Skip to content
Snippets Groups Projects
Commit a3c320c1 authored by Andrey Postnikov's avatar Andrey Postnikov
Browse files

Minimize php:8.1-apache image #3387737

parent 7b20314e
Branches
Tags
No related merge requests found
Pipeline #156898 canceled
Stage: build
Hide whitespace changes
Inline Side-by-side
php/8.1-apache/Dockerfile
+ 222
179
View file @ a3c320c1
######
# Base
######
FROM debian:bullseye-slim
ARG THE_BASE_IMAGE=debian:bullseye-slim
ARG PHPIZE_DEPS="autoconf file g++ gcc make pkg-config re2c"
ARG PHP_CFLAGS="-O2 -g"
ENV DRUPALCI TRUE
ENV TERM xterm
FROM ${THE_BASE_IMAGE} as builder
######
# Apache Setup
######
RUN apt-get update && apt-get install -y apache2 --no-install-recommends && rm -rf /var/lib/apt/lists/*
RUN set -ex \
\
&& sed -ri 's/^export ([^=]+)=(.*)$/: ${\1:=\2}\nexport \1/' /etc/apache2/envvars \
&& sed -i 's/Require local/#Require local/' /etc/apache2/mods-available/status.conf \
\
&& . /etc/apache2/envvars \
&& echo "ServerName localhost" >> /etc/apache2/apache2.conf \
&& for dir in \
"$APACHE_LOCK_DIR" \
"$APACHE_RUN_DIR" \
"$APACHE_LOG_DIR" \
/var/www/html \
/var/www/apc \
; do \
rm -rvf "$dir" \
&& mkdir -p "$dir" \
&& chown -R "$APACHE_RUN_USER:$APACHE_RUN_GROUP" "$dir"; \
done
# Apache + PHP requires preforking Apache for best results
RUN a2dismod mpm_event && a2enmod mpm_prefork
ENV DRUPALCI=TRUE TERM=xterm
# PHP files should be handled by PHP, and should be preferred over any other file type
RUN { \
echo '<FilesMatch \.php$>'; \
echo '\tSetHandler application/x-httpd-php'; \
echo '</FilesMatch>'; \
echo; \
echo 'DirectoryIndex disabled'; \
echo 'DirectoryIndex index.php index.html'; \
echo; \
echo '<Directory /var/www/>'; \
echo '\tOptions -Indexes'; \
echo '\tAllowOverride All'; \
echo '</Directory>'; \
} | tee /etc/apache2/conf-available/docker-php.conf \
&& a2enconf docker-php
COPY ./conf/apache2/vhost.conf /etc/apache2/sites-available/drupal.conf
COPY ./apache2-foreground /usr/local/bin/
RUN a2enmod expires headers rewrite \
&& a2dissite 000-default.conf \
&& a2ensite drupal
#######
# Php Setup
#########
# Php build
######
RUN echo "deb http://deb.debian.org/debian bullseye-backports main" | tee /etc/apt/sources.list.d/bullseye-backports.list
RUN echo "deb http://deb.debian.org/debian buster main" | tee /etc/apt/sources.list.d/buster.list
RUN apt-get update && apt-get install -y --no-install-recommends --allow-downgrades \
autoconf \
ca-certificates \
curl \
file \
g++ \
gcc \
gdb \
gnupg2 \
libc-dev \
libedit2 \
libsqlite3-0 \
libxml2 \
make \
pkg-config \
re2c \
rsync \
unzip \
xz-utils \
&& rm -rf /var/lib/apt/lists/*
RUN mkdir -p /usr/local/etc/php/conf.d
ENV PHP_CFLAGS="-O2 -g"
ENV PHP_CPPFLAGS="$PHP_CFLAGS"
ENV PHP_LDFLAGS=""
ENV GPG_KEYS 1729F83938DA44E27BA0F4D3DBDB397470D12172 B1B44D8F021E4E2D6021E995DC9FF8D3EE5AF27F 0B96609E270F565C13292B24C13C70B87267B52D 0BD78B5F97500D450838F95DFE857D9A90D90EC1 F38252826ACD957EF380D39F2F7956BC5DA04B5D 6E4F6AB321FDC07F2C332E3AC2BF0BC433CFC8B3 1A4E8B7277C42E53DBA9C7B9BCAA30EA9C0D5763 A917B1ECDA84AEC2B568FED6F50ABC807BD5DCD0 528995BFEDFBA7191D46839EF9BA0ADA31CBD89E 0A95E9A026542D53835E3F3A7DEC4E69FC9C83D7 CBAF69F173A0FEA4B537F470D66C9593118BCCB6 42670A7FE4D0441C8E4632349E4FDC074A4EF02D 5A52880781F755608BF815FC910DEB46F53EA312
# PHP Version
ENV PHP_VERSION 8.1.28
ENV PHP_URL="https://secure.php.net/get/php-${PHP_VERSION}.tar.xz/from/this/mirror" PHP_ASC_URL="https://secure.php.net/get/php-${PHP_VERSION}.tar.xz.asc/from/this/mirror"
ENV PHP_URL="https://php.net/distributions/php-${PHP_VERSION}.tar.xz"
ENV PHP_SHA256_HASH="95d0b2e9466108fd750dab5c30a09e5c67f5ad2cb3b1ffb3625a038a755ad080 php.tar.xz"
RUN set -xe; \
\
fetchDeps=' \
wget \
'; \
apt-get update; \
apt-get install -y --no-install-recommends --allow-downgrades $fetchDeps; \
rm -rf /var/lib/apt/lists/*; \
\
mkdir -p /usr/src; \
cd /usr/src; \
\
wget -O php.tar.xz "$PHP_URL"; \
\
if [ -n "$PHP_ASC_URL" ]; then \
wget -O php.tar.xz.asc "$PHP_ASC_URL"; \
#export GNUPGHOME="$(mktemp -d)"; \
#for key in $`GPG_KEYS'; do \
# Since the keyservers are completly unreliable, I have to comment them out. I guess we might get malware.
#gpg --keyserver KEY_SERVER --recv-keys "$key"; \
#done; \
#gpg --batch --verify php.ARCHIVE_EXTENSION.asc php.ARCHIVE_EXTENSION; \
#rm -r "$GNUPGHOME"; \
fi; \
\
apt-get purge -y --auto-remove $fetchDeps
COPY docker-php-source /usr/local/bin/
ARG PHPIZE_DEPS
ARG PHP_CFLAGS
ENV PHP_CFLAGS="$PHP_CFLAGS"
ENV PHP_CPPFLAGS="$PHP_CFLAGS"
ENV PHP_LDFLAGS=""
RUN set -xe \
&& buildDeps=" \
apache2-dev \
RUN set -xe &&\
echo 'APT::Install-Recommends "0";' >/etc/apt/apt.conf.d/99norecommends &&\
\
apt-get update && apt-get install -qy --no-install-recommends \
ca-certificates curl &&\
\
mkdir -p /usr/src &&\
cd /usr/src &&\
\
curl -LS -o php.tar.xz "$PHP_URL" &&\
\
echo $PHP_SHA256_HASH | sha256sum -c &&\
\
buildDeps=" \
apache2-dev apache2 \
libcurl4-openssl-dev \
libedit-dev \
libfreetype6-dev \
......@@ -133,14 +46,9 @@ RUN set -xe \
libjpeg62-turbo-dev \
libonig-dev \
libkrb5-dev \
libpng-dev \
zlib1g-dev \
libpng-dev \
libwebp-dev \
libavif-dev/bullseye-backports \
libavif13/bullseye-backports \
libaom3/bullseye-backports \
libsqlite3-dev/buster \
libpq-dev \
libssl-dev \
libtidy-dev \
......@@ -149,22 +57,42 @@ RUN set -xe \
libyaml-dev \
libzip-dev \
ncurses-dev \
" \
&& apt-get update && apt-get install -y $buildDeps --no-install-recommends --allow-downgrades && rm -rf /var/lib/apt/lists/* \
\
&& docker-php-source extract \
&& cd /usr/src/php \
&& export CFLAGS="-O2 -g" \
CPPFLAGS="-O2 -g" \
LDFLAGS="" \
&& ./configure \
--with-config-file-path=/usr/local/etc/php \
--with-config-file-scan-dir=/usr/local/etc/php/conf.d \
--enable-ftp \
--enable-mbstring \
--enable-mysqlnd \
--with-curl \
--with-libedit \
" &&\
apt-get install -qy $PHPIZE_DEPS $buildDeps --no-install-recommends --allow-downgrades &&\
\
echo "deb http://deb.debian.org/debian bullseye-backports main" | tee /etc/apt/sources.list.d/bullseye-backports.list &&\
echo "deb http://deb.debian.org/debian buster main" | tee /etc/apt/sources.list.d/buster.list &&\
\
apt-get update && apt-get install -qy --no-install-recommends --allow-downgrades \
libavif-dev/bullseye-backports \
libavif13/bullseye-backports \
libaom3/bullseye-backports \
libsqlite3-dev/buster \
&&\
rm -rf /var/lib/apt/lists/*
COPY ./conf/php/php.ini /usr/local/etc/php/php.ini
COPY ./conf/php/php-cli.ini /usr/local/etc/php/php-cli.ini
COPY ./docker-php-* /usr/local/bin/
RUN set -xe &&\
buildDir="/usr/src/php" &&\
mkdir -p /usr/local/etc/php/conf.d &&\
\
mkdir "$buildDir" &&\
tar -Jxf /usr/src/php.tar.xz -C "$buildDir" --strip-components=1 &&\
cd "$buildDir" &&\
CFLAGS="$PHP_CFLAGS" \
CPPFLAGS="$PHP_CPPFLAGS" \
LDFLAGS="$PHP_LDFLAGS" \
./configure \
--with-config-file-path=/usr/local/etc/php \
--with-config-file-scan-dir=/usr/local/etc/php/conf.d \
--enable-ftp \
--enable-mbstring \
--enable-mysqlnd \
--with-curl \
--with-libedit \
--with-zlib \
--with-kerberos \
--with-openssl \
......@@ -172,10 +100,8 @@ RUN set -xe \
--with-pdo-mysql=mysqlnd \
--with-pdo-sqlite \
--with-pdo-pgsql \
--enable-phpdbg \
--with-readline \
--with-freetype \
--with-zlib-dir \
--with-jpeg \
--with-xsl \
--with-tidy \
......@@ -189,7 +115,6 @@ RUN set -xe \
--with-zip \
--enable-soap \
--enable-sysvsem \
--enable-cgi \
--enable-sysvshm \
--enable-shmop \
--enable-pcntl \
......@@ -198,57 +123,175 @@ RUN set -xe \
--enable-intl \
--enable-opcache \
--with-apxs2 \
&& make -j "$(nproc)" \
&& make install \
&& make clean
--disable-cgi \
--disable-phpdbg \
&&\
make -j "$(nproc)" &&\
make install &&\
cd / && rm -fr "$buildDir"
# install pecl extensions for apcu, pcov, xdebug, and yaml
RUN pecl channel-update pecl.php.net &&\
pecl install APCu-5.1.23 pcov-1.0.11 xdebug-3.3.2 yaml-2.2.3 \
&&\
# stript .debug files out of executables
echo '\
for file in "$@"; do \
objcopy --only-keep-debug "$file" "$file".debug; \
strip --strip-debug --strip-unneeded "$file"; \
objcopy --add-gnu-debuglink="$file".debug "$file"; \
done' > /strip.sh; \
sh strip.sh \
/usr/lib/apache2/modules/libphp.so \
/usr/local/bin/php \
$(php -r 'echo ini_get("extension_dir");')/*.so
COPY docker-php-ext-* docker-php-entrypoint /usr/local/bin/
# install pecl extensions for apcu, pcov, xdebug, and yaml
RUN docker-php-ext-pecl-install APCu-5.1.23 yaml-2.2.3 \
&& pecl install pcov-1.0.11 xdebug-3.3.2 \
&& apt-get update \
&& apt-get install -y default-mysql-client postgresql-client sudo git sqlite3/buster --allow-downgrades --no-install-recommends \
&& rm -rf /var/lib/apt/lists/*
#########
# Php Setup
######
FROM ${THE_BASE_IMAGE}
COPY ./conf/php/php.ini /usr/local/etc/php/php.ini
COPY ./conf/php/php-cli.ini /usr/local/etc/php/php-cli.ini
ENV DRUPALCI=TRUE TERM=xterm
COPY --from=builder /usr/local /usr/local
COPY --from=builder /usr/lib/apache2/modules/libphp.so /usr/lib/apache2/modules/libphp.so.debug /usr/lib/apache2/modules/
COPY --from=builder /etc/apache2/mods-enabled/php.load /etc/apache2/mods-enabled/php.load
COPY --from=builder /etc/apache2/mods-available/php.load /etc/apache2/mods-available/php.load
RUN set -xe &&\
echo 'APT::Install-Recommends "0";' >/etc/apt/apt.conf.d/99norecommends ;\
buildDeps=" \
libedit2 \
libfreetype6 \
libicu67 \
libjpeg62-turbo \
libonig5 \
libkrb5-3 \
libpng16-16 \
zlib1g \
libwebp6 \
libpq5 \
libtidy5deb1 \
libyaml-0-2 \
libxml2 \
libxslt1.1 \
libzip4 \
libncurses6 \
" &&\
runDeps=" \
apache2 \
bzip2 \
curl ca-certificates gnupg2 \
default-mysql-client postgresql-client sudo git sqlite3 \
patch \
rsync \
unzip \
xz-utils \
" &&\
apt-get update && \
apt-get install -y --no-install-recommends $buildDeps $runDeps &&\
\
echo "deb http://deb.debian.org/debian bullseye-backports main" | tee /etc/apt/sources.list.d/bullseye-backports.list &&\
echo "deb http://deb.debian.org/debian buster main" | tee /etc/apt/sources.list.d/buster.list &&\
\
apt-get update && apt-get install -qy --no-install-recommends --allow-downgrades \
libavif13/bullseye-backports \
libaom3/bullseye-backports \
libsqlite3-0/buster \
&&\
rm -rf /var/lib/apt/lists/*
# Install Composer, Drush
RUN curl -o /tmp/composer-setup.php https://getcomposer.org/installer \
&& curl -o /tmp/composer-setup.sig https://composer.github.io/installer.sig \
&& php -r "if (hash('SHA384', file_get_contents('/tmp/composer-setup.php')) !== trim(file_get_contents('/tmp/composer-setup.sig'))) { unlink('/tmp/composer-setup.php'); echo 'Invalid installer' . PHP_EOL; exit(1); }" \
&& php /tmp/composer-setup.php --filename composer --install-dir /usr/local/bin \
&& curl -Lo /usr/local/bin/drush https://github.com/drush-ops/drush/releases/download/8.3.5/drush.phar \
&& chmod +x /usr/local/bin/drush \
&& /usr/local/bin/drush --version
RUN curl -sSLo /tmp/composer-setup.php https://getcomposer.org/installer &&\
curl -sSLo /tmp/composer-setup.sig https://composer.github.io/installer.sig &&\
php -r "if (hash('SHA384', file_get_contents('/tmp/composer-setup.php')) !== trim(file_get_contents('/tmp/composer-setup.sig'))) { unlink('/tmp/composer-setup.php'); echo 'Invalid installer' . PHP_EOL; exit(1); }" &&\
php /tmp/composer-setup.php --filename composer --install-dir /usr/local/bin &&\
curl -sSLo /usr/local/bin/drush https://github.com/drush-ops/drush/releases/download/8.3.5/drush.phar &&\
chmod +x /usr/local/bin/drush &&\
/usr/local/bin/drush --version
# Install nodejs and yarn
RUN curl -fsSL https://deb.nodesource.com/gpgkey/nodesource-repo.gpg.key | gpg --dearmor -o /etc/apt/trusted.gpg.d/nodesource.gpg &&\
echo 'deb [signed-by=/etc/apt/trusted.gpg.d/nodesource.gpg] https://deb.nodesource.com/node_18.x nodistro main' | tee /etc/apt/sources.list.d/nodesource.list &&\
curl -sSLo /etc/apt/trusted.gpg.d/yarn.gpg.asc https://dl.yarnpkg.com/debian/pubkey.gpg &&\
echo "deb https://dl.yarnpkg.com/debian/ stable main" | tee /etc/apt/sources.list.d/yarn.list &&\
apt-get update &&\
apt-get install -qy nodejs yarn &&\
rm -rf /var/lib/apt/lists/*
# Install phantomjs, supervisor
RUN curl -SL "https://bitbucket.org/ariya/phantomjs/downloads/phantomjs-2.1.1-linux-x86_64.tar.bz2" -o /phantomjs-2.1.1-linux-x86_64.tar.bz2 \
&& tar -jxf /phantomjs-2.1.1-linux-x86_64.tar.bz2 -C / \
&& mv /phantomjs-2.1.1-linux-x86_64/bin/phantomjs /usr/bin/phantomjs \
&& rm -f /phantomjs-2.1.1-linux-x86_64.tar.bz2 \
&& rm -rf /phantomjs-2.1.1-linux-x86_64 \
&& chmod 755 /usr/bin/phantomjs \
&& apt-get update \
&& apt-get install -y supervisor fontconfig \
&& rm -rf /var/lib/apt/lists/*
RUN _file=phantomjs-2.1.1-linux-x86_64 &&\
curl -sSLo /$_file.tar.bz2 https://bitbucket.org/ariya/phantomjs/downloads/$_file.tar.bz2 &&\
tar -jxf /$_file.tar.bz2 -C / &&\
mv /$_file/bin/phantomjs /usr/bin/phantomjs &&\
rm -f /$_file.tar.bz2 &&\
rm -rf /$_file &&\
chmod 755 /usr/bin/phantomjs &&\
apt-get update &&\
apt-get install -y supervisor fontconfig &&\
rm -rf /var/lib/apt/lists/*
COPY ./conf/supervisor-phantomjs.conf /etc/supervisor/conf.d/phantomjs.conf
# Install node, yarn
RUN apt-get update \
&& apt-get install -y apt-transport-https ca-certificates \
&& rm -rf /var/lib/apt/lists/*
RUN curl -sS https://deb.nodesource.com/gpgkey/nodesource.gpg.key | apt-key add - \
&& echo "deb https://deb.nodesource.com/node_18.x bullseye main" | tee /etc/apt/sources.list.d/nodesource.list \
&& curl -sS https://dl.yarnpkg.com/debian/pubkey.gpg | apt-key add - \
&& echo "deb https://dl.yarnpkg.com/debian/ stable main" | tee /etc/apt/sources.list.d/yarn.list \
&& apt-get update \
&& apt-get install -y nodejs yarn \
&& rm -rf /var/lib/apt/lists/*
######
# Apache Setup
######
RUN set -ex \
\
&& sed -ri 's/^export ([^=]+)=(.*)$/: ${\1:=\2}\nexport \1/' /etc/apache2/envvars \
&& sed -i 's/Require local/#Require local/' /etc/apache2/mods-available/status.conf \
\
&& . /etc/apache2/envvars \
&& echo "ServerName localhost" >> /etc/apache2/apache2.conf \
&& for dir in \
"$APACHE_LOCK_DIR" \
"$APACHE_RUN_DIR" \
"$APACHE_LOG_DIR" \
/var/www/html \
/var/www/apc \
; do \
rm -rvf "$dir" \
&& mkdir -p "$dir" \
&& chown -R "$APACHE_RUN_USER:$APACHE_RUN_GROUP" "$dir"; \
done
COPY ./conf/apache2/vhost.conf /etc/apache2/sites-available/drupal.conf
COPY ./apache2-foreground /usr/local/bin/
# Apache + PHP requires preforking Apache for best results
RUN a2dismod mpm_event && a2enmod mpm_prefork &&\
a2enmod expires headers rewrite &&\
\
# PHP files should be handled by PHP, and should be preferred over any other file type
{ \
echo '<FilesMatch \.php$>'; \
echo '\tSetHandler application/x-httpd-php'; \
echo '</FilesMatch>'; \
echo; \
echo 'DirectoryIndex disabled'; \
echo 'DirectoryIndex index.php index.html'; \
echo; \
echo '<Directory /var/www/>'; \
echo '\tOptions -Indexes'; \
echo '\tAllowOverride All'; \
echo '</Directory>'; \
} | tee /etc/apache2/conf-available/docker-php.conf &&\
a2enconf docker-php &&\
a2dissite 000-default.conf &&\
a2ensite drupal
ARG PHPIZE_DEPS
ENV PHPIZE_DEPS=$PHPIZE_DEPS
ARG PHP_CFLAGS
ENV PHP_CFLAGS="$PHP_CFLAGS"
ENV PHP_CPPFLAGS="$PHP_CFLAGS"
ENV PHP_LDFLAGS=""
ENTRYPOINT ["docker-php-entrypoint"]
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment