Skip to content
Snippets Groups Projects

Compare revisions

Changes are shown as if the source revision was being merged into the target revision. Learn more about comparing revisions.

Source

Select target project
No results found

Target

Select target project
  • a.plohih/stud-symfa
1 result
Show changes
Commits on Source (3)
Showing
with 293 additions and 83 deletions
CONTAINER_NAME="test"
NGINX_PORT=81
APP_BASE_DIR="./public"
\ No newline at end of file
.idea/
public/vendor
\ No newline at end of file
# Default ignored files
/shelf/
/workspace.xml
# Editor-based HTTP Client requests
/httpRequests/
# Datasource local storage ignored files
/dataSources/
/dataSources.local.xml
<?xml version="1.0" encoding="UTF-8"?>
<project version="4">
<component name="ProjectModuleManager">
<modules>
<module fileurl="file://$PROJECT_DIR$/.idea/stud-symfa.iml" filepath="$PROJECT_DIR$/.idea/stud-symfa.iml" />
</modules>
</component>
</project>
\ No newline at end of file
<?xml version="1.0" encoding="UTF-8"?>
<project version="4">
<component name="MessDetectorOptionsConfiguration">
<option name="transferred" value="true" />
</component>
<component name="PHPCSFixerOptionsConfiguration">
<option name="transferred" value="true" />
</component>
<component name="PHPCodeSnifferOptionsConfiguration">
<option name="highlightLevel" value="WARNING" />
<option name="transferred" value="true" />
</component>
<component name="PhpStanOptionsConfiguration">
<option name="transferred" value="true" />
</component>
<component name="PsalmOptionsConfiguration">
<option name="transferred" value="true" />
</component>
</project>
\ No newline at end of file
<?xml version="1.0" encoding="UTF-8"?>
<module type="WEB_MODULE" version="4">
<component name="NewModuleRootManager">
<content url="file://$MODULE_DIR$" />
<orderEntry type="inheritedJdk" />
<orderEntry type="sourceFolder" forTests="false" />
</component>
</module>
\ No newline at end of file
<?xml version="1.0" encoding="UTF-8"?>
<project version="4">
<component name="VcsDirectoryMappings">
<mapping directory="" vcs="Git" />
</component>
</project>
\ No newline at end of file
FROM php:fpm
WORKDIR ./app
COPY . .
RUN php index.php
services:
app:
container_name: ${CONTAINER_NAME}_app
build:
context: ./docker/php
target: app-dev
args:
COMPOSER_AUTH: "{}"
APP_BASE_DIR: ${APP_BASE_DIR-.}
restart: unless-stopped
extra_hosts:
- "host.docker.internal:host-gateway"
volumes:
- ${APP_BASE_DIR-.}:/app
web:
container_name: ${CONTAINER_NAME}_web
build:
context: ./docker/nginx
target: web-dev
args:
APP_BASE_DIR: ${APP_BASE_DIR-.}
restart: unless-stopped
ports:
- ${NGINX_PORT}:80
environment:
PHP_FPM_HOST: app
volumes:
- ${APP_BASE_DIR-.}:/app/public
depends_on:
- app
version: '3.1'
services:
php:
build:
context: app
dockerfile: Dockerfile
networks:
- app
volumes:
- ./app/:/app
nginx:
build:
context: ../stud-symfa/nginx
dockerfile: Dockerfile
ports:
- '80:80'
networks:
- app
volumes:
- ./app/:/app
networks:
app:
driver: bridge
# ---------------------------------------------- Build Time Arguments --------------------------------------------------
ARG NGINX_VERSION="1.21"
# ======================================================================================================================
# ======================================================================================================================
# --- NGINX ---
# ======================================================================================================================
# ======================================================================================================================
FROM nginx:${NGINX_VERSION}-alpine AS nginx
RUN rm -rf /var/www/* /etc/nginx/conf.d/* && adduser -u 1000 -D -S -G www-data www-data
COPY nginx/nginx-* /usr/local/bin/
COPY nginx/ /etc/nginx/
RUN chown -R www-data /etc/nginx/ && chmod +x /usr/local/bin/nginx-*
# The PHP-FPM Host
## Localhost is the sensible default assuming image run on a k8S Pod
ENV PHP_FPM_HOST "localhost"
ENV PHP_FPM_PORT "9000"
ENV NGINX_LOG_FORMAT "json"
# For Documentation
EXPOSE 80
# Switch User
USER www-data
# Add Healthcheck
HEALTHCHECK CMD ["nginx-healthcheck"]
# Add Entrypoint
ENTRYPOINT ["nginx-entrypoint"]
# ======================================================================================================================
# --- NGINX PROD ---
# ======================================================================================================================
FROM nginx AS web
USER root
RUN SECURITY_UPGRADES="curl"; \
apk add --no-cache --upgrade ${SECURITY_UPGRADES}
USER www-data
# Copy Public folder + Assets that's going to be served from Nginx
COPY --chown=www-data:www-data --from=app /app/public /app/public
# ======================================================================================================================
# --- NGINX DEV ---
# ======================================================================================================================
FROM nginx AS web-dev
ENV NGINX_LOG_FORMAT "combined"
COPY --chown=www-data:www-data nginx/dev/*.conf /etc/nginx/conf.d/
COPY --chown=www-data:www-data nginx/dev/certs/ /etc/nginx/certs/
upstream backend {
# The number of idle keepalive connections to an upstream server that remain open for each worker process
server ${PHP_FPM_HOST}:${PHP_FPM_PORT};
keepalive 40;
keepalive_requests 250; # Must be less than php-fpm.conf:pm.max_requests
keepalive_timeout 10;
}
server {
listen 80;
listen [::]:80;
server_name localhost;
set $base /app;
root $base/public;
# deny all dot files except .well-known
location ~ /\.(?!well-known) {
deny all;
}
# index.php
index index.php;
# index.php fallback
location / {
# try to serve file directly, fallback to index.php
try_files $uri /index.php$is_args$args;
}
# Disable falling back to PHP script for the asset directories;
location ~ ^/(public|bundles)/ {
try_files $uri =404;
}
# handle non-files
location ~ ^/index\.php(/|$) {
# default fastcgi_params
include fastcgi_params;
# fastcgi settings
fastcgi_pass backend;
fastcgi_index index.php;
fastcgi_buffers 8 16k;
fastcgi_buffer_size 32k;
fastcgi_split_path_info ^(.+\.php)(/.*)$;
# fastcgi params
fastcgi_param DOCUMENT_ROOT $realpath_root;
fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;
fastcgi_param PHP_ADMIN_VALUE "open_basedir=none";
# Prevents URIs that include the front controller. This will 404:
# http://domain.tld/index.php/some-path
# Remove the internal directive to allow URIs like this
internal;
}
# return 404 for all other php files not matching the front controller
# this prevents access to other php files you don't want to be accessible.
location ~ \.php$ {
return 404;
}
# favicon.ico
location = /favicon.ico {
log_not_found off;
access_log off;
}
# robots.txt
location = /robots.txt {
log_not_found off;
access_log off;
}
# assets, media
location ~* \.(?:css(\.map)?|js(\.map)?|jpe?g|png|gif|ico|cur|heic|webp|tiff?|mp3|m4a|aac|ogg|midi?|wav|mp4|mov|webm|mpe?g|avi|ogv|flv|wmv)$ {
expires 7d;
access_log off;
}
# svg, fonts
location ~* \.(?:svgz?|ttf|ttc|otf|eot|woff2?)$ {
add_header Access-Control-Allow-Origin "*";
expires 7d;
access_log off;
}
}
\ No newline at end of file
# Compression
gzip on;
gzip_disable "msie6";
gzip_vary on;
gzip_proxied any;
gzip_comp_level 6;
gzip_buffers 32 16k;
gzip_http_version 1.1;
gzip_min_length 250;
gzip_types image/jpeg image/bmp image/svg+xml text/plain text/css application/json application/javascript application/x-javascript text/xml application/xml application/xml+rss text/javascript image/x-icon;
\ No newline at end of file
# logging
log_format json escape=json '{"@timestamp":"$time_iso8601","status":"$status","method":"$request_method","path":"$request_uri","request_query":"$args","request_time":"$request_time","vhost":"$host","bytes_sent":"$bytes_sent","request_length":"$request_length","request_proto":"$server_protocol","remote_user":"$remote_user","remote_addr":"$remote_addr","http_referrer":"$http_referer","http_user_agent":"$http_user_agent"}';
access_log /dev/stdout ${NGINX_LOG_FORMAT};
error_log /dev/stderr warn;
\ No newline at end of file
# Healthcheck & Metrics endpoint on port 8090
server {
listen 8090;
listen [::]:8090;
location /stub_status {
stub_status;
access_log off;
allow 127.0.0.1;
deny all;
}
}
\ No newline at end of file
# Non Root Temp Paths
client_body_temp_path /tmp/client_temp;
proxy_temp_path /tmp/proxy_temp_path;
fastcgi_temp_path /tmp/fastcgi_temp;
uwsgi_temp_path /tmp/uwsgi_temp;
scgi_temp_path /tmp/scgi_temp;
\ No newline at end of file
-----BEGIN CERTIFICATE-----
MIICxDCCAawCCQCUYv2tOO4zGDANBgkqhkiG9w0BAQsFADAkMRAwDgYDVQQKDAdr
dWJlcGhwMRAwDgYDVQQDDAdrdWJlcGhwMB4XDTIyMDIyNTE0MzEwNloXDTMyMDIy
MzE0MzEwNlowJDEQMA4GA1UECgwHa3ViZXBocDEQMA4GA1UEAwwHa3ViZXBocDCC
ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALLdT4dDwxjNfc1POHfy/pTf
JBGonmisS1i0NlN/sSz+QrktsyNtH3dvAJp/kHnOoTGgY3QyDCBNtr8/mULLig7B
aAfGNDDuWJm7ayahxLoCfk2DZTcSf3NoOIPpvimwLfKxFOtuyOF742Lz3E3gVQ5+
aDsePRp8NPSc1dBzGkrxGkPLvv4GGa8+MzeznKSamDOQ4fdqGdJyCOvTcYl2Pu4E
ON6F5Z9cFOVu44l6VL7SzGpI86X6XGJY34PJ+KXg47Hs6/kGDt2UocgI0K3PfhDj
6FlAf6ZeQ2GG//JRCPmWt4/womawo9nVHKtIkNMq20Ja3ITXrQ//Gism6HHZFEMC
AwEAATANBgkqhkiG9w0BAQsFAAOCAQEAH3jtGiuTaga9O+83MJNW4XursYhR0VHs
BXDmWr87uXuKemAhBiN+YvWVkLu/Egr1lSWiQoO3besPQnQu75fEwTNpkBZliS3+
Rm5rtf+7stAC9vTKKaljksGj9ipnTktvwM2WjqrfnpYPokGIHsNOZRf9GXNXfAOw
YBKEz0sd8D3C26EgJjX9thoEW+pt2HkFYqp40jp8x3mGWXHTX2jpcXoyD1F2oB1i
4G4GHR5pSz79OGrO7YdR8g/8mV5lMmcVwzbX/lIVmBVAdXeC/CDQFW8I9B0eCHHJ
vCWTwoIb6aDWsDVKCqmot7CXczze5tvYomxZiEddq2vtSvfpduFlmw==
-----END CERTIFICATE-----
-----BEGIN PRIVATE KEY-----
MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQCy3U+HQ8MYzX3N
Tzh38v6U3yQRqJ5orEtYtDZTf7Es/kK5LbMjbR93bwCaf5B5zqExoGN0MgwgTba/
P5lCy4oOwWgHxjQw7liZu2smocS6An5Ng2U3En9zaDiD6b4psC3ysRTrbsjhe+Ni
89xN4FUOfmg7Hj0afDT0nNXQcxpK8RpDy77+BhmvPjM3s5ykmpgzkOH3ahnScgjr
03GJdj7uBDjeheWfXBTlbuOJelS+0sxqSPOl+lxiWN+Dyfil4OOx7Ov5Bg7dlKHI
CNCtz34Q4+hZQH+mXkNhhv/yUQj5lreP8KJmsKPZ1RyrSJDTKttCWtyE160P/xor
Juhx2RRDAgMBAAECggEBALLPVksGbgrkm6hdUzlu3h0b+mYA6OQBoo16E3lkBU7S
nQec7SI0XCm8+aB6eIedDz6adfJaeg7tQg1tWh0Rd+IKbaKf/dsQ29hMKfGD9TRz
e6qn+c6Vmn5YKW+OhEIO09B0QVKf/QiWHpr06T+dTcrgifjX4QQSOap1A7eQ6i8R
ryXdALrfG70RTYHSKu9B2mjn4vOXl0YNBhNlNAN5GBRh6iaqmSxRMWfURNK2P9Tc
lcHJFMW7duue38q6U5hPrVK/euXUtEoEDFXRzBXAZ2jcOzKxfJ6ZHXgP1wmWC6hS
fLWpnc2f7uc5A5EAS2cOOZBLbTZFkiGB1FSfmB+Bf6ECgYEA3kVeBE6Xv/E7PgPJ
AHQnMoISREASNxxS7Foly4VelzsL9qXO8Xb6hK/y/Cx6X5LFX108LvKLCn2d09qG
HPseA/A54uw2uUPztFNpHOnLgBCMo0qu4Rsp/FsermcUvTy8XL4NeUMM85vAJ4dQ
BjwDs7iDjZ7lVR0my5PJVEcXVZMCgYEAzgG30pdUuTrsL/Am5+ilR7qC/S7zOF/W
aQvvcX2EjzqtViCcalk80sJmsCLrkx2p8Qx54z3jW9pie6z6A90bVrAZ7QprjhMZ
mw+kEy+Me/htCp1Oh0Bj/X/GBGYVdJyEz3BkmUe4oUTQikYGNTN3INrTVBiiUpte
2r1QeHKZdJECgYAO6MBBsbPkIB5FLqPQ7/mhHbBz+4g9Qh0d1X4rhKqvojpPNRgI
gl6Tf+ngmGss9f9fQjXDQGmrLnnjuAi+8Ok2gmqfmhChpLk4I1AtrFEGKhYE7gGE
//l0//ey4x81AlnwLp9gvuqjfJMLE7x+bpAhAgNxAHOJngb4KNWcXZhnGQKBgBwe
Den3b7/sc+pDG/xRO6XjphdKfjX2lrw1vdO+rwYhmyEDSHYXgf6+O+fUjFTDGrvk
2QoUG2EhGIoK3QED/8RAOvmoj2+P2dHZO6rGtaUCDlgBioNZXYxvESbujAUji9kI
XSKysFeKnfARiK1gPeVFGM0Eo7skq7itWDtoYNuRAoGBAMpxteZlaIFY4Z0AIJ/Y
MkkIWIq0OujGD2ApXFXw6Dh3KHyF5z4YMUVIKYKW/dMDYd2WRPYFD6AZiWBFQadA
YUg0ks7ayF1FSPn2kldyr3AIysJjs6EGaj3svDN3rmIlLkS7vyYp0xfP7JG8l8Vm
Dq7DO0YZ9hJs1M/np0HU8z7f
-----END PRIVATE KEY-----
server {
listen 443 ssl;
server_name localhost;
ssl_certificate /etc/nginx/certs/dev-selfsigned.crt;
ssl_certificate_key /etc/nginx/certs/dev-selfsigned.key;
location / {
access_log off;
proxy_pass http://127.0.0.1:80;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
}
}
\ No newline at end of file
#!/bin/sh
set -eu
# Envsubset all files and only replace exported envs.
for f in $(find /etc/nginx/ -name "*.conf"); do cat $f | envsubst "$(env | sed -e 's/=.*//' -e 's/^/\$/g')" > "$f.tmp"; mv "$f.tmp" "$f"; done
# Give FPM some time to warmup
sleep 1
# Validate & Test nginx config (retry to wait if fpm host hasn't started yet)
timeout 30 sh -c "until nginx -t -q; do echo 'Runtime Test Failed, Retrying...'; sleep 5; done"
echo "► Started Nginx"
exec nginx -g 'daemon off;'