diff --git a/.github/workflows/pull-request.yml b/.github/workflows/pull-request.yml index c00c7e01..f5d5ea16 100644 --- a/.github/workflows/pull-request.yml +++ b/.github/workflows/pull-request.yml @@ -35,7 +35,7 @@ jobs: fail-fast: false # TODO: Test only should be removed matrix: os_flavour: ["alpine", "debian"] - ps_version: ["1.6.1.24", "1.7.8.10", "8.1.5"] + ps_version: ["1.6.1.24", "1.7.8.10", "8.1.6"] server_flavour: ["fpm", "nginx", "apache"] steps: - name: Checkout repository @@ -50,7 +50,7 @@ jobs: TARGET_PLATFORM: ${{ env.TARGET_PLATFORM }} - name: Test the image - run: docker run --env PS_DOMAIN='localhost:80' $DOCKER_IMAGE cat VERSION -# run: docker run --env PS_DOMAIN='localhost:80' --entrypoint cat $DOCKER_IMAGE cat VERSION + timeout-minutes: 10 + run: docker run --rm -t --env PS_DOMAIN='localhost:80' --entrypoint /bin/sh $DOCKER_IMAGE cat VERSION env: DOCKER_IMAGE: prestashop/prestashop:${{ matrix.ps_version }}-${{ matrix.os_flavour }} diff --git a/assets/docker_run.sh b/assets/docker_run.sh index bcc0f9e0..ba7dc2e1 100755 --- a/assets/docker_run.sh +++ b/assets/docker_run.sh @@ -18,7 +18,7 @@ elif [ "$DB_SERVER" != "" -a $PS_INSTALL_AUTO = 1 ]; then sleep 5 fi done - echo "\n* DB server $DB_SERVER is available, let's continue !" + echo "\n* DB server $DB_SERVER is available, let's continue!" fi # From now, stop at error @@ -128,7 +128,7 @@ if [ $PS_DEMO_MODE -ne 0 ]; then sed -ie "s/define('_PS_MODE_DEMO_', false);/define('_PS_MODE_DEMO_',\ true);/g" /var/www/html/config/defines.inc.php fi -echo "\n* Almost ! Starting web server now\n"; +echo "\n* Almost! Starting web server now\n"; if [ -d /tmp/init-scripts/ ]; then echo "\n* Running init script(s)..." diff --git a/assets/nginx.conf b/assets/nginx.conf new file mode 100644 index 00000000..b9ccfe19 --- /dev/null +++ b/assets/nginx.conf @@ -0,0 +1,147 @@ +user www-data www-data; +worker_processes 1; + +events { + worker_connections 1024; +} + +http { + include mime.types; + default_type application/octet-stream; + + sendfile on; + keepalive_timeout 65; + + gzip on; + gzip_disable "msie6"; + gzip_vary on; + gzip_proxied any; + gzip_types + application/atom+xml + application/geo+json + application/javascript + application/json + application/ld+json + application/manifest+json + application/rdf+xml + application/rss+xml + application/x-javascript + application/xhtml+xml + application/xml + font/eot + font/otf + font/ttf + image/svg+xml + text/css + text/javascript + text/plain + text/xml; + + # Source: https://devdocs.prestashop-project.org/8/basics/installation/nginx/ + # Other optimizasions: https://medium.com/@jituboss/nginx-and-php-fpm-optimization-for-high-traffic-web-applications-f790bf1b30fb + server { + listen 80; + server_name localhost; + + error_log /dev/stdout notice; + access_log /dev/stdout; + + root /var/www/html; + + index index.php; + + # This should match the `post_max_size` and/or `upload_max_filesize` in your php.ini. + client_max_body_size 40M; + + # Uploaded files temporary dir + client_body_temp_path /tmp/client_body; + + error_page 404 /index.php?controller=404; + + # Enable browser cache + location ~* \.(?:css|eot|gif|ico|jpe?g|otf|png|ttf|woff2?)$ { + expires 1d; + add_header Cache-Control "public"; + } + + # Disable logs + location = /favicon.ico { + access_log off; + log_not_found off; + } + + location = /admin-dev/robots.txt { + access_log off; + log_not_found off; + } + + # Images + rewrite ^/(\d)(-[\w-]+)?/.+\.jpg$ /img/p/$1/$1$2.jpg last; + rewrite ^/(\d)(\d)(-[\w-]+)?/.+\.jpg$ /img/p/$1/$2/$1$2$3.jpg last; + rewrite ^/(\d)(\d)(\d)(-[\w-]+)?/.+\.jpg$ /img/p/$1/$2/$3/$1$2$3$4.jpg last; + rewrite ^/(\d)(\d)(\d)(\d)(-[\w-]+)?/.+\.jpg$ /img/p/$1/$2/$3/$4/$1$2$3$4$5.jpg last; + rewrite ^/(\d)(\d)(\d)(\d)(\d)(-[\w-]+)?/.+\.jpg$ /img/p/$1/$2/$3/$4/$5/$1$2$3$4$5$6.jpg last; + rewrite ^/(\d)(\d)(\d)(\d)(\d)(\d)(-[\w-]+)?/.+\.jpg$ /img/p/$1/$2/$3/$4/$5/$6/$1$2$3$4$5$6$7.jpg last; + rewrite ^/(\d)(\d)(\d)(\d)(\d)(\d)(\d)(-[\w-]+)?/.+\.jpg$ /img/p/$1/$2/$3/$4/$5/$6/$7/$1$2$3$4$5$6$7$8.jpg last; + rewrite ^/(\d)(\d)(\d)(\d)(\d)(\d)(\d)(\d)(-[\w-]+)?/.+\.jpg$ /img/p/$1/$2/$3/$4/$5/$6/$7/$8/$1$2$3$4$5$6$7$8$9.jpg last; + rewrite ^/c/([\w.-]+)/.+\.jpg$ /img/c/$1.jpg last; + + # AlphaImageLoader for IE and FancyBox. + rewrite ^images_ie/?([^/]+)\.(gif|jpe?g|png)$ js/jquery/plugins/fancybox/images/$1.$2 last; + + # Web service API. + rewrite ^/api/?(.*)$ /webservice/dispatcher.php?url=$1 last; + + # .htaccess, .DS_Store, .htpasswd, etc. + location ~ /\. { + deny all; + } + + # Source code directories. + location ~ ^/(app|bin|cache|classes|config|controllers|docs|localization|override|src|tests|tools|translations|var|vendor)/ { + deny all; + } + + # vendor in modules directory. + location ~ ^/modules/.*/vendor/ { + deny all; + } + + # Prevent exposing other sensitive files. + location ~ \.(log|tpl|twig|sass|yml)$ { + deny all; + } + + # Prevent injection of PHP files. + location /img { + location ~ \.php$ { deny all; } + } + + location /upload { + location ~ \.php$ { deny all; } + } + + location = / { + rewrite ^ /index.php last; + } + + location / { + try_files $uri $uri/ /index.php$is_args$args; + } + + location ~ \.php$ { + try_files $fastcgi_script_name =404; + + include fastcgi_params; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + + fastcgi_index index.php; + + fastcgi_keep_conn on; + fastcgi_read_timeout 30s; + fastcgi_send_timeout 30s; + + fastcgi_pass unix:/var/run/php/php-fpm.sock; + } + } +} diff --git a/assets/php-fpm-local.conf b/assets/php-fpm-local.conf new file mode 100644 index 00000000..0ba60ec9 --- /dev/null +++ b/assets/php-fpm-local.conf @@ -0,0 +1,21 @@ +[global] +pid = /var/run/php/fpm.pid +error_log = /proc/self/fd/2 + +[www] +listen = /var/run/php/php-fpm.sock +listen.owner = www-data +listen.group = www-data +; ignored when FPM is not running as root +user = www-data +group = www-data + +pm = dynamic +pm.max_children = 5 +pm.start_servers = 2 +pm.min_spare_servers = 1 +pm.max_spare_servers = 3 + +php_admin_value[memory_limit]=-1 +php_admin_value[post_max_size]=42M +php_admin_value[upload_max_filesize]=42M diff --git a/assets/php-fpm-standalone.conf b/assets/php-fpm-standalone.conf new file mode 100644 index 00000000..b8933f86 --- /dev/null +++ b/assets/php-fpm-standalone.conf @@ -0,0 +1,21 @@ +[global] +pid = /var/run/php/fpm.pid +error_log = /proc/self/fd/2 + +[www] +listen = 0.0.0.0:9000 +listen.owner = www-data +listen.group = www-data +; ignored when FPM is not running as root +user = www-data +group = www-data + +pm = dynamic +pm.max_children = 5 +pm.start_servers = 2 +pm.min_spare_servers = 1 +pm.max_spare_servers = 3 + +php_admin_value[memory_limit]=-1 +php_admin_value[post_max_size]=42M +php_admin_value[upload_max_filesize]=42M diff --git a/build.sh b/build.sh index 892275f9..9bfb089c 100755 --- a/build.sh +++ b/build.sh @@ -105,17 +105,26 @@ get_target_images() { local PHP_VERSION=${3:-}; local OS_FLAVOUR=${4:-}; declare RES; - if [ "$PS_VERSION" = "$(get_latest_prestashop_version)" ] && [ "$OS_FLAVOUR" = "$DEFAULT_OS" ]; then - RES="-t ${DEFAULT_DOCKER_IMAGE}:latest"; - fi - if [ "$OS_FLAVOUR" = "$DEFAULT_OS" ]; then - RES="${RES} -t ${DEFAULT_DOCKER_IMAGE}:${PS_VERSION}-${PHP_VERSION}"; - if [ "$PHP_VERSION" = "$(get_recommended_php_version "$PS_VERSION")" ]; then - RES="${RES} -t ${DEFAULT_DOCKER_IMAGE}:${PS_VERSION}"; + if [ "$PS_VERSION" == "nightly" ]; then + if [ "$OS_FLAVOUR" = "$DEFAULT_OS" ]; then + RES="-t ${DEFAULT_DOCKER_IMAGE}:nightly"; + else + RES="-t ${DEFAULT_DOCKER_IMAGE}:nightly-${OS_FLAVOUR}"; + fi + else + if [ "$PS_VERSION" = "$(get_latest_prestashop_version)" ] && [ "$OS_FLAVOUR" = "$DEFAULT_OS" ] && [ "$PHP_VERSION" = "$(get_recommended_php_version "$PS_VERSION")" ]; then + RES="-t ${DEFAULT_DOCKER_IMAGE}:latest"; + fi + if [ "$OS_FLAVOUR" = "$DEFAULT_OS" ]; then + RES="${RES} -t ${DEFAULT_DOCKER_IMAGE}:${PS_VERSION}-${PHP_VERSION}"; + if [ "$PHP_VERSION" = "$(get_recommended_php_version "$PS_VERSION")" ]; then + RES="${RES} -t ${DEFAULT_DOCKER_IMAGE}:${PS_VERSION}"; + RES="${RES} -t ${DEFAULT_DOCKER_IMAGE}:php-${PHP_VERSION}"; + fi fi + RES="${RES} -t ${DEFAULT_DOCKER_IMAGE}:${PS_VERSION}-${PHP_FLAVOUR}"; + RES="${RES} -t ${DEFAULT_DOCKER_IMAGE}:${PS_VERSION}-${OS_FLAVOUR}"; fi - RES="${RES} -t ${DEFAULT_DOCKER_IMAGE}:${PS_VERSION}-${PHP_FLAVOUR}"; - RES="${RES} -t ${DEFAULT_DOCKER_IMAGE}:${PS_VERSION}-${OS_FLAVOUR}"; echo "$RES"; } @@ -168,9 +177,9 @@ docker buildx build \ --build-arg GIT_SHA="$GIT_SHA" \ --build-arg ZIP_SOURCE="$ZIP_SOURCE" \ --label org.opencontainers.image.title="PrestaShop" \ - --label org.opencontainers.image.description="PrestaShop docker image" \ + --label org.opencontainers.image.description="PrestaShop official docker image" \ --label org.opencontainers.image.source=https://github.com/PrestaShop/docker \ - --label org.opencontainers.image.url=https://github.com/PrestaShop/docker \ + --label org.opencontainers.image.url=https://hub.docker.com/r/prestashop/prestashop \ --label org.opencontainers.image.licenses=MIT \ --label org.opencontainers.image.created="$(date -u +"%Y-%m-%dT%H:%M:%S.%3NZ")" \ "${TARGET_IMAGES[@]}" \ diff --git a/docker/alpine.Dockerfile b/docker/alpine.Dockerfile index 813e33f8..d05e9a3d 100644 --- a/docker/alpine.Dockerfile +++ b/docker/alpine.Dockerfile @@ -42,7 +42,7 @@ COPY ./assets/php-configuration.sh /tmp/ # Install base tools RUN \ apk --no-cache add -U \ - ca-certificates geoip tzdata zip curl jq make \ + ca-certificates geoip tzdata zip curl jq make fcgi \ gnu-libiconv php-common mariadb-client oniguruma-dev \ zlib-dev libzip-dev libjpeg-turbo-dev libpng-dev \ icu-dev libmcrypt-dev libxml2 libxml2-dev \ @@ -59,16 +59,52 @@ php-fpm -D\n\ /usr/sbin/httpd -D FOREGROUND\n\ ' > /usr/bin/apache-foreground; \ chmod +x /usr/bin/apache-foreground; \ +elif [ "$SERVER_FLAVOUR" = "nginx" ]; then \ + apk --no-cache add -U nginx nginx-mod-http-headers-more nginx-mod-http-geoip \ + nginx-mod-stream nginx-mod-stream-geoip; \ + printf '\ +#!/bin/sh\n\ +php-fpm -D\n\ +nginx -g "daemon off;"\n\ + ' > /usr/bin/nginx-foreground; \ + chmod +x /usr/bin/nginx-foreground; \ fi +## Healthcheck +RUN if [ "$SERVER_FLAVOUR" = "apache" ]; then \ + printf '\ + #!/bin/sh\n\ + curl -Isf http://localhost:80/robots.txt || exit 1' > /tmp/healthcheck; \ + elif [ "$SERVER_FLAVOUR" = "nginx" ]; then \ + printf '\ + #!/bin/sh\n\ + curl -Isf http://localhost:80/robots.txt || exit 1' > /tmp/healthcheck; \ + else \ + printf '\ + #!/bin/sh\n\ + cgi-fcgi -bind -connect localhost:9000' > /tmp/healthcheck; \ + fi; \ + chmod +x /tmp/healthcheck; + +# Add configuration +COPY ./assets/nginx.conf /tmp/ +COPY ./assets/php-fpm*.conf /tmp/ + # The PrestaShop docker entrypoint COPY ./assets/docker_run.sh /tmp/ RUN if [ "$SERVER_FLAVOUR" = "fpm" ]; then \ - sed -i 's/{PHP_CMD}/php-fpm/' /tmp/docker_run.sh; \ + sed -i 's/{PHP_CMD}/php-fpm -R/' /tmp/docker_run.sh; \ + mv /tmp/php-fpm-standalone.conf /usr/local/etc/php-fpm.conf; \ + elif [ "$SERVER_FLAVOUR" = "nginx" ]; then \ + sed -i 's/{PHP_CMD}/nginx-foreground/' /tmp/docker_run.sh; \ + mv /tmp/php-fpm-local.conf /usr/local/etc/php-fpm.conf; \ + mv /tmp/nginx.conf /etc/nginx/nginx.conf; \ + mkdir -p /var/run/php; \ else \ - sed -i 's/{PHP_CMD}/apache2-foreground/' /tmp/docker_run.sh; \ - fi + sed -i 's/{PHP_CMD}/apache2-foreground/' /tmp/docker_run.sh; \ + fi; \ + rm -rf /tmp/*.conf; # Handling a dynamic domain # Probably, or at least its usage must be described in the README file @@ -128,7 +164,7 @@ LABEL maintainer="PrestaShop Core Team " COPY --chown=www-data:www-data --from=alpine-download-prestashop ${PS_FOLDER} ${PS_FOLDER} HEALTHCHECK --interval=5s --timeout=5s --retries=10 --start-period=10s \ - CMD curl -Isf http://localhost:80/robots.txt || exit 1 + CMD /tmp/healthcheck EXPOSE 80 diff --git a/docker/debian.Dockerfile b/docker/debian.Dockerfile index 7304038d..e05c04a9 100644 --- a/docker/debian.Dockerfile +++ b/docker/debian.Dockerfile @@ -56,10 +56,12 @@ RUN export DEBIAN_FRONTEND=noninteractive \ libzip-dev \ unzip \ wget \ + libfcgi-bin \ && /tmp/php-configuration.sh \ && apt-get clean \ && rm -rf /var/lib/apt/lists/* +## Server configuration # see: https://github.com/docker-library/php/blob/master/8.3/bullseye/apache/apache2-foreground RUN if [ "$SERVER_FLAVOUR" = "apache" ]; then \ export DEBIAN_FRONTEND=noninteractive \ @@ -70,18 +72,60 @@ RUN if [ "$SERVER_FLAVOUR" = "apache" ]; then \ apache2-utils \ && apt-get clean \ && rm -rf /var/lib/apt/lists/* \ - wget -O /usr/local/bin/apache2-foreground "https://raw.githubusercontent.com/docker-library/php/master/8.3/bullseye/apache/apache2-foreground"; \ - chmod +x /usr/local/bin/apache2-foreground; \ -fi + && wget -O /usr/local/bin/apache2-foreground "https://raw.githubusercontent.com/docker-library/php/master/8.3/bullseye/apache/apache2-foreground" \ + && chmod +x /usr/local/bin/apache2-foreground; \ + elif [ "$SERVER_FLAVOUR" = "nginx" ]; then \ + export DEBIAN_FRONTEND=noninteractive \ + && apt-get update \ + && apt-get install --no-install-recommends -qqy \ + nginx libnginx-mod-http-headers-more-filter libnginx-mod-http-geoip \ + libnginx-mod-http-geoip libnginx-mod-stream \ + && apt-get clean \ + && rm -rf /var/lib/apt/lists/* \ + && printf '\ +#!/bin/sh\n\ +php-fpm -D\n\ +nginx -g "daemon off;"\n\ + ' > /usr/bin/nginx-foreground \ + && chmod +x /usr/bin/nginx-foreground; \ + fi + +## Healthcheck +RUN if [ "$SERVER_FLAVOUR" = "apache" ]; then \ + printf '\ + #!/bin/sh\n\ + curl -Isf http://localhost:80/robots.txt || exit 1' > /tmp/healthcheck; \ + elif [ "$SERVER_FLAVOUR" = "nginx" ]; then \ + printf '\ + #!/bin/sh\n\ + curl -Isf http://localhost:80/robots.txt || exit 1' > /tmp/healthcheck; \ + else \ + printf '\ + #!/bin/sh\n\ + cgi-fcgi -bind -connect localhost:9000' > /tmp/healthcheck; \ + fi; \ + chmod +x /tmp/healthcheck; + +# Add configuration +COPY ./assets/nginx.conf /tmp/ +COPY ./assets/php-fpm*.conf /tmp/ # The PrestaShop docker entrypoint COPY ./assets/docker_run.sh /tmp/ -RUN if [ "$SERVER_FLAVOUR" = "fpm" ]; \ - then sed -i 's/{PHP_CMD}/php-fpm/' /tmp/docker_run.sh; \ +RUN if [ "$SERVER_FLAVOUR" = "fpm" ]; then \ + sed -i 's/{PHP_CMD}/php-fpm -F /' /tmp/docker_run.sh; \ + mv /tmp/php-fpm-standalone.conf /usr/local/etc/php-fpm.conf; \ + mkdir -p /var/run/php; \ + elif [ "$SERVER_FLAVOUR" = "nginx" ]; then \ + sed -i 's/{PHP_CMD}/nginx-foreground/' /tmp/docker_run.sh; \ + mv /tmp/php-fpm-local.conf /usr/local/etc/php-fpm.conf; \ + mv /tmp/nginx.conf /etc/nginx/nginx.conf; \ + mkdir -p /var/run/php; \ else \ - sed -i 's/{PHP_CMD}/apache2-foreground/' /tmp/docker_run.sh; \ - fi + sed -i 's/{PHP_CMD}/apache2-foreground/' /tmp/docker_run.sh; \ + fi; \ + rm -rf /tmp/*.conf # Handling a dynamic domain @@ -142,7 +186,7 @@ LABEL maintainer="PrestaShop Core Team " COPY --chown=www-data:www-data --from=debian-download-prestashop ${PS_FOLDER} ${PS_FOLDER} HEALTHCHECK --interval=5s --timeout=5s --retries=10 --start-period=10s \ - CMD curl -Isf http://localhost:80/robots.txt || exit 1 + CMD /tmp/healthcheck EXPOSE 80 diff --git a/examples/demo-example/docker-compose.yml b/examples/demo-example/docker-compose.yml index 53b2b365..219d1d49 100644 --- a/examples/demo-example/docker-compose.yml +++ b/examples/demo-example/docker-compose.yml @@ -15,15 +15,7 @@ services: mysql: image: mariadb:lts healthcheck: - test: - [ - "CMD", - "mysqladmin", - "ping", - "--host=localhost", - "--user=root", - "--password=prestashop", - ] + test: ["CMD", "healthcheck.sh", "--connect"] interval: 10s timeout: 10s retries: 5 diff --git a/examples/fpm-example/docker-compose.yml b/examples/fpm-example/docker-compose.yml new file mode 100644 index 00000000..52fc2dd1 --- /dev/null +++ b/examples/fpm-example/docker-compose.yml @@ -0,0 +1,45 @@ +name: prestashop-fpm-example +services: + prestashop: + image: prestashop/prestashop:fpm-latest + depends_on: + mysql: + condition: service_healthy + environment: + - PS_DOMAIN=localhost:8000 + - PS_DEMO_MODE=1 + expose: + - 9000 + + # TODO: fix link between prestashop & nginx (eg: static assets...) + nginx: + image: nginx:latest + healthcheck: + test: [ "CMD", "curl", "-is", "http://localhost:80" ] + interval: 10s + timeout: 10s + retries: 5 + depends_on: + prestashop: + condition: service_healthy + volumes: + - ./nginx.conf:/etc/nginx/nginx.conf + ports: + - 8000:80 + + mysql: + image: mariadb:lts + healthcheck: + test: ["CMD", "healthcheck.sh", "--connect"] + interval: 10s + timeout: 10s + retries: 5 + environment: + - MYSQL_HOST=mysql + - MYSQL_USER=prestashop + - MYSQL_PASSWORD=prestashop + - MYSQL_ROOT_PASSWORD=prestashop + - MYSQL_PORT=3306 + - MYSQL_DATABASE=prestashop + + diff --git a/examples/fpm-example/nginx.conf b/examples/fpm-example/nginx.conf new file mode 100644 index 00000000..f4a72fc0 --- /dev/null +++ b/examples/fpm-example/nginx.conf @@ -0,0 +1,149 @@ +user www-data www-data; +worker_processes 1; + +events { + worker_connections 1024; +} + +http { + include mime.types; + default_type application/octet-stream; + + sendfile on; + keepalive_timeout 65; + + gzip on; + gzip_disable "msie6"; + gzip_vary on; + gzip_proxied any; + gzip_types + application/atom+xml + application/geo+json + application/javascript + application/json + application/ld+json + application/manifest+json + application/rdf+xml + application/rss+xml + application/x-javascript + application/xhtml+xml + application/xml + font/eot + font/otf + font/ttf + image/svg+xml + text/css + text/javascript + text/plain + text/xml; + + # Source: https://devdocs.prestashop-project.org/8/basics/installation/nginx/ + # Other optimizasions: https://medium.com/@jituboss/nginx-and-php-fpm-optimization-for-high-traffic-web-applications-f790bf1b30fb + server { + listen 80; + server_name localhost; + + error_log /dev/stdout notice; + access_log /dev/stdout; + + # all static assets are on the PrestaShop container + # see: https://stackoverflow.com/a/43560093 + #root /var/www/html; + + index index.php; + + # This should match the `post_max_size` and/or `upload_max_filesize` in your php.ini. + client_max_body_size 40M; + + # Uploaded files temporary dir + client_body_temp_path /tmp/client_body; + + error_page 404 /index.php?controller=404; + + # Enable browser cache + location ~* \.(?:css|eot|gif|ico|jpe?g|otf|png|ttf|woff2?)$ { + expires 1d; + add_header Cache-Control "public"; + } + + # Disable logs + location = /favicon.ico { + access_log off; + log_not_found off; + } + + location = /admin-dev/robots.txt { + access_log off; + log_not_found off; + } + + # Images + rewrite ^/(\d)(-[\w-]+)?/.+\.jpg$ /img/p/$1/$1$2.jpg last; + rewrite ^/(\d)(\d)(-[\w-]+)?/.+\.jpg$ /img/p/$1/$2/$1$2$3.jpg last; + rewrite ^/(\d)(\d)(\d)(-[\w-]+)?/.+\.jpg$ /img/p/$1/$2/$3/$1$2$3$4.jpg last; + rewrite ^/(\d)(\d)(\d)(\d)(-[\w-]+)?/.+\.jpg$ /img/p/$1/$2/$3/$4/$1$2$3$4$5.jpg last; + rewrite ^/(\d)(\d)(\d)(\d)(\d)(-[\w-]+)?/.+\.jpg$ /img/p/$1/$2/$3/$4/$5/$1$2$3$4$5$6.jpg last; + rewrite ^/(\d)(\d)(\d)(\d)(\d)(\d)(-[\w-]+)?/.+\.jpg$ /img/p/$1/$2/$3/$4/$5/$6/$1$2$3$4$5$6$7.jpg last; + rewrite ^/(\d)(\d)(\d)(\d)(\d)(\d)(\d)(-[\w-]+)?/.+\.jpg$ /img/p/$1/$2/$3/$4/$5/$6/$7/$1$2$3$4$5$6$7$8.jpg last; + rewrite ^/(\d)(\d)(\d)(\d)(\d)(\d)(\d)(\d)(-[\w-]+)?/.+\.jpg$ /img/p/$1/$2/$3/$4/$5/$6/$7/$8/$1$2$3$4$5$6$7$8$9.jpg last; + rewrite ^/c/([\w.-]+)/.+\.jpg$ /img/c/$1.jpg last; + + # AlphaImageLoader for IE and FancyBox. + rewrite ^images_ie/?([^/]+)\.(gif|jpe?g|png)$ js/jquery/plugins/fancybox/images/$1.$2 last; + + # Web service API. + rewrite ^/api/?(.*)$ /webservice/dispatcher.php?url=$1 last; + + # .htaccess, .DS_Store, .htpasswd, etc. + location ~ /\. { + deny all; + } + + # Source code directories. + location ~ ^/(app|bin|cache|classes|config|controllers|docs|localization|override|src|tests|tools|translations|var|vendor)/ { + deny all; + } + + # vendor in modules directory. + location ~ ^/modules/.*/vendor/ { + deny all; + } + + # Prevent exposing other sensitive files. + location ~ \.(log|tpl|twig|sass|yml)$ { + deny all; + } + + # Prevent injection of PHP files. + location /img { + location ~ \.php$ { deny all; } + } + + location /upload { + location ~ \.php$ { deny all; } + } + + location = / { + rewrite ^ /index.php last; + } + + location / { + try_files $uri $uri/ /index.php$is_args$args; + } + + location ~ \.php$ { + try_files $fastcgi_script_name =404; + + include fastcgi_params; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + + fastcgi_index index.php; + + fastcgi_keep_conn on; + fastcgi_read_timeout 30s; + fastcgi_send_timeout 30s; + + fastcgi_pass prestashop:9000; + } + } +} diff --git a/examples/ngrok-tunnel/docker-compose.yml b/examples/ngrok-tunnel/docker-compose.yml index bdc2aca3..3d5a84bf 100644 --- a/examples/ngrok-tunnel/docker-compose.yml +++ b/examples/ngrok-tunnel/docker-compose.yml @@ -16,15 +16,7 @@ services: mysql: image: mariadb:lts healthcheck: - test: - [ - "CMD", - "mysqladmin", - "ping", - "--host=localhost", - "--user=root", - "--password=prestashop", - ] + test: ["CMD", "healthcheck.sh", "--connect"] interval: 10s timeout: 10s retries: 5 diff --git a/examples/nightly-example/docker-compose.yml b/examples/nightly-example/docker-compose.yml index 480b4396..ca244117 100644 --- a/examples/nightly-example/docker-compose.yml +++ b/examples/nightly-example/docker-compose.yml @@ -1,4 +1,4 @@ -name: prestashop-nightly-example +lname: prestashop-nightly-example services: prestashop: image: prestashop/prestashop:nightly @@ -14,15 +14,7 @@ services: mysql: image: mariadb:lts healthcheck: - test: - [ - "CMD", - "mysqladmin", - "ping", - "--host=localhost", - "--user=root", - "--password=prestashop", - ] + test: ["CMD", "healthcheck.sh", "--connect"] interval: 10s timeout: 10s retries: 5