Merge branch 'development' into '1023-paypal-link-is-not-working-for-en-version'

Development See merge request !1895

Merge branch 'development' into '1023-paypal-link-is-not-working-for-en-version'
Development See merge request !1895
6655f13d · Dominik Hebeler · 28ca0eef · ff8d7da0 · 6655f13d · 6655f13d
Commit 6655f13d authored Aug 24, 2021 by Dominik Hebeler
20 changed files
--- a/.env.example
+++ b/.env.example
@@ -40,4 +40,10 @@ PUSHER_SECRET=

 PROJECT_NAME=MetaGer
 BRANCH_NAME=Local
-COMMIT_NAME=Testing
\ No newline at end of file
+COMMIT_NAME=Testing
+
+BROWSERSTACK_BROWSER=WINDOWS_10_FIREFOX
+BROWSERSTACK_SEPARATE_SESSIONS=true
+
+#PROXY_HOST=
+#PROXY_PORT=
\ No newline at end of file
--- a/.gitignore
+++ b/.gitignore
@@ -6,7 +6,6 @@ Homestead.json
 Homestead.yaml
 .env
 .orig
-.vscode
 langfiles.zip
 npm-debug.log
 # The Files created by Webpack in the build process
@@ -20,8 +19,9 @@ npm-debug.log
 /.buildpath
 /.project

-composer.lock
-package-lock.json
 local.log

 browserstack.err
+.npm
+.composer
+.phpunit.result.cache
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -10,13 +10,16 @@ variables:
    PERFORMANCE_DISABLED: "true"
    SAST_DISABLED: "true"
    TEST_DISABLED: "true"
+    AUTO_DEVOPS_BUILD_IMAGE_FORWARDED_CI_VARIABLES: "AWS_ACCESS_KEY_ID,AWS_SECRET_ACCESS_KEY,S3_HOST,S3_BUCKETNAME"

 include:
  - template: Jobs/Build.gitlab-ci.yml
  - template: Jobs/Deploy.gitlab-ci.yml

+.auto-deploy:
+  image: "registry.gitlab.com/gitlab-org/cluster-integration/auto-deploy-image:v2.12.0"
+
 stages:
-  - prepare
  - build
  - deploy  # dummy stage to follow the template guidelines
  - review
@@ -33,46 +36,9 @@ stages:
  - integrationtest
  - cleanup

-.auto-deploy:
-  image: "registry.gitlab.com/gitlab-org/cluster-integration/auto-deploy-image:v1.0.6"
-
 build:
  services:

-prepare_node:
-  stage: prepare
-  image: node:10
-  before_script:
-    - npm install
-  script:
-    - npm run prod
-  artifacts:
-    paths:
-      - public/js/
-      - public/css/
-      - public/mix-manifest.json
-  cache:
-    # Cache per Branch
-    key: "node-$CI_JOB_STAGE-$CI_COMMIT_REF_SLUG"
-    paths:
-      - node_modules
-  only:
-    - branches
-    - tags
-
-prepare_composer:
-  stage: prepare
-  image: prooph/composer:7.3
-  script:
-    - composer install --no-dev
-  artifacts:
-    paths:
-      - vendor
-  cache:
-    key: "composer-$CI_JOB_STAGE-$CI_COMMIT_REF_SLUG"
-    paths:
-      - vendor
-
 review:
  variables:
    HELM_UPGRADE_VALUES_FILE: .gitlab/review-apps-values.yaml
@@ -126,7 +92,7 @@ stop_review:
    - auto-deploy delete rollout
    - auto-deploy persist_environment_url
  variables:
-    ADDITIONAL_HOSTS: "www.metager3.de"
+    ADDITIONAL_HOSTS: "www.metager3.de,test.metager.de"
    HELM_UPGRADE_VALUES_FILE: .gitlab/development-values.yaml
    ROLLOUT_RESOURCE_TYPE: deployment
  environment:
@@ -137,16 +103,19 @@ stop_review:

 development:
  <<: *development_template
-  only:
-    refs:
-      - development
-    kubernetes: active
-  except:
-    variables:
-      - $STAGING_ENABLED
-      - $CANARY_ENABLED
-      - $INCREMENTAL_ROLLOUT_ENABLED
-      - $INCREMENTAL_ROLLOUT_MODE
+  rules:
+    - if: '$CI_KUBERNETES_ACTIVE == null || $CI_KUBERNETES_ACTIVE == ""'
+      when: never
+    - if: '$STAGING_ENABLED'
+      when: never
+    - if: '$CANARY_ENABLED'
+      when: never
+    - if: '$INCREMENTAL_ROLLOUT_ENABLED'
+      when: never
+    - if: '$INCREMENTAL_ROLLOUT_MODE'
+      when: never
+    - if: '$CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH'
+


 production:
@@ -156,22 +125,45 @@ production:
    ROLLOUT_RESOURCE_TYPE: deployment
  environment:
    url: https://metager.de
+  rules:
+    - if: '$CI_KUBERNETES_ACTIVE == null || $CI_KUBERNETES_ACTIVE == ""'
+      when: never
+    - if: '$STAGING_ENABLED'
+      when: never
+    - if: '$CANARY_ENABLED'
+      when: never
+    - if: '$INCREMENTAL_ROLLOUT_ENABLED'
+      when: never
+    - if: '$INCREMENTAL_ROLLOUT_MODE'
+      when: never
+    - if: '$CI_COMMIT_BRANCH == "master"'
+

 integrationtest:
  stage: integrationtest
  image: 
-    name: prooph/composer:7.3
+    name: $CI_REGISTRY_IMAGE/$CI_COMMIT_REF_SLUG:$CI_COMMIT_SHA
    entrypoint: ["/bin/sh"]
  script:
    # Install Dev Dependencies
-    - composer install
    - cp .env.example .env
-    - echo "WEBDRIVER_USER=\"$WEBDRIVER_KEY\"" >> .env
-    - echo "WEBDRIVER_URL=\"$WEBDRIVER_URL\"" >> .env
-    - echo "WEBDRIVER_KEY=\"$WEBDRIVER_USER\"" >> .env
-    - php artisan key:generate
+    - echo "" >> .env
+    - echo "BROWSERSTACK_USERNAME=\"$BROWSERSTACK_USERNAME\"" >> .env
+    - echo "BROWSERSTACK_ACCESS_KEY=\"$BROWSERSTACK_ACCESS_KEY\"" >> .env
+    - echo "BROWSERSTACK_LOCAL_TUNNEL=\"$BROWSERSTACK_LOCAL_TUNNEL\"" >> .env
    - URL=$(cat environment_url.txt | tr -d '\n')
    - sed -i "s#^APP_URL=.*#APP_URL=$URL#g" .env
    - sed -i "s#^BRANCH_NAME=.*#BRANCH_NAME=$CI_COMMIT_REF_NAME#g" .env
    - sed -i "s#^COMMIT_NAME=.*#COMMIT_NAME=$CI_COMMIT_REF_SLUG#g" .env
-    - php artisan dusk
+    - mc alias set --path=on --api S3v4 packages $S3_HOST $AWS_ACCESS_KEY_ID $AWS_SECRET_ACCESS_KEY
+    - if mc cp packages/$S3_BUCKETNAME/packages.tar /tmp/; then tar -xf /tmp/packages.tar; fi
+    - export COMPOSER_HOME=.composer
+    - composer install
+    - tar -cf /tmp/packages.tar .npm .composer
+    - mc cp /tmp/packages.tar packages/$S3_BUCKETNAME/
+    - rm /tmp/packages.tar
+    - rm -rf .npm .composer
+    - php artisan test --parallel --processes=5
+  except:
+    refs: 
+      - master
--- a/.gitlab/development-values.yaml
+++ b/.gitlab/development-values.yaml
@@ -2,11 +2,15 @@ postgresql:
  enabled: false
 service:
  externalPort: 80
-  internalPort: 80
+  internalPort: 8080
 hpa:
  enabled: true
  minReplicas: 1
  maxReplicas: 5
+livenessProbe:
+  initialDelaySeconds: 0
+readinessProbe:
+  initialDelaySeconds: 0
 resourcesPhpfpm: 
  requests:
    cpu: 500m
@@ -27,10 +31,19 @@ resourcesFetcher:
    cpu: 500m
    memory: 100M
  limits:
+resourcesScheduler: 
+  requests:
+    cpu: 100m
+    memory: 100M
+  limits:
+resources:
+  requests:
+    cpu: 500m
+    memory: 500M
 podDisruptionBudget:
-  enabled: true
-  minAvailable:
-  maxUnavailable: 0
+  enabled: false
+  minAvailable: 1
+  maxUnavailable:
 podAnnotations:
  prometheus.io/scrape: "true"
  prometheus.io/path: /metrics
@@ -39,12 +52,15 @@ deploymentApiVersion: apps/v1
 ingress:
  annotations:
    cert-manager.io/cluster-issuer: letsencrypt-prod
+    nginx.ingress.kubernetes.io/client-body-buffer-size: "30m"
+    nginx.ingress.kubernetes.io/proxy-body-size: "30m"
    nginx.ingress.kubernetes.io/configuration-snippet: |
      more_set_headers "Content-Security-Policy: default-src 'self'; script-src 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline'; script-src-attr 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline'; style-src-attr 'self' 'unsafe-inline'; img-src 'self' data:; font-src 'self'; connect-src 'self'; media-src; object-src; prefetch-src; child-src; frame-src 'self'; worker-src; frame-ancestors 'self' https://scripts.zdv.uni-mainz.de; form-action 'self' www.paypal.com; base-uri; manifest-src; plugin-types; report-uri; report-to";
      more_set_headers "X-Frame-Options: sameorigin";
      more_set_headers "X-Content-Type-Options: nosniff";
      more_set_headers "ReferrerPolicy: origin";
      more_set_headers "X-XSS-Protection: 1; mode=block";
+      more_set_headers "Permissions-Policy: interest-cohort=()";
      if ($arg_out = "results-with-style") {
        more_set_headers "X-Frame-Options: allow-from https://scripts.zdv.uni-mainz.de/";
      }

--- a/.gitlab/production-values.yaml
+++ b/.gitlab/production-values.yaml
@@ -2,20 +2,24 @@ postgresql:
  enabled: false
 service:
  externalPort: 80
-  internalPort: 80
+  internalPort: 8080
 hpa:
  enabled: true
  minReplicas: 3
  maxReplicas: 100
 podDisruptionBudget:
  enabled: true
-  minAvailable:
-  maxUnavailable: 0
+  minAvailable: 1
+  maxUnavailable:
 podAnnotations:
  prometheus.io/scrape: "true"
  prometheus.io/path: /metrics
  prometheus.io/port: "80"
 deploymentApiVersion: apps/v1
+livenessProbe:
+  initialDelaySeconds: 0
+readinessProbe:
+  initialDelaySeconds: 0
 resources:
  requests:
  limits:
@@ -39,15 +43,44 @@ resourcesFetcher:
    cpu: 500m
    memory: 100M
  limits:
+resourcesScheduler: 
+  requests:
+    cpu: 100m
+    memory: 100M
+  limits:
+resources:
+  requests:
+    cpu: 500m
+    memory: 500M
 ingress:
+  tls:
+    enabled: true
+    custom:
+      tls:
+      - hosts:
+        - metager.de
+        - www.metager.de
+        secretName: metager-de-tls
+      - hosts:
+        - metager.org
+        - www.metager.org
+        - klassik.metager.org
+        secretName: metager-org-tls
+      - hosts:
+        - metager.es
+        - www.metager.es
+        secretName: production-auto-deploy-tls
  annotations:
    cert-manager.io/cluster-issuer: letsencrypt-prod
+    nginx.ingress.kubernetes.io/client-body-buffer-size: "30m"
+    nginx.ingress.kubernetes.io/proxy-body-size: "30m"
    nginx.ingress.kubernetes.io/configuration-snippet: |
      more_set_headers "Content-Security-Policy: default-src 'self'; script-src 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline'; script-src-attr 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline'; style-src-attr 'self' 'unsafe-inline'; img-src 'self' data:; font-src 'self'; connect-src 'self'; media-src; object-src; prefetch-src; child-src; frame-src 'self'; worker-src; frame-ancestors 'self' https://scripts.zdv.uni-mainz.de; form-action 'self' www.paypal.com; base-uri; manifest-src; plugin-types; report-uri; report-to";
      more_set_headers "X-Frame-Options: sameorigin";
      more_set_headers "X-Content-Type-Options: nosniff";
      more_set_headers "ReferrerPolicy: origin";
      more_set_headers "X-XSS-Protection: 1; mode=block";
+      more_set_headers "Permissions-Policy: interest-cohort=()";
      if ($arg_out = "results-with-style") {
        more_set_headers "X-Frame-Options: allow-from https://scripts.zdv.uni-mainz.de/";
      }

--- a/.gitlab/review-apps-values.yaml
+++ b/.gitlab/review-apps-values.yaml
@@ -2,6 +2,10 @@ postgresql:
    enabled: false
 hpa: 
  enabled: false
+livenessProbe:
+  initialDelaySeconds: 0
+readinessProbe:
+  initialDelaySeconds: 0
 resources:
  requests:
  limits:
@@ -9,12 +13,15 @@ ingress:
  annotations: 
    kubernetes.io/tls-acme: "false"
    nginx.ingress.kubernetes.io/ssl-redirect: "false"
+    nginx.ingress.kubernetes.io/client-body-buffer-size: "30m"
+    nginx.ingress.kubernetes.io/proxy-body-size: "30m"
    nginx.ingress.kubernetes.io/configuration-snippet: |
-      more_set_headers "Content-Security-Policy: default-src 'self'; script-src 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline'; script-src-attr 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline'; style-src-attr 'self' 'unsafe-inline'; img-src 'self' data:; font-src 'self'; connect-src 'self'; media-src; object-src; prefetch-src; child-src; frame-src 'self'; worker-src; frame-ancestors 'self' https://scripts.zdv.uni-mainz.de; form-action 'self'; base-uri; manifest-src; plugin-types; report-uri; report-to";
+      more_set_headers "Content-Security-Policy: default-src 'self'; script-src 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline'; script-src-attr 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline'; style-src-attr 'self' 'unsafe-inline'; img-src 'self' data:; font-src 'self'; connect-src 'self'; media-src; object-src; prefetch-src; child-src; frame-src 'self'; worker-src; frame-ancestors 'self' https://scripts.zdv.uni-mainz.de; form-action 'self' www.paypal.com; base-uri; manifest-src; plugin-types; report-uri; report-to";
      more_set_headers "X-Frame-Options: sameorigin";
      more_set_headers "X-Content-Type-Options: nosniff";
      more_set_headers "ReferrerPolicy: origin";
      more_set_headers "X-XSS-Protection: 1; mode=block";
+      more_set_headers "Permissions-Policy: interest-cohort=()";
      if ($arg_out = "results-with-style") {
        more_set_headers "X-Frame-Options: allow-from https://scripts.zdv.uni-mainz.de/";
      }
@@ -23,7 +30,7 @@ ingress:
 service: 
  commonName: ""
  externalPort: 80
-  internalPort: 80
+  internalPort: 8080
 deploymentApiVersion: apps/v1
 resourcesPhpfpm: 
  requests:
@@ -36,4 +43,7 @@ resourcesRedis:
  limits:
 resourcesFetcher: 
  requests:
-  limits:
\ No newline at end of file
+  limits:
+resourcesScheduler: 
+  requests:
+  limits:
--- a/.gitlab/service_desk_templates/new_note.md
+++ b/.gitlab/service_desk_templates/new_note.md
+%{NOTE_TEXT}  
+Team SUMA-EV & MetaGer, Röselerstraße 3, 30159 Hannover  
+Tel.: +4951134000070, E-Mail: support@suma-ev.de, Fax: +4951134001023  
+[suma-ev.de](https://suma-ev.de) & [metager.de](https://metager.de)
--- a/.gitlab/service_desk_templates/thank_you.md
+++ b/.gitlab/service_desk_templates/thank_you.md
+vielen Dank für Ihre Kontaktaufnahme. Wie Sie vielleicht schon vermuten ist dies zunächst lediglich eine automatisch generierte Antwort, in der wir über unseren Datenschutz aufklären. In unserer [Datenschutzerklärung](https://metager.de/datenschutz#contact) können Sie mehr darüber erfahren, wie lange wir Daten über unsere Konversation aufbewahren und welche Daten überhaupt anfallen.  
+Ein Mitarbeiter wird sich aber möglichst schnell mit Ihrem Anliegen befassen.
+
+##### English Version
+Thank you for contacting us. As you might already suspect, this is initially just an automatically generated answer in which we explain our data protection. In our [data protection declaration](https://metager.org/datenschutz#contact) you can find out more about how long we keep data about our conversation and what data is actually generated.  
+However, an employee will deal with your request as quickly as possible.
+  
+Team SUMA-EV & MetaGer, Röselerstraße 3, 30159 Hannover  
+Tel.: +4951134000070, E-Mail: support@suma-ev.de, Fax: +4951134001023  
+[suma-ev.de](https://suma-ev.de) & [metager.de](https://metager.de)
--- a/.vscode/launch.json
+++ b/.vscode/launch.json
+{
+    // Use IntelliSense to learn about possible attributes.
+    // Hover to view descriptions of existing attributes.
+    // For more information, visit: https://go.microsoft.com/fwlink/?linkid=830387
+    "version": "0.2.0",
+    "configurations": [
+        {
+            "name": "PHP - Listen for XDebug",
+            "type": "php",
+            "request": "launch",
+            "port": 9003,
+            "pathMappings": {
+                "/html": "${workspaceRoot}"
+            }
+        },
+        {
+            "name": "PHP - Launch currently open script",
+            "type": "php",
+            "request": "launch",
+            "port": 9003,
+            "program": "${file}",
+            "cwd": "${fileDirname}",
+            "pathMappings": {
+                "/html": "${workspaceRoot}"
+            }
+        }
+    ]
+}
\ No newline at end of file
--- a/Dockerfile
+++ b/Dockerfile
-FROM alpine:3.11.3
+# syntax = docker/dockerfile:experimental
+FROM debian:10 AS dependencies

-RUN apk add --update \
+EXPOSE 8080
+
+# Install System Components
+RUN apt update \
+    && apt install -y \
    nginx \
    tzdata \
-    ca-certificates \
-    dcron \
-    zip \
-    redis \
-    libpng \
-    php7 \
-    php7-fpm \
-    php7-common \
-    php7-curl \
-    php7-mbstring \
-    php7-sqlite3 \
-    php7-pdo_mysql \
-    php7-pdo_sqlite \
-    php7-dom \
-    php7-simplexml \
-    php7-tokenizer \
-    php7-zip \
-    php7-redis \
-    php7-gd \
-    php7-json \
-    php7-pcntl \
-    php7-opcache \
-    php7-fileinfo \
-    && rm -rf /var/cache/apk/*
+    cron \
+    lsb-release \
+    apt-transport-https \
+    curl \
+    zip

-WORKDIR /html
+# Install PHP Components
+RUN curl -o /etc/apt/trusted.gpg.d/php.gpg https://packages.sury.org/php/apt.gpg \
+    && echo "deb https://packages.sury.org/php/ $(lsb_release -sc) main" | tee /etc/apt/sources.list.d/php.list
+
+RUN apt update \
+    && apt install -y \
+    php7.4 \
+    php7.4-xml \
+    php7.4-fpm \
+    php7.4-common \
+    php7.4-curl \
+    php7.4-mbstring \
+    php7.4-sqlite3 \
+    php7.4-mysql \
+    php7.4-sqlite \
+    php7.4-zip \
+    php7.4-redis \
+    php7.4-gd \
+    php7.4-json \
+    php7.4-opcache \
+    php7.4-xdebug
+
+# Install Composer
+COPY ./helpers/installComposer.sh /usr/bin/installComposer
+RUN chmod +x /usr/bin/installComposer && \
+    /usr/bin/installComposer && \
+    rm /usr/bin/installComposer
+
+# Install Nodejs
+COPY ./helpers/installNodejs.sh /usr/bin/installNodejs
+RUN chmod +x /usr/bin/installNodejs && \
+    /usr/bin/installNodejs && \
+    rm /usr/bin/installNodejs
+ENV PATH /usr/local/lib/nodejs/bin:$PATH

-RUN sed -i 's/;error_log = log\/php7\/error.log/error_log = \/dev\/stderr/g' /etc/php7/php-fpm.conf && \
-    sed -i 's/;daemonize = yes/daemonize = no/g' /etc/php7/php-fpm.conf && \
-    sed -i 's/listen = 127.0.0.1:9000/listen = 9000/g' /etc/php7/php-fpm.d/www.conf && \
-    sed -i 's/;request_terminate_timeout = 0/request_terminate_timeout = 30/g' /etc/php7/php-fpm.d/www.conf && \
-    sed -i 's/;request_terminate_timeout_track_finished = no/request_terminate_timeout_track_finished = yes/g' /etc/php7/php-fpm.d/www.conf && \
-    sed -i 's/;decorate_workers_output = no/decorate_workers_output = no/g' /etc/php7/php-fpm.d/www.conf && \
-    sed -i 's/;catch_workers_output = yes/catch_workers_output = yes/g' /etc/php7/php-fpm.d/www.conf && \
-    sed -i 's/user = nobody/user = nginx/g' /etc/php7/php-fpm.d/www.conf && \
-    sed -i 's/group = nobody/group = nginx/g' /etc/php7/php-fpm.d/www.conf && \
-    sed -i 's/pm.max_children = 5/pm.max_children = 1024/g' /etc/php7/php-fpm.d/www.conf && \
-    sed -i 's/pm.start_servers = 2/pm.start_servers = 50/g' /etc/php7/php-fpm.d/www.conf && \
-    sed -i 's/pm.min_spare_servers = 1/pm.min_spare_servers = 5/g' /etc/php7/php-fpm.d/www.conf && \
-    sed -i 's/pm.max_spare_servers = 3/pm.max_spare_servers = 50/g' /etc/php7/php-fpm.d/www.conf && \
-    sed -i 's/user = www-data/user = nginx/g' /etc/php7/php-fpm.d/www.conf && \
-    sed -i 's/group = www-data/group = nginx/g' /etc/php7/php-fpm.d/www.conf && \
-    sed -i 's/;cgi.fix_pathinfo=1/cgi.fix_pathinfo=0/g' /etc/php7/php.ini && \
-    sed -i 's/expose_php = On/expose_php = Off/g' /etc/php7/php.ini && \
-    # Opcache configuration
-    sed -i 's/;opcache.enable=1/opcache.enable=1/g' /etc/php7/php.ini && \
-    sed -i 's/;opcache.memory_consumption=128/opcache.memory_consumption=128/g' /etc/php7/php.ini && \
-    sed -i 's/;opcache.interned_strings_buffer=8/opcache.interned_strings_buffer=8/g' /etc/php7/php.ini && \
-    sed -i 's/;opcache.max_accelerated_files=10000/opcache.max_accelerated_files=10000/g' /etc/php7/php.ini && \
-    sed -i 's/;opcache.max_wasted_percentage=5/opcache.max_wasted_percentage=5/g' /etc/php7/php.ini && \
-    sed -i 's/;opcache.validate_timestamps=1/opcache.validate_timestamps=1/g' /etc/php7/php.ini && \
-    sed -i 's/;opcache.revalidate_freq=2/opcache.revalidate_freq=300/g' /etc/php7/php.ini && \
-    echo "daemonize yes" >> /etc/redis.conf && \
-    ln -s /dev/null /var/log/nginx/access.log && \
-    ln -s /dev/stdout /var/log/nginx/error.log && \
+# Install Minio Client
+RUN curl -o /usr/bin/mc "https://dl.min.io/client/mc/release/linux-amd64/mc" &&\
+    chmod +x /usr/bin/mc
+
+FROM dependencies AS development
+
+RUN sed -i 's/pid = \/run\/php\/php7.4-fpm.pid/;pid = \/run\/php\/php7.4-fpm.pid/g' /etc/php/7.4/fpm/php-fpm.conf && \
+    sed -i 's/error_log = \/var\/log\/php7.4-fpm.log/error_log = \/dev\/stderr/g' /etc/php/7.4/fpm/php-fpm.conf && \
+    sed -i 's/;daemonize = yes/daemonize = no/g' /etc/php/7.4/fpm/php-fpm.conf && \
+    sed -i 's/listen = \/run\/php\/php7.4-fpm.sock/listen = 9000/g' /etc/php/7.4/fpm/pool.d/www.conf && \
+    sed -i 's/;request_terminate_timeout = 0/request_terminate_timeout = 30/g' /etc/php/7.4/fpm/pool.d/www.conf && \
+    sed -i 's/;request_terminate_timeout_track_finished = no/request_terminate_timeout_track_finished = yes/g' /etc/php/7.4/fpm/pool.d/www.conf && \
+    sed -i 's/;decorate_workers_output = no/decorate_workers_output = no/g' /etc/php/7.4/fpm/pool.d/www.conf && \
+    sed -i 's/;catch_workers_output = yes/catch_workers_output = yes/g' /etc/php/7.4/fpm/pool.d/www.conf && \
+    sed -i 's/pm.max_children = 5/pm.max_children = 1024/g' /etc/php/7.4/fpm/pool.d/www.conf && \
+    sed -i 's/pm.start_servers = 2/pm.start_servers = 50/g' /etc/php/7.4/fpm/pool.d/www.conf && \
+    sed -i 's/pm.min_spare_servers = 1/pm.min_spare_servers = 5/g' /etc/php/7.4/fpm/pool.d/www.conf && \
+    sed -i 's/pm.max_spare_servers = 3/pm.max_spare_servers = 50/g' /etc/php/7.4/fpm/pool.d/www.conf && \
+    sed -i 's/;cgi.fix_pathinfo=1/cgi.fix_pathinfo=0/g' /etc/php/7.4/fpm/php.ini && \
+    echo "xdebug.mode = debug" >> /etc/php/7.4/fpm/conf.d/20-xdebug.ini && \
+    echo "xdebug.start_with_request = yes" >> /etc/php/7.4/fpm/conf.d/20-xdebug.ini && \
+    echo "xdebug.discover_client_host = true" >> /etc/php/7.4/fpm/conf.d/20-xdebug.ini && \
+    echo "xdebug.idekey=VSCODE" >> /etc/php/7.4/fpm/conf.d/20-xdebug.ini && \
+    sed -i 's/upload_max_filesize = 2M/upload_max_filesize = 30M/g' /etc/php/7.4/fpm/php.ini && \
+    sed -i 's/post_max_size = 8M/post_max_size = 30M/g' /etc/php/7.4/fpm/php.ini && \
    cp /usr/share/zoneinfo/Europe/Berlin /etc/localtime && \
-    echo "Europe/Berlin" > /etc/timezone && \
-    (crontab -l ; echo "* * * * * php /html/artisan schedule:run >> /dev/null 2>&1") | crontab -
+    echo "Europe/Berlin" > /etc/timezone
+# (crontab -l ; echo "* * * * * php /html/artisan schedule:run >> /dev/null 2>&1") | crontab - # TODO: Fix crontab
+
+# Using image as non-root
+RUN groupadd -g 1000 metager && \
+    useradd -b /home/metager -g 1000 -u 1000 -M -s /bin/bash metager
+RUN chown -R 1000:1000 /var/lib/nginx /var/log/nginx
+RUN mkdir -p /home/metager &&\
+    chown 1000:1000 /home/metager
+RUN touch /run/nginx.pid && \
+    chown 1000:1000 /run/nginx.pid
+USER 1000:1000
+WORKDIR /html
+
+CMD /html/helpers/entrypointDev.sh
+
+FROM development AS production
+
+USER 0:0
+
+# Opcache configuration
+RUN apt purge -y php7.4-xdebug
+RUN sed -i 's/expose_php = On/expose_php = Off/g' /etc/php/7.4/fpm/php.ini && \
+    sed -i 's/;opcache.enable=1/opcache.enable=1/g' /etc/php/7.4/fpm/php.ini && \
+    sed -i 's/;opcache.memory_consumption=128/opcache.memory_consumption=128/g' /etc/php/7.4/fpm/php.ini && \
+    sed -i 's/;opcache.interned_strings_buffer=8/opcache.interned_strings_buffer=8/g' /etc/php/7.4/fpm/php.ini && \
+    sed -i 's/;opcache.max_accelerated_files=10000/opcache.max_accelerated_files=10000/g' /etc/php/7.4/fpm/php.ini && \
+    sed -i 's/;opcache.max_wasted_percentage=5/opcache.max_wasted_percentage=5/g' /etc/php/7.4/fpm/php.ini && \
+    sed -i 's/;opcache.validate_timestamps=1/opcache.validate_timestamps=1/g' /etc/php/7.4/fpm/php.ini && \
+    sed -i 's/;opcache.revalidate_freq=2/opcache.revalidate_freq=300/g' /etc/php/7.4/fpm/php.ini

 COPY config/nginx.conf /etc/nginx/nginx.conf
-COPY config/nginx-default.conf /etc/nginx/conf.d/default.conf
-RUN sed -i 's/fastcgi_pass phpfpm:9000;/fastcgi_pass localhost:9000;/g' /etc/nginx/conf.d/default.conf 
-COPY --chown=root:nginx . /html
+COPY config/nginx-default.conf /etc/nginx/sites-available/default
+RUN sed -i 's/fastcgi_pass phpfpm:9000;/fastcgi_pass localhost:9000;/g' /etc/nginx/sites-available/default 

-WORKDIR /html
-EXPOSE 80
-
-CMD cp /root/.env .env && \
-    sed -i 's/^REDIS_PASSWORD=.*/REDIS_PASSWORD=null/g' .env && \
-    if [ "$GITLAB_ENVIRONMENT_NAME" = "production" ]; then sed -i 's/^APP_ENV=.*/APP_ENV=production/g' .env; else sed -i 's/^APP_ENV=.*/APP_ENV=development/g' .env; fi && \
-    cp database/useragents.sqlite.example database/useragents.sqlite && \
-    chown -R root:nginx storage/logs/metager bootstrap/cache && \
-    chmod -R g+w storage/logs/metager bootstrap/cache && \
-    crond -L /dev/stdout && \
-    php-fpm7
+COPY --chown=1000:1000 . /html
+
+RUN chmod +x /html/helpers/*.sh
+
+# Install packages
+RUN --mount=type=secret,id=auto-devops-build-secrets . /run/secrets/auto-devops-build-secrets && \
+    chmod +x ./helpers/installPackages.sh && \
+    /bin/sh -c ./helpers/installPackages.sh
+
+USER 1000:1000
+
+CMD /html/helpers/entrypointProduction.sh
+
+#CMD cp /root/.env .env && \
+#    cron -L /dev/stdout && \
--- a/DockerfileDev
+++ b/DockerfileDev
-FROM alpine:3.11.3
+FROM debian:10

-RUN apk add --update \
+# Install System Components
+RUN apt update \
+    && apt install -y \
    nginx \
    tzdata \
-    ca-certificates \
-    dcron \
-    zip \
-    redis \
-    php7 \
-    php7-fpm \
-    php7-common \
-    php7-curl \
-    php7-mbstring \
-    php7-sqlite3 \
-    php7-pdo_mysql \
-    php7-pdo_sqlite \
-    php7-dom \
-    php7-simplexml \
-    php7-tokenizer \
-    php7-zip \