feat: Add php8.1

roadiz · May 24, 2022 · 3e4f9c7 · 3e4f9c7
1 parent d4b80c7
commit 3e4f9c7
Show file tree

Hide file tree

Showing 6 changed files with 226 additions and 1 deletion.
diff --git a/docker-compose.yml b/docker-compose.yml
@@ -106,7 +106,8 @@ services:
         env_file: "./.env.local"
         build:
             #context: ./docker/php74-nginx-alpine
-            context: ./docker/php80-nginx-alpine
+            #context: ./docker/php80-nginx-alpine
+            context: ./docker/php81-nginx-alpine
             args:
                 USER_UID: ${USER_UID}
         ports:

diff --git a/docker/php81-nginx-alpine/Dockerfile b/docker/php81-nginx-alpine/Dockerfile
@@ -0,0 +1,29 @@
+FROM roadiz/php81-nginx-alpine
+MAINTAINER Ambroise Maupate <[email protected]>
+
+ARG USER_UID=1000
+ENV COMPOSER_ALLOW_SUPERUSER=1
+ENV APP_ENV=dev
+ENV APP_CACHE=0
+
+RUN apk add --no-cache shadow make git \
+    && usermod -u ${USER_UID} www-data \
+    && groupmod -g ${USER_UID} www-data \
+    && composer --version \
+    && ln -s /usr/share/zoneinfo/Europe/Paris /etc/localtime \
+    && "date"
+
+# Display errors
+ADD php.ini /usr/local/etc/php/php.ini
+# Added Roadiz messenger for async tasks
+ADD supervisor.ini /etc/supervisor.d/services.ini
+ADD zz-docker.conf /usr/local/etc/php-fpm.d/zz-docker.conf
+ADD nginx /etc/nginx
+
+VOLUME /var/www/html
+WORKDIR /var/www/html
+
+RUN ln -s /usr/share/nginx/html/bin/roadiz /usr/local/bin/roadiz \
+    && chown -R www-data:www-data /var/www/html/
+
+ENTRYPOINT exec /usr/bin/supervisord -n -c /etc/supervisord.conf
diff --git a/docker/php81-nginx-alpine/nginx/default.d/000-default.conf b/docker/php81-nginx-alpine/nginx/default.d/000-default.conf
@@ -0,0 +1,105 @@
+server {
+    listen [::]:80 default_server ipv6only=off;
+    # Use Roadiz Standard Edition real root.
+    root /var/www/html/public;
+
+    client_body_temp_path /tmp/client_body 1 2;
+    fastcgi_temp_path /tmp/fastcgi 1 2;
+
+    index index.php;
+
+    add_header X-Frame-Options "SAMEORIGIN";
+    add_header X-XSS-Protection "1; mode=block";
+    add_header X-Content-Type-Options "nosniff";
+
+    # Kick wordpress brute force attack before it
+    # fills Roadiz logs with not-found resources.
+    location ~ ^/wp\-(includes|admin|login\.php) {
+        return 404;
+    }
+
+    # deny access to .htaccess files, if Apache's document root
+    # concurs with nginx's one
+    location ~ /\.ht {
+        deny all;
+    }
+    location ~ /\.git {
+        deny all;
+    }
+
+    location ~ ^/themes/(.+)\.(php|yml|twig|xlf|rzn|rzt|rzg)$ {
+        deny all;
+    }
+    # Enable Expire on Themes public assets
+    location ~* ^/(?:themes|files|assets)/*.*\.(?:ico|css|js|woff2?|eot|ttf|otf|svg|gif|jpe?g|png|webp|mp4|webm)$ {
+        # Serve not found files with PHP
+        try_files $uri $uri/ /index.php$is_args$args;
+
+        expires 30d;
+        access_log off;
+        add_header "Pragma" "public";
+        add_header "Cache-Control" "public";
+        add_header "Vary" "Accept-Encoding";
+        add_header "X-Frame-Options" "SAMEORIGIN";
+        add_header "X-XSS-Protection" "1; mode=block";
+        add_header "X-Content-Type-Options" "nosniff";
+        add_header 'Access-Control-Allow-Origin' '*';
+        add_header 'Access-Control-Allow-Methods' 'GET, OPTIONS';
+        add_header 'Access-Control-Allow-Headers' 'DNT,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range';
+    }
+
+    location / {
+        # First attempt to serve request as file, then
+        # as directory, then fall back to front-end controller
+        # (do not forget to pass GET parameters).
+        try_files $uri $uri/ /index.php$is_args$args;
+    }
+
+    location ~ /install.php/ {
+        try_files $uri $uri/ /install.php$is_args$args;
+    }
+    location ~ /dev.php/ {
+        try_files $uri $uri/ /dev.php$is_args$args;
+    }
+    location ~ /preview.php/ {
+        try_files $uri $uri/ /preview.php$is_args$args;
+    }
+    location ~ /clear_cache.php/ {
+        try_files $uri $uri/ /clear_cache.php$is_args$args;
+    }
+
+    #
+    # Production entry point.
+    #
+    location ~ ^/index\.php(/|$) {
+        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
+        fastcgi_pass unix:/var/run/php-fpm.sock;
+        fastcgi_index index.php;
+        fastcgi_split_path_info ^(.+\.php)(.*)$;
+        include fastcgi_params;
+        try_files $uri =404;
+        # Prevents URIs that include the front controller. This will 404:
+        # http://domain.tld/app.php/some-path
+        # Remove the internal directive to allow URIs like this
+        internal;
+    }
+
+    #
+    # Preview, Dev and Install entry points.
+    #
+    # In production server, don't deploy dev.php or install.php
+    #
+    location ~ ^/(dev|install|preview|clear_cache)\.php(/|$) {
+        # Enforce file cache invalidation at each request
+        fastcgi_param PHP_VALUE "opcache.revalidate_freq=0";
+        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
+        fastcgi_pass unix:/var/run/php-fpm.sock;
+        fastcgi_split_path_info ^(.+\.php)(.*)$;
+        include fastcgi_params;
+        try_files $uri =404;
+    }
+
+    # Don't log robots.txt or favicon.ico files
+    location = /favicon.ico { log_not_found off; access_log off; }
+    location = /robots.txt  { allow all; access_log off; log_not_found off; }
+}
diff --git a/docker/php81-nginx-alpine/php.ini b/docker/php81-nginx-alpine/php.ini
@@ -0,0 +1,34 @@
+error_reporting = E_ALL
+html_errors = On
+
+apc.enable_cli = 0
+date.timezone = Europe/Paris
+session.auto_start = Off
+; Session ID cannot be passed through URLs
+session.use_only_cookies = On
+; Uses a secure connection (HTTPS) if possible
+; session.cookie_secure = On
+; Do not accept uninitialized session ID
+session.use_strict_mode = On
+; Do not make session cookie available to JS
+session.cookie_httponly = On
+short_open_tag = Off
+
+; http://symfony.com/doc/current/performance.html
+; Configure OPcache for Maximum Performance
+opcache.enable=1
+opcache.memory_consumption=256
+opcache.max_accelerated_files = 20000
+; Don't Check PHP Files Timestamps
+opcache.revalidate_freq=0
+opcache.validate_timestamps=1
+opcache.fast_shutdown=1
+; Configure the PHP realpath Cache
+realpath_cache_size = 4096K
+realpath_cache_ttl = 600
+memory_limit = 512M
+post_max_size = 128M
+upload_max_filesize = 128M
+expose_php = On
+display_errors = On
+
diff --git a/docker/php81-nginx-alpine/supervisor.ini b/docker/php81-nginx-alpine/supervisor.ini
@@ -0,0 +1,41 @@
+[program:crond]
+command = crond -f -L 15
+autostart=true
+autorestart=true
+priority=10
+
+[program:nginx]
+command=nginx
+autostart=true
+autorestart=true
+priority=10
+stdout_events_enabled=true
+stderr_events_enabled=true
+stdout_logfile=/dev/stdout
+stdout_logfile_maxbytes=0
+stderr_logfile=/dev/stderr
+stderr_logfile_maxbytes=0
+
+[program:php-fpm]
+command = php-fpm --fpm-config /usr/local/etc/php-fpm.conf
+autostart=true
+autorestart=true
+priority=5
+stdout_logfile=/dev/stdout
+stdout_logfile_maxbytes=0
+stderr_logfile=/dev/stderr
+stderr_logfile_maxbytes=0
+
+;/etc/supervisor/conf.d/messenger-worker.conf
+[program:messenger-consume]
+command=php -d "memory_limit=-1" /var/www/html/bin/console messenger:consume async --time-limit=1800
+user=www-data
+numprocs=2
+startsecs=0
+autostart=true
+autorestart=true
+process_name=%(program_name)s_%(process_num)02d
+stdout_logfile=/dev/stdout
+stdout_logfile_maxbytes=0
+stderr_logfile=/dev/stderr
+stderr_logfile_maxbytes=0
diff --git a/docker/php81-nginx-alpine/zz-docker.conf b/docker/php81-nginx-alpine/zz-docker.conf
@@ -0,0 +1,15 @@
+[global]
+daemonize = no
+
+[www]
+user = www-data
+group = www-data
+listen.owner = www-data
+listen.group = www-data
+listen.mode = 0660
+
+listen = /var/run/php-fpm.sock
+
+php_admin_value[error_log] = /dev/stderr
+php_admin_flag[log_errors] = on
+php_flag[display_errors] = on