server/Dockerfile at master · hashtopolis/server · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
FROM rust:1.94-slim-trixie AS prebuild

RUN apt-get update && apt-get install -y pkg-config libssl-dev

RUN cargo install --locked sqlx-cli --no-default-features --features native-tls,mysql,postgres

FROM alpine/git AS preprocess

COPY .gi[t] /.git

RUN cd / && git rev-parse --short HEAD > /HEAD; exit 0

# BASE image
# ----BEGIN----
FROM php:8.5-apache AS hashtopolis-server-base

# Enable possible build args for injecting user commands
ARG CONTAINER_USER_CMD_PRE
ARG CONTAINER_USER_CMD_POST

# Avoid warnings by switching to noninteractive
ENV DEBIAN_FRONTEND=noninteractive
ENV NODE_OPTIONS='--use-openssl-ca'

# Set default hashtopolis env
ENV HASHTOPOLIS_DOCUMENT_ROOT=/var/www/html/src
ENV HASHTOPOLIS_PATH=/usr/local/share/hashtopolis
ENV HASHTOPOLIS_FILES_PATH=${HASHTOPOLIS_PATH}/files
ENV HASHTOPOLIS_IMPORT_PATH=${HASHTOPOLIS_PATH}/import
ENV HASHTOPOLIS_LOG_PATH=${HASHTOPOLIS_PATH}/log
ENV HASHTOPOLIS_CONFIG_PATH=${HASHTOPOLIS_PATH}/config
ENV HASHTOPOLIS_BINARIES_PATH=${HASHTOPOLIS_PATH}/binaries
ENV HASHTOPOLIS_TUS_PATH=/var/tmp/tus
ENV HASHTOPOLIS_TEMP_UPLOADS_PATH=${HASHTOPOLIS_TUS_PATH}/uploads
ENV HASHTOPOLIS_TEMP_META_PATH=${HASHTOPOLIS_TUS_PATH}/meta

# Add support for TLS inspection corporate setups, see .env.sample for details
ENV NODE_EXTRA_CA_CERTS=/etc/ssl/certs/ca-certificates.crt

# Check for and run optional user-supplied command to enable (advanced) customizations of the container
RUN if [ -n "${CONTAINER_USER_CMD_PRE}" ]; then echo "${CONTAINER_USER_CMD_PRE}" | sh ; fi

# Configure apt and install packages
RUN apt-get update \
    && apt-get -y install --no-install-recommends apt-utils zip unzip nano ncdu gettext-base 2>&1 \
    \
    # Install git, procps, lsb-release (useful for CLI installs) \
    && apt-get -y install git iproute2 procps lsb-release \
    && apt-get -y install mariadb-client postgresql-client libpq-dev \
    && apt-get -y install libpng-dev \
    && apt-get -y install ssmtp \
    && rm -f /etc/ssmtp/ssmtp.conf \
    \
    # Install extensions (optional)
    && docker-php-ext-install pdo_mysql pgsql pdo_pgsql gd bcmath \
    \
    # Install Composer
    && curl -sS https://getcomposer.org/installer | php \
    && mv composer.phar /usr/local/bin/composer \
    # Enable URL rewriting using .htaccess
    && a2enmod rewrite \
    # Enable headers
    && a2enmod headers \
    # Clean Up
    && apt-get autoremove -y \
    && apt-get clean -y \
    && rm -rf /var/lib/apt/lists/*

RUN sed -i 's/KeepAliveTimeout 5/KeepAliveTimeout 10/' /etc/apache2/apache2.conf
RUN echo "ServerTokens Prod" >> /etc/apache2/apache2.conf \
    && echo "ServerSignature Off" >> /etc/apache2/apache2.conf


RUN mkdir -p \
    ${HASHTOPOLIS_DOCUMENT_ROOT} \
    ${HASHTOPOLIS_DOCUMENT_ROOT}/../../.git/ \
    ${HASHTOPOLIS_PATH} \
    ${HASHTOPOLIS_FILES_PATH} \
    ${HASHTOPOLIS_IMPORT_PATH} \
    ${HASHTOPOLIS_LOG_PATH} \
    ${HASHTOPOLIS_CONFIG_PATH} \
    ${HASHTOPOLIS_BINARIES_PATH} \
    ${HASHTOPOLIS_TUS_PATH} \
    ${HASHTOPOLIS_TEMP_UPLOADS_PATH} \
    ${HASHTOPOLIS_TEMP_META_PATH} \
    && chown -R www-data:www-data \
    ${HASHTOPOLIS_PATH} \
    ${HASHTOPOLIS_TUS_PATH} \
    && chmod -R g+w \
    ${HASHTOPOLIS_PATH} \
    ${HASHTOPOLIS_TUS_PATH}

COPY --from=prebuild /usr/local/cargo/bin/sqlx /usr/bin/

COPY --from=preprocess /HEA[D] ${HASHTOPOLIS_DOCUMENT_ROOT}/../.git/

# Install composer
COPY composer.json composer.lock ${HASHTOPOLIS_DOCUMENT_ROOT}/../
RUN composer install --working-dir=${HASHTOPOLIS_DOCUMENT_ROOT}/..

ENV DEBIAN_FRONTEND=dialog
COPY docker-entrypoint.sh /usr/local/bin

# Setting the hashtopolis document root is done at build time. Because the www-data user cannot write to the apache config folder.
COPY 000-default.conf /tmp/
RUN envsubst '${HASHTOPOLIS_DOCUMENT_ROOT} ${HASHTOPOLIS_BINARIES_PATH}' < /tmp/000-default.conf > /etc/apache2/sites-available/000-default.conf && rm /tmp/000-default.conf

ENTRYPOINT [ "docker-entrypoint.sh" ]
# ----END----


# DEVELOPMENT Image
# ----BEGIN----
FROM hashtopolis-server-base AS hashtopolis-server-dev

# Setting up development requirements, install xdebug
RUN yes | pecl install xdebug && docker-php-ext-enable xdebug \
    && echo "zend_extension=$(find /usr/local/lib/php/extensions/ -name xdebug.so)" > /usr/local/etc/php/conf.d/xdebug.ini \
    && echo "xdebug.mode = debug" >> /usr/local/etc/php/conf.d/xdebug.ini \
    && echo "xdebug.start_with_request = yes" >> /usr/local/etc/php/conf.d/xdebug.ini \
	&& echo "xdebug.client_port = 9003" >> /usr/local/etc/php/conf.d/xdebug.ini \
	&& echo "xdebug.idekey = PHPSTORM" >> /usr/local/etc/php/conf.d/xdebug.ini \
    \
    # Configuring PHP \
    && touch "/usr/local/etc/php/conf.d/custom.ini" \
	&& echo "display_errors = 1" >> /usr/local/etc/php/conf.d/custom.ini \
	&& echo "memory_limit = 256m" >> /usr/local/etc/php/conf.d/custom.ini \
	&& echo "upload_max_filesize = 256m" >> /usr/local/etc/php/conf.d/custom.ini \
	&& echo "max_execution_time = 60" >> /usr/local/etc/php/conf.d/custom.ini \
	&& echo "log_errors = On" >> /usr/local/etc/php/conf.d/custom.ini \
	&& echo "error_log = /dev/stderr" >> /usr/local/etc/php/conf.d/custom.ini

# Install python (unittests)
RUN apt-get update \
    && apt-get install -y python3 python3-pip python3-requests python3-pytest

# install dependencies from ./ci/apiv2/requirements.txt
COPY ./ci/apiv2/requirements.txt /tmp/requirements.txt
RUN pip3 install -r /tmp/requirements.txt --break-system-packages

# Adding VSCode user and fixing permissions
RUN groupadd vscode && useradd -rm -d /var/www -s /bin/bash -g vscode -G www-data -u 1001 vscode \
    && chown -R vscode:www-data /var/www \
    && chmod -R g+w /var/www

# This is a seperate step so that changes to the code do not cause the container to be rebuild
# And it will be ran last
COPY --chown=vscode:www-data . ${HASHTOPOLIS_DOCUMENT_ROOT}/..

USER vscode
# ----END----


# PRODUCTION Image
# ----BEGIN----
FROM hashtopolis-server-base AS hashtopolis-server-prod

COPY --chown=www-data:www-data ./src/ $HASHTOPOLIS_DOCUMENT_ROOT

# protect install/update directory
RUN echo "Order deny,allow\nDeny from all" > "${HASHTOPOLIS_DOCUMENT_ROOT}/install/.htaccess"

RUN mv "$PHP_INI_DIR/php.ini-production" "$PHP_INI_DIR/php.ini" \
    && touch "/usr/local/etc/php/conf.d/custom.ini" \
    && echo "memory_limit = 256m" >> /usr/local/etc/php/conf.d/custom.ini \
    && echo "upload_max_filesize = 256m" >> /usr/local/etc/php/conf.d/custom.ini \
    && echo "max_execution_time = 60" >> /usr/local/etc/php/conf.d/custom.ini \
    && echo "display_errors = 0" >> /usr/local/etc/php/conf.d/custom.ini

USER www-data
# ----END----