Glebaster/forum
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

h2 and HTTPS support

Browse Source
This commit is contained in:
Kévin Dunglas 2017-10-16 14:46:43 +02:00
parent 313bda6b7a
commit 33daa22c7a
No known key found for this signature in database
GPG Key ID: 4D04EBEF06AAF3A6
4 changed files with 70 additions and 19 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

34
Dockerfile
View File

@ -37,27 +37,25 @@ RUN set -xe \
# https://getcomposer.org/doc/03-cli.md#composer-allow-superuser
ENV COMPOSER_ALLOW_SUPERUSER 1
RUN composer global require "hirak/prestissimo:^0.3" --prefer-dist --no-progress --no-suggest --optimize-autoloader --classmap-authoritative \
&& composer clear-cache
WORKDIR /srv/app
COPY . .
# Cleanup unneeded files
RUN rm -Rf docker/
# Download the Symfony skeleton
ENV SKELETON_COMPOSER_JSON https://raw.githubusercontent.com/symfony/skeleton/v3.3.2/composer.json
RUN [ -f composer.json ] || php -r "copy('$SKELETON_COMPOSER_JSON', 'composer.json');"
RUN mkdir -p var/cache var/logs var/sessions \
&& composer install --prefer-dist --no-dev --no-progress --no-suggest --optimize-autoloader --classmap-authoritative --no-interaction \
&& composer clear-cache \
# Permissions hack because setfacl does not work on Mac and Windows
&& chown -R www-data var
# Use prestissimo to speed up builds
RUN composer global require "hirak/prestissimo:^0.3" --prefer-dist --no-progress --no-suggest --optimize-autoloader --classmap-authoritative
COPY docker/app/docker-entrypoint.sh /usr/local/bin/docker-app-entrypoint
RUN chmod +x /usr/local/bin/docker-app-entrypoint
# Download the Symfony skeleton and leverage Docker cache layers
ENV SKELETON_COMPOSER_JSON https://raw.githubusercontent.com/symfony/skeleton/v3.3.4/composer.json
WORKDIR /srv/app
RUN php -r "copy('$SKELETON_COMPOSER_JSON', 'composer.json');" \
&& composer install --prefer-dist --no-dev --no-progress --no-suggest --no-autoloader --no-scripts --no-plugins --no-interaction
COPY . .
RUN mkdir -p var/cache var/logs var/sessions \
&& composer install --prefer-dist --no-dev --no-progress --no-suggest --optimize-autoloader --classmap-authoritative --no-interaction \
&& composer clear-cache \
&& chown -R www-data var # Permissions hack because setfacl does not work on Mac and Windows
ENTRYPOINT ["docker-app-entrypoint"]
CMD ["php-fpm"]

17
Dockerfile.h2-proxy Normal file
View File

@ -0,0 +1,17 @@
FROM alpine:latest
RUN apk add --no-cache openssl
# Use this self-generated certificate only in dev, IT IS NOT SECURE!
RUN openssl genrsa -des3 -passout pass:NotSecure -out server.pass.key 2048
RUN openssl rsa -passin pass:NotSecure -in server.pass.key -out server.key
RUN rm server.pass.key
RUN openssl req -new -passout pass:NotSecure -key server.key -out server.csr \
-subj '/C=SS/ST=SS/L=Gotham City/O=Symfony/CN=localhost'
RUN openssl x509 -req -sha256 -days 365 -in server.csr -signkey server.key -out server.crt
FROM httpd:2.4-alpine
COPY --from=0 server.key /usr/local/apache2/conf/server.key
COPY --from=0 server.crt /usr/local/apache2/conf/server.crt
COPY ./docker/httpd/httpd.conf /usr/local/apache2/conf/httpd.conf

11
docker-compose.yml → docker-compose.yaml
View File

@ -12,7 +12,6 @@ services:
- /srv/app/var/cache/
- /srv/app/var/logs/
- /srv/app/var/sessions/
- /srv/app/vendor/
nginx:
build:
@ -24,3 +23,13 @@ services:
- ./public:/srv/app/public:ro
ports:
- '80:80'
# This HTTP/2 proxy is not secure: it should only be used in dev
h2-proxy:
build:
context: .
dockerfile: ./Dockerfile.h2-proxy
volumes:
- ./docker/httpd/httpd.conf:/usr/local/apache2/conf/httpd.conf:ro
ports:
- '443:443'

27
docker/httpd/httpd.conf Normal file
View File

@ -0,0 +1,27 @@
ServerName localhost
Listen 443
SSLEngine on
SSLCertificateFile "/usr/local/apache2/conf/server.crt"
SSLCertificateKeyFile "/usr/local/apache2/conf/server.key"
SSLSessionCache "shmcb:/usr/local/apache2/logs/ssl_scache(512000)"
User daemon
Group daemon
ErrorLog /proc/self/fd/2
CustomLog /proc/self/fd/1 "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\""
Protocols h2 http/1.1
ProxyPass / http://nginx/
ProxyPassReverse / http://nginx/
LoadModule authz_core_module modules/mod_authz_core.so
LoadModule http2_module modules/mod_http2.so
LoadModule log_config_module modules/mod_log_config.so
LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_http_module modules/mod_proxy_http.so
LoadModule socache_shmcb_module modules/mod_socache_shmcb.so
LoadModule ssl_module modules/mod_ssl.so
LoadModule unixd_module modules/mod_unixd.so