export source code

Author: pereorga

.docker/apache/vhost.conf

@@ -0,0 +1,60 @@
+ServerName localhost
+
+<VirtualHost *:80>
+    ServerName pccd.dites.cat
+    AddDefaultCharset utf-8
+    AddCharset utf-8 .css .js .svg .xml
+    DocumentRoot /srv/app/docroot
+    ErrorDocument 400 /400.html
+    ErrorDocument 401 /401.html
+    ErrorDocument 403 /403.html
+    ErrorDocument 404 /404.html
+    ErrorDocument 500 /500.html
+    FileETag None
+    ErrorLog /var/log/apache2/error.log
+    CustomLog /var/log/apache2/access.log combined
+
+    <Directory "/srv/app/docroot">
+        Require all granted
+        AllowOverride None
+    </Directory>
+
+    # Route all non-file requests to index.php (routing handled in PHP).
+    FallbackResource /index.php
+
+    <IfModule mod_headers.c>
+        Header always set Cross-Origin-Opener-Policy "same-origin"
+        Header always set Strict-Transport-Security "max-age=31536000"
+        Header always set X-Content-Type-Options "nosniff"
+
+        <FilesMatch "(?i)\.(avif|css|gif|ico|jpg|js|mp3|png|svg|webp)$">
+            Header set Cache-Control "public, max-age=31536000, immutable"
+        </FilesMatch>
+    </IfModule>
+
+    <IfModule mod_filter.c>
+        <IfModule mod_brotli.c>
+            AddOutputFilterByType BROTLI_COMPRESS application/javascript
+            AddOutputFilterByType BROTLI_COMPRESS application/json
+            AddOutputFilterByType BROTLI_COMPRESS application/xml
+            AddOutputFilterByType BROTLI_COMPRESS image/svg+xml
+            AddOutputFilterByType BROTLI_COMPRESS text/css
+            AddOutputFilterByType BROTLI_COMPRESS text/html
+            AddOutputFilterByType BROTLI_COMPRESS text/javascript
+            AddOutputFilterByType BROTLI_COMPRESS text/plain
+            AddOutputFilterByType BROTLI_COMPRESS text/xml
+        </IfModule>
+
+        <IfModule mod_deflate.c>
+            AddOutputFilterByType DEFLATE application/javascript
+            AddOutputFilterByType DEFLATE application/json
+            AddOutputFilterByType DEFLATE application/xml
+            AddOutputFilterByType DEFLATE image/svg+xml
+            AddOutputFilterByType DEFLATE text/css
+            AddOutputFilterByType DEFLATE text/html
+            AddOutputFilterByType DEFLATE text/javascript
+            AddOutputFilterByType DEFLATE text/plain
+            AddOutputFilterByType DEFLATE text/xml
+        </IfModule>
+    </IfModule>
+</VirtualHost>

.docker/build.Dockerfile

@@ -0,0 +1,16 @@
+# Unpinned version intentional - this image is rarely used
+FROM debian:stable-slim
+LABEL maintainer="Pere Orga pere@orga.cat"
+LABEL description="Debian-based image for building a new release 100% inside Docker (not usually tested)."
+
+WORKDIR /srv/app
+
+COPY apt_dev_deps.txt .
+
+# hadolint ignore=SC2046 # We want word splitting to pass packages as separate arguments
+RUN apt-get update \
+    && apt-get install --no-install-recommends -y $(cat apt_dev_deps.txt) \
+    && apt-get clean \
+    && rm -rf /var/lib/apt/lists/*
+
+RUN npx playwright install --with-deps chromium

.docker/dev.Dockerfile

@@ -0,0 +1,61 @@
+ARG PHP_IMAGE_TAG=8.5.2-apache-trixie
+
+FROM php:${PHP_IMAGE_TAG}
+LABEL maintainer="Pere Orga pere@orga.cat"
+LABEL description="Debian-based image with Apache and mod_php. Used for development."
+
+ARG DOCKER_PHP_EXTENSION_INSTALLER_VERSION=2.9.30
+ARG profiler
+
+WORKDIR /srv/app
+
+# Install install-php-extensions
+ADD --chmod=0755 https://github.com/mlocati/docker-php-extension-installer/releases/download/${DOCKER_PHP_EXTENSION_INSTALLER_VERSION}/install-php-extensions /usr/local/bin/
+
+# Remove some Apache default settings provided by Debian
+# Enable Apache modules
+# Use PHP default development settings
+# Install PHP extensions (intl is used for offline reports)
+RUN rm -f /etc/apache2/mods-enabled/deflate.conf /etc/apache2/mods-enabled/alias.conf && \
+    a2enmod headers brotli && \
+    cat /usr/local/etc/php/php.ini-development > /usr/local/etc/php/php.ini && \
+    install-php-extensions apcu gd intl pdo_mysql
+
+# Copy configuration files
+COPY .docker/apache/vhost.conf /etc/apache2/sites-available/000-default.conf
+
+# Project files are mounted via volume in docker-compose.yml
+
+# SPX profiler
+RUN if [ "$profiler" = "spx" ]; then \
+        install-php-extensions spx && \
+        { \
+        echo "[spx]"; \
+        echo "spx.http_enabled = 1"; \
+        echo "spx.http_ip_whitelist = \"*\""; \
+        echo "spx.http_key = \"dev\""; \
+        } > /usr/local/etc/php/conf.d/spx.ini; \
+    fi
+
+# XHProf profiler
+RUN if [ "$profiler" = "xhprof" ]; then \
+        install-php-extensions xhprof && \
+        sed -i '/<\/VirtualHost>/d' /etc/apache2/sites-available/000-default.conf && \
+        { \
+        echo "Alias /admin/xhprof /usr/local/lib/php/xhprof_html"; \
+        echo "<Directory /usr/local/lib/php/xhprof_html/>"; \
+        echo "    Options Indexes FollowSymLinks"; \
+        echo "    AllowOverride FileInfo"; \
+        echo "    Require all granted"; \
+        echo "    php_value auto_prepend_file none"; \
+        echo "    php_value memory_limit 1024M"; \
+        echo "</Directory>"; \
+        } >> /etc/apache2/sites-available/000-default.conf; \
+        echo '</VirtualHost>' >> /etc/apache2/sites-available/000-default.conf && \
+        { \
+        echo "[xhprof]"; \
+        echo "auto_prepend_file = /srv/app/src/xhprof.php"; \
+        echo "xhprof.collect_additional_info = 1"; \
+        echo "xhprof.output_dir = /tmp"; \
+        } > /usr/local/etc/php/conf.d/xhprof.ini; \
+    fi

.docker/fpm.Dockerfile

@@ -0,0 +1,49 @@
+FROM alpine:3.23
+LABEL maintainer="Pere Orga pere@orga.cat"
+LABEL description="Alpine-based image with PHP-FPM for improved concurrency."
+
+# Using Alpine's PHP packages instead of official php:fpm-alpine image avoids the need for
+# docker-php-ext-install or install-php-extensions, and apk is faster for installing extensions.
+ARG PHP_VERSION=85
+
+# ENV from ARGs needed for production deployment (values baked into image at build time)
+ARG ARG_MYSQL_DB
+ARG ARG_MYSQL_PWD
+ARG ARG_MYSQL_USER
+ARG ARG_WEB_ADMIN_PWD
+ENV MYSQL_DATABASE=${ARG_MYSQL_DB}
+ENV MYSQL_PASSWORD=${ARG_MYSQL_PWD}
+ENV MYSQL_USER=${ARG_MYSQL_USER}
+ENV WEB_ADMIN_PASSWORD=${ARG_WEB_ADMIN_PWD}
+
+WORKDIR /srv/app
+
+RUN apk --no-cache --update add \
+    php${PHP_VERSION}-fpm \
+    php${PHP_VERSION}-apcu \
+    php${PHP_VERSION}-gd \
+    php${PHP_VERSION}-mbstring \
+    php${PHP_VERSION}-pdo_mysql \
+    php${PHP_VERSION}-session && \
+    ln -s /usr/sbin/php-fpm${PHP_VERSION} /usr/sbin/php-fpm
+
+COPY .docker/php/performance.ini /etc/php${PHP_VERSION}/conf.d/performance.ini
+COPY .docker/php/security.ini /etc/php${PHP_VERSION}/conf.d/security.ini
+COPY .docker/php/fpm.conf /etc/php${PHP_VERSION}/php-fpm.d/zzz-docker.conf
+
+# Add only the specific files/directories accessed by PHP itself
+COPY src ./src
+COPY docroot/index.php ./docroot/
+# Some error pages are referenced by both PHP and the HTTP server config
+COPY docroot/404.html ./docroot/
+COPY docroot/500.html ./docroot/
+COPY docroot/admin/index.php ./docroot/admin/
+# CSS/JS are inlined by PHP
+COPY docroot/css ./docroot/css
+COPY docroot/js ./docroot/js
+# Report data and db date (used by some reports and runtime)
+COPY data ./data
+
+EXPOSE 9000
+
+CMD ["php-fpm", "-F"]

.docker/fpm.edge.Dockerfile

@@ -0,0 +1,35 @@
+# Unpinned version intentional - this image is for testing latest PHP
+FROM alpine:edge
+LABEL maintainer="Pere Orga pere@orga.cat"
+LABEL description="Alpine edge-based image with PHP-FPM, for testing latest PHP."
+
+ARG PHP_VERSION=85
+
+WORKDIR /srv/app
+
+RUN echo "http://dl-cdn.alpinelinux.org/alpine/edge/testing" >> /etc/apk/repositories && \
+    apk --no-cache --update add \
+    php${PHP_VERSION}-fpm \
+    php${PHP_VERSION}-apcu \
+    php${PHP_VERSION}-gd \
+    php${PHP_VERSION}-mbstring \
+    php${PHP_VERSION}-pdo_mysql \
+    php${PHP_VERSION}-session && \
+    ln -s /usr/sbin/php-fpm${PHP_VERSION} /usr/sbin/php-fpm
+
+COPY .docker/php/performance.ini /etc/php${PHP_VERSION}/conf.d/performance.ini
+COPY .docker/php/security.ini /etc/php${PHP_VERSION}/conf.d/security.ini
+COPY .docker/php/fpm.conf /etc/php${PHP_VERSION}/php-fpm.d/zzz-docker.conf
+
+COPY src ./src
+COPY docroot/index.php ./docroot/
+COPY docroot/404.html ./docroot/
+COPY docroot/500.html ./docroot/
+COPY docroot/admin/index.php ./docroot/admin/
+COPY docroot/css ./docroot/css
+COPY docroot/js ./docroot/js
+COPY data ./data
+
+EXPOSE 9000
+
+CMD ["php-fpm", "-F"]

.docker/frankenphp.Dockerfile

@@ -0,0 +1,17 @@
+# Unpinned version intentional - this image is for testing/reference
+FROM dunglas/frankenphp:alpine
+LABEL maintainer="Pere Orga pere@orga.cat"
+LABEL description="FrankenPHP (Caddy + PHP)."
+
+WORKDIR /srv/app
+
+# Note: mbstring and session are bundled by FrankenPHP by default
+RUN install-php-extensions apcu gd pdo_mysql
+
+COPY .docker/php/performance.ini /usr/local/etc/php/php.ini
+COPY .docker/php/security.ini /usr/local/etc/php/conf.d/security.ini
+COPY .docker/frankenphp/Caddyfile /etc/frankenphp/Caddyfile
+
+# Project files are mounted via volume in docker-compose.frankenphp.yml
+
+EXPOSE 80

.docker/frankenphp/Caddyfile

@@ -0,0 +1,27 @@
+{
+    auto_https off
+    admin off
+    frankenphp
+}
+
+:80 {
+    root * /srv/app/docroot
+    encode zstd gzip
+
+    header {
+        Cross-Origin-Opener-Policy "same-origin"
+        Strict-Transport-Security "max-age=31536000"
+        X-Content-Type-Options "nosniff"
+        -ETag
+    }
+
+    @static path *.avif *.css *.gif *.ico *.jpg *.js *.mp3 *.png *.svg *.webp
+    header @static Cache-Control "public, max-age=31536000, immutable"
+
+    handle_errors 400 401 403 404 500 {
+        rewrite * /{err.status_code}.html
+        file_server
+    }
+
+    php_server
+}

.docker/mysql/custom.cnf

@@ -0,0 +1,12 @@
+[mysqld]
+binlog_expire_logs_seconds = 0
+character_set_server = utf8mb4
+collation_server = utf8mb4_uca1400_ai_ci
+innodb_buffer_pool_size = 2G
+innodb_doublewrite = 0
+innodb_flush_log_at_trx_commit = 0
+innodb_ft_cache_size = 1G
+innodb_ft_enable_stopword = 0
+innodb_ft_min_token_size = 1
+performance_schema = 0
+skip_log_bin

.docker/nginx.Dockerfile

@@ -0,0 +1,18 @@
+FROM alpine:3.23
+LABEL maintainer="Pere Orga pere@orga.cat"
+LABEL description="Nginx container for serving static files and proxying to PHP-FPM."
+
+# Using Alpine's nginx package allows easy installation of nginx-mod-http-brotli,
+# which would require compiling from source with the official nginx:alpine image.
+RUN apk add --no-cache --update nginx nginx-mod-http-brotli
+
+COPY .docker/nginx/nginx.conf /etc/nginx/nginx.conf
+COPY .docker/nginx/default.conf /etc/nginx/http.d/default.conf
+COPY .docker/nginx/security-headers.conf /etc/nginx/security-headers.conf
+
+# Copy static files
+COPY docroot /srv/app/docroot
+
+EXPOSE 80
+
+CMD ["nginx", "-g", "daemon off;"]

.docker/nginx/default.conf

@@ -0,0 +1,74 @@
+server {
+    listen 80;
+    server_name pccd.dites.cat localhost;
+    root /srv/app/docroot;
+    index index.php;
+
+    charset utf-8;
+
+    # Use relative redirects to preserve the original host/port
+    absolute_redirect off;
+
+    error_page 400 /400.html;
+    error_page 401 /401.html;
+    error_page 403 /403.html;
+    error_page 404 /404.html;
+    error_page 500 /500.html;
+
+    etag off;
+
+    include /etc/nginx/security-headers.conf;
+
+    gzip on;
+    gzip_vary on;
+    gzip_types
+        application/javascript
+        application/json
+        application/xml
+        image/svg+xml
+        text/css
+        text/javascript
+        text/plain
+        text/xml;
+
+    brotli on;
+    brotli_types
+        application/javascript
+        application/json
+        application/xml
+        image/svg+xml
+        text/css
+        text/javascript
+        text/plain
+        text/xml;
+
+    # OG images (dynamic, handled by PHP)
+    location ~ ^/og/.*\.png$ {
+        fastcgi_pass php:9000;
+        include fastcgi_params;
+        fastcgi_param SCRIPT_FILENAME $document_root/index.php;
+    }
+
+    # Static file caching
+    location ~* \.(?:avif|css|gif|ico|jpg|js|mp3|png|svg|webp)$ {
+        add_header Cache-Control "public, max-age=31536000, immutable";
+        include /etc/nginx/security-headers.conf;
+        access_log off;
+    }
+
+    # PHP-FPM handling
+    location ~ \.php$ {
+        try_files $uri =404;
+        fastcgi_split_path_info ^(.+\.php)(/.+)$;
+        fastcgi_pass php:9000;
+        fastcgi_index index.php;
+        include fastcgi_params;
+        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
+        fastcgi_param PATH_INFO $fastcgi_path_info;
+    }
+
+    # Route all non-file requests to index.php
+    location / {
+        try_files $uri $uri/ /index.php$is_args$args;
+    }
+}