From 3bcdb647142f29ecef95decba687a1c255d24eed Mon Sep 17 00:00:00 2001 From: Daniel Jun Suguimoto Date: Tue, 3 Dec 2024 19:26:18 -0300 Subject: [PATCH 1/2] adding php 8.4 --- .github/workflows/ci-cd.yml | 2 +- 8.4-nginx-prod/Dockerfile | 62 +++++++++++++++++ 8.4-nginx-prod/default.tmpl | 53 +++++++++++++++ 8.4-nginx-prod/entrypoint | 25 +++++++ 8.4-nginx-prod/supervisor.conf | 12 ++++ 8.4-nginx/Dockerfile | 62 +++++++++++++++++ 8.4-nginx/default.tmpl | 53 +++++++++++++++ 8.4-nginx/entrypoint | 34 +++++++++ 8.4-nginx/supervisor.conf | 12 ++++ 8.4-node/Dockerfile | 4 ++ 8.4-prod/Dockerfile | 85 +++++++++++++++++++++++ 8.4-prod/entrypoint | 24 +++++++ 8.4-prod/kool.ini | 51 ++++++++++++++ 8.4-prod/zz-docker.conf | 48 +++++++++++++ 8.4/Dockerfile | 87 ++++++++++++++++++++++++ 8.4/entrypoint | 33 +++++++++ 8.4/kool.ini | 29 ++++++++ 8.4/zz-docker.conf | 48 +++++++++++++ fwd-template.json | 121 +++++++++++++++++++++++++++++++++ kool.yml | 7 ++ 20 files changed, 851 insertions(+), 1 deletion(-) create mode 100644 8.4-nginx-prod/Dockerfile create mode 100644 8.4-nginx-prod/default.tmpl create mode 100644 8.4-nginx-prod/entrypoint create mode 100644 8.4-nginx-prod/supervisor.conf create mode 100644 8.4-nginx/Dockerfile create mode 100644 8.4-nginx/default.tmpl create mode 100644 8.4-nginx/entrypoint create mode 100644 8.4-nginx/supervisor.conf create mode 100644 8.4-node/Dockerfile create mode 100644 8.4-prod/Dockerfile create mode 100644 8.4-prod/entrypoint create mode 100644 8.4-prod/kool.ini create mode 100644 8.4-prod/zz-docker.conf create mode 100644 8.4/Dockerfile create mode 100644 8.4/entrypoint create mode 100644 8.4/kool.ini create mode 100644 8.4/zz-docker.conf diff --git a/.github/workflows/ci-cd.yml b/.github/workflows/ci-cd.yml index 02c5e4e..0599404 100644 --- a/.github/workflows/ci-cd.yml +++ b/.github/workflows/ci-cd.yml @@ -12,7 +12,7 @@ jobs: strategy: matrix: - version: ['8.0', '8.1', '8.2', '8.3'] + version: ['8.0', '8.1', '8.2', '8.3', '8.4'] type: ['', '-prod'] steps: diff --git a/8.4-nginx-prod/Dockerfile b/8.4-nginx-prod/Dockerfile new file mode 100644 index 0000000..14c46e2 --- /dev/null +++ b/8.4-nginx-prod/Dockerfile @@ -0,0 +1,62 @@ +FROM debian AS cert + +WORKDIR /kool/ssl + +RUN apt-get update && \ + apt-get install -y openssl && \ + openssl genrsa -des3 -passout pass:x -out server.pass.key 2048 && \ + openssl rsa -passin pass:x -in server.pass.key -out _.localhost.key && \ + rm server.pass.key && \ + openssl req -new -key _.localhost.key -out server.csr \ + -subj "/C=XX/ST=XX/L=XX/O=Kool-Local/OU=Localhost/CN=*.localhost" && \ + openssl x509 -req -days 365 -in server.csr -signkey _.localhost.key -out _.localhost.crt && \ + openssl x509 -in _.localhost.crt -out _.localhost.pem + +FROM kooldev/php:8.4-prod + +ENV PHP_FPM_LISTEN=/run/php-fpm.sock \ + NGINX_LISTEN=80 \ + NGINX_HTTPS=false \ + NGINX_LISTEN_HTTPS=443 \ + NGINX_HTTPS_CERT=/kool/ssl/_.localhost.pem \ + NGINX_HTTPS_CERT_KEY=/kool/ssl/_.localhost.key \ + NGINX_ROOT=/app/public \ + NGINX_INDEX=index.php \ + NGINX_CLIENT_MAX_BODY_SIZE=25M \ + NGINX_PHP_FPM=unix:/run/php-fpm.sock \ + NGINX_FASTCGI_READ_TIMEOUT=60s \ + NGINX_FASTCGI_BUFFERS='8 8k' \ + NGINX_FASTCGI_BUFFER_SIZE='16k' \ + NGINX_ENTRYPOINT_WORKER_PROCESSES_AUTOTUNE=true + +RUN curl -L https://github.com/ochinchina/supervisord/releases/download/v0.6.3/supervisord_static_0.6.3_linux_amd64 -o /usr/local/bin/supervisord \ + && chmod +x /usr/local/bin/supervisord \ + && apk add --no-cache nginx \ + && chown -R kool:kool /var/lib/nginx \ + && chmod 770 /var/lib/nginx/tmp \ + && ln -sf /dev/stdout /var/log/nginx/access.log \ + && ln -sf /dev/stderr /var/log/nginx/error.log \ + # add h5bp/server-configs-nginx + && mkdir -p /etc/nginx/conf.d \ + && mkdir /etc/nginx/h5bp \ + && cd /etc/nginx/h5bp \ + && wget https://github.com/h5bp/server-configs-nginx/archive/refs/tags/3.3.0.tar.gz -O h5bp.tgz \ + && tar xzvf h5bp.tgz \ + && rm -f h5bp.tgz \ + && mv server-configs-nginx-*/h5bp/* . \ + && mv server-configs-nginx-*/nginx.conf /etc/nginx/nginx.conf \ + && sed -i "s|^user .*|user\ kool kool;|g" /etc/nginx/nginx.conf \ + && mv server-configs-nginx-*/mime.types /etc/nginx/mime.types \ + && rm -rf server-configs-nginx-* \ + && curl -L https://raw.githubusercontent.com/nginxinc/docker-nginx/master/entrypoint/30-tune-worker-processes.sh -o /kool/30-tune-worker-processes.sh \ + && chmod +x /kool/30-tune-worker-processes.sh + +COPY supervisor.conf /kool/supervisor.conf +COPY default.tmpl /kool/default.tmpl +COPY entrypoint /kool/entrypoint +COPY --from=cert /kool/ssl /kool/ssl +RUN chmod +x /kool/entrypoint + +EXPOSE 80 + +CMD [ "supervisord", "-c", "/kool/supervisor.conf" ] diff --git a/8.4-nginx-prod/default.tmpl b/8.4-nginx-prod/default.tmpl new file mode 100644 index 0000000..e4d9421 --- /dev/null +++ b/8.4-nginx-prod/default.tmpl @@ -0,0 +1,53 @@ +server { + listen {{ .Env.NGINX_LISTEN }} default_server; + server_name _; +{{ if isTrue .Env.NGINX_HTTPS }} + listen {{ .Env.NGINX_LISTEN_HTTPS }} ssl http2; + ssl_certificate {{ .Env.NGINX_HTTPS_CERT }}; + ssl_certificate_key {{ .Env.NGINX_HTTPS_CERT_KEY }}; + ssl_protocols TLSv1 TLSv1.1 TLSv1.2; + ssl_ciphers HIGH:!aNULL:!MD5; +{{ end }} + root {{ .Env.NGINX_ROOT }}; + index {{ .Env.NGINX_INDEX }}; + charset utf-8; + + location = /favicon.ico { log_not_found off; access_log off; } + location = /robots.txt { log_not_found off; access_log off; } + + client_max_body_size {{ .Env.NGINX_CLIENT_MAX_BODY_SIZE }}; + + error_page 404 /index.php; + + location / { + try_files $uri $uri/ /{{ .Env.NGINX_INDEX }}?$query_string; + + add_header X-Served-By kool.dev; + } + + location ~ \.php$ { + fastcgi_buffers {{ .Env.NGINX_FASTCGI_BUFFERS }}; + fastcgi_buffer_size {{ .Env.NGINX_FASTCGI_BUFFER_SIZE }}; + fastcgi_pass {{ .Env.NGINX_PHP_FPM }}; + fastcgi_read_timeout {{ .Env.NGINX_FASTCGI_READ_TIMEOUT }}; + fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name; + include fastcgi_params; + } + + location ~ /\.ht { + deny all; + } + + # good practices + add_header X-Frame-Options "SAMEORIGIN"; + + # basic H5BP suggestions + include h5bp/internet_explorer/x-ua-compatible.conf; + include h5bp/security/referrer-policy.conf; + include h5bp/security/x-content-type-options.conf; + include h5bp/security/x-xss-protection.conf; + + # performance enhancements (mostly for caching static data) + include h5bp/web_performance/cache-file-descriptors.conf; + include h5bp/web_performance/pre-compressed_content_gzip.conf; +} diff --git a/8.4-nginx-prod/entrypoint b/8.4-nginx-prod/entrypoint new file mode 100644 index 0000000..535c40e --- /dev/null +++ b/8.4-nginx-prod/entrypoint @@ -0,0 +1,25 @@ +#!/bin/sh +set -e + + +# Run as current user +CURRENT_USER=${ASUSER:-${UID:-0}} + +if [ ! -z "$CURRENT_USER" ] && [ "$CURRENT_USER" != "0" ]; then + usermod -u $CURRENT_USER kool +fi + +dockerize -template /kool/kool.tmpl:/usr/local/etc/php/conf.d/kool.ini -template /kool/zz-docker.tmpl:/usr/local/etc/php-fpm.d/zz-docker.conf -template /kool/default.tmpl:/etc/nginx/conf.d/default.conf + +/kool/30-tune-worker-processes.sh + +# Run entrypoint if provided +if [ ! -z "$ENTRYPOINT" ] && [ -f "$ENTRYPOINT" ]; then + bash $ENTRYPOINT +fi + +if [ "$1" = "sh" ] || [ "$1" = "bash" ] || [ "$1" = "php-fpm" ] || [ "$1" = "nginx" ] || [ "$1" = "supervisord" ]; then + exec "$@" +else + exec su-exec kool "$@" +fi diff --git a/8.4-nginx-prod/supervisor.conf b/8.4-nginx-prod/supervisor.conf new file mode 100644 index 0000000..607e7dc --- /dev/null +++ b/8.4-nginx-prod/supervisor.conf @@ -0,0 +1,12 @@ +[program:nginx] +depends_on = php-fpm +command = nginx -g "daemon off;" +stopasgroup = true +stderr_logfile = /dev/stderr +stdout_logfile = /dev/stdout + +[program:php-fpm] +command = php-fpm +stopasgroup = true +stderr_logfile = /dev/stderr +stdout_logfile = /dev/stdout diff --git a/8.4-nginx/Dockerfile b/8.4-nginx/Dockerfile new file mode 100644 index 0000000..81883b3 --- /dev/null +++ b/8.4-nginx/Dockerfile @@ -0,0 +1,62 @@ +FROM debian AS cert + +WORKDIR /kool/ssl + +RUN apt-get update && \ + apt-get install -y openssl && \ + openssl genrsa -des3 -passout pass:x -out server.pass.key 2048 && \ + openssl rsa -passin pass:x -in server.pass.key -out _.localhost.key && \ + rm server.pass.key && \ + openssl req -new -key _.localhost.key -out server.csr \ + -subj "/C=XX/ST=XX/L=XX/O=Kool-Local/OU=Localhost/CN=*.localhost" && \ + openssl x509 -req -days 365 -in server.csr -signkey _.localhost.key -out _.localhost.crt && \ + openssl x509 -in _.localhost.crt -out _.localhost.pem + +FROM kooldev/php:8.4 + +ENV PHP_FPM_LISTEN=/run/php-fpm.sock \ + NGINX_LISTEN=80 \ + NGINX_HTTPS=false \ + NGINX_LISTEN_HTTPS=443 \ + NGINX_HTTPS_CERT=/kool/ssl/_.localhost.pem \ + NGINX_HTTPS_CERT_KEY=/kool/ssl/_.localhost.key \ + NGINX_ROOT=/app/public \ + NGINX_INDEX=index.php \ + NGINX_CLIENT_MAX_BODY_SIZE=25M \ + NGINX_PHP_FPM=unix:/run/php-fpm.sock \ + NGINX_FASTCGI_READ_TIMEOUT=60s \ + NGINX_FASTCGI_BUFFERS='8 8k' \ + NGINX_FASTCGI_BUFFER_SIZE='16k' \ + NGINX_ENTRYPOINT_WORKER_PROCESSES_AUTOTUNE=true + +RUN curl -L https://github.com/ochinchina/supervisord/releases/download/v0.6.3/supervisord_static_0.6.3_linux_amd64 -o /usr/local/bin/supervisord \ + && chmod +x /usr/local/bin/supervisord \ + && apk add --no-cache nginx \ + && chown -R kool:kool /var/lib/nginx \ + && chmod 770 /var/lib/nginx/tmp \ + && ln -sf /dev/stdout /var/log/nginx/access.log \ + && ln -sf /dev/stderr /var/log/nginx/error.log \ + # add h5bp/server-configs-nginx + && mkdir -p /etc/nginx/conf.d \ + && mkdir /etc/nginx/h5bp \ + && cd /etc/nginx/h5bp \ + && wget https://github.com/h5bp/server-configs-nginx/archive/refs/tags/3.3.0.tar.gz -O h5bp.tgz \ + && tar xzvf h5bp.tgz \ + && rm -f h5bp.tgz \ + && mv server-configs-nginx-*/h5bp/* . \ + && mv server-configs-nginx-*/nginx.conf /etc/nginx/nginx.conf \ + && sed -i "s|^user .*|user\ kool kool;|g" /etc/nginx/nginx.conf \ + && mv server-configs-nginx-*/mime.types /etc/nginx/mime.types \ + && rm -rf server-configs-nginx-* \ + && curl -L https://raw.githubusercontent.com/nginxinc/docker-nginx/master/entrypoint/30-tune-worker-processes.sh -o /kool/30-tune-worker-processes.sh \ + && chmod +x /kool/30-tune-worker-processes.sh + +COPY supervisor.conf /kool/supervisor.conf +COPY default.tmpl /kool/default.tmpl +COPY entrypoint /kool/entrypoint +COPY --from=cert /kool/ssl /kool/ssl +RUN chmod +x /kool/entrypoint + +EXPOSE 80 + +CMD [ "supervisord", "-c", "/kool/supervisor.conf" ] diff --git a/8.4-nginx/default.tmpl b/8.4-nginx/default.tmpl new file mode 100644 index 0000000..e4d9421 --- /dev/null +++ b/8.4-nginx/default.tmpl @@ -0,0 +1,53 @@ +server { + listen {{ .Env.NGINX_LISTEN }} default_server; + server_name _; +{{ if isTrue .Env.NGINX_HTTPS }} + listen {{ .Env.NGINX_LISTEN_HTTPS }} ssl http2; + ssl_certificate {{ .Env.NGINX_HTTPS_CERT }}; + ssl_certificate_key {{ .Env.NGINX_HTTPS_CERT_KEY }}; + ssl_protocols TLSv1 TLSv1.1 TLSv1.2; + ssl_ciphers HIGH:!aNULL:!MD5; +{{ end }} + root {{ .Env.NGINX_ROOT }}; + index {{ .Env.NGINX_INDEX }}; + charset utf-8; + + location = /favicon.ico { log_not_found off; access_log off; } + location = /robots.txt { log_not_found off; access_log off; } + + client_max_body_size {{ .Env.NGINX_CLIENT_MAX_BODY_SIZE }}; + + error_page 404 /index.php; + + location / { + try_files $uri $uri/ /{{ .Env.NGINX_INDEX }}?$query_string; + + add_header X-Served-By kool.dev; + } + + location ~ \.php$ { + fastcgi_buffers {{ .Env.NGINX_FASTCGI_BUFFERS }}; + fastcgi_buffer_size {{ .Env.NGINX_FASTCGI_BUFFER_SIZE }}; + fastcgi_pass {{ .Env.NGINX_PHP_FPM }}; + fastcgi_read_timeout {{ .Env.NGINX_FASTCGI_READ_TIMEOUT }}; + fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name; + include fastcgi_params; + } + + location ~ /\.ht { + deny all; + } + + # good practices + add_header X-Frame-Options "SAMEORIGIN"; + + # basic H5BP suggestions + include h5bp/internet_explorer/x-ua-compatible.conf; + include h5bp/security/referrer-policy.conf; + include h5bp/security/x-content-type-options.conf; + include h5bp/security/x-xss-protection.conf; + + # performance enhancements (mostly for caching static data) + include h5bp/web_performance/cache-file-descriptors.conf; + include h5bp/web_performance/pre-compressed_content_gzip.conf; +} diff --git a/8.4-nginx/entrypoint b/8.4-nginx/entrypoint new file mode 100644 index 0000000..2780e2e --- /dev/null +++ b/8.4-nginx/entrypoint @@ -0,0 +1,34 @@ +#!/bin/sh +set -e + +if [ "$ENABLE_XDEBUG" == "true" ]; then + docker-php-ext-enable xdebug >> /dev/null 2>&1 + + if [ $? != "0" ]; then + echo "[ERROR] An error happened enabling xdebug" + + exit 1 + fi +fi + +# Run as current user +CURRENT_USER=${ASUSER:-${UID:-0}} + +if [ ! -z "$CURRENT_USER" ] && [ "$CURRENT_USER" != "0" ]; then + usermod -u $CURRENT_USER kool +fi + +dockerize -template /kool/kool.tmpl:/usr/local/etc/php/conf.d/kool.ini -template /kool/zz-docker.tmpl:/usr/local/etc/php-fpm.d/zz-docker.conf -template /kool/default.tmpl:/etc/nginx/conf.d/default.conf + +/kool/30-tune-worker-processes.sh + +# Run entrypoint if provided +if [ ! -z "$ENTRYPOINT" ] && [ -f "$ENTRYPOINT" ]; then + bash $ENTRYPOINT +fi + +if [ "$1" = "sh" ] || [ "$1" = "bash" ] || [ "$1" = "php-fpm" ] || [ "$1" = "nginx" ] || [ "$1" = "supervisord" ]; then + exec "$@" +else + exec su-exec kool "$@" +fi diff --git a/8.4-nginx/supervisor.conf b/8.4-nginx/supervisor.conf new file mode 100644 index 0000000..607e7dc --- /dev/null +++ b/8.4-nginx/supervisor.conf @@ -0,0 +1,12 @@ +[program:nginx] +depends_on = php-fpm +command = nginx -g "daemon off;" +stopasgroup = true +stderr_logfile = /dev/stderr +stdout_logfile = /dev/stdout + +[program:php-fpm] +command = php-fpm +stopasgroup = true +stderr_logfile = /dev/stderr +stdout_logfile = /dev/stdout diff --git a/8.4-node/Dockerfile b/8.4-node/Dockerfile new file mode 100644 index 0000000..73238c8 --- /dev/null +++ b/8.4-node/Dockerfile @@ -0,0 +1,4 @@ +FROM kooldev/php:8.4 + +RUN apk add --update --no-cache npm yarn \ + && rm -rf /var/cache/apk/* /tmp/* diff --git a/8.4-prod/Dockerfile b/8.4-prod/Dockerfile new file mode 100644 index 0000000..b353131 --- /dev/null +++ b/8.4-prod/Dockerfile @@ -0,0 +1,85 @@ +FROM php:8.4-fpm-alpine + +ENV ASUSER= \ + UID= \ + COMPOSER_ALLOW_SUPERUSER=1 \ + COMPOSER_MEMORY_LIMIT=-1 \ + PHP_DATE_TIMEZONE=UTC \ + PHP_MEMORY_LIMIT=256M \ + PHP_MAX_INPUT_VARS=1000 \ + PHP_UPLOAD_MAX_FILESIZE=25M \ + PHP_POST_MAX_SIZE=25M \ + PHP_MAX_EXECUTION_TIME=30 \ + PHP_FPM_LISTEN=9000 \ + PHP_FPM_MAX_CHILDREN=10 \ + PHP_FPM_REQUEST_TERMINATE_TIMEOUT=60 \ + ENTRYPOINT=entrypoint.php.sh + +WORKDIR /app + +RUN adduser -D -u 1337 kool \ + && addgroup kool www-data \ + # dockerize + && curl -L https://github.com/jwilder/dockerize/releases/download/v0.6.1/dockerize-alpine-linux-amd64-v0.6.1.tar.gz | tar xz \ + && mv dockerize /usr/local/bin/dockerize \ + # deps + && apk --no-cache add su-exec bash sed git openssh-client icu shadow procps \ + freetype libpng libjpeg-turbo libzip-dev ghostscript imagemagick \ + jpegoptim optipng pngquant gifsicle libldap \ + libpq less \ + # build-deps + && apk add --no-cache --virtual .build-deps $PHPIZE_DEPS \ + freetype-dev libpng-dev libjpeg-turbo-dev \ + icu-dev libedit-dev libxml2-dev \ + imagemagick-dev openldap-dev oniguruma-dev libwebp-dev \ + postgresql-dev \ + linux-headers \ + # php-ext + && docker-php-ext-configure gd --with-freetype --with-webp --with-jpeg \ + && export CFLAGS="$PHP_CFLAGS" CPPFLAGS="$PHP_CPPFLAGS" LDFLAGS="$PHP_LDFLAGS" \ + && docker-php-ext-install -j$(nproc) \ + bcmath \ + calendar \ + exif \ + gd \ + intl \ + ldap \ + mbstring \ + opcache \ + pcntl \ + pdo \ + pdo_mysql \ + pdo_pgsql \ + soap \ + xml \ + zip \ + sockets \ + mysqli \ + ftp \ + && pecl install redis \ + && mkdir /tmp/imagick && cd /tmp/imagick \ + && curl -L -o /tmp/imagick.tar.gz https://github.com/Imagick/imagick/archive/refs/tags/3.7.0.tar.gz \ + && tar --strip-components=1 -xf /tmp/imagick.tar.gz \ + && phpize \ + && ./configure --with-webp=yes \ + && make \ + && make install \ + && echo "extension=imagick.so" > /usr/local/etc/php/conf.d/ext-imagick.ini \ + && docker-php-ext-enable redis \ + && cp "/usr/local/etc/php/php.ini-production" "/usr/local/etc/php/php.ini" \ + # composer + && curl -sS https://getcomposer.org/installer | php -- --install-dir=/usr/local/bin --filename=composer \ + && curl -sS https://getcomposer.org/installer | php -- --1 --install-dir=/usr/local/bin --filename=composer1 \ + # cleanup + && apk del .build-deps \ + && rm -rf /var/cache/apk/* /tmp/* + +COPY kool.ini /kool/kool.tmpl +COPY zz-docker.conf /kool/zz-docker.tmpl +COPY entrypoint /kool/entrypoint +RUN chmod +x /kool/entrypoint + +EXPOSE 9000 + +ENTRYPOINT [ "/kool/entrypoint" ] +CMD [ "php-fpm" ] diff --git a/8.4-prod/entrypoint b/8.4-prod/entrypoint new file mode 100644 index 0000000..2036291 --- /dev/null +++ b/8.4-prod/entrypoint @@ -0,0 +1,24 @@ +#!/bin/sh +set -e + + +# Run as current user +CURRENT_USER=${ASUSER:-${UID:-0}} + +if [ ! -z "$CURRENT_USER" ] && [ "$CURRENT_USER" != "0" ]; then + usermod -u $CURRENT_USER kool +fi + +dockerize -template /kool/kool.tmpl:/usr/local/etc/php/conf.d/kool.ini -template /kool/zz-docker.tmpl:/usr/local/etc/php-fpm.d/zz-docker.conf + + +# Run entrypoint if provided +if [ ! -z "$ENTRYPOINT" ] && [ -f "$ENTRYPOINT" ]; then + bash $ENTRYPOINT +fi + +if [ "$1" = "sh" ] || [ "$1" = "bash" ] || [ "$1" = "php-fpm" ] ; then + exec "$@" +else + exec su-exec kool "$@" +fi diff --git a/8.4-prod/kool.ini b/8.4-prod/kool.ini new file mode 100644 index 0000000..3028217 --- /dev/null +++ b/8.4-prod/kool.ini @@ -0,0 +1,51 @@ +[PHP] + +; Maximum amount of memory a script may consume +; http://php.net/memory-limit +memory_limit = {{ .Env.PHP_MEMORY_LIMIT }} + +; Fix maximum variables per input +max_input_vars = {{ .Env.PHP_MAX_INPUT_VARS }} + +; Maximum allowed size for uploaded files. +; http://php.net/upload-max-filesize +upload_max_filesize = {{ .Env.PHP_UPLOAD_MAX_FILESIZE }} + +; Maximum size of POST data that PHP will accept. +; Its value may be 0 to disable the limit. It is ignored if POST data reading +; is disabled through enable_post_data_reading. +; http://php.net/post-max-size +post_max_size = {{ .Env.PHP_POST_MAX_SIZE }} + +; Maximum execution time of each script, in seconds +; http://php.net/max-execution-time +; Note: This directive is hardcoded to 0 for the CLI SAPI +max_execution_time = {{ .Env.PHP_MAX_EXECUTION_TIME }} + +; Default timezone used by all date/time functions. +; https://www.php.net/manual/en/datetime.configuration.php#ini.date.timezone +date.timezone = {{ .Env.PHP_DATE_TIMEZONE }} + + +[opcache] + +; Determines if Zend OPCache is enabled +opcache.enable=1 + +; The OPcache shared memory storage size. +opcache.memory_consumption=512 + +; The amount of memory for interned strings in Mbytes. +opcache.interned_strings_buffer=64 + +; The maximum number of keys (scripts) in the OPcache hash table. +; Only numbers between 200 and 1000000 are allowed. +opcache.max_accelerated_files=30000 + +; When disabled, you must reset the OPcache manually or restart the +; webserver for changes to the filesystem to take effect. +opcache.validate_timestamps=0 + +; If disabled, all PHPDoc comments are dropped from the code to reduce the +; size of the optimized code. +opcache.save_comments=1 diff --git a/8.4-prod/zz-docker.conf b/8.4-prod/zz-docker.conf new file mode 100644 index 0000000..c6988a1 --- /dev/null +++ b/8.4-prod/zz-docker.conf @@ -0,0 +1,48 @@ +[global] +daemonize = no + +[www] +; Unix user/group of processes +; Note: The user is mandatory. If the group is not set, the default user's group +; will be used. +user = kool +group = kool + +; The address on which to accept FastCGI requests. +; Valid syntaxes are: +; 'ip.add.re.ss:port' - to listen on a TCP socket to a specific IPv4 address on +; a specific port; +; '[ip:6:addr:ess]:port' - to listen on a TCP socket to a specific IPv6 address on +; a specific port; +; 'port' - to listen on a TCP socket to all addresses +; (IPv6 and IPv4-mapped) on a specific port; +; '/path/to/unix/socket' - to listen on a unix socket. +; Note: This value is mandatory. +listen = {{ .Env.PHP_FPM_LISTEN }} + +; Set permissions for unix socket, if one is used. In Linux, read/write +; permissions must be set in order to allow connections from a web server. Many +; BSD-derived systems allow connections regardless of permissions. The owner +; and group can be specified either by name or by their numeric IDs. +; Default Values: user and group are set as the running user +; mode is set to 0660 +listen.owner = kool +listen.group = kool + +; The number of child processes to be created when pm is set to 'static' and the +; maximum number of child processes when pm is set to 'dynamic' or 'ondemand'. +; This value sets the limit on the number of simultaneous requests that will be +; served. Equivalent to the ApacheMaxClients directive with mpm_prefork. +; Equivalent to the PHP_FCGI_CHILDREN environment variable in the original PHP +; CGI. The below defaults are based on a server without much resources. Don't +; forget to tweak pm.* to fit your needs. +; Note: Used when pm is set to 'static', 'dynamic' or 'ondemand' +; Note: This value is mandatory. +pm.max_children = {{ .Env.PHP_FPM_MAX_CHILDREN }} + +; The timeout for serving a single request after which the worker process will +; be killed. This option should be used when the 'max_execution_time' ini option +; does not stop script execution for some reason. A value of '0' means 'off'. +; Available units: s(econds)(default), m(inutes), h(ours), or d(ays) +; Default Value: 0 +request_terminate_timeout = {{ .Env.PHP_FPM_REQUEST_TERMINATE_TIMEOUT }} diff --git a/8.4/Dockerfile b/8.4/Dockerfile new file mode 100644 index 0000000..e7f211e --- /dev/null +++ b/8.4/Dockerfile @@ -0,0 +1,87 @@ +FROM php:8.4-fpm-alpine + +ENV ASUSER= \ + UID= \ + COMPOSER_ALLOW_SUPERUSER=1 \ + COMPOSER_MEMORY_LIMIT=-1 \ + ENABLE_XDEBUG=false \ + PHP_DATE_TIMEZONE=UTC \ + PHP_MEMORY_LIMIT=256M \ + PHP_MAX_INPUT_VARS=1000 \ + PHP_UPLOAD_MAX_FILESIZE=25M \ + PHP_POST_MAX_SIZE=25M \ + PHP_MAX_EXECUTION_TIME=30 \ + PHP_FPM_LISTEN=9000 \ + PHP_FPM_MAX_CHILDREN=10 \ + PHP_FPM_REQUEST_TERMINATE_TIMEOUT=60 \ + ENTRYPOINT=entrypoint.php.sh + +WORKDIR /app + +RUN adduser -D -u 1337 kool \ + && addgroup kool www-data \ + # dockerize + && curl -L https://github.com/jwilder/dockerize/releases/download/v0.6.1/dockerize-alpine-linux-amd64-v0.6.1.tar.gz | tar xz \ + && mv dockerize /usr/local/bin/dockerize \ + # deps + && apk --no-cache add su-exec bash sed git openssh-client icu shadow procps \ + freetype libpng libjpeg-turbo libzip-dev ghostscript imagemagick \ + jpegoptim optipng pngquant gifsicle libldap \ + libpq less \ + # build-deps + && apk add --no-cache --virtual .build-deps $PHPIZE_DEPS \ + freetype-dev libpng-dev libjpeg-turbo-dev \ + icu-dev libedit-dev libxml2-dev \ + imagemagick-dev openldap-dev oniguruma-dev libwebp-dev \ + postgresql-dev \ + linux-headers \ + # php-ext + && docker-php-ext-configure gd --with-freetype --with-webp --with-jpeg \ + && export CFLAGS="$PHP_CFLAGS" CPPFLAGS="$PHP_CPPFLAGS" LDFLAGS="$PHP_LDFLAGS" \ + && docker-php-ext-install -j$(nproc) \ + bcmath \ + calendar \ + exif \ + gd \ + intl \ + ldap \ + mbstring \ + pcntl \ + pdo \ + pdo_mysql \ + pdo_pgsql \ + soap \ + xml \ + zip \ + sockets \ + mysqli \ + ftp \ + && pecl install redis \ + && pecl install xdebug \ + && pecl install pcov && docker-php-ext-enable pcov \ + && mkdir /tmp/imagick && cd /tmp/imagick \ + && curl -L -o /tmp/imagick.tar.gz https://github.com/Imagick/imagick/archive/refs/tags/3.7.0.tar.gz \ + && tar --strip-components=1 -xf /tmp/imagick.tar.gz \ + && phpize \ + && ./configure --with-webp=yes \ + && make \ + && make install \ + && echo "extension=imagick.so" > /usr/local/etc/php/conf.d/ext-imagick.ini \ + && docker-php-ext-enable redis \ + && cp "/usr/local/etc/php/php.ini-development" "/usr/local/etc/php/php.ini" \ + # composer + && curl -sS https://getcomposer.org/installer | php -- --install-dir=/usr/local/bin --filename=composer \ + && curl -sS https://getcomposer.org/installer | php -- --1 --install-dir=/usr/local/bin --filename=composer1 \ + # cleanup + && apk del .build-deps \ + && rm -rf /var/cache/apk/* /tmp/* + +COPY kool.ini /kool/kool.tmpl +COPY zz-docker.conf /kool/zz-docker.tmpl +COPY entrypoint /kool/entrypoint +RUN chmod +x /kool/entrypoint + +EXPOSE 9000 + +ENTRYPOINT [ "/kool/entrypoint" ] +CMD [ "php-fpm" ] diff --git a/8.4/entrypoint b/8.4/entrypoint new file mode 100644 index 0000000..050f40a --- /dev/null +++ b/8.4/entrypoint @@ -0,0 +1,33 @@ +#!/bin/sh +set -e + +if [ "$ENABLE_XDEBUG" == "true" ]; then + docker-php-ext-enable xdebug >> /dev/null 2>&1 + + if [ $? != "0" ]; then + echo "[ERROR] An error happened enabling xdebug" + + exit 1 + fi +fi + +# Run as current user +CURRENT_USER=${ASUSER:-${UID:-0}} + +if [ ! -z "$CURRENT_USER" ] && [ "$CURRENT_USER" != "0" ]; then + usermod -u $CURRENT_USER kool +fi + +dockerize -template /kool/kool.tmpl:/usr/local/etc/php/conf.d/kool.ini -template /kool/zz-docker.tmpl:/usr/local/etc/php-fpm.d/zz-docker.conf + + +# Run entrypoint if provided +if [ ! -z "$ENTRYPOINT" ] && [ -f "$ENTRYPOINT" ]; then + bash $ENTRYPOINT +fi + +if [ "$1" = "sh" ] || [ "$1" = "bash" ] || [ "$1" = "php-fpm" ] ; then + exec "$@" +else + exec su-exec kool "$@" +fi diff --git a/8.4/kool.ini b/8.4/kool.ini new file mode 100644 index 0000000..c671911 --- /dev/null +++ b/8.4/kool.ini @@ -0,0 +1,29 @@ +[PHP] + +; Maximum amount of memory a script may consume +; http://php.net/memory-limit +memory_limit = {{ .Env.PHP_MEMORY_LIMIT }} + +; Fix maximum variables per input +max_input_vars = {{ .Env.PHP_MAX_INPUT_VARS }} + +; Maximum allowed size for uploaded files. +; http://php.net/upload-max-filesize +upload_max_filesize = {{ .Env.PHP_UPLOAD_MAX_FILESIZE }} + +; Maximum size of POST data that PHP will accept. +; Its value may be 0 to disable the limit. It is ignored if POST data reading +; is disabled through enable_post_data_reading. +; http://php.net/post-max-size +post_max_size = {{ .Env.PHP_POST_MAX_SIZE }} + +; Maximum execution time of each script, in seconds +; http://php.net/max-execution-time +; Note: This directive is hardcoded to 0 for the CLI SAPI +max_execution_time = {{ .Env.PHP_MAX_EXECUTION_TIME }} + +; Default timezone used by all date/time functions. +; https://www.php.net/manual/en/datetime.configuration.php#ini.date.timezone +date.timezone = {{ .Env.PHP_DATE_TIMEZONE }} + + diff --git a/8.4/zz-docker.conf b/8.4/zz-docker.conf new file mode 100644 index 0000000..c6988a1 --- /dev/null +++ b/8.4/zz-docker.conf @@ -0,0 +1,48 @@ +[global] +daemonize = no + +[www] +; Unix user/group of processes +; Note: The user is mandatory. If the group is not set, the default user's group +; will be used. +user = kool +group = kool + +; The address on which to accept FastCGI requests. +; Valid syntaxes are: +; 'ip.add.re.ss:port' - to listen on a TCP socket to a specific IPv4 address on +; a specific port; +; '[ip:6:addr:ess]:port' - to listen on a TCP socket to a specific IPv6 address on +; a specific port; +; 'port' - to listen on a TCP socket to all addresses +; (IPv6 and IPv4-mapped) on a specific port; +; '/path/to/unix/socket' - to listen on a unix socket. +; Note: This value is mandatory. +listen = {{ .Env.PHP_FPM_LISTEN }} + +; Set permissions for unix socket, if one is used. In Linux, read/write +; permissions must be set in order to allow connections from a web server. Many +; BSD-derived systems allow connections regardless of permissions. The owner +; and group can be specified either by name or by their numeric IDs. +; Default Values: user and group are set as the running user +; mode is set to 0660 +listen.owner = kool +listen.group = kool + +; The number of child processes to be created when pm is set to 'static' and the +; maximum number of child processes when pm is set to 'dynamic' or 'ondemand'. +; This value sets the limit on the number of simultaneous requests that will be +; served. Equivalent to the ApacheMaxClients directive with mpm_prefork. +; Equivalent to the PHP_FCGI_CHILDREN environment variable in the original PHP +; CGI. The below defaults are based on a server without much resources. Don't +; forget to tweak pm.* to fit your needs. +; Note: Used when pm is set to 'static', 'dynamic' or 'ondemand' +; Note: This value is mandatory. +pm.max_children = {{ .Env.PHP_FPM_MAX_CHILDREN }} + +; The timeout for serving a single request after which the worker process will +; be killed. This option should be used when the 'max_execution_time' ini option +; does not stop script execution for some reason. A value of '0' means 'off'. +; Available units: s(econds)(default), m(inutes), h(ours), or d(ays) +; Default Value: 0 +request_terminate_timeout = {{ .Env.PHP_FPM_REQUEST_TERMINATE_TIMEOUT }} diff --git a/fwd-template.json b/fwd-template.json index b6dfb60..bd52367 100644 --- a/fwd-template.json +++ b/fwd-template.json @@ -484,6 +484,127 @@ "path": "template/Dockerfile-node" } ] + }, + { + "name": "8.4", + "data": { + "from": "php:8.4-fpm-alpine", + "prod": false, + "nginx": false, + "version": "8.4" + }, + "files": [ + { + "name": "Dockerfile", + "path": "template/Dockerfile" + }, + { + "name": "entrypoint", + "path": "template/entrypoint" + }, + { + "name": "kool.ini", + "path": "template/kool-ini" + }, + { + "name": "zz-docker.conf", + "path": "template/zz-docker-conf" + } + ] + }, + { + "name": "8.4-prod", + "data": { + "from": "php:8.4-fpm-alpine", + "prod": true, + "nginx": false, + "version": "8.4" + }, + "files": [ + { + "name": "Dockerfile", + "path": "template/Dockerfile" + }, + { + "name": "entrypoint", + "path": "template/entrypoint" + }, + { + "name": "kool.ini", + "path": "template/kool-ini" + }, + { + "name": "zz-docker.conf", + "path": "template/zz-docker-conf" + } + ] + }, + { + "name": "8.4-nginx", + "data": { + "from": "kooldev/php:8.4", + "prod": false, + "nginx": true, + "version": "8.4" + }, + "files": [ + { + "name": "Dockerfile", + "path": "template/Dockerfile-nginx" + }, + { + "name": "entrypoint", + "path": "template/entrypoint" + }, + { + "name": "default.tmpl", + "path": "template/default-tmpl" + }, + { + "name": "supervisor.conf", + "path": "template/supervisor-conf" + } + ] + }, + { + "name": "8.4-nginx-prod", + "data": { + "from": "kooldev/php:8.4-prod", + "prod": true, + "nginx": true, + "version": "8.4" + }, + "files": [ + { + "name": "Dockerfile", + "path": "template/Dockerfile-nginx" + }, + { + "name": "entrypoint", + "path": "template/entrypoint" + }, + { + "name": "default.tmpl", + "path": "template/default-tmpl" + }, + { + "name": "supervisor.conf", + "path": "template/supervisor-conf" + } + ] + }, + { + "name": "8.4-node", + "data": { + "from": "kooldev/php:8.4", + "version": "8.4" + }, + "files": [ + { + "name": "Dockerfile", + "path": "template/Dockerfile-node" + } + ] } ] } diff --git a/kool.yml b/kool.yml index 9116a97..c5d20bb 100644 --- a/kool.yml +++ b/kool.yml @@ -24,6 +24,12 @@ scripts: - docker build -t kooldev/php:8.3-nginx 8.3-nginx - docker build -t kooldev/php:8.3-nginx-prod 8.3-nginx-prod - docker build -t kooldev/php:8.3-node 8.3-node + build-8.4: + - docker build -t kooldev/php:8.4 8.4 + - docker build -t kooldev/php:8.4-prod 8.4-prod + - docker build -t kooldev/php:8.4-nginx 8.4-nginx + - docker build -t kooldev/php:8.4-nginx-prod 8.4-nginx-prod + - docker build -t kooldev/php:8.4-node 8.4-node build: # parse templates - kool run template @@ -32,3 +38,4 @@ scripts: - kool run build-8.1 - kool run build-8.2 - kool run build-8.3 + - kool run build-8.4 From c9c29379ed2d2e8a3c370429bb4bd155252fe410 Mon Sep 17 00:00:00 2001 From: Daniel Jun Suguimoto Date: Tue, 3 Dec 2024 19:31:06 -0300 Subject: [PATCH 2/2] update readme --- README.md | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/README.md b/README.md index 33046f7..8e82242 100644 --- a/README.md +++ b/README.md @@ -20,6 +20,11 @@ Simplest example: The image built is [`kooldev/php`](https://hub.docker.com/r/kooldev/php/tags?page=1&ordering=last_updated) which has a bunch of tags available: +### 8.4 + +- [8.4](https://github.com/kool-dev/docker-php/blob/master/8.4/Dockerfile) and [8.4-prod](https://github.com/kool-dev/docker-php/blob/master/8.4-prod/Dockerfile) +- [8.4-nginx](https://github.com/kool-dev/docker-php/blob/master/8.4-nginx/Dockerfile) and [8.4-nginx-prod](https://github.com/kool-dev/docker-php/blob/master/8.4-nginx-prod/Dockerfile) + ### 8.3 - [8.3](https://github.com/kool-dev/docker-php/blob/master/8.3/Dockerfile) and [8.3-prod](https://github.com/kool-dev/docker-php/blob/master/8.3-prod/Dockerfile)