Add shared httpd + PHP-FPM-only container architecture

Separate Apache and PHP-FPM into distinct container roles to reduce per-customer memory overhead on shared servers. Adds three new images: - Dockerfile.fpm: PHP-FPM only (no Apache), listens on TCP port 9000 - Dockerfile.shared-httpd: Apache only (no PHP), with SSL and proxy_fcgi - Existing Dockerfile unchanged for standalone mode Key changes: - detect-memory.sh: CONTAINER_ROLE env var (combined/fpm_only/httpd_only) controls the memory budget split - create-php-config.sh: FPM_LISTEN env var for TCP port vs Unix socket, added /fpm-ping and /fpm-status health endpoints - New entrypoints for each container role - tune-mpm.sh for hot-adjusting Apache MPM settings - shared-vhost-template.tpl with proxy_fcgi and SSL on port 443 - CI/CD builds all three image types in parallel Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-04-01 10:08:00 -07:00
parent 87c4f2befc
commit c78167871c
9 changed files with 510 additions and 55 deletions
--- a/Dockerfile.fpm
+++ b/Dockerfile.fpm
@@ -0,0 +1,43 @@
+FROM almalinux/9-base
+ARG PHPVER=83
+
+# Install repos, update, install only needed packages (no httpd/mod_ssl), clean up in one layer
+RUN dnf install -y \
+      https://dl.fedoraproject.org/pub/epel/epel-release-latest-9.noarch.rpm \
+      https://rpms.remirepo.net/enterprise/remi-release-9.rpm && \
+    dnf update -y && \
+    dnf install -y wget procps cronie iproute postgresql-devel microdnf less git \
+      nano rsync unzip zip mariadb bind-utils jq patch nc tree dos2unix fcgi && \
+    dnf clean all && \
+    rm -rf /var/cache/dnf /usr/share/doc /usr/share/man /usr/share/locale/*
+
+# Copy scripts into the image and set permissions
+COPY ./scripts/ /scripts/
+RUN chmod +x /scripts/*
+
+# Create needed dirs, install PHP, clean up (no SSL cert, no httpd)
+RUN mkdir -p /run/php-fpm/ && \
+    /scripts/install-php$PHPVER.sh && \
+    rm -rf /tmp/*
+
+# Download and install wp-cli
+RUN curl -L -o /usr/local/bin/wp https://raw.githubusercontent.com/wp-cli/builds/gh-pages/phar/wp-cli.phar && \
+    chmod +x /usr/local/bin/wp
+
+# Download and install Composer
+RUN curl -sS https://getcomposer.org/installer | php -- --install-dir=/usr/local/bin --filename=composer && \
+    chmod +x /usr/local/bin/composer
+
+# Copy configs (PHP only, no Apache configs)
+COPY ./configs/prod-php.ini /etc/php.ini
+COPY ./configs/mariadb.repo /etc/yum.repos.d/
+
+# Set up cron job for log rotation
+RUN echo "15 */12 * * * root /scripts/log-rotate.sh" >> /etc/crontab
+
+EXPOSE 9000
+
+HEALTHCHECK --interval=30s --timeout=5s --start-period=60s --retries=3 \
+  CMD SCRIPT_FILENAME=/fpm-ping SCRIPT_NAME=/fpm-ping REQUEST_METHOD=GET cgi-fcgi -bind -connect 127.0.0.1:9000 | grep -q pong || exit 1
+
+ENTRYPOINT [ "/scripts/entrypoint-fpm.sh" ]