Commit 6f162bba authored by Dave Lane's avatar Dave Lane

updated PHP to 7.2, Redis to 4.1.1 and refactored Dockerfile

parent d1920776
......@@ -2,13 +2,13 @@ version: "3"
services:
redis:
image: redis:3-alpine
image: redis:4-alpine
restart:
unless-stopped
networks:
default:
aliases:
- redis.grav.local
- redis.grav.troy
app:
image: kiwilightweight/grav
links:
......@@ -20,14 +20,14 @@ services:
networks:
default:
aliases:
- grav.local
- grav.troy
nginx:
image: oeru/nginx-jessie
links:
- app
- redis
ports:
- "127.0.0.1:8080:80"
- "127.0.0.1:8081:80"
volumes:
- ./nginx:/etc/nginx/conf.d
- ./nginx/cache:/var/cache/nginx
......@@ -36,4 +36,4 @@ services:
networks:
default:
aliases:
- nginx.grav.local
- nginx.grav.troy
version: "2"
version: "3"
services:
redis:
image: redis:3-alpine
image: redis:4-alpine
restart:
unless-stopped
networks:
default:
aliases:
- redis.grav.troy
app:
image: kiwilightweight/grav
links:
- redis
volumes:
- [PATH_TO_YOUR_GRAV]:/var/www/html
- /home/dave/Projects/grav/new:/var/www/html
restart:
unless-stopped
networks:
networks:
default:
aliases:
- [YOUR_GRAV_DOMAIN]
- grav.troy
nginx:
image: oeru/nginx-jessie
links:
- app
- redis
ports:
- "127.0.0.1:8080:80"
- "127.0.0.1:8081:80"
volumes:
- ./nginx:/etc/nginx/conf.d
- ./nginx/cache:/var/cache/nginx
- [PATH_TO_YOUR_GRAV]:/var/www/html
- /home/dave/Projects/grav/new:/var/www/html
restart: unless-stopped
networks:
default:
aliases:
- nginx.grav.troy
......@@ -30,12 +30,12 @@ server {
## Begin - Security
# deny all direct access for these folders
location ~* /(.git|cache|bin|logs|backups)/.*$ { return 403; }
location ~* /(\.git|cache|bin|logs|backups)/.*$ { return 403; }
# deny running scripts inside core system folders
location ~* /(system|vendor)/.*\.(txt|xml|md|html|yaml|php|pl|py|cgi|twig|sh|bat)$ { return 403; }
# deny running scripts inside user folder
location ~* /user/.*\.(txt|md|yaml|php|pl|py|cgi|twig|sh|bat)$ { return 403; }
# deny access to specific files in the root folder
location ~ /(LICENSE|composer.lock|composer.json|nginx.conf|web.config|htaccess.txt|\.htaccess) { return 403; }
location ~ /(LICENSEi\.txt|composer\.lock|composer\.json|nginx\.conf|web\.config|htaccess\.txt|\.htaccess) { return 403; }
## End - Security
}
FROM php:7.0-fpm-jessie
FROM php:7-fpm
MAINTAINER Dave Lane <dave@oerfoundation.org> (@lightweight)
RUN apt-get update && apt-get install -y software-properties-common apt-utils
......@@ -13,11 +13,12 @@ RUN apt-get install -y net-tools vim dnsutils
# install cron and msmtp for outgoing email
RUN apt-get install -y cron msmtp
RUN docker-php-ext-configure imap --with-imap --with-imap-ssl --with-kerberos
RUN docker-php-ext-install bz2 curl imap intl mbstring mcrypt \
# RUN docker-php-ext-install bz2 curl imap intl mbstring mcrypt \
RUN docker-php-ext-install bz2 curl imap intl mbstring \
pspell opcache soap xmlrpc zip
# install PHPRedis
ENV PHPREDIS_VERSION 3.1.4
ENV PHPREDIS_VERSION 4.1.1
RUN docker-php-source extract \
&& curl -L -o /tmp/redis.tar.gz https://github.com/phpredis/phpredis/archive/$PHPREDIS_VERSION.tar.gz \
&& tar xfz /tmp/redis.tar.gz \
......@@ -32,7 +33,8 @@ RUN apt-get update && apt-get install -y \
libjpeg62-turbo-dev \
libmcrypt-dev \
libpng-dev \
&& docker-php-ext-install -j$(nproc) iconv mcrypt \
# && docker-php-ext-install -j$(nproc) iconv mcrypt \
&& docker-php-ext-install -j$(nproc) iconv \
&& docker-php-ext-configure gd --with-freetype-dir=/usr/include/ --with-jpeg-dir=/usr/include/ \
&& docker-php-ext-install -j$(nproc) gd
......@@ -48,51 +50,49 @@ RUN docker-php-ext-enable apcu
RUN rm -rf /var/lib/apt/lists/*
# address app-specific config requirements
RUN echo "log_errors = on" > /usr/local/etc/php/conf.d/php.ini
RUN echo "display_errors = off" >> /usr/local/etc/php/conf.d/php.ini
RUN echo "always_populate_raw_post_data = -1" >> /usr/local/etc/php/conf.d/php.ini
RUN echo 'date.timezone = "Pacific/Auckland"' >> /usr/local/etc/php/conf.d/php.ini
RUN echo 'cgi.fix_pathinfo = 0' >> /usr/local/etc/php/conf.d/php.ini
RUN echo 'sendmail_path = /usr/bin/msmtp -t' >> /usr/local/etc/php/conf.d/php.ini
RUN echo 'upload_max_filesize = 100M' >> /usr/local/etc/php/conf.d/php.ini
RUN echo 'post_max_size = 150M' >> /usr/local/etc/php/conf.d/php.ini
RUN echo 'memory_limit = 250M' >> /usr/local/etc/php/conf.d/php.ini
# OpCache work
RUN echo '[opcache]' >> /usr/local/etc/php/conf.d/php.ini
RUN echo 'opcache.enable = 1' >> /usr/local/etc/php/conf.d/php.ini
#RUN echo 'opcache.enable_cli = 1' >> /usr/local/etc/php/conf.d/php.ini
#RUN echo 'opcache.interned_strings_buffer = 8' >> /usr/local/etc/php/conf.d/php.ini
RUN echo 'opcache.memory_consumption = 128' >> /usr/local/etc/php/conf.d/php.ini
RUN echo 'opcache.max_accelerated_files = 8000' >> /usr/local/etc/php/conf.d/php.ini
RUN echo 'opcache.revalidate_freq = 60' >> /usr/local/etc/php/conf.d/php.ini
#RUN echo 'opcache.fast_shutdown = 1' >> /usr/local/etc/php/conf.d/php.ini
RUN echo 'opcache.use_cwd = 1' >> /usr/local/etc/php/conf.d/php.ini
RUN echo 'opcache.validate_timestamps = 1' >> /usr/local/etc/php/conf.d/php.ini
RUN echo 'opcache.save_comments = 1' >> /usr/local/etc/php/conf.d/php.ini
RUN echo 'opcache.enable_file_override = 0' >> /usr/local/etc/php/conf.d/php.ini
RUN set -ex \
&& { \
echo 'log_errors = on'; \
echo 'display_errors = off'; \
echo 'always_populate_raw_post_data = -1'; \
echo 'date.timezone = "Pacific/Auckland"'; \
echo 'cgi.fix_pathinfo = 0'; \
echo 'sendmail_path = /usr/bin/msmtp -t'; \
echo 'upload_max_filesize = 100M'; \
echo 'post_max_size = 150M'; \
echo 'memory_limit = 250M'; \
echo '[opcache]'; \
echo 'opcache.enable = 1'; \
echo 'opcache.memory_consumption = 128'; \
echo 'opcache.max_accelerated_files = 8000'; \
echo 'opcache.revalidate_freq = 60'; \
echo 'opcache.use_cwd = 1'; \
echo 'opcache.validate_timestamps = 1'; \
echo 'opcache.save_comments = 1'; \
echo 'opcache.enable_file_override = 0'; \
} | tee /usr/local/etc/php/conf.d/php.ini
# the PHP-fpm configuration - create new www.conf file!
RUN echo '[global]' > /usr/local/etc/php-fpm.d/www.conf
RUN echo 'error_log = /proc/self/fd/2' >> /usr/local/etc/php-fpm.d/www.conf
RUN echo '[www]' >> /usr/local/etc/php-fpm.d/www.conf
RUN echo 'user = www-data' >> /usr/local/etc/php-fpm.d/www.conf
RUN echo 'group = www-data' >> /usr/local/etc/php-fpm.d/www.conf
RUN echo '; if we send this to /proc/self/fd/1, it never appears' >> /usr/local/etc/php-fpm.d/www.conf
RUN echo 'access.log = /proc/self/fd/2' >> /usr/local/etc/php-fpm.d/www.conf
RUN echo 'clear_env = no' >> /usr/local/etc/php-fpm.d/www.conf
RUN echo 'catch_workers_output = yes' >> /usr/local/etc/php-fpm.d/www.conf
RUN echo '; Ensure worker stdout and stderr are sent to the main error log.' >> /usr/local/etc/php-fpm.d/www.conf
RUN echo 'security.limit_extensions = .php' >> /usr/local/etc/php-fpm.d/www.conf
RUN echo '; process management stuff' >> /usr/local/etc/php-fpm.d/www.conf
RUN echo 'pm = ondemand' >> /usr/local/etc/php-fpm.d/www.conf
RUN echo 'pm.max_children = 10' >> /usr/local/etc/php-fpm.d/www.conf
RUN echo 'pm.start_servers = 2' >> /usr/local/etc/php-fpm.d/www.conf
RUN echo 'pm.min_spare_servers = 1' >> /usr/local/etc/php-fpm.d/www.conf
RUN echo 'pm.max_spare_servers = 3' >> /usr/local/etc/php-fpm.d/www.conf
#RUN echo 'php_flag[display_errors] = off' >> /usr/local/etc/php-fpm.d/www.conf
#RUN echo 'php_admin_value[error_log] = /usr/local/var/log/fpm-php.www.log' >> /usr/local/etc/php-fpm.d/www.conf
#RUN echo 'php_admin_flag[log_errors] = on' >> /usr/local/etc/php-fpm.d/www.conf
#RUN echo 'php_admin_value[memory_limit] = 250M' >> /usr/local/etc/php-fpm.d/www.conf
RUN set -ex \
&& { \
echo '[global]'; \
echo 'error_log = /proc/self/fd/2'; \
echo '[www]'; \
echo 'user = www-data'; \
echo 'group = www-data'; \
echo '; if we send this to /proc/self/fd/1, it never appears'; \
echo 'access.log = /proc/self/fd/2'; \
echo 'clear_env = no'; \
echo 'catch_workers_output = yes'; \
echo '; Ensure worker stdout and stderr are sent to the main error log.'; \
echo 'security.limit_extensions = .php'; \
echo '; process management stuff'; \
echo 'pm = ondemand'; \
echo 'pm.max_children = 10'; \
echo 'pm.start_servers = 2'; \
echo 'pm.min_spare_servers = 1'; \
echo 'pm.max_spare_servers = 3'; \
} | tee /usr/local/etc/php-fpm.d/www.conf
VOLUME /var/www/html
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment