Initial commit

5c5f4c91 · ale · 5c5f4c91 · 5c5f4c91 · 5c5f4c91 · 5c5f4c91
Commit 5c5f4c91 authored 5 years ago by ale
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
+image: docker:latest
+stages:
+  - build
+  - release
+services:
+  - docker:dind
+variables:
+  IMAGE_TAG: $CI_REGISTRY_IMAGE:$CI_COMMIT_REF_NAME
+  RELEASE_TAG: $CI_REGISTRY_IMAGE:latest
+before_script:
+  - docker login -u gitlab-ci-token -p $CI_JOB_TOKEN registry.git.autistici.org
+build:
+  stage: build
+  script:
+    - docker build --pull -t $IMAGE_TAG .
+    - docker push $IMAGE_TAG
+release:
+  stage: release
+  script:
+    - docker pull $IMAGE_TAG
+    - docker tag $IMAGE_TAG $RELEASE_TAG
+    - docker push $RELEASE_TAG
+  only:
+    - master
--- a/Dockerfile
+++ b/Dockerfile
+FROM registry.git.autistici.org/ai3/docker/apache2-base:master
+COPY conf /tmp/conf
+COPY build.sh /tmp/build.sh
+RUN /tmp/build.sh && rm -rf /tmp/build.sh /tmp/conf
--- a/README.md
+++ b/README.md
+Docker base image with Apache2 and PHP-FPM.
--- a/build.sh
+++ b/build.sh
+#!/bin/sh
+#
+# Install script for apache2-users inside a Docker container.
+#
+# Packages that are only used to build the container. These will be
+# removed once we're done.
+BUILD_PACKAGES="curl rsync"
+# Packages required to serve the website and run the services.
+# We have to keep the python3 packages around in order to run
+# chaperone (installed via pip).
+PACKAGES="
+	php-cli
+	php-fpm
+        php-mbstring
+	php-mysql
+	php-gd
+"
+# The default bitnami/minideb image defines an 'install_packages'
+# command which is just a convenient helper. Define our own in
+# case we are using some other Debian image.
+if [ "x$(which install_packages)" = "x" ]; then
+    install_packages() {
+        env DEBIAN_FRONTEND=noninteractive apt-get install -qy -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confold" --no-install-recommends "$@"
+    }
+fi
+set -x
+set -e
+install_packages ${BUILD_PACKAGES} ${PACKAGES}
+# Install the php-fpm prometheus exporter binary (no package yet).
+curl -sL -o /usr/sbin/php-fpm-exporter \
+     https://github.com/hipages/php-fpm_exporter/releases/download/v1.0.0/php-fpm_exporter_1.0.0_linux_amd64
+chmod 0755 /usr/sbin/php-fpm-exporter
+# Set the PHP_FPM_EXPORTER_PORT in envvars, so that it is later picked up by
+# the chaperone fpm-exporter service (APACHE_PORT is set at runtime).
+echo "export PHP_FPM_EXPORTER_PORT=\`expr \$APACHE_PORT + 200\`" >> /etc/apache2/envvars
+# Enable php configuration.
+a2enconf -q php7.0-fpm php7.0-fpm-proxy-fcgi
+# Rsync our configuration, on top of /etc.
+rsync -a /tmp/conf/ /etc/
+install -d -m 1777 /var/run/php
+# Remove packages used for installation.
+apt-get remove -y --purge ${BUILD_PACKAGES}
+apt-get autoremove -y
+apt-get clean
+rm -fr /var/lib/apt/lists/*
+rm -fr /tmp/conf
--- a/conf/chaperone.d/fpm.conf
+++ b/conf/chaperone.d/fpm.conf
+fpm.service: {
+    command: "/usr/sbin/php-fpm7.0 --force-stderr --nodaemonize",
+    exit_kills: true,
+}
+fpm-exporter.service: {
+    command: "sh -c '. /etc/apache2/envvars && HOME=/ exec /usr/sbin/php-fpm-exporter server --phpfpm.scrape-uri=unix:///run/php/php7.0-fpm.sock\\;/status --web.listen-address=:$PHP_FPM_EXPORTER_PORT'",
+    restart: true,
+}
--- a/conf/php/7.0/fpm/php-fpm.conf
+++ b/conf/php/7.0/fpm/php-fpm.conf
+[global]
+pid = /run/php/php7.0-fpm.pid
+error_log = /var/log/php7.0-fpm.log
+systemd_interval = 0
+include=/etc/php/7.0/fpm/pool.d/*.conf
--- a/conf/php/7.0/fpm/pool.d/www.conf
+++ b/conf/php/7.0/fpm/pool.d/www.conf
+[www]
+listen = /run/php/php7.0-fpm.sock
+pm = dynamic
+pm.max_children = 20
+pm.start_servers = 3
+pm.min_spare_servers = 3
+pm.max_spare_servers = 10
+pm.max_requests = 10000
+pm.status_path = /status
+; Redirect worker stdout and stderr into main error log. If not set, stdout and
+; stderr will be redirected to /dev/null according to FastCGI specs.
+; Note: on highloaded environement, this can cause some delay in the page
+; process time (several ms).
+; Default Value: no
+catch_workers_output = yes
+access.log = /proc/self/fd/2
+chdir = /
+; Already enabled by default - do not enable twice.
+; php_admin_value[opcache.enable] = 1
+php_admin_value[opcache.memory_consumption] = 64
+php_admin_value[opcache.interned_strings_buffer] = 16
+php_admin_value[opcache.max_accelerated_files] = 4000
+php_admin_value[opcache.validate_timestamps] = 0
+php_admin_value[opcache.fast_shutdown] = 1