From 1bb6d78f138f366921a8f5360c96398c458274fd Mon Sep 17 00:00:00 2001 From: Wilmer Arambula Date: Fri, 11 Jul 2025 17:24:01 -0400 Subject: [PATCH 1/9] refactor: Update environment configuration and initialization script for improved user/group handling and permissions setup. --- .env | 7 +++++-- docker-compose.frankenphp.yml | 2 +- docker/frankenphp/Dockerfile | 13 +++++++++--- docker/init.sh | 38 +++++++++++++++++++---------------- 4 files changed, 37 insertions(+), 23 deletions(-) diff --git a/.env b/.env index 81ff7ce..1670bdf 100644 --- a/.env +++ b/.env @@ -1,8 +1,11 @@ # User and Group settings -GROUP_ID=1000 -GROUP_NAME=www-data +# For automatic host user detection, run before docker-compose: +# export USER_ID=$(id -u) && export GROUP_ID=$(id -g) +# Otherwise, these defaults will be used: USER_ID=1000 +GROUP_ID=1000 USER_NAME=www-data +GROUP_NAME=www-data # Yii2 environment settings YII_DEBUG=true diff --git a/docker-compose.frankenphp.yml b/docker-compose.frankenphp.yml index 2f4a97d..d216884 100644 --- a/docker-compose.frankenphp.yml +++ b/docker-compose.frankenphp.yml @@ -16,7 +16,7 @@ services: working_dir: /app volumes: - ./:/app - - ~/.composer-docker/cache:/root/.composer/cache:delegated + - ~/.composer-docker/cache:/var/www/.composer/cache:delegated - caddy_data:/data - caddy_config:/config ports: diff --git a/docker/frankenphp/Dockerfile b/docker/frankenphp/Dockerfile index 80f0b97..03c0bd8 100644 --- a/docker/frankenphp/Dockerfile +++ b/docker/frankenphp/Dockerfile @@ -34,16 +34,23 @@ ENV COMPOSER_ALLOW_SUPERUSER=1 # Change PHP config COPY docker/php/php.ini /usr/local/etc/php/conf.d/base.ini -# Install supervisord and Node.js (includes npm) -RUN apt-get update && apt-get install -y \ +# Install supervisord, Node.js, and gosu +RUN apt-get update && apt-get install -y --no-install-recommends \ supervisor \ curl \ - --no-install-recommends \ + gosu \ && curl -fsSL https://deb.nodesource.com/setup_lts.x | bash - \ && apt-get install -y nodejs \ && apt-get clean \ && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* +# Apply the user/group IDs to www-data +RUN usermod -u ${USER_ID} www-data && groupmod -g ${GROUP_ID} www-data + +# Create composer cache directory with proper ownership +RUN mkdir -p /var/www/.composer/cache && \ + chown -R www-data:www-data /var/www/.composer + # Copy supervisord config COPY docker/frankenphp/supervisord/supervisord.conf /etc/supervisor/supervisord.conf diff --git a/docker/init.sh b/docker/init.sh index 92d6507..4cf2985 100644 --- a/docker/init.sh +++ b/docker/init.sh @@ -8,6 +8,12 @@ NC='\033[0m' echo -e "${GREEN}Starting container setup...${NC}" +# Create necessary Caddy directories with proper permissions +echo -e "${YELLOW}Creating Caddy directories...${NC}" +mkdir -p /data/caddy/locks /config/caddy +chown -R www-data:www-data /data /config +chmod -R 755 /data /config + # Create necessary Yii2 directories if they don't exist echo -e "${YELLOW}Creating Yii2 directories...${NC}" mkdir -p /app/runtime/cache @@ -48,29 +54,27 @@ echo -e "${GREEN}Setup completed.${NC}" if [ -f "/app/composer.json" ] && [ ! -d "/app/vendor" ]; then echo -e "${YELLOW}Installing Composer dependencies...${NC}" - # Install dependencies based on environment + # Make /app writable by www-data for mounted volumes + chmod 777 /app + + # Install dependencies with proper environment variables if [ "$YII_ENV" = "prod" ]; then # Production: exclude dev dependencies and optimize autoloader - composer install --no-dev --optimize-autoloader --no-interaction + gosu www-data env \ + HOME=/var/www \ + COMPOSER_HOME=/var/www/.composer \ + COMPOSER_CACHE_DIR=/var/www/.composer/cache \ + composer install --no-dev --optimize-autoloader --no-interaction else # Development: include dev dependencies - composer install --optimize-autoloader --no-interaction - fi - - # Set proper ownership for vendor directory if possible - if chown -R www-data:www-data /app/vendor 2>/dev/null; then - echo -e "${GREEN}✓ Vendor directory ownership set${NC}" + gosu www-data env \ + HOME=/var/www \ + COMPOSER_HOME=/var/www/.composer \ + COMPOSER_CACHE_DIR=/var/www/.composer/cache \ + composer install --optimize-autoloader --no-interaction fi - echo -e "${GREEN}✓ Composer dependencies installed successfully.${NC}" -fi - -# Set permissions for node_modules directory if it exists -if chown -R www-data:www-data /app/node_modules 2>/dev/null; then - chmod -R 775 /app/node_modules - echo -e "${GREEN}✓ Node modules directory ownership set${NC}" -else - echo -e "${YELLOW}⚠ Node modules directory ownership could not be set (mounted volume?)${NC}" + echo -e "${GREEN}✓ Composer dependencies installed successfully${NC}" fi echo -e "${GREEN}Starting supervisord...${NC}" From 8e0066436e0f49a95a92f898666c8a9815b19938 Mon Sep 17 00:00:00 2001 From: Wilmer Arambula Date: Fri, 11 Jul 2025 17:31:54 -0400 Subject: [PATCH 2/9] feat: Enhance initialization scripts to create and configure npm cache directory with proper ownership. --- docker/frankenphp/Dockerfile | 8 ++++---- docker/init.sh | 6 ++++++ 2 files changed, 10 insertions(+), 4 deletions(-) diff --git a/docker/frankenphp/Dockerfile b/docker/frankenphp/Dockerfile index 03c0bd8..cdf10a2 100644 --- a/docker/frankenphp/Dockerfile +++ b/docker/frankenphp/Dockerfile @@ -47,9 +47,9 @@ RUN apt-get update && apt-get install -y --no-install-recommends \ # Apply the user/group IDs to www-data RUN usermod -u ${USER_ID} www-data && groupmod -g ${GROUP_ID} www-data -# Create composer cache directory with proper ownership -RUN mkdir -p /var/www/.composer/cache && \ - chown -R www-data:www-data /var/www/.composer +# Create composer and npm cache directories with proper ownership +RUN mkdir -p /var/www/.composer/cache /var/www/.npm && \ + chown -R www-data:www-data /var/www/.composer /var/www/.npm # Copy supervisord config COPY docker/frankenphp/supervisord/supervisord.conf /etc/supervisor/supervisord.conf @@ -71,7 +71,7 @@ RUN chmod +x /usr/local/bin/init.sh /usr/local/bin/entrypoint.sh && \ # Test that scripts have valid syntax bash -n /usr/local/bin/init.sh && \ bash -n /usr/local/bin/entrypoint.sh && \ - echo "Scripts validated successfully" + echo "${GREEN}✓ Scripts validated successfully...${NC}" # Use ENTRYPOINT to guarantee execution ENTRYPOINT ["/usr/local/bin/entrypoint.sh"] diff --git a/docker/init.sh b/docker/init.sh index 4cf2985..71efeaa 100644 --- a/docker/init.sh +++ b/docker/init.sh @@ -57,6 +57,10 @@ if [ -f "/app/composer.json" ] && [ ! -d "/app/vendor" ]; then # Make /app writable by www-data for mounted volumes chmod 777 /app + # Create and configure npm cache directory for www-data + mkdir -p /var/www/.npm + chown -R www-data:www-data /var/www/.npm + # Install dependencies with proper environment variables if [ "$YII_ENV" = "prod" ]; then # Production: exclude dev dependencies and optimize autoloader @@ -64,6 +68,7 @@ if [ -f "/app/composer.json" ] && [ ! -d "/app/vendor" ]; then HOME=/var/www \ COMPOSER_HOME=/var/www/.composer \ COMPOSER_CACHE_DIR=/var/www/.composer/cache \ + npm_config_cache=/var/www/.npm \ composer install --no-dev --optimize-autoloader --no-interaction else # Development: include dev dependencies @@ -71,6 +76,7 @@ if [ -f "/app/composer.json" ] && [ ! -d "/app/vendor" ]; then HOME=/var/www \ COMPOSER_HOME=/var/www/.composer \ COMPOSER_CACHE_DIR=/var/www/.composer/cache \ + npm_config_cache=/var/www/.npm \ composer install --optimize-autoloader --no-interaction fi From 5c8c7f7a9a2b000939cb7d54052e176af748739a Mon Sep 17 00:00:00 2001 From: Wilmer Arambula Date: Fri, 11 Jul 2025 17:43:00 -0400 Subject: [PATCH 3/9] refactor: Update init script to improve permissions setup for /app directory and ensure proper access for www-data. --- docker/frankenphp/Dockerfile | 2 +- docker/init.sh | 5 +++-- 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/docker/frankenphp/Dockerfile b/docker/frankenphp/Dockerfile index cdf10a2..b521bfe 100644 --- a/docker/frankenphp/Dockerfile +++ b/docker/frankenphp/Dockerfile @@ -71,7 +71,7 @@ RUN chmod +x /usr/local/bin/init.sh /usr/local/bin/entrypoint.sh && \ # Test that scripts have valid syntax bash -n /usr/local/bin/init.sh && \ bash -n /usr/local/bin/entrypoint.sh && \ - echo "${GREEN}✓ Scripts validated successfully...${NC}" + echo "✓ Scripts validated successfully..." # Use ENTRYPOINT to guarantee execution ENTRYPOINT ["/usr/local/bin/entrypoint.sh"] diff --git a/docker/init.sh b/docker/init.sh index 71efeaa..b51c625 100644 --- a/docker/init.sh +++ b/docker/init.sh @@ -54,8 +54,9 @@ echo -e "${GREEN}Setup completed.${NC}" if [ -f "/app/composer.json" ] && [ ! -d "/app/vendor" ]; then echo -e "${YELLOW}Installing Composer dependencies...${NC}" - # Make /app writable by www-data for mounted volumes - chmod 777 /app + # Give www-data write access without exposing the tree to everyone + chown -R www-data:www-data /app && \ + chmod -R u+rwX,g+rwX /app # Create and configure npm cache directory for www-data mkdir -p /var/www/.npm From 7321b0df36a08f7f5e83847ee49f1f0f4511c133 Mon Sep 17 00:00:00 2001 From: Wilmer Arambula Date: Fri, 11 Jul 2025 17:47:19 -0400 Subject: [PATCH 4/9] fix: Update Node.js installation in Dockerfile to include SHA256 verification for security. --- docker/frankenphp/Dockerfile | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/docker/frankenphp/Dockerfile b/docker/frankenphp/Dockerfile index b521bfe..97a1134 100644 --- a/docker/frankenphp/Dockerfile +++ b/docker/frankenphp/Dockerfile @@ -39,7 +39,9 @@ RUN apt-get update && apt-get install -y --no-install-recommends \ supervisor \ curl \ gosu \ - && curl -fsSL https://deb.nodesource.com/setup_lts.x | bash - \ + && curl -fsSL https://deb.nodesource.com/setup_lts.x -o /tmp/nodesetup.sh \ + && echo " /tmp/nodesetup.sh" | sha256sum -c - \ + && bash /tmp/nodesetup.sh \ && apt-get install -y nodejs \ && apt-get clean \ && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* From ac1f4894d2d5209d655da73d6f0a8d982d3cdec4 Mon Sep 17 00:00:00 2001 From: Wilmer Arambula Date: Fri, 11 Jul 2025 17:54:34 -0400 Subject: [PATCH 5/9] refactor: Update Dockerfile and supervisord config for improved Node.js installation and process management. --- docker/frankenphp/Dockerfile | 6 ++++-- .../frankenphp/supervisord/conf.d/frankenphp.conf | 14 +++++++------- 2 files changed, 11 insertions(+), 9 deletions(-) diff --git a/docker/frankenphp/Dockerfile b/docker/frankenphp/Dockerfile index 97a1134..3f25aca 100644 --- a/docker/frankenphp/Dockerfile +++ b/docker/frankenphp/Dockerfile @@ -34,14 +34,16 @@ ENV COMPOSER_ALLOW_SUPERUSER=1 # Change PHP config COPY docker/php/php.ini /usr/local/etc/php/conf.d/base.ini -# Install supervisord, Node.js, and gosu +# Install supervisord, gosu, and Node.js with script verification RUN apt-get update && apt-get install -y --no-install-recommends \ supervisor \ curl \ gosu \ && curl -fsSL https://deb.nodesource.com/setup_lts.x -o /tmp/nodesetup.sh \ - && echo " /tmp/nodesetup.sh" | sha256sum -c - \ + && echo "Downloaded NodeSource script size: $(wc -c < /tmp/nodesetup.sh) bytes" \ + && head -10 /tmp/nodesetup.sh | grep -q "NodeSource" \ && bash /tmp/nodesetup.sh \ + && rm /tmp/nodesetup.sh \ && apt-get install -y nodejs \ && apt-get clean \ && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* diff --git a/docker/frankenphp/supervisord/conf.d/frankenphp.conf b/docker/frankenphp/supervisord/conf.d/frankenphp.conf index f60815d..772f941 100644 --- a/docker/frankenphp/supervisord/conf.d/frankenphp.conf +++ b/docker/frankenphp/supervisord/conf.d/frankenphp.conf @@ -1,13 +1,13 @@ [program:frankenphp] -command=/usr/local/bin/frankenphp run --config /etc/caddy/Caddyfile -autostart=true +command=gosu www-data /usr/local/bin/frankenphp run --config /etc/caddy/Caddyfile autorestart=true -priority=10 +autostart=true killasgroup=true -stopasgroup=true -stopsignal=QUIT -stdout_logfile=/dev/stdout -stdout_logfile_maxbytes=0 +priority=10 stderr_logfile=/dev/stderr stderr_logfile_maxbytes=0 +stdout_logfile=/dev/stdout +stdout_logfile_maxbytes=0 +stopasgroup=true +stopsignal=QUIT user=www-data From eb1eb0345f0adb9995d57b50992492a8d386b7ce Mon Sep 17 00:00:00 2001 From: Wilmer Arambula Date: Fri, 11 Jul 2025 17:59:43 -0400 Subject: [PATCH 6/9] refactor: Simplify Node.js installation in Dockerfile by removing script verification steps. --- docker/frankenphp/Dockerfile | 8 ++------ 1 file changed, 2 insertions(+), 6 deletions(-) diff --git a/docker/frankenphp/Dockerfile b/docker/frankenphp/Dockerfile index 3f25aca..8a59f2b 100644 --- a/docker/frankenphp/Dockerfile +++ b/docker/frankenphp/Dockerfile @@ -34,16 +34,12 @@ ENV COMPOSER_ALLOW_SUPERUSER=1 # Change PHP config COPY docker/php/php.ini /usr/local/etc/php/conf.d/base.ini -# Install supervisord, gosu, and Node.js with script verification +# Install supervisord, gosu, and Node.js (version simple) RUN apt-get update && apt-get install -y --no-install-recommends \ supervisor \ curl \ gosu \ - && curl -fsSL https://deb.nodesource.com/setup_lts.x -o /tmp/nodesetup.sh \ - && echo "Downloaded NodeSource script size: $(wc -c < /tmp/nodesetup.sh) bytes" \ - && head -10 /tmp/nodesetup.sh | grep -q "NodeSource" \ - && bash /tmp/nodesetup.sh \ - && rm /tmp/nodesetup.sh \ + && curl -fsSL https://deb.nodesource.com/setup_lts.x | bash - \ && apt-get install -y nodejs \ && apt-get clean \ && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* From aa95b776df9161ecf53828ca761710ab54d355bd Mon Sep 17 00:00:00 2001 From: Wilmer Arambula Date: Fri, 11 Jul 2025 18:05:36 -0400 Subject: [PATCH 7/9] refactor: Remove 'gosu' from frankenphp command in supervisord configuration. --- docker/frankenphp/supervisord/conf.d/frankenphp.conf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docker/frankenphp/supervisord/conf.d/frankenphp.conf b/docker/frankenphp/supervisord/conf.d/frankenphp.conf index 772f941..d7958ce 100644 --- a/docker/frankenphp/supervisord/conf.d/frankenphp.conf +++ b/docker/frankenphp/supervisord/conf.d/frankenphp.conf @@ -1,5 +1,5 @@ [program:frankenphp] -command=gosu www-data /usr/local/bin/frankenphp run --config /etc/caddy/Caddyfile +command=/usr/local/bin/frankenphp run --config /etc/caddy/Caddyfile autorestart=true autostart=true killasgroup=true From ea1c03480afadb37cf65c6875458b7b8a90590e2 Mon Sep 17 00:00:00 2001 From: Wilmer Arambula Date: Fri, 11 Jul 2025 18:14:42 -0400 Subject: [PATCH 8/9] refactor: Enhance Docker configuration for HTTP/3 optimization and streamline environment variable usage. --- .env | 6 ++++++ docker-compose.frankenphp.yml | 24 +++++++++++++----------- 2 files changed, 19 insertions(+), 11 deletions(-) diff --git a/.env b/.env index 1670bdf..8a8b804 100644 --- a/.env +++ b/.env @@ -10,3 +10,9 @@ GROUP_NAME=www-data # Yii2 environment settings YII_DEBUG=true YII_ENV=dev + +# HTTP/3 optimization settings +# UDP buffer size for better HTTP/3 performance +# Used in docker-compose.production.yml for high-load scenarios +# Default: 7168000 (7MB) - eliminates the "failed to increase buffer" warning +UDP_BUFFER_SIZE=7168000 diff --git a/docker-compose.frankenphp.yml b/docker-compose.frankenphp.yml index d216884..9b18b71 100644 --- a/docker-compose.frankenphp.yml +++ b/docker-compose.frankenphp.yml @@ -12,24 +12,26 @@ services: entrypoint: ["/usr/local/bin/entrypoint.sh"] env_file: - .env + environment: + TZ: "UTC" + YII_DEBUG: "${YII_DEBUG:-false}" + YII_ENV: "${YII_ENV:-prod}" + ports: + - '8081:80' + - '8444:443' + - '8444:443/udp' restart: always - working_dir: /app + sysctls: + - net.core.rmem_max=${UDP_BUFFER_SIZE:-7168000} + - net.core.rmem_default=${UDP_BUFFER_SIZE:-7168000} volumes: - ./:/app - - ~/.composer-docker/cache:/var/www/.composer/cache:delegated + - ${HOME}/.composer-docker/cache:/var/www/.composer/cache:delegated - caddy_data:/data - caddy_config:/config - ports: - - '8081:80' - - '8444:443' - - '8444:443/udp' - environment: - TZ: "UTC" - YII_DEBUG: "${YII_DEBUG:-false}" - YII_ENV: "${YII_ENV:-prod}" + working_dir: /app tty: true -# Volumes needed for Caddy certificates and configuration volumes: caddy_data: caddy_config: From 0b3edbeaa5297dca4548ac622c9d65aa6600d2a8 Mon Sep 17 00:00:00 2001 From: Wilmer Arambula Date: Fri, 11 Jul 2025 18:20:39 -0400 Subject: [PATCH 9/9] refactor: Remove HTTP/3 optimization settings from environment and docker-compose configuration. --- .env | 6 ------ docker-compose.frankenphp.yml | 3 --- 2 files changed, 9 deletions(-) diff --git a/.env b/.env index 8a8b804..1670bdf 100644 --- a/.env +++ b/.env @@ -10,9 +10,3 @@ GROUP_NAME=www-data # Yii2 environment settings YII_DEBUG=true YII_ENV=dev - -# HTTP/3 optimization settings -# UDP buffer size for better HTTP/3 performance -# Used in docker-compose.production.yml for high-load scenarios -# Default: 7168000 (7MB) - eliminates the "failed to increase buffer" warning -UDP_BUFFER_SIZE=7168000 diff --git a/docker-compose.frankenphp.yml b/docker-compose.frankenphp.yml index 9b18b71..e929ff4 100644 --- a/docker-compose.frankenphp.yml +++ b/docker-compose.frankenphp.yml @@ -21,9 +21,6 @@ services: - '8444:443' - '8444:443/udp' restart: always - sysctls: - - net.core.rmem_max=${UDP_BUFFER_SIZE:-7168000} - - net.core.rmem_default=${UDP_BUFFER_SIZE:-7168000} volumes: - ./:/app - ${HOME}/.composer-docker/cache:/var/www/.composer/cache:delegated