Merge pull request #46 from itk-dev/feature/new-stuff-v2

Updated docker setup and stuff

Author: cableman

.docker/data/.gitignore

@@ -0,0 +1,5 @@
+# Ignore everything in this directory
+*
+# Except this file
+!.gitignore
+!Readme.md

.docker/data/README.md

@@ -3,10 +3,13 @@
 Please map persistent volumes to this directory on the servers.
 
 If a container needs to persist data between restarts you can map the relevant files in the container to ``docker/data/<container-name>`.
+
 ## RabbitMQ example
 If you are using RabbitMQ running in a container as a message broker you need to configure a persistent volume for RabbitMQs data directory to avoid losing message on container restarts.
+
 ```yaml
 # docker-compose.server.override.yml
+
 services:
   rabbit:
     image: rabbitmq:3.9-management-alpine

.docker/nginx.conf

@@ -1,6 +1,6 @@
 worker_processes  auto;
 
-error_log  /var/log/nginx/error.log notice;
+error_log  /dev/stderr notice;
 pid        /tmp/nginx.pid;
 
 events {
@@ -26,11 +26,9 @@ http {
                       '$status $body_bytes_sent "$http_referer" '
                       '"$http_user_agent" "$http_x_forwarded_for"';
 
-    access_log  /var/log/nginx/access.log main;
+    access_log  /dev/stdout main;
 
     sendfile        on;
-    #tcp_nopush     on;
-
     keepalive_timeout  65;
 
     gzip  on;

.docker/vhost.conf .docker/templates/default.conf.template.docker/vhost.conf renamed to .docker/templates/default.conf.template

@@ -1,19 +1,28 @@
 server {
-    listen 8080;
+    listen ${NGINX_PORT};
     server_name localhost;
-    root /app/public;
+
+    root ${NGINX_WEB_ROOT};
+
+    client_max_body_size ${NGINX_MAX_BODY_SIZE};
 
     location / {
         # try to serve file directly, fallback to index.php
         try_files $uri /index.php$is_args$args;
     }
 
+    # Protect files and directories from prying eyes.
+    location ~* \.(engine|inc|install|make|module|profile|po|sh|.*sql|.tar|.gz|.bz2|theme|twig|tpl(\.php)?|xtmpl|yml)(~|\.sw[op]|\.bak|\.orig|\.save)?$|^(\.(?!well-known).*|Entries.*|Repository|Root|Tag|Template|composer\.(json|lock)|web\.config)$|^#.*#$|\.php(~|\.sw[op]|\.bak|\.orig|\.save)$ {
+        deny all;
+        return 404;
+    }
+
     location ~ ^/index\.php(/|$) {
         fastcgi_buffers 16 32k;
         fastcgi_buffer_size 64k;
         fastcgi_busy_buffers_size 64k;
 
-        fastcgi_pass phpfpm:9000;
+        fastcgi_pass ${NGINX_FPM_SERVICE};
         fastcgi_split_path_info ^(.+\.php)(/.*)$;
         include fastcgi_params;
 

CHANGELOG.md

@@ -7,6 +7,9 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## [Unreleased]
 
+- Updated composer setup
+- Added new GPU hosts and Hetzner
+
 ## [1.6.0] - 2024-01-16
 
 - [#43](https://github.com/itk-dev/devops_itksites/pull/43)

docker-compose.dev.yml

@@ -1,29 +1,27 @@
-# itk-version: 3.1.0
-version: "3"
-
+# itk-version: 3.2.1
 services:
   phpfpm:
     environment:
-      - PHP_SENDMAIL_PATH=/usr/local/bin/mhsendmail --smtp-addr="mailhog:1025"
+      - PHP_SENDMAIL_PATH=/usr/sbin/sendmail -S mail:1025
 
   nginx:
     labels:
       - "traefik.http.routers.${COMPOSE_PROJECT_NAME}.middlewares=ITKBasicAuth@file"
 
-  mailhog:
-    image: itkdev/mailhog
+  mail:
+    image: axllent/mailpit
     restart: unless-stopped
     networks:
       - app
       - frontend
     labels:
       - "traefik.enable=true"
       - "traefik.docker.network=frontend"
-      - "traefik.http.routers.mailhog_${COMPOSE_PROJECT_NAME}-http.rule=Host(`mailhog.${COMPOSE_SERVER_DOMAIN}`)"
-      - "traefik.http.routers.mailhog_${COMPOSE_PROJECT_NAME}-http.entrypoints=web"
-      - "traefik.http.routers.mailhog_${COMPOSE_PROJECT_NAME}-http.middlewares=redirect-to-https"
+      - "traefik.http.routers.mail_${COMPOSE_PROJECT_NAME}-http.rule=Host(`mail.${COMPOSE_SERVER_DOMAIN}`)"
+      - "traefik.http.routers.mail_${COMPOSE_PROJECT_NAME}-http.entrypoints=web"
+      - "traefik.http.routers.mail_${COMPOSE_PROJECT_NAME}-http.middlewares=redirect-to-https"
       - "traefik.http.middlewares.redirect-to-https.redirectscheme.scheme=https"
-      - "traefik.http.routers.mailhog_${COMPOSE_PROJECT_NAME}.rule=Host(`mailhog.${COMPOSE_SERVER_DOMAIN}`)"
-      - "traefik.http.routers.mailhog_${COMPOSE_PROJECT_NAME}.entrypoints=websecure"
-      - "traefik.http.services.mailhog_${COMPOSE_PROJECT_NAME}.loadbalancer.server.port=8025"
-      - "traefik.http.routers.mailhog_${COMPOSE_PROJECT_NAME}.middlewares=ITKMailhogAuth@file"
+      - "traefik.http.routers.mail_${COMPOSE_PROJECT_NAME}.rule=Host(`mail.${COMPOSE_SERVER_DOMAIN}`)"
+      - "traefik.http.routers.mail_${COMPOSE_PROJECT_NAME}.entrypoints=websecure"
+      - "traefik.http.services.mail_${COMPOSE_PROJECT_NAME}.loadbalancer.server.port=8025"
+      - "traefik.http.routers.mail_${COMPOSE_PROJECT_NAME}.middlewares=ITKMailhogAuth@file"

docker-compose.override.yml

@@ -0,0 +1,18 @@
+services:
+  rabbit:
+    image: rabbitmq:3.13-management
+    networks:
+       - app
+       - frontend
+    ports:
+      - "15672"
+    environment:
+      - RABBITMQ_DEFAULT_USER=user
+      - RABBITMQ_DEFAULT_PASS=password
+      - RABBITMQ_ERLANG_COOKIE='d53f219cd9376f8f440aaf9889f315ab'
+
+  node:
+    image: node:20
+    volumes:
+      - .:/app:delegated
+    working_dir: /app

docker-compose.redirect.yml

@@ -1,6 +1,4 @@
-# itk-version: 3.1.0
-version: "3"
-
+# itk-version: 3.2.1
 services:
   nginx:
     labels:

docker-compose.server.yml

@@ -1,6 +1,4 @@
-# itk-version: 3.1.0
-version: "3"
-
+# itk-version: 3.2.1
 networks:
   frontend:
     external: true
@@ -10,7 +8,7 @@ networks:
 
 services:
   phpfpm:
-    image: itkdev/php8.1-fpm:alpine
+    image: itkdev/php8.2-fpm:alpine
     restart: unless-stopped
     networks:
       - app
@@ -31,12 +29,15 @@ services:
       - frontend
     depends_on:
       - phpfpm
-    ports:
-      - '8080'
     volumes:
-      - ./.docker/vhost.conf:/etc/nginx/conf.d/default.conf:ro
+      - ./.docker/templates:/etc/nginx/templates:ro
       - ./.docker/nginx.conf:/etc/nginx/nginx.conf:ro
-      - ./:/app:rw
+      - .:/app
+    environment:
+      NGINX_FPM_SERVICE: ${COMPOSE_PROJECT_NAME}-phpfpm-1:9000
+      NGINX_WEB_ROOT: /app/public
+      NGINX_PORT: 8080
+      NGINX_MAX_BODY_SIZE: 5M
     labels:
       - "traefik.enable=true"
       - "traefik.docker.network=frontend"

docker-compose.yml

@@ -1,6 +1,4 @@
-# itk-version: 3.1.0
-version: "3"
-
+# itk-version: 3.2.1
 networks:
   frontend:
     external: true
@@ -21,11 +19,9 @@ services:
       - MYSQL_PASSWORD=db
       - MYSQL_DATABASE=db
       #- ENCRYPT=1 # Uncomment to enable database encryption.
-    labels:
-      com.symfony.server.service-prefix: 'DATABASE'
 
   phpfpm:
-    image: itkdev/php8.1-fpm:latest
+    image: itkdev/php8.2-fpm:latest
     networks:
       - app
     extra_hosts:
@@ -34,8 +30,8 @@ services:
       - PHP_XDEBUG_MODE=${PHP_XDEBUG_MODE:-off}
       - PHP_MAX_EXECUTION_TIME=30
       - PHP_MEMORY_LIMIT=256M
-      # Uncomment below to enable mailhog.
-      # - PHP_SENDMAIL_PATH=/usr/local/bin/mhsendmail --smtp-addr="mailhog:1025"
+      # Depending on the setup, you may have to remove --read-envelope-from from msmtp (cf. https://marlam.de/msmtp/msmtp.html) or use SMTP to send mail
+      - PHP_SENDMAIL_PATH=/usr/bin/msmtp --host=mail --port=1025 --read-recipients --read-envelope-from
       - DOCKER_HOST_DOMAIN=${COMPOSE_DOMAIN}
       - COMPOSER_VERSION=2
       - PHP_IDE_CONFIG=serverName=localhost
@@ -54,30 +50,31 @@ services:
     ports:
       - '8080'
     volumes:
-      - ./.docker/vhost.conf:/etc/nginx/conf.d/default.conf:ro
+      - ./.docker/templates:/etc/nginx/templates:ro
       - .:/app
+    environment:
+      NGINX_FPM_SERVICE: ${COMPOSE_PROJECT_NAME}-phpfpm-1:9000
+      NGINX_WEB_ROOT: /app/public
+      NGINX_PORT: 8080
+      NGINX_MAX_BODY_SIZE: 5M
     labels:
       - "traefik.enable=true"
       - "traefik.docker.network=frontend"
       - "traefik.http.routers.${COMPOSE_PROJECT_NAME}.rule=Host(`${COMPOSE_DOMAIN}`)"
-  #      HTTPS config - uncomment to enable redirect from :80 to :443
-  #      - "traefik.http.routers.${COMPOSE_PROJECT_NAME}.middlewares=redirect-to-https"
-  #      - "traefik.http.middlewares.redirect-to-https.redirectscheme.scheme=https"
+#      HTTPS config - uncomment to enable redirect from :80 to :443
+#      - "traefik.http.routers.${COMPOSE_PROJECT_NAME}.middlewares=redirect-to-https"
+#      - "traefik.http.middlewares.redirect-to-https.redirectscheme.scheme=https"
 
-  rabbit:
-    image: rabbitmq:3.11-management
+  mail:
+    image: axllent/mailpit
     networks:
       - app
       - frontend
     ports:
-      - "15672"
-    environment:
-      - RABBITMQ_DEFAULT_USER=user
-      - RABBITMQ_DEFAULT_PASS=password
-      - RABBITMQ_ERLANG_COOKIE='d53f219cd9376f8f440aaf9889f315ab'
-
-  node:
-    image: node:18
-    volumes:
-      - .:/app:delegated
-    working_dir: /app
+      - "1025"
+      - "8025"
+    labels:
+      - "traefik.enable=true"
+      - "traefik.docker.network=frontend"
+      - "traefik.http.routers.${COMPOSE_PROJECT_NAME}mail.rule=Host(`mail-${COMPOSE_DOMAIN}`)"
+      - "traefik.http.services.${COMPOSE_PROJECT_NAME}mail.loadbalancer.server.port=8025"