From 6b800687923f85f5f7108dad3a62c07908827962 Mon Sep 17 00:00:00 2001 From: Rahul Sharma Date: Tue, 27 Feb 2024 09:17:49 +0000 Subject: [PATCH 01/48] Initial draft of dockerfile --- app/api/.dockerignore | 34 ++++++++++++++++++++++++++++++ app/api/.gitignore | 1 - app/api/conf/nginx/api-server.conf | 22 +++++++++++++++++++ app/api/conf/opcache/opcache.ini | 9 ++++++++ app/api/dockerfile | 30 ++++++++++++++++++++++++++ 5 files changed, 95 insertions(+), 1 deletion(-) create mode 100644 app/api/.dockerignore create mode 100644 app/api/conf/nginx/api-server.conf create mode 100644 app/api/conf/opcache/opcache.ini create mode 100644 app/api/dockerfile diff --git a/app/api/.dockerignore b/app/api/.dockerignore new file mode 100644 index 0000000000..f74fd49397 --- /dev/null +++ b/app/api/.dockerignore @@ -0,0 +1,34 @@ +# Ignore files and directories generated by development/build tools +node_modules +npm-debug.log + +# Ignore composer dependencies +vendor + +# Ignore any log files +*.log + +# Ignore local configuration files +.env + +# Ignore any development or IDE-specific files +.vscode +.idea + +# Ignore any temporary files +*.swp +.DS_Store +Thumbs.db + +# Ignore any Docker-specific files (if any) +.dockerignore + +# Ignore any Git-related files or directories +.git +.gitignore + +# Ignore opcache.ini during bulk copy as we are copying it separately +opcache.ini + +# Ignore any editor backup files +*~ diff --git a/app/api/.gitignore b/app/api/.gitignore index d6b7ef32c8..f935021a8f 100644 --- a/app/api/.gitignore +++ b/app/api/.gitignore @@ -1,2 +1 @@ -* !.gitignore diff --git a/app/api/conf/nginx/api-server.conf b/app/api/conf/nginx/api-server.conf new file mode 100644 index 0000000000..33f5aa6d82 --- /dev/null +++ b/app/api/conf/nginx/api-server.conf @@ -0,0 +1,22 @@ + server { + listen 8080; + index index.php index.html; + + root /var/www/public; + + location ~ \.php$ { + + + fastcgi_index index.php; + include fastcgi_params; + fastcgi_param PHP_VALUE "include_path=.:/usr/local/lib/php; include_path=/var/www/laminas/module/Application;"; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_param PATH_INFO $fastcgi_path_info; + fastcgi_pass unix:/run/php-fpm.socket; # Path to PHP-FPM socket file + + } + location / { + try_files $uri $uri/ /index.php?$query_string; + gzip_static on; + } + } \ No newline at end of file diff --git a/app/api/conf/opcache/opcache.ini b/app/api/conf/opcache/opcache.ini new file mode 100644 index 0000000000..6ebc5fc46f --- /dev/null +++ b/app/api/conf/opcache/opcache.ini @@ -0,0 +1,9 @@ +; OPcache settings +zend_extension=opcache.so + +opcache.enable=1 +opcache.memory_consumption=128 +opcache.interned_strings_buffer=8 +opcache.max_accelerated_files=10000 +opcache.validate_timestamps=0 +opcache.revalidate_freq=0 diff --git a/app/api/dockerfile b/app/api/dockerfile new file mode 100644 index 0000000000..18f2937112 --- /dev/null +++ b/app/api/dockerfile @@ -0,0 +1,30 @@ +# installing the base image from ECR, tag is appended with v0.1 it may require discussion +FROM $AWS_ACCOUNT_ID.dkr.ecr.$AWS_REGION.amazonaws.com/php-base:7.4.33-fpm-alpine3.16-v0.1 + +# Installing require pacakges +RUN apk add --no-cache \ + pdo_mysql \ + redis \ + intl \ + igbinary \ + opcache \ + intl + +# Do we need Soffice, LPR and PDFUnite extensions based on VOL-4796 + +# opcache config file +COPY ./conf/opcache.ini /etc/php7/conf.d/opcache.ini + +# nginx server config file +COPY ./conf/nginx/api-server.conf /etc/nginx/conf.d/api-server.conf + +# copy entire app directory excluding the content in dockerignore +COPY . /var/www + +# Default command executed during container startup +ENTRYPOINT ["supervisord"] + +# Default startup command when container is launched +CMD ["-c", "/etc/supervisord.conf", "-n"] + + From 2a08dc39c46210f13969ac4546a68ace083d07a1 Mon Sep 17 00:00:00 2001 From: chris lawrence Date: Tue, 27 Feb 2024 16:40:57 +0000 Subject: [PATCH 02/48] feat: initial code review internal AWS --- app/api/.dockerignore | 3 +++ app/api/.gitignore | 1 - app/api/conf/opcache/opcache.ini | 10 +++++++++- app/api/dockerfile | 4 ++-- 4 files changed, 14 insertions(+), 4 deletions(-) delete mode 100644 app/api/.gitignore diff --git a/app/api/.dockerignore b/app/api/.dockerignore index f74fd49397..ef1e189fa2 100644 --- a/app/api/.dockerignore +++ b/app/api/.dockerignore @@ -32,3 +32,6 @@ opcache.ini # Ignore any editor backup files *~ + +# Dockerfile +Dockerfile diff --git a/app/api/.gitignore b/app/api/.gitignore deleted file mode 100644 index f935021a8f..0000000000 --- a/app/api/.gitignore +++ /dev/null @@ -1 +0,0 @@ -!.gitignore diff --git a/app/api/conf/opcache/opcache.ini b/app/api/conf/opcache/opcache.ini index 6ebc5fc46f..407ea10a49 100644 --- a/app/api/conf/opcache/opcache.ini +++ b/app/api/conf/opcache/opcache.ini @@ -1,9 +1,17 @@ ; OPcache settings zend_extension=opcache.so +; Enables the opcode cache, when disabled, code is not optimised or cached opcache.enable=1 + +; The size of the shared memory storage used by OPcache, in megabytes opcache.memory_consumption=128 + +; The amount of memory used to store interned strings, in megabytes opcache.interned_strings_buffer=8 + +; The maximum number of keys (and therefore scripts) in the OPcache hash table opcache.max_accelerated_files=10000 + +; Validate timestamps of scripts on each request. opcache.validate_timestamps=0 -opcache.revalidate_freq=0 diff --git a/app/api/dockerfile b/app/api/dockerfile index 18f2937112..ba4e169865 100644 --- a/app/api/dockerfile +++ b/app/api/dockerfile @@ -13,7 +13,7 @@ RUN apk add --no-cache \ # Do we need Soffice, LPR and PDFUnite extensions based on VOL-4796 # opcache config file -COPY ./conf/opcache.ini /etc/php7/conf.d/opcache.ini +COPY ./conf/opcache.ini ${PHP_INI_DIR}/php.d/opcache.ini # nginx server config file COPY ./conf/nginx/api-server.conf /etc/nginx/conf.d/api-server.conf @@ -22,7 +22,7 @@ COPY ./conf/nginx/api-server.conf /etc/nginx/conf.d/api-server.conf COPY . /var/www # Default command executed during container startup -ENTRYPOINT ["supervisord"] +ENTRYPOINT ["/bin/sh"] # Default startup command when container is launched CMD ["-c", "/etc/supervisord.conf", "-n"] From 4c076562c36baa4c59d78b30e6b41c1efdd90fbe Mon Sep 17 00:00:00 2001 From: chris lawrence Date: Thu, 29 Feb 2024 17:07:47 +0000 Subject: [PATCH 03/48] adding code for php docker extentions configuration --- .../opcache/{opcache.ini => 10-opcache.ini} | 0 app/api/dockerfile | 28 +++++++++---------- 2 files changed, 14 insertions(+), 14 deletions(-) rename app/api/conf/opcache/{opcache.ini => 10-opcache.ini} (100%) diff --git a/app/api/conf/opcache/opcache.ini b/app/api/conf/opcache/10-opcache.ini similarity index 100% rename from app/api/conf/opcache/opcache.ini rename to app/api/conf/opcache/10-opcache.ini diff --git a/app/api/dockerfile b/app/api/dockerfile index ba4e169865..6d8ff67d6d 100644 --- a/app/api/dockerfile +++ b/app/api/dockerfile @@ -1,19 +1,22 @@ # installing the base image from ECR, tag is appended with v0.1 it may require discussion -FROM $AWS_ACCOUNT_ID.dkr.ecr.$AWS_REGION.amazonaws.com/php-base:7.4.33-fpm-alpine3.16-v0.1 +# FROM $AWS_ACCOUNT_ID.dkr.ecr.$AWS_REGION.amazonaws.com/php-base:7.4.33-fpm-alpine3.16-v0.1 + +FROM dvsa-base:latest + +USER root # Installing require pacakges -RUN apk add --no-cache \ - pdo_mysql \ - redis \ - intl \ - igbinary \ - opcache \ - intl +RUN apk add --update --no-cache icu-dev autoconf build-base && \ + docker-php-ext-install pdo pdo_mysql opcache && \ + docker-php-ext-configure intl && docker-php-ext-install intl && \ +# Install instruction in https://hub.docker.com/_/php + pecl install redis && \ + docker-php-ext-enable redis -# Do we need Soffice, LPR and PDFUnite extensions based on VOL-4796 +USER www-data # opcache config file -COPY ./conf/opcache.ini ${PHP_INI_DIR}/php.d/opcache.ini +COPY ./conf/opcache/10-opcache.ini ${PHP_INI_DIR}/conf.d/10-opcache.ini # nginx server config file COPY ./conf/nginx/api-server.conf /etc/nginx/conf.d/api-server.conf @@ -21,10 +24,7 @@ COPY ./conf/nginx/api-server.conf /etc/nginx/conf.d/api-server.conf # copy entire app directory excluding the content in dockerignore COPY . /var/www -# Default command executed during container startup -ENTRYPOINT ["/bin/sh"] - # Default startup command when container is launched -CMD ["-c", "/etc/supervisord.conf", "-n"] +CMD ["supervisord", "-c", "/etc/supervisord.conf"] From 84a7f2810f3200e390e9c2a88fcc5dcc9faa1426 Mon Sep 17 00:00:00 2001 From: chris lawrence Date: Mon, 4 Mar 2024 09:03:36 +0000 Subject: [PATCH 04/48] installing extensions configuration --- app/api/.dockerignore | 37 --------------- app/api/10-opcache.ini | 11 +++++ app/api/backend.conf | 24 ++++++++++ app/api/conf/nginx/api-server.conf | 22 --------- app/api/conf/opcache/10-opcache.ini | 17 ------- app/api/dockerfile | 29 +++++++----- app/api/zzz-www.conf | 72 +++++++++++++++++++++++++++++ 7 files changed, 125 insertions(+), 87 deletions(-) delete mode 100644 app/api/.dockerignore create mode 100644 app/api/10-opcache.ini create mode 100644 app/api/backend.conf delete mode 100644 app/api/conf/nginx/api-server.conf delete mode 100644 app/api/conf/opcache/10-opcache.ini create mode 100644 app/api/zzz-www.conf diff --git a/app/api/.dockerignore b/app/api/.dockerignore deleted file mode 100644 index ef1e189fa2..0000000000 --- a/app/api/.dockerignore +++ /dev/null @@ -1,37 +0,0 @@ -# Ignore files and directories generated by development/build tools -node_modules -npm-debug.log - -# Ignore composer dependencies -vendor - -# Ignore any log files -*.log - -# Ignore local configuration files -.env - -# Ignore any development or IDE-specific files -.vscode -.idea - -# Ignore any temporary files -*.swp -.DS_Store -Thumbs.db - -# Ignore any Docker-specific files (if any) -.dockerignore - -# Ignore any Git-related files or directories -.git -.gitignore - -# Ignore opcache.ini during bulk copy as we are copying it separately -opcache.ini - -# Ignore any editor backup files -*~ - -# Dockerfile -Dockerfile diff --git a/app/api/10-opcache.ini b/app/api/10-opcache.ini new file mode 100644 index 0000000000..a952bb37e7 --- /dev/null +++ b/app/api/10-opcache.ini @@ -0,0 +1,11 @@ +; OPcache settings as detailed in https://www.php.net/manual/en/opcache.installation.php +zend_extension=opcache.so + +; The maximum number of keys (and therefore scripts) in the OPcache hash table +opcache.max_accelerated_files=4000 + +; Validate timestamps of scripts on each request. +opcache.validate_timestamps=0 + +; +opcache.fast_shutdown=1 diff --git a/app/api/backend.conf b/app/api/backend.conf new file mode 100644 index 0000000000..4fc3471440 --- /dev/null +++ b/app/api/backend.conf @@ -0,0 +1,24 @@ +server { + listen 8080; + index index.php index.html; + + root /var/www/public; + + location ~ \.php$ { + try_files $uri =404; + fastcgi_split_path_info ^(.+\.php)(/.+)$; + + fastcgi_index index.php; + include fastcgi_params; + fastcgi_pass unix:/run/php-fpm.socket; # Path to PHP-FPM socket file + + fastcgi_param PHP_VALUE "include_path=.:/usr/local/lib/php; include_path=/var/www/laminas/module/Application;"; + + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_param PATH_INFO $fastcgi_path_info; + } + location / { + try_files $uri $uri/ /index.php?$query_string; + gzip_static on; + } +} \ No newline at end of file diff --git a/app/api/conf/nginx/api-server.conf b/app/api/conf/nginx/api-server.conf deleted file mode 100644 index 33f5aa6d82..0000000000 --- a/app/api/conf/nginx/api-server.conf +++ /dev/null @@ -1,22 +0,0 @@ - server { - listen 8080; - index index.php index.html; - - root /var/www/public; - - location ~ \.php$ { - - - fastcgi_index index.php; - include fastcgi_params; - fastcgi_param PHP_VALUE "include_path=.:/usr/local/lib/php; include_path=/var/www/laminas/module/Application;"; - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - fastcgi_param PATH_INFO $fastcgi_path_info; - fastcgi_pass unix:/run/php-fpm.socket; # Path to PHP-FPM socket file - - } - location / { - try_files $uri $uri/ /index.php?$query_string; - gzip_static on; - } - } \ No newline at end of file diff --git a/app/api/conf/opcache/10-opcache.ini b/app/api/conf/opcache/10-opcache.ini deleted file mode 100644 index 407ea10a49..0000000000 --- a/app/api/conf/opcache/10-opcache.ini +++ /dev/null @@ -1,17 +0,0 @@ -; OPcache settings -zend_extension=opcache.so - -; Enables the opcode cache, when disabled, code is not optimised or cached -opcache.enable=1 - -; The size of the shared memory storage used by OPcache, in megabytes -opcache.memory_consumption=128 - -; The amount of memory used to store interned strings, in megabytes -opcache.interned_strings_buffer=8 - -; The maximum number of keys (and therefore scripts) in the OPcache hash table -opcache.max_accelerated_files=10000 - -; Validate timestamps of scripts on each request. -opcache.validate_timestamps=0 diff --git a/app/api/dockerfile b/app/api/dockerfile index 6d8ff67d6d..7911f0b2b9 100644 --- a/app/api/dockerfile +++ b/app/api/dockerfile @@ -6,25 +6,32 @@ FROM dvsa-base:latest USER root # Installing require pacakges -RUN apk add --update --no-cache icu-dev autoconf build-base && \ - docker-php-ext-install pdo pdo_mysql opcache && \ - docker-php-ext-configure intl && docker-php-ext-install intl && \ -# Install instruction in https://hub.docker.com/_/php - pecl install redis && \ - docker-php-ext-enable redis +RUN apk add --update --no-cache && \ + apk add --virtual build-dependencies icu-dev \ + autoconf \ + build-base && \ + docker-php-ext-configure intl && \ + docker-php-ext-install pdo_mysql \ + opcache \ + intl && \ + pecl install redis \ + igbinary && \ + docker-php-ext-enable redis \ + igbinary USER www-data # opcache config file -COPY ./conf/opcache/10-opcache.ini ${PHP_INI_DIR}/conf.d/10-opcache.ini +COPY ./10-opcache.ini ${PHP_INI_DIR}/conf.d/10-opcache.ini # nginx server config file -COPY ./conf/nginx/api-server.conf /etc/nginx/conf.d/api-server.conf +COPY ./backend.conf /etc/nginx/conf.d/backend.conf + +# Configure php-fpm configs +COPY ./zzz-www.conf /usr/local/etc/php-fpm.d/zzz-www.conf # copy entire app directory excluding the content in dockerignore -COPY . /var/www +# COPY . /var/www # Default startup command when container is launched CMD ["supervisord", "-c", "/etc/supervisord.conf"] - - diff --git a/app/api/zzz-www.conf b/app/api/zzz-www.conf new file mode 100644 index 0000000000..6a0f20656d --- /dev/null +++ b/app/api/zzz-www.conf @@ -0,0 +1,72 @@ +; PHP-FPM Configuration +; For more information on the config file, please see: +; https://www.php.net/manual/en/index.php + +; Global Options +[global] + +; Pid file +pid = /run/php-fpm.pid + +; Error log file written to stderr +error_log = /dev/stderr + +; Start a new pool named 'www'. +; the variable $pool can be used in any directive and will be replaced by the +; pool name ('www' here) +[www] + +; The address on which to accept FastCGI requests. +; '/path/to/unix/socket' - to listen on a unix socket. +listen = /run/php-fpm.socket + +; Clear environment in FPM workers +; Prevents arbitrary environment variables from reaching FPM worker processes +; by clearing the environment in workers before env vars specified in this +; pool configuration are added. +; Setting to "no" will make all environment variables available to PHP code +; via getenv(), $_ENV and $_SERVER. +clear_env = no + +; Redirect worker stdout and stderr into main error log. If not set, stdout and +; stderr will be redirected to /dev/null according to FastCGI specs. +catch_workers_output = yes + +; Decorate worker output with prefix and suffix containing information about +; the child that writes to the log and if stdout or stderr is used as well as +; log level and time. This options is used only if catch_workers_output is yes. +decorate_workers_output = yes + +;config for process manager to control number of child process +pm = dynamic + +; The number of child processes to be created when pm is set to 'static' and the +; maximum number of child processes to be created when pm is set to 'dynamic'. +; This value sets the limit on the number of simultaneous requests that will be +; served. Equivalent to the ApacheMaxClients directive with mpm_prefork. +; Equivalent to the PHP_FCGI_CHILDREN environment variable in the original PHP +; CGI. +; Note: Used when pm is set to either 'static' or 'dynamic' +; Note: This value is mandatory. +pm.max_children = 125 + +; The number of child processes created on startup. +; Note: Used only when pm is set to 'dynamic' +; Default Value: min_spare_servers + (max_spare_servers - min_spare_servers) / 2 +pm.start_servers = 16 + +; The desired minimum number of idle server processes. +; Note: Used only when pm is set to 'dynamic' +; Note: Mandatory when pm is set to 'dynamic' +pm.min_spare_servers = 16 + +; The desired maximum number of idle server processes. +; Note: Used only when pm is set to 'dynamic' +; Note: Mandatory when pm is set to 'dynamic' +pm.max_spare_servers = 32 + +; The number of requests each child process should execute before respawning. +; This can be useful to work around memory leaks in 3rd party libraries. For +; endless request processing specify '0'. Equivalent to PHP_FCGI_MAX_REQUESTS. +; Default Value: 0 +pm.max_requests = 0 From 0d144c08f086369147c4494b29a3b67a44ddc542 Mon Sep 17 00:00:00 2001 From: Rahul Sharma Date: Tue, 5 Mar 2024 10:38:32 +0000 Subject: [PATCH 05/48] updated dockerfile --- app/api/.gitignore | 2 ++ app/api/dockerfile | 29 ++++++++++-------- app/api/zzz-www.conf | 72 -------------------------------------------- 3 files changed, 18 insertions(+), 85 deletions(-) create mode 100644 app/api/.gitignore delete mode 100644 app/api/zzz-www.conf diff --git a/app/api/.gitignore b/app/api/.gitignore new file mode 100644 index 0000000000..d6b7ef32c8 --- /dev/null +++ b/app/api/.gitignore @@ -0,0 +1,2 @@ +* +!.gitignore diff --git a/app/api/dockerfile b/app/api/dockerfile index 7911f0b2b9..4e11d0438f 100644 --- a/app/api/dockerfile +++ b/app/api/dockerfile @@ -5,19 +5,22 @@ FROM dvsa-base:latest USER root -# Installing require pacakges +# Installing require dependencies RUN apk add --update --no-cache && \ - apk add --virtual build-dependencies icu-dev \ - autoconf \ - build-base && \ - docker-php-ext-configure intl && \ - docker-php-ext-install pdo_mysql \ - opcache \ - intl && \ - pecl install redis \ - igbinary && \ - docker-php-ext-enable redis \ - igbinary + apk add --virtual build-dependencies \ + icu-dev \ + autoconf \ + build-base && \ + docker-php-ext-configure intl && \ + docker-php-ext-install pdo_mysql \ + opcache \ + intl + +# Installing redis igbinary +RUN pecl install igbinary && \ + docker-php-ext-enable igbinary && \ + pecl install -D 'enable-redis-igbinary="yes"' redis && \ + docker-php-ext-enable redis USER www-data @@ -28,7 +31,7 @@ COPY ./10-opcache.ini ${PHP_INI_DIR}/conf.d/10-opcache.ini COPY ./backend.conf /etc/nginx/conf.d/backend.conf # Configure php-fpm configs -COPY ./zzz-www.conf /usr/local/etc/php-fpm.d/zzz-www.conf +COPY ./zzzz-www.conf /usr/local/etc/php-fpm.d/zzzz-www.conf # copy entire app directory excluding the content in dockerignore # COPY . /var/www diff --git a/app/api/zzz-www.conf b/app/api/zzz-www.conf deleted file mode 100644 index 6a0f20656d..0000000000 --- a/app/api/zzz-www.conf +++ /dev/null @@ -1,72 +0,0 @@ -; PHP-FPM Configuration -; For more information on the config file, please see: -; https://www.php.net/manual/en/index.php - -; Global Options -[global] - -; Pid file -pid = /run/php-fpm.pid - -; Error log file written to stderr -error_log = /dev/stderr - -; Start a new pool named 'www'. -; the variable $pool can be used in any directive and will be replaced by the -; pool name ('www' here) -[www] - -; The address on which to accept FastCGI requests. -; '/path/to/unix/socket' - to listen on a unix socket. -listen = /run/php-fpm.socket - -; Clear environment in FPM workers -; Prevents arbitrary environment variables from reaching FPM worker processes -; by clearing the environment in workers before env vars specified in this -; pool configuration are added. -; Setting to "no" will make all environment variables available to PHP code -; via getenv(), $_ENV and $_SERVER. -clear_env = no - -; Redirect worker stdout and stderr into main error log. If not set, stdout and -; stderr will be redirected to /dev/null according to FastCGI specs. -catch_workers_output = yes - -; Decorate worker output with prefix and suffix containing information about -; the child that writes to the log and if stdout or stderr is used as well as -; log level and time. This options is used only if catch_workers_output is yes. -decorate_workers_output = yes - -;config for process manager to control number of child process -pm = dynamic - -; The number of child processes to be created when pm is set to 'static' and the -; maximum number of child processes to be created when pm is set to 'dynamic'. -; This value sets the limit on the number of simultaneous requests that will be -; served. Equivalent to the ApacheMaxClients directive with mpm_prefork. -; Equivalent to the PHP_FCGI_CHILDREN environment variable in the original PHP -; CGI. -; Note: Used when pm is set to either 'static' or 'dynamic' -; Note: This value is mandatory. -pm.max_children = 125 - -; The number of child processes created on startup. -; Note: Used only when pm is set to 'dynamic' -; Default Value: min_spare_servers + (max_spare_servers - min_spare_servers) / 2 -pm.start_servers = 16 - -; The desired minimum number of idle server processes. -; Note: Used only when pm is set to 'dynamic' -; Note: Mandatory when pm is set to 'dynamic' -pm.min_spare_servers = 16 - -; The desired maximum number of idle server processes. -; Note: Used only when pm is set to 'dynamic' -; Note: Mandatory when pm is set to 'dynamic' -pm.max_spare_servers = 32 - -; The number of requests each child process should execute before respawning. -; This can be useful to work around memory leaks in 3rd party libraries. For -; endless request processing specify '0'. Equivalent to PHP_FCGI_MAX_REQUESTS. -; Default Value: 0 -pm.max_requests = 0 From 1616fdee9bd1ee8b3a6fa8af05ef551818f77816 Mon Sep 17 00:00:00 2001 From: Rahul Sharma Date: Tue, 5 Mar 2024 12:39:08 +0000 Subject: [PATCH 06/48] updated .gitignore --- app/api/.gitignore | 1 - app/api/zzzz-www.conf | 72 +++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 72 insertions(+), 1 deletion(-) create mode 100644 app/api/zzzz-www.conf diff --git a/app/api/.gitignore b/app/api/.gitignore index d6b7ef32c8..f935021a8f 100644 --- a/app/api/.gitignore +++ b/app/api/.gitignore @@ -1,2 +1 @@ -* !.gitignore diff --git a/app/api/zzzz-www.conf b/app/api/zzzz-www.conf new file mode 100644 index 0000000000..6a0f20656d --- /dev/null +++ b/app/api/zzzz-www.conf @@ -0,0 +1,72 @@ +; PHP-FPM Configuration +; For more information on the config file, please see: +; https://www.php.net/manual/en/index.php + +; Global Options +[global] + +; Pid file +pid = /run/php-fpm.pid + +; Error log file written to stderr +error_log = /dev/stderr + +; Start a new pool named 'www'. +; the variable $pool can be used in any directive and will be replaced by the +; pool name ('www' here) +[www] + +; The address on which to accept FastCGI requests. +; '/path/to/unix/socket' - to listen on a unix socket. +listen = /run/php-fpm.socket + +; Clear environment in FPM workers +; Prevents arbitrary environment variables from reaching FPM worker processes +; by clearing the environment in workers before env vars specified in this +; pool configuration are added. +; Setting to "no" will make all environment variables available to PHP code +; via getenv(), $_ENV and $_SERVER. +clear_env = no + +; Redirect worker stdout and stderr into main error log. If not set, stdout and +; stderr will be redirected to /dev/null according to FastCGI specs. +catch_workers_output = yes + +; Decorate worker output with prefix and suffix containing information about +; the child that writes to the log and if stdout or stderr is used as well as +; log level and time. This options is used only if catch_workers_output is yes. +decorate_workers_output = yes + +;config for process manager to control number of child process +pm = dynamic + +; The number of child processes to be created when pm is set to 'static' and the +; maximum number of child processes to be created when pm is set to 'dynamic'. +; This value sets the limit on the number of simultaneous requests that will be +; served. Equivalent to the ApacheMaxClients directive with mpm_prefork. +; Equivalent to the PHP_FCGI_CHILDREN environment variable in the original PHP +; CGI. +; Note: Used when pm is set to either 'static' or 'dynamic' +; Note: This value is mandatory. +pm.max_children = 125 + +; The number of child processes created on startup. +; Note: Used only when pm is set to 'dynamic' +; Default Value: min_spare_servers + (max_spare_servers - min_spare_servers) / 2 +pm.start_servers = 16 + +; The desired minimum number of idle server processes. +; Note: Used only when pm is set to 'dynamic' +; Note: Mandatory when pm is set to 'dynamic' +pm.min_spare_servers = 16 + +; The desired maximum number of idle server processes. +; Note: Used only when pm is set to 'dynamic' +; Note: Mandatory when pm is set to 'dynamic' +pm.max_spare_servers = 32 + +; The number of requests each child process should execute before respawning. +; This can be useful to work around memory leaks in 3rd party libraries. For +; endless request processing specify '0'. Equivalent to PHP_FCGI_MAX_REQUESTS. +; Default Value: 0 +pm.max_requests = 0 From 2956cab776eeb17e146c9905ce0b983eac428176 Mon Sep 17 00:00:00 2001 From: chris lawrence Date: Tue, 5 Mar 2024 12:56:05 +0000 Subject: [PATCH 07/48] feature: internal code review and updates --- app/api/10-opcache.ini | 5 +++-- app/api/backend.conf | 2 -- app/api/dockerfile | 4 +--- 3 files changed, 4 insertions(+), 7 deletions(-) diff --git a/app/api/10-opcache.ini b/app/api/10-opcache.ini index a952bb37e7..cc1c1490c7 100644 --- a/app/api/10-opcache.ini +++ b/app/api/10-opcache.ini @@ -7,5 +7,6 @@ opcache.max_accelerated_files=4000 ; Validate timestamps of scripts on each request. opcache.validate_timestamps=0 -; -opcache.fast_shutdown=1 +; Provide a faster mechanism to call the destructor in the code at the end of a single request, speed up the process +; PHP Response and PHP the recycling speed, allowing the application to respond to more quickly. +opcache.fast_shutdown=1 \ No newline at end of file diff --git a/app/api/backend.conf b/app/api/backend.conf index 4fc3471440..cb7b878291 100644 --- a/app/api/backend.conf +++ b/app/api/backend.conf @@ -12,8 +12,6 @@ server { include fastcgi_params; fastcgi_pass unix:/run/php-fpm.socket; # Path to PHP-FPM socket file - fastcgi_param PHP_VALUE "include_path=.:/usr/local/lib/php; include_path=/var/www/laminas/module/Application;"; - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_param PATH_INFO $fastcgi_path_info; } diff --git a/app/api/dockerfile b/app/api/dockerfile index 4e11d0438f..1d1c6e9de1 100644 --- a/app/api/dockerfile +++ b/app/api/dockerfile @@ -1,7 +1,5 @@ # installing the base image from ECR, tag is appended with v0.1 it may require discussion -# FROM $AWS_ACCOUNT_ID.dkr.ecr.$AWS_REGION.amazonaws.com/php-base:7.4.33-fpm-alpine3.16-v0.1 - -FROM dvsa-base:latest +FROM $AWS_ACCOUNT_ID.dkr.ecr.$AWS_REGION.amazonaws.com/php-base:7.4.33-fpm-alpine3.16-v0.1 USER root From 42d132d08f416769c6c7413df2286f83b0f080b2 Mon Sep 17 00:00:00 2001 From: Rahul Sharma Date: Tue, 5 Mar 2024 16:12:25 +0000 Subject: [PATCH 08/48] Implemented review comments --- app/api/10-opcache.ini | 4 +--- app/api/backend.conf | 1 + app/api/dockerfile | 2 +- 3 files changed, 3 insertions(+), 4 deletions(-) diff --git a/app/api/10-opcache.ini b/app/api/10-opcache.ini index cc1c1490c7..e4ff370bd3 100644 --- a/app/api/10-opcache.ini +++ b/app/api/10-opcache.ini @@ -2,11 +2,9 @@ zend_extension=opcache.so ; The maximum number of keys (and therefore scripts) in the OPcache hash table +; The Allowed value is between 200 and 100000 opcache.max_accelerated_files=4000 ; Validate timestamps of scripts on each request. opcache.validate_timestamps=0 -; Provide a faster mechanism to call the destructor in the code at the end of a single request, speed up the process -; PHP Response and PHP the recycling speed, allowing the application to respond to more quickly. -opcache.fast_shutdown=1 \ No newline at end of file diff --git a/app/api/backend.conf b/app/api/backend.conf index cb7b878291..8cbec1e714 100644 --- a/app/api/backend.conf +++ b/app/api/backend.conf @@ -1,3 +1,4 @@ +# Server configuration, http configuration is defined in base image server { listen 8080; index index.php index.html; diff --git a/app/api/dockerfile b/app/api/dockerfile index 1d1c6e9de1..1316a8f8b2 100644 --- a/app/api/dockerfile +++ b/app/api/dockerfile @@ -31,7 +31,7 @@ COPY ./backend.conf /etc/nginx/conf.d/backend.conf # Configure php-fpm configs COPY ./zzzz-www.conf /usr/local/etc/php-fpm.d/zzzz-www.conf -# copy entire app directory excluding the content in dockerignore +# place holder for copying application # COPY . /var/www # Default startup command when container is launched From c4c79fdb640595c68e50b4090f324fe440c57e38 Mon Sep 17 00:00:00 2001 From: Rahul Sharma Date: Tue, 5 Mar 2024 17:07:59 +0000 Subject: [PATCH 09/48] Aligned to the directory --- app/api/.gitignore | 1 + app/api/10-opcache.ini | 10 ------ app/api/backend.conf | 23 -------------- app/api/dockerfile | 38 ---------------------- app/api/zzzz-www.conf | 72 ------------------------------------------ 5 files changed, 1 insertion(+), 143 deletions(-) delete mode 100644 app/api/10-opcache.ini delete mode 100644 app/api/backend.conf delete mode 100644 app/api/dockerfile delete mode 100644 app/api/zzzz-www.conf diff --git a/app/api/.gitignore b/app/api/.gitignore index f935021a8f..d6b7ef32c8 100644 --- a/app/api/.gitignore +++ b/app/api/.gitignore @@ -1 +1,2 @@ +* !.gitignore diff --git a/app/api/10-opcache.ini b/app/api/10-opcache.ini deleted file mode 100644 index e4ff370bd3..0000000000 --- a/app/api/10-opcache.ini +++ /dev/null @@ -1,10 +0,0 @@ -; OPcache settings as detailed in https://www.php.net/manual/en/opcache.installation.php -zend_extension=opcache.so - -; The maximum number of keys (and therefore scripts) in the OPcache hash table -; The Allowed value is between 200 and 100000 -opcache.max_accelerated_files=4000 - -; Validate timestamps of scripts on each request. -opcache.validate_timestamps=0 - diff --git a/app/api/backend.conf b/app/api/backend.conf deleted file mode 100644 index 8cbec1e714..0000000000 --- a/app/api/backend.conf +++ /dev/null @@ -1,23 +0,0 @@ -# Server configuration, http configuration is defined in base image -server { - listen 8080; - index index.php index.html; - - root /var/www/public; - - location ~ \.php$ { - try_files $uri =404; - fastcgi_split_path_info ^(.+\.php)(/.+)$; - - fastcgi_index index.php; - include fastcgi_params; - fastcgi_pass unix:/run/php-fpm.socket; # Path to PHP-FPM socket file - - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - fastcgi_param PATH_INFO $fastcgi_path_info; - } - location / { - try_files $uri $uri/ /index.php?$query_string; - gzip_static on; - } -} \ No newline at end of file diff --git a/app/api/dockerfile b/app/api/dockerfile deleted file mode 100644 index 1316a8f8b2..0000000000 --- a/app/api/dockerfile +++ /dev/null @@ -1,38 +0,0 @@ -# installing the base image from ECR, tag is appended with v0.1 it may require discussion -FROM $AWS_ACCOUNT_ID.dkr.ecr.$AWS_REGION.amazonaws.com/php-base:7.4.33-fpm-alpine3.16-v0.1 - -USER root - -# Installing require dependencies -RUN apk add --update --no-cache && \ - apk add --virtual build-dependencies \ - icu-dev \ - autoconf \ - build-base && \ - docker-php-ext-configure intl && \ - docker-php-ext-install pdo_mysql \ - opcache \ - intl - -# Installing redis igbinary -RUN pecl install igbinary && \ - docker-php-ext-enable igbinary && \ - pecl install -D 'enable-redis-igbinary="yes"' redis && \ - docker-php-ext-enable redis - -USER www-data - -# opcache config file -COPY ./10-opcache.ini ${PHP_INI_DIR}/conf.d/10-opcache.ini - -# nginx server config file -COPY ./backend.conf /etc/nginx/conf.d/backend.conf - -# Configure php-fpm configs -COPY ./zzzz-www.conf /usr/local/etc/php-fpm.d/zzzz-www.conf - -# place holder for copying application -# COPY . /var/www - -# Default startup command when container is launched -CMD ["supervisord", "-c", "/etc/supervisord.conf"] diff --git a/app/api/zzzz-www.conf b/app/api/zzzz-www.conf deleted file mode 100644 index 6a0f20656d..0000000000 --- a/app/api/zzzz-www.conf +++ /dev/null @@ -1,72 +0,0 @@ -; PHP-FPM Configuration -; For more information on the config file, please see: -; https://www.php.net/manual/en/index.php - -; Global Options -[global] - -; Pid file -pid = /run/php-fpm.pid - -; Error log file written to stderr -error_log = /dev/stderr - -; Start a new pool named 'www'. -; the variable $pool can be used in any directive and will be replaced by the -; pool name ('www' here) -[www] - -; The address on which to accept FastCGI requests. -; '/path/to/unix/socket' - to listen on a unix socket. -listen = /run/php-fpm.socket - -; Clear environment in FPM workers -; Prevents arbitrary environment variables from reaching FPM worker processes -; by clearing the environment in workers before env vars specified in this -; pool configuration are added. -; Setting to "no" will make all environment variables available to PHP code -; via getenv(), $_ENV and $_SERVER. -clear_env = no - -; Redirect worker stdout and stderr into main error log. If not set, stdout and -; stderr will be redirected to /dev/null according to FastCGI specs. -catch_workers_output = yes - -; Decorate worker output with prefix and suffix containing information about -; the child that writes to the log and if stdout or stderr is used as well as -; log level and time. This options is used only if catch_workers_output is yes. -decorate_workers_output = yes - -;config for process manager to control number of child process -pm = dynamic - -; The number of child processes to be created when pm is set to 'static' and the -; maximum number of child processes to be created when pm is set to 'dynamic'. -; This value sets the limit on the number of simultaneous requests that will be -; served. Equivalent to the ApacheMaxClients directive with mpm_prefork. -; Equivalent to the PHP_FCGI_CHILDREN environment variable in the original PHP -; CGI. -; Note: Used when pm is set to either 'static' or 'dynamic' -; Note: This value is mandatory. -pm.max_children = 125 - -; The number of child processes created on startup. -; Note: Used only when pm is set to 'dynamic' -; Default Value: min_spare_servers + (max_spare_servers - min_spare_servers) / 2 -pm.start_servers = 16 - -; The desired minimum number of idle server processes. -; Note: Used only when pm is set to 'dynamic' -; Note: Mandatory when pm is set to 'dynamic' -pm.min_spare_servers = 16 - -; The desired maximum number of idle server processes. -; Note: Used only when pm is set to 'dynamic' -; Note: Mandatory when pm is set to 'dynamic' -pm.max_spare_servers = 32 - -; The number of requests each child process should execute before respawning. -; This can be useful to work around memory leaks in 3rd party libraries. For -; endless request processing specify '0'. Equivalent to PHP_FCGI_MAX_REQUESTS. -; Default Value: 0 -pm.max_requests = 0 From 1d09e66e010bbee5ed708a0c9689d83a953589ce Mon Sep 17 00:00:00 2001 From: Rahul Sharma Date: Tue, 5 Mar 2024 23:39:44 +0000 Subject: [PATCH 10/48] doc: comments updated --- infra/docker/api/10-opcache.ini | 10 +++++ infra/docker/api/Dockerfile | 39 +++++++++++++++++- infra/docker/api/backend.conf | 23 +++++++++++ infra/docker/api/zzzz-www.conf | 72 +++++++++++++++++++++++++++++++++ 4 files changed, 143 insertions(+), 1 deletion(-) create mode 100644 infra/docker/api/10-opcache.ini create mode 100644 infra/docker/api/backend.conf create mode 100644 infra/docker/api/zzzz-www.conf diff --git a/infra/docker/api/10-opcache.ini b/infra/docker/api/10-opcache.ini new file mode 100644 index 0000000000..e4ff370bd3 --- /dev/null +++ b/infra/docker/api/10-opcache.ini @@ -0,0 +1,10 @@ +; OPcache settings as detailed in https://www.php.net/manual/en/opcache.installation.php +zend_extension=opcache.so + +; The maximum number of keys (and therefore scripts) in the OPcache hash table +; The Allowed value is between 200 and 100000 +opcache.max_accelerated_files=4000 + +; Validate timestamps of scripts on each request. +opcache.validate_timestamps=0 + diff --git a/infra/docker/api/Dockerfile b/infra/docker/api/Dockerfile index aafda6f37a..9db7029b42 100644 --- a/infra/docker/api/Dockerfile +++ b/infra/docker/api/Dockerfile @@ -1 +1,38 @@ -FROM php:8.2-fpm +# installing the base image from ECR, tag is appended with v0.1 +FROM $AWS_ACCOUNT_ID.dkr.ecr.$AWS_REGION.amazonaws.com/php-base:7.4.33-fpm-alpine3.16-v0.1 + +USER root + +# Installing require dependencies +RUN apk add --update --no-cache && \ + apk add --virtual build-dependencies \ + icu-dev \ + autoconf \ + build-base && \ + docker-php-ext-configure intl && \ + docker-php-ext-install pdo_mysql \ + opcache \ + intl + +# Installing redis igbinary +RUN pecl install igbinary && \ + docker-php-ext-enable igbinary && \ + pecl install -D 'enable-redis-igbinary="yes"' redis && \ + docker-php-ext-enable redis + +USER www-data + +# opcache config file +COPY ./10-opcache.ini ${PHP_INI_DIR}/conf.d/10-opcache.ini + +# nginx server config file +COPY ./backend.conf /etc/nginx/conf.d/backend.conf + +# Configure php-fpm configs +COPY ./zzzz-www.conf /usr/local/etc/php-fpm.d/zzzz-www.conf + +# place holder for copying application +# ADD /tmp/api.tar.gz /var/www + +# Default startup command when container is launched +CMD ["supervisord", "-c", "/etc/supervisord.conf"] diff --git a/infra/docker/api/backend.conf b/infra/docker/api/backend.conf new file mode 100644 index 0000000000..8cbec1e714 --- /dev/null +++ b/infra/docker/api/backend.conf @@ -0,0 +1,23 @@ +# Server configuration, http configuration is defined in base image +server { + listen 8080; + index index.php index.html; + + root /var/www/public; + + location ~ \.php$ { + try_files $uri =404; + fastcgi_split_path_info ^(.+\.php)(/.+)$; + + fastcgi_index index.php; + include fastcgi_params; + fastcgi_pass unix:/run/php-fpm.socket; # Path to PHP-FPM socket file + + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_param PATH_INFO $fastcgi_path_info; + } + location / { + try_files $uri $uri/ /index.php?$query_string; + gzip_static on; + } +} \ No newline at end of file diff --git a/infra/docker/api/zzzz-www.conf b/infra/docker/api/zzzz-www.conf new file mode 100644 index 0000000000..6a0f20656d --- /dev/null +++ b/infra/docker/api/zzzz-www.conf @@ -0,0 +1,72 @@ +; PHP-FPM Configuration +; For more information on the config file, please see: +; https://www.php.net/manual/en/index.php + +; Global Options +[global] + +; Pid file +pid = /run/php-fpm.pid + +; Error log file written to stderr +error_log = /dev/stderr + +; Start a new pool named 'www'. +; the variable $pool can be used in any directive and will be replaced by the +; pool name ('www' here) +[www] + +; The address on which to accept FastCGI requests. +; '/path/to/unix/socket' - to listen on a unix socket. +listen = /run/php-fpm.socket + +; Clear environment in FPM workers +; Prevents arbitrary environment variables from reaching FPM worker processes +; by clearing the environment in workers before env vars specified in this +; pool configuration are added. +; Setting to "no" will make all environment variables available to PHP code +; via getenv(), $_ENV and $_SERVER. +clear_env = no + +; Redirect worker stdout and stderr into main error log. If not set, stdout and +; stderr will be redirected to /dev/null according to FastCGI specs. +catch_workers_output = yes + +; Decorate worker output with prefix and suffix containing information about +; the child that writes to the log and if stdout or stderr is used as well as +; log level and time. This options is used only if catch_workers_output is yes. +decorate_workers_output = yes + +;config for process manager to control number of child process +pm = dynamic + +; The number of child processes to be created when pm is set to 'static' and the +; maximum number of child processes to be created when pm is set to 'dynamic'. +; This value sets the limit on the number of simultaneous requests that will be +; served. Equivalent to the ApacheMaxClients directive with mpm_prefork. +; Equivalent to the PHP_FCGI_CHILDREN environment variable in the original PHP +; CGI. +; Note: Used when pm is set to either 'static' or 'dynamic' +; Note: This value is mandatory. +pm.max_children = 125 + +; The number of child processes created on startup. +; Note: Used only when pm is set to 'dynamic' +; Default Value: min_spare_servers + (max_spare_servers - min_spare_servers) / 2 +pm.start_servers = 16 + +; The desired minimum number of idle server processes. +; Note: Used only when pm is set to 'dynamic' +; Note: Mandatory when pm is set to 'dynamic' +pm.min_spare_servers = 16 + +; The desired maximum number of idle server processes. +; Note: Used only when pm is set to 'dynamic' +; Note: Mandatory when pm is set to 'dynamic' +pm.max_spare_servers = 32 + +; The number of requests each child process should execute before respawning. +; This can be useful to work around memory leaks in 3rd party libraries. For +; endless request processing specify '0'. Equivalent to PHP_FCGI_MAX_REQUESTS. +; Default Value: 0 +pm.max_requests = 0 From 0265019f6509f260d3485a320e759defa5006654 Mon Sep 17 00:00:00 2001 From: Rahul Sharma Date: Wed, 6 Mar 2024 00:29:49 +0000 Subject: [PATCH 11/48] opcache max value updated to 20000 based on total php files in project --- infra/docker/api/10-opcache.ini | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/infra/docker/api/10-opcache.ini b/infra/docker/api/10-opcache.ini index e4ff370bd3..ece1ebfcaa 100644 --- a/infra/docker/api/10-opcache.ini +++ b/infra/docker/api/10-opcache.ini @@ -3,7 +3,7 @@ zend_extension=opcache.so ; The maximum number of keys (and therefore scripts) in the OPcache hash table ; The Allowed value is between 200 and 100000 -opcache.max_accelerated_files=4000 +opcache.max_accelerated_files=6000 ; Validate timestamps of scripts on each request. opcache.validate_timestamps=0 From fd95ee337f6d6d039497288e4667f016067671af Mon Sep 17 00:00:00 2001 From: Rahul Sharma Date: Thu, 7 Mar 2024 16:15:29 +0000 Subject: [PATCH 12/48] Feedback implemented --- infra/docker/api/10-opcache.ini | 10 ------ infra/docker/api/Dockerfile | 33 ++++++++--------- infra/docker/api/backend.conf | 4 +++ infra/docker/api/php.ini | 38 ++++++++++++++++++++ infra/docker/api/secure_headers.conf | 0 infra/docker/api/{zzzz-www.conf => www.conf} | 0 6 files changed, 59 insertions(+), 26 deletions(-) delete mode 100644 infra/docker/api/10-opcache.ini create mode 100644 infra/docker/api/php.ini create mode 100644 infra/docker/api/secure_headers.conf rename infra/docker/api/{zzzz-www.conf => www.conf} (100%) diff --git a/infra/docker/api/10-opcache.ini b/infra/docker/api/10-opcache.ini deleted file mode 100644 index ece1ebfcaa..0000000000 --- a/infra/docker/api/10-opcache.ini +++ /dev/null @@ -1,10 +0,0 @@ -; OPcache settings as detailed in https://www.php.net/manual/en/opcache.installation.php -zend_extension=opcache.so - -; The maximum number of keys (and therefore scripts) in the OPcache hash table -; The Allowed value is between 200 and 100000 -opcache.max_accelerated_files=6000 - -; Validate timestamps of scripts on each request. -opcache.validate_timestamps=0 - diff --git a/infra/docker/api/Dockerfile b/infra/docker/api/Dockerfile index 9db7029b42..2f863ac6b0 100644 --- a/infra/docker/api/Dockerfile +++ b/infra/docker/api/Dockerfile @@ -4,21 +4,21 @@ FROM $AWS_ACCOUNT_ID.dkr.ecr.$AWS_REGION.amazonaws.com/php-base:7.4.33-fpm-alpin USER root # Installing require dependencies -RUN apk add --update --no-cache && \ - apk add --virtual build-dependencies \ - icu-dev \ +RUN apk add --update --no-cache \ + && apk add --virtual build-dependencies \ autoconf \ - build-base && \ - docker-php-ext-configure intl && \ - docker-php-ext-install pdo_mysql \ - opcache \ - intl - -# Installing redis igbinary -RUN pecl install igbinary && \ - docker-php-ext-enable igbinary && \ - pecl install -D 'enable-redis-igbinary="yes"' redis && \ - docker-php-ext-enable redis + g++ \ + make + +# Install, redis, igbinary, and pdo_mysql PHP extensions +RUN docker-php-ext-install pdo_mysql opcache \ + && pecl install igbinary \ + && docker-php-ext-enable igbinary \ + && pecl install -D 'enable-redis-igbinary="yes"' redis \ + && docker-php-ext-enable redis + +# delete all the dependencies not required after make +RUN apk del build-dependencies USER www-data @@ -27,12 +27,13 @@ COPY ./10-opcache.ini ${PHP_INI_DIR}/conf.d/10-opcache.ini # nginx server config file COPY ./backend.conf /etc/nginx/conf.d/backend.conf +COPY ./secure_headers.conf /etc/nginx/conf.d/secure_headers.conf # Configure php-fpm configs -COPY ./zzzz-www.conf /usr/local/etc/php-fpm.d/zzzz-www.conf +COPY ./www.conf /usr/local/etc/php-fpm.d/zzzz-www.conf # place holder for copying application -# ADD /tmp/api.tar.gz /var/www +# ADD ./api.tar.gz /var/www # Default startup command when container is launched CMD ["supervisord", "-c", "/etc/supervisord.conf"] diff --git a/infra/docker/api/backend.conf b/infra/docker/api/backend.conf index 8cbec1e714..77c2080764 100644 --- a/infra/docker/api/backend.conf +++ b/infra/docker/api/backend.conf @@ -1,7 +1,11 @@ # Server configuration, http configuration is defined in base image server { listen 8080; + listen [::]:8080; index index.php index.html; + + # Include secure header configurations + include /etc/nginx/conf.d/secure-headers.conf; root /var/www/public; diff --git a/infra/docker/api/php.ini b/infra/docker/api/php.ini new file mode 100644 index 0000000000..483018328f --- /dev/null +++ b/infra/docker/api/php.ini @@ -0,0 +1,38 @@ +; PHP's initialization file, generally called php.ini, is responsible for +; configuring many of the aspects of PHP's behavior. +; For more information on the config file, please see: +; https://www.php.net/manual/en/index.php + +[Date] +; Default timezone +date.timezone = "UTC" + +[PHP] +; Exposes to the world that PHP is installed on the server +; which includes the PHP version within the HTTP header +expose_php = Off + +[opcache] +; OPcache settings as detailed in https://www.php.net/manual/en/opcache.installation.php +zend_extension=opcache.so + +; The maximum number of keys (and therefore scripts) in the OPcache hash table +; The Allowed value is between 200 and 100000 +opcache.max_accelerated_files=20000 + +; Validate timestamps of scripts on each request. +opcache.validate_timestamps=1 + +; Specifies the frequency at which OPcache checks for changes to PHP scripts +; in the filesystem. The value is in seconds. +opcache.revalidate_freq=60 + +;enable the cli +opcache.enable_cli=1 + + + + + + + diff --git a/infra/docker/api/secure_headers.conf b/infra/docker/api/secure_headers.conf new file mode 100644 index 0000000000..e69de29bb2 diff --git a/infra/docker/api/zzzz-www.conf b/infra/docker/api/www.conf similarity index 100% rename from infra/docker/api/zzzz-www.conf rename to infra/docker/api/www.conf From c4c714c2303c54d05fe9805ebcc5dd712e64699d Mon Sep 17 00:00:00 2001 From: Rahul Sharma Date: Thu, 7 Mar 2024 17:01:25 +0000 Subject: [PATCH 13/48] Updated nginx config with secure headers --- infra/docker/api/Dockerfile | 3 +-- infra/docker/api/backend.conf | 14 +++++++++++--- infra/docker/api/secure_headers.conf | 0 3 files changed, 12 insertions(+), 5 deletions(-) delete mode 100644 infra/docker/api/secure_headers.conf diff --git a/infra/docker/api/Dockerfile b/infra/docker/api/Dockerfile index 2f863ac6b0..0144384cb6 100644 --- a/infra/docker/api/Dockerfile +++ b/infra/docker/api/Dockerfile @@ -23,11 +23,10 @@ RUN apk del build-dependencies USER www-data # opcache config file -COPY ./10-opcache.ini ${PHP_INI_DIR}/conf.d/10-opcache.ini +COPY ./php.ini ${PHP_INI_DIR}/conf.d/1000-php.ini # nginx server config file COPY ./backend.conf /etc/nginx/conf.d/backend.conf -COPY ./secure_headers.conf /etc/nginx/conf.d/secure_headers.conf # Configure php-fpm configs COPY ./www.conf /usr/local/etc/php-fpm.d/zzzz-www.conf diff --git a/infra/docker/api/backend.conf b/infra/docker/api/backend.conf index 77c2080764..bfbabd80c5 100644 --- a/infra/docker/api/backend.conf +++ b/infra/docker/api/backend.conf @@ -4,11 +4,19 @@ server { listen [::]:8080; index index.php index.html; - # Include secure header configurations - include /etc/nginx/conf.d/secure-headers.conf; - root /var/www/public; + # Enable Strict-Transport-Security header to force HTTPS (commented out as HTTPS is not used) + add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"; + # Enable Content-Security-Policy header to prevent XSS attacks + add_header Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; img-src 'self' data:;"; + # Enable X-Frame-Options header to prevent Clickjacking attacks + add_header X-Frame-Options "SAMEORIGIN"; + # Enable X-XSS-Protection header to prevent XSS attacks in older browsers + add_header X-XSS-Protection "1; mode=block"; + # Enable X-Content-Type-Options header to prevent MIME-sniffing attacks + add_header X-Content-Type-Options "nosniff"; + location ~ \.php$ { try_files $uri =404; fastcgi_split_path_info ^(.+\.php)(/.+)$; diff --git a/infra/docker/api/secure_headers.conf b/infra/docker/api/secure_headers.conf deleted file mode 100644 index e69de29bb2..0000000000 From 03e2b4176e085fa155a38112510ad603861cfb3f Mon Sep 17 00:00:00 2001 From: Rahul Sharma Date: Fri, 8 Mar 2024 09:24:46 +0000 Subject: [PATCH 14/48] removed the overrides config from www.conf file --- infra/docker/api/www.conf | 44 ++------------------------------------- 1 file changed, 2 insertions(+), 42 deletions(-) diff --git a/infra/docker/api/www.conf b/infra/docker/api/www.conf index 6a0f20656d..7506eaf853 100644 --- a/infra/docker/api/www.conf +++ b/infra/docker/api/www.conf @@ -2,52 +2,12 @@ ; For more information on the config file, please see: ; https://www.php.net/manual/en/index.php -; Global Options -[global] +;Global config is in the base image -; Pid file -pid = /run/php-fpm.pid - -; Error log file written to stderr -error_log = /dev/stderr - -; Start a new pool named 'www'. -; the variable $pool can be used in any directive and will be replaced by the -; pool name ('www' here) [www] -; The address on which to accept FastCGI requests. -; '/path/to/unix/socket' - to listen on a unix socket. -listen = /run/php-fpm.socket - -; Clear environment in FPM workers -; Prevents arbitrary environment variables from reaching FPM worker processes -; by clearing the environment in workers before env vars specified in this -; pool configuration are added. -; Setting to "no" will make all environment variables available to PHP code -; via getenv(), $_ENV and $_SERVER. -clear_env = no - -; Redirect worker stdout and stderr into main error log. If not set, stdout and -; stderr will be redirected to /dev/null according to FastCGI specs. -catch_workers_output = yes - -; Decorate worker output with prefix and suffix containing information about -; the child that writes to the log and if stdout or stderr is used as well as -; log level and time. This options is used only if catch_workers_output is yes. -decorate_workers_output = yes - -;config for process manager to control number of child process -pm = dynamic +;Rest of the config for WWW ppol is in the base image -; The number of child processes to be created when pm is set to 'static' and the -; maximum number of child processes to be created when pm is set to 'dynamic'. -; This value sets the limit on the number of simultaneous requests that will be -; served. Equivalent to the ApacheMaxClients directive with mpm_prefork. -; Equivalent to the PHP_FCGI_CHILDREN environment variable in the original PHP -; CGI. -; Note: Used when pm is set to either 'static' or 'dynamic' -; Note: This value is mandatory. pm.max_children = 125 ; The number of child processes created on startup. From 1a073ba10ed172db7fd8563e426f9de1e907e83b Mon Sep 17 00:00:00 2001 From: Rahul Sharma Date: Sun, 10 Mar 2024 21:57:02 +0000 Subject: [PATCH 15/48] dockerfile adjusted --- infra/docker/api/Dockerfile | 22 ++++++++++------------ infra/docker/api/backend.conf | 5 ++--- 2 files changed, 12 insertions(+), 15 deletions(-) diff --git a/infra/docker/api/Dockerfile b/infra/docker/api/Dockerfile index 0144384cb6..1578f24268 100644 --- a/infra/docker/api/Dockerfile +++ b/infra/docker/api/Dockerfile @@ -3,22 +3,20 @@ FROM $AWS_ACCOUNT_ID.dkr.ecr.$AWS_REGION.amazonaws.com/php-base:7.4.33-fpm-alpin USER root +USER root + # Installing require dependencies RUN apk add --update --no-cache \ - && apk add --virtual build-dependencies \ + icu-dev \ autoconf \ g++ \ - make - -# Install, redis, igbinary, and pdo_mysql PHP extensions -RUN docker-php-ext-install pdo_mysql opcache \ + make \ && pecl install igbinary \ && docker-php-ext-enable igbinary \ + && docker-php-ext-install intl pdo_mysql opcache \ && pecl install -D 'enable-redis-igbinary="yes"' redis \ - && docker-php-ext-enable redis - -# delete all the dependencies not required after make -RUN apk del build-dependencies + && docker-php-ext-enable redis \ + && apk del --purge autoconf g++ make USER www-data @@ -32,7 +30,7 @@ COPY ./backend.conf /etc/nginx/conf.d/backend.conf COPY ./www.conf /usr/local/etc/php-fpm.d/zzzz-www.conf # place holder for copying application -# ADD ./api.tar.gz /var/www + ADD ./backend.tar.gz /var/www + +# Default startup command when container is launched is in the base image -# Default startup command when container is launched -CMD ["supervisord", "-c", "/etc/supervisord.conf"] diff --git a/infra/docker/api/backend.conf b/infra/docker/api/backend.conf index bfbabd80c5..8b0f0e8d36 100644 --- a/infra/docker/api/backend.conf +++ b/infra/docker/api/backend.conf @@ -6,10 +6,9 @@ server { root /var/www/public; - # Enable Strict-Transport-Security header to force HTTPS (commented out as HTTPS is not used) - add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"; + # Enable Content-Security-Policy header to prevent XSS attacks - add_header Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; img-src 'self' data:;"; + add_header Content-Security-Policy "default-src 'self'; script-src 'self'; style-src 'self'; img-src 'self' data:;"; # Enable X-Frame-Options header to prevent Clickjacking attacks add_header X-Frame-Options "SAMEORIGIN"; # Enable X-XSS-Protection header to prevent XSS attacks in older browsers From b839593a012e7892d6479517ecd8a0fd26c1b6c8 Mon Sep 17 00:00:00 2001 From: Rahul Sharma Date: Sun, 10 Mar 2024 22:04:33 +0000 Subject: [PATCH 16/48] remove duplication from dockerfile --- infra/docker/api/Dockerfile | 2 -- 1 file changed, 2 deletions(-) diff --git a/infra/docker/api/Dockerfile b/infra/docker/api/Dockerfile index 1578f24268..eb0b23a854 100644 --- a/infra/docker/api/Dockerfile +++ b/infra/docker/api/Dockerfile @@ -3,8 +3,6 @@ FROM $AWS_ACCOUNT_ID.dkr.ecr.$AWS_REGION.amazonaws.com/php-base:7.4.33-fpm-alpin USER root -USER root - # Installing require dependencies RUN apk add --update --no-cache \ icu-dev \ From 6fd10dabd12044e40986eb50c1d14635a3464f22 Mon Sep 17 00:00:00 2001 From: Rahul Sharma Date: Sun, 10 Mar 2024 22:23:52 +0000 Subject: [PATCH 17/48] remove duplication from dockerfile --- infra/docker/api/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/infra/docker/api/Dockerfile b/infra/docker/api/Dockerfile index eb0b23a854..eeb6159288 100644 --- a/infra/docker/api/Dockerfile +++ b/infra/docker/api/Dockerfile @@ -28,7 +28,7 @@ COPY ./backend.conf /etc/nginx/conf.d/backend.conf COPY ./www.conf /usr/local/etc/php-fpm.d/zzzz-www.conf # place holder for copying application - ADD ./backend.tar.gz /var/www +# ADD ./backend.tar.gz /var/www # Default startup command when container is launched is in the base image From 7a2134052aaf8c91a8fb6edeec92004c4447f861 Mon Sep 17 00:00:00 2001 From: Rahul Sharma Date: Mon, 11 Mar 2024 17:19:43 +0000 Subject: [PATCH 18/48] feedback implemented --- infra/docker/api/Dockerfile | 10 +++++----- infra/docker/api/backend.conf | 13 +------------ infra/docker/api/php.ini | 25 ++++--------------------- infra/docker/api/www.conf | 32 -------------------------------- 4 files changed, 10 insertions(+), 70 deletions(-) delete mode 100644 infra/docker/api/www.conf diff --git a/infra/docker/api/Dockerfile b/infra/docker/api/Dockerfile index eeb6159288..8cccdcda67 100644 --- a/infra/docker/api/Dockerfile +++ b/infra/docker/api/Dockerfile @@ -1,8 +1,10 @@ # installing the base image from ECR, tag is appended with v0.1 -FROM $AWS_ACCOUNT_ID.dkr.ecr.$AWS_REGION.amazonaws.com/php-base:7.4.33-fpm-alpine3.16-v0.1 +FROM $AWS_ACCOUNT_ID.dkr.ecr.eu-west-1.amazonaws.com/php-7.4:v0.1 USER root +RUN docker-php-ext-install intl pdo_mysql opcache + # Installing require dependencies RUN apk add --update --no-cache \ icu-dev \ @@ -10,15 +12,13 @@ RUN apk add --update --no-cache \ g++ \ make \ && pecl install igbinary \ - && docker-php-ext-enable igbinary \ - && docker-php-ext-install intl pdo_mysql opcache \ && pecl install -D 'enable-redis-igbinary="yes"' redis \ - && docker-php-ext-enable redis \ + && docker-php-ext-enable igbinary redis \ && apk del --purge autoconf g++ make USER www-data -# opcache config file +# php config file COPY ./php.ini ${PHP_INI_DIR}/conf.d/1000-php.ini # nginx server config file diff --git a/infra/docker/api/backend.conf b/infra/docker/api/backend.conf index 8b0f0e8d36..d8ba26d10f 100644 --- a/infra/docker/api/backend.conf +++ b/infra/docker/api/backend.conf @@ -1,21 +1,11 @@ # Server configuration, http configuration is defined in base image server { listen 8080; - listen [::]:8080; + listen [::]:8080; index index.php index.html; root /var/www/public; - - # Enable Content-Security-Policy header to prevent XSS attacks - add_header Content-Security-Policy "default-src 'self'; script-src 'self'; style-src 'self'; img-src 'self' data:;"; - # Enable X-Frame-Options header to prevent Clickjacking attacks - add_header X-Frame-Options "SAMEORIGIN"; - # Enable X-XSS-Protection header to prevent XSS attacks in older browsers - add_header X-XSS-Protection "1; mode=block"; - # Enable X-Content-Type-Options header to prevent MIME-sniffing attacks - add_header X-Content-Type-Options "nosniff"; - location ~ \.php$ { try_files $uri =404; fastcgi_split_path_info ^(.+\.php)(/.+)$; @@ -29,6 +19,5 @@ server { } location / { try_files $uri $uri/ /index.php?$query_string; - gzip_static on; } } \ No newline at end of file diff --git a/infra/docker/api/php.ini b/infra/docker/api/php.ini index 483018328f..3228fec104 100644 --- a/infra/docker/api/php.ini +++ b/infra/docker/api/php.ini @@ -3,21 +3,11 @@ ; For more information on the config file, please see: ; https://www.php.net/manual/en/index.php -[Date] -; Default timezone -date.timezone = "UTC" - -[PHP] -; Exposes to the world that PHP is installed on the server -; which includes the PHP version within the HTTP header -expose_php = Off - [opcache] -; OPcache settings as detailed in https://www.php.net/manual/en/opcache.installation.php -zend_extension=opcache.so - ; The maximum number of keys (and therefore scripts) in the OPcache hash table -; The Allowed value is between 200 and 100000 +; The Allowed value is between 200 and 100000. Recommendation is to have this +;number approximately equal to the total number of php files in your project +;https://programmer.group/php7-enables-opcache-to-create-powerful-performance.html#:~:text=opcache.max_accelerated_files opcache.max_accelerated_files=20000 ; Validate timestamps of scripts on each request. @@ -28,11 +18,4 @@ opcache.validate_timestamps=1 opcache.revalidate_freq=60 ;enable the cli -opcache.enable_cli=1 - - - - - - - +opcache.enable_cli=1 \ No newline at end of file diff --git a/infra/docker/api/www.conf b/infra/docker/api/www.conf deleted file mode 100644 index 7506eaf853..0000000000 --- a/infra/docker/api/www.conf +++ /dev/null @@ -1,32 +0,0 @@ -; PHP-FPM Configuration -; For more information on the config file, please see: -; https://www.php.net/manual/en/index.php - -;Global config is in the base image - -[www] - -;Rest of the config for WWW ppol is in the base image - -pm.max_children = 125 - -; The number of child processes created on startup. -; Note: Used only when pm is set to 'dynamic' -; Default Value: min_spare_servers + (max_spare_servers - min_spare_servers) / 2 -pm.start_servers = 16 - -; The desired minimum number of idle server processes. -; Note: Used only when pm is set to 'dynamic' -; Note: Mandatory when pm is set to 'dynamic' -pm.min_spare_servers = 16 - -; The desired maximum number of idle server processes. -; Note: Used only when pm is set to 'dynamic' -; Note: Mandatory when pm is set to 'dynamic' -pm.max_spare_servers = 32 - -; The number of requests each child process should execute before respawning. -; This can be useful to work around memory leaks in 3rd party libraries. For -; endless request processing specify '0'. Equivalent to PHP_FCGI_MAX_REQUESTS. -; Default Value: 0 -pm.max_requests = 0 From 5cda3262711b04639881403d7efa6ca4ae0f0549 Mon Sep 17 00:00:00 2001 From: Rahul Sharma Date: Mon, 11 Mar 2024 17:36:54 +0000 Subject: [PATCH 19/48] dockerfile updated the layer adjusted as icu-dev is required --- infra/docker/api/Dockerfile | 7 ++----- 1 file changed, 2 insertions(+), 5 deletions(-) diff --git a/infra/docker/api/Dockerfile b/infra/docker/api/Dockerfile index 8cccdcda67..a22760f078 100644 --- a/infra/docker/api/Dockerfile +++ b/infra/docker/api/Dockerfile @@ -3,8 +3,6 @@ FROM $AWS_ACCOUNT_ID.dkr.ecr.eu-west-1.amazonaws.com/php-7.4:v0.1 USER root -RUN docker-php-ext-install intl pdo_mysql opcache - # Installing require dependencies RUN apk add --update --no-cache \ icu-dev \ @@ -16,6 +14,8 @@ RUN apk add --update --no-cache \ && docker-php-ext-enable igbinary redis \ && apk del --purge autoconf g++ make +RUN docker-php-ext-install intl pdo_mysql opcache + USER www-data # php config file @@ -24,9 +24,6 @@ COPY ./php.ini ${PHP_INI_DIR}/conf.d/1000-php.ini # nginx server config file COPY ./backend.conf /etc/nginx/conf.d/backend.conf -# Configure php-fpm configs -COPY ./www.conf /usr/local/etc/php-fpm.d/zzzz-www.conf - # place holder for copying application # ADD ./backend.tar.gz /var/www From 1e2b183e3a388c8c12ed100cc9730b9c0261669f Mon Sep 17 00:00:00 2001 From: Rahul Sharma Date: Mon, 11 Mar 2024 19:36:31 +0000 Subject: [PATCH 20/48] dockerfile updated with account number --- infra/docker/api/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/infra/docker/api/Dockerfile b/infra/docker/api/Dockerfile index a22760f078..69dcc073de 100644 --- a/infra/docker/api/Dockerfile +++ b/infra/docker/api/Dockerfile @@ -1,5 +1,5 @@ # installing the base image from ECR, tag is appended with v0.1 -FROM $AWS_ACCOUNT_ID.dkr.ecr.eu-west-1.amazonaws.com/php-7.4:v0.1 +FROM 245185850403.dkr.ecr.eu-west-1.amazonaws.com/php-7.4:v0.1 USER root From d9f4761e748c775522c6237cba30f0cfe72d7df6 Mon Sep 17 00:00:00 2001 From: Rahul Sharma Date: Tue, 12 Mar 2024 19:30:58 +0000 Subject: [PATCH 21/48] added aws header --- infra/docker/api/Dockerfile | 4 ++++ infra/docker/api/backend.conf | 4 ++++ infra/docker/api/php.ini | 4 ++++ 3 files changed, 12 insertions(+) diff --git a/infra/docker/api/Dockerfile b/infra/docker/api/Dockerfile index 69dcc073de..d78a3fe454 100644 --- a/infra/docker/api/Dockerfile +++ b/infra/docker/api/Dockerfile @@ -1,3 +1,7 @@ +## + # Copyright © Amazon.com and Affiliates: This deliverable is considered Developed Content as defined in the AWS Service Terms and the SOW between the parties dated 2024-01-16. +## + # installing the base image from ECR, tag is appended with v0.1 FROM 245185850403.dkr.ecr.eu-west-1.amazonaws.com/php-7.4:v0.1 diff --git a/infra/docker/api/backend.conf b/infra/docker/api/backend.conf index d8ba26d10f..9fdec161da 100644 --- a/infra/docker/api/backend.conf +++ b/infra/docker/api/backend.conf @@ -1,3 +1,7 @@ +## + # Copyright © Amazon.com and Affiliates: This deliverable is considered Developed Content as defined in the AWS Service Terms and the SOW between the parties dated 2024-01-16. +## + # Server configuration, http configuration is defined in base image server { listen 8080; diff --git a/infra/docker/api/php.ini b/infra/docker/api/php.ini index 3228fec104..1ac598e21e 100644 --- a/infra/docker/api/php.ini +++ b/infra/docker/api/php.ini @@ -1,3 +1,7 @@ +## + # Copyright © Amazon.com and Affiliates: This deliverable is considered Developed Content as defined in the AWS Service Terms and the SOW between the parties dated 2024-01-16. +## + ; PHP's initialization file, generally called php.ini, is responsible for ; configuring many of the aspects of PHP's behavior. ; For more information on the config file, please see: From 21a78a3eb4becc70f3d471f6a201e391be5b857f Mon Sep 17 00:00:00 2001 From: rahul-dvsa <141035405+rahul-dvsa@users.noreply.github.com> Date: Wed, 20 Mar 2024 09:34:46 +0000 Subject: [PATCH 22/48] Update Dockerfile --- infra/docker/api/Dockerfile | 4 ---- 1 file changed, 4 deletions(-) diff --git a/infra/docker/api/Dockerfile b/infra/docker/api/Dockerfile index d78a3fe454..69dcc073de 100644 --- a/infra/docker/api/Dockerfile +++ b/infra/docker/api/Dockerfile @@ -1,7 +1,3 @@ -## - # Copyright © Amazon.com and Affiliates: This deliverable is considered Developed Content as defined in the AWS Service Terms and the SOW between the parties dated 2024-01-16. -## - # installing the base image from ECR, tag is appended with v0.1 FROM 245185850403.dkr.ecr.eu-west-1.amazonaws.com/php-7.4:v0.1 From 5d2028808bc004458b8b6ec28e125ad8474a942d Mon Sep 17 00:00:00 2001 From: rahul-dvsa <141035405+rahul-dvsa@users.noreply.github.com> Date: Wed, 20 Mar 2024 09:35:04 +0000 Subject: [PATCH 23/48] Update backend.conf --- infra/docker/api/backend.conf | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/infra/docker/api/backend.conf b/infra/docker/api/backend.conf index 9fdec161da..564ef33c57 100644 --- a/infra/docker/api/backend.conf +++ b/infra/docker/api/backend.conf @@ -1,7 +1,3 @@ -## - # Copyright © Amazon.com and Affiliates: This deliverable is considered Developed Content as defined in the AWS Service Terms and the SOW between the parties dated 2024-01-16. -## - # Server configuration, http configuration is defined in base image server { listen 8080; @@ -24,4 +20,4 @@ server { location / { try_files $uri $uri/ /index.php?$query_string; } -} \ No newline at end of file +} From b5913e7eed5fcb33028ca0338a80c9a77e8f4eef Mon Sep 17 00:00:00 2001 From: rahul-dvsa <141035405+rahul-dvsa@users.noreply.github.com> Date: Wed, 20 Mar 2024 09:35:38 +0000 Subject: [PATCH 24/48] Update php.ini removed aws headers --- infra/docker/api/php.ini | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/infra/docker/api/php.ini b/infra/docker/api/php.ini index 1ac598e21e..36b5ac8ac8 100644 --- a/infra/docker/api/php.ini +++ b/infra/docker/api/php.ini @@ -1,7 +1,3 @@ -## - # Copyright © Amazon.com and Affiliates: This deliverable is considered Developed Content as defined in the AWS Service Terms and the SOW between the parties dated 2024-01-16. -## - ; PHP's initialization file, generally called php.ini, is responsible for ; configuring many of the aspects of PHP's behavior. ; For more information on the config file, please see: @@ -22,4 +18,4 @@ opcache.validate_timestamps=1 opcache.revalidate_freq=60 ;enable the cli -opcache.enable_cli=1 \ No newline at end of file +opcache.enable_cli=1 From ef172b74b17ea7fe80ac1dde50fc995b9fd9b511 Mon Sep 17 00:00:00 2001 From: Rahul Sharma Date: Mon, 25 Mar 2024 17:31:09 +0000 Subject: [PATCH 25/48] Introduced package version --- infra/docker/api/Dockerfile | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/infra/docker/api/Dockerfile b/infra/docker/api/Dockerfile index 69dcc073de..15f7555b77 100644 --- a/infra/docker/api/Dockerfile +++ b/infra/docker/api/Dockerfile @@ -1,14 +1,15 @@ # installing the base image from ECR, tag is appended with v0.1 -FROM 245185850403.dkr.ecr.eu-west-1.amazonaws.com/php-7.4:v0.1 +# FROM 245185850403.dkr.ecr.eu-west-1.amazonaws.com/php-7.4:v0.1 +FROM php-base USER root # Installing require dependencies RUN apk add --update --no-cache \ - icu-dev \ - autoconf \ - g++ \ - make \ + icu-dev~=71.1 \ + autoconf~=2.71 \ + g++~=11.2.1 \ + make=~4.3 \ && pecl install igbinary \ && pecl install -D 'enable-redis-igbinary="yes"' redis \ && docker-php-ext-enable igbinary redis \ @@ -16,6 +17,7 @@ RUN apk add --update --no-cache \ RUN docker-php-ext-install intl pdo_mysql opcache + USER www-data # php config file From 213567e1c37d809293d2b8da75cefbea8323df8a Mon Sep 17 00:00:00 2001 From: Rahul Sharma Date: Tue, 26 Mar 2024 14:27:49 +0000 Subject: [PATCH 26/48] updated dockerfile --- infra/docker/api/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/infra/docker/api/Dockerfile b/infra/docker/api/Dockerfile index 15f7555b77..adcb7a153a 100644 --- a/infra/docker/api/Dockerfile +++ b/infra/docker/api/Dockerfile @@ -9,7 +9,7 @@ RUN apk add --update --no-cache \ icu-dev~=71.1 \ autoconf~=2.71 \ g++~=11.2.1 \ - make=~4.3 \ + make~=4.3 \ && pecl install igbinary \ && pecl install -D 'enable-redis-igbinary="yes"' redis \ && docker-php-ext-enable igbinary redis \ From 3206bf67a74cd121c901368b2bb7df6ee1de12ab Mon Sep 17 00:00:00 2001 From: Rahul Sharma Date: Tue, 26 Mar 2024 14:33:28 +0000 Subject: [PATCH 27/48] updated dockerfile FROM statement --- infra/docker/api/Dockerfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/infra/docker/api/Dockerfile b/infra/docker/api/Dockerfile index adcb7a153a..b612fc2f10 100644 --- a/infra/docker/api/Dockerfile +++ b/infra/docker/api/Dockerfile @@ -1,6 +1,6 @@ # installing the base image from ECR, tag is appended with v0.1 -# FROM 245185850403.dkr.ecr.eu-west-1.amazonaws.com/php-7.4:v0.1 -FROM php-base +FROM 245185850403.dkr.ecr.eu-west-1.amazonaws.com/php-7.4:v0.1 + USER root From 41432bcb09ab93f985250fbf531370d8a0312b38 Mon Sep 17 00:00:00 2001 From: Gabriel Guimaraes Date: Wed, 17 Apr 2024 12:07:39 +0100 Subject: [PATCH 28/48] feat: using GHCR image not ECR --- infra/docker/api/Dockerfile | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/infra/docker/api/Dockerfile b/infra/docker/api/Dockerfile index b612fc2f10..e5f302e0a2 100644 --- a/infra/docker/api/Dockerfile +++ b/infra/docker/api/Dockerfile @@ -1,6 +1,4 @@ -# installing the base image from ECR, tag is appended with v0.1 -FROM 245185850403.dkr.ecr.eu-west-1.amazonaws.com/php-7.4:v0.1 - +FROM ghcr.io/dvsa/dvsa-docker-images/php/7.4/fpm-nginx:latest USER root From 929ef999003f662580a444951ad906c9e3918c14 Mon Sep 17 00:00:00 2001 From: Gabriel Guimaraes Date: Wed, 17 Apr 2024 12:10:35 +0100 Subject: [PATCH 29/48] fix: changed way to install redis and igbinary --- infra/docker/api/Dockerfile | 16 +++++----------- 1 file changed, 5 insertions(+), 11 deletions(-) diff --git a/infra/docker/api/Dockerfile b/infra/docker/api/Dockerfile index e5f302e0a2..f5850fef6a 100644 --- a/infra/docker/api/Dockerfile +++ b/infra/docker/api/Dockerfile @@ -2,18 +2,12 @@ FROM ghcr.io/dvsa/dvsa-docker-images/php/7.4/fpm-nginx:latest USER root -# Installing require dependencies -RUN apk add --update --no-cache \ - icu-dev~=71.1 \ - autoconf~=2.71 \ - g++~=11.2.1 \ - make~=4.3 \ +# Install redis with igbinary +RUN apk add --no-cache pcre-dev $PHPIZE_DEPS \ && pecl install igbinary \ - && pecl install -D 'enable-redis-igbinary="yes"' redis \ - && docker-php-ext-enable igbinary redis \ - && apk del --purge autoconf g++ make - -RUN docker-php-ext-install intl pdo_mysql opcache + && pecl install -D 'enable-redis-igbinary="yes" enable-redis-lzf="no" enable-redis-zstd="no"' redis \ + && docker-php-ext-enable redis igbinary \ + && apk del pcre-dev $PHPIZE_DEPS USER www-data From 626849a290a2cc06400ab6aa8ebd722a29a6560c Mon Sep 17 00:00:00 2001 From: Gabriel Guimaraes Date: Wed, 17 Apr 2024 12:18:01 +0100 Subject: [PATCH 30/48] feat: installed pdo_mysql, opcahce and intl --- infra/docker/api/Dockerfile | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/infra/docker/api/Dockerfile b/infra/docker/api/Dockerfile index f5850fef6a..5f380f5cd6 100644 --- a/infra/docker/api/Dockerfile +++ b/infra/docker/api/Dockerfile @@ -9,6 +9,11 @@ RUN apk add --no-cache pcre-dev $PHPIZE_DEPS \ && docker-php-ext-enable redis igbinary \ && apk del pcre-dev $PHPIZE_DEPS +RUN apk add icu-dev \ + && docker-php-ext-install mysqli pdo_mysql \ + && docker-php-ext-install opcache \ + && docker-php-ext-configure intl && docker-php-ext-install intl \ + && apk del icu-dev USER www-data From ee00e3b10dad2ed8162213d073c67041b5d804ce Mon Sep 17 00:00:00 2001 From: Gabriel Guimaraes Date: Wed, 17 Apr 2024 12:20:07 +0100 Subject: [PATCH 31/48] fix: fixed formatting in php.ini --- infra/docker/api/php.ini | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/infra/docker/api/php.ini b/infra/docker/api/php.ini index 36b5ac8ac8..9e3c23466e 100644 --- a/infra/docker/api/php.ini +++ b/infra/docker/api/php.ini @@ -5,17 +5,17 @@ [opcache] ; The maximum number of keys (and therefore scripts) in the OPcache hash table -; The Allowed value is between 200 and 100000. Recommendation is to have this -;number approximately equal to the total number of php files in your project -;https://programmer.group/php7-enables-opcache-to-create-powerful-performance.html#:~:text=opcache.max_accelerated_files +; The Allowed value is between 200 and 100000. Recommendation is to have this +; number approximately equal to the total number of php files in your project +; https://programmer.group/php7-enables-opcache-to-create-powerful-performance.html#:~:text=opcache.max_accelerated_files opcache.max_accelerated_files=20000 -; Validate timestamps of scripts on each request. +; Validate timestamps of scripts on each request. opcache.validate_timestamps=1 ; Specifies the frequency at which OPcache checks for changes to PHP scripts ; in the filesystem. The value is in seconds. opcache.revalidate_freq=60 -;enable the cli -opcache.enable_cli=1 +; Enable the cli +opcache.enable_cli=1 From 2392dddfb52b6652ee5c856d50c6ff9cdfdb601a Mon Sep 17 00:00:00 2001 From: Gabriel Guimaraes Date: Wed, 17 Apr 2024 12:27:22 +0100 Subject: [PATCH 32/48] fix: changed where artifact is downloaded --- .github/workflows/docker.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/docker.yaml b/.github/workflows/docker.yaml index b21aa89934..117590d30c 100644 --- a/.github/workflows/docker.yaml +++ b/.github/workflows/docker.yaml @@ -57,7 +57,7 @@ jobs: - uses: actions/download-artifact@v4 with: name: ${{ inputs.app-artefact-name }} - path: app/${{ inputs.project }} + path: infra/docker/${{ inputs.project }} - name: Set up Docker Buildx uses: docker/setup-buildx-action@v3 From 3ae530718ad2841adc55a4a8378dc6d46179f94d Mon Sep 17 00:00:00 2001 From: Gabriel Guimaraes Date: Wed, 17 Apr 2024 12:31:57 +0100 Subject: [PATCH 33/48] feat: add application code to /var/www/html --- infra/docker/api/Dockerfile | 2 ++ 1 file changed, 2 insertions(+) diff --git a/infra/docker/api/Dockerfile b/infra/docker/api/Dockerfile index 5f380f5cd6..c27e8db2c3 100644 --- a/infra/docker/api/Dockerfile +++ b/infra/docker/api/Dockerfile @@ -20,6 +20,8 @@ USER www-data # php config file COPY ./php.ini ${PHP_INI_DIR}/conf.d/1000-php.ini +ADD --chown=www-data ./api.tar.gz /var/www/html + # nginx server config file COPY ./backend.conf /etc/nginx/conf.d/backend.conf From 359f2fa74749baa86bde5c1d68ec2365bf909729 Mon Sep 17 00:00:00 2001 From: Gabriel Guimaraes Date: Wed, 17 Apr 2024 12:33:01 +0100 Subject: [PATCH 34/48] fix: need root access to change permissions to app code --- infra/docker/api/Dockerfile | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/infra/docker/api/Dockerfile b/infra/docker/api/Dockerfile index c27e8db2c3..69f75874ef 100644 --- a/infra/docker/api/Dockerfile +++ b/infra/docker/api/Dockerfile @@ -15,9 +15,7 @@ RUN apk add icu-dev \ && docker-php-ext-configure intl && docker-php-ext-install intl \ && apk del icu-dev -USER www-data - -# php config file +# PHP config file COPY ./php.ini ${PHP_INI_DIR}/conf.d/1000-php.ini ADD --chown=www-data ./api.tar.gz /var/www/html From ea0f19495d4dcedfade66dac60d85877502ef408 Mon Sep 17 00:00:00 2001 From: Gabriel Guimaraes Date: Wed, 17 Apr 2024 12:33:50 +0100 Subject: [PATCH 35/48] fix: changed nginx conf name to api & revert user back to www-data --- infra/docker/api/Dockerfile | 8 ++------ 1 file changed, 2 insertions(+), 6 deletions(-) diff --git a/infra/docker/api/Dockerfile b/infra/docker/api/Dockerfile index 69f75874ef..b72f1e89a1 100644 --- a/infra/docker/api/Dockerfile +++ b/infra/docker/api/Dockerfile @@ -21,10 +21,6 @@ COPY ./php.ini ${PHP_INI_DIR}/conf.d/1000-php.ini ADD --chown=www-data ./api.tar.gz /var/www/html # nginx server config file -COPY ./backend.conf /etc/nginx/conf.d/backend.conf - -# place holder for copying application -# ADD ./backend.tar.gz /var/www - -# Default startup command when container is launched is in the base image +COPY api.conf /etc/nginx/conf.d/api.conf +USER www-data From ba70a9769d09ae04e1276c69de9f66559cf0ea31 Mon Sep 17 00:00:00 2001 From: Gabriel Guimaraes Date: Wed, 17 Apr 2024 12:35:37 +0100 Subject: [PATCH 36/48] feat: configured nginx --- infra/docker/api/api.conf | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) create mode 100644 infra/docker/api/api.conf diff --git a/infra/docker/api/api.conf b/infra/docker/api/api.conf new file mode 100644 index 0000000000..818b68e9c4 --- /dev/null +++ b/infra/docker/api/api.conf @@ -0,0 +1,22 @@ +server { + listen 80; + listen [::]:80; + + server_name _; + + root /var/www/html/public; + + location / { + try_files $uri /index.php?q=$uri&$args; + } + + location ~ \.php$ { + try_files $uri =404; + fastcgi_split_path_info ^(.+\.php)(/.+)$; + fastcgi_pass unix:/run/php-fpm.socket; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_read_timeout 600; + fastcgi_index index.php; + include fastcgi_params; + } +} From 7d9a9a8a473ebe891e057150b5afb9847952d7ab Mon Sep 17 00:00:00 2001 From: Gabriel Guimaraes Date: Wed, 17 Apr 2024 12:36:44 +0100 Subject: [PATCH 37/48] feat: add relevant api security configurations to nginx config --- infra/docker/api/api.conf | 31 +++++++++++++++++++++++++++++++ 1 file changed, 31 insertions(+) diff --git a/infra/docker/api/api.conf b/infra/docker/api/api.conf index 818b68e9c4..a5e05ff6d9 100644 --- a/infra/docker/api/api.conf +++ b/infra/docker/api/api.conf @@ -6,6 +6,37 @@ server { root /var/www/html/public; + # Prevent some browsers from MIME-sniffing the response. + # + # This reduces exposure to drive-by download attacks and cross-origin data + # leaks, and should be left uncommented, especially if the server is serving + # user-uploaded content or content that could potentially be treated as + # executable by the browser. + # + # https://owasp.org/www-project-secure-headers/#x-content-type-options + # https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Content-Type-Options + # https://blogs.msdn.microsoft.com/ie/2008/07/02/ie8-security-part-v-comprehensive-protection/ + # https://mimesniff.spec.whatwg.org/ + + add_header X-Content-Type-Options nosniff always; + + # Block access to files that can expose sensitive information. + # + # By default, block access to backup and source files that may be left by some + # text editors and can pose a security risk when anyone has access to them. + # + # https://feross.org/cmsploit/ + # + # (!) Update the `location` regular expression from below to include any files + # that might end up on your production server and can expose sensitive + # information about your website. These files may include: configuration + # files, files that contain metadata about the project (e.g.: project + # dependencies, build scripts, etc.). + + location ~* (?:#.*#|\.(?:bak|conf|dist|fla|in[ci]|log|orig|psd|sh|sql|sw[op])|~)$ { + deny all; + } + location / { try_files $uri /index.php?q=$uri&$args; } From 4d1046e61afdbe744c61d791558b980eaf073e5e Mon Sep 17 00:00:00 2001 From: Gabriel Guimaraes Date: Wed, 17 Apr 2024 12:39:47 +0100 Subject: [PATCH 38/48] chore: removed backend.conf --- infra/docker/api/backend.conf | 23 ----------------------- 1 file changed, 23 deletions(-) delete mode 100644 infra/docker/api/backend.conf diff --git a/infra/docker/api/backend.conf b/infra/docker/api/backend.conf deleted file mode 100644 index 564ef33c57..0000000000 --- a/infra/docker/api/backend.conf +++ /dev/null @@ -1,23 +0,0 @@ -# Server configuration, http configuration is defined in base image -server { - listen 8080; - listen [::]:8080; - index index.php index.html; - - root /var/www/public; - - location ~ \.php$ { - try_files $uri =404; - fastcgi_split_path_info ^(.+\.php)(/.+)$; - - fastcgi_index index.php; - include fastcgi_params; - fastcgi_pass unix:/run/php-fpm.socket; # Path to PHP-FPM socket file - - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - fastcgi_param PATH_INFO $fastcgi_path_info; - } - location / { - try_files $uri $uri/ /index.php?$query_string; - } -} From e39ef96096b3d5244a6d124f3c93e100275e4713 Mon Sep 17 00:00:00 2001 From: Gabriel Guimaraes Date: Thu, 18 Apr 2024 09:49:09 +0100 Subject: [PATCH 39/48] fix: composer update in php.yaml --- .github/workflows/php.yaml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/php.yaml b/.github/workflows/php.yaml index 28b7adaa90..c6aeee43da 100644 --- a/.github/workflows/php.yaml +++ b/.github/workflows/php.yaml @@ -52,6 +52,8 @@ jobs: path: ${{ steps.composer-cache.outputs.dir }} key: ${{ runner.os }}-composer-${{ hashFiles(format('**/app/{0}/composer.lock', inputs.project)) }} restore-keys: ${{ runner.os }}-composer- + - name: Install dependencies + run: composer update - name: Install dependencies run: composer install --no-progress --prefer-dist --optimize-autoloader From 9add96e1a78a7caff9ff6b568f9d65bf4c394c9e Mon Sep 17 00:00:00 2001 From: Gabriel Guimaraes Date: Thu, 18 Apr 2024 09:54:31 +0100 Subject: [PATCH 40/48] fix: removing composer update to see inital error --- .github/workflows/php.yaml | 2 -- 1 file changed, 2 deletions(-) diff --git a/.github/workflows/php.yaml b/.github/workflows/php.yaml index c6aeee43da..28b7adaa90 100644 --- a/.github/workflows/php.yaml +++ b/.github/workflows/php.yaml @@ -52,8 +52,6 @@ jobs: path: ${{ steps.composer-cache.outputs.dir }} key: ${{ runner.os }}-composer-${{ hashFiles(format('**/app/{0}/composer.lock', inputs.project)) }} restore-keys: ${{ runner.os }}-composer- - - name: Install dependencies - run: composer update - name: Install dependencies run: composer install --no-progress --prefer-dist --optimize-autoloader From c746137d3574ac02ce72bf364568baa76d58f168 Mon Sep 17 00:00:00 2001 From: Gabriel Guimaraes Date: Thu, 18 Apr 2024 09:57:17 +0100 Subject: [PATCH 41/48] refactor: fixed formatting in api.conf --- infra/docker/api/api.conf | 60 +++++++++++++++++++-------------------- 1 file changed, 30 insertions(+), 30 deletions(-) diff --git a/infra/docker/api/api.conf b/infra/docker/api/api.conf index a5e05ff6d9..972ada81a8 100644 --- a/infra/docker/api/api.conf +++ b/infra/docker/api/api.conf @@ -6,36 +6,36 @@ server { root /var/www/html/public; - # Prevent some browsers from MIME-sniffing the response. - # - # This reduces exposure to drive-by download attacks and cross-origin data - # leaks, and should be left uncommented, especially if the server is serving - # user-uploaded content or content that could potentially be treated as - # executable by the browser. - # - # https://owasp.org/www-project-secure-headers/#x-content-type-options - # https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Content-Type-Options - # https://blogs.msdn.microsoft.com/ie/2008/07/02/ie8-security-part-v-comprehensive-protection/ - # https://mimesniff.spec.whatwg.org/ - - add_header X-Content-Type-Options nosniff always; - - # Block access to files that can expose sensitive information. - # - # By default, block access to backup and source files that may be left by some - # text editors and can pose a security risk when anyone has access to them. - # - # https://feross.org/cmsploit/ - # - # (!) Update the `location` regular expression from below to include any files - # that might end up on your production server and can expose sensitive - # information about your website. These files may include: configuration - # files, files that contain metadata about the project (e.g.: project - # dependencies, build scripts, etc.). - - location ~* (?:#.*#|\.(?:bak|conf|dist|fla|in[ci]|log|orig|psd|sh|sql|sw[op])|~)$ { - deny all; - } + # Prevent some browsers from MIME-sniffing the response. + # + # This reduces exposure to drive-by download attacks and cross-origin data + # leaks, and should be left uncommented, especially if the server is serving + # user-uploaded content or content that could potentially be treated as + # executable by the browser. + # + # https://owasp.org/www-project-secure-headers/#x-content-type-options + # https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Content-Type-Options + # https://blogs.msdn.microsoft.com/ie/2008/07/02/ie8-security-part-v-comprehensive-protection/ + # https://mimesniff.spec.whatwg.org/ + + add_header X-Content-Type-Options nosniff always; + + # Block access to files that can expose sensitive information. + # + # By default, block access to backup and source files that may be left by some + # text editors and can pose a security risk when anyone has access to them. + # + # https://feross.org/cmsploit/ + # + # (!) Update the `location` regular expression from below to include any files + # that might end up on your production server and can expose sensitive + # information about your website. These files may include: configuration + # files, files that contain metadata about the project (e.g.: project + # dependencies, build scripts, etc.). + + location ~* (?:#.*#|\.(?:bak|conf|dist|fla|in[ci]|log|orig|psd|sh|sql|sw[op])|~)$ { + deny all; + } location / { try_files $uri /index.php?q=$uri&$args; From 33dcd5a80e234891f1c97dc1cb0fd0f4b40ca486 Mon Sep 17 00:00:00 2001 From: Gabriel Guimaraes Date: Thu, 18 Apr 2024 11:07:05 +0100 Subject: [PATCH 42/48] fix: added versions to apk ADD --- infra/docker/api/Dockerfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/infra/docker/api/Dockerfile b/infra/docker/api/Dockerfile index b72f1e89a1..8d3d1fed96 100644 --- a/infra/docker/api/Dockerfile +++ b/infra/docker/api/Dockerfile @@ -3,13 +3,13 @@ FROM ghcr.io/dvsa/dvsa-docker-images/php/7.4/fpm-nginx:latest USER root # Install redis with igbinary -RUN apk add --no-cache pcre-dev $PHPIZE_DEPS \ +RUN apk add --no-cache pcre-dev=8.45-r3 $PHPIZE_DEPS \ && pecl install igbinary \ && pecl install -D 'enable-redis-igbinary="yes" enable-redis-lzf="no" enable-redis-zstd="no"' redis \ && docker-php-ext-enable redis igbinary \ && apk del pcre-dev $PHPIZE_DEPS -RUN apk add icu-dev \ +RUN apk add icu-dev=74.2-r0 \ && docker-php-ext-install mysqli pdo_mysql \ && docker-php-ext-install opcache \ && docker-php-ext-configure intl && docker-php-ext-install intl \ From 3f7f8ce730a9d0ec451e09269ea0381b07a48b64 Mon Sep 17 00:00:00 2001 From: Gabriel Guimaraes Date: Thu, 18 Apr 2024 11:59:21 +0100 Subject: [PATCH 43/48] fix: fixed package version and added quotes --- infra/docker/api/Dockerfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/infra/docker/api/Dockerfile b/infra/docker/api/Dockerfile index 8d3d1fed96..8e08acc905 100644 --- a/infra/docker/api/Dockerfile +++ b/infra/docker/api/Dockerfile @@ -3,13 +3,13 @@ FROM ghcr.io/dvsa/dvsa-docker-images/php/7.4/fpm-nginx:latest USER root # Install redis with igbinary -RUN apk add --no-cache pcre-dev=8.45-r3 $PHPIZE_DEPS \ +RUN apk add --no-cache "pcre-dev=8.45-r2" $PHPIZE_DEPS \ && pecl install igbinary \ && pecl install -D 'enable-redis-igbinary="yes" enable-redis-lzf="no" enable-redis-zstd="no"' redis \ && docker-php-ext-enable redis igbinary \ && apk del pcre-dev $PHPIZE_DEPS -RUN apk add icu-dev=74.2-r0 \ +RUN apk add "icu-dev=71.1-r2" \ && docker-php-ext-install mysqli pdo_mysql \ && docker-php-ext-install opcache \ && docker-php-ext-configure intl && docker-php-ext-install intl \ From 9f4057f4dfa964510e7be838f619cbd4bed52e89 Mon Sep 17 00:00:00 2001 From: Gabriel Guimaraes Date: Thu, 18 Apr 2024 12:07:11 +0100 Subject: [PATCH 44/48] fix: added double quotes across Dockerfile --- infra/docker/api/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/infra/docker/api/Dockerfile b/infra/docker/api/Dockerfile index 8e08acc905..9c050ce74d 100644 --- a/infra/docker/api/Dockerfile +++ b/infra/docker/api/Dockerfile @@ -5,7 +5,7 @@ USER root # Install redis with igbinary RUN apk add --no-cache "pcre-dev=8.45-r2" $PHPIZE_DEPS \ && pecl install igbinary \ - && pecl install -D 'enable-redis-igbinary="yes" enable-redis-lzf="no" enable-redis-zstd="no"' redis \ + && pecl install -D "enable-redis-igbinary="yes" enable-redis-lzf="no" enable-redis-zstd="no"" redis \ && docker-php-ext-enable redis igbinary \ && apk del pcre-dev $PHPIZE_DEPS From cea8e355b0a819c895a869c1fe7f540ff13490a3 Mon Sep 17 00:00:00 2001 From: Gabriel Guimaraes Date: Thu, 18 Apr 2024 13:37:33 +0100 Subject: [PATCH 45/48] fix: different formatting to try and fix linting --- infra/docker/api/Dockerfile | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/infra/docker/api/Dockerfile b/infra/docker/api/Dockerfile index 9c050ce74d..23696f1642 100644 --- a/infra/docker/api/Dockerfile +++ b/infra/docker/api/Dockerfile @@ -3,13 +3,13 @@ FROM ghcr.io/dvsa/dvsa-docker-images/php/7.4/fpm-nginx:latest USER root # Install redis with igbinary -RUN apk add --no-cache "pcre-dev=8.45-r2" $PHPIZE_DEPS \ +RUN apk add --no-cache pcre-dev=8.45-r2 $PHPIZE_DEPS \ && pecl install igbinary \ - && pecl install -D "enable-redis-igbinary="yes" enable-redis-lzf="no" enable-redis-zstd="no"" redis \ + && pecl install -D "enable-redis-igbinary=yes enable-redis-lzf=no enable-redis-zstd=no" redis \ && docker-php-ext-enable redis igbinary \ && apk del pcre-dev $PHPIZE_DEPS -RUN apk add "icu-dev=71.1-r2" \ +RUN apk add icu-dev=71.1-r2 \ && docker-php-ext-install mysqli pdo_mysql \ && docker-php-ext-install opcache \ && docker-php-ext-configure intl && docker-php-ext-install intl \ From 1862d22c97f105e29cee55426623a3a77f9bb41e Mon Sep 17 00:00:00 2001 From: Gabriel Guimaraes Date: Thu, 18 Apr 2024 14:25:36 +0100 Subject: [PATCH 46/48] fix: added stable tag to image --- infra/docker/api/Dockerfile | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/infra/docker/api/Dockerfile b/infra/docker/api/Dockerfile index 23696f1642..397e4fc764 100644 --- a/infra/docker/api/Dockerfile +++ b/infra/docker/api/Dockerfile @@ -1,15 +1,15 @@ -FROM ghcr.io/dvsa/dvsa-docker-images/php/7.4/fpm-nginx:latest +FROM ghcr.io/dvsa/dvsa-docker-images/php/7.4/fpm-nginx:0 USER root # Install redis with igbinary RUN apk add --no-cache pcre-dev=8.45-r2 $PHPIZE_DEPS \ && pecl install igbinary \ - && pecl install -D "enable-redis-igbinary=yes enable-redis-lzf=no enable-redis-zstd=no" redis \ + && pecl install -D "enable-redis-igbinary="yes" enable-redis-lzf="no" enable-redis-zstd="no"" redis \ && docker-php-ext-enable redis igbinary \ && apk del pcre-dev $PHPIZE_DEPS -RUN apk add icu-dev=71.1-r2 \ +RUN apk add --no-cache icu-dev=71.1-r2 \ && docker-php-ext-install mysqli pdo_mysql \ && docker-php-ext-install opcache \ && docker-php-ext-configure intl && docker-php-ext-install intl \ From 48c5c519758a8b97dd54e71c9a5de7e7f2ef41ac Mon Sep 17 00:00:00 2001 From: Gabriel Guimaraes Date: Thu, 18 Apr 2024 14:34:47 +0100 Subject: [PATCH 47/48] fix: less strict version pinning --- infra/docker/api/Dockerfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/infra/docker/api/Dockerfile b/infra/docker/api/Dockerfile index 397e4fc764..54659f6352 100644 --- a/infra/docker/api/Dockerfile +++ b/infra/docker/api/Dockerfile @@ -3,13 +3,13 @@ FROM ghcr.io/dvsa/dvsa-docker-images/php/7.4/fpm-nginx:0 USER root # Install redis with igbinary -RUN apk add --no-cache pcre-dev=8.45-r2 $PHPIZE_DEPS \ +RUN apk add --no-cache pcre-dev~=8.45 $PHPIZE_DEPS \ && pecl install igbinary \ && pecl install -D "enable-redis-igbinary="yes" enable-redis-lzf="no" enable-redis-zstd="no"" redis \ && docker-php-ext-enable redis igbinary \ && apk del pcre-dev $PHPIZE_DEPS -RUN apk add --no-cache icu-dev=71.1-r2 \ +RUN apk add --no-cache icu-dev~=71.1 \ && docker-php-ext-install mysqli pdo_mysql \ && docker-php-ext-install opcache \ && docker-php-ext-configure intl && docker-php-ext-install intl \ From f0cc1fda887a459cd98e90ce2ab35b50e1449a1a Mon Sep 17 00:00:00 2001 From: Gabriel Guimaraes Date: Thu, 18 Apr 2024 14:53:57 +0100 Subject: [PATCH 48/48] fix: ignore DL3018 & SC2086 linting errors --- infra/docker/api/Dockerfile | 1 + 1 file changed, 1 insertion(+) diff --git a/infra/docker/api/Dockerfile b/infra/docker/api/Dockerfile index 54659f6352..d828ed89e6 100644 --- a/infra/docker/api/Dockerfile +++ b/infra/docker/api/Dockerfile @@ -1,3 +1,4 @@ +# hadolint global ignore=DL3018,SC2086 FROM ghcr.io/dvsa/dvsa-docker-images/php/7.4/fpm-nginx:0 USER root