mirror of
https://github.com/mashirozx/docker-php-nginx.git
synced 2024-11-01 12:38:15 +08:00
Compare commits
No commits in common. "master" and "1.6.0" have entirely different histories.
43
.github/workflows/build-php7-arm.yml
vendored
43
.github/workflows/build-php7-arm.yml
vendored
@ -1,43 +0,0 @@
|
||||
name: Build PHP 7 ARM Image
|
||||
|
||||
on:
|
||||
push:
|
||||
branches:
|
||||
- master
|
||||
|
||||
jobs:
|
||||
docker-build:
|
||||
runs-on: ubuntu-latest
|
||||
|
||||
steps:
|
||||
- name: 🔍 Checkout code
|
||||
uses: actions/checkout@v2
|
||||
|
||||
- name: 🏗️ Set up Docker Buildx
|
||||
uses: docker/setup-buildx-action@v1
|
||||
|
||||
- name: 🔑 Login to DockerHub
|
||||
uses: docker/login-action@v1
|
||||
with:
|
||||
username: ${{ secrets.DOCKERHUB_USERNAME }}
|
||||
password: ${{ secrets.DOCKERHUB_TOKEN }}
|
||||
|
||||
- name: 🎃 Set up outputs
|
||||
id: vars
|
||||
run: |
|
||||
echo "::set-output name=sha_short::$(git rev-parse --short HEAD)"
|
||||
- name: ⚓ Build and push
|
||||
uses: docker/build-push-action@v2
|
||||
with:
|
||||
context: .
|
||||
file: ./Dockerfile.php7.arm
|
||||
pull: true
|
||||
push: true
|
||||
# build-args: |
|
||||
# arg1=value1
|
||||
# arg2=value2
|
||||
cache-from: type=registry,ref=mashirozx/php-nginx:php7-arm
|
||||
cache-to: type=inline
|
||||
tags: |
|
||||
mashirozx/php-nginx:php7-arm
|
||||
mashirozx/php-nginx:php7arm-${{steps.vars.outputs.sha_short}}
|
43
.github/workflows/build-php7.yml
vendored
43
.github/workflows/build-php7.yml
vendored
@ -1,43 +0,0 @@
|
||||
name: Build PHP 7 Image
|
||||
|
||||
on:
|
||||
push:
|
||||
branches:
|
||||
- master
|
||||
|
||||
jobs:
|
||||
docker-build:
|
||||
runs-on: ubuntu-latest
|
||||
|
||||
steps:
|
||||
- name: 🔍 Checkout code
|
||||
uses: actions/checkout@v2
|
||||
|
||||
- name: 🏗️ Set up Docker Buildx
|
||||
uses: docker/setup-buildx-action@v1
|
||||
|
||||
- name: 🔑 Login to DockerHub
|
||||
uses: docker/login-action@v1
|
||||
with:
|
||||
username: ${{ secrets.DOCKERHUB_USERNAME }}
|
||||
password: ${{ secrets.DOCKERHUB_TOKEN }}
|
||||
|
||||
- name: 🎃 Set up outputs
|
||||
id: vars
|
||||
run: |
|
||||
echo "::set-output name=sha_short::$(git rev-parse --short HEAD)"
|
||||
- name: ⚓ Build and push
|
||||
uses: docker/build-push-action@v2
|
||||
with:
|
||||
context: .
|
||||
file: ./Dockerfile.php7
|
||||
pull: true
|
||||
push: true
|
||||
# build-args: |
|
||||
# arg1=value1
|
||||
# arg2=value2
|
||||
cache-from: type=registry,ref=mashirozx/php-nginx:php7
|
||||
cache-to: type=inline
|
||||
tags: |
|
||||
mashirozx/php-nginx:php7
|
||||
mashirozx/php-nginx:php7-${{steps.vars.outputs.sha_short}}
|
43
.github/workflows/build-php8-arm.yml
vendored
43
.github/workflows/build-php8-arm.yml
vendored
@ -1,43 +0,0 @@
|
||||
name: Build PHP 8 ARM Image
|
||||
|
||||
on:
|
||||
push:
|
||||
branches:
|
||||
- master
|
||||
|
||||
jobs:
|
||||
docker-build:
|
||||
runs-on: ubuntu-latest
|
||||
|
||||
steps:
|
||||
- name: 🔍 Checkout code
|
||||
uses: actions/checkout@v2
|
||||
|
||||
- name: 🏗️ Set up Docker Buildx
|
||||
uses: docker/setup-buildx-action@v1
|
||||
|
||||
- name: 🔑 Login to DockerHub
|
||||
uses: docker/login-action@v1
|
||||
with:
|
||||
username: ${{ secrets.DOCKERHUB_USERNAME }}
|
||||
password: ${{ secrets.DOCKERHUB_TOKEN }}
|
||||
|
||||
- name: 🎃 Set up outputs
|
||||
id: vars
|
||||
run: |
|
||||
echo "::set-output name=sha_short::$(git rev-parse --short HEAD)"
|
||||
- name: ⚓ Build and push
|
||||
uses: docker/build-push-action@v2
|
||||
with:
|
||||
context: .
|
||||
file: ./Dockerfile.arm
|
||||
pull: true
|
||||
push: true
|
||||
# build-args: |
|
||||
# arg1=value1
|
||||
# arg2=value2
|
||||
cache-from: type=registry,ref=mashirozx/php-nginx:php8-arm
|
||||
cache-to: type=inline
|
||||
tags: |
|
||||
mashirozx/php-nginx:php8-arm
|
||||
mashirozx/php-nginx:php8-arm-${{steps.vars.outputs.sha_short}}
|
43
.github/workflows/build-php8.yml
vendored
43
.github/workflows/build-php8.yml
vendored
@ -1,43 +0,0 @@
|
||||
name: Build PHP 8 Image
|
||||
|
||||
on:
|
||||
push:
|
||||
branches:
|
||||
- master
|
||||
|
||||
jobs:
|
||||
docker-build:
|
||||
runs-on: ubuntu-latest
|
||||
|
||||
steps:
|
||||
- name: 🔍 Checkout code
|
||||
uses: actions/checkout@v2
|
||||
|
||||
- name: 🏗️ Set up Docker Buildx
|
||||
uses: docker/setup-buildx-action@v1
|
||||
|
||||
- name: 🔑 Login to DockerHub
|
||||
uses: docker/login-action@v1
|
||||
with:
|
||||
username: ${{ secrets.DOCKERHUB_USERNAME }}
|
||||
password: ${{ secrets.DOCKERHUB_TOKEN }}
|
||||
|
||||
- name: 🎃 Set up outputs
|
||||
id: vars
|
||||
run: |
|
||||
echo "::set-output name=sha_short::$(git rev-parse --short HEAD)"
|
||||
- name: ⚓ Build and push
|
||||
uses: docker/build-push-action@v2
|
||||
with:
|
||||
context: .
|
||||
file: ./Dockerfile
|
||||
pull: true
|
||||
push: true
|
||||
# build-args: |
|
||||
# arg1=value1
|
||||
# arg2=value2
|
||||
cache-from: type=registry,ref=mashirozx/php-nginx:php8
|
||||
cache-to: type=inline
|
||||
tags: |
|
||||
mashirozx/php-nginx:php8
|
||||
mashirozx/php-nginx:php8-${{steps.vars.outputs.sha_short}}
|
79
.github/workflows/build.yaml
vendored
79
.github/workflows/build.yaml
vendored
@ -1,79 +0,0 @@
|
||||
name: Test & build Docker image
|
||||
|
||||
on:
|
||||
push:
|
||||
branches: [ master-no ]
|
||||
tags: ['*']
|
||||
pull_request:
|
||||
|
||||
env:
|
||||
IMAGE_NAME: trafex/php-nginx
|
||||
IMAGE_TAG: ${{ github.sha }}
|
||||
|
||||
jobs:
|
||||
build:
|
||||
runs-on: ubuntu-latest
|
||||
|
||||
steps:
|
||||
- name: Checkout
|
||||
uses: actions/checkout@v2
|
||||
|
||||
- name: Set up QEMU
|
||||
uses: docker/setup-qemu-action@v1
|
||||
|
||||
- name: Set up Docker Buildx
|
||||
id: buildx
|
||||
uses: docker/setup-buildx-action@v1
|
||||
|
||||
- name: Build image
|
||||
run: |-
|
||||
docker build -t $IMAGE_NAME:$IMAGE_TAG .
|
||||
|
||||
- name: Smoke test image
|
||||
run: |-
|
||||
docker-compose -f docker-compose.test.yml up -d app
|
||||
sleep 2
|
||||
docker-compose -f docker-compose.test.yml run sut
|
||||
|
||||
- name: Run Trivy vulnerability scanner
|
||||
uses: aquasecurity/trivy-action@master
|
||||
with:
|
||||
image-ref: '${{ env.IMAGE_NAME }}:${{ github.sha }}'
|
||||
format: 'template'
|
||||
template: '@/contrib/sarif.tpl'
|
||||
output: 'trivy-results.sarif'
|
||||
|
||||
- name: Upload Trivy scan results to GitHub Security tab
|
||||
uses: github/codeql-action/upload-sarif@v1
|
||||
with:
|
||||
sarif_file: 'trivy-results.sarif'
|
||||
|
||||
- name: Login to Docker Hub
|
||||
uses: docker/login-action@v1
|
||||
with:
|
||||
username: ${{ secrets.DOCKERHUB_USERNAME }}
|
||||
password: ${{ secrets.DOCKERHUB_TOKEN }}
|
||||
|
||||
- name: Build multi-arch image and push latest tag
|
||||
if: github.ref == 'refs/heads/master' && github.event_name == 'push'
|
||||
run: |-
|
||||
docker buildx build \
|
||||
--cache-from=$IMAGE_NAME:latest \
|
||||
--push \
|
||||
-t $IMAGE_NAME:latest \
|
||||
--platform linux/amd64,linux/arm64,linux/arm/v7,linux/arm/v6 \
|
||||
.
|
||||
|
||||
- name: Set tag in environment
|
||||
if: contains(github.ref, 'refs/tags/')
|
||||
run: echo "RELEASE_VERSION=${GITHUB_REF#refs/*/}" >> $GITHUB_ENV
|
||||
|
||||
- name: Build multi-arch image and push release tag
|
||||
if: contains(github.ref, 'refs/tags/')
|
||||
run: |-
|
||||
docker buildx build \
|
||||
--cache-from=$IMAGE_NAME:latest \
|
||||
--push \
|
||||
-t $IMAGE_NAME:$RELEASE_VERSION \
|
||||
--platform linux/amd64,linux/arm64,linux/arm/v7,linux/arm/v6 \
|
||||
.
|
21
.github/workflows/dockerhub-description.yaml
vendored
21
.github/workflows/dockerhub-description.yaml
vendored
@ -1,21 +0,0 @@
|
||||
name: Update Docker Hub Description
|
||||
on:
|
||||
push:
|
||||
branches:
|
||||
- master-no
|
||||
paths:
|
||||
- README.md
|
||||
- .github/workflows/dockerhub-description.yml
|
||||
jobs:
|
||||
dockerHubDescription:
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- uses: actions/checkout@v2
|
||||
|
||||
- name: Docker Hub Description
|
||||
uses: peter-evans/dockerhub-description@v2
|
||||
with:
|
||||
username: ${{ secrets.DOCKERHUB_USERNAME }}
|
||||
password: ${{ secrets.DOCKERHUB_PASSWORD }}
|
||||
repository: trafex/php-nginx
|
||||
short-description: ${{ github.event.repository.description }}
|
@ -1,19 +0,0 @@
|
||||
# Contributing to this project
|
||||
I love your input! I want to make contributing to this project as easy and transparent as possible.
|
||||
|
||||
## Report bugs using Github's [issues](https://github.com/TrafeX/docker-php-nginx/issues)
|
||||
GitHub issues is used to track public bugs.
|
||||
Report a bug by [opening a new issue](https://github.com/TrafeX/docker-php-nginx/issues/new); it's that easy!
|
||||
|
||||
### What to include in an issue?
|
||||
- A quick summary and/or background
|
||||
- Steps to reproduce
|
||||
- Include what version of the image you are using
|
||||
- Add the `Dockerfile` if you made any changes
|
||||
- Include the command you used to run the container
|
||||
- What you expected would happen
|
||||
- What actually happens
|
||||
- Notes (possibly including why you think this might be happening, or stuff you tried that didn't work)
|
||||
|
||||
## License
|
||||
By contributing, you agree that your contributions will be licensed under its [MIT License](./LICENSE).
|
41
Dockerfile
41
Dockerfile
@ -1,39 +1,20 @@
|
||||
FROM alpine:3.14
|
||||
LABEL Maintainer="Tim de Pater <code@trafex.nl>"
|
||||
LABEL Description="Lightweight container with Nginx 1.20 & PHP 8.0 based on Alpine Linux."
|
||||
FROM alpine:3.11
|
||||
LABEL Maintainer="Tim de Pater <code@trafex.nl>" \
|
||||
Description="Lightweight container with Nginx 1.16 & PHP-FPM 7.3 based on Alpine Linux."
|
||||
|
||||
# Install packages and remove default server definition
|
||||
RUN apk --no-cache add \
|
||||
curl \
|
||||
nginx \
|
||||
php8 \
|
||||
php8-ctype \
|
||||
php8-curl \
|
||||
php8-dom \
|
||||
php8-fpm \
|
||||
php8-gd \
|
||||
php8-intl \
|
||||
php8-json \
|
||||
php8-mbstring \
|
||||
php8-mysqli \
|
||||
php8-opcache \
|
||||
php8-openssl \
|
||||
php8-phar \
|
||||
php8-session \
|
||||
php8-xml \
|
||||
php8-xmlreader \
|
||||
php8-zlib \
|
||||
supervisor
|
||||
|
||||
# Create symlink so programs depending on `php` still function
|
||||
RUN ln -s /usr/bin/php8 /usr/bin/php
|
||||
# Install packages
|
||||
RUN apk --no-cache add php7 php7-fpm php7-mysqli php7-json php7-openssl php7-curl \
|
||||
php7-zlib php7-xml php7-phar php7-intl php7-dom php7-xmlreader php7-ctype php7-session \
|
||||
php7-mbstring php7-gd nginx supervisor curl
|
||||
|
||||
# Configure nginx
|
||||
COPY config/nginx.conf /etc/nginx/nginx.conf
|
||||
# Remove default server definition
|
||||
RUN rm /etc/nginx/conf.d/default.conf
|
||||
|
||||
# Configure PHP-FPM
|
||||
COPY config/fpm-pool.conf /etc/php8/php-fpm.d/www.conf
|
||||
COPY config/php.ini /etc/php8/conf.d/custom.ini
|
||||
COPY config/fpm-pool.conf /etc/php7/php-fpm.d/www.conf
|
||||
COPY config/php.ini /etc/php7/conf.d/custom.ini
|
||||
|
||||
# Configure supervisord
|
||||
COPY config/supervisord.conf /etc/supervisor/conf.d/supervisord.conf
|
||||
|
@ -1,64 +0,0 @@
|
||||
FROM arm64v8/alpine:3.14
|
||||
LABEL Maintainer="Tim de Pater <code@trafex.nl>"
|
||||
LABEL Description="Lightweight container with Nginx 1.20 & PHP 8.0 based on Alpine Linux."
|
||||
|
||||
# Install packages and remove default server definition
|
||||
RUN apk --no-cache add \
|
||||
curl \
|
||||
nginx \
|
||||
php8 \
|
||||
php8-ctype \
|
||||
php8-curl \
|
||||
php8-dom \
|
||||
php8-fpm \
|
||||
php8-gd \
|
||||
php8-intl \
|
||||
php8-json \
|
||||
php8-mbstring \
|
||||
php8-mysqli \
|
||||
php8-opcache \
|
||||
php8-openssl \
|
||||
php8-phar \
|
||||
php8-session \
|
||||
php8-xml \
|
||||
php8-xmlreader \
|
||||
php8-zlib \
|
||||
supervisor
|
||||
|
||||
# Create symlink so programs depending on `php` still function
|
||||
RUN ln -s /usr/bin/php8 /usr/bin/php
|
||||
|
||||
# Configure nginx
|
||||
COPY config/nginx.conf /etc/nginx/nginx.conf
|
||||
|
||||
# Configure PHP-FPM
|
||||
COPY config/fpm-pool.conf /etc/php8/php-fpm.d/www.conf
|
||||
COPY config/php.ini /etc/php8/conf.d/custom.ini
|
||||
|
||||
# Configure supervisord
|
||||
COPY config/supervisord.conf /etc/supervisor/conf.d/supervisord.conf
|
||||
|
||||
# Setup document root
|
||||
RUN mkdir -p /var/www/html
|
||||
|
||||
# Make sure files/folders needed by the processes are accessable when they run under the nobody user
|
||||
RUN chown -R nobody.nobody /var/www/html && \
|
||||
chown -R nobody.nobody /run && \
|
||||
chown -R nobody.nobody /var/lib/nginx && \
|
||||
chown -R nobody.nobody /var/log/nginx
|
||||
|
||||
# Switch to use a non-root user from here on
|
||||
USER nobody
|
||||
|
||||
# Add application
|
||||
WORKDIR /var/www/html
|
||||
COPY --chown=nobody src/ /var/www/html/
|
||||
|
||||
# Expose the port nginx is reachable on
|
||||
EXPOSE 8080
|
||||
|
||||
# Let supervisord start nginx & php-fpm
|
||||
CMD ["/usr/bin/supervisord", "-c", "/etc/supervisor/conf.d/supervisord.conf"]
|
||||
|
||||
# Configure a healthcheck to validate that everything is up&running
|
||||
HEALTHCHECK --timeout=10s CMD curl --silent --fail http://127.0.0.1:8080/fpm-ping
|
@ -1,64 +0,0 @@
|
||||
FROM alpine:3.14
|
||||
LABEL Maintainer="Tim de Pater <code@trafex.nl>"
|
||||
LABEL Description="Lightweight container with Nginx 1.20 & PHP 8.0 based on Alpine Linux."
|
||||
|
||||
# Install packages and remove default server definition
|
||||
RUN apk --no-cache add \
|
||||
curl \
|
||||
nginx \
|
||||
php7 \
|
||||
php7-ctype \
|
||||
php7-curl \
|
||||
php7-dom \
|
||||
php7-fpm \
|
||||
php7-gd \
|
||||
php7-intl \
|
||||
php7-json \
|
||||
php7-mbstring \
|
||||
php7-mysqli \
|
||||
php7-opcache \
|
||||
php7-openssl \
|
||||
php7-phar \
|
||||
php7-session \
|
||||
php7-xml \
|
||||
php7-xmlreader \
|
||||
php7-zlib \
|
||||
supervisor
|
||||
|
||||
# Create symlink so programs depending on `php` still function
|
||||
# RUN ln -s /usr/bin/php7 /usr/bin/php
|
||||
|
||||
# Configure nginx
|
||||
COPY config/nginx.conf /etc/nginx/nginx.conf
|
||||
|
||||
# Configure PHP-FPM
|
||||
COPY config/fpm-pool.conf /etc/php7/php-fpm.d/www.conf
|
||||
COPY config/php.ini /etc/php7/conf.d/custom.ini
|
||||
|
||||
# Configure supervisord
|
||||
COPY config/supervisord.php7.conf /etc/supervisor/conf.d/supervisord.conf
|
||||
|
||||
# Setup document root
|
||||
RUN mkdir -p /var/www/html
|
||||
|
||||
# Make sure files/folders needed by the processes are accessable when they run under the nobody user
|
||||
RUN chown -R nobody.nobody /var/www/html && \
|
||||
chown -R nobody.nobody /run && \
|
||||
chown -R nobody.nobody /var/lib/nginx && \
|
||||
chown -R nobody.nobody /var/log/nginx
|
||||
|
||||
# Switch to use a non-root user from here on
|
||||
USER nobody
|
||||
|
||||
# Add application
|
||||
WORKDIR /var/www/html
|
||||
COPY --chown=nobody src/ /var/www/html/
|
||||
|
||||
# Expose the port nginx is reachable on
|
||||
EXPOSE 8080
|
||||
|
||||
# Let supervisord start nginx & php-fpm
|
||||
CMD ["/usr/bin/supervisord", "-c", "/etc/supervisor/conf.d/supervisord.conf"]
|
||||
|
||||
# Configure a healthcheck to validate that everything is up&running
|
||||
HEALTHCHECK --timeout=10s CMD curl --silent --fail http://127.0.0.1:8080/fpm-ping
|
@ -1,64 +0,0 @@
|
||||
FROM arm64v8/alpine:3.14
|
||||
LABEL Maintainer="Tim de Pater <code@trafex.nl>"
|
||||
LABEL Description="Lightweight container with Nginx 1.20 & PHP 8.0 based on Alpine Linux."
|
||||
|
||||
# Install packages and remove default server definition
|
||||
RUN apk --no-cache add \
|
||||
curl \
|
||||
nginx \
|
||||
php7 \
|
||||
php7-ctype \
|
||||
php7-curl \
|
||||
php7-dom \
|
||||
php7-fpm \
|
||||
php7-gd \
|
||||
php7-intl \
|
||||
php7-json \
|
||||
php7-mbstring \
|
||||
php7-mysqli \
|
||||
php7-opcache \
|
||||
php7-openssl \
|
||||
php7-phar \
|
||||
php7-session \
|
||||
php7-xml \
|
||||
php7-xmlreader \
|
||||
php7-zlib \
|
||||
supervisor
|
||||
|
||||
# Create symlink so programs depending on `php` still function
|
||||
# RUN ln -s /usr/bin/php7 /usr/bin/php
|
||||
|
||||
# Configure nginx
|
||||
COPY config/nginx.conf /etc/nginx/nginx.conf
|
||||
|
||||
# Configure PHP-FPM
|
||||
COPY config/fpm-pool.conf /etc/php7/php-fpm.d/www.conf
|
||||
COPY config/php.ini /etc/php7/conf.d/custom.ini
|
||||
|
||||
# Configure supervisord
|
||||
COPY config/supervisord.php7.conf /etc/supervisor/conf.d/supervisord.conf
|
||||
|
||||
# Setup document root
|
||||
RUN mkdir -p /var/www/html
|
||||
|
||||
# Make sure files/folders needed by the processes are accessable when they run under the nobody user
|
||||
RUN chown -R nobody.nobody /var/www/html && \
|
||||
chown -R nobody.nobody /run && \
|
||||
chown -R nobody.nobody /var/lib/nginx && \
|
||||
chown -R nobody.nobody /var/log/nginx
|
||||
|
||||
# Switch to use a non-root user from here on
|
||||
USER nobody
|
||||
|
||||
# Add application
|
||||
WORKDIR /var/www/html
|
||||
COPY --chown=nobody src/ /var/www/html/
|
||||
|
||||
# Expose the port nginx is reachable on
|
||||
EXPOSE 8080
|
||||
|
||||
# Let supervisord start nginx & php-fpm
|
||||
CMD ["/usr/bin/supervisord", "-c", "/etc/supervisor/conf.d/supervisord.conf"]
|
||||
|
||||
# Configure a healthcheck to validate that everything is up&running
|
||||
HEALTHCHECK --timeout=10s CMD curl --silent --fail http://127.0.0.1:8080/fpm-ping
|
77
README.md
77
README.md
@ -1,45 +1,45 @@
|
||||
# Docker PHP-FPM 8.0 & Nginx 1.20 on Alpine Linux
|
||||
Example PHP-FPM 8.0 & Nginx 1.20 container image for Docker, build on [Alpine Linux](https://www.alpinelinux.org/).
|
||||
# Docker PHP-FPM 7.3 & Nginx 1.16 on Alpine Linux
|
||||
Example PHP-FPM 7.3 & Nginx 1.16 setup for Docker, build on [Alpine Linux](http://www.alpinelinux.org/).
|
||||
The image is only +/- 35MB large.
|
||||
|
||||
Repository: https://github.com/TrafeX/docker-php-nginx
|
||||
|
||||
|
||||
* Built on the lightweight and secure Alpine Linux distribution
|
||||
* Multi-platform, supporting AMD4, ARMv6, ARMv7, ARM64
|
||||
* Very small Docker image size (+/-40MB)
|
||||
* Uses PHP 8.0 for better performance, lower CPU usage & memory footprint
|
||||
* Very small Docker image size (+/-35MB)
|
||||
* Uses PHP 7.3 for better performance, lower cpu usage & memory footprint
|
||||
* Optimized for 100 concurrent users
|
||||
* Optimized to only use resources when there's traffic (by using PHP-FPM's `on-demand` process manager)
|
||||
* The services Nginx, PHP-FPM and supervisord run under a non-privileged user (nobody) to make it more secure
|
||||
* Optimized to only use resources when there's traffic (by using PHP-FPM's ondemand PM)
|
||||
* The servers Nginx, PHP-FPM and supervisord run under a non-privileged user (nobody) to make it more secure
|
||||
* The logs of all the services are redirected to the output of the Docker container (visible with `docker logs -f <container name>`)
|
||||
* Follows the KISS principle (Keep It Simple, Stupid) to make it easy to understand and adjust the image to your needs
|
||||
|
||||
[![Docker Pulls](https://img.shields.io/docker/pulls/trafex/php-nginx.svg)](https://hub.docker.com/r/trafex/php-nginx/)
|
||||
![nginx 1.20](https://img.shields.io/badge/nginx-1.20-brightgreen.svg)
|
||||
![php 8.0](https://img.shields.io/badge/php-8.0-brightgreen.svg)
|
||||
|
||||
[![Docker Pulls](https://img.shields.io/docker/pulls/trafex/alpine-nginx-php7.svg)](https://hub.docker.com/r/trafex/alpine-nginx-php7/)
|
||||
[![Docker image layers](https://images.microbadger.com/badges/image/trafex/alpine-nginx-php7.svg)](https://microbadger.com/images/trafex/alpine-nginx-php7)
|
||||
![nginx 1.16.1](https://img.shields.io/badge/nginx-1.16-brightgreen.svg)
|
||||
![php 7.3](https://img.shields.io/badge/php-7.3-brightgreen.svg)
|
||||
![License MIT](https://img.shields.io/badge/license-MIT-blue.svg)
|
||||
|
||||
## Goal of this project
|
||||
The goal of this container image is to provide an example for running Nginx and PHP-FPM in a container which follows
|
||||
the best practices and is easy to understand and modify to your needs.
|
||||
### Breaking changes (26/01/2019)
|
||||
|
||||
Please note that the new builds since 26/01/2019 are exposing a different port to access Nginx.
|
||||
To be able to run Nginx as a non-privileged user, the port it's running on needed
|
||||
to change to a non-privileged port (above 1024).
|
||||
|
||||
The last build of the old version that exposed port 80 was `trafex/alpine-nginx-php7:ba1dd422`
|
||||
|
||||
## Usage
|
||||
|
||||
Start the Docker container:
|
||||
|
||||
docker run -p 80:8080 trafex/php-nginx
|
||||
docker run -p 80:8080 trafex/alpine-nginx-php7
|
||||
|
||||
See the PHP info on http://localhost, or the static html page on http://localhost/test.html
|
||||
|
||||
Or mount your own code to be served by PHP-FPM & Nginx
|
||||
|
||||
docker run -p 80:8080 -v ~/my-codebase:/var/www/html trafex/php-nginx
|
||||
|
||||
### Docker Hub repository name change
|
||||
Since we switched to PHP8 the repository name [trafex/alpine-nginx-php7](https://hub.docker.com/r/trafex/alpine-nginx-php7) didn't make sense anymore.
|
||||
Because you can't change the name of the repository on Docker Hub I created a new one.
|
||||
|
||||
From now on this image can be pulled from Docker Hub under the name [trafex/php-nginx](https://hub.docker.com/r/trafex/php-nginx).
|
||||
docker run -p 80:8080 -v ~/my-codebase:/var/www/html trafex/alpine-nginx-php7
|
||||
|
||||
## Configuration
|
||||
In [config/](config/) you'll find the default configuration files for Nginx, PHP and PHP-FPM.
|
||||
@ -47,25 +47,25 @@ If you want to extend or customize that you can do so by mounting a configuratio
|
||||
|
||||
Nginx configuration:
|
||||
|
||||
docker run -v "`pwd`/nginx-server.conf:/etc/nginx/conf.d/server.conf" trafex/php-nginx
|
||||
docker run -v "`pwd`/nginx-server.conf:/etc/nginx/conf.d/server.conf" trafex/alpine-nginx-php7
|
||||
|
||||
PHP configuration:
|
||||
|
||||
docker run -v "`pwd`/php-setting.ini:/etc/php8/conf.d/settings.ini" trafex/php-nginx
|
||||
docker run -v "`pwd`/php-setting.ini:/etc/php7/conf.d/settings.ini" trafex/alpine-nginx-php7
|
||||
|
||||
PHP-FPM configuration:
|
||||
|
||||
docker run -v "`pwd`/php-fpm-settings.conf:/etc/php8/php-fpm.d/server.conf" trafex/php-nginx
|
||||
docker run -v "`pwd`/php-fpm-settings.conf:/etc/php7/php-fpm.d/server.conf" trafex/alpine-nginx-php7
|
||||
|
||||
_Note; Because `-v` requires an absolute path I've added `pwd` in the example to return the absolute path to the current directory_
|
||||
|
||||
|
||||
## Adding composer
|
||||
|
||||
If you need [Composer](https://getcomposer.org/) in your project, here's an easy way to add it.
|
||||
If you need composer in your project, here's an easy way to add it;
|
||||
|
||||
```Dockerfile
|
||||
FROM trafex/php-nginx:latest
|
||||
```dockerfile
|
||||
FROM trafex/alpine-nginx-php7:latest
|
||||
|
||||
# Install composer from the official image
|
||||
COPY --from=composer /usr/bin/composer /usr/bin/composer
|
||||
@ -73,26 +73,3 @@ COPY --from=composer /usr/bin/composer /usr/bin/composer
|
||||
# Run composer install to install the dependencies
|
||||
RUN composer install --optimize-autoloader --no-interaction --no-progress
|
||||
```
|
||||
|
||||
### Building with composer
|
||||
|
||||
If you are building an image with source code in it and dependencies managed by composer then the definition can be improved.
|
||||
The dependencies should be retrieved by the composer but the composer itself (`/usr/bin/composer`) is not necessary to be included in the image.
|
||||
|
||||
```Dockerfile
|
||||
FROM composer AS composer
|
||||
|
||||
# copying the source directory and install the dependencies with composer
|
||||
COPY <your_directory>/ /app
|
||||
|
||||
# run composer install to install the dependencies
|
||||
RUN composer install \
|
||||
--optimize-autoloader \
|
||||
--no-interaction \
|
||||
--no-progress
|
||||
|
||||
# continue stage build with the desired image and copy the source including the
|
||||
# dependencies downloaded by composer
|
||||
FROM trafex/php-nginx
|
||||
COPY --chown=nginx --from=composer /app /var/www/html
|
||||
```
|
||||
|
13
SECURITY.md
13
SECURITY.md
@ -1,13 +0,0 @@
|
||||
# Security Policy
|
||||
|
||||
## Supported Versions
|
||||
Only the latest version will be supported and receive security updates.
|
||||
|
||||
| Version | Supported |
|
||||
| ------- | ------------------ |
|
||||
| 2.x.x | :white_check_mark: |
|
||||
| 1.x.x | :x: |
|
||||
|
||||
## Reporting a Vulnerability
|
||||
Found a potential vulnerability? Report it by e-mail on security@trafex.nl.
|
||||
|
@ -1,4 +1,4 @@
|
||||
worker_processes auto;
|
||||
worker_processes 1;
|
||||
error_log stderr warn;
|
||||
pid /run/nginx.pid;
|
||||
|
||||
@ -83,12 +83,6 @@ http {
|
||||
}
|
||||
}
|
||||
|
||||
gzip on;
|
||||
gzip_proxied any;
|
||||
gzip_types text/plain application/xml text/css text/js text/xml application/x-javascript text/javascript application/json application/xml+rss;
|
||||
gzip_vary on;
|
||||
gzip_disable "msie6";
|
||||
|
||||
# Include other server configs
|
||||
include /etc/nginx/conf.d/*.conf;
|
||||
}
|
||||
|
@ -5,7 +5,7 @@ logfile_maxbytes=0
|
||||
pidfile=/run/supervisord.pid
|
||||
|
||||
[program:php-fpm]
|
||||
command=php-fpm8 -F
|
||||
command=php-fpm7 -F
|
||||
stdout_logfile=/dev/stdout
|
||||
stdout_logfile_maxbytes=0
|
||||
stderr_logfile=/dev/stderr
|
||||
|
@ -1,23 +0,0 @@
|
||||
[supervisord]
|
||||
nodaemon=true
|
||||
logfile=/dev/null
|
||||
logfile_maxbytes=0
|
||||
pidfile=/run/supervisord.pid
|
||||
|
||||
[program:php-fpm]
|
||||
command=php-fpm7 -F
|
||||
stdout_logfile=/dev/stdout
|
||||
stdout_logfile_maxbytes=0
|
||||
stderr_logfile=/dev/stderr
|
||||
stderr_logfile_maxbytes=0
|
||||
autorestart=false
|
||||
startretries=0
|
||||
|
||||
[program:nginx]
|
||||
command=nginx -g 'daemon off;'
|
||||
stdout_logfile=/dev/stdout
|
||||
stdout_logfile_maxbytes=0
|
||||
stderr_logfile=/dev/stderr
|
||||
stderr_logfile_maxbytes=0
|
||||
autorestart=false
|
||||
startretries=0
|
@ -1,10 +1,9 @@
|
||||
version: '3.5'
|
||||
services:
|
||||
app:
|
||||
image: ${IMAGE_NAME}:${IMAGE_TAG}
|
||||
build: .
|
||||
sut:
|
||||
image: alpine:3.13
|
||||
image: alpine:3.10
|
||||
depends_on:
|
||||
- app
|
||||
command: /tmp/run_tests.sh
|
||||
|
@ -1,3 +1,3 @@
|
||||
#!/usr/bin/env sh
|
||||
apk --no-cache add curl
|
||||
curl --silent --fail http://app:8080 | grep 'PHP 8.0'
|
||||
curl --silent --fail http://app:8080 | grep 'PHP 7.3'
|
||||
|
Loading…
Reference in New Issue
Block a user