config: sync docker configs 2026-06-08T03:59:55Z

apps/bookstack/bookstack/.migrations

@@ -0,0 +1,2 @@
+01-nginx-site-confs-default
+02-default-location

apps/bookstack/bookstack/keys/cert.crt

@@ -0,0 +1,23 @@
+-----BEGIN CERTIFICATE-----
+MIIDxzCCAq+gAwIBAgIUVt05s9wgylfcEPx3fQDn2e4dF3owDQYJKoZIhvcNAQEL
+BQAwaDELMAkGA1UEBhMCVVMxCzAJBgNVBAgMAkNBMREwDwYDVQQHDAhDYXJsc2Jh
+ZDEXMBUGA1UECgwOTGludXhzZXJ2ZXIuaW8xFDASBgNVBAsMC0xTSU8gU2VydmVy
+MQowCAYDVQQDDAEqMB4XDTI2MDYwNTAwNDczMloXDTM2MDYwMjAwNDczMlowaDEL
+MAkGA1UEBhMCVVMxCzAJBgNVBAgMAkNBMREwDwYDVQQHDAhDYXJsc2JhZDEXMBUG
+A1UECgwOTGludXhzZXJ2ZXIuaW8xFDASBgNVBAsMC0xTSU8gU2VydmVyMQowCAYD
+VQQDDAEqMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAooBdmf0Nmewk
+YIreTSqKgHJpj+C5uiYflmiQ7TBNrMCyeg7VrkDKlAIbrMsWDbdxbJ3gIWX/+WL9
+iFG3SVwLwj3OLAdaPhLU8vodrjMkxkNFHk7CFNG53sEOU1WOskdwK3xtWUx3F6CD
+tBJwWyIepdsiXiFoug6kgKZ7r7Koraqp7fW36iNztvW+V2DakF6F4ufSduzq1zTZ
+mp+woGVPUVcI2UPoOuKLQqIt93GmHbmFqw1AKKZkbaoTxJHVnz56YfjmMn/ls+8s
+ovLX8wR9zSp+ExwitrbD//zyWYt7GWmDZIuSB0pqb/ofXDSijiDiobM5UJ6bygv1
+BAXXbyg0pwIDAQABo2kwZzAdBgNVHQ4EFgQUSWIeem3I7aV7kjCN9t2xKz9ayBEw
+HwYDVR0jBBgwFoAUSWIeem3I7aV7kjCN9t2xKz9ayBEwDwYDVR0TAQH/BAUwAwEB
+/zAUBgNVHREEDTALgglsb2NhbGhvc3QwDQYJKoZIhvcNAQELBQADggEBAIsbdBRB
+sENi2gz8zRqL9oEwiZ6n02mvd/uYh0ReBxp5AAkRJ0v1vqhMtCi26lHA2FoUdUFS
+aOKitgpXZn3oP5SqBVfxsE9WUTBP544H3lsUKnsQl06dBpKQCmXrnVedM6ktb33P
+EpppqudyS+y+mNVLi9lM4bMqGxQRdze2y4p9+qNYHREczkPgMlEgujOKcd533YJ/
+EbrwKgvYBWQeR0Rl0YnGS3j/mFXYYfsg4jpxHezX5tZRWT7FTtV8GpcchR97qvZH
+Ax/cOIYmWF0KIkiW8qTmiMowwm2pEQLxOOxaLwPsICk6jf9kvPeHdu1+aMfvuZhc
+MbvugyYpqDKGRCg=
+-----END CERTIFICATE-----

apps/bookstack/bookstack/keys/cert.key

@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQCigF2Z/Q2Z7CRg
+it5NKoqAcmmP4Lm6Jh+WaJDtME2swLJ6DtWuQMqUAhusyxYNt3FsneAhZf/5Yv2I
+UbdJXAvCPc4sB1o+EtTy+h2uMyTGQ0UeTsIU0bnewQ5TVY6yR3ArfG1ZTHcXoIO0
+EnBbIh6l2yJeIWi6DqSApnuvsqitqqnt9bfqI3O29b5XYNqQXoXi59J27OrXNNma
+n7CgZU9RVwjZQ+g64otCoi33caYduYWrDUAopmRtqhPEkdWfPnph+OYyf+Wz7yyi
+8tfzBH3NKn4THCK2tsP//PJZi3sZaYNki5IHSmpv+h9cNKKOIOKhszlQnpvKC/UE
+BddvKDSnAgMBAAECggEAFP1Bmc8+v3/p3vJw7kStaRPeILBlLO8Zq2LMPWa80bB+
+HRfnb798qwtuqa39pj3oj6AAwC+dlYe8uavcYcRa3HcBN1ynwlbKXKwDw2lluZoc
+xmJj3S6NtID5KbhmWw6xJVzH/v3KcCnSeSLckljg3olkcgYcsdOMWfWnCjWoZe3t
+jZqwhHKn7tLUKvkcbsILGp5iM0Ff5fJeqfnCMOOAgpFpGdsLT0Ro3Hl3RGOGx29z
+TBey3I2pKyaK4sC+Z444lmvPlSNA/+hXmn0CxncG1d6KqPSdVd4+rK3ubJLDM0l0
+wzbzUFeCBWdWORpgJ5JirGD4Z24pU8g2zO75Rx3fiQKBgQDWa4Y0rheR3CPTE/g9
+p8lT8RRGBxge50ldbw7au3+zt89AKVbZ0+PnllWgjgL/qx4bWvOJp9q9WUODhjVO
+Qd+B3vlWtlLzBcs53KbVf49E6Ag4g3KvcJ4R7dHLlBNkvcqBwnHyR8WuBDNTWbr2
+Yy6r5P6SXIB27W6ex1KyfCslKwKBgQDCA3D9ppWX9Wj6miJ/0cvJUSKL7wMu+Hhl
+JTt8sL0KfuOzLU4/5jtkWXSxCqEWzGteWc7s5rIi/NILBJRxGPG7T/e6R3+n+iiu
+T7qgoihl5gecw7sK3PzEAcJMd9TwCiD8Wcy7gGiRz/0Ajqju6fB7i5KqoYodqnTq
+a1cM7ySodQKBgQC7e9klRvQk/a/1aIiuoH9RfoKTmLBmlSV5JRp/92J56ka1e3AN
+l1C3tqO4d3P3yc/Ra3125+ZDmkGGR1tkygR8slKil1mAVZiVR3I5TAgh4CEQCR/G
+d1o/owrGTvuGIs1nGHY5urgGqHWYc+Ueeyrb8qcFowxQ8NrAythsaFXxcQKBgQC/
+qPKoQTaqxW8NkdLe/nwYxqQgJN+6OQ+Gq/9WMKqvgaajTPBuQ50Mhyq18tAsW4j9
+zi6S7VuxIJzG8aFLEN9MsbUCOrurT398o5q0MT1DXLjMbreKBcFWSH6PWBntf7QS
+VwvfdvzWfudq84ODcWt2QO2EzsxIfim9ooh+aIiIOQKBgErUJXO3Z6YqxpHjZka9
+0zXRZaUHBTTTQTy014VUT69bKKgwYvaecKZlzgzlzj4wEAZuNmgWQfinGEfUezu8
+VwL+a0BsWnQDMAK96FWGFfui55DmXp8Wo+pzIrSR7O0+GPnSr6B6RPjwEuFKziWX
+v4HTdlayWFSvB+uArMUKowFP
+-----END PRIVATE KEY-----

apps/bookstack/bookstack/nginx/resolver.conf

@@ -0,0 +1,3 @@
+# This file is auto-generated only on first start, based on the container's /etc/resolv.conf file. Feel free to modify it as you wish.
+
+resolver  127.0.0.11 valid=30s;

apps/bookstack/bookstack/nginx/site-confs/default.conf

@@ -0,0 +1,46 @@
+## Version 2025/12/26 - Changelog: https://github.com/linuxserver/docker-baseimage-alpine-nginx/commits/3.23/root/defaults/nginx/site-confs/default.conf.sample
+
+server {
+    listen 80 default_server;
+    listen [::]:80 default_server;
+    listen 443 ssl default_server;
+    listen [::]:443 ssl default_server;
+    listen 443 quic reuseport default_server;
+    listen [::]:443 quic reuseport default_server;
+
+    server_name _;
+
+    include /config/nginx/ssl.conf;
+
+    set $root /app/www/public;
+    if (!-d /app/www/public) {
+        set $root /config/www;
+    }
+    root $root;
+    index index.html index.htm index.php;
+
+    location / {
+        # enable for basic auth
+        #auth_basic "Restricted";
+        #auth_basic_user_file /config/nginx/.htpasswd;
+
+        try_files $uri $uri/ /index.html /index.htm /index.php$is_args$args;
+    }
+
+    location ~ ^(.+\.php)(.*)$ {
+        # enable the next two lines for http auth
+        #auth_basic "Restricted";
+        #auth_basic_user_file /config/nginx/.htpasswd;
+
+        fastcgi_split_path_info ^(.+\.php)(.*)$;
+        if (!-f $document_root$fastcgi_script_name) { return 404; }
+        fastcgi_pass 127.0.0.1:9000;
+        fastcgi_index index.php;
+        include /etc/nginx/fastcgi_params;
+    }
+
+    # deny access to .htaccess/.htpasswd files
+    location ~ /\.ht {
+        deny all;
+    }
+}

apps/bookstack/bookstack/nginx/ssl.conf

@@ -0,0 +1,36 @@
+## Version 2026/05/04 - Changelog: https://github.com/linuxserver/docker-baseimage-alpine-nginx/commits/3.23/root/defaults/nginx/ssl.conf.sample
+
+ssl_certificate /config/keys/cert.crt;
+ssl_certificate_key /config/keys/cert.key;
+
+# HSTS (ngx_http_headers_module is required) (63072000 seconds)
+#add_header Strict-Transport-Security "max-age=63072000" always;
+
+### Mozilla SSL Configuration Generator
+# generated 2026-05-04, Mozilla Guideline v6.0, nginx 1.28.3, OpenSSL 3.5.6, intermediate config, HSTS
+# https://ssl-config.mozilla.org/#server=nginx&version=1.28.3&config=intermediate&openssl=3.5.6&hsts&guideline=6.0
+# intermediate configuration
+ssl_protocols TLSv1.2 TLSv1.3;
+ssl_ecdh_curve X25519MLKEM768:X25519:prime256v1:secp384r1;
+ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305;
+ssl_prefer_server_ciphers off;
+
+# see also ssl_session_ticket_key alternative to stateful session cache
+ssl_session_timeout 1d;
+ssl_session_cache shared:MozSSL:10m; # about 40000 sessions
+
+### Mozilla Practical security implementation
+# https://developer.mozilla.org/en-US/docs/Web/Security
+#add_header Access-Control-Allow-Origin $http_origin always;
+#add_header Content-Security-Policy "upgrade-insecure-requests; base-uri 'self'; form-action 'self'; frame-ancestors 'self';" always;
+#add_header Cross-Origin-Resource-Policy "same-origin" always;
+#add_header Referrer-Policy "same-origin" always;
+#add_header X-Content-Type-Options "nosniff" always;
+#add_header X-Frame-Options "SAMEORIGIN" always;
+
+### Optional additional headers
+#add_header Alt-Svc 'h3=":443"' always;
+#add_header Cache-Control "no-transform" always;
+#add_header Permissions-Policy "interest-cohort=()" always;
+#add_header X-UA-Compatible "IE=Edge" always;
+#add_header X-XSS-Protection "1; mode=block" always;

apps/bookstack/bookstack/nginx/worker_processes.conf

@@ -0,0 +1,3 @@
+# This file is auto-generated only on first start, based on the cpu cores detected. Feel free to change it to any other number or to auto to let nginx handle it automatically.
+
+worker_processes 8;

apps/bookstack/bookstack/php/php-local.ini

@@ -0,0 +1,3 @@
+; Edit this file to override php.ini directives
+
+date.timezone = America/Chicago

apps/bookstack/bookstack/php/www2.conf

@@ -0,0 +1,5 @@
+; Edit this file to override www.conf and php-fpm.conf directives and restart the container
+
+; Pool name
+[www]
+

apps/bookstack/bookstack/www/index.html

@@ -0,0 +1,34 @@
+    <html>
+        <head>
+            <title>Welcome to our server</title>
+            <style>
+            body{
+                font-family: Helvetica, Arial, sans-serif;
+            }
+            .message{
+                width:330px;
+                padding:20px 40px;
+                margin:0 auto;
+                background-color:#f9f9f9;
+                border:1px solid #ddd;
+            }
+            center{
+                margin:40px 0;
+            }
+            h1{
+                font-size: 18px;
+                line-height: 26px;
+            }
+            p{
+                font-size: 12px;
+            }
+            </style>
+        </head>
+        <body>
+            <div class="message">
+                <h1>Welcome to our server</h1>
+                <p>The website is currently being setup under this address.</p>
+                <p>For help and support, please contact: <a href="me@example.com">me@example.com</a></p>
+            </div>
+        </body>
+    </html>

apps/bookstack/db/mariadb_upgrade_info

@@ -0,0 +1 @@
+11.8.8-MariaDB

apps/bookstack/docker-compose.yml

@@ -0,0 +1,33 @@
+services:
+  bookstack:
+    image: lscr.io/linuxserver/bookstack:latest
+    container_name: bookstack
+    restart: unless-stopped
+    environment:
+      - PUID=1000
+      - PGID=1000
+      - TZ=America/Chicago
+      - APP_URL=http://192.168.1.205:6875
+      - DB_HOST=bookstack-db
+      - DB_PORT=3306
+      - DB_USERNAME=bookstack
+      - DB_PASSWORD=bookstackpassword
+      - DB_DATABASE=bookstackapp
+    volumes:
+      - ./bookstack:/config
+    ports:
+      - "6875:80"
+    depends_on:
+      - bookstack-db
+
+  bookstack-db:
+    image: mariadb:11
+    container_name: bookstack-db
+    restart: unless-stopped
+    environment:
+      - MYSQL_ROOT_PASSWORD=supersecretrootpassword
+      - MYSQL_DATABASE=bookstackapp
+      - MYSQL_USER=bookstack
+      - MYSQL_PASSWORD=bookstackpassword
+    volumes:
+      - ./db:/var/lib/mysql