Skip to content

Instantly share code, notes, and snippets.

@canthis
Created Aug 9, 2022
Embed
What would you like to do?
WinterCMS in separate containers
server {
listen 80;
server_name localhost;
index index.php;
error_log /var/log/nginx/error.log;
access_log /var/log/nginx/access.log;
root /var/www/html/public;
charset utf-8;
client_max_body_size 1024M;
location / {
# Let Winter CMS handle everything by default.
# The path not resolved by Winter CMS router will return Winter CMS's 404 page.
# Everything that does not match with the whitelist below will fall into this.
rewrite ^/.*$ /index.php last;
}
location ~ ^/index.php {
fastcgi_pass app:9000;
fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;
include fastcgi_params;
fastcgi_buffers 16 16k;
fastcgi_buffer_size 32k;
}
# Whitelist
## Let Winter handle if static file not exists
location ~ ^/favicon\.ico { try_files $uri /index.php; }
location ~ ^/sitemap\.xml { try_files $uri /index.php; }
location ~ ^/robots\.txt { try_files $uri /index.php; }
location ~ ^/humans\.txt { try_files $uri /index.php; }
# Block access to all dot files and folders except .well-known
location ~ /\.(?!well-known).* { deny all; }
## Let nginx return 404 if static file not exists
location ~ ^/storage/app/uploads/public { try_files $uri 404; }
location ~ ^/storage/app/media { try_files $uri 404; }
location ~ ^/storage/app/resized { try_files $uri 404; }
location ~ ^/storage/temp/public { try_files $uri 404; }
location ~ ^/modules/.*/assets { try_files $uri 404; }
location ~ ^/modules/.*/resources { try_files $uri 404; }
location ~ ^/modules/.*/behaviors/.*/assets { try_files $uri 404; }
location ~ ^/modules/.*/behaviors/.*/resources { try_files $uri 404; }
location ~ ^/modules/.*/widgets/.*/assets { try_files $uri 404; }
location ~ ^/modules/.*/widgets/.*/resources { try_files $uri 404; }
location ~ ^/modules/.*/formwidgets/.*/assets { try_files $uri 404; }
location ~ ^/modules/.*/formwidgets/.*/resources { try_files $uri 404; }
location ~ ^/modules/.*/reportwidgets/.*/assets { try_files $uri 404; }
location ~ ^/modules/.*/reportwidgets/.*/resources { try_files $uri 404; }
location ~ ^/plugins/.*/.*/assets { try_files $uri 404; }
location ~ ^/plugins/.*/.*/resources { try_files $uri 404; }
location ~ ^/plugins/.*/.*/behaviors/.*/assets { try_files $uri 404; }
location ~ ^/plugins/.*/.*/behaviors/.*/resources { try_files $uri 404; }
location ~ ^/plugins/.*/.*/reportwidgets/.*/assets { try_files $uri 404; }
location ~ ^/plugins/.*/.*/reportwidgets/.*/resources { try_files $uri 404; }
location ~ ^/plugins/.*/.*/formwidgets/.*/assets { try_files $uri 404; }
location ~ ^/plugins/.*/.*/formwidgets/.*/resources { try_files $uri 404; }
location ~ ^/plugins/.*/.*/widgets/.*/assets { try_files $uri 404; }
location ~ ^/plugins/.*/.*/widgets/.*/resources { try_files $uri 404; }
location ~ ^/themes/.*/assets { try_files $uri 404; }
location ~ ^/themes/.*/resources { try_files $uri 404; }
# Whitelist Horizon assets
location ~ ^/vendor/horizon/.* { try_files $uri 404; }
}
version: '3'
services:
app:
build:
context: .
dockerfile: Dockerfile
image: wnbackend
depends_on:
- db
restart: unless-stopped
environment:
APP_ENV: local
CONTAINER_ROLE: backend
working_dir: /var/www
volumes:
- ".:/var/www/html/public"
- "./_docker/php/local.ini:/usr/local/etc/php/conf.d/local.ini"
- "./_docker/php/opcache.ini:/usr/local/etc/php/conf.d/opcache.ini"
nginx:
image: nginx:alpine
restart: unless-stopped
depends_on:
- app
ports:
- "80:80"
volumes:
- ".:/var/www/html/public"
- "./_docker/nginx/conf.d:/etc/nginx/conf.d"
db:
image: mariadb:10.8
restart: unless-stopped
tty: true
ports:
- "3306:3306"
environment:
MYSQL_DATABASE: wn
MYSQL_USER: wnuser
MYSQL_PASSWORD: wnpass
MYSQL_ROOT_PASSWORD: wnpass
volumes:
- "../data/mysql:/var/lib/mysql"
FROM php:8.0-fpm
# Set working directory
WORKDIR /var/www/html/public
# Install system dependencies
RUN apt-get update && apt-get install -y \
strace \
curl \
libpng-dev \
libjpeg-dev \
libonig-dev \
libfreetype6-dev \
libxml2-dev \
zip \
libzip-dev \
unzip \
git \
&& apt-get clean && rm -rf /var/lib/apt/lists/*
# Clear cache
#RUN apt-get clean && rm -rf /var/lib/apt/lists/*
# Install PHP extensions
RUN docker-php-ext-install -j "$(nproc)" pdo_mysql mbstring zip exif pcntl
RUN docker-php-ext-configure gd --with-freetype --with-jpeg \
&& docker-php-ext-install -j "$(nproc)" gd
RUN docker-php-ext-configure opcache --enable-opcache && docker-php-ext-install -j "$(nproc)" opcache
RUN docker-php-ext-configure intl && docker-php-ext-install -j "$(nproc)" intl
RUN pecl install redis \
&& docker-php-ext-enable redis
# Copy opcache configration
COPY ./_docker/php/opcache.ini /usr/local/etc/php/conf.d/opcache.ini
# Get latest Composer
COPY --from=composer:latest /usr/bin/composer /usr/bin/composer
# Add user for laravel application
RUN groupadd -g 1000 www
RUN useradd -u 1000 -ms /bin/bash -g www www
# Copy start script
COPY _docker/start.sh /usr/local/bin/start
RUN ["chmod", "+x", "/usr/local/bin/start"]
# Copy existing application directory permissions
COPY --chown=www:www . /var/www/html/public
# Change current user to www
USER www
# Expose port 9000 and start php-fpm server
EXPOSE 9000
CMD ["/usr/local/bin/start"]
upload_max_filesize=1024M
post_max_size=1024M
max_execution_time = 120
memory_limit=2G
opcache.enable=1
opcache.memory_consumption=256
opcache.use_cwd=0
opcache.max_file_size=0
opcache.max_accelerated_files=30000
opcache.validate_timestamps=1
opcache.revalidate_freq=0
opcache.jit_buffer_size=200M
opcache.jit=1235
#!/usr/bin/env bash
set -e
role=${CONTAINER_ROLE:-backend}
env=${APP_ENV:-production}
if [ "$env" != "local" ]; then
echo "Caching configuration..."
(cd /var/www && php artisan config:cache)
fi
if [ "$role" = "backend" ]; then
exec php-fpm
elif [ "$role" = "horizon" ]; then
echo "Running Laravel Horizon..."
php /var/www/artisan horizon
elif [ "$role" = "websockets" ]; then
echo "Running Laravel Websockets..."
php /var/www/artisan websockets:serve
elif [ "$role" = "queue" ]; then
echo "Running the queue..."
php /var/www/artisan queue:work --verbose --tries=3 --timeout=90
elif [ "$role" = "scheduler" ]; then
while [ true ]
do
php /var/www/artisan schedule:run --verbose --no-interaction &
sleep 60
done
else
echo "Could not match the container role \"$role\""
exit 1
fi
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment