diff --git a/.bunnyshell/rdev.yaml b/.bunnyshell/rdev.yaml new file mode 100755 index 0000000000..951c7f9154 --- /dev/null +++ b/.bunnyshell/rdev.yaml @@ -0,0 +1,17 @@ +profiles: + php_dev: + command: ["php-fpm"] + syncPaths: + - remotePath: /srv/sylius + localPath: .. + portForwards: + - "9003<9003" + environment: + ENV: test + resources: + requests: + cpu: 500m + memory: 500Mi + limits: + cpu: 2000m + memory: 2Gi diff --git a/.bunnyshell/templates/dev/bunnyshell.yaml b/.bunnyshell/templates/dev/bunnyshell.yaml new file mode 100644 index 0000000000..5c3a63ea38 --- /dev/null +++ b/.bunnyshell/templates/dev/bunnyshell.yaml @@ -0,0 +1,183 @@ +kind: Environment +name: 'Sylius dev' +type: primary +environmentVariables: + MYSQL_DATABASE: sylius + MYSQL_PASSWORD: nopassword + MYSQL_ROOT_PASSWORD: nopassword + MYSQL_USER: sylius +components: + - + kind: SidecarContainer + name: nginx + gitRepo: 'https://github.com/bunnyshell/Sylius-Standard.git' + gitBranch: '1.12' + gitApplicationPath: / + dockerCompose: + build: + context: . + target: sylius_nginx_bunnyshell + environment: + FPM_HOST: localhost + ports: + - '80:80' + volumes: + - + name: public-media + mount: /srv/sylius/public/media + subPath: '' + - + kind: SidecarContainer + name: node + gitRepo: 'https://github.com/bunnyshell/Sylius-Standard.git' + gitBranch: '1.12' + gitApplicationPath: / + dockerCompose: + build: + context: . + target: sylius_node + command: + - yarn + - watch + environment: + GULP_ENV: dev + PHP_HOST: localhost + PHP_PORT: '9000' + ports: + - '35729:35729' + volumes: + - + name: public-media + mount: /srv/sylius/public/media + subPath: '' + - + kind: InitContainer + name: init-migrations + gitRepo: 'https://github.com/bunnyshell/Sylius-Standard.git' + gitBranch: '1.12' + gitApplicationPath: / + dockerCompose: + build: + context: . + target: sylius_migrations_dev + environment: + APP_DEBUG: '1' + APP_ENV: dev + APP_SECRET: EDITME + BASE_DOMAIN: '{{ components.php.ingress.hosts[0] }}' + DATABASE_URL: 'mysql://{{ env.vars.MYSQL_USER }}:{{ env.vars.MYSQL_PASSWORD }}@mysql/{{ env.vars.MYSQL_DATABASE }}' + LOAD_FIXTURES: '1' + PHP_DATE_TIMEZONE: UTC + volumes: + - + name: public-media + mount: /srv/sylius/public/media + subPath: '' + - + kind: Application + name: php + gitRepo: 'https://github.com/bunnyshell/Sylius-Standard.git' + gitBranch: '1.12' + gitApplicationPath: / + dockerCompose: + build: + context: . + target: sylius_php_dev_bunnyshell + environment: + APP_DEBUG: '1' + APP_ENV: dev + APP_SECRET: EDITME + DATABASE_URL: 'mysql://{{ env.vars.MYSQL_USER }}:{{ env.vars.MYSQL_PASSWORD }}@mysql/{{ env.vars.MYSQL_DATABASE }}' + MAILER_DSN: 'smtp://mailhog:1025' + PHP_DATE_TIMEZONE: UTC + ports: + - '9000:9000' + - '80:80' + pod: + init_containers: + - + from: init-migrations + name: init-migrations + shared_paths: + - + path: /srv/sylius + target: + path: /srv/sylius + container: '@parent' + initial_contents: '@target' + sidecar_containers: + - + from: node + name: node + shared_paths: + - + path: /srv/sylius + target: + path: /srv/sylius + container: '@parent' + initial_contents: '@target' + - + from: nginx + name: nginx + shared_paths: + - + path: /srv/sylius/public + target: + path: /srv/sylius/public + container: '@parent' + initial_contents: '@target' + hosts: + - + hostname: 'store-{{ env.base_domain }}' + path: / + servicePort: 80 + volumes: + - + name: public-media + mount: /srv/sylius/public/media + subPath: '' + - + kind: Database + name: mysql + dockerCompose: + cap_add: + - SYS_NICE + command: '--default-authentication-plugin=mysql_native_password --log_bin_trust_function_creators=1' + image: 'mysql:8.0' + ports: + - '3306:3306' + volumes: + - + name: mysql-data + mount: /var/lib/mysql + subPath: '' + - + kind: Service + name: mailhog + dockerCompose: + environment: + MH_STORAGE: maildir + image: 'mailhog/mailhog:latest' + ports: + - '8025:8025' + - '1025:1025' + hosts: + - + hostname: 'mailhog-{{ env.base_domain }}' + path: / + servicePort: 8025 +volumes: + - + name: mysql-data + size: 1Gi + type: disk + - + name: public-media + size: 1Gi + type: network +dev: + php: + - + containers: + php: + remoteDevProfile: php_dev diff --git a/.bunnyshell/templates/prod/bunnyshell.yaml b/.bunnyshell/templates/prod/bunnyshell.yaml new file mode 100644 index 0000000000..a89ac974c7 --- /dev/null +++ b/.bunnyshell/templates/prod/bunnyshell.yaml @@ -0,0 +1,143 @@ +kind: Environment +name: 'Sylius stage' +type: primary +environmentVariables: + MYSQL_DATABASE: sylius + MYSQL_PASSWORD: nopassword + MYSQL_ROOT_PASSWORD: nopassword + MYSQL_USER: sylius +components: + - + kind: Application + name: php + gitRepo: 'https://github.com/bunnyshell/Sylius-Standard.git' + gitBranch: '1.12' + gitApplicationPath: / + dockerCompose: + build: + context: . + target: sylius_php_prod + environment: + APP_DEBUG: '0' + APP_ENV: prod + APP_SECRET: EDITME + DATABASE_URL: 'mysql://{{ env.vars.MYSQL_USER }}:{{ env.vars.MYSQL_PASSWORD }}@mysql/{{ env.vars.MYSQL_DATABASE }}?serverVersion=8.0' + MAILER_DSN: 'smtp://mailhog:1025' + PHP_DATE_TIMEZONE: UTC + ports: + - '9000:9000' + - '80:80' + pod: + init_containers: + - + from: init-migrations + name: init-migrations + shared_paths: + - + path: /srv/sylius + target: + path: /srv/sylius + container: '@parent' + initial_contents: '@target' + sidecar_containers: + - + from: nginx + name: nginx + shared_paths: + - + path: /srv/sylius/public + target: + path: /srv/sylius/public + container: '@parent' + initial_contents: '@target' + hosts: + - + hostname: 'store-{{ env.base_domain }}' + path: / + servicePort: 80 + volumes: + - + name: public-media + mount: /srv/sylius/public/media + subPath: '' + - + kind: SidecarContainer + name: nginx + gitRepo: 'https://github.com/bunnyshell/Sylius-Standard.git' + gitBranch: '1.12' + gitApplicationPath: / + dockerCompose: + build: + context: . + target: sylius_nginx_bunnyshell + environment: + FPM_HOST: localhost + ports: + - '80:80' + volumes: + - + name: public-media + mount: /srv/sylius/public/media + subPath: '' + - + kind: InitContainer + name: init-migrations + gitRepo: 'https://github.com/bunnyshell/Sylius-Standard.git' + gitBranch: '1.12' + gitApplicationPath: / + dockerCompose: + build: + context: . + target: sylius_migrations_prod + environment: + APP_DEBUG: '0' + APP_ENV: prod + APP_SECRET: EDITME + BASE_DOMAIN: '{{ components.php.ingress.hosts[0] }}' + DATABASE_URL: 'mysql://{{ env.vars.MYSQL_USER }}:{{ env.vars.MYSQL_PASSWORD }}@mysql/{{ env.vars.MYSQL_DATABASE }}?serverVersion=8.0' + LOAD_FIXTURES: '1' + PHP_DATE_TIMEZONE: UTC + volumes: + - + name: public-media + mount: /srv/sylius/public/media + subPath: '' + - + kind: Database + name: mysql + dockerCompose: + cap_add: + - SYS_NICE + command: '--default-authentication-plugin=mysql_native_password --log_bin_trust_function_creators=1' + image: 'mysql:8.0' + ports: + - '3306:3306' + volumes: + - + name: mysql-data + mount: /var/lib/mysql + subPath: '' + - + kind: Service + name: mailhog + dockerCompose: + environment: + MH_STORAGE: maildir + image: 'mailhog/mailhog:latest' + ports: + - '8025:8025' + - '1025:1025' + hosts: + - + hostname: 'mailhog-{{ env.base_domain }}' + path: / + servicePort: 8025 +volumes: + - + name: mysql-data + size: 1Gi + type: disk + - + name: public-media + size: 1Gi + type: network diff --git a/.github/workflows/bns-ci.yml b/.github/workflows/bns-ci.yml new file mode 100644 index 0000000000..e123eac338 --- /dev/null +++ b/.github/workflows/bns-ci.yml @@ -0,0 +1,72 @@ +name: Bunnyshell CI +concurrency: bns-ci +on: + push: + branches: + - '*.*' +jobs: + deploy: + name: Deploy CI environment + runs-on: ubuntu-latest + outputs: + envId: ${{ env.BNS_ENV_ID }} + appEndpointUrl: ${{ env.APP_ENDPOINT_URL }} + steps: + - name: Prepare vars + run: |- + echo "BNS_ENV_NAME=Sylius CI ${GITHUB_RUN_ID}" >> "$GITHUB_ENV" + - name: Check out the repo + uses: actions/checkout@v2 + - name: Get Kubernetes integration + uses: addnab/docker-run-action@v3 + with: + image: bunnyshell/cli:latest + options: -v ${{ github.env }}:/github/envs.txt + run: |- + set -ex + echo "CLUSTER_ID=`bns k8s-clusters list --token ${{ secrets.BUNNYSHELL_ACCESS_TOKEN }} --organization ${{ vars.BUNNYSHELL_ORGANIZATION_ID }} --non-interactive -o json | jq -r '._embedded.item[0].id'`" >> /github/envs.txt + - name: Create Environment + uses: addnab/docker-run-action@v3 + with: + image: bunnyshell/cli:latest + options: -v ${{ github.workspace }}:/work -v ${{ github.env }}:/github/envs.txt + run: |- + set -ex + echo "BNS_ENV_ID=`bns environments create --name "${{ env.BNS_ENV_NAME }}" --from-path /work/.bunnyshell/templates/prod/bunnyshell.yaml --k8s "${{ env.CLUSTER_ID }}" --token ${{ secrets.BUNNYSHELL_ACCESS_TOKEN }} --project ${{ vars.BUNNYSHELL_PROJECT_ID }} --non-interactive -o json | jq -r '.id'`" >> /github/envs.txt + - name: Deploy Environment + uses: addnab/docker-run-action@v3 + with: + image: bunnyshell/cli:latest + options: -v ${{ github.workspace }}:/work -v ${{ github.env }}:/github/envs.txt + run: |- + set -ex + DEPLOY_OUTPUT=`bns environments deploy --id ${{ env.BNS_ENV_ID }} --token ${{ secrets.BUNNYSHELL_ACCESS_TOKEN }} --non-interactive -o json` + echo "APP_ENDPOINT_URL=`echo \"$DEPLOY_OUTPUT\" | grep -A 100 '\[' | jq -r '.[] | select(.name == \"php\") | .endpoints[0]'`" >> /github/envs.txt + test: + name: Run E2E tests + runs-on: ubuntu-latest + needs: deploy + continue-on-error: true + steps: + - name: App tests + run: |- + set -ex + APP_ENDPOINT=${{ needs.deploy.outputs.appEndpointUrl }} + if [ -z "$APP_ENDPOINT" ]; then + echo "No APP_ENDPOINT" + exit 1 + fi + + curl -s --fail-with-body "$APP_ENDPOINT" + cleanup: + name: Delete CI environment + runs-on: ubuntu-latest + if: "${{ needs.deploy.outputs.envId != '' }}" + needs: [deploy, test] + steps: + - name: Deleting Environment + uses: addnab/docker-run-action@v3 + with: + image: bunnyshell/cli:latest + run: |- + bns environments delete --id ${{ needs.deploy.outputs.envId }} --token ${{ secrets.BUNNYSHELL_ACCESS_TOKEN }} --non-interactive diff --git a/.github/workflows/bns-pr-close.yml b/.github/workflows/bns-pr-close.yml new file mode 100644 index 0000000000..1951b6d375 --- /dev/null +++ b/.github/workflows/bns-pr-close.yml @@ -0,0 +1,33 @@ +name: Bunnyshell Delete PR Environment +concurrency: + group: bns-pr-${{ github.event.number }} +on: + pull_request_target: + types: [closed] + branches: + - '*.*' +jobs: + deploy: + name: Delete PR Environment + runs-on: ubuntu-latest + steps: + - name: Check out the repo + uses: actions/checkout@v2 + - name: Check existing Environment + uses: addnab/docker-run-action@v3 + with: + image: bunnyshell/cli:latest + options: -v ${{ github.workspace }}:/work -v ${{ github.env }}:/github/envs.txt + run: |- + set -ex + BNS_ENV_NAME="Sylius PR #${{ github.event.number }}" + BNS_ENV_ID=`bns environments list --search "$BNS_ENV_NAME" --token ${{ secrets.BUNNYSHELL_ACCESS_TOKEN }} --project ${{ vars.BUNNYSHELL_PROJECT_ID }} --non-interactive -o json \ + | jq -r "try ._embedded.item[0].id | select (.!=null)"` + echo "BNS_ENV_ID=$BNS_ENV_ID" >> /github/envs.txt + - name: Delete Environment + uses: addnab/docker-run-action@v3 + if: "${{ env.BNS_ENV_ID != '' }}" + with: + image: bunnyshell/cli:latest + run: |- + bns environments delete --id "${{ env.BNS_ENV_ID }}" --token ${{ secrets.BUNNYSHELL_ACCESS_TOKEN }} --non-interactive -o json diff --git a/.github/workflows/bns-pr.yml b/.github/workflows/bns-pr.yml new file mode 100644 index 0000000000..129daf3dd5 --- /dev/null +++ b/.github/workflows/bns-pr.yml @@ -0,0 +1,87 @@ +name: Bunnyshell Update PR Environment +concurrency: bns-pr-${{ github.event.number }} +on: + pull_request_target: + types: [opened, reopened, synchronize] + branches: + - '*.*' +jobs: + deploy: + name: Deploy PR Environment + runs-on: ubuntu-latest + outputs: + envId: ${{ env.BNS_ENV_ID }} + appEndpointUrl: ${{ env.APP_ENDPOINT_URL }} + steps: + - name: setup-yq + uses: frenck/action-setup-yq@v1 + - name: Prepare vars + run: |- + echo "BNS_ENV_NAME=Sylius PR #${{ github.event.number }}" >> "$GITHUB_ENV" + - name: Check out the repo + uses: actions/checkout@v2 + - name: Get Kubernetes integration + uses: addnab/docker-run-action@v3 + with: + image: bunnyshell/cli:latest + options: -v ${{ github.env }}:/github/envs.txt + run: |- + set -ex + echo "CLUSTER_ID=`bns k8s-clusters list --token ${{ secrets.BUNNYSHELL_ACCESS_TOKEN }} --organization ${{ vars.BUNNYSHELL_ORGANIZATION_ID }} --non-interactive -o json \ + | jq -r '._embedded.item[0].id'`" >> /github/envs.txt + - name: Check existing Environment + uses: addnab/docker-run-action@v3 + with: + image: bunnyshell/cli:latest + options: -v ${{ github.workspace }}:/work -v ${{ github.env }}:/github/envs.txt + run: |- + set -ex + echo "BNS_ENV_ID=`bns environments list --search "${{ env.BNS_ENV_NAME }}" --token ${{ secrets.BUNNYSHELL_ACCESS_TOKEN }} --project ${{ vars.BUNNYSHELL_PROJECT_ID }} --non-interactive -o json \ + | jq -r 'try ._embedded.item[0].id | select (.!=null)'`" >> /github/envs.txt + - name: Prepare bunnyshel.yaml + run: |- + set -ex + yq "(.components[] | select(.gitBranch != null)).gitBranch |= \"$GITHUB_HEAD_REF\"" .bunnyshell/templates/prod/bunnyshell.yaml > bunnyshell_pr.yaml + - name: Create Environment + uses: addnab/docker-run-action@v3 + if: "${{ env.BNS_ENV_ID == '' }}" + with: + image: bunnyshell/cli:latest + options: -v ${{ github.workspace }}:/work -v ${{ github.env }}:/github/envs.txt + run: |- + set -ex + echo "BNS_ENV_CREATED=1" >> /github/envs.txt + echo "BNS_ENV_ID=`bns environments create --name "${{ env.BNS_ENV_NAME }}" --from-path /work/bunnyshell_pr.yaml --k8s "${{ env.CLUSTER_ID }}" --token ${{ secrets.BUNNYSHELL_ACCESS_TOKEN }} --project ${{ vars.BUNNYSHELL_PROJECT_ID }} --non-interactive -o json \ + | jq -r '.id'`" >> /github/envs.txt + - name: Deploy Environment + uses: addnab/docker-run-action@v3 + with: + image: bunnyshell/cli:latest + options: -v ${{ github.workspace }}:/work -v ${{ github.env }}:/github/envs.txt + run: |- + set -ex + DEPLOY_OUTPUT=`bns environments deploy --id ${{ env.BNS_ENV_ID }} --token ${{ secrets.BUNNYSHELL_ACCESS_TOKEN }} --non-interactive -o json` + echo "APP_ENDPOINT_URL=`echo \"$DEPLOY_OUTPUT\" | grep -A 100 '\[' | jq -r '.[] | select(.name == \"php\") | .endpoints[0]'`" >> /github/envs.txt + - name: Comment PR + uses: thollander/actions-comment-pull-request@v2 + if: "${{ env.BNS_ENV_CREATED == '1' }}" + with: + message: | + *Bunnyshell* Environment created with the following endpoints: + - ${{ env.APP_ENDPOINT_URL }} + test: + name: Run E2E tests + runs-on: ubuntu-latest + needs: deploy + continue-on-error: true + steps: + - name: App tests + run: |- + set -ex + APP_ENDPOINT=${{ needs.deploy.outputs.appEndpointUrl }} + if [ -z "$APP_ENDPOINT" ]; then + echo "No APP_ENDPOINT" + exit 1 + fi + + curl -s --fail-with-body "$APP_ENDPOINT" diff --git a/Dockerfile b/Dockerfile index 63b9f8de40..d764254621 100644 --- a/Dockerfile +++ b/Dockerfile @@ -125,6 +125,12 @@ WORKDIR /srv/sylius COPY --from=base /srv/sylius/public public/ COPY --from=sylius_node /srv/sylius/public public/ +FROM sylius_nginx AS sylius_nginx_bunnyshell + +COPY docker/nginx/conf.d/bunnyshell.conf /etc/nginx/conf.d/default.conf + +RUN set -eux; + FROM sylius_php_prod AS sylius_php_dev COPY docker/php/dev/php.ini $PHP_INI_DIR/php.ini @@ -140,6 +146,12 @@ RUN set -eux; \ composer install --prefer-dist --no-autoloader --no-interaction --no-scripts --no-progress; \ composer clear-cache +FROM sylius_php_dev AS sylius_php_dev_bunnyshell + +# package.json is needed by the `node` container, for yarn watch +# `php` and `node` containers share the same folder (the one from `php` container) +COPY . . + FROM sylius_php_prod AS sylius_cron RUN set -eux; \ @@ -166,6 +178,6 @@ FROM sylius_php_dev AS sylius_migrations_dev COPY docker/migrations/docker-entrypoint.sh /usr/local/bin/docker-entrypoint RUN chmod +x /usr/local/bin/docker-entrypoint -RUN composer dump-autoload --classmap-authoritative +RUN composer dump-autoload --classmap-authoritative --optimize ENTRYPOINT ["docker-entrypoint"] diff --git a/config/packages/dev/monolog.yaml b/config/packages/dev/monolog.yaml index da2b092de1..2ddcd6885e 100644 --- a/config/packages/dev/monolog.yaml +++ b/config/packages/dev/monolog.yaml @@ -2,7 +2,7 @@ monolog: handlers: main: type: stream - path: "%kernel.logs_dir%/%kernel.environment%.log" + path: "php://stdout" level: debug firephp: type: firephp diff --git a/config/packages/prod/monolog.yaml b/config/packages/prod/monolog.yaml index 646121143a..372f651079 100644 --- a/config/packages/prod/monolog.yaml +++ b/config/packages/prod/monolog.yaml @@ -6,5 +6,5 @@ monolog: handler: nested nested: type: stream - path: "%kernel.logs_dir%/%kernel.environment%.log" + path: "php://stdout" level: debug diff --git a/docker-compose.yml b/docker-compose.yml index ddcdec2930..5f28b390f1 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -36,10 +36,19 @@ services: - DATABASE_URL=mysql://sylius:${MYSQL_PASSWORD:-nopassword}@mysql/sylius - LOAD_FIXTURES=1 - PHP_DATE_TIMEZONE=${PHP_DATE_TIMEZONE:-UTC} + - BASE_DOMAIN=test.myenv.com + volumes: + - .:/srv/sylius:rw,cached + # if you develop on Linux, you may use a bind-mounted host directory instead + # - ./var:/srv/sylius/var:rw + - ./public:/srv/sylius/public:rw,delegated + # if you develop on Linux, you may use a bind-mounted host directory instead + # - ./public/media:/srv/sylius/public/media:rw + - public-media:/srv/sylius/public/media:rw mysql: container_name: mysql - image: mysql:5.7 # Sylius is fully working on mysql 8.0 version + image: mysql:8.0 platform: linux/amd64 environment: - MYSQL_ROOT_PASSWORD=${MYSQL_ROOT_PASSWORD:-nopassword} @@ -77,15 +86,17 @@ services: container_name: nginx build: context: . - target: sylius_nginx + target: sylius_nginx_bunnyshell + environment: + - FPM_HOST=php depends_on: - php - node # to ensure correct build order volumes: - - ./public:/srv/sylius/public:ro + - ./public:/srv/sylius/public:rw # if you develop on Linux, you may use a bind-mounted host directory instead # - ./public/media:/srv/sylius/public/media:ro - - public-media:/srv/sylius/public/media:ro,nocopy + - public-media:/srv/sylius/public/media:rw ports: - "${HTTP_PORT:-80}:80" diff --git a/docker/migrations/docker-entrypoint.sh b/docker/migrations/docker-entrypoint.sh index 6f3311c340..734b5266f5 100755 --- a/docker/migrations/docker-entrypoint.sh +++ b/docker/migrations/docker-entrypoint.sh @@ -3,6 +3,9 @@ set -e attempt_left=20 +# dump autoload in entrypoint lso due to weird build cache issues +composer dump-autoload --classmap-authoritative --optimize + until php bin/console doctrine:query:sql "select 1" >/dev/null 2>&1; do attempt_left=$((attempt_left-1)) @@ -21,5 +24,13 @@ done php bin/console doctrine:migrations:migrate --no-interaction if [ "$LOAD_FIXTURES" = "1" ]; then + # Replace localhost with BASE_DOMAIN in fixtures.yml + if [ -z "$BASE_DOMAIN" ]; then + sed -i "s/localhost/$BASE_DOMAIN/g" vendor/sylius/sylius/src/Sylius/Bundle/CoreBundle/Resources/config/app/fixtures.yml + fi + php bin/console sylius:fixtures:load --no-interaction + + # generate image cache + find public/media/image -type f -print0 | sed 's/public\/media\/image\///' | xargs -0 -I{} sh -c 'bin/console liip:imagine:cache:resolve {} || true' fi diff --git a/docker/nginx/conf.d/bunnyshell.conf b/docker/nginx/conf.d/bunnyshell.conf new file mode 100644 index 0000000000..bd7dbdfe83 --- /dev/null +++ b/docker/nginx/conf.d/bunnyshell.conf @@ -0,0 +1,48 @@ +upstream php-upstream { + server localhost:9000; +} + +server { + root /srv/sylius/public; + listen *:80; + + location / { + # try to serve file directly, fallback to index.php + try_files $uri /index.php$is_args$args; + } + + location ~ ^/index\.php(/|$) { + # resolver 127.0.0.11 valid=10s ipv6=off; + # set $backendfpm "php:9000"; + # Comment the next line and uncomment the next to enable dynamic resolution (incompatible with Kubernetes); + # fastcgi_pass $backendfpm; + fastcgi_pass php-upstream; + #resolver 127.0.0.11; + #set $upstream_host php; + #fastcgi_pass $upstream_host:9000; + + fastcgi_split_path_info ^(.+\.php)(/.*)$; + include fastcgi_params; + # When you are using symlinks to link the document root to the + # current version of your application, you should pass the real + # application path instead of the path to the symlink to PHP + # FPM. + # Otherwise, PHP's OPcache may not properly detect changes to + # your PHP files (see https://github.com/zendtech/ZendOptimizerPlus/issues/126 + # for more information). + fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name; + fastcgi_param DOCUMENT_ROOT $realpath_root; + # Prevents URIs that include the front controller. This will 404: + # http://domain.tld/index.php/some-path + # Remove the internal directive to allow URIs like this + internal; + } + + # return 404 for all other php files not matching the front controller + # this prevents access to other php files you don't want to be accessible. + location ~ \.php$ { + return 404; + } + + client_max_body_size 6m; +} diff --git a/docker/nginx/conf.d/default.conf b/docker/nginx/conf.d/default.conf index c2565c79de..9c2a7c2188 100644 --- a/docker/nginx/conf.d/default.conf +++ b/docker/nginx/conf.d/default.conf @@ -8,7 +8,7 @@ server { } location ~ ^/index\.php(/|$) { - resolver 127.0.0.11 valid=10s ipv6=off; + # resolver 127.0.0.11 valid=10s ipv6=off; set $backendfpm "php:9000"; # Comment the next line and uncomment the next to enable dynamic resolution (incompatible with Kubernetes); fastcgi_pass $backendfpm; diff --git a/docker/php/docker-entrypoint.sh b/docker/php/docker-entrypoint.sh index 54b400a019..91c93f11fd 100755 --- a/docker/php/docker-entrypoint.sh +++ b/docker/php/docker-entrypoint.sh @@ -1,5 +1,5 @@ #!/bin/sh -set -e +set -ex # first arg is `-f` or `--some-option` if [ "${1#-}" != "$1" ]; then @@ -8,8 +8,8 @@ fi if [ "$1" = 'php-fpm' ] || [ "$1" = 'bin/console' ]; then mkdir -p var/cache var/log var/sessions public/media - setfacl -R -m u:www-data:rwX -m u:"$(whoami)":rwX var public/media - setfacl -dR -m u:www-data:rwX -m u:"$(whoami)":rwX var public/media +# setfacl -R -m u:www-data:rwX -m u:"$(whoami)":rwX var public/media +# setfacl -dR -m u:www-data:rwX -m u:"$(whoami)":rwX var public/media if [ "$APP_ENV" != 'prod' ]; then composer install --prefer-dist --no-progress --no-interaction