Add: initial config

.env.dist

@@ -0,0 +1,3 @@
+APP_HOME=test_app
+USER=stan
+PASSWORD=password

.gitignore

@@ -0,0 +1,2 @@
+.vscode/
+.env

docker-compose.yml

@@ -0,0 +1,53 @@
+version: '3'
+
+services:
+  nginx:
+    image: nginx:alpine
+    container_name: nginx_${APP_NAME}
+    restart: 'no'
+    depends_on:
+      - phpfpm
+    ports:
+      - "8080:80"
+    volumes:
+      - .:/var/www
+      - ./docker/nginx/default:/etc/nginx/conf.d/default.conf
+
+  postgres:
+    image: postgis/postgis:12-master
+    container_name: postgis_${APP_NAME}
+    restart: 'no'
+    ports:
+      - "5432:5432"
+    volumes:
+      - pgsql:/var/lib/postgresql/data
+    environment:
+      POSTGRES_PASSWORD: ${PASSWORD}
+
+  phpfpm:
+    build: ./docker/php-fpm/
+    container_name: phpfpm_${APP_NAME}
+    restart: 'no'
+    depends_on:
+      - postgres
+    volumes:
+      - .:/var/www
+      - ./docker/php-fpm/php.ini:/etc/php/7.4/php.ini
+      - ./docker/php-fpm/xdebug.ini:/etc/php/7.4/mods-available/xdebug.ini
+      - ./docker/php-fpm/supervisor.conf:/etc/supervisor/supervisor_nodeamon.conf
+      - ./docker/imagick/policy.xml:/etc/ImageMagick-6/policy.xml
+
+  rabbitmq:
+    image: rabbitmq:3-management
+    container_name: rabbit_${APP_NAME}
+    restart: 'no'
+    ports:
+      - "15672:15672"
+      - "5672:5672"
+    environment:
+      RABBITMQ_DEFAULT_USER: ${USER}
+      RABBITMQ_DEFAULT_PASS: ${PASSWORD}
+      RABBITMQ_DEFAULT_VHOST: rabbitmq
+
+volumes:
+  pgsql:

docker/imagick/policy.xml

@@ -0,0 +1,78 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE policymap [
+<!ELEMENT policymap (policy)+>
+<!ELEMENT policy (#PCDATA)>
+<!ATTLIST policy domain (delegate|coder|filter|path|resource) #IMPLIED>
+<!ATTLIST policy name CDATA #IMPLIED>
+<!ATTLIST policy rights CDATA #IMPLIED>
+<!ATTLIST policy pattern CDATA #IMPLIED>
+<!ATTLIST policy value CDATA #IMPLIED>
+]>
+<!--
+  Configure ImageMagick policies.
+
+  Domains include system, delegate, coder, filter, path, or resource.
+
+  Rights include none, read, write, and execute.  Use | to combine them,
+  for example: "read | write" to permit read from, or write to, a path.
+
+  Use a glob expression as a pattern.
+
+  Suppose we do not want users to process MPEG video images:
+
+    <policy domain="delegate" rights="none" pattern="mpeg:decode" />
+
+  Here we do not want users reading images from HTTP:
+
+    <policy domain="coder" rights="none" pattern="HTTP" />
+
+  Lets prevent users from executing any image filters:
+
+    <policy domain="filter" rights="none" pattern="*" />
+
+  The /repository file system is restricted to read only.  We use a glob
+  expression to match all paths that start with /repository:
+
+    <policy domain="path" rights="read" pattern="/repository/*" />
+
+  Let's prevent possible exploits by removing the right to use indirect reads.
+
+    <policy domain="path" rights="none" pattern="@*" />
+
+  Any large image is cached to disk rather than memory:
+
+    <policy domain="resource" name="area" value="1GB"/>
+
+  Define arguments for the memory, map, area, width, height, and disk resources
+  with SI prefixes (.e.g 100MB).  In addition, resource policies are maximums
+  for each instance of ImageMagick (e.g. policy memory limit 1GB, -limit 2GB
+  exceeds policy maximum so memory limit is 1GB).
+-->
+<policymap>
+  <!-- <policy domain="resource" name="temporary-path" value="/tmp"/> -->
+  <policy domain="resource" name="memory" value="256MiB"/>
+  <policy domain="resource" name="map" value="512MiB"/>
+  <policy domain="resource" name="width" value="16KP"/>
+  <policy domain="resource" name="height" value="16KP"/>
+  <policy domain="resource" name="area" value="128MB"/>
+  <policy domain="resource" name="disk" value="1GiB"/>
+  <!-- <policy domain="resource" name="file" value="768"/> -->
+  <!-- <policy domain="resource" name="thread" value="4"/> -->
+  <!-- <policy domain="resource" name="throttle" value="0"/> -->
+  <!-- <policy domain="resource" name="time" value="3600"/> -->
+  <!-- <policy domain="system" name="precision" value="6"/> -->
+  <!-- not needed due to the need to use explicitly by mvg: -->
+  <!-- <policy domain="delegate" rights="none" pattern="MVG" /> -->
+  <!-- use curl -->
+  <policy domain="delegate" rights="none" pattern="URL" />
+  <policy domain="delegate" rights="none" pattern="HTTPS" />
+  <policy domain="delegate" rights="none" pattern="HTTP" />
+  <!-- in order to avoid to get image with password text -->
+  <policy domain="path" rights="none" pattern="@*"/>
+  <policy domain="cache" name="shared-secret" value="passphrase" stealth="true"/>
+  <!-- disable ghostscript format types -->
+  <policy domain="coder" rights="none" pattern="PS" />
+  <policy domain="coder" rights="none" pattern="EPS" />
+  <policy domain="coder" rights="read|write" pattern="PDF" />
+  <policy domain="coder" rights="none" pattern="XPS" />
+</policymap>

docker/nginx/default

@@ -0,0 +1,28 @@
+# Default server configuration
+#
+server {
+    listen 80 default_server;
+
+    index index.php;
+    root /var/www/public;
+
+    location / {
+        try_files $uri /index.php$is_args$args;
+    }
+
+    location ~ \.php {
+        try_files $uri =404;
+        fastcgi_split_path_info ^(.+\.php)(/.+)$;
+        include fastcgi_params;
+        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
+        fastcgi_param SCRIPT_NAME $fastcgi_script_name;
+        fastcgi_index index.php;
+        fastcgi_pass phpfpm:9000;
+        fastcgi_buffering off;
+    }
+
+    error_log  stderr warn;
+    access_log  off;
+
+    client_max_body_size 12m;
+}

docker/php-fpm/.bash_aliases

@@ -0,0 +1 @@
+alias c="clear"

docker/php-fpm/Dockerfile

@@ -0,0 +1,10 @@
+FROM phpdockerio/php74-fpm
+
+RUN apt-get update
+RUN apt-get install -y supervisor iputils-ping libboost-dev libxml2-dev
+RUN apt-get install -y php7.4-curl php7.4-mbstring php7.4-xml php7.4-intl php7.4-json \
+    php7.4-zip php7.4-xdebug php7.4-pgsql php7.4-mysql \
+    php7.4-bcmath php7.4-zip php7.4-amqp php7.4-memcached \
+    php7.4-soap php-imagick php7.4-gd php7.4-gmp php7.4-redis
+
+CMD ["supervisord", "-c", "/etc/supervisor/supervisor_nodeamon.conf"]

docker/php-fpm/overrides.conf

@@ -0,0 +1,20 @@
+[global]
+; Override default pid file
+pid = /run/php-fpm.pid
+
+; Avoid logs being sent to syslog
+error_log = /proc/self/fd/2
+
+[www]
+# user = webuser
+# group = webuser
+
+; Access from webserver container is via network, not socket file
+listen = [::]:9000
+
+; Redirect logs to stdout - FPM closes /dev/std* on startup
+access.log = /proc/self/fd/2
+catch_workers_output = yes
+
+; Required to allow config-by-environment
+clear_env = no

docker/php-fpm/supervisor.conf

@@ -0,0 +1,21 @@
+[supervisord]
+nodaemon=true
+
+[unix_http_server]
+file=/var/run/supervisor.sock   ; (the path to the socket file)
+chmod=0700                       ; sockef file mode (default 0700)
+
+[supervisorctl]
+serverurl=unix:///var/run/supervisor.sock ; use a unix:// URL  for a unix socket
+
+[rpcinterface:supervisor]
+supervisor.rpcinterface_factory = supervisor.rpcinterface:make_main_rpcinterface
+
+[program:php-fpm]
+command=/usr/bin/php-fpm
+autostart = true
+autorestart = false
+stopasgroup=true
+
+[include]
+files = /etc/supervisor/conf.d/*.conf

docker/php-fpm/xdebug.ini

@@ -0,0 +1,13 @@
+zend_extension=xdebug.so
+
+[xdebug]
+xdebug.remote_autostart = 1
+xdebug.remote_enable = on
+xdebug.profiler_enable = off
+xdebug.profiler_enable_trigger = on
+xdebug.profiler_output_name = cachegrind.out.%t.%p
+xdebug.profiler_output_dir ="/tmp"
+xdebug.show_local_vars=1
+xdebug.remote_port=9001
+xdebug.remote_host=172.17.0.1
+xdebug.idekey=VSCODE