Commit 6d7676a2 authored by Dillenn Terumalai's avatar Dillenn Terumalai
Browse files

Added Vessel for docker support

parent 78b7dbca
......@@ -11,7 +11,9 @@
"php": "^7.2",
"fideloper/proxy": "^4.0",
"laravel/framework": "^6.2",
"laravel/tinker": "^1.0"
"laravel/tinker": "^1.0",
"predis/predis": "^1.1",
"shipping-docker/vessel": "^4.1"
"require-dev": {
"facade/ignition": "^1.4",
......@@ -4,7 +4,7 @@
"Read more about it at",
"This file is @generated automatically"
"content-hash": "fa503b104f700e4337a4bf209a56bc8a",
"content-hash": "a58a97ff47f1f23921f11f3b36cbe32b",
"packages": [
"name": "dnoegel/php-xdg-base-dir",
......@@ -1116,6 +1116,56 @@
"time": "2015-07-25T16:39:46+00:00"
"name": "predis/predis",
"version": "v1.1.1",
"source": {
"type": "git",
"url": "",
"reference": "f0210e38881631afeafb56ab43405a92cafd9fd1"
"dist": {
"type": "zip",
"url": "",
"reference": "f0210e38881631afeafb56ab43405a92cafd9fd1",
"shasum": ""
"require": {
"php": ">=5.3.9"
"require-dev": {
"phpunit/phpunit": "~4.8"
"suggest": {
"ext-curl": "Allows access to Webdis when paired with phpiredis",
"ext-phpiredis": "Allows faster serialization and deserialization of the Redis protocol"
"type": "library",
"autoload": {
"psr-4": {
"Predis\\": "src/"
"notification-url": "",
"license": [
"authors": [
"name": "Daniele Alessandri",
"email": "",
"homepage": ""
"description": "Flexible and feature-complete Redis client for PHP and HHVM",
"homepage": "",
"keywords": [
"time": "2016-06-16T16:22:20+00:00"
"name": "psr/container",
"version": "1.0.0",
......@@ -1416,6 +1466,46 @@
"time": "2018-07-19T23:38:55+00:00"
"name": "shipping-docker/vessel",
"version": "4.1.0",
"source": {
"type": "git",
"url": "",
"reference": "16ae9c1fc6beeb3e451fe08c837d3c538a2ceaa9"
"dist": {
"type": "zip",
"url": "",
"reference": "16ae9c1fc6beeb3e451fe08c837d3c538a2ceaa9",
"shasum": ""
"type": "library",
"extra": {
"laravel": {
"providers": [
"autoload": {
"psr-4": {
"Vessel\\": "src/"
"notification-url": "",
"license": [
"authors": [
"name": "Chris Fidao",
"email": ""
"description": "Simple Docker dev environments",
"time": "2019-09-12T12:06:00+00:00"
"name": "swiftmailer/swiftmailer",
"version": "v6.2.1",
version: "2"
context: ./docker/app
dockerfile: Dockerfile
image: vessel/app
- "${APP_PORT}:80"
- .:/var/www/html
- vessel
context: ./docker/node
dockerfile: Dockerfile
uid: "${WWWUSER}"
image: vessel/node
user: node
- .:/var/www/html
- vessel
image: mysql:5.7
- "${MYSQL_PORT}:3306"
- vesselmysql:/var/lib/mysql
# - ./docker/mysql/conf.d:/etc/mysql/conf.d
# - ./docker/mysql/logs:/var/log/mysql
- vessel
image: redis:alpine
- vesselredis:/data
- vessel
driver: "bridge"
driver: "local"
driver: "local"
FROM ubuntu:18.04
LABEL maintainer="Chris Fidao"
RUN useradd -ms /bin/bash -u 1337 vessel
WORKDIR /var/www/html
RUN ln -snf /usr/share/zoneinfo/$TZ /etc/localtime && echo $TZ > /etc/timezone
RUN set -x \
&& apt-get update && apt-get install -y gnupg gosu \
&& gosu nobody true
RUN echo "deb bionic main" > /etc/apt/sources.list.d/ppa_ondrej_php.list \
&& echo "deb bionic main" > /etc/apt/sources.list.d/ppa_nginx_mainline.list \
&& apt-key adv --keyserver hkp:// --recv-keys E5267A6C \
&& apt-key adv --keyserver hkp:// --recv-keys C300EE8C \
&& apt-get update \
&& apt-get install -y curl zip unzip git supervisor sqlite3 \
&& apt-get install -y nginx php7.3-fpm php7.3-cli \
php7.3-pgsql php7.3-sqlite3 php7.3-gd \
php7.3-curl php7.3-memcached \
php7.3-imap php7.3-mysql php7.3-mbstring \
php7.3-xml php7.3-zip php7.3-bcmath php7.3-soap \
php7.3-intl php7.3-readline php7.3-xdebug \
php7.3-msgpack php7.3-igbinary php7.3-ldap \
php-redis \
&& php -r "readfile('');" | php -- --install-dir=/usr/bin/ --filename=composer \
&& mkdir /run/php \
&& apt-get -y autoremove \
&& apt-get clean \
&& rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* \
&& sed -i "s/pm\.max_children = .*/pm.max_children = 20/" /etc/php/7.3/fpm/pool.d/www.conf \
&& sed -i "s/pm\.start_servers = .*/pm.start_servers = 10/" /etc/php/7.3/fpm/pool.d/www.conf \
&& sed -i "s/pm\.min_spare_servers = .*/pm.min_spare_servers = 5/" /etc/php/7.3/fpm/pool.d/www.conf \
&& sed -i "s/pm\.max_spare_servers = .*/pm.max_spare_servers = 10/" /etc/php/7.3/fpm/pool.d/www.conf \
&& echo "daemon off;" >> /etc/nginx/nginx.conf
RUN ln -sf /dev/stdout /var/log/nginx/access.log \
&& ln -sf /dev/stderr /var/log/nginx/error.log
COPY h5bp /etc/nginx/h5bp
COPY default /etc/nginx/sites-available/default
COPY php-fpm.conf /etc/php/7.3/fpm/php-fpm.conf
COPY xdebug.ini /etc/php/7.3/mods-available/xdebug.ini
COPY vessel.ini /etc/php/7.3/fpm/conf.d/99-vessel.ini
COPY supervisord.conf /etc/supervisor/conf.d/supervisord.conf
COPY start-container /usr/local/bin/start-container
RUN chmod +x /usr/local/bin/start-container
ENTRYPOINT ["start-container"]
server {
listen 80 default_server;
root /var/www/html/public;
index index.html index.htm index.php;
server_name _;
charset utf-8;
location = /favicon.ico { log_not_found off; access_log off; }
location = /robots.txt { log_not_found off; access_log off; }
include h5bp/basic.conf;
client_max_body_size 100M;
location / {
try_files $uri $uri/ /index.php$is_args$args;
location ~ \.php$ {
add_header X-Served-By Vessel;
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/run/php/php7.3-fpm.sock;
error_page 404 /index.php;
location ~ /\.ht {
deny all;
Component-config files
Each of these files is intended to be included in a server block. Not all of
the files here are used - they are available to be included as required. The
`basic.conf` file includes the rules which are recommended to always be
# Basic h5bp rules
include h5bp/directive-only/gzip.conf;
include h5bp/directive-only/x-ua-compatible.conf;
include h5bp/location/expires.conf;
include h5bp/location/cross-domain-fonts.conf;
include h5bp/location/protect-system-files.conf;
# This tells Nginx to cache open file handles, "not found" errors, metadata about files and their permissions, etc.
# The upside of this is that Nginx can immediately begin sending data when a popular file is requested,
# and will also know to immediately send a 404 if a file is missing on disk, and so on.
# However, it also means that the server won't react immediately to changes on disk, which may be undesirable.
# In the below configuration, inactive files are released from the cache after 20 seconds, whereas
# active (recently requested) files are re-validated every 30 seconds.
# Descriptors will not be cached unless they are used at least 2 times within 20 seconds (the inactive time).
# A maximum of the 1000 most recently used file descriptors can be cached at any time.
# Production servers with stable file collections will definitely want to enable the cache.
open_file_cache max=1000 inactive=20s;
open_file_cache_valid 30s;
open_file_cache_min_uses 2;
open_file_cache_errors on;
# Cross domain AJAX requests
# **Security Warning**
# Do not use this without understanding the consequences.
# This will permit access from any other website.
add_header "Access-Control-Allow-Origin" "*";
# Instead of using this file, consider using a specific rule such as:
# Allow access based on [sub]domain:
# add_header "Access-Control-Allow-Origin" "";
# The X-Frame-Options header indicates whether a browser should be allowed
# to render a page within a frame or iframe.
add_header X-Frame-Options SAMEORIGIN always;
# MIME type sniffing security protection
# There are very few edge cases where you wouldn't want this enabled.
add_header X-Content-Type-Options nosniff always;
# The X-XSS-Protection header is used by Internet Explorer version 8+
# The header instructs IE to enable its inbuilt anti-cross-site scripting filter.
add_header X-XSS-Protection "1; mode=block" always;
# with Content Security Policy (CSP) enabled (and a browser that supports it (,
# you can tell the browser that it can only download content from the domains you explicitly allow
# CSP can be quite difficult to configure, and cause real issues if you get it wrong
# There is website that helps you generate a policy here
# add_header Content-Security-Policy "default-src 'self'; style-src 'self' 'unsafe-inline'; script-src 'self';" always;
# This Config is based on the following two pages:
# Enable gzip compression.
# Default: off
gzip on;
# Compression level (1-9).
# 5 is a perfect compromise between size and CPU usage, offering about
# 75% reduction for most ASCII files (almost identical to level 9).
# Default: 1
gzip_comp_level 5;
# Don't compress anything that's already small and unlikely to shrink much
# if at all (the default is 20 bytes, which is bad as that usually leads to
# larger files after gzipping).
# Default: 20
gzip_min_length 256;
# Compress data even for clients that are connecting to us via proxies,
# identified by the "Via" header (required for CloudFront).
# Default: off
gzip_proxied any;
# Tell proxies to cache both the gzipped and regular version of a resource
# whenever the client's Accept-Encoding capabilities header varies;
# Avoids the issue where a non-gzip capable client (which is extremely rare
# today) would display gibberish if their proxy gave them the gzipped version.
# Default: off
gzip_vary on;
# Compress all output labeled with one of the following MIME-types.
# text/html is always compressed by gzip module.
# Default: text/html
# Prevent mobile network providers from modifying your site
# (!) If you are using `ngx_pagespeed`, please note that setting
# the `Cache-Control: no-transform` response header will prevent
# `PageSpeed` from rewriting `HTML` files, and, if
# `pagespeed DisableRewriteOnNoTransform off` is not used, also
# from rewriting other resources.
add_header "Cache-Control" "no-transform";
# Nginx's spdy module is compiled by default from 1.6
# SPDY only works on HTTPS connections
# Inform browser of SPDY availability
add_header Alternate-Protocol 443:npn-spdy/3;
# Adjust connection keepalive for SPDY clients:
spdy_keepalive_timeout 300s; # up from 180 secs default
# enable SPDY header compression
spdy_headers_comp 6;
# OCSP stapling...
ssl_stapling on;
ssl_stapling_verify on;
#trusted cert must be made up of your intermediate certificate followed by root certificate
#ssl_trusted_certificate /path/to/ca.crt;
resolver valid=60s;
resolver_timeout 2s;
# Protect against the BEAST and POODLE attacks by not using SSLv3 at all. If you need to support older browsers (IE6) you may need to add
# SSLv3 to the list of protocols below.
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
# Ciphers set to best allow protection from Beast, while providing forwarding secrecy, as defined by Mozilla (Intermediate Set) -
ssl_prefer_server_ciphers on;
# Optimize SSL by caching session parameters for 10 minutes. This cuts down on the number of expensive SSL handshakes.
# The handshake is the most CPU-intensive operation, and by default it is re-negotiated on every new/parallel connection.
# By enabling a cache (of type "shared between all Nginx workers"), we tell the client to re-use the already negotiated state.
# Further optimization can be achieved by raising keepalive_timeout, but that shouldn't be done unless you serve primarily HTTPS.
ssl_session_cache shared:SSL:10m; # a 1mb cache can hold about 4000 sessions, so we can hold 40000 sessions
ssl_session_timeout 24h;
# SSL buffer size was added in 1.5.9
#ssl_buffer_size 1400; # 1400 bytes to fit in one MTU
# Session tickets appeared in version 1.5.9
# nginx does not auto-rotate session ticket keys: only a HUP / restart will do so and
# when a restart is performed the previous key is lost, which resets all previous
# sessions. The fix for this is to setup a manual rotation mechanism:
# Note that you'll have to define and rotate the keys securely by yourself. In absence
# of such infrastructure, consider turning off session tickets:
#ssl_session_tickets off;
# Use a higher keepalive timeout to reduce the need for repeated handshakes
keepalive_timeout 300s; # up from 75 secs default
# HSTS (HTTP Strict Transport Security)
# This header tells browsers to cache the certificate for a year and to connect exclusively via HTTPS.
#add_header Strict-Transport-Security "max-age=31536000;" always;
# This version tells browsers to treat all subdomains the same as this site and to load exclusively over HTTPS
#add_header Strict-Transport-Security "max-age=31536000; includeSubDomains;" always;
# This version tells browsers to treat all subdomains the same as this site and to load exclusively over HTTPS
# Recommend is also to use preload service
#add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload;" always;
# This default SSL certificate will be served whenever the client lacks support for SNI (Server Name Indication).
# Make it a symlink to the most important certificate you have, so that users of IE 8 and below on WinXP can see your main site without SSL errors.
#ssl_certificate /etc/nginx/default_ssl.crt;
#ssl_certificate_key /etc/nginx/default_ssl.key;
# Consider using OCSP Stapling as shown in ssl-stapling.conf
# Force the latest IE version
add_header "X-UA-Compatible" "IE=Edge";
# Built-in filename-based cache busting
# This will route all requests for /css/style.20120716.css to /css/style.css
# Read also this:
# This is not included by default, because it'd be better if you use the build
# script to manage the file names.
location ~* (.+)\.(?:\d+)\.(js|css|png|jpg|jpeg|gif)$ {
try_files $uri $1.$2;
# Cross domain webfont access
location ~* \.(?:ttf|ttc|otf|eot|woff|woff2)$ {
include h5bp/directive-only/cross-domain-insecure.conf;
# Also, set cache rules for webfonts.
# See
# And
# And
expires 1M;
access_log off;
add_header Cache-Control "public";
# Expire rules for static content
# No default expire rule. This config mirrors that of apache as outlined in the
# html5-boilerplate .htaccess file. However, nginx applies rules by location,
# the apache rules are defined by type. A consequence of this difference is that
# if you use no file extension in the url and serve html, with apache you get an
# expire time of 0s, with nginx you'd get an expire header of one month in the
# future (if the default expire rule is 1 month). Therefore, do not use a
# default expire rule with nginx unless your site is completely static
# cache.appcache, your document html and data
location ~* \.(?:manifest|appcache|html?|xml|json)$ {
expires -1;
# Feed
location ~* \.(?:rss|atom)$ {
expires 1h;
# Media: images, icons, video, audio, HTC
location ~* \.(?:jpg|jpeg|gif|png|ico|cur|gz|svg|svgz|mp4|ogg|ogv|webm|htc)$ {
expires 1M;
access_log off;
add_header Cache-Control "public";
# CSS and Javascript
location ~* \.(?:css|js)$ {
expires 1y;
access_log off;
# WebFonts
# If you are NOT using cross-domain-fonts.conf, uncomment the following directive
# location ~* \.(?:ttf|ttc|otf|eot|woff|woff2)$ {
# expires 1M;
# access_log off;
# }
# Prevent clients from accessing hidden files (starting with a dot)
# This is particularly important if you store .htpasswd files in the site hierarchy
# Access to `/.well-known/` is allowed.
location ~* /\.(?!well-known\/) {
deny all;
# Prevent clients from accessing to backup/config/source files
location ~* (?:\.(?:bak|conf|dist|fla|in[ci]|log|psd|sh|sql|sw[op])|~)$ {
deny all;
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment