gh-mirrors/docker-php-fpm
1
0
Fork 0
mirror of https://github.com/devilbox/docker-php-fpm.git synced 2025-12-10 11:01:14 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Merge pull request #254 from devilbox/release-0.145

Browse Source 
Release 0.145
This commit is contained in:
cytopia
2022-12-10 18:01:22 +01:00
committed by GitHub
parent 8d305b3d96 b6265751ba
commit 7cc5e25528
260 changed files with 28372 additions and 14317 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
.ansible/DOCKERFILES/Dockerfile-base.j2
View File

@@ -1,3 +1,4 @@
# vi: ft=dockerfile
{{ edit_comment_base }} {{ edit_comment_base }}
{% if php_version == 5.2 %} {% if php_version == 5.2 %}
FROM devilbox/php-fpm-5.2 FROM devilbox/php-fpm-5.2

3
.ansible/DOCKERFILES/Dockerfile-mods.j2
View File

@@ -1,3 +1,4 @@
# vi: ft=dockerfile
{{ edit_comment_mods }} {{ edit_comment_mods }}
FROM devilbox/php-fpm:{{ php_version }}-base as builder FROM devilbox/php-fpm:{{ php_version }}-base as builder
@@ -304,7 +305,7 @@ RUN set -eux \
# Fix php.ini settings for enabled extensions # Fix php.ini settings for enabled extensions
RUN set -eux \ RUN set -eux \
&& chmod +x "$(php -r 'echo ini_get("extension_dir");')"/* && find "$(php -r 'echo ini_get("extension_dir");')/" -type f -exec chmod +x {} \;
# Fix oracle dir for images that don't have oci installed # Fix oracle dir for images that don't have oci installed
RUN set -eux \ RUN set -eux \

1
.ansible/DOCKERFILES/Dockerfile-prod.j2
View File

@@ -1,3 +1,4 @@
# vi: ft=dockerfile
{{ edit_comment_prod }} {{ edit_comment_prod }}
FROM devilbox/php-fpm:{{ php_version }}-mods FROM devilbox/php-fpm:{{ php_version }}-mods
MAINTAINER "cytopia" <cytopia@everythingcli.org> MAINTAINER "cytopia" <cytopia@everythingcli.org>

533
.ansible/DOCKERFILES/Dockerfile-slim.j2 Normal file
View File

@@ -0,0 +1,533 @@
# vi: ft=dockerfile
{{ edit_comment_slim }}
{% import './jinja2/macros-work.j2' as fn %}
########################################################################################################################
########################################################################################################################
###
### Stage 1/4: Devilbox slim image (BASE BUILDER)
###
########################################################################################################################
########################################################################################################################
###
### Installs all cli tools required to run Devilbox and its intranet
###
FROM devilbox/php-fpm:{{ php_version }}-prod as devilbox-slim-base-builder
###
### Install apt Tools
###
RUN set -eux \
&& DEBIAN_FRONTEND=noninteractive apt-get update \
&& DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends --no-install-suggests \
apt-transport-https \
ca-certificates \
curl \
dirmngr \
gnupg
###
### Add apt repositories
###
RUN set -eux \
{%- for repo in base_apt_repositories_enabled -%}
{#- Not disabled -#}
{%- if ('disabled' not in base_apt_repositories_available[repo]) or (php_version not in base_apt_repositories_available[repo]['disabled']) -%}
{#- -#}
{#- [PRE] -#}
{%- if fn.get_pre(php_version, repo, base_apt_repositories_available) | length -%}
{{ "\n\t" }}&& {{ fn.get_pre(php_version, repo, base_apt_repositories_available) | indent( "\t" ) }}{{ "\t\\" }}
{%- endif -%}
{#- -#}
{#- [KEY] -#}
{%- if fn.tool_repo_get_key(php_version, repo, base_apt_repositories_available) | length -%}
{{ "\n\t" }}&& APT_KEY_DONT_WARN_ON_DANGEROUS_USAGE=1 apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv {{ fn.tool_repo_get_key(php_version, repo, base_apt_repositories_available) }} \
{%- endif -%}
{#- -#}
{#- [DEB] -#}
{%- if fn.tool_repo_get_deb(php_version, repo, base_apt_repositories_available) | length -%}
{{ "\n\t" }}&& echo "{{ fn.tool_repo_get_deb(php_version, repo, base_apt_repositories_available) }}" > /etc/apt/sources.list.d/{{ repo }}.list \
{%- endif -%}
{%- endif -%}
{%- endfor -%}
{{ "\n\t" }}&& true
{% set build_deps = [] -%}
{%- for ext in base_software_enabled -%}
{%- for dep in fn.get_build_dep(php_version, ext, base_software_available) | from_json -%}
{%- if dep -%}
{{- build_deps.append(dep) -}}
{%- endif -%}
{%- endfor -%}
{%- endfor -%}
{%- if build_deps -%}
###
### Install build_dep
###
RUN set -eux \
&& DEBIAN_FRONTEND=noninteractive apt-get update \
&& DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends --no-install-suggests \
{% for build_dep in build_deps | unique | sort %}
{{ build_dep }} \
{% endfor %}
&& rm -rf /var/lib/apt/lists/*
{%- endif %}
###
### Add common tools
###
RUN set -eux \
&& DEBIAN_FRONTEND=noninteractive apt-get update \
&& DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends --no-install-suggests \
file \
git \
{% if php_version in [7.1, 7.2, 7.3, 7.4, 8.0, 8.1, 8.2] %}
mariadb-client \
{% else %}
mysql-client \
{% endif %}
redis-tools \
sqlite3
{% set tools_apt = [] -%}
{%- for tool in base_software_enabled -%}
{%- if ('disabled' not in base_software_available[tool]) or (php_version not in base_software_available[tool]['disabled']) -%}
{%- if fn.tool_apt_get_package(php_version, tool, base_software_available) -%}
{{- tools_apt.append(fn.tool_apt_get_package(php_version, tool, base_software_available)) -}}
{%- endif -%}
{%- endif -%}
{%- endfor %}
{%- if tools_apt -%}
###
### Install tools type: apt
###
RUN set -eux \
&& DEBIAN_FRONTEND=noninteractive apt-get update \
&& DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends --no-install-suggests \
{{- "\n" -}}
{%- if tools_apt -%}
{{- "\t\t# ---------- type: apt ----------\n" -}}
{%- for apt in tools_apt | unique | sort -%}
{{- "\t\t" + apt + " \\" + "\n" -}}
{%- endfor -%}
{%- endif -%}
{{- "\t" -}}&& rm -rf /var/lib/apt/lists/*{{- "\n" -}}
{% endif %}
###
### Devilbox required cli tools from group_vars (slim.yml)
###
{% for tool in base_software_enabled -%}
{# Not disabled #}
{%- if ('disabled' not in base_software_available[tool]) or (php_version not in base_software_available[tool]['disabled']) -%}
{{- "\n" }}# -------------------- {{ tool }} --------------------
{{- "\n" }}RUN set -eux \
{#- -#}
{#- [PRE] -#}
{%- if fn.get_pre(php_version, tool, base_software_available) | length -%}
{{ "\n\t" }}&& {{ fn.get_pre(php_version, tool, base_software_available) | indent( "\t" ) }}{{ "\t\\" }}
{%- endif -%}
{#- -#}
{#- [COMMAND] -#}
{%- if fn.get_type(php_version, tool, base_software_available) == 'custom' -%}
{{ "\n\t" }}&& {{ fn.tool_custom_get_command(php_version, tool, base_software_available) | indent( "\t" ) }}{{ "\t\\" }}
{%- endif -%}
{#- -#}
{#- [POST] -#}
{%- if fn.get_post(php_version, tool, base_software_available) | length -%}
{{ "\n\t" }}&& {{ fn.get_post(php_version, tool, base_software_available) | indent( "\t" ) }}{{ "\t\\" }}
{%- endif -%}
{#- -#}
{#- [CHECK] -#}
{%- if 'check' in base_software_available[tool] -%}
{{ "\n\t" }}&& {{ base_software_available[tool]['check'] | indent( "\t" ) }}{{ "\t\\" }}
{%- endif -%}
{#- -#}
{#- Finalize -#}
{{ "\n\t" }}&& true{{ "\n" }}
{%- endif -%}
{%- endfor %}
###
### Prepare required shared libraries for copying (keep symlinks)
###
RUN set -eux \
&& LIB_GNU_DIR="/lib/$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)" \
&& USR_LIB_DIR="/usr/lib" \
&& USR_LIB_GNU_DIR="/usr/lib/$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)" \
\
&& mkdir /tmp/lib-gnu \
&& mkdir /tmp/usr-lib \
&& mkdir /tmp/usr-lib-gnu \
\
&& LIB_GNU="libreadline" \
&& USR_LIB="libsnappy libtcmalloc libv8" \
&& USR_LIB_GNU="liblua libpq libpcrecpp libboost libjemalloc libunwind libhiredis libedit libyaml-cpp libstemmer libsnappy libpcap libbsd liblzf" \
\
&& for lib in ${LIB_GNU}; do \
if ls -1 "${LIB_GNU_DIR}/" | grep "^${lib}" >/dev/null; then \
echo "Coping '${lib}' from: ${LIB_GNU_DIR}"; \
cp -r ${LIB_GNU_DIR}/${lib}* /tmp/lib-gnu/; \
fi \
done \
&& for lib in ${USR_LIB}; do \
if ls -1 "${USR_LIB_DIR}/" | grep "^${lib}" >/dev/null; then \
echo "Coping '${lib}' from: ${USR_LIB_DIR}"; \
cp -r ${USR_LIB_DIR}/${lib}* /tmp/usr-lib/; \
fi \
done \
&& for lib in ${USR_LIB_GNU}; do \
if ls -1 "${USR_LIB_GNU_DIR}/" | grep "^${lib}" >/dev/null; then \
echo "Coping '${lib}' from: ${USR_LIB_GNU_DIR}"; \
cp -r ${USR_LIB_GNU_DIR}/${lib}* /tmp/usr-lib-gnu/; \
fi \
done
###
### Fix expected PostgreSQL directories
###
### This might not exist on arm64 as software was not available,
### but they are still needed to be present, so we can copy them.
###
RUN set -eux \
&& if [ ! -d "/usr/lib/postgresql" ]; then \
mkdir "/usr/lib/postgresql"; \
fi \
&& if [ ! -d "/usr/share/postgresql-common" ]; then \
mkdir "/usr/share/postgresql-common"; \
fi
###
### Prepare MongoDB binaries for copying.
###
### They might not be available on all architectures (e.g.: arm64).
###
RUN set -eux \
&& mkdir /tmp/mongo \
&& if ls -1 "/usr/bin/" | grep "^mongo" >/dev/null; then \
cp -r /usr/bin/mongo* /tmp/mongo/; \
fi
###
### Strip debugging information to smallen filesize
###
RUN set -eux \
&& STRIP_USR_BINS="blackfire mongo mysql redis sqlite" \
&& STRIP_DIRS="/usr/lib/postgresql/ /usr/share/postgresql-common/ /tmp" \
\
&& for bin in ${STRIP_USR_BINS}; do \
( \
find /usr/bin/ -name "${bin}"* -type f -print0 \
| xargs -n1 -0 -P$(getconf _NPROCESSORS_ONLN) sh -c \
'if [ -f "${1}" ]; then echo "Strip: ${1}"; strip --strip-all -p "${1}" 2>/dev/null || true; fi' -- \
) \
done \
\
&& for dir in ${STRIP_DIRS}; do \
( \
find ${dir} -type f -print0 \
| xargs -n1 -0 -P$(getconf _NPROCESSORS_ONLN) sh -c \
'if [ -f "${1}" ]; then echo "Strip: ${1}"; strip --strip-all -p "${1}" 2>/dev/null || true; fi' -- \
) \
done \
\
&& strip --strip-all -p /usr/local/bin/mhsendmail 2>/dev/null || true \
&& strip --strip-all -p /usr/local/bin/mysqldump-secure 2>/dev/null || true
########################################################################################################################
########################################################################################################################
###
### Stage 2/4: Devilbox slim image (BASE)
###
########################################################################################################################
########################################################################################################################
###
### Copies all cli tools required to run Devilbox and its intranet into a clean image
###
FROM devilbox/php-fpm:{{ php_version }}-prod as devilbox-slim-base
ARG ARCH
{% set tools_apt = [] -%}
{%- for tool in base_software_enabled -%}
{%- if ('disabled' not in base_software_available[tool]) or (php_version not in base_software_available[tool]['disabled']) -%}
{%- if fn.tool_apt_get_package(php_version, tool, base_software_available) -%}
{{- tools_apt.append(fn.tool_apt_get_package(php_version, tool, base_software_available)) -}}
{%- endif -%}
{%- endif -%}
{%- endfor %}
{%- if tools_apt -%}
###
### Install tools type: apt
###
RUN set -eux \
&& DEBIAN_FRONTEND=noninteractive apt-get update \
&& DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends --no-install-suggests \
{{- "\n" -}}
{%- if tools_apt -%}
{{- "\t\t# ---------- type: apt ----------\n" -}}
{%- for apt in tools_apt | unique | sort -%}
{{- "\t\t" + apt + " \\" + "\n" -}}
{%- endfor -%}
{%- endif -%}
{{- "\t" -}}&& rm -rf /var/lib/apt/lists/*{{- "\n" -}}
{% endif %}
###
### Copy shared libraries (required by MongoDB, MySQL, PostgreSQL and Redis)
###
COPY --from=devilbox-slim-base-builder /tmp/lib-gnu/ /lib/${ARCH}-linux-gnu/
COPY --from=devilbox-slim-base-builder /tmp/usr-lib-gnu/ /usr/lib/${ARCH}-linux-gnu/
COPY --from=devilbox-slim-base-builder /tmp/usr-lib/ /usr/lib/
###
### Copy system files
###
COPY --from=devilbox-slim-base-builder /etc/group /etc/group
COPY --from=devilbox-slim-base-builder /etc/passwd /etc/passwd
COPY --from=devilbox-slim-base-builder /etc/shadow /etc/shadow
###
### Copy Blackfire
###
COPY --from=devilbox-slim-base-builder /etc/blackfire /etc/blackfire
COPY --from=devilbox-slim-base-builder /etc/default/blackfire-agent /etc/default/blackfire-agent
COPY --from=devilbox-slim-base-builder /usr/bin/blackfire* /usr/bin/
COPY --from=devilbox-slim-base-builder /var/log/blackfire /var/log/blackfire
###
### Copy mhsendmail
###
COPY --from=devilbox-slim-base-builder /usr/local/bin/mhsendmail /usr/local/bin/
###
### Copy MongoDB client (if exists)
###
COPY --from=devilbox-slim-base-builder /tmp/mongo/ /usr/bin/
###
### Copy MysQL Client
###
COPY --from=devilbox-slim-base-builder /usr/bin/mysql* /usr/bin/
###
### Copy mysqldump-secure
###
COPY --from=devilbox-slim-base-builder /usr/local/bin/mysqldump-secure /usr/local/bin/
COPY --from=devilbox-slim-base-builder /etc/mysqldump-secure.conf /etc/
COPY --from=devilbox-slim-base-builder /etc/mysqldump-secure.cnf /etc/
COPY --from=devilbox-slim-base-builder /var/log/mysqldump-secure.log /var/log/
###
### Copy PostgreSQL
###
COPY --from=devilbox-slim-base-builder /usr/lib/postgresql /usr/lib/postgresql
COPY --from=devilbox-slim-base-builder /usr/share/postgresql-common /usr/share/postgresql-common
COPY --from=devilbox-slim-base-builder /usr/share/perl5 /usr/share/perl5
###
### Create PostgreSQL symlinks
###
RUN set -eux \
&& if [ -f "/usr/share/postgresql-common/pg_wrapper" ]; then \
ln -s ../share/postgresql-common/pg_wrapper /usr/bin/clusterdb \
&& ln -s ../share/postgresql-common/pg_wrapper /usr/bin/createdb \
&& ln -s ../share/postgresql-common/pg_wrapper /usr/bin/createlang \
&& ln -s ../share/postgresql-common/pg_wrapper /usr/bin/createuser \
&& ln -s ../share/postgresql-common/pg_wrapper /usr/bin/dropdb \
&& ln -s ../share/postgresql-common/pg_wrapper /usr/bin/droplang \
&& ln -s ../share/postgresql-common/pg_wrapper /usr/bin/dropuser \
&& ln -s ../share/postgresql-common/pg_wrapper /usr/bin/pg_basebackup \
&& ln -s ../share/postgresql-common/pg_wrapper /usr/bin/pg_dump \
&& ln -s ../share/postgresql-common/pg_wrapper /usr/bin/pg_dumpall \
&& ln -s ../share/postgresql-common/pg_wrapper /usr/bin/pg_isready \
&& ln -s ../share/postgresql-common/pg_wrapper /usr/bin/pg_receivewal \
&& ln -s ../share/postgresql-common/pg_wrapper /usr/bin/pg_receivexlog \
&& ln -s ../share/postgresql-common/pg_wrapper /usr/bin/pg_recvlogical \
&& ln -s ../share/postgresql-common/pg_wrapper /usr/bin/pg_restore \
&& ln -s ../share/postgresql-common/pg_wrapper /usr/bin/pgbench \
&& ln -s ../share/postgresql-common/pg_wrapper /usr/bin/psql \
&& ln -s ../share/postgresql-common/pg_wrapper /usr/bin/reindexdb \
&& ln -s ../share/postgresql-common/pg_wrapper /usr/bin/vacuumdb \
&& ln -s ../share/postgresql-common/pg_wrapper /usr/bin/vacuumlo; \
fi
###
### Copy Redis Client
###
COPY --from=devilbox-slim-base-builder /usr/bin/redis* /usr/bin/
###
### Copy SQLite Client
###
COPY --from=devilbox-slim-base-builder /usr/bin/sqlite* /usr/bin/
###
### ADD PHP configuration files
###
COPY ./data/php-ini.d/php-{{ php_version }}.ini /usr/local/etc/php/conf.d/xxx-devilbox-default-php.ini
COPY ./data/php-fpm.conf/php-fpm-{{ php_version }}.conf /usr/local/etc/php-fpm.conf
###
### ADD Devilbox configuration files
###
COPY ./data/docker-entrypoint.sh /docker-entrypoint.sh
COPY ./data/docker-entrypoint.d/*.sh /docker-entrypoint.d/
COPY ./data/bash-devilbox /etc/bash-devilbox
COPY ./data/sudo-devilbox /etc/sudoers.d/devilbox
###
### Configure Bash
###
RUN set -eux \
&& { \
echo; \
echo "# [Devilbox] Ensure /usr/local(s)?bin is in PATH"; \
echo 'PATH="${PATH}:/usr/local/bin:/usr/local/sbin"'; \
echo "export PATH"; \
echo; \
echo "# [Devilbox] Source Devilbox main bash config"; \
echo ". /etc/bash-devilbox"; \
echo; \
echo "# [Devilbox] Source Devilbox custom configs"; \
echo "if [ -d /etc/bashrc-devilbox.d/ ]; then"; \
echo " for f in /etc/bashrc-devilbox.d/*.sh ; do"; \
echo " if [ -r \"\${f}\" ]; then"; \
echo " . \"\${f}\""; \
echo " fi"; \
echo " done"; \
echo " unset f"; \
echo "fi"; \
} | tee -a /home/${MY_USER}/.bashrc /root/.bashrc \
&& chown ${MY_USER}:${MY_GROUP} /home/${MY_USER}/.bashrc
########################################################################################################################
########################################################################################################################
###
### Stage 3/4: Devilbox slim image (BASE TEST)
###
########################################################################################################################
########################################################################################################################
###
### Test all Devilbox cli utils if copying was successful
###
FROM devilbox-slim-base as devilbox-slim-base-test
RUN set -eux \
&& mysql --version \
&& redis-cli --version \
&& sqlite3 --version
###
### Check if available tools slim
###
{% for tool in base_software_enabled -%}
{# Not disabled #}
{%- if ('disabled' not in base_software_available[tool]) or (php_version not in base_software_available[tool]['disabled']) -%}
{{- "\n" }}# -------------------- {{ tool }} --------------------
{{- "\n" }}RUN set -eux \
{#- -#}
{#- [CHECK] -#}
{%- if 'check' in base_software_available[tool] -%}
{{ "\n\t" }}&& {{ base_software_available[tool]['check'] | indent( "\t" ) }}{{ "\t\\" }}
{%- endif -%}
{#- -#}
{#- Finalize -#}
{{ "\n\t" }}&& true{{ "\n" }}
{%- endif -%}
{%- endfor %}
###
### Re-activate modules which have been deactivated in mods (for testing).
###
RUN set -eux \
&& if find /usr/local/lib/php/extensions/ -name phalcon.so | grep phalcon; then \
echo "extension=phalcon.so" > /usr/local/etc/php/conf.d/docker-php-ext-phalcon.ini; \
fi \
&& if find /usr/local/lib/php/extensions/ -name psr.so | grep psr; then \
echo "extension=psr.so" > /usr/local/etc/php/conf.d/docker-php-ext-psr.ini; \
fi
###
### Check if PHP still works
###
RUN set -eux \
&& echo "date.timezone=UTC" > /usr/local/etc/php/php.ini \
&& php -v | grep -oE 'PHP\s[.0-9]+' | grep -oE '[.0-9]+' | grep '^{{ php_version }}' \
&& /usr/local/sbin/php-fpm --test \
\
&& PHP_ERROR="$( php -v 2>&1 1>/dev/null )" \
&& if [ -n "${PHP_ERROR}" ]; then echo "${PHP_ERROR}"; false; fi \
&& PHP_ERROR="$( php -i 2>&1 1>/dev/null )" \
&& if [ -n "${PHP_ERROR}" ]; then echo "${PHP_ERROR}"; false; fi \
\
&& PHP_FPM_ERROR="$( php-fpm -v 2>&1 1>/dev/null )" \
&& if [ -n "${PHP_FPM_ERROR}" ]; then echo "${PHP_FPM_ERROR}"; false; fi \
&& PHP_FPM_ERROR="$( php-fpm -i 2>&1 1>/dev/null )" \
&& if [ -n "${PHP_FPM_ERROR}" ]; then echo "${PHP_FPM_ERROR}"; false; fi \
&& rm -f /usr/local/etc/php/php.ini
########################################################################################################################
########################################################################################################################
###
### Stage 4/4: Devilbox slim image (FINAL)
###
########################################################################################################################
########################################################################################################################
###
### Prepare final base image (STAGE: slim)
###
FROM devilbox-slim-base as slim
MAINTAINER "cytopia" <cytopia@everythingcli.org>
###
### Labels
###
# https://github.com/opencontainers/image-spec/blob/master/annotations.md
#LABEL "org.opencontainers.image.created"=""
#LABEL "org.opencontainers.image.version"=""
#LABEL "org.opencontainers.image.revision"=""
LABEL "maintainer"="cytopia <cytopia@everythingcli.org>"
LABEL "org.opencontainers.image.authors"="cytopia <cytopia@everythingcli.org>"
LABEL "org.opencontainers.image.url"="https://github.com/devilbox/docker-php-fpm"
LABEL "org.opencontainers.image.documentation"="https://github.com/devilbox/docker-php-fpm"
LABEL "org.opencontainers.image.source"="https://github.com/devilbox/docker-php-fpm"
LABEL "org.opencontainers.image.vendor"="devilbox"
LABEL "org.opencontainers.image.licenses"="MIT"
LABEL "org.opencontainers.image.ref.name"="{{ php_version }}-slim"
LABEL "org.opencontainers.image.title"="PHP-FPM {{ php_version }}-slim"
LABEL "org.opencontainers.image.description"="PHP-FPM {{ php_version }}-slim"
###
### Volumes
###
VOLUME /shared/backups
VOLUME /var/log/php
VOLUME /var/mail
###
### Ports
###
EXPOSE 9000
###
### Where to start inside the container
###
WORKDIR /shared/httpd
###
### Entrypoint
###
CMD ["/usr/bin/supervisord", "-c", "/etc/supervisor/supervisord.conf"]
ENTRYPOINT ["/docker-entrypoint.sh"]

1111
.ansible/DOCKERFILES/Dockerfile-work.j2
View File

File diff suppressed because it is too large Load Diff

13
.ansible/ansible.cfg
View File

@@ -1,3 +1,16 @@
[defaults] [defaults]
roles_path = ./roles roles_path = ./roles
inventory = inventory.ini inventory = inventory.ini
strategy_plugins = /usr/lib/python3.10/site-packages/ansible_mitogen/plugins/strategy
strategy = mitogen_linear
# Show timing information
callbacks_enabled = timer, profile_tasks, profile_roles
# Speed improvements
host_key_checking = False
internal_poll_interval = 0.001
[ssh_connection]
pipelining = True
ssh_args = -o ControlMaster=auto -o ControlPersist=60s

19
.ansible/group_vars/all/all-ansible.yml
View File

@@ -6,6 +6,7 @@
edit_comment_base: "# Auto-generated via Ansible: edit ./ansible/DOCKERFILES/Dockerfile-base.j2 instead." edit_comment_base: "# Auto-generated via Ansible: edit ./ansible/DOCKERFILES/Dockerfile-base.j2 instead."
edit_comment_mods: "# Auto-generated via Ansible: edit ./ansible/DOCKERFILES/Dockerfile-mods.j2 instead." edit_comment_mods: "# Auto-generated via Ansible: edit ./ansible/DOCKERFILES/Dockerfile-mods.j2 instead."
edit_comment_prod: "# Auto-generated via Ansible: edit ./ansible/DOCKERFILES/Dockerfile-prod.j2 instead." edit_comment_prod: "# Auto-generated via Ansible: edit ./ansible/DOCKERFILES/Dockerfile-prod.j2 instead."
edit_comment_slim: "# Auto-generated via Ansible: edit ./ansible/DOCKERFILES/Dockerfile-slim.j2 instead."
edit_comment_work: "# Auto-generated via Ansible: edit ./ansible/DOCKERFILES/Dockerfile-work.j2 instead." edit_comment_work: "# Auto-generated via Ansible: edit ./ansible/DOCKERFILES/Dockerfile-work.j2 instead."
@@ -38,7 +39,7 @@ php_all_versions:
# ------------------------------------------------------------------------------------------------- # -------------------------------------------------------------------------------------------------
# Docker file paths for each version for base, mods, prod & work # Docker file paths for each version for base, mods, prod, slim & work
# ------------------------------------------------------------------------------------------------- # -------------------------------------------------------------------------------------------------
template_dockerfiles: template_dockerfiles:
- src: DOCKERFILES/Dockerfile-base.j2 - src: DOCKERFILES/Dockerfile-base.j2
@@ -47,6 +48,8 @@ template_dockerfiles:
dst: "../Dockerfiles/mods/Dockerfile-{{ php_version }}" dst: "../Dockerfiles/mods/Dockerfile-{{ php_version }}"
- src: DOCKERFILES/Dockerfile-prod.j2 - src: DOCKERFILES/Dockerfile-prod.j2
dst: "../Dockerfiles/prod/Dockerfile-{{ php_version }}" dst: "../Dockerfiles/prod/Dockerfile-{{ php_version }}"
- src: DOCKERFILES/Dockerfile-slim.j2
dst: "../Dockerfiles/slim/Dockerfile-{{ php_version }}"
- src: DOCKERFILES/Dockerfile-work.j2 - src: DOCKERFILES/Dockerfile-work.j2
dst: "../Dockerfiles/work/Dockerfile-{{ php_version }}" dst: "../Dockerfiles/work/Dockerfile-{{ php_version }}"
@@ -55,6 +58,7 @@ template_dockerfiles:
# Assign php.ini & php-fpm.conf to PHP versions # Assign php.ini & php-fpm.conf to PHP versions
# ------------------------------------------------------------------------------------------------- # -------------------------------------------------------------------------------------------------
template_configurations: template_configurations:
# php.ini # php.ini
- src: CONFIGURATIONS/php.ini.j2 - src: CONFIGURATIONS/php.ini.j2
dst: "../Dockerfiles/base/data/php-ini.d/php-{{ php_version }}.ini" dst: "../Dockerfiles/base/data/php-ini.d/php-{{ php_version }}.ini"
@@ -62,10 +66,11 @@ template_configurations:
key: base key: base
alt: base alt: base
- src: CONFIGURATIONS/php.ini.j2 - src: CONFIGURATIONS/php.ini.j2
dst: "../Dockerfiles/work/data/php-ini.d/php-{{ php_version }}.ini" dst: "../Dockerfiles/slim/data/php-ini.d/php-{{ php_version }}.ini"
cfg: "{{ php_settings_ini }}" cfg: "{{ php_settings_ini }}"
key: work key: slim
alt: base # Alternative key to use when definition is not set in 'work' alt: base # Alternative key to use when definition is not set in 'slim'
# php-fpm.conf # php-fpm.conf
- src: CONFIGURATIONS/php-fpm.conf.j2 - src: CONFIGURATIONS/php-fpm.conf.j2
dst: "../Dockerfiles/base/data/php-fpm.conf/php-fpm-{{ php_version }}.conf" dst: "../Dockerfiles/base/data/php-fpm.conf/php-fpm-{{ php_version }}.conf"
@@ -73,7 +78,7 @@ template_configurations:
key: base key: base
alt: base alt: base
- src: CONFIGURATIONS/php-fpm.conf.j2 - src: CONFIGURATIONS/php-fpm.conf.j2
dst: "../Dockerfiles/work/data/php-fpm.conf/php-fpm-{{ php_version }}.conf" dst: "../Dockerfiles/slim/data/php-fpm.conf/php-fpm-{{ php_version }}.conf"
cfg: "{{ php_settings_fpm }}" cfg: "{{ php_settings_fpm }}"
key: work key: slim
alt: base alt: base # Alternative key to use when definition is not set in 'slim'

8
.ansible/group_vars/all/all-php-settings.yml
View File

@@ -54,7 +54,7 @@ php_settings_ini:
# ---- Inherits from base ---- # ---- Inherits from base ----
prod: prod:
# ---- Inherits from base and overwrites certain values ---- # ---- Inherits from base and overwrites certain values ----
work: slim:
# Error reporting # Error reporting
error_reporting: E_ALL | E_NOTICE | E_STRICT | E_DEPRECATED error_reporting: E_ALL | E_NOTICE | E_STRICT | E_DEPRECATED
xmlrpc_errors: 'Off' xmlrpc_errors: 'Off'
@@ -73,6 +73,8 @@ php_settings_ini:
xdebug3_mode: 'Off' xdebug3_mode: 'Off'
xdebug3_start_with_request: 'default' xdebug3_start_with_request: 'default'
xdebug3_client_port: '9000' xdebug3_client_port: '9000'
# ---- Inherits from slim ----
work:
# ------------------------------------------------------------------------------------------------- # -------------------------------------------------------------------------------------------------
# php-fpm.conf # php-fpm.conf
@@ -109,5 +111,7 @@ php_settings_fpm:
mods: mods:
# ---- Inherits from base ---- # ---- Inherits from base ----
prod: prod:
# ---- Inherits from base and overwrites certain values ---- # ---- Inherits from base ----
slim:
# ---- Inherits from base ----
work: work:

20
.ansible/group_vars/all/mods.yml
View File

@@ -1517,17 +1517,15 @@ extensions_available:
disabled: [] disabled: []
all: all:
type: pecl type: pecl
8.2: 7.4:
type: git type: pecl
git_url: https://github.com/xdebug/xdebug version: 3.1.6
# FIXME: revert to latest tag once PHP 8.2 support is out of alpha/beta 7.3:
git_ref: 3.2.0RC2 type: pecl
configure: --enable-xdebug version: 3.1.6
8.1: 7.2:
type: git type: pecl
git_url: https://github.com/xdebug/xdebug version: 3.1.6
git_ref: $(git tag | grep -E '^[.0-9]+$' | sort -V | tail -1)
configure: --enable-xdebug
7.1: 7.1:
type: pecl type: pecl
version: 2.9.8 version: 2.9.8

573
.ansible/group_vars/all/slim.yml Normal file
View File

@@ -0,0 +1,573 @@
---
###################################################################################################
# Docker: slim
###################################################################################################
#
# This file holds definition for all devibox/php-fpm:x.y-slim images
#
###
### Define operating system versions
###
os_release:
# Bullseye (Ubuntu: focal, groovy, hirsute, impish)
all:
debian: bullseye
ubuntu: focal
8.2:
debian: bullseye
ubuntu: focal
8.1:
debian: bullseye
ubuntu: focal
8.0:
debian: bullseye
ubuntu: focal
7.4:
debian: bullseye
ubuntu: focal
7.3:
debian: bullseye
ubuntu: focal
# Buster (Ubuntu: bionic, cosmic, disco, eoan)
7.2:
debian: buster
ubuntu: bionic
7.1:
debian: buster
ubuntu: bionic
# Strech (Ubuntu: xenial, yakkety, zesty, artful)
7.0:
debian: stretch
ubuntu: xenial
5.6:
debian: stretch
ubuntu: xenial
# Jessie (Ubuntu: trusty, utopic, vivid, wily)
5.5:
debian: jessie
ubuntu: trusty
5.4:
debian: jessie
ubuntu: trusty
5.3:
debian: jessie
ubuntu: trusty
5.2:
debian: jessie
ubuntu: trusty
# -------------------------------------------------------------------------------------------------
# Apt repositories to enable (in defined order)
# -------------------------------------------------------------------------------------------------
base_apt_repositories_enabled:
- backports
- blackfire
# - mongo # Note: This is done separately in tools (to check ARCH as well)
# - pgsql # Note: This is done separately in tools (to check ARCH as well)
# -------------------------------------------------------------------------------------------------
# Software to install (in defined order)
# -------------------------------------------------------------------------------------------------
base_software_enabled:
- dig # required by Devilbox Intranet
- netcat # required by Devilbox Intranet
- ping # required by Devilbox Intranet
- sudo # required by /etc/sudoers.d/devilbox config file
- blackfire
- mhsendmail
- mongo_client
- mysqldumpsecure
- pgsql_client
# -------------------------------------------------------------------------------------------------
# Apt repository definition
# -------------------------------------------------------------------------------------------------
# all: is generic version of defines
# 7.2: is specific version of defines
# disabled: [optional] Array of PHP versions for which to disable this module
#
# all, 7.2, 7.1, 7.0, 5.6, 5.5, 5.4:
# deb: Deb line to add to sources list
# key: [optional] Key id to add for repository
# pre: [optional] Run custom command to add gpg key for repository
#
base_apt_repositories_available:
###
### Backports
###
backports:
# [Bullseye]
all:
type: repo
pre: apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 648ACFD622F3D138
deb: deb http://ftp.debian.org/debian {{ os_release['all'].debian }}-backports main
# [Buster]
7.2:
type: repo
pre: apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 648ACFD622F3D138
deb: deb http://ftp.debian.org/debian {{ os_release[7.2].debian }}-backports main
# [Buster]
7.1:
type: repo
pre: apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 648ACFD622F3D138
deb: deb http://ftp.debian.org/debian {{ os_release[7.1].debian }}-backports main
# [Stretch]
7.0:
type: repo
pre: apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 648ACFD622F3D138
deb: deb http://ftp.debian.org/debian {{ os_release[7.0].debian }}-backports main
# [Stretch]
5.6:
type: repo
pre: apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 648ACFD622F3D138
deb: deb http://ftp.debian.org/debian {{ os_release[5.6].debian }}-backports main
# [Jessie]
5.5:
type: repo
pre: echo 'Acquire::Check-Valid-Until no;' > /etc/apt/apt.conf.d/99no-check-valid-until
deb: deb [trusted=yes] http://archive.debian.org/debian {{ os_release[5.5].debian }}-backports main
# [Jessie]
5.4:
type: repo
pre: echo 'Acquire::Check-Valid-Until no;' > /etc/apt/apt.conf.d/99no-check-valid-until
deb: deb [trusted=yes] http://archive.debian.org/debian {{ os_release[5.4].debian }}-backports main
# [Jessie]
5.3:
type: repo
pre: echo 'Acquire::Check-Valid-Until no;' > /etc/apt/apt.conf.d/99no-check-valid-until
deb: deb [trusted=yes] http://archive.debian.org/debian {{ os_release[5.3].debian }}-backports main
# [Jessie]
5.2:
type: repo
pre: echo 'Acquire::Check-Valid-Until no;' > /etc/apt/apt.conf.d/99no-check-valid-until
deb: deb [trusted=yes] http://archive.debian.org/debian {{ os_release[5.2].debian }}-backports main
###
### Blackfire
###
blackfire:
all:
type: repo
deb: deb http://packages.blackfire.io/debian any main
pre: curl -sS -L --fail "https://packages.blackfire.io/gpg.key" | APT_KEY_DONT_WARN_ON_DANGEROUS_USAGE=1 apt-key add -
###
### MongoDB (currently obsolete)
###
mongo:
# 8.2: mongodb-org-(tools|shell) (amd64, arm64)
# 8.1: mongodb-org-(tools|shell) (amd64, arm64)
# 8.0: mongodb-org-(tools|shell) (amd64, arm64)
# 7.4: mongodb-org-(tools|shell) (amd64, arm64)
# 7.3: mongodb-org-(tools|shell) (amd64, arm64)
# 7.2: mongo-tools OR mongodb-org-(tools|shell) (amd64, arm64)
# 7.1: mongo-tools OR mongodb-org-(tools|shell) (amd64, arm64)
# 7.0: mongodb-clients & mongo-tools (amd64, arm64)
# 5.6: mongodb-clients & mongo-tools (amd64, arm64)
# 5.5: mongodb-clients (amd64)
# 5.4: mongodb-clients (amd64)
# 5.3: mongodb-clients (amd64)
# 5.2: mongodb-clients (amd64)
disabled: [5.2, 5.3, 5.4, 5.5, 5.6, 7.0] # TODO: Why were those disabled?
# [Bullseye] Ubuntu repository required for arm64 support instead
all:
type: repo
# gpg --dry-run --with-fingerprint < <(curl https://www.mongodb.org/static/pgp/server-4.4.asc) | grep fingerprint | sed 's/.*=//g' | sed 's/ //g'
deb: deb http://repo.mongodb.org/apt/ubuntu {{ os_release['all'].ubuntu }}/mongodb-org/4.4 multiverse
key: 20691EEC35216C63CAF66CE1656408E390CFB1F5
# [Buster] Ubuntu repository required for arm64 support instead
7.2:
type: repo
# gpg --dry-run --with-fingerprint < <(curl https://www.mongodb.org/static/pgp/server-4.4.asc) | grep fingerprint | sed 's/.*=//g' | sed 's/ //g'
deb: deb http://repo.mongodb.org/apt/ubuntu {{ os_release[7.2].ubuntu }}/mongodb-org/4.4 multiverse
key: 20691EEC35216C63CAF66CE1656408E390CFB1F5
# [Buster] Ubuntu repository required for arm64 support instead
7.1:
type: repo
# gpg --dry-run --with-fingerprint < <(curl https://www.mongodb.org/static/pgp/server-4.4.asc) | grep fingerprint | sed 's/.*=//g' | sed 's/ //g'
deb: deb http://repo.mongodb.org/apt/ubuntu {{ os_release[7.1].ubuntu }}/mongodb-org/4.4 multiverse
key: 20691EEC35216C63CAF66CE1656408E390CFB1F5
###
### PostgrSQL (currently obsolete)
###
pgsql:
# [Bullseye]
all:
type: repo
deb: deb http://apt.postgresql.org/pub/repos/apt/ {{ os_release['all'].debian }}-pgdg main
pre: curl -sS -k -L --fail https://www.postgresql.org/media/keys/ACCC4CF8.asc | APT_KEY_DONT_WARN_ON_DANGEROUS_USAGE=1 apt-key add -
# [Buster]
7.2:
type: repo
deb: deb http://apt.postgresql.org/pub/repos/apt/ {{ os_release[7.2].debian }}-pgdg main
pre: curl -sS -k -L --fail https://www.postgresql.org/media/keys/ACCC4CF8.asc | APT_KEY_DONT_WARN_ON_DANGEROUS_USAGE=1 apt-key add -
# [Buster]
7.1:
type: repo
deb: deb http://apt.postgresql.org/pub/repos/apt/ {{ os_release[7.1].debian }}-pgdg main
pre: curl -sS -k -L --fail https://www.postgresql.org/media/keys/ACCC4CF8.asc | APT_KEY_DONT_WARN_ON_DANGEROUS_USAGE=1 apt-key add -
# [Stretch]
7.0:
type: repo
deb: deb https://apt-archive.postgresql.org/pub/repos/apt/ {{ os_release[7.0].debian }}-pgdg main
# [Stretch]
5.6:
type: repo
deb: deb https://apt-archive.postgresql.org/pub/repos/apt/ {{ os_release[5.6].debian }}-pgdg main
# [Jessie]
5.5:
type: repo
deb: deb https://apt-archive.postgresql.org/pub/repos/apt/ {{ os_release[5.5].debian }}-pgdg main
# [Jessie]
5.4:
type: repo
deb: deb https://apt-archive.postgresql.org/pub/repos/apt/ {{ os_release[5.4].debian }}-pgdg main
# [Jessie]
5.3:
type: repo
deb: deb https://apt-archive.postgresql.org/pub/repos/apt/ {{ os_release[5.3].debian }}-pgdg main
# [Jessie]
5.2:
type: repo
deb: deb https://apt-archive.postgresql.org/pub/repos/apt/ {{ os_release[5.2].debian }}-pgdg main
# -------------------------------------------------------------------------------------------------
# Essential Software definition
# -------------------------------------------------------------------------------------------------
# all: is generic version of defines
# 7.2: is specific version of defines
# disabled: [optional] Array of PHP versions for which to disable this module
# check: [optional] Include a check command to test if it was installed successfully
#
# all, 7.2, 7.1, 7.0, 5.6, 5.5, 5.4:
# pre: [optional] Run command before 'command:' statement
# command: Command to execute
# post: [optional] Run command after 'command:' statement
#
base_software_available:
###
### dig
###
dig:
check: dig -v 2>&1 | grep -E '[0-9]\.[0-9]'
all:
type: apt
package: dnsutils
###
### netcat
###
netcat:
check: nc -h 2>&1 | grep netcat
all:
type: apt
package: netcat-openbsd
###
### ping
###
ping:
check: ping -V | grep ^ping
all:
type: apt
package: iputils-ping
###
### sudo
###
sudo:
check: sudo --version | grep -E 'version [0-9]+\.[0-9]+'
all:
type: apt
package: sudo
###
### Blackfire
###
blackfire:
check: |
blackfire version \
&& blackfire-agent -v \
all:
type: custom
pre: |
apt-get update \
command: |
apt-get install -y --no-install-recommends --no-install-suggests \
blackfire-agent \
post: rm -rf /var/lib/apt/lists/*
###
### mhsendmail
###
mhsendmail:
check: mhsendmail -h 2>&1 | grep 'Usage'
all:
type: custom
command: |
DEB_HOST_ARCH="$( dpkg-architecture --query DEB_HOST_ARCH )" \
&& if [ "${DEB_HOST_ARCH}" = "amd64" ] || [ "${DEB_HOST_ARCH}" = "arm64" ]; then \
MHSENDMAIL_URL="https://github.com/devilbox/mhsendmail/releases/download/v0.3.0/mhsendmail_linux_${DEB_HOST_ARCH}" \
&& curl -sS -L --fail "${MHSENDMAIL_URL}" > /usr/local/bin/mhsendmail \
&& chmod +x /usr/local/bin/mhsendmail; \
else \
printf '%s\n%s\n%s\n' '#!/bin/sh' 'echo "Not available for this platform."' 'exit 1' > /usr/local/bin/mhsendmail \
&& chmod +x /usr/local/bin/mhsendmail; \
fi \
###
### MongoDB Command line client
###
# 8.2: mongodb-org-(tools|shell) (amd64, arm64)
# 8.1: mongodb-org-(tools|shell) (amd64, arm64)
# 8.0: mongodb-org-(tools|shell) (amd64, arm64)
# 7.4: mongodb-org-(tools|shell) (amd64, arm64)
# 7.3: mongodb-org-(tools|shell) (amd64, arm64)
# 7.2: mongodb-org-(tools|shell) (amd64, arm64)
# 7.1: mongodb-org-(tools|shell) (amd64, arm64)
# 7.0: mongodb-clients & mongo-tools (amd64, arm64)
# 5.6: mongodb-clients & mongo-tools (amd64, arm64)
# 5.5: mongodb-clients (amd64)
# 5.4: mongodb-clients (amd64)
# 5.3: mongodb-clients (amd64)
# 5.2: mongodb-clients (amd64)
mongo_client:
check: |
if echo '{{ php_version }}' | grep -E '^(5.2|5.3|5.4|5.5|5.6|7.0)$' >/dev/null; then \
if [ "$(dpkg-architecture --query DEB_BUILD_ARCH)" = "amd64" ]; then \
mongofiles --version; \
fi \
else \
mongofiles --version; \
fi \
\
&& if echo '{{ php_version }}' | grep -E '^(5.2|5.3|5.4|5.5)$' >/dev/null; then \
if [ "$(dpkg-architecture --query DEB_BUILD_ARCH)" = "amd64" ]; then \
mongo --version; \
fi \
else \
mongo --version; \
fi \
all:
type: custom
pre: |
APT_KEY_DONT_WARN_ON_DANGEROUS_USAGE=1 apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv 20691EEC35216C63CAF66CE1656408E390CFB1F5 \
&& echo "deb http://repo.mongodb.org/apt/ubuntu {{ os_release[php_version].ubuntu }}/mongodb-org/4.4 multiverse" > /etc/apt/sources.list.d/mongo.list \
&& apt-get update \
command: |
apt-get install -y --no-install-recommends --no-install-suggests \
mongodb-org-tools \
mongodb-org-shell \
post: rm -rf /var/lib/apt/lists/*
build_dep: [libsnappy-dev] # Required to copy libsnappy.so to next stage
7.0:
type: custom
pre: apt-get update
command: |
if [ "$(dpkg-architecture --query DEB_BUILD_ARCH)" = "amd64" ]; then \
apt-get install -y --no-install-recommends --no-install-suggests \
mongodb-clients \
mongo-tools; \
else \
apt-get install -y --no-install-recommends --no-install-suggests \
mongodb-clients; \
fi \
5.6:
type: custom
pre: apt-get update
command: |
if [ "$(dpkg-architecture --query DEB_BUILD_ARCH)" = "amd64" ]; then \
apt-get install -y --no-install-recommends --no-install-suggests \
mongodb-clients \
mongo-tools; \
else \
apt-get install -y --no-install-recommends --no-install-suggests \
mongodb-clients; \
fi \
5.5:
type: custom
pre: apt-get update
command: |
if [ "$(dpkg-architecture --query DEB_BUILD_ARCH)" = "amd64" ]; then \
apt-get install -y --no-install-recommends --no-install-suggests \
mongodb-clients; \
fi \
5.4:
type: custom
pre: apt-get update
command: |
if [ "$(dpkg-architecture --query DEB_BUILD_ARCH)" = "amd64" ]; then \
apt-get install -y --no-install-recommends --no-install-suggests \
mongodb-clients; \
fi \
5.3:
type: custom
pre: apt-get update
command: |
if [ "$(dpkg-architecture --query DEB_BUILD_ARCH)" = "amd64" ]; then \
apt-get install -y --no-install-recommends --no-install-suggests \
mongodb-clients; \
fi \
5.2:
type: custom
pre: apt-get update
command: |
if [ "$(dpkg-architecture --query DEB_BUILD_ARCH)" = "amd64" ]; then \
apt-get install -y --no-install-recommends --no-install-suggests \
mongodb-clients; \
fi \
###
### mysqldump-secure
###
mysqldumpsecure:
check: mysqldump-secure --version | grep -E 'Version:\s*[0-9][.0-9]+'
all:
type: custom
command: |
git clone https://github.com/cytopia/mysqldump-secure.git /usr/local/src/mysqldump-secure \
&& cd /usr/local/src/mysqldump-secure \
&& git checkout $(git describe --abbrev=0 --tags) \
&& cp /usr/local/src/mysqldump-secure/bin/mysqldump-secure /usr/local/bin \
&& cp /usr/local/src/mysqldump-secure/etc/mysqldump-secure.conf /etc \
&& cp /usr/local/src/mysqldump-secure/etc/mysqldump-secure.cnf /etc \
&& touch /var/log/mysqldump-secure.log \
&& chown ${MY_USER}:${MY_GROUP} /etc/mysqldump-secure.* \
&& chown ${MY_USER}:${MY_GROUP} /var/log/mysqldump-secure.log \
&& chmod 0400 /etc/mysqldump-secure.conf \
&& chmod 0400 /etc/mysqldump-secure.cnf \
&& chmod 0644 /var/log/mysqldump-secure.log \
&& sed -i'' 's/^COMPRESS_ARG=.*/COMPRESS_ARG="-9 -c"/g' /etc/mysqldump-secure.conf \
&& sed -i'' 's/^DUMP_DIR=.*/DUMP_DIR="\/shared\/backups\/mysql"/g' /etc/mysqldump-secure.conf \
&& sed -i'' 's/^DUMP_DIR_CHMOD=.*/DUMP_DIR_CHMOD="0755"/g' /etc/mysqldump-secure.conf \
&& sed -i'' 's/^DUMP_FILE_CHMOD=.*/DUMP_FILE_CHMOD="0644"/g' /etc/mysqldump-secure.conf \
&& sed -i'' 's/^LOG_CHMOD=.*/LOG_CHMOD="0644"/g' /etc/mysqldump-secure.conf \
&& sed -i'' 's/^NAGIOS_LOG=.*/NAGIOS_LOG=0/g' /etc/mysqldump-secure.conf \
&& cd / \
&& rm -rf /usr/local/src/mysqldump-secure \
###
### PostgrSQL Command line client
###
# 8.2: (amd64, arm64)
# 8.1: (amd64, arm64)
# 8.0: (amd64, arm64)
# 7.4: (amd64, arm64)
# 7.3: (amd64, arm64)
# 7.2: (amd64, arm64)
# 7.1: (amd64, arm64)
# 7.0: (amd64)
# 5.6: (amd64)
# 5.5: (amd64)
# 5.4: (amd64)
# 5.3: (amd64)
# 5.2: (amd64)
pgsql_client:
check: |
if echo '{{ php_version }}' | grep -E '^(5.2|5.3|5.4|5.5|5.6|7.0)$' >/dev/null; then \
if [ "$(dpkg-architecture --query DEB_BUILD_ARCH)" = "amd64" ]; then \
pg_isready --version; \
fi \
else \
pg_isready --version; \
fi \
all:
type: custom
pre: |
curl -sS -k -L --fail https://www.postgresql.org/media/keys/ACCC4CF8.asc | APT_KEY_DONT_WARN_ON_DANGEROUS_USAGE=1 apt-key add - \
&& echo "deb http://apt.postgresql.org/pub/repos/apt/ {{ os_release[php_version].debian }}-pgdg main" > /etc/apt/sources.list.d/pgsql.list \
&& apt-get update \
command: |
apt-get install -y --no-install-recommends --no-install-suggests \
postgresql-client \
post: rm -rf /var/lib/apt/lists/*
7.0:
type: custom
pre: |
if [ "$(dpkg-architecture --query DEB_BUILD_ARCH)" = "amd64" ]; then \
curl -sS -k -L --fail https://www.postgresql.org/media/keys/ACCC4CF8.asc | APT_KEY_DONT_WARN_ON_DANGEROUS_USAGE=1 apt-key add - \
&& echo "deb https://apt-archive.postgresql.org/pub/repos/apt/ {{ os_release[php_version].debian }}-pgdg main" > /etc/apt/sources.list.d/pgsql.list \
&& apt-get update; \
fi \
command: |
if [ "$(dpkg-architecture --query DEB_BUILD_ARCH)" = "amd64" ]; then \
apt-get install -y --no-install-recommends --no-install-suggests \
postgresql-client; \
fi \
5.6:
type: custom
pre: |
if [ "$(dpkg-architecture --query DEB_BUILD_ARCH)" = "amd64" ]; then \
curl -sS -k -L --fail https://www.postgresql.org/media/keys/ACCC4CF8.asc | APT_KEY_DONT_WARN_ON_DANGEROUS_USAGE=1 apt-key add - \
&& echo "deb https://apt-archive.postgresql.org/pub/repos/apt/ {{ os_release[php_version].debian }}-pgdg main" > /etc/apt/sources.list.d/pgsql.list \
&& apt-get update; \
fi \
command: |
if [ "$(dpkg-architecture --query DEB_BUILD_ARCH)" = "amd64" ]; then \
apt-get install -y --no-install-recommends --no-install-suggests \
postgresql-client; \
fi \
5.5:
type: custom
pre: |
if [ "$(dpkg-architecture --query DEB_BUILD_ARCH)" = "amd64" ]; then \
curl -sS -k -L --fail https://www.postgresql.org/media/keys/ACCC4CF8.asc | APT_KEY_DONT_WARN_ON_DANGEROUS_USAGE=1 apt-key add - \
&& echo "deb https://apt-archive.postgresql.org/pub/repos/apt/ {{ os_release[php_version].debian }}-pgdg main" > /etc/apt/sources.list.d/pgsql.list \
&& apt-get update; \
fi \
command: |
if [ "$(dpkg-architecture --query DEB_BUILD_ARCH)" = "amd64" ]; then \
apt-get install -y --no-install-recommends --no-install-suggests \
postgresql-client; \
fi \
5.4:
type: custom
pre: |
if [ "$(dpkg-architecture --query DEB_BUILD_ARCH)" = "amd64" ]; then \
curl -sS -k -L --fail https://www.postgresql.org/media/keys/ACCC4CF8.asc | APT_KEY_DONT_WARN_ON_DANGEROUS_USAGE=1 apt-key add - \
&& echo "deb https://apt-archive.postgresql.org/pub/repos/apt/ {{ os_release[php_version].debian }}-pgdg main" > /etc/apt/sources.list.d/pgsql.list \
&& apt-get update; \
fi \
command: |
if [ "$(dpkg-architecture --query DEB_BUILD_ARCH)" = "amd64" ]; then \
apt-get install -y --no-install-recommends --no-install-suggests \
postgresql-client; \
fi \
5.3:
type: custom
pre: |
if [ "$(dpkg-architecture --query DEB_BUILD_ARCH)" = "amd64" ]; then \
curl -sS -k -L --fail https://www.postgresql.org/media/keys/ACCC4CF8.asc | APT_KEY_DONT_WARN_ON_DANGEROUS_USAGE=1 apt-key add - \
&& echo "deb https://apt-archive.postgresql.org/pub/repos/apt/ {{ os_release[php_version].debian }}-pgdg main" > /etc/apt/sources.list.d/pgsql.list \
&& apt-get update; \
fi \
command: |
if [ "$(dpkg-architecture --query DEB_BUILD_ARCH)" = "amd64" ]; then \
apt-get install -y --no-install-recommends --no-install-suggests \
postgresql-client; \
fi \
5.2:
type: custom
pre: |
if [ "$(dpkg-architecture --query DEB_BUILD_ARCH)" = "amd64" ]; then \
curl -sS -k -L --fail https://www.postgresql.org/media/keys/ACCC4CF8.asc | APT_KEY_DONT_WARN_ON_DANGEROUS_USAGE=1 apt-key add - \
&& echo "deb https://apt-archive.postgresql.org/pub/repos/apt/ {{ os_release[php_version].debian }}-pgdg main" > /etc/apt/sources.list.d/pgsql.list \
&& apt-get update; \
fi \
command: |
if [ "$(dpkg-architecture --query DEB_BUILD_ARCH)" = "amd64" ]; then \
apt-get install -y --no-install-recommends --no-install-suggests \
postgresql-client; \
fi \

239
.ansible/group_vars/all/work-help.yml Normal file
View File

@@ -0,0 +1,239 @@
---
###################################################################################################
# Docker: work (docker stage: help)
###################################################################################################
#
# This file holds definition for all devibox/php-fpm:x.y-work images
#
# -------------------------------------------------------------------------------------------------
# Global variables
# -------------------------------------------------------------------------------------------------
composer_home: /usr/local/src/composer
nvm_home: /opt/nvm
node_version: --lts
# -------------------------------------------------------------------------------------------------
# Software to install (in defined order)
# -------------------------------------------------------------------------------------------------
help_software_enabled:
- composer
- nvm
- pip
## -------------------------------------------------------------------------------------------------
## Software definition
## -------------------------------------------------------------------------------------------------
#
# all: is generic version of defines
# 7.2: is specific version of defines
# disabled: [optional] Array of PHP versions for which to disable this module
# check: [optional] Include a check command to test if it was installed successfully
#
# all, 7.2, 7.1, 7.0, 5.6, 5.5, 5.4:
# pre: [optional] Run command before 'command:' statement
# command: Command to execute
# post: [optional] Run command after 'command:' statement
#
help_software_available:
###
### Composer
###
composer:
disabled: [5.2]
check: composer --version 2>/dev/null | grep -Ei '(composer|version)\s*[0-9][.0-9]+'
all:
type: custom
pre: |
COMPOSER_1_VERSION="latest-1.x" \
&& COMPOSER_2_VERSION="latest-2.x" \
command: |
curl -sS -L --fail "https://getcomposer.org/download/${COMPOSER_1_VERSION}/composer.phar" > /usr/local/bin/composer-1 \
&& curl -sS -L --fail "https://getcomposer.org/download/${COMPOSER_2_VERSION}/composer.phar" > /usr/local/bin/composer-2 \
&& chmod +x /usr/local/bin/composer-1 \
&& chmod +x /usr/local/bin/composer-2 \
post: |
ln -sf /usr/local/bin/composer-2 /usr/local/bin/composer \
run_dep: [unzip] # Required for composer to unzip packages
7.1:
type: custom
pre: |
COMPOSER_1_VERSION="latest-1.x" \
&& COMPOSER_2_VERSION="latest-2.2.x" \
7.0:
type: custom
pre: |
COMPOSER_1_VERSION="latest-1.x" \
&& COMPOSER_2_VERSION="latest-2.2.x" \
5.6:
type: custom
pre: |
COMPOSER_1_VERSION="latest-1.x" \
&& COMPOSER_2_VERSION="latest-2.2.x" \
5.5:
type: custom
pre: |
COMPOSER_1_VERSION="latest-1.x" \
&& COMPOSER_2_VERSION="latest-2.2.x" \
5.4:
type: custom
pre: |
COMPOSER_1_VERSION="latest-1.x" \
&& COMPOSER_2_VERSION="latest-2.2.x" \
5.3:
type: custom
pre: |
COMPOSER_1_VERSION="latest-1.x" \
&& COMPOSER_2_VERSION="latest-2.2.x" \
post: |
ln -sf /usr/local/bin/composer-1 /usr/local/bin/composer \
###
### nvm
###
nvm:
check: |
su -c '. {{ nvm_home }}/nvm.sh; nvm --version' devilbox | grep -E '^v?[0-9][.0-9]+' \
&& su -c '. {{ nvm_home }}/nvm.sh; node --version' devilbox | grep -E '^v?[0-9][.0-9]+' \
&& su -c '. {{ nvm_home }}/nvm.sh; yarn --version' devilbox | grep -E '^v?[0-9][.0-9]+' \
all:
type: custom
pre: |
NODE_VERSION="{{ node_version }}" \
command: |
NVM_VERSION="$( \
curl -sS 'https://github.com/nvm-sh/nvm/releases' \
| grep -Eo '/nvm-sh/nvm/releases/tag/v?[.0-9]+"' \
| grep -Eo 'v?[.0-9]+' \
| sort -V \
| tail -1 \
)" \
&& mkdir -p {{ nvm_home }} \
&& curl -o- "https://raw.githubusercontent.com/nvm-sh/nvm/${NVM_VERSION}/install.sh" \
| NVM_DIR="{{ nvm_home }}" bash \
\
&& chown -R devilbox:devilbox "{{ nvm_home }}" \
# Install latest and LTS version and yarn
post: |
su -c ". {{ nvm_home }}/nvm.sh; nvm install ${NODE_VERSION}" devilbox \
&& su -c ". {{ nvm_home }}/nvm.sh; nvm use ${NODE_VERSION}" devilbox \
&& su -c ". {{ nvm_home }}/nvm.sh; corepack enable" devilbox \
\
&& ln -s "{{ nvm_home }}/versions/node/$(su -c '. {{ nvm_home }}/nvm.sh; node --version' devilbox)/bin/corepack" /usr/local/bin/ \
&& ln -s "{{ nvm_home }}/versions/node/$(su -c '. {{ nvm_home }}/nvm.sh; node --version' devilbox)/bin/node" /usr/local/bin/ \
&& ln -s "{{ nvm_home }}/versions/node/$(su -c '. {{ nvm_home }}/nvm.sh; node --version' devilbox)/bin/npm" /usr/local/bin/ \
&& ln -s "{{ nvm_home }}/versions/node/$(su -c '. {{ nvm_home }}/nvm.sh; node --version' devilbox)/bin/npx" /usr/local/bin/ \
&& ln -s "{{ nvm_home }}/versions/node/$(su -c '. {{ nvm_home }}/nvm.sh; node --version' devilbox)/bin/yarn" /usr/local/bin/ \
\
&& chmod 0777 {{ nvm_home }} \
&& find {{ nvm_home }} -type f -print0 | xargs -n1 -0 chmod go+w \
&& find {{ nvm_home }} -type d -print0 | xargs -n1 -0 chmod 0777 \
\
&& rm -rf {{ nvm_home }}/.cache \
&& rm -rf {{ nvm_home }}/versions/node/$(su -c '. /opt/nvm/nvm.sh; node --version' devilbox)/share \
&& rm -rf {{ nvm_home }}/versions/node/$(su -c '. /opt/nvm/nvm.sh; node --version' devilbox)/include \
7.0:
type: custom
pre: |
NODE_VERSION="17" \
5.6:
type: custom
pre: |
NODE_VERSION="17" \
5.5:
type: custom
pre: |
NODE_VERSION="17" \
5.4:
type: custom
pre: |
NODE_VERSION="17" \
5.3:
type: custom
pre: |
NODE_VERSION="17" \
5.2:
type: custom
pre: |
NODE_VERSION="17" \
###
### Python pip
###
pip:
check: pip --version
all:
type: custom
command: |
curl -sS -L --fail https://bootstrap.pypa.io/get-pip.py | python3 \
# Cleanup
post: |
/bin/ls -1 /usr/local/lib/ | grep ^python | while read -r version; do \
cd "/usr/local/lib/${version}/" \
&& find . -name '*.pyc' -print0 | xargs -0 -n1 rm -rf \
&& find . -name '*.exe' -print0 | xargs -0 -n1 rm -rf \
&& find . -name '__pycache__' -print0 | xargs -0 -n1 rm -rf \
\
&& if [ -d "dist-packages" ]; then \
cd "dist-packages" \
&& pwd \
&& if /bin/ls -1 | grep -v '^pip'; then \
/bin/ls -1 | grep -v '^pip' | xargs -n1 rm -rf; \
fi \
fi \
done \
run_dep: [python3-distutils]
build_dep: [libpython3-dev]
7.2:
type: custom
command: |
curl -sS -L --fail https://bootstrap.pypa.io/pip/2.7/get-pip.py | python \
run_dep: []
build_dep: [libpython-dev]
7.1:
type: custom
command: |
curl -sS -L --fail https://bootstrap.pypa.io/pip/2.7/get-pip.py | python \
run_dep: []
build_dep: [libpython-dev]
7.0:
type: custom
command: |
curl -sS -L --fail https://bootstrap.pypa.io/pip/2.7/get-pip.py | python \
run_dep: []
build_dep: [libpython-dev]
5.6:
type: custom
command: |
curl -sS -L --fail https://bootstrap.pypa.io/pip/2.7/get-pip.py | python \
run_dep: []
build_dep: [libpython-dev]
5.5:
type: custom
command: |
curl -sS -L --fail https://bootstrap.pypa.io/pip/2.7/get-pip.py | python \
run_dep: []
build_dep: [libpython-dev]
5.4:
type: custom
command: |
curl -sS -L --fail https://bootstrap.pypa.io/pip/2.7/get-pip.py | python \
run_dep: []
build_dep: [libpython-dev]
5.3:
type: custom
run_dep: []
build_dep: [libpython-dev]
command: |
curl -sS -L --fail https://bootstrap.pypa.io/pip/2.7/get-pip.py | python \
5.2:
type: custom
command: |
curl -sS -L --fail https://bootstrap.pypa.io/pip/2.7/get-pip.py | python \
run_dep: []
build_dep: [libpython-dev]

2008
.ansible/group_vars/all/work.yml
View File

File diff suppressed because it is too large Load Diff

283
.ansible/jinja2/macros-work.j2 Normal file
View File

@@ -0,0 +1,283 @@
{##################################################################################################
# IMPORTS
##################################################################################################}
{% import './jinja2/macros.j2' as fn %}
{##################################################################################################
# GENERIC MACROS
##################################################################################################}
{#-
###
### Check if not disabled
###
### Returns 'true' string if not disabled, otherwise returns nothing
###
-#}
{%- macro is_not_disabled(php, name, items) -%}
{%- if ('disabled' not in items[name]) or (php not in items[name]['disabled']) -%}
{{- 'true' -}}
{%- endif -%}
{%- endmacro -%}
{#-
###
### Get 'type'
###
### Returns type string
###
-#}
{%- macro get_type(php, name, items) -%}
{{- fn.get_val(php, name, items, 'type', '<WRONG TYPE>') -}}
{%- endmacro -%}
{#-
###
### Get 'pre'
###
### Returns pre string
###
-#}
{%- macro get_pre(php, name, items) -%}
{{- fn.get_val(php, name, items, 'pre', '') -}}
{%- endmacro -%}
{#-
###
### Get 'post'
###
### Returns post string
###
-#}
{%- macro get_post(php, name, items) -%}
{{- fn.get_val(php, name, items, 'post', '') -}}
{%- endmacro -%}
{#-
###
### Get 'build_dep'
###
### Returns json string (jsonified list) of build_dep (use '| to_json' to eval)
###
-#}
{%- macro get_build_dep(php, name, items) -%}
{{- fn.get_list_if_enabled(php, name, items, 'build_dep') -}}
{%- endmacro -%}
{#-
###
### Get 'run_dep'
###
### Returns json string (jsonified list) of run_dep (use '| to_json' to eval)
###
-#}
{%- macro get_run_dep(php, name, items) -%}
{{- fn.get_list_if_enabled(php, name, items, 'run_dep') -}}
{%- endmacro -%}
{##################################################################################################
# TOOLS SPECIFIC MACROS
##################################################################################################}
{# --------------------------------------------- REPO ----------------------------------------- -#}
{#-
###
### Get 'deb'
### type: repo
###
-#}
{%- macro tool_repo_get_deb(php, name, items) -%}
{{- fn.get_val_by_type(php, name, items, 'deb', 'repo', '') -}}
{%- endmacro -%}
{#-
###
### Get 'key'
### type: repo
###
-#}
{%- macro tool_repo_get_key(php, name, items) -%}
{{- fn.get_val_by_type(php, name, items, 'key', 'repo', '') -}}
{%- endmacro -%}
{# --------------------------------------------- CUSTOM --------------------------------------- -#}
{#-
###
### Get 'command'
### type: custom
###
-#}
{%- macro tool_custom_get_command(php, name, items) -%}
{{- fn.get_val_by_type(php, name, items, 'command', 'custom', '') -}}
{%- endmacro -%}
{# --------------------------------------------- NPM ------------------------------------------ -#}
{#-
###
### Get 'package'
### type: npm
###
-#}
{%- macro tool_npm_get_package(php, name, items) -%}
{{- fn.get_val_by_type(php, name, items, 'package', 'npm', name) -}}
{%- endmacro -%}
{#-
###
### Get 'version'
### type: npm
###
-#}
{%- macro tool_npm_get_version(php, name, items) -%}
{%- set version = fn.get_val_by_type(php, name, items, 'version', 'npm', '') -%}
{%- if version | length -%}
{{- '@' ~ version -}}
{%- else -%}
{{- '' -}}
{%- endif -%}
{%- endmacro -%}
{#-
###
### Get 'binary'
### type: npm
###
-#}
{%- macro tool_npm_get_binary(php, name, items) -%}
{{- fn.get_val_by_type(php, name, items, 'binary', 'npm', '') -}}
{%- endmacro -%}
{# --------------------------------------------- COMPOSER ------------------------------------- -#}
{#-
###
### Get 'composer'
### type: composer
###
-#}
{%- macro tool_composer_get_composer(php, name, items) -%}
{{- fn.get_val_by_type(php, name, items, 'composer', 'composer', '') -}}
{%- endmacro -%}
{#-
###
### Get 'package'
### type: composer
###
-#}
{%- macro tool_composer_get_package(php, name, items) -%}
{{- fn.get_val_by_type(php, name, items, 'package', 'composer', '') -}}
{%- endmacro -%}
{#-
###
### Get 'version'
### type: composer
###
-#}
{%- macro tool_composer_get_version(php, name, items) -%}
{%- set version = fn.get_val_by_type(php, name, items, 'version', 'composer', '') -%}
{%- if version | length -%}
{{- ':' ~ version -}}
{%- else -%}
{{- '' -}}
{%- endif -%}
{%- endmacro -%}
{#-
###
### Get 'flags'
### type: composer
###
-#}
{%- macro tool_composer_get_flags(php, name, items) -%}
{{- fn.get_val_by_type(php, name, items, 'flags', 'composer', '') -}}
{%- endmacro -%}
{#-
###
### Get 'binary'
### type: composer
###
-#}
{%- macro tool_composer_get_binary(php, name, items) -%}
{{- fn.get_val_by_type(php, name, items, 'binary', 'composer', '') -}}
{%- endmacro -%}
{# --------------------------------------------- RUBYGEM -------------------------------------- -#}
{#-
###
### Get 'package'
### type: rubygem
###
-#}
{%- macro tool_rubygem_get_package(php, name, items) -%}
{{- fn.get_val_by_type(php, name, items, 'package', 'rubygem', '') -}}
{%- endmacro -%}
{#-
###
### Get 'version'
### type: rubygem
###
-#}
{%- macro tool_rubygem_get_version(php, name, items) -%}
{%- set version = fn.get_val_by_type(php, name, items, 'version', 'rubygem', '') -%}
{%- if version | length -%}
{{- ' -v ' ~ version -}}
{%- else -%}
{{- '' -}}
{%- endif -%}
{%- endmacro -%}
{# --------------------------------------------- PIP ------------------------------------------ -#}
{#-
###
### Get 'package'
### type: pip
###
-#}
{%- macro tool_pip_get_package(php, name, items) -%}
{{- fn.get_val_by_type(php, name, items, 'package', 'pip', name) -}}
{%- endmacro -%}
{#-
###
### Get 'version'
### type: pip
###
-#}
{%- macro tool_pip_get_version(php, name, items) -%}
{%- set version = fn.get_val_by_type(php, name, items, 'version', 'pip', '') -%}
{%- if version | length -%}
{{- '==' ~ version -}}
{%- else -%}
{{- '' -}}
{%- endif -%}
{%- endmacro -%}
{# --------------------------------------------- APT ------------------------------------------ -#}
{#-
###
### Get 'package'
### type: apt
###
-#}
{%- macro tool_apt_get_package(php, name, items) -%}
{%- if is_not_disabled(php, name, items) -%}
{{- fn.get_val_by_type(php, name, items, 'package', 'apt', '') -}}
{%- endif -%}
{%- endmacro -%}

90
.ansible/jinja2/macros.j2 Normal file
View File

@@ -0,0 +1,90 @@
{##################################################################################################
# HELPER MACROS
##################################################################################################}
{#
### Get generic string value of key if type value matches.
###
### php: The PHP Version
### name: The item name
### items: The items_available list
### key: The key to retrieve the value for
### type: The type key must match this type string
### default: Default value to return if none was found
#}
{%- macro get_val_by_type(php, name, items, key, type, default='' ) -%}
{#- Default return value -#}
{%- set result = default -%}
{#- PHP Version specific -#}
{%- if php in items[name] and items[name][php]['type'] == type -%}
{%- if key in items[name][php] and items[name][php][key] -%}
{%- set result = items[name][php][key] -%}
{%- elif key in items[name]['all'] and items[name]['all'][key] -%}
{%- set result = items[name]['all'][key] -%}
{%- endif -%}
{#- Defined in 'all' -#}
{%- elif 'all' in items[name] and items[name]['all']['type'] == type -%}
{%- if key in items[name]['all'] and items[name]['all'][key] -%}
{%- set result = items[name]['all'][key] -%}
{%- endif -%}
{%- endif -%}
{{- result -}}
{%- endmacro -%}
{#-
### Get generic string value of key.
###
### php: The PHP Version
### name: The item name
### items: The items_available list
### key: The key to retrieve the value for
### default: Default value to return if none was found
-#}
{%- macro get_val(php, name, items, key, default='') -%}
{%- if php in items[name] and key in items[name][php] and items[name][php][key] -%}
{{- items[name][php][key] -}}
{%- elif 'all' in items[name] and key in items[name]['all'] and items[name]['all'][key] -%}
{{- items[name]['all'][key] -}}
{%- else -%}
{{- default -}}
{%- endif -%}
{%- endmacro -%}
{#-
### Get generic list value (space separated) of not disabled PHP versions.
###
### Returns jsonified string of a list.
###
### Usage:
### {%- set list = [] -%}
### {%- for val in get_enabled_list(php_version, item, items_available) | from_json -%}
### {%- if val -%}
### {{- list.append(val) -}}
### {%- endif -%}
### {%- endfor -%}
###
### php: The PHP Version
### name: The item name
### items: The items_available list
### key: The key to retrieve the value for
-#}
{%- macro get_list_if_enabled(php, name, items, key) -%}
{%- set list = [] %}
{# Not disabled #}
{%- if ('disabled' not in items[name]) or (php not in items[name]['disabled']) -%}
{#- Version specific build dependency available? -#}
{%- if php in items[name] and key in items[name][php] -%}
{%- for val in items[name][php][key] -%}
{{- list.append(val) -}}
{%- endfor -%}
{#- Generic build dependency available? -#}
{%- elif 'all' in items[name] and key in items[name]['all'] -%}
{%- for val in items[name]['all'][key] -%}
{{- list.append(val) -}}
{%- endfor -%}
{%- endif -%}
{%- endif -%}
{{- list | to_json -}}
{%- endmacro -%}

4
.ansible/roles/template/tasks/main.yml
View File

@@ -1,7 +1,7 @@
--- ---
- name: generate Dockerfiles - name: generate Dockerfiles
template: ansible.builtin.template:
src: "{{ item.src }}" src: "{{ item.src }}"
dest: "{{ item.dst }}" dest: "{{ item.dst }}"
force: True force: True
@@ -10,7 +10,7 @@
- "{{ template_dockerfiles }}" - "{{ template_dockerfiles }}"
- name: generate php configuration files - name: generate php configuration files
template: ansible.builtin.template:
src: "{{ item.src }}" src: "{{ item.src }}"
dest: "{{ item.dst }}" dest: "{{ item.dst }}"
force: True force: True

95
.github/workflows/action-schedule_master.yml vendored
View File

@@ -20,14 +20,14 @@ on:
jobs: jobs:
# ----------------------------------------------------------------------------------------------- # -----------------------------------------------------------------------------------------------
# (1/8) Determine parameter settings # (1/9) Determine parameter settings
# ----------------------------------------------------------------------------------------------- # -----------------------------------------------------------------------------------------------
params: params:
uses: ./.github/workflows/params-nightly_master.yml uses: ./.github/workflows/params-nightly_master.yml
# ----------------------------------------------------------------------------------------------- # -----------------------------------------------------------------------------------------------
# (2/8) Configure Build and Deploy Matrices # (2/9) Configure Build and Deploy Matrices
# ----------------------------------------------------------------------------------------------- # -----------------------------------------------------------------------------------------------
configure: configure:
needs: [params] needs: [params]
@@ -43,7 +43,7 @@ jobs:
# ----------------------------------------------------------------------------------------------- # -----------------------------------------------------------------------------------------------
# (3/8) Build & Test base # (3/9) Build & Test base
# ----------------------------------------------------------------------------------------------- # -----------------------------------------------------------------------------------------------
build-base: build-base:
needs: needs:
@@ -72,7 +72,7 @@ jobs:
# ----------------------------------------------------------------------------------------------- # -----------------------------------------------------------------------------------------------
# (4/8) Build & Test mods # (4/9) Build & Test mods
# ----------------------------------------------------------------------------------------------- # -----------------------------------------------------------------------------------------------
build-mods: build-mods:
needs: needs:
@@ -101,7 +101,7 @@ jobs:
# ----------------------------------------------------------------------------------------------- # -----------------------------------------------------------------------------------------------
# (5/8) Build & Test prod # (5/9) Build & Test prod
# ----------------------------------------------------------------------------------------------- # -----------------------------------------------------------------------------------------------
build-prod: build-prod:
needs: needs:
@@ -130,9 +130,9 @@ jobs:
# ----------------------------------------------------------------------------------------------- # -----------------------------------------------------------------------------------------------
# (6/8) Build & Test work # (6/9) Build & Test slim
# ----------------------------------------------------------------------------------------------- # -----------------------------------------------------------------------------------------------
build-work: build-slim:
needs: needs:
- configure - configure
- build-prod - build-prod
@@ -143,9 +143,38 @@ jobs:
upload_artifact: true upload_artifact: true
matrix: ${{ needs.configure.outputs.matrix_build }} matrix: ${{ needs.configure.outputs.matrix_build }}
artifact_prefix: ${{ needs.configure.outputs.artifact_prefix }} artifact_prefix: ${{ needs.configure.outputs.artifact_prefix }}
stage: work stage: slim
stage_prev: prod stage_prev: prod
test-slim:
needs:
- configure
- build-slim
uses: devilbox/github-actions/.github/workflows/docker-multistage-test.yml@master
with:
has_refs: ${{ needs.configure.outputs.has_refs == 'true' }}
matrix: ${{ needs.configure.outputs.matrix_build }}
artifact_prefix: ${{ needs.configure.outputs.artifact_prefix }}
stage: slim
# -----------------------------------------------------------------------------------------------
# (7/9) Build & Test work
# -----------------------------------------------------------------------------------------------
build-work:
needs:
- configure
- build-slim
uses: devilbox/github-actions/.github/workflows/docker-multistage-build.yml@master
with:
has_refs: ${{ needs.configure.outputs.has_refs == 'true' }}
run_tests: false
upload_artifact: true
matrix: ${{ needs.configure.outputs.matrix_build }}
artifact_prefix: ${{ needs.configure.outputs.artifact_prefix }}
stage: work
stage_prev: slim
test-work: test-work:
needs: needs:
- configure - configure
@@ -159,14 +188,15 @@ jobs:
# ----------------------------------------------------------------------------------------------- # -----------------------------------------------------------------------------------------------
# (7/8) Push images # (8/9) Push images
# ----------------------------------------------------------------------------------------------- # -----------------------------------------------------------------------------------------------
push-base: push-base:
needs: needs:
- configure - configure
- test-base - test-base
- test-prod
- test-mods - test-mods
- test-prod
- test-slim
- test-work - test-work
uses: devilbox/github-actions/.github/workflows/docker-multistage-push-image.yml@master uses: devilbox/github-actions/.github/workflows/docker-multistage-push-image.yml@master
with: with:
@@ -183,8 +213,9 @@ jobs:
needs: needs:
- configure - configure
- test-base - test-base
- test-prod
- test-mods - test-mods
- test-prod
- test-slim
- test-work - test-work
uses: devilbox/github-actions/.github/workflows/docker-multistage-push-image.yml@master uses: devilbox/github-actions/.github/workflows/docker-multistage-push-image.yml@master
with: with:
@@ -201,8 +232,9 @@ jobs:
needs: needs:
- configure - configure
- test-base - test-base
- test-prod
- test-mods - test-mods
- test-prod
- test-slim
- test-work - test-work
uses: devilbox/github-actions/.github/workflows/docker-multistage-push-image.yml@master uses: devilbox/github-actions/.github/workflows/docker-multistage-push-image.yml@master
with: with:
@@ -215,12 +247,32 @@ jobs:
dockerhub_username: ${{ secrets.DOCKERHUB_USERNAME }} dockerhub_username: ${{ secrets.DOCKERHUB_USERNAME }}
dockerhub_password: ${{ secrets.DOCKERHUB_PASSWORD }} dockerhub_password: ${{ secrets.DOCKERHUB_PASSWORD }}
push-slim:
needs:
- configure
- test-base
- test-mods
- test-prod
- test-slim
- test-work
uses: devilbox/github-actions/.github/workflows/docker-multistage-push-image.yml@master
with:
can_deploy: ${{ needs.configure.outputs.can_login == 'true' && needs.configure.outputs.can_push == 'true' }}
has_refs: ${{ needs.configure.outputs.has_refs == 'true' }}
matrix: ${{ needs.configure.outputs.matrix_build }}
artifact_prefix: ${{ needs.configure.outputs.artifact_prefix }}
stage: slim
secrets:
dockerhub_username: ${{ secrets.DOCKERHUB_USERNAME }}
dockerhub_password: ${{ secrets.DOCKERHUB_PASSWORD }}
push-work: push-work:
needs: needs:
- configure - configure
- test-base - test-base
- test-prod
- test-mods - test-mods
- test-prod
- test-slim
- test-work - test-work
uses: devilbox/github-actions/.github/workflows/docker-multistage-push-image.yml@master uses: devilbox/github-actions/.github/workflows/docker-multistage-push-image.yml@master
with: with:
@@ -235,7 +287,7 @@ jobs:
# ----------------------------------------------------------------------------------------------- # -----------------------------------------------------------------------------------------------
# (8/8) Push Manifests # (9/9) Push Manifests
# ----------------------------------------------------------------------------------------------- # -----------------------------------------------------------------------------------------------
manifest-base: manifest-base:
needs: needs:
@@ -282,6 +334,21 @@ jobs:
dockerhub_username: ${{ secrets.DOCKERHUB_USERNAME }} dockerhub_username: ${{ secrets.DOCKERHUB_USERNAME }}
dockerhub_password: ${{ secrets.DOCKERHUB_PASSWORD }} dockerhub_password: ${{ secrets.DOCKERHUB_PASSWORD }}
manifest-slim:
needs:
- configure
- push-slim
uses: devilbox/github-actions/.github/workflows/docker-multistage-push-manifest.yml@master
with:
can_deploy: ${{ needs.configure.outputs.can_login == 'true' && needs.configure.outputs.can_push == 'true' }}
has_refs: ${{ needs.configure.outputs.has_refs == 'true' }}
matrix: ${{ needs.configure.outputs.matrix_deploy }}
versions: ${{ needs.configure.outputs.versions }}
stage: slim
secrets:
dockerhub_username: ${{ secrets.DOCKERHUB_USERNAME }}
dockerhub_password: ${{ secrets.DOCKERHUB_PASSWORD }}
manifest-work: manifest-work:
needs: needs:
- configure - configure

95
.github/workflows/action-schedule_tags.yml vendored
View File

@@ -20,14 +20,14 @@ on:
jobs: jobs:
# ----------------------------------------------------------------------------------------------- # -----------------------------------------------------------------------------------------------
# (1/8) Determine parameter settings # (1/9) Determine parameter settings
# ----------------------------------------------------------------------------------------------- # -----------------------------------------------------------------------------------------------
params: params:
uses: ./.github/workflows/params-nightly_tags.yml uses: ./.github/workflows/params-nightly_tags.yml
# ----------------------------------------------------------------------------------------------- # -----------------------------------------------------------------------------------------------
# (2/8) Configure Build and Deploy Matrices # (2/9) Configure Build and Deploy Matrices
# ----------------------------------------------------------------------------------------------- # -----------------------------------------------------------------------------------------------
configure: configure:
needs: [params] needs: [params]
@@ -43,7 +43,7 @@ jobs:
# ----------------------------------------------------------------------------------------------- # -----------------------------------------------------------------------------------------------
# (3/8) Build & Test base # (3/9) Build & Test base
# ----------------------------------------------------------------------------------------------- # -----------------------------------------------------------------------------------------------
build-base: build-base:
needs: needs:
@@ -72,7 +72,7 @@ jobs:
# ----------------------------------------------------------------------------------------------- # -----------------------------------------------------------------------------------------------
# (4/8) Build & Test mods # (4/9) Build & Test mods
# ----------------------------------------------------------------------------------------------- # -----------------------------------------------------------------------------------------------
build-mods: build-mods:
needs: needs:
@@ -101,7 +101,7 @@ jobs:
# ----------------------------------------------------------------------------------------------- # -----------------------------------------------------------------------------------------------
# (5/8) Build & Test prod # (5/9) Build & Test prod
# ----------------------------------------------------------------------------------------------- # -----------------------------------------------------------------------------------------------
build-prod: build-prod:
needs: needs:
@@ -130,9 +130,9 @@ jobs:
# ----------------------------------------------------------------------------------------------- # -----------------------------------------------------------------------------------------------
# (6/8) Build & Test work # (6/9) Build & Test slim
# ----------------------------------------------------------------------------------------------- # -----------------------------------------------------------------------------------------------
build-work: build-slim:
needs: needs:
- configure - configure
- build-prod - build-prod
@@ -143,9 +143,38 @@ jobs:
upload_artifact: true upload_artifact: true
matrix: ${{ needs.configure.outputs.matrix_build }} matrix: ${{ needs.configure.outputs.matrix_build }}
artifact_prefix: ${{ needs.configure.outputs.artifact_prefix }} artifact_prefix: ${{ needs.configure.outputs.artifact_prefix }}
stage: work stage: slim
stage_prev: prod stage_prev: prod
test-slim:
needs:
- configure
- build-slim
uses: devilbox/github-actions/.github/workflows/docker-multistage-test.yml@master
with:
has_refs: ${{ needs.configure.outputs.has_refs == 'true' }}
matrix: ${{ needs.configure.outputs.matrix_build }}
artifact_prefix: ${{ needs.configure.outputs.artifact_prefix }}
stage: slim
# -----------------------------------------------------------------------------------------------
# (7/9) Build & Test work
# -----------------------------------------------------------------------------------------------
build-work:
needs:
- configure
- build-slim
uses: devilbox/github-actions/.github/workflows/docker-multistage-build.yml@master
with:
has_refs: ${{ needs.configure.outputs.has_refs == 'true' }}
run_tests: false
upload_artifact: true
matrix: ${{ needs.configure.outputs.matrix_build }}
artifact_prefix: ${{ needs.configure.outputs.artifact_prefix }}
stage: work
stage_prev: slim
test-work: test-work:
needs: needs:
- configure - configure
@@ -159,14 +188,15 @@ jobs:
# ----------------------------------------------------------------------------------------------- # -----------------------------------------------------------------------------------------------
# (7/8) Push images # (8/9) Push images
# ----------------------------------------------------------------------------------------------- # -----------------------------------------------------------------------------------------------
push-base: push-base:
needs: needs:
- configure - configure
- test-base - test-base
- test-prod
- test-mods - test-mods
- test-prod
- test-slim
- test-work - test-work
uses: devilbox/github-actions/.github/workflows/docker-multistage-push-image.yml@master uses: devilbox/github-actions/.github/workflows/docker-multistage-push-image.yml@master
with: with:
@@ -183,8 +213,9 @@ jobs:
needs: needs:
- configure - configure
- test-base - test-base
- test-prod
- test-mods - test-mods
- test-prod
- test-slim
- test-work - test-work
uses: devilbox/github-actions/.github/workflows/docker-multistage-push-image.yml@master uses: devilbox/github-actions/.github/workflows/docker-multistage-push-image.yml@master
with: with:
@@ -201,8 +232,9 @@ jobs:
needs: needs:
- configure - configure
- test-base - test-base
- test-prod
- test-mods - test-mods
- test-prod
- test-slim
- test-work - test-work
uses: devilbox/github-actions/.github/workflows/docker-multistage-push-image.yml@master uses: devilbox/github-actions/.github/workflows/docker-multistage-push-image.yml@master
with: with:
@@ -215,12 +247,32 @@ jobs:
dockerhub_username: ${{ secrets.DOCKERHUB_USERNAME }} dockerhub_username: ${{ secrets.DOCKERHUB_USERNAME }}
dockerhub_password: ${{ secrets.DOCKERHUB_PASSWORD }} dockerhub_password: ${{ secrets.DOCKERHUB_PASSWORD }}
push-slim:
needs:
- configure
- test-base
- test-mods
- test-prod
- test-slim
- test-work
uses: devilbox/github-actions/.github/workflows/docker-multistage-push-image.yml@master
with:
can_deploy: ${{ needs.configure.outputs.can_login == 'true' && needs.configure.outputs.can_push == 'true' }}
has_refs: ${{ needs.configure.outputs.has_refs == 'true' }}
matrix: ${{ needs.configure.outputs.matrix_build }}
artifact_prefix: ${{ needs.configure.outputs.artifact_prefix }}
stage: slim
secrets:
dockerhub_username: ${{ secrets.DOCKERHUB_USERNAME }}
dockerhub_password: ${{ secrets.DOCKERHUB_PASSWORD }}
push-work: push-work:
needs: needs:
- configure - configure
- test-base - test-base
- test-prod
- test-mods - test-mods
- test-prod
- test-slim
- test-work - test-work
uses: devilbox/github-actions/.github/workflows/docker-multistage-push-image.yml@master uses: devilbox/github-actions/.github/workflows/docker-multistage-push-image.yml@master
with: with:
@@ -235,7 +287,7 @@ jobs:
# ----------------------------------------------------------------------------------------------- # -----------------------------------------------------------------------------------------------
# (8/8) Push Manifests # (9/9) Push Manifests
# ----------------------------------------------------------------------------------------------- # -----------------------------------------------------------------------------------------------
manifest-base: manifest-base:
needs: needs:
@@ -282,6 +334,21 @@ jobs:
dockerhub_username: ${{ secrets.DOCKERHUB_USERNAME }} dockerhub_username: ${{ secrets.DOCKERHUB_USERNAME }}
dockerhub_password: ${{ secrets.DOCKERHUB_PASSWORD }} dockerhub_password: ${{ secrets.DOCKERHUB_PASSWORD }}
manifest-slim:
needs:
- configure
- push-slim
uses: devilbox/github-actions/.github/workflows/docker-multistage-push-manifest.yml@master
with:
can_deploy: ${{ needs.configure.outputs.can_login == 'true' && needs.configure.outputs.can_push == 'true' }}
has_refs: ${{ needs.configure.outputs.has_refs == 'true' }}
matrix: ${{ needs.configure.outputs.matrix_deploy }}
versions: ${{ needs.configure.outputs.versions }}
stage: slim
secrets:
dockerhub_username: ${{ secrets.DOCKERHUB_USERNAME }}
dockerhub_password: ${{ secrets.DOCKERHUB_PASSWORD }}
manifest-work: manifest-work:
needs: needs:
- configure - configure

95
.github/workflows/action.yml vendored
View File

@@ -20,14 +20,14 @@ on:
jobs: jobs:
# ----------------------------------------------------------------------------------------------- # -----------------------------------------------------------------------------------------------
# (1/8) Determine parameter settings # (1/9) Determine parameter settings
# ----------------------------------------------------------------------------------------------- # -----------------------------------------------------------------------------------------------
params: params:
uses: ./.github/workflows/params.yml uses: ./.github/workflows/params.yml
# ----------------------------------------------------------------------------------------------- # -----------------------------------------------------------------------------------------------
# (2/8) Configure Build and Deploy Matrices # (2/9) Configure Build and Deploy Matrices
# ----------------------------------------------------------------------------------------------- # -----------------------------------------------------------------------------------------------
configure: configure:
needs: [params] needs: [params]
@@ -43,7 +43,7 @@ jobs:
# ----------------------------------------------------------------------------------------------- # -----------------------------------------------------------------------------------------------
# (3/8) Build & Test base # (3/9) Build & Test base
# ----------------------------------------------------------------------------------------------- # -----------------------------------------------------------------------------------------------
build-base: build-base:
needs: needs:
@@ -72,7 +72,7 @@ jobs:
# ----------------------------------------------------------------------------------------------- # -----------------------------------------------------------------------------------------------
# (4/8) Build & Test mods # (4/9) Build & Test mods
# ----------------------------------------------------------------------------------------------- # -----------------------------------------------------------------------------------------------
build-mods: build-mods:
needs: needs:
@@ -101,7 +101,7 @@ jobs:
# ----------------------------------------------------------------------------------------------- # -----------------------------------------------------------------------------------------------
# (5/8) Build & Test prod # (5/9) Build & Test prod
# ----------------------------------------------------------------------------------------------- # -----------------------------------------------------------------------------------------------
build-prod: build-prod:
needs: needs:
@@ -130,9 +130,9 @@ jobs:
# ----------------------------------------------------------------------------------------------- # -----------------------------------------------------------------------------------------------
# (6/8) Build & Test work # (6/9) Build & Test slim
# ----------------------------------------------------------------------------------------------- # -----------------------------------------------------------------------------------------------
build-work: build-slim:
needs: needs:
- configure - configure
- build-prod - build-prod
@@ -143,9 +143,38 @@ jobs:
upload_artifact: true upload_artifact: true
matrix: ${{ needs.configure.outputs.matrix_build }} matrix: ${{ needs.configure.outputs.matrix_build }}
artifact_prefix: ${{ needs.configure.outputs.artifact_prefix }} artifact_prefix: ${{ needs.configure.outputs.artifact_prefix }}
stage: work stage: slim
stage_prev: prod stage_prev: prod
test-slim:
needs:
- configure
- build-slim
uses: devilbox/github-actions/.github/workflows/docker-multistage-test.yml@master
with:
has_refs: ${{ needs.configure.outputs.has_refs == 'true' }}
matrix: ${{ needs.configure.outputs.matrix_build }}
artifact_prefix: ${{ needs.configure.outputs.artifact_prefix }}
stage: slim
# -----------------------------------------------------------------------------------------------
# (7/9) Build & Test work
# -----------------------------------------------------------------------------------------------
build-work:
needs:
- configure
- build-slim
uses: devilbox/github-actions/.github/workflows/docker-multistage-build.yml@master
with:
has_refs: ${{ needs.configure.outputs.has_refs == 'true' }}
run_tests: false
upload_artifact: true
matrix: ${{ needs.configure.outputs.matrix_build }}
artifact_prefix: ${{ needs.configure.outputs.artifact_prefix }}
stage: work
stage_prev: slim
test-work: test-work:
needs: needs:
- configure - configure
@@ -159,14 +188,15 @@ jobs:
# ----------------------------------------------------------------------------------------------- # -----------------------------------------------------------------------------------------------
# (7/8) Push images # (8/9) Push images
# ----------------------------------------------------------------------------------------------- # -----------------------------------------------------------------------------------------------
push-base: push-base:
needs: needs:
- configure - configure
- test-base - test-base
- test-prod
- test-mods - test-mods
- test-prod
- test-slim
- test-work - test-work
uses: devilbox/github-actions/.github/workflows/docker-multistage-push-image.yml@master uses: devilbox/github-actions/.github/workflows/docker-multistage-push-image.yml@master
with: with:
@@ -183,8 +213,9 @@ jobs:
needs: needs:
- configure - configure
- test-base - test-base
- test-prod
- test-mods - test-mods
- test-prod
- test-slim
- test-work - test-work
uses: devilbox/github-actions/.github/workflows/docker-multistage-push-image.yml@master uses: devilbox/github-actions/.github/workflows/docker-multistage-push-image.yml@master
with: with:
@@ -201,8 +232,9 @@ jobs:
needs: needs:
- configure - configure
- test-base - test-base
- test-prod
- test-mods - test-mods
- test-prod
- test-slim
- test-work - test-work
uses: devilbox/github-actions/.github/workflows/docker-multistage-push-image.yml@master uses: devilbox/github-actions/.github/workflows/docker-multistage-push-image.yml@master
with: with:
@@ -215,12 +247,32 @@ jobs:
dockerhub_username: ${{ secrets.DOCKERHUB_USERNAME }} dockerhub_username: ${{ secrets.DOCKERHUB_USERNAME }}
dockerhub_password: ${{ secrets.DOCKERHUB_PASSWORD }} dockerhub_password: ${{ secrets.DOCKERHUB_PASSWORD }}
push-slim:
needs:
- configure
- test-base
- test-mods
- test-prod
- test-slim
- test-work
uses: devilbox/github-actions/.github/workflows/docker-multistage-push-image.yml@master
with:
can_deploy: ${{ needs.configure.outputs.can_login == 'true' && needs.configure.outputs.can_push == 'true' }}
has_refs: ${{ needs.configure.outputs.has_refs == 'true' }}
matrix: ${{ needs.configure.outputs.matrix_build }}
artifact_prefix: ${{ needs.configure.outputs.artifact_prefix }}
stage: slim
secrets:
dockerhub_username: ${{ secrets.DOCKERHUB_USERNAME }}
dockerhub_password: ${{ secrets.DOCKERHUB_PASSWORD }}
push-work: push-work:
needs: needs:
- configure - configure
- test-base - test-base
- test-prod
- test-mods - test-mods
- test-prod
- test-slim
- test-work - test-work
uses: devilbox/github-actions/.github/workflows/docker-multistage-push-image.yml@master uses: devilbox/github-actions/.github/workflows/docker-multistage-push-image.yml@master
with: with:
@@ -235,7 +287,7 @@ jobs:
# ----------------------------------------------------------------------------------------------- # -----------------------------------------------------------------------------------------------
# (8/8) Push Manifests # (9/9) Push Manifests
# ----------------------------------------------------------------------------------------------- # -----------------------------------------------------------------------------------------------
manifest-base: manifest-base:
needs: needs:
@@ -282,6 +334,21 @@ jobs:
dockerhub_username: ${{ secrets.DOCKERHUB_USERNAME }} dockerhub_username: ${{ secrets.DOCKERHUB_USERNAME }}
dockerhub_password: ${{ secrets.DOCKERHUB_PASSWORD }} dockerhub_password: ${{ secrets.DOCKERHUB_PASSWORD }}
manifest-slim:
needs:
- configure
- push-slim
uses: devilbox/github-actions/.github/workflows/docker-multistage-push-manifest.yml@master
with:
can_deploy: ${{ needs.configure.outputs.can_login == 'true' && needs.configure.outputs.can_push == 'true' }}
has_refs: ${{ needs.configure.outputs.has_refs == 'true' }}
matrix: ${{ needs.configure.outputs.matrix_deploy }}
versions: ${{ needs.configure.outputs.versions }}
stage: slim
secrets:
dockerhub_username: ${{ secrets.DOCKERHUB_USERNAME }}
dockerhub_password: ${{ secrets.DOCKERHUB_PASSWORD }}
manifest-work: manifest-work:
needs: needs:
- configure - configure

5
.github/workflows/linting.yml vendored
View File

@@ -56,11 +56,6 @@ jobs:
run: | run: |
make lint-changelog make lint-changelog
- name: Diff generated PHP modules
run: |
make gen-modules
git diff --quiet || { echo "Build Changes"; git diff; git status; false; }
- name: Diff generated Docker files - name: Diff generated Docker files
run: | run: |
make gen-dockerfiles make gen-dockerfiles

22
CHANGELOG.md
View File

@@ -4,6 +4,28 @@
## Unreleased ## Unreleased
## Release 0.145
This is a massive restructuring release, which adds another layer on top of Ansible to easily manage/edit/add PHP tools and to configure their respective order of building and installing.
Additionally it introduces a new flavour: `slim` which is an intermediated stage between `prod` and `work`. It allows for a slim image with only required cli tools to work with the Devilbox.
### Added
- New PHP Flavour: `slim`
- Added `mhsendmail` for `arm64` architecture
- Added `wkhtmltopdf` for `arm64 architecture [#252](https://github.com/devilbox/docker-php-fpm/issues/252)
- Added `taskfile` (https://taskfile.dev/)
- Added mechanism to easily build custom images with custom set of PHP tools
- Added automated PHP tools dependency resolver (order of built is always correct)
- Added tons of documentation
### Changed
- Split out PHP tools into separate directories
### Fixed
- Fixed `xdebug` build
## Release 0.144 ## Release 0.144
This is a massive restructuring release, which adds another layer on top of Ansible to easily manage/edit/add PHP extensions and to configure their respective order of building and loading. This is a massive restructuring release, which adds another layer on top of Ansible to easily manage/edit/add PHP extensions and to configure their respective order of building and loading.

1
Dockerfiles/base/Dockerfile-5.2
View File

@@ -1,3 +1,4 @@
# vi: ft=dockerfile
# Auto-generated via Ansible: edit ./ansible/DOCKERFILES/Dockerfile-base.j2 instead. # Auto-generated via Ansible: edit ./ansible/DOCKERFILES/Dockerfile-base.j2 instead.
FROM devilbox/php-fpm-5.2 FROM devilbox/php-fpm-5.2
MAINTAINER "cytopia" <cytopia@everythingcli.org> MAINTAINER "cytopia" <cytopia@everythingcli.org>

1
Dockerfiles/base/Dockerfile-5.3
View File

@@ -1,3 +1,4 @@
# vi: ft=dockerfile
# Auto-generated via Ansible: edit ./ansible/DOCKERFILES/Dockerfile-base.j2 instead. # Auto-generated via Ansible: edit ./ansible/DOCKERFILES/Dockerfile-base.j2 instead.
FROM devilbox/php-fpm-5.3 FROM devilbox/php-fpm-5.3
MAINTAINER "cytopia" <cytopia@everythingcli.org> MAINTAINER "cytopia" <cytopia@everythingcli.org>

1
Dockerfiles/base/Dockerfile-5.4
View File

@@ -1,3 +1,4 @@
# vi: ft=dockerfile
# Auto-generated via Ansible: edit ./ansible/DOCKERFILES/Dockerfile-base.j2 instead. # Auto-generated via Ansible: edit ./ansible/DOCKERFILES/Dockerfile-base.j2 instead.
FROM devilbox/php-fpm-5.4 FROM devilbox/php-fpm-5.4
MAINTAINER "cytopia" <cytopia@everythingcli.org> MAINTAINER "cytopia" <cytopia@everythingcli.org>

1
Dockerfiles/base/Dockerfile-5.5
View File

@@ -1,3 +1,4 @@
# vi: ft=dockerfile
# Auto-generated via Ansible: edit ./ansible/DOCKERFILES/Dockerfile-base.j2 instead. # Auto-generated via Ansible: edit ./ansible/DOCKERFILES/Dockerfile-base.j2 instead.
FROM devilbox/php-fpm-5.5 FROM devilbox/php-fpm-5.5
MAINTAINER "cytopia" <cytopia@everythingcli.org> MAINTAINER "cytopia" <cytopia@everythingcli.org>

1
Dockerfiles/base/Dockerfile-5.6
View File

@@ -1,3 +1,4 @@
# vi: ft=dockerfile
# Auto-generated via Ansible: edit ./ansible/DOCKERFILES/Dockerfile-base.j2 instead. # Auto-generated via Ansible: edit ./ansible/DOCKERFILES/Dockerfile-base.j2 instead.
FROM php:5.6-fpm FROM php:5.6-fpm
MAINTAINER "cytopia" <cytopia@everythingcli.org> MAINTAINER "cytopia" <cytopia@everythingcli.org>

1
Dockerfiles/base/Dockerfile-7.0
View File

@@ -1,3 +1,4 @@
# vi: ft=dockerfile
# Auto-generated via Ansible: edit ./ansible/DOCKERFILES/Dockerfile-base.j2 instead. # Auto-generated via Ansible: edit ./ansible/DOCKERFILES/Dockerfile-base.j2 instead.
FROM php:7.0-fpm FROM php:7.0-fpm
MAINTAINER "cytopia" <cytopia@everythingcli.org> MAINTAINER "cytopia" <cytopia@everythingcli.org>

1
Dockerfiles/base/Dockerfile-7.1
View File

@@ -1,3 +1,4 @@
# vi: ft=dockerfile
# Auto-generated via Ansible: edit ./ansible/DOCKERFILES/Dockerfile-base.j2 instead. # Auto-generated via Ansible: edit ./ansible/DOCKERFILES/Dockerfile-base.j2 instead.
FROM php:7.1-fpm FROM php:7.1-fpm
MAINTAINER "cytopia" <cytopia@everythingcli.org> MAINTAINER "cytopia" <cytopia@everythingcli.org>

1
Dockerfiles/base/Dockerfile-7.2
View File

@@ -1,3 +1,4 @@
# vi: ft=dockerfile
# Auto-generated via Ansible: edit ./ansible/DOCKERFILES/Dockerfile-base.j2 instead. # Auto-generated via Ansible: edit ./ansible/DOCKERFILES/Dockerfile-base.j2 instead.
FROM php:7.2-fpm FROM php:7.2-fpm
MAINTAINER "cytopia" <cytopia@everythingcli.org> MAINTAINER "cytopia" <cytopia@everythingcli.org>

1
Dockerfiles/base/Dockerfile-7.3
View File

@@ -1,3 +1,4 @@
# vi: ft=dockerfile
# Auto-generated via Ansible: edit ./ansible/DOCKERFILES/Dockerfile-base.j2 instead. # Auto-generated via Ansible: edit ./ansible/DOCKERFILES/Dockerfile-base.j2 instead.
FROM php:7.3-fpm FROM php:7.3-fpm
MAINTAINER "cytopia" <cytopia@everythingcli.org> MAINTAINER "cytopia" <cytopia@everythingcli.org>

1
Dockerfiles/base/Dockerfile-7.4
View File

@@ -1,3 +1,4 @@
# vi: ft=dockerfile
# Auto-generated via Ansible: edit ./ansible/DOCKERFILES/Dockerfile-base.j2 instead. # Auto-generated via Ansible: edit ./ansible/DOCKERFILES/Dockerfile-base.j2 instead.
FROM php:7.4-fpm FROM php:7.4-fpm
MAINTAINER "cytopia" <cytopia@everythingcli.org> MAINTAINER "cytopia" <cytopia@everythingcli.org>

1
Dockerfiles/base/Dockerfile-8.0
View File

@@ -1,3 +1,4 @@
# vi: ft=dockerfile
# Auto-generated via Ansible: edit ./ansible/DOCKERFILES/Dockerfile-base.j2 instead. # Auto-generated via Ansible: edit ./ansible/DOCKERFILES/Dockerfile-base.j2 instead.
FROM devilbox/php-fpm-8.0 FROM devilbox/php-fpm-8.0
MAINTAINER "cytopia" <cytopia@everythingcli.org> MAINTAINER "cytopia" <cytopia@everythingcli.org>

1
Dockerfiles/base/Dockerfile-8.1
View File

@@ -1,3 +1,4 @@
# vi: ft=dockerfile
# Auto-generated via Ansible: edit ./ansible/DOCKERFILES/Dockerfile-base.j2 instead. # Auto-generated via Ansible: edit ./ansible/DOCKERFILES/Dockerfile-base.j2 instead.
FROM devilbox/php-fpm-8.1 FROM devilbox/php-fpm-8.1
MAINTAINER "cytopia" <cytopia@everythingcli.org> MAINTAINER "cytopia" <cytopia@everythingcli.org>

1
Dockerfiles/base/Dockerfile-8.2
View File

@@ -1,3 +1,4 @@
# vi: ft=dockerfile
# Auto-generated via Ansible: edit ./ansible/DOCKERFILES/Dockerfile-base.j2 instead. # Auto-generated via Ansible: edit ./ansible/DOCKERFILES/Dockerfile-base.j2 instead.
FROM devilbox/php-fpm-8.2 FROM devilbox/php-fpm-8.2
MAINTAINER "cytopia" <cytopia@everythingcli.org> MAINTAINER "cytopia" <cytopia@everythingcli.org>

3
Dockerfiles/mods/Dockerfile-5.2
View File

@@ -1,3 +1,4 @@
# vi: ft=dockerfile
# Auto-generated via Ansible: edit ./ansible/DOCKERFILES/Dockerfile-mods.j2 instead. # Auto-generated via Ansible: edit ./ansible/DOCKERFILES/Dockerfile-mods.j2 instead.
FROM devilbox/php-fpm:5.2-base as builder FROM devilbox/php-fpm:5.2-base as builder
@@ -549,7 +550,7 @@ RUN set -eux \
# Fix php.ini settings for enabled extensions # Fix php.ini settings for enabled extensions
RUN set -eux \ RUN set -eux \
&& chmod +x "$(php -r 'echo ini_get("extension_dir");')"/* && find "$(php -r 'echo ini_get("extension_dir");')/" -type f -exec chmod +x {} \;
# Fix oracle dir for images that don't have oci installed # Fix oracle dir for images that don't have oci installed
RUN set -eux \ RUN set -eux \

3
Dockerfiles/mods/Dockerfile-5.3
View File

@@ -1,3 +1,4 @@
# vi: ft=dockerfile
# Auto-generated via Ansible: edit ./ansible/DOCKERFILES/Dockerfile-mods.j2 instead. # Auto-generated via Ansible: edit ./ansible/DOCKERFILES/Dockerfile-mods.j2 instead.
FROM devilbox/php-fpm:5.3-base as builder FROM devilbox/php-fpm:5.3-base as builder
@@ -672,7 +673,7 @@ RUN set -eux \
# Fix php.ini settings for enabled extensions # Fix php.ini settings for enabled extensions
RUN set -eux \ RUN set -eux \
&& chmod +x "$(php -r 'echo ini_get("extension_dir");')"/* && find "$(php -r 'echo ini_get("extension_dir");')/" -type f -exec chmod +x {} \;
# Fix oracle dir for images that don't have oci installed # Fix oracle dir for images that don't have oci installed
RUN set -eux \ RUN set -eux \

3
Dockerfiles/mods/Dockerfile-5.4
View File

@@ -1,3 +1,4 @@
# vi: ft=dockerfile
# Auto-generated via Ansible: edit ./ansible/DOCKERFILES/Dockerfile-mods.j2 instead. # Auto-generated via Ansible: edit ./ansible/DOCKERFILES/Dockerfile-mods.j2 instead.
FROM devilbox/php-fpm:5.4-base as builder FROM devilbox/php-fpm:5.4-base as builder
@@ -683,7 +684,7 @@ RUN set -eux \
# Fix php.ini settings for enabled extensions # Fix php.ini settings for enabled extensions
RUN set -eux \ RUN set -eux \
&& chmod +x "$(php -r 'echo ini_get("extension_dir");')"/* && find "$(php -r 'echo ini_get("extension_dir");')/" -type f -exec chmod +x {} \;
# Fix oracle dir for images that don't have oci installed # Fix oracle dir for images that don't have oci installed
RUN set -eux \ RUN set -eux \

3
Dockerfiles/mods/Dockerfile-5.5
View File

@@ -1,3 +1,4 @@
# vi: ft=dockerfile
# Auto-generated via Ansible: edit ./ansible/DOCKERFILES/Dockerfile-mods.j2 instead. # Auto-generated via Ansible: edit ./ansible/DOCKERFILES/Dockerfile-mods.j2 instead.
FROM devilbox/php-fpm:5.5-base as builder FROM devilbox/php-fpm:5.5-base as builder
@@ -721,7 +722,7 @@ RUN set -eux \
# Fix php.ini settings for enabled extensions # Fix php.ini settings for enabled extensions
RUN set -eux \ RUN set -eux \
&& chmod +x "$(php -r 'echo ini_get("extension_dir");')"/* && find "$(php -r 'echo ini_get("extension_dir");')/" -type f -exec chmod +x {} \;
# Fix oracle dir for images that don't have oci installed # Fix oracle dir for images that don't have oci installed
RUN set -eux \ RUN set -eux \

3
Dockerfiles/mods/Dockerfile-5.6
View File

@@ -1,3 +1,4 @@
# vi: ft=dockerfile
# Auto-generated via Ansible: edit ./ansible/DOCKERFILES/Dockerfile-mods.j2 instead. # Auto-generated via Ansible: edit ./ansible/DOCKERFILES/Dockerfile-mods.j2 instead.
FROM devilbox/php-fpm:5.6-base as builder FROM devilbox/php-fpm:5.6-base as builder
@@ -740,7 +741,7 @@ RUN set -eux \
# Fix php.ini settings for enabled extensions # Fix php.ini settings for enabled extensions
RUN set -eux \ RUN set -eux \
&& chmod +x "$(php -r 'echo ini_get("extension_dir");')"/* && find "$(php -r 'echo ini_get("extension_dir");')/" -type f -exec chmod +x {} \;
# Fix oracle dir for images that don't have oci installed # Fix oracle dir for images that don't have oci installed
RUN set -eux \ RUN set -eux \

3
Dockerfiles/mods/Dockerfile-7.0
View File

@@ -1,3 +1,4 @@
# vi: ft=dockerfile
# Auto-generated via Ansible: edit ./ansible/DOCKERFILES/Dockerfile-mods.j2 instead. # Auto-generated via Ansible: edit ./ansible/DOCKERFILES/Dockerfile-mods.j2 instead.
FROM devilbox/php-fpm:7.0-base as builder FROM devilbox/php-fpm:7.0-base as builder
@@ -876,7 +877,7 @@ RUN set -eux \
# Fix php.ini settings for enabled extensions # Fix php.ini settings for enabled extensions
RUN set -eux \ RUN set -eux \
&& chmod +x "$(php -r 'echo ini_get("extension_dir");')"/* && find "$(php -r 'echo ini_get("extension_dir");')/" -type f -exec chmod +x {} \;
# Fix oracle dir for images that don't have oci installed # Fix oracle dir for images that don't have oci installed
RUN set -eux \ RUN set -eux \

3
Dockerfiles/mods/Dockerfile-7.1
View File

@@ -1,3 +1,4 @@
# vi: ft=dockerfile
# Auto-generated via Ansible: edit ./ansible/DOCKERFILES/Dockerfile-mods.j2 instead. # Auto-generated via Ansible: edit ./ansible/DOCKERFILES/Dockerfile-mods.j2 instead.
FROM devilbox/php-fpm:7.1-base as builder FROM devilbox/php-fpm:7.1-base as builder
@@ -894,7 +895,7 @@ RUN set -eux \
# Fix php.ini settings for enabled extensions # Fix php.ini settings for enabled extensions
RUN set -eux \ RUN set -eux \
&& chmod +x "$(php -r 'echo ini_get("extension_dir");')"/* && find "$(php -r 'echo ini_get("extension_dir");')/" -type f -exec chmod +x {} \;
# Fix oracle dir for images that don't have oci installed # Fix oracle dir for images that don't have oci installed
RUN set -eux \ RUN set -eux \

7
Dockerfiles/mods/Dockerfile-7.2
View File

@@ -1,3 +1,4 @@
# vi: ft=dockerfile
# Auto-generated via Ansible: edit ./ansible/DOCKERFILES/Dockerfile-mods.j2 instead. # Auto-generated via Ansible: edit ./ansible/DOCKERFILES/Dockerfile-mods.j2 instead.
FROM devilbox/php-fpm:7.2-base as builder FROM devilbox/php-fpm:7.2-base as builder
@@ -844,10 +845,10 @@ RUN set -eux \
# -------------------- Installing PHP Extension: xdebug -------------------- # -------------------- Installing PHP Extension: xdebug --------------------
RUN set -eux \ RUN set -eux \
# Installation: Generic # Installation: Version specific
# Type: PECL extension # Type: PECL extension
# Default: Pecl command # Default: Pecl command
&& pecl install xdebug \ && pecl install xdebug-3.1.6 \
# Enabling # Enabling
&& docker-php-ext-enable xdebug \ && docker-php-ext-enable xdebug \
&& true && true
@@ -897,7 +898,7 @@ RUN set -eux \
# Fix php.ini settings for enabled extensions # Fix php.ini settings for enabled extensions
RUN set -eux \ RUN set -eux \
&& chmod +x "$(php -r 'echo ini_get("extension_dir");')"/* && find "$(php -r 'echo ini_get("extension_dir");')/" -type f -exec chmod +x {} \;
# Fix oracle dir for images that don't have oci installed # Fix oracle dir for images that don't have oci installed
RUN set -eux \ RUN set -eux \

7
Dockerfiles/mods/Dockerfile-7.3
View File

@@ -1,3 +1,4 @@
# vi: ft=dockerfile
# Auto-generated via Ansible: edit ./ansible/DOCKERFILES/Dockerfile-mods.j2 instead. # Auto-generated via Ansible: edit ./ansible/DOCKERFILES/Dockerfile-mods.j2 instead.
FROM devilbox/php-fpm:7.3-base as builder FROM devilbox/php-fpm:7.3-base as builder
@@ -838,10 +839,10 @@ RUN set -eux \
# -------------------- Installing PHP Extension: xdebug -------------------- # -------------------- Installing PHP Extension: xdebug --------------------
RUN set -eux \ RUN set -eux \
# Installation: Generic # Installation: Version specific
# Type: PECL extension # Type: PECL extension
# Default: Pecl command # Default: Pecl command
&& pecl install xdebug \ && pecl install xdebug-3.1.6 \
# Enabling # Enabling
&& docker-php-ext-enable xdebug \ && docker-php-ext-enable xdebug \
&& true && true
@@ -891,7 +892,7 @@ RUN set -eux \
# Fix php.ini settings for enabled extensions # Fix php.ini settings for enabled extensions
RUN set -eux \ RUN set -eux \
&& chmod +x "$(php -r 'echo ini_get("extension_dir");')"/* && find "$(php -r 'echo ini_get("extension_dir");')/" -type f -exec chmod +x {} \;
# Fix oracle dir for images that don't have oci installed # Fix oracle dir for images that don't have oci installed
RUN set -eux \ RUN set -eux \

7
Dockerfiles/mods/Dockerfile-7.4
View File

@@ -1,3 +1,4 @@
# vi: ft=dockerfile
# Auto-generated via Ansible: edit ./ansible/DOCKERFILES/Dockerfile-mods.j2 instead. # Auto-generated via Ansible: edit ./ansible/DOCKERFILES/Dockerfile-mods.j2 instead.
FROM devilbox/php-fpm:7.4-base as builder FROM devilbox/php-fpm:7.4-base as builder
@@ -825,10 +826,10 @@ RUN set -eux \
# -------------------- Installing PHP Extension: xdebug -------------------- # -------------------- Installing PHP Extension: xdebug --------------------
RUN set -eux \ RUN set -eux \
# Installation: Generic # Installation: Version specific
# Type: PECL extension # Type: PECL extension
# Default: Pecl command # Default: Pecl command
&& pecl install xdebug \ && pecl install xdebug-3.1.6 \
# Enabling # Enabling
&& docker-php-ext-enable xdebug \ && docker-php-ext-enable xdebug \
&& true && true
@@ -879,7 +880,7 @@ RUN set -eux \
# Fix php.ini settings for enabled extensions # Fix php.ini settings for enabled extensions
RUN set -eux \ RUN set -eux \
&& chmod +x "$(php -r 'echo ini_get("extension_dir");')"/* && find "$(php -r 'echo ini_get("extension_dir");')/" -type f -exec chmod +x {} \;
# Fix oracle dir for images that don't have oci installed # Fix oracle dir for images that don't have oci installed
RUN set -eux \ RUN set -eux \

3
Dockerfiles/mods/Dockerfile-8.0
View File

@@ -1,3 +1,4 @@
# vi: ft=dockerfile
# Auto-generated via Ansible: edit ./ansible/DOCKERFILES/Dockerfile-mods.j2 instead. # Auto-generated via Ansible: edit ./ansible/DOCKERFILES/Dockerfile-mods.j2 instead.
FROM devilbox/php-fpm:8.0-base as builder FROM devilbox/php-fpm:8.0-base as builder
@@ -852,7 +853,7 @@ RUN set -eux \
# Fix php.ini settings for enabled extensions # Fix php.ini settings for enabled extensions
RUN set -eux \ RUN set -eux \
&& chmod +x "$(php -r 'echo ini_get("extension_dir");')"/* && find "$(php -r 'echo ini_get("extension_dir");')/" -type f -exec chmod +x {} \;
# Fix oracle dir for images that don't have oci installed # Fix oracle dir for images that don't have oci installed
RUN set -eux \ RUN set -eux \

18
Dockerfiles/mods/Dockerfile-8.1
View File

@@ -1,3 +1,4 @@
# vi: ft=dockerfile
# Auto-generated via Ansible: edit ./ansible/DOCKERFILES/Dockerfile-mods.j2 instead. # Auto-generated via Ansible: edit ./ansible/DOCKERFILES/Dockerfile-mods.j2 instead.
FROM devilbox/php-fpm:8.1-base as builder FROM devilbox/php-fpm:8.1-base as builder
@@ -787,17 +788,10 @@ RUN set -eux \
# -------------------- Installing PHP Extension: xdebug -------------------- # -------------------- Installing PHP Extension: xdebug --------------------
RUN set -eux \ RUN set -eux \
# Installation: Version specific # Installation: Generic
# Type: GIT extension # Type: PECL extension
&& git clone https://github.com/xdebug/xdebug /tmp/xdebug \ # Default: Pecl command
&& cd /tmp/xdebug \ && pecl install xdebug \
# Custom: Branch
&& git checkout $(git tag | grep -E '^[.0-9]+$' | sort -V | tail -1) \
# Default: Install command
&& phpize \
&& ./configure --enable-xdebug \
&& make -j$(getconf _NPROCESSORS_ONLN) \
&& make install \
# Enabling # Enabling
&& docker-php-ext-enable xdebug \ && docker-php-ext-enable xdebug \
&& true && true
@@ -837,7 +831,7 @@ RUN set -eux \
# Fix php.ini settings for enabled extensions # Fix php.ini settings for enabled extensions
RUN set -eux \ RUN set -eux \
&& chmod +x "$(php -r 'echo ini_get("extension_dir");')"/* && find "$(php -r 'echo ini_get("extension_dir");')/" -type f -exec chmod +x {} \;
# Fix oracle dir for images that don't have oci installed # Fix oracle dir for images that don't have oci installed
RUN set -eux \ RUN set -eux \

18
Dockerfiles/mods/Dockerfile-8.2
View File

@@ -1,3 +1,4 @@
# vi: ft=dockerfile
# Auto-generated via Ansible: edit ./ansible/DOCKERFILES/Dockerfile-mods.j2 instead. # Auto-generated via Ansible: edit ./ansible/DOCKERFILES/Dockerfile-mods.j2 instead.
FROM devilbox/php-fpm:8.2-base as builder FROM devilbox/php-fpm:8.2-base as builder
@@ -739,17 +740,10 @@ RUN set -eux \
# -------------------- Installing PHP Extension: xdebug -------------------- # -------------------- Installing PHP Extension: xdebug --------------------
RUN set -eux \ RUN set -eux \
# Installation: Version specific # Installation: Generic
# Type: GIT extension # Type: PECL extension
&& git clone https://github.com/xdebug/xdebug /tmp/xdebug \ # Default: Pecl command
&& cd /tmp/xdebug \ && pecl install xdebug \
# Custom: Branch
&& git checkout 3.2.0RC2 \
# Default: Install command
&& phpize \
&& ./configure --enable-xdebug \
&& make -j$(getconf _NPROCESSORS_ONLN) \
&& make install \
# Enabling # Enabling
&& docker-php-ext-enable xdebug \ && docker-php-ext-enable xdebug \
&& true && true
@@ -789,7 +783,7 @@ RUN set -eux \
# Fix php.ini settings for enabled extensions # Fix php.ini settings for enabled extensions
RUN set -eux \ RUN set -eux \
&& chmod +x "$(php -r 'echo ini_get("extension_dir");')"/* && find "$(php -r 'echo ini_get("extension_dir");')/" -type f -exec chmod +x {} \;
# Fix oracle dir for images that don't have oci installed # Fix oracle dir for images that don't have oci installed
RUN set -eux \ RUN set -eux \

1
Dockerfiles/prod/Dockerfile-5.2
View File

@@ -1,3 +1,4 @@
# vi: ft=dockerfile
# Auto-generated via Ansible: edit ./ansible/DOCKERFILES/Dockerfile-prod.j2 instead. # Auto-generated via Ansible: edit ./ansible/DOCKERFILES/Dockerfile-prod.j2 instead.
FROM devilbox/php-fpm:5.2-mods FROM devilbox/php-fpm:5.2-mods
MAINTAINER "cytopia" <cytopia@everythingcli.org> MAINTAINER "cytopia" <cytopia@everythingcli.org>

1
Dockerfiles/prod/Dockerfile-5.3
View File

@@ -1,3 +1,4 @@
# vi: ft=dockerfile
# Auto-generated via Ansible: edit ./ansible/DOCKERFILES/Dockerfile-prod.j2 instead. # Auto-generated via Ansible: edit ./ansible/DOCKERFILES/Dockerfile-prod.j2 instead.
FROM devilbox/php-fpm:5.3-mods FROM devilbox/php-fpm:5.3-mods
MAINTAINER "cytopia" <cytopia@everythingcli.org> MAINTAINER "cytopia" <cytopia@everythingcli.org>

1
Dockerfiles/prod/Dockerfile-5.4
View File

@@ -1,3 +1,4 @@
# vi: ft=dockerfile
# Auto-generated via Ansible: edit ./ansible/DOCKERFILES/Dockerfile-prod.j2 instead. # Auto-generated via Ansible: edit ./ansible/DOCKERFILES/Dockerfile-prod.j2 instead.
FROM devilbox/php-fpm:5.4-mods FROM devilbox/php-fpm:5.4-mods
MAINTAINER "cytopia" <cytopia@everythingcli.org> MAINTAINER "cytopia" <cytopia@everythingcli.org>

1
Dockerfiles/prod/Dockerfile-5.5
View File

@@ -1,3 +1,4 @@
# vi: ft=dockerfile
# Auto-generated via Ansible: edit ./ansible/DOCKERFILES/Dockerfile-prod.j2 instead. # Auto-generated via Ansible: edit ./ansible/DOCKERFILES/Dockerfile-prod.j2 instead.
FROM devilbox/php-fpm:5.5-mods FROM devilbox/php-fpm:5.5-mods
MAINTAINER "cytopia" <cytopia@everythingcli.org> MAINTAINER "cytopia" <cytopia@everythingcli.org>

1
Dockerfiles/prod/Dockerfile-5.6
View File

@@ -1,3 +1,4 @@
# vi: ft=dockerfile
# Auto-generated via Ansible: edit ./ansible/DOCKERFILES/Dockerfile-prod.j2 instead. # Auto-generated via Ansible: edit ./ansible/DOCKERFILES/Dockerfile-prod.j2 instead.
FROM devilbox/php-fpm:5.6-mods FROM devilbox/php-fpm:5.6-mods
MAINTAINER "cytopia" <cytopia@everythingcli.org> MAINTAINER "cytopia" <cytopia@everythingcli.org>

1
Dockerfiles/prod/Dockerfile-7.0
View File

@@ -1,3 +1,4 @@
# vi: ft=dockerfile
# Auto-generated via Ansible: edit ./ansible/DOCKERFILES/Dockerfile-prod.j2 instead. # Auto-generated via Ansible: edit ./ansible/DOCKERFILES/Dockerfile-prod.j2 instead.
FROM devilbox/php-fpm:7.0-mods FROM devilbox/php-fpm:7.0-mods
MAINTAINER "cytopia" <cytopia@everythingcli.org> MAINTAINER "cytopia" <cytopia@everythingcli.org>

1
Dockerfiles/prod/Dockerfile-7.1
View File

@@ -1,3 +1,4 @@
# vi: ft=dockerfile
# Auto-generated via Ansible: edit ./ansible/DOCKERFILES/Dockerfile-prod.j2 instead. # Auto-generated via Ansible: edit ./ansible/DOCKERFILES/Dockerfile-prod.j2 instead.
FROM devilbox/php-fpm:7.1-mods FROM devilbox/php-fpm:7.1-mods
MAINTAINER "cytopia" <cytopia@everythingcli.org> MAINTAINER "cytopia" <cytopia@everythingcli.org>

1
Dockerfiles/prod/Dockerfile-7.2
View File

@@ -1,3 +1,4 @@
# vi: ft=dockerfile
# Auto-generated via Ansible: edit ./ansible/DOCKERFILES/Dockerfile-prod.j2 instead. # Auto-generated via Ansible: edit ./ansible/DOCKERFILES/Dockerfile-prod.j2 instead.
FROM devilbox/php-fpm:7.2-mods FROM devilbox/php-fpm:7.2-mods
MAINTAINER "cytopia" <cytopia@everythingcli.org> MAINTAINER "cytopia" <cytopia@everythingcli.org>

1
Dockerfiles/prod/Dockerfile-7.3
View File

@@ -1,3 +1,4 @@
# vi: ft=dockerfile
# Auto-generated via Ansible: edit ./ansible/DOCKERFILES/Dockerfile-prod.j2 instead. # Auto-generated via Ansible: edit ./ansible/DOCKERFILES/Dockerfile-prod.j2 instead.
FROM devilbox/php-fpm:7.3-mods FROM devilbox/php-fpm:7.3-mods
MAINTAINER "cytopia" <cytopia@everythingcli.org> MAINTAINER "cytopia" <cytopia@everythingcli.org>

1
Dockerfiles/prod/Dockerfile-7.4
View File

@@ -1,3 +1,4 @@
# vi: ft=dockerfile
# Auto-generated via Ansible: edit ./ansible/DOCKERFILES/Dockerfile-prod.j2 instead. # Auto-generated via Ansible: edit ./ansible/DOCKERFILES/Dockerfile-prod.j2 instead.
FROM devilbox/php-fpm:7.4-mods FROM devilbox/php-fpm:7.4-mods
MAINTAINER "cytopia" <cytopia@everythingcli.org> MAINTAINER "cytopia" <cytopia@everythingcli.org>

1
Dockerfiles/prod/Dockerfile-8.0
View File

@@ -1,3 +1,4 @@
# vi: ft=dockerfile
# Auto-generated via Ansible: edit ./ansible/DOCKERFILES/Dockerfile-prod.j2 instead. # Auto-generated via Ansible: edit ./ansible/DOCKERFILES/Dockerfile-prod.j2 instead.
FROM devilbox/php-fpm:8.0-mods FROM devilbox/php-fpm:8.0-mods
MAINTAINER "cytopia" <cytopia@everythingcli.org> MAINTAINER "cytopia" <cytopia@everythingcli.org>

1
Dockerfiles/prod/Dockerfile-8.1
View File

@@ -1,3 +1,4 @@
# vi: ft=dockerfile
# Auto-generated via Ansible: edit ./ansible/DOCKERFILES/Dockerfile-prod.j2 instead. # Auto-generated via Ansible: edit ./ansible/DOCKERFILES/Dockerfile-prod.j2 instead.
FROM devilbox/php-fpm:8.1-mods FROM devilbox/php-fpm:8.1-mods
MAINTAINER "cytopia" <cytopia@everythingcli.org> MAINTAINER "cytopia" <cytopia@everythingcli.org>

1
Dockerfiles/prod/Dockerfile-8.2
View File

@@ -1,3 +1,4 @@
# vi: ft=dockerfile
# Auto-generated via Ansible: edit ./ansible/DOCKERFILES/Dockerfile-prod.j2 instead. # Auto-generated via Ansible: edit ./ansible/DOCKERFILES/Dockerfile-prod.j2 instead.
FROM devilbox/php-fpm:8.2-mods FROM devilbox/php-fpm:8.2-mods
MAINTAINER "cytopia" <cytopia@everythingcli.org> MAINTAINER "cytopia" <cytopia@everythingcli.org>

622
Dockerfiles/slim/Dockerfile-5.2 Normal file
View File

@@ -0,0 +1,622 @@
# vi: ft=dockerfile
# Auto-generated via Ansible: edit ./ansible/DOCKERFILES/Dockerfile-slim.j2 instead.
########################################################################################################################
########################################################################################################################
###
### Stage 1/4: Devilbox slim image (BASE BUILDER)
###
########################################################################################################################
########################################################################################################################
###
### Installs all cli tools required to run Devilbox and its intranet
###
FROM devilbox/php-fpm:5.2-prod as devilbox-slim-base-builder
###
### Install apt Tools
###
RUN set -eux \
&& DEBIAN_FRONTEND=noninteractive apt-get update \
&& DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends --no-install-suggests \
apt-transport-https \
ca-certificates \
curl \
dirmngr \
gnupg
###
### Add apt repositories
###
RUN set -eux \
&& echo 'Acquire::Check-Valid-Until no;' > /etc/apt/apt.conf.d/99no-check-valid-until \
&& echo "deb [trusted=yes] http://archive.debian.org/debian jessie-backports main" > /etc/apt/sources.list.d/backports.list \
&& curl -sS -L --fail "https://packages.blackfire.io/gpg.key" | APT_KEY_DONT_WARN_ON_DANGEROUS_USAGE=1 apt-key add - \
&& echo "deb http://packages.blackfire.io/debian any main" > /etc/apt/sources.list.d/blackfire.list \
&& true
###
### Install build_dep
###
RUN set -eux \
&& DEBIAN_FRONTEND=noninteractive apt-get update \
&& DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends --no-install-suggests \
libsnappy-dev \
&& rm -rf /var/lib/apt/lists/*
###
### Add common tools
###
RUN set -eux \
&& DEBIAN_FRONTEND=noninteractive apt-get update \
&& DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends --no-install-suggests \
file \
git \
mysql-client \
redis-tools \
sqlite3
###
### Install tools type: apt
###
RUN set -eux \
&& DEBIAN_FRONTEND=noninteractive apt-get update \
&& DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends --no-install-suggests \
# ---------- type: apt ----------
dnsutils \
iputils-ping \
netcat-openbsd \
sudo \
&& rm -rf /var/lib/apt/lists/*
###
### Devilbox required cli tools from group_vars (slim.yml)
###
# -------------------- dig --------------------
RUN set -eux \
&& dig -v 2>&1 | grep -E '[0-9]\.[0-9]' \
&& true
# -------------------- netcat --------------------
RUN set -eux \
&& nc -h 2>&1 | grep netcat \
&& true
# -------------------- ping --------------------
RUN set -eux \
&& ping -V | grep ^ping \
&& true
# -------------------- sudo --------------------
RUN set -eux \
&& sudo --version | grep -E 'version [0-9]+\.[0-9]+' \
&& true
# -------------------- blackfire --------------------
RUN set -eux \
&& apt-get update \
\
&& apt-get install -y --no-install-recommends --no-install-suggests \
blackfire-agent \
\
&& rm -rf /var/lib/apt/lists/* \
&& blackfire version \
&& blackfire-agent -v \
\
&& true
# -------------------- mhsendmail --------------------
RUN set -eux \
&& DEB_HOST_ARCH="$( dpkg-architecture --query DEB_HOST_ARCH )" \
&& if [ "${DEB_HOST_ARCH}" = "amd64" ] || [ "${DEB_HOST_ARCH}" = "arm64" ]; then \
MHSENDMAIL_URL="https://github.com/devilbox/mhsendmail/releases/download/v0.3.0/mhsendmail_linux_${DEB_HOST_ARCH}" \
&& curl -sS -L --fail "${MHSENDMAIL_URL}" > /usr/local/bin/mhsendmail \
&& chmod +x /usr/local/bin/mhsendmail; \
else \
printf '%s\n%s\n%s\n' '#!/bin/sh' 'echo "Not available for this platform."' 'exit 1' > /usr/local/bin/mhsendmail \
&& chmod +x /usr/local/bin/mhsendmail; \
fi \
\
&& mhsendmail -h 2>&1 | grep 'Usage' \
&& true
# -------------------- mongo_client --------------------
RUN set -eux \
&& apt-get update \
&& if [ "$(dpkg-architecture --query DEB_BUILD_ARCH)" = "amd64" ]; then \
apt-get install -y --no-install-recommends --no-install-suggests \
mongodb-clients; \
fi \
\
&& rm -rf /var/lib/apt/lists/* \
&& if echo '5.2' | grep -E '^(5.2|5.3|5.4|5.5|5.6|7.0)$' >/dev/null; then \
if [ "$(dpkg-architecture --query DEB_BUILD_ARCH)" = "amd64" ]; then \
mongofiles --version; \
fi \
else \
mongofiles --version; \
fi \
\
&& if echo '5.2' | grep -E '^(5.2|5.3|5.4|5.5)$' >/dev/null; then \
if [ "$(dpkg-architecture --query DEB_BUILD_ARCH)" = "amd64" ]; then \
mongo --version; \
fi \
else \
mongo --version; \
fi \
\
&& true
# -------------------- mysqldumpsecure --------------------
RUN set -eux \
&& git clone https://github.com/cytopia/mysqldump-secure.git /usr/local/src/mysqldump-secure \
&& cd /usr/local/src/mysqldump-secure \
&& git checkout $(git describe --abbrev=0 --tags) \
&& cp /usr/local/src/mysqldump-secure/bin/mysqldump-secure /usr/local/bin \
&& cp /usr/local/src/mysqldump-secure/etc/mysqldump-secure.conf /etc \
&& cp /usr/local/src/mysqldump-secure/etc/mysqldump-secure.cnf /etc \
&& touch /var/log/mysqldump-secure.log \
&& chown ${MY_USER}:${MY_GROUP} /etc/mysqldump-secure.* \
&& chown ${MY_USER}:${MY_GROUP} /var/log/mysqldump-secure.log \
&& chmod 0400 /etc/mysqldump-secure.conf \
&& chmod 0400 /etc/mysqldump-secure.cnf \
&& chmod 0644 /var/log/mysqldump-secure.log \
&& sed -i'' 's/^COMPRESS_ARG=.*/COMPRESS_ARG="-9 -c"/g' /etc/mysqldump-secure.conf \
&& sed -i'' 's/^DUMP_DIR=.*/DUMP_DIR="\/shared\/backups\/mysql"/g' /etc/mysqldump-secure.conf \
&& sed -i'' 's/^DUMP_DIR_CHMOD=.*/DUMP_DIR_CHMOD="0755"/g' /etc/mysqldump-secure.conf \
&& sed -i'' 's/^DUMP_FILE_CHMOD=.*/DUMP_FILE_CHMOD="0644"/g' /etc/mysqldump-secure.conf \
&& sed -i'' 's/^LOG_CHMOD=.*/LOG_CHMOD="0644"/g' /etc/mysqldump-secure.conf \
&& sed -i'' 's/^NAGIOS_LOG=.*/NAGIOS_LOG=0/g' /etc/mysqldump-secure.conf \
&& cd / \
&& rm -rf /usr/local/src/mysqldump-secure \
\
&& mysqldump-secure --version | grep -E 'Version:\s*[0-9][.0-9]+' \
&& true
# -------------------- pgsql_client --------------------
RUN set -eux \
&& if [ "$(dpkg-architecture --query DEB_BUILD_ARCH)" = "amd64" ]; then \
curl -sS -k -L --fail https://www.postgresql.org/media/keys/ACCC4CF8.asc | APT_KEY_DONT_WARN_ON_DANGEROUS_USAGE=1 apt-key add - \
&& echo "deb https://apt-archive.postgresql.org/pub/repos/apt/ jessie-pgdg main" > /etc/apt/sources.list.d/pgsql.list \
&& apt-get update; \
fi \
\
&& if [ "$(dpkg-architecture --query DEB_BUILD_ARCH)" = "amd64" ]; then \
apt-get install -y --no-install-recommends --no-install-suggests \
postgresql-client; \
fi \
\
&& rm -rf /var/lib/apt/lists/* \
&& if echo '5.2' | grep -E '^(5.2|5.3|5.4|5.5|5.6|7.0)$' >/dev/null; then \
if [ "$(dpkg-architecture --query DEB_BUILD_ARCH)" = "amd64" ]; then \
pg_isready --version; \
fi \
else \
pg_isready --version; \
fi \
\
&& true
###
### Prepare required shared libraries for copying (keep symlinks)
###
RUN set -eux \
&& LIB_GNU_DIR="/lib/$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)" \
&& USR_LIB_DIR="/usr/lib" \
&& USR_LIB_GNU_DIR="/usr/lib/$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)" \
\
&& mkdir /tmp/lib-gnu \
&& mkdir /tmp/usr-lib \
&& mkdir /tmp/usr-lib-gnu \
\
&& LIB_GNU="libreadline" \
&& USR_LIB="libsnappy libtcmalloc libv8" \
&& USR_LIB_GNU="liblua libpq libpcrecpp libboost libjemalloc libunwind libhiredis libedit libyaml-cpp libstemmer libsnappy libpcap libbsd liblzf" \
\
&& for lib in ${LIB_GNU}; do \
if ls -1 "${LIB_GNU_DIR}/" | grep "^${lib}" >/dev/null; then \
echo "Coping '${lib}' from: ${LIB_GNU_DIR}"; \
cp -r ${LIB_GNU_DIR}/${lib}* /tmp/lib-gnu/; \
fi \
done \
&& for lib in ${USR_LIB}; do \
if ls -1 "${USR_LIB_DIR}/" | grep "^${lib}" >/dev/null; then \
echo "Coping '${lib}' from: ${USR_LIB_DIR}"; \
cp -r ${USR_LIB_DIR}/${lib}* /tmp/usr-lib/; \
fi \
done \
&& for lib in ${USR_LIB_GNU}; do \
if ls -1 "${USR_LIB_GNU_DIR}/" | grep "^${lib}" >/dev/null; then \
echo "Coping '${lib}' from: ${USR_LIB_GNU_DIR}"; \
cp -r ${USR_LIB_GNU_DIR}/${lib}* /tmp/usr-lib-gnu/; \
fi \
done
###
### Fix expected PostgreSQL directories
###
### This might not exist on arm64 as software was not available,
### but they are still needed to be present, so we can copy them.
###
RUN set -eux \
&& if [ ! -d "/usr/lib/postgresql" ]; then \
mkdir "/usr/lib/postgresql"; \
fi \
&& if [ ! -d "/usr/share/postgresql-common" ]; then \
mkdir "/usr/share/postgresql-common"; \
fi
###
### Prepare MongoDB binaries for copying.
###
### They might not be available on all architectures (e.g.: arm64).
###
RUN set -eux \
&& mkdir /tmp/mongo \
&& if ls -1 "/usr/bin/" | grep "^mongo" >/dev/null; then \
cp -r /usr/bin/mongo* /tmp/mongo/; \
fi
###
### Strip debugging information to smallen filesize
###
RUN set -eux \
&& STRIP_USR_BINS="blackfire mongo mysql redis sqlite" \
&& STRIP_DIRS="/usr/lib/postgresql/ /usr/share/postgresql-common/ /tmp" \
\
&& for bin in ${STRIP_USR_BINS}; do \
( \
find /usr/bin/ -name "${bin}"* -type f -print0 \
| xargs -n1 -0 -P$(getconf _NPROCESSORS_ONLN) sh -c \
'if [ -f "${1}" ]; then echo "Strip: ${1}"; strip --strip-all -p "${1}" 2>/dev/null || true; fi' -- \
) \
done \
\
&& for dir in ${STRIP_DIRS}; do \
( \
find ${dir} -type f -print0 \
| xargs -n1 -0 -P$(getconf _NPROCESSORS_ONLN) sh -c \
'if [ -f "${1}" ]; then echo "Strip: ${1}"; strip --strip-all -p "${1}" 2>/dev/null || true; fi' -- \
) \
done \
\
&& strip --strip-all -p /usr/local/bin/mhsendmail 2>/dev/null || true \
&& strip --strip-all -p /usr/local/bin/mysqldump-secure 2>/dev/null || true
########################################################################################################################
########################################################################################################################
###
### Stage 2/4: Devilbox slim image (BASE)
###
########################################################################################################################
########################################################################################################################
###
### Copies all cli tools required to run Devilbox and its intranet into a clean image
###
FROM devilbox/php-fpm:5.2-prod as devilbox-slim-base
ARG ARCH
###
### Install tools type: apt
###
RUN set -eux \
&& DEBIAN_FRONTEND=noninteractive apt-get update \
&& DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends --no-install-suggests \
# ---------- type: apt ----------
dnsutils \
iputils-ping \
netcat-openbsd \
sudo \
&& rm -rf /var/lib/apt/lists/*
###
### Copy shared libraries (required by MongoDB, MySQL, PostgreSQL and Redis)
###
COPY --from=devilbox-slim-base-builder /tmp/lib-gnu/ /lib/${ARCH}-linux-gnu/
COPY --from=devilbox-slim-base-builder /tmp/usr-lib-gnu/ /usr/lib/${ARCH}-linux-gnu/
COPY --from=devilbox-slim-base-builder /tmp/usr-lib/ /usr/lib/
###
### Copy system files
###
COPY --from=devilbox-slim-base-builder /etc/group /etc/group
COPY --from=devilbox-slim-base-builder /etc/passwd /etc/passwd
COPY --from=devilbox-slim-base-builder /etc/shadow /etc/shadow
###
### Copy Blackfire
###
COPY --from=devilbox-slim-base-builder /etc/blackfire /etc/blackfire
COPY --from=devilbox-slim-base-builder /etc/default/blackfire-agent /etc/default/blackfire-agent
COPY --from=devilbox-slim-base-builder /usr/bin/blackfire* /usr/bin/
COPY --from=devilbox-slim-base-builder /var/log/blackfire /var/log/blackfire
###
### Copy mhsendmail
###
COPY --from=devilbox-slim-base-builder /usr/local/bin/mhsendmail /usr/local/bin/
###
### Copy MongoDB client (if exists)
###
COPY --from=devilbox-slim-base-builder /tmp/mongo/ /usr/bin/
###
### Copy MysQL Client
###
COPY --from=devilbox-slim-base-builder /usr/bin/mysql* /usr/bin/
###
### Copy mysqldump-secure
###
COPY --from=devilbox-slim-base-builder /usr/local/bin/mysqldump-secure /usr/local/bin/
COPY --from=devilbox-slim-base-builder /etc/mysqldump-secure.conf /etc/
COPY --from=devilbox-slim-base-builder /etc/mysqldump-secure.cnf /etc/
COPY --from=devilbox-slim-base-builder /var/log/mysqldump-secure.log /var/log/
###
### Copy PostgreSQL
###
COPY --from=devilbox-slim-base-builder /usr/lib/postgresql /usr/lib/postgresql
COPY --from=devilbox-slim-base-builder /usr/share/postgresql-common /usr/share/postgresql-common
COPY --from=devilbox-slim-base-builder /usr/share/perl5 /usr/share/perl5
###
### Create PostgreSQL symlinks
###
RUN set -eux \
&& if [ -f "/usr/share/postgresql-common/pg_wrapper" ]; then \
ln -s ../share/postgresql-common/pg_wrapper /usr/bin/clusterdb \
&& ln -s ../share/postgresql-common/pg_wrapper /usr/bin/createdb \
&& ln -s ../share/postgresql-common/pg_wrapper /usr/bin/createlang \
&& ln -s ../share/postgresql-common/pg_wrapper /usr/bin/createuser \
&& ln -s ../share/postgresql-common/pg_wrapper /usr/bin/dropdb \
&& ln -s ../share/postgresql-common/pg_wrapper /usr/bin/droplang \
&& ln -s ../share/postgresql-common/pg_wrapper /usr/bin/dropuser \
&& ln -s ../share/postgresql-common/pg_wrapper /usr/bin/pg_basebackup \
&& ln -s ../share/postgresql-common/pg_wrapper /usr/bin/pg_dump \
&& ln -s ../share/postgresql-common/pg_wrapper /usr/bin/pg_dumpall \
&& ln -s ../share/postgresql-common/pg_wrapper /usr/bin/pg_isready \
&& ln -s ../share/postgresql-common/pg_wrapper /usr/bin/pg_receivewal \
&& ln -s ../share/postgresql-common/pg_wrapper /usr/bin/pg_receivexlog \
&& ln -s ../share/postgresql-common/pg_wrapper /usr/bin/pg_recvlogical \
&& ln -s ../share/postgresql-common/pg_wrapper /usr/bin/pg_restore \
&& ln -s ../share/postgresql-common/pg_wrapper /usr/bin/pgbench \
&& ln -s ../share/postgresql-common/pg_wrapper /usr/bin/psql \
&& ln -s ../share/postgresql-common/pg_wrapper /usr/bin/reindexdb \
&& ln -s ../share/postgresql-common/pg_wrapper /usr/bin/vacuumdb \
&& ln -s ../share/postgresql-common/pg_wrapper /usr/bin/vacuumlo; \
fi
###
### Copy Redis Client
###
COPY --from=devilbox-slim-base-builder /usr/bin/redis* /usr/bin/
###
### Copy SQLite Client
###
COPY --from=devilbox-slim-base-builder /usr/bin/sqlite* /usr/bin/
###
### ADD PHP configuration files
###
COPY ./data/php-ini.d/php-5.2.ini /usr/local/etc/php/conf.d/xxx-devilbox-default-php.ini
COPY ./data/php-fpm.conf/php-fpm-5.2.conf /usr/local/etc/php-fpm.conf
###
### ADD Devilbox configuration files
###
COPY ./data/docker-entrypoint.sh /docker-entrypoint.sh
COPY ./data/docker-entrypoint.d/*.sh /docker-entrypoint.d/
COPY ./data/bash-devilbox /etc/bash-devilbox
COPY ./data/sudo-devilbox /etc/sudoers.d/devilbox
###
### Configure Bash
###
RUN set -eux \
&& { \
echo; \
echo "# [Devilbox] Ensure /usr/local(s)?bin is in PATH"; \
echo 'PATH="${PATH}:/usr/local/bin:/usr/local/sbin"'; \
echo "export PATH"; \
echo; \
echo "# [Devilbox] Source Devilbox main bash config"; \
echo ". /etc/bash-devilbox"; \
echo; \
echo "# [Devilbox] Source Devilbox custom configs"; \
echo "if [ -d /etc/bashrc-devilbox.d/ ]; then"; \
echo " for f in /etc/bashrc-devilbox.d/*.sh ; do"; \
echo " if [ -r \"\${f}\" ]; then"; \
echo " . \"\${f}\""; \
echo " fi"; \
echo " done"; \
echo " unset f"; \
echo "fi"; \
} | tee -a /home/${MY_USER}/.bashrc /root/.bashrc \
&& chown ${MY_USER}:${MY_GROUP} /home/${MY_USER}/.bashrc
########################################################################################################################
########################################################################################################################
###
### Stage 3/4: Devilbox slim image (BASE TEST)
###
########################################################################################################################
########################################################################################################################
###
### Test all Devilbox cli utils if copying was successful
###
FROM devilbox-slim-base as devilbox-slim-base-test
RUN set -eux \
&& mysql --version \
&& redis-cli --version \
&& sqlite3 --version
###
### Check if available tools slim
###
# -------------------- dig --------------------
RUN set -eux \
&& dig -v 2>&1 | grep -E '[0-9]\.[0-9]' \
&& true
# -------------------- netcat --------------------
RUN set -eux \
&& nc -h 2>&1 | grep netcat \
&& true
# -------------------- ping --------------------
RUN set -eux \
&& ping -V | grep ^ping \
&& true
# -------------------- sudo --------------------
RUN set -eux \
&& sudo --version | grep -E 'version [0-9]+\.[0-9]+' \
&& true
# -------------------- blackfire --------------------
RUN set -eux \
&& blackfire version \
&& blackfire-agent -v \
\
&& true
# -------------------- mhsendmail --------------------
RUN set -eux \
&& mhsendmail -h 2>&1 | grep 'Usage' \
&& true
# -------------------- mongo_client --------------------
RUN set -eux \
&& if echo '5.2' | grep -E '^(5.2|5.3|5.4|5.5|5.6|7.0)$' >/dev/null; then \
if [ "$(dpkg-architecture --query DEB_BUILD_ARCH)" = "amd64" ]; then \
mongofiles --version; \
fi \
else \
mongofiles --version; \
fi \
\
&& if echo '5.2' | grep -E '^(5.2|5.3|5.4|5.5)$' >/dev/null; then \
if [ "$(dpkg-architecture --query DEB_BUILD_ARCH)" = "amd64" ]; then \
mongo --version; \
fi \
else \
mongo --version; \
fi \
\
&& true
# -------------------- mysqldumpsecure --------------------
RUN set -eux \
&& mysqldump-secure --version | grep -E 'Version:\s*[0-9][.0-9]+' \
&& true
# -------------------- pgsql_client --------------------
RUN set -eux \
&& if echo '5.2' | grep -E '^(5.2|5.3|5.4|5.5|5.6|7.0)$' >/dev/null; then \
if [ "$(dpkg-architecture --query DEB_BUILD_ARCH)" = "amd64" ]; then \
pg_isready --version; \
fi \
else \
pg_isready --version; \
fi \
\
&& true
###
### Re-activate modules which have been deactivated in mods (for testing).
###
RUN set -eux \
&& if find /usr/local/lib/php/extensions/ -name phalcon.so | grep phalcon; then \
echo "extension=phalcon.so" > /usr/local/etc/php/conf.d/docker-php-ext-phalcon.ini; \
fi \
&& if find /usr/local/lib/php/extensions/ -name psr.so | grep psr; then \
echo "extension=psr.so" > /usr/local/etc/php/conf.d/docker-php-ext-psr.ini; \
fi
###
### Check if PHP still works
###
RUN set -eux \
&& echo "date.timezone=UTC" > /usr/local/etc/php/php.ini \
&& php -v | grep -oE 'PHP\s[.0-9]+' | grep -oE '[.0-9]+' | grep '^5.2' \
&& /usr/local/sbin/php-fpm --test \
\
&& PHP_ERROR="$( php -v 2>&1 1>/dev/null )" \
&& if [ -n "${PHP_ERROR}" ]; then echo "${PHP_ERROR}"; false; fi \
&& PHP_ERROR="$( php -i 2>&1 1>/dev/null )" \
&& if [ -n "${PHP_ERROR}" ]; then echo "${PHP_ERROR}"; false; fi \
\
&& PHP_FPM_ERROR="$( php-fpm -v 2>&1 1>/dev/null )" \
&& if [ -n "${PHP_FPM_ERROR}" ]; then echo "${PHP_FPM_ERROR}"; false; fi \
&& PHP_FPM_ERROR="$( php-fpm -i 2>&1 1>/dev/null )" \
&& if [ -n "${PHP_FPM_ERROR}" ]; then echo "${PHP_FPM_ERROR}"; false; fi \
&& rm -f /usr/local/etc/php/php.ini
########################################################################################################################
########################################################################################################################
###
### Stage 4/4: Devilbox slim image (FINAL)
###
########################################################################################################################
########################################################################################################################
###
### Prepare final base image (STAGE: slim)
###
FROM devilbox-slim-base as slim
MAINTAINER "cytopia" <cytopia@everythingcli.org>
###
### Labels
###
# https://github.com/opencontainers/image-spec/blob/master/annotations.md
#LABEL "org.opencontainers.image.created"=""
#LABEL "org.opencontainers.image.version"=""
#LABEL "org.opencontainers.image.revision"=""
LABEL "maintainer"="cytopia <cytopia@everythingcli.org>"
LABEL "org.opencontainers.image.authors"="cytopia <cytopia@everythingcli.org>"
LABEL "org.opencontainers.image.url"="https://github.com/devilbox/docker-php-fpm"
LABEL "org.opencontainers.image.documentation"="https://github.com/devilbox/docker-php-fpm"
LABEL "org.opencontainers.image.source"="https://github.com/devilbox/docker-php-fpm"
LABEL "org.opencontainers.image.vendor"="devilbox"
LABEL "org.opencontainers.image.licenses"="MIT"
LABEL "org.opencontainers.image.ref.name"="5.2-slim"
LABEL "org.opencontainers.image.title"="PHP-FPM 5.2-slim"
LABEL "org.opencontainers.image.description"="PHP-FPM 5.2-slim"
###
### Volumes
###
VOLUME /shared/backups
VOLUME /var/log/php
VOLUME /var/mail
###
### Ports
###
EXPOSE 9000
###
### Where to start inside the container
###
WORKDIR /shared/httpd
###
### Entrypoint
###
CMD ["/usr/bin/supervisord", "-c", "/etc/supervisor/supervisord.conf"]
ENTRYPOINT ["/docker-entrypoint.sh"]

622
Dockerfiles/slim/Dockerfile-5.3 Normal file
View File

@@ -0,0 +1,622 @@
# vi: ft=dockerfile
# Auto-generated via Ansible: edit ./ansible/DOCKERFILES/Dockerfile-slim.j2 instead.
########################################################################################################################
########################################################################################################################
###
### Stage 1/4: Devilbox slim image (BASE BUILDER)
###
########################################################################################################################
########################################################################################################################
###
### Installs all cli tools required to run Devilbox and its intranet
###
FROM devilbox/php-fpm:5.3-prod as devilbox-slim-base-builder
###
### Install apt Tools
###
RUN set -eux \
&& DEBIAN_FRONTEND=noninteractive apt-get update \
&& DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends --no-install-suggests \
apt-transport-https \
ca-certificates \
curl \
dirmngr \
gnupg
###
### Add apt repositories
###
RUN set -eux \
&& echo 'Acquire::Check-Valid-Until no;' > /etc/apt/apt.conf.d/99no-check-valid-until \
&& echo "deb [trusted=yes] http://archive.debian.org/debian jessie-backports main" > /etc/apt/sources.list.d/backports.list \
&& curl -sS -L --fail "https://packages.blackfire.io/gpg.key" | APT_KEY_DONT_WARN_ON_DANGEROUS_USAGE=1 apt-key add - \
&& echo "deb http://packages.blackfire.io/debian any main" > /etc/apt/sources.list.d/blackfire.list \
&& true
###
### Install build_dep
###
RUN set -eux \
&& DEBIAN_FRONTEND=noninteractive apt-get update \
&& DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends --no-install-suggests \
libsnappy-dev \
&& rm -rf /var/lib/apt/lists/*
###
### Add common tools
###
RUN set -eux \
&& DEBIAN_FRONTEND=noninteractive apt-get update \
&& DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends --no-install-suggests \
file \
git \
mysql-client \
redis-tools \
sqlite3
###
### Install tools type: apt
###
RUN set -eux \
&& DEBIAN_FRONTEND=noninteractive apt-get update \
&& DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends --no-install-suggests \
# ---------- type: apt ----------
dnsutils \
iputils-ping \
netcat-openbsd \
sudo \
&& rm -rf /var/lib/apt/lists/*
###
### Devilbox required cli tools from group_vars (slim.yml)
###
# -------------------- dig --------------------
RUN set -eux \
&& dig -v 2>&1 | grep -E '[0-9]\.[0-9]' \
&& true
# -------------------- netcat --------------------
RUN set -eux \
&& nc -h 2>&1 | grep netcat \
&& true
# -------------------- ping --------------------
RUN set -eux \
&& ping -V | grep ^ping \
&& true
# -------------------- sudo --------------------
RUN set -eux \
&& sudo --version | grep -E 'version [0-9]+\.[0-9]+' \
&& true
# -------------------- blackfire --------------------
RUN set -eux \
&& apt-get update \
\
&& apt-get install -y --no-install-recommends --no-install-suggests \
blackfire-agent \
\
&& rm -rf /var/lib/apt/lists/* \
&& blackfire version \
&& blackfire-agent -v \
\
&& true
# -------------------- mhsendmail --------------------
RUN set -eux \
&& DEB_HOST_ARCH="$( dpkg-architecture --query DEB_HOST_ARCH )" \
&& if [ "${DEB_HOST_ARCH}" = "amd64" ] || [ "${DEB_HOST_ARCH}" = "arm64" ]; then \
MHSENDMAIL_URL="https://github.com/devilbox/mhsendmail/releases/download/v0.3.0/mhsendmail_linux_${DEB_HOST_ARCH}" \
&& curl -sS -L --fail "${MHSENDMAIL_URL}" > /usr/local/bin/mhsendmail \
&& chmod +x /usr/local/bin/mhsendmail; \
else \
printf '%s\n%s\n%s\n' '#!/bin/sh' 'echo "Not available for this platform."' 'exit 1' > /usr/local/bin/mhsendmail \
&& chmod +x /usr/local/bin/mhsendmail; \
fi \
\
&& mhsendmail -h 2>&1 | grep 'Usage' \
&& true
# -------------------- mongo_client --------------------
RUN set -eux \
&& apt-get update \
&& if [ "$(dpkg-architecture --query DEB_BUILD_ARCH)" = "amd64" ]; then \
apt-get install -y --no-install-recommends --no-install-suggests \
mongodb-clients; \
fi \
\
&& rm -rf /var/lib/apt/lists/* \
&& if echo '5.3' | grep -E '^(5.2|5.3|5.4|5.5|5.6|7.0)$' >/dev/null; then \
if [ "$(dpkg-architecture --query DEB_BUILD_ARCH)" = "amd64" ]; then \
mongofiles --version; \
fi \
else \
mongofiles --version; \
fi \
\
&& if echo '5.3' | grep -E '^(5.2|5.3|5.4|5.5)$' >/dev/null; then \
if [ "$(dpkg-architecture --query DEB_BUILD_ARCH)" = "amd64" ]; then \
mongo --version; \
fi \
else \
mongo --version; \
fi \
\
&& true
# -------------------- mysqldumpsecure --------------------
RUN set -eux \
&& git clone https://github.com/cytopia/mysqldump-secure.git /usr/local/src/mysqldump-secure \
&& cd /usr/local/src/mysqldump-secure \
&& git checkout $(git describe --abbrev=0 --tags) \
&& cp /usr/local/src/mysqldump-secure/bin/mysqldump-secure /usr/local/bin \
&& cp /usr/local/src/mysqldump-secure/etc/mysqldump-secure.conf /etc \
&& cp /usr/local/src/mysqldump-secure/etc/mysqldump-secure.cnf /etc \
&& touch /var/log/mysqldump-secure.log \
&& chown ${MY_USER}:${MY_GROUP} /etc/mysqldump-secure.* \
&& chown ${MY_USER}:${MY_GROUP} /var/log/mysqldump-secure.log \
&& chmod 0400 /etc/mysqldump-secure.conf \
&& chmod 0400 /etc/mysqldump-secure.cnf \
&& chmod 0644 /var/log/mysqldump-secure.log \
&& sed -i'' 's/^COMPRESS_ARG=.*/COMPRESS_ARG="-9 -c"/g' /etc/mysqldump-secure.conf \
&& sed -i'' 's/^DUMP_DIR=.*/DUMP_DIR="\/shared\/backups\/mysql"/g' /etc/mysqldump-secure.conf \
&& sed -i'' 's/^DUMP_DIR_CHMOD=.*/DUMP_DIR_CHMOD="0755"/g' /etc/mysqldump-secure.conf \
&& sed -i'' 's/^DUMP_FILE_CHMOD=.*/DUMP_FILE_CHMOD="0644"/g' /etc/mysqldump-secure.conf \
&& sed -i'' 's/^LOG_CHMOD=.*/LOG_CHMOD="0644"/g' /etc/mysqldump-secure.conf \
&& sed -i'' 's/^NAGIOS_LOG=.*/NAGIOS_LOG=0/g' /etc/mysqldump-secure.conf \
&& cd / \
&& rm -rf /usr/local/src/mysqldump-secure \
\
&& mysqldump-secure --version | grep -E 'Version:\s*[0-9][.0-9]+' \
&& true
# -------------------- pgsql_client --------------------
RUN set -eux \
&& if [ "$(dpkg-architecture --query DEB_BUILD_ARCH)" = "amd64" ]; then \
curl -sS -k -L --fail https://www.postgresql.org/media/keys/ACCC4CF8.asc | APT_KEY_DONT_WARN_ON_DANGEROUS_USAGE=1 apt-key add - \
&& echo "deb https://apt-archive.postgresql.org/pub/repos/apt/ jessie-pgdg main" > /etc/apt/sources.list.d/pgsql.list \
&& apt-get update; \
fi \
\
&& if [ "$(dpkg-architecture --query DEB_BUILD_ARCH)" = "amd64" ]; then \
apt-get install -y --no-install-recommends --no-install-suggests \
postgresql-client; \
fi \
\
&& rm -rf /var/lib/apt/lists/* \
&& if echo '5.3' | grep -E '^(5.2|5.3|5.4|5.5|5.6|7.0)$' >/dev/null; then \
if [ "$(dpkg-architecture --query DEB_BUILD_ARCH)" = "amd64" ]; then \
pg_isready --version; \
fi \
else \
pg_isready --version; \
fi \
\
&& true
###
### Prepare required shared libraries for copying (keep symlinks)
###
RUN set -eux \
&& LIB_GNU_DIR="/lib/$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)" \
&& USR_LIB_DIR="/usr/lib" \
&& USR_LIB_GNU_DIR="/usr/lib/$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)" \
\
&& mkdir /tmp/lib-gnu \
&& mkdir /tmp/usr-lib \
&& mkdir /tmp/usr-lib-gnu \
\
&& LIB_GNU="libreadline" \
&& USR_LIB="libsnappy libtcmalloc libv8" \
&& USR_LIB_GNU="liblua libpq libpcrecpp libboost libjemalloc libunwind libhiredis libedit libyaml-cpp libstemmer libsnappy libpcap libbsd liblzf" \
\
&& for lib in ${LIB_GNU}; do \
if ls -1 "${LIB_GNU_DIR}/" | grep "^${lib}" >/dev/null; then \
echo "Coping '${lib}' from: ${LIB_GNU_DIR}"; \
cp -r ${LIB_GNU_DIR}/${lib}* /tmp/lib-gnu/; \
fi \
done \
&& for lib in ${USR_LIB}; do \
if ls -1 "${USR_LIB_DIR}/" | grep "^${lib}" >/dev/null; then \
echo "Coping '${lib}' from: ${USR_LIB_DIR}"; \
cp -r ${USR_LIB_DIR}/${lib}* /tmp/usr-lib/; \
fi \
done \
&& for lib in ${USR_LIB_GNU}; do \
if ls -1 "${USR_LIB_GNU_DIR}/" | grep "^${lib}" >/dev/null; then \
echo "Coping '${lib}' from: ${USR_LIB_GNU_DIR}"; \
cp -r ${USR_LIB_GNU_DIR}/${lib}* /tmp/usr-lib-gnu/; \
fi \
done
###
### Fix expected PostgreSQL directories
###
### This might not exist on arm64 as software was not available,
### but they are still needed to be present, so we can copy them.
###
RUN set -eux \
&& if [ ! -d "/usr/lib/postgresql" ]; then \
mkdir "/usr/lib/postgresql"; \
fi \
&& if [ ! -d "/usr/share/postgresql-common" ]; then \
mkdir "/usr/share/postgresql-common"; \
fi
###
### Prepare MongoDB binaries for copying.
###
### They might not be available on all architectures (e.g.: arm64).
###
RUN set -eux \
&& mkdir /tmp/mongo \
&& if ls -1 "/usr/bin/" | grep "^mongo" >/dev/null; then \
cp -r /usr/bin/mongo* /tmp/mongo/; \
fi
###
### Strip debugging information to smallen filesize
###
RUN set -eux \
&& STRIP_USR_BINS="blackfire mongo mysql redis sqlite" \
&& STRIP_DIRS="/usr/lib/postgresql/ /usr/share/postgresql-common/ /tmp" \
\
&& for bin in ${STRIP_USR_BINS}; do \
( \
find /usr/bin/ -name "${bin}"* -type f -print0 \
| xargs -n1 -0 -P$(getconf _NPROCESSORS_ONLN) sh -c \
'if [ -f "${1}" ]; then echo "Strip: ${1}"; strip --strip-all -p "${1}" 2>/dev/null || true; fi' -- \
) \
done \
\
&& for dir in ${STRIP_DIRS}; do \
( \
find ${dir} -type f -print0 \
| xargs -n1 -0 -P$(getconf _NPROCESSORS_ONLN) sh -c \
'if [ -f "${1}" ]; then echo "Strip: ${1}"; strip --strip-all -p "${1}" 2>/dev/null || true; fi' -- \
) \
done \
\
&& strip --strip-all -p /usr/local/bin/mhsendmail 2>/dev/null || true \
&& strip --strip-all -p /usr/local/bin/mysqldump-secure 2>/dev/null || true
########################################################################################################################
########################################################################################################################
###
### Stage 2/4: Devilbox slim image (BASE)
###
########################################################################################################################
########################################################################################################################
###
### Copies all cli tools required to run Devilbox and its intranet into a clean image
###
FROM devilbox/php-fpm:5.3-prod as devilbox-slim-base
ARG ARCH
###
### Install tools type: apt
###
RUN set -eux \
&& DEBIAN_FRONTEND=noninteractive apt-get update \
&& DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends --no-install-suggests \
# ---------- type: apt ----------
dnsutils \
iputils-ping \
netcat-openbsd \
sudo \
&& rm -rf /var/lib/apt/lists/*
###
### Copy shared libraries (required by MongoDB, MySQL, PostgreSQL and Redis)
###
COPY --from=devilbox-slim-base-builder /tmp/lib-gnu/ /lib/${ARCH}-linux-gnu/
COPY --from=devilbox-slim-base-builder /tmp/usr-lib-gnu/ /usr/lib/${ARCH}-linux-gnu/
COPY --from=devilbox-slim-base-builder /tmp/usr-lib/ /usr/lib/
###
### Copy system files
###
COPY --from=devilbox-slim-base-builder /etc/group /etc/group
COPY --from=devilbox-slim-base-builder /etc/passwd /etc/passwd
COPY --from=devilbox-slim-base-builder /etc/shadow /etc/shadow
###
### Copy Blackfire
###
COPY --from=devilbox-slim-base-builder /etc/blackfire /etc/blackfire
COPY --from=devilbox-slim-base-builder /etc/default/blackfire-agent /etc/default/blackfire-agent
COPY --from=devilbox-slim-base-builder /usr/bin/blackfire* /usr/bin/
COPY --from=devilbox-slim-base-builder /var/log/blackfire /var/log/blackfire
###
### Copy mhsendmail
###
COPY --from=devilbox-slim-base-builder /usr/local/bin/mhsendmail /usr/local/bin/
###
### Copy MongoDB client (if exists)
###
COPY --from=devilbox-slim-base-builder /tmp/mongo/ /usr/bin/
###
### Copy MysQL Client
###
COPY --from=devilbox-slim-base-builder /usr/bin/mysql* /usr/bin/
###
### Copy mysqldump-secure
###
COPY --from=devilbox-slim-base-builder /usr/local/bin/mysqldump-secure /usr/local/bin/
COPY --from=devilbox-slim-base-builder /etc/mysqldump-secure.conf /etc/
COPY --from=devilbox-slim-base-builder /etc/mysqldump-secure.cnf /etc/
COPY --from=devilbox-slim-base-builder /var/log/mysqldump-secure.log /var/log/
###
### Copy PostgreSQL
###
COPY --from=devilbox-slim-base-builder /usr/lib/postgresql /usr/lib/postgresql
COPY --from=devilbox-slim-base-builder /usr/share/postgresql-common /usr/share/postgresql-common
COPY --from=devilbox-slim-base-builder /usr/share/perl5 /usr/share/perl5
###
### Create PostgreSQL symlinks
###
RUN set -eux \
&& if [ -f "/usr/share/postgresql-common/pg_wrapper" ]; then \
ln -s ../share/postgresql-common/pg_wrapper /usr/bin/clusterdb \
&& ln -s ../share/postgresql-common/pg_wrapper /usr/bin/createdb \
&& ln -s ../share/postgresql-common/pg_wrapper /usr/bin/createlang \
&& ln -s ../share/postgresql-common/pg_wrapper /usr/bin/createuser \
&& ln -s ../share/postgresql-common/pg_wrapper /usr/bin/dropdb \
&& ln -s ../share/postgresql-common/pg_wrapper /usr/bin/droplang \
&& ln -s ../share/postgresql-common/pg_wrapper /usr/bin/dropuser \
&& ln -s ../share/postgresql-common/pg_wrapper /usr/bin/pg_basebackup \
&& ln -s ../share/postgresql-common/pg_wrapper /usr/bin/pg_dump \
&& ln -s ../share/postgresql-common/pg_wrapper /usr/bin/pg_dumpall \
&& ln -s ../share/postgresql-common/pg_wrapper /usr/bin/pg_isready \
&& ln -s ../share/postgresql-common/pg_wrapper /usr/bin/pg_receivewal \
&& ln -s ../share/postgresql-common/pg_wrapper /usr/bin/pg_receivexlog \
&& ln -s ../share/postgresql-common/pg_wrapper /usr/bin/pg_recvlogical \
&& ln -s ../share/postgresql-common/pg_wrapper /usr/bin/pg_restore \
&& ln -s ../share/postgresql-common/pg_wrapper /usr/bin/pgbench \
&& ln -s ../share/postgresql-common/pg_wrapper /usr/bin/psql \
&& ln -s ../share/postgresql-common/pg_wrapper /usr/bin/reindexdb \
&& ln -s ../share/postgresql-common/pg_wrapper /usr/bin/vacuumdb \
&& ln -s ../share/postgresql-common/pg_wrapper /usr/bin/vacuumlo; \
fi
###
### Copy Redis Client
###
COPY --from=devilbox-slim-base-builder /usr/bin/redis* /usr/bin/
###
### Copy SQLite Client
###
COPY --from=devilbox-slim-base-builder /usr/bin/sqlite* /usr/bin/
###
### ADD PHP configuration files
###
COPY ./data/php-ini.d/php-5.3.ini /usr/local/etc/php/conf.d/xxx-devilbox-default-php.ini
COPY ./data/php-fpm.conf/php-fpm-5.3.conf /usr/local/etc/php-fpm.conf
###
### ADD Devilbox configuration files
###
COPY ./data/docker-entrypoint.sh /docker-entrypoint.sh
COPY ./data/docker-entrypoint.d/*.sh /docker-entrypoint.d/
COPY ./data/bash-devilbox /etc/bash-devilbox
COPY ./data/sudo-devilbox /etc/sudoers.d/devilbox
###
### Configure Bash
###
RUN set -eux \
&& { \
echo; \
echo "# [Devilbox] Ensure /usr/local(s)?bin is in PATH"; \
echo 'PATH="${PATH}:/usr/local/bin:/usr/local/sbin"'; \
echo "export PATH"; \
echo; \
echo "# [Devilbox] Source Devilbox main bash config"; \
echo ". /etc/bash-devilbox"; \
echo; \
echo "# [Devilbox] Source Devilbox custom configs"; \
echo "if [ -d /etc/bashrc-devilbox.d/ ]; then"; \
echo " for f in /etc/bashrc-devilbox.d/*.sh ; do"; \
echo " if [ -r \"\${f}\" ]; then"; \
echo " . \"\${f}\""; \
echo " fi"; \
echo " done"; \
echo " unset f"; \
echo "fi"; \
} | tee -a /home/${MY_USER}/.bashrc /root/.bashrc \
&& chown ${MY_USER}:${MY_GROUP} /home/${MY_USER}/.bashrc
########################################################################################################################
########################################################################################################################
###
### Stage 3/4: Devilbox slim image (BASE TEST)
###
########################################################################################################################
########################################################################################################################
###
### Test all Devilbox cli utils if copying was successful
###
FROM devilbox-slim-base as devilbox-slim-base-test
RUN set -eux \
&& mysql --version \
&& redis-cli --version \
&& sqlite3 --version
###
### Check if available tools slim
###
# -------------------- dig --------------------
RUN set -eux \
&& dig -v 2>&1 | grep -E '[0-9]\.[0-9]' \
&& true
# -------------------- netcat --------------------
RUN set -eux \
&& nc -h 2>&1 | grep netcat \
&& true
# -------------------- ping --------------------
RUN set -eux \
&& ping -V | grep ^ping \
&& true
# -------------------- sudo --------------------
RUN set -eux \
&& sudo --version | grep -E 'version [0-9]+\.[0-9]+' \
&& true
# -------------------- blackfire --------------------
RUN set -eux \
&& blackfire version \
&& blackfire-agent -v \
\
&& true
# -------------------- mhsendmail --------------------
RUN set -eux \
&& mhsendmail -h 2>&1 | grep 'Usage' \
&& true
# -------------------- mongo_client --------------------
RUN set -eux \
&& if echo '5.3' | grep -E '^(5.2|5.3|5.4|5.5|5.6|7.0)$' >/dev/null; then \
if [ "$(dpkg-architecture --query DEB_BUILD_ARCH)" = "amd64" ]; then \
mongofiles --version; \
fi \
else \
mongofiles --version; \
fi \
\
&& if echo '5.3' | grep -E '^(5.2|5.3|5.4|5.5)$' >/dev/null; then \
if [ "$(dpkg-architecture --query DEB_BUILD_ARCH)" = "amd64" ]; then \
mongo --version; \
fi \
else \
mongo --version; \
fi \
\
&& true
# -------------------- mysqldumpsecure --------------------
RUN set -eux \
&& mysqldump-secure --version | grep -E 'Version:\s*[0-9][.0-9]+' \
&& true
# -------------------- pgsql_client --------------------
RUN set -eux \
&& if echo '5.3' | grep -E '^(5.2|5.3|5.4|5.5|5.6|7.0)$' >/dev/null; then \
if [ "$(dpkg-architecture --query DEB_BUILD_ARCH)" = "amd64" ]; then \
pg_isready --version; \
fi \
else \
pg_isready --version; \
fi \
\
&& true
###
### Re-activate modules which have been deactivated in mods (for testing).
###
RUN set -eux \
&& if find /usr/local/lib/php/extensions/ -name phalcon.so | grep phalcon; then \
echo "extension=phalcon.so" > /usr/local/etc/php/conf.d/docker-php-ext-phalcon.ini; \
fi \
&& if find /usr/local/lib/php/extensions/ -name psr.so | grep psr; then \
echo "extension=psr.so" > /usr/local/etc/php/conf.d/docker-php-ext-psr.ini; \
fi
###
### Check if PHP still works
###
RUN set -eux \
&& echo "date.timezone=UTC" > /usr/local/etc/php/php.ini \
&& php -v | grep -oE 'PHP\s[.0-9]+' | grep -oE '[.0-9]+' | grep '^5.3' \
&& /usr/local/sbin/php-fpm --test \
\
&& PHP_ERROR="$( php -v 2>&1 1>/dev/null )" \
&& if [ -n "${PHP_ERROR}" ]; then echo "${PHP_ERROR}"; false; fi \
&& PHP_ERROR="$( php -i 2>&1 1>/dev/null )" \
&& if [ -n "${PHP_ERROR}" ]; then echo "${PHP_ERROR}"; false; fi \
\
&& PHP_FPM_ERROR="$( php-fpm -v 2>&1 1>/dev/null )" \
&& if [ -n "${PHP_FPM_ERROR}" ]; then echo "${PHP_FPM_ERROR}"; false; fi \
&& PHP_FPM_ERROR="$( php-fpm -i 2>&1 1>/dev/null )" \
&& if [ -n "${PHP_FPM_ERROR}" ]; then echo "${PHP_FPM_ERROR}"; false; fi \
&& rm -f /usr/local/etc/php/php.ini
########################################################################################################################
########################################################################################################################
###
### Stage 4/4: Devilbox slim image (FINAL)
###
########################################################################################################################
########################################################################################################################
###
### Prepare final base image (STAGE: slim)
###
FROM devilbox-slim-base as slim
MAINTAINER "cytopia" <cytopia@everythingcli.org>
###
### Labels
###
# https://github.com/opencontainers/image-spec/blob/master/annotations.md
#LABEL "org.opencontainers.image.created"=""
#LABEL "org.opencontainers.image.version"=""
#LABEL "org.opencontainers.image.revision"=""
LABEL "maintainer"="cytopia <cytopia@everythingcli.org>"
LABEL "org.opencontainers.image.authors"="cytopia <cytopia@everythingcli.org>"
LABEL "org.opencontainers.image.url"="https://github.com/devilbox/docker-php-fpm"
LABEL "org.opencontainers.image.documentation"="https://github.com/devilbox/docker-php-fpm"
LABEL "org.opencontainers.image.source"="https://github.com/devilbox/docker-php-fpm"
LABEL "org.opencontainers.image.vendor"="devilbox"
LABEL "org.opencontainers.image.licenses"="MIT"
LABEL "org.opencontainers.image.ref.name"="5.3-slim"
LABEL "org.opencontainers.image.title"="PHP-FPM 5.3-slim"
LABEL "org.opencontainers.image.description"="PHP-FPM 5.3-slim"
###
### Volumes
###
VOLUME /shared/backups
VOLUME /var/log/php
VOLUME /var/mail
###
### Ports
###
EXPOSE 9000
###
### Where to start inside the container
###
WORKDIR /shared/httpd
###
### Entrypoint
###
CMD ["/usr/bin/supervisord", "-c", "/etc/supervisor/supervisord.conf"]
ENTRYPOINT ["/docker-entrypoint.sh"]

622
Dockerfiles/slim/Dockerfile-5.4 Normal file
View File

@@ -0,0 +1,622 @@
# vi: ft=dockerfile
# Auto-generated via Ansible: edit ./ansible/DOCKERFILES/Dockerfile-slim.j2 instead.
########################################################################################################################
########################################################################################################################
###
### Stage 1/4: Devilbox slim image (BASE BUILDER)
###
########################################################################################################################
########################################################################################################################
###
### Installs all cli tools required to run Devilbox and its intranet
###
FROM devilbox/php-fpm:5.4-prod as devilbox-slim-base-builder
###
### Install apt Tools
###
RUN set -eux \
&& DEBIAN_FRONTEND=noninteractive apt-get update \
&& DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends --no-install-suggests \
apt-transport-https \
ca-certificates \
curl \
dirmngr \
gnupg
###
### Add apt repositories
###
RUN set -eux \
&& echo 'Acquire::Check-Valid-Until no;' > /etc/apt/apt.conf.d/99no-check-valid-until \
&& echo "deb [trusted=yes] http://archive.debian.org/debian jessie-backports main" > /etc/apt/sources.list.d/backports.list \
&& curl -sS -L --fail "https://packages.blackfire.io/gpg.key" | APT_KEY_DONT_WARN_ON_DANGEROUS_USAGE=1 apt-key add - \
&& echo "deb http://packages.blackfire.io/debian any main" > /etc/apt/sources.list.d/blackfire.list \
&& true
###
### Install build_dep
###
RUN set -eux \
&& DEBIAN_FRONTEND=noninteractive apt-get update \
&& DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends --no-install-suggests \
libsnappy-dev \
&& rm -rf /var/lib/apt/lists/*
###
### Add common tools
###
RUN set -eux \
&& DEBIAN_FRONTEND=noninteractive apt-get update \
&& DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends --no-install-suggests \
file \
git \
mysql-client \
redis-tools \
sqlite3
###
### Install tools type: apt
###
RUN set -eux \
&& DEBIAN_FRONTEND=noninteractive apt-get update \
&& DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends --no-install-suggests \
# ---------- type: apt ----------
dnsutils \
iputils-ping \
netcat-openbsd \
sudo \
&& rm -rf /var/lib/apt/lists/*
###
### Devilbox required cli tools from group_vars (slim.yml)
###
# -------------------- dig --------------------
RUN set -eux \
&& dig -v 2>&1 | grep -E '[0-9]\.[0-9]' \
&& true
# -------------------- netcat --------------------
RUN set -eux \
&& nc -h 2>&1 | grep netcat \
&& true
# -------------------- ping --------------------
RUN set -eux \
&& ping -V | grep ^ping \
&& true
# -------------------- sudo --------------------
RUN set -eux \
&& sudo --version | grep -E 'version [0-9]+\.[0-9]+' \
&& true
# -------------------- blackfire --------------------
RUN set -eux \
&& apt-get update \
\
&& apt-get install -y --no-install-recommends --no-install-suggests \
blackfire-agent \
\
&& rm -rf /var/lib/apt/lists/* \
&& blackfire version \
&& blackfire-agent -v \
\
&& true
# -------------------- mhsendmail --------------------
RUN set -eux \
&& DEB_HOST_ARCH="$( dpkg-architecture --query DEB_HOST_ARCH )" \
&& if [ "${DEB_HOST_ARCH}" = "amd64" ] || [ "${DEB_HOST_ARCH}" = "arm64" ]; then \
MHSENDMAIL_URL="https://github.com/devilbox/mhsendmail/releases/download/v0.3.0/mhsendmail_linux_${DEB_HOST_ARCH}" \
&& curl -sS -L --fail "${MHSENDMAIL_URL}" > /usr/local/bin/mhsendmail \
&& chmod +x /usr/local/bin/mhsendmail; \
else \
printf '%s\n%s\n%s\n' '#!/bin/sh' 'echo "Not available for this platform."' 'exit 1' > /usr/local/bin/mhsendmail \
&& chmod +x /usr/local/bin/mhsendmail; \
fi \
\
&& mhsendmail -h 2>&1 | grep 'Usage' \
&& true
# -------------------- mongo_client --------------------
RUN set -eux \
&& apt-get update \
&& if [ "$(dpkg-architecture --query DEB_BUILD_ARCH)" = "amd64" ]; then \
apt-get install -y --no-install-recommends --no-install-suggests \
mongodb-clients; \
fi \
\
&& rm -rf /var/lib/apt/lists/* \
&& if echo '5.4' | grep -E '^(5.2|5.3|5.4|5.5|5.6|7.0)$' >/dev/null; then \
if [ "$(dpkg-architecture --query DEB_BUILD_ARCH)" = "amd64" ]; then \
mongofiles --version; \
fi \
else \
mongofiles --version; \
fi \
\
&& if echo '5.4' | grep -E '^(5.2|5.3|5.4|5.5)$' >/dev/null; then \
if [ "$(dpkg-architecture --query DEB_BUILD_ARCH)" = "amd64" ]; then \
mongo --version; \
fi \
else \
mongo --version; \
fi \
\
&& true
# -------------------- mysqldumpsecure --------------------
RUN set -eux \
&& git clone https://github.com/cytopia/mysqldump-secure.git /usr/local/src/mysqldump-secure \
&& cd /usr/local/src/mysqldump-secure \
&& git checkout $(git describe --abbrev=0 --tags) \
&& cp /usr/local/src/mysqldump-secure/bin/mysqldump-secure /usr/local/bin \
&& cp /usr/local/src/mysqldump-secure/etc/mysqldump-secure.conf /etc \
&& cp /usr/local/src/mysqldump-secure/etc/mysqldump-secure.cnf /etc \
&& touch /var/log/mysqldump-secure.log \
&& chown ${MY_USER}:${MY_GROUP} /etc/mysqldump-secure.* \
&& chown ${MY_USER}:${MY_GROUP} /var/log/mysqldump-secure.log \
&& chmod 0400 /etc/mysqldump-secure.conf \
&& chmod 0400 /etc/mysqldump-secure.cnf \
&& chmod 0644 /var/log/mysqldump-secure.log \
&& sed -i'' 's/^COMPRESS_ARG=.*/COMPRESS_ARG="-9 -c"/g' /etc/mysqldump-secure.conf \
&& sed -i'' 's/^DUMP_DIR=.*/DUMP_DIR="\/shared\/backups\/mysql"/g' /etc/mysqldump-secure.conf \
&& sed -i'' 's/^DUMP_DIR_CHMOD=.*/DUMP_DIR_CHMOD="0755"/g' /etc/mysqldump-secure.conf \
&& sed -i'' 's/^DUMP_FILE_CHMOD=.*/DUMP_FILE_CHMOD="0644"/g' /etc/mysqldump-secure.conf \
&& sed -i'' 's/^LOG_CHMOD=.*/LOG_CHMOD="0644"/g' /etc/mysqldump-secure.conf \
&& sed -i'' 's/^NAGIOS_LOG=.*/NAGIOS_LOG=0/g' /etc/mysqldump-secure.conf \
&& cd / \
&& rm -rf /usr/local/src/mysqldump-secure \
\
&& mysqldump-secure --version | grep -E 'Version:\s*[0-9][.0-9]+' \
&& true
# -------------------- pgsql_client --------------------
RUN set -eux \
&& if [ "$(dpkg-architecture --query DEB_BUILD_ARCH)" = "amd64" ]; then \
curl -sS -k -L --fail https://www.postgresql.org/media/keys/ACCC4CF8.asc | APT_KEY_DONT_WARN_ON_DANGEROUS_USAGE=1 apt-key add - \
&& echo "deb https://apt-archive.postgresql.org/pub/repos/apt/ jessie-pgdg main" > /etc/apt/sources.list.d/pgsql.list \
&& apt-get update; \
fi \
\
&& if [ "$(dpkg-architecture --query DEB_BUILD_ARCH)" = "amd64" ]; then \
apt-get install -y --no-install-recommends --no-install-suggests \
postgresql-client; \
fi \
\
&& rm -rf /var/lib/apt/lists/* \
&& if echo '5.4' | grep -E '^(5.2|5.3|5.4|5.5|5.6|7.0)$' >/dev/null; then \
if [ "$(dpkg-architecture --query DEB_BUILD_ARCH)" = "amd64" ]; then \
pg_isready --version; \
fi \
else \
pg_isready --version; \
fi \
\
&& true
###
### Prepare required shared libraries for copying (keep symlinks)
###
RUN set -eux \
&& LIB_GNU_DIR="/lib/$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)" \
&& USR_LIB_DIR="/usr/lib" \
&& USR_LIB_GNU_DIR="/usr/lib/$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)" \
\
&& mkdir /tmp/lib-gnu \
&& mkdir /tmp/usr-lib \
&& mkdir /tmp/usr-lib-gnu \
\
&& LIB_GNU="libreadline" \
&& USR_LIB="libsnappy libtcmalloc libv8" \
&& USR_LIB_GNU="liblua libpq libpcrecpp libboost libjemalloc libunwind libhiredis libedit libyaml-cpp libstemmer libsnappy libpcap libbsd liblzf" \
\
&& for lib in ${LIB_GNU}; do \
if ls -1 "${LIB_GNU_DIR}/" | grep "^${lib}" >/dev/null; then \
echo "Coping '${lib}' from: ${LIB_GNU_DIR}"; \
cp -r ${LIB_GNU_DIR}/${lib}* /tmp/lib-gnu/; \
fi \
done \
&& for lib in ${USR_LIB}; do \
if ls -1 "${USR_LIB_DIR}/" | grep "^${lib}" >/dev/null; then \
echo "Coping '${lib}' from: ${USR_LIB_DIR}"; \
cp -r ${USR_LIB_DIR}/${lib}* /tmp/usr-lib/; \
fi \
done \
&& for lib in ${USR_LIB_GNU}; do \
if ls -1 "${USR_LIB_GNU_DIR}/" | grep "^${lib}" >/dev/null; then \
echo "Coping '${lib}' from: ${USR_LIB_GNU_DIR}"; \
cp -r ${USR_LIB_GNU_DIR}/${lib}* /tmp/usr-lib-gnu/; \
fi \
done
###
### Fix expected PostgreSQL directories
###
### This might not exist on arm64 as software was not available,
### but they are still needed to be present, so we can copy them.
###
RUN set -eux \
&& if [ ! -d "/usr/lib/postgresql" ]; then \
mkdir "/usr/lib/postgresql"; \
fi \
&& if [ ! -d "/usr/share/postgresql-common" ]; then \
mkdir "/usr/share/postgresql-common"; \
fi
###
### Prepare MongoDB binaries for copying.
###
### They might not be available on all architectures (e.g.: arm64).
###
RUN set -eux \
&& mkdir /tmp/mongo \
&& if ls -1 "/usr/bin/" | grep "^mongo" >/dev/null; then \
cp -r /usr/bin/mongo* /tmp/mongo/; \
fi
###
### Strip debugging information to smallen filesize
###
RUN set -eux \
&& STRIP_USR_BINS="blackfire mongo mysql redis sqlite" \
&& STRIP_DIRS="/usr/lib/postgresql/ /usr/share/postgresql-common/ /tmp" \
\
&& for bin in ${STRIP_USR_BINS}; do \
( \
find /usr/bin/ -name "${bin}"* -type f -print0 \
| xargs -n1 -0 -P$(getconf _NPROCESSORS_ONLN) sh -c \
'if [ -f "${1}" ]; then echo "Strip: ${1}"; strip --strip-all -p "${1}" 2>/dev/null || true; fi' -- \
) \
done \
\
&& for dir in ${STRIP_DIRS}; do \
( \
find ${dir} -type f -print0 \
| xargs -n1 -0 -P$(getconf _NPROCESSORS_ONLN) sh -c \
'if [ -f "${1}" ]; then echo "Strip: ${1}"; strip --strip-all -p "${1}" 2>/dev/null || true; fi' -- \
) \
done \
\
&& strip --strip-all -p /usr/local/bin/mhsendmail 2>/dev/null || true \
&& strip --strip-all -p /usr/local/bin/mysqldump-secure 2>/dev/null || true
########################################################################################################################
########################################################################################################################
###
### Stage 2/4: Devilbox slim image (BASE)
###
########################################################################################################################
########################################################################################################################
###
### Copies all cli tools required to run Devilbox and its intranet into a clean image
###
FROM devilbox/php-fpm:5.4-prod as devilbox-slim-base
ARG ARCH
###
### Install tools type: apt
###
RUN set -eux \
&& DEBIAN_FRONTEND=noninteractive apt-get update \
&& DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends --no-install-suggests \
# ---------- type: apt ----------
dnsutils \
iputils-ping \
netcat-openbsd \
sudo \
&& rm -rf /var/lib/apt/lists/*
###
### Copy shared libraries (required by MongoDB, MySQL, PostgreSQL and Redis)
###
COPY --from=devilbox-slim-base-builder /tmp/lib-gnu/ /lib/${ARCH}-linux-gnu/
COPY --from=devilbox-slim-base-builder /tmp/usr-lib-gnu/ /usr/lib/${ARCH}-linux-gnu/
COPY --from=devilbox-slim-base-builder /tmp/usr-lib/ /usr/lib/
###
### Copy system files
###
COPY --from=devilbox-slim-base-builder /etc/group /etc/group
COPY --from=devilbox-slim-base-builder /etc/passwd /etc/passwd
COPY --from=devilbox-slim-base-builder /etc/shadow /etc/shadow
###
### Copy Blackfire
###
COPY --from=devilbox-slim-base-builder /etc/blackfire /etc/blackfire
COPY --from=devilbox-slim-base-builder /etc/default/blackfire-agent /etc/default/blackfire-agent
COPY --from=devilbox-slim-base-builder /usr/bin/blackfire* /usr/bin/
COPY --from=devilbox-slim-base-builder /var/log/blackfire /var/log/blackfire
###
### Copy mhsendmail
###
COPY --from=devilbox-slim-base-builder /usr/local/bin/mhsendmail /usr/local/bin/
###
### Copy MongoDB client (if exists)
###
COPY --from=devilbox-slim-base-builder /tmp/mongo/ /usr/bin/
###
### Copy MysQL Client
###
COPY --from=devilbox-slim-base-builder /usr/bin/mysql* /usr/bin/
###
### Copy mysqldump-secure
###
COPY --from=devilbox-slim-base-builder /usr/local/bin/mysqldump-secure /usr/local/bin/
COPY --from=devilbox-slim-base-builder /etc/mysqldump-secure.conf /etc/
COPY --from=devilbox-slim-base-builder /etc/mysqldump-secure.cnf /etc/
COPY --from=devilbox-slim-base-builder /var/log/mysqldump-secure.log /var/log/
###
### Copy PostgreSQL
###
COPY --from=devilbox-slim-base-builder /usr/lib/postgresql /usr/lib/postgresql
COPY --from=devilbox-slim-base-builder /usr/share/postgresql-common /usr/share/postgresql-common
COPY --from=devilbox-slim-base-builder /usr/share/perl5 /usr/share/perl5
###
### Create PostgreSQL symlinks
###
RUN set -eux \
&& if [ -f "/usr/share/postgresql-common/pg_wrapper" ]; then \
ln -s ../share/postgresql-common/pg_wrapper /usr/bin/clusterdb \
&& ln -s ../share/postgresql-common/pg_wrapper /usr/bin/createdb \
&& ln -s ../share/postgresql-common/pg_wrapper /usr/bin/createlang \
&& ln -s ../share/postgresql-common/pg_wrapper /usr/bin/createuser \
&& ln -s ../share/postgresql-common/pg_wrapper /usr/bin/dropdb \
&& ln -s ../share/postgresql-common/pg_wrapper /usr/bin/droplang \
&& ln -s ../share/postgresql-common/pg_wrapper /usr/bin/dropuser \
&& ln -s ../share/postgresql-common/pg_wrapper /usr/bin/pg_basebackup \
&& ln -s ../share/postgresql-common/pg_wrapper /usr/bin/pg_dump \
&& ln -s ../share/postgresql-common/pg_wrapper /usr/bin/pg_dumpall \
&& ln -s ../share/postgresql-common/pg_wrapper /usr/bin/pg_isready \
&& ln -s ../share/postgresql-common/pg_wrapper /usr/bin/pg_receivewal \
&& ln -s ../share/postgresql-common/pg_wrapper /usr/bin/pg_receivexlog \
&& ln -s ../share/postgresql-common/pg_wrapper /usr/bin/pg_recvlogical \
&& ln -s ../share/postgresql-common/pg_wrapper /usr/bin/pg_restore \
&& ln -s ../share/postgresql-common/pg_wrapper /usr/bin/pgbench \
&& ln -s ../share/postgresql-common/pg_wrapper /usr/bin/psql \
&& ln -s ../share/postgresql-common/pg_wrapper /usr/bin/reindexdb \
&& ln -s ../share/postgresql-common/pg_wrapper /usr/bin/vacuumdb \
&& ln -s ../share/postgresql-common/pg_wrapper /usr/bin/vacuumlo; \
fi
###
### Copy Redis Client
###
COPY --from=devilbox-slim-base-builder /usr/bin/redis* /usr/bin/
###
### Copy SQLite Client
###
COPY --from=devilbox-slim-base-builder /usr/bin/sqlite* /usr/bin/
###
### ADD PHP configuration files
###
COPY ./data/php-ini.d/php-5.4.ini /usr/local/etc/php/conf.d/xxx-devilbox-default-php.ini
COPY ./data/php-fpm.conf/php-fpm-5.4.conf /usr/local/etc/php-fpm.conf
###
### ADD Devilbox configuration files
###
COPY ./data/docker-entrypoint.sh /docker-entrypoint.sh
COPY ./data/docker-entrypoint.d/*.sh /docker-entrypoint.d/
COPY ./data/bash-devilbox /etc/bash-devilbox
COPY ./data/sudo-devilbox /etc/sudoers.d/devilbox
###
### Configure Bash
###
RUN set -eux \
&& { \
echo; \
echo "# [Devilbox] Ensure /usr/local(s)?bin is in PATH"; \
echo 'PATH="${PATH}:/usr/local/bin:/usr/local/sbin"'; \
echo "export PATH"; \
echo; \
echo "# [Devilbox] Source Devilbox main bash config"; \
echo ". /etc/bash-devilbox"; \
echo; \
echo "# [Devilbox] Source Devilbox custom configs"; \
echo "if [ -d /etc/bashrc-devilbox.d/ ]; then"; \
echo " for f in /etc/bashrc-devilbox.d/*.sh ; do"; \
echo " if [ -r \"\${f}\" ]; then"; \
echo " . \"\${f}\""; \
echo " fi"; \
echo " done"; \
echo " unset f"; \
echo "fi"; \
} | tee -a /home/${MY_USER}/.bashrc /root/.bashrc \
&& chown ${MY_USER}:${MY_GROUP} /home/${MY_USER}/.bashrc
########################################################################################################################
########################################################################################################################
###
### Stage 3/4: Devilbox slim image (BASE TEST)
###
########################################################################################################################
########################################################################################################################
###
### Test all Devilbox cli utils if copying was successful
###
FROM devilbox-slim-base as devilbox-slim-base-test
RUN set -eux \
&& mysql --version \
&& redis-cli --version \
&& sqlite3 --version
###
### Check if available tools slim
###
# -------------------- dig --------------------
RUN set -eux \
&& dig -v 2>&1 | grep -E '[0-9]\.[0-9]' \
&& true
# -------------------- netcat --------------------
RUN set -eux \
&& nc -h 2>&1 | grep netcat \
&& true
# -------------------- ping --------------------
RUN set -eux \
&& ping -V | grep ^ping \
&& true
# -------------------- sudo --------------------
RUN set -eux \
&& sudo --version | grep -E 'version [0-9]+\.[0-9]+' \
&& true
# -------------------- blackfire --------------------
RUN set -eux \
&& blackfire version \
&& blackfire-agent -v \
\
&& true
# -------------------- mhsendmail --------------------
RUN set -eux \
&& mhsendmail -h 2>&1 | grep 'Usage' \
&& true
# -------------------- mongo_client --------------------
RUN set -eux \
&& if echo '5.4' | grep -E '^(5.2|5.3|5.4|5.5|5.6|7.0)$' >/dev/null; then \
if [ "$(dpkg-architecture --query DEB_BUILD_ARCH)" = "amd64" ]; then \
mongofiles --version; \
fi \
else \
mongofiles --version; \
fi \
\
&& if echo '5.4' | grep -E '^(5.2|5.3|5.4|5.5)$' >/dev/null; then \
if [ "$(dpkg-architecture --query DEB_BUILD_ARCH)" = "amd64" ]; then \
mongo --version; \
fi \
else \
mongo --version; \
fi \
\
&& true
# -------------------- mysqldumpsecure --------------------
RUN set -eux \
&& mysqldump-secure --version | grep -E 'Version:\s*[0-9][.0-9]+' \
&& true
# -------------------- pgsql_client --------------------
RUN set -eux \
&& if echo '5.4' | grep -E '^(5.2|5.3|5.4|5.5|5.6|7.0)$' >/dev/null; then \
if [ "$(dpkg-architecture --query DEB_BUILD_ARCH)" = "amd64" ]; then \
pg_isready --version; \
fi \
else \
pg_isready --version; \
fi \
\
&& true
###
### Re-activate modules which have been deactivated in mods (for testing).
###
RUN set -eux \
&& if find /usr/local/lib/php/extensions/ -name phalcon.so | grep phalcon; then \
echo "extension=phalcon.so" > /usr/local/etc/php/conf.d/docker-php-ext-phalcon.ini; \
fi \
&& if find /usr/local/lib/php/extensions/ -name psr.so | grep psr; then \
echo "extension=psr.so" > /usr/local/etc/php/conf.d/docker-php-ext-psr.ini; \
fi
###
### Check if PHP still works
###
RUN set -eux \
&& echo "date.timezone=UTC" > /usr/local/etc/php/php.ini \
&& php -v | grep -oE 'PHP\s[.0-9]+' | grep -oE '[.0-9]+' | grep '^5.4' \
&& /usr/local/sbin/php-fpm --test \
\
&& PHP_ERROR="$( php -v 2>&1 1>/dev/null )" \
&& if [ -n "${PHP_ERROR}" ]; then echo "${PHP_ERROR}"; false; fi \
&& PHP_ERROR="$( php -i 2>&1 1>/dev/null )" \
&& if [ -n "${PHP_ERROR}" ]; then echo "${PHP_ERROR}"; false; fi \
\
&& PHP_FPM_ERROR="$( php-fpm -v 2>&1 1>/dev/null )" \
&& if [ -n "${PHP_FPM_ERROR}" ]; then echo "${PHP_FPM_ERROR}"; false; fi \
&& PHP_FPM_ERROR="$( php-fpm -i 2>&1 1>/dev/null )" \
&& if [ -n "${PHP_FPM_ERROR}" ]; then echo "${PHP_FPM_ERROR}"; false; fi \
&& rm -f /usr/local/etc/php/php.ini
########################################################################################################################
########################################################################################################################
###
### Stage 4/4: Devilbox slim image (FINAL)
###
########################################################################################################################
########################################################################################################################
###
### Prepare final base image (STAGE: slim)
###
FROM devilbox-slim-base as slim
MAINTAINER "cytopia" <cytopia@everythingcli.org>
###
### Labels
###
# https://github.com/opencontainers/image-spec/blob/master/annotations.md
#LABEL "org.opencontainers.image.created"=""
#LABEL "org.opencontainers.image.version"=""
#LABEL "org.opencontainers.image.revision"=""
LABEL "maintainer"="cytopia <cytopia@everythingcli.org>"
LABEL "org.opencontainers.image.authors"="cytopia <cytopia@everythingcli.org>"
LABEL "org.opencontainers.image.url"="https://github.com/devilbox/docker-php-fpm"
LABEL "org.opencontainers.image.documentation"="https://github.com/devilbox/docker-php-fpm"
LABEL "org.opencontainers.image.source"="https://github.com/devilbox/docker-php-fpm"
LABEL "org.opencontainers.image.vendor"="devilbox"
LABEL "org.opencontainers.image.licenses"="MIT"
LABEL "org.opencontainers.image.ref.name"="5.4-slim"
LABEL "org.opencontainers.image.title"="PHP-FPM 5.4-slim"
LABEL "org.opencontainers.image.description"="PHP-FPM 5.4-slim"
###
### Volumes
###
VOLUME /shared/backups
VOLUME /var/log/php
VOLUME /var/mail
###
### Ports
###
EXPOSE 9000
###
### Where to start inside the container
###
WORKDIR /shared/httpd
###
### Entrypoint
###
CMD ["/usr/bin/supervisord", "-c", "/etc/supervisor/supervisord.conf"]
ENTRYPOINT ["/docker-entrypoint.sh"]

622
Dockerfiles/slim/Dockerfile-5.5 Normal file
View File

@@ -0,0 +1,622 @@
# vi: ft=dockerfile
# Auto-generated via Ansible: edit ./ansible/DOCKERFILES/Dockerfile-slim.j2 instead.
########################################################################################################################
########################################################################################################################
###
### Stage 1/4: Devilbox slim image (BASE BUILDER)
###
########################################################################################################################
########################################################################################################################
###
### Installs all cli tools required to run Devilbox and its intranet
###
FROM devilbox/php-fpm:5.5-prod as devilbox-slim-base-builder
###
### Install apt Tools
###
RUN set -eux \
&& DEBIAN_FRONTEND=noninteractive apt-get update \
&& DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends --no-install-suggests \
apt-transport-https \
ca-certificates \
curl \
dirmngr \
gnupg
###
### Add apt repositories
###
RUN set -eux \
&& echo 'Acquire::Check-Valid-Until no;' > /etc/apt/apt.conf.d/99no-check-valid-until \
&& echo "deb [trusted=yes] http://archive.debian.org/debian jessie-backports main" > /etc/apt/sources.list.d/backports.list \
&& curl -sS -L --fail "https://packages.blackfire.io/gpg.key" | APT_KEY_DONT_WARN_ON_DANGEROUS_USAGE=1 apt-key add - \
&& echo "deb http://packages.blackfire.io/debian any main" > /etc/apt/sources.list.d/blackfire.list \
&& true
###
### Install build_dep
###
RUN set -eux \
&& DEBIAN_FRONTEND=noninteractive apt-get update \
&& DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends --no-install-suggests \
libsnappy-dev \
&& rm -rf /var/lib/apt/lists/*
###
### Add common tools
###
RUN set -eux \
&& DEBIAN_FRONTEND=noninteractive apt-get update \
&& DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends --no-install-suggests \
file \
git \
mysql-client \
redis-tools \
sqlite3
###
### Install tools type: apt
###
RUN set -eux \
&& DEBIAN_FRONTEND=noninteractive apt-get update \
&& DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends --no-install-suggests \
# ---------- type: apt ----------
dnsutils \
iputils-ping \
netcat-openbsd \
sudo \
&& rm -rf /var/lib/apt/lists/*
###
### Devilbox required cli tools from group_vars (slim.yml)
###
# -------------------- dig --------------------
RUN set -eux \
&& dig -v 2>&1 | grep -E '[0-9]\.[0-9]' \
&& true
# -------------------- netcat --------------------
RUN set -eux \
&& nc -h 2>&1 | grep netcat \
&& true
# -------------------- ping --------------------
RUN set -eux \
&& ping -V | grep ^ping \
&& true
# -------------------- sudo --------------------
RUN set -eux \
&& sudo --version | grep -E 'version [0-9]+\.[0-9]+' \
&& true
# -------------------- blackfire --------------------
RUN set -eux \
&& apt-get update \
\
&& apt-get install -y --no-install-recommends --no-install-suggests \
blackfire-agent \
\
&& rm -rf /var/lib/apt/lists/* \
&& blackfire version \
&& blackfire-agent -v \
\
&& true
# -------------------- mhsendmail --------------------
RUN set -eux \
&& DEB_HOST_ARCH="$( dpkg-architecture --query DEB_HOST_ARCH )" \
&& if [ "${DEB_HOST_ARCH}" = "amd64" ] || [ "${DEB_HOST_ARCH}" = "arm64" ]; then \
MHSENDMAIL_URL="https://github.com/devilbox/mhsendmail/releases/download/v0.3.0/mhsendmail_linux_${DEB_HOST_ARCH}" \
&& curl -sS -L --fail "${MHSENDMAIL_URL}" > /usr/local/bin/mhsendmail \
&& chmod +x /usr/local/bin/mhsendmail; \
else \
printf '%s\n%s\n%s\n' '#!/bin/sh' 'echo "Not available for this platform."' 'exit 1' > /usr/local/bin/mhsendmail \
&& chmod +x /usr/local/bin/mhsendmail; \
fi \
\
&& mhsendmail -h 2>&1 | grep 'Usage' \
&& true
# -------------------- mongo_client --------------------
RUN set -eux \
&& apt-get update \
&& if [ "$(dpkg-architecture --query DEB_BUILD_ARCH)" = "amd64" ]; then \
apt-get install -y --no-install-recommends --no-install-suggests \
mongodb-clients; \
fi \
\
&& rm -rf /var/lib/apt/lists/* \
&& if echo '5.5' | grep -E '^(5.2|5.3|5.4|5.5|5.6|7.0)$' >/dev/null; then \
if [ "$(dpkg-architecture --query DEB_BUILD_ARCH)" = "amd64" ]; then \
mongofiles --version; \
fi \
else \
mongofiles --version; \
fi \
\
&& if echo '5.5' | grep -E '^(5.2|5.3|5.4|5.5)$' >/dev/null; then \
if [ "$(dpkg-architecture --query DEB_BUILD_ARCH)" = "amd64" ]; then \
mongo --version; \
fi \
else \
mongo --version; \
fi \
\
&& true
# -------------------- mysqldumpsecure --------------------
RUN set -eux \
&& git clone https://github.com/cytopia/mysqldump-secure.git /usr/local/src/mysqldump-secure \
&& cd /usr/local/src/mysqldump-secure \
&& git checkout $(git describe --abbrev=0 --tags) \
&& cp /usr/local/src/mysqldump-secure/bin/mysqldump-secure /usr/local/bin \
&& cp /usr/local/src/mysqldump-secure/etc/mysqldump-secure.conf /etc \
&& cp /usr/local/src/mysqldump-secure/etc/mysqldump-secure.cnf /etc \
&& touch /var/log/mysqldump-secure.log \
&& chown ${MY_USER}:${MY_GROUP} /etc/mysqldump-secure.* \
&& chown ${MY_USER}:${MY_GROUP} /var/log/mysqldump-secure.log \
&& chmod 0400 /etc/mysqldump-secure.conf \
&& chmod 0400 /etc/mysqldump-secure.cnf \
&& chmod 0644 /var/log/mysqldump-secure.log \
&& sed -i'' 's/^COMPRESS_ARG=.*/COMPRESS_ARG="-9 -c"/g' /etc/mysqldump-secure.conf \
&& sed -i'' 's/^DUMP_DIR=.*/DUMP_DIR="\/shared\/backups\/mysql"/g' /etc/mysqldump-secure.conf \
&& sed -i'' 's/^DUMP_DIR_CHMOD=.*/DUMP_DIR_CHMOD="0755"/g' /etc/mysqldump-secure.conf \
&& sed -i'' 's/^DUMP_FILE_CHMOD=.*/DUMP_FILE_CHMOD="0644"/g' /etc/mysqldump-secure.conf \
&& sed -i'' 's/^LOG_CHMOD=.*/LOG_CHMOD="0644"/g' /etc/mysqldump-secure.conf \
&& sed -i'' 's/^NAGIOS_LOG=.*/NAGIOS_LOG=0/g' /etc/mysqldump-secure.conf \
&& cd / \
&& rm -rf /usr/local/src/mysqldump-secure \
\
&& mysqldump-secure --version | grep -E 'Version:\s*[0-9][.0-9]+' \
&& true
# -------------------- pgsql_client --------------------
RUN set -eux \
&& if [ "$(dpkg-architecture --query DEB_BUILD_ARCH)" = "amd64" ]; then \
curl -sS -k -L --fail https://www.postgresql.org/media/keys/ACCC4CF8.asc | APT_KEY_DONT_WARN_ON_DANGEROUS_USAGE=1 apt-key add - \
&& echo "deb https://apt-archive.postgresql.org/pub/repos/apt/ jessie-pgdg main" > /etc/apt/sources.list.d/pgsql.list \
&& apt-get update; \
fi \
\
&& if [ "$(dpkg-architecture --query DEB_BUILD_ARCH)" = "amd64" ]; then \
apt-get install -y --no-install-recommends --no-install-suggests \
postgresql-client; \
fi \
\
&& rm -rf /var/lib/apt/lists/* \
&& if echo '5.5' | grep -E '^(5.2|5.3|5.4|5.5|5.6|7.0)$' >/dev/null; then \
if [ "$(dpkg-architecture --query DEB_BUILD_ARCH)" = "amd64" ]; then \
pg_isready --version; \
fi \
else \
pg_isready --version; \
fi \
\
&& true
###
### Prepare required shared libraries for copying (keep symlinks)
###
RUN set -eux \
&& LIB_GNU_DIR="/lib/$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)" \
&& USR_LIB_DIR="/usr/lib" \
&& USR_LIB_GNU_DIR="/usr/lib/$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)" \
\
&& mkdir /tmp/lib-gnu \
&& mkdir /tmp/usr-lib \
&& mkdir /tmp/usr-lib-gnu \
\
&& LIB_GNU="libreadline" \
&& USR_LIB="libsnappy libtcmalloc libv8" \
&& USR_LIB_GNU="liblua libpq libpcrecpp libboost libjemalloc libunwind libhiredis libedit libyaml-cpp libstemmer libsnappy libpcap libbsd liblzf" \
\
&& for lib in ${LIB_GNU}; do \
if ls -1 "${LIB_GNU_DIR}/" | grep "^${lib}" >/dev/null; then \
echo "Coping '${lib}' from: ${LIB_GNU_DIR}"; \
cp -r ${LIB_GNU_DIR}/${lib}* /tmp/lib-gnu/; \
fi \
done \
&& for lib in ${USR_LIB}; do \
if ls -1 "${USR_LIB_DIR}/" | grep "^${lib}" >/dev/null; then \
echo "Coping '${lib}' from: ${USR_LIB_DIR}"; \
cp -r ${USR_LIB_DIR}/${lib}* /tmp/usr-lib/; \
fi \
done \
&& for lib in ${USR_LIB_GNU}; do \
if ls -1 "${USR_LIB_GNU_DIR}/" | grep "^${lib}" >/dev/null; then \
echo "Coping '${lib}' from: ${USR_LIB_GNU_DIR}"; \
cp -r ${USR_LIB_GNU_DIR}/${lib}* /tmp/usr-lib-gnu/; \
fi \
done
###
### Fix expected PostgreSQL directories
###
### This might not exist on arm64 as software was not available,
### but they are still needed to be present, so we can copy them.
###
RUN set -eux \
&& if [ ! -d "/usr/lib/postgresql" ]; then \
mkdir "/usr/lib/postgresql"; \
fi \
&& if [ ! -d "/usr/share/postgresql-common" ]; then \
mkdir "/usr/share/postgresql-common"; \
fi
###
### Prepare MongoDB binaries for copying.
###
### They might not be available on all architectures (e.g.: arm64).
###
RUN set -eux \
&& mkdir /tmp/mongo \
&& if ls -1 "/usr/bin/" | grep "^mongo" >/dev/null; then \
cp -r /usr/bin/mongo* /tmp/mongo/; \
fi
###
### Strip debugging information to smallen filesize
###
RUN set -eux \
&& STRIP_USR_BINS="blackfire mongo mysql redis sqlite" \
&& STRIP_DIRS="/usr/lib/postgresql/ /usr/share/postgresql-common/ /tmp" \
\
&& for bin in ${STRIP_USR_BINS}; do \
( \
find /usr/bin/ -name "${bin}"* -type f -print0 \
| xargs -n1 -0 -P$(getconf _NPROCESSORS_ONLN) sh -c \
'if [ -f "${1}" ]; then echo "Strip: ${1}"; strip --strip-all -p "${1}" 2>/dev/null || true; fi' -- \
) \
done \
\
&& for dir in ${STRIP_DIRS}; do \
( \
find ${dir} -type f -print0 \
| xargs -n1 -0 -P$(getconf _NPROCESSORS_ONLN) sh -c \
'if [ -f "${1}" ]; then echo "Strip: ${1}"; strip --strip-all -p "${1}" 2>/dev/null || true; fi' -- \
) \
done \
\
&& strip --strip-all -p /usr/local/bin/mhsendmail 2>/dev/null || true \
&& strip --strip-all -p /usr/local/bin/mysqldump-secure 2>/dev/null || true
########################################################################################################################
########################################################################################################################
###
### Stage 2/4: Devilbox slim image (BASE)
###
########################################################################################################################
########################################################################################################################
###
### Copies all cli tools required to run Devilbox and its intranet into a clean image
###
FROM devilbox/php-fpm:5.5-prod as devilbox-slim-base
ARG ARCH
###
### Install tools type: apt
###
RUN set -eux \
&& DEBIAN_FRONTEND=noninteractive apt-get update \
&& DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends --no-install-suggests \
# ---------- type: apt ----------
dnsutils \
iputils-ping \
netcat-openbsd \
sudo \
&& rm -rf /var/lib/apt/lists/*
###
### Copy shared libraries (required by MongoDB, MySQL, PostgreSQL and Redis)
###
COPY --from=devilbox-slim-base-builder /tmp/lib-gnu/ /lib/${ARCH}-linux-gnu/
COPY --from=devilbox-slim-base-builder /tmp/usr-lib-gnu/ /usr/lib/${ARCH}-linux-gnu/
COPY --from=devilbox-slim-base-builder /tmp/usr-lib/ /usr/lib/
###
### Copy system files
###
COPY --from=devilbox-slim-base-builder /etc/group /etc/group
COPY --from=devilbox-slim-base-builder /etc/passwd /etc/passwd
COPY --from=devilbox-slim-base-builder /etc/shadow /etc/shadow
###
### Copy Blackfire
###
COPY --from=devilbox-slim-base-builder /etc/blackfire /etc/blackfire
COPY --from=devilbox-slim-base-builder /etc/default/blackfire-agent /etc/default/blackfire-agent
COPY --from=devilbox-slim-base-builder /usr/bin/blackfire* /usr/bin/
COPY --from=devilbox-slim-base-builder /var/log/blackfire /var/log/blackfire
###
### Copy mhsendmail
###
COPY --from=devilbox-slim-base-builder /usr/local/bin/mhsendmail /usr/local/bin/
###
### Copy MongoDB client (if exists)
###
COPY --from=devilbox-slim-base-builder /tmp/mongo/ /usr/bin/
###
### Copy MysQL Client
###
COPY --from=devilbox-slim-base-builder /usr/bin/mysql* /usr/bin/
###
### Copy mysqldump-secure
###
COPY --from=devilbox-slim-base-builder /usr/local/bin/mysqldump-secure /usr/local/bin/
COPY --from=devilbox-slim-base-builder /etc/mysqldump-secure.conf /etc/
COPY --from=devilbox-slim-base-builder /etc/mysqldump-secure.cnf /etc/
COPY --from=devilbox-slim-base-builder /var/log/mysqldump-secure.log /var/log/
###
### Copy PostgreSQL
###
COPY --from=devilbox-slim-base-builder /usr/lib/postgresql /usr/lib/postgresql
COPY --from=devilbox-slim-base-builder /usr/share/postgresql-common /usr/share/postgresql-common
COPY --from=devilbox-slim-base-builder /usr/share/perl5 /usr/share/perl5
###
### Create PostgreSQL symlinks
###
RUN set -eux \
&& if [ -f "/usr/share/postgresql-common/pg_wrapper" ]; then \
ln -s ../share/postgresql-common/pg_wrapper /usr/bin/clusterdb \
&& ln -s ../share/postgresql-common/pg_wrapper /usr/bin/createdb \
&& ln -s ../share/postgresql-common/pg_wrapper /usr/bin/createlang \
&& ln -s ../share/postgresql-common/pg_wrapper /usr/bin/createuser \
&& ln -s ../share/postgresql-common/pg_wrapper /usr/bin/dropdb \
&& ln -s ../share/postgresql-common/pg_wrapper /usr/bin/droplang \
&& ln -s ../share/postgresql-common/pg_wrapper /usr/bin/dropuser \
&& ln -s ../share/postgresql-common/pg_wrapper /usr/bin/pg_basebackup \
&& ln -s ../share/postgresql-common/pg_wrapper /usr/bin/pg_dump \
&& ln -s ../share/postgresql-common/pg_wrapper /usr/bin/pg_dumpall \
&& ln -s ../share/postgresql-common/pg_wrapper /usr/bin/pg_isready \
&& ln -s ../share/postgresql-common/pg_wrapper /usr/bin/pg_receivewal \
&& ln -s ../share/postgresql-common/pg_wrapper /usr/bin/pg_receivexlog \
&& ln -s ../share/postgresql-common/pg_wrapper /usr/bin/pg_recvlogical \
&& ln -s ../share/postgresql-common/pg_wrapper /usr/bin/pg_restore \
&& ln -s ../share/postgresql-common/pg_wrapper /usr/bin/pgbench \
&& ln -s ../share/postgresql-common/pg_wrapper /usr/bin/psql \
&& ln -s ../share/postgresql-common/pg_wrapper /usr/bin/reindexdb \
&& ln -s ../share/postgresql-common/pg_wrapper /usr/bin/vacuumdb \
&& ln -s ../share/postgresql-common/pg_wrapper /usr/bin/vacuumlo; \
fi
###
### Copy Redis Client
###
COPY --from=devilbox-slim-base-builder /usr/bin/redis* /usr/bin/
###
### Copy SQLite Client
###
COPY --from=devilbox-slim-base-builder /usr/bin/sqlite* /usr/bin/
###
### ADD PHP configuration files
###
COPY ./data/php-ini.d/php-5.5.ini /usr/local/etc/php/conf.d/xxx-devilbox-default-php.ini
COPY ./data/php-fpm.conf/php-fpm-5.5.conf /usr/local/etc/php-fpm.conf
###
### ADD Devilbox configuration files
###
COPY ./data/docker-entrypoint.sh /docker-entrypoint.sh
COPY ./data/docker-entrypoint.d/*.sh /docker-entrypoint.d/
COPY ./data/bash-devilbox /etc/bash-devilbox
COPY ./data/sudo-devilbox /etc/sudoers.d/devilbox
###
### Configure Bash
###
RUN set -eux \
&& { \
echo; \
echo "# [Devilbox] Ensure /usr/local(s)?bin is in PATH"; \
echo 'PATH="${PATH}:/usr/local/bin:/usr/local/sbin"'; \
echo "export PATH"; \
echo; \
echo "# [Devilbox] Source Devilbox main bash config"; \
echo ". /etc/bash-devilbox"; \
echo; \
echo "# [Devilbox] Source Devilbox custom configs"; \
echo "if [ -d /etc/bashrc-devilbox.d/ ]; then"; \
echo " for f in /etc/bashrc-devilbox.d/*.sh ; do"; \
echo " if [ -r \"\${f}\" ]; then"; \
echo " . \"\${f}\""; \
echo " fi"; \
echo " done"; \
echo " unset f"; \
echo "fi"; \
} | tee -a /home/${MY_USER}/.bashrc /root/.bashrc \
&& chown ${MY_USER}:${MY_GROUP} /home/${MY_USER}/.bashrc
########################################################################################################################
########################################################################################################################
###
### Stage 3/4: Devilbox slim image (BASE TEST)
###
########################################################################################################################
########################################################################################################################
###
### Test all Devilbox cli utils if copying was successful
###
FROM devilbox-slim-base as devilbox-slim-base-test
RUN set -eux \
&& mysql --version \
&& redis-cli --version \
&& sqlite3 --version
###
### Check if available tools slim
###
# -------------------- dig --------------------
RUN set -eux \
&& dig -v 2>&1 | grep -E '[0-9]\.[0-9]' \
&& true
# -------------------- netcat --------------------
RUN set -eux \
&& nc -h 2>&1 | grep netcat \
&& true
# -------------------- ping --------------------
RUN set -eux \
&& ping -V | grep ^ping \
&& true
# -------------------- sudo --------------------
RUN set -eux \
&& sudo --version | grep -E 'version [0-9]+\.[0-9]+' \
&& true
# -------------------- blackfire --------------------
RUN set -eux \
&& blackfire version \
&& blackfire-agent -v \
\
&& true
# -------------------- mhsendmail --------------------
RUN set -eux \
&& mhsendmail -h 2>&1 | grep 'Usage' \
&& true
# -------------------- mongo_client --------------------
RUN set -eux \
&& if echo '5.5' | grep -E '^(5.2|5.3|5.4|5.5|5.6|7.0)$' >/dev/null; then \
if [ "$(dpkg-architecture --query DEB_BUILD_ARCH)" = "amd64" ]; then \
mongofiles --version; \
fi \
else \
mongofiles --version; \
fi \
\
&& if echo '5.5' | grep -E '^(5.2|5.3|5.4|5.5)$' >/dev/null; then \
if [ "$(dpkg-architecture --query DEB_BUILD_ARCH)" = "amd64" ]; then \
mongo --version; \
fi \
else \
mongo --version; \
fi \
\
&& true
# -------------------- mysqldumpsecure --------------------
RUN set -eux \
&& mysqldump-secure --version | grep -E 'Version:\s*[0-9][.0-9]+' \
&& true
# -------------------- pgsql_client --------------------
RUN set -eux \
&& if echo '5.5' | grep -E '^(5.2|5.3|5.4|5.5|5.6|7.0)$' >/dev/null; then \
if [ "$(dpkg-architecture --query DEB_BUILD_ARCH)" = "amd64" ]; then \
pg_isready --version; \
fi \
else \
pg_isready --version; \
fi \
\
&& true
###
### Re-activate modules which have been deactivated in mods (for testing).
###
RUN set -eux \
&& if find /usr/local/lib/php/extensions/ -name phalcon.so | grep phalcon; then \
echo "extension=phalcon.so" > /usr/local/etc/php/conf.d/docker-php-ext-phalcon.ini; \
fi \
&& if find /usr/local/lib/php/extensions/ -name psr.so | grep psr; then \
echo "extension=psr.so" > /usr/local/etc/php/conf.d/docker-php-ext-psr.ini; \
fi
###
### Check if PHP still works
###
RUN set -eux \
&& echo "date.timezone=UTC" > /usr/local/etc/php/php.ini \
&& php -v | grep -oE 'PHP\s[.0-9]+' | grep -oE '[.0-9]+' | grep '^5.5' \
&& /usr/local/sbin/php-fpm --test \
\
&& PHP_ERROR="$( php -v 2>&1 1>/dev/null )" \
&& if [ -n "${PHP_ERROR}" ]; then echo "${PHP_ERROR}"; false; fi \
&& PHP_ERROR="$( php -i 2>&1 1>/dev/null )" \
&& if [ -n "${PHP_ERROR}" ]; then echo "${PHP_ERROR}"; false; fi \
\
&& PHP_FPM_ERROR="$( php-fpm -v 2>&1 1>/dev/null )" \
&& if [ -n "${PHP_FPM_ERROR}" ]; then echo "${PHP_FPM_ERROR}"; false; fi \
&& PHP_FPM_ERROR="$( php-fpm -i 2>&1 1>/dev/null )" \
&& if [ -n "${PHP_FPM_ERROR}" ]; then echo "${PHP_FPM_ERROR}"; false; fi \
&& rm -f /usr/local/etc/php/php.ini
########################################################################################################################
########################################################################################################################
###
### Stage 4/4: Devilbox slim image (FINAL)
###
########################################################################################################################
########################################################################################################################
###
### Prepare final base image (STAGE: slim)
###
FROM devilbox-slim-base as slim
MAINTAINER "cytopia" <cytopia@everythingcli.org>
###
### Labels
###
# https://github.com/opencontainers/image-spec/blob/master/annotations.md
#LABEL "org.opencontainers.image.created"=""
#LABEL "org.opencontainers.image.version"=""
#LABEL "org.opencontainers.image.revision"=""
LABEL "maintainer"="cytopia <cytopia@everythingcli.org>"
LABEL "org.opencontainers.image.authors"="cytopia <cytopia@everythingcli.org>"
LABEL "org.opencontainers.image.url"="https://github.com/devilbox/docker-php-fpm"
LABEL "org.opencontainers.image.documentation"="https://github.com/devilbox/docker-php-fpm"
LABEL "org.opencontainers.image.source"="https://github.com/devilbox/docker-php-fpm"
LABEL "org.opencontainers.image.vendor"="devilbox"
LABEL "org.opencontainers.image.licenses"="MIT"
LABEL "org.opencontainers.image.ref.name"="5.5-slim"
LABEL "org.opencontainers.image.title"="PHP-FPM 5.5-slim"
LABEL "org.opencontainers.image.description"="PHP-FPM 5.5-slim"
###
### Volumes
###
VOLUME /shared/backups
VOLUME /var/log/php
VOLUME /var/mail
###
### Ports
###
EXPOSE 9000
###
### Where to start inside the container
###
WORKDIR /shared/httpd
###
### Entrypoint
###
CMD ["/usr/bin/supervisord", "-c", "/etc/supervisor/supervisord.conf"]
ENTRYPOINT ["/docker-entrypoint.sh"]

626
Dockerfiles/slim/Dockerfile-5.6 Normal file
View File

@@ -0,0 +1,626 @@
# vi: ft=dockerfile
# Auto-generated via Ansible: edit ./ansible/DOCKERFILES/Dockerfile-slim.j2 instead.
########################################################################################################################
########################################################################################################################
###
### Stage 1/4: Devilbox slim image (BASE BUILDER)
###
########################################################################################################################
########################################################################################################################
###
### Installs all cli tools required to run Devilbox and its intranet
###
FROM devilbox/php-fpm:5.6-prod as devilbox-slim-base-builder
###
### Install apt Tools
###
RUN set -eux \
&& DEBIAN_FRONTEND=noninteractive apt-get update \
&& DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends --no-install-suggests \
apt-transport-https \
ca-certificates \
curl \
dirmngr \
gnupg
###
### Add apt repositories
###
RUN set -eux \
&& apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 648ACFD622F3D138 \
&& echo "deb http://ftp.debian.org/debian stretch-backports main" > /etc/apt/sources.list.d/backports.list \
&& curl -sS -L --fail "https://packages.blackfire.io/gpg.key" | APT_KEY_DONT_WARN_ON_DANGEROUS_USAGE=1 apt-key add - \
&& echo "deb http://packages.blackfire.io/debian any main" > /etc/apt/sources.list.d/blackfire.list \
&& true
###
### Install build_dep
###
RUN set -eux \
&& DEBIAN_FRONTEND=noninteractive apt-get update \
&& DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends --no-install-suggests \
libsnappy-dev \
&& rm -rf /var/lib/apt/lists/*
###
### Add common tools
###
RUN set -eux \
&& DEBIAN_FRONTEND=noninteractive apt-get update \
&& DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends --no-install-suggests \
file \
git \
mysql-client \
redis-tools \
sqlite3
###
### Install tools type: apt
###
RUN set -eux \
&& DEBIAN_FRONTEND=noninteractive apt-get update \
&& DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends --no-install-suggests \
# ---------- type: apt ----------
dnsutils \
iputils-ping \
netcat-openbsd \
sudo \
&& rm -rf /var/lib/apt/lists/*
###
### Devilbox required cli tools from group_vars (slim.yml)
###
# -------------------- dig --------------------
RUN set -eux \
&& dig -v 2>&1 | grep -E '[0-9]\.[0-9]' \
&& true
# -------------------- netcat --------------------
RUN set -eux \
&& nc -h 2>&1 | grep netcat \
&& true
# -------------------- ping --------------------
RUN set -eux \
&& ping -V | grep ^ping \
&& true
# -------------------- sudo --------------------
RUN set -eux \
&& sudo --version | grep -E 'version [0-9]+\.[0-9]+' \
&& true
# -------------------- blackfire --------------------
RUN set -eux \
&& apt-get update \
\
&& apt-get install -y --no-install-recommends --no-install-suggests \
blackfire-agent \
\
&& rm -rf /var/lib/apt/lists/* \
&& blackfire version \
&& blackfire-agent -v \
\
&& true
# -------------------- mhsendmail --------------------
RUN set -eux \
&& DEB_HOST_ARCH="$( dpkg-architecture --query DEB_HOST_ARCH )" \
&& if [ "${DEB_HOST_ARCH}" = "amd64" ] || [ "${DEB_HOST_ARCH}" = "arm64" ]; then \
MHSENDMAIL_URL="https://github.com/devilbox/mhsendmail/releases/download/v0.3.0/mhsendmail_linux_${DEB_HOST_ARCH}" \
&& curl -sS -L --fail "${MHSENDMAIL_URL}" > /usr/local/bin/mhsendmail \
&& chmod +x /usr/local/bin/mhsendmail; \
else \
printf '%s\n%s\n%s\n' '#!/bin/sh' 'echo "Not available for this platform."' 'exit 1' > /usr/local/bin/mhsendmail \
&& chmod +x /usr/local/bin/mhsendmail; \
fi \
\
&& mhsendmail -h 2>&1 | grep 'Usage' \
&& true
# -------------------- mongo_client --------------------
RUN set -eux \
&& apt-get update \
&& if [ "$(dpkg-architecture --query DEB_BUILD_ARCH)" = "amd64" ]; then \
apt-get install -y --no-install-recommends --no-install-suggests \
mongodb-clients \
mongo-tools; \
else \
apt-get install -y --no-install-recommends --no-install-suggests \
mongodb-clients; \
fi \
\
&& rm -rf /var/lib/apt/lists/* \
&& if echo '5.6' | grep -E '^(5.2|5.3|5.4|5.5|5.6|7.0)$' >/dev/null; then \
if [ "$(dpkg-architecture --query DEB_BUILD_ARCH)" = "amd64" ]; then \
mongofiles --version; \
fi \
else \
mongofiles --version; \
fi \
\
&& if echo '5.6' | grep -E '^(5.2|5.3|5.4|5.5)$' >/dev/null; then \
if [ "$(dpkg-architecture --query DEB_BUILD_ARCH)" = "amd64" ]; then \
mongo --version; \
fi \
else \
mongo --version; \
fi \
\
&& true
# -------------------- mysqldumpsecure --------------------
RUN set -eux \
&& git clone https://github.com/cytopia/mysqldump-secure.git /usr/local/src/mysqldump-secure \
&& cd /usr/local/src/mysqldump-secure \
&& git checkout $(git describe --abbrev=0 --tags) \
&& cp /usr/local/src/mysqldump-secure/bin/mysqldump-secure /usr/local/bin \
&& cp /usr/local/src/mysqldump-secure/etc/mysqldump-secure.conf /etc \
&& cp /usr/local/src/mysqldump-secure/etc/mysqldump-secure.cnf /etc \
&& touch /var/log/mysqldump-secure.log \
&& chown ${MY_USER}:${MY_GROUP} /etc/mysqldump-secure.* \
&& chown ${MY_USER}:${MY_GROUP} /var/log/mysqldump-secure.log \
&& chmod 0400 /etc/mysqldump-secure.conf \
&& chmod 0400 /etc/mysqldump-secure.cnf \
&& chmod 0644 /var/log/mysqldump-secure.log \
&& sed -i'' 's/^COMPRESS_ARG=.*/COMPRESS_ARG="-9 -c"/g' /etc/mysqldump-secure.conf \
&& sed -i'' 's/^DUMP_DIR=.*/DUMP_DIR="\/shared\/backups\/mysql"/g' /etc/mysqldump-secure.conf \
&& sed -i'' 's/^DUMP_DIR_CHMOD=.*/DUMP_DIR_CHMOD="0755"/g' /etc/mysqldump-secure.conf \
&& sed -i'' 's/^DUMP_FILE_CHMOD=.*/DUMP_FILE_CHMOD="0644"/g' /etc/mysqldump-secure.conf \
&& sed -i'' 's/^LOG_CHMOD=.*/LOG_CHMOD="0644"/g' /etc/mysqldump-secure.conf \
&& sed -i'' 's/^NAGIOS_LOG=.*/NAGIOS_LOG=0/g' /etc/mysqldump-secure.conf \
&& cd / \
&& rm -rf /usr/local/src/mysqldump-secure \
\
&& mysqldump-secure --version | grep -E 'Version:\s*[0-9][.0-9]+' \
&& true
# -------------------- pgsql_client --------------------
RUN set -eux \
&& if [ "$(dpkg-architecture --query DEB_BUILD_ARCH)" = "amd64" ]; then \
curl -sS -k -L --fail https://www.postgresql.org/media/keys/ACCC4CF8.asc | APT_KEY_DONT_WARN_ON_DANGEROUS_USAGE=1 apt-key add - \
&& echo "deb https://apt-archive.postgresql.org/pub/repos/apt/ stretch-pgdg main" > /etc/apt/sources.list.d/pgsql.list \
&& apt-get update; \
fi \
\
&& if [ "$(dpkg-architecture --query DEB_BUILD_ARCH)" = "amd64" ]; then \
apt-get install -y --no-install-recommends --no-install-suggests \
postgresql-client; \
fi \
\
&& rm -rf /var/lib/apt/lists/* \
&& if echo '5.6' | grep -E '^(5.2|5.3|5.4|5.5|5.6|7.0)$' >/dev/null; then \
if [ "$(dpkg-architecture --query DEB_BUILD_ARCH)" = "amd64" ]; then \
pg_isready --version; \
fi \
else \
pg_isready --version; \
fi \
\
&& true
###
### Prepare required shared libraries for copying (keep symlinks)
###
RUN set -eux \
&& LIB_GNU_DIR="/lib/$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)" \
&& USR_LIB_DIR="/usr/lib" \
&& USR_LIB_GNU_DIR="/usr/lib/$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)" \
\
&& mkdir /tmp/lib-gnu \
&& mkdir /tmp/usr-lib \
&& mkdir /tmp/usr-lib-gnu \
\
&& LIB_GNU="libreadline" \
&& USR_LIB="libsnappy libtcmalloc libv8" \
&& USR_LIB_GNU="liblua libpq libpcrecpp libboost libjemalloc libunwind libhiredis libedit libyaml-cpp libstemmer libsnappy libpcap libbsd liblzf" \
\
&& for lib in ${LIB_GNU}; do \
if ls -1 "${LIB_GNU_DIR}/" | grep "^${lib}" >/dev/null; then \
echo "Coping '${lib}' from: ${LIB_GNU_DIR}"; \
cp -r ${LIB_GNU_DIR}/${lib}* /tmp/lib-gnu/; \
fi \
done \
&& for lib in ${USR_LIB}; do \
if ls -1 "${USR_LIB_DIR}/" | grep "^${lib}" >/dev/null; then \
echo "Coping '${lib}' from: ${USR_LIB_DIR}"; \
cp -r ${USR_LIB_DIR}/${lib}* /tmp/usr-lib/; \
fi \
done \
&& for lib in ${USR_LIB_GNU}; do \
if ls -1 "${USR_LIB_GNU_DIR}/" | grep "^${lib}" >/dev/null; then \
echo "Coping '${lib}' from: ${USR_LIB_GNU_DIR}"; \
cp -r ${USR_LIB_GNU_DIR}/${lib}* /tmp/usr-lib-gnu/; \
fi \
done
###
### Fix expected PostgreSQL directories
###
### This might not exist on arm64 as software was not available,
### but they are still needed to be present, so we can copy them.
###
RUN set -eux \
&& if [ ! -d "/usr/lib/postgresql" ]; then \
mkdir "/usr/lib/postgresql"; \
fi \
&& if [ ! -d "/usr/share/postgresql-common" ]; then \
mkdir "/usr/share/postgresql-common"; \
fi
###
### Prepare MongoDB binaries for copying.
###
### They might not be available on all architectures (e.g.: arm64).
###
RUN set -eux \
&& mkdir /tmp/mongo \
&& if ls -1 "/usr/bin/" | grep "^mongo" >/dev/null; then \
cp -r /usr/bin/mongo* /tmp/mongo/; \
fi
###
### Strip debugging information to smallen filesize
###
RUN set -eux \
&& STRIP_USR_BINS="blackfire mongo mysql redis sqlite" \
&& STRIP_DIRS="/usr/lib/postgresql/ /usr/share/postgresql-common/ /tmp" \
\
&& for bin in ${STRIP_USR_BINS}; do \
( \
find /usr/bin/ -name "${bin}"* -type f -print0 \
| xargs -n1 -0 -P$(getconf _NPROCESSORS_ONLN) sh -c \
'if [ -f "${1}" ]; then echo "Strip: ${1}"; strip --strip-all -p "${1}" 2>/dev/null || true; fi' -- \
) \
done \
\
&& for dir in ${STRIP_DIRS}; do \
( \
find ${dir} -type f -print0 \
| xargs -n1 -0 -P$(getconf _NPROCESSORS_ONLN) sh -c \
'if [ -f "${1}" ]; then echo "Strip: ${1}"; strip --strip-all -p "${1}" 2>/dev/null || true; fi' -- \
) \
done \
\
&& strip --strip-all -p /usr/local/bin/mhsendmail 2>/dev/null || true \
&& strip --strip-all -p /usr/local/bin/mysqldump-secure 2>/dev/null || true
########################################################################################################################
########################################################################################################################
###
### Stage 2/4: Devilbox slim image (BASE)
###
########################################################################################################################
########################################################################################################################
###
### Copies all cli tools required to run Devilbox and its intranet into a clean image
###
FROM devilbox/php-fpm:5.6-prod as devilbox-slim-base
ARG ARCH
###
### Install tools type: apt
###
RUN set -eux \
&& DEBIAN_FRONTEND=noninteractive apt-get update \
&& DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends --no-install-suggests \
# ---------- type: apt ----------
dnsutils \
iputils-ping \
netcat-openbsd \
sudo \
&& rm -rf /var/lib/apt/lists/*
###
### Copy shared libraries (required by MongoDB, MySQL, PostgreSQL and Redis)
###
COPY --from=devilbox-slim-base-builder /tmp/lib-gnu/ /lib/${ARCH}-linux-gnu/
COPY --from=devilbox-slim-base-builder /tmp/usr-lib-gnu/ /usr/lib/${ARCH}-linux-gnu/
COPY --from=devilbox-slim-base-builder /tmp/usr-lib/ /usr/lib/
###
### Copy system files
###
COPY --from=devilbox-slim-base-builder /etc/group /etc/group
COPY --from=devilbox-slim-base-builder /etc/passwd /etc/passwd
COPY --from=devilbox-slim-base-builder /etc/shadow /etc/shadow
###
### Copy Blackfire
###
COPY --from=devilbox-slim-base-builder /etc/blackfire /etc/blackfire
COPY --from=devilbox-slim-base-builder /etc/default/blackfire-agent /etc/default/blackfire-agent
COPY --from=devilbox-slim-base-builder /usr/bin/blackfire* /usr/bin/
COPY --from=devilbox-slim-base-builder /var/log/blackfire /var/log/blackfire
###
### Copy mhsendmail
###
COPY --from=devilbox-slim-base-builder /usr/local/bin/mhsendmail /usr/local/bin/
###
### Copy MongoDB client (if exists)
###
COPY --from=devilbox-slim-base-builder /tmp/mongo/ /usr/bin/
###
### Copy MysQL Client
###
COPY --from=devilbox-slim-base-builder /usr/bin/mysql* /usr/bin/
###
### Copy mysqldump-secure
###
COPY --from=devilbox-slim-base-builder /usr/local/bin/mysqldump-secure /usr/local/bin/
COPY --from=devilbox-slim-base-builder /etc/mysqldump-secure.conf /etc/
COPY --from=devilbox-slim-base-builder /etc/mysqldump-secure.cnf /etc/
COPY --from=devilbox-slim-base-builder /var/log/mysqldump-secure.log /var/log/
###
### Copy PostgreSQL
###
COPY --from=devilbox-slim-base-builder /usr/lib/postgresql /usr/lib/postgresql
COPY --from=devilbox-slim-base-builder /usr/share/postgresql-common /usr/share/postgresql-common
COPY --from=devilbox-slim-base-builder /usr/share/perl5 /usr/share/perl5
###
### Create PostgreSQL symlinks
###
RUN set -eux \
&& if [ -f "/usr/share/postgresql-common/pg_wrapper" ]; then \
ln -s ../share/postgresql-common/pg_wrapper /usr/bin/clusterdb \
&& ln -s ../share/postgresql-common/pg_wrapper /usr/bin/createdb \
&& ln -s ../share/postgresql-common/pg_wrapper /usr/bin/createlang \
&& ln -s ../share/postgresql-common/pg_wrapper /usr/bin/createuser \
&& ln -s ../share/postgresql-common/pg_wrapper /usr/bin/dropdb \
&& ln -s ../share/postgresql-common/pg_wrapper /usr/bin/droplang \
&& ln -s ../share/postgresql-common/pg_wrapper /usr/bin/dropuser \
&& ln -s ../share/postgresql-common/pg_wrapper /usr/bin/pg_basebackup \
&& ln -s ../share/postgresql-common/pg_wrapper /usr/bin/pg_dump \
&& ln -s ../share/postgresql-common/pg_wrapper /usr/bin/pg_dumpall \
&& ln -s ../share/postgresql-common/pg_wrapper /usr/bin/pg_isready \
&& ln -s ../share/postgresql-common/pg_wrapper /usr/bin/pg_receivewal \
&& ln -s ../share/postgresql-common/pg_wrapper /usr/bin/pg_receivexlog \
&& ln -s ../share/postgresql-common/pg_wrapper /usr/bin/pg_recvlogical \
&& ln -s ../share/postgresql-common/pg_wrapper /usr/bin/pg_restore \
&& ln -s ../share/postgresql-common/pg_wrapper /usr/bin/pgbench \
&& ln -s ../share/postgresql-common/pg_wrapper /usr/bin/psql \
&& ln -s ../share/postgresql-common/pg_wrapper /usr/bin/reindexdb \
&& ln -s ../share/postgresql-common/pg_wrapper /usr/bin/vacuumdb \
&& ln -s ../share/postgresql-common/pg_wrapper /usr/bin/vacuumlo; \
fi
###
### Copy Redis Client
###
COPY --from=devilbox-slim-base-builder /usr/bin/redis* /usr/bin/
###
### Copy SQLite Client
###
COPY --from=devilbox-slim-base-builder /usr/bin/sqlite* /usr/bin/
###
### ADD PHP configuration files
###
COPY ./data/php-ini.d/php-5.6.ini /usr/local/etc/php/conf.d/xxx-devilbox-default-php.ini
COPY ./data/php-fpm.conf/php-fpm-5.6.conf /usr/local/etc/php-fpm.conf
###
### ADD Devilbox configuration files
###
COPY ./data/docker-entrypoint.sh /docker-entrypoint.sh
COPY ./data/docker-entrypoint.d/*.sh /docker-entrypoint.d/
COPY ./data/bash-devilbox /etc/bash-devilbox
COPY ./data/sudo-devilbox /etc/sudoers.d/devilbox
###
### Configure Bash
###
RUN set -eux \
&& { \
echo; \
echo "# [Devilbox] Ensure /usr/local(s)?bin is in PATH"; \
echo 'PATH="${PATH}:/usr/local/bin:/usr/local/sbin"'; \
echo "export PATH"; \
echo; \
echo "# [Devilbox] Source Devilbox main bash config"; \
echo ". /etc/bash-devilbox"; \
echo; \
echo "# [Devilbox] Source Devilbox custom configs"; \
echo "if [ -d /etc/bashrc-devilbox.d/ ]; then"; \
echo " for f in /etc/bashrc-devilbox.d/*.sh ; do"; \
echo " if [ -r \"\${f}\" ]; then"; \
echo " . \"\${f}\""; \
echo " fi"; \
echo " done"; \
echo " unset f"; \
echo "fi"; \
} | tee -a /home/${MY_USER}/.bashrc /root/.bashrc \
&& chown ${MY_USER}:${MY_GROUP} /home/${MY_USER}/.bashrc
########################################################################################################################
########################################################################################################################
###
### Stage 3/4: Devilbox slim image (BASE TEST)
###
########################################################################################################################
########################################################################################################################
###
### Test all Devilbox cli utils if copying was successful
###
FROM devilbox-slim-base as devilbox-slim-base-test
RUN set -eux \
&& mysql --version \
&& redis-cli --version \
&& sqlite3 --version
###
### Check if available tools slim
###
# -------------------- dig --------------------
RUN set -eux \
&& dig -v 2>&1 | grep -E '[0-9]\.[0-9]' \
&& true
# -------------------- netcat --------------------
RUN set -eux \
&& nc -h 2>&1 | grep netcat \
&& true
# -------------------- ping --------------------
RUN set -eux \
&& ping -V | grep ^ping \
&& true
# -------------------- sudo --------------------
RUN set -eux \
&& sudo --version | grep -E 'version [0-9]+\.[0-9]+' \
&& true
# -------------------- blackfire --------------------
RUN set -eux \
&& blackfire version \
&& blackfire-agent -v \
\
&& true
# -------------------- mhsendmail --------------------
RUN set -eux \
&& mhsendmail -h 2>&1 | grep 'Usage' \
&& true
# -------------------- mongo_client --------------------
RUN set -eux \
&& if echo '5.6' | grep -E '^(5.2|5.3|5.4|5.5|5.6|7.0)$' >/dev/null; then \
if [ "$(dpkg-architecture --query DEB_BUILD_ARCH)" = "amd64" ]; then \
mongofiles --version; \
fi \
else \
mongofiles --version; \
fi \
\
&& if echo '5.6' | grep -E '^(5.2|5.3|5.4|5.5)$' >/dev/null; then \
if [ "$(dpkg-architecture --query DEB_BUILD_ARCH)" = "amd64" ]; then \
mongo --version; \
fi \
else \
mongo --version; \
fi \
\
&& true
# -------------------- mysqldumpsecure --------------------
RUN set -eux \
&& mysqldump-secure --version | grep -E 'Version:\s*[0-9][.0-9]+' \
&& true
# -------------------- pgsql_client --------------------
RUN set -eux \
&& if echo '5.6' | grep -E '^(5.2|5.3|5.4|5.5|5.6|7.0)$' >/dev/null; then \
if [ "$(dpkg-architecture --query DEB_BUILD_ARCH)" = "amd64" ]; then \
pg_isready --version; \
fi \
else \
pg_isready --version; \
fi \
\
&& true
###
### Re-activate modules which have been deactivated in mods (for testing).
###
RUN set -eux \
&& if find /usr/local/lib/php/extensions/ -name phalcon.so | grep phalcon; then \
echo "extension=phalcon.so" > /usr/local/etc/php/conf.d/docker-php-ext-phalcon.ini; \
fi \
&& if find /usr/local/lib/php/extensions/ -name psr.so | grep psr; then \
echo "extension=psr.so" > /usr/local/etc/php/conf.d/docker-php-ext-psr.ini; \
fi
###
### Check if PHP still works
###
RUN set -eux \
&& echo "date.timezone=UTC" > /usr/local/etc/php/php.ini \
&& php -v | grep -oE 'PHP\s[.0-9]+' | grep -oE '[.0-9]+' | grep '^5.6' \
&& /usr/local/sbin/php-fpm --test \
\
&& PHP_ERROR="$( php -v 2>&1 1>/dev/null )" \
&& if [ -n "${PHP_ERROR}" ]; then echo "${PHP_ERROR}"; false; fi \
&& PHP_ERROR="$( php -i 2>&1 1>/dev/null )" \
&& if [ -n "${PHP_ERROR}" ]; then echo "${PHP_ERROR}"; false; fi \
\
&& PHP_FPM_ERROR="$( php-fpm -v 2>&1 1>/dev/null )" \
&& if [ -n "${PHP_FPM_ERROR}" ]; then echo "${PHP_FPM_ERROR}"; false; fi \
&& PHP_FPM_ERROR="$( php-fpm -i 2>&1 1>/dev/null )" \
&& if [ -n "${PHP_FPM_ERROR}" ]; then echo "${PHP_FPM_ERROR}"; false; fi \
&& rm -f /usr/local/etc/php/php.ini
########################################################################################################################
########################################################################################################################
###
### Stage 4/4: Devilbox slim image (FINAL)
###
########################################################################################################################
########################################################################################################################
###
### Prepare final base image (STAGE: slim)
###
FROM devilbox-slim-base as slim
MAINTAINER "cytopia" <cytopia@everythingcli.org>
###
### Labels
###
# https://github.com/opencontainers/image-spec/blob/master/annotations.md
#LABEL "org.opencontainers.image.created"=""
#LABEL "org.opencontainers.image.version"=""
#LABEL "org.opencontainers.image.revision"=""
LABEL "maintainer"="cytopia <cytopia@everythingcli.org>"
LABEL "org.opencontainers.image.authors"="cytopia <cytopia@everythingcli.org>"
LABEL "org.opencontainers.image.url"="https://github.com/devilbox/docker-php-fpm"
LABEL "org.opencontainers.image.documentation"="https://github.com/devilbox/docker-php-fpm"
LABEL "org.opencontainers.image.source"="https://github.com/devilbox/docker-php-fpm"
LABEL "org.opencontainers.image.vendor"="devilbox"
LABEL "org.opencontainers.image.licenses"="MIT"
LABEL "org.opencontainers.image.ref.name"="5.6-slim"
LABEL "org.opencontainers.image.title"="PHP-FPM 5.6-slim"
LABEL "org.opencontainers.image.description"="PHP-FPM 5.6-slim"
###
### Volumes
###
VOLUME /shared/backups
VOLUME /var/log/php
VOLUME /var/mail
###
### Ports
###
EXPOSE 9000
###
### Where to start inside the container
###
WORKDIR /shared/httpd
###
### Entrypoint
###
CMD ["/usr/bin/supervisord", "-c", "/etc/supervisor/supervisord.conf"]
ENTRYPOINT ["/docker-entrypoint.sh"]

626
Dockerfiles/slim/Dockerfile-7.0 Normal file
View File

@@ -0,0 +1,626 @@
# vi: ft=dockerfile
# Auto-generated via Ansible: edit ./ansible/DOCKERFILES/Dockerfile-slim.j2 instead.
########################################################################################################################
########################################################################################################################
###
### Stage 1/4: Devilbox slim image (BASE BUILDER)
###
########################################################################################################################
########################################################################################################################
###
### Installs all cli tools required to run Devilbox and its intranet
###
FROM devilbox/php-fpm:7.0-prod as devilbox-slim-base-builder
###
### Install apt Tools
###
RUN set -eux \
&& DEBIAN_FRONTEND=noninteractive apt-get update \
&& DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends --no-install-suggests \
apt-transport-https \
ca-certificates \
curl \
dirmngr \
gnupg
###
### Add apt repositories
###
RUN set -eux \
&& apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 648ACFD622F3D138 \
&& echo "deb http://ftp.debian.org/debian stretch-backports main" > /etc/apt/sources.list.d/backports.list \
&& curl -sS -L --fail "https://packages.blackfire.io/gpg.key" | APT_KEY_DONT_WARN_ON_DANGEROUS_USAGE=1 apt-key add - \
&& echo "deb http://packages.blackfire.io/debian any main" > /etc/apt/sources.list.d/blackfire.list \
&& true
###
### Install build_dep
###
RUN set -eux \
&& DEBIAN_FRONTEND=noninteractive apt-get update \
&& DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends --no-install-suggests \
libsnappy-dev \
&& rm -rf /var/lib/apt/lists/*
###
### Add common tools
###
RUN set -eux \
&& DEBIAN_FRONTEND=noninteractive apt-get update \
&& DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends --no-install-suggests \
file \
git \
mysql-client \
redis-tools \
sqlite3
###
### Install tools type: apt
###
RUN set -eux \
&& DEBIAN_FRONTEND=noninteractive apt-get update \
&& DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends --no-install-suggests \
# ---------- type: apt ----------
dnsutils \
iputils-ping \
netcat-openbsd \
sudo \
&& rm -rf /var/lib/apt/lists/*
###
### Devilbox required cli tools from group_vars (slim.yml)
###
# -------------------- dig --------------------
RUN set -eux \
&& dig -v 2>&1 | grep -E '[0-9]\.[0-9]' \
&& true
# -------------------- netcat --------------------
RUN set -eux \
&& nc -h 2>&1 | grep netcat \
&& true
# -------------------- ping --------------------
RUN set -eux \
&& ping -V | grep ^ping \
&& true
# -------------------- sudo --------------------
RUN set -eux \
&& sudo --version | grep -E 'version [0-9]+\.[0-9]+' \
&& true
# -------------------- blackfire --------------------
RUN set -eux \
&& apt-get update \
\
&& apt-get install -y --no-install-recommends --no-install-suggests \
blackfire-agent \
\
&& rm -rf /var/lib/apt/lists/* \
&& blackfire version \
&& blackfire-agent -v \
\
&& true
# -------------------- mhsendmail --------------------
RUN set -eux \
&& DEB_HOST_ARCH="$( dpkg-architecture --query DEB_HOST_ARCH )" \
&& if [ "${DEB_HOST_ARCH}" = "amd64" ] || [ "${DEB_HOST_ARCH}" = "arm64" ]; then \
MHSENDMAIL_URL="https://github.com/devilbox/mhsendmail/releases/download/v0.3.0/mhsendmail_linux_${DEB_HOST_ARCH}" \
&& curl -sS -L --fail "${MHSENDMAIL_URL}" > /usr/local/bin/mhsendmail \
&& chmod +x /usr/local/bin/mhsendmail; \
else \
printf '%s\n%s\n%s\n' '#!/bin/sh' 'echo "Not available for this platform."' 'exit 1' > /usr/local/bin/mhsendmail \
&& chmod +x /usr/local/bin/mhsendmail; \
fi \
\
&& mhsendmail -h 2>&1 | grep 'Usage' \
&& true
# -------------------- mongo_client --------------------
RUN set -eux \
&& apt-get update \
&& if [ "$(dpkg-architecture --query DEB_BUILD_ARCH)" = "amd64" ]; then \
apt-get install -y --no-install-recommends --no-install-suggests \
mongodb-clients \
mongo-tools; \
else \
apt-get install -y --no-install-recommends --no-install-suggests \
mongodb-clients; \
fi \
\
&& rm -rf /var/lib/apt/lists/* \
&& if echo '7.0' | grep -E '^(5.2|5.3|5.4|5.5|5.6|7.0)$' >/dev/null; then \
if [ "$(dpkg-architecture --query DEB_BUILD_ARCH)" = "amd64" ]; then \
mongofiles --version; \
fi \
else \
mongofiles --version; \
fi \
\
&& if echo '7.0' | grep -E '^(5.2|5.3|5.4|5.5)$' >/dev/null; then \
if [ "$(dpkg-architecture --query DEB_BUILD_ARCH)" = "amd64" ]; then \
mongo --version; \
fi \
else \
mongo --version; \
fi \
\
&& true
# -------------------- mysqldumpsecure --------------------
RUN set -eux \
&& git clone https://github.com/cytopia/mysqldump-secure.git /usr/local/src/mysqldump-secure \
&& cd /usr/local/src/mysqldump-secure \
&& git checkout $(git describe --abbrev=0 --tags) \
&& cp /usr/local/src/mysqldump-secure/bin/mysqldump-secure /usr/local/bin \
&& cp /usr/local/src/mysqldump-secure/etc/mysqldump-secure.conf /etc \
&& cp /usr/local/src/mysqldump-secure/etc/mysqldump-secure.cnf /etc \
&& touch /var/log/mysqldump-secure.log \
&& chown ${MY_USER}:${MY_GROUP} /etc/mysqldump-secure.* \
&& chown ${MY_USER}:${MY_GROUP} /var/log/mysqldump-secure.log \
&& chmod 0400 /etc/mysqldump-secure.conf \
&& chmod 0400 /etc/mysqldump-secure.cnf \
&& chmod 0644 /var/log/mysqldump-secure.log \
&& sed -i'' 's/^COMPRESS_ARG=.*/COMPRESS_ARG="-9 -c"/g' /etc/mysqldump-secure.conf \
&& sed -i'' 's/^DUMP_DIR=.*/DUMP_DIR="\/shared\/backups\/mysql"/g' /etc/mysqldump-secure.conf \
&& sed -i'' 's/^DUMP_DIR_CHMOD=.*/DUMP_DIR_CHMOD="0755"/g' /etc/mysqldump-secure.conf \
&& sed -i'' 's/^DUMP_FILE_CHMOD=.*/DUMP_FILE_CHMOD="0644"/g' /etc/mysqldump-secure.conf \
&& sed -i'' 's/^LOG_CHMOD=.*/LOG_CHMOD="0644"/g' /etc/mysqldump-secure.conf \
&& sed -i'' 's/^NAGIOS_LOG=.*/NAGIOS_LOG=0/g' /etc/mysqldump-secure.conf \
&& cd / \
&& rm -rf /usr/local/src/mysqldump-secure \
\
&& mysqldump-secure --version | grep -E 'Version:\s*[0-9][.0-9]+' \
&& true
# -------------------- pgsql_client --------------------
RUN set -eux \
&& if [ "$(dpkg-architecture --query DEB_BUILD_ARCH)" = "amd64" ]; then \
curl -sS -k -L --fail https://www.postgresql.org/media/keys/ACCC4CF8.asc | APT_KEY_DONT_WARN_ON_DANGEROUS_USAGE=1 apt-key add - \
&& echo "deb https://apt-archive.postgresql.org/pub/repos/apt/ stretch-pgdg main" > /etc/apt/sources.list.d/pgsql.list \
&& apt-get update; \
fi \
\
&& if [ "$(dpkg-architecture --query DEB_BUILD_ARCH)" = "amd64" ]; then \
apt-get install -y --no-install-recommends --no-install-suggests \
postgresql-client; \
fi \
\
&& rm -rf /var/lib/apt/lists/* \
&& if echo '7.0' | grep -E '^(5.2|5.3|5.4|5.5|5.6|7.0)$' >/dev/null; then \
if [ "$(dpkg-architecture --query DEB_BUILD_ARCH)" = "amd64" ]; then \
pg_isready --version; \
fi \
else \
pg_isready --version; \
fi \
\
&& true
###
### Prepare required shared libraries for copying (keep symlinks)
###
RUN set -eux \
&& LIB_GNU_DIR="/lib/$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)" \
&& USR_LIB_DIR="/usr/lib" \
&& USR_LIB_GNU_DIR="/usr/lib/$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)" \
\
&& mkdir /tmp/lib-gnu \
&& mkdir /tmp/usr-lib \
&& mkdir /tmp/usr-lib-gnu \
\
&& LIB_GNU="libreadline" \
&& USR_LIB="libsnappy libtcmalloc libv8" \
&& USR_LIB_GNU="liblua libpq libpcrecpp libboost libjemalloc libunwind libhiredis libedit libyaml-cpp libstemmer libsnappy libpcap libbsd liblzf" \
\
&& for lib in ${LIB_GNU}; do \
if ls -1 "${LIB_GNU_DIR}/" | grep "^${lib}" >/dev/null; then \
echo "Coping '${lib}' from: ${LIB_GNU_DIR}"; \
cp -r ${LIB_GNU_DIR}/${lib}* /tmp/lib-gnu/; \
fi \
done \
&& for lib in ${USR_LIB}; do \
if ls -1 "${USR_LIB_DIR}/" | grep "^${lib}" >/dev/null; then \
echo "Coping '${lib}' from: ${USR_LIB_DIR}"; \
cp -r ${USR_LIB_DIR}/${lib}* /tmp/usr-lib/; \
fi \
done \
&& for lib in ${USR_LIB_GNU}; do \
if ls -1 "${USR_LIB_GNU_DIR}/" | grep "^${lib}" >/dev/null; then \
echo "Coping '${lib}' from: ${USR_LIB_GNU_DIR}"; \
cp -r ${USR_LIB_GNU_DIR}/${lib}* /tmp/usr-lib-gnu/; \
fi \
done
###
### Fix expected PostgreSQL directories
###
### This might not exist on arm64 as software was not available,
### but they are still needed to be present, so we can copy them.
###
RUN set -eux \
&& if [ ! -d "/usr/lib/postgresql" ]; then \
mkdir "/usr/lib/postgresql"; \
fi \
&& if [ ! -d "/usr/share/postgresql-common" ]; then \
mkdir "/usr/share/postgresql-common"; \
fi
###
### Prepare MongoDB binaries for copying.
###
### They might not be available on all architectures (e.g.: arm64).
###
RUN set -eux \
&& mkdir /tmp/mongo \
&& if ls -1 "/usr/bin/" | grep "^mongo" >/dev/null; then \
cp -r /usr/bin/mongo* /tmp/mongo/; \
fi
###
### Strip debugging information to smallen filesize
###
RUN set -eux \
&& STRIP_USR_BINS="blackfire mongo mysql redis sqlite" \
&& STRIP_DIRS="/usr/lib/postgresql/ /usr/share/postgresql-common/ /tmp" \
\
&& for bin in ${STRIP_USR_BINS}; do \
( \
find /usr/bin/ -name "${bin}"* -type f -print0 \
| xargs -n1 -0 -P$(getconf _NPROCESSORS_ONLN) sh -c \
'if [ -f "${1}" ]; then echo "Strip: ${1}"; strip --strip-all -p "${1}" 2>/dev/null || true; fi' -- \
) \
done \
\
&& for dir in ${STRIP_DIRS}; do \
( \
find ${dir} -type f -print0 \
| xargs -n1 -0 -P$(getconf _NPROCESSORS_ONLN) sh -c \
'if [ -f "${1}" ]; then echo "Strip: ${1}"; strip --strip-all -p "${1}" 2>/dev/null || true; fi' -- \
) \
done \
\
&& strip --strip-all -p /usr/local/bin/mhsendmail 2>/dev/null || true \
&& strip --strip-all -p /usr/local/bin/mysqldump-secure 2>/dev/null || true
########################################################################################################################
########################################################################################################################
###
### Stage 2/4: Devilbox slim image (BASE)
###
########################################################################################################################
########################################################################################################################
###
### Copies all cli tools required to run Devilbox and its intranet into a clean image
###
FROM devilbox/php-fpm:7.0-prod as devilbox-slim-base
ARG ARCH
###
### Install tools type: apt
###
RUN set -eux \
&& DEBIAN_FRONTEND=noninteractive apt-get update \
&& DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends --no-install-suggests \
# ---------- type: apt ----------
dnsutils \
iputils-ping \
netcat-openbsd \
sudo \
&& rm -rf /var/lib/apt/lists/*
###
### Copy shared libraries (required by MongoDB, MySQL, PostgreSQL and Redis)
###
COPY --from=devilbox-slim-base-builder /tmp/lib-gnu/ /lib/${ARCH}-linux-gnu/
COPY --from=devilbox-slim-base-builder /tmp/usr-lib-gnu/ /usr/lib/${ARCH}-linux-gnu/
COPY --from=devilbox-slim-base-builder /tmp/usr-lib/ /usr/lib/
###
### Copy system files
###
COPY --from=devilbox-slim-base-builder /etc/group /etc/group
COPY --from=devilbox-slim-base-builder /etc/passwd /etc/passwd
COPY --from=devilbox-slim-base-builder /etc/shadow /etc/shadow
###
### Copy Blackfire
###
COPY --from=devilbox-slim-base-builder /etc/blackfire /etc/blackfire
COPY --from=devilbox-slim-base-builder /etc/default/blackfire-agent /etc/default/blackfire-agent
COPY --from=devilbox-slim-base-builder /usr/bin/blackfire* /usr/bin/
COPY --from=devilbox-slim-base-builder /var/log/blackfire /var/log/blackfire
###
### Copy mhsendmail
###
COPY --from=devilbox-slim-base-builder /usr/local/bin/mhsendmail /usr/local/bin/
###
### Copy MongoDB client (if exists)
###
COPY --from=devilbox-slim-base-builder /tmp/mongo/ /usr/bin/
###
### Copy MysQL Client
###
COPY --from=devilbox-slim-base-builder /usr/bin/mysql* /usr/bin/
###
### Copy mysqldump-secure
###
COPY --from=devilbox-slim-base-builder /usr/local/bin/mysqldump-secure /usr/local/bin/
COPY --from=devilbox-slim-base-builder /etc/mysqldump-secure.conf /etc/
COPY --from=devilbox-slim-base-builder /etc/mysqldump-secure.cnf /etc/
COPY --from=devilbox-slim-base-builder /var/log/mysqldump-secure.log /var/log/
###
### Copy PostgreSQL
###
COPY --from=devilbox-slim-base-builder /usr/lib/postgresql /usr/lib/postgresql
COPY --from=devilbox-slim-base-builder /usr/share/postgresql-common /usr/share/postgresql-common
COPY --from=devilbox-slim-base-builder /usr/share/perl5 /usr/share/perl5
###
### Create PostgreSQL symlinks
###
RUN set -eux \
&& if [ -f "/usr/share/postgresql-common/pg_wrapper" ]; then \
ln -s ../share/postgresql-common/pg_wrapper /usr/bin/clusterdb \
&& ln -s ../share/postgresql-common/pg_wrapper /usr/bin/createdb \
&& ln -s ../share/postgresql-common/pg_wrapper /usr/bin/createlang \
&& ln -s ../share/postgresql-common/pg_wrapper /usr/bin/createuser \
&& ln -s ../share/postgresql-common/pg_wrapper /usr/bin/dropdb \
&& ln -s ../share/postgresql-common/pg_wrapper /usr/bin/droplang \
&& ln -s ../share/postgresql-common/pg_wrapper /usr/bin/dropuser \
&& ln -s ../share/postgresql-common/pg_wrapper /usr/bin/pg_basebackup \
&& ln -s ../share/postgresql-common/pg_wrapper /usr/bin/pg_dump \
&& ln -s ../share/postgresql-common/pg_wrapper /usr/bin/pg_dumpall \
&& ln -s ../share/postgresql-common/pg_wrapper /usr/bin/pg_isready \
&& ln -s ../share/postgresql-common/pg_wrapper /usr/bin/pg_receivewal \
&& ln -s ../share/postgresql-common/pg_wrapper /usr/bin/pg_receivexlog \
&& ln -s ../share/postgresql-common/pg_wrapper /usr/bin/pg_recvlogical \
&& ln -s ../share/postgresql-common/pg_wrapper /usr/bin/pg_restore \
&& ln -s ../share/postgresql-common/pg_wrapper /usr/bin/pgbench \
&& ln -s ../share/postgresql-common/pg_wrapper /usr/bin/psql \
&& ln -s ../share/postgresql-common/pg_wrapper /usr/bin/reindexdb \
&& ln -s ../share/postgresql-common/pg_wrapper /usr/bin/vacuumdb \
&& ln -s ../share/postgresql-common/pg_wrapper /usr/bin/vacuumlo; \
fi
###
### Copy Redis Client
###
COPY --from=devilbox-slim-base-builder /usr/bin/redis* /usr/bin/
###
### Copy SQLite Client
###
COPY --from=devilbox-slim-base-builder /usr/bin/sqlite* /usr/bin/
###
### ADD PHP configuration files
###
COPY ./data/php-ini.d/php-7.0.ini /usr/local/etc/php/conf.d/xxx-devilbox-default-php.ini
COPY ./data/php-fpm.conf/php-fpm-7.0.conf /usr/local/etc/php-fpm.conf
###
### ADD Devilbox configuration files
###
COPY ./data/docker-entrypoint.sh /docker-entrypoint.sh
COPY ./data/docker-entrypoint.d/*.sh /docker-entrypoint.d/
COPY ./data/bash-devilbox /etc/bash-devilbox
COPY ./data/sudo-devilbox /etc/sudoers.d/devilbox
###
### Configure Bash
###
RUN set -eux \
&& { \
echo; \
echo "# [Devilbox] Ensure /usr/local(s)?bin is in PATH"; \
echo 'PATH="${PATH}:/usr/local/bin:/usr/local/sbin"'; \
echo "export PATH"; \
echo; \
echo "# [Devilbox] Source Devilbox main bash config"; \
echo ". /etc/bash-devilbox"; \
echo; \
echo "# [Devilbox] Source Devilbox custom configs"; \
echo "if [ -d /etc/bashrc-devilbox.d/ ]; then"; \
echo " for f in /etc/bashrc-devilbox.d/*.sh ; do"; \
echo " if [ -r \"\${f}\" ]; then"; \
echo " . \"\${f}\""; \
echo " fi"; \
echo " done"; \
echo " unset f"; \
echo "fi"; \
} | tee -a /home/${MY_USER}/.bashrc /root/.bashrc \
&& chown ${MY_USER}:${MY_GROUP} /home/${MY_USER}/.bashrc
########################################################################################################################
########################################################################################################################
###
### Stage 3/4: Devilbox slim image (BASE TEST)
###
########################################################################################################################
########################################################################################################################
###
### Test all Devilbox cli utils if copying was successful
###
FROM devilbox-slim-base as devilbox-slim-base-test
RUN set -eux \
&& mysql --version \
&& redis-cli --version \
&& sqlite3 --version
###
### Check if available tools slim
###
# -------------------- dig --------------------
RUN set -eux \
&& dig -v 2>&1 | grep -E '[0-9]\.[0-9]' \
&& true
# -------------------- netcat --------------------
RUN set -eux \
&& nc -h 2>&1 | grep netcat \
&& true
# -------------------- ping --------------------
RUN set -eux \
&& ping -V | grep ^ping \
&& true
# -------------------- sudo --------------------
RUN set -eux \
&& sudo --version | grep -E 'version [0-9]+\.[0-9]+' \
&& true
# -------------------- blackfire --------------------
RUN set -eux \
&& blackfire version \
&& blackfire-agent -v \
\
&& true
# -------------------- mhsendmail --------------------
RUN set -eux \
&& mhsendmail -h 2>&1 | grep 'Usage' \
&& true
# -------------------- mongo_client --------------------
RUN set -eux \
&& if echo '7.0' | grep -E '^(5.2|5.3|5.4|5.5|5.6|7.0)$' >/dev/null; then \
if [ "$(dpkg-architecture --query DEB_BUILD_ARCH)" = "amd64" ]; then \
mongofiles --version; \
fi \
else \
mongofiles --version; \
fi \
\
&& if echo '7.0' | grep -E '^(5.2|5.3|5.4|5.5)$' >/dev/null; then \
if [ "$(dpkg-architecture --query DEB_BUILD_ARCH)" = "amd64" ]; then \
mongo --version; \
fi \
else \
mongo --version; \
fi \
\
&& true
# -------------------- mysqldumpsecure --------------------
RUN set -eux \
&& mysqldump-secure --version | grep -E 'Version:\s*[0-9][.0-9]+' \
&& true
# -------------------- pgsql_client --------------------
RUN set -eux \
&& if echo '7.0' | grep -E '^(5.2|5.3|5.4|5.5|5.6|7.0)$' >/dev/null; then \
if [ "$(dpkg-architecture --query DEB_BUILD_ARCH)" = "amd64" ]; then \
pg_isready --version; \
fi \
else \
pg_isready --version; \
fi \
\
&& true
###
### Re-activate modules which have been deactivated in mods (for testing).
###
RUN set -eux \
&& if find /usr/local/lib/php/extensions/ -name phalcon.so | grep phalcon; then \
echo "extension=phalcon.so" > /usr/local/etc/php/conf.d/docker-php-ext-phalcon.ini; \
fi \
&& if find /usr/local/lib/php/extensions/ -name psr.so | grep psr; then \
echo "extension=psr.so" > /usr/local/etc/php/conf.d/docker-php-ext-psr.ini; \
fi
###
### Check if PHP still works
###
RUN set -eux \
&& echo "date.timezone=UTC" > /usr/local/etc/php/php.ini \
&& php -v | grep -oE 'PHP\s[.0-9]+' | grep -oE '[.0-9]+' | grep '^7.0' \
&& /usr/local/sbin/php-fpm --test \
\
&& PHP_ERROR="$( php -v 2>&1 1>/dev/null )" \
&& if [ -n "${PHP_ERROR}" ]; then echo "${PHP_ERROR}"; false; fi \
&& PHP_ERROR="$( php -i 2>&1 1>/dev/null )" \
&& if [ -n "${PHP_ERROR}" ]; then echo "${PHP_ERROR}"; false; fi \
\
&& PHP_FPM_ERROR="$( php-fpm -v 2>&1 1>/dev/null )" \
&& if [ -n "${PHP_FPM_ERROR}" ]; then echo "${PHP_FPM_ERROR}"; false; fi \
&& PHP_FPM_ERROR="$( php-fpm -i 2>&1 1>/dev/null )" \
&& if [ -n "${PHP_FPM_ERROR}" ]; then echo "${PHP_FPM_ERROR}"; false; fi \
&& rm -f /usr/local/etc/php/php.ini
########################################################################################################################
########################################################################################################################
###
### Stage 4/4: Devilbox slim image (FINAL)
###
########################################################################################################################
########################################################################################################################
###
### Prepare final base image (STAGE: slim)
###
FROM devilbox-slim-base as slim
MAINTAINER "cytopia" <cytopia@everythingcli.org>
###
### Labels
###
# https://github.com/opencontainers/image-spec/blob/master/annotations.md
#LABEL "org.opencontainers.image.created"=""
#LABEL "org.opencontainers.image.version"=""
#LABEL "org.opencontainers.image.revision"=""
LABEL "maintainer"="cytopia <cytopia@everythingcli.org>"
LABEL "org.opencontainers.image.authors"="cytopia <cytopia@everythingcli.org>"
LABEL "org.opencontainers.image.url"="https://github.com/devilbox/docker-php-fpm"
LABEL "org.opencontainers.image.documentation"="https://github.com/devilbox/docker-php-fpm"
LABEL "org.opencontainers.image.source"="https://github.com/devilbox/docker-php-fpm"
LABEL "org.opencontainers.image.vendor"="devilbox"
LABEL "org.opencontainers.image.licenses"="MIT"
LABEL "org.opencontainers.image.ref.name"="7.0-slim"
LABEL "org.opencontainers.image.title"="PHP-FPM 7.0-slim"
LABEL "org.opencontainers.image.description"="PHP-FPM 7.0-slim"
###
### Volumes
###
VOLUME /shared/backups
VOLUME /var/log/php
VOLUME /var/mail
###
### Ports
###
EXPOSE 9000
###
### Where to start inside the container
###
WORKDIR /shared/httpd
###
### Entrypoint
###
CMD ["/usr/bin/supervisord", "-c", "/etc/supervisor/supervisord.conf"]
ENTRYPOINT ["/docker-entrypoint.sh"]

620
Dockerfiles/slim/Dockerfile-7.1 Normal file
View File

@@ -0,0 +1,620 @@
# vi: ft=dockerfile
# Auto-generated via Ansible: edit ./ansible/DOCKERFILES/Dockerfile-slim.j2 instead.
########################################################################################################################
########################################################################################################################
###
### Stage 1/4: Devilbox slim image (BASE BUILDER)
###
########################################################################################################################
########################################################################################################################
###
### Installs all cli tools required to run Devilbox and its intranet
###
FROM devilbox/php-fpm:7.1-prod as devilbox-slim-base-builder
###
### Install apt Tools
###
RUN set -eux \
&& DEBIAN_FRONTEND=noninteractive apt-get update \
&& DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends --no-install-suggests \
apt-transport-https \
ca-certificates \
curl \
dirmngr \
gnupg
###
### Add apt repositories
###
RUN set -eux \
&& apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 648ACFD622F3D138 \
&& echo "deb http://ftp.debian.org/debian buster-backports main" > /etc/apt/sources.list.d/backports.list \
&& curl -sS -L --fail "https://packages.blackfire.io/gpg.key" | APT_KEY_DONT_WARN_ON_DANGEROUS_USAGE=1 apt-key add - \
&& echo "deb http://packages.blackfire.io/debian any main" > /etc/apt/sources.list.d/blackfire.list \
&& true
###
### Install build_dep
###
RUN set -eux \
&& DEBIAN_FRONTEND=noninteractive apt-get update \
&& DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends --no-install-suggests \
libsnappy-dev \
&& rm -rf /var/lib/apt/lists/*
###
### Add common tools
###
RUN set -eux \
&& DEBIAN_FRONTEND=noninteractive apt-get update \
&& DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends --no-install-suggests \
file \
git \
mariadb-client \
redis-tools \
sqlite3
###
### Install tools type: apt
###
RUN set -eux \
&& DEBIAN_FRONTEND=noninteractive apt-get update \
&& DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends --no-install-suggests \
# ---------- type: apt ----------
dnsutils \
iputils-ping \
netcat-openbsd \
sudo \
&& rm -rf /var/lib/apt/lists/*
###
### Devilbox required cli tools from group_vars (slim.yml)
###
# -------------------- dig --------------------
RUN set -eux \
&& dig -v 2>&1 | grep -E '[0-9]\.[0-9]' \
&& true
# -------------------- netcat --------------------
RUN set -eux \
&& nc -h 2>&1 | grep netcat \
&& true
# -------------------- ping --------------------
RUN set -eux \
&& ping -V | grep ^ping \
&& true
# -------------------- sudo --------------------
RUN set -eux \
&& sudo --version | grep -E 'version [0-9]+\.[0-9]+' \
&& true
# -------------------- blackfire --------------------
RUN set -eux \
&& apt-get update \
\
&& apt-get install -y --no-install-recommends --no-install-suggests \
blackfire-agent \
\
&& rm -rf /var/lib/apt/lists/* \
&& blackfire version \
&& blackfire-agent -v \
\
&& true
# -------------------- mhsendmail --------------------
RUN set -eux \
&& DEB_HOST_ARCH="$( dpkg-architecture --query DEB_HOST_ARCH )" \
&& if [ "${DEB_HOST_ARCH}" = "amd64" ] || [ "${DEB_HOST_ARCH}" = "arm64" ]; then \
MHSENDMAIL_URL="https://github.com/devilbox/mhsendmail/releases/download/v0.3.0/mhsendmail_linux_${DEB_HOST_ARCH}" \
&& curl -sS -L --fail "${MHSENDMAIL_URL}" > /usr/local/bin/mhsendmail \
&& chmod +x /usr/local/bin/mhsendmail; \
else \
printf '%s\n%s\n%s\n' '#!/bin/sh' 'echo "Not available for this platform."' 'exit 1' > /usr/local/bin/mhsendmail \
&& chmod +x /usr/local/bin/mhsendmail; \
fi \
\
&& mhsendmail -h 2>&1 | grep 'Usage' \
&& true
# -------------------- mongo_client --------------------
RUN set -eux \
&& APT_KEY_DONT_WARN_ON_DANGEROUS_USAGE=1 apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv 20691EEC35216C63CAF66CE1656408E390CFB1F5 \
&& echo "deb http://repo.mongodb.org/apt/ubuntu bionic/mongodb-org/4.4 multiverse" > /etc/apt/sources.list.d/mongo.list \
&& apt-get update \
\
&& apt-get install -y --no-install-recommends --no-install-suggests \
mongodb-org-tools \
mongodb-org-shell \
\
&& rm -rf /var/lib/apt/lists/* \
&& if echo '7.1' | grep -E '^(5.2|5.3|5.4|5.5|5.6|7.0)$' >/dev/null; then \
if [ "$(dpkg-architecture --query DEB_BUILD_ARCH)" = "amd64" ]; then \
mongofiles --version; \
fi \
else \
mongofiles --version; \
fi \
\
&& if echo '7.1' | grep -E '^(5.2|5.3|5.4|5.5)$' >/dev/null; then \
if [ "$(dpkg-architecture --query DEB_BUILD_ARCH)" = "amd64" ]; then \
mongo --version; \
fi \
else \
mongo --version; \
fi \
\
&& true
# -------------------- mysqldumpsecure --------------------
RUN set -eux \
&& git clone https://github.com/cytopia/mysqldump-secure.git /usr/local/src/mysqldump-secure \
&& cd /usr/local/src/mysqldump-secure \
&& git checkout $(git describe --abbrev=0 --tags) \
&& cp /usr/local/src/mysqldump-secure/bin/mysqldump-secure /usr/local/bin \
&& cp /usr/local/src/mysqldump-secure/etc/mysqldump-secure.conf /etc \
&& cp /usr/local/src/mysqldump-secure/etc/mysqldump-secure.cnf /etc \
&& touch /var/log/mysqldump-secure.log \
&& chown ${MY_USER}:${MY_GROUP} /etc/mysqldump-secure.* \
&& chown ${MY_USER}:${MY_GROUP} /var/log/mysqldump-secure.log \
&& chmod 0400 /etc/mysqldump-secure.conf \
&& chmod 0400 /etc/mysqldump-secure.cnf \
&& chmod 0644 /var/log/mysqldump-secure.log \
&& sed -i'' 's/^COMPRESS_ARG=.*/COMPRESS_ARG="-9 -c"/g' /etc/mysqldump-secure.conf \
&& sed -i'' 's/^DUMP_DIR=.*/DUMP_DIR="\/shared\/backups\/mysql"/g' /etc/mysqldump-secure.conf \
&& sed -i'' 's/^DUMP_DIR_CHMOD=.*/DUMP_DIR_CHMOD="0755"/g' /etc/mysqldump-secure.conf \
&& sed -i'' 's/^DUMP_FILE_CHMOD=.*/DUMP_FILE_CHMOD="0644"/g' /etc/mysqldump-secure.conf \
&& sed -i'' 's/^LOG_CHMOD=.*/LOG_CHMOD="0644"/g' /etc/mysqldump-secure.conf \
&& sed -i'' 's/^NAGIOS_LOG=.*/NAGIOS_LOG=0/g' /etc/mysqldump-secure.conf \
&& cd / \
&& rm -rf /usr/local/src/mysqldump-secure \
\
&& mysqldump-secure --version | grep -E 'Version:\s*[0-9][.0-9]+' \
&& true
# -------------------- pgsql_client --------------------
RUN set -eux \
&& curl -sS -k -L --fail https://www.postgresql.org/media/keys/ACCC4CF8.asc | APT_KEY_DONT_WARN_ON_DANGEROUS_USAGE=1 apt-key add - \
&& echo "deb http://apt.postgresql.org/pub/repos/apt/ buster-pgdg main" > /etc/apt/sources.list.d/pgsql.list \
&& apt-get update \
\
&& apt-get install -y --no-install-recommends --no-install-suggests \
postgresql-client \
\
&& rm -rf /var/lib/apt/lists/* \
&& if echo '7.1' | grep -E '^(5.2|5.3|5.4|5.5|5.6|7.0)$' >/dev/null; then \
if [ "$(dpkg-architecture --query DEB_BUILD_ARCH)" = "amd64" ]; then \
pg_isready --version; \
fi \
else \
pg_isready --version; \
fi \
\
&& true
###
### Prepare required shared libraries for copying (keep symlinks)
###
RUN set -eux \
&& LIB_GNU_DIR="/lib/$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)" \
&& USR_LIB_DIR="/usr/lib" \
&& USR_LIB_GNU_DIR="/usr/lib/$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)" \
\
&& mkdir /tmp/lib-gnu \
&& mkdir /tmp/usr-lib \
&& mkdir /tmp/usr-lib-gnu \
\
&& LIB_GNU="libreadline" \
&& USR_LIB="libsnappy libtcmalloc libv8" \
&& USR_LIB_GNU="liblua libpq libpcrecpp libboost libjemalloc libunwind libhiredis libedit libyaml-cpp libstemmer libsnappy libpcap libbsd liblzf" \
\
&& for lib in ${LIB_GNU}; do \
if ls -1 "${LIB_GNU_DIR}/" | grep "^${lib}" >/dev/null; then \
echo "Coping '${lib}' from: ${LIB_GNU_DIR}"; \
cp -r ${LIB_GNU_DIR}/${lib}* /tmp/lib-gnu/; \
fi \
done \
&& for lib in ${USR_LIB}; do \
if ls -1 "${USR_LIB_DIR}/" | grep "^${lib}" >/dev/null; then \
echo "Coping '${lib}' from: ${USR_LIB_DIR}"; \
cp -r ${USR_LIB_DIR}/${lib}* /tmp/usr-lib/; \
fi \
done \
&& for lib in ${USR_LIB_GNU}; do \
if ls -1 "${USR_LIB_GNU_DIR}/" | grep "^${lib}" >/dev/null; then \
echo "Coping '${lib}' from: ${USR_LIB_GNU_DIR}"; \
cp -r ${USR_LIB_GNU_DIR}/${lib}* /tmp/usr-lib-gnu/; \
fi \
done
###
### Fix expected PostgreSQL directories
###
### This might not exist on arm64 as software was not available,
### but they are still needed to be present, so we can copy them.
###
RUN set -eux \
&& if [ ! -d "/usr/lib/postgresql" ]; then \
mkdir "/usr/lib/postgresql"; \
fi \
&& if [ ! -d "/usr/share/postgresql-common" ]; then \
mkdir "/usr/share/postgresql-common"; \
fi
###
### Prepare MongoDB binaries for copying.
###
### They might not be available on all architectures (e.g.: arm64).
###
RUN set -eux \
&& mkdir /tmp/mongo \
&& if ls -1 "/usr/bin/" | grep "^mongo" >/dev/null; then \
cp -r /usr/bin/mongo* /tmp/mongo/; \
fi
###
### Strip debugging information to smallen filesize
###
RUN set -eux \
&& STRIP_USR_BINS="blackfire mongo mysql redis sqlite" \
&& STRIP_DIRS="/usr/lib/postgresql/ /usr/share/postgresql-common/ /tmp" \
\
&& for bin in ${STRIP_USR_BINS}; do \
( \
find /usr/bin/ -name "${bin}"* -type f -print0 \
| xargs -n1 -0 -P$(getconf _NPROCESSORS_ONLN) sh -c \
'if [ -f "${1}" ]; then echo "Strip: ${1}"; strip --strip-all -p "${1}" 2>/dev/null || true; fi' -- \
) \
done \
\
&& for dir in ${STRIP_DIRS}; do \
( \
find ${dir} -type f -print0 \
| xargs -n1 -0 -P$(getconf _NPROCESSORS_ONLN) sh -c \
'if [ -f "${1}" ]; then echo "Strip: ${1}"; strip --strip-all -p "${1}" 2>/dev/null || true; fi' -- \
) \
done \
\
&& strip --strip-all -p /usr/local/bin/mhsendmail 2>/dev/null || true \
&& strip --strip-all -p /usr/local/bin/mysqldump-secure 2>/dev/null || true
########################################################################################################################
########################################################################################################################
###
### Stage 2/4: Devilbox slim image (BASE)
###
########################################################################################################################
########################################################################################################################
###
### Copies all cli tools required to run Devilbox and its intranet into a clean image
###
FROM devilbox/php-fpm:7.1-prod as devilbox-slim-base
ARG ARCH
###
### Install tools type: apt
###
RUN set -eux \
&& DEBIAN_FRONTEND=noninteractive apt-get update \
&& DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends --no-install-suggests \
# ---------- type: apt ----------
dnsutils \
iputils-ping \
netcat-openbsd \
sudo \
&& rm -rf /var/lib/apt/lists/*
###
### Copy shared libraries (required by MongoDB, MySQL, PostgreSQL and Redis)
###
COPY --from=devilbox-slim-base-builder /tmp/lib-gnu/ /lib/${ARCH}-linux-gnu/
COPY --from=devilbox-slim-base-builder /tmp/usr-lib-gnu/ /usr/lib/${ARCH}-linux-gnu/
COPY --from=devilbox-slim-base-builder /tmp/usr-lib/ /usr/lib/
###
### Copy system files
###
COPY --from=devilbox-slim-base-builder /etc/group /etc/group
COPY --from=devilbox-slim-base-builder /etc/passwd /etc/passwd
COPY --from=devilbox-slim-base-builder /etc/shadow /etc/shadow
###
### Copy Blackfire
###
COPY --from=devilbox-slim-base-builder /etc/blackfire /etc/blackfire
COPY --from=devilbox-slim-base-builder /etc/default/blackfire-agent /etc/default/blackfire-agent
COPY --from=devilbox-slim-base-builder /usr/bin/blackfire* /usr/bin/
COPY --from=devilbox-slim-base-builder /var/log/blackfire /var/log/blackfire
###
### Copy mhsendmail
###
COPY --from=devilbox-slim-base-builder /usr/local/bin/mhsendmail /usr/local/bin/
###
### Copy MongoDB client (if exists)
###
COPY --from=devilbox-slim-base-builder /tmp/mongo/ /usr/bin/
###
### Copy MysQL Client
###
COPY --from=devilbox-slim-base-builder /usr/bin/mysql* /usr/bin/
###
### Copy mysqldump-secure
###
COPY --from=devilbox-slim-base-builder /usr/local/bin/mysqldump-secure /usr/local/bin/
COPY --from=devilbox-slim-base-builder /etc/mysqldump-secure.conf /etc/
COPY --from=devilbox-slim-base-builder /etc/mysqldump-secure.cnf /etc/
COPY --from=devilbox-slim-base-builder /var/log/mysqldump-secure.log /var/log/
###
### Copy PostgreSQL
###
COPY --from=devilbox-slim-base-builder /usr/lib/postgresql /usr/lib/postgresql
COPY --from=devilbox-slim-base-builder /usr/share/postgresql-common /usr/share/postgresql-common
COPY --from=devilbox-slim-base-builder /usr/share/perl5 /usr/share/perl5
###
### Create PostgreSQL symlinks
###
RUN set -eux \
&& if [ -f "/usr/share/postgresql-common/pg_wrapper" ]; then \
ln -s ../share/postgresql-common/pg_wrapper /usr/bin/clusterdb \
&& ln -s ../share/postgresql-common/pg_wrapper /usr/bin/createdb \
&& ln -s ../share/postgresql-common/pg_wrapper /usr/bin/createlang \
&& ln -s ../share/postgresql-common/pg_wrapper /usr/bin/createuser \
&& ln -s ../share/postgresql-common/pg_wrapper /usr/bin/dropdb \
&& ln -s ../share/postgresql-common/pg_wrapper /usr/bin/droplang \
&& ln -s ../share/postgresql-common/pg_wrapper /usr/bin/dropuser \
&& ln -s ../share/postgresql-common/pg_wrapper /usr/bin/pg_basebackup \
&& ln -s ../share/postgresql-common/pg_wrapper /usr/bin/pg_dump \
&& ln -s ../share/postgresql-common/pg_wrapper /usr/bin/pg_dumpall \
&& ln -s ../share/postgresql-common/pg_wrapper /usr/bin/pg_isready \
&& ln -s ../share/postgresql-common/pg_wrapper /usr/bin/pg_receivewal \
&& ln -s ../share/postgresql-common/pg_wrapper /usr/bin/pg_receivexlog \
&& ln -s ../share/postgresql-common/pg_wrapper /usr/bin/pg_recvlogical \
&& ln -s ../share/postgresql-common/pg_wrapper /usr/bin/pg_restore \
&& ln -s ../share/postgresql-common/pg_wrapper /usr/bin/pgbench \
&& ln -s ../share/postgresql-common/pg_wrapper /usr/bin/psql \
&& ln -s ../share/postgresql-common/pg_wrapper /usr/bin/reindexdb \
&& ln -s ../share/postgresql-common/pg_wrapper /usr/bin/vacuumdb \
&& ln -s ../share/postgresql-common/pg_wrapper /usr/bin/vacuumlo; \
fi
###
### Copy Redis Client
###
COPY --from=devilbox-slim-base-builder /usr/bin/redis* /usr/bin/
###
### Copy SQLite Client
###
COPY --from=devilbox-slim-base-builder /usr/bin/sqlite* /usr/bin/
###
### ADD PHP configuration files
###
COPY ./data/php-ini.d/php-7.1.ini /usr/local/etc/php/conf.d/xxx-devilbox-default-php.ini
COPY ./data/php-fpm.conf/php-fpm-7.1.conf /usr/local/etc/php-fpm.conf
###
### ADD Devilbox configuration files
###
COPY ./data/docker-entrypoint.sh /docker-entrypoint.sh
COPY ./data/docker-entrypoint.d/*.sh /docker-entrypoint.d/
COPY ./data/bash-devilbox /etc/bash-devilbox
COPY ./data/sudo-devilbox /etc/sudoers.d/devilbox
###
### Configure Bash
###
RUN set -eux \
&& { \
echo; \
echo "# [Devilbox] Ensure /usr/local(s)?bin is in PATH"; \
echo 'PATH="${PATH}:/usr/local/bin:/usr/local/sbin"'; \
echo "export PATH"; \
echo; \
echo "# [Devilbox] Source Devilbox main bash config"; \
echo ". /etc/bash-devilbox"; \
echo; \
echo "# [Devilbox] Source Devilbox custom configs"; \
echo "if [ -d /etc/bashrc-devilbox.d/ ]; then"; \
echo " for f in /etc/bashrc-devilbox.d/*.sh ; do"; \
echo " if [ -r \"\${f}\" ]; then"; \
echo " . \"\${f}\""; \
echo " fi"; \
echo " done"; \
echo " unset f"; \
echo "fi"; \
} | tee -a /home/${MY_USER}/.bashrc /root/.bashrc \
&& chown ${MY_USER}:${MY_GROUP} /home/${MY_USER}/.bashrc
########################################################################################################################
########################################################################################################################
###
### Stage 3/4: Devilbox slim image (BASE TEST)
###
########################################################################################################################
########################################################################################################################
###
### Test all Devilbox cli utils if copying was successful
###
FROM devilbox-slim-base as devilbox-slim-base-test
RUN set -eux \
&& mysql --version \
&& redis-cli --version \
&& sqlite3 --version
###
### Check if available tools slim
###
# -------------------- dig --------------------
RUN set -eux \
&& dig -v 2>&1 | grep -E '[0-9]\.[0-9]' \
&& true
# -------------------- netcat --------------------
RUN set -eux \
&& nc -h 2>&1 | grep netcat \
&& true
# -------------------- ping --------------------
RUN set -eux \
&& ping -V | grep ^ping \
&& true
# -------------------- sudo --------------------
RUN set -eux \
&& sudo --version | grep -E 'version [0-9]+\.[0-9]+' \
&& true
# -------------------- blackfire --------------------
RUN set -eux \
&& blackfire version \
&& blackfire-agent -v \
\
&& true
# -------------------- mhsendmail --------------------
RUN set -eux \
&& mhsendmail -h 2>&1 | grep 'Usage' \
&& true
# -------------------- mongo_client --------------------
RUN set -eux \
&& if echo '7.1' | grep -E '^(5.2|5.3|5.4|5.5|5.6|7.0)$' >/dev/null; then \
if [ "$(dpkg-architecture --query DEB_BUILD_ARCH)" = "amd64" ]; then \
mongofiles --version; \
fi \
else \
mongofiles --version; \
fi \
\
&& if echo '7.1' | grep -E '^(5.2|5.3|5.4|5.5)$' >/dev/null; then \
if [ "$(dpkg-architecture --query DEB_BUILD_ARCH)" = "amd64" ]; then \
mongo --version; \
fi \
else \
mongo --version; \
fi \
\
&& true
# -------------------- mysqldumpsecure --------------------
RUN set -eux \
&& mysqldump-secure --version | grep -E 'Version:\s*[0-9][.0-9]+' \
&& true
# -------------------- pgsql_client --------------------
RUN set -eux \
&& if echo '7.1' | grep -E '^(5.2|5.3|5.4|5.5|5.6|7.0)$' >/dev/null; then \
if [ "$(dpkg-architecture --query DEB_BUILD_ARCH)" = "amd64" ]; then \
pg_isready --version; \
fi \
else \
pg_isready --version; \
fi \
\
&& true
###
### Re-activate modules which have been deactivated in mods (for testing).
###
RUN set -eux \
&& if find /usr/local/lib/php/extensions/ -name phalcon.so | grep phalcon; then \
echo "extension=phalcon.so" > /usr/local/etc/php/conf.d/docker-php-ext-phalcon.ini; \
fi \
&& if find /usr/local/lib/php/extensions/ -name psr.so | grep psr; then \
echo "extension=psr.so" > /usr/local/etc/php/conf.d/docker-php-ext-psr.ini; \
fi
###
### Check if PHP still works
###
RUN set -eux \
&& echo "date.timezone=UTC" > /usr/local/etc/php/php.ini \
&& php -v | grep -oE 'PHP\s[.0-9]+' | grep -oE '[.0-9]+' | grep '^7.1' \
&& /usr/local/sbin/php-fpm --test \
\
&& PHP_ERROR="$( php -v 2>&1 1>/dev/null )" \
&& if [ -n "${PHP_ERROR}" ]; then echo "${PHP_ERROR}"; false; fi \
&& PHP_ERROR="$( php -i 2>&1 1>/dev/null )" \
&& if [ -n "${PHP_ERROR}" ]; then echo "${PHP_ERROR}"; false; fi \
\
&& PHP_FPM_ERROR="$( php-fpm -v 2>&1 1>/dev/null )" \
&& if [ -n "${PHP_FPM_ERROR}" ]; then echo "${PHP_FPM_ERROR}"; false; fi \
&& PHP_FPM_ERROR="$( php-fpm -i 2>&1 1>/dev/null )" \
&& if [ -n "${PHP_FPM_ERROR}" ]; then echo "${PHP_FPM_ERROR}"; false; fi \
&& rm -f /usr/local/etc/php/php.ini
########################################################################################################################
########################################################################################################################
###
### Stage 4/4: Devilbox slim image (FINAL)
###
########################################################################################################################
########################################################################################################################
###
### Prepare final base image (STAGE: slim)
###
FROM devilbox-slim-base as slim
MAINTAINER "cytopia" <cytopia@everythingcli.org>
###
### Labels
###
# https://github.com/opencontainers/image-spec/blob/master/annotations.md
#LABEL "org.opencontainers.image.created"=""
#LABEL "org.opencontainers.image.version"=""
#LABEL "org.opencontainers.image.revision"=""
LABEL "maintainer"="cytopia <cytopia@everythingcli.org>"
LABEL "org.opencontainers.image.authors"="cytopia <cytopia@everythingcli.org>"
LABEL "org.opencontainers.image.url"="https://github.com/devilbox/docker-php-fpm"
LABEL "org.opencontainers.image.documentation"="https://github.com/devilbox/docker-php-fpm"
LABEL "org.opencontainers.image.source"="https://github.com/devilbox/docker-php-fpm"
LABEL "org.opencontainers.image.vendor"="devilbox"
LABEL "org.opencontainers.image.licenses"="MIT"
LABEL "org.opencontainers.image.ref.name"="7.1-slim"
LABEL "org.opencontainers.image.title"="PHP-FPM 7.1-slim"
LABEL "org.opencontainers.image.description"="PHP-FPM 7.1-slim"
###
### Volumes
###
VOLUME /shared/backups
VOLUME /var/log/php
VOLUME /var/mail
###
### Ports
###
EXPOSE 9000
###
### Where to start inside the container
###
WORKDIR /shared/httpd
###
### Entrypoint
###
CMD ["/usr/bin/supervisord", "-c", "/etc/supervisor/supervisord.conf"]
ENTRYPOINT ["/docker-entrypoint.sh"]

620
Dockerfiles/slim/Dockerfile-7.2 Normal file
View File

@@ -0,0 +1,620 @@
# vi: ft=dockerfile
# Auto-generated via Ansible: edit ./ansible/DOCKERFILES/Dockerfile-slim.j2 instead.
########################################################################################################################
########################################################################################################################
###
### Stage 1/4: Devilbox slim image (BASE BUILDER)
###
########################################################################################################################
########################################################################################################################
###
### Installs all cli tools required to run Devilbox and its intranet
###
FROM devilbox/php-fpm:7.2-prod as devilbox-slim-base-builder
###
### Install apt Tools
###
RUN set -eux \
&& DEBIAN_FRONTEND=noninteractive apt-get update \
&& DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends --no-install-suggests \
apt-transport-https \
ca-certificates \
curl \
dirmngr \
gnupg
###
### Add apt repositories
###
RUN set -eux \
&& apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 648ACFD622F3D138 \
&& echo "deb http://ftp.debian.org/debian buster-backports main" > /etc/apt/sources.list.d/backports.list \
&& curl -sS -L --fail "https://packages.blackfire.io/gpg.key" | APT_KEY_DONT_WARN_ON_DANGEROUS_USAGE=1 apt-key add - \
&& echo "deb http://packages.blackfire.io/debian any main" > /etc/apt/sources.list.d/blackfire.list \
&& true
###
### Install build_dep
###
RUN set -eux \
&& DEBIAN_FRONTEND=noninteractive apt-get update \
&& DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends --no-install-suggests \
libsnappy-dev \
&& rm -rf /var/lib/apt/lists/*
###
### Add common tools
###
RUN set -eux \
&& DEBIAN_FRONTEND=noninteractive apt-get update \
&& DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends --no-install-suggests \
file \
git \
mariadb-client \
redis-tools \
sqlite3
###
### Install tools type: apt
###
RUN set -eux \
&& DEBIAN_FRONTEND=noninteractive apt-get update \
&& DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends --no-install-suggests \
# ---------- type: apt ----------
dnsutils \
iputils-ping \
netcat-openbsd \
sudo \
&& rm -rf /var/lib/apt/lists/*
###
### Devilbox required cli tools from group_vars (slim.yml)
###
# -------------------- dig --------------------
RUN set -eux \
&& dig -v 2>&1 | grep -E '[0-9]\.[0-9]' \
&& true
# -------------------- netcat --------------------
RUN set -eux \
&& nc -h 2>&1 | grep netcat \
&& true
# -------------------- ping --------------------
RUN set -eux \
&& ping -V | grep ^ping \
&& true
# -------------------- sudo --------------------
RUN set -eux \
&& sudo --version | grep -E 'version [0-9]+\.[0-9]+' \
&& true
# -------------------- blackfire --------------------
RUN set -eux \
&& apt-get update \
\
&& apt-get install -y --no-install-recommends --no-install-suggests \
blackfire-agent \
\
&& rm -rf /var/lib/apt/lists/* \
&& blackfire version \
&& blackfire-agent -v \
\
&& true
# -------------------- mhsendmail --------------------
RUN set -eux \
&& DEB_HOST_ARCH="$( dpkg-architecture --query DEB_HOST_ARCH )" \
&& if [ "${DEB_HOST_ARCH}" = "amd64" ] || [ "${DEB_HOST_ARCH}" = "arm64" ]; then \
MHSENDMAIL_URL="https://github.com/devilbox/mhsendmail/releases/download/v0.3.0/mhsendmail_linux_${DEB_HOST_ARCH}" \
&& curl -sS -L --fail "${MHSENDMAIL_URL}" > /usr/local/bin/mhsendmail \
&& chmod +x /usr/local/bin/mhsendmail; \
else \
printf '%s\n%s\n%s\n' '#!/bin/sh' 'echo "Not available for this platform."' 'exit 1' > /usr/local/bin/mhsendmail \
&& chmod +x /usr/local/bin/mhsendmail; \
fi \
\
&& mhsendmail -h 2>&1 | grep 'Usage' \
&& true
# -------------------- mongo_client --------------------
RUN set -eux \
&& APT_KEY_DONT_WARN_ON_DANGEROUS_USAGE=1 apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv 20691EEC35216C63CAF66CE1656408E390CFB1F5 \
&& echo "deb http://repo.mongodb.org/apt/ubuntu bionic/mongodb-org/4.4 multiverse" > /etc/apt/sources.list.d/mongo.list \
&& apt-get update \
\
&& apt-get install -y --no-install-recommends --no-install-suggests \
mongodb-org-tools \
mongodb-org-shell \
\
&& rm -rf /var/lib/apt/lists/* \
&& if echo '7.2' | grep -E '^(5.2|5.3|5.4|5.5|5.6|7.0)$' >/dev/null; then \
if [ "$(dpkg-architecture --query DEB_BUILD_ARCH)" = "amd64" ]; then \
mongofiles --version; \
fi \
else \
mongofiles --version; \
fi \
\
&& if echo '7.2' | grep -E '^(5.2|5.3|5.4|5.5)$' >/dev/null; then \
if [ "$(dpkg-architecture --query DEB_BUILD_ARCH)" = "amd64" ]; then \
mongo --version; \
fi \
else \
mongo --version; \
fi \
\
&& true
# -------------------- mysqldumpsecure --------------------
RUN set -eux \
&& git clone https://github.com/cytopia/mysqldump-secure.git /usr/local/src/mysqldump-secure \
&& cd /usr/local/src/mysqldump-secure \
&& git checkout $(git describe --abbrev=0 --tags) \
&& cp /usr/local/src/mysqldump-secure/bin/mysqldump-secure /usr/local/bin \
&& cp /usr/local/src/mysqldump-secure/etc/mysqldump-secure.conf /etc \
&& cp /usr/local/src/mysqldump-secure/etc/mysqldump-secure.cnf /etc \
&& touch /var/log/mysqldump-secure.log \
&& chown ${MY_USER}:${MY_GROUP} /etc/mysqldump-secure.* \
&& chown ${MY_USER}:${MY_GROUP} /var/log/mysqldump-secure.log \
&& chmod 0400 /etc/mysqldump-secure.conf \
&& chmod 0400 /etc/mysqldump-secure.cnf \
&& chmod 0644 /var/log/mysqldump-secure.log \
&& sed -i'' 's/^COMPRESS_ARG=.*/COMPRESS_ARG="-9 -c"/g' /etc/mysqldump-secure.conf \
&& sed -i'' 's/^DUMP_DIR=.*/DUMP_DIR="\/shared\/backups\/mysql"/g' /etc/mysqldump-secure.conf \
&& sed -i'' 's/^DUMP_DIR_CHMOD=.*/DUMP_DIR_CHMOD="0755"/g' /etc/mysqldump-secure.conf \
&& sed -i'' 's/^DUMP_FILE_CHMOD=.*/DUMP_FILE_CHMOD="0644"/g' /etc/mysqldump-secure.conf \
&& sed -i'' 's/^LOG_CHMOD=.*/LOG_CHMOD="0644"/g' /etc/mysqldump-secure.conf \
&& sed -i'' 's/^NAGIOS_LOG=.*/NAGIOS_LOG=0/g' /etc/mysqldump-secure.conf \
&& cd / \
&& rm -rf /usr/local/src/mysqldump-secure \
\
&& mysqldump-secure --version | grep -E 'Version:\s*[0-9][.0-9]+' \
&& true
# -------------------- pgsql_client --------------------
RUN set -eux \
&& curl -sS -k -L --fail https://www.postgresql.org/media/keys/ACCC4CF8.asc | APT_KEY_DONT_WARN_ON_DANGEROUS_USAGE=1 apt-key add - \
&& echo "deb http://apt.postgresql.org/pub/repos/apt/ buster-pgdg main" > /etc/apt/sources.list.d/pgsql.list \
&& apt-get update \
\
&& apt-get install -y --no-install-recommends --no-install-suggests \
postgresql-client \
\
&& rm -rf /var/lib/apt/lists/* \
&& if echo '7.2' | grep -E '^(5.2|5.3|5.4|5.5|5.6|7.0)$' >/dev/null; then \
if [ "$(dpkg-architecture --query DEB_BUILD_ARCH)" = "amd64" ]; then \
pg_isready --version; \
fi \
else \
pg_isready --version; \
fi \
\
&& true
###
### Prepare required shared libraries for copying (keep symlinks)
###
RUN set -eux \
&& LIB_GNU_DIR="/lib/$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)" \
&& USR_LIB_DIR="/usr/lib" \
&& USR_LIB_GNU_DIR="/usr/lib/$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)" \
\
&& mkdir /tmp/lib-gnu \
&& mkdir /tmp/usr-lib \
&& mkdir /tmp/usr-lib-gnu \
\
&& LIB_GNU="libreadline" \
&& USR_LIB="libsnappy libtcmalloc libv8" \
&& USR_LIB_GNU="liblua libpq libpcrecpp libboost libjemalloc libunwind libhiredis libedit libyaml-cpp libstemmer libsnappy libpcap libbsd liblzf" \
\
&& for lib in ${LIB_GNU}; do \
if ls -1 "${LIB_GNU_DIR}/" | grep "^${lib}" >/dev/null; then \
echo "Coping '${lib}' from: ${LIB_GNU_DIR}"; \
cp -r ${LIB_GNU_DIR}/${lib}* /tmp/lib-gnu/; \
fi \
done \
&& for lib in ${USR_LIB}; do \
if ls -1 "${USR_LIB_DIR}/" | grep "^${lib}" >/dev/null; then \
echo "Coping '${lib}' from: ${USR_LIB_DIR}"; \
cp -r ${USR_LIB_DIR}/${lib}* /tmp/usr-lib/; \
fi \
done \
&& for lib in ${USR_LIB_GNU}; do \
if ls -1 "${USR_LIB_GNU_DIR}/" | grep "^${lib}" >/dev/null; then \
echo "Coping '${lib}' from: ${USR_LIB_GNU_DIR}"; \
cp -r ${USR_LIB_GNU_DIR}/${lib}* /tmp/usr-lib-gnu/; \
fi \
done
###
### Fix expected PostgreSQL directories
###
### This might not exist on arm64 as software was not available,
### but they are still needed to be present, so we can copy them.
###
RUN set -eux \
&& if [ ! -d "/usr/lib/postgresql" ]; then \
mkdir "/usr/lib/postgresql"; \
fi \
&& if [ ! -d "/usr/share/postgresql-common" ]; then \
mkdir "/usr/share/postgresql-common"; \
fi
###
### Prepare MongoDB binaries for copying.
###
### They might not be available on all architectures (e.g.: arm64).
###
RUN set -eux \
&& mkdir /tmp/mongo \
&& if ls -1 "/usr/bin/" | grep "^mongo" >/dev/null; then \
cp -r /usr/bin/mongo* /tmp/mongo/; \
fi
###
### Strip debugging information to smallen filesize
###
RUN set -eux \
&& STRIP_USR_BINS="blackfire mongo mysql redis sqlite" \
&& STRIP_DIRS="/usr/lib/postgresql/ /usr/share/postgresql-common/ /tmp" \
\
&& for bin in ${STRIP_USR_BINS}; do \
( \
find /usr/bin/ -name "${bin}"* -type f -print0 \
| xargs -n1 -0 -P$(getconf _NPROCESSORS_ONLN) sh -c \
'if [ -f "${1}" ]; then echo "Strip: ${1}"; strip --strip-all -p "${1}" 2>/dev/null || true; fi' -- \
) \
done \
\
&& for dir in ${STRIP_DIRS}; do \
( \
find ${dir} -type f -print0 \
| xargs -n1 -0 -P$(getconf _NPROCESSORS_ONLN) sh -c \
'if [ -f "${1}" ]; then echo "Strip: ${1}"; strip --strip-all -p "${1}" 2>/dev/null || true; fi' -- \
) \
done \
\
&& strip --strip-all -p /usr/local/bin/mhsendmail 2>/dev/null || true \
&& strip --strip-all -p /usr/local/bin/mysqldump-secure 2>/dev/null || true
########################################################################################################################
########################################################################################################################
###
### Stage 2/4: Devilbox slim image (BASE)
###
########################################################################################################################
########################################################################################################################
###
### Copies all cli tools required to run Devilbox and its intranet into a clean image
###
FROM devilbox/php-fpm:7.2-prod as devilbox-slim-base
ARG ARCH
###
### Install tools type: apt
###
RUN set -eux \
&& DEBIAN_FRONTEND=noninteractive apt-get update \
&& DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends --no-install-suggests \
# ---------- type: apt ----------
dnsutils \
iputils-ping \
netcat-openbsd \
sudo \
&& rm -rf /var/lib/apt/lists/*
###
### Copy shared libraries (required by MongoDB, MySQL, PostgreSQL and Redis)
###
COPY --from=devilbox-slim-base-builder /tmp/lib-gnu/ /lib/${ARCH}-linux-gnu/
COPY --from=devilbox-slim-base-builder /tmp/usr-lib-gnu/ /usr/lib/${ARCH}-linux-gnu/
COPY --from=devilbox-slim-base-builder /tmp/usr-lib/ /usr/lib/
###
### Copy system files
###
COPY --from=devilbox-slim-base-builder /etc/group /etc/group
COPY --from=devilbox-slim-base-builder /etc/passwd /etc/passwd
COPY --from=devilbox-slim-base-builder /etc/shadow /etc/shadow
###
### Copy Blackfire
###
COPY --from=devilbox-slim-base-builder /etc/blackfire /etc/blackfire
COPY --from=devilbox-slim-base-builder /etc/default/blackfire-agent /etc/default/blackfire-agent
COPY --from=devilbox-slim-base-builder /usr/bin/blackfire* /usr/bin/
COPY --from=devilbox-slim-base-builder /var/log/blackfire /var/log/blackfire
###
### Copy mhsendmail
###
COPY --from=devilbox-slim-base-builder /usr/local/bin/mhsendmail /usr/local/bin/
###
### Copy MongoDB client (if exists)
###
COPY --from=devilbox-slim-base-builder /tmp/mongo/ /usr/bin/
###
### Copy MysQL Client
###
COPY --from=devilbox-slim-base-builder /usr/bin/mysql* /usr/bin/
###
### Copy mysqldump-secure
###
COPY --from=devilbox-slim-base-builder /usr/local/bin/mysqldump-secure /usr/local/bin/
COPY --from=devilbox-slim-base-builder /etc/mysqldump-secure.conf /etc/
COPY --from=devilbox-slim-base-builder /etc/mysqldump-secure.cnf /etc/
COPY --from=devilbox-slim-base-builder /var/log/mysqldump-secure.log /var/log/
###
### Copy PostgreSQL
###
COPY --from=devilbox-slim-base-builder /usr/lib/postgresql /usr/lib/postgresql
COPY --from=devilbox-slim-base-builder /usr/share/postgresql-common /usr/share/postgresql-common
COPY --from=devilbox-slim-base-builder /usr/share/perl5 /usr/share/perl5
###
### Create PostgreSQL symlinks
###
RUN set -eux \
&& if [ -f "/usr/share/postgresql-common/pg_wrapper" ]; then \
ln -s ../share/postgresql-common/pg_wrapper /usr/bin/clusterdb \
&& ln -s ../share/postgresql-common/pg_wrapper /usr/bin/createdb \
&& ln -s ../share/postgresql-common/pg_wrapper /usr/bin/createlang \
&& ln -s ../share/postgresql-common/pg_wrapper /usr/bin/createuser \
&& ln -s ../share/postgresql-common/pg_wrapper /usr/bin/dropdb \
&& ln -s ../share/postgresql-common/pg_wrapper /usr/bin/droplang \
&& ln -s ../share/postgresql-common/pg_wrapper /usr/bin/dropuser \
&& ln -s ../share/postgresql-common/pg_wrapper /usr/bin/pg_basebackup \
&& ln -s ../share/postgresql-common/pg_wrapper /usr/bin/pg_dump \
&& ln -s ../share/postgresql-common/pg_wrapper /usr/bin/pg_dumpall \
&& ln -s ../share/postgresql-common/pg_wrapper /usr/bin/pg_isready \
&& ln -s ../share/postgresql-common/pg_wrapper /usr/bin/pg_receivewal \
&& ln -s ../share/postgresql-common/pg_wrapper /usr/bin/pg_receivexlog \
&& ln -s ../share/postgresql-common/pg_wrapper /usr/bin/pg_recvlogical \
&& ln -s ../share/postgresql-common/pg_wrapper /usr/bin/pg_restore \
&& ln -s ../share/postgresql-common/pg_wrapper /usr/bin/pgbench \
&& ln -s ../share/postgresql-common/pg_wrapper /usr/bin/psql \
&& ln -s ../share/postgresql-common/pg_wrapper /usr/bin/reindexdb \
&& ln -s ../share/postgresql-common/pg_wrapper /usr/bin/vacuumdb \
&& ln -s ../share/postgresql-common/pg_wrapper /usr/bin/vacuumlo; \
fi
###
### Copy Redis Client
###
COPY --from=devilbox-slim-base-builder /usr/bin/redis* /usr/bin/
###
### Copy SQLite Client
###
COPY --from=devilbox-slim-base-builder /usr/bin/sqlite* /usr/bin/
###
### ADD PHP configuration files
###
COPY ./data/php-ini.d/php-7.2.ini /usr/local/etc/php/conf.d/xxx-devilbox-default-php.ini
COPY ./data/php-fpm.conf/php-fpm-7.2.conf /usr/local/etc/php-fpm.conf
###
### ADD Devilbox configuration files
###
COPY ./data/docker-entrypoint.sh /docker-entrypoint.sh
COPY ./data/docker-entrypoint.d/*.sh /docker-entrypoint.d/
COPY ./data/bash-devilbox /etc/bash-devilbox
COPY ./data/sudo-devilbox /etc/sudoers.d/devilbox
###
### Configure Bash
###
RUN set -eux \
&& { \
echo; \
echo "# [Devilbox] Ensure /usr/local(s)?bin is in PATH"; \
echo 'PATH="${PATH}:/usr/local/bin:/usr/local/sbin"'; \
echo "export PATH"; \
echo; \
echo "# [Devilbox] Source Devilbox main bash config"; \
echo ". /etc/bash-devilbox"; \
echo; \
echo "# [Devilbox] Source Devilbox custom configs"; \
echo "if [ -d /etc/bashrc-devilbox.d/ ]; then"; \
echo " for f in /etc/bashrc-devilbox.d/*.sh ; do"; \
echo " if [ -r \"\${f}\" ]; then"; \
echo " . \"\${f}\""; \
echo " fi"; \
echo " done"; \
echo " unset f"; \
echo "fi"; \
} | tee -a /home/${MY_USER}/.bashrc /root/.bashrc \
&& chown ${MY_USER}:${MY_GROUP} /home/${MY_USER}/.bashrc
########################################################################################################################
########################################################################################################################
###
### Stage 3/4: Devilbox slim image (BASE TEST)
###
########################################################################################################################
########################################################################################################################
###
### Test all Devilbox cli utils if copying was successful
###
FROM devilbox-slim-base as devilbox-slim-base-test
RUN set -eux \
&& mysql --version \
&& redis-cli --version \
&& sqlite3 --version
###
### Check if available tools slim
###
# -------------------- dig --------------------
RUN set -eux \
&& dig -v 2>&1 | grep -E '[0-9]\.[0-9]' \
&& true
# -------------------- netcat --------------------
RUN set -eux \
&& nc -h 2>&1 | grep netcat \
&& true
# -------------------- ping --------------------
RUN set -eux \
&& ping -V | grep ^ping \
&& true
# -------------------- sudo --------------------
RUN set -eux \
&& sudo --version | grep -E 'version [0-9]+\.[0-9]+' \
&& true
# -------------------- blackfire --------------------
RUN set -eux \
&& blackfire version \
&& blackfire-agent -v \
\
&& true
# -------------------- mhsendmail --------------------
RUN set -eux \
&& mhsendmail -h 2>&1 | grep 'Usage' \
&& true
# -------------------- mongo_client --------------------
RUN set -eux \
&& if echo '7.2' | grep -E '^(5.2|5.3|5.4|5.5|5.6|7.0)$' >/dev/null; then \
if [ "$(dpkg-architecture --query DEB_BUILD_ARCH)" = "amd64" ]; then \
mongofiles --version; \
fi \
else \
mongofiles --version; \
fi \
\
&& if echo '7.2' | grep -E '^(5.2|5.3|5.4|5.5)$' >/dev/null; then \
if [ "$(dpkg-architecture --query DEB_BUILD_ARCH)" = "amd64" ]; then \
mongo --version; \
fi \
else \
mongo --version; \
fi \
\
&& true
# -------------------- mysqldumpsecure --------------------
RUN set -eux \
&& mysqldump-secure --version | grep -E 'Version:\s*[0-9][.0-9]+' \
&& true
# -------------------- pgsql_client --------------------
RUN set -eux \
&& if echo '7.2' | grep -E '^(5.2|5.3|5.4|5.5|5.6|7.0)$' >/dev/null; then \
if [ "$(dpkg-architecture --query DEB_BUILD_ARCH)" = "amd64" ]; then \
pg_isready --version; \
fi \
else \
pg_isready --version; \
fi \
\
&& true
###
### Re-activate modules which have been deactivated in mods (for testing).
###
RUN set -eux \
&& if find /usr/local/lib/php/extensions/ -name phalcon.so | grep phalcon; then \
echo "extension=phalcon.so" > /usr/local/etc/php/conf.d/docker-php-ext-phalcon.ini; \
fi \
&& if find /usr/local/lib/php/extensions/ -name psr.so | grep psr; then \
echo "extension=psr.so" > /usr/local/etc/php/conf.d/docker-php-ext-psr.ini; \
fi
###
### Check if PHP still works
###
RUN set -eux \
&& echo "date.timezone=UTC" > /usr/local/etc/php/php.ini \
&& php -v | grep -oE 'PHP\s[.0-9]+' | grep -oE '[.0-9]+' | grep '^7.2' \
&& /usr/local/sbin/php-fpm --test \
\
&& PHP_ERROR="$( php -v 2>&1 1>/dev/null )" \
&& if [ -n "${PHP_ERROR}" ]; then echo "${PHP_ERROR}"; false; fi \
&& PHP_ERROR="$( php -i 2>&1 1>/dev/null )" \
&& if [ -n "${PHP_ERROR}" ]; then echo "${PHP_ERROR}"; false; fi \
\
&& PHP_FPM_ERROR="$( php-fpm -v 2>&1 1>/dev/null )" \
&& if [ -n "${PHP_FPM_ERROR}" ]; then echo "${PHP_FPM_ERROR}"; false; fi \
&& PHP_FPM_ERROR="$( php-fpm -i 2>&1 1>/dev/null )" \
&& if [ -n "${PHP_FPM_ERROR}" ]; then echo "${PHP_FPM_ERROR}"; false; fi \
&& rm -f /usr/local/etc/php/php.ini
########################################################################################################################
########################################################################################################################
###
### Stage 4/4: Devilbox slim image (FINAL)
###
########################################################################################################################
########################################################################################################################
###
### Prepare final base image (STAGE: slim)
###
FROM devilbox-slim-base as slim
MAINTAINER "cytopia" <cytopia@everythingcli.org>
###
### Labels
###
# https://github.com/opencontainers/image-spec/blob/master/annotations.md
#LABEL "org.opencontainers.image.created"=""
#LABEL "org.opencontainers.image.version"=""
#LABEL "org.opencontainers.image.revision"=""
LABEL "maintainer"="cytopia <cytopia@everythingcli.org>"
LABEL "org.opencontainers.image.authors"="cytopia <cytopia@everythingcli.org>"
LABEL "org.opencontainers.image.url"="https://github.com/devilbox/docker-php-fpm"
LABEL "org.opencontainers.image.documentation"="https://github.com/devilbox/docker-php-fpm"
LABEL "org.opencontainers.image.source"="https://github.com/devilbox/docker-php-fpm"
LABEL "org.opencontainers.image.vendor"="devilbox"
LABEL "org.opencontainers.image.licenses"="MIT"
LABEL "org.opencontainers.image.ref.name"="7.2-slim"
LABEL "org.opencontainers.image.title"="PHP-FPM 7.2-slim"
LABEL "org.opencontainers.image.description"="PHP-FPM 7.2-slim"
###
### Volumes
###
VOLUME /shared/backups
VOLUME /var/log/php
VOLUME /var/mail
###
### Ports
###
EXPOSE 9000
###
### Where to start inside the container
###
WORKDIR /shared/httpd
###
### Entrypoint
###
CMD ["/usr/bin/supervisord", "-c", "/etc/supervisor/supervisord.conf"]
ENTRYPOINT ["/docker-entrypoint.sh"]

620
Dockerfiles/slim/Dockerfile-7.3 Normal file
View File

@@ -0,0 +1,620 @@
# vi: ft=dockerfile
# Auto-generated via Ansible: edit ./ansible/DOCKERFILES/Dockerfile-slim.j2 instead.
########################################################################################################################
########################################################################################################################
###
### Stage 1/4: Devilbox slim image (BASE BUILDER)
###
########################################################################################################################
########################################################################################################################
###
### Installs all cli tools required to run Devilbox and its intranet
###
FROM devilbox/php-fpm:7.3-prod as devilbox-slim-base-builder
###
### Install apt Tools
###
RUN set -eux \
&& DEBIAN_FRONTEND=noninteractive apt-get update \
&& DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends --no-install-suggests \
apt-transport-https \
ca-certificates \
curl \
dirmngr \
gnupg
###
### Add apt repositories
###
RUN set -eux \
&& apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 648ACFD622F3D138 \
&& echo "deb http://ftp.debian.org/debian bullseye-backports main" > /etc/apt/sources.list.d/backports.list \
&& curl -sS -L --fail "https://packages.blackfire.io/gpg.key" | APT_KEY_DONT_WARN_ON_DANGEROUS_USAGE=1 apt-key add - \
&& echo "deb http://packages.blackfire.io/debian any main" > /etc/apt/sources.list.d/blackfire.list \
&& true
###
### Install build_dep
###
RUN set -eux \
&& DEBIAN_FRONTEND=noninteractive apt-get update \
&& DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends --no-install-suggests \
libsnappy-dev \
&& rm -rf /var/lib/apt/lists/*
###
### Add common tools
###
RUN set -eux \
&& DEBIAN_FRONTEND=noninteractive apt-get update \
&& DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends --no-install-suggests \
file \
git \
mariadb-client \
redis-tools \
sqlite3
###
### Install tools type: apt
###
RUN set -eux \
&& DEBIAN_FRONTEND=noninteractive apt-get update \
&& DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends --no-install-suggests \
# ---------- type: apt ----------
dnsutils \
iputils-ping \
netcat-openbsd \
sudo \
&& rm -rf /var/lib/apt/lists/*
###
### Devilbox required cli tools from group_vars (slim.yml)
###
# -------------------- dig --------------------
RUN set -eux \
&& dig -v 2>&1 | grep -E '[0-9]\.[0-9]' \
&& true
# -------------------- netcat --------------------
RUN set -eux \
&& nc -h 2>&1 | grep netcat \
&& true
# -------------------- ping --------------------
RUN set -eux \
&& ping -V | grep ^ping \
&& true
# -------------------- sudo --------------------
RUN set -eux \
&& sudo --version | grep -E 'version [0-9]+\.[0-9]+' \
&& true
# -------------------- blackfire --------------------
RUN set -eux \
&& apt-get update \
\
&& apt-get install -y --no-install-recommends --no-install-suggests \
blackfire-agent \
\
&& rm -rf /var/lib/apt/lists/* \
&& blackfire version \
&& blackfire-agent -v \
\
&& true
# -------------------- mhsendmail --------------------
RUN set -eux \
&& DEB_HOST_ARCH="$( dpkg-architecture --query DEB_HOST_ARCH )" \
&& if [ "${DEB_HOST_ARCH}" = "amd64" ] || [ "${DEB_HOST_ARCH}" = "arm64" ]; then \
MHSENDMAIL_URL="https://github.com/devilbox/mhsendmail/releases/download/v0.3.0/mhsendmail_linux_${DEB_HOST_ARCH}" \
&& curl -sS -L --fail "${MHSENDMAIL_URL}" > /usr/local/bin/mhsendmail \
&& chmod +x /usr/local/bin/mhsendmail; \
else \
printf '%s\n%s\n%s\n' '#!/bin/sh' 'echo "Not available for this platform."' 'exit 1' > /usr/local/bin/mhsendmail \
&& chmod +x /usr/local/bin/mhsendmail; \
fi \
\
&& mhsendmail -h 2>&1 | grep 'Usage' \
&& true
# -------------------- mongo_client --------------------
RUN set -eux \
&& APT_KEY_DONT_WARN_ON_DANGEROUS_USAGE=1 apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv 20691EEC35216C63CAF66CE1656408E390CFB1F5 \
&& echo "deb http://repo.mongodb.org/apt/ubuntu focal/mongodb-org/4.4 multiverse" > /etc/apt/sources.list.d/mongo.list \
&& apt-get update \
\
&& apt-get install -y --no-install-recommends --no-install-suggests \
mongodb-org-tools \
mongodb-org-shell \
\
&& rm -rf /var/lib/apt/lists/* \
&& if echo '7.3' | grep -E '^(5.2|5.3|5.4|5.5|5.6|7.0)$' >/dev/null; then \
if [ "$(dpkg-architecture --query DEB_BUILD_ARCH)" = "amd64" ]; then \
mongofiles --version; \
fi \
else \
mongofiles --version; \
fi \
\
&& if echo '7.3' | grep -E '^(5.2|5.3|5.4|5.5)$' >/dev/null; then \
if [ "$(dpkg-architecture --query DEB_BUILD_ARCH)" = "amd64" ]; then \
mongo --version; \
fi \
else \
mongo --version; \
fi \
\
&& true
# -------------------- mysqldumpsecure --------------------
RUN set -eux \
&& git clone https://github.com/cytopia/mysqldump-secure.git /usr/local/src/mysqldump-secure \
&& cd /usr/local/src/mysqldump-secure \
&& git checkout $(git describe --abbrev=0 --tags) \
&& cp /usr/local/src/mysqldump-secure/bin/mysqldump-secure /usr/local/bin \
&& cp /usr/local/src/mysqldump-secure/etc/mysqldump-secure.conf /etc \
&& cp /usr/local/src/mysqldump-secure/etc/mysqldump-secure.cnf /etc \
&& touch /var/log/mysqldump-secure.log \
&& chown ${MY_USER}:${MY_GROUP} /etc/mysqldump-secure.* \
&& chown ${MY_USER}:${MY_GROUP} /var/log/mysqldump-secure.log \
&& chmod 0400 /etc/mysqldump-secure.conf \
&& chmod 0400 /etc/mysqldump-secure.cnf \
&& chmod 0644 /var/log/mysqldump-secure.log \
&& sed -i'' 's/^COMPRESS_ARG=.*/COMPRESS_ARG="-9 -c"/g' /etc/mysqldump-secure.conf \
&& sed -i'' 's/^DUMP_DIR=.*/DUMP_DIR="\/shared\/backups\/mysql"/g' /etc/mysqldump-secure.conf \
&& sed -i'' 's/^DUMP_DIR_CHMOD=.*/DUMP_DIR_CHMOD="0755"/g' /etc/mysqldump-secure.conf \
&& sed -i'' 's/^DUMP_FILE_CHMOD=.*/DUMP_FILE_CHMOD="0644"/g' /etc/mysqldump-secure.conf \
&& sed -i'' 's/^LOG_CHMOD=.*/LOG_CHMOD="0644"/g' /etc/mysqldump-secure.conf \
&& sed -i'' 's/^NAGIOS_LOG=.*/NAGIOS_LOG=0/g' /etc/mysqldump-secure.conf \
&& cd / \
&& rm -rf /usr/local/src/mysqldump-secure \
\
&& mysqldump-secure --version | grep -E 'Version:\s*[0-9][.0-9]+' \
&& true
# -------------------- pgsql_client --------------------
RUN set -eux \
&& curl -sS -k -L --fail https://www.postgresql.org/media/keys/ACCC4CF8.asc | APT_KEY_DONT_WARN_ON_DANGEROUS_USAGE=1 apt-key add - \
&& echo "deb http://apt.postgresql.org/pub/repos/apt/ bullseye-pgdg main" > /etc/apt/sources.list.d/pgsql.list \
&& apt-get update \
\
&& apt-get install -y --no-install-recommends --no-install-suggests \
postgresql-client \
\
&& rm -rf /var/lib/apt/lists/* \
&& if echo '7.3' | grep -E '^(5.2|5.3|5.4|5.5|5.6|7.0)$' >/dev/null; then \
if [ "$(dpkg-architecture --query DEB_BUILD_ARCH)" = "amd64" ]; then \
pg_isready --version; \
fi \
else \
pg_isready --version; \
fi \
\
&& true
###
### Prepare required shared libraries for copying (keep symlinks)
###
RUN set -eux \
&& LIB_GNU_DIR="/lib/$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)" \
&& USR_LIB_DIR="/usr/lib" \
&& USR_LIB_GNU_DIR="/usr/lib/$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)" \
\
&& mkdir /tmp/lib-gnu \
&& mkdir /tmp/usr-lib \
&& mkdir /tmp/usr-lib-gnu \
\
&& LIB_GNU="libreadline" \
&& USR_LIB="libsnappy libtcmalloc libv8" \
&& USR_LIB_GNU="liblua libpq libpcrecpp libboost libjemalloc libunwind libhiredis libedit libyaml-cpp libstemmer libsnappy libpcap libbsd liblzf" \
\
&& for lib in ${LIB_GNU}; do \
if ls -1 "${LIB_GNU_DIR}/" | grep "^${lib}" >/dev/null; then \
echo "Coping '${lib}' from: ${LIB_GNU_DIR}"; \
cp -r ${LIB_GNU_DIR}/${lib}* /tmp/lib-gnu/; \
fi \
done \
&& for lib in ${USR_LIB}; do \
if ls -1 "${USR_LIB_DIR}/" | grep "^${lib}" >/dev/null; then \
echo "Coping '${lib}' from: ${USR_LIB_DIR}"; \
cp -r ${USR_LIB_DIR}/${lib}* /tmp/usr-lib/; \
fi \
done \
&& for lib in ${USR_LIB_GNU}; do \
if ls -1 "${USR_LIB_GNU_DIR}/" | grep "^${lib}" >/dev/null; then \
echo "Coping '${lib}' from: ${USR_LIB_GNU_DIR}"; \
cp -r ${USR_LIB_GNU_DIR}/${lib}* /tmp/usr-lib-gnu/; \
fi \
done
###
### Fix expected PostgreSQL directories
###
### This might not exist on arm64 as software was not available,
### but they are still needed to be present, so we can copy them.
###
RUN set -eux \
&& if [ ! -d "/usr/lib/postgresql" ]; then \
mkdir "/usr/lib/postgresql"; \
fi \
&& if [ ! -d "/usr/share/postgresql-common" ]; then \
mkdir "/usr/share/postgresql-common"; \
fi
###
### Prepare MongoDB binaries for copying.
###
### They might not be available on all architectures (e.g.: arm64).
###
RUN set -eux \
&& mkdir /tmp/mongo \
&& if ls -1 "/usr/bin/" | grep "^mongo" >/dev/null; then \
cp -r /usr/bin/mongo* /tmp/mongo/; \
fi
###
### Strip debugging information to smallen filesize
###
RUN set -eux \
&& STRIP_USR_BINS="blackfire mongo mysql redis sqlite" \
&& STRIP_DIRS="/usr/lib/postgresql/ /usr/share/postgresql-common/ /tmp" \
\
&& for bin in ${STRIP_USR_BINS}; do \
( \
find /usr/bin/ -name "${bin}"* -type f -print0 \
| xargs -n1 -0 -P$(getconf _NPROCESSORS_ONLN) sh -c \
'if [ -f "${1}" ]; then echo "Strip: ${1}"; strip --strip-all -p "${1}" 2>/dev/null || true; fi' -- \
) \
done \
\
&& for dir in ${STRIP_DIRS}; do \
( \
find ${dir} -type f -print0 \
| xargs -n1 -0 -P$(getconf _NPROCESSORS_ONLN) sh -c \
'if [ -f "${1}" ]; then echo "Strip: ${1}"; strip --strip-all -p "${1}" 2>/dev/null || true; fi' -- \
) \
done \
\
&& strip --strip-all -p /usr/local/bin/mhsendmail 2>/dev/null || true \
&& strip --strip-all -p /usr/local/bin/mysqldump-secure 2>/dev/null || true
########################################################################################################################
########################################################################################################################
###
### Stage 2/4: Devilbox slim image (BASE)
###
########################################################################################################################
########################################################################################################################
###
### Copies all cli tools required to run Devilbox and its intranet into a clean image
###
FROM devilbox/php-fpm:7.3-prod as devilbox-slim-base
ARG ARCH
###
### Install tools type: apt
###
RUN set -eux \
&& DEBIAN_FRONTEND=noninteractive apt-get update \
&& DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends --no-install-suggests \
# ---------- type: apt ----------
dnsutils \
iputils-ping \
netcat-openbsd \
sudo \
&& rm -rf /var/lib/apt/lists/*
###
### Copy shared libraries (required by MongoDB, MySQL, PostgreSQL and Redis)
###
COPY --from=devilbox-slim-base-builder /tmp/lib-gnu/ /lib/${ARCH}-linux-gnu/
COPY --from=devilbox-slim-base-builder /tmp/usr-lib-gnu/ /usr/lib/${ARCH}-linux-gnu/
COPY --from=devilbox-slim-base-builder /tmp/usr-lib/ /usr/lib/
###
### Copy system files
###
COPY --from=devilbox-slim-base-builder /etc/group /etc/group
COPY --from=devilbox-slim-base-builder /etc/passwd /etc/passwd
COPY --from=devilbox-slim-base-builder /etc/shadow /etc/shadow
###
### Copy Blackfire
###
COPY --from=devilbox-slim-base-builder /etc/blackfire /etc/blackfire
COPY --from=devilbox-slim-base-builder /etc/default/blackfire-agent /etc/default/blackfire-agent
COPY --from=devilbox-slim-base-builder /usr/bin/blackfire* /usr/bin/
COPY --from=devilbox-slim-base-builder /var/log/blackfire /var/log/blackfire
###
### Copy mhsendmail
###
COPY --from=devilbox-slim-base-builder /usr/local/bin/mhsendmail /usr/local/bin/
###
### Copy MongoDB client (if exists)
###
COPY --from=devilbox-slim-base-builder /tmp/mongo/ /usr/bin/
###
### Copy MysQL Client
###
COPY --from=devilbox-slim-base-builder /usr/bin/mysql* /usr/bin/
###
### Copy mysqldump-secure
###
COPY --from=devilbox-slim-base-builder /usr/local/bin/mysqldump-secure /usr/local/bin/
COPY --from=devilbox-slim-base-builder /etc/mysqldump-secure.conf /etc/
COPY --from=devilbox-slim-base-builder /etc/mysqldump-secure.cnf /etc/
COPY --from=devilbox-slim-base-builder /var/log/mysqldump-secure.log /var/log/
###
### Copy PostgreSQL
###
COPY --from=devilbox-slim-base-builder /usr/lib/postgresql /usr/lib/postgresql
COPY --from=devilbox-slim-base-builder /usr/share/postgresql-common /usr/share/postgresql-common
COPY --from=devilbox-slim-base-builder /usr/share/perl5 /usr/share/perl5
###
### Create PostgreSQL symlinks
###
RUN set -eux \
&& if [ -f "/usr/share/postgresql-common/pg_wrapper" ]; then \
ln -s ../share/postgresql-common/pg_wrapper /usr/bin/clusterdb \
&& ln -s ../share/postgresql-common/pg_wrapper /usr/bin/createdb \
&& ln -s ../share/postgresql-common/pg_wrapper /usr/bin/createlang \
&& ln -s ../share/postgresql-common/pg_wrapper /usr/bin/createuser \
&& ln -s ../share/postgresql-common/pg_wrapper /usr/bin/dropdb \
&& ln -s ../share/postgresql-common/pg_wrapper /usr/bin/droplang \
&& ln -s ../share/postgresql-common/pg_wrapper /usr/bin/dropuser \
&& ln -s ../share/postgresql-common/pg_wrapper /usr/bin/pg_basebackup \
&& ln -s ../share/postgresql-common/pg_wrapper /usr/bin/pg_dump \
&& ln -s ../share/postgresql-common/pg_wrapper /usr/bin/pg_dumpall \
&& ln -s ../share/postgresql-common/pg_wrapper /usr/bin/pg_isready \
&& ln -s ../share/postgresql-common/pg_wrapper /usr/bin/pg_receivewal \
&& ln -s ../share/postgresql-common/pg_wrapper /usr/bin/pg_receivexlog \
&& ln -s ../share/postgresql-common/pg_wrapper /usr/bin/pg_recvlogical \
&& ln -s ../share/postgresql-common/pg_wrapper /usr/bin/pg_restore \
&& ln -s ../share/postgresql-common/pg_wrapper /usr/bin/pgbench \
&& ln -s ../share/postgresql-common/pg_wrapper /usr/bin/psql \
&& ln -s ../share/postgresql-common/pg_wrapper /usr/bin/reindexdb \
&& ln -s ../share/postgresql-common/pg_wrapper /usr/bin/vacuumdb \
&& ln -s ../share/postgresql-common/pg_wrapper /usr/bin/vacuumlo; \
fi
###
### Copy Redis Client
###
COPY --from=devilbox-slim-base-builder /usr/bin/redis* /usr/bin/
###
### Copy SQLite Client
###
COPY --from=devilbox-slim-base-builder /usr/bin/sqlite* /usr/bin/
###
### ADD PHP configuration files
###
COPY ./data/php-ini.d/php-7.3.ini /usr/local/etc/php/conf.d/xxx-devilbox-default-php.ini
COPY ./data/php-fpm.conf/php-fpm-7.3.conf /usr/local/etc/php-fpm.conf
###
### ADD Devilbox configuration files
###
COPY ./data/docker-entrypoint.sh /docker-entrypoint.sh
COPY ./data/docker-entrypoint.d/*.sh /docker-entrypoint.d/
COPY ./data/bash-devilbox /etc/bash-devilbox
COPY ./data/sudo-devilbox /etc/sudoers.d/devilbox
###
### Configure Bash
###
RUN set -eux \
&& { \
echo; \
echo "# [Devilbox] Ensure /usr/local(s)?bin is in PATH"; \
echo 'PATH="${PATH}:/usr/local/bin:/usr/local/sbin"'; \
echo "export PATH"; \
echo; \
echo "# [Devilbox] Source Devilbox main bash config"; \
echo ". /etc/bash-devilbox"; \
echo; \
echo "# [Devilbox] Source Devilbox custom configs"; \
echo "if [ -d /etc/bashrc-devilbox.d/ ]; then"; \
echo " for f in /etc/bashrc-devilbox.d/*.sh ; do"; \
echo " if [ -r \"\${f}\" ]; then"; \
echo " . \"\${f}\""; \
echo " fi"; \
echo " done"; \
echo " unset f"; \
echo "fi"; \
} | tee -a /home/${MY_USER}/.bashrc /root/.bashrc \
&& chown ${MY_USER}:${MY_GROUP} /home/${MY_USER}/.bashrc
########################################################################################################################
########################################################################################################################
###
### Stage 3/4: Devilbox slim image (BASE TEST)
###
########################################################################################################################
########################################################################################################################
###
### Test all Devilbox cli utils if copying was successful
###
FROM devilbox-slim-base as devilbox-slim-base-test
RUN set -eux \
&& mysql --version \
&& redis-cli --version \
&& sqlite3 --version
###
### Check if available tools slim
###
# -------------------- dig --------------------
RUN set -eux \
&& dig -v 2>&1 | grep -E '[0-9]\.[0-9]' \
&& true
# -------------------- netcat --------------------
RUN set -eux \
&& nc -h 2>&1 | grep netcat \
&& true
# -------------------- ping --------------------
RUN set -eux \
&& ping -V | grep ^ping \
&& true
# -------------------- sudo --------------------
RUN set -eux \
&& sudo --version | grep -E 'version [0-9]+\.[0-9]+' \
&& true
# -------------------- blackfire --------------------
RUN set -eux \
&& blackfire version \
&& blackfire-agent -v \
\
&& true
# -------------------- mhsendmail --------------------
RUN set -eux \
&& mhsendmail -h 2>&1 | grep 'Usage' \
&& true
# -------------------- mongo_client --------------------
RUN set -eux \
&& if echo '7.3' | grep -E '^(5.2|5.3|5.4|5.5|5.6|7.0)$' >/dev/null; then \
if [ "$(dpkg-architecture --query DEB_BUILD_ARCH)" = "amd64" ]; then \
mongofiles --version; \
fi \
else \
mongofiles --version; \
fi \
\
&& if echo '7.3' | grep -E '^(5.2|5.3|5.4|5.5)$' >/dev/null; then \
if [ "$(dpkg-architecture --query DEB_BUILD_ARCH)" = "amd64" ]; then \
mongo --version; \
fi \
else \
mongo --version; \
fi \
\
&& true
# -------------------- mysqldumpsecure --------------------
RUN set -eux \
&& mysqldump-secure --version | grep -E 'Version:\s*[0-9][.0-9]+' \
&& true
# -------------------- pgsql_client --------------------
RUN set -eux \
&& if echo '7.3' | grep -E '^(5.2|5.3|5.4|5.5|5.6|7.0)$' >/dev/null; then \
if [ "$(dpkg-architecture --query DEB_BUILD_ARCH)" = "amd64" ]; then \
pg_isready --version; \
fi \
else \
pg_isready --version; \
fi \
\
&& true
###
### Re-activate modules which have been deactivated in mods (for testing).
###
RUN set -eux \
&& if find /usr/local/lib/php/extensions/ -name phalcon.so | grep phalcon; then \
echo "extension=phalcon.so" > /usr/local/etc/php/conf.d/docker-php-ext-phalcon.ini; \
fi \
&& if find /usr/local/lib/php/extensions/ -name psr.so | grep psr; then \
echo "extension=psr.so" > /usr/local/etc/php/conf.d/docker-php-ext-psr.ini; \
fi
###
### Check if PHP still works
###
RUN set -eux \
&& echo "date.timezone=UTC" > /usr/local/etc/php/php.ini \
&& php -v | grep -oE 'PHP\s[.0-9]+' | grep -oE '[.0-9]+' | grep '^7.3' \
&& /usr/local/sbin/php-fpm --test \
\
&& PHP_ERROR="$( php -v 2>&1 1>/dev/null )" \
&& if [ -n "${PHP_ERROR}" ]; then echo "${PHP_ERROR}"; false; fi \
&& PHP_ERROR="$( php -i 2>&1 1>/dev/null )" \
&& if [ -n "${PHP_ERROR}" ]; then echo "${PHP_ERROR}"; false; fi \
\
&& PHP_FPM_ERROR="$( php-fpm -v 2>&1 1>/dev/null )" \
&& if [ -n "${PHP_FPM_ERROR}" ]; then echo "${PHP_FPM_ERROR}"; false; fi \
&& PHP_FPM_ERROR="$( php-fpm -i 2>&1 1>/dev/null )" \
&& if [ -n "${PHP_FPM_ERROR}" ]; then echo "${PHP_FPM_ERROR}"; false; fi \
&& rm -f /usr/local/etc/php/php.ini
########################################################################################################################
########################################################################################################################
###
### Stage 4/4: Devilbox slim image (FINAL)
###
########################################################################################################################
########################################################################################################################
###
### Prepare final base image (STAGE: slim)
###
FROM devilbox-slim-base as slim
MAINTAINER "cytopia" <cytopia@everythingcli.org>
###
### Labels
###
# https://github.com/opencontainers/image-spec/blob/master/annotations.md
#LABEL "org.opencontainers.image.created"=""
#LABEL "org.opencontainers.image.version"=""
#LABEL "org.opencontainers.image.revision"=""
LABEL "maintainer"="cytopia <cytopia@everythingcli.org>"
LABEL "org.opencontainers.image.authors"="cytopia <cytopia@everythingcli.org>"
LABEL "org.opencontainers.image.url"="https://github.com/devilbox/docker-php-fpm"
LABEL "org.opencontainers.image.documentation"="https://github.com/devilbox/docker-php-fpm"
LABEL "org.opencontainers.image.source"="https://github.com/devilbox/docker-php-fpm"
LABEL "org.opencontainers.image.vendor"="devilbox"
LABEL "org.opencontainers.image.licenses"="MIT"
LABEL "org.opencontainers.image.ref.name"="7.3-slim"
LABEL "org.opencontainers.image.title"="PHP-FPM 7.3-slim"
LABEL "org.opencontainers.image.description"="PHP-FPM 7.3-slim"
###
### Volumes
###
VOLUME /shared/backups
VOLUME /var/log/php
VOLUME /var/mail
###
### Ports
###
EXPOSE 9000
###
### Where to start inside the container
###
WORKDIR /shared/httpd
###
### Entrypoint
###
CMD ["/usr/bin/supervisord", "-c", "/etc/supervisor/supervisord.conf"]
ENTRYPOINT ["/docker-entrypoint.sh"]

620
Dockerfiles/slim/Dockerfile-7.4 Normal file
View File

@@ -0,0 +1,620 @@
# vi: ft=dockerfile
# Auto-generated via Ansible: edit ./ansible/DOCKERFILES/Dockerfile-slim.j2 instead.
########################################################################################################################
########################################################################################################################
###
### Stage 1/4: Devilbox slim image (BASE BUILDER)
###
########################################################################################################################
########################################################################################################################
###
### Installs all cli tools required to run Devilbox and its intranet
###
FROM devilbox/php-fpm:7.4-prod as devilbox-slim-base-builder
###
### Install apt Tools
###
RUN set -eux \
&& DEBIAN_FRONTEND=noninteractive apt-get update \
&& DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends --no-install-suggests \
apt-transport-https \
ca-certificates \
curl \
dirmngr \
gnupg
###
### Add apt repositories
###
RUN set -eux \
&& apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 648ACFD622F3D138 \
&& echo "deb http://ftp.debian.org/debian bullseye-backports main" > /etc/apt/sources.list.d/backports.list \
&& curl -sS -L --fail "https://packages.blackfire.io/gpg.key" | APT_KEY_DONT_WARN_ON_DANGEROUS_USAGE=1 apt-key add - \
&& echo "deb http://packages.blackfire.io/debian any main" > /etc/apt/sources.list.d/blackfire.list \
&& true
###
### Install build_dep
###
RUN set -eux \
&& DEBIAN_FRONTEND=noninteractive apt-get update \
&& DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends --no-install-suggests \
libsnappy-dev \
&& rm -rf /var/lib/apt/lists/*
###
### Add common tools
###
RUN set -eux \
&& DEBIAN_FRONTEND=noninteractive apt-get update \
&& DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends --no-install-suggests \
file \
git \
mariadb-client \
redis-tools \
sqlite3
###
### Install tools type: apt
###
RUN set -eux \
&& DEBIAN_FRONTEND=noninteractive apt-get update \
&& DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends --no-install-suggests \
# ---------- type: apt ----------
dnsutils \
iputils-ping \
netcat-openbsd \
sudo \
&& rm -rf /var/lib/apt/lists/*
###
### Devilbox required cli tools from group_vars (slim.yml)
###
# -------------------- dig --------------------
RUN set -eux \
&& dig -v 2>&1 | grep -E '[0-9]\.[0-9]' \
&& true
# -------------------- netcat --------------------
RUN set -eux \
&& nc -h 2>&1 | grep netcat \
&& true
# -------------------- ping --------------------
RUN set -eux \
&& ping -V | grep ^ping \
&& true
# -------------------- sudo --------------------
RUN set -eux \
&& sudo --version | grep -E 'version [0-9]+\.[0-9]+' \
&& true
# -------------------- blackfire --------------------
RUN set -eux \
&& apt-get update \
\
&& apt-get install -y --no-install-recommends --no-install-suggests \
blackfire-agent \
\
&& rm -rf /var/lib/apt/lists/* \
&& blackfire version \
&& blackfire-agent -v \
\
&& true
# -------------------- mhsendmail --------------------
RUN set -eux \
&& DEB_HOST_ARCH="$( dpkg-architecture --query DEB_HOST_ARCH )" \
&& if [ "${DEB_HOST_ARCH}" = "amd64" ] || [ "${DEB_HOST_ARCH}" = "arm64" ]; then \
MHSENDMAIL_URL="https://github.com/devilbox/mhsendmail/releases/download/v0.3.0/mhsendmail_linux_${DEB_HOST_ARCH}" \
&& curl -sS -L --fail "${MHSENDMAIL_URL}" > /usr/local/bin/mhsendmail \
&& chmod +x /usr/local/bin/mhsendmail; \
else \
printf '%s\n%s\n%s\n' '#!/bin/sh' 'echo "Not available for this platform."' 'exit 1' > /usr/local/bin/mhsendmail \
&& chmod +x /usr/local/bin/mhsendmail; \
fi \
\
&& mhsendmail -h 2>&1 | grep 'Usage' \
&& true
# -------------------- mongo_client --------------------
RUN set -eux \
&& APT_KEY_DONT_WARN_ON_DANGEROUS_USAGE=1 apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv 20691EEC35216C63CAF66CE1656408E390CFB1F5 \
&& echo "deb http://repo.mongodb.org/apt/ubuntu focal/mongodb-org/4.4 multiverse" > /etc/apt/sources.list.d/mongo.list \
&& apt-get update \
\
&& apt-get install -y --no-install-recommends --no-install-suggests \
mongodb-org-tools \
mongodb-org-shell \
\
&& rm -rf /var/lib/apt/lists/* \
&& if echo '7.4' | grep -E '^(5.2|5.3|5.4|5.5|5.6|7.0)$' >/dev/null; then \
if [ "$(dpkg-architecture --query DEB_BUILD_ARCH)" = "amd64" ]; then \
mongofiles --version; \
fi \
else \
mongofiles --version; \
fi \
\
&& if echo '7.4' | grep -E '^(5.2|5.3|5.4|5.5)$' >/dev/null; then \
if [ "$(dpkg-architecture --query DEB_BUILD_ARCH)" = "amd64" ]; then \
mongo --version; \
fi \
else \
mongo --version; \
fi \
\
&& true
# -------------------- mysqldumpsecure --------------------
RUN set -eux \
&& git clone https://github.com/cytopia/mysqldump-secure.git /usr/local/src/mysqldump-secure \
&& cd /usr/local/src/mysqldump-secure \
&& git checkout $(git describe --abbrev=0 --tags) \
&& cp /usr/local/src/mysqldump-secure/bin/mysqldump-secure /usr/local/bin \
&& cp /usr/local/src/mysqldump-secure/etc/mysqldump-secure.conf /etc \
&& cp /usr/local/src/mysqldump-secure/etc/mysqldump-secure.cnf /etc \
&& touch /var/log/mysqldump-secure.log \
&& chown ${MY_USER}:${MY_GROUP} /etc/mysqldump-secure.* \
&& chown ${MY_USER}:${MY_GROUP} /var/log/mysqldump-secure.log \
&& chmod 0400 /etc/mysqldump-secure.conf \
&& chmod 0400 /etc/mysqldump-secure.cnf \
&& chmod 0644 /var/log/mysqldump-secure.log \
&& sed -i'' 's/^COMPRESS_ARG=.*/COMPRESS_ARG="-9 -c"/g' /etc/mysqldump-secure.conf \
&& sed -i'' 's/^DUMP_DIR=.*/DUMP_DIR="\/shared\/backups\/mysql"/g' /etc/mysqldump-secure.conf \
&& sed -i'' 's/^DUMP_DIR_CHMOD=.*/DUMP_DIR_CHMOD="0755"/g' /etc/mysqldump-secure.conf \
&& sed -i'' 's/^DUMP_FILE_CHMOD=.*/DUMP_FILE_CHMOD="0644"/g' /etc/mysqldump-secure.conf \
&& sed -i'' 's/^LOG_CHMOD=.*/LOG_CHMOD="0644"/g' /etc/mysqldump-secure.conf \
&& sed -i'' 's/^NAGIOS_LOG=.*/NAGIOS_LOG=0/g' /etc/mysqldump-secure.conf \
&& cd / \
&& rm -rf /usr/local/src/mysqldump-secure \
\
&& mysqldump-secure --version | grep -E 'Version:\s*[0-9][.0-9]+' \
&& true
# -------------------- pgsql_client --------------------
RUN set -eux \
&& curl -sS -k -L --fail https://www.postgresql.org/media/keys/ACCC4CF8.asc | APT_KEY_DONT_WARN_ON_DANGEROUS_USAGE=1 apt-key add - \
&& echo "deb http://apt.postgresql.org/pub/repos/apt/ bullseye-pgdg main" > /etc/apt/sources.list.d/pgsql.list \
&& apt-get update \
\
&& apt-get install -y --no-install-recommends --no-install-suggests \
postgresql-client \
\
&& rm -rf /var/lib/apt/lists/* \
&& if echo '7.4' | grep -E '^(5.2|5.3|5.4|5.5|5.6|7.0)$' >/dev/null; then \
if [ "$(dpkg-architecture --query DEB_BUILD_ARCH)" = "amd64" ]; then \
pg_isready --version; \
fi \
else \
pg_isready --version; \
fi \
\
&& true
###
### Prepare required shared libraries for copying (keep symlinks)
###
RUN set -eux \
&& LIB_GNU_DIR="/lib/$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)" \
&& USR_LIB_DIR="/usr/lib" \
&& USR_LIB_GNU_DIR="/usr/lib/$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)" \
\
&& mkdir /tmp/lib-gnu \
&& mkdir /tmp/usr-lib \
&& mkdir /tmp/usr-lib-gnu \
\
&& LIB_GNU="libreadline" \
&& USR_LIB="libsnappy libtcmalloc libv8" \
&& USR_LIB_GNU="liblua libpq libpcrecpp libboost libjemalloc libunwind libhiredis libedit libyaml-cpp libstemmer libsnappy libpcap libbsd liblzf" \
\
&& for lib in ${LIB_GNU}; do \
if ls -1 "${LIB_GNU_DIR}/" | grep "^${lib}" >/dev/null; then \
echo "Coping '${lib}' from: ${LIB_GNU_DIR}"; \
cp -r ${LIB_GNU_DIR}/${lib}* /tmp/lib-gnu/; \
fi \
done \
&& for lib in ${USR_LIB}; do \
if ls -1 "${USR_LIB_DIR}/" | grep "^${lib}" >/dev/null; then \
echo "Coping '${lib}' from: ${USR_LIB_DIR}"; \
cp -r ${USR_LIB_DIR}/${lib}* /tmp/usr-lib/; \
fi \
done \
&& for lib in ${USR_LIB_GNU}; do \
if ls -1 "${USR_LIB_GNU_DIR}/" | grep "^${lib}" >/dev/null; then \
echo "Coping '${lib}' from: ${USR_LIB_GNU_DIR}"; \
cp -r ${USR_LIB_GNU_DIR}/${lib}* /tmp/usr-lib-gnu/; \
fi \
done
###
### Fix expected PostgreSQL directories
###
### This might not exist on arm64 as software was not available,
### but they are still needed to be present, so we can copy them.
###
RUN set -eux \
&& if [ ! -d "/usr/lib/postgresql" ]; then \
mkdir "/usr/lib/postgresql"; \
fi \
&& if [ ! -d "/usr/share/postgresql-common" ]; then \
mkdir "/usr/share/postgresql-common"; \
fi
###
### Prepare MongoDB binaries for copying.
###
### They might not be available on all architectures (e.g.: arm64).
###
RUN set -eux \
&& mkdir /tmp/mongo \
&& if ls -1 "/usr/bin/" | grep "^mongo" >/dev/null; then \
cp -r /usr/bin/mongo* /tmp/mongo/; \
fi
###
### Strip debugging information to smallen filesize
###
RUN set -eux \
&& STRIP_USR_BINS="blackfire mongo mysql redis sqlite" \
&& STRIP_DIRS="/usr/lib/postgresql/ /usr/share/postgresql-common/ /tmp" \
\
&& for bin in ${STRIP_USR_BINS}; do \
( \
find /usr/bin/ -name "${bin}"* -type f -print0 \
| xargs -n1 -0 -P$(getconf _NPROCESSORS_ONLN) sh -c \
'if [ -f "${1}" ]; then echo "Strip: ${1}"; strip --strip-all -p "${1}" 2>/dev/null || true; fi' -- \
) \
done \
\
&& for dir in ${STRIP_DIRS}; do \
( \
find ${dir} -type f -print0 \
| xargs -n1 -0 -P$(getconf _NPROCESSORS_ONLN) sh -c \
'if [ -f "${1}" ]; then echo "Strip: ${1}"; strip --strip-all -p "${1}" 2>/dev/null || true; fi' -- \
) \
done \
\
&& strip --strip-all -p /usr/local/bin/mhsendmail 2>/dev/null || true \
&& strip --strip-all -p /usr/local/bin/mysqldump-secure 2>/dev/null || true
########################################################################################################################
########################################################################################################################
###
### Stage 2/4: Devilbox slim image (BASE)
###
########################################################################################################################
########################################################################################################################
###
### Copies all cli tools required to run Devilbox and its intranet into a clean image
###
FROM devilbox/php-fpm:7.4-prod as devilbox-slim-base
ARG ARCH
###
### Install tools type: apt
###
RUN set -eux \
&& DEBIAN_FRONTEND=noninteractive apt-get update \
&& DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends --no-install-suggests \
# ---------- type: apt ----------
dnsutils \
iputils-ping \
netcat-openbsd \
sudo \
&& rm -rf /var/lib/apt/lists/*
###
### Copy shared libraries (required by MongoDB, MySQL, PostgreSQL and Redis)
###
COPY --from=devilbox-slim-base-builder /tmp/lib-gnu/ /lib/${ARCH}-linux-gnu/
COPY --from=devilbox-slim-base-builder /tmp/usr-lib-gnu/ /usr/lib/${ARCH}-linux-gnu/
COPY --from=devilbox-slim-base-builder /tmp/usr-lib/ /usr/lib/
###
### Copy system files
###
COPY --from=devilbox-slim-base-builder /etc/group /etc/group
COPY --from=devilbox-slim-base-builder /etc/passwd /etc/passwd
COPY --from=devilbox-slim-base-builder /etc/shadow /etc/shadow
###
### Copy Blackfire
###
COPY --from=devilbox-slim-base-builder /etc/blackfire /etc/blackfire
COPY --from=devilbox-slim-base-builder /etc/default/blackfire-agent /etc/default/blackfire-agent
COPY --from=devilbox-slim-base-builder /usr/bin/blackfire* /usr/bin/
COPY --from=devilbox-slim-base-builder /var/log/blackfire /var/log/blackfire
###
### Copy mhsendmail
###
COPY --from=devilbox-slim-base-builder /usr/local/bin/mhsendmail /usr/local/bin/
###
### Copy MongoDB client (if exists)
###
COPY --from=devilbox-slim-base-builder /tmp/mongo/ /usr/bin/
###
### Copy MysQL Client
###
COPY --from=devilbox-slim-base-builder /usr/bin/mysql* /usr/bin/
###
### Copy mysqldump-secure
###
COPY --from=devilbox-slim-base-builder /usr/local/bin/mysqldump-secure /usr/local/bin/
COPY --from=devilbox-slim-base-builder /etc/mysqldump-secure.conf /etc/
COPY --from=devilbox-slim-base-builder /etc/mysqldump-secure.cnf /etc/
COPY --from=devilbox-slim-base-builder /var/log/mysqldump-secure.log /var/log/
###
### Copy PostgreSQL
###
COPY --from=devilbox-slim-base-builder /usr/lib/postgresql /usr/lib/postgresql
COPY --from=devilbox-slim-base-builder /usr/share/postgresql-common /usr/share/postgresql-common
COPY --from=devilbox-slim-base-builder /usr/share/perl5 /usr/share/perl5
###
### Create PostgreSQL symlinks
###
RUN set -eux \
&& if [ -f "/usr/share/postgresql-common/pg_wrapper" ]; then \
ln -s ../share/postgresql-common/pg_wrapper /usr/bin/clusterdb \
&& ln -s ../share/postgresql-common/pg_wrapper /usr/bin/createdb \
&& ln -s ../share/postgresql-common/pg_wrapper /usr/bin/createlang \
&& ln -s ../share/postgresql-common/pg_wrapper /usr/bin/createuser \
&& ln -s ../share/postgresql-common/pg_wrapper /usr/bin/dropdb \
&& ln -s ../share/postgresql-common/pg_wrapper /usr/bin/droplang \
&& ln -s ../share/postgresql-common/pg_wrapper /usr/bin/dropuser \
&& ln -s ../share/postgresql-common/pg_wrapper /usr/bin/pg_basebackup \
&& ln -s ../share/postgresql-common/pg_wrapper /usr/bin/pg_dump \
&& ln -s ../share/postgresql-common/pg_wrapper /usr/bin/pg_dumpall \
&& ln -s ../share/postgresql-common/pg_wrapper /usr/bin/pg_isready \
&& ln -s ../share/postgresql-common/pg_wrapper /usr/bin/pg_receivewal \
&& ln -s ../share/postgresql-common/pg_wrapper /usr/bin/pg_receivexlog \
&& ln -s ../share/postgresql-common/pg_wrapper /usr/bin/pg_recvlogical \
&& ln -s ../share/postgresql-common/pg_wrapper /usr/bin/pg_restore \
&& ln -s ../share/postgresql-common/pg_wrapper /usr/bin/pgbench \
&& ln -s ../share/postgresql-common/pg_wrapper /usr/bin/psql \
&& ln -s ../share/postgresql-common/pg_wrapper /usr/bin/reindexdb \
&& ln -s ../share/postgresql-common/pg_wrapper /usr/bin/vacuumdb \
&& ln -s ../share/postgresql-common/pg_wrapper /usr/bin/vacuumlo; \
fi
###
### Copy Redis Client
###
COPY --from=devilbox-slim-base-builder /usr/bin/redis* /usr/bin/
###
### Copy SQLite Client
###
COPY --from=devilbox-slim-base-builder /usr/bin/sqlite* /usr/bin/
###
### ADD PHP configuration files
###
COPY ./data/php-ini.d/php-7.4.ini /usr/local/etc/php/conf.d/xxx-devilbox-default-php.ini
COPY ./data/php-fpm.conf/php-fpm-7.4.conf /usr/local/etc/php-fpm.conf
###
### ADD Devilbox configuration files
###
COPY ./data/docker-entrypoint.sh /docker-entrypoint.sh
COPY ./data/docker-entrypoint.d/*.sh /docker-entrypoint.d/
COPY ./data/bash-devilbox /etc/bash-devilbox
COPY ./data/sudo-devilbox /etc/sudoers.d/devilbox
###
### Configure Bash
###
RUN set -eux \
&& { \
echo; \
echo "# [Devilbox] Ensure /usr/local(s)?bin is in PATH"; \
echo 'PATH="${PATH}:/usr/local/bin:/usr/local/sbin"'; \
echo "export PATH"; \
echo; \
echo "# [Devilbox] Source Devilbox main bash config"; \
echo ". /etc/bash-devilbox"; \
echo; \
echo "# [Devilbox] Source Devilbox custom configs"; \
echo "if [ -d /etc/bashrc-devilbox.d/ ]; then"; \
echo " for f in /etc/bashrc-devilbox.d/*.sh ; do"; \
echo " if [ -r \"\${f}\" ]; then"; \
echo " . \"\${f}\""; \
echo " fi"; \
echo " done"; \
echo " unset f"; \
echo "fi"; \
} | tee -a /home/${MY_USER}/.bashrc /root/.bashrc \
&& chown ${MY_USER}:${MY_GROUP} /home/${MY_USER}/.bashrc
########################################################################################################################
########################################################################################################################
###
### Stage 3/4: Devilbox slim image (BASE TEST)
###
########################################################################################################################
########################################################################################################################
###
### Test all Devilbox cli utils if copying was successful
###
FROM devilbox-slim-base as devilbox-slim-base-test
RUN set -eux \
&& mysql --version \
&& redis-cli --version \
&& sqlite3 --version
###
### Check if available tools slim
###
# -------------------- dig --------------------
RUN set -eux \
&& dig -v 2>&1 | grep -E '[0-9]\.[0-9]' \
&& true
# -------------------- netcat --------------------
RUN set -eux \
&& nc -h 2>&1 | grep netcat \
&& true
# -------------------- ping --------------------
RUN set -eux \
&& ping -V | grep ^ping \
&& true
# -------------------- sudo --------------------
RUN set -eux \
&& sudo --version | grep -E 'version [0-9]+\.[0-9]+' \
&& true
# -------------------- blackfire --------------------
RUN set -eux \
&& blackfire version \
&& blackfire-agent -v \
\
&& true
# -------------------- mhsendmail --------------------
RUN set -eux \
&& mhsendmail -h 2>&1 | grep 'Usage' \
&& true
# -------------------- mongo_client --------------------
RUN set -eux \
&& if echo '7.4' | grep -E '^(5.2|5.3|5.4|5.5|5.6|7.0)$' >/dev/null; then \
if [ "$(dpkg-architecture --query DEB_BUILD_ARCH)" = "amd64" ]; then \
mongofiles --version; \
fi \
else \
mongofiles --version; \
fi \
\
&& if echo '7.4' | grep -E '^(5.2|5.3|5.4|5.5)$' >/dev/null; then \
if [ "$(dpkg-architecture --query DEB_BUILD_ARCH)" = "amd64" ]; then \
mongo --version; \
fi \
else \
mongo --version; \
fi \
\
&& true
# -------------------- mysqldumpsecure --------------------
RUN set -eux \
&& mysqldump-secure --version | grep -E 'Version:\s*[0-9][.0-9]+' \
&& true
# -------------------- pgsql_client --------------------
RUN set -eux \
&& if echo '7.4' | grep -E '^(5.2|5.3|5.4|5.5|5.6|7.0)$' >/dev/null; then \
if [ "$(dpkg-architecture --query DEB_BUILD_ARCH)" = "amd64" ]; then \
pg_isready --version; \
fi \
else \
pg_isready --version; \
fi \
\
&& true
###
### Re-activate modules which have been deactivated in mods (for testing).
###
RUN set -eux \
&& if find /usr/local/lib/php/extensions/ -name phalcon.so | grep phalcon; then \
echo "extension=phalcon.so" > /usr/local/etc/php/conf.d/docker-php-ext-phalcon.ini; \
fi \
&& if find /usr/local/lib/php/extensions/ -name psr.so | grep psr; then \
echo "extension=psr.so" > /usr/local/etc/php/conf.d/docker-php-ext-psr.ini; \
fi
###
### Check if PHP still works
###
RUN set -eux \
&& echo "date.timezone=UTC" > /usr/local/etc/php/php.ini \
&& php -v | grep -oE 'PHP\s[.0-9]+' | grep -oE '[.0-9]+' | grep '^7.4' \
&& /usr/local/sbin/php-fpm --test \
\
&& PHP_ERROR="$( php -v 2>&1 1>/dev/null )" \
&& if [ -n "${PHP_ERROR}" ]; then echo "${PHP_ERROR}"; false; fi \
&& PHP_ERROR="$( php -i 2>&1 1>/dev/null )" \
&& if [ -n "${PHP_ERROR}" ]; then echo "${PHP_ERROR}"; false; fi \
\
&& PHP_FPM_ERROR="$( php-fpm -v 2>&1 1>/dev/null )" \
&& if [ -n "${PHP_FPM_ERROR}" ]; then echo "${PHP_FPM_ERROR}"; false; fi \
&& PHP_FPM_ERROR="$( php-fpm -i 2>&1 1>/dev/null )" \
&& if [ -n "${PHP_FPM_ERROR}" ]; then echo "${PHP_FPM_ERROR}"; false; fi \
&& rm -f /usr/local/etc/php/php.ini
########################################################################################################################
########################################################################################################################
###
### Stage 4/4: Devilbox slim image (FINAL)
###
########################################################################################################################
########################################################################################################################
###
### Prepare final base image (STAGE: slim)
###
FROM devilbox-slim-base as slim
MAINTAINER "cytopia" <cytopia@everythingcli.org>
###
### Labels
###
# https://github.com/opencontainers/image-spec/blob/master/annotations.md
#LABEL "org.opencontainers.image.created"=""
#LABEL "org.opencontainers.image.version"=""
#LABEL "org.opencontainers.image.revision"=""
LABEL "maintainer"="cytopia <cytopia@everythingcli.org>"
LABEL "org.opencontainers.image.authors"="cytopia <cytopia@everythingcli.org>"
LABEL "org.opencontainers.image.url"="https://github.com/devilbox/docker-php-fpm"
LABEL "org.opencontainers.image.documentation"="https://github.com/devilbox/docker-php-fpm"
LABEL "org.opencontainers.image.source"="https://github.com/devilbox/docker-php-fpm"
LABEL "org.opencontainers.image.vendor"="devilbox"
LABEL "org.opencontainers.image.licenses"="MIT"
LABEL "org.opencontainers.image.ref.name"="7.4-slim"
LABEL "org.opencontainers.image.title"="PHP-FPM 7.4-slim"
LABEL "org.opencontainers.image.description"="PHP-FPM 7.4-slim"
###
### Volumes
###
VOLUME /shared/backups
VOLUME /var/log/php
VOLUME /var/mail
###
### Ports
###
EXPOSE 9000
###
### Where to start inside the container
###
WORKDIR /shared/httpd
###
### Entrypoint
###
CMD ["/usr/bin/supervisord", "-c", "/etc/supervisor/supervisord.conf"]
ENTRYPOINT ["/docker-entrypoint.sh"]

620
Dockerfiles/slim/Dockerfile-8.0 Normal file
View File

@@ -0,0 +1,620 @@
# vi: ft=dockerfile
# Auto-generated via Ansible: edit ./ansible/DOCKERFILES/Dockerfile-slim.j2 instead.
########################################################################################################################
########################################################################################################################
###
### Stage 1/4: Devilbox slim image (BASE BUILDER)
###
########################################################################################################################
########################################################################################################################
###
### Installs all cli tools required to run Devilbox and its intranet
###
FROM devilbox/php-fpm:8.0-prod as devilbox-slim-base-builder
###
### Install apt Tools
###
RUN set -eux \
&& DEBIAN_FRONTEND=noninteractive apt-get update \
&& DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends --no-install-suggests \
apt-transport-https \
ca-certificates \
curl \
dirmngr \
gnupg
###
### Add apt repositories
###
RUN set -eux \
&& apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 648ACFD622F3D138 \
&& echo "deb http://ftp.debian.org/debian bullseye-backports main" > /etc/apt/sources.list.d/backports.list \
&& curl -sS -L --fail "https://packages.blackfire.io/gpg.key" | APT_KEY_DONT_WARN_ON_DANGEROUS_USAGE=1 apt-key add - \
&& echo "deb http://packages.blackfire.io/debian any main" > /etc/apt/sources.list.d/blackfire.list \
&& true
###
### Install build_dep
###
RUN set -eux \
&& DEBIAN_FRONTEND=noninteractive apt-get update \
&& DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends --no-install-suggests \
libsnappy-dev \
&& rm -rf /var/lib/apt/lists/*
###
### Add common tools
###
RUN set -eux \
&& DEBIAN_FRONTEND=noninteractive apt-get update \
&& DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends --no-install-suggests \
file \
git \
mariadb-client \
redis-tools \
sqlite3
###
### Install tools type: apt
###
RUN set -eux \
&& DEBIAN_FRONTEND=noninteractive apt-get update \
&& DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends --no-install-suggests \
# ---------- type: apt ----------
dnsutils \
iputils-ping \
netcat-openbsd \
sudo \
&& rm -rf /var/lib/apt/lists/*
###
### Devilbox required cli tools from group_vars (slim.yml)
###
# -------------------- dig --------------------
RUN set -eux \
&& dig -v 2>&1 | grep -E '[0-9]\.[0-9]' \
&& true
# -------------------- netcat --------------------
RUN set -eux \
&& nc -h 2>&1 | grep netcat \
&& true
# -------------------- ping --------------------
RUN set -eux \
&& ping -V | grep ^ping \
&& true
# -------------------- sudo --------------------
RUN set -eux \
&& sudo --version | grep -E 'version [0-9]+\.[0-9]+' \
&& true
# -------------------- blackfire --------------------
RUN set -eux \
&& apt-get update \
\
&& apt-get install -y --no-install-recommends --no-install-suggests \
blackfire-agent \
\
&& rm -rf /var/lib/apt/lists/* \
&& blackfire version \
&& blackfire-agent -v \
\
&& true
# -------------------- mhsendmail --------------------
RUN set -eux \
&& DEB_HOST_ARCH="$( dpkg-architecture --query DEB_HOST_ARCH )" \
&& if [ "${DEB_HOST_ARCH}" = "amd64" ] || [ "${DEB_HOST_ARCH}" = "arm64" ]; then \
MHSENDMAIL_URL="https://github.com/devilbox/mhsendmail/releases/download/v0.3.0/mhsendmail_linux_${DEB_HOST_ARCH}" \
&& curl -sS -L --fail "${MHSENDMAIL_URL}" > /usr/local/bin/mhsendmail \
&& chmod +x /usr/local/bin/mhsendmail; \
else \
printf '%s\n%s\n%s\n' '#!/bin/sh' 'echo "Not available for this platform."' 'exit 1' > /usr/local/bin/mhsendmail \
&& chmod +x /usr/local/bin/mhsendmail; \
fi \
\
&& mhsendmail -h 2>&1 | grep 'Usage' \
&& true
# -------------------- mongo_client --------------------
RUN set -eux \
&& APT_KEY_DONT_WARN_ON_DANGEROUS_USAGE=1 apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv 20691EEC35216C63CAF66CE1656408E390CFB1F5 \
&& echo "deb http://repo.mongodb.org/apt/ubuntu focal/mongodb-org/4.4 multiverse" > /etc/apt/sources.list.d/mongo.list \
&& apt-get update \
\
&& apt-get install -y --no-install-recommends --no-install-suggests \
mongodb-org-tools \
mongodb-org-shell \
\
&& rm -rf /var/lib/apt/lists/* \
&& if echo '8.0' | grep -E '^(5.2|5.3|5.4|5.5|5.6|7.0)$' >/dev/null; then \
if [ "$(dpkg-architecture --query DEB_BUILD_ARCH)" = "amd64" ]; then \
mongofiles --version; \
fi \
else \
mongofiles --version; \
fi \
\
&& if echo '8.0' | grep -E '^(5.2|5.3|5.4|5.5)$' >/dev/null; then \
if [ "$(dpkg-architecture --query DEB_BUILD_ARCH)" = "amd64" ]; then \
mongo --version; \
fi \
else \
mongo --version; \
fi \
\
&& true
# -------------------- mysqldumpsecure --------------------
RUN set -eux \
&& git clone https://github.com/cytopia/mysqldump-secure.git /usr/local/src/mysqldump-secure \
&& cd /usr/local/src/mysqldump-secure \
&& git checkout $(git describe --abbrev=0 --tags) \
&& cp /usr/local/src/mysqldump-secure/bin/mysqldump-secure /usr/local/bin \
&& cp /usr/local/src/mysqldump-secure/etc/mysqldump-secure.conf /etc \
&& cp /usr/local/src/mysqldump-secure/etc/mysqldump-secure.cnf /etc \
&& touch /var/log/mysqldump-secure.log \
&& chown ${MY_USER}:${MY_GROUP} /etc/mysqldump-secure.* \
&& chown ${MY_USER}:${MY_GROUP} /var/log/mysqldump-secure.log \
&& chmod 0400 /etc/mysqldump-secure.conf \
&& chmod 0400 /etc/mysqldump-secure.cnf \
&& chmod 0644 /var/log/mysqldump-secure.log \
&& sed -i'' 's/^COMPRESS_ARG=.*/COMPRESS_ARG="-9 -c"/g' /etc/mysqldump-secure.conf \
&& sed -i'' 's/^DUMP_DIR=.*/DUMP_DIR="\/shared\/backups\/mysql"/g' /etc/mysqldump-secure.conf \
&& sed -i'' 's/^DUMP_DIR_CHMOD=.*/DUMP_DIR_CHMOD="0755"/g' /etc/mysqldump-secure.conf \
&& sed -i'' 's/^DUMP_FILE_CHMOD=.*/DUMP_FILE_CHMOD="0644"/g' /etc/mysqldump-secure.conf \
&& sed -i'' 's/^LOG_CHMOD=.*/LOG_CHMOD="0644"/g' /etc/mysqldump-secure.conf \
&& sed -i'' 's/^NAGIOS_LOG=.*/NAGIOS_LOG=0/g' /etc/mysqldump-secure.conf \
&& cd / \
&& rm -rf /usr/local/src/mysqldump-secure \
\
&& mysqldump-secure --version | grep -E 'Version:\s*[0-9][.0-9]+' \
&& true
# -------------------- pgsql_client --------------------
RUN set -eux \
&& curl -sS -k -L --fail https://www.postgresql.org/media/keys/ACCC4CF8.asc | APT_KEY_DONT_WARN_ON_DANGEROUS_USAGE=1 apt-key add - \
&& echo "deb http://apt.postgresql.org/pub/repos/apt/ bullseye-pgdg main" > /etc/apt/sources.list.d/pgsql.list \
&& apt-get update \
\
&& apt-get install -y --no-install-recommends --no-install-suggests \
postgresql-client \
\
&& rm -rf /var/lib/apt/lists/* \
&& if echo '8.0' | grep -E '^(5.2|5.3|5.4|5.5|5.6|7.0)$' >/dev/null; then \
if [ "$(dpkg-architecture --query DEB_BUILD_ARCH)" = "amd64" ]; then \
pg_isready --version; \
fi \
else \
pg_isready --version; \
fi \
\
&& true
###
### Prepare required shared libraries for copying (keep symlinks)
###
RUN set -eux \
&& LIB_GNU_DIR="/lib/$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)" \
&& USR_LIB_DIR="/usr/lib" \
&& USR_LIB_GNU_DIR="/usr/lib/$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)" \
\
&& mkdir /tmp/lib-gnu \
&& mkdir /tmp/usr-lib \
&& mkdir /tmp/usr-lib-gnu \
\
&& LIB_GNU="libreadline" \
&& USR_LIB="libsnappy libtcmalloc libv8" \
&& USR_LIB_GNU="liblua libpq libpcrecpp libboost libjemalloc libunwind libhiredis libedit libyaml-cpp libstemmer libsnappy libpcap libbsd liblzf" \
\
&& for lib in ${LIB_GNU}; do \
if ls -1 "${LIB_GNU_DIR}/" | grep "^${lib}" >/dev/null; then \
echo "Coping '${lib}' from: ${LIB_GNU_DIR}"; \
cp -r ${LIB_GNU_DIR}/${lib}* /tmp/lib-gnu/; \
fi \
done \
&& for lib in ${USR_LIB}; do \
if ls -1 "${USR_LIB_DIR}/" | grep "^${lib}" >/dev/null; then \
echo "Coping '${lib}' from: ${USR_LIB_DIR}"; \
cp -r ${USR_LIB_DIR}/${lib}* /tmp/usr-lib/; \
fi \
done \
&& for lib in ${USR_LIB_GNU}; do \
if ls -1 "${USR_LIB_GNU_DIR}/" | grep "^${lib}" >/dev/null; then \
echo "Coping '${lib}' from: ${USR_LIB_GNU_DIR}"; \
cp -r ${USR_LIB_GNU_DIR}/${lib}* /tmp/usr-lib-gnu/; \
fi \
done
###
### Fix expected PostgreSQL directories
###
### This might not exist on arm64 as software was not available,
### but they are still needed to be present, so we can copy them.
###
RUN set -eux \
&& if [ ! -d "/usr/lib/postgresql" ]; then \
mkdir "/usr/lib/postgresql"; \
fi \
&& if [ ! -d "/usr/share/postgresql-common" ]; then \
mkdir "/usr/share/postgresql-common"; \
fi
###
### Prepare MongoDB binaries for copying.
###
### They might not be available on all architectures (e.g.: arm64).
###
RUN set -eux \
&& mkdir /tmp/mongo \
&& if ls -1 "/usr/bin/" | grep "^mongo" >/dev/null; then \
cp -r /usr/bin/mongo* /tmp/mongo/; \
fi
###
### Strip debugging information to smallen filesize
###
RUN set -eux \
&& STRIP_USR_BINS="blackfire mongo mysql redis sqlite" \
&& STRIP_DIRS="/usr/lib/postgresql/ /usr/share/postgresql-common/ /tmp" \
\
&& for bin in ${STRIP_USR_BINS}; do \
( \
find /usr/bin/ -name "${bin}"* -type f -print0 \
| xargs -n1 -0 -P$(getconf _NPROCESSORS_ONLN) sh -c \
'if [ -f "${1}" ]; then echo "Strip: ${1}"; strip --strip-all -p "${1}" 2>/dev/null || true; fi' -- \
) \
done \
\
&& for dir in ${STRIP_DIRS}; do \
( \
find ${dir} -type f -print0 \
| xargs -n1 -0 -P$(getconf _NPROCESSORS_ONLN) sh -c \
'if [ -f "${1}" ]; then echo "Strip: ${1}"; strip --strip-all -p "${1}" 2>/dev/null || true; fi' -- \
) \
done \
\
&& strip --strip-all -p /usr/local/bin/mhsendmail 2>/dev/null || true \
&& strip --strip-all -p /usr/local/bin/mysqldump-secure 2>/dev/null || true
########################################################################################################################
########################################################################################################################
###
### Stage 2/4: Devilbox slim image (BASE)
###
########################################################################################################################
########################################################################################################################
###
### Copies all cli tools required to run Devilbox and its intranet into a clean image
###
FROM devilbox/php-fpm:8.0-prod as devilbox-slim-base
ARG ARCH
###
### Install tools type: apt
###
RUN set -eux \
&& DEBIAN_FRONTEND=noninteractive apt-get update \
&& DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends --no-install-suggests \
# ---------- type: apt ----------
dnsutils \
iputils-ping \
netcat-openbsd \
sudo \
&& rm -rf /var/lib/apt/lists/*
###
### Copy shared libraries (required by MongoDB, MySQL, PostgreSQL and Redis)
###
COPY --from=devilbox-slim-base-builder /tmp/lib-gnu/ /lib/${ARCH}-linux-gnu/
COPY --from=devilbox-slim-base-builder /tmp/usr-lib-gnu/ /usr/lib/${ARCH}-linux-gnu/
COPY --from=devilbox-slim-base-builder /tmp/usr-lib/ /usr/lib/
###
### Copy system files
###
COPY --from=devilbox-slim-base-builder /etc/group /etc/group
COPY --from=devilbox-slim-base-builder /etc/passwd /etc/passwd
COPY --from=devilbox-slim-base-builder /etc/shadow /etc/shadow
###
### Copy Blackfire
###
COPY --from=devilbox-slim-base-builder /etc/blackfire /etc/blackfire
COPY --from=devilbox-slim-base-builder /etc/default/blackfire-agent /etc/default/blackfire-agent
COPY --from=devilbox-slim-base-builder /usr/bin/blackfire* /usr/bin/
COPY --from=devilbox-slim-base-builder /var/log/blackfire /var/log/blackfire
###
### Copy mhsendmail
###
COPY --from=devilbox-slim-base-builder /usr/local/bin/mhsendmail /usr/local/bin/
###
### Copy MongoDB client (if exists)
###
COPY --from=devilbox-slim-base-builder /tmp/mongo/ /usr/bin/
###
### Copy MysQL Client
###
COPY --from=devilbox-slim-base-builder /usr/bin/mysql* /usr/bin/
###
### Copy mysqldump-secure
###
COPY --from=devilbox-slim-base-builder /usr/local/bin/mysqldump-secure /usr/local/bin/
COPY --from=devilbox-slim-base-builder /etc/mysqldump-secure.conf /etc/
COPY --from=devilbox-slim-base-builder /etc/mysqldump-secure.cnf /etc/
COPY --from=devilbox-slim-base-builder /var/log/mysqldump-secure.log /var/log/
###
### Copy PostgreSQL
###
COPY --from=devilbox-slim-base-builder /usr/lib/postgresql /usr/lib/postgresql
COPY --from=devilbox-slim-base-builder /usr/share/postgresql-common /usr/share/postgresql-common
COPY --from=devilbox-slim-base-builder /usr/share/perl5 /usr/share/perl5
###
### Create PostgreSQL symlinks
###
RUN set -eux \
&& if [ -f "/usr/share/postgresql-common/pg_wrapper" ]; then \
ln -s ../share/postgresql-common/pg_wrapper /usr/bin/clusterdb \
&& ln -s ../share/postgresql-common/pg_wrapper /usr/bin/createdb \
&& ln -s ../share/postgresql-common/pg_wrapper /usr/bin/createlang \
&& ln -s ../share/postgresql-common/pg_wrapper /usr/bin/createuser \
&& ln -s ../share/postgresql-common/pg_wrapper /usr/bin/dropdb \
&& ln -s ../share/postgresql-common/pg_wrapper /usr/bin/droplang \
&& ln -s ../share/postgresql-common/pg_wrapper /usr/bin/dropuser \
&& ln -s ../share/postgresql-common/pg_wrapper /usr/bin/pg_basebackup \
&& ln -s ../share/postgresql-common/pg_wrapper /usr/bin/pg_dump \
&& ln -s ../share/postgresql-common/pg_wrapper /usr/bin/pg_dumpall \
&& ln -s ../share/postgresql-common/pg_wrapper /usr/bin/pg_isready \
&& ln -s ../share/postgresql-common/pg_wrapper /usr/bin/pg_receivewal \
&& ln -s ../share/postgresql-common/pg_wrapper /usr/bin/pg_receivexlog \
&& ln -s ../share/postgresql-common/pg_wrapper /usr/bin/pg_recvlogical \
&& ln -s ../share/postgresql-common/pg_wrapper /usr/bin/pg_restore \
&& ln -s ../share/postgresql-common/pg_wrapper /usr/bin/pgbench \
&& ln -s ../share/postgresql-common/pg_wrapper /usr/bin/psql \
&& ln -s ../share/postgresql-common/pg_wrapper /usr/bin/reindexdb \
&& ln -s ../share/postgresql-common/pg_wrapper /usr/bin/vacuumdb \
&& ln -s ../share/postgresql-common/pg_wrapper /usr/bin/vacuumlo; \
fi
###
### Copy Redis Client
###
COPY --from=devilbox-slim-base-builder /usr/bin/redis* /usr/bin/
###
### Copy SQLite Client
###
COPY --from=devilbox-slim-base-builder /usr/bin/sqlite* /usr/bin/
###
### ADD PHP configuration files
###
COPY ./data/php-ini.d/php-8.0.ini /usr/local/etc/php/conf.d/xxx-devilbox-default-php.ini
COPY ./data/php-fpm.conf/php-fpm-8.0.conf /usr/local/etc/php-fpm.conf
###
### ADD Devilbox configuration files
###
COPY ./data/docker-entrypoint.sh /docker-entrypoint.sh
COPY ./data/docker-entrypoint.d/*.sh /docker-entrypoint.d/
COPY ./data/bash-devilbox /etc/bash-devilbox
COPY ./data/sudo-devilbox /etc/sudoers.d/devilbox
###
### Configure Bash
###
RUN set -eux \
&& { \
echo; \
echo "# [Devilbox] Ensure /usr/local(s)?bin is in PATH"; \
echo 'PATH="${PATH}:/usr/local/bin:/usr/local/sbin"'; \
echo "export PATH"; \
echo; \
echo "# [Devilbox] Source Devilbox main bash config"; \
echo ". /etc/bash-devilbox"; \
echo; \
echo "# [Devilbox] Source Devilbox custom configs"; \
echo "if [ -d /etc/bashrc-devilbox.d/ ]; then"; \
echo " for f in /etc/bashrc-devilbox.d/*.sh ; do"; \
echo " if [ -r \"\${f}\" ]; then"; \
echo " . \"\${f}\""; \
echo " fi"; \
echo " done"; \
echo " unset f"; \
echo "fi"; \
} | tee -a /home/${MY_USER}/.bashrc /root/.bashrc \
&& chown ${MY_USER}:${MY_GROUP} /home/${MY_USER}/.bashrc
########################################################################################################################
########################################################################################################################
###
### Stage 3/4: Devilbox slim image (BASE TEST)
###
########################################################################################################################
########################################################################################################################
###
### Test all Devilbox cli utils if copying was successful
###
FROM devilbox-slim-base as devilbox-slim-base-test
RUN set -eux \
&& mysql --version \
&& redis-cli --version \
&& sqlite3 --version
###
### Check if available tools slim
###
# -------------------- dig --------------------
RUN set -eux \
&& dig -v 2>&1 | grep -E '[0-9]\.[0-9]' \
&& true
# -------------------- netcat --------------------
RUN set -eux \
&& nc -h 2>&1 | grep netcat \
&& true
# -------------------- ping --------------------
RUN set -eux \
&& ping -V | grep ^ping \
&& true
# -------------------- sudo --------------------
RUN set -eux \
&& sudo --version | grep -E 'version [0-9]+\.[0-9]+' \
&& true
# -------------------- blackfire --------------------
RUN set -eux \
&& blackfire version \
&& blackfire-agent -v \
\
&& true
# -------------------- mhsendmail --------------------
RUN set -eux \
&& mhsendmail -h 2>&1 | grep 'Usage' \
&& true
# -------------------- mongo_client --------------------
RUN set -eux \
&& if echo '8.0' | grep -E '^(5.2|5.3|5.4|5.5|5.6|7.0)$' >/dev/null; then \
if [ "$(dpkg-architecture --query DEB_BUILD_ARCH)" = "amd64" ]; then \
mongofiles --version; \
fi \
else \
mongofiles --version; \
fi \
\
&& if echo '8.0' | grep -E '^(5.2|5.3|5.4|5.5)$' >/dev/null; then \
if [ "$(dpkg-architecture --query DEB_BUILD_ARCH)" = "amd64" ]; then \
mongo --version; \
fi \
else \
mongo --version; \
fi \
\
&& true
# -------------------- mysqldumpsecure --------------------
RUN set -eux \
&& mysqldump-secure --version | grep -E 'Version:\s*[0-9][.0-9]+' \
&& true
# -------------------- pgsql_client --------------------
RUN set -eux \
&& if echo '8.0' | grep -E '^(5.2|5.3|5.4|5.5|5.6|7.0)$' >/dev/null; then \
if [ "$(dpkg-architecture --query DEB_BUILD_ARCH)" = "amd64" ]; then \
pg_isready --version; \
fi \
else \
pg_isready --version; \
fi \
\
&& true
###
### Re-activate modules which have been deactivated in mods (for testing).
###
RUN set -eux \
&& if find /usr/local/lib/php/extensions/ -name phalcon.so | grep phalcon; then \
echo "extension=phalcon.so" > /usr/local/etc/php/conf.d/docker-php-ext-phalcon.ini; \
fi \
&& if find /usr/local/lib/php/extensions/ -name psr.so | grep psr; then \
echo "extension=psr.so" > /usr/local/etc/php/conf.d/docker-php-ext-psr.ini; \
fi
###
### Check if PHP still works
###
RUN set -eux \
&& echo "date.timezone=UTC" > /usr/local/etc/php/php.ini \
&& php -v | grep -oE 'PHP\s[.0-9]+' | grep -oE '[.0-9]+' | grep '^8.0' \
&& /usr/local/sbin/php-fpm --test \
\
&& PHP_ERROR="$( php -v 2>&1 1>/dev/null )" \
&& if [ -n "${PHP_ERROR}" ]; then echo "${PHP_ERROR}"; false; fi \
&& PHP_ERROR="$( php -i 2>&1 1>/dev/null )" \
&& if [ -n "${PHP_ERROR}" ]; then echo "${PHP_ERROR}"; false; fi \
\
&& PHP_FPM_ERROR="$( php-fpm -v 2>&1 1>/dev/null )" \
&& if [ -n "${PHP_FPM_ERROR}" ]; then echo "${PHP_FPM_ERROR}"; false; fi \
&& PHP_FPM_ERROR="$( php-fpm -i 2>&1 1>/dev/null )" \
&& if [ -n "${PHP_FPM_ERROR}" ]; then echo "${PHP_FPM_ERROR}"; false; fi \
&& rm -f /usr/local/etc/php/php.ini
########################################################################################################################
########################################################################################################################
###
### Stage 4/4: Devilbox slim image (FINAL)
###
########################################################################################################################
########################################################################################################################
###
### Prepare final base image (STAGE: slim)
###
FROM devilbox-slim-base as slim
MAINTAINER "cytopia" <cytopia@everythingcli.org>
###
### Labels
###
# https://github.com/opencontainers/image-spec/blob/master/annotations.md
#LABEL "org.opencontainers.image.created"=""
#LABEL "org.opencontainers.image.version"=""
#LABEL "org.opencontainers.image.revision"=""
LABEL "maintainer"="cytopia <cytopia@everythingcli.org>"
LABEL "org.opencontainers.image.authors"="cytopia <cytopia@everythingcli.org>"
LABEL "org.opencontainers.image.url"="https://github.com/devilbox/docker-php-fpm"
LABEL "org.opencontainers.image.documentation"="https://github.com/devilbox/docker-php-fpm"
LABEL "org.opencontainers.image.source"="https://github.com/devilbox/docker-php-fpm"
LABEL "org.opencontainers.image.vendor"="devilbox"
LABEL "org.opencontainers.image.licenses"="MIT"
LABEL "org.opencontainers.image.ref.name"="8.0-slim"
LABEL "org.opencontainers.image.title"="PHP-FPM 8.0-slim"
LABEL "org.opencontainers.image.description"="PHP-FPM 8.0-slim"
###
### Volumes
###
VOLUME /shared/backups
VOLUME /var/log/php
VOLUME /var/mail
###
### Ports
###
EXPOSE 9000
###
### Where to start inside the container
###
WORKDIR /shared/httpd
###
### Entrypoint
###
CMD ["/usr/bin/supervisord", "-c", "/etc/supervisor/supervisord.conf"]
ENTRYPOINT ["/docker-entrypoint.sh"]

620
Dockerfiles/slim/Dockerfile-8.1 Normal file
View File

@@ -0,0 +1,620 @@
# vi: ft=dockerfile
# Auto-generated via Ansible: edit ./ansible/DOCKERFILES/Dockerfile-slim.j2 instead.
########################################################################################################################
########################################################################################################################
###
### Stage 1/4: Devilbox slim image (BASE BUILDER)
###
########################################################################################################################
########################################################################################################################
###
### Installs all cli tools required to run Devilbox and its intranet
###
FROM devilbox/php-fpm:8.1-prod as devilbox-slim-base-builder
###
### Install apt Tools
###
RUN set -eux \
&& DEBIAN_FRONTEND=noninteractive apt-get update \
&& DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends --no-install-suggests \
apt-transport-https \
ca-certificates \
curl \
dirmngr \
gnupg
###
### Add apt repositories
###
RUN set -eux \
&& apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 648ACFD622F3D138 \
&& echo "deb http://ftp.debian.org/debian bullseye-backports main" > /etc/apt/sources.list.d/backports.list \
&& curl -sS -L --fail "https://packages.blackfire.io/gpg.key" | APT_KEY_DONT_WARN_ON_DANGEROUS_USAGE=1 apt-key add - \
&& echo "deb http://packages.blackfire.io/debian any main" > /etc/apt/sources.list.d/blackfire.list \
&& true
###
### Install build_dep
###
RUN set -eux \
&& DEBIAN_FRONTEND=noninteractive apt-get update \
&& DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends --no-install-suggests \
libsnappy-dev \
&& rm -rf /var/lib/apt/lists/*
###
### Add common tools
###
RUN set -eux \
&& DEBIAN_FRONTEND=noninteractive apt-get update \
&& DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends --no-install-suggests \
file \
git \
mariadb-client \
redis-tools \
sqlite3
###
### Install tools type: apt
###
RUN set -eux \
&& DEBIAN_FRONTEND=noninteractive apt-get update \
&& DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends --no-install-suggests \
# ---------- type: apt ----------
dnsutils \
iputils-ping \
netcat-openbsd \
sudo \
&& rm -rf /var/lib/apt/lists/*
###
### Devilbox required cli tools from group_vars (slim.yml)
###
# -------------------- dig --------------------
RUN set -eux \
&& dig -v 2>&1 | grep -E '[0-9]\.[0-9]' \
&& true
# -------------------- netcat --------------------
RUN set -eux \
&& nc -h 2>&1 | grep netcat \
&& true
# -------------------- ping --------------------
RUN set -eux \
&& ping -V | grep ^ping \
&& true
# -------------------- sudo --------------------
RUN set -eux \
&& sudo --version | grep -E 'version [0-9]+\.[0-9]+' \
&& true
# -------------------- blackfire --------------------
RUN set -eux \
&& apt-get update \
\
&& apt-get install -y --no-install-recommends --no-install-suggests \
blackfire-agent \
\
&& rm -rf /var/lib/apt/lists/* \
&& blackfire version \
&& blackfire-agent -v \
\
&& true
# -------------------- mhsendmail --------------------
RUN set -eux \
&& DEB_HOST_ARCH="$( dpkg-architecture --query DEB_HOST_ARCH )" \
&& if [ "${DEB_HOST_ARCH}" = "amd64" ] || [ "${DEB_HOST_ARCH}" = "arm64" ]; then \
MHSENDMAIL_URL="https://github.com/devilbox/mhsendmail/releases/download/v0.3.0/mhsendmail_linux_${DEB_HOST_ARCH}" \
&& curl -sS -L --fail "${MHSENDMAIL_URL}" > /usr/local/bin/mhsendmail \
&& chmod +x /usr/local/bin/mhsendmail; \
else \
printf '%s\n%s\n%s\n' '#!/bin/sh' 'echo "Not available for this platform."' 'exit 1' > /usr/local/bin/mhsendmail \
&& chmod +x /usr/local/bin/mhsendmail; \
fi \
\
&& mhsendmail -h 2>&1 | grep 'Usage' \
&& true
# -------------------- mongo_client --------------------
RUN set -eux \
&& APT_KEY_DONT_WARN_ON_DANGEROUS_USAGE=1 apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv 20691EEC35216C63CAF66CE1656408E390CFB1F5 \
&& echo "deb http://repo.mongodb.org/apt/ubuntu focal/mongodb-org/4.4 multiverse" > /etc/apt/sources.list.d/mongo.list \
&& apt-get update \
\
&& apt-get install -y --no-install-recommends --no-install-suggests \
mongodb-org-tools \
mongodb-org-shell \
\
&& rm -rf /var/lib/apt/lists/* \
&& if echo '8.1' | grep -E '^(5.2|5.3|5.4|5.5|5.6|7.0)$' >/dev/null; then \
if [ "$(dpkg-architecture --query DEB_BUILD_ARCH)" = "amd64" ]; then \
mongofiles --version; \
fi \
else \
mongofiles --version; \
fi \
\
&& if echo '8.1' | grep -E '^(5.2|5.3|5.4|5.5)$' >/dev/null; then \
if [ "$(dpkg-architecture --query DEB_BUILD_ARCH)" = "amd64" ]; then \
mongo --version; \
fi \
else \
mongo --version; \
fi \
\
&& true
# -------------------- mysqldumpsecure --------------------
RUN set -eux \
&& git clone https://github.com/cytopia/mysqldump-secure.git /usr/local/src/mysqldump-secure \
&& cd /usr/local/src/mysqldump-secure \
&& git checkout $(git describe --abbrev=0 --tags) \
&& cp /usr/local/src/mysqldump-secure/bin/mysqldump-secure /usr/local/bin \
&& cp /usr/local/src/mysqldump-secure/etc/mysqldump-secure.conf /etc \
&& cp /usr/local/src/mysqldump-secure/etc/mysqldump-secure.cnf /etc \
&& touch /var/log/mysqldump-secure.log \
&& chown ${MY_USER}:${MY_GROUP} /etc/mysqldump-secure.* \
&& chown ${MY_USER}:${MY_GROUP} /var/log/mysqldump-secure.log \
&& chmod 0400 /etc/mysqldump-secure.conf \
&& chmod 0400 /etc/mysqldump-secure.cnf \
&& chmod 0644 /var/log/mysqldump-secure.log \
&& sed -i'' 's/^COMPRESS_ARG=.*/COMPRESS_ARG="-9 -c"/g' /etc/mysqldump-secure.conf \
&& sed -i'' 's/^DUMP_DIR=.*/DUMP_DIR="\/shared\/backups\/mysql"/g' /etc/mysqldump-secure.conf \
&& sed -i'' 's/^DUMP_DIR_CHMOD=.*/DUMP_DIR_CHMOD="0755"/g' /etc/mysqldump-secure.conf \
&& sed -i'' 's/^DUMP_FILE_CHMOD=.*/DUMP_FILE_CHMOD="0644"/g' /etc/mysqldump-secure.conf \
&& sed -i'' 's/^LOG_CHMOD=.*/LOG_CHMOD="0644"/g' /etc/mysqldump-secure.conf \
&& sed -i'' 's/^NAGIOS_LOG=.*/NAGIOS_LOG=0/g' /etc/mysqldump-secure.conf \
&& cd / \
&& rm -rf /usr/local/src/mysqldump-secure \
\
&& mysqldump-secure --version | grep -E 'Version:\s*[0-9][.0-9]+' \
&& true
# -------------------- pgsql_client --------------------
RUN set -eux \
&& curl -sS -k -L --fail https://www.postgresql.org/media/keys/ACCC4CF8.asc | APT_KEY_DONT_WARN_ON_DANGEROUS_USAGE=1 apt-key add - \
&& echo "deb http://apt.postgresql.org/pub/repos/apt/ bullseye-pgdg main" > /etc/apt/sources.list.d/pgsql.list \
&& apt-get update \
\
&& apt-get install -y --no-install-recommends --no-install-suggests \
postgresql-client \
\
&& rm -rf /var/lib/apt/lists/* \
&& if echo '8.1' | grep -E '^(5.2|5.3|5.4|5.5|5.6|7.0)$' >/dev/null; then \
if [ "$(dpkg-architecture --query DEB_BUILD_ARCH)" = "amd64" ]; then \
pg_isready --version; \
fi \
else \
pg_isready --version; \
fi \
\
&& true
###
### Prepare required shared libraries for copying (keep symlinks)
###
RUN set -eux \
&& LIB_GNU_DIR="/lib/$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)" \
&& USR_LIB_DIR="/usr/lib" \
&& USR_LIB_GNU_DIR="/usr/lib/$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)" \
\
&& mkdir /tmp/lib-gnu \
&& mkdir /tmp/usr-lib \
&& mkdir /tmp/usr-lib-gnu \
\
&& LIB_GNU="libreadline" \
&& USR_LIB="libsnappy libtcmalloc libv8" \
&& USR_LIB_GNU="liblua libpq libpcrecpp libboost libjemalloc libunwind libhiredis libedit libyaml-cpp libstemmer libsnappy libpcap libbsd liblzf" \
\
&& for lib in ${LIB_GNU}; do \
if ls -1 "${LIB_GNU_DIR}/" | grep "^${lib}" >/dev/null; then \
echo "Coping '${lib}' from: ${LIB_GNU_DIR}"; \
cp -r ${LIB_GNU_DIR}/${lib}* /tmp/lib-gnu/; \
fi \
done \
&& for lib in ${USR_LIB}; do \
if ls -1 "${USR_LIB_DIR}/" | grep "^${lib}" >/dev/null; then \
echo "Coping '${lib}' from: ${USR_LIB_DIR}"; \
cp -r ${USR_LIB_DIR}/${lib}* /tmp/usr-lib/; \
fi \
done \
&& for lib in ${USR_LIB_GNU}; do \
if ls -1 "${USR_LIB_GNU_DIR}/" | grep "^${lib}" >/dev/null; then \
echo "Coping '${lib}' from: ${USR_LIB_GNU_DIR}"; \
cp -r ${USR_LIB_GNU_DIR}/${lib}* /tmp/usr-lib-gnu/; \
fi \
done
###
### Fix expected PostgreSQL directories
###
### This might not exist on arm64 as software was not available,
### but they are still needed to be present, so we can copy them.
###
RUN set -eux \
&& if [ ! -d "/usr/lib/postgresql" ]; then \
mkdir "/usr/lib/postgresql"; \
fi \
&& if [ ! -d "/usr/share/postgresql-common" ]; then \
mkdir "/usr/share/postgresql-common"; \
fi
###
### Prepare MongoDB binaries for copying.
###
### They might not be available on all architectures (e.g.: arm64).
###
RUN set -eux \
&& mkdir /tmp/mongo \
&& if ls -1 "/usr/bin/" | grep "^mongo" >/dev/null; then \
cp -r /usr/bin/mongo* /tmp/mongo/; \
fi
###
### Strip debugging information to smallen filesize
###
RUN set -eux \
&& STRIP_USR_BINS="blackfire mongo mysql redis sqlite" \
&& STRIP_DIRS="/usr/lib/postgresql/ /usr/share/postgresql-common/ /tmp" \
\
&& for bin in ${STRIP_USR_BINS}; do \
( \
find /usr/bin/ -name "${bin}"* -type f -print0 \
| xargs -n1 -0 -P$(getconf _NPROCESSORS_ONLN) sh -c \
'if [ -f "${1}" ]; then echo "Strip: ${1}"; strip --strip-all -p "${1}" 2>/dev/null || true; fi' -- \
) \
done \
\
&& for dir in ${STRIP_DIRS}; do \
( \
find ${dir} -type f -print0 \
| xargs -n1 -0 -P$(getconf _NPROCESSORS_ONLN) sh -c \
'if [ -f "${1}" ]; then echo "Strip: ${1}"; strip --strip-all -p "${1}" 2>/dev/null || true; fi' -- \
) \
done \
\
&& strip --strip-all -p /usr/local/bin/mhsendmail 2>/dev/null || true \
&& strip --strip-all -p /usr/local/bin/mysqldump-secure 2>/dev/null || true
########################################################################################################################
########################################################################################################################
###
### Stage 2/4: Devilbox slim image (BASE)
###
########################################################################################################################
########################################################################################################################
###
### Copies all cli tools required to run Devilbox and its intranet into a clean image
###
FROM devilbox/php-fpm:8.1-prod as devilbox-slim-base
ARG ARCH
###
### Install tools type: apt
###
RUN set -eux \
&& DEBIAN_FRONTEND=noninteractive apt-get update \
&& DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends --no-install-suggests \
# ---------- type: apt ----------
dnsutils \
iputils-ping \
netcat-openbsd \
sudo \
&& rm -rf /var/lib/apt/lists/*
###
### Copy shared libraries (required by MongoDB, MySQL, PostgreSQL and Redis)
###
COPY --from=devilbox-slim-base-builder /tmp/lib-gnu/ /lib/${ARCH}-linux-gnu/
COPY --from=devilbox-slim-base-builder /tmp/usr-lib-gnu/ /usr/lib/${ARCH}-linux-gnu/
COPY --from=devilbox-slim-base-builder /tmp/usr-lib/ /usr/lib/
###
### Copy system files
###
COPY --from=devilbox-slim-base-builder /etc/group /etc/group
COPY --from=devilbox-slim-base-builder /etc/passwd /etc/passwd
COPY --from=devilbox-slim-base-builder /etc/shadow /etc/shadow
###
### Copy Blackfire
###
COPY --from=devilbox-slim-base-builder /etc/blackfire /etc/blackfire
COPY --from=devilbox-slim-base-builder /etc/default/blackfire-agent /etc/default/blackfire-agent
COPY --from=devilbox-slim-base-builder /usr/bin/blackfire* /usr/bin/
COPY --from=devilbox-slim-base-builder /var/log/blackfire /var/log/blackfire
###
### Copy mhsendmail
###
COPY --from=devilbox-slim-base-builder /usr/local/bin/mhsendmail /usr/local/bin/
###
### Copy MongoDB client (if exists)
###
COPY --from=devilbox-slim-base-builder /tmp/mongo/ /usr/bin/
###
### Copy MysQL Client
###
COPY --from=devilbox-slim-base-builder /usr/bin/mysql* /usr/bin/
###
### Copy mysqldump-secure
###
COPY --from=devilbox-slim-base-builder /usr/local/bin/mysqldump-secure /usr/local/bin/
COPY --from=devilbox-slim-base-builder /etc/mysqldump-secure.conf /etc/
COPY --from=devilbox-slim-base-builder /etc/mysqldump-secure.cnf /etc/
COPY --from=devilbox-slim-base-builder /var/log/mysqldump-secure.log /var/log/
###
### Copy PostgreSQL
###
COPY --from=devilbox-slim-base-builder /usr/lib/postgresql /usr/lib/postgresql
COPY --from=devilbox-slim-base-builder /usr/share/postgresql-common /usr/share/postgresql-common
COPY --from=devilbox-slim-base-builder /usr/share/perl5 /usr/share/perl5
###
### Create PostgreSQL symlinks
###
RUN set -eux \
&& if [ -f "/usr/share/postgresql-common/pg_wrapper" ]; then \
ln -s ../share/postgresql-common/pg_wrapper /usr/bin/clusterdb \
&& ln -s ../share/postgresql-common/pg_wrapper /usr/bin/createdb \
&& ln -s ../share/postgresql-common/pg_wrapper /usr/bin/createlang \
&& ln -s ../share/postgresql-common/pg_wrapper /usr/bin/createuser \
&& ln -s ../share/postgresql-common/pg_wrapper /usr/bin/dropdb \
&& ln -s ../share/postgresql-common/pg_wrapper /usr/bin/droplang \
&& ln -s ../share/postgresql-common/pg_wrapper /usr/bin/dropuser \
&& ln -s ../share/postgresql-common/pg_wrapper /usr/bin/pg_basebackup \
&& ln -s ../share/postgresql-common/pg_wrapper /usr/bin/pg_dump \
&& ln -s ../share/postgresql-common/pg_wrapper /usr/bin/pg_dumpall \
&& ln -s ../share/postgresql-common/pg_wrapper /usr/bin/pg_isready \
&& ln -s ../share/postgresql-common/pg_wrapper /usr/bin/pg_receivewal \
&& ln -s ../share/postgresql-common/pg_wrapper /usr/bin/pg_receivexlog \
&& ln -s ../share/postgresql-common/pg_wrapper /usr/bin/pg_recvlogical \
&& ln -s ../share/postgresql-common/pg_wrapper /usr/bin/pg_restore \
&& ln -s ../share/postgresql-common/pg_wrapper /usr/bin/pgbench \
&& ln -s ../share/postgresql-common/pg_wrapper /usr/bin/psql \
&& ln -s ../share/postgresql-common/pg_wrapper /usr/bin/reindexdb \
&& ln -s ../share/postgresql-common/pg_wrapper /usr/bin/vacuumdb \
&& ln -s ../share/postgresql-common/pg_wrapper /usr/bin/vacuumlo; \
fi
###
### Copy Redis Client
###
COPY --from=devilbox-slim-base-builder /usr/bin/redis* /usr/bin/
###
### Copy SQLite Client
###
COPY --from=devilbox-slim-base-builder /usr/bin/sqlite* /usr/bin/
###
### ADD PHP configuration files
###
COPY ./data/php-ini.d/php-8.1.ini /usr/local/etc/php/conf.d/xxx-devilbox-default-php.ini
COPY ./data/php-fpm.conf/php-fpm-8.1.conf /usr/local/etc/php-fpm.conf
###
### ADD Devilbox configuration files
###
COPY ./data/docker-entrypoint.sh /docker-entrypoint.sh
COPY ./data/docker-entrypoint.d/*.sh /docker-entrypoint.d/
COPY ./data/bash-devilbox /etc/bash-devilbox
COPY ./data/sudo-devilbox /etc/sudoers.d/devilbox
###
### Configure Bash
###
RUN set -eux \
&& { \
echo; \
echo "# [Devilbox] Ensure /usr/local(s)?bin is in PATH"; \
echo 'PATH="${PATH}:/usr/local/bin:/usr/local/sbin"'; \
echo "export PATH"; \
echo; \
echo "# [Devilbox] Source Devilbox main bash config"; \
echo ". /etc/bash-devilbox"; \
echo; \
echo "# [Devilbox] Source Devilbox custom configs"; \
echo "if [ -d /etc/bashrc-devilbox.d/ ]; then"; \
echo " for f in /etc/bashrc-devilbox.d/*.sh ; do"; \
echo " if [ -r \"\${f}\" ]; then"; \
echo " . \"\${f}\""; \
echo " fi"; \
echo " done"; \
echo " unset f"; \
echo "fi"; \
} | tee -a /home/${MY_USER}/.bashrc /root/.bashrc \
&& chown ${MY_USER}:${MY_GROUP} /home/${MY_USER}/.bashrc
########################################################################################################################
########################################################################################################################
###
### Stage 3/4: Devilbox slim image (BASE TEST)
###
########################################################################################################################
########################################################################################################################
###
### Test all Devilbox cli utils if copying was successful
###
FROM devilbox-slim-base as devilbox-slim-base-test
RUN set -eux \
&& mysql --version \
&& redis-cli --version \
&& sqlite3 --version
###
### Check if available tools slim
###
# -------------------- dig --------------------
RUN set -eux \
&& dig -v 2>&1 | grep -E '[0-9]\.[0-9]' \
&& true
# -------------------- netcat --------------------
RUN set -eux \
&& nc -h 2>&1 | grep netcat \
&& true
# -------------------- ping --------------------
RUN set -eux \
&& ping -V | grep ^ping \
&& true
# -------------------- sudo --------------------
RUN set -eux \
&& sudo --version | grep -E 'version [0-9]+\.[0-9]+' \
&& true
# -------------------- blackfire --------------------
RUN set -eux \
&& blackfire version \
&& blackfire-agent -v \
\
&& true
# -------------------- mhsendmail --------------------
RUN set -eux \
&& mhsendmail -h 2>&1 | grep 'Usage' \
&& true
# -------------------- mongo_client --------------------
RUN set -eux \
&& if echo '8.1' | grep -E '^(5.2|5.3|5.4|5.5|5.6|7.0)$' >/dev/null; then \
if [ "$(dpkg-architecture --query DEB_BUILD_ARCH)" = "amd64" ]; then \
mongofiles --version; \
fi \
else \
mongofiles --version; \
fi \
\
&& if echo '8.1' | grep -E '^(5.2|5.3|5.4|5.5)$' >/dev/null; then \
if [ "$(dpkg-architecture --query DEB_BUILD_ARCH)" = "amd64" ]; then \
mongo --version; \
fi \
else \
mongo --version; \
fi \
\
&& true
# -------------------- mysqldumpsecure --------------------
RUN set -eux \
&& mysqldump-secure --version | grep -E 'Version:\s*[0-9][.0-9]+' \
&& true
# -------------------- pgsql_client --------------------
RUN set -eux \
&& if echo '8.1' | grep -E '^(5.2|5.3|5.4|5.5|5.6|7.0)$' >/dev/null; then \
if [ "$(dpkg-architecture --query DEB_BUILD_ARCH)" = "amd64" ]; then \
pg_isready --version; \
fi \
else \
pg_isready --version; \
fi \
\
&& true
###
### Re-activate modules which have been deactivated in mods (for testing).
###
RUN set -eux \
&& if find /usr/local/lib/php/extensions/ -name phalcon.so | grep phalcon; then \
echo "extension=phalcon.so" > /usr/local/etc/php/conf.d/docker-php-ext-phalcon.ini; \
fi \
&& if find /usr/local/lib/php/extensions/ -name psr.so | grep psr; then \
echo "extension=psr.so" > /usr/local/etc/php/conf.d/docker-php-ext-psr.ini; \
fi
###
### Check if PHP still works
###
RUN set -eux \
&& echo "date.timezone=UTC" > /usr/local/etc/php/php.ini \
&& php -v | grep -oE 'PHP\s[.0-9]+' | grep -oE '[.0-9]+' | grep '^8.1' \
&& /usr/local/sbin/php-fpm --test \
\
&& PHP_ERROR="$( php -v 2>&1 1>/dev/null )" \
&& if [ -n "${PHP_ERROR}" ]; then echo "${PHP_ERROR}"; false; fi \
&& PHP_ERROR="$( php -i 2>&1 1>/dev/null )" \
&& if [ -n "${PHP_ERROR}" ]; then echo "${PHP_ERROR}"; false; fi \
\
&& PHP_FPM_ERROR="$( php-fpm -v 2>&1 1>/dev/null )" \
&& if [ -n "${PHP_FPM_ERROR}" ]; then echo "${PHP_FPM_ERROR}"; false; fi \
&& PHP_FPM_ERROR="$( php-fpm -i 2>&1 1>/dev/null )" \
&& if [ -n "${PHP_FPM_ERROR}" ]; then echo "${PHP_FPM_ERROR}"; false; fi \
&& rm -f /usr/local/etc/php/php.ini
########################################################################################################################
########################################################################################################################
###
### Stage 4/4: Devilbox slim image (FINAL)
###
########################################################################################################################
########################################################################################################################
###
### Prepare final base image (STAGE: slim)
###
FROM devilbox-slim-base as slim
MAINTAINER "cytopia" <cytopia@everythingcli.org>
###
### Labels
###
# https://github.com/opencontainers/image-spec/blob/master/annotations.md
#LABEL "org.opencontainers.image.created"=""
#LABEL "org.opencontainers.image.version"=""
#LABEL "org.opencontainers.image.revision"=""
LABEL "maintainer"="cytopia <cytopia@everythingcli.org>"
LABEL "org.opencontainers.image.authors"="cytopia <cytopia@everythingcli.org>"
LABEL "org.opencontainers.image.url"="https://github.com/devilbox/docker-php-fpm"
LABEL "org.opencontainers.image.documentation"="https://github.com/devilbox/docker-php-fpm"
LABEL "org.opencontainers.image.source"="https://github.com/devilbox/docker-php-fpm"
LABEL "org.opencontainers.image.vendor"="devilbox"
LABEL "org.opencontainers.image.licenses"="MIT"
LABEL "org.opencontainers.image.ref.name"="8.1-slim"
LABEL "org.opencontainers.image.title"="PHP-FPM 8.1-slim"
LABEL "org.opencontainers.image.description"="PHP-FPM 8.1-slim"
###
### Volumes
###
VOLUME /shared/backups
VOLUME /var/log/php
VOLUME /var/mail
###
### Ports
###
EXPOSE 9000
###
### Where to start inside the container
###
WORKDIR /shared/httpd
###
### Entrypoint
###
CMD ["/usr/bin/supervisord", "-c", "/etc/supervisor/supervisord.conf"]
ENTRYPOINT ["/docker-entrypoint.sh"]

620
Dockerfiles/slim/Dockerfile-8.2 Normal file
View File

@@ -0,0 +1,620 @@
# vi: ft=dockerfile
# Auto-generated via Ansible: edit ./ansible/DOCKERFILES/Dockerfile-slim.j2 instead.
########################################################################################################################
########################################################################################################################
###
### Stage 1/4: Devilbox slim image (BASE BUILDER)
###
########################################################################################################################
########################################################################################################################
###
### Installs all cli tools required to run Devilbox and its intranet
###
FROM devilbox/php-fpm:8.2-prod as devilbox-slim-base-builder
###
### Install apt Tools
###
RUN set -eux \
&& DEBIAN_FRONTEND=noninteractive apt-get update \
&& DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends --no-install-suggests \
apt-transport-https \
ca-certificates \
curl \
dirmngr \
gnupg
###
### Add apt repositories
###
RUN set -eux \
&& apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 648ACFD622F3D138 \
&& echo "deb http://ftp.debian.org/debian bullseye-backports main" > /etc/apt/sources.list.d/backports.list \
&& curl -sS -L --fail "https://packages.blackfire.io/gpg.key" | APT_KEY_DONT_WARN_ON_DANGEROUS_USAGE=1 apt-key add - \
&& echo "deb http://packages.blackfire.io/debian any main" > /etc/apt/sources.list.d/blackfire.list \
&& true
###
### Install build_dep
###
RUN set -eux \
&& DEBIAN_FRONTEND=noninteractive apt-get update \
&& DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends --no-install-suggests \
libsnappy-dev \
&& rm -rf /var/lib/apt/lists/*
###
### Add common tools
###
RUN set -eux \
&& DEBIAN_FRONTEND=noninteractive apt-get update \
&& DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends --no-install-suggests \
file \
git \
mariadb-client \
redis-tools \
sqlite3
###
### Install tools type: apt
###
RUN set -eux \
&& DEBIAN_FRONTEND=noninteractive apt-get update \
&& DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends --no-install-suggests \
# ---------- type: apt ----------
dnsutils \
iputils-ping \
netcat-openbsd \
sudo \
&& rm -rf /var/lib/apt/lists/*
###
### Devilbox required cli tools from group_vars (slim.yml)
###
# -------------------- dig --------------------
RUN set -eux \
&& dig -v 2>&1 | grep -E '[0-9]\.[0-9]' \
&& true
# -------------------- netcat --------------------
RUN set -eux \
&& nc -h 2>&1 | grep netcat \
&& true
# -------------------- ping --------------------
RUN set -eux \
&& ping -V | grep ^ping \
&& true
# -------------------- sudo --------------------
RUN set -eux \
&& sudo --version | grep -E 'version [0-9]+\.[0-9]+' \
&& true
# -------------------- blackfire --------------------
RUN set -eux \
&& apt-get update \
\
&& apt-get install -y --no-install-recommends --no-install-suggests \
blackfire-agent \
\
&& rm -rf /var/lib/apt/lists/* \
&& blackfire version \
&& blackfire-agent -v \
\
&& true
# -------------------- mhsendmail --------------------
RUN set -eux \
&& DEB_HOST_ARCH="$( dpkg-architecture --query DEB_HOST_ARCH )" \
&& if [ "${DEB_HOST_ARCH}" = "amd64" ] || [ "${DEB_HOST_ARCH}" = "arm64" ]; then \
MHSENDMAIL_URL="https://github.com/devilbox/mhsendmail/releases/download/v0.3.0/mhsendmail_linux_${DEB_HOST_ARCH}" \
&& curl -sS -L --fail "${MHSENDMAIL_URL}" > /usr/local/bin/mhsendmail \
&& chmod +x /usr/local/bin/mhsendmail; \
else \
printf '%s\n%s\n%s\n' '#!/bin/sh' 'echo "Not available for this platform."' 'exit 1' > /usr/local/bin/mhsendmail \
&& chmod +x /usr/local/bin/mhsendmail; \
fi \
\
&& mhsendmail -h 2>&1 | grep 'Usage' \
&& true
# -------------------- mongo_client --------------------
RUN set -eux \
&& APT_KEY_DONT_WARN_ON_DANGEROUS_USAGE=1 apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv 20691EEC35216C63CAF66CE1656408E390CFB1F5 \
&& echo "deb http://repo.mongodb.org/apt/ubuntu focal/mongodb-org/4.4 multiverse" > /etc/apt/sources.list.d/mongo.list \
&& apt-get update \
\
&& apt-get install -y --no-install-recommends --no-install-suggests \
mongodb-org-tools \
mongodb-org-shell \
\
&& rm -rf /var/lib/apt/lists/* \
&& if echo '8.2' | grep -E '^(5.2|5.3|5.4|5.5|5.6|7.0)$' >/dev/null; then \
if [ "$(dpkg-architecture --query DEB_BUILD_ARCH)" = "amd64" ]; then \
mongofiles --version; \
fi \
else \
mongofiles --version; \
fi \
\
&& if echo '8.2' | grep -E '^(5.2|5.3|5.4|5.5)$' >/dev/null; then \
if [ "$(dpkg-architecture --query DEB_BUILD_ARCH)" = "amd64" ]; then \
mongo --version; \
fi \
else \
mongo --version; \
fi \
\
&& true
# -------------------- mysqldumpsecure --------------------
RUN set -eux \
&& git clone https://github.com/cytopia/mysqldump-secure.git /usr/local/src/mysqldump-secure \
&& cd /usr/local/src/mysqldump-secure \
&& git checkout $(git describe --abbrev=0 --tags) \
&& cp /usr/local/src/mysqldump-secure/bin/mysqldump-secure /usr/local/bin \
&& cp /usr/local/src/mysqldump-secure/etc/mysqldump-secure.conf /etc \
&& cp /usr/local/src/mysqldump-secure/etc/mysqldump-secure.cnf /etc \
&& touch /var/log/mysqldump-secure.log \
&& chown ${MY_USER}:${MY_GROUP} /etc/mysqldump-secure.* \
&& chown ${MY_USER}:${MY_GROUP} /var/log/mysqldump-secure.log \
&& chmod 0400 /etc/mysqldump-secure.conf \
&& chmod 0400 /etc/mysqldump-secure.cnf \
&& chmod 0644 /var/log/mysqldump-secure.log \
&& sed -i'' 's/^COMPRESS_ARG=.*/COMPRESS_ARG="-9 -c"/g' /etc/mysqldump-secure.conf \
&& sed -i'' 's/^DUMP_DIR=.*/DUMP_DIR="\/shared\/backups\/mysql"/g' /etc/mysqldump-secure.conf \
&& sed -i'' 's/^DUMP_DIR_CHMOD=.*/DUMP_DIR_CHMOD="0755"/g' /etc/mysqldump-secure.conf \
&& sed -i'' 's/^DUMP_FILE_CHMOD=.*/DUMP_FILE_CHMOD="0644"/g' /etc/mysqldump-secure.conf \
&& sed -i'' 's/^LOG_CHMOD=.*/LOG_CHMOD="0644"/g' /etc/mysqldump-secure.conf \
&& sed -i'' 's/^NAGIOS_LOG=.*/NAGIOS_LOG=0/g' /etc/mysqldump-secure.conf \
&& cd / \
&& rm -rf /usr/local/src/mysqldump-secure \
\
&& mysqldump-secure --version | grep -E 'Version:\s*[0-9][.0-9]+' \
&& true
# -------------------- pgsql_client --------------------
RUN set -eux \
&& curl -sS -k -L --fail https://www.postgresql.org/media/keys/ACCC4CF8.asc | APT_KEY_DONT_WARN_ON_DANGEROUS_USAGE=1 apt-key add - \
&& echo "deb http://apt.postgresql.org/pub/repos/apt/ bullseye-pgdg main" > /etc/apt/sources.list.d/pgsql.list \
&& apt-get update \
\
&& apt-get install -y --no-install-recommends --no-install-suggests \
postgresql-client \
\
&& rm -rf /var/lib/apt/lists/* \
&& if echo '8.2' | grep -E '^(5.2|5.3|5.4|5.5|5.6|7.0)$' >/dev/null; then \
if [ "$(dpkg-architecture --query DEB_BUILD_ARCH)" = "amd64" ]; then \
pg_isready --version; \
fi \
else \
pg_isready --version; \
fi \
\
&& true
###
### Prepare required shared libraries for copying (keep symlinks)
###
RUN set -eux \
&& LIB_GNU_DIR="/lib/$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)" \
&& USR_LIB_DIR="/usr/lib" \
&& USR_LIB_GNU_DIR="/usr/lib/$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)" \
\
&& mkdir /tmp/lib-gnu \
&& mkdir /tmp/usr-lib \
&& mkdir /tmp/usr-lib-gnu \
\
&& LIB_GNU="libreadline" \
&& USR_LIB="libsnappy libtcmalloc libv8" \
&& USR_LIB_GNU="liblua libpq libpcrecpp libboost libjemalloc libunwind libhiredis libedit libyaml-cpp libstemmer libsnappy libpcap libbsd liblzf" \
\
&& for lib in ${LIB_GNU}; do \
if ls -1 "${LIB_GNU_DIR}/" | grep "^${lib}" >/dev/null; then \
echo "Coping '${lib}' from: ${LIB_GNU_DIR}"; \
cp -r ${LIB_GNU_DIR}/${lib}* /tmp/lib-gnu/; \
fi \
done \
&& for lib in ${USR_LIB}; do \
if ls -1 "${USR_LIB_DIR}/" | grep "^${lib}" >/dev/null; then \
echo "Coping '${lib}' from: ${USR_LIB_DIR}"; \
cp -r ${USR_LIB_DIR}/${lib}* /tmp/usr-lib/; \
fi \
done \
&& for lib in ${USR_LIB_GNU}; do \
if ls -1 "${USR_LIB_GNU_DIR}/" | grep "^${lib}" >/dev/null; then \
echo "Coping '${lib}' from: ${USR_LIB_GNU_DIR}"; \
cp -r ${USR_LIB_GNU_DIR}/${lib}* /tmp/usr-lib-gnu/; \
fi \
done
###
### Fix expected PostgreSQL directories
###
### This might not exist on arm64 as software was not available,
### but they are still needed to be present, so we can copy them.
###
RUN set -eux \
&& if [ ! -d "/usr/lib/postgresql" ]; then \
mkdir "/usr/lib/postgresql"; \
fi \
&& if [ ! -d "/usr/share/postgresql-common" ]; then \
mkdir "/usr/share/postgresql-common"; \
fi
###
### Prepare MongoDB binaries for copying.
###
### They might not be available on all architectures (e.g.: arm64).
###
RUN set -eux \
&& mkdir /tmp/mongo \
&& if ls -1 "/usr/bin/" | grep "^mongo" >/dev/null; then \
cp -r /usr/bin/mongo* /tmp/mongo/; \
fi
###
### Strip debugging information to smallen filesize
###
RUN set -eux \
&& STRIP_USR_BINS="blackfire mongo mysql redis sqlite" \
&& STRIP_DIRS="/usr/lib/postgresql/ /usr/share/postgresql-common/ /tmp" \
\
&& for bin in ${STRIP_USR_BINS}; do \
( \
find /usr/bin/ -name "${bin}"* -type f -print0 \
| xargs -n1 -0 -P$(getconf _NPROCESSORS_ONLN) sh -c \
'if [ -f "${1}" ]; then echo "Strip: ${1}"; strip --strip-all -p "${1}" 2>/dev/null || true; fi' -- \
) \
done \
\
&& for dir in ${STRIP_DIRS}; do \
( \
find ${dir} -type f -print0 \
| xargs -n1 -0 -P$(getconf _NPROCESSORS_ONLN) sh -c \
'if [ -f "${1}" ]; then echo "Strip: ${1}"; strip --strip-all -p "${1}" 2>/dev/null || true; fi' -- \
) \
done \
\
&& strip --strip-all -p /usr/local/bin/mhsendmail 2>/dev/null || true \
&& strip --strip-all -p /usr/local/bin/mysqldump-secure 2>/dev/null || true
########################################################################################################################
########################################################################################################################
###
### Stage 2/4: Devilbox slim image (BASE)
###
########################################################################################################################
########################################################################################################################
###
### Copies all cli tools required to run Devilbox and its intranet into a clean image
###
FROM devilbox/php-fpm:8.2-prod as devilbox-slim-base
ARG ARCH
###
### Install tools type: apt
###
RUN set -eux \
&& DEBIAN_FRONTEND=noninteractive apt-get update \
&& DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends --no-install-suggests \
# ---------- type: apt ----------
dnsutils \
iputils-ping \
netcat-openbsd \
sudo \
&& rm -rf /var/lib/apt/lists/*
###
### Copy shared libraries (required by MongoDB, MySQL, PostgreSQL and Redis)
###
COPY --from=devilbox-slim-base-builder /tmp/lib-gnu/ /lib/${ARCH}-linux-gnu/
COPY --from=devilbox-slim-base-builder /tmp/usr-lib-gnu/ /usr/lib/${ARCH}-linux-gnu/
COPY --from=devilbox-slim-base-builder /tmp/usr-lib/ /usr/lib/
###
### Copy system files
###
COPY --from=devilbox-slim-base-builder /etc/group /etc/group
COPY --from=devilbox-slim-base-builder /etc/passwd /etc/passwd
COPY --from=devilbox-slim-base-builder /etc/shadow /etc/shadow
###
### Copy Blackfire
###
COPY --from=devilbox-slim-base-builder /etc/blackfire /etc/blackfire
COPY --from=devilbox-slim-base-builder /etc/default/blackfire-agent /etc/default/blackfire-agent
COPY --from=devilbox-slim-base-builder /usr/bin/blackfire* /usr/bin/
COPY --from=devilbox-slim-base-builder /var/log/blackfire /var/log/blackfire
###
### Copy mhsendmail
###
COPY --from=devilbox-slim-base-builder /usr/local/bin/mhsendmail /usr/local/bin/
###
### Copy MongoDB client (if exists)
###
COPY --from=devilbox-slim-base-builder /tmp/mongo/ /usr/bin/
###
### Copy MysQL Client
###
COPY --from=devilbox-slim-base-builder /usr/bin/mysql* /usr/bin/
###
### Copy mysqldump-secure
###
COPY --from=devilbox-slim-base-builder /usr/local/bin/mysqldump-secure /usr/local/bin/
COPY --from=devilbox-slim-base-builder /etc/mysqldump-secure.conf /etc/
COPY --from=devilbox-slim-base-builder /etc/mysqldump-secure.cnf /etc/
COPY --from=devilbox-slim-base-builder /var/log/mysqldump-secure.log /var/log/
###
### Copy PostgreSQL
###
COPY --from=devilbox-slim-base-builder /usr/lib/postgresql /usr/lib/postgresql
COPY --from=devilbox-slim-base-builder /usr/share/postgresql-common /usr/share/postgresql-common
COPY --from=devilbox-slim-base-builder /usr/share/perl5 /usr/share/perl5
###
### Create PostgreSQL symlinks
###
RUN set -eux \
&& if [ -f "/usr/share/postgresql-common/pg_wrapper" ]; then \
ln -s ../share/postgresql-common/pg_wrapper /usr/bin/clusterdb \
&& ln -s ../share/postgresql-common/pg_wrapper /usr/bin/createdb \
&& ln -s ../share/postgresql-common/pg_wrapper /usr/bin/createlang \
&& ln -s ../share/postgresql-common/pg_wrapper /usr/bin/createuser \
&& ln -s ../share/postgresql-common/pg_wrapper /usr/bin/dropdb \
&& ln -s ../share/postgresql-common/pg_wrapper /usr/bin/droplang \
&& ln -s ../share/postgresql-common/pg_wrapper /usr/bin/dropuser \
&& ln -s ../share/postgresql-common/pg_wrapper /usr/bin/pg_basebackup \
&& ln -s ../share/postgresql-common/pg_wrapper /usr/bin/pg_dump \
&& ln -s ../share/postgresql-common/pg_wrapper /usr/bin/pg_dumpall \
&& ln -s ../share/postgresql-common/pg_wrapper /usr/bin/pg_isready \
&& ln -s ../share/postgresql-common/pg_wrapper /usr/bin/pg_receivewal \
&& ln -s ../share/postgresql-common/pg_wrapper /usr/bin/pg_receivexlog \
&& ln -s ../share/postgresql-common/pg_wrapper /usr/bin/pg_recvlogical \
&& ln -s ../share/postgresql-common/pg_wrapper /usr/bin/pg_restore \
&& ln -s ../share/postgresql-common/pg_wrapper /usr/bin/pgbench \
&& ln -s ../share/postgresql-common/pg_wrapper /usr/bin/psql \
&& ln -s ../share/postgresql-common/pg_wrapper /usr/bin/reindexdb \
&& ln -s ../share/postgresql-common/pg_wrapper /usr/bin/vacuumdb \
&& ln -s ../share/postgresql-common/pg_wrapper /usr/bin/vacuumlo; \
fi
###
### Copy Redis Client
###
COPY --from=devilbox-slim-base-builder /usr/bin/redis* /usr/bin/
###
### Copy SQLite Client
###
COPY --from=devilbox-slim-base-builder /usr/bin/sqlite* /usr/bin/
###
### ADD PHP configuration files
###
COPY ./data/php-ini.d/php-8.2.ini /usr/local/etc/php/conf.d/xxx-devilbox-default-php.ini
COPY ./data/php-fpm.conf/php-fpm-8.2.conf /usr/local/etc/php-fpm.conf
###
### ADD Devilbox configuration files
###
COPY ./data/docker-entrypoint.sh /docker-entrypoint.sh
COPY ./data/docker-entrypoint.d/*.sh /docker-entrypoint.d/
COPY ./data/bash-devilbox /etc/bash-devilbox
COPY ./data/sudo-devilbox /etc/sudoers.d/devilbox
###
### Configure Bash
###
RUN set -eux \
&& { \
echo; \
echo "# [Devilbox] Ensure /usr/local(s)?bin is in PATH"; \
echo 'PATH="${PATH}:/usr/local/bin:/usr/local/sbin"'; \
echo "export PATH"; \
echo; \
echo "# [Devilbox] Source Devilbox main bash config"; \
echo ". /etc/bash-devilbox"; \
echo; \
echo "# [Devilbox] Source Devilbox custom configs"; \
echo "if [ -d /etc/bashrc-devilbox.d/ ]; then"; \
echo " for f in /etc/bashrc-devilbox.d/*.sh ; do"; \
echo " if [ -r \"\${f}\" ]; then"; \
echo " . \"\${f}\""; \
echo " fi"; \
echo " done"; \
echo " unset f"; \
echo "fi"; \
} | tee -a /home/${MY_USER}/.bashrc /root/.bashrc \
&& chown ${MY_USER}:${MY_GROUP} /home/${MY_USER}/.bashrc
########################################################################################################################
########################################################################################################################
###
### Stage 3/4: Devilbox slim image (BASE TEST)
###
########################################################################################################################
########################################################################################################################
###
### Test all Devilbox cli utils if copying was successful
###
FROM devilbox-slim-base as devilbox-slim-base-test
RUN set -eux \
&& mysql --version \
&& redis-cli --version \
&& sqlite3 --version
###
### Check if available tools slim
###
# -------------------- dig --------------------
RUN set -eux \
&& dig -v 2>&1 | grep -E '[0-9]\.[0-9]' \
&& true
# -------------------- netcat --------------------
RUN set -eux \
&& nc -h 2>&1 | grep netcat \
&& true
# -------------------- ping --------------------
RUN set -eux \
&& ping -V | grep ^ping \
&& true
# -------------------- sudo --------------------
RUN set -eux \
&& sudo --version | grep -E 'version [0-9]+\.[0-9]+' \
&& true
# -------------------- blackfire --------------------
RUN set -eux \
&& blackfire version \
&& blackfire-agent -v \
\
&& true
# -------------------- mhsendmail --------------------
RUN set -eux \
&& mhsendmail -h 2>&1 | grep 'Usage' \
&& true
# -------------------- mongo_client --------------------
RUN set -eux \
&& if echo '8.2' | grep -E '^(5.2|5.3|5.4|5.5|5.6|7.0)$' >/dev/null; then \
if [ "$(dpkg-architecture --query DEB_BUILD_ARCH)" = "amd64" ]; then \
mongofiles --version; \
fi \
else \
mongofiles --version; \
fi \
\
&& if echo '8.2' | grep -E '^(5.2|5.3|5.4|5.5)$' >/dev/null; then \
if [ "$(dpkg-architecture --query DEB_BUILD_ARCH)" = "amd64" ]; then \
mongo --version; \
fi \
else \
mongo --version; \
fi \
\
&& true
# -------------------- mysqldumpsecure --------------------
RUN set -eux \
&& mysqldump-secure --version | grep -E 'Version:\s*[0-9][.0-9]+' \
&& true
# -------------------- pgsql_client --------------------
RUN set -eux \
&& if echo '8.2' | grep -E '^(5.2|5.3|5.4|5.5|5.6|7.0)$' >/dev/null; then \
if [ "$(dpkg-architecture --query DEB_BUILD_ARCH)" = "amd64" ]; then \
pg_isready --version; \
fi \
else \
pg_isready --version; \
fi \
\
&& true
###
### Re-activate modules which have been deactivated in mods (for testing).
###
RUN set -eux \
&& if find /usr/local/lib/php/extensions/ -name phalcon.so | grep phalcon; then \
echo "extension=phalcon.so" > /usr/local/etc/php/conf.d/docker-php-ext-phalcon.ini; \
fi \
&& if find /usr/local/lib/php/extensions/ -name psr.so | grep psr; then \
echo "extension=psr.so" > /usr/local/etc/php/conf.d/docker-php-ext-psr.ini; \
fi
###
### Check if PHP still works
###
RUN set -eux \
&& echo "date.timezone=UTC" > /usr/local/etc/php/php.ini \
&& php -v | grep -oE 'PHP\s[.0-9]+' | grep -oE '[.0-9]+' | grep '^8.2' \
&& /usr/local/sbin/php-fpm --test \
\
&& PHP_ERROR="$( php -v 2>&1 1>/dev/null )" \
&& if [ -n "${PHP_ERROR}" ]; then echo "${PHP_ERROR}"; false; fi \
&& PHP_ERROR="$( php -i 2>&1 1>/dev/null )" \
&& if [ -n "${PHP_ERROR}" ]; then echo "${PHP_ERROR}"; false; fi \
\
&& PHP_FPM_ERROR="$( php-fpm -v 2>&1 1>/dev/null )" \
&& if [ -n "${PHP_FPM_ERROR}" ]; then echo "${PHP_FPM_ERROR}"; false; fi \
&& PHP_FPM_ERROR="$( php-fpm -i 2>&1 1>/dev/null )" \
&& if [ -n "${PHP_FPM_ERROR}" ]; then echo "${PHP_FPM_ERROR}"; false; fi \
&& rm -f /usr/local/etc/php/php.ini
########################################################################################################################
########################################################################################################################
###
### Stage 4/4: Devilbox slim image (FINAL)
###
########################################################################################################################
########################################################################################################################
###
### Prepare final base image (STAGE: slim)
###
FROM devilbox-slim-base as slim
MAINTAINER "cytopia" <cytopia@everythingcli.org>
###
### Labels
###
# https://github.com/opencontainers/image-spec/blob/master/annotations.md
#LABEL "org.opencontainers.image.created"=""
#LABEL "org.opencontainers.image.version"=""
#LABEL "org.opencontainers.image.revision"=""
LABEL "maintainer"="cytopia <cytopia@everythingcli.org>"
LABEL "org.opencontainers.image.authors"="cytopia <cytopia@everythingcli.org>"
LABEL "org.opencontainers.image.url"="https://github.com/devilbox/docker-php-fpm"
LABEL "org.opencontainers.image.documentation"="https://github.com/devilbox/docker-php-fpm"
LABEL "org.opencontainers.image.source"="https://github.com/devilbox/docker-php-fpm"
LABEL "org.opencontainers.image.vendor"="devilbox"
LABEL "org.opencontainers.image.licenses"="MIT"
LABEL "org.opencontainers.image.ref.name"="8.2-slim"
LABEL "org.opencontainers.image.title"="PHP-FPM 8.2-slim"
LABEL "org.opencontainers.image.description"="PHP-FPM 8.2-slim"
###
### Volumes
###
VOLUME /shared/backups
VOLUME /var/log/php
VOLUME /var/mail
###
### Ports
###
EXPOSE 9000
###
### Where to start inside the container
###
WORKDIR /shared/httpd
###
### Entrypoint
###
CMD ["/usr/bin/supervisord", "-c", "/etc/supervisor/supervisord.conf"]
ENTRYPOINT ["/docker-entrypoint.sh"]

0
Dockerfiles/work/data/bash-devilbox → Dockerfiles/slim/data/bash-devilbox
View File

0
Dockerfiles/work/data/docker-entrypoint.d/400-mysqldump-secure.sh → Dockerfiles/slim/data/docker-entrypoint.d/400-mysqldump-secure.sh
View File

1
Dockerfiles/work/data/docker-entrypoint.d/401-update-ca-certificates.sh → Dockerfiles/slim/data/docker-entrypoint.d/401-update-ca-certificates.sh
View File

@@ -17,6 +17,7 @@ update_ca_certificates() {
local debug="${2}" local debug="${2}"
if [ -d "${dir}" ]; then if [ -d "${dir}" ]; then
# shellcheck disable=SC2044
for cert in $( find "${dir}" -name \*.crt ); do for cert in $( find "${dir}" -name \*.crt ); do
name="$( basename "${cert}" )" name="$( basename "${cert}" )"
run "cp ${cert} /usr/local/share/ca-certificates/devilbox-${name}" "${debug}" run "cp ${cert} /usr/local/share/ca-certificates/devilbox-${name}" "${debug}"

0
Dockerfiles/work/data/docker-entrypoint.sh → Dockerfiles/slim/data/docker-entrypoint.sh
View File

0
Dockerfiles/work/data/php-fpm.conf/php-fpm-5.2.conf → Dockerfiles/slim/data/php-fpm.conf/php-fpm-5.2.conf
View File

0
Dockerfiles/work/data/php-fpm.conf/php-fpm-5.3.conf → Dockerfiles/slim/data/php-fpm.conf/php-fpm-5.3.conf
View File

0
Dockerfiles/work/data/php-fpm.conf/php-fpm-5.4.conf → Dockerfiles/slim/data/php-fpm.conf/php-fpm-5.4.conf
View File

0
Dockerfiles/work/data/php-fpm.conf/php-fpm-5.5.conf → Dockerfiles/slim/data/php-fpm.conf/php-fpm-5.5.conf
View File

0
Dockerfiles/work/data/php-fpm.conf/php-fpm-5.6.conf → Dockerfiles/slim/data/php-fpm.conf/php-fpm-5.6.conf
View File

0
Dockerfiles/work/data/php-fpm.conf/php-fpm-7.0.conf → Dockerfiles/slim/data/php-fpm.conf/php-fpm-7.0.conf
View File

0
Dockerfiles/work/data/php-fpm.conf/php-fpm-7.1.conf → Dockerfiles/slim/data/php-fpm.conf/php-fpm-7.1.conf
View File

0
Dockerfiles/work/data/php-fpm.conf/php-fpm-7.2.conf → Dockerfiles/slim/data/php-fpm.conf/php-fpm-7.2.conf
View File

0
Dockerfiles/work/data/php-fpm.conf/php-fpm-7.3.conf → Dockerfiles/slim/data/php-fpm.conf/php-fpm-7.3.conf
View File

0
Dockerfiles/work/data/php-fpm.conf/php-fpm-7.4.conf → Dockerfiles/slim/data/php-fpm.conf/php-fpm-7.4.conf
View File

0
Dockerfiles/work/data/php-fpm.conf/php-fpm-8.0.conf → Dockerfiles/slim/data/php-fpm.conf/php-fpm-8.0.conf
View File

0
Dockerfiles/work/data/php-fpm.conf/php-fpm-8.1.conf → Dockerfiles/slim/data/php-fpm.conf/php-fpm-8.1.conf
View File

0
Dockerfiles/work/data/php-fpm.conf/php-fpm-8.2.conf → Dockerfiles/slim/data/php-fpm.conf/php-fpm-8.2.conf
View File

2
Dockerfiles/work/data/php-ini.d/php-5.2.ini → Dockerfiles/slim/data/php-ini.d/php-5.2.ini
View File

@@ -1,5 +1,5 @@
; ############################################################ ; ############################################################
; # Devilbox PHP defaults for 5.2-work ; # Devilbox PHP defaults for 5.2-slim
; ############################################################ ; ############################################################
; Each PHP flavour (base, mods, prod, work) might have its own php.ini. ; Each PHP flavour (base, mods, prod, work) might have its own php.ini.

2
Dockerfiles/work/data/php-ini.d/php-5.3.ini → Dockerfiles/slim/data/php-ini.d/php-5.3.ini
View File

@@ -1,5 +1,5 @@
; ############################################################ ; ############################################################
; # Devilbox PHP defaults for 5.3-work ; # Devilbox PHP defaults for 5.3-slim
; ############################################################ ; ############################################################
; Each PHP flavour (base, mods, prod, work) might have its own php.ini. ; Each PHP flavour (base, mods, prod, work) might have its own php.ini.

2
Dockerfiles/work/data/php-ini.d/php-5.4.ini → Dockerfiles/slim/data/php-ini.d/php-5.4.ini
View File

@@ -1,5 +1,5 @@
; ############################################################ ; ############################################################
; # Devilbox PHP defaults for 5.4-work ; # Devilbox PHP defaults for 5.4-slim
; ############################################################ ; ############################################################
; Each PHP flavour (base, mods, prod, work) might have its own php.ini. ; Each PHP flavour (base, mods, prod, work) might have its own php.ini.

2
Dockerfiles/work/data/php-ini.d/php-5.5.ini → Dockerfiles/slim/data/php-ini.d/php-5.5.ini
View File

@@ -1,5 +1,5 @@
; ############################################################ ; ############################################################
; # Devilbox PHP defaults for 5.5-work ; # Devilbox PHP defaults for 5.5-slim
; ############################################################ ; ############################################################
; Each PHP flavour (base, mods, prod, work) might have its own php.ini. ; Each PHP flavour (base, mods, prod, work) might have its own php.ini.

2
Dockerfiles/work/data/php-ini.d/php-5.6.ini → Dockerfiles/slim/data/php-ini.d/php-5.6.ini
View File

@@ -1,5 +1,5 @@
; ############################################################ ; ############################################################
; # Devilbox PHP defaults for 5.6-work ; # Devilbox PHP defaults for 5.6-slim
; ############################################################ ; ############################################################
; Each PHP flavour (base, mods, prod, work) might have its own php.ini. ; Each PHP flavour (base, mods, prod, work) might have its own php.ini.

2
Dockerfiles/work/data/php-ini.d/php-7.0.ini → Dockerfiles/slim/data/php-ini.d/php-7.0.ini
View File

@@ -1,5 +1,5 @@
; ############################################################ ; ############################################################
; # Devilbox PHP defaults for 7.0-work ; # Devilbox PHP defaults for 7.0-slim
; ############################################################ ; ############################################################
; Each PHP flavour (base, mods, prod, work) might have its own php.ini. ; Each PHP flavour (base, mods, prod, work) might have its own php.ini.

2
Dockerfiles/work/data/php-ini.d/php-7.1.ini → Dockerfiles/slim/data/php-ini.d/php-7.1.ini
View File

@@ -1,5 +1,5 @@
; ############################################################ ; ############################################################
; # Devilbox PHP defaults for 7.1-work ; # Devilbox PHP defaults for 7.1-slim
; ############################################################ ; ############################################################
; Each PHP flavour (base, mods, prod, work) might have its own php.ini. ; Each PHP flavour (base, mods, prod, work) might have its own php.ini.

2
Dockerfiles/work/data/php-ini.d/php-7.2.ini → Dockerfiles/slim/data/php-ini.d/php-7.2.ini
View File

@@ -1,5 +1,5 @@
; ############################################################ ; ############################################################
; # Devilbox PHP defaults for 7.2-work ; # Devilbox PHP defaults for 7.2-slim
; ############################################################ ; ############################################################
; Each PHP flavour (base, mods, prod, work) might have its own php.ini. ; Each PHP flavour (base, mods, prod, work) might have its own php.ini.

2
Dockerfiles/work/data/php-ini.d/php-7.3.ini → Dockerfiles/slim/data/php-ini.d/php-7.3.ini
View File

@@ -1,5 +1,5 @@
; ############################################################ ; ############################################################
; # Devilbox PHP defaults for 7.3-work ; # Devilbox PHP defaults for 7.3-slim
; ############################################################ ; ############################################################
; Each PHP flavour (base, mods, prod, work) might have its own php.ini. ; Each PHP flavour (base, mods, prod, work) might have its own php.ini.

2
Dockerfiles/work/data/php-ini.d/php-7.4.ini → Dockerfiles/slim/data/php-ini.d/php-7.4.ini
View File

@@ -1,5 +1,5 @@
; ############################################################ ; ############################################################
; # Devilbox PHP defaults for 7.4-work ; # Devilbox PHP defaults for 7.4-slim
; ############################################################ ; ############################################################
; Each PHP flavour (base, mods, prod, work) might have its own php.ini. ; Each PHP flavour (base, mods, prod, work) might have its own php.ini.

2
Dockerfiles/work/data/php-ini.d/php-8.0.ini → Dockerfiles/slim/data/php-ini.d/php-8.0.ini
View File

@@ -1,5 +1,5 @@
; ############################################################ ; ############################################################
; # Devilbox PHP defaults for 8.0-work ; # Devilbox PHP defaults for 8.0-slim
; ############################################################ ; ############################################################
; Each PHP flavour (base, mods, prod, work) might have its own php.ini. ; Each PHP flavour (base, mods, prod, work) might have its own php.ini.

Some files were not shown because too many files have changed in this diff Show More