-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathDockerfile
More file actions
150 lines (134 loc) · 6.2 KB
/
Copy pathDockerfile
File metadata and controls
150 lines (134 loc) · 6.2 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
# phpBB image — self-maintained, derived from serversideup/php.
# See README.md for design notes and usage.
#
# Build:
# podman build \
# --build-arg PHPBB_VERSION=3.3.16 \
# --build-arg PHP_VERSION=8.3 \
# -t ghcr.io/pikapods/docker-phpbb:3.3.16-php8.3 .
ARG PHP_VERSION=8.3
# BASE_IMAGE is composed by build.yml as serversideup/php:<minor>-fpm-nginx-alpine
# optionally suffixed with @sha256:... when the watcher resolved a digest. Local
# builds without a digest fall through to the floating tag.
ARG BASE_IMAGE=serversideup/php:${PHP_VERSION}-fpm-nginx-alpine
FROM ${BASE_IMAGE}
ARG PHPBB_VERSION=3.3.16
# Build identity. IMAGE_REVISION is bumped by build.yml when the same
# PHPBB_VERSION is rebuilt against a new base digest (security patch).
# BASE_DIGEST is the resolved sha256 the FROM line pinned to; upstream-watch
# reads it back off the published image to detect base-image drift.
ARG IMAGE_REVISION=r1
ARG BASE_DIGEST=
ARG GIT_SHA=
ARG BUILD_DATE=
LABEL org.opencontainers.image.title="phpBB" \
org.opencontainers.image.description="Self-maintained phpBB container" \
org.opencontainers.image.source="https://github.com/pikapods/docker-phpbb" \
org.opencontainers.image.licenses="GPL-2.0" \
org.opencontainers.image.version="${PHPBB_VERSION}-${IMAGE_REVISION}" \
org.opencontainers.image.revision="${GIT_SHA}" \
org.opencontainers.image.created="${BUILD_DATE}" \
org.opencontainers.image.base.name="serversideup/php:${PHP_VERSION}-fpm-nginx-alpine" \
org.opencontainers.image.base.digest="${BASE_DIGEST}"
USER root
# Runtime + build dependencies.
# Runtime: mariadb-client (mysqladmin ping), postgresql-client (pg_isready),
# tzdata, curl (cron worker + healthcheck), unzip (release zip extraction).
RUN apk add --no-cache \
unzip \
mariadb-client \
postgresql-client \
tzdata \
curl \
&& install-php-extensions \
mysqli \
pdo_mysql \
pdo_pgsql \
pgsql \
pdo_sqlite \
sqlite3 \
intl \
gd \
exif \
opcache \
zip
# Fetch the official release zip (vendor/ pre-bundled — no composer step needed).
# The archive expands to a top-level phpBB3/ directory; flatten into /var/www/html
# and strip docs/ to trim the image.
RUN series="${PHPBB_VERSION%.*}" \
&& curl -fsSL -o /tmp/phpbb.zip \
"https://download.phpbb.com/pub/release/${series}/${PHPBB_VERSION}/phpBB-${PHPBB_VERSION}.zip" \
&& unzip -q /tmp/phpbb.zip -d /tmp/phpbb-extract \
&& rm -rf /var/www/html \
&& mv /tmp/phpbb-extract/phpBB3 /var/www/html \
&& rm -rf /tmp/phpbb.zip /tmp/phpbb-extract /var/www/html/docs
# Replace persistent paths with symlinks into /data.
# Targets do not resolve until /data is populated at runtime — fine; the
# bootstrap script mkdir -p's them on first boot.
#
# ext/ subtlety: phpBB ships a bundled tree (e.g. ext/phpbb/viglink). A
# straight `rm -rf ext && symlink to empty /data/ext` would erase it. Stash
# the bundled tree to /var/www/html/ext.dist; the bootstrap seeds it into
# /data/ext on first boot (`cp -rn` so user-installed extensions win).
#
# /data itself must exist and be owned by www-data: the container runs as a
# non-root user (UID 82 on Alpine) which cannot create /data under /.
#
# cache/ stays in the image (transient — phpBB regenerates it).
RUN rm -f /var/www/html/config.php \
&& rm -rf /var/www/html/files /var/www/html/store \
/var/www/html/images/avatars/upload \
&& mv /var/www/html/ext /var/www/html/ext.dist \
&& ln -s /data/config.php /var/www/html/config.php \
&& ln -s /data/files /var/www/html/files \
&& ln -s /data/store /var/www/html/store \
&& ln -s /data/ext /var/www/html/ext \
&& ln -s /data/avatars /var/www/html/images/avatars/upload \
&& mkdir -p /data \
&& chown www-data:www-data /data \
&& chown -R www-data:www-data /var/www/html
# Build-arg UID/GID override. The base image fixes www-data at 82:82; rebuild
# with --build-arg WWW_DATA_UID=$(id -u) --build-arg WWW_DATA_GID=$(id -g) for
# bind-mount UX without host-side chown. Guarded so the default-build path
# adds no extra layer work. See README "User & permissions".
ARG WWW_DATA_UID=82
ARG WWW_DATA_GID=82
RUN if [ "$WWW_DATA_UID" != "82" ] || [ "$WWW_DATA_GID" != "82" ]; then \
docker-php-serversideup-set-id www-data "${WWW_DATA_UID}:${WWW_DATA_GID}" \
&& docker-php-serversideup-set-file-permissions --owner "${WWW_DATA_UID}:${WWW_DATA_GID}" \
&& chown "${WWW_DATA_UID}:${WWW_DATA_GID}" /data; \
fi
VOLUME /data
# Overlay our entrypoint hook + s6 cron service + nginx site config.
COPY rootfs/ /
# - chmod *before* docker-php-serversideup-s6-init: the init tool moves
# /etc/entrypoint.d/*.sh into /etc/s6-overlay/scripts/ and renames them, so
# chmod afterwards at the original path would fail.
# - chown /etc/nginx to www-data: ServerSideUp's 10-init-webserver-config
# runs as www-data and renders /etc/nginx/nginx.conf at boot. After our
# COPY rootfs/ the directory ends up root-owned and nginx fails to start
# with "Permission denied" opening nginx.conf.
RUN chmod +x /etc/entrypoint.d/20-phpbb-bootstrap.sh \
/etc/s6-overlay/s6-rc.d/phpbb-cron/run \
&& chown -R www-data:www-data /etc/nginx \
&& docker-php-serversideup-s6-init
# Image defaults.
# AUTORUN_ENABLED=false: we own the boot sequence.
# SSL_MODE=off: TLS terminates at the reverse proxy.
# ENABLE_PHPBB_CRON=TRUE: phpBB cron tasks (prune, stats) need a periodic hit.
# PHPBB_CRON_INTERVAL=300: 5-minute cadence for the in-container worker.
ENV AUTORUN_ENABLED=false \
SSL_MODE=off \
ENABLE_PHPBB_CRON=TRUE \
APP_BASE_DIR=/var/www/html \
NGINX_WEBROOT=/var/www/html \
PHPBB_CRON_INTERVAL=300 \
PHPBB_VERSION=${PHPBB_VERSION}
# Health endpoint hits index.php (the phpBB main board page, returns 200
# once installed). start-period covers first-boot install + nginx warmup.
# Using /index.php (not /app.php/) sidesteps the need for a custom
# `\.php(/|$)` nginx location override on top of the serversideup default.
HEALTHCHECK --interval=30s --timeout=5s --start-period=180s --retries=3 \
CMD curl -fsS http://localhost:8080/index.php -o /dev/null || exit 1
EXPOSE 8080
USER www-data