Add prod and dev modes

Author: akiszka-yf

.env

@@ -2,3 +2,5 @@ MARIADB_ROOT_PASSWORD=example
 MARIADB_DATABASE=yetiforce
 MARIADB_USER=yeti
 MARIADB_PASSWORD=yeti
+HOSTNAME=yeti
+TLS_EMAIL=internal

README.md

@@ -1,2 +1,49 @@
-# docker
+# YetiForceCRM Docker
+
 Official YetiForce Docker image
+
+## Instructions
+
+### Production
+
+To start YetiForce in a production configuration:
+1. In the `.env` file set the `HOSTNAME` to the where you will be running YetiForce and set `TLS_EMAIL` to your email address. Those settings will make sure that your website has a proper TLS certificate.
+2. Download the YetiForce code: `git submodule update --init`.
+3. Run `docker compose up -d`.
+4. Go to `https://HOSTNAME` and go through the installation process. For your database settings, enter:
+   - Address: db
+   - Port: 3306
+   - Username: yeti
+   - Password: yeti
+   - Database name: yetiforce
+
+### Development
+
+This image can also work in development mode. This mode is designed for actively making changes in YF itself. As such, it includes the following changes:
+- YetiForce is run from the `./YetiForceCRM` directory
+- MariaDB is available on `localhost:3306`
+- PHP has a development configuration
+
+This means that you will be able to make changes in `./YetiForceCRM`, see them reflected in your browser, and commit them normally.
+
+To run in this mode:
+1. Add a line with `127.0.0.1 yeti` to `/etc/hosts` on Unix or `C:\Windows\System32\drivers\etc\hosts` on Windows.
+2. Download the YetiForce code: `git submodule update --init`.
+3. Install YetiForce dependencies:
+   ```shell
+   cd ./YetiForceCRM
+   install -m755 -d YetiForceCRM/config/Modules
+   yarn install --modules-folder "./public_html/libraries" --ignore-optional --production=true
+   cd public_html/src
+   yarn install --ignore-optional --production=true
+   cd ../..
+   composer --no-interaction install --no-dev
+   cd ..
+   ```
+4. Start the server with `docker compose -f docker-compose.yaml -f docker-compose.dev.yaml up -d`
+4. Go to `https://HOSTNAME` and go through the installation process. For your database settings, enter:
+   - Address: db
+   - Port: 3306
+   - Username: yeti
+   - Password: yeti
+   - Database name: yetiforce

caddy/Caddyfile

@@ -0,0 +1,12 @@
+{
+  auto_https disable_redirects
+}
+
+{$HOSTNAME}:443 {
+	tls {$TLS_EMAIL}
+	reverse_proxy nginx:80
+}
+
+{$HOSTNAME}:80 {
+	reverse_proxy nginx:80
+}

docker-compose.dev.yaml

@@ -0,0 +1,16 @@
+name: yetiforce-dev
+version: '3'
+services:
+  db:
+    ports:
+      - 3306:3306
+  php:
+    build:
+      target: php-dev
+    volumes:
+      - type: bind
+        source: ./YetiForceCRM
+        target: /var/www/html
+
+volumes:
+  crm_data: null

docker-compose.yaml

@@ -1,29 +1,53 @@
+name: yetiforce
 version: '3'
 services:
+  caddy:
+    hostname: ${HOSTNAME}
+    image: caddy:2.6
+    depends_on:
+      - nginx
+    env_file:
+      - .env
+    restart: on-failure
+    ports:
+      - "80:80"
+      - "443:443"
+      - "443:443/udp"
+    volumes:
+      - ./caddy/Caddyfile:/etc/caddy/Caddyfile
+      - caddy_data:/data
+      - caddy_config:/config
   db:
     build:
       context: .
       dockerfile: ./mariadb/Dockerfile
     env_file:
       - .env
+    restart: on-failure
     volumes:
       - type: volume
         source: db_data
         target: /var/lib/mysql
-    ports:
-      - 3306:3306
-  nginx:
-    hostname: yeti
+  php:
     build:
       context: .
       dockerfile: ./php/Dockerfile
-      target: nginx 
+      target: php-prod
+    restart: on-failure
     volumes:
       - type: volume
         source: crm_data
         target: /var/www/html
-    ports:
-      - 80:80
+  nginx:
+    build:
+      context: .
+      dockerfile: ./nginx/Dockerfile
+      target: nginx
+    depends_on:
+      - php
+    restart: on-failure
+    volumes_from:
+      - php:rw
   cron:
     build:
       context: ./cron
@@ -32,14 +56,12 @@ services:
         condition: on-failure
         delay: 60s
     volumes_from:
-      - nginx:ro
-  php:
-    build:
-      context: .
-      dockerfile: ./php/Dockerfile
-      target: php-prod
-    volumes_from:
-      - nginx:rw
+      - php:ro
+    depends_on:
+      - nginx
+  
 volumes:
   crm_data:
-  db_data:
+  db_data:
+  caddy_data:
+  caddy_config:

nginx/Dockerfile

@@ -0,0 +1,12 @@
+FROM nginx:stable AS nginx
+
+SHELL ["/bin/bash", "-o", "pipefail", "-c"]
+
+RUN apt-get update && \
+  apt-get install --no-install-recommends -y \
+  nginx-extras \
+  && apt-get clean \
+  && rm -rf /etc/nginx/conf.d/* /etc/nginx/sites-enabled/* /var/lib/apt/lists/*
+
+COPY ./YetiForceCRM/tests/setup/nginx/yetiforce.conf /etc/nginx/yetiforce.conf
+COPY ./nginx/docker.conf /etc/nginx/conf.d/default.conf

php/Dockerfile

@@ -12,30 +12,30 @@ RUN apt-get update && apt-get install --no-install-recommends -y \
   libpng-dev \
   libxml2-dev \
   libzip-dev  \
+  unixodbc-dev \
   zlib1g-dev \
   && docker-php-ext-configure imap --with-kerberos --with-imap-ssl \
   && docker-php-ext-install -j8 imap pdo_mysql curl gd xml zip soap iconv intl bcmath sockets exif ldap opcache \
-  && apt-get clean
+  && apt-get clean \
+  && printf "\n" | pecl install imagick \
+  && docker-php-ext-enable imagick \
+  && printf "\n" | pecl install apcu \
+  && docker-php-ext-enable apcu \
+  && pecl install pdo_sqlsrv \
+  && docker-php-ext-enable pdo_sqlsrv \
+  && pecl cache-clear \
+  && rm -rf /tmp/pear
 
-WORKDIR /opt
+FROM node:18-alpine AS build-yarn
 
-# docker-php-ext-* does not work with the imagick extension; it must be compiled manually
-RUN curl -sL https://github.com/Imagick/imagick/archive/refs/tags/3.7.0.tar.gz -o imagick.tar.gz \
-  && tar -xzf imagick.tar.gz \
-  && cd imagick-3.7.0 \
-  && phpize \
-  && ./configure \
-  && make \
-  && make install \
-  && docker-php-ext-enable imagick \
-  && cd .. \
-  && rm -rf imagick.tar.gz imagick-3.7.0
+RUN apk add --no-cache git
 
-FROM php-base AS php-prod
+COPY ./YetiForceCRM /opt/YetiForceCRM
+WORKDIR /opt/YetiForceCRM
+RUN --mount=type=cache,target=/root/.yarn YARN_CACHE_FOLDER=/root/.yarn rm .git && yarn install --modules-folder "./public_html/libraries" --ignore-optional --production=true
+WORKDIR /opt/YetiForceCRM/public_html/src
+RUN --mount=type=cache,target=/root/.yarn YARN_CACHE_FOLDER=/root/.yarn yarn install --ignore-optional --production=true
 
-RUN cp "$PHP_INI_DIR/php.ini-production" "$PHP_INI_DIR/php.ini"
-COPY ./YetiForceCRM/tests/setup/php/prod.ini /usr/local/etc/php/conf.d
-COPY ./php/docker-config.ini /usr/local/etc/php/conf.d
 
 FROM php-base AS build-composer
 
@@ -45,38 +45,24 @@ RUN php -r "copy('https://raw.githubusercontent.com/composer/getcomposer.org/705
   && php -r "unlink('composer-setup.php');" \
   && mv composer.phar /usr/local/bin/composer
 
-COPY ./YetiForceCRM /opt/YetiForceCRM
+COPY --from=build-yarn /opt/YetiForceCRM /opt/YetiForceCRM
 WORKDIR /opt/YetiForceCRM
 RUN --mount=type=cache,target=/root/.composer/cache composer --no-interaction install --no-dev
 
-FROM node:18-alpine AS build-yarn
-
-RUN apk add --no-cache git
-
-COPY --from=build-composer /opt/YetiForceCRM /opt/YetiForceCRM
-WORKDIR /opt/YetiForceCRM
-RUN --mount=type=cache,target=/root/.yarn YARN_CACHE_FOLDER=/root/.yarn rm .git && yarn install --modules-folder "./public_html/libraries" --ignore-optional --production=true
-WORKDIR /opt/YetiForceCRM/public_html/src
-RUN --mount=type=cache,target=/root/.yarn YARN_CACHE_FOLDER=/root/.yarn yarn install --ignore-optional --production=true
-
-FROM scratch AS app-data
-
-COPY --from=build-yarn /opt/YetiForceCRM /var/www/html
-
-FROM nginx:stable AS nginx
+FROM php-base AS php-prod
 
-SHELL ["/bin/bash", "-o", "pipefail", "-c"]
+RUN cp "$PHP_INI_DIR/php.ini-production" "$PHP_INI_DIR/php.ini"
+COPY ./YetiForceCRM/tests/setup/php/prod.ini /usr/local/etc/php/conf.d
+COPY ./php/docker-config.ini /usr/local/etc/php/conf.d
+COPY ./php/fpm.conf /usr/local/etc/php-fpm.d/zzz-docker.conf
 
-RUN apt-get update && \
-  apt-get install --no-install-recommends -y \
-  nginx-extras \
-  && apt-get clean \
-  && rm -rf /etc/nginx/conf.d/* /etc/nginx/sites-enabled/* /var/lib/apt/lists/*
+WORKDIR /var/www/html
+COPY --from=build-composer --chown=www-data:www-data --chmod=644 /opt/YetiForceCRM/ /var/www/html
+RUN install -owww-data -gwww-data -m755 -d config/Modules && find . -type d -exec chown www-data:www-data -- {} \+ && find . -type d -exec chmod 755 -- {} \+
 
-COPY ./YetiForceCRM/tests/setup/nginx/yetiforce.conf /etc/nginx/yetiforce.conf
-COPY ./nginx/docker.conf /etc/nginx/conf.d/default.conf
+FROM php-base AS php-dev
 
-WORKDIR /var/www/html
-# fixme - 666 and 777 are not secure
-COPY --from=build-yarn --chown=www-data:www-data --chmod=666 /opt/YetiForceCRM/ /var/www/html
-RUN install -owww-data -gwww-data -m777 -d config/Modules && find . -type d -exec chown www-data:www-data -- {} \+ && find . -type d -exec chmod 755 -- {} \+
+RUN cp "$PHP_INI_DIR/php.ini-production" "$PHP_INI_DIR/php.ini"
+COPY ./YetiForceCRM/tests/setup/php/dev.ini /usr/local/etc/php/conf.d
+COPY ./php/docker-config.ini /usr/local/etc/php/conf.d
+COPY ./php/fpm.conf /usr/local/etc/php-fpm.d/zzz-docker.conf

php/docker-config.ini

@@ -1,2 +1 @@
-open_basedir="/var/www/html"
 session.cookie_samesite="Strict"

php/fpm.conf

@@ -0,0 +1,10 @@
+[www]
+
+env[PROVIDER] = docker
+php_admin_value[error_log] = /var/log/php/fpm_yfprod_error.log
+php_admin_value[open_basedir] = /var/www/html/:/tmp/:/var/tmp/:/etc/nginx/ssl/:/etc/ssl/:/usr/bin/gpg:/usr/bin/gpg-agent:/usr/bin/gpgconf
+clear_env = no
+request_terminate_timeout = 600
+pm.process_idle_timeout = 600s;
+pm.max_requests = 5000
+catch_workers_output = yes