2021-08-26 15:09:00 +02:00
{ {
def is_alpine:
env.variant | index( "alpine" )
-} }
# from https://downloads.joomla.org/technical-requirements
FROM php:{{ env.phpVersion }}-{{ env.variant }}
LABEL maintainer = "{{ env.joomlaMaintainers }}"
# Disable remote database security requirements.
ENV JOOMLA_INSTALLATION_DISABLE_LOCALHOST_CHECK = 1
{ { if is_alpine then ( -} }
2022-05-27 08:46:26 +02:00
RUN set -eux; \
apk add --no-cache \
# in theory, docker-entrypoint.sh is POSIX-compliant, but priority is a working, consistent image
bash \
# Ghostscript is required for rendering PDF previews
ghostscript \
# Alpine package for "imagemagick" contains ~120 .so files
imagemagick \
2023-10-18 11:56:58 +02:00
{ { if env.joomlaPackageType = = "tar.zst" then ( -} }
# Needed for the zst joomla package
zstd \
{ { ) else "" end -} }
2022-05-27 08:46:26 +02:00
;
{ { ) else ( -} }
RUN set -eux; \
apt-get update; \
apt-get install -y --no-install-recommends \
# Ghostscript is required for rendering PDF previews
ghostscript \
2023-10-18 11:56:58 +02:00
{ { if env.joomlaPackageType = = "tar.zst" then ( -} }
# Needed for the zst joomla package
zstd \
{ { ) else "" end -} }
2022-05-27 08:46:26 +02:00
; \
rm -rf /var/lib/apt/lists/*
{ { ) end -} }
# install the PHP extensions we need.
2021-08-26 15:09:00 +02:00
RUN set -ex; \
\
2022-05-27 08:46:26 +02:00
{ { if is_alpine then ( -} }
2021-08-26 15:09:00 +02:00
apk add --no-cache --virtual .build-deps \
$PHPIZE_DEPS \
autoconf \
bzip2-dev \
gmp-dev \
2021-10-31 02:25:31 +02:00
icu-dev \
2022-05-27 08:46:26 +02:00
freetype-dev \
imagemagick-dev \
2021-08-26 15:09:00 +02:00
libjpeg-turbo-dev \
libmemcached-dev \
libpng-dev \
2022-05-27 08:46:26 +02:00
libwebp-dev \
2021-08-26 15:09:00 +02:00
libzip-dev \
openldap-dev \
pcre-dev \
postgresql-dev \
; \
{ { ) else ( -} }
savedAptMark = " $( apt-mark showmanual) " ; \
\
apt-get update; \
apt-get install -y --no-install-recommends \
libbz2-dev \
libgmp-dev \
2021-10-31 02:25:31 +02:00
libicu-dev \
2022-05-27 08:46:26 +02:00
libfreetype6-dev \
2021-08-26 15:09:00 +02:00
libjpeg-dev \
libldap2-dev \
libmemcached-dev \
2022-05-27 08:46:26 +02:00
libmagickwand-dev \
2021-08-26 15:09:00 +02:00
libpq-dev \
2022-05-27 08:46:26 +02:00
libpng-dev \
libwebp-dev \
2021-08-26 15:09:00 +02:00
libzip-dev \
; \
2022-05-27 08:46:26 +02:00
{ { ) end -} }
2021-08-26 15:09:00 +02:00
\
2022-05-27 08:46:26 +02:00
docker-php-ext-configure gd \
--with-freetype \
--with-jpeg \
--with-webp \
; \
{ { if is_alpine then ( -} }
docker-php-ext-configure ldap; \
{ { ) else ( -} }
2021-08-26 15:09:00 +02:00
debMultiarch = " $( dpkg-architecture --query DEB_BUILD_MULTIARCH) " ; \
docker-php-ext-configure ldap --with-libdir= " lib/ $debMultiarch " ; \
2022-05-27 08:46:26 +02:00
{ { ) end -} }
2021-08-26 15:09:00 +02:00
docker-php-ext-install -j " $( nproc) " \
bz2 \
2022-05-27 08:46:26 +02:00
bcmath \
exif \
2021-08-26 15:09:00 +02:00
gd \
gmp \
2021-10-31 02:25:31 +02:00
intl \
2021-08-26 15:09:00 +02:00
ldap \
mysqli \
pdo_mysql \
pdo_pgsql \
pgsql \
zip \
; \
2022-05-27 08:46:26 +02:00
{ { if is_alpine then ( -} }
# WARNING: imagick is likely not supported on Alpine: https://github.com/Imagick/imagick/issues/328
{ { ) else "" end -} }
# https://pecl.php.net/package/imagick
2024-05-31 11:33:24 +02:00
{ { if true then ( -} }
# https://github.com/Imagick/imagick/commit/5ae2ecf20a1157073bad0170106ad0cf74e01cb6 (causes a lot of build failures, but strangely only intermittent ones)
# see also https://github.com/Imagick/imagick/pull/641
# this is "pecl install imagick-3.7.0", but by hand so we can apply a small hack / part of the above commit
# Thanks to @tianon https://github.com/docker-library/wordpress/commit/509adb58cbc7463a03e317931df65868ec8a3e92
curl -fL -o imagick.tgz 'https://pecl.php.net/get/imagick-3.7.0.tgz' ; \
echo '5a364354109029d224bcbb2e82e15b248be9b641227f45e63425c06531792d3e *imagick.tgz' | sha256sum -c -; \
tar --extract --directory /tmp --file imagick.tgz imagick-3.7.0; \
grep '^//#endif$' /tmp/imagick-3.7.0/Imagick.stub.php; \
test " $( grep -c '^//#endif$' /tmp/imagick-3.7.0/Imagick.stub.php) " = '1' ; \
sed -i -e 's!^//#endif$!#endif!' /tmp/imagick-3.7.0/Imagick.stub.php; \
grep '^//#endif$' /tmp/imagick-3.7.0/Imagick.stub.php && exit 1 || :; \
docker-php-ext-install /tmp/imagick-3.7.0; \
rm -rf imagick.tgz /tmp/imagick-3.7.0; \
# TODO when imagick has another release, we should ditch this whole block and just update instead
{ { ) else ( -} }
2023-11-15 00:01:16 +01:00
pecl install imagick-3.7.0; \
2022-05-27 08:46:26 +02:00
docker-php-ext-enable imagick; \
rm -r /tmp/pear; \
2024-05-31 11:33:24 +02:00
{ { ) end -} }
2022-05-27 08:46:26 +02:00
\
# some misbehaving extensions end up outputting to stdout
out = " $( php -r 'exit(0);' ) " ; \
[ -z " $out " ] ; \
err = " $( php -r 'exit(0);' 3>& 1 1>& 2 2>& 3) " ; \
[ -z " $err " ] ; \
\
extDir = " $( php -r 'echo ini_get("extension_dir");' ) " ; \
[ -d " $extDir " ] ; \
{ { if is_alpine then ( -} }
\
# pecl will claim success even if one install fails, so we need to perform each install separately
pecl install APCu-{ { env.pecl_APCu } } ; \
pecl install memcached-{ { env.pecl_memcached } } ; \
pecl install redis-{ { env.pecl_redis } } ; \
\
docker-php-ext-enable \
apcu \
memcached \
redis \
; \
rm -r /tmp/pear; \
2021-08-26 15:09:00 +02:00
\
2022-05-27 08:46:26 +02:00
runDeps = " $( \
scanelf --needed --nobanner --format '%n#p' --recursive " $extDir " \
| tr ',' '\n' \
| sort -u \
| awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \
) " ; \
apk add --no-network --virtual .joomla-phpexts-rundeps $runDeps ; \
apk del --no-network .build-deps; \
{ { ) else ( -} }
2021-08-26 15:09:00 +02:00
# pecl will claim success even if one install fails, so we need to perform each install separately
pecl install APCu-{ { env.pecl_APCu } } ; \
pecl install memcached-{ { env.pecl_memcached } } ; \
pecl install redis-{ { env.pecl_redis } } ; \
\
docker-php-ext-enable \
apcu \
memcached \
redis \
; \
rm -r /tmp/pear; \
\
# reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies
apt-mark auto '.*' > /dev/null; \
apt-mark manual $savedAptMark ; \
2022-05-27 08:46:26 +02:00
ldd " $extDir " /*.so \
2024-01-26 14:06:52 +02:00
| awk '/=>/ { so = $(NF-1); if (index(so, "/usr/local/") == 1) { next }; gsub("^/(usr/)?", "", so); print so }' \
2021-08-26 15:09:00 +02:00
| sort -u \
2024-01-26 14:06:52 +02:00
| xargs -r dpkg-query --search \
2021-08-26 15:09:00 +02:00
| cut -d: -f1 \
| sort -u \
| xargs -rt apt-mark manual; \
\
apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant= false; \
2022-05-27 08:46:26 +02:00
rm -rf /var/lib/apt/lists/*; \
2021-08-26 15:09:00 +02:00
{ { ) end -} }
2022-05-27 08:46:26 +02:00
\
! { ldd " $extDir " /*.so | grep 'not found' ; } ; \
# check for output like "PHP Warning: PHP Startup: Unable to load dynamic library 'foo' (tried: ...)
err = " $( php --version 3>& 1 1>& 2 2>& 3) " ; \
[ -z " $err " ]
# set recommended PHP.ini settings
# see https://secure.php.net/manual/en/opcache.installation.php
RUN set -eux; \
docker-php-ext-enable opcache; \
{ \
echo 'opcache.memory_consumption=128' ; \
echo 'opcache.interned_strings_buffer=8' ; \
echo 'opcache.max_accelerated_files=4000' ; \
echo 'opcache.revalidate_freq=2' ; \
} > /usr/local/etc/php/conf.d/opcache-recommended.ini
# set recommended error logging
RUN { \
# https://www.php.net/manual/en/errorfunc.constants.php
echo 'error_reporting = E_ERROR | E_WARNING | E_PARSE | E_CORE_ERROR | E_CORE_WARNING | E_COMPILE_ERROR | E_COMPILE_WARNING | E_RECOVERABLE_ERROR' ; \
echo 'display_errors = Off' ; \
echo 'display_startup_errors = Off' ; \
echo 'log_errors = On' ; \
echo 'error_log = /dev/stderr' ; \
echo 'log_errors_max_len = 1024' ; \
echo 'ignore_repeated_errors = On' ; \
echo 'ignore_repeated_source = Off' ; \
echo 'html_errors = Off' ; \
} > /usr/local/etc/php/conf.d/error-logging.ini
{ { if env.variant = = "apache" then ( -} }
RUN set -eux; \
a2enmod rewrite expires; \
\
# https://httpd.apache.org/docs/2.4/mod/mod_remoteip.html
a2enmod remoteip; \
{ \
echo 'RemoteIPHeader X-Forwarded-For' ; \
# these IP ranges are reserved for "private" use and should thus *usually* be safe inside Docker
2024-01-26 14:00:43 +02:00
echo 'RemoteIPInternalProxy 10.0.0.0/8' ; \
echo 'RemoteIPInternalProxy 172.16.0.0/12' ; \
echo 'RemoteIPInternalProxy 192.168.0.0/16' ; \
echo 'RemoteIPInternalProxy 169.254.0.0/16' ; \
echo 'RemoteIPInternalProxy 127.0.0.0/8' ; \
2022-05-27 08:46:26 +02:00
} > /etc/apache2/conf-available/remoteip.conf; \
a2enconf remoteip; \
# (replace all instances of "%h" with "%a" in LogFormat)
find /etc/apache2 -type f -name '*.conf' -exec sed -ri 's/([[:space:]]*LogFormat[[:space:]]+"[^"]*)%h([^"]*")/\1%a\2/g' '{}' +
{ { ) else "" end -} }
2021-08-26 15:09:00 +02:00
VOLUME /var/www/html
# Define Joomla version and expected SHA512 signature
ENV JOOMLA_VERSION { { env.joomlaVersion } }
ENV JOOMLA_SHA512 { { env.joomlaSha512 } }
# Download package and extract to web volume
RUN set -ex; \
2023-10-18 11:56:58 +02:00
curl -o joomla.{ { env.joomlaPackageType } } -SL { { env.joomlaPackage } } ; \
echo " $JOOMLA_SHA512 *joomla.{{ env.joomlaPackageType }} " | sha512sum -c -; \
2021-08-26 15:09:00 +02:00
mkdir /usr/src/joomla; \
2023-10-18 11:56:58 +02:00
{ { if env.joomlaPackageType = = "tar.zst" then ( -} }
tar --zstd -xf joomla.tar.zst -C /usr/src/joomla; \
{ { ) else ( -} }
2021-08-26 15:09:00 +02:00
tar -xf joomla.tar.bz2 -C /usr/src/joomla; \
2023-10-18 11:56:58 +02:00
{ { ) end -} }
rm joomla.{ { env.joomlaPackageType } } ; \
2021-08-26 15:09:00 +02:00
chown -R www-data:www-data /usr/src/joomla
2022-05-27 08:46:26 +02:00
# Copy init scripts
2021-08-26 15:09:00 +02:00
COPY docker-entrypoint.sh /entrypoint.sh
COPY makedb.php /makedb.php
ENTRYPOINT [ "/entrypoint.sh" ]
{ { if env.variant = = "apache" then ( -} }
CMD [ "apache2-foreground" ]
{ { ) else ( } }
CMD [ "php-fpm" ]
{ { ) end -} }
2022-05-27 08:46:26 +02:00