-
Notifications
You must be signed in to change notification settings - Fork 14
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
4 changed files
with
155 additions
and
1 deletion.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,20 @@ | ||
| #syntax=docker/dockerfile:1.4 | ||
|
|
||
| ARG FPM_IMAGE=ghcr.io/shopware/docker-base:8.3.1-fpm | ||
|
|
||
| FROM ${FPM_IMAGE} | ||
|
|
||
| USER root | ||
|
|
||
| RUN apk add --no-cache nginx supervisor | ||
|
|
||
| USER www-data | ||
|
|
||
| COPY --link rootfs / | ||
|
|
||
| EXPOSE 8000 | ||
| WORKDIR /var/www/html | ||
|
|
||
| ENV FPM_LISTEN=/tmp/php-fpm.sock | ||
|
|
||
| ENTRYPOINT [ "/usr/bin/supervisord", "-c", "/etc/supervisord.conf" ] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,116 @@ | ||
| worker_processes auto; | ||
| pid /tmp/nginx.pid; | ||
| daemon off; | ||
| error_log stderr warn; | ||
| pcre_jit on; | ||
|
|
||
| events { | ||
| worker_connections 1024; | ||
| } | ||
|
|
||
| http { | ||
| client_body_temp_path /tmp/client_body_temp; | ||
| proxy_temp_path /tmp/proxy_temp; | ||
| fastcgi_temp_path /tmp/fastcgi_temp; | ||
| uwsgi_temp_path /tmp/uwsgi_temp; | ||
| scgi_temp_path /tmp/scgi_temp; | ||
| error_log /dev/fd/2 warn; | ||
| client_max_body_size 8M; | ||
| server_tokens off; | ||
| sendfile on; | ||
| tcp_nopush on; | ||
|
|
||
| log_format json_combined escape=json | ||
| '{' | ||
| '"time_local":"$time_local",' | ||
| '"remote_addr":"$remote_addr",' | ||
| '"remote_user":"$remote_user",' | ||
| '"request":"$request",' | ||
| '"status": "$status",' | ||
| '"body_bytes_sent":"$body_bytes_sent",' | ||
| '"request_time":"$request_time",' | ||
| '"http_referrer":"$http_referer",' | ||
| '"http_user_agent":"$http_user_agent"' | ||
| '}'; | ||
|
|
||
| access_log /dev/fd/1 json_combined; | ||
|
|
||
| server { | ||
| listen 8000; | ||
| server_name localhost; | ||
|
|
||
| root /var/www/html/public; | ||
| index index.php; | ||
| include /etc/nginx/mime.types; | ||
|
|
||
| # Deny access to . (dot) files | ||
| location ~ /\. { | ||
| deny all; | ||
| } | ||
|
|
||
| # Deny access to .php files in public directories | ||
| location ~ ^/(media|thumbnail|theme|bundles|sitemap).*\.php$ { | ||
| deny all; | ||
| } | ||
|
|
||
| location ~ ^/(theme|media|thumbnail|bundles|css|fonts|js|recovery|sitemap)/ { | ||
| expires 1y; | ||
| add_header Cache-Control "public, must-revalidate, proxy-revalidate"; | ||
| log_not_found off; | ||
| tcp_nodelay off; | ||
| open_file_cache max=3000 inactive=120s; | ||
| open_file_cache_valid 45s; | ||
| open_file_cache_min_uses 2; | ||
| open_file_cache_errors off; | ||
|
|
||
| location ~* ^.+\.svg { | ||
| add_header Content-Security-Policy "script-src 'none'"; | ||
| add_header Cache-Control "public, must-revalidate, proxy-revalidate"; | ||
| log_not_found off; | ||
| } | ||
| } | ||
|
|
||
| location ~* ^.+\.(?:css|cur|js|jpe?g|gif|ico|png|svg|webp|html|woff|woff2|xml)$ { | ||
| expires 1y; | ||
| add_header Cache-Control "public, must-revalidate, proxy-revalidate"; | ||
|
|
||
| access_log off; | ||
|
|
||
| # The directive enables or disables messages in error_log about files not found on disk. | ||
| log_not_found off; | ||
|
|
||
| tcp_nodelay off; | ||
|
|
||
| ## Set the OS file cache. | ||
| open_file_cache max=3000 inactive=120s; | ||
| open_file_cache_valid 45s; | ||
| open_file_cache_min_uses 2; | ||
| open_file_cache_errors off; | ||
|
|
||
| try_files $uri /index.php$is_args$args; | ||
| } | ||
|
|
||
| location ~* ^.+\.svg$ { | ||
| add_header Content-Security-Policy "script-src 'none'"; | ||
| } | ||
|
|
||
| location / { | ||
| try_files $uri /index.php$is_args$args; | ||
| } | ||
|
|
||
| location ~ \.php$ { | ||
| fastcgi_split_path_info ^(.+\.php)(/.+)$; | ||
| include fastcgi.conf; | ||
| fastcgi_buffers 8 16k; | ||
| fastcgi_buffer_size 32k; | ||
| fastcgi_read_timeout 300s; | ||
| client_body_buffer_size 128k; | ||
| fastcgi_pass unix:/tmp/php-fpm.sock; | ||
| } | ||
|
|
||
| gzip on; | ||
| gzip_min_length 1000; | ||
| gzip_proxied expired no-cache no-store private auth; | ||
| gzip_types text/plain text/css application/json application/javascript application/x-javascript text/xml application/xml application/xml+rss text/javascript; | ||
| } | ||
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,17 @@ | ||
| [supervisord] | ||
| nodaemon=true | ||
| logfile=/dev/stderr | ||
| logfile_maxbytes=0 | ||
| pidfile=/tmp/supervisord.pid | ||
|
|
||
| [program:php-fpm] | ||
| command=/usr/local/sbin/php-fpm | ||
| redirect_stderr=true | ||
| stdout_logfile=/dev/stderr | ||
| stdout_logfile_maxbytes=0 | ||
|
|
||
| [program:nginx] | ||
| command=/usr/sbin/nginx | ||
| redirect_stderr=true | ||
| stdout_logfile=/dev/stderr | ||
| stdout_logfile_maxbytes=0 |