diff --git a/.github/workflows/static.yaml b/.github/workflows/static.yaml index e4256f06..3533f63b 100644 --- a/.github/workflows/static.yaml +++ b/.github/workflows/static.yaml @@ -218,6 +218,7 @@ jobs: targets: static-builder-gnu set: | ${{ (github.event_name == 'pull_request' || matrix.platform == 'linux/arm64') && 'static-builder-gnu.args.NO_COMPRESS=1' || '' }} + static-builder-gnu.args.BUILD_PACKAGES=1 *.tags= *.platform=${{ matrix.platform }} *.cache-from=type=gha,scope=${{ needs.prepare.outputs.ref || github.ref }}-static-builder-gnu @@ -247,12 +248,18 @@ jobs: path: /tmp/metadata-gnu/* if-no-files-found: error retention-days: 1 - - name: Copy binary + - name: Copy all frankenphp* files run: | # shellcheck disable=SC2034 digest=$(jq -r '."static-builder-gnu"."${{ fromJson(needs.prepare.outputs.push) && 'containerimage.digest' || 'containerimage.config.digest' }}"' <<< "${METADATA}") - docker create --platform=${{ matrix.platform }} --name static-builder-gnu "${{ fromJson(needs.prepare.outputs.push) && '${IMAGE_NAME}@${digest}' || '${digest}' }}" - docker cp "static-builder-gnu:/go/src/app/dist/${BINARY}" "${BINARY}-gnu" + container_id=$(docker create --platform=${{ matrix.platform }} "${{ fromJson(needs.prepare.outputs.push) && '${IMAGE_NAME}@${digest}' || '${digest}' }}") + mkdir -p gh-output + cd gh-output + for file in $(docker run --rm "${{ fromJson(needs.prepare.outputs.push) && '${IMAGE_NAME}@${digest}' || '${digest}' }}" sh -c "ls /go/src/app/dist | grep '^frankenphp'"); do + docker cp "${container_id}:/go/src/app/dist/${file}" "./${file}" + done + docker rm "${container_id}" + mv "${BINARY}" "${BINARY}-gnu" env: METADATA: ${{ steps.build.outputs.metadata }} BINARY: frankenphp-linux-${{ matrix.platform == 'linux/amd64' && 'x86_64' || 'aarch64' }} @@ -260,17 +267,17 @@ jobs: if: ${{ !fromJson(needs.prepare.outputs.push) }} uses: actions/upload-artifact@v4 with: - name: frankenphp-linux-${{ matrix.platform == 'linux/amd64' && 'x86_64' || 'aarch64' }}-gnu - path: frankenphp-linux-${{ matrix.platform == 'linux/amd64' && 'x86_64' || 'aarch64' }}-gnu + name: frankenphp-linux-${{ matrix.platform == 'linux/amd64' && 'x86_64' || 'aarch64' }}-gnu-files + path: gh-output/* - name: Upload assets if: fromJson(needs.prepare.outputs.push) && (needs.prepare.outputs.ref || github.ref_type == 'tag') - run: gh release upload "${{ (github.ref_type == 'tag' && github.ref_name) || needs.prepare.outputs.ref }}" frankenphp-linux-${{ matrix.platform == 'linux/amd64' && 'x86_64' || 'aarch64' }}-gnu --repo dunglas/frankenphp --clobber + run: gh release upload "${{ (github.ref_type == 'tag' && github.ref_name) || needs.prepare.outputs.ref }}" gh-output/* --repo dunglas/frankenphp --clobber env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - if: fromJson(needs.prepare.outputs.push) && (needs.prepare.outputs.ref || github.ref_type == 'tag') uses: actions/attest-build-provenance@v2 with: - subject-path: ${{ github.workspace }}/frankenphp-linux-*-gnu + subject-path: ${{ github.workspace }}/gh-output/frankenphp-linux-*-gnu - name: Run sanity checks run: | "${BINARY}" version @@ -281,7 +288,7 @@ jobs: "${BINARY}" list-modules | grep http.handlers.vulcain "${BINARY}" php-cli -r "echo 'Sanity check passed';" env: - BINARY: ./frankenphp-linux-${{ matrix.platform == 'linux/amd64' && 'x86_64' || 'aarch64' }}-gnu + BINARY: ./gh-output/frankenphp-linux-${{ matrix.platform == 'linux/amd64' && 'x86_64' || 'aarch64' }}-gnu # Adapted from https://docs.docker.com/build/ci/github-actions/multi-platform/ push: diff --git a/.gitignore b/.gitignore index 16910ad2..21bd3b59 100644 --- a/.gitignore +++ b/.gitignore @@ -8,4 +8,5 @@ __debug_bin frankenphp.test caddy/frankenphp/Build +package/etc/php.ini *.log diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index bf3ef696..4217589c 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -11,9 +11,13 @@ docker build -t frankenphp-dev -f dev.Dockerfile . docker run --cap-add=SYS_PTRACE --security-opt seccomp=unconfined -p 8080:8080 -p 443:443 -p 443:443/udp -v $PWD:/go/src/app -it frankenphp-dev ``` -The image contains the usual development tools (Go, GDB, Valgrind, Neovim...). +The image contains the usual development tools (Go, GDB, Valgrind, Neovim...) and uses the following php setting locations -If docker version is lower than 23.0, build is failed by dockerignore [pattern issue](https://github.com/moby/moby/pull/42676). Add directories to `.dockerignore`. +- php.ini: `/etc/frankenphp/php.ini` A php.ini file with development presets is provided by default. +- additional configuration files: `/etc/frankenphp/php.d/*.ini` +- php extensions: `/usr/lib/frankenphp/modules/` + +If your docker version is lower than 23.0, the build will fail due to dockerignore [pattern issue](https://github.com/moby/moby/pull/42676). Add directories to `.dockerignore`. ```patch !testdata/*.php diff --git a/Dockerfile b/Dockerfile index f738c280..8f18e599 100644 --- a/Dockerfile +++ b/Dockerfile @@ -19,17 +19,17 @@ RUN set -eux; \ /app/public \ /config/caddy \ /data/caddy \ - /etc/caddy; \ + /etc/frankenphp; \ sed -i 's/php/frankenphp run/g' /usr/local/bin/docker-php-entrypoint; \ echo ' /app/public/index.php -COPY --link caddy/frankenphp/Caddyfile /etc/caddy/Caddyfile +COPY --link caddy/frankenphp/Caddyfile /etc/frankenphp/Caddyfile RUN curl -sSLf \ -o /usr/local/bin/install-php-extensions \ https://github.com/mlocati/docker-php-extension-installer/releases/latest/download/install-php-extensions && \ chmod +x /usr/local/bin/install-php-extensions -CMD ["--config", "/etc/caddy/Caddyfile", "--adapter", "caddyfile"] +CMD ["--config", "/etc/frankenphp/Caddyfile", "--adapter", "caddyfile"] HEALTHCHECK CMD curl -f http://localhost:2019/metrics || exit 1 # See https://caddyserver.com/docs/conventions#file-locations for details @@ -113,7 +113,7 @@ RUN echo $CGO_LDFLAGS WORKDIR /go/src/app/caddy/frankenphp RUN GOBIN=/usr/local/bin go install -tags 'nobadger,nomysql,nopgx' -ldflags "-w -s -X 'github.com/caddyserver/caddy/v2.CustomVersion=FrankenPHP $FRANKENPHP_VERSION PHP $PHP_VERSION Caddy'" -buildvcs=true && \ setcap cap_net_bind_service=+ep /usr/local/bin/frankenphp && \ - cp Caddyfile /etc/caddy/Caddyfile && \ + cp Caddyfile /etc/frankenphp/Caddyfile && \ frankenphp version && \ frankenphp build-info diff --git a/alpine.Dockerfile b/alpine.Dockerfile index c75aa80b..9c1155fb 100644 --- a/alpine.Dockerfile +++ b/alpine.Dockerfile @@ -18,17 +18,17 @@ RUN set -eux; \ /app/public \ /config/caddy \ /data/caddy \ - /etc/caddy; \ + /etc/frankenphp; \ sed -i 's/php/frankenphp run/g' /usr/local/bin/docker-php-entrypoint; \ echo ' /app/public/index.php -COPY --link caddy/frankenphp/Caddyfile /etc/caddy/Caddyfile +COPY --link caddy/frankenphp/Caddyfile /etc/frankenphp/Caddyfile RUN curl -sSLf \ -o /usr/local/bin/install-php-extensions \ https://github.com/mlocati/docker-php-extension-installer/releases/latest/download/install-php-extensions && \ chmod +x /usr/local/bin/install-php-extensions -CMD ["--config", "/etc/caddy/Caddyfile", "--adapter", "caddyfile"] +CMD ["--config", "/etc/frankenphp/Caddyfile", "--adapter", "caddyfile"] HEALTHCHECK CMD curl -f http://localhost:2019/metrics || exit 1 # See https://caddyserver.com/docs/conventions#file-locations for details diff --git a/build-packages.sh b/build-packages.sh new file mode 100755 index 00000000..943acf1f --- /dev/null +++ b/build-packages.sh @@ -0,0 +1,135 @@ +#!/bin/bash + +set -o errexit +set -x + +# Ensure required tools are installed +if ! command -v rpmbuild &>/dev/null; then + echo "Error: rpm-build is required to create RPM packages." + echo "Install it with: sudo dnf install rpm-build" + exit 1 +fi + +if ! command -v ruby &>/dev/null; then + echo "Error: Ruby is required by FPM." + echo "Install it with: sudo dnf install ruby" + exit 1 +fi + +if ! command -v fpm &>/dev/null; then + echo "Error: FPM (rubygem-fpm) is required to create RPM packages." + echo "Install it with: sudo gem install fpm" + exit 1 +fi + +arch="$(uname -m)" +os="$(uname -s | tr '[:upper:]' '[:lower:]')" +bin="frankenphp-${os}-${arch}" + +if [ ! -f "dist/$bin" ]; then + echo "Error: dist/$bin not found. Run './build-static.sh' first" + exit 1 +fi + +if [ -z "${FRANKENPHP_VERSION}" ]; then + FRANKENPHP_VERSION="$(git rev-parse --verify HEAD)" + export FRANKENPHP_VERSION +elif [ -d ".git/" ]; then + CURRENT_REF="$(git rev-parse --abbrev-ref HEAD)" + export CURRENT_REF + + if echo "${FRANKENPHP_VERSION}" | grep -F -q "."; then + # Tag + + # Trim "v" prefix if any + FRANKENPHP_VERSION=${FRANKENPHP_VERSION#v} + export FRANKENPHP_VERSION + + git checkout "v${FRANKENPHP_VERSION}" + else + git checkout "${FRANKENPHP_VERSION}" + fi +fi + +if [[ ! "${FRANKENPHP_VERSION}" =~ ^[0-9]+\.[0-9]+\.[0-9]+$ ]]; then + echo "Warning: FRANKENPHP_VERSION must be set to X.Y.Z (e.g. 1.5.1), got '${FRANKENPHP_VERSION}'" + echo "Falling back to non-release version 0.0.0" + FRANKENPHP_VERSION=0.0.0 +fi + +group_preexists=0 +user_preexists=0 + +if getent group frankenphp >/dev/null; then + group_preexists=1 +else + groupadd --system frankenphp +fi + +if getent passwd frankenphp >/dev/null; then + user_preexists=1 +else + useradd --system \ + --gid frankenphp \ + --create-home \ + --home-dir /var/lib/frankenphp \ + --shell /usr/sbin/nologin \ + --comment "FrankenPHP web server" \ + frankenphp +fi + +mkdir -p package/empty +mkdir -p package/etc +[ -f ./dist/static-php-cli/source/php-src/php.ini-production ] && cp -f ./dist/static-php-cli/source/php-src/php.ini-production ./package/etc/php.ini + +cd dist +iteration=1 +glibc_version=$(ldd -v "$bin" | awk '/GLIBC_/ {gsub(/[()]/, "", $2); print $2}' | grep -v GLIBC_PRIVATE | sort -V | tail -n1) +cxxabi_version=$(strings "$bin" | grep -oP 'CXXABI_\d+\.\d+(\.\d+)?' | sort -V | tail -n1) + +fpm -s dir -t rpm -n frankenphp -v "${FRANKENPHP_VERSION}" \ + --config-files /etc/frankenphp/Caddyfile \ + --config-files /etc/frankenphp/php.ini \ + --depends "libc.so.6(${glibc_version})(64bit)" \ + --depends "libstdc++.so.6(${cxxabi_version})(64bit)" \ + --before-install ../package/rhel/preinstall.sh \ + --after-install ../package/rhel/postinstall.sh \ + --before-remove ../package/rhel/preuninstall.sh \ + --after-remove ../package/rhel/postuninstall.sh \ + --iteration "${iteration}" \ + --rpm-user frankenphp --rpm-group frankenphp \ + "${bin}=/usr/bin/frankenphp" \ + "../package/rhel/frankenphp.service=/usr/lib/systemd/system/frankenphp.service" \ + "../package/Caddyfile=/etc/frankenphp/Caddyfile" \ + "../package/content/=/usr/share/frankenphp" \ + "../package/etc/php.ini=/etc/frankenphp/php.ini" \ + "../package/empty/=/etc/frankenphp/php.d" \ + "../package/empty/=/usr/lib/frankenphp/modules" \ + "../package/empty/=/var/lib/frankenphp" + +glibc_version=$(ldd -v "$bin" | awk '/GLIBC_/ {gsub(/[()]/, "", $2); print $2}' | grep -v GLIBC_PRIVATE | sed 's/GLIBC_//' | sort -V | tail -n1) +cxxabi_version=$(strings "$bin" | grep -oP 'CXXABI_\d+\.\d+(\.\d+)?' | sed 's/CXXABI_//' | sort -V | tail -n1) + +fpm -s dir -t deb -n frankenphp -v "${FRANKENPHP_VERSION}" \ + --config-files /etc/frankenphp/Caddyfile \ + --config-files /etc/frankenphp/php.ini \ + --depends "libc6 (>= ${glibc_version})" \ + --depends "libstdc++6 (>= ${cxxabi_version})" \ + --after-install ../package/debian/postinst.sh \ + --before-remove ../package/debian/prerm.sh \ + --after-remove ../package/debian/postrm.sh \ + --iteration "${iteration}" \ + --deb-user frankenphp --deb-group frankenphp \ + "${bin}=/usr/bin/frankenphp" \ + "../package/debian/frankenphp.service=/usr/lib/systemd/system/frankenphp.service" \ + "../package/Caddyfile=/etc/frankenphp/Caddyfile" \ + "../package/content/=/usr/share/frankenphp" \ + "../package/etc/php.ini=/etc/frankenphp/php.ini" \ + "../package/empty/=/etc/frankenphp/php.d" \ + "../package/empty/=/usr/lib/frankenphp/modules" \ + "../package/empty/=/var/lib/frankenphp" + +[ "$user_preexists" -eq 0 ] && userdel frankenphp +[ "$group_preexists" -eq 0 ] && groupdel frankenphp + +cd .. diff --git a/build-static.sh b/build-static.sh index f5c62474..685984d6 100755 --- a/build-static.sh +++ b/build-static.sh @@ -40,9 +40,9 @@ fi # init spc build additional args if [ -z "${SPC_OPT_BUILD_ARGS}" ]; then SPC_OPT_BUILD_ARGS="" - if [ "${SPC_LIBC}" = "musl" ]; then - SPC_OPT_BUILD_ARGS="${SPC_OPT_BUILD_ARGS} --disable-opcache-jit" - fi +fi +if [ "${SPC_LIBC}" = "musl" ] && [[ "${SPC_OPT_BUILD_ARGS}" != *"--disable-opcache-jit"* ]]; then + SPC_OPT_BUILD_ARGS="${SPC_OPT_BUILD_ARGS} --disable-opcache-jit" fi # init spc download additional args if [ -z "${SPC_OPT_DOWNLOAD_ARGS}" ]; then diff --git a/caddy/frankenphp/Caddyfile b/caddy/frankenphp/Caddyfile index 2da634b0..0e18196e 100644 --- a/caddy/frankenphp/Caddyfile +++ b/caddy/frankenphp/Caddyfile @@ -1,3 +1,8 @@ +# The Caddyfile is an easy way to configure FrankenPHP and the Caddy web server. +# +# https://frankenphp.dev/docs/config +# https://caddyserver.com/docs/caddyfile + { {$CADDY_GLOBAL_OPTIONS} @@ -43,3 +48,9 @@ php_server } + +# As an alternative to editing the above site block, you can add your own site +# block files in the Caddyfile.d directory, and they will be included as long +# as they use the .caddyfile extension. + +import Caddyfile.d/*.caddyfile diff --git a/dev-alpine.Dockerfile b/dev-alpine.Dockerfile index 7a954982..a83988ea 100644 --- a/dev-alpine.Dockerfile +++ b/dev-alpine.Dockerfile @@ -51,18 +51,21 @@ WORKDIR /usr/local/src/php RUN git clone --branch=PHP-8.4 https://github.com/php/php-src.git . && \ # --enable-embed is only necessary to generate libphp.so, we don't use this SAPI directly ./buildconf --force && \ - ./configure \ + EXTENSION_DIR=/usr/lib/frankenphp/modules ./configure \ --enable-embed \ --enable-zts \ --disable-zend-signals \ --enable-zend-max-execution-timers \ + --with-config-file-path=/etc/frankenphp/php.ini \ + --with-config-file-scan-dir=/etc/frankenphp/php.d \ --enable-debug && \ make -j"$(nproc)" && \ make install && \ ldconfig /etc/ld.so.conf.d && \ - cp php.ini-development /usr/local/lib/php.ini && \ - echo "zend_extension=opcache.so" >> /usr/local/lib/php.ini && \ - echo "opcache.enable=1" >> /usr/local/lib/php.ini && \ + mkdir -p /etc/frankenphp/php.d && \ + cp php.ini-development /etc/frankenphp/php.ini && \ + echo "zend_extension=opcache.so" >> /etc/frankenphp/php.ini && \ + echo "opcache.enable=1" >> /etcfrankenphp/php.ini && \ php --version # Install e-dant/watcher (necessary for file watching) diff --git a/dev.Dockerfile b/dev.Dockerfile index 615d0122..edc863d0 100644 --- a/dev.Dockerfile +++ b/dev.Dockerfile @@ -53,18 +53,21 @@ WORKDIR /usr/local/src/php RUN git clone --branch=PHP-8.4 https://github.com/php/php-src.git . && \ # --enable-embed is only necessary to generate libphp.so, we don't use this SAPI directly ./buildconf --force && \ - ./configure \ + EXTENSION_DIR=/usr/lib/frankenphp/modules ./configure \ --enable-embed \ --enable-zts \ --disable-zend-signals \ --enable-zend-max-execution-timers \ + --with-config-file-path=/etc/frankenphp/php.ini \ + --with-config-file-scan-dir=/etc/frankenphp/php.d \ --enable-debug && \ make -j"$(nproc)" && \ make install && \ ldconfig && \ - cp php.ini-development /usr/local/lib/php.ini && \ - echo "zend_extension=opcache.so" >> /usr/local/lib/php.ini && \ - echo "opcache.enable=1" >> /usr/local/lib/php.ini && \ + mkdir -p /etc/frankenphp/php.d && \ + cp php.ini-development /etc/frankenphp/php.ini && \ + echo "zend_extension=opcache.so" >> /etc/frankenphp/php.ini && \ + echo "opcache.enable=1" >> /etcfrankenphp/php.ini && \ php --version # Install e-dant/watcher (necessary for file watching) diff --git a/docs/cn/CONTRIBUTING.md b/docs/cn/CONTRIBUTING.md index 957fd991..4f126023 100644 --- a/docs/cn/CONTRIBUTING.md +++ b/docs/cn/CONTRIBUTING.md @@ -11,9 +11,13 @@ docker build -t frankenphp-dev -f dev.Dockerfile . docker run --cap-add=SYS_PTRACE --security-opt seccomp=unconfined -p 8080:8080 -p 443:443 -p 443:443/udp -v $PWD:/go/src/app -it frankenphp-dev ``` -该镜像包含常用的开发工具(Go、GDB、Valgrind、Neovim等)。 +该镜像包含常用的开发工具(Go、GDB、Valgrind、Neovim等)并使用以下 php 设置位置 -如果 docker 版本低于 23.0,则会因为 dockerignore [pattern issue](https://github.com/moby/moby/pull/42676) 而导致构建失败。将目录添加到 `.dockerignore`。 +- php.ini: `/etc/frankenphp/php.ini` 默认提供了一个带有开发预设的 php.ini 文件。 +- 附加配置文件: `/etc/frankenphp/php.d/*.ini` +- php 扩展: `/usr/lib/frankenphp/modules/` + +如果您的 docker 版本低于 23.0,则会因为 dockerignore [pattern issue](https://github.com/moby/moby/pull/42676) 而导致构建失败。将目录添加到 `.dockerignore`。 ```patch !testdata/*.php @@ -179,20 +183,20 @@ docker buildx bake -f docker-bake.hcl --pull --no-cache --push ## 其他开发资源 -* [PHP 嵌入 uWSGI](https://github.com/unbit/uwsgi/blob/master/plugins/php/php_plugin.c) -* [PHP 嵌入 NGINX Unit](https://github.com/nginx/unit/blob/master/src/nxt_php_sapi.c) -* [PHP 嵌入 Go (go-php)](https://github.com/deuill/go-php) -* [PHP 嵌入 Go (GoEmPHP)](https://github.com/mikespook/goemphp) -* [PHP 嵌入 C++](https://gist.github.com/paresy/3cbd4c6a469511ac7479aa0e7c42fea7) -* [扩展和嵌入 PHP 作者:Sara Golemon](https://books.google.fr/books?id=zMbGvK17_tYC&pg=PA254&lpg=PA254#v=onepage&q&f=false) -* [TSRMLS_CC到底是什么?](http://blog.golemon.com/2006/06/what-heck-is-tsrmlscc-anyway.html) -* [Mac 上的 PHP 嵌入](https://gist.github.com/jonnywang/61427ffc0e8dde74fff40f479d147db4) -* [SDL 绑定](https://pkg.go.dev/github.com/veandco/go-sdl2@v0.4.21/sdl#Main) +- [PHP 嵌入 uWSGI](https://github.com/unbit/uwsgi/blob/master/plugins/php/php_plugin.c) +- [PHP 嵌入 NGINX Unit](https://github.com/nginx/unit/blob/master/src/nxt_php_sapi.c) +- [PHP 嵌入 Go (go-php)](https://github.com/deuill/go-php) +- [PHP 嵌入 Go (GoEmPHP)](https://github.com/mikespook/goemphp) +- [PHP 嵌入 C++](https://gist.github.com/paresy/3cbd4c6a469511ac7479aa0e7c42fea7) +- [扩展和嵌入 PHP 作者:Sara Golemon](https://books.google.fr/books?id=zMbGvK17_tYC&pg=PA254&lpg=PA254#v=onepage&q&f=false) +- [TSRMLS_CC到底是什么?](http://blog.golemon.com/2006/06/what-heck-is-tsrmlscc-anyway.html) +- [Mac 上的 PHP 嵌入](https://gist.github.com/jonnywang/61427ffc0e8dde74fff40f479d147db4) +- [SDL 绑定](https://pkg.go.dev/github.com/veandco/go-sdl2@v0.4.21/sdl#Main) ## Docker 相关资源 -* [Bake 文件定义](https://docs.docker.com/build/customize/bake/file-definition/) -* [docker buildx 构建](https://docs.docker.com/engine/reference/commandline/buildx_build/) +- [Bake 文件定义](https://docs.docker.com/build/customize/bake/file-definition/) +- [docker buildx 构建](https://docs.docker.com/engine/reference/commandline/buildx_build/) ## 有用的命令 diff --git a/docs/cn/config.md b/docs/cn/config.md index 870af359..18949c95 100644 --- a/docs/cn/config.md +++ b/docs/cn/config.md @@ -2,12 +2,17 @@ FrankenPHP,Caddy 以及 Mercure 和 Vulcain 模块可以使用 [Caddy 支持的格式](https://caddyserver.com/docs/getting-started#your-first-config) 进行配置。 -在[Docker 映像](docker.md) 中,`Caddyfile` 位于 `/etc/caddy/Caddyfile`。 +在[Docker 映像](docker.md) 中,`Caddyfile` 位于 `/etc/frankenphp/Caddyfile`。 静态二进制文件会在启动时所在的目录中查找 `Caddyfile`。 PHP 本身可以[使用 `php.ini` 文件](https://www.php.net/manual/zh/configuration.file.php)进行配置。 -默认情况下,随 Docker 映像提供的 PHP 和静态二进制文件中包含的 PHP 将在启动 FrankenPHP 的目录和 `/usr/local/etc/php/` 中查找`php.ini` 文件。它们还会从 `/usr/local/etc/php/conf.d/` 中加载所有以 `.ini` 结尾的文件。 -默认情况下没有 `php.ini` 文件,因此应复制 PHP 项目提供的官方模板。 -在 Docker 上,模板在镜像中提供: +PHP 解释器将在以下位置查找: + +Docker: + +- php.ini: `/usr/local/etc/php/php.ini` 默认情况下不提供 php.ini。 +- 附加配置文件: `/usr/local/etc/php/conf.d/*.ini` +- php 扩展: `/usr/local/lib/php/extensions/no-debug-zts-/` +- 您应该复制 PHP 项目提供的官方模板: ```dockerfile FROM dunglas/frankenphp @@ -19,7 +24,18 @@ RUN cp $PHP_INI_DIR/php.ini-production $PHP_INI_DIR/php.ini RUN cp $PHP_INI_DIR/php.ini-development $PHP_INI_DIR/php.ini ``` -如果不使用 Docker,请复制[PHP 源代码](https://github.com/php/php-src/)中提供的`php.ini-production`或`php.ini-development`中的一个。 +FrankenPHP 安装 (.rpm 或 .deb): + +- php.ini: `/etc/frankenphp/php.ini` 默认情况下提供带有生产预设的 php.ini 文件。 +- 附加配置文件: `/etc/frankenphp/php.d/*.ini` +- php 扩展: `/usr/lib/frankenphp/modules/` + +静态二进制: + +- php.ini: 执行 `frankenphp run` 或 `frankenphp php-server` 的目录,然后是 `/etc/frankenphp/php.ini` +- 附加配置文件: `/etc/frankenphp/php.d/*.ini` +- php 扩展: 无法加载 +- 复制[PHP 源代码](https://github.com/php/php-src/)中提供的`php.ini-production`或`php.ini-development`中的一个。 ## Caddyfile 配置 @@ -133,9 +149,9 @@ php_server [] { 以下环境变量可用于在 `Caddyfile` 中注入 Caddy 指令,而无需对其进行修改: -* `SERVER_NAME`: 更改 [要监听的地址](https://caddyserver.com/docs/caddyfile/concepts#addresses),提供的主机名也将用于生成的 TLS 证书 -* `CADDY_GLOBAL_OPTIONS`: 注入 [全局选项](https://caddyserver.com/docs/caddyfile/options) -* `FRANKENPHP_CONFIG`: 在 `frankenphp` 指令下注入配置 +- `SERVER_NAME`: 更改 [要监听的地址](https://caddyserver.com/docs/caddyfile/concepts#addresses),提供的主机名也将用于生成的 TLS 证书 +- `CADDY_GLOBAL_OPTIONS`: 注入 [全局选项](https://caddyserver.com/docs/caddyfile/options) +- `FRANKENPHP_CONFIG`: 在 `frankenphp` 指令下注入配置 ## PHP 配置 diff --git a/docs/config.md b/docs/config.md index e62528a4..09a225e6 100644 --- a/docs/config.md +++ b/docs/config.md @@ -2,15 +2,20 @@ FrankenPHP, Caddy as well as the Mercure and Vulcain modules can be configured using [the formats supported by Caddy](https://caddyserver.com/docs/getting-started#your-first-config). -In [the Docker images](docker.md), the `Caddyfile` is located at `/etc/caddy/Caddyfile`. The static binary will look for the `Caddyfile` in the directory where the `frankenphp run` command is executed. You can specify a custom path with the `-c` or `--config` option. +In [the Docker images](docker.md), the `Caddyfile` is located at `/etc/frankenphp/Caddyfile`. +The static binary will also look for the `Caddyfile` in the directory where the `frankenphp run` command is executed. +You can specify a custom path with the `-c` or `--config` option. PHP itself can be configured [using a `php.ini` file](https://www.php.net/manual/en/configuration.file.php). -By default, PHP supplied with Docker images and the one included in the static binary will look for a `php.ini` file in the directory where FrankenPHP is started and in `/usr/local/etc/php/`. They will also load all files ending in `.ini` from `/usr/local/etc/php/conf.d/`. +Depending on your installation method, the PHP interpreter will look for configuration files in locations described above. -No `php.ini` file is present by default, you should copy an official template provided by the PHP project. +## Docker -On Docker, the templates are provided in the images: +- `php.ini`: `/usr/local/etc/php/php.ini` (no `php.ini` is provided by default) +- additional configuration files: `/usr/local/etc/php/conf.d/*.ini` +- PHP extensions: `/usr/local/lib/php/extensions/no-debug-zts-/` +- You should copy an official template provided by the PHP project: ```dockerfile FROM dunglas/frankenphp @@ -22,7 +27,18 @@ RUN cp $PHP_INI_DIR/php.ini-production $PHP_INI_DIR/php.ini RUN cp $PHP_INI_DIR/php.ini-development $PHP_INI_DIR/php.ini ``` -If you don't use Docker, copy one of `php.ini-production` or `php.ini-development` provided [in the PHP sources](https://github.com/php/php-src/). +## RPM and Debian packages + +- `php.ini`: `/etc/frankenphp/php.ini` (a `php.ini` file with production presets is provided by default) +- additional configuration files: `/etc/frankenphp/php.d/*.ini` +- PHP extensions: `/usr/lib/frankenphp/modules/` + +## Static binary + +- `php.ini`: The directory in which `frankenphp run` or `frankenphp php-server` is executed, then `/etc/frankenphp/php.ini` +- additional configuration files: `/etc/frankenphp/php.d/*.ini` +- PHP extensions: cannot be loaded, bundle them in the binary itself +- copy one of `php.ini-production` or `php.ini-development` provided [in the PHP sources](https://github.com/php/php-src/). ## Caddyfile Config diff --git a/docs/fr/CONTRIBUTING.md b/docs/fr/CONTRIBUTING.md index f49a3e60..1017c4ca 100644 --- a/docs/fr/CONTRIBUTING.md +++ b/docs/fr/CONTRIBUTING.md @@ -11,9 +11,13 @@ docker build -t frankenphp-dev -f dev.Dockerfile . docker run --cap-add=SYS_PTRACE --security-opt seccomp=unconfined -p 8080:8080 -p 443:443 -p 443:443/udp -v $PWD:/go/src/app -it frankenphp-dev ``` -L'image contient les outils de développement habituels (Go, GDB, Valgrind, Neovim...). +L'image contient les outils de développement habituels (Go, GDB, Valgrind, Neovim...) et utilise les emplacements de configuration PHP suivants -Si la version de Docker est inférieure à 23.0, la construction échoue à cause d'un [problème de pattern](https://github.com/moby/moby/pull/42676) dans `.dockerignore`. Ajoutez les répertoires à `.dockerignore`. +- php.ini: `/etc/frankenphp/php.ini` Un fichier php.ini avec des préréglages de développement est fourni par défaut. +- fichiers de configuration supplémentaires: `/etc/frankenphp/php.d/*.ini` +- extensions php: `/usr/lib/frankenphp/modules/` + +Si votre version de Docker est inférieure à 23.0, la construction échouera à cause d'un [problème de pattern](https://github.com/moby/moby/pull/42676) dans `.dockerignore`. Ajoutez les répertoires à `.dockerignore`. ```patch !testdata/*.php diff --git a/docs/fr/config.md b/docs/fr/config.md index 787c6bfc..417b31a6 100644 --- a/docs/fr/config.md +++ b/docs/fr/config.md @@ -2,16 +2,19 @@ FrankenPHP, Caddy ainsi que les modules Mercure et Vulcain peuvent être configurés en utilisant [les formats pris en charge par Caddy](https://caddyserver.com/docs/getting-started#your-first-config). -Dans [les images Docker](docker.md), le `Caddyfile` est situé dans `/etc/caddy/Caddyfile`. +Dans [les images Docker](docker.md), le `Caddyfile` est situé dans `/etc/frankenphp/Caddyfile`. Le binaire statique cherchera le `Caddyfile` dans le répertoire dans lequel il est démarré. PHP lui-même peut être configuré [en utilisant un fichier `php.ini`](https://www.php.net/manual/fr/configuration.file.php). -Par défaut, le PHP fourni avec les images Docker et celui inclus dans le binaire statique cherchera un fichier `php.ini` dans le répertoire dans lequel FrankenPHP est démarré et dans `/usr/local/etc/php/`. Ils chargeront également tous les fichiers se terminant par `.ini` dans `/usr/local/etc/php/conf.d/`. +L'interpréteur PHP cherchera dans les emplacements suivants : -Aucun fichier `php.ini` n'est présent par défaut, vous devriez copier un modèle officiel fourni par le projet PHP. +Docker : -Sur Docker, les modèles sont fournis dans les images : +- php.ini : `/usr/local/etc/php/php.ini` Aucun php.ini n'est fourni par défaut. +- fichiers de configuration supplémentaires : `/usr/local/etc/php/conf.d/*.ini` +- extensions php : `/usr/local/lib/php/extensions/no-debug-zts-/` +- Vous devriez copier un modèle officiel fourni par le projet PHP : ```dockerfile FROM dunglas/frankenphp @@ -23,7 +26,18 @@ RUN cp $PHP_INI_DIR/php.ini-production $PHP_INI_DIR/php.ini RUN cp $PHP_INI_DIR/php.ini-development $PHP_INI_DIR/php.ini ``` -Si vous n'utilisez pas Docker, copiez l'un des fichiers `php.ini-production` ou `php.ini-development` fournis [dans les sources de PHP](https://github.com/php/php-src/). +Installation de FrankenPHP (.rpm ou .deb) : + +- php.ini : `/etc/frankenphp/php.ini` Un fichier php.ini avec des préréglages de production est fourni par défaut. +- fichiers de configuration supplémentaires : `/etc/frankenphp/php.d/*.ini` +- extensions php : `/usr/lib/frankenphp/modules/` + +Binaire statique : + +- php.ini : Le répertoire dans lequel `frankenphp run` ou `frankenphp php-server` est exécuté, puis `/etc/frankenphp/php.ini` +- fichiers de configuration supplémentaires : `/etc/frankenphp/php.d/*.ini` +- extensions php : ne peuvent pas être chargées +- copiez l'un des fichiers `php.ini-production` ou `php.ini-development` fournis [dans les sources de PHP](https://github.com/php/php-src/). ## Configuration du Caddyfile diff --git a/docs/ru/CONTRIBUTING.md b/docs/ru/CONTRIBUTING.md index 8c7c08d6..55d39d66 100644 --- a/docs/ru/CONTRIBUTING.md +++ b/docs/ru/CONTRIBUTING.md @@ -11,9 +11,13 @@ docker build -t frankenphp-dev -f dev.Dockerfile . docker run --cap-add=SYS_PTRACE --security-opt seccomp=unconfined -p 8080:8080 -p 443:443 -p 443:443/udp -v $PWD:/go/src/app -it frankenphp-dev ``` -Образ содержит стандартные инструменты для разработки (Go, GDB, Valgrind, Neovim и др.). +Образ содержит стандартные инструменты для разработки (Go, GDB, Valgrind, Neovim и др.) и использует следующие пути для настроек PHP -Если версия Docker ниже 23.0, сборка может завершиться ошибкой из-за [проблемы с шаблонами dockerignore](https://github.com/moby/moby/pull/42676). Добавьте в `.dockerignore` следующие директории: +- php.ini: `/etc/frankenphp/php.ini` По умолчанию предоставляется файл php.ini с настройками для разработки. +- дополнительные файлы конфигурации: `/etc/frankenphp/php.d/*.ini` +- расширения php: `/usr/lib/frankenphp/modules/` + +Если ваша версия Docker ниже 23.0, сборка может завершиться ошибкой из-за [проблемы с шаблонами dockerignore](https://github.com/moby/moby/pull/42676). Добавьте в `.dockerignore` следующие директории: ```patch !testdata/*.php diff --git a/docs/ru/config.md b/docs/ru/config.md index ebc62a5b..b9820d02 100644 --- a/docs/ru/config.md +++ b/docs/ru/config.md @@ -2,16 +2,19 @@ FrankenPHP, Caddy, а также модули Mercure и Vulcain могут быть настроены с использованием [конфигурационных форматов, поддерживаемых Caddy](https://caddyserver.com/docs/getting-started#your-first-config). -В [Docker-образах](docker.md) файл `Caddyfile` находится по пути `/etc/caddy/Caddyfile`. +В [Docker-образах](docker.md) файл `Caddyfile` находится по пути `/etc/frankenphp/Caddyfile`. Статический бинарный файл будет искать `Caddyfile` в директории запуска. PHP можно настроить [с помощью файла `php.ini`](https://www.php.net/manual/en/configuration.file.php). -PHP из Docker-образов и статического бинарного файла по умолчанию будет искать файл `php.ini` в директории, где был запущен FrankenPHP, а также в `/usr/local/etc/php/`. Кроме того, будут загружены все файлы с расширением `.ini` из директории `/usr/local/etc/php/conf.d/`. +PHP-интерпретатор будет искать в следующих местах: -Файл `php.ini` по умолчанию отсутствует. Вы можете скопировать официальный шаблон, предоставляемый проектом PHP. +Docker: -В Docker-шаблоны включены в образы: +- php.ini: `/usr/local/etc/php/php.ini` По умолчанию php.ini не предоставляется. +- дополнительные файлы конфигурации: `/usr/local/etc/php/conf.d/*.ini` +- расширения php: `/usr/local/lib/php/extensions/no-debug-zts-/` +- Вы должны скопировать официальный шаблон, предоставляемый проектом PHP: ```dockerfile FROM dunglas/frankenphp @@ -23,7 +26,18 @@ RUN cp $PHP_INI_DIR/php.ini-production $PHP_INI_DIR/php.ini RUN cp $PHP_INI_DIR/php.ini-development $PHP_INI_DIR/php.ini ``` -Если вы не используете Docker, скопируйте один из шаблонов `php.ini-production` или `php.ini-development`, предоставленных [в исходниках PHP](https://github.com/php/php-src/). +Установка FrankenPHP (.rpm или .deb): + +- php.ini: `/etc/frankenphp/php.ini` По умолчанию предоставляется файл php.ini с производственными настройками. +- дополнительные файлы конфигурации: `/etc/frankenphp/php.d/*.ini` +- расширения php: `/usr/lib/frankenphp/modules/` + +Статический бинарный файл: + +- php.ini: Директория, в которой выполняется `frankenphp run` или `frankenphp php-server`, затем `/etc/frankenphp/php.ini` +- дополнительные файлы конфигурации: `/etc/frankenphp/php.d/*.ini` +- расширения php: не могут быть загружены +- скопируйте один из шаблонов `php.ini-production` или `php.ini-development`, предоставленных [в исходниках PHP](https://github.com/php/php-src/). ## Конфигурация Caddyfile diff --git a/docs/tr/CONTRIBUTING.md b/docs/tr/CONTRIBUTING.md index fa4b76f9..08551a19 100644 --- a/docs/tr/CONTRIBUTING.md +++ b/docs/tr/CONTRIBUTING.md @@ -11,9 +11,13 @@ docker build -t frankenphp-dev -f dev.Dockerfile . docker run --cap-add=SYS_PTRACE --security-opt seccomp=unconfined -p 8080:8080 -p 443:443 -p 443:443/udp -v $PWD:/go/src/app -it frankenphp-dev ``` -İmaj genel geliştirme araçlarını (Go, GDB, Valgrind, Neovim...) içerir. +İmaj genel geliştirme araçlarını (Go, GDB, Valgrind, Neovim...) içerir ve aşağıdaki php ayar konumlarını kullanır -Docker sürümü 23.0'dan düşükse, derleme dockerignore [pattern issue](https://github.com/moby/moby/pull/42676) tarafından başarısız olur. Dizinleri `.dockerignore` dosyasına ekleyin. +- php.ini: `/etc/frankenphp/php.ini` Varsayılan olarak geliştirme ön ayarlarına sahip bir php.ini dosyası sağlanır. +- ek yapılandırma dosyaları: `/etc/frankenphp/php.d/*.ini` +- php uzantıları: `/usr/lib/frankenphp/modules/` + +Docker sürümünüz 23.0'dan düşükse, derleme dockerignore [pattern issue](https://github.com/moby/moby/pull/42676) nedeniyle başarısız olacaktır. Dizinleri `.dockerignore` dosyasına ekleyin. ```patch !testdata/*.php diff --git a/docs/tr/config.md b/docs/tr/config.md index 0ea66b45..18c7b1b0 100644 --- a/docs/tr/config.md +++ b/docs/tr/config.md @@ -2,15 +2,19 @@ FrankenPHP, Caddy'nin yanı sıra Mercure ve Vulcain modülleri [Caddy tarafından desteklenen formatlar](https://caddyserver.com/docs/getting-started#your-first-config) kullanılarak yapılandırılabilir. -Docker imajlarında] (docker.md), `Caddyfile` `/etc/caddy/Caddyfile` adresinde bulunur. +Docker imajlarında] (docker.md), `Caddyfile` `/etc/frankenphp/Caddyfile` adresinde bulunur. Statik ikili, başlatıldığı dizinde `Caddyfile` dosyasını arayacaktır. PHP'nin kendisi [bir `php.ini` dosyası kullanılarak yapılandırılabilir](https://www.php.net/manual/tr/configuration.file.php). -Varsayılan olarak, Docker imajlarıyla birlikte verilen PHP ve statik ikili dosyada bulunan PHP, FrankenPHP'nin başlatıldığı dizinde ve `/usr/local/etc/php/` içinde bir `php.ini` dosyası arayacaktır. Ayrıca `.ini` ile biten tüm dosyaları `/usr/local/etc/php/conf.d/` dizininden yükleyecektir. +PHP yorumlayıcısı aşağıdaki konumlarda arama yapacaktır: -Öntanımlı olarak `php.ini` dosyası yoktur, PHP projesi tarafından sağlanan resmi bir şablonu kopyalamanız gerekir. -Docker'da şablonlar imajlar içinde sağlanır: +Docker: + +- php.ini: `/usr/local/etc/php/php.ini` Varsayılan olarak php.ini sağlanmaz. +- ek yapılandırma dosyaları: `/usr/local/etc/php/conf.d/*.ini` +- php uzantıları: `/usr/local/lib/php/extensions/no-debug-zts-/` +- PHP projesi tarafından sağlanan resmi bir şablonu kopyalamalısınız: ```dockerfile FROM dunglas/frankenphp @@ -22,7 +26,18 @@ RUN cp $PHP_INI_DIR/php.ini-development $PHP_INI_DIR/php.ini RUN cp $PHP_INI_DIR/php.ini-production $PHP_INI_DIR/php.ini ``` -Docker kullanmıyorsanız, [PHP kaynak kodu](https://github.com/php/php-src/) ile birlikte verilen `php.ini-production` veya `php.ini-development` dosyalarından birini kopyalayın. +FrankenPHP kurulumu (.rpm veya .deb): + +- php.ini: `/etc/frankenphp/php.ini` Varsayılan olarak üretim ön ayarlarına sahip bir php.ini dosyası sağlanır. +- ek yapılandırma dosyaları: `/etc/frankenphp/php.d/*.ini` +- php uzantıları: `/usr/lib/frankenphp/modules/` + +Statik ikili: + +- php.ini: `frankenphp run` veya `frankenphp php-server` komutunun çalıştırıldığı dizin, ardından `/etc/frankenphp/php.ini` +- ek yapılandırma dosyaları: `/etc/frankenphp/php.d/*.ini` +- php uzantıları: yüklenemez +- [PHP kaynak kodu](https://github.com/php/php-src/) ile birlikte verilen `php.ini-production` veya `php.ini-development` dosyalarından birini kopyalayın. ## Caddyfile Konfigürasyonu diff --git a/package/Caddyfile b/package/Caddyfile new file mode 100644 index 00000000..506a6c19 --- /dev/null +++ b/package/Caddyfile @@ -0,0 +1,19 @@ +# The Caddyfile is an easy way to configure FrankenPHP and the Caddy web server. +# +# https://frankenphp.dev/docs/config +# https://caddyserver.com/docs/caddyfile +{ + frankenphp +} + +http:// { + root /usr/share/frankenphp/ + encode zstd br gzip + + php_server +} + +# As an alternative to editing the above site block, you can add your own site +# block files in the Caddyfile.d directory, and they will be included as long +# as they use the .caddyfile extension. +import Caddyfile.d/*.caddyfile diff --git a/package/content/assets/caddy.png b/package/content/assets/caddy.png new file mode 100644 index 00000000..f0df626a Binary files /dev/null and b/package/content/assets/caddy.png differ diff --git a/package/content/assets/frankenphp.svg b/package/content/assets/frankenphp.svg new file mode 100644 index 00000000..afbd5cba --- /dev/null +++ b/package/content/assets/frankenphp.svg @@ -0,0 +1 @@ + \ No newline at end of file diff --git a/package/content/index.php b/package/content/index.php new file mode 100644 index 00000000..3f59ffac --- /dev/null +++ b/package/content/index.php @@ -0,0 +1,133 @@ + + + + + Test Page for FrankenPHP + + + + +
+

FrankenPHP Test Page

+
+ +
+
+
+

If you are a member of the general public:

+ +

The fact that you are seeing this page indicates that the website you just visited is either experiencing problems, or is undergoing routine maintenance.

+ +

+ If you would like to let the administrators of this website know that you've seen this page instead of the page you expected, you should send them e-mail. + In general, mail sent to the name "webmaster" and directed to the website's domain should reach the appropriate person. +

+ +

For example, try contacting webmaster@.

+ +

Learn more about FrankenPHP at the official website.

+
+ +
+

If you are the website administrator:

+ +

Your server is running and serving requests using FrankenPHP, powered by Caddy

+ +

To replace this page, deploy your application files to .

+ +

Configuration is handled in your Caddyfile.

+ +
+ Served by PHP SAPI:
+
+ +
+ Powered by FrankenPHP + Powered by Caddy +
+
+
+
+ + + + \ No newline at end of file diff --git a/package/debian/frankenphp.service b/package/debian/frankenphp.service new file mode 100644 index 00000000..ead2f7da --- /dev/null +++ b/package/debian/frankenphp.service @@ -0,0 +1,21 @@ +[Unit] +Description=FrankenPHP +Documentation=https://frankenphp.dev/docs/ +After=network.target network-online.target +Requires=network-online.target + +[Service] +Type=notify +User=frankenphp +Group=frankenphp +ExecStart=/usr/bin/frankenphp run --environ --config /etc/frankenphp/Caddyfile +ExecReload=/usr/bin/frankenphp reload --config /etc/frankenphp/Caddyfile --force +TimeoutStopSec=5s +LimitNOFILE=1048576 +LimitNPROC=512 +PrivateTmp=true +ProtectSystem=full +AmbientCapabilities=CAP_NET_BIND_SERVICE + +[Install] +WantedBy=multi-user.target diff --git a/package/debian/postinst.sh b/package/debian/postinst.sh new file mode 100755 index 00000000..f0c7cabb --- /dev/null +++ b/package/debian/postinst.sh @@ -0,0 +1,67 @@ +#!/bin/sh +set -e + +if [ "$1" = "configure" ]; then + # Add user and group + if ! getent group frankenphp >/dev/null; then + groupadd --system frankenphp + fi + if ! getent passwd frankenphp >/dev/null; then + useradd --system \ + --gid frankenphp \ + --create-home \ + --home-dir /var/lib/frankenphp \ + --shell /usr/sbin/nologin \ + --comment "FrankenPHP web server" \ + frankenphp + fi + if getent group www-data >/dev/null; then + usermod -aG www-data frankenphp + fi + + # Handle cases where package was installed and then purged; + # user and group will still exist but with no home dir + if [ ! -d /var/lib/frankenphp ]; then + mkdir -p /var/lib/frankenphp + chown frankenphp:frankenphp /var/lib/frankenphp + fi + + # Add log directory with correct permissions + if [ ! -d /var/log/frankenphp ]; then + mkdir -p /var/log/frankenphp + chown frankenphp:frankenphp /var/log/frankenphp + fi +fi + +if [ "$1" = "configure" ] || [ "$1" = "abort-upgrade" ] || [ "$1" = "abort-deconfigure" ] || [ "$1" = "abort-remove" ]; then + # This will only remove masks created by d-s-h on package removal. + deb-systemd-helper unmask frankenphp.service >/dev/null || true + + # was-enabled defaults to true, so new installations run enable. + if deb-systemd-helper --quiet was-enabled frankenphp.service; then + # Enables the unit on first installation, creates new + # symlinks on upgrades if the unit file has changed. + deb-systemd-helper enable frankenphp.service >/dev/null || true + deb-systemd-invoke start frankenphp.service >/dev/null || true + else + # Update the statefile to add new symlinks (if any), which need to be + # cleaned up on purge. Also remove old symlinks. + deb-systemd-helper update-state frankenphp.service >/dev/null || true + fi + + # Restart only if it was already started + if [ -d /run/systemd/system ]; then + systemctl --system daemon-reload >/dev/null || true + if [ -n "$2" ]; then + deb-systemd-invoke try-restart frankenphp.service >/dev/null || true + fi + fi +fi + +if command -v setcap >/dev/null 2>&1; then + setcap cap_net_bind_service=+ep /usr/bin/frankenphp || true +fi + +if [ -x /usr/bin/frankenphp ]; then + HOME=/var/lib/frankenphp /usr/bin/frankenphp trust || true +fi diff --git a/package/debian/postrm.sh b/package/debian/postrm.sh new file mode 100755 index 00000000..bd6d7781 --- /dev/null +++ b/package/debian/postrm.sh @@ -0,0 +1,20 @@ +#!/bin/sh +set -e + +if [ -d /run/systemd/system ]; then + systemctl --system daemon-reload >/dev/null || true +fi + +if [ "$1" = "remove" ]; then + if [ -x "/usr/bin/deb-systemd-helper" ]; then + deb-systemd-helper mask frankenphp.service >/dev/null || true + fi +fi + +if [ "$1" = "purge" ]; then + if [ -x "/usr/bin/deb-systemd-helper" ]; then + deb-systemd-helper purge frankenphp.service >/dev/null || true + deb-systemd-helper unmask frankenphp.service >/dev/null || true + fi + rm -rf /var/lib/frankenphp /var/log/frankenphp /etc/frankenphp +fi diff --git a/package/debian/prerm.sh b/package/debian/prerm.sh new file mode 100755 index 00000000..d7628133 --- /dev/null +++ b/package/debian/prerm.sh @@ -0,0 +1,6 @@ +#!/bin/sh +set -e + +if [ -d /run/systemd/system ] && [ "$1" = remove ]; then + deb-systemd-invoke stop frankenphp.service >/dev/null || true +fi diff --git a/package/rhel/frankenphp.service b/package/rhel/frankenphp.service new file mode 100644 index 00000000..0497278a --- /dev/null +++ b/package/rhel/frankenphp.service @@ -0,0 +1,21 @@ +[Unit] +Description=FrankenPHP server +After=network.target + +[Service] +Type=notify +User=frankenphp +Group=frankenphp +ExecStartPre=/usr/bin/frankenphp validate --config /etc/frankenphp/Caddyfile +ExecStart=/usr/bin/frankenphp run --environ --config /etc/frankenphp/Caddyfile +ExecReload=/usr/bin/frankenphp reload --config /etc/frankenphp/Caddyfile +TimeoutStopSec=5s +LimitNOFILE=1048576 +LimitNPROC=512 +PrivateTmp=true +ProtectHome=true +ProtectSystem=full +AmbientCapabilities=CAP_NET_BIND_SERVICE + +[Install] +WantedBy=multi-user.target diff --git a/package/rhel/postinstall.sh b/package/rhel/postinstall.sh new file mode 100755 index 00000000..1d227c74 --- /dev/null +++ b/package/rhel/postinstall.sh @@ -0,0 +1,36 @@ +#!/bin/bash + +if [ "$1" -eq 1 ] && [ -x "/usr/lib/systemd/systemd-update-helper" ]; then + # Initial installation + /usr/lib/systemd/systemd-update-helper install-system-units frankenphp.service || : +fi + +if [ -x /usr/sbin/getsebool ]; then + # Connect to ACME endpoint to request certificates + setsebool -P httpd_can_network_connect on +fi + +if [ -x /usr/sbin/semanage ] && [ -x /usr/sbin/restorecon ]; then + # file contexts + semanage fcontext --add --type httpd_exec_t '/usr/bin/frankenphp' 2>/dev/null || : + semanage fcontext --add --type httpd_sys_content_t '/usr/share/frankenphp(/.*)?' 2>/dev/null || : + semanage fcontext --add --type httpd_config_t '/etc/frankenphp(/.*)?' 2>/dev/null || : + semanage fcontext --add --type httpd_var_lib_t '/var/lib/frankenphp(/.*)?' 2>/dev/null || : + restorecon -r /usr/bin/frankenphp /usr/share/frankenphp /etc/frankenphp /var/lib/frankenphp || : +fi + +if [ -x /usr/sbin/semanage ]; then + # QUIC + semanage port --add --type http_port_t --proto udp 80 2>/dev/null || : + semanage port --add --type http_port_t --proto udp 443 2>/dev/null || : + # admin endpoint + semanage port --add --type http_port_t --proto tcp 2019 2>/dev/null || : +fi + +if command -v setcap >/dev/null 2>&1; then + setcap cap_net_bind_service=+ep /usr/bin/frankenphp || : +fi + +if [ -x /usr/bin/frankenphp ]; then + HOME=/var/lib/frankenphp /usr/bin/frankenphp trust || : +fi diff --git a/package/rhel/postuninstall.sh b/package/rhel/postuninstall.sh new file mode 100755 index 00000000..c75da45c --- /dev/null +++ b/package/rhel/postuninstall.sh @@ -0,0 +1,25 @@ +#!/bin/bash + +if [ "$1" -ge 1 ] && [ -x "/usr/lib/systemd/systemd-update-helper" ]; then + # Package upgrade, not uninstall + /usr/lib/systemd/systemd-update-helper mark-restart-system-units frankenphp.service || : +fi + +if [ "$1" -eq 0 ]; then + if [ -x /usr/sbin/getsebool ]; then + # connect to ACME endpoint to request certificates + setsebool -P httpd_can_network_connect off + fi + if [ -x /usr/sbin/semanage ]; then + # file contexts + semanage fcontext --delete --type httpd_exec_t '/usr/bin/frankenphp' 2>/dev/null || : + semanage fcontext --delete --type httpd_sys_content_t '/usr/share/frankenphp(/.*)?' 2>/dev/null || : + semanage fcontext --delete --type httpd_config_t '/etc/frankenphp(/.*)?' 2>/dev/null || : + semanage fcontext --delete --type httpd_var_lib_t '/var/lib/frankenphp(/.*)?' 2>/dev/null || : + # QUIC + semanage port --delete --type http_port_t --proto udp 80 2>/dev/null || : + semanage port --delete --type http_port_t --proto udp 443 2>/dev/null || : + # admin endpoint + semanage port --delete --type http_port_t --proto tcp 2019 2>/dev/null || : + fi +fi diff --git a/package/rhel/preinstall.sh b/package/rhel/preinstall.sh new file mode 100755 index 00000000..c81e2bcd --- /dev/null +++ b/package/rhel/preinstall.sh @@ -0,0 +1,7 @@ +#!/bin/bash + +getent group frankenphp &>/dev/null || + groupadd -r frankenphp &>/dev/null +getent passwd frankenphp &>/dev/null || + useradd -r -g frankenphp -d /var/lib/frankenphp -s /sbin/nologin -c 'FrankenPHP web server' frankenphp &>/dev/null +exit 0 diff --git a/package/rhel/preuninstall.sh b/package/rhel/preuninstall.sh new file mode 100755 index 00000000..f45f781e --- /dev/null +++ b/package/rhel/preuninstall.sh @@ -0,0 +1,6 @@ +#!/bin/bash + +if [ "$1" -eq 0 ] && [ -x "/usr/lib/systemd/systemd-update-helper" ]; then + # Package removal, not upgrade + /usr/lib/systemd/systemd-update-helper remove-system-units frankenphp.service || : +fi diff --git a/static-builder-gnu.Dockerfile b/static-builder-gnu.Dockerfile index be1d2ff7..9327584a 100644 --- a/static-builder-gnu.Dockerfile +++ b/static-builder-gnu.Dockerfile @@ -6,6 +6,8 @@ FROM centos:7 ARG FRANKENPHP_VERSION='' ENV FRANKENPHP_VERSION=${FRANKENPHP_VERSION} +ARG BUILD_PACKAGES='' + ARG PHP_VERSION='' ENV PHP_VERSION=${PHP_VERSION} @@ -114,13 +116,27 @@ ENV SPC_DEFAULT_C_FLAGS='-fPIE -fPIC -O3' ENV SPC_LIBC='glibc' ENV SPC_CMD_VAR_PHP_MAKE_EXTRA_LDFLAGS_PROGRAM='-Wl,-O3 -pie' ENV SPC_CMD_VAR_PHP_MAKE_EXTRA_LIBS='-ldl -lpthread -lm -lresolv -lutil -lrt' -ENV SPC_OPT_DOWNLOAD_ARGS='--ignore-cache-sources=php-src' -ENV SPC_OPT_BUILD_ARGS='' +ENV SPC_OPT_BUILD_ARGS='--with-config-file-path=/etc/frankenphp --with-config-file-scan-dir=/etc/frankenphp/php.d' ENV SPC_REL_TYPE='binary' +ENV EXTENSION_DIR='/usr/lib/frankenphp/modules' # not sure if this is needed ENV COMPOSER_ALLOW_SUPERUSER=1 +# install tools to build packages, if requested - needs gcc 10 +RUN if [ "${BUILD_PACKAGES}" != "" ]; then \ + yum install -y make bzip2 openssl-devel libffi-devel zlib-devel libyaml libyaml-devel rpm-build && \ + curl -o ruby.tar.gz -fsSL https://cache.ruby-lang.org/pub/ruby/3.4/ruby-3.4.2.tar.gz && \ + tar -xzf ruby.tar.gz && \ + cd ruby-3.4.2 && \ + ./configure --without-baseruby && \ + make && \ + make install && \ + cd .. && \ + rm -rf ruby-3.4.2 ruby.tar.gz && \ + gem install fpm; \ + fi + WORKDIR /go/src/app COPY go.mod go.sum ./ RUN go mod download @@ -133,6 +149,10 @@ WORKDIR /go/src/app COPY --link *.* ./ COPY --link caddy caddy COPY --link internal internal +COPY --link package package RUN --mount=type=secret,id=github-token ./build-static.sh && \ + if [ "${BUILD_PACKAGES}" != "" ]; then \ + ./build-packages.sh; \ + fi ; \ rm -Rf dist/static-php-cli/source/* diff --git a/static-builder-musl.Dockerfile b/static-builder-musl.Dockerfile index b2e7bb62..2bea7d8f 100644 --- a/static-builder-musl.Dockerfile +++ b/static-builder-musl.Dockerfile @@ -95,6 +95,9 @@ COPY --link . ./ ENV SPC_DEFAULT_C_FLAGS='-fPIE -fPIC -O3' ENV SPC_LIBC='musl' ENV SPC_CMD_VAR_PHP_MAKE_EXTRA_LDFLAGS_PROGRAM='-Wl,-O3 -pie' +ENV SPC_OPT_BUILD_ARGS='--with-config-file-path=/etc/frankenphp --with-config-file-scan-dir=/etc/frankenphp/php.d' +ENV SPC_REL_TYPE='binary' +ENV EXTENSION_DIR='/usr/lib/frankenphp/modules' RUN --mount=type=secret,id=github-token GITHUB_TOKEN=$(cat /run/secrets/github-token) ./build-static.sh && \ rm -Rf dist/static-php-cli/source/*