[Draft] Production Docker environment

.dockerignore

@@ -0,0 +1,11 @@
+vendor
+.idea
+node_modules
+*.log
+.git
+Dockerfile
+docker-compose.*
+.DS_Store
+storage/app/*
+storage/debugbar/*
+public/build

.env.example

@@ -3,7 +3,9 @@ APP_ENV=local
 APP_KEY=base64:aXAV+ZTjr7LG+67qDjW4ad++A999ZpBSt53mUPmodMM=
 APP_DEBUG=true
 APP_TIMEZONE=UTC
-APP_URL=http://localhost
+APP_DOMAIN=localhost
+APP_URL="https://${APP_DOMAIN}"
+CERTIFICATE_MODE=internal
 
 APP_LOCALE=en
 APP_FALLBACK_LOCALE=en
@@ -19,52 +21,34 @@ LOG_STACK=single
 LOG_DEPRECATIONS_CHANNEL=null
 LOG_LEVEL=debug
 
-DB_CONNECTION=mysql
-DB_HOST=127.0.0.1
+DB_CONNECTION=mariadb
+DB_HOST=mysql
 DB_PORT=3306
 DB_DATABASE=geezap
 DB_USERNAME=root
-DB_PASSWORD=
+DB_PASSWORD=secret
 
-SESSION_DRIVER=database
+SESSION_DRIVER=redis
 SESSION_LIFETIME=120
 SESSION_ENCRYPT=false
 SESSION_PATH=/
 SESSION_DOMAIN=null
 
 BROADCAST_CONNECTION=log
 FILESYSTEM_DISK=local
-QUEUE_CONNECTION=database
+QUEUE_CONNECTION=redis
 
-CACHE_STORE=database
+CACHE_STORE=redis
 CACHE_PREFIX=
 
 MEMCACHED_HOST=127.0.0.1
 
 REDIS_CLIENT=predis
-REDIS_HOST=
+REDIS_HOST=redis
 REDIS_PASSWORD=
 REDIS_PORT=
 REDIS_SCHEME=tls
 
-# Queue connection
-REDIS_QUEUE_HOST=your-queue-valkey.aiven.io
-REDIS_QUEUE_PASSWORD=your-queue-password
-REDIS_QUEUE_PORT=26557
-REDIS_QUEUE_SCHEME=tls
-
-# Cache connection
-REDIS_CACHE_HOST=your-cache-valkey.aiven.io
-REDIS_CACHE_PASSWORD=your-cache-password
-REDIS_CACHE_PORT=26557
-REDIS_CACHE_SCHEME=tls
-
-# Session connection
-REDIS_SESSION_HOST=your-session-valkey.aiven.io
-REDIS_SESSION_PASSWORD=your-session-password
-REDIS_SESSION_PORT=26557
-REDIS_SESSION_SCHEME=tls
-
 MAIL_MAILER=failover
 BREVO_API_KEY=
 BREVO_SMTP_HOST=

Caddyfile

@@ -0,0 +1,25 @@
+{$APP_DOMAIN} {
+    log
+    encode zstd gzip
+    root * /app/public
+
+    php_fastcgi app:9000 {
+        try_files {path} index.php =404
+    }
+
+    file_server
+
+    header {
+        Referrer-Policy no-referrer-when-downgrade
+        Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
+        X-Xss-Protection "1; mode=block"
+        X-Content-Type-Options "nosniff"
+        X-Frame-Options "SAMEORIGIN"
+        Content-Security-Policy "upgrade-insecure-requests"
+
+        -X-Powered-By
+        -Server
+    }
+
+    tls {$CERTIFICATE_MODE:internal}
+}

Dockerfile

@@ -0,0 +1,62 @@
+FROM php:8.2-cli-alpine AS builder
+
+WORKDIR /app
+
+RUN apk update && \
+    apk add --no-cache \
+    linux-headers \
+    curl-dev \
+    gmp-dev \
+    libxml2-dev \
+    libpng-dev \
+    freetype-dev \
+    libjpeg-turbo-dev \
+    libwebp-dev \
+    gcc g++ \
+    autoconf \
+    make \
+    openssl-dev \
+    libzip-dev \
+    icu icu-dev && \
+    docker-php-ext-configure gd --with-freetype=/usr/include/ --with-jpeg=/usr/include/ > /dev/null 2>&1 && \
+    docker-php-ext-install bcmath pdo_mysql gd sockets zip pcntl intl && \
+    echo "Installing redis extension..." && pecl install redis > /dev/null 2>&1 && \
+    echo "Installing openswoole extension..." && \
+    pecl install -D 'enable-openssl="yes" enable-sockets="yes" enable-hook-curl="yes" enable-http2="yes" enable-mysqlnd="yes" with-postgres="no"' openswoole > /dev/null 2>&1 && \
+    wget -q https://getcomposer.org/composer-2.phar -O /usr/local/bin/composer \
+    && chmod +x /usr/local/bin/composer
+
+COPY composer.json composer.lock /app/
+
+RUN composer install  \
+        --ignore-platform-reqs \
+        --no-ansi \
+        --no-autoloader \
+        --no-dev \
+        --no-interaction \
+        --no-scripts
+
+COPY . /app
+
+RUN composer dump-autoload --no-ansi --no-dev --no-interaction --optimize
+
+FROM node:22-alpine AS node
+WORKDIR /app
+COPY package.json package-lock.json /app/
+RUN npm install --no-audit --no-fund
+COPY . /app
+RUN npm run build
+
+FROM php:8.2-fpm-alpine
+WORKDIR /app
+
+COPY --from=builder /usr/local/lib/php/extensions /usr/local/lib/php/extensions
+
+RUN apk add --no-cache icu-dev libpng-dev freetype-dev libjpeg-turbo-dev libzip-dev && \
+    docker-php-ext-enable intl redis bcmath pdo_mysql gd sockets pcntl zip && \
+    docker-php-ext-enable --ini-name z-openswoole.ini openswoole && \
+    chown -R www-data:www-data /app/
+
+COPY --from=builder /usr/local/bin/composer /usr/local/bin/composer
+COPY --from=builder /app /app
+COPY --from=node /app/public/build /app/public/build

caddy.Dockerfile

@@ -0,0 +1,5 @@
+FROM caddy:2.10-alpine
+
+COPY Caddyfile /etc/caddy/Caddyfile
+
+COPY --from=geezap/app:latest /app /app

docker-compose.yml

@@ -0,0 +1,76 @@
+services:
+  mysql:
+    restart: always
+    image: mariadb:11.8.2-noble
+    environment:
+      - MARIADB_DATABASE=${DB_DATABASE}
+      - MARIADB_USER=${DB_USERNAME}
+      - MARIADB_PASSWORD=${DB_PASSWORD}
+      - MARIADB_ROOT_PASSWORD=${DB_PASSWORD}
+    volumes:
+      - mysql:/var/lib/mysql
+
+  app:
+    build:
+      context: .
+    restart: always
+    env_file:
+      - ./.env
+    image: geezap/app:latest
+    depends_on:
+        - redis
+        - mysql
+    volumes:
+      - ./storage:/app/storage
+      - ./storage/app/public:/app/public/storage
+
+  worker:
+    restart: always
+    env_file:
+      - ./.env
+    image: geezap/app:latest
+    command: php artisan horizon
+    volumes:
+      - ./storage:/app/storage
+
+  scheduler:
+    restart: always
+    env_file:
+      - ./.env
+    image: geezap/app:latest
+    command: php artisan schedule:work
+    volumes:
+      - ./storage:/app/storage
+
+  caddy:
+    build:
+      dockerfile: caddy.Dockerfile
+    image: geezap/caddy:latest
+    restart: always
+    ports:
+      - "80:80"
+      - "443:443"
+    environment:
+      - APP_DOMAIN=${APP_DOMAIN}
+      - CERTIFICATE_MODE=${CERTIFICATE_MODE}
+    volumes:
+      - caddy:/data
+      - ./storage/app/public:/app/public/storage
+    depends_on:
+        - app
+    networks:
+      default:
+        aliases:
+          - ${APP_DOMAIN}
+    logging:
+      options:
+        max-size: "200mb"
+        max-file: "10"
+
+  redis:
+    restart: always
+    image: redis:7.4.4-alpine
+
+volumes:
+  mysql:
+  caddy: