Merge pull request #12 from startersclan/fix/fix-setting-of-permissio…

…ns-in-dockerfile.x.prod-and-use-config-file-for-php-fpm Fix: Fix setting of permissions in Dockerfile.*.prod and use config file for php-fpm
startersclan · Sep 29, 2022 · b870d4b · b870d4b
2 parents a7fba18 + 2f9f6f0
commit b870d4b
Show file tree

Hide file tree

Showing 7 changed files with 50 additions and 23 deletions.
diff --git a/Dockerfile.nginx.prod b/Dockerfile.nginx.prod
@@ -1,17 +1,17 @@
-FROM alpine:latest AS build
+FROM nginx:1.21-alpine AS build
 ARG TARGETPLATFORM
 ARG BUILDPLATFORM
 RUN echo "I am running on $BUILDPLATFORM, building for $TARGETPLATFORM"
 
-# Set permissions for nginx's 'nginx' user
+# Set permissions for 'nginx' user
 COPY ./src /src
 WORKDIR /src
-RUN chown -R 101:101 . \
+RUN chown -R nginx:nginx . \
     && find . -type d -exec chmod 750 {} \; \
     && find . -type f -exec chmod 640 {} \;
 
-FROM nginx:1.21-alpine
+FROM nginx:1.21-alpine AS final
 
 # Add default configs
-COPY config/nginx/nginx.conf /etc/nginx/nginx.conf
 COPY --from=build /src /src
+COPY config/nginx/nginx.conf /etc/nginx/nginx.conf
diff --git a/Dockerfile.php.prod b/Dockerfile.php.prod
@@ -1,16 +1,16 @@
-FROM alpine:latest AS build
+FROM php:7.4-fpm AS build
 ARG TARGETPLATFORM
 ARG BUILDPLATFORM
 RUN echo "I am running on $BUILDPLATFORM, building for $TARGETPLATFORM"
 
-# Set permissions for php-fpm-alpine's 'www-data' user
+# Set permissions for 'www-data' user
 COPY ./src /src
 WORKDIR /src
-RUN chown -R 82:82 . \
+RUN chown -R www-data:www-data . \
     && find . -type d -exec chmod 750 {} \; \
     && find . -type f -exec chmod 640 {} \;
 
-FROM php:7.4-fpm
+FROM php:7.4-fpm AS final
 
 # opcache
 RUN docker-php-ext-install opcache
@@ -22,6 +22,7 @@ RUN php -i
 RUN php -m
 
 # Add default configs
-COPY ./config/php/php-fpm.d/php_fpm_exporter.conf /usr/local/etc/php-fpm.d/php_fpm_exporter.conf
-COPY ./config/php/conf.d/php.ini /usr/local/etc/php/conf.d/php.ini
+
 COPY --from=build /src /src
+COPY ./config/php/conf.d/php.ini /usr/local/etc/php/conf.d/php.ini
+COPY ./config/php-fpm.d/www.conf /usr/local/etc/php-fpm.d/www.conf
diff --git a/README.md b/README.md
@@ -11,7 +11,7 @@ The new BF2Statistics 3.0 ASP, currently in public Beta. The GameSpy server to m
 See [docker-compose.example.yml](docker-compose.example.yml) example showing how to deploy BF2Statistics using `docker-compose`.
 
 Notes:
-- Mount the [`config.php`](./config/ASP/config.php) with write permissions, or else `ASP` will throw an error. Use `System > Edit Configuration` as reference to customize the config file.
+- Mount the [`config.php`](./config/ASP/config.php) with write permissions, or else `ASP` dashboard will throw an error. Use `System > Edit Configuration` as reference to customize the config file.
 - Optional: Mount your customized [`armyAbbreviationMap.php`](./config/ASP/armyAbbreviationMap.php), [`backendAwards.php`](./config/ASP/backendAwards.php), and [`ranks.php`](./config/ASP/ranks.php) config files if you are using a customized mod. Unlike `config.php`, they don't need write permissions.
 - Seed the `db` service with `schema.sql` and `data.sql` so that the database is populated on the first run. The `System > System Installation` doesn't need to be used.
 - [Backup the DB](#development) using `mysqldump` instead of the ASP. `System > Backup Stats Database` will not be allowed since the DB is on remote host. This means there is no need for provisioning a `backups-volume` volume.
@@ -33,6 +33,11 @@ iptables -A INPUT -i br+ -j ACCEPT
 # Test routes
 docker-compose -f docker-compose.test.yml up
 
+# Test production builds locally
+docker build -t startersclan/asp:nginx -f Dockerfile.nginx.prod .
+docker build -t startersclan/asp:php -f Dockerfile.php.prod .
+docker-compose -f docker-compose.example.yml up
+
 # Dump the DB
 docker exec $( docker-compose ps | grep db | awk '{print $1}' ) mysqldump -uroot -pascent bf2stats | gzip > bf2stats.sql.gz
 
@@ -50,3 +55,15 @@ docker volume rm asp_logs-volume
 docker volume rm asp_snapshots-volume
 docker volume rm asp_db-volume
 ```
+
+## FAQ
+
+### Q: ASP dashboard shows `Parse error: syntax error, unexpected 'admin' (T_STRING) in /src/ASP/system/framework/View.php(346) : eval()'d code on line 153`
+
+Solution: Grant `php`'s `www-data` user write permission for `config.php`.
+
+```sh
+chown 33:33 ./config/ASP/config.php
+chmod 666 ./config/ASP/config.php
+docker-compose restart php
+```
diff --git a/config/php-fpm.d/www.conf b/config/php-fpm.d/www.conf
@@ -0,0 +1,10 @@
+[www]
+user = www-data
+group = www-data
+security.limit_extensions = .php
+pm = dynamic
+pm.max_children = 5
+pm.start_servers = 2
+pm.min_spare_servers = 1
+pm.max_spare_servers = 3
+pm.status_path = /status.php
diff --git a/config/php/php-fpm.d/php_fpm_exporter.conf b/config/php/php-fpm.d/php_fpm_exporter.conf
diff --git a/docker-compose.example.yml b/docker-compose.example.yml
@@ -15,28 +15,28 @@ services:
       - |
           set -eu
 
-          echo "Granting php write permissions"
-          chown -R 82:82 /src/ASP/system/backups
+          echo "Granting php's 'www-data' user write permissions"
+          chown -R 33:33 /src/ASP/system/backups
           find /src/ASP/system/backups -type d -exec chmod 750 {} \;
           find /src/ASP/system/backups -type f -exec chmod 640 {} \;
 
-          chown -R 82:82 /src/ASP/system/cache
+          chown -R 33:33 /src/ASP/system/cache
           find /src/ASP/system/cache -type d -exec chmod 750 {} \;
           find /src/ASP/system/cache -type f -exec chmod 640 {} \;
 
-          chown -R 82:82 /src/ASP/system/logs
+          chown -R 33:33 /src/ASP/system/logs
           find /src/ASP/system/logs -type d -exec chmod 750 {} \;
           find /src/ASP/system/logs -type f -exec chmod 640 {} \;
 
           mkdir -p /src/ASP/system/snapshots/failed
           mkdir -p /src/ASP/system/snapshots/processed
           mkdir -p /src/ASP/system/snapshots/unauthorized
           mkdir -p /src/ASP/system/snapshots/unprocessed
-          chown -R 82:82 /src/ASP/system/snapshots
+          chown -R 33:33 /src/ASP/system/snapshots
           find /src/ASP/system/snapshots -type d -exec chmod 750 {} \;
           find /src/ASP/system/snapshots -type f -exec chmod 640 {} \;
 
-          echo "Granting db write permissions"
+          echo "Granting db's 'mysql' user write permissions"
           chown -R 999:999 /var/lib/mysql
 
   nginx:
@@ -60,6 +60,7 @@ services:
       # - ./config/ASP/backendAwards.php:/src/ASP/system/config/backendAwards.php:ro              # Optional: Customize as needed if using a custom mod
       # - ./config/ASP/ranks.php:/src/ASP/system/config/ranks.php:ro                              # Optional: Customize as needed if using a custom mod
       - ./config/php/conf.d/php.ini:/usr/local/etc/php/conf.d/php.ini:ro # Customize as needed
+      - ./config/php-fpm.d/www.conf:/usr/local/etc/php-fpm.d/www.conf:ro # Customize as needed
       - backups-volume:/src/ASP/system/backups # This volume is effectively unused since ASP doesn't allow DB backups for a remote DB, but mount it anyway to avoid errors.
       - cache-volume:/src/ASP/system/cache
       - logs-volume:/src/ASP/system/logs

diff --git a/docker-compose.yml b/docker-compose.yml
@@ -18,8 +18,8 @@ services:
           set -eu
 
           echo "Granting nginx and php read permissions"
-          find /src -type f -exec chmod +r {} \;
-          find /src -type d -exec chmod +x {} \; # Ensure nginx and php have permissions to read directories
+          find /src -type d -exec chmod 755 {} \;
+          find /src -type f -exec chmod 644 {} \;
 
           echo "Granting php write permissions"
           find /src/ASP/system/backups -type d -exec chmod 777 {} \;
@@ -67,6 +67,7 @@ services:
       # - ./config/ASP/backendAwards.php:/src/ASP/system/config/backendAwards.php:ro              # Optional: Customize as needed if using a custom mod
       # - ./config/ASP/ranks.php:/src/ASP/system/config/ranks.php:ro                              # Optional: Customize as needed if using a custom mod
       - ./config/php/conf.d/php.ini:/usr/local/etc/php/conf.d/php.ini:ro
+      - ./config/php-fpm.d/www.conf:/usr/local/etc/php-fpm.d/www.conf:ro
       - backups-volume:/src/ASP/system/backups # This volume is effectively unused since ASP doesn't allow DB backups for a remote DB, but mount it anyway to avoid errors.
       - cache-volume:/src/ASP/system/cache
       - logs-volume:/src/ASP/system/logs