Add shared httpd + PHP-FPM-only container architecture
Some checks failed
Cloud Apache Container / Build-and-Push (74) (push) Successful in 2m22s
Cloud Apache Container / Build-and-Push (80) (push) Successful in 3m14s
Cloud Apache Container / Build-and-Push (82) (push) Has been cancelled
Cloud Apache Container / Build-and-Push (83) (push) Has been cancelled
Cloud Apache Container / Build-and-Push (84) (push) Has been cancelled
Cloud Apache Container / Build-and-Push (85) (push) Has been cancelled
Cloud Apache Container / Build-FPM-Images (74) (push) Has been cancelled
Cloud Apache Container / Build-FPM-Images (80) (push) Has been cancelled
Cloud Apache Container / Build-FPM-Images (81) (push) Has been cancelled
Cloud Apache Container / Build-FPM-Images (82) (push) Has been cancelled
Cloud Apache Container / Build-FPM-Images (83) (push) Has been cancelled
Cloud Apache Container / Build-FPM-Images (84) (push) Has been cancelled
Cloud Apache Container / Build-FPM-Images (85) (push) Has been cancelled
Cloud Apache Container / Build-Shared-httpd (push) Has been cancelled
Cloud Apache Container / Build-and-Push (81) (push) Has been cancelled
Some checks failed
Cloud Apache Container / Build-and-Push (74) (push) Successful in 2m22s
Cloud Apache Container / Build-and-Push (80) (push) Successful in 3m14s
Cloud Apache Container / Build-and-Push (82) (push) Has been cancelled
Cloud Apache Container / Build-and-Push (83) (push) Has been cancelled
Cloud Apache Container / Build-and-Push (84) (push) Has been cancelled
Cloud Apache Container / Build-and-Push (85) (push) Has been cancelled
Cloud Apache Container / Build-FPM-Images (74) (push) Has been cancelled
Cloud Apache Container / Build-FPM-Images (80) (push) Has been cancelled
Cloud Apache Container / Build-FPM-Images (81) (push) Has been cancelled
Cloud Apache Container / Build-FPM-Images (82) (push) Has been cancelled
Cloud Apache Container / Build-FPM-Images (83) (push) Has been cancelled
Cloud Apache Container / Build-FPM-Images (84) (push) Has been cancelled
Cloud Apache Container / Build-FPM-Images (85) (push) Has been cancelled
Cloud Apache Container / Build-Shared-httpd (push) Has been cancelled
Cloud Apache Container / Build-and-Push (81) (push) Has been cancelled
Separate Apache and PHP-FPM into distinct container roles to reduce per-customer memory overhead on shared servers. Adds three new images: - Dockerfile.fpm: PHP-FPM only (no Apache), listens on TCP port 9000 - Dockerfile.shared-httpd: Apache only (no PHP), with SSL and proxy_fcgi - Existing Dockerfile unchanged for standalone mode Key changes: - detect-memory.sh: CONTAINER_ROLE env var (combined/fpm_only/httpd_only) controls the memory budget split - create-php-config.sh: FPM_LISTEN env var for TCP port vs Unix socket, added /fpm-ping and /fpm-status health endpoints - New entrypoints for each container role - tune-mpm.sh for hot-adjusting Apache MPM settings - shared-vhost-template.tpl with proxy_fcgi and SSL on port 443 - CI/CD builds all three image types in parallel Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
66
scripts/entrypoint-shared-httpd.sh
Executable file
66
scripts/entrypoint-shared-httpd.sh
Executable file
@@ -0,0 +1,66 @@
|
||||
#!/usr/bin/env bash
|
||||
|
||||
export CONTAINER_ROLE="httpd_only"
|
||||
|
||||
if [ -z "$environment" ]; then
|
||||
environment="PROD"
|
||||
fi
|
||||
|
||||
# Generate self-signed SSL cert if not already present
|
||||
if [ ! -f /etc/pki/tls/certs/localhost.crt ]; then
|
||||
openssl req -newkey rsa:2048 -nodes \
|
||||
-keyout /etc/pki/tls/private/localhost.key \
|
||||
-x509 -days 3650 -subj "/CN=localhost" \
|
||||
-out /etc/pki/tls/certs/localhost.crt
|
||||
fi
|
||||
|
||||
# Create log directory
|
||||
mkdir -p /var/log/httpd
|
||||
|
||||
# Remove default configs that conflict
|
||||
rm -f /etc/httpd/conf.d/userdir.conf
|
||||
|
||||
# Configure RemoteIP for Docker network
|
||||
docker_network=$(ip addr show | grep eth0 | grep inet | awk -F " " '{print $2}')
|
||||
if [ -n "$docker_network" ]; then
|
||||
echo "RemoteIPInternalProxy $docker_network" >> /etc/httpd/conf.d/remoteip.conf
|
||||
fi
|
||||
|
||||
# Detect memory and calculate Apache MPM tuning
|
||||
source /scripts/detect-memory.sh
|
||||
echo "Container memory: ${CONTAINER_MEMORY_MB}MB | Apache workers=${APACHE_MAX_REQUEST_WORKERS} | Role=${CONTAINER_ROLE}"
|
||||
|
||||
# Generate MPM tuning config
|
||||
/scripts/create-apache-mpm-config.sh
|
||||
|
||||
# Write SSL global config (matches standalone CAC behavior)
|
||||
cat <<'EOF' > /etc/httpd/conf.d/ssl-global.conf
|
||||
Listen 443 https
|
||||
SSLPassPhraseDialog exec:/usr/libexec/httpd-ssl-pass-dialog
|
||||
SSLSessionCache shmcb:/run/httpd/sslcache(512000)
|
||||
SSLSessionCacheTimeout 300
|
||||
SSLCryptoDevice builtin
|
||||
EOF
|
||||
|
||||
# Disable the default ssl.conf if present (we use per-vhost SSL)
|
||||
if [ -f /etc/httpd/conf.d/ssl.conf ]; then
|
||||
mv /etc/httpd/conf.d/ssl.conf /etc/httpd/conf.d/ssl.conf.bak
|
||||
fi
|
||||
|
||||
# Ensure vhosts directory exists and is included
|
||||
mkdir -p /etc/httpd/conf.d/vhosts
|
||||
if ! grep -q 'IncludeOptional conf.d/vhosts/' /etc/httpd/conf/httpd.conf; then
|
||||
echo 'IncludeOptional conf.d/vhosts/*.conf' >> /etc/httpd/conf/httpd.conf
|
||||
fi
|
||||
|
||||
# Start Apache
|
||||
/usr/sbin/httpd -k start
|
||||
|
||||
# Start cron for log rotation
|
||||
/usr/sbin/crond
|
||||
|
||||
# Tail Apache logs (becomes PID 1 process)
|
||||
touch /var/log/httpd/error_log
|
||||
tail -f /var/log/httpd/*
|
||||
|
||||
exit 0
|
||||
Reference in New Issue
Block a user