2024-11-01 12:38:15 +08:00
15 changed files with 32 additions and 572 deletions
--- a/.github/workflows/build-php7-arm.yml
+++ b/.github/workflows/build-php7-arm.yml
@ -1,43 +0,0 @@
 name: Build PHP 7 ARM Image
 on:
  push:
    branches:
      - master
 jobs:
  docker-build:
    runs-on: ubuntu-latest
    steps:
      - name: 🔍 Checkout code
        uses: actions/checkout@v2
      - name: 🏗️ Set up Docker Buildx
        uses: docker/setup-buildx-action@v1
      - name: 🔑 Login to DockerHub
        uses: docker/login-action@v1
        with:
          username: ${{ secrets.DOCKERHUB_USERNAME }}
          password: ${{ secrets.DOCKERHUB_TOKEN }}
      - name: 🎃 Set up outputs
        id: vars
        run: |
          echo "::set-output name=sha_short::$(git rev-parse --short HEAD)"
      - name: ⚓ Build and push
        uses: docker/build-push-action@v2
        with:
          context: .
          file: ./Dockerfile.php7.arm
          pull: true
          push: true
          # build-args: |
          #   arg1=value1
          #   arg2=value2
          cache-from: type=registry,ref=mashirozx/php-nginx:php7-arm
          cache-to: type=inline
          tags: |
            mashirozx/php-nginx:php7-arm
            mashirozx/php-nginx:php7arm-${{steps.vars.outputs.sha_short}}
--- a/.github/workflows/build-php7.yml
+++ b/.github/workflows/build-php7.yml
@ -1,43 +0,0 @@
 name: Build PHP 7 Image
 on:
  push:
    branches:
      - master
 jobs:
  docker-build:
    runs-on: ubuntu-latest
    steps:
      - name: 🔍 Checkout code
        uses: actions/checkout@v2
      - name: 🏗️ Set up Docker Buildx
        uses: docker/setup-buildx-action@v1
      - name: 🔑 Login to DockerHub
        uses: docker/login-action@v1
        with:
          username: ${{ secrets.DOCKERHUB_USERNAME }}
          password: ${{ secrets.DOCKERHUB_TOKEN }}
      - name: 🎃 Set up outputs
        id: vars
        run: |
          echo "::set-output name=sha_short::$(git rev-parse --short HEAD)"
      - name: ⚓ Build and push
        uses: docker/build-push-action@v2
        with:
          context: .
          file: ./Dockerfile.php7
          pull: true
          push: true
          # build-args: |
          #   arg1=value1
          #   arg2=value2
          cache-from: type=registry,ref=mashirozx/php-nginx:php7
          cache-to: type=inline
          tags: |
            mashirozx/php-nginx:php7
            mashirozx/php-nginx:php7-${{steps.vars.outputs.sha_short}}
--- a/.github/workflows/build-php8-arm.yml
+++ b/.github/workflows/build-php8-arm.yml
@ -1,43 +0,0 @@
 name: Build PHP 8 ARM Image
 on:
  push:
    branches:
      - master
 jobs:
  docker-build:
    runs-on: ubuntu-latest
    steps:
      - name: 🔍 Checkout code
        uses: actions/checkout@v2
      - name: 🏗️ Set up Docker Buildx
        uses: docker/setup-buildx-action@v1
      - name: 🔑 Login to DockerHub
        uses: docker/login-action@v1
        with:
          username: ${{ secrets.DOCKERHUB_USERNAME }}
          password: ${{ secrets.DOCKERHUB_TOKEN }}
      - name: 🎃 Set up outputs
        id: vars
        run: |
          echo "::set-output name=sha_short::$(git rev-parse --short HEAD)"
      - name: ⚓ Build and push
        uses: docker/build-push-action@v2
        with:
          context: .
          file: ./Dockerfile.arm
          pull: true
          push: true
          # build-args: |
          #   arg1=value1
          #   arg2=value2
          cache-from: type=registry,ref=mashirozx/php-nginx:php8-arm
          cache-to: type=inline
          tags: |
            mashirozx/php-nginx:php8-arm
            mashirozx/php-nginx:php8-arm-${{steps.vars.outputs.sha_short}}
--- a/.github/workflows/build-php8.yml
+++ b/.github/workflows/build-php8.yml
@ -1,43 +0,0 @@
 name: Build PHP 8 Image
 on:
  push:
    branches:
      - master
 jobs:
  docker-build:
    runs-on: ubuntu-latest
    steps:
      - name: 🔍 Checkout code
        uses: actions/checkout@v2
      - name: 🏗️ Set up Docker Buildx
        uses: docker/setup-buildx-action@v1
      - name: 🔑 Login to DockerHub
        uses: docker/login-action@v1
        with:
          username: ${{ secrets.DOCKERHUB_USERNAME }}
          password: ${{ secrets.DOCKERHUB_TOKEN }}
      - name: 🎃 Set up outputs
        id: vars
        run: |
          echo "::set-output name=sha_short::$(git rev-parse --short HEAD)"
      - name: ⚓ Build and push
        uses: docker/build-push-action@v2
        with:
          context: .
          file: ./Dockerfile
          pull: true
          push: true
          # build-args: |
          #   arg1=value1
          #   arg2=value2
          cache-from: type=registry,ref=mashirozx/php-nginx:php8
          cache-to: type=inline
          tags: |
            mashirozx/php-nginx:php8
            mashirozx/php-nginx:php8-${{steps.vars.outputs.sha_short}}
--- a/.github/workflows/build.yaml
+++ b/.github/workflows/build.yaml
@ -1,79 +0,0 @@
 name: Test & build Docker image
 on:
  push:
    branches: [ master-no ]
    tags: ['*']
  pull_request:
 env:
  IMAGE_NAME: trafex/php-nginx
  IMAGE_TAG: ${{ github.sha }}
 jobs:
  build:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout
        uses: actions/checkout@v2
      - name: Set up QEMU
        uses: docker/setup-qemu-action@v1
      - name: Set up Docker Buildx
        id: buildx
        uses: docker/setup-buildx-action@v1
      - name: Build image
        run: |-
          docker build -t $IMAGE_NAME:$IMAGE_TAG .
      - name: Smoke test image
        run: |-
          docker-compose -f docker-compose.test.yml up -d app
          sleep 2
          docker-compose -f docker-compose.test.yml run sut
      - name: Run Trivy vulnerability scanner
        uses: aquasecurity/trivy-action@master
        with:
          image-ref: '${{ env.IMAGE_NAME }}:${{ github.sha }}'
          format: 'template'
          template: '@/contrib/sarif.tpl'
          output: 'trivy-results.sarif'
      - name: Upload Trivy scan results to GitHub Security tab
        uses: github/codeql-action/upload-sarif@v1
        with:
          sarif_file: 'trivy-results.sarif'
      - name: Login to Docker Hub
        uses: docker/login-action@v1
        with:
          username: ${{ secrets.DOCKERHUB_USERNAME }}
          password: ${{ secrets.DOCKERHUB_TOKEN }}
      - name: Build multi-arch image and push latest tag
        if: github.ref == 'refs/heads/master' && github.event_name == 'push'
        run: |-
          docker buildx build \
            --cache-from=$IMAGE_NAME:latest \
            --push \
            -t $IMAGE_NAME:latest \
            --platform linux/amd64,linux/arm64,linux/arm/v7,linux/arm/v6 \
            .
      - name: Set tag in environment
        if: contains(github.ref, 'refs/tags/')
        run: echo "RELEASE_VERSION=${GITHUB_REF#refs/*/}" >> $GITHUB_ENV
      - name: Build multi-arch image and push release tag
        if: contains(github.ref, 'refs/tags/')
        run: |-
          docker buildx build \
            --cache-from=$IMAGE_NAME:latest \
            --push \
            -t $IMAGE_NAME:$RELEASE_VERSION \
            --platform linux/amd64,linux/arm64,linux/arm/v7,linux/arm/v6 \
            .
--- a/.github/workflows/dockerhub-description.yaml
+++ b/.github/workflows/dockerhub-description.yaml
@ -1,21 +0,0 @@
 name: Update Docker Hub Description
 on:
  push:
    branches:
      - master-no
    paths:
      - README.md
      - .github/workflows/dockerhub-description.yml
 jobs:
  dockerHubDescription:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v2
      - name: Docker Hub Description
        uses: peter-evans/dockerhub-description@v2
        with:
          username: ${{ secrets.DOCKERHUB_USERNAME }}
          password: ${{ secrets.DOCKERHUB_PASSWORD }}
          repository: trafex/php-nginx
          short-description: ${{ github.event.repository.description }}
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@ -1,19 +0,0 @@
 # Contributing to this project
 I love your input! I want to make contributing to this project as easy and transparent as possible.
 ## Report bugs using Github's [issues](https://github.com/TrafeX/docker-php-nginx/issues)
 GitHub issues is used to track public bugs.
 Report a bug by [opening a new issue](https://github.com/TrafeX/docker-php-nginx/issues/new); it's that easy!
 ### What to include in an issue?
 - A quick summary and/or background
 - Steps to reproduce
    - Include what version of the image you are using
    - Add the `Dockerfile` if you made any changes
    - Include the command you used to run the container
 - What you expected would happen
 - What actually happens
 - Notes (possibly including why you think this might be happening, or stuff you tried that didn't work)
 ## License
 By contributing, you agree that your contributions will be licensed under its [MIT License](./LICENSE).
--- a/34
+++ b/34
@ -1,32 +1,12 @@
-FROM alpine:3.14
+FROM alpine:3.13
-LABEL Maintainer="Tim de Pater <code@trafex.nl>"
+LABEL Maintainer="Tim de Pater <code@trafex.nl>" \
-LABEL Description="Lightweight container with Nginx 1.20 & PHP 8.0 based on Alpine Linux."
+      Description="Lightweight container with Nginx 1.18 & PHP 8.0 based on Alpine Linux."
 # Install packages and remove default server definition
-RUN apk --no-cache add \
+RUN apk --no-cache add php8 php8-fpm php8-opcache php8-mysqli php8-json php8-openssl php8-curl \
-  curl \
+    php8-zlib php8-xml php8-phar php8-intl php8-dom php8-xmlreader php8-ctype php8-session \
-  nginx \
+    php8-mbstring php8-gd nginx supervisor curl && \
-  php8 \
+    rm /etc/nginx/conf.d/default.conf
  php8-ctype \
  php8-curl \
  php8-dom \
  php8-fpm \
  php8-gd \
  php8-intl \
  php8-json \
  php8-mbstring \
  php8-mysqli \
  php8-opcache \
  php8-openssl \
  php8-phar \
  php8-session \
  php8-xml \
  php8-xmlreader \
  php8-zlib \
  supervisor
 # Create symlink so programs depending on `php` still function
 RUN ln -s /usr/bin/php8 /usr/bin/php
 # Configure nginx
 COPY config/nginx.conf /etc/nginx/nginx.conf
--- a/Dockerfile.arm
+++ b/Dockerfile.arm
@ -1,64 +0,0 @@
 FROM arm64v8/alpine:3.14
 LABEL Maintainer="Tim de Pater <code@trafex.nl>"
 LABEL Description="Lightweight container with Nginx 1.20 & PHP 8.0 based on Alpine Linux."
 # Install packages and remove default server definition
 RUN apk --no-cache add \
  curl \
  nginx \
  php8 \
  php8-ctype \
  php8-curl \
  php8-dom \
  php8-fpm \
  php8-gd \
  php8-intl \
  php8-json \
  php8-mbstring \
  php8-mysqli \
  php8-opcache \
  php8-openssl \
  php8-phar \
  php8-session \
  php8-xml \
  php8-xmlreader \
  php8-zlib \
  supervisor
 # Create symlink so programs depending on `php` still function
 RUN ln -s /usr/bin/php8 /usr/bin/php
 # Configure nginx
 COPY config/nginx.conf /etc/nginx/nginx.conf
 # Configure PHP-FPM
 COPY config/fpm-pool.conf /etc/php8/php-fpm.d/www.conf
 COPY config/php.ini /etc/php8/conf.d/custom.ini
 # Configure supervisord
 COPY config/supervisord.conf /etc/supervisor/conf.d/supervisord.conf
 # Setup document root
 RUN mkdir -p /var/www/html
 # Make sure files/folders needed by the processes are accessable when they run under the nobody user
 RUN chown -R nobody.nobody /var/www/html && \
  chown -R nobody.nobody /run && \
  chown -R nobody.nobody /var/lib/nginx && \
  chown -R nobody.nobody /var/log/nginx
 # Switch to use a non-root user from here on
 USER nobody
 # Add application
 WORKDIR /var/www/html
 COPY --chown=nobody src/ /var/www/html/
 # Expose the port nginx is reachable on
 EXPOSE 8080
 # Let supervisord start nginx & php-fpm
 CMD ["/usr/bin/supervisord", "-c", "/etc/supervisor/conf.d/supervisord.conf"]
 # Configure a healthcheck to validate that everything is up&running
 HEALTHCHECK --timeout=10s CMD curl --silent --fail http://127.0.0.1:8080/fpm-ping
--- a/Dockerfile.php7
+++ b/Dockerfile.php7
@ -1,64 +0,0 @@
 FROM alpine:3.14
 LABEL Maintainer="Tim de Pater <code@trafex.nl>"
 LABEL Description="Lightweight container with Nginx 1.20 & PHP 8.0 based on Alpine Linux."
 # Install packages and remove default server definition
 RUN apk --no-cache add \
  curl \
  nginx \
  php7 \
  php7-ctype \
  php7-curl \
  php7-dom \
  php7-fpm \
  php7-gd \
  php7-intl \
  php7-json \
  php7-mbstring \
  php7-mysqli \
  php7-opcache \
  php7-openssl \
  php7-phar \
  php7-session \
  php7-xml \
  php7-xmlreader \
  php7-zlib \
  supervisor
 # Create symlink so programs depending on `php` still function
 # RUN ln -s /usr/bin/php7 /usr/bin/php
 # Configure nginx
 COPY config/nginx.conf /etc/nginx/nginx.conf
 # Configure PHP-FPM
 COPY config/fpm-pool.conf /etc/php7/php-fpm.d/www.conf
 COPY config/php.ini /etc/php7/conf.d/custom.ini
 # Configure supervisord
 COPY config/supervisord.php7.conf /etc/supervisor/conf.d/supervisord.conf
 # Setup document root
 RUN mkdir -p /var/www/html
 # Make sure files/folders needed by the processes are accessable when they run under the nobody user
 RUN chown -R nobody.nobody /var/www/html && \
  chown -R nobody.nobody /run && \
  chown -R nobody.nobody /var/lib/nginx && \
  chown -R nobody.nobody /var/log/nginx
 # Switch to use a non-root user from here on
 USER nobody
 # Add application
 WORKDIR /var/www/html
 COPY --chown=nobody src/ /var/www/html/
 # Expose the port nginx is reachable on
 EXPOSE 8080
 # Let supervisord start nginx & php-fpm
 CMD ["/usr/bin/supervisord", "-c", "/etc/supervisor/conf.d/supervisord.conf"]
 # Configure a healthcheck to validate that everything is up&running
 HEALTHCHECK --timeout=10s CMD curl --silent --fail http://127.0.0.1:8080/fpm-ping
--- a/Dockerfile.php7.arm
+++ b/Dockerfile.php7.arm
@ -1,64 +0,0 @@
 FROM arm64v8/alpine:3.14
 LABEL Maintainer="Tim de Pater <code@trafex.nl>"
 LABEL Description="Lightweight container with Nginx 1.20 & PHP 8.0 based on Alpine Linux."
 # Install packages and remove default server definition
 RUN apk --no-cache add \
  curl \
  nginx \
  php7 \
  php7-ctype \
  php7-curl \
  php7-dom \
  php7-fpm \
  php7-gd \
  php7-intl \
  php7-json \
  php7-mbstring \
  php7-mysqli \
  php7-opcache \
  php7-openssl \
  php7-phar \
  php7-session \
  php7-xml \
  php7-xmlreader \
  php7-zlib \
  supervisor
 # Create symlink so programs depending on `php` still function
 # RUN ln -s /usr/bin/php7 /usr/bin/php
 # Configure nginx
 COPY config/nginx.conf /etc/nginx/nginx.conf
 # Configure PHP-FPM
 COPY config/fpm-pool.conf /etc/php7/php-fpm.d/www.conf
 COPY config/php.ini /etc/php7/conf.d/custom.ini
 # Configure supervisord
 COPY config/supervisord.php7.conf /etc/supervisor/conf.d/supervisord.conf
 # Setup document root
 RUN mkdir -p /var/www/html
 # Make sure files/folders needed by the processes are accessable when they run under the nobody user
 RUN chown -R nobody.nobody /var/www/html && \
  chown -R nobody.nobody /run && \
  chown -R nobody.nobody /var/lib/nginx && \
  chown -R nobody.nobody /var/log/nginx
 # Switch to use a non-root user from here on
 USER nobody
 # Add application
 WORKDIR /var/www/html
 COPY --chown=nobody src/ /var/www/html/
 # Expose the port nginx is reachable on
 EXPOSE 8080
 # Let supervisord start nginx & php-fpm
 CMD ["/usr/bin/supervisord", "-c", "/etc/supervisor/conf.d/supervisord.conf"]
 # Configure a healthcheck to validate that everything is up&running
 HEALTHCHECK --timeout=10s CMD curl --silent --fail http://127.0.0.1:8080/fpm-ping
--- a/README.md
+++ b/README.md
@ -1,45 +1,45 @@
-# Docker PHP-FPM 8.0 & Nginx 1.20 on Alpine Linux
+# Docker PHP-FPM 8.0 & Nginx 1.18 on Alpine Linux
-Example PHP-FPM 8.0 & Nginx 1.20 container image for Docker, build on [Alpine Linux](https://www.alpinelinux.org/).
+Example PHP-FPM 8.0 & Nginx 1.18 setup for Docker, build on [Alpine Linux](https://www.alpinelinux.org/).
 The image is only +/- 35MB large.
 Repository: https://github.com/TrafeX/docker-php-nginx
 * Built on the lightweight and secure Alpine Linux distribution
-* Multi-platform, supporting AMD4, ARMv6, ARMv7, ARM64
+* Very small Docker image size (+/-35MB)
 * Very small Docker image size (+/-40MB)
 * Uses PHP 8.0 for better performance, lower CPU usage & memory footprint
 * Optimized for 100 concurrent users
-* Optimized to only use resources when there's traffic (by using PHP-FPM's `on-demand` process manager)
+* Optimized to only use resources when there's traffic (by using PHP-FPM's on-demand PM)
-* The services Nginx, PHP-FPM and supervisord run under a non-privileged user (nobody) to make it more secure
+* The servers Nginx, PHP-FPM and supervisord run under a non-privileged user (nobody) to make it more secure
 * The logs of all the services are redirected to the output of the Docker container (visible with `docker logs -f <container name>`)
 * Follows the KISS principle (Keep It Simple, Stupid) to make it easy to understand and adjust the image to your needs
-[![Docker Pulls](https://img.shields.io/docker/pulls/trafex/php-nginx.svg)](https://hub.docker.com/r/trafex/php-nginx/)
+
-![nginx 1.20](https://img.shields.io/badge/nginx-1.20-brightgreen.svg)
+[![Docker Pulls](https://img.shields.io/docker/pulls/trafex/alpine-nginx-php7.svg)](https://hub.docker.com/r/trafex/alpine-nginx-php7/)
 [![Docker image layers](https://images.microbadger.com/badges/image/trafex/alpine-nginx-php7.svg)](https://microbadger.com/images/trafex/alpine-nginx-php7)
 ![nginx 1.18.0](https://img.shields.io/badge/nginx-1.18-brightgreen.svg)
 ![php 8.0](https://img.shields.io/badge/php-8.0-brightgreen.svg)
 ![License MIT](https://img.shields.io/badge/license-MIT-blue.svg)
-## Goal of this project
+### Breaking changes (26/01/2019)
-The goal of this container image is to provide an example for running Nginx and PHP-FPM in a container which follows
+
-the best practices and is easy to understand and modify to your needs.
+Please note that the new builds since 26/01/2019 are exposing a different port to access Nginx.
 To be able to run Nginx as a non-privileged user, the port it's running on needed
 to change to a non-privileged port (above 1024).
 The last build of the old version that exposed port 80 was `trafex/alpine-nginx-php7:ba1dd422`
 ## Usage
 Start the Docker container:
-    docker run -p 80:8080 trafex/php-nginx
+    docker run -p 80:8080 trafex/alpine-nginx-php7
 See the PHP info on http://localhost, or the static html page on http://localhost/test.html
 Or mount your own code to be served by PHP-FPM & Nginx
-    docker run -p 80:8080 -v ~/my-codebase:/var/www/html trafex/php-nginx
+    docker run -p 80:8080 -v ~/my-codebase:/var/www/html trafex/alpine-nginx-php7
 ### Docker Hub repository name change
 Since we switched to PHP8 the repository name [trafex/alpine-nginx-php7](https://hub.docker.com/r/trafex/alpine-nginx-php7) didn't make sense anymore.
 Because you can't change the name of the repository on Docker Hub I created a new one.
 From now on this image can be pulled from Docker Hub under the name [trafex/php-nginx](https://hub.docker.com/r/trafex/php-nginx).
 ## Configuration
 In [config/](config/) you'll find the default configuration files for Nginx, PHP and PHP-FPM.
@ -47,15 +47,15 @@ If you want to extend or customize that you can do so by mounting a configuratio
 Nginx configuration:
-    docker run -v "`pwd`/nginx-server.conf:/etc/nginx/conf.d/server.conf" trafex/php-nginx
+    docker run -v "`pwd`/nginx-server.conf:/etc/nginx/conf.d/server.conf" trafex/alpine-nginx-php7
 PHP configuration:
-    docker run -v "`pwd`/php-setting.ini:/etc/php8/conf.d/settings.ini" trafex/php-nginx
+    docker run -v "`pwd`/php-setting.ini:/etc/php7/conf.d/settings.ini" trafex/alpine-nginx-php7
 PHP-FPM configuration:
-    docker run -v "`pwd`/php-fpm-settings.conf:/etc/php8/php-fpm.d/server.conf" trafex/php-nginx
+    docker run -v "`pwd`/php-fpm-settings.conf:/etc/php7/php-fpm.d/server.conf" trafex/alpine-nginx-php7
 _Note; Because `-v` requires an absolute path I've added `pwd` in the example to return the absolute path to the current directory_
@ -64,8 +64,8 @@ _Note; Because `-v` requires an absolute path I've added `pwd` in the example to
 If you need [Composer](https://getcomposer.org/) in your project, here's an easy way to add it.
-```Dockerfile
+```dockerfile
-FROM trafex/php-nginx:latest
+FROM trafex/alpine-nginx-php7:latest
 # Install composer from the official image
 COPY --from=composer /usr/bin/composer /usr/bin/composer
@ -93,6 +93,6 @@ RUN composer install \
 # continue stage build with the desired image and copy the source including the
 # dependencies downloaded by composer
-FROM trafex/php-nginx
+FROM trafex/alpine-nginx-php7
 COPY --chown=nginx --from=composer /app /var/www/html
 ```
--- a/SECURITY.md
+++ b/SECURITY.md
@ -1,13 +0,0 @@
 # Security Policy
 ## Supported Versions
 Only the latest version will be supported and receive security updates.
 | Version | Supported          |
 | ------- | ------------------ |
 | 2.x.x   | :white_check_mark: |
 | 1.x.x   | :x:                |
 ## Reporting a Vulnerability
 Found a potential vulnerability? Report it by e-mail on security@trafex.nl.
--- a/config/supervisord.php7.conf
+++ b/config/supervisord.php7.conf
@ -1,23 +0,0 @@
 [supervisord]
 nodaemon=true
 logfile=/dev/null
 logfile_maxbytes=0
 pidfile=/run/supervisord.pid
 [program:php-fpm]
 command=php-fpm7 -F
 stdout_logfile=/dev/stdout
 stdout_logfile_maxbytes=0
 stderr_logfile=/dev/stderr
 stderr_logfile_maxbytes=0
 autorestart=false
 startretries=0
 [program:nginx]
 command=nginx -g 'daemon off;'
 stdout_logfile=/dev/stdout
 stdout_logfile_maxbytes=0
 stderr_logfile=/dev/stderr
 stderr_logfile_maxbytes=0
 autorestart=false
 startretries=0
--- a/docker-compose.test.yml
+++ b/docker-compose.test.yml
@ -1,7 +1,6 @@
 version: '3.5'
 services:
  app:
    image: ${IMAGE_NAME}:${IMAGE_TAG}
    build: .
  sut:
    image: alpine:3.13