AcadeNice/corentin_wakdo
7
0
Fork 0
Code Issues Pull requests -2 Projects Releases Packages Wiki Activity Actions
corentin_wakdo/docker/apache/Dockerfile
Imugiii ac8b6a6791 feat(docker): complete stack with compose and 4 services 
Deliver the full Docker stack for Bloc 5 DevOps (Cr 7.c.3 and 7.c.4):

- docker/apache/    Custom httpd:2.4-alpine with hardened main config,
                    MPM event tuning and 3 vhosts (healthz, kiosk static,
                    admin reverse FCGI to wakdo-app:9000). Kiosk vhost
                    explicitly denies .php to enforce Bloc 1 isolation.
- docker/php-fpm/   Custom php:8.3-fpm-alpine3.20 with pdo_mysql, opcache,
                    intl, exif, zip and tini for signal handling.
                    Dynamic pool 3-10 workers listening on TCP 9000.
- docker/cron/      Custom alpine:3.20 with dcron, mariadb-client, gzip.
                    Nightly mysqldump at 03h00 with 14-day rotation and
                    512-byte sanity check. Purge and stats jobs templated.
- docker-compose.yml  4 services orchestrated on 2 networks (internal
                      bridge + external reverse-proxy). 2 named volumes
                      for DB and uploads, bind-mount for backups.
                      Traefik labels for 2 routers with HTTPS redirect.

Makefile adds `make backup` (manual dump) and `make backup-ls`.
.gitignore adds /var/ for backup bind-mount path.
docs/journal/2026-04-24--infra-docker.md documents 5 decisions with
alternatives, maps 16 RNCP criteria to artefacts and prepares 6 jury Q&A.

Validated: `docker compose config --quiet` passes. Smoke test deferred
to next session (requires server .env).
2026-04-24 15:59:19 +00:00

35 lines
1.5 KiB
Docker
Raw Blame History

# Wakdo - image web Apache httpd (reverse proxy FastCGI vers PHP-FPM)
#
# Base : httpd:2.4-alpine (stable, legere, maintenue par Apache Foundation).
# Role : servir les assets statiques (HTML, CSS, JS, images) et relayer les
# requetes *.php vers wakdo-app:9000 en FastCGI.
# Reseau : attache a la fois au reseau interne wakdo_internal (pour parler
# a wakdo-app) et au reseau externe du reverse proxy (pour Traefik).
FROM httpd:2.4-alpine
# httpd:2.4-alpine compile mod_proxy_fcgi mais ne le charge pas par defaut.
# On le charge dans la conf (voir httpd.conf) plutot que de rebuild l'image.
# On installe juste curl pour le healthcheck.
RUN set -eux; \
apk add --no-cache curl; \
rm -rf /var/cache/apk/* /tmp/*
# Copie de la conf projet :
# - httpd.conf : main config avec LoadModule + include vhosts
# - vhost.conf : vhosts kiosk + admin/API + reverse FCGI
# - mpm.conf : tuning MPM event (workers)
COPY httpd.conf /usr/local/apache2/conf/httpd.conf
COPY vhost.conf /usr/local/apache2/conf/extra/wakdo-vhost.conf
COPY mpm.conf /usr/local/apache2/conf/extra/wakdo-mpm.conf
# Le DocumentRoot doit exister dans l'image meme si le code source est
# bind-mounte en dev. Sans ca, Apache refuse de demarrer.
RUN mkdir -p /var/www/html/public
# Healthcheck : vhost par defaut (0.0.0.0:80) doit repondre.
# Le endpoint /healthz est defini dans vhost.conf, repond 200 "ok".
HEALTHCHECK --interval=30s --timeout=5s --start-period=5s --retries=3 \
CMD curl -fsS http://localhost/healthz || exit 1
EXPOSE 80
Reference in a new issue View git blame Copy permalink