Compare commits

..

No commits in common. "master" and "1.10.0" have entirely different histories.

17 changed files with 39 additions and 579 deletions

View File

@ -1,43 +0,0 @@
name: Build PHP 7 ARM Image
on:
push:
branches:
- master
jobs:
docker-build:
runs-on: ubuntu-latest
steps:
- name: 🔍 Checkout code
uses: actions/checkout@v2
- name: 🏗️ Set up Docker Buildx
uses: docker/setup-buildx-action@v1
- name: 🔑 Login to DockerHub
uses: docker/login-action@v1
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}
- name: 🎃 Set up outputs
id: vars
run: |
echo "::set-output name=sha_short::$(git rev-parse --short HEAD)"
- name: ⚓ Build and push
uses: docker/build-push-action@v2
with:
context: .
file: ./Dockerfile.php7.arm
pull: true
push: true
# build-args: |
# arg1=value1
# arg2=value2
cache-from: type=registry,ref=mashirozx/php-nginx:php7-arm
cache-to: type=inline
tags: |
mashirozx/php-nginx:php7-arm
mashirozx/php-nginx:php7arm-${{steps.vars.outputs.sha_short}}

View File

@ -1,43 +0,0 @@
name: Build PHP 7 Image
on:
push:
branches:
- master
jobs:
docker-build:
runs-on: ubuntu-latest
steps:
- name: 🔍 Checkout code
uses: actions/checkout@v2
- name: 🏗️ Set up Docker Buildx
uses: docker/setup-buildx-action@v1
- name: 🔑 Login to DockerHub
uses: docker/login-action@v1
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}
- name: 🎃 Set up outputs
id: vars
run: |
echo "::set-output name=sha_short::$(git rev-parse --short HEAD)"
- name: ⚓ Build and push
uses: docker/build-push-action@v2
with:
context: .
file: ./Dockerfile.php7
pull: true
push: true
# build-args: |
# arg1=value1
# arg2=value2
cache-from: type=registry,ref=mashirozx/php-nginx:php7
cache-to: type=inline
tags: |
mashirozx/php-nginx:php7
mashirozx/php-nginx:php7-${{steps.vars.outputs.sha_short}}

View File

@ -1,43 +0,0 @@
name: Build PHP 8 ARM Image
on:
push:
branches:
- master
jobs:
docker-build:
runs-on: ubuntu-latest
steps:
- name: 🔍 Checkout code
uses: actions/checkout@v2
- name: 🏗️ Set up Docker Buildx
uses: docker/setup-buildx-action@v1
- name: 🔑 Login to DockerHub
uses: docker/login-action@v1
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}
- name: 🎃 Set up outputs
id: vars
run: |
echo "::set-output name=sha_short::$(git rev-parse --short HEAD)"
- name: ⚓ Build and push
uses: docker/build-push-action@v2
with:
context: .
file: ./Dockerfile.arm
pull: true
push: true
# build-args: |
# arg1=value1
# arg2=value2
cache-from: type=registry,ref=mashirozx/php-nginx:php8-arm
cache-to: type=inline
tags: |
mashirozx/php-nginx:php8-arm
mashirozx/php-nginx:php8-arm-${{steps.vars.outputs.sha_short}}

View File

@ -1,43 +0,0 @@
name: Build PHP 8 Image
on:
push:
branches:
- master
jobs:
docker-build:
runs-on: ubuntu-latest
steps:
- name: 🔍 Checkout code
uses: actions/checkout@v2
- name: 🏗️ Set up Docker Buildx
uses: docker/setup-buildx-action@v1
- name: 🔑 Login to DockerHub
uses: docker/login-action@v1
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}
- name: 🎃 Set up outputs
id: vars
run: |
echo "::set-output name=sha_short::$(git rev-parse --short HEAD)"
- name: ⚓ Build and push
uses: docker/build-push-action@v2
with:
context: .
file: ./Dockerfile
pull: true
push: true
# build-args: |
# arg1=value1
# arg2=value2
cache-from: type=registry,ref=mashirozx/php-nginx:php8
cache-to: type=inline
tags: |
mashirozx/php-nginx:php8
mashirozx/php-nginx:php8-${{steps.vars.outputs.sha_short}}

View File

@ -1,79 +0,0 @@
name: Test & build Docker image
on:
push:
branches: [ master-no ]
tags: ['*']
pull_request:
env:
IMAGE_NAME: trafex/php-nginx
IMAGE_TAG: ${{ github.sha }}
jobs:
build:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v2
- name: Set up QEMU
uses: docker/setup-qemu-action@v1
- name: Set up Docker Buildx
id: buildx
uses: docker/setup-buildx-action@v1
- name: Build image
run: |-
docker build -t $IMAGE_NAME:$IMAGE_TAG .
- name: Smoke test image
run: |-
docker-compose -f docker-compose.test.yml up -d app
sleep 2
docker-compose -f docker-compose.test.yml run sut
- name: Run Trivy vulnerability scanner
uses: aquasecurity/trivy-action@master
with:
image-ref: '${{ env.IMAGE_NAME }}:${{ github.sha }}'
format: 'template'
template: '@/contrib/sarif.tpl'
output: 'trivy-results.sarif'
- name: Upload Trivy scan results to GitHub Security tab
uses: github/codeql-action/upload-sarif@v1
with:
sarif_file: 'trivy-results.sarif'
- name: Login to Docker Hub
uses: docker/login-action@v1
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}
- name: Build multi-arch image and push latest tag
if: github.ref == 'refs/heads/master' && github.event_name == 'push'
run: |-
docker buildx build \
--cache-from=$IMAGE_NAME:latest \
--push \
-t $IMAGE_NAME:latest \
--platform linux/amd64,linux/arm64,linux/arm/v7,linux/arm/v6 \
.
- name: Set tag in environment
if: contains(github.ref, 'refs/tags/')
run: echo "RELEASE_VERSION=${GITHUB_REF#refs/*/}" >> $GITHUB_ENV
- name: Build multi-arch image and push release tag
if: contains(github.ref, 'refs/tags/')
run: |-
docker buildx build \
--cache-from=$IMAGE_NAME:latest \
--push \
-t $IMAGE_NAME:$RELEASE_VERSION \
--platform linux/amd64,linux/arm64,linux/arm/v7,linux/arm/v6 \
.

View File

@ -1,21 +0,0 @@
name: Update Docker Hub Description
on:
push:
branches:
- master-no
paths:
- README.md
- .github/workflows/dockerhub-description.yml
jobs:
dockerHubDescription:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- name: Docker Hub Description
uses: peter-evans/dockerhub-description@v2
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_PASSWORD }}
repository: trafex/php-nginx
short-description: ${{ github.event.repository.description }}

View File

@ -1,19 +0,0 @@
# Contributing to this project
I love your input! I want to make contributing to this project as easy and transparent as possible.
## Report bugs using Github's [issues](https://github.com/TrafeX/docker-php-nginx/issues)
GitHub issues is used to track public bugs.
Report a bug by [opening a new issue](https://github.com/TrafeX/docker-php-nginx/issues/new); it's that easy!
### What to include in an issue?
- A quick summary and/or background
- Steps to reproduce
- Include what version of the image you are using
- Add the `Dockerfile` if you made any changes
- Include the command you used to run the container
- What you expected would happen
- What actually happens
- Notes (possibly including why you think this might be happening, or stuff you tried that didn't work)
## License
By contributing, you agree that your contributions will be licensed under its [MIT License](./LICENSE).

View File

@ -1,39 +1,19 @@
FROM alpine:3.14
LABEL Maintainer="Tim de Pater <code@trafex.nl>"
LABEL Description="Lightweight container with Nginx 1.20 & PHP 8.0 based on Alpine Linux."
FROM alpine:3.13
LABEL Maintainer="Tim de Pater <code@trafex.nl>" \
Description="Lightweight container with Nginx 1.18 & PHP 7.4 based on Alpine Linux."
# Install packages and remove default server definition
RUN apk --no-cache add \
curl \
nginx \
php8 \
php8-ctype \
php8-curl \
php8-dom \
php8-fpm \
php8-gd \
php8-intl \
php8-json \
php8-mbstring \
php8-mysqli \
php8-opcache \
php8-openssl \
php8-phar \
php8-session \
php8-xml \
php8-xmlreader \
php8-zlib \
supervisor
# Create symlink so programs depending on `php` still function
RUN ln -s /usr/bin/php8 /usr/bin/php
RUN apk --no-cache add php7 php7-fpm php7-opcache php7-mysqli php7-json php7-openssl php7-curl \
php7-zlib php7-xml php7-phar php7-intl php7-dom php7-xmlreader php7-ctype php7-session \
php7-mbstring php7-gd nginx supervisor curl && \
rm /etc/nginx/conf.d/default.conf
# Configure nginx
COPY config/nginx.conf /etc/nginx/nginx.conf
# Configure PHP-FPM
COPY config/fpm-pool.conf /etc/php8/php-fpm.d/www.conf
COPY config/php.ini /etc/php8/conf.d/custom.ini
COPY config/fpm-pool.conf /etc/php7/php-fpm.d/www.conf
COPY config/php.ini /etc/php7/conf.d/custom.ini
# Configure supervisord
COPY config/supervisord.conf /etc/supervisor/conf.d/supervisord.conf

View File

@ -1,64 +0,0 @@
FROM arm64v8/alpine:3.14
LABEL Maintainer="Tim de Pater <code@trafex.nl>"
LABEL Description="Lightweight container with Nginx 1.20 & PHP 8.0 based on Alpine Linux."
# Install packages and remove default server definition
RUN apk --no-cache add \
curl \
nginx \
php8 \
php8-ctype \
php8-curl \
php8-dom \
php8-fpm \
php8-gd \
php8-intl \
php8-json \
php8-mbstring \
php8-mysqli \
php8-opcache \
php8-openssl \
php8-phar \
php8-session \
php8-xml \
php8-xmlreader \
php8-zlib \
supervisor
# Create symlink so programs depending on `php` still function
RUN ln -s /usr/bin/php8 /usr/bin/php
# Configure nginx
COPY config/nginx.conf /etc/nginx/nginx.conf
# Configure PHP-FPM
COPY config/fpm-pool.conf /etc/php8/php-fpm.d/www.conf
COPY config/php.ini /etc/php8/conf.d/custom.ini
# Configure supervisord
COPY config/supervisord.conf /etc/supervisor/conf.d/supervisord.conf
# Setup document root
RUN mkdir -p /var/www/html
# Make sure files/folders needed by the processes are accessable when they run under the nobody user
RUN chown -R nobody.nobody /var/www/html && \
chown -R nobody.nobody /run && \
chown -R nobody.nobody /var/lib/nginx && \
chown -R nobody.nobody /var/log/nginx
# Switch to use a non-root user from here on
USER nobody
# Add application
WORKDIR /var/www/html
COPY --chown=nobody src/ /var/www/html/
# Expose the port nginx is reachable on
EXPOSE 8080
# Let supervisord start nginx & php-fpm
CMD ["/usr/bin/supervisord", "-c", "/etc/supervisor/conf.d/supervisord.conf"]
# Configure a healthcheck to validate that everything is up&running
HEALTHCHECK --timeout=10s CMD curl --silent --fail http://127.0.0.1:8080/fpm-ping

View File

@ -1,64 +0,0 @@
FROM alpine:3.14
LABEL Maintainer="Tim de Pater <code@trafex.nl>"
LABEL Description="Lightweight container with Nginx 1.20 & PHP 8.0 based on Alpine Linux."
# Install packages and remove default server definition
RUN apk --no-cache add \
curl \
nginx \
php7 \
php7-ctype \
php7-curl \
php7-dom \
php7-fpm \
php7-gd \
php7-intl \
php7-json \
php7-mbstring \
php7-mysqli \
php7-opcache \
php7-openssl \
php7-phar \
php7-session \
php7-xml \
php7-xmlreader \
php7-zlib \
supervisor
# Create symlink so programs depending on `php` still function
# RUN ln -s /usr/bin/php7 /usr/bin/php
# Configure nginx
COPY config/nginx.conf /etc/nginx/nginx.conf
# Configure PHP-FPM
COPY config/fpm-pool.conf /etc/php7/php-fpm.d/www.conf
COPY config/php.ini /etc/php7/conf.d/custom.ini
# Configure supervisord
COPY config/supervisord.php7.conf /etc/supervisor/conf.d/supervisord.conf
# Setup document root
RUN mkdir -p /var/www/html
# Make sure files/folders needed by the processes are accessable when they run under the nobody user
RUN chown -R nobody.nobody /var/www/html && \
chown -R nobody.nobody /run && \
chown -R nobody.nobody /var/lib/nginx && \
chown -R nobody.nobody /var/log/nginx
# Switch to use a non-root user from here on
USER nobody
# Add application
WORKDIR /var/www/html
COPY --chown=nobody src/ /var/www/html/
# Expose the port nginx is reachable on
EXPOSE 8080
# Let supervisord start nginx & php-fpm
CMD ["/usr/bin/supervisord", "-c", "/etc/supervisor/conf.d/supervisord.conf"]
# Configure a healthcheck to validate that everything is up&running
HEALTHCHECK --timeout=10s CMD curl --silent --fail http://127.0.0.1:8080/fpm-ping

View File

@ -1,64 +0,0 @@
FROM arm64v8/alpine:3.14
LABEL Maintainer="Tim de Pater <code@trafex.nl>"
LABEL Description="Lightweight container with Nginx 1.20 & PHP 8.0 based on Alpine Linux."
# Install packages and remove default server definition
RUN apk --no-cache add \
curl \
nginx \
php7 \
php7-ctype \
php7-curl \
php7-dom \
php7-fpm \
php7-gd \
php7-intl \
php7-json \
php7-mbstring \
php7-mysqli \
php7-opcache \
php7-openssl \
php7-phar \
php7-session \
php7-xml \
php7-xmlreader \
php7-zlib \
supervisor
# Create symlink so programs depending on `php` still function
# RUN ln -s /usr/bin/php7 /usr/bin/php
# Configure nginx
COPY config/nginx.conf /etc/nginx/nginx.conf
# Configure PHP-FPM
COPY config/fpm-pool.conf /etc/php7/php-fpm.d/www.conf
COPY config/php.ini /etc/php7/conf.d/custom.ini
# Configure supervisord
COPY config/supervisord.php7.conf /etc/supervisor/conf.d/supervisord.conf
# Setup document root
RUN mkdir -p /var/www/html
# Make sure files/folders needed by the processes are accessable when they run under the nobody user
RUN chown -R nobody.nobody /var/www/html && \
chown -R nobody.nobody /run && \
chown -R nobody.nobody /var/lib/nginx && \
chown -R nobody.nobody /var/log/nginx
# Switch to use a non-root user from here on
USER nobody
# Add application
WORKDIR /var/www/html
COPY --chown=nobody src/ /var/www/html/
# Expose the port nginx is reachable on
EXPOSE 8080
# Let supervisord start nginx & php-fpm
CMD ["/usr/bin/supervisord", "-c", "/etc/supervisor/conf.d/supervisord.conf"]
# Configure a healthcheck to validate that everything is up&running
HEALTHCHECK --timeout=10s CMD curl --silent --fail http://127.0.0.1:8080/fpm-ping

View File

@ -1,45 +1,45 @@
# Docker PHP-FPM 8.0 & Nginx 1.20 on Alpine Linux
Example PHP-FPM 8.0 & Nginx 1.20 container image for Docker, build on [Alpine Linux](https://www.alpinelinux.org/).
# Docker PHP-FPM 7.4 & Nginx 1.18 on Alpine Linux
Example PHP-FPM 7.4 & Nginx 1.18 setup for Docker, build on [Alpine Linux](https://www.alpinelinux.org/).
The image is only +/- 35MB large.
Repository: https://github.com/TrafeX/docker-php-nginx
* Built on the lightweight and secure Alpine Linux distribution
* Multi-platform, supporting AMD4, ARMv6, ARMv7, ARM64
* Very small Docker image size (+/-40MB)
* Uses PHP 8.0 for better performance, lower CPU usage & memory footprint
* Very small Docker image size (+/-35MB)
* Uses PHP 7.4 for better performance, lower CPU usage & memory footprint
* Optimized for 100 concurrent users
* Optimized to only use resources when there's traffic (by using PHP-FPM's `on-demand` process manager)
* The services Nginx, PHP-FPM and supervisord run under a non-privileged user (nobody) to make it more secure
* Optimized to only use resources when there's traffic (by using PHP-FPM's on-demand PM)
* The servers Nginx, PHP-FPM and supervisord run under a non-privileged user (nobody) to make it more secure
* The logs of all the services are redirected to the output of the Docker container (visible with `docker logs -f <container name>`)
* Follows the KISS principle (Keep It Simple, Stupid) to make it easy to understand and adjust the image to your needs
[![Docker Pulls](https://img.shields.io/docker/pulls/trafex/php-nginx.svg)](https://hub.docker.com/r/trafex/php-nginx/)
![nginx 1.20](https://img.shields.io/badge/nginx-1.20-brightgreen.svg)
![php 8.0](https://img.shields.io/badge/php-8.0-brightgreen.svg)
[![Docker Pulls](https://img.shields.io/docker/pulls/trafex/alpine-nginx-php7.svg)](https://hub.docker.com/r/trafex/alpine-nginx-php7/)
[![Docker image layers](https://images.microbadger.com/badges/image/trafex/alpine-nginx-php7.svg)](https://microbadger.com/images/trafex/alpine-nginx-php7)
![nginx 1.18.0](https://img.shields.io/badge/nginx-1.18-brightgreen.svg)
![php 7.4](https://img.shields.io/badge/php-7.4-brightgreen.svg)
![License MIT](https://img.shields.io/badge/license-MIT-blue.svg)
## Goal of this project
The goal of this container image is to provide an example for running Nginx and PHP-FPM in a container which follows
the best practices and is easy to understand and modify to your needs.
### Breaking changes (26/01/2019)
Please note that the new builds since 26/01/2019 are exposing a different port to access Nginx.
To be able to run Nginx as a non-privileged user, the port it's running on needed
to change to a non-privileged port (above 1024).
The last build of the old version that exposed port 80 was `trafex/alpine-nginx-php7:ba1dd422`
## Usage
Start the Docker container:
docker run -p 80:8080 trafex/php-nginx
docker run -p 80:8080 trafex/alpine-nginx-php7
See the PHP info on http://localhost, or the static html page on http://localhost/test.html
Or mount your own code to be served by PHP-FPM & Nginx
docker run -p 80:8080 -v ~/my-codebase:/var/www/html trafex/php-nginx
### Docker Hub repository name change
Since we switched to PHP8 the repository name [trafex/alpine-nginx-php7](https://hub.docker.com/r/trafex/alpine-nginx-php7) didn't make sense anymore.
Because you can't change the name of the repository on Docker Hub I created a new one.
From now on this image can be pulled from Docker Hub under the name [trafex/php-nginx](https://hub.docker.com/r/trafex/php-nginx).
docker run -p 80:8080 -v ~/my-codebase:/var/www/html trafex/alpine-nginx-php7
## Configuration
In [config/](config/) you'll find the default configuration files for Nginx, PHP and PHP-FPM.
@ -47,15 +47,15 @@ If you want to extend or customize that you can do so by mounting a configuratio
Nginx configuration:
docker run -v "`pwd`/nginx-server.conf:/etc/nginx/conf.d/server.conf" trafex/php-nginx
docker run -v "`pwd`/nginx-server.conf:/etc/nginx/conf.d/server.conf" trafex/alpine-nginx-php7
PHP configuration:
docker run -v "`pwd`/php-setting.ini:/etc/php8/conf.d/settings.ini" trafex/php-nginx
docker run -v "`pwd`/php-setting.ini:/etc/php7/conf.d/settings.ini" trafex/alpine-nginx-php7
PHP-FPM configuration:
docker run -v "`pwd`/php-fpm-settings.conf:/etc/php8/php-fpm.d/server.conf" trafex/php-nginx
docker run -v "`pwd`/php-fpm-settings.conf:/etc/php7/php-fpm.d/server.conf" trafex/alpine-nginx-php7
_Note; Because `-v` requires an absolute path I've added `pwd` in the example to return the absolute path to the current directory_
@ -64,8 +64,8 @@ _Note; Because `-v` requires an absolute path I've added `pwd` in the example to
If you need [Composer](https://getcomposer.org/) in your project, here's an easy way to add it.
```Dockerfile
FROM trafex/php-nginx:latest
```dockerfile
FROM trafex/alpine-nginx-php7:latest
# Install composer from the official image
COPY --from=composer /usr/bin/composer /usr/bin/composer
@ -93,6 +93,6 @@ RUN composer install \
# continue stage build with the desired image and copy the source including the
# dependencies downloaded by composer
FROM trafex/php-nginx
FROM trafex/alpine-nginx-php7
COPY --chown=nginx --from=composer /app /var/www/html
```

View File

@ -1,13 +0,0 @@
# Security Policy
## Supported Versions
Only the latest version will be supported and receive security updates.
| Version | Supported |
| ------- | ------------------ |
| 2.x.x | :white_check_mark: |
| 1.x.x | :x: |
## Reporting a Vulnerability
Found a potential vulnerability? Report it by e-mail on security@trafex.nl.

View File

@ -5,7 +5,7 @@ logfile_maxbytes=0
pidfile=/run/supervisord.pid
[program:php-fpm]
command=php-fpm8 -F
command=php-fpm7 -F
stdout_logfile=/dev/stdout
stdout_logfile_maxbytes=0
stderr_logfile=/dev/stderr

View File

@ -1,23 +0,0 @@
[supervisord]
nodaemon=true
logfile=/dev/null
logfile_maxbytes=0
pidfile=/run/supervisord.pid
[program:php-fpm]
command=php-fpm7 -F
stdout_logfile=/dev/stdout
stdout_logfile_maxbytes=0
stderr_logfile=/dev/stderr
stderr_logfile_maxbytes=0
autorestart=false
startretries=0
[program:nginx]
command=nginx -g 'daemon off;'
stdout_logfile=/dev/stdout
stdout_logfile_maxbytes=0
stderr_logfile=/dev/stderr
stderr_logfile_maxbytes=0
autorestart=false
startretries=0

View File

@ -1,10 +1,9 @@
version: '3.5'
services:
app:
image: ${IMAGE_NAME}:${IMAGE_TAG}
build: .
sut:
image: alpine:3.13
image: alpine:3.12
depends_on:
- app
command: /tmp/run_tests.sh

View File

@ -1,3 +1,3 @@
#!/usr/bin/env sh
apk --no-cache add curl
curl --silent --fail http://app:8080 | grep 'PHP 8.0'
curl --silent --fail http://app:8080 | grep 'PHP 7.4'