Dockerfile 5.07 KB
Newer Older
Dominik Hebeler's avatar
Dominik Hebeler committed
1
# syntax = docker/dockerfile:experimental
Dominik Hebeler's avatar
Dominik Hebeler committed
2
3
4
FROM debian:10 AS dependencies

WORKDIR /html
5
EXPOSE 8080
6

Dominik Hebeler's avatar
Dominik Hebeler committed
7
8
9
# Install System Components
RUN apt update \
    && apt install -y \
Dominik Hebeler's avatar
Dominik Hebeler committed
10
11
    nginx \
    tzdata \
Dominik Hebeler's avatar
Dominik Hebeler committed
12
13
    lsb-release \
    apt-transport-https \
Dominik Hebeler's avatar
Dominik Hebeler committed
14
15
    curl \
    zip
Dominik Hebeler's avatar
Dominik Hebeler committed
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34

RUN curl -o /etc/apt/trusted.gpg.d/php.gpg https://packages.sury.org/php/apt.gpg \
    && echo "deb https://packages.sury.org/php/ $(lsb_release -sc) main" | tee /etc/apt/sources.list.d/php.list

# Install PHP Components
RUN apt update \
    && apt install -y \
    php7.4 \
    php7.4-fpm \
    php7.4-json \
    php7.4-bcmath \
    php7.4-ctype \
    php7.4-mbstring \
    php7.4-pdo \
    php7.4-tokenizer \
    php7.4-xml \
    php7.4-curl \
    php7.4-dom \
    php7.4-fileinfo \
35
    php7.4-redis \
Dominik Hebeler's avatar
Dominik Hebeler committed
36
    php7.4-xdebug \
37
    php7.4-zip
Dominik Hebeler's avatar
Dominik Hebeler committed
38

Dominik Hebeler's avatar
Dominik Hebeler committed
39
40
41
42
43
44
45
46
47
48
49
50
51
# Install Composer
COPY ./helpers/installComposer.sh /usr/bin/installComposer
RUN chmod +x /usr/bin/installComposer && \
    /usr/bin/installComposer && \
    rm /usr/bin/installComposer

# Install Nodejs
COPY ./helpers/installNodejs.sh /usr/bin/installNodejs
RUN chmod +x /usr/bin/installNodejs && \
    /usr/bin/installNodejs && \
    rm /usr/bin/installNodejs
ENV PATH /usr/local/lib/nodejs/bin:$PATH

Dominik Hebeler's avatar
Dominik Hebeler committed
52
53
54
55
# Install Minio Client
RUN curl -o /usr/bin/mc "https://dl.min.io/client/mc/release/linux-amd64/mc" &&\
    chmod +x /usr/bin/mc

Dominik Hebeler's avatar
Dominik Hebeler committed
56
FROM dependencies AS development
Dominik Hebeler's avatar
Dominik Hebeler committed
57

58
59
RUN sed -i 's/pid = \/run\/php\/php7.4-fpm.pid/;pid = \/run\/php\/php7.4-fpm.pid/g' /etc/php/7.4/fpm/php-fpm.conf && \
    sed -i 's/error_log = \/var\/log\/php7.4-fpm.log/error_log = \/dev\/stderr/g' /etc/php/7.4/fpm/php-fpm.conf && \
Dominik Hebeler's avatar
Dominik Hebeler committed
60
61
62
    sed -i 's/;daemonize = yes/daemonize = no/g' /etc/php/7.4/fpm/php-fpm.conf && \
    sed -i 's/listen = \/run\/php\/php7.4-fpm.sock/listen = 9000/g' /etc/php/7.4/fpm/pool.d/www.conf && \
    sed -i 's/decorate_workers_output = no/decorate_workers_output = no/g' /etc/php/7.4/fpm/pool.d/www.conf && \
Dominik Hebeler's avatar
Dominik Hebeler committed
63
    sed -i 's/;catch_workers_output = yes/catch_workers_output = yes/g' /etc/php/7.4/fpm/pool.d/www.conf && \
Dominik Hebeler's avatar
Dominik Hebeler committed
64
65
66
67
68
69
70
    sed -i 's/user = nobody/user = www-data/g' /etc/php/7.4/fpm/pool.d/www.conf && \
    sed -i 's/group = nobody/group = www-data/g' /etc/php/7.4/fpm/pool.d/www.conf && \
    sed -i 's/pm.max_children = 5/pm.max_children = 1024/g' /etc/php/7.4/fpm/pool.d/www.conf && \
    sed -i 's/pm.start_servers = 2/pm.start_servers = 50/g' /etc/php/7.4/fpm/pool.d/www.conf && \
    sed -i 's/pm.min_spare_servers = 1/pm.min_spare_servers = 5/g' /etc/php/7.4/fpm/pool.d/www.conf && \
    sed -i 's/pm.max_spare_servers = 3/pm.max_spare_servers = 50/g' /etc/php/7.4/fpm/pool.d/www.conf && \
    sed -i 's/;cgi.fix_pathinfo=1/cgi.fix_pathinfo=0/g' /etc/php/7.4/fpm/php.ini && \
Dominik Hebeler's avatar
Dominik Hebeler committed
71
72
73
74
75
76
    sed -i 's/;zend_extension=xdebug.so/zend_extension=xdebug.so/g' /etc/php/7.4/fpm/conf.d/20-xdebug.ini && \
    echo "xdebug.mode = debug" >> /etc/php/7.4/fpm/conf.d/20-xdebug.ini && \
    echo "xdebug.start_with_request = yes" >> /etc/php/7.4/fpm/conf.d/20-xdebug.ini && \
    echo "xdebug.discover_client_host = true" >> /etc/php/7.4/fpm/conf.d/20-xdebug.ini && \
    echo "xdebug.idekey=VSCODE" >> /etc/php/7.4/fpm/conf.d/20-xdebug.ini && \
    cp /usr/share/zoneinfo/Europe/Berlin /etc/localtime && \
77
    echo "Europe/Berlin" > /etc/timezone
Dominik Hebeler's avatar
Dominik Hebeler committed
78

79
80
# Using image as non-root
RUN groupadd -g 1000 metager-proxy && \
Dominik Hebeler's avatar
Dominik Hebeler committed
81
    useradd -b /home/metager-proxy -g 1000 -u 1000 -M -s /bin/bash metager-proxy
82
RUN chown -R 1000:1000 /var/lib/nginx /var/log/nginx
Dominik Hebeler's avatar
Dominik Hebeler committed
83
84
RUN mkdir -p /home/metager-proxy &&\
    chown 1000:1000 /home/metager-proxy
85
86
87
88
89
RUN touch /run/nginx.pid && \
    chown 1000:1000 /run/nginx.pid
USER 1000:1000

CMD /entrypoint.sh
Dominik Hebeler's avatar
Dominik Hebeler committed
90
91
92
93

# Just the changes we need for production use (i.e. enable opcache, disable xdebug, etc.)
FROM development AS production

94
USER 0:0
Dominik Hebeler's avatar
Dominik Hebeler committed
95
# Opcache configuration
96
97
RUN apt purge -y php7.4-xdebug
RUN sed -i 's/expose_php = On/expose_php = Off/g' /etc/php/7.4/fpm/php.ini && \
Dominik Hebeler's avatar
Dominik Hebeler committed
98
99
100
101
102
103
    sed -i 's/;opcache.enable=1/opcache.enable=1/g' /etc/php/7.4/fpm/php.ini && \
    sed -i 's/;opcache.memory_consumption=128/opcache.memory_consumption=128/g' /etc/php/7.4/fpm/php.ini && \
    sed -i 's/;opcache.interned_strings_buffer=8/opcache.interned_strings_buffer=8/g' /etc/php/7.4/fpm/php.ini && \
    sed -i 's/;opcache.max_accelerated_files=10000/opcache.max_accelerated_files=10000/g' /etc/php/7.4/fpm/php.ini && \
    sed -i 's/;opcache.max_wasted_percentage=5/opcache.max_wasted_percentage=5/g' /etc/php/7.4/fpm/php.ini && \
    sed -i 's/;opcache.validate_timestamps=1/opcache.validate_timestamps=1/g' /etc/php/7.4/fpm/php.ini && \
Dominik Hebeler's avatar
Dominik Hebeler committed
104
    sed -i 's/;opcache.revalidate_freq=2/opcache.revalidate_freq=300/g' /etc/php/7.4/fpm/php.ini
Dominik Hebeler's avatar
Dominik Hebeler committed
105
106

COPY config/nginx.conf /etc/nginx/nginx.conf
Dominik Hebeler's avatar
Dominik Hebeler committed
107
108
COPY config/nginx-default.conf /etc/nginx/sites-available/default
RUN sed -i 's/fastcgi_pass phpfpm:9000;/fastcgi_pass localhost:9000;/g' /etc/nginx/sites-available/default
109

Dominik Hebeler's avatar
Dominik Hebeler committed
110
111
112
113
# Install Entrypoint
COPY ./helpers/entrypoint.sh /entrypoint.sh
RUN chmod +x /entrypoint.sh

114
COPY --chown=1000:1000 . /html
115

Dominik Hebeler's avatar
Dominik Hebeler committed
116
# Install packages
Dominik Hebeler's avatar
Dominik Hebeler committed
117
118
RUN --mount=type=secret,id=auto-devops-build-secrets . /run/secrets/auto-devops-build-secrets && \
    chmod +x ./helpers/installPackages.sh && \
119
    /bin/sh -c ./helpers/installPackages.sh
Dominik Hebeler's avatar
Dominik Hebeler committed
120

121
USER 1000:1000