Merge branch 'config' into develop

Merge a functional docker image of nginx and php.
This is still WIP and needs to be cleaned up.

* config:
  Set workdir and exposing ports
  Change `composer selfupdate` in entrypoint
  Add docker-entrypoint
  Install and configure Honcho
  Install PHP composer and git
  Install supervisord
  Apply advanced PHP configuration and use PHP-FPM socket
  Use www-data user and supply default config for Nginx
  Add GPG verification for PHP archive
  Add readline support for PHP and remove more punctuation
  Add default nginx.conf and overwrite existing one

Author: rtucek

Dockerfile

@@ -11,21 +11,26 @@ RUN \
         # In general...
         build-essential \
         curl \
+        supervisor \
 
         # For Nginx
-        libssl-dev \
         libpcre3-dev \
+        libssl-dev \
 
         # For PHP
         bison \
         libbz2-dev \
         libcurl4-openssl-dev \
         libpng12-dev \
         libpq-dev \
+        libreadline-dev \
         libxml2-dev \
         libxslt1-dev \
         pkg-config \
-        re2c && \
+        re2c \
+
+        # For PHP composer
+        git && \
 
     # Prepare for building
     mkdir -p /tmp/build
@@ -39,8 +44,9 @@ RUN \
 
 RUN \
     cd /tmp/build/nginx && \
-    # Verify signature
-    curl -SLO https://nginx.org/download/nginx-${NGINX_VERSION}.tar.gz.asc && \
+
+    # GPG keys from the main maintainers of Nginx
+    # Source https://nginx.org/en/pgp_keys.html
     curl -SLO https://nginx.org/keys/nginx_signing.key && \
     gpg --import nginx_signing.key && \
     curl -SLO https://nginx.org/keys/aalexeev.key && \
@@ -53,6 +59,9 @@ RUN \
     gpg --import maxim.key && \
     curl -SLO https://nginx.org/keys/sb.key && \
     gpg --import sb.key && \
+
+    # Verify signature
+    curl -SLO https://nginx.org/download/nginx-${NGINX_VERSION}.tar.gz.asc && \
     gpg nginx-${NGINX_VERSION}.tar.gz.asc
 
 RUN \
@@ -64,6 +73,8 @@ RUN \
     cd /tmp/build/nginx/nginx-${NGINX_VERSION} && \
     # Run configuration
     ./configure \
+        --group=www-data \
+        --user=www-data \
         --with-file-aio \
         --with-http_gunzip_module \
         --with-http_gzip_static_module \
@@ -87,8 +98,17 @@ RUN \
     # Download PHP
     curl -SLo php-${PHP_VERSION}.tar.gz http://ch1.php.net/get/php-${PHP_VERSION}.tar.gz/from/this/mirror
 
-# RUN \
-    # TODO SIG VERIFICATION!!!
+RUN \
+    cd /tmp/build/php/ && \
+
+    # GPG keys from the release managers of PHP 7.0
+    # Source https://secure.php.net/gpg-keys.php#gpg-7.0
+    gpg --keyserver pgp.mit.edu/ --recv "1A4E 8B72 77C4 2E53 DBA9  C7B9 BCAA 30EA 9C0D 5763" && \
+    gpg --keyserver pgp.mit.edu/ --recv "6E4F 6AB3 21FD C07F 2C33  2E3A C2BF 0BC4 33CF C8B3" && \
+
+    # Verify signature
+    curl -SLo php-${PHP_VERSION}.tar.gz.asc http://ch1.php.net/get/php-${PHP_VERSION}.tar.gz.asc/from/this/mirror && \
+    gpg php-${PHP_VERSION}.tar.gz.asc
 
 RUN \
     cd /tmp/build/php && \
@@ -102,23 +122,102 @@ RUN \
         --enable-fpm \
         --enable-mbregex \
         --enable-mbstring \
+        --enable-mbstring=all \
         --enable-opcache \
         --enable-sockets \
         --enable-zip \
+        --enable-zip \
         --with-bz2 \
         --with-curl \
+        --with-fpm-group=www-data \
+        --with-fpm-user=www-data \
         --with-gd \
         --with-gettext \
         --with-openssl \
         --with-pcre-regex \
         --with-pdo-mysql \
         --with-pdo-pgsql \
+        --with-readline \
         --with-xsl \
         --with-zlib
 
 RUN \
     cd /tmp/build/php/php-${PHP_VERSION} && \
-    # Compile, test and install.
+    # Compile, test and install
     make -j$(nproc) build && \
     make test && \
     make install
+
+# Nginx configuration
+COPY nginx.conf /usr/local/nginx/conf/nginx.conf
+
+RUN \
+    # Fix permissions
+    chown -R www-data:www-data /usr/local/nginx/html && \
+
+    # Symlink Nginx binary
+    ln -s /usr/local/nginx/sbin/nginx /usr/local/sbin/ && \
+
+    # Copy PHP-FPM configuration files
+    cp /tmp/build/php/php-${PHP_VERSION}/sapi/fpm/php-fpm.conf /usr/local/etc/php-fpm.conf && \
+    cp /tmp/build/php/php-${PHP_VERSION}/sapi/fpm/www.conf /usr/local/etc/www.conf && \
+    cp /tmp/build/php/php-${PHP_VERSION}/php.ini-development /usr/local/php/php.ini && \
+
+    # Patch PHP-FPM for proper loading www.conf
+    sed -Ei \
+        -e 's/^;?\s*daemonize\s*=\s*yes/daemonize = no/' \
+        -e 's/^;?\s*include=NONE\/etc\/php-fpm.d\/\*.conf/include=\/usr\/local\/etc\/www.conf/' \
+        /usr/local/etc/php-fpm.conf && \
+
+    # Patch www.conf config connection establishment
+    sed -Ei \
+        -e 's/^;?\s*listen\s*=.*/listen = \/var\/run\/php-fpm.sock/' \
+        -e 's/^;?\s*?\s*listen.owner\s*=.*/listen.owner = www-data/' \
+        -e 's/^;?\s*?\s*listen.group\s*=.*/listen.group = www-data/' \
+        -e 's/^;?\s*?\s*listen.mode\s*=.*/listen.mode = 0660/' \
+        /usr/local/etc/www.conf && \
+
+    # Patch PHP config files on the fly
+    sed -Ei \
+        -e 's/^;?\s*expose_php\s*=.*/expose_php = Off/' \
+        -e 's/^;?\s*cgi.fix_pathinfo\s*=.*/cgi.fix_pathinfo=0/' \
+        -e 's/^;?\s*error_log\s*=.*/error_log = \/usr\/local\/nginx\/logs\/error-php.log/' \
+        -e 's/^;?\s*date.timezone\s*=.*/date.timezone = \"UTC\"/' \
+        -e 's/^;?\s*opcache.enable\s*=.*/opcache.enable = 1/' \
+        -e 's/^;?\s*opcache.enable_cli\s*=.*/opcache.enable_cli=1/' \
+        -e 's/^;?\s*opcache.memory_consumption\s*=.*/opcache.memory_consumption = 256/' \
+        -e 's/^;?\s*opcache.max_accelerated_files\s=.*/opcache.max_accelerated_files = 10000/' \
+        /usr/local/php/php.ini
+
+RUN \
+    # Install PHP composer
+    php -r "copy('https://getcomposer.org/installer', 'composer-setup.php');" && \
+    php -r "if (hash_file('SHA384', 'composer-setup.php') === 'aa96f26c2b67226a324c27919f1eb05f21c248b987e6195cad9690d5c1ff713d53020a02ac8c217dbf90a7eacc9d141d') { echo 'Installer verified'; } else { echo 'Installer corrupt'; unlink('composer-setup.php'); } echo PHP_EOL;" && \
+    php composer-setup.php --install-dir=/usr/local/bin --filename=composer && \
+    php -r "unlink('composer-setup.php');"
+
+# Install Honcho
+RUN \
+    apt-get install -y \
+        python-pip && \
+    pip install honcho
+
+# Configure Honcho
+COPY Procfile /
+
+# Add entrypoint for docker
+COPY docker-entrypoint /
+RUN \
+    chmod +x /docker-entrypoint
+
+# Declare entrypoint
+ENTRYPOINT ["/docker-entrypoint"]
+
+# Define default command
+CMD ["server"]
+
+# Define Workdir
+WORKDIR "/usr/local/nginx/html"
+
+# Exposing ports
+EXPOSE 80/tcp 443/tcp

Procfile

@@ -0,0 +1,2 @@
+nginx: /usr/local/sbin/nginx
+phpfpm: /usr/local/sbin/php-fpm

docker-entrypoint

@@ -0,0 +1,23 @@
+#!/bin/bash
+
+# Fix permission ownership
+chown -R www-data:www-data /usr/local/nginx/html/
+
+# Create PHP error log if not present
+# touch /usr/local/nginx/logs/error-php.log
+# chown www-data:www-data /usr/local/nginx/logs/error-php.log
+
+# Update PHP composer
+# Update PHP composer to most most recent version (as of now the current version is v1.2.2).
+# By default, we will try to update to the most recent version of PHP composer.
+# However, this blocks starting the initial process IF you have a bad or no Internet connection at
+# all. To avoid this, you can start the container with SKIP_COMPOSER_UPDATE env set to 1.
+if [[ $SKIP_COMPOSER_UPDATE != "1" ]]; then
+    composer selfupdate -vvvn
+fi
+
+if [[ $1 == "server" ]]; then
+    exec honcho -d / start
+fi
+
+exec "$@"

nginx.conf

@@ -0,0 +1,87 @@
+master_process  on;
+daemon          off;
+
+user                www-data www-data;
+worker_processes    auto;
+
+error_log logs/error-nginx.log;
+error_log logs/error-nginx.log notice;
+error_log logs/error-nginx.log info;
+
+pid /var/run/nginx.pid;
+
+events {
+    worker_connections 1024;
+}
+
+http {
+    include         mime.types;
+    default_type    application/octet-stream;
+
+    log_format main '$remote_addr - $remote_user [$time_local] "$request" '
+        '$status $body_bytes_sent "$http_referer" '
+        '"$http_user_agent" "$http_x_forwarded_for"';
+
+    sendfile on;
+
+    keepalive_timeout 15;
+
+    gzip            on;
+    gzip_comp_level 2;
+    gzip_min_length 1000;
+    gzip_proxied    expired no-cache no-store private auth;
+    gzip_types      text/plain application/x-javascript text/xml text/css application/xml;
+
+    server {
+        listen      80 default_server;
+        server_name localhost;
+
+        root    /usr/local/nginx/html;
+        index   index.php index.html index.htm;
+
+        access_log logs/http-access.log main;
+
+        location ~ \.php {
+            include                     fastcgi_params;
+            fastcgi_keep_conn           on;
+            fastcgi_index               index.php;
+            fastcgi_split_path_info     ^(.+\.php)(/.+)$;
+            fastcgi_param               PATH_INFO  $fastcgi_path_info;
+            fastcgi_param               SCRIPT_FILENAME $document_root$fastcgi_script_name;
+            fastcgi_intercept_errors    on;
+            fastcgi_pass                unix:/var/run/php-fpm.sock;
+        }
+
+    }
+
+    # server {
+    #     listen      443 ssl;
+    #     server_name localhost;
+
+    #     ssl_protocols               TLSv1.2 TLSv1.1 TLSv1;
+    #     ssl_prefer_server_ciphers   on;
+    #     ssl_ciphers                 "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS !RC4 !MEDIUM";
+
+    #     ssl_certificate     /etc/ssl/private/cert.pem;
+    #     ssl_certificate_key /etc/ssl/private/cert.key;
+
+    #     ssl_session_cache       shared:SSL:10m;
+    #     ssl_session_timeout     5m;
+
+    #     root    /usr/local/nginx/html;
+    #     index   index.php index.html index.htm;
+
+    #     access_log logs/https-access.log main;
+
+    #     location ~ \.php {
+    #         include                     fastcgi_params;
+    #         fastcgi_keep_conn           on;
+    #         fastcgi_index               index.php;
+    #         fastcgi_split_path_info     ^(.+\.php)(/.+)$;
+    #         fastcgi_param               PATH_INFO $fastcgi_path_info;
+    #         fastcgi_param               SCRIPT_FILENAME $document_root$fastcgi_script_name;
+    #         fastcgi_intercept_errors    on;
+    #         fastcgi_pass                unix:/var/run/php-fpm.sock;
+    #     }
+    # }
+}