From 69e5b747c8bb2c8720b6609b7a048287045e1947 Mon Sep 17 00:00:00 2001 From: Gabriel Guimaraes Date: Mon, 15 Apr 2024 14:15:11 +0100 Subject: [PATCH] feat: productionised base PHP-FPM 8.2 image (#10) * feat: created directory and copied fpm-nginx from php/8.0 * feat: changed php version to 8.2 in Dockerfile * fix: changed PHP version to the correct versions in 8.2 and 7.4 * fix: all dockerfiles now have correct versions * fix: fixed ci cd --- .github/workflows/cd.yaml | 2 + .github/workflows/ci.yaml | 2 + php/8.2/fpm-nginx/Dockerfile | 22 ++++ php/8.2/fpm-nginx/nginx.conf | 175 +++++++++++++++++++++++++++++ php/8.2/fpm-nginx/php.ini | 14 +++ php/8.2/fpm-nginx/supervisord.conf | 30 +++++ php/8.2/fpm-nginx/www.conf | 94 ++++++++++++++++ 7 files changed, 339 insertions(+) create mode 100644 php/8.2/fpm-nginx/Dockerfile create mode 100644 php/8.2/fpm-nginx/nginx.conf create mode 100644 php/8.2/fpm-nginx/php.ini create mode 100644 php/8.2/fpm-nginx/supervisord.conf create mode 100644 php/8.2/fpm-nginx/www.conf diff --git a/.github/workflows/cd.yaml b/.github/workflows/cd.yaml index 3cab77f..cb22363 100644 --- a/.github/workflows/cd.yaml +++ b/.github/workflows/cd.yaml @@ -61,9 +61,11 @@ jobs: base: - php/7.4/fpm-nginx - php/8.0/fpm-nginx + - php/8.2/fpm-nginx exclude: - base: ${{ needs.release-please.outputs.release_created || contains(needs.orchestrator.outputs.changed-directories, 'php/7.4/fpm-nginx') && 'ignored' || 'php/7.4/fpm-nginx' }} - base: ${{ needs.release-please.outputs.release_created || contains(needs.orchestrator.outputs.changed-directories, 'php/8.0/fpm-nginx') && 'ignored' || 'php/8.0/fpm-nginx' }} + - base: ${{ needs.release-please.outputs.release_created || contains(needs.orchestrator.outputs.changed-directories, 'php/8.2/fpm-nginx') && 'ignored' || 'php/8.2/fpm-nginx' }} uses: ./.github/workflows/docker.yaml with: version: ${{ needs.release-please.outputs.release_created && needs.release-please.outputs.tag_name || github.sha}} diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index 41e8a3b..a74e087 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -38,9 +38,11 @@ jobs: base: - php/7.4/fpm-nginx - php/8.0/fpm-nginx + - php/8.2/fpm-nginx exclude: - base: ${{ contains(needs.orchestrator.outputs.changed-directories, 'php/7.4/fpm-nginx') && 'ignored' || 'php/7.4/fpm-nginx' }} - base: ${{ contains(needs.orchestrator.outputs.changed-directories, 'php/8.0/fpm-nginx') && 'ignored' || 'php/8.0/fpm-nginx' }} + - base: ${{ contains(needs.orchestrator.outputs.changed-directories, 'php/8.2/fpm-nginx') && 'ignored' || 'php/8.2/fpm-nginx' }} uses: ./.github/workflows/docker.yaml with: version: ${{ github.event.pull_request.head.sha }} diff --git a/php/8.2/fpm-nginx/Dockerfile b/php/8.2/fpm-nginx/Dockerfile new file mode 100644 index 0000000..1642328 --- /dev/null +++ b/php/8.2/fpm-nginx/Dockerfile @@ -0,0 +1,22 @@ +FROM php:8.2-fpm-alpine3.16 + +# Add supervisord +RUN apk add --no-cache supervisor~=4 +COPY supervisord.conf /etc/supervisor/conf.d/supervisord.conf + +# Add nginx +RUN apk add --no-cache nginx~=1 \ + && chown -R www-data:www-data /run /var/lib/nginx /var/log/nginx +COPY nginx.conf /etc/nginx/nginx.conf + +# Configure PHP +RUN cp "${PHP_INI_DIR}/php.ini-production" "${PHP_INI_DIR}/php.ini" +COPY php.ini ${PHP_INI_DIR}/conf.d/000-dvsa-base.ini + +# Configure PHP-FPM +COPY www.conf /usr/local/etc/php-fpm.d/zzz-www.conf + +EXPOSE 80 + +USER www-data +CMD ["/usr/bin/supervisord", "-c", "/etc/supervisor/conf.d/supervisord.conf"] diff --git a/php/8.2/fpm-nginx/nginx.conf b/php/8.2/fpm-nginx/nginx.conf new file mode 100644 index 0000000..bd8ec4e --- /dev/null +++ b/php/8.2/fpm-nginx/nginx.conf @@ -0,0 +1,175 @@ +# Run as a unique, less privileged user for security reasons. +# Default: nobody nobody +# https://nginx.org/en/docs/ngx_core_module.html#user +# https://en.wikipedia.org/wiki/Principle_of_least_privilege +user www-data; + +# Sets the worker threads to the number of CPU cores available in the system for best performance. +# Should be > the number of CPU cores. +# Maximum number of connections = worker_processes * worker_connections +# Default: 1 +# https://nginx.org/en/docs/ngx_core_module.html#worker_processes +worker_processes auto; + +# Maximum number of open files per worker process. +# Should be > worker_connections. +# Default: no limit +# https://nginx.org/en/docs/ngx_core_module.html#worker_rlimit_nofile +worker_rlimit_nofile 8192; + +# Provides the configuration file context in which the directives that affect connection processing are specified. +# https://nginx.org/en/docs/ngx_core_module.html#events +events { + # Should be < worker_rlimit_nofile. + # Default: 512 + # https://nginx.org/en/docs/ngx_core_module.html#worker_connections + worker_connections 8000; +} + +# Log errors and warnings to stderr so they are written to Docker logs. +# This is only used when you don't override it on a `server` level +# Default: logs/error.log error +# https://nginx.org/en/docs/ngx_core_module.html#error_log +error_log stderr warn; + +# The file storing the process ID of the main process +# Default: logs/nginx.pid +# https://nginx.org/en/docs/ngx_core_module.html#pid +pid /run/nginx.pid; + +http { + # Hide Nginx version information. + # https://nginx.org/en/docs/http/ngx_http_core_module.html#server_tokens + server_tokens off; + + # Specify media (MIME) types for files. + # https://nginx.org/en/docs/http/ngx_http_core_module.html#types + include mime.types; + + # Files without extension are treated as binary. + # https://nginx.org/en/docs/http/ngx_http_core_module.html#default_type + default_type application/octet-stream; + + # Serve all resources labeled as `text/html` or `text/plain` with the media type `charset` parameter set to `UTF-8`. + # https://nginx.org/en/docs/http/ngx_http_charset_module.html#charset + charset utf-8; + + # Update charset_types to match updated mime.types. `text/html` is always included by charset module. + # https://nginx.org/en/docs/http/ngx_http_charset_module.html#charset_types + charset_types + text/css + text/plain + text/vnd.wap.wml + text/javascript + text/markdown + text/calendar + text/x-component + text/vcard + text/cache-manifest + text/vtt + application/json + application/manifest+json; + + # Adds the `$http_x_forwarded_for` to the log and formats in JSON for CloudWatch. + # https://nginx.org/en/docs/http/ngx_http_log_module.html#log_format + log_format main escape=json + '{' + '"remote_addr":"$remote_addr",' + '"remote_user":"$remote_user",' + '"time_local":"$time_local",' + '"request":"$request",' + '"status": "$status",' + '"body_bytes_sent":"$body_bytes_sent",' + '"http_referer":"$http_referer",' + '"http_user_agent":"$http_user_agent",' + '"http_x_forwarded_for":"$http_x_forwarded_for"' + '}'; + + # This is only used when you don't override it on a `server` level + # Default: logs/access.log combined + # https://nginx.org/en/docs/http/ngx_http_log_module.html#access_log + access_log /dev/stdout main; + + # How long to allow each connection to stay idle. + # Longer values are better for each individual client, particularly for SSL, but means that worker connections are tied up longer. + # Default: 75s + # https://nginx.org/en/docs/http/ngx_http_core_module.html#keepalive_timeout + keepalive_timeout 20s; + + # Speed up file transfers by using `sendfile()` to copy directly between descriptors rather than using `read()`/`write()``. + # For performance reasons, on FreeBSD systems w/ ZFS this option should be disabled as ZFS's ARC caches frequently used files in RAM by default. + # Default: off + # https://nginx.org/en/docs/http/ngx_http_core_module.html#sendfile + sendfile on; + + # Don't send out partial frames; this increases throughput since TCP frames are filled up before being sent out. + # Default: off + # https://nginx.org/en/docs/http/ngx_http_core_module.html#tcp_nopush + # https://nginx.org/en/docs/http/ngx_http_core_module.html#tcp_nopush + tcp_nopush on; + + # https://nginx.org/en/docs/http/ngx_http_gzip_module.html + # Enable gzip compression. + # Default: off + gzip on; + + # Compression level (1-9). + # 5 is a perfect compromise between size and CPU usage, offering about 75% reduction for most ASCII files (almost identical to level 9). + # Default: 1 + gzip_comp_level 5; + + # Don't compress anything that's already small and unlikely to shrink much if at all (the default is 20 bytes, which is bad as that usually leads to larger files after gzipping). + # Default: 20 + gzip_min_length 256; + + # Compress data even for clients that are connecting to us via proxies, identified by the "Via" header (required for CloudFront). + # Default: off + gzip_proxied any; + + # Tell proxies to cache both the gzipped and regular version of a resource whenever the client's Accept-Encoding capabilities header varies; + # Avoids the issue where a non-gzip capable client (which is extremely rare today) would display gibberish if their proxy gave them the gzipped version. + # Default: off + gzip_vary on; + + # Compress all output labeled with one of the following MIME-types. `text/html` is always compressed by gzip module. + # Default: text/html + gzip_types + application/atom+xml + application/geo+json + application/javascript + application/x-javascript + application/json + application/ld+json + application/manifest+json + application/rdf+xml + application/rss+xml + application/vnd.ms-fontobject + application/wasm + application/x-web-app-manifest+json + application/xhtml+xml + application/xml + font/eot + font/otf + font/ttf + image/bmp + image/svg+xml + image/vnd.microsoft.icon + image/x-icon + text/cache-manifest + text/calendar + text/css + text/javascript + text/markdown + text/plain + text/xml + text/vcard + text/vnd.rim.location.xloc + text/vtt + text/x-component + text/x-cross-domain-policy; + + # Include files in the conf.d folder. + # `server` configuration files should be placed in the conf.d folder. + # The configurations should be disabled by prefixing files with a dot. + include /etc/nginx/conf.d/*.conf; +} diff --git a/php/8.2/fpm-nginx/php.ini b/php/8.2/fpm-nginx/php.ini new file mode 100644 index 0000000..11d4d7a --- /dev/null +++ b/php/8.2/fpm-nginx/php.ini @@ -0,0 +1,14 @@ +[PHP] + +; Decides whether PHP may expose the fact that it is installed on the server +; (e.g. by adding its signature to the Web server header). It is no security +; threat in any way, but it makes it possible to determine whether you use PHP +; on your server or not. +; https://php.net/expose-php +expose_php = Off + +[Date] + +; Defines the default timezone used by the date functions +; https://php.net/date.timezone +date.timezone = "UTC" \ No newline at end of file diff --git a/php/8.2/fpm-nginx/supervisord.conf b/php/8.2/fpm-nginx/supervisord.conf new file mode 100644 index 0000000..44838cb --- /dev/null +++ b/php/8.2/fpm-nginx/supervisord.conf @@ -0,0 +1,30 @@ +; supervisord config file. +; +; For more information on the config file, please see: +; http://supervisord.org/configuration.html + +[supervisord] +nodaemon=true +logfile=/dev/null +logfile_maxbytes=0 +pidfile=/run/supervisord.pid + +[program:php-fpm] +command=php-fpm --nodaemonize --force-stderr +priority=10 +stdout_logfile=/dev/stdout +stdout_logfile_maxbytes=0 +stderr_logfile=/dev/stderr +stderr_logfile_maxbytes=0 +autorestart=false +startretries=0 + +[program:nginx] +command=nginx -g 'daemon off;' +priority=20 +stdout_logfile=/dev/stdout +stdout_logfile_maxbytes=0 +stderr_logfile=/dev/stderr +stderr_logfile_maxbytes=0 +autorestart=false +startretries=0 diff --git a/php/8.2/fpm-nginx/www.conf b/php/8.2/fpm-nginx/www.conf new file mode 100644 index 0000000..e6c308e --- /dev/null +++ b/php/8.2/fpm-nginx/www.conf @@ -0,0 +1,94 @@ +[global] + +pid = /run/php-fpm.pid + +error_log = /dev/stderr + +; https://github.com/docker-library/php/pull/725#issuecomment-443540114 +log_limit = 8192 + +[www] + +; The address on which to accept FastCGI requests. +; '/path/to/unix/socket' - to listen on a unix socket. +listen = /run/php-fpm.socket + +; Choose how the process manager will control the number of child processes. +; Possible Values: +; static - a fixed number (pm.max_children) of child processes; +; dynamic - the number of child processes are set dynamically based on the +; following directives. With this process management, there will be +; always at least 1 children. +; pm.max_children - the maximum number of children that can +; be alive at the same time. +; pm.start_servers - the number of children created on startup. +; pm.min_spare_servers - the minimum number of children in 'idle' +; state (waiting to process). If the number +; of 'idle' processes is less than this +; number then some children will be created. +; pm.max_spare_servers - the maximum number of children in 'idle' +; state (waiting to process). If the number +; of 'idle' processes is greater than this +; number then some children will be killed. +; pm.max_spawn_rate - the maximum number of rate to spawn child +; processes at once. +; ondemand - no children are created at startup. Children will be forked when +; new requests will connect. The following parameter are used: +; pm.max_children - the maximum number of children that +; can be alive at the same time. +; pm.process_idle_timeout - The number of seconds after which +; an idle process will be killed. +; Note: This value is mandatory. +pm = dynamic + +; The number of child processes to be created when pm is set to 'static' and the +; maximum number of child processes when pm is set to 'dynamic' or 'ondemand'. +; This value sets the limit on the number of simultaneous requests that will be +; served. Equivalent to the ApacheMaxClients directive with mpm_prefork. +; Equivalent to the PHP_FCGI_CHILDREN environment variable in the original PHP +; CGI. The below defaults are based on a server without much resources. Don't +; forget to tweak pm.* to fit your needs. +; Note: Used when pm is set to 'static', 'dynamic' or 'ondemand' +; Note: This value is mandatory. +pm.max_children = 100 + +; The number of requests each child process should execute before respawning. +; This can be useful to work around memory leaks in 3rd party libraries. For +; endless request processing specify '0'. Equivalent to PHP_FCGI_MAX_REQUESTS. +; Default Value: 0 +pm.max_requests = 200 + +; The number of child processes to be created when pm is set to 'static' and the +; maximum number of child processes when pm is set to 'dynamic' or 'ondemand'. +; This value sets the limit on the number of simultaneous requests that will be +; served. Equivalent to the ApacheMaxClients directive with mpm_prefork. +; Equivalent to the PHP_FCGI_CHILDREN environment variable in the original PHP +; CGI. The below defaults are based on a server without much resources. Don't +; forget to tweak pm.* to fit your needs. +; Note: Used when pm is set to 'static', 'dynamic' or 'ondemand' +; Note: This value is mandatory. +pm.max_children = 5 + +; The number of child processes created on startup. +; Note: Used only when pm is set to 'dynamic' +; Default Value: (min_spare_servers + max_spare_servers) / 2 +pm.start_servers = 3 + +; The desired minimum number of idle server processes. +; Note: Used only when pm is set to 'dynamic' +; Note: Mandatory when pm is set to 'dynamic' +pm.min_spare_servers = 2 + +; The desired maximum number of idle server processes. +; Note: Used only when pm is set to 'dynamic' +; Note: Mandatory when pm is set to 'dynamic' +pm.max_spare_servers = 4 + +; Allow FPM workers to have access to the ECS environment variables. +clear_env = no + +; Send stdout/stderr from workers to the main error log. +catch_workers_output = yes + +; Remove the 'child 10 said into stderr' prefix in the log and only show the actual message. +decorate_workers_output = yes