testing #5
178
Dockerfile
178
Dockerfile
@ -1,178 +0,0 @@
|
||||
# Dockerfile
|
||||
|
||||
# Docker image for TYPO3 CMS
|
||||
FROM php:8.2-apache
|
||||
|
||||
LABEL maintainer="Raphael Martin <raphy.martin@protonmail.ch>"
|
||||
|
||||
# set envirement
|
||||
ENV LANG=de_AT.UTF-8
|
||||
ENV APACHE_RUN_USER a2g-www
|
||||
ENV TYPO3_VERSION 12.4.8
|
||||
ENV TYPO3_SHA256CHECKSUM 8293b3441ec133fc8f9174fab5b88f450044ded0e188a0f12de37ad60a8bf8b3
|
||||
|
||||
# change apache user
|
||||
RUN adduser --uid 1000 --gecos 'Apache User' --disabled-password $APACHE_RUN_USER \
|
||||
&& chown -R "$APACHE_RUN_USER:$APACHE_RUN_USER" /var/lock/apache2 /var/run/apache2
|
||||
|
||||
# update system
|
||||
RUN apt-get update -y && apt-get upgrade -y
|
||||
|
||||
# Install wget and locales
|
||||
RUN apt-get install -y --no-install-recommends \
|
||||
wget \
|
||||
locales
|
||||
|
||||
RUN export LANG=${LANG} && \
|
||||
export LC_ALL=${LANG} && \
|
||||
export LC_TIME=${LANG} && \
|
||||
export LANGUAGE=${LANG} && \
|
||||
echo "${LANG} UTF-8" > /etc/locale.gen && \
|
||||
/usr/sbin/locale-gen
|
||||
|
||||
# Export env vars
|
||||
RUN { \
|
||||
echo "export LC_ALL=${LANG}"; \
|
||||
echo "export LANG=${LANG}"; \
|
||||
echo "export LANGUAGE=${LANG}"; \
|
||||
} >> ~/.bashrc
|
||||
|
||||
RUN cp ~/.bashrc /home/${APACHE_RUN_USER} && \
|
||||
chown -R "$APACHE_RUN_USER:$APACHE_RUN_USER" /home/${APACHE_RUN_USER}/.bashrc
|
||||
|
||||
# Download TYPO3
|
||||
RUN cd /tmp && \
|
||||
wget -O download.tar.gz https://get.typo3.org/${TYPO3_VERSION} && \
|
||||
echo "${TYPO3_SHA256CHECKSUM} /tmp/download.tar.gz" > /tmp/download.tar.gz.sum
|
||||
|
||||
RUN sha256sum -c "/tmp/download.tar.gz.sum"
|
||||
|
||||
# Install
|
||||
RUN set -ex; \
|
||||
\
|
||||
apt-get install -y --no-install-recommends \
|
||||
# Configure PHP
|
||||
libxml2-dev \
|
||||
libfreetype6-dev \
|
||||
libjpeg62-turbo-dev \
|
||||
libmcrypt-dev \
|
||||
libpng-dev \
|
||||
libpq-dev \
|
||||
zlib1g-dev \
|
||||
sendmail \
|
||||
graphicsmagick
|
||||
|
||||
RUN docker-php-ext-configure gd --with-libdir=/usr/include/ --with-jpeg --with-freetype
|
||||
|
||||
RUN docker-php-ext-install -j$(nproc) \
|
||||
pdo \
|
||||
pdo_mysql \
|
||||
soap \
|
||||
gd \
|
||||
opcache \
|
||||
intl
|
||||
|
||||
RUN apt-get -y purge \
|
||||
libxml2-dev libfreetype6-dev \
|
||||
libjpeg62-turbo-dev \
|
||||
libmcrypt-dev \
|
||||
libpng-dev \
|
||||
zlib1g-dev \
|
||||
wget && \
|
||||
apt-get autoremove -y
|
||||
|
||||
RUN apt-get install -y --no-install-recommends \
|
||||
libzip-dev \
|
||||
zip
|
||||
|
||||
RUN docker-php-ext-install -j$(nproc) \
|
||||
zip
|
||||
|
||||
# Clean
|
||||
RUN apt-get -y purge \
|
||||
libzip-dev && \
|
||||
apt-get clean && \
|
||||
rm -rf /var/lib/apt/lists/* /usr/src/*
|
||||
|
||||
# Configure Apache
|
||||
|
||||
RUN set -eux; \
|
||||
a2enmod alias authz_core deflate filter rewrite expires setenvif remoteip headers; \
|
||||
docker-php-ext-enable opcache;
|
||||
|
||||
RUN set -eux; \
|
||||
{ \
|
||||
echo 'opcache.save_comments=1'; \
|
||||
echo 'opcache.use_cwd=1'; \
|
||||
echo 'opcache.validate_timestamps=1'; \
|
||||
echo 'opcache.max_accelerated_files=10000'; \
|
||||
echo 'opcache.revalidate_freq=30'; \
|
||||
echo 'opcache.revalidate_path=0'; \
|
||||
} > /usr/local/etc/php/conf.d/opcache-recommended.ini
|
||||
|
||||
RUN set -eux; \
|
||||
{ \
|
||||
echo 'memory_limit=256M'; \
|
||||
echo 'max_execution_time=240'; \
|
||||
echo 'max_input_vars=1500'; \
|
||||
} > /usr/local/etc/php/conf.d/typo3-recommended.ini
|
||||
|
||||
RUN set -eux; \
|
||||
{ \
|
||||
echo 'post_max_size=10M'; \
|
||||
echo 'upload_max_filesize=10M'; \
|
||||
} > /usr/local/etc/php/conf.d/upload-recommended.ini
|
||||
|
||||
RUN set -eux; \
|
||||
{ \
|
||||
echo 'error_reporting = E_ERROR | E_WARNING | E_PARSE | E_CORE_ERROR | E_CORE_WARNING | E_COMPILE_ERROR | E_COMPILE_WARNING | E_RECOVERABLE_ERROR'; \
|
||||
echo 'display_errors = Off'; \
|
||||
echo 'display_startup_errors = Off'; \
|
||||
echo 'log_errors = On'; \
|
||||
echo 'error_log = /dev/stderr'; \
|
||||
echo 'log_errors_max_len = 1024'; \
|
||||
echo 'ignore_repeated_errors = On'; \
|
||||
echo 'ignore_repeated_source = Off'; \
|
||||
echo 'html_errors = Off'; \
|
||||
} > /usr/local/etc/php/conf.d/error-logging.ini
|
||||
|
||||
RUN set -eux; \
|
||||
{ \
|
||||
echo 'RemoteIPHeader X-Forwarded-For'; \
|
||||
# these IP ranges are reserved for "private" use and should thus *usually* be safe inside Docker
|
||||
echo 'RemoteIPInternalProxy 10.0.0.0/8'; \
|
||||
echo 'RemoteIPInternalProxy 172.16.0.0/12'; \
|
||||
echo 'RemoteIPInternalProxy 192.168.0.0/16'; \
|
||||
echo 'RemoteIPInternalProxy 169.254.0.0/16'; \
|
||||
echo 'RemoteIPInternalProxy 127.0.0.0/8'; \
|
||||
} > /etc/apache2/conf-available/remoteip.conf; \
|
||||
a2enconf remoteip; \
|
||||
find /etc/apache2 -type f -name '*.conf' -exec sed -ri 's/([[:space:]]*LogFormat[[:space:]]+"[^"]*)%h([^"]*")/\1%a\2/g' '{}' +
|
||||
|
||||
RUN cp ${PHP_INI_DIR}/php.ini-production ${PHP_INI_DIR}/php.ini
|
||||
|
||||
# install TYPO3 surf
|
||||
# RUN mkdir /usr/local/surf && \
|
||||
# curl -L https://github.com/TYPO3/Surf/releases/download/3.4.6/surf.phar -o /usr/local/surf/surf.phar && \
|
||||
# chmod +x /usr/local/surf/surf.phar && \
|
||||
# ln -s /usr/local/surf/surf.phar /usr/local/bin/surf
|
||||
|
||||
# install TYPO3
|
||||
RUN tar -xzf /tmp/download.tar.gz -C /var/www/ && \
|
||||
rm /tmp/download*
|
||||
|
||||
RUN cd /var/www/html && \
|
||||
ln -s ../typo3_src-* typo3_src && \
|
||||
ln -s typo3_src/index.php && \
|
||||
ln -s typo3_src/typo3
|
||||
|
||||
RUN chown -R $APACHE_RUN_USER:$APACHE_RUN_USER /var/www/html && \
|
||||
chown -R $APACHE_RUN_USER:$APACHE_RUN_USER /var/www/typo3_src-* && \
|
||||
chown -R root:root /etc/apache2/sites-enabled
|
||||
|
||||
RUN { \
|
||||
echo "ServerSignature Off"; \
|
||||
echo "ServerTokens Prod"; \
|
||||
} >> /etc/apache2/apache2.conf
|
||||
|
||||
VOLUME /var/www
|
14
README.md
14
README.md
@ -33,9 +33,19 @@ for development:
|
||||
|
||||
'transport_sendmail_command' => '/usr/sbin/sendmail -bs',
|
||||
|
||||
and append:
|
||||
and append / set:
|
||||
|
||||
['SYS']['features']['security.backend.enforceReferrer'] = true
|
||||
['SYS'][
|
||||
...
|
||||
'systemLocale' => 'de_AT.UTF-8',
|
||||
'reverseProxyHeaderMultiValue' => 'first',
|
||||
'reverseProxyIP' => '127.0.0.1',
|
||||
'features' => [
|
||||
...
|
||||
'security.backend.enforceReferrer] => false,
|
||||
'security.backend.enforceContentSecurityPolicy' => false,
|
||||
]
|
||||
]
|
||||
|
||||
because we are behind the reverse proxy.
|
||||
|
||||
|
@ -12,7 +12,7 @@ services:
|
||||
typo3:
|
||||
container_name: "${PROJECT_NAME}_typo3"
|
||||
hostname: "${PROJECT_URL}"
|
||||
build: .
|
||||
image: "altogether/typo3:12.4.8-apache"
|
||||
user: "1000"
|
||||
networks:
|
||||
- "traefik"
|
||||
|
Loading…
Reference in New Issue
Block a user