diff --git a/.github/workflows/buildx.yml b/.github/workflows/buildx.yml new file mode 100644 index 0000000..0199cf6 --- /dev/null +++ b/.github/workflows/buildx.yml @@ -0,0 +1,30 @@ +name: buildx +on: + push: + branches: + - master +jobs: + buildx: + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v2 + - name: Set up QEMU + uses: docker/setup-qemu-action@v1 + with: + platforms: linux/amd64,linux/arm64,linux/arm/v7,linux/arm/v6 + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v1 + - name: Login to Docker Hub + uses: docker/login-action@v1 + with: + username: ${{ secrets.DOCKERHUB_USERNAME }} + password: ${{ secrets.DOCKERHUB_PASSWORD }} + - name: Build and push + uses: docker/build-push-action@v2 + with: + context: . + file: ./Dockerfile + platforms: linux/amd64,linux/arm64,linux/arm/v7,linux/arm/v6 + tags: ${{ secrets.DOCKERHUB_USERNAME }}/h5ai:latest + push: true diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index c5830f8..b64d2d9 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -1,102 +1,87 @@ image: docker:git services: - - docker:dind +- docker:dind stages: - - build_image - - tag_latest +- build_image before_script: - - docker login -u "${CI_REGISTRY_USER}" -p "${CI_JOB_TOKEN}" "${CI_REGISTRY}" +- docker login -u "${CI_REGISTRY_USER}" -p "${CI_JOB_TOKEN}" "${CI_REGISTRY}" -### -## BUILD IMAGE -# -# Default branches (master/dev) build_image.default: stage: build_image script: - - docker build --pull - --build-arg BUILD_NAME="${CI_PROJECT_NAME}" - --build-arg BUILD_DATE="$(date '+%FT%T.%s%z')" - --build-arg BUILD_VCSREF="${CI_COMMIT_SHA:0:8}" - -t "${CI_REGISTRY_IMAGE}:branch-${CI_COMMIT_REF_NAME}" . - - docker push "${CI_REGISTRY_IMAGE}:branch-${CI_COMMIT_REF_NAME}" + - docker buildx create --driver docker-container --use + - docker buildx build + --provenance=false + --pull + --build-arg BUILD_NAME="${CI_PROJECT_NAME}" + --build-arg BUILD_DATE="$(date '+%FT%T.%s%z')" + --build-arg BUILD_VCSREF="${CI_COMMIT_SHA:0:8}" + --platform=linux/arm64,linux/amd64,linux/arm/v7 + --push + -t "${CI_REGISTRY_IMAGE}:${CI_COMMIT_REF_NAME}" + . only: - - master - - dev + - master except: - - tags - tags: - - tractor + - tags -# Issue branches (^[0-9]+-.*]) -# Strip branch name branch ID build_image.feature: stage: build_image script: - - docker build --pull - --build-arg BUILD_NAME="${CI_PROJECT_NAME}" - --build-arg BUILD_DATE="$(date '+%FT%T.%s%z')" - --build-arg BUILD_VCSREF="${CI_COMMIT_SHA:0:8}" - -t "${CI_REGISTRY_IMAGE}:branch-${CI_COMMIT_REF_NAME%%-*}" . - - docker push "${CI_REGISTRY_IMAGE}:branch-${CI_COMMIT_REF_NAME%%-*}" + - docker buildx create --driver docker-container --use + - docker buildx build + --provenance=false + --pull + --build-arg BUILD_NAME="${CI_PROJECT_NAME}" + --build-arg BUILD_DATE="$(date '+%FT%T.%s%z')" + --build-arg BUILD_VCSREF="${CI_COMMIT_SHA:0:8}" + --platform=linux/arm64,linux/amd64,linux/arm/v7 + --push + -t "${CI_REGISTRY_IMAGE}:${CI_COMMIT_REF_NAME%%-*}" + . only: - - /^[0-9]+-.*$/ + - "/^[0-9]+-.*$/" except: - - tags - tags: - - tractor + - tags -# Non Standard branches (^[a-zA-Z]+.*) -# Strip branch name to 128 char max build_image.nonstd: stage: build_image script: - - docker build --pull - --build-arg BUILD_NAME="${CI_PROJECT_NAME}" - --build-arg BUILD_DATE="$(date '+%FT%T.%s%z')" - --build-arg BUILD_VCSREF="${CI_COMMIT_SHA:0:8}" - -t "${CI_REGISTRY_IMAGE}:branch-${CI_COMMIT_REF_NAME:0:128}" . - - docker push "${CI_REGISTRY_IMAGE}:branch-${CI_COMMIT_REF_NAME:0:128}" + - docker buildx create --driver docker-container --use + - docker buildx build + --provenance=false + --pull + --build-arg BUILD_NAME="${CI_PROJECT_NAME}" + --build-arg BUILD_DATE="$(date '+%FT%T.%s%z')" + --build-arg BUILD_VCSREF="${CI_COMMIT_SHA:0:8}" + --platform=linux/arm64,linux/amd64,linux/arm/v7 + --push + -t "${CI_REGISTRY_IMAGE}:${CI_COMMIT_REF_NAME:0:128}" + . only: - - /^[a-zA-Z]+.*$/ + - "/^[a-zA-Z]+.*$/" except: - - master - - dev - - tags - tags: - - tractor + - master + - dev + - tags -# TAGS build_image.tag: stage: build_image script: - - docker build --pull - --build-arg BUILD_NAME="${CI_PROJECT_NAME}" - --build-arg BUILD_DATE="$(date '+%FT%T.%s%z')" - --build-arg BUILD_VCSREF="${CI_COMMIT_REF_NAME}" - -t "${CI_REGISTRY_IMAGE}:${CI_COMMIT_REF_NAME}" . - - docker push "${CI_REGISTRY_IMAGE}:${CI_COMMIT_REF_NAME}" + - docker buildx create --driver docker-container --use + - docker buildx build + --provenance=false + --pull + --build-arg BUILD_NAME="${CI_PROJECT_NAME}" + --build-arg BUILD_DATE="$(date '+%FT%T.%s%z')" + --build-arg BUILD_VCSREF="${CI_COMMIT_SHA:0:8}" + --platform=linux/arm64,linux/amd64,linux/arm/v7 + --push + -t "${CI_REGISTRY_IMAGE}:${CI_COMMIT_REF_NAME}" + -t "${CI_REGISTRY_IMAGE}:latest" + . only: - - tags - tags: - - tractor - -### -## TAG IMAGE -# -# Tag latest on master branch -tag_image.latest: - stage: tag_latest - script: - - docker pull "${CI_REGISTRY_IMAGE}:branch-${CI_COMMIT_REF_NAME}" - - docker tag "${CI_REGISTRY_IMAGE}:branch-${CI_COMMIT_REF_NAME}" "${CI_REGISTRY_IMAGE}:latest" - - docker push "${CI_REGISTRY_IMAGE}:latest" - only: - - master - except: - - tags - tags: - - tractor + - tags diff --git a/Dockerfile b/Dockerfile index 132f4dc..8e3cb1e 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,41 +1,66 @@ -FROM node:slim as builder +FROM node:16-alpine as builder -ARG H5AI_VERSION=0.29.0 +ENV H5AI_VERSION=0.30.0 -RUN apt-get update \ - && apt-get --no-install-recommends -y install \ - git-core \ - patch \ +RUN apk add --no-cache git patch \ && git clone https://github.com/lrsjng/h5ai.git \ && cd h5ai \ && git checkout -b ${H5AI_VERSION} tags/v${H5AI_VERSION} \ && npm install \ - && npm audit fix \ && npm run build COPY class-setup.php.patch /class-setup.php.patch RUN patch -p1 -u -d /h5ai/build/_h5ai/private/php/core/ -i /class-setup.php.patch \ && rm /class-setup.php.patch -FROM alpine:3.7 +FROM nginx:1.25-alpine-slim -LABEL maintainer "benj.saiz@gmail.com" +LABEL maintainer="pad92" \ + org.label-schema.url="https://github.com/pad92/docker-h5ai/blob/master/README.md" \ + org.label-schema.build-date=$BUILD_DATE \ + org.label-schema.version=$H5AI_VERSION \ + org.label-schema.vcs-url="https://github.com/pad92/docker-h5ai.git" \ + org.label-schema.vcs-ref=$BUILD_VCSREF \ + org.label-schema.docker.dockerfile="/Dockerfile" \ + org.label-schema.description="h5ai on alpine docker image" \ + org.label-schema.schema-version="1.0" RUN apk add --no-cache \ - nginx \ + apache2-utils \ + curl \ ffmpeg \ - graphicsmagick \ - php7-fpm php7-curl php7-iconv php7-xml php7-dom php7-json php7-zip php7-session php7-gd + imagemagick \ + php81 \ + php81-exif \ + php81-fileinfo \ + php81-fpm \ + php81-gd \ + php81-intl \ + php81-json \ + php81-mbstring \ + php81-opcache \ + php81-openssl \ + php81-pecl-imagick \ + php81-session \ + php81-simplexml \ + php81-xml \ + php81-xmlwriter \ + php81-zip \ + supervisor \ + tzdata \ + zip COPY --from=builder /h5ai/build/_h5ai /usr/share/h5ai/_h5ai COPY slash/ / -RUN sed -i '/txt;$/ a text/plain cfg;' /etc/nginx/mime.types \ - && sed -i '/txt;$/ a text/plain ini;' /etc/nginx/mime.types \ +RUN ln -sf /dev/stderr /var/log/php81/error.log \ + && ln -sf /dev/stdout /var/log/nginx/access.log \ + && ln -sf /dev/stderr /var/log/nginx/error.log \ && chown nginx:www-data /usr/share/h5ai/_h5ai/public/cache/ \ && chown nginx:www-data /usr/share/h5ai/_h5ai/private/cache/ EXPOSE 80 -CMD ["/entrypoint.sh"] +CMD supervisord -c /etc/supervisor/conf.d/supervisord.conf +HEALTHCHECK CMD curl -I --fail http://localhost/ || exit 1 diff --git a/LICENSE b/LICENSE new file mode 100644 index 0000000..f286e5b --- /dev/null +++ b/LICENSE @@ -0,0 +1,21 @@ +MIT License + +Copyright (c) 2019 OurContainers + +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is +furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in all +copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +SOFTWARE. diff --git a/README.md b/README.md index 7e90af5..4d858e3 100644 --- a/README.md +++ b/README.md @@ -2,15 +2,25 @@ [h5ai project](https://larsjung.de/h5ai/) +[![GitHub issues](https://img.shields.io/github/issues/pad92/docker-h5ai.svg)](https://github.com/pad92/docker-h5ai) [![Docker Automated build](https://img.shields.io/docker/automated/pad92/docker-h5ai.svg?maxAge=2592000)](https://hub.docker.com/r/pad92/docker-h5ai/) [![Docker Pulls](https://img.shields.io/docker/pulls/pad92/docker-h5ai.svg)](https://hub.docker.com/r/pad92/docker-h5ai/) + +# Usage + +## Commun + ``` -docker container run -it -p 80:80 -v $PWD/sharing-file:/share akit042/docker-h5ai +docker container run -it -p 80:80 \ + -v $PWD/sharing-file:/share \ + pad92/docker-h5ai ``` -for overide options.json +## With custom h5ai options + +For overide [options.json](https://raw.githubusercontent.com/lrsjng/h5ai/v0.29.0/src/_h5ai/private/conf/options.json) file is into `/usr/share/h5ai/_h5ai/private/conf/options.json` ``` docker container run -it -p 80:80 \ -v $PWD/sharing-file:/share \ -v $PWD/options.json:/usr/share/h5ai/_h5ai/private/conf/options.json \ - akit042/docker-h5ai + pad92/docker-h5ai ``` diff --git a/docker-compose.yml b/docker-compose.yml new file mode 100644 index 0000000..cf303d0 --- /dev/null +++ b/docker-compose.yml @@ -0,0 +1,11 @@ +version: '3' +services: + h5ai-devel: + build: + context: . + dockerfile: Dockerfile + image: h5ai-devel + ports: + - 8888:80 + volumes: + - .:/share:ro diff --git a/slash/entrypoint.sh b/slash/entrypoint.sh deleted file mode 100755 index e1de7aa..0000000 --- a/slash/entrypoint.sh +++ /dev/null @@ -1,3 +0,0 @@ -#!/bin/sh -nohup sh -c $(php-fpm7 --nodaemonize --fpm-config /etc/php7/php-fpm.conf) & -nginx diff --git a/slash/etc/nginx/mime.types b/slash/etc/nginx/mime.types new file mode 100644 index 0000000..0b7e927 --- /dev/null +++ b/slash/etc/nginx/mime.types @@ -0,0 +1,97 @@ +types { + text/html html htm shtml; + text/css css; + text/xml xml; + image/gif gif; + image/jpeg jpeg jpg; + application/javascript js; + application/atom+xml atom; + application/rss+xml rss; + + text/mathml mml; + text/plain txt nfo ini cfg; + text/markdown md; + text/vnd.sun.j2me.app-descriptor jad; + text/vnd.wap.wml wml; + text/x-component htc; + + image/png png; + image/svg+xml svg svgz; + image/tiff tif tiff; + image/vnd.wap.wbmp wbmp; + image/webp webp; + image/x-icon ico; + image/x-jng jng; + image/x-ms-bmp bmp; + + font/woff woff; + font/woff2 woff2; + + application/java-archive jar war ear; + application/json json; + application/mac-binhex40 hqx; + application/msword doc; + application/pdf pdf; + application/postscript ps eps ai; + application/rtf rtf; + application/vnd.apple.mpegurl m3u8; + application/vnd.google-earth.kml+xml kml; + application/vnd.google-earth.kmz kmz; + application/vnd.ms-excel xls; + application/vnd.ms-fontobject eot; + application/vnd.ms-powerpoint ppt; + application/vnd.oasis.opendocument.graphics odg; + application/vnd.oasis.opendocument.presentation odp; + application/vnd.oasis.opendocument.spreadsheet ods; + application/vnd.oasis.opendocument.text odt; + application/vnd.openxmlformats-officedocument.presentationml.presentation + pptx; + application/vnd.openxmlformats-officedocument.spreadsheetml.sheet + xlsx; + application/vnd.openxmlformats-officedocument.wordprocessingml.document + docx; + application/vnd.wap.wmlc wmlc; + application/x-7z-compressed 7z; + application/x-cocoa cco; + application/x-java-archive-diff jardiff; + application/x-java-jnlp-file jnlp; + application/x-makeself run; + application/x-perl pl pm; + application/x-pilot prc pdb; + application/x-rar-compressed rar; + application/x-redhat-package-manager rpm; + application/x-sea sea; + application/x-shockwave-flash swf; + application/x-stuffit sit; + application/x-tcl tcl tk; + application/x-x509-ca-cert der pem crt; + application/x-xpinstall xpi; + application/xhtml+xml xhtml; + application/xspf+xml xspf; + application/zip zip; + + application/octet-stream bin exe dll; + application/octet-stream deb; + application/octet-stream dmg; + application/octet-stream iso img; + application/octet-stream msi msp msm; + + audio/midi mid midi kar; + audio/mpeg mp3; + audio/ogg ogg; + audio/x-m4a m4a; + audio/x-realaudio ra; + + video/3gpp 3gpp 3gp; + video/mp2t ts; + video/mp4 mp4; + video/mpeg mpeg mpg; + video/quicktime mov; + video/webm webm; + video/x-flv flv; + video/x-m4v m4v; + video/x-mng mng; + video/x-ms-asf asx asf; + video/x-ms-wmv wmv; + video/x-msvideo avi; +} diff --git a/slash/etc/nginx/nginx.conf b/slash/etc/nginx/nginx.conf index fa8e2be..24fbcf7 100644 --- a/slash/etc/nginx/nginx.conf +++ b/slash/etc/nginx/nginx.conf @@ -11,7 +11,16 @@ http { include /etc/nginx/mime.types; default_type application/octet-stream; - access_log off; + log_format main_ext '$http_x_forwarded_for - $remote_user [$time_local] "$request" ' + '$status $body_bytes_sent "$http_referer" ' + '"$http_user_agent" "$http_x_forwarded_for" ' + '"$host" sn="$server_name" ' + 'rt=$request_time ' + 'ua="$upstream_addr" us="$upstream_status" ' + 'ut="$upstream_response_time" ul="$upstream_response_length" ' + 'cs=$upstream_cache_status' ; + + access_log /var/log/nginx/access.log main_ext; error_log /var/log/nginx/error.log error; sendfile on; @@ -56,8 +65,10 @@ http { try_files $uri $uri/ =404; location /_h5ai { - root /usr/share/h5ai/; - location /_h5ai/public/index.php { + root /usr/share/h5ai/; + location /_h5ai/public/index.php { + #auth_basic "Restricted"; + #auth_basic_user_file /etc/nginx/.htpasswd; try_files $uri =404; fastcgi_index index.php; fastcgi_pass unix:/var/run/php-fpm.sock; @@ -67,4 +78,3 @@ http { } } } - diff --git a/slash/etc/php81/conf.d/opcache.ini b/slash/etc/php81/conf.d/opcache.ini new file mode 100644 index 0000000..a30b6ae --- /dev/null +++ b/slash/etc/php81/conf.d/opcache.ini @@ -0,0 +1,4 @@ +[opcache] +opcache.enable=1 +opcache.jit_buffer_size=100M +opcache.jit=tracing diff --git a/slash/etc/php7/php-fpm.conf b/slash/etc/php81/php-fpm.conf similarity index 58% rename from slash/etc/php7/php-fpm.conf rename to slash/etc/php81/php-fpm.conf index a4a3462..cf0464c 100644 --- a/slash/etc/php7/php-fpm.conf +++ b/slash/etc/php81/php-fpm.conf @@ -5,10 +5,9 @@ listen = /var/run/php-fpm.sock listen.owner = nginx listen.mode = 0666 pm = dynamic -pm.max_children = 4 -pm.start_servers = 3 -pm.min_spare_servers = 2 -pm.max_spare_servers = 4 -pm.max_requests = 200 +pm.max_children = 5 +pm.start_servers = 2 +pm.min_spare_servers = 1 +pm.max_spare_servers = 3 catch_workers_output = yes clear_env = no diff --git a/slash/etc/supervisor/conf.d/supervisord.conf b/slash/etc/supervisor/conf.d/supervisord.conf new file mode 100644 index 0000000..403da18 --- /dev/null +++ b/slash/etc/supervisor/conf.d/supervisord.conf @@ -0,0 +1,24 @@ +[supervisord] +nodaemon=true + +[program:php81-fpm] +command=/usr/sbin/php-fpm81 --nodaemonize --fpm-config /etc/php81/php-fpm.conf +process_name=%(program_name)s_%(process_num)02d +numprocs=1 +autostart=true +autorestart=false +startsecs=0 +redirect_stderr=true +stdout_logfile=/dev/stdout +stdout_logfile_maxbytes=0 + +[program:nginx] +command=/usr/local/bin/nginx_auth.sh +process_name=%(program_name)s_%(process_num)02d +numprocs=1 +autostart=true +autorestart=false +startsecs=0 +redirect_stderr=true +stdout_logfile=/dev/stdout +stdout_logfile_maxbytes=0 diff --git a/slash/usr/local/bin/nginx_auth.sh b/slash/usr/local/bin/nginx_auth.sh new file mode 100755 index 0000000..8b738ff --- /dev/null +++ b/slash/usr/local/bin/nginx_auth.sh @@ -0,0 +1,10 @@ +#!/bin/sh + +HTPASSWD=$(/usr/bin/htpasswd -cb /etc/nginx/.htpasswd ${ENV_U} ${ENV_P} 2>/dev/null 1>&2 ) + +if [ $? -eq 0 ]; then + sed -i 's/#auth_/auth_/g' /etc/nginx/nginx.conf +fi + + +/usr/sbin/nginx -c /etc/nginx/nginx.conf