Merge pull request aschmelyun#122 from aschmelyun/permissions-fix-round-2

aschmelyun · web-flow · commit 926cdaa58605 · 2021-11-07T01:21:13.000-05:00
Permissions fix, round 2
diff --git a/.env.example b/.env.example
diff --git a/README.md b/README.md
@@ -27,11 +27,18 @@ Three additional containers are included that handle Composer, NPM, and Artisan
 
 ## Permissions Issues
 
-If you encounter any issues with filesystem permissions while visiting your application or running a container command, try completing the following steps:
+If you encounter any issues with filesystem permissions while visiting your application or running a container command, try completing one of the sets of steps below.
+
+**If you are using your server or local environment as the root user:**
+
+- Bring any container(s) down with `docker-compose down`
+- Rename `docker-compose.root.yml` file to `docker-compose.root.yml`, replacing the previous one
+- Re-build the containers by running `docker-compose build --no-cache`
+
+**If you are using your server or local environment as a user that is not root:**
 
 - Bring any container(s) down with `docker-compose down`
-- Copy the `.env.example` file in the root of this repo to `.env`
-- Modify the values in the `.env` file to match the user/group that the `src` directory is owned by on the host system
+- In your terminal, run `export UID=$(id -u)` and then `export GID=$(id -g)`
 - Re-build the containers by running `docker-compose build --no-cache`
 
 Then, either bring back up your container network or re-run the command you were trying before, and see if that fixes it.
diff --git a/composer.dockerfile b/composer.dockerfile
diff --git a/docker-compose.root.yml b/docker-compose.root.yml
@@ -0,0 +1,107 @@
+version: '3'
+
+networks:
+  laravel:
+
+services:
+  site:
+    build:
+      context: ./dockerfiles
+      dockerfile: nginx.root.dockerfile
+    container_name: nginx
+    ports:
+      - 80:80
+    volumes:
+      - ./src:/var/www/html:delegated
+    depends_on:
+      - php
+      - redis
+      - mysql
+      - mailhog
+    networks:
+      - laravel
+
+  mysql:
+    image: mariadb:10.6
+    container_name: mysql
+    restart: unless-stopped
+    tty: true
+    ports:
+      - 3306:3306
+    environment:
+      MYSQL_DATABASE: homestead
+      MYSQL_USER: homestead
+      MYSQL_PASSWORD: secret
+      MYSQL_ROOT_PASSWORD: secret
+      SERVICE_TAGS: dev
+      SERVICE_NAME: mysql
+    networks:
+      - laravel
+
+  php:
+    build:
+      context: ./dockerfiles
+      dockerfile: php.root.dockerfile
+    container_name: php
+    volumes:
+      - ./src:/var/www/html:delegated
+    networks:
+      - laravel
+
+  redis:
+    image: redis:alpine
+    container_name: redis
+    restart: unless-stopped
+    ports:
+      - 6379:6379
+    networks:
+      - laravel
+
+  composer:
+    image: composer:2
+    container_name: composer
+    volumes:
+      - ./src:/var/www/html
+    working_dir: /var/www/html
+    depends_on:
+      - php
+    user: root
+    entrypoint: ['composer', '--ignore-platform-reqs']
+    networks:
+      - laravel
+
+  npm:
+    image: node:13.7
+    container_name: npm
+    volumes:
+      - ./src:/var/www/html
+    ports:
+      - 3000:3000
+      - 3001:3001
+    working_dir: /var/www/html
+    entrypoint: ['npm']
+    networks:
+      - laravel
+
+  artisan:
+    build:
+      context: ./dockerfiles
+      dockerfile: php.root.dockerfile
+    container_name: artisan
+    volumes:
+      - ./src:/var/www/html:delegated
+    depends_on:
+      - mysql
+    working_dir: /var/www/html
+    entrypoint: ['php', '/var/www/html/artisan']
+    networks:
+      - laravel
+
+  mailhog:
+    image: mailhog/mailhog:latest
+    container_name: mailhog
+    ports:
+      - 1025:1025
+      - 8025:8025
+    networks:
+      - laravel
diff --git a/docker-compose.yml b/docker-compose.yml
@@ -6,11 +6,11 @@ networks:
 services:
   site:
     build:
-      context: .
+      context: ./dockerfiles
       dockerfile: nginx.dockerfile
       args:
-        - NGINXUSER=${NGINXUSER:-www-data}
-        - NGINXGROUP=${NGINXGROUP:-www-data}
+        - UID=${UID:-1000}
+        - GID=${GID:-1000}
     container_name: nginx
     ports:
       - 80:80
@@ -43,11 +43,11 @@ services:
 
   php:
     build:
-      context: .
+      context: ./dockerfiles
       dockerfile: php.dockerfile
       args:
-        - PHPUSER=${PHPUSER:-www-data}
-        - PHPGROUP=${PHPGROUP:-www-data}
+        - UID=${UID:-1000}
+        - GID=${GID:-1000}
     container_name: php
     volumes:
       - ./src:/var/www/html:delegated
@@ -65,18 +65,18 @@ services:
 
   composer:
     build:
-      context: .
+      context: ./dockerfiles
       dockerfile: composer.dockerfile
       args:
-        - PHPUSER=${PHPUSER:-www-data}
-        - PHPGROUP=${PHPGROUP:-www-data}
+        - UID=${UID:-1000}
+        - GID=${GID:-1000}
     container_name: composer
     volumes:
       - ./src:/var/www/html
     working_dir: /var/www/html
     depends_on:
       - php
-    user: ${PHPUSER:-www-data}
+    user: laravel
     entrypoint: ['composer', '--ignore-platform-reqs']
     networks:
       - laravel
@@ -96,11 +96,11 @@ services:
 
   artisan:
     build:
-      context: .
+      context: ./dockerfiles
       dockerfile: php.dockerfile
       args:
-        - PHPUSER=${PHPUSER:-www-data}
-        - PHPGROUP=${PHPGROUP:-www-data}
+        - UID=${UID:-1000}
+        - GID=${GID:-1000}
     container_name: artisan
     volumes:
       - ./src:/var/www/html:delegated
diff --git a/dockerfiles/composer.dockerfile b/dockerfiles/composer.dockerfile
@@ -0,0 +1,15 @@
+FROM composer:2
+
+ARG UID
+ARG GID
+
+ENV UID=${UID}
+ENV GID=${GID}
+
+# MacOS staff group's gid is 20, so is the dialout group in alpine linux. We're not using it, let's just remove it.
+RUN delgroup dialout
+
+RUN addgroup -g ${GID} --system laravel
+RUN adduser -G laravel --system -D -s /bin/sh -u ${UID} laravel
+
+WORKDIR /var/www/html
diff --git a/dockerfiles/nginx.dockerfile b/dockerfiles/nginx.dockerfile
@@ -0,0 +1,18 @@
+FROM nginx:stable-alpine
+
+ARG UID
+ARG GID
+
+ENV UID=${UID}
+ENV GID=${GID}
+
+# MacOS staff group's gid is 20, so is the dialout group in alpine linux. We're not using it, let's just remove it.
+RUN delgroup dialout
+
+RUN addgroup -g ${GID} --system laravel
+RUN adduser -G laravel --system -D -s /bin/sh -u ${UID} laravel
+RUN sed -i "s/user  nginx/user laravel/g" /etc/nginx/nginx.conf
+
+ADD ./nginx/default.conf /etc/nginx/conf.d/
+
+RUN mkdir -p /var/www/html
diff --git a/dockerfiles/nginx.root.dockerfile b/dockerfiles/nginx.root.dockerfile
@@ -0,0 +1,7 @@
+FROM nginx:stable-alpine
+
+RUN sed -i "s/user  nginx/user root/g" /etc/nginx/nginx.conf
+
+ADD ./nginx/default.conf /etc/nginx/conf.d/
+
+RUN mkdir -p /var/www/html
diff --git a/dockerfiles/nginx/default.conf b/dockerfiles/nginx/default.conf
diff --git a/dockerfiles/php.dockerfile b/dockerfiles/php.dockerfile
@@ -0,0 +1,30 @@
+FROM php:8-fpm-alpine
+
+ARG UID
+ARG GID
+
+ENV UID=${UID}
+ENV GID=${GID}
+
+RUN mkdir -p /var/www/html
+
+WORKDIR /var/www/html
+
+# MacOS staff group's gid is 20, so is the dialout group in alpine linux. We're not using it, let's just remove it.
+RUN delgroup dialout
+
+RUN addgroup -g ${GID} --system laravel
+RUN adduser -G laravel --system -D -s /bin/sh -u ${UID} laravel
+
+RUN sed -i "s/user = www-data/user = laravel/g" /usr/local/etc/php-fpm.d/www.conf
+RUN sed -i "s/group = www-data/group = laravel/g" /usr/local/etc/php-fpm.d/www.conf
+RUN echo "php_admin_flag[log_errors] = on" >> /usr/local/etc/php-fpm.d/www.conf
+
+RUN docker-php-ext-install pdo pdo_mysql
+
+RUN mkdir -p /usr/src/php/ext/redis \
+    && curl -L https://github.com/phpredis/phpredis/archive/5.3.4.tar.gz | tar xvz -C /usr/src/php/ext/redis --strip 1 \
+    && echo 'redis' >> /usr/src/php-available-exts \
+    && docker-php-ext-install redis
+
+CMD ["php-fpm", "-y", "/usr/local/etc/php-fpm.conf", "-R"]
diff --git a/dockerfiles/php.root.dockerfile b/dockerfiles/php.root.dockerfile
@@ -1,20 +1,11 @@
 FROM php:8-fpm-alpine
 
-ARG PHPGROUP
-ARG PHPUSER
-
-ENV PHPGROUP=${PHPGROUP}
-ENV PHPUSER=${PHPUSER}
-
-RUN addgroup --system ${PHPGROUP}; exit 0
-RUN adduser --system -G ${PHPGROUP} -s /bin/sh -D ${PHPUSER}; exit 0
-
 RUN mkdir -p /var/www/html
 
 WORKDIR /var/www/html
 
-RUN sed -i "s/user = www-data/user = ${PHPUSER}/g" /usr/local/etc/php-fpm.d/www.conf
-RUN sed -i "s/group = www-data/group = ${PHPGROUP}/g" /usr/local/etc/php-fpm.d/www.conf
+RUN sed -i "s/user = www-data/user = root/g" /usr/local/etc/php-fpm.d/www.conf
+RUN sed -i "s/group = www-data/group = root/g" /usr/local/etc/php-fpm.d/www.conf
 RUN echo "php_admin_flag[log_errors] = on" >> /usr/local/etc/php-fpm.d/www.conf
 
 RUN docker-php-ext-install pdo pdo_mysql
diff --git a/nginx.dockerfile b/nginx.dockerfile
