WIP: dockerize

.dockerignore

@@ -0,0 +1,31 @@
+.idea/
+.git/
+.circleci
+.phpstorm.meta.php
+_ide_helper.php
+
+vendor/
+node_modules/
+
+public/js/
+public/css/
+bootstrap/cache/*
+storage/app/*
+storage/framework/cache/*
+storage/framework/sessions/*
+storage/framework/testing
+storage/framework/views/*
+storage/logs/*
+
+readme.md
+**.gitignore
+**.gitattributes
+**.sass-cache
+*.env*
+*.config.js
+?ulpfile.js
+?untfile.js
+phpunit.xml
+phpspec.yml
+Dockerfile
+docker-compose/

Dockerfile

@@ -0,0 +1,33 @@
+FROM node:lts-alpine as frontend
+WORKDIR /app
+COPY package*.json /app/
+COPY webpack.mix.js /app/
+COPY resources/ /app/resources/
+RUN npm install && npm run production
+
+FROM composer as composer
+
+FROM php:7.4-fpm-alpine as app
+RUN mv "$PHP_INI_DIR/php.ini-production" "$PHP_INI_DIR/php.ini"
+COPY ./dockerize/php/zz-docker.conf /usr/local/etc/php-fpm.d/zz-docker.conf
+RUN apk add --update-cache \
+    nginx \
+    supervisor \
+  && rm -rf /var/cache/apk/*
+COPY ./dockerize/nginx/nginx.conf /etc/nginx/nginx.conf
+COPY ./dockerize/nginx/app.conf /etc/nginx/conf.d/default.conf
+COPY ./dockerize/supervisor/supervisord.conf /etc/supervisord.conf
+WORKDIR /app
+COPY --from=composer /usr/bin/composer /usr/bin/composer
+COPY --chown=www-data:www-data . /app
+COPY --from=frontend /app/public/js/ /app/public/js/
+COPY --from=frontend /app/public/css/ /app/public/css/
+COPY --from=frontend /app/mix-manifest.json /app/mix-manifest.json
+RUN composer install --ignore-platform-reqs --no-interaction --no-plugins --no-scripts --prefer-dist --no-dev --optimize-autoloader
+RUN mkdir /app/storage/app/public
+RUN php artisan storage:link
+RUN { echo "*	*	*	*	*	/usr/local/bin/php /app/artisan schedule:run >> /dev/null 2>&1"; } | crontab -u www-data -
+COPY ./dockerize/entrypoint.sh /opt/entrypoint.sh
+RUN chmod +x /opt/entrypoint.sh
+ENTRYPOINT ["/opt/entrypoint.sh"]
+EXPOSE 80

dockerize/entrypoint.sh

@@ -0,0 +1,17 @@
+#!/bin/sh
+
+if [ "$LARAVEL_SCHEDULE_ENABLE" = true ] ; then
+  # Start cron
+  crond
+fi
+
+if [ "$LARAVEL_QUEUE_ENABLE" = true ] ; then
+  # Start supervisor
+  supervisord -c /etc/supervisord.conf
+fi
+
+# Start Nginx
+/usr/sbin/nginx
+
+# Start php-fpm
+/usr/local/sbin/php-fpm

dockerize/nginx/app.conf

@@ -0,0 +1,34 @@
+server {
+	listen 80 default_server;
+	listen [::]:80 default_server;
+
+	root /app/public;
+
+	add_header X-Frame-Options "SAMEORIGIN";
+	add_header X-XSS-Protection "1; mode=block";
+	add_header X-Content-Type-Options "nosniff";
+
+	index index.html index.htm index.php;
+
+	charset utf-8;
+
+	location / {
+		try_files $uri $uri/ /index.php?$query_string;
+	}
+
+	location = /favicon.ico { access_log off; log_not_found off; }
+	location = /robots.txt  { access_log off; log_not_found off; }
+
+	error_page 404 /index.php;
+
+	location ~ \.php$ {
+		fastcgi_pass unix:/var/run/php-fpm.sock;
+		fastcgi_index index.php;
+		fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;
+		include fastcgi_params;
+	}
+
+	location ~ /\.(?!well-known).* {
+		deny all;
+	}
+}

dockerize/nginx/nginx.conf

@@ -0,0 +1,105 @@
+# /etc/nginx/nginx.conf
+
+user www-data;
+
+# Set number of worker processes automatically based on number of CPU cores.
+worker_processes auto;
+
+pid /run/nginx.pid;
+
+# Enables the use of JIT for regular expressions to speed-up their processing.
+pcre_jit on;
+
+# Configures default error logger.
+error_log /var/log/nginx/error.log warn;
+
+# Includes files with directives to load dynamic modules.
+include /etc/nginx/modules/*.conf;
+
+
+events {
+	# The maximum number of simultaneous connections that can be opened by
+	# a worker process.
+	worker_connections 1024;
+
+	# optimized to serve many clients with each thread, essential for linux -- for testing environment
+	# use epoll;
+
+	# accept as many connections as possible, may flood worker connections if set too low -- for testing environment
+	# multi_accept on;
+}
+
+http {
+	# Includes mapping of file name extensions to MIME types of responses
+	# and defines the default type.
+	include /etc/nginx/mime.types;
+	default_type application/octet-stream;
+
+	# Name servers used to resolve names of upstream servers into addresses.
+	# It's also needed when using tcpsocket and udpsocket in Lua modules.
+	#resolver 208.67.222.222 208.67.220.220;
+
+	# Don't tell nginx version to clients.
+	server_tokens off;
+
+	# Specifies the maximum accepted body size of a client request, as
+	# indicated by the request header Content-Length. If the stated content
+	# length is greater than this size, then the client receives the HTTP
+	# error code 413. Set to 0 to disable.
+	#client_max_body_size 1m;
+	client_max_body_size 0;
+
+	# Timeout for keep-alive connections. Server will close connections after
+	# this time.
+	keepalive_timeout 65;
+
+	# Sendfile copies data between one FD and other from within the kernel,
+	# which is more efficient than read() + write().
+	sendfile on;
+
+	# Don't buffer data-sends (disable Nagle algorithm).
+	# Good for sending frequent small bursts of data in real time.
+	tcp_nodelay on;
+
+	# Causes nginx to attempt to send its HTTP response head in one packet,
+	# instead of using partial frames.
+	tcp_nopush on;
+
+
+	# Path of the file with Diffie-Hellman parameters for EDH ciphers.
+	#ssl_dhparam /etc/ssl/nginx/dh2048.pem;
+
+	# Specifies that our cipher suits should be preferred over client ciphers.
+	ssl_prefer_server_ciphers on;
+
+	# Enables a shared SSL cache with size that can hold around 8000 sessions.
+	ssl_session_cache shared:SSL:2m;
+
+
+	# Enable gzipping of responses.
+	gzip on;
+	gzip_disable "MSIE [4-6] \.";
+
+	# Set the Vary HTTP header as defined in the RFC 2616.
+	gzip_vary on;
+
+	# Enable checking the existence of precompressed files.
+	#gzip_static on;
+	gzip_comp_level 3;
+	gzip_min_length 1000;
+	gzip_buffers 16 8k;
+	gzip_http_version 1.1;
+	gzip_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript application/javascript application/x-httpd-php image/jpeg image/gif image/png;
+
+	# Specifies the main log format.
+	log_format main '$remote_addr - $remote_user [$time_local] "$request" '
+			'$status $body_bytes_sent "$http_referer" '
+			'"$http_user_agent" "$http_x_forwarded_for"';
+
+	# Sets the path, format, and configuration for a buffered log write.
+	access_log /var/log/nginx/access.log main;
+
+
+	# Includes virtual hosts configs.
+	include /etc/nginx/conf.d/*.conf;
+}

dockerize/php/zz-docker.conf

@@ -0,0 +1,6 @@
+[global]
+daemonize = no
+
+[www]
+listen = /var/run/php-fpm.sock
+listen.mode = 0666

dockerize/supervisor/supervisord.conf

@@ -0,0 +1,142 @@
+; Sample supervisor config file.
+
+[unix_http_server]
+file=/run/supervisord.sock   ; (the path to the socket file)
+;chmod=0700                  ; socked file mode (default 0700)
+;chown=nobody:nogroup        ; socket file uid:gid owner
+;username=user               ; (default is no username (open server))
+;password=123                ; (default is no password (open server))
+
+;[inet_http_server]          ; inet (TCP) server disabled by default
+;port=127.0.0.1:9001         ; (ip_address:port specifier, *:port for all iface)
+;username=user               ; (default is no username (open server))
+;password=123                ; (default is no password (open server))
+
+[supervisord]
+logfile=/var/log/supervisord.log ; (main log file;default $CWD/supervisord.log)
+;logfile_maxbytes=50MB       ; (max main logfile bytes b4 rotation;default 50MB)
+;logfile_backups=10          ; (num of main logfile rotation backups;default 10)
+loglevel=info                ; (log level;default info; others: debug,warn,trace)
+;pidfile=/run/supervisord.pid ; (supervisord pidfile;default supervisord.pid)
+;nodaemon=false              ; (start in foreground if true;default false)
+;minfds=1024                 ; (min. avail startup file descriptors;default 1024)
+;minprocs=200                ; (min. avail process descriptors;default 200)
+;umask=022                   ; (process file creation umask;default 022)
+;user=chrism                 ; (default is current user, required if root)
+;identifier=supervisor       ; (supervisord identifier, default is 'supervisor')
+;directory=/tmp              ; (default is not to cd during start)
+;nocleanup=true              ; (don't clean up tempfiles at start;default false)
+;childlogdir=/var/log/supervisor ; ('AUTO' child log dir, default $TEMP)
+;environment=KEY=value       ; (key value pairs to add to environment)
+;strip_ansi=false            ; (strip ansi escape codes in logs; def. false)
+
+; the below section must remain in the config file for RPC
+; (supervisorctl/web interface) to work, additional interfaces may be
+; added by defining them in separate rpcinterface: sections
+[rpcinterface:supervisor]
+supervisor.rpcinterface_factory = supervisor.rpcinterface:make_main_rpcinterface
+
+[supervisorctl]
+serverurl=unix:///run/supervisord.sock ; use a unix:// URL  for a unix socket
+;serverurl=http://127.0.0.1:9001 ; use an http:// url to specify an inet socket
+;username=chris              ; should be same as http_username if set
+;password=123                ; should be same as http_password if set
+;prompt=mysupervisor         ; cmd line prompt (default "supervisor")
+;history_file=~/.sc_history  ; use readline history if available
+
+; The below sample program section shows all possible program subsection values,
+; create one or more 'real' program: sections to be able to control them under
+; supervisor.
+
+;[program:theprogramname]
+;command=/bin/cat              ; the program (relative uses PATH, can take args)
+;process_name=%(program_name)s ; process_name expr (default %(program_name)s)
+;numprocs=1                    ; number of processes copies to start (def 1)
+;directory=/tmp                ; directory to cwd to before exec (def no cwd)
+;umask=022                     ; umask for process (default None)
+;priority=999                  ; the relative start priority (default 999)
+;autostart=true                ; start at supervisord start (default: true)
+;autorestart=unexpected        ; whether/when to restart (default: unexpected)
+;startsecs=1                   ; number of secs prog must stay running (def. 1)
+;startretries=3                ; max # of serial start failures (default 3)
+;exitcodes=0,2                 ; 'expected' exit codes for process (default 0,2)
+;stopsignal=QUIT               ; signal used to kill process (default TERM)
+;stopwaitsecs=10               ; max num secs to wait b4 SIGKILL (default 10)
+;killasgroup=false             ; SIGKILL the UNIX process group (def false)
+;user=chrism                   ; setuid to this UNIX account to run the program
+;redirect_stderr=true          ; redirect proc stderr to stdout (default false)
+;stdout_logfile=/a/path        ; stdout log path, NONE for none; default AUTO
+;stdout_logfile_maxbytes=1MB   ; max # logfile bytes b4 rotation (default 50MB)
+;stdout_logfile_backups=10     ; # of stdout logfile backups (default 10)
+;stdout_capture_maxbytes=1MB   ; number of bytes in 'capturemode' (default 0)
+;stdout_events_enabled=false   ; emit events on stdout writes (default false)
+;stderr_logfile=/a/path        ; stderr log path, NONE for none; default AUTO
+;stderr_logfile_maxbytes=1MB   ; max # logfile bytes b4 rotation (default 50MB)
+;stderr_logfile_backups=10     ; # of stderr logfile backups (default 10)
+;stderr_capture_maxbytes=1MB   ; number of bytes in 'capturemode' (default 0)
+;stderr_events_enabled=false   ; emit events on stderr writes (default false)
+;environment=A=1,B=2           ; process environment additions (def no adds)
+;serverurl=AUTO                ; override serverurl computation (childutils)
+
+; The below sample eventlistener section shows all possible
+; eventlistener subsection values, create one or more 'real'
+; eventlistener: sections to be able to handle event notifications
+; sent by supervisor.
+
+;[eventlistener:theeventlistenername]
+;command=/bin/eventlistener    ; the program (relative uses PATH, can take args)
+;process_name=%(program_name)s ; process_name expr (default %(program_name)s)
+;numprocs=1                    ; number of processes copies to start (def 1)
+;events=EVENT                  ; event notif. types to subscribe to (req'd)
+;buffer_size=10                ; event buffer queue size (default 10)
+;directory=/tmp                ; directory to cwd to before exec (def no cwd)
+;umask=022                     ; umask for process (default None)
+;priority=-1                   ; the relative start priority (default -1)
+;autostart=true                ; start at supervisord start (default: true)
+;autorestart=unexpected        ; whether/when to restart (default: unexpected)
+;startsecs=1                   ; number of secs prog must stay running (def. 1)
+;startretries=3                ; max # of serial start failures (default 3)
+;exitcodes=0,2                 ; 'expected' exit codes for process (default 0,2)
+;stopsignal=QUIT               ; signal used to kill process (default TERM)
+;stopwaitsecs=10               ; max num secs to wait b4 SIGKILL (default 10)
+;killasgroup=false             ; SIGKILL the UNIX process group (def false)
+;user=chrism                   ; setuid to this UNIX account to run the program
+;redirect_stderr=true          ; redirect proc stderr to stdout (default false)
+;stdout_logfile=/a/path        ; stdout log path, NONE for none; default AUTO
+;stdout_logfile_maxbytes=1MB   ; max # logfile bytes b4 rotation (default 50MB)
+;stdout_logfile_backups=10     ; # of stdout logfile backups (default 10)
+;stdout_events_enabled=false   ; emit events on stdout writes (default false)
+;stderr_logfile=/a/path        ; stderr log path, NONE for none; default AUTO
+;stderr_logfile_maxbytes=1MB   ; max # logfile bytes b4 rotation (default 50MB)
+;stderr_logfile_backups        ; # of stderr logfile backups (default 10)
+;stderr_events_enabled=false   ; emit events on stderr writes (default false)
+;environment=A=1,B=2           ; process environment additions
+;serverurl=AUTO                ; override serverurl computation (childutils)
+
+; The below sample group section shows all possible group values,
+; create one or more 'real' group: sections to create "heterogeneous"
+; process groups.
+
+;[group:thegroupname]
+;programs=progname1,progname2  ; each refers to 'x' in [program:x] definitions
+;priority=999                  ; the relative start priority (default 999)
+
+; The [include] section can just contain the "files" setting.  This
+; setting can list multiple files (separated by whitespace or
+; newlines).  It can also contain wildcards.  The filenames are
+; interpreted as relative to this file.  Included files *cannot*
+; include files themselves.
+
+[program:molibot-worker]
+process_name=%(program_name)s_%(process_num)02d
+command=/usr/local/bin/php /app/artisan queue:work --sleep=30 --tries=5
+autostart=true
+autorestart=true
+user=www-data
+numprocs=2
+stdout_logfile=/app/storage/logs/worker.log
+stderr_logfile=/app/storage/logs/worker-error.log
+stopwaitsecs=3600
+
+[include]
+files = /etc/supervisor.d/*.ini