build: clean up s6 overlay structure

root/defaults/nginx/dhparams.pem

@@ -1,13 +0,0 @@
------BEGIN DH PARAMETERS-----
-MIICCAKCAgEA//////////+t+FRYortKmq/cViAnPTzx2LnFg84tNpWp4TZBFGQz
-+8yTnc4kmz75fS/jY2MMddj2gbICrsRhetPfHtXV/WVhJDP1H18GbtCFY2VVPe0a
-87VXE15/V8k1mE8McODmi3fipona8+/och3xWKE2rec1MKzKT0g6eXq8CrGCsyT7
-YdEIqUuyyOP7uWrat2DX9GgdT0Kj3jlN9K5W7edjcrsZCwenyO4KbXCeAvzhzffi
-7MA0BM0oNC9hkXL+nOmFg/+OTxIy7vKBg8P+OxtMb61zO7X8vC7CIAXFjvGDfRaD
-ssbzSibBsu/6iGtCOGEfz9zeNVs7ZRkDW7w09N75nAI4YbRvydbmyQd62R0mkff3
-7lmMsPrBhtkcrv4TCYUTknC0EwyTvEN5RPT9RFLi103TZPLiHnH1S/9croKrnJ32
-nuhtK8UiNjoNq8Uhl5sN6todv5pC1cRITgq80Gv6U93vPBsg7j/VnXwl5B0rZp4e
-8W5vUsMWTfT7eTDp5OWIV7asfV9C1p9tGHdjzx1VA0AEh/VbpX4xzHpxNciG77Qx
-iu1qHgEtnmgyqQdgCpGBMMRtx3j5ca0AOAkpmaMzy4t6Gh25PXFAADwqTs6p+Y0K
-zAqCkc3OyX3Pjsm1Wn+IpGtNtahR9EGC4caKAH5eZV9q//////////8CAQI=
------END DH PARAMETERS-----

root/defaults/nginx/nginx.conf.sample

@@ -1,91 +0,0 @@
-# #
-#   @project        TVApp2
-#   @usage          Automatic m3u and xml guide updater for TheTvApp, TVPass, and MoveOnJoy utilized within your IPTV client.
-#   @file           nginx.conf.sample
-#   @repo.1         https://github.com/TheBinaryNinja/tvapp2
-#   @repo.2         https://git.binaryninja.net/BinaryNinja/tvapp2
-#   @repo.3         https://github.com/aetherinox/docker-base-alpine
-# #
-
-user dockerx;
-
-# Set number of worker processes automatically based on number of CPU cores.
-include /config/nginx/worker_processes.conf;
-
-# Enables the use of JIT for regular expressions to speed-up their processing.
-pcre_jit on;
-
-# Configures default error logger.
-error_log /config/log/nginx/error.log;
-
-# Includes files with directives to load dynamic modules.
-include /etc/nginx/modules/*.conf;
-
-# Include files with config snippets into the root context.
-include /etc/nginx/conf.d/*.conf;
-
-events
-{
-    # The maximum number of simultaneous connections that can be opened by
-    # a worker process.
-    worker_connections 1024;
-}
-
-http
-{
-    # Includes mapping of file name extensions to MIME types of responses
-    # and defines the default type.
-    include /etc/nginx/mime.types;
-    default_type application/octet-stream;
-
-    # Name servers used to resolve names of upstream servers into addresses.
-    # It's also needed when using tcpsocket and udpsocket in Lua modules.
-    # resolver 1.1.1.1 1.0.0.1 2606:4700:4700::1111 2606:4700:4700::1001;
-    include /config/nginx/resolver.conf;
-
-    # Don't tell nginx version to the clients. Default is 'on'.
-    server_tokens off;
-
-    # Specifies the maximum accepted body size of a client request, as
-    # indicated by the request header Content-Length. If the stated content
-    # length is greater than this size, then the client receives the HTTP
-    # error code 413. Set to 0 to disable. Default is '1m'.
-    client_max_body_size 0;
-
-    # Sendfile copies data between one FD and other from within the kernel,
-    # which is more efficient than read() + write(). Default is off.
-    sendfile on;
-
-    # Causes nginx to attempt to send its HTTP response head in one packet,
-    # instead of using partial frames. Default is 'off'.
-    tcp_nopush on;
-
-    # all ssl related config moved to ssl.conf
-    # included in server blocks where listen 443 is defined
-
-    # Enable gzipping of responses.
-    # gzip on;
-
-    # Set the Vary HTTP header as defined in the RFC 2616. Default is 'off'.
-    gzip_vary on;
-
-    # Helper variable for proxying websockets.
-    map $http_upgrade $connection_upgrade
-    {
-        default upgrade;
-        '' close;
-    }
-
-    # Enable http2 by default for all servers
-    http2 on;
-
-    # Sets the path, format, and configuration for a buffered log write.
-    access_log /config/log/nginx/access.log;
-
-    # Includes virtual hosts configs.
-    include /etc/nginx/http.d/*.conf;
-    include /config/nginx/site-confs/*.conf;
-}
-
-daemon off;
-pid /run/nginx.pid;

root/defaults/nginx/site-confs/default.conf.sample

@@ -1,82 +0,0 @@
-# #
-#   @project        TVApp2
-#   @usage          Automatic m3u and xml guide updater for TheTvApp, TVPass, and MoveOnJoy utilized within your IPTV client.
-#   @file           default.conf.sample
-#   @repo.1         https://github.com/TheBinaryNinja/tvapp2
-#   @repo.2         https://git.binaryninja.net/BinaryNinja/tvapp2
-#   @repo.3         https://github.com/aetherinox/docker-base-alpine
-# #
-
-server
-{
-    listen 80 default_server;
-    listen [::]:80 default_server;
-    listen 443 ssl default_server;
-    listen [::]:443 ssl default_server;
-
-    server_name _;
-
-    include /config/nginx/ssl.conf;
-
-    set $root /app/www/public;
-    if (!-d /app/www/public)
-    {
-        set $root /config/www;
-    }
-
-    root $root;
-    index index.html index.htm index.php;
-
-    location /
-    {
-        # enable for basic auth
-        #auth_basic                 "Restricted";
-        #auth_basic_user_file       /config/nginx/.htpasswd;
-
-        # index > fancy
-        fancyindex                  on;
-        fancyindex_header           "/theme/header.html";
-        fancyindex_footer           "/theme/footer.html";
-        fancyindex_ignore           "theme";
-        fancyindex_time_format      "%m-%d-%Y %T";
-        fancyindex_name_length      255;
-        fancyindex_show_dotfiles    off;
-        fancyindex_hide_symlinks    on;
-        fancyindex_default_sort     name;
-
-        # index > auto
-    	autoindex_exact_size        off;
-    	autoindex_format            html;
-    	autoindex_localtime         on;
-
-        gzip on;
-        gzip_vary on;
-        gzip_types text/css text/javascript text/xml application/atom+xml application/rss+xml text/markdown text/mathml text/plain text/vnd.sun.j2me.app-descriptor text/vnd.wap.wml text/x-component application/json application/xhtml+xml application/xspf+xml font/woff font/woff2 image/avif image/bmp image/png image/svg+xml image/tiff image/vnd.wap.wbmp image/webp image/x-icon image/x-jng audio/midi audio/mpeg audio/ogg audio/x-m4a audio/x-realaudio;
-        gzip_proxied any;
-        gzip_comp_level 1;
-        gzip_http_version 1.0;
-        gunzip on;
-        gzip_static on;
-
-        try_files $uri $uri/ /index.html /index.htm /index.php$is_args$args;
-    }
-
-    location ~ ^(.+\.php)(.*)$
-    {
-        # enable the next two lines for http auth
-        #auth_basic "Restricted";
-        #auth_basic_user_file /config/nginx/.htpasswd;
-
-        fastcgi_split_path_info ^(.+\.php)(.*)$;
-        if (!-f $document_root$fastcgi_script_name) { return 404; }
-        fastcgi_pass 127.0.0.1:9000;
-        fastcgi_index index.php;
-        include /etc/nginx/fastcgi_params;
-    }
-
-    # deny access to .htaccess/.htpasswd files
-    location ~ /\.ht
-    {
-        deny all;
-    }
-}

root/defaults/nginx/ssl.conf.sample

@@ -1,66 +0,0 @@
-# #
-#   @project        TVApp2
-#   @usage          Automatic m3u and xml guide updater for TheTvApp, TVPass, and MoveOnJoy utilized within your IPTV client.
-#   @file           nginx.conf.sample
-#   @repo.1         https://github.com/TheBinaryNinja/tvapp2
-#   @repo.2         https://git.binaryninja.net/BinaryNinja/tvapp2
-#   @repo.3         https://github.com/aetherinox/docker-base-alpine
-# #
-
-# #
-#   generated 2023-06-25, Mozilla Guideline v5.7, nginx 1.24.0, OpenSSL 3.1.1, intermediate configuration
-#   https://ssl-config.mozilla.org/#server=nginx&version=1.24.0&config=intermediate&openssl=3.1.1&guideline=5.7
-# #
-
-ssl_certificate             /config/keys/cert.crt;
-ssl_certificate_key         /config/keys/cert.key;
-ssl_session_timeout         1d;
-ssl_session_cache           shared:MozSSL:10m; # about 40000 sessions
-ssl_session_tickets         off;
-
-# #
-#   curl https://ssl-config.mozilla.org/ffdhe2048.txt > /path/to/dhparam
-# #
-
-ssl_dhparam                 /config/nginx/dhparams.pem;
-
-# #
-#   intermediate configuration
-# #
-
-ssl_protocols               TLSv1.2 TLSv1.3;
-ssl_ciphers                 ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256;
-ssl_prefer_server_ciphers   on;
-
-# #
-#   OCSP stapling
-# #
-
-# ssl_stapling              on;
-# ssl_stapling_verify       on;
-
-# #
-#   verify chain of trust of OCSP response using Root CA and Intermediate certs
-# #
-
-# ssl_trusted_certificate   /config/keys/cert.crt;
-
-# #
-#   HSTS (ngx_http_headers_module is required) (63072000 seconds)
-# #
-
-add_header X-Content-Type-Options nosniff;
-add_header Strict-Transport-Security "max-age=31536000; includeSubdomains" always;
-
-# #
-#   Optional additional headers
-# #
-
-# add_header                Cache-Control "no-transform" always;
-# add_header                Content-Security-Policy "upgrade-insecure-requests; frame-ancestors 'self'" always;
-# add_header                Permissions-Policy "interest-cohort=()" always;
-# add_header                Referrer-Policy "same-origin" always;
-# add_header                X-Content-Type-Options "nosniff" always;
-# add_header                X-Frame-Options "SAMEORIGIN" always;
-# add_header                X-UA-Compatible "IE=Edge" always;
-# add_header                X-XSS-Protection "1; mode=block" always;

root/etc/logrotate.d/nginx

@@ -1,14 +0,0 @@
-/config/log/nginx/*.log {
-        weekly
-        rotate 14
-        compress
-        delaycompress
-        nodateext
-        notifempty
-        missingok
-        sharedscripts
-        postrotate
-                s6-svc -1 /run/service/svc-nginx
-        endscript
-        su dockerx dockerx
-}

root/etc/logrotate.d/php-fpm

@@ -1,14 +0,0 @@
-/config/log/php/*.log {
-        rotate 7
-        weekly
-        missingok
-        notifempty
-        delaycompress
-        compress
-        nodateext
-        sharedscripts
-        postrotate
-                s6-svc -t /run/service/svc-php-fpm
-        endscript
-        su dockerx dockerx
-}

root/etc/nginx/nginx.conf

@@ -1 +0,0 @@
-include /config/nginx/nginx.conf;

root/etc/s6-overlay/s6-rc.d/init-folders/run

@@ -4,8 +4,4 @@
 # make folders
 mkdir -p \
     /config/{keys,php,www} \
-    /config/log/{nginx,php} \
+    /run
-    /config/nginx/site-confs \
-    /run \
-    /var/lib/nginx/tmp/client_body \
-    /var/tmp/nginx

root/etc/s6-overlay/s6-rc.d/init-nginx/up

@@ -1 +1,2 @@
-/etc/s6-overlay/s6-rc.d/init-nginx/run
+# this file allows you to load an nginx webserver
+# /etc/s6-overlay/s6-rc.d/init-nginx/run

root/etc/s6-overlay/s6-rc.d/init-permissions/run

@@ -2,22 +2,13 @@
 # shellcheck shell=bash
 
 # permissions
-aetherxown -R dockerx:dockerx \
-    /var/lib/nginx \
-    /var/tmp/nginx
-
 aetherxown -R dockerx:dockerx \
     /config/keys \
     /config/log \
-    /config/nginx \
-    /config/php
 
 aetherxown dockerx:dockerx \
     /config/www
 
-chmod -R g+w \
-    /config/nginx
-
 chmod -R 644 /etc/logrotate.d
 
 if [[ -f "/config/log/logrotate.status" ]]; then

root/etc/s6-overlay/s6-rc.d/init-version-checks/run

@@ -2,23 +2,23 @@
 # shellcheck shell=bash
 
 # detect nginx configs with dates not matching the provided sample files
-active_confs=$(find /config/nginx/ -name "*.conf" -type f 2>/dev/null)
+# active_confs=$(find /config/nginx/ -name "*.conf" -type f 2>/dev/null)
 
-for i in ${active_confs}; do
+# for i in ${active_confs}; do
-    if [ -f "${i}.sample" ]; then
+#    if [ -f "${i}.sample" ]; then
-        if [ "$(sed -nE 's|^## Version ([0-9]{4}\/[0-9]{2}\/[0-9]{2}).*|\1|p' "${i}")" != "$(sed -nE 's|^## Version ([0-9]{4}\/[0-9]{2}\/[0-9]{2}).*|\1|p' "${i}.sample")" ]; then
+#        if [ "$(sed -nE 's|^## Version ([0-9]{4}\/[0-9]{2}\/[0-9]{2}).*|\1|p' "${i}")" != "$(sed -nE 's|^## Version ([0-9]{4}\/[0-9]{2}\/[0-9]{2}).*|\1|p' "${i}.sample")" ]; then
-            active_confs_changed="│ $(printf '%10s' "$(sed -nE 's|^## Version ([0-9]{4}\/[0-9]{2}\/[0-9]{2}).*|\1|p' "${i}" | tr / -)") │ $(printf '%10s' "$(sed -nE 's|^## Version ([0-9]{4}\/[0-9]{2}\/[0-9]{2}).*|\1|p' "${i}.sample" | tr / -)") │ $(printf '%-70s' "${i}") │\n${active_confs_changed}"
+#            active_confs_changed="│ $(printf '%10s' "$(sed -nE 's|^## Version ([0-9]{4}\/[0-9]{2}\/[0-9]{2}).*|\1|p' "${i}" | tr / -)") │ $(printf '%10s' "$(sed -nE 's|^## Version ([0-9]{4}\/[0-9]{2}\/[0-9]{2}).*|\1|p' "${i}.sample" | tr / -)") │ $(printf '%-70s' "${i}") │\n${active_confs_changed}"
-        fi
+#        fi
-    fi
+#    fi
-done
+# done
 
 # detect site-confs with wrong extension
-site_confs_wrong_ext=$(find /config/nginx/site-confs/ -type f -not -name "*.conf" -not -name "*.conf.sample" 2>/dev/null)
+# site_confs_wrong_ext=$(find /config/nginx/site-confs/ -type f -not -name "*.conf" -not -name "*.conf.sample" 2>/dev/null)
 
-if [ -n "${site_confs_wrong_ext}" ]; then
+# if [ -n "${site_confs_wrong_ext}" ]; then
-    echo "**** The following site-confs have extensions other than .conf ****"
+#    echo "**** The following site-confs have extensions other than .conf ****"
-    echo "**** This may be due to user customization. ****"
+#    echo "**** This may be due to user customization. ****"
-    echo "**** You should review the files and rename them to use the .conf extension or remove them. ****"
+#    echo "**** You should review the files and rename them to use the .conf extension or remove them. ****"
-    echo "**** nginx.conf will only include site-confs with the .conf extension. ****"
+#    echo "**** nginx.conf will only include site-confs with the .conf extension. ****"
-    echo -e "${site_confs_wrong_ext}"
+#    echo -e "${site_confs_wrong_ext}"
-fi
+# fi

root/etc/s6-overlay/s6-rc.d/svc-nginx/run

@@ -1,16 +1,3 @@
 #!/usr/bin/with-contenv bash
 # shellcheck shell=bash
-
-if pgrep -f "[n]ginx:" >/dev/null; then
-    echo "Zombie nginx processes detected, sending SIGTERM"
-    pkill -ef [n]ginx:
-    sleep 1
-fi
-
-if pgrep -f "[n]ginx:" >/dev/null; then
-    echo "Zombie nginx processes still active, sending SIGKILL"
-    pkill -9 -ef [n]ginx:
-    sleep 1
-fi
-
 # exec /usr/sbin/nginx