From 8435da1883ccbff1061b4afe6f623db120d74258 Mon Sep 17 00:00:00 2001 From: Dominic Ricottone Date: Thu, 25 May 2023 12:36:33 -0500 Subject: [PATCH] Updates Added a main README file to act as a directory. Updated nitter Makefile. Added useful base images (fcgi and php). --- README.md | 11 +++++ fcgi/Dockerfile | 10 +++++ fcgi/Makefile | 13 ++++++ fcgi/README.md | 34 ++++++++++++++ nitter/Makefile | 2 +- php/Dockerfile | 8 ++++ php/Dockerfile.development | 7 +++ php/Dockerfile.fpm | 10 +++++ php/Dockerfile.fpm-development | 9 ++++ php/Dockerfile.readwrite | 8 ++++ php/Makefile | 43 ++++++++++++++++++ php/README.md | 55 +++++++++++++++++++++++ php/php-fpm.conf | 20 +++++++++ php/php-fpm.d/www.conf | 52 ++++++++++++++++++++++ php/php/conf.d/php.ini | 73 +++++++++++++++++++++++++++++++ php/php/development.conf | 37 ++++++++++++++++ php/php/mysqli.conf | 18 ++++++++ php/php/pdo-mysql.conf | 10 +++++ php/php/pgsql.conf | 15 +++++++ php/php/production-readonly.conf | 12 +++++ php/php/production-readwrite.conf | 14 ++++++ php/php/production.conf | 29 ++++++++++++ php/php/sodium.conf | 7 +++ 23 files changed, 496 insertions(+), 1 deletion(-) create mode 100644 README.md create mode 100644 fcgi/Dockerfile create mode 100644 fcgi/Makefile create mode 100644 fcgi/README.md create mode 100644 php/Dockerfile create mode 100644 php/Dockerfile.development create mode 100644 php/Dockerfile.fpm create mode 100644 php/Dockerfile.fpm-development create mode 100644 php/Dockerfile.readwrite create mode 100644 php/Makefile create mode 100644 php/README.md create mode 100644 php/php-fpm.conf create mode 100644 php/php-fpm.d/www.conf create mode 100644 php/php/conf.d/php.ini create mode 100644 php/php/development.conf create mode 100644 php/php/mysqli.conf create mode 100644 php/php/pdo-mysql.conf create mode 100644 php/php/pgsql.conf create mode 100644 php/php/production-readonly.conf create mode 100644 php/php/production-readwrite.conf create mode 100644 php/php/production.conf create mode 100644 php/php/sodium.conf diff --git a/README.md b/README.md new file mode 100644 index 0000000..9520b26 --- /dev/null +++ b/README.md @@ -0,0 +1,11 @@ +# Container Images + +|Images |Tags |Fully qualified name of the default image| +|:------|:----|:----------------------------------------| +|[dnsmasq](/~dricottone/container-images/tree/dev/item/dnsmasq/README.md)|latest|`registry.intra.dominic-ricottone.com/dnsmasq:latest`| +|[fcgi](/~dricottone/container-images/tree/dev/item/fcgi/README.md)|latest|`registry.intra.dominic-ricottone.com/fcgi:latest`| +|[haproxy](/~dricottone/container-images/tree/dev/item/haproxy/README.md)|latest|`registry.intra.dominic-ricottone.com/haproxy:latest`| +|[nginx](/~dricottone/container-images/tree/dev/item/nginx/README.md)|latest|`registry.intra.dominic-ricottone.com/nginx:latest`| +|[nitter](/~dricottone/container-images/tree/dev/item/nitter/README.md)|amd64,arm64|`registry.intra.dominic-ricottone.com/nitter:amd64`| +|[php](/~dricottone/container-images/tree/dev/item/php/README.md)|latest,readwrite,fpm,development,fpm-development|`registry.intra.dominic-ricottone.com/php:latest`| + diff --git a/fcgi/Dockerfile b/fcgi/Dockerfile new file mode 100644 index 0000000..cfd48ae --- /dev/null +++ b/fcgi/Dockerfile @@ -0,0 +1,10 @@ +FROM docker.io/library/alpine:latest + +RUN apk add --no-cache spawn-fcgi fcgiwrap dumb-init + +EXPOSE 9000 + +ENTRYPOINT ["/usr/bin/dumb-init", "--"] + +CMD ["spawn-fcgi", "-p", "9000", "-n", "--", "/usr/bin/fcgiwrap", "-f"] + diff --git a/fcgi/Makefile b/fcgi/Makefile new file mode 100644 index 0000000..8d67efc --- /dev/null +++ b/fcgi/Makefile @@ -0,0 +1,13 @@ +CONMAN=sudo docker + +REGISTRY=registry.intra.dominic-ricottone.com +IMAGE=fcgi +TAG=latest + +image: + $(CONMAN) buildx build --push \ + --platform linux/arm64,linux/amd64 \ + --tag $(REGISTRY)/$(IMAGE):$(TAG) \ + . + +.PHONY: image diff --git a/fcgi/README.md b/fcgi/README.md new file mode 100644 index 0000000..0cc5422 --- /dev/null +++ b/fcgi/README.md @@ -0,0 +1,34 @@ +# fcgi + + +## Build and Deploy + +``` +make image +``` + + +### Tags + + + `latest` + +---- + +## Use + +Can be used with any container manager toolchain. + +This is a base image for application-specific container images. + +``` +FROM fcgi + +WORKDIR /app + +COPY app-dist /app +``` + +The FastCGI server then can be proxied over port 9000. +A script copied into the container at `/app/script.cgi` would be available +at `example.com/script.cgi`. + diff --git a/nitter/Makefile b/nitter/Makefile index 8187c72..5e81bc4 100644 --- a/nitter/Makefile +++ b/nitter/Makefile @@ -19,4 +19,4 @@ image-arm64: --tag $(REGISTRY)/$(IMAGE):$(TAG_ARM64) \ . -f Dockerfile.arm64 -.PHONY: image +.PHONY: image image-amd64 image-arm64 diff --git a/php/Dockerfile b/php/Dockerfile new file mode 100644 index 0000000..accebfb --- /dev/null +++ b/php/Dockerfile @@ -0,0 +1,8 @@ +FROM docker.io/library/php:alpine + +COPY php/ /usr/local/etc/php/ + +RUN rm /usr/local/etc/php/php.ini-development /usr/local/etc/php/php.ini-production /usr/local/etc/php/conf.d/docker-php-ext-sodium.ini +RUN mv /usr/local/etc/php/production.conf /usr/local/etc/php/conf.d/production.ini +RUN mv /usr/local/etc/php/production-readonly.conf /usr/local/etc/php/conf.d/production-readonly.ini + diff --git a/php/Dockerfile.development b/php/Dockerfile.development new file mode 100644 index 0000000..2e8d5fa --- /dev/null +++ b/php/Dockerfile.development @@ -0,0 +1,7 @@ +FROM docker.io/library/php:alpine + +COPY php/ /usr/local/etc/php/ + +RUN rm /usr/local/etc/php/php.ini-development /usr/local/etc/php/php.ini-production /usr/local/etc/php/conf.d/docker-php-ext-sodium.ini +RUN mv /usr/local/etc/php/development.conf /usr/local/etc/php/conf.d/development.ini + diff --git a/php/Dockerfile.fpm b/php/Dockerfile.fpm new file mode 100644 index 0000000..c061330 --- /dev/null +++ b/php/Dockerfile.fpm @@ -0,0 +1,10 @@ +FROM docker.io/library/php:fpm-alpine + +COPY php/ /usr/local/etc/php/ +COPY php-fpm.conf /usr/local/etc/php-fpm.conf +COPY php-fpm.d/ /usr/local/etc/php-fpm.d/ + +RUN rm /usr/local/etc/php/php.ini-development /usr/local/etc/php/php.ini-production /usr/local/etc/php/conf.d/docker-php-ext-sodium.ini +RUN mv /usr/local/etc/php/production.conf /usr/local/etc/php/conf.d/production.ini +RUN mv /usr/local/etc/php/production-readonly.conf /usr/local/etc/php/conf.d/production-readonly.ini + diff --git a/php/Dockerfile.fpm-development b/php/Dockerfile.fpm-development new file mode 100644 index 0000000..f3372d7 --- /dev/null +++ b/php/Dockerfile.fpm-development @@ -0,0 +1,9 @@ +FROM docker.io/library/php:fpm-alpine + +COPY php/ /usr/local/etc/php/ +COPY php-fpm.conf /usr/local/etc/php-fpm.conf +COPY php-fpm.d/ /usr/local/etc/php-fpm.d/ + +RUN rm /usr/local/etc/php/php.ini-development /usr/local/etc/php/php.ini-production /usr/local/etc/php/conf.d/docker-php-ext-sodium.ini +RUN mv /usr/local/etc/php/development.conf /usr/local/etc/php/conf.d/development.ini + diff --git a/php/Dockerfile.readwrite b/php/Dockerfile.readwrite new file mode 100644 index 0000000..dcb7237 --- /dev/null +++ b/php/Dockerfile.readwrite @@ -0,0 +1,8 @@ +FROM docker.io/library/php:alpine + +COPY php/ /usr/local/etc/php/ + +RUN rm /usr/local/etc/php/php.ini-development /usr/local/etc/php/php.ini-production /usr/local/etc/php/conf.d/docker-php-ext-sodium.ini +RUN mv /usr/local/etc/php/production.conf /usr/local/etc/php/conf.d/production.ini +RUN mv /usr/local/etc/php/production-readwrite.conf /usr/local/etc/php/conf.d/production-readwrite.ini + diff --git a/php/Makefile b/php/Makefile new file mode 100644 index 0000000..d515f23 --- /dev/null +++ b/php/Makefile @@ -0,0 +1,43 @@ +CONMAN=sudo docker + +REGISTRY=registry.intra.dominic-ricottone.com +IMAGE=php +TAG_DEV=development +TAG_DEV_FPM=fpm-development +TAG_PROD_RW=readwrite +TAG_PROD_RO=latest +TAG_PROD_FPM=fpm + +image: image-dev image-prod-rw image-prod-ro image-dev-fpm image-prod-fpm + +image-dev: + $(CONMAN) buildx build --push \ + --platform linux/amd64 \ + --tag $(REGISTRY)/$(IMAGE):$(TAG_DEV) \ + . -f Dockerfile.development + +image-dev-fpm: + $(CONMAN) buildx build --push \ + --platform linux/amd64 \ + --tag $(REGISTRY)/$(IMAGE):$(TAG_DEV_FPM) \ + . -f Dockerfile.fpm-development + +image-prod-rw: + $(CONMAN) buildx build --push \ + --platform linux/arm64 \ + --tag $(REGISTRY)/$(IMAGE):$(TAG_PROD_RW) \ + . -f Dockerfile.readwrite + +image-prod-ro: + $(CONMAN) buildx build --push \ + --platform linux/arm64 \ + --tag $(REGISTRY)/$(IMAGE):$(TAG_PROD_RO) \ + . + +image-prod-fpm: + $(CONMAN) buildx build --push \ + --platform linux/amd64 \ + --tag $(REGISTRY)/$(IMAGE):$(TAG_PROD_FPM) \ + . -f Dockerfile.fpm + +.PHONY: image image-dev image-prod-rw image-prod-ro image-dev-fpm image-prod-fpm diff --git a/php/README.md b/php/README.md new file mode 100644 index 0000000..fab5215 --- /dev/null +++ b/php/README.md @@ -0,0 +1,55 @@ +# php + + +## Build and Deploy + +``` +make image +``` + + +### Tags + + + `latest` (a read-only and production-ready interpreter) + + `fpm` (a read-only and production-ready FastCGI server) + + `readwrite` (a production-ready interpreter allowing 8 megabyte uploads) + + `development` (an unsafe interpreter) + + `development-fpm` (an unsafe FastCGI server) + +---- + +## Use + +Can be used with any container manager toolchain. + +Can be used as a base image. +To run a PHP application requiring MySQL, try: + +``` +FROM registry.intra.dominic-ricottone.com/php:latest + +RUN mv "$PHP_INI_DIR/pdo-mysql.conf" "$PHP_INI_DIR/conf.d/php-pdo-mysql.ini" +``` + +To run a FastCGI application, try: + +``` +FROM registry.intra.dominic-ricottone.com/php:fpm + +WORKDIR /app + +COPY app-dist /app +``` + +The FastCGI server then can be proxied over port 9000. +A script copied into the container at `/app/script.cgi` would be available +at `example.com/script.cgi`. + +Partial configurations are available for: + + + MySQL/MariaDB... + + with the `mysqli` driver (`mysqli.conf`) + + with the `pdo_mysql` driver (`pdo-mysql.conf`) + + PostgreSQL (`pgsql.conf`) + + Sodium (`sodium.conf`) + diff --git a/php/php-fpm.conf b/php/php-fpm.conf new file mode 100644 index 0000000..7f21dc6 --- /dev/null +++ b/php/php-fpm.conf @@ -0,0 +1,20 @@ +[global] + +daemonize = no + +;;;;;;;;;;; +; Logging ; +;;;;;;;;;;; +error_log = /proc/self/fd/2 +log_level = notice +log_limit = 8192 + +;TODO: implement syslog logging +;error_log = syslog +;syslog.facility = daemon + +;;;;;;;;;;;;;;;;;;;; +; Pool Definitions ; +;;;;;;;;;;;;;;;;;;;; +include=etc/php-fpm.d/*.conf + diff --git a/php/php-fpm.d/www.conf b/php/php-fpm.d/www.conf new file mode 100644 index 0000000..06b5eaf --- /dev/null +++ b/php/php-fpm.d/www.conf @@ -0,0 +1,52 @@ +[www] + +;;;;;;;;;;;;;;; +; Permissions ; +;;;;;;;;;;;;;;; +user = www-data +group = www-data + +;;;;;;;;;; +; Socket ; +;;;;;;;;;; +listen = 9000 + +;listen = /run/php-fpm/php-fpm.sock +;listen.owner = www-data +;listen.group = www-data +;listen.mode = 0660 + +;;;;;;;;;;;;;;;;;;; +; Pool Management ; +;;;;;;;;;;;;;;;;;;; +pm = dynamic +pm.max_children = 5 +pm.start_servers = 2 +pm.min_spare_servers = 1 +pm.max_spare_servers = 3 + +;pm = static +;pm.max_children = 5 + +;pm = ondemand +;pm.max_children = 5 +;pm.process_idle_timeout = 10s + +;;;;;;;;;;;;;;;;;;;;;;;;; +; Environment Variables ; +;;;;;;;;;;;;;;;;;;;;;;;;; +clear_env = no + +;;;;;;;;;;; +; Logging ; +;;;;;;;;;;; +access.log = /proc/self/fd/2 +catch_workers_output = yes +decorate_workers_output = no + +;;;;;;;;;;;; +; Security ; +;;;;;;;;;;;; +;listen.allowed_clients = 127.0.0.1 +;security.limit_extensions = .php .html .htm + diff --git a/php/php/conf.d/php.ini b/php/php/conf.d/php.ini new file mode 100644 index 0000000..b22d8e4 --- /dev/null +++ b/php/php/conf.d/php.ini @@ -0,0 +1,73 @@ +[PHP] + +;;;;;;;;;;;;;;;;;;; +; php.ini Options ; +;;;;;;;;;;;;;;;;;;; +user_ini.filename = + +;;;;;;;;;;;;;;;;;;;; +; Language Options ; +;;;;;;;;;;;;;;;;;;;; +enable_dl = Off +engine = Off +implicit_flush = Off +output_buffering = 4096 +precision = 14 +short_open_tag = Off +zend.enable_gc = On +zlib.output_compression = Off + +;;;;;;;;;;;;;;;;; +; Miscellaneous ; +;;;;;;;;;;;;;;;;; +expose_php = Off + +;;;;;;;;;;;;;;;;;;; +; Resource Limits ; +;;;;;;;;;;;;;;;;;;; +max_execution_time = 30 +max_input_time = 60 +memory_limit = 128M + +;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; +; Error handling and logging ; +;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; +;error_log = "/var/log/php.log" +log_errors = On + +;TODO: implement syslog logging +;error_log = syslog +;syslog.ident = php +;syslog.facility = user +;syslog.filter = ascii + +;;;;;;;;;;;;;; +; Data Model ; +;;;;;;;;;;;;;; +auto_globals_hit = On +default_charset = "UTF-8" +default_mimetype = "text/html" +register_argc_argv = Off +request_order = "GP" +variables_order = "GPCS" + +;;;;;;;;;;;;;;;;;;;;;;;;; +; Paths and Directories ; +;;;;;;;;;;;;;;;;;;;;;;;;; +doc_root = +user_dir = + +;;;;;;; +; FPM ; +;;;;;;; +fastcgi.logging = Off + +;;;;;;;;;;;;;;;;;;;;;;; +; MySQL Native Driver ; +;;;;;;;;;;;;;;;;;;;;;;; +[mysqlnd] +;mysqlnd.mempool_default_size = 16000 +;mysqlnd.net_cmd_buffer_size = 2048 +;mysqlnd.net_read_buffer_size = 32768 +;mysqlnd.net_read_timeout = 31536000 + diff --git a/php/php/development.conf b/php/php/development.conf new file mode 100644 index 0000000..93a5053 --- /dev/null +++ b/php/php/development.conf @@ -0,0 +1,37 @@ +[PHP] + +;; This is a partial configuration file for php(1). +;; Intended for development use ONLY. + +;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; +; Error handling and logging ; +;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; +report_memleaks = On +report_zend_debug = On +zend.assertions = 1 + +;;;;;;;;;;;;;; +; Data Model ; +;;;;;;;;;;;;;; +post_max_size = 0 + +;;;;;;;;;;;;;;;; +; File Uploads ; +;;;;;;;;;;;;;;;; +file_uploads = On +upload_max_filesize = 512M +max_file_uploads = 20 + +;;;;;;;;;;;;;;;;;; +; Fopen wrappers ; +;;;;;;;;;;;;;;;;;; +allow_url_fopen = On +default_socket_timeout = -1 + +;;;;;;;;;;;;;;;;;;;;;;; +; MySQL Native Driver ; +;;;;;;;;;;;;;;;;;;;;;;; +[mysqlnd] +mysqlnd.collect_statistics = On +mysqlnd.collect_memory_statistics = On + diff --git a/php/php/mysqli.conf b/php/php/mysqli.conf new file mode 100644 index 0000000..59e9fe8 --- /dev/null +++ b/php/php/mysqli.conf @@ -0,0 +1,18 @@ +[PHP] + +;; This is a partial configuration file for php(1). +;; The interpreter will be configured for the mysqli driver. + +extension=mysqli + +[MySQLi] +mysqli.allow_persistent = On +mysqli.default_host = +mysqli.default_port = 3306 +mysqli.default_pw = +mysqli.default_user = +mysqli.default_socket = +mysqli.max_links = -1 +mysqli.max_persistent = -1 +mysqli.reconnect = Off + diff --git a/php/php/pdo-mysql.conf b/php/php/pdo-mysql.conf new file mode 100644 index 0000000..d830dc1 --- /dev/null +++ b/php/php/pdo-mysql.conf @@ -0,0 +1,10 @@ +[PHP] + +;; This is a partial configuration file for php(1). +;; The interpreter will be configured for the pdo_mysql driver. + +extension=pdo_mysql + +[Pdo_mysql] +pdo_mysql.default_socket = + diff --git a/php/php/pgsql.conf b/php/php/pgsql.conf new file mode 100644 index 0000000..5bea362 --- /dev/null +++ b/php/php/pgsql.conf @@ -0,0 +1,15 @@ +[PHP] + +;; This is a partial configuration file for php(1). +;; The interpreter will be configured for the pgsql driver. + +extension=pgsql + +[PostgreSQL] +pgsql.allow_persistent = On +pgsql.auto_reset_persistent = Off +pgsql.max_persistent = -1 +pgsql.max_links = -1 +pgsql.ignore_notice = 0 +pgsql.log_notice = 0 + diff --git a/php/php/production-readonly.conf b/php/php/production-readonly.conf new file mode 100644 index 0000000..1ab6e02 --- /dev/null +++ b/php/php/production-readonly.conf @@ -0,0 +1,12 @@ +[PHP] + +;; This is a partial configuration file for php(1). +;; The interpreter will be configured to not accept file uploads. + +;;;;;;;;;;;;;;;; +; File Uploads ; +;;;;;;;;;;;;;;;; +file_uploads = Off +upload_max_filesize = 0 +max_file_uploads = 0 + diff --git a/php/php/production-readwrite.conf b/php/php/production-readwrite.conf new file mode 100644 index 0000000..6cdf0f2 --- /dev/null +++ b/php/php/production-readwrite.conf @@ -0,0 +1,14 @@ +[PHP] + +;; This is a partial configuration file for php(1). +;; The interpreter will be configured to accept file uploads +;; up to 8 megabytes (same as post_max_size). +;; To adjust this limit, overwrite both post_max_size AND upload_max_filesize. + +;;;;;;;;;;;;;;;; +; File Uploads ; +;;;;;;;;;;;;;;;; +file_uploads = On +upload_max_filesize = 8M\ +max_file_uploads = 20 + diff --git a/php/php/production.conf b/php/php/production.conf new file mode 100644 index 0000000..40b486e --- /dev/null +++ b/php/php/production.conf @@ -0,0 +1,29 @@ +[PHP] + +;; This is a partial configuration file for php(1). +;; Intended for production use. + +;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; +; Error handling and logging ; +;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; +display_errors = Off +display_startup_errors = Off +error_reporting = E_ALL & ~E_DEPRECATED & ~E_STRICT +report_memleaks = Off +report_zend_debug = Off +zend.assertions = -1 +zend.exception_ignore_args = On +zend.exception_string_param_max_len = 0 + +;;;;;;;;;;;;;; +; Data Model ; +;;;;;;;;;;;;;; +post_max_size = 8M + +;;;;;;;;;;;;;;;;;;;;;;; +; MySQL Native Driver ; +;;;;;;;;;;;;;;;;;;;;;;; +[mysqlnd] +mysqlnd.collect_statistics = Off +mysqlnd.collect_memory_statistics = Off + diff --git a/php/php/sodium.conf b/php/php/sodium.conf new file mode 100644 index 0000000..9343376 --- /dev/null +++ b/php/php/sodium.conf @@ -0,0 +1,7 @@ +[PHP] + +;; This is a partial configuration file for php(1). +;; The interpreter will be configured to use sodium. + +extension=sodium + -- 2.45.2