chore: init skeleton magento2 with frankenphp

Author: Sylvain Dherbecourt

.docker/.gitignore

@@ -0,0 +1,12 @@
+# ./docker directory
+*
+!.gitignore
+!database
+!database/**
+!opensearch
+!opensearch/**
+!php
+!php/**
+!rabbitmq
+!rabbitmq/**
+*/.env

.docker/database/.env.dist

@@ -0,0 +1,4 @@
+MARIADB_DATABASE=magento-database
+MARIADB_ROOT_PASSWORD=magento-root-password
+MARIADB_USER=magento-user
+MARIADB_PASSWORD=magento-password

.docker/opensearch/.env.dist

@@ -0,0 +1,5 @@
+OPENSEARCH_HOST=opensearch
+OPENSEARCH_PORT=9200
+
+# Prevent security patch conflicts with core M2 code
+DISABLE_SECURITY_PLUGIN=true

.docker/opensearch/Dockerfile

@@ -0,0 +1,5 @@
+FROM opensearchproject/opensearch:2.12.0
+
+RUN /usr/share/opensearch/bin/opensearch-plugin install --batch \
+  analysis-icu \
+  analysis-phonetic \

.docker/php/Dockerfile

@@ -0,0 +1,63 @@
+# Versions
+FROM dunglas/frankenphp:1.3.3-php8.3 AS frankenphp_upstream
+
+# Base FrankenPHP image
+FROM frankenphp_upstream AS frankenphp_base
+
+WORKDIR /var/www/html
+
+# Install system dependencies
+RUN apt-get update && apt-get install -y --no-install-recommends \
+	cron \
+    ssmtp \
+    libfreetype6-dev \
+	libicu-dev \
+	libjpeg62-turbo-dev \
+	libmcrypt-dev \
+	libxslt1-dev \
+	zip \
+	git \
+    acl \
+	&& rm -rf /var/lib/apt/lists/*
+
+RUN set -eux; \
+	install-php-extensions \
+		@composer \
+    	bcmath \
+	  	gd \
+	  	intl \
+	  	mbstring \
+	  	mcrypt \
+	  	opcache \
+	  	pdo_mysql \
+	  	soap \
+  		xsl \
+  		zip \
+    	sockets
+
+# Copy the application code
+COPY --link ./.docker/php/conf/app.ini $PHP_INI_DIR/conf.d/
+COPY --link --chmod=755 ./.docker/php/conf/docker-entrypoint.sh /usr/local/bin/docker-entrypoint
+COPY --link ./.docker/php/conf/Caddyfile /etc/caddy/Caddyfile
+
+# Set the entrypoint
+ENTRYPOINT ["docker-entrypoint"]
+
+HEALTHCHECK --start-period=60s CMD curl -f https://$SERVER_NAME/health_check.php || exit 1
+CMD [ "frankenphp", "run", "--config", "/etc/caddy/Caddyfile" ]
+
+# Development FrankenPHP image
+FROM frankenphp_base AS frankenphp_dev
+
+RUN mv "$PHP_INI_DIR/php.ini-development" "$PHP_INI_DIR/php.ini"
+
+RUN apt-get update && apt-get install -y --no-install-recommends mkcert
+
+RUN set -eux; \
+	install-php-extensions \
+		xdebug
+
+# Configuration for development
+COPY --link ./.docker/php/conf/app.dev.ini ./.docker/php/conf/xdebug.ini $PHP_INI_DIR/conf.d/
+RUN echo "mailhub=mailcatcher:1025\nUseTLS=NO\nFromLineOverride=YES" > /etc/ssmtp/ssmtp.conf
+CMD [ "frankenphp", "run", "--config", "/etc/caddy/Caddyfile", "--watch" ]

.docker/php/conf/Caddyfile

@@ -0,0 +1,103 @@
+{
+    {$CADDY_GLOBAL_OPTIONS}
+
+    frankenphp {
+        {$FRANKENPHP_CONFIG}
+    }
+
+    # https://caddyserver.com/docs/caddyfile/directives#sorting-algorithm
+    order php_server before file_server
+}
+
+{$CADDY_EXTRA_CONFIG}
+
+(404) {
+	rewrite * /errors/404.php
+}
+
+{$SERVER_NAME} {
+    log {
+        output file /var/log/caddy.log
+    }
+
+    root * /var/www/html/pub
+    encode zstd br gzip
+
+    {$CADDY_SERVER_EXTRA_DIRECTIVES}
+
+    # Deny access to sensitive files and directories
+    @sensitiveFiles {
+        path_regexp sensitiveFiles /(\.user.ini|\.php$|.*\.phtml$|\.htaccess$|\.htpasswd$|\.git|.*\.txt|.*\.md|errors\/.*\.xml|media\/theme_customization\/.*\.xml)
+    }
+    @sensitiveDirectories {
+        path_regexp sensitiveDirectories /(media\/customer\/*|media\/downloadable\/*|media\/import\/*|media\/custom_options\/*|setup\/*)
+    }
+
+    # Rewrite to 404 for sensitive files and directories
+    handle @sensitiveFiles {
+        import 404
+    }
+    handle @sensitiveDirectories {
+        import 404
+    }
+
+    # Disable Topics tracking if not enabled explicitly: https://github.com/jkarlin/topics
+    header ?Permissions-Policy "browsing-topics=()"
+
+    php_server
+
+    @staticPath path_regexp reg_static ^/static/(version\d*/)?(.*)$
+    handle @staticPath {
+        @static file /static/{re.reg_static.2}
+        rewrite @static /static/{re.reg_static.2}
+
+        @staticFiles {
+            path *.ico *.jpg *.jpeg *.png *.gif *.svg *.svgz *.webp *.avif *.avifs *.js *.css *.eot *.ttf *.otf *.woff *.woff2 *.html *.json *.webmanifest
+        }
+        handle @staticFiles {
+            # Set headers for matched static assets
+            header Cache-Control "public, max-age=31536000"
+        }
+        @noCacheFiles {
+            path *.zip *.gz *.gzip *.bz2 *.csv *.xml
+        }
+        handle @noCacheFiles {
+            # Set Cache-Control header to no-store
+            header Cache-Control "no-store, no-cache, must-revalidate"
+        }
+
+        @dynamic not file /static/{re.reg_static.2}
+        rewrite @dynamic /static.php?resource={re.reg_static.2}
+        header X-Frame-Options "SAMEORIGIN"
+    }
+
+    handle /media/* {
+        @staticFiles {
+            path *.ico *.jpg *.jpeg *.png *.gif *.svg *.svgz *.webp *.avif *.avifs *.js *.css *.eot *.ttf *.otf *.woff *.woff2
+        }
+        handle @staticFiles {
+            # Set Cache-Control header for 1 year caching
+            header Cache-Control "public, max-age=31536000"
+        }
+        @noCacheFiles {
+            path *.zip *.gz *.gzip *.bz2 *.csv *.xml
+        }
+        handle @noCacheFiles {
+            # Set Cache-Control header to no-store
+            header Cache-Control "no-store, no-cache, must-revalidate"
+        }
+
+        try_files {path} {path}/ /get.php{query}
+        header X-Frame-Options "SAMEORIGIN"
+    }
+
+    # PHP entry point for main application
+    @phpFiles path /index.php /get.php /static.php /errors/report.php /errors/404.php /errors/503.php /health_check.php
+    handle @phpFiles {
+        try_files {path} {path}/ =404
+    }
+
+    handle_errors 404 403 {
+    	import 404
+    }
+}

.docker/php/conf/app.dev.ini

@@ -0,0 +1,10 @@
+memory_limit = 2G
+max_execution_time = 60
+apc.enable_cli = 1
+
+xdebug.start_with_request = yes
+xdebug.idekey = PHPSTORM
+xdebug.client_host = host.docker.internal
+xdebug.discover_client_host = 1
+
+sendmail_path = /usr/sbin/ssmtp -t

.docker/php/conf/app.ini

@@ -0,0 +1,21 @@
+expose_php = 0
+date.timezone = UTC
+session.use_strict_mode = 1
+memory_limit = 1G
+max_execution_time = 30
+zlib.output_compression = On
+cgi.fix_pathinfo = 0
+
+realpath_cache_size = 10M
+realpath_cache_ttl = 7200
+opcache.memory_consumption=512
+opcache.max_accelerated_files=60000
+opcache.consistency_checks=0
+opcache.validate_timestamps=0
+opcache.enable_cli=1
+opcache.interned_strings_buffer = 16
+opcache.enable_file_override = 1
+
+upload_max_filesize = 10M
+post_max_size = 10M
+max_input_vars = 10000

.docker/php/conf/docker-entrypoint.sh

@@ -0,0 +1,12 @@
+#!/bin/bash
+set -e
+
+if [ "$1" = 'frankenphp' ] || [ "$1" = 'php' ] || [ "$1" = 'bin/magento' ]; then
+	if [ ! -f /etc/caddy/certs/tls.pem ]; then
+		mkdir -p /etc/caddy/certs
+		mkcert -install
+		mkcert -cert-file /etc/caddy/certs/tls.pem -key-file  /etc/caddy/certs/tls.key "$SERVER_NAME"
+	fi
+fi
+
+exec docker-php-entrypoint "$@"

.docker/php/conf/xdebug.ini

@@ -0,0 +1,2 @@
+#Disable xdebug by default and enable it only when needed
+xdebug.mode = off

.docker/rabbitmq/.env.dist

@@ -0,0 +1,6 @@
+RABBITMQ_HOST=rabbitmq
+RABBITMQ_PORT=5672
+RABBITMQ_MANAGEMENT_PORT=15672
+RABBITMQ_DEFAULT_USER=magento
+RABBITMQ_DEFAULT_PASS=magento
+RABBITMQ_DEFAULT_VHOST=/

.docker/rabbitmq/conf/rabbitmq.conf

@@ -0,0 +1 @@
+vm_memory_high_watermark.absolute = 1GB

.env.dist

@@ -0,0 +1,3 @@
+# PROJECT
+PROJECT_NAME=docker-magento-skeleton
+SERVER_NAME=docker-magento-skeleton.localdev

.gitignore

@@ -0,0 +1,38 @@
+# Magento 2
+/app/*
+!/app/code
+/dev
+/generated
+/lib
+/phpserver
+/pub
+/setup
+/var
+/vendor
+/.phpunit.cache
+.editorconfig
+.env
+.htaccess
+.htaccess.sample
+.php-cs-fixer.cache
+.php-cs-fixer.php
+.php-cs-fixer.dist.php
+.user.ini
+.idea
+auth.json
+auth.json.sample
+CHANGELOG.md
+COPYING.txt
+grunt-config.json.sample
+Gruntfile.js.sample
+LICENSE.txt
+LICENSE_AFL.txt
+nginx.conf.sample
+package.json.sample
+SECURITY.md
+
+# Docker
+docker-compose.override.yml
+docker-compose.override.yaml
+compose.override.yml
+compose.override.yaml

README.md

@@ -0,0 +1,25 @@
+# Magento on FrankenPHP
+
+## Requirements
+
+- [Docker](https://docs.docker.com/)
+- [Docker Compose](https://docs.docker.com/compose/overview/)
+- [Git](https://git-scm.com/)
+
+## Installation
+
+- copy and **configure** environment files:  
+```
+cp .env.dist .env
+cp ./.docker/database/.env.dist ./.docker/database/.env
+cp ./.docker/opensearch/.env.dist ./.docker/opensearch/.env
+cp ./.docker/rabbitmq/.env.dist ./.docker/rabbitmq/.env
+```
+- edit the SERVER_NAME variable in the .env file and replace docker-magento-skeleton.localdev with your domain
+- run the docker-compose file: `docker compose up -d --remove-orphans`
+- use your composer files to install your project
+- edit the file `/etc/hosts` of your machine and add your domain like this :
+
+```
+127.0.0.1 docker-magento-skeleton.localdev
+```

compose.yml

@@ -0,0 +1,72 @@
+services:
+  php:
+    build:
+      dockerfile: ./.docker/php/Dockerfile
+    environment:
+      CADDY_SERVER_EXTRA_DIRECTIVES: "tls /etc/caddy/certs/tls.pem /etc/caddy/certs/tls.key"
+    env_file:
+      - .env
+    volumes:
+      - ./:/var/www/html:delegated
+      - ./.docker/php/conf/Caddyfile:/etc/caddy/Caddyfile:cached
+    depends_on:
+      - database
+      - redis
+      - opensearch
+    ports:
+      # HTTP
+      - target: 80
+        published: ${HTTP_PORT:-80}
+        protocol: tcp
+      # HTTPS
+      - target: 443
+        published: ${HTTPS_PORT:-443}
+        protocol: tcp
+      # HTTP/3
+      - target: 443
+        published: ${HTTP3_PORT:-443}
+        protocol: udp
+    extra_hosts:
+      # Ensure that host.docker.internal is correctly defined on Linux
+      - host.docker.internal:host-gateway
+    tty: true
+  database:
+    image: mariadb:10.6.18
+    env_file:
+      - ./.docker/database/.env
+    volumes:
+      - db_data:/var/lib/mysql
+    ports:
+      - 3306:3306
+  redis:
+    image: redis:7.0-alpine
+    ports:
+      - "6379:6379"
+  opensearch:
+    build:
+      dockerfile: ./.docker/opensearch/Dockerfile
+    ports:
+      - "9200:9200"
+      - "9300:9300"
+    env_file: ./.docker/opensearch/.env
+    environment:
+      - "discovery.type=single-node"
+      - "cluster.routing.allocation.disk.threshold_enabled=false"
+      - "index.blocks.read_only_allow_delete"
+  rabbitmq:
+    image: rabbitmq:4.0-management-alpine
+    ports:
+      - "15672:15672"
+      - "5672:5672"
+    volumes:
+      - rabbitmqdata:/var/lib/rabbitmq:delegated
+      - ./.docker/rabbitmq/conf/rabbitmq.conf:/etc/rabbitmq/rabbitmq.conf:delegated
+    env_file: ./.docker/rabbitmq/.env
+  mailcatcher:
+    image: sj26/mailcatcher
+    ports:
+      - "1080:1080"
+      - "1025:1025"
+volumes:
+  db_data:
+  rabbitmqdata: