feat: Use Caddy server (#75)

* feat: Use Caddy server

* cs

Dockerfile

@@ -5,7 +5,7 @@
 
 # https://docs.docker.com/engine/reference/builder/#understand-how-arg-and-from-interact
 ARG PHP_VERSION=7.4
-ARG NGINX_VERSION=1.19
+ARG CADDY_VERSION=2.1.1
 
 # "php" stage
 FROM php:${PHP_VERSION}-fpm-alpine AS symfony_php
@@ -109,56 +109,15 @@ RUN chmod +x /usr/local/bin/docker-entrypoint
 ENTRYPOINT ["docker-entrypoint"]
 CMD ["php-fpm"]
 
+FROM caddy:${CADDY_VERSION}-builder-alpine AS symfony_caddy_builder
 
-# "nginx" stage
+RUN xcaddy build \
-# depends on the "php" stage above
+    --with github.com/dunglas/vulcain/caddy
-FROM nginx:${NGINX_VERSION}-alpine AS symfony_nginx
 
-COPY docker/nginx/conf.d/default.conf /etc/nginx/conf.d/default.conf
+FROM caddy:${CADDY_VERSION} AS symfony_caddy
 
 WORKDIR /srv/app
 
+COPY --from=symfony_caddy_builder /usr/bin/caddy /usr/bin/caddy
 COPY --from=symfony_php /srv/app/public public/
-
+COPY docker/caddy/Caddyfile /etc/caddy/Caddyfile
-# "h2-proxy-cert" stage
-FROM alpine:latest AS symfony_h2-proxy-cert
-
-RUN apk add --no-cache \
-        ca-certificates \
-        openssl \
-    ;
-
-# Allow to set server name
-ARG SERVER_NAME="localhost"
-ENV SERVER_NAME=${SERVER_NAME}
-
-# Use this self-generated certificate only in dev, IT IS NOT SECURE!
-# create the private key
-RUN openssl genrsa -des3 -passout pass:NotSecure -out server.pass.key 2048
-RUN openssl rsa -passin pass:NotSecure -in server.pass.key -out server.key \
-        && rm server.pass.key
-
-# create a request to sign certificate
-RUN openssl req -new -passout pass:NotSecure -key server.key -out server.csr \
-        -subj "/C=SS/ST=SS/L=Gotham City/O=Symfony/CN=${SERVER_NAME}"
-
-# create an extensions configuration file
-RUN set -eux; \
-	{ \
-		echo "[ v3_ca  ]"; \
-		echo "subjectAltName = DNS:${SERVER_NAME}"; \
-		echo "extendedKeyUsage = serverAuth"; \
-	} > extfile.cnf
-
-# create the signed certificate
-RUN openssl x509 -req -sha256 -extensions v3_ca -extfile extfile.cnf -days 365 \
-        -in server.csr -signkey server.key -out server.crt \
-        && rm extfile.cnf \
-        && update-ca-certificates
-
-### "h2-proxy" stage
-FROM nginx:${NGINX_VERSION}-alpine AS symfony_h2-proxy
-
-RUN mkdir -p /etc/nginx/ssl/
-COPY --from=symfony_h2-proxy-cert server.key server.crt /etc/nginx/ssl/
-COPY ./docker/h2-proxy/default.conf /etc/nginx/conf.d/default.conf

README.md

@@ -10,6 +10,15 @@ A [Docker](https://www.docker.com/)-based installer and runtime for the [Symfony
 2. Open `https://localhost` in your favorite web browser and [accept the auto-generated TLS certificate](https://stackoverflow.com/a/15076602/1352334)
 3. **Enjoy!**
 
+## Features
+
+* Production, development and CI ready
+* Automatic HTTPS (in dev and in prod!)
+* HTTP/2, HTTP/3 and [Server Push](https://symfony.com/doc/current/web_link.html) support
+* [Vulcain](https://vulcain.rocks)-enabled
+* Just 2 services (PHP FPM and Caddy server)
+* Super-readable configuration
+
 ## Selecting a Specific Symfony Version
 
 Use the `SYMFONY_VERSION` environment variable to select a specific Symfony version.

docker-compose.override.yml

@@ -11,19 +11,7 @@ services:
     environment:
       APP_ENV: dev
 
-  nginx:
+  caddy:
     volumes:
-      - ./docker/nginx/conf.d:/etc/nginx/conf.d:ro
+      - ./docker/caddy/Caddyfile:/etc/caddy/Caddyfile:ro
       - ./public:/srv/app/public:ro
-
-    # This HTTP/2 proxy is not secure: it should only be used in dev
-  h2-proxy:
-    build:
-      context: .
-      target: symfony_h2-proxy
-    depends_on:
-      - nginx
-    volumes:
-      - ./docker/h2-proxy/default.conf:/etc/nginx/conf.d/default.conf:ro
-    ports:
-      - "443:443"

docker-compose.yml

@@ -8,7 +8,7 @@ services:
       args:
         SYMFONY_VERSION: ${SYMFONY_VERSION:-}
         STABILITY: ${STABILITY:-stable}
-        SERVER_NAME: ${SERVER_NAME:-localhost}
+    restart: unless-stopped
     healthcheck:
       interval: 10s
       timeout: 3s
@@ -17,11 +17,20 @@ services:
     environment:
       SYMFONY_VERSION:
 
-  nginx:
+  caddy:
     build:
       context: .
-      target: symfony_nginx
+      target: symfony_caddy
-    depends_on:
+    environment:
-      - php
+      SERVER_NAME: ${SERVER_NAME:-localhost}
+    restart: unless-stopped
     ports:
       - "80:80"
+      - "443:443"
+    volumes:
+      - caddy_data:/data
+      - caddy_config:/config
+
+volumes:
+  caddy_data:
+  caddy_config:

docker/caddy/Caddyfile

@@ -0,0 +1,12 @@
+{
+    experimental_http3
+}
+
+{$SERVER_NAME}
+
+route {
+    root * /srv/app/public
+    vulcain
+    push
+    php_fastcgi php:9000
+}

docker/h2-proxy/default.conf

@@ -1,16 +0,0 @@
-server {
-    listen 443 ssl http2;
-    listen [::]:443 ssl http2;
-
-    ssl_certificate /etc/nginx/ssl/server.crt;
-    ssl_certificate_key /etc/nginx/ssl/server.key;
-
-    location / {
-        proxy_set_header Host $host;
-        proxy_set_header X-Real-IP $remote_addr;
-        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-        proxy_set_header X-Forwarded-Proto $scheme;
-
-        proxy_pass http://nginx;
-    }
-}

docker/nginx/conf.d/default.conf

@@ -1,36 +0,0 @@
-server {
-    root /srv/app/public;
-
-    location / {
-        # try to serve file directly, fallback to index.php
-        try_files $uri /index.php$is_args$args;
-    }
-    location ~ ^/index\.php(/|$) {
-        #resolver 127.0.0.11;
-        #set $upstream_host php;
-        #fastcgi_pass $upstream_host:9000;
-        # Uncomment the previous lines and comment the next one to enable dynamic resolution (incompatible with Kubernetes)
-        fastcgi_pass php:9000;
-        fastcgi_split_path_info ^(.+\.php)(/.*)$;
-        include fastcgi_params;
-        # When you are using symlinks to link the document root to the
-        # current version of your application, you should pass the real
-        # application path instead of the path to the symlink to PHP
-        # FPM.
-        # Otherwise, PHP's OPcache may not properly detect changes to
-        # your PHP files (see https://github.com/zendtech/ZendOptimizerPlus/issues/126
-        # for more information).
-        fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;
-        fastcgi_param DOCUMENT_ROOT $realpath_root;
-        # Prevents URIs that include the front controller. This will 404:
-        # http://domain.tld/index.php/some-path
-        # Remove the internal directive to allow URIs like this
-        internal;
-    }
-
-    # return 404 for all other php files not matching the front controller
-    # this prevents access to other php files you don't want to be accessible.
-    location ~ \.php$ {
-      return 404;
-    }
-}