From d2f3899d10e2fc5df5e341354a387e8129f26789 Mon Sep 17 00:00:00 2001
From: Ambroise Maupate <ambroise@rezo-zero.com>
Date: Thu, 14 Nov 2024 21:05:55 +0100
Subject: [PATCH] feat: Migrate Dockerfile to multi-stage build and get rid of
 `roadiz/php83-fpm-alpine` base image

BREAKING CHANGE: Base PHP image is now `php:8.3.13-fpm-bookworm`
---
 .dockerignore                                 |  45 +--
 .gitlab-ci.yml                                |  65 ++---
 Dockerfile                                    | 263 ++++++++++++++----
 compose.override.yml.dist                     |   5 +-
 compose.yml                                   |  99 ++++---
 docker/mysql/Dockerfile                       |   9 -
 docker/nginx/Dockerfile                       |   4 -
 docker/php-fpm-alpine/Dockerfile              |  40 ---
 docker/php-fpm-alpine/php.prod.ini            |  38 ---
 .../php.ini => php/conf.d/php.dev.ini}        |  23 +-
 docker/php/conf.d/php.prod.ini                |  26 ++
 docker/{php-fpm-alpine => php}/crontab.txt    |   0
 .../docker-cron-entrypoint                    |   2 +-
 .../docker-cron-entrypoint-dev                |   2 +-
 .../docker-php-entrypoint                     |   8 -
 .../docker-php-entrypoint-dev                 |   0
 docker/php/fpm.d/www.conf                     |  14 +
 docker/{php-fpm-alpine => php}/wait-for-it.sh |   0
 docker/solr/Dockerfile                        |  17 --
 docker/varnish/Dockerfile                     |   5 -
 20 files changed, 349 insertions(+), 316 deletions(-)
 delete mode 100644 docker/mysql/Dockerfile
 delete mode 100644 docker/nginx/Dockerfile
 delete mode 100755 docker/php-fpm-alpine/Dockerfile
 delete mode 100644 docker/php-fpm-alpine/php.prod.ini
 rename docker/{php-fpm-alpine/php.ini => php/conf.d/php.dev.ini} (63%)
 create mode 100644 docker/php/conf.d/php.prod.ini
 rename docker/{php-fpm-alpine => php}/crontab.txt (100%)
 rename docker/{php-fpm-alpine => php}/docker-cron-entrypoint (98%)
 rename docker/{php-fpm-alpine => php}/docker-cron-entrypoint-dev (97%)
 rename docker/{php-fpm-alpine => php}/docker-php-entrypoint (83%)
 rename docker/{php-fpm-alpine => php}/docker-php-entrypoint-dev (100%)
 create mode 100644 docker/php/fpm.d/www.conf
 rename docker/{php-fpm-alpine => php}/wait-for-it.sh (100%)
 delete mode 100644 docker/solr/Dockerfile
 delete mode 100644 docker/varnish/Dockerfile

diff --git a/.dockerignore b/.dockerignore
index f652fba..6c9411e 100644
--- a/.dockerignore
+++ b/.dockerignore
@@ -1,5 +1,3 @@
-# Ignore Roadiz tools and cache for
-# creating a docker image
 .dockerignore
 .DS_Store
 .git
@@ -14,54 +12,37 @@ tests
 README.md
 Dockerfile
 Dockerfile.archive
-compose.yml
-compose.env
-compose.standalone.yml
-compose.override.yml
-compose.override.yml.dist
+compose.*
+sonar-project.properties
 
 */temp*
 */*/temp*
-docker
-.vagrant
-var/sessions/*
-var/log/*
-var/cache/*
-var/secret/*
+var
 /config/secrets/prod/prod.decrypt.private.php
 /config/secrets/prod/prod.encrypt.private.php
-var/*.zip
-var/*.sql
-var/*.tar.gz
 *.zip
 *.sql
 *.log
+*.tar
 *.tar.gz
-themes/*/build
-themes/*/node_modules
-themes/*/app
 */*/*/node_modules
 files/*
 public/files/*
 */*/*/src-img
 */*/src-img
 */*.log
-Vagrantfile
-pimple.json
+.phpcs-cache
 supervisord.pid
 project_env.sh
-.phpcs-cache
+.php-cs-fixer.cache
+vendor
+Makefile
+.editorconfig
+.gitignore
+phpcs.*
+phpstan.*
+restic.*
 
 !.env
-!vendor
-!docker/solr/managed-schema.xml
-!docker/php-fpm-alpine/crontab.txt
-!docker/php-fpm-alpine/docker-php-entrypoint
-!docker/php-fpm-alpine/docker-php-entrypoint-dev
-!docker/php-fpm-alpine/docker-cron-entrypoint
-!docker/php-fpm-alpine/docker-cron-entrypoint-dev
-!docker/php-fpm-alpine/php.ini
-!docker/php-fpm-alpine/php.prod.ini
-!docker/php-fpm-alpine/wait-for-it.sh
 !public/themes/*
 
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 05d5e2b..7567916 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -1,11 +1,6 @@
-# Gitlab CI
-# Replace “roadiz_skeleton” with your project slug
-image: roadiz/php83-runner
-
 stages:
     - test
     - build
-    - deploy
     - release
 
 # AutoDevOps templates for security
@@ -20,6 +15,7 @@ variables:
     SENTRY_URL: ""
 
 roadiz_skeleton_test:
+    image: roadiz/php83-runner
     stage: test
     interruptible: true
     only:
@@ -50,33 +46,8 @@ roadiz_skeleton_test:
         - php -d memory_limit=-1 vendor/bin/phpstan analyse -c phpstan.neon
         - php -d memory_limit=-1 vendor/bin/phpunit --colors=never
 
-roadiz_skeleton_build:
+roadiz_skeleton_build_develop:
     stage: build
-    interruptible: true
-    only:
-        - develop
-        - tags
-    cache:
-        key: ${CI_COMMIT_REF_SLUG}
-        paths:
-            - vendor/
-    variables:
-        # temporary vars for composer scripts only
-        APP_ENV: prod
-        JWT_PASSPHRASE: changeme
-        APP_SECRET: changeme
-    artifacts:
-        expire_in: 1 hour
-        paths:
-            - vendor/
-            # Keep themes assets to include them in docker image
-            - public/themes/
-            - public/bundles/
-    script:
-        - composer install --no-dev --optimize-autoloader
-
-roadiz_skeleton_dev_docker:
-    stage: deploy
     image: docker:git
     # Create a docker image only when a new tag is pushed
     only:
@@ -87,23 +58,21 @@ roadiz_skeleton_dev_docker:
         DOCKER_DRIVER: overlay2
         DOCKER_TLS_CERTDIR: "/certs"
     when: on_success
-    needs: ["roadiz_skeleton_build"]
-    dependencies: ["roadiz_skeleton_build"]
     script:
         # Connect to your Gitlab Registry
         - "echo \"Registry image: ${CI_REGISTRY_IMAGE} for develop\""
         - "docker login -u gitlab-ci-token -p ${CI_JOB_TOKEN} ${CI_REGISTRY}"
         # App image build
-        - "docker build -t ${CI_REGISTRY_IMAGE}:develop ."
+        - "docker build --target=php-prod -t ${CI_REGISTRY_IMAGE}:develop ."
         - "docker push ${CI_REGISTRY_IMAGE}:develop"
         ## Solr image build
-        #- "docker build -t ${CI_REGISTRY_IMAGE}/solr:develop ./docker/solr"
+        #- "docker build --target=solr -t ${CI_REGISTRY_IMAGE}/solr:develop ."
         #- "docker push ${CI_REGISTRY_IMAGE}/solr:develop"
         # Nginx image build
-        - "docker build -t ${CI_REGISTRY_IMAGE}/nginx:develop -f docker/nginx/Dockerfile ."
+        - "docker build --target=nginx-prod -t ${CI_REGISTRY_IMAGE}/nginx:develop ."
         - "docker push ${CI_REGISTRY_IMAGE}/nginx:develop"
         # Varnish image build
-        - "docker build -t ${CI_REGISTRY_IMAGE}/varnish:develop ./docker/varnish"
+        - "docker build --target=varnish -t ${CI_REGISTRY_IMAGE}/varnish:develop ."
         - "docker push ${CI_REGISTRY_IMAGE}/varnish:develop"
 
 #
@@ -111,8 +80,8 @@ roadiz_skeleton_dev_docker:
 # included. You must configure your Gitlab Runner to
 # support Docker-in-docker commands.
 #
-roadiz_skeleton_docker:
-    stage: deploy
+roadiz_skeleton_build_tag:
+    stage: build
     image: docker:git
     # Create a docker image only when a new tag is pushed
     only:
@@ -123,29 +92,27 @@ roadiz_skeleton_docker:
         DOCKER_DRIVER: overlay2
         DOCKER_TLS_CERTDIR: "/certs"
     when: on_success
-    needs: ["roadiz_skeleton_build"]
-    dependencies: ["roadiz_skeleton_build"]
-    before_script:
-        # Need curl for pushing release to Sentry
-        #- apk add curl
+#    before_script:
+#        # Need curl for pushing release to Sentry
+#        - apk add curl
     script:
         # Connect to your Gitlab Registry
         - "echo \"Registry image: ${CI_REGISTRY_IMAGE} for tag ${CI_COMMIT_TAG}\""
         - "docker login -u gitlab-ci-token -p ${CI_JOB_TOKEN} ${CI_REGISTRY}"
         # App image build
-        - "docker build -t ${CI_REGISTRY_IMAGE}:latest -t ${CI_REGISTRY_IMAGE}:${CI_COMMIT_TAG} ."
+        - "docker build --target=php-prod -t ${CI_REGISTRY_IMAGE}:latest -t ${CI_REGISTRY_IMAGE}:${CI_COMMIT_TAG} ."
         - "docker push ${CI_REGISTRY_IMAGE}:latest"
         - "docker push ${CI_REGISTRY_IMAGE}:${CI_COMMIT_TAG}"
         ## Solr image build
-        #- "docker build -t ${CI_REGISTRY_IMAGE}/solr:latest -t ${CI_REGISTRY_IMAGE}/solr:${CI_COMMIT_TAG} ./docker/solr"
+        #- "docker build --target=solr -t ${CI_REGISTRY_IMAGE}/solr:latest -t ${CI_REGISTRY_IMAGE}/solr:${CI_COMMIT_TAG} ."
         #- "docker push ${CI_REGISTRY_IMAGE}/solr:latest"
         #- "docker push ${CI_REGISTRY_IMAGE}/solr:${CI_COMMIT_TAG}"
         # Nginx image build
-        - "docker build -t ${CI_REGISTRY_IMAGE}/nginx:latest -t ${CI_REGISTRY_IMAGE}/nginx:${CI_COMMIT_TAG} -f docker/nginx/Dockerfile ."
+        - "docker build --target=nginx-prod -t ${CI_REGISTRY_IMAGE}/nginx:latest -t ${CI_REGISTRY_IMAGE}/nginx:${CI_COMMIT_TAG} ."
         - "docker push ${CI_REGISTRY_IMAGE}/nginx:latest"
         - "docker push ${CI_REGISTRY_IMAGE}/nginx:${CI_COMMIT_TAG}"
         # Varnish image build
-        - "docker build -t ${CI_REGISTRY_IMAGE}/varnish:latest -t ${CI_REGISTRY_IMAGE}/varnish:${CI_COMMIT_TAG} ./docker/varnish"
+        - "docker build --target=varnish -t ${CI_REGISTRY_IMAGE}/varnish:latest -t ${CI_REGISTRY_IMAGE}/varnish:${CI_COMMIT_TAG} ."
         - "docker push ${CI_REGISTRY_IMAGE}/varnish:latest"
         - "docker push ${CI_REGISTRY_IMAGE}/varnish:${CI_COMMIT_TAG}"
         # Create Release on your app on Sentry
@@ -158,7 +125,7 @@ create_gitlab_release:
         - if: $CI_COMMIT_TAG
     script:
         - echo "Running the release job."
-    needs: [ "roadiz_skeleton_docker" ]
+    needs: [ "roadiz_skeleton_build_tag" ]
     when: on_success
     release:
         tag_name: $CI_COMMIT_TAG
diff --git a/Dockerfile b/Dockerfile
index 89d7d8d..6aa1bca 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,69 +1,234 @@
-FROM roadiz/php83-fpm-alpine:latest
+ARG PHP_VERSION=8.3.13
+ARG USER_UID=1000
+
+#######
+# PHP #
+#######
+
+FROM php:${PHP_VERSION}-fpm-bookworm AS php
+
 LABEL org.opencontainers.image.authors="ambroise@rezo-zero.com"
 
-ARG USER_UID=1000
-ENV APP_ENV=prod
-ENV APP_RUNTIME_ENV=prod
-ENV APP_DEBUG=0
+ARG USER_UID
+
+ARG COMPOSER_VERSION=2.8.1
+ARG PHP_EXTENSION_INSTALLER_VERSION=2.6.0
+ARG PHP_EXTENSION_REDIS_VERSION=6.1.0
+
+SHELL ["/bin/bash", "-e", "-o", "pipefail", "-c"]
+
 ENV APP_FFMPEG_PATH=/usr/bin/ffmpeg
 ENV MYSQL_HOST=db
 ENV MYSQL_PORT=3306
 
 HEALTHCHECK --start-period=30s --interval=1m --timeout=6s CMD bin/console monitor:health -q
 
-# Added ffmpeg to extract video files thumbnails
-RUN apk add --no-cache ffmpeg
+COPY --link docker/php/crontab.txt /crontab.txt
+COPY --link docker/php/wait-for-it.sh /wait-for-it.sh
+COPY --link docker/php/fpm.d/www.conf   ${PHP_INI_DIR}-fpm.d/zz-www.conf
+
+RUN <<EOF
+apt-get --quiet update
+apt-get --quiet --yes --purge --autoremove upgrade
+# Packages - System
+apt-get --quiet --yes --no-install-recommends --verbose-versions install \
+    less \
+    sudo \
+    cron \
+    ffmpeg
+rm -rf /var/lib/apt/lists/*
+
+usermod -u ${USER_UID} www-data
+groupmod -g ${USER_UID} www-data
+echo "www-data ALL=(ALL) NOPASSWD:ALL" > /etc/sudoers.d/www-data
+
+/usr/bin/crontab -u www-data /crontab.txt
+chmod +x /wait-for-it.sh
+chown -R www-data:www-data /var/www/html
+
+# Php extensions
+curl -sSLf  https://github.com/mlocati/docker-php-extension-installer/releases/latest/download/install-php-extensions \
+    --output /usr/local/bin/install-php-extensions
+chmod +x /usr/local/bin/install-php-extensions
+install-php-extensions \
+    @composer-${COMPOSER_VERSION} \
+    amqp \
+    bcmath \
+    exif \
+    fileinfo \
+    gd \
+    gmp \
+    iconv \
+    intl \
+    json \
+    mbstring \
+    opcache \
+    openssl \
+    pcntl \
+    pdo_mysql \
+    simplexml \
+    soap \
+    xsl \
+    zip \
+    redis-${PHP_EXTENSION_REDIS_VERSION}
+EOF
+
+WORKDIR /var/www/html
+
+###################
+# PHP Development #
+###################
 
-RUN usermod -u ${USER_UID} www-data \
-    && groupmod -g ${USER_UID} www-data
+FROM php AS php-dev
+
+ENV APP_ENV=dev
+ENV APP_RUNTIME_ENV=dev
+ENV APP_DEBUG=1
+
+# Configs
+RUN ln -sf ${PHP_INI_DIR}/php.ini-development ${PHP_INI_DIR}/php.ini
+COPY --link docker/php/conf.d/php.dev.ini ${PHP_INI_DIR}/conf.d/zz-app.ini
+COPY --link --chmod=755 docker/php/docker-php-entrypoint-dev /usr/local/bin/docker-php-entrypoint
+COPY --link --chmod=755 docker/php/docker-cron-entrypoint-dev /usr/local/bin/docker-cron-entrypoint
+
+RUN <<EOF
+apt-get --quiet update
+apt-get --quiet --yes --purge --autoremove upgrade
+# Packages - System
+apt-get --quiet --yes --no-install-recommends --verbose-versions install \
+    make \
+    git
+rm -rf /var/lib/apt/lists/*
+EOF
+
+VOLUME /var/www/html
+
+USER www-data
+
+
+##################
+# PHP Production #
+##################
+
+FROM php AS php-prod
+
+ENV APP_ENV=prod
+ENV APP_RUNTIME_ENV=prod
+ENV APP_DEBUG=0
 
-#
-# Use development PHP configuration if you need to
-# edit your node-types in production / preproduction
-#
-#COPY docker/php-fpm-alpine/php.ini /usr/local/etc/php/php.ini
-#
 # Use production PHP configuration for maximum performances
 # but you won't be able to edit node-type without restarting docker app
-#
-COPY docker/php-fpm-alpine/php.prod.ini /usr/local/etc/php/php.ini
-COPY docker/php-fpm-alpine/crontab.txt /crontab.txt
-COPY docker/php-fpm-alpine/wait-for-it.sh /wait-for-it.sh
-COPY docker/php-fpm-alpine/docker-php-entrypoint /usr/local/bin/docker-php-entrypoint
-COPY docker/php-fpm-alpine/docker-cron-entrypoint /usr/local/bin/docker-cron-entrypoint
-COPY --chown=www-data:www-data . /var/www/html/
-
-RUN ln -s /var/www/html/bin/console /usr/local/bin/console \
-    && /usr/bin/crontab -u www-data /crontab.txt \
-    && chmod +x /wait-for-it.sh \
-    && chmod +x /usr/local/bin/docker-php-entrypoint \
-    && chmod +x /usr/local/bin/docker-cron-entrypoint \
-    && chmod 0755 /var/www/html/bin/console \
-    && chmod 0750 /var/www/html \
-    && chmod 0750 \
-        /var/www/html/bin \
-        /var/www/html/config \
-        /var/www/html/docker \
-        /var/www/html/migrations \
-        /var/www/html/public \
-        /var/www/html/src \
-        /var/www/html/templates \
-        /var/www/html/translations \
-        /var/www/html/var \
-        /var/www/html/vendor \
-    && chown www-data:www-data /var/www/html
+## Configs
+RUN ln -sf ${PHP_INI_DIR}/php.ini-production ${PHP_INI_DIR}/php.ini
+COPY --link docker/php/conf.d/php.prod.ini ${PHP_INI_DIR}/conf.d/zz-app.ini
+COPY --link --chmod=755 docker/php/docker-php-entrypoint /usr/local/bin/docker-php-entrypoint
+COPY --link --chmod=755 docker/php/docker-cron-entrypoint /usr/local/bin/docker-cron-entrypoint
 
 USER www-data
 
+# Composer
+COPY --link --chown=www-data:www-data composer.* symfony.* .
+RUN composer install --no-cache --prefer-dist --no-dev --no-autoloader --no-scripts --no-progress
+
+COPY --link --chown=www-data:www-data . .
+
+RUN <<EOF
+composer dump-autoload --classmap-authoritative --no-dev
+bin/console cache:warmup --no-optional-warmers
+bin/console assets:install
+bin/console themes:assets:install Rozier
+chmod 0755 /var/www/html/bin/console
+chmod 0750 /var/www/html
+chmod 0750 \
+    /var/www/html/bin \
+    /var/www/html/config \
+    /var/www/html/docker \
+    /var/www/html/migrations \
+    /var/www/html/public \
+    /var/www/html/src \
+    /var/www/html/templates \
+    /var/www/html/translations \
+    /var/www/html/var \
+    /var/www/html/vendor
+chown www-data:www-data /var/www/html
+EOF
+
 VOLUME /var/www/html/config/jwt \
        /var/www/html/config/secrets \
-       ##
-       ## Do not add volume for src/GeneratedEntity, they are versioned since Roadiz v2
-       ## Uncomment these if you DO want to persist and edit node-types on production env
-       ##
-       #/var/www/html/config/api_resources \
-       #/var/www/html/src/Resources \
-       #/var/www/html/src/GeneratedEntity \
        /var/www/html/public/files \
        /var/www/html/public/assets \
        /var/www/html/var/files
+
+
+#########
+# Nginx #
+#########
+
+FROM roadiz/nginx-alpine AS nginx-prod
+
+LABEL org.opencontainers.image.authors="ambroise@rezo-zero.com"
+
+COPY --link --from=php-prod --chown=www-data:www-data /var/www/html/public /var/www/html/public
+
+
+#########
+# MySQL #
+#########
+
+FROM mysql:8.0.40 AS mysql
+
+LABEL org.opencontainers.image.authors="ambroise@rezo-zero.com"
+
+ARG USER_UID
+
+SHELL ["/bin/bash", "-e", "-o", "pipefail", "-c"]
+
+RUN <<EOF
+usermod -u ${USER_UID} mysql
+groupmod -g ${USER_UID} mysql
+echo "USER_UID: ${USER_UID}\n"
+EOF
+
+COPY --link docker/mysql/performances.cnf /etc/mysql/conf.d/performances.cnf
+
+########
+# Solr #
+########
+
+FROM solr:9-slim AS solr
+
+LABEL org.opencontainers.image.authors="ambroise@rezo-zero.com"
+
+ARG USER_UID
+
+SHELL ["/bin/bash", "-e", "-o", "pipefail", "-c"]
+
+USER root
+
+RUN <<EOF
+set -ex
+echo "USER_UID: ${USER_UID}\n"
+usermod -u ${USER_UID} "$SOLR_USER"
+groupmod -g ${USER_UID} "$SOLR_GROUP"
+chown -R ${USER_UID}:${USER_UID} /var/solr
+EOF
+
+COPY --link docker/solr/managed-schema.xml /opt/solr/server/solr/configsets/_default/conf/managed-schema
+
+USER $SOLR_USER
+
+# Redeclare VOLUME to change permissions
+VOLUME /var/solr
+
+
+###########
+# Varnish #
+###########
+
+FROM varnish:7.1-alpine AS varnish
+
+LABEL org.opencontainers.image.authors="ambroise@rezo-zero.com"
+
+ENV VARNISH_SIZE 1G
+
+COPY --link docker/varnish/default.vcl /etc/varnish/
diff --git a/compose.override.yml.dist b/compose.override.yml.dist
index 8e5f60f..7025620 100644
--- a/compose.override.yml.dist
+++ b/compose.override.yml.dist
@@ -12,16 +12,13 @@ services:
     varnish:
         ports:
             - ${PUBLIC_VARNISH_PORT}:80/tcp
-    redis:
-        ports:
-            - ${PUBLIC_REDIS_PORT}:6379/tcp
     pma:
         ports:
             - ${PUBLIC_PMA_PORT}:80/tcp
     #app:
     #    # If your project requires private package you can share your ssh keys with the container
     #    volumes:
-    #        - ./:/var/www/html:cached
+    #        - ./:/var/www/html
     #        - /home/my-user/.ssh/id_ed25519:/home/www-data/.ssh/id_ed25519:ro
 
     #solr:
diff --git a/compose.yml b/compose.yml
index 32b4fdd..1193e63 100644
--- a/compose.yml
+++ b/compose.yml
@@ -3,8 +3,8 @@ services:
     db:
         hostname: db
         build:
-            # Custom image for file permissions
-            context: ./docker/mysql
+            # Custom image for file permissions and performances
+            target: mysql
             args:
                 USER_UID: ${USER_UID}
         cap_add:
@@ -12,8 +12,7 @@ services:
         networks:
             - default
         volumes:
-            - "./.data/db:/var/lib/mysql:delegated"
-            - "./docker/mysql/performances.cnf:/etc/mysql/conf.d/performances.cnf"
+            - "./.data/db:/var/lib/mysql"
         environment:
             MYSQL_ROOT_PASSWORD: ${MYSQL_ROOT_PASSWORD:-root}
             MYSQL_DATABASE: ${MYSQL_DATABASE:-roadiz}
@@ -53,15 +52,15 @@ services:
         # Need to pass all vars to docker env for Crontab and supervisor scripts
         #env_file: "./.env.local"
         build:
-            context: ./docker/php-fpm-alpine
+            target: php-dev
             args:
                 USER_UID: ${USER_UID}
         depends_on:
             - db
-            #- solr
+            - solr
             - redis
         volumes:
-            - ./:/var/www/html:cached
+            - ./:/var/www/html
         networks:
             default:
         environment:
@@ -74,7 +73,7 @@ services:
         depends_on:
             - app
         volumes:
-            - ./:/var/www/html:cached
+            - ./:/var/www/html
         networks:
             default:
 #            frontproxynet:
@@ -109,49 +108,53 @@ services:
             # Do not use more than 1 replica if you're using Varnish and need to purge/ban cache
             # from your workers. Varnish ACL hostnames won't be resolved correctly.
             replicas: 1
+        # official php-fpm image uses SIGQUIT
+        stop_signal: SIGTERM
         entrypoint: [ "php", "/var/www/html/bin/console", "messenger:consume", "async", "--time-limit=600" ]
         restart: unless-stopped
 
     cron:
         <<: *app_template
         hostname: cron
+        # official php-fpm image uses SIGQUIT
+        stop_signal: SIGTERM
         entrypoint: 'docker-cron-entrypoint'
         restart: unless-stopped
         user: root
 
-#    solr:
-#        build:
-#            # Custom image for file permissions
-#            context: ./docker/solr
-#            args:
-#                USER_UID: ${USER_UID}
-#        volumes:
-#            - "solr_data:/var/solr:delegated"
-#        environment:
-#            SOLR_UID: ${USER_UID}
-#            SOLR_GID: ${USER_UID}
-#        command:
-#            - solr-precreate
-#            - ${SOLR_CORE_NAME}
-#        networks:
-#            frontproxynet:
-#                aliases:
-#                    - ${APP_NAMESPACE}_solr
-#            default:
-#        labels:
-#            - "traefik.enable=true"
-#            - "traefik.http.services.${APP_NAMESPACE}_solr.loadbalancer.server.scheme=http"
-#            - "traefik.http.services.${APP_NAMESPACE}_solr.loadbalancer.server.port=8983"
-#            - "traefik.http.services.${APP_NAMESPACE}_solr.loadbalancer.passhostheader=true"
-#            # Listen HTTP
-#            - "traefik.http.routers.${APP_NAMESPACE}_solr.entrypoints=http"
-#            - "traefik.http.routers.${APP_NAMESPACE}_solr.rule=Host(${HOSTNAME_SOLR})"
-#            - "traefik.http.routers.${APP_NAMESPACE}_solr.service=${APP_NAMESPACE}_solr"
-#            # Listen HTTPS
-#            - "traefik.http.routers.${APP_NAMESPACE}_solr_secure.entrypoints=https"
-#            - "traefik.http.routers.${APP_NAMESPACE}_solr_secure.tls=true"
-#            - "traefik.http.routers.${APP_NAMESPACE}_solr_secure.rule=Host(${HOSTNAME_SOLR})"
-#            - "traefik.http.routers.${APP_NAMESPACE}_solr_secure.service=${APP_NAMESPACE}_solr"
+    solr:
+        build:
+            # Custom image for file permissions
+            target: solr
+            args:
+                USER_UID: ${USER_UID}
+        volumes:
+            - "solr:/var/solr"
+        environment:
+            SOLR_UID: ${USER_UID}
+            SOLR_GID: ${USER_UID}
+        command:
+            - solr-precreate
+            - ${SOLR_CORE_NAME}
+        networks:
+            frontproxynet:
+                aliases:
+                    - ${APP_NAMESPACE}_solr
+            default:
+        labels:
+            - "traefik.enable=true"
+            - "traefik.http.services.${APP_NAMESPACE}_solr.loadbalancer.server.scheme=http"
+            - "traefik.http.services.${APP_NAMESPACE}_solr.loadbalancer.server.port=8983"
+            - "traefik.http.services.${APP_NAMESPACE}_solr.loadbalancer.passhostheader=true"
+            # Listen HTTP
+            - "traefik.http.routers.${APP_NAMESPACE}_solr.entrypoints=http"
+            - "traefik.http.routers.${APP_NAMESPACE}_solr.rule=Host(${HOSTNAME_SOLR})"
+            - "traefik.http.routers.${APP_NAMESPACE}_solr.service=${APP_NAMESPACE}_solr"
+            # Listen HTTPS
+            - "traefik.http.routers.${APP_NAMESPACE}_solr_secure.entrypoints=https"
+            - "traefik.http.routers.${APP_NAMESPACE}_solr_secure.tls=true"
+            - "traefik.http.routers.${APP_NAMESPACE}_solr_secure.rule=Host(${HOSTNAME_SOLR})"
+            - "traefik.http.routers.${APP_NAMESPACE}_solr_secure.service=${APP_NAMESPACE}_solr"
 
     mailer:
         hostname: mailer
@@ -178,12 +181,21 @@ services:
     redis:
         hostname: redis
         image: redis:7-alpine
+        volumes:
+            - redis:/data
         networks:
             - default
 
+    redis-commander:
+        image: ghcr.io/joeferner/redis-commander:0.9.0
+        environment:
+            REDIS_HOST: redis
+        depends_on:
+            - redis
+
     varnish:
         build:
-            context: ./docker/varnish
+            target: varnish
         tmpfs: /var/lib/varnish/varnishd:exec
         depends_on:
             - nginx
@@ -231,4 +243,5 @@ networks:
                 -   subnet: ${DEFAULT_GATEWAY}/24
 
 volumes:
-    solr_data:
+    redis:
+    solr:
diff --git a/docker/mysql/Dockerfile b/docker/mysql/Dockerfile
deleted file mode 100644
index a6ec474..0000000
--- a/docker/mysql/Dockerfile
+++ /dev/null
@@ -1,9 +0,0 @@
-FROM mysql:8.0.40
-LABEL org.opencontainers.image.authors="ambroise@rezo-zero.com"
-
-ARG USER_UID=1000
-
-RUN usermod -u ${USER_UID} mysql \
-    && groupmod -g ${USER_UID} mysql \
-    && echo "USER_UID: ${USER_UID}\n"
-
diff --git a/docker/nginx/Dockerfile b/docker/nginx/Dockerfile
deleted file mode 100644
index f681ef7..0000000
--- a/docker/nginx/Dockerfile
+++ /dev/null
@@ -1,4 +0,0 @@
-FROM roadiz/nginx-alpine
-LABEL org.opencontainers.image.authors="ambroise@rezo-zero.com"
-
-COPY ./public /var/www/html/public
diff --git a/docker/php-fpm-alpine/Dockerfile b/docker/php-fpm-alpine/Dockerfile
deleted file mode 100755
index 791eb2c..0000000
--- a/docker/php-fpm-alpine/Dockerfile
+++ /dev/null
@@ -1,40 +0,0 @@
-FROM roadiz/php83-fpm-alpine:latest
-LABEL org.opencontainers.image.authors="ambroise@rezo-zero.com"
-
-ARG USER_UID=1000
-ENV COMPOSER_ALLOW_SUPERUSER=1
-ENV APP_ENV=dev
-ENV APP_RUNTIME_ENV=dev
-ENV APP_DEBUG=1
-ENV APP_FFMPEG_PATH=/usr/bin/ffmpeg
-
-HEALTHCHECK --start-period=30s --interval=1m --timeout=6s CMD bin/console monitor:health -q
-
-RUN apk add --no-cache shadow make git ffmpeg \
-    && usermod -u ${USER_UID} www-data \
-    && groupmod -g ${USER_UID} www-data \
-    && composer --version \
-    && ln -s /usr/share/zoneinfo/Europe/Paris /etc/localtime \
-    && "date" \
-    && echo "USER_UID: ${USER_UID}\n" \
-    && version=$(php -r "echo PHP_MAJOR_VERSION.PHP_MINOR_VERSION;")
-
-# Display errors
-ADD php.ini /usr/local/etc/php/php.ini
-ADD crontab.txt /crontab.txt
-ADD wait-for-it.sh /wait-for-it.sh
-ADD docker-php-entrypoint-dev /usr/local/bin/docker-php-entrypoint
-ADD docker-cron-entrypoint-dev /usr/local/bin/docker-cron-entrypoint
-
-VOLUME /var/www/html
-WORKDIR /var/www/html
-
-RUN chown -R www-data:www-data /var/www/html/
-
-RUN ln -s /var/www/html/bin/console /usr/local/bin/console \
-    && /usr/bin/crontab -u www-data /crontab.txt \
-    && chmod +x /wait-for-it.sh \
-    && chmod +x /usr/local/bin/docker-php-entrypoint \
-    && chmod +x /usr/local/bin/docker-cron-entrypoint
-
-USER www-data
diff --git a/docker/php-fpm-alpine/php.prod.ini b/docker/php-fpm-alpine/php.prod.ini
deleted file mode 100644
index bbe4a96..0000000
--- a/docker/php-fpm-alpine/php.prod.ini
+++ /dev/null
@@ -1,38 +0,0 @@
-error_reporting = E_ALL & ~E_WARNING & ~E_NOTICE & ~E_STRICT & ~E_DEPRECATED
-apc.enable_cli = 1
-date.timezone = Europe/Paris
-session.auto_start = Off
-; Session ID cannot be passed through URLs
-session.use_only_cookies = On
-; Uses a secure connection (HTTPS) if possible
-; session.cookie_secure = On
-; Do not accept uninitialized session ID
-session.use_strict_mode = On
-; Do not make session cookie available to JS
-session.cookie_httponly = On
-short_open_tag = Off
-
-; http://symfony.com/doc/current/performance.html
-; Configure OPcache for Maximum Performance
-opcache.enable=1
-opcache.memory_consumption=256
-opcache.max_accelerated_files = 20000
-opcache.interned_strings_buffer = 16
-opcache.enable_file_override = 1
-; Don't Check PHP Files Timestamps
-opcache.validate_timestamps=0
-; Configure the PHP realpath Cache
-realpath_cache_size = 4096K
-realpath_cache_ttl = 600
-memory_limit = 512M
-post_max_size = 256M
-upload_max_filesize = 128M
-expose_php = Off
-display_errors = Off
-zend.detect_unicode = 0
-opcache.preload_user=www-data
-opcache.preload=/var/www/html/config/preload.php
-
-;; Sessions
-;session.save_handler = redis
-;session.save_path = "tcp://redis:6379"
diff --git a/docker/php-fpm-alpine/php.ini b/docker/php/conf.d/php.dev.ini
similarity index 63%
rename from docker/php-fpm-alpine/php.ini
rename to docker/php/conf.d/php.dev.ini
index f5831b3..900924d 100644
--- a/docker/php-fpm-alpine/php.ini
+++ b/docker/php/conf.d/php.dev.ini
@@ -1,7 +1,3 @@
-error_reporting = E_ALL & ~E_DEPRECATED
-html_errors = On
-
-apc.enable_cli = 0
 date.timezone = Europe/Paris
 session.auto_start = Off
 ; Session ID cannot be passed through URLs
@@ -16,22 +12,17 @@ short_open_tag = Off
 
 ; http://symfony.com/doc/current/performance.html
 ; Configure OPcache for Maximum Performance
-opcache.enable=1
-opcache.memory_consumption=256
+opcache.revalidate_freq = 0
+opcache.memory_consumption = 256
 opcache.max_accelerated_files = 20000
-; Don't Check PHP Files Timestamps
-opcache.revalidate_freq=0
-opcache.validate_timestamps=1
-opcache.fast_shutdown=1
+opcache.interned_strings_buffer = 16
+
 ; Configure the PHP realpath Cache
 realpath_cache_size = 4096K
 realpath_cache_ttl = 600
+
 memory_limit = 512M
-post_max_size = 256M
-upload_max_filesize = 128M
+post_max_size = 128M
+upload_max_filesize = 64M
 expose_php = On
 display_errors = On
-
-;; Sessions
-;session.save_handler = redis
-;session.save_path = "tcp://redis:6379"
diff --git a/docker/php/conf.d/php.prod.ini b/docker/php/conf.d/php.prod.ini
new file mode 100644
index 0000000..5c1d718
--- /dev/null
+++ b/docker/php/conf.d/php.prod.ini
@@ -0,0 +1,26 @@
+date.timezone = Europe/Paris
+; Do not accept uninitialized session ID
+session.use_strict_mode = On
+; Do not make session cookie available to JS
+session.cookie_httponly = On
+short_open_tag = Off
+
+; http://symfony.com/doc/current/performance.html
+; Configure OPcache for Maximum Performance
+opcache.memory_consumption = 256
+opcache.max_accelerated_files = 20000
+opcache.interned_strings_buffer = 16
+; Don't Check PHP Files Timestamps
+opcache.validate_timestamps = 0
+; Class preloading
+opcache.preload_user = www-data
+opcache.preload = /var/www/html/config/preload.php
+
+; Configure the PHP realpath Cache
+realpath_cache_size = 4096K
+realpath_cache_ttl = 600
+
+memory_limit = 512M
+post_max_size = 128M
+upload_max_filesize = 64M
+expose_php = Off
diff --git a/docker/php-fpm-alpine/crontab.txt b/docker/php/crontab.txt
similarity index 100%
rename from docker/php-fpm-alpine/crontab.txt
rename to docker/php/crontab.txt
diff --git a/docker/php-fpm-alpine/docker-cron-entrypoint b/docker/php/docker-cron-entrypoint
similarity index 98%
rename from docker/php-fpm-alpine/docker-cron-entrypoint
rename to docker/php/docker-cron-entrypoint
index 159313b..dc170dc 100755
--- a/docker/php-fpm-alpine/docker-cron-entrypoint
+++ b/docker/php/docker-cron-entrypoint
@@ -29,4 +29,4 @@ echo "APP_DEBUG=${APP_DEBUG}";
 
 # Let cron take the wheel
 echo "Starting cron in foreground."
-/usr/sbin/crond -f -l 8
+/usr/sbin/cron -f -l 7
diff --git a/docker/php-fpm-alpine/docker-cron-entrypoint-dev b/docker/php/docker-cron-entrypoint-dev
similarity index 97%
rename from docker/php-fpm-alpine/docker-cron-entrypoint-dev
rename to docker/php/docker-cron-entrypoint-dev
index af2d56e..6a70572 100755
--- a/docker/php-fpm-alpine/docker-cron-entrypoint-dev
+++ b/docker/php/docker-cron-entrypoint-dev
@@ -25,4 +25,4 @@ echo "APP_DEBUG=${APP_DEBUG}";
 
 # Let cron take the wheel
 echo "Starting cron in foreground."
-/usr/sbin/crond -f -l 8
+/usr/sbin/cron -f -l 7
diff --git a/docker/php-fpm-alpine/docker-php-entrypoint b/docker/php/docker-php-entrypoint
similarity index 83%
rename from docker/php-fpm-alpine/docker-php-entrypoint
rename to docker/php/docker-php-entrypoint
index bf55065..1454fe1 100755
--- a/docker/php-fpm-alpine/docker-php-entrypoint
+++ b/docker/php/docker-php-entrypoint
@@ -25,14 +25,6 @@ echo "APP_DEBUG=${APP_DEBUG}";
 #
 /wait-for-it.sh -t 0 -s ${MYSQL_HOST}:${MYSQL_PORT}
 
-##
-## Uncomment following lines to generate node-types found in database
-## This disallow automatic node-type update from Docker image, and local database
-## has priority over committed changes
-##
-#/var/www/html/bin/console generate:nsentities
-#/var/www/html/bin/console generate:api-resources
-
 ##
 ## Uncomment following lines to enable automatic migration for your theme at each docker start
 ##
diff --git a/docker/php-fpm-alpine/docker-php-entrypoint-dev b/docker/php/docker-php-entrypoint-dev
similarity index 100%
rename from docker/php-fpm-alpine/docker-php-entrypoint-dev
rename to docker/php/docker-php-entrypoint-dev
diff --git a/docker/php/fpm.d/www.conf b/docker/php/fpm.d/www.conf
new file mode 100644
index 0000000..c87f137
--- /dev/null
+++ b/docker/php/fpm.d/www.conf
@@ -0,0 +1,14 @@
+[www]
+; 'user' and 'group' directives are ignored when FPM is not running as root
+user =
+group =
+
+; https://spot13.com/pmcalculator/
+pm.max_children = 25
+pm.start_servers = 6
+pm.min_spare_servers = 6
+pm.max_spare_servers = 18
+pm.max_requests = 1000
+
+pm.status_path = /status
+pm.status_listen = 127.0.0.1:9001
diff --git a/docker/php-fpm-alpine/wait-for-it.sh b/docker/php/wait-for-it.sh
similarity index 100%
rename from docker/php-fpm-alpine/wait-for-it.sh
rename to docker/php/wait-for-it.sh
diff --git a/docker/solr/Dockerfile b/docker/solr/Dockerfile
deleted file mode 100644
index f8f0a26..0000000
--- a/docker/solr/Dockerfile
+++ /dev/null
@@ -1,17 +0,0 @@
-FROM solr:9-slim
-LABEL org.opencontainers.image.authors="ambroise@rezo-zero.com"
-
-ARG USER_UID=8983
-
-USER root
-RUN set -ex; \
-    echo "USER_UID: ${USER_UID}\n"; \
-    usermod -u ${USER_UID} "$SOLR_USER"; \
-    groupmod -g ${USER_UID} "$SOLR_GROUP"; \
-    chown -R ${USER_UID}:${USER_UID} /var/solr;
-
-COPY managed-schema.xml /opt/solr/server/solr/configsets/_default/conf/managed-schema
-
-USER $SOLR_USER
-# Redeclare VOLUME to change permissions
-VOLUME /var/solr
diff --git a/docker/varnish/Dockerfile b/docker/varnish/Dockerfile
deleted file mode 100644
index 927f060..0000000
--- a/docker/varnish/Dockerfile
+++ /dev/null
@@ -1,5 +0,0 @@
-FROM varnish:7.1-alpine
-LABEL org.opencontainers.image.authors="ambroise@rezo-zero.com"
-
-ENV VARNISH_SIZE 1G
-COPY ./default.vcl /etc/varnish/