serve via apache2 (multi-stage build)

Dockerfile

@@ -1,32 +1,55 @@
-FROM php:7.2-alpine
+FROM composer:1.7 as php-build
+RUN apk add git
+RUN adduser -S dev
+RUN mkdir /koel && chown dev /koel
+WORKDIR /koel
+USER dev
+ENV KOEL_VERSION 3.7.2
+RUN git clone --recurse-submodules --quiet \
+    --branch "v${KOEL_VERSION}" \
+    https://github.com/phanan/koel .
+RUN composer install --no-interaction
 
-# postgresql-dev: required for build of pdo_pgsql (includes libpq-fe.h)
-# zlib-dev: required by zip module
-# yarn: called by artisan koel:init to prepare frontend
-RUN apk add \
-    composer \
-    git \
-    postgresql-dev \
-    yarn \
-    zlib-dev
+FROM node:8.12.0-alpine as js-build
+# gyp verb `which` failed Error: not found: python2
+# gyp verb `which` failed     at getNotFoundError (/koel/node_modules/which/which.js:13:12)
+# ...
+# gyp verb `which` failed     at FSReqWrap.oncomplete (fs.js:154:21)
+RUN apk add python2 make g++
+RUN adduser -S dev
+USER dev
+COPY --from=php-build --chown=dev:nogroup /koel /koel
+WORKDIR /koel
+RUN yarn install
 
+FROM php:7.2.10-apache-stretch
+RUN find / -xdev -type f -perm /u+s -exec chmod --changes u-s {} \; \
+    && find / -xdev -type f -perm /g+s -exec chmod --changes g-s {} \;
+# libpq-dev: required for build of pdo_pgsql (includes libpq-fe.h)
+# zlib1g-dev: required by zip module
+RUN apt-get update && apt-get install --yes \
+    libpq-dev \
+    zlib1g-dev
 RUN docker-php-ext-install -j$(nproc) \
     exif \
     pdo_pgsql \
     zip
-
-RUN git clone --branch master --recurse-submodules \
-    https://github.com/phanan/koel /koel
+# AH00100: apache2: could not log pid to file
+RUN sed --in-place '/^PidFile /d' /etc/apache2/apache2.conf
+RUN find /etc/apache2/sites-enabled -name '*.conf' -delete
+RUN echo >/etc/apache2/ports.conf
+RUN a2enmod headers rewrite
+# TODO replace /etc/apache2/apache2.conf
+COPY ./apache2-koel.conf /etc/apache2/
+RUN echo "Include /etc/apache2/apache2-koel.conf" >>/etc/apache2/apache2.conf
+EXPOSE 8080
+COPY --from=js-build /koel /koel
 WORKDIR /koel
-
-# In Encrypter.php line 43:
-# The only supported ciphers are AES-128-CBC and AES-256-CBC with the correct key lengths.
-RUN APP_KEY="WORKAROUND_EXACTLY_32_CHARS_LONG" \
-    composer install --no-interaction
-
-RUN yarn install
-
+# TODO chown on entire ./storage ?
+RUN mkdir ./storage/logs \
+    && chown --changes www-data ./storage/logs \
+    && chown --changes --recursive www-data ./storage/framework
+# TODO production php.ini
 # TODO run as non-root
-COPY /run-koel.sh /
-EXPOSE 8080
+COPY ./run-koel.sh /
 CMD ["/run-koel.sh"]

README.md

@@ -1,3 +1,5 @@
+https://koel.phanan.net/docs
+
 ```sh
 $ sudo docker build -t koel .
 $ sudo docker network create koel
@@ -11,18 +13,22 @@ $ sudo docker create \
     postgres:10.5-alpine
 $ sudo docker start koel-db
 $ sudo docker run --rm --interactive --tty \
+    --name koel \
     --env DB_CONNECTION=pgsql \
     --env DB_HOST=koel-db \
     --env DB_PORT=5432 \
     --env DB_DATABASE=koel \
     --env DB_PASSWORD=secret \
     --network koel --publish=8080:8080 \
-    --security-opt=no-new-privileges --cap-drop=all \
+    --security-opt=no-new-privileges \
+    --cap-drop=all --cap-add=setuid --cap-add=setgid \
     koel
-generated random APP_KEY
 + php artisan koel:init
-...
-App key exists -- skipping
+Attempting to install or upgrade Koel.
+Remember, you can always install/upgrade manually following the guide here:
+📙  https://koel.phanan.net/docs
+
+Generating app key
 Generating JWT secret
 Migrating database
 Let's create the admin account.
@@ -31,7 +37,7 @@ Let's create the admin account.
  > fabian peter
 
  Your email address:
- > fabian+koel@hammerle.me
+ > admin@example.com
 
  Your desired password:
  >
@@ -46,15 +52,7 @@ The absolute path to your media directory. If this is skipped (left blank) now,
  >
 
 Compiling front-end stuff
-yarn install v1.7.0
-[1/4] Resolving packages...
-success Already up-to-date.
-$ yarn production
-yarn run v1.7.0
-$ cross-env NODE_ENV=production node_modules/webpack/bin/webpack.js --progress --hide-modules --config=node_modules/laravel-mix/setup/webpack.config.js
-...
-Done in 21.61s.
-Done in 22.87s.
+sh: 1: yarn: not found
 
 🎆  Success! Koel can now be run from localhost with `php artisan serve`.
 You can also scan for media with `php artisan koel:sync`.
@@ -62,9 +60,16 @@ Again, for more configuration guidance, refer to
 📙  https://koel.phanan.net/docs
 or open the .env file in the root installation folder.
 Thanks for using Koel. You rock!
-+ php artisan serve '--host=0.0.0.0' --port 8080
-Laravel development server started: <http://0.0.0.0:8080>
-PHP 7.2.10 Development Server started at Sat Sep 15 19:41:27 2018
-[Sat Sep 15 19:41:30 2018] 172.18.0.1:35448 [200]: /public/css/app.088d4f5eca71efdd5ffc.css
++ apache2-foreground
+...
+```
+
+Better not use port `8081`:
+```php
+// /koel/app/Http/Middleware/UseDifferentConfigIfE2E.php
+...
+        if (array_get($_SERVER, 'SERVER_PORT') === '8081') {
+            config(['database.default' => 'sqlite-e2e']);
+        }
 ...
 ```

apache2-koel.conf

@@ -0,0 +1,26 @@
+Listen 8080
+# <IfModule ssl_module>
+# 	Listen 443
+# </IfModule>
+# <IfModule mod_gnutls.c>
+# 	Listen 443
+# </IfModule>
+
+ServerTokens Prod
+ServerSignature Off
+Header set X-Frame-Options: "sameorigin"
+
+# LogLevel info rewrite:trace3
+
+# TODO ssl
+# TODO sendfile ?
+
+<VirtualHost *:8080>
+    DocumentRoot /koel
+</VirtualHost>
+
+<Directory /koel>
+    # TODO check
+	AllowOverride All
+	Require all granted
+</Directory>

run-koel.sh

@@ -1,23 +1,6 @@
-set -e
-
-# WORKAROUND for koel:init crashing with
-# > In EncryptionServiceProvider.php line 42:
-# > No application encryption key has been specified.
-# 'php artisan key:generate' crashes the same way.
-APP_KEY_PATH=/etc/koel-app-key
-if [ ! -f $APP_KEY_PATH ]; then
-    tr -dc '0-9a-zA-Z' </dev/urandom \
-        | head -c32 >$APP_KEY_PATH
-    chmod u=rw,g=,o= $APP_KEY_PATH
-    echo generated random APP_KEY
-fi
-export APP_KEY="$(cat $APP_KEY_PATH)"
-
-set -x
+set -ex
 
 # TODO run non-interactively
-# TODO do not run yarn install (part of build)
 php artisan koel:init
 
-# TODO use apache or nginx https://koel.phanan.net/docs/#/?id=manually
-php artisan serve --host=0.0.0.0 --port 8080
+apache2-foreground