bitPickups/ad-aures_castoPod
1
0
Fork 0
mirror of https://github.com/ad-aures/castopod.git synced 2026-04-16 04:57:46 +02:00
Code Issues Projects Releases Packages Wiki Activity

feat(docker): replace all-in-one image with FrankenPHP and Caddy based image + discard other images

Browse source 
- use serversideup/php as a base image
- remove nginx unit base
- remove app / webserver images
- add bundle stage to remove pipeline dependency
- update docker setup docs
- edit gitlabci rules and release logic
This commit is contained in:
Yassine Doghri 2026-02-15 19:32:01 +01:00
commit e5fb676cb6
No known key found for this signature in database
GPG key ID: 1F41CB39A01C099A
58 changed files with 5830 additions and 5318 deletions
Download patch file Download diff file Expand all files Collapse all files

75
docker/production/.gitlab-ci.yml
View file

@ -4,9 +4,9 @@ stages:
docker-build-rolling:
stage: build
image:
name: docker.io/docker:23.0.3-dind
name: docker.io/docker:29.2-dind
services:
- docker:23.0.3-dind
- docker:29.2-dind
variables:
TAG: $CI_COMMIT_BRANCH
DOCKER_BUILDKIT: 1
@ -17,22 +17,16 @@ docker-build-rolling:
- cp ${DOCKER_HUB_CONFIG} /root/.docker/config.json
- docker context create tls-environment
- docker buildx create --use tls-environment
- docker buildx build --push --platform=linux/amd64 --file=docker/production/castopod/Dockerfile --tag=${DOCKER_IMAGE_CASTOPOD}:${TAG} .
- docker buildx build --push --platform=linux/amd64 --file=docker/production/web-server/Dockerfile --tag=${DOCKER_IMAGE_WEB_SERVER}:${TAG} .
- docker buildx build --push --platform=linux/amd64 --file=docker/production/app/Dockerfile --tag=${DOCKER_IMAGE_APP}:${TAG} .
needs:
- pipeline: $PARENT_PIPELINE_ID
job: bundle
only:
refs:
- develop
- docker buildx build --secret id=maxmind-licence-key,env=MAXMIND_LICENCE_KEY --push --platform=linux/amd64 --file=docker/production/Dockerfile --tag=${DOCKER_IMAGE_CASTOPOD}:${TAG} .
rules:
- if: $CI_COMMIT_BRANCH == 'develop'
docker-build-main-release:
docker-build-release:
stage: build
image:
name: docker.io/docker:23.0.3-dind
name: docker.io/docker:29.2-dind
services:
- docker:23.0.3-dind
- docker:29.2-dind
variables:
DOCKER_BUILDKIT: 1
DOCKER_HOST: tcp://docker:2376
@ -40,50 +34,15 @@ docker-build-main-release:
script:
- mkdir -p /root/.docker
- cp ${DOCKER_HUB_CONFIG} /root/.docker/config.json
- export CP_VERSION=$(cat CP_VERSION.env)
# extract Castopod version from tag (remove "v" prefix)
- export CP_VERSION=$(echo "$CI_COMMIT_TAG" | sed 's/^v//')
# extract pre release identifier (eg. alpha, beta, next, ...) from CP_VERSION or "latest" if none exists
- export CP_TAG=$(echo "$CP_VERSION" | sed 's/^[^-]*-\([^.]*\)\..*/\1/; t; s/.*/latest/')
- docker context create tls-environment
- docker buildx create --use tls-environment
- docker buildx build --push --platform=linux/amd64 --file=docker/production/castopod/Dockerfile --tag=${DOCKER_IMAGE_CASTOPOD}:${CP_VERSION} --tag=${DOCKER_IMAGE_CASTOPOD}:latest .
- docker buildx build --push --platform=linux/amd64 --file=docker/production/web-server/Dockerfile --tag=${DOCKER_IMAGE_WEB_SERVER}:${CP_VERSION} --tag=${DOCKER_IMAGE_WEB_SERVER}:latest .
- docker buildx build --push --platform=linux/amd64 --file=docker/production/app/Dockerfile --tag=${DOCKER_IMAGE_APP}:${CP_VERSION} --tag=${DOCKER_IMAGE_APP}:latest .
- docker buildx build --secret id=maxmind-licence-key,env=MAXMIND_LICENCE_KEY --push --platform=linux/amd64 --file=docker/production/Dockerfile --tag=${DOCKER_IMAGE_CASTOPOD}:${CP_VERSION} --tag=${DOCKER_IMAGE_CASTOPOD}:${CP_TAG} .
# when --platform=linux/amd64,linux/arm64: amd64 image takes too long to be pushed as it needs to wait for arm64 to be built
# --> build and push amd64 image to be pushed first, then overwrite manifest after building arm64
- docker buildx build --push --platform=linux/amd64,linux/arm64 --file=docker/production/castopod/Dockerfile --tag=${DOCKER_IMAGE_CASTOPOD}:${CP_VERSION} --tag=${DOCKER_IMAGE_CASTOPOD}:latest .
needs:
- pipeline: $PARENT_PIPELINE_ID
job: release
only:
refs:
- main
docker-build-prerelease:
stage: build
image:
name: docker.io/docker:23.0.3-dind
services:
- docker:23.0.3-dind
variables:
TAG: $CI_COMMIT_BRANCH
DOCKER_BUILDKIT: 1
DOCKER_HOST: tcp://docker:2376
DOCKER_TLS_CERTDIR: "/certs"
script:
- mkdir -p /root/.docker
- cp ${DOCKER_HUB_CONFIG} /root/.docker/config.json
- export CP_VERSION=$(cat CP_VERSION.env)
- docker context create tls-environment
- docker buildx create --use tls-environment
- docker buildx build --push --platform=linux/amd64 --file=docker/production/castopod/Dockerfile --tag=${DOCKER_IMAGE_CASTOPOD}:${CP_VERSION} --tag=${DOCKER_IMAGE_CASTOPOD}:${TAG} .
- docker buildx build --push --platform=linux/amd64 --file=docker/production/web-server/Dockerfile --tag=${DOCKER_IMAGE_WEB_SERVER}:${CP_VERSION} --tag=${DOCKER_IMAGE_WEB_SERVER}:${TAG} .
- docker buildx build --push --platform=linux/amd64 --file=docker/production/app/Dockerfile --tag=${DOCKER_IMAGE_APP}:${CP_VERSION} --tag=${DOCKER_IMAGE_APP}:${TAG} .
# when --platform=linux/amd64,linux/arm64: amd64 image takes too long to be pushed as it needs to wait for arm64 to be built
# --> build and push amd64 image to be pushed first, then overwrite manifest after building arm64
- docker buildx build --push --platform=linux/amd64,linux/arm64 --file=docker/production/castopod/Dockerfile --tag=${DOCKER_IMAGE_CASTOPOD}:${CP_VERSION} --tag=${DOCKER_IMAGE_CASTOPOD}:${TAG} .
needs:
- pipeline: $PARENT_PIPELINE_ID
job: release
only:
refs:
- alpha
- beta
- next
# --> build and push amd64 image first, then overwrite manifest after building arm64
- docker buildx build --secret id=maxmind-licence-key,env=MAXMIND_LICENCE_KEY --push --platform=linux/amd64,linux/arm64 --file=docker/production/Dockerfile --tag=${DOCKER_IMAGE_CASTOPOD}:${CP_VERSION} --tag=${DOCKER_IMAGE_CASTOPOD}:${CP_TAG} .
rules:
- if: $CI_COMMIT_TAG

135
docker/production/Dockerfile Normal file
View file

@ -0,0 +1,135 @@
####################################################
# Castopod's Production Dockerfile
####################################################
# An optimized Dockerfile for production using
# multi-stage builds:
# 1. BUNDLE castopod
# 2. BUILD the FrankenPHP/debian based prod image
#---------------------------------------------------
ARG PHP_VERSION="8.4"
####################################################
# BUNDLE STAGE
# -------------------------------------------------
# Bundle castopod for production using
# a PHP / Alpine image
#---------------------------------------------------
FROM php:${PHP_VERSION}-alpine3.23 AS bundle
LABEL maintainer="Yassine Doghri <yassine@doghri.fr>"
COPY . /castopod-src
WORKDIR /castopod-src
COPY --from=composer:2.9 /usr/bin/composer /usr/local/bin/composer
RUN \
# download GeoLite2-City archive and extract it to writable/uploads
--mount=type=secret,id=maxmind-licence-key,env=MAXMIND_LICENCE_KEY \
wget -c "https://download.maxmind.com/app/geoip_download?edition_id=GeoLite2-City&license_key=$MAXMIND_LICENCE_KEY&suffix=tar.gz" -O - | tar -xz -C ./writable/uploads/ \
# rename extracted archives' folders
&& mv ./writable/uploads/GeoLite2-City* ./writable/uploads/GeoLite2-City
RUN \
# install composer globally
curl -sS https://getcomposer.org/installer | php -- --install-dir=/usr/local/bin --filename=composer \
# install node and pnpm
&& apk add --no-cache \
nodejs \
pnpm \
git \
rsync \
# install production dependencies only using the --no-dev option
&& composer install --no-dev --prefer-dist --no-ansi --no-interaction --no-progress --ignore-platform-reqs \
# install js dependencies based on lockfile
&& pnpm install --frozen-lockfile \
# build all production static assets (css, js, images, icons, fonts, etc.)
&& pnpm run build \
# create castopod folder bundle: uses .rsync-filter (-F) file to copy only needed files
&& rsync -aF . /castopod
####################################################
# BUILD STAGE
# -------------------------------------------------
# Define production image based on FrankenPHP /
# Debian with services managed by s6-overlay
#---------------------------------------------------
FROM serversideup/php:${PHP_VERSION}-frankenphp-trixie AS build
LABEL maintainer="Yassine Doghri <yassine@doghri.fr>"
USER root
# Latest releases available at https://github.com/aptible/supercronic/releases
ARG SUPERCRONIC_URL=https://github.com/aptible/supercronic/releases/download/v0.2.42/supercronic-linux-amd64 \
SUPERCRONIC_SHA1SUM=b444932b81583b7860849f59fdb921217572ece2 \
SUPERCRONIC=supercronic-linux-amd64
# add supercronic to handle cron jobs
RUN \
curl -fsSLO "$SUPERCRONIC_URL" \
&& echo "${SUPERCRONIC_SHA1SUM} ${SUPERCRONIC}" | sha1sum -c - \
&& chmod +x "$SUPERCRONIC" \
&& mv "$SUPERCRONIC" "/usr/local/bin/${SUPERCRONIC}" \
&& ln -s "/usr/local/bin/${SUPERCRONIC}" /usr/local/bin/supercronic
ARG S6_OVERLAY_VERSION=3.2.2.0
# add s6-overlay process manager
ADD https://github.com/just-containers/s6-overlay/releases/download/v${S6_OVERLAY_VERSION}/s6-overlay-noarch.tar.xz /tmp
RUN tar -C / -Jxpf /tmp/s6-overlay-noarch.tar.xz
ADD https://github.com/just-containers/s6-overlay/releases/download/v${S6_OVERLAY_VERSION}/s6-overlay-x86_64.tar.xz /tmp
RUN tar -C / -Jxpf /tmp/s6-overlay-x86_64.tar.xz
# copy s6-overlay services
COPY --chown=www-data:www-data docker/production/s6-rc.d /etc/s6-overlay/s6-rc.d
# make prepare-environment executable for bootstrapping the Castopod environment
RUN chmod +x /etc/s6-overlay/s6-rc.d/bootstrap/prepare-environment.sh
RUN \
apt-get update \
&& apt-get install -y \
ffmpeg \
libfreetype6-dev \
libjpeg62-turbo-dev \
libpng-dev \
libwebp-dev \
libicu-dev \
&& install-php-extensions \
intl \
mysqli \
exif \
gd \
# As of PHP 7.4 we don't need to add --with-png
&& docker-php-ext-configure gd --with-webp --with-jpeg --with-freetype
# copy castopod bundle from bundle stage
COPY --from=bundle --chown=www-data:www-data /castopod /app
RUN \
chmod -R 550 /app/ \
&& chmod -R 770 /app/public/media/ \
&& chmod -R 770 /app/writable/ \
&& chmod 750 /app/
ARG \
PHP_MEMORY_LIMIT=512M \
PHP_MAX_EXECUTION_TIME=300 \
PHP_UPLOAD_MAX_FILE_SIZE=512M \
PHP_POST_MAX_SIZE=512M \
PHP_OPCACHE_ENABLE=1
ENV \
PHP_MEMORY_LIMIT=${PHP_MEMORY_LIMIT} \
PHP_MAX_EXECUTION_TIME=${PHP_MAX_EXECUTION_TIME} \
PHP_UPLOAD_MAX_FILE_SIZE=${PHP_UPLOAD_MAX_FILE_SIZE} \
PHP_POST_MAX_SIZE=${PHP_POST_MAX_SIZE} \
PHP_OPCACHE_ENABLE=${PHP_OPCACHE_ENABLE}
USER www-data
ENTRYPOINT ["docker-php-serversideup-entrypoint"]
CMD ["/init"]

12
docker/production/app/entrypoint.sh
View file

@ -1,12 +0,0 @@
#!/bin/sh
ENV_FILE_LOCATION=/var/www/castopod/.env
# Fix ownership and permissions of castopod folders
chmod -R 750 /var/www/castopod
chown -R root:www-data /var/www/castopod
chown -R www-data:www-data /var/www/castopod/writable /var/www/castopod/public/media
. /prepare_environment.sh
supervisord

21
docker/production/app/supervisord.conf
View file

@ -1,21 +0,0 @@
[supervisord]
nodaemon=true
[program:supercronic]
user=www-data
command=supercronic /crontab.txt
autostart=true
autorestart=unexpected
stdout_logfile=/dev/stdout
stdout_logfile_maxbytes=0
stderr_logfile=/dev/stderr
stderr_logfile_maxbytes=0
[program:fpm]
command=/usr/local/sbin/php-fpm
autostart=true
autorestart=unexpected
stdout_logfile=/dev/stdout
stdout_logfile_maxbytes=0
stderr_logfile=/dev/stderr
stderr_logfile_maxbytes=0

60
docker/production/castopod/config.template.json
View file

@ -1,60 +0,0 @@
{
"listeners": {
"*:8000": {
"pass": "routes"
}
},
"routes": [
{
"match": {
"uri": "~^.+\\.(css|js|jpg|jpeg|gif|png|ico|gz|svg|svgz|ttf|otf|woff|woff2|eot|mp4|ogg|ogv|webm|webp|zip|swf|map)$"
},
"action": {
"share": "/var/www/castopod/public$uri",
"response_headers": {
"X-Content-Type-Options": "nosniff",
"Access-Control-Allow-Origin": "*",
"Cache-Control": "max-age=604800"
},
"fallback": {
"pass": "applications/castopod"
}
}
},
{
"action": {
"share": "/var/www/castopod/public$uri",
"response_headers": {
"X-Frame-Options": "sameorigin",
"X-Content-Type-Options": "nosniff",
"Access-Control-Allow-Origin": "*"
},
"fallback": {
"pass": "applications/castopod"
}
}
}
],
"applications": {
"castopod": {
"type": "php",
"root": "/var/www/castopod/public/",
"script": "index.php"
}
},
"access_log": {
"path": "/dev/stdout"
},
"settings": {
"http": {
"body_read_timeout": $CP_TIMEOUT,
"max_body_size": $CP_MAX_BODY_SIZE_BYTES,
"static": {
"mime_types": {
"text/vtt": [".vtt"],
"text/srt": [".srt"]
}
}
}
}
}

8
docker/production/castopod/entrypoint.sh
View file

@ -1,8 +0,0 @@
#!/bin/sh
ENV_FILE_LOCATION=/var/www/castopod/.env
. /prepare_environment.sh
cat /config.template.json | envsubst '$CP_MAX_BODY_SIZE_BYTES$CP_TIMEOUT' > /usr/local/var/lib/unit/conf.json
supervisord

20
docker/production/castopod/supervisord.conf
View file

@ -1,20 +0,0 @@
[supervisord]
nodaemon=true
[program:supercronic]
user=www-data
command=supercronic /crontab.txt
autostart=true
autorestart=unexpected
stdout_logfile=/dev/stdout
stdout_logfile_maxbytes=0
stderr_logfile=/dev/stderr
stderr_logfile_maxbytes=0
[program:unit]
command=unitd --no-daemon
autostart=true
autorestart=unexpected
stdout_logfile=/dev/stdout
stdout_logfile_maxbytes=0
stderr_logfile_maxbytes=0

1
docker/production/common/crontab.txt
View file

@ -1 +0,0 @@
* * * * * /usr/local/bin/php /var/www/castopod/spark tasks:run >> /dev/null 2>&1

6
docker/production/common/uploads.template.ini
View file

@ -1,6 +0,0 @@
file_uploads = On
memory_limit = $CP_PHP_MEMORY_LIMIT
upload_max_filesize = $CP_MAX_BODY_SIZE
post_max_size = $CP_MAX_BODY_SIZE
max_execution_time = $CP_TIMEOUT
max_input_time = $CP_TIMEOUT

0
docker/production/s6-rc.d/bootstrap/dependencies.d/frankenphp Normal file
View file

80
docker/production/common/prepare_environment.sh → docker/production/s6-rc.d/bootstrap/prepare-environment.sh
View file

@ -1,4 +1,6 @@
#!/bin/sh
#!/command/with-contenv sh
ENV_FILE_LOCATION=/app/.env
log_error() {
printf "\033[0;31mERROR:\033[0m $1\n"
@ -9,6 +11,13 @@ log_warning() {
printf "\033[0;33mWARNING:\033[0m $1\n"
}
log_info() {
printf "\033[0;34mINFO:\033[0m $1\n"
}
# Remove .env file if exists to recreate it.
rm -f $ENV_FILE_LOCATION
if [ -z "${CP_BASEURL}" ]
then
log_error "CP_BASEURL must be set"
@ -16,19 +25,19 @@ fi
if [ -z "${CP_MEDIA_BASEURL}" ]
then
echo "CP_MEDIA_BASEURL is empty, using CP_BASEURL by default"
log_info "CP_MEDIA_BASEURL is empty, using CP_BASEURL by default"
CP_MEDIA_BASEURL=$CP_BASEURL
fi
if [ -z "${CP_ADMIN_GATEWAY}" ]
then
echo "CP_ADMIN_GATEWAY is empty, using default"
log_info "CP_ADMIN_GATEWAY is empty, using default \"cp-admin\""
CP_ADMIN_GATEWAY="cp-admin"
fi
if [ -z "${CP_AUTH_GATEWAY}" ]
then
echo "CP_AUTH_GATEWAY is empty, using default"
log_info "CP_AUTH_GATEWAY is empty, using default \"cp-auth\""
CP_AUTH_GATEWAY="cp-auth"
fi
@ -39,13 +48,13 @@ fi
if [ -z "${CP_DATABASE_HOSTNAME}" ]
then
log_warning "CP_DATABASE_HOSTNAME is empty, using default"
log_warning "CP_DATABASE_HOSTNAME is empty, using default \"mariadb\""
CP_DATABASE_HOSTNAME="mariadb"
fi
if [ -z "${CP_DATABASE_PREFIX}" ]
then
echo "CP_DATABASE_PREFIX is empty, using default"
log_info "CP_DATABASE_PREFIX is empty, using default \"cp_\""
CP_DATABASE_PREFIX="cp_"
fi
@ -84,29 +93,28 @@ fi
if [ ! -z "${CP_REDIS_HOST}" ]
then
echo "Using redis cache handler"
log_info "Using redis cache handler"
CP_CACHE_HANDLER="redis"
if [ -z "${CP_REDIS_PASSWORD}" ]
then
echo "CP_REDIS_PASSWORD is empty, using default"
CP_REDIS_PASSWORD="null"
log_error "You must set CP_REDIS_PASSWORD when using redis as a cache handler."
else
CP_REDIS_PASSWORD="\"${CP_REDIS_PASSWORD}\""
fi
if [ -z "${CP_REDIS_PORT}" ]
then
echo "CP_REDIS_PORT is empty, using default"
log_info "CP_REDIS_PORT is empty, using default port \"6379\""
CP_REDIS_PORT="6379"
fi
if [ -z "${CP_REDIS_DATABASE}" ]
then
echo "CP_REDIS_DATABASE is empty, using default"
log_info "CP_REDIS_DATABASE is empty, using default \"0\""
CP_REDIS_DATABASE="0"
fi
else
echo "Using file cache handler"
log_info "Using file cache handler"
CP_CACHE_HANDLER="file"
fi
@ -134,28 +142,6 @@ then
fi
fi
if [ -z "${CP_PHP_MEMORY_LIMIT}" ]
then
export CP_PHP_MEMORY_LIMIT="512M"
fi
if [ -z "${CP_MAX_BODY_SIZE}" ]
then
export CP_MAX_BODY_SIZE="512M"
fi
CP_MAX_BODY_SIZE_BYTES=$(numfmt --from=iec "$CP_MAX_BODY_SIZE")
if [ $? -ne 0 ]
then
log_error "Failed to parse CP_MAX_BODY_SIZE ($CP_MAX_BODY_SIZE) as human readable number"
fi
export CP_MAX_BODY_SIZE_BYTES=$CP_MAX_BODY_SIZE_BYTES
if [ -z "${CP_TIMEOUT}" ]
then
export CP_TIMEOUT=900
fi
cat << EOF > $ENV_FILE_LOCATION
app.baseURL="${CP_BASEURL}"
media.baseURL="${CP_MEDIA_BASEURL}"
@ -238,20 +224,17 @@ if [ ! -z "${CP_EMAIL_SMTP_HOST}" ]
then
if [ -z "${CP_EMAIL_SMTP_USERNAME}" ]
then
echo "When CP_EMAIL_SMTP_HOST is provided, CP_EMAIL_SMTP_USERNAME must be set"
exit 1
log_error "When CP_EMAIL_SMTP_HOST is provided, CP_EMAIL_SMTP_USERNAME must be set"
fi
if [ -z "${CP_EMAIL_SMTP_PASSWORD}" ]
then
echo "When CP_EMAIL_SMTP_HOST is provided, CP_EMAIL_SMTP_PASSWORD must be set"
exit 1
log_error "When CP_EMAIL_SMTP_HOST is provided, CP_EMAIL_SMTP_PASSWORD must be set"
fi
if [ -z "${CP_EMAIL_FROM}" ]
then
echo "When CP_EMAIL_SMTP_HOST is provided, CP_EMAIL_FROM must be set"
exit 1
log_error "When CP_EMAIL_SMTP_HOST is provided, CP_EMAIL_FROM must be set"
fi
cat << EOF >> $ENV_FILE_LOCATION
@ -273,8 +256,7 @@ EOF
then
if [ "${CP_EMAIL_SMTP_CRYPTO}" != "ssl" ] && [ "${CP_EMAIL_SMTP_CRYPTO}" != "tls" ]
then
echo "CP_EMAIL_SMTP_CRYPTO must be ssl or tls"
exit 1
log_error "CP_EMAIL_SMTP_CRYPTO must be ssl or tls"
fi
cat << EOF >> $ENV_FILE_LOCATION
email.SMTPCrypto=${CP_EMAIL_SMTP_CRYPTO}
@ -282,14 +264,14 @@ EOF
fi
fi
echo "Using config:"
log_info "Using config:"
cat $ENV_FILE_LOCATION
#Run database migrations after 10 seconds (to wait for the database to be started)
(sleep 10 && php spark castopod:database-update) &
# prevent .env from being writable
chmod -w $ENV_FILE_LOCATION
#Run database migrations
/usr/local/bin/php /var/www/html/spark castopod:database-update
# clear cache to account for new assets and any change in data structure
php spark cache:clear
#Apply php configuration
cat /uploads.template.ini | envsubst '$CP_MAX_BODY_SIZE$CP_MAX_BODY_SIZE_BYTES$CP_TIMEOUT$CP_PHP_MEMORY_LIMIT' > /usr/local/etc/php/conf.d/uploads.ini
/usr/local/bin/php /var/www/html/spark cache:clear

1
docker/production/s6-rc.d/bootstrap/type Normal file
View file

@ -0,0 +1 @@
oneshot

2
docker/production/s6-rc.d/bootstrap/up Normal file
View file

@ -0,0 +1,2 @@
#!/command/with-contenv sh
/etc/s6-overlay/s6-rc.d/bootstrap/prepare-environment.sh

0
docker/production/s6-rc.d/frankenphp/dependencies.d/base Normal file
View file

2
docker/production/s6-rc.d/frankenphp/run Normal file
View file

@ -0,0 +1,2 @@
#!/command/with-contenv sh
frankenphp run --config /etc/frankenphp/Caddyfile --adapter caddyfile

1
docker/production/s6-rc.d/frankenphp/type Normal file
View file

@ -0,0 +1 @@
longrun

1
docker/production/s6-rc.d/supercronic/crontab Normal file
View file

@ -0,0 +1 @@
* * * * * /usr/local/bin/php /var/www/html/spark tasks:run >> /dev/null 2>&1

0
docker/production/s6-rc.d/supercronic/dependencies.d/frankenphp Normal file
View file

2
docker/production/s6-rc.d/supercronic/run Normal file
View file

@ -0,0 +1,2 @@
#!/command/with-contenv sh
supercronic /etc/s6-overlay/s6-rc.d/supercronic/crontab

1
docker/production/s6-rc.d/supercronic/type Normal file
View file

@ -0,0 +1 @@
longrun

0
docker/production/s6-rc.d/user/contents.d/bootstrap Normal file
View file

0
docker/production/s6-rc.d/user/contents.d/frankenphp Normal file
View file

0
docker/production/s6-rc.d/user/contents.d/supercronic Normal file
View file

18
docker/production/web-server/Dockerfile
View file

@ -1,18 +0,0 @@
FROM docker.io/nginx:1.29
COPY docker/production/web-server/entrypoint.sh /entrypoint.sh
COPY docker/production/web-server/nginx.template.conf /nginx.template.conf
COPY castopod/public /var/www/html
RUN chmod +x /entrypoint.sh && \
apt-get update && \
apt-get install -y curl gettext-base && \
rm -rf /var/lib/apt/lists/* && \
usermod -aG www-data nginx
HEALTHCHECK --interval=30s --timeout=3s CMD curl --fail http://localhost || exit 1
VOLUME /var/www/html/media
EXPOSE 80
WORKDIR /var/www/html
CMD ["/entrypoint.sh"]

20
docker/production/web-server/entrypoint.sh
View file

@ -1,20 +0,0 @@
#!/bin/sh
if [ -z "${CP_APP_HOSTNAME}" ]
then
echo "CP_APP_HOSTNAME is empty, using default"
export CP_APP_HOSTNAME="app"
fi
if [ -z "${CP_MAX_BODY_SIZE}" ]
then
export CP_MAX_BODY_SIZE=512M
fi
if [ -z "${CP_TIMEOUT}" ]
then
export CP_TIMEOUT=900
fi
cat /nginx.template.conf | envsubst '$CP_APP_HOSTNAME$CP_MAX_BODY_SIZE$CP_TIMEOUT' > /etc/nginx/nginx.conf
nginx -g "daemon off;"

80
docker/production/web-server/nginx.template.conf
View file

@ -1,80 +0,0 @@
worker_processes auto;
error_log /var/log/nginx/error.log warn;
pid /var/run/nginx.pid;
events {
worker_connections 1024;
}
http {
include /etc/nginx/mime.types;
types {
text/vtt vtt;
text/srt srt;
}
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
keepalive_timeout 65;
set_real_ip_from 10.0.0.0/8;
set_real_ip_from 172.16.0.0/12;
set_real_ip_from 192.168.0.0/16;
real_ip_header X-Real-IP;
upstream php-handler {
server $CP_APP_HOSTNAME:9000;
}
server {
listen 80;
root /var/www/html;
server_tokens off;
add_header X-Frame-Options sameorigin always;
add_header Permissions-Policy interest-cohort=();
add_header X-Content-Type-Options nosniff;
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload;";
client_max_body_size $CP_MAX_BODY_SIZE;
client_body_timeout ${CP_TIMEOUT}s;
fastcgi_buffers 64 4K;
gzip on;
gzip_vary on;
gzip_comp_level 4;
gzip_min_length 256;
gzip_types application/atom+xml application/javascript application/rss+xml image/bmp image/svg+xml image/x-icon text/css text/plain text/html;
try_files $uri $uri/ /index.php?$args;
index index.php index.html;
location ~ \.php$ {
include fastcgi_params;
fastcgi_intercept_errors on;
fastcgi_index index.php;
fastcgi_param SERVER_NAME $host;
fastcgi_pass php-handler;
fastcgi_param SCRIPT_FILENAME /var/www/castopod/public/$fastcgi_script_name;
try_files $uri =404;
fastcgi_read_timeout 3600;
fastcgi_send_timeout 3600;
}
location ~* ^.+\.(css|js|jpg|jpeg|gif|png|ico|gz|svg|svgz|ttf|otf|woff|woff2|eot|mp4|ogg|ogv|webm|webp|zip|swf|map)$ {
add_header Access-Control-Allow-Origin "*";
expires max;
access_log off;
}
}
}