.host");
$this->proxyport = env("PROXY_PORT", ""); $this->proxyport = config("requestfetcher.proxy.port");
$this->proxyuser = env("PROXY_USER", ""); $this->proxyuser = config("requestfetcher.proxy.user");
$this->proxypassword = env("PROXY_PASSWORD", ""); $this->proxypassword = config("requestfetcher.proxy.password");
} }
/** /**
...@@ -67,7 +67,8 @@ class RequestFetcher extends Command ...@@ -67,7 +67,8 @@ class RequestFetcher extends Command
} catch (\Exception $e) { } catch (\Exception $e) {
if ($count >= 9) { if ($count >= 9) {
// If its not available after 10 seconds we will exit // If its not available after 10 seconds we will exit
return; echo "Redis Connection was not possible within 10 seconds." . PHP_EOL;
return 1;
} }
sleep(1); sleep(1);
} }
......
...@@ -133,7 +133,7 @@ class DownloadController extends Controller ...@@ -133,7 +133,7 @@ class DownloadController extends Controller
if (!is_string($data) || strlen($data) === 0) { if (!is_string($data) || strlen($data) === 0) {
return null; return null;
} }
return hash_hmac("sha256", $data, env("PROXY_PASSWORD", "unsecure_password")); return hash_hmac("sha256", $data, config("proxy.password"));
} }
private static function checkPassword($url, $validUntil, $password) private static function checkPassword($url, $validUntil, $password)
...@@ -142,7 +142,7 @@ class DownloadController extends Controller ...@@ -142,7 +142,7 @@ class DownloadController extends Controller
if (!is_string($data) || strlen($data) === 0) { if (!is_string($data) || strlen($data) === 0) {
return false; return false;
} }
$excpectedHash = hash_hmac("sha256", $data, env("PROXY_PASSWORD", "unsecure_password")); $excpectedHash = hash_hmac("sha256", $data, config("proxy.password"));
return hash_equals($excpectedHash, $password); return hash_equals($excpectedHash, $password);
} }
} }
...@@ -20,7 +20,7 @@ class ProxyController extends Controller ...@@ -20,7 +20,7 @@ class ProxyController extends Controller
public function proxyPage(Request $request) public function proxyPage(Request $request)
{ {
if(!$request->filled("url") || !$request->filled("password")){ if(!$request->filled("url") || !$request->filled("password")){
if (env("APP_ENV", "") !== "production") { if (\App::environment() !== "production") {
return view("development"); return view("development");
} else { } else {
return redirect("https://metager.de"); return redirect("https://metager.de");
...@@ -63,7 +63,7 @@ class ProxyController extends Controller ...@@ -63,7 +63,7 @@ class ProxyController extends Controller
$redirProxyUrl = rtrim($redirProxyUrl, "&"); $redirProxyUrl = rtrim($redirProxyUrl, "&");
$pw = md5(env('PROXY_PASSWORD') . $redirProxyUrl); $pw = md5(config("proxy.password") . $redirProxyUrl);
$redirProxyUrl = base64_encode(str_rot13($redirProxyUrl)); $redirProxyUrl = base64_encode(str_rot13($redirProxyUrl));
$redirProxyUrl = urlencode(str_replace("/", "<<SLASH>>", $redirProxyUrl)); $redirProxyUrl = urlencode(str_replace("/", "<<SLASH>>", $redirProxyUrl));
...@@ -322,7 +322,7 @@ class ProxyController extends Controller ...@@ -322,7 +322,7 @@ class ProxyController extends Controller
private function fetchUrl($targetUrl){ private function fetchUrl($targetUrl){
$hash = md5($targetUrl); $hash = md5($targetUrl);
if (!Cache::has($hash) || env("CACHE_ENABLED") === false) { if (!Cache::has($hash) || config("proxy.cache.enabled") === false) {
$useragent = $_SERVER['HTTP_USER_AGENT']; $useragent = $_SERVER['HTTP_USER_AGENT'];
if (preg_match('/(android|bb\d+|meego).+mobile|avantgo|bada\/|blackberry|blazer|compal|elaine|fennec|hiptop|iemobile|ip(hone|od)|iris|kindle|lge |maemo|midp|mmp|netfront|opera m(ob|in)i|palm( os)?|phone|p(ixi|re)\/|plucker|pocket|psp|series(4|6)0|symbian|treo|up\.(browser|link)|vodafone|wap|windows (ce|phone)|xda|xiino/i', $useragent) || preg_match('/1207|6310|6590|3gso|4thp|50[1-6]i|770s|802s|a wa|abac|ac(er|oo|s\-)|ai(ko|rn)|al(av|ca|co)|amoi|an(ex|ny|yw)|aptu|ar(ch|go)|as(te|us)|attw|au(di|\-m|r |s )|avan|be(ck|ll|nq)|bi(lb|rd)|bl(ac|az)|br(e|v)w|bumb|bw\-(n|u)|c55\/|capi|ccwa|cdm\-|cell|chtm|cldc|cmd\-|co(mp|nd)|craw|da(it|ll|ng)|dbte|dc\-s|devi|dica|dmob|do(c|p)o|ds(12|\-d)|el(49|ai)|em(l2|ul)|er(ic|k0)|esl8|ez([4-7]0|os|wa|ze)|fetc|fly(\-|_)|g1 u|g560|gene|gf\-5|g\-mo|go(\.w|od)|gr(ad|un)|haie|hcit|hd\-(m|p|t)|hei\-|hi(pt|ta)|hp( i|ip)|hs\-c|ht(c(\-| |_|a|g|p|s|t)|tp)|hu(aw|tc)|i\-(20|go|ma)|i230|iac( |\-|\/)|ibro|idea|ig01|ikom|im1k|inno|ipaq|iris|ja(t|v)a|jbro|jemu|jigs|kddi|keji|kgt( |\/)|klon|kpt |kwc\-|kyo(c|k)|le(no|xi)|lg( g|\/(k|l|u)|50|54|\-[a-w])|libw|lynx|m1\-w|m3ga|m50\/|ma(te|ui|xo)|mc(01|21|ca)|m\-cr|me(rc|ri)|mi(o8|oa|ts)|mmef|mo(01|02|bi|de|do|t(\-| |o|v)|zz)|mt(50|p1|v )|mwbp|mywa|n10[0-2]|n20[2-3]|n30(0|2)|n50(0|2|5)|n7(0(0|1)|10)|ne((c|m)\-|on|tf|wf|wg|wt)|nok(6|i)|nzph|o2im|op(ti|wv)|oran|owg1|p800|pan(a|d|t)|pdxg|pg(13|\-([1-8]|c))|phil|pire|pl(ay|uc)|pn\-2|po(ck|rt|se)|prox|psio|pt\-g|qa\-a|qc(07|12|21|32|60|\-[2-7]|i\-)|qtek|r380|r600|raks|rim9|ro(ve|zo)|s55\/|sa(ge|ma|mm|ms|ny|va)|sc(01|h\-|oo|p\-)|sdk\/|se(c(\-|0|1)|47|mc|nd|ri)|sgh\-|shar|sie(\-|m)|sk\-0|sl(45|id)|sm(al|ar|b3|it|t5)|so(ft|ny)|sp(01|h\-|v\-|v )|sy(01|mb)|t2(18|50)|t6(00|10|18)|ta(gt|lk)|tcl\-|tdg\-|tel(i|m)|tim\-|t\-mo|to(pl|sh)|ts(70|m\-|m3|m5)|tx\-9|up(\.b|g1|si)|utst|v400|v750|veri|vi(rg|te)|vk(40|5[0-3]|\-v)|vm40|voda|vulc|vx(52|53|60|61|70|80|81|83|85|98)|w3c(\-| )|webc|whit|wi(g |nc|nw)|wmlb|wonu|x700|yas\-|your|zeto|zte\-/i', substr($useragent, 0, 4))) { if (preg_match('/(android|bb\d+|meego).+mobile|avantgo|bada\/|blackberry|blazer|compal|elaine|fennec|hiptop|iemobile|ip(hone|od)|iris|kindle|lge |maemo|midp|mmp|netfront|opera m(ob|in)i|palm( os)?|phone|p(ixi|re)\/|plucker|pocket|psp|series(4|6)0|symbian|treo|up\.(browser|link)|vodafone|wap|windows (ce|phone)|xda|xiino/i', $useragent) || preg_match('/1207|6310|6590|3gso|4thp|50[1-6]i|770s|802s|a wa|abac|ac(er|oo|s\-)|ai(ko|rn)|al(av|ca|co)|amoi|an(ex|ny|yw)|aptu|ar(ch|go)|as(te|us)|attw|au(di|\-m|r |s )|avan|be(ck|ll|nq)|bi(lb|rd)|bl(ac|az)|br(e|v)w|bumb|bw\-(n|u)|c55\/|capi|ccwa|cdm\-|cell|chtm|cldc|cmd\-|co(mp|nd)|craw|da(it|ll|ng)|dbte|dc\-s|devi|dica|dmob|do(c|p)o|ds(12|\-d)|el(49|ai)|em(l2|ul)|er(ic|k0)|esl8|ez([4-7]0|os|wa|ze)|fetc|fly(\-|_)|g1 u|g560|gene|gf\-5|g\-mo|go(\.w|od)|gr(ad|un)|haie|hcit|hd\-(m|p|t)|hei\-|hi(pt|ta)|hp( i|ip)|hs\-c|ht(c(\-| |_|a|g|p|s|t)|tp)|hu(aw|tc)|i\-(20|go|ma)|i230|iac( |\-|\/)|ibro|idea|ig01|ikom|im1k|inno|ipaq|iris|ja(t|v)a|jbro|jemu|jigs|kddi|keji|kgt( |\/)|klon|kpt |kwc\-|kyo(c|k)|le(no|xi)|lg( g|\/(k|l|u)|50|54|\-[a-w])|libw|lynx|m1\-w|m3ga|m50\/|ma(te|ui|xo)|mc(01|21|ca)|m\-cr|me(rc|ri)|mi(o8|oa|ts)|mmef|mo(01|02|bi|de|do|t(\-| |o|v)|zz)|mt(50|p1|v )|mwbp|mywa|n10[0-2]|n20[2-3]|n30(0|2)|n50(0|2|5)|n7(0(0|1)|10)|ne((c|m)\-|on|tf|wf|wg|wt)|nok(6|i)|nzph|o2im|op(ti|wv)|oran|owg1|p800|pan(a|d|t)|pdxg|pg(13|\-([1-8]|c))|phil|pire|pl(ay|uc)|pn\-2|po(ck|rt|se)|prox|psio|pt\-g|qa\-a|qc(07|12|21|32|60|\-[2-7]|i\-)|qtek|r380|r600|raks|rim9|ro(ve|zo)|s55\/|sa(ge|ma|mm|ms|ny|va)|sc(01|h\-|oo|p\-)|sdk\/|se(c(\-|0|1)|47|mc|nd|ri)|sgh\-|shar|sie(\-|m)|sk\-0|sl(45|id)|sm(al|ar|b3|it|t5)|so(ft|ny)|sp(01|h\-|v\-|v )|sy(01|mb)|t2(18|50)|t6(00|10|18)|ta(gt|lk)|tcl\-|tdg\-|tel(i|m)|tim\-|t\-mo|to(pl|sh)|ts(70|m\-|m3|m5)|tx\-9|up(\.b|g1|si)|utst|v400|v750|veri|vi(rg|te)|vk(40|5[0-3]|\-v)|vm40|voda|vulc|vx(52|53|60|61|70|80|81|83|85|98)|w3c(\-| )|webc|whit|wi(g |nc|nw)|wmlb|wonu|x700|yas\-|your|zeto|zte\-/i', substr($useragent, 0, 4))) {
// Mobile Browser Dummy Mobile Useragent // Mobile Browser Dummy Mobile Useragent
...@@ -528,7 +528,7 @@ class ProxyController extends Controller ...@@ -528,7 +528,7 @@ class ProxyController extends Controller
if (!is_string($data) || strlen($data) === 0) { if (!is_string($data) || strlen($data) === 0) {
return null; return null;
} }
return hash_hmac("sha256", $data, env("PROXY_PASSWORD", "unsecure_password")); return hash_hmac("sha256", $data, config("proxy.password"));
} }
private static function checkPassword($url, $validUntil, $password) private static function checkPassword($url, $validUntil, $password)
...@@ -542,13 +542,13 @@ class ProxyController extends Controller ...@@ -542,13 +542,13 @@ class ProxyController extends Controller
if (!is_string($data) || strlen($data) === 0) { if (!is_string($data) || strlen($data) === 0) {
return false; return false;
} }
$excpectedHash = hash_hmac("sha256", $data, env("PROXY_PASSWORD", "unsecure_password")); $excpectedHash = hash_hmac("sha256", $data, config("proxy.password"));
return hash_equals($excpectedHash, $password); return hash_equals($excpectedHash, $password);
} }
private function writeLog($targetUrl, $ip) private function writeLog($targetUrl, $ip)
{ {
$logFile = env('PROXY_LOG_LOCATION'); $logFile = config("proxy.log.location");
$dateString = date('D M d H:i:s Y'); $dateString = date('D M d H:i:s Y');
......
...@@ -18,7 +18,7 @@ class CheckPassword ...@@ -18,7 +18,7 @@ class CheckPassword
$password = $request->route('password'); $password = $request->route('password');
if ($timed === "true") { if ($timed === "true") {
$checkPw = md5(env('PROXY_PASSWORD') . date('dmy')); $checkPw = md5(config('proxy.password') . date('dmy'));
if ($checkPw === $password) { if ($checkPw === $password) {
return $next($request); return $next($request);
} }
...@@ -32,7 +32,7 @@ class CheckPassword ...@@ -32,7 +32,7 @@ class CheckPassword
} }
// Check Password: // Check Password:
$checkPw = md5(env('PROXY_PASSWORD_OLD') . $targetUrl); $checkPw = md5(config('proxy.password_old') . $targetUrl);
$password = $request->route('password'); $password = $request->route('password');
if ($checkPw === $password) { if ($checkPw === $password) {
return $next($request); return $next($request);
......
...@@ -25,9 +25,9 @@ class AppServiceProvider extends ServiceProvider ...@@ -25,9 +25,9 @@ class AppServiceProvider extends ServiceProvider
{ {
\Prometheus\Storage\Redis::setDefaultOptions( \Prometheus\Storage\Redis::setDefaultOptions(
[ [
'host' => env("REDIS_HOST", '127.0.0.1'), 'host' => config("database.redis.default.host"),
'port' => intval(env("REDIS_PORT", 6379)), 'port' => intval(config("database.redis.default.port")),
'password' => env("REDIS_PASSWORD", null), 'password' => config("database.redis.default.password"),
'timeout' => 0.1, // in seconds 'timeout' => 0.1, // in seconds
'read_timeout' => '10', // in seconds 'read_timeout' => '10', // in seconds
'persistent_connections' => false 'persistent_connections' => false
......
...@@ -57,6 +57,10 @@ spec: ...@@ -57,6 +57,10 @@ spec:
- name: env-files - name: env-files
secret: secret:
secretName: {{ .Values.application.secretName }} secretName: {{ .Values.application.secretName }}
securityContext:
fsGroup: 1000
runAsUser: 1000
runAsGroup: 1000
containers: containers:
- name: {{ .Chart.Name }}-phpfpm - name: {{ .Chart.Name }}-phpfpm
image: {{ template "imagename" . }} image: {{ template "imagename" . }}
...@@ -133,8 +137,7 @@ spec: ...@@ -133,8 +137,7 @@ spec:
# WORKER # WORKER
- name: {{ .Chart.Name }}-worker - name: {{ .Chart.Name }}-worker