diff --git a/.github/workflows/ci-cd.yml b/.github/workflows/ci-cd.yml index 7fd0212..f82b633 100644 --- a/.github/workflows/ci-cd.yml +++ b/.github/workflows/ci-cd.yml @@ -16,7 +16,7 @@ jobs: strategy: matrix: - version: ['8.0-swoole', '8.1-swoole', '8.2-swoole', '8.3-swoole'] + version: ['8.0-swoole', '8.1-swoole', '8.2-swoole', '8.3-swoole', '8.4-swoole'] type: ['', '-prod'] steps: diff --git a/8.4-swoole-nginx-prod/Dockerfile b/8.4-swoole-nginx-prod/Dockerfile new file mode 100644 index 0000000..ff178e9 --- /dev/null +++ b/8.4-swoole-nginx-prod/Dockerfile @@ -0,0 +1,62 @@ +FROM debian AS cert + +WORKDIR /kool/ssl + +RUN apt-get update && \ + apt-get install -y openssl && \ + openssl genrsa -des3 -passout pass:x -out server.pass.key 2048 && \ + openssl rsa -passin pass:x -in server.pass.key -out _.localhost.key && \ + rm server.pass.key && \ + openssl req -new -key _.localhost.key -out server.csr \ + -subj "/C=XX/ST=XX/L=XX/O=Kool-Local/OU=Localhost/CN=*.localhost" && \ + openssl x509 -req -days 365 -in server.csr -signkey _.localhost.key -out _.localhost.crt && \ + openssl x509 -in _.localhost.crt -out _.localhost.pem + +FROM kooldev/php:8.4-swoole-prod + +ENV PHP_FPM_LISTEN=/run/php-fpm.sock \ + NGINX_LISTEN=80 \ + NGINX_HTTPS=false \ + NGINX_LISTEN_HTTPS=443 \ + NGINX_HTTPS_CERT=/kool/ssl/_.localhost.pem \ + NGINX_HTTPS_CERT_KEY=/kool/ssl/_.localhost.key \ + NGINX_ROOT=/app/public \ + NGINX_INDEX=index.php \ + NGINX_CLIENT_MAX_BODY_SIZE=25M \ + NGINX_PHP_FPM=unix:/run/php-fpm.sock \ + NGINX_FASTCGI_READ_TIMEOUT=60s \ + NGINX_FASTCGI_BUFFERS='8 8k' \ + NGINX_FASTCGI_BUFFER_SIZE='16k' \ + NGINX_ENTRYPOINT_WORKER_PROCESSES_AUTOTUNE=true + +RUN curl -L https://github.com/ochinchina/supervisord/releases/download/v0.6.3/supervisord_static_0.6.3_linux_amd64 -o /usr/local/bin/supervisord \ + && chmod +x /usr/local/bin/supervisord \ + && apk add --no-cache nginx \ + && chown -R kool:kool /var/lib/nginx \ + && chmod 770 /var/lib/nginx/tmp \ + && ln -sf /dev/stdout /var/log/nginx/access.log \ + && ln -sf /dev/stderr /var/log/nginx/error.log \ + # add h5bp/server-configs-nginx + && mkdir -p /etc/nginx/conf.d \ + && mkdir /etc/nginx/h5bp \ + && cd /etc/nginx/h5bp \ + && wget https://github.com/h5bp/server-configs-nginx/archive/refs/tags/3.3.0.tar.gz -O h5bp.tgz \ + && tar xzvf h5bp.tgz \ + && rm -f h5bp.tgz \ + && mv server-configs-nginx-*/h5bp/* . \ + && mv server-configs-nginx-*/nginx.conf /etc/nginx/nginx.conf \ + && sed -i "s|^user .*|user\ kool kool;|g" /etc/nginx/nginx.conf \ + && mv server-configs-nginx-*/mime.types /etc/nginx/mime.types \ + && rm -rf server-configs-nginx-* \ + && curl -L https://raw.githubusercontent.com/nginxinc/docker-nginx/master/entrypoint/30-tune-worker-processes.sh -o /kool/30-tune-worker-processes.sh \ + && chmod +x /kool/30-tune-worker-processes.sh + +COPY supervisor.conf /kool/supervisor.conf +COPY default.tmpl /kool/default.tmpl +COPY entrypoint /kool/entrypoint +COPY --from=cert /kool/ssl /kool/ssl +RUN chmod +x /kool/entrypoint + +EXPOSE 80 + +CMD [ "supervisord", "-c", "/kool/supervisor.conf" ] diff --git a/8.4-swoole-nginx-prod/default.tmpl b/8.4-swoole-nginx-prod/default.tmpl new file mode 100644 index 0000000..cf13ec7 --- /dev/null +++ b/8.4-swoole-nginx-prod/default.tmpl @@ -0,0 +1,72 @@ +map $http_upgrade $connection_upgrade { + default upgrade; + '' close; +} + +server { + listen {{ .Env.NGINX_LISTEN }} default_server; + server_name _; +{{ if isTrue .Env.NGINX_HTTPS }} + listen {{ .Env.NGINX_LISTEN_HTTPS }} ssl http2; + ssl_certificate {{ .Env.NGINX_HTTPS_CERT }}; + ssl_certificate_key {{ .Env.NGINX_HTTPS_CERT_KEY }}; + ssl_protocols TLSv1 TLSv1.1 TLSv1.2; + ssl_ciphers HIGH:!aNULL:!MD5; +{{ end }} + root {{ .Env.NGINX_ROOT }}; + index {{ .Env.NGINX_INDEX }}; + charset utf-8; + + location = /favicon.ico { log_not_found off; access_log off; } + location = /robots.txt { log_not_found off; access_log off; } + + client_max_body_size {{ .Env.NGINX_CLIENT_MAX_BODY_SIZE }}; + + error_page 404 /index.php; + + location /index.php { + try_files /not_exists @octane; + } + + location / { + try_files $uri $uri/ @octane; + + add_header X-Served-By kool.dev; + } + + location @octane { + set $suffix ""; + + if ($uri = /index.php) { + set $suffix ?$query_string; + } + + proxy_http_version 1.1; + proxy_set_header Host $http_host; + proxy_set_header Scheme $scheme; + proxy_set_header SERVER_PORT $server_port; + proxy_set_header REMOTE_ADDR $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection $connection_upgrade; + + proxy_pass http://127.0.0.1:8000$suffix; + } + + location ~ /\.ht { + deny all; + } + + # good practices + add_header X-Frame-Options "SAMEORIGIN"; + + # basic H5BP suggestions + include h5bp/internet_explorer/x-ua-compatible.conf; + include h5bp/security/referrer-policy.conf; + include h5bp/security/x-content-type-options.conf; + include h5bp/security/x-xss-protection.conf; + + # performance enhancements (mostly for caching static data) + include h5bp/web_performance/cache-file-descriptors.conf; + include h5bp/web_performance/pre-compressed_content_gzip.conf; +} diff --git a/8.4-swoole-nginx-prod/entrypoint b/8.4-swoole-nginx-prod/entrypoint new file mode 100644 index 0000000..535c40e --- /dev/null +++ b/8.4-swoole-nginx-prod/entrypoint @@ -0,0 +1,25 @@ +#!/bin/sh +set -e + + +# Run as current user +CURRENT_USER=${ASUSER:-${UID:-0}} + +if [ ! -z "$CURRENT_USER" ] && [ "$CURRENT_USER" != "0" ]; then + usermod -u $CURRENT_USER kool +fi + +dockerize -template /kool/kool.tmpl:/usr/local/etc/php/conf.d/kool.ini -template /kool/zz-docker.tmpl:/usr/local/etc/php-fpm.d/zz-docker.conf -template /kool/default.tmpl:/etc/nginx/conf.d/default.conf + +/kool/30-tune-worker-processes.sh + +# Run entrypoint if provided +if [ ! -z "$ENTRYPOINT" ] && [ -f "$ENTRYPOINT" ]; then + bash $ENTRYPOINT +fi + +if [ "$1" = "sh" ] || [ "$1" = "bash" ] || [ "$1" = "php-fpm" ] || [ "$1" = "nginx" ] || [ "$1" = "supervisord" ]; then + exec "$@" +else + exec su-exec kool "$@" +fi diff --git a/8.4-swoole-nginx-prod/supervisor.conf b/8.4-swoole-nginx-prod/supervisor.conf new file mode 100644 index 0000000..1737e28 --- /dev/null +++ b/8.4-swoole-nginx-prod/supervisor.conf @@ -0,0 +1,14 @@ +[program:nginx] +depends_on = octane +command = nginx -g "daemon off;" +autorestart = true +stopasgroup = true +stderr_logfile = /dev/stderr +stdout_logfile = /dev/stdout + +[program:octane] +command = su-exec kool php artisan octane:start +autorestart = true +stopasgroup = true +stderr_logfile = /dev/stderr +stdout_logfile = /dev/stdout diff --git a/8.4-swoole-nginx/Dockerfile b/8.4-swoole-nginx/Dockerfile new file mode 100644 index 0000000..1d9234d --- /dev/null +++ b/8.4-swoole-nginx/Dockerfile @@ -0,0 +1,62 @@ +FROM debian AS cert + +WORKDIR /kool/ssl + +RUN apt-get update && \ + apt-get install -y openssl && \ + openssl genrsa -des3 -passout pass:x -out server.pass.key 2048 && \ + openssl rsa -passin pass:x -in server.pass.key -out _.localhost.key && \ + rm server.pass.key && \ + openssl req -new -key _.localhost.key -out server.csr \ + -subj "/C=XX/ST=XX/L=XX/O=Kool-Local/OU=Localhost/CN=*.localhost" && \ + openssl x509 -req -days 365 -in server.csr -signkey _.localhost.key -out _.localhost.crt && \ + openssl x509 -in _.localhost.crt -out _.localhost.pem + +FROM kooldev/php:8.4-swoole + +ENV PHP_FPM_LISTEN=/run/php-fpm.sock \ + NGINX_LISTEN=80 \ + NGINX_HTTPS=false \ + NGINX_LISTEN_HTTPS=443 \ + NGINX_HTTPS_CERT=/kool/ssl/_.localhost.pem \ + NGINX_HTTPS_CERT_KEY=/kool/ssl/_.localhost.key \ + NGINX_ROOT=/app/public \ + NGINX_INDEX=index.php \ + NGINX_CLIENT_MAX_BODY_SIZE=25M \ + NGINX_PHP_FPM=unix:/run/php-fpm.sock \ + NGINX_FASTCGI_READ_TIMEOUT=60s \ + NGINX_FASTCGI_BUFFERS='8 8k' \ + NGINX_FASTCGI_BUFFER_SIZE='16k' \ + NGINX_ENTRYPOINT_WORKER_PROCESSES_AUTOTUNE=true + +RUN curl -L https://github.com/ochinchina/supervisord/releases/download/v0.6.3/supervisord_static_0.6.3_linux_amd64 -o /usr/local/bin/supervisord \ + && chmod +x /usr/local/bin/supervisord \ + && apk add --no-cache nginx \ + && chown -R kool:kool /var/lib/nginx \ + && chmod 770 /var/lib/nginx/tmp \ + && ln -sf /dev/stdout /var/log/nginx/access.log \ + && ln -sf /dev/stderr /var/log/nginx/error.log \ + # add h5bp/server-configs-nginx + && mkdir -p /etc/nginx/conf.d \ + && mkdir /etc/nginx/h5bp \ + && cd /etc/nginx/h5bp \ + && wget https://github.com/h5bp/server-configs-nginx/archive/refs/tags/3.3.0.tar.gz -O h5bp.tgz \ + && tar xzvf h5bp.tgz \ + && rm -f h5bp.tgz \ + && mv server-configs-nginx-*/h5bp/* . \ + && mv server-configs-nginx-*/nginx.conf /etc/nginx/nginx.conf \ + && sed -i "s|^user .*|user\ kool kool;|g" /etc/nginx/nginx.conf \ + && mv server-configs-nginx-*/mime.types /etc/nginx/mime.types \ + && rm -rf server-configs-nginx-* \ + && curl -L https://raw.githubusercontent.com/nginxinc/docker-nginx/master/entrypoint/30-tune-worker-processes.sh -o /kool/30-tune-worker-processes.sh \ + && chmod +x /kool/30-tune-worker-processes.sh + +COPY supervisor.conf /kool/supervisor.conf +COPY default.tmpl /kool/default.tmpl +COPY entrypoint /kool/entrypoint +COPY --from=cert /kool/ssl /kool/ssl +RUN chmod +x /kool/entrypoint + +EXPOSE 80 + +CMD [ "supervisord", "-c", "/kool/supervisor.conf" ] diff --git a/8.4-swoole-nginx/default.tmpl b/8.4-swoole-nginx/default.tmpl new file mode 100644 index 0000000..cf13ec7 --- /dev/null +++ b/8.4-swoole-nginx/default.tmpl @@ -0,0 +1,72 @@ +map $http_upgrade $connection_upgrade { + default upgrade; + '' close; +} + +server { + listen {{ .Env.NGINX_LISTEN }} default_server; + server_name _; +{{ if isTrue .Env.NGINX_HTTPS }} + listen {{ .Env.NGINX_LISTEN_HTTPS }} ssl http2; + ssl_certificate {{ .Env.NGINX_HTTPS_CERT }}; + ssl_certificate_key {{ .Env.NGINX_HTTPS_CERT_KEY }}; + ssl_protocols TLSv1 TLSv1.1 TLSv1.2; + ssl_ciphers HIGH:!aNULL:!MD5; +{{ end }} + root {{ .Env.NGINX_ROOT }}; + index {{ .Env.NGINX_INDEX }}; + charset utf-8; + + location = /favicon.ico { log_not_found off; access_log off; } + location = /robots.txt { log_not_found off; access_log off; } + + client_max_body_size {{ .Env.NGINX_CLIENT_MAX_BODY_SIZE }}; + + error_page 404 /index.php; + + location /index.php { + try_files /not_exists @octane; + } + + location / { + try_files $uri $uri/ @octane; + + add_header X-Served-By kool.dev; + } + + location @octane { + set $suffix ""; + + if ($uri = /index.php) { + set $suffix ?$query_string; + } + + proxy_http_version 1.1; + proxy_set_header Host $http_host; + proxy_set_header Scheme $scheme; + proxy_set_header SERVER_PORT $server_port; + proxy_set_header REMOTE_ADDR $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection $connection_upgrade; + + proxy_pass http://127.0.0.1:8000$suffix; + } + + location ~ /\.ht { + deny all; + } + + # good practices + add_header X-Frame-Options "SAMEORIGIN"; + + # basic H5BP suggestions + include h5bp/internet_explorer/x-ua-compatible.conf; + include h5bp/security/referrer-policy.conf; + include h5bp/security/x-content-type-options.conf; + include h5bp/security/x-xss-protection.conf; + + # performance enhancements (mostly for caching static data) + include h5bp/web_performance/cache-file-descriptors.conf; + include h5bp/web_performance/pre-compressed_content_gzip.conf; +} diff --git a/8.4-swoole-nginx/entrypoint b/8.4-swoole-nginx/entrypoint new file mode 100644 index 0000000..2780e2e --- /dev/null +++ b/8.4-swoole-nginx/entrypoint @@ -0,0 +1,34 @@ +#!/bin/sh +set -e + +if [ "$ENABLE_XDEBUG" == "true" ]; then + docker-php-ext-enable xdebug >> /dev/null 2>&1 + + if [ $? != "0" ]; then + echo "[ERROR] An error happened enabling xdebug" + + exit 1 + fi +fi + +# Run as current user +CURRENT_USER=${ASUSER:-${UID:-0}} + +if [ ! -z "$CURRENT_USER" ] && [ "$CURRENT_USER" != "0" ]; then + usermod -u $CURRENT_USER kool +fi + +dockerize -template /kool/kool.tmpl:/usr/local/etc/php/conf.d/kool.ini -template /kool/zz-docker.tmpl:/usr/local/etc/php-fpm.d/zz-docker.conf -template /kool/default.tmpl:/etc/nginx/conf.d/default.conf + +/kool/30-tune-worker-processes.sh + +# Run entrypoint if provided +if [ ! -z "$ENTRYPOINT" ] && [ -f "$ENTRYPOINT" ]; then + bash $ENTRYPOINT +fi + +if [ "$1" = "sh" ] || [ "$1" = "bash" ] || [ "$1" = "php-fpm" ] || [ "$1" = "nginx" ] || [ "$1" = "supervisord" ]; then + exec "$@" +else + exec su-exec kool "$@" +fi diff --git a/8.4-swoole-nginx/supervisor.conf b/8.4-swoole-nginx/supervisor.conf new file mode 100644 index 0000000..ac7aa23 --- /dev/null +++ b/8.4-swoole-nginx/supervisor.conf @@ -0,0 +1,14 @@ +[program:nginx] +depends_on = octane +command = nginx -g "daemon off;" +autorestart = true +stopasgroup = true +stderr_logfile = /dev/stderr +stdout_logfile = /dev/stdout + +[program:octane] +command = su-exec kool php artisan octane:start --watch +autorestart = true +stopasgroup = true +stderr_logfile = /dev/stderr +stdout_logfile = /dev/stdout diff --git a/8.4-swoole-prod/Dockerfile b/8.4-swoole-prod/Dockerfile new file mode 100644 index 0000000..c46d2d1 --- /dev/null +++ b/8.4-swoole-prod/Dockerfile @@ -0,0 +1,5 @@ +FROM kooldev/php:8.4-prod + +COPY --from=mlocati/php-extension-installer /usr/bin/install-php-extensions /usr/local/bin/ + +RUN install-php-extensions swoole diff --git a/8.4-swoole/Dockerfile b/8.4-swoole/Dockerfile new file mode 100644 index 0000000..6c59ec8 --- /dev/null +++ b/8.4-swoole/Dockerfile @@ -0,0 +1,5 @@ +FROM kooldev/php:8.4-node + +COPY --from=mlocati/php-extension-installer /usr/bin/install-php-extensions /usr/local/bin/ + +RUN install-php-extensions swoole diff --git a/README.md b/README.md index 241db46..d17b7b2 100644 --- a/README.md +++ b/README.md @@ -6,6 +6,11 @@ This image is based on [kooldev/php](https://github.com/kool-dev/docker-php), pl ## Available Tags +### 8.4 + +- [8.4](https://github.com/kool-dev/docker-php-swoole/blob/master/8.4-swoole/Dockerfile) and [8.4-prod](https://github.com/kool-dev/docker-php-swoole/blob/master/8.4-swoole-prod/Dockerfile) +- [8.4-nginx](https://github.com/kool-dev/docker-php-swoole/blob/master/8.4-swoole-nginx/Dockerfile) and [8.4-nginx-prod](https://github.com/kool-dev/docker-php-swoole/blob/master/8.4-swoole-nginx-prod/Dockerfile) + ### 8.3 - [8.3](https://github.com/kool-dev/docker-php-swoole/blob/master/8.3-swoole/Dockerfile) and [8.3-prod](https://github.com/kool-dev/docker-php-swoole/blob/master/8.3-swoole-prod/Dockerfile) diff --git a/fwd-template.json b/fwd-template.json index 6c6424a..2364dbe 100644 --- a/fwd-template.json +++ b/fwd-template.json @@ -320,6 +320,86 @@ "path": "template/supervisor-conf" } ] + }, + { + "name": "8.4-swoole", + "data": { + "from": "kooldev/php:8.4-node", + "prod": false, + "nginx": false + }, + "files": [ + { + "name": "Dockerfile", + "path": "template/Dockerfile" + } + ] + }, + { + "name": "8.4-swoole-prod", + "data": { + "from": "kooldev/php:8.4-prod", + "prod": true, + "nginx": false + }, + "files": [ + { + "name": "Dockerfile", + "path": "template/Dockerfile" + } + ] + }, + { + "name": "8.4-swoole-nginx", + "data": { + "from": "kooldev/php:8.4-swoole", + "prod": false, + "nginx": true + }, + "files": [ + { + "name": "Dockerfile", + "path": "template/Dockerfile-nginx" + }, + { + "name": "entrypoint", + "path": "template/entrypoint" + }, + { + "name": "default.tmpl", + "path": "template/default-tmpl" + }, + { + "name": "supervisor.conf", + "path": "template/supervisor-conf" + } + ] + }, + { + "name": "8.4-swoole-nginx-prod", + "data": { + "from": "kooldev/php:8.4-swoole-prod", + "prod": true, + "nginx": true + }, + "files": [ + { + "name": "Dockerfile", + "path": "template/Dockerfile-nginx" + }, + { + "name": "entrypoint", + "path": "template/entrypoint" + }, + { + "name": "default.tmpl", + "path": "template/default-tmpl" + }, + { + "name": "supervisor.conf", + "path": "template/supervisor-conf" + } + ] } ] } diff --git a/kool.yml b/kool.yml index 90aa914..54e7813 100644 --- a/kool.yml +++ b/kool.yml @@ -19,3 +19,7 @@ scripts: - docker build --pull -t kooldev/php:8.3-swoole-prod 8.3-swoole-prod - docker build -t kooldev/php:8.3-swoole-nginx 8.3-swoole-nginx - docker build -t kooldev/php:8.3-swoole-nginx-prod 8.3-swoole-nginx-prod + - docker build --pull -t kooldev/php:8.4-swoole 8.4-swoole + - docker build --pull -t kooldev/php:8.4-swoole-prod 8.4-swoole-prod + - docker build -t kooldev/php:8.4-swoole-nginx 8.4-swoole-nginx + - docker build -t kooldev/php:8.4-swoole-nginx-prod 8.4-swoole-nginx-prod