Merge pull request #23 from danielsuguimoto/php84

adding php 8.4

Author: dbpolito

.github/workflows/ci-cd.yml

@@ -16,7 +16,7 @@ jobs:
 
     strategy:
       matrix:
-        version: ['8.0-swoole', '8.1-swoole', '8.2-swoole', '8.3-swoole']
+        version: ['8.0-swoole', '8.1-swoole', '8.2-swoole', '8.3-swoole', '8.4-swoole']
         type: ['', '-prod']
 
     steps:

8.4-swoole-nginx-prod/Dockerfile

@@ -0,0 +1,62 @@
+FROM debian AS cert
+
+WORKDIR /kool/ssl
+
+RUN apt-get update && \
+    apt-get install -y openssl && \
+    openssl genrsa -des3 -passout pass:x -out server.pass.key 2048 && \
+    openssl rsa -passin pass:x -in server.pass.key -out _.localhost.key && \
+    rm server.pass.key && \
+    openssl req -new -key _.localhost.key -out server.csr \
+        -subj "/C=XX/ST=XX/L=XX/O=Kool-Local/OU=Localhost/CN=*.localhost" && \
+    openssl x509 -req -days 365 -in server.csr -signkey _.localhost.key -out _.localhost.crt && \
+    openssl x509 -in _.localhost.crt -out _.localhost.pem
+
+FROM kooldev/php:8.4-swoole-prod
+
+ENV PHP_FPM_LISTEN=/run/php-fpm.sock \
+    NGINX_LISTEN=80 \
+    NGINX_HTTPS=false \
+    NGINX_LISTEN_HTTPS=443 \
+    NGINX_HTTPS_CERT=/kool/ssl/_.localhost.pem \
+    NGINX_HTTPS_CERT_KEY=/kool/ssl/_.localhost.key \
+    NGINX_ROOT=/app/public \
+    NGINX_INDEX=index.php \
+    NGINX_CLIENT_MAX_BODY_SIZE=25M \
+    NGINX_PHP_FPM=unix:/run/php-fpm.sock \
+    NGINX_FASTCGI_READ_TIMEOUT=60s \
+    NGINX_FASTCGI_BUFFERS='8 8k' \
+    NGINX_FASTCGI_BUFFER_SIZE='16k' \
+    NGINX_ENTRYPOINT_WORKER_PROCESSES_AUTOTUNE=true
+
+RUN curl -L https://github.com/ochinchina/supervisord/releases/download/v0.6.3/supervisord_static_0.6.3_linux_amd64 -o /usr/local/bin/supervisord \
+    && chmod +x /usr/local/bin/supervisord \
+    && apk add --no-cache nginx \
+    && chown -R kool:kool /var/lib/nginx \
+    && chmod 770 /var/lib/nginx/tmp \
+    && ln -sf /dev/stdout /var/log/nginx/access.log \
+    && ln -sf /dev/stderr /var/log/nginx/error.log \
+    # add h5bp/server-configs-nginx
+    && mkdir -p /etc/nginx/conf.d \
+    && mkdir /etc/nginx/h5bp \
+    && cd /etc/nginx/h5bp \
+    && wget https://github.com/h5bp/server-configs-nginx/archive/refs/tags/3.3.0.tar.gz -O h5bp.tgz \
+    && tar xzvf h5bp.tgz \
+    && rm -f h5bp.tgz \
+    && mv server-configs-nginx-*/h5bp/* . \
+    && mv server-configs-nginx-*/nginx.conf /etc/nginx/nginx.conf \
+    && sed -i "s|^user .*|user\ kool kool;|g" /etc/nginx/nginx.conf \
+    && mv server-configs-nginx-*/mime.types /etc/nginx/mime.types \
+    && rm -rf server-configs-nginx-* \
+    && curl -L https://raw.githubusercontent.com/nginxinc/docker-nginx/master/entrypoint/30-tune-worker-processes.sh -o /kool/30-tune-worker-processes.sh \
+    && chmod +x /kool/30-tune-worker-processes.sh
+
+COPY supervisor.conf /kool/supervisor.conf
+COPY default.tmpl /kool/default.tmpl
+COPY entrypoint /kool/entrypoint
+COPY --from=cert /kool/ssl /kool/ssl
+RUN chmod +x /kool/entrypoint
+
+EXPOSE 80
+
+CMD [ "supervisord", "-c", "/kool/supervisor.conf" ]

8.4-swoole-nginx-prod/default.tmpl

@@ -0,0 +1,72 @@
+map $http_upgrade $connection_upgrade {
+    default upgrade;
+    ''      close;
+}
+
+server {
+    listen {{ .Env.NGINX_LISTEN }} default_server;
+    server_name _;
+{{ if isTrue .Env.NGINX_HTTPS }}
+    listen {{ .Env.NGINX_LISTEN_HTTPS }} ssl http2;
+    ssl_certificate     {{ .Env.NGINX_HTTPS_CERT }};
+    ssl_certificate_key {{ .Env.NGINX_HTTPS_CERT_KEY }};
+    ssl_protocols       TLSv1 TLSv1.1 TLSv1.2;
+    ssl_ciphers         HIGH:!aNULL:!MD5;
+{{ end }}
+    root {{ .Env.NGINX_ROOT }};
+    index {{ .Env.NGINX_INDEX }};
+    charset utf-8;
+
+    location = /favicon.ico { log_not_found off; access_log off; }
+    location = /robots.txt  { log_not_found off; access_log off; }
+
+    client_max_body_size {{ .Env.NGINX_CLIENT_MAX_BODY_SIZE }};
+
+    error_page 404 /index.php;
+
+    location /index.php {
+        try_files /not_exists @octane;
+    }
+
+    location / {
+        try_files $uri $uri/ @octane;
+
+        add_header X-Served-By kool.dev;
+    }
+
+    location @octane  {
+        set $suffix "";
+
+        if ($uri = /index.php) {
+            set $suffix ?$query_string;
+        }
+
+        proxy_http_version 1.1;
+        proxy_set_header Host $http_host;
+        proxy_set_header Scheme $scheme;
+        proxy_set_header SERVER_PORT $server_port;
+        proxy_set_header REMOTE_ADDR $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header Connection $connection_upgrade;
+
+        proxy_pass http://127.0.0.1:8000$suffix;
+    }
+
+    location ~ /\.ht {
+        deny all;
+    }
+
+    # good practices
+    add_header X-Frame-Options "SAMEORIGIN";
+
+    # basic H5BP suggestions
+    include h5bp/internet_explorer/x-ua-compatible.conf;
+    include h5bp/security/referrer-policy.conf;
+    include h5bp/security/x-content-type-options.conf;
+    include h5bp/security/x-xss-protection.conf;
+
+    # performance enhancements (mostly for caching static data)
+    include h5bp/web_performance/cache-file-descriptors.conf;
+    include h5bp/web_performance/pre-compressed_content_gzip.conf;
+}

8.4-swoole-nginx-prod/entrypoint

@@ -0,0 +1,25 @@
+#!/bin/sh
+set -e
+
+
+# Run as current user
+CURRENT_USER=${ASUSER:-${UID:-0}}
+
+if [ ! -z "$CURRENT_USER" ] && [ "$CURRENT_USER" != "0" ]; then
+    usermod -u $CURRENT_USER kool
+fi
+
+dockerize -template /kool/kool.tmpl:/usr/local/etc/php/conf.d/kool.ini -template /kool/zz-docker.tmpl:/usr/local/etc/php-fpm.d/zz-docker.conf -template /kool/default.tmpl:/etc/nginx/conf.d/default.conf
+
+/kool/30-tune-worker-processes.sh
+
+# Run entrypoint if provided
+if [ ! -z "$ENTRYPOINT" ] && [ -f "$ENTRYPOINT" ]; then
+    bash $ENTRYPOINT
+fi
+
+if [ "$1" = "sh" ] || [ "$1" = "bash" ] || [ "$1" = "php-fpm" ] || [ "$1" = "nginx" ] || [ "$1" = "supervisord" ]; then
+    exec "$@"
+else
+    exec su-exec kool "$@"
+fi

8.4-swoole-nginx-prod/supervisor.conf

@@ -0,0 +1,14 @@
+[program:nginx]
+depends_on = octane
+command = nginx -g "daemon off;"
+autorestart = true
+stopasgroup = true
+stderr_logfile = /dev/stderr
+stdout_logfile = /dev/stdout
+
+[program:octane]
+command = su-exec kool php artisan octane:start
+autorestart = true
+stopasgroup = true
+stderr_logfile = /dev/stderr
+stdout_logfile = /dev/stdout

8.4-swoole-nginx/Dockerfile

@@ -0,0 +1,62 @@
+FROM debian AS cert
+
+WORKDIR /kool/ssl
+
+RUN apt-get update && \
+    apt-get install -y openssl && \
+    openssl genrsa -des3 -passout pass:x -out server.pass.key 2048 && \
+    openssl rsa -passin pass:x -in server.pass.key -out _.localhost.key && \
+    rm server.pass.key && \
+    openssl req -new -key _.localhost.key -out server.csr \
+        -subj "/C=XX/ST=XX/L=XX/O=Kool-Local/OU=Localhost/CN=*.localhost" && \
+    openssl x509 -req -days 365 -in server.csr -signkey _.localhost.key -out _.localhost.crt && \
+    openssl x509 -in _.localhost.crt -out _.localhost.pem
+
+FROM kooldev/php:8.4-swoole
+
+ENV PHP_FPM_LISTEN=/run/php-fpm.sock \
+    NGINX_LISTEN=80 \
+    NGINX_HTTPS=false \
+    NGINX_LISTEN_HTTPS=443 \
+    NGINX_HTTPS_CERT=/kool/ssl/_.localhost.pem \
+    NGINX_HTTPS_CERT_KEY=/kool/ssl/_.localhost.key \
+    NGINX_ROOT=/app/public \
+    NGINX_INDEX=index.php \
+    NGINX_CLIENT_MAX_BODY_SIZE=25M \
+    NGINX_PHP_FPM=unix:/run/php-fpm.sock \
+    NGINX_FASTCGI_READ_TIMEOUT=60s \
+    NGINX_FASTCGI_BUFFERS='8 8k' \
+    NGINX_FASTCGI_BUFFER_SIZE='16k' \
+    NGINX_ENTRYPOINT_WORKER_PROCESSES_AUTOTUNE=true
+
+RUN curl -L https://github.com/ochinchina/supervisord/releases/download/v0.6.3/supervisord_static_0.6.3_linux_amd64 -o /usr/local/bin/supervisord \
+    && chmod +x /usr/local/bin/supervisord \
+    && apk add --no-cache nginx \
+    && chown -R kool:kool /var/lib/nginx \
+    && chmod 770 /var/lib/nginx/tmp \
+    && ln -sf /dev/stdout /var/log/nginx/access.log \
+    && ln -sf /dev/stderr /var/log/nginx/error.log \
+    # add h5bp/server-configs-nginx
+    && mkdir -p /etc/nginx/conf.d \
+    && mkdir /etc/nginx/h5bp \
+    && cd /etc/nginx/h5bp \
+    && wget https://github.com/h5bp/server-configs-nginx/archive/refs/tags/3.3.0.tar.gz -O h5bp.tgz \
+    && tar xzvf h5bp.tgz \
+    && rm -f h5bp.tgz \
+    && mv server-configs-nginx-*/h5bp/* . \
+    && mv server-configs-nginx-*/nginx.conf /etc/nginx/nginx.conf \
+    && sed -i "s|^user .*|user\ kool kool;|g" /etc/nginx/nginx.conf \
+    && mv server-configs-nginx-*/mime.types /etc/nginx/mime.types \
+    && rm -rf server-configs-nginx-* \
+    && curl -L https://raw.githubusercontent.com/nginxinc/docker-nginx/master/entrypoint/30-tune-worker-processes.sh -o /kool/30-tune-worker-processes.sh \
+    && chmod +x /kool/30-tune-worker-processes.sh
+
+COPY supervisor.conf /kool/supervisor.conf
+COPY default.tmpl /kool/default.tmpl
+COPY entrypoint /kool/entrypoint
+COPY --from=cert /kool/ssl /kool/ssl
+RUN chmod +x /kool/entrypoint
+
+EXPOSE 80
+
+CMD [ "supervisord", "-c", "/kool/supervisor.conf" ]

8.4-swoole-nginx/default.tmpl

@@ -0,0 +1,72 @@
+map $http_upgrade $connection_upgrade {
+    default upgrade;
+    ''      close;
+}
+
+server {
+    listen {{ .Env.NGINX_LISTEN }} default_server;
+    server_name _;
+{{ if isTrue .Env.NGINX_HTTPS }}
+    listen {{ .Env.NGINX_LISTEN_HTTPS }} ssl http2;
+    ssl_certificate     {{ .Env.NGINX_HTTPS_CERT }};
+    ssl_certificate_key {{ .Env.NGINX_HTTPS_CERT_KEY }};
+    ssl_protocols       TLSv1 TLSv1.1 TLSv1.2;
+    ssl_ciphers         HIGH:!aNULL:!MD5;
+{{ end }}
+    root {{ .Env.NGINX_ROOT }};
+    index {{ .Env.NGINX_INDEX }};
+    charset utf-8;
+
+    location = /favicon.ico { log_not_found off; access_log off; }
+    location = /robots.txt  { log_not_found off; access_log off; }
+
+    client_max_body_size {{ .Env.NGINX_CLIENT_MAX_BODY_SIZE }};
+
+    error_page 404 /index.php;
+
+    location /index.php {
+        try_files /not_exists @octane;
+    }
+
+    location / {
+        try_files $uri $uri/ @octane;
+
+        add_header X-Served-By kool.dev;
+    }
+
+    location @octane  {
+        set $suffix "";
+
+        if ($uri = /index.php) {
+            set $suffix ?$query_string;
+        }
+
+        proxy_http_version 1.1;
+        proxy_set_header Host $http_host;
+        proxy_set_header Scheme $scheme;
+        proxy_set_header SERVER_PORT $server_port;
+        proxy_set_header REMOTE_ADDR $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header Connection $connection_upgrade;
+
+        proxy_pass http://127.0.0.1:8000$suffix;
+    }
+
+    location ~ /\.ht {
+        deny all;
+    }
+
+    # good practices
+    add_header X-Frame-Options "SAMEORIGIN";
+
+    # basic H5BP suggestions
+    include h5bp/internet_explorer/x-ua-compatible.conf;
+    include h5bp/security/referrer-policy.conf;
+    include h5bp/security/x-content-type-options.conf;
+    include h5bp/security/x-xss-protection.conf;
+
+    # performance enhancements (mostly for caching static data)
+    include h5bp/web_performance/cache-file-descriptors.conf;
+    include h5bp/web_performance/pre-compressed_content_gzip.conf;
+}

8.4-swoole-nginx/entrypoint

@@ -0,0 +1,34 @@
+#!/bin/sh
+set -e
+
+if [ "$ENABLE_XDEBUG" == "true" ]; then
+    docker-php-ext-enable xdebug >> /dev/null 2>&1
+
+    if [ $? != "0" ]; then
+        echo "[ERROR] An error happened enabling xdebug"
+
+        exit 1
+    fi
+fi
+
+# Run as current user
+CURRENT_USER=${ASUSER:-${UID:-0}}
+
+if [ ! -z "$CURRENT_USER" ] && [ "$CURRENT_USER" != "0" ]; then
+    usermod -u $CURRENT_USER kool
+fi
+
+dockerize -template /kool/kool.tmpl:/usr/local/etc/php/conf.d/kool.ini -template /kool/zz-docker.tmpl:/usr/local/etc/php-fpm.d/zz-docker.conf -template /kool/default.tmpl:/etc/nginx/conf.d/default.conf
+
+/kool/30-tune-worker-processes.sh
+
+# Run entrypoint if provided
+if [ ! -z "$ENTRYPOINT" ] && [ -f "$ENTRYPOINT" ]; then
+    bash $ENTRYPOINT
+fi
+
+if [ "$1" = "sh" ] || [ "$1" = "bash" ] || [ "$1" = "php-fpm" ] || [ "$1" = "nginx" ] || [ "$1" = "supervisord" ]; then
+    exec "$@"
+else
+    exec su-exec kool "$@"
+fi

8.4-swoole-nginx/supervisor.conf

@@ -0,0 +1,14 @@
+[program:nginx]
+depends_on = octane
+command = nginx -g "daemon off;"
+autorestart = true
+stopasgroup = true
+stderr_logfile = /dev/stderr
+stdout_logfile = /dev/stdout
+
+[program:octane]
+command = su-exec kool php artisan octane:start --watch
+autorestart = true
+stopasgroup = true
+stderr_logfile = /dev/stderr
+stdout_logfile = /dev/stdout

8.4-swoole-prod/Dockerfile

@@ -0,0 +1,5 @@
+FROM kooldev/php:8.4-prod
+
+COPY --from=mlocati/php-extension-installer /usr/bin/install-php-extensions /usr/local/bin/
+
+RUN install-php-extensions swoole