forked from ilios/ilios
-
Notifications
You must be signed in to change notification settings - Fork 1
/
Dockerfile
308 lines (268 loc) · 11.8 KB
/
Dockerfile
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
###############################################################################
# Contains all of the ilios src code for use in other containers
###############################################################################
FROM scratch as src
COPY composer.* symfony.lock LICENSE /src/app/
COPY config /src/app/config/
COPY custom /src/app/custom/
COPY src /src/app/src/
COPY templates /src/app/templates/
COPY migrations /src/app/migrations/
COPY bin/console /src/app/bin/
COPY public/index.php /src/app/public/
COPY public/theme-overrides/ /src/app/public/theme-overrides/
###############################################################################
# Nginx Configured to Run Ilios from an FPM host
###############################################################################
FROM nginx:1.19-alpine as nginx
LABEL maintainer="Ilios Project Team <[email protected]>"
COPY --from=src /src/app /srv/app/
COPY docker/nginx.conf.template /etc/nginx/templates/default.conf.template
# Setup PHP servers in ENV so we can round robin easily
ENV FPM_CONTAINERS=fpm:9000
# Docker builtin nameserver
ENV NGINX_NAMESERVERS=127.0.0.11
ARG ILIOS_VERSION="v0.1.0"
RUN echo ${ILIOS_VERSION} > /srv/app/VERSION
HEALTHCHECK --interval=5s CMD /usr/bin/nc -vz -w1 localhost 80
###############################################################################
# Dependencies we need in all PHP containers
# Production ready composer pacakges installed
###############################################################################
FROM php:8.1-fpm as php-base
LABEL maintainer="Ilios Project Team <[email protected]>"
COPY --from=composer:latest /usr/bin/composer /usr/bin/composer
COPY --from=src /src/app /srv/app/
# configure PHP extensions required for Ilios and delete the source files after install
RUN set -eux; \
apt-get update; \
apt-get install -y \
libldap2-dev \
libldap-common \
zlib1g-dev \
libicu-dev \
libzip-dev \
libzip4 \
unzip \
acl \
libfcgi-bin; \
docker-php-ext-configure ldap; \
docker-php-ext-install ldap; \
docker-php-ext-install zip; \
docker-php-ext-install pdo_mysql; \
docker-php-ext-install intl; \
mkdir -p /usr/src/php/ext/apcu; \
curl -fsSL https://pecl.php.net/get/apcu | tar xvz -C "/usr/src/php/ext/apcu" --strip 1; \
docker-php-ext-install apcu; \
docker-php-ext-enable apcu; \
pecl install redis \
&& docker-php-ext-enable redis; \
docker-php-ext-enable opcache; \
rm -rf /var/lib/apt/lists/*; \
rm -rf /tmp/pear; \
# remove the apt source files to save space
apt-get purge libldap2-dev zlib1g-dev libicu-dev -y; \
apt-get autoremove -y;
ENV \
APP_ENV=prod \
APP_DEBUG=false \
ILIOS_DATABASE_URL="sqlite:///%kernel.project_dir%/var/data.db" \
ILIOS_FILE_SYSTEM_STORAGE_PATH="/srv/app/var/tmp/ilios-storage/" \
MAILER_DSN=null://null \
ILIOS_LOCALE=en \
ILIOS_SECRET=ThisTokenIsNotSoSecretChangeIt \
ILIOS_REQUIRE_SECURE_CONNECTION=false \
MESSENGER_TRANSPORT_DSN=doctrine://default
# https://getcomposer.org/doc/03-cli.md#composer-allow-superuser
ENV COMPOSER_ALLOW_SUPERUSER=1
ENV PATH="${PATH}:/root/.composer/vendor/bin"
WORKDIR /srv/app
RUN /usr/bin/touch .env
RUN set -eux; \
mkdir -p var/cache var/log; \
composer install --prefer-dist --no-dev --no-progress --no-scripts --no-interaction; \
composer dump-autoload --classmap-authoritative --no-dev; \
composer symfony:dump-env prod; \
composer run-script --no-dev post-install-cmd; \
chmod +x bin/console; \
bin/console cache:warmup; \
sync
VOLUME /srv/app/var
ARG ILIOS_VERSION="v0.1.0"
RUN echo ${ILIOS_VERSION} > VERSION
COPY docker/fpm/symfony.prod.ini $PHP_INI_DIR/conf.d/symfony.ini
COPY docker/fpm/ilios.ini $PHP_INI_DIR/conf.d/ilios.ini
RUN ln -sf "$PHP_INI_DIR/php.ini-production" "$PHP_INI_DIR/php.ini"
COPY docker/fpm/zz-docker.conf /usr/local/etc/php-fpm.d/zz-docker.conf
COPY docker/fpm/docker-entrypoint.sh /usr/local/bin/docker-entrypoint
RUN chmod +x /usr/local/bin/docker-entrypoint
ENTRYPOINT ["docker-entrypoint"]
CMD ["php-fpm"]
###############################################################################
# FPM configured to run ilios
# Really just a wrapper around php-base, but here in case we need to modify it
###############################################################################
FROM php-base as fpm
LABEL maintainer="Ilios Project Team <[email protected]>"
COPY docker/fpm/docker-healthcheck.sh /usr/local/bin/docker-healthcheck
RUN chmod +x /usr/local/bin/docker-healthcheck
HEALTHCHECK --timeout=1s --retries=10 CMD ["docker-healthcheck"]
###############################################################################
# FPM configured for development
# Runs a dev environment and composer dependencies
###############################################################################
FROM fpm as fpm-dev
LABEL maintainer="Ilios Project Team <[email protected]>"
ENV APP_ENV dev
ENV APP_DEBUG true
COPY docker/fpm/symfony.dev.ini $PHP_INI_DIR/conf.d/symfony.ini
RUN ln -sf "$PHP_INI_DIR/php.ini-development" "$PHP_INI_DIR/php.ini"
RUN set -eux; \
composer install --prefer-dist --no-progress --no-interaction; \
rm -f .env.local.php; \
composer run-script post-install-cmd; \
bin/console cache:warmup; \
sync
###############################################################################
# Admin container, allows SSH access so it can be deployed as a bastion server
###############################################################################
FROM php-base as admin
LABEL maintainer="Ilios Project Team <[email protected]>"
# semi-colon seperates list of github users that can SSH in
ENV GITHUB_ACCOUNT_SSH_USERS=''
RUN apt-get update && \
apt-get install -y wget openssh-server sudo netcat default-mysql-client vim telnet && \
rm -rf /var/lib/apt/lists/* && \
apt-get autoremove -y
# This doesn't get created automatically, don't know why
RUN mkdir /run/sshd
# Remove password based authentication for SSH
RUN sed -i 's/#PasswordAuthentication yes/PasswordAuthentication no/' /etc/ssh/sshd_config
# Pass environmental variables to SSH sessions
RUN sed -i 's/#PermitUserEnvironment no/PermitUserEnvironment yes/' /etc/ssh/sshd_config
# allow users in the sudo group to do wo without a password
RUN /bin/echo "%sudo ALL=(ALL) NOPASSWD: ALL" > /etc/sudoers.d/no-password-group
COPY docker/admin-entrypoint /entrypoint
# expose the ssh port
EXPOSE 22
ENTRYPOINT /entrypoint
HEALTHCHECK CMD nc -vz 127.0.0.1 22 || exit 1
###############################################################################
# Single purpose container to updates the frontend
# Can be run on a schedule as needed and MUST share /srv/app with the
# fpm and nginx containers in order to provide the shared static files that
# have to be in sync
###############################################################################
FROM php-base as update-frontend
ENTRYPOINT ["bin/console"]
CMD ["ilios:update-frontend"]
###############################################################################
# Single purpose container that starts a message consumer
# Should be setup to run and restart itself when it shuts down which it will
# do every hour
###############################################################################
FROM php-base as consume-messages
ENTRYPOINT bin/console ilios:wait-for-database; \
bin/console ilios:wait-for-index; \
bin/console messenger:consume async
###############################################################################
# MySQL configured as needed for Ilios
###############################################################################
FROM mysql:8.0-oracle as mysql
LABEL maintainer="Ilios Project Team <[email protected]>"
ENV MYSQL_RANDOM_ROOT_PASSWORD yes
COPY docker/mysql.cnf /etc/mysql/conf.d/ilios.cnf
RUN chmod 755 /etc/mysql/conf.d/ilios.cnf
###############################################################################
# Setup a mysql server running the demo database for use in development
###############################################################################
FROM mysql as mysql-demo
LABEL maintainer="Ilios Project Team <[email protected]>"
ENV MYSQL_USER ilios
ENV MYSQL_PASSWORD ilios
ENV MYSQL_DATABASE ilios
ENV DEMO_DATABASE_LOCATION https://s3-us-west-2.amazonaws.com/ilios-demo-db.iliosproject.org/latest_db/ilios3_demosite_db.sql.gz
RUN set -eux; \
microdnf install -y wget; \
microdnf clean all;
COPY docker/fetch-demo-database.sh /fetch-demo-database.sh
RUN /bin/bash /fetch-demo-database.sh
###############################################################################
# Setup elasticsearch with the plugins we needed
###############################################################################
FROM elasticsearch:7.13.1 as elasticsearch
LABEL maintainer="Ilios Project Team <[email protected]>"
RUN bin/elasticsearch-plugin install -b ingest-attachment
###############################################################################
# Setup redis with needed config
###############################################################################
FROM redis:7-alpine as redis
LABEL maintainer="Ilios Project Team <[email protected]>"
COPY docker/redis/redis.conf /usr/local/etc/redis/redis.conf
CMD [ "redis-server", "/usr/local/etc/redis/redis.conf" ]
###############################################################################
# Our original and still relevant apache based runtime, includes everything in
# a single container
###############################################################################
FROM php:8.1-apache as php-apache
LABEL maintainer="Ilios Project Team <[email protected]>"
COPY --from=composer:latest /usr/bin/composer /usr/bin/composer
COPY --from=src /src/app /var/www/ilios
#Copy .htaccess files which are not included in src image
COPY ./public/.htaccess /var/www/ilios/public
COPY ./src/.htaccess /var/www/ilios/src
# configure Apache and the PHP extensions required for Ilios and delete the source files after install
RUN set -eux; \
apt-get update; \
apt-get install acl libldap2-dev libldap-common zlib1g-dev libicu-dev libzip-dev libzip4 unzip -y; \
docker-php-ext-configure ldap; \
docker-php-ext-install ldap; \
docker-php-ext-install zip; \
docker-php-ext-install pdo_mysql; \
docker-php-ext-install intl; \
mkdir -p /usr/src/php/ext/apcu; \
curl -fsSL https://pecl.php.net/get/apcu | tar xvz -C "/usr/src/php/ext/apcu" --strip 1; \
docker-php-ext-install apcu; \
docker-php-ext-enable opcache; \
pecl install redis \
&& docker-php-ext-enable redis; \
# enable modules
a2enmod rewrite mpm_prefork deflate headers; \
rm -rf /var/lib/apt/lists/*; \
rm -rf /tmp/pear; \
# remove the apt source files to save space
apt-get purge libldap2-dev zlib1g-dev libicu-dev -y; \
apt-get autoremove -y;
COPY ./docker/php.ini $PHP_INI_DIR
COPY ./docker/apache.conf /etc/apache2/sites-available/000-default.conf
# add our own entrypoint scripts
COPY docker/php-apache-entrypoint /usr/local/bin/
ENV \
COMPOSER_HOME=/tmp \
COMPOSER_ALLOW_SUPERUSER=1 \
APP_ENV=prod \
APP_DEBUG=false \
MAILER_DSN=null://null \
ILIOS_DATABASE_URL="sqlite:///%kernel.project_dir%/var/data.db" \
ILIOS_LOCALE=en \
ILIOS_SECRET=ThisTokenIsNotSoSecretChangeIt \
ILIOS_REQUIRE_SECURE_CONNECTION=false \
MESSENGER_TRANSPORT_DSN=doctrine://default
WORKDIR /var/www/ilios
RUN /usr/bin/touch .env
RUN /usr/bin/composer install \
--prefer-dist \
--no-dev \
--no-progress \
--no-interaction \
--no-suggest \
--classmap-authoritative \
#creates an empty env.php file, real ENV values will control the app
&& /usr/bin/composer dump-env prod \
&& composer run-script --no-dev post-install-cmd
ARG ILIOS_VERSION="v0.1.0"
RUN echo ${ILIOS_VERSION} > VERSION
USER root
ENTRYPOINT ["php-apache-entrypoint"]
CMD ["apache2-foreground"]
EXPOSE 80