├── .github ├── dependabot.yml └── workflows │ ├── ci-cd.yml │ └── docker-description.yml ├── .gitignore ├── 8.0-nginx-prod ├── Dockerfile ├── default.tmpl ├── entrypoint └── supervisor.conf ├── 8.0-nginx ├── Dockerfile ├── default.tmpl ├── entrypoint └── supervisor.conf ├── 8.0-node └── Dockerfile ├── 8.0-prod ├── Dockerfile ├── entrypoint ├── kool.ini └── zz-docker.conf ├── 8.0 ├── Dockerfile ├── entrypoint ├── kool.ini └── zz-docker.conf ├── 8.1-nginx-prod ├── Dockerfile ├── default.tmpl ├── entrypoint └── supervisor.conf ├── 8.1-nginx ├── Dockerfile ├── default.tmpl ├── entrypoint └── supervisor.conf ├── 8.1-node └── Dockerfile ├── 8.1-prod ├── Dockerfile ├── entrypoint ├── kool.ini └── zz-docker.conf ├── 8.1 ├── Dockerfile ├── entrypoint ├── kool.ini └── zz-docker.conf ├── 8.2-nginx-prod ├── Dockerfile ├── default.tmpl ├── entrypoint └── supervisor.conf ├── 8.2-nginx ├── Dockerfile ├── default.tmpl ├── entrypoint └── supervisor.conf ├── 8.2-node └── Dockerfile ├── 8.2-prod ├── Dockerfile ├── entrypoint ├── kool.ini └── zz-docker.conf ├── 8.2 ├── Dockerfile ├── entrypoint ├── kool.ini └── zz-docker.conf ├── 8.3-nginx-prod ├── Dockerfile ├── default.tmpl ├── entrypoint └── supervisor.conf ├── 8.3-nginx ├── Dockerfile ├── default.tmpl ├── entrypoint └── supervisor.conf ├── 8.3-node └── Dockerfile ├── 8.3-prod ├── Dockerfile ├── entrypoint ├── kool.ini └── zz-docker.conf ├── 8.3 ├── Dockerfile ├── entrypoint ├── kool.ini └── zz-docker.conf ├── 8.4-nginx-prod ├── Dockerfile ├── default.tmpl ├── entrypoint └── supervisor.conf ├── 8.4-nginx ├── Dockerfile ├── default.tmpl ├── entrypoint └── supervisor.conf ├── 8.4-node └── Dockerfile ├── 8.4-prod ├── Dockerfile ├── entrypoint ├── kool.ini └── zz-docker.conf ├── 8.4 ├── Dockerfile ├── entrypoint ├── kool.ini └── zz-docker.conf ├── LICENSE.md ├── README.md ├── fwd-template.json ├── kool.yml └── template ├── Dockerfile-nginx.blade.php ├── Dockerfile-node.blade.php ├── Dockerfile.blade.php ├── default-tmpl.blade.php ├── entrypoint.blade.php ├── kool-ini.blade.php ├── supervisor-conf.blade.php └── zz-docker-conf.blade.php /.github/dependabot.yml: -------------------------------------------------------------------------------- 1 | version: 2 2 | 3 | updates: 4 | - package-ecosystem: "github-actions" 5 | directory: "/" 6 | schedule: 7 | interval: "daily" 8 | 9 | - package-ecosystem: "docker" 10 | directory: "/" 11 | schedule: 12 | interval: "daily" -------------------------------------------------------------------------------- /.github/workflows/ci-cd.yml: -------------------------------------------------------------------------------- 1 | name: CI/CD 2 | 3 | on: 4 | push: 5 | workflow_dispatch: 6 | schedule: 7 | - cron: '0 0 * * 0' 8 | 9 | jobs: 10 | build: 11 | runs-on: ubuntu-latest 12 | 13 | strategy: 14 | matrix: 15 | version: ['8.0', '8.1', '8.2', '8.3', '8.4'] 16 | type: ['', '-prod'] 17 | 18 | steps: 19 | - name: Checkout code 20 | uses: actions/checkout@v4.2.2 21 | 22 | - name: Setup QEMU 23 | uses: docker/setup-qemu-action@v3 24 | 25 | - name: Setup Docker Buildx 26 | uses: docker/setup-buildx-action@v3 27 | 28 | - name: Login to DockerHub 29 | uses: docker/login-action@v3 30 | if: github.ref == 'refs/heads/master' && github.repository == 'kool-dev/docker-php' 31 | with: 32 | username: ${{ secrets.DOCKER_USERNAME }} 33 | password: ${{ secrets.DOCKER_PASSWORD }} 34 | 35 | - name: Build and export to Docker 36 | uses: docker/build-push-action@v6 37 | with: 38 | context: ${{ matrix.version }}${{ matrix.type }} 39 | load: true 40 | tags: kooldev/php:${{ matrix.version }}${{ matrix.type }} 41 | 42 | - name: Tests 43 | run: | 44 | docker run kooldev/php:${{ matrix.version }}${{ matrix.type }} php -v 45 | docker run kooldev/php:${{ matrix.version }}${{ matrix.type }} composer -V 46 | docker run kooldev/php:${{ matrix.version }}${{ matrix.type }} composer1 -V 47 | docker run -e ASUSER=1000 kooldev/php:${{ matrix.version }}${{ matrix.type }} php -v 48 | docker run -e ASUSER=1000 kooldev/php:${{ matrix.version }}${{ matrix.type }} composer -V 49 | docker run -e ASUSER=1000 kooldev/php:${{ matrix.version }}${{ matrix.type }} composer1 -V 50 | docker run kooldev/php:${{ matrix.version }}${{ matrix.type }} php -m | grep readline 51 | docker run -e ENABLE_XDEBUG=true kooldev/php:${{ matrix.version }}${{ matrix.type }} php -m 52 | 53 | - name: Build and push 54 | uses: docker/build-push-action@v6 55 | if: github.ref == 'refs/heads/master' && github.repository == 'kool-dev/docker-php' 56 | with: 57 | context: ${{ matrix.version }}${{ matrix.type }} 58 | platforms: linux/amd64,linux/arm64 59 | push: true 60 | tags: kooldev/php:${{ matrix.version }}${{ matrix.type }} 61 | 62 | - name: Build and export to Docker (nginx) 63 | uses: docker/build-push-action@v6 64 | with: 65 | context: ${{ matrix.version }}-nginx${{ matrix.type }} 66 | load: true 67 | tags: kooldev/php:${{ matrix.version }}-nginx${{ matrix.type }} 68 | 69 | - name: Build and export to Docker (Node) 70 | uses: docker/build-push-action@v6 71 | if: matrix.type == '' 72 | with: 73 | context: ${{ matrix.version }}-node${{ matrix.type }} 74 | load: true 75 | tags: kooldev/php:${{ matrix.version }}-node${{ matrix.type }} 76 | 77 | - name: Tests (Node) 78 | if: matrix.type == '' 79 | run: | 80 | docker run kooldev/php:${{ matrix.version }}-node${{ matrix.type }} node -v 81 | docker run kooldev/php:${{ matrix.version }}-node${{ matrix.type }} npm -v 82 | docker run kooldev/php:${{ matrix.version }}-node${{ matrix.type }} yarn -v 83 | 84 | - name: Tests (nginx) 85 | run: | 86 | docker run kooldev/php:${{ matrix.version }}-nginx${{ matrix.type }} php -v 87 | docker run kooldev/php:${{ matrix.version }}-nginx${{ matrix.type }} composer -V 88 | docker run kooldev/php:${{ matrix.version }}-nginx${{ matrix.type }} composer1 -V 89 | docker run -e ASUSER=1000 kooldev/php:${{ matrix.version }}-nginx${{ matrix.type }} php -v 90 | docker run -e ASUSER=1000 kooldev/php:${{ matrix.version }}-nginx${{ matrix.type }} composer -V 91 | docker run -e ASUSER=1000 kooldev/php:${{ matrix.version }}-nginx${{ matrix.type }} composer1 -V 92 | docker run kooldev/php:${{ matrix.version }}-nginx${{ matrix.type }} php -m | grep readline 93 | docker run -e ENABLE_XDEBUG=true kooldev/php:${{ matrix.version }}-nginx${{ matrix.type }} php -m 94 | 95 | docker run kooldev/php:${{ matrix.version }}-nginx${{ matrix.type }} nginx -v 96 | docker run kooldev/php:${{ matrix.version }}-nginx${{ matrix.type }} supervisord version 97 | 98 | - name: Build and push (nginx) 99 | uses: docker/build-push-action@v6 100 | if: github.ref == 'refs/heads/master' && github.repository == 'kool-dev/docker-php' 101 | with: 102 | context: ${{ matrix.version }}-nginx${{ matrix.type }} 103 | platforms: linux/amd64,linux/arm64 104 | push: true 105 | tags: kooldev/php:${{ matrix.version }}-nginx${{ matrix.type }} 106 | 107 | - name: Build and push (Node) 108 | uses: docker/build-push-action@v6 109 | if: github.ref == 'refs/heads/master' && github.repository == 'kool-dev/docker-php' && matrix.type == '' 110 | with: 111 | context: ${{ matrix.version }}-node${{ matrix.type }} 112 | platforms: linux/amd64,linux/arm64 113 | push: true 114 | tags: kooldev/php:${{ matrix.version }}-node${{ matrix.type }} 115 | 116 | trigger-build-wordpress: 117 | name: Trigger Wordpress Build 118 | runs-on: ubuntu-latest 119 | needs: build 120 | steps: 121 | - name: Trigger build on kool-dev/docker-wordpress 122 | uses: benc-uk/workflow-dispatch@v1.2 123 | if: github.ref == 'refs/heads/master' && github.repository == 'kool-dev/docker-php' 124 | with: 125 | workflow: CI/CD 126 | repo: kool-dev/docker-wordpress 127 | token: ${{ secrets.WORKFLOW_TOKEN }} 128 | 129 | trigger-extended-builds: 130 | name: Trigger Extended Builds 131 | runs-on: ubuntu-latest 132 | needs: build 133 | strategy: 134 | matrix: 135 | image: 136 | - kool-dev/docker-php-sqlsrv 137 | - kool-dev/docker-php-swoole 138 | - kool-dev/docker-phpqa 139 | steps: 140 | - name: Trigger build on ${{ matrix.image }} 141 | uses: benc-uk/workflow-dispatch@v1.2 142 | if: github.ref == 'refs/heads/master' && github.repository == 'kool-dev/docker-php' 143 | with: 144 | workflow: CI/CD 145 | ref: refs/heads/main 146 | repo: ${{ matrix.image }} 147 | token: ${{ secrets.WORKFLOW_TOKEN }} 148 | -------------------------------------------------------------------------------- /.github/workflows/docker-description.yml: -------------------------------------------------------------------------------- 1 | name: Sync Docker Hub Description 2 | 3 | on: 4 | push: 5 | branches: 6 | - master 7 | paths: 8 | - README.md 9 | - .github/workflows/docker-description.yml 10 | 11 | jobs: 12 | docker-description: 13 | runs-on: ubuntu-latest 14 | steps: 15 | - uses: actions/checkout@v4.2.2 16 | 17 | - name: Sync Docker Hub Description 18 | uses: peter-evans/dockerhub-description@v4.0.0 19 | env: 20 | DOCKERHUB_USERNAME: ${{ secrets.DOCKERHUB_USERNAME }} 21 | DOCKERHUB_PASSWORD: ${{ secrets.DOCKERHUB_PASSWORD }} 22 | DOCKERHUB_REPOSITORY: kooldev/php 23 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | # IntelliJ project files 2 | *.iml 3 | *.iws 4 | *.ipr 5 | .idea/ 6 | 7 | # eclipse project file 8 | .settings/ 9 | .classpath 10 | .project 11 | 12 | # NetBeans specific 13 | nbproject/private/ 14 | build/ 15 | nbbuild/ 16 | dist/ 17 | nbdist/ 18 | nbactions.xml 19 | nb-configuration.xml 20 | 21 | # OS 22 | .DS_Store 23 | 24 | # Misc 25 | *.swp 26 | -------------------------------------------------------------------------------- /8.0-nginx-prod/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM debian AS cert 2 | 3 | WORKDIR /kool/ssl 4 | 5 | RUN apt-get update && \ 6 | apt-get install -y openssl && \ 7 | openssl genrsa -des3 -passout pass:x -out server.pass.key 2048 && \ 8 | openssl rsa -passin pass:x -in server.pass.key -out _.localhost.key && \ 9 | rm server.pass.key && \ 10 | openssl req -new -key _.localhost.key -out server.csr \ 11 | -subj "/C=XX/ST=XX/L=XX/O=Kool-Local/OU=Localhost/CN=*.localhost" && \ 12 | openssl x509 -req -days 365 -in server.csr -signkey _.localhost.key -out _.localhost.crt && \ 13 | openssl x509 -in _.localhost.crt -out _.localhost.pem 14 | 15 | FROM kooldev/php:8.0-prod 16 | 17 | ENV PHP_FPM_LISTEN=/run/php-fpm.sock \ 18 | NGINX_LISTEN=80 \ 19 | NGINX_HTTPS=false \ 20 | NGINX_LISTEN_HTTPS=443 \ 21 | NGINX_HTTPS_CERT=/kool/ssl/_.localhost.pem \ 22 | NGINX_HTTPS_CERT_KEY=/kool/ssl/_.localhost.key \ 23 | NGINX_ROOT=/app/public \ 24 | NGINX_INDEX=index.php \ 25 | NGINX_CLIENT_MAX_BODY_SIZE=25M \ 26 | NGINX_PHP_FPM=unix:/run/php-fpm.sock \ 27 | NGINX_FASTCGI_READ_TIMEOUT=60s \ 28 | NGINX_FASTCGI_BUFFERS='8 8k' \ 29 | NGINX_FASTCGI_BUFFER_SIZE='16k' \ 30 | NGINX_ENTRYPOINT_WORKER_PROCESSES_AUTOTUNE=true 31 | 32 | RUN curl -L https://github.com/ochinchina/supervisord/releases/download/v0.6.3/supervisord_static_0.6.3_linux_amd64 -o /usr/local/bin/supervisord \ 33 | && chmod +x /usr/local/bin/supervisord \ 34 | && apk add --no-cache nginx \ 35 | && chown -R kool:kool /var/lib/nginx \ 36 | && chmod 770 /var/lib/nginx/tmp \ 37 | && ln -sf /dev/stdout /var/log/nginx/access.log \ 38 | && ln -sf /dev/stderr /var/log/nginx/error.log \ 39 | # add h5bp/server-configs-nginx 40 | && mkdir -p /etc/nginx/conf.d \ 41 | && mkdir /etc/nginx/h5bp \ 42 | && cd /etc/nginx/h5bp \ 43 | && wget https://github.com/h5bp/server-configs-nginx/archive/refs/tags/3.3.0.tar.gz -O h5bp.tgz \ 44 | && tar xzvf h5bp.tgz \ 45 | && rm -f h5bp.tgz \ 46 | && mv server-configs-nginx-*/h5bp/* . \ 47 | && mv server-configs-nginx-*/nginx.conf /etc/nginx/nginx.conf \ 48 | && sed -i "s|^user .*|user\ kool kool;|g" /etc/nginx/nginx.conf \ 49 | && mv server-configs-nginx-*/mime.types /etc/nginx/mime.types \ 50 | && rm -rf server-configs-nginx-* \ 51 | && curl -L https://raw.githubusercontent.com/nginxinc/docker-nginx/master/entrypoint/30-tune-worker-processes.sh -o /kool/30-tune-worker-processes.sh \ 52 | && chmod +x /kool/30-tune-worker-processes.sh 53 | 54 | COPY supervisor.conf /kool/supervisor.conf 55 | COPY default.tmpl /kool/default.tmpl 56 | COPY entrypoint /kool/entrypoint 57 | COPY --from=cert /kool/ssl /kool/ssl 58 | RUN chmod +x /kool/entrypoint 59 | 60 | EXPOSE 80 61 | 62 | CMD [ "supervisord", "-c", "/kool/supervisor.conf" ] 63 | -------------------------------------------------------------------------------- /8.0-nginx-prod/default.tmpl: -------------------------------------------------------------------------------- 1 | server { 2 | listen {{ .Env.NGINX_LISTEN }} default_server; 3 | server_name _; 4 | {{ if isTrue .Env.NGINX_HTTPS }} 5 | listen {{ .Env.NGINX_LISTEN_HTTPS }} ssl http2; 6 | ssl_certificate {{ .Env.NGINX_HTTPS_CERT }}; 7 | ssl_certificate_key {{ .Env.NGINX_HTTPS_CERT_KEY }}; 8 | ssl_protocols TLSv1 TLSv1.1 TLSv1.2; 9 | ssl_ciphers HIGH:!aNULL:!MD5; 10 | {{ end }} 11 | root {{ .Env.NGINX_ROOT }}; 12 | index {{ .Env.NGINX_INDEX }}; 13 | charset utf-8; 14 | 15 | location = /favicon.ico { log_not_found off; access_log off; } 16 | location = /robots.txt { log_not_found off; access_log off; } 17 | 18 | client_max_body_size {{ .Env.NGINX_CLIENT_MAX_BODY_SIZE }}; 19 | 20 | error_page 404 /index.php; 21 | 22 | location / { 23 | try_files $uri $uri/ /{{ .Env.NGINX_INDEX }}?$query_string; 24 | 25 | add_header X-Served-By kool.dev; 26 | } 27 | 28 | location ~ \.php$ { 29 | fastcgi_buffers {{ .Env.NGINX_FASTCGI_BUFFERS }}; 30 | fastcgi_buffer_size {{ .Env.NGINX_FASTCGI_BUFFER_SIZE }}; 31 | fastcgi_pass {{ .Env.NGINX_PHP_FPM }}; 32 | fastcgi_read_timeout {{ .Env.NGINX_FASTCGI_READ_TIMEOUT }}; 33 | fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name; 34 | include fastcgi_params; 35 | } 36 | 37 | location ~ /\.ht { 38 | deny all; 39 | } 40 | 41 | # good practices 42 | add_header X-Frame-Options "SAMEORIGIN"; 43 | 44 | # basic H5BP suggestions 45 | include h5bp/internet_explorer/x-ua-compatible.conf; 46 | include h5bp/security/referrer-policy.conf; 47 | include h5bp/security/x-content-type-options.conf; 48 | include h5bp/security/x-xss-protection.conf; 49 | 50 | # performance enhancements (mostly for caching static data) 51 | include h5bp/web_performance/cache-file-descriptors.conf; 52 | include h5bp/web_performance/pre-compressed_content_gzip.conf; 53 | } 54 | -------------------------------------------------------------------------------- /8.0-nginx-prod/entrypoint: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | set -e 3 | 4 | 5 | # Run as current user 6 | CURRENT_USER=${ASUSER:-${UID:-0}} 7 | 8 | if [ ! -z "$CURRENT_USER" ] && [ "$CURRENT_USER" != "0" ]; then 9 | usermod -u $CURRENT_USER kool 10 | fi 11 | 12 | dockerize -template /kool/kool.tmpl:/usr/local/etc/php/conf.d/kool.ini -template /kool/zz-docker.tmpl:/usr/local/etc/php-fpm.d/zz-docker.conf -template /kool/default.tmpl:/etc/nginx/conf.d/default.conf 13 | 14 | /kool/30-tune-worker-processes.sh 15 | 16 | # Run entrypoint if provided 17 | if [ ! -z "$ENTRYPOINT" ] && [ -f "$ENTRYPOINT" ]; then 18 | bash $ENTRYPOINT 19 | fi 20 | 21 | if [ "$1" = "sh" ] || [ "$1" = "bash" ] || [ "$1" = "php-fpm" ] || [ "$1" = "nginx" ] || [ "$1" = "supervisord" ]; then 22 | exec "$@" 23 | else 24 | exec su-exec kool "$@" 25 | fi 26 | -------------------------------------------------------------------------------- /8.0-nginx-prod/supervisor.conf: -------------------------------------------------------------------------------- 1 | [program:nginx] 2 | depends_on = php-fpm 3 | command = nginx -g "daemon off;" 4 | stopasgroup = true 5 | stderr_logfile = /dev/stderr 6 | stdout_logfile = /dev/stdout 7 | 8 | [program:php-fpm] 9 | command = php-fpm 10 | stopasgroup = true 11 | stderr_logfile = /dev/stderr 12 | stdout_logfile = /dev/stdout 13 | -------------------------------------------------------------------------------- /8.0-nginx/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM debian AS cert 2 | 3 | WORKDIR /kool/ssl 4 | 5 | RUN apt-get update && \ 6 | apt-get install -y openssl && \ 7 | openssl genrsa -des3 -passout pass:x -out server.pass.key 2048 && \ 8 | openssl rsa -passin pass:x -in server.pass.key -out _.localhost.key && \ 9 | rm server.pass.key && \ 10 | openssl req -new -key _.localhost.key -out server.csr \ 11 | -subj "/C=XX/ST=XX/L=XX/O=Kool-Local/OU=Localhost/CN=*.localhost" && \ 12 | openssl x509 -req -days 365 -in server.csr -signkey _.localhost.key -out _.localhost.crt && \ 13 | openssl x509 -in _.localhost.crt -out _.localhost.pem 14 | 15 | FROM kooldev/php:8.0 16 | 17 | ENV PHP_FPM_LISTEN=/run/php-fpm.sock \ 18 | NGINX_LISTEN=80 \ 19 | NGINX_HTTPS=false \ 20 | NGINX_LISTEN_HTTPS=443 \ 21 | NGINX_HTTPS_CERT=/kool/ssl/_.localhost.pem \ 22 | NGINX_HTTPS_CERT_KEY=/kool/ssl/_.localhost.key \ 23 | NGINX_ROOT=/app/public \ 24 | NGINX_INDEX=index.php \ 25 | NGINX_CLIENT_MAX_BODY_SIZE=25M \ 26 | NGINX_PHP_FPM=unix:/run/php-fpm.sock \ 27 | NGINX_FASTCGI_READ_TIMEOUT=60s \ 28 | NGINX_FASTCGI_BUFFERS='8 8k' \ 29 | NGINX_FASTCGI_BUFFER_SIZE='16k' \ 30 | NGINX_ENTRYPOINT_WORKER_PROCESSES_AUTOTUNE=true 31 | 32 | RUN curl -L https://github.com/ochinchina/supervisord/releases/download/v0.6.3/supervisord_static_0.6.3_linux_amd64 -o /usr/local/bin/supervisord \ 33 | && chmod +x /usr/local/bin/supervisord \ 34 | && apk add --no-cache nginx \ 35 | && chown -R kool:kool /var/lib/nginx \ 36 | && chmod 770 /var/lib/nginx/tmp \ 37 | && ln -sf /dev/stdout /var/log/nginx/access.log \ 38 | && ln -sf /dev/stderr /var/log/nginx/error.log \ 39 | # add h5bp/server-configs-nginx 40 | && mkdir -p /etc/nginx/conf.d \ 41 | && mkdir /etc/nginx/h5bp \ 42 | && cd /etc/nginx/h5bp \ 43 | && wget https://github.com/h5bp/server-configs-nginx/archive/refs/tags/3.3.0.tar.gz -O h5bp.tgz \ 44 | && tar xzvf h5bp.tgz \ 45 | && rm -f h5bp.tgz \ 46 | && mv server-configs-nginx-*/h5bp/* . \ 47 | && mv server-configs-nginx-*/nginx.conf /etc/nginx/nginx.conf \ 48 | && sed -i "s|^user .*|user\ kool kool;|g" /etc/nginx/nginx.conf \ 49 | && mv server-configs-nginx-*/mime.types /etc/nginx/mime.types \ 50 | && rm -rf server-configs-nginx-* \ 51 | && curl -L https://raw.githubusercontent.com/nginxinc/docker-nginx/master/entrypoint/30-tune-worker-processes.sh -o /kool/30-tune-worker-processes.sh \ 52 | && chmod +x /kool/30-tune-worker-processes.sh 53 | 54 | COPY supervisor.conf /kool/supervisor.conf 55 | COPY default.tmpl /kool/default.tmpl 56 | COPY entrypoint /kool/entrypoint 57 | COPY --from=cert /kool/ssl /kool/ssl 58 | RUN chmod +x /kool/entrypoint 59 | 60 | EXPOSE 80 61 | 62 | CMD [ "supervisord", "-c", "/kool/supervisor.conf" ] 63 | -------------------------------------------------------------------------------- /8.0-nginx/default.tmpl: -------------------------------------------------------------------------------- 1 | server { 2 | listen {{ .Env.NGINX_LISTEN }} default_server; 3 | server_name _; 4 | {{ if isTrue .Env.NGINX_HTTPS }} 5 | listen {{ .Env.NGINX_LISTEN_HTTPS }} ssl http2; 6 | ssl_certificate {{ .Env.NGINX_HTTPS_CERT }}; 7 | ssl_certificate_key {{ .Env.NGINX_HTTPS_CERT_KEY }}; 8 | ssl_protocols TLSv1 TLSv1.1 TLSv1.2; 9 | ssl_ciphers HIGH:!aNULL:!MD5; 10 | {{ end }} 11 | root {{ .Env.NGINX_ROOT }}; 12 | index {{ .Env.NGINX_INDEX }}; 13 | charset utf-8; 14 | 15 | location = /favicon.ico { log_not_found off; access_log off; } 16 | location = /robots.txt { log_not_found off; access_log off; } 17 | 18 | client_max_body_size {{ .Env.NGINX_CLIENT_MAX_BODY_SIZE }}; 19 | 20 | error_page 404 /index.php; 21 | 22 | location / { 23 | try_files $uri $uri/ /{{ .Env.NGINX_INDEX }}?$query_string; 24 | 25 | add_header X-Served-By kool.dev; 26 | } 27 | 28 | location ~ \.php$ { 29 | fastcgi_buffers {{ .Env.NGINX_FASTCGI_BUFFERS }}; 30 | fastcgi_buffer_size {{ .Env.NGINX_FASTCGI_BUFFER_SIZE }}; 31 | fastcgi_pass {{ .Env.NGINX_PHP_FPM }}; 32 | fastcgi_read_timeout {{ .Env.NGINX_FASTCGI_READ_TIMEOUT }}; 33 | fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name; 34 | include fastcgi_params; 35 | } 36 | 37 | location ~ /\.ht { 38 | deny all; 39 | } 40 | 41 | # good practices 42 | add_header X-Frame-Options "SAMEORIGIN"; 43 | 44 | # basic H5BP suggestions 45 | include h5bp/internet_explorer/x-ua-compatible.conf; 46 | include h5bp/security/referrer-policy.conf; 47 | include h5bp/security/x-content-type-options.conf; 48 | include h5bp/security/x-xss-protection.conf; 49 | 50 | # performance enhancements (mostly for caching static data) 51 | include h5bp/web_performance/cache-file-descriptors.conf; 52 | include h5bp/web_performance/pre-compressed_content_gzip.conf; 53 | } 54 | -------------------------------------------------------------------------------- /8.0-nginx/entrypoint: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | set -e 3 | 4 | if [ "$ENABLE_XDEBUG" == "true" ]; then 5 | docker-php-ext-enable xdebug >> /dev/null 2>&1 6 | 7 | if [ $? != "0" ]; then 8 | echo "[ERROR] An error happened enabling xdebug" 9 | 10 | exit 1 11 | fi 12 | fi 13 | 14 | # Run as current user 15 | CURRENT_USER=${ASUSER:-${UID:-0}} 16 | 17 | if [ ! -z "$CURRENT_USER" ] && [ "$CURRENT_USER" != "0" ]; then 18 | usermod -u $CURRENT_USER kool 19 | fi 20 | 21 | dockerize -template /kool/kool.tmpl:/usr/local/etc/php/conf.d/kool.ini -template /kool/zz-docker.tmpl:/usr/local/etc/php-fpm.d/zz-docker.conf -template /kool/default.tmpl:/etc/nginx/conf.d/default.conf 22 | 23 | /kool/30-tune-worker-processes.sh 24 | 25 | # Run entrypoint if provided 26 | if [ ! -z "$ENTRYPOINT" ] && [ -f "$ENTRYPOINT" ]; then 27 | bash $ENTRYPOINT 28 | fi 29 | 30 | if [ "$1" = "sh" ] || [ "$1" = "bash" ] || [ "$1" = "php-fpm" ] || [ "$1" = "nginx" ] || [ "$1" = "supervisord" ]; then 31 | exec "$@" 32 | else 33 | exec su-exec kool "$@" 34 | fi 35 | -------------------------------------------------------------------------------- /8.0-nginx/supervisor.conf: -------------------------------------------------------------------------------- 1 | [program:nginx] 2 | depends_on = php-fpm 3 | command = nginx -g "daemon off;" 4 | stopasgroup = true 5 | stderr_logfile = /dev/stderr 6 | stdout_logfile = /dev/stdout 7 | 8 | [program:php-fpm] 9 | command = php-fpm 10 | stopasgroup = true 11 | stderr_logfile = /dev/stderr 12 | stdout_logfile = /dev/stdout 13 | -------------------------------------------------------------------------------- /8.0-node/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM kooldev/php:8.0 2 | 3 | RUN apk add --update --no-cache npm yarn \ 4 | && rm -rf /var/cache/apk/* /tmp/* 5 | -------------------------------------------------------------------------------- /8.0-prod/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM php:8.0-fpm-alpine 2 | 3 | ENV ASUSER= \ 4 | UID= \ 5 | COMPOSER_ALLOW_SUPERUSER=1 \ 6 | COMPOSER_MEMORY_LIMIT=-1 \ 7 | PHP_DATE_TIMEZONE=UTC \ 8 | PHP_MEMORY_LIMIT=256M \ 9 | PHP_MAX_INPUT_VARS=1000 \ 10 | PHP_UPLOAD_MAX_FILESIZE=25M \ 11 | PHP_POST_MAX_SIZE=25M \ 12 | PHP_MAX_EXECUTION_TIME=30 \ 13 | PHP_FPM_LISTEN=9000 \ 14 | PHP_FPM_MAX_CHILDREN=10 \ 15 | PHP_FPM_REQUEST_TERMINATE_TIMEOUT=60 \ 16 | ENTRYPOINT=entrypoint.php.sh 17 | 18 | WORKDIR /app 19 | 20 | RUN adduser -D -u 1337 kool \ 21 | && addgroup kool www-data \ 22 | # dockerize 23 | && curl -L https://github.com/jwilder/dockerize/releases/download/v0.6.1/dockerize-alpine-linux-amd64-v0.6.1.tar.gz | tar xz \ 24 | && mv dockerize /usr/local/bin/dockerize \ 25 | # deps 26 | && apk --no-cache add su-exec bash sed git openssh-client icu shadow procps \ 27 | freetype libpng libjpeg-turbo libzip-dev ghostscript imagemagick \ 28 | jpegoptim optipng pngquant gifsicle libldap \ 29 | libpq less \ 30 | # build-deps 31 | && apk add --no-cache --virtual .build-deps $PHPIZE_DEPS \ 32 | freetype-dev libpng-dev libjpeg-turbo-dev \ 33 | icu-dev libedit-dev libxml2-dev \ 34 | imagemagick-dev openldap-dev oniguruma-dev libwebp-dev \ 35 | postgresql-dev \ 36 | linux-headers \ 37 | # php-ext 38 | && docker-php-ext-configure gd --with-freetype --with-webp --with-jpeg \ 39 | && export CFLAGS="$PHP_CFLAGS" CPPFLAGS="$PHP_CPPFLAGS" LDFLAGS="$PHP_LDFLAGS" \ 40 | && docker-php-ext-install -j$(nproc) \ 41 | bcmath \ 42 | calendar \ 43 | exif \ 44 | gd \ 45 | intl \ 46 | ldap \ 47 | mbstring \ 48 | opcache \ 49 | pcntl \ 50 | pdo \ 51 | pdo_mysql \ 52 | pdo_pgsql \ 53 | soap \ 54 | xml \ 55 | zip \ 56 | sockets \ 57 | mysqli \ 58 | ftp \ 59 | && pecl install redis \ 60 | && pecl install imagick \ 61 | && docker-php-ext-enable imagick \ 62 | && docker-php-ext-enable redis \ 63 | && cp "/usr/local/etc/php/php.ini-production" "/usr/local/etc/php/php.ini" \ 64 | # composer 65 | && curl -sS https://getcomposer.org/installer | php -- --install-dir=/usr/local/bin --filename=composer \ 66 | && curl -sS https://getcomposer.org/installer | php -- --1 --install-dir=/usr/local/bin --filename=composer1 \ 67 | # cleanup 68 | && apk del .build-deps \ 69 | && rm -rf /var/cache/apk/* /tmp/* 70 | 71 | COPY kool.ini /kool/kool.tmpl 72 | COPY zz-docker.conf /kool/zz-docker.tmpl 73 | COPY entrypoint /kool/entrypoint 74 | RUN chmod +x /kool/entrypoint 75 | 76 | EXPOSE 9000 77 | 78 | ENTRYPOINT [ "/kool/entrypoint" ] 79 | CMD [ "php-fpm" ] 80 | -------------------------------------------------------------------------------- /8.0-prod/entrypoint: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | set -e 3 | 4 | 5 | # Run as current user 6 | CURRENT_USER=${ASUSER:-${UID:-0}} 7 | 8 | if [ ! -z "$CURRENT_USER" ] && [ "$CURRENT_USER" != "0" ]; then 9 | usermod -u $CURRENT_USER kool 10 | fi 11 | 12 | dockerize -template /kool/kool.tmpl:/usr/local/etc/php/conf.d/kool.ini -template /kool/zz-docker.tmpl:/usr/local/etc/php-fpm.d/zz-docker.conf 13 | 14 | 15 | # Run entrypoint if provided 16 | if [ ! -z "$ENTRYPOINT" ] && [ -f "$ENTRYPOINT" ]; then 17 | bash $ENTRYPOINT 18 | fi 19 | 20 | if [ "$1" = "sh" ] || [ "$1" = "bash" ] || [ "$1" = "php-fpm" ] ; then 21 | exec "$@" 22 | else 23 | exec su-exec kool "$@" 24 | fi 25 | -------------------------------------------------------------------------------- /8.0-prod/kool.ini: -------------------------------------------------------------------------------- 1 | [PHP] 2 | 3 | ; Maximum amount of memory a script may consume 4 | ; http://php.net/memory-limit 5 | memory_limit = {{ .Env.PHP_MEMORY_LIMIT }} 6 | 7 | ; Fix maximum variables per input 8 | max_input_vars = {{ .Env.PHP_MAX_INPUT_VARS }} 9 | 10 | ; Maximum allowed size for uploaded files. 11 | ; http://php.net/upload-max-filesize 12 | upload_max_filesize = {{ .Env.PHP_UPLOAD_MAX_FILESIZE }} 13 | 14 | ; Maximum size of POST data that PHP will accept. 15 | ; Its value may be 0 to disable the limit. It is ignored if POST data reading 16 | ; is disabled through enable_post_data_reading. 17 | ; http://php.net/post-max-size 18 | post_max_size = {{ .Env.PHP_POST_MAX_SIZE }} 19 | 20 | ; Maximum execution time of each script, in seconds 21 | ; http://php.net/max-execution-time 22 | ; Note: This directive is hardcoded to 0 for the CLI SAPI 23 | max_execution_time = {{ .Env.PHP_MAX_EXECUTION_TIME }} 24 | 25 | ; Default timezone used by all date/time functions. 26 | ; https://www.php.net/manual/en/datetime.configuration.php#ini.date.timezone 27 | date.timezone = {{ .Env.PHP_DATE_TIMEZONE }} 28 | 29 | 30 | [opcache] 31 | 32 | ; Determines if Zend OPCache is enabled 33 | opcache.enable=1 34 | 35 | ; The OPcache shared memory storage size. 36 | opcache.memory_consumption=512 37 | 38 | ; The amount of memory for interned strings in Mbytes. 39 | opcache.interned_strings_buffer=64 40 | 41 | ; The maximum number of keys (scripts) in the OPcache hash table. 42 | ; Only numbers between 200 and 1000000 are allowed. 43 | opcache.max_accelerated_files=30000 44 | 45 | ; When disabled, you must reset the OPcache manually or restart the 46 | ; webserver for changes to the filesystem to take effect. 47 | opcache.validate_timestamps=0 48 | 49 | ; If disabled, all PHPDoc comments are dropped from the code to reduce the 50 | ; size of the optimized code. 51 | opcache.save_comments=1 52 | -------------------------------------------------------------------------------- /8.0-prod/zz-docker.conf: -------------------------------------------------------------------------------- 1 | [global] 2 | daemonize = no 3 | 4 | [www] 5 | ; Unix user/group of processes 6 | ; Note: The user is mandatory. If the group is not set, the default user's group 7 | ; will be used. 8 | user = kool 9 | group = kool 10 | 11 | ; The address on which to accept FastCGI requests. 12 | ; Valid syntaxes are: 13 | ; 'ip.add.re.ss:port' - to listen on a TCP socket to a specific IPv4 address on 14 | ; a specific port; 15 | ; '[ip:6:addr:ess]:port' - to listen on a TCP socket to a specific IPv6 address on 16 | ; a specific port; 17 | ; 'port' - to listen on a TCP socket to all addresses 18 | ; (IPv6 and IPv4-mapped) on a specific port; 19 | ; '/path/to/unix/socket' - to listen on a unix socket. 20 | ; Note: This value is mandatory. 21 | listen = {{ .Env.PHP_FPM_LISTEN }} 22 | 23 | ; Set permissions for unix socket, if one is used. In Linux, read/write 24 | ; permissions must be set in order to allow connections from a web server. Many 25 | ; BSD-derived systems allow connections regardless of permissions. The owner 26 | ; and group can be specified either by name or by their numeric IDs. 27 | ; Default Values: user and group are set as the running user 28 | ; mode is set to 0660 29 | listen.owner = kool 30 | listen.group = kool 31 | 32 | ; The number of child processes to be created when pm is set to 'static' and the 33 | ; maximum number of child processes when pm is set to 'dynamic' or 'ondemand'. 34 | ; This value sets the limit on the number of simultaneous requests that will be 35 | ; served. Equivalent to the ApacheMaxClients directive with mpm_prefork. 36 | ; Equivalent to the PHP_FCGI_CHILDREN environment variable in the original PHP 37 | ; CGI. The below defaults are based on a server without much resources. Don't 38 | ; forget to tweak pm.* to fit your needs. 39 | ; Note: Used when pm is set to 'static', 'dynamic' or 'ondemand' 40 | ; Note: This value is mandatory. 41 | pm.max_children = {{ .Env.PHP_FPM_MAX_CHILDREN }} 42 | 43 | ; The timeout for serving a single request after which the worker process will 44 | ; be killed. This option should be used when the 'max_execution_time' ini option 45 | ; does not stop script execution for some reason. A value of '0' means 'off'. 46 | ; Available units: s(econds)(default), m(inutes), h(ours), or d(ays) 47 | ; Default Value: 0 48 | request_terminate_timeout = {{ .Env.PHP_FPM_REQUEST_TERMINATE_TIMEOUT }} 49 | -------------------------------------------------------------------------------- /8.0/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM php:8.0-fpm-alpine 2 | 3 | ENV ASUSER= \ 4 | UID= \ 5 | COMPOSER_ALLOW_SUPERUSER=1 \ 6 | COMPOSER_MEMORY_LIMIT=-1 \ 7 | ENABLE_XDEBUG=false \ 8 | PHP_DATE_TIMEZONE=UTC \ 9 | PHP_MEMORY_LIMIT=256M \ 10 | PHP_MAX_INPUT_VARS=1000 \ 11 | PHP_UPLOAD_MAX_FILESIZE=25M \ 12 | PHP_POST_MAX_SIZE=25M \ 13 | PHP_MAX_EXECUTION_TIME=30 \ 14 | PHP_FPM_LISTEN=9000 \ 15 | PHP_FPM_MAX_CHILDREN=10 \ 16 | PHP_FPM_REQUEST_TERMINATE_TIMEOUT=60 \ 17 | ENTRYPOINT=entrypoint.php.sh 18 | 19 | WORKDIR /app 20 | 21 | RUN adduser -D -u 1337 kool \ 22 | && addgroup kool www-data \ 23 | # dockerize 24 | && curl -L https://github.com/jwilder/dockerize/releases/download/v0.6.1/dockerize-alpine-linux-amd64-v0.6.1.tar.gz | tar xz \ 25 | && mv dockerize /usr/local/bin/dockerize \ 26 | # deps 27 | && apk --no-cache add su-exec bash sed git openssh-client icu shadow procps \ 28 | freetype libpng libjpeg-turbo libzip-dev ghostscript imagemagick \ 29 | jpegoptim optipng pngquant gifsicle libldap \ 30 | libpq less \ 31 | # build-deps 32 | && apk add --no-cache --virtual .build-deps $PHPIZE_DEPS \ 33 | freetype-dev libpng-dev libjpeg-turbo-dev \ 34 | icu-dev libedit-dev libxml2-dev \ 35 | imagemagick-dev openldap-dev oniguruma-dev libwebp-dev \ 36 | postgresql-dev \ 37 | linux-headers \ 38 | # php-ext 39 | && docker-php-ext-configure gd --with-freetype --with-webp --with-jpeg \ 40 | && export CFLAGS="$PHP_CFLAGS" CPPFLAGS="$PHP_CPPFLAGS" LDFLAGS="$PHP_LDFLAGS" \ 41 | && docker-php-ext-install -j$(nproc) \ 42 | bcmath \ 43 | calendar \ 44 | exif \ 45 | gd \ 46 | intl \ 47 | ldap \ 48 | mbstring \ 49 | pcntl \ 50 | pdo \ 51 | pdo_mysql \ 52 | pdo_pgsql \ 53 | soap \ 54 | xml \ 55 | zip \ 56 | sockets \ 57 | mysqli \ 58 | ftp \ 59 | && pecl install redis \ 60 | && pecl install xdebug \ 61 | && pecl install pcov && docker-php-ext-enable pcov \ 62 | && pecl install imagick \ 63 | && docker-php-ext-enable imagick \ 64 | && docker-php-ext-enable redis \ 65 | && cp "/usr/local/etc/php/php.ini-development" "/usr/local/etc/php/php.ini" \ 66 | # composer 67 | && curl -sS https://getcomposer.org/installer | php -- --install-dir=/usr/local/bin --filename=composer \ 68 | && curl -sS https://getcomposer.org/installer | php -- --1 --install-dir=/usr/local/bin --filename=composer1 \ 69 | # cleanup 70 | && apk del .build-deps \ 71 | && rm -rf /var/cache/apk/* /tmp/* 72 | 73 | COPY kool.ini /kool/kool.tmpl 74 | COPY zz-docker.conf /kool/zz-docker.tmpl 75 | COPY entrypoint /kool/entrypoint 76 | RUN chmod +x /kool/entrypoint 77 | 78 | EXPOSE 9000 79 | 80 | ENTRYPOINT [ "/kool/entrypoint" ] 81 | CMD [ "php-fpm" ] 82 | -------------------------------------------------------------------------------- /8.0/entrypoint: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | set -e 3 | 4 | if [ "$ENABLE_XDEBUG" == "true" ]; then 5 | docker-php-ext-enable xdebug >> /dev/null 2>&1 6 | 7 | if [ $? != "0" ]; then 8 | echo "[ERROR] An error happened enabling xdebug" 9 | 10 | exit 1 11 | fi 12 | fi 13 | 14 | # Run as current user 15 | CURRENT_USER=${ASUSER:-${UID:-0}} 16 | 17 | if [ ! -z "$CURRENT_USER" ] && [ "$CURRENT_USER" != "0" ]; then 18 | usermod -u $CURRENT_USER kool 19 | fi 20 | 21 | dockerize -template /kool/kool.tmpl:/usr/local/etc/php/conf.d/kool.ini -template /kool/zz-docker.tmpl:/usr/local/etc/php-fpm.d/zz-docker.conf 22 | 23 | 24 | # Run entrypoint if provided 25 | if [ ! -z "$ENTRYPOINT" ] && [ -f "$ENTRYPOINT" ]; then 26 | bash $ENTRYPOINT 27 | fi 28 | 29 | if [ "$1" = "sh" ] || [ "$1" = "bash" ] || [ "$1" = "php-fpm" ] ; then 30 | exec "$@" 31 | else 32 | exec su-exec kool "$@" 33 | fi 34 | -------------------------------------------------------------------------------- /8.0/kool.ini: -------------------------------------------------------------------------------- 1 | [PHP] 2 | 3 | ; Maximum amount of memory a script may consume 4 | ; http://php.net/memory-limit 5 | memory_limit = {{ .Env.PHP_MEMORY_LIMIT }} 6 | 7 | ; Fix maximum variables per input 8 | max_input_vars = {{ .Env.PHP_MAX_INPUT_VARS }} 9 | 10 | ; Maximum allowed size for uploaded files. 11 | ; http://php.net/upload-max-filesize 12 | upload_max_filesize = {{ .Env.PHP_UPLOAD_MAX_FILESIZE }} 13 | 14 | ; Maximum size of POST data that PHP will accept. 15 | ; Its value may be 0 to disable the limit. It is ignored if POST data reading 16 | ; is disabled through enable_post_data_reading. 17 | ; http://php.net/post-max-size 18 | post_max_size = {{ .Env.PHP_POST_MAX_SIZE }} 19 | 20 | ; Maximum execution time of each script, in seconds 21 | ; http://php.net/max-execution-time 22 | ; Note: This directive is hardcoded to 0 for the CLI SAPI 23 | max_execution_time = {{ .Env.PHP_MAX_EXECUTION_TIME }} 24 | 25 | ; Default timezone used by all date/time functions. 26 | ; https://www.php.net/manual/en/datetime.configuration.php#ini.date.timezone 27 | date.timezone = {{ .Env.PHP_DATE_TIMEZONE }} 28 | 29 | 30 | -------------------------------------------------------------------------------- /8.0/zz-docker.conf: -------------------------------------------------------------------------------- 1 | [global] 2 | daemonize = no 3 | 4 | [www] 5 | ; Unix user/group of processes 6 | ; Note: The user is mandatory. If the group is not set, the default user's group 7 | ; will be used. 8 | user = kool 9 | group = kool 10 | 11 | ; The address on which to accept FastCGI requests. 12 | ; Valid syntaxes are: 13 | ; 'ip.add.re.ss:port' - to listen on a TCP socket to a specific IPv4 address on 14 | ; a specific port; 15 | ; '[ip:6:addr:ess]:port' - to listen on a TCP socket to a specific IPv6 address on 16 | ; a specific port; 17 | ; 'port' - to listen on a TCP socket to all addresses 18 | ; (IPv6 and IPv4-mapped) on a specific port; 19 | ; '/path/to/unix/socket' - to listen on a unix socket. 20 | ; Note: This value is mandatory. 21 | listen = {{ .Env.PHP_FPM_LISTEN }} 22 | 23 | ; Set permissions for unix socket, if one is used. In Linux, read/write 24 | ; permissions must be set in order to allow connections from a web server. Many 25 | ; BSD-derived systems allow connections regardless of permissions. The owner 26 | ; and group can be specified either by name or by their numeric IDs. 27 | ; Default Values: user and group are set as the running user 28 | ; mode is set to 0660 29 | listen.owner = kool 30 | listen.group = kool 31 | 32 | ; The number of child processes to be created when pm is set to 'static' and the 33 | ; maximum number of child processes when pm is set to 'dynamic' or 'ondemand'. 34 | ; This value sets the limit on the number of simultaneous requests that will be 35 | ; served. Equivalent to the ApacheMaxClients directive with mpm_prefork. 36 | ; Equivalent to the PHP_FCGI_CHILDREN environment variable in the original PHP 37 | ; CGI. The below defaults are based on a server without much resources. Don't 38 | ; forget to tweak pm.* to fit your needs. 39 | ; Note: Used when pm is set to 'static', 'dynamic' or 'ondemand' 40 | ; Note: This value is mandatory. 41 | pm.max_children = {{ .Env.PHP_FPM_MAX_CHILDREN }} 42 | 43 | ; The timeout for serving a single request after which the worker process will 44 | ; be killed. This option should be used when the 'max_execution_time' ini option 45 | ; does not stop script execution for some reason. A value of '0' means 'off'. 46 | ; Available units: s(econds)(default), m(inutes), h(ours), or d(ays) 47 | ; Default Value: 0 48 | request_terminate_timeout = {{ .Env.PHP_FPM_REQUEST_TERMINATE_TIMEOUT }} 49 | -------------------------------------------------------------------------------- /8.1-nginx-prod/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM debian AS cert 2 | 3 | WORKDIR /kool/ssl 4 | 5 | RUN apt-get update && \ 6 | apt-get install -y openssl && \ 7 | openssl genrsa -des3 -passout pass:x -out server.pass.key 2048 && \ 8 | openssl rsa -passin pass:x -in server.pass.key -out _.localhost.key && \ 9 | rm server.pass.key && \ 10 | openssl req -new -key _.localhost.key -out server.csr \ 11 | -subj "/C=XX/ST=XX/L=XX/O=Kool-Local/OU=Localhost/CN=*.localhost" && \ 12 | openssl x509 -req -days 365 -in server.csr -signkey _.localhost.key -out _.localhost.crt && \ 13 | openssl x509 -in _.localhost.crt -out _.localhost.pem 14 | 15 | FROM kooldev/php:8.1-prod 16 | 17 | ENV PHP_FPM_LISTEN=/run/php-fpm.sock \ 18 | NGINX_LISTEN=80 \ 19 | NGINX_HTTPS=false \ 20 | NGINX_LISTEN_HTTPS=443 \ 21 | NGINX_HTTPS_CERT=/kool/ssl/_.localhost.pem \ 22 | NGINX_HTTPS_CERT_KEY=/kool/ssl/_.localhost.key \ 23 | NGINX_ROOT=/app/public \ 24 | NGINX_INDEX=index.php \ 25 | NGINX_CLIENT_MAX_BODY_SIZE=25M \ 26 | NGINX_PHP_FPM=unix:/run/php-fpm.sock \ 27 | NGINX_FASTCGI_READ_TIMEOUT=60s \ 28 | NGINX_FASTCGI_BUFFERS='8 8k' \ 29 | NGINX_FASTCGI_BUFFER_SIZE='16k' \ 30 | NGINX_ENTRYPOINT_WORKER_PROCESSES_AUTOTUNE=true 31 | 32 | RUN curl -L https://github.com/ochinchina/supervisord/releases/download/v0.6.3/supervisord_static_0.6.3_linux_amd64 -o /usr/local/bin/supervisord \ 33 | && chmod +x /usr/local/bin/supervisord \ 34 | && apk add --no-cache nginx \ 35 | && chown -R kool:kool /var/lib/nginx \ 36 | && chmod 770 /var/lib/nginx/tmp \ 37 | && ln -sf /dev/stdout /var/log/nginx/access.log \ 38 | && ln -sf /dev/stderr /var/log/nginx/error.log \ 39 | # add h5bp/server-configs-nginx 40 | && mkdir -p /etc/nginx/conf.d \ 41 | && mkdir /etc/nginx/h5bp \ 42 | && cd /etc/nginx/h5bp \ 43 | && wget https://github.com/h5bp/server-configs-nginx/archive/refs/tags/3.3.0.tar.gz -O h5bp.tgz \ 44 | && tar xzvf h5bp.tgz \ 45 | && rm -f h5bp.tgz \ 46 | && mv server-configs-nginx-*/h5bp/* . \ 47 | && mv server-configs-nginx-*/nginx.conf /etc/nginx/nginx.conf \ 48 | && sed -i "s|^user .*|user\ kool kool;|g" /etc/nginx/nginx.conf \ 49 | && mv server-configs-nginx-*/mime.types /etc/nginx/mime.types \ 50 | && rm -rf server-configs-nginx-* \ 51 | && curl -L https://raw.githubusercontent.com/nginxinc/docker-nginx/master/entrypoint/30-tune-worker-processes.sh -o /kool/30-tune-worker-processes.sh \ 52 | && chmod +x /kool/30-tune-worker-processes.sh 53 | 54 | COPY supervisor.conf /kool/supervisor.conf 55 | COPY default.tmpl /kool/default.tmpl 56 | COPY entrypoint /kool/entrypoint 57 | COPY --from=cert /kool/ssl /kool/ssl 58 | RUN chmod +x /kool/entrypoint 59 | 60 | EXPOSE 80 61 | 62 | CMD [ "supervisord", "-c", "/kool/supervisor.conf" ] 63 | -------------------------------------------------------------------------------- /8.1-nginx-prod/default.tmpl: -------------------------------------------------------------------------------- 1 | server { 2 | listen {{ .Env.NGINX_LISTEN }} default_server; 3 | server_name _; 4 | {{ if isTrue .Env.NGINX_HTTPS }} 5 | listen {{ .Env.NGINX_LISTEN_HTTPS }} ssl http2; 6 | ssl_certificate {{ .Env.NGINX_HTTPS_CERT }}; 7 | ssl_certificate_key {{ .Env.NGINX_HTTPS_CERT_KEY }}; 8 | ssl_protocols TLSv1 TLSv1.1 TLSv1.2; 9 | ssl_ciphers HIGH:!aNULL:!MD5; 10 | {{ end }} 11 | root {{ .Env.NGINX_ROOT }}; 12 | index {{ .Env.NGINX_INDEX }}; 13 | charset utf-8; 14 | 15 | location = /favicon.ico { log_not_found off; access_log off; } 16 | location = /robots.txt { log_not_found off; access_log off; } 17 | 18 | client_max_body_size {{ .Env.NGINX_CLIENT_MAX_BODY_SIZE }}; 19 | 20 | error_page 404 /index.php; 21 | 22 | location / { 23 | try_files $uri $uri/ /{{ .Env.NGINX_INDEX }}?$query_string; 24 | 25 | add_header X-Served-By kool.dev; 26 | } 27 | 28 | location ~ \.php$ { 29 | fastcgi_buffers {{ .Env.NGINX_FASTCGI_BUFFERS }}; 30 | fastcgi_buffer_size {{ .Env.NGINX_FASTCGI_BUFFER_SIZE }}; 31 | fastcgi_pass {{ .Env.NGINX_PHP_FPM }}; 32 | fastcgi_read_timeout {{ .Env.NGINX_FASTCGI_READ_TIMEOUT }}; 33 | fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name; 34 | include fastcgi_params; 35 | } 36 | 37 | location ~ /\.ht { 38 | deny all; 39 | } 40 | 41 | # good practices 42 | add_header X-Frame-Options "SAMEORIGIN"; 43 | 44 | # basic H5BP suggestions 45 | include h5bp/internet_explorer/x-ua-compatible.conf; 46 | include h5bp/security/referrer-policy.conf; 47 | include h5bp/security/x-content-type-options.conf; 48 | include h5bp/security/x-xss-protection.conf; 49 | 50 | # performance enhancements (mostly for caching static data) 51 | include h5bp/web_performance/cache-file-descriptors.conf; 52 | include h5bp/web_performance/pre-compressed_content_gzip.conf; 53 | } 54 | -------------------------------------------------------------------------------- /8.1-nginx-prod/entrypoint: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | set -e 3 | 4 | 5 | # Run as current user 6 | CURRENT_USER=${ASUSER:-${UID:-0}} 7 | 8 | if [ ! -z "$CURRENT_USER" ] && [ "$CURRENT_USER" != "0" ]; then 9 | usermod -u $CURRENT_USER kool 10 | fi 11 | 12 | dockerize -template /kool/kool.tmpl:/usr/local/etc/php/conf.d/kool.ini -template /kool/zz-docker.tmpl:/usr/local/etc/php-fpm.d/zz-docker.conf -template /kool/default.tmpl:/etc/nginx/conf.d/default.conf 13 | 14 | /kool/30-tune-worker-processes.sh 15 | 16 | # Run entrypoint if provided 17 | if [ ! -z "$ENTRYPOINT" ] && [ -f "$ENTRYPOINT" ]; then 18 | bash $ENTRYPOINT 19 | fi 20 | 21 | if [ "$1" = "sh" ] || [ "$1" = "bash" ] || [ "$1" = "php-fpm" ] || [ "$1" = "nginx" ] || [ "$1" = "supervisord" ]; then 22 | exec "$@" 23 | else 24 | exec su-exec kool "$@" 25 | fi 26 | -------------------------------------------------------------------------------- /8.1-nginx-prod/supervisor.conf: -------------------------------------------------------------------------------- 1 | [program:nginx] 2 | depends_on = php-fpm 3 | command = nginx -g "daemon off;" 4 | stopasgroup = true 5 | stderr_logfile = /dev/stderr 6 | stdout_logfile = /dev/stdout 7 | 8 | [program:php-fpm] 9 | command = php-fpm 10 | stopasgroup = true 11 | stderr_logfile = /dev/stderr 12 | stdout_logfile = /dev/stdout 13 | -------------------------------------------------------------------------------- /8.1-nginx/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM debian AS cert 2 | 3 | WORKDIR /kool/ssl 4 | 5 | RUN apt-get update && \ 6 | apt-get install -y openssl && \ 7 | openssl genrsa -des3 -passout pass:x -out server.pass.key 2048 && \ 8 | openssl rsa -passin pass:x -in server.pass.key -out _.localhost.key && \ 9 | rm server.pass.key && \ 10 | openssl req -new -key _.localhost.key -out server.csr \ 11 | -subj "/C=XX/ST=XX/L=XX/O=Kool-Local/OU=Localhost/CN=*.localhost" && \ 12 | openssl x509 -req -days 365 -in server.csr -signkey _.localhost.key -out _.localhost.crt && \ 13 | openssl x509 -in _.localhost.crt -out _.localhost.pem 14 | 15 | FROM kooldev/php:8.1 16 | 17 | ENV PHP_FPM_LISTEN=/run/php-fpm.sock \ 18 | NGINX_LISTEN=80 \ 19 | NGINX_HTTPS=false \ 20 | NGINX_LISTEN_HTTPS=443 \ 21 | NGINX_HTTPS_CERT=/kool/ssl/_.localhost.pem \ 22 | NGINX_HTTPS_CERT_KEY=/kool/ssl/_.localhost.key \ 23 | NGINX_ROOT=/app/public \ 24 | NGINX_INDEX=index.php \ 25 | NGINX_CLIENT_MAX_BODY_SIZE=25M \ 26 | NGINX_PHP_FPM=unix:/run/php-fpm.sock \ 27 | NGINX_FASTCGI_READ_TIMEOUT=60s \ 28 | NGINX_FASTCGI_BUFFERS='8 8k' \ 29 | NGINX_FASTCGI_BUFFER_SIZE='16k' \ 30 | NGINX_ENTRYPOINT_WORKER_PROCESSES_AUTOTUNE=true 31 | 32 | RUN curl -L https://github.com/ochinchina/supervisord/releases/download/v0.6.3/supervisord_static_0.6.3_linux_amd64 -o /usr/local/bin/supervisord \ 33 | && chmod +x /usr/local/bin/supervisord \ 34 | && apk add --no-cache nginx \ 35 | && chown -R kool:kool /var/lib/nginx \ 36 | && chmod 770 /var/lib/nginx/tmp \ 37 | && ln -sf /dev/stdout /var/log/nginx/access.log \ 38 | && ln -sf /dev/stderr /var/log/nginx/error.log \ 39 | # add h5bp/server-configs-nginx 40 | && mkdir -p /etc/nginx/conf.d \ 41 | && mkdir /etc/nginx/h5bp \ 42 | && cd /etc/nginx/h5bp \ 43 | && wget https://github.com/h5bp/server-configs-nginx/archive/refs/tags/3.3.0.tar.gz -O h5bp.tgz \ 44 | && tar xzvf h5bp.tgz \ 45 | && rm -f h5bp.tgz \ 46 | && mv server-configs-nginx-*/h5bp/* . \ 47 | && mv server-configs-nginx-*/nginx.conf /etc/nginx/nginx.conf \ 48 | && sed -i "s|^user .*|user\ kool kool;|g" /etc/nginx/nginx.conf \ 49 | && mv server-configs-nginx-*/mime.types /etc/nginx/mime.types \ 50 | && rm -rf server-configs-nginx-* \ 51 | && curl -L https://raw.githubusercontent.com/nginxinc/docker-nginx/master/entrypoint/30-tune-worker-processes.sh -o /kool/30-tune-worker-processes.sh \ 52 | && chmod +x /kool/30-tune-worker-processes.sh 53 | 54 | COPY supervisor.conf /kool/supervisor.conf 55 | COPY default.tmpl /kool/default.tmpl 56 | COPY entrypoint /kool/entrypoint 57 | COPY --from=cert /kool/ssl /kool/ssl 58 | RUN chmod +x /kool/entrypoint 59 | 60 | EXPOSE 80 61 | 62 | CMD [ "supervisord", "-c", "/kool/supervisor.conf" ] 63 | -------------------------------------------------------------------------------- /8.1-nginx/default.tmpl: -------------------------------------------------------------------------------- 1 | server { 2 | listen {{ .Env.NGINX_LISTEN }} default_server; 3 | server_name _; 4 | {{ if isTrue .Env.NGINX_HTTPS }} 5 | listen {{ .Env.NGINX_LISTEN_HTTPS }} ssl http2; 6 | ssl_certificate {{ .Env.NGINX_HTTPS_CERT }}; 7 | ssl_certificate_key {{ .Env.NGINX_HTTPS_CERT_KEY }}; 8 | ssl_protocols TLSv1 TLSv1.1 TLSv1.2; 9 | ssl_ciphers HIGH:!aNULL:!MD5; 10 | {{ end }} 11 | root {{ .Env.NGINX_ROOT }}; 12 | index {{ .Env.NGINX_INDEX }}; 13 | charset utf-8; 14 | 15 | location = /favicon.ico { log_not_found off; access_log off; } 16 | location = /robots.txt { log_not_found off; access_log off; } 17 | 18 | client_max_body_size {{ .Env.NGINX_CLIENT_MAX_BODY_SIZE }}; 19 | 20 | error_page 404 /index.php; 21 | 22 | location / { 23 | try_files $uri $uri/ /{{ .Env.NGINX_INDEX }}?$query_string; 24 | 25 | add_header X-Served-By kool.dev; 26 | } 27 | 28 | location ~ \.php$ { 29 | fastcgi_buffers {{ .Env.NGINX_FASTCGI_BUFFERS }}; 30 | fastcgi_buffer_size {{ .Env.NGINX_FASTCGI_BUFFER_SIZE }}; 31 | fastcgi_pass {{ .Env.NGINX_PHP_FPM }}; 32 | fastcgi_read_timeout {{ .Env.NGINX_FASTCGI_READ_TIMEOUT }}; 33 | fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name; 34 | include fastcgi_params; 35 | } 36 | 37 | location ~ /\.ht { 38 | deny all; 39 | } 40 | 41 | # good practices 42 | add_header X-Frame-Options "SAMEORIGIN"; 43 | 44 | # basic H5BP suggestions 45 | include h5bp/internet_explorer/x-ua-compatible.conf; 46 | include h5bp/security/referrer-policy.conf; 47 | include h5bp/security/x-content-type-options.conf; 48 | include h5bp/security/x-xss-protection.conf; 49 | 50 | # performance enhancements (mostly for caching static data) 51 | include h5bp/web_performance/cache-file-descriptors.conf; 52 | include h5bp/web_performance/pre-compressed_content_gzip.conf; 53 | } 54 | -------------------------------------------------------------------------------- /8.1-nginx/entrypoint: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | set -e 3 | 4 | if [ "$ENABLE_XDEBUG" == "true" ]; then 5 | docker-php-ext-enable xdebug >> /dev/null 2>&1 6 | 7 | if [ $? != "0" ]; then 8 | echo "[ERROR] An error happened enabling xdebug" 9 | 10 | exit 1 11 | fi 12 | fi 13 | 14 | # Run as current user 15 | CURRENT_USER=${ASUSER:-${UID:-0}} 16 | 17 | if [ ! -z "$CURRENT_USER" ] && [ "$CURRENT_USER" != "0" ]; then 18 | usermod -u $CURRENT_USER kool 19 | fi 20 | 21 | dockerize -template /kool/kool.tmpl:/usr/local/etc/php/conf.d/kool.ini -template /kool/zz-docker.tmpl:/usr/local/etc/php-fpm.d/zz-docker.conf -template /kool/default.tmpl:/etc/nginx/conf.d/default.conf 22 | 23 | /kool/30-tune-worker-processes.sh 24 | 25 | # Run entrypoint if provided 26 | if [ ! -z "$ENTRYPOINT" ] && [ -f "$ENTRYPOINT" ]; then 27 | bash $ENTRYPOINT 28 | fi 29 | 30 | if [ "$1" = "sh" ] || [ "$1" = "bash" ] || [ "$1" = "php-fpm" ] || [ "$1" = "nginx" ] || [ "$1" = "supervisord" ]; then 31 | exec "$@" 32 | else 33 | exec su-exec kool "$@" 34 | fi 35 | -------------------------------------------------------------------------------- /8.1-nginx/supervisor.conf: -------------------------------------------------------------------------------- 1 | [program:nginx] 2 | depends_on = php-fpm 3 | command = nginx -g "daemon off;" 4 | stopasgroup = true 5 | stderr_logfile = /dev/stderr 6 | stdout_logfile = /dev/stdout 7 | 8 | [program:php-fpm] 9 | command = php-fpm 10 | stopasgroup = true 11 | stderr_logfile = /dev/stderr 12 | stdout_logfile = /dev/stdout 13 | -------------------------------------------------------------------------------- /8.1-node/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM kooldev/php:8.1 2 | 3 | RUN apk add --update --no-cache npm yarn \ 4 | && rm -rf /var/cache/apk/* /tmp/* 5 | -------------------------------------------------------------------------------- /8.1-prod/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM php:8.1-fpm-alpine 2 | 3 | ENV ASUSER= \ 4 | UID= \ 5 | COMPOSER_ALLOW_SUPERUSER=1 \ 6 | COMPOSER_MEMORY_LIMIT=-1 \ 7 | PHP_DATE_TIMEZONE=UTC \ 8 | PHP_MEMORY_LIMIT=256M \ 9 | PHP_MAX_INPUT_VARS=1000 \ 10 | PHP_UPLOAD_MAX_FILESIZE=25M \ 11 | PHP_POST_MAX_SIZE=25M \ 12 | PHP_MAX_EXECUTION_TIME=30 \ 13 | PHP_FPM_LISTEN=9000 \ 14 | PHP_FPM_MAX_CHILDREN=10 \ 15 | PHP_FPM_REQUEST_TERMINATE_TIMEOUT=60 \ 16 | ENTRYPOINT=entrypoint.php.sh 17 | 18 | WORKDIR /app 19 | 20 | RUN adduser -D -u 1337 kool \ 21 | && addgroup kool www-data \ 22 | # dockerize 23 | && curl -L https://github.com/jwilder/dockerize/releases/download/v0.6.1/dockerize-alpine-linux-amd64-v0.6.1.tar.gz | tar xz \ 24 | && mv dockerize /usr/local/bin/dockerize \ 25 | # deps 26 | && apk --no-cache add su-exec bash sed git openssh-client icu shadow procps \ 27 | freetype libpng libjpeg-turbo libzip-dev ghostscript imagemagick \ 28 | jpegoptim optipng pngquant gifsicle libldap \ 29 | libpq less \ 30 | # build-deps 31 | && apk add --no-cache --virtual .build-deps $PHPIZE_DEPS \ 32 | freetype-dev libpng-dev libjpeg-turbo-dev \ 33 | icu-dev libedit-dev libxml2-dev \ 34 | imagemagick-dev openldap-dev oniguruma-dev libwebp-dev \ 35 | postgresql-dev \ 36 | linux-headers \ 37 | # php-ext 38 | && docker-php-ext-configure gd --with-freetype --with-webp --with-jpeg \ 39 | && export CFLAGS="$PHP_CFLAGS" CPPFLAGS="$PHP_CPPFLAGS" LDFLAGS="$PHP_LDFLAGS" \ 40 | && docker-php-ext-install -j$(nproc) \ 41 | bcmath \ 42 | calendar \ 43 | exif \ 44 | gd \ 45 | intl \ 46 | ldap \ 47 | mbstring \ 48 | opcache \ 49 | pcntl \ 50 | pdo \ 51 | pdo_mysql \ 52 | pdo_pgsql \ 53 | soap \ 54 | xml \ 55 | zip \ 56 | sockets \ 57 | mysqli \ 58 | ftp \ 59 | && pecl install redis \ 60 | && pecl install imagick \ 61 | && docker-php-ext-enable imagick \ 62 | && docker-php-ext-enable redis \ 63 | && cp "/usr/local/etc/php/php.ini-production" "/usr/local/etc/php/php.ini" \ 64 | # composer 65 | && curl -sS https://getcomposer.org/installer | php -- --install-dir=/usr/local/bin --filename=composer \ 66 | && curl -sS https://getcomposer.org/installer | php -- --1 --install-dir=/usr/local/bin --filename=composer1 \ 67 | # cleanup 68 | && apk del .build-deps \ 69 | && rm -rf /var/cache/apk/* /tmp/* 70 | 71 | COPY kool.ini /kool/kool.tmpl 72 | COPY zz-docker.conf /kool/zz-docker.tmpl 73 | COPY entrypoint /kool/entrypoint 74 | RUN chmod +x /kool/entrypoint 75 | 76 | EXPOSE 9000 77 | 78 | ENTRYPOINT [ "/kool/entrypoint" ] 79 | CMD [ "php-fpm" ] 80 | -------------------------------------------------------------------------------- /8.1-prod/entrypoint: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | set -e 3 | 4 | 5 | # Run as current user 6 | CURRENT_USER=${ASUSER:-${UID:-0}} 7 | 8 | if [ ! -z "$CURRENT_USER" ] && [ "$CURRENT_USER" != "0" ]; then 9 | usermod -u $CURRENT_USER kool 10 | fi 11 | 12 | dockerize -template /kool/kool.tmpl:/usr/local/etc/php/conf.d/kool.ini -template /kool/zz-docker.tmpl:/usr/local/etc/php-fpm.d/zz-docker.conf 13 | 14 | 15 | # Run entrypoint if provided 16 | if [ ! -z "$ENTRYPOINT" ] && [ -f "$ENTRYPOINT" ]; then 17 | bash $ENTRYPOINT 18 | fi 19 | 20 | if [ "$1" = "sh" ] || [ "$1" = "bash" ] || [ "$1" = "php-fpm" ] ; then 21 | exec "$@" 22 | else 23 | exec su-exec kool "$@" 24 | fi 25 | -------------------------------------------------------------------------------- /8.1-prod/kool.ini: -------------------------------------------------------------------------------- 1 | [PHP] 2 | 3 | ; Maximum amount of memory a script may consume 4 | ; http://php.net/memory-limit 5 | memory_limit = {{ .Env.PHP_MEMORY_LIMIT }} 6 | 7 | ; Fix maximum variables per input 8 | max_input_vars = {{ .Env.PHP_MAX_INPUT_VARS }} 9 | 10 | ; Maximum allowed size for uploaded files. 11 | ; http://php.net/upload-max-filesize 12 | upload_max_filesize = {{ .Env.PHP_UPLOAD_MAX_FILESIZE }} 13 | 14 | ; Maximum size of POST data that PHP will accept. 15 | ; Its value may be 0 to disable the limit. It is ignored if POST data reading 16 | ; is disabled through enable_post_data_reading. 17 | ; http://php.net/post-max-size 18 | post_max_size = {{ .Env.PHP_POST_MAX_SIZE }} 19 | 20 | ; Maximum execution time of each script, in seconds 21 | ; http://php.net/max-execution-time 22 | ; Note: This directive is hardcoded to 0 for the CLI SAPI 23 | max_execution_time = {{ .Env.PHP_MAX_EXECUTION_TIME }} 24 | 25 | ; Default timezone used by all date/time functions. 26 | ; https://www.php.net/manual/en/datetime.configuration.php#ini.date.timezone 27 | date.timezone = {{ .Env.PHP_DATE_TIMEZONE }} 28 | 29 | 30 | [opcache] 31 | 32 | ; Determines if Zend OPCache is enabled 33 | opcache.enable=1 34 | 35 | ; The OPcache shared memory storage size. 36 | opcache.memory_consumption=512 37 | 38 | ; The amount of memory for interned strings in Mbytes. 39 | opcache.interned_strings_buffer=64 40 | 41 | ; The maximum number of keys (scripts) in the OPcache hash table. 42 | ; Only numbers between 200 and 1000000 are allowed. 43 | opcache.max_accelerated_files=30000 44 | 45 | ; When disabled, you must reset the OPcache manually or restart the 46 | ; webserver for changes to the filesystem to take effect. 47 | opcache.validate_timestamps=0 48 | 49 | ; If disabled, all PHPDoc comments are dropped from the code to reduce the 50 | ; size of the optimized code. 51 | opcache.save_comments=1 52 | -------------------------------------------------------------------------------- /8.1-prod/zz-docker.conf: -------------------------------------------------------------------------------- 1 | [global] 2 | daemonize = no 3 | 4 | [www] 5 | ; Unix user/group of processes 6 | ; Note: The user is mandatory. If the group is not set, the default user's group 7 | ; will be used. 8 | user = kool 9 | group = kool 10 | 11 | ; The address on which to accept FastCGI requests. 12 | ; Valid syntaxes are: 13 | ; 'ip.add.re.ss:port' - to listen on a TCP socket to a specific IPv4 address on 14 | ; a specific port; 15 | ; '[ip:6:addr:ess]:port' - to listen on a TCP socket to a specific IPv6 address on 16 | ; a specific port; 17 | ; 'port' - to listen on a TCP socket to all addresses 18 | ; (IPv6 and IPv4-mapped) on a specific port; 19 | ; '/path/to/unix/socket' - to listen on a unix socket. 20 | ; Note: This value is mandatory. 21 | listen = {{ .Env.PHP_FPM_LISTEN }} 22 | 23 | ; Set permissions for unix socket, if one is used. In Linux, read/write 24 | ; permissions must be set in order to allow connections from a web server. Many 25 | ; BSD-derived systems allow connections regardless of permissions. The owner 26 | ; and group can be specified either by name or by their numeric IDs. 27 | ; Default Values: user and group are set as the running user 28 | ; mode is set to 0660 29 | listen.owner = kool 30 | listen.group = kool 31 | 32 | ; The number of child processes to be created when pm is set to 'static' and the 33 | ; maximum number of child processes when pm is set to 'dynamic' or 'ondemand'. 34 | ; This value sets the limit on the number of simultaneous requests that will be 35 | ; served. Equivalent to the ApacheMaxClients directive with mpm_prefork. 36 | ; Equivalent to the PHP_FCGI_CHILDREN environment variable in the original PHP 37 | ; CGI. The below defaults are based on a server without much resources. Don't 38 | ; forget to tweak pm.* to fit your needs. 39 | ; Note: Used when pm is set to 'static', 'dynamic' or 'ondemand' 40 | ; Note: This value is mandatory. 41 | pm.max_children = {{ .Env.PHP_FPM_MAX_CHILDREN }} 42 | 43 | ; The timeout for serving a single request after which the worker process will 44 | ; be killed. This option should be used when the 'max_execution_time' ini option 45 | ; does not stop script execution for some reason. A value of '0' means 'off'. 46 | ; Available units: s(econds)(default), m(inutes), h(ours), or d(ays) 47 | ; Default Value: 0 48 | request_terminate_timeout = {{ .Env.PHP_FPM_REQUEST_TERMINATE_TIMEOUT }} 49 | -------------------------------------------------------------------------------- /8.1/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM php:8.1-fpm-alpine 2 | 3 | ENV ASUSER= \ 4 | UID= \ 5 | COMPOSER_ALLOW_SUPERUSER=1 \ 6 | COMPOSER_MEMORY_LIMIT=-1 \ 7 | ENABLE_XDEBUG=false \ 8 | PHP_DATE_TIMEZONE=UTC \ 9 | PHP_MEMORY_LIMIT=256M \ 10 | PHP_MAX_INPUT_VARS=1000 \ 11 | PHP_UPLOAD_MAX_FILESIZE=25M \ 12 | PHP_POST_MAX_SIZE=25M \ 13 | PHP_MAX_EXECUTION_TIME=30 \ 14 | PHP_FPM_LISTEN=9000 \ 15 | PHP_FPM_MAX_CHILDREN=10 \ 16 | PHP_FPM_REQUEST_TERMINATE_TIMEOUT=60 \ 17 | ENTRYPOINT=entrypoint.php.sh 18 | 19 | WORKDIR /app 20 | 21 | RUN adduser -D -u 1337 kool \ 22 | && addgroup kool www-data \ 23 | # dockerize 24 | && curl -L https://github.com/jwilder/dockerize/releases/download/v0.6.1/dockerize-alpine-linux-amd64-v0.6.1.tar.gz | tar xz \ 25 | && mv dockerize /usr/local/bin/dockerize \ 26 | # deps 27 | && apk --no-cache add su-exec bash sed git openssh-client icu shadow procps \ 28 | freetype libpng libjpeg-turbo libzip-dev ghostscript imagemagick \ 29 | jpegoptim optipng pngquant gifsicle libldap \ 30 | libpq less \ 31 | # build-deps 32 | && apk add --no-cache --virtual .build-deps $PHPIZE_DEPS \ 33 | freetype-dev libpng-dev libjpeg-turbo-dev \ 34 | icu-dev libedit-dev libxml2-dev \ 35 | imagemagick-dev openldap-dev oniguruma-dev libwebp-dev \ 36 | postgresql-dev \ 37 | linux-headers \ 38 | # php-ext 39 | && docker-php-ext-configure gd --with-freetype --with-webp --with-jpeg \ 40 | && export CFLAGS="$PHP_CFLAGS" CPPFLAGS="$PHP_CPPFLAGS" LDFLAGS="$PHP_LDFLAGS" \ 41 | && docker-php-ext-install -j$(nproc) \ 42 | bcmath \ 43 | calendar \ 44 | exif \ 45 | gd \ 46 | intl \ 47 | ldap \ 48 | mbstring \ 49 | pcntl \ 50 | pdo \ 51 | pdo_mysql \ 52 | pdo_pgsql \ 53 | soap \ 54 | xml \ 55 | zip \ 56 | sockets \ 57 | mysqli \ 58 | ftp \ 59 | && pecl install redis \ 60 | && pecl install xdebug \ 61 | && pecl install pcov && docker-php-ext-enable pcov \ 62 | && pecl install imagick \ 63 | && docker-php-ext-enable imagick \ 64 | && docker-php-ext-enable redis \ 65 | && cp "/usr/local/etc/php/php.ini-development" "/usr/local/etc/php/php.ini" \ 66 | # composer 67 | && curl -sS https://getcomposer.org/installer | php -- --install-dir=/usr/local/bin --filename=composer \ 68 | && curl -sS https://getcomposer.org/installer | php -- --1 --install-dir=/usr/local/bin --filename=composer1 \ 69 | # cleanup 70 | && apk del .build-deps \ 71 | && rm -rf /var/cache/apk/* /tmp/* 72 | 73 | COPY kool.ini /kool/kool.tmpl 74 | COPY zz-docker.conf /kool/zz-docker.tmpl 75 | COPY entrypoint /kool/entrypoint 76 | RUN chmod +x /kool/entrypoint 77 | 78 | EXPOSE 9000 79 | 80 | ENTRYPOINT [ "/kool/entrypoint" ] 81 | CMD [ "php-fpm" ] 82 | -------------------------------------------------------------------------------- /8.1/entrypoint: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | set -e 3 | 4 | if [ "$ENABLE_XDEBUG" == "true" ]; then 5 | docker-php-ext-enable xdebug >> /dev/null 2>&1 6 | 7 | if [ $? != "0" ]; then 8 | echo "[ERROR] An error happened enabling xdebug" 9 | 10 | exit 1 11 | fi 12 | fi 13 | 14 | # Run as current user 15 | CURRENT_USER=${ASUSER:-${UID:-0}} 16 | 17 | if [ ! -z "$CURRENT_USER" ] && [ "$CURRENT_USER" != "0" ]; then 18 | usermod -u $CURRENT_USER kool 19 | fi 20 | 21 | dockerize -template /kool/kool.tmpl:/usr/local/etc/php/conf.d/kool.ini -template /kool/zz-docker.tmpl:/usr/local/etc/php-fpm.d/zz-docker.conf 22 | 23 | 24 | # Run entrypoint if provided 25 | if [ ! -z "$ENTRYPOINT" ] && [ -f "$ENTRYPOINT" ]; then 26 | bash $ENTRYPOINT 27 | fi 28 | 29 | if [ "$1" = "sh" ] || [ "$1" = "bash" ] || [ "$1" = "php-fpm" ] ; then 30 | exec "$@" 31 | else 32 | exec su-exec kool "$@" 33 | fi 34 | -------------------------------------------------------------------------------- /8.1/kool.ini: -------------------------------------------------------------------------------- 1 | [PHP] 2 | 3 | ; Maximum amount of memory a script may consume 4 | ; http://php.net/memory-limit 5 | memory_limit = {{ .Env.PHP_MEMORY_LIMIT }} 6 | 7 | ; Fix maximum variables per input 8 | max_input_vars = {{ .Env.PHP_MAX_INPUT_VARS }} 9 | 10 | ; Maximum allowed size for uploaded files. 11 | ; http://php.net/upload-max-filesize 12 | upload_max_filesize = {{ .Env.PHP_UPLOAD_MAX_FILESIZE }} 13 | 14 | ; Maximum size of POST data that PHP will accept. 15 | ; Its value may be 0 to disable the limit. It is ignored if POST data reading 16 | ; is disabled through enable_post_data_reading. 17 | ; http://php.net/post-max-size 18 | post_max_size = {{ .Env.PHP_POST_MAX_SIZE }} 19 | 20 | ; Maximum execution time of each script, in seconds 21 | ; http://php.net/max-execution-time 22 | ; Note: This directive is hardcoded to 0 for the CLI SAPI 23 | max_execution_time = {{ .Env.PHP_MAX_EXECUTION_TIME }} 24 | 25 | ; Default timezone used by all date/time functions. 26 | ; https://www.php.net/manual/en/datetime.configuration.php#ini.date.timezone 27 | date.timezone = {{ .Env.PHP_DATE_TIMEZONE }} 28 | 29 | 30 | -------------------------------------------------------------------------------- /8.1/zz-docker.conf: -------------------------------------------------------------------------------- 1 | [global] 2 | daemonize = no 3 | 4 | [www] 5 | ; Unix user/group of processes 6 | ; Note: The user is mandatory. If the group is not set, the default user's group 7 | ; will be used. 8 | user = kool 9 | group = kool 10 | 11 | ; The address on which to accept FastCGI requests. 12 | ; Valid syntaxes are: 13 | ; 'ip.add.re.ss:port' - to listen on a TCP socket to a specific IPv4 address on 14 | ; a specific port; 15 | ; '[ip:6:addr:ess]:port' - to listen on a TCP socket to a specific IPv6 address on 16 | ; a specific port; 17 | ; 'port' - to listen on a TCP socket to all addresses 18 | ; (IPv6 and IPv4-mapped) on a specific port; 19 | ; '/path/to/unix/socket' - to listen on a unix socket. 20 | ; Note: This value is mandatory. 21 | listen = {{ .Env.PHP_FPM_LISTEN }} 22 | 23 | ; Set permissions for unix socket, if one is used. In Linux, read/write 24 | ; permissions must be set in order to allow connections from a web server. Many 25 | ; BSD-derived systems allow connections regardless of permissions. The owner 26 | ; and group can be specified either by name or by their numeric IDs. 27 | ; Default Values: user and group are set as the running user 28 | ; mode is set to 0660 29 | listen.owner = kool 30 | listen.group = kool 31 | 32 | ; The number of child processes to be created when pm is set to 'static' and the 33 | ; maximum number of child processes when pm is set to 'dynamic' or 'ondemand'. 34 | ; This value sets the limit on the number of simultaneous requests that will be 35 | ; served. Equivalent to the ApacheMaxClients directive with mpm_prefork. 36 | ; Equivalent to the PHP_FCGI_CHILDREN environment variable in the original PHP 37 | ; CGI. The below defaults are based on a server without much resources. Don't 38 | ; forget to tweak pm.* to fit your needs. 39 | ; Note: Used when pm is set to 'static', 'dynamic' or 'ondemand' 40 | ; Note: This value is mandatory. 41 | pm.max_children = {{ .Env.PHP_FPM_MAX_CHILDREN }} 42 | 43 | ; The timeout for serving a single request after which the worker process will 44 | ; be killed. This option should be used when the 'max_execution_time' ini option 45 | ; does not stop script execution for some reason. A value of '0' means 'off'. 46 | ; Available units: s(econds)(default), m(inutes), h(ours), or d(ays) 47 | ; Default Value: 0 48 | request_terminate_timeout = {{ .Env.PHP_FPM_REQUEST_TERMINATE_TIMEOUT }} 49 | -------------------------------------------------------------------------------- /8.2-nginx-prod/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM debian AS cert 2 | 3 | WORKDIR /kool/ssl 4 | 5 | RUN apt-get update && \ 6 | apt-get install -y openssl && \ 7 | openssl genrsa -des3 -passout pass:x -out server.pass.key 2048 && \ 8 | openssl rsa -passin pass:x -in server.pass.key -out _.localhost.key && \ 9 | rm server.pass.key && \ 10 | openssl req -new -key _.localhost.key -out server.csr \ 11 | -subj "/C=XX/ST=XX/L=XX/O=Kool-Local/OU=Localhost/CN=*.localhost" && \ 12 | openssl x509 -req -days 365 -in server.csr -signkey _.localhost.key -out _.localhost.crt && \ 13 | openssl x509 -in _.localhost.crt -out _.localhost.pem 14 | 15 | FROM kooldev/php:8.2-prod 16 | 17 | ENV PHP_FPM_LISTEN=/run/php-fpm.sock \ 18 | NGINX_LISTEN=80 \ 19 | NGINX_HTTPS=false \ 20 | NGINX_LISTEN_HTTPS=443 \ 21 | NGINX_HTTPS_CERT=/kool/ssl/_.localhost.pem \ 22 | NGINX_HTTPS_CERT_KEY=/kool/ssl/_.localhost.key \ 23 | NGINX_ROOT=/app/public \ 24 | NGINX_INDEX=index.php \ 25 | NGINX_CLIENT_MAX_BODY_SIZE=25M \ 26 | NGINX_PHP_FPM=unix:/run/php-fpm.sock \ 27 | NGINX_FASTCGI_READ_TIMEOUT=60s \ 28 | NGINX_FASTCGI_BUFFERS='8 8k' \ 29 | NGINX_FASTCGI_BUFFER_SIZE='16k' \ 30 | NGINX_ENTRYPOINT_WORKER_PROCESSES_AUTOTUNE=true 31 | 32 | RUN curl -L https://github.com/ochinchina/supervisord/releases/download/v0.6.3/supervisord_static_0.6.3_linux_amd64 -o /usr/local/bin/supervisord \ 33 | && chmod +x /usr/local/bin/supervisord \ 34 | && apk add --no-cache nginx \ 35 | && chown -R kool:kool /var/lib/nginx \ 36 | && chmod 770 /var/lib/nginx/tmp \ 37 | && ln -sf /dev/stdout /var/log/nginx/access.log \ 38 | && ln -sf /dev/stderr /var/log/nginx/error.log \ 39 | # add h5bp/server-configs-nginx 40 | && mkdir -p /etc/nginx/conf.d \ 41 | && mkdir /etc/nginx/h5bp \ 42 | && cd /etc/nginx/h5bp \ 43 | && wget https://github.com/h5bp/server-configs-nginx/archive/refs/tags/3.3.0.tar.gz -O h5bp.tgz \ 44 | && tar xzvf h5bp.tgz \ 45 | && rm -f h5bp.tgz \ 46 | && mv server-configs-nginx-*/h5bp/* . \ 47 | && mv server-configs-nginx-*/nginx.conf /etc/nginx/nginx.conf \ 48 | && sed -i "s|^user .*|user\ kool kool;|g" /etc/nginx/nginx.conf \ 49 | && mv server-configs-nginx-*/mime.types /etc/nginx/mime.types \ 50 | && rm -rf server-configs-nginx-* \ 51 | && curl -L https://raw.githubusercontent.com/nginxinc/docker-nginx/master/entrypoint/30-tune-worker-processes.sh -o /kool/30-tune-worker-processes.sh \ 52 | && chmod +x /kool/30-tune-worker-processes.sh 53 | 54 | COPY supervisor.conf /kool/supervisor.conf 55 | COPY default.tmpl /kool/default.tmpl 56 | COPY entrypoint /kool/entrypoint 57 | COPY --from=cert /kool/ssl /kool/ssl 58 | RUN chmod +x /kool/entrypoint 59 | 60 | EXPOSE 80 61 | 62 | CMD [ "supervisord", "-c", "/kool/supervisor.conf" ] 63 | -------------------------------------------------------------------------------- /8.2-nginx-prod/default.tmpl: -------------------------------------------------------------------------------- 1 | server { 2 | listen {{ .Env.NGINX_LISTEN }} default_server; 3 | server_name _; 4 | {{ if isTrue .Env.NGINX_HTTPS }} 5 | listen {{ .Env.NGINX_LISTEN_HTTPS }} ssl http2; 6 | ssl_certificate {{ .Env.NGINX_HTTPS_CERT }}; 7 | ssl_certificate_key {{ .Env.NGINX_HTTPS_CERT_KEY }}; 8 | ssl_protocols TLSv1 TLSv1.1 TLSv1.2; 9 | ssl_ciphers HIGH:!aNULL:!MD5; 10 | {{ end }} 11 | root {{ .Env.NGINX_ROOT }}; 12 | index {{ .Env.NGINX_INDEX }}; 13 | charset utf-8; 14 | 15 | location = /favicon.ico { log_not_found off; access_log off; } 16 | location = /robots.txt { log_not_found off; access_log off; } 17 | 18 | client_max_body_size {{ .Env.NGINX_CLIENT_MAX_BODY_SIZE }}; 19 | 20 | error_page 404 /index.php; 21 | 22 | location / { 23 | try_files $uri $uri/ /{{ .Env.NGINX_INDEX }}?$query_string; 24 | 25 | add_header X-Served-By kool.dev; 26 | } 27 | 28 | location ~ \.php$ { 29 | fastcgi_buffers {{ .Env.NGINX_FASTCGI_BUFFERS }}; 30 | fastcgi_buffer_size {{ .Env.NGINX_FASTCGI_BUFFER_SIZE }}; 31 | fastcgi_pass {{ .Env.NGINX_PHP_FPM }}; 32 | fastcgi_read_timeout {{ .Env.NGINX_FASTCGI_READ_TIMEOUT }}; 33 | fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name; 34 | include fastcgi_params; 35 | } 36 | 37 | location ~ /\.ht { 38 | deny all; 39 | } 40 | 41 | # good practices 42 | add_header X-Frame-Options "SAMEORIGIN"; 43 | 44 | # basic H5BP suggestions 45 | include h5bp/internet_explorer/x-ua-compatible.conf; 46 | include h5bp/security/referrer-policy.conf; 47 | include h5bp/security/x-content-type-options.conf; 48 | include h5bp/security/x-xss-protection.conf; 49 | 50 | # performance enhancements (mostly for caching static data) 51 | include h5bp/web_performance/cache-file-descriptors.conf; 52 | include h5bp/web_performance/pre-compressed_content_gzip.conf; 53 | } 54 | -------------------------------------------------------------------------------- /8.2-nginx-prod/entrypoint: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | set -e 3 | 4 | 5 | # Run as current user 6 | CURRENT_USER=${ASUSER:-${UID:-0}} 7 | 8 | if [ ! -z "$CURRENT_USER" ] && [ "$CURRENT_USER" != "0" ]; then 9 | usermod -u $CURRENT_USER kool 10 | fi 11 | 12 | dockerize -template /kool/kool.tmpl:/usr/local/etc/php/conf.d/kool.ini -template /kool/zz-docker.tmpl:/usr/local/etc/php-fpm.d/zz-docker.conf -template /kool/default.tmpl:/etc/nginx/conf.d/default.conf 13 | 14 | /kool/30-tune-worker-processes.sh 15 | 16 | # Run entrypoint if provided 17 | if [ ! -z "$ENTRYPOINT" ] && [ -f "$ENTRYPOINT" ]; then 18 | bash $ENTRYPOINT 19 | fi 20 | 21 | if [ "$1" = "sh" ] || [ "$1" = "bash" ] || [ "$1" = "php-fpm" ] || [ "$1" = "nginx" ] || [ "$1" = "supervisord" ]; then 22 | exec "$@" 23 | else 24 | exec su-exec kool "$@" 25 | fi 26 | -------------------------------------------------------------------------------- /8.2-nginx-prod/supervisor.conf: -------------------------------------------------------------------------------- 1 | [program:nginx] 2 | depends_on = php-fpm 3 | command = nginx -g "daemon off;" 4 | stopasgroup = true 5 | stderr_logfile = /dev/stderr 6 | stdout_logfile = /dev/stdout 7 | 8 | [program:php-fpm] 9 | command = php-fpm 10 | stopasgroup = true 11 | stderr_logfile = /dev/stderr 12 | stdout_logfile = /dev/stdout 13 | -------------------------------------------------------------------------------- /8.2-nginx/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM debian AS cert 2 | 3 | WORKDIR /kool/ssl 4 | 5 | RUN apt-get update && \ 6 | apt-get install -y openssl && \ 7 | openssl genrsa -des3 -passout pass:x -out server.pass.key 2048 && \ 8 | openssl rsa -passin pass:x -in server.pass.key -out _.localhost.key && \ 9 | rm server.pass.key && \ 10 | openssl req -new -key _.localhost.key -out server.csr \ 11 | -subj "/C=XX/ST=XX/L=XX/O=Kool-Local/OU=Localhost/CN=*.localhost" && \ 12 | openssl x509 -req -days 365 -in server.csr -signkey _.localhost.key -out _.localhost.crt && \ 13 | openssl x509 -in _.localhost.crt -out _.localhost.pem 14 | 15 | FROM kooldev/php:8.2 16 | 17 | ENV PHP_FPM_LISTEN=/run/php-fpm.sock \ 18 | NGINX_LISTEN=80 \ 19 | NGINX_HTTPS=false \ 20 | NGINX_LISTEN_HTTPS=443 \ 21 | NGINX_HTTPS_CERT=/kool/ssl/_.localhost.pem \ 22 | NGINX_HTTPS_CERT_KEY=/kool/ssl/_.localhost.key \ 23 | NGINX_ROOT=/app/public \ 24 | NGINX_INDEX=index.php \ 25 | NGINX_CLIENT_MAX_BODY_SIZE=25M \ 26 | NGINX_PHP_FPM=unix:/run/php-fpm.sock \ 27 | NGINX_FASTCGI_READ_TIMEOUT=60s \ 28 | NGINX_FASTCGI_BUFFERS='8 8k' \ 29 | NGINX_FASTCGI_BUFFER_SIZE='16k' \ 30 | NGINX_ENTRYPOINT_WORKER_PROCESSES_AUTOTUNE=true 31 | 32 | RUN curl -L https://github.com/ochinchina/supervisord/releases/download/v0.6.3/supervisord_static_0.6.3_linux_amd64 -o /usr/local/bin/supervisord \ 33 | && chmod +x /usr/local/bin/supervisord \ 34 | && apk add --no-cache nginx \ 35 | && chown -R kool:kool /var/lib/nginx \ 36 | && chmod 770 /var/lib/nginx/tmp \ 37 | && ln -sf /dev/stdout /var/log/nginx/access.log \ 38 | && ln -sf /dev/stderr /var/log/nginx/error.log \ 39 | # add h5bp/server-configs-nginx 40 | && mkdir -p /etc/nginx/conf.d \ 41 | && mkdir /etc/nginx/h5bp \ 42 | && cd /etc/nginx/h5bp \ 43 | && wget https://github.com/h5bp/server-configs-nginx/archive/refs/tags/3.3.0.tar.gz -O h5bp.tgz \ 44 | && tar xzvf h5bp.tgz \ 45 | && rm -f h5bp.tgz \ 46 | && mv server-configs-nginx-*/h5bp/* . \ 47 | && mv server-configs-nginx-*/nginx.conf /etc/nginx/nginx.conf \ 48 | && sed -i "s|^user .*|user\ kool kool;|g" /etc/nginx/nginx.conf \ 49 | && mv server-configs-nginx-*/mime.types /etc/nginx/mime.types \ 50 | && rm -rf server-configs-nginx-* \ 51 | && curl -L https://raw.githubusercontent.com/nginxinc/docker-nginx/master/entrypoint/30-tune-worker-processes.sh -o /kool/30-tune-worker-processes.sh \ 52 | && chmod +x /kool/30-tune-worker-processes.sh 53 | 54 | COPY supervisor.conf /kool/supervisor.conf 55 | COPY default.tmpl /kool/default.tmpl 56 | COPY entrypoint /kool/entrypoint 57 | COPY --from=cert /kool/ssl /kool/ssl 58 | RUN chmod +x /kool/entrypoint 59 | 60 | EXPOSE 80 61 | 62 | CMD [ "supervisord", "-c", "/kool/supervisor.conf" ] 63 | -------------------------------------------------------------------------------- /8.2-nginx/default.tmpl: -------------------------------------------------------------------------------- 1 | server { 2 | listen {{ .Env.NGINX_LISTEN }} default_server; 3 | server_name _; 4 | {{ if isTrue .Env.NGINX_HTTPS }} 5 | listen {{ .Env.NGINX_LISTEN_HTTPS }} ssl http2; 6 | ssl_certificate {{ .Env.NGINX_HTTPS_CERT }}; 7 | ssl_certificate_key {{ .Env.NGINX_HTTPS_CERT_KEY }}; 8 | ssl_protocols TLSv1 TLSv1.1 TLSv1.2; 9 | ssl_ciphers HIGH:!aNULL:!MD5; 10 | {{ end }} 11 | root {{ .Env.NGINX_ROOT }}; 12 | index {{ .Env.NGINX_INDEX }}; 13 | charset utf-8; 14 | 15 | location = /favicon.ico { log_not_found off; access_log off; } 16 | location = /robots.txt { log_not_found off; access_log off; } 17 | 18 | client_max_body_size {{ .Env.NGINX_CLIENT_MAX_BODY_SIZE }}; 19 | 20 | error_page 404 /index.php; 21 | 22 | location / { 23 | try_files $uri $uri/ /{{ .Env.NGINX_INDEX }}?$query_string; 24 | 25 | add_header X-Served-By kool.dev; 26 | } 27 | 28 | location ~ \.php$ { 29 | fastcgi_buffers {{ .Env.NGINX_FASTCGI_BUFFERS }}; 30 | fastcgi_buffer_size {{ .Env.NGINX_FASTCGI_BUFFER_SIZE }}; 31 | fastcgi_pass {{ .Env.NGINX_PHP_FPM }}; 32 | fastcgi_read_timeout {{ .Env.NGINX_FASTCGI_READ_TIMEOUT }}; 33 | fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name; 34 | include fastcgi_params; 35 | } 36 | 37 | location ~ /\.ht { 38 | deny all; 39 | } 40 | 41 | # good practices 42 | add_header X-Frame-Options "SAMEORIGIN"; 43 | 44 | # basic H5BP suggestions 45 | include h5bp/internet_explorer/x-ua-compatible.conf; 46 | include h5bp/security/referrer-policy.conf; 47 | include h5bp/security/x-content-type-options.conf; 48 | include h5bp/security/x-xss-protection.conf; 49 | 50 | # performance enhancements (mostly for caching static data) 51 | include h5bp/web_performance/cache-file-descriptors.conf; 52 | include h5bp/web_performance/pre-compressed_content_gzip.conf; 53 | } 54 | -------------------------------------------------------------------------------- /8.2-nginx/entrypoint: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | set -e 3 | 4 | if [ "$ENABLE_XDEBUG" == "true" ]; then 5 | docker-php-ext-enable xdebug >> /dev/null 2>&1 6 | 7 | if [ $? != "0" ]; then 8 | echo "[ERROR] An error happened enabling xdebug" 9 | 10 | exit 1 11 | fi 12 | fi 13 | 14 | # Run as current user 15 | CURRENT_USER=${ASUSER:-${UID:-0}} 16 | 17 | if [ ! -z "$CURRENT_USER" ] && [ "$CURRENT_USER" != "0" ]; then 18 | usermod -u $CURRENT_USER kool 19 | fi 20 | 21 | dockerize -template /kool/kool.tmpl:/usr/local/etc/php/conf.d/kool.ini -template /kool/zz-docker.tmpl:/usr/local/etc/php-fpm.d/zz-docker.conf -template /kool/default.tmpl:/etc/nginx/conf.d/default.conf 22 | 23 | /kool/30-tune-worker-processes.sh 24 | 25 | # Run entrypoint if provided 26 | if [ ! -z "$ENTRYPOINT" ] && [ -f "$ENTRYPOINT" ]; then 27 | bash $ENTRYPOINT 28 | fi 29 | 30 | if [ "$1" = "sh" ] || [ "$1" = "bash" ] || [ "$1" = "php-fpm" ] || [ "$1" = "nginx" ] || [ "$1" = "supervisord" ]; then 31 | exec "$@" 32 | else 33 | exec su-exec kool "$@" 34 | fi 35 | -------------------------------------------------------------------------------- /8.2-nginx/supervisor.conf: -------------------------------------------------------------------------------- 1 | [program:nginx] 2 | depends_on = php-fpm 3 | command = nginx -g "daemon off;" 4 | stopasgroup = true 5 | stderr_logfile = /dev/stderr 6 | stdout_logfile = /dev/stdout 7 | 8 | [program:php-fpm] 9 | command = php-fpm 10 | stopasgroup = true 11 | stderr_logfile = /dev/stderr 12 | stdout_logfile = /dev/stdout 13 | -------------------------------------------------------------------------------- /8.2-node/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM kooldev/php:8.2 2 | 3 | RUN apk add --update --no-cache npm yarn \ 4 | && rm -rf /var/cache/apk/* /tmp/* 5 | -------------------------------------------------------------------------------- /8.2-prod/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM php:8.2-fpm-alpine 2 | 3 | ENV ASUSER= \ 4 | UID= \ 5 | COMPOSER_ALLOW_SUPERUSER=1 \ 6 | COMPOSER_MEMORY_LIMIT=-1 \ 7 | PHP_DATE_TIMEZONE=UTC \ 8 | PHP_MEMORY_LIMIT=256M \ 9 | PHP_MAX_INPUT_VARS=1000 \ 10 | PHP_UPLOAD_MAX_FILESIZE=25M \ 11 | PHP_POST_MAX_SIZE=25M \ 12 | PHP_MAX_EXECUTION_TIME=30 \ 13 | PHP_FPM_LISTEN=9000 \ 14 | PHP_FPM_MAX_CHILDREN=10 \ 15 | PHP_FPM_REQUEST_TERMINATE_TIMEOUT=60 \ 16 | ENTRYPOINT=entrypoint.php.sh 17 | 18 | WORKDIR /app 19 | 20 | RUN adduser -D -u 1337 kool \ 21 | && addgroup kool www-data \ 22 | # dockerize 23 | && curl -L https://github.com/jwilder/dockerize/releases/download/v0.6.1/dockerize-alpine-linux-amd64-v0.6.1.tar.gz | tar xz \ 24 | && mv dockerize /usr/local/bin/dockerize \ 25 | # deps 26 | && apk --no-cache add su-exec bash sed git openssh-client icu shadow procps \ 27 | freetype libpng libjpeg-turbo libzip-dev ghostscript imagemagick \ 28 | jpegoptim optipng pngquant gifsicle libldap \ 29 | libpq less \ 30 | # build-deps 31 | && apk add --no-cache --virtual .build-deps $PHPIZE_DEPS \ 32 | freetype-dev libpng-dev libjpeg-turbo-dev \ 33 | icu-dev libedit-dev libxml2-dev \ 34 | imagemagick-dev openldap-dev oniguruma-dev libwebp-dev \ 35 | postgresql-dev \ 36 | linux-headers \ 37 | # php-ext 38 | && docker-php-ext-configure gd --with-freetype --with-webp --with-jpeg \ 39 | && export CFLAGS="$PHP_CFLAGS" CPPFLAGS="$PHP_CPPFLAGS" LDFLAGS="$PHP_LDFLAGS" \ 40 | && docker-php-ext-install -j$(nproc) \ 41 | bcmath \ 42 | calendar \ 43 | exif \ 44 | gd \ 45 | intl \ 46 | ldap \ 47 | mbstring \ 48 | opcache \ 49 | pcntl \ 50 | pdo \ 51 | pdo_mysql \ 52 | pdo_pgsql \ 53 | soap \ 54 | xml \ 55 | zip \ 56 | sockets \ 57 | mysqli \ 58 | ftp \ 59 | && pecl install redis \ 60 | && pecl install imagick \ 61 | && docker-php-ext-enable imagick \ 62 | && docker-php-ext-enable redis \ 63 | && cp "/usr/local/etc/php/php.ini-production" "/usr/local/etc/php/php.ini" \ 64 | # composer 65 | && curl -sS https://getcomposer.org/installer | php -- --install-dir=/usr/local/bin --filename=composer \ 66 | && curl -sS https://getcomposer.org/installer | php -- --1 --install-dir=/usr/local/bin --filename=composer1 \ 67 | # cleanup 68 | && apk del .build-deps \ 69 | && rm -rf /var/cache/apk/* /tmp/* 70 | 71 | COPY kool.ini /kool/kool.tmpl 72 | COPY zz-docker.conf /kool/zz-docker.tmpl 73 | COPY entrypoint /kool/entrypoint 74 | RUN chmod +x /kool/entrypoint 75 | 76 | EXPOSE 9000 77 | 78 | ENTRYPOINT [ "/kool/entrypoint" ] 79 | CMD [ "php-fpm" ] 80 | -------------------------------------------------------------------------------- /8.2-prod/entrypoint: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | set -e 3 | 4 | 5 | # Run as current user 6 | CURRENT_USER=${ASUSER:-${UID:-0}} 7 | 8 | if [ ! -z "$CURRENT_USER" ] && [ "$CURRENT_USER" != "0" ]; then 9 | usermod -u $CURRENT_USER kool 10 | fi 11 | 12 | dockerize -template /kool/kool.tmpl:/usr/local/etc/php/conf.d/kool.ini -template /kool/zz-docker.tmpl:/usr/local/etc/php-fpm.d/zz-docker.conf 13 | 14 | 15 | # Run entrypoint if provided 16 | if [ ! -z "$ENTRYPOINT" ] && [ -f "$ENTRYPOINT" ]; then 17 | bash $ENTRYPOINT 18 | fi 19 | 20 | if [ "$1" = "sh" ] || [ "$1" = "bash" ] || [ "$1" = "php-fpm" ] ; then 21 | exec "$@" 22 | else 23 | exec su-exec kool "$@" 24 | fi 25 | -------------------------------------------------------------------------------- /8.2-prod/kool.ini: -------------------------------------------------------------------------------- 1 | [PHP] 2 | 3 | ; Maximum amount of memory a script may consume 4 | ; http://php.net/memory-limit 5 | memory_limit = {{ .Env.PHP_MEMORY_LIMIT }} 6 | 7 | ; Fix maximum variables per input 8 | max_input_vars = {{ .Env.PHP_MAX_INPUT_VARS }} 9 | 10 | ; Maximum allowed size for uploaded files. 11 | ; http://php.net/upload-max-filesize 12 | upload_max_filesize = {{ .Env.PHP_UPLOAD_MAX_FILESIZE }} 13 | 14 | ; Maximum size of POST data that PHP will accept. 15 | ; Its value may be 0 to disable the limit. It is ignored if POST data reading 16 | ; is disabled through enable_post_data_reading. 17 | ; http://php.net/post-max-size 18 | post_max_size = {{ .Env.PHP_POST_MAX_SIZE }} 19 | 20 | ; Maximum execution time of each script, in seconds 21 | ; http://php.net/max-execution-time 22 | ; Note: This directive is hardcoded to 0 for the CLI SAPI 23 | max_execution_time = {{ .Env.PHP_MAX_EXECUTION_TIME }} 24 | 25 | ; Default timezone used by all date/time functions. 26 | ; https://www.php.net/manual/en/datetime.configuration.php#ini.date.timezone 27 | date.timezone = {{ .Env.PHP_DATE_TIMEZONE }} 28 | 29 | 30 | [opcache] 31 | 32 | ; Determines if Zend OPCache is enabled 33 | opcache.enable=1 34 | 35 | ; The OPcache shared memory storage size. 36 | opcache.memory_consumption=512 37 | 38 | ; The amount of memory for interned strings in Mbytes. 39 | opcache.interned_strings_buffer=64 40 | 41 | ; The maximum number of keys (scripts) in the OPcache hash table. 42 | ; Only numbers between 200 and 1000000 are allowed. 43 | opcache.max_accelerated_files=30000 44 | 45 | ; When disabled, you must reset the OPcache manually or restart the 46 | ; webserver for changes to the filesystem to take effect. 47 | opcache.validate_timestamps=0 48 | 49 | ; If disabled, all PHPDoc comments are dropped from the code to reduce the 50 | ; size of the optimized code. 51 | opcache.save_comments=1 52 | -------------------------------------------------------------------------------- /8.2-prod/zz-docker.conf: -------------------------------------------------------------------------------- 1 | [global] 2 | daemonize = no 3 | 4 | [www] 5 | ; Unix user/group of processes 6 | ; Note: The user is mandatory. If the group is not set, the default user's group 7 | ; will be used. 8 | user = kool 9 | group = kool 10 | 11 | ; The address on which to accept FastCGI requests. 12 | ; Valid syntaxes are: 13 | ; 'ip.add.re.ss:port' - to listen on a TCP socket to a specific IPv4 address on 14 | ; a specific port; 15 | ; '[ip:6:addr:ess]:port' - to listen on a TCP socket to a specific IPv6 address on 16 | ; a specific port; 17 | ; 'port' - to listen on a TCP socket to all addresses 18 | ; (IPv6 and IPv4-mapped) on a specific port; 19 | ; '/path/to/unix/socket' - to listen on a unix socket. 20 | ; Note: This value is mandatory. 21 | listen = {{ .Env.PHP_FPM_LISTEN }} 22 | 23 | ; Set permissions for unix socket, if one is used. In Linux, read/write 24 | ; permissions must be set in order to allow connections from a web server. Many 25 | ; BSD-derived systems allow connections regardless of permissions. The owner 26 | ; and group can be specified either by name or by their numeric IDs. 27 | ; Default Values: user and group are set as the running user 28 | ; mode is set to 0660 29 | listen.owner = kool 30 | listen.group = kool 31 | 32 | ; The number of child processes to be created when pm is set to 'static' and the 33 | ; maximum number of child processes when pm is set to 'dynamic' or 'ondemand'. 34 | ; This value sets the limit on the number of simultaneous requests that will be 35 | ; served. Equivalent to the ApacheMaxClients directive with mpm_prefork. 36 | ; Equivalent to the PHP_FCGI_CHILDREN environment variable in the original PHP 37 | ; CGI. The below defaults are based on a server without much resources. Don't 38 | ; forget to tweak pm.* to fit your needs. 39 | ; Note: Used when pm is set to 'static', 'dynamic' or 'ondemand' 40 | ; Note: This value is mandatory. 41 | pm.max_children = {{ .Env.PHP_FPM_MAX_CHILDREN }} 42 | 43 | ; The timeout for serving a single request after which the worker process will 44 | ; be killed. This option should be used when the 'max_execution_time' ini option 45 | ; does not stop script execution for some reason. A value of '0' means 'off'. 46 | ; Available units: s(econds)(default), m(inutes), h(ours), or d(ays) 47 | ; Default Value: 0 48 | request_terminate_timeout = {{ .Env.PHP_FPM_REQUEST_TERMINATE_TIMEOUT }} 49 | -------------------------------------------------------------------------------- /8.2/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM php:8.2-fpm-alpine 2 | 3 | ENV ASUSER= \ 4 | UID= \ 5 | COMPOSER_ALLOW_SUPERUSER=1 \ 6 | COMPOSER_MEMORY_LIMIT=-1 \ 7 | ENABLE_XDEBUG=false \ 8 | PHP_DATE_TIMEZONE=UTC \ 9 | PHP_MEMORY_LIMIT=256M \ 10 | PHP_MAX_INPUT_VARS=1000 \ 11 | PHP_UPLOAD_MAX_FILESIZE=25M \ 12 | PHP_POST_MAX_SIZE=25M \ 13 | PHP_MAX_EXECUTION_TIME=30 \ 14 | PHP_FPM_LISTEN=9000 \ 15 | PHP_FPM_MAX_CHILDREN=10 \ 16 | PHP_FPM_REQUEST_TERMINATE_TIMEOUT=60 \ 17 | ENTRYPOINT=entrypoint.php.sh 18 | 19 | WORKDIR /app 20 | 21 | RUN adduser -D -u 1337 kool \ 22 | && addgroup kool www-data \ 23 | # dockerize 24 | && curl -L https://github.com/jwilder/dockerize/releases/download/v0.6.1/dockerize-alpine-linux-amd64-v0.6.1.tar.gz | tar xz \ 25 | && mv dockerize /usr/local/bin/dockerize \ 26 | # deps 27 | && apk --no-cache add su-exec bash sed git openssh-client icu shadow procps \ 28 | freetype libpng libjpeg-turbo libzip-dev ghostscript imagemagick \ 29 | jpegoptim optipng pngquant gifsicle libldap \ 30 | libpq less \ 31 | # build-deps 32 | && apk add --no-cache --virtual .build-deps $PHPIZE_DEPS \ 33 | freetype-dev libpng-dev libjpeg-turbo-dev \ 34 | icu-dev libedit-dev libxml2-dev \ 35 | imagemagick-dev openldap-dev oniguruma-dev libwebp-dev \ 36 | postgresql-dev \ 37 | linux-headers \ 38 | # php-ext 39 | && docker-php-ext-configure gd --with-freetype --with-webp --with-jpeg \ 40 | && export CFLAGS="$PHP_CFLAGS" CPPFLAGS="$PHP_CPPFLAGS" LDFLAGS="$PHP_LDFLAGS" \ 41 | && docker-php-ext-install -j$(nproc) \ 42 | bcmath \ 43 | calendar \ 44 | exif \ 45 | gd \ 46 | intl \ 47 | ldap \ 48 | mbstring \ 49 | pcntl \ 50 | pdo \ 51 | pdo_mysql \ 52 | pdo_pgsql \ 53 | soap \ 54 | xml \ 55 | zip \ 56 | sockets \ 57 | mysqli \ 58 | ftp \ 59 | && pecl install redis \ 60 | && pecl install xdebug \ 61 | && pecl install pcov && docker-php-ext-enable pcov \ 62 | && pecl install imagick \ 63 | && docker-php-ext-enable imagick \ 64 | && docker-php-ext-enable redis \ 65 | && cp "/usr/local/etc/php/php.ini-development" "/usr/local/etc/php/php.ini" \ 66 | # composer 67 | && curl -sS https://getcomposer.org/installer | php -- --install-dir=/usr/local/bin --filename=composer \ 68 | && curl -sS https://getcomposer.org/installer | php -- --1 --install-dir=/usr/local/bin --filename=composer1 \ 69 | # cleanup 70 | && apk del .build-deps \ 71 | && rm -rf /var/cache/apk/* /tmp/* 72 | 73 | COPY kool.ini /kool/kool.tmpl 74 | COPY zz-docker.conf /kool/zz-docker.tmpl 75 | COPY entrypoint /kool/entrypoint 76 | RUN chmod +x /kool/entrypoint 77 | 78 | EXPOSE 9000 79 | 80 | ENTRYPOINT [ "/kool/entrypoint" ] 81 | CMD [ "php-fpm" ] 82 | -------------------------------------------------------------------------------- /8.2/entrypoint: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | set -e 3 | 4 | if [ "$ENABLE_XDEBUG" == "true" ]; then 5 | docker-php-ext-enable xdebug >> /dev/null 2>&1 6 | 7 | if [ $? != "0" ]; then 8 | echo "[ERROR] An error happened enabling xdebug" 9 | 10 | exit 1 11 | fi 12 | fi 13 | 14 | # Run as current user 15 | CURRENT_USER=${ASUSER:-${UID:-0}} 16 | 17 | if [ ! -z "$CURRENT_USER" ] && [ "$CURRENT_USER" != "0" ]; then 18 | usermod -u $CURRENT_USER kool 19 | fi 20 | 21 | dockerize -template /kool/kool.tmpl:/usr/local/etc/php/conf.d/kool.ini -template /kool/zz-docker.tmpl:/usr/local/etc/php-fpm.d/zz-docker.conf 22 | 23 | 24 | # Run entrypoint if provided 25 | if [ ! -z "$ENTRYPOINT" ] && [ -f "$ENTRYPOINT" ]; then 26 | bash $ENTRYPOINT 27 | fi 28 | 29 | if [ "$1" = "sh" ] || [ "$1" = "bash" ] || [ "$1" = "php-fpm" ] ; then 30 | exec "$@" 31 | else 32 | exec su-exec kool "$@" 33 | fi 34 | -------------------------------------------------------------------------------- /8.2/kool.ini: -------------------------------------------------------------------------------- 1 | [PHP] 2 | 3 | ; Maximum amount of memory a script may consume 4 | ; http://php.net/memory-limit 5 | memory_limit = {{ .Env.PHP_MEMORY_LIMIT }} 6 | 7 | ; Fix maximum variables per input 8 | max_input_vars = {{ .Env.PHP_MAX_INPUT_VARS }} 9 | 10 | ; Maximum allowed size for uploaded files. 11 | ; http://php.net/upload-max-filesize 12 | upload_max_filesize = {{ .Env.PHP_UPLOAD_MAX_FILESIZE }} 13 | 14 | ; Maximum size of POST data that PHP will accept. 15 | ; Its value may be 0 to disable the limit. It is ignored if POST data reading 16 | ; is disabled through enable_post_data_reading. 17 | ; http://php.net/post-max-size 18 | post_max_size = {{ .Env.PHP_POST_MAX_SIZE }} 19 | 20 | ; Maximum execution time of each script, in seconds 21 | ; http://php.net/max-execution-time 22 | ; Note: This directive is hardcoded to 0 for the CLI SAPI 23 | max_execution_time = {{ .Env.PHP_MAX_EXECUTION_TIME }} 24 | 25 | ; Default timezone used by all date/time functions. 26 | ; https://www.php.net/manual/en/datetime.configuration.php#ini.date.timezone 27 | date.timezone = {{ .Env.PHP_DATE_TIMEZONE }} 28 | 29 | 30 | -------------------------------------------------------------------------------- /8.2/zz-docker.conf: -------------------------------------------------------------------------------- 1 | [global] 2 | daemonize = no 3 | 4 | [www] 5 | ; Unix user/group of processes 6 | ; Note: The user is mandatory. If the group is not set, the default user's group 7 | ; will be used. 8 | user = kool 9 | group = kool 10 | 11 | ; The address on which to accept FastCGI requests. 12 | ; Valid syntaxes are: 13 | ; 'ip.add.re.ss:port' - to listen on a TCP socket to a specific IPv4 address on 14 | ; a specific port; 15 | ; '[ip:6:addr:ess]:port' - to listen on a TCP socket to a specific IPv6 address on 16 | ; a specific port; 17 | ; 'port' - to listen on a TCP socket to all addresses 18 | ; (IPv6 and IPv4-mapped) on a specific port; 19 | ; '/path/to/unix/socket' - to listen on a unix socket. 20 | ; Note: This value is mandatory. 21 | listen = {{ .Env.PHP_FPM_LISTEN }} 22 | 23 | ; Set permissions for unix socket, if one is used. In Linux, read/write 24 | ; permissions must be set in order to allow connections from a web server. Many 25 | ; BSD-derived systems allow connections regardless of permissions. The owner 26 | ; and group can be specified either by name or by their numeric IDs. 27 | ; Default Values: user and group are set as the running user 28 | ; mode is set to 0660 29 | listen.owner = kool 30 | listen.group = kool 31 | 32 | ; The number of child processes to be created when pm is set to 'static' and the 33 | ; maximum number of child processes when pm is set to 'dynamic' or 'ondemand'. 34 | ; This value sets the limit on the number of simultaneous requests that will be 35 | ; served. Equivalent to the ApacheMaxClients directive with mpm_prefork. 36 | ; Equivalent to the PHP_FCGI_CHILDREN environment variable in the original PHP 37 | ; CGI. The below defaults are based on a server without much resources. Don't 38 | ; forget to tweak pm.* to fit your needs. 39 | ; Note: Used when pm is set to 'static', 'dynamic' or 'ondemand' 40 | ; Note: This value is mandatory. 41 | pm.max_children = {{ .Env.PHP_FPM_MAX_CHILDREN }} 42 | 43 | ; The timeout for serving a single request after which the worker process will 44 | ; be killed. This option should be used when the 'max_execution_time' ini option 45 | ; does not stop script execution for some reason. A value of '0' means 'off'. 46 | ; Available units: s(econds)(default), m(inutes), h(ours), or d(ays) 47 | ; Default Value: 0 48 | request_terminate_timeout = {{ .Env.PHP_FPM_REQUEST_TERMINATE_TIMEOUT }} 49 | -------------------------------------------------------------------------------- /8.3-nginx-prod/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM debian AS cert 2 | 3 | WORKDIR /kool/ssl 4 | 5 | RUN apt-get update && \ 6 | apt-get install -y openssl && \ 7 | openssl genrsa -des3 -passout pass:x -out server.pass.key 2048 && \ 8 | openssl rsa -passin pass:x -in server.pass.key -out _.localhost.key && \ 9 | rm server.pass.key && \ 10 | openssl req -new -key _.localhost.key -out server.csr \ 11 | -subj "/C=XX/ST=XX/L=XX/O=Kool-Local/OU=Localhost/CN=*.localhost" && \ 12 | openssl x509 -req -days 365 -in server.csr -signkey _.localhost.key -out _.localhost.crt && \ 13 | openssl x509 -in _.localhost.crt -out _.localhost.pem 14 | 15 | FROM kooldev/php:8.3-prod 16 | 17 | ENV PHP_FPM_LISTEN=/run/php-fpm.sock \ 18 | NGINX_LISTEN=80 \ 19 | NGINX_HTTPS=false \ 20 | NGINX_LISTEN_HTTPS=443 \ 21 | NGINX_HTTPS_CERT=/kool/ssl/_.localhost.pem \ 22 | NGINX_HTTPS_CERT_KEY=/kool/ssl/_.localhost.key \ 23 | NGINX_ROOT=/app/public \ 24 | NGINX_INDEX=index.php \ 25 | NGINX_CLIENT_MAX_BODY_SIZE=25M \ 26 | NGINX_PHP_FPM=unix:/run/php-fpm.sock \ 27 | NGINX_FASTCGI_READ_TIMEOUT=60s \ 28 | NGINX_FASTCGI_BUFFERS='8 8k' \ 29 | NGINX_FASTCGI_BUFFER_SIZE='16k' \ 30 | NGINX_ENTRYPOINT_WORKER_PROCESSES_AUTOTUNE=true 31 | 32 | RUN curl -L https://github.com/ochinchina/supervisord/releases/download/v0.6.3/supervisord_static_0.6.3_linux_amd64 -o /usr/local/bin/supervisord \ 33 | && chmod +x /usr/local/bin/supervisord \ 34 | && apk add --no-cache nginx \ 35 | && chown -R kool:kool /var/lib/nginx \ 36 | && chmod 770 /var/lib/nginx/tmp \ 37 | && ln -sf /dev/stdout /var/log/nginx/access.log \ 38 | && ln -sf /dev/stderr /var/log/nginx/error.log \ 39 | # add h5bp/server-configs-nginx 40 | && mkdir -p /etc/nginx/conf.d \ 41 | && mkdir /etc/nginx/h5bp \ 42 | && cd /etc/nginx/h5bp \ 43 | && wget https://github.com/h5bp/server-configs-nginx/archive/refs/tags/3.3.0.tar.gz -O h5bp.tgz \ 44 | && tar xzvf h5bp.tgz \ 45 | && rm -f h5bp.tgz \ 46 | && mv server-configs-nginx-*/h5bp/* . \ 47 | && mv server-configs-nginx-*/nginx.conf /etc/nginx/nginx.conf \ 48 | && sed -i "s|^user .*|user\ kool kool;|g" /etc/nginx/nginx.conf \ 49 | && mv server-configs-nginx-*/mime.types /etc/nginx/mime.types \ 50 | && rm -rf server-configs-nginx-* \ 51 | && curl -L https://raw.githubusercontent.com/nginxinc/docker-nginx/master/entrypoint/30-tune-worker-processes.sh -o /kool/30-tune-worker-processes.sh \ 52 | && chmod +x /kool/30-tune-worker-processes.sh 53 | 54 | COPY supervisor.conf /kool/supervisor.conf 55 | COPY default.tmpl /kool/default.tmpl 56 | COPY entrypoint /kool/entrypoint 57 | COPY --from=cert /kool/ssl /kool/ssl 58 | RUN chmod +x /kool/entrypoint 59 | 60 | EXPOSE 80 61 | 62 | CMD [ "supervisord", "-c", "/kool/supervisor.conf" ] 63 | -------------------------------------------------------------------------------- /8.3-nginx-prod/default.tmpl: -------------------------------------------------------------------------------- 1 | server { 2 | listen {{ .Env.NGINX_LISTEN }} default_server; 3 | server_name _; 4 | {{ if isTrue .Env.NGINX_HTTPS }} 5 | listen {{ .Env.NGINX_LISTEN_HTTPS }} ssl http2; 6 | ssl_certificate {{ .Env.NGINX_HTTPS_CERT }}; 7 | ssl_certificate_key {{ .Env.NGINX_HTTPS_CERT_KEY }}; 8 | ssl_protocols TLSv1 TLSv1.1 TLSv1.2; 9 | ssl_ciphers HIGH:!aNULL:!MD5; 10 | {{ end }} 11 | root {{ .Env.NGINX_ROOT }}; 12 | index {{ .Env.NGINX_INDEX }}; 13 | charset utf-8; 14 | 15 | location = /favicon.ico { log_not_found off; access_log off; } 16 | location = /robots.txt { log_not_found off; access_log off; } 17 | 18 | client_max_body_size {{ .Env.NGINX_CLIENT_MAX_BODY_SIZE }}; 19 | 20 | error_page 404 /index.php; 21 | 22 | location / { 23 | try_files $uri $uri/ /{{ .Env.NGINX_INDEX }}?$query_string; 24 | 25 | add_header X-Served-By kool.dev; 26 | } 27 | 28 | location ~ \.php$ { 29 | fastcgi_buffers {{ .Env.NGINX_FASTCGI_BUFFERS }}; 30 | fastcgi_buffer_size {{ .Env.NGINX_FASTCGI_BUFFER_SIZE }}; 31 | fastcgi_pass {{ .Env.NGINX_PHP_FPM }}; 32 | fastcgi_read_timeout {{ .Env.NGINX_FASTCGI_READ_TIMEOUT }}; 33 | fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name; 34 | include fastcgi_params; 35 | } 36 | 37 | location ~ /\.ht { 38 | deny all; 39 | } 40 | 41 | # good practices 42 | add_header X-Frame-Options "SAMEORIGIN"; 43 | 44 | # basic H5BP suggestions 45 | include h5bp/internet_explorer/x-ua-compatible.conf; 46 | include h5bp/security/referrer-policy.conf; 47 | include h5bp/security/x-content-type-options.conf; 48 | include h5bp/security/x-xss-protection.conf; 49 | 50 | # performance enhancements (mostly for caching static data) 51 | include h5bp/web_performance/cache-file-descriptors.conf; 52 | include h5bp/web_performance/pre-compressed_content_gzip.conf; 53 | } 54 | -------------------------------------------------------------------------------- /8.3-nginx-prod/entrypoint: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | set -e 3 | 4 | 5 | # Run as current user 6 | CURRENT_USER=${ASUSER:-${UID:-0}} 7 | 8 | if [ ! -z "$CURRENT_USER" ] && [ "$CURRENT_USER" != "0" ]; then 9 | usermod -u $CURRENT_USER kool 10 | fi 11 | 12 | dockerize -template /kool/kool.tmpl:/usr/local/etc/php/conf.d/kool.ini -template /kool/zz-docker.tmpl:/usr/local/etc/php-fpm.d/zz-docker.conf -template /kool/default.tmpl:/etc/nginx/conf.d/default.conf 13 | 14 | /kool/30-tune-worker-processes.sh 15 | 16 | # Run entrypoint if provided 17 | if [ ! -z "$ENTRYPOINT" ] && [ -f "$ENTRYPOINT" ]; then 18 | bash $ENTRYPOINT 19 | fi 20 | 21 | if [ "$1" = "sh" ] || [ "$1" = "bash" ] || [ "$1" = "php-fpm" ] || [ "$1" = "nginx" ] || [ "$1" = "supervisord" ]; then 22 | exec "$@" 23 | else 24 | exec su-exec kool "$@" 25 | fi 26 | -------------------------------------------------------------------------------- /8.3-nginx-prod/supervisor.conf: -------------------------------------------------------------------------------- 1 | [program:nginx] 2 | depends_on = php-fpm 3 | command = nginx -g "daemon off;" 4 | stopasgroup = true 5 | stderr_logfile = /dev/stderr 6 | stdout_logfile = /dev/stdout 7 | 8 | [program:php-fpm] 9 | command = php-fpm 10 | stopasgroup = true 11 | stderr_logfile = /dev/stderr 12 | stdout_logfile = /dev/stdout 13 | -------------------------------------------------------------------------------- /8.3-nginx/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM debian AS cert 2 | 3 | WORKDIR /kool/ssl 4 | 5 | RUN apt-get update && \ 6 | apt-get install -y openssl && \ 7 | openssl genrsa -des3 -passout pass:x -out server.pass.key 2048 && \ 8 | openssl rsa -passin pass:x -in server.pass.key -out _.localhost.key && \ 9 | rm server.pass.key && \ 10 | openssl req -new -key _.localhost.key -out server.csr \ 11 | -subj "/C=XX/ST=XX/L=XX/O=Kool-Local/OU=Localhost/CN=*.localhost" && \ 12 | openssl x509 -req -days 365 -in server.csr -signkey _.localhost.key -out _.localhost.crt && \ 13 | openssl x509 -in _.localhost.crt -out _.localhost.pem 14 | 15 | FROM kooldev/php:8.3 16 | 17 | ENV PHP_FPM_LISTEN=/run/php-fpm.sock \ 18 | NGINX_LISTEN=80 \ 19 | NGINX_HTTPS=false \ 20 | NGINX_LISTEN_HTTPS=443 \ 21 | NGINX_HTTPS_CERT=/kool/ssl/_.localhost.pem \ 22 | NGINX_HTTPS_CERT_KEY=/kool/ssl/_.localhost.key \ 23 | NGINX_ROOT=/app/public \ 24 | NGINX_INDEX=index.php \ 25 | NGINX_CLIENT_MAX_BODY_SIZE=25M \ 26 | NGINX_PHP_FPM=unix:/run/php-fpm.sock \ 27 | NGINX_FASTCGI_READ_TIMEOUT=60s \ 28 | NGINX_FASTCGI_BUFFERS='8 8k' \ 29 | NGINX_FASTCGI_BUFFER_SIZE='16k' \ 30 | NGINX_ENTRYPOINT_WORKER_PROCESSES_AUTOTUNE=true 31 | 32 | RUN curl -L https://github.com/ochinchina/supervisord/releases/download/v0.6.3/supervisord_static_0.6.3_linux_amd64 -o /usr/local/bin/supervisord \ 33 | && chmod +x /usr/local/bin/supervisord \ 34 | && apk add --no-cache nginx \ 35 | && chown -R kool:kool /var/lib/nginx \ 36 | && chmod 770 /var/lib/nginx/tmp \ 37 | && ln -sf /dev/stdout /var/log/nginx/access.log \ 38 | && ln -sf /dev/stderr /var/log/nginx/error.log \ 39 | # add h5bp/server-configs-nginx 40 | && mkdir -p /etc/nginx/conf.d \ 41 | && mkdir /etc/nginx/h5bp \ 42 | && cd /etc/nginx/h5bp \ 43 | && wget https://github.com/h5bp/server-configs-nginx/archive/refs/tags/3.3.0.tar.gz -O h5bp.tgz \ 44 | && tar xzvf h5bp.tgz \ 45 | && rm -f h5bp.tgz \ 46 | && mv server-configs-nginx-*/h5bp/* . \ 47 | && mv server-configs-nginx-*/nginx.conf /etc/nginx/nginx.conf \ 48 | && sed -i "s|^user .*|user\ kool kool;|g" /etc/nginx/nginx.conf \ 49 | && mv server-configs-nginx-*/mime.types /etc/nginx/mime.types \ 50 | && rm -rf server-configs-nginx-* \ 51 | && curl -L https://raw.githubusercontent.com/nginxinc/docker-nginx/master/entrypoint/30-tune-worker-processes.sh -o /kool/30-tune-worker-processes.sh \ 52 | && chmod +x /kool/30-tune-worker-processes.sh 53 | 54 | COPY supervisor.conf /kool/supervisor.conf 55 | COPY default.tmpl /kool/default.tmpl 56 | COPY entrypoint /kool/entrypoint 57 | COPY --from=cert /kool/ssl /kool/ssl 58 | RUN chmod +x /kool/entrypoint 59 | 60 | EXPOSE 80 61 | 62 | CMD [ "supervisord", "-c", "/kool/supervisor.conf" ] 63 | -------------------------------------------------------------------------------- /8.3-nginx/default.tmpl: -------------------------------------------------------------------------------- 1 | server { 2 | listen {{ .Env.NGINX_LISTEN }} default_server; 3 | server_name _; 4 | {{ if isTrue .Env.NGINX_HTTPS }} 5 | listen {{ .Env.NGINX_LISTEN_HTTPS }} ssl http2; 6 | ssl_certificate {{ .Env.NGINX_HTTPS_CERT }}; 7 | ssl_certificate_key {{ .Env.NGINX_HTTPS_CERT_KEY }}; 8 | ssl_protocols TLSv1 TLSv1.1 TLSv1.2; 9 | ssl_ciphers HIGH:!aNULL:!MD5; 10 | {{ end }} 11 | root {{ .Env.NGINX_ROOT }}; 12 | index {{ .Env.NGINX_INDEX }}; 13 | charset utf-8; 14 | 15 | location = /favicon.ico { log_not_found off; access_log off; } 16 | location = /robots.txt { log_not_found off; access_log off; } 17 | 18 | client_max_body_size {{ .Env.NGINX_CLIENT_MAX_BODY_SIZE }}; 19 | 20 | error_page 404 /index.php; 21 | 22 | location / { 23 | try_files $uri $uri/ /{{ .Env.NGINX_INDEX }}?$query_string; 24 | 25 | add_header X-Served-By kool.dev; 26 | } 27 | 28 | location ~ \.php$ { 29 | fastcgi_buffers {{ .Env.NGINX_FASTCGI_BUFFERS }}; 30 | fastcgi_buffer_size {{ .Env.NGINX_FASTCGI_BUFFER_SIZE }}; 31 | fastcgi_pass {{ .Env.NGINX_PHP_FPM }}; 32 | fastcgi_read_timeout {{ .Env.NGINX_FASTCGI_READ_TIMEOUT }}; 33 | fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name; 34 | include fastcgi_params; 35 | } 36 | 37 | location ~ /\.ht { 38 | deny all; 39 | } 40 | 41 | # good practices 42 | add_header X-Frame-Options "SAMEORIGIN"; 43 | 44 | # basic H5BP suggestions 45 | include h5bp/internet_explorer/x-ua-compatible.conf; 46 | include h5bp/security/referrer-policy.conf; 47 | include h5bp/security/x-content-type-options.conf; 48 | include h5bp/security/x-xss-protection.conf; 49 | 50 | # performance enhancements (mostly for caching static data) 51 | include h5bp/web_performance/cache-file-descriptors.conf; 52 | include h5bp/web_performance/pre-compressed_content_gzip.conf; 53 | } 54 | -------------------------------------------------------------------------------- /8.3-nginx/entrypoint: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | set -e 3 | 4 | if [ "$ENABLE_XDEBUG" == "true" ]; then 5 | docker-php-ext-enable xdebug >> /dev/null 2>&1 6 | 7 | if [ $? != "0" ]; then 8 | echo "[ERROR] An error happened enabling xdebug" 9 | 10 | exit 1 11 | fi 12 | fi 13 | 14 | # Run as current user 15 | CURRENT_USER=${ASUSER:-${UID:-0}} 16 | 17 | if [ ! -z "$CURRENT_USER" ] && [ "$CURRENT_USER" != "0" ]; then 18 | usermod -u $CURRENT_USER kool 19 | fi 20 | 21 | dockerize -template /kool/kool.tmpl:/usr/local/etc/php/conf.d/kool.ini -template /kool/zz-docker.tmpl:/usr/local/etc/php-fpm.d/zz-docker.conf -template /kool/default.tmpl:/etc/nginx/conf.d/default.conf 22 | 23 | /kool/30-tune-worker-processes.sh 24 | 25 | # Run entrypoint if provided 26 | if [ ! -z "$ENTRYPOINT" ] && [ -f "$ENTRYPOINT" ]; then 27 | bash $ENTRYPOINT 28 | fi 29 | 30 | if [ "$1" = "sh" ] || [ "$1" = "bash" ] || [ "$1" = "php-fpm" ] || [ "$1" = "nginx" ] || [ "$1" = "supervisord" ]; then 31 | exec "$@" 32 | else 33 | exec su-exec kool "$@" 34 | fi 35 | -------------------------------------------------------------------------------- /8.3-nginx/supervisor.conf: -------------------------------------------------------------------------------- 1 | [program:nginx] 2 | depends_on = php-fpm 3 | command = nginx -g "daemon off;" 4 | stopasgroup = true 5 | stderr_logfile = /dev/stderr 6 | stdout_logfile = /dev/stdout 7 | 8 | [program:php-fpm] 9 | command = php-fpm 10 | stopasgroup = true 11 | stderr_logfile = /dev/stderr 12 | stdout_logfile = /dev/stdout 13 | -------------------------------------------------------------------------------- /8.3-node/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM kooldev/php:8.3 2 | 3 | RUN apk add --update --no-cache npm yarn \ 4 | && rm -rf /var/cache/apk/* /tmp/* 5 | -------------------------------------------------------------------------------- /8.3-prod/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM php:8.3-fpm-alpine 2 | 3 | ENV ASUSER= \ 4 | UID= \ 5 | COMPOSER_ALLOW_SUPERUSER=1 \ 6 | COMPOSER_MEMORY_LIMIT=-1 \ 7 | PHP_DATE_TIMEZONE=UTC \ 8 | PHP_MEMORY_LIMIT=256M \ 9 | PHP_MAX_INPUT_VARS=1000 \ 10 | PHP_UPLOAD_MAX_FILESIZE=25M \ 11 | PHP_POST_MAX_SIZE=25M \ 12 | PHP_MAX_EXECUTION_TIME=30 \ 13 | PHP_FPM_LISTEN=9000 \ 14 | PHP_FPM_MAX_CHILDREN=10 \ 15 | PHP_FPM_REQUEST_TERMINATE_TIMEOUT=60 \ 16 | ENTRYPOINT=entrypoint.php.sh 17 | 18 | WORKDIR /app 19 | 20 | RUN adduser -D -u 1337 kool \ 21 | && addgroup kool www-data \ 22 | # dockerize 23 | && curl -L https://github.com/jwilder/dockerize/releases/download/v0.6.1/dockerize-alpine-linux-amd64-v0.6.1.tar.gz | tar xz \ 24 | && mv dockerize /usr/local/bin/dockerize \ 25 | # deps 26 | && apk --no-cache add su-exec bash sed git openssh-client icu shadow procps \ 27 | freetype libpng libjpeg-turbo libzip-dev ghostscript imagemagick \ 28 | jpegoptim optipng pngquant gifsicle libldap \ 29 | libpq less \ 30 | # build-deps 31 | && apk add --no-cache --virtual .build-deps $PHPIZE_DEPS \ 32 | freetype-dev libpng-dev libjpeg-turbo-dev \ 33 | icu-dev libedit-dev libxml2-dev \ 34 | imagemagick-dev openldap-dev oniguruma-dev libwebp-dev \ 35 | postgresql-dev \ 36 | linux-headers \ 37 | # php-ext 38 | && docker-php-ext-configure gd --with-freetype --with-webp --with-jpeg \ 39 | && export CFLAGS="$PHP_CFLAGS" CPPFLAGS="$PHP_CPPFLAGS" LDFLAGS="$PHP_LDFLAGS" \ 40 | && docker-php-ext-install -j$(nproc) \ 41 | bcmath \ 42 | calendar \ 43 | exif \ 44 | gd \ 45 | intl \ 46 | ldap \ 47 | mbstring \ 48 | opcache \ 49 | pcntl \ 50 | pdo \ 51 | pdo_mysql \ 52 | pdo_pgsql \ 53 | soap \ 54 | xml \ 55 | zip \ 56 | sockets \ 57 | mysqli \ 58 | ftp \ 59 | && pecl install redis \ 60 | && mkdir /tmp/imagick && cd /tmp/imagick \ 61 | && curl -L -o /tmp/imagick.tar.gz https://github.com/Imagick/imagick/archive/refs/tags/3.7.0.tar.gz \ 62 | && tar --strip-components=1 -xf /tmp/imagick.tar.gz \ 63 | && phpize \ 64 | && ./configure --with-webp=yes \ 65 | && make \ 66 | && make install \ 67 | && echo "extension=imagick.so" > /usr/local/etc/php/conf.d/ext-imagick.ini \ 68 | && docker-php-ext-enable redis \ 69 | && cp "/usr/local/etc/php/php.ini-production" "/usr/local/etc/php/php.ini" \ 70 | # composer 71 | && curl -sS https://getcomposer.org/installer | php -- --install-dir=/usr/local/bin --filename=composer \ 72 | && curl -sS https://getcomposer.org/installer | php -- --1 --install-dir=/usr/local/bin --filename=composer1 \ 73 | # cleanup 74 | && apk del .build-deps \ 75 | && rm -rf /var/cache/apk/* /tmp/* 76 | 77 | COPY kool.ini /kool/kool.tmpl 78 | COPY zz-docker.conf /kool/zz-docker.tmpl 79 | COPY entrypoint /kool/entrypoint 80 | RUN chmod +x /kool/entrypoint 81 | 82 | EXPOSE 9000 83 | 84 | ENTRYPOINT [ "/kool/entrypoint" ] 85 | CMD [ "php-fpm" ] 86 | -------------------------------------------------------------------------------- /8.3-prod/entrypoint: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | set -e 3 | 4 | 5 | # Run as current user 6 | CURRENT_USER=${ASUSER:-${UID:-0}} 7 | 8 | if [ ! -z "$CURRENT_USER" ] && [ "$CURRENT_USER" != "0" ]; then 9 | usermod -u $CURRENT_USER kool 10 | fi 11 | 12 | dockerize -template /kool/kool.tmpl:/usr/local/etc/php/conf.d/kool.ini -template /kool/zz-docker.tmpl:/usr/local/etc/php-fpm.d/zz-docker.conf 13 | 14 | 15 | # Run entrypoint if provided 16 | if [ ! -z "$ENTRYPOINT" ] && [ -f "$ENTRYPOINT" ]; then 17 | bash $ENTRYPOINT 18 | fi 19 | 20 | if [ "$1" = "sh" ] || [ "$1" = "bash" ] || [ "$1" = "php-fpm" ] ; then 21 | exec "$@" 22 | else 23 | exec su-exec kool "$@" 24 | fi 25 | -------------------------------------------------------------------------------- /8.3-prod/kool.ini: -------------------------------------------------------------------------------- 1 | [PHP] 2 | 3 | ; Maximum amount of memory a script may consume 4 | ; http://php.net/memory-limit 5 | memory_limit = {{ .Env.PHP_MEMORY_LIMIT }} 6 | 7 | ; Fix maximum variables per input 8 | max_input_vars = {{ .Env.PHP_MAX_INPUT_VARS }} 9 | 10 | ; Maximum allowed size for uploaded files. 11 | ; http://php.net/upload-max-filesize 12 | upload_max_filesize = {{ .Env.PHP_UPLOAD_MAX_FILESIZE }} 13 | 14 | ; Maximum size of POST data that PHP will accept. 15 | ; Its value may be 0 to disable the limit. It is ignored if POST data reading 16 | ; is disabled through enable_post_data_reading. 17 | ; http://php.net/post-max-size 18 | post_max_size = {{ .Env.PHP_POST_MAX_SIZE }} 19 | 20 | ; Maximum execution time of each script, in seconds 21 | ; http://php.net/max-execution-time 22 | ; Note: This directive is hardcoded to 0 for the CLI SAPI 23 | max_execution_time = {{ .Env.PHP_MAX_EXECUTION_TIME }} 24 | 25 | ; Default timezone used by all date/time functions. 26 | ; https://www.php.net/manual/en/datetime.configuration.php#ini.date.timezone 27 | date.timezone = {{ .Env.PHP_DATE_TIMEZONE }} 28 | 29 | 30 | [opcache] 31 | 32 | ; Determines if Zend OPCache is enabled 33 | opcache.enable=1 34 | 35 | ; The OPcache shared memory storage size. 36 | opcache.memory_consumption=512 37 | 38 | ; The amount of memory for interned strings in Mbytes. 39 | opcache.interned_strings_buffer=64 40 | 41 | ; The maximum number of keys (scripts) in the OPcache hash table. 42 | ; Only numbers between 200 and 1000000 are allowed. 43 | opcache.max_accelerated_files=30000 44 | 45 | ; When disabled, you must reset the OPcache manually or restart the 46 | ; webserver for changes to the filesystem to take effect. 47 | opcache.validate_timestamps=0 48 | 49 | ; If disabled, all PHPDoc comments are dropped from the code to reduce the 50 | ; size of the optimized code. 51 | opcache.save_comments=1 52 | -------------------------------------------------------------------------------- /8.3-prod/zz-docker.conf: -------------------------------------------------------------------------------- 1 | [global] 2 | daemonize = no 3 | 4 | [www] 5 | ; Unix user/group of processes 6 | ; Note: The user is mandatory. If the group is not set, the default user's group 7 | ; will be used. 8 | user = kool 9 | group = kool 10 | 11 | ; The address on which to accept FastCGI requests. 12 | ; Valid syntaxes are: 13 | ; 'ip.add.re.ss:port' - to listen on a TCP socket to a specific IPv4 address on 14 | ; a specific port; 15 | ; '[ip:6:addr:ess]:port' - to listen on a TCP socket to a specific IPv6 address on 16 | ; a specific port; 17 | ; 'port' - to listen on a TCP socket to all addresses 18 | ; (IPv6 and IPv4-mapped) on a specific port; 19 | ; '/path/to/unix/socket' - to listen on a unix socket. 20 | ; Note: This value is mandatory. 21 | listen = {{ .Env.PHP_FPM_LISTEN }} 22 | 23 | ; Set permissions for unix socket, if one is used. In Linux, read/write 24 | ; permissions must be set in order to allow connections from a web server. Many 25 | ; BSD-derived systems allow connections regardless of permissions. The owner 26 | ; and group can be specified either by name or by their numeric IDs. 27 | ; Default Values: user and group are set as the running user 28 | ; mode is set to 0660 29 | listen.owner = kool 30 | listen.group = kool 31 | 32 | ; The number of child processes to be created when pm is set to 'static' and the 33 | ; maximum number of child processes when pm is set to 'dynamic' or 'ondemand'. 34 | ; This value sets the limit on the number of simultaneous requests that will be 35 | ; served. Equivalent to the ApacheMaxClients directive with mpm_prefork. 36 | ; Equivalent to the PHP_FCGI_CHILDREN environment variable in the original PHP 37 | ; CGI. The below defaults are based on a server without much resources. Don't 38 | ; forget to tweak pm.* to fit your needs. 39 | ; Note: Used when pm is set to 'static', 'dynamic' or 'ondemand' 40 | ; Note: This value is mandatory. 41 | pm.max_children = {{ .Env.PHP_FPM_MAX_CHILDREN }} 42 | 43 | ; The timeout for serving a single request after which the worker process will 44 | ; be killed. This option should be used when the 'max_execution_time' ini option 45 | ; does not stop script execution for some reason. A value of '0' means 'off'. 46 | ; Available units: s(econds)(default), m(inutes), h(ours), or d(ays) 47 | ; Default Value: 0 48 | request_terminate_timeout = {{ .Env.PHP_FPM_REQUEST_TERMINATE_TIMEOUT }} 49 | -------------------------------------------------------------------------------- /8.3/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM php:8.3-fpm-alpine 2 | 3 | ENV ASUSER= \ 4 | UID= \ 5 | COMPOSER_ALLOW_SUPERUSER=1 \ 6 | COMPOSER_MEMORY_LIMIT=-1 \ 7 | ENABLE_XDEBUG=false \ 8 | PHP_DATE_TIMEZONE=UTC \ 9 | PHP_MEMORY_LIMIT=256M \ 10 | PHP_MAX_INPUT_VARS=1000 \ 11 | PHP_UPLOAD_MAX_FILESIZE=25M \ 12 | PHP_POST_MAX_SIZE=25M \ 13 | PHP_MAX_EXECUTION_TIME=30 \ 14 | PHP_FPM_LISTEN=9000 \ 15 | PHP_FPM_MAX_CHILDREN=10 \ 16 | PHP_FPM_REQUEST_TERMINATE_TIMEOUT=60 \ 17 | ENTRYPOINT=entrypoint.php.sh 18 | 19 | WORKDIR /app 20 | 21 | RUN adduser -D -u 1337 kool \ 22 | && addgroup kool www-data \ 23 | # dockerize 24 | && curl -L https://github.com/jwilder/dockerize/releases/download/v0.6.1/dockerize-alpine-linux-amd64-v0.6.1.tar.gz | tar xz \ 25 | && mv dockerize /usr/local/bin/dockerize \ 26 | # deps 27 | && apk --no-cache add su-exec bash sed git openssh-client icu shadow procps \ 28 | freetype libpng libjpeg-turbo libzip-dev ghostscript imagemagick \ 29 | jpegoptim optipng pngquant gifsicle libldap \ 30 | libpq less \ 31 | # build-deps 32 | && apk add --no-cache --virtual .build-deps $PHPIZE_DEPS \ 33 | freetype-dev libpng-dev libjpeg-turbo-dev \ 34 | icu-dev libedit-dev libxml2-dev \ 35 | imagemagick-dev openldap-dev oniguruma-dev libwebp-dev \ 36 | postgresql-dev \ 37 | linux-headers \ 38 | # php-ext 39 | && docker-php-ext-configure gd --with-freetype --with-webp --with-jpeg \ 40 | && export CFLAGS="$PHP_CFLAGS" CPPFLAGS="$PHP_CPPFLAGS" LDFLAGS="$PHP_LDFLAGS" \ 41 | && docker-php-ext-install -j$(nproc) \ 42 | bcmath \ 43 | calendar \ 44 | exif \ 45 | gd \ 46 | intl \ 47 | ldap \ 48 | mbstring \ 49 | pcntl \ 50 | pdo \ 51 | pdo_mysql \ 52 | pdo_pgsql \ 53 | soap \ 54 | xml \ 55 | zip \ 56 | sockets \ 57 | mysqli \ 58 | ftp \ 59 | && pecl install redis \ 60 | && pecl install xdebug \ 61 | && pecl install pcov && docker-php-ext-enable pcov \ 62 | && mkdir /tmp/imagick && cd /tmp/imagick \ 63 | && curl -L -o /tmp/imagick.tar.gz https://github.com/Imagick/imagick/archive/refs/tags/3.7.0.tar.gz \ 64 | && tar --strip-components=1 -xf /tmp/imagick.tar.gz \ 65 | && phpize \ 66 | && ./configure --with-webp=yes \ 67 | && make \ 68 | && make install \ 69 | && echo "extension=imagick.so" > /usr/local/etc/php/conf.d/ext-imagick.ini \ 70 | && docker-php-ext-enable redis \ 71 | && cp "/usr/local/etc/php/php.ini-development" "/usr/local/etc/php/php.ini" \ 72 | # composer 73 | && curl -sS https://getcomposer.org/installer | php -- --install-dir=/usr/local/bin --filename=composer \ 74 | && curl -sS https://getcomposer.org/installer | php -- --1 --install-dir=/usr/local/bin --filename=composer1 \ 75 | # cleanup 76 | && apk del .build-deps \ 77 | && rm -rf /var/cache/apk/* /tmp/* 78 | 79 | COPY kool.ini /kool/kool.tmpl 80 | COPY zz-docker.conf /kool/zz-docker.tmpl 81 | COPY entrypoint /kool/entrypoint 82 | RUN chmod +x /kool/entrypoint 83 | 84 | EXPOSE 9000 85 | 86 | ENTRYPOINT [ "/kool/entrypoint" ] 87 | CMD [ "php-fpm" ] 88 | -------------------------------------------------------------------------------- /8.3/entrypoint: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | set -e 3 | 4 | if [ "$ENABLE_XDEBUG" == "true" ]; then 5 | docker-php-ext-enable xdebug >> /dev/null 2>&1 6 | 7 | if [ $? != "0" ]; then 8 | echo "[ERROR] An error happened enabling xdebug" 9 | 10 | exit 1 11 | fi 12 | fi 13 | 14 | # Run as current user 15 | CURRENT_USER=${ASUSER:-${UID:-0}} 16 | 17 | if [ ! -z "$CURRENT_USER" ] && [ "$CURRENT_USER" != "0" ]; then 18 | usermod -u $CURRENT_USER kool 19 | fi 20 | 21 | dockerize -template /kool/kool.tmpl:/usr/local/etc/php/conf.d/kool.ini -template /kool/zz-docker.tmpl:/usr/local/etc/php-fpm.d/zz-docker.conf 22 | 23 | 24 | # Run entrypoint if provided 25 | if [ ! -z "$ENTRYPOINT" ] && [ -f "$ENTRYPOINT" ]; then 26 | bash $ENTRYPOINT 27 | fi 28 | 29 | if [ "$1" = "sh" ] || [ "$1" = "bash" ] || [ "$1" = "php-fpm" ] ; then 30 | exec "$@" 31 | else 32 | exec su-exec kool "$@" 33 | fi 34 | -------------------------------------------------------------------------------- /8.3/kool.ini: -------------------------------------------------------------------------------- 1 | [PHP] 2 | 3 | ; Maximum amount of memory a script may consume 4 | ; http://php.net/memory-limit 5 | memory_limit = {{ .Env.PHP_MEMORY_LIMIT }} 6 | 7 | ; Fix maximum variables per input 8 | max_input_vars = {{ .Env.PHP_MAX_INPUT_VARS }} 9 | 10 | ; Maximum allowed size for uploaded files. 11 | ; http://php.net/upload-max-filesize 12 | upload_max_filesize = {{ .Env.PHP_UPLOAD_MAX_FILESIZE }} 13 | 14 | ; Maximum size of POST data that PHP will accept. 15 | ; Its value may be 0 to disable the limit. It is ignored if POST data reading 16 | ; is disabled through enable_post_data_reading. 17 | ; http://php.net/post-max-size 18 | post_max_size = {{ .Env.PHP_POST_MAX_SIZE }} 19 | 20 | ; Maximum execution time of each script, in seconds 21 | ; http://php.net/max-execution-time 22 | ; Note: This directive is hardcoded to 0 for the CLI SAPI 23 | max_execution_time = {{ .Env.PHP_MAX_EXECUTION_TIME }} 24 | 25 | ; Default timezone used by all date/time functions. 26 | ; https://www.php.net/manual/en/datetime.configuration.php#ini.date.timezone 27 | date.timezone = {{ .Env.PHP_DATE_TIMEZONE }} 28 | 29 | 30 | -------------------------------------------------------------------------------- /8.3/zz-docker.conf: -------------------------------------------------------------------------------- 1 | [global] 2 | daemonize = no 3 | 4 | [www] 5 | ; Unix user/group of processes 6 | ; Note: The user is mandatory. If the group is not set, the default user's group 7 | ; will be used. 8 | user = kool 9 | group = kool 10 | 11 | ; The address on which to accept FastCGI requests. 12 | ; Valid syntaxes are: 13 | ; 'ip.add.re.ss:port' - to listen on a TCP socket to a specific IPv4 address on 14 | ; a specific port; 15 | ; '[ip:6:addr:ess]:port' - to listen on a TCP socket to a specific IPv6 address on 16 | ; a specific port; 17 | ; 'port' - to listen on a TCP socket to all addresses 18 | ; (IPv6 and IPv4-mapped) on a specific port; 19 | ; '/path/to/unix/socket' - to listen on a unix socket. 20 | ; Note: This value is mandatory. 21 | listen = {{ .Env.PHP_FPM_LISTEN }} 22 | 23 | ; Set permissions for unix socket, if one is used. In Linux, read/write 24 | ; permissions must be set in order to allow connections from a web server. Many 25 | ; BSD-derived systems allow connections regardless of permissions. The owner 26 | ; and group can be specified either by name or by their numeric IDs. 27 | ; Default Values: user and group are set as the running user 28 | ; mode is set to 0660 29 | listen.owner = kool 30 | listen.group = kool 31 | 32 | ; The number of child processes to be created when pm is set to 'static' and the 33 | ; maximum number of child processes when pm is set to 'dynamic' or 'ondemand'. 34 | ; This value sets the limit on the number of simultaneous requests that will be 35 | ; served. Equivalent to the ApacheMaxClients directive with mpm_prefork. 36 | ; Equivalent to the PHP_FCGI_CHILDREN environment variable in the original PHP 37 | ; CGI. The below defaults are based on a server without much resources. Don't 38 | ; forget to tweak pm.* to fit your needs. 39 | ; Note: Used when pm is set to 'static', 'dynamic' or 'ondemand' 40 | ; Note: This value is mandatory. 41 | pm.max_children = {{ .Env.PHP_FPM_MAX_CHILDREN }} 42 | 43 | ; The timeout for serving a single request after which the worker process will 44 | ; be killed. This option should be used when the 'max_execution_time' ini option 45 | ; does not stop script execution for some reason. A value of '0' means 'off'. 46 | ; Available units: s(econds)(default), m(inutes), h(ours), or d(ays) 47 | ; Default Value: 0 48 | request_terminate_timeout = {{ .Env.PHP_FPM_REQUEST_TERMINATE_TIMEOUT }} 49 | -------------------------------------------------------------------------------- /8.4-nginx-prod/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM debian AS cert 2 | 3 | WORKDIR /kool/ssl 4 | 5 | RUN apt-get update && \ 6 | apt-get install -y openssl && \ 7 | openssl genrsa -des3 -passout pass:x -out server.pass.key 2048 && \ 8 | openssl rsa -passin pass:x -in server.pass.key -out _.localhost.key && \ 9 | rm server.pass.key && \ 10 | openssl req -new -key _.localhost.key -out server.csr \ 11 | -subj "/C=XX/ST=XX/L=XX/O=Kool-Local/OU=Localhost/CN=*.localhost" && \ 12 | openssl x509 -req -days 365 -in server.csr -signkey _.localhost.key -out _.localhost.crt && \ 13 | openssl x509 -in _.localhost.crt -out _.localhost.pem 14 | 15 | FROM kooldev/php:8.4-prod 16 | 17 | ENV PHP_FPM_LISTEN=/run/php-fpm.sock \ 18 | NGINX_LISTEN=80 \ 19 | NGINX_HTTPS=false \ 20 | NGINX_LISTEN_HTTPS=443 \ 21 | NGINX_HTTPS_CERT=/kool/ssl/_.localhost.pem \ 22 | NGINX_HTTPS_CERT_KEY=/kool/ssl/_.localhost.key \ 23 | NGINX_ROOT=/app/public \ 24 | NGINX_INDEX=index.php \ 25 | NGINX_CLIENT_MAX_BODY_SIZE=25M \ 26 | NGINX_PHP_FPM=unix:/run/php-fpm.sock \ 27 | NGINX_FASTCGI_READ_TIMEOUT=60s \ 28 | NGINX_FASTCGI_BUFFERS='8 8k' \ 29 | NGINX_FASTCGI_BUFFER_SIZE='16k' \ 30 | NGINX_ENTRYPOINT_WORKER_PROCESSES_AUTOTUNE=true 31 | 32 | RUN curl -L https://github.com/ochinchina/supervisord/releases/download/v0.6.3/supervisord_static_0.6.3_linux_amd64 -o /usr/local/bin/supervisord \ 33 | && chmod +x /usr/local/bin/supervisord \ 34 | && apk add --no-cache nginx \ 35 | && chown -R kool:kool /var/lib/nginx \ 36 | && chmod 770 /var/lib/nginx/tmp \ 37 | && ln -sf /dev/stdout /var/log/nginx/access.log \ 38 | && ln -sf /dev/stderr /var/log/nginx/error.log \ 39 | # add h5bp/server-configs-nginx 40 | && mkdir -p /etc/nginx/conf.d \ 41 | && mkdir /etc/nginx/h5bp \ 42 | && cd /etc/nginx/h5bp \ 43 | && wget https://github.com/h5bp/server-configs-nginx/archive/refs/tags/3.3.0.tar.gz -O h5bp.tgz \ 44 | && tar xzvf h5bp.tgz \ 45 | && rm -f h5bp.tgz \ 46 | && mv server-configs-nginx-*/h5bp/* . \ 47 | && mv server-configs-nginx-*/nginx.conf /etc/nginx/nginx.conf \ 48 | && sed -i "s|^user .*|user\ kool kool;|g" /etc/nginx/nginx.conf \ 49 | && mv server-configs-nginx-*/mime.types /etc/nginx/mime.types \ 50 | && rm -rf server-configs-nginx-* \ 51 | && curl -L https://raw.githubusercontent.com/nginxinc/docker-nginx/master/entrypoint/30-tune-worker-processes.sh -o /kool/30-tune-worker-processes.sh \ 52 | && chmod +x /kool/30-tune-worker-processes.sh 53 | 54 | COPY supervisor.conf /kool/supervisor.conf 55 | COPY default.tmpl /kool/default.tmpl 56 | COPY entrypoint /kool/entrypoint 57 | COPY --from=cert /kool/ssl /kool/ssl 58 | RUN chmod +x /kool/entrypoint 59 | 60 | EXPOSE 80 61 | 62 | CMD [ "supervisord", "-c", "/kool/supervisor.conf" ] 63 | -------------------------------------------------------------------------------- /8.4-nginx-prod/default.tmpl: -------------------------------------------------------------------------------- 1 | server { 2 | listen {{ .Env.NGINX_LISTEN }} default_server; 3 | server_name _; 4 | {{ if isTrue .Env.NGINX_HTTPS }} 5 | listen {{ .Env.NGINX_LISTEN_HTTPS }} ssl http2; 6 | ssl_certificate {{ .Env.NGINX_HTTPS_CERT }}; 7 | ssl_certificate_key {{ .Env.NGINX_HTTPS_CERT_KEY }}; 8 | ssl_protocols TLSv1 TLSv1.1 TLSv1.2; 9 | ssl_ciphers HIGH:!aNULL:!MD5; 10 | {{ end }} 11 | root {{ .Env.NGINX_ROOT }}; 12 | index {{ .Env.NGINX_INDEX }}; 13 | charset utf-8; 14 | 15 | location = /favicon.ico { log_not_found off; access_log off; } 16 | location = /robots.txt { log_not_found off; access_log off; } 17 | 18 | client_max_body_size {{ .Env.NGINX_CLIENT_MAX_BODY_SIZE }}; 19 | 20 | error_page 404 /index.php; 21 | 22 | location / { 23 | try_files $uri $uri/ /{{ .Env.NGINX_INDEX }}?$query_string; 24 | 25 | add_header X-Served-By kool.dev; 26 | } 27 | 28 | location ~ \.php$ { 29 | fastcgi_buffers {{ .Env.NGINX_FASTCGI_BUFFERS }}; 30 | fastcgi_buffer_size {{ .Env.NGINX_FASTCGI_BUFFER_SIZE }}; 31 | fastcgi_pass {{ .Env.NGINX_PHP_FPM }}; 32 | fastcgi_read_timeout {{ .Env.NGINX_FASTCGI_READ_TIMEOUT }}; 33 | fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name; 34 | include fastcgi_params; 35 | } 36 | 37 | location ~ /\.ht { 38 | deny all; 39 | } 40 | 41 | # good practices 42 | add_header X-Frame-Options "SAMEORIGIN"; 43 | 44 | # basic H5BP suggestions 45 | include h5bp/internet_explorer/x-ua-compatible.conf; 46 | include h5bp/security/referrer-policy.conf; 47 | include h5bp/security/x-content-type-options.conf; 48 | include h5bp/security/x-xss-protection.conf; 49 | 50 | # performance enhancements (mostly for caching static data) 51 | include h5bp/web_performance/cache-file-descriptors.conf; 52 | include h5bp/web_performance/pre-compressed_content_gzip.conf; 53 | } 54 | -------------------------------------------------------------------------------- /8.4-nginx-prod/entrypoint: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | set -e 3 | 4 | 5 | # Run as current user 6 | CURRENT_USER=${ASUSER:-${UID:-0}} 7 | 8 | if [ ! -z "$CURRENT_USER" ] && [ "$CURRENT_USER" != "0" ]; then 9 | usermod -u $CURRENT_USER kool 10 | fi 11 | 12 | dockerize -template /kool/kool.tmpl:/usr/local/etc/php/conf.d/kool.ini -template /kool/zz-docker.tmpl:/usr/local/etc/php-fpm.d/zz-docker.conf -template /kool/default.tmpl:/etc/nginx/conf.d/default.conf 13 | 14 | /kool/30-tune-worker-processes.sh 15 | 16 | # Run entrypoint if provided 17 | if [ ! -z "$ENTRYPOINT" ] && [ -f "$ENTRYPOINT" ]; then 18 | bash $ENTRYPOINT 19 | fi 20 | 21 | if [ "$1" = "sh" ] || [ "$1" = "bash" ] || [ "$1" = "php-fpm" ] || [ "$1" = "nginx" ] || [ "$1" = "supervisord" ]; then 22 | exec "$@" 23 | else 24 | exec su-exec kool "$@" 25 | fi 26 | -------------------------------------------------------------------------------- /8.4-nginx-prod/supervisor.conf: -------------------------------------------------------------------------------- 1 | [program:nginx] 2 | depends_on = php-fpm 3 | command = nginx -g "daemon off;" 4 | stopasgroup = true 5 | stderr_logfile = /dev/stderr 6 | stdout_logfile = /dev/stdout 7 | 8 | [program:php-fpm] 9 | command = php-fpm 10 | stopasgroup = true 11 | stderr_logfile = /dev/stderr 12 | stdout_logfile = /dev/stdout 13 | -------------------------------------------------------------------------------- /8.4-nginx/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM debian AS cert 2 | 3 | WORKDIR /kool/ssl 4 | 5 | RUN apt-get update && \ 6 | apt-get install -y openssl && \ 7 | openssl genrsa -des3 -passout pass:x -out server.pass.key 2048 && \ 8 | openssl rsa -passin pass:x -in server.pass.key -out _.localhost.key && \ 9 | rm server.pass.key && \ 10 | openssl req -new -key _.localhost.key -out server.csr \ 11 | -subj "/C=XX/ST=XX/L=XX/O=Kool-Local/OU=Localhost/CN=*.localhost" && \ 12 | openssl x509 -req -days 365 -in server.csr -signkey _.localhost.key -out _.localhost.crt && \ 13 | openssl x509 -in _.localhost.crt -out _.localhost.pem 14 | 15 | FROM kooldev/php:8.4 16 | 17 | ENV PHP_FPM_LISTEN=/run/php-fpm.sock \ 18 | NGINX_LISTEN=80 \ 19 | NGINX_HTTPS=false \ 20 | NGINX_LISTEN_HTTPS=443 \ 21 | NGINX_HTTPS_CERT=/kool/ssl/_.localhost.pem \ 22 | NGINX_HTTPS_CERT_KEY=/kool/ssl/_.localhost.key \ 23 | NGINX_ROOT=/app/public \ 24 | NGINX_INDEX=index.php \ 25 | NGINX_CLIENT_MAX_BODY_SIZE=25M \ 26 | NGINX_PHP_FPM=unix:/run/php-fpm.sock \ 27 | NGINX_FASTCGI_READ_TIMEOUT=60s \ 28 | NGINX_FASTCGI_BUFFERS='8 8k' \ 29 | NGINX_FASTCGI_BUFFER_SIZE='16k' \ 30 | NGINX_ENTRYPOINT_WORKER_PROCESSES_AUTOTUNE=true 31 | 32 | RUN curl -L https://github.com/ochinchina/supervisord/releases/download/v0.6.3/supervisord_static_0.6.3_linux_amd64 -o /usr/local/bin/supervisord \ 33 | && chmod +x /usr/local/bin/supervisord \ 34 | && apk add --no-cache nginx \ 35 | && chown -R kool:kool /var/lib/nginx \ 36 | && chmod 770 /var/lib/nginx/tmp \ 37 | && ln -sf /dev/stdout /var/log/nginx/access.log \ 38 | && ln -sf /dev/stderr /var/log/nginx/error.log \ 39 | # add h5bp/server-configs-nginx 40 | && mkdir -p /etc/nginx/conf.d \ 41 | && mkdir /etc/nginx/h5bp \ 42 | && cd /etc/nginx/h5bp \ 43 | && wget https://github.com/h5bp/server-configs-nginx/archive/refs/tags/3.3.0.tar.gz -O h5bp.tgz \ 44 | && tar xzvf h5bp.tgz \ 45 | && rm -f h5bp.tgz \ 46 | && mv server-configs-nginx-*/h5bp/* . \ 47 | && mv server-configs-nginx-*/nginx.conf /etc/nginx/nginx.conf \ 48 | && sed -i "s|^user .*|user\ kool kool;|g" /etc/nginx/nginx.conf \ 49 | && mv server-configs-nginx-*/mime.types /etc/nginx/mime.types \ 50 | && rm -rf server-configs-nginx-* \ 51 | && curl -L https://raw.githubusercontent.com/nginxinc/docker-nginx/master/entrypoint/30-tune-worker-processes.sh -o /kool/30-tune-worker-processes.sh \ 52 | && chmod +x /kool/30-tune-worker-processes.sh 53 | 54 | COPY supervisor.conf /kool/supervisor.conf 55 | COPY default.tmpl /kool/default.tmpl 56 | COPY entrypoint /kool/entrypoint 57 | COPY --from=cert /kool/ssl /kool/ssl 58 | RUN chmod +x /kool/entrypoint 59 | 60 | EXPOSE 80 61 | 62 | CMD [ "supervisord", "-c", "/kool/supervisor.conf" ] 63 | -------------------------------------------------------------------------------- /8.4-nginx/default.tmpl: -------------------------------------------------------------------------------- 1 | server { 2 | listen {{ .Env.NGINX_LISTEN }} default_server; 3 | server_name _; 4 | {{ if isTrue .Env.NGINX_HTTPS }} 5 | listen {{ .Env.NGINX_LISTEN_HTTPS }} ssl http2; 6 | ssl_certificate {{ .Env.NGINX_HTTPS_CERT }}; 7 | ssl_certificate_key {{ .Env.NGINX_HTTPS_CERT_KEY }}; 8 | ssl_protocols TLSv1 TLSv1.1 TLSv1.2; 9 | ssl_ciphers HIGH:!aNULL:!MD5; 10 | {{ end }} 11 | root {{ .Env.NGINX_ROOT }}; 12 | index {{ .Env.NGINX_INDEX }}; 13 | charset utf-8; 14 | 15 | location = /favicon.ico { log_not_found off; access_log off; } 16 | location = /robots.txt { log_not_found off; access_log off; } 17 | 18 | client_max_body_size {{ .Env.NGINX_CLIENT_MAX_BODY_SIZE }}; 19 | 20 | error_page 404 /index.php; 21 | 22 | location / { 23 | try_files $uri $uri/ /{{ .Env.NGINX_INDEX }}?$query_string; 24 | 25 | add_header X-Served-By kool.dev; 26 | } 27 | 28 | location ~ \.php$ { 29 | fastcgi_buffers {{ .Env.NGINX_FASTCGI_BUFFERS }}; 30 | fastcgi_buffer_size {{ .Env.NGINX_FASTCGI_BUFFER_SIZE }}; 31 | fastcgi_pass {{ .Env.NGINX_PHP_FPM }}; 32 | fastcgi_read_timeout {{ .Env.NGINX_FASTCGI_READ_TIMEOUT }}; 33 | fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name; 34 | include fastcgi_params; 35 | } 36 | 37 | location ~ /\.ht { 38 | deny all; 39 | } 40 | 41 | # good practices 42 | add_header X-Frame-Options "SAMEORIGIN"; 43 | 44 | # basic H5BP suggestions 45 | include h5bp/internet_explorer/x-ua-compatible.conf; 46 | include h5bp/security/referrer-policy.conf; 47 | include h5bp/security/x-content-type-options.conf; 48 | include h5bp/security/x-xss-protection.conf; 49 | 50 | # performance enhancements (mostly for caching static data) 51 | include h5bp/web_performance/cache-file-descriptors.conf; 52 | include h5bp/web_performance/pre-compressed_content_gzip.conf; 53 | } 54 | -------------------------------------------------------------------------------- /8.4-nginx/entrypoint: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | set -e 3 | 4 | if [ "$ENABLE_XDEBUG" == "true" ]; then 5 | docker-php-ext-enable xdebug >> /dev/null 2>&1 6 | 7 | if [ $? != "0" ]; then 8 | echo "[ERROR] An error happened enabling xdebug" 9 | 10 | exit 1 11 | fi 12 | fi 13 | 14 | # Run as current user 15 | CURRENT_USER=${ASUSER:-${UID:-0}} 16 | 17 | if [ ! -z "$CURRENT_USER" ] && [ "$CURRENT_USER" != "0" ]; then 18 | usermod -u $CURRENT_USER kool 19 | fi 20 | 21 | dockerize -template /kool/kool.tmpl:/usr/local/etc/php/conf.d/kool.ini -template /kool/zz-docker.tmpl:/usr/local/etc/php-fpm.d/zz-docker.conf -template /kool/default.tmpl:/etc/nginx/conf.d/default.conf 22 | 23 | /kool/30-tune-worker-processes.sh 24 | 25 | # Run entrypoint if provided 26 | if [ ! -z "$ENTRYPOINT" ] && [ -f "$ENTRYPOINT" ]; then 27 | bash $ENTRYPOINT 28 | fi 29 | 30 | if [ "$1" = "sh" ] || [ "$1" = "bash" ] || [ "$1" = "php-fpm" ] || [ "$1" = "nginx" ] || [ "$1" = "supervisord" ]; then 31 | exec "$@" 32 | else 33 | exec su-exec kool "$@" 34 | fi 35 | -------------------------------------------------------------------------------- /8.4-nginx/supervisor.conf: -------------------------------------------------------------------------------- 1 | [program:nginx] 2 | depends_on = php-fpm 3 | command = nginx -g "daemon off;" 4 | stopasgroup = true 5 | stderr_logfile = /dev/stderr 6 | stdout_logfile = /dev/stdout 7 | 8 | [program:php-fpm] 9 | command = php-fpm 10 | stopasgroup = true 11 | stderr_logfile = /dev/stderr 12 | stdout_logfile = /dev/stdout 13 | -------------------------------------------------------------------------------- /8.4-node/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM kooldev/php:8.4 2 | 3 | RUN apk add --update --no-cache npm yarn \ 4 | && rm -rf /var/cache/apk/* /tmp/* 5 | -------------------------------------------------------------------------------- /8.4-prod/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM php:8.4-fpm-alpine 2 | 3 | ENV ASUSER= \ 4 | UID= \ 5 | COMPOSER_ALLOW_SUPERUSER=1 \ 6 | COMPOSER_MEMORY_LIMIT=-1 \ 7 | PHP_DATE_TIMEZONE=UTC \ 8 | PHP_MEMORY_LIMIT=256M \ 9 | PHP_MAX_INPUT_VARS=1000 \ 10 | PHP_UPLOAD_MAX_FILESIZE=25M \ 11 | PHP_POST_MAX_SIZE=25M \ 12 | PHP_MAX_EXECUTION_TIME=30 \ 13 | PHP_FPM_LISTEN=9000 \ 14 | PHP_FPM_MAX_CHILDREN=10 \ 15 | PHP_FPM_REQUEST_TERMINATE_TIMEOUT=60 \ 16 | ENTRYPOINT=entrypoint.php.sh 17 | 18 | WORKDIR /app 19 | 20 | RUN adduser -D -u 1337 kool \ 21 | && addgroup kool www-data \ 22 | # dockerize 23 | && curl -L https://github.com/jwilder/dockerize/releases/download/v0.6.1/dockerize-alpine-linux-amd64-v0.6.1.tar.gz | tar xz \ 24 | && mv dockerize /usr/local/bin/dockerize \ 25 | # deps 26 | && apk --no-cache add su-exec bash sed git openssh-client icu shadow procps \ 27 | freetype libpng libjpeg-turbo libzip-dev ghostscript imagemagick \ 28 | jpegoptim optipng pngquant gifsicle libldap \ 29 | libpq less \ 30 | # build-deps 31 | && apk add --no-cache --virtual .build-deps $PHPIZE_DEPS \ 32 | freetype-dev libpng-dev libjpeg-turbo-dev \ 33 | icu-dev libedit-dev libxml2-dev \ 34 | imagemagick-dev openldap-dev oniguruma-dev libwebp-dev \ 35 | postgresql-dev \ 36 | linux-headers \ 37 | # php-ext 38 | && docker-php-ext-configure gd --with-freetype --with-webp --with-jpeg \ 39 | && export CFLAGS="$PHP_CFLAGS" CPPFLAGS="$PHP_CPPFLAGS" LDFLAGS="$PHP_LDFLAGS" \ 40 | && docker-php-ext-install -j$(nproc) \ 41 | bcmath \ 42 | calendar \ 43 | exif \ 44 | gd \ 45 | intl \ 46 | ldap \ 47 | mbstring \ 48 | opcache \ 49 | pcntl \ 50 | pdo \ 51 | pdo_mysql \ 52 | pdo_pgsql \ 53 | soap \ 54 | xml \ 55 | zip \ 56 | sockets \ 57 | mysqli \ 58 | ftp \ 59 | && pecl install redis \ 60 | && docker-php-ext-enable redis \ 61 | && cp "/usr/local/etc/php/php.ini-production" "/usr/local/etc/php/php.ini" \ 62 | # composer 63 | && curl -sS https://getcomposer.org/installer | php -- --install-dir=/usr/local/bin --filename=composer \ 64 | && curl -sS https://getcomposer.org/installer | php -- --1 --install-dir=/usr/local/bin --filename=composer1 \ 65 | # cleanup 66 | && apk del .build-deps \ 67 | && rm -rf /var/cache/apk/* /tmp/* 68 | 69 | COPY kool.ini /kool/kool.tmpl 70 | COPY zz-docker.conf /kool/zz-docker.tmpl 71 | COPY entrypoint /kool/entrypoint 72 | RUN chmod +x /kool/entrypoint 73 | 74 | EXPOSE 9000 75 | 76 | ENTRYPOINT [ "/kool/entrypoint" ] 77 | CMD [ "php-fpm" ] 78 | -------------------------------------------------------------------------------- /8.4-prod/entrypoint: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | set -e 3 | 4 | 5 | # Run as current user 6 | CURRENT_USER=${ASUSER:-${UID:-0}} 7 | 8 | if [ ! -z "$CURRENT_USER" ] && [ "$CURRENT_USER" != "0" ]; then 9 | usermod -u $CURRENT_USER kool 10 | fi 11 | 12 | dockerize -template /kool/kool.tmpl:/usr/local/etc/php/conf.d/kool.ini -template /kool/zz-docker.tmpl:/usr/local/etc/php-fpm.d/zz-docker.conf 13 | 14 | 15 | # Run entrypoint if provided 16 | if [ ! -z "$ENTRYPOINT" ] && [ -f "$ENTRYPOINT" ]; then 17 | bash $ENTRYPOINT 18 | fi 19 | 20 | if [ "$1" = "sh" ] || [ "$1" = "bash" ] || [ "$1" = "php-fpm" ] ; then 21 | exec "$@" 22 | else 23 | exec su-exec kool "$@" 24 | fi 25 | -------------------------------------------------------------------------------- /8.4-prod/kool.ini: -------------------------------------------------------------------------------- 1 | [PHP] 2 | 3 | ; Maximum amount of memory a script may consume 4 | ; http://php.net/memory-limit 5 | memory_limit = {{ .Env.PHP_MEMORY_LIMIT }} 6 | 7 | ; Fix maximum variables per input 8 | max_input_vars = {{ .Env.PHP_MAX_INPUT_VARS }} 9 | 10 | ; Maximum allowed size for uploaded files. 11 | ; http://php.net/upload-max-filesize 12 | upload_max_filesize = {{ .Env.PHP_UPLOAD_MAX_FILESIZE }} 13 | 14 | ; Maximum size of POST data that PHP will accept. 15 | ; Its value may be 0 to disable the limit. It is ignored if POST data reading 16 | ; is disabled through enable_post_data_reading. 17 | ; http://php.net/post-max-size 18 | post_max_size = {{ .Env.PHP_POST_MAX_SIZE }} 19 | 20 | ; Maximum execution time of each script, in seconds 21 | ; http://php.net/max-execution-time 22 | ; Note: This directive is hardcoded to 0 for the CLI SAPI 23 | max_execution_time = {{ .Env.PHP_MAX_EXECUTION_TIME }} 24 | 25 | ; Default timezone used by all date/time functions. 26 | ; https://www.php.net/manual/en/datetime.configuration.php#ini.date.timezone 27 | date.timezone = {{ .Env.PHP_DATE_TIMEZONE }} 28 | 29 | 30 | [opcache] 31 | 32 | ; Determines if Zend OPCache is enabled 33 | opcache.enable=1 34 | 35 | ; The OPcache shared memory storage size. 36 | opcache.memory_consumption=512 37 | 38 | ; The amount of memory for interned strings in Mbytes. 39 | opcache.interned_strings_buffer=64 40 | 41 | ; The maximum number of keys (scripts) in the OPcache hash table. 42 | ; Only numbers between 200 and 1000000 are allowed. 43 | opcache.max_accelerated_files=30000 44 | 45 | ; When disabled, you must reset the OPcache manually or restart the 46 | ; webserver for changes to the filesystem to take effect. 47 | opcache.validate_timestamps=0 48 | 49 | ; If disabled, all PHPDoc comments are dropped from the code to reduce the 50 | ; size of the optimized code. 51 | opcache.save_comments=1 52 | -------------------------------------------------------------------------------- /8.4-prod/zz-docker.conf: -------------------------------------------------------------------------------- 1 | [global] 2 | daemonize = no 3 | 4 | [www] 5 | ; Unix user/group of processes 6 | ; Note: The user is mandatory. If the group is not set, the default user's group 7 | ; will be used. 8 | user = kool 9 | group = kool 10 | 11 | ; The address on which to accept FastCGI requests. 12 | ; Valid syntaxes are: 13 | ; 'ip.add.re.ss:port' - to listen on a TCP socket to a specific IPv4 address on 14 | ; a specific port; 15 | ; '[ip:6:addr:ess]:port' - to listen on a TCP socket to a specific IPv6 address on 16 | ; a specific port; 17 | ; 'port' - to listen on a TCP socket to all addresses 18 | ; (IPv6 and IPv4-mapped) on a specific port; 19 | ; '/path/to/unix/socket' - to listen on a unix socket. 20 | ; Note: This value is mandatory. 21 | listen = {{ .Env.PHP_FPM_LISTEN }} 22 | 23 | ; Set permissions for unix socket, if one is used. In Linux, read/write 24 | ; permissions must be set in order to allow connections from a web server. Many 25 | ; BSD-derived systems allow connections regardless of permissions. The owner 26 | ; and group can be specified either by name or by their numeric IDs. 27 | ; Default Values: user and group are set as the running user 28 | ; mode is set to 0660 29 | listen.owner = kool 30 | listen.group = kool 31 | 32 | ; The number of child processes to be created when pm is set to 'static' and the 33 | ; maximum number of child processes when pm is set to 'dynamic' or 'ondemand'. 34 | ; This value sets the limit on the number of simultaneous requests that will be 35 | ; served. Equivalent to the ApacheMaxClients directive with mpm_prefork. 36 | ; Equivalent to the PHP_FCGI_CHILDREN environment variable in the original PHP 37 | ; CGI. The below defaults are based on a server without much resources. Don't 38 | ; forget to tweak pm.* to fit your needs. 39 | ; Note: Used when pm is set to 'static', 'dynamic' or 'ondemand' 40 | ; Note: This value is mandatory. 41 | pm.max_children = {{ .Env.PHP_FPM_MAX_CHILDREN }} 42 | 43 | ; The timeout for serving a single request after which the worker process will 44 | ; be killed. This option should be used when the 'max_execution_time' ini option 45 | ; does not stop script execution for some reason. A value of '0' means 'off'. 46 | ; Available units: s(econds)(default), m(inutes), h(ours), or d(ays) 47 | ; Default Value: 0 48 | request_terminate_timeout = {{ .Env.PHP_FPM_REQUEST_TERMINATE_TIMEOUT }} 49 | -------------------------------------------------------------------------------- /8.4/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM php:8.4-fpm-alpine 2 | 3 | ENV ASUSER= \ 4 | UID= \ 5 | COMPOSER_ALLOW_SUPERUSER=1 \ 6 | COMPOSER_MEMORY_LIMIT=-1 \ 7 | ENABLE_XDEBUG=false \ 8 | PHP_DATE_TIMEZONE=UTC \ 9 | PHP_MEMORY_LIMIT=256M \ 10 | PHP_MAX_INPUT_VARS=1000 \ 11 | PHP_UPLOAD_MAX_FILESIZE=25M \ 12 | PHP_POST_MAX_SIZE=25M \ 13 | PHP_MAX_EXECUTION_TIME=30 \ 14 | PHP_FPM_LISTEN=9000 \ 15 | PHP_FPM_MAX_CHILDREN=10 \ 16 | PHP_FPM_REQUEST_TERMINATE_TIMEOUT=60 \ 17 | ENTRYPOINT=entrypoint.php.sh 18 | 19 | WORKDIR /app 20 | 21 | RUN adduser -D -u 1337 kool \ 22 | && addgroup kool www-data \ 23 | # dockerize 24 | && curl -L https://github.com/jwilder/dockerize/releases/download/v0.6.1/dockerize-alpine-linux-amd64-v0.6.1.tar.gz | tar xz \ 25 | && mv dockerize /usr/local/bin/dockerize \ 26 | # deps 27 | && apk --no-cache add su-exec bash sed git openssh-client icu shadow procps \ 28 | freetype libpng libjpeg-turbo libzip-dev ghostscript imagemagick \ 29 | jpegoptim optipng pngquant gifsicle libldap \ 30 | libpq less \ 31 | # build-deps 32 | && apk add --no-cache --virtual .build-deps $PHPIZE_DEPS \ 33 | freetype-dev libpng-dev libjpeg-turbo-dev \ 34 | icu-dev libedit-dev libxml2-dev \ 35 | imagemagick-dev openldap-dev oniguruma-dev libwebp-dev \ 36 | postgresql-dev \ 37 | linux-headers \ 38 | # php-ext 39 | && docker-php-ext-configure gd --with-freetype --with-webp --with-jpeg \ 40 | && export CFLAGS="$PHP_CFLAGS" CPPFLAGS="$PHP_CPPFLAGS" LDFLAGS="$PHP_LDFLAGS" \ 41 | && docker-php-ext-install -j$(nproc) \ 42 | bcmath \ 43 | calendar \ 44 | exif \ 45 | gd \ 46 | intl \ 47 | ldap \ 48 | mbstring \ 49 | pcntl \ 50 | pdo \ 51 | pdo_mysql \ 52 | pdo_pgsql \ 53 | soap \ 54 | xml \ 55 | zip \ 56 | sockets \ 57 | mysqli \ 58 | ftp \ 59 | && pecl install redis \ 60 | && pecl install xdebug \ 61 | && pecl install pcov && docker-php-ext-enable pcov \ 62 | && docker-php-ext-enable redis \ 63 | && cp "/usr/local/etc/php/php.ini-development" "/usr/local/etc/php/php.ini" \ 64 | # composer 65 | && curl -sS https://getcomposer.org/installer | php -- --install-dir=/usr/local/bin --filename=composer \ 66 | && curl -sS https://getcomposer.org/installer | php -- --1 --install-dir=/usr/local/bin --filename=composer1 \ 67 | # cleanup 68 | && apk del .build-deps \ 69 | && rm -rf /var/cache/apk/* /tmp/* 70 | 71 | COPY kool.ini /kool/kool.tmpl 72 | COPY zz-docker.conf /kool/zz-docker.tmpl 73 | COPY entrypoint /kool/entrypoint 74 | RUN chmod +x /kool/entrypoint 75 | 76 | EXPOSE 9000 77 | 78 | ENTRYPOINT [ "/kool/entrypoint" ] 79 | CMD [ "php-fpm" ] 80 | -------------------------------------------------------------------------------- /8.4/entrypoint: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | set -e 3 | 4 | if [ "$ENABLE_XDEBUG" == "true" ]; then 5 | docker-php-ext-enable xdebug >> /dev/null 2>&1 6 | 7 | if [ $? != "0" ]; then 8 | echo "[ERROR] An error happened enabling xdebug" 9 | 10 | exit 1 11 | fi 12 | fi 13 | 14 | # Run as current user 15 | CURRENT_USER=${ASUSER:-${UID:-0}} 16 | 17 | if [ ! -z "$CURRENT_USER" ] && [ "$CURRENT_USER" != "0" ]; then 18 | usermod -u $CURRENT_USER kool 19 | fi 20 | 21 | dockerize -template /kool/kool.tmpl:/usr/local/etc/php/conf.d/kool.ini -template /kool/zz-docker.tmpl:/usr/local/etc/php-fpm.d/zz-docker.conf 22 | 23 | 24 | # Run entrypoint if provided 25 | if [ ! -z "$ENTRYPOINT" ] && [ -f "$ENTRYPOINT" ]; then 26 | bash $ENTRYPOINT 27 | fi 28 | 29 | if [ "$1" = "sh" ] || [ "$1" = "bash" ] || [ "$1" = "php-fpm" ] ; then 30 | exec "$@" 31 | else 32 | exec su-exec kool "$@" 33 | fi 34 | -------------------------------------------------------------------------------- /8.4/kool.ini: -------------------------------------------------------------------------------- 1 | [PHP] 2 | 3 | ; Maximum amount of memory a script may consume 4 | ; http://php.net/memory-limit 5 | memory_limit = {{ .Env.PHP_MEMORY_LIMIT }} 6 | 7 | ; Fix maximum variables per input 8 | max_input_vars = {{ .Env.PHP_MAX_INPUT_VARS }} 9 | 10 | ; Maximum allowed size for uploaded files. 11 | ; http://php.net/upload-max-filesize 12 | upload_max_filesize = {{ .Env.PHP_UPLOAD_MAX_FILESIZE }} 13 | 14 | ; Maximum size of POST data that PHP will accept. 15 | ; Its value may be 0 to disable the limit. It is ignored if POST data reading 16 | ; is disabled through enable_post_data_reading. 17 | ; http://php.net/post-max-size 18 | post_max_size = {{ .Env.PHP_POST_MAX_SIZE }} 19 | 20 | ; Maximum execution time of each script, in seconds 21 | ; http://php.net/max-execution-time 22 | ; Note: This directive is hardcoded to 0 for the CLI SAPI 23 | max_execution_time = {{ .Env.PHP_MAX_EXECUTION_TIME }} 24 | 25 | ; Default timezone used by all date/time functions. 26 | ; https://www.php.net/manual/en/datetime.configuration.php#ini.date.timezone 27 | date.timezone = {{ .Env.PHP_DATE_TIMEZONE }} 28 | 29 | 30 | -------------------------------------------------------------------------------- /8.4/zz-docker.conf: -------------------------------------------------------------------------------- 1 | [global] 2 | daemonize = no 3 | 4 | [www] 5 | ; Unix user/group of processes 6 | ; Note: The user is mandatory. If the group is not set, the default user's group 7 | ; will be used. 8 | user = kool 9 | group = kool 10 | 11 | ; The address on which to accept FastCGI requests. 12 | ; Valid syntaxes are: 13 | ; 'ip.add.re.ss:port' - to listen on a TCP socket to a specific IPv4 address on 14 | ; a specific port; 15 | ; '[ip:6:addr:ess]:port' - to listen on a TCP socket to a specific IPv6 address on 16 | ; a specific port; 17 | ; 'port' - to listen on a TCP socket to all addresses 18 | ; (IPv6 and IPv4-mapped) on a specific port; 19 | ; '/path/to/unix/socket' - to listen on a unix socket. 20 | ; Note: This value is mandatory. 21 | listen = {{ .Env.PHP_FPM_LISTEN }} 22 | 23 | ; Set permissions for unix socket, if one is used. In Linux, read/write 24 | ; permissions must be set in order to allow connections from a web server. Many 25 | ; BSD-derived systems allow connections regardless of permissions. The owner 26 | ; and group can be specified either by name or by their numeric IDs. 27 | ; Default Values: user and group are set as the running user 28 | ; mode is set to 0660 29 | listen.owner = kool 30 | listen.group = kool 31 | 32 | ; The number of child processes to be created when pm is set to 'static' and the 33 | ; maximum number of child processes when pm is set to 'dynamic' or 'ondemand'. 34 | ; This value sets the limit on the number of simultaneous requests that will be 35 | ; served. Equivalent to the ApacheMaxClients directive with mpm_prefork. 36 | ; Equivalent to the PHP_FCGI_CHILDREN environment variable in the original PHP 37 | ; CGI. The below defaults are based on a server without much resources. Don't 38 | ; forget to tweak pm.* to fit your needs. 39 | ; Note: Used when pm is set to 'static', 'dynamic' or 'ondemand' 40 | ; Note: This value is mandatory. 41 | pm.max_children = {{ .Env.PHP_FPM_MAX_CHILDREN }} 42 | 43 | ; The timeout for serving a single request after which the worker process will 44 | ; be killed. This option should be used when the 'max_execution_time' ini option 45 | ; does not stop script execution for some reason. A value of '0' means 'off'. 46 | ; Available units: s(econds)(default), m(inutes), h(ours), or d(ays) 47 | ; Default Value: 0 48 | request_terminate_timeout = {{ .Env.PHP_FPM_REQUEST_TERMINATE_TIMEOUT }} 49 | -------------------------------------------------------------------------------- /LICENSE.md: -------------------------------------------------------------------------------- 1 | The MIT License (MIT) 2 | 3 | Copyright (c) Firework Web 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in 13 | all copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN 21 | THE SOFTWARE. 22 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | ![CI/CD](https://github.com/kool-dev/docker-php/workflows/CI/CD/badge.svg) 2 | 3 | ## Description 4 | 5 | Minimal PHP Docker image focused on Laravel applications. It's use is intended for [kool.dev](https://github.com/kool-dev/kool), but can fit in any other PHP use-case. 6 | 7 | The images with Nginx include [`h5bp/server-configs-nginx`](https://github.com/h5bp/server-configs-nginx) with a hand picked set of configuration active by default. So if you want to change or add a new server configuration you can `include h5bp/...` as you see fit. 8 | 9 | ### Usage 10 | 11 | Simplest example: 12 | 13 | [![asciicast](https://asciinema.org/a/388121.svg)](https://asciinema.org/a/388121) 14 | 15 | ##### About `composer` 16 | 17 | > All images currently ship out with Composer 2.x as the default version. If for some reason you still need to use Composer 1.x and cannot make the upgrade, we still ship a `composer1` in the images PATH as well, which is latest Composer 1.x version. Feel free to use it while you prepare to move to 2.0. 18 | 19 | ## Available Tags 20 | 21 | The image built is [`kooldev/php`](https://hub.docker.com/r/kooldev/php/tags?page=1&ordering=last_updated) which has a bunch of tags available: 22 | 23 | ### 8.4 24 | 25 | - [8.4](https://github.com/kool-dev/docker-php/blob/master/8.4/Dockerfile) and [8.4-prod](https://github.com/kool-dev/docker-php/blob/master/8.4-prod/Dockerfile) 26 | - [8.4-nginx](https://github.com/kool-dev/docker-php/blob/master/8.4-nginx/Dockerfile) and [8.4-nginx-prod](https://github.com/kool-dev/docker-php/blob/master/8.4-nginx-prod/Dockerfile) 27 | 28 | ### 8.3 29 | 30 | - [8.3](https://github.com/kool-dev/docker-php/blob/master/8.3/Dockerfile) and [8.3-prod](https://github.com/kool-dev/docker-php/blob/master/8.3-prod/Dockerfile) 31 | - [8.3-nginx](https://github.com/kool-dev/docker-php/blob/master/8.3-nginx/Dockerfile) and [8.3-nginx-prod](https://github.com/kool-dev/docker-php/blob/master/8.3-nginx-prod/Dockerfile) 32 | 33 | ### 8.2 34 | 35 | - [8.2](https://github.com/kool-dev/docker-php/blob/master/8.2/Dockerfile) and [8.2-prod](https://github.com/kool-dev/docker-php/blob/master/8.2-prod/Dockerfile) 36 | - [8.2-nginx](https://github.com/kool-dev/docker-php/blob/master/8.2-nginx/Dockerfile) and [8.2-nginx-prod](https://github.com/kool-dev/docker-php/blob/master/8.2-nginx-prod/Dockerfile) 37 | 38 | ### 8.1 39 | 40 | - [8.1](https://github.com/kool-dev/docker-php/blob/master/8.1/Dockerfile) and [8.1-prod](https://github.com/kool-dev/docker-php/blob/master/8.1-prod/Dockerfile) 41 | - [8.1-nginx](https://github.com/kool-dev/docker-php/blob/master/8.1-nginx/Dockerfile) and [8.1-nginx-prod](https://github.com/kool-dev/docker-php/blob/master/8.1-nginx-prod/Dockerfile) 42 | 43 | ### Legacy versions 44 | 45 | - [8.0](https://github.com/kool-dev/docker-php/blob/master/8.0/Dockerfile), [8.0-prod](https://github.com/kool-dev/docker-php/blob/master/8.0-prod/Dockerfile), [8.0-nginx](https://github.com/kool-dev/docker-php/blob/master/8.0-nginx/Dockerfile), [8.0-nginx-prod](https://github.com/kool-dev/docker-php/blob/master/8.0-nginx-prod/Dockerfile) 46 | - [7.4](https://github.com/kool-dev/docker-php/blob/master/7.4/Dockerfile), [7.4-prod](https://github.com/kool-dev/docker-php/blob/master/7.4-prod/Dockerfile), [7.4-nginx](https://github.com/kool-dev/docker-php/blob/master/7.4-nginx/Dockerfile), [7.4-nginx-prod](https://github.com/kool-dev/docker-php/blob/master/7.4-nginx-prod/Dockerfile). 47 | 48 | ## More flavours 49 | 50 | We can always extend these images to suit them to our current use case. For example, we have a few extensions for specific use cases: 51 | 52 | - [Oracle OCI8 database](https://github.com/kool-dev/docker-php-oci8) 53 | - [MS SQL Server `sqlsrv` database](https://github.com/kool-dev/docker-php-sqlsrv) 54 | - [Swoole](https://github.com/kool-dev/docker-php-swoole) 55 | 56 | ## Environment Variables 57 | 58 | Variable | Default Value | Description 59 | --- | --- | --- 60 | **ASUSER** | `0` | Changes the user id that executes the commands 61 | **UID** | `0` | Changes the user id that executes the commands **(ignored if ASUSER is provided)** 62 | **COMPOSER_ALLOW_SUPERUSER** | `1` | Allows composer to run with super user 63 | **COMPOSER_MEMORY_LIMIT** | `-1` | Changes composer memory limit 64 | **ENABLE_XDEBUG** | `false` | Enables the Xdebug extension 65 | **PHP_DATE_TIMEZONE** | `UTC` | Changes timezone used by date/time functions 66 | **PHP_MEMORY_LIMIT** | `256M` | Changes PHP memory limit 67 | **PHP_MAX_INPUT_VARS** | `1000`  | Changes how many input variables may be accepted on PHP 68 | **PHP_UPLOAD_MAX_FILESIZE** | `25M` | Changes PHP maximum size of an uploaded file 69 | **PHP_POST_MAX_SIZE** | `25M` | Changes PHP max size of post data allowed 70 | **PHP_MAX_EXECUTION_TIME** | `30` | Changes PHP maximum time is allowed to run a script 71 | **PHP_FPM_LISTEN** | `9000` | Changes the PORT address of the FastCGI requests 72 | **PHP_FPM_MAX_CHILDREN** | `10` | Changes the number of child processes to be used on FPM 73 | **PHP_FPM_REQUEST_TERMINATE_TIMEOUT** | `60` | Changes FPM timeout to serve a single request 74 | 75 | ### NGINX 76 | 77 | Variable | Default Value | Description 78 | --- | --- | --- 79 | **NGINX_LISTEN** | `80` | Changes the PORT address 80 | **NGINX_ROOT** | `/app/public` | Changes NGINX root directive 81 | **NGINX_INDEX** | `index.php` | Changes the index directive 82 | **NGINX_CLIENT_MAX_BODY_SIZE** | `25M` | Changes maximum allowed size of the client request body 83 | **NGINX_PHP_FPM** | `unix:/run/php-fpm.sock` | Changes the address of a FastCGI server 84 | **NGINX_FASTCGI_READ_TIMEOUT** | `60s` | Changes a timeout for reading a response from the FastCGI server 85 | **NGINX_FASTCGI_BUFFERS** | `8 8k` | Changes the number and size of the buffers used for reading a response 86 | **NGINX_FASTCGI_BUFFER_SIZE** | `16k` | Changes the size of the buffer used for reading the first part of the response received 87 | **NGINX_ENTRYPOINT_WORKER_PROCESSES_AUTOTUNE** | `true` | Enables auto-tuning of worker processes based on available CPU cores (container instead of host), to disable set it to empty string 88 | **NGINX_HTTPS** | `false` | Enables the HTTPS server 89 | **NGINX_LISTEN_HTTPS** | `443` | Port for the HTTPS server to listen 90 | **NGINX_HTTPS_CERT** | `/kool/ssl/_.localhost.pem` | The path in the container for the SSL certificate file 91 | **NGINX_HTTPS_CERT_KEY** | `/kool/ssl/_.localhost.key` | The path in the container for the SSL certificate key file 92 | 93 | ## Usage 94 | 95 | With `docker run`: 96 | 97 | ```sh 98 | docker run -it --rm kooldev/php:7.4 php -v 99 | ``` 100 | 101 | With environment variables: 102 | 103 | ```sh 104 | docker run -it --rm -e ENABLE_XDEBUG=true kooldev/php:7.4-prod php -v 105 | ``` 106 | 107 | With `docker-compose.yml`: 108 | 109 | ```yaml 110 | app: 111 | image: kooldev/php:8.2 112 | ports: 113 | - "9773:9773" 114 | volumes: 115 | - ".:/app:cached" 116 | - "$HOME/.ssh/id_rsa:/home/developer/.ssh/id_rsa:cached" 117 | environment: 118 | ASUSER: "${$UID}" 119 | ``` 120 | 121 | ## Contributing 122 | 123 | ### Update images with templates 124 | 125 | You should change `fwd-template.json` for configuration and `template` folder for the actual base templates. 126 | 127 | After any changes, we need to run `kool run template` to parse the templates and generate all versions folder/files. 128 | 129 | ## License 130 | 131 | The MIT License (MIT). Please see [License File](LICENSE.md) for more information. 132 | -------------------------------------------------------------------------------- /fwd-template.json: -------------------------------------------------------------------------------- 1 | { 2 | "output": ".", 3 | "builds": [ 4 | { 5 | "name": "8.0", 6 | "data": { 7 | "from": "php:8.0-fpm-alpine", 8 | "prod": false, 9 | "nginx": false, 10 | "version": "8.0" 11 | }, 12 | "files": [ 13 | { 14 | "name": "Dockerfile", 15 | "path": "template/Dockerfile" 16 | }, 17 | { 18 | "name": "entrypoint", 19 | "path": "template/entrypoint" 20 | }, 21 | { 22 | "name": "kool.ini", 23 | "path": "template/kool-ini" 24 | }, 25 | { 26 | "name": "zz-docker.conf", 27 | "path": "template/zz-docker-conf" 28 | } 29 | ] 30 | }, 31 | { 32 | "name": "8.0-prod", 33 | "data": { 34 | "from": "php:8.0-fpm-alpine", 35 | "prod": true, 36 | "nginx": false, 37 | "version": "8.0" 38 | }, 39 | "files": [ 40 | { 41 | "name": "Dockerfile", 42 | "path": "template/Dockerfile" 43 | }, 44 | { 45 | "name": "entrypoint", 46 | "path": "template/entrypoint" 47 | }, 48 | { 49 | "name": "kool.ini", 50 | "path": "template/kool-ini" 51 | }, 52 | { 53 | "name": "zz-docker.conf", 54 | "path": "template/zz-docker-conf" 55 | } 56 | ] 57 | }, 58 | { 59 | "name": "8.0-nginx", 60 | "data": { 61 | "from": "kooldev/php:8.0", 62 | "prod": false, 63 | "nginx": true, 64 | "version": "8.0" 65 | }, 66 | "files": [ 67 | { 68 | "name": "Dockerfile", 69 | "path": "template/Dockerfile-nginx" 70 | }, 71 | { 72 | "name": "entrypoint", 73 | "path": "template/entrypoint" 74 | }, 75 | { 76 | "name": "default.tmpl", 77 | "path": "template/default-tmpl" 78 | }, 79 | { 80 | "name": "supervisor.conf", 81 | "path": "template/supervisor-conf" 82 | } 83 | ] 84 | }, 85 | { 86 | "name": "8.0-nginx-prod", 87 | "data": { 88 | "from": "kooldev/php:8.0-prod", 89 | "prod": true, 90 | "nginx": true, 91 | "version": "8.0" 92 | }, 93 | "files": [ 94 | { 95 | "name": "Dockerfile", 96 | "path": "template/Dockerfile-nginx" 97 | }, 98 | { 99 | "name": "entrypoint", 100 | "path": "template/entrypoint" 101 | }, 102 | { 103 | "name": "default.tmpl", 104 | "path": "template/default-tmpl" 105 | }, 106 | { 107 | "name": "supervisor.conf", 108 | "path": "template/supervisor-conf" 109 | } 110 | ] 111 | }, 112 | { 113 | "name": "8.0-node", 114 | "data": { 115 | "from": "kooldev/php:8.0", 116 | "version": "8.0" 117 | }, 118 | "files": [ 119 | { 120 | "name": "Dockerfile", 121 | "path": "template/Dockerfile-node" 122 | } 123 | ] 124 | }, 125 | { 126 | "name": "8.1", 127 | "data": { 128 | "from": "php:8.1-fpm-alpine", 129 | "prod": false, 130 | "nginx": false, 131 | "version": "8.1" 132 | }, 133 | "files": [ 134 | { 135 | "name": "Dockerfile", 136 | "path": "template/Dockerfile" 137 | }, 138 | { 139 | "name": "entrypoint", 140 | "path": "template/entrypoint" 141 | }, 142 | { 143 | "name": "kool.ini", 144 | "path": "template/kool-ini" 145 | }, 146 | { 147 | "name": "zz-docker.conf", 148 | "path": "template/zz-docker-conf" 149 | } 150 | ] 151 | }, 152 | { 153 | "name": "8.1-prod", 154 | "data": { 155 | "from": "php:8.1-fpm-alpine", 156 | "prod": true, 157 | "nginx": false, 158 | "version": "8.1" 159 | }, 160 | "files": [ 161 | { 162 | "name": "Dockerfile", 163 | "path": "template/Dockerfile" 164 | }, 165 | { 166 | "name": "entrypoint", 167 | "path": "template/entrypoint" 168 | }, 169 | { 170 | "name": "kool.ini", 171 | "path": "template/kool-ini" 172 | }, 173 | { 174 | "name": "zz-docker.conf", 175 | "path": "template/zz-docker-conf" 176 | } 177 | ] 178 | }, 179 | { 180 | "name": "8.1-nginx", 181 | "data": { 182 | "from": "kooldev/php:8.1", 183 | "prod": false, 184 | "nginx": true, 185 | "version": "8.1" 186 | }, 187 | "files": [ 188 | { 189 | "name": "Dockerfile", 190 | "path": "template/Dockerfile-nginx" 191 | }, 192 | { 193 | "name": "entrypoint", 194 | "path": "template/entrypoint" 195 | }, 196 | { 197 | "name": "default.tmpl", 198 | "path": "template/default-tmpl" 199 | }, 200 | { 201 | "name": "supervisor.conf", 202 | "path": "template/supervisor-conf" 203 | } 204 | ] 205 | }, 206 | { 207 | "name": "8.1-nginx-prod", 208 | "data": { 209 | "from": "kooldev/php:8.1-prod", 210 | "prod": true, 211 | "nginx": true, 212 | "version": "8.1" 213 | }, 214 | "files": [ 215 | { 216 | "name": "Dockerfile", 217 | "path": "template/Dockerfile-nginx" 218 | }, 219 | { 220 | "name": "entrypoint", 221 | "path": "template/entrypoint" 222 | }, 223 | { 224 | "name": "default.tmpl", 225 | "path": "template/default-tmpl" 226 | }, 227 | { 228 | "name": "supervisor.conf", 229 | "path": "template/supervisor-conf" 230 | } 231 | ] 232 | }, 233 | { 234 | "name": "8.1-node", 235 | "data": { 236 | "from": "kooldev/php:8.1", 237 | "version": "8.1" 238 | }, 239 | "files": [ 240 | { 241 | "name": "Dockerfile", 242 | "path": "template/Dockerfile-node" 243 | } 244 | ] 245 | }, 246 | { 247 | "name": "8.2", 248 | "data": { 249 | "from": "php:8.2-fpm-alpine", 250 | "prod": false, 251 | "nginx": false, 252 | "version": "8.2" 253 | }, 254 | "files": [ 255 | { 256 | "name": "Dockerfile", 257 | "path": "template/Dockerfile" 258 | }, 259 | { 260 | "name": "entrypoint", 261 | "path": "template/entrypoint" 262 | }, 263 | { 264 | "name": "kool.ini", 265 | "path": "template/kool-ini" 266 | }, 267 | { 268 | "name": "zz-docker.conf", 269 | "path": "template/zz-docker-conf" 270 | } 271 | ] 272 | }, 273 | { 274 | "name": "8.2-prod", 275 | "data": { 276 | "from": "php:8.2-fpm-alpine", 277 | "prod": true, 278 | "nginx": false, 279 | "version": "8.2" 280 | }, 281 | "files": [ 282 | { 283 | "name": "Dockerfile", 284 | "path": "template/Dockerfile" 285 | }, 286 | { 287 | "name": "entrypoint", 288 | "path": "template/entrypoint" 289 | }, 290 | { 291 | "name": "kool.ini", 292 | "path": "template/kool-ini" 293 | }, 294 | { 295 | "name": "zz-docker.conf", 296 | "path": "template/zz-docker-conf" 297 | } 298 | ] 299 | }, 300 | { 301 | "name": "8.2-nginx", 302 | "data": { 303 | "from": "kooldev/php:8.2", 304 | "prod": false, 305 | "nginx": true, 306 | "version": "8.2" 307 | }, 308 | "files": [ 309 | { 310 | "name": "Dockerfile", 311 | "path": "template/Dockerfile-nginx" 312 | }, 313 | { 314 | "name": "entrypoint", 315 | "path": "template/entrypoint" 316 | }, 317 | { 318 | "name": "default.tmpl", 319 | "path": "template/default-tmpl" 320 | }, 321 | { 322 | "name": "supervisor.conf", 323 | "path": "template/supervisor-conf" 324 | } 325 | ] 326 | }, 327 | { 328 | "name": "8.2-nginx-prod", 329 | "data": { 330 | "from": "kooldev/php:8.2-prod", 331 | "prod": true, 332 | "nginx": true, 333 | "version": "8.2" 334 | }, 335 | "files": [ 336 | { 337 | "name": "Dockerfile", 338 | "path": "template/Dockerfile-nginx" 339 | }, 340 | { 341 | "name": "entrypoint", 342 | "path": "template/entrypoint" 343 | }, 344 | { 345 | "name": "default.tmpl", 346 | "path": "template/default-tmpl" 347 | }, 348 | { 349 | "name": "supervisor.conf", 350 | "path": "template/supervisor-conf" 351 | } 352 | ] 353 | }, 354 | { 355 | "name": "8.2-node", 356 | "data": { 357 | "from": "kooldev/php:8.2", 358 | "version": "8.2" 359 | }, 360 | "files": [ 361 | { 362 | "name": "Dockerfile", 363 | "path": "template/Dockerfile-node" 364 | } 365 | ] 366 | }, 367 | { 368 | "name": "8.3", 369 | "data": { 370 | "from": "php:8.3-fpm-alpine", 371 | "prod": false, 372 | "nginx": false, 373 | "version": "8.3" 374 | }, 375 | "files": [ 376 | { 377 | "name": "Dockerfile", 378 | "path": "template/Dockerfile" 379 | }, 380 | { 381 | "name": "entrypoint", 382 | "path": "template/entrypoint" 383 | }, 384 | { 385 | "name": "kool.ini", 386 | "path": "template/kool-ini" 387 | }, 388 | { 389 | "name": "zz-docker.conf", 390 | "path": "template/zz-docker-conf" 391 | } 392 | ] 393 | }, 394 | { 395 | "name": "8.3-prod", 396 | "data": { 397 | "from": "php:8.3-fpm-alpine", 398 | "prod": true, 399 | "nginx": false, 400 | "version": "8.3" 401 | }, 402 | "files": [ 403 | { 404 | "name": "Dockerfile", 405 | "path": "template/Dockerfile" 406 | }, 407 | { 408 | "name": "entrypoint", 409 | "path": "template/entrypoint" 410 | }, 411 | { 412 | "name": "kool.ini", 413 | "path": "template/kool-ini" 414 | }, 415 | { 416 | "name": "zz-docker.conf", 417 | "path": "template/zz-docker-conf" 418 | } 419 | ] 420 | }, 421 | { 422 | "name": "8.3-nginx", 423 | "data": { 424 | "from": "kooldev/php:8.3", 425 | "prod": false, 426 | "nginx": true, 427 | "version": "8.3" 428 | }, 429 | "files": [ 430 | { 431 | "name": "Dockerfile", 432 | "path": "template/Dockerfile-nginx" 433 | }, 434 | { 435 | "name": "entrypoint", 436 | "path": "template/entrypoint" 437 | }, 438 | { 439 | "name": "default.tmpl", 440 | "path": "template/default-tmpl" 441 | }, 442 | { 443 | "name": "supervisor.conf", 444 | "path": "template/supervisor-conf" 445 | } 446 | ] 447 | }, 448 | { 449 | "name": "8.3-nginx-prod", 450 | "data": { 451 | "from": "kooldev/php:8.3-prod", 452 | "prod": true, 453 | "nginx": true, 454 | "version": "8.3" 455 | }, 456 | "files": [ 457 | { 458 | "name": "Dockerfile", 459 | "path": "template/Dockerfile-nginx" 460 | }, 461 | { 462 | "name": "entrypoint", 463 | "path": "template/entrypoint" 464 | }, 465 | { 466 | "name": "default.tmpl", 467 | "path": "template/default-tmpl" 468 | }, 469 | { 470 | "name": "supervisor.conf", 471 | "path": "template/supervisor-conf" 472 | } 473 | ] 474 | }, 475 | { 476 | "name": "8.3-node", 477 | "data": { 478 | "from": "kooldev/php:8.3", 479 | "version": "8.3" 480 | }, 481 | "files": [ 482 | { 483 | "name": "Dockerfile", 484 | "path": "template/Dockerfile-node" 485 | } 486 | ] 487 | }, 488 | { 489 | "name": "8.4", 490 | "data": { 491 | "from": "php:8.4-fpm-alpine", 492 | "prod": false, 493 | "nginx": false, 494 | "version": "8.4" 495 | }, 496 | "files": [ 497 | { 498 | "name": "Dockerfile", 499 | "path": "template/Dockerfile" 500 | }, 501 | { 502 | "name": "entrypoint", 503 | "path": "template/entrypoint" 504 | }, 505 | { 506 | "name": "kool.ini", 507 | "path": "template/kool-ini" 508 | }, 509 | { 510 | "name": "zz-docker.conf", 511 | "path": "template/zz-docker-conf" 512 | } 513 | ] 514 | }, 515 | { 516 | "name": "8.4-prod", 517 | "data": { 518 | "from": "php:8.4-fpm-alpine", 519 | "prod": true, 520 | "nginx": false, 521 | "version": "8.4" 522 | }, 523 | "files": [ 524 | { 525 | "name": "Dockerfile", 526 | "path": "template/Dockerfile" 527 | }, 528 | { 529 | "name": "entrypoint", 530 | "path": "template/entrypoint" 531 | }, 532 | { 533 | "name": "kool.ini", 534 | "path": "template/kool-ini" 535 | }, 536 | { 537 | "name": "zz-docker.conf", 538 | "path": "template/zz-docker-conf" 539 | } 540 | ] 541 | }, 542 | { 543 | "name": "8.4-nginx", 544 | "data": { 545 | "from": "kooldev/php:8.4", 546 | "prod": false, 547 | "nginx": true, 548 | "version": "8.4" 549 | }, 550 | "files": [ 551 | { 552 | "name": "Dockerfile", 553 | "path": "template/Dockerfile-nginx" 554 | }, 555 | { 556 | "name": "entrypoint", 557 | "path": "template/entrypoint" 558 | }, 559 | { 560 | "name": "default.tmpl", 561 | "path": "template/default-tmpl" 562 | }, 563 | { 564 | "name": "supervisor.conf", 565 | "path": "template/supervisor-conf" 566 | } 567 | ] 568 | }, 569 | { 570 | "name": "8.4-nginx-prod", 571 | "data": { 572 | "from": "kooldev/php:8.4-prod", 573 | "prod": true, 574 | "nginx": true, 575 | "version": "8.4" 576 | }, 577 | "files": [ 578 | { 579 | "name": "Dockerfile", 580 | "path": "template/Dockerfile-nginx" 581 | }, 582 | { 583 | "name": "entrypoint", 584 | "path": "template/entrypoint" 585 | }, 586 | { 587 | "name": "default.tmpl", 588 | "path": "template/default-tmpl" 589 | }, 590 | { 591 | "name": "supervisor.conf", 592 | "path": "template/supervisor-conf" 593 | } 594 | ] 595 | }, 596 | { 597 | "name": "8.4-node", 598 | "data": { 599 | "from": "kooldev/php:8.4", 600 | "version": "8.4" 601 | }, 602 | "files": [ 603 | { 604 | "name": "Dockerfile", 605 | "path": "template/Dockerfile-node" 606 | } 607 | ] 608 | } 609 | ] 610 | } 611 | -------------------------------------------------------------------------------- /kool.yml: -------------------------------------------------------------------------------- 1 | scripts: 2 | template: kool docker fireworkweb/fwd:v1.0 fwd template 3 | build-8.0: 4 | - docker build --pull -t kooldev/php:8.0 8.0 5 | - docker build --pull -t kooldev/php:8.0-prod 8.0-prod 6 | - docker build -t kooldev/php:8.0-nginx 8.0-nginx 7 | - docker build -t kooldev/php:8.0-nginx-prod 8.0-nginx-prod 8 | - docker build -t kooldev/php:8.0-node 8.0-node 9 | build-8.1: 10 | - docker build -t kooldev/php:8.1 8.1 11 | - docker build -t kooldev/php:8.1-prod 8.1-prod 12 | - docker build -t kooldev/php:8.1-nginx 8.1-nginx 13 | - docker build -t kooldev/php:8.1-nginx-prod 8.1-nginx-prod 14 | - docker build -t kooldev/php:8.1-node 8.1-node 15 | build-8.2: 16 | - docker build -t kooldev/php:8.2 8.2 17 | - docker build -t kooldev/php:8.2-prod 8.2-prod 18 | - docker build -t kooldev/php:8.2-nginx 8.2-nginx 19 | - docker build -t kooldev/php:8.2-nginx-prod 8.2-nginx-prod 20 | - docker build -t kooldev/php:8.2-node 8.2-node 21 | build-8.3: 22 | - docker build -t kooldev/php:8.3 8.3 23 | - docker build -t kooldev/php:8.3-prod 8.3-prod 24 | - docker build -t kooldev/php:8.3-nginx 8.3-nginx 25 | - docker build -t kooldev/php:8.3-nginx-prod 8.3-nginx-prod 26 | - docker build -t kooldev/php:8.3-node 8.3-node 27 | build-8.4: 28 | - docker build -t kooldev/php:8.4 8.4 29 | - docker build -t kooldev/php:8.4-prod 8.4-prod 30 | - docker build -t kooldev/php:8.4-nginx 8.4-nginx 31 | - docker build -t kooldev/php:8.4-nginx-prod 8.4-nginx-prod 32 | - docker build -t kooldev/php:8.4-node 8.4-node 33 | build: 34 | # parse templates 35 | - kool run template 36 | # build 37 | - kool run build-8.0 38 | - kool run build-8.1 39 | - kool run build-8.2 40 | - kool run build-8.3 41 | - kool run build-8.4 42 | -------------------------------------------------------------------------------- /template/Dockerfile-nginx.blade.php: -------------------------------------------------------------------------------- 1 | FROM debian AS cert 2 | 3 | WORKDIR /kool/ssl 4 | 5 | RUN apt-get update && \ 6 | apt-get install -y openssl && \ 7 | openssl genrsa -des3 -passout pass:x -out server.pass.key 2048 && \ 8 | openssl rsa -passin pass:x -in server.pass.key -out _.localhost.key && \ 9 | rm server.pass.key && \ 10 | openssl req -new -key _.localhost.key -out server.csr \ 11 | -subj "/C=XX/ST=XX/L=XX/O=Kool-Local/OU=Localhost/CN=*.localhost" && \ 12 | openssl x509 -req -days 365 -in server.csr -signkey _.localhost.key -out _.localhost.crt && \ 13 | openssl x509 -in _.localhost.crt -out _.localhost.pem 14 | 15 | FROM {{ $from }} 16 | 17 | ENV PHP_FPM_LISTEN=/run/php-fpm.sock \ 18 | NGINX_LISTEN=80 \ 19 | NGINX_HTTPS=false \ 20 | NGINX_LISTEN_HTTPS=443 \ 21 | NGINX_HTTPS_CERT=/kool/ssl/_.localhost.pem \ 22 | NGINX_HTTPS_CERT_KEY=/kool/ssl/_.localhost.key \ 23 | NGINX_ROOT=/app/public \ 24 | NGINX_INDEX=index.php \ 25 | NGINX_CLIENT_MAX_BODY_SIZE=25M \ 26 | NGINX_PHP_FPM=unix:/run/php-fpm.sock \ 27 | NGINX_FASTCGI_READ_TIMEOUT=60s \ 28 | NGINX_FASTCGI_BUFFERS='8 8k' \ 29 | NGINX_FASTCGI_BUFFER_SIZE='16k' \ 30 | NGINX_ENTRYPOINT_WORKER_PROCESSES_AUTOTUNE=true 31 | 32 | RUN curl -L https://github.com/ochinchina/supervisord/releases/download/v0.6.3/supervisord_static_0.6.3_linux_amd64 -o /usr/local/bin/supervisord \ 33 | && chmod +x /usr/local/bin/supervisord \ 34 | && apk add --no-cache nginx \ 35 | && chown -R kool:kool /var/lib/nginx \ 36 | && chmod 770 /var/lib/nginx/tmp \ 37 | && ln -sf /dev/stdout /var/log/nginx/access.log \ 38 | && ln -sf /dev/stderr /var/log/nginx/error.log \ 39 | # add h5bp/server-configs-nginx 40 | && mkdir -p /etc/nginx/conf.d \ 41 | && mkdir /etc/nginx/h5bp \ 42 | && cd /etc/nginx/h5bp \ 43 | && wget https://github.com/h5bp/server-configs-nginx/archive/refs/tags/3.3.0.tar.gz -O h5bp.tgz \ 44 | && tar xzvf h5bp.tgz \ 45 | && rm -f h5bp.tgz \ 46 | && mv server-configs-nginx-*/h5bp/* . \ 47 | && mv server-configs-nginx-*/nginx.conf /etc/nginx/nginx.conf \ 48 | && sed -i "s|^user .*|user\ kool kool;|g" /etc/nginx/nginx.conf \ 49 | && mv server-configs-nginx-*/mime.types /etc/nginx/mime.types \ 50 | && rm -rf server-configs-nginx-* \ 51 | && curl -L https://raw.githubusercontent.com/nginxinc/docker-nginx/master/entrypoint/30-tune-worker-processes.sh -o /kool/30-tune-worker-processes.sh \ 52 | && chmod +x /kool/30-tune-worker-processes.sh 53 | 54 | COPY supervisor.conf /kool/supervisor.conf 55 | COPY default.tmpl /kool/default.tmpl 56 | COPY entrypoint /kool/entrypoint 57 | COPY --from=cert /kool/ssl /kool/ssl 58 | RUN chmod +x /kool/entrypoint 59 | 60 | EXPOSE 80 61 | 62 | CMD [ "supervisord", "-c", "/kool/supervisor.conf" ] 63 | -------------------------------------------------------------------------------- /template/Dockerfile-node.blade.php: -------------------------------------------------------------------------------- 1 | FROM {{ $from }} 2 | 3 | RUN apk add --update --no-cache npm yarn \ 4 | && rm -rf /var/cache/apk/* /tmp/* 5 | -------------------------------------------------------------------------------- /template/Dockerfile.blade.php: -------------------------------------------------------------------------------- 1 | FROM {{ $from }} 2 | 3 | ENV ASUSER= \ 4 | UID= \ 5 | COMPOSER_ALLOW_SUPERUSER=1 \ 6 | COMPOSER_MEMORY_LIMIT=-1 \ 7 | @unless ($prod) 8 | ENABLE_XDEBUG=false \ 9 | @endunless 10 | PHP_DATE_TIMEZONE=UTC \ 11 | PHP_MEMORY_LIMIT=256M \ 12 | PHP_MAX_INPUT_VARS=1000 \ 13 | PHP_UPLOAD_MAX_FILESIZE=25M \ 14 | PHP_POST_MAX_SIZE=25M \ 15 | PHP_MAX_EXECUTION_TIME=30 \ 16 | PHP_FPM_LISTEN=9000 \ 17 | PHP_FPM_MAX_CHILDREN=10 \ 18 | PHP_FPM_REQUEST_TERMINATE_TIMEOUT=60 \ 19 | ENTRYPOINT=entrypoint.php.sh 20 | 21 | WORKDIR /app 22 | 23 | RUN adduser -D -u 1337 kool \ 24 | && addgroup kool www-data \ 25 | # dockerize 26 | && curl -L https://github.com/jwilder/dockerize/releases/download/v0.6.1/dockerize-alpine-linux-amd64-v0.6.1.tar.gz | tar xz \ 27 | && mv dockerize /usr/local/bin/dockerize \ 28 | # deps 29 | && apk --no-cache add su-exec bash sed git openssh-client icu shadow procps \ 30 | freetype libpng libjpeg-turbo libzip-dev ghostscript imagemagick \ 31 | jpegoptim optipng pngquant gifsicle libldap \ 32 | libpq less \ 33 | # build-deps 34 | && apk add --no-cache --virtual .build-deps $PHPIZE_DEPS \ 35 | freetype-dev libpng-dev libjpeg-turbo-dev \ 36 | icu-dev libedit-dev libxml2-dev \ 37 | imagemagick-dev openldap-dev {{ version_compare($version, '7.4', '>=') ? 'oniguruma-dev' : '' }} libwebp-dev \ 38 | postgresql-dev \ 39 | linux-headers \ 40 | # php-ext 41 | @if (version_compare($version, '7.4', '>=')) 42 | && docker-php-ext-configure gd --with-freetype --with-webp --with-jpeg \ 43 | @else 44 | && docker-php-ext-configure gd \ 45 | --with-freetype-dir=/usr/include/ \ 46 | --with-png-dir=/usr/include/ \ 47 | --with-jpeg-dir=/usr/include/ \ 48 | @endif 49 | && export CFLAGS="$PHP_CFLAGS" CPPFLAGS="$PHP_CPPFLAGS" LDFLAGS="$PHP_LDFLAGS" \ 50 | && docker-php-ext-install -j$(nproc) \ 51 | bcmath \ 52 | calendar \ 53 | exif \ 54 | gd \ 55 | intl \ 56 | ldap \ 57 | mbstring \ 58 | @if ($prod) 59 | opcache \ 60 | @endif 61 | pcntl \ 62 | pdo \ 63 | pdo_mysql \ 64 | pdo_pgsql \ 65 | soap \ 66 | xml \ 67 | zip \ 68 | sockets \ 69 | mysqli \ 70 | ftp \ 71 | && pecl install redis \ 72 | @if (! $prod) 73 | && pecl install {{ version_compare($version, '8', '>=') ? 'xdebug' : 'xdebug-3.1.6' }} \ 74 | && pecl install pcov && docker-php-ext-enable pcov \ 75 | @endif 76 | @if (version_compare($version, '8.2', '<=')) 77 | && pecl install imagick \ 78 | && docker-php-ext-enable imagick \ 79 | @else 80 | @if (version_compare($version, '8.4', '==')) 81 | @else 82 | && mkdir /tmp/imagick && cd /tmp/imagick \ 83 | && curl -L -o /tmp/imagick.tar.gz https://github.com/Imagick/imagick/archive/refs/tags/3.7.0.tar.gz \ 84 | && tar --strip-components=1 -xf /tmp/imagick.tar.gz \ 85 | && phpize \ 86 | && ./configure --with-webp=yes \ 87 | && make \ 88 | && make install \ 89 | && echo "extension=imagick.so" > /usr/local/etc/php/conf.d/ext-imagick.ini \ 90 | @endif 91 | @endif 92 | && docker-php-ext-enable redis \ 93 | && cp "/usr/local/etc/php/php.ini-{{ $prod ? 'production' : 'development' }}" "/usr/local/etc/php/php.ini" \ 94 | # composer 95 | && curl -sS https://getcomposer.org/installer | php -- --install-dir=/usr/local/bin --filename=composer \ 96 | && curl -sS https://getcomposer.org/installer | php -- --1 --install-dir=/usr/local/bin --filename=composer1 \ 97 | # cleanup 98 | && apk del .build-deps \ 99 | && rm -rf /var/cache/apk/* /tmp/* 100 | 101 | COPY kool.ini /kool/kool.tmpl 102 | COPY zz-docker.conf /kool/zz-docker.tmpl 103 | COPY entrypoint /kool/entrypoint 104 | RUN chmod +x /kool/entrypoint 105 | 106 | EXPOSE 9000 107 | 108 | ENTRYPOINT [ "/kool/entrypoint" ] 109 | CMD [ "php-fpm" ] 110 | -------------------------------------------------------------------------------- /template/default-tmpl.blade.php: -------------------------------------------------------------------------------- 1 | server { 2 | listen @{{ .Env.NGINX_LISTEN }} default_server; 3 | server_name _; 4 | @{{ if isTrue .Env.NGINX_HTTPS }} 5 | listen @{{ .Env.NGINX_LISTEN_HTTPS }} ssl http2; 6 | ssl_certificate @{{ .Env.NGINX_HTTPS_CERT }}; 7 | ssl_certificate_key @{{ .Env.NGINX_HTTPS_CERT_KEY }}; 8 | ssl_protocols TLSv1 TLSv1.1 TLSv1.2; 9 | ssl_ciphers HIGH:!aNULL:!MD5; 10 | @{{ end }} 11 | root @{{ .Env.NGINX_ROOT }}; 12 | index @{{ .Env.NGINX_INDEX }}; 13 | charset utf-8; 14 | 15 | location = /favicon.ico { log_not_found off; access_log off; } 16 | location = /robots.txt { log_not_found off; access_log off; } 17 | 18 | client_max_body_size @{{ .Env.NGINX_CLIENT_MAX_BODY_SIZE }}; 19 | 20 | error_page 404 /index.php; 21 | 22 | location / { 23 | try_files $uri $uri/ /@{{ .Env.NGINX_INDEX }}?$query_string; 24 | 25 | add_header X-Served-By kool.dev; 26 | } 27 | 28 | location ~ \.php$ { 29 | fastcgi_buffers @{{ .Env.NGINX_FASTCGI_BUFFERS }}; 30 | fastcgi_buffer_size @{{ .Env.NGINX_FASTCGI_BUFFER_SIZE }}; 31 | fastcgi_pass @{{ .Env.NGINX_PHP_FPM }}; 32 | fastcgi_read_timeout @{{ .Env.NGINX_FASTCGI_READ_TIMEOUT }}; 33 | fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name; 34 | include fastcgi_params; 35 | } 36 | 37 | location ~ /\.ht { 38 | deny all; 39 | } 40 | 41 | # good practices 42 | add_header X-Frame-Options "SAMEORIGIN"; 43 | 44 | # basic H5BP suggestions 45 | include h5bp/internet_explorer/x-ua-compatible.conf; 46 | include h5bp/security/referrer-policy.conf; 47 | include h5bp/security/x-content-type-options.conf; 48 | include h5bp/security/x-xss-protection.conf; 49 | 50 | # performance enhancements (mostly for caching static data) 51 | include h5bp/web_performance/cache-file-descriptors.conf; 52 | include h5bp/web_performance/pre-compressed_content_gzip.conf; 53 | } 54 | -------------------------------------------------------------------------------- /template/entrypoint.blade.php: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | set -e 3 | 4 | @unless ($prod) 5 | if [ "$ENABLE_XDEBUG" == "true" ]; then 6 | docker-php-ext-enable xdebug >> /dev/null 2>&1 7 | 8 | if [ $? != "0" ]; then 9 | echo "[ERROR] An error happened enabling xdebug" 10 | 11 | exit 1 12 | fi 13 | fi 14 | @endunless 15 | 16 | # Run as current user 17 | CURRENT_USER=${ASUSER:-${UID:-0}} 18 | 19 | if [ ! -z "$CURRENT_USER" ] && [ "$CURRENT_USER" != "0" ]; then 20 | usermod -u $CURRENT_USER kool 21 | fi 22 | 23 | dockerize -template /kool/kool.tmpl:/usr/local/etc/php/conf.d/kool.ini -template /kool/zz-docker.tmpl:/usr/local/etc/php-fpm.d/zz-docker.conf {!! $nginx ? '-template /kool/default.tmpl:/etc/nginx/conf.d/default.conf' : '' !!} 24 | 25 | @if ($nginx) 26 | /kool/30-tune-worker-processes.sh 27 | @endif 28 | 29 | # Run entrypoint if provided 30 | if [ ! -z "$ENTRYPOINT" ] && [ -f "$ENTRYPOINT" ]; then 31 | bash $ENTRYPOINT 32 | fi 33 | 34 | if [ "$1" = "sh" ] || [ "$1" = "bash" ] || [ "$1" = "php-fpm" ] {!! $nginx ? '|| [ "$1" = "nginx" ] || [ "$1" = "supervisord" ]' : '' !!}; then 35 | exec "$@" 36 | else 37 | exec su-exec kool "$@" 38 | fi 39 | -------------------------------------------------------------------------------- /template/kool-ini.blade.php: -------------------------------------------------------------------------------- 1 | [PHP] 2 | 3 | ; Maximum amount of memory a script may consume 4 | ; http://php.net/memory-limit 5 | memory_limit = @{{ .Env.PHP_MEMORY_LIMIT }} 6 | 7 | ; Fix maximum variables per input 8 | max_input_vars = @{{ .Env.PHP_MAX_INPUT_VARS }} 9 | 10 | ; Maximum allowed size for uploaded files. 11 | ; http://php.net/upload-max-filesize 12 | upload_max_filesize = @{{ .Env.PHP_UPLOAD_MAX_FILESIZE }} 13 | 14 | ; Maximum size of POST data that PHP will accept. 15 | ; Its value may be 0 to disable the limit. It is ignored if POST data reading 16 | ; is disabled through enable_post_data_reading. 17 | ; http://php.net/post-max-size 18 | post_max_size = @{{ .Env.PHP_POST_MAX_SIZE }} 19 | 20 | ; Maximum execution time of each script, in seconds 21 | ; http://php.net/max-execution-time 22 | ; Note: This directive is hardcoded to 0 for the CLI SAPI 23 | max_execution_time = @{{ .Env.PHP_MAX_EXECUTION_TIME }} 24 | 25 | ; Default timezone used by all date/time functions. 26 | ; https://www.php.net/manual/en/datetime.configuration.php#ini.date.timezone 27 | date.timezone = @{{ .Env.PHP_DATE_TIMEZONE }} 28 | 29 | {{-- OPCACHE --}} 30 | @if ($prod) 31 | [opcache] 32 | 33 | ; Determines if Zend OPCache is enabled 34 | opcache.enable=1 35 | 36 | ; The OPcache shared memory storage size. 37 | opcache.memory_consumption=512 38 | 39 | ; The amount of memory for interned strings in Mbytes. 40 | opcache.interned_strings_buffer=64 41 | 42 | ; The maximum number of keys (scripts) in the OPcache hash table. 43 | ; Only numbers between 200 and 1000000 are allowed. 44 | opcache.max_accelerated_files=30000 45 | 46 | ; When disabled, you must reset the OPcache manually or restart the 47 | ; webserver for changes to the filesystem to take effect. 48 | opcache.validate_timestamps=0 49 | 50 | ; If disabled, all PHPDoc comments are dropped from the code to reduce the 51 | ; size of the optimized code. 52 | opcache.save_comments=1 53 | @endif 54 | -------------------------------------------------------------------------------- /template/supervisor-conf.blade.php: -------------------------------------------------------------------------------- 1 | [program:nginx] 2 | depends_on = php-fpm 3 | command = nginx -g "daemon off;" 4 | stopasgroup = true 5 | stderr_logfile = /dev/stderr 6 | stdout_logfile = /dev/stdout 7 | 8 | [program:php-fpm] 9 | command = php-fpm 10 | stopasgroup = true 11 | stderr_logfile = /dev/stderr 12 | stdout_logfile = /dev/stdout 13 | -------------------------------------------------------------------------------- /template/zz-docker-conf.blade.php: -------------------------------------------------------------------------------- 1 | [global] 2 | daemonize = no 3 | 4 | [www] 5 | ; Unix user/group of processes 6 | ; Note: The user is mandatory. If the group is not set, the default user's group 7 | ; will be used. 8 | user = kool 9 | group = kool 10 | 11 | ; The address on which to accept FastCGI requests. 12 | ; Valid syntaxes are: 13 | ; 'ip.add.re.ss:port' - to listen on a TCP socket to a specific IPv4 address on 14 | ; a specific port; 15 | ; '[ip:6:addr:ess]:port' - to listen on a TCP socket to a specific IPv6 address on 16 | ; a specific port; 17 | ; 'port' - to listen on a TCP socket to all addresses 18 | ; (IPv6 and IPv4-mapped) on a specific port; 19 | ; '/path/to/unix/socket' - to listen on a unix socket. 20 | ; Note: This value is mandatory. 21 | listen = @{{ .Env.PHP_FPM_LISTEN }} 22 | 23 | ; Set permissions for unix socket, if one is used. In Linux, read/write 24 | ; permissions must be set in order to allow connections from a web server. Many 25 | ; BSD-derived systems allow connections regardless of permissions. The owner 26 | ; and group can be specified either by name or by their numeric IDs. 27 | ; Default Values: user and group are set as the running user 28 | ; mode is set to 0660 29 | listen.owner = kool 30 | listen.group = kool 31 | 32 | ; The number of child processes to be created when pm is set to 'static' and the 33 | ; maximum number of child processes when pm is set to 'dynamic' or 'ondemand'. 34 | ; This value sets the limit on the number of simultaneous requests that will be 35 | ; served. Equivalent to the ApacheMaxClients directive with mpm_prefork. 36 | ; Equivalent to the PHP_FCGI_CHILDREN environment variable in the original PHP 37 | ; CGI. The below defaults are based on a server without much resources. Don't 38 | ; forget to tweak pm.* to fit your needs. 39 | ; Note: Used when pm is set to 'static', 'dynamic' or 'ondemand' 40 | ; Note: This value is mandatory. 41 | pm.max_children = @{{ .Env.PHP_FPM_MAX_CHILDREN }} 42 | 43 | ; The timeout for serving a single request after which the worker process will 44 | ; be killed. This option should be used when the 'max_execution_time' ini option 45 | ; does not stop script execution for some reason. A value of '0' means 'off'. 46 | ; Available units: s(econds)(default), m(inutes), h(ours), or d(ays) 47 | ; Default Value: 0 48 | request_terminate_timeout = @{{ .Env.PHP_FPM_REQUEST_TERMINATE_TIMEOUT }} 49 | --------------------------------------------------------------------------------