From aa1cabad9468ee8117fd2f392545f42d9a5ab457 Mon Sep 17 00:00:00 2001 From: El RIDO Date: Sun, 27 May 2018 23:22:08 +0200 Subject: [PATCH] trimmed down docker image, added GD support, enabled file upload --- .dockerignore | 3 -- Dockerfile | 49 ++++++------------ .../redirect-apex-to-www.conf.tpl | 7 --- .../redirect-www-to-apex.conf.tpl | 7 --- .../{site.conf.tpl => site.conf} | 2 +- usr/bin/docker-start | 51 ------------------- usr/local/etc/php/conf.d/00-security.ini | 4 -- usr/local/etc/php/conf.d/10-xdebug.ini | 4 -- 8 files changed, 16 insertions(+), 111 deletions(-) delete mode 100644 etc/nginx/sites-available/redirect-apex-to-www.conf.tpl delete mode 100644 etc/nginx/sites-available/redirect-www-to-apex.conf.tpl rename etc/nginx/sites-available/{site.conf.tpl => site.conf} (95%) delete mode 100755 usr/bin/docker-start delete mode 100644 usr/local/etc/php/conf.d/10-xdebug.ini diff --git a/.dockerignore b/.dockerignore index 83ba932..b871a43 100644 --- a/.dockerignore +++ b/.dockerignore @@ -4,8 +4,5 @@ examples/ # Git .git/ -# PHPStorm -.idea/ - # OSX .DS_Store diff --git a/Dockerfile b/Dockerfile index 654aafa..0806061 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,20 +1,24 @@ FROM php:fpm-alpine -MAINTAINER Michael Contento +MAINTAINER PrivateBin RUN \ # Install dependencies apk add --no-cache nginx supervisor \ # Install PHP extension: opcache - && docker-php-ext-install opcache \ + && docker-php-ext-install -j$(nproc) opcache \ && rm -f /usr/local/etc/php/conf.d/docker-php-ext-opcache.ini \ -# Install PHP extension: xdebug - && apk add --no-cache g++ make autoconf \ - && pecl install xdebug \ - && apk del g++ make autoconf \ - && rm -rf /tmp/pear \ +# Install PHP extension: gd + && apk add --no-cache freetype libpng libjpeg-turbo freetype-dev libpng-dev libjpeg-turbo-dev \ + && docker-php-ext-configure gd \ + --with-freetype-dir=/usr/include/ \ + --with-png-dir=/usr/include/ \ + --with-jpeg-dir=/usr/include/ \ + && docker-php-ext-install -j$(nproc) gd \ + && apk del --no-cache freetype-dev libpng-dev libjpeg-turbo-dev \ # Remove (some of the) default nginx config && rm -f /etc/nginx.conf \ + && rm -f /etc/nginx/conf.d/default.conf \ && rm -rf /etc/nginx/sites-* \ && rm -rf /var/log/nginx \ # Ensure nginx logs, even if the config has errors, are written to stderr @@ -38,35 +42,12 @@ RUN \ WORKDIR /var/www -# Where nginx should serve from -ENV DOCUMENT_ROOT=/var/www - -# Should we instantiate a redirect for apex-to-www? Or www-to-apex? -# Valid values are "none", "www-to-apex" or "apex-to-www" -ENV REDIRECT_MODE="none" - -# Which HTTP code should we use for the above redirect -ENV REDIRECT_CODE=302 - -# Which protocol should we use to do the above redirect? Valid options are -# "http", "https" or "auto" (which will trust X-Forwarded-Proto) -ENV REDIRECT_PROTO="auto" - -# Change this to true/1 to enable the xdebug extension for php. You need to change -# some xdebug settings? E.g. xdebug.idekey? Just set a environment variable with the dot -# replaced with an underscore (xdebug.idekey => XDEBUG_IDEKEY) and they xdebug config will -# be changed on container start. This is a fast and simple alternative to adding a custom -# config ini in /usr/local/etc/php/conf.d/ -ENV XDEBUG=false - -# Which environment variables should be available to PHP? For security reasons we do not expose -# any of them to PHP by default. -# Valid values are "none" and "all" -ENV ENV_WHITELIST="none" - ADD etc/ /etc/ ADD usr/ /usr/ +# mark dirs as volumes that need to be writable, allows running the container --read-only +VOLUME /tmp /var/tmp /var/run /var/log + EXPOSE 80 -CMD ["/usr/bin/docker-start"] +ENTRYPOINT ["/usr/bin/supervisord","-c","/etc/supervisord.conf"] diff --git a/etc/nginx/sites-available/redirect-apex-to-www.conf.tpl b/etc/nginx/sites-available/redirect-apex-to-www.conf.tpl deleted file mode 100644 index 1268668..0000000 --- a/etc/nginx/sites-available/redirect-apex-to-www.conf.tpl +++ /dev/null @@ -1,7 +0,0 @@ -server { - listen 80; - server_name ~^(?!www.)(?.+)$; - - include /etc/nginx/server.d/*.conf; - return {{REDIRECT_CODE}} {{REDIRECT_PROTO}}://www.$domain$request_uri; -} diff --git a/etc/nginx/sites-available/redirect-www-to-apex.conf.tpl b/etc/nginx/sites-available/redirect-www-to-apex.conf.tpl deleted file mode 100644 index b695be6..0000000 --- a/etc/nginx/sites-available/redirect-www-to-apex.conf.tpl +++ /dev/null @@ -1,7 +0,0 @@ -server { - listen 80; - server_name ~^www.(?.+)$; - - include /etc/nginx/server.d/*.conf; - return {{REDIRECT_CODE}} {{REDIRECT_PROTO}}://$domain$request_uri; -} diff --git a/etc/nginx/sites-available/site.conf.tpl b/etc/nginx/sites-available/site.conf similarity index 95% rename from etc/nginx/sites-available/site.conf.tpl rename to etc/nginx/sites-available/site.conf index 393ac1d..a8c2a9e 100644 --- a/etc/nginx/sites-available/site.conf.tpl +++ b/etc/nginx/sites-available/site.conf @@ -1,7 +1,7 @@ server { listen 80 default_server; - root {{DOCUMENT_ROOT}}; + root /var/www; index index.php index.html index.htm; location / { diff --git a/usr/bin/docker-start b/usr/bin/docker-start deleted file mode 100755 index e20a66c..0000000 --- a/usr/bin/docker-start +++ /dev/null @@ -1,51 +0,0 @@ -#!/usr/bin/env sh -set -eu - -# Properly detect requested redirect -if [ "${REDIRECT_PROTO}" == "auto" ]; then - REDIRECT_PROTO="\$http_x_forwarded_proto"; -elif [ "${REDIRECT_PROTO}" != "http" ] && [ "${REDIRECT_PROTO}" != "https" ]; then - echo "ERROR: Invalid value for REDIRECT_PROTO, got '${REDIRECT_PROTO}'" >&2 - echo "ERROR: Valid values are: 'auto', 'http' or 'https'" >&2 - exit 1 -fi - -# Replace templates in nginx config -for file in /etc/nginx/*/*.tpl; do - sed \ - -e "s#{{DOCUMENT_ROOT}}#${DOCUMENT_ROOT}#g" \ - -e "s#{{REDIRECT_CODE}}#${REDIRECT_CODE}#g" \ - -e "s#{{REDIRECT_PROTO}}#${REDIRECT_PROTO}#g" \ - "${file}" \ - > "${file%.tpl}" -done - -# Activate the right -rm -f /etc/nginx/sites-enabled/redirect-*.conf -if [[ -f "/etc/nginx/sites-available/redirect-${REDIRECT_MODE}.conf" ]]; then - ln -s \ - "/etc/nginx/sites-available/redirect-${REDIRECT_MODE}.conf" \ - "/etc/nginx/sites-enabled/redirect-${REDIRECT_MODE}.conf" -fi - -# Configure or disable XDebug as requested -XDEBUG_INI="/usr/local/etc/php/conf.d/10-xdebug.ini" -if [ ${XDEBUG} = true ] || [ "${XDEBUG}" == "1" ]; then - for setting in $(env | egrep '^XDEBUG_'); do - key=$(echo "${setting}" | cut -d'=' -f1 | sed -e 's/XDEBUG_/xdebug./' | tr 'A-Z' 'a-z') - value=$(echo "${setting}" | cut -d'=' -f2-) - echo "${key}=${value}" >> "${XDEBUG_INI}" - done -else - rm -f "${XDEBUG_INI}" -fi - -if [ "${ENV_WHITELIST}" == "all" ]; then - rm -rf /usr/local/etc/php-fpm.d/50-clear-env.conf -elif [ "${ENV_WHITELIST}" != "none" ]; then - echo "ERROR: Invalid value for ENV_WHITELIST, got '${ENV_WHITELIST}'" >&2 - echo "ERROR: Valid values are: 'none' or 'all'" >&2 - exit 1 -fi - -exec /usr/bin/supervisord -c /etc/supervisord.conf diff --git a/usr/local/etc/php/conf.d/00-security.ini b/usr/local/etc/php/conf.d/00-security.ini index 9b7f3be..5f7d824 100644 --- a/usr/local/etc/php/conf.d/00-security.ini +++ b/usr/local/etc/php/conf.d/00-security.ini @@ -1,7 +1,3 @@ -; Disable file uploads by default for security reasons. Your service needs file uploads? Please -; add a overwriting php.ini in your custom Dockerfile! -file_uploads=Off - ; session.use_strict_mode specifies whether the module will use strict session id mode. If this ; mode is enabled, the module does not accept uninitialized session ID. If uninitialized session ID ; is sent from browser, new session ID is sent to browser. Applications are protected from session diff --git a/usr/local/etc/php/conf.d/10-xdebug.ini b/usr/local/etc/php/conf.d/10-xdebug.ini deleted file mode 100644 index 09dfa99..0000000 --- a/usr/local/etc/php/conf.d/10-xdebug.ini +++ /dev/null @@ -1,4 +0,0 @@ -zend_extension=xdebug.so -xdebug.remote_autostart=On -xdebug.remote_enable=On -xdebug.remote_connect_back=On