diff --git a/.github/workflows/ci-cd.yml b/.github/workflows/ci-cd.yml index 855bb1b..2b4e88c 100644 --- a/.github/workflows/ci-cd.yml +++ b/.github/workflows/ci-cd.yml @@ -12,7 +12,7 @@ jobs: strategy: matrix: - version: ['8.0', '8.1', '8.2'] + version: ['8.0', '8.1', '8.2', '8.3'] type: ['', '-prod'] steps: diff --git a/8.0-prod/Dockerfile b/8.0-prod/Dockerfile index f7c874c..395016d 100644 --- a/8.0-prod/Dockerfile +++ b/8.0-prod/Dockerfile @@ -55,15 +55,14 @@ RUN adduser -D -u 1337 kool \ zip \ sockets \ mysqli \ - && pecl install imagick redis \ + && pecl install redis \ + && pecl install imagick \ && docker-php-ext-enable imagick \ && docker-php-ext-enable redis \ && cp "/usr/local/etc/php/php.ini-production" "/usr/local/etc/php/php.ini" \ # composer && curl -sS https://getcomposer.org/installer | php -- --install-dir=/usr/local/bin --filename=composer \ && curl -sS https://getcomposer.org/installer | php -- --1 --install-dir=/usr/local/bin --filename=composer1 \ - # symlink composer2 for BC - && ln -s /usr/local/bin/composer /usr/local/bin/composer2 \ # cleanup && apk del .build-deps \ && rm -rf /var/cache/apk/* /tmp/* diff --git a/8.0/Dockerfile b/8.0/Dockerfile index bc5abcc..8a1eeca 100644 --- a/8.0/Dockerfile +++ b/8.0/Dockerfile @@ -55,17 +55,16 @@ RUN adduser -D -u 1337 kool \ zip \ sockets \ mysqli \ - && pecl install imagick redis \ + && pecl install redis \ && pecl install xdebug \ && pecl install pcov && docker-php-ext-enable pcov \ + && pecl install imagick \ && docker-php-ext-enable imagick \ && docker-php-ext-enable redis \ && cp "/usr/local/etc/php/php.ini-development" "/usr/local/etc/php/php.ini" \ # composer && curl -sS https://getcomposer.org/installer | php -- --install-dir=/usr/local/bin --filename=composer \ && curl -sS https://getcomposer.org/installer | php -- --1 --install-dir=/usr/local/bin --filename=composer1 \ - # symlink composer2 for BC - && ln -s /usr/local/bin/composer /usr/local/bin/composer2 \ # cleanup && apk del .build-deps \ && rm -rf /var/cache/apk/* /tmp/* diff --git a/8.1-prod/Dockerfile b/8.1-prod/Dockerfile index bb09bc8..1da65d5 100644 --- a/8.1-prod/Dockerfile +++ b/8.1-prod/Dockerfile @@ -55,15 +55,14 @@ RUN adduser -D -u 1337 kool \ zip \ sockets \ mysqli \ - && pecl install imagick redis \ + && pecl install redis \ + && pecl install imagick \ && docker-php-ext-enable imagick \ && docker-php-ext-enable redis \ && cp "/usr/local/etc/php/php.ini-production" "/usr/local/etc/php/php.ini" \ # composer && curl -sS https://getcomposer.org/installer | php -- --install-dir=/usr/local/bin --filename=composer \ && curl -sS https://getcomposer.org/installer | php -- --1 --install-dir=/usr/local/bin --filename=composer1 \ - # symlink composer2 for BC - && ln -s /usr/local/bin/composer /usr/local/bin/composer2 \ # cleanup && apk del .build-deps \ && rm -rf /var/cache/apk/* /tmp/* diff --git a/8.1/Dockerfile b/8.1/Dockerfile index ca7eb39..fcae434 100644 --- a/8.1/Dockerfile +++ b/8.1/Dockerfile @@ -55,17 +55,16 @@ RUN adduser -D -u 1337 kool \ zip \ sockets \ mysqli \ - && pecl install imagick redis \ + && pecl install redis \ && pecl install xdebug \ && pecl install pcov && docker-php-ext-enable pcov \ + && pecl install imagick \ && docker-php-ext-enable imagick \ && docker-php-ext-enable redis \ && cp "/usr/local/etc/php/php.ini-development" "/usr/local/etc/php/php.ini" \ # composer && curl -sS https://getcomposer.org/installer | php -- --install-dir=/usr/local/bin --filename=composer \ && curl -sS https://getcomposer.org/installer | php -- --1 --install-dir=/usr/local/bin --filename=composer1 \ - # symlink composer2 for BC - && ln -s /usr/local/bin/composer /usr/local/bin/composer2 \ # cleanup && apk del .build-deps \ && rm -rf /var/cache/apk/* /tmp/* diff --git a/8.2-prod/Dockerfile b/8.2-prod/Dockerfile index a71e1d3..3ebe7dc 100644 --- a/8.2-prod/Dockerfile +++ b/8.2-prod/Dockerfile @@ -55,15 +55,14 @@ RUN adduser -D -u 1337 kool \ zip \ sockets \ mysqli \ - && pecl install imagick redis \ + && pecl install redis \ + && pecl install imagick \ && docker-php-ext-enable imagick \ && docker-php-ext-enable redis \ && cp "/usr/local/etc/php/php.ini-production" "/usr/local/etc/php/php.ini" \ # composer && curl -sS https://getcomposer.org/installer | php -- --install-dir=/usr/local/bin --filename=composer \ && curl -sS https://getcomposer.org/installer | php -- --1 --install-dir=/usr/local/bin --filename=composer1 \ - # symlink composer2 for BC - && ln -s /usr/local/bin/composer /usr/local/bin/composer2 \ # cleanup && apk del .build-deps \ && rm -rf /var/cache/apk/* /tmp/* diff --git a/8.2/Dockerfile b/8.2/Dockerfile index eee901d..26c0255 100644 --- a/8.2/Dockerfile +++ b/8.2/Dockerfile @@ -55,17 +55,16 @@ RUN adduser -D -u 1337 kool \ zip \ sockets \ mysqli \ - && pecl install imagick redis \ + && pecl install redis \ && pecl install xdebug \ && pecl install pcov && docker-php-ext-enable pcov \ + && pecl install imagick \ && docker-php-ext-enable imagick \ && docker-php-ext-enable redis \ && cp "/usr/local/etc/php/php.ini-development" "/usr/local/etc/php/php.ini" \ # composer && curl -sS https://getcomposer.org/installer | php -- --install-dir=/usr/local/bin --filename=composer \ && curl -sS https://getcomposer.org/installer | php -- --1 --install-dir=/usr/local/bin --filename=composer1 \ - # symlink composer2 for BC - && ln -s /usr/local/bin/composer /usr/local/bin/composer2 \ # cleanup && apk del .build-deps \ && rm -rf /var/cache/apk/* /tmp/* diff --git a/8.3-nginx-prod/Dockerfile b/8.3-nginx-prod/Dockerfile new file mode 100644 index 0000000..786e485 --- /dev/null +++ b/8.3-nginx-prod/Dockerfile @@ -0,0 +1,62 @@ +FROM debian AS cert + +WORKDIR /kool/ssl + +RUN apt-get update && \ + apt-get install -y openssl && \ + openssl genrsa -des3 -passout pass:x -out server.pass.key 2048 && \ + openssl rsa -passin pass:x -in server.pass.key -out _.localhost.key && \ + rm server.pass.key && \ + openssl req -new -key _.localhost.key -out server.csr \ + -subj "/C=XX/ST=XX/L=XX/O=Kool-Local/OU=Localhost/CN=*.localhost" && \ + openssl x509 -req -days 365 -in server.csr -signkey _.localhost.key -out _.localhost.crt && \ + openssl x509 -in _.localhost.crt -out _.localhost.pem + +FROM kooldev/php:8.3-prod + +ENV PHP_FPM_LISTEN=/run/php-fpm.sock \ + NGINX_LISTEN=80 \ + NGINX_HTTPS=false \ + NGINX_LISTEN_HTTPS=443 \ + NGINX_HTTPS_CERT=/kool/ssl/_.localhost.pem \ + NGINX_HTTPS_CERT_KEY=/kool/ssl/_.localhost.key \ + NGINX_ROOT=/app/public \ + NGINX_INDEX=index.php \ + NGINX_CLIENT_MAX_BODY_SIZE=25M \ + NGINX_PHP_FPM=unix:/run/php-fpm.sock \ + NGINX_FASTCGI_READ_TIMEOUT=60s \ + NGINX_FASTCGI_BUFFERS='8 8k' \ + NGINX_FASTCGI_BUFFER_SIZE='16k' \ + NGINX_ENTRYPOINT_WORKER_PROCESSES_AUTOTUNE=true + +RUN curl -L https://github.com/ochinchina/supervisord/releases/download/v0.6.3/supervisord_static_0.6.3_linux_amd64 -o /usr/local/bin/supervisord \ + && chmod +x /usr/local/bin/supervisord \ + && apk add --no-cache nginx \ + && chown -R kool:kool /var/lib/nginx \ + && chmod 770 /var/lib/nginx/tmp \ + && ln -sf /dev/stdout /var/log/nginx/access.log \ + && ln -sf /dev/stderr /var/log/nginx/error.log \ + # add h5bp/server-configs-nginx + && mkdir -p /etc/nginx/conf.d \ + && mkdir /etc/nginx/h5bp \ + && cd /etc/nginx/h5bp \ + && wget https://github.com/h5bp/server-configs-nginx/archive/refs/tags/3.3.0.tar.gz -O h5bp.tgz \ + && tar xzvf h5bp.tgz \ + && rm -f h5bp.tgz \ + && mv server-configs-nginx-*/h5bp/* . \ + && mv server-configs-nginx-*/nginx.conf /etc/nginx/nginx.conf \ + && sed -i "s|^user .*|user\ kool kool;|g" /etc/nginx/nginx.conf \ + && mv server-configs-nginx-*/mime.types /etc/nginx/mime.types \ + && rm -rf server-configs-nginx-* \ + && curl -L https://raw.githubusercontent.com/nginxinc/docker-nginx/master/entrypoint/30-tune-worker-processes.sh -o /kool/30-tune-worker-processes.sh \ + && chmod +x /kool/30-tune-worker-processes.sh + +COPY supervisor.conf /kool/supervisor.conf +COPY default.tmpl /kool/default.tmpl +COPY entrypoint /kool/entrypoint +COPY --from=cert /kool/ssl /kool/ssl +RUN chmod +x /kool/entrypoint + +EXPOSE 80 + +CMD [ "supervisord", "-c", "/kool/supervisor.conf" ] diff --git a/8.3-nginx-prod/default.tmpl b/8.3-nginx-prod/default.tmpl new file mode 100644 index 0000000..e4d9421 --- /dev/null +++ b/8.3-nginx-prod/default.tmpl @@ -0,0 +1,53 @@ +server { + listen {{ .Env.NGINX_LISTEN }} default_server; + server_name _; +{{ if isTrue .Env.NGINX_HTTPS }} + listen {{ .Env.NGINX_LISTEN_HTTPS }} ssl http2; + ssl_certificate {{ .Env.NGINX_HTTPS_CERT }}; + ssl_certificate_key {{ .Env.NGINX_HTTPS_CERT_KEY }}; + ssl_protocols TLSv1 TLSv1.1 TLSv1.2; + ssl_ciphers HIGH:!aNULL:!MD5; +{{ end }} + root {{ .Env.NGINX_ROOT }}; + index {{ .Env.NGINX_INDEX }}; + charset utf-8; + + location = /favicon.ico { log_not_found off; access_log off; } + location = /robots.txt { log_not_found off; access_log off; } + + client_max_body_size {{ .Env.NGINX_CLIENT_MAX_BODY_SIZE }}; + + error_page 404 /index.php; + + location / { + try_files $uri $uri/ /{{ .Env.NGINX_INDEX }}?$query_string; + + add_header X-Served-By kool.dev; + } + + location ~ \.php$ { + fastcgi_buffers {{ .Env.NGINX_FASTCGI_BUFFERS }}; + fastcgi_buffer_size {{ .Env.NGINX_FASTCGI_BUFFER_SIZE }}; + fastcgi_pass {{ .Env.NGINX_PHP_FPM }}; + fastcgi_read_timeout {{ .Env.NGINX_FASTCGI_READ_TIMEOUT }}; + fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name; + include fastcgi_params; + } + + location ~ /\.ht { + deny all; + } + + # good practices + add_header X-Frame-Options "SAMEORIGIN"; + + # basic H5BP suggestions + include h5bp/internet_explorer/x-ua-compatible.conf; + include h5bp/security/referrer-policy.conf; + include h5bp/security/x-content-type-options.conf; + include h5bp/security/x-xss-protection.conf; + + # performance enhancements (mostly for caching static data) + include h5bp/web_performance/cache-file-descriptors.conf; + include h5bp/web_performance/pre-compressed_content_gzip.conf; +} diff --git a/8.3-nginx-prod/entrypoint b/8.3-nginx-prod/entrypoint new file mode 100644 index 0000000..535c40e --- /dev/null +++ b/8.3-nginx-prod/entrypoint @@ -0,0 +1,25 @@ +#!/bin/sh +set -e + + +# Run as current user +CURRENT_USER=${ASUSER:-${UID:-0}} + +if [ ! -z "$CURRENT_USER" ] && [ "$CURRENT_USER" != "0" ]; then + usermod -u $CURRENT_USER kool +fi + +dockerize -template /kool/kool.tmpl:/usr/local/etc/php/conf.d/kool.ini -template /kool/zz-docker.tmpl:/usr/local/etc/php-fpm.d/zz-docker.conf -template /kool/default.tmpl:/etc/nginx/conf.d/default.conf + +/kool/30-tune-worker-processes.sh + +# Run entrypoint if provided +if [ ! -z "$ENTRYPOINT" ] && [ -f "$ENTRYPOINT" ]; then + bash $ENTRYPOINT +fi + +if [ "$1" = "sh" ] || [ "$1" = "bash" ] || [ "$1" = "php-fpm" ] || [ "$1" = "nginx" ] || [ "$1" = "supervisord" ]; then + exec "$@" +else + exec su-exec kool "$@" +fi diff --git a/8.3-nginx-prod/supervisor.conf b/8.3-nginx-prod/supervisor.conf new file mode 100644 index 0000000..607e7dc --- /dev/null +++ b/8.3-nginx-prod/supervisor.conf @@ -0,0 +1,12 @@ +[program:nginx] +depends_on = php-fpm +command = nginx -g "daemon off;" +stopasgroup = true +stderr_logfile = /dev/stderr +stdout_logfile = /dev/stdout + +[program:php-fpm] +command = php-fpm +stopasgroup = true +stderr_logfile = /dev/stderr +stdout_logfile = /dev/stdout diff --git a/8.3-nginx/Dockerfile b/8.3-nginx/Dockerfile new file mode 100644 index 0000000..3248cd4 --- /dev/null +++ b/8.3-nginx/Dockerfile @@ -0,0 +1,62 @@ +FROM debian AS cert + +WORKDIR /kool/ssl + +RUN apt-get update && \ + apt-get install -y openssl && \ + openssl genrsa -des3 -passout pass:x -out server.pass.key 2048 && \ + openssl rsa -passin pass:x -in server.pass.key -out _.localhost.key && \ + rm server.pass.key && \ + openssl req -new -key _.localhost.key -out server.csr \ + -subj "/C=XX/ST=XX/L=XX/O=Kool-Local/OU=Localhost/CN=*.localhost" && \ + openssl x509 -req -days 365 -in server.csr -signkey _.localhost.key -out _.localhost.crt && \ + openssl x509 -in _.localhost.crt -out _.localhost.pem + +FROM kooldev/php:8.3 + +ENV PHP_FPM_LISTEN=/run/php-fpm.sock \ + NGINX_LISTEN=80 \ + NGINX_HTTPS=false \ + NGINX_LISTEN_HTTPS=443 \ + NGINX_HTTPS_CERT=/kool/ssl/_.localhost.pem \ + NGINX_HTTPS_CERT_KEY=/kool/ssl/_.localhost.key \ + NGINX_ROOT=/app/public \ + NGINX_INDEX=index.php \ + NGINX_CLIENT_MAX_BODY_SIZE=25M \ + NGINX_PHP_FPM=unix:/run/php-fpm.sock \ + NGINX_FASTCGI_READ_TIMEOUT=60s \ + NGINX_FASTCGI_BUFFERS='8 8k' \ + NGINX_FASTCGI_BUFFER_SIZE='16k' \ + NGINX_ENTRYPOINT_WORKER_PROCESSES_AUTOTUNE=true + +RUN curl -L https://github.com/ochinchina/supervisord/releases/download/v0.6.3/supervisord_static_0.6.3_linux_amd64 -o /usr/local/bin/supervisord \ + && chmod +x /usr/local/bin/supervisord \ + && apk add --no-cache nginx \ + && chown -R kool:kool /var/lib/nginx \ + && chmod 770 /var/lib/nginx/tmp \ + && ln -sf /dev/stdout /var/log/nginx/access.log \ + && ln -sf /dev/stderr /var/log/nginx/error.log \ + # add h5bp/server-configs-nginx + && mkdir -p /etc/nginx/conf.d \ + && mkdir /etc/nginx/h5bp \ + && cd /etc/nginx/h5bp \ + && wget https://github.com/h5bp/server-configs-nginx/archive/refs/tags/3.3.0.tar.gz -O h5bp.tgz \ + && tar xzvf h5bp.tgz \ + && rm -f h5bp.tgz \ + && mv server-configs-nginx-*/h5bp/* . \ + && mv server-configs-nginx-*/nginx.conf /etc/nginx/nginx.conf \ + && sed -i "s|^user .*|user\ kool kool;|g" /etc/nginx/nginx.conf \ + && mv server-configs-nginx-*/mime.types /etc/nginx/mime.types \ + && rm -rf server-configs-nginx-* \ + && curl -L https://raw.githubusercontent.com/nginxinc/docker-nginx/master/entrypoint/30-tune-worker-processes.sh -o /kool/30-tune-worker-processes.sh \ + && chmod +x /kool/30-tune-worker-processes.sh + +COPY supervisor.conf /kool/supervisor.conf +COPY default.tmpl /kool/default.tmpl +COPY entrypoint /kool/entrypoint +COPY --from=cert /kool/ssl /kool/ssl +RUN chmod +x /kool/entrypoint + +EXPOSE 80 + +CMD [ "supervisord", "-c", "/kool/supervisor.conf" ] diff --git a/8.3-nginx/default.tmpl b/8.3-nginx/default.tmpl new file mode 100644 index 0000000..e4d9421 --- /dev/null +++ b/8.3-nginx/default.tmpl @@ -0,0 +1,53 @@ +server { + listen {{ .Env.NGINX_LISTEN }} default_server; + server_name _; +{{ if isTrue .Env.NGINX_HTTPS }} + listen {{ .Env.NGINX_LISTEN_HTTPS }} ssl http2; + ssl_certificate {{ .Env.NGINX_HTTPS_CERT }}; + ssl_certificate_key {{ .Env.NGINX_HTTPS_CERT_KEY }}; + ssl_protocols TLSv1 TLSv1.1 TLSv1.2; + ssl_ciphers HIGH:!aNULL:!MD5; +{{ end }} + root {{ .Env.NGINX_ROOT }}; + index {{ .Env.NGINX_INDEX }}; + charset utf-8; + + location = /favicon.ico { log_not_found off; access_log off; } + location = /robots.txt { log_not_found off; access_log off; } + + client_max_body_size {{ .Env.NGINX_CLIENT_MAX_BODY_SIZE }}; + + error_page 404 /index.php; + + location / { + try_files $uri $uri/ /{{ .Env.NGINX_INDEX }}?$query_string; + + add_header X-Served-By kool.dev; + } + + location ~ \.php$ { + fastcgi_buffers {{ .Env.NGINX_FASTCGI_BUFFERS }}; + fastcgi_buffer_size {{ .Env.NGINX_FASTCGI_BUFFER_SIZE }}; + fastcgi_pass {{ .Env.NGINX_PHP_FPM }}; + fastcgi_read_timeout {{ .Env.NGINX_FASTCGI_READ_TIMEOUT }}; + fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name; + include fastcgi_params; + } + + location ~ /\.ht { + deny all; + } + + # good practices + add_header X-Frame-Options "SAMEORIGIN"; + + # basic H5BP suggestions + include h5bp/internet_explorer/x-ua-compatible.conf; + include h5bp/security/referrer-policy.conf; + include h5bp/security/x-content-type-options.conf; + include h5bp/security/x-xss-protection.conf; + + # performance enhancements (mostly for caching static data) + include h5bp/web_performance/cache-file-descriptors.conf; + include h5bp/web_performance/pre-compressed_content_gzip.conf; +} diff --git a/8.3-nginx/entrypoint b/8.3-nginx/entrypoint new file mode 100644 index 0000000..2780e2e --- /dev/null +++ b/8.3-nginx/entrypoint @@ -0,0 +1,34 @@ +#!/bin/sh +set -e + +if [ "$ENABLE_XDEBUG" == "true" ]; then + docker-php-ext-enable xdebug >> /dev/null 2>&1 + + if [ $? != "0" ]; then + echo "[ERROR] An error happened enabling xdebug" + + exit 1 + fi +fi + +# Run as current user +CURRENT_USER=${ASUSER:-${UID:-0}} + +if [ ! -z "$CURRENT_USER" ] && [ "$CURRENT_USER" != "0" ]; then + usermod -u $CURRENT_USER kool +fi + +dockerize -template /kool/kool.tmpl:/usr/local/etc/php/conf.d/kool.ini -template /kool/zz-docker.tmpl:/usr/local/etc/php-fpm.d/zz-docker.conf -template /kool/default.tmpl:/etc/nginx/conf.d/default.conf + +/kool/30-tune-worker-processes.sh + +# Run entrypoint if provided +if [ ! -z "$ENTRYPOINT" ] && [ -f "$ENTRYPOINT" ]; then + bash $ENTRYPOINT +fi + +if [ "$1" = "sh" ] || [ "$1" = "bash" ] || [ "$1" = "php-fpm" ] || [ "$1" = "nginx" ] || [ "$1" = "supervisord" ]; then + exec "$@" +else + exec su-exec kool "$@" +fi diff --git a/8.3-nginx/supervisor.conf b/8.3-nginx/supervisor.conf new file mode 100644 index 0000000..607e7dc --- /dev/null +++ b/8.3-nginx/supervisor.conf @@ -0,0 +1,12 @@ +[program:nginx] +depends_on = php-fpm +command = nginx -g "daemon off;" +stopasgroup = true +stderr_logfile = /dev/stderr +stdout_logfile = /dev/stdout + +[program:php-fpm] +command = php-fpm +stopasgroup = true +stderr_logfile = /dev/stderr +stdout_logfile = /dev/stdout diff --git a/8.3-node/Dockerfile b/8.3-node/Dockerfile new file mode 100644 index 0000000..236ab9a --- /dev/null +++ b/8.3-node/Dockerfile @@ -0,0 +1,4 @@ +FROM kooldev/php:8.3 + +RUN apk add --update --no-cache npm yarn \ + && rm -rf /var/cache/apk/* /tmp/* diff --git a/8.3-prod/Dockerfile b/8.3-prod/Dockerfile new file mode 100644 index 0000000..050e52c --- /dev/null +++ b/8.3-prod/Dockerfile @@ -0,0 +1,83 @@ +FROM php:8.3-fpm-alpine + +ENV ASUSER= \ + UID= \ + COMPOSER_ALLOW_SUPERUSER=1 \ + COMPOSER_MEMORY_LIMIT=-1 \ + PHP_DATE_TIMEZONE=UTC \ + PHP_MEMORY_LIMIT=256M \ + PHP_MAX_INPUT_VARS=1000 \ + PHP_UPLOAD_MAX_FILESIZE=25M \ + PHP_POST_MAX_SIZE=25M \ + PHP_MAX_EXECUTION_TIME=30 \ + PHP_FPM_LISTEN=9000 \ + PHP_FPM_MAX_CHILDREN=10 \ + PHP_FPM_REQUEST_TERMINATE_TIMEOUT=60 \ + ENTRYPOINT=entrypoint.php.sh + +WORKDIR /app + +RUN adduser -D -u 1337 kool \ + && addgroup kool www-data \ + # dockerize + && curl -L https://github.com/jwilder/dockerize/releases/download/v0.6.1/dockerize-alpine-linux-amd64-v0.6.1.tar.gz | tar xz \ + && mv dockerize /usr/local/bin/dockerize \ + # deps + && apk --no-cache add su-exec bash sed git openssh-client icu shadow procps \ + freetype libpng libjpeg-turbo libzip-dev ghostscript imagemagick \ + jpegoptim optipng pngquant gifsicle libldap \ + libpq less \ + # build-deps + && apk add --no-cache --virtual .build-deps $PHPIZE_DEPS \ + freetype-dev libpng-dev libjpeg-turbo-dev \ + icu-dev libedit-dev libxml2-dev \ + imagemagick-dev openldap-dev oniguruma-dev \ + postgresql-dev \ + linux-headers \ + # php-ext + && docker-php-ext-configure gd --with-freetype --with-jpeg \ + && export CFLAGS="$PHP_CFLAGS" CPPFLAGS="$PHP_CPPFLAGS" LDFLAGS="$PHP_LDFLAGS" \ + && docker-php-ext-install -j$(nproc) \ + bcmath \ + calendar \ + exif \ + gd \ + intl \ + ldap \ + mbstring \ + opcache \ + pcntl \ + pdo \ + pdo_mysql \ + pdo_pgsql \ + soap \ + xml \ + zip \ + sockets \ + mysqli \ + && pecl install redis \ + && curl -L -o /tmp/imagick.tar.gz https://github.com/Imagick/imagick/archive/7088edc353f53c4bc644573a79cdcd67a726ae16.tar.gz \ + && tar --strip-components=1 -xf /tmp/imagick.tar.gz \ + && phpize \ + && ./configure \ + && make \ + && make install \ + && echo "extension=imagick.so" > /usr/local/etc/php/conf.d/ext-imagick.ini \ + && docker-php-ext-enable redis \ + && cp "/usr/local/etc/php/php.ini-production" "/usr/local/etc/php/php.ini" \ + # composer + && curl -sS https://getcomposer.org/installer | php -- --install-dir=/usr/local/bin --filename=composer \ + && curl -sS https://getcomposer.org/installer | php -- --1 --install-dir=/usr/local/bin --filename=composer1 \ + # cleanup + && apk del .build-deps \ + && rm -rf /var/cache/apk/* /tmp/* + +COPY kool.ini /kool/kool.tmpl +COPY zz-docker.conf /kool/zz-docker.tmpl +COPY entrypoint /kool/entrypoint +RUN chmod +x /kool/entrypoint + +EXPOSE 9000 + +ENTRYPOINT [ "/kool/entrypoint" ] +CMD [ "php-fpm" ] diff --git a/8.3-prod/entrypoint b/8.3-prod/entrypoint new file mode 100644 index 0000000..2036291 --- /dev/null +++ b/8.3-prod/entrypoint @@ -0,0 +1,24 @@ +#!/bin/sh +set -e + + +# Run as current user +CURRENT_USER=${ASUSER:-${UID:-0}} + +if [ ! -z "$CURRENT_USER" ] && [ "$CURRENT_USER" != "0" ]; then + usermod -u $CURRENT_USER kool +fi + +dockerize -template /kool/kool.tmpl:/usr/local/etc/php/conf.d/kool.ini -template /kool/zz-docker.tmpl:/usr/local/etc/php-fpm.d/zz-docker.conf + + +# Run entrypoint if provided +if [ ! -z "$ENTRYPOINT" ] && [ -f "$ENTRYPOINT" ]; then + bash $ENTRYPOINT +fi + +if [ "$1" = "sh" ] || [ "$1" = "bash" ] || [ "$1" = "php-fpm" ] ; then + exec "$@" +else + exec su-exec kool "$@" +fi diff --git a/8.3-prod/kool.ini b/8.3-prod/kool.ini new file mode 100644 index 0000000..3028217 --- /dev/null +++ b/8.3-prod/kool.ini @@ -0,0 +1,51 @@ +[PHP] + +; Maximum amount of memory a script may consume +; http://php.net/memory-limit +memory_limit = {{ .Env.PHP_MEMORY_LIMIT }} + +; Fix maximum variables per input +max_input_vars = {{ .Env.PHP_MAX_INPUT_VARS }} + +; Maximum allowed size for uploaded files. +; http://php.net/upload-max-filesize +upload_max_filesize = {{ .Env.PHP_UPLOAD_MAX_FILESIZE }} + +; Maximum size of POST data that PHP will accept. +; Its value may be 0 to disable the limit. It is ignored if POST data reading +; is disabled through enable_post_data_reading. +; http://php.net/post-max-size +post_max_size = {{ .Env.PHP_POST_MAX_SIZE }} + +; Maximum execution time of each script, in seconds +; http://php.net/max-execution-time +; Note: This directive is hardcoded to 0 for the CLI SAPI +max_execution_time = {{ .Env.PHP_MAX_EXECUTION_TIME }} + +; Default timezone used by all date/time functions. +; https://www.php.net/manual/en/datetime.configuration.php#ini.date.timezone +date.timezone = {{ .Env.PHP_DATE_TIMEZONE }} + + +[opcache] + +; Determines if Zend OPCache is enabled +opcache.enable=1 + +; The OPcache shared memory storage size. +opcache.memory_consumption=512 + +; The amount of memory for interned strings in Mbytes. +opcache.interned_strings_buffer=64 + +; The maximum number of keys (scripts) in the OPcache hash table. +; Only numbers between 200 and 1000000 are allowed. +opcache.max_accelerated_files=30000 + +; When disabled, you must reset the OPcache manually or restart the +; webserver for changes to the filesystem to take effect. +opcache.validate_timestamps=0 + +; If disabled, all PHPDoc comments are dropped from the code to reduce the +; size of the optimized code. +opcache.save_comments=1 diff --git a/8.3-prod/zz-docker.conf b/8.3-prod/zz-docker.conf new file mode 100644 index 0000000..c6988a1 --- /dev/null +++ b/8.3-prod/zz-docker.conf @@ -0,0 +1,48 @@ +[global] +daemonize = no + +[www] +; Unix user/group of processes +; Note: The user is mandatory. If the group is not set, the default user's group +; will be used. +user = kool +group = kool + +; The address on which to accept FastCGI requests. +; Valid syntaxes are: +; 'ip.add.re.ss:port' - to listen on a TCP socket to a specific IPv4 address on +; a specific port; +; '[ip:6:addr:ess]:port' - to listen on a TCP socket to a specific IPv6 address on +; a specific port; +; 'port' - to listen on a TCP socket to all addresses +; (IPv6 and IPv4-mapped) on a specific port; +; '/path/to/unix/socket' - to listen on a unix socket. +; Note: This value is mandatory. +listen = {{ .Env.PHP_FPM_LISTEN }} + +; Set permissions for unix socket, if one is used. In Linux, read/write +; permissions must be set in order to allow connections from a web server. Many +; BSD-derived systems allow connections regardless of permissions. The owner +; and group can be specified either by name or by their numeric IDs. +; Default Values: user and group are set as the running user +; mode is set to 0660 +listen.owner = kool +listen.group = kool + +; The number of child processes to be created when pm is set to 'static' and the +; maximum number of child processes when pm is set to 'dynamic' or 'ondemand'. +; This value sets the limit on the number of simultaneous requests that will be +; served. Equivalent to the ApacheMaxClients directive with mpm_prefork. +; Equivalent to the PHP_FCGI_CHILDREN environment variable in the original PHP +; CGI. The below defaults are based on a server without much resources. Don't +; forget to tweak pm.* to fit your needs. +; Note: Used when pm is set to 'static', 'dynamic' or 'ondemand' +; Note: This value is mandatory. +pm.max_children = {{ .Env.PHP_FPM_MAX_CHILDREN }} + +; The timeout for serving a single request after which the worker process will +; be killed. This option should be used when the 'max_execution_time' ini option +; does not stop script execution for some reason. A value of '0' means 'off'. +; Available units: s(econds)(default), m(inutes), h(ours), or d(ays) +; Default Value: 0 +request_terminate_timeout = {{ .Env.PHP_FPM_REQUEST_TERMINATE_TIMEOUT }} diff --git a/8.3/Dockerfile b/8.3/Dockerfile new file mode 100644 index 0000000..69a8ce6 --- /dev/null +++ b/8.3/Dockerfile @@ -0,0 +1,85 @@ +FROM php:8.3-fpm-alpine + +ENV ASUSER= \ + UID= \ + COMPOSER_ALLOW_SUPERUSER=1 \ + COMPOSER_MEMORY_LIMIT=-1 \ + ENABLE_XDEBUG=false \ + PHP_DATE_TIMEZONE=UTC \ + PHP_MEMORY_LIMIT=256M \ + PHP_MAX_INPUT_VARS=1000 \ + PHP_UPLOAD_MAX_FILESIZE=25M \ + PHP_POST_MAX_SIZE=25M \ + PHP_MAX_EXECUTION_TIME=30 \ + PHP_FPM_LISTEN=9000 \ + PHP_FPM_MAX_CHILDREN=10 \ + PHP_FPM_REQUEST_TERMINATE_TIMEOUT=60 \ + ENTRYPOINT=entrypoint.php.sh + +WORKDIR /app + +RUN adduser -D -u 1337 kool \ + && addgroup kool www-data \ + # dockerize + && curl -L https://github.com/jwilder/dockerize/releases/download/v0.6.1/dockerize-alpine-linux-amd64-v0.6.1.tar.gz | tar xz \ + && mv dockerize /usr/local/bin/dockerize \ + # deps + && apk --no-cache add su-exec bash sed git openssh-client icu shadow procps \ + freetype libpng libjpeg-turbo libzip-dev ghostscript imagemagick \ + jpegoptim optipng pngquant gifsicle libldap \ + libpq less \ + # build-deps + && apk add --no-cache --virtual .build-deps $PHPIZE_DEPS \ + freetype-dev libpng-dev libjpeg-turbo-dev \ + icu-dev libedit-dev libxml2-dev \ + imagemagick-dev openldap-dev oniguruma-dev \ + postgresql-dev \ + linux-headers \ + # php-ext + && docker-php-ext-configure gd --with-freetype --with-jpeg \ + && export CFLAGS="$PHP_CFLAGS" CPPFLAGS="$PHP_CPPFLAGS" LDFLAGS="$PHP_LDFLAGS" \ + && docker-php-ext-install -j$(nproc) \ + bcmath \ + calendar \ + exif \ + gd \ + intl \ + ldap \ + mbstring \ + pcntl \ + pdo \ + pdo_mysql \ + pdo_pgsql \ + soap \ + xml \ + zip \ + sockets \ + mysqli \ + && pecl install redis \ + && pecl install xdebug \ + && pecl install pcov && docker-php-ext-enable pcov \ + && curl -L -o /tmp/imagick.tar.gz https://github.com/Imagick/imagick/archive/7088edc353f53c4bc644573a79cdcd67a726ae16.tar.gz \ + && tar --strip-components=1 -xf /tmp/imagick.tar.gz \ + && phpize \ + && ./configure \ + && make \ + && make install \ + && echo "extension=imagick.so" > /usr/local/etc/php/conf.d/ext-imagick.ini \ + && docker-php-ext-enable redis \ + && cp "/usr/local/etc/php/php.ini-development" "/usr/local/etc/php/php.ini" \ + # composer + && curl -sS https://getcomposer.org/installer | php -- --install-dir=/usr/local/bin --filename=composer \ + && curl -sS https://getcomposer.org/installer | php -- --1 --install-dir=/usr/local/bin --filename=composer1 \ + # cleanup + && apk del .build-deps \ + && rm -rf /var/cache/apk/* /tmp/* + +COPY kool.ini /kool/kool.tmpl +COPY zz-docker.conf /kool/zz-docker.tmpl +COPY entrypoint /kool/entrypoint +RUN chmod +x /kool/entrypoint + +EXPOSE 9000 + +ENTRYPOINT [ "/kool/entrypoint" ] +CMD [ "php-fpm" ] diff --git a/8.3/entrypoint b/8.3/entrypoint new file mode 100644 index 0000000..050f40a --- /dev/null +++ b/8.3/entrypoint @@ -0,0 +1,33 @@ +#!/bin/sh +set -e + +if [ "$ENABLE_XDEBUG" == "true" ]; then + docker-php-ext-enable xdebug >> /dev/null 2>&1 + + if [ $? != "0" ]; then + echo "[ERROR] An error happened enabling xdebug" + + exit 1 + fi +fi + +# Run as current user +CURRENT_USER=${ASUSER:-${UID:-0}} + +if [ ! -z "$CURRENT_USER" ] && [ "$CURRENT_USER" != "0" ]; then + usermod -u $CURRENT_USER kool +fi + +dockerize -template /kool/kool.tmpl:/usr/local/etc/php/conf.d/kool.ini -template /kool/zz-docker.tmpl:/usr/local/etc/php-fpm.d/zz-docker.conf + + +# Run entrypoint if provided +if [ ! -z "$ENTRYPOINT" ] && [ -f "$ENTRYPOINT" ]; then + bash $ENTRYPOINT +fi + +if [ "$1" = "sh" ] || [ "$1" = "bash" ] || [ "$1" = "php-fpm" ] ; then + exec "$@" +else + exec su-exec kool "$@" +fi diff --git a/8.3/kool.ini b/8.3/kool.ini new file mode 100644 index 0000000..c671911 --- /dev/null +++ b/8.3/kool.ini @@ -0,0 +1,29 @@ +[PHP] + +; Maximum amount of memory a script may consume +; http://php.net/memory-limit +memory_limit = {{ .Env.PHP_MEMORY_LIMIT }} + +; Fix maximum variables per input +max_input_vars = {{ .Env.PHP_MAX_INPUT_VARS }} + +; Maximum allowed size for uploaded files. +; http://php.net/upload-max-filesize +upload_max_filesize = {{ .Env.PHP_UPLOAD_MAX_FILESIZE }} + +; Maximum size of POST data that PHP will accept. +; Its value may be 0 to disable the limit. It is ignored if POST data reading +; is disabled through enable_post_data_reading. +; http://php.net/post-max-size +post_max_size = {{ .Env.PHP_POST_MAX_SIZE }} + +; Maximum execution time of each script, in seconds +; http://php.net/max-execution-time +; Note: This directive is hardcoded to 0 for the CLI SAPI +max_execution_time = {{ .Env.PHP_MAX_EXECUTION_TIME }} + +; Default timezone used by all date/time functions. +; https://www.php.net/manual/en/datetime.configuration.php#ini.date.timezone +date.timezone = {{ .Env.PHP_DATE_TIMEZONE }} + + diff --git a/8.3/zz-docker.conf b/8.3/zz-docker.conf new file mode 100644 index 0000000..c6988a1 --- /dev/null +++ b/8.3/zz-docker.conf @@ -0,0 +1,48 @@ +[global] +daemonize = no + +[www] +; Unix user/group of processes +; Note: The user is mandatory. If the group is not set, the default user's group +; will be used. +user = kool +group = kool + +; The address on which to accept FastCGI requests. +; Valid syntaxes are: +; 'ip.add.re.ss:port' - to listen on a TCP socket to a specific IPv4 address on +; a specific port; +; '[ip:6:addr:ess]:port' - to listen on a TCP socket to a specific IPv6 address on +; a specific port; +; 'port' - to listen on a TCP socket to all addresses +; (IPv6 and IPv4-mapped) on a specific port; +; '/path/to/unix/socket' - to listen on a unix socket. +; Note: This value is mandatory. +listen = {{ .Env.PHP_FPM_LISTEN }} + +; Set permissions for unix socket, if one is used. In Linux, read/write +; permissions must be set in order to allow connections from a web server. Many +; BSD-derived systems allow connections regardless of permissions. The owner +; and group can be specified either by name or by their numeric IDs. +; Default Values: user and group are set as the running user +; mode is set to 0660 +listen.owner = kool +listen.group = kool + +; The number of child processes to be created when pm is set to 'static' and the +; maximum number of child processes when pm is set to 'dynamic' or 'ondemand'. +; This value sets the limit on the number of simultaneous requests that will be +; served. Equivalent to the ApacheMaxClients directive with mpm_prefork. +; Equivalent to the PHP_FCGI_CHILDREN environment variable in the original PHP +; CGI. The below defaults are based on a server without much resources. Don't +; forget to tweak pm.* to fit your needs. +; Note: Used when pm is set to 'static', 'dynamic' or 'ondemand' +; Note: This value is mandatory. +pm.max_children = {{ .Env.PHP_FPM_MAX_CHILDREN }} + +; The timeout for serving a single request after which the worker process will +; be killed. This option should be used when the 'max_execution_time' ini option +; does not stop script execution for some reason. A value of '0' means 'off'. +; Available units: s(econds)(default), m(inutes), h(ours), or d(ays) +; Default Value: 0 +request_terminate_timeout = {{ .Env.PHP_FPM_REQUEST_TERMINATE_TIMEOUT }} diff --git a/fwd-template.json b/fwd-template.json index e4e34df..b6dfb60 100644 --- a/fwd-template.json +++ b/fwd-template.json @@ -363,6 +363,127 @@ "path": "template/Dockerfile-node" } ] + }, + { + "name": "8.3", + "data": { + "from": "php:8.3-fpm-alpine", + "prod": false, + "nginx": false, + "version": "8.3" + }, + "files": [ + { + "name": "Dockerfile", + "path": "template/Dockerfile" + }, + { + "name": "entrypoint", + "path": "template/entrypoint" + }, + { + "name": "kool.ini", + "path": "template/kool-ini" + }, + { + "name": "zz-docker.conf", + "path": "template/zz-docker-conf" + } + ] + }, + { + "name": "8.3-prod", + "data": { + "from": "php:8.3-fpm-alpine", + "prod": true, + "nginx": false, + "version": "8.3" + }, + "files": [ + { + "name": "Dockerfile", + "path": "template/Dockerfile" + }, + { + "name": "entrypoint", + "path": "template/entrypoint" + }, + { + "name": "kool.ini", + "path": "template/kool-ini" + }, + { + "name": "zz-docker.conf", + "path": "template/zz-docker-conf" + } + ] + }, + { + "name": "8.3-nginx", + "data": { + "from": "kooldev/php:8.3", + "prod": false, + "nginx": true, + "version": "8.3" + }, + "files": [ + { + "name": "Dockerfile", + "path": "template/Dockerfile-nginx" + }, + { + "name": "entrypoint", + "path": "template/entrypoint" + }, + { + "name": "default.tmpl", + "path": "template/default-tmpl" + }, + { + "name": "supervisor.conf", + "path": "template/supervisor-conf" + } + ] + }, + { + "name": "8.3-nginx-prod", + "data": { + "from": "kooldev/php:8.3-prod", + "prod": true, + "nginx": true, + "version": "8.3" + }, + "files": [ + { + "name": "Dockerfile", + "path": "template/Dockerfile-nginx" + }, + { + "name": "entrypoint", + "path": "template/entrypoint" + }, + { + "name": "default.tmpl", + "path": "template/default-tmpl" + }, + { + "name": "supervisor.conf", + "path": "template/supervisor-conf" + } + ] + }, + { + "name": "8.3-node", + "data": { + "from": "kooldev/php:8.3", + "version": "8.3" + }, + "files": [ + { + "name": "Dockerfile", + "path": "template/Dockerfile-node" + } + ] } ] } diff --git a/kool.yml b/kool.yml index 04e57d6..9116a97 100644 --- a/kool.yml +++ b/kool.yml @@ -18,6 +18,12 @@ scripts: - docker build -t kooldev/php:8.2-nginx 8.2-nginx - docker build -t kooldev/php:8.2-nginx-prod 8.2-nginx-prod - docker build -t kooldev/php:8.2-node 8.2-node + build-8.3: + - docker build -t kooldev/php:8.3 8.3 + - docker build -t kooldev/php:8.3-prod 8.3-prod + - docker build -t kooldev/php:8.3-nginx 8.3-nginx + - docker build -t kooldev/php:8.3-nginx-prod 8.3-nginx-prod + - docker build -t kooldev/php:8.3-node 8.3-node build: # parse templates - kool run template @@ -25,3 +31,4 @@ scripts: - kool run build-8.0 - kool run build-8.1 - kool run build-8.2 + - kool run build-8.3 diff --git a/template/Dockerfile.blade.php b/template/Dockerfile.blade.php index 80cd872..2c1bce3 100644 --- a/template/Dockerfile.blade.php +++ b/template/Dockerfile.blade.php @@ -67,19 +67,28 @@ zip \ sockets \ mysqli \ - && pecl install imagick redis \ + && pecl install redis \ @if (! $prod) && pecl install {{ version_compare($version, '8', '>=') ? 'xdebug' : 'xdebug-3.1.6' }} \ && pecl install pcov && docker-php-ext-enable pcov \ @endif +@if (version_compare($version, '8.2', '<=')) + && pecl install imagick \ && docker-php-ext-enable imagick \ +@else + && curl -L -o /tmp/imagick.tar.gz https://github.com/Imagick/imagick/archive/7088edc353f53c4bc644573a79cdcd67a726ae16.tar.gz \ + && tar --strip-components=1 -xf /tmp/imagick.tar.gz \ + && phpize \ + && ./configure \ + && make \ + && make install \ + && echo "extension=imagick.so" > /usr/local/etc/php/conf.d/ext-imagick.ini \ +@endif && docker-php-ext-enable redis \ && cp "/usr/local/etc/php/php.ini-{{ $prod ? 'production' : 'development' }}" "/usr/local/etc/php/php.ini" \ # composer && curl -sS https://getcomposer.org/installer | php -- --install-dir=/usr/local/bin --filename=composer \ && curl -sS https://getcomposer.org/installer | php -- --1 --install-dir=/usr/local/bin --filename=composer1 \ - # symlink composer2 for BC - && ln -s /usr/local/bin/composer /usr/local/bin/composer2 \ # cleanup && apk del .build-deps \ && rm -rf /var/cache/apk/* /tmp/*