New development environment that uses Tailscale & Caddy

Author: jimwins

Dockerfile

@@ -1,4 +1,4 @@
-FROM php:8.3.2-fpm-alpine
+FROM php:8.3.3-fpm-alpine
 
 LABEL maintainer="Jim Winstead <jimw@trainedmonkey.com>"
 
@@ -30,11 +30,13 @@ RUN apk add --no-cache -X http://dl-cdn.alpinelinux.org/alpine/edge/testing \
           zip \
       && apk del -dev ${PHPIZE_DEPS}
 
+RUN mv "$PHP_INI_DIR/php.ini-production" "$PHP_INI_DIR/php.ini"
+
 WORKDIR /app
 
 COPY . /app
 
-COPY log.conf /usr/local/etc/php-fpm.d/
+COPY config/log.conf /usr/local/etc/php-fpm.d/
 
 RUN curl -sS https://getcomposer.org/installer | php \
         && mv composer.phar /usr/local/bin/ \

config/Caddyfile

@@ -0,0 +1,14 @@
+:80 {
+	# compress stuff
+	encode zstd gzip
+
+	# our root is in /srv
+	root * /srv/site
+
+	# pass everything else to php
+	php_fastcgi talapoin:9000 {
+		root /app/site
+	}
+
+	file_server
+}

config/log.conf

@@ -0,0 +1 @@
+access.format = "%{%FT%T%z}t %{REMOTE_ADDR}e %m %{REQUEST_URI}e %s %{mili}d"

config/tailscale/talapoin.json

@@ -0,0 +1,19 @@
+{
+    "TCP": {
+      "443": {
+        "HTTPS": true
+      }
+    },
+    "Web": {
+      "${TS_CERT_DOMAIN}:443": {
+        "Handlers": {
+          "/": {
+            "Proxy": "http://caddy:80"
+          }
+        }
+      }
+    },
+    "AllowFunnel": {
+      "${TS_CERT_DOMAIN}:443": false
+    }
+}

docker-compose.yml

@@ -0,0 +1,102 @@
+version: '3.4'
+
+services:
+  tailscale:
+    image: tailscale/tailscale:latest
+    hostname: talapoin
+    env_file: ./.env
+    environment:
+      - TS_SERVE_CONFIG=/config/talapoin.json
+      - TS_STATE_DIR=/var/lib/tailscale
+    volumes:
+      - tailscalestate:/var/lib/tailscale
+      - ./config/tailscale:/config
+      - /dev/net/tun:/dev/net/tun
+    cap_add:
+      - net_admin
+      - sys_module
+    restart: unless-stopped
+
+  caddy:
+    image: caddy:2.7.6
+    volumes:
+      - ./config:/etc/caddy
+      - ./:/srv
+      - caddy_data:/data
+      - caddy_config:/config
+    restart: unless-stopped
+
+  talapoin:
+    image: jimwins/talapoin
+    build: ./
+    env_file: ./.env
+    expose:
+      - "9000"
+    volumes:
+      - .:/app
+    restart: unless-stopped
+
+  db:
+    image: mysql:8.0.30
+    env_file: ./.env
+    # old password auth so sphinx can access it
+    command: [ mysqld, --local-infile=1, --default_authentication_plugin=mysql_native_password ]
+    expose:
+      - "3306"
+    volumes:
+      - ./db/init:/docker-entrypoint-initdb.d
+      - mysql_data:/var/lib/mysql
+    restart: unless-stopped
+
+  meilisearch:
+    image: getmeili/meilisearch:v1.6
+    env_file: ./.env
+    volumes:
+      - meilisearch_data:/meili_data
+    expose:
+      - "7700"
+    restart: unless-stopped
+
+#  elasticsearch:
+#    image: docker.elastic.co/elasticsearch/elasticsearch:8.12.0
+#    environment:
+#      - node.name=muck-node
+#      - discovery.type=single-node
+#      - cluster.name=muck-es-data-cluster
+#      - bootstrap.memory_lock=true
+#      - "ES_JAVA_OPTS=-Xms1024m -Xmx1024m"
+#    volumes:
+#      - elasticsearchdata:/usr/share/elasticsearch/data
+#    expose:
+#      - "9200"
+#    restart: always
+
+#  sphinxsearch:
+#    image: macbre/sphinxsearch:3.2.1
+#    links:
+#      - db
+#    env_file: ./config
+#    expose:
+#      - "9306"
+#    volumes:
+#      - ./search:/opt/sphinx/conf
+#      - searchdata:/var/data
+#    restart: always
+
+
+#  backup:
+#    build: backup
+#    env_file: ./config
+#    environment:
+#      - MYSQL_HOST=db
+#      - SCHEDULE=0 0 20 * * *
+#    restart: always
+
+volumes:
+  mysql_data:
+  caddy_data:
+  caddy_config:
+#  searchdata:
+#  elasticsearchdata:
+  meilisearch_data:
+  tailscalestate:

log.conf

@@ -0,0 +1,7 @@
+TS_AUTHKEY="tskey-client-{something}?ephemeral=false"
+TS_EXTRA_ARGS="--advertise-tags=tag:container --reset"
+MYSQL_ROOT_PASSWORD="whatever-you-want"
+MYSQL_DATABASE="database"
+MYSQL_USER="user"
+MYSQL_PASSWORD="password"
+MEILI_MASTER_KEY="some-sort-of-key"