headshed/share-lt
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
share-lt/Dockerfile
jon brookes 5646ddd9a3 fix/partial/CVE-2025-68121/crypto/tls
2026-02-14 18:13:56 +00:00

107 lines
3.3 KiB
Docker
Raw Permalink Blame History

# Build stage for NATS CLI
FROM golang:1.26-alpine AS nats-builder
RUN apk add --no-cache git
RUN git clone --depth 1 https://github.com/nats-io/natscli.git /src
WORKDIR /src/nats
RUN CGO_ENABLED=0 GOOS=linux go build -a -installsuffix cgo -o nats .
FROM php:8.4-fpm-alpine3.23
ENV APP_ENV=production
ENV APP_DEBUG=false
WORKDIR /var/www
RUN apk update && apk add --no-cache \
build-base \
libpng-dev \
libjpeg-turbo-dev \
freetype-dev \
zip \
jpegoptim optipng pngquant gifsicle \
vim \
unzip \
git \
curl \
libzip-dev \
oniguruma-dev \
nodejs \
npm \
icu-dev \
sqlite-dev \
sqlite-libs \
nginx \
supervisor \
su-exec \
tini \
unzip \
bash \
jq \
&& rm -rf /var/cache/apk/*
COPY --from=nats-builder /src/nats/nats /usr/local/bin/nats
RUN chmod +x /usr/local/bin/nats
RUN rm -rf /var/cache/apk/*
RUN docker-php-ext-install mbstring zip exif pcntl intl gd pdo pdo_sqlite bcmath
RUN curl -sS https://getcomposer.org/installer | php -- --install-dir=/usr/local/bin --filename=composer
# Copy entrypoint script
COPY cmd/docker-entrypoint.sh /usr/local/bin/docker-entrypoint.sh
RUN chmod +x /usr/local/bin/docker-entrypoint.sh
# Copy supervisord configuration
COPY ./docker/supervisord.conf /etc/supervisord.conf
RUN mkdir -p /var/log/supervisor \
&& mkdir -p /run/nginx /var/cache/nginx /var/lib/nginx /var/tmp/nginx \
&& chown -R root:root /run/nginx /var/cache/nginx /var/lib/nginx /var/tmp/nginx
# Create www user and add to www-data group
RUN adduser -u 1000 -G www-data -s /bin/sh -D www
# Configure PHP-FPM to run as www user
RUN sed -i 's/user = www-data/user = www/g' /usr/local/etc/php-fpm.d/www.conf
# Remove the semicolon to uncomment the listen directive
RUN sed -i 's/;listen = 127.0.0.1:9000/listen = 9000/' /usr/local/etc/php-fpm.d/www.conf
# Ensure the worker running the code is correct (usually www-data or nginx)
RUN sed -i 's/;listen.owner = www-data/listen.owner = www/' /usr/local/etc/php-fpm.d/www.conf
RUN sed -i 's/;listen.group = www-data/listen.group = www-data/' /usr/local/etc/php-fpm.d/www.conf
# Update nginx.conf to use 'www' user instead of 'nginx'
RUN sed -i 's/user nginx;/user www;/' /etc/nginx/nginx.conf
# Remove user and group directives from nginx and php-fpm configs to avoid conflicts
RUN sed -i '/^user /d' /etc/nginx/nginx.conf
RUN sed -i '/^user = /d' /usr/local/etc/php-fpm.d/www.conf
RUN sed -i '/^group = /d' /usr/local/etc/php-fpm.d/www.conf
# Set permissions for nginx directories
RUN mkdir -p /var/lib/nginx/tmp/client_body /var/log/nginx \
&& chown -R www:www-data /var/lib/nginx /var/log/nginx \
&& chmod -R 755 /var/lib/nginx /var/log/nginx \
&& touch /run/nginx/nginx.pid \
&& chown www:www-data /run/nginx/nginx.pid
# Copy application code (includes database/migrations/) and excluding
# files in .dockerignore
COPY --chown=www:www-data . /var/www
RUN chown -R www:www-data /var/www
RUN chown -R www:www-data /var/log/supervisor
# Switch to www user
USER www
# Install app dependencies
RUN composer install --optimize-autoloader --no-dev
RUN npm ci
RUN npm run build
# run laravel cache optimization
RUN php artisan optimize
EXPOSE 8889
ENTRYPOINT ["/sbin/tini", "--", "/usr/local/bin/docker-entrypoint.sh"]
CMD ["/usr/bin/supervisord", "-n", "-c", "/etc/supervisord.conf"]
Reference in a new issue View git blame Copy permalink