appwrite/Dockerfile.nginx

FROM ubuntu:18.04 AS builder

LABEL maintainer="team@appwrite.io"

ARG TESTING=false

ENV TZ=Asia/Tel_Aviv \
    DEBIAN_FRONTEND=noninteractive \
    PHP_VERSION=7.4 \
    PHP_REDIS_VERSION=5.2.1

RUN \
  apt-get update && \
  apt-get install -y --no-install-recommends --no-install-suggests ca-certificates software-properties-common wget git openssl && \
  LC_ALL=C.UTF-8 add-apt-repository -y ppa:ondrej/php && \
  apt-get update && \
  apt-get install -y --no-install-recommends --no-install-suggests make php$PHP_VERSION php$PHP_VERSION-dev zip unzip php$PHP_VERSION-zip && \
  # Redis Extension
  wget -q https://github.com/phpredis/phpredis/archive/$PHP_REDIS_VERSION.tar.gz && \
  tar -xf $PHP_REDIS_VERSION.tar.gz && \
  cd phpredis-$PHP_REDIS_VERSION && \
  phpize$PHP_VERSION && \
  ./configure && \
  make && \
  # Composer
  wget https://getcomposer.org/composer.phar && \
  chmod +x ./composer.phar && \
  mv ./composer.phar /usr/bin/composer && \
  #Brotli
  cd / && \
  git clone https://github.com/eustas/ngx_brotli.git && \
  cd ngx_brotli && git submodule update --init && cd ..

WORKDIR /usr/local/src/

# Updating PHP Dependencies and Auto-loading...

ENV TESTING=$TESTING

COPY composer.* /usr/local/src/

RUN composer update --ignore-platform-reqs --optimize-autoloader \
    --no-plugins --no-scripts --prefer-dist \
    `if [ "$TESTING" != "true" ]; then echo "--no-dev"; fi`

FROM ubuntu:18.04
LABEL maintainer="team@appwrite.io"

ARG VERSION=dev

ENV TZ=Asia/Tel_Aviv \
    DEBIAN_FRONTEND=noninteractive \
    PHP_VERSION=7.4 \
    _APP_SERVER=nginx \
    _APP_ENV=production \
    _APP_DOMAIN=localhost \
    _APP_DOMAIN_TARGET=localhost \
    _APP_HOME=https://appwrite.io \
    _APP_EDITION=community \
    _APP_OPTIONS_ABUSE=enabled \
    _APP_OPTIONS_FORCE_HTTPS=disabled \
    _APP_OPENSSL_KEY_V1=your-secret-key \
    _APP_STORAGE_LIMIT=100000000 \
    _APP_STORAGE_ANTIVIRUS=enabled \
    _APP_REDIS_HOST=redis \
    _APP_REDIS_PORT=6379 \
    _APP_DB_HOST=mariadb \
    _APP_DB_PORT=3306 \
    _APP_DB_USER=root \
    _APP_DB_PASS=password \
    _APP_DB_SCHEMA=appwrite \
    _APP_INFLUXDB_HOST=influxdb \
    _APP_INFLUXDB_PORT=8086 \
    _APP_STATSD_HOST=telegraf \
    _APP_STATSD_PORT=8125 \
    _APP_SMTP_HOST=smtp \
    _APP_SMTP_PORT=25 \
    _APP_SETUP=self-hosted \
    _APP_VERSION=$VERSION
#ENV _APP_SMTP_SECURE ''
#ENV _APP_SMTP_USERNAME ''
#ENV _APP_SMTP_PASSWORD ''

COPY --from=builder /phpredis-5.2.1/modules/redis.so /usr/lib/php/20190902/
COPY --from=builder /phpredis-5.2.1/modules/redis.so /usr/lib/php/20190902/
COPY --from=builder /ngx_brotli /ngx_brotli

RUN ln -snf /usr/share/zoneinfo/$TZ /etc/localtime && echo $TZ > /etc/timezone

RUN \
  apt-get update && \
  apt-get install -y --no-install-recommends --no-install-suggests wget ca-certificates software-properties-common build-essential libpcre3-dev zlib1g-dev libssl-dev openssl gnupg htop supervisor && \
  LC_ALL=C.UTF-8 add-apt-repository -y ppa:ondrej/php && \
  add-apt-repository universe && \
  add-apt-repository ppa:certbot/certbot && \
  apt-get update && \
  apt-get install -y --no-install-recommends --no-install-suggests php$PHP_VERSION php$PHP_VERSION-fpm \
  php$PHP_VERSION-mysqlnd php$PHP_VERSION-curl php$PHP_VERSION-imagick php$PHP_VERSION-mbstring php$PHP_VERSION-dom certbot && \
  # Nginx
  wget http://nginx.org/download/nginx-1.19.0.tar.gz && \
  tar -xzvf nginx-1.19.0.tar.gz && rm nginx-1.19.0.tar.gz && \
  cd nginx-1.19.0 && \
  ./configure --prefix=/usr/share/nginx \
    --sbin-path=/usr/sbin/nginx \
    --modules-path=/usr/lib/nginx/modules \
    --conf-path=/etc/nginx/nginx.conf \
    --error-log-path=/var/log/nginx/error.log \
    --http-log-path=/var/log/nginx/access.log \
    --pid-path=/run/nginx.pid \
    --lock-path=/var/lock/nginx.lock \
    --user=www-data \
    --group=www-data \
    --build=Ubuntu \
    --with-http_gzip_static_module \
    --with-http_ssl_module \
    --with-http_v2_module \
    --add-module=/ngx_brotli && \
  make && \
  make install && \
  rm -rf ../nginx-1.19.0 && \
  # Redis Extension
  echo extension=redis.so >> /etc/php/$PHP_VERSION/fpm/conf.d/redis.ini && \
  echo extension=redis.so >> /etc/php/$PHP_VERSION/cli/conf.d/redis.ini && \
  # Cleanup
  cd ../ && \
  apt-get purge -y --auto-remove wget software-properties-common build-essential libpcre3-dev zlib1g-dev libssl-dev gnupg && \
  apt-get clean && \
  rm -rf /ngx_brotli && \
  rm -rf /var/lib/apt/lists/*

# Set Upload Limit (default to 100MB)
RUN echo "upload_max_filesize = ${_APP_STORAGE_LIMIT}" >> /etc/php/$PHP_VERSION/fpm/conf.d/appwrite.ini
RUN echo "post_max_size = ${_APP_STORAGE_LIMIT}" >> /etc/php/$PHP_VERSION/fpm/conf.d/appwrite.ini
RUN echo "opcache.preload_user=www-data" >> /etc/php/$PHP_VERSION/fpm/conf.d/appwrite.ini
RUN echo "opcache.preload=/usr/src/code/app/preload.php" >> /etc/php/$PHP_VERSION/fpm/conf.d/appwrite.ini
RUN echo "opcache.enable_cli = 1" >> /etc/php/$PHP_VERSION/fpm/conf.d/appwrite.ini

# Add logs file
RUN echo "" >> /var/log/appwrite.log

# Nginx Configuration (with self-signed ssl certificates)
COPY ./docker/nginx.conf.template /etc/nginx/nginx.conf.template
COPY ./docker/ssl/cert.pem /etc/nginx/ssl/cert.pem
COPY ./docker/ssl/key.pem /etc/nginx/ssl/key.pem

# PHP Configuration
RUN mkdir -p /var/run/php
COPY ./docker/www.conf /etc/php/$PHP_VERSION/fpm/pool.d/www.conf

# Add PHP Source Code
COPY ./app /usr/src/code/app
COPY ./bin /usr/local/bin
COPY ./docs /usr/src/code/docs
COPY ./public /usr/src/code/public
COPY ./src /usr/src/code/src
COPY --from=builder /usr/local/src/vendor /usr/src/code/vendor

RUN mkdir -p /storage/uploads && \
    mkdir -p /storage/cache && \
    mkdir -p /storage/config && \
    mkdir -p /storage/certificates && \
    mkdir -p /storage/functions && \
    chown -Rf www-data.www-data /storage/uploads && chmod -Rf 0755 /storage/uploads && \
    chown -Rf www-data.www-data /storage/cache && chmod -Rf 0755 /storage/cache && \
    chown -Rf www-data.www-data /storage/config && chmod -Rf 0755 /storage/config && \
    chown -Rf www-data.www-data /storage/certificates && chmod -Rf 0755 /storage/certificates && \
    chown -Rf www-data.www-data /storage/functions && chmod -Rf 0755 /storage/functions

# Supervisord Conf
COPY ./docker/supervisord.conf /etc/supervisord.conf

# Executables
RUN chmod +x /usr/local/bin/start
RUN chmod +x /usr/local/bin/doctor
RUN chmod +x /usr/local/bin/migrate
RUN chmod +x /usr/local/bin/test

# Letsencrypt Permissions
RUN mkdir -p /etc/letsencrypt/live/ && chmod -Rf 755 /etc/letsencrypt/live/

EXPOSE 80

WORKDIR /usr/src/code

CMD ["/bin/bash", "/usr/local/bin/start"]