mirror of
https://github.com/mashirozx/docker-php-nginx.git
synced 2024-11-01 12:38:15 +08:00
Compare commits
20 Commits
Author | SHA1 | Date | |
---|---|---|---|
e6302859f4 | |||
f05153fc65 | |||
|
df1a00c979 | ||
|
6a440c890f | ||
|
1c140e8245 | ||
|
a41ad3100f | ||
|
68d8df88dc | ||
|
61f31882ce | ||
|
1bf1f811ff | ||
|
70b353a097 | ||
|
23d5674a3a | ||
|
9365423d74 | ||
|
3a38277dc8 | ||
|
da76cd5f6b | ||
|
16df3f80fc | ||
|
a58dccfd64 | ||
|
2102c58220 | ||
|
4689e12a6a | ||
|
9c6624e118 | ||
|
dab1e6766f |
43
.github/workflows/build-php7-arm.yml
vendored
Normal file
43
.github/workflows/build-php7-arm.yml
vendored
Normal file
@ -0,0 +1,43 @@
|
|||||||
|
name: Build PHP 7 ARM Image
|
||||||
|
|
||||||
|
on:
|
||||||
|
push:
|
||||||
|
branches:
|
||||||
|
- master
|
||||||
|
|
||||||
|
jobs:
|
||||||
|
docker-build:
|
||||||
|
runs-on: ubuntu-latest
|
||||||
|
|
||||||
|
steps:
|
||||||
|
- name: 🔍 Checkout code
|
||||||
|
uses: actions/checkout@v2
|
||||||
|
|
||||||
|
- name: 🏗️ Set up Docker Buildx
|
||||||
|
uses: docker/setup-buildx-action@v1
|
||||||
|
|
||||||
|
- name: 🔑 Login to DockerHub
|
||||||
|
uses: docker/login-action@v1
|
||||||
|
with:
|
||||||
|
username: ${{ secrets.DOCKERHUB_USERNAME }}
|
||||||
|
password: ${{ secrets.DOCKERHUB_TOKEN }}
|
||||||
|
|
||||||
|
- name: 🎃 Set up outputs
|
||||||
|
id: vars
|
||||||
|
run: |
|
||||||
|
echo "::set-output name=sha_short::$(git rev-parse --short HEAD)"
|
||||||
|
- name: ⚓ Build and push
|
||||||
|
uses: docker/build-push-action@v2
|
||||||
|
with:
|
||||||
|
context: .
|
||||||
|
file: ./Dockerfile.php7.arm
|
||||||
|
pull: true
|
||||||
|
push: true
|
||||||
|
# build-args: |
|
||||||
|
# arg1=value1
|
||||||
|
# arg2=value2
|
||||||
|
cache-from: type=registry,ref=mashirozx/php-nginx:php7-arm
|
||||||
|
cache-to: type=inline
|
||||||
|
tags: |
|
||||||
|
mashirozx/php-nginx:php7-arm
|
||||||
|
mashirozx/php-nginx:php7arm-${{steps.vars.outputs.sha_short}}
|
43
.github/workflows/build-php7.yml
vendored
Normal file
43
.github/workflows/build-php7.yml
vendored
Normal file
@ -0,0 +1,43 @@
|
|||||||
|
name: Build PHP 7 Image
|
||||||
|
|
||||||
|
on:
|
||||||
|
push:
|
||||||
|
branches:
|
||||||
|
- master
|
||||||
|
|
||||||
|
jobs:
|
||||||
|
docker-build:
|
||||||
|
runs-on: ubuntu-latest
|
||||||
|
|
||||||
|
steps:
|
||||||
|
- name: 🔍 Checkout code
|
||||||
|
uses: actions/checkout@v2
|
||||||
|
|
||||||
|
- name: 🏗️ Set up Docker Buildx
|
||||||
|
uses: docker/setup-buildx-action@v1
|
||||||
|
|
||||||
|
- name: 🔑 Login to DockerHub
|
||||||
|
uses: docker/login-action@v1
|
||||||
|
with:
|
||||||
|
username: ${{ secrets.DOCKERHUB_USERNAME }}
|
||||||
|
password: ${{ secrets.DOCKERHUB_TOKEN }}
|
||||||
|
|
||||||
|
- name: 🎃 Set up outputs
|
||||||
|
id: vars
|
||||||
|
run: |
|
||||||
|
echo "::set-output name=sha_short::$(git rev-parse --short HEAD)"
|
||||||
|
- name: ⚓ Build and push
|
||||||
|
uses: docker/build-push-action@v2
|
||||||
|
with:
|
||||||
|
context: .
|
||||||
|
file: ./Dockerfile.php7
|
||||||
|
pull: true
|
||||||
|
push: true
|
||||||
|
# build-args: |
|
||||||
|
# arg1=value1
|
||||||
|
# arg2=value2
|
||||||
|
cache-from: type=registry,ref=mashirozx/php-nginx:php7
|
||||||
|
cache-to: type=inline
|
||||||
|
tags: |
|
||||||
|
mashirozx/php-nginx:php7
|
||||||
|
mashirozx/php-nginx:php7-${{steps.vars.outputs.sha_short}}
|
43
.github/workflows/build-php8-arm.yml
vendored
Normal file
43
.github/workflows/build-php8-arm.yml
vendored
Normal file
@ -0,0 +1,43 @@
|
|||||||
|
name: Build PHP 8 ARM Image
|
||||||
|
|
||||||
|
on:
|
||||||
|
push:
|
||||||
|
branches:
|
||||||
|
- master
|
||||||
|
|
||||||
|
jobs:
|
||||||
|
docker-build:
|
||||||
|
runs-on: ubuntu-latest
|
||||||
|
|
||||||
|
steps:
|
||||||
|
- name: 🔍 Checkout code
|
||||||
|
uses: actions/checkout@v2
|
||||||
|
|
||||||
|
- name: 🏗️ Set up Docker Buildx
|
||||||
|
uses: docker/setup-buildx-action@v1
|
||||||
|
|
||||||
|
- name: 🔑 Login to DockerHub
|
||||||
|
uses: docker/login-action@v1
|
||||||
|
with:
|
||||||
|
username: ${{ secrets.DOCKERHUB_USERNAME }}
|
||||||
|
password: ${{ secrets.DOCKERHUB_TOKEN }}
|
||||||
|
|
||||||
|
- name: 🎃 Set up outputs
|
||||||
|
id: vars
|
||||||
|
run: |
|
||||||
|
echo "::set-output name=sha_short::$(git rev-parse --short HEAD)"
|
||||||
|
- name: ⚓ Build and push
|
||||||
|
uses: docker/build-push-action@v2
|
||||||
|
with:
|
||||||
|
context: .
|
||||||
|
file: ./Dockerfile.arm
|
||||||
|
pull: true
|
||||||
|
push: true
|
||||||
|
# build-args: |
|
||||||
|
# arg1=value1
|
||||||
|
# arg2=value2
|
||||||
|
cache-from: type=registry,ref=mashirozx/php-nginx:php8-arm
|
||||||
|
cache-to: type=inline
|
||||||
|
tags: |
|
||||||
|
mashirozx/php-nginx:php8-arm
|
||||||
|
mashirozx/php-nginx:php8-arm-${{steps.vars.outputs.sha_short}}
|
43
.github/workflows/build-php8.yml
vendored
Normal file
43
.github/workflows/build-php8.yml
vendored
Normal file
@ -0,0 +1,43 @@
|
|||||||
|
name: Build PHP 8 Image
|
||||||
|
|
||||||
|
on:
|
||||||
|
push:
|
||||||
|
branches:
|
||||||
|
- master
|
||||||
|
|
||||||
|
jobs:
|
||||||
|
docker-build:
|
||||||
|
runs-on: ubuntu-latest
|
||||||
|
|
||||||
|
steps:
|
||||||
|
- name: 🔍 Checkout code
|
||||||
|
uses: actions/checkout@v2
|
||||||
|
|
||||||
|
- name: 🏗️ Set up Docker Buildx
|
||||||
|
uses: docker/setup-buildx-action@v1
|
||||||
|
|
||||||
|
- name: 🔑 Login to DockerHub
|
||||||
|
uses: docker/login-action@v1
|
||||||
|
with:
|
||||||
|
username: ${{ secrets.DOCKERHUB_USERNAME }}
|
||||||
|
password: ${{ secrets.DOCKERHUB_TOKEN }}
|
||||||
|
|
||||||
|
- name: 🎃 Set up outputs
|
||||||
|
id: vars
|
||||||
|
run: |
|
||||||
|
echo "::set-output name=sha_short::$(git rev-parse --short HEAD)"
|
||||||
|
- name: ⚓ Build and push
|
||||||
|
uses: docker/build-push-action@v2
|
||||||
|
with:
|
||||||
|
context: .
|
||||||
|
file: ./Dockerfile
|
||||||
|
pull: true
|
||||||
|
push: true
|
||||||
|
# build-args: |
|
||||||
|
# arg1=value1
|
||||||
|
# arg2=value2
|
||||||
|
cache-from: type=registry,ref=mashirozx/php-nginx:php8
|
||||||
|
cache-to: type=inline
|
||||||
|
tags: |
|
||||||
|
mashirozx/php-nginx:php8
|
||||||
|
mashirozx/php-nginx:php8-${{steps.vars.outputs.sha_short}}
|
79
.github/workflows/build.yaml
vendored
Normal file
79
.github/workflows/build.yaml
vendored
Normal file
@ -0,0 +1,79 @@
|
|||||||
|
name: Test & build Docker image
|
||||||
|
|
||||||
|
on:
|
||||||
|
push:
|
||||||
|
branches: [ master-no ]
|
||||||
|
tags: ['*']
|
||||||
|
pull_request:
|
||||||
|
|
||||||
|
env:
|
||||||
|
IMAGE_NAME: trafex/php-nginx
|
||||||
|
IMAGE_TAG: ${{ github.sha }}
|
||||||
|
|
||||||
|
jobs:
|
||||||
|
build:
|
||||||
|
runs-on: ubuntu-latest
|
||||||
|
|
||||||
|
steps:
|
||||||
|
- name: Checkout
|
||||||
|
uses: actions/checkout@v2
|
||||||
|
|
||||||
|
- name: Set up QEMU
|
||||||
|
uses: docker/setup-qemu-action@v1
|
||||||
|
|
||||||
|
- name: Set up Docker Buildx
|
||||||
|
id: buildx
|
||||||
|
uses: docker/setup-buildx-action@v1
|
||||||
|
|
||||||
|
- name: Build image
|
||||||
|
run: |-
|
||||||
|
docker build -t $IMAGE_NAME:$IMAGE_TAG .
|
||||||
|
|
||||||
|
- name: Smoke test image
|
||||||
|
run: |-
|
||||||
|
docker-compose -f docker-compose.test.yml up -d app
|
||||||
|
sleep 2
|
||||||
|
docker-compose -f docker-compose.test.yml run sut
|
||||||
|
|
||||||
|
- name: Run Trivy vulnerability scanner
|
||||||
|
uses: aquasecurity/trivy-action@master
|
||||||
|
with:
|
||||||
|
image-ref: '${{ env.IMAGE_NAME }}:${{ github.sha }}'
|
||||||
|
format: 'template'
|
||||||
|
template: '@/contrib/sarif.tpl'
|
||||||
|
output: 'trivy-results.sarif'
|
||||||
|
|
||||||
|
- name: Upload Trivy scan results to GitHub Security tab
|
||||||
|
uses: github/codeql-action/upload-sarif@v1
|
||||||
|
with:
|
||||||
|
sarif_file: 'trivy-results.sarif'
|
||||||
|
|
||||||
|
- name: Login to Docker Hub
|
||||||
|
uses: docker/login-action@v1
|
||||||
|
with:
|
||||||
|
username: ${{ secrets.DOCKERHUB_USERNAME }}
|
||||||
|
password: ${{ secrets.DOCKERHUB_TOKEN }}
|
||||||
|
|
||||||
|
- name: Build multi-arch image and push latest tag
|
||||||
|
if: github.ref == 'refs/heads/master' && github.event_name == 'push'
|
||||||
|
run: |-
|
||||||
|
docker buildx build \
|
||||||
|
--cache-from=$IMAGE_NAME:latest \
|
||||||
|
--push \
|
||||||
|
-t $IMAGE_NAME:latest \
|
||||||
|
--platform linux/amd64,linux/arm64,linux/arm/v7,linux/arm/v6 \
|
||||||
|
.
|
||||||
|
|
||||||
|
- name: Set tag in environment
|
||||||
|
if: contains(github.ref, 'refs/tags/')
|
||||||
|
run: echo "RELEASE_VERSION=${GITHUB_REF#refs/*/}" >> $GITHUB_ENV
|
||||||
|
|
||||||
|
- name: Build multi-arch image and push release tag
|
||||||
|
if: contains(github.ref, 'refs/tags/')
|
||||||
|
run: |-
|
||||||
|
docker buildx build \
|
||||||
|
--cache-from=$IMAGE_NAME:latest \
|
||||||
|
--push \
|
||||||
|
-t $IMAGE_NAME:$RELEASE_VERSION \
|
||||||
|
--platform linux/amd64,linux/arm64,linux/arm/v7,linux/arm/v6 \
|
||||||
|
.
|
21
.github/workflows/dockerhub-description.yaml
vendored
Normal file
21
.github/workflows/dockerhub-description.yaml
vendored
Normal file
@ -0,0 +1,21 @@
|
|||||||
|
name: Update Docker Hub Description
|
||||||
|
on:
|
||||||
|
push:
|
||||||
|
branches:
|
||||||
|
- master-no
|
||||||
|
paths:
|
||||||
|
- README.md
|
||||||
|
- .github/workflows/dockerhub-description.yml
|
||||||
|
jobs:
|
||||||
|
dockerHubDescription:
|
||||||
|
runs-on: ubuntu-latest
|
||||||
|
steps:
|
||||||
|
- uses: actions/checkout@v2
|
||||||
|
|
||||||
|
- name: Docker Hub Description
|
||||||
|
uses: peter-evans/dockerhub-description@v2
|
||||||
|
with:
|
||||||
|
username: ${{ secrets.DOCKERHUB_USERNAME }}
|
||||||
|
password: ${{ secrets.DOCKERHUB_PASSWORD }}
|
||||||
|
repository: trafex/php-nginx
|
||||||
|
short-description: ${{ github.event.repository.description }}
|
19
CONTRIBUTING.md
Normal file
19
CONTRIBUTING.md
Normal file
@ -0,0 +1,19 @@
|
|||||||
|
# Contributing to this project
|
||||||
|
I love your input! I want to make contributing to this project as easy and transparent as possible.
|
||||||
|
|
||||||
|
## Report bugs using Github's [issues](https://github.com/TrafeX/docker-php-nginx/issues)
|
||||||
|
GitHub issues is used to track public bugs.
|
||||||
|
Report a bug by [opening a new issue](https://github.com/TrafeX/docker-php-nginx/issues/new); it's that easy!
|
||||||
|
|
||||||
|
### What to include in an issue?
|
||||||
|
- A quick summary and/or background
|
||||||
|
- Steps to reproduce
|
||||||
|
- Include what version of the image you are using
|
||||||
|
- Add the `Dockerfile` if you made any changes
|
||||||
|
- Include the command you used to run the container
|
||||||
|
- What you expected would happen
|
||||||
|
- What actually happens
|
||||||
|
- Notes (possibly including why you think this might be happening, or stuff you tried that didn't work)
|
||||||
|
|
||||||
|
## License
|
||||||
|
By contributing, you agree that your contributions will be licensed under its [MIT License](./LICENSE).
|
34
Dockerfile
34
Dockerfile
@ -1,12 +1,32 @@
|
|||||||
FROM alpine:3.13
|
FROM alpine:3.14
|
||||||
LABEL Maintainer="Tim de Pater <code@trafex.nl>" \
|
LABEL Maintainer="Tim de Pater <code@trafex.nl>"
|
||||||
Description="Lightweight container with Nginx 1.18 & PHP 8.0 based on Alpine Linux."
|
LABEL Description="Lightweight container with Nginx 1.20 & PHP 8.0 based on Alpine Linux."
|
||||||
|
|
||||||
# Install packages and remove default server definition
|
# Install packages and remove default server definition
|
||||||
RUN apk --no-cache add php8 php8-fpm php8-opcache php8-mysqli php8-json php8-openssl php8-curl \
|
RUN apk --no-cache add \
|
||||||
php8-zlib php8-xml php8-phar php8-intl php8-dom php8-xmlreader php8-ctype php8-session \
|
curl \
|
||||||
php8-mbstring php8-gd nginx supervisor curl && \
|
nginx \
|
||||||
rm /etc/nginx/conf.d/default.conf
|
php8 \
|
||||||
|
php8-ctype \
|
||||||
|
php8-curl \
|
||||||
|
php8-dom \
|
||||||
|
php8-fpm \
|
||||||
|
php8-gd \
|
||||||
|
php8-intl \
|
||||||
|
php8-json \
|
||||||
|
php8-mbstring \
|
||||||
|
php8-mysqli \
|
||||||
|
php8-opcache \
|
||||||
|
php8-openssl \
|
||||||
|
php8-phar \
|
||||||
|
php8-session \
|
||||||
|
php8-xml \
|
||||||
|
php8-xmlreader \
|
||||||
|
php8-zlib \
|
||||||
|
supervisor
|
||||||
|
|
||||||
|
# Create symlink so programs depending on `php` still function
|
||||||
|
RUN ln -s /usr/bin/php8 /usr/bin/php
|
||||||
|
|
||||||
# Configure nginx
|
# Configure nginx
|
||||||
COPY config/nginx.conf /etc/nginx/nginx.conf
|
COPY config/nginx.conf /etc/nginx/nginx.conf
|
||||||
|
64
Dockerfile.arm
Normal file
64
Dockerfile.arm
Normal file
@ -0,0 +1,64 @@
|
|||||||
|
FROM arm64v8/alpine:3.14
|
||||||
|
LABEL Maintainer="Tim de Pater <code@trafex.nl>"
|
||||||
|
LABEL Description="Lightweight container with Nginx 1.20 & PHP 8.0 based on Alpine Linux."
|
||||||
|
|
||||||
|
# Install packages and remove default server definition
|
||||||
|
RUN apk --no-cache add \
|
||||||
|
curl \
|
||||||
|
nginx \
|
||||||
|
php8 \
|
||||||
|
php8-ctype \
|
||||||
|
php8-curl \
|
||||||
|
php8-dom \
|
||||||
|
php8-fpm \
|
||||||
|
php8-gd \
|
||||||
|
php8-intl \
|
||||||
|
php8-json \
|
||||||
|
php8-mbstring \
|
||||||
|
php8-mysqli \
|
||||||
|
php8-opcache \
|
||||||
|
php8-openssl \
|
||||||
|
php8-phar \
|
||||||
|
php8-session \
|
||||||
|
php8-xml \
|
||||||
|
php8-xmlreader \
|
||||||
|
php8-zlib \
|
||||||
|
supervisor
|
||||||
|
|
||||||
|
# Create symlink so programs depending on `php` still function
|
||||||
|
RUN ln -s /usr/bin/php8 /usr/bin/php
|
||||||
|
|
||||||
|
# Configure nginx
|
||||||
|
COPY config/nginx.conf /etc/nginx/nginx.conf
|
||||||
|
|
||||||
|
# Configure PHP-FPM
|
||||||
|
COPY config/fpm-pool.conf /etc/php8/php-fpm.d/www.conf
|
||||||
|
COPY config/php.ini /etc/php8/conf.d/custom.ini
|
||||||
|
|
||||||
|
# Configure supervisord
|
||||||
|
COPY config/supervisord.conf /etc/supervisor/conf.d/supervisord.conf
|
||||||
|
|
||||||
|
# Setup document root
|
||||||
|
RUN mkdir -p /var/www/html
|
||||||
|
|
||||||
|
# Make sure files/folders needed by the processes are accessable when they run under the nobody user
|
||||||
|
RUN chown -R nobody.nobody /var/www/html && \
|
||||||
|
chown -R nobody.nobody /run && \
|
||||||
|
chown -R nobody.nobody /var/lib/nginx && \
|
||||||
|
chown -R nobody.nobody /var/log/nginx
|
||||||
|
|
||||||
|
# Switch to use a non-root user from here on
|
||||||
|
USER nobody
|
||||||
|
|
||||||
|
# Add application
|
||||||
|
WORKDIR /var/www/html
|
||||||
|
COPY --chown=nobody src/ /var/www/html/
|
||||||
|
|
||||||
|
# Expose the port nginx is reachable on
|
||||||
|
EXPOSE 8080
|
||||||
|
|
||||||
|
# Let supervisord start nginx & php-fpm
|
||||||
|
CMD ["/usr/bin/supervisord", "-c", "/etc/supervisor/conf.d/supervisord.conf"]
|
||||||
|
|
||||||
|
# Configure a healthcheck to validate that everything is up&running
|
||||||
|
HEALTHCHECK --timeout=10s CMD curl --silent --fail http://127.0.0.1:8080/fpm-ping
|
64
Dockerfile.php7
Normal file
64
Dockerfile.php7
Normal file
@ -0,0 +1,64 @@
|
|||||||
|
FROM alpine:3.14
|
||||||
|
LABEL Maintainer="Tim de Pater <code@trafex.nl>"
|
||||||
|
LABEL Description="Lightweight container with Nginx 1.20 & PHP 8.0 based on Alpine Linux."
|
||||||
|
|
||||||
|
# Install packages and remove default server definition
|
||||||
|
RUN apk --no-cache add \
|
||||||
|
curl \
|
||||||
|
nginx \
|
||||||
|
php7 \
|
||||||
|
php7-ctype \
|
||||||
|
php7-curl \
|
||||||
|
php7-dom \
|
||||||
|
php7-fpm \
|
||||||
|
php7-gd \
|
||||||
|
php7-intl \
|
||||||
|
php7-json \
|
||||||
|
php7-mbstring \
|
||||||
|
php7-mysqli \
|
||||||
|
php7-opcache \
|
||||||
|
php7-openssl \
|
||||||
|
php7-phar \
|
||||||
|
php7-session \
|
||||||
|
php7-xml \
|
||||||
|
php7-xmlreader \
|
||||||
|
php7-zlib \
|
||||||
|
supervisor
|
||||||
|
|
||||||
|
# Create symlink so programs depending on `php` still function
|
||||||
|
# RUN ln -s /usr/bin/php7 /usr/bin/php
|
||||||
|
|
||||||
|
# Configure nginx
|
||||||
|
COPY config/nginx.conf /etc/nginx/nginx.conf
|
||||||
|
|
||||||
|
# Configure PHP-FPM
|
||||||
|
COPY config/fpm-pool.conf /etc/php7/php-fpm.d/www.conf
|
||||||
|
COPY config/php.ini /etc/php7/conf.d/custom.ini
|
||||||
|
|
||||||
|
# Configure supervisord
|
||||||
|
COPY config/supervisord.php7.conf /etc/supervisor/conf.d/supervisord.conf
|
||||||
|
|
||||||
|
# Setup document root
|
||||||
|
RUN mkdir -p /var/www/html
|
||||||
|
|
||||||
|
# Make sure files/folders needed by the processes are accessable when they run under the nobody user
|
||||||
|
RUN chown -R nobody.nobody /var/www/html && \
|
||||||
|
chown -R nobody.nobody /run && \
|
||||||
|
chown -R nobody.nobody /var/lib/nginx && \
|
||||||
|
chown -R nobody.nobody /var/log/nginx
|
||||||
|
|
||||||
|
# Switch to use a non-root user from here on
|
||||||
|
USER nobody
|
||||||
|
|
||||||
|
# Add application
|
||||||
|
WORKDIR /var/www/html
|
||||||
|
COPY --chown=nobody src/ /var/www/html/
|
||||||
|
|
||||||
|
# Expose the port nginx is reachable on
|
||||||
|
EXPOSE 8080
|
||||||
|
|
||||||
|
# Let supervisord start nginx & php-fpm
|
||||||
|
CMD ["/usr/bin/supervisord", "-c", "/etc/supervisor/conf.d/supervisord.conf"]
|
||||||
|
|
||||||
|
# Configure a healthcheck to validate that everything is up&running
|
||||||
|
HEALTHCHECK --timeout=10s CMD curl --silent --fail http://127.0.0.1:8080/fpm-ping
|
64
Dockerfile.php7.arm
Normal file
64
Dockerfile.php7.arm
Normal file
@ -0,0 +1,64 @@
|
|||||||
|
FROM arm64v8/alpine:3.14
|
||||||
|
LABEL Maintainer="Tim de Pater <code@trafex.nl>"
|
||||||
|
LABEL Description="Lightweight container with Nginx 1.20 & PHP 8.0 based on Alpine Linux."
|
||||||
|
|
||||||
|
# Install packages and remove default server definition
|
||||||
|
RUN apk --no-cache add \
|
||||||
|
curl \
|
||||||
|
nginx \
|
||||||
|
php7 \
|
||||||
|
php7-ctype \
|
||||||
|
php7-curl \
|
||||||
|
php7-dom \
|
||||||
|
php7-fpm \
|
||||||
|
php7-gd \
|
||||||
|
php7-intl \
|
||||||
|
php7-json \
|
||||||
|
php7-mbstring \
|
||||||
|
php7-mysqli \
|
||||||
|
php7-opcache \
|
||||||
|
php7-openssl \
|
||||||
|
php7-phar \
|
||||||
|
php7-session \
|
||||||
|
php7-xml \
|
||||||
|
php7-xmlreader \
|
||||||
|
php7-zlib \
|
||||||
|
supervisor
|
||||||
|
|
||||||
|
# Create symlink so programs depending on `php` still function
|
||||||
|
# RUN ln -s /usr/bin/php7 /usr/bin/php
|
||||||
|
|
||||||
|
# Configure nginx
|
||||||
|
COPY config/nginx.conf /etc/nginx/nginx.conf
|
||||||
|
|
||||||
|
# Configure PHP-FPM
|
||||||
|
COPY config/fpm-pool.conf /etc/php7/php-fpm.d/www.conf
|
||||||
|
COPY config/php.ini /etc/php7/conf.d/custom.ini
|
||||||
|
|
||||||
|
# Configure supervisord
|
||||||
|
COPY config/supervisord.php7.conf /etc/supervisor/conf.d/supervisord.conf
|
||||||
|
|
||||||
|
# Setup document root
|
||||||
|
RUN mkdir -p /var/www/html
|
||||||
|
|
||||||
|
# Make sure files/folders needed by the processes are accessable when they run under the nobody user
|
||||||
|
RUN chown -R nobody.nobody /var/www/html && \
|
||||||
|
chown -R nobody.nobody /run && \
|
||||||
|
chown -R nobody.nobody /var/lib/nginx && \
|
||||||
|
chown -R nobody.nobody /var/log/nginx
|
||||||
|
|
||||||
|
# Switch to use a non-root user from here on
|
||||||
|
USER nobody
|
||||||
|
|
||||||
|
# Add application
|
||||||
|
WORKDIR /var/www/html
|
||||||
|
COPY --chown=nobody src/ /var/www/html/
|
||||||
|
|
||||||
|
# Expose the port nginx is reachable on
|
||||||
|
EXPOSE 8080
|
||||||
|
|
||||||
|
# Let supervisord start nginx & php-fpm
|
||||||
|
CMD ["/usr/bin/supervisord", "-c", "/etc/supervisor/conf.d/supervisord.conf"]
|
||||||
|
|
||||||
|
# Configure a healthcheck to validate that everything is up&running
|
||||||
|
HEALTHCHECK --timeout=10s CMD curl --silent --fail http://127.0.0.1:8080/fpm-ping
|
50
README.md
50
README.md
@ -1,45 +1,45 @@
|
|||||||
# Docker PHP-FPM 8.0 & Nginx 1.18 on Alpine Linux
|
# Docker PHP-FPM 8.0 & Nginx 1.20 on Alpine Linux
|
||||||
Example PHP-FPM 8.0 & Nginx 1.18 setup for Docker, build on [Alpine Linux](https://www.alpinelinux.org/).
|
Example PHP-FPM 8.0 & Nginx 1.20 container image for Docker, build on [Alpine Linux](https://www.alpinelinux.org/).
|
||||||
The image is only +/- 35MB large.
|
|
||||||
|
|
||||||
Repository: https://github.com/TrafeX/docker-php-nginx
|
Repository: https://github.com/TrafeX/docker-php-nginx
|
||||||
|
|
||||||
|
|
||||||
* Built on the lightweight and secure Alpine Linux distribution
|
* Built on the lightweight and secure Alpine Linux distribution
|
||||||
* Very small Docker image size (+/-35MB)
|
* Multi-platform, supporting AMD4, ARMv6, ARMv7, ARM64
|
||||||
|
* Very small Docker image size (+/-40MB)
|
||||||
* Uses PHP 8.0 for better performance, lower CPU usage & memory footprint
|
* Uses PHP 8.0 for better performance, lower CPU usage & memory footprint
|
||||||
* Optimized for 100 concurrent users
|
* Optimized for 100 concurrent users
|
||||||
* Optimized to only use resources when there's traffic (by using PHP-FPM's on-demand PM)
|
* Optimized to only use resources when there's traffic (by using PHP-FPM's `on-demand` process manager)
|
||||||
* The servers Nginx, PHP-FPM and supervisord run under a non-privileged user (nobody) to make it more secure
|
* The services Nginx, PHP-FPM and supervisord run under a non-privileged user (nobody) to make it more secure
|
||||||
* The logs of all the services are redirected to the output of the Docker container (visible with `docker logs -f <container name>`)
|
* The logs of all the services are redirected to the output of the Docker container (visible with `docker logs -f <container name>`)
|
||||||
* Follows the KISS principle (Keep It Simple, Stupid) to make it easy to understand and adjust the image to your needs
|
* Follows the KISS principle (Keep It Simple, Stupid) to make it easy to understand and adjust the image to your needs
|
||||||
|
|
||||||
|
[![Docker Pulls](https://img.shields.io/docker/pulls/trafex/php-nginx.svg)](https://hub.docker.com/r/trafex/php-nginx/)
|
||||||
[![Docker Pulls](https://img.shields.io/docker/pulls/trafex/alpine-nginx-php7.svg)](https://hub.docker.com/r/trafex/alpine-nginx-php7/)
|
![nginx 1.20](https://img.shields.io/badge/nginx-1.20-brightgreen.svg)
|
||||||
[![Docker image layers](https://images.microbadger.com/badges/image/trafex/alpine-nginx-php7.svg)](https://microbadger.com/images/trafex/alpine-nginx-php7)
|
|
||||||
![nginx 1.18.0](https://img.shields.io/badge/nginx-1.18-brightgreen.svg)
|
|
||||||
![php 8.0](https://img.shields.io/badge/php-8.0-brightgreen.svg)
|
![php 8.0](https://img.shields.io/badge/php-8.0-brightgreen.svg)
|
||||||
![License MIT](https://img.shields.io/badge/license-MIT-blue.svg)
|
![License MIT](https://img.shields.io/badge/license-MIT-blue.svg)
|
||||||
|
|
||||||
### Breaking changes (26/01/2019)
|
## Goal of this project
|
||||||
|
The goal of this container image is to provide an example for running Nginx and PHP-FPM in a container which follows
|
||||||
Please note that the new builds since 26/01/2019 are exposing a different port to access Nginx.
|
the best practices and is easy to understand and modify to your needs.
|
||||||
To be able to run Nginx as a non-privileged user, the port it's running on needed
|
|
||||||
to change to a non-privileged port (above 1024).
|
|
||||||
|
|
||||||
The last build of the old version that exposed port 80 was `trafex/alpine-nginx-php7:ba1dd422`
|
|
||||||
|
|
||||||
## Usage
|
## Usage
|
||||||
|
|
||||||
Start the Docker container:
|
Start the Docker container:
|
||||||
|
|
||||||
docker run -p 80:8080 trafex/alpine-nginx-php7
|
docker run -p 80:8080 trafex/php-nginx
|
||||||
|
|
||||||
See the PHP info on http://localhost, or the static html page on http://localhost/test.html
|
See the PHP info on http://localhost, or the static html page on http://localhost/test.html
|
||||||
|
|
||||||
Or mount your own code to be served by PHP-FPM & Nginx
|
Or mount your own code to be served by PHP-FPM & Nginx
|
||||||
|
|
||||||
docker run -p 80:8080 -v ~/my-codebase:/var/www/html trafex/alpine-nginx-php7
|
docker run -p 80:8080 -v ~/my-codebase:/var/www/html trafex/php-nginx
|
||||||
|
|
||||||
|
### Docker Hub repository name change
|
||||||
|
Since we switched to PHP8 the repository name [trafex/alpine-nginx-php7](https://hub.docker.com/r/trafex/alpine-nginx-php7) didn't make sense anymore.
|
||||||
|
Because you can't change the name of the repository on Docker Hub I created a new one.
|
||||||
|
|
||||||
|
From now on this image can be pulled from Docker Hub under the name [trafex/php-nginx](https://hub.docker.com/r/trafex/php-nginx).
|
||||||
|
|
||||||
## Configuration
|
## Configuration
|
||||||
In [config/](config/) you'll find the default configuration files for Nginx, PHP and PHP-FPM.
|
In [config/](config/) you'll find the default configuration files for Nginx, PHP and PHP-FPM.
|
||||||
@ -47,15 +47,15 @@ If you want to extend or customize that you can do so by mounting a configuratio
|
|||||||
|
|
||||||
Nginx configuration:
|
Nginx configuration:
|
||||||
|
|
||||||
docker run -v "`pwd`/nginx-server.conf:/etc/nginx/conf.d/server.conf" trafex/alpine-nginx-php7
|
docker run -v "`pwd`/nginx-server.conf:/etc/nginx/conf.d/server.conf" trafex/php-nginx
|
||||||
|
|
||||||
PHP configuration:
|
PHP configuration:
|
||||||
|
|
||||||
docker run -v "`pwd`/php-setting.ini:/etc/php7/conf.d/settings.ini" trafex/alpine-nginx-php7
|
docker run -v "`pwd`/php-setting.ini:/etc/php8/conf.d/settings.ini" trafex/php-nginx
|
||||||
|
|
||||||
PHP-FPM configuration:
|
PHP-FPM configuration:
|
||||||
|
|
||||||
docker run -v "`pwd`/php-fpm-settings.conf:/etc/php7/php-fpm.d/server.conf" trafex/alpine-nginx-php7
|
docker run -v "`pwd`/php-fpm-settings.conf:/etc/php8/php-fpm.d/server.conf" trafex/php-nginx
|
||||||
|
|
||||||
_Note; Because `-v` requires an absolute path I've added `pwd` in the example to return the absolute path to the current directory_
|
_Note; Because `-v` requires an absolute path I've added `pwd` in the example to return the absolute path to the current directory_
|
||||||
|
|
||||||
@ -64,8 +64,8 @@ _Note; Because `-v` requires an absolute path I've added `pwd` in the example to
|
|||||||
|
|
||||||
If you need [Composer](https://getcomposer.org/) in your project, here's an easy way to add it.
|
If you need [Composer](https://getcomposer.org/) in your project, here's an easy way to add it.
|
||||||
|
|
||||||
```dockerfile
|
```Dockerfile
|
||||||
FROM trafex/alpine-nginx-php7:latest
|
FROM trafex/php-nginx:latest
|
||||||
|
|
||||||
# Install composer from the official image
|
# Install composer from the official image
|
||||||
COPY --from=composer /usr/bin/composer /usr/bin/composer
|
COPY --from=composer /usr/bin/composer /usr/bin/composer
|
||||||
@ -93,6 +93,6 @@ RUN composer install \
|
|||||||
|
|
||||||
# continue stage build with the desired image and copy the source including the
|
# continue stage build with the desired image and copy the source including the
|
||||||
# dependencies downloaded by composer
|
# dependencies downloaded by composer
|
||||||
FROM trafex/alpine-nginx-php7
|
FROM trafex/php-nginx
|
||||||
COPY --chown=nginx --from=composer /app /var/www/html
|
COPY --chown=nginx --from=composer /app /var/www/html
|
||||||
```
|
```
|
||||||
|
13
SECURITY.md
Normal file
13
SECURITY.md
Normal file
@ -0,0 +1,13 @@
|
|||||||
|
# Security Policy
|
||||||
|
|
||||||
|
## Supported Versions
|
||||||
|
Only the latest version will be supported and receive security updates.
|
||||||
|
|
||||||
|
| Version | Supported |
|
||||||
|
| ------- | ------------------ |
|
||||||
|
| 2.x.x | :white_check_mark: |
|
||||||
|
| 1.x.x | :x: |
|
||||||
|
|
||||||
|
## Reporting a Vulnerability
|
||||||
|
Found a potential vulnerability? Report it by e-mail on security@trafex.nl.
|
||||||
|
|
23
config/supervisord.php7.conf
Normal file
23
config/supervisord.php7.conf
Normal file
@ -0,0 +1,23 @@
|
|||||||
|
[supervisord]
|
||||||
|
nodaemon=true
|
||||||
|
logfile=/dev/null
|
||||||
|
logfile_maxbytes=0
|
||||||
|
pidfile=/run/supervisord.pid
|
||||||
|
|
||||||
|
[program:php-fpm]
|
||||||
|
command=php-fpm7 -F
|
||||||
|
stdout_logfile=/dev/stdout
|
||||||
|
stdout_logfile_maxbytes=0
|
||||||
|
stderr_logfile=/dev/stderr
|
||||||
|
stderr_logfile_maxbytes=0
|
||||||
|
autorestart=false
|
||||||
|
startretries=0
|
||||||
|
|
||||||
|
[program:nginx]
|
||||||
|
command=nginx -g 'daemon off;'
|
||||||
|
stdout_logfile=/dev/stdout
|
||||||
|
stdout_logfile_maxbytes=0
|
||||||
|
stderr_logfile=/dev/stderr
|
||||||
|
stderr_logfile_maxbytes=0
|
||||||
|
autorestart=false
|
||||||
|
startretries=0
|
@ -1,6 +1,7 @@
|
|||||||
version: '3.5'
|
version: '3.5'
|
||||||
services:
|
services:
|
||||||
app:
|
app:
|
||||||
|
image: ${IMAGE_NAME}:${IMAGE_TAG}
|
||||||
build: .
|
build: .
|
||||||
sut:
|
sut:
|
||||||
image: alpine:3.13
|
image: alpine:3.13
|
||||||
|
Loading…
Reference in New Issue
Block a user