diff --git a/.github/workflows/github_build_release.yml b/.github/workflows/github_build_release.yml index c2080f95..e3dd56b7 100644 --- a/.github/workflows/github_build_release.yml +++ b/.github/workflows/github_build_release.yml @@ -25,7 +25,7 @@ jobs: docker compose run --rm phpfpm composer clear-cache rm -rf infrastructure - - name: Make artefacts dir + - name: Make assets dir run: | mkdir -p ../assets diff --git a/.github/workflows/itkdev_docker_build_develop.yml b/.github/workflows/itkdev_docker_build_develop.yml new file mode 100644 index 00000000..6bdd7f3f --- /dev/null +++ b/.github/workflows/itkdev_docker_build_develop.yml @@ -0,0 +1,60 @@ +--- +on: + push: + branches: + - 'develop' + +# This Action builds to itkdev/* using ./infrastructure/itkdev/* +name: ITK Dev - Build docker image (develop) + +jobs: + docker: + runs-on: ubuntu-latest + env: + APP_VERSION: develop + COMPOSER_ALLOW_SUPERUSER: 1 + steps: + - name: Checkout + uses: actions/checkout@v3 + + - name: Login to DockerHub + uses: docker/login-action@v2 + with: + username: ${{ secrets.DOCKERHUB_USER }} + password: ${{ secrets.DOCKERHUB_TOKEN }} + + # Build api + - name: Docker meta (API) + id: meta-api + uses: docker/metadata-action@v4 + with: + images: itkdev/os2display-api-service + + - name: Build and push (API) + uses: docker/build-push-action@v4 + with: + context: ./infrastructure/itkdev/display-api-service/ + file: ./infrastructure/itkdev/display-api-service/Dockerfile + build-args: | + VERSION=${{ env.APP_VERSION }} + push: true + tags: ${{ steps.meta-api.outputs.tags }} + labels: ${{ steps.meta-api.outputs.labels }} + + # Build nginx (depends on api build) + - name: Docker meta (Nginx) + id: meta-nginx + uses: docker/metadata-action@v4 + with: + images: itkdev/os2display-api-service-nginx + + - name: Build and push (Nginx) + uses: docker/build-push-action@v4 + with: + context: ./infrastructure/itkdev/nginx/ + file: ./infrastructure/itkdev/nginx/Dockerfile + build-args: | + APP_VERSION=${{ env.APP_VERSION }} + push: true + tags: ${{ steps.meta-nginx.outputs.tags }} + labels: ${{ steps.meta-nginx.outputs.labels }} diff --git a/.github/workflows/itkdev_docker_build_tag.yml b/.github/workflows/itkdev_docker_build_tag.yml new file mode 100644 index 00000000..96dcf9cb --- /dev/null +++ b/.github/workflows/itkdev_docker_build_tag.yml @@ -0,0 +1,63 @@ +--- +on: + push: + tags: + - '*' + +# This Action builds to itkdev/* using ./infrastructure/itkdev/* +name: ITK Dev - Build docker image (tag) + +jobs: + docker: + runs-on: ubuntu-latest + env: + COMPOSER_ALLOW_SUPERUSER: 1 + steps: + - name: Checkout + uses: actions/checkout@v3 + + - name: Login to DockerHub + uses: docker/login-action@v2 + with: + username: ${{ secrets.DOCKERHUB_USER }} + password: ${{ secrets.DOCKERHUB_TOKEN }} + + # Build api + - name: Docker meta (API) + id: meta-api + uses: docker/metadata-action@v4 + with: + images: itkdev/os2display-api-service + + - name: Build and push (API) + uses: docker/build-push-action@v4 + with: + context: ./infrastructure/itkdev/display-api-service/ + file: ./infrastructure/itkdev/display-api-service/Dockerfile + build-args: | + APP_VERSION=${{ github.ref }} + push: true + tags: ${{ steps.meta-api.outputs.tags }} + labels: ${{ steps.meta-api.outputs.labels }} + + # Build nginx (depends on api build) + - name: Docker meta (Nginx) + id: meta-nginx + uses: docker/metadata-action@v4 + with: + images: itkdev/os2display-api-service-nginx + + - name: Get the tag + id: get_tag + run: echo ::set-output name=git_tag::$(echo $GITHUB_REF_NAME) + + - name: Build and push (Nginx) + uses: docker/build-push-action@v4 + with: + context: ./infrastructure/itkdev/nginx/ + file: ./infrastructure/itkdev/nginx/Dockerfile + build-args: | + APP_VERSION=${{ steps.get_tag.outputs.git_tag }} + push: true + tags: ${{ steps.meta-nginx.outputs.tags }} + labels: ${{ steps.meta-nginx.outputs.labels }} diff --git a/.github/workflows/docker_build_develop.yml b/.github/workflows/os2display_docker_build_develop.yml similarity index 78% rename from .github/workflows/docker_build_develop.yml rename to .github/workflows/os2display_docker_build_develop.yml index d75ee7e2..ec238678 100644 --- a/.github/workflows/docker_build_develop.yml +++ b/.github/workflows/os2display_docker_build_develop.yml @@ -3,7 +3,9 @@ on: push: branches: - 'develop' -name: Build docker image (develop) + +# This Action builds to os2display/* using ./infrastructure/os2display/* +name: OS2display - Build docker image (develop) jobs: docker: @@ -31,8 +33,8 @@ jobs: - name: Build and push (API) uses: docker/build-push-action@v4 with: - context: ./infrastructure/display-api-service/ - file: ./infrastructure/display-api-service/Dockerfile + context: ./infrastructure/os2display/display-api-service/ + file: ./infrastructure/os2display/display-api-service/Dockerfile build-args: | VERSION=${{ env.APP_VERSION }} push: true @@ -49,8 +51,8 @@ jobs: - name: Build and push (Nginx) uses: docker/build-push-action@v4 with: - context: ./infrastructure/nginx/ - file: ./infrastructure/nginx/Dockerfile + context: ./infrastructure/os2display/nginx/ + file: ./infrastructure/os2display/nginx/Dockerfile build-args: | APP_VERSION=${{ env.APP_VERSION }} push: true diff --git a/.github/workflows/docker_build_tag.yml b/.github/workflows/os2display_docker_build_tag.yml similarity index 79% rename from .github/workflows/docker_build_tag.yml rename to .github/workflows/os2display_docker_build_tag.yml index 5b809013..22bd2179 100644 --- a/.github/workflows/docker_build_tag.yml +++ b/.github/workflows/os2display_docker_build_tag.yml @@ -3,7 +3,9 @@ on: push: tags: - '*' -name: Build docker image (tag) + +# This Action builds to os2display/* using ./infrastructure/os2display/* +name: OS2display - Build docker image (tag) jobs: docker: @@ -30,8 +32,8 @@ jobs: - name: Build and push (API) uses: docker/build-push-action@v4 with: - context: ./infrastructure/display-api-service/ - file: ./infrastructure/display-api-service/Dockerfile + context: ./infrastructure/os2display/display-api-service/ + file: ./infrastructure/os2display/display-api-service/Dockerfile build-args: | APP_VERSION=${{ github.ref }} push: true @@ -52,8 +54,8 @@ jobs: - name: Build and push (Nginx) uses: docker/build-push-action@v4 with: - context: ./infrastructure/nginx/ - file: ./infrastructure/nginx/Dockerfile + context: ./infrastructure/os2display/nginx/ + file: ./infrastructure/os2display/nginx/Dockerfile build-args: | APP_VERSION=${{ steps.get_tag.outputs.git_tag }} push: true diff --git a/CHANGELOG.md b/CHANGELOG.md index 992f575f..16a29985 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -10,6 +10,7 @@ All notable changes to this project will be documented in this file. - Minor update of composer packages - Updated psalm to version 5.x - Fixed feed data provider id issue [#151](https://github.com/os2display/display-api-service/pull/151) +- Set up separate image builds for itkdev and os2display ## [1.2.8] - 2023-05-25 diff --git a/infrastructure/itkdev/Readme.md b/infrastructure/itkdev/Readme.md new file mode 100644 index 00000000..f5566795 --- /dev/null +++ b/infrastructure/itkdev/Readme.md @@ -0,0 +1,3 @@ +# ITK-development image build + +This folder contains the infrastructure files for building the `itkdev/*` images \ No newline at end of file diff --git a/infrastructure/itkdev/display-api-service/Dockerfile b/infrastructure/itkdev/display-api-service/Dockerfile new file mode 100644 index 00000000..7726eb57 --- /dev/null +++ b/infrastructure/itkdev/display-api-service/Dockerfile @@ -0,0 +1,63 @@ +FROM itkdev/php8.1-fpm:alpine AS APP_BUILDER +LABEL maintainer="ITK Dev " + +ARG APP_VERSION="develop" +ENV APP_PATH=/var/www/html + +USER root + +# Move site into the container. +ADD https://github.com/os2display/display-api-service/archive/${APP_VERSION}.tar.gz /tmp/app.tar +RUN tar -zxf /tmp/app.tar --strip-components=1 -C ${APP_PATH} \ + && rm /tmp/app.tar + +# Add composer in from the official composer image (also alpine). +COPY --from=composer:2 /usr/bin/composer /usr/local/bin/composer + +WORKDIR ${APP_PATH} + +## Install assets, which requires a HACK as redis is not available (should be removed later on). +RUN APP_ENV=prod composer install --no-dev -o --classmap-authoritative \ + && rm -rf infrastructure \ + && APP_ENV=prod composer clear-cache + +#### +## Build main application image. +#### +FROM itkdev/php8.1-fpm:alpine +LABEL maintainer="ITK Dev " + +ENV APP_PATH=/var/www/html \ + COMPOSER_VERSION=2 + +USER root + +# Add composer needed to run optimizations after config is loaded. +COPY --from=composer:2 /usr/bin/composer /usr/local/bin/composer + +# Install the application. +COPY --from=APP_BUILDER ${APP_PATH} ${APP_PATH} +RUN mkdir -p ${APP_PATH}/config/secrets \ + && chown -R deploy:deploy ${APP_PATH} + +# Download Prometheus php-fpm export. +COPY --from=hipages/php-fpm_exporter:1.1.1 /php-fpm_exporter /usr/local/bin/php-fpm_exporter + +# Copy configuration. +COPY etc /etc/ + +# Install configuration template handler +ADD https://github.com/kelseyhightower/confd/releases/download/v0.16.0/confd-0.16.0-linux-amd64 /usr/local/bin/confd +RUN chmod +x /usr/local/bin/confd + +# Copy confd onfiguration. +COPY etc /etc/ + +COPY docker-entrypoint.sh /usr/local/bin/ +RUN chmod +x /usr/local/bin/docker-entrypoint.sh + +USER deploy + +WORKDIR ${APP_PATH} + +CMD [ "docker-entrypoint.sh" ] diff --git a/infrastructure/itkdev/display-api-service/docker-entrypoint.sh b/infrastructure/itkdev/display-api-service/docker-entrypoint.sh new file mode 100644 index 00000000..306e9f13 --- /dev/null +++ b/infrastructure/itkdev/display-api-service/docker-entrypoint.sh @@ -0,0 +1,25 @@ +#!/bin/sh + +set -eux + +## Run templates with configuration. +/usr/local/bin/confd --onetime --backend env --confdir /etc/confd + +## Bump env.local into PHP for better performance. +composer dump-env prod + +## Warm-up Symfony cache (with the current configuration). +/var/www/html/bin/console --env=prod cache:warmup + +## Set selected composer version. Default version 2. +if [ ! -z "${COMPOSER_VERSION}" ]; then + if [ "${COMPOSER_VERSION}" = "1" ]; then + ln -fs /usr/bin/composer1 /home/deploy/bin/composer + else + ln -fs /usr/bin/composer2 /home/deploy/bin/composer + fi +else + ln -fs /usr/bin/composer2 /home/deploy/bin/composer +fi + +exec php-fpm "$@" diff --git a/infrastructure/display-api-service/etc/confd/conf.d/env.local.toml b/infrastructure/itkdev/display-api-service/etc/confd/conf.d/env.local.toml similarity index 98% rename from infrastructure/display-api-service/etc/confd/conf.d/env.local.toml rename to infrastructure/itkdev/display-api-service/etc/confd/conf.d/env.local.toml index 1b8fded5..d614cc69 100644 --- a/infrastructure/display-api-service/etc/confd/conf.d/env.local.toml +++ b/infrastructure/itkdev/display-api-service/etc/confd/conf.d/env.local.toml @@ -5,4 +5,4 @@ owner = "deploy" mode = "0644" keys = [ "/app-config" -] \ No newline at end of file +] diff --git a/infrastructure/display-api-service/etc/confd/templates/env.local.tmpl b/infrastructure/itkdev/display-api-service/etc/confd/templates/env.local.tmpl similarity index 100% rename from infrastructure/display-api-service/etc/confd/templates/env.local.tmpl rename to infrastructure/itkdev/display-api-service/etc/confd/templates/env.local.tmpl diff --git a/infrastructure/itkdev/nginx/Dockerfile b/infrastructure/itkdev/nginx/Dockerfile new file mode 100644 index 00000000..7a0334dd --- /dev/null +++ b/infrastructure/itkdev/nginx/Dockerfile @@ -0,0 +1,37 @@ +ARG APP_VERSION="develop" +FROM itkdev/os2display-api-service:${APP_VERSION} as APPLICATION + +FROM nginxinc/nginx-unprivileged:alpine +LABEL maintainer="ITK Dev " +ARG UID=101 +ARG GID=101 + +ENV APP_PATH=/var/www/html + +USER root + +RUN mkdir -p ${APP_PATH}/public + +COPY --from=APPLICATION ${APP_PATH}/public ${APP_PATH}/public + +WORKDIR ${APP_PATH} + +# Copy configuration. +COPY etc/ /etc/ + +# Install configuration template handler +ADD https://github.com/kelseyhightower/confd/releases/download/v0.16.0/confd-0.16.0-linux-amd64 /usr/local/bin/confd +RUN chmod +x /usr/local/bin/confd + +COPY docker-entrypoint.sh / +RUN chmod +x /docker-entrypoint.sh \ + && chown -R $UID:0 ${APP_PATH} \ + && chmod -R g+w ${APP_PATH} + +USER $UID + +EXPOSE 8080 + +ENTRYPOINT [ "/docker-entrypoint.sh" ] + +CMD ["nginx", "-g", "daemon off;"] diff --git a/infrastructure/nginx/docker-entrypoint.sh b/infrastructure/itkdev/nginx/docker-entrypoint.sh similarity index 100% rename from infrastructure/nginx/docker-entrypoint.sh rename to infrastructure/itkdev/nginx/docker-entrypoint.sh diff --git a/infrastructure/nginx/etc/confd/conf.d/default.conf.toml b/infrastructure/itkdev/nginx/etc/confd/conf.d/default.conf.toml similarity index 98% rename from infrastructure/nginx/etc/confd/conf.d/default.conf.toml rename to infrastructure/itkdev/nginx/etc/confd/conf.d/default.conf.toml index 68f7ecaa..185954f0 100644 --- a/infrastructure/nginx/etc/confd/conf.d/default.conf.toml +++ b/infrastructure/itkdev/nginx/etc/confd/conf.d/default.conf.toml @@ -4,4 +4,4 @@ dest = "/etc/nginx/conf.d/default.conf" mode = "0644" keys = [ "/nginx-config" -] \ No newline at end of file +] diff --git a/infrastructure/nginx/etc/confd/conf.d/nginx.conf.toml b/infrastructure/itkdev/nginx/etc/confd/conf.d/nginx.conf.toml similarity index 98% rename from infrastructure/nginx/etc/confd/conf.d/nginx.conf.toml rename to infrastructure/itkdev/nginx/etc/confd/conf.d/nginx.conf.toml index 9838edc0..7c81a661 100644 --- a/infrastructure/nginx/etc/confd/conf.d/nginx.conf.toml +++ b/infrastructure/itkdev/nginx/etc/confd/conf.d/nginx.conf.toml @@ -4,4 +4,4 @@ dest = "/etc/nginx/nginx.conf" mode = "0644" keys = [ "/nginx-config" -] \ No newline at end of file +] diff --git a/infrastructure/nginx/etc/confd/templates/default.conf.tmpl b/infrastructure/itkdev/nginx/etc/confd/templates/default.conf.tmpl similarity index 100% rename from infrastructure/nginx/etc/confd/templates/default.conf.tmpl rename to infrastructure/itkdev/nginx/etc/confd/templates/default.conf.tmpl diff --git a/infrastructure/nginx/etc/confd/templates/nginx.conf.tmpl b/infrastructure/itkdev/nginx/etc/confd/templates/nginx.conf.tmpl similarity index 100% rename from infrastructure/nginx/etc/confd/templates/nginx.conf.tmpl rename to infrastructure/itkdev/nginx/etc/confd/templates/nginx.conf.tmpl diff --git a/infrastructure/itkdev/run.sh b/infrastructure/itkdev/run.sh new file mode 100644 index 00000000..b028f5cd --- /dev/null +++ b/infrastructure/itkdev/run.sh @@ -0,0 +1,13 @@ +#!/bin/sh + +set -eux + +APP_VERSION=develop + +docker pull nginxinc/nginx-unprivileged:alpine + +docker build --pull --no-cache --build-arg APP_VERSION=${APP_VERSION} --tag=itkdev/os2display-api-service:${APP_VERSION} --file="display-api-service/Dockerfile" display-api-service +docker build --no-cache --build-arg VERSION=${APP_VERSION} --tag=itkdev/os2display-api-service-nginx:${APP_VERSION} --file="nginx/Dockerfile" nginx + +# docker push itkdev/os2display-api-service:${APP_VERSION} +# docker push itkdev/os2display-api-service-nginx:${APP_VERSION} diff --git a/infrastructure/os2display/Readme.md b/infrastructure/os2display/Readme.md new file mode 100644 index 00000000..f7a40e5d --- /dev/null +++ b/infrastructure/os2display/Readme.md @@ -0,0 +1,3 @@ +# OS2display image build + +This folder contains the infrastructure files for building the `os2display/*` images \ No newline at end of file diff --git a/infrastructure/display-api-service/Dockerfile b/infrastructure/os2display/display-api-service/Dockerfile similarity index 99% rename from infrastructure/display-api-service/Dockerfile rename to infrastructure/os2display/display-api-service/Dockerfile index ee17f0ba..99ba3975 100644 --- a/infrastructure/display-api-service/Dockerfile +++ b/infrastructure/os2display/display-api-service/Dockerfile @@ -137,14 +137,14 @@ RUN mkdir -p ${APP_PATH}/config/secrets \ && chown -R www-data:www-data ${APP_PATH} # Copy configuration. -COPY etc/ /etc/ +COPY etc /etc/ # Install configuration template handler ADD https://github.com/kelseyhightower/confd/releases/download/v0.16.0/confd-0.16.0-linux-amd64 /usr/local/bin/confd RUN chmod +x /usr/local/bin/confd # Copy confd onfiguration. -COPY etc/ /etc/ +COPY etc /etc/ COPY docker-entrypoint.sh /usr/local/bin/ RUN chmod +x /usr/local/bin/docker-entrypoint.sh diff --git a/infrastructure/display-api-service/docker-entrypoint.sh b/infrastructure/os2display/display-api-service/docker-entrypoint.sh similarity index 100% rename from infrastructure/display-api-service/docker-entrypoint.sh rename to infrastructure/os2display/display-api-service/docker-entrypoint.sh diff --git a/infrastructure/os2display/display-api-service/etc/confd/conf.d/env.local.toml b/infrastructure/os2display/display-api-service/etc/confd/conf.d/env.local.toml new file mode 100644 index 00000000..e7f303a3 --- /dev/null +++ b/infrastructure/os2display/display-api-service/etc/confd/conf.d/env.local.toml @@ -0,0 +1,8 @@ +[template] +src = "env.local.tmpl" +dest = "/var/www/html/.env.local" +owner = "www-data" +mode = "0644" +keys = [ + "/app-config" +] diff --git a/infrastructure/os2display/display-api-service/etc/confd/templates/env.local.tmpl b/infrastructure/os2display/display-api-service/etc/confd/templates/env.local.tmpl new file mode 100644 index 00000000..5a24a362 --- /dev/null +++ b/infrastructure/os2display/display-api-service/etc/confd/templates/env.local.tmpl @@ -0,0 +1,44 @@ +###> symfony/framework-bundle ### +APP_ENV={{ getenv "APP_ENV" "prod" }} +APP_SECRET={{ getenv "APP_SECRET" "MySuperSecret" }} +TRUSTED_PROXIES={{ getenv "APP_TRUSTED_PROXIES" "127.0.0.1,REMOTE_ADDR" }} +###< symfony/framework-bundle ### + +###> doctrine/doctrine-bundle ### +DATABASE_URL={{ getenv "APP_DATABASE_URL" "mysql://db:db@mariadb:3306/db?serverVersion=mariadb-10.4.0" }} +###< doctrine/doctrine-bundle ### + +###> nelmio/cors-bundle ### +CORS_ALLOW_ORIGIN={{ getenv "APP_CORS_ALLOW_ORIGIN" "'^https?://localhost(:[0-9]+)?$'" }} +###< nelmio/cors-bundle ### + +###> App ### +APP_DEFAULT_DATE_FORMAT='{{ getenv "APP_DEFAULT_DATE_FORMAT" "Y-m-d\\TH:i:s\\Z" }}' +###< App ### + +###> lexik/jwt-authentication-bundle ### +JWT_PASSPHRASE={{ getenv "APP_JWT_PASSPHRASE" }} +JWT_TOKEN_TTL={{ getenv "APP_JWT_TOKEN_TTL" "3600" }} +JWT_SCREEN_TOKEN_TTL={{ getenv "APP_JWT_SCREEN_TOKEN_TTL" "3600" }} +###< lexik/jwt-authentication-bundle ### + +###> gesdinet/jwt-refresh-token-bundle ### +JWT_REFRESH_TOKEN_TTL={{ getenv "APP_JWT_REFRESH_TOKEN_TTL" "2592000" }} +JWT_SCREEN_REFRESH_TOKEN_TTL={{ getenv "APP_JWT_SCREEN_REFRESH_TOKEN_TTL" "2592000" }} +###< gesdinet/jwt-refresh-token-bundle ### + +###> itk-dev/openid-connect-bundle ### +# "admin" open id connect configuration variables (values provided by the OIDC IdP) +OIDC_METADATA_URL={{ getenv "APP_OIDC_METADATA_URL" "" }} +OIDC_CLIENT_ID={{ getenv "APP_OIDC_CLIENT_ID" "" }} +OIDC_CLIENT_SECRET={{ getenv "APP_OIDC_CLIENT_SECRET" "" }} +OIDC_REDIRECT_URI={{ getenv "APP_OIDC_REDIRECT_URI" "" }} +OIDC_LEEWAY={{ getenv "APP_OIDC_LEEWAY" "30" }} + +CLI_REDIRECT={{ getenv "APP_CLI_REDIRECT" "" }} +###< itk-dev/openid-connect-bundle ### + +###> redis ### +REDIS_CACHE_PREFIX={{ getenv "APP_CLI_REDIRECT" "DisplayApiService" }} +REDIS_CACHE_DSN={{ getenv "APP_CLI_REDIRECT" "redis://redis:6379/0" }} +###< redis ### diff --git a/infrastructure/display-api-service/gitconfig b/infrastructure/os2display/display-api-service/gitconfig similarity index 100% rename from infrastructure/display-api-service/gitconfig rename to infrastructure/os2display/display-api-service/gitconfig diff --git a/infrastructure/display-api-service/php/apcu.ini b/infrastructure/os2display/display-api-service/php/apcu.ini similarity index 100% rename from infrastructure/display-api-service/php/apcu.ini rename to infrastructure/os2display/display-api-service/php/apcu.ini diff --git a/infrastructure/display-api-service/php/fpm.ini b/infrastructure/os2display/display-api-service/php/fpm.ini similarity index 100% rename from infrastructure/display-api-service/php/fpm.ini rename to infrastructure/os2display/display-api-service/php/fpm.ini diff --git a/infrastructure/display-api-service/php/opcache.ini b/infrastructure/os2display/display-api-service/php/opcache.ini similarity index 100% rename from infrastructure/display-api-service/php/opcache.ini rename to infrastructure/os2display/display-api-service/php/opcache.ini diff --git a/infrastructure/display-api-service/php/php.ini b/infrastructure/os2display/display-api-service/php/php.ini similarity index 100% rename from infrastructure/display-api-service/php/php.ini rename to infrastructure/os2display/display-api-service/php/php.ini diff --git a/infrastructure/nginx/Dockerfile b/infrastructure/os2display/nginx/Dockerfile similarity index 98% rename from infrastructure/nginx/Dockerfile rename to infrastructure/os2display/nginx/Dockerfile index f6b93c74..bc13dcd1 100644 --- a/infrastructure/nginx/Dockerfile +++ b/infrastructure/os2display/nginx/Dockerfile @@ -17,7 +17,7 @@ COPY --from=APPLICATION ${APP_PATH}/public ${APP_PATH}/public WORKDIR ${APP_PATH} # Copy configuration. -COPY etc/ /etc/ +COPY etc /etc/ # Install configuration template handler ADD https://github.com/kelseyhightower/confd/releases/download/v0.16.0/confd-0.16.0-linux-amd64 /usr/local/bin/confd diff --git a/infrastructure/os2display/nginx/docker-entrypoint.sh b/infrastructure/os2display/nginx/docker-entrypoint.sh new file mode 100644 index 00000000..978fa9f4 --- /dev/null +++ b/infrastructure/os2display/nginx/docker-entrypoint.sh @@ -0,0 +1,49 @@ +#!/bin/sh + +set -eux + +## Run templates with configuration. +/usr/local/bin/confd --onetime --backend env --confdir /etc/confd + +entrypoint_log() { + if [ -z "${NGINX_ENTRYPOINT_QUIET_LOGS:-}" ]; then + echo "$@" + fi +} + +if [ "$1" = "nginx" -o "$1" = "nginx-debug" ]; then + if /usr/bin/find "/docker-entrypoint.d/" -mindepth 1 -maxdepth 1 -type f -print -quit 2>/dev/null | read v; then + entrypoint_log "$0: /docker-entrypoint.d/ is not empty, will attempt to perform configuration" + + entrypoint_log "$0: Looking for shell scripts in /docker-entrypoint.d/" + find "/docker-entrypoint.d/" -follow -type f -print | sort -V | while read -r f; do + case "$f" in + *.envsh) + if [ -x "$f" ]; then + entrypoint_log "$0: Sourcing $f"; + . "$f" + else + # warn on shell scripts without exec bit + entrypoint_log "$0: Ignoring $f, not executable"; + fi + ;; + *.sh) + if [ -x "$f" ]; then + entrypoint_log "$0: Launching $f"; + "$f" + else + # warn on shell scripts without exec bit + entrypoint_log "$0: Ignoring $f, not executable"; + fi + ;; + *) entrypoint_log "$0: Ignoring $f";; + esac + done + + entrypoint_log "$0: Configuration complete; ready for start up" + else + entrypoint_log "$0: No files found in /docker-entrypoint.d/, skipping configuration" + fi +fi + +exec "$@" diff --git a/infrastructure/os2display/nginx/etc/confd/conf.d/default.conf.toml b/infrastructure/os2display/nginx/etc/confd/conf.d/default.conf.toml new file mode 100644 index 00000000..185954f0 --- /dev/null +++ b/infrastructure/os2display/nginx/etc/confd/conf.d/default.conf.toml @@ -0,0 +1,7 @@ +[template] +src = "default.conf.tmpl" +dest = "/etc/nginx/conf.d/default.conf" +mode = "0644" +keys = [ + "/nginx-config" +] diff --git a/infrastructure/os2display/nginx/etc/confd/conf.d/nginx.conf.toml b/infrastructure/os2display/nginx/etc/confd/conf.d/nginx.conf.toml new file mode 100644 index 00000000..7c81a661 --- /dev/null +++ b/infrastructure/os2display/nginx/etc/confd/conf.d/nginx.conf.toml @@ -0,0 +1,7 @@ +[template] +src = "nginx.conf.tmpl" +dest = "/etc/nginx/nginx.conf" +mode = "0644" +keys = [ + "/nginx-config" +] diff --git a/infrastructure/os2display/nginx/etc/confd/templates/default.conf.tmpl b/infrastructure/os2display/nginx/etc/confd/templates/default.conf.tmpl new file mode 100644 index 00000000..b6f32099 --- /dev/null +++ b/infrastructure/os2display/nginx/etc/confd/templates/default.conf.tmpl @@ -0,0 +1,52 @@ +# @see https://symfony.com/doc/current/setup/web_server_configuration.html +server { + listen 8080; + server_name localhost; + root /var/www/html/public; + + location / { + add_header X-Robots-Tag "noindex, nofollow, nosnippet, noarchive"; + + # try to serve file directly, fallback to index.php + try_files $uri /index.php$is_args$args; + } + + location = /robots.txt { + add_header Content-Type text/plain; + add_header X-Robots-Tag "noindex, nofollow, nosnippet, noarchive"; + return 200 "User-agent: *\nDisallow: /\n"; + } + + location ~ ^/index\.php(/|$) { + fastcgi_pass {{ getenv "PHP_FPM_SERVER" "phpfpm" }}:{{ getenv "PHP_FPM_SERVER_PORT" "9000" }}; + fastcgi_split_path_info ^(.+\.php)(/.*)$; + include fastcgi_params; + + fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name; + fastcgi_param DOCUMENT_ROOT $realpath_root; + + internal; + } + + # return 404 for all other php files not matching the front controller + # this prevents access to other php files you don't want to be accessible. + location ~ \.php$ { + return 404; + } + + error_log /var/log/nginx/error.log; + access_log /var/log/nginx/access.log; +} + +server { + listen 8080; + server_name localhost; + root /var/www/html/public; + + error_log off; + access_log off; + + location /stub_status { + stub_status; + } +} diff --git a/infrastructure/os2display/nginx/etc/confd/templates/nginx.conf.tmpl b/infrastructure/os2display/nginx/etc/confd/templates/nginx.conf.tmpl new file mode 100644 index 00000000..6e77365d --- /dev/null +++ b/infrastructure/os2display/nginx/etc/confd/templates/nginx.conf.tmpl @@ -0,0 +1,48 @@ +worker_processes auto; + +error_log /var/log/nginx/error.log warn; +pid /tmp/nginx.pid; + +events { + worker_connections 2048; + multi_accept on; +} + + +http { + open_file_cache max=10000 inactive=5m; + open_file_cache_valid 5m; + open_file_cache_min_uses 5; + open_file_cache_errors off; + + sendfile on; + tcp_nopush on; + tcp_nodelay on; + keepalive_timeout 15 15; + types_hash_max_size 2048; + + server_tokens off; + + client_max_body_size {{ getenv "NGINX_FPM_UPLOAD_MAX" "8M" }}; + + gzip on; + gzip_disable "msie6"; + gzip_vary on; + gzip_proxied any; + gzip_comp_level 6; + gzip_buffers 16 8k; + gzip_http_version 1.0; + gzip_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript application/javascript; + + include /etc/nginx/mime.types; + default_type application/octet-stream; + + log_format main '$remote_addr - $remote_user [$time_local] "$request" ' + '$status $body_bytes_sent "$http_referer" ' + '"$http_user_agent" "$http_x_forwarded_for"'; + + error_log /dev/stderr; + access_log /dev/stdout main; + + include /etc/nginx/conf.d/*.conf; +} diff --git a/infrastructure/run.sh b/infrastructure/os2display/run.sh similarity index 100% rename from infrastructure/run.sh rename to infrastructure/os2display/run.sh