example dhi

example config with DHI for WSC

Author: Tob1as

.gitignore

@@ -1 +1,6 @@
 temp/
+examples/**/.env
+examples/**/data
+examples/**/data-*
+examples/**/data_*
+examples/**/html/**

examples/README.md

@@ -0,0 +1 @@
+# PHP - Examples

examples/fpm-nginx-dhi/.env.example

@@ -0,0 +1,7 @@
+# General
+DOMAIN=example.com
+# Database (MySQL/MariaDB)
+MYSQL_ROOT_PASSWORD=my-secret-pw
+MYSQL_DATABASE=woltlab_suite
+MYSQL_USER=woltlab_suite
+MYSQL_PASSWORD=my-secret-pw

examples/fpm-nginx-dhi/config/nginx_default.conf

@@ -0,0 +1,63 @@
+# enable ONLY behind PROXY (Traefik, other NGINX, Caddy, lighttpd, K8s Ingress, ...) (ngx_http_realip_module)
+set_real_ip_from 172.16.0.0/12;
+set_real_ip_from fd00::/8;
+real_ip_header X-Forwarded-For;
+
+# Server (http)
+server {
+    listen 8080;
+    listen [::]:8080;
+    server_name _;
+
+    # disable any limits to avoid HTTP 413 for large image uploads
+    client_max_body_size 0;
+    
+    # nginx status
+    location /nginx_status {
+        stub_status on;
+        access_log off;
+        allow 127.0.0.1;
+        allow 10.0.0.0/8;
+        allow 172.16.0.0/12;
+        allow 192.168.0.0/16;
+        allow ::1;
+        allow fd00::/8;
+        deny all;
+    }
+
+    # Error Page
+    location  @error_page {
+        add_header Content-Type text/plain;
+        return 200 'Website is in maintenance mode!)';
+    }
+
+    root /var/www/html;
+    index index.php index.html test.php;
+
+    location / {
+        #root /var/www/html;
+        #index index.php index.html;
+
+        try_files $uri $uri/ /index.php?$query_string;
+    }
+
+    location ~ \.php$ {
+        #root /var/www/html;
+
+        try_files $uri =404;
+
+        fastcgi_pass wsc-dhi-php:9000;
+        fastcgi_index index.php;
+        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
+        include fastcgi_params;
+
+        # Error Page (redirect)
+        error_page 502 503 504 = @error_page;
+    }
+
+    location ~ /\.ht {
+        deny all;
+    }
+    #location = /favicon.ico { log_not_found off; access_log off; }
+    #location = /robots.txt { log_not_found off; access_log off; }
+}

examples/fpm-nginx-dhi/docker-compose.yml

@@ -0,0 +1,94 @@
+services:
+
+  # https://github.com/Tob1as/docker-php
+  # based on: https://dhi.io/catalog/php
+  # command: mkdir ./html && chown 65532:65532 ./html
+  wsc-php:
+    image: docker.io/tobi312/php:8.4-dhi-fpm-debian-wsc
+    #image: docker.io/tobi312/php:8.4-dhi-fpm-alpine-wsc
+    container_name: wsc-php
+    restart: unless-stopped
+    volumes:
+      - ./html:/var/www/html:rw
+    #depends_on:
+    #  wsc-db:
+    #    condition: service_started
+    networks:
+      - wsc-net
+
+  # https://dhi.io/catalog/nginx
+  wsc-nginx:
+    image: dhi.io/nginx:1.29-debian13
+    container_name: wsc-nginx
+    restart: unless-stopped
+    #ports:
+    #  - "80:8080"
+    volumes:
+      - ./html:/var/www/html:rw
+      - ./config/nginx_default.conf:/etc/nginx/conf.d/default.conf:ro
+    depends_on:
+      wsc-php:
+        condition: service_started
+    networks:
+      - wsc-net
+      - traefik
+    labels:
+      # Explicitly tell Traefik to expose this container
+      - "traefik.enable=true"
+      - "traefik.docker.network=traefik"
+      # Tell Traefik to use the http port 8080 to connect to container
+      - "traefik.http.services.wsc.loadbalancer.server.port=8080"
+      - "traefik.http.services.wsc.loadbalancer.server.scheme=http"  # when "https" then set "--serversTransport.insecureSkipVerify=true" for traefik
+      # http
+      - "traefik.http.routers.wsc-http.rule=Host(`${DOMAIN}`)"
+      - "traefik.http.routers.wsc-http.entrypoints=web"
+      - "traefik.http.routers.wsc-http.service=wsc"
+      # https
+      - "traefik.http.routers.wsc-https.tls=true"
+      - "traefik.http.routers.wsc-https.rule=Host(`${DOMAIN}`)"
+      - "traefik.http.routers.wsc-https.entrypoints=websecure"
+      - "traefik.http.routers.wsc-https.service=wsc"
+      # load middlewares for routes
+      - "traefik.http.routers.wsc-http.middlewares=wsc-https"
+      #- "traefik.http.routers.wsc-https.middlewares="
+      # http to https redirect      
+      - "traefik.http.middlewares.wsc-https.redirectscheme.scheme=https"
+      - "traefik.http.middlewares.wsc-https.redirectscheme.permanent=true"
+      #- "traefik.http.middlewares.wsc-https.redirectscheme.port=443"
+
+  # https://dhi.io/catalog/mysql
+  # command: mkdir ./data-db && chown 65532:65532 ./data-db
+  wsc-db:
+    image: dhi.io/mysql:8.4-debian13
+    container_name: wsc-db
+    restart: unless-stopped
+    volumes:
+      - ./data-db:/var/lib/mysql:rw
+    environment:
+      MYSQL_ROOT_PASSWORD: "${MYSQL_ROOT_PASSWORD}"
+      # only support in DHI (instead of own *.cnf file)
+      MYSQL_OPTIONS: "--innodb-buffer-pool-size=512M"
+      # not supported in DHI, but for commands to create database and user
+      MYSQL_DATABASE: "${MYSQL_DATABASE}"
+      MYSQL_USER: "${MYSQL_USER}"
+      MYSQL_PASSWORD: "${MYSQL_PASSWORD}"
+    #ports:
+    #  - 127.0.0.1:3060:3306/tcp
+    #  - 127.0.0.1:33060:33060/tcp
+    networks:
+      wsc-net:
+        aliases:
+        - wsc-database
+        - wsc-mysql
+        - wsc-mariadb
+    # TODO: only do this commands after first start when using dhi mysql image (create database and user with password form environment vars):
+    # docker exec -it wsc-mysql bash -c 'mysql -uroot -e "CREATE DATABASE ${MYSQL_DATABASE};"'
+    # docker exec -it wsc-mysql bash -c 'mysql -uroot -e "CREATE USER \"${MYSQL_USER}\"@\"%\" IDENTIFIED BY \"${MYSQL_PASSWORD}\"; GRANT ALL PRIVILEGES ON ${MYSQL_DATABASE}.* TO \"${MYSQL_USER}\"@\"%\";"'
+
+
+networks:
+  wsc-net:
+    name: wsc-net
+  traefik:
+    name: traefik
+    external: true