makasim · makasim · Mar 25, 2024 · Mar 22, 2024
diff --git a/8.3/base/Dockerfile b/8.3/base/Dockerfile
@@ -0,0 +1,38 @@
+FROM ubuntu:20.04
+
+MAINTAINER Maksim Kotliar <[email protected]>
+
+ENV LC_ALL=C.UTF-8
+
+RUN apt-get update && \
+    apt-get -y --no-install-recommends --no-install-suggests install software-properties-common && \
+    add-apt-repository ppa:ondrej/php && \
+    add-apt-repository ppa:ondrej/pkg-gearman && \
+    rm -rf /var/lib/apt/lists/*
+
+RUN apt-get update && \
+    apt-get install -y --no-install-recommends --no-install-suggests nginx php8.3 php8.3-fpm php8.3-cli php8.3-common ca-certificates gettext && \
+    rm -rf /var/lib/apt/lists/*
+
+# forward request and error logs to docker log collector
+RUN ln -sf /dev/stderr /var/log/nginx/access.log \
+	&& ln -sf /dev/stderr /var/log/nginx/error.log \
+	&& ln -sf /dev/stderr /var/log/php8.3-fpm.log \
+	&& ln -sf /dev/stderr /var/log/php-fpm.log
+
+RUN rm -f /etc/nginx/sites-enabled/*
+
+COPY nginx.conf.tpl /nginx.conf.tpl
+COPY nginx_ssl.conf.tpl /nginx_ssl.conf.tpl
+COPY php-fpm.conf.tpl /php-fpm.conf.tpl
+COPY defaults.ini /etc/php/8.3/cli/conf.d/defaults.ini
+COPY defaults.ini /etc/php/8.3/fpm/conf.d/defaults.ini
+
+RUN mkdir -p /run/php && touch /run/php/php8.3-fpm.sock && touch /run/php/php8.3-fpm.pid
+
+COPY entrypoint.sh /entrypoint.sh
+RUN chmod 755 /entrypoint.sh
+
+EXPOSE 80
+
+CMD ["/entrypoint.sh"]
diff --git a/8.3/base/defaults.ini b/8.3/base/defaults.ini
@@ -0,0 +1 @@
+date.timezone=UTC
diff --git a/8.3/base/entrypoint.sh b/8.3/base/entrypoint.sh
@@ -0,0 +1,65 @@
+#!/usr/bin/env bash
+
+export NGINX_WEB_ROOT=${NGINX_WEB_ROOT:-'/var/www/html'}
+export NGINX_PHP_FALLBACK=${NGINX_PHP_FALLBACK:-'/index.php'}
+export NGINX_PHP_LOCATION=${NGINX_PHP_LOCATION:-'^/index\.php(/|$$)'}
+export NGINX_USER=${NGINX_USER:-'www-data'}
+export NGINX_CONF=${NGINX_CONF:-'/etc/nginx/nginx.conf'}
+export NGINX_SSL_PUBLIC_CERTIFICATE=${NGINX_SSL_PUBLIC_CERTIFICATE:-''}
+export NGINX_SSL_PRIVATE_CERTIFICATE=${NGINX_SSL_PRIVATE_CERTIFICATE:-''}
+
+export PHP_SOCK_FILE=${PHP_SOCK_FILE:-'/run/php.sock'}
+export PHP_USER=${PHP_USER:-'www-data'}
+export PHP_GROUP=${PHP_GROUP:-'www-data'}
+export PHP_MODE=${PHP_MODE:-'0660'}
+export PHP_FPM_CONF=${PHP_FPM_CONF:-'/etc/php/7.3/fpm/php-fpm.conf'}
+
+envsubst '${NGINX_WEB_ROOT} ${NGINX_PHP_FALLBACK} ${NGINX_PHP_LOCATION} ${NGINX_USER} ${NGINX_CONF} ${PHP_SOCK_FILE} ${PHP_USER} ${PHP_GROUP} ${PHP_MODE} ${PHP_FPM_CONF}' < /nginx.conf.tpl > $NGINX_CONF
+envsubst '${NGINX_WEB_ROOT} ${NGINX_PHP_FALLBACK} ${NGINX_PHP_LOCATION} ${NGINX_USER} ${NGINX_CONF} ${PHP_SOCK_FILE} ${PHP_USER} ${PHP_GROUP} ${PHP_MODE} ${PHP_FPM_CONF}' < /php-fpm.conf.tpl > $PHP_FPM_CONF
+
+if [ ! -z "$NGINX_SSL_PUBLIC_CERTIFICATE" ]
+then
+      envsubst '${NGINX_SSL_PUBLIC_CERTIFICATE} ${NGINX_SSL_PRIVATE_CERTIFICATE} ${NGINX_WEB_ROOT} ${NGINX_PHP_FALLBACK} ${NGINX_PHP_LOCATION} ${NGINX_USER} ${NGINX_CONF} ${PHP_SOCK_FILE} ${PHP_USER} ${PHP_GROUP} ${PHP_MODE} ${PHP_FPM_CONF}' < /nginx_ssl.conf.tpl > /etc/nginx/conf.d/nginx_ssl.conf
+fi
+
+TRAPPED_SIGNAL=false
+
+echo 'Starting NGINX';
+nginx -c $NGINX_CONF  -g 'daemon off;' 2>&1 &
+NGINX_PID=$!
+
+echo 'Starting PHP-FPM';
+php-fpm7.3 -R -F -c $PHP_FPM_CONF 2>&1 &
+PHP_FPM_PID=$!
+
+trap "TRAPPED_SIGNAL=true; kill -15 $NGINX_PID; kill -15 $PHP_FPM_PID;" SIGTERM  SIGINT
+
+while :
+do
+    kill -0 $NGINX_PID 2> /dev/null
+    NGINX_STATUS=$?
+
+    kill -0 $PHP_FPM_PID 2> /dev/null
+    PHP_FPM_STATUS=$?
+
+    if [ "$TRAPPED_SIGNAL" = "false" ]; then
+        if [ $NGINX_STATUS -ne 0 ] || [ $PHP_FPM_STATUS -ne 0 ]; then
+            if [ $NGINX_STATUS -eq 0 ]; then
+                kill -15 $NGINX_PID;
+                wait $NGINX_PID;
+            fi
+            if [ $PHP_FPM_STATUS -eq 0 ]; then
+                kill -15 $PHP_FPM_PID;
+                wait $PHP_FPM_PID;
+            fi
+
+            exit 1;
+        fi
+    else
+       if [ $NGINX_STATUS -ne 0 ] && [ $PHP_FPM_STATUS -ne 0 ]; then
+            exit 0;
+       fi
+    fi
+
+	sleep 1
+done
diff --git a/8.3/base/nginx.conf.tpl b/8.3/base/nginx.conf.tpl
@@ -0,0 +1,54 @@
+user $NGINX_USER;
+worker_processes auto;
+pid /run/nginx.pid;
+
+events {
+	worker_connections 768;
+}
+
+http {
+	sendfile on;
+	tcp_nopush on;
+	tcp_nodelay on;
+	keepalive_timeout 65;
+	types_hash_max_size 2048;
+
+	include /etc/nginx/mime.types;
+	default_type application/octet-stream;
+
+	ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE
+	ssl_prefer_server_ciphers on;
+
+	access_log /var/log/nginx/access.log;
+	error_log /var/log/nginx/error.log;
+
+	gzip on;
+	gzip_disable "msie6";
+
+	include /etc/nginx/conf.d/*.conf;
+	#include /etc/nginx/sites-enabled/*;
+
+	server {
+		listen 80  default_server;
+		root $NGINX_WEB_ROOT;
+
+		location / {
+		    try_files $uri $NGINX_PHP_FALLBACK$is_args$args;
+		}
+		location ~ $NGINX_PHP_LOCATION {
+		    fastcgi_pass unix:$PHP_SOCK_FILE;
+		    fastcgi_split_path_info ^(.+\.php)(/.*)$;
+		    include fastcgi_params;
+		    fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;
+		    fastcgi_param DOCUMENT_ROOT $realpath_root;
+
+		    internal;
+		}
+
+		# return 404 for all other php files not matching the front controller
+		# this prevents access to other php files you don't want to be accessible.
+		location ~ \.php$ {
+		  return 404;
+		}
+	}
+}
diff --git a/8.3/base/nginx_ssl.conf.tpl b/8.3/base/nginx_ssl.conf.tpl
@@ -0,0 +1,44 @@
+
+server {
+    listen 443 ssl http2 default_server;
+    listen [::]:443 ssl http2 default_server;
+    root $NGINX_WEB_ROOT;
+
+    location / {
+        try_files $uri $NGINX_PHP_FALLBACK$is_args$args;
+    }
+    location ~ $NGINX_PHP_LOCATION {
+        fastcgi_pass unix:$PHP_SOCK_FILE;
+        fastcgi_split_path_info ^(.+\.php)(/.*)$;
+        include fastcgi_params;
+        fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;
+        fastcgi_param DOCUMENT_ROOT $realpath_root;
+
+        internal;
+    }
+
+    # return 404 for all other php files not matching the front controller
+    # this prevents access to other php files you don't want to be accessible.
+    location ~ \.php$ {
+        return 404;
+    }
+
+    ssl_certificate $NGINX_SSL_PUBLIC_CERTIFICATE;
+    ssl_certificate_key $NGINX_SSL_PRIVATE_CERTIFICATE;
+    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
+    ssl_prefer_server_ciphers on;
+    ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH";
+    ssl_ecdh_curve secp384r1;
+    ssl_session_cache shared:SSL:10m;
+    ssl_session_tickets off;
+    ssl_stapling on;
+    ssl_stapling_verify on;
+    resolver 8.8.8.8 8.8.4.4 valid=300s;
+    resolver_timeout 5s;
+    # Disable preloading HSTS for now.  You can use the commented out header line that includes
+    # the "preload" directive if you understand the implications.
+    #add_header Strict-Transport-Security "max-age=63072000; includeSubdomains; preload";
+    add_header Strict-Transport-Security "max-age=63072000; includeSubdomains";
+    add_header X-Frame-Options DENY;
+    add_header X-Content-Type-Options nosniff;
+}
diff --git a/8.3/base/php-fpm.conf.tpl b/8.3/base/php-fpm.conf.tpl
@@ -0,0 +1,18 @@
+[www]
+
+pm = dynamic
+pm.max_children = 5
+pm.start_servers = 2
+pm.min_spare_servers = 1
+pm.max_spare_servers = 3
+
+clear_env = no
+catch_workers_output=yes
+decorate_workers_output=no
+
+user = $PHP_USER
+group = $PHP_GROUP
+listen = $PHP_SOCK_FILE
+listen.owner = $PHP_USER
+listen.group = $PHP_GROUP
+listen.mode = $PHP_MODE
diff --git a/8.3/build-images.sh b/8.3/build-images.sh
@@ -0,0 +1,7 @@
+#!/usr/bin/env bash
+
+set -x
+set -e
+
+(cd 8.3/base && docker buildx build --platform linux/amd64,linux/arm64 --push --rm --pull -t makasim/nginx-php-fpm:8.3 -t makasim/nginx-php-fpm:latest .)
+(cd 8.3/php-all-exts && docker buildx build --platform linux/amd64,linux/arm64 --push --rm -t makasim/nginx-php-fpm:8.3-all-exts -t makasim/nginx-php-fpm:latest-all-exts .)
diff --git a/8.3/php-all-exts/Dockerfile b/8.3/php-all-exts/Dockerfile
@@ -0,0 +1,10 @@
+FROM makasim/nginx-php-fpm:8.3
+
+# exts
+RUN apt-get update && \
+    apt-get install -y --no-install-recommends --no-install-suggests \
+    php-mongodb php-curl php-intl php-soap php-xml php-bcmath \
+    php-mysql php-amqp php-gearman php-mbstring php-ldap php-zip php-gd php-xdebug php-imagick && \
+    rm -f /etc/php/8.3/cli/conf.d/*xdebug.ini && \
+    rm -f /etc/php/8.3/fpm/conf.d/*xdebug.ini && \
+    rm -rf /var/lib/apt/lists/*
diff --git a/8.3/push-images.sh b/8.3/push-images.sh
@@ -0,0 +1,10 @@
+#!/usr/bin/env bash
+
+set -x
+set -e
+
+docker login -u $DOCKER_USER -p $DOCKER_PASSWORD
+docker push makasim/nginx-php-fpm:8.3
+docker push makasim/nginx-php-fpm:8.3-all-exts
+docker push makasim/nginx-php-fpm:latest
+docker push makasim/nginx-php-fpm:latest-all-exts