build(docker): optimize image size and security

- add mysql client binaries for database operations - reduce php extensions to production essentials - bind mysql and phpmyadmin to localhost only - replace php-fpm.conf with php.ini for upload limits
2026-03-21 03:39:34 +03:00
parent 7b6ed48812
commit e13724a8be
4 changed files with 18 additions and 9 deletions
--- a/.dockerignore
+++ b/.dockerignore
@@ -1,3 +1,3 @@
 *
 !docker/entrypoint.sh
-!docker/php-fpm.conf
+!docker/php.ini
--- a/compose.yaml
+++ b/compose.yaml
@@ -26,11 +26,10 @@ services:
    volumes:
      - ./:/var/www

-
  mysql:
    image: mysql:8.0
    ports:
-      - "${DB_PORT:-3306}:3306"
+      - "127.0.0.1:${DB_PORT:-3306}:3306"
    environment:
      - MYSQL_DATABASE=${DB_DATABASE}
      - MYSQL_USER=${DB_USERNAME}
@@ -44,9 +43,11 @@ services:
    image: phpmyadmin:latest
    restart: unless-stopped
    ports:
-      - "8080:80"
+      - "127.0.0.1:8080:80"
    environment:
      - PMA_HOST=mysql
+      - PMA_USER=root
+      - PMA_PASSWORD=${DB_ROOT_PASSWORD}
      - PMA_PORT=${DB_PORT:-3306}
      - UPLOAD_LIMIT=100M
    depends_on:
--- a/docker/Dockerfile
+++ b/docker/Dockerfile
@@ -1,11 +1,15 @@
+FROM mysql:8.0 AS mysql
+
 FROM php:8.3-fpm

+COPY --from=mysql /usr/bin/mysql /usr/bin/mysql
+COPY --from=mysql /usr/bin/mysqldump /usr/bin/mysqldump
+
 RUN apt-get update && apt-get install -y --no-install-recommends \
-    libpng-dev libonig-dev libxml2-dev libzip-dev \
-    zip unzip git gosu \
-    netcat-traditional \
-&& docker-php-ext-install pdo_mysql mbstring exif pcntl bcmath gd zip \
-&& apt-get clean && rm -rf /var/lib/apt/lists/*
+    libonig-dev libicu-dev \
+    gosu netcat-traditional \
+ && docker-php-ext-install pdo_mysql mbstring intl \
+ && apt-get clean && rm -rf /var/lib/apt/lists/*

 COPY --from=composer:latest /usr/bin/composer /usr/bin/composer

@@ -26,6 +30,8 @@ RUN if getent group ${GID}; then \
 RUN sed -i "s/user = www-data/user = www/g" /usr/local/etc/php-fpm.d/www.conf && \
    sed -i "s/group = www-data/group = $group_name/g" /usr/local/etc/php-fpm.d/www.conf

+COPY --chmod=644 ./docker/php.ini /usr/local/etc/php/conf.d/laravel.ini
+
 COPY ./docker/entrypoint.sh /usr/local/bin/
 RUN chmod +x /usr/local/bin/entrypoint.sh

--- a/docker/php.ini
+++ b/docker/php.ini
@@ -0,0 +1,2 @@
+post_max_size = 20M
+upload_max_filesize = 20M