build/pixelfed/pixelfed-web/Dockerfile

FROM pixelfed-base AS pixelfed-web

# Install Nginx and supervisor for the web container
RUN apk add --no-cache nginx supervisor

# Configure PHP-FPM for web workload
RUN sed -i 's/user = www-data/user = pixelfed/' /usr/local/etc/php-fpm.d/www.conf \
    && sed -i 's/group = www-data/group = pixelfed/' /usr/local/etc/php-fpm.d/www.conf \
    && sed -i 's/listen = 127.0.0.1:9000/listen = 9000/' /usr/local/etc/php-fpm.d/www.conf \
    && sed -i 's/;listen.allowed_clients = 127.0.0.1/listen.allowed_clients = 127.0.0.1/' /usr/local/etc/php-fpm.d/www.conf

# Web-specific PHP configuration for better performance
RUN echo "pm = dynamic" >> /usr/local/etc/php-fpm.d/www.conf \
    && echo "pm.max_children = 50" >> /usr/local/etc/php-fpm.d/www.conf \
    && echo "pm.start_servers = 5" >> /usr/local/etc/php-fpm.d/www.conf \
    && echo "pm.min_spare_servers = 5" >> /usr/local/etc/php-fpm.d/www.conf \
    && echo "pm.max_spare_servers = 35" >> /usr/local/etc/php-fpm.d/www.conf \
    && echo "pm.max_requests = 500" >> /usr/local/etc/php-fpm.d/www.conf

# Copy web-specific configuration files
COPY nginx.conf /etc/nginx/nginx.conf
COPY supervisord-web.conf /etc/supervisor/conf.d/supervisord.conf
COPY entrypoint-web.sh /entrypoint.sh
RUN chmod +x /entrypoint.sh

# Create nginx directories and set permissions
RUN mkdir -p /var/log/nginx \
    && mkdir -p /var/log/supervisor \
    && chown -R nginx:nginx /var/log/nginx

# Create SSL directories for cert-manager mounted certificates
RUN mkdir -p /etc/ssl/certs /etc/ssl/private \
    && chown -R nginx:nginx /etc/ssl

# Health check optimized for web container (check both HTTP and HTTPS)
HEALTHCHECK --interval=30s --timeout=10s --start-period=60s --retries=3 \
    CMD curl -f http://localhost:80/api/v1/instance || curl -k -f https://localhost:443/api/v1/instance || exit 1

# Expose HTTP and HTTPS ports
EXPOSE 80 443

# Run as root to manage nginx and php-fpm
USER root

ENTRYPOINT ["/entrypoint.sh"]
CMD ["supervisord", "-c", "/etc/supervisor/conf.d/supervisord.conf"]
add source code and readme 2025-12-24 14:35:17 +01:00			`FROM pixelfed-base AS pixelfed-web`

			`# Install Nginx and supervisor for the web container`
			`RUN apk add --no-cache nginx supervisor`

			`# Configure PHP-FPM for web workload`
			`RUN sed -i 's/user = www-data/user = pixelfed/' /usr/local/etc/php-fpm.d/www.conf \`
			`&& sed -i 's/group = www-data/group = pixelfed/' /usr/local/etc/php-fpm.d/www.conf \`
			`&& sed -i 's/listen = 127.0.0.1:9000/listen = 9000/' /usr/local/etc/php-fpm.d/www.conf \`
			`&& sed -i 's/;listen.allowed_clients = 127.0.0.1/listen.allowed_clients = 127.0.0.1/' /usr/local/etc/php-fpm.d/www.conf`

			`# Web-specific PHP configuration for better performance`
			`RUN echo "pm = dynamic" >> /usr/local/etc/php-fpm.d/www.conf \`
			`&& echo "pm.max_children = 50" >> /usr/local/etc/php-fpm.d/www.conf \`
			`&& echo "pm.start_servers = 5" >> /usr/local/etc/php-fpm.d/www.conf \`
			`&& echo "pm.min_spare_servers = 5" >> /usr/local/etc/php-fpm.d/www.conf \`
			`&& echo "pm.max_spare_servers = 35" >> /usr/local/etc/php-fpm.d/www.conf \`
			`&& echo "pm.max_requests = 500" >> /usr/local/etc/php-fpm.d/www.conf`

			`# Copy web-specific configuration files`
			`COPY nginx.conf /etc/nginx/nginx.conf`
			`COPY supervisord-web.conf /etc/supervisor/conf.d/supervisord.conf`
			`COPY entrypoint-web.sh /entrypoint.sh`
			`RUN chmod +x /entrypoint.sh`

			`# Create nginx directories and set permissions`
			`RUN mkdir -p /var/log/nginx \`
			`&& mkdir -p /var/log/supervisor \`
			`&& chown -R nginx:nginx /var/log/nginx`

			`# Create SSL directories for cert-manager mounted certificates`
			`RUN mkdir -p /etc/ssl/certs /etc/ssl/private \`
			`&& chown -R nginx:nginx /etc/ssl`

			`# Health check optimized for web container (check both HTTP and HTTPS)`
			`HEALTHCHECK --interval=30s --timeout=10s --start-period=60s --retries=3 \`
			`CMD curl -f http://localhost:80/api/v1/instance \|\| curl -k -f https://localhost:443/api/v1/instance \|\| exit 1`

			`# Expose HTTP and HTTPS ports`
			`EXPOSE 80 443`

			`# Run as root to manage nginx and php-fpm`
			`USER root`

			`ENTRYPOINT ["/entrypoint.sh"]`
			`CMD ["supervisord", "-c", "/etc/supervisor/conf.d/supervisord.conf"]`