testing #5

Merged
rama merged 2 commits from testing into main 2023-12-05 11:05:32 +01:00
3 changed files with 13 additions and 181 deletions
Showing only changes of commit 26dc8f6b4b - Show all commits

View File

@ -1,178 +0,0 @@
# Dockerfile
# Docker image for TYPO3 CMS
FROM php:8.2-apache
LABEL maintainer="Raphael Martin <raphy.martin@protonmail.ch>"
# set envirement
ENV LANG=de_AT.UTF-8
ENV APACHE_RUN_USER a2g-www
ENV TYPO3_VERSION 12.4.8
ENV TYPO3_SHA256CHECKSUM 8293b3441ec133fc8f9174fab5b88f450044ded0e188a0f12de37ad60a8bf8b3
# change apache user
RUN adduser --uid 1000 --gecos 'Apache User' --disabled-password $APACHE_RUN_USER \
&& chown -R "$APACHE_RUN_USER:$APACHE_RUN_USER" /var/lock/apache2 /var/run/apache2
# update system
RUN apt-get update -y && apt-get upgrade -y
# Install wget and locales
RUN apt-get install -y --no-install-recommends \
wget \
locales
RUN export LANG=${LANG} && \
export LC_ALL=${LANG} && \
export LC_TIME=${LANG} && \
export LANGUAGE=${LANG} && \
echo "${LANG} UTF-8" > /etc/locale.gen && \
/usr/sbin/locale-gen
# Export env vars
RUN { \
echo "export LC_ALL=${LANG}"; \
echo "export LANG=${LANG}"; \
echo "export LANGUAGE=${LANG}"; \
} >> ~/.bashrc
RUN cp ~/.bashrc /home/${APACHE_RUN_USER} && \
chown -R "$APACHE_RUN_USER:$APACHE_RUN_USER" /home/${APACHE_RUN_USER}/.bashrc
# Download TYPO3
RUN cd /tmp && \
wget -O download.tar.gz https://get.typo3.org/${TYPO3_VERSION} && \
echo "${TYPO3_SHA256CHECKSUM} /tmp/download.tar.gz" > /tmp/download.tar.gz.sum
RUN sha256sum -c "/tmp/download.tar.gz.sum"
# Install
RUN set -ex; \
\
apt-get install -y --no-install-recommends \
# Configure PHP
libxml2-dev \
libfreetype6-dev \
libjpeg62-turbo-dev \
libmcrypt-dev \
libpng-dev \
libpq-dev \
zlib1g-dev \
sendmail \
graphicsmagick
RUN docker-php-ext-configure gd --with-libdir=/usr/include/ --with-jpeg --with-freetype
RUN docker-php-ext-install -j$(nproc) \
pdo \
pdo_mysql \
soap \
gd \
opcache \
intl
RUN apt-get -y purge \
libxml2-dev libfreetype6-dev \
libjpeg62-turbo-dev \
libmcrypt-dev \
libpng-dev \
zlib1g-dev \
wget && \
apt-get autoremove -y
RUN apt-get install -y --no-install-recommends \
libzip-dev \
zip
RUN docker-php-ext-install -j$(nproc) \
zip
# Clean
RUN apt-get -y purge \
libzip-dev && \
apt-get clean && \
rm -rf /var/lib/apt/lists/* /usr/src/*
# Configure Apache
RUN set -eux; \
a2enmod alias authz_core deflate filter rewrite expires setenvif remoteip headers; \
docker-php-ext-enable opcache;
RUN set -eux; \
{ \
echo 'opcache.save_comments=1'; \
echo 'opcache.use_cwd=1'; \
echo 'opcache.validate_timestamps=1'; \
echo 'opcache.max_accelerated_files=10000'; \
echo 'opcache.revalidate_freq=30'; \
echo 'opcache.revalidate_path=0'; \
} > /usr/local/etc/php/conf.d/opcache-recommended.ini
RUN set -eux; \
{ \
echo 'memory_limit=256M'; \
echo 'max_execution_time=240'; \
echo 'max_input_vars=1500'; \
} > /usr/local/etc/php/conf.d/typo3-recommended.ini
RUN set -eux; \
{ \
echo 'post_max_size=10M'; \
echo 'upload_max_filesize=10M'; \
} > /usr/local/etc/php/conf.d/upload-recommended.ini
RUN set -eux; \
{ \
echo 'error_reporting = E_ERROR | E_WARNING | E_PARSE | E_CORE_ERROR | E_CORE_WARNING | E_COMPILE_ERROR | E_COMPILE_WARNING | E_RECOVERABLE_ERROR'; \
echo 'display_errors = Off'; \
echo 'display_startup_errors = Off'; \
echo 'log_errors = On'; \
echo 'error_log = /dev/stderr'; \
echo 'log_errors_max_len = 1024'; \
echo 'ignore_repeated_errors = On'; \
echo 'ignore_repeated_source = Off'; \
echo 'html_errors = Off'; \
} > /usr/local/etc/php/conf.d/error-logging.ini
RUN set -eux; \
{ \
echo 'RemoteIPHeader X-Forwarded-For'; \
# these IP ranges are reserved for "private" use and should thus *usually* be safe inside Docker
echo 'RemoteIPInternalProxy 10.0.0.0/8'; \
echo 'RemoteIPInternalProxy 172.16.0.0/12'; \
echo 'RemoteIPInternalProxy 192.168.0.0/16'; \
echo 'RemoteIPInternalProxy 169.254.0.0/16'; \
echo 'RemoteIPInternalProxy 127.0.0.0/8'; \
} > /etc/apache2/conf-available/remoteip.conf; \
a2enconf remoteip; \
find /etc/apache2 -type f -name '*.conf' -exec sed -ri 's/([[:space:]]*LogFormat[[:space:]]+"[^"]*)%h([^"]*")/\1%a\2/g' '{}' +
RUN cp ${PHP_INI_DIR}/php.ini-production ${PHP_INI_DIR}/php.ini
# install TYPO3 surf
# RUN mkdir /usr/local/surf && \
# curl -L https://github.com/TYPO3/Surf/releases/download/3.4.6/surf.phar -o /usr/local/surf/surf.phar && \
# chmod +x /usr/local/surf/surf.phar && \
# ln -s /usr/local/surf/surf.phar /usr/local/bin/surf
# install TYPO3
RUN tar -xzf /tmp/download.tar.gz -C /var/www/ && \
rm /tmp/download*
RUN cd /var/www/html && \
ln -s ../typo3_src-* typo3_src && \
ln -s typo3_src/index.php && \
ln -s typo3_src/typo3
RUN chown -R $APACHE_RUN_USER:$APACHE_RUN_USER /var/www/html && \
chown -R $APACHE_RUN_USER:$APACHE_RUN_USER /var/www/typo3_src-* && \
chown -R root:root /etc/apache2/sites-enabled
RUN { \
echo "ServerSignature Off"; \
echo "ServerTokens Prod"; \
} >> /etc/apache2/apache2.conf
VOLUME /var/www

View File

@ -33,9 +33,19 @@ for development:
'transport_sendmail_command' => '/usr/sbin/sendmail -bs',
and append:
and append / set:
['SYS']['features']['security.backend.enforceReferrer'] = true
['SYS'][
...
'systemLocale' => 'de_AT.UTF-8',
'reverseProxyHeaderMultiValue' => 'first',
'reverseProxyIP' => '127.0.0.1',
'features' => [
...
'security.backend.enforceReferrer] => false,
'security.backend.enforceContentSecurityPolicy' => false,
]
]
because we are behind the reverse proxy.

View File

@ -12,7 +12,7 @@ services:
typo3:
container_name: "${PROJECT_NAME}_typo3"
hostname: "${PROJECT_URL}"
build: .
image: "altogether/typo3:12.4.8-apache"
user: "1000"
networks:
- "traefik"