trimmed down docker image, added GD support, enabled file upload

This commit is contained in:
El RIDO 2018-05-27 23:22:08 +02:00
parent 40cb55b3d5
commit aa1cabad94
8 changed files with 16 additions and 111 deletions

View File

@ -4,8 +4,5 @@ examples/
# Git
.git/
# PHPStorm
.idea/
# OSX
.DS_Store

View File

@ -1,20 +1,24 @@
FROM php:fpm-alpine
MAINTAINER Michael Contento <mail@michaelcontento.de>
MAINTAINER PrivateBin <support@privatebin.org>
RUN \
# Install dependencies
apk add --no-cache nginx supervisor \
# Install PHP extension: opcache
&& docker-php-ext-install opcache \
&& docker-php-ext-install -j$(nproc) opcache \
&& rm -f /usr/local/etc/php/conf.d/docker-php-ext-opcache.ini \
# Install PHP extension: xdebug
&& apk add --no-cache g++ make autoconf \
&& pecl install xdebug \
&& apk del g++ make autoconf \
&& rm -rf /tmp/pear \
# Install PHP extension: gd
&& apk add --no-cache freetype libpng libjpeg-turbo freetype-dev libpng-dev libjpeg-turbo-dev \
&& docker-php-ext-configure gd \
--with-freetype-dir=/usr/include/ \
--with-png-dir=/usr/include/ \
--with-jpeg-dir=/usr/include/ \
&& docker-php-ext-install -j$(nproc) gd \
&& apk del --no-cache freetype-dev libpng-dev libjpeg-turbo-dev \
# Remove (some of the) default nginx config
&& rm -f /etc/nginx.conf \
&& rm -f /etc/nginx/conf.d/default.conf \
&& rm -rf /etc/nginx/sites-* \
&& rm -rf /var/log/nginx \
# Ensure nginx logs, even if the config has errors, are written to stderr
@ -38,35 +42,12 @@ RUN \
WORKDIR /var/www
# Where nginx should serve from
ENV DOCUMENT_ROOT=/var/www
# Should we instantiate a redirect for apex-to-www? Or www-to-apex?
# Valid values are "none", "www-to-apex" or "apex-to-www"
ENV REDIRECT_MODE="none"
# Which HTTP code should we use for the above redirect
ENV REDIRECT_CODE=302
# Which protocol should we use to do the above redirect? Valid options are
# "http", "https" or "auto" (which will trust X-Forwarded-Proto)
ENV REDIRECT_PROTO="auto"
# Change this to true/1 to enable the xdebug extension for php. You need to change
# some xdebug settings? E.g. xdebug.idekey? Just set a environment variable with the dot
# replaced with an underscore (xdebug.idekey => XDEBUG_IDEKEY) and they xdebug config will
# be changed on container start. This is a fast and simple alternative to adding a custom
# config ini in /usr/local/etc/php/conf.d/
ENV XDEBUG=false
# Which environment variables should be available to PHP? For security reasons we do not expose
# any of them to PHP by default.
# Valid values are "none" and "all"
ENV ENV_WHITELIST="none"
ADD etc/ /etc/
ADD usr/ /usr/
# mark dirs as volumes that need to be writable, allows running the container --read-only
VOLUME /tmp /var/tmp /var/run /var/log
EXPOSE 80
CMD ["/usr/bin/docker-start"]
ENTRYPOINT ["/usr/bin/supervisord","-c","/etc/supervisord.conf"]

View File

@ -1,7 +0,0 @@
server {
listen 80;
server_name ~^(?!www.)(?<domain>.+)$;
include /etc/nginx/server.d/*.conf;
return {{REDIRECT_CODE}} {{REDIRECT_PROTO}}://www.$domain$request_uri;
}

View File

@ -1,7 +0,0 @@
server {
listen 80;
server_name ~^www.(?<domain>.+)$;
include /etc/nginx/server.d/*.conf;
return {{REDIRECT_CODE}} {{REDIRECT_PROTO}}://$domain$request_uri;
}

View File

@ -1,7 +1,7 @@
server {
listen 80 default_server;
root {{DOCUMENT_ROOT}};
root /var/www;
index index.php index.html index.htm;
location / {

View File

@ -1,51 +0,0 @@
#!/usr/bin/env sh
set -eu
# Properly detect requested redirect
if [ "${REDIRECT_PROTO}" == "auto" ]; then
REDIRECT_PROTO="\$http_x_forwarded_proto";
elif [ "${REDIRECT_PROTO}" != "http" ] && [ "${REDIRECT_PROTO}" != "https" ]; then
echo "ERROR: Invalid value for REDIRECT_PROTO, got '${REDIRECT_PROTO}'" >&2
echo "ERROR: Valid values are: 'auto', 'http' or 'https'" >&2
exit 1
fi
# Replace templates in nginx config
for file in /etc/nginx/*/*.tpl; do
sed \
-e "s#{{DOCUMENT_ROOT}}#${DOCUMENT_ROOT}#g" \
-e "s#{{REDIRECT_CODE}}#${REDIRECT_CODE}#g" \
-e "s#{{REDIRECT_PROTO}}#${REDIRECT_PROTO}#g" \
"${file}" \
> "${file%.tpl}"
done
# Activate the right
rm -f /etc/nginx/sites-enabled/redirect-*.conf
if [[ -f "/etc/nginx/sites-available/redirect-${REDIRECT_MODE}.conf" ]]; then
ln -s \
"/etc/nginx/sites-available/redirect-${REDIRECT_MODE}.conf" \
"/etc/nginx/sites-enabled/redirect-${REDIRECT_MODE}.conf"
fi
# Configure or disable XDebug as requested
XDEBUG_INI="/usr/local/etc/php/conf.d/10-xdebug.ini"
if [ ${XDEBUG} = true ] || [ "${XDEBUG}" == "1" ]; then
for setting in $(env | egrep '^XDEBUG_'); do
key=$(echo "${setting}" | cut -d'=' -f1 | sed -e 's/XDEBUG_/xdebug./' | tr 'A-Z' 'a-z')
value=$(echo "${setting}" | cut -d'=' -f2-)
echo "${key}=${value}" >> "${XDEBUG_INI}"
done
else
rm -f "${XDEBUG_INI}"
fi
if [ "${ENV_WHITELIST}" == "all" ]; then
rm -rf /usr/local/etc/php-fpm.d/50-clear-env.conf
elif [ "${ENV_WHITELIST}" != "none" ]; then
echo "ERROR: Invalid value for ENV_WHITELIST, got '${ENV_WHITELIST}'" >&2
echo "ERROR: Valid values are: 'none' or 'all'" >&2
exit 1
fi
exec /usr/bin/supervisord -c /etc/supervisord.conf

View File

@ -1,7 +1,3 @@
; Disable file uploads by default for security reasons. Your service needs file uploads? Please
; add a overwriting php.ini in your custom Dockerfile!
file_uploads=Off
; session.use_strict_mode specifies whether the module will use strict session id mode. If this
; mode is enabled, the module does not accept uninitialized session ID. If uninitialized session ID
; is sent from browser, new session ID is sent to browser. Applications are protected from session

View File

@ -1,4 +0,0 @@
zend_extension=xdebug.so
xdebug.remote_autostart=On
xdebug.remote_enable=On
xdebug.remote_connect_back=On