Add debian12 image

Author: macropin

.github/workflows/multi-build-push.yml

@@ -17,7 +17,7 @@ jobs:
   build_and_push:
     strategy:
       matrix:
-        version: ["debian11"]
+        version: ["debian12", "debian11"]
 
     runs-on: ubuntu-latest
     steps:

Makefile

@@ -1,4 +1,4 @@
-SUBDIRS := centos7 centos7-develop debian9 debian10 debian11 sid
+SUBDIRS := centos7 centos7-develop debian9 debian10 debian11 debian12 sid
 
 .PHONY: build push clean
 

README.md

@@ -8,8 +8,8 @@ These images are available from the [Docker Hub](https://hub.docker.com/r/panubo
 
 ## Production Images
 
-- [Debian 10 (Buster) Base](/debian10) - Recommended for PHP applications that support PHP 7.3
 - [Debian 11 (Bullseye) Base](/debian11) - Recommended for PHP applications that support PHP 7.4
+- [Debian 12 (Bookworm) Base](/debian12) - Recommended for PHP applications that support PHP 8.2
 
 ## Development Images
 
@@ -18,6 +18,7 @@ These images are available from the [Docker Hub](https://hub.docker.com/r/panubo
 
 ## Legacy
 
+- [Debian 10 (Buster) Base](/debian10) - For legacy PHP applications that support PHP 7.3
 - [Debian 9 (Stretch) Base](/debian9) - For legacy PHP applications that support PHP 7.0
 - [CentOS 7 Base](/centos7) - For legacy PHP applications that require PHP 5.4
 

debian12/.dockerignore

@@ -0,0 +1,2 @@
+*.md
+test

debian12/Dockerfile

@@ -0,0 +1,163 @@
+# Panubo PHP-Apache
+#
+# Debian bookworm
+# PHP 8.2
+# Apache 2.4
+# Mongo support
+#
+
+FROM debian:bookworm
+
+# Component Versions
+ENV \
+  BASHCONTAINER_VERSION=0.7.2 BASHCONTAINER_SHA256=87c4b804f0323d8f0856cb4fbf2f7859174765eccc8b0ac2d99b767cecdcf5c6 \
+  PHPEXTRAS_VERSION=0.1.0 PHPEXTRAS_SHA256=515af5789d5180123acfac9b1090f46e07f355c8df51a34e27ada5f7da0495cc
+
+# Change the www-data use to uid and gid 48 to match other containers
+RUN \
+  usermod -u 48 www-data && \
+  groupmod -g 48 www-data
+
+# Install bash-container functions
+RUN set -x \
+  && if ! command -v wget > /dev/null; then \
+      fetchDeps="${fetchDeps} wget"; \
+     fi \
+  && apt-get update \
+  && apt-get install -y --no-install-recommends ca-certificates curl ${fetchDeps} \
+  && cd /tmp \
+  && wget -nv https://github.com/panubo/bash-container/releases/download/v${BASHCONTAINER_VERSION}/panubo-functions.tar.gz \
+  && echo "${BASHCONTAINER_SHA256}  panubo-functions.tar.gz" > /tmp/SHA256SUM \
+  && ( cd /tmp; sha256sum -c SHA256SUM || ( echo "Expected $(sha256sum panubo-functions.tar.gz)"; exit 1; )) \
+  && tar --no-same-owner -C / -zxf panubo-functions.tar.gz \
+  && rm -rf /tmp/* \
+  && apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false ${fetchDeps} \
+  && apt-get clean \
+  && rm -rf /var/lib/apt/lists/* \
+  ;
+
+# Install gomplate
+RUN set -x \
+  && GOMPLATE_VERSION=v3.11.5 \
+  && GOMPLATE_CHECKSUM_X86_64=16f6a01a0ff22cae1302980c42ce4f98ca20f8c55443ce5a8e62e37fc23487b3 \
+  && GOMPLATE_CHECKSUM_AARCH64=fd980f9d233902e50f3f03f10ea65f36a2705385358a87aa18b19fb7cdf54c1d \
+  && if [ "$(uname -m)" = "x86_64" ] ; then \
+        GOMPLATE_CHECKSUM="${GOMPLATE_CHECKSUM_X86_64}"; \
+        GOMPLATE_ARCH="amd64"; \
+      elif [ "$(uname -m)" = "aarch64" ]; then \
+        GOMPLATE_CHECKSUM="${GOMPLATE_CHECKSUM_AARCH64}"; \
+        GOMPLATE_ARCH="arm64"; \
+      fi \
+  && curl -sSf -o /tmp/gomplate_linux-${GOMPLATE_ARCH} -L https://github.com/hairyhenderson/gomplate/releases/download/${GOMPLATE_VERSION}/gomplate_linux-${GOMPLATE_ARCH} \
+  && echo "${GOMPLATE_CHECKSUM}  gomplate_linux-${GOMPLATE_ARCH}" > /tmp/SHA256SUM \
+  && ( cd /tmp; sha256sum -c SHA256SUM || ( echo "Expected $(sha256sum gomplate_linux-${GOMPLATE_ARCH})"; exit 1; )) \
+  && install -m 0755 /tmp/gomplate_linux-${GOMPLATE_ARCH} /usr/local/bin/gomplate \
+  && rm -f /tmp/* \
+  ;
+
+# Install s6
+RUN set -x \
+  && S6_VERSION=2.11.0.0 \
+  && EXECLINE_VERSION=2.8.1.0 \
+  && SKAWARE_RELEASE=2.0.7 \
+  && S6_CHECKSUM_X86_64=fcf79204c1957016fc88b0ad7d98f150071483583552103d5822cbf56824cc87 \
+  && S6_CHECKSUM_AARCH64=64151e136f887c6c2c7df69e3100573c318ec7400296680cc698bc7b0ca36943 \
+  && EXECLINE_CHECKSUM_X86_64=b216cfc4db928729d950df5a354aa34bc529e8250b55ab0de700193693dea682 \
+  && EXECLINE_CHECKSUM_AARCH64=8cb1d5c2d44cb94990d63023db48f7d3cd71ead10cbb19c05b99dbd528af5748 \
+  && if [ "$(uname -m)" = "x86_64" ] ; then \
+        S6_CHECKSUM="${S6_CHECKSUM_X86_64}"; \
+        EXECLINE_CHECKSUM="${EXECLINE_CHECKSUM_X86_64}"; \
+        SKAWARE_ARCH="amd64"; \
+      elif [ "$(uname -m)" = "aarch64" ]; then \
+        S6_CHECKSUM="${S6_CHECKSUM_AARCH64}"; \
+        EXECLINE_CHECKSUM="${EXECLINE_CHECKSUM_AARCH64}"; \
+        SKAWARE_ARCH="aarch64"; \
+      fi \
+  && curl -sSf -L -o /tmp/s6-${S6_VERSION}-linux-${SKAWARE_ARCH}-bin.tar.gz https://github.com/just-containers/skaware/releases/download/v${SKAWARE_RELEASE}/s6-${S6_VERSION}-linux-${SKAWARE_ARCH}-bin.tar.gz \
+  && curl -sSf -L -o /tmp/execline-${EXECLINE_VERSION}-linux-${SKAWARE_ARCH}-bin.tar.gz https://github.com/just-containers/skaware/releases/download/v${SKAWARE_RELEASE}/execline-${EXECLINE_VERSION}-linux-${SKAWARE_ARCH}-bin.tar.gz \
+  && echo "${S6_CHECKSUM}  s6-${S6_VERSION}-linux-${SKAWARE_ARCH}-bin.tar.gz" > /tmp/SHA256SUM \
+  && echo "${EXECLINE_CHECKSUM}  execline-${EXECLINE_VERSION}-linux-${SKAWARE_ARCH}-bin.tar.gz" >> /tmp/SHA256SUM \
+  && ( cd /tmp; sha256sum -c SHA256SUM || ( echo "Expected S6: $(sha256sum s6-${S6_VERSION}-linux-${SKAWARE_ARCH}-bin.tar.gz) Execline: $(sha256sum execline-${EXECLINE_VERSION}-linux-${SKAWARE_ARCH}-bin.tar.gz)"; exit 1; )) \
+  && tar -C /usr/local -zxf /tmp/s6-${S6_VERSION}-linux-${SKAWARE_ARCH}-bin.tar.gz \
+  && tar -C /usr/local -zxf /tmp/execline-${EXECLINE_VERSION}-linux-${SKAWARE_ARCH}-bin.tar.gz \
+  && rm -rf /tmp/* \
+  ;
+
+# Install PHP Extras
+RUN set -x \
+  && if ! command -v wget > /dev/null; then \
+      fetchDeps="${fetchDeps} wget"; \
+     fi \
+  && apt-get update \
+  && apt-get install -y --no-install-recommends ${fetchDeps} \
+  && cd /tmp \
+  && wget -nv https://github.com/panubo/php-extras/releases/download/v${PHPEXTRAS_VERSION}/php-extras.tar.gz \
+  && echo "${PHPEXTRAS_SHA256}  php-extras.tar.gz" > /tmp/SHA256SUM \
+  && ( cd /tmp; sha256sum -c SHA256SUM || ( echo "Expected $(sha256sum php-extras.tar.gz)"; exit 1; )) \
+  && mkdir -p /usr/share/php/ \
+  && tar --no-same-owner -C /usr/share/php/ -zxf php-extras.tar.gz \
+  && rm -rf /tmp/* \
+  && apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false ${fetchDeps} \
+  && apt-get clean \
+  && rm -rf /var/lib/apt/lists/* \
+  ;
+
+# Install main packages
+RUN \
+  export DEBIAN_FRONTEND=noninteractive && \
+  apt-get update && \
+  apt-get install --no-install-recommends --no-install-suggests -y wget curl ca-certificates git gnupg openssh-client msmtp-mta apache2 libapache2-mod-xsendfile imagemagick ghostscript \
+  php8.2-apcu \
+  php8.2-cli \
+  php8.2-curl \
+  php8.2-dom \
+  php8.2-fpm \
+  php8.2-gd \
+  php8.2-igbinary \
+  php8.2-imagick \
+  php8.2-imap \
+  php8.2-intl \
+  php8.2-ldap \
+  php8.2-mbstring \
+  php8.2-memcached \
+  php8.2-mongodb \
+  php8.2-mysql \
+  php8.2-pgsql \
+  php8.2-pspell \
+  php8.2-redis \
+  php8.2-sqlite \
+  php8.2-xmlrpc \
+  php8.2-zip && \
+  apt-get clean && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* /var/www/html/*
+
+# Configure
+RUN \
+  mkdir -p /root/.ssh && \
+  echo "Host *\n\tStrictHostKeyChecking no\n" >> /root/.ssh/config && \
+  sed -i -e '/^session.save_/ s/^/;/' /etc/php/8.2/*/php.ini && \
+  touch /etc/php/8.2/mods-available/auto.ini && \
+  touch /var/log/msmtp.log && \
+  chown www-data:www-data /var/log/msmtp.log && \
+  sed -i -r 's/^Listen.*/Listen 8000/g' /etc/apache2/ports.conf && \
+  sed -i 's/^error_log.*/error_log = \/dev\/stderr/' /etc/php/8.2/fpm/php-fpm.conf && \
+  sed -i -E 's/^;?systemd_interval.*/systemd_interval = 0/' /etc/php/8.2/fpm/php-fpm.conf && \
+  mv /etc/php/8.2/fpm/pool.d/www.conf /etc/php/8.2/fpm/pool.d/www.conf_orig && \
+  mkdir -p /var/log/php-fpm
+
+# Copy configs and templates
+COPY etc /etc
+COPY root /
+
+# Enable modules / configs
+RUN \
+  phpenmod session mongodb && \
+  a2dissite 000-default && \
+  a2disconf security other-vhosts-access-log && \
+  phpenmod auto && \
+  a2enconf php8.2-fpm && \
+  a2enmod proxy_fcgi remoteip rewrite headers
+
+ENV TMPDIR=/var/tmp TERM=dumb
+EXPOSE 8000
+ENTRYPOINT ["/entry.sh"]
+CMD ["s6"]

debian12/Makefile

@@ -0,0 +1,25 @@
+NAME = php-apache
+TAG = $(shell basename $(shell pwd))
+IMAGE_NAME := panubo/$(NAME)
+
+.PHONY: help build push clean bash run
+
+help:
+	@printf "$$(grep -hE '^\S+:.*##' $(MAKEFILE_LIST) | sed -e 's/:.*##\s*/:/' -e 's/^\(.\+\):\(.*\)/\\x1b[36m\1\\x1b[m:\2/' | column -c2 -t -s :)\n"
+
+build: ## Builds docker image
+	docker build --pull -t $(IMAGE_NAME):$(TAG) .
+
+push: ## Push image to registry
+	docker tag $(IMAGE_NAME):$(TAG) docker.io/$(IMAGE_NAME):latest
+	docker push $(IMAGE_NAME):$(TAG)
+	docker push $(IMAGE_NAME):latest
+
+clean: ## Remove built image
+	docker rmi $(IMAGE_NAME):$(TAG)
+
+bash: ## Runs bash in the container
+	docker run --rm -it -v $(shell pwd)/test:/srv/remote $(IMAGE_NAME):$(TAG) bash
+
+run: ## Runs the container with test data
+	docker run --rm -it -p 8000:8000 -v $(shell pwd)/test:/srv/remote --name $(NAME) $(IMAGE_NAME):$(TAG)

debian12/README.md

@@ -0,0 +1,132 @@
+# PHP-Apache Debian 12 (Bookworm)
+
+This is an Apache and php-fpm image:
+
+- Base: Debian 12 (Bookworm)
+- Apache httpd: 2.4
+- PHP: 8.2
+
+This image is designed to be quite configurable and as such is good for getting
+started but probably not a great base if you want a highly optimised container.
+This image also expects to be used behind a load balancer and as such does not
+listen on port 80 but instead port 8000. Also make note of how to handle SSL
+offloading to the load balancer and how this affects .htaccess rules.
+
+## Options:
+
+All options are optional.
+The values shown here are the defaults. The options listed here are also case sensitive.
+
+### Global
+
+```
+timeout = 30
+TZ = UTC
+```
+
+### HTTPD
+
+```
+httpd_remoteipheader = X-Forwarded-For  
+httpd_remoteipinternalproxy = (unset)
+
+# Subdirectory within the git repository that contains the site root eg 'www'
+httpd_root = (unset)  
+
+# If unset the following is used
+RemoteIPInternalProxy 10.0.0.0/8
+RemoteIPInternalProxy 172.16.0.0/12
+RemoteIPInternalProxy 192.168.0.0/16
+```
+
+### PHP/PHP-FPM
+
+```
+phpopts_ = (unset)
+
+# phpopts Examples
+phpopts_short_open_tag = off
+phpopts_post_max_size = 8M
+phpopts_upload_max_filesize = 2M
+phpopts_memory_limit = 128M
+
+# PHP Cache options
+php_cache = (opcache|none) default is opcache, none doesn't load any cache extensions.
+php_apc_shm_size = 64M # This is for the apcu extension
+php_opcache_memory_consumption = 128
+php_opcache_revalidate_freq = 2
+
+# PHP Session options
+php_session_save_handler = (unset)
+php_session_save_path = (unset)
+
+# PHP Session examples
+php_session_save_handler = redis
+php_session_save_path = "tcp://host1:6379?weight=1, tcp://host2:6379?weight=2&timeout=2.5, tcp://host3:6379?weight=2"
+
+php_session_save_handler = memcached
+php_session_save_path = "host:11211"
+
+# PHP-FPM options
+phpfpm_pm_max_children = 3
+phpfpm_pm_max_requests = 500
+```
+
+### Email/msmtp
+
+msmtp expects a from address to be set either via environment variable (`msmtp_from`) or
+in the php mail() function. eg. `mail('nobody@example.com', 'the subject',
+'the message', null, '-fwebmaster@example.com');`
+
+msmtp also need a host to send email via, it does not queue and forward mail
+like postfix or exim. This could be defined via a docker link `--link
+smtp:smtp`
+
+```
+msmtp_host = SMTP_PORT_25_TCP_ADDR or mail
+msmtp_port = SMTP_PORT_25_TCP_PORT or 25
+msmtp_from = (unset)
+msmtp_user = (unset)
+msmtp_pass = (unset)
+```
+
+## PHP Pre Execution
+
+PHP pre-execution helpers are included in this image. See
+[PHP Extras](https://github.com/panubo/php-extras) for more information.
+
+Set `auto_prepend_file=xxxx_prepend.php` to enable.
+
+## SSL Offloading
+
+This container should be used behind a load balancing reverse proxy and as such
+SSL should be offloaded to the load balancer. However, this can cause issues
+when your applications want to know if they are being served over SSL as the
+local webserver cannot determine this. Below are workarounds for the two most common
+issues.
+
+If you want to redirect users from a non-ssl connection to a SSL connection with
+htaccess and mod_rewrite the following rules work both behind an SSL offloading
+load balancer and also when the local webserver is handling the SSL.
+
+```
+<IfModule mod_rewrite.c>
+	RewriteEngine on
+	RewriteCond %{HTTP:X-Forwarded-Proto} !=https
+	RewriteCond %{HTTPS} !=on
+	RewriteRule ^(.*) https://%{HTTP_HOST}/$1 [R=301,L]
+</IfModule>
+```
+
+Some PHP application also check they are running on an SSL connection. As the
+local webserver doesn't set $_SERVER['HTTPS'] correctly when behind a proxy the
+following code can be used to fix the issue.
+
+```php
+/* Set _SERVER['HTTPS'] correctly when behind a proxy setting HTTP_X_FORWARDED_PROTO */
+if (isset($_SERVER['HTTP_X_FORWARDED_PROTO']) && $_SERVER['HTTP_X_FORWARDED_PROTO'] == 'https') {
+    $_SERVER['HTTPS'] = 'on';
+}
+```
+
+or set `auto_prepend_file=SSLHelper_prepend.php` to use the SSL Helper from the [PHP Extras](https://github.com/panubo/php-extras) repo.