Add Docker support

This commit is contained in:
Kévin Dunglas 2017-04-22 20:29:25 +02:00
parent 22d07b2f39
commit 7145ec03cf
No known key found for this signature in database
GPG Key ID: 4D04EBEF06AAF3A6
7 changed files with 219 additions and 0 deletions

70
Dockerfile Normal file
View File

@ -0,0 +1,70 @@
FROM php:7.1-fpm-alpine
RUN apk add --no-cache --virtual .persistent-deps \
git \
icu-libs \
make \
zlib
ENV APCU_VERSION 5.1.8
RUN set -xe \
&& apk add --no-cache --virtual .build-deps \
$PHPIZE_DEPS \
icu-dev \
zlib-dev \
&& docker-php-ext-install \
intl \
pdo_mysql \
zip \
&& pecl install \
apcu-${APCU_VERSION} \
&& docker-php-ext-enable --ini-name 20-apcu.ini apcu \
&& docker-php-ext-enable --ini-name 05-opcache.ini opcache \
&& apk del .build-deps
COPY docker/php/php.ini /usr/local/etc/php/php.ini
COPY docker/php/install-composer.sh /usr/local/bin/docker-app-install-composer
RUN chmod +x /usr/local/bin/docker-app-install-composer
RUN set -xe \
&& apk add --no-cache --virtual .fetch-deps \
openssl \
&& docker-app-install-composer \
&& mv composer.phar /usr/local/bin/composer \
&& apk del .fetch-deps
# https://getcomposer.org/doc/03-cli.md#composer-allow-superuser
ENV COMPOSER_ALLOW_SUPERUSER 1
RUN composer global require "hirak/prestissimo:^0.3" --prefer-dist --no-progress --no-suggest --optimize-autoloader --classmap-authoritative \
&& composer clear-cache
WORKDIR /srv/api-platform
COPY composer.json ./
COPY composer.lock ./
RUN mkdir -p \
var/cache \
var/logs \
var/sessions \
&& composer install --prefer-dist --no-dev --no-autoloader --no-scripts --no-progress --no-suggest \
&& composer clear-cache \
# Permissions hack because setfacl does not work on Mac and Windows
&& chown -R www-data var
COPY etc etc/
COPY src src/
COPY var var/
COPY web web/
RUN composer dump-autoload --optimize --classmap-authoritative --no-dev
COPY docker/php/start.sh /usr/local/bin/docker-app-start
RUN chmod +x /usr/local/bin/docker-app-start
CMD ["docker-app-start"]

36
docker-compose.yml Normal file
View File

@ -0,0 +1,36 @@
version: '3'
services:
#db:
# image: mysql:5.7
# environment:
# MYSQL_DATABASE: symfony
# MYSQL_USER: symfony
# MYSQL_PASSWORD: symfony
# MYSQL_RANDOM_ROOT_PASSWORD: 'true'
# volumes:
# - db-data:/var/lib/mysql
# healthcheck:
# test: mysql --user=api_platform --password=api_platform -e "SELECT 1" api_platform
php:
build: .
#depends_on:
# - db
volumes:
- ./:/srv/api-platform
env_file:
- .env
nginx:
image: nginx:1.11-alpine
depends_on:
- php
ports:
- '80:80'
volumes:
- ./docker/nginx/conf.d:/etc/nginx/conf.d:ro
- ./:/srv/api-platform
#volumes:
# db-data:

View File

@ -0,0 +1,35 @@
server {
root /srv/api-platform/web;
location / {
# try to serve file directly, fallback to app.php
try_files $uri /index.php$is_args$args;
}
location ~ ^/index\.php(/|$) {
fastcgi_pass php:9000;
fastcgi_split_path_info ^(.+\.php)(/.*)$;
include fastcgi_params;
# When you are using symlinks to link the document root to the
# current version of your application, you should pass the real
# application path instead of the path to the symlink to PHP
# FPM.
# Otherwise, PHP's OPcache may not properly detect changes to
# your PHP files (see https://github.com/zendtech/ZendOptimizerPlus/issues/126
# for more information).
fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;
fastcgi_param DOCUMENT_ROOT $realpath_root;
# Prevents URIs that include the front controller. This will 404:
# http://domain.tld/app.php/some-path
# Remove the internal directive to allow URIs like this
internal;
}
# return 404 for all other php files not matching the front controller
# this prevents access to other php files you don't want to be accessible.
location ~ \.php$ {
return 404;
}
error_log /var/log/nginx/app_error.log;
access_log /var/log/nginx/app_access.log;
}

17
docker/php/install-composer.sh Executable file
View File

@ -0,0 +1,17 @@
#!/bin/sh
EXPECTED_SIGNATURE=$(wget -q -O - https://composer.github.io/installer.sig)
php -r "copy('https://getcomposer.org/installer', 'composer-setup.php');"
ACTUAL_SIGNATURE=$(php -r "echo hash_file('SHA384', 'composer-setup.php');")
if [ "$EXPECTED_SIGNATURE" != "$ACTUAL_SIGNATURE" ]
then
>&2 echo 'ERROR: Invalid installer signature'
rm composer-setup.php
exit 1
fi
php composer-setup.php --quiet
RESULT=$?
rm composer-setup.php
exit $RESULT

9
docker/php/php.ini Normal file
View File

@ -0,0 +1,9 @@
apc.enable_cli = 1
date.timezone = UTC
session.auto_start = Off
short_open_tag = Off
# http://symfony.com/doc/current/performance.html
opcache.max_accelerated_files = 20000
realpath_cache_size = 4096K
realpath_cache_ttl = 600

16
docker/php/start.sh Normal file
View File

@ -0,0 +1,16 @@
#!/bin/sh
set -xe
# Detect the host IP
export DOCKER_BRIDGE_IP=$(ip ro | grep default | cut -d' ' -f 3)
if [ "APP_ENV" = 'prod' ]; then
composer install --prefer-dist --no-dev --no-progress --no-suggest --optimize-autoloader --classmap-authoritative
else
composer install --prefer-dist --no-progress --no-suggest
fi
# Permissions hack because setfacl does not work on Mac and Windows
chown -R www-data var
exec php-fpm

36
web/index.php Normal file
View File

@ -0,0 +1,36 @@
<?php
use App\Kernel;
use Symfony\Component\Dotenv\Dotenv;
use Symfony\Component\HttpFoundation\Request;
use Symfony\Component\Debug\Debug;
require __DIR__.'/../vendor/autoload.php';
if (getenv('APP_DEBUG')) {
// This check prevents access to debug front controllers that are deployed by accident to production servers.
// Feel free to remove this, extend it, or make something more sophisticated.
$whitelistedIps = ['127.0.0.1', '::1'];
// Allow access from the host
if ($dockerBridgeIp = getenv('DOCKER_BRIDGE_IP')) {
$whitelistedIps[] = $dockerBridgeIp;
}
if (isset($_SERVER['HTTP_CLIENT_IP'])
|| isset($_SERVER['HTTP_X_FORWARDED_FOR'])
|| !(in_array(@$_SERVER['REMOTE_ADDR'], $whitelistedIps) || php_sapi_name() === 'cli-server')
) {
header('HTTP/1.0 403 Forbidden');
exit('You are not allowed to access this file. Check '.basename(__FILE__).' for more information.');
}
Debug::enable();
}
// Request::setTrustedProxies(['0.0.0.0/0'], Request::HEADER_FORWARDED);
$kernel = new Kernel(getenv('APP_ENV'), getenv('APP_DEBUG'));
$request = Request::createFromGlobals();
$response = $kernel->handle($request);
$response->send();
$kernel->terminate($request, $response);