Commit 781b6839 authored by Bertrand Gauthier's avatar Bertrand Gauthier
Browse files

Premier commit

parents
###########################################################################################
#
# Image Docker pour le web service d'import pour SyGAL.
#
###########################################################################################
ARG PHP_VERSION
FROM unicaen-dev-php${PHP_VERSION}-apache
LABEL maintainer="Bertrand GAUTHIER <bertrand.gauthier at unicaen.fr>"
# Symlink apache access and error logs to stdout/stderr so Docker logs shows them
RUN ln -sf /dev/stdout /var/log/apache2/access.log
RUN ln -sf /dev/stdout /var/log/apache2/other_vhosts_access.log
RUN ln -sf /dev/stderr /var/log/apache2/error.log
# Configuration Apache et FPM
ADD docker/apache-ports.conf ${APACHE_CONF_DIR}/ports.conf
ADD docker/apache-site.conf ${APACHE_CONF_DIR}/sites-available/app.conf
ADD docker/apache-site-ssl.conf ${APACHE_CONF_DIR}/sites-available/app-ssl.conf
ADD docker/fpm/pool.d/app.conf ${PHP_CONF_DIR}/fpm/pool.d/app.conf
ADD docker/fpm/conf.d/app.ini ${PHP_CONF_DIR}/fpm/conf.d/
RUN a2ensite app app-ssl && \
service php${PHP_VERSION}-fpm reload
#!/usr/bin/env bash
#
# Script d'install d'un serveur, traduction du Dockerfile.
#
usage() {
cat << EOF
Script d'install d'un serveur accueillant le web service d'import pour SyGAL, traduction du Dockerfile.
Usage: $0 <version de PHP>
EOF
exit 0;
}
[[ -z "$1" ]] && usage
################################################################################################################
PHP_VERSION="$1"
APP_DIR=$(cd `dirname $0` && pwd)
set -e
# Minimum vital
apt-get -qq update && \
apt-get install -y \
git \
nano
# Récupération de l'image Docker Unicaen et lancement de son Dockerfile.sh
export UNICAEN_IMAGE_TMP_DIR=/tmp/docker-unicaen-image
git clone https://git.unicaen.fr/open-source/docker/unicaen-image.git ${UNICAEN_IMAGE_TMP_DIR}
cd ${UNICAEN_IMAGE_TMP_DIR}
. Dockerfile.sh ${PHP_VERSION}
cd ${APP_DIR}
# NB: Variables d'env positionnées par ${UNICAEN_IMAGE_TMP_DIR}/Dockerfile.sh
# APACHE_CONF_DIR=/etc/apache2 \
# PHP_CONF_DIR=/etc/php/$1
# Configuration Apache et FPM
cp docker/apache-ports.conf ${APACHE_CONF_DIR}/ports.conf
cp docker/apache-site.conf ${APACHE_CONF_DIR}/sites-available/app.conf
cp docker/apache-site-ssl.conf ${APACHE_CONF_DIR}/sites-available/app-ssl.conf
cp docker/fpm/pool.d/app.conf ${PHP_CONF_DIR}/fpm/pool.d/app.conf
cp docker/fpm/conf.d/app.ini ${PHP_CONF_DIR}/fpm/conf.d/90-app.ini
sed -i -re 's/SetEnv APPLICATION_ENV "(development|test)"/SetEnv APPLICATION_ENV "production"/' \
${APACHE_CONF_DIR}/sites-available/app-ssl.conf
a2ensite app app-ssl && \
service apache2 reload && \
service php${PHP_VERSION}-fpm reload
# Image Docker pour le web service d'import pour SyGAL
## Obtention de l'image
```bash
git clone https://git.unicaen.fr/open-source/docker/sygal-import-ws-image.git
cd sygal-import-ws-image
```
## Construction de l'image (build)
Construisez l'image pour la version de PHP désirée...
Exemple pour PHP 7.0 :
```bash
PHP_VERSION=7.0 ; \
docker build \
--rm \
--build-arg PHP_VERSION=${PHP_VERSION} \
-t sygal-import-ws-image-php${PHP_VERSION} \
.
```
Si vous êtes derrière un proxy, passez les variables `*_proxy` à la commande `build` avec des `--build-arg` additionnels.
Exemple :
```bash
--build-arg http_proxy=http://proxy.unicaen.fr:3128 \
--build-arg https_proxy=http://proxy.unicaen.fr:3128 \
--build-arg no_proxy=*.unicaen.fr \
```
## Utilisation dans un `docker-compose.yml`
```
version: '2.2'
services:
sygal:
image: sygal-import-ws-image-php7.0
container_name: sygal-import-ws-container-php7.0
environment:
- http_proxy
- https_proxy
- no_proxy
ports:
- "8443:443"
volumes:
- .:/app
working_dir: /app
```
## Run
*Pré-requis : se placer dans le répertoire contenant les sources du web service.*
- Exemple : démarrage du container pour tester le web service en local
```bash
docker run \
--rm \
-d \
-p 8080:80 \
-p 8443:443 \
--volume ${PWD}:/app \
--name sygal-import-ws-container-php7.0 \
sygal-import-ws-image-php7.0
```
Une fois le container démarré ainsi, le web service est accessible à l'adresse `https://localhost:8443`.
- Exemple : démarrage ponctuel d'un container pour lancer un `composer install`
```bash
docker run \
--rm \
-it \
--volume ${PWD}:/app \
--workdir /app \
sygal-import-ws-image-php7.0 \
composer install
```
## Exec
- Lancement d'une commande dans un container déjà démarré, exemple :
```bash
docker exec \
sygal-import-ws-container-php7.0 \
php -v
```
Listen 80
Listen 443
<VirtualHost *:443>
ServerName localhost
DocumentRoot /app/public
RewriteEngine On
<Directory /app/public>
DirectoryIndex index.php
AllowOverride All
Require all granted
</Directory>
<IfModule proxy_fcgi_module>
<FilesMatch ".+\.ph(ar|p|tml)$">
SetHandler "proxy:unix:/var/run/php-fpm.sock|fcgi://localhost/"
</FilesMatch>
</IfModule>
SSLEngine on
SSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem
SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key
# à tester, vu dans le Dockerfile du squelette Apigility (12/11/2019)
AllowEncodedSlashes On
Header always set Strict-Transport-Security "max-age=15768000; includeSubdomains;"
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
#LogLevel debug
</VirtualHost>
<VirtualHost *:80>
ServerName localhost
DocumentRoot /app/public
RewriteEngine On
Header always set Strict-Transport-Security "max-age=15768000; includeSubdomains;"
### Redirection en HTTPS
RewriteCond %{SERVER_PORT} !^443$
RewriteRule ^/(.*) https://%{SERVER_NAME}:443/$1 [L,R]
</VirtualHost>
\ No newline at end of file
date.timezone = Europe/Paris
short_open_tag = Off
expose_php = Off
display_errors = On
display_startup_errors = On
error_reporting = E_ALL & ~E_DEPRECATED & ~E_NOTICE
log_errors = On
#max_execution_time = 120
# NB: ne peut-être supérieur au memory_limit du php.ini
memory_limit = 256M
# NB: post_max_size > upload_max_filesize
;upload_max_filesize = 51M
;post_max_size = 52M
opcache.enable = 0
;opcache.error_log=/var/log/php_opcache_error.log
opcache.memory_consumption = 256
opcache.interned_strings_buffer = 8
opcache.max_wasted_percentage = 5
opcache.max_accelerated_files = 16000
; http://php.net/manual/en/opcache.configuration.php#ini.opcache.revalidate-freq
; defaults to zend opcache checking every 180 seconds for PHP file changes
; set to zero to check every second if you are doing alot of frequent
; php file edits/developer work
; opcache.revalidate_freq=0
opcache.revalidate_freq = 180
opcache.fast_shutdown = 0
opcache.enable_cli = 0
opcache.save_comments = 1
opcache.enable_file_override = 1
opcache.validate_timestamps = 1
opcache.huge_code_pages = 0
xdebug.enable = 1
xdebug.remote_enable = 1
xdebug.remote_connect_back = 1
xdebug.profiler_enable_trigger = 1
xdebug.var_display_max_children = 1024
xdebug.var_display_max_data = -1
xdebug.max_nesting_level = 256
# Attention: trop diminuer 'max_nesting_level' peut causer une erreur 'Maximum function nesting level of x reached'
#xdebug.collect_params = 4
[app]
user = www-data
group = www-data
listen = /var/run/php-fpm.sock
listen.owner = www-data
listen.group = www-data
; mandatory values
; Soit:
; pm = dynamic
; pm.max_children = 5
; pm.start_servers = 2
; pm.min_spare_servers = 1
; pm.max_spare_servers = 3
; Soit:
pm = ondemand
pm.max_children = 35
pm.process_idle_timeout = 10s
pm.max_requests = 500
request_slowlog_timeout = 30
slowlog = /var/log/php-fpm.slow.log
; Ensure worker stdout and stderr are sent to the main error log.
; catch_workers_output = yes
; error_log = /var/log/php-fpm.error.log
; access.log = /var/log/php-fpm.access.log
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment