diff --git a/Dockerfile b/Dockerfile index 58d1b7327..d31455a34 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,80 +1,123 @@ +#░░ ░░ ░░ ░░ ░░ ░░ ░░ ░░ ░░ ░░ ░░ ░░ ░░ ░░ ░░ ░░ ░░ ░░ ░░ +#░░ +#░░ ▒█▀▄▀█ █▀▀█ ░░░▒█   ▀█▀ █▀▀▄ ▀▀█▀▀ █▀▀█ █▀▀█ █▀▀▄ █▀▀ ▀▀█▀▀ +#░░ ▒█▒█▒█ █░░█ ░▄░▒█   ▒█░ █░░█ ░░█░░ █▄▄▀ █▄▄█ █░░█ █▀▀ ░░█░░ +#░░ ▒█░░▒█ ▀▀▀▀ ▒█▄▄█   ▄█▄ ▀░░▀ ░░▀░░ ▀░▀▀ ▀░░▀ ▀░░▀ ▀▀▀ ░░▀░░ +#░░ +#░░ ▀█▀ █▀▄▀█ █▀▀█ █▀▀▀ █▀▀   ▒█▀▀█ █▀▀█ █▀▀▄ █▀▀ ░▀░ █▀▀▀ +#░░ ▒█░ █░▀░█ █▄▄█ █░▀█ █▀▀   ▒█░░░ █░░█ █░░█ █▀▀ ▀█▀ █░▀█ +#░░ ▄█▄ ▀░░░▀ ▀░░▀ ▀▀▀▀ ▀▀▀   ▒█▄▄█ ▀▀▀▀ ▀░░▀ ▀░░ ▀▀▀ ▀▀▀▀ +#░░ +#░░ (¯`v´¯) +#░░ `.¸.[Code] +#░░ +#░░ ░░ ░░ ░░ ░░ ░░ ░░ ░░ ░░ ░░ ░░ ░░ ░░ ░░ ░░ ░░ ░░ ░░ ░░ + + +# ▄▄ ▄▄ █▀▀ █▀█ █▀▄▀█ ▄▄ ▄▄ # +# ░░ ░░ █▀░ █▀▀ █░▀░█ ░░ ░░ # + FROM ministryofjustice/wordpress-base-fpm:latest AS base-fpm +# Make the Nginx user available in this container RUN addgroup -g 101 -S nginx; adduser -u 101 -S -D -G nginx nginx RUN mkdir /sock && \ - chown nginx:nginx /sock && \ - rm /usr/local/etc/php-fpm.d/zz-docker.conf && \ - rm /usr/local/etc/php-fpm.d/www.conf.default && \ - rm /usr/local/etc/php-fpm.d/www.conf - -# Create FPM pool -RUN { \ - echo '[www]'; \ - echo 'user = nginx'; \ - echo 'group = nginx'; \ - echo 'listen = /sock/fpm.sock'; \ - echo 'listen.owner = nginx'; \ - echo 'listen.group = nginx'; \ - echo 'listen.mode = 0660'; \ - echo 'pm = dynamic'; \ - echo 'pm.start_servers = 10'; \ - echo 'pm.min_spare_servers = 5'; \ - echo 'pm.max_spare_servers = 10'; \ - echo 'pm.max_requests = 500'; \ - echo 'pm.max_children = 50'; \ - echo ''; \ - echo '[global]'; \ - echo 'daemonize = no'; \ - echo 'emergency_restart_threshold = 10'; \ - echo 'emergency_restart_interval = 1m'; \ - echo 'process_control_timeout = 10s'; \ - } > /usr/local/etc/php-fpm.d/pool.conf - - -### + chown nginx:nginx /sock + +## Change directory +WORKDIR /usr/local/etc/php-fpm.d + +## Clean PHP pools; leave docker.conf in situe +RUN rm zz-docker.conf && \ + rm www.conf.default && \ + rm www.conf + +## Set our pool configuration +COPY deploy/config/php-pool.conf pool.conf +# ▄▄ ▄▄ █▄░█ █▀▀ █ █▄░█ ▀▄▀ ▄▄ ▄▄ # +# ░░ ░░ █░▀█ █▄█ █ █░▀█ █░█ ░░ ░░ # + FROM nginxinc/nginx-unprivileged:1.25-alpine AS base-nginx USER root COPY deploy/config/init/nginx-* /docker-entrypoint.d/ -RUN chmod +x /docker-entrypoint.d/* -RUN echo "# This file is configured at runtime." > /etc/nginx/real_ip.conf +RUN chmod +x /docker-entrypoint.d/*; \ + echo "# This file is configured at runtime." > /etc/nginx/real_ip.conf USER 101 -## target: dev -FROM base-fpm AS dev + + +# +# ▒█▀▀▄ █▀▀ ▀█░█▀ █▀▀ █░░ █▀▀█ █▀▀█ █▀▄▀█ █▀▀ █▀▀▄ ▀▀█▀▀ +# ▒█░▒█ █▀▀ ░█▄█░ █▀▀ █░░ █░░█ █░░█ █░▀░█ █▀▀ █░░█ ░░█░░ +# ▒█▄▄▀ ▀▀▀ ░░▀░░ ▀▀▀ ▀▀▀ ▀▀▀▀ █▀▀▀ ▀░░░▀ ▀▀▀ ▀░░▀ ░░▀░░ +# +# ░░ ░░ ░░ ░░ ░░ ░░ ░░ ░░ ░░ ░░ ░░ ░░ ░░ ░░ ░░ + +# █▀▀ █▀█ █▀▄▀█ +# █▀░ █▀▀ █░▀░█ + +FROM base-fpm AS fpm-dev COPY --from=composer:2 /usr/bin/composer /usr/bin/composer +VOLUME ["/sock"] # nginx USER 101 -VOLUME ["/sock"] +# ░░ ░░ ░░ ░░ ░░ ░░ ░░ ░░ ░░ ░░ + +# █▄░█ █▀▀ █ █▄░█ ▀▄▀ +# █░▀█ █▄█ █ █░▀█ █░█ + +FROM base-nginx AS nginx-dev + +RUN echo "# This is a placeholder because the file is included in php-fpm.conf." > /etc/nginx/server_name.conf + + +# ░░ ░░ ░░ ░░ ░░ ░░ ░░ ░░ ░░ ░░ + +# ▀█▀ █▀▀ █▀ ▀█▀ +# ░█░ ██▄ ▄█ ░█░ + +FROM build-fpm AS test +RUN make test + + + + +# +# ▒█▀▀█ █▀▀█ █▀▀█ █▀▀▄ █░░█ █▀▀ ▀▀█▀▀ ░▀░ █▀▀█ █▀▀▄ +# ▒█▄▄█ █▄▄▀ █░░█ █░░█ █░░█ █░░ ░░█░░ ▀█▀ █░░█ █░░█ +# ▒█░░░ ▀░▀▀ ▀▀▀▀ ▀▀▀░ ░▀▀▀ ▀▀▀ ░░▀░░ ▀▀▀ ▀▀▀▀ ▀░░▀ +# +# ░░ ░░ ░░ ░░ ░░ ░░ ░░ ░░ ░░ ░░ ░░ ░░ ░░ ░░ + +# █▀▀ █▀█ █▀▄▀█ █▀█ █▀█ █▀ █▀▀ █▀█ +# █▄▄ █▄█ █░▀░█ █▀▀ █▄█ ▄█ ██▄ █▀▄ -### -## target: production FROM base-fpm AS build-fpm-composer ARG COMPOSER_USER ARG COMPOSER_PASS -WORKDIR /var/www/html - COPY --from=composer:2 /usr/bin/composer /usr/bin/composer -COPY ./bin/composer-auth.sh /var/www/html/composer-auth.sh -RUN chmod +x /var/www/html/composer-auth.sh && \ - /var/www/html/composer-auth.sh +WORKDIR /var/www/html + +COPY ./bin/composer-auth.sh composer-auth.sh +RUN chmod +x composer-auth.sh && \ + ./composer-auth.sh -# non-root USER 101 COPY composer.json composer.lock /var/www/html/ @@ -87,7 +130,11 @@ RUN mkdir -p ./vendor-assets && \ find public/ -regex "public\/${regex_path}.*\.${regex_files}" -exec cp --parent "{}" vendor-assets/ \; -### +# ░░ ░░ ░░ ░░ ░░ ░░ ░░ ░░ ░░ ░░ + +# ▄▀█ █▀ █▀ █▀▀ ▀█▀ █▀ +# █▀█ ▄█ ▄█ ██▄ ░█░ ▄█ + FROM node:20 AS assets-build @@ -99,38 +146,35 @@ RUN npm run production RUN rm -rf node_modules -### +# ░░ ░░ ░░ ░░ ░░ ░░ ░░ ░░ ░░ ░░ + +# █▀▀ █▀█ █▀▄▀█ +# █▀░ █▀▀ █░▀░█ + FROM base-fpm AS build-fpm WORKDIR /var/www/html COPY --chown=nginx:nginx ./config ./config COPY --chown=nginx:nginx ./public ./public -COPY --from=build-fpm-composer --chown=nginx:nginx /var/www/html/public/app/mu-plugins /var/www/html/public/app/mu-plugins -COPY --from=build-fpm-composer --chown=nginx:nginx /var/www/html/public/app/plugins /var/www/html/public/app/plugins -COPY --from=build-fpm-composer --chown=nginx:nginx /var/www/html/public/app/languages /var/www/html/public/app/languages -COPY --from=build-fpm-composer --chown=nginx:nginx /var/www/html/public/wp /var/www/html/public/wp -COPY --from=build-fpm-composer --chown=nginx:nginx /var/www/html/vendor /var/www/html/vendor + +# Replace paths with dependanies from build-fpm-composer +ARG path="/var/www/html" +COPY --from=build-fpm-composer ${path}/public/app/mu-plugins public/app/mu-plugins +COPY --from=build-fpm-composer ${path}/public/app/plugins public/app/plugins +COPY --from=build-fpm-composer ${path}/public/app/languages public/app/languages +COPY --from=build-fpm-composer ${path}/public/wp public/wp +COPY --from=build-fpm-composer ${path}/vendor vendor # non-root USER 101 -### -FROM build-fpm AS test -RUN make test +# ░░ ░░ ░░ ░░ ░░ ░░ ░░ ░░ ░░ ░░ +# █▄░█ █▀▀ █ █▄░█ ▀▄▀ +# █░▀█ █▄█ █ █░▀█ █░█ -### - - -FROM base-nginx AS nginx-dev - -RUN echo "# This is a placeholder, because the file is included in `php-fpm.conf`." > /etc/nginx/server_name.conf - - - -### FROM base-nginx AS build-nginx @@ -138,51 +182,54 @@ FROM base-nginx AS build-nginx COPY deploy/config/php-fpm.conf /etc/nginx/php-fpm.conf COPY deploy/config/server.conf /etc/nginx/conf.d/default.conf +WORKDIR /var/www/html + # Get bootstraper for WordPress -COPY public/index.php /var/www/html/public/index.php -COPY public/app/themes/clarity/style.css /var/www/html/public/app/themes/clarity/ +COPY public/index.php public/index.php +COPY public/app/themes/clarity/style.css public/app/themes/clarity/ + +# Only take what Nginx needs (cached configuration) +COPY --from=build-fpm-composer /var/www/html/public/wp/wp-admin/index.php public/wp/wp-admin/index.php +COPY --from=build-fpm-composer /var/www/html/vendor-assets ./ # Grab assets for Nginx -COPY --from=assets-build /node/dist /var/www/html/public/app/themes/clarity/dist/ +COPY --from=assets-build /node/dist public/app/themes/clarity/dist/ -# Only take what Nginx needs (current configuration) -COPY --from=build-fpm-composer --chown=nginx:nginx /var/www/html/public/wp/wp-admin/index.php /var/www/html/public/wp/wp-admin/index.php -COPY --from=build-fpm-composer --chown=nginx:nginx /var/www/html/vendor-assets /var/www/html/ +# ░░ ░░ ░░ ░░ ░░ ░░ ░░ ░░ ░░ ░░ -### +# █▀▀ █▀█ █▀█ █▄░█ +# █▄▄ █▀▄ █▄█ █░▀█ FROM alpine:3.19.1 as build-cron - -# ░█████╗░██████╗░░█████╗░░█████╗░███╗░░██╗███████╗██████╗░ -# ██╔══██╗██╔══██╗██╔══██╗██╔══██╗████╗░██║██╔════╝██╔══██╗ -# ██║░░╚═╝██████╔╝██║░░██║██║░░██║██╔██╗██║█████╗░░██████╔╝ -# ██║░░██╗██╔══██╗██║░░██║██║░░██║██║╚████║██╔══╝░░██╔══██╗ -# ╚█████╔╝██║░░██║╚█████╔╝╚█████╔╝██║░╚███║███████╗██║░░██║ -# ░╚════╝░╚═╝░░╚═╝░╚════╝░░╚════╝░╚═╝░░╚══╝╚══════╝╚═╝░░╚═╝ -# -# 🅣🅗🅔 🅢🅜🅞🅞🅣🅗 🅝🅞🅝-🅡🅞🅞🅣 🅒🅡🅞🅝 🅤🅢🅔🅡 +# ▒█▀▀█ █▀▀█ █▀▀█ █▀▀█ █▀▀▄ █▀▀ █▀▀█   █ +# ▒█░░░ █▄▄▀ █░░█ █░░█ █░░█ █▀▀ █▄▄▀   ▀ +# ▒█▄▄█ ▀░▀▀ ▀▀▀▀ ▀▀▀▀ ▀░░▀ ▀▀▀ ▀░▀▀   ▄ +# 𝕋𝕙𝕖 𝕊𝕞𝕠𝕠𝕥𝕙 ℕ𝕠𝕟-ℝ𝕠𝕠𝕥 𝕌𝕤𝕖𝕣 ARG user=crooner RUN addgroup --gid 3001 ${user} && adduser -D -G ${user} -g "${user} user" -u 3001 ${user} -RUN apk add dpkg curl tzdata - -RUN ln -s /usr/share/zoneinfo/Europe/London /etc/localtime +RUN apk add dpkg tzdata && \ + ln -s /usr/share/zoneinfo/Europe/London /etc/localtime ## cron-schedule directory RUN mkdir -p /schedule && chown ${user}:${user} /schedule COPY deploy/config/cron/wp-cron /schedule/wp-cron -COPY deploy/config/cron/wp-cron-exec.sh /usr/bin/wp-cron-exec -COPY deploy/config/init/cron-install.sh /usr/bin/cron-install -COPY deploy/config/init/cron-start.sh /usr/bin/cron-start -RUN chmod +x /usr/bin/wp-cron-exec && \ - chmod +x /usr/bin/cron-install && \ - chmod +x /usr/bin/cron-start +# Change directory for the rest +WORKDIR /usr/bin + +COPY deploy/config/cron/wp-cron-exec.sh ./execute-wp-cron +COPY deploy/config/init/cron-install.sh ./cron-install +COPY deploy/config/init/cron-start.sh ./cron-start + +RUN chmod +x execute-wp-cron && \ + chmod +x cron-install && \ + chmod +x cron-start RUN cron-install @@ -191,5 +238,3 @@ RUN apk del dpkg USER 3001 ENTRYPOINT ["/bin/sh", "-c", "cron-start"] - - diff --git a/deploy/config/cron/wp-cron b/deploy/config/cron/wp-cron index 7d7e5d722..255c8d76e 100644 --- a/deploy/config/cron/wp-cron +++ b/deploy/config/cron/wp-cron @@ -3,4 +3,4 @@ ## Every minute ##-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# -* * * * * sleep `shuf -i0-15 -n1` && wp-cron-exec $HOSTNAME $NGINX_HOST > /dev/null +* * * * * sleep `shuf -i0-15 -n1` && execute-wp-cron $HOSTNAME $NGINX_HOST > /dev/null diff --git a/deploy/config/cron/wp-cron-exec.sh b/deploy/config/cron/wp-cron-exec.sh index 61835add7..1a8ea0e76 100755 --- a/deploy/config/cron/wp-cron-exec.sh +++ b/deploy/config/cron/wp-cron-exec.sh @@ -4,8 +4,8 @@ ENV_HOST=$1 # raw hostname of the container NGINX_HOST=$2 # hostname of the nginx service -curl_it() { - curl http://"$NGINX_HOST":8080/wp/wp-cron.php --silent +wget_it() { + wget --spider --quiet http://"$NGINX_HOST":8080/wp/wp-cron.php } contains() { @@ -21,10 +21,10 @@ contains() { HOST_TEST=$(contains "$ENV_HOST" "-prod") if [ "$HOST_TEST" = 0 ]; then - curl_it + wget_it else NOW=$(date +"%H") if [ "$NOW" -gt "6" ] && [ "$NOW" -lt "22" ]; then - curl_it + wget_it fi fi diff --git a/deploy/config/init/cron-install.sh b/deploy/config/init/cron-install.sh index 82866b185..875199fb6 100644 --- a/deploy/config/init/cron-install.sh +++ b/deploy/config/init/cron-install.sh @@ -25,7 +25,7 @@ if [ "$arch" = 'unimplemented' ]; then exit 1; fi; -curl -fsSLO "https://github.com/aptible/supercronic/releases/download/${SUPERCRONIC_VERSION}/${supercronic}" && +wget --quiet "https://github.com/aptible/supercronic/releases/download/${SUPERCRONIC_VERSION}/${supercronic}" && echo "${supercronic_sha} ${supercronic}" | sha1sum -c - && chmod +x "${supercronic}" && mv "${supercronic}" "/usr/local/bin/${supercronic}" && diff --git a/deploy/config/php-pool.conf b/deploy/config/php-pool.conf new file mode 100644 index 000000000..19ecc1c9f --- /dev/null +++ b/deploy/config/php-pool.conf @@ -0,0 +1,21 @@ +[www] +user = nginx +group = nginx + +listen = /sock/fpm.sock +listen.owner = nginx +listen.group = nginx +listen.mode = 0660 + +pm = dynamic +pm.start_servers = 10 +pm.min_spare_servers = 5 +pm.max_spare_servers = 10 +pm.max_requests = 500 +pm.max_children = 50 + +[global] +daemonize = no +emergency_restart_threshold = 10 +emergency_restart_interval = 1m +process_control_timeout = 10s diff --git a/docker-compose.yml b/docker-compose.yml index 6720ab0cf..49fc06adf 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -15,7 +15,7 @@ services: container_name: intranet-php-fpm build: context: . - target: dev + target: fpm-dev volumes: - .:/var/www/html - php-socket:/sock