!LOCAL Add tuned php-fpm config for increasing process count

Add entrypoint that calls envsubst ahead of starting nginx

Makefile

@@ -0,0 +1,20 @@
+REPOSITORY_PROXY   = vcs.enp.one/skylab/nxcloud-proxy
+REPOSITORY_SERVER  = vcs.enp.one/skylab/nxcloud-server
+
+
+.PHONY: help docs
+# source: https://marmelab.com/blog/2016/02/29/auto-documented-makefile.html
+help: ## List Makefile targets
+	$(info Makefile documentation)
+	@grep -E '^[a-zA-Z_-]+:.*?## .*$$' $(MAKEFILE_LIST) | sort | awk 'BEGIN {FS = ":.*?## "}; {printf "\033[36m%-10s\033[0m %s\n", $$1, $$2}'
+
+
+image:  ## Build image
+	podman build ./php-fpm --tag $(REPOSITORY_SERVER):latest
+	podman build ./nginx --tag $(REPOSITORY_PROXY):latest
+
+push: image  ## Build and publish image
+	podman login $(shell echo $(REPOSITORY_SERVER) | cut -d '/' -f 1)
+	podman push $(REPOSITORY_SERVER):latest
+	podman login $(shell echo $(REPOSITORY_PROXY) | cut -d '/' -f 1)
+	podman push $(REPOSITORY_PROXY):latest

README.md

@@ -61,6 +61,12 @@ Simply run this command from the root of the cloned repo:
 
 this will take a while.
 
+### Building nginx
+This will embed an optimized configuration for serving Nextcloud files and PHP-FPM resources. Run this
+command from the root of the cloned repo:
+
+`docker compose build nginx`
+
 ### Installing Nextcloud
 
 Run `docker compose up -d`. If something doesn't work try debugging it yourself of open an issue with the php-fpm and nginx logs attached.
@@ -82,9 +88,6 @@ Edit `/your/nextcloud/root/nextcloud/config/config.php` and add the following op
 ),
 ```
 
-### Editing nginx.conf
-You may also have to replace `example.com` with your own domain or multiple domains in the nginx.conf file.
-
 ### Enabling system cron (optional)
 Nextcloud must perform background tasks. The best way to do that is to use cron. However, on docker this is not easily doable. Here the host will perform the cronjobs required.
 
@@ -165,4 +168,4 @@ Add this to your `/your/nextcloud/root/nextcloud/config/config.php`:
 
 
 ### Migrating from existing Nextcloud
-To migrate you follow the steps described in the official [docs](https://docs.nextcloud.com/server/28/admin_manual/maintenance/migrating.html). The only difference here is importing the database backup into MariaDB running in the Docker Container. The way I did it is I exposed a port to MariaDB in the docker compose file and I ran something like `mysql -h [localhost:PORT HERE] -u nextcloud -pPASSWORD HERE nextcloud < database.bak` to import the backed up database.
+To migrate you follow the steps described in the official [docs](https://docs.nextcloud.com/server/28/admin_manual/maintenance/migrating.html). The only difference here is importing the database backup into MariaDB running in the Docker Container. The way I did it is I exposed a port to MariaDB in the docker compose file and I ran something like `mysql -h [localhost:PORT HERE] -u nextcloud -pPASSWORD HERE nextcloud < database.bak` to import the backed up database.

docker-compose.yml

@@ -2,55 +2,71 @@
 services:
 
   nginx:
-    container_name: nginx-nextcloud
+    build: ./nginx
-    image: nginx:latest
     ports:
-      - 80:80
+      - 8080:80
       - 443:443
     volumes:
-      - ${NEXTCLOUD_DIR}:/var/www/html
+      - ./appdata/application:/var/www/html
-      - ${DATA_DIR}:/data
+      - ./appdata/data:/data
-      - ./nginx.conf:/etc/nginx/nginx.conf:ro
+    environment:
+      - NEXTCLOUD_PHP_FPM_HOST=nxcloud-server-1:9000
+      - NEXTCLOUD_DOMAIN=localhost
+      - NEXTCLOUD_MAX_UPLOAD_SIZE=4G
     networks:
       - nextcloud
     depends_on:
-      - php-fpm-nextcloud
+      - server
-      - redis-nextcloud
+      - redis
-      - mariadb-nextcloud
+      - mariadb
 
-  php-fpm-nextcloud:
+  server:
-    container_name: php-fpm-nextcloud
+    build:
-    build: ./php-fpm
+      context: ./php-fpm
+      tags:
+        - vcs.enp.one/skylab/nextcloud-server:latest
     volumes:
-      - ${NEXTCLOUD_DIR}:/var/www/html
+      - ./appdata/application:/var/www/html
-      - ${DATA_DIR}:/data
+      - ./appdata/data:/data
     networks:
       - nextcloud
 
-  mariadb-nextcloud:
+  mariadb:
-    container_name: mariadb-nextcloud
     image: mariadb
     command: --transaction-isolation=READ-COMMITTED --binlog-format=ROW
-    restart: always
     volumes:
-      - ./mariadb:/var/lib/mysql
+      - ./appdata/database:/var/lib/mysql
     environment:
-      - MYSQL_ROOT_PASSWORD=${MARIADB_ROOT_PASS}
+      - MARIADB_RANDOM_ROOT_PASSWORD=true
-      - MYSQL_PASSWORD=${MARIADB_PASS}
+      - MYSQL_PASSWORD=nextcloud
       - MYSQL_DATABASE=nextcloud
       - MYSQL_USER=nextcloud
     networks:
       - nextcloud
 
-  redis-nextcloud:
+  redis:
-    container_name: redis-nextcloud
-#    image: redis:latest
-# keydb is a fork and drop-in replacement for Redis
     image: eqalpha/keydb
-    restart: unless-stopped
     networks:
       - nextcloud
 
+  cron:
+    image: vcs.enp.one/skylab/nextcloud-server:latest
+    command:
+      - -c
+      - "'while true; do php --define apc.enable_cli=1 /var/www/html/cron.php; sleep 300; done'"
+    networks:
+      - nextcloud
+    user: www-data
+    entrypoint:
+      - /bin/bash
+    volumes:
+      - ./appdata/application:/var/www/html
+      - ./appdata/data:/data
+    depends_on:
+      - server
+      - redis
+      - mariadb
+
 networks:
   nextcloud:
     driver: bridge

nginx/Dockerfile

@@ -0,0 +1,10 @@
+FROM docker.io/library/nginx:latest
+
+ENV NEXTCLOUD_DOMAIN=example.com
+ENV NEXTCLOUD_PHP_FPM_HOST=server:9000
+ENV NEXTCLOUD_MAX_UPLOAD_SIZE=512M
+
+ADD nginx.conf.template /nginx.conf.template
+ADD docker-entrypoint.sh /docker-entrypoint.sh
+
+ENTRYPOINT ["sh", "-c", "/docker-entrypoint.sh"]

nginx/docker-entrypoint.sh

@@ -0,0 +1,16 @@
+#/usr/bin/env bash
+
+# This implementation is adapted from the solution proposed here:
+# https://stackoverflow.com/questions/21866477/nginx-use-environment-variables
+
+# envsubst will take the input and replace all references to environment
+# variables with their corresponding value. Because nginx uses the same
+# '$' prefix for its internal variables, we should explicitly define the
+# variables we want to replace rather than replacing all env vars.
+envsubst '
+$NEXTCLOUD_PHP_FPM_HOST
+$NEXTCLOUD_DOMAIN
+$NEXTCLOUD_MAX_UPLOAD_SIZE
+' < /nginx.conf.template > /etc/nginx/nginx.conf
+
+exec nginx -g 'daemon off;'

nginx/nginx.conf.template

@@ -2,7 +2,7 @@ events { worker_connections 1024; }
 http {
 
     upstream php-handler {
-        server php-fpm-nextcloud:9000;
+        server ${NEXTCLOUD_PHP_FPM_HOST};
         #server unix:/run/php/php8.2-fpm.sock;
     }
 
@@ -13,10 +13,10 @@ http {
     }
 
     server {
-        listen 80;
+        listen 80 http2;
-        listen [::]:80;
+        listen [::]:80 http2;
         # INFO: Set this to your domain
-        server_name example.com;
+        server_name ${NEXTCLOUD_DOMAIN};
 
         # Prevent nginx HTTP Server Detection
         server_tokens off;
@@ -34,7 +34,7 @@ http {
         add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload" always;
 
         # set max upload size and increase upload timeout:
-        client_max_body_size 512M;
+        client_max_body_size ${NEXTCLOUD_MAX_UPLOAD_SIZE};
         client_body_timeout 300s;
         fastcgi_buffers 64 4K;
 
@@ -154,6 +154,7 @@ http {
             fastcgi_request_buffering off;
 
             fastcgi_max_temp_file_size 0;
+            fastcgi_read_timeout 600;
         }
 
         # Serve static files

php-fpm/Dockerfile

@@ -55,12 +55,16 @@ RUN install-php-extensions \
     redis \
     imagick \
     sysvsem \
-    opcache
+    opcache \
+    pgsql
 
 
 # Copy optimized php.ini-development and production
 COPY ./php.ini-production /usr/local/etc/php/php.ini
 
+# Copy optimized php-fpm.ini
+COPY ./php-fpm.ini /usr/local/etc/php-fpm.d/zz-pm-tuning.conf
+
 # Set the working directory
 WORKDIR /var/www/html
 

php-fpm/php-fpm.ini

@@ -0,0 +1,5 @@
+pm = static
+pm.max_children = 800
+pm.start_servers = 200
+pm.min_spare_servers = 200
+pm.max_spare_servers = 600

php-fpm/php.ini-production

@@ -348,13 +348,13 @@ disable_classes =
 ; the file operations performed.
 ; Note: if open_basedir is set, the cache is disabled
 ; https://php.net/realpath-cache-size
-;realpath_cache_size = 4096k
+realpath_cache_size = 4096k
 
 ; Duration of time, in seconds for which to cache realpath information for a given
 ; file or directory. For systems with rarely changing files, consider increasing this
 ; value.
 ; https://php.net/realpath-cache-ttl
-;realpath_cache_ttl = 120
+realpath_cache_ttl = 120
 
 ; Enables or disables the circular reference collector.
 ; https://php.net/zend.enable-gc
@@ -432,7 +432,7 @@ max_input_time = 60
 
 ; Maximum amount of memory a script may consume
 ; https://php.net/memory-limit
-memory_limit = 2048M
+memory_limit = 8G
 
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ; Error handling and logging ;
@@ -855,7 +855,7 @@ file_uploads = On
 upload_max_filesize = 10G
 
 ; Maximum number of files that can be uploaded via a single request
-max_file_uploads = 20
+max_file_uploads = 100
 
 ;;;;;;;;;;;;;;;;;;
 ; Fopen wrappers ;
@@ -1789,14 +1789,14 @@ opcache.enable=1
 opcache.enable_cli=1
 
 ; The OPcache shared memory storage size.
-opcache.memory_consumption=128
+opcache.memory_consumption=256
 
 ; The amount of memory for interned strings in Mbytes.
-opcache.interned_strings_buffer=16
+opcache.interned_strings_buffer=24
 
 ; The maximum number of keys (scripts) in the OPcache hash table.
 ; Only numbers between 200 and 1000000 are allowed.
-opcache.max_accelerated_files=4000
+opcache.max_accelerated_files=10000
 
 ; The maximum percentage of "wasted" memory until a restart is scheduled.
 ;opcache.max_wasted_percentage=5
@@ -1814,7 +1814,7 @@ opcache.validate_timestamps=1
 ; How often (in seconds) to check file timestamps for changes to the shared
 ; memory storage allocation. ("1" means validate once per second, but only
 ; once per request. "0" means always validate)
-opcache.revalidate_freq=60
+opcache.revalidate_freq=1
 
 ; Enables or disables file search in include_path optimization
 ;opcache.revalidate_path=0
@@ -1972,3 +1972,10 @@ opcache.save_comments=1
 
 ; List of headers files to preload, wildcard patterns allowed.
 ;ffi.preload=
+
+
+; Useful Nextcloud optimizations and additions
+apc.enable_cli=1
+opcache.jit_buffer_size = 128M
+opcache.jit = tracing
+opcache.jit = 1235