Merge pull request #663 from turbo124/debian

Corrective fixes for new dockerfile
2026-01-07 15:07:27 +01:00 · 2024-11-29 13:57:39 +11:00 · 2024-11-29 13:56:46 +11:00 · 2024-11-29 07:17:52 +11:00 · 2024-11-28 16:18:05 +01:00 · 2024-11-28 15:50:38 +01:00
10 changed files with 100 additions and 158 deletions
--- a/debian/.env
+++ b/debian/.env
@@ -8,10 +8,16 @@ PHANTOMJS_PDF_GENERATION=false
 PDF_GENERATOR=snappdf
 TRUSTED_PROXIES='*'

+
+CACHE_DRIVER=redis
 QUEUE_CONNECTION=redis
+SESSION_DRIVER=redis

+REDIS_HOST=redis
+REDIS_PASSWORD=null
+REDIS_PORT=6379

-# FILESYSTEM_DISK=local
+FILESYSTEM_DISK=debian_docker

 # DB connection
 DB_HOST=mysql
@@ -52,4 +58,5 @@ NORDIGEN_SECRET_KEY=
 IS_DOCKER=true
 SCOUT_DRIVER=null
 SNAPPDF_CHROMIUM_PATH=/usr/bin/google-chrome-stable
-#SNAPPDF_CHROMIUM_PATH=/usr/bin/google-chrome
+
+
--- a/debian/Dockerfile
+++ b/debian/Dockerfile
@@ -1,19 +1,19 @@
-FROM php:8.2-fpm AS base
+FROM php:8.3-fpm AS base
+
 ARG saxon=12.5.0

 # Install system dependencies
-RUN apt-get update && apt-get install -y \
-    git \
+RUN apt-get update && apt-get install -y --no-install-recommends \
    curl \
-    libpng-dev \
-    libonig-dev \
-    libxml2-dev \
-    zip \
-    unzip \
+    gnupg2 \
    gosu \
-    default-mysql-client \
    supervisor \
+    default-mysql-client \
    fonts-liberation \
+    fonts-noto-cjk \
+    fonts-noto-cjk-extra \
+    fonts-wqy-microhei \
+    fonts-wqy-zenhei \
    libasound2 \
    libatk-bridge2.0-0 \
    libatk1.0-0 \
@@ -25,25 +25,23 @@ RUN apt-get update && apt-get install -y \
    libgtk-3-0 \
    libnspr4 \
    libnss3 \
+    libonig-dev \
+    libpng-dev \
    libwayland-client0 \
    libxcomposite1 \
    libxdamage1 \
    libxfixes3 \
    libxkbcommon0 \
+    libxml2-dev \
    libxrandr2 \
    xdg-utils \
-    fonts-noto-cjk \
-    fonts-noto-cjk-extra \
-    fonts-wqy-microhei \
-    fonts-wqy-zenhei \
    xfonts-wqy \
-    wget \
-    gnupg2 \
    && if [ "$(dpkg --print-architecture)" = "amd64" ]; then \
-        wget -q -O - https://dl-ssl.google.com/linux/linux_signing_key.pub | apt-key add - \
-        && echo "deb [arch=amd64] http://dl.google.com/linux/chrome/deb/ stable main" > /etc/apt/sources.list.d/google-chrome.list \
+        mkdir -p /etc/apt/keyrings \
+        && curl -fsSL https://dl.google.com/linux/linux_signing_key.pub | gpg --dearmor -o /etc/apt/keyrings/google.gpg \
+        && echo "deb [arch=amd64 signed-by=/etc/apt/keyrings/google.gpg] https://dl.google.com/linux/chrome/deb/ stable main" > /etc/apt/sources.list.d/google-chrome.list \
        && apt-get update \
-        && apt-get install -y google-chrome-stable; \
+        && apt-get install -y --no-install-recommends google-chrome-stable; \
    fi \
    && apt-get clean \
    && rm -rf /var/lib/apt/lists/*
@@ -66,46 +64,29 @@ RUN mkdir -p /tmp/chrome \
        chown -R www-data:www-data /tmp/chrome \
        && chmod -R 755 /tmp/chrome; \
    fi
-    
+
 # Copy Install PHP extensions installer
-COPY --from=mlocati/php-extension-installer /usr/bin/install-php-extensions /usr/local/bin/
+ADD --chmod=0755 https://github.com/mlocati/docker-php-extension-installer/releases/latest/download/install-php-extensions /usr/local/bin/

 # Install Required PHP extensions.
 RUN install-php-extensions \
-    pdo_mysql \
-    mysqli \     
-    mbstring \
-    exif \
-    pcntl \
    bcmath \
+    exif \
    gd \
-    opcache \
-    redis \
-    soap \
-    imagick \
-    curl \
    gmp \
+    imagick \
+    mysqli \     
+    opcache \
+    pcntl \
+    pdo_mysql \
+    redis \
+    saxon-${saxon} \
+    soap \
    zip \
    @composer

 # Configure PHP
-COPY php/php.ini /usr/local/etc/php/conf.d/app.ini
-COPY php/php-fpm.conf /usr/local/etc/php-fpm.d/www.conf
-
-# Configure Saxon
-WORKDIR /opt
-
-RUN if [ "$(dpkg --print-architecture)" = "amd64" ]; then \
-        curl https://downloads.saxonica.com/SaxonC/HE/12/libsaxon-HEC-linux-x86_64-v${saxon}.zip --output saxon.zip \
-        && unzip saxon.zip -d saxon \
-        && cp saxon/libsaxon-HEC-linux-amd64-v${saxon}/libs/nix/libsaxon-hec-${saxon}.so /usr/lib/ \
-        && cd /opt/saxon/libsaxon-HEC-linux-amd64-v${saxon}/Saxon.C.API \
-        && phpize \
-        && ./configure --enable-saxon \
-        && make \
-        && make install \
-        && echo 'extension=saxon.so' > "/usr/local/etc/php/conf.d/app.ini"; \
-    fi
+RUN mv "$PHP_INI_DIR/php.ini-production" "$PHP_INI_DIR/php.ini"

 # Copy scripts
 COPY rootfs /
@@ -120,25 +101,23 @@ RUN set -eux; \
    curl -L "$DOWNLOAD_URL" | tar -xvz -C /var/www/html && \
    chown -R www-data:www-data /var/www/html

+USER www-data
+
 # Install dependencies
 RUN composer install --no-dev --no-scripts --no-autoloader

 # Generate optimized autoloader and clear cache
 RUN composer dump-autoload --optimize \
    && php artisan optimize \
-    && php artisan view:cache \
-    && php artisan config:cache \
-    && php artisan route:cache \
    && php artisan storage:link

+USER root
+
 # Setup supervisor
 COPY supervisor/supervisord.conf /etc/supervisor/conf.d/supervisord.conf

 # Add initialization script
-COPY scripts/init.sh /usr/local/bin/init.sh
-
-# Make executable
-RUN chmod +x /usr/local/bin/init.sh
+COPY --chmod=0755 scripts/init.sh /usr/local/bin/init.sh

 # Configure PHP-FPM
 RUN sed -i "s/user = www-data/user = www-data/g" /usr/local/etc/php-fpm.d/www.conf \
@@ -155,6 +134,8 @@ RUN mkdir -p \
    /var/run \
    /var/log/supervisor 

+RUN cp /var/www/html/resources/views/react/index.blade.php /var/www/html/public/index.html
+
 # Set permissions
 RUN chown -R www-data:www-data \
    /var/www/html/storage \
@@ -176,4 +157,4 @@ HEALTHCHECK --interval=30s --timeout=5s --start-period=30s --retries=3 \
 EXPOSE 9000

 ENTRYPOINT ["/usr/local/bin/init.sh"]
-CMD ["/usr/bin/supervisord", "-c", "/etc/supervisor/conf.d/supervisord.conf"]
+CMD ["/usr/bin/supervisord", "-c", "/etc/supervisor/conf.d/supervisord.conf"]
--- a/debian/docker-compose.yml
+++ b/debian/docker-compose.yml
@@ -1,5 +1,3 @@
-version: '3.8'
-
 x-logging: &default-logging
  options:
    max-size: "10m"
@@ -8,16 +6,20 @@ x-logging: &default-logging

 services:
  app:
-    image: invoiceninja/invoiceninja-debian:latest
+    build:
+      context: .
+    image: invoiceninja/invoiceninja-debian:${TAG:-latest}
    restart: unless-stopped
    env_file:
      - ./.env
    volumes:
-      - ./.env:/var/www/html/.env  
+      - ./.env:/var/www/html/.env:ro
+      - ./php/php.ini:/usr/local/etc/php/conf.d/zzz-php.ini:ro
+      - ./php/php-fpm.conf:/usr/local/etc/php-fpm.d/zzz-php-fpm.conf:ro
+      - ./supervisor/supervisord.conf:/etc/supervisor/conf.d/supervisord.conf:ro
      - app_storage:/var/www/html/storage
      - app_cache:/var/www/html/bootstrap/cache
-      - public_storage:/var/www/html/public/storage
-
+      - image_public:/var/www/html/public:ro
    networks:
      - app-network
    depends_on:
@@ -25,10 +27,6 @@ services:
        condition: service_healthy
      redis:
        condition: service_healthy
-    deploy:
-      resources:
-        limits:
-          memory: 512M
    logging: *default-logging

  nginx:
@@ -37,19 +35,13 @@ services:
    ports:
      - "80:80"
    volumes:
-      - ./nginx/conf.d:/etc/nginx/conf.d:ro
-      - ./nginx/nginx.conf:/etc/nginx/nginx.conf:ro
-    volumes_from:
-      - app
-
+      - ./nginx:/etc/nginx/conf.d:ro
+      - app_storage:/var/www/html/storage:ro
+      - image_public:/var/www/html/public:ro
    networks:
      - app-network
    depends_on:
      - app
-    deploy:
-      resources:
-        limits:
-          memory: 128M
    logging: *default-logging

  mysql:
@@ -67,14 +59,19 @@ services:
    networks:
      - app-network
    healthcheck:
-      test: ["CMD", "mysqladmin", "ping", "-h", "localhost", "-u${MYSQL_USER}", "-p${MYSQL_PASSWORD}"]
+      test:
+        [
+          "CMD",
+          "mysqladmin",
+          "ping",
+          "-h",
+          "localhost",
+          "-u${MYSQL_USER}",
+          "-p${MYSQL_PASSWORD}",
+        ]
      interval: 10s
      timeout: 5s
      retries: 5
-    deploy:
-      resources:
-        limits:
-          memory: 1G
    logging: *default-logging

  redis:
@@ -89,10 +86,6 @@ services:
      interval: 10s
      timeout: 5s
      retries: 5
-    deploy:
-      resources:
-        limits:
-          memory: 256M
    logging: *default-logging

 networks:
@@ -104,9 +97,9 @@ volumes:
    driver: local
  app_cache:
    driver: local
-  public_storage:
-    driver: local  # Persistent storage for user files
  mysql_data:
    driver: local
  redis_data:
-    driver: local
+    driver: local
+  image_public:
+    driver: local
--- a/debian/nginx/invoiceninja.conf
+++ b/debian/nginx/invoiceninja.conf
@@ -0,0 +1,9 @@
+client_max_body_size 100M;
+client_body_buffer_size 100M;
+
+fastcgi_buffer_size 16k;
+fastcgi_buffers 4 16k;
+
+gzip on;
+
+server_tokens off;
--- a/debian/nginx/conf.d/default.conf
+++ b/debian/nginx/conf.d/default.conf
@@ -1,38 +1,33 @@
 server {
-
-    error_log  /var/log/nginx/error.log debug;
-    access_log /var/log/nginx/access.log;
-
    listen 80 default_server;
-    server_name _;
-    
-    server_tokens off;
-    
-    client_max_body_size 100M;
-
+    server_name _;   
    root /var/www/html/public;
-    index index.php;

+    add_header X-Frame-Options "SAMEORIGIN";
+    add_header X-Content-Type-Options "nosniff";
+
+    index index.php;
+ 
+    charset utf-8;
+ 
    location / {
        try_files $uri $uri/ /index.php?$query_string;
    }
-
+ 
    location = /favicon.ico { access_log off; log_not_found off; }
    location = /robots.txt  { access_log off; log_not_found off; }
-
-
-    location ~* /storage/.*\.php$ {
-        return 503;
-    }
+ 
+    error_page 404 /index.php;

    location ~ \.php$ {
-        fastcgi_split_path_info ^(.+\.php)(/.+)$;
        fastcgi_pass app:9000;
-        fastcgi_index index.php;
+        fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;
        include fastcgi_params;
-        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
-        fastcgi_intercept_errors off;
        fastcgi_buffer_size 16k;
        fastcgi_buffers 4 16k;
    }
+
+    location ~ /\.(?!well-known).* {
+        deny all;
+    }
 }
--- a/debian/nginx/nginx.conf
+++ b/debian/nginx/nginx.conf
@@ -1,26 +0,0 @@
-user nginx;
-worker_processes auto;
-error_log /var/log/nginx/error.log notice;
-pid /var/run/nginx.pid;
-
-events {
-    worker_connections 1024;
-}
-
-http {
-    include /etc/nginx/mime.types;
-    default_type application/octet-stream;
-
-    log_format main '$remote_addr - $remote_user [$time_local] "$request" '
-                    '$status $body_bytes_sent "$http_referer" '
-                    '"$http_user_agent" "$http_x_forwarded_for"';
-
-    access_log /var/log/nginx/access.log main;
-    error_log /var/log/nginx/error.log;
-
-    sendfile on;
-    keepalive_timeout 65;
-    gzip on;
-
-    include /etc/nginx/conf.d/*.conf;
-}
--- a/debian/php/php-fpm.conf
+++ b/debian/php/php-fpm.conf
@@ -1,9 +1,2 @@
 [www]
-user = www-data
-group = www-data
-listen = 0.0.0.0:9000
-pm = dynamic
 pm.max_children = 10
-pm.start_servers = 2
-pm.min_spare_servers = 1
-pm.max_spare_servers = 3
--- a/debian/php/php.ini
+++ b/debian/php/php.ini
@@ -1,13 +1,8 @@
-session.auto_start = Off
-short_open_tag = Off
-
-error_reporting = E_ALL & ~E_NOTICE & ~E_WARNING & ~E_STRICT & ~E_DEPRECATED
+memory_limit=512M

 opcache.enable=1
 opcache.preload=/var/www/html/preload.php
 opcache.preload_user=www-data
-
-; ; The OPcache shared memory storage size.
 opcache.max_accelerated_files=300000
 opcache.validate_timestamps=1
 opcache.revalidate_freq=30
@@ -15,7 +10,5 @@ opcache.jit_buffer_size=256M
 opcache.jit=1205
 opcache.memory_consumption=1024M

-
 post_max_size = 60M
 upload_max_filesize = 50M
-memory_limit=512M
--- a/debian/rootfs/docker-entrypoint-init.d/10-init-in.sh
+++ b/debian/rootfs/docker-entrypoint-init.d/10-init-in.sh
@@ -3,11 +3,11 @@
 php artisan db:seed --force

 # Build up array of arguments...
-if [[ ! -z "${IN_USER_EMAIL}" ]]; then
+if [ ! -z "${IN_USER_EMAIL}" ]; then
    email="--email ${IN_USER_EMAIL}"
 fi

-if [[ ! -z "${IN_PASSWORD}" ]]; then
+if [ ! -z "${IN_PASSWORD}" ]; then
    password="--password ${IN_PASSWORD}"
 fi

--- a/debian/supervisor/supervisord.conf
+++ b/debian/supervisor/supervisord.conf
@@ -33,11 +33,9 @@ stopasgroup=true
 killasgroup=true
 user=www-data
 numprocs=2
-redirect_stderr=true
-stdout_logfile=/dev/stdout
-stdout_logfile_maxbytes=0
-stderr_logfile=/dev/stderr
-stderr_logfile_maxbytes=0
+environment=HOME="/var/www"
+stdout_logfile=/var/log/php-worker.log
+stderr_logfile=/var/log/php-worker.err.log
 stopwaitsecs=3600

 [program:scheduler]
@@ -45,7 +43,6 @@ command=/bin/sh -c "while [ true ]; do (php /var/www/html/artisan schedule:run -
 autostart=true
 autorestart=true
 user=www-data
-redirect_stderr=true
 stdout_logfile=/dev/stdout
 stdout_logfile_maxbytes=0
 stderr_logfile=/dev/stderr
Author	SHA1	Message	Date
David Bomba	113c700754	Merge pull request #663 from turbo124/debian Corrective fixes for new dockerfile	2024-11-29 13:57:39 +11:00
David Bomba	b6be06c977	Corrective fixes for new dockerfile	2024-11-29 13:56:46 +11:00
David Bomba	baad65c737	Merge pull request #661 from benbrummer/debian php 8.3 and apt package optimization	2024-11-29 07:17:52 +11:00
benbrummer	9fd35b874d	second try for nginx Signed-off-by: benbrummer <info@benjamin-brummer.de>	2024-11-28 16:18:05 +01:00
benbrummer	fe4993f8a3	set correct mount destination for nginx Signed-off-by: benbrummer <info@benjamin-brummer.de>	2024-11-28 15:50:38 +01:00
Benjamin Brummer	b83fb831b9	- Use default laravel nginx and extend it with invoiceninja -specific settings - Overwrite php.ini/php-fpm.ini settings with customized settings	2024-11-28 14:04:11 +01:00
Benjamin Brummer	687e74c983	Fix: app-1 for supervisor warning redirect_stderr	2024-11-28 10:55:29 +01:00
Benjamin Brummer	7644151370	memory limits are not aligned with php/opcache and cause error 500	2024-11-28 10:26:23 +01:00
Benjamin Brummer	c84f80f9a9	add build context to docker-compose.yml	2024-11-28 10:23:25 +01:00
Benjamin Brummer	6cfdca078f	- Update to php 8.3 - Minimal system packages - additional packages will be handled as dependencies of google-chrome-stable (amd64 - arm64 will still install all apt packages - "--no-install-recommends" for apt-get	2024-11-28 10:22:05 +01:00
David Bomba	74ed1b2432	Merge pull request #659 from benbrummer/debian install saxon 12.5.0 with install-php-extensions	2024-11-28 11:28:26 +11:00
Benjamin Brummer	b3b7f7b9f0	- install saxon with install-php-extensions - replace deprecated apt-key - artisan optimize will handle caches	2024-11-27 13:01:46 +01:00
David Bomba	a6d8f663ae	Merge pull request #656 from benbrummer/debian Use php.ini-production	2024-11-27 19:27:34 +11:00
David Bomba	3024f11a31	Merge pull request #658 from brdns/debian-dev move client_max_body_size from default.conf to nginx.conf	2024-11-27 19:19:14 +11:00
Benjamin Brummer	6274c432d9	Fix access for nginx to storage/public	2024-11-26 17:16:09 +01:00
Brandon	f5afd3f527	Revert "Prevents swapping on pdf generation with Chrome" This reverts commit `3ce5983131`.	2024-11-26 16:28:04 +01:00
Brandon	3ce5983131	Prevents swapping on pdf generation with Chrome Increase allowed memory usage of main container from 512M to 1G This is useful particularly if the server uses a hard drive, which can drastically slow down pdf generation during swap	2024-11-26 16:22:38 +01:00
Brandon	bfc61fb64e	client_max_body_size is a parameter of nginx.conf and not of default.conf (https://nginx.org/en/docs/http/ngx_http_core_module.html#client_max_body_size ) add client_body_buffer_size prevents the following logs: [warn] a client request body is buffered to a temporary file	2024-11-26 16:07:27 +01:00
Benjamin Brummer	535d6d4c06	Refactoring docker-compose.yml	2024-11-26 12:50:59 +01:00
Benjamin Brummer	24d49a4374	refactoring dockerfile	2024-11-26 12:49:12 +01:00
Benjamin Brummer	30ad63f306	Use php.ini-production	2024-11-26 09:46:36 +01:00
David Bomba	60fd0aa79e	Merge pull request #655 from turbo124/debian Set home path for PHP when supervisor boots	2024-11-26 08:31:54 +11:00
David Bomba	d1786100ca	Set home path for PHP when supervisor boots	2024-11-26 08:31:18 +11:00
David Bomba	f58ca724c9	Merge pull request #653 from turbo124/debian Expose storage/ for nginx	2024-11-25 21:38:53 +11:00
David Bomba	53cadbf750	Expose storage/ for nginx	2024-11-25 21:38:26 +11:00
David Bomba	3fca330958	Merge pull request #651 from turbo124/debian Updates for volume mounts	2024-11-25 11:39:13 +11:00
David Bomba	7d79b39bc2	Updates for volume mounts	2024-11-25 11:38:39 +11:00
David Bomba	aa271a1488	Merge pull request #650 from turbo124/debian Add index.html to public/	2024-11-25 09:14:58 +11:00
David Bomba	451c1b872f	Add index.html to public/	2024-11-25 09:14:34 +11:00
David Bomba	5c74753da2	Merge pull request #648 from turbo124/debian Updates for resolving filessystem	2024-11-24 19:58:47 +11:00
David Bomba	83f17aa669	Updates for resolving filessystem	2024-11-24 19:56:02 +11:00