Merge pull request #39 from magenx/dev

update

Author: magenx

.env

@@ -1,28 +1,26 @@
 
+ADMIN_PATH=""
+CRYPT_KEY=""
+
 BRAND="magenx"
 DOMAIN="magenx.net"
 
 COMPOSE_PROJECT_NAME="${BRAND}"
 
-INSTALL_MAGENTO="yes"
-
-MAGENTO_GITHUB_REPO="https://github.com/magenx/Magento-2-docker-demo"
-MAGENTO_GITHUB_BRANCH="dev"
-
 MAGENX_NGINX_GITHUB_REPO="https://raw.githubusercontent.com/magenx/Magento-nginx-config/master/"
 MAGENX_NGINX_GITHUB_REPO_API="https://api.github.com/repos/magenx/Magento-nginx-config/contents/magento2"
 
 COMPOSER_USER="8c681734f22763b50ea0c29dff9e7af2"
 COMPOSER_PASSWORD="02dfee497e669b5db1fe1c8d481d6974"
 
-ALPINE_VERSION="3.20.0"
+ALPINE_VERSION="3.21"
 
 TZ="Europe/Berlin"
 
 PHP_VERSION="83"
 PHP_USER="php-${BRAND}"
 
-MARIADB_VERSION="10.11.8"
+MARIADB_VERSION="10.11.10"
 MARIADB_RANDOM_ROOT_PASSWORD="yes"
 MARIADB_AUTO_UPGRADE="yes"
 MARIADB_DISABLE_UPGRADE_BACKUP="yes"
@@ -54,15 +52,4 @@ ROOT_PATH="/home/${BRAND}"
 MAGENTO_ROOT_PATH="${ROOT_PATH}/public_html"
 MAGENTO_PUB_PATH="${MAGENTO_ROOT_PATH}/pub"
 
-ADMIN_FIRSTNAME="John"
-ADMIN_LASTNAME="Silver"
-ADMIN_EMAIL="admin@magenx.org"
-ADMIN_LOGIN="admin"
-
-ADMIN_PATH=""
-CRYPT_KEY=""
-
-LOCALE="en_US"
-CURRENCY="EUR"
-
 ## generated passwords for services

docker-compose.yml

@@ -327,9 +327,9 @@ services:
         ports:
             - "127.0.0.1:9000:9000"
         volumes:
-            - magento:${ROOT_PATH}:ro
-            - media:${MAGENTO_PUB_PATH}/media:rw
-            - var:${MAGENTO_ROOT_PATH}/var:rw
+            - ${MAGENTO_ROOT_PATH}:${MAGENTO_ROOT_PATH}:ro
+            - ${MAGENTO_PUB_PATH}/media:${MAGENTO_PUB_PATH}/media:rw
+            - ${MAGENTO_ROOT_PATH}/var:${MAGENTO_ROOT_PATH}/var:rw
         user: ${PHP_USER}
         working_dir: ${MAGENTO_PUB_PATH}
         entrypoint: ["php-fpm${PHP_VERSION}", "-F"]
@@ -353,9 +353,7 @@ services:
         container_name: ${BRAND}-magento
         environment: *setphpenv
         volumes:
-            - magento:${ROOT_PATH}:delegated
-            - media:${MAGENTO_PUB_PATH}/media
-            - var:${MAGENTO_ROOT_PATH}/var
+            - ${MAGENTO_ROOT_PATH}:${MAGENTO_ROOT_PATH}:delegated
         user: ${BRAND}
         working_dir: ${MAGENTO_ROOT_PATH}
         entrypoint: ["n98-magerun2", "-vv"]
@@ -376,6 +374,8 @@ services:
               NGINX_GITHUB_REPO:
               MAGENX_NGINX_GITHUB_REPO:
               MAGENX_NGINX_GITHUB_REPO_API:
+              PROFILER_PLACEHOLDER:
+              PHPMYADMIN_FOLDER:
         container_name: ${BRAND}-nginx
         hostname: nginx
         restart: always
@@ -389,12 +389,12 @@ services:
             - "443:443"
             - "127.0.0.1:8080:8080"
         volumes:
-            - magento:${ROOT_PATH}:ro
+            - ${MAGENTO_ROOT_PATH}:${MAGENTO_ROOT_PATH}:ro
             - ssl:/etc/ssl
             - certbot:/etc/letsencrypt:ro
             - phpmyadmin:/var/www/html:ro
-            - phpmyadmincfg:/etc/phpmyadmin:ro
-        working_dir: ${MAGENTO_PUB_PATH}
+        working_dir: ${MAGENTO_ROOT_PATH}
+        user: ${BRAND}
         cpu_shares: 614
         mem_limit: 512m
         mem_reservation: 128m
@@ -426,7 +426,6 @@ services:
                 condition: service_started
         volumes:
             - phpmyadmin:/var/www/html
-            - phpmyadmincfg:/etc/phpmyadmin
         cpu_shares: 614
         mem_limit: 512m
         mem_reservation: 512m
@@ -440,7 +439,8 @@ services:
         image: certbot/certbot:latest
         container_name: ${BRAND}-certbot
         volumes:
-            - magento:${ROOT_PATH}
+            - ${MAGENTO_ROOT_PATH}:${MAGENTO_ROOT_PATH}:ro
+            - ${MAGENTO_PUB_PATH}/.well-known/acme-challenge/:${MAGENTO_PUB_PATH}/.well-known/acme-challenge/:rw
             - certbot:/etc/letsencrypt
             - certbotlib:/var/lib/letsencrypt
         << : [*ulimits, *logger]
@@ -466,7 +466,7 @@ services:
                 }
               }
         volumes:
-            - magento:${ROOT_PATH}
+            - ${MAGENTO_ROOT_PATH}:${MAGENTO_ROOT_PATH}:rw
         user: ${BRAND}
         working_dir: ${MAGENTO_ROOT_PATH}
         entrypoint: ["composer"]
@@ -490,7 +490,8 @@ services:
             mariadb:
                 condition: service_healthy
         volumes:
-            - magento:${ROOT_PATH}
+            - ${MAGENTO_ROOT_PATH}:${MAGENTO_ROOT_PATH}:ro
+            - ${MAGENTO_ROOT_PATH}/var:${MAGENTO_ROOT_PATH}/var:rw
         user: ${PHP_USER}
         working_dir: ${MAGENTO_ROOT_PATH}
         command: ["crond", "-f"]
@@ -504,14 +505,9 @@ services:
 #   Named volumes list
 # # ---------------------------------------------------------------------------------------------------------------------#            
 volumes:
-    magento:
-    media:
-    var:
     ssl:
     mariadb:
-    mariadbcnf:
     phpmyadmin:
-    phpmyadmincfg:
     opensearch:
     redis:
     rabbitmq:

magento/Dockerfile

@@ -5,24 +5,9 @@ FROM ${BRAND}-php
 LABEL author="admin@magenx.com"
 LABEL source="https://github.com/magenx/Magento-2-docker-configuration"
 
-ARG INSTALL_MAGENTO
-ARG MAGENTO_GITHUB_REPO
-ARG MAGENTO_GITHUB_BRANCH
-
-ARG COMPOSER_USER
-ARG COMPOSER_PASSWORD
-
 ARG BRAND
 ARG PHP_USER
-ARG ROOT_PATH
 ARG MAGENTO_ROOT_PATH
-ARG MAGENTO_PUB_PATH
-ARG PHP_VERSION
-
-RUN <<EOF
-    apk update
-    apk add --update --no-cache git
-EOF
 
 RUN <<EOF
     curl -o /usr/local/bin/n98-magerun2 https://files.magerun.net/n98-magerun2.phar
@@ -31,34 +16,4 @@ EOF
 
 RUN <<EOF
     mkdir -p ${MAGENTO_ROOT_PATH}
-    mkdir -p ${MAGENTO_ROOT_PATH}/var
-    mkdir -p ${MAGENTO_ROOT_PATH}/pub/media 
-    chown -R ${BRAND}:${PHP_USER} ${MAGENTO_ROOT_PATH}
-    mkdir -p ${ROOT_PATH}/.config && chown -R ${BRAND} ${ROOT_PATH}/.config
-    mkdir -p ${ROOT_PATH}/.cache && chown -R ${BRAND} ${ROOT_PATH}/.cache
-    mkdir -p ${ROOT_PATH}/.local && chown -R ${BRAND} ${ROOT_PATH}/.local
-    mkdir -p ${ROOT_PATH}/.composer && chown -R ${BRAND} ${ROOT_PATH}/.composer
-    mkdir -p ${ROOT_PATH}/.npm && chown -R ${BRAND} ${ROOT_PATH}/.npm
-    chmod -R 2750 ${MAGENTO_ROOT_PATH}
-    chmod -R 2770 ${MAGENTO_ROOT_PATH}/var
-    chmod -R 2770 ${MAGENTO_PUB_PATH}/media
-EOF
-
-USER ${BRAND}:${PHP_USER}
-
-RUN <<EOF
-    if [ "${INSTALL_MAGENTO}" = "yes" ]; then
-    composer -n -q config -g http-basic.repo.magento.com ${COMPOSER_USER} ${COMPOSER_PASSWORD}
-    cd ${MAGENTO_ROOT_PATH}
-    git init -b ${MAGENTO_GITHUB_BRANCH}
-    git remote add origin ${MAGENTO_GITHUB_REPO}
-    git fetch origin
-    git reset --hard origin/${MAGENTO_GITHUB_BRANCH}
-    composer -n install --prefer-dist --no-dev --no-cache --no-ansi
-    ## php -d memory_limit=-1 bin/magento setup:di:compile -n
-    ## composer -n dump-autoload --no-dev --optimize --apcu
-    ## bin/magento setup:static-content:deploy -n -f
-    mv app/etc/env.php.build app/etc/env.php
-    fi
 EOF
-      

nginx/Dockerfile

@@ -1,5 +1,5 @@
 # syntax = docker/dockerfile:labs
-FROM nginx:mainline-alpine-perl
+FROM nginxinc/nginx-unprivileged:mainline-alpine-perl
 
 LABEL author="admin@magenx.com"
 LABEL source="https://github.com/magenx/Magento-2-docker-configuration"
@@ -16,6 +16,11 @@ ARG MAGENTO_ROOT_PATH
 ARG MAGENTO_PUB_PATH
 ARG TZ
 
+ARG PROFILER_PLACEHOLDER
+ARG PHPMYADMIN_FOLDER
+
+USER root
+
 RUN <<EOF
     mkdir -p ${MAGENTO_ROOT_PATH}
     addgroup -S -g 1001 ${PHP_USER}
@@ -57,9 +62,16 @@ RUN <<EOF
     sed -i "s/127.0.0.1:9000/php:9000/"  /etc/nginx/conf_m2/maps.conf
     sed -i "s,/var/www/html,${MAGENTO_ROOT_PATH}," /etc/nginx/conf_m2/maps.conf
     sed -i "s/127.0.0.1/varnish/g" /etc/nginx/conf_m2/varnish_proxy.conf
+    sed -i "/user  nginx;/d" /etc/nginx/nginx.conf
+    sed -i "s,/var/run/nginx.pid,/tmp/nginx.pid," /etc/nginx/nginx.conf
     openssl dhparam -dsaparam -out /etc/ssl/certs/dhparams.pem 4096
     openssl req -x509 -newkey rsa:4096 -sha256 -nodes -keyout /etc/ssl/certs/default_server.key -out /etc/ssl/certs/default_server.crt \
     -subj "/CN=default_server" -days 3650 -subj "/C=US/ST=Oregon/L=Portland/O=default_server/OU=Org/CN=default_server"
 EOF
 
+RUN <<EOF
+    mkdir -p /var/cache/nginx /var/run
+    chown -R ${BRAND} /var/cache/nginx /var/run /var/log/nginx
+EOF
+
 RUN ln -snf /usr/share/zoneinfo/${TZ} /etc/localtime && echo ${TZ} > /etc/timezone

opensearch.sh

@@ -0,0 +1,42 @@
+#!/bin/bash
+. .env
+doco exec -it opensearch curl -XPUT -u admin:${OPENSEARCH_PASSWORD} "opensearch:9200/_plugins/_security/api/roles/indexer_${BRAND}"   -H "Content-Type: application/json"   -d "$(cat <<EOF
+{
+    "cluster_permissions": [
+      "cluster_composite_ops_monitor",
+      "cluster:monitor/main",
+      "cluster:monitor/state",
+      "cluster:monitor/health"
+    ],
+    "index_permissions": [
+      {
+        "index_patterns": ["indexer_${BRAND}*"],
+        "fls": [],
+        "masked_fields": [],
+        "allowed_actions": ["*"]
+      },
+      {
+        "index_patterns": ["*"],
+        "fls": [],
+        "masked_fields": [],
+        "allowed_actions": [
+                "indices:admin/aliases/get",
+                "indices:data/read/search",
+                "indices:admin/get"]
+      }
+    ],
+    "tenant_permissions": []
+}
+EOF
+
+)"
+
+doco exec -it opensearch curl -XPUT admin:${OPENSEARCH_PASSWORD} -XPUT "http://opensearch:9200/_plugins/_security/api/internalusers/indexer_${BRAND}" \
+  -H "Content-Type: application/json" \
+  -d "$(cat <<EOF
+{
+    "password": "${INDEXER_PASSWORD}",
+    "opendistro_security_roles": ["indexer_${BRAND}", "own_index"]
+}
+EOF
+)"

php/Dockerfile

@@ -143,7 +143,7 @@ php_admin_value[opcache.optimization_level] = 0xffffffff
 php_admin_value[opcache.blacklist_filename] = "/etc/opcache-default.blacklist"
 php_admin_value[opcache.max_file_size] = 0
 php_admin_value[opcache.force_restart_timeout] = 60
-php_admin_value[opcache.error_log] = "/var/log/php-fpm/opcache.log"
+php_admin_value[opcache.error_log] = "/var/log/php${PHP_VERSION}/opcache.log"
 php_admin_value[opcache.log_verbosity_level] = 1
 php_admin_value[opcache.preferred_memory_model] = ""
 EOF