add a common php image to base webapp, z-push and kdav on (#138)

* adapt webapp container for new php base image
* clean out webapp dockerfile
* complete switch of webapp to php-fpm
* update config in web container
* update readme
* remove logging config from docker-compose.yml
* add php container to tagging and publishing

Makefile

@@ -28,7 +28,7 @@ export
 # convert lowercase componentname to uppercase
 COMPONENT = $(shell echo $(component) | tr a-z A-Z)
 
-build-all: build-base build-core build-kdav build-konnect build-kwmserver build-ldap-demo build-meet build-playground build-scheduler build-ssl build-utils build-web build-webapp build-zpush
+build-all: build-base build-core build-kdav build-konnect build-kwmserver build-ldap-demo build-meet build-php build-playground build-scheduler build-ssl build-utils build-web build-webapp build-zpush
 
 .PHONY: build
 build: component ?= base
@@ -115,6 +115,9 @@ build-ldap-demo:
 build-meet: build-base
 	component=meet make build
 
+build-php: build-base
+	component=php make build
+
 build-playground:
 	component=playground make build-builder
 	component=playground make build-simple
@@ -135,7 +138,7 @@ build-utils: build-core
 build-web:
 	component=web make build-simple
 
-build-webapp: build-base
+build-webapp: build-php
 	component=webapp make build
 
 build-zpush:
@@ -175,6 +178,11 @@ tag-meet:
 	$(shell docker run --rm $(docker_repo)/kopano_meet cat /kopano/buildversion | grep meet | cut -d- -f2 | cut -d+ -f1))
 	component=meet make tag-container
 
+tag-php:
+	$(eval php_version := \
+	$(shell docker run --rm $(docker_repo)/kopano_php cat /kopano/buildversion | cut -d- -f2))
+	component=php make tag-container
+
 tag-scheduler:
 	$(eval scheduler_version := \
 	$(shell docker run --rm $(docker_repo)/kopano_scheduler env | grep SUPERCRONIC_VERSION | cut -d'=' -f2))
@@ -204,7 +212,7 @@ tag-zpush:
 repo-login:
 	@docker login -u $(docker_login) -p $(docker_pwd)
 
-publish: repo-login publish-base publish-core publish-kdav publish-konnect publish-kwmserver publish-meet publish-playground publish-scheduler publish-ssl publish-utils publish-web publish-webapp publish-zpush
+publish: repo-login publish-base publish-core publish-kdav publish-konnect publish-kwmserver publish-meet publish-php publish-playground publish-scheduler publish-ssl publish-utils publish-web publish-webapp publish-zpush
 
 publish-container: component ?= base
 publish-container:
@@ -227,12 +235,14 @@ publish-kwmserver: build-kwmserver tag-kwmserver
 publish-meet: build-meet tag-meet
 	component=meet make publish-container
 
+publish-php: build-php tag-php
+	component=php make publish-container
+
 publish-playground: build-playground
 	docker push $(docker_repo)/kopano_playground:latest
 	docker push $(docker_repo)/kopano_playground:builder
 
 publish-kdav: build-kdav #tag-kdav
-	#component=zpush make publish-container
 	docker push $(docker_repo)/kopano_kdav:latest
 	docker push $(docker_repo)/kopano_kdav:builder
 
@@ -257,7 +267,7 @@ publish-zpush: build-zpush tag-zpush
 check-scripts:
 	grep -rIl '^#![[:blank:]]*/bin/\(bash\|sh\|zsh\)' \
 	--exclude-dir=.git --exclude=*.sw? \
-	| xargs shellcheck
+	| xargs shellcheck -x
 	# List files which name starts with 'Dockerfile'
 	# eg. Dockerfile, Dockerfile.build, etc.
 	git ls-files --exclude='Dockerfile*' --ignored | xargs --max-lines=1 hadolint

README.md

@@ -133,8 +133,8 @@ The built image includes your subscription key! Do not push this image to any pu
 
 While using kweb is recommended, this is of course possible.
 
-- The `kopano_webapp` image is accessible on port 80 and serves the WebApp both on `/` and `/webapp`.
-- The `kopano_zpush` image is accessible on port 80 and serves Z-Push on `/Microsoft-Server-ActiveSync` (additional urls may be needed in the future see #39).
+- The `kopano_webapp` container is accessible on port 9080 and serves the WebApp on `/webapp`.
+- The `kopano_zpush` container is accessible on port 80 and serves Z-Push on `/Microsoft-Server-ActiveSync` ((additional urls are needed in case auto discover should be used).
 
 ### What are and how can I use the Kapi Playground and OIDC Playground?
 

docker-compose.yml

@@ -203,7 +203,6 @@ services:
       - SERVICE_TO_START=server
       - TZ=${TZ}
       - KCCONF_SERVER_COREDUMP_ENABLED=no
-      - KCCONF_SERVER_LOG_LEVEL=3
       - KCCONF_SERVER_MYSQL_HOST=${MYSQL_HOST}
       - KCCONF_SERVER_MYSQL_PORT=3306
       - KCCONF_SERVER_MYSQL_DATABASE=${MYSQL_DATABASE}

php/Dockerfile

@@ -0,0 +1,79 @@
+ARG docker_repo=zokradonh
+FROM ${docker_repo}/kopano_base
+
+ARG DEBIAN_FRONTEND=noninteractive
+
+ARG ADDITIONAL_KOPANO_PACKAGES=""
+ENV ADDITIONAL_KOPANO_PACKAGES=$ADDITIONAL_KOPANO_PACKAGES
+ARG ADDITIONAL_KOPANO_WEBAPP_PLUGINS=""
+ENV ADDITIONAL_KOPANO_WEBAPP_PLUGINS=$ADDITIONAL_KOPANO_WEBAPP_PLUGINS
+ARG DOWNLOAD_COMMUNITY_PACKAGES=1
+ENV DOWNLOAD_COMMUNITY_PACKAGES=$DOWNLOAD_COMMUNITY_PACKAGES
+ARG KOPANO_CORE_REPOSITORY_URL="file:/kopano/repo/core"
+ENV KOPANO_CORE_REPOSITORY_URL=$KOPANO_CORE_REPOSITORY_URL
+ARG KOPANO_REPOSITORY_FLAGS="trusted=yes"
+ENV KOPANO_REPOSITORY_FLAGS=$KOPANO_REPOSITORY_FLAGS
+ARG KOPANO_WEBAPP_REPOSITORY_URL="file:/kopano/repo/webapp"
+ENV KOPANO_WEBAPP_REPOSITORY_URL=$KOPANO_WEBAPP_REPOSITORY_URL
+ARG KOPANO_WEBAPP_SMIME_REPOSITORY_URL="file:/kopano/repo/smime"
+ENV KOPANO_WEBAPP_SMIME_REPOSITORY_URL=$KOPANO_WEBAPP_SMIME_REPOSITORY_URL
+ARG KOPANO_WEBAPP_MDM_REPOSITORY_URL="file:/kopano/repo/mdm"
+ENV KOPANO_WEBAPP_MDM_REPOSITORY_URL=$KOPANO_WEBAPP_MDM_REPOSITORY_URL
+ARG KOPANO_WEBAPP_FILES_REPOSITORY_URL="file:/kopano/repo/files"
+ENV KOPANO_WEBAPP_FILES_REPOSITORY_URL=$KOPANO_WEBAPP_FILES_REPOSITORY_URL
+ARG KOPANO_CORE_VERSION=newest
+ENV KOPANO_CORE_VERSION=$KOPANO_CORE_VERSION
+ARG KOPANO_WEBAPP_VERSION=newest
+ENV KOPANO_WEBAPP_VERSION=$KOPANO_WEBAPP_VERSION
+ARG KOPANO_WEBAPP_FILES_VERSION=newest
+ENV KOPANO_WEBAPP_FILES_VERSION=$KOPANO_WEBAPP_FILES_VERSION
+ARG KOPANO_WEBAPP_MDM_VERSION=newest
+ENV KOPANO_WEBAPP_MDM_VERSION=$KOPANO_WEBAPP_MDM_VERSION
+ARG KOPANO_WEBAPP_SMIME_VERSION=newest
+ENV KOPANO_WEBAPP_SMIME_VERSION=$KOPANO_WEBAPP_SMIME_VERSION
+ARG RELEASE_KEY_DOWNLOAD=0
+ENV RELEASE_KEY_DOWNLOAD=$RELEASE_KEY_DOWNLOAD
+
+SHELL ["/bin/bash", "-o", "pipefail", "-c"]
+
+# add install common php dependencies
+# hadolint ignore=SC2129
+RUN \
+    # community download and package as apt source repository
+    . /kopano/helper/create-kopano-repo.sh && \
+    if [ ${DOWNLOAD_COMMUNITY_PACKAGES} -eq 1 ]; then \
+        dl_and_package_community "core"; \
+    fi; \
+    echo "deb [${KOPANO_REPOSITORY_FLAGS}] ${KOPANO_CORE_REPOSITORY_URL} ./" > /etc/apt/sources.list.d/kopano.list; \
+    # save kopano version
+    echo "core-${KOPANO_CORE_VERSION}" > /kopano/buildversion; \
+    # install apt keys if supported kopano
+    if [ ${RELEASE_KEY_DOWNLOAD} -eq 1 ]; then \
+        curl -s -S -o - "${KOPANO_CORE_REPOSITORY_URL}/Release.key" | apt-key add -; \
+    fi; \
+    # install
+    set -x && \
+    apt-get update && apt-get install -y --no-install-recommends \
+        kopano-kwebd \
+        php-fpm \
+        crudini \
+        ca-certificates \
+        ${ADDITIONAL_KOPANO_PACKAGES} \
+    && rm -rf /var/cache/apt /var/lib/apt/lists
+
+# configure basics
+RUN sed -i -e 's/# en_US.UTF-8 UTF-8/en_US.UTF-8 UTF-8/' /etc/locale.gen && \
+    sed -i -e 's/# de_DE.UTF-8 UTF-8/de_DE.UTF-8 UTF-8/' /etc/locale.gen && \
+    dpkg-reconfigure --frontend=noninteractive locales && \
+    update-locale LANG=en_US.UTF-8 && \
+    # configure php-fpm
+    mkdir -p /run/php && chown www-data:www-data /run/php && \
+    crudini --set /etc/php/7.0/fpm/php.ini PHP upload_max_filesize 500M && \
+    crudini --set /etc/php/7.0/fpm/php.ini PHP post_max_size 500M && \
+    crudini --set /etc/php/7.0/fpm/php.ini PHP max_input_vars 1800 && \
+    crudini --set /etc/php/7.0/fpm/php.ini Session session.save_path /run/sessions
+
+EXPOSE 9080/tcp
+
+COPY start-helper.sh /kopano/start-helper.sh
+COPY kweb.cfg /etc/kweb.cfg

php/README.md

@@ -0,0 +1 @@
+Common base image for php based Kopano containers

php/kweb.cfg

@@ -0,0 +1,10 @@
+:9080 {
+	errors stderr
+
+	alias /webapp/ /usr/share/kopano-webapp/
+	fastcgi2 /webapp/ /run/php/php7.0-fpm.sock php {
+		without /webapp/
+		root /usr/share/kopano-webapp/
+	}
+	folderish /webapp
+}

php/start-helper.sh

@@ -0,0 +1,30 @@
+#!/bin/bash
+
+php_cfg_gen() {
+	local cfg_file="$1"
+	local cfg_setting="$2"
+	local cfg_value="$3"
+	if [ -e "$cfg_file" ]; then
+		echo "Setting $cfg_setting = $cfg_value in $cfg_file"
+		if ! grep -q "$cfg_setting" "$cfg_file"; then
+			echo "WARNING: Config option $cfg_setting not found in $cfg_file! You may have misspelled the confing setting."
+			echo "define('$cfg_setting', '$cfg_value');" >> "$cfg_file"
+			cat "$cfg_file"
+			return
+		fi
+		case $cfg_value in
+		true|TRUE|false|FALSE)
+			sed -ri "s#(\s*define).+${cfg_setting}.+#\tdefine(\x27${cfg_setting}\x27, ${cfg_value}\);#g" "$cfg_file"
+			;;
+		*)
+			sed -ri "s#(\s*define).+${cfg_setting}.+#\tdefine(\x27${cfg_setting}\x27, \x27${cfg_value}\x27\);#g" "$cfg_file"
+			;;
+		esac
+	else
+		echo "Error: Config file $cfg_file not found. Plugin not installed?"
+		local dir
+		dir=$(dirname "$cfg_file")
+		ls -la "$dir"
+		exit 1
+	fi
+}

tests/startup-test/test.sh

@@ -14,6 +14,6 @@ exec dockerize \
 	-wait tcp://kopano_server:236 \
 	-wait tcp://kopano_server:237 \
 	-wait tcp://web:2015 \
-	-wait tcp://kopano_webapp:80 \
+	-wait tcp://kopano_webapp:9080 \
 	-wait tcp://kopano_zpush:80 \
 	-timeout 120s

web/kweb.cfg

@@ -131,7 +131,7 @@
     }
     folderish /meet
 
-    proxy /webapp/ kopano_webapp:80 {
+    proxy /webapp/ kopano_webapp:9080 {
         fail_timeout 10s
         try_duration 30s
         transparent

webapp/Dockerfile

@@ -1,5 +1,5 @@
 ARG docker_repo=zokradonh
-FROM ${docker_repo}/kopano_base
+FROM ${docker_repo}/kopano_php
 
 ARG DEBIAN_FRONTEND=noninteractive
 
@@ -42,19 +42,16 @@ RUN \
     # community download and package as apt source repository
     . /kopano/helper/create-kopano-repo.sh && \
     if [ ${DOWNLOAD_COMMUNITY_PACKAGES} -eq 1 ]; then \
-        dl_and_package_community "core"; \
         dl_and_package_community "webapp"; \
         dl_and_package_community "files"; \
         dl_and_package_community "mdm"; \
         dl_and_package_community "smime"; \
     fi; \
-    echo "deb [${KOPANO_REPOSITORY_FLAGS}] ${KOPANO_CORE_REPOSITORY_URL} ./" > /etc/apt/sources.list.d/kopano.list; \
     echo "deb [${KOPANO_REPOSITORY_FLAGS}] ${KOPANO_WEBAPP_REPOSITORY_URL} ./" >> /etc/apt/sources.list.d/kopano.list; \
     echo "deb [${KOPANO_REPOSITORY_FLAGS}] ${KOPANO_WEBAPP_SMIME_REPOSITORY_URL} ./" >> /etc/apt/sources.list.d/kopano.list; \
     echo "deb [${KOPANO_REPOSITORY_FLAGS}] ${KOPANO_WEBAPP_MDM_REPOSITORY_URL} ./" >> /etc/apt/sources.list.d/kopano.list; \
     echo "deb [${KOPANO_REPOSITORY_FLAGS}] ${KOPANO_WEBAPP_FILES_REPOSITORY_URL} ./" >> /etc/apt/sources.list.d/kopano.list; \
     # save kopano version
-    echo "core-${KOPANO_CORE_VERSION}" > /kopano/buildversion; \
     echo "webapp-${KOPANO_WEBAPP_VERSION}" >> /kopano/buildversion; \
     echo "files-${KOPANO_WEBAPP_FILES_VERSION}" >> /kopano/buildversion; \
     echo "mdm-${KOPANO_WEBAPP_MDM_VERSION}" >> /kopano/buildversion; \
@@ -66,38 +63,11 @@ RUN \
     # install
     set -x && \
     apt-get update && apt-get install -y --no-install-recommends \
-        apache2 \
-        libapache2-mod-php7.0 \
-        crudini \
-        ca-certificates \
         kopano-webapp \
         ${ADDITIONAL_KOPANO_PACKAGES} \
         ${ADDITIONAL_KOPANO_WEBAPP_PLUGINS} \
     && rm -rf /var/cache/apt /var/lib/apt/lists
 
-COPY apache2-kopano.conf /etc/apache2/sites-available/kopano.conf
-
-# configure basics
-RUN sed -i -e 's/# en_US.UTF-8 UTF-8/en_US.UTF-8 UTF-8/' /etc/locale.gen && \
-    sed -i -e 's/# de_DE.UTF-8 UTF-8/de_DE.UTF-8 UTF-8/' /etc/locale.gen && \
-    dpkg-reconfigure --frontend=noninteractive locales && \
-    update-locale LANG=en_US.UTF-8 && \
-    # configure apache
-    rm /etc/apache2/sites-enabled/* && \
-    sed -e 's,^ErrorLog.*,ErrorLog "|/bin/cat",' -i /etc/apache2/apache2.conf && \
-    sed -e "s,MaxSpareServers[^:].*,MaxSpareServers 5," -i /etc/apache2/mods-available/mpm_prefork.conf && \
-    a2disconf other-vhosts-access-log && \
-    a2ensite kopano kopano-webapp && \
-    echo "Listen 80" > /etc/apache2/ports.conf && \
-    # configure mod_php
-    a2enmod rewrite && \
-    crudini --set /etc/php/7.0/apache2/php.ini PHP upload_max_filesize 500M && \
-    crudini --set /etc/php/7.0/apache2/php.ini PHP post_max_size 500M && \
-    crudini --set /etc/php/7.0/apache2/php.ini PHP max_input_vars 1800 && \
-    crudini --set /etc/php/7.0/apache2/php.ini Session session.save_path /run/sessions
-
-EXPOSE 80/tcp
-
 COPY start.sh /kopano/start.sh
 
 ENV LANG en_US.UTF-8

webapp/apache2-kopano.conf

@@ -1,79 +0,0 @@
-<VirtualHost *:80>
-    DocumentRoot /usr/share/kopano-webapp
-
-    LogFormat "%{X-Forwarded-For}i %{%a %b %d %T %Y}t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" proxy
-    ErrorLog "|/bin/cat"
-    CustomLog "|/bin/cat" proxy
-
-    <Directory /usr/share/kopano-webapp/>
-        DirectoryIndex index.php
-        Options -Indexes +FollowSymLinks
-
-        <IfVersion < 2.4>
-        Allow from all
-        AllowOverride Options Limit
-        Order allow,deny
-        </IfVersion>
-
-        <IfVersion >= 2.4>
-        AllowOverride Options Limit Authconfig
-        Require all granted
-        </IfVersion>
-
-        FileETag All
-
-        # Uncomment to enhance security of WebApp by restricting cookies to only
-        # be provided over HTTPS connections
-        # php_flag session.cookie_secure on
-        # php_flag session.cookie_httponly on
-
-        # Manipulate the cache control headers if mod_expires and
-        # mod_headers are both enabled; otherwise the client will depend
-        # on the ETag header.  However, you can set FileETag to "None" if
-        # you have multiple servers serving WebApp to the same user.  In
-        # that case, apache will fall back to the config below so make
-        # sure these two modules are loaded!
-        <IfModule expires_module>
-            <IfModule headers_module>
-                ExpiresActive On
-                ExpiresDefault "now"
-
-                <filesMatch "\.(jpg|gif|png)$">
-                    # All (static) resources set to 2 months expiration time.
-                    ExpiresDefault "access plus 2 months"
-                    Header append Cache-Control "public"
-                </filesMatch>
-
-                <FilesMatch "\.(js|css)$">
-                    # All non-dynamic files set to 2 weeks expiration time.
-                    ExpiresDefault "access plus 2 weeks"
-                    # User agents are requested to revalidate for each resource
-                    # so that the server can always serve a newer version if
-                    # necessary.
-                    Header append Cache-Control "no-cache, must-revalidate"
-
-                    # Treat IE a little differently due to the remarks on no-cache
-                    # on http://support.microsoft.com/kb/234067
-                    <IfModule setenvif_module>
-                        BrowserMatch MSIE ie_bug
-                    </IfModule>
-                    Header set Cache-Control "must-revalidate, private" env=ie_bug
-                </FilesMatch>
-
-                <filesMatch "\.(php)$">
-                    # PHP files must always be retrieved from the server.
-                    ExpiresActive Off
-                    Header set Cache-Control "private, no-cache, no-store, proxy-revalidate, no-transform"
-                    Header set Pragma "no-cache"
-                </filesMatch>
-            </IfModule>
-        </IfModule>
-
-        # Enable gzip compression if the module is available
-        <IfModule deflate_module>
-            <filesMatch "\.(js|css)$">
-                SetOutputFilter DEFLATE
-            </filesMatch>
-        </IfModule>
-    </Directory>
-</VirtualHost>

webapp/start.sh

@@ -8,34 +8,8 @@ ADDITIONAL_KOPANO_WEBAPP_PLUGINS=${ADDITIONAL_KOPANO_WEBAPP_PLUGINS:-""}
 
 set -eu # unset variables are errors & non-zero return values exit the whole script
 
-php_cfg_gen() {
-	local cfg_file="$1"
-	local cfg_setting="$2"
-	local cfg_value="$3"
-	if [ -e "$cfg_file" ]; then
-		echo "Setting $cfg_setting = $cfg_value in $cfg_file"
-		if ! grep -q "$cfg_setting" "$cfg_file"; then
-			echo "WARNING: Config option $cfg_setting not found in $cfg_file! You may have misspelled the confing setting."
-			echo "define('$cfg_setting', '$cfg_value');" >> "$cfg_file"
-			cat "$cfg_file"
-			return
-		fi
-		case $cfg_value in
-		true|TRUE|false|FALSE)
-			sed -ri "s#(\s*define).+${cfg_setting}.+#\tdefine(\x27${cfg_setting}\x27, ${cfg_value}\);#g" "$cfg_file"
-			;;
-		*)
-			sed -ri "s#(\s*define).+${cfg_setting}.+#\tdefine(\x27${cfg_setting}\x27, \x27${cfg_value}\x27\);#g" "$cfg_file"
-			;;
-		esac
-	else
-		echo "Error: Config file $cfg_file not found. Plugin not installed?"
-		local dir
-		dir=$(dirname "$cfg_file")
-		ls -la "$dir"
-		exit 1
-	fi
-}
+# shellcheck source=php/start-helper.sh
+source /kopano/start-helper.sh
 
 ADDITIONAL_KOPANO_PACKAGES="$ADDITIONAL_KOPANO_PACKAGES $ADDITIONAL_KOPANO_WEBAPP_PLUGINS"
 
@@ -78,8 +52,8 @@ chown -R www-data:www-data /run/sessions /tmp/webapp
 echo "Starting Apache"
 rm -f /run/apache2/apache2.pid
 set +u
-# shellcheck disable=SC1091
-source /etc/apache2/envvars
 # cleaning up env variables
 unset "${!KCCONF_@}"
-exec /usr/sbin/apache2 -DFOREGROUND
+echo "Starting php-fpm"
+php-fpm7.0 -F &
+exec /usr/libexec/kopano/kwebd caddy -conf /etc/kweb.cfg