Merge pull request #673 from turbo124/debian

Updates for github actions

.github/workflows/publish-image.yaml

@@ -16,7 +16,9 @@ jobs:
 
     steps:
       - name: Checkout
-        uses: actions/checkout@v2
+        uses: actions/checkout@v4  # Updated from v2
+        with:
+          fetch-depth: 0
 
       - name: Prepare
         id: prep
@@ -30,54 +32,44 @@ jobs:
           MAJOR="$(echo "${VERSION}" | cut -d. -f1)"
           MINOR="$(echo "${VERSION}" | cut -d. -f2)"
           TAGS="$TAGS,${DOCKER_IMAGE}:${MAJOR},${DOCKER_IMAGE}:${MAJOR}.${MINOR}"
-          if [[ $VERSION =~ ^5\.[0-9]{1,3}\.[0-9]{1,3}$ ]]; then
-            TAGS="$TAGS,${DOCKER_IMAGE}:latest"
-          fi
-          echo ::set-output name=tags::${TAGS}
-          echo ::set-output name=version::${VERSION}
-          echo ::set-output name=major::${MAJOR}
+          
+          # Debug output
+          echo "Current version: ${VERSION}"
+          echo "Version pattern check: $([[ $VERSION =~ ^5\.[0-9]{1,3}\.[0-9]{1,3}$ ]] && echo "matches" || echo "doesn't match")"
+          
+          TAGS="$TAGS,${DOCKER_IMAGE}:latest"
+
+          echo "tags=${TAGS}" >> $GITHUB_OUTPUT  # Updated output syntax
+          echo "version=${VERSION}" >> $GITHUB_OUTPUT
+          echo "major=${MAJOR}" >> $GITHUB_OUTPUT
 
       - name: Set up QEMU
-        uses: docker/setup-qemu-action@v1
+        uses: docker/setup-qemu-action@v3  # Updated from v1
         with:
           platforms: all
 
       - name: Set up Docker Buildx
         id: buildx
-        uses: docker/setup-buildx-action@v1
-
-      - name: Cache Docker layers
-        uses: actions/cache@v2
-        with:
-          path: /tmp/.buildx-cache
-          key: ${{ runner.os }}-${{ matrix.image }}-buildx-${{ steps.prep.outputs.major }}-${{ hashFiles('**/cache_buster') }}-${{ github.sha }}
-          restore-keys: |
-            ${{ runner.os }}-${{ matrix.image }}-buildx-${{ steps.prep.outputs.major }}-${{ hashFiles('**/cache_buster') }}-
+        uses: docker/setup-buildx-action@v3  # Updated from v1
 
       - name: Login to DockerHub
         if: github.event_name != 'pull_request'
-        uses: docker/login-action@v1
+        uses: docker/login-action@v3  # Updated from v1
         with:
           username: ${{ secrets.DOCKERHUB_USERNAME }}
           password: ${{ secrets.DOCKERHUB_PASSWORD }}
 
       - name: Build and push
         id: docker_build
-        uses: docker/build-push-action@v2
+        uses: docker/build-push-action@v5  # Updated from v2
         with:
-          builder: ${{ steps.buildx.outputs.name }}
           context: ${{ matrix.context }}
           build-args: INVOICENINJA_VERSION=${{ steps.prep.outputs.version }}
           platforms: linux/amd64,linux/arm64
           push: ${{ github.event_name != 'pull_request' }}
           tags: ${{ steps.prep.outputs.tags }}
-          cache-from: type=local,src=/tmp/.buildx-cache
-          cache-to: type=local,dest=/tmp/.buildx-cache-new
-
-      - name: Move cache
-        run: |
-          rm -rf /tmp/.buildx-cache
-          mv /tmp/.buildx-cache-new /tmp/.buildx-cache
+          cache-from: type=gha  # Updated cache type
+          cache-to: type=gha,mode=max
 
       - name: Image digest
         run: echo ${{ steps.docker_build.outputs.digest }}

.github/workflows/release-chart.yaml

@@ -12,7 +12,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
-        uses: actions/checkout@v2
+        uses: actions/checkout@v4
         with:
           fetch-depth: 0
 

.github/workflows/test-charts.yaml

@@ -12,7 +12,7 @@ jobs:
       matrix: ${{ steps.set-matrix.outputs.matrix }}
     steps:
       - name: Checkout
-        uses: actions/checkout@v2
+        uses: actions/checkout@v4
         with:
           fetch-depth: 0
 
@@ -55,7 +55,7 @@ jobs:
           - "1.23.15"
     steps:
       - name: Checkout
-        uses: actions/checkout@v2
+        uses: actions/checkout@v4
         with:
           fetch-depth: 0
 

README.md

@@ -19,7 +19,7 @@ This Debian-based image includes Chrome for enhanced PDF generation and other fe
 
 ```bash
 git clone https://github.com/invoiceninja/dockerfiles.git -b debian
-cd dockerfiles
+cd dockerfiles/debian
 ```
 
 Instead of defining our environment variables inside our docker-compose.yml file we now define this in the `.env` file, open this file up and insert your `APP_URL`, `APP_KEY` and update the rest of the variables as required.
@@ -41,7 +41,9 @@ Prior to starting the container for the first time, open the .env file and updat
 This will take care of the initial account setup. You can later remove these .env variables.
 
 > ⚠️ **Warning**  
-> If `IN_USER_EMAIL` and `IN_PASSWORD` is not set the default user email and password is "admin@example.com" and "changeme!" respectively. You will use this for the initial login, thereafter, you can delete these two environment variables.
+> If `IN_USER_EMAIL` and `IN_PASSWORD` are not set the default user email and password is "admin@example.com" and "changeme!" respectively. 
+
+After the container has completed the first startup you can delete these two environment variables.
 
 ### Generate a APP_KEY
 

debian/.env

@@ -8,7 +8,16 @@ PHANTOMJS_PDF_GENERATION=false
 PDF_GENERATOR=snappdf
 TRUSTED_PROXIES='*'
 
-QUEUE_CONNECTION=database
+
+CACHE_DRIVER=redis
+QUEUE_CONNECTION=redis
+SESSION_DRIVER=redis
+
+REDIS_HOST=redis
+REDIS_PASSWORD=null
+REDIS_PORT=6379
+
+FILESYSTEM_DISK=debian_docker
 
 # DB connection
 DB_HOST=mysql
@@ -49,4 +58,5 @@ NORDIGEN_SECRET_KEY=
 IS_DOCKER=true
 SCOUT_DRIVER=null
 SNAPPDF_CHROMIUM_PATH=/usr/bin/google-chrome-stable
-#SNAPPDF_CHROMIUM_PATH=/usr/bin/google-chrome
+
+

debian/Dockerfile

@@ -1,173 +1,112 @@
-FROM php:8.2-fpm AS base
-ARG saxon=12.5.0
+FROM php:8.3-fpm AS base
+
+ARG php_require="bcmath gd pdo_mysql zip"
+ARG php_suggest="exif imagick intl pcntl soap"
+ARG php_suggest_debian="saxon-12.5.0"
+ARG php_extra="opcache"
 
 # Install system dependencies
-RUN apt-get update && apt-get install -y \
-    git \
-    curl \
-    libpng-dev \
-    libonig-dev \
-    libxml2-dev \
-    zip \
-    unzip \
-    gosu \
+RUN apt-get update && apt-get install -y --no-install-recommends \
     default-mysql-client \
+    gpg \
+    gosu \
     supervisor \
-    fonts-liberation \
-    libasound2 \
-    libatk-bridge2.0-0 \
-    libatk1.0-0 \
-    libatspi2.0-0 \
-    libcups2 \
-    libdbus-1-3 \
-    libdrm2 \
-    libgbm1 \
-    libgtk-3-0 \
-    libnspr4 \
-    libnss3 \
-    libwayland-client0 \
-    libxcomposite1 \
-    libxdamage1 \
-    libxfixes3 \
-    libxkbcommon0 \
-    libxrandr2 \
-    xdg-utils \
-    fonts-noto-cjk \
+    # Unicode support for PDF
     fonts-noto-cjk-extra \
     fonts-wqy-microhei \
     fonts-wqy-zenhei \
     xfonts-wqy \
-    wget \
-    gnupg2 \
     && if [ "$(dpkg --print-architecture)" = "amd64" ]; then \
-        wget -q -O - https://dl-ssl.google.com/linux/linux_signing_key.pub | apt-key add - \
-        && echo "deb [arch=amd64] http://dl.google.com/linux/chrome/deb/ stable main" > /etc/apt/sources.list.d/google-chrome.list \
+        mkdir -p /etc/apt/keyrings \
+        && curl -fsSL https://dl.google.com/linux/linux_signing_key.pub | \
+            gpg --dearmor -o /etc/apt/keyrings/google.gpg \
+        && echo "deb [arch=amd64 signed-by=/etc/apt/keyrings/google.gpg] https://dl.google.com/linux/chrome/deb/ stable main" > /etc/apt/sources.list.d/google-chrome.list \
         && apt-get update \
-        && apt-get install -y google-chrome-stable; \
+        && apt-get install -y --no-install-recommends google-chrome-stable \
+        && mkdir -p /var/www/.config/google-chrome \
+        && chown -R www-data:www-data /var/www/.config/google-chrome; \
+    elif [ "$(dpkg --print-architecture)" = "arm64" ]; then \
+        apt-get install -y --no-install-recommends \
+            # Packages for chrome
+            fonts-liberation \
+            libasound2 \
+            libatk-bridge2.0-0 \
+            libatk1.0-0 \
+            libatspi2.0-0 \
+            libcups2 \
+            libdbus-1-3 \
+            libdrm2 \
+            libgbm1 \
+            libgtk-3-0 \
+            libnspr4 \
+            libnss3 \
+            libwayland-client0 \
+            libxcomposite1 \
+            libxdamage1 \
+            libxfixes3 \
+            libxkbcommon0 \
+            libxrandr2 \
+            xdg-utils \
+            && mkdir -p /var/www/.chrome/chrome-profile \
+            && chown -R www-data:www-data /var/www/.chrome/chrome-profile; \
     fi \
+    && apt-get purge -y gpg \
+    && apt-get autoremove -y \
     && apt-get clean \
     && rm -rf /var/lib/apt/lists/*
 
-# Set permissions for www-data to execute    
-RUN mkdir -p /var/www/.chrome/chrome-profile \
-    && chown -R www-data:www-data /var/www/.chrome \
-    && chmod -R 755 /var/www/.chrome \
-    && if [ "$(dpkg --print-architecture)" = "amd64" ]; then \
-        chown root:root /usr/bin/google-chrome \
-        && chmod 4755 /usr/bin/google-chrome \
-        && chown -R root:root /opt/google/chrome \
-        && chmod -R 755 /opt/google/chrome; \
-    fi \
-    && chown -R www-data:www-data /var/www
-
-# Create required directories with proper permissions
-RUN mkdir -p /tmp/chrome \
-    && if [ "$(dpkg --print-architecture)" = "amd64" ]; then \
-        chown -R www-data:www-data /tmp/chrome \
-        && chmod -R 755 /tmp/chrome; \
-    fi
-    
-# Copy Install PHP extensions installer
-COPY --from=mlocati/php-extension-installer /usr/bin/install-php-extensions /usr/local/bin/
-
 # Install Required PHP extensions.
-RUN install-php-extensions \
-    pdo_mysql \
-    mysqli \     
-    mbstring \
-    exif \
-    pcntl \
-    bcmath \
-    gd \
-    opcache \
-    redis \
-    soap \
-    imagick \
-    curl \
-    gmp \
-    zip \
-    @composer
+RUN if [ "$(dpkg --print-architecture)" = "amd64" ]; then \
+    ( curl -sSLf https://github.com/mlocati/docker-php-extension-installer/releases/latest/download/install-php-extensions -o - || echo 'return 1' ) | sh -s \
+        ${php_require} \
+        ${php_suggest} \
+        ${php_suggest_debian} \
+        ${php_extra} \
+        @composer; \
+    elif [ "$(dpkg --print-architecture)" = "arm64" ]; then \
+        ( curl -sSLf https://github.com/mlocati/docker-php-extension-installer/releases/latest/download/install-php-extensions -o - || echo 'return 1' ) | sh -s \
+        ${php_require} \
+        ${php_suggest} \
+        ${php_extra} \
+        @composer; \
+    fi
 
 # Configure PHP
-COPY php/php.ini /usr/local/etc/php/conf.d/app.ini
-COPY php/php-fpm.conf /usr/local/etc/php-fpm.d/www.conf
+RUN mv "$PHP_INI_DIR/php.ini-production" "$PHP_INI_DIR/php.ini"
 
-# Configure Saxon
-WORKDIR /opt
-
-RUN if [ "$(dpkg --print-architecture)" = "amd64" ]; then \
-        curl https://downloads.saxonica.com/SaxonC/HE/12/libsaxon-HEC-linux-x86_64-v${saxon}.zip --output saxon.zip \
-        && unzip saxon.zip -d saxon \
-        && cp saxon/libsaxon-HEC-linux-amd64-v${saxon}/libs/nix/libsaxon-hec-${saxon}.so /usr/lib/ \
-        && cd /opt/saxon/libsaxon-HEC-linux-amd64-v${saxon}/Saxon.C.API \
-        && phpize \
-        && ./configure --enable-saxon \
-        && make \
-        && make install \
-        && echo 'extension=saxon.so' > "/usr/local/etc/php/conf.d/app.ini"; \
-    fi
-    
 # Copy scripts
 COPY rootfs /
 
-# Set working directory
+USER www-data
+
 WORKDIR /var/www/html
 
-# Download and extract application
-RUN set -eux; \ 
-    DOWNLOAD_URL=$(curl -s "https://api.github.com/repos/invoiceninja/invoiceninja/releases/latest" | \
-    grep -o '"browser_download_url": "[^"]*invoiceninja.tar"' | cut -d '"' -f 4) && \
-    curl -L "$DOWNLOAD_URL" | tar -xvz -C /var/www/html && \
-    rm -rf /var/www/html/ui && \
-    chown -R www-data:www-data /var/www/html
-
-# Install dependencies
-RUN composer install --no-dev --no-scripts --no-autoloader
-
-# Generate optimized autoloader and clear cache
-RUN composer dump-autoload --optimize \
+# Setup InvoiceNinja
+RUN curl -s "https://api.github.com/repos/invoiceninja/invoiceninja/releases/latest" | \
+        grep -o '"browser_download_url": "[^"]*invoiceninja.tar"' | \
+        cut -d '"' -f 4 | \
+        xargs curl -sL | \
+        tar -oxz -C /var/www/html \
+    && cp /var/www/html/resources/views/react/index.blade.php /var/www/html/public/index.html \
+    # File permissions
+    && find /var/www/html/ -type f -exec chmod 644 {} \; \
+    # Directory permissions
+    && find /var/www/html/ -type d -exec chmod 755 {} \; \
+    # Install dependencies
+    && composer install --no-dev --no-scripts --no-autoloader \
+    && composer dump-autoload --optimize \
     && php artisan optimize \
-    && php artisan view:cache \
-    && php artisan config:cache \
-    && php artisan route:cache
+    && php artisan storage:link \
+    # Workaround for application updates
+    && mv /var/www/html/public /tmp/public
+
+USER root
 
 # Setup supervisor
 COPY supervisor/supervisord.conf /etc/supervisor/conf.d/supervisord.conf
 
 # Add initialization script
-COPY scripts/init.sh /usr/local/bin/init.sh
-
-# Make executable
-RUN chmod +x /usr/local/bin/init.sh
-
-# Configure PHP-FPM
-RUN sed -i "s/user = www-data/user = www-data/g" /usr/local/etc/php-fpm.d/www.conf \
-    && sed -i "s/group = www-data/group = www-data/g" /usr/local/etc/php-fpm.d/www.conf
-
-# Create volume directories
-RUN mkdir -p \
-    /var/www/html/storage/app/public \
-    /var/www/html/storage/framework/cache \
-    /var/www/html/storage/framework/sessions \
-    /var/www/html/storage/framework/views \
-    /var/www/html/storage/logs \
-    /var/www/html/public/uploads \
-    /var/run \
-    /var/log/supervisor 
-
-# Set permissions
-RUN chown -R www-data:www-data \
-    /var/www/html/storage \
-    /var/www/html/bootstrap/cache \
-    /var/www/html/public/uploads \
-    /var/run \
-    /var/log/supervisor \
-    && chmod -R 775 \
-        /var/www/html/public/uploads \
-        /var/www/html/storage \
-        /var/www/html/bootstrap/cache \
-        /var/run \
-        /var/log/supervisor 
+COPY --chmod=0755 scripts/init.sh /usr/local/bin/init.sh
 
 # Health check
 HEALTHCHECK --interval=30s --timeout=5s --start-period=30s --retries=3 \
@@ -176,4 +115,4 @@ HEALTHCHECK --interval=30s --timeout=5s --start-period=30s --retries=3 \
 EXPOSE 9000
 
 ENTRYPOINT ["/usr/local/bin/init.sh"]
-CMD ["/usr/bin/supervisord", "-c", "/etc/supervisor/conf.d/supervisord.conf"]
+CMD ["supervisord", "-c", "/etc/supervisor/conf.d/supervisord.conf"]

debian/docker-compose.yml

@@ -1,5 +1,3 @@
-version: '3.8'
-
 x-logging: &default-logging
   options:
     max-size: "10m"
@@ -8,16 +6,20 @@ x-logging: &default-logging
 
 services:
   app:
-    image: invoiceninja/invoiceninja-debian:5 
+    build:
+      context: .
+    image: invoiceninja/invoiceninja-debian:${TAG:-latest}
     restart: unless-stopped
     env_file:
       - ./.env
     volumes:
-      - ./.env:/var/www/html/.env  
-      - app_storage:/var/www/html/storage
+      - ./.env:/var/www/html/.env
+      - ./php/php.ini:/usr/local/etc/php/conf.d/zzz-php.ini:ro
+      - ./php/php-fpm.conf:/usr/local/etc/php-fpm.d/zzz-php-fpm.conf:ro
+      - ./supervisor/supervisord.conf:/etc/supervisor/conf.d/supervisord.conf:ro
       - app_cache:/var/www/html/bootstrap/cache
-      - public_files:/var/www/html/public  
-
+      - app_public:/var/www/html/public
+      - app_storage:/var/www/html/storage
     networks:
       - app-network
     depends_on:
@@ -25,10 +27,6 @@ services:
         condition: service_healthy
       redis:
         condition: service_healthy
-    deploy:
-      resources:
-        limits:
-          memory: 512M
     logging: *default-logging
 
   nginx:
@@ -37,24 +35,17 @@ services:
     ports:
       - "80:80"
     volumes:
-      - ./nginx/conf.d:/etc/nginx/conf.d:ro
-      - ./nginx/nginx.conf:/etc/nginx/nginx.conf:ro
-      - type: volume
-        source: public_files
-        target: /var/www/html/public
-        read_only: true
+      - ./nginx:/etc/nginx/conf.d:ro
+      - app_public:/var/www/html/public:ro
+      - app_storage:/var/www/html/storage:ro
     networks:
       - app-network
     depends_on:
       - app
-    deploy:
-      resources:
-        limits:
-          memory: 128M
     logging: *default-logging
 
   mysql:
-    image: mysql:8.0
+    image: mysql:8
     restart: unless-stopped
     env_file:
       - ./.env
@@ -68,14 +59,10 @@ services:
     networks:
       - app-network
     healthcheck:
-      test: ["CMD", "mysqladmin", "ping", "-h", "localhost", "-u${MYSQL_USER}", "-p${MYSQL_PASSWORD}"]
+      test: [ "CMD", "mysqladmin", "ping", "-h", "localhost", "-u${MYSQL_USER}", "-p${MYSQL_PASSWORD}" ]
       interval: 10s
       timeout: 5s
       retries: 5
-    deploy:
-      resources:
-        limits:
-          memory: 1G
     logging: *default-logging
 
   redis:
@@ -86,14 +73,10 @@ services:
     networks:
       - app-network
     healthcheck:
-      test: ["CMD", "redis-cli", "ping"]
+      test: [ "CMD", "redis-cli", "ping" ]
       interval: 10s
       timeout: 5s
       retries: 5
-    deploy:
-      resources:
-        limits:
-          memory: 256M
     logging: *default-logging
 
 networks:
@@ -101,15 +84,13 @@ networks:
     driver: bridge
 
 volumes:
-  app_storage:
+  app_cache:
     driver: local
   app_public:
     driver: local
-  app_cache:
-    driver: local
+  app_storage:
+    driver: local  
   mysql_data:
     driver: local
   redis_data:
     driver: local
-  public_files:  
-    driver: local

debian/nginx/conf.d/default.conf

@@ -1,38 +0,0 @@
-server {
-
-    error_log  /var/log/nginx/error.log debug;
-    access_log /var/log/nginx/access.log;
-
-    listen 80 default_server;
-    server_name _;
-    
-    server_tokens off;
-    
-    client_max_body_size 100M;
-
-    root /var/www/html/public;
-    index index.php;
-
-    location / {
-        try_files $uri $uri/ /index.php?$query_string;
-    }
-
-    location = /favicon.ico { access_log off; log_not_found off; }
-    location = /robots.txt  { access_log off; log_not_found off; }
-
-
-    location ~* /storage/.*\.php$ {
-        return 503;
-    }
-
-    location ~ \.php$ {
-        fastcgi_split_path_info ^(.+\.php)(/.+)$;
-        fastcgi_pass app:9000;
-        fastcgi_index index.php;
-        include fastcgi_params;
-        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
-        fastcgi_intercept_errors off;
-        fastcgi_buffer_size 16k;
-        fastcgi_buffers 4 16k;
-    }
-}

debian/nginx/invoiceninja.conf

@@ -0,0 +1,14 @@
+# https://nginx.org/en/docs/http/ngx_http_core_module.html
+client_max_body_size 10M;
+client_body_buffer_size 10M;
+server_tokens off;
+
+# https://nginx.org/en/docs/http/ngx_http_fastcgi_module.html
+fastcgi_buffers 32 16K;
+
+# https://nginx.org/en/docs/http/ngx_http_gzip_module.html
+gzip on;
+gzip_comp_level 2;
+gzip_min_length 1M;
+gzip_proxied any;
+gzip_types *;

debian/nginx/laravel.conf

@@ -0,0 +1,32 @@
+# https://laravel.com/docs/master/deployment#nginx
+server {
+    listen 80 default_server;
+    server_name _;   
+    root /var/www/html/public;
+
+    add_header X-Frame-Options "SAMEORIGIN";
+    add_header X-Content-Type-Options "nosniff";
+
+    index index.php;
+ 
+    charset utf-8;
+ 
+    location / {
+        try_files $uri $uri/ /index.php?$query_string;
+    }
+ 
+    location = /favicon.ico { access_log off; log_not_found off; }
+    location = /robots.txt  { access_log off; log_not_found off; }
+ 
+    error_page 404 /index.php;
+
+    location ~ \.php$ {
+        fastcgi_pass app:9000;
+        fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;
+        include fastcgi_params;
+    }
+
+    location ~ /\.(?!well-known).* {
+        deny all;
+    }
+}

debian/nginx/nginx.conf

@@ -1,26 +0,0 @@
-user nginx;
-worker_processes auto;
-error_log /var/log/nginx/error.log notice;
-pid /var/run/nginx.pid;
-
-events {
-    worker_connections 1024;
-}
-
-http {
-    include /etc/nginx/mime.types;
-    default_type application/octet-stream;
-
-    log_format main '$remote_addr - $remote_user [$time_local] "$request" '
-                    '$status $body_bytes_sent "$http_referer" '
-                    '"$http_user_agent" "$http_x_forwarded_for"';
-
-    access_log /var/log/nginx/access.log main;
-    error_log /var/log/nginx/error.log;
-
-    sendfile on;
-    keepalive_timeout 65;
-    gzip on;
-
-    include /etc/nginx/conf.d/*.conf;
-}

debian/php/php-fpm.conf

@@ -1,9 +1 @@
-[www]
-user = www-data
-group = www-data
-listen = 0.0.0.0:9000
-pm = dynamic
-pm.max_children = 5
-pm.start_servers = 2
-pm.min_spare_servers = 1
-pm.max_spare_servers = 3
+pm.max_children = 10

debian/php/php.ini

@@ -1,21 +1,15 @@
-session.auto_start = Off
-short_open_tag = Off
+[core]
+# https://www.php.net/manual/en/ini.core.php
+post_max_size = 10M
+upload_max_filesize = 10M
 
-error_reporting = E_ALL & ~E_NOTICE & ~E_WARNING & ~E_STRICT & ~E_DEPRECATED
+[opcache]
+# https://www.php.net/manual/en/opcache.installation.php#opcache.installation.recommended
+opcache.enable_cli=1
+opcache.max_accelerated_files=4000
+opcache.revalidate_freq=60
 
-opcache.enable=1
-opcache.preload=/var/www/html/preload.php
-opcache.preload_user=www-data
-
-; ; The OPcache shared memory storage size.
-opcache.max_accelerated_files=300000
-opcache.validate_timestamps=1
-opcache.revalidate_freq=30
-opcache.jit_buffer_size=256M
-opcache.jit=1205
-opcache.memory_consumption=1024M
-
-
-post_max_size = 60M
-upload_max_filesize = 50M
-memory_limit=512M
+[jit]
+# https://wiki.php.net/rfc/jit_config_defaults
+opcache.jit=tracing
+opcache.jit_buffer_size=64M

debian/rootfs/docker-entrypoint-init.d/10-init-in.sh

@@ -3,12 +3,12 @@
 php artisan db:seed --force
 
 # Build up array of arguments...
-if [[ ! -z "${IN_USER_EMAIL}" ]]; then
+if [ ! -z "${IN_USER_EMAIL}" ]; then
     email="--email ${IN_USER_EMAIL}"
 fi
 
-if [[ ! -z "${IN_PASSWORD}" ]]; then
+if [ ! -z "${IN_PASSWORD}" ]; then
     password="--password ${IN_PASSWORD}"
 fi
 
-php artisan ninja:create-account $email $password
+php artisan ninja:create-account $email $password

debian/scripts/init.sh

@@ -1,10 +1,10 @@
 #!/bin/sh
 set -e
 
-
 in_log() {
-        local type="$1"; shift
-        printf '%s [%s] [Entrypoint]: %s\n' "$(date -u '+%Y-%m-%dT%H:%M:%SZ')" "$type" "$*"
+    local type="$1"
+    shift
+    printf '%s [%s] [Entrypoint]: %s\n' "$(date -u '+%Y-%m-%dT%H:%M:%SZ')" "$type" "$*"
 }
 
 docker_process_init_files() {
@@ -29,45 +29,53 @@ docker_process_init_files() {
     done
 }
 
-# Create directories if they don't exist
-mkdir -p \
-    /var/www/html/storage/app/public \
-    /var/www/html/storage/framework/cache \
-    /var/www/html/storage/framework/sessions \
-    /var/www/html/storage/framework/views \
-    /var/www/html/storage/logs \
-    /var/www/html/public/uploads
+if [ "$*" = 'supervisord -c /etc/supervisor/conf.d/supervisord.conf' ]; then
+    # Workaround for application updates
+    if [ "$(ls -A /tmp/public)" ]; then
+        echo "Updating public folder..."
+        rm -rf /var/www/html/public/.htaccess \
+            /var/www/html/public/.well-known \
+            /var/www/html/public/*
+        mv /tmp/public/* \
+            /tmp/public/.htaccess \
+            /tmp/public/.well-known \
+            /var/www/html/public/
+    fi
+    echo "Public Folder is up to date"
 
-# Set directory permissions without changing ownership
-chmod -R 775 \
-    /var/www/html/storage \
-    /var/www/html/bootstrap/cache \
-    /var/www/html/public/uploads
+    # Ensure owner, file and directory permissions are correct
+    chown -R www-data:www-data \
+        /var/www/html/public \
+        /var/www/html/storage
+    find /var/www/html/public \
+        /var/www/html/storage \
+        -type f -exec chmod 644 {} \;
+    find /var/www/html/public \
+        /var/www/html/storage \
+        -type d -exec chmod 755 {} \;
 
-# Clear and cache config in production
-if [ "$APP_ENV" = "production" ]; then
-    php artisan config:cache
-    php artisan optimize
-    php artisan package:discover
-    php artisan migrate --force
+    # Clear and cache config in production
+    if [ "$APP_ENV" = "production" ]; then
+        gosu www-data php artisan optimize
+        gosu www-data php artisan package:discover
+        gosu www-data php artisan migrate --force
 
-    echo "Checking initialization status..."
+        # If first IN run, it needs to be initialized
+        echo "Checking initialization status..."
+        IN_INIT=$(php artisan tinker --execute='echo Schema::hasTable("accounts") && !App\Models\Account::all()->first();')
+        echo "IN_INIT value: $IN_INIT"
 
-    # If first IN run, it needs to be initialized
-    echo "Checking initialization status..."
-    IN_INIT=$(php artisan tinker --execute='echo Schema::hasTable("accounts") && !App\Models\Account::all()->first();')
-    echo "IN_INIT value: $IN_INIT"
+        if [ "$IN_INIT" = "1" ]; then
+            echo "Running initialization scripts..."
+            docker_process_init_files /docker-entrypoint-init.d/*
+        fi
+
+        echo "Production setup completed"
+        echo "IN_INIT value: $IN_INIT"
 
-    if [ "$IN_INIT" = "1" ]; then
-        echo "Running initialization scripts..."
-        docker_process_init_files /docker-entrypoint-init.d/*
     fi
 
-    echo "Production setup completed"
-    echo "IN_INIT value: $IN_INIT"
-
+    echo "Starting supervisord..."
 fi
 
-echo "Starting supervisord..."
-# Start supervisord in the foreground
-exec /usr/bin/supervisord -n -c /etc/supervisor/conf.d/supervisord.conf
+exec "$@"

debian/supervisor/supervisord.conf

@@ -33,11 +33,9 @@ stopasgroup=true
 killasgroup=true
 user=www-data
 numprocs=2
-redirect_stderr=true
-stdout_logfile=/dev/stdout
-stdout_logfile_maxbytes=0
-stderr_logfile=/dev/stderr
-stderr_logfile_maxbytes=0
+environment=HOME="/var/www"
+stdout_logfile=/var/log/php-worker.log
+stderr_logfile=/var/log/php-worker.err.log
 stopwaitsecs=3600
 
 [program:scheduler]
@@ -45,7 +43,6 @@ command=/bin/sh -c "while [ true ]; do (php /var/www/html/artisan schedule:run -
 autostart=true
 autorestart=true
 user=www-data
-redirect_stderr=true
 stdout_logfile=/dev/stdout
 stdout_logfile_maxbytes=0
 stderr_logfile=/dev/stderr