Update docs

Dockerfile

@@ -1,57 +1,40 @@
-FROM php:7.3-fpm-buster as php
+FROM php:8.3.7-fpm-bookworm AS php
+
+ENV MAGE_MODE=production
 
 RUN apt-get update \
     && DEBIAN_FRONTEND=noninteractive apt-get install -y \
-    libfreetype6-dev libicu-dev net-tools libjpeg62-turbo-dev libmcrypt-dev libpng-dev libxslt1-dev libsodium-dev libzip-dev unzip wget
-
-RUN docker-php-ext-configure gd --with-freetype-dir=/usr/include/ --with-jpeg-dir=/usr/include/ \
-  && docker-php-ext-install -j$(nproc) dom gd intl mbstring pdo_mysql xsl zip soap bcmath opcache pcntl sockets \
-  && pecl install apcu \
-  && docker-php-ext-enable apcu \
-  && pecl install -f libsodium
-
-# Imagick
-RUN apt-get -y install libmagickwand-dev --no-install-recommends \
-    && pecl install imagick \
-    && docker-php-ext-enable imagick
+    libfreetype6-dev libicu-dev libjpeg62-turbo-dev libpng-dev libxslt1-dev libzip-dev libwebp-dev
 
-ENV COMPOSER_HOME /composer
+RUN docker-php-ext-configure gd --with-freetype --with-jpeg --with-webp \
+    && docker-php-ext-install -j$(nproc) bcmath gd intl pdo_mysql soap sockets xsl zip
 
-RUN curl -sS https://getcomposer.org/installer | php \
-    && mv composer.phar /usr/local/bin/composer \
-    && composer global require hirak/prestissimo \
-    && chown -R www-data:www-data /composer
+RUN curl -sSL https://getcomposer.org/download/latest-2.x/composer.phar -o /usr/local/bin/composer \
+    && chmod +x /usr/local/bin/composer
 
 WORKDIR /app
 
-RUN chown www-data:www-data /app
-
-USER www-data
-
 # The 2 steps below allow benefiting from Docker layer cache when rebuilding without change to composer.json
-COPY --chown=www-data:www-data magento/composer.* auth.json /app/
-RUN composer install --no-interaction --no-dev -o --no-progress --no-suggest --apcu-autoloader
+ADD composer.* auth.json /app/
+RUN composer install --no-interaction --no-dev --optimize-autoloader --no-progress --no-suggest
 
-RUN rm -f auth.json
+COPY . /app/
 
-COPY --chown=www-data:www-data magento/ /app/
+RUN php -d memory_limit=2G bin/magento setup:di:compile
 
-ENV MAGE_MODE=production
+RUN mv app/etc/env.php app/etc/env.php.bak
+
+RUN php -d memory_limit=2G bin/magento setup:static-content:deploy \
+    --max-execution-time=3600 \
+    --jobs=$(nproc)
 
-# Demo purpose only, your config.php file should already be present
-RUN bin/magento module:enable --all
+RUN mv app/etc/env.php.bak app/etc/env.php
 
-RUN rm -f app/etc/env.php \
-    && php -d memory_limit=1024M bin/magento setup:di:compile \
-    && mv app/etc/config.php app/etc/config.php.orig \
-    && mv app/etc/config.kube.php app/etc/config.php \
-    # You might specify themes to build using -t flag and add locales to build at the end (ie. en_US en_GB)
-    && php -d memory_limit=1024M bin/magento setup:static-content:deploy --jobs=$(nproc) --max-execution-time=3600 \
-    && mv app/etc/config.php.orig app/etc/config.php \
-    && mv app/etc/env.kube.php app/etc/env.php
+COPY docs/docker/php/custom.ini /usr/local/etc/php/conf.d/custom.ini
+COPY docs/docker/php/www.conf /usr/local/etc/php-fpm.d/www.conf
 
 FROM nginx as nginx
 
-COPY vhost.nginx /etc/nginx/conf.d/default.conf
+COPY docs/docker/nginx/vhost.nginx /etc/nginx/conf.d/default.conf
 
-COPY --from=php /app/pub /app/pub
+COPY --from=php /app/pub/static /app/pub/static

docs/docker/nginx/vhost.nginx

@@ -0,0 +1,241 @@
+upstream fastcgi_backend {
+    server  127.0.0.1:9000;
+}
+
+log_format nginxlog_json escape=json
+    '{ "timestamp": "$time_iso8601", '
+    '"remote_addr": "$remote_addr", '
+    '"body_bytes_sent": $body_bytes_sent, '
+    '"request_time": $request_time, '
+    '"response_status": $status, '
+    '"request": "$request", '
+    '"request_method": "$request_method", '
+    '"host": "$host",'
+    '"remote_user": "$remote_user",'
+    '"request_uri": "$request_uri",'
+    '"query_string": "$query_string",'
+    '"upstream_addr": "$upstream_addr",'
+    '"http_x_forwarded_for": "$http_x_forwarded_for",'
+    '"http_x_real_ip": "$http_x_real_ip",'
+    '"http_referrer": "$http_referer", '
+    '"http_user_agent": "$http_user_agent", '
+    '"http_version": "$server_protocol" }';
+
+server {
+    listen 80;
+    server_name <your-magento-hostname>;
+    set $MAGE_ROOT /app;
+    set $MAGE_DEBUG_SHOW_ARGS 0;
+
+    root $MAGE_ROOT/pub;
+
+    index index.php;
+    autoindex off;
+    charset UTF-8;
+    error_page 404 403 = /errors/404.php;
+
+    access_log /dev/stdout nginxlog_json;
+
+    # Deny access to sensitive files
+    location /.user.ini {
+        deny all;
+    }
+
+    # PHP entry point for setup application
+    location ~* ^/setup($|/) {
+        root $MAGE_ROOT;
+        location ~ ^/setup/index.php {
+            fastcgi_pass   fastcgi_backend;
+
+            fastcgi_param  PHP_FLAG  "session.auto_start=off \n suhosin.session.cryptua=off";
+            fastcgi_param  PHP_VALUE "memory_limit=756M \n max_execution_time=600";
+            fastcgi_read_timeout 600s;
+            fastcgi_connect_timeout 600s;
+
+            fastcgi_index  index.php;
+            fastcgi_param  SCRIPT_FILENAME  $document_root$fastcgi_script_name;
+            include        fastcgi_params;
+        }
+
+        location ~ ^/setup/(?!pub/). {
+            deny all;
+        }
+
+        location ~ ^/setup/pub/ {
+            add_header X-Frame-Options "SAMEORIGIN";
+        }
+    }
+
+    # PHP entry point for update application
+    location ~* ^/update($|/) {
+        root $MAGE_ROOT;
+
+        location ~ ^/update/index.php {
+            fastcgi_split_path_info ^(/update/index.php)(/.+)$;
+            fastcgi_pass   fastcgi_backend;
+            fastcgi_index  index.php;
+            fastcgi_param  SCRIPT_FILENAME  $document_root$fastcgi_script_name;
+            fastcgi_param  PATH_INFO        $fastcgi_path_info;
+            include        fastcgi_params;
+        }
+
+        # Deny everything but index.php
+        location ~ ^/update/(?!pub/). {
+            deny all;
+        }
+
+        location ~ ^/update/pub/ {
+            add_header X-Frame-Options "SAMEORIGIN";
+        }
+    }
+
+    location / {
+        try_files $uri $uri/ /index.php$is_args$args;
+    }
+
+    location /pub/ {
+        location ~ ^/pub/media/(downloadable|customer|import|custom_options|theme_customization/.*\.xml) {
+            deny all;
+        }
+        alias $MAGE_ROOT/pub/;
+        add_header X-Frame-Options "SAMEORIGIN";
+    }
+
+    location /static/ {
+        expires max;
+
+        # Remove signature of the static files that is used to overcome the browser cache
+        location ~ ^/static/version\d*/ {
+            rewrite ^/static/version\d*/(.*)$ /static/$1 last;
+        }
+
+        location ~* \.(ico|jpg|jpeg|png|gif|svg|svgz|webp|avif|avifs|js|css|eot|ttf|otf|woff|woff2|html|json|webmanifest)$ {
+            add_header Cache-Control "public";
+            add_header X-Frame-Options "SAMEORIGIN";
+            expires +1y;
+
+            if (!-f $request_filename) {
+                rewrite ^/static/(version\d*/)?(.*)$ /static.php?resource=$2 last;
+            }
+        }
+        location ~* \.(zip|gz|gzip|bz2|csv|xml)$ {
+            add_header Cache-Control "no-store";
+            add_header X-Frame-Options "SAMEORIGIN";
+            expires    off;
+
+            if (!-f $request_filename) {
+                rewrite ^/static/(version\d*/)?(.*)$ /static.php?resource=$2 last;
+            }
+        }
+        if (!-f $request_filename) {
+            rewrite ^/static/(version\d*/)?(.*)$ /static.php?resource=$2 last;
+        }
+        add_header X-Frame-Options "SAMEORIGIN";
+    }
+
+    location /media/ {
+        try_files $uri $uri/ /get.php$is_args$args;
+
+        location ~ ^/media/theme_customization/.*\.xml {
+            deny all;
+        }
+
+        location ~* \.(ico|jpg|jpeg|png|gif|svg|svgz|webp|avif|avifs|js|css|eot|ttf|otf|woff|woff2)$ {
+            add_header Cache-Control "public";
+            add_header X-Frame-Options "SAMEORIGIN";
+            expires +1y;
+            try_files $uri $uri/ /get.php$is_args$args;
+        }
+        location ~* \.(zip|gz|gzip|bz2|csv|xml)$ {
+            add_header Cache-Control "no-store";
+            add_header X-Frame-Options "SAMEORIGIN";
+            expires    off;
+            try_files $uri $uri/ /get.php$is_args$args;
+        }
+        add_header X-Frame-Options "SAMEORIGIN";
+    }
+
+    location /media/customer/ {
+        deny all;
+    }
+
+    location /media/downloadable/ {
+        deny all;
+    }
+
+    location /media/import/ {
+        deny all;
+    }
+
+    location /media/custom_options/ {
+        deny all;
+    }
+
+    location /errors/ {
+        location ~* \.xml$ {
+            deny all;
+        }
+    }
+
+    # PHP entry point for main application
+    location ~ ^/(index|get|static|errors/report|errors/404|errors/503|health_check)\.php$ {
+        try_files $uri =404;
+        fastcgi_pass   fastcgi_backend;
+        fastcgi_buffers 16 16k;
+        fastcgi_buffer_size 32k;
+
+        fastcgi_param  PHP_FLAG  "session.auto_start=off \n suhosin.session.cryptua=off";
+        fastcgi_param  PHP_VALUE "memory_limit=756M \n max_execution_time=18000";
+        fastcgi_read_timeout 600s;
+        fastcgi_connect_timeout 600s;
+
+        fastcgi_index  index.php;
+        fastcgi_param  SCRIPT_FILENAME  $document_root$fastcgi_script_name;
+        include        fastcgi_params;
+    }
+
+    gzip on;
+    gzip_disable "msie6";
+
+    gzip_comp_level 6;
+    gzip_min_length 1100;
+    gzip_buffers 16 8k;
+    gzip_proxied any;
+    gzip_types
+    text/plain
+    text/css
+    text/js
+    text/xml
+    text/javascript
+    application/javascript
+    application/x-javascript
+    application/json
+    application/xml
+    application/xml+rss
+    image/svg+xml;
+    gzip_vary on;
+
+    # Banned locations (only reached if the earlier PHP entry point regexes don't match)
+    location ~* (\.php$|\.phtml$|\.htaccess$|\.htpasswd$|\.git) {
+        deny all;
+    }
+
+    log_format nginxlog_json escape=json '{ "timestamp": "$time_iso8601", '
+    '"remote_addr": "$remote_addr", '
+    '"body_bytes_sent": $body_bytes_sent, '
+    '"request_time": $request_time, '
+    '"response_status": $status, '
+    '"request": "$request", '
+    '"request_method": "$request_method", '
+    '"host": "$host",'
+    '"remote_user": "$remote_user",'
+    '"request_uri": "$request_uri",'
+    '"query_string": "$query_string",'
+    '"upstream_addr": "$upstream_addr",'
+    '"http_x_forwarded_for": "$http_x_forwarded_for",'
+    '"http_x_real_ip": "$http_x_real_ip",'
+    '"http_referrer": "$http_referer", '
+    '"http_user_agent": "$http_user_agent", '
+    '"http_version": "$server_protocol" }';
+    access_log /dev/stdout nginxlog_json;
+}

docs/docker/php/custom.ini

@@ -0,0 +1,25 @@
+date.timezone = Etc/UTC
+memory_limit = 756M # Recommended value by Magento / Adobe Commerce
+log_errors = On
+display_errors = Off
+display_startup_errors = Off
+expose_php = Off
+
+opcache.enable = 1
+opcache.enable_cli = 1
+opcache.save_comments = 1
+opcache.memory_consumption = 1024
+opcache.interned_strings_buffer = 32
+opcache.max_accelerated_files = 130987
+opcache.enable_file_override = 1
+
+# When set to 0, you'll need to restart the PHP process to apply changes to PHP files, which should never happen in production
+opcache.consistency_checks = 0
+opcache.validate_timestamps = 0
+
+realpath_cache_size = 10M
+realpath_cache_ttl = 7200
+
+# Increase the maximum file upload size ; those should be set according to your needs (i.e. for image uploads from admin)
+upload_max_filesize = 20M
+post_max_size = 20M

docs/docker/php/www.conf

@@ -0,0 +1,15 @@
+[www]
+user = www-data
+group = www-data
+
+listen = 127.0.0.1:9000
+
+pm = static
+pm.max_children = 10 # Or use an environment variable, such as ${PHP_FPM_MAX_CHILDREN}
+pm.status_path = /status
+# Useful to avoid memory leaks ; processes will be restarted after handling 10 requests
+pm.max_requests = 10
+
+# Useful to send logs from all workers to the main process, which will then send them to stdout
+catch_workers_output = yes
+decorate_workers_output = no