michael/michaelschiemer
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
85e2360a905da35bca66d14d057cc10c804d072f
michaelschiemer/Dockerfile.production
Michael Schiemer 36ef2a1e2c
Some checks failed
🚀 Build & Deploy Image / Determine Build Necessity (push) Failing after 10m14s
Details
🚀 Build & Deploy Image / Build Runtime Base Image (push) Has been skipped
Details
🚀 Build & Deploy Image / Build Docker Image (push) Has been skipped
Details
🚀 Build & Deploy Image / Run Tests & Quality Checks (push) Has been skipped
Details
🚀 Build & Deploy Image / Auto-deploy to Staging (push) Has been skipped
Details
🚀 Build & Deploy Image / Auto-deploy to Production (push) Has been skipped
Details
Security Vulnerability Scan / Check for Dependency Changes (push) Failing after 11m25s
Details
Security Vulnerability Scan / Composer Security Audit (push) Has been cancelled
Details
fix: Gitea Traefik routing and connection pool optimization 
- Remove middleware reference from Gitea Traefik labels (caused routing issues)
- Optimize Gitea connection pool settings (MAX_IDLE_CONNS=30, authentication_timeout=180s)
- Add explicit service reference in Traefik labels
- Fix intermittent 504 timeouts by improving PostgreSQL connection handling

Fixes Gitea unreachability via git.michaelschiemer.de
2025-11-09 14:46:15 +01:00

155 lines
4.1 KiB
Docker
Raw Blame History

# Production Dockerfile - Multi-Stage Build
ARG PHP_VERSION=8.5.0RC4
# Override via --build-arg PHP_VERSION=8.5.0RCX to track upstream releases
ARG RUNTIME_IMAGE=runtime-base
# Stage: Composer Dependencies (Production)
FROM php:${PHP_VERSION}-fpm AS composer-deps-production
WORKDIR /app
# Copy composer files
COPY composer.json composer.lock ./
# Install system dependencies for Composer
RUN apt-get update && apt-get install -y \
git \
unzip \
&& apt-get clean \
&& rm -rf /var/lib/apt/lists/*
# Install Composer
COPY --from=composer:latest /usr/bin/composer /usr/bin/composer
RUN --mount=type=cache,target=/root/.composer/cache \
composer install \
--no-dev \
--no-scripts \
--no-autoloader \
--ignore-platform-reqs \
--prefer-dist
# Copy application code
COPY . .
# Generate optimized autoloader
RUN composer dump-autoload --optimize --classmap-authoritative
# Stage: Frontend Build
FROM node:20-alpine AS frontend-build
WORKDIR /app
# Copy package files
COPY package.json package-lock.json ./
# Install npm dependencies
RUN --mount=type=cache,target=/root/.npm \
npm ci --production=false
# Copy source files needed for build
COPY resources ./resources
COPY vite.config.js ./
COPY tsconfig.json ./
# Build production assets
RUN npm run build
# Stage: Runtime Base Image (shared)
ARG PHP_VERSION=8.5.0RC4
FROM php:${PHP_VERSION}-fpm AS runtime-base
# Install system dependencies + nginx for production
RUN apt-get update && apt-get install -y \
nginx \
curl \
git \
unzip \
libzip-dev \
libpng-dev \
libjpeg-dev \
libfreetype6-dev \
libwebp-dev \
libavif-dev \
libxpm-dev \
libsodium-dev \
libpq-dev \
&& apt-get clean \
&& rm -rf /var/lib/apt/lists/*
# Install PHP extensions required at runtime
RUN docker-php-ext-configure gd \
--with-freetype \
--with-jpeg \
--with-webp \
--with-avif \
--with-xpm \
&& docker-php-ext-install -j$(nproc) gd
RUN docker-php-ext-install -j$(nproc) \
zip \
pdo \
pdo_mysql \
pdo_pgsql \
pcntl \
posix \
shmop \
bcmath \
sodium
# Install PECL extensions
RUN pecl install apcu redis-6.3.0RC1 \
&& docker-php-ext-enable apcu redis
# Configure APCu defaults
RUN echo "apc.enable_cli=1" >> /usr/local/etc/php/conf.d/docker-php-ext-apcu.ini \
&& echo "apc.shm_size=128M" >> /usr/local/etc/php/conf.d/docker-php-ext-apcu.ini
# Install Composer into the runtime image for artisan usage
COPY --from=composer:latest /usr/bin/composer /usr/bin/composer
# Stage: Production Runtime
FROM ${RUNTIME_IMAGE} AS production
# Set working directory
WORKDIR /var/www/html
# Configure PHP for production
COPY docker/php/php.production.ini /usr/local/etc/php/conf.d/zzz-custom.ini
COPY docker/php/opcache.ini /usr/local/etc/php/conf.d/opcache.ini
# Configure PHP-FPM (clear_env = no for Docker secrets)
COPY docker/php/www.production.conf /usr/local/etc/php-fpm.d/www.conf
# Configure Nginx for Traefik integration
COPY docker/nginx/nginx.production.conf /etc/nginx/nginx.conf
COPY docker/nginx/default.traefik.conf /etc/nginx/sites-available/default
RUN ln -sf /etc/nginx/sites-available/default /etc/nginx/sites-enabled/default
# Copy application code and dependencies
COPY --chown=www-data:www-data . .
COPY --from=composer-deps-production --chown=www-data:www-data /app/vendor ./vendor
COPY --from=frontend-build --chown=www-data:www-data /app/public/assets ./public/assets
COPY --from=frontend-build --chown=www-data:www-data /app/public/.vite ./public/.vite
# Create required directories
RUN mkdir -p storage/logs storage/cache storage/uploads \
&& chown -R www-data:www-data storage \
&& chmod -R 775 storage
# Copy entrypoint script for production (overrides runtime base when rebuilt)
COPY docker/entrypoint.sh /usr/local/bin/entrypoint.sh
RUN chmod +x /usr/local/bin/entrypoint.sh
# Healthcheck
HEALTHCHECK --interval=30s --timeout=3s --start-period=40s --retries=3 \
CMD curl -f http://localhost/health || exit 1
# Expose HTTP only (Traefik handles HTTPS)
EXPOSE 80
# Use production entrypoint
ENTRYPOINT ["/usr/local/bin/entrypoint.sh"]
CMD ["nginx-php-fpm"]
Reference in New Issue View Git Blame Copy Permalink