added stats

Dockerfile

@@ -2,7 +2,7 @@ FROM alpine:3.21
 
 RUN \
   apk --no-cache upgrade && \
-  apk --no-cache add tini nginx openssh-server nginx-mod-http-dav-ext \
+  apk --no-cache add tini nginx curl logrotate openssh-server nginx-mod-http-dav-ext goaccess \
     php84 php84-fpm php84-mbstring php84-curl php84-ctype php84-dom php84-gd php84-json php84-openssl php84-session php84-simplexml php84-xml php84-zip \
     php84-apcu php84-opcache php84-pecl-yaml php84-sqlite3 php84-mysqli \
     php83 php83-fpm php83-mbstring php83-curl php83-ctype php83-dom php83-gd php83-json php83-openssl php83-session php83-simplexml php83-xml php83-zip \
@@ -23,4 +23,6 @@ ENV \
   WEBDAV_PORT=8080 \
   TZ=Etc/UTC
 
+HEALTHCHECK --timeout=10s CMD curl --silent --fail -o /dev/null http://127.0.0.1:80/
+
 ENTRYPOINT [ "/sbin/tini", "/app/entrypoint.sh" ]

README.md

@@ -1,7 +1,5 @@
 # webserver-nginx
 
-[![Build Status](https://drone.asperti.com/api/badges/paspo/docker-webserver-nginx/status.svg)](https://drone.asperti.com/paspo/docker-webserver-nginx)
-
 Small webserver with PHP support and SFTP access
 
 ## usage
@@ -13,15 +11,19 @@ services:
   web:
     image: docker.asperti.com/paspo/webserver-nginx
     ports:
-      - 8888:80
+      - 8888:80 # web server
-      - 2222:22
+      - 8889:8081 # stats page
+      - 8890:8080 # webdav access
+      - 2222:22 # sftp access
     volumes:
-      - ./www:/data/www
+      - ./data:/data
       - ./ssh:/ssh # add authorized_keys file here
       - ./extra_nginx.conf:/etc/nginx/custom.d/extra.conf # optional
       - ./htpasswd:/app/htpasswd # optional, for webdav auth
     environment:
+      LOG_DAYS: 14 # default 7
       WEBDAV_PORT: 8080 # default: 8080
+      STATS_PORT: 8081 # default: 8081
       PHP: php84 # none (default), php82, php83, php84
       POSTSIZE: 256M # default: 256M
       PUID: 1000 # default: 1000
@@ -33,4 +35,4 @@ services:
       FPM_MAX_SPARE_SERVERS: 3 # default: 3      
 ```
 
-The `/data/www` directory and its contents will be chowned to `$PUID:$PGID` and chmodded to `0755` for directories and `0644` for files at container start.
+The `/data/www` and `/data/logs` directories and their contents will be chowned to `$PUID:$PGID` and chmodded to `0755` for directories and `0644` for files at container start.

rootfs-php74/app/nginx/default_nophp.conf

@@ -7,8 +7,6 @@ server {
     root   /data/www;
     # server_name  localhost;
 
-    #access_log  /var/log/nginx/host.access.log  main;
-
     location / {
         index index.html index.htm;
 

rootfs-php74/app/nginx/default_php.conf

@@ -7,8 +7,6 @@ server {
     root   /data/www;
     # server_name  localhost;
 
-    #access_log  /var/log/nginx/host.access.log  main;
-
     location / {
         index index.php index.html index.htm;
 

rootfs-php74/etc/nginx/nginx.conf

@@ -9,7 +9,7 @@ worker_processes auto;
 pcre_jit on;
 
 # Configures default error logger.
-error_log /var/log/nginx/error.log warn;
+error_log /data/logs/nginx-error.log warn;
 
 # Includes files with directives to load dynamic modules.
 include /etc/nginx/modules/*.conf;
@@ -96,7 +96,7 @@ http {
                         '"$http_user_agent" "$http_x_forwarded_for"';
 
         # Sets the path, format, and configuration for a buffered log write.
-        access_log /var/log/nginx/access.log main;
+        access_log /data/logs/nginx-access.log main;
 
 
         # Includes virtual hosts configs.

rootfs/app/entrypoint.sh

@@ -2,6 +2,7 @@
 
 WEBROOT=/data/www
 WEBDAV_PORT=${WEBDAV_PORT:-8080}
+STATS_PORT=${STATS_PORT:-8081}
 PHP=${PHP:-none}
 POSTSIZE=${POSTSIZE:-256M}
 USERNAME=${USERNAME:-theuser}
@@ -124,5 +125,54 @@ EOF
 
 touch /app/htpasswd
 
+# make sure nginx can log
+mkdir -p /data/logs /data/stats /data/stats.db
+chown -R "${USERNAME}:${GROUPNAME}" /data/logs /data/stats /data/stats.db
+
+# configure logrotate
+LOG_DAYS=${LOG_DAYS:-7}
+cat >/etc/logrotate.d/nginx <<EOF
+/data/logs/nginx-access.log {
+    missingok
+    daily
+    rotate ${LOG_DAYS}
+    compress
+    delaycompress
+    sharedscripts
+    su ${USERNAME} ${GROUPNAME}
+    postrotate
+        /usr/sbin/nginx -s reopen
+        nice -n 19 /usr/bin/goaccess /data/logs/nginx-access.log.1 --agent-list --anonymize-ip --real-os --output /data/stats/index.html --log-format COMBINED --tz="${TZ}" --db-path=/data/stats.db --persist --restore 
+    endscript
+}
+EOF
+crond -b
+
+# stats endpoint
+cat > /etc/nginx/http.d/stats.conf <<EOF
+server {
+    listen ${STATS_PORT} default_server;
+    listen [::]:${STATS_PORT} default_server;
+    root /data/stats;
+
+    location / {
+        index index.html;
+        try_files /index.html =404;
+    }
+
+    location /index.html {
+        try_files /index.html =404;
+    }
+
+    location / {
+        return 404;
+    }
+
+    auth_basic "Restricted area";
+    auth_basic_user_file /app/htpasswd;
+}
+EOF
+
+# start nginx
 echo starting nginx
 nginx

rootfs/app/nginx/default_nophp.conf

@@ -7,8 +7,6 @@ server {
     root   /data/www;
     # server_name  localhost;
 
-    #access_log  /var/log/nginx/host.access.log  main;
-
     location / {
         index index.html index.htm;
 

rootfs/app/nginx/default_php.conf

@@ -7,8 +7,6 @@ server {
     root   /data/www;
     # server_name  localhost;
 
-    #access_log  /var/log/nginx/host.access.log  main;
-
     location / {
         index index.php index.html index.htm;
 

rootfs/etc/nginx/nginx.conf

@@ -9,7 +9,7 @@ worker_processes auto;
 pcre_jit on;
 
 # Configures default error logger.
-error_log /var/log/nginx/error.log warn;
+error_log /data/logs/nginx-error.log warn;
 
 # Includes files with directives to load dynamic modules.
 include /etc/nginx/modules/*.conf;
@@ -95,7 +95,7 @@ http {
 			'"$http_user_agent" "$http_x_forwarded_for"';
 
 	# Sets the path, format, and configuration for a buffered log write.
-	access_log /var/log/nginx/access.log main;
+	access_log /data/logs/nginx-access.log main;
 
 
 	# Includes virtual hosts configs.