Loading .env 0 → 100644 +3 −0 Original line number Diff line number Diff line CONTAINER_NAME="test" NGINX_PORT=81 APP_BASE_DIR="./public" No newline at end of file .gitignore +2 −1 Original line number Diff line number Diff line .idea No newline at end of file .idea/ public/vendor No newline at end of file compose.yml 0 → 100644 +31 −0 Original line number Diff line number Diff line services: app: container_name: ${CONTAINER_NAME}_app build: context: ./docker/php target: app-dev args: COMPOSER_AUTH: "{}" APP_BASE_DIR: ${APP_BASE_DIR-.} restart: unless-stopped extra_hosts: - "host.docker.internal:host-gateway" volumes: - ${APP_BASE_DIR-.}:/app web: container_name: ${CONTAINER_NAME}_web build: context: ./docker/nginx target: web-dev args: APP_BASE_DIR: ${APP_BASE_DIR-.} restart: unless-stopped ports: - ${NGINX_PORT}:80 environment: PHP_FPM_HOST: app volumes: - ${APP_BASE_DIR-.}:/app/public depends_on: - app docker/nginx/Dockerfile 0 → 100644 +58 −0 Original line number Diff line number Diff line # ---------------------------------------------- Build Time Arguments -------------------------------------------------- ARG NGINX_VERSION="1.21" # ====================================================================================================================== # ====================================================================================================================== # --- NGINX --- # ====================================================================================================================== # ====================================================================================================================== FROM nginx:${NGINX_VERSION}-alpine AS nginx RUN rm -rf /var/www/* /etc/nginx/conf.d/* && adduser -u 1000 -D -S -G www-data www-data COPY nginx/nginx-* /usr/local/bin/ COPY nginx/ /etc/nginx/ RUN chown -R www-data /etc/nginx/ && chmod +x /usr/local/bin/nginx-* # The PHP-FPM Host ## Localhost is the sensible default assuming image run on a k8S Pod ENV PHP_FPM_HOST "localhost" ENV PHP_FPM_PORT "9000" ENV NGINX_LOG_FORMAT "json" # For Documentation EXPOSE 80 # Switch User USER www-data # Add Healthcheck HEALTHCHECK CMD ["nginx-healthcheck"] # Add Entrypoint ENTRYPOINT ["nginx-entrypoint"] # ====================================================================================================================== # --- NGINX PROD --- # ====================================================================================================================== FROM nginx AS web USER root RUN SECURITY_UPGRADES="curl"; \ apk add --no-cache --upgrade ${SECURITY_UPGRADES} USER www-data # Copy Public folder + Assets that's going to be served from Nginx COPY --chown=www-data:www-data --from=app /app/public /app/public # ====================================================================================================================== # --- NGINX DEV --- # ====================================================================================================================== FROM nginx AS web-dev ENV NGINX_LOG_FORMAT "combined" COPY --chown=www-data:www-data nginx/dev/*.conf /etc/nginx/conf.d/ COPY --chown=www-data:www-data nginx/dev/certs/ /etc/nginx/certs/ docker/nginx/nginx/conf.d/app.conf 0 → 100644 +92 −0 Original line number Diff line number Diff line upstream backend { # The number of idle keepalive connections to an upstream server that remain open for each worker process server ${PHP_FPM_HOST}:${PHP_FPM_PORT}; keepalive 40; keepalive_requests 250; # Must be less than php-fpm.conf:pm.max_requests keepalive_timeout 10; } server { listen 80; listen [::]:80; server_name localhost; set $base /app; root $base/public; # deny all dot files except .well-known location ~ /\.(?!well-known) { deny all; } # index.php index index.php; # index.php fallback location / { # try to serve file directly, fallback to index.php try_files $uri /index.php$is_args$args; } # Disable falling back to PHP script for the asset directories; location ~ ^/(public|bundles)/ { try_files $uri =404; } # handle non-files location ~ ^/index\.php(/|$) { # default fastcgi_params include fastcgi_params; # fastcgi settings fastcgi_pass backend; fastcgi_index index.php; fastcgi_buffers 8 16k; fastcgi_buffer_size 32k; fastcgi_split_path_info ^(.+\.php)(/.*)$; # fastcgi params fastcgi_param DOCUMENT_ROOT $realpath_root; fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name; fastcgi_param PHP_ADMIN_VALUE "open_basedir=none"; # Prevents URIs that include the front controller. This will 404: # http://domain.tld/index.php/some-path # Remove the internal directive to allow URIs like this internal; } # return 404 for all other php files not matching the front controller # this prevents access to other php files you don't want to be accessible. location ~ \.php$ { return 404; } # favicon.ico location = /favicon.ico { log_not_found off; access_log off; } # robots.txt location = /robots.txt { log_not_found off; access_log off; } # assets, media location ~* \.(?:css(\.map)?|js(\.map)?|jpe?g|png|gif|ico|cur|heic|webp|tiff?|mp3|m4a|aac|ogg|midi?|wav|mp4|mov|webm|mpe?g|avi|ogv|flv|wmv)$ { expires 7d; access_log off; } # svg, fonts location ~* \.(?:svgz?|ttf|ttc|otf|eot|woff2?)$ { add_header Access-Control-Allow-Origin "*"; expires 7d; access_log off; } } No newline at end of file Loading
.env 0 → 100644 +3 −0 Original line number Diff line number Diff line CONTAINER_NAME="test" NGINX_PORT=81 APP_BASE_DIR="./public" No newline at end of file
.gitignore +2 −1 Original line number Diff line number Diff line .idea No newline at end of file .idea/ public/vendor No newline at end of file
compose.yml 0 → 100644 +31 −0 Original line number Diff line number Diff line services: app: container_name: ${CONTAINER_NAME}_app build: context: ./docker/php target: app-dev args: COMPOSER_AUTH: "{}" APP_BASE_DIR: ${APP_BASE_DIR-.} restart: unless-stopped extra_hosts: - "host.docker.internal:host-gateway" volumes: - ${APP_BASE_DIR-.}:/app web: container_name: ${CONTAINER_NAME}_web build: context: ./docker/nginx target: web-dev args: APP_BASE_DIR: ${APP_BASE_DIR-.} restart: unless-stopped ports: - ${NGINX_PORT}:80 environment: PHP_FPM_HOST: app volumes: - ${APP_BASE_DIR-.}:/app/public depends_on: - app
docker/nginx/Dockerfile 0 → 100644 +58 −0 Original line number Diff line number Diff line # ---------------------------------------------- Build Time Arguments -------------------------------------------------- ARG NGINX_VERSION="1.21" # ====================================================================================================================== # ====================================================================================================================== # --- NGINX --- # ====================================================================================================================== # ====================================================================================================================== FROM nginx:${NGINX_VERSION}-alpine AS nginx RUN rm -rf /var/www/* /etc/nginx/conf.d/* && adduser -u 1000 -D -S -G www-data www-data COPY nginx/nginx-* /usr/local/bin/ COPY nginx/ /etc/nginx/ RUN chown -R www-data /etc/nginx/ && chmod +x /usr/local/bin/nginx-* # The PHP-FPM Host ## Localhost is the sensible default assuming image run on a k8S Pod ENV PHP_FPM_HOST "localhost" ENV PHP_FPM_PORT "9000" ENV NGINX_LOG_FORMAT "json" # For Documentation EXPOSE 80 # Switch User USER www-data # Add Healthcheck HEALTHCHECK CMD ["nginx-healthcheck"] # Add Entrypoint ENTRYPOINT ["nginx-entrypoint"] # ====================================================================================================================== # --- NGINX PROD --- # ====================================================================================================================== FROM nginx AS web USER root RUN SECURITY_UPGRADES="curl"; \ apk add --no-cache --upgrade ${SECURITY_UPGRADES} USER www-data # Copy Public folder + Assets that's going to be served from Nginx COPY --chown=www-data:www-data --from=app /app/public /app/public # ====================================================================================================================== # --- NGINX DEV --- # ====================================================================================================================== FROM nginx AS web-dev ENV NGINX_LOG_FORMAT "combined" COPY --chown=www-data:www-data nginx/dev/*.conf /etc/nginx/conf.d/ COPY --chown=www-data:www-data nginx/dev/certs/ /etc/nginx/certs/
docker/nginx/nginx/conf.d/app.conf 0 → 100644 +92 −0 Original line number Diff line number Diff line upstream backend { # The number of idle keepalive connections to an upstream server that remain open for each worker process server ${PHP_FPM_HOST}:${PHP_FPM_PORT}; keepalive 40; keepalive_requests 250; # Must be less than php-fpm.conf:pm.max_requests keepalive_timeout 10; } server { listen 80; listen [::]:80; server_name localhost; set $base /app; root $base/public; # deny all dot files except .well-known location ~ /\.(?!well-known) { deny all; } # index.php index index.php; # index.php fallback location / { # try to serve file directly, fallback to index.php try_files $uri /index.php$is_args$args; } # Disable falling back to PHP script for the asset directories; location ~ ^/(public|bundles)/ { try_files $uri =404; } # handle non-files location ~ ^/index\.php(/|$) { # default fastcgi_params include fastcgi_params; # fastcgi settings fastcgi_pass backend; fastcgi_index index.php; fastcgi_buffers 8 16k; fastcgi_buffer_size 32k; fastcgi_split_path_info ^(.+\.php)(/.*)$; # fastcgi params fastcgi_param DOCUMENT_ROOT $realpath_root; fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name; fastcgi_param PHP_ADMIN_VALUE "open_basedir=none"; # Prevents URIs that include the front controller. This will 404: # http://domain.tld/index.php/some-path # Remove the internal directive to allow URIs like this internal; } # return 404 for all other php files not matching the front controller # this prevents access to other php files you don't want to be accessible. location ~ \.php$ { return 404; } # favicon.ico location = /favicon.ico { log_not_found off; access_log off; } # robots.txt location = /robots.txt { log_not_found off; access_log off; } # assets, media location ~* \.(?:css(\.map)?|js(\.map)?|jpe?g|png|gif|ico|cur|heic|webp|tiff?|mp3|m4a|aac|ogg|midi?|wav|mp4|mov|webm|mpe?g|avi|ogv|flv|wmv)$ { expires 7d; access_log off; } # svg, fonts location ~* \.(?:svgz?|ttf|ttc|otf|eot|woff2?)$ { add_header Access-Control-Allow-Origin "*"; expires 7d; access_log off; } } No newline at end of file
