POC: Introduce Debian Stretch with Nginx

.travis.yml

@@ -1,41 +1,10 @@
 language: bash
 services: docker
-
+# ##
+# other image variants were temporary disabled in update.sh:L243 due the simplified CI 
+# ##
 env:
-  - VERSION=7.3 VARIANT=stretch/cli
-  - VERSION=7.3 VARIANT=stretch/apache
-  - VERSION=7.3 VARIANT=stretch/fpm
-  - VERSION=7.3 VARIANT=stretch/zts
-  - VERSION=7.3 VARIANT=alpine3.9/cli
-  - VERSION=7.3 VARIANT=alpine3.9/fpm
-  - VERSION=7.3 VARIANT=alpine3.9/zts
-  - VERSION=7.3 VARIANT=alpine3.8/cli
-  - VERSION=7.3 VARIANT=alpine3.8/fpm
-  - VERSION=7.3 VARIANT=alpine3.8/zts
-  - VERSION=7.2 VARIANT=stretch/cli
-  - VERSION=7.2 VARIANT=stretch/apache
-  - VERSION=7.2 VARIANT=stretch/fpm
-  - VERSION=7.2 VARIANT=stretch/zts
-  - VERSION=7.2 VARIANT=alpine3.9/cli
-  - VERSION=7.2 VARIANT=alpine3.9/fpm
-  - VERSION=7.2 VARIANT=alpine3.9/zts
-  - VERSION=7.2 VARIANT=alpine3.8/cli
-  - VERSION=7.2 VARIANT=alpine3.8/fpm
-  - VERSION=7.2 VARIANT=alpine3.8/zts
-  - VERSION=7.1 VARIANT=stretch/cli
-  - VERSION=7.1 VARIANT=stretch/apache
-  - VERSION=7.1 VARIANT=stretch/fpm
-  - VERSION=7.1 VARIANT=stretch/zts
-  - VERSION=7.1 VARIANT=jessie/cli
-  - VERSION=7.1 VARIANT=jessie/apache
-  - VERSION=7.1 VARIANT=jessie/fpm
-  - VERSION=7.1 VARIANT=jessie/zts
-  - VERSION=7.1 VARIANT=alpine3.9/cli
-  - VERSION=7.1 VARIANT=alpine3.9/fpm
-  - VERSION=7.1 VARIANT=alpine3.9/zts
-  - VERSION=7.1 VARIANT=alpine3.8/cli
-  - VERSION=7.1 VARIANT=alpine3.8/fpm
-  - VERSION=7.1 VARIANT=alpine3.8/zts
+  - VERSION=7.3 VARIANT=stretch/nginxFPM
 
 install:
   - git clone https://github.com/docker-library/official-images.git ~/official-images

7.3/stretch/nginxFPM/Dockerfile

@@ -0,0 +1,316 @@
+#
+# NOTE: THIS DOCKERFILE IS GENERATED VIA "update.sh"
+#
+# PLEASE DO NOT EDIT IT DIRECTLY.
+#
+
+FROM debian:stretch-slim
+
+# prevent Debian's PHP packages from being installed
+# https://github.com/docker-library/php/pull/542
+RUN set -eux; \
+	{ \
+		echo 'Package: php*'; \
+		echo 'Pin: release *'; \
+		echo 'Pin-Priority: -1'; \
+	} > /etc/apt/preferences.d/no-debian-php
+
+# dependencies required for running "phpize"
+# (see persistent deps below)
+ENV PHPIZE_DEPS \
+		autoconf \
+		dpkg-dev \
+		file \
+		g++ \
+		gcc \
+		libc-dev \
+		make \
+		pkg-config \
+		re2c
+
+# persistent / runtime deps
+RUN apt-get update && apt-get install -y \
+		$PHPIZE_DEPS \
+		ca-certificates \
+		curl \
+		xz-utils \
+	--no-install-recommends && rm -r /var/lib/apt/lists/*
+
+ENV PHP_INI_DIR /usr/local/etc/php
+RUN set -eux; \
+	mkdir -p "$PHP_INI_DIR/conf.d"; \
+# allow running as an arbitrary user (https://github.com/docker-library/php/issues/743)
+	[ ! -d /var/www/html ]; \
+	mkdir -p /var/www/html; \
+	chown www-data:www-data /var/www/html; \
+	chmod 777 /var/www/html
+
+##<autogenerated>##
+# ##
+# file name: nginxFPM-Dockerfile-block-1
+# Author: Malanik Jan
+# Email: malanik (_dot_) jan (_at_) gmail (_dot_) com
+# Description: First Dockerfile snippet with Nginx installation
+#TODO: [WARNING]: Empty continuation lines will become errors in a future release.
+# ##
+
+ENV NGINX_CONFDIR /etc/nginx
+ENV NGINX_ENVVARS $NGINX_CONFDIR/envvars
+
+RUN set -eux; \
+  apt-get update; \
+  apt-get install -y --no-install-recommends nginx libnginx-mod-http-perl psmisc vim apt-file procps;
+
+COPY envvars ${NGINX_CONFDIR}
+
+RUN set -eux; \
+# generically convert lines like
+#   export NGINX_RUN_USER=nginx
+# into
+#   : ${NGINX_RUN_USER:=nginx}
+#   export NGINX_RUN_USER
+# so that they can be overridden at runtime ("-e NGINX_RUN_USER=...")
+	sed -ri 's/^export ([^=]+)=(.*)$/: ${\1:=\2}\nexport \1/' "$NGINX_ENVVARS";  \
+\
+# setup directories and permissions
+	. "$NGINX_ENVVARS"; \
+	for dir in \
+		"$NGINX_LOCK_DIR" \
+		"$NGINX_RUN_DIR" \
+		"$NGINX_LOG_DIR" \
+	; do \
+		rm -rvf "$dir"; \
+		mkdir -p "$dir"; \
+		chown "$NGINX_RUN_USER:$NGINX_RUN_GROUP" "$dir"; \
+# allow running as an arbitrary user (https://github.com/docker-library/php/issues/743)
+		chmod 777 "$dir"; \
+	done; \
+	\
+# delete the "index.html" that installing Nginx drops in here
+	rm -rvf /var/www/html/*; \
+	\
+# logs should go to stdout / stderr
+	ln -sfT /dev/stderr "$NGINX_LOG_DIR/error.log"; \
+	ln -sfT /dev/stdout "$NGINX_LOG_DIR/access.log"; \
+	ln -sfT /dev/stdout "$NGINX_LOG_DIR/other_vhosts_access.log"; \
+	chown -R --no-dereference "$NGINX_RUN_USER:$NGINX_RUN_GROUP" "$NGINX_LOG_DIR"
+RUN set -eux; \
+  sed -i '3 a    application/x-httpd-php  php;' "${NGINX_CONFDIR}/mime.types"
+
+#ENV PHP_EXTRA_BUILD_DEPS 
+ENV PHP_EXTRA_CONFIGURE_ARGS  --enable-fpm --with-fpm-user=www-data --with-fpm-group=www-data --disable-cgi
+##</autogenerated>##
+
+# Apply stack smash protection to functions using local buffers and alloca()
+# Make PHP's main executable position-independent (improves ASLR security mechanism, and has no performance impact on x86_64)
+# Enable optimization (-O2)
+# Enable linker optimization (this sorts the hash buckets to improve cache locality, and is non-default)
+# Adds GNU HASH segments to generated executables (this is used if present, and is much faster than sysv hash; in this configuration, sysv hash is also generated)
+# https://github.com/docker-library/php/issues/272
+ENV PHP_CFLAGS="-fstack-protector-strong -fpic -fpie -O2"
+ENV PHP_CPPFLAGS="$PHP_CFLAGS"
+ENV PHP_LDFLAGS="-Wl,-O1 -Wl,--hash-style=both -pie"
+
+ENV GPG_KEYS CBAF69F173A0FEA4B537F470D66C9593118BCCB6 F38252826ACD957EF380D39F2F7956BC5DA04B5D
+
+ENV PHP_VERSION 7.3.4
+ENV PHP_URL="https://www.php.net/get/php-7.3.4.tar.xz/from/this/mirror" PHP_ASC_URL="https://www.php.net/get/php-7.3.4.tar.xz.asc/from/this/mirror"
+ENV PHP_SHA256="6fe79fa1f8655f98ef6708cde8751299796d6c1e225081011f4104625b923b83" PHP_MD5=""
+
+RUN set -xe; \
+	\
+	fetchDeps=' \
+		wget \
+	'; \
+	if ! command -v gpg > /dev/null; then \
+		fetchDeps="$fetchDeps \
+			dirmngr \
+			gnupg \
+		"; \
+	fi; \
+	apt-get update; \
+	apt-get install -y --no-install-recommends $fetchDeps; \
+	rm -rf /var/lib/apt/lists/*; \
+	\
+	mkdir -p /usr/src; \
+	cd /usr/src; \
+	\
+	wget -O php.tar.xz "$PHP_URL"; \
+	\
+	if [ -n "$PHP_SHA256" ]; then \
+		echo "$PHP_SHA256 *php.tar.xz" | sha256sum -c -; \
+	fi; \
+	if [ -n "$PHP_MD5" ]; then \
+		echo "$PHP_MD5 *php.tar.xz" | md5sum -c -; \
+	fi; \
+	\
+	if [ -n "$PHP_ASC_URL" ]; then \
+		wget -O php.tar.xz.asc "$PHP_ASC_URL"; \
+		export GNUPGHOME="$(mktemp -d)"; \
+		for key in $GPG_KEYS; do \
+			gpg --batch --keyserver ha.pool.sks-keyservers.net --recv-keys "$key"; \
+		done; \
+		gpg --batch --verify php.tar.xz.asc php.tar.xz; \
+		command -v gpgconf > /dev/null && gpgconf --kill all; \
+		rm -rf "$GNUPGHOME"; \
+	fi; \
+	\
+	apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false $fetchDeps
+
+COPY docker-php-source /usr/local/bin/
+
+RUN set -eux; \
+	\
+	savedAptMark="$(apt-mark showmanual)"; \
+	apt-get update; \
+	apt-get install -y --no-install-recommends \
+		libcurl4-openssl-dev \
+		libedit-dev \
+		libsodium-dev \
+		libsqlite3-dev \
+		libssl-dev \
+		libxml2-dev \
+		zlib1g-dev \
+		${PHP_EXTRA_BUILD_DEPS:-} \
+	; \
+##<argon2>##
+	sed -e 's/stretch/buster/g' /etc/apt/sources.list > /etc/apt/sources.list.d/buster.list; \
+	{ \
+		echo 'Package: *'; \
+		echo 'Pin: release n=buster'; \
+		echo 'Pin-Priority: -10'; \
+		echo; \
+		echo 'Package: libargon2*'; \
+		echo 'Pin: release n=buster'; \
+		echo 'Pin-Priority: 990'; \
+	} > /etc/apt/preferences.d/argon2-buster; \
+	apt-get update; \
+	apt-get install -y --no-install-recommends libargon2-dev; \
+##</argon2>##
+	rm -rf /var/lib/apt/lists/*; \
+	\
+	export \
+		CFLAGS="$PHP_CFLAGS" \
+		CPPFLAGS="$PHP_CPPFLAGS" \
+		LDFLAGS="$PHP_LDFLAGS" \
+	; \
+	docker-php-source extract; \
+	cd /usr/src/php; \
+	gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \
+	debMultiarch="$(dpkg-architecture --query DEB_BUILD_MULTIARCH)"; \
+# https://bugs.php.net/bug.php?id=74125
+	if [ ! -d /usr/include/curl ]; then \
+		ln -sT "/usr/include/$debMultiarch/curl" /usr/local/include/curl; \
+	fi; \
+	./configure \
+		--build="$gnuArch" \
+		--with-config-file-path="$PHP_INI_DIR" \
+		--with-config-file-scan-dir="$PHP_INI_DIR/conf.d" \
+		\
+# make sure invalid --configure-flags are fatal errors intead of just warnings
+		--enable-option-checking=fatal \
+		\
+# https://github.com/docker-library/php/issues/439
+		--with-mhash \
+		\
+# --enable-ftp is included here because ftp_ssl_connect() needs ftp to be compiled statically (see https://github.com/docker-library/php/issues/236)
+		--enable-ftp \
+# --enable-mbstring is included here because otherwise there's no way to get pecl to use it properly (see https://github.com/docker-library/php/issues/195)
+		--enable-mbstring \
+# --enable-mysqlnd is included here because it's harder to compile after the fact than extensions are (since it's a plugin for several extensions, not an extension in itself)
+		--enable-mysqlnd \
+# https://wiki.php.net/rfc/argon2_password_hash (7.2+)
+		--with-password-argon2 \
+# https://wiki.php.net/rfc/libsodium
+		--with-sodium=shared \
+		\
+		--with-curl \
+		--with-libedit \
+		--with-openssl \
+		--with-zlib \
+		\
+# bundled pcre does not support JIT on s390x
+# https://manpages.debian.org/stretch/libpcre3-dev/pcrejit.3.en.html#AVAILABILITY_OF_JIT_SUPPORT
+		$(test "$gnuArch" = 's390x-linux-gnu' && echo '--without-pcre-jit') \
+		--with-libdir="lib/$debMultiarch" \
+		\
+		${PHP_EXTRA_CONFIGURE_ARGS:-} \
+	; \
+	make -j "$(nproc)"; \
+	find -type f -name '*.a' -delete; \
+	make install; \
+	find /usr/local/bin /usr/local/sbin -type f -executable -exec strip --strip-all '{}' + || true; \
+	make clean; \
+	\
+# https://github.com/docker-library/php/issues/692 (copy default example "php.ini" files somewhere easily discoverable)
+	cp -v php.ini-* "$PHP_INI_DIR/"; \
+	\
+	cd /; \
+	docker-php-source delete; \
+	\
+# reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies
+	apt-mark auto '.*' > /dev/null; \
+	[ -z "$savedAptMark" ] || apt-mark manual $savedAptMark; \
+	find /usr/local -type f -executable -exec ldd '{}' ';' \
+		| awk '/=>/ { print $(NF-1) }' \
+		| sort -u \
+		| xargs -r dpkg-query --search \
+		| cut -d: -f1 \
+		| sort -u \
+		| xargs -r apt-mark manual \
+	; \
+	apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \
+	\
+	php --version; \
+	\
+# https://github.com/docker-library/php/issues/443
+	pecl update-channels; \
+	rm -rf /tmp/pear ~/.pearrc
+
+COPY docker-php-ext-* docker-php-entrypoint /usr/local/bin/
+
+# sodium was built as a shared module (so that it can be replaced later if so desired), so let's enable it too (https://github.com/docker-library/php/issues/598)
+RUN docker-php-ext-enable sodium
+
+ENTRYPOINT ["docker-php-entrypoint"]
+##<autogenerated>##
+# ##
+# file name: nginxFPM-Dockerfile-block-2
+# Author: Malanik Jan
+# Email: malanik (_dot_) jan (_at_) gmail (_dot_) com
+# Description: 2nd Dockerfile snippet with Nginx installation & configuration
+# [WARNING]: Empty continuation lines will become errors in a future release.
+# ##
+ENV NGINX_USER www-data
+ENV NGINX_PIDFILE /var/run/nginx.pid
+
+# Introduce new script nginx-foreground
+# Introduce template for nginx.con
+# Introduce custome version of entrypoint
+COPY docker-php-entrypoint-nginx nginx.conf.tmpl nginx-foreground /usr/local/bin/
+
+# COPY php-fpm.conf with updated include for www.conf
+COPY php-fpm.conf /usr/local/etc
+# COPY www.conf without .default extension
+COPY www.conf /usr/local/etc/php-fpm.d
+
+# COPY php extension support for nginx
+COPY nginx.conf mime.types /etc/nginx/
+
+# COPY site with php support
+COPY sitePHP /etc/nginx/sites-enabled
+
+#testing webpage
+COPY index.php /var/www/html
+
+RUN  set -eux; \
+  chown -R www-data:www-data /var/www/html; \
+  rm /etc/nginx/sites-enabled/default;
+
+WORKDIR /var/www/html
+
+EXPOSE 80
+# will be changed to upstream for release
+ENTRYPOINT [ "docker-php-entrypoint-nginx" ]
+CMD [ "nginx-foreground" ]
+##</autogenerated>##