From d801cb20a71f62a697d190de212b9f93d051c750 Mon Sep 17 00:00:00 2001 From: tchapi Date: Mon, 4 Mar 2024 21:33:28 +0100 Subject: [PATCH] First try at combined image --- .dockerignore | 1 - docker/Dockerfile-combined | 99 +++++++++++++++++++ docker/configurations/Caddyfile | 28 ++++++ .../configurations/{davis.conf => nginx.conf} | 0 docker/configurations/supervisord.conf | 31 ++++++ docker/docker-compose-combined.yml | 48 +++++++++ docker/docker-compose-postgresql.yml | 2 +- docker/docker-compose-sqlite.yml | 2 +- docker/docker-compose.yml | 2 +- 9 files changed, 209 insertions(+), 4 deletions(-) create mode 100644 docker/Dockerfile-combined create mode 100644 docker/configurations/Caddyfile rename docker/configurations/{davis.conf => nginx.conf} (100%) create mode 100644 docker/configurations/supervisord.conf create mode 100644 docker/docker-compose-combined.yml diff --git a/.dockerignore b/.dockerignore index 0fea305..dd66a88 100644 --- a/.dockerignore +++ b/.dockerignore @@ -5,7 +5,6 @@ LICENSE .git .gitignore .github -docker .env.local .env.test.local phpunit.xml.dist diff --git a/docker/Dockerfile-combined b/docker/Dockerfile-combined new file mode 100644 index 0000000..314d506 --- /dev/null +++ b/docker/Dockerfile-combined @@ -0,0 +1,99 @@ +FROM php:8.2-fpm-alpine + +LABEL org.opencontainers.image.authors="tchap@tchap.me" +LABEL org.opencontainers.image.url="https://github.com/tchapi/davis/pkgs/container/davis" +LABEL org.opencontainers.image.description="A simple, fully translatable admin interface for sabre/dav based on Symfony 5 and Bootstrap 4" + +# Run update, and gets basic packages and packages for runtime +RUN apk --no-progress --update add --no-cache \ + curl unzip fcgi \ + # These are for php-intl + icu-libs \ + # This one is for IMAP (to provide libc-client.so) + c-client \ + # This one for LDAP + libldap \ + # These are for GD (map image in mail) + freetype \ + libjpeg-turbo \ + libpng \ + # This is for PostgreSQL + libpq \ + # For the webserver and process manager + caddy supervisor + +# Intl support +RUN apk --update --virtual build-deps-intl add --no-cache icu-dev \ + && docker-php-ext-install intl \ + && apk del build-deps-intl \ + && rm -rf /tmp/* + +# PDO: MySQL +RUN docker-php-ext-configure pdo_mysql --with-pdo-mysql=mysqlnd \ + && docker-php-ext-install pdo_mysql + +# PDO: PostgreSQL +RUN apk --update --virtual build-deps-pg add --no-cache libpq-dev \ + && docker-php-ext-configure pgsql -with-pgsql=/usr/local/pgsql \ + && docker-php-ext-install pgsql pdo_pgsql \ + && apk del build-deps-pg \ + && rm -rf /tmp/* + +# GD (map image in mail) +RUN apk --update --virtual build-deps-gd add --no-cache freetype-dev libjpeg-turbo-dev libpng-dev \ + && docker-php-ext-configure gd --with-freetype \ + && docker-php-ext-install gd \ + && docker-php-ext-enable gd \ + && apk del build-deps-gd \ + && rm -rf /tmp/* + +# LDAP auth support +RUN apk --update --virtual build-deps-ldap add --no-cache openldap-dev \ + && docker-php-ext-configure ldap \ + && docker-php-ext-install ldap \ + && apk del build-deps-ldap \ + && rm -rf /tmp/* + +# IMAP auth support +RUN apk --update --virtual build-deps-imap add --no-cache imap-dev openssl-dev krb5-dev \ + && docker-php-ext-configure imap --with-kerberos --with-imap-ssl \ + && docker-php-ext-install imap \ + && apk del build-deps-imap \ + && rm -rf /tmp/* + +# Davis source +ADD . /var/www/davis +WORKDIR /var/www/davis + +# Install Composer 2, then dependencies +RUN curl -sS https://getcomposer.org/installer | php -- --install-dir=/usr/local/bin --filename=composer +RUN APP_ENV=prod COMPOSER_ALLOW_SUPERUSER=1 composer install --no-ansi --no-dev --no-interaction --no-progress --optimize-autoloader + +# Caddy: web server +RUN mkdir -p /var/log/caddy +ADD ./docker/configurations/Caddyfile /etc/caddy/Caddyfile + +# Supervisor: Process manager +RUN mkdir -p /var/log/supervisor && mkdir -p /var/log/php-fpm +ADD ./docker/configurations/supervisord.conf /etc/supervisord.conf + +# We want to use sockets inside the container between Caddy and PHP-fpm +RUN mkdir /var/run/php-fpm && chown -R www-data:www-data /var/run/php-fpm +RUN sed -i 's/listen = /;listen = /' /usr/local/etc/php-fpm.d/www.conf +RUN sed -i 's/listen = 9000/listen = \/var\/run\/php-fpm\/php-fpm.sock/' /usr/local/etc/php-fpm.d/zz-docker.conf + +# The app folder needs to be owned by www-data so PHP-fpm can execute files +RUN chown -R www-data:www-data /var/www/davis + +# Cleanup (only useful when using --squash) +RUN docker-php-source delete && \ + rm -rf /usr/local/bin/composer && \ + rm -rf /var/www/davis/docker + +CMD ["/usr/bin/supervisord", "-c", "/etc/supervisord.conf"] + +HEALTHCHECK --interval=120s --timeout=10s --start-period=30s --retries=3 \ + CMD curl --fail http://localhost:9000 || exit 1 + +# It's the Caddy port, not the PHP-fpm one (as we use sockets) +EXPOSE 9000 \ No newline at end of file diff --git a/docker/configurations/Caddyfile b/docker/configurations/Caddyfile new file mode 100644 index 0000000..6f5d902 --- /dev/null +++ b/docker/configurations/Caddyfile @@ -0,0 +1,28 @@ +{ + auto_https off +} + +http://localhost:9000 { + root * /var/www/davis/public + php_fastcgi unix//var/run/php-fpm/php-fpm.sock + file_server { + # Safety net, just in case + hide .git .gitignore + } + + # enable compression + encode zstd gzip + + # Remove leaky headers + header { + -Server + -X-Powered-By + + # keep referrer data off of HTTP connections + Referrer-Policy no-referrer-when-downgrade + + # disable clients from sniffing the media type + X-Content-Type-Options nosniff + } + +} \ No newline at end of file diff --git a/docker/configurations/davis.conf b/docker/configurations/nginx.conf similarity index 100% rename from docker/configurations/davis.conf rename to docker/configurations/nginx.conf diff --git a/docker/configurations/supervisord.conf b/docker/configurations/supervisord.conf new file mode 100644 index 0000000..21978f7 --- /dev/null +++ b/docker/configurations/supervisord.conf @@ -0,0 +1,31 @@ +[supervisord] +nodaemon=true +user=root +pidfile=/run/supervisord.pid +logfile=/dev/null +logfile_maxbytes=0 + +[unix_http_server] +file=/run/supervisord.sock ; the path to the socket file + +[supervisorctl] +serverurl=unix:///run/supervisord.sock ; use a unix:// URL for a unix socket + +[rpcinterface:supervisor] +supervisor.rpcinterface_factory = supervisor.rpcinterface:make_main_rpcinterface + +[program:caddy] +command=/usr/sbin/caddy run -c /etc/caddy/Caddyfile +autostart=true +autorestart=true +redirect_stderr=true +stdout_logfile=/var/log/caddy/access.log +stdout_logfile_maxbytes = 0 + +[program:php-fpm] +command=/usr/local/sbin/php-fpm --nodaemonize +autostart=true +autorestart=true +redirect_stderr=true +stdout_logfile=/var/log/php-fpm/access.log +stdout_logfile_maxbytes = 0 \ No newline at end of file diff --git a/docker/docker-compose-combined.yml b/docker/docker-compose-combined.yml new file mode 100644 index 0000000..5d73664 --- /dev/null +++ b/docker/docker-compose-combined.yml @@ -0,0 +1,48 @@ +version: "3.7" +name: "davis-docker" + +services: + + mysql: + image: mariadb:10.6.10 + container_name: mysql + environment: + - MYSQL_ROOT_PASSWORD=${DB_ROOT_PASSWORD} + - MYSQL_DATABASE=${DB_DATABASE} + - MYSQL_USER=${DB_USER} + - MYSQL_PASSWORD=${DB_PASSWORD} + volumes: + - database:/var/lib/mysql + + davis: + build: + context: ../ + dockerfile: ./docker/Dockerfile-combined + image: davis:latest + # If you want to use a prebuilt image from Github + # image: ghcr.io/tchapi/davis:edge + container_name: davis + environment: + - APP_ENV=prod + - DATABASE_DRIVER=mysql + - DATABASE_URL=mysql://${DB_USER}:${DB_PASSWORD}@mysql:3306/${DB_DATABASE}?serverVersion=mariadb-10.6.10&charset=utf8mb4 + - MAILER_DSN=smtp://${MAIL_USERNAME}:${MAIL_PASSWORD}@${MAIL_HOST}:${MAIL_PORT} + - ADMIN_LOGIN=${ADMIN_LOGIN} + - ADMIN_PASSWORD=${ADMIN_PASSWORD} + - AUTH_REALM=${AUTH_REALM} + - AUTH_METHOD=${AUTH_METHOD} + - CALDAV_ENABLED=${CALDAV_ENABLED} + - CARDDAV_ENABLED=${CARDDAV_ENABLED} + - WEBDAV_ENABLED=${WEBDAV_ENABLED} + - WEBDAV_TMP_DIR=${WEBDAV_TMP_DIR} + - WEBDAV_PUBLIC_DIR=${WEBDAV_PUBLIC_DIR} + - INVITE_FROM_ADDRESS=${INVITE_FROM_ADDRESS} + - APP_TIMEZONE=${TIMEZONE} + depends_on: + - mysql + ports: + - 9000:9000 + +volumes: + database: + name: database diff --git a/docker/docker-compose-postgresql.yml b/docker/docker-compose-postgresql.yml index c2359ee..c7c7c76 100644 --- a/docker/docker-compose-postgresql.yml +++ b/docker/docker-compose-postgresql.yml @@ -12,7 +12,7 @@ services: volumes: - davis_www:/var/www/davis - type: bind - source: ./configurations/davis.conf + source: ./configurations/nginx.conf target: /etc/nginx/conf.d/default.conf ports: - 9000:80 diff --git a/docker/docker-compose-sqlite.yml b/docker/docker-compose-sqlite.yml index 911912d..ab31298 100644 --- a/docker/docker-compose-sqlite.yml +++ b/docker/docker-compose-sqlite.yml @@ -12,7 +12,7 @@ services: volumes: - davis_www:/var/www/davis - type: bind - source: ./configurations/davis.conf + source: ./configurations/nginx.conf target: /etc/nginx/conf.d/default.conf ports: - 9000:80 diff --git a/docker/docker-compose.yml b/docker/docker-compose.yml index 7c9ddc2..9c57899 100644 --- a/docker/docker-compose.yml +++ b/docker/docker-compose.yml @@ -12,7 +12,7 @@ services: volumes: - davis_www:/var/www/davis - type: bind - source: ./configurations/davis.conf + source: ./configurations/nginx.conf target: /etc/nginx/conf.d/default.conf ports: - 9000:80