diff --git a/Dockerfile b/Dockerfile index 71fc7be..c50f22b 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,13 +1,13 @@ FROM php:7.1-fpm-alpine +WORKDIR /srv/app + RUN apk add --no-cache --virtual .persistent-deps \ git \ icu-libs \ - make \ zlib ENV APCU_VERSION 5.1.8 - RUN set -xe \ && apk add --no-cache --virtual .build-deps \ $PHPIZE_DEPS \ @@ -37,27 +37,22 @@ RUN set -xe \ # https://getcomposer.org/doc/03-cli.md#composer-allow-superuser ENV COMPOSER_ALLOW_SUPERUSER 1 -RUN composer global require "hirak/prestissimo:^0.3" --prefer-dist --no-progress --no-suggest --optimize-autoloader --classmap-authoritative \ - && composer clear-cache - -WORKDIR /srv/app - -COPY . . -# Cleanup unneeded files -RUN rm -Rf docker/ - -# Download the Symfony skeleton -ENV SKELETON_COMPOSER_JSON https://raw.githubusercontent.com/symfony/skeleton/v3.3.2/composer.json -RUN [ -f composer.json ] || php -r "copy('$SKELETON_COMPOSER_JSON', 'composer.json');" - -RUN mkdir -p var/cache var/logs var/sessions \ - && composer install --prefer-dist --no-dev --no-progress --no-suggest --optimize-autoloader --classmap-authoritative --no-interaction \ - && composer clear-cache \ -# Permissions hack because setfacl does not work on Mac and Windows - && chown -R www-data var +# Use prestissimo to speed up builds +RUN composer global require "hirak/prestissimo:^0.3" --prefer-dist --no-progress --no-suggest --optimize-autoloader --classmap-authoritative --no-interaction COPY docker/app/docker-entrypoint.sh /usr/local/bin/docker-app-entrypoint RUN chmod +x /usr/local/bin/docker-app-entrypoint +# Download the Symfony skeleton and leverage Docker cache layers +ENV STABILITY stable +RUN composer create-project "symfony/skeleton" . --stability=$STABILITY --prefer-dist --no-dev --no-progress --no-scripts --no-plugins --no-interaction + +COPY . . + +RUN mkdir -p var/cache var/logs var/sessions \ + && composer install --prefer-dist --no-dev --no-progress --no-suggest --classmap-authoritative --no-interaction \ + && composer clear-cache \ + && chown -R www-data var # Permissions hack because setfacl does not work on Mac and Windows + ENTRYPOINT ["docker-app-entrypoint"] CMD ["php-fpm"] diff --git a/Dockerfile.h2-proxy b/Dockerfile.h2-proxy new file mode 100644 index 0000000..475a65e --- /dev/null +++ b/Dockerfile.h2-proxy @@ -0,0 +1,17 @@ +FROM alpine:latest + +RUN apk add --no-cache openssl + +# Use this self-generated certificate only in dev, IT IS NOT SECURE! +RUN openssl genrsa -des3 -passout pass:NotSecure -out server.pass.key 2048 +RUN openssl rsa -passin pass:NotSecure -in server.pass.key -out server.key +RUN rm server.pass.key +RUN openssl req -new -passout pass:NotSecure -key server.key -out server.csr \ + -subj '/C=SS/ST=SS/L=Gotham City/O=Symfony/CN=localhost' +RUN openssl x509 -req -sha256 -days 365 -in server.csr -signkey server.key -out server.crt + +FROM httpd:2.4-alpine + +COPY --from=0 server.key /usr/local/apache2/conf/server.key +COPY --from=0 server.crt /usr/local/apache2/conf/server.crt +COPY ./docker/httpd/httpd.conf /usr/local/apache2/conf/httpd.conf diff --git a/docker-compose.yml b/docker-compose.yaml similarity index 70% rename from docker-compose.yml rename to docker-compose.yaml index 706e2d7..e5be861 100644 --- a/docker-compose.yml +++ b/docker-compose.yaml @@ -12,7 +12,6 @@ services: - /srv/app/var/cache/ - /srv/app/var/logs/ - /srv/app/var/sessions/ - - /srv/app/vendor/ nginx: build: @@ -24,3 +23,13 @@ services: - ./public:/srv/app/public:ro ports: - '80:80' + + # This HTTP/2 proxy is not secure: it should only be used in dev + h2-proxy: + build: + context: . + dockerfile: ./Dockerfile.h2-proxy + volumes: + - ./docker/httpd/httpd.conf:/usr/local/apache2/conf/httpd.conf:ro + ports: + - '443:443' diff --git a/docker/app/docker-entrypoint.sh b/docker/app/docker-entrypoint.sh index 23258c6..6aee256 100755 --- a/docker/app/docker-entrypoint.sh +++ b/docker/app/docker-entrypoint.sh @@ -7,10 +7,13 @@ if [ "${1#-}" != "$1" ]; then fi if [ "$1" = 'php-fpm' ] || [ "$1" = 'bin/console' ]; then - # The first time volumes are mounted, dependencies need to be reinstalled + # The first time volumes are mounted, the project needs to be recreated if [ ! -f composer.json ]; then - rm -Rf vendor/* - php -r "copy('$SKELETON_COMPOSER_JSON', 'composer.json');" + composer create-project "symfony/skeleton" tmp --stability=$STABILITY --prefer-dist --no-progress --no-interaction + cp -Rp tmp/. . + rm -Rf tmp/ + elif [ "$APP_ENV" != 'prod' ]; then + # Always try to reinstall deps when not in prod composer install --prefer-dist --no-progress --no-suggest --no-interaction fi diff --git a/docker/httpd/httpd.conf b/docker/httpd/httpd.conf new file mode 100644 index 0000000..abc6dd8 --- /dev/null +++ b/docker/httpd/httpd.conf @@ -0,0 +1,27 @@ +ServerName localhost +Listen 443 + +SSLEngine on +SSLCertificateFile "/usr/local/apache2/conf/server.crt" +SSLCertificateKeyFile "/usr/local/apache2/conf/server.key" +SSLSessionCache "shmcb:/usr/local/apache2/logs/ssl_scache(512000)" + +User daemon +Group daemon + +ErrorLog /proc/self/fd/2 +CustomLog /proc/self/fd/1 "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" + +Protocols h2 http/1.1 + +ProxyPass / http://nginx/ +ProxyPassReverse / http://nginx/ + +LoadModule authz_core_module modules/mod_authz_core.so +LoadModule http2_module modules/mod_http2.so +LoadModule log_config_module modules/mod_log_config.so +LoadModule proxy_module modules/mod_proxy.so +LoadModule proxy_http_module modules/mod_proxy_http.so +LoadModule socache_shmcb_module modules/mod_socache_shmcb.so +LoadModule ssl_module modules/mod_ssl.so +LoadModule unixd_module modules/mod_unixd.so