fix: DockerSecretsResolver - don't normalize absolute paths like /var/www/html/...

2025-11-24 21:28:25 +01:00
parent 4eb7134853
commit 77abc65cd7
1327 changed files with 91915 additions and 9909 deletions
--- a/docker/nginx/default.traefik.conf
+++ b/docker/nginx/default.traefik.conf
@@ -2,7 +2,7 @@
 # Traefik handles SSL termination - this listens on HTTP:80 only

 upstream php-upstream {
-    server 127.0.0.1:9000;
+    server production-php:9000;
 }

 server {
--- a/docker/php/Dockerfile
+++ b/docker/php/Dockerfile
@@ -17,9 +17,23 @@ RUN apt-get update && apt-get install -y \
    libxpm-dev \
    libsodium-dev \
    libpq-dev \
+    ca-certificates \
+    curl \
+    gnupg \
+    lsb-release \
    && apt-get clean \
        && rm -rf /var/lib/apt/lists/*

+# Install Docker CLI (for Docker management from within container)
+RUN install -m 0755 -d /etc/apt/keyrings \
+    && curl -fsSL https://download.docker.com/linux/debian/gpg | gpg --dearmor -o /etc/apt/keyrings/docker.gpg \
+    && chmod a+r /etc/apt/keyrings/docker.gpg \
+    && echo "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/debian $(lsb_release -cs) stable" | tee /etc/apt/sources.list.d/docker.list > /dev/null \
+    && apt-get update \
+    && apt-get install -y docker-cli \
+    && apt-get clean \
+    && rm -rf /var/lib/apt/lists/*
+
 RUN docker-php-ext-configure gd \
            --with-freetype \
            --with-jpeg \
--- a/docker/php/docker-entrypoint.sh
+++ b/docker/php/docker-entrypoint.sh
@@ -40,6 +40,19 @@ chown -R appuser:appuser /var/www/html/cache 2>/dev/null || true
 chmod -R 775 /var/www/html/var 2>/dev/null || true
 chmod -R 775 /var/www/html/cache 2>/dev/null || true

+# Add appuser to docker group if docker socket exists (for Docker CLI access)
+if [ -S /var/run/docker.sock ]; then
+    DOCKER_GID=$(stat -c '%g' /var/run/docker.sock 2>/dev/null || echo "")
+    if [ -n "$DOCKER_GID" ] && [ "$DOCKER_GID" != "0" ]; then
+        # Create docker group with correct GID if it doesn't exist
+        if ! getent group docker >/dev/null 2>&1; then
+            groupadd -g "$DOCKER_GID" docker 2>/dev/null || true
+        fi
+        # Add appuser to docker group
+        usermod -aG docker appuser 2>/dev/null || true
+    fi
+fi
+
 # For PHP-FPM, run as root and let it manage user switching internally
 # PHP-FPM will drop privileges to the user specified in pool configuration
 # For other commands (console.php, etc.), switch to appuser