294 lines
9.2 KiB
Docker
294 lines
9.2 KiB
Docker
FROM alpine:3.19 AS baseimage
|
|
# Install PHP+Friends
|
|
RUN <<EOF
|
|
set -ue
|
|
apk add --no-cache \
|
|
bash bash-completion \
|
|
php83 php83-bcmath php83-bz2 php83-calendar php83-ctype php83-curl php83-dom php83-exif php83-fileinfo php83-ftp \
|
|
php83-fpm php83-gd php83-gettext php83-gmp php83-iconv php83-imap php83-intl php83-json php83-ldap php83-mbstring \
|
|
php83-mysqli php83-mysqlnd php83-odbc php83-opcache php83-openssl php83-pcntl \
|
|
php83-pecl-apcu php83-pecl-redis \
|
|
php83-pdo php83-pdo_dblib php83-pdo_mysql php83-pdo_odbc php83-pdo_pgsql php83-pdo_sqlite php83-pgsql php83-phar \
|
|
php83-posix php83-session php83-shmop php83-simplexml php83-snmp php83-soap php83-sockets php83-sqlite3 \
|
|
php83-sysvmsg php83-sysvsem php83-sysvshm php83-tidy php83-tokenizer php83-xml php83-xmlreader php83-xmlwriter \
|
|
php83-xsl php83-zip php83-zlib \
|
|
composer \
|
|
nginx \
|
|
curl wget \
|
|
git openssh-client\
|
|
sqlite
|
|
rm /usr/bin/php /usr/bin/php82
|
|
ln -s /usr/bin/php83 /usr/bin/php
|
|
ln -s /usr/sbin/php-fpm83 /usr/bin/php-fpm
|
|
sed -i 's|php82|php83|g' /usr/bin/composer
|
|
bash <(curl -s https://raw.githubusercontent.com/docker-suite/Install-Scripts/master/alpine-runit/install-runit.sh)
|
|
EOF
|
|
|
|
# Set bash as the default shell
|
|
SHELL ["/bin/bash", "-c"]
|
|
|
|
## Start runit
|
|
CMD ["/bin/bash", "runit", "start"]
|
|
|
|
# Add the php user
|
|
RUN adduser -D -u 1000 php -h /home/php/ -s /bin/bash
|
|
|
|
# Fix perms
|
|
RUN <<EOF
|
|
set -ue
|
|
chmod +x \
|
|
/etc/runit/init.d/* \
|
|
/usr/local/bin/runit \
|
|
/usr/local/bin/runit-init \
|
|
/etc/runit/1 /etc/runit/2 /etc/runit/3
|
|
sed -i 's|rm -rf /etc/service 2>/dev/null|#rm -rf /etc/service 2>/dev/null|g' /etc/runit/init.d/001-prepare
|
|
EOF
|
|
|
|
# Add workdir /app
|
|
WORKDIR /app
|
|
|
|
RUN <<RUN
|
|
set -ue
|
|
# Configure Nginx
|
|
echo "daemon off;" >> /etc/nginx/nginx.conf
|
|
mkdir -p /etc/service.d/nginx
|
|
cat << EOF > /etc/service.d/nginx/run
|
|
#!/bin/sh
|
|
/usr/sbin/nginx
|
|
EOF
|
|
cat << EOF > /etc/nginx/nginx.conf
|
|
# Set number of worker processes automatically based on number of CPU cores.
|
|
worker_processes auto;
|
|
# Enables the use of JIT for regular expressions to speed-up their processing.
|
|
pcre_jit on;
|
|
# Configures default error logger.
|
|
error_log /app/logs/nginx_error.log warn;
|
|
# Includes files with directives to load dynamic modules.
|
|
include /etc/nginx/modules/*.conf;
|
|
# Include files with config snippets into the root context.
|
|
include /etc/nginx/conf.d/*.conf;
|
|
|
|
events {
|
|
# The maximum number of simultaneous connections that can be opened by a worker process.
|
|
worker_connections 1024;
|
|
}
|
|
|
|
http {
|
|
include /etc/nginx/mime.types; # Includes mapping of file name extensions to MIME types of responses and defines the default type.
|
|
default_type application/octet-stream;
|
|
server_tokens off; # Don't tell nginx version to the clients. Default is 'on'.
|
|
# Specifies the maximum accepted body size of a client request, as indicated by the request header Content-Length. If the stated content
|
|
# length is greater than this size, then the client receives the HTTP error code 413. Set to 0 to disable.
|
|
client_max_body_size 0; # Default is '1m'.
|
|
sendfile on; # Sendfile copies data between one FD and other from within the kernel, which is more efficient than read() + write().
|
|
tcp_nopush on; # Causes nginx to attempt to send its HTTP response head in one packet, instead of using partial frames. Default is 'off'.
|
|
gzip on; # Enable gzipping of responses.
|
|
gzip_vary on; # Set the Vary HTTP header as defined in the RFC 2616. Default is 'off'.
|
|
map \$http_upgrade \$connection_upgrade { # Helper variable for proxying websockets.
|
|
default upgrade;
|
|
'' close;
|
|
}
|
|
# Specifies the main log format.
|
|
log_format main '\$remote_addr - \$remote_user [\$time_local] "\$request" '
|
|
'\$status \$body_bytes_sent "\$http_referer" '
|
|
'"\$http_user_agent" "\$http_x_forwarded_for"';
|
|
access_log /app/logs/nginx_access.log main; # Sets the path, format, and configuration for a buffered log write.
|
|
include /etc/nginx/http.d/*.conf; # Includes virtual hosts configs.
|
|
include /app/*.nginx; # Include project specific configuration.
|
|
}
|
|
daemon off;
|
|
EOF
|
|
cat << EOF > /etc/nginx/http.d/default.conf
|
|
server {
|
|
listen 80 default_server;
|
|
listen [::]:80 default_server;
|
|
client_max_body_size 1024M;
|
|
root /app/public;
|
|
server_name _;
|
|
index index.html index.php index.htm;
|
|
location / {
|
|
# First attempt to serve request as file, then as directory, then fall back to displaying a 404.
|
|
try_files \$uri \$uri/ /index.php?\$args;
|
|
}
|
|
location ~ \.php$ {
|
|
try_files \$uri \$uri/ /index.php?\$args;
|
|
fastcgi_pass unix:/run/php-fpm/php-fpm.sock;
|
|
fastcgi_index index.php;
|
|
fastcgi_param SCRIPT_FILENAME \$document_root\$fastcgi_script_name;
|
|
fastcgi_read_timeout 300;
|
|
include fastcgi_params;
|
|
fastcgi_buffers 16 16k;
|
|
fastcgi_buffer_size 32k;
|
|
}
|
|
location ~ /\.ht {
|
|
deny all;
|
|
}
|
|
}
|
|
EOF
|
|
cat << EOF > /etc/service.d/nginx/run
|
|
#!/usr/bin/env bash
|
|
set -ue
|
|
/usr/sbin/nginx
|
|
EOF
|
|
touch /etc/service.d/nginx/enable
|
|
# Configure PHP-FPM
|
|
mkdir -p /etc/service.d/php
|
|
touch /etc/php83/conf.d/env.conf
|
|
chmod a+rw /etc/php83/conf.d/env.conf
|
|
cat << EOF > /etc/service.d/php/run
|
|
#!/usr/bin/env bash
|
|
set -ue
|
|
echo "Parsing environment"
|
|
printenv | sort
|
|
echo "Exporting environment"
|
|
env | sed "s/\(.*\)=\(.*\)/env[\1]='\2'/"
|
|
env | sed "s/\(.*\)=\(.*\)/env[\1]='\2'/" > /etc/php83/conf.d/env.conf
|
|
echo "Starting PHP-FPM"
|
|
/usr/bin/php-fpm -F
|
|
EOF
|
|
cat << EOF > /etc/php83/php-fpm.conf
|
|
[global]
|
|
pid = /run/php-fpm/php-fpm.pid
|
|
error_log = /app/logs/php_error.log
|
|
process.max = 128 ; Default Value: 0
|
|
daemonize = no
|
|
include=/etc/php83/php-fpm.d/*.conf
|
|
EOF
|
|
cat << EOF > /etc/php83/php-fpm.d/www.conf
|
|
[www]
|
|
;user = php # Not running as root, so this does nothing.
|
|
;group = php
|
|
listen = /run/php-fpm/php-fpm.sock
|
|
listen.backlog = -1
|
|
listen.owner = php
|
|
listen.group = php
|
|
listen.mode = 0660
|
|
pm = dynamic
|
|
pm.max_children = 128 ; Maximum workers
|
|
pm.start_servers = 4 ; How many nodes to start
|
|
pm.min_spare_servers = 2 ; Minimum hotspares
|
|
pm.max_spare_servers = 5 ; Maximum acceptable spares
|
|
pm.max_spawn_rate = 32 ; Maximum velocity to spawn more nodes
|
|
pm.process_idle_timeout = 10s ; How long a server may remind idle before culling
|
|
pm.max_requests = 500 ; How many requests to serve to let run before culling
|
|
access.log = /app/logs/php_access.log
|
|
;slowlog = /app/logs/php_slow_requests.log
|
|
;request_slowlog_timeout = 5s
|
|
;request_slowlog_trace_depth = 20
|
|
;chdir = /app/public
|
|
clear_env = no
|
|
EOF
|
|
cat << EOF > /etc/php83/php.ini
|
|
[PHP]
|
|
short_open_tag = Off
|
|
implicit_flush = Off
|
|
serialize_precision = -1
|
|
zend.enable_gc = On
|
|
zend.exception_ignore_args = On
|
|
zend.exception_string_param_max_len = 0
|
|
expose_php = Off
|
|
max_execution_time = 10
|
|
max_input_time = 60
|
|
memory_limit = 128M
|
|
error_reporting = E_ALL & ~E_DEPRECATED & ~E_STRICT
|
|
display_errors = On
|
|
display_startup_errors = On
|
|
log_errors = On
|
|
ignore_repeated_errors = Off
|
|
ignore_repeated_source = Off
|
|
report_memleaks = On
|
|
variables_order = "GPCS"
|
|
request_order = "GP"
|
|
register_argc_argv = Off
|
|
auto_globals_jit = On
|
|
post_max_size = 128M
|
|
default_mimetype = "text/html"
|
|
default_charset = "UTF-8"
|
|
include_path = ".:/usr/share/php83"
|
|
enable_dl = Off
|
|
file_uploads = On
|
|
upload_max_filesize = 32M
|
|
max_file_uploads = 20
|
|
allow_url_fopen = On
|
|
allow_url_include = Off
|
|
default_socket_timeout = 60
|
|
[CLI Server]
|
|
cli_server.color = On
|
|
[Session]
|
|
session.save_handler = files
|
|
session.use_strict_mode = 0
|
|
session.use_cookies = 1
|
|
session.use_only_cookies = 1
|
|
session.name = SESSION
|
|
session.auto_start = 0
|
|
session.cookie_lifetime = 0
|
|
session.cookie_path = /
|
|
session.serialize_handler = php
|
|
session.gc_probability = 1
|
|
session.gc_divisor = 1000
|
|
session.gc_maxlifetime = 1440
|
|
session.cache_limiter = nocache
|
|
session.cache_expire = 180
|
|
session.use_trans_sid = 0
|
|
session.trans_sid_tags = "a=href,area=href,frame=src,form="
|
|
session.sid_bits_per_character = 5
|
|
[Assertion]
|
|
zend.assertions = -1
|
|
EOF
|
|
touch /etc/service.d/php/enable
|
|
# Tail the logs
|
|
mkdir -p /etc/service.d/log-tail
|
|
cat << EOF > /etc/service.d/log-tail/run
|
|
#!/usr/bin/env bash
|
|
set -ue
|
|
# For all the logs in /app/logs/*.log, empty them
|
|
for log in /app/logs/*.log; do
|
|
echo -n > "\$log"
|
|
done
|
|
# Tail all the logs
|
|
tail -f /app/logs/php_access.log &
|
|
tail -f /app/logs/php_error.log &
|
|
tail -f /app/logs/nginx_access.log &
|
|
tail -f /app/logs/nginx_error.log
|
|
EOF
|
|
touch /etc/service.d/log-tail/enable
|
|
# Fix ownership
|
|
mkdir -p \
|
|
/var/log/nginx \
|
|
/run/php-fpm
|
|
chown php:php -R \
|
|
/etc/runit \
|
|
/etc/service /etc/service.d \
|
|
/var/lib/nginx /var/log/nginx /run/nginx \
|
|
/var/log/php83 /run/php-fpm \
|
|
/app
|
|
RUN
|
|
|
|
# Use that new php user
|
|
USER php
|
|
|
|
# Configure SSH to trust github.com
|
|
RUN <<RUN
|
|
set -ue
|
|
mkdir -p ~/.ssh
|
|
ssh-keyscan -t rsa github.com >> ~/.ssh/known_hosts
|
|
RUN
|
|
|
|
# We expect composer.json & composer.lock to exist in the app
|
|
ONBUILD USER root
|
|
ONBUILD COPY ./composer.* /app
|
|
ONBUILD COPY *vendor /app/vendor
|
|
ONBUILD RUN chown -R php:php /app
|
|
ONBUILD USER php
|
|
ONBUILD RUN composer install
|
|
# We expect /public to exist in the app
|
|
ONBUILD COPY ./public /app/public
|
|
# Copy everything else.
|
|
ONBUILD COPY . /app
|
|
ONBUILD RUN mkdir -p /app/logs
|
|
|
|
ENV PATH="/app/bin:/app/vendor/bin:${PATH}" \
|
|
COMPOSER_FUND=0
|
|
|
|
FROM baseimage AS bucket-serve
|
|
|