first commit

drupal/.example-env

@@ -0,0 +1,8 @@
+DOMAIN=
+DRUPAL_DB_HOST=postgres
+DRUPAL_DB_NAME=
+DRUPAL_DB_PASSWORD=
+DRUPAL_DB_PORT=
+DRUPAL_DB_USER=
+DRUPAL_VERSION=
+

drupal/create_infra.bash

@@ -0,0 +1,14 @@
+#!/bin/bash
+
+
+if [ ! -d "drupal/root" ]; then
+    mkdir -p drupal/root
+    docker run --rm drupal:11.1.6-php8.4-fpm-bookworm tar -cC /opt/drupal/ . | tar -xC drupal/root
+fi
+
+source ../core/.env
+source .env
+
+docker exec postgres psql -U $POSTGRES_USER -d postgres -c "CREATE USER $DRUPAL_DB_USER WITH PASSWORD '$DRUPAL_DB_PASSWORD';"
+docker exec postgres psql -U $POSTGRES_USER -d postgres -c "CREATE DATABASE $DRUPAL_DB_NAME OWNER $DRUPAL_DB_USER;"
+docker exec postgres psql -U $POSTGRES_USER -d $DRUPAL_DB_NAME -c "GRANT ALL PRIVILEGES ON DATABASE $DRUPAL_DB_NAME TO $DRUPAL_DB_USER;"

drupal/docker-compose.yml

@@ -0,0 +1,70 @@
+services:
+  nginx:
+    image: drupal-nginx
+    build:
+      context: ./nginx
+      dockerfile: Dockerfile
+      args:
+        DOMAIN: ${DOMAIN}
+    container_name: drupal-reverse-proxy
+    labels:
+      - traefik.enable=true
+      - traefik.docker.network=traefik
+      - traefik.http.routers.drupal-reverse-proxy.rule=Host(`${DOMAIN}`)
+      - traefik.http.routers.drupal-reverse-proxy.entrypoints=web,websecure
+      - traefik.http.routers.drupal-reverse-proxy.middlewares=https-redirect
+      - traefik.http.routers.drupal-reverse-proxy.tls=true
+      - traefik.http.routers.drupal-reverse-proxy.tls.certresolver=le
+      - traefik.http.services.drupal-reverse-proxy.loadbalancer.server.port=80
+    volumes:
+      - ./drupal/root/web:/var/www/html
+    networks:
+      - traefik
+      - drupal
+
+  drupal-fpm:
+    image: drupal-php8-4-fpm-bookworm
+    build:
+      context: ./drupal
+      dockerfile: Dockerfile
+      args:
+        DRUPAL_VERSION: ${DRUPAL_VERSION:-11.1.6}
+    labels:
+      - traefik.enable=false
+    container_name: drupal-fpm
+    expose:
+      - "9000"
+    volumes:
+      - ./drupal/root:/opt/drupal
+    networks:
+      - database
+      - drupal
+
+  redis:
+    image: redis:7-alpine
+    container_name: drupal-redis
+    command: redis-server --loglevel warning
+    environment:
+      - OVERC
+    volumes:
+      - redis-data:/data
+    networks:
+      - drupal
+    healthcheck:
+      test: ["CMD", "redis-cli", "ping"]
+      interval: 10s
+      timeout: 5s
+      retries: 5
+      start_period: 10s
+
+volumes:
+  redis-data:
+    name: drupal-redis-data
+
+networks:
+  traefik:
+    external: true
+  database:
+    external: true
+  drupal:
+    name: drupal

drupal/drupal/Dockerfile

@@ -0,0 +1,32 @@
+ARG DRUPAL_VERSION
+
+FROM drupal:${DRUPAL_VERSION}-php8.4-fpm-bookworm
+
+RUN apt-get update && apt-get install -y \
+    git \
+    vim \
+    && rm -rf /var/lib/apt/lists/*
+
+# Upload progress
+RUN	set -eux; \
+    git clone https://github.com/php/pecl-php-uploadprogress/ /usr/src/php/ext/uploadprogress/; \
+    docker-php-ext-configure uploadprogress; \
+    docker-php-ext-install uploadprogress; \
+    rm -rf /usr/src/php/ext/uploadprogress;
+
+# Install apcu
+RUN set -eux; \
+    pecl install apcu;
+
+# Add php configs
+RUN { \
+    echo 'extension=apcu.so'; \
+    echo "apc.enable_cli=1"; \
+    echo "apc.enable=1"; \
+    echo "apc.shm_size=32M"; \
+    } >> /usr/local/etc/php/conf.d/zz-apcu-custom.ini;
+
+# Enable output buffering
+RUN { \
+    echo 'output_buffering = on'; \
+    } >> /usr/local/etc/php/conf.d/zz-drupal-recommended.ini;

drupal/nginx/Dockerfile

@@ -0,0 +1,8 @@
+FROM nginx:latest
+
+COPY ./nginx.conf.template /etc/nginx/nginx.conf.template
+
+ARG DOMAIN
+RUN sed 's|${DOMAIN}|'"$DOMAIN"'|g' /etc/nginx/nginx.conf.template > /etc/nginx/nginx.conf
+
+ENTRYPOINT ["nginx", "-g", "daemon off;"]

drupal/nginx/nginx.conf.template

@@ -0,0 +1,66 @@
+user www-data;
+worker_processes auto;
+error_log /var/log/nginx/error.log warn;
+pid /var/run/nginx.pid;
+
+events {
+    worker_connections 1024;
+}
+
+http {
+    include /etc/nginx/mime.types;
+    default_type application/octet-stream;
+    log_format main '$remote_addr - $remote_user [$time_local] "$request" '
+                    '$status $body_bytes_sent "$http_referer" '
+                    '"$http_user_agent" "$http_x_forwarded_for"';
+    access_log /var/log/nginx/access.log main;
+    sendfile on;
+    keepalive_timeout 65;
+    gzip on;
+
+    server {
+        listen 80;
+        server_name ${DOMAIN};
+        root /var/www/html;
+
+        location / {
+            try_files $uri /index.php$is_args$args;
+        }
+
+        location ~ \.php$ {
+            fastcgi_pass drupal-fpm:9000;
+            fastcgi_split_path_info ^(.+\.php)(/.*)$;
+            include fastcgi_params;
+            fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
+            fastcgi_param DOCUMENT_ROOT $document_root;
+        }
+
+        location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ {
+            try_files $uri @rewrite;
+            expires max;
+            log_not_found off;
+        }
+
+        location @rewrite {
+            rewrite ^ /index.php;
+        }
+
+        # Don't allow direct access to PHP files in the vendor directory
+        location ~ /vendor/.*\.php$ {
+            deny all;
+            return 404;
+        }
+
+        # Protect files and directories from prying eyes
+        location ~* \.(engine|inc|install|make|module|profile|po|sh|.*sql|theme|twig|tpl(\.php)?|xtmpl|yml)(~|\.sw[op]|\.bak|\.orig|\.save)?$|^(\.(?!well-known).*|Entries.*|Repository|Root|Tag|Template|composer\.(json|lock)|web\.config)$|^#.*#$|\.php(~|\.sw[op]|\.bak|\.orig|\.save)$ {
+            deny all;
+            return 404;
+        }
+
+        # Protect .git directory
+        location ~ /\.git {
+            deny all;
+            return 404;
+        }
+    }
+}