Initial Commit

Author: mcneely

.docker/apache/Dockerfile

@@ -0,0 +1,12 @@
+FROM debian:buster
+
+RUN apt-get update && apt-get install -y --no-install-recommends software-properties-common apache2 curl openssl nano&& \
+rm -r /var/lib/apt/lists/* &&\
+a2enmod proxy_fcgi ssl rewrite proxy proxy_balancer proxy_http proxy_ajp deflate mime setenvif headers http2 && \
+rm -f /var/run/apache2/apache2.pid
+
+COPY entrypoint.sh /entrypoint.sh
+RUN chmod 755 /entrypoint.sh
+
+EXPOSE 80 443 44380
+CMD ["/entrypoint.sh"]

.docker/apache/entrypoint.sh

@@ -0,0 +1,2 @@
+#!/usr/bin/env bash
+apache2ctl  -DFOREGROUND -e info

.docker/apache/include/include.conf

@@ -0,0 +1,71 @@
+ServerName ${server_name}
+ServerAlias www.${server_name}
+
+<FilesMatch \.php$>
+ SetHandler "proxy:fcgi://php-fpm:9000"
+</FilesMatch>
+
+DocumentRoot ${docRoot}
+
+Alias /.well-known/ ${appRoot}/.well-known/
+<Directory "${appRoot}/.well-known/">
+    Require all granted
+    Options None
+    AllowOverride None
+    ForceType text/plain
+</Directory>
+
+<Directory ${docRoot}>
+    AllowOverride All
+    Require all granted
+    DirectoryIndex ${docRoot}/${indexPrefix}.php
+    <IfModule mod_negotiation.c>
+        Options -MultiViews
+    </IfModule>
+
+   <IfModule mod_mime.c>
+       AddType application/x-javascript .js
+       AddType text/css .css
+   </IfModule>
+   <IfModule mod_deflate.c>
+       AddOutputFilterByType DEFLATE text/plain text/html text/xml text/css application/xml application/xhtml+xml application/rss+xml application/json application/javascript application/x-javascript image/svg+xml
+        <IfModule mod_setenvif.c>
+            BrowserMatch ^Mozilla/4 gzip-only-text/html
+            BrowserMatch ^Mozilla/4.0[678] no-gzip
+            BrowserMatch bMSIE !no-gzip !gzip-only-text/html
+        </IfModule>
+    </IfModule>
+    Header append Vary User-Agent env=!dont-vary
+
+    <IfModule mod_rewrite.c>
+        RewriteEngine On
+
+        RewriteCond %{REQUEST_URI}::$0 ^(/.+)/(.*)::\2$
+        RewriteRule .* - [E=BASE:%1]
+
+        RewriteCond %{HTTP:Authorization} .+
+        RewriteRule ^ - [E=HTTP_AUTHORIZATION:%0]
+
+        RewriteCond %{ENV:REDIRECT_STATUS} =""
+        RewriteRule ^${indexPrefix}\.php(?:/(.*)|$) %{ENV:BASE}/$1 [R=301,L]
+
+        RewriteCond %{REQUEST_FILENAME} !-f
+        RewriteRule ^ %{ENV:BASE}/${indexPrefix}.php [L]
+    </IfModule>
+
+    <IfModule !mod_rewrite.c>
+        <IfModule mod_alias.c>
+            RedirectMatch 302 ^/$ /${indexPrefix}.php/
+        </IfModule>
+    </IfModule>
+</Directory>
+
+<Directory ${appRoot}/var>
+    <IfModule mod_authz_core.c>
+        Require all denied
+    </IfModule>
+    <IfModule !mod_authz_core.c>
+        Order deny,allow
+        Deny from all
+    </IfModule>
+</Directory>

.docker/apache/sites-enabled/web.conf

@@ -0,0 +1,61 @@
+Define server_name  web.local
+Define appRoot      /var/www
+Define docRoot      ${appRoot}/public
+Define indexPrefix  index
+Define logdir       /var/log/apache2/
+
+ServerName localhost
+Listen 44380
+
+ErrorLog ${logdir}/error.log
+CustomLog ${logdir}/access.log Combined
+
+Protocols h2c http/1.1
+<VirtualHost *:80>
+#Should only be Exposed for Dev only
+    Include /etc/apache2/include/include.conf
+</VirtualHost>
+
+<VirtualHost *:443>
+    SSLEngine on
+    SSLCertificateFile /etc/http-certs/cert.crt
+    SSLCertificateKeyFile /etc/http-certs/cert.key
+    Protocols h2 http/1.1
+
+    Header always set Strict-Transport-Security "max-age=15552000; includeSubDomains; preload"
+
+    Include /etc/apache2/include/include.conf
+</VirtualHost>
+
+<VirtualHost *:44380>
+    # Redirects port 80 to 443 should be used in Production
+    ServerName ${server_name}
+    ServerAlias www.${server_name} lb.${server_name}
+
+    <IfModule mod_rewrite.c>
+        RewriteEngine On
+        RewriteRule ^(.*)$ https://%{HTTP_HOST}$1 [R=301,L]
+    </IfModule>
+
+    <IfModule !mod_rewrite.c>
+        <IfModule mod_alias.c>
+            RedirectMatch 301 "^/?(.*)" "https://${server_name}/$1"
+        </IfModule>
+    </IfModule>
+</VirtualHost>
+
+SSLProtocol             all -SSLv3 -TLSv1 -TLSv1.1
+SSLCipherSuite          ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
+SSLHonorCipherOrder     off
+SSLSessionTickets       off
+
+#SSLUseStapling On
+#SSLStaplingCache "shmcb:logs/ssl_stapling(32768)"
+
+SSLOpenSSLConfCmd Curves secp384r1
+SSLOpenSSLConfCmd DHParameters "/etc/http-certs/dhparam.pem"
+
+Undefine server_name
+Undefine appRoot
+Undefine docRoot
+Undefine logdir

.docker/certs/dhparam.pem

@@ -0,0 +1,8 @@
+-----BEGIN DH PARAMETERS-----
+MIIBCAKCAQEA//////////+t+FRYortKmq/cViAnPTzx2LnFg84tNpWp4TZBFGQz
++8yTnc4kmz75fS/jY2MMddj2gbICrsRhetPfHtXV/WVhJDP1H18GbtCFY2VVPe0a
+87VXE15/V8k1mE8McODmi3fipona8+/och3xWKE2rec1MKzKT0g6eXq8CrGCsyT7
+YdEIqUuyyOP7uWrat2DX9GgdT0Kj3jlN9K5W7edjcrsZCwenyO4KbXCeAvzhzffi
+7MA0BM0oNC9hkXL+nOmFg/+OTxIy7vKBg8P+OxtMb61zO7X8vC7CIAXFjvGDfRaD
+ssbzSibBsu/6iGtCOGEoXJf//////////wIBAg==
+-----END DH PARAMETERS-----

.docker/nginx/conf.d/web.conf

@@ -0,0 +1,77 @@
+server {
+    listen   44380;
+    listen   [::]:44380;
+	server_name _;
+	return 301 https://$host$request_uri;
+}
+
+server {
+    set $serverName   web.local;
+    set $appRoot      /var/www;
+    set $docRoot      $appRoot/public;
+    set $indexPrefix  index;
+
+    listen              80;
+    listen              [::]:80;
+    listen              443 ssl http2;
+    listen              [::]:443 ssl http2;
+
+    ssl_certificate     /etc/http-certs/cert.crt;
+    ssl_certificate_key /etc/http-certs/cert.key;
+    ssl_dhparam         /etc/http-certs/dhparam.pem;
+    ssl_session_timeout 1d;
+    ssl_session_cache shared:MozSSL:10m;
+    ssl_session_tickets off;
+    ssl_protocols TLSv1.2 TLSv1.3;
+    ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
+    ssl_prefer_server_ciphers on;
+    ssl_stapling on;
+    ssl_stapling_verify on;
+
+    server_name $serverName;
+    root $docRoot;
+
+    gzip on;
+    gzip_vary on;
+    gzip_proxied any;
+    gzip_types text/plain text/css application/xml application/xhtml+xml application/rss+xml application/json application/javascript application/x-javascript image/svg+xml;
+
+    location / {
+        try_files $uri /$indexPrefix.php$is_args$args;
+    }
+
+    location ^~ /.well-known/ {
+            allow all;
+    }
+
+    location ~*  \.(jpg|jpeg|png|gif|ico)$ {
+            log_not_found off;
+            access_log off;
+    }
+
+    location ~ \.php(/|$) {
+        fastcgi_pass php-fpm:9000;
+        fastcgi_split_path_info ^(.+\.php)(/.*)$;
+        fastcgi_index $indexPrefix.php;
+        include fastcgi_params;
+
+        fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;
+        fastcgi_param DOCUMENT_ROOT $realpath_root;
+
+        fastcgi_buffers 8 16k;
+        fastcgi_buffer_size 32k;
+        fastcgi_read_timeout 240;
+        proxy_connect_timeout 10;
+        proxy_send_timeout 300;
+        proxy_read_timeout 300;
+    }
+
+    # return 404 for all other php files not matching the front controller
+    # this prevents access to other php files you don't want to be accessible.
+    location ~ \.php$ {
+        return 404;
+    }
+
+    error_log  /var/log/nginx/error.log;
+    access_log /var/log/nginx/access.log;
+}

.docker/php/cli/Dockerfile

@@ -0,0 +1,29 @@
+FROM php:7.4-cli-buster
+
+COPY php.ini /usr/local/etc/php/php.ini
+COPY xdebug.ini /xdebug.ini
+
+RUN apt-get update && \
+    pecl install xdebug && \
+    apt-get install -y --no-install-recommends \
+    acl apt-transport-https apt-utils \
+    build-essential curl debconf \
+    git gnupg gnupg1 gnupg2 \
+    libjpeg-dev libldb-dev libldap2-dev libonig-dev libpq-dev libpng-dev libssl-dev libxml2 libxml2-dev libxpm-dev libzip-dev libzip4 locales\
+    mailutils nano openssl rsync sudo unzip wget zip zlib1g-dev && \
+    apt-get autoremove && apt-get clean && rm -rf /var/lib/apt/lists/* && echo "en_US.UTF-8 UTF-8" > /etc/locale.gen && locale-gen && \
+    docker-php-ext-install bcmath exif gd intl ldap opcache pdo_mysql pdo_pgsql sockets zip
+
+COPY entrypoint.sh /entrypoint.sh
+RUN chmod 755 /entrypoint.sh
+
+WORKDIR /var/www
+
+RUN curl -sSk https://getcomposer.org/installer | php -- --disable-tls && mv composer.phar /usr/local/bin/composer &&\
+    curl -sS https://dl.yarnpkg.com/debian/pubkey.gpg | apt-key add - &&\
+    curl -sL https://deb.nodesource.com/setup_14.x | bash - &&\
+    echo "deb https://dl.yarnpkg.com/debian/ stable main" | tee /etc/apt/sources.list.d/yarn.list &&\
+    apt-get update && apt-get install -y --no-install-recommends --no-install-suggests supervisor nodejs yarn
+
+COPY supervisor.conf /etc/supervisor/conf.d/supervisor.conf
+CMD ["/entrypoint.sh"]

.docker/php/cli/entrypoint.sh

@@ -0,0 +1,13 @@
+#!/usr/bin/env bash
+APP_ENV=${APP_ENV:-prod}
+
+source ~/.bashrc
+if [[ ! "dev" == "$APP_ENV" ]]; then
+    if [[ -e /usr/local/etc/php/conf.d/xdebug.ini ]]; then
+        rm -f /usr/local/etc/php/conf.d/xdebug.ini
+    fi
+else
+    ln -s /xdebug.ini /usr/local/etc/php/conf.d/xdebug.ini
+fi
+touch /var/log/supervisor/supervisord.log
+/usr/bin/supervisord