From d99e890e99de630d2894e22d034ccd88836cc379 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Elan=20Ruusam=C3=A4e?= Date: Thu, 23 May 2019 21:47:21 +0300 Subject: [PATCH 1/6] update to 3.7.1; update to best practices - build code image using build stages - drop nginx build; just bind mount extra config --- Dockerfile | 39 ++++++++++++++++------------------ docker-compose.yml | 27 ++++++++++------------- nginx/nginx.conf => nginx.conf | 4 ++-- nginx/Dockerfile | 8 ------- 4 files changed, 31 insertions(+), 47 deletions(-) rename nginx/nginx.conf => nginx.conf (81%) delete mode 100644 nginx/Dockerfile diff --git a/Dockerfile b/Dockerfile index 16f48a5..2530590 100644 --- a/Dockerfile +++ b/Dockerfile @@ -3,32 +3,29 @@ # https://github.com/eventum/eventum # -FROM php:5.6-fpm +FROM php:7.1-fpm-alpine AS base -ARG EVENTUM_VERSION=3.3.3 -ARG EVENTUM_MD5=7fde18feb868ad965aa186418eccd1c1 +FROM base AS source +RUN apk add --no-cache curl -WORKDIR /usr/src/eventum +# download and unpack code +WORKDIR /source +ARG VERSION=3.7.1 +RUN curl -fLSs https://github.com/eventum/eventum/releases/download/v$VERSION/eventum-$VERSION.tar.xz -o eventum.tar.xz -# step1: install eventum code -RUN set -xe \ - && curl -fLSs https://github.com/eventum/eventum/releases/download/v$EVENTUM_VERSION/eventum-$EVENTUM_VERSION.tar.gz -o eventum.tgz \ - && echo "$EVENTUM_MD5 *eventum.tgz" | md5sum -c - \ - && tar --strip-components=1 -xzf eventum.tgz \ - && rm -f eventum.tgz \ +ARG CHECKSUM=060b2fa8b09cebaf442c2088137998fdfce1082487d83115cafa49bf12834689 +RUN sha256sum eventum.tar.xz +RUN echo "$CHECKSUM *eventum.tar.xz" | sha256sum -c - + +WORKDIR /app +RUN tar --strip-components=1 -xf /source/eventum.tar.xz +RUN set -x \ && chmod -R og-rwX config var \ && chown -R www-data: config var \ && du -sh -# step2: install dependencies -RUN set -xe \ - && ln -s /usr/local/bin/php /usr/bin \ - && apt-get update \ - && apt-get install -y --no-install-recommends libpng-dev libmcrypt-dev \ - && docker-php-ext-install pdo pdo_mysql gd mcrypt \ - && apt-get remove -y zlib1g-dev libpng12-dev zlib1g-dev libmcrypt-dev \ - && apt-get clean \ - && rm -rfv /var/lib/apt/lists/* /tmp/* /var/tmp/* \ - && php -m - +# build runtime image +FROM base +WORKDIR /app +COPY --from=source /app ./ USER www-data diff --git a/docker-compose.yml b/docker-compose.yml index 6c724c2..6ebc984 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -1,22 +1,14 @@ version: '2.1' -volumes: - config: - mysql: - code: - name: eventum-3.3.3 - services: eventum: - image: eventum/eventum:3.3.3 + build: . volumes: - - code:/usr/src/eventum - - config:/usr/src/eventum/config - links: - - mysql + # share htdocs with nginx container + - public:/app/htdocs mysql: - image: mysql:5.6 + image: percona:5.7 volumes: - mysql:/var/lib/mysql environment: @@ -24,12 +16,15 @@ services: - MYSQL_DATABASE=eventum nginx: - build: nginx + image: nginx:alpine ports: - "8088:80" - links: - - eventum:fpm volumes: - - code:/usr/src/eventum:ro + - ./nginx.conf:/etc/nginx/conf.d/default.conf:ro + - public:/app/htdocs:ro + +volumes: + public: + mysql: # vim:ts=2:sw=2:et diff --git a/nginx/nginx.conf b/nginx.conf similarity index 81% rename from nginx/nginx.conf rename to nginx.conf index 5caff5d..db95d2a 100644 --- a/nginx/nginx.conf +++ b/nginx.conf @@ -2,7 +2,7 @@ server { server_name eventum; listen 80; - root /usr/src/eventum/htdocs; + root /app/htdocs; index index.php; location / { @@ -12,6 +12,6 @@ server { location ~ \.php$ { include fastcgi_params; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - fastcgi_pass fpm:9000; + fastcgi_pass eventum:9000; } } diff --git a/nginx/Dockerfile b/nginx/Dockerfile deleted file mode 100644 index 8f0fe0b..0000000 --- a/nginx/Dockerfile +++ /dev/null @@ -1,8 +0,0 @@ -# -# Dockerfile for Eventum nginx -# https://github.com/eventum/eventum -# - -FROM nginx:alpine - -ADD nginx.conf /etc/nginx/conf.d/default.conf From f659061b2ddafb9b05494790276eda251cceadee Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Elan=20Ruusam=C3=A4e?= Date: Thu, 23 May 2019 21:48:05 +0300 Subject: [PATCH 2/6] setup .gitignore --- .gitignore | 3 +++ 1 file changed, 3 insertions(+) create mode 100644 .gitignore diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..1d1c9d7 --- /dev/null +++ b/.gitignore @@ -0,0 +1,3 @@ +*~ +/.idea/ +/docker-compose.override.yml From 484698789c3fe97b52f7e6713ab149023e9fa91c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Elan=20Ruusam=C3=A4e?= Date: Sun, 26 May 2019 04:08:54 +0300 Subject: [PATCH 3/6] use phpearth image for php runtime --- Dockerfile | 7 +++++-- docker-compose.yml | 14 ++------------ nginx.conf | 17 ----------------- 3 files changed, 7 insertions(+), 31 deletions(-) delete mode 100644 nginx.conf diff --git a/Dockerfile b/Dockerfile index 2530590..0a866d7 100644 --- a/Dockerfile +++ b/Dockerfile @@ -3,7 +3,7 @@ # https://github.com/eventum/eventum # -FROM php:7.1-fpm-alpine AS base +FROM phpearth/php:7.1-nginx AS base FROM base AS source RUN apk add --no-cache curl @@ -26,6 +26,9 @@ RUN set -x \ # build runtime image FROM base +RUN apk add --no-cache php7.1-gd php7.1-intl php7.1-pdo_mysql +# update to use app root; required to change config as expose only subdir +RUN sed -i -e '/root/ s;/var/www/html;/app/htdocs;' /etc/nginx/conf.d/default.conf + WORKDIR /app COPY --from=source /app ./ -USER www-data diff --git a/docker-compose.yml b/docker-compose.yml index 6ebc984..ff40d2e 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -3,9 +3,8 @@ version: '2.1' services: eventum: build: . - volumes: - # share htdocs with nginx container - - public:/app/htdocs + ports: + - "8088:80" mysql: image: percona:5.7 @@ -15,16 +14,7 @@ services: - MYSQL_ALLOW_EMPTY_PASSWORD=1 - MYSQL_DATABASE=eventum - nginx: - image: nginx:alpine - ports: - - "8088:80" - volumes: - - ./nginx.conf:/etc/nginx/conf.d/default.conf:ro - - public:/app/htdocs:ro - volumes: - public: mysql: # vim:ts=2:sw=2:et diff --git a/nginx.conf b/nginx.conf deleted file mode 100644 index db95d2a..0000000 --- a/nginx.conf +++ /dev/null @@ -1,17 +0,0 @@ -server { - server_name eventum; - listen 80; - - root /app/htdocs; - index index.php; - - location / { - try_files $uri $uri/ /index.php$is_args$args; - } - - location ~ \.php$ { - include fastcgi_params; - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - fastcgi_pass eventum:9000; - } -} From be7fc3bc5e4b80015905adbd5edbec9bcf04e346 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Elan=20Ruusam=C3=A4e?= Date: Sat, 6 Jul 2019 23:46:25 +0300 Subject: [PATCH 4/6] setup default sane php.ini values --- Dockerfile | 4 ++++ docker-compose.yml | 2 ++ php.ini | 23 +++++++++++++++++++++++ 3 files changed, 29 insertions(+) create mode 100644 php.ini diff --git a/Dockerfile b/Dockerfile index 0a866d7..23564cb 100644 --- a/Dockerfile +++ b/Dockerfile @@ -24,6 +24,9 @@ RUN set -x \ && chown -R www-data: config var \ && du -sh +COPY php.ini /php.ini +RUN chmod 644 /php.ini + # build runtime image FROM base RUN apk add --no-cache php7.1-gd php7.1-intl php7.1-pdo_mysql @@ -31,4 +34,5 @@ RUN apk add --no-cache php7.1-gd php7.1-intl php7.1-pdo_mysql RUN sed -i -e '/root/ s;/var/www/html;/app/htdocs;' /etc/nginx/conf.d/default.conf WORKDIR /app +COPY --from=source /php.ini /etc/php/7.1/php.ini COPY --from=source /app ./ diff --git a/docker-compose.yml b/docker-compose.yml index ff40d2e..b2b7e0b 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -3,6 +3,8 @@ version: '2.1' services: eventum: build: . + volumes: + - ./php.ini:/etc/php/7.1/php.ini ports: - "8088:80" diff --git a/php.ini b/php.ini new file mode 100644 index 0000000..d4f145a --- /dev/null +++ b/php.ini @@ -0,0 +1,23 @@ +; disable production reporting +; Production Value: E_ALL & ~E_DEPRECATED & ~E_STRICT +; http://php.net/error-reporting +error_reporting = E_ALL & ~E_DEPRECATED & ~E_STRICT + +; Default Value: On +; Development Value: On +; Production Value: Off +; http://php.net/display-errors +display_errors = Off + +; Default Value: Off +; Development Value: On +; Production Value: On +; http://php.net/log-errors +log_errors = On + +; Decides whether PHP may expose the fact that it is installed on the server +; (e.g. by adding its signature to the Web server header). It is no security +; threat in any way, but it makes it possible to determine whether you use PHP +; on your server or not. +; http://php.net/expose-php +expose_php = Off From 0a0d54205f3a9b0b49c99f52cec2449694803476 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Elan=20Ruusam=C3=A4e?= Date: Sun, 7 Jul 2019 00:01:04 +0300 Subject: [PATCH 5/6] configure logging to rotate logs --- docker-compose.yml | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/docker-compose.yml b/docker-compose.yml index b2b7e0b..bfcbdd6 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -7,6 +7,11 @@ services: - ./php.ini:/etc/php/7.1/php.ini ports: - "8088:80" + logging: + driver: json-file + options: + max-size: "10m" + max-file: "10" mysql: image: percona:5.7 @@ -15,6 +20,11 @@ services: environment: - MYSQL_ALLOW_EMPTY_PASSWORD=1 - MYSQL_DATABASE=eventum + logging: + driver: json-file + options: + max-size: "10m" + max-file: "10" volumes: mysql: From 1d66f4cccd002036acb8cd0472e787df9ac6f141 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Elan=20Ruusam=C3=A4e?= Date: Sun, 7 Jul 2019 00:01:10 +0300 Subject: [PATCH 6/6] move var and config permission change to last layer as the COPY does not preserve owner we have to live with extra layer --- Dockerfile | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/Dockerfile b/Dockerfile index 23564cb..707e701 100644 --- a/Dockerfile +++ b/Dockerfile @@ -19,10 +19,6 @@ RUN echo "$CHECKSUM *eventum.tar.xz" | sha256sum -c - WORKDIR /app RUN tar --strip-components=1 -xf /source/eventum.tar.xz -RUN set -x \ - && chmod -R og-rwX config var \ - && chown -R www-data: config var \ - && du -sh COPY php.ini /php.ini RUN chmod 644 /php.ini @@ -36,3 +32,7 @@ RUN sed -i -e '/root/ s;/var/www/html;/app/htdocs;' /etc/nginx/conf.d/default.co WORKDIR /app COPY --from=source /php.ini /etc/php/7.1/php.ini COPY --from=source /app ./ +RUN set -x \ + && chmod -R og-rwX config var \ + && chown -R www-data: config var \ + && du -sh