Added 8.2-nginx

README.md

@@ -88,7 +88,9 @@ networks:
 ```
 
 ### PHP version support
-- [x] PHP 8.3
+- [x] PHP 8.3 (Lightweight container with PHP 8.3 based on Alpine Linux)
+- [x] PHP 8.2 (Lightweight container with PHP 8.2 based on Alpine Linux)
+- [x] PHP 8.2-nginx (Lightweight container with PHP 8.2 and nginx based on Debian bullseye)
 
 
 ## License

docker-compose.yml

@@ -0,0 +1,41 @@
+x-function: &common_setup
+    build:
+        context: ./php/8.2-nginx/
+        dockerfile: ./Dockerfile
+    restart: always
+    environment:
+        CONTAINER_MODE: manual
+    networks:
+      - php
+
+services:
+
+  app:
+    <<: *common_setup
+    environment:
+      CONTAINER_ROLE: app
+    ports:
+      - '8000:80'
+
+  scheduler:
+    <<: *common_setup
+    environment:
+      CONTAINER_ROLE: scheduler
+      SCHEDULER_COMMAND: php -d variables_order=EGPCS /var/www/html/run.php --message="Scheduler" --loop=0
+      SCHEDULER_SLEEP: 3s
+
+  worker:
+    <<: *common_setup
+    environment:
+      CONTAINER_ROLE: worker
+      WORKER_COMMAND: php -d variables_order=EGPCS /var/www/html/run.php --message="Worker" --loop=1
+
+  horizon:
+    <<: *common_setup
+    environment:
+      CONTAINER_ROLE: horizon
+      HORIZON_COMMAND: php -d variables_order=EGPCS /var/www/html/run.php --message="Horizon" --loop=1
+
+networks:
+  php:
+    driver: bridge

php/8.2-nginx/Dockerfile

@@ -0,0 +1,87 @@
+FROM php:8.2-fpm-bullseye
+LABEL Maintainer="Fábio Assunçãp <[email protected]>"
+LABEL Description="Lightweight container with PHP 8.2 and nginx based on Debian bullseye."
+
+ARG WWWGROUP=33
+ARG WWWUSER=33
+
+WORKDIR /var/www/html
+
+ENV DEBIAN_FRONTEND noninteractive
+ENV TZ=UTC
+
+RUN ln -snf /usr/share/zoneinfo/$TZ /etc/localtime && echo $TZ > /etc/timezone
+
+RUN apt-get update \
+    && apt-get install -y gnupg gosu curl ca-certificates zip unzip pv libzip-dev git supervisor libcap2-bin libpng-dev python2 \
+    && apt-get install -y nginx \
+    && apt-get install -y default-mysql-client libpq-dev \
+    && apt-get install -y libldap2-dev libc-client-dev libkrb5-dev \
+    && apt-get install -y build-essential libcairo2-dev libpango1.0-dev libjpeg-dev libgif-dev librsvg2-dev \
+    && apt-get install -y libgmp-dev libmagickwand-dev --no-install-recommends
+
+RUN docker-php-ext-configure gd --with-freetype=/usr/include/ --with-jpeg=/usr/include/ \
+    && docker-php-ext-configure pgsql -with-pgsql=/usr/local/pgsql \
+    && docker-php-ext-configure imap --with-kerberos --with-imap-ssl \
+    && docker-php-ext-configure intl \
+    && docker-php-ext-install -j$(nproc) bcmath pdo_mysql pdo_pgsql pgsql ldap zip gd opcache exif imap mysqli intl \
+    && pecl install imagick redis xdebug-3.1.5 \
+    && docker-php-ext-enable redis \
+    && docker-php-ext-enable imagick \
+    && docker-php-ext-install gmp \
+    && php -r "readfile('https://getcomposer.org/installer');" | php -- --install-dir=/usr/bin/ --filename=composer \
+    && apt-get -y autoremove \
+    && apt-get clean \
+    && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*
+
+RUN usermod -d /var/www www-data
+RUN chown www-data:www-data /var/www/
+
+RUN usermod -u $WWWUSER www-data
+RUN groupmod -o -g $WWWGROUP www-data
+
+# Copy start script
+COPY ./entrypoint.sh /usr/local/bin/entrypoint
+RUN chmod +x /usr/local/bin/entrypoint
+
+COPY ./web.php /var/www/html/public/index.php
+
+# Copy supervisor config
+COPY ./supervisord/ /etc/supervisor/conf.d
+
+# Enable nginx site
+COPY ./nginx/sites-available /etc/nginx/sites-available
+COPY ./nginx/nginx.conf /etc/nginx/nginx.conf
+COPY ./nginx/snippets-available /etc/nginx/snippets-available
+RUN rm /etc/nginx/sites-enabled/default
+RUN ln -s /etc/nginx/sites-available/default /etc/nginx/sites-enabled/default
+
+# Increase limits
+RUN echo 'www-data soft nofile 65535' >> /etc/security/limits.conf
+RUN echo 'www-data hard nofile 65535' >> /etc/security/limits.conf
+RUN echo 'ULIMIT="-n 65535"' >> /etc/default/nginx
+
+# Copy php config files
+COPY ./php/zz-docker.conf /usr/local/etc/php-fpm.d/zz-docker.conf
+COPY ./php/php.ini /usr/local/etc/php/conf.d/99-app.ini
+COPY ./php/opcache.ini /usr/local/etc/php/conf.d/opcache.ini
+RUN mkdir -p /var/log/php
+
+# Copy ldap config files
+COPY ./ldap/ /etc/ldap
+
+# Copy application files
+COPY --chown=www-data:www-data ./ /var/www/html
+
+# Check if the composer.json file exists and then execute composer install
+RUN if [ -f /var/www/html/composer.json ]; then \
+    gosu www-data composer install --ignore-platform-reqs --no-interaction; \
+fi
+
+USER root
+
+EXPOSE 80
+EXPOSE 443
+
+# Set default command to launch the all-in-one configuration supervised by supervisord
+CMD ["/usr/local/bin/entrypoint"]

php/8.2-nginx/entrypoint.sh

@@ -0,0 +1,104 @@
+#!/usr/bin/env bash
+
+set -e
+
+# Set default values if not provided
+CONTAINER_MODE=${CONTAINER_MODE:-'manual'}
+CONTAINER_ROLE=${CONTAINER_ROLE:-'app'}
+APP_ENV=${APP_ENV:-'production'}
+
+ARTISAN=${ARTISAN:-"php -d variables_order=EGPCS /var/www/html/artisan"}
+WORKER_COMMAND=${WORKER_COMMAND:-"$ARTISAN queue:work -vv --no-interaction --tries=3 --sleep=5 --timeout=300 --delay=10"}
+HORIZON_COMMAND=${HORIZON_COMMAND:-"$ARTISAN horizon"}
+SCHEDULER_COMMAND=${SCHEDULER_COMMAND:-"$ARTISAN schedule:run --no-interaction"}
+SCHEDULER_SLEEP=${SCHEDULER_SLEEP:-"60s"}
+
+if [ "$ENABLE_XDEBUG" == "yes" ]; then
+    echo "Enabling xdebug"
+    docker-php-ext-enable xdebug
+fi
+
+# Function to log messages
+log() {
+    local type="$1"
+    local message="$2"
+    echo "[$type] $message"
+}
+
+# Function to run setup tasks
+run_setup_tasks() {
+    log "INFO" "Preparing application..."
+    if [ -w /var/www/html/storage ]; then
+        chown -R nobody:nobody /var/www/html/storage
+    else
+        log "WARNING" "Insufficient permissions to change ownership of storage directory"
+    fi
+
+    $ARTISAN storage:link || log "WARNING" "Failed to create storage link"
+    $ARTISAN config:cache || log "WARNING" "Failed to cache config"
+    $ARTISAN migrate --force || log "WARNING" "Failed to run migrations"
+}
+
+# Function to run scheduler command and log output
+run_scheduler() {
+    local output
+    while true; do
+        log "INFO" "Running scheduled tasks."
+        if $SCHEDULER_COMMAND 2>&1; then
+            log "INFO" "Scheduled tasks completed successfully."
+        else
+            log "ERROR" "Failed to run scheduled tasks"
+        fi
+        sleep $SCHEDULER_SLEEP
+    done
+}
+
+# Function to handle signals
+trap 'log "INFO" "Stopping container..."; exit 0;' SIGTERM SIGINT
+
+# Check if vendor directory exists
+if [ "$CONTAINER_MODE" = "automatic" ]; then
+    while [ ! -d "/var/www/html/vendor" ]; do
+        log "WARNING" "The directory /var/www/html/vendor does not exist yet. Please run the \"composer install\" command to ensure that all necessary dependencies are properly installed."
+        log "INFO" "Retrying in 300 seconds..."
+        sleep 300s
+    done
+fi
+
+# Check if artisan file exists
+if [ "$CONTAINER_MODE" = "automatic" ] && [ ! -f "/var/www/html/artisan" ]; then
+    log "ERROR" "The artisan file does not exist at /var/www/html/artisan. Please ensure the application is properly set up."
+    exit 1
+fi
+
+# Run setup tasks if in automatic mode
+if [ "$CONTAINER_MODE" = "automatic" ]; then
+    run_setup_tasks
+fi
+
+if [ $# -gt 0 ]; then
+    exec gosu www-data "$@"
+else
+    case "$CONTAINER_ROLE" in
+        app)
+            log "INFO" "Launching supervisord..."
+            exec /usr/bin/supervisord -c /etc/supervisor/conf.d/supervisord.conf
+            ;;
+        worker)
+            log "INFO" "Running the worker..."
+            exec gosu www-data $WORKER_COMMAND
+            ;;
+        horizon)
+            log "INFO" "Running horizon..."
+            exec gosu www-data $HORIZON_COMMAND
+            ;;
+        scheduler)
+            run_scheduler
+            ;;
+        *)
+            log "ERROR" "Could not match the container role \"$CONTAINER_ROLE\""
+            exit 1
+            ;;
+    esac
+fi
+

php/8.2-nginx/ldap/ldap.conf

@@ -0,0 +1 @@
+TLS_REQCERT never

php/8.2-nginx/nginx/nginx.conf

@@ -0,0 +1,79 @@
+user www-data;
+worker_processes 8;
+pid /run/nginx.pid;
+include /etc/nginx/modules-enabled/*.conf;
+
+worker_rlimit_nofile 65535;
+events {
+    #
+    # Determines how many clients will be served by each worker process.
+    # (Max clients = worker_connections * worker_processes)
+    # Should be equal to `ulimit -n / worker_processes`
+    #
+    worker_connections 8192;
+
+    #
+    # Let each process accept multiple connections.
+    # Accept as many connections as possible, after nginx gets notification
+    # about a new connection.
+    # May flood worker_connections, if that option is set too low.
+    #
+    multi_accept on;
+
+    #
+    # Preferred connection method for newer linux versions.
+    # Essential for linux, optmized to serve many clients with each thread.
+    #
+    use epoll;
+}
+
+http {
+
+        ##
+        # Basic Settings
+        ##
+
+        sendfile on;
+        tcp_nopush on;
+        types_hash_max_size 2048;
+        # server_tokens off;
+
+        # server_names_hash_bucket_size 64;
+        # server_name_in_redirect off;
+
+        include /etc/nginx/mime.types;
+        default_type application/octet-stream;
+
+        ##
+        # SSL Settings
+        ##
+
+        ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3; # Dropping SSLv3, ref: POODLE
+        ssl_prefer_server_ciphers on;
+
+        ##
+        # Logging Settings
+        ##
+
+        error_log /dev/stderr warn;
+
+        ##
+        # Gzip Settings
+        ##
+
+        gzip on;
+
+        # gzip_vary on;
+        # gzip_proxied any;
+        # gzip_comp_level 6;
+        # gzip_buffers 16 8k;
+        # gzip_http_version 1.1;
+        # gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;
+
+        ##
+        # Virtual Host Configs
+        ##
+
+        include /etc/nginx/conf.d/*.conf;
+        include /etc/nginx/sites-enabled/*;
+}

php/8.2-nginx/nginx/sites-available/default

@@ -0,0 +1,40 @@
+server {
+    listen 80;
+
+    include /etc/nginx/snippets/ssl*;
+
+    root /var/www/html/public;
+
+    location /private-storage/ {
+        internal;
+        alias /var/www/html/storage/app/;
+    }
+
+    add_header X-Frame-Options "SAMEORIGIN";
+    add_header X-Content-Type-Options "nosniff";
+
+    index index.php;
+
+    charset utf-8;
+
+    location / {
+        try_files $uri $uri/ /index.php?$query_string;
+    }
+
+    client_max_body_size 5G;
+
+    location = /favicon.ico { access_log off; log_not_found off; }
+    location = /robots.txt  { access_log off; log_not_found off; }
+
+    error_page 404 /index.php;
+
+    location ~ \.php$ {
+        fastcgi_pass unix:/var/run/php8.2-fpm.sock;
+        fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;
+        include fastcgi_params;
+    }
+
+    location ~ /\.(?!well-known).* {
+        deny all;
+    }
+}

php/8.2-nginx/nginx/snippets-available/ssl

@@ -0,0 +1,11 @@
+
+listen 443 ssl;
+
+ssl_certificate /local/certs/fullchain.pem;
+ssl_certificate_key /local/certs/privkey.pem;
+ssl_session_timeout 1d;
+ssl_session_cache shared:MozSSL:10m;
+ssl_session_tickets off;
+ssl_protocols TLSv1.2 TLSv1.3;
+ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
+ssl_prefer_server_ciphers off;

php/8.2-nginx/php/opcache.ini

@@ -0,0 +1,9 @@
+[opcache]
+opcache.enable=0
+opcache.memory_consumption=512
+opcache.interned_strings_buffer=64
+opcache.max_accelerated_files=32531
+opcache.save_comments=1
+opcache.fast_shutdown=0
+opcache.enable_cli=1
+opcache.validate_timestamps=0

php/8.2-nginx/php/php.ini

@@ -0,0 +1,4 @@
+[PHP]
+post_max_size = 5G
+upload_max_filesize = 5G
+variables_order = EGPCS