add php:7.4-fpm image, and update nginx conf

Author: danielozano

CHANGELOG.md

@@ -6,10 +6,16 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## [Unreleased]
 
+## [1.6.0] - 2020-10-18
+### Added
+  - New php image: php:7.4-fpm
+### Fixed
+  - Fixed nginx buffer conf for Magento versions >= 2.4
+
 ## [1.5.0] - 2020-07-03
 ### Added
- - New node-php image with php7.3.
-   - Added tags: node-php:node8-php7.3
+  - New node-php image with php7.3.
+  - Added tags: node-php:node8-php7.3
 ### Updated
  - Improved error log for php-fpm
    - Updated tags: php7.2-fpm, php7.3-fpm

nginx/1.13/conf/default.conf

@@ -1,30 +1,56 @@
+# WEBSITES MAPPING
+map $http_host $MAGE_RUN_CODE {
+
+    default    base;
+    ## For multi-store configuration add here your domain-website codes
+    # dominio-es.lo    es;
+    # dominio-ch.lo    ch;
+    # dominio-de.lo    de;
+}
+
 upstream fastcgi_backend {
   server unix:/sock/docker.sock;
 }
 
 server {
   listen 8000;
+  ## Add here your domains or leave "localhost" wildcard
   server_name localhost;
 
   set $MAGE_ROOT /var/www/html;
   set $MAGE_MODE developer;
+  set $MAGE_RUN_TYPE website;
 
   root $MAGE_ROOT/pub;
 
   index index.php;
   autoindex off;
-  charset off;
-
+  charset UTF-8;
+  client_max_body_size 64M;
+  error_page 404 403 = /errors/404.php;
   add_header 'X-Content-Type-Options' 'nosniff';
+  #add_header "X-UA-Compatible" "IE=Edge";
 
-  location /setup {
-    root $MAGE_ROOT;
+  # Deny access to sensitive files
+  location /.user.ini {
+    deny all;
+  }
 
+  # PHP entry point for setup application
+  location ~* ^/setup($|/) {
+    root $MAGE_ROOT;
     location ~ ^/setup/index.php {
+      fastcgi_split_path_info ^(.+\.php)(/.+)$;
       fastcgi_pass   fastcgi_backend;
+
+      fastcgi_param  PHP_FLAG  "session.auto_start=off \n suhosin.session.cryptua=off";
+      fastcgi_param  PHP_VALUE "memory_limit=756M \n max_execution_time=600";
+      fastcgi_read_timeout 600s;
+      fastcgi_connect_timeout 600s;
+
       fastcgi_index  index.php;
       fastcgi_param  SCRIPT_FILENAME  $document_root$fastcgi_script_name;
-      include    fastcgi_params;
+      include        fastcgi_params;
     }
 
     location ~ ^/setup/(?!pub/). {
@@ -35,20 +61,21 @@ server {
       add_header X-Frame-Options "SAMEORIGIN";
     }
   }
-  
-  location /update {
+
+  # PHP entry point for update application
+  location ~* ^/update($|/) {
     root $MAGE_ROOT;
 
     location ~ ^/update/index.php {
       fastcgi_split_path_info ^(/update/index.php)(/.+)$;
       fastcgi_pass   fastcgi_backend;
       fastcgi_index  index.php;
       fastcgi_param  SCRIPT_FILENAME  $document_root$fastcgi_script_name;
-      fastcgi_param  PATH_INFO    $fastcgi_path_info;
-      include    fastcgi_params;
+      fastcgi_param  PATH_INFO        $fastcgi_path_info;
+      include        fastcgi_params;
     }
 
-    # deny everything but index.php
+    # Deny everything but index.php
     location ~ ^/update/(?!pub/). {
       deny all;
     }
@@ -59,57 +86,53 @@ server {
   }
 
   location / {
-    try_files $uri $uri/ /index.php?$args;
+    try_files $uri $uri/ /index.php$is_args$args;
   }
-  
-  location /pub {
+
+  location /pub/ {
     location ~ ^/pub/media/(downloadable|customer|import|theme_customization/.*\.xml) {
       deny all;
     }
-
-    alias $MAGE_ROOT/pub;
+    alias $MAGE_ROOT/pub/;
     add_header X-Frame-Options "SAMEORIGIN";
   }
-  
+
   location /static/ {
     if ($MAGE_MODE = "production") {
       expires max;
     }
 
-    # remove signature of static files used to overcome browser cache
+    # Remove signature of the static files that is used to overcome the browser cache
     location ~ ^/static/version {
       rewrite ^/static/(version\d*/)?(.*)$ /static/$2 last;
     }
 
-    location ~* \.(ico|jpg|jpeg|png|gif|svg|js|css|swf|eot|ttf|otf|woff|woff2)$ {
+    location ~* \.(ico|jpg|jpeg|png|gif|svg|js|css|swf|eot|ttf|otf|woff|woff2|json)$ {
       add_header Cache-Control "public";
       add_header X-Frame-Options "SAMEORIGIN";
       expires +1y;
-  
+
       if (!-f $request_filename) {
         rewrite ^/static/(version\d*/)?(.*)$ /static.php?resource=$2 last;
       }
     }
-
     location ~* \.(zip|gz|gzip|bz2|csv|xml)$ {
       add_header Cache-Control "no-store";
       add_header X-Frame-Options "SAMEORIGIN";
-      expires off;
-      
+      expires    off;
+
       if (!-f $request_filename) {
-         rewrite ^/static/(version\d*/)?(.*)$ /static.php?resource=$2 last;
+        rewrite ^/static/(version\d*/)?(.*)$ /static.php?resource=$2 last;
       }
     }
-
     if (!-f $request_filename) {
       rewrite ^/static/(version\d*/)?(.*)$ /static.php?resource=$2 last;
     }
-
     add_header X-Frame-Options "SAMEORIGIN";
   }
-  
+
   location /media/ {
-    try_files $uri $uri/ /get.php?$args;
+    try_files $uri $uri/ /get.php$is_args$args;
 
     location ~ ^/media/theme_customization/.*\.xml {
       deny all;
@@ -119,59 +142,79 @@ server {
       add_header Cache-Control "public";
       add_header X-Frame-Options "SAMEORIGIN";
       expires +1y;
-      try_files $uri $uri/ /get.php?$args;
+      try_files $uri $uri/ /get.php$is_args$args;
     }
-
     location ~* \.(zip|gz|gzip|bz2|csv|xml)$ {
       add_header Cache-Control "no-store";
       add_header X-Frame-Options "SAMEORIGIN";
-      expires off;
-      try_files $uri $uri/ /get.php?$args;
+      expires    off;
+      try_files $uri $uri/ /get.php$is_args$args;
     }
-
     add_header X-Frame-Options "SAMEORIGIN";
   }
-  
+
   location /media/customer/ {
     deny all;
   }
-  
+
   location /media/downloadable/ {
     deny all;
   }
-  
-  location /media/import/ {                                                    
-    deny all;                                                              
-  }
 
-  location ~ /media/theme_customization/.*\.xml$ {
+  location /media/import/ {
     deny all;
   }
-  
+
   location /errors/ {
-    try_files $uri =404;
-  }
-  
-  location ~ ^/errors/.*\.(xml|phtml)$ {
-    deny all;
-  }
-  
-  location ~ cron\.php {
-    deny all;
+    location ~* \.(xml|phtml)$ {
+      deny all;
+    }
   }
 
-  location ~ (index|get|static|report|404|503)\.php$ {
+  # PHP entry point for main application
+  location ~ ^/(index|get|static|errors/report|errors/404|errors/503|health_check)\.php$ {
     try_files $uri =404;
     fastcgi_pass   fastcgi_backend;
-  
+    fastcgi_buffers 1024 4k;
+    fastcgi_buffer_size 32k;
+
     fastcgi_param  PHP_FLAG  "session.auto_start=off \n suhosin.session.cryptua=off";
-    fastcgi_param  PHP_VALUE "max_execution_time=600";
+    fastcgi_param  PHP_VALUE "memory_limit=768M \n max_execution_time=600";
+    fastcgi_param  PHP_VALUE "max_input_vars=10000";
     fastcgi_read_timeout 600s;
     fastcgi_connect_timeout 600s;
     fastcgi_param  MAGE_MODE $MAGE_MODE;
-  
+    fastcgi_param  MAGE_RUN_CODE $MAGE_RUN_CODE;
+    fastcgi_param  MAGE_RUN_TYPE $MAGE_RUN_TYPE;
+
     fastcgi_index  index.php;
     fastcgi_param  SCRIPT_FILENAME  $document_root$fastcgi_script_name;
-    include    fastcgi_params;
+    include        fastcgi_params;
   }
-}
+
+  gzip on;
+  gzip_disable "msie6";
+
+  gzip_comp_level 6;
+  gzip_min_length 1100;
+  gzip_buffers 16 8k;
+  gzip_proxied any;
+  gzip_types
+    text/plain
+    text/css
+    text/js
+    text/xml
+    text/javascript
+    application/javascript
+    application/x-javascript
+    application/json
+    application/xml
+    application/xml+rss
+    image/svg+xml;
+  gzip_vary on;
+
+  # Banned locations (only reached if the earlier PHP entry point regexes don't match)
+  location ~* (\.php$|\.htaccess$|\.git) {
+    deny all;
+  }
+}

php/7.4-fpm/Dockerfile

@@ -0,0 +1,95 @@
+FROM php:7.4-fpm
+
+LABEL authors="Daniel Lozano <dn.lozano.m@gmail.com>, Juan Alonso <juan.jalogut@gmail.com>"
+
+RUN apt-get update && apt-get install -y --no-install-recommends \
+  cron \
+  git \
+  gzip \
+  libfreetype6-dev \
+  libicu-dev \
+  libjpeg62-turbo-dev \
+  libmcrypt-dev \
+  libpng-dev \
+  libxslt1-dev \
+  libzip-dev \
+  lsof \
+  mariadb-client \
+  vim \
+  zip \
+  procps \
+  sudo \
+  openssh-client \
+  libonig-dev \
+  && rm -rf /var/lib/apt/lists/*
+
+RUN docker-php-ext-configure \
+  gd --with-freetype --with-jpeg
+
+RUN docker-php-ext-install \
+  bcmath \
+  gd \
+  intl \
+  mbstring \
+  opcache \
+  pcntl \
+  pdo_mysql \
+  soap \
+  xsl \
+  zip \
+  sockets
+
+# Remove libsodium and install upgrading version:
+RUN rm -f /usr/local/etc/php/conf.d/*sodium.ini \
+  && rm -f /usr/local/lib/php/extensions/*/*sodium.so \
+  && apt-get remove libsodium* -y  \
+  && mkdir -p /tmp/libsodium  \
+  && curl -sL https://github.com/jedisct1/libsodium/archive/1.0.18-RELEASE.tar.gz | tar xzf - -C  /tmp/libsodium \
+  && cd /tmp/libsodium/libsodium-1.0.18-RELEASE/ \
+  && ./configure \
+  && make && make check \
+  && make install  \
+  && cd / \
+  && rm -rf /tmp/libsodium  \
+  && pecl install -o -f libsodium \
+  && docker-php-ext-enable sodium
+
+RUN pecl channel-update pecl.php.net \
+  && pecl install xdebug \
+  && docker-php-ext-enable xdebug \
+  && sed -i -e 's/^zend_extension/\;zend_extension/g' /usr/local/etc/php/conf.d/docker-php-ext-xdebug.ini
+
+# install composer
+RUN EXPECTED_SIGNATURE="$(curl -s https://composer.github.io/installer.sig)" \
+    && php -r "copy('https://getcomposer.org/installer', 'composer-setup.php');" \
+    && ACTUAL_SIGNATURE="$(php -r "echo hash_file('sha384', 'composer-setup.php');")" \
+    && ( if [ "$EXPECTED_SIGNATURE" != "$ACTUAL_SIGNATURE" ]; then >&2 echo 'ERROR: Invalid installer signature'; rm composer-setup.php; exit 1; fi ) \
+    && php composer-setup.php --install-dir /usr/local/bin --filename=composer \
+    && php -r "unlink('composer-setup.php');"
+
+RUN groupadd -g 1000 app \
+ && useradd -g 1000 -u 1000 -d /var/www -s /bin/bash app
+
+COPY conf/www.conf /usr/local/etc/php-fpm.d/
+COPY conf/php.ini /usr/local/etc/php/
+COPY conf/xdebug.ini /usr/local/etc/php/conf.d/
+COPY conf/php-fpm.conf /usr/local/etc/
+
+RUN mkdir /sock
+RUN chown -R app:app /usr/local/etc/php/conf.d /sock
+
+RUN mkdir -p /var/www && chown -R app:app /var/www/
+RUN echo "app ALL=(ALL) NOPASSWD: /bin/chown" >> /etc/sudoers.d/app
+
+USER app:app
+
+VOLUME /var/www
+
+WORKDIR /var/www/html
+
+EXPOSE 9001
+
+COPY ./docker-entrypoint.sh /usr/local/bin/docker-entrypoint.sh
+
+ENTRYPOINT [ "docker-entrypoint.sh" ]
+CMD [ "php-fpm" ]