build(docker): optimize image size and security

- add mysql client binaries for database operations - reduce php extensions to production essentials - bind mysql and phpmyadmin to localhost only - replace php-fpm.conf with php.ini for upload limits
2026-03-21 03:39:34 +03:00
parent 7b6ed48812
commit e13724a8be
4 changed files with 18 additions and 9 deletions
--- a/docker/Dockerfile
+++ b/docker/Dockerfile
@@ -1,11 +1,15 @@
+FROM mysql:8.0 AS mysql
+
 FROM php:8.3-fpm

+COPY --from=mysql /usr/bin/mysql /usr/bin/mysql
+COPY --from=mysql /usr/bin/mysqldump /usr/bin/mysqldump
+
 RUN apt-get update && apt-get install -y --no-install-recommends \
-    libpng-dev libonig-dev libxml2-dev libzip-dev \
-    zip unzip git gosu \
-    netcat-traditional \
-&& docker-php-ext-install pdo_mysql mbstring exif pcntl bcmath gd zip \
-&& apt-get clean && rm -rf /var/lib/apt/lists/*
+    libonig-dev libicu-dev \
+    gosu netcat-traditional \
+ && docker-php-ext-install pdo_mysql mbstring intl \
+ && apt-get clean && rm -rf /var/lib/apt/lists/*

 COPY --from=composer:latest /usr/bin/composer /usr/bin/composer

@@ -26,6 +30,8 @@ RUN if getent group ${GID}; then \
 RUN sed -i "s/user = www-data/user = www/g" /usr/local/etc/php-fpm.d/www.conf && \
    sed -i "s/group = www-data/group = $group_name/g" /usr/local/etc/php-fpm.d/www.conf

+COPY --chmod=644 ./docker/php.ini /usr/local/etc/php/conf.d/laravel.ini
+
 COPY ./docker/entrypoint.sh /usr/local/bin/
 RUN chmod +x /usr/local/bin/entrypoint.sh

--- a/docker/php.ini
+++ b/docker/php.ini
@@ -0,0 +1,2 @@
+post_max_size = 20M
+upload_max_filesize = 20M