Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Draft version of ubi9 image #59

Draft
wants to merge 3 commits into
base: master
Choose a base branch
from
Draft

Conversation

ViliusS
Copy link

@ViliusS ViliusS commented Apr 18, 2024

This image is built using ubi9 base images from RedHat, and at least at some level follows s2i framework.

Pros

  • It builds much faster as Apache, PHP and almost all other dependencies are already prebuilt.
  • PHP is running as CGI (PHP-FPM) instead of Apache module, which in some cases could be faster.
  • Various parameters from s2i framework can be used to customize Apache and PHP configuration. s2i can be used even further to build the image directly from GitHub URL + install Composer dependencies skipping ZIP download all together, though one must check if Grav is ready for that.
  • Some configuration options, such as MaxRequestWorkers are automatically adjusted depending on the memory allowed during the runtime.
  • Supports running Grav with HTTPS without any additional proxies. One just needs to add correct certificates to ./httpd-ssl folder.
  • Image is rootless. Apache and PHP-FPM runs as default user, though this can be modified if needed by just adding USER directive to the Dockerfile.

Cons

  • The image is ~20% bigger. If this is a showstopper we could try to use s2i-core base instead of s2i-base and configure Apache ourselves, as current base image includes node.js for some reason. Building from s2i-base would still be faster than previously as Apache/PHP installation in RPM OSes is straight forward.
  • Doesn't include yaml PECL module as official RedHat repositories do not have it.

Caveats:

  • The image removes subscription-manager so it won't ping RedHat home.
  • Default port is now 8080 (8443 for HTTPS).
  • Cron still runs as root, so it cannot be killed, if needed, inside rootless image.

TODO:

  • Adjust default PHP settings to where they were in the old image. Most of the defaults are actually already in sync.
  • Disable Apache version exposure for production use.
  • Decide if a volume really should point to Grav web root. Currently I left it as it were. IMHO, it would be better to just persist /user and maybe /logs folders.
  • Adjust documentation.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

1 participant