-
Notifications
You must be signed in to change notification settings - Fork 2
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge branch 'main' into add-ci-cd-workflows
- Loading branch information
Showing
7 changed files
with
336 additions
and
1 deletion.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1 +1,22 @@ | ||
FROM php:8.0-fpm-alpine3.16 | ||
|
||
# Add supervisord | ||
RUN apk add --no-cache supervisor~=4 | ||
COPY supervisord.conf /etc/supervisor/conf.d/supervisord.conf | ||
|
||
# Add nginx | ||
RUN apk add --no-cache nginx~=1 \ | ||
&& chown -R www-data:www-data /run /var/lib/nginx /var/log/nginx | ||
COPY nginx.conf /etc/nginx/nginx.conf | ||
|
||
# Configure PHP | ||
RUN cp "${PHP_INI_DIR}/php.ini-production" "${PHP_INI_DIR}/php.ini" | ||
COPY php.ini ${PHP_INI_DIR}/conf.d/000-dvsa-base.ini | ||
|
||
# Configure PHP-FPM | ||
COPY www.conf /usr/local/etc/php-fpm.d/zzz-www.conf | ||
|
||
EXPOSE 80 | ||
|
||
USER www-data | ||
CMD ["/usr/bin/supervisord", "-c", "/etc/supervisor/conf.d/supervisord.conf"] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,175 @@ | ||
# Run as a unique, less privileged user for security reasons. | ||
# Default: nobody nobody | ||
# https://nginx.org/en/docs/ngx_core_module.html#user | ||
# https://en.wikipedia.org/wiki/Principle_of_least_privilege | ||
user www-data; | ||
|
||
# Sets the worker threads to the number of CPU cores available in the system for best performance. | ||
# Should be > the number of CPU cores. | ||
# Maximum number of connections = worker_processes * worker_connections | ||
# Default: 1 | ||
# https://nginx.org/en/docs/ngx_core_module.html#worker_processes | ||
worker_processes auto; | ||
|
||
# Maximum number of open files per worker process. | ||
# Should be > worker_connections. | ||
# Default: no limit | ||
# https://nginx.org/en/docs/ngx_core_module.html#worker_rlimit_nofile | ||
worker_rlimit_nofile 8192; | ||
|
||
# Provides the configuration file context in which the directives that affect connection processing are specified. | ||
# https://nginx.org/en/docs/ngx_core_module.html#events | ||
events { | ||
# Should be < worker_rlimit_nofile. | ||
# Default: 512 | ||
# https://nginx.org/en/docs/ngx_core_module.html#worker_connections | ||
worker_connections 8000; | ||
} | ||
|
||
# Log errors and warnings to stderr so they are written to Docker logs. | ||
# This is only used when you don't override it on a `server` level | ||
# Default: logs/error.log error | ||
# https://nginx.org/en/docs/ngx_core_module.html#error_log | ||
error_log stderr warn; | ||
|
||
# The file storing the process ID of the main process | ||
# Default: logs/nginx.pid | ||
# https://nginx.org/en/docs/ngx_core_module.html#pid | ||
pid /run/nginx.pid; | ||
|
||
http { | ||
# Hide Nginx version information. | ||
# https://nginx.org/en/docs/http/ngx_http_core_module.html#server_tokens | ||
server_tokens off; | ||
|
||
# Specify media (MIME) types for files. | ||
# https://nginx.org/en/docs/http/ngx_http_core_module.html#types | ||
include mime.types; | ||
|
||
# Files without extension are treated as binary. | ||
# https://nginx.org/en/docs/http/ngx_http_core_module.html#default_type | ||
default_type application/octet-stream; | ||
|
||
# Serve all resources labeled as `text/html` or `text/plain` with the media type `charset` parameter set to `UTF-8`. | ||
# https://nginx.org/en/docs/http/ngx_http_charset_module.html#charset | ||
charset utf-8; | ||
|
||
# Update charset_types to match updated mime.types. `text/html` is always included by charset module. | ||
# https://nginx.org/en/docs/http/ngx_http_charset_module.html#charset_types | ||
charset_types | ||
text/css | ||
text/plain | ||
text/vnd.wap.wml | ||
text/javascript | ||
text/markdown | ||
text/calendar | ||
text/x-component | ||
text/vcard | ||
text/cache-manifest | ||
text/vtt | ||
application/json | ||
application/manifest+json; | ||
|
||
# Adds the `$http_x_forwarded_for` to the log and formats in JSON for CloudWatch. | ||
# https://nginx.org/en/docs/http/ngx_http_log_module.html#log_format | ||
log_format main escape=json | ||
'{' | ||
'"remote_addr":"$remote_addr",' | ||
'"remote_user":"$remote_user",' | ||
'"time_local":"$time_local",' | ||
'"request":"$request",' | ||
'"status": "$status",' | ||
'"body_bytes_sent":"$body_bytes_sent",' | ||
'"http_referer":"$http_referer",' | ||
'"http_user_agent":"$http_user_agent",' | ||
'"http_x_forwarded_for":"$http_x_forwarded_for"' | ||
'}'; | ||
|
||
# This is only used when you don't override it on a `server` level | ||
# Default: logs/access.log combined | ||
# https://nginx.org/en/docs/http/ngx_http_log_module.html#access_log | ||
access_log /dev/stdout main; | ||
|
||
# How long to allow each connection to stay idle. | ||
# Longer values are better for each individual client, particularly for SSL, but means that worker connections are tied up longer. | ||
# Default: 75s | ||
# https://nginx.org/en/docs/http/ngx_http_core_module.html#keepalive_timeout | ||
keepalive_timeout 20s; | ||
|
||
# Speed up file transfers by using `sendfile()` to copy directly between descriptors rather than using `read()`/`write()``. | ||
# For performance reasons, on FreeBSD systems w/ ZFS this option should be disabled as ZFS's ARC caches frequently used files in RAM by default. | ||
# Default: off | ||
# https://nginx.org/en/docs/http/ngx_http_core_module.html#sendfile | ||
sendfile on; | ||
|
||
# Don't send out partial frames; this increases throughput since TCP frames are filled up before being sent out. | ||
# Default: off | ||
# https://nginx.org/en/docs/http/ngx_http_core_module.html#tcp_nopush | ||
# https://nginx.org/en/docs/http/ngx_http_core_module.html#tcp_nopush | ||
tcp_nopush on; | ||
|
||
# https://nginx.org/en/docs/http/ngx_http_gzip_module.html | ||
# Enable gzip compression. | ||
# Default: off | ||
gzip on; | ||
|
||
# Compression level (1-9). | ||
# 5 is a perfect compromise between size and CPU usage, offering about 75% reduction for most ASCII files (almost identical to level 9). | ||
# Default: 1 | ||
gzip_comp_level 5; | ||
|
||
# Don't compress anything that's already small and unlikely to shrink much if at all (the default is 20 bytes, which is bad as that usually leads to larger files after gzipping). | ||
# Default: 20 | ||
gzip_min_length 256; | ||
|
||
# Compress data even for clients that are connecting to us via proxies, identified by the "Via" header (required for CloudFront). | ||
# Default: off | ||
gzip_proxied any; | ||
|
||
# Tell proxies to cache both the gzipped and regular version of a resource whenever the client's Accept-Encoding capabilities header varies; | ||
# Avoids the issue where a non-gzip capable client (which is extremely rare today) would display gibberish if their proxy gave them the gzipped version. | ||
# Default: off | ||
gzip_vary on; | ||
|
||
# Compress all output labeled with one of the following MIME-types. `text/html` is always compressed by gzip module. | ||
# Default: text/html | ||
gzip_types | ||
application/atom+xml | ||
application/geo+json | ||
application/javascript | ||
application/x-javascript | ||
application/json | ||
application/ld+json | ||
application/manifest+json | ||
application/rdf+xml | ||
application/rss+xml | ||
application/vnd.ms-fontobject | ||
application/wasm | ||
application/x-web-app-manifest+json | ||
application/xhtml+xml | ||
application/xml | ||
font/eot | ||
font/otf | ||
font/ttf | ||
image/bmp | ||
image/svg+xml | ||
image/vnd.microsoft.icon | ||
image/x-icon | ||
text/cache-manifest | ||
text/calendar | ||
text/css | ||
text/javascript | ||
text/markdown | ||
text/plain | ||
text/xml | ||
text/vcard | ||
text/vnd.rim.location.xloc | ||
text/vtt | ||
text/x-component | ||
text/x-cross-domain-policy; | ||
|
||
# Include files in the conf.d folder. | ||
# `server` configuration files should be placed in the conf.d folder. | ||
# The configurations should be disabled by prefixing files with a dot. | ||
include /etc/nginx/conf.d/*.conf; | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,14 @@ | ||
[PHP] | ||
|
||
; Decides whether PHP may expose the fact that it is installed on the server | ||
; (e.g. by adding its signature to the Web server header). It is no security | ||
; threat in any way, but it makes it possible to determine whether you use PHP | ||
; on your server or not. | ||
; https://php.net/expose-php | ||
expose_php = Off | ||
|
||
[Date] | ||
|
||
; Defines the default timezone used by the date functions | ||
; https://php.net/date.timezone | ||
date.timezone = "UTC" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,30 @@ | ||
; supervisord config file. | ||
; | ||
; For more information on the config file, please see: | ||
; http://supervisord.org/configuration.html | ||
|
||
[supervisord] | ||
nodaemon=true | ||
logfile=/dev/null | ||
logfile_maxbytes=0 | ||
pidfile=/run/supervisord.pid | ||
|
||
[program:php-fpm] | ||
command=php-fpm --nodaemonize --force-stderr | ||
priority=10 | ||
stdout_logfile=/dev/stdout | ||
stdout_logfile_maxbytes=0 | ||
stderr_logfile=/dev/stderr | ||
stderr_logfile_maxbytes=0 | ||
autorestart=false | ||
startretries=0 | ||
|
||
[program:nginx] | ||
command=nginx -g 'daemon off;' | ||
priority=20 | ||
stdout_logfile=/dev/stdout | ||
stdout_logfile_maxbytes=0 | ||
stderr_logfile=/dev/stderr | ||
stderr_logfile_maxbytes=0 | ||
autorestart=false | ||
startretries=0 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,94 @@ | ||
[global] | ||
|
||
pid = /run/php-fpm.pid | ||
|
||
error_log = /dev/stderr | ||
|
||
; https://github.com/docker-library/php/pull/725#issuecomment-443540114 | ||
log_limit = 8192 | ||
|
||
[www] | ||
|
||
; The address on which to accept FastCGI requests. | ||
; '/path/to/unix/socket' - to listen on a unix socket. | ||
listen = /run/php-fpm.socket | ||
|
||
; Choose how the process manager will control the number of child processes. | ||
; Possible Values: | ||
; static - a fixed number (pm.max_children) of child processes; | ||
; dynamic - the number of child processes are set dynamically based on the | ||
; following directives. With this process management, there will be | ||
; always at least 1 children. | ||
; pm.max_children - the maximum number of children that can | ||
; be alive at the same time. | ||
; pm.start_servers - the number of children created on startup. | ||
; pm.min_spare_servers - the minimum number of children in 'idle' | ||
; state (waiting to process). If the number | ||
; of 'idle' processes is less than this | ||
; number then some children will be created. | ||
; pm.max_spare_servers - the maximum number of children in 'idle' | ||
; state (waiting to process). If the number | ||
; of 'idle' processes is greater than this | ||
; number then some children will be killed. | ||
; pm.max_spawn_rate - the maximum number of rate to spawn child | ||
; processes at once. | ||
; ondemand - no children are created at startup. Children will be forked when | ||
; new requests will connect. The following parameter are used: | ||
; pm.max_children - the maximum number of children that | ||
; can be alive at the same time. | ||
; pm.process_idle_timeout - The number of seconds after which | ||
; an idle process will be killed. | ||
; Note: This value is mandatory. | ||
pm = dynamic | ||
|
||
; The number of child processes to be created when pm is set to 'static' and the | ||
; maximum number of child processes when pm is set to 'dynamic' or 'ondemand'. | ||
; This value sets the limit on the number of simultaneous requests that will be | ||
; served. Equivalent to the ApacheMaxClients directive with mpm_prefork. | ||
; Equivalent to the PHP_FCGI_CHILDREN environment variable in the original PHP | ||
; CGI. The below defaults are based on a server without much resources. Don't | ||
; forget to tweak pm.* to fit your needs. | ||
; Note: Used when pm is set to 'static', 'dynamic' or 'ondemand' | ||
; Note: This value is mandatory. | ||
pm.max_children = 100 | ||
|
||
; The number of requests each child process should execute before respawning. | ||
; This can be useful to work around memory leaks in 3rd party libraries. For | ||
; endless request processing specify '0'. Equivalent to PHP_FCGI_MAX_REQUESTS. | ||
; Default Value: 0 | ||
pm.max_requests = 200 | ||
|
||
; The number of child processes to be created when pm is set to 'static' and the | ||
; maximum number of child processes when pm is set to 'dynamic' or 'ondemand'. | ||
; This value sets the limit on the number of simultaneous requests that will be | ||
; served. Equivalent to the ApacheMaxClients directive with mpm_prefork. | ||
; Equivalent to the PHP_FCGI_CHILDREN environment variable in the original PHP | ||
; CGI. The below defaults are based on a server without much resources. Don't | ||
; forget to tweak pm.* to fit your needs. | ||
; Note: Used when pm is set to 'static', 'dynamic' or 'ondemand' | ||
; Note: This value is mandatory. | ||
pm.max_children = 5 | ||
|
||
; The number of child processes created on startup. | ||
; Note: Used only when pm is set to 'dynamic' | ||
; Default Value: (min_spare_servers + max_spare_servers) / 2 | ||
pm.start_servers = 3 | ||
|
||
; The desired minimum number of idle server processes. | ||
; Note: Used only when pm is set to 'dynamic' | ||
; Note: Mandatory when pm is set to 'dynamic' | ||
pm.min_spare_servers = 2 | ||
|
||
; The desired maximum number of idle server processes. | ||
; Note: Used only when pm is set to 'dynamic' | ||
; Note: Mandatory when pm is set to 'dynamic' | ||
pm.max_spare_servers = 4 | ||
|
||
; Allow FPM workers to have access to the ECS environment variables. | ||
clear_env = no | ||
|
||
; Send stdout/stderr from workers to the main error log. | ||
catch_workers_output = yes | ||
|
||
; Remove the 'child 10 said into stderr' prefix in the log and only show the actual message. | ||
decorate_workers_output = yes |