-
Notifications
You must be signed in to change notification settings - Fork 7
/
Dockerfile.tpl
209 lines (193 loc) · 6.3 KB
/
Dockerfile.tpl
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
FROM php:%%PHP_VERSION%%-apache-%%OS_VERSION%%
LABEL maintainer="[email protected]"
LABEL authors="Laurent Vergerolle <[email protected]>, Michael Nival <[email protected]>"
RUN set -eux; \
apt-get update; \
apt-get install -y --no-install-recommends \
ghostscript \
netcat-traditional \
; \
rm -rf /var/lib/apt/lists/*;
RUN set -eux; \
\
savedAptMark="$(apt-mark showmanual)"; \
\
apt-get update; \
apt-get install -y --no-install-recommends \
libxml2-dev \
libssl-dev \
libavif-dev \
libfreetype6-dev \
libjpeg-dev \
libjpeg62-turbo-dev \
libpng-dev \
libzip-dev \
sqlite3 \
libsqlite3-dev \
zlib1g-dev \
libsodium-dev \
netpbm \
imagemagick \
libldap2-dev \
libicu-dev \
libmagickwand-dev \
libwebp-dev; \
\
docker-php-ext-configure gd --with-avif --with-freetype --with-jpeg --with-webp; \
\
docker-php-ext-install -j$(nproc) \
gd \
xml \
exif \
bcmath \
mysqli \
pdo \
pdo_sqlite \
sodium \
zip \
phar \
opcache; \
\
docker-php-ext-configure ldap --with-libdir=lib/x86_64-linux-gnu/ && \
docker-php-ext-install ldap; \
\
curl -fL -o imagick.tgz 'https://pecl.php.net/get/imagick-3.7.0.tgz'; \
echo '5a364354109029d224bcbb2e82e15b248be9b641227f45e63425c06531792d3e *imagick.tgz' | sha256sum -c -; \
tar --extract --directory /tmp --file imagick.tgz imagick-3.7.0; \
grep '^//#endif$' /tmp/imagick-3.7.0/Imagick.stub.php; \
test "$(grep -c '^//#endif$' /tmp/imagick-3.7.0/Imagick.stub.php)" = '1'; \
sed -i -e 's!^//#endif$!#endif!' /tmp/imagick-3.7.0/Imagick.stub.php; \
grep '^//#endif$' /tmp/imagick-3.7.0/Imagick.stub.php && exit 1 || :; \
docker-php-ext-install /tmp/imagick-3.7.0; \
rm -rf imagick.tgz /tmp/imagick-3.7.0; \
\
pecl install apcu && \
docker-php-ext-enable apcu; \
out="$(php -r 'exit(0);')"; \
[ -z "$out" ]; \
err="$(php -r 'exit(0);' 3>&1 1>&2 2>&3)"; \
[ -z "$err" ]; \
\
extDir="$(php -r 'echo ini_get("extension_dir");')"; \
[ -d "$extDir" ]; \
# reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies
apt-mark auto '.*' > /dev/null; \
apt-mark manual netpbm imagemagick $savedAptMark; \
ldd "$extDir"/*.so \
| awk '/=>/ { so = $(NF-1); if (index(so, "/usr/local/") == 1) { next }; gsub("^/(usr/)?", "", so); printf "*%s\n", so }' \
| sort -u \
| xargs -r dpkg-query --search \
| cut -d: -f1 \
| sort -u \
| xargs -rt apt-mark manual; \
\
apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \
rm -rf /var/lib/apt/lists/*; \
\
! { ldd "$extDir"/*.so | grep 'not found'; }; \
# check for output like "PHP Warning: PHP Startup: Unable to load dynamic library 'foo' (tried: ...)
err="$(php --version 3>&1 1>&2 2>&3)"; \
[ -z "$err" ]
# set recommended PHP.ini settings
# see https://secure.php.net/manual/en/opcache.installation.php
RUN { \
echo 'opcache.enable_cli=1'; \
echo 'opcache.memory_consumption=128'; \
echo 'opcache.interned_strings_buffer=8'; \
echo 'opcache.max_accelerated_files=10000'; \
echo 'opcache.revalidate_freq=2'; \
echo 'opcache.validate_timestamps=1'; \
echo 'opcache.dups_fix=0'; \
echo 'opcache.fast_shutdown=1'; \
} > /usr/local/etc/php/conf.d/opcache-recommended.ini
RUN { \
# https://www.php.net/manual/en/errorfunc.constants.php
echo 'error_reporting = E_ERROR | E_WARNING | E_PARSE | E_CORE_ERROR | E_CORE_WARNING | E_COMPILE_ERROR | E_COMPILE_WARNING | E_RECOVERABLE_ERROR'; \
echo 'display_errors = Off'; \
echo 'display_startup_errors = Off'; \
echo 'log_errors = On'; \
echo 'error_log = /dev/stderr'; \
echo 'log_errors_max_len = 1024'; \
echo 'ignore_repeated_errors = On'; \
echo 'ignore_repeated_source = Off'; \
echo 'html_errors = Off'; \
} > /usr/local/etc/php/conf.d/error-logging.ini
RUN set -eux; \
a2enmod rewrite expires headers; \
{ \
echo 'ServerSignature Off'; \
echo 'ServerTokens Prod'; \
echo 'Header unset Composed-By'; \
echo 'Header unset X-Powered-By'; \
} > /etc/apache2/conf-enabled/spip_headers.conf; \
# https://httpd.apache.org/docs/2.4/mod/mod_remoteip.html
a2enmod remoteip; \
{ \
echo 'RemoteIPHeader X-Forwarded-For'; \
# these IP ranges are reserved for "private" use and should thus *usually* be safe inside Docker
echo 'RemoteIPInternalProxy 10.0.0.0/8'; \
echo 'RemoteIPInternalProxy 172.16.0.0/12'; \
echo 'RemoteIPInternalProxy 192.168.0.0/16'; \
echo 'RemoteIPInternalProxy 169.254.0.0/16'; \
echo 'RemoteIPInternalProxy 127.0.0.0/8'; \
} > /etc/apache2/conf-available/remoteip.conf; \
a2enconf remoteip; \
# (replace all instances of "%h" with "%a" in LogFormat)
find /etc/apache2 -type f -name '*.conf' -exec sed -ri 's/([[:space:]]*LogFormat[[:space:]]+"[^"]*)%h([^"]*")/\1%a\2/g' '{}' +
ENV SPIP_VERSION %%SPIP_VERSION%%
ENV SPIP_PACKAGE %%SPIP_PACKAGE%%
# Install SPIP-Cli
RUN set -eux; \
cd /opt; \
curl --silent --show-error https://getcomposer.org/installer | php; \
fetchDeps=" \
git \
unzip \
"; \
apt-get update; \
apt-get install -y --no-install-recommends $fetchDeps; \
\
git clone https://git.spip.net/spip-contrib-outils/spip-cli.git /opt/spip-cli; \
rm -rf /opt/spip-cli/.git; \
rm -rf /opt/spip-cli/.gitattributes; \
rm -rf /opt/spip-cli/.gitignore; \
ln -s /opt/spip-cli/bin/spip /usr/local/bin/spip; \
ln -s /opt/spip-cli/bin/spipmu /usr/local/bin/spipmu; \
cd /opt/spip-cli && /opt/composer.phar install; \
\
curl -o spip.zip -fSL "files.spip.net/spip/archives/spip-v${SPIP_PACKAGE}.zip"; \
unzip spip.zip -d /usr/src/spip; \
rm spip.zip; \
chown -R www-data:www-data /usr/src/spip; \
\
apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false $fetchDeps; \
rm -rf /tmp/*; \
rm -rf /var/lib/apt/lists/*
VOLUME /var/www/html
# SPIP
ENV SPIP_AUTO_INSTALL 1
ENV SPIP_DB_SERVER mysql
ENV SPIP_DB_HOST mysql
ENV SPIP_DB_LOGIN spip
ENV SPIP_DB_PASS spip
ENV SPIP_DB_NAME spip
ENV SPIP_DB_PREFIX spip
ENV SPIP_ADMIN_NAME Admin
ENV SPIP_ADMIN_LOGIN admin
ENV SPIP_ADMIN_EMAIL admin@spip
ENV SPIP_ADMIN_PASS adminadmin
ENV SPIP_SITE_ADDRESS http://localhost
# PHP
ENV PHP_MAX_EXECUTION_TIME 60
ENV PHP_MEMORY_LIMIT 256M
ENV PHP_POST_MAX_SIZE 40M
ENV PHP_UPLOAD_MAX_FILESIZE 32M
ENV PHP_TIMEZONE America/Guadeloupe
EXPOSE 80
COPY ./docker-entrypoint.sh /
RUN chmod +x /docker-entrypoint.sh
ENTRYPOINT ["/docker-entrypoint.sh"]
CMD ["apache2-foreground"]
# Healthcheck
HEALTHCHECK --interval=30s --timeout=30s --start-period=5s --retries=7 \
CMD curl -f http://localhost/ecrire/ || exit 1