clean up & simplify structure w/ separate build workflows

Independent NGINX & PHP-FPM build workflows & directory structure for cleaner and simpler workflow logic.
2025-12-07 22:45:10 -08:00
parent 8c7a098129
commit 82cdc6a2ad
10 changed files with 292 additions and 360 deletions
--- a/php-fpm/7.4/Dockerfile
+++ b/php-fpm/7.4/Dockerfile
@@ -0,0 +1,110 @@
+# Multi-stage Alpine-based PHP 7.4 FPM image optimized for WordPress
+ARG BASE_TAG=7.4-fpm-alpine3.16
+FROM php:${BASE_TAG} AS build
+
+RUN set -eux; \
+	apk add --no-cache --virtual .build-deps \
+	$PHPIZE_DEPS \
+	autoconf \
+	gcc \
+	g++ \
+	make \
+	pkgconfig \
+	bash \
+	freetype-dev \
+	libjpeg-turbo-dev \
+	libpng-dev \
+	libxml2-dev \
+	zlib-dev \
+	icu-dev \
+	libzip-dev \
+	oniguruma-dev \
+	mariadb-dev \
+	; \
+	docker-php-ext-configure gd --with-freetype --with-jpeg; \
+	docker-php-ext-install -j"$(nproc)" \
+	gd \
+	mysqli \
+	pdo \
+	pdo_mysql \
+	zip \
+	exif \
+	intl \
+	bcmath \
+	opcache \
+	xml \
+	mbstring \
+	xmlrpc \
+	soap \
+	pcntl \
+	; \
+	pecl channel-update pecl.php.net; \
+	pecl install redis && docker-php-ext-enable redis; \
+	cp "$PHP_INI_DIR/php.ini-production" "$PHP_INI_DIR/php.ini"; \
+	apk del .build-deps; \
+	rm -rf /var/cache/apk/* /tmp/*
+
+FROM php:${BASE_TAG} AS runtime
+
+RUN set -eux; \
+	apk add --no-cache \
+	freetype \
+	libjpeg-turbo \
+	libpng \
+	libxml2 \
+	zlib \
+	icu-libs \
+	libzip \
+	mariadb-client \
+	openssl \
+	ca-certificates \
+	tzdata \
+	; \
+	update-ca-certificates || true
+
+# Copy built PHP and extensions from the build stage
+COPY --from=build /usr/local/lib/php /usr/local/lib/php
+COPY --from=build /usr/local/etc/php /usr/local/etc/php
+
+# Create a non-root application user and prepare webroot directory
+RUN addgroup -g 1000 app || true; \
+	adduser -D -u 1000 -G app app || true; \
+	mkdir -p /var/www/html; \
+	chown -R app:app /var/www/html; \
+	mkdir -p /var/run/php /run/php /var/log/php; \
+	chown -R app:app /var/run/php /run/php /var/log/php
+
+# Minimal security / production tuning for opcache and PHP
+RUN set -eux; \
+	{ \
+	echo 'opcache.enable=1'; \
+	echo 'opcache.memory_consumption=128'; \
+	echo 'opcache.interned_strings_buffer=8'; \
+	echo 'opcache.max_accelerated_files=10000'; \
+	echo 'opcache.revalidate_freq=2'; \
+	echo 'opcache.fast_shutdown=1'; \
+	echo 'opcache.enable_file_override=0'; \
+	} > /usr/local/etc/php/conf.d/zz-opcache.ini; \
+	{ \
+	echo 'expose_php = Off'; \
+	echo 'display_errors = Off'; \
+	echo 'log_errors = On'; \
+	echo 'error_log = /proc/self/fd/2'; \
+	} > /usr/local/etc/php/conf.d/zz-hardening.ini
+
+EXPOSE 9000
+
+HEALTHCHECK --interval=30s --timeout=3s --start-period=5s --retries=3 CMD pgrep -f "php-fpm" || exit 1
+
+WORKDIR /var/www/html
+
+# Copy pool configuration and entrypoint from shared path in repo root
+COPY --chown=root:root shared/php-fpm/www.conf /usr/local/etc/php-fpm.d/www.conf
+COPY --chown=root:root shared/php-fpm/entrypoint.sh /usr/local/bin/entrypoint.sh
+RUN chmod 755 /usr/local/bin/entrypoint.sh
+
+ENTRYPOINT ["/usr/local/bin/entrypoint.sh"]
+
+USER root
+
+CMD ["php-fpm"]