Merge pull request #281 from TeDomum/dev

Create an Apache based Docker image ready for production

.dockerignore

@@ -1,6 +1,6 @@
-storage
 data
 Dockerfile
+contrib/docker/Dockerfile.*
 docker-compose*.yml
 .dockerignore
 .git

Dockerfile

@@ -1,31 +0,0 @@
-FROM php:7.2.6-fpm-alpine
-
-ARG COMPOSER_VERSION="1.6.5"
-ARG COMPOSER_CHECKSUM="67bebe9df9866a795078bb2cf21798d8b0214f2e0b2fd81f2e907a8ef0be3434"
-
-RUN apk add --no-cache --virtual .build build-base autoconf imagemagick-dev libtool && \
-  apk --no-cache add imagemagick git && \
-  docker-php-ext-install pdo_mysql pcntl bcmath && \
-  pecl install imagick && \
-  docker-php-ext-enable imagick pcntl imagick && \
-  curl -LsS https://getcomposer.org/download/${COMPOSER_VERSION}/composer.phar -o /tmp/composer.phar && \
-  echo "${COMPOSER_CHECKSUM}  /tmp/composer.phar" | sha256sum -c - && \
-  install -m0755 -o root -g root /tmp/composer.phar /usr/bin/composer.phar && \
-  ln -sf /usr/bin/composer.phar /usr/bin/composer && \
-  rm /tmp/composer.phar && \
-  apk --no-cache del --purge .build
-
-COPY . /var/www/html/
-
-WORKDIR /var/www/html
-RUN install -d -m0755 -o www-data -g www-data \
-    /var/www/html/storage \
-    /var/www/html/storage/framework \
-    /var/www/html/storage/logs \
-    /var/www/html/storage/framework/sessions \
-    /var/www/html/storage/framework/views \
-    /var/www/html/storage/framework/cache && \
-  composer install --prefer-source --no-interaction
-
-VOLUME ["/var/www/html"]
-ENV PATH="~/.composer/vendor/bin:./vendor/bin:${PATH}"

Dockerfile

@@ -0,0 +1 @@
+contrib/docker/Dockerfile.apache

config/trustedproxy.php

@@ -0,0 +1,27 @@
+<?php
+
+return [
+    /*
+     * Set trusted proxy IP addresses.
+     *
+     * Both IPv4 and IPv6 addresses are
+     * supported, along with CIDR notation.
+     *
+     * The "*" character is syntactic sugar
+     * within TrustedProxy to trust any proxy
+     * that connects directly to your server,
+     * a requirement when you cannot know the address
+     * of your proxy (e.g. if using Rackspace balancers).
+     *
+     * The "**" character is syntactic sugar within
+     * TrustedProxy to trust not just any proxy that
+     * connects directly to your server, but also
+     * proxies that connect to those proxies, and all
+     * the way back until you reach the original source
+     * IP. It will mean that $request->getClientIp()
+     * always gets the originating client IP, no matter
+     * how many proxies that client's request has
+     * subsequently passed through.
+     */
+    'proxies' => explode(',', env('TRUST_PROXIES', '')),
+];

contrib/docker/Dockerfile.apache

@@ -0,0 +1,59 @@
+FROM php:7-apache
+
+ARG COMPOSER_VERSION="1.6.5"
+ARG COMPOSER_CHECKSUM="67bebe9df9866a795078bb2cf21798d8b0214f2e0b2fd81f2e907a8ef0be3434"
+
+RUN apt-get update \
+ && apt-get install -y --no-install-recommends git \
+      optipng pngquant jpegoptim gifsicle \
+      libfreetype6 libjpeg62-turbo libpng16-16 libxpm4 libvpx4 libmagickwand-6.q16-3 \
+      libfreetype6-dev libjpeg62-turbo-dev libpng-dev libxpm-dev libvpx-dev libmagickwand-dev \
+ && docker-php-source extract \
+ && docker-php-ext-configure gd \
+      --with-freetype-dir=/usr/lib/x86_64-linux-gnu/ \
+      --with-jpeg-dir=/usr/lib/x86_64-linux-gnu/ \
+      --with-xpm-dir=/usr/lib/x86_64-linux-gnu/ \
+      --with-vpx-dir=/usr/lib/x86_64-linux-gnu/ \
+ && docker-php-ext-install pdo_mysql pcntl gd exif bcmath \
+ && pecl install imagick \
+ && docker-php-ext-enable imagick pcntl imagick gd exif \
+ && a2enmod rewrite \
+ && curl -LsS https://getcomposer.org/download/${COMPOSER_VERSION}/composer.phar -o /usr/bin/composer \
+ && echo "${COMPOSER_CHECKSUM}  /usr/bin/composer" | sha256sum -c - \
+ && chmod 755 /usr/bin/composer \
+ && apt-get autoremove --purge -y \
+       libfreetype6-dev libjpeg62-turbo-dev libpng-dev libxpm-dev libvpx-dev libmagickwand-dev \
+ && rm -rf /var/cache/apt \
+ && docker-php-source delete
+
+ENV PATH="~/.composer/vendor/bin:./vendor/bin:${PATH}"
+
+COPY . /var/www/
+
+WORKDIR /var/www/
+RUN cp -r storage storage.skel \
+ && cp contrib/docker/php.ini /usr/local/etc/php/conf.d/pixelfed.ini \
+ && composer install --prefer-source --no-interaction \
+ && rm -rf html && ln -s public html
+
+VOLUME ["/var/www/storage"]
+
+ENV APP_ENV=production \
+    APP_DEBUG=false \
+    LOG_CHANNEL=stderr \
+    DB_CONNECTION=mysql \
+    DB_PORT=3306 \
+    DB_HOST=db \
+    BROADCAST_DRIVER=log \
+    QUEUE_DRIVER=redis \
+    HORIZON_PREFIX=horizon-pixelfed \
+    REDIS_HOST=redis \
+    SESSION_SECURE_COOKIE=true \
+    API_BASE="/api/1/" \
+    API_SEARCH="/api/search" \
+    OPEN_REGISTRATION=true \
+    ENFORCE_EMAIL_VERIFICATION=true \
+    REMOTE_FOLLOW=false \
+    ACTIVITY_PUB=false
+
+CMD /var/www/contrib/docker/start.sh

contrib/docker/Dockerfile.fpm

@@ -0,0 +1,31 @@
+FROM php:7.2.6-fpm-alpine
+
+ARG COMPOSER_VERSION="1.6.5"
+ARG COMPOSER_CHECKSUM="67bebe9df9866a795078bb2cf21798d8b0214f2e0b2fd81f2e907a8ef0be3434"
+
+RUN apk add --no-cache --virtual .build build-base autoconf imagemagick-dev libtool && \
+  apk --no-cache add imagemagick git && \
+  docker-php-ext-install pdo_mysql pcntl && \
+  pecl install imagick && \
+  docker-php-ext-enable imagick pcntl imagick && \
+  curl -LsS https://getcomposer.org/download/${COMPOSER_VERSION}/composer.phar -o /tmp/composer.phar && \
+  echo "${COMPOSER_CHECKSUM}  /tmp/composer.phar" | sha256sum -c - && \
+  install -m0755 -o root -g root /tmp/composer.phar /usr/bin/composer.phar && \
+  ln -sf /usr/bin/composer.phar /usr/bin/composer && \
+  rm /tmp/composer.phar && \
+  apk --no-cache del --purge .build
+
+COPY . /var/www/html/
+
+WORKDIR /var/www/html
+RUN install -d -m0755 -o www-data -g www-data \
+    /var/www/html/storage \
+    /var/www/html/storage/framework \
+    /var/www/html/storage/logs \
+    /var/www/html/storage/framework/sessions \
+    /var/www/html/storage/framework/views \
+    /var/www/html/storage/framework/cache && \
+  composer install --prefer-source --no-interaction
+
+VOLUME ["/var/www/html"]
+ENV PATH="~/.composer/vendor/bin:./vendor/bin:${PATH}"

contrib/docker/php.ini

@@ -0,0 +1,5 @@
+file_uploads = On
+memory_limit = 64M
+upload_max_filesize = 64M
+post_max_size = 64M
+max_execution_time = 600

contrib/docker/start.sh

@@ -0,0 +1,17 @@
+#!/bin/bash
+
+# Create the storage tree if needed and fix permissions
+cp -r storage.skel/* storage/
+chown -R www-data:www-data storage/
+php artisan storage:link
+
+# Migrate database if the app was upgraded
+php artisan migrate --force
+
+# Run a worker if it is set as embedded
+if [ HORIZON_EMBED = true ]; then
+	php artisan horizon &
+fi
+
+# Finally run Apache
+exec apache2-foreground

docker-compose.yml

@@ -1,49 +1,56 @@
 ---
 version: '3'
+
+# In order to set configuration, please use a .env file in
+# your compose project directory (the same directory as your
+# docker-compose.yml), and set database options, application
+# name, key, and other settings there.
+# A list of available settings is available in .env.example
+#
+# The services should scale properly across a swarm cluster
+# if the volumes are properly shared between cluster members.
+
 services:
-  nginx:
-    image: nginx:alpine
-    networks:
-      - internal
-      - external
-    ports:
-      - 3000:80
-    volumes:
-      - "php-storage:/var/www/html"
-      - ./contrib/nginx.conf:/etc/nginx/conf.d/default.conf
-    depends_on:
-      - php
 
-  php:
-    build: .
+  app:
+    # Uncomment to build a local copy of the image
+    # build: .
     image: pixelfed
+    # If you have a traefik running, uncomment this to expose Pixelfed
+    # labels:
+    #   - traefik.enable=true
+    #   - traefik.frontend.rule=Host:your.url
+    #   - traefik.port=80
+    env_file:
+      - ./.env
     volumes:
-      - "php-storage:/var/www/html"
+      - "app-storage:/var/www/storage"
     networks:
+      - external
       - internal
-    environment:
-      - DB_HOST=mysql
-      - DB_DATABASE=pixelfed
-      - DB_USERNAME=${DB_USERNAME:-pixelfed}
-      - DB_PASSWORD=${DB_PASSWORD:-pixelfed}
-      - REDIS_HOST=redis
-      - APP_KEY=${APP_KEY}
-    env_file:
-      - ./.env
 
-  mysql:
+  # Uncomment if you set HORIZON_EMBED to false and wish to run a local worker
+  # worker:
+  #   image: pixelfed
+  #   env_file:
+  #     - ./.env
+  #   volumes:
+  #     - "app-storage:/var/www/storage"
+  #   networks:
+  #     - internal
+  #   command: php artisan horizon
+    
+  db:
     image: mysql:5.7
     networks:
       - internal
     environment:
       - MYSQL_DATABASE=pixelfed
-      - MYSQL_USER=${DB_USERNAME:-pixelfed}
-      - MYSQL_PASSWORD=${DB_PASSWORD:-pixelfed}
-      - MYSQL_RANDOM_ROOT_PASSWORD="true"
-    env_file:
-      - ./.env
+      - MYSQL_USER=${DB_USERNAME}
+      - MYSQL_PASSWORD=${DB_PASSWORD}
+      - MYSQL_RANDOM_ROOT_PASSWORD=true
     volumes:
-      - "mysql-data:/var/lib/mysql"
+      - "db-data:/var/lib/mysql"
 
   redis:
     image: redis:4-alpine
@@ -52,10 +59,11 @@ services:
     networks:
       - internal
 
+# Adjust your volume data in order to store data where you wish
 volumes:
   redis-data:
-  mysql-data:
-  php-storage:
+  db-data:
+  app-storage:
 
 networks:
   internal: