Upgrade Dockerfile
This commit is contained in:
parent
f14a977747
commit
1f61df9cf0
@ -1,9 +1,23 @@
|
||||
**/*.log
|
||||
**/*.md
|
||||
**/*.php~
|
||||
**/._*
|
||||
**/.dockerignore
|
||||
**/.DS_Store
|
||||
**/.gitignore
|
||||
**/.git/
|
||||
**/.gitattributes
|
||||
**/.gitignore
|
||||
**/.gitmodules
|
||||
**/Dockerfile
|
||||
**/Thumbs.db
|
||||
.dockerignore
|
||||
Dockerfile
|
||||
docker-compose.yaml
|
||||
.editorconfig
|
||||
.env*
|
||||
!.env.local.php
|
||||
.php_cs.cache
|
||||
bin/*
|
||||
!bin/console
|
||||
docker/db/data/
|
||||
helm/
|
||||
public/bundles/
|
||||
var/
|
||||
vendor/
|
||||
|
@ -26,9 +26,9 @@ script:
|
||||
- docker-compose build --pull
|
||||
- docker-compose up -d
|
||||
- sleep 30
|
||||
- docker-compose exec -T app composer req sensiolabs/security-checker
|
||||
- docker-compose exec -T app bin/console security:check
|
||||
- docker-compose run --no-deps -T app composer validate --no-check-publish
|
||||
- docker-compose exec -T php composer req sensiolabs/security-checker
|
||||
- docker-compose exec -T php bin/console security:check
|
||||
- docker-compose run --no-deps -T php composer validate --no-check-publish
|
||||
- curl http://localhost # Client
|
||||
- curl -k https://localhost # Client (HTTP/2)
|
||||
- docker-compose logs # Display logs if anything wrong
|
||||
|
168
Dockerfile
168
Dockerfile
@ -1,80 +1,75 @@
|
||||
# the different stages of this Dockerfile are meant to be built into separate images
|
||||
# https://docs.docker.com/develop/develop-images/multistage-build/#stop-at-a-specific-build-stage
|
||||
# https://docs.docker.com/compose/compose-file/#target
|
||||
|
||||
ARG PHP_VERSION=7.2
|
||||
|
||||
# https://docs.docker.com/engine/reference/builder/#understand-how-arg-and-from-interact
|
||||
ARG PHP_VERSION=7.3
|
||||
ARG NGINX_VERSION=1.15
|
||||
|
||||
### NGINX
|
||||
FROM nginx:${NGINX_VERSION}-alpine AS symfony_docker_nginx
|
||||
|
||||
COPY docker/nginx/conf.d /etc/nginx/conf.d/
|
||||
COPY public /srv/app/public/
|
||||
|
||||
### H2 PROXY
|
||||
FROM alpine:latest AS symfony_docker_h2-proxy-cert
|
||||
|
||||
RUN apk add --no-cache openssl
|
||||
|
||||
# Use this self-generated certificate only in dev, IT IS NOT SECURE!
|
||||
RUN openssl genrsa -des3 -passout pass:NotSecure -out server.pass.key 2048
|
||||
RUN openssl rsa -passin pass:NotSecure -in server.pass.key -out server.key
|
||||
RUN rm server.pass.key
|
||||
RUN openssl req -new -passout pass:NotSecure -key server.key -out server.csr \
|
||||
-subj '/C=SS/ST=SS/L=Gotham City/O=Symfony/CN=localhost'
|
||||
RUN openssl x509 -req -sha256 -days 365 -in server.csr -signkey server.key -out server.crt
|
||||
|
||||
FROM nginx:${NGINX_VERSION}-alpine AS symfony_docker_h2-proxy
|
||||
|
||||
RUN mkdir -p /etc/nginx/ssl/
|
||||
COPY --from=symfony_docker_h2-proxy-cert server.key server.crt /etc/nginx/ssl/
|
||||
COPY ./docker/h2-proxy/default.conf /etc/nginx/conf.d/default.conf
|
||||
|
||||
### PHP
|
||||
# "php" stage
|
||||
FROM php:${PHP_VERSION}-fpm-alpine AS symfony_docker_php
|
||||
|
||||
# persistent / runtime deps
|
||||
RUN apk add --no-cache \
|
||||
git \
|
||||
icu-libs \
|
||||
zlib \
|
||||
jq
|
||||
acl \
|
||||
file \
|
||||
gettext \
|
||||
git \
|
||||
jq \
|
||||
;
|
||||
|
||||
ENV APCU_VERSION 5.1.12
|
||||
RUN set -eux \
|
||||
&& apk add --no-cache --virtual .build-deps \
|
||||
$PHPIZE_DEPS \
|
||||
icu-dev \
|
||||
zlib-dev \
|
||||
&& docker-php-ext-install -j$(nproc) \
|
||||
intl \
|
||||
zip \
|
||||
&& pecl install \
|
||||
apcu-${APCU_VERSION} \
|
||||
&& docker-php-ext-enable --ini-name 20-apcu.ini apcu \
|
||||
&& docker-php-ext-enable --ini-name 05-opcache.ini opcache \
|
||||
&& runDeps="$( \
|
||||
scanelf --needed --nobanner --format '%n#p' --recursive /usr/local/lib/php/extensions \
|
||||
| tr ',' '\n' \
|
||||
| sort -u \
|
||||
| awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \
|
||||
)" \
|
||||
&& apk add --no-cache --virtual .api-phpexts-rundeps $runDeps \
|
||||
&& apk del .build-deps
|
||||
ARG APCU_VERSION=5.1.17
|
||||
RUN set -eux; \
|
||||
apk add --no-cache --virtual .build-deps \
|
||||
$PHPIZE_DEPS \
|
||||
icu-dev \
|
||||
libzip-dev \
|
||||
postgresql-dev \
|
||||
zlib-dev \
|
||||
; \
|
||||
\
|
||||
docker-php-ext-configure zip --with-libzip; \
|
||||
docker-php-ext-install -j$(nproc) \
|
||||
intl \
|
||||
zip \
|
||||
; \
|
||||
pecl install \
|
||||
apcu-${APCU_VERSION} \
|
||||
; \
|
||||
pecl clear-cache; \
|
||||
docker-php-ext-enable \
|
||||
apcu \
|
||||
opcache \
|
||||
; \
|
||||
\
|
||||
runDeps="$( \
|
||||
scanelf --needed --nobanner --format '%n#p' --recursive /usr/local/lib/php/extensions \
|
||||
| tr ',' '\n' \
|
||||
| sort -u \
|
||||
| awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \
|
||||
)"; \
|
||||
apk add --no-cache --virtual .phpexts-rundeps $runDeps; \
|
||||
\
|
||||
apk del .build-deps
|
||||
|
||||
RUN ln -s $PHP_INI_DIR/php.ini-production $PHP_INI_DIR/php.ini
|
||||
COPY docker/app/conf.d/symfony.ini $PHP_INI_DIR/conf.d/symfony.ini
|
||||
COPY --from=composer:latest /usr/bin/composer /usr/bin/composer
|
||||
COPY docker/app/docker-entrypoint.sh /usr/local/bin/docker-app-entrypoint
|
||||
RUN chmod +x /usr/local/bin/docker-app-entrypoint
|
||||
|
||||
WORKDIR /srv/app
|
||||
ENTRYPOINT ["docker-app-entrypoint"]
|
||||
CMD ["php-fpm"]
|
||||
RUN ln -s $PHP_INI_DIR/php.ini-production $PHP_INI_DIR/php.ini
|
||||
COPY docker/php/conf.d/symfony.ini $PHP_INI_DIR/conf.d/symfony.ini
|
||||
|
||||
# https://getcomposer.org/doc/03-cli.md#composer-allow-superuser
|
||||
ENV COMPOSER_ALLOW_SUPERUSER 1
|
||||
ENV COMPOSER_ALLOW_SUPERUSER=1
|
||||
# install Symfony Flex globally to speed up download of Composer packages (parallelized prefetching)
|
||||
RUN set -eux; \
|
||||
composer global require "symfony/flex" --prefer-dist --no-progress --no-suggest --classmap-authoritative; \
|
||||
composer clear-cache
|
||||
ENV PATH="${PATH}:/root/.composer/vendor/bin"
|
||||
|
||||
# Use prestissimo to speed up builds
|
||||
RUN composer global require "symfony/flex" --prefer-dist --no-progress --no-suggest --classmap-authoritative --no-interaction
|
||||
WORKDIR /srv/app
|
||||
|
||||
# build for production
|
||||
ARG APP_ENV=prod
|
||||
|
||||
# Allow to use development versions of Symfony
|
||||
ARG STABILITY="stable"
|
||||
@ -84,14 +79,53 @@ ENV STABILITY ${STABILITY:-stable}
|
||||
ARG SYMFONY_VERSION=""
|
||||
|
||||
# Download the Symfony skeleton and leverage Docker cache layers
|
||||
RUN composer create-project "symfony/skeleton ${SYMFONY_VERSION}" . --stability=$STABILITY --prefer-dist --no-dev --no-progress --no-scripts --no-plugins --no-interaction
|
||||
RUN composer create-project "symfony/skeleton ${SYMFONY_VERSION}" . --stability=$STABILITY --prefer-dist --no-dev --no-progress --no-scripts --no-plugins --no-interaction; \
|
||||
composer clear-cache
|
||||
|
||||
###> recipes ###
|
||||
###< recipes ###
|
||||
|
||||
COPY . .
|
||||
|
||||
RUN mkdir -p var/cache var/logs var/sessions \
|
||||
&& composer install --prefer-dist --no-dev --no-scripts --no-progress --no-suggest --classmap-authoritative --no-interaction \
|
||||
&& composer clear-cache \
|
||||
&& chown -R www-data var
|
||||
RUN set -eux; \
|
||||
mkdir -p var/cache var/log; \
|
||||
composer dump-autoload --classmap-authoritative --no-dev; \
|
||||
composer run-script --no-dev post-install-cmd; sync
|
||||
VOLUME /srv/app/var
|
||||
|
||||
COPY docker/php/docker-entrypoint.sh /usr/local/bin/docker-entrypoint
|
||||
RUN chmod +x /usr/local/bin/docker-entrypoint
|
||||
|
||||
ENTRYPOINT ["docker-entrypoint"]
|
||||
CMD ["php-fpm"]
|
||||
|
||||
|
||||
# "nginx" stage
|
||||
# depends on the "php" stage above
|
||||
FROM nginx:${NGINX_VERSION}-alpine AS symfony_docker_nginx
|
||||
|
||||
COPY docker/nginx/conf.d/default.conf /etc/nginx/conf.d/default.conf
|
||||
|
||||
WORKDIR /srv/app
|
||||
|
||||
COPY --from=symfony_docker_php /srv/app/public public/
|
||||
|
||||
# "h2-proxy-cert" stage
|
||||
FROM alpine:latest AS symfony_docker_h2-proxy-cert
|
||||
|
||||
RUN apk add --no-cache openssl
|
||||
|
||||
# Use this self-generated certificate only in dev, IT IS NOT SECURE!
|
||||
RUN openssl genrsa -des3 -passout pass:NotSecure -out server.pass.key 2048
|
||||
RUN openssl rsa -passin pass:NotSecure -in server.pass.key -out server.key
|
||||
RUN rm server.pass.key
|
||||
RUN openssl req -new -passout pass:NotSecure -key server.key -out server.csr \
|
||||
-subj '/C=SS/ST=SS/L=Gotham City/O=Symfony/CN=localhost'
|
||||
RUN openssl x509 -req -sha256 -days 365 -in server.csr -signkey server.key -out server.crt
|
||||
|
||||
### "h2-proxy" stage
|
||||
FROM nginx:${NGINX_VERSION}-alpine AS symfony_docker_h2-proxy
|
||||
|
||||
RUN mkdir -p /etc/nginx/ssl/
|
||||
COPY --from=symfony_docker_h2-proxy-cert server.key server.crt /etc/nginx/ssl/
|
||||
COPY ./docker/h2-proxy/default.conf /etc/nginx/conf.d/default.conf
|
||||
|
10
README.md
10
README.md
@ -55,7 +55,7 @@ configuration remains untouched.
|
||||
As example, an override could look like this:
|
||||
|
||||
```yaml
|
||||
version: '3.4'
|
||||
version: "3.4"
|
||||
|
||||
services:
|
||||
app:
|
||||
@ -78,9 +78,9 @@ services:
|
||||
|
||||
Then run:
|
||||
|
||||
````bash
|
||||
```bash
|
||||
docker-compose up -d
|
||||
````
|
||||
```
|
||||
|
||||
If `docker-compose.yaml` and a `docker-compose.override.yaml` are present on the same directory level, Docker Compose combines the two files into a single configuration, applying the configuration in the `docker-compose.override.yaml` file over and in addition to the values in the `docker-compose.yaml` file.
|
||||
|
||||
@ -89,7 +89,7 @@ If `docker-compose.yaml` and a `docker-compose.override.yaml` are present on the
|
||||
Inspect the installation with the following command. The requested Xdebug version should be displayed in the output.
|
||||
|
||||
```bash
|
||||
$ docker-compose exec app php --version
|
||||
$ docker-compose exec php php --version
|
||||
|
||||
PHP 7.2.8 (cli) (built: Jul 21 2018 08:09:37) ( NTS )
|
||||
Copyright (c) 1997-2018 The PHP Group
|
||||
@ -100,7 +100,7 @@ Zend Engine v3.2.0, Copyright (c) 1998-2018 Zend Technologies
|
||||
|
||||
### Editing Permissions on Linux
|
||||
|
||||
If you work on linux and cannot edit some of the project files right after the first installation, you can run `docker-compose run --rm app chown -R $(id -u):$(id -g) .` to set yourself as owner of the project files that were created by the docker container.
|
||||
If you work on linux and cannot edit some of the project files right after the first installation, you can run `docker-compose run --rm php chown -R $(id -u):$(id -g) .` to set yourself as owner of the project files that were created by the docker container.
|
||||
|
||||
## Credits
|
||||
|
||||
|
@ -1,7 +1,7 @@
|
||||
version: '3.4'
|
||||
version: "3.4"
|
||||
|
||||
services:
|
||||
app:
|
||||
php:
|
||||
build:
|
||||
context: .
|
||||
target: symfony_docker_php
|
||||
@ -24,13 +24,13 @@ services:
|
||||
context: .
|
||||
target: symfony_docker_nginx
|
||||
depends_on:
|
||||
- app
|
||||
- php
|
||||
volumes:
|
||||
# Comment out the next line in production
|
||||
- ./docker/nginx/conf.d:/etc/nginx/conf.d:ro
|
||||
- ./public:/srv/app/public:ro
|
||||
ports:
|
||||
- '80:80'
|
||||
- "80:80"
|
||||
|
||||
# This HTTP/2 proxy is not secure: it should only be used in dev
|
||||
h2-proxy:
|
||||
@ -42,4 +42,4 @@ services:
|
||||
volumes:
|
||||
- ./docker/h2-proxy/default.conf:/etc/nginx/conf.d/default.conf:ro
|
||||
ports:
|
||||
- '443:443'
|
||||
- "443:443"
|
||||
|
@ -7,10 +7,10 @@ server {
|
||||
}
|
||||
location ~ ^/index\.php(/|$) {
|
||||
#resolver 127.0.0.11;
|
||||
#set $upstream_host app;
|
||||
#set $upstream_host php;
|
||||
#fastcgi_pass $upstream_host:9000;
|
||||
# Uncomment the previous lines and comment the next one to enable dynamic resolution (incompatible with Kubernetes)
|
||||
fastcgi_pass app:9000;
|
||||
fastcgi_pass php:9000;
|
||||
fastcgi_split_path_info ^(.+\.php)(/.*)$;
|
||||
include fastcgi_params;
|
||||
# When you are using symlinks to link the document root to the
|
||||
|
@ -6,12 +6,12 @@ if [ "${1#-}" != "$1" ]; then
|
||||
set -- php-fpm "$@"
|
||||
fi
|
||||
|
||||
if [ "$1" = 'php-fpm' ] || [ "$1" = 'bin/console' ]; then
|
||||
PHP_INI_RECOMMENDED="$PHP_INI_DIR/php.ini-production"
|
||||
if [ "$APP_ENV" != 'prod' ]; then
|
||||
PHP_INI_RECOMMENDED="$PHP_INI_DIR/php.ini-development"
|
||||
fi
|
||||
ln -sf "$PHP_INI_RECOMMENDED" "$PHP_INI_DIR/php.ini"
|
||||
if [ "$1" = 'php-fpm' ] || [ "$1" = 'php' ] || [ "$1" = 'bin/console' ]; then
|
||||
PHP_INI_RECOMMENDED="$PHP_INI_DIR/php.ini-production"
|
||||
if [ "$APP_ENV" != 'prod' ]; then
|
||||
PHP_INI_RECOMMENDED="$PHP_INI_DIR/php.ini-development"
|
||||
fi
|
||||
ln -sf "$PHP_INI_RECOMMENDED" "$PHP_INI_DIR/php.ini"
|
||||
|
||||
# The first time volumes are mounted, the project needs to be recreated
|
||||
if [ ! -f composer.json ]; then
|
||||
@ -23,12 +23,12 @@ if [ "$1" = 'php-fpm' ] || [ "$1" = 'bin/console' ]; then
|
||||
cp -Rp tmp/. .
|
||||
rm -Rf tmp/
|
||||
elif [ "$APP_ENV" != 'prod' ]; then
|
||||
# Always try to reinstall deps when not in prod
|
||||
composer install --prefer-dist --no-progress --no-suggest --no-interaction
|
||||
fi
|
||||
|
||||
# Permissions hack because setfacl does not work on Mac and Windows
|
||||
chown -R www-data var
|
||||
mkdir -p var/cache var/log
|
||||
setfacl -R -m u:www-data:rwX -m u:"$(whoami)":rwX var
|
||||
setfacl -dR -m u:www-data:rwX -m u:"$(whoami)":rwX var
|
||||
fi
|
||||
|
||||
exec docker-php-entrypoint "$@"
|
Loading…
x
Reference in New Issue
Block a user