Try big docker refactoring

inkustr · inkustr · commit 81824137349d · 2025-05-27T16:54:47.000+02:00
diff --git a/service/Dockerfile b/service/Dockerfile
@@ -1,40 +1,56 @@
 FROM php:8.2-fpm
 
-RUN apt-get update && apt-get install -y \
-    libpq-dev \
-    git \
-    unzip \
-    nginx \
-    bash \
-    docker.io \
-    python3 \
-  && rm -rf /var/lib/apt/lists/*
-
-RUN docker-php-ext-install pdo pdo_pgsql
-
+# 1) Install system packages & PHP extensions
+RUN apt-get update \
+ && apt-get install -y \
+      libpq-dev \
+      git \
+      unzip \
+      nginx \
+      bash \
+      docker.io \
+      python3 \
+ && docker-php-ext-install pdo pdo_pgsql \
+ && rm -rf /var/lib/apt/lists/*
+
+# 2) Add www-data to the docker group (for socket use)
 RUN usermod -aG docker www-data
 
 ENV DOCKER_HOST=unix:///var/run/docker.sock
 
 WORKDIR /var/www/html
 
-COPY . /var/www/html
-
-COPY --from=composer:latest /usr/bin/composer /usr/bin/composer
+# 3) Cache Composer install early
+COPY composer.json composer.lock ./
+RUN curl -sS https://getcomposer.org/installer | php -- --install-dir=/usr/local/bin --filename=composer \
+ && composer install --no-dev --optimize-autoloader --no-interaction \
+ && rm -rf ~/.composer/cache
 
-RUN composer install --no-dev --optimize-autoloader --no-interaction
+# 4) Copy the rest of your application
+COPY . .
 
-COPY docker/nginx.conf /etc/nginx/sites-available/default
+# 5) Ensure runtime dirs exist & are owned by www-data
+RUN mkdir -p var/log var/cache public/submissions \
+ && chown -R www-data:www-data var \
+ && chmod -R 777 var/log var/cache public/submissions
 
-RUN mkdir -p var/log var/cache public/submissions && \
-    chown -R www-data:www-data /var/www/html && \
-    chmod -R 755 /var/www/html && \
-    chmod -R 777 var/log var/cache public/submissions
+# 6) Pre-warm Symfony prod cache (as root) and re-chown
+RUN php bin/console cache:clear --env=prod --no-warmup \
+ && php bin/console cache:warmup --env=prod \
+ && chown -R www-data:www-data var/cache
 
+# 7) Replace php.ini with production settings
 RUN mv "$PHP_INI_DIR/php.ini-production" "$PHP_INI_DIR/php.ini"
 
-COPY docker/start.sh /usr/local/bin/start
-RUN chmod +x /usr/local/bin/start
+# 8) Install your custom nginx vhost
+COPY docker/nginx.conf /etc/nginx/sites-available/default
+
+# 9) Add entrypoint
+COPY docker/start.sh /usr/local/bin/start.sh
+RUN chmod +x /usr/local/bin/start.sh
 
 EXPOSE 80
-CMD ["/usr/local/bin/start"]
+
+# ENTRYPOINT will do migrations, start nginx+php-fpm, cleanup loop, etc.
+ENTRYPOINT ["start.sh"]
+CMD []
diff --git a/service/docker-compose.yml b/service/docker-compose.yml
@@ -1,36 +1,35 @@
+version: "3.8"
+
 services:
   php:
     build: .
-    volumes:
-      - /var/run/docker.sock:/var/run/docker.sock:rw
-      - ./:/var/www/html:rw
-      - vendor_data:/var/www/html/vendor:rw
-      - ./var/log:/var/www/html/var/log:rw
     ports:
       - "8055:80"
     depends_on:
-      - database
+      database:
+        condition: service_healthy
     environment:
       DATABASE_URL: "postgresql://${POSTGRES_USER:-app}:${POSTGRES_PASSWORD:-app}@database:5432/${POSTGRES_DB:-app}?serverVersion=${POSTGRES_VERSION:-16}"
     restart: unless-stopped
     mem_limit: 1g
     cpus: 1
+    volumes:
+      - /var/run/docker.sock:/var/run/docker.sock:rw
 
   database:
     image: postgres:${POSTGRES_VERSION:-16}-alpine
     environment:
+      POSTGRES_USER: ${POSTGRES_USER:-app}
       POSTGRES_DB: ${POSTGRES_DB:-app}
       POSTGRES_PASSWORD: ${POSTGRES_PASSWORD:-app}
-      POSTGRES_USER: ${POSTGRES_USER:-app}
     healthcheck:
       test: ["CMD", "pg_isready", "-d", "${POSTGRES_DB:-app}", "-U", "${POSTGRES_USER:-app}"]
       timeout: 5s
       retries: 5
       start_period: 10s
     volumes:
       - database_data:/var/lib/postgresql/data:rw
-      
-  # It is only needed to immitate the behavior of admin during CTF
+
   adminbot:
     build:
       context: .
@@ -40,9 +39,8 @@ services:
       - database
     environment:
       DATABASE_URL: "postgresql://${POSTGRES_USER:-app}:${POSTGRES_PASSWORD:-app}@database:5432/${POSTGRES_DB:-app}"
-      APP_URL: "http://php:80"
+      APP_URL:         "http://php:80"
     restart: unless-stopped
 
 volumes:
-  database_data:
-  vendor_data:
+  database_data:
diff --git a/service/docker/start.sh b/service/docker/start.sh
@@ -1,29 +1,30 @@
-#!/bin/bash
+#!/usr/bin/env bash
+set -e
 
-if [ -S /var/run/docker.sock ]; then
-  chmod 666 /var/run/docker.sock
-fi
+# 1) Re-fix permissions on any runtime-generated dirs (in case Docker socket mount
+#    or other ops changed ownership):
+chown -R www-data:www-data var/log var/cache public/submissions
 
-# Wait for database to be ready
-echo "Waiting for database connection..."
-until php -r "try { new PDO('pgsql:host=database;dbname=${POSTGRES_DB:-app}', '${POSTGRES_USER:-app}', '${POSTGRES_PASSWORD:-app}'); echo 'Connected successfully'; } catch (PDOException \$e) { echo \$e->getMessage(); exit(1); }" > /dev/null 2>&1; do
-  echo -n "."
+# 2) Wait for Postgres
+echo "Waiting for database…"
+until php -r "new PDO('pgsql:host=database;dbname=${POSTGRES_DB:-app}', '${POSTGRES_USER:-app}', '${POSTGRES_PASSWORD:-app}');" \
+      > /dev/null 2>&1; do
   sleep 1
 done
-echo ""
+echo "Database ready."
 
-echo "Running database migrations..."
+# 3) Run migrations (ignore if none)
+echo "Running migrations…"
 php bin/console doctrine:migrations:migrate --no-interaction || true
 
-chown -R www-data:www-data /var/www/html/var/cache /var/www/html/var/log /var/www/html/public/submissions
-chmod -R 777 /var/www/html/var/cache /var/www/html/var/log /var/www/html/public/submissions
+# 4) Spawn cleanup loop in background
+(
+  while true; do
+    php bin/console app:purge-old-data || echo "[!] Purge error"
+    sleep 60
+  done
+) &
 
-echo "Starting services..."
-service nginx start
-php-fpm &
-
-while true; do
-  echo "Cleanup Database..."
-  php bin/console app:purge-old-data || echo "Purge error"
-  sleep 60
-done
+# 5) Launch nginx (foreground) and php-fpm (exec = PID 1)
+nginx -g 'daemon off;' &
+exec php-fpm
