feat: added buildFromScratch option for better transparency

wellwelwel · Aug 3, 2023 · ace6662 · ace6662
1 parent 8fc6e68
commit ace6662
Show file tree

Hide file tree

Showing 8 changed files with 328 additions and 7 deletions.
diff --git a/resources/docker/virtual-host/php/Dockerfile b/resources/docker/virtual-host/php/Dockerfile
@@ -0,0 +1,3 @@
+FROM wellwelwel/php:8-shared-based
+
+RUN rm -f /srv/www/public_html/index.php
diff --git a/resources/docker/virtual-host/php/Dockerfile.scratch b/resources/docker/virtual-host/php/Dockerfile.scratch
@@ -0,0 +1,69 @@
+FROM php:8-apache
+
+RUN set -x \
+  && echo "debconf debconf/frontend select Noninteractive" | debconf-set-selections \
+  && docker-php-source extract \
+  && apt-get update \
+  && apt-get install --assume-yes --no-install-recommends --quiet \
+  zlib1g-dev \
+  libc-client-dev \
+  libcurl4-openssl-dev \
+  libfreetype6-dev \
+  libgmp-dev \
+  libjpeg-dev \
+  libkrb5-dev \
+  libpng-dev \
+  libtidy-dev \
+  libbz2-dev \
+  libxml2-dev \
+  libxslt1-dev \
+  libzip-dev \
+  && pecl install \
+  xmlrpc \
+  zip \
+  && curl -sS https://getcomposer.org/installer -o composer-setup.php \
+  && php composer-setup.php --install-dir=/usr/local/bin --filename=composer || true \
+  && docker-php-ext-configure gd --with-jpeg \
+  && docker-php-ext-configure imap --with-kerberos --with-imap-ssl \
+  && docker-php-ext-enable \
+  zip \
+  && docker-php-ext-install \
+  bcmath \
+  bz2 \
+  curl \
+  exif \
+  gd \
+  gmp \
+  imap \
+  intl \
+  mysqli \
+  opcache \
+  pdo_mysql \
+  soap \
+  tidy \
+  xml \
+  xsl \
+  && a2enmod \
+  expires \
+  headers \
+  rewrite \
+  && a2enconf \
+  security \
+  && docker-php-source delete \
+  && apt-get clean -y \
+  && apt-get autoremove -y --purge \
+  && apt-get autoclean -y \
+  && rm -rf /var/lib/apt/lists/* \
+  && rm -rf /var/www \
+  ;
+
+RUN mkdir -p /srv/www/public_html \
+  && printf "\nServerSignature Off\nServerTokens Prod" >> /etc/apache2/conf-available/security.conf \
+  && printf "\nServerName localhost" >> /etc/apache2/apache2.conf \
+  && sed -i 's/^\(CustomLog.*\)$/#\1/' /etc/apache2/conf-available/other-vhosts-access-log.conf \
+  ;
+
+COPY ./resources/php.ini /usr/local/etc/php/php.ini
+COPY ./resources/000-default.conf /etc/apache2/sites-available/000-default.conf
+
+WORKDIR /srv/www/public_html
diff --git a/resources/docker/virtual-host/php/docker-compose-mysql.yml b/resources/docker/virtual-host/php/docker-compose-mysql.yml
@@ -1,13 +1,15 @@
 version: '3.9'
 services:
   server:
-    image: wellwelwel/php:8-shared-based
+    build:
+      context: ../images
+      dockerfile: ./${!IMAGE}
     container_name: ${!DOMAIN}-app
     restart: always
     ports:
       - '${!PUBLIC}${!PORT}:80'
     volumes:
-      - /var/containers/domains/${!DOMAIN}:/var/www
+      - /var/containers/domains/${!DOMAIN}:/srv/www
     depends_on:
       db:
         condition: service_healthy

diff --git a/resources/docker/virtual-host/php/docker-compose.yml b/resources/docker/virtual-host/php/docker-compose.yml
@@ -1,10 +1,12 @@
 version: '3.9'
 services:
   server:
-    image: wellwelwel/php:8-shared-based
+    build:
+      context: ../images
+      dockerfile: ./${!IMAGE}
     container_name: ${!DOMAIN}-app
     restart: always
     ports:
       - '${!PUBLIC}${!PORT}:80'
     volumes:
-      - /var/containers/domains/${!DOMAIN}:/var/www
+      - /var/containers/domains/${!DOMAIN}:/srv/www
diff --git a/resources/docker/virtual-host/php/resources/000-default.conf b/resources/docker/virtual-host/php/resources/000-default.conf
@@ -0,0 +1,12 @@
+<VirtualHost *:80>
+      DocumentRoot /srv/www/public_html
+      ErrorLog /var/log/apache2/error.log
+</VirtualHost>
+<Directory /srv/www/public_html>
+      Require all granted
+      Options FollowSymLinks MultiViews
+      AllowOverride All
+      Order allow,deny
+      allow from all
+      Header set Access-Control-Allow-Origin "*"
+</Directory>
diff --git a/resources/docker/virtual-host/php/resources/php.ini b/resources/docker/virtual-host/php/resources/php.ini
@@ -0,0 +1,180 @@
+[PHP]
+engine = On
+short_open_tag = On
+precision = 14
+output_buffering = 4096
+zlib.output_compression = Off
+implicit_flush = Off
+unserialize_callback_func =
+serialize_precision = -1
+disable_functions = system,exec,shell_exec,passthru,mysql_list_dbs,ini_alter,dl,symlink,link,chgrp,leak,popen,apache_child_terminate,virtual,mb_send_mail,
+disable_classes =
+zend.enable_gc = On
+zend.exception_ignore_args = On
+expose_php = Off
+max_execution_time = 30
+max_input_time = 60
+max_input_vars = 5000
+memory_limit = 128M
+error_reporting = E_ALL & ~E_DEPRECATED & ~E_STRICT
+display_errors = Off
+display_startup_errors = Off
+log_errors = On
+log_errors_max_len = 1024
+ignore_repeated_errors = Off
+ignore_repeated_source = Off
+report_memleaks = On
+variables_order = "GPCS"
+request_order = "GP"
+register_argc_argv = Off
+auto_globals_jit = On
+post_max_size = 8M
+auto_prepend_file =
+auto_append_file =
+default_mimetype = "text/html"
+default_charset = "UTF-8"
+doc_root =
+user_dir =
+enable_dl = Off
+file_uploads = On
+upload_max_filesize = 8M
+max_file_uploads = 20
+allow_url_fopen = 0
+allow_url_include = Off
+default_socket_timeout = 60
+
+[CLI Server]
+cli_server.color = On
+
+[Date]
+
+[filter]
+
+[iconv]
+
+[imap]
+
+[intl]
+
+[sqlite3]
+
+[Pcre]
+
+[Pdo]
+
+[Pdo_mysql]
+pdo_mysql.default_socket=
+
+[Phar]
+
+[mail function]
+SMTP = localhost
+smtp_port = 25
+mail.add_x_header = Off
+
+[ODBC]
+odbc.allow_persistent = On
+odbc.check_persistent = On
+odbc.max_persistent = -1
+odbc.max_links = -1
+odbc.defaultlrl = 4096
+odbc.defaultbinmode = 1
+
+[MySQLi]
+mysqli.max_persistent = -1
+mysqli.allow_persistent = On
+mysqli.max_links = -1
+mysqli.default_port = 3306
+mysqli.default_socket =
+mysqli.default_host =
+mysqli.default_user =
+mysqli.default_pw =
+mysqli.reconnect = Off
+
+[mysqlnd]
+mysqlnd.collect_statistics = On
+mysqlnd.collect_memory_statistics = Off
+
+[OCI8]
+
+[PostgreSQL]
+pgsql.allow_persistent = On
+pgsql.auto_reset_persistent = Off
+pgsql.max_persistent = -1
+pgsql.max_links = -1
+pgsql.ignore_notice = 0
+pgsql.log_notice = 0
+
+[bcmath]
+bcmath.scale = 0
+
+[browscap]
+
+[Session]
+session.save_handler = files
+session.use_strict_mode = 1
+session.use_cookies = 1
+session.use_only_cookies = 1
+session.name = PHPSESSID
+session.auto_start = 0
+session.cookie_lifetime = 0
+session.cookie_path = /
+session.cookie_domain =
+session.cookie_httponly =
+session.cookie_samesite =
+session.serialize_handler = php
+session.gc_probability = 1
+session.gc_divisor = 1000
+session.gc_maxlifetime = 1440
+session.referer_check =
+session.cache_limiter = nocache
+session.cache_expire = 180
+session.use_trans_sid = 0
+session.sid_length = 26
+session.trans_sid_tags = "a=href,area=href,frame=src,form="
+session.sid_bits_per_character = 5
+
+[Assertion]
+zend.assertions = -1
+
+[COM]
+
+[mbstring]
+
+[gd]
+
+[exif]
+
+[Tidy]
+tidy.clean_output = Off
+
+[soap]
+soap.wsdl_cache_enabled=1
+soap.wsdl_cache_dir="/tmp"
+soap.wsdl_cache_ttl=86400
+soap.wsdl_cache_limit = 5
+
+[sysvshm]
+
+[ldap]
+ldap.max_links = -1
+
+[dba]
+
+[opcache]
+opcache.enable=1
+opcache.enable_cli=0
+opcache.memory_consumption=64
+opcache.interned_strings_buffer=8
+opcache.max_accelerated_files=4000
+opcache.max_wasted_percentage=5
+opcache.validate_timestamps=0
+opcache.revalidate_freq=0
+opcache.revalidate_path=1
+opcache.fast_shutdown=1
+
+[curl]
+
+[openssl]
+
+[ffi]
diff --git a/src/lib/tasks/virtual-host/docker.ts b/src/lib/tasks/virtual-host/docker.ts
@@ -16,6 +16,8 @@ export const createBasicContainer = (
   const port = String(virtualHost.port);
   const commands = [`mkdir -p /var/containers/domains/${domain}/public_html`];
   const { language } = virtualHost.server;
+  const buildFromScratch: boolean =
+    virtualHost.server?.buildFromScratch || false;
 
   const composePath = `${rootSVPS}/resources/docker/virtual-host/${
     virtualHost.server.language
@@ -47,6 +49,10 @@ export const createBasicContainer = (
         ? String(`${virtualHost.server.mysql?.expose}:`)
         : ''
     )
+    .replace(
+      /\${!IMAGE}/gm,
+      buildFromScratch ? 'Dockerfile-php-8-scratch' : 'Dockerfile-php-8'
+    )
     .replace(/\${!PUBLIC}/gm, isPublic ? '' : '127.0.0.1:')
     .replace(/\${!DB_PUBLIC}/gm, isPublicDB ? '' : '127.0.0.1:');
 
@@ -107,14 +113,14 @@ export const createBasicContainer = (
     `docker compose -p ${composeName} -f /var/containers/compositions/${composeFile} up -d`,
   ]);
 
-  /** Creating default app for NODE server */
+  /** Composing NODE server */
   if (virtualHost.server.language === 'node') {
     const dockerfile = importFile(
-      `${rootSVPS}/resources/docker/virtual-host/${virtualHost.server.language}/Dockerfile`
+      `${rootSVPS}/resources/docker/virtual-host/node/Dockerfile`
     );
 
     const pm2 = importFile(
-      `${rootSVPS}/resources/docker/virtual-host/${virtualHost.server.language}/pm2.json`
+      `${rootSVPS}/resources/docker/virtual-host/node/pm2.json`
     ).replace(/\${!DOMAIN}/gm, domain);
 
     Object.assign(commands, [
@@ -130,6 +136,42 @@ export const createBasicContainer = (
         pm2
       )} | cat > /var/containers/domains/${domain}/pm2.json`,
     ]);
+  } else if (virtualHost.server.language === 'php') {
+    /** Composing PHP server */
+    const dockerfile = importFile(
+      `${rootSVPS}/resources/docker/virtual-host/php/Dockerfile${
+        buildFromScratch ? '.scratch' : ''
+      }`
+    );
+
+    const default000 = importFile(
+      `${rootSVPS}/resources/docker/virtual-host/php/resources/000-default.conf`
+    ).replace(/\${!DOMAIN}/gm, domain);
+
+    const phpINI = importFile(
+      `${rootSVPS}/resources/docker/virtual-host/php/resources/php.ini`
+    ).replace(/\${!DOMAIN}/gm, domain);
+
+    Object.assign(commands, [
+      ...commands,
+      'mkdir -p /var/containers/images/resources',
+      `echo ${escapeQuotes(
+        dockerfile
+      )} | cat > /var/containers/images/Dockerfile-php-8${
+        buildFromScratch ? '-scratch' : ''
+      }`,
+      `chmod 0600 /var/containers/images/Dockerfile-php-8${
+        buildFromScratch ? '-scratch' : ''
+      }`,
+      `echo ${escapeQuotes(
+        default000
+      )} | cat > /var/containers/images/resources/000-default.conf`,
+      `chmod 0600 /var/containers/images/resources/000-default.conf`,
+      `echo ${escapeQuotes(
+        phpINI
+      )} | cat > /var/containers/images/resources/php.ini`,
+      `chmod 0600 /var/containers/images/resources/php.ini`,
+    ]);
   }
 
   /** Permissions */

diff --git a/src/lib/types/virtual-hosts.ts b/src/lib/types/virtual-hosts.ts
@@ -81,6 +81,17 @@ interface BasicVirtualHost {
      */
     isPublic?: boolean;
   };
+  /**
+   * Build the Docker image from scratch.
+   *
+   * - `true`: the Docker image is built from scratch.
+   * - `false`: the Docker image is pulled from Docker Hub.
+   *
+   * ---
+   *
+   * default: `false`
+   */
+  buildFromScratch?: boolean;
 }
 
 /**