DEVOPS: Clean up in docker server compose and vhost config

Author: cableman

templates/drupal-7/.docker/vhost.conf

@@ -1,4 +1,3 @@
-# @see https://www.nginx.com/resources/wiki/start/topics/recipes/drupal/
 server {
     listen 80;
     server_name localhost;
@@ -16,9 +15,7 @@ server {
         access_log off;
     }
 
-    # Very rarely should these ever be accessed outside of your lan
     location ~* \.(txt|log)$ {
-        allow 192.168.0.0/16;
         deny all;
     }
 
@@ -30,56 +27,31 @@ server {
         return 403;
     }
 
-    # Block access to scripts in site files directory
     location ~ ^/sites/[^/]+/files/.*\.php$ {
         deny all;
     }
 
-    # Allow "Well-Known URIs" as per RFC 5785
-    location ~* ^/.well-known/ {
-        allow all;
-    }
-
-    # Block access to "hidden" files and directories whose names begin with a
-    # period. This includes directories used by version control systems such
-    # as Subversion or Git to store control files.
     location ~ (^|/)\. {
         return 403;
     }
 
     location / {
-        # try_files $uri @rewrite; # For Drupal <= 6
-        try_files $uri /index.php?$query_string; # For Drupal >= 7
+        try_files $uri /index.php?$query_string;
     }
 
     location @rewrite {
         rewrite ^/(.*)$ /index.php?q=$1;
     }
 
-    # Don't allow direct access to PHP files in the vendor directory.
     location ~ /vendor/.*\.php$ {
         deny all;
         return 404;
     }
 
-    # In Drupal 8, we must also match new paths where the '.php' appears in
-    # the middle, such as update.php/selection. The rule we use is strict,
-    # and only allows this pattern with the update.php front controller.
-    # This allows legacy path aliases in the form of
-    # blog/index.php/legacy-path to continue to route to Drupal nodes. If
-    # you do not have any paths like that, then you might prefer to use a
-    # laxer rule, such as:
-    #   location ~ \.php(/|$) {
-    # The laxer rule will continue to work if Drupal uses this new URL
-    # pattern with front controllers other than update.php in a future
-    # release.
     location ~ '\.php$|^/update.php' {
         fastcgi_split_path_info ^(.+?\.php)(|/.*)$;
-        # Security note: If you're running a version of PHP older than the
-        # latest 5.3, you should have "cgi.fix_pathinfo = 0;" in php.ini.
-        # See http://serverfault.com/q/627903/94922 for details.
         include fastcgi_params;
-        # Block httpoxy attacks. See https://httpoxy.org/.
+
         fastcgi_param HTTP_PROXY "";
         fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
         fastcgi_param PATH_INFO $fastcgi_path_info;
@@ -88,15 +60,11 @@ server {
         fastcgi_pass phpfpm:9000;
     }
 
-    # Fighting with Styles? This little gem is amazing.
-    # location ~ ^/sites/.*/files/imagecache/ { # For Drupal <= 6
-    location ~ ^/sites/.*/files/styles/ { # For Drupal >= 7
+    location ~ ^/sites/.*/files/styles/ {
         try_files $uri @rewrite;
     }
 
-    # Handle private files through Drupal. Private file's path can come
-    # with a language prefix.
-    location ~ ^(/[a-z\-]+)?/system/files/ { # For Drupal >= 7
+    location ~ ^(/[a-z\-]+)?/system/files/ {
         try_files $uri /index.php?$query_string;
     }
 

templates/drupal-8/.docker/vhost.conf

@@ -1,4 +1,3 @@
-# @see https://www.nginx.com/resources/wiki/start/topics/recipes/drupal/
 server {
     listen 80;
     server_name localhost;
@@ -16,9 +15,7 @@ server {
         access_log off;
     }
 
-    # Very rarely should these ever be accessed outside of your lan
     location ~* \.(txt|log)$ {
-        allow 192.168.0.0/16;
         deny all;
     }
 
@@ -35,11 +32,6 @@ server {
         deny all;
     }
 
-    # Allow "Well-Known URIs" as per RFC 5785
-    location ~* ^/.well-known/ {
-        allow all;
-    }
-
     # Block access to "hidden" files and directories whose names begin with a
     # period. This includes directories used by version control systems such
     # as Subversion or Git to store control files.
@@ -48,8 +40,7 @@ server {
     }
 
     location / {
-        # try_files $uri @rewrite; # For Drupal <= 6
-        try_files $uri /index.php?$query_string; # For Drupal >= 7
+        try_files $uri /index.php?$query_string;
     }
 
     location @rewrite {
@@ -62,41 +53,26 @@ server {
         return 404;
     }
 
-    # In Drupal 8, we must also match new paths where the '.php' appears in
-    # the middle, such as update.php/selection. The rule we use is strict,
-    # and only allows this pattern with the update.php front controller.
-    # This allows legacy path aliases in the form of
-    # blog/index.php/legacy-path to continue to route to Drupal nodes. If
-    # you do not have any paths like that, then you might prefer to use a
-    # laxer rule, such as:
-    #   location ~ \.php(/|$) {
-    # The laxer rule will continue to work if Drupal uses this new URL
-    # pattern with front controllers other than update.php in a future
-    # release.
     location ~ '\.php$|^/update.php' {
         fastcgi_split_path_info ^(.+?\.php)(|/.*)$;
-        # Security note: If you're running a version of PHP older than the
-        # latest 5.3, you should have "cgi.fix_pathinfo = 0;" in php.ini.
-        # See http://serverfault.com/q/627903/94922 for details.
         include fastcgi_params;
-        # Block httpoxy attacks. See https://httpoxy.org/.
+
         fastcgi_param HTTP_PROXY "";
         fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
         fastcgi_param PATH_INFO $fastcgi_path_info;
         fastcgi_param QUERY_STRING $query_string;
+
         fastcgi_intercept_errors on;
         fastcgi_pass phpfpm:9000;
     }
 
-    # Fighting with Styles? This little gem is amazing.
-    # location ~ ^/sites/.*/files/imagecache/ { # For Drupal <= 6
-    location ~ ^/sites/.*/files/styles/ { # For Drupal >= 7
+    location ~ ^/sites/.*/files/styles/ {
         try_files $uri @rewrite;
     }
 
     # Handle private files through Drupal. Private file's path can come
     # with a language prefix.
-    location ~ ^(/[a-z\-]+)?/system/files/ { # For Drupal >= 7
+    location ~ ^(/[a-z\-]+)?/system/files/ {
         try_files $uri /index.php?$query_string;
     }
 

templates/drupal-8/docker-compose.server.yml

@@ -1,4 +1,4 @@
-# itk-version: 1.0.0
+# itk-version: 1.0.1
 version: "3"
 
 networks:
@@ -22,7 +22,6 @@ services:
       - memcached
     volumes:
       - .:/app:delegated
-      - drush-cache:/root/.drush
 
   nginx:
     image: nginx:stable-alpine
@@ -55,17 +54,3 @@ services:
       - app
     environment:
       - MEMCACHED_CACHE_SIZE=64
-
-  drush:
-    image: itkdev/drush6:latest
-    networks:
-      - app
-    entrypoint:
-      - drush
-    volumes:
-      - drush-cache:/root/.drush
-      - ./:/app
-
-# Drush cache volume to persist cache between runs.
-volumes:
-  drush-cache:

templates/drupal-9/.docker/vhost.conf

@@ -1,4 +1,3 @@
-# @see https://www.nginx.com/resources/wiki/start/topics/recipes/drupal/
 server {
     listen 80;
     server_name localhost;
@@ -16,9 +15,7 @@ server {
         access_log off;
     }
 
-    # Very rarely should these ever be accessed outside of your lan
     location ~* \.(txt|log)$ {
-        allow 192.168.0.0/16;
         deny all;
     }
 
@@ -35,11 +32,6 @@ server {
         deny all;
     }
 
-    # Allow "Well-Known URIs" as per RFC 5785
-    location ~* ^/.well-known/ {
-        allow all;
-    }
-
     # Block access to "hidden" files and directories whose names begin with a
     # period. This includes directories used by version control systems such
     # as Subversion or Git to store control files.
@@ -48,8 +40,7 @@ server {
     }
 
     location / {
-        # try_files $uri @rewrite; # For Drupal <= 6
-        try_files $uri /index.php?$query_string; # For Drupal >= 7
+        try_files $uri /index.php?$query_string;
     }
 
     location @rewrite {
@@ -62,41 +53,26 @@ server {
         return 404;
     }
 
-    # In Drupal 8, we must also match new paths where the '.php' appears in
-    # the middle, such as update.php/selection. The rule we use is strict,
-    # and only allows this pattern with the update.php front controller.
-    # This allows legacy path aliases in the form of
-    # blog/index.php/legacy-path to continue to route to Drupal nodes. If
-    # you do not have any paths like that, then you might prefer to use a
-    # laxer rule, such as:
-    #   location ~ \.php(/|$) {
-    # The laxer rule will continue to work if Drupal uses this new URL
-    # pattern with front controllers other than update.php in a future
-    # release.
     location ~ '\.php$|^/update.php' {
         fastcgi_split_path_info ^(.+?\.php)(|/.*)$;
-        # Security note: If you're running a version of PHP older than the
-        # latest 5.3, you should have "cgi.fix_pathinfo = 0;" in php.ini.
-        # See http://serverfault.com/q/627903/94922 for details.
         include fastcgi_params;
-        # Block httpoxy attacks. See https://httpoxy.org/.
+
         fastcgi_param HTTP_PROXY "";
         fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
         fastcgi_param PATH_INFO $fastcgi_path_info;
         fastcgi_param QUERY_STRING $query_string;
+
         fastcgi_intercept_errors on;
         fastcgi_pass phpfpm:9000;
     }
 
-    # Fighting with Styles? This little gem is amazing.
-    # location ~ ^/sites/.*/files/imagecache/ { # For Drupal <= 6
-    location ~ ^/sites/.*/files/styles/ { # For Drupal >= 7
+    location ~ ^/sites/.*/files/styles/ {
         try_files $uri @rewrite;
     }
 
     # Handle private files through Drupal. Private file's path can come
     # with a language prefix.
-    location ~ ^(/[a-z\-]+)?/system/files/ { # For Drupal >= 7
+    location ~ ^(/[a-z\-]+)?/system/files/ {
         try_files $uri /index.php?$query_string;
     }
 

templates/drupal-9/docker-compose.server.yml

@@ -1,28 +1,26 @@
+# itk-version: 1.0.1
 version: "3"
 
 networks:
   frontend:
     external: true
   app:
     driver: bridge
-    internal: true
-    external: false
+    internal: false
 
 services:
   phpfpm:
     image: itkdev/php7.4-fpm:alpine
     restart: unless-stopped
     networks:
       - app
-      - frontend
     environment:
       - PHP_MAX_EXECUTION_TIME=30
       - PHP_MEMORY_LIMIT=128M
     depends_on:
       - memcached
     volumes:
       - .:/app:delegated
-      - drush-cache:/root/.drush
 
   nginx:
     image: nginx:stable-alpine
@@ -57,20 +55,3 @@ services:
       - '11211'
     environment:
       - MEMCACHED_CACHE_SIZE=64
-
-  drush:
-    image: itkdev/drush6:latest
-    networks:
-      - app
-      - frontend
-    depends_on:
-      - mariadb
-    entrypoint:
-      - drush
-    volumes:
-      - drush-cache:/root/.drush
-      - ./:/app
-
-# Drush cache volume to persist cache between runs.
-volumes:
-  drush-cache: