Optimize php config. Use existing www-data user.

data/init.sh

@@ -22,10 +22,10 @@ wget https://hpc-mover.rrze.uni-erlangen.de/HPC-Data/0x7b58aefb/eig7ahyo6fo2bais
 tar xJf job-archive.tar.xz
 rm ./job-archive.tar.xz
 
-# 101 is the uid and gid of the user and group www in the cc-php container running php-fpm.
+# 101 is the uid and gid of the user and group www-data in the cc-php container running php-fpm.
 # For a demo with no new jobs it is enough to give www read permissions on that directory.
-echo "This script needs to chown the job-archive directory so that the application can write to it:"
+# echo "This script needs to chown the job-archive directory so that the application can write to it:"
-sudo chown -R 101:101 ./job-archive
+# sudo chown -R 82:82 ./job-archive
 
 mkdir -p influxdb/data
 wget https://hpc-mover.rrze.uni-erlangen.de/HPC-Data/0x7b58aefb/eig7ahyo6fo2bais0ephuf2aitohv1ai/influxdbv2-data.tar.xz

docker-compose.yml

@@ -42,9 +42,6 @@ services:
       - LDAP_DOMAIN=${LDAP_DOMAIN}
     volumes:
       - ${DATADIR}/ldap:/container/service/slapd/assets/config/bootstrap/ldif/custom
-    ports:
-      - "127.0.0.1:389:389"
-      - "127.0.0.1:636:636"
 
   redis:
     container_name: cc-redis
@@ -52,7 +49,7 @@ services:
     command: [
       "redis-server",
       "--save",             "",
-      "--maxmemory",        "1gb",
+      "--maxmemory",        "2gb",
       "--maxmemory-policy", "allkeys-lru"]
 
   php:
@@ -87,11 +84,6 @@ services:
     container_name: cc-nginx
     build:
       context: ./nginx
-      args:
-        NGINX_SYMFONY_SERVER_NAME: ${NGINX_SYMFONY_SERVER_NAME}
-        MYSQL_PASSWORD: ${MYSQL_PASSWORD}
-        INFLUXDB_PASSWORD: ${INFLUXDB_PASSWORD}
-        APP_ENVIRONMENT: ${APP_ENVIRONMENT}
     ports:
       - "127.0.0.1:${NGINX_PORT}:80"
     depends_on:
@@ -100,7 +92,6 @@ services:
       - NGINX_ENVSUBST_OUTPUT_DIR=/etc/nginx/conf.d
       - NGINX_ENVSUBST_TEMPLATE_DIR=/etc/nginx/templates
       - NGINX_ENVSUBST_TEMPLATE_SUFFIX=.template
-      - NGINX_SYMFONY_SERVER_NAME=${NGINX_SYMFONY_SERVER_NAME}
     volumes:
       - ${DATADIR}/symfony:/var/www/symfony:cached
 

php-fpm/Dockerfile

@@ -57,12 +57,9 @@ COPY symfony.pool.conf /usr/local/etc/php/php-fpm.d/
 COPY entrypoint.sh /entrypoint.sh
 RUN chmod +x /entrypoint.sh
 
-RUN addgroup -S www
-RUN adduser -S -D -H -g "php-fpm user" -G www -s /sbin/nologin www
-
 ARG APP_ENVIRONMENT
 ENV APP_ENV=${APP_ENVIRONMENT}
-ENV APP_SECRET=67d829bf61dc5f87a73fd814e2c9f629
+ENV APP_SECRET=${APP_SECRET}
 ENV APP_DEBUG=1
 ENV REDIS_URL=redis://cc-redis
 ENV LDAP_URL=ldap://cc-ldap

php-fpm/entrypoint.sh

@@ -15,6 +15,7 @@ if [ "$APP_CLUSTERCOCKPIT_INIT" = true ]; then
     fi
 
     ln -s /var/lib/job-archive var/job-archive
+    chown -R www-data:www-data /var/www/symfony/* /var/www/symfony/.??*
 fi
 
 # Reports php environment on container startup

php-fpm/php.ini

@@ -1900,7 +1900,7 @@ opcache.preload=/var/www/symfony/config/preload.php
 ; Preloading code as root is not allowed for security reasons. This directive
 ; facilitates to let the preloading to be run as another user.
 ; http://php.net/opcache.preload_user
-opcache.preload_user=www
+opcache.preload_user=www-data
 
 ; Prevents caching files that are less than this number of seconds old. It
 ; protects from caching of incompletely updated files. In case all file updates

php-fpm/symfony.pool.conf

@@ -6,8 +6,8 @@
 ; Unix user/group of processes
 ; Note: The user is mandatory. If the group is not set, the default user's group
 ;       will be used.
-user = www
+user = www-data
-group = www
+group = www-data
 
 ; The address on which to accept FastCGI requests.
 ; Valid syntaxes are:
@@ -78,10 +78,11 @@ env[APP_ENV] = $APP_ENV
 env[APP_SECRET] = $APP_SECRET
 env[APP_DEBUG] = $APP_DEBUG
 env[INFLUXDB_URL] = $INFLUXDB_URL
-env[INFLUXDB_V2_URL] = $INFLUXDB_V2_URL
 env[INFLUXDB_TOKEN] = $INFLUXDB_TOKEN
 env[DATABASE_URL] = $DATABASE_URL
 env[REDIS_URL] = $REDIS_URL
+env[LDAP_URL] = $LDAP_URL
+env[LDAP_PW] = $LDAP_PW
 env[CORS_ALLOW_ORIGIN] = $CORS_ALLOW_ORIGIN
 
 ; Catch worker output