Update container registry URL

Add entrypoint that calls envsubst ahead of starting nginx

Makefile

@@ -0,0 +1,20 @@
+REPOSITORY_PROXY   = dev.enpaul.net/skylab/nxcloud-proxy
+REPOSITORY_SERVER  = dev.enpaul.net/skylab/nxcloud-server
+
+
+.PHONY: help docs
+# source: https://marmelab.com/blog/2016/02/29/auto-documented-makefile.html
+help: ## List Makefile targets
+	$(info Makefile documentation)
+	@grep -E '^[a-zA-Z_-]+:.*?## .*$$' $(MAKEFILE_LIST) | sort | awk 'BEGIN {FS = ":.*?## "}; {printf "\033[36m%-10s\033[0m %s\n", $$1, $$2}'
+
+
+image:  ## Build image
+	podman build ./php-fpm --tag $(REPOSITORY_SERVER):latest
+	podman build ./nginx --tag $(REPOSITORY_PROXY):latest
+
+push: image  ## Build and publish image
+	podman login $(shell echo $(REPOSITORY_SERVER) | cut -d '/' -f 1)
+	podman push $(REPOSITORY_SERVER):latest
+	podman login $(shell echo $(REPOSITORY_PROXY) | cut -d '/' -f 1)
+	podman push $(REPOSITORY_PROXY):latest

docker-compose.yml

@@ -2,79 +2,70 @@
 services:
 
   nginx:
-    container_name: nginx-nextcloud
     build: ./nginx
     ports:
-      - 80:80
+      - 8080:80
       - 443:443
     volumes:
-      - ${NEXTCLOUD_DIR}:/var/www/html
+      - ./appdata/application:/var/www/html
-      - ${DATA_DIR}:/data
+      - ./appdata/data:/data
     environment:
-      - NEXTCLOUD_PHP_FPM_HOST=${NEXTCLOUD_PHP_FPM_HOST}
+      - NEXTCLOUD_PHP_FPM_HOST=nxcloud-server-1:9000
-      - NEXTCLOUD_DOMAIN=${NEXTCLOUD_DOMAIN}
+      - NEXTCLOUD_DOMAIN=localhost
-      - NEXTCLOUD_MAX_UPLOAD_SIZE=${NEXTCLOUD_MAX_UPLOAD_SIZE}
+      - NEXTCLOUD_MAX_UPLOAD_SIZE=4G
     networks:
       - nextcloud
     depends_on:
-      - php-fpm-nextcloud
+      - server
-      - redis-nextcloud
+      - redis
-      - mariadb-nextcloud
+      - mariadb
 
-  php-fpm-nextcloud:
+  server:
-    container_name: php-fpm-nextcloud
     build:
       context: ./php-fpm
       tags:
-        - localhost/php-fpm-nextcloud:latest
+        - vcs.enp.one/skylab/nextcloud-server:latest
     volumes:
-      - ${NEXTCLOUD_DIR}:/var/www/html
+      - ./appdata/application:/var/www/html
-      - ${DATA_DIR}:/data
+      - ./appdata/data:/data
     networks:
       - nextcloud
 
-  mariadb-nextcloud:
+  mariadb:
-    container_name: mariadb-nextcloud
     image: mariadb
     command: --transaction-isolation=READ-COMMITTED --binlog-format=ROW
-    restart: always
     volumes:
-      - ./mariadb:/var/lib/mysql
+      - ./appdata/database:/var/lib/mysql
     environment:
-      - MYSQL_ROOT_PASSWORD=${MARIADB_ROOT_PASS}
+      - MARIADB_RANDOM_ROOT_PASSWORD=true
-      - MYSQL_PASSWORD=${MARIADB_PASS}
+      - MYSQL_PASSWORD=nextcloud
       - MYSQL_DATABASE=nextcloud
       - MYSQL_USER=nextcloud
     networks:
       - nextcloud
 
-  redis-nextcloud:
+  redis:
-    container_name: redis-nextcloud
-#    image: redis:latest
-# keydb is a fork and drop-in replacement for Redis
     image: eqalpha/keydb
-    restart: unless-stopped
     networks:
       - nextcloud
 
-  cron-nextcloud:
+  cron:
-    container_name: cron-nextcloud
+    image: vcs.enp.one/skylab/nextcloud-server:latest
-    image: localhost/php-fpm-nextcloud:latest
-    restart: unless-stopped
     command:
-      - bash
       - -c
-      - "'while true; do php --define apc.enable_cli=1 /var/www/html/cron.php && sleep 300; done'"
+      - "'while true; do php --define apc.enable_cli=1 /var/www/html/cron.php; sleep 300; done'"
     networks:
       - nextcloud
     user: www-data
+    entrypoint:
+      - /bin/bash
     volumes:
-      - ${NEXTCLOUD_DIR}:/var/www/html
+      - ./appdata/application:/var/www/html
-      - ${DATA_DIR}:/data
+      - ./appdata/data:/data
     depends_on:
-      - php-fpm-nextcloud
+      - server
-      - redis-nextcloud
+      - redis
-      - mariadb-nextcloud
+      - mariadb
 
 networks:
   nextcloud:

nginx/Dockerfile

@@ -1,7 +1,7 @@
 FROM docker.io/library/nginx:latest
 
 ENV NEXTCLOUD_DOMAIN=example.com
-ENV NEXTCLOUD_PHP_FPM_HOST=php-fpm-nextcloud:9000
+ENV NEXTCLOUD_PHP_FPM_HOST=server:9000
 ENV NEXTCLOUD_MAX_UPLOAD_SIZE=512M
 
 ADD nginx.conf.template /nginx.conf.template

nginx/nginx.conf.template

@@ -13,8 +13,8 @@ http {
     }
 
     server {
-        listen 80;
+        listen 80 http2;
-        listen [::]:80;
+        listen [::]:80 http2;
         # INFO: Set this to your domain
         server_name ${NEXTCLOUD_DOMAIN};
 
@@ -154,6 +154,7 @@ http {
             fastcgi_request_buffering off;
 
             fastcgi_max_temp_file_size 0;
+            fastcgi_read_timeout 600;
         }
 
         # Serve static files

php-fpm/Dockerfile

@@ -55,12 +55,16 @@ RUN install-php-extensions \
     redis \
     imagick \
     sysvsem \
-    opcache
+    opcache \
+    pgsql
 
 
 # Copy optimized php.ini-development and production
 COPY ./php.ini-production /usr/local/etc/php/php.ini
 
+# Copy optimized php-fpm.ini
+COPY ./php-fpm.ini /usr/local/etc/php-fpm.d/zz-pm-tuning.conf
+
 # Set the working directory
 WORKDIR /var/www/html
 

php-fpm/php-fpm.ini

@@ -0,0 +1,6 @@
+pm = static
+pm.max_children = 800
+pm.start_servers = 200
+pm.min_spare_servers = 200
+pm.max_spare_servers = 600
+rlimit_files = 4096

php-fpm/php.ini-production

@@ -348,13 +348,13 @@ disable_classes =
 ; the file operations performed.
 ; Note: if open_basedir is set, the cache is disabled
 ; https://php.net/realpath-cache-size
-;realpath_cache_size = 4096k
+realpath_cache_size = 4096k
 
 ; Duration of time, in seconds for which to cache realpath information for a given
 ; file or directory. For systems with rarely changing files, consider increasing this
 ; value.
 ; https://php.net/realpath-cache-ttl
-;realpath_cache_ttl = 120
+realpath_cache_ttl = 120
 
 ; Enables or disables the circular reference collector.
 ; https://php.net/zend.enable-gc
@@ -432,7 +432,7 @@ max_input_time = 60
 
 ; Maximum amount of memory a script may consume
 ; https://php.net/memory-limit
-memory_limit = 2048M
+memory_limit = 8G
 
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ; Error handling and logging ;
@@ -855,7 +855,7 @@ file_uploads = On
 upload_max_filesize = 10G
 
 ; Maximum number of files that can be uploaded via a single request
-max_file_uploads = 20
+max_file_uploads = 100
 
 ;;;;;;;;;;;;;;;;;;
 ; Fopen wrappers ;
@@ -1789,14 +1789,14 @@ opcache.enable=1
 opcache.enable_cli=1
 
 ; The OPcache shared memory storage size.
-opcache.memory_consumption=128
+opcache.memory_consumption=256
 
 ; The amount of memory for interned strings in Mbytes.
-opcache.interned_strings_buffer=16
+opcache.interned_strings_buffer=24
 
 ; The maximum number of keys (scripts) in the OPcache hash table.
 ; Only numbers between 200 and 1000000 are allowed.
-opcache.max_accelerated_files=4000
+opcache.max_accelerated_files=10000
 
 ; The maximum percentage of "wasted" memory until a restart is scheduled.
 ;opcache.max_wasted_percentage=5
@@ -1814,7 +1814,7 @@ opcache.validate_timestamps=1
 ; How often (in seconds) to check file timestamps for changes to the shared
 ; memory storage allocation. ("1" means validate once per second, but only
 ; once per request. "0" means always validate)
-opcache.revalidate_freq=60
+opcache.revalidate_freq=1
 
 ; Enables or disables file search in include_path optimization
 ;opcache.revalidate_path=0
@@ -1972,3 +1972,10 @@ opcache.save_comments=1
 
 ; List of headers files to preload, wildcard patterns allowed.
 ;ffi.preload=
+
+
+; Useful Nextcloud optimizations and additions
+apc.enable_cli=1
+opcache.jit_buffer_size = 128M
+opcache.jit = tracing
+opcache.jit = 1235