From b04108041cfe914980f35df940c7a9cd517c9871 Mon Sep 17 00:00:00 2001 From: = <=> Date: Sun, 16 Jun 2024 12:08:36 +0200 Subject: [PATCH] make container stuff compatible with podman, add devcontainer support --- .devcontainer/Dockerfile | 430 +++++++++++++++++++++++ .devcontainer/devcontainer.json | 95 +++-- .devcontainer/docker-compose.extend.yml | 21 ++ Dockerfile | 51 ++- configs/nginx/vhosts/001-adminator2.conf | 6 +- configs/nginx/vhosts/002-adminator3.conf | 8 +- docker-compose.yml | 143 ++++---- docker-php-entrypoint | 22 ++ r-links.md | 2 + 9 files changed, 637 insertions(+), 141 deletions(-) create mode 100644 .devcontainer/Dockerfile create mode 100644 .devcontainer/docker-compose.extend.yml create mode 100644 docker-php-entrypoint diff --git a/.devcontainer/Dockerfile b/.devcontainer/Dockerfile new file mode 100644 index 000000000..f5e4b06d0 --- /dev/null +++ b/.devcontainer/Dockerfile @@ -0,0 +1,430 @@ +# https://mcr.microsoft.com/en-us/product/devcontainers/base/tags +FROM mcr.microsoft.com/devcontainers/base:dev-debian-12 + +# +# start php Dockerfile steps +# + +# https://github.com/docker-library/php/blob/master/8.2/bookworm/fpm/Dockerfile + +# prevent Debian's PHP packages from being installed +# https://github.com/docker-library/php/pull/542 +RUN set -eux; \ + { \ + echo 'Package: php*'; \ + echo 'Pin: release *'; \ + echo 'Pin-Priority: -1'; \ + } > /etc/apt/preferences.d/no-debian-php + +# dependencies required for running "phpize" +# (see persistent deps below) +ENV PHPIZE_DEPS \ + autoconf \ + dpkg-dev \ + file \ + g++ \ + gcc \ + libc-dev \ + make \ + pkg-config \ + re2c + +# persistent / runtime deps +RUN set -eux; \ + apt-get update; \ + apt-get install -y --no-install-recommends \ + $PHPIZE_DEPS \ + ca-certificates \ + curl \ + xz-utils \ + ; \ + rm -rf /var/lib/apt/lists/* + +ENV PHP_INI_DIR /usr/local/etc/php +RUN set -eux; \ + mkdir -p "$PHP_INI_DIR/conf.d"; \ +# allow running as an arbitrary user (https://github.com/docker-library/php/issues/743) + [ ! -d /var/www/html ]; \ + mkdir -p /var/www/html; \ + chown www-data:www-data /var/www/html; \ + chmod 1777 /var/www/html + +# Apply stack smash protection to functions using local buffers and alloca() +# Make PHP's main executable position-independent (improves ASLR security mechanism, and has no performance impact on x86_64) +# Enable optimization (-O2) +# Enable linker optimization (this sorts the hash buckets to improve cache locality, and is non-default) +# https://github.com/docker-library/php/issues/272 +# -D_LARGEFILE_SOURCE and -D_FILE_OFFSET_BITS=64 (https://www.php.net/manual/en/intro.filesystem.php) +ENV PHP_CFLAGS="-fstack-protector-strong -fpic -fpie -O2 -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64" +ENV PHP_CPPFLAGS="$PHP_CFLAGS" +ENV PHP_LDFLAGS="-Wl,-O1 -pie" + +ENV GPG_KEYS 39B641343D8C104B2B146DC3F9C39DC0B9698544 E60913E4DF209907D8E30D96659A97C9CF2A795A 1198C0117593497A5EC5C199286AF1F9897469DC + +ENV PHP_VERSION 8.2.20 +ENV PHP_URL="https://www.php.net/distributions/php-8.2.20.tar.xz" PHP_ASC_URL="https://www.php.net/distributions/php-8.2.20.tar.xz.asc" +ENV PHP_SHA256="4474cc430febef6de7be958f2c37253e5524d5c5331a7e1765cd2d2234881e50" + +RUN set -eux; \ + \ + savedAptMark="$(apt-mark showmanual)"; \ + apt-get update; \ + apt-get install -y --no-install-recommends gnupg; \ + rm -rf /var/lib/apt/lists/*; \ + \ + mkdir -p /usr/src; \ + cd /usr/src; \ + \ + curl -fsSL -o php.tar.xz "$PHP_URL"; \ + \ + if [ -n "$PHP_SHA256" ]; then \ + echo "$PHP_SHA256 *php.tar.xz" | sha256sum -c -; \ + fi; \ + \ + if [ -n "$PHP_ASC_URL" ]; then \ + curl -fsSL -o php.tar.xz.asc "$PHP_ASC_URL"; \ + export GNUPGHOME="$(mktemp -d)"; \ + for key in $GPG_KEYS; do \ + gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key"; \ + done; \ + gpg --batch --verify php.tar.xz.asc php.tar.xz; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + fi; \ + \ + apt-mark auto '.*' > /dev/null; \ + apt-mark manual $savedAptMark > /dev/null; \ + apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false + +# COPY docker-php-source /usr/local/bin/ +COPY --from=php:8.2-fpm /usr/local/bin/docker-php-source /usr/local/bin/docker-php-source + +RUN set -eux; \ + \ + savedAptMark="$(apt-mark showmanual)"; \ + apt-get update; \ + apt-get install -y --no-install-recommends \ + libargon2-dev \ + libcurl4-openssl-dev \ + libonig-dev \ + libreadline-dev \ + libsodium-dev \ + libsqlite3-dev \ + libssl-dev \ + libxml2-dev \ + zlib1g-dev \ + ; \ + \ + export \ + CFLAGS="$PHP_CFLAGS" \ + CPPFLAGS="$PHP_CPPFLAGS" \ + LDFLAGS="$PHP_LDFLAGS" \ +# https://github.com/php/php-src/blob/d6299206dd828382753453befd1b915491b741c6/configure.ac#L1496-L1511 + PHP_BUILD_PROVIDER='https://github.com/docker-library/php' \ + PHP_UNAME='Linux - Docker' \ + ; \ + docker-php-source extract; \ + cd /usr/src/php; \ + gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ + debMultiarch="$(dpkg-architecture --query DEB_BUILD_MULTIARCH)"; \ +# https://bugs.php.net/bug.php?id=74125 + if [ ! -d /usr/include/curl ]; then \ + ln -sT "/usr/include/$debMultiarch/curl" /usr/local/include/curl; \ + fi; \ + ./configure \ + --build="$gnuArch" \ + --with-config-file-path="$PHP_INI_DIR" \ + --with-config-file-scan-dir="$PHP_INI_DIR/conf.d" \ + \ +# make sure invalid --configure-flags are fatal errors instead of just warnings + --enable-option-checking=fatal \ + \ +# https://github.com/docker-library/php/issues/439 + --with-mhash \ + \ +# https://github.com/docker-library/php/issues/822 + --with-pic \ + \ +# --enable-mbstring is included here because otherwise there's no way to get pecl to use it properly (see https://github.com/docker-library/php/issues/195) + --enable-mbstring \ +# --enable-mysqlnd is included here because it's harder to compile after the fact than extensions are (since it's a plugin for several extensions, not an extension in itself) + --enable-mysqlnd \ +# https://wiki.php.net/rfc/argon2_password_hash + --with-password-argon2 \ +# https://wiki.php.net/rfc/libsodium + --with-sodium=shared \ +# always build against system sqlite3 (https://github.com/php/php-src/commit/6083a387a81dbbd66d6316a3a12a63f06d5f7109) + --with-pdo-sqlite=/usr \ + --with-sqlite3=/usr \ + \ + --with-curl \ + --with-iconv \ + --with-openssl \ + --with-readline \ + --with-zlib \ + \ +# https://github.com/bwoebi/phpdbg-docs/issues/1#issuecomment-163872806 ("phpdbg is primarily a CLI debugger, and is not suitable for debugging an fpm stack.") + --disable-phpdbg \ + \ +# in PHP 7.4+, the pecl/pear installers are officially deprecated (requiring an explicit "--with-pear") + --with-pear \ + \ +# bundled pcre does not support JIT on riscv64 until 10.41 (php 8.3+) +# https://github.com/PCRE2Project/pcre2/commits/pcre2-10.41/src/sljit/sljitNativeRISCV_64.c +# https://github.com/php/php-src/tree/php-8.3.0/ext/pcre/pcre2lib + $(test "$gnuArch" = 'riscv64-linux-gnu' && echo '--without-pcre-jit') \ + --with-libdir="lib/$debMultiarch" \ + \ + --disable-cgi \ + \ + --enable-fpm \ + --with-fpm-user=www-data \ + --with-fpm-group=www-data \ + ; \ + make -j "$(nproc)"; \ + find -type f -name '*.a' -delete; \ + make install; \ + find \ + /usr/local \ + -type f \ + -perm '/0111' \ + -exec sh -euxc ' \ + strip --strip-all "$@" || : \ + ' -- '{}' + \ + ; \ + make clean; \ + \ +# https://github.com/docker-library/php/issues/692 (copy default example "php.ini" files somewhere easily discoverable) + cp -v php.ini-* "$PHP_INI_DIR/"; \ + \ + cd /; \ + docker-php-source delete; \ + \ +# reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies + apt-mark auto '.*' > /dev/null; \ + [ -z "$savedAptMark" ] || apt-mark manual $savedAptMark; \ + find /usr/local -type f -executable -exec ldd '{}' ';' \ + | awk '/=>/ { so = $(NF-1); if (index(so, "/usr/local/") == 1) { next }; gsub("^/(usr/)?", "", so); printf "*%s\n", so }' \ + | sort -u \ + | xargs -r dpkg-query --search \ + | cut -d: -f1 \ + | sort -u \ + | xargs -r apt-mark manual \ + ; \ + apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \ + rm -rf /var/lib/apt/lists/*; \ + \ +# update pecl channel definitions https://github.com/docker-library/php/issues/443 + pecl update-channels; \ + rm -rf /tmp/pear ~/.pearrc; \ + \ +# smoke test + php --version + +# COPY docker-php-ext-* docker-php-entrypoint /usr/local/bin/ +COPY --from=php:8.2-fpm /usr/local/bin/docker-php-entrypoint /usr/local/bin/docker-php-entrypoint +COPY --from=php:8.2-fpm /usr/local/bin/docker-php-ext-* /usr/local/bin/ + +# sodium was built as a shared module (so that it can be replaced later if so desired), so let's enable it too (https://github.com/docker-library/php/issues/598) +RUN docker-php-ext-enable sodium + +ENTRYPOINT ["docker-php-entrypoint"] +WORKDIR /var/www/html + +RUN set -eux; \ + cd /usr/local/etc; \ + if [ -d php-fpm.d ]; then \ + # for some reason, upstream's php-fpm.conf.default has "include=NONE/etc/php-fpm.d/*.conf" + sed 's!=NONE/!=!g' php-fpm.conf.default | tee php-fpm.conf > /dev/null; \ + cp php-fpm.d/www.conf.default php-fpm.d/www.conf; \ + else \ + # PHP 5.x doesn't use "include=" by default, so we'll create our own simple config that mimics PHP 7+ for consistency + mkdir php-fpm.d; \ + cp php-fpm.conf.default php-fpm.d/www.conf; \ + { \ + echo '[global]'; \ + echo 'include=etc/php-fpm.d/*.conf'; \ + } | tee php-fpm.conf; \ + fi; \ + { \ + echo '[global]'; \ + echo 'error_log = /proc/self/fd/2'; \ + echo; echo '; https://github.com/docker-library/php/pull/725#issuecomment-443540114'; echo 'log_limit = 8192'; \ + echo; \ + echo '[www]'; \ + echo '; php-fpm closes STDOUT on startup, so sending logs to /proc/self/fd/1 does not work.'; \ + echo '; https://bugs.php.net/bug.php?id=73886'; \ + echo 'access.log = /proc/self/fd/2'; \ + echo; \ + echo 'clear_env = no'; \ + echo; \ + echo '; Ensure worker stdout and stderr are sent to the main error log.'; \ + echo 'catch_workers_output = yes'; \ + echo 'decorate_workers_output = no'; \ + } | tee php-fpm.d/docker.conf; \ + { \ + echo '[global]'; \ + echo 'daemonize = no'; \ + echo; \ + echo '[www]'; \ + echo 'listen = 9000'; \ + } | tee php-fpm.d/zz-docker.conf; \ + mkdir -p "$PHP_INI_DIR/conf.d"; \ + { \ + echo '; https://github.com/docker-library/php/issues/878#issuecomment-938595965'; \ + echo 'fastcgi.logging = Off'; \ + } > "$PHP_INI_DIR/conf.d/docker-fpm.ini" + +# Override stop signal to stop process gracefully +# https://github.com/php/php-src/blob/17baa87faddc2550def3ae7314236826bc1b1398/sapi/fpm/php-fpm.8.in#L163 +STOPSIGNAL SIGQUIT + +EXPOSE 9000 +CMD ["php-fpm"] + +# +# start adminator Dockerfile steps +# + +ENV ACCEPT_EULA=Y + +# +# install tools & PHP extensions +# +RUN apt-get update \ + && apt-get install -y \ + libpq-dev \ + wget \ + zip \ + unzip \ + zlib1g-dev \ + libpng-dev \ + git \ + libldap2-dev \ + libzip-dev \ + libgrpc-dev \ + libgrpc++-dev \ + gnupg \ + vim \ + autoconf \ + && docker-php-ext-install mysqli \ + && docker-php-ext-configure pgsql -with-pgsql=/usr/local/pgsql \ + && docker-php-ext-install \ + opcache \ + pgsql \ + pdo_pgsql \ + zip \ + pdo \ + pdo_mysql \ + ldap \ + gd \ + sockets \ + && apt-get clean \ + && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* + +# PHP MSSQL stuff +# https://learn.microsoft.com/en-gb/sql/connect/odbc/linux-mac/installing-the-microsoft-odbc-driver-for-sql-server?view=sql-server-2017 +# RUN curl -fsSL https://packages.microsoft.com/keys/microsoft.asc | gpg --dearmor -o /usr/share/keyrings/microsoft-prod.gpg \ +# && curl https://packages.microsoft.com/config/debian/12/prod.list | tee /etc/apt/sources.list.d/mssql-release.list \ +RUN apt-get update \ + && apt-get install -y \ + unixodbc-dev \ + && apt-get clean \ + && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* + +RUN export MAKEFLAGS="-j $(nproc)" \ + && pecl install sqlsrv-5.11.1 \ + && pecl install pdo_sqlsrv-5.11.1 + +# Install APCu and APC backward compatibility +RUN export MAKEFLAGS="-j $(nproc)" \ + && pecl install apcu + +RUN git clone --depth 1 -b v1.63.0 https://github.com/grpc/grpc /tmp/grpc && \ + cd /tmp/grpc/src/php/ext/grpc && \ + phpize && \ + ./configure && \ + make && \ + make install && \ + rm -rf /tmp/grpc + +# opentelemetry & protobuf +RUN export MAKEFLAGS="-j $(nproc)" \ + && pecl install \ + opentelemetry \ + protobuf + # grpc + +# packages required for php extensions and composer +# MSSQL +# -> https://learn.microsoft.com/en-gb/sql/connect/odbc/linux-mac/installing-the-microsoft-odbc-driver-for-sql-server?view=sql-server-2017 +RUN apt-get update \ + && apt-get install -y \ + gnupg \ + libfcgi-bin \ + util-linux \ + unzip \ + && curl -fsSL https://packages.microsoft.com/keys/microsoft.asc | gpg --dearmor -o /usr/share/keyrings/microsoft-prod.gpg \ + && curl https://packages.microsoft.com/config/debian/12/prod.list | tee /etc/apt/sources.list.d/mssql-release.list \ + && apt-get update \ + && apt-get install -y \ + libzip4 \ + libpng16-16 \ + msodbcsql18 \ + libpq5 \ + libgrpc29 \ + diffutils + +# Enable extensions +RUN docker-php-ext-enable \ + apcu \ + gd \ + ldap \ + mysqli \ + opcache \ + opentelemetry \ + pdo \ + pdo_pgsql \ + pdo_mysql \ + pdo_sqlsrv \ + pgsql \ + protobuf \ + sockets \ + sodium \ + sqlsrv \ + zip \ + grpc + +# Get latest Composer +COPY --from=composer:latest /usr/bin/composer /usr/bin/composer + +WORKDIR /srv/www + +RUN mkdir -p /srv/www/adminator2/ \ + && cd /srv/www/adminator2 \ + && mkdir temp log \ + && chown www-data:www-data temp log + +RUN mkdir -p /srv/www/adminator3/ \ + && cd /srv/www/adminator3 \ + && mkdir temp logs export \ + && chown www-data:www-data temp logs export + +COPY adminator2/composer.json /srv/www/adminator2/ +COPY adminator3/composer.json /srv/www/adminator3/ + +RUN cd adminator2 \ + && composer install + +RUN cd adminator3 \ + && composer install + +# fpm conf + +# RUN mv "$PHP_INI_DIR/php.ini-development" "$PHP_INI_DIR/php.ini" +COPY configs/php-fpm/ /usr/local/etc/php-fpm.d + +COPY configs/php/docker.ini /usr/local/etc/php/conf.d/ + +# Enable php fpm status page +RUN set -xe && echo "pm.status_path = /status" >> /usr/local/etc/php-fpm.d/zz-docker.conf diff --git a/.devcontainer/devcontainer.json b/.devcontainer/devcontainer.json index 67979f6b9..c431b0020 100644 --- a/.devcontainer/devcontainer.json +++ b/.devcontainer/devcontainer.json @@ -1,25 +1,74 @@ { - "name": "isp-net-adminator", - // Or use a Dockerfile or Docker Compose file. More info: https://containers.dev/guide/dockerfile -// "image": "opencodeco/phpctl:php83-devcontainer", - "image" : "php:5.6-apache", - "postCreateCommand": "composer install", - "features": { - // Install the Dapr CLI -// "ghcr.io/dapr/cli/dapr-cli:0": {}, - "ghcr.io/devcontainers/features/sshd:1": {}, - // Enable Docker (via Docker-in-Docker) - "ghcr.io/devcontainers/features/docker-in-docker:2": {} - } - // Use 'forwardPorts' to make a list of ports inside the container available locally. - // "forwardPorts": [], - - // Use 'postCreateCommand' to run commands after the container is created. - // "postCreateCommand": "sudo chmod a+x \"$(pwd)\" && sudo rm -rf /var/www/html && sudo ln -s \"$(pwd)\" /var/www/html" - - // Configure tool-specific properties. - // "customizations": {}, - - // Uncomment to connect as root instead. More info: https://aka.ms/dev-containers-non-root. - // "remoteUser": "root" + "$schema": "https://raw.githubusercontent.com/devcontainers/spec/main/schemas/devContainer.base.schema.json", + + // For format details, see https://aka.ms/devcontainer.json. For config options, see the + // README at: https://github.com/devcontainers/templates/tree/main/src/ubuntu + + "name": "isp-net-adminator", + + // Or use a Dockerfile or Docker Compose file. More info: https://containers.dev/guide/dockerfile + // "image": "mcr.microsoft.com/devcontainers/base:jammy", + + "dockerComposeFile": [ + "../docker-compose.yml", + "docker-compose.extend.yml" + ], + + "service": "fpm", + + "workspaceFolder": "/srv/www", + + "shutdownAction": "stopCompose", + + // Features to add to the dev container. More info: https://containers.dev/features. + "features": { + }, + + // Use 'forwardPorts' to make a list of ports inside the container available locally. + // "forwardPorts": [], + + // Use 'postCreateCommand' to run commands after the container is created. + // "postCreateCommand": "bash scripts/devcontainers-post-commands.sh", + + // Configure tool-specific properties. + "customizations": { + "vscode": { + "extensions": [ + // "ms-azuretools.vscode-docker" + // ,"mads-hartmann.bash-ide-vscode" + // , + // "EditorConfig.EditorConfig" + ] + } + }, + + // Uncomment to connect as root instead. + // More info: https://aka.ms/dev-containers-non-root. + // Docs: https://code.visualstudio.com/remote/advancedcontainers/add-nonroot-user + "remoteUser": "vscode" + + // podman specific + // https://code.visualstudio.com/remote/advancedcontainers/docker-options#_podman + // , + // "runArgs": [ + // // run container as current user + // // "--userns=keep-id" + // // , + // // // mount user home directory for things like git, ssh, and other configs + // // "--volume=${env:HOME}:${env:HOME}", + // // // ensure project directory is mounted incase it exists outside the home directory + // // "--volume=${localWorkspaceFolder}:${localWorkspaceFolder}", + // // isolate the .vscode-server folder so you don't overwrite settings from remote ssh vscode + // //"--volume=${localWorkspaceFolder}/.cache/vscode-server:${env:HOME}/.vscode-server" + // ] + , + "containerEnv": { + // ensure users home directory is the same inside the container as it is outside + "HOME": "/home/vscode" + + } + // podman workaround for "mkdir: cannot create directory '/root': Permission denied" + // https://blog.lifeishao.com/post/vscode-replace-docker-with-podman/ + // , + // "containerUser": "vscode" // the value needs to match the value of "remoteUser" } diff --git a/.devcontainer/docker-compose.extend.yml b/.devcontainer/docker-compose.extend.yml new file mode 100644 index 000000000..318c1db10 --- /dev/null +++ b/.devcontainer/docker-compose.extend.yml @@ -0,0 +1,21 @@ +services: + fpm: + build: + # context: ../ + dockerfile: .devcontainer/Dockerfile + # target: main + # args: + # progress: plain + volumes: + # Mounts the project folder to '/workspace'. While this file is in .devcontainer, + # mounts are relative to the first file in the list, which is a level up. + - .:/srv/www:cached + + # [Optional] Required for ptrace-based debuggers like C++, Go, and Rust + cap_add: + - SYS_PTRACE + security_opt: + - seccomp:unconfined + + # Overrides default command so things don't shut down after the process ends. + command: /bin/sh -c "while sleep 1000; do :; done" diff --git a/Dockerfile b/Dockerfile index e6707077a..73add3ad2 100644 --- a/Dockerfile +++ b/Dockerfile @@ -110,7 +110,7 @@ RUN apt-get update \ && apt-get install -y \ libzip4 \ libpng16-16 \ - msodbcsql17 \ + msodbcsql18 \ libpq5 \ libgrpc29 \ diffutils @@ -145,8 +145,8 @@ RUN mkdir -p /srv/www/adminator2/ \ RUN mkdir -p /srv/www/adminator3/ \ && cd /srv/www/adminator3 \ - && mkdir temp log logs export \ - && chown www-data:www-data temp log logs export + && mkdir temp logs export \ + && chown www-data:www-data temp logs export COPY adminator2/composer.json /srv/www/adminator2/ COPY adminator3/composer.json /srv/www/adminator3/ @@ -159,20 +159,20 @@ RUN cd adminator3 \ # clean-up RUN apt-get purge -y --allow-remove-essential \ -libgcc-12-dev \ -libstdc++-12-dev \ -linux-libc-dev \ -curl \ -gnupg \ -make \ -m4 \ -re2c \ -pkg-config \ -file \ -unzip \ -&& apt autoremove -y \ -&& apt-get clean \ -&& rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* + libgcc-12-dev \ + libstdc++-12-dev \ + linux-libc-dev \ + curl \ + gnupg \ + make \ + m4 \ + re2c \ + pkg-config \ + file \ + unzip \ + && apt autoremove -y \ + && apt-get clean \ + && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* # app code COPY adminator2/ /srv/www/adminator2/ @@ -185,6 +185,8 @@ COPY adminator3/include/main.function.shared.php /srv/www//adminator2/include/ma RUN chmod 1777 /tmp \ && cd adminator3 \ && chown www-data:www-data export \ + && mkdir -p logs \ + && chown www-data:www-data logs \ && cd print \ && mkdir -p temp \ && chown www-data:www-data temp @@ -203,15 +205,13 @@ COPY ./configs/php-fpm-healthcheck /usr/local/bin/php-fpm-healthcheck RUN chmod +x /usr/local/bin/php-fpm-healthcheck -# fix logging -# RUN mkdir -p /var/log/php \ -# && chown -R www-data:www-data /var/log/php - # \ - # && echo '' > /var/log/php/error.log - # # dont run as root # USER www-data:www-data +COPY docker-php-entrypoint /usr/local/bin/docker-php-entrypoint + +RUN chmod 0775 /usr/local/bin/docker-php-entrypoint + # workaround for squash # FROM scratch @@ -226,10 +226,7 @@ RUN rm -rf /usr/bin/composer # ENV PHP_INI_DIR /usr/local/etc/php -ENTRYPOINT [ \ - "chown www-data:www-data adminator3/export", \ - "chown www-data:www-data adminator3/print/temp", \ - "docker-php-entrypoint"] +ENTRYPOINT ["docker-php-entrypoint"] WORKDIR /srv/www diff --git a/configs/nginx/vhosts/001-adminator2.conf b/configs/nginx/vhosts/001-adminator2.conf index 9fef2ab3d..81f099756 100644 --- a/configs/nginx/vhosts/001-adminator2.conf +++ b/configs/nginx/vhosts/001-adminator2.conf @@ -1,6 +1,6 @@ server { listen 80; - server_name adminator2.192.168.1.213.nip.io; + server_name adminator2.127.0.0.1.nip.io; root /srv/www/adminator2; index index.php; @@ -52,5 +52,5 @@ server { fastcgi_index index.php; fastcgi_pass fpm:9002; } - -} \ No newline at end of file + +} diff --git a/configs/nginx/vhosts/002-adminator3.conf b/configs/nginx/vhosts/002-adminator3.conf index 73a9add1b..79c4d928c 100644 --- a/configs/nginx/vhosts/002-adminator3.conf +++ b/configs/nginx/vhosts/002-adminator3.conf @@ -1,6 +1,6 @@ server { listen 80; - server_name adminator3.192.168.1.213.nip.io; + server_name adminator3.127.0.0.1.nip.io; root /srv/www/adminator3; index index.php; @@ -25,12 +25,12 @@ server { deny all; return 403; } - + location ~* /print/temp { deny all; return 403; } - + location ~ (Dockerfile|Makefile)$ { deny all; return 403; @@ -53,4 +53,4 @@ server { fastcgi_pass fpm:9002; } -} \ No newline at end of file +} diff --git a/docker-compose.yml b/docker-compose.yml index c5e0259c3..20d03c989 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -27,55 +27,30 @@ services: build: context: ./ dockerfile: ./configs/nginx/Dockerfile - develop: - watch: - - path: ./ - action: rebuild ports: - - 80:80 - - 443:443 + - 8080:80 + - 10443:443 # depends_on: # fpm: # condition: service_healthy # restart: true fpm: - image: h-software/isp-net-adminator-fpm:latest + # image: h-software/isp-net-adminator-fpm:latest # image: ghcr.io/h-software/isp-net-adminator:pr-137 build: context: ./ - target: main - args: - progress: plain + # target: main + # args: + # progress: plain # user: "www-data:www-data" - # https://github.com/compose-spec/compose-spec/blob/master/develop.md - develop: - watch: - - path: ./ - action: rebuild - ignore: - - adminator2/log/ - - adminator3/logs/ - - adminator3/templates_c/ - - adminator3/print/temp - - adminator3/tests - - adminator3/vendor - - adminator3/database - - configs/flagd - - configs/php* - - configs/otel* - - docker-compose.yml - - "*.sql" - - .github/ - - .vscode/ - - .git/ environment: # DB conn - - MYSQL_SERVER=192.168.1.213 + - MYSQL_SERVER=mysql - MYSQL_USER=root - MYSQL_PASSWD=isp-net-passwd # DB conn 2 - - POSTGRES_SERVER=192.168.1.213 + - POSTGRES_SERVER=postgres - POSTGRES_USER=adminator - POSTGRES_PASSWD=isp-net-passwd - POSTGRES_DB=adminator.new @@ -89,34 +64,34 @@ services: - OTEL_EXPORTER_OTLP_ENDPOINT=http://otel-collector:4318 - OTEL_RESOURCE_ATTRIBUTES=service.name=isp-adminator3,application.name=isp-adminator3 volumes: - - adminator-php-log:/var/log/php:uid=33,gid=33 - - adminator-export:/srv/www/adminator3/export:uid=33,gid=33 - - adminator-print-temp:/srv/www/adminator3/print/temp:uid=33,gid=33 + - adminator-php-log:/var/log/php + - adminator-export:/srv/www/adminator3/export + - adminator-print-temp:/srv/www/adminator3/print/temp - adminator-tmp:/tmp:/tmp tmpfs: # for smarty - - /srv/www/adminator2/cache:uid=33,gid=33 - - /srv/www/adminator3/cache:uid=33,gid=33 - - /srv/www/adminator2/templates_c:uid=33,gid=33 - - /srv/www/adminator3/templates_c:uid=33,gid=33 + - /srv/www/adminator2/cache + - /srv/www/adminator3/cache + - /srv/www/adminator2/templates_c + - /srv/www/adminator3/templates_c # for nette loader - - /srv/www/adminator2/temp:uid=33,gid=33 - - /srv/www/adminator3/temp:uid=33,gid=33 + - /srv/www/adminator2/temp + - /srv/www/adminator3/temp # monolog + some scripts log files - - /srv/www/adminator3/logs:uid=33,gid=33 - - /srv/www/adminator2/log:uid=33,gid=33 + - /srv/www/adminator3/logs + - /srv/www/adminator2/log ports: - "9001:9001" - "9002:9002" # https://docs.docker.com/compose/compose-file/05-services/#healthcheck # https://docs.docker.com/reference/dockerfile/#healthcheck - healthcheck: - test: "(FCGI_CONNECT=localhost:9001 php-fpm-healthcheck && FCGI_CONNECT=localhost:9002 php-fpm-healthcheck --accepted-conn=100)" - interval: 1m - timeout: 2s - retries: 3 - start_period: 10s - start_interval: 1s + # healthcheck: + # test: "(FCGI_CONNECT=localhost:9001 php-fpm-healthcheck && FCGI_CONNECT=localhost:9002 php-fpm-healthcheck --accepted-conn=100)" + # interval: 1m + # timeout: 2s + # retries: 3 + # start_period: 10s + # start_interval: 1s mysql: image: mysql:8.0 @@ -148,7 +123,7 @@ services: - MYSQL_ROOT_PASSWORD=isp-net-passwd depends_on: - mysql - + postgres: image: postgres:12-alpine ports: @@ -159,26 +134,26 @@ services: - POSTGRES_PASSWORD=isp-net-passwd - POSTGRES_USER=adminator - POSTGRES_DB=adminator.new - healthcheck: - test: "(pg_isready -U postgres || exit 1)" - interval: 1m - timeout: 5s - retries: 3 - start_period: 30s - start_interval: 5s + # healthcheck: + # test: "(pg_isready -U postgres || exit 1)" + # interval: 1m + # timeout: 5s + # retries: 3 + # start_period: 30s + # start_interval: 5s # fix permissions: echo "host all all all $POSTGRES_HOST_AUTH_METHOD" >> pg_hba.conf - pgadmin: - image: dpage/pgadmin4 - container_name: pgadmin4 - restart: always - ports: - - "8082:80" - environment: - PGADMIN_DEFAULT_EMAIL: user-name@domain-name.com - PGADMIN_DEFAULT_PASSWORD: strong-password - volumes: - - pgadmin-data:/var/lib/pgadmin + # pgadmin: + # image: dpage/pgadmin4 + # container_name: pgadmin4 + # restart: always + # ports: + # - "8082:80" + # environment: + # PGADMIN_DEFAULT_EMAIL: user-name@domain-name.com + # PGADMIN_DEFAULT_PASSWORD: strong-password + # volumes: + # - pgadmin-data:/var/lib/pgadmin mssql: image: mcr.microsoft.com/mssql/server:2019-latest @@ -191,19 +166,19 @@ services: volumes: - mssql-data:/var/opt/mssql - routeros-6-48: - image: evilfreelancer/docker-routeros:6.48.3 - restart: unless-stopped - cap_add: - - NET_ADMIN - devices: - - /dev/net/tun - - /dev/kvm - ports: - - "12222:22" - - "12223:23" - - "18728:8728" - - "18729:8729" + # routeros-6-48: + # image: evilfreelancer/docker-routeros:6.48.3 + # restart: unless-stopped + # cap_add: + # - NET_ADMIN + # devices: + # - /dev/net/tun + # - /dev/kvm + # ports: + # - "12222:22" + # - "12223:23" + # - "18728:8728" + # - "18729:8729" otel-collector: deploy: @@ -228,7 +203,7 @@ services: - GRAFANA_CLOUD_KEY=${GRAFANA_CLOUD_KEY} volumes: - /:/hostfs - - "/var/run/docker.sock.raw:/var/run/docker.sock" + # - "/var/run/docker.sock.raw:/var/run/docker.sock" flagd: image: ghcr.io/open-feature/flagd:latest diff --git a/docker-php-entrypoint b/docker-php-entrypoint new file mode 100644 index 000000000..b916c0cc9 --- /dev/null +++ b/docker-php-entrypoint @@ -0,0 +1,22 @@ +#!/bin/sh +set -e + +# fix perms for volumes +chown www-data:www-data \ + adminator2/cache \ + adminator3/cache \ + adminator2/log \ + adminator3/logs \ + adminator3/print/temp \ + adminator3/temp \ + adminator3/export \ + adminator2/templates_c \ + adminator3/templates_c \ + /var/log/php + +# first arg is `-f` or `--some-option` +if [ "${1#-}" != "$1" ]; then + set -- php-fpm "$@" +fi + +exec "$@" diff --git a/r-links.md b/r-links.md index e2062941b..e9d17361b 100644 --- a/r-links.md +++ b/r-links.md @@ -11,6 +11,8 @@ - https://gist.github.com/jwage/b1614c96ea22ccaf68b7 ### devcontainers +- https://code.visualstudio.com/docs/devcontainers/create-dev-container#_extend-your-docker-compose-file-for-development +- https://github.com/devcontainers/templates/tree/main/src/php-mariadb/.devcontainer - https://github.com/microsoft/vscode-remote-try-php - https://docs.dapr.io/developing-applications/local-development/ides/vscode/vscode-remote-dev-containers/