Merge pull request #109 from shopware/add-nginx

feat: add nginx variant
shopware · Oct 14, 2024 · ef413dc · ef413dc
2 parents 2746ec5 + a66a18c
commit ef413dc
Show file tree

Hide file tree

Showing 6 changed files with 257 additions and 7 deletions.
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
@@ -140,7 +140,7 @@ jobs:
  caddy-otel:
  name: Build Caddy ${{ matrix.php }} with OpenTelemetry
  runs-on: ubuntu-latest
- needs: [fpm-otel, generate-matrix]
+ needs: [generate-matrix, fpm-otel]
  strategy: ${{ fromJson(needs.generate-matrix.outputs.matrix) }}
  steps:
  - name: Checkout
@@ -167,10 +167,81 @@ jobs:
  push: true
  provenance: false
 
+ nginx:
+ name: Build Nginx with ${{ matrix.php }}
+ runs-on: ubuntu-latest
+ needs: [generate-matrix, fpm]
+ strategy: ${{ fromJson(needs.generate-matrix.outputs.matrix) }}
+ steps:
+ - name: Checkout
+ uses: actions/checkout@v4
+
+ - name: Login into Docker Hub
+ if: github.ref == 'refs/heads/main'
+ run: echo "${{ secrets.DOCKER_HUB_PASSWORD }}" | docker login -u ${{ secrets.DOCKER_HUB_USERNAME }} --password-stdin
+
+ - name: Login into Github Docker Registery
+ run: echo "${{ secrets.GITHUB_TOKEN }}" | docker login ghcr.io -u ${{ github.actor }} --password-stdin
+
+ - name: Set up Docker Buildx
+ uses: docker/setup-buildx-action@v3
+
+ - name: Build and Push
+ uses: docker/build-push-action@v6
+ with:
+ tags: |
+ ${{ matrix.nginx-tags }}
+ context: nginx
+ cache-from: type=registry,ref=ghcr.io/shopware/docker-cache:${{ matrix.php }}-nginx
+ cache-to: type=registry,ref=ghcr.io/shopware/docker-cache:${{ matrix.php }}-nginx,mode=max
+ platforms: linux/amd64,linux/arm64
+ build-args: |
+ FPM_IMAGE=${{ matrix.fpm-image }}
+ push: true
+ provenance: false
+
+ nginx-otel:
+ name: Build Nginx with ${{ matrix.php }} with OpenTelemetry
+ runs-on: ubuntu-latest
+ needs: [generate-matrix, fpm-otel]
+ strategy: ${{ fromJson(needs.generate-matrix.outputs.matrix) }}
+ steps:
+ - name: Checkout
+ uses: actions/checkout@v4
+
+ - name: Login into Docker Hub
+ if: github.ref == 'refs/heads/main'
+ run: echo "${{ secrets.DOCKER_HUB_PASSWORD }}" | docker login -u ${{ secrets.DOCKER_HUB_USERNAME }} --password-stdin
+
+ - name: Login into Github Docker Registery
+ run: echo "${{ secrets.GITHUB_TOKEN }}" | docker login ghcr.io -u ${{ github.actor }} --password-stdin
+
+ - name: Set up Docker Buildx
+ uses: docker/setup-buildx-action@v3
+
+ - name: Build and Push
+ uses: docker/build-push-action@v6
+ with:
+ tags: |
+ ${{ matrix.nginx-tags-otel }}
+ context: nginx
+ cache-from: type=registry,ref=ghcr.io/shopware/docker-cache:${{ matrix.php }}-nginx-otel
+ cache-to: type=registry,ref=ghcr.io/shopware/docker-cache:${{ matrix.php }}-nginx-otel,mode=max
+ platforms: linux/amd64,linux/arm64
+ build-args: |
+ FPM_IMAGE=${{ matrix.fpm-image }}-otel
+ push: true
+ provenance: false
+
  check:
- name: Test Image
+ name: Test Image with Webserver ${{ matrix.webserver }}
  runs-on: ubuntu-latest
- needs: [caddy]
+ needs: [caddy, nginx]
+ strategy:
+ matrix:
+ webserver:
+ - caddy
+ - nginx
  steps:
  - name: Set up Docker Buildx
  uses: docker/setup-buildx-action@v3
@@ -188,7 +259,7 @@ jobs:
 
  - name: Build PR
  if: github.ref != 'refs/heads/main'
- run: docker compose build --build-arg BASE_IMAGE=ghcr.io/shopware/docker-base-ci-test:${{ github.run_id }}-8.3-caddy
+ run: docker compose build --build-arg BASE_IMAGE=ghcr.io/shopware/docker-base-ci-test:${{ github.run_id }}-8.3-${{ matrix.webserver}}
  env:
  DOCKER_BUILDKIT: 0
 
@@ -213,10 +284,13 @@ jobs:
  sleep 5
  done
 
- - name: Check if shopware is running
+ - name: Check if shopware admin is running
  run: curl --fail localhost:8000/admin
 
+ - name: Check if shopware is running
+ run: curl --fail localhost:8000
+
  # output logs if failed
  - name: Output logs
  run: docker compose logs
- if: ${{ failure() }}
+ if: ${{ always() }}
diff --git a/caddy/rootfs/etc/supervisord.conf b/caddy/rootfs/etc/supervisord.conf
@@ -2,6 +2,7 @@
 nodaemon=true
 logfile=/dev/stderr
 logfile_maxbytes=0
+pidfile=/tmp/supervisord.pid
 
 [program:php-fpm]
 command=/usr/local/sbin/php-fpm
@@ -13,4 +14,4 @@ stdout_logfile_maxbytes=0
 command=/usr/sbin/caddy run --config /etc/caddy/Caddyfile --adapter caddyfile
 redirect_stderr=true
 stdout_logfile=/dev/stderr
-stdout_logfile_maxbytes=0
+stdout_logfile_maxbytes=0
diff --git a/matrix.php b/matrix.php
@@ -90,6 +90,16 @@ function get_digest_of_image(string $imageName, string $tag): string {
  'ghcr.io/shopware/docker-base' . $imageSuffix . ':' . $imageTagPrefix . $patchVersion['version'] . '-caddy-otel',
  ];
 
+ $nginxImages = [
+ 'ghcr.io/shopware/docker-base' . $imageSuffix . ':' . $imageTagPrefix . $supportedVersion . '-nginx',
+ 'ghcr.io/shopware/docker-base' . $imageSuffix . ':' . $imageTagPrefix . $patchVersion['version'] . '-nginx',
+ ];
+
+ $nginxImagesOtel = [
+ 'ghcr.io/shopware/docker-base' . $imageSuffix . ':' . $imageTagPrefix . $supportedVersion . '-nginx-otel',
+ 'ghcr.io/shopware/docker-base' . $imageSuffix . ':' . $imageTagPrefix . $patchVersion['version'] . '-nginx-otel',
+ ];
+
  $fpmImages = [
  'ghcr.io/shopware/docker-base' . $imageSuffix . ':' . $imageTagPrefix . $supportedVersion . '-fpm',
  'ghcr.io/shopware/docker-base' . $imageSuffix . ':' . $imageTagPrefix . $patchVersion['version'] . '-fpm'
@@ -113,6 +123,16 @@ function get_digest_of_image(string $imageName, string $tag): string {
  'shopware/docker-base:' . $imageTagPrefix . $patchVersion['version'] . '-caddy-otel',
  ]);
 
+ $nginxImages = array_merge($nginxImages, [
+ 'shopware/docker-base:' . $imageTagPrefix . $supportedVersion . '-nginx',
+ 'shopware/docker-base:' . $imageTagPrefix . $patchVersion['version'] . '-nginx',
+ ]);
+
+ $nginxImagesOtel = array_merge($nginxImagesOtel, [
+ 'shopware/docker-base:' . $imageTagPrefix . $supportedVersion . '-nginx-otel',
+ 'shopware/docker-base:' . $imageTagPrefix . $patchVersion['version'] . '-nginx-otel',
+ ]);
+
  $fpmImages = array_merge($fpmImages, [
  'shopware/docker-base:' . $imageTagPrefix . $supportedVersion . '-fpm',
  'shopware/docker-base:' . $imageTagPrefix . $patchVersion['version'] . '-fpm'
@@ -133,6 +153,8 @@ function get_digest_of_image(string $imageName, string $tag): string {
  'fpm-tags-otel' => implode("\n", $fpmImagesOtel),
  'caddy-tags' => implode("\n", $caddyImages),
  'caddy-tags-otel' => implode("\n", $caddyImagesOtel),
+ 'nginx-tags' => implode("\n", $nginxImages),
+ 'nginx-tags-otel' => implode("\n", $nginxImagesOtel),
  'scan-tag' => $caddyImages[0],
  'scan-to' => 'ghcr.io/shopware/docker-base:'.$supportedVersion,
  ];

diff --git a/nginx/Dockerfile b/nginx/Dockerfile
@@ -0,0 +1,20 @@
+#syntax=docker/dockerfile:1.4
+
+ARG FPM_IMAGE=ghcr.io/shopware/docker-base:8.3.1-fpm
+
+FROM ${FPM_IMAGE}
+
+USER root
+
+RUN apk add --no-cache nginx supervisor
+
+USER www-data
+
+COPY --link rootfs /
+
+EXPOSE 8000
+WORKDIR /var/www/html
+
+ENV FPM_LISTEN=/tmp/php-fpm.sock
+
+ENTRYPOINT [ "/usr/bin/supervisord", "-c", "/etc/supervisord.conf" ]
diff --git a/nginx/rootfs/etc/nginx/nginx.conf b/nginx/rootfs/etc/nginx/nginx.conf
@@ -0,0 +1,116 @@
+worker_processes auto;
+pid /tmp/nginx.pid;
+daemon off;
+error_log stderr warn;
+pcre_jit on;
+
+events {
+ worker_connections 1024;
+}
+
+http {
+ client_body_temp_path /tmp/client_body_temp;
+ proxy_temp_path /tmp/proxy_temp;
+ fastcgi_temp_path /tmp/fastcgi_temp;
+ uwsgi_temp_path /tmp/uwsgi_temp;
+ scgi_temp_path /tmp/scgi_temp;
+ error_log /dev/fd/2 warn;
+ client_max_body_size 8M;
+ server_tokens off;
+ sendfile on;
+ tcp_nopush on;
+
+ log_format json_combined escape=json
+ '{'
+ '"time_local":"$time_local",'
+ '"remote_addr":"$remote_addr",'
+ '"remote_user":"$remote_user",'
+ '"request":"$request",'
+ '"status": "$status",'
+ '"body_bytes_sent":"$body_bytes_sent",'
+ '"request_time":"$request_time",'
+ '"http_referrer":"$http_referer",'
+ '"http_user_agent":"$http_user_agent"'
+ '}';
+
+ access_log /dev/fd/1 json_combined;
+
+ server {
+ listen 8000;
+ server_name localhost;
+
+ root /var/www/html/public;
+ index index.php;
+ include /etc/nginx/mime.types;
+
+ # Deny access to . (dot) files
+ location ~ /\. {
+ deny all;
+ }
+
+ # Deny access to .php files in public directories
+ location ~ ^/(media|thumbnail|theme|bundles|sitemap).*\.php$ {
+ deny all;
+ }
+
+ location ~ ^/(theme|media|thumbnail|bundles|css|fonts|js|recovery|sitemap)/ {
+ expires 1y;
+ add_header Cache-Control "public, must-revalidate, proxy-revalidate";
+ log_not_found off;
+ tcp_nodelay off;
+ open_file_cache max=3000 inactive=120s;
+ open_file_cache_valid 45s;
+ open_file_cache_min_uses 2;
+ open_file_cache_errors off;
+
+ location ~* ^.+\.svg {
+ add_header Content-Security-Policy "script-src 'none'";
+ add_header Cache-Control "public, must-revalidate, proxy-revalidate";
+ log_not_found off;
+ }
+ }
+
+ location ~* ^.+\.(?:css|cur|js|jpe?g|gif|ico|png|svg|webp|html|woff|woff2|xml)$ {
+ expires 1y;
+ add_header Cache-Control "public, must-revalidate, proxy-revalidate";
+
+ access_log off;
+
+ # The directive enables or disables messages in error_log about files not found on disk.
+ log_not_found off;
+
+ tcp_nodelay off;
+
+ ## Set the OS file cache.
+ open_file_cache max=3000 inactive=120s;
+ open_file_cache_valid 45s;
+ open_file_cache_min_uses 2;
+ open_file_cache_errors off;
+
+ try_files $uri /index.php$is_args$args;
+ }
+
+ location ~* ^.+\.svg$ {
+ add_header Content-Security-Policy "script-src 'none'";
+ }
+
+ location / {
+ try_files $uri /index.php$is_args$args;
+ }
+
+ location ~ \.php$ {
+ fastcgi_split_path_info ^(.+\.php)(/.+)$;
+ include fastcgi.conf;
+ fastcgi_buffers 8 16k;
+ fastcgi_buffer_size 32k;
+ fastcgi_read_timeout 300s;
+ client_body_buffer_size 128k;
+ fastcgi_pass unix:/tmp/php-fpm.sock;
+ }
+
+ gzip on;
+ gzip_min_length 1000;
+ gzip_proxied expired no-cache no-store private auth;
+ gzip_types text/plain text/css application/javascript application/x-javascript text/xml application/xml application/xml+rss text/javascript application/atom+xml application/json application/vnd.api+json application/rss+xml application/vnd.ms-fontobject application/x-font-opentype application/x-font-truetype application/x-font-ttf application/xhtml+xml font/eot font/opentype font/otf font/truetype image/svg+xml image/vnd.microsoft.icon;
+ }
+}
diff --git a/nginx/rootfs/etc/supervisord.conf b/nginx/rootfs/etc/supervisord.conf
@@ -0,0 +1,17 @@
+[supervisord]
+nodaemon=true
+logfile=/dev/stderr
+logfile_maxbytes=0
+pidfile=/tmp/supervisord.pid
+
+[program:php-fpm]
+command=/usr/local/sbin/php-fpm
+redirect_stderr=true
+stdout_logfile=/dev/stderr
+stdout_logfile_maxbytes=0
+
+[program:nginx]
+command=/usr/sbin/nginx -e /tmp/error.log
+redirect_stderr=true
+stdout_logfile=/dev/stderr
+stdout_logfile_maxbytes=0