Replace manifest setup

lsl · lsl · commit 96b98d90d2fb · 2018-04-22T02:13:04.000+10:00
Simplifies setup by removing manifest folder, flattening structure.

* Replaces ini file with inline php-fpm conf settings
* Fixes a number of issues around logging and the supervisor, see
lsl/docker-nginx-php-fpm for more in depth details
* Example updated to work with new changes
* Hides favicon logging
* Moves web root to /www from /var/www
diff --git a/.dockerignore b/.dockerignore
@@ -1 +1,3 @@
-.gitignore
+.gitignore
+example
+README.md
diff --git a/Dockerfile b/Dockerfile
@@ -20,12 +20,29 @@ RUN find /app/wordpress -type f -exec chmod 644 {} \;
 # Build image
 FROM alpine:3.7
 
-# Set user
-# Note: implicitly creates: /var/www, www group @ gid 1000
-# Previously using -G wheel (this might get reverted)
-RUN adduser -D -u 1000 -g 1000 -s /bin/sh -h /var/www www-data
+# Create user
+RUN adduser -D -u 1000 -g 1000 -s /bin/sh www-data && \
+    mkdir -p /www && \
+    chown -R www-data:www-data /www
 
-# PHP/FPM + Modules
+# Install tini - 'cause zombies - see: https://github.com/ochinchina/supervisord/issues/60
+# (also pkill hack)
+RUN apk add --no-cache --update tini
+
+# Install a golang port of supervisord
+COPY --from=ochinchina/supervisord:latest /usr/local/bin/supervisord /usr/bin/supervisord
+
+# Install nginx & gettext (envsubst)
+# Create cachedir and fix permissions
+RUN apk add --no-cache --update \
+    gettext \
+    nginx && \
+    mkdir -p /var/cache/nginx && \
+    chown -R www-data:www-data /var/cache/nginx && \
+    chown -R www-data:www-data /var/lib/nginx && \
+    chown -R www-data:www-data /var/tmp/nginx
+
+# Install PHP/FPM + Modules
 RUN apk add --no-cache --update \
     php7 \
     php7-apcu \
@@ -58,28 +75,13 @@ RUN apk add --no-cache --update \
     php7-zip \
     php7-zlib
 
-# tini - 'cause zombies - see: https://github.com/ochinchina/supervisord/issues/60
-# gettext - nginx env substitution
-RUN apk add --no-cache --update \
-    tini \
-    gettext \
-    nginx && \
-    rm -rf /var/www/localhost
-
-# Fix nginx dirs/perms
-RUN mkdir -p /var/cache/nginx && \
-    chown -R www-data:www-data /var/cache/nginx && \
-    chown -R www-data:www-data /var/lib/nginx && \
-    chown -R www-data:www-data /var/tmp/nginx
-
-# Install a golang port of supervisord
-COPY --from=ochinchina/supervisord:latest /usr/local/bin/supervisord /usr/bin/supervisord
-
 # Runtime env vars are envstub'd into config during entrypoint
-# Defaults: proto: http, name: localhost, alias: ''
-ENV SERVER_PROTO='http'
-ENV SERVER_NAME='localhost'
-ENV SERVER_ALIAS=''
+ENV SERVER_PROTO="http"
+ENV SERVER_NAME="localhost"
+ENV SERVER_ALIAS=""
+
+# Alias defaults to empty, example usage:
+# SERVER_ALIAS='www.example.com'
 
 # Wordpress config settings
 ENV DB_NAME='wordpress'
@@ -100,16 +102,17 @@ ENV SECURE_AUTH_SALT='set me'
 ENV LOGGED_IN_SALT='set me'
 ENV NONCE_SALT='set me'
 
-COPY /manifest /
-
-COPY --from=composer --chown=www-data:www-data /app/wordpress /var/www/wordpress
+COPY ./supervisord.conf /supervisord.conf
+COPY ./php-fpm-www.conf /etc/php7/php-fpm.d/www.conf
+COPY ./nginx.conf.template /nginx.conf.template
+COPY ./docker-entrypoint.sh /docker-entrypoint.sh
+COPY ./salt /usr/bin/salt
 
-COPY --chown=www-data:www-data wp-config.php /var/www/wordpress/wp-config.php
-
-WORKDIR /var/www/wordpress
+COPY --from=composer --chown=www-data:www-data /app/wordpress /www/wordpress
+COPY --chown=www-data:www-data ./wp-config.php /www/wordpress/wp-config.php
 
+# Nginx on :80
 EXPOSE 80
-
+WORKDIR /www
 ENTRYPOINT ["tini", "--"]
-CMD ["/docker-entrypoint.sh"]
-
+CMD [ "/docker-entrypoint.sh" ]
diff --git a/docker-entrypoint.sh b/docker-entrypoint.sh
@@ -5,10 +5,10 @@ SERVER_PROTO=${SERVER_PROTO:-http}
 SERVER_NAME=${VIRTUAL_HOST:-${SERVER_NAME:-localhost}}
 SERVER_ALIAS=${SERVER_ALIAS:-''}
 
-envsubst '$SERVER_NAME $SERVER_ALIAS' < /etc/nginx/nginx.conf.template > /etc/nginx/nginx.conf
+envsubst '$SERVER_NAME $SERVER_ALIAS' < /nginx.conf.template > /etc/nginx/nginx.conf
 
 # WordPress subs
 WP_SITE_URL=${WP_SITE_URL:-$SERVER_PROTO://$SERVER_NAME}
 WP_HOME=${WP_HOME:-$WP_SITE_URL}
 
-supervisord -c /etc/supervisord.conf
+supervisord -c /supervisord.conf
diff --git a/example/docker-compose.yml b/example/docker-compose.yml
@@ -26,14 +26,15 @@ services:
   web:
     build: ./site
     volumes:
-      - uploads:/var/www/wordpress/wp-content/uploads:rw
+      - uploads:/www/wordpress/wp-content/uploads:rw
     environment:
       VIRTUAL_HOST: "example.localhost"
+      SERVER_PROTO: "http"
       DB_NAME: wordpress
       DB_USER: wordpress
       DB_PASSWORD: wordpress
       DB_HOST: mysql
-      WP_DEBUG: 'false'
+      WP_DEBUG: "true"
 
   # Database
   mysql:
diff --git a/example/site/.dockerignore b/example/site/.dockerignore
@@ -1,2 +1,4 @@
 vendor
-wp-content
+wp-content
+README.md
+.gitignore
diff --git a/example/site/Dockerfile b/example/site/Dockerfile
@@ -1,11 +1,7 @@
 FROM lslio/composer:latest as composer
 
 COPY ./composer.* /app/
-RUN composer-install
-
-# Must use plugins (auto enable)
-RUN mv /app/wordpress/wp-content/plugins/all-in-one-wp-migration /app/wordpress/wp-content/mu-plugins/all-in-one-wp-migration
-RUN mv /app/wordpress/wp-content/plugins/lcache /app/wordpress/wp-content/mu-plugins/lcache
+RUN composer-install -d /app
 
 # Final Build
 FROM lslio/wordpress:latest
@@ -32,9 +28,9 @@ ENV SECURE_AUTH_SALT='?!LQjInJJf+HRBN!1mA7[iyRZICG=!lBW(]fC5|1Q52RzY>3-]Y3q*XBv2
 ENV LOGGED_IN_SALT='v2y2x%|cHs6v*thfr~MZG~[MNB-`r9Y~X_ ]f-Q9POmXu-3)p.Juo2-QC!hc^$IL'
 ENV NONCE_SALT='0zK_Ww(ljs]w?GHm}6as]w^_wP%!3Jc<~,Dt3pxS{`Rg$$9tsM[aRz$DL^KHW+Kp'
 
-COPY --from=composer --chown=www:www /app/wp-content /var/www/wordpress/wp-content
+COPY --from=composer --chown=www-data:www-data /app/wp-content /www/wordpress/wp-content
 
 # lcache needs some help
-USER www
-RUN ln -s /var/www/wordpress/wp-content/mu-plugins/wp-lcache/object-cache.php /var/www/wordpress/wp-content/object-cache.php
+USER www-data
+RUN ln -s /www/wordpress/wp-content/mu-plugins/wp-lcache/object-cache.php /www/wordpress/wp-content/object-cache.php
 USER root
diff --git a/manifest/etc/php7/conf.d/zz_php.ini b/manifest/etc/php7/conf.d/zz_php.ini
diff --git a/manifest/etc/php7/php-fpm.d/www.conf b/manifest/etc/php7/php-fpm.d/www.conf
diff --git a/manifest/etc/supervisord.conf b/manifest/etc/supervisord.conf
diff --git a/nginx.conf.template b/nginx.conf.template
@@ -1,12 +1,12 @@
-daemon off;
 
-user www-data;
-
-worker_processes 4;
 
 pid /run/nginx.pid;
 
-error_log /dev/stderr;
+user www-data;
+
+worker_processes auto;
+
+error_log /dev/stderr info;
 
 events {
   worker_connections 2048;
@@ -35,7 +35,9 @@ http {
 
   open_file_cache max=100;
 
-  access_log /dev/stdout;
+  log_format docker '$remote_addr $remote_user $status "$request" "$http_referer" "$http_user_agent" ';
+
+  access_log /dev/stdout docker;
 
   include /etc/nginx/mime.types;
 
@@ -45,7 +47,7 @@ http {
 
     server_name $SERVER_NAME $SERVER_ALIAS;
 
-    root /var/www/wordpress;
+    root /www/wordpress;
 
     index index.php;
 
@@ -64,5 +66,10 @@ http {
     location ~ /\.ht {
       deny all;
     }
+
+    location ~ ^/favicon {
+      log_not_found on;
+      access_log off;
+    }
   }
 }
diff --git a/php-fpm-www.conf b/php-fpm-www.conf
@@ -0,0 +1,48 @@
+[global]
+daemonize = no
+; stdout and stderr (/proc/self/fd/2) is routed to /proc/1/fd/2 via supervisord, as in process logs are output to docker output
+error_log = /dev/stderr
+log_level = notice
+
+[www]
+user = www-data
+group = www-data
+
+; Ignore these settings - dodgy php-fpm error handling is worked around
+; with the error_log directive below
+;access.log = /dev/stderr
+;access.format = "%R %u %s \"%m %r\""
+
+; Turning this on results in a double up of error logs, once for the worker, and secondarily for php-fpm. Instead we skip both and go straight to /proc/1/fd/2 via error_log set below.
+catch_workers_output = no
+
+clear_env = no
+
+listen = /run/php-fpm.sock
+listen.owner = www-data
+listen.group = www-data
+listen.mode = 0660
+
+pm = ondemand
+pm.process_idle_timeout = 10s
+pm.max_requests = 1000
+
+; Edited by /auto-fpm.sh
+pm.max_children = 5
+pm.max_spare_servers = 30
+
+; Admin settings can't be overridden
+php_admin_flag[log_errors] = on
+php_admin_value[log_errors_max_len] = 4096
+php_admin_value[error_log] = /proc/1/fd/2
+
+; Normals can be
+php_flag[display_errors] = off
+php_value[date.timezone] = UTC
+
+; this should match FPM_PROCESS_MEMORY_MB in /auto-fpm.sh
+php_value[memory_limit] = 128M
+php_value[upload_max_filesize] = 512M
+php_value[post_max_size] = 50M
+php_value[default_socket_timeout] = 300
+
diff --git a/salt b/salt
diff --git a/supervisord.conf b/supervisord.conf
@@ -0,0 +1,26 @@
+; All logging should be output on pid 1 fd 1 (stdout of tini)
+; Run everything foreground and kill supervisord if either fail
+
+[supervisord]
+nodaemon=true
+logfile=/dev/stdout
+logfile_maxbytes=0
+loglevel=warn
+user=root
+pidfile=/run/supervisord.pid
+
+[program:php-fpm]
+command=/bin/sh -c "php-fpm7 --nodaemonize || (echo 'php-fpm exited.' && pkill -9 supervisord)"
+autostart=true
+priority=5
+stdout_logfile=/dev/stdout
+stdout_logfile_maxbytes=0
+redirect_stderr=true
+
+[program:nginx]
+command=/bin/sh -c "nginx -g 'daemon off;' || (echo 'nginx exited.' && pkill -9 supervisord)"
+autostart=true
+priority=10
+stdout_logfile=/dev/stdout
+stdout_logfile_maxbytes=0
+redirect_stderr=true
