updated docker-compose

contrib/util/docker/dockers/dev-nginx/Dockerfile

@@ -0,0 +1,22 @@
+#
+# Copyright (C) 2018 Brady Miller <brady.g.miller@gmail.com>
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 3 of the License, or
+# (at your option) any later version.
+#
+# php-fpm Dockerfile build for openemr development docker environment
+# This docker is hosted here: https://hub.docker.com/r/openemr/dev-php-fpm/ <tag is 7.2>
+#
+FROM nginx
+
+# Copy over the nginx.conf conf
+COPY nginx.conf /etc/nginx/nginx.conf
+
+# Copy over the dummy self signed key/cert
+COPY dummy-cert /etc/nginx/dummy-cert
+COPY dummy-key /etc/nginx/dummy-key
+
+# Needed to ensure permissions work across shared volumes with openemr, nginx, and php-fpm dockers
+RUN usermod -u 1000 nginx

contrib/util/docker/dockers/dev-nginx/dummy-cert

@@ -0,0 +1,21 @@
+-----BEGIN CERTIFICATE-----
+MIIDhTCCAm2gAwIBAgIJANY3h5+fH4BeMA0GCSqGSIb3DQEBCwUAMFkxCzAJBgNV
+BAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBX
+aWRnaXRzIFB0eSBMdGQxEjAQBgNVBAMMCWxvY2FsaG9zdDAeFw0xODA2MTkwNjE4
+MTlaFw0yODA2MTYwNjE4MTlaMFkxCzAJBgNVBAYTAkFVMRMwEQYDVQQIDApTb21l
+LVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQxEjAQBgNV
+BAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAOVX
+qQBVb+gjxpsXW9qLdA3IuoiMpwyd7aCbkyJp9XoRTEzPL38PxnB/kyfT8Ft1tCDE
+prc6lmP7Ag5ocTmU9Ezz1cer4ialR83QADBMwpG4EmLrme8B89iKO3MM1tlXL5w9
+1sp/UJYZpD4/gHASt0pstj73gHwUn6yeC7DzQ1aWkORJ90+0uWNtyL9sLNBMNrkf
+dHJG7mBVMYKipQdP9aIwe557uktmA0thhazcbdprdsOsIa0Ad3k4ShpsjLOzzyG8
+SICWt/r9h28tfaEV/8EUR09hwxP11yaJm/XNgXVgx+8pI3RxwAzB/KY27rBzuEHV
+hI2zWMcGnKfj8WMt8i0CAwEAAaNQME4wHQYDVR0OBBYEFFmoQt7EreB9ge+lBNwg
+z9p63jT7MB8GA1UdIwQYMBaAFFmoQt7EreB9ge+lBNwgz9p63jT7MAwGA1UdEwQF
+MAMBAf8wDQYJKoZIhvcNAQELBQADggEBAJEyfbY2NeNV9B9MmZ1Ffkxz/sunoGrf
+7ECFjfhpSpXgzdy2Tfo+jPkhLf249Ehzy7KPBaSJMmEIqDa8KtYkOl6AVtMn+9cu
+mA4c9tWYWfNz+/RplDMo5kikTIejkMzInM3O5I7/0yvYkLlOrr5WupvaffBbWxdq
+mtjC8IFxJ2LpRwN1eYTQyhuQf2c94KETpB9LB3YkahGOy2nTdByakm79PMhBsj71
+HrmBSg4cNZkBEhWnH9mIN37sh0BDbhJdHHZDOYauWdUo2rZm8MWqNQDICIHvO3eV
+cBM2jO5tAKHAAwKar9oJWHVKIeJDZ9Jj79xjmNeQHq9c6z2XxLxe+0A=
+-----END CERTIFICATE-----

contrib/util/docker/dockers/dev-nginx/dummy-key

@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDlV6kAVW/oI8ab
+F1vai3QNyLqIjKcMne2gm5MiafV6EUxMzy9/D8Zwf5Mn0/BbdbQgxKa3OpZj+wIO
+aHE5lPRM89XHq+ImpUfN0AAwTMKRuBJi65nvAfPYijtzDNbZVy+cPdbKf1CWGaQ+
+P4BwErdKbLY+94B8FJ+snguw80NWlpDkSfdPtLljbci/bCzQTDa5H3RyRu5gVTGC
+oqUHT/WiMHuee7pLZgNLYYWs3G3aa3bDrCGtAHd5OEoabIyzs88hvEiAlrf6/Ydv
+LX2hFf/BFEdPYcMT9dcmiZv1zYF1YMfvKSN0ccAMwfymNu6wc7hB1YSNs1jHBpyn
+4/FjLfItAgMBAAECggEAMESHxBM3LzNAXGnJIjDRZwlFAPIhQk2GspOrnsWQLXWw
+ikXcqDBIwmqHLQ20+3rFQ1RABjYlartsTl363nSUChITfyeUvC9y8kUBlSjClmqY
+LAuL5TqS+JL3OhqMqUdpNMfrCclLy5tv7s3smSnHO7mvjYcHmpW4mVrV+RLprDI0
+H82z8LnQIBOUlHJcVS5kK9Nh71P+Lnfa4VzrAE03H8elpReYQKJAxrWtBZfeggAJ
+/Yrb0sG5UclB6gzc12CPyCRSyCGcpWzGzzZTgCWRJO+Iocjy25Jdot5XZ4rmlnLq
+gixuY1CZTov0k6NzVnk7cGo6FWqgL2O9oHZLjIiCHQKBgQD2xagZQ3/ZlnN4y+3n
+QZXv8+XwevWaHt7ceVrH3/ZhrT88ezRpt1uMbUTMYXyN+hg3UBr/sZy057ISDGm8
+rh9ZB+80ff+S/2f/SGig2l3MBh5cBiDVOJljuVGTFzeNzGISeFZPlg8cmTPrSNG5
+KADXPNjchvfsLGtp5OyR1gT1LwKBgQDt6yZROVSwZnA/86lRF4Ffnk/1int9AVYW
+NMVXnAPSfGrFQho+jVmPXiGz8bGmC5jne/C6rvLpuIupoxcVD6HNmUnqQoqVWFu/
+8YR2zE4NHate+/Cbg7KMKbdQpMin2qJMd8CvFlNoWmturJdI6UQzrKDZQSCyHIKR
+lOIHZNivYwKBgCvwM6cT6q6+aB8JCHoVpnHMFpQEALkJaBsPjIdsLD1mEI1fTozI
+NgfB6O8PKJNLBYbLv5LpeAKKAp3OEgGjazd5/zB0gs4UpdrBdMe3Od469Krj+HKe
+mkk0VP8AskaQLqIlRRD0ogowiRsKozT5l3S7g814RqqJmjKHrUumNMnHAoGAP2KK
+jtErUuO3vBH6ZfRRL1xKCSyfwan9eWUNvk1+ZzFmcK8vtsKJvbxiVkJqBcbJMcK/
+W70IUmQsMUGWALJtdQ0FuDeKHEeyCe0aUVwU30GsSl3suEHZ66WhhQahvrZsztqI
+pxzXk9GjFZU9qNscpHe1UqwbPdiCoK59mWKwp+kCgYEAljDEm3MXh002IyQd4gSI
+wGpHSxGbqIDNx1tQcAXhxsxjSvsTMett32+N5FXHaY+Jj2qYeRDD0C8mzhZbF0Uf
+hMRgj5XSxJ0Plx6WRPgT9u7xV0zBgFgLo9ncAf2s8tPy6qY2zGq296MtqdzbWD9S
+uGgd+MWE6EUq6fhTBus7WUc=
+-----END PRIVATE KEY-----

contrib/util/docker/dockers/dev-nginx/nginx.conf

@@ -0,0 +1,221 @@
+worker_processes  auto;
+error_log  /var/log/nginx/error.log;
+events {
+    worker_connections  1024;
+}
+# start the http block
+http {
+    include       mime.types;
+    default_type  application/octet-stream;
+
+    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
+                      '$status $body_bytes_sent "$http_referer" '
+                      '"$http_user_agent" "$http_x_forwarded_for"';
+    access_log  /var/log/nginx/access.log  main;
+
+    sendfile        on;
+    #tcp_nopush     on;
+
+    #keepalive_timeout  0;
+    server_names_hash_bucket_size 128;
+    keepalive_timeout  65;
+
+    gzip  off;
+    #upstream php {
+        #server unix:/var/run/php-fpm.sock;
+    #}
+    index  index.html index.htm index.php;
+
+    ssl_certificate      /etc/nginx/dummy-cert;
+    ssl_certificate_key    /etc/nginx/dummy-key;
+
+    #  http host for php 7.1 connect
+    #  redirects to ssl only host below
+    server {
+        # Note that the different ports are used below to decide
+        # which version of php-fpm to use
+        listen 80;
+        listen 81;
+        listen 82;
+        listen 83;
+        listen 84;
+        listen 85;
+        listen 86;
+        listen 87;
+        listen 443 ssl;
+        listen 444 ssl;
+        listen 445 ssl;
+        listen 446 ssl;
+        listen 447 ssl;
+        listen 448 ssl;
+        listen 449 ssl;
+        listen 450 ssl;
+        server_name  example.net www.example.net;
+        root /usr/share/nginx/html/openemr;
+
+        ## redirect www to nowww
+        #if ($host = 'www.example.net' ) {
+            #rewrite  ^/(.*)$  https://example.net/$1  permanent;
+        #}
+
+        #access_log /var/log/*/example.net_access_log main;
+        #error_log    /var/log/*/example.net_error_log notice;
+
+        # openemr specific SSL settings, I am still working on this?
+        #include openemr-ssl.conf;
+
+        # restrict/protect certain files
+        #include globals.conf;
+        # globals.conf configuration file.
+        # Designed to be included in any server {} block
+        # If this server only hosts openemr, this file can be merged with openemr.conf
+
+        # Stops the annoying error messages in the logs. robots are not allowed
+        location = /favicon.ico {
+            log_not_found off;
+            access_log off;
+        }
+
+        location = /robots.txt  {
+            log_not_found off;
+            access_log off;
+        }
+
+        # Deny all attempts to access hidden files such as .htaccess, .htpasswd, .DS_Store (Mac).
+        # Keep logging the requests to parse later (or to pass to firewall utilities such as fail2ban)
+        location ~ /\. {
+            deny all;
+        }
+
+        # protect or deny access to important server information and testing files
+        # alternatively, you can deny access to all files using {deny all; return 404;} or remove them
+        #location ~* /(info|test)\.php$ {
+            #auth_basic "Restricted Access";
+            #auth_basic_user_file /path/to/.htpasswd;
+            #fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
+            #fastcgi_pass fastcgi_pass dev-php-fpm-7-1:9000;
+            #include fastcgi_params;
+        #}
+
+        # Not sure if openemr needs this. it comes from wordpress
+        location ~* \.(js|css|png|jpg|jpeg|gif|ico)$ {
+            access_log off;
+            log_not_found off;
+            expires max;
+        }
+
+        ## Deny certain Referers
+        if ( $http_referer ~* (babes|forsale|girl|jewelry|love|nudit|organic|poker|porn|sex|teen) ) {
+            #return 404;
+            return 403;
+        }
+
+        # Stop deep linking or hot linking
+        location /images/ {
+            valid_referers none blocked www.example.com example.com;
+            if ($invalid_referer) {
+                return   403;
+            }
+        }
+        # end globals.conf configuration file.
+
+        # deny access to writable files/directories
+        location ~* ^/sites/*/(documents|edi|era) {
+            deny all;
+        }
+
+        # Pick one of the following two blockc, but not both:
+        # protect special files from outside openemer login, and restrict them to superAdmins only
+        #location ~* ^/(admin|setup|acl_setup|acl_upgrade|sl_convert|sql_upgrade|gacl/setup|ippf_upgrade|sql_patch)\.php {
+            #auth_basic 				"Restricted Access";
+            #auth_basic_user_file 	/path/to/.htpasswd;
+            #fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
+            #fastcgi_pass dev-php-fpm-7-1:9000;
+            #include fastcgi_params;
+        #}
+
+        # Alternatively all access to these files can be denied
+        #location ~* ^/(admin|setup|acl_setup|acl_upgrade|sl_convert|sql_upgrade|gacl/setup|ippf_upgrade|sql_patch)\.php {
+            #deny all;
+            #return 404;
+        #}
+
+        if (!-e $request_filename) {
+            # Needed for zend to work
+            rewrite ^(.*/zend_modules/public)(.*) $1/index.php?$is_args$args last;
+
+            # Needed for patient portal to work
+            rewrite ^(.*/portal/patient)(.*) $1/index.php?_REWRITE_COMMAND=$1$2 last;
+        }
+
+        location / {
+            # try as file ($uri), as directory ($uri/) if not found, send to index file
+            # no php is touched for static content
+            try_files $uri $uri/ /index.php;
+        }
+
+        # redirect server error pages to the static page /50x.html
+        #error_page   500 502 503 504  /50x.html;
+        #location = /50x.html {
+            #root   /usr/local/www/nginx-dist;
+        #}
+
+        # pass the PHP scripts to the FastCGI server listening on unix socket, in this case php-fpm
+        # NOTE this is using if statements to decide which version of php-fpm to use, which is
+        #      dependent on the port of the server that is used
+        location ~* \.php$ {
+            try_files $uri =404;
+            fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
+            if ($server_port = 80) {
+                fastcgi_pass dev-php-fpm-5-6:9000;
+            }
+            if ($server_port = 443) {
+                fastcgi_pass dev-php-fpm-5-6:9000;
+            }
+            if ($server_port = 81) {
+                fastcgi_pass dev-php-fpm-7-0:9000;
+            }
+            if ($server_port = 444) {
+                fastcgi_pass dev-php-fpm-7-0:9000;
+            }
+            if ($server_port = 82) {
+                fastcgi_pass dev-php-fpm-7-1:9000;
+            }
+            if ($server_port = 445) {
+                fastcgi_pass dev-php-fpm-7-1:9000;
+            }
+            if ($server_port = 83) {
+                fastcgi_pass dev-php-fpm-7-2:9000;
+            }
+            if ($server_port = 446) {
+                fastcgi_pass dev-php-fpm-7-2:9000;
+            }
+            if ($server_port = 84) {
+                fastcgi_pass dev-php-fpm-5-6-redis:9000;
+            }
+            if ($server_port = 447) {
+                fastcgi_pass dev-php-fpm-5-6-redis:9000;
+            }
+            if ($server_port = 85) {
+                fastcgi_pass dev-php-fpm-7-0-redis:9000;
+            }
+            if ($server_port = 448) {
+                fastcgi_pass dev-php-fpm-7-0-redis:9000;
+            }
+            if ($server_port = 86) {
+                fastcgi_pass dev-php-fpm-7-1-redis:9000;
+            }
+            if ($server_port = 449) {
+                fastcgi_pass dev-php-fpm-7-1-redis:9000;
+            }
+            if ($server_port = 87) {
+                fastcgi_pass dev-php-fpm-7-2-redis:9000;
+            }
+            if ($server_port = 450) {
+                fastcgi_pass dev-php-fpm-7-2-redis:9000;
+            }
+
+            include fastcgi_params;
+        }
+    }
+} # end http block

contrib/util/docker/dockers/dev-php-fpm-5-6-redis/Dockerfile

@@ -0,0 +1,46 @@
+#
+# Copyright (C) 2018 Brady Miller <brady.g.miller@gmail.com>
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 3 of the License, or
+# (at your option) any later version.
+#
+# php-fpm Dockerfile build for openemr development docker environment
+# This docker is hosted here: https://hub.docker.com/r/openemr/dev-php-fpm/ <tag is 7.1>
+#
+FROM php:5.6-fpm
+
+# Update
+RUN apt-get update
+
+# Add mysql-client package that is needed in the OpenEMR Backup gui, which does direct command mysql commands
+# Add imagemagick that is needed for some image processing in OpenEMR
+# Note this basically add 160MB of space to the docker, so would be nice for OpenEMR to not require this stuff
+#  and instead rely on php scripts, if possible.
+RUN apt-get install -y mysql-client \
+                       imagemagick
+
+# Add the php extensions (note using a very cool script by mlocati to do this)
+ADD https://raw.githubusercontent.com/mlocati/docker-php-extension-installer/master/install-php-extensions /usr/local/bin/
+RUN chmod uga+x /usr/local/bin/install-php-extensions && sync && \
+    install-php-extensions pdo_mysql \
+                           ldap \
+                           xsl \
+                           gd \
+                           zip \
+                           soap \
+                           gettext \
+                           mysqli \
+                           sockets \
+                           tokenizer \
+                           xmlreader \
+                           redis
+
+
+
+# Copy over the php.ini conf
+COPY php.ini /usr/local/etc/php/php.ini
+
+# Needed to ensure permissions work across shared volumes with openemr, nginx, and php-fpm dockers
+RUN usermod -u 1000 www-data