github.com/drud/ddev@v1.21.5-alpha1.0.20230226034409-94fcc4b94453/containers/ddev-webserver/Dockerfile (about) 1 2 ### ---------------------------ddev-webserver-base-------------------------------------- 3 ### Build ddev-php-base from ddev-webserver-base 4 ### ddev-php-base is the basic of ddev-php-prod 5 ### and ddev-webserver-* (For DDEV-Local) 6 FROM drud/ddev-php-base:v1.21.4 as ddev-webserver-base 7 8 ENV BACKDROP_DRUSH_VERSION=1.4.0 9 ENV DEBIAN_FRONTEND=noninteractive 10 11 ENV NGINX_SITE_TEMPLATE /etc/nginx/nginx-site.conf 12 ENV APACHE_SITE_TEMPLATE /etc/apache2/apache-site.conf 13 ENV TERMINUS_CACHE_DIR=/mnt/ddev-global-cache/terminus/cache 14 ENV CAROOT /mnt/ddev-global-cache/mkcert 15 16 # TARGETPLATFORM is Docker buildx's target platform (e.g. linux/arm64), while 17 # BUILDPLATFORM is the platform of the build host (e.g. linux/amd64) 18 ARG TARGETPLATFORM 19 ARG BUILDPLATFORM 20 21 ADD ddev-webserver-etc-skel / 22 RUN /sbin/mkhomedir_helper www-data 23 24 RUN apt-get -qq update 25 RUN DEBIAN_FRONTEND=noninteractive apt-get -qq install -y -o Dpkg::Options::="--force-confold" --no-install-recommends --no-install-suggests -y libcap2-bin locales-all supervisor 26 27 # Arbitrary user needs to be able to bind to privileged ports (for nginx and apache2) 28 RUN setcap CAP_NET_BIND_SERVICE=+eip /usr/sbin/nginx 29 RUN setcap CAP_NET_BIND_SERVICE=+eip /usr/sbin/apache2 30 31 ADD ddev-webserver-base-files / 32 ADD ddev-webserver-base-scripts / 33 34 # magerun and magerun2 for magento 35 RUN curl --fail -sSL https://files.magerun.net/n98-magerun-latest.phar -o /usr/local/bin/magerun && chmod 777 /usr/local/bin/magerun 36 RUN curl --fail -sSL https://raw.githubusercontent.com/netz98/n98-magerun/develop/res/autocompletion/bash/n98-magerun.phar.bash -o /etc/bash_completion.d/n98-magerun.phar 37 RUN curl --fail -sSL https://files.magerun.net/n98-magerun2-latest.phar -o /usr/local/bin/magerun2 && chmod 777 /usr/local/bin/magerun2 38 RUN curl --fail -sSL https://raw.githubusercontent.com/netz98/n98-magerun2/develop/res/autocompletion/bash/n98-magerun2.phar.bash -o /etc/bash_completion.d/n98-magerun2.phar && chmod +x /usr/local/bin/magerun 39 40 # /usr/local/bin may need to be updated by start.sh, etc 41 RUN chmod -f ugo+rwx /usr/local/bin /usr/local/bin/composer 42 43 RUN apt-get -qq autoremove && apt-get -qq clean -y && rm -rf /var/lib/apt/lists/* 44 45 # END ddev-webserver-base 46 47 48 ### ---------------------------ddev-webserver-dev-base-------------------------------------- 49 ### Build ddev-webserver-dev-base from ddev-webserver-base 50 FROM ddev-webserver-base as ddev-webserver-dev-base 51 ENV MAILHOG_VERSION="1.0.2" 52 ENV CAROOT /mnt/ddev-global-cache/mkcert 53 ENV PHP_DEFAULT_VERSION="8.0" 54 55 RUN wget -q -O - https://packages.blackfire.io/gpg.key | apt-key add - 56 RUN echo "deb http://packages.blackfire.io/debian any main" > /etc/apt/sources.list.d/blackfire.list 57 RUN apt-get update 58 59 SHELL ["/bin/bash", "-c"] 60 61 RUN DEBIAN_FRONTEND=noninteractive apt-get -qq install -o Dpkg::Options::="--force-confold" --no-install-recommends --no-install-suggests -y \ 62 blackfire \ 63 blackfire-php \ 64 fontconfig \ 65 gettext \ 66 git \ 67 graphviz \ 68 iproute2 \ 69 iputils-ping \ 70 jq \ 71 libldap-common \ 72 libpcre3 \ 73 locales-all \ 74 nano \ 75 ncurses-bin \ 76 netcat \ 77 openssh-client \ 78 patch \ 79 rsync \ 80 sqlite3 \ 81 sudo \ 82 telnet \ 83 unzip \ 84 zip 85 86 RUN curl --fail -JL -s -o /usr/local/bin/mkcert "https://dl.filippo.io/mkcert/latest?for=${TARGETPLATFORM}" && chmod +x /usr/local/bin/mkcert 87 88 # blackfire user by default is set up with /dev/null as homedir, and 999 as uid, which 89 # can break people. Use a real homedir 90 RUN mkdir -p /home/blackfire && chown blackfire:blackfire /home/blackfire && usermod -d /home/blackfire blackfire 91 92 ADD ddev-webserver-dev-base-files / 93 RUN phpdismod blackfire xdebug xhprof 94 95 RUN set -x; curl --fail -sSL "https://github.com/drud/MailHog/releases/download/v${MAILHOG_VERSION}/MailHog_linux_${TARGETPLATFORM##linux/}" -o /usr/local/bin/mailhog && chmod +x /usr/local/bin/mailhog 96 97 RUN curl -sSL --fail --output /usr/local/bin/phive "https://phar.io/releases/phive.phar" && chmod 777 /usr/local/bin/phive 98 RUN set -o pipefail && curl --fail -sSL https://github.com/pantheon-systems/terminus/releases/download/$(curl -L --fail --silent "https://api.github.com/repos/pantheon-systems/terminus/releases/latest" | perl -nle'print $& while m{"tag_name": "\K.*?(?=")}g')/terminus.phar --output /usr/local/bin/terminus && chmod 777 /usr/local/bin/terminus 99 RUN set -o pipefail && curl --fail -sSL https://github.com/platformsh/platformsh-cli/releases/download/$(curl -L --fail --silent "https://api.github.com/repositories/16695539/releases/latest" | perl -nle'print $& while m{"tag_name": "\K.*?(?=")}g')/platform.phar --output /usr/local/bin/platform && chmod 777 /usr/local/bin/platform 100 101 RUN mkdir -p "/opt/phpstorm-coverage" && \ 102 chmod a+rw "/opt/phpstorm-coverage" 103 104 RUN curl --fail -sSL --output /usr/local/bin/acli https://github.com/acquia/cli/releases/latest/download/acli.phar && chmod 777 /usr/local/bin/acli 105 106 RUN curl --fail -sSL https://github.com/backdrop-contrib/drush/releases/download/${BACKDROP_DRUSH_VERSION}/backdrop-drush-extension.zip -o /tmp/backdrop-drush-extension.zip && unzip -o /tmp/backdrop-drush-extension.zip -d /var/tmp/backdrop_drush_commands && rm /tmp/backdrop-drush-extension.zip 107 108 RUN mkdir -p /etc/nginx/sites-enabled /var/log/apache2 /var/run/apache2 /var/lib/apache2/module/enabled_by_admin /var/lib/apache2/module/disabled_by_admin && \ 109 touch /var/log/php-fpm.log && \ 110 chmod ugo+rw /var/log/php-fpm.log && \ 111 chmod ugo+rwx /var/run && \ 112 touch /var/log/nginx/access.log && \ 113 touch /var/log/nginx/error.log && \ 114 chmod -R ugo+rw /var/log/nginx/ && \ 115 chmod ugo+rwx /usr/local/bin/* && \ 116 update-alternatives --set php /usr/bin/php${PHP_DEFAULT_VERSION} && \ 117 ln -sf /usr/sbin/php-fpm${PHP_DEFAULT_VERSION} /usr/sbin/php-fpm 118 119 RUN chmod -R 777 /var/log 120 121 # we need to create the /var/cache/linux and /var/lib/nginx manually for the arm64 image and chmod them, please don't remove them! 122 RUN mkdir -p /mnt/ddev-global-cache/mkcert /run/{php,blackfire} /var/cache/nginx /var/lib/nginx && chmod -R ugo+rw /mnt/ddev-global-cache/ 123 124 RUN chmod -R ugo+w /usr/sbin /usr/bin /etc/nginx /var/cache/nginx /var/lib/nginx /run /var/www /etc/php/*/*/conf.d/ /var/lib/php/modules /etc/alternatives /usr/lib/node_modules /etc/php /etc/apache2 /var/log/apache2/ /var/run/apache2 /var/lib/apache2 /mnt/ddev-global-cache/* 125 126 RUN mkdir -p /var/xhprof && curl --fail -o /tmp/xhprof.tgz -sSL https://pecl.php.net/get/xhprof && tar -zxf /tmp/xhprof.tgz --strip-components=1 -C /var/xhprof && chmod 777 /var/xhprof/xhprof_html && rm /tmp/xhprof.tgz 127 128 RUN touch /var/log/nginx/error.log /var/log/nginx/access.log /var/log/php-fpm.log && \ 129 chmod 666 /var/log/nginx/error.log /var/log/nginx/access.log /var/log/php-fpm.log 130 131 RUN a2dismod mpm_event 132 RUN a2enmod ssl headers expires 133 134 # scripts added last because they're most likely place to make changes, speeds up build 135 ADD ddev-webserver-base-scripts / 136 RUN chmod ugo+x /start.sh /healthcheck.sh 137 138 # Composer, etc may need to be updated by composer self-update 139 RUN chmod -f ugo+rwx /usr/local/bin /usr/local/bin/* 140 141 RUN chmod ugo+w /etc/ssl/certs /usr/local/share/ca-certificates 142 143 HEALTHCHECK --interval=1s --retries=120 --timeout=120s --start-period=120s CMD ["/healthcheck.sh"] 144 CMD ["/start.sh"] 145 RUN apt-get -qq clean -y && rm -rf /var/lib/apt/lists/* 146 #END ddev-webserver-dev-base 147 148 ### ---------------------------ddev-webserver-------------------------------------- 149 ### This could be known as ddev-webserver-dev as it's development-env targeted 150 ### But for historical reasons, it's just ddev-webserver 151 ### Build ddev-webserver by turning ddev-webserver-dev-base into one layer 152 FROM scratch as ddev-webserver 153 ENV PHP_DEFAULT_VERSION="8.0" 154 ENV NGINX_SITE_TEMPLATE /etc/nginx/nginx-site.conf 155 ENV APACHE_SITE_TEMPLATE /etc/apache2/apache-site.conf 156 ENV TERMINUS_CACHE_DIR=/mnt/ddev-global-cache/terminus/cache 157 ENV TERMINUS_HIDE_UPDATE_MESSAGE=1 158 ENV CAROOT /mnt/ddev-global-cache/mkcert 159 ENV COMPOSER_ALLOW_SUPERUSER=1 160 ENV COMPOSER_CACHE_DIR=/mnt/ddev-global-cache/composer 161 ENV COMPOSER_PROCESS_TIMEOUT=2000 162 ENV DEBIAN_FRONTEND noninteractive 163 ENV TERM xterm 164 ENV MH_SMTP_BIND_ADDR 127.0.0.1:1025 165 ENV BASH_ENV /etc/bash.nointeractive.bashrc 166 ENV LANG=C.UTF-8 167 ENV XHPROF_OUTPUT_DIR=/tmp/xhprof 168 ENV PLATFORMSH_CLI_UPDATES_CHECK=0 169 170 COPY --from=ddev-webserver-dev-base / / 171 EXPOSE 80 8025 172 HEALTHCHECK --interval=1s --retries=120 --timeout=120s --start-period=120s CMD ["/healthcheck.sh"] 173 CMD ["/start.sh"] 174 #END ddev-webserver 175 176 ### ---------------------------ddev-webserver-prod-base-------------------------------------- 177 ### Build ddev-webserver-prod-base from ddev-webserver-base 178 ### This image is aimed at actual hardened production environments 179 FROM ddev-webserver-base as ddev-webserver-prod-base 180 ENV CAROOT /mnt/ddev-global-cache/mkcert 181 ENV PHP_DEFAULT_VERSION="8.0" 182 ARG TARGETPLATFORM 183 184 RUN wget -q -O - https://packages.blackfire.io/gpg.key | apt-key add - 185 RUN echo "deb http://packages.blackfire.io/debian any main" > /etc/apt/sources.list.d/blackfire.list 186 RUN apt-get update 187 188 SHELL ["/bin/bash", "-c"] 189 190 RUN DEBIAN_FRONTEND=noninteractive apt-get -qq install -o Dpkg::Options::="--force-confold" --no-install-recommends --no-install-suggests -y \ 191 blackfire-php \ 192 fontconfig \ 193 gettext \ 194 git \ 195 iproute2 \ 196 iputils-ping \ 197 jq \ 198 libpcre3 \ 199 locales-all \ 200 nano \ 201 ncurses-bin \ 202 netcat \ 203 openssh-client \ 204 patch \ 205 rsync \ 206 sqlite3 \ 207 unzip \ 208 zip 209 210 RUN curl --fail -JL -s -o /usr/local/bin/mkcert "https://dl.filippo.io/mkcert/latest?for=${TARGETPLATFORM}" && chmod +x /usr/local/bin/mkcert 211 212 ADD ddev-webserver-prod-files / 213 RUN phpdismod blackfire xhprof 214 215 RUN curl --fail -sSL https://github.com/backdrop-contrib/drush/releases/download/${BACKDROP_DRUSH_VERSION}/backdrop-drush-extension.zip -o /tmp/backdrop-drush-extension.zip && unzip -o /tmp/backdrop-drush-extension.zip -d /var/tmp/backdrop_drush_commands 216 217 RUN mkdir -p /etc/nginx/sites-enabled /var/lock/apache2 /var/log/apache2 /var/run/apache2 /var/lib/apache2/module/enabled_by_admin /var/lib/apache2/module/disabled_by_admin && \ 218 touch /var/log/php-fpm.log && \ 219 chmod ugo+rw /var/log/php-fpm.log && \ 220 chmod ugo+rwx /var/run && \ 221 touch /var/log/nginx/access.log && \ 222 touch /var/log/nginx/error.log && \ 223 chmod -R ugo+rw /var/log/nginx/ && \ 224 chmod ugo+rx /usr/local/bin/* && \ 225 update-alternatives --set php /usr/bin/php${PHP_DEFAULT_VERSION} && \ 226 ln -sf /usr/sbin/php-fpm${PHP_DEFAULT_VERSION} /usr/sbin/php-fpm 227 228 RUN chmod -R 777 /var/log 229 230 # we need to create the /var/cache/linux and /var/lib/nginx manually for the arm64 image and chmod them, please don't remove them! 231 RUN mkdir -p /mnt/ddev-global-cache/mkcert /run/php /var/cache/nginx /var/lib/nginx && chmod -R ugo+rw /home /mnt/ddev-global-cache/ 232 233 RUN chmod -R ugo+w /usr/sbin /usr/bin /etc/nginx /var/cache/nginx /var/lib/nginx /run /var/www /etc/php/*/*/conf.d/ /var/lib/php/modules /etc/alternatives /usr/lib/node_modules /etc/php /etc/apache2 /var/lock/apache2 /var/log/apache2/ /var/run/apache2 /var/lib/apache2 /mnt/ddev-global-cache/* 234 235 RUN touch /var/log/nginx/error.log /var/log/nginx/access.log /var/log/php-fpm.log && \ 236 chmod 666 /var/log/nginx/error.log /var/log/nginx/access.log /var/log/php-fpm.log 237 238 RUN a2dismod mpm_event 239 RUN a2enmod ssl headers expires 240 241 # scripts added last because they're most likely place to make changes, speeds up build 242 ADD ddev-webserver-prod-scripts / 243 RUN chmod ugo+x /start.sh /healthcheck.sh 244 245 RUN /sbin/mkhomedir_helper www-data 246 247 RUN chmod ugo+w /etc/ssl/certs /usr/local/share/ca-certificates 248 249 HEALTHCHECK --interval=1s --retries=120 --timeout=120s --start-period=120s CMD ["/healthcheck.sh"] 250 CMD ["/start.sh"] 251 RUN apt-get -qq clean -y && rm -rf /var/lib/apt/lists/* 252 253 #END ddev-webserver-prod-base 254 255 ### ---------------------------ddev-webserver-prod-------------------------------------- 256 ### Build ddev-webserver-prod, the hardened version of ddev-webserver-base 257 ### (Withut dev features, single layer) 258 FROM scratch as ddev-webserver-prod 259 ENV PHP_DEFAULT_VERSION="8.0" 260 ENV NGINX_SITE_TEMPLATE /etc/nginx/nginx-site.conf 261 ENV APACHE_SITE_TEMPLATE /etc/apache2/apache-site.conf 262 ENV TERMINUS_CACHE_DIR=/mnt/ddev-global-cache/terminus/cache 263 ENV TERMINUS_HIDE_UPDATE_MESSAGE=1 264 ENV CAROOT /mnt/ddev-global-cache/mkcert 265 ENV COMPOSER_ALLOW_SUPERUSER=1 266 ENV COMPOSER_CACHE_DIR=/mnt/ddev-global-cache/composer 267 ENV COMPOSER_PROCESS_TIMEOUT=2000 268 ENV DEBIAN_FRONTEND noninteractive 269 ENV LANG=C.UTF-8 270 ENV TERM xterm 271 ENV BASH_ENV /etc/bash.nointeractive.bashrc 272 ENV PLATFORMSH_CLI_UPDATES_CHECK=0 273 274 COPY --from=ddev-webserver-prod-base / / 275 HEALTHCHECK --interval=1s --retries=120 --timeout=120s --start-period=120s CMD ["/healthcheck.sh"] 276 CMD ["/start.sh"] 277 #END ddev-webserver-prod