init

2019-07-05 16:54:32 +01:00
commit c3d3dcbff7
96 changed files with 32248 additions and 0 deletions
--- a/api/docker/nginx/conf.d/default.conf
+++ b/api/docker/nginx/conf.d/default.conf
@@ -0,0 +1,38 @@
+server {
+    root /srv/api/public;
+
+    location / {
+        # try to serve file directly, fallback to index.php
+        try_files $uri /index.php$is_args$args;
+    }
+
+    location ~ ^/index\.php(/|$) {
+        # Comment the next line and uncomment the next to enable dynamic resolution (incompatible with Kubernetes)
+        fastcgi_pass php:9000;
+        #resolver 127.0.0.11;
+        #set $upstream_host php;
+        #fastcgi_pass $upstream_host:9000;
+
+        fastcgi_split_path_info ^(.+\.php)(/.*)$;
+        include fastcgi_params;
+        # When you are using symlinks to link the document root to the
+        # current version of your application, you should pass the real
+        # application path instead of the path to the symlink to PHP
+        # FPM.
+        # Otherwise, PHP's OPcache may not properly detect changes to
+        # your PHP files (see https://github.com/zendtech/ZendOptimizerPlus/issues/126
+        # for more information).
+        fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;
+        fastcgi_param DOCUMENT_ROOT $realpath_root;
+        # Prevents URIs that include the front controller. This will 404:
+        # http://domain.tld/index.php/some-path
+        # Remove the internal directive to allow URIs like this
+        internal;
+    }
+
+    # return 404 for all other php files not matching the front controller
+    # this prevents access to other php files you don't want to be accessible.
+    location ~ \.php$ {
+      return 404;
+    }
+}
--- a/api/docker/php/conf.d/api-platform.ini
+++ b/api/docker/php/conf.d/api-platform.ini
@@ -0,0 +1,11 @@
+apc.enable_cli = 1
+date.timezone = UTC
+session.auto_start = Off
+short_open_tag = Off
+
+# http://symfony.com/doc/current/performance.html
+opcache.interned_strings_buffer = 16
+opcache.max_accelerated_files = 20000
+opcache.memory_consumption = 256
+realpath_cache_size = 4096K
+realpath_cache_ttl = 600
--- a/api/docker/php/docker-entrypoint.sh
+++ b/api/docker/php/docker-entrypoint.sh
@@ -0,0 +1,34 @@
+#!/bin/sh
+set -e
+
+# first arg is `-f` or `--some-option`
+if [ "${1#-}" != "$1" ]; then
+	set -- php-fpm "$@"
+fi
+
+if [ "$1" = 'php-fpm' ] || [ "$1" = 'php' ] || [ "$1" = 'bin/console' ]; then
+	PHP_INI_RECOMMENDED="$PHP_INI_DIR/php.ini-production"
+	if [ "$APP_ENV" != 'prod' ]; then
+		PHP_INI_RECOMMENDED="$PHP_INI_DIR/php.ini-development"
+	fi
+	ln -sf "$PHP_INI_RECOMMENDED" "$PHP_INI_DIR/php.ini"
+
+	mkdir -p var/cache var/log
+	setfacl -R -m u:www-data:rwX -m u:"$(whoami)":rwX var
+	setfacl -dR -m u:www-data:rwX -m u:"$(whoami)":rwX var
+
+	if [ "$APP_ENV" != 'prod' ]; then
+		composer install --prefer-dist --no-progress --no-suggest --no-interaction
+	fi
+
+	echo "Waiting for db to be ready..."
+	until bin/console doctrine:query:sql "SELECT 1" > /dev/null 2>&1; do
+		sleep 1
+	done
+
+	if [ "$APP_ENV" != 'prod' ]; then
+		bin/console doctrine:schema:update --force --no-interaction
+	fi
+fi
+
+exec docker-php-entrypoint "$@"
--- a/api/docker/varnish/conf/default.vcl
+++ b/api/docker/varnish/conf/default.vcl
@@ -0,0 +1,95 @@
+vcl 4.0;
+
+import std;
+
+backend default {
+  .host = "api";
+  .port = "80";
+  # Health check
+  #.probe = {
+  #  .url = "/";
+  #  .timeout = 5s;
+  #  .interval = 10s;
+  #  .window = 5;
+  #  .threshold = 3;
+  #}
+}
+
+# Hosts allowed to send BAN requests
+acl invalidators {
+  "localhost";
+  "php";
+  # local Kubernetes network
+  "10.0.0.0"/8;
+  "172.16.0.0"/12;
+  "192.168.0.0"/16;
+}
+
+sub vcl_recv {
+  if (req.restarts > 0) {
+    set req.hash_always_miss = true;
+  }
+
+  # Remove the "Forwarded" HTTP header if exists (security)
+  unset req.http.forwarded;
+
+  # To allow API Platform to ban by cache tags
+  if (req.method == "BAN") {
+    if (client.ip !~ invalidators) {
+      return (synth(405, "Not allowed"));
+    }
+
+    if (req.http.ApiPlatform-Ban-Regex) {
+      ban("obj.http.Cache-Tags ~ " + req.http.ApiPlatform-Ban-Regex);
+
+      return (synth(200, "Ban added"));
+    }
+
+    return (synth(400, "ApiPlatform-Ban-Regex HTTP header must be set."));
+  }
+
+  # For health checks
+  if (req.method == "GET" && req.url == "/healthz") {
+    return (synth(200, "OK"));
+  }
+}
+
+sub vcl_hit {
+  if (obj.ttl >= 0s) {
+    # A pure unadulterated hit, deliver it
+    return (deliver);
+  }
+
+  if (std.healthy(req.backend_hint)) {
+    # The backend is healthy
+    # Fetch the object from the backend
+    return (restart);
+  }
+
+  # No fresh object and the backend is not healthy
+  if (obj.ttl + obj.grace > 0s) {
+    # Deliver graced object
+    # Automatically triggers a background fetch
+    return (deliver);
+  }
+
+  # No valid object to deliver
+  # No healthy backend to handle request
+  # Return error
+  return (synth(503, "API is down"));
+}
+
+sub vcl_deliver {
+  # Don't send cache tags related headers to the client
+  unset resp.http.url;
+  # Comment the following line to send the "Cache-Tags" header to the client (e.g. to use CloudFlare cache tags)
+  unset resp.http.Cache-Tags;
+}
+
+sub vcl_backend_response {
+  # Ban lurker friendly header
+  set beresp.http.url = bereq.url;
+
+  # Add a grace in case the backend is down
+  set beresp.grace = 1h;
+}