Update with Caddy

Author: Sigri44

Dockerfile

@@ -1,24 +1,185 @@
-FROM registry.realtoken.community/docker-symfony-php:8.4
+# FROM registry.realtoken.community/docker-symfony-php:8.4
+#
+# WORKDIR /var/www/html
+# COPY . ./
+#
+# ARG APP_ENV=prod
+# ARG DATABASE_URL
+# ENV APP_ENV=${APP_ENV}
+# ENV DATABASE_URL=${DATABASE_URL}
+#
+# RUN composer install --prefer-dist --no-interaction --optimize-autoloader --no-progress
+# RUN composer dump-env ${APP_ENV}
+# RUN composer run-script --no-dev post-install-cmd
+#
+# # HTTPS
+# ENV HTTPS=false
+#
+# # Nginx
+# COPY docker/nginx.conf /etc/nginx/nginx.conf
+#
+# RUN mkdir -p var/cache/${APP_ENV}
+# RUN chmod -R 777 var/cache/${APP_ENV}
+#
+# CMD ["/usr/bin/supervisord", "-c", "/etc/supervisor/conf.d/supervisord.conf"]
 
-WORKDIR /var/www/html
-COPY . ./
 
-ARG APP_ENV=prod
-ARG DATABASE_URL
-ENV APP_ENV=${APP_ENV}
-ENV DATABASE_URL=${DATABASE_URL}
+ARG BASE_IMAGE=dunglas/frankenphp:1-php8.4
+# ===============================================
+# Stage 1: Dependencies
+# ===============================================
+FROM composer:2 AS dependencies
 
-RUN composer install --prefer-dist --no-interaction --optimize-autoloader --no-progress
-RUN composer dump-env ${APP_ENV}
-RUN composer run-script --no-dev post-install-cmd
+WORKDIR /app
 
-# HTTPS
-ENV HTTPS=false
+# Copie uniquement les fichiers de dépendances pour cache Docker
+COPY composer.json composer.lock symfony.lock ./
 
-# Nginx
-COPY docker/nginx.conf /etc/nginx/nginx.conf
+# Installation des dépendances
+RUN composer install \
+    --no-scripts \
+    --no-autoloader \
+    --no-interaction \
+    --no-progress \
+    --prefer-dist
 
-RUN mkdir -p var/cache/${APP_ENV}
-RUN chmod -R 777 var/cache/${APP_ENV}
+# ===============================================
+# Stage 2: Development
+# ===============================================
+FROM ${BASE_IMAGE} AS development
 
-CMD ["/usr/bin/supervisord", "-c", "/etc/supervisor/conf.d/supervisord.conf"]
+# Copier Composer depuis l'image officielle
+COPY --from=composer:2 /usr/bin/composer /usr/bin/composer
+
+# Installation des extensions PHP nécessaires
+# On nettoie le cache APT pour libérer de l'espace
+RUN apt-get clean && rm -rf /var/lib/apt/lists/* && \
+	install-php-extensions \
+		pdo_mysql \
+		redis \
+		intl \
+		sysvsem \
+	&& apt-get clean && rm -rf /var/lib/apt/lists/*
+
+WORKDIR /app
+
+# Copier les dépendances
+COPY --from=dependencies /app/vendor ./vendor
+
+# Copier le code
+COPY --chown=www-data:www-data . .
+
+# Installer avec dev dependencies
+RUN composer install \
+    --optimize-autoloader \
+    --no-interaction \
+    --no-progress
+
+# Permissions correctes
+RUN mkdir -p var/cache var/log \
+    && chown -R www-data:www-data var/ \
+    && chmod -R 775 var/
+
+# Créer les répertoires nécessaires pour Caddy/FrankenPHP
+RUN mkdir -p /data/caddy /config/caddy \
+    && chown -R www-data:www-data /data/caddy /config/caddy \
+    && chmod -R 755 /data/caddy /config/caddy
+
+# Copier la configuration Caddy
+COPY docker/Caddyfile /etc/caddy/Caddyfile
+
+# Variables d'environnement dev
+ENV APP_ENV=dev
+ENV APP_DEBUG=1
+ENV FRANKENPHP_CONFIG="worker ./public/index.php"
+
+USER www-data
+
+EXPOSE 80
+
+CMD ["frankenphp", "run", "--config", "/etc/caddy/Caddyfile"]
+
+# ===============================================
+# Stage 3: Builder (préparation production)
+# ===============================================
+FROM dependencies AS builder
+
+WORKDIR /app
+
+# Copier tout le code source
+COPY . .
+
+# Installation des dépendances SANS dev
+RUN composer install \
+    --no-dev \
+    --optimize-autoloader \
+    --classmap-authoritative \
+    --no-interaction \
+    --no-progress \
+    --prefer-dist
+
+# Optimisations Symfony pour production
+RUN composer dump-autoload --no-dev --classmap-authoritative
+
+# Suppression des fichiers inutiles en production
+RUN rm -rf tests/ .git/ .github/ docker/ \
+    && find . -name ".git*" -type f -delete
+
+# ===============================================
+# Stage 4: Production
+# ===============================================
+FROM dunglas/frankenphp:1-php8.3 AS production
+
+# Copier Composer depuis l'image officielle
+COPY --from=composer:2 /usr/bin/composer /usr/bin/composer
+
+# Installation des extensions PHP
+RUN apt-get clean && rm -rf /var/lib/apt/lists/* && \
+	install-php-extensions \
+		pdo_mysql \
+		redis \
+		intl \
+		apcu \
+		sysvsem \
+	&& apt-get clean && rm -rf /var/lib/apt/lists/*
+
+# Configuration PHP production
+COPY docker/php/php-prod.ini /usr/local/etc/php/conf.d/99-prod.ini
+
+WORKDIR /app
+
+# Copier depuis le builder (code optimisé)
+COPY --from=builder --chown=www-data:www-data /app /app
+
+# Configuration Caddy production
+COPY docker/Caddyfile.prod /etc/caddy/Caddyfile
+
+# Permissions strictes
+RUN chown -R www-data:www-data /app \
+    && chmod -R 755 /app \
+    && mkdir -p var/cache/prod var/log \
+    && chown -R www-data:www-data var/ \
+    && chmod -R 775 var/
+
+# Créer les répertoires nécessaires pour Caddy/FrankenPHP
+RUN mkdir -p /data/caddy /config/caddy \
+    && chown -R www-data:www-data /data/caddy /config/caddy \
+    && chmod -R 755 /data/caddy /config/caddy
+
+# Variables d'environnement production
+ENV APP_ENV=prod
+ENV APP_DEBUG=0
+ENV FRANKENPHP_CONFIG="worker ./public/index.php"
+
+# Warmup du cache Symfony
+RUN php bin/console cache:clear --env=prod --no-debug || true \
+    && php bin/console cache:warmup --env=prod --no-debug || true
+
+USER www-data
+
+EXPOSE 80
+
+HEALTHCHECK --interval=30s --timeout=3s --start-period=60s --retries=3 \
+    CMD curl -f http://localhost/health || exit 1
+
+CMD ["frankenphp", "run", "--config", "/etc/caddy/Caddyfile"]

docker-compose-branch.yml

@@ -2,11 +2,15 @@ services:
     symfony:
         image: ${DOCKER_REGISTRY}/api-php:${DOCKER_BRANCH}
         container_name: ${DOCKER_BRANCH}-api_php-sf
+#        build:
+#            context: ./
         build:
-            context: ./
-        environment:
-            APP_ENV: ${APP_ENV}
-            DATABASE_URL: ${DATABASE_URL}
+            context: .
+            dockerfile: Dockerfile
+            target: development
+#        environment:
+#            APP_ENV: ${APP_ENV}
+#            DATABASE_URL: ${DATABASE_URL}
         networks:
             - api-php
             - traefik-realt

docker/Caddyfile.prod

@@ -0,0 +1,75 @@
+# ===============================================
+# Caddyfile Production - Optimisé
+# ===============================================
+
+{
+	# Mode FrankenPHP avec worker pour maximum de performance
+	frankenphp {
+		num_threads 4
+		# Mode worker pour Symfony (garde l'app en mémoire)
+		worker {
+			file /app/public/index.php
+			num 2
+			env APP_RUNTIME App\Runtime\FrankenPhpRuntime
+		}
+	}
+
+	order php_server before file_server
+
+	# Logs minimaux en production
+	log {
+		output stdout
+		level WARN
+	}
+}
+
+:80 {
+	root * /app/public
+
+	# Compression optimisée
+	encode {
+		gzip 6
+		zstd
+	}
+
+	request_body {
+		max_size 100MB
+	}
+
+	trusted_proxies static 172.18.0.0/24
+
+	# Logs production (minimal)
+	log {
+		output discard
+	}
+
+	# Cache statique agressif
+	@static {
+		path *.css *.js *.jpg *.jpeg *.png *.gif *.ico *.svg *.woff *.woff2 *.ttf *.eot
+	}
+	header @static {
+		Cache-Control "public, max-age=31536000, immutable"
+	}
+
+	# Symfony routing avec worker mode
+	php_server {
+		resolve_root_symlink
+	}
+
+	file_server
+
+	# Headers de sécurité renforcés
+	header {
+		-Server
+		X-Content-Type-Options "nosniff"
+		X-Frame-Options "SAMEORIGIN"
+		X-XSS-Protection "1; mode=block"
+		Referrer-Policy "no-referrer-when-downgrade"
+		Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
+	}
+
+	# Health check endpoint
+	handle /health {
+		respond "OK" 200
+	}
+}

docker/nginx.conf docker/nginx/nginx-prod.confdocker/nginx.conf renamed to docker/nginx/nginx-prod.conf

@@ -0,0 +1,30 @@
+; ===============================================
+; docker/php/php-common.ini
+; Configuration commune à tous les environnements
+; ===============================================
+
+; Date et timezone
+date.timezone = Europe/Paris
+
+; Upload de fichiers
+upload_max_filesize = 10M
+post_max_size = 10M
+max_file_uploads = 20
+
+; Exécution
+max_execution_time = 30
+max_input_time = 60
+
+; Session
+session.cookie_httponly = 1
+session.cookie_secure = 1
+session.use_strict_mode = 1
+
+; Sécurité
+expose_php = Off
+allow_url_fopen = On
+allow_url_include = Off
+
+; Performance
+realpath_cache_size = 4096K
+realpath_cache_ttl = 600

docker/php/php-common.ini

@@ -0,0 +1,35 @@
+; ===============================================
+; docker/php/php-dev.ini
+; Configuration développement
+; ===============================================
+
+; Mémoire (généreuse en dev)
+memory_limit = 512M
+
+; Affichage des erreurs
+display_errors = On
+display_startup_errors = On
+error_reporting = E_ALL
+log_errors = On
+error_log = /var/www/html/var/log/php_errors.log
+
+; OPcache (avec validation pour hot-reload)
+opcache.enable = 1
+opcache.enable_cli = 1
+opcache.memory_consumption = 128
+opcache.max_accelerated_files = 10000
+opcache.validate_timestamps = 1
+opcache.revalidate_freq = 0
+opcache.interned_strings_buffer = 8
+
+; Xdebug (si installé)
+xdebug.mode = debug,coverage
+xdebug.start_with_request = yes
+xdebug.client_host = host.docker.internal
+xdebug.client_port = 9003
+xdebug.idekey = PHPSTORM
+xdebug.max_nesting_level = 512
+
+; Upload (plus généreux en dev)
+upload_max_filesize = 20M
+post_max_size = 20M