Docker Image for Grav based on nginx & php

docker-grav-nginx/Dockerfile

@@ -0,0 +1,61 @@
+FROM nginx:latest
+LABEL maintainer="gushmazuko <gushmazuko@protonmail.com>"
+LABEL description="Docker Image for Grav based on nginx & php"
+
+# Install dependencies
+RUN apt update && apt install -y --no-install-recommends \
+    vim\
+    zip \
+    unzip \
+    git \
+    php-fpm \
+    php-cli \
+    php-gd \
+    php-curl \
+    php-mbstring \
+    php-xml \
+    php-zip \
+    php-apcu \
+    cron
+
+# Configure PHP FPM
+# https://learn.getgrav.org/17/webservers-hosting/vps/digitalocean#configure-php7-2-fpm
+RUN sed -i "s/.*cgi.fix_pathinfo=1/cgi.fix_pathinfo=0/g" /etc/php/7.*/fpm/php.ini
+
+# Set user to www-data
+RUN chown www-data:www-data /usr/share/nginx
+RUN rm -rf /usr/share/nginx/html
+USER www-data
+
+# Define a specific version of Grav or use latest stable
+ENV GRAV_VERSION latest
+
+# Install grav
+WORKDIR /usr/share/nginx
+RUN curl -o grav-admin.zip -SL https://getgrav.org/download/core/grav-admin/${GRAV_VERSION} && \
+    unzip grav-admin.zip && \
+    mv -T /usr/share/nginx/grav-admin /usr/share/nginx/html && \
+    rm grav-admin.zip
+
+# Create cron job for Grav maintenance scripts
+# https://learn.getgrav.org/17/advanced/scheduler
+RUN (crontab -l; echo "* * * * * cd /usr/share/nginx/html;/usr/bin/php bin/grav scheduler 1>> /dev/null 2>&1") | crontab -
+
+# Return to root user
+USER root
+
+# Add nginx to www-data group
+RUN usermod -aG www-data nginx
+
+# Replace dafault config files by provided by Grav
+# https://learn.getgrav.org/17/webservers-hosting/vps/digitalocean#configure-nginx-connection-pool
+RUN rm /etc/php/7.3/fpm/pool.d/www.conf
+RUN rm /etc/nginx/conf.d/default.conf
+COPY ./conf/php/grav.conf /etc/php/7.3/fpm/pool.d/
+COPY ./conf/nginx/grav.conf /etc/nginx/conf.d/
+
+# Provide container inside image for data persistence
+VOLUME ["/usr/share/nginx/html"]
+
+# Run startup script
+CMD bash -c "service php7.3-fpm start && nginx -g 'daemon off;'"

docker-grav-nginx/conf/nginx/grav.conf

@@ -0,0 +1,43 @@
+server {
+    listen 80;
+    index index.html index.php;
+
+    ## Begin - Server Info
+    root /usr/share/nginx/html;
+    server_name gravsite;
+    ## End - Server Info
+
+    ## Begin - Index
+    # for subfolders, simply adjust:
+    # `location /subfolder {`
+    # and the rewrite to use `/subfolder/index.php`
+    location / {
+        try_files $uri $uri/ /index.php?$query_string;
+    }
+    ## End - Index
+
+    ## Begin - Security
+    # deny all direct access for these folders
+    location ~* /(\.git|cache|bin|logs|backup|tests)/.*$ { return 403; }
+    # deny running scripts inside core system folders
+    location ~* /(system|vendor)/.*\.(txt|xml|md|html|yaml|yml|php|pl|py|cgi|twig|sh|bat)$ { return 403; }
+    # deny running scripts inside user folder
+    location ~* /user/.*\.(txt|md|yaml|yml|php|pl|py|cgi|twig|sh|bat)$ { return 403; }
+    # deny access to specific files in the root folder
+    location ~ /(LICENSE\.txt|composer\.lock|composer\.json|nginx\.conf|web\.config|htaccess\.txt|\.htaccess) { return 403; }
+    ## End - Security
+
+    ## Begin - PHP
+    location ~ \.php$ {
+        # Choose either a socket or TCP/IP address
+        fastcgi_pass unix:/var/run/php/php7.3-fpm.sock;
+        # fastcgi_pass unix:/var/run/php5-fpm.sock; #legacy
+        # fastcgi_pass 127.0.0.1:9000;
+
+        fastcgi_split_path_info ^(.+\.php)(/.+)$;
+        fastcgi_index index.php;
+        include fastcgi_params;
+        fastcgi_param SCRIPT_FILENAME $document_root/$fastcgi_script_name;
+    }
+    ## End - PHP
+}

docker-grav-nginx/conf/php/grav.conf

@@ -0,0 +1,17 @@
+[grav]
+
+user = www-data
+group = www-data
+
+listen = /var/run/php/php7.3-fpm.sock
+
+listen.owner = www-data
+listen.group = www-data
+
+pm = dynamic
+pm.max_children = 5
+pm.start_servers = 2
+pm.min_spare_servers = 1
+pm.max_spare_servers = 3
+
+chdir = /