diff --git a/.docker/README.md b/.docker/README.md index 18ab1fa..18e9db5 100644 --- a/.docker/README.md +++ b/.docker/README.md @@ -7,8 +7,8 @@ There is a `docker-compose` stack here, it's mostly for reference and hosting th Create a .env `cp .env.example .env` then fill in the database credentials. ```bash -docker-compose up -docker-compose exec -it php drush si --existing-config --account-name=admin -y +docker-compose up -d +docker-compose exec -it cli drush si --existing-config --account-name=admin -y ``` To expose the site on port 80, create a `docker-compose.override.yml` file with the following: @@ -17,7 +17,7 @@ To expose the site on port 80, create a `docker-compose.override.yml` file with services: nginx: ports: - - 80:80 + - 80:8080 ``` ## Cleaning up diff --git a/.docker/cli.dockerfile b/.docker/cli.dockerfile new file mode 100644 index 0000000..65617c2 --- /dev/null +++ b/.docker/cli.dockerfile @@ -0,0 +1,9 @@ +FROM uselagoon/php-8.1-cli:latest + +ENV WEBROOT web +ENV PATH "/app/vendor/bin:${PATH}" + +COPY ./composer.* /app/ +RUN composer install --no-dev --no-interaction --optimize-autoloader + +COPY . /app diff --git a/.docker/nginx.conf b/.docker/nginx.conf deleted file mode 100644 index 5e6489c..0000000 --- a/.docker/nginx.conf +++ /dev/null @@ -1,134 +0,0 @@ -# https://www.nginx.com/resources/wiki/start/topics/recipes/drupal/ - -map $http_x_forwarded_proto $fcgi_https { - default off; - https on; -} - -server { - server_name _; - root /app/web; - - client_max_body_size 32M; - - location = /favicon.ico { - log_not_found off; - access_log off; - } - - location = /robots.txt { - allow all; - log_not_found off; - access_log off; - } - - # Very rarely should these ever be accessed outside of your lan - location ~* \.(txt|log)$ { - allow 192.168.0.0/16; - deny all; - } - - location ~ \..*/.*\.php$ { - return 403; - } - - location ~ ^/sites/.*/private/ { - return 403; - } - - # Block access to scripts in site files directory - location ~ ^/sites/[^/]+/files/.*\.php$ { - deny all; - } - - # Allow "Well-Known URIs" as per RFC 5785 - location ~* ^/.well-known/ { - allow all; - } - - # Block access to "hidden" files and directories whose names begin with a - # period. This includes directories used by version control systems such - # as Subversion or Git to store control files. - location ~ (^|/)\. { - return 403; - } - - location / { - # try_files $uri @rewrite; # For Drupal <= 6 - try_files $uri /index.php?$query_string; # For Drupal >= 7 - } - - location @rewrite { - #rewrite ^/(.*)$ /index.php?q=$1; # For Drupal <= 6 - rewrite ^ /index.php; # For Drupal >= 7 - } - - # Don't allow direct access to PHP files in the vendor directory. - location ~ /vendor/.*\.php$ { - deny all; - return 404; - } - - # Protect files and directories from prying eyes. - location ~* \.(engine|inc|install|make|module|profile|po|sh|.*sql|theme|twig|tpl(\.php)?|xtmpl|yml)(~|\.sw[op]|\.bak|\.orig|\.save)?$|^(\.(?!well-known).*|Entries.*|Repository|Root|Tag|Template|composer\.(json|lock)|web\.config)$|^#.*#$|\.php(~|\.sw[op]|\.bak|\.orig|\.save)$ { - deny all; - return 404; - } - - # In Drupal 8, we must also match new paths where the '.php' appears in - # the middle, such as update.php/selection. The rule we use is strict, - # and only allows this pattern with the update.php front controller. - # This allows legacy path aliases in the form of - # blog/index.php/legacy-path to continue to route to Drupal nodes. If - # you do not have any paths like that, then you might prefer to use a - # laxer rule, such as: - # location ~ \.php(/|$) { - # The laxer rule will continue to work if Drupal uses this new URL - # pattern with front controllers other than update.php in a future - # release. - location ~ '\.php$|^/update.php' { - fastcgi_split_path_info ^(.+?\.php)(|/.*)$; - # Ensure the php file exists. Mitigates CVE-2019-11043 - try_files $fastcgi_script_name =404; - # Security note: If you're running a version of PHP older than the - # latest 5.3, you should have "cgi.fix_pathinfo = 0;" in php.ini. - # See http://serverfault.com/q/627903/94922 for details. - include fastcgi_params; - # Block httpoxy attacks. See https://httpoxy.org/. - fastcgi_param HTTP_PROXY ""; - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - fastcgi_param PATH_INFO $fastcgi_path_info; - fastcgi_param QUERY_STRING $query_string; - fastcgi_param HTTPS $fcgi_https; - fastcgi_intercept_errors on; - # PHP 5 socket location. - #fastcgi_pass unix:/var/run/php5-fpm.sock; - # PHP 7 socket location. - fastcgi_pass php:9000; - } - - location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { - try_files $uri @rewrite; - expires max; - log_not_found off; - } - - # Fighting with Styles? This little gem is amazing. - # location ~ ^/sites/.*/files/imagecache/ { # For Drupal <= 6 - location ~ ^/sites/.*/files/styles/ { # For Drupal >= 7 - try_files $uri @rewrite; - } - - # Handle private files through Drupal. Private file's path can come - # with a language prefix. - location ~ ^(/[a-z\-]+)?/system/files/ { # For Drupal >= 7 - try_files $uri /index.php?$query_string; - } - - # Enforce clean URLs - # Removes index.php from urls like www.example.com/index.php/my-page --> www.example.com/my-page - # Could be done with 301 for permanent or other redirect codes. - if ($request_uri ~* "^(.*/)index\.php/(.*)") { - return 307 $1$2; - } -} \ No newline at end of file diff --git a/.docker/nginx.dockerfile b/.docker/nginx.dockerfile index b3111a6..6ca2432 100644 --- a/.docker/nginx.dockerfile +++ b/.docker/nginx.dockerfile @@ -1,8 +1,9 @@ -ARG PHP_IMAGE -FROM ${PHP_IMAGE} as php +ARG CLI_IMAGE +FROM ${CLI_IMAGE} as cli -FROM nginx:1-alpine +FROM uselagoon/nginx-drupal:latest -COPY .docker/nginx.conf /etc/nginx/conf.d/default.conf +ENV WEBROOT web +ENV BASIC_AUTH off -COPY --from=php /app /app +COPY --from=cli /app /app diff --git a/.docker/php.dockerfile b/.docker/php.dockerfile index a0ad12c..8ed4b05 100644 --- a/.docker/php.dockerfile +++ b/.docker/php.dockerfile @@ -1,31 +1,6 @@ -FROM php:8.1-fpm-alpine +ARG CLI_IMAGE +FROM ${CLI_IMAGE} as cli -WORKDIR /app - -ENV MEMCACHED_DEPS zlib-dev libmemcached-dev cyrus-sasl-dev -ENV COMPOSER_ALLOW_SUPERUSER 1 - -RUN set -xe \ - && apk add --no-cache --update --virtual .phpize-deps $PHPIZE_DEPS \ - && apk add --no-cache --update --virtual .memcached-deps $MEMCACHED_DEPS \ - && apk add --no-cache --update oniguruma-dev libpng-dev libwebp-dev jpeg-dev libjpeg-turbo-dev freetype-dev libmemcached-libs zlib mysql-client tzdata ca-certificates zip git bash \ - && update-ca-certificates \ - && docker-php-ext-configure gd --with-freetype --with-webp --with-jpeg \ - && docker-php-ext-install pdo_mysql mbstring opcache gd \ - && pecl install memcache \ - && docker-php-ext-enable memcache \ - && docker-php-source delete \ - && rm -rf /tmp/* /var/cache/* /usr/src/* \ - && ln -sf /app/vendor/bin/drush /usr/local/bin/drush \ - && apk del .memcached-deps .phpize-deps - -COPY .docker/php.ini /usr/local/etc/php/conf.d/zzz-custom.ini - -# Composer install all assets -COPY --from=composer:latest /usr/bin/composer /usr/local/bin/composer -COPY composer.json composer.lock ./ -RUN composer install --no-dev --profile --no-interaction && composer clear-cache - -# Copy application files -COPY . . +FROM uselagoon/php-8.1-fpm:latest +COPY --from=cli /app /app diff --git a/.docker/php.ini b/.docker/php.ini deleted file mode 100644 index 8d57999..0000000 --- a/.docker/php.ini +++ /dev/null @@ -1,22 +0,0 @@ - - -upload_max_filesize=32M -post_max_size=32M -max_execution_time=300 - -display_errors=off -error_reporting=off -display_startup_errors=off - -[Date] -date.timezone = "Australia/Melbourne" - -[opcache] -opcache.enable=1 -opcache.revalidate_freq=0 -opcache.validate_timestamps=0 -opcache.memory_consumption=128 -opcache.interned_strings_buffer=16 -opcache.max_accelerated_files=40000 -opcache.save_comments=1 -opcache.fast_shutdown=1 diff --git a/.dockerignore b/.dockerignore index 8685319..3b09625 100644 --- a/.dockerignore +++ b/.dockerignore @@ -1,6 +1,5 @@ # Default ignores .git -.DS_Store /vendor/ **/node_modules/ **/*.sql @@ -10,3 +9,10 @@ # Volumes /private/ **/web/sites/*/files/ + +# Trash +.DS_Store +Thumbs.db +ehthumbs.db +*.tmp +*.swp diff --git a/.gitignore b/.gitignore index 6e9c9ac..e638dcf 100644 --- a/.gitignore +++ b/.gitignore @@ -39,8 +39,12 @@ node_modules .lando.local.yml /docker-compose.override.yml -# OS Annoyances +# Trash .DS_Store +Thumbs.db +ehthumbs.db +*.tmp +*.swp # Ignore files generated by editors /.idea/ diff --git a/docker-compose.yml b/docker-compose.yml index c042671..899814b 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -1,4 +1,3 @@ - x-volumes: &default-volumes volumes: @@ -6,6 +5,38 @@ x-volumes: - ./web/sites/default/files:/app/web/sites/default/files:delegated services: + cli: + image: &cli-image ${COMPOSE_PROJECT_NAME:-drupal}-cli + build: + context: . + dockerfile: .docker/cli.dockerfile + <<: *default-volumes + depends_on: + database: + condition: service_healthy + memcached: + condition: service_started + + php: + build: + context: . + dockerfile: .docker/php.dockerfile + args: + CLI_IMAGE: *cli-image + <<: *default-volumes + depends_on: + - cli + + nginx: + build: + context: . + dockerfile: .docker/nginx.dockerfile + args: + CLI_IMAGE: *cli-image + <<: *default-volumes + depends_on: + - cli + database: image: mariadb:11.0 volumes: @@ -25,27 +56,5 @@ services: environment: MEMCACHED_MAX_ITEM_SIZE: 8388608 - php: - image: &php-image ${COMPOSE_PROJECT_NAME:-drupal}-php - build: - context: . - dockerfile: .docker/php.dockerfile - <<: *default-volumes - depends_on: - database: - condition: service_healthy - memcached: - condition: service_started - - nginx: - build: - context: . - dockerfile: .docker/nginx.dockerfile - args: - PHP_IMAGE: *php-image - <<: *default-volumes - depends_on: - - php - volumes: mariadb: