trimmed down docker image, added GD support, enabled file upload

.dockerignore

@@ -4,8 +4,5 @@ examples/
 # Git
 .git/
 
-# PHPStorm
-.idea/
-
 # OSX
 .DS_Store

Dockerfile

@@ -1,20 +1,24 @@
 FROM php:fpm-alpine
 
-MAINTAINER Michael Contento <mail@michaelcontento.de>
+MAINTAINER PrivateBin <support@privatebin.org>
 
 RUN \
 # Install dependencies
     apk add --no-cache nginx supervisor \
 # Install PHP extension: opcache
-    && docker-php-ext-install opcache \
+    && docker-php-ext-install -j$(nproc) opcache \
     && rm -f /usr/local/etc/php/conf.d/docker-php-ext-opcache.ini \
-# Install PHP extension: xdebug
-    && apk add --no-cache g++ make autoconf \
-    && pecl install xdebug \
-    && apk del g++ make autoconf \
-    && rm -rf /tmp/pear \
+# Install PHP extension: gd
+    && apk add --no-cache freetype libpng libjpeg-turbo freetype-dev libpng-dev libjpeg-turbo-dev \
+    && docker-php-ext-configure gd \
+        --with-freetype-dir=/usr/include/ \
+        --with-png-dir=/usr/include/ \
+        --with-jpeg-dir=/usr/include/ \
+  && docker-php-ext-install -j$(nproc) gd \
+  && apk del --no-cache freetype-dev libpng-dev libjpeg-turbo-dev \
 # Remove (some of the) default nginx config
     && rm -f /etc/nginx.conf \
+    && rm -f /etc/nginx/conf.d/default.conf \
     && rm -rf /etc/nginx/sites-* \
     && rm -rf /var/log/nginx \
 # Ensure nginx logs, even if the config has errors, are written to stderr
@@ -38,35 +42,12 @@ RUN \
 
 WORKDIR /var/www
 
-# Where nginx should serve from
-ENV DOCUMENT_ROOT=/var/www
-
-# Should we instantiate a redirect for apex-to-www? Or www-to-apex?
-# Valid values are "none", "www-to-apex" or "apex-to-www"
-ENV REDIRECT_MODE="none"
-
-# Which HTTP code should we use for the above redirect
-ENV REDIRECT_CODE=302
-
-# Which protocol should we use to do the above redirect? Valid options are
-# "http", "https" or "auto" (which will trust X-Forwarded-Proto)
-ENV REDIRECT_PROTO="auto"
-
-# Change this to true/1 to enable the xdebug extension for php. You need to change
-# some xdebug settings? E.g. xdebug.idekey? Just set a environment variable with the dot
-# replaced with an underscore (xdebug.idekey => XDEBUG_IDEKEY) and they xdebug config will
-# be changed on container start. This is a fast and simple alternative to adding a custom
-# config ini in /usr/local/etc/php/conf.d/
-ENV XDEBUG=false
-
-# Which environment variables should be available to PHP? For security reasons we do not expose
-# any of them to PHP by default.
-# Valid values are "none" and "all"
-ENV ENV_WHITELIST="none"
-
 ADD etc/ /etc/
 ADD usr/ /usr/
 
+# mark dirs as volumes that need to be writable, allows running the container --read-only
+VOLUME /tmp /var/tmp /var/run /var/log
+
 EXPOSE 80
 
-CMD ["/usr/bin/docker-start"]
+ENTRYPOINT ["/usr/bin/supervisord","-c","/etc/supervisord.conf"]

etc/nginx/sites-available/redirect-apex-to-www.conf.tpl

@@ -1,7 +0,0 @@
-server {
-    listen 80;
-    server_name ~^(?!www.)(?<domain>.+)$;
-
-    include /etc/nginx/server.d/*.conf;
-    return {{REDIRECT_CODE}} {{REDIRECT_PROTO}}://www.$domain$request_uri;
-}

etc/nginx/sites-available/redirect-www-to-apex.conf.tpl

@@ -1,7 +0,0 @@
-server {
-    listen 80;
-    server_name ~^www.(?<domain>.+)$;
-
-    include /etc/nginx/server.d/*.conf;
-    return {{REDIRECT_CODE}} {{REDIRECT_PROTO}}://$domain$request_uri;
-}

etc/nginx/sites-available/site.conf

@@ -1,7 +1,7 @@
 server {
     listen 80 default_server;
 
-    root {{DOCUMENT_ROOT}};
+    root /var/www;
     index index.php index.html index.htm;
 
     location / {

usr/bin/docker-start

@@ -1,51 +0,0 @@
-#!/usr/bin/env sh
-set -eu
-
-# Properly detect requested redirect
-if [ "${REDIRECT_PROTO}" == "auto" ]; then
-    REDIRECT_PROTO="\$http_x_forwarded_proto";
-elif [ "${REDIRECT_PROTO}" != "http" ] && [ "${REDIRECT_PROTO}" != "https" ]; then
-    echo "ERROR: Invalid value for REDIRECT_PROTO, got '${REDIRECT_PROTO}'" >&2
-    echo "ERROR: Valid values are: 'auto', 'http' or 'https'" >&2
-    exit 1
-fi
-
-# Replace templates in nginx config
-for file in /etc/nginx/*/*.tpl; do
-    sed \
-        -e "s#{{DOCUMENT_ROOT}}#${DOCUMENT_ROOT}#g" \
-        -e "s#{{REDIRECT_CODE}}#${REDIRECT_CODE}#g" \
-        -e "s#{{REDIRECT_PROTO}}#${REDIRECT_PROTO}#g" \
-        "${file}" \
-        > "${file%.tpl}"
-done
-
-# Activate the right
-rm -f /etc/nginx/sites-enabled/redirect-*.conf
-if [[ -f "/etc/nginx/sites-available/redirect-${REDIRECT_MODE}.conf" ]]; then
-    ln -s \
-        "/etc/nginx/sites-available/redirect-${REDIRECT_MODE}.conf" \
-        "/etc/nginx/sites-enabled/redirect-${REDIRECT_MODE}.conf"
-fi
-
-# Configure or disable XDebug as requested
-XDEBUG_INI="/usr/local/etc/php/conf.d/10-xdebug.ini"
-if [ ${XDEBUG} = true ] || [ "${XDEBUG}" == "1" ]; then
-    for setting in $(env | egrep '^XDEBUG_'); do
-        key=$(echo "${setting}" | cut -d'=' -f1 | sed -e 's/XDEBUG_/xdebug./' | tr 'A-Z' 'a-z')
-        value=$(echo "${setting}" | cut -d'=' -f2-)
-        echo "${key}=${value}" >> "${XDEBUG_INI}"
-    done
-else
-    rm -f "${XDEBUG_INI}"
-fi
-
-if [ "${ENV_WHITELIST}" == "all" ]; then
-    rm -rf /usr/local/etc/php-fpm.d/50-clear-env.conf
-elif [ "${ENV_WHITELIST}" != "none" ]; then
-    echo "ERROR: Invalid value for ENV_WHITELIST, got '${ENV_WHITELIST}'" >&2
-    echo "ERROR: Valid values are: 'none' or 'all'" >&2
-    exit 1
-fi
-
-exec /usr/bin/supervisord -c /etc/supervisord.conf

usr/local/etc/php/conf.d/00-security.ini

@@ -1,7 +1,3 @@
-; Disable file uploads by default for security reasons. Your service needs file uploads? Please
-; add a overwriting php.ini in your custom Dockerfile!
-file_uploads=Off
-
 ; session.use_strict_mode specifies whether the module will use strict session id mode. If this
 ; mode is enabled, the module does not accept uninitialized session ID. If uninitialized session ID
 ; is sent from browser, new session ID is sent to browser. Applications are protected from session

usr/local/etc/php/conf.d/10-xdebug.ini

@@ -1,4 +0,0 @@
-zend_extension=xdebug.so
-xdebug.remote_autostart=On
-xdebug.remote_enable=On
-xdebug.remote_connect_back=On