Merge pull request #665 from turbo124/debian

Update dockerfile

debian/.env

@@ -8,7 +8,16 @@ PHANTOMJS_PDF_GENERATION=false
 PDF_GENERATOR=snappdf
 TRUSTED_PROXIES='*'
 
-QUEUE_CONNECTION=database
+
+CACHE_DRIVER=redis
+QUEUE_CONNECTION=redis
+SESSION_DRIVER=redis
+
+REDIS_HOST=redis
+REDIS_PASSWORD=null
+REDIS_PORT=6379
+
+FILESYSTEM_DISK=debian_docker
 
 # DB connection
 DB_HOST=mysql
@@ -49,4 +58,5 @@ NORDIGEN_SECRET_KEY=
 IS_DOCKER=true
 SCOUT_DRIVER=null
 SNAPPDF_CHROMIUM_PATH=/usr/bin/google-chrome-stable
-#SNAPPDF_CHROMIUM_PATH=/usr/bin/google-chrome
+
+

debian/Dockerfile

@@ -1,19 +1,19 @@
-FROM php:8.2-fpm AS base
+FROM php:8.3-fpm AS base
+
 ARG saxon=12.5.0
 
 # Install system dependencies
-RUN apt-get update && apt-get install -y \
-    git \
+RUN apt-get update && apt-get install -y --no-install-recommends \
     curl \
-    libpng-dev \
-    libonig-dev \
-    libxml2-dev \
-    zip \
-    unzip \
+    gnupg2 \
     gosu \
-    default-mysql-client \
     supervisor \
+    default-mysql-client \
     fonts-liberation \
+    fonts-noto-cjk \
+    fonts-noto-cjk-extra \
+    fonts-wqy-microhei \
+    fonts-wqy-zenhei \
     libasound2 \
     libatk-bridge2.0-0 \
     libatk1.0-0 \
@@ -25,25 +25,23 @@ RUN apt-get update && apt-get install -y \
     libgtk-3-0 \
     libnspr4 \
     libnss3 \
+    libonig-dev \
+    libpng-dev \
     libwayland-client0 \
     libxcomposite1 \
     libxdamage1 \
     libxfixes3 \
     libxkbcommon0 \
+    libxml2-dev \
     libxrandr2 \
     xdg-utils \
-    fonts-noto-cjk \
-    fonts-noto-cjk-extra \
-    fonts-wqy-microhei \
-    fonts-wqy-zenhei \
     xfonts-wqy \
-    wget \
-    gnupg2 \
     && if [ "$(dpkg --print-architecture)" = "amd64" ]; then \
-        wget -q -O - https://dl-ssl.google.com/linux/linux_signing_key.pub | apt-key add - \
-        && echo "deb [arch=amd64] http://dl.google.com/linux/chrome/deb/ stable main" > /etc/apt/sources.list.d/google-chrome.list \
+        mkdir -p /etc/apt/keyrings \
+        && curl -fsSL https://dl.google.com/linux/linux_signing_key.pub | gpg --dearmor -o /etc/apt/keyrings/google.gpg \
+        && echo "deb [arch=amd64 signed-by=/etc/apt/keyrings/google.gpg] https://dl.google.com/linux/chrome/deb/ stable main" > /etc/apt/sources.list.d/google-chrome.list \
         && apt-get update \
-        && apt-get install -y google-chrome-stable; \
+        && apt-get install -y --no-install-recommends google-chrome-stable; \
     fi \
     && apt-get clean \
     && rm -rf /var/lib/apt/lists/*
@@ -66,46 +64,29 @@ RUN mkdir -p /tmp/chrome \
         chown -R www-data:www-data /tmp/chrome \
         && chmod -R 755 /tmp/chrome; \
     fi
-    
+
 # Copy Install PHP extensions installer
-COPY --from=mlocati/php-extension-installer /usr/bin/install-php-extensions /usr/local/bin/
+ADD --chmod=0755 https://github.com/mlocati/docker-php-extension-installer/releases/latest/download/install-php-extensions /usr/local/bin/
 
 # Install Required PHP extensions.
 RUN install-php-extensions \
-    pdo_mysql \
-    mysqli \     
-    mbstring \
-    exif \
-    pcntl \
     bcmath \
+    exif \
     gd \
-    opcache \
-    redis \
-    soap \
-    imagick \
-    curl \
     gmp \
+    imagick \
+    mysqli \     
+    opcache \
+    pcntl \
+    pdo_mysql \
+    redis \
+    saxon-${saxon} \
+    soap \
     zip \
     @composer
 
 # Configure PHP
-COPY php/php.ini /usr/local/etc/php/conf.d/app.ini
-COPY php/php-fpm.conf /usr/local/etc/php-fpm.d/www.conf
-
-# Configure Saxon
-WORKDIR /opt
-
-RUN if [ "$(dpkg --print-architecture)" = "amd64" ]; then \
-        curl https://downloads.saxonica.com/SaxonC/HE/12/libsaxon-HEC-linux-x86_64-v${saxon}.zip --output saxon.zip \
-        && unzip saxon.zip -d saxon \
-        && cp saxon/libsaxon-HEC-linux-amd64-v${saxon}/libs/nix/libsaxon-hec-${saxon}.so /usr/lib/ \
-        && cd /opt/saxon/libsaxon-HEC-linux-amd64-v${saxon}/Saxon.C.API \
-        && phpize \
-        && ./configure --enable-saxon \
-        && make \
-        && make install \
-        && echo 'extension=saxon.so' > "/usr/local/etc/php/conf.d/app.ini"; \
-    fi
+RUN mv "$PHP_INI_DIR/php.ini-production" "$PHP_INI_DIR/php.ini"
 
 # Copy scripts
 COPY rootfs /
@@ -117,34 +98,26 @@ WORKDIR /var/www/html
 RUN set -eux; \ 
     DOWNLOAD_URL=$(curl -s "https://api.github.com/repos/invoiceninja/invoiceninja/releases/latest" | \
     grep -o '"browser_download_url": "[^"]*invoiceninja.tar"' | cut -d '"' -f 4) && \
-    echo "Downloading from: $DOWNLOAD_URL" && \
-    # Download and save the tar
-    curl -L "$DOWNLOAD_URL" -o /tmp/ninja.tar && \
-    # Try extraction
-    cd /var/www/html && \
-    tar --strip-components=1 -xf /tmp/ninja.tar && \
-    # List what was extracted
-    rm -f /tmp/ninja.tar && \
+    curl -L "$DOWNLOAD_URL" | tar -xvz -C /var/www/html && \
     chown -R www-data:www-data /var/www/html
 
+USER www-data
+
 # Install dependencies
 RUN composer install --no-dev --no-scripts --no-autoloader
 
 # Generate optimized autoloader and clear cache
 RUN composer dump-autoload --optimize \
     && php artisan optimize \
-    && php artisan view:cache \
-    && php artisan config:cache \
-    && php artisan route:cache
+    && php artisan storage:link
+
+USER root
 
 # Setup supervisor
 COPY supervisor/supervisord.conf /etc/supervisor/conf.d/supervisord.conf
 
 # Add initialization script
-COPY scripts/init.sh /usr/local/bin/init.sh
-
-# Make executable
-RUN chmod +x /usr/local/bin/init.sh
+COPY --chmod=0755 scripts/init.sh /usr/local/bin/init.sh
 
 # Configure PHP-FPM
 RUN sed -i "s/user = www-data/user = www-data/g" /usr/local/etc/php-fpm.d/www.conf \
@@ -161,6 +134,11 @@ RUN mkdir -p \
     /var/run \
     /var/log/supervisor 
 
+RUN cp /var/www/html/resources/views/react/index.blade.php /var/www/html/public/index.html
+
+# copy the public/ directory into a separate folder so that we can overwrite the volume later via the entrypoint
+RUN mkdir -p /image-original/public && cp -r /var/www/html/public /image-original/public
+
 # Set permissions
 RUN chown -R www-data:www-data \
     /var/www/html/storage \
@@ -182,4 +160,4 @@ HEALTHCHECK --interval=30s --timeout=5s --start-period=30s --retries=3 \
 EXPOSE 9000
 
 ENTRYPOINT ["/usr/local/bin/init.sh"]
-CMD ["/usr/bin/supervisord", "-c", "/etc/supervisor/conf.d/supervisord.conf"]
+CMD ["/usr/bin/supervisord", "-c", "/etc/supervisor/conf.d/supervisord.conf"]

debian/docker-compose.yml

@@ -1,5 +1,3 @@
-version: '3.8'
-
 x-logging: &default-logging
   options:
     max-size: "10m"
@@ -8,16 +6,20 @@ x-logging: &default-logging
 
 services:
   app:
-    image: invoiceninja/invoiceninja-debian:latest
+    build:
+      context: .
+    image: invoiceninja/invoiceninja-debian:${TAG:-latest}
     restart: unless-stopped
     env_file:
       - ./.env
     volumes:
-      - ./.env:/var/www/html/.env  
+      - ./.env:/var/www/html/.env:ro
+      - ./php/php.ini:/usr/local/etc/php/conf.d/zzz-php.ini:ro
+      - ./php/php-fpm.conf:/usr/local/etc/php-fpm.d/zzz-php-fpm.conf:ro
+      - ./supervisor/supervisord.conf:/etc/supervisor/conf.d/supervisord.conf:ro
       - app_storage:/var/www/html/storage
       - app_cache:/var/www/html/bootstrap/cache
-      - public_files:/var/www/html/public  
-
+      - image_public:/var/www/html/public:ro
     networks:
       - app-network
     depends_on:
@@ -25,10 +27,6 @@ services:
         condition: service_healthy
       redis:
         condition: service_healthy
-    deploy:
-      resources:
-        limits:
-          memory: 512M
     logging: *default-logging
 
   nginx:
@@ -37,20 +35,13 @@ services:
     ports:
       - "80:80"
     volumes:
-      - ./nginx/conf.d:/etc/nginx/conf.d:ro
-      - ./nginx/nginx.conf:/etc/nginx/nginx.conf:ro
-      - type: volume
-        source: public_files
-        target: /var/www/html/public
-        read_only: true
+      - ./nginx:/etc/nginx/conf.d:ro
+      - app_storage:/var/www/html/storage:ro
+      - image_public:/var/www/html/public:ro
     networks:
       - app-network
     depends_on:
       - app
-    deploy:
-      resources:
-        limits:
-          memory: 128M
     logging: *default-logging
 
   mysql:
@@ -68,14 +59,19 @@ services:
     networks:
       - app-network
     healthcheck:
-      test: ["CMD", "mysqladmin", "ping", "-h", "localhost", "-u${MYSQL_USER}", "-p${MYSQL_PASSWORD}"]
+      test:
+        [
+          "CMD",
+          "mysqladmin",
+          "ping",
+          "-h",
+          "localhost",
+          "-u${MYSQL_USER}",
+          "-p${MYSQL_PASSWORD}",
+        ]
       interval: 10s
       timeout: 5s
       retries: 5
-    deploy:
-      resources:
-        limits:
-          memory: 1G
     logging: *default-logging
 
   redis:
@@ -90,10 +86,6 @@ services:
       interval: 10s
       timeout: 5s
       retries: 5
-    deploy:
-      resources:
-        limits:
-          memory: 256M
     logging: *default-logging
 
 networks:
@@ -103,13 +95,11 @@ networks:
 volumes:
   app_storage:
     driver: local
-  app_public:
-    driver: local
   app_cache:
     driver: local
   mysql_data:
     driver: local
   redis_data:
     driver: local
-  public_files:  
-    driver: local
+  image_public:
+    driver: local

debian/nginx/invoiceninja.conf

@@ -0,0 +1,9 @@
+client_max_body_size 100M;
+client_body_buffer_size 100M;
+
+fastcgi_buffer_size 16k;
+fastcgi_buffers 4 16k;
+
+gzip on;
+
+server_tokens off;

debian/nginx/laravel.conf

@@ -1,38 +1,33 @@
 server {
-
-    error_log  /var/log/nginx/error.log debug;
-    access_log /var/log/nginx/access.log;
-
     listen 80 default_server;
-    server_name _;
-    
-    server_tokens off;
-    
-    client_max_body_size 100M;
-
+    server_name _;   
     root /var/www/html/public;
-    index index.php;
 
+    add_header X-Frame-Options "SAMEORIGIN";
+    add_header X-Content-Type-Options "nosniff";
+
+    index index.php;
+ 
+    charset utf-8;
+ 
     location / {
         try_files $uri $uri/ /index.php?$query_string;
     }
-
+ 
     location = /favicon.ico { access_log off; log_not_found off; }
     location = /robots.txt  { access_log off; log_not_found off; }
-
-
-    location ~* /storage/.*\.php$ {
-        return 503;
-    }
+ 
+    error_page 404 /index.php;
 
     location ~ \.php$ {
-        fastcgi_split_path_info ^(.+\.php)(/.+)$;
         fastcgi_pass app:9000;
-        fastcgi_index index.php;
+        fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;
         include fastcgi_params;
-        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
-        fastcgi_intercept_errors off;
         fastcgi_buffer_size 16k;
         fastcgi_buffers 4 16k;
     }
+
+    location ~ /\.(?!well-known).* {
+        deny all;
+    }
 }

debian/nginx/nginx.conf

@@ -1,26 +0,0 @@
-user nginx;
-worker_processes auto;
-error_log /var/log/nginx/error.log notice;
-pid /var/run/nginx.pid;
-
-events {
-    worker_connections 1024;
-}
-
-http {
-    include /etc/nginx/mime.types;
-    default_type application/octet-stream;
-
-    log_format main '$remote_addr - $remote_user [$time_local] "$request" '
-                    '$status $body_bytes_sent "$http_referer" '
-                    '"$http_user_agent" "$http_x_forwarded_for"';
-
-    access_log /var/log/nginx/access.log main;
-    error_log /var/log/nginx/error.log;
-
-    sendfile on;
-    keepalive_timeout 65;
-    gzip on;
-
-    include /etc/nginx/conf.d/*.conf;
-}

debian/php/php-fpm.conf

@@ -1,9 +1,2 @@
 [www]
-user = www-data
-group = www-data
-listen = 0.0.0.0:9000
-pm = dynamic
-pm.max_children = 5
-pm.start_servers = 2
-pm.min_spare_servers = 1
-pm.max_spare_servers = 3
+pm.max_children = 10

debian/php/php.ini

@@ -1,13 +1,8 @@
-session.auto_start = Off
-short_open_tag = Off
-
-error_reporting = E_ALL & ~E_NOTICE & ~E_WARNING & ~E_STRICT & ~E_DEPRECATED
+memory_limit=512M
 
 opcache.enable=1
 opcache.preload=/var/www/html/preload.php
 opcache.preload_user=www-data
-
-; ; The OPcache shared memory storage size.
 opcache.max_accelerated_files=300000
 opcache.validate_timestamps=1
 opcache.revalidate_freq=30
@@ -15,7 +10,5 @@ opcache.jit_buffer_size=256M
 opcache.jit=1205
 opcache.memory_consumption=1024M
 
-
 post_max_size = 60M
 upload_max_filesize = 50M
-memory_limit=512M

debian/rootfs/docker-entrypoint-init.d/10-init-in.sh

@@ -3,11 +3,11 @@
 php artisan db:seed --force
 
 # Build up array of arguments...
-if [[ ! -z "${IN_USER_EMAIL}" ]]; then
+if [ ! -z "${IN_USER_EMAIL}" ]; then
     email="--email ${IN_USER_EMAIL}"
 fi
 
-if [[ ! -z "${IN_PASSWORD}" ]]; then
+if [ ! -z "${IN_PASSWORD}" ]; then
     password="--password ${IN_PASSWORD}"
 fi
 

debian/scripts/init.sh

@@ -36,20 +36,39 @@ mkdir -p \
     /var/www/html/storage/framework/sessions \
     /var/www/html/storage/framework/views \
     /var/www/html/storage/logs \
-    /var/www/html/public/uploads
+    /var/www/html/public/storage
 
 # Set directory permissions without changing ownership
 chmod -R 775 \
     /var/www/html/storage \
     /var/www/html/bootstrap/cache \
-    /var/www/html/public/uploads
+    /var/www/html/public/storage
+
+chown -R www-data:www-data /var/www/html/storage
+
+# Ensure symlink for storage/app/public
+if [ ! -L /var/www/html/public/storage ]; then
+  echo "Creating symlink for storage/app/public..."
+  ln -sfn /var/www/html/storage/app/public /var/www/html/public/storage
+fi
+
+# Clean the existing public/ directory but exclude .js and .css files
+if [ -d /var/www/html/public ]; then
+  echo "Cleaning up stale files in public/ directory, retaining .js and .css files..."
+  find /var/www/html/public -type f ! -name '*.js' ! -name '*.css' -exec rm -f {} \;
+fi
+
+# Copy the public/ directory from the image to the mounted volume
+echo "Copying public/ directory from image to volume..."
+cp -r /image-original/public/* /var/www/html/public/
+
 
 # Clear and cache config in production
 if [ "$APP_ENV" = "production" ]; then
-    php artisan config:cache
-    php artisan optimize
-    php artisan package:discover
-    php artisan migrate --force
+    gosu www-data php artisan config:cache
+    gosu www-data php artisan optimize
+    gosu www-data php artisan package:discover
+    gosu www-data php artisan migrate --force
 
     echo "Checking initialization status..."
 

debian/supervisor/supervisord.conf

@@ -33,11 +33,9 @@ stopasgroup=true
 killasgroup=true
 user=www-data
 numprocs=2
-redirect_stderr=true
-stdout_logfile=/dev/stdout
-stdout_logfile_maxbytes=0
-stderr_logfile=/dev/stderr
-stderr_logfile_maxbytes=0
+environment=HOME="/var/www"
+stdout_logfile=/var/log/php-worker.log
+stderr_logfile=/var/log/php-worker.err.log
 stopwaitsecs=3600
 
 [program:scheduler]
@@ -45,7 +43,6 @@ command=/bin/sh -c "while [ true ]; do (php /var/www/html/artisan schedule:run -
 autostart=true
 autorestart=true
 user=www-data
-redirect_stderr=true
 stdout_logfile=/dev/stdout
 stdout_logfile_maxbytes=0
 stderr_logfile=/dev/stderr