From 01e11c3b0053d0a9136fcb17aeaaa3b454b59d72 Mon Sep 17 00:00:00 2001 From: Soner Sayakci Date: Mon, 14 Oct 2024 11:20:52 +0200 Subject: [PATCH] feat: add nginx variant --- caddy/rootfs/etc/supervisord.conf | 3 +- nginx/Dockerfile | 20 ++++++ nginx/rootfs/etc/nginx/nginx.conf | 116 ++++++++++++++++++++++++++++++ nginx/rootfs/etc/supervisord.conf | 17 +++++ 4 files changed, 155 insertions(+), 1 deletion(-) create mode 100644 nginx/Dockerfile create mode 100644 nginx/rootfs/etc/nginx/nginx.conf create mode 100644 nginx/rootfs/etc/supervisord.conf diff --git a/caddy/rootfs/etc/supervisord.conf b/caddy/rootfs/etc/supervisord.conf index cef5ede..3be7525 100644 --- a/caddy/rootfs/etc/supervisord.conf +++ b/caddy/rootfs/etc/supervisord.conf @@ -2,6 +2,7 @@ nodaemon=true logfile=/dev/stderr logfile_maxbytes=0 +pidfile=/tmp/supervisord.pid [program:php-fpm] command=/usr/local/sbin/php-fpm @@ -13,4 +14,4 @@ stdout_logfile_maxbytes=0 command=/usr/sbin/caddy run --config /etc/caddy/Caddyfile --adapter caddyfile redirect_stderr=true stdout_logfile=/dev/stderr -stdout_logfile_maxbytes=0 \ No newline at end of file +stdout_logfile_maxbytes=0 diff --git a/nginx/Dockerfile b/nginx/Dockerfile new file mode 100644 index 0000000..81e8e0b --- /dev/null +++ b/nginx/Dockerfile @@ -0,0 +1,20 @@ +#syntax=docker/dockerfile:1.4 + +ARG FPM_IMAGE=ghcr.io/shopware/docker-base:8.3.1-fpm + +FROM ${FPM_IMAGE} + +USER root + +RUN apk add --no-cache nginx supervisor + +USER www-data + +COPY --link rootfs / + +EXPOSE 8000 +WORKDIR /var/www/html + +ENV FPM_LISTEN=/tmp/php-fpm.sock + +ENTRYPOINT [ "/usr/bin/supervisord", "-c", "/etc/supervisord.conf" ] diff --git a/nginx/rootfs/etc/nginx/nginx.conf b/nginx/rootfs/etc/nginx/nginx.conf new file mode 100644 index 0000000..2480dba --- /dev/null +++ b/nginx/rootfs/etc/nginx/nginx.conf @@ -0,0 +1,116 @@ +worker_processes auto; +pid /tmp/nginx.pid; +daemon off; +error_log stderr warn; +pcre_jit on; + +events { + worker_connections 1024; +} + +http { + client_body_temp_path /tmp/client_body_temp; + proxy_temp_path /tmp/proxy_temp; + fastcgi_temp_path /tmp/fastcgi_temp; + uwsgi_temp_path /tmp/uwsgi_temp; + scgi_temp_path /tmp/scgi_temp; + error_log /dev/fd/2 warn; + client_max_body_size 8M; + server_tokens off; + sendfile on; + tcp_nopush on; + + log_format json_combined escape=json + '{' + '"time_local":"$time_local",' + '"remote_addr":"$remote_addr",' + '"remote_user":"$remote_user",' + '"request":"$request",' + '"status": "$status",' + '"body_bytes_sent":"$body_bytes_sent",' + '"request_time":"$request_time",' + '"http_referrer":"$http_referer",' + '"http_user_agent":"$http_user_agent"' + '}'; + + access_log /dev/fd/1 json_combined; + + server { + listen 8000; + server_name localhost; + + root /var/www/html/public; + index index.php; + include /etc/nginx/mime.types; + + # Deny access to . (dot) files + location ~ /\. { + deny all; + } + + # Deny access to .php files in public directories + location ~ ^/(media|thumbnail|theme|bundles|sitemap).*\.php$ { + deny all; + } + + location ~ ^/(theme|media|thumbnail|bundles|css|fonts|js|recovery|sitemap)/ { + expires 1y; + add_header Cache-Control "public, must-revalidate, proxy-revalidate"; + log_not_found off; + tcp_nodelay off; + open_file_cache max=3000 inactive=120s; + open_file_cache_valid 45s; + open_file_cache_min_uses 2; + open_file_cache_errors off; + + location ~* ^.+\.svg { + add_header Content-Security-Policy "script-src 'none'"; + add_header Cache-Control "public, must-revalidate, proxy-revalidate"; + log_not_found off; + } + } + + location ~* ^.+\.(?:css|cur|js|jpe?g|gif|ico|png|svg|webp|html|woff|woff2|xml)$ { + expires 1y; + add_header Cache-Control "public, must-revalidate, proxy-revalidate"; + + access_log off; + + # The directive enables or disables messages in error_log about files not found on disk. + log_not_found off; + + tcp_nodelay off; + + ## Set the OS file cache. + open_file_cache max=3000 inactive=120s; + open_file_cache_valid 45s; + open_file_cache_min_uses 2; + open_file_cache_errors off; + + try_files $uri /index.php$is_args$args; + } + + location ~* ^.+\.svg$ { + add_header Content-Security-Policy "script-src 'none'"; + } + + location / { + try_files $uri /index.php$is_args$args; + } + + location ~ \.php$ { + fastcgi_split_path_info ^(.+\.php)(/.+)$; + include fastcgi.conf; + fastcgi_buffers 8 16k; + fastcgi_buffer_size 32k; + fastcgi_read_timeout 300s; + client_body_buffer_size 128k; + fastcgi_pass unix:/tmp/php-fpm.sock; + } + + gzip on; + gzip_min_length 1000; + gzip_proxied expired no-cache no-store private auth; + gzip_types text/plain text/css application/json application/javascript application/x-javascript text/xml application/xml application/xml+rss text/javascript; + } +} diff --git a/nginx/rootfs/etc/supervisord.conf b/nginx/rootfs/etc/supervisord.conf new file mode 100644 index 0000000..846696e --- /dev/null +++ b/nginx/rootfs/etc/supervisord.conf @@ -0,0 +1,17 @@ +[supervisord] +nodaemon=true +logfile=/dev/stderr +logfile_maxbytes=0 +pidfile=/tmp/supervisord.pid + +[program:php-fpm] +command=/usr/local/sbin/php-fpm +redirect_stderr=true +stdout_logfile=/dev/stderr +stdout_logfile_maxbytes=0 + +[program:nginx] +command=/usr/sbin/nginx +redirect_stderr=true +stdout_logfile=/dev/stderr +stdout_logfile_maxbytes=0