mirror of
https://github.com/ClusterCockpit/cc-docker.git
synced 2024-11-10 12:17:25 +01:00
Optimize php config. Use existing www-data user.
This commit is contained in:
parent
e612f6c3ce
commit
7a9f1ba599
@ -22,10 +22,10 @@ wget https://hpc-mover.rrze.uni-erlangen.de/HPC-Data/0x7b58aefb/eig7ahyo6fo2bais
|
|||||||
tar xJf job-archive.tar.xz
|
tar xJf job-archive.tar.xz
|
||||||
rm ./job-archive.tar.xz
|
rm ./job-archive.tar.xz
|
||||||
|
|
||||||
# 101 is the uid and gid of the user and group www in the cc-php container running php-fpm.
|
# 101 is the uid and gid of the user and group www-data in the cc-php container running php-fpm.
|
||||||
# For a demo with no new jobs it is enough to give www read permissions on that directory.
|
# For a demo with no new jobs it is enough to give www read permissions on that directory.
|
||||||
echo "This script needs to chown the job-archive directory so that the application can write to it:"
|
# echo "This script needs to chown the job-archive directory so that the application can write to it:"
|
||||||
sudo chown -R 101:101 ./job-archive
|
# sudo chown -R 82:82 ./job-archive
|
||||||
|
|
||||||
mkdir -p influxdb/data
|
mkdir -p influxdb/data
|
||||||
wget https://hpc-mover.rrze.uni-erlangen.de/HPC-Data/0x7b58aefb/eig7ahyo6fo2bais0ephuf2aitohv1ai/influxdbv2-data.tar.xz
|
wget https://hpc-mover.rrze.uni-erlangen.de/HPC-Data/0x7b58aefb/eig7ahyo6fo2bais0ephuf2aitohv1ai/influxdbv2-data.tar.xz
|
||||||
|
@ -42,9 +42,6 @@ services:
|
|||||||
- LDAP_DOMAIN=${LDAP_DOMAIN}
|
- LDAP_DOMAIN=${LDAP_DOMAIN}
|
||||||
volumes:
|
volumes:
|
||||||
- ${DATADIR}/ldap:/container/service/slapd/assets/config/bootstrap/ldif/custom
|
- ${DATADIR}/ldap:/container/service/slapd/assets/config/bootstrap/ldif/custom
|
||||||
ports:
|
|
||||||
- "127.0.0.1:389:389"
|
|
||||||
- "127.0.0.1:636:636"
|
|
||||||
|
|
||||||
redis:
|
redis:
|
||||||
container_name: cc-redis
|
container_name: cc-redis
|
||||||
@ -52,7 +49,7 @@ services:
|
|||||||
command: [
|
command: [
|
||||||
"redis-server",
|
"redis-server",
|
||||||
"--save", "",
|
"--save", "",
|
||||||
"--maxmemory", "1gb",
|
"--maxmemory", "2gb",
|
||||||
"--maxmemory-policy", "allkeys-lru"]
|
"--maxmemory-policy", "allkeys-lru"]
|
||||||
|
|
||||||
php:
|
php:
|
||||||
@ -87,11 +84,6 @@ services:
|
|||||||
container_name: cc-nginx
|
container_name: cc-nginx
|
||||||
build:
|
build:
|
||||||
context: ./nginx
|
context: ./nginx
|
||||||
args:
|
|
||||||
NGINX_SYMFONY_SERVER_NAME: ${NGINX_SYMFONY_SERVER_NAME}
|
|
||||||
MYSQL_PASSWORD: ${MYSQL_PASSWORD}
|
|
||||||
INFLUXDB_PASSWORD: ${INFLUXDB_PASSWORD}
|
|
||||||
APP_ENVIRONMENT: ${APP_ENVIRONMENT}
|
|
||||||
ports:
|
ports:
|
||||||
- "127.0.0.1:${NGINX_PORT}:80"
|
- "127.0.0.1:${NGINX_PORT}:80"
|
||||||
depends_on:
|
depends_on:
|
||||||
@ -100,7 +92,6 @@ services:
|
|||||||
- NGINX_ENVSUBST_OUTPUT_DIR=/etc/nginx/conf.d
|
- NGINX_ENVSUBST_OUTPUT_DIR=/etc/nginx/conf.d
|
||||||
- NGINX_ENVSUBST_TEMPLATE_DIR=/etc/nginx/templates
|
- NGINX_ENVSUBST_TEMPLATE_DIR=/etc/nginx/templates
|
||||||
- NGINX_ENVSUBST_TEMPLATE_SUFFIX=.template
|
- NGINX_ENVSUBST_TEMPLATE_SUFFIX=.template
|
||||||
- NGINX_SYMFONY_SERVER_NAME=${NGINX_SYMFONY_SERVER_NAME}
|
|
||||||
volumes:
|
volumes:
|
||||||
- ${DATADIR}/symfony:/var/www/symfony:cached
|
- ${DATADIR}/symfony:/var/www/symfony:cached
|
||||||
|
|
||||||
|
@ -57,12 +57,9 @@ COPY symfony.pool.conf /usr/local/etc/php/php-fpm.d/
|
|||||||
COPY entrypoint.sh /entrypoint.sh
|
COPY entrypoint.sh /entrypoint.sh
|
||||||
RUN chmod +x /entrypoint.sh
|
RUN chmod +x /entrypoint.sh
|
||||||
|
|
||||||
RUN addgroup -S www
|
|
||||||
RUN adduser -S -D -H -g "php-fpm user" -G www -s /sbin/nologin www
|
|
||||||
|
|
||||||
ARG APP_ENVIRONMENT
|
ARG APP_ENVIRONMENT
|
||||||
ENV APP_ENV=${APP_ENVIRONMENT}
|
ENV APP_ENV=${APP_ENVIRONMENT}
|
||||||
ENV APP_SECRET=67d829bf61dc5f87a73fd814e2c9f629
|
ENV APP_SECRET=${APP_SECRET}
|
||||||
ENV APP_DEBUG=1
|
ENV APP_DEBUG=1
|
||||||
ENV REDIS_URL=redis://cc-redis
|
ENV REDIS_URL=redis://cc-redis
|
||||||
ENV LDAP_URL=ldap://cc-ldap
|
ENV LDAP_URL=ldap://cc-ldap
|
||||||
|
@ -15,6 +15,7 @@ if [ "$APP_CLUSTERCOCKPIT_INIT" = true ]; then
|
|||||||
fi
|
fi
|
||||||
|
|
||||||
ln -s /var/lib/job-archive var/job-archive
|
ln -s /var/lib/job-archive var/job-archive
|
||||||
|
chown -R www-data:www-data /var/www/symfony/* /var/www/symfony/.??*
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# Reports php environment on container startup
|
# Reports php environment on container startup
|
||||||
|
@ -1900,7 +1900,7 @@ opcache.preload=/var/www/symfony/config/preload.php
|
|||||||
; Preloading code as root is not allowed for security reasons. This directive
|
; Preloading code as root is not allowed for security reasons. This directive
|
||||||
; facilitates to let the preloading to be run as another user.
|
; facilitates to let the preloading to be run as another user.
|
||||||
; http://php.net/opcache.preload_user
|
; http://php.net/opcache.preload_user
|
||||||
opcache.preload_user=www
|
opcache.preload_user=www-data
|
||||||
|
|
||||||
; Prevents caching files that are less than this number of seconds old. It
|
; Prevents caching files that are less than this number of seconds old. It
|
||||||
; protects from caching of incompletely updated files. In case all file updates
|
; protects from caching of incompletely updated files. In case all file updates
|
||||||
|
@ -6,8 +6,8 @@
|
|||||||
; Unix user/group of processes
|
; Unix user/group of processes
|
||||||
; Note: The user is mandatory. If the group is not set, the default user's group
|
; Note: The user is mandatory. If the group is not set, the default user's group
|
||||||
; will be used.
|
; will be used.
|
||||||
user = www
|
user = www-data
|
||||||
group = www
|
group = www-data
|
||||||
|
|
||||||
; The address on which to accept FastCGI requests.
|
; The address on which to accept FastCGI requests.
|
||||||
; Valid syntaxes are:
|
; Valid syntaxes are:
|
||||||
@ -78,10 +78,11 @@ env[APP_ENV] = $APP_ENV
|
|||||||
env[APP_SECRET] = $APP_SECRET
|
env[APP_SECRET] = $APP_SECRET
|
||||||
env[APP_DEBUG] = $APP_DEBUG
|
env[APP_DEBUG] = $APP_DEBUG
|
||||||
env[INFLUXDB_URL] = $INFLUXDB_URL
|
env[INFLUXDB_URL] = $INFLUXDB_URL
|
||||||
env[INFLUXDB_V2_URL] = $INFLUXDB_V2_URL
|
|
||||||
env[INFLUXDB_TOKEN] = $INFLUXDB_TOKEN
|
env[INFLUXDB_TOKEN] = $INFLUXDB_TOKEN
|
||||||
env[DATABASE_URL] = $DATABASE_URL
|
env[DATABASE_URL] = $DATABASE_URL
|
||||||
env[REDIS_URL] = $REDIS_URL
|
env[REDIS_URL] = $REDIS_URL
|
||||||
|
env[LDAP_URL] = $LDAP_URL
|
||||||
|
env[LDAP_PW] = $LDAP_PW
|
||||||
env[CORS_ALLOW_ORIGIN] = $CORS_ALLOW_ORIGIN
|
env[CORS_ALLOW_ORIGIN] = $CORS_ALLOW_ORIGIN
|
||||||
|
|
||||||
; Catch worker output
|
; Catch worker output
|
||||||
|
Loading…
Reference in New Issue
Block a user