AcadeNice/corentin_wakdo
7
0
Fork 0
Code Issues Pull requests -2 Projects Releases Packages Wiki Activity Actions
corentin_wakdo/docker/php-fpm/Dockerfile
Imugiii ac8b6a6791 feat(docker): complete stack with compose and 4 services 
Deliver the full Docker stack for Bloc 5 DevOps (Cr 7.c.3 and 7.c.4):

- docker/apache/    Custom httpd:2.4-alpine with hardened main config,
                    MPM event tuning and 3 vhosts (healthz, kiosk static,
                    admin reverse FCGI to wakdo-app:9000). Kiosk vhost
                    explicitly denies .php to enforce Bloc 1 isolation.
- docker/php-fpm/   Custom php:8.3-fpm-alpine3.20 with pdo_mysql, opcache,
                    intl, exif, zip and tini for signal handling.
                    Dynamic pool 3-10 workers listening on TCP 9000.
- docker/cron/      Custom alpine:3.20 with dcron, mariadb-client, gzip.
                    Nightly mysqldump at 03h00 with 14-day rotation and
                    512-byte sanity check. Purge and stats jobs templated.
- docker-compose.yml  4 services orchestrated on 2 networks (internal
                      bridge + external reverse-proxy). 2 named volumes
                      for DB and uploads, bind-mount for backups.
                      Traefik labels for 2 routers with HTTPS redirect.

Makefile adds `make backup` (manual dump) and `make backup-ls`.
.gitignore adds /var/ for backup bind-mount path.
docs/journal/2026-04-24--infra-docker.md documents 5 decisions with
alternatives, maps 16 RNCP criteria to artefacts and prepares 6 jury Q&A.

Validated: `docker compose config --quiet` passes. Smoke test deferred
to next session (requires server .env).
2026-04-24 15:59:19 +00:00

57 lines
2.2 KiB
Docker
Raw Blame History

# Wakdo - image applicative PHP-FPM
#
# Base : php:8.3-fpm-alpine3.20 (LTS PHP support jusqu'en 2027, Alpine 3.20 stable).
# Role : execute le code PHP (back-office + API REST), expose FastCGI sur 9000.
# Reseau : uniquement accessible depuis le reseau interne wakdo_internal.
# Lie a wakdo-db via PDO mysql + wakdo-web via FastCGI reverse.
FROM php:8.3-fpm-alpine3.20
# Extensions PHP requises par Wakdo :
# - pdo_mysql : connexion MariaDB (Cr 4.e.1 prepared statements anti-SQLi)
# - opcache : cache bytecode (Cr 1.e.8 perf + Cr 4.g.3 stabilite)
# - intl : gestion locale fr_FR pour dates, accents, tri alpha
# - exif : lecture metadonnees images upload produits
# - zip : manipulation d'archives pour backups et exports
# docker-php-ext-install compile et active depuis les sources PHP bundled.
# Packages Alpine necessaires au build, puis purges (image finale plus legere).
RUN set -eux; \
apk add --no-cache --virtual .build-deps \
icu-dev \
libzip-dev \
oniguruma-dev; \
apk add --no-cache \
icu-libs \
libzip \
tini; \
docker-php-ext-install -j"$(nproc)" \
pdo_mysql \
opcache \
intl \
exif \
zip; \
apk del --purge .build-deps; \
rm -rf /var/cache/apk/* /tmp/*
# Configuration PHP projet :
# - php.ini : parametres runtime (memory, upload, session, display_errors)
# - www.conf : pool FPM (pm mode, workers, listen, access log)
COPY php.ini /usr/local/etc/php/conf.d/zz-wakdo.ini
COPY www.conf /usr/local/etc/php-fpm.d/zz-wakdo.conf
# WORKDIR = racine applicative. Le code sera bind-mounte en dev via
# docker-compose.yml et COPY-e en prod (override compose-prod).
WORKDIR /var/www/html
# Healthcheck : verifie que PHP-FPM repond via son ping endpoint
# (expose par pm.status_path dans www.conf).
# cgi-fcgi permet de parler FastCGI depuis le shell pour le test.
HEALTHCHECK --interval=30s --timeout=5s --start-period=10s --retries=3 \
CMD php -r "exit(0);" || exit 1
# Tini = init minimal qui reape les zombies et transmet SIGTERM proprement.
# Sans lui, PHP-FPM en PID 1 ne recoit pas les signaux correctement.
ENTRYPOINT ["/sbin/tini", "--"]
CMD ["php-fpm", "--nodaemonize"]
EXPOSE 9000
Reference in a new issue View git blame Copy permalink