{{ def is_alpine: env.variant | index("alpine") -}} # from https://downloads.joomla.org/technical-requirements FROM php:{{ env.phpVersion }}-{{ env.variant }} LABEL maintainer="{{ env.joomlaMaintainers }}" # Disable remote database security requirements. ENV JOOMLA_INSTALLATION_DISABLE_LOCALHOST_CHECK=1 {{ if is_alpine then ( -}} RUN set -eux; \ apk add --no-cache \ # in theory, docker-entrypoint.sh is POSIX-compliant, but priority is a working, consistent image bash \ # Ghostscript is required for rendering PDF previews ghostscript \ # Alpine package for "imagemagick" contains ~120 .so files imagemagick \ {{ if env.joomlaPackageType == "tar.zst" then ( -}} # Needed for the zst joomla package zstd \ {{ ) else "" end -}} ; {{ ) else ( -}} RUN set -eux; \ apt-get update; \ apt-get install -y --no-install-recommends \ # Ghostscript is required for rendering PDF previews ghostscript \ {{ if env.joomlaPackageType == "tar.zst" then ( -}} # Needed for the zst joomla package zstd \ {{ ) else "" end -}} ; \ rm -rf /var/lib/apt/lists/* {{ ) end -}} # install the PHP extensions we need. RUN set -ex; \ \ {{ if is_alpine then ( -}} apk add --no-cache --virtual .build-deps \ $PHPIZE_DEPS \ autoconf \ bzip2-dev \ gmp-dev \ {{ if env.version != "3.10" then ( -}} icu-dev \ {{ ) else "" end -}} freetype-dev \ imagemagick-dev \ libjpeg-turbo-dev \ {{ if env.version == "3.10" then ( -}} libmcrypt-dev \ {{ ) else "" end -}} libmemcached-dev \ libpng-dev \ libwebp-dev \ libzip-dev \ openldap-dev \ pcre-dev \ postgresql-dev \ ; \ {{ ) else ( -}} savedAptMark="$(apt-mark showmanual)"; \ \ apt-get update; \ apt-get install -y --no-install-recommends \ libbz2-dev \ libgmp-dev \ {{ if env.version != "3.10" then ( -}} libicu-dev \ {{ ) else "" end -}} libfreetype6-dev \ libjpeg-dev \ libldap2-dev \ {{ if env.version == "3.10" then ( -}} libmcrypt-dev \ {{ ) else "" end -}} libmemcached-dev \ libmagickwand-dev \ libpq-dev \ libpng-dev \ libwebp-dev \ libzip-dev \ ; \ {{ ) end -}} \ docker-php-ext-configure gd \ --with-freetype \ --with-jpeg \ --with-webp \ ; \ {{ if is_alpine then ( -}} docker-php-ext-configure ldap; \ {{ ) else ( -}} debMultiarch="$(dpkg-architecture --query DEB_BUILD_MULTIARCH)"; \ docker-php-ext-configure ldap --with-libdir="lib/$debMultiarch"; \ {{ ) end -}} docker-php-ext-install -j "$(nproc)" \ bz2 \ bcmath \ exif \ gd \ gmp \ {{ if env.version != "3.10" then ( -}} intl \ {{ ) else "" end -}} ldap \ mysqli \ pdo_mysql \ pdo_pgsql \ pgsql \ zip \ ; \ {{ if is_alpine then ( -}} # WARNING: imagick is likely not supported on Alpine: https://github.com/Imagick/imagick/issues/328 {{ ) else "" end -}} # https://pecl.php.net/package/imagick pecl install imagick-3.6.0; \ docker-php-ext-enable imagick; \ rm -r /tmp/pear; \ \ # some misbehaving extensions end up outputting to stdout out="$(php -r 'exit(0);')"; \ [ -z "$out" ]; \ err="$(php -r 'exit(0);' 3>&1 1>&2 2>&3)"; \ [ -z "$err" ]; \ \ extDir="$(php -r 'echo ini_get("extension_dir");')"; \ [ -d "$extDir" ]; \ {{ if is_alpine then ( -}} \ # pecl will claim success even if one install fails, so we need to perform each install separately pecl install APCu-{{ env.pecl_APCu }}; \ {{ if env.version == "3.10" then ( -}} pecl install mcrypt-{{ env.pecl_mcrypt }}; \ {{ ) else "" end -}} pecl install memcached-{{ env.pecl_memcached }}; \ pecl install redis-{{ env.pecl_redis }}; \ \ docker-php-ext-enable \ apcu \ {{ if env.version == "3.10" then ( -}} mcrypt \ {{ ) else "" end -}} memcached \ redis \ ; \ rm -r /tmp/pear; \ \ runDeps="$( \ scanelf --needed --nobanner --format '%n#p' --recursive "$extDir" \ | tr ',' '\n' \ | sort -u \ | awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \ )"; \ apk add --no-network --virtual .joomla-phpexts-rundeps $runDeps; \ apk del --no-network .build-deps; \ {{ ) else ( -}} # pecl will claim success even if one install fails, so we need to perform each install separately pecl install APCu-{{ env.pecl_APCu }}; \ pecl install memcached-{{ env.pecl_memcached }}; \ pecl install redis-{{ env.pecl_redis }}; \ \ docker-php-ext-enable \ apcu \ memcached \ redis \ ; \ rm -r /tmp/pear; \ \ # reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies apt-mark auto '.*' > /dev/null; \ apt-mark manual $savedAptMark; \ ldd "$extDir"/*.so \ | awk '/=>/ { print $3 }' \ | sort -u \ | xargs -r dpkg-query -S \ | cut -d: -f1 \ | sort -u \ | xargs -rt apt-mark manual; \ \ apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \ rm -rf /var/lib/apt/lists/*; \ {{ ) end -}} \ ! { ldd "$extDir"/*.so | grep 'not found'; }; \ # check for output like "PHP Warning: PHP Startup: Unable to load dynamic library 'foo' (tried: ...) err="$(php --version 3>&1 1>&2 2>&3)"; \ [ -z "$err" ] # set recommended PHP.ini settings # see https://secure.php.net/manual/en/opcache.installation.php RUN set -eux; \ docker-php-ext-enable opcache; \ { \ echo 'opcache.memory_consumption=128'; \ echo 'opcache.interned_strings_buffer=8'; \ echo 'opcache.max_accelerated_files=4000'; \ echo 'opcache.revalidate_freq=2'; \ echo 'opcache.fast_shutdown=1'; \ } > /usr/local/etc/php/conf.d/opcache-recommended.ini # set recommended error logging RUN { \ # https://www.php.net/manual/en/errorfunc.constants.php echo 'error_reporting = E_ERROR | E_WARNING | E_PARSE | E_CORE_ERROR | E_CORE_WARNING | E_COMPILE_ERROR | E_COMPILE_WARNING | E_RECOVERABLE_ERROR'; \ echo 'display_errors = Off'; \ echo 'display_startup_errors = Off'; \ echo 'log_errors = On'; \ echo 'error_log = /dev/stderr'; \ echo 'log_errors_max_len = 1024'; \ echo 'ignore_repeated_errors = On'; \ echo 'ignore_repeated_source = Off'; \ echo 'html_errors = Off'; \ } > /usr/local/etc/php/conf.d/error-logging.ini {{ if env.variant == "apache" then ( -}} RUN set -eux; \ a2enmod rewrite expires; \ \ # https://httpd.apache.org/docs/2.4/mod/mod_remoteip.html a2enmod remoteip; \ { \ echo 'RemoteIPHeader X-Forwarded-For'; \ # these IP ranges are reserved for "private" use and should thus *usually* be safe inside Docker echo 'RemoteIPTrustedProxy 10.0.0.0/8'; \ echo 'RemoteIPTrustedProxy 172.16.0.0/12'; \ echo 'RemoteIPTrustedProxy 192.168.0.0/16'; \ echo 'RemoteIPTrustedProxy 169.254.0.0/16'; \ echo 'RemoteIPTrustedProxy 127.0.0.0/8'; \ } > /etc/apache2/conf-available/remoteip.conf; \ a2enconf remoteip; \ # (replace all instances of "%h" with "%a" in LogFormat) find /etc/apache2 -type f -name '*.conf' -exec sed -ri 's/([[:space:]]*LogFormat[[:space:]]+"[^"]*)%h([^"]*")/\1%a\2/g' '{}' + {{ ) else "" end -}} VOLUME /var/www/html # Define Joomla version and expected SHA512 signature ENV JOOMLA_VERSION {{ env.joomlaVersion }} ENV JOOMLA_SHA512 {{ env.joomlaSha512 }} # Download package and extract to web volume RUN set -ex; \ curl -o joomla.{{ env.joomlaPackageType }} -SL {{ env.joomlaPackage }}; \ echo "$JOOMLA_SHA512 *joomla.{{ env.joomlaPackageType }}" | sha512sum -c -; \ mkdir /usr/src/joomla; \ {{ if env.joomlaPackageType == "tar.zst" then ( -}} tar --zstd -xf joomla.tar.zst -C /usr/src/joomla; \ {{ ) else ( -}} tar -xf joomla.tar.bz2 -C /usr/src/joomla; \ {{ ) end -}} rm joomla.{{ env.joomlaPackageType }}; \ chown -R www-data:www-data /usr/src/joomla # Copy init scripts COPY docker-entrypoint.sh /entrypoint.sh COPY makedb.php /makedb.php ENTRYPOINT ["/entrypoint.sh"] {{ if env.variant == "apache" then ( -}} CMD ["apache2-foreground"] {{ ) else ( }} CMD ["php-fpm"] {{ ) end -}}