matbrgz / cachet-sandstorm Goto Github PK

# Upstream to abstract backend connection(s) for php
upstream php {
    server unix:/tmp/php-cgi.socket;
    server 127.0.0.1:9000;
}

server {
    server_name  cachet.mycompany.com; # Or whatever you want to use
    listen 80 default;
    rewrite ^(.*) https://cachet.mycompany.com$1 permanent;
}

# HTTPS server

server {
    listen 443;
    server_name cachet.mycompany.com;

    root /var/vhost/cachet.mycompany.com/public;
    index index.php;

    ssl on;
    ssl_certificate /etc/ssl/crt/cachet.mycompany.com.crt; # Or wherever your crt is
    ssl_certificate_key /etc/ssl/key/cachet.mycompany.com.key; # Or wherever your key is
    ssl_session_timeout 5m;

    # Best practice as at March 2014
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_prefer_server_ciphers on;
    ssl_ciphers "ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA";
    ssl_buffer_size 1400; # 1400 bytes, within MTU - because we generally have small responses. Could increase to 4k, but default 16k is too big

    location / {
        add_header Strict-Transport-Security max-age=15768000;
        try_files $uri /index.php$is_args$args;
    }

    location ~ \.php$ {
                include fastcgi_params;
                fastcgi_pass unix:/var/run/php5-fpm.sock;
                fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
                fastcgi_index index.php;
                fastcgi_keep_conn on;
                add_header Strict-Transport-Security max-age=15768000;
    }
}

** SANDSTORM SUPERVISOR: Starting up grain. Sandbox type: userns
Installing MySQL system tables...
170614  2:21:10 [Warning] Using unique option prefix key_buffer instead of key_buffer_size is deprecated and will be removed in a future release. Please use the full name instead.
170614  2:21:10 [Note] Ignoring --secure-file-priv value as server is running with --bootstrap.
170614  2:21:10 [Note] /usr/sbin/mysqld (mysqld 5.5.55-0+deb8u1) starting as process 31 ...
OK
Filling help tables...
170614  2:21:10 [Warning] Using unique option prefix key_buffer instead of key_buffer_size is deprecated and will be removed in a future release. Please use the full name instead.
170614  2:21:10 [Note] Ignoring --secure-file-priv value as server is running with --bootstrap.
170614  2:21:10 [Note] /usr/sbin/mysqld (mysqld 5.5.55-0+deb8u1) starting as process 37 ...
OK

To start mysqld at boot time you have to copy
support-files/mysql.server to the right place for your system

PLEASE REMEMBER TO SET A PASSWORD FOR THE MySQL root USER !
To do so, start the server, then issue the following commands:

/usr/bin/mysqladmin -u root password 'new-password'
/usr/bin/mysqladmin -u root -h sandbox password 'new-password'

Alternatively you can run:
/usr/bin/mysql_secure_installation

which will also give you the option of removing the test
databases and anonymous user created by default.  This is
strongly recommended for production servers.

See the manual for more instructions.

You can start the MySQL daemon with:
cd /usr ; /usr/bin/mysqld_safe &

You can test the MySQL daemon with mysql-test-run.pl
cd /usr/mysql-test ; perl mysql-test-run.pl

Please report any problems at http://bugs.mysql.com/

waiting for mysql to be available at /var/run/mysqld/mysqld.sock
170614  2:21:10 [Warning] Using unique option prefix key_buffer instead of key_buffer_size is deprecated and will be removed in a future release. Please use the full name instead.
170614  2:21:10 [Warning] Insecure configuration for --secure-file-priv: Current value does not restrict location of generated files. Consider setting it to a valid, non-empty path.
170614  2:21:10 [Note] /usr/sbin/mysqld (mysqld 5.5.55-0+deb8u1) starting as process 41 ...
waiting for mysql to be available at /var/run/mysqld/mysqld.sock
waiting for mysql to be available at /var/run/mysqld/mysqld.sock
waiting for mysql to be available at /var/run/mysqld/mysqld.sock

#!/bin/bash
# Checks if there's a composer.json, and if so, installs/runs composer.

set -euo pipefail

cd /opt/app

if [ -f /opt/app/composer.json ] ; then
    if [ ! -f composer.phar ] ; then
        curl -sS https://getcomposer.org/installer | php
    fi
    php composer.phar install --no-dev -o
fi

sudo /etc/init.d/mysql stop
sudo /etc/init.d/mysql start
echo "CREATE DATABASE IF NOT EXISTS cachet; GRANT ALL on cachet.* TO 'cachet'@'localhost' IDENTIFIED BY 'cachet'; FLUSH PRIVILEGES;" | mysql -h localhost -u root
php artisan key:generate
php artisan app:install

#!/bin/bash

# Create a bunch of folders under the clean /var that php, nginx, and mysql expect to exist
mkdir -p /var/lib/mysql
mkdir -p /var/lib/nginx
mkdir -p /var/lib/php5/sessions
mkdir -p /var/log
mkdir -p /var/log/mysql
mkdir -p /var/log/nginx
# Wipe /var/run, since pidfiles and socket files from previous launches should go away
# TODO someday: I'd prefer a tmpfs for these.
rm -rf /var/run
mkdir -p /var/run
rm -rf /var/tmp
mkdir -p /var/tmp
mkdir -p /var/run/mysqld

# Ensure mysql tables created
HOME=/etc/mysql /usr/bin/mysql_install_db --force

# Spawn mysqld, php
HOME=/etc/mysql /usr/sbin/mysqld &
/usr/sbin/php5-fpm --nodaemonize --fpm-config /etc/php5/fpm/php-fpm.conf &
# Wait until mysql and php have bound their sockets, indicating readiness
while [ ! -e /var/run/mysqld/mysqld.sock ] ; do
    echo "waiting for mysql to be available at /var/run/mysqld/mysqld.sock"
    sleep .2
done
while [ ! -e /var/run/php5-fpm.sock ] ; do
    echo "waiting for php5-fpm to be available at /var/run/php5-fpm.sock"
    sleep .2
done

# Start nginx.
/usr/sbin/nginx -c /opt/app/.sandstorm/service-config/nginx.conf -g "daemon off;"

#!/bin/bash

# When you change this file, you must take manual action. Read this doc:
# - https://docs.sandstorm.io/en/latest/vagrant-spk/customizing/#setupsh

set -euo pipefail

export DEBIAN_FRONTEND=noninteractive
apt-get update
apt-get install -y nginx php5-fpm php5-mysql php5-cli php5-gd php5-curl git php5-dev mysql-server
service nginx stop
service php5-fpm stop
service mysql stop
systemctl disable nginx
systemctl disable php5-fpm
systemctl disable mysql
# patch /etc/php5/fpm/pool.d/www.conf to not change uid/gid to www-data
sed --in-place='' \
        --expression='s/^listen.owner = www-data/;listen.owner = www-data/' \
        --expression='s/^listen.group = www-data/;listen.group = www-data/' \
        --expression='s/^user = www-data/;user = www-data/' \
        --expression='s/^group = www-data/;group = www-data/' \
        /etc/php5/fpm/pool.d/www.conf
# patch /etc/php5/fpm/php-fpm.conf to not have a pidfile
sed --in-place='' \
        --expression='s/^pid =/;pid =/' \
        /etc/php5/fpm/php-fpm.conf
# patch /etc/php5/fpm/pool.d/www.conf to no clear environment variables
# so we can pass in SANDSTORM=1 to apps
sed --in-place='' \
        --expression='s/^;clear_env = no/clear_env=no/' \
        /etc/php5/fpm/pool.d/www.conf
# patch mysql conf to not change uid, and to use /var/tmp over /tmp
# for secure-file-priv see https://github.com/sandstorm-io/vagrant-spk/issues/195
sed --in-place='' \
        --expression='s/^user\t\t= mysql/#user\t\t= mysql/' \
        --expression='s,^tmpdir\t\t= /tmp,tmpdir\t\t= /var/tmp,' \
        --expression='/\[mysqld]/ a\ secure-file-priv = ""\' \
        /etc/mysql/my.cnf
# patch mysql conf to use smaller transaction logs to save disk space
cat <<EOF > /etc/mysql/conf.d/sandstorm.cnf
[mysqld]
# Set the transaction log file to the minimum allowed size to save disk space.
innodb_log_file_size = 1048576
# Set the main data file to grow by 1MB at a time, rather than 8MB at a time.
innodb_autoextend_increment = 1
EOF

170614  2:51:07 [Warning] Using unique option prefix myisam-recover instead of myisam-recover-options is deprecated and will be removed in a future release.$170614  2:51:07 [Note] Plugin 'FEDERATED' is disabled.
170614  2:51:07 InnoDB: The InnoDB memory heap is disabled
170614  2:51:07 InnoDB: Mutexes and rw_locks use GCC atomic builtins
170614  2:51:07 InnoDB: Compressed tables use zlib 1.2.8
170614  2:51:07 InnoDB: Using Linux native AIO
170614  2:51:07 InnoDB: Initializing buffer pool, size = 128.0M
170614  2:51:07 InnoDB: Completed initialization of buffer pool
InnoDB: The first specified data file ./ibdata1 did not exist:
InnoDB: a new database to be created!
170614  2:51:07  InnoDB: Setting file ./ibdata1 size to 10 MB
InnoDB: Database physically writes the file full: wait...
170614  2:51:08  InnoDB: Log file ./ib_logfile0 did not exist: new to be created
InnoDB: Setting log file ./ib_logfile0 size to 5 MB
InnoDB: Database physically writes the file full: wait...
170614  2:51:08  InnoDB: Log file ./ib_logfile1 did not exist: new to be created
InnoDB: Setting log file ./ib_logfile1 size to 5 MB
InnoDB: Database physically writes the file full: wait...
InnoDB: Doublewrite buffer not found: creating new
InnoDB: Doublewrite buffer created
InnoDB: 127 rollback segment(s) active.
InnoDB: Creating foreign key constraint system tables
InnoDB: Foreign key constraint system tables created
170614  2:51:08  InnoDB: Waiting for the background threads to start
170614  2:51:09 InnoDB: 5.5.55 started; log sequence number 0
170614  2:51:09  InnoDB: Starting shutdown...
170614  2:51:09  InnoDB: Shutdown completed; log sequence number 1595675

#vagrant-spk dev
Calling 'vagrant' 'ssh' '-c' '/opt/app/.sandstorm/build.sh && cd /opt/app/.sandstorm && spk dev --pkg-def=/opt/app/.sandstorm/sandstorm-pkgdef.capnp:pkgdef' in /mnt/c/Users/mathe/Dev/Cachet-Sandstorm/.sandstorm
[email protected]'s password:

[...]

  [ErrorException]
  symlink(): Protocol error


Connection to 127.0.0.1 closed.
Command failed with a non-zero exit status (1).

[2017-06-14 01:11:06] production.ERROR: exception 'ErrorException' with message 'symlink(): Protocol error' in /opt/app/bootstrap/cache/compiled.php:7558
Stack trace:
#0 [internal function]: Illuminate\Foundation\Bootstrap\HandleExceptions->handleError(2, 'symlink(): Prot...', '/opt/app/bootst...', 7558, Array)
#1 /opt/app/bootstrap/cache/compiled.php(7558): symlink('/opt/app/storag...', '/opt/app/public...')
#2 /opt/app/vendor/laravel/framework/src/Illuminate/Foundation/Console/StorageLinkCommand.php(34): Illuminate\Filesystem\Filesystem->link('/opt/app/storag...', '/opt/app/public...')
#3 [internal function]: Illuminate\Foundation\Console\StorageLinkCommand->fire()
#4 /opt/app/bootstrap/cache/compiled.php(1375): call_user_func_array(Array, Array)
#5 /opt/app/vendor/laravel/framework/src/Illuminate/Console/Command.php(169): Illuminate\Container\Container->call(Array)
#6 /opt/app/vendor/symfony/console/Command/Command.php(261): Illuminate\Console\Command->execute(Object(Symfony\Component\Console\Input\ArrayInput), Object(Illuminate\Console\OutputStyle))
#7 /opt/app/vendor/laravel/framework/src/Illuminate/Console/Command.php(155): Symfony\Component\Console\Command\Command->run(Object(Symfony\Component\Console\Input\ArrayInput), Object(Illuminate\Console\OutputStyle))
#8 /opt/app/vendor/laravel/framework/src/Illuminate/Console/Command.php(185): Illuminate\Console\Command->run(Object(Symfony\Component\Console\Input\ArrayInput), Object(Illuminate\Console\OutputStyle))
#9 /opt/app/vendor/graham-campbell/core/src/Subscribers/CommandSubscriber.php(138): Illuminate\Console\Command->call('storage:link')
#10 [internal function]: GrahamCampbell\Core\Subscribers\CommandSubscriber->onLinkStorage(Object(GrahamCampbell\Core\Console\Commands\AppInstall))
#11 /opt/app/bootstrap/cache/compiled.php(10332): call_user_func_array(Array, Array)
#12 [internal function]: Illuminate\Events\Dispatcher->Illuminate\Events\{closure}(Object(GrahamCampbell\Core\Console\Commands\AppInstall))
#13 /opt/app/bootstrap/cache/compiled.php(10266): call_user_func_array(Object(Closure), Array)
#14 /opt/app/vendor/graham-campbell/core/src/Console/Commands/AppInstall.php(74): Illuminate\Events\Dispatcher->fire('command.linksto...', Object(GrahamCampbell\Core\Console\Commands\AppInstall))
#15 [internal function]: GrahamCampbell\Core\Console\Commands\AppInstall->handle()
#16 /opt/app/bootstrap/cache/compiled.php(1375): call_user_func_array(Array, Array)
#17 /opt/app/vendor/laravel/framework/src/Illuminate/Console/Command.php(169): Illuminate\Container\Container->call(Array)
#18 /opt/app/vendor/symfony/console/Command/Command.php(261): Illuminate\Console\Command->execute(Object(Symfony\Component\Console\Input\ArgvInput), Object(Symfony\Component\Console\Output\ConsoleOutput))
#19 /opt/app/vendor/laravel/framework/src/Illuminate/Console/Command.php(155): Symfony\Component\Console\Command\Command->run(Object(Symfony\Component\Console\Input\ArgvInput), Object(Symfony\Component\Console\Output\ConsoleOutput))
#20 /opt/app/vendor/symfony/console/Application.php(817): Illuminate\Console\Command->run(Object(Symfony\Component\Console\Input\ArgvInput), Object(Symfony\Component\Console\Output\ConsoleOutput))
#21 /opt/app/vendor/symfony/console/Application.php(185): Symfony\Component\Console\Application->doRunCommand(Object(GrahamCampbell\Core\Console\Commands\AppInstall), Object(Symfony\Component\Console\Input\ArgvInput), Object(Symfony\Component\Console\Output\ConsoleOutput))
#22 /opt/app/vendor/symfony/console/Application.php(116): Symfony\Component\Console\Application->doRun(Object(Symfony\Component\Console\Input\ArgvInput), Object(Symfony\Component\Console\Output\ConsoleOutput))
#23 /opt/app/vendor/laravel/framework/src/Illuminate/Foundation/Console/Kernel.php(121): Symfony\Component\Console\Application->run(Object(Symfony\Component\Console\Input\ArgvInput), Object(Symfony\Component\Console\Output\ConsoleOutput))
#24 /opt/app/artisan(36): Illuminate\Foundation\Console\Kernel->handle(Object(Symfony\Component\Console\Input\ArgvInput), Object(Symfony\Component\Console\Output\ConsoleOutput))
#25 {main} {"identification":{"id":"33d75522-d6fd-4dea-9f34-0cba92d060ad"}}