Switch to FrankenPHP

Author: lyrixx

.env

@@ -17,4 +17,5 @@
 ###> symfony/framework-bundle ###
 APP_ENV=dev
 APP_SECRET=
+TRUSTED_PROXIES=127.0.0.1,172.17.0.0/16,172.18.0.0/15,172.20.0.0/14,172.24.0.0/13,192.168.0.0/16,10.0.0.0/8
 ###< symfony/framework-bundle ###

config/packages/framework.yaml

@@ -8,6 +8,7 @@ framework:
     #esi: true
     #fragments: true
 
+    trusted_proxies: '%env(TRUSTED_PROXIES)%'
 when@test:
     framework:
         test: true

infrastructure/docker/docker-compose.yml

@@ -23,6 +23,9 @@ services:
         build:
             context: services/php
             target: frontend
+        environment:
+            - SERVER_NAME=${PROJECT_ROOT_DOMAIN}
+            - UID=${USER_ID}
         depends_on:
             postgres:
                 condition: service_healthy
@@ -31,13 +34,11 @@ services:
         profiles:
             - default
         labels:
-            - "traefik.enable=true"
             - "project-name=${PROJECT_NAME}"
-            - "traefik.http.routers.${PROJECT_NAME}-frontend.rule=Host(${PROJECT_DOMAINS})"
+            - "traefik.enable=true"
+            - "traefik.http.routers.${PROJECT_NAME}-frontend.rule=Host(`${PROJECT_ROOT_DOMAIN}`)"
             - "traefik.http.routers.${PROJECT_NAME}-frontend.tls=true"
-            - "traefik.http.routers.${PROJECT_NAME}-frontend-unsecure.rule=Host(${PROJECT_DOMAINS})"
-            # Comment the next line to be able to access frontend via HTTP instead of HTTPS
-            - "traefik.http.routers.${PROJECT_NAME}-frontend-unsecure.middlewares=redirect-to-https@file"
+            - "traefik.http.services.${PROJECT_NAME}-frontend.loadbalancer.server.port=80"
 
     postgres:
         image: postgres:16

infrastructure/docker/services/php/Dockerfile

@@ -1,123 +1,77 @@
 # hadolint global ignore=DL3008
 
-FROM debian:12.8-slim AS php-base
+FROM dunglas/frankenphp:1.4.4-php8.4-bookworm as php-base
 
-SHELL ["/bin/bash", "-o", "pipefail", "-c"]
+RUN install-php-extensions \
+        intl \
+        opcache \
+        pdo_pgsql \
+        uuid
 
-RUN apt-get update \
-    && apt-get install -y --no-install-recommends \
-        curl \
-        ca-certificates \
-        gnupg \
-    && curl -sSLo /tmp/debsuryorg-archive-keyring.deb https://packages.sury.org/debsuryorg-archive-keyring.deb \
-    && dpkg -i /tmp/debsuryorg-archive-keyring.deb \
-    && echo "deb [signed-by=/usr/share/keyrings/deb.sury.org-php.gpg] https://packages.sury.org/php bookworm main" > /etc/apt/sources.list.d/sury.list \
-    && apt-get clean \
-    && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* /usr/share/doc/*
-
-RUN apt-get update \
-    && apt-get install -y --no-install-recommends \
-        bash-completion \
-        procps \
-    && apt-get clean \
-    && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* /usr/share/doc/*
-
-ARG PHP_VERSION
-
-RUN apt-get update \
-    && apt-get install -y --no-install-recommends \
-        "php${PHP_VERSION}-apcu" \
-        "php${PHP_VERSION}-bcmath" \
-        "php${PHP_VERSION}-cli" \
-        "php${PHP_VERSION}-common" \
-        "php${PHP_VERSION}-curl" \
-        "php${PHP_VERSION}-iconv" \
-        "php${PHP_VERSION}-intl" \
-        "php${PHP_VERSION}-mbstring" \
-        "php${PHP_VERSION}-pgsql" \
-        "php${PHP_VERSION}-uuid" \
-        "php${PHP_VERSION}-xml" \
-        "php${PHP_VERSION}-zip" \
-    && apt-get clean \
-    && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* /usr/share/doc/*
+COPY ./base/php.ini $PHP_INI_DIR/conf.d/app-base.ini
 
 # Fake user to maps with the one on the host
 ARG USER_ID
-COPY entrypoint /
 RUN addgroup --gid $USER_ID app && \
     adduser --system --uid $USER_ID --home /home/app --shell /bin/bash app && \
     curl -Ls https://github.com/tianon/gosu/releases/download/1.17/gosu-amd64 | \
-        install /dev/stdin /usr/local/bin/gosu && \
-    sed "s/{{ application_user }}/app/g" -i /entrypoint
-
-# Configuration
-COPY base/php-configuration /etc/php/${PHP_VERSION}
-
-ENV PHP_VERSION=${PHP_VERSION}
+        install /dev/stdin /usr/local/bin/gosu
 
-WORKDIR /var/www
+COPY entrypoint /
 
-ENTRYPOINT [ "/entrypoint" ]
+ENTRYPOINT ["/entrypoint"]
 
 FROM php-base AS frontend
 
-RUN apt-get update \
-    && apt-get install -y --no-install-recommends \
-        nginx \
-        "php${PHP_VERSION}-fpm" \
-        runit \
-    && apt-get clean \
-    && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* /usr/share/doc/* \
-    && rm -r "/etc/php/${PHP_VERSION}/fpm/pool.d/"
+RUN  setcap CAP_NET_BIND_SERVICE=+eip /usr/local/bin/frankenphp && \
+    chown -R ${USER_ID}:${USER_ID} /data/caddy && \
+    chown -R ${USER_ID}:${USER_ID} /config/caddy
 
-RUN useradd -s /bin/false nginx
+COPY ./frontend/etc/. /etc/
+COPY ./frontend/php.ini $PHP_INI_DIR/conf.d/app-frontend.ini
 
-COPY frontend/php-configuration /etc/php/${PHP_VERSION}
-COPY frontend/etc/nginx/. /etc/nginx/
-COPY frontend/etc/service/. /etc/service/
+WORKDIR /var/www
 
-RUN phpenmod app-default \
-    && phpenmod app-fpm
+CMD [ "frankenphp", "run", "--config", "/etc/caddy/Caddyfile", "--adapter", "caddyfile"]
 
 EXPOSE 80
 
-CMD ["runsvdir", "-P", "/etc/service"]
-
 FROM php-base AS worker
 
 FROM php-base AS builder
 
 SHELL ["/bin/bash", "-o", "pipefail", "-c"]
 
+# Default toys
+RUN apt-get update \
+    && apt-get install -y --no-install-recommends \
+        ca-certificates \
+        gnupg \
+    && apt-get clean \
+    && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* /usr/share/doc/*
+
 ARG NODEJS_VERSION=20.x
 RUN curl -s https://deb.nodesource.com/gpgkey/nodesource-repo.gpg.key | gpg --dearmor -o /usr/share/keyrings/nodesource.gpg \
     && echo "deb [signed-by=/usr/share/keyrings/nodesource.gpg] https://deb.nodesource.com/node_${NODEJS_VERSION} nodistro main" > /etc/apt/sources.list.d/nodesource.list
 
 # Default toys
 RUN apt-get update \
     && apt-get install -y --no-install-recommends \
+        bash-completion \
+        ca-certificates \
+        curl \
         git \
         make \
         nodejs \
+        procps \
         sudo \
         unzip \
     && apt-get clean \
     && npm install -g [email protected] \
     && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* /usr/share/doc/*
 
-# Config
-COPY builder/etc/. /etc/
-COPY builder/php-configuration /etc/php/${PHP_VERSION}
-RUN adduser app sudo \
-    && mkdir /var/log/php \
-    && chmod 777 /var/log/php \
-    && phpenmod app-default \
-    && phpenmod app-builder
-
 # Composer
 COPY --from=composer/composer:2.8.4 /usr/bin/composer /usr/bin/composer
-RUN mkdir -p "/home/app/.composer/cache" \
-    && chown app: /home/app/.composer -R
 
 ADD https://raw.githubusercontent.com/symfony/symfony/refs/heads/7.2/src/Symfony/Component/Console/Resources/completion.bash /tmp/completion.bash
 
@@ -133,6 +87,13 @@ RUN sed /tmp/completion.bash \
         -e "s/{{ VERSION }}/1/g"  \
         > /etc/bash_completion.d/console
 
+# Config
+COPY ./builder/php.ini $PHP_INI_DIR/conf.d/app-builder.ini
+COPY builder/etc/. /etc/
+RUN adduser app sudo \
+    && mkdir /var/log/php \
+    && chmod 777 /var/log/php
+
 # Third party tools
 ENV PATH="$PATH:/var/www/tools/bin"
 

infrastructure/docker/services/php/base/php-configuration/mods-available/app-default.ini infrastructure/docker/services/php/base/php.ini

@@ -1,7 +1,6 @@
-; priority=30
 [PHP]
 short_open_tag = Off
-memory_limit = 512M
+memory_limit = 128M
 error_reporting = E_ALL
 display_errors = On
 display_startup_errors = On

infrastructure/docker/services/php/builder/php-configuration/mods-available/app-builder.ini infrastructure/docker/services/php/builder/php.ini

@@ -1,5 +1,5 @@
-; priority=40
 [PHP]
 error_log = /var/log/php/error.log
+memory_limit = 2G
 [opcache]
 opcache.error_log = /var/log/php/opcache.log

infrastructure/docker/services/php/entrypoint

@@ -16,9 +16,9 @@ if [ "$#" = 0 ]; then
 fi
 
 if [ "$UID" != 0 ]; then
-    usermod -u "$UID" "{{ application_user }}" >/dev/null 2>/dev/null && {
-        groupmod -g "$GID" "{{ application_user }}" >/dev/null 2>/dev/null ||
-        usermod -a -G "$GID" "{{ application_user }}" >/dev/null 2>/dev/null
+    usermod -u "$UID" "app" >/dev/null 2>/dev/null && {
+        groupmod -g "$GID" "app" >/dev/null 2>/dev/null ||
+        usermod -a -G "$GID" "app" >/dev/null 2>/dev/null
     }
     set -- gosu "${UID}:${GID}" "${@}"
 fi

infrastructure/docker/services/php/frontend/etc/caddy/Caddyfile

@@ -0,0 +1,17 @@
+{
+    frankenphp
+    auto_https off
+    debug
+}
+
+http://{$SERVER_NAME}:80 {
+    encode zstd gzip
+
+    root /var/www/public
+    php_server
+
+    log {
+        output stdout
+        format json
+    }
+}

infrastructure/docker/services/php/frontend/etc/nginx/environments

@@ -0,0 +1,3 @@
+[PHP]
+; We should not put a value like this, but this is for the sake of the demo
+memory_limit = 2G