Add 8.3

Author: fabriciojs

.github/workflows/ci-cd.yml

@@ -12,7 +12,7 @@ jobs:
 
     strategy:
       matrix:
-        version: ['8.0', '8.1', '8.2']
+        version: ['8.0', '8.1', '8.2', '8.3']
         type: ['', '-prod']
 
     steps:

8.0-prod/Dockerfile

@@ -55,15 +55,14 @@ RUN adduser -D -u 1337 kool \
         zip \
         sockets \
         mysqli \
-    && pecl install imagick redis \
+    && pecl install redis \
+    && pecl install imagick \
     && docker-php-ext-enable imagick \
     && docker-php-ext-enable redis \
     && cp "/usr/local/etc/php/php.ini-production" "/usr/local/etc/php/php.ini" \
     # composer
     && curl -sS https://getcomposer.org/installer | php -- --install-dir=/usr/local/bin --filename=composer \
     && curl -sS https://getcomposer.org/installer | php -- --1 --install-dir=/usr/local/bin --filename=composer1 \
-    # symlink composer2 for BC
-    && ln -s /usr/local/bin/composer /usr/local/bin/composer2 \
     # cleanup
     && apk del .build-deps \
     && rm -rf /var/cache/apk/* /tmp/*

8.0/Dockerfile

@@ -55,17 +55,16 @@ RUN adduser -D -u 1337 kool \
         zip \
         sockets \
         mysqli \
-    && pecl install imagick redis \
+    && pecl install redis \
     && pecl install xdebug \
     && pecl install pcov && docker-php-ext-enable pcov \
+    && pecl install imagick \
     && docker-php-ext-enable imagick \
     && docker-php-ext-enable redis \
     && cp "/usr/local/etc/php/php.ini-development" "/usr/local/etc/php/php.ini" \
     # composer
     && curl -sS https://getcomposer.org/installer | php -- --install-dir=/usr/local/bin --filename=composer \
     && curl -sS https://getcomposer.org/installer | php -- --1 --install-dir=/usr/local/bin --filename=composer1 \
-    # symlink composer2 for BC
-    && ln -s /usr/local/bin/composer /usr/local/bin/composer2 \
     # cleanup
     && apk del .build-deps \
     && rm -rf /var/cache/apk/* /tmp/*

8.1-prod/Dockerfile

@@ -55,15 +55,14 @@ RUN adduser -D -u 1337 kool \
         zip \
         sockets \
         mysqli \
-    && pecl install imagick redis \
+    && pecl install redis \
+    && pecl install imagick \
     && docker-php-ext-enable imagick \
     && docker-php-ext-enable redis \
     && cp "/usr/local/etc/php/php.ini-production" "/usr/local/etc/php/php.ini" \
     # composer
     && curl -sS https://getcomposer.org/installer | php -- --install-dir=/usr/local/bin --filename=composer \
     && curl -sS https://getcomposer.org/installer | php -- --1 --install-dir=/usr/local/bin --filename=composer1 \
-    # symlink composer2 for BC
-    && ln -s /usr/local/bin/composer /usr/local/bin/composer2 \
     # cleanup
     && apk del .build-deps \
     && rm -rf /var/cache/apk/* /tmp/*

8.1/Dockerfile

@@ -55,17 +55,16 @@ RUN adduser -D -u 1337 kool \
         zip \
         sockets \
         mysqli \
-    && pecl install imagick redis \
+    && pecl install redis \
     && pecl install xdebug \
     && pecl install pcov && docker-php-ext-enable pcov \
+    && pecl install imagick \
     && docker-php-ext-enable imagick \
     && docker-php-ext-enable redis \
     && cp "/usr/local/etc/php/php.ini-development" "/usr/local/etc/php/php.ini" \
     # composer
     && curl -sS https://getcomposer.org/installer | php -- --install-dir=/usr/local/bin --filename=composer \
     && curl -sS https://getcomposer.org/installer | php -- --1 --install-dir=/usr/local/bin --filename=composer1 \
-    # symlink composer2 for BC
-    && ln -s /usr/local/bin/composer /usr/local/bin/composer2 \
     # cleanup
     && apk del .build-deps \
     && rm -rf /var/cache/apk/* /tmp/*

8.2-prod/Dockerfile

@@ -55,15 +55,14 @@ RUN adduser -D -u 1337 kool \
         zip \
         sockets \
         mysqli \
-    && pecl install imagick redis \
+    && pecl install redis \
+    && pecl install imagick \
     && docker-php-ext-enable imagick \
     && docker-php-ext-enable redis \
     && cp "/usr/local/etc/php/php.ini-production" "/usr/local/etc/php/php.ini" \
     # composer
     && curl -sS https://getcomposer.org/installer | php -- --install-dir=/usr/local/bin --filename=composer \
     && curl -sS https://getcomposer.org/installer | php -- --1 --install-dir=/usr/local/bin --filename=composer1 \
-    # symlink composer2 for BC
-    && ln -s /usr/local/bin/composer /usr/local/bin/composer2 \
     # cleanup
     && apk del .build-deps \
     && rm -rf /var/cache/apk/* /tmp/*

8.2/Dockerfile

@@ -55,17 +55,16 @@ RUN adduser -D -u 1337 kool \
         zip \
         sockets \
         mysqli \
-    && pecl install imagick redis \
+    && pecl install redis \
     && pecl install xdebug \
     && pecl install pcov && docker-php-ext-enable pcov \
+    && pecl install imagick \
     && docker-php-ext-enable imagick \
     && docker-php-ext-enable redis \
     && cp "/usr/local/etc/php/php.ini-development" "/usr/local/etc/php/php.ini" \
     # composer
     && curl -sS https://getcomposer.org/installer | php -- --install-dir=/usr/local/bin --filename=composer \
     && curl -sS https://getcomposer.org/installer | php -- --1 --install-dir=/usr/local/bin --filename=composer1 \
-    # symlink composer2 for BC
-    && ln -s /usr/local/bin/composer /usr/local/bin/composer2 \
     # cleanup
     && apk del .build-deps \
     && rm -rf /var/cache/apk/* /tmp/*

8.3-nginx-prod/Dockerfile

@@ -0,0 +1,62 @@
+FROM debian AS cert
+
+WORKDIR /kool/ssl
+
+RUN apt-get update && \
+    apt-get install -y openssl && \
+    openssl genrsa -des3 -passout pass:x -out server.pass.key 2048 && \
+    openssl rsa -passin pass:x -in server.pass.key -out _.localhost.key && \
+    rm server.pass.key && \
+    openssl req -new -key _.localhost.key -out server.csr \
+        -subj "/C=XX/ST=XX/L=XX/O=Kool-Local/OU=Localhost/CN=*.localhost" && \
+    openssl x509 -req -days 365 -in server.csr -signkey _.localhost.key -out _.localhost.crt && \
+    openssl x509 -in _.localhost.crt -out _.localhost.pem
+
+FROM kooldev/php:8.3-prod
+
+ENV PHP_FPM_LISTEN=/run/php-fpm.sock \
+    NGINX_LISTEN=80 \
+    NGINX_HTTPS=false \
+    NGINX_LISTEN_HTTPS=443 \
+    NGINX_HTTPS_CERT=/kool/ssl/_.localhost.pem \
+    NGINX_HTTPS_CERT_KEY=/kool/ssl/_.localhost.key \
+    NGINX_ROOT=/app/public \
+    NGINX_INDEX=index.php \
+    NGINX_CLIENT_MAX_BODY_SIZE=25M \
+    NGINX_PHP_FPM=unix:/run/php-fpm.sock \
+    NGINX_FASTCGI_READ_TIMEOUT=60s \
+    NGINX_FASTCGI_BUFFERS='8 8k' \
+    NGINX_FASTCGI_BUFFER_SIZE='16k' \
+    NGINX_ENTRYPOINT_WORKER_PROCESSES_AUTOTUNE=true
+
+RUN curl -L https://github.com/ochinchina/supervisord/releases/download/v0.6.3/supervisord_static_0.6.3_linux_amd64 -o /usr/local/bin/supervisord \
+    && chmod +x /usr/local/bin/supervisord \
+    && apk add --no-cache nginx \
+    && chown -R kool:kool /var/lib/nginx \
+    && chmod 770 /var/lib/nginx/tmp \
+    && ln -sf /dev/stdout /var/log/nginx/access.log \
+    && ln -sf /dev/stderr /var/log/nginx/error.log \
+    # add h5bp/server-configs-nginx
+    && mkdir -p /etc/nginx/conf.d \
+    && mkdir /etc/nginx/h5bp \
+    && cd /etc/nginx/h5bp \
+    && wget https://github.com/h5bp/server-configs-nginx/archive/refs/tags/3.3.0.tar.gz -O h5bp.tgz \
+    && tar xzvf h5bp.tgz \
+    && rm -f h5bp.tgz \
+    && mv server-configs-nginx-*/h5bp/* . \
+    && mv server-configs-nginx-*/nginx.conf /etc/nginx/nginx.conf \
+    && sed -i "s|^user .*|user\ kool kool;|g" /etc/nginx/nginx.conf \
+    && mv server-configs-nginx-*/mime.types /etc/nginx/mime.types \
+    && rm -rf server-configs-nginx-* \
+    && curl -L https://raw.githubusercontent.com/nginxinc/docker-nginx/master/entrypoint/30-tune-worker-processes.sh -o /kool/30-tune-worker-processes.sh \
+    && chmod +x /kool/30-tune-worker-processes.sh
+
+COPY supervisor.conf /kool/supervisor.conf
+COPY default.tmpl /kool/default.tmpl
+COPY entrypoint /kool/entrypoint
+COPY --from=cert /kool/ssl /kool/ssl
+RUN chmod +x /kool/entrypoint
+
+EXPOSE 80
+
+CMD [ "supervisord", "-c", "/kool/supervisor.conf" ]

8.3-nginx-prod/default.tmpl

@@ -0,0 +1,53 @@
+server {
+    listen {{ .Env.NGINX_LISTEN }} default_server;
+    server_name _;
+{{ if isTrue .Env.NGINX_HTTPS }}
+    listen {{ .Env.NGINX_LISTEN_HTTPS }} ssl http2;
+    ssl_certificate     {{ .Env.NGINX_HTTPS_CERT }};
+    ssl_certificate_key {{ .Env.NGINX_HTTPS_CERT_KEY }};
+    ssl_protocols       TLSv1 TLSv1.1 TLSv1.2;
+    ssl_ciphers         HIGH:!aNULL:!MD5;
+{{ end }}
+    root {{ .Env.NGINX_ROOT }};
+    index {{ .Env.NGINX_INDEX }};
+    charset utf-8;
+
+    location = /favicon.ico { log_not_found off; access_log off; }
+    location = /robots.txt  { log_not_found off; access_log off; }
+
+    client_max_body_size {{ .Env.NGINX_CLIENT_MAX_BODY_SIZE }};
+
+    error_page 404 /index.php;
+
+    location / {
+        try_files $uri $uri/ /{{ .Env.NGINX_INDEX }}?$query_string;
+
+        add_header X-Served-By kool.dev;
+    }
+
+    location ~ \.php$ {
+        fastcgi_buffers {{ .Env.NGINX_FASTCGI_BUFFERS }};
+        fastcgi_buffer_size {{ .Env.NGINX_FASTCGI_BUFFER_SIZE }};
+        fastcgi_pass {{ .Env.NGINX_PHP_FPM }};
+        fastcgi_read_timeout {{ .Env.NGINX_FASTCGI_READ_TIMEOUT }};
+        fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;
+        include fastcgi_params;
+    }
+
+    location ~ /\.ht {
+        deny all;
+    }
+
+    # good practices
+    add_header X-Frame-Options "SAMEORIGIN";
+
+    # basic H5BP suggestions
+    include h5bp/internet_explorer/x-ua-compatible.conf;
+    include h5bp/security/referrer-policy.conf;
+    include h5bp/security/x-content-type-options.conf;
+    include h5bp/security/x-xss-protection.conf;
+
+    # performance enhancements (mostly for caching static data)
+    include h5bp/web_performance/cache-file-descriptors.conf;
+    include h5bp/web_performance/pre-compressed_content_gzip.conf;
+}

8.3-nginx-prod/entrypoint

@@ -0,0 +1,25 @@
+#!/bin/sh
+set -e
+
+
+# Run as current user
+CURRENT_USER=${ASUSER:-${UID:-0}}
+
+if [ ! -z "$CURRENT_USER" ] && [ "$CURRENT_USER" != "0" ]; then
+    usermod -u $CURRENT_USER kool
+fi
+
+dockerize -template /kool/kool.tmpl:/usr/local/etc/php/conf.d/kool.ini -template /kool/zz-docker.tmpl:/usr/local/etc/php-fpm.d/zz-docker.conf -template /kool/default.tmpl:/etc/nginx/conf.d/default.conf
+
+/kool/30-tune-worker-processes.sh
+
+# Run entrypoint if provided
+if [ ! -z "$ENTRYPOINT" ] && [ -f "$ENTRYPOINT" ]; then
+    bash $ENTRYPOINT
+fi
+
+if [ "$1" = "sh" ] || [ "$1" = "bash" ] || [ "$1" = "php-fpm" ] || [ "$1" = "nginx" ] || [ "$1" = "supervisord" ]; then
+    exec "$@"
+else
+    exec su-exec kool "$@"
+fi

8.3-nginx-prod/supervisor.conf

@@ -0,0 +1,12 @@
+[program:nginx]
+depends_on = php-fpm
+command = nginx -g "daemon off;"
+stopasgroup = true
+stderr_logfile = /dev/stderr
+stdout_logfile = /dev/stdout
+
+[program:php-fpm]
+command = php-fpm
+stopasgroup = true
+stderr_logfile = /dev/stderr
+stdout_logfile = /dev/stdout

8.3-nginx/Dockerfile

@@ -0,0 +1,62 @@
+FROM debian AS cert
+
+WORKDIR /kool/ssl
+
+RUN apt-get update && \
+    apt-get install -y openssl && \
+    openssl genrsa -des3 -passout pass:x -out server.pass.key 2048 && \
+    openssl rsa -passin pass:x -in server.pass.key -out _.localhost.key && \
+    rm server.pass.key && \
+    openssl req -new -key _.localhost.key -out server.csr \
+        -subj "/C=XX/ST=XX/L=XX/O=Kool-Local/OU=Localhost/CN=*.localhost" && \
+    openssl x509 -req -days 365 -in server.csr -signkey _.localhost.key -out _.localhost.crt && \
+    openssl x509 -in _.localhost.crt -out _.localhost.pem
+
+FROM kooldev/php:8.3
+
+ENV PHP_FPM_LISTEN=/run/php-fpm.sock \
+    NGINX_LISTEN=80 \
+    NGINX_HTTPS=false \
+    NGINX_LISTEN_HTTPS=443 \
+    NGINX_HTTPS_CERT=/kool/ssl/_.localhost.pem \
+    NGINX_HTTPS_CERT_KEY=/kool/ssl/_.localhost.key \
+    NGINX_ROOT=/app/public \
+    NGINX_INDEX=index.php \
+    NGINX_CLIENT_MAX_BODY_SIZE=25M \
+    NGINX_PHP_FPM=unix:/run/php-fpm.sock \
+    NGINX_FASTCGI_READ_TIMEOUT=60s \
+    NGINX_FASTCGI_BUFFERS='8 8k' \
+    NGINX_FASTCGI_BUFFER_SIZE='16k' \
+    NGINX_ENTRYPOINT_WORKER_PROCESSES_AUTOTUNE=true
+
+RUN curl -L https://github.com/ochinchina/supervisord/releases/download/v0.6.3/supervisord_static_0.6.3_linux_amd64 -o /usr/local/bin/supervisord \
+    && chmod +x /usr/local/bin/supervisord \
+    && apk add --no-cache nginx \
+    && chown -R kool:kool /var/lib/nginx \
+    && chmod 770 /var/lib/nginx/tmp \
+    && ln -sf /dev/stdout /var/log/nginx/access.log \
+    && ln -sf /dev/stderr /var/log/nginx/error.log \
+    # add h5bp/server-configs-nginx
+    && mkdir -p /etc/nginx/conf.d \
+    && mkdir /etc/nginx/h5bp \
+    && cd /etc/nginx/h5bp \
+    && wget https://github.com/h5bp/server-configs-nginx/archive/refs/tags/3.3.0.tar.gz -O h5bp.tgz \
+    && tar xzvf h5bp.tgz \
+    && rm -f h5bp.tgz \
+    && mv server-configs-nginx-*/h5bp/* . \
+    && mv server-configs-nginx-*/nginx.conf /etc/nginx/nginx.conf \
+    && sed -i "s|^user .*|user\ kool kool;|g" /etc/nginx/nginx.conf \
+    && mv server-configs-nginx-*/mime.types /etc/nginx/mime.types \
+    && rm -rf server-configs-nginx-* \
+    && curl -L https://raw.githubusercontent.com/nginxinc/docker-nginx/master/entrypoint/30-tune-worker-processes.sh -o /kool/30-tune-worker-processes.sh \
+    && chmod +x /kool/30-tune-worker-processes.sh
+
+COPY supervisor.conf /kool/supervisor.conf
+COPY default.tmpl /kool/default.tmpl
+COPY entrypoint /kool/entrypoint
+COPY --from=cert /kool/ssl /kool/ssl
+RUN chmod +x /kool/entrypoint
+
+EXPOSE 80
+
+CMD [ "supervisord", "-c", "/kool/supervisor.conf" ]

8.3-nginx/default.tmpl

@@ -0,0 +1,53 @@
+server {
+    listen {{ .Env.NGINX_LISTEN }} default_server;
+    server_name _;
+{{ if isTrue .Env.NGINX_HTTPS }}
+    listen {{ .Env.NGINX_LISTEN_HTTPS }} ssl http2;
+    ssl_certificate     {{ .Env.NGINX_HTTPS_CERT }};
+    ssl_certificate_key {{ .Env.NGINX_HTTPS_CERT_KEY }};
+    ssl_protocols       TLSv1 TLSv1.1 TLSv1.2;
+    ssl_ciphers         HIGH:!aNULL:!MD5;
+{{ end }}
+    root {{ .Env.NGINX_ROOT }};
+    index {{ .Env.NGINX_INDEX }};
+    charset utf-8;
+
+    location = /favicon.ico { log_not_found off; access_log off; }
+    location = /robots.txt  { log_not_found off; access_log off; }
+
+    client_max_body_size {{ .Env.NGINX_CLIENT_MAX_BODY_SIZE }};
+
+    error_page 404 /index.php;
+
+    location / {
+        try_files $uri $uri/ /{{ .Env.NGINX_INDEX }}?$query_string;
+
+        add_header X-Served-By kool.dev;
+    }
+
+    location ~ \.php$ {
+        fastcgi_buffers {{ .Env.NGINX_FASTCGI_BUFFERS }};
+        fastcgi_buffer_size {{ .Env.NGINX_FASTCGI_BUFFER_SIZE }};
+        fastcgi_pass {{ .Env.NGINX_PHP_FPM }};
+        fastcgi_read_timeout {{ .Env.NGINX_FASTCGI_READ_TIMEOUT }};
+        fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;
+        include fastcgi_params;
+    }
+
+    location ~ /\.ht {
+        deny all;
+    }
+
+    # good practices
+    add_header X-Frame-Options "SAMEORIGIN";
+
+    # basic H5BP suggestions
+    include h5bp/internet_explorer/x-ua-compatible.conf;
+    include h5bp/security/referrer-policy.conf;
+    include h5bp/security/x-content-type-options.conf;
+    include h5bp/security/x-xss-protection.conf;
+
+    # performance enhancements (mostly for caching static data)
+    include h5bp/web_performance/cache-file-descriptors.conf;
+    include h5bp/web_performance/pre-compressed_content_gzip.conf;
+}