modified dockerfile

75009bd1 · Dominik Hebeler · c98e5980 · 75009bd1 · 75009bd1 · 75009bd1
Commit 75009bd1 authored 5 years ago by Dominik Hebeler
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
 variables:
    DOCKER_HOST: "tcp://docker-dind.gitlab:2375"
+    AUTO_DEVOPS_BUILD_IMAGE_EXTRA_ARGS: "--network host"
    POSTGRES_ENABLED: "false"
    CODE_QUALITY_DISABLED: "true"
    CONTAINER_SCANNING_DISABLED: "true"
@@ -81,8 +82,6 @@ build:
  services:

 review:
-  services: 
-    - redis:latest
  variables:
    HELM_UPGRADE_EXTRA_ARGS: --set service.externalPort=80 --set service.internalPort=80 --set service.commonName= --set ingress.tls.enabled=false --set ingress.annotations.kubernetes\.io/tls-acme="false" --set ingress.annotations.nginx\.ingress\.kubernetes\.io/ssl-redirect="false"
    ROLLOUT_RESOURCE_TYPE: deployment

--- a/Dockerfile
+++ b/Dockerfile
-FROM registry.metager.de/open-source/proxy/php-fpm:latest
+FROM alpine:3.11.3

-COPY . /html
+RUN apk add --update \
+    nginx \
+    tzdata \
+    ca-certificates \
+    dcron \
+    php7 \
+    php7-fpm \
+    && rm -rf /var/cache/apk/*
+
+WORKDIR /html
+
+RUN sed -i 's/;error_log = log\/php7\/error.log/error_log = \/dev\/stderr/g' /etc/php7/php-fpm.conf && \
+    sed -i 's/;daemonize = yes/daemonize = no/g' /etc/php7/php-fpm.conf && \
+    sed -i 's/listen = 127.0.0.1:9000/listen = 9000/g' /etc/php7/php-fpm.d/www.conf && \
+    sed -i 's/;request_terminate_timeout = 0/request_terminate_timeout = 30/g' /etc/php7/php-fpm.d/www.conf && \
+    sed -i 's/;request_terminate_timeout_track_finished = no/request_terminate_timeout_track_finished = yes/g' /etc/php7/php-fpm.d/www.conf && \
+    sed -i 's/;decorate_workers_output = no/decorate_workers_output = no/g' /etc/php7/php-fpm.d/www.conf && \
+    sed -i 's/;catch_workers_output = yes/catch_workers_output = yes/g' /etc/php7/php-fpm.d/www.conf && \
+    sed -i 's/user = nobody/user = nginx/g' /etc/php7/php-fpm.d/www.conf && \
+    sed -i 's/group = nobody/group = nginx/g' /etc/php7/php-fpm.d/www.conf && \
+    sed -i 's/pm.max_children = 5/pm.max_children = 100/g' /etc/php7/php-fpm.d/www.conf && \
+    sed -i 's/pm.start_servers = 2/pm.start_servers = 5/g' /etc/php7/php-fpm.d/www.conf && \
+    sed -i 's/pm.min_spare_servers = 1/pm.min_spare_servers = 5/g' /etc/php7/php-fpm.d/www.conf && \
+    sed -i 's/pm.max_spare_servers = 3/pm.max_spare_servers = 25/g' /etc/php7/php-fpm.d/www.conf && \
+    sed -i 's/user = www-data/user = nginx/g' /etc/php7/php-fpm.d/www.conf && \
+    sed -i 's/group = www-data/group = nginx/g' /etc/php7/php-fpm.d/www.conf && \
+    sed -i 's/;cgi.fix_pathinfo=1/cgi.fix_pathinfo=0/g' /etc/php7/php.ini && \
+    sed -i 's/expose_php = On/expose_php = Off/g' /etc/php7/php.ini && \
+    # Opcache configuration
+    sed -i 's/;opcache.enable=1/opcache.enable=1/g' /etc/php7/php.ini && \
+    sed -i 's/;opcache.memory_consumption=128/opcache.memory_consumption=128/g' /etc/php7/php.ini && \
+    sed -i 's/;opcache.interned_strings_buffer=8/opcache.interned_strings_buffer=8/g' /etc/php7/php.ini && \
+    sed -i 's/;opcache.max_accelerated_files=10000/opcache.max_accelerated_files=10000/g' /etc/php7/php.ini && \
+    sed -i 's/;opcache.max_wasted_percentage=5/opcache.max_wasted_percentage=5/g' /etc/php7/php.ini && \
+    sed -i 's/;opcache.validate_timestamps=1/opcache.validate_timestamps=1/g' /etc/php7/php.ini && \
+    sed -i 's/;opcache.revalidate_freq=2/opcache.revalidate_freq=300/g' /etc/php7/php.ini && \
+    ln -s /dev/null /var/log/nginx/access.log && \
+    ln -s /dev/stdout /var/log/nginx/error.log && \
+    cp /usr/share/zoneinfo/Europe/Berlin /etc/localtime && \
+    echo "Europe/Berlin" > /etc/timezone && \
+    (crontab -l ; echo "* * * * * php /html/artisan schedule:run >> /dev/null 2>&1") | crontab -
+
+
+COPY config/nginx.conf /etc/nginx/nginx.conf
+COPY config/nginx-default.conf /etc/nginx/conf.d/default.conf
+RUN sed -i 's/fastcgi_pass phpfpm:9000;/fastcgi_pass localhost:9000;/g' /etc/nginx/conf.d/default.conf 
+COPY --chown=root:nginx . /html

 WORKDIR /html
 EXPOSE 80

-CMD /html/service-configs/start.sh
+CMD chown -R root:nginx storage/logs/metager bootstrap/cache && \
+    chmod -R g+w storage/logs/metager bootstrap/cache && \
+    crond -L /dev/stdout && \
+    php-fpm7
--- a/chart/templates/deployment.yaml
+++ b/chart/templates/deployment.yaml
@@ -33,7 +33,7 @@ spec:
      imagePullSecrets:
 {{ toYaml .Values.image.secrets | indent 10 }}
      containers:
-      - name: {{ .Chart.Name }}
+      - name: {{ .Chart.Name }}-phpfpm
        image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
        imagePullPolicy: {{ .Values.image.pullPolicy }}
        {{- if .Values.application.secretName }}
@@ -52,73 +52,86 @@ spec:
          valueFrom:
            fieldRef:
              fieldPath: metadata.namespace
-        - name: REDIS_SERVICE_NAME
-          value: {{ template "fullname" . }}-redis
+        ports:
+        - name: "{{ .Values.service.name }}-phpfpm"
+          containerPort: 9000
+        livenessProbe:
+          tcpSocket:
+            port: "{{ .Values.service.name }}-phpfpm"
+          initialDelaySeconds: {{ .Values.livenessProbe.initialDelaySeconds }}
+          timeoutSeconds: {{ .Values.livenessProbe.timeoutSeconds }}
+        readinessProbe:
+          tcpSocket:
+            port: "{{ .Values.service.name }}-phpfpm"
+          initialDelaySeconds: {{ .Values.readinessProbe.initialDelaySeconds }}
+          timeoutSeconds: {{ .Values.readinessProbe.timeoutSeconds }}
+        resources:
+{{ toYaml .Values.resources | indent 12 }}
+# NGINX
+      - name: {{ .Chart.Name }}-nginx
+        image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
+        command: ["nginx"]
+        imagePullPolicy: {{ .Values.image.pullPolicy }}
+        {{- if .Values.application.secretName }}
+        envFrom:
+        - secretRef:
+            name: {{ .Values.application.secretName }}
+        {{- end }}
+        env:
+        - name: DATABASE_URL
+          value: {{ .Values.application.database_url | quote }}
+        - name: GITLAB_ENVIRONMENT_NAME
+          value: {{ .Values.gitlab.envName }}
+        - name: GITLAB_ENVIRONMENT_URL
+          value: {{ .Values.gitlab.envURL }}
+        - name: POD_NAMESPACE
+          valueFrom:
+            fieldRef:
+              fieldPath: metadata.namespace
        ports:
        - name: "{{ .Values.service.name }}"
          containerPort: {{ .Values.service.internalPort }}
        livenessProbe:
+{{- if eq .Values.livenessProbe.probeType "httpGet" }}
          httpGet:
            path: {{ .Values.livenessProbe.path }}
-            port: {{ .Values.service.internalPort }}
            scheme: {{ .Values.livenessProbe.scheme }}
+            port: {{ .Values.service.internalPort }}
+{{- else if eq .Values.livenessProbe.probeType "tcpSocket" }}
+          tcpSocket:
+            port: {{ .Values.service.internalPort }}
+{{- end }}
          initialDelaySeconds: {{ .Values.livenessProbe.initialDelaySeconds }}
          timeoutSeconds: {{ .Values.livenessProbe.timeoutSeconds }}
        readinessProbe:
+{{- if eq .Values.readinessProbe.probeType "httpGet" }}
          httpGet:
            path: {{ .Values.readinessProbe.path }}
-            port: {{ .Values.service.internalPort }}
            scheme: {{ .Values.readinessProbe.scheme }}
+            port: {{ .Values.service.internalPort }}
+{{- else if eq .Values.readinessProbe.probeType "tcpSocket" }}
+          tcpSocket:
+            port: {{ .Values.service.internalPort }}
+{{- end }}
          initialDelaySeconds: {{ .Values.readinessProbe.initialDelaySeconds }}
          timeoutSeconds: {{ .Values.readinessProbe.timeoutSeconds }}
        resources:
 {{ toYaml .Values.resources | indent 12 }}
---
-apiVersion: extensions/v1beta1
-kind: Deployment
-metadata:
-  name: {{ template "trackableappname" . }}-redis
-  annotations:
-    {{ if .Values.gitlab.app }}app.gitlab.com/app: {{ .Values.gitlab.app | quote }}{{ end }}
-    {{ if .Values.gitlab.env }}app.gitlab.com/env: {{ .Values.gitlab.env | quote }}{{ end }}
-  labels:
-    app: {{ template "appname" . }}-redis
-    track: "{{ .Values.application.track }}"
-    tier: "{{ .Values.application.tier }}"
-    chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}"
-    release: {{ .Release.Name }}
-    heritage: {{ .Release.Service }}
-spec:
-  replicas: {{ .Values.replicaCount }}
-  template:
-    metadata:
-      labels:
-        app: {{ template "appname" . }}-redis
-        track: "{{ .Values.application.track }}"
-        tier: "{{ .Values.application.tier }}"
-        release: {{ .Release.Name }}
-    spec:
-      containers:
+# REDIS
      - name: {{ .Chart.Name }}-redis
-        image: "redis:latest"
+        image: "redis:5.0.3-alpine"
+        imagePullPolicy: {{ .Values.image.pullPolicy }}
        ports:
-          - containerPort: 6379
+        - name: "{{ .Values.service.name }}-redis"
+          containerPort: 6379
        livenessProbe:
-          exec:
-            command:
-            - sh
-            - -c
-            - redis-cli ping
+          tcpSocket:
+            port: "{{ .Values.service.name }}-redis"
          initialDelaySeconds: {{ .Values.livenessProbe.initialDelaySeconds }}
          timeoutSeconds: {{ .Values.livenessProbe.timeoutSeconds }}
        readinessProbe:
-          exec:
-            command:
-            - sh
-            - -c
-            - redis-cli ping
+          tcpSocket:
+            port: "{{ .Values.service.name }}-redis"
          initialDelaySeconds: {{ .Values.readinessProbe.initialDelaySeconds }}
          timeoutSeconds: {{ .Values.readinessProbe.timeoutSeconds }}
-        resources:
-{{ toYaml .Values.resources | indent 12 }}
 {{- end -}}
\ No newline at end of file
--- a/config/nginx-default.conf
+++ b/config/nginx-default.conf
+server {
+    listen       80;
+    server_name  localhost;
+    root   /html/public;
+    index  index.php index.html index.htm;
+
+    #charset koi8-r;
+    #access_log  /var/log/nginx/host.access.log  main;
+
+    location / {
+        try_files $uri $uri/ /index.php?$query_string;
+    }
+
+    location ~ \.php$ {
+        try_files $uri /index.php =404;
+        fastcgi_split_path_info ^(.+\.php)(/.+)$;
+        fastcgi_pass phpfpm:9000;
+        fastcgi_index index.php;
+        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
+        include fastcgi_params;
+    }
+
+    #error_page  404              /404.html;
+
+    # redirect server error pages to the static page /50x.html
+    #
+    error_page   500 502 503 504  /50x.html;
+    location = /50x.html {
+        root   /usr/share/nginx/html;
+    }
+
+    # proxy the PHP scripts to Apache listening on 127.0.0.1:80
+    #
+    #location ~ \.php$ {
+    #    proxy_pass   http://127.0.0.1;
+    #}
+
+    # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
+    #
+    #location ~ \.php$ {
+    #    root           html;
+    #    fastcgi_pass   127.0.0.1:9000;
+    #    fastcgi_index  index.php;
+    #    fastcgi_param  SCRIPT_FILENAME  /scripts$fastcgi_script_name;
+    #    include        fastcgi_params;
+    #}
+
+    # deny access to .htaccess files, if Apache's document root
+    # concurs with nginx's one
+    #
+    #location ~ /\.ht {
+    #    deny  all;
+    #}
+}
--- a/config/nginx.conf
+++ b/config/nginx.conf
+user  nginx;
+worker_processes  100;
+
+error_log  /var/log/nginx/error.log warn;
+pid        /var/run/nginx.pid;
+
+daemon off;
+
+events {
+    worker_connections  1024;
+}
+
+
+http {
+    include       /etc/nginx/mime.types;
+    default_type  application/octet-stream;
+
+    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
+                      '$status $body_bytes_sent "$http_referer" '
+                      '"$http_user_agent" "$http_x_forwarded_for"';
+
+    access_log  /var/log/nginx/access.log  main;
+
+    sendfile        on;
+    #tcp_nopush     on;
+
+    keepalive_timeout  65;
+
+    gzip  on;
+
+    include /etc/nginx/conf.d/*.conf;
+}
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -23,5 +23,5 @@ services:
    ports: 
    - "8080:80"
  redis:
-    image: redis
+    image: redis:5.0.3-alpine
    container_name: redis
\ No newline at end of file