From bd72283b61782160c1d7535e6f230ed581e89d51 Mon Sep 17 00:00:00 2001 From: Mikkel Ricky Date: Mon, 17 Jun 2024 15:40:23 +0200 Subject: [PATCH] Updated docker compose setup --- .docker/data/.gitignore | 5 +++ .docker/nginx.conf | 37 ++++++++++++++++++ .docker/templates/default.conf.template | 42 ++++++++++++++++++++ .docker/vhost.conf | 16 ++++++-- README.md | 7 ++-- docker-compose.dev.yml | 27 ++++++------- docker-compose.override.yml | 6 +++ docker-compose.redirect.yml | 4 +- docker-compose.server.yml | 22 ++++++----- docker-compose.yml | 52 ++++++++++++------------- 10 files changed, 156 insertions(+), 62 deletions(-) create mode 100644 .docker/data/.gitignore create mode 100644 .docker/nginx.conf create mode 100644 .docker/templates/default.conf.template create mode 100644 docker-compose.override.yml diff --git a/.docker/data/.gitignore b/.docker/data/.gitignore new file mode 100644 index 0000000..80a9dc9 --- /dev/null +++ b/.docker/data/.gitignore @@ -0,0 +1,5 @@ +# Ignore everything in this directory +* +# Except this file +!.gitignore +!Readme.md diff --git a/.docker/nginx.conf b/.docker/nginx.conf new file mode 100644 index 0000000..d0a557b --- /dev/null +++ b/.docker/nginx.conf @@ -0,0 +1,37 @@ +worker_processes auto; + +error_log /dev/stderr notice; +pid /tmp/nginx.pid; + +events { + worker_connections 1024; +} + + +http { + proxy_temp_path /tmp/proxy_temp; + client_body_temp_path /tmp/client_temp; + fastcgi_temp_path /tmp/fastcgi_temp; + uwsgi_temp_path /tmp/uwsgi_temp; + scgi_temp_path /tmp/scgi_temp; + + include /etc/nginx/mime.types; + default_type application/octet-stream; + + set_real_ip_from 172.16.0.0/8; + real_ip_recursive on; + real_ip_header X-Forwarded-For; + + log_format main '$http_x_real_ip - $remote_user [$time_local] "$request" ' + '$status $body_bytes_sent "$http_referer" ' + '"$http_user_agent" "$http_x_forwarded_for"'; + + access_log /dev/stdout main; + + sendfile on; + keepalive_timeout 65; + + gzip on; + + include /etc/nginx/conf.d/*.conf; +} diff --git a/.docker/templates/default.conf.template b/.docker/templates/default.conf.template new file mode 100644 index 0000000..a2e27d9 --- /dev/null +++ b/.docker/templates/default.conf.template @@ -0,0 +1,42 @@ +server { + listen ${NGINX_PORT}; + server_name localhost; + + root ${NGINX_WEB_ROOT}; + + client_max_body_size ${NGINX_MAX_BODY_SIZE}; + + location / { + # try to serve file directly, fallback to index.php + try_files $uri /index.php$is_args$args; + } + + # Protect files and directories from prying eyes. + location ~* \.(engine|inc|install|make|module|profile|po|sh|.*sql|.tar|.gz|.bz2|theme|twig|tpl(\.php)?|xtmpl|yml)(~|\.sw[op]|\.bak|\.orig|\.save)?$|^(\.(?!well-known).*|Entries.*|Repository|Root|Tag|Template|composer\.(json|lock)|web\.config)$|^#.*#$|\.php(~|\.sw[op]|\.bak|\.orig|\.save)$ { + deny all; + return 404; + } + + location ~ ^/index\.php(/|$) { + fastcgi_buffers 16 32k; + fastcgi_buffer_size 64k; + fastcgi_busy_buffers_size 64k; + + fastcgi_pass ${NGINX_FPM_SERVICE}; + fastcgi_split_path_info ^(.+\.php)(/.*)$; + include fastcgi_params; + + fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name; + fastcgi_param DOCUMENT_ROOT $realpath_root; + + internal; + } + + location ~ \.php$ { + return 404; + } + + # Send log message to files symlinked to stdout/stderr. + error_log /dev/stderr; + access_log /dev/stdout main; +} diff --git a/.docker/vhost.conf b/.docker/vhost.conf index da5cb68..95f024f 100644 --- a/.docker/vhost.conf +++ b/.docker/vhost.conf @@ -1,5 +1,5 @@ server { - listen 80; + listen 8080; server_name localhost; root /app/public; @@ -8,7 +8,17 @@ server { try_files $uri /index.php$is_args$args; } + # Protect files and directories from prying eyes. + location ~* \.(engine|inc|install|make|module|profile|po|sh|.*sql|.tar|.gz|.bz2|theme|twig|tpl(\.php)?|xtmpl|yml)(~|\.sw[op]|\.bak|\.orig|\.save)?$|^(\.(?!well-known).*|Entries.*|Repository|Root|Tag|Template|composer\.(json|lock)|web\.config)$|^#.*#$|\.php(~|\.sw[op]|\.bak|\.orig|\.save)$ { + deny all; + return 404; + } + location ~ ^/index\.php(/|$) { + fastcgi_buffers 16 32k; + fastcgi_buffer_size 64k; + fastcgi_busy_buffers_size 64k; + fastcgi_pass phpfpm:9000; fastcgi_split_path_info ^(.+\.php)(/.*)$; include fastcgi_params; @@ -24,6 +34,6 @@ server { } # Send log message to files symlinked to stdout/stderr. - error_log /var/log/nginx/error.log; - access_log /var/log/nginx/access.log; + error_log /dev/stderr; + access_log /dev/stdout main; } diff --git a/README.md b/README.md index 3d76ee7..d344c48 100644 --- a/README.md +++ b/README.md @@ -1,14 +1,15 @@ # Hoeringsportal – GetOrganized ```sh +docker compose pull docker compose up --detach # We use kapersoft/sharefile-api which does not officially support PHP 8.1 (hence --ignore-platform-req=php) docker compose exec phpfpm composer install --ignore-platform-req=php ``` ```sh -docker compose run node yarn install -docker compose run node yarn build +docker compose run --rm node yarn install +docker compose run --rm node yarn build -docker compose run node yarn watch +docker compose run --rm node yarn watch ``` diff --git a/docker-compose.dev.yml b/docker-compose.dev.yml index 16a2124..4ac6fe3 100644 --- a/docker-compose.dev.yml +++ b/docker-compose.dev.yml @@ -1,30 +1,27 @@ -# itk-version: 2.1.0 -version: "3" - +# itk-version: 3.2.1 services: phpfpm: environment: - - PHP_MAILHOG_ENABLE=true - - PHP_MAILHOG_SERVER=mailhog - - PHP_MAILHOG_PORT=1025 + - PHP_SENDMAIL_PATH=/usr/sbin/sendmail -S mail:1025 nginx: labels: - "traefik.http.routers.${COMPOSE_PROJECT_NAME}.middlewares=ITKBasicAuth@file" - mailhog: - image: mailhog/mailhog + mail: + image: axllent/mailpit + restart: unless-stopped networks: - app - frontend labels: - "traefik.enable=true" - "traefik.docker.network=frontend" - - "traefik.http.routers.mailhog_${COMPOSE_PROJECT_NAME}-http.rule=Host(`mailhog.${COMPOSE_SERVER_DOMAIN}`)" - - "traefik.http.routers.mailhog_${COMPOSE_PROJECT_NAME}-http.entrypoints=web" - - "traefik.http.routers.mailhog_${COMPOSE_PROJECT_NAME}-http.middlewares=redirect-to-https" + - "traefik.http.routers.mail_${COMPOSE_PROJECT_NAME}-http.rule=Host(`mail.${COMPOSE_SERVER_DOMAIN}`)" + - "traefik.http.routers.mail_${COMPOSE_PROJECT_NAME}-http.entrypoints=web" + - "traefik.http.routers.mail_${COMPOSE_PROJECT_NAME}-http.middlewares=redirect-to-https" - "traefik.http.middlewares.redirect-to-https.redirectscheme.scheme=https" - - "traefik.http.routers.mailhog_${COMPOSE_PROJECT_NAME}.rule=Host(`mailhog.${COMPOSE_SERVER_DOMAIN}`)" - - "traefik.http.routers.mailhog_${COMPOSE_PROJECT_NAME}.entrypoints=websecure" - - "traefik.http.services.mailhog_${COMPOSE_PROJECT_NAME}.loadbalancer.server.port=8025" - - "traefik.http.routers.mailhog_${COMPOSE_PROJECT_NAME}.middlewares=ITKMailhogAuth@file" + - "traefik.http.routers.mail_${COMPOSE_PROJECT_NAME}.rule=Host(`mail.${COMPOSE_SERVER_DOMAIN}`)" + - "traefik.http.routers.mail_${COMPOSE_PROJECT_NAME}.entrypoints=websecure" + - "traefik.http.services.mail_${COMPOSE_PROJECT_NAME}.loadbalancer.server.port=8025" + - "traefik.http.routers.mail_${COMPOSE_PROJECT_NAME}.middlewares=ITKMailhogAuth@file" diff --git a/docker-compose.override.yml b/docker-compose.override.yml new file mode 100644 index 0000000..8438d1b --- /dev/null +++ b/docker-compose.override.yml @@ -0,0 +1,6 @@ +services: + node: + image: node:16 + volumes: + - .:/app + working_dir: /app diff --git a/docker-compose.redirect.yml b/docker-compose.redirect.yml index ee6568c..66f26e9 100644 --- a/docker-compose.redirect.yml +++ b/docker-compose.redirect.yml @@ -1,6 +1,4 @@ -# itk-version: 2.1.0 -version: "3" - +# itk-version: 3.2.1 services: nginx: labels: diff --git a/docker-compose.server.yml b/docker-compose.server.yml index 09ccb5d..67e4634 100644 --- a/docker-compose.server.yml +++ b/docker-compose.server.yml @@ -1,6 +1,4 @@ -# itk-version: 2.0.1 -version: "3" - +# itk-version: 3.2.1 networks: frontend: external: true @@ -18,24 +16,28 @@ services: - "host.docker.internal:host-gateway" environment: - PHP_MAX_EXECUTION_TIME=30 - - PHP_MEMORY_LIMIT=24800M + - PHP_MEMORY_LIMIT=128M - COMPOSER_VERSION=2 volumes: - - .:/app:delegated + - .:/app nginx: - image: nginx:stable-alpine + image: nginxinc/nginx-unprivileged:alpine restart: unless-stopped networks: - app - frontend depends_on: - phpfpm - ports: - - '80' volumes: - - ${PWD}/.docker/vhost.conf:/etc/nginx/conf.d/default.conf:ro - - ./:/app:rw + - ./.docker/templates:/etc/nginx/templates:ro + - ./.docker/nginx.conf:/etc/nginx/nginx.conf:ro + - .:/app + environment: + NGINX_FPM_SERVICE: ${COMPOSE_PROJECT_NAME}-phpfpm-1:9000 + NGINX_WEB_ROOT: /app/public + NGINX_PORT: 8080 + NGINX_MAX_BODY_SIZE: 5M labels: - "traefik.enable=true" - "traefik.docker.network=frontend" diff --git a/docker-compose.yml b/docker-compose.yml index 56a0085..a23facd 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -1,6 +1,4 @@ -# itk-version: 2.0.1 -version: "3" - +# itk-version: 3.2.1 networks: frontend: external: true @@ -21,48 +19,54 @@ services: - MYSQL_PASSWORD=db - MYSQL_DATABASE=db #- ENCRYPT=1 # Uncomment to enable database encryption. - labels: - com.symfony.server.service-prefix: 'DATABASE' phpfpm: image: itkdev/php8.1-fpm:latest networks: - app + extra_hosts: + - "host.docker.internal:host-gateway" environment: - - XDEBUG_MODE=${XDEBUG_MODE:-off} - - XDEBUG_SESSION=${XDEBUG_SESSION:-0} + - PHP_XDEBUG_MODE=${PHP_XDEBUG_MODE:-off} - PHP_MAX_EXECUTION_TIME=30 - PHP_MEMORY_LIMIT=256M - # - PHP_MAIL=1 # Uncomment to enable mailhog. + # Depending on the setup, you may have to remove --read-envelope-from from msmtp (cf. https://marlam.de/msmtp/msmtp.html) or use SMTP to send mail + - PHP_SENDMAIL_PATH=/usr/bin/msmtp --host=mail --port=1025 --read-recipients --read-envelope-from - DOCKER_HOST_DOMAIN=${COMPOSE_DOMAIN} - COMPOSER_VERSION=2 + - PHP_IDE_CONFIG=serverName=localhost depends_on: - mariadb volumes: - - .:/app:delegated + - .:/app nginx: - image: nginx:latest + image: nginxinc/nginx-unprivileged:alpine networks: - app - frontend depends_on: - phpfpm ports: - - '80' + - '8080' volumes: - - ${PWD}/.docker/vhost.conf:/etc/nginx/conf.d/default.conf:ro - - .:/app:delegated + - ./.docker/templates:/etc/nginx/templates:ro + - .:/app + environment: + NGINX_FPM_SERVICE: ${COMPOSE_PROJECT_NAME}-phpfpm-1:9000 + NGINX_WEB_ROOT: /app/public + NGINX_PORT: 8080 + NGINX_MAX_BODY_SIZE: 5M labels: - "traefik.enable=true" - "traefik.docker.network=frontend" - "traefik.http.routers.${COMPOSE_PROJECT_NAME}.rule=Host(`${COMPOSE_DOMAIN}`)" -# HTTPS config - uncomment to enable redirect from :80 to :443 -# - "traefik.http.routers.${COMPOSE_PROJECT_NAME}.middlewares=redirect-to-https" -# - "traefik.http.middlewares.redirect-to-https.redirectscheme.scheme=https" + # HTTPS config - uncomment to enable redirect from :80 to :443 + - "traefik.http.routers.${COMPOSE_PROJECT_NAME}.middlewares=redirect-to-https" + - "traefik.http.middlewares.redirect-to-https.redirectscheme.scheme=https" - mailhog: - image: mailhog/mailhog + mail: + image: axllent/mailpit networks: - app - frontend @@ -72,13 +76,5 @@ services: labels: - "traefik.enable=true" - "traefik.docker.network=frontend" - - "traefik.http.routers.${COMPOSE_PROJECT_NAME}Mailhog.rule=Host(`mailhog-${COMPOSE_DOMAIN}`)" - - "traefik.http.services.${COMPOSE_PROJECT_NAME}Mailhog.loadbalancer.server.port=8025" - - node: - image: node:16 - networks: - - app - volumes: - - .:/app:delegated - working_dir: /app + - "traefik.http.routers.${COMPOSE_PROJECT_NAME}mail.rule=Host(`mail-${COMPOSE_DOMAIN}`)" + - "traefik.http.services.${COMPOSE_PROJECT_NAME}mail.loadbalancer.server.port=8025"