# syntax=docker/dockerfile:1.7 # ─── Stage 1: build static export (Next.js 15) ─────────────────────────────── FROM node:22-alpine AS builder WORKDIR /app COPY package.json package-lock.json ./ RUN npm ci --no-audit --no-fund COPY . . # distDir defaults to "out" (see next.config.ts), не используем BUILD_DIR. RUN npm run build # ─── Stage 2: runtime — nginx + php-fpm 8.3 ────────────────────────────────── FROM php:8.3-fpm-alpine AS runtime RUN apk add --no-cache \ nginx \ supervisor \ tzdata \ ca-certificates \ && rm -rf /var/cache/apk/* # PHP runtime tweaks: trust proxy headers, нормальные лимиты. RUN { \ echo 'expose_php = Off'; \ echo 'max_execution_time = 30'; \ echo 'post_max_size = 8M'; \ echo 'upload_max_filesize = 8M'; \ echo 'date.timezone = Europe/Moscow'; \ } > /usr/local/etc/php/conf.d/zz-sag24.ini # Listen на TCP, чтобы nginx внутри контейнера мог дойти. (Default www pool listens on 9000.) RUN sed -ri 's|^;?listen = .*|listen = 127.0.0.1:9000|' /usr/local/etc/php-fpm.d/www.conf \ && sed -ri 's|^;?clear_env = .*|clear_env = no|' /usr/local/etc/php-fpm.d/www.conf # nginx + supervisor configs COPY docker/nginx.conf /etc/nginx/nginx.conf COPY docker/supervisord.conf /etc/supervisord.conf # Web root RUN mkdir -p /var/www/sag24.ru/public_html \ && mkdir -p /var/log/supervisor /var/log/nginx /run/nginx COPY --from=builder /app/out/ /var/www/sag24.ru/public_html/ # Pre-create temp dir for PHP rate limiter (sys_get_temp_dir = /tmp by default). RUN chmod 1777 /tmp # php-fpm + nginx как непривилегированный (php-fpm уже www-data). # Порт 8080 чтобы не требовать root для bind. EXPOSE 8080 # Healthcheck — статика отдаётся. HEALTHCHECK --interval=30s --timeout=5s --start-period=5s --retries=3 \ CMD wget -qO- http://127.0.0.1:8080/ru/ >/dev/null || exit 1 CMD ["/usr/bin/supervisord", "-c", "/etc/supervisord.conf", "-n"]