Cradicle Explorer
CCCAB
/ Dockerfile-prod
Dockerfile-prod
  1  FROM php:8.2.28-fpm-bullseye
  2  
  3  # Set environment variables
  4  ENV DEBIAN_FRONTEND=noninteractive
  5  ARG WWWUSER
  6  ARG WWWGROUP
  7  
  8  ENV UID=${WWWUSER}
  9  ENV GID=${WWWGROUP}
 10  
 11  # Set working directory
 12  WORKDIR /home/sgoc/sgoc
 13  
 14  # Install PHP extension installer
 15  RUN curl -sSLf -o /usr/local/bin/install-php-extensions \
 16      https://github.com/mlocati/docker-php-extension-installer/releases/latest/download/install-php-extensions && \
 17      chmod +x /usr/local/bin/install-php-extensions
 18  
 19  # Install system dependencies
 20  RUN apt-get update && apt-get install -y --no-install-recommends \
 21      git \
 22      gosu \
 23      htop \
 24      default-mysql-client \
 25      build-essential \
 26      libldap2-dev \
 27      openssl \
 28      libfreetype6-dev \
 29      libjpeg-dev \
 30      libpng-dev \
 31      libwebp-dev \
 32      zlib1g-dev \
 33      libzip-dev \
 34      gcc \
 35      g++ \
 36      make \
 37      vim \
 38      unzip \
 39      curl \
 40      jpegoptim \
 41      optipng \
 42      pngquant \
 43      gifsicle \
 44      locales \
 45      libonig-dev \
 46      cifs-utils \
 47      smbclient \
 48      nfs-common \
 49      cron \
 50      supervisor \
 51      libreoffice-writer \
 52      libreoffice-calc \
 53      default-jre \
 54      libreoffice-java-common \
 55      poppler-utils \
 56      pdftk-java \
 57      swig \
 58      python3-dev \
 59      python3-pip \
 60      libaio1 \
 61      nginx \
 62      && rm -rf /var/lib/apt/lists/*
 63  
 64  # Install Node.js
 65  RUN curl -sL https://deb.nodesource.com/setup_18.x | bash - \
 66      && apt-get install -y nodejs \
 67      && npm install -g npm@10.8 \
 68      && npm cache clean --force
 69  
 70  # Install PHP extensions
 71  RUN install-php-extensions \
 72      bcmath \
 73      pdo_mysql \
 74      zip \
 75      opcache \
 76      gd \
 77      gnupg \
 78      redis \
 79      oci8
 80  
 81  # Install Composer
 82  RUN curl -sS https://getcomposer.org/installer | php -- --install-dir=/usr/local/bin --filename=composer \
 83      && rm -rf /root/.composer/cache/*
 84  
 85  # Install Python packages
 86  RUN pip3 install --no-cache-dir \
 87      requests \
 88      python-decouple \
 89      endesive
 90  
 91  # Install Oracle Client
 92  RUN mkdir /opt/oracle \
 93      && curl -o /opt/oracle/instantclient-basic.zip https://download.oracle.com/otn_software/linux/instantclient/2114000/instantclient-basic-linux.x64-21.14.0.0.0dbru.zip \
 94      && curl -o /opt/oracle/instantclient-sdk.zip https://download.oracle.com/otn_software/linux/instantclient/2114000/instantclient-sdk-linux.x64-21.14.0.0.0dbru.zip \
 95      && unzip /opt/oracle/instantclient-basic.zip -d /opt/oracle \
 96      && unzip /opt/oracle/instantclient-sdk.zip -d /opt/oracle \
 97      && rm /opt/oracle/instantclient-*.zip \
 98      && echo /opt/oracle/instantclient_21_14 > /etc/ld.so.conf.d/oracle-instantclient.conf \
 99      && ldconfig
100  
101  # Install Grype
102  RUN curl -sSfL https://raw.githubusercontent.com/anchore/grype/main/install.sh | sh -s -- -b /usr/local/bin
103  
104  # Copy dependency configuration files early to leverage Docker's cache
105  COPY --chown=sgoc:sgoc pypdftools/requirements.txt ./
106  RUN pip3 install --no-cache-dir -r requirements.txt
107  
108  # Create application user and group with dynamic IDs
109  RUN groupadd -r -g ${GID} sgoc && \
110      useradd -r -u ${UID} -g sgoc -G sgoc -s /bin/bash -d /home/sgoc sgoc && \
111      usermod -a -G sgoc www-data && \
112      mkdir -p /home/sgoc/sgoc && \
113      mkdir -p /home/sgoc/.gnupg && \
114      chown -R sgoc:sgoc /home/sgoc
115  
116  # Configure php.ini uploads
117  COPY uploads.ini /usr/local/etc/php/conf.d/uploads.ini
118  
119  # Configure PHP-FPM
120  COPY ./deploy/php-fpm.conf /usr/local/etc/php-fpm.d/www.conf
121  
122  # Configure Nginx
123  COPY ./deploy/nginx/nginx.conf /etc/nginx/nginx.conf
124  COPY ./deploy/nginx/conf.d/* /etc/nginx/conf.d/
125  COPY ./deploy/certs /etc/nginx/ssl/
126  
127  # Setup supervisor
128  COPY ./deploy/supervisor.conf /etc/supervisor/conf.d/supervisor.conf
129  
130  # Create necessary directories and set permissions
131  RUN mkdir -p /var/log/nginx /var/log/supervisor /var/run/nginx /var/lib/nginx \
132      && mkdir -p /home/sgoc/sgoc/storage/framework/{sessions,views,cache} \
133      && mkdir -p /home/sgoc/sgoc/storage/logs \
134      && mkdir -p /home/sgoc/.gnupg \
135      && touch /var/log/php-fpm.log /var/log/php-fpm.access.log /var/log/php-fpm.slow.log \
136      && chown -R www-data:www-data /var/log/nginx /var/run/nginx /var/lib/nginx \
137      && chown -R root:root /var/log/supervisor \
138      && chmod -R 755 /var/log/supervisor \
139      && chown -R sgoc:sgoc /home/sgoc/sgoc/storage \
140      && chown -R root:root /var/log/php-fpm* \
141      && chmod -R 775 /var/log/nginx /var/run/nginx /var/lib/nginx \
142      && chmod -R 775 /home/sgoc/sgoc/storage \
143      && chown -R sgoc:sgoc /home/sgoc/.gnupg \
144      && chmod 664 /var/log/php-fpm*
145  
146  # Copy application files first
147  COPY --chown=sgoc:sgoc . .
148  
149  # Create supervisor log file and set permissions
150  RUN touch /home/sgoc/sgoc/supervisord.log && \
151  chown sgoc:sgoc /home/sgoc/sgoc/supervisord.log && \
152  chmod 664 /home/sgoc/sgoc/supervisord.log
153  
154  # Make post_deploy.sh executable
155  RUN chmod +x /home/sgoc/sgoc/post_deploy.sh
156  
157  USER sgoc
158  
159  RUN composer install --no-dev --optimize-autoloader --no-interaction \
160  && composer dump-autoload --optimize
161  
162  # npm
163  RUN npm install --unsafe-perm && npm run build\
164  && npm cache clean --force
165  
166  RUN chown -R sgoc:sgoc /home/sgoc/sgoc/storage \
167  && chmod -R 775 /home/sgoc/sgoc/storage
168  
169  USER root
170  
171  RUN rm -rf /root/.composer/cache/*
172  
173  # Set the entrypoint to use post_deploy.sh
174  ENTRYPOINT ["/home/sgoc/sgoc/post_deploy.sh"]