Skip to content

Commit

Permalink
Merge pull request #94 from kool-dev/8.3+updates
Browse files Browse the repository at this point in the history 
Add 8.3
  • Loading branch information
@fabriciojs
fabriciojs authored Jan 6, 2024
2 parents b957bd5 + 1eb06f4 commit 71159bd
Show file tree
Hide file tree
Showing 27 changed files with 871 additions and 22 deletions.
2 changes: 1 addition & 1 deletion .github/workflows/ci-cd.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,7 @@ jobs:

strategy:
matrix:
version: ['8.0', '8.1', '8.2']
version: ['8.0', '8.1', '8.2', '8.3']
type: ['', '-prod']

steps:
Expand Down
5 changes: 2 additions & 3 deletions 8.0-prod/Dockerfile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -55,15 +55,14 @@ RUN adduser -D -u 1337 kool \
zip \
sockets \
mysqli \
&& pecl install imagick redis \
&& pecl install redis \
&& pecl install imagick \
&& docker-php-ext-enable imagick \
&& docker-php-ext-enable redis \
&& cp "/usr/local/etc/php/php.ini-production" "/usr/local/etc/php/php.ini" \
# composer
&& curl -sS https://getcomposer.org/installer | php -- --install-dir=/usr/local/bin --filename=composer \
&& curl -sS https://getcomposer.org/installer | php -- --1 --install-dir=/usr/local/bin --filename=composer1 \
# symlink composer2 for BC
&& ln -s /usr/local/bin/composer /usr/local/bin/composer2 \
# cleanup
&& apk del .build-deps \
&& rm -rf /var/cache/apk/* /tmp/*
Expand Down
5 changes: 2 additions & 3 deletions 8.0/Dockerfile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -55,17 +55,16 @@ RUN adduser -D -u 1337 kool \
zip \
sockets \
mysqli \
&& pecl install imagick redis \
&& pecl install redis \
&& pecl install xdebug \
&& pecl install pcov && docker-php-ext-enable pcov \
&& pecl install imagick \
&& docker-php-ext-enable imagick \
&& docker-php-ext-enable redis \
&& cp "/usr/local/etc/php/php.ini-development" "/usr/local/etc/php/php.ini" \
# composer
&& curl -sS https://getcomposer.org/installer | php -- --install-dir=/usr/local/bin --filename=composer \
&& curl -sS https://getcomposer.org/installer | php -- --1 --install-dir=/usr/local/bin --filename=composer1 \
# symlink composer2 for BC
&& ln -s /usr/local/bin/composer /usr/local/bin/composer2 \
# cleanup
&& apk del .build-deps \
&& rm -rf /var/cache/apk/* /tmp/*
Expand Down
5 changes: 2 additions & 3 deletions 8.1-prod/Dockerfile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -55,15 +55,14 @@ RUN adduser -D -u 1337 kool \
zip \
sockets \
mysqli \
&& pecl install imagick redis \
&& pecl install redis \
&& pecl install imagick \
&& docker-php-ext-enable imagick \
&& docker-php-ext-enable redis \
&& cp "/usr/local/etc/php/php.ini-production" "/usr/local/etc/php/php.ini" \
# composer
&& curl -sS https://getcomposer.org/installer | php -- --install-dir=/usr/local/bin --filename=composer \
&& curl -sS https://getcomposer.org/installer | php -- --1 --install-dir=/usr/local/bin --filename=composer1 \
# symlink composer2 for BC
&& ln -s /usr/local/bin/composer /usr/local/bin/composer2 \
# cleanup
&& apk del .build-deps \
&& rm -rf /var/cache/apk/* /tmp/*
Expand Down
5 changes: 2 additions & 3 deletions 8.1/Dockerfile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -55,17 +55,16 @@ RUN adduser -D -u 1337 kool \
zip \
sockets \
mysqli \
&& pecl install imagick redis \
&& pecl install redis \
&& pecl install xdebug \
&& pecl install pcov && docker-php-ext-enable pcov \
&& pecl install imagick \
&& docker-php-ext-enable imagick \
&& docker-php-ext-enable redis \
&& cp "/usr/local/etc/php/php.ini-development" "/usr/local/etc/php/php.ini" \
# composer
&& curl -sS https://getcomposer.org/installer | php -- --install-dir=/usr/local/bin --filename=composer \
&& curl -sS https://getcomposer.org/installer | php -- --1 --install-dir=/usr/local/bin --filename=composer1 \
# symlink composer2 for BC
&& ln -s /usr/local/bin/composer /usr/local/bin/composer2 \
# cleanup
&& apk del .build-deps \
&& rm -rf /var/cache/apk/* /tmp/*
Expand Down
5 changes: 2 additions & 3 deletions 8.2-prod/Dockerfile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -55,15 +55,14 @@ RUN adduser -D -u 1337 kool \
zip \
sockets \
mysqli \
&& pecl install imagick redis \
&& pecl install redis \
&& pecl install imagick \
&& docker-php-ext-enable imagick \
&& docker-php-ext-enable redis \
&& cp "/usr/local/etc/php/php.ini-production" "/usr/local/etc/php/php.ini" \
# composer
&& curl -sS https://getcomposer.org/installer | php -- --install-dir=/usr/local/bin --filename=composer \
&& curl -sS https://getcomposer.org/installer | php -- --1 --install-dir=/usr/local/bin --filename=composer1 \
# symlink composer2 for BC
&& ln -s /usr/local/bin/composer /usr/local/bin/composer2 \
# cleanup
&& apk del .build-deps \
&& rm -rf /var/cache/apk/* /tmp/*
Expand Down
5 changes: 2 additions & 3 deletions 8.2/Dockerfile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -55,17 +55,16 @@ RUN adduser -D -u 1337 kool \
zip \
sockets \
mysqli \
&& pecl install imagick redis \
&& pecl install redis \
&& pecl install xdebug \
&& pecl install pcov && docker-php-ext-enable pcov \
&& pecl install imagick \
&& docker-php-ext-enable imagick \
&& docker-php-ext-enable redis \
&& cp "/usr/local/etc/php/php.ini-development" "/usr/local/etc/php/php.ini" \
# composer
&& curl -sS https://getcomposer.org/installer | php -- --install-dir=/usr/local/bin --filename=composer \
&& curl -sS https://getcomposer.org/installer | php -- --1 --install-dir=/usr/local/bin --filename=composer1 \
# symlink composer2 for BC
&& ln -s /usr/local/bin/composer /usr/local/bin/composer2 \
# cleanup
&& apk del .build-deps \
&& rm -rf /var/cache/apk/* /tmp/*
Expand Down
62 changes: 62 additions & 0 deletions 8.3-nginx-prod/Dockerfile
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,62 @@
FROM debian AS cert

WORKDIR /kool/ssl

RUN apt-get update && \
apt-get install -y openssl && \
openssl genrsa -des3 -passout pass:x -out server.pass.key 2048 && \
openssl rsa -passin pass:x -in server.pass.key -out _.localhost.key && \
rm server.pass.key && \
openssl req -new -key _.localhost.key -out server.csr \
-subj "/C=XX/ST=XX/L=XX/O=Kool-Local/OU=Localhost/CN=*.localhost" && \
openssl x509 -req -days 365 -in server.csr -signkey _.localhost.key -out _.localhost.crt && \
openssl x509 -in _.localhost.crt -out _.localhost.pem

FROM kooldev/php:8.3-prod

ENV PHP_FPM_LISTEN=/run/php-fpm.sock \
NGINX_LISTEN=80 \
NGINX_HTTPS=false \
NGINX_LISTEN_HTTPS=443 \
NGINX_HTTPS_CERT=/kool/ssl/_.localhost.pem \
NGINX_HTTPS_CERT_KEY=/kool/ssl/_.localhost.key \
NGINX_ROOT=/app/public \
NGINX_INDEX=index.php \
NGINX_CLIENT_MAX_BODY_SIZE=25M \
NGINX_PHP_FPM=unix:/run/php-fpm.sock \
NGINX_FASTCGI_READ_TIMEOUT=60s \
NGINX_FASTCGI_BUFFERS='8 8k' \
NGINX_FASTCGI_BUFFER_SIZE='16k' \
NGINX_ENTRYPOINT_WORKER_PROCESSES_AUTOTUNE=true

RUN curl -L https://github.com/ochinchina/supervisord/releases/download/v0.6.3/supervisord_static_0.6.3_linux_amd64 -o /usr/local/bin/supervisord \
&& chmod +x /usr/local/bin/supervisord \
&& apk add --no-cache nginx \
&& chown -R kool:kool /var/lib/nginx \
&& chmod 770 /var/lib/nginx/tmp \
&& ln -sf /dev/stdout /var/log/nginx/access.log \
&& ln -sf /dev/stderr /var/log/nginx/error.log \
# add h5bp/server-configs-nginx
&& mkdir -p /etc/nginx/conf.d \
&& mkdir /etc/nginx/h5bp \
&& cd /etc/nginx/h5bp \
&& wget https://github.com/h5bp/server-configs-nginx/archive/refs/tags/3.3.0.tar.gz -O h5bp.tgz \
&& tar xzvf h5bp.tgz \
&& rm -f h5bp.tgz \
&& mv server-configs-nginx-*/h5bp/* . \
&& mv server-configs-nginx-*/nginx.conf /etc/nginx/nginx.conf \
&& sed -i "s|^user .*|user\ kool kool;|g" /etc/nginx/nginx.conf \
&& mv server-configs-nginx-*/mime.types /etc/nginx/mime.types \
&& rm -rf server-configs-nginx-* \
&& curl -L https://raw.githubusercontent.com/nginxinc/docker-nginx/master/entrypoint/30-tune-worker-processes.sh -o /kool/30-tune-worker-processes.sh \
&& chmod +x /kool/30-tune-worker-processes.sh

COPY supervisor.conf /kool/supervisor.conf
COPY default.tmpl /kool/default.tmpl
COPY entrypoint /kool/entrypoint
COPY --from=cert /kool/ssl /kool/ssl
RUN chmod +x /kool/entrypoint

EXPOSE 80

CMD [ "supervisord", "-c", "/kool/supervisor.conf" ]
53 changes: 53 additions & 0 deletions 8.3-nginx-prod/default.tmpl
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,53 @@
server {
listen {{ .Env.NGINX_LISTEN }} default_server;
server_name _;
{{ if isTrue .Env.NGINX_HTTPS }}
listen {{ .Env.NGINX_LISTEN_HTTPS }} ssl http2;
ssl_certificate {{ .Env.NGINX_HTTPS_CERT }};
ssl_certificate_key {{ .Env.NGINX_HTTPS_CERT_KEY }};
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!aNULL:!MD5;
{{ end }}
root {{ .Env.NGINX_ROOT }};
index {{ .Env.NGINX_INDEX }};
charset utf-8;

location = /favicon.ico { log_not_found off; access_log off; }
location = /robots.txt { log_not_found off; access_log off; }

client_max_body_size {{ .Env.NGINX_CLIENT_MAX_BODY_SIZE }};

error_page 404 /index.php;

location / {
try_files $uri $uri/ /{{ .Env.NGINX_INDEX }}?$query_string;

add_header X-Served-By kool.dev;
}

location ~ \.php$ {
fastcgi_buffers {{ .Env.NGINX_FASTCGI_BUFFERS }};
fastcgi_buffer_size {{ .Env.NGINX_FASTCGI_BUFFER_SIZE }};
fastcgi_pass {{ .Env.NGINX_PHP_FPM }};
fastcgi_read_timeout {{ .Env.NGINX_FASTCGI_READ_TIMEOUT }};
fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;
include fastcgi_params;
}

location ~ /\.ht {
deny all;
}

# good practices
add_header X-Frame-Options "SAMEORIGIN";

# basic H5BP suggestions
include h5bp/internet_explorer/x-ua-compatible.conf;
include h5bp/security/referrer-policy.conf;
include h5bp/security/x-content-type-options.conf;
include h5bp/security/x-xss-protection.conf;

# performance enhancements (mostly for caching static data)
include h5bp/web_performance/cache-file-descriptors.conf;
include h5bp/web_performance/pre-compressed_content_gzip.conf;
}
25 changes: 25 additions & 0 deletions 8.3-nginx-prod/entrypoint
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,25 @@
#!/bin/sh
set -e


# Run as current user
CURRENT_USER=${ASUSER:-${UID:-0}}

if [ ! -z "$CURRENT_USER" ] && [ "$CURRENT_USER" != "0" ]; then
usermod -u $CURRENT_USER kool
fi

dockerize -template /kool/kool.tmpl:/usr/local/etc/php/conf.d/kool.ini -template /kool/zz-docker.tmpl:/usr/local/etc/php-fpm.d/zz-docker.conf -template /kool/default.tmpl:/etc/nginx/conf.d/default.conf

/kool/30-tune-worker-processes.sh

# Run entrypoint if provided
if [ ! -z "$ENTRYPOINT" ] && [ -f "$ENTRYPOINT" ]; then
bash $ENTRYPOINT
fi

if [ "$1" = "sh" ] || [ "$1" = "bash" ] || [ "$1" = "php-fpm" ] || [ "$1" = "nginx" ] || [ "$1" = "supervisord" ]; then
exec "$@"
else
exec su-exec kool "$@"
fi
12 changes: 12 additions & 0 deletions 8.3-nginx-prod/supervisor.conf
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,12 @@
[program:nginx]
depends_on = php-fpm
command = nginx -g "daemon off;"
stopasgroup = true
stderr_logfile = /dev/stderr
stdout_logfile = /dev/stdout

[program:php-fpm]
command = php-fpm
stopasgroup = true
stderr_logfile = /dev/stderr
stdout_logfile = /dev/stdout
62 changes: 62 additions & 0 deletions 8.3-nginx/Dockerfile
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,62 @@
FROM debian AS cert

WORKDIR /kool/ssl

RUN apt-get update && \
apt-get install -y openssl && \
openssl genrsa -des3 -passout pass:x -out server.pass.key 2048 && \
openssl rsa -passin pass:x -in server.pass.key -out _.localhost.key && \
rm server.pass.key && \
openssl req -new -key _.localhost.key -out server.csr \
-subj "/C=XX/ST=XX/L=XX/O=Kool-Local/OU=Localhost/CN=*.localhost" && \
openssl x509 -req -days 365 -in server.csr -signkey _.localhost.key -out _.localhost.crt && \
openssl x509 -in _.localhost.crt -out _.localhost.pem

FROM kooldev/php:8.3

ENV PHP_FPM_LISTEN=/run/php-fpm.sock \
NGINX_LISTEN=80 \
NGINX_HTTPS=false \
NGINX_LISTEN_HTTPS=443 \
NGINX_HTTPS_CERT=/kool/ssl/_.localhost.pem \
NGINX_HTTPS_CERT_KEY=/kool/ssl/_.localhost.key \
NGINX_ROOT=/app/public \
NGINX_INDEX=index.php \
NGINX_CLIENT_MAX_BODY_SIZE=25M \
NGINX_PHP_FPM=unix:/run/php-fpm.sock \
NGINX_FASTCGI_READ_TIMEOUT=60s \
NGINX_FASTCGI_BUFFERS='8 8k' \
NGINX_FASTCGI_BUFFER_SIZE='16k' \
NGINX_ENTRYPOINT_WORKER_PROCESSES_AUTOTUNE=true

RUN curl -L https://github.com/ochinchina/supervisord/releases/download/v0.6.3/supervisord_static_0.6.3_linux_amd64 -o /usr/local/bin/supervisord \
&& chmod +x /usr/local/bin/supervisord \
&& apk add --no-cache nginx \
&& chown -R kool:kool /var/lib/nginx \
&& chmod 770 /var/lib/nginx/tmp \
&& ln -sf /dev/stdout /var/log/nginx/access.log \
&& ln -sf /dev/stderr /var/log/nginx/error.log \
# add h5bp/server-configs-nginx
&& mkdir -p /etc/nginx/conf.d \
&& mkdir /etc/nginx/h5bp \
&& cd /etc/nginx/h5bp \
&& wget https://github.com/h5bp/server-configs-nginx/archive/refs/tags/3.3.0.tar.gz -O h5bp.tgz \
&& tar xzvf h5bp.tgz \
&& rm -f h5bp.tgz \
&& mv server-configs-nginx-*/h5bp/* . \
&& mv server-configs-nginx-*/nginx.conf /etc/nginx/nginx.conf \
&& sed -i "s|^user .*|user\ kool kool;|g" /etc/nginx/nginx.conf \
&& mv server-configs-nginx-*/mime.types /etc/nginx/mime.types \
&& rm -rf server-configs-nginx-* \
&& curl -L https://raw.githubusercontent.com/nginxinc/docker-nginx/master/entrypoint/30-tune-worker-processes.sh -o /kool/30-tune-worker-processes.sh \
&& chmod +x /kool/30-tune-worker-processes.sh

COPY supervisor.conf /kool/supervisor.conf
COPY default.tmpl /kool/default.tmpl
COPY entrypoint /kool/entrypoint
COPY --from=cert /kool/ssl /kool/ssl
RUN chmod +x /kool/entrypoint

EXPOSE 80

CMD [ "supervisord", "-c", "/kool/supervisor.conf" ]
53 changes: 53 additions & 0 deletions 8.3-nginx/default.tmpl
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,53 @@
server {
listen {{ .Env.NGINX_LISTEN }} default_server;
server_name _;
{{ if isTrue .Env.NGINX_HTTPS }}
listen {{ .Env.NGINX_LISTEN_HTTPS }} ssl http2;
ssl_certificate {{ .Env.NGINX_HTTPS_CERT }};
ssl_certificate_key {{ .Env.NGINX_HTTPS_CERT_KEY }};
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!aNULL:!MD5;
{{ end }}
root {{ .Env.NGINX_ROOT }};
index {{ .Env.NGINX_INDEX }};
charset utf-8;

location = /favicon.ico { log_not_found off; access_log off; }
location = /robots.txt { log_not_found off; access_log off; }

client_max_body_size {{ .Env.NGINX_CLIENT_MAX_BODY_SIZE }};

error_page 404 /index.php;

location / {
try_files $uri $uri/ /{{ .Env.NGINX_INDEX }}?$query_string;

add_header X-Served-By kool.dev;
}

location ~ \.php$ {
fastcgi_buffers {{ .Env.NGINX_FASTCGI_BUFFERS }};
fastcgi_buffer_size {{ .Env.NGINX_FASTCGI_BUFFER_SIZE }};
fastcgi_pass {{ .Env.NGINX_PHP_FPM }};
fastcgi_read_timeout {{ .Env.NGINX_FASTCGI_READ_TIMEOUT }};
fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;
include fastcgi_params;
}

location ~ /\.ht {
deny all;
}

# good practices
add_header X-Frame-Options "SAMEORIGIN";

# basic H5BP suggestions
include h5bp/internet_explorer/x-ua-compatible.conf;
include h5bp/security/referrer-policy.conf;
include h5bp/security/x-content-type-options.conf;
include h5bp/security/x-xss-protection.conf;

# performance enhancements (mostly for caching static data)
include h5bp/web_performance/cache-file-descriptors.conf;
include h5bp/web_performance/pre-compressed_content_gzip.conf;
}
Loading

0 comments on commit 71159bd

Please sign in to comment.