Updated docker compose setup

.docker/data/.gitignore

@@ -0,0 +1,5 @@
+# Ignore everything in this directory
+*
+# Except this file
+!.gitignore
+!Readme.md

.docker/nginx.conf

@@ -0,0 +1,37 @@
+worker_processes  auto;
+
+error_log  /dev/stderr notice;
+pid        /tmp/nginx.pid;
+
+events {
+    worker_connections  1024;
+}
+
+
+http {
+    proxy_temp_path /tmp/proxy_temp;
+    client_body_temp_path /tmp/client_temp;
+    fastcgi_temp_path /tmp/fastcgi_temp;
+    uwsgi_temp_path /tmp/uwsgi_temp;
+    scgi_temp_path /tmp/scgi_temp;
+
+    include       /etc/nginx/mime.types;
+    default_type  application/octet-stream;
+
+    set_real_ip_from 172.16.0.0/8;
+    real_ip_recursive on;
+    real_ip_header X-Forwarded-For;
+
+    log_format  main  '$http_x_real_ip - $remote_user [$time_local] "$request" '
+                      '$status $body_bytes_sent "$http_referer" '
+                      '"$http_user_agent" "$http_x_forwarded_for"';
+
+    access_log  /dev/stdout main;
+
+    sendfile        on;
+    keepalive_timeout  65;
+
+    gzip  on;
+
+    include /etc/nginx/conf.d/*.conf;
+}

.docker/templates/default.conf.template

@@ -0,0 +1,42 @@
+server {
+    listen ${NGINX_PORT};
+    server_name localhost;
+
+    root ${NGINX_WEB_ROOT};
+
+    client_max_body_size ${NGINX_MAX_BODY_SIZE};
+
+    location / {
+        # try to serve file directly, fallback to index.php
+        try_files $uri /index.php$is_args$args;
+    }
+
+    # Protect files and directories from prying eyes.
+    location ~* \.(engine|inc|install|make|module|profile|po|sh|.*sql|.tar|.gz|.bz2|theme|twig|tpl(\.php)?|xtmpl|yml)(~|\.sw[op]|\.bak|\.orig|\.save)?$|^(\.(?!well-known).*|Entries.*|Repository|Root|Tag|Template|composer\.(json|lock)|web\.config)$|^#.*#$|\.php(~|\.sw[op]|\.bak|\.orig|\.save)$ {
+        deny all;
+        return 404;
+    }
+
+    location ~ ^/index\.php(/|$) {
+        fastcgi_buffers 16 32k;
+        fastcgi_buffer_size 64k;
+        fastcgi_busy_buffers_size 64k;
+
+        fastcgi_pass ${NGINX_FPM_SERVICE};
+        fastcgi_split_path_info ^(.+\.php)(/.*)$;
+        include fastcgi_params;
+
+        fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;
+        fastcgi_param DOCUMENT_ROOT $realpath_root;
+
+        internal;
+    }
+
+    location ~ \.php$ {
+        return 404;
+    }
+
+    # Send log message to files symlinked to stdout/stderr.
+    error_log /dev/stderr;
+    access_log /dev/stdout main;
+}

.docker/vhost.conf

@@ -1,5 +1,5 @@
 server {
-    listen 80;
+    listen 8080;
     server_name localhost;
     root /app/public;
 
@@ -8,7 +8,17 @@ server {
         try_files $uri /index.php$is_args$args;
     }
 
+    # Protect files and directories from prying eyes.
+    location ~* \.(engine|inc|install|make|module|profile|po|sh|.*sql|.tar|.gz|.bz2|theme|twig|tpl(\.php)?|xtmpl|yml)(~|\.sw[op]|\.bak|\.orig|\.save)?$|^(\.(?!well-known).*|Entries.*|Repository|Root|Tag|Template|composer\.(json|lock)|web\.config)$|^#.*#$|\.php(~|\.sw[op]|\.bak|\.orig|\.save)$ {
+        deny all;
+        return 404;
+    }
+
     location ~ ^/index\.php(/|$) {
+        fastcgi_buffers 16 32k;
+        fastcgi_buffer_size 64k;
+        fastcgi_busy_buffers_size 64k;
+
         fastcgi_pass phpfpm:9000;
         fastcgi_split_path_info ^(.+\.php)(/.*)$;
         include fastcgi_params;
@@ -24,6 +34,6 @@ server {
     }
 
     # Send log message to files symlinked to stdout/stderr.
-    error_log /var/log/nginx/error.log;
-    access_log /var/log/nginx/access.log;
+    error_log /dev/stderr;
+    access_log /dev/stdout main;
 }

README.md

@@ -1,14 +1,15 @@
 # Hoeringsportal – GetOrganized
 
 ```sh
+docker compose pull
 docker compose up --detach
 # We use kapersoft/sharefile-api which does not officially support PHP 8.1 (hence --ignore-platform-req=php)
 docker compose exec phpfpm composer install --ignore-platform-req=php
 ```
 
 ```sh
-docker compose run node yarn install
-docker compose run node yarn build
+docker compose run --rm node yarn install
+docker compose run --rm node yarn build
 
-docker compose run node yarn watch
+docker compose run --rm node yarn watch
 ```

docker-compose.dev.yml

@@ -1,30 +1,27 @@
-# itk-version: 2.1.0
-version: "3"
-
+# itk-version: 3.2.1
 services:
   phpfpm:
     environment:
-      - PHP_MAILHOG_ENABLE=true
-      - PHP_MAILHOG_SERVER=mailhog
-      - PHP_MAILHOG_PORT=1025
+      - PHP_SENDMAIL_PATH=/usr/sbin/sendmail -S mail:1025
 
   nginx:
     labels:
       - "traefik.http.routers.${COMPOSE_PROJECT_NAME}.middlewares=ITKBasicAuth@file"
 
-  mailhog:
-    image: mailhog/mailhog
+  mail:
+    image: axllent/mailpit
+    restart: unless-stopped
     networks:
       - app
       - frontend
     labels:
       - "traefik.enable=true"
       - "traefik.docker.network=frontend"
-      - "traefik.http.routers.mailhog_${COMPOSE_PROJECT_NAME}-http.rule=Host(`mailhog.${COMPOSE_SERVER_DOMAIN}`)"
-      - "traefik.http.routers.mailhog_${COMPOSE_PROJECT_NAME}-http.entrypoints=web"
-      - "traefik.http.routers.mailhog_${COMPOSE_PROJECT_NAME}-http.middlewares=redirect-to-https"
+      - "traefik.http.routers.mail_${COMPOSE_PROJECT_NAME}-http.rule=Host(`mail.${COMPOSE_SERVER_DOMAIN}`)"
+      - "traefik.http.routers.mail_${COMPOSE_PROJECT_NAME}-http.entrypoints=web"
+      - "traefik.http.routers.mail_${COMPOSE_PROJECT_NAME}-http.middlewares=redirect-to-https"
       - "traefik.http.middlewares.redirect-to-https.redirectscheme.scheme=https"
-      - "traefik.http.routers.mailhog_${COMPOSE_PROJECT_NAME}.rule=Host(`mailhog.${COMPOSE_SERVER_DOMAIN}`)"
-      - "traefik.http.routers.mailhog_${COMPOSE_PROJECT_NAME}.entrypoints=websecure"
-      - "traefik.http.services.mailhog_${COMPOSE_PROJECT_NAME}.loadbalancer.server.port=8025"
-      - "traefik.http.routers.mailhog_${COMPOSE_PROJECT_NAME}.middlewares=ITKMailhogAuth@file"
+      - "traefik.http.routers.mail_${COMPOSE_PROJECT_NAME}.rule=Host(`mail.${COMPOSE_SERVER_DOMAIN}`)"
+      - "traefik.http.routers.mail_${COMPOSE_PROJECT_NAME}.entrypoints=websecure"
+      - "traefik.http.services.mail_${COMPOSE_PROJECT_NAME}.loadbalancer.server.port=8025"
+      - "traefik.http.routers.mail_${COMPOSE_PROJECT_NAME}.middlewares=ITKMailhogAuth@file"

docker-compose.override.yml

@@ -0,0 +1,6 @@
+services:
+  node:
+    image: node:16
+    volumes:
+      - .:/app
+    working_dir: /app

docker-compose.redirect.yml

@@ -1,6 +1,4 @@
-# itk-version: 2.1.0
-version: "3"
-
+# itk-version: 3.2.1
 services:
   nginx:
     labels:

docker-compose.server.yml

@@ -1,6 +1,4 @@
-# itk-version: 2.0.1
-version: "3"
-
+# itk-version: 3.2.1
 networks:
   frontend:
     external: true
@@ -18,24 +16,28 @@ services:
       - "host.docker.internal:host-gateway"
     environment:
       - PHP_MAX_EXECUTION_TIME=30
-      - PHP_MEMORY_LIMIT=24800M
+      - PHP_MEMORY_LIMIT=128M
       - COMPOSER_VERSION=2
     volumes:
-      - .:/app:delegated
+      - .:/app
 
   nginx:
-    image: nginx:stable-alpine
+    image: nginxinc/nginx-unprivileged:alpine
     restart: unless-stopped
     networks:
       - app
       - frontend
     depends_on:
       - phpfpm
-    ports:
-      - '80'
     volumes:
-      - ${PWD}/.docker/vhost.conf:/etc/nginx/conf.d/default.conf:ro
-      - ./:/app:rw
+      - ./.docker/templates:/etc/nginx/templates:ro
+      - ./.docker/nginx.conf:/etc/nginx/nginx.conf:ro
+      - .:/app
+    environment:
+      NGINX_FPM_SERVICE: ${COMPOSE_PROJECT_NAME}-phpfpm-1:9000
+      NGINX_WEB_ROOT: /app/public
+      NGINX_PORT: 8080
+      NGINX_MAX_BODY_SIZE: 5M
     labels:
       - "traefik.enable=true"
       - "traefik.docker.network=frontend"

docker-compose.yml

@@ -1,6 +1,4 @@
-# itk-version: 2.0.1
-version: "3"
-
+# itk-version: 3.2.1
 networks:
   frontend:
     external: true
@@ -21,48 +19,54 @@ services:
       - MYSQL_PASSWORD=db
       - MYSQL_DATABASE=db
       #- ENCRYPT=1 # Uncomment to enable database encryption.
-    labels:
-      com.symfony.server.service-prefix: 'DATABASE'
 
   phpfpm:
     image: itkdev/php8.1-fpm:latest
     networks:
       - app
+    extra_hosts:
+      - "host.docker.internal:host-gateway"
     environment:
-      - XDEBUG_MODE=${XDEBUG_MODE:-off}
-      - XDEBUG_SESSION=${XDEBUG_SESSION:-0}
+      - PHP_XDEBUG_MODE=${PHP_XDEBUG_MODE:-off}
       - PHP_MAX_EXECUTION_TIME=30
       - PHP_MEMORY_LIMIT=256M
-      # - PHP_MAIL=1 # Uncomment to enable mailhog.
+      # Depending on the setup, you may have to remove --read-envelope-from from msmtp (cf. https://marlam.de/msmtp/msmtp.html) or use SMTP to send mail
+      - PHP_SENDMAIL_PATH=/usr/bin/msmtp --host=mail --port=1025 --read-recipients --read-envelope-from
       - DOCKER_HOST_DOMAIN=${COMPOSE_DOMAIN}
       - COMPOSER_VERSION=2
+      - PHP_IDE_CONFIG=serverName=localhost
     depends_on:
       - mariadb
     volumes:
-      - .:/app:delegated
+      - .:/app
 
   nginx:
-    image: nginx:latest
+    image: nginxinc/nginx-unprivileged:alpine
     networks:
       - app
       - frontend
     depends_on:
       - phpfpm
     ports:
-      - '80'
+      - '8080'
     volumes:
-      - ${PWD}/.docker/vhost.conf:/etc/nginx/conf.d/default.conf:ro
-      - .:/app:delegated
+      - ./.docker/templates:/etc/nginx/templates:ro
+      - .:/app
+    environment:
+      NGINX_FPM_SERVICE: ${COMPOSE_PROJECT_NAME}-phpfpm-1:9000
+      NGINX_WEB_ROOT: /app/public
+      NGINX_PORT: 8080
+      NGINX_MAX_BODY_SIZE: 5M
     labels:
       - "traefik.enable=true"
       - "traefik.docker.network=frontend"
       - "traefik.http.routers.${COMPOSE_PROJECT_NAME}.rule=Host(`${COMPOSE_DOMAIN}`)"
-#      HTTPS config - uncomment to enable redirect from :80 to :443
-#      - "traefik.http.routers.${COMPOSE_PROJECT_NAME}.middlewares=redirect-to-https"
-#      - "traefik.http.middlewares.redirect-to-https.redirectscheme.scheme=https"
+      # HTTPS config - uncomment to enable redirect from :80 to :443
+      - "traefik.http.routers.${COMPOSE_PROJECT_NAME}.middlewares=redirect-to-https"
+      - "traefik.http.middlewares.redirect-to-https.redirectscheme.scheme=https"
 
-  mailhog:
-    image: mailhog/mailhog
+  mail:
+    image: axllent/mailpit
     networks:
       - app
       - frontend
@@ -72,13 +76,5 @@ services:
     labels:
       - "traefik.enable=true"
       - "traefik.docker.network=frontend"
-      - "traefik.http.routers.${COMPOSE_PROJECT_NAME}Mailhog.rule=Host(`mailhog-${COMPOSE_DOMAIN}`)"
-      - "traefik.http.services.${COMPOSE_PROJECT_NAME}Mailhog.loadbalancer.server.port=8025"
-
-  node:
-    image: node:16
-    networks:
-      - app
-    volumes:
-      - .:/app:delegated
-    working_dir: /app
+      - "traefik.http.routers.${COMPOSE_PROJECT_NAME}mail.rule=Host(`mail-${COMPOSE_DOMAIN}`)"
+      - "traefik.http.services.${COMPOSE_PROJECT_NAME}mail.loadbalancer.server.port=8025"