From 4addb084c493bb42cb0ff44eccbf1df20eb4ef0b Mon Sep 17 00:00:00 2001 From: univergamedev <22-univergamedev@users.noreply.192.168.1.3> Date: Wed, 29 Mar 2023 18:32:03 +0300 Subject: [PATCH 1/3] Initial Dockerfile --- 03-PHP/8.1/Dockerfile | 108 +++++++++++++++++++++++ 03-PHP/8.1/config/fpm-pool.conf | 58 ++++++++++++ 03-PHP/8.1/config/nginx.conf | 136 +++++++++++++++++++++++++++++ 03-PHP/8.1/config/php.ini | 24 +++++ 03-PHP/8.1/config/supervisord.conf | 34 ++++++++ 03-PHP/8.1/entrypoint.sh | 18 ++++ 03-PHP/README.md | 12 ++- 7 files changed, 389 insertions(+), 1 deletion(-) create mode 100644 03-PHP/8.1/Dockerfile create mode 100644 03-PHP/8.1/config/fpm-pool.conf create mode 100644 03-PHP/8.1/config/nginx.conf create mode 100644 03-PHP/8.1/config/php.ini create mode 100644 03-PHP/8.1/config/supervisord.conf create mode 100755 03-PHP/8.1/entrypoint.sh diff --git a/03-PHP/8.1/Dockerfile b/03-PHP/8.1/Dockerfile new file mode 100644 index 0000000..de2cee3 --- /dev/null +++ b/03-PHP/8.1/Dockerfile @@ -0,0 +1,108 @@ +FROM alpine:3.16 + +LABEL Maintainer="BehroozValikhani | https://t.me/BvkDev" \ + Description="Lightweight container with Nginx 1.22 & PHP-FPM 8.1 based on Alpine Linux." + +ARG ALPINE_VERSION=3.16 + +RUN echo https://repo.iut.ac.ir/repo/alpine/v$ALPINE_VERSION/main > /etc/apk/repositories +RUN echo https://repo.iut.ac.ir/repo/alpine/v$ALPINE_VERSION/community >> /etc/apk/repositories + +# Install packages and remove default server definition +RUN apk --no-cache add php81 \ + php81-common \ + php81-fpm \ + php81-pdo \ + php81-opcache \ + php81-zip \ + php81-phar \ + php81-iconv \ + php81-cli \ + php81-curl \ + php81-openssl \ + php81-mbstring \ + php81-tokenizer \ + php81-fileinfo \ + php81-json \ + php81-xml \ + php81-xmlwriter \ + php81-simplexml \ + php81-dom \ + php81-pdo_mysql \ + php81-pdo_sqlite \ + php81-tokenizer \ + php81-pecl-redis \ + php81-posix \ + php81-pcntl \ + nginx supervisor curl tzdata nano + +# Install additional php extentions and remove default server definition +RUN apk add --no-cache php81-bcmath \ + php81-ctype \ + php81-gmp \ + php81-gd \ + php81-iconv \ + php81-simplexml \ + php81-xmlreader \ + php81-zlib \ + php81-intl \ + php81-ctype + + +# RUN rm /etc/nginx/conf.d/default.conf + +# Symlink php81 => php +RUN ln -s /usr/bin/php81 /usr/bin/php + +# Install PHP tools +RUN php -r "copy('https://getcomposer.org/installer', 'composer-setup.php');" && php composer-setup.php --install-dir=/usr/local/bin --filename=composer && \ + mkdir -p /.composer/cache/ && \ + rm -rf composer-setup.php + +# Install PHP tools +#COPY --from=composer:2.3 /usr/bin/composer /usr/local/bin/composer + +# Configure nginx +COPY config/nginx.conf /etc/nginx/nginx.conf + +# Configure PHP-FPM +COPY config/fpm-pool.conf /etc/php81/php-fpm.d/www.conf +COPY config/php.ini /etc/php81/conf.d/custom.ini + +# Configure supervisord +COPY config/supervisord.conf /etc/supervisor/conf.d/supervisord.conf + +RUN set -x \ + && adduser -u 1000 -D -S -G www-data www-data + +# Setup document root +RUN mkdir -p /var/www/html + +# Make sure files/folders needed by the processes are accessable when they run under the nobody user +RUN chown -R www-data.www-data /var/www/html && \ + chown -R www-data.www-data /run && \ + chown -R www-data.www-data /var/lib/nginx && \ + chown -R www-data.www-data /var/log/nginx && \ + chown -R www-data.www-data /.composer/ + +# Switch to use a non-root user from here on +USER www-data + +# Add application +WORKDIR /var/www/html +COPY --chown=www-data ./ /var/www/html/ + +RUN chmod 755 entrypoint.sh + +#Install php dependency +#RUN composer install --no-dev --no-suggest --no-autoloader +# RUN composer install --optimize-autoloader + +# Expose the port nginx is reachable on +EXPOSE 80 + +# Define the entry point that tries to enable newrelic +# ENTRYPOINT ["entrypoint.sh"] + +# Let supervisord start nginx & php-fpm +CMD ["/usr/bin/supervisord", "-c", "/etc/supervisor/conf.d/supervisord.conf"] \ No newline at end of file diff --git a/03-PHP/8.1/config/fpm-pool.conf b/03-PHP/8.1/config/fpm-pool.conf new file mode 100644 index 0000000..c35b2d9 --- /dev/null +++ b/03-PHP/8.1/config/fpm-pool.conf @@ -0,0 +1,58 @@ +[global] +; Log to stderr +error_log = /dev/stderr +daemonize = no + +[www] +; The address on which to accept FastCGI requests. +; Valid syntaxes are: +; 'ip.add.re.ss:port' - to listen on a TCP socket to a specific IPv4 address on +; a specific port; +; '[ip:6:addr:ess]:port' - to listen on a TCP socket to a specific IPv6 address on +; a specific port; +; 'port' - to listen on a TCP socket to all addresses +; (IPv6 and IPv4-mapped) on a specific port; +; '/path/to/unix/socket' - to listen on a unix socket. +; Note: This value is mandatory. +;listen = 127.0.0.1:9000 +listen = /var/run/php-fpm.sock + +; Enable status page +pm.status_path = /fpm-status + +; Ondemand process manager +pm = static + +; The number of child processes to be created when pm is set to 'static' and the +; maximum number of child processes when pm is set to 'dynamic' or 'ondemand'. +; This value sets the limit on the number of simultaneous requests that will be +; served. Equivalent to the ApacheMaxClients directive with mpm_prefork. +; Equivalent to the PHP_FCGI_CHILDREN environment variable in the original PHP +; CGI. The below defaults are based on a server without much resources. Don't +; forget to tweak pm.* to fit your needs. +; Note: Used when pm is set to 'static', 'dynamic' or 'ondemand' +; Note: This value is mandatory. +pm.max_children = 100 + +; The number of seconds after which an idle process will be killed. +; Note: Used only when pm is set to 'ondemand' +; Default Value: 10s +;pm.process_idle_timeout = 10s; + +; The number of requests each child process should execute before respawning. +; This can be useful to work around memory leaks in 3rd party libraries. For +; endless request processing specify '0'. Equivalent to PHP_FCGI_MAX_REQUESTS. +; Default Value: 0 +pm.max_requests = 1000 + +; Make sure the FPM workers can reach the environment variables for configuration +clear_env = no + +; Catch output from PHP +catch_workers_output = yes + +; Remove the 'child 10 said into stderr' prefix in the log and only show the actual message +decorate_workers_output = no + +; Enable ping page to use in healthcheck +ping.path = /fpm-ping \ No newline at end of file diff --git a/03-PHP/8.1/config/nginx.conf b/03-PHP/8.1/config/nginx.conf new file mode 100644 index 0000000..7c6122f --- /dev/null +++ b/03-PHP/8.1/config/nginx.conf @@ -0,0 +1,136 @@ +worker_processes auto; +error_log /var/log/nginx/error.log; +pid /run/nginx.pid; + +events { + worker_connections 10000; +} + +http { + include mime.types; + default_type application/octet-stream; + + # Define custom log format to include reponse times + log_format main_timed '$remote_addr - $remote_user [$time_local] "$request" ' + '$status $body_bytes_sent "$http_referer" ' + '"$http_user_agent" "$http_x_forwarded_for" ' + '$request_time $upstream_response_time $pipe $upstream_cache_status'; + + + log_format main '$remote_addr - $remote_user [$time_local] "$request" ' + '$status $body_bytes_sent "$http_referer" ' + '"$http_user_agent" "$http_x_forwarded_for"'; + + access_log /var/log/nginx/access.log main; + #error_log /var/log/nginx/error.log main; + + keepalive_timeout 65; + + # Max body size + client_max_body_size 192M; + + # Write temporary files to /tmp so they can be created as a non-privileged user + client_body_temp_path /tmp/client_temp; + proxy_temp_path /tmp/proxy_temp_path; + fastcgi_temp_path /tmp/fastcgi_temp; + uwsgi_temp_path /tmp/uwsgi_temp; + scgi_temp_path /tmp/scgi_temp; + + # Default server definition + server { + listen [::]:80 default_server; + listen 80 default_server; + server_name _; + + sendfile off; + + root /var/www/html; + index index.php index.html; + + # Add support for "WebP Converter for Media" WordPress plugin + # https://wordpress.org/plugins/webp-converter-for-media/ + location ~ ^/wp-content/(?.+)\.(?jpe?g|png|gif)$ { + if ($http_accept !~* "image/webp") { + break; + } + + expires 180d; + add_header Vary Accept; + try_files /wp-content/uploads-webpc/$path.$ext.webp $uri =404; + } + + location / { + # First attempt to serve request as file, then + # as directory, then fall back to index.php + try_files $uri $uri/ /index.php?$args; + } + + # Redirect server error pages to the static page /50x.html + error_page 500 502 503 504 /50x.html; + location = /50x.html { + root /var/lib/nginx/html; + } + + # Pass the PHP scripts to PHP-FPM listening on 127.0.0.1:9000 + location ~ \.php$ { + try_files $uri =404; + + fastcgi_buffers 16 16k; + fastcgi_buffer_size 32k; + + fastcgi_split_path_info ^(.+\.php)(/.+)$; + #fastcgi_pass 127.0.0.1:9000; + fastcgi_pass unix:/var/run/php-fpm.sock; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_param SCRIPT_NAME $fastcgi_script_name; + fastcgi_index index.php; + include fastcgi_params; + } + + location ~* \.(jpg|jpeg|gif|png)$ { + expires 180d; + } + + location ~* \.(css|js|ico)$ { + expires 1d; + } + + # Deny access to . files, for security + location ~ /\. { + log_not_found off; + deny all; + } + + # Allow fpm ping and status from localhost + location ~ ^/(fpm-status|fpm-ping)$ { + access_log off; + allow 127.0.0.1; + deny all; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + include fastcgi_params; + fastcgi_pass 127.0.0.1:9000; + } + } + + gzip on; + gzip_proxied any; + gzip_types + text/plain + text/css + text/js + text/xml + text/html + text/javascript + application/javascript + application/x-javascript + application/json + application/xml + application/xml+rss + application/rss+xml + image/svg+xml/javascript; + gzip_vary on; + gzip_disable "msie6"; + + # Include other server configs + include /etc/nginx/conf.d/*.conf; +} \ No newline at end of file diff --git a/03-PHP/8.1/config/php.ini b/03-PHP/8.1/config/php.ini new file mode 100644 index 0000000..0942fbb --- /dev/null +++ b/03-PHP/8.1/config/php.ini @@ -0,0 +1,24 @@ +[PHP] +file_uploads = On +upload_max_filesize = 256M +post_max_size = 256M +;extension=mongodb.so + + +[Date] +date.timezone="UTC" + +[opcache] +opcache.enable=0 +opcache.memory_consumption=512 +opcache.interned_strings_buffer=64 +opcache.max_accelerated_files=50000 +opcache.max_wasted_percentage=15 +opcache.validate_timestamps=0 +opcache.revalidate_freq=0 +opcache.save_comments=1 +opcache.fast_shutdown=1 +opcache.mmap_base=0x20000000 +opcache.file_cache_fallback=1 + +memory_limit = -1; \ No newline at end of file diff --git a/03-PHP/8.1/config/supervisord.conf b/03-PHP/8.1/config/supervisord.conf new file mode 100644 index 0000000..f19556c --- /dev/null +++ b/03-PHP/8.1/config/supervisord.conf @@ -0,0 +1,34 @@ +[supervisord] +nodaemon=true +logfile=/dev/null +logfile_maxbytes=0 +pidfile=/run/supervisord.pid + +[program:php-fpm] +command=php-fpm81 -F +stdout_logfile=/dev/stdout +stdout_logfile_maxbytes=0 +stderr_logfile=/dev/stderr +stderr_logfile_maxbytes=0 +autorestart=false +startretries=0 + +[program:nginx] +command=nginx -g 'daemon off;' +stdout_logfile=/dev/stdout +stdout_logfile_maxbytes=0 +stderr_logfile=/dev/stderr +stderr_logfile_maxbytes=0 +autorestart=false +startretries=0 + +#[program:lumen] +#process_name=%(program_name)s_%(process_num)02d +#command=php /var/www/html/artisan queue:work redis --sleep=1 --tries=3 +#numprocs=1 +#user=www-data +#stdout_logfile=/tmp/lumen-worker.log +#stderr_logfile=/tmp/lumen-workerError.log +#autorestart=true +#startretries=0 +#priority=200 diff --git a/03-PHP/8.1/entrypoint.sh b/03-PHP/8.1/entrypoint.sh new file mode 100755 index 0000000..a0dc771 --- /dev/null +++ b/03-PHP/8.1/entrypoint.sh @@ -0,0 +1,18 @@ +#!/bin/sh + +# echo "Composer dump autoload" +# composer dump-autoload + +# echo "Run Migration command..." +# php artisan migrate --force + +# echo "Run Seeder command..." +# php artisan db:seed --force + +# echo "Run route clear command..." +# php artisan route:clear + +# echo "Run storage link..." +# php artisan storage:link --force + +/usr/bin/supervisord -c "/etc/supervisor/conf.d/supervisord.conf" diff --git a/03-PHP/README.md b/03-PHP/README.md index fa557ad..e898ac6 100644 --- a/03-PHP/README.md +++ b/03-PHP/README.md @@ -1 +1,11 @@ -php \ No newline at end of file +# PHP Dockerfile template + +# Just run ! + +```sh +docker build -t php8.1 . && docker run -d --name docker-php8.1 -p 80:80 php8.1 +``` +## Maintainers + +- [Behrooz Valikhani](https://t.me/BvkDev) +- Esmaeil Shadkam \ No newline at end of file From 38dd0ae682ddb62923ac2caa0f65ed22d7e4a850 Mon Sep 17 00:00:00 2001 From: univergamedev <22-univergamedev@users.noreply.192.168.1.3> Date: Thu, 30 Mar 2023 16:46:01 +0300 Subject: [PATCH 2/3] add name and combine run commands --- 03-PHP/8.1/Dockerfile | 20 ++++---------------- 1 file changed, 4 insertions(+), 16 deletions(-) diff --git a/03-PHP/8.1/Dockerfile b/03-PHP/8.1/Dockerfile index de2cee3..43cb310 100644 --- a/03-PHP/8.1/Dockerfile +++ b/03-PHP/8.1/Dockerfile @@ -1,4 +1,4 @@ -FROM alpine:3.16 +FROM alpine:3.16 as stage LABEL Maintainer="BehroozValikhani | https://t.me/BvkDev" \ Description="Lightweight container with Nginx 1.22 & PHP-FPM 8.1 based on Alpine Linux." @@ -34,10 +34,7 @@ RUN apk --no-cache add php81 \ php81-pecl-redis \ php81-posix \ php81-pcntl \ - nginx supervisor curl tzdata nano - -# Install additional php extentions and remove default server definition -RUN apk add --no-cache php81-bcmath \ + php81-bcmath \ php81-ctype \ php81-gmp \ php81-gd \ @@ -46,10 +43,8 @@ RUN apk add --no-cache php81-bcmath \ php81-xmlreader \ php81-zlib \ php81-intl \ - php81-ctype - - -# RUN rm /etc/nginx/conf.d/default.conf + php81-ctype \ + nginx supervisor curl tzdata nano # Symlink php81 => php RUN ln -s /usr/bin/php81 /usr/bin/php @@ -59,9 +54,6 @@ RUN php -r "copy('https://getcomposer.org/installer', 'composer-setup.php');" && mkdir -p /.composer/cache/ && \ rm -rf composer-setup.php -# Install PHP tools -#COPY --from=composer:2.3 /usr/bin/composer /usr/local/bin/composer - # Configure nginx COPY config/nginx.conf /etc/nginx/nginx.conf @@ -94,10 +86,6 @@ COPY --chown=www-data ./ /var/www/html/ RUN chmod 755 entrypoint.sh -#Install php dependency -#RUN composer install --no-dev --no-suggest --no-autoloader -# RUN composer install --optimize-autoloader - # Expose the port nginx is reachable on EXPOSE 80 From a6a69dedb433d1f11778abe7cfff2c5bda996083 Mon Sep 17 00:00:00 2001 From: univergamedev <22-univergamedev@users.noreply.192.168.1.3> Date: Fri, 31 Mar 2023 12:09:27 +0300 Subject: [PATCH 3/3] clean nginx.conf --- 03-PHP/8.1/config/nginx.conf | 204 +++++++++++++++++------------------ 1 file changed, 97 insertions(+), 107 deletions(-) diff --git a/03-PHP/8.1/config/nginx.conf b/03-PHP/8.1/config/nginx.conf index 7c6122f..aae1565 100644 --- a/03-PHP/8.1/config/nginx.conf +++ b/03-PHP/8.1/config/nginx.conf @@ -1,136 +1,126 @@ -worker_processes auto; -error_log /var/log/nginx/error.log; -pid /run/nginx.pid; +#user nobody; +worker_processes 1; + +#error_log logs/error.log; +#error_log logs/error.log notice; +#error_log logs/error.log info; + +#pid logs/nginx.pid; + events { - worker_connections 10000; + worker_connections 1024; } -http { - include mime.types; - default_type application/octet-stream; - - # Define custom log format to include reponse times - log_format main_timed '$remote_addr - $remote_user [$time_local] "$request" ' - '$status $body_bytes_sent "$http_referer" ' - '"$http_user_agent" "$http_x_forwarded_for" ' - '$request_time $upstream_response_time $pipe $upstream_cache_status'; +http { + include mime.types; + default_type application/octet-stream; - log_format main '$remote_addr - $remote_user [$time_local] "$request" ' - '$status $body_bytes_sent "$http_referer" ' - '"$http_user_agent" "$http_x_forwarded_for"'; + #log_format main '$remote_addr - $remote_user [$time_local] "$request" ' + # '$status $body_bytes_sent "$http_referer" ' + # '"$http_user_agent" "$http_x_forwarded_for"'; - access_log /var/log/nginx/access.log main; - #error_log /var/log/nginx/error.log main; + #access_log logs/access.log main; - keepalive_timeout 65; + sendfile on; + #tcp_nopush on; - # Max body size - client_max_body_size 192M; + #keepalive_timeout 0; + keepalive_timeout 65; - # Write temporary files to /tmp so they can be created as a non-privileged user - client_body_temp_path /tmp/client_temp; - proxy_temp_path /tmp/proxy_temp_path; - fastcgi_temp_path /tmp/fastcgi_temp; - uwsgi_temp_path /tmp/uwsgi_temp; - scgi_temp_path /tmp/scgi_temp; + #gzip on; - # Default server definition server { listen [::]:80 default_server; listen 80 default_server; server_name _; - - sendfile off; - root /var/www/html; + + add_header X-Frame-Options "SAMEORIGIN"; + add_header X-Content-Type-Options "nosniff"; + index index.php index.html; - - # Add support for "WebP Converter for Media" WordPress plugin - # https://wordpress.org/plugins/webp-converter-for-media/ - location ~ ^/wp-content/(?.+)\.(?jpe?g|png|gif)$ { - if ($http_accept !~* "image/webp") { - break; - } - - expires 180d; - add_header Vary Accept; - try_files /wp-content/uploads-webpc/$path.$ext.webp $uri =404; - } - + + charset utf-8; + location / { - # First attempt to serve request as file, then - # as directory, then fall back to index.php - try_files $uri $uri/ /index.php?$args; - } - - # Redirect server error pages to the static page /50x.html - error_page 500 502 503 504 /50x.html; - location = /50x.html { - root /var/lib/nginx/html; + try_files $uri $uri/ /index.php?$query_string; } - - # Pass the PHP scripts to PHP-FPM listening on 127.0.0.1:9000 + + location = /favicon.ico { access_log off; log_not_found off; } + location = /robots.txt { access_log off; log_not_found off; } + + error_page 404 /index.php; + location ~ \.php$ { - try_files $uri =404; - - fastcgi_buffers 16 16k; - fastcgi_buffer_size 32k; - - fastcgi_split_path_info ^(.+\.php)(/.+)$; - #fastcgi_pass 127.0.0.1:9000; fastcgi_pass unix:/var/run/php-fpm.sock; - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - fastcgi_param SCRIPT_NAME $fastcgi_script_name; - fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name; include fastcgi_params; } - - location ~* \.(jpg|jpeg|gif|png)$ { - expires 180d; - } - - location ~* \.(css|js|ico)$ { - expires 1d; - } - - # Deny access to . files, for security - location ~ /\. { - log_not_found off; + + location ~ /\.(?!well-known).* { deny all; } - # Allow fpm ping and status from localhost - location ~ ^/(fpm-status|fpm-ping)$ { - access_log off; - allow 127.0.0.1; - deny all; - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - include fastcgi_params; - fastcgi_pass 127.0.0.1:9000; - } + # proxy the PHP scripts to Apache listening on 127.0.0.1:80 + # + #location ~ \.php$ { + # proxy_pass http://127.0.0.1; + #} + + # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000 + # + #location ~ \.php$ { + # root html; + # fastcgi_pass 127.0.0.1:9000; + # fastcgi_index index.php; + # fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name; + # include fastcgi_params; + #} + + # deny access to .htaccess files, if Apache's document root + # concurs with nginx's one + # + #location ~ /\.ht { + # deny all; + #} } - gzip on; - gzip_proxied any; - gzip_types - text/plain - text/css - text/js - text/xml - text/html - text/javascript - application/javascript - application/x-javascript - application/json - application/xml - application/xml+rss - application/rss+xml - image/svg+xml/javascript; - gzip_vary on; - gzip_disable "msie6"; - - # Include other server configs - include /etc/nginx/conf.d/*.conf; + + # another virtual host using mix of IP-, name-, and port-based configuration + # + #server { + # listen 8000; + # listen somename:8080; + # server_name somename alias another.alias; + + # location / { + # root html; + # index index.html index.htm; + # } + #} + + + # HTTPS server + # + #server { + # listen 443 ssl; + # server_name localhost; + + # ssl_certificate cert.pem; + # ssl_certificate_key cert.key; + + # ssl_session_cache shared:SSL:1m; + # ssl_session_timeout 5m; + + # ssl_ciphers HIGH:!aNULL:!MD5; + # ssl_prefer_server_ciphers on; + + # location / { + # root html; + # index index.html index.htm; + # } + #} + } \ No newline at end of file