feat: switch to FrankenPHP

.github/workflows/ci.yml

@@ -40,10 +40,10 @@ jobs:
         run: docker compose up --wait --no-build
       -
         name: Check HTTP reachability
-        run: curl -v -o /dev/null http://localhost
+        run: curl -f /dev/null http://localhost
       -
         name: Check HTTPS reachability
-        run: curl -vk -o /dev/null https://localhost
+        run: curl -kf https://localhost
       -
         name: Create test database
         if: false # Remove this line if Doctrine ORM is installed

Dockerfile

@@ -1,10 +1,8 @@
 #syntax=docker/dockerfile:1.4
 
 # Versions
-FROM php:8.2-fpm-alpine AS php_upstream
-FROM mlocati/php-extension-installer:2 AS php_extension_installer_upstream
+FROM dunglas/frankenphp:latest-alpine AS frankenphp_upstream
 FROM composer/composer:2-bin AS composer_upstream
-FROM caddy:2-alpine AS caddy_upstream
 
 
 # The different stages of this Dockerfile are meant to be built into separate images
@@ -13,7 +11,7 @@ FROM caddy:2-alpine AS caddy_upstream
 
 
 # Base PHP image
-FROM php_upstream AS php_base
+FROM frankenphp_upstream AS frankenphp_base
 
 WORKDIR /srv/app
 
@@ -27,9 +25,6 @@ RUN apk add --no-cache \
 		git \
 	;
 
-# php extensions installer: https://github.com/mlocati/docker-php-extension-installer
-COPY --from=php_extension_installer_upstream --link /usr/bin/install-php-extensions /usr/local/bin/
-
 RUN set -eux; \
     install-php-extensions \
 		apcu \
@@ -41,27 +36,25 @@ RUN set -eux; \
 ###> recipes ###
 ###< recipes ###
 
-COPY --link docker/php/conf.d/app.ini $PHP_INI_DIR/conf.d/
-
-COPY --link docker/php/php-fpm.d/zz-docker.conf /usr/local/etc/php-fpm.d/zz-docker.conf
-RUN mkdir -p /var/run/php
+COPY --link frankenphp/conf.d/app.ini $PHP_INI_DIR/conf.d/
+COPY --link --chmod=755 frankenphp/docker-entrypoint.sh /usr/local/bin/docker-entrypoint
+COPY --link frankenphp/Caddyfile /etc/caddy/Caddyfile
 
-COPY --link --chmod=755 docker/php/docker-healthcheck.sh /usr/local/bin/docker-healthcheck
-HEALTHCHECK --start-period=1m CMD docker-healthcheck
-
-COPY --link --chmod=755 docker/php/docker-entrypoint.sh /usr/local/bin/docker-entrypoint
 ENTRYPOINT ["docker-entrypoint"]
-CMD ["php-fpm"]
 
 # https://getcomposer.org/doc/03-cli.md#composer-allow-superuser
 ENV COMPOSER_ALLOW_SUPERUSER=1
 ENV PATH="${PATH}:/root/.composer/vendor/bin"
 
 COPY --from=composer_upstream --link /composer /usr/bin/composer
 
+ENV APP_RUNTIME="Runtime\FrankenPhpSymfony\Runtime"
+
+HEALTHCHECK --start-period=60s CMD curl -f https://localhost/healthz || exit 1
 
-# Dev PHP image
-FROM php_base AS php_dev
+
+# Dev FrankenPHP image
+FROM frankenphp_base AS frankenphp_dev
 
 ENV APP_ENV=dev XDEBUG_MODE=off
 VOLUME /srv/app/var/
@@ -73,15 +66,16 @@ RUN set -eux; \
     	xdebug \
     ;
 
-COPY --link docker/php/conf.d/app.dev.ini $PHP_INI_DIR/conf.d/
+COPY --link frankenphp/conf.d/app.dev.ini $PHP_INI_DIR/conf.d/
 
-# Prod PHP image
-FROM php_base AS php_prod
+# Prod FrankenPHP image
+FROM frankenphp_base AS frankenphp_prod
 
 ENV APP_ENV=prod
+ENV FRANKENPHP_CONFIG="worker ./public/index.php"
 
 RUN mv "$PHP_INI_DIR/php.ini-production" "$PHP_INI_DIR/php.ini"
-COPY --link docker/php/conf.d/app.prod.ini $PHP_INI_DIR/conf.d/
+COPY --link frankenphp/conf.d/app.prod.ini $PHP_INI_DIR/conf.d/
 
 # prevent the reinstallation of vendors at every changes in the source code
 COPY --link composer.* symfony.* ./
@@ -90,30 +84,11 @@ RUN set -eux; \
 
 # copy sources
 COPY --link . ./
-RUN rm -Rf docker/
+RUN rm -Rf frankenphp/
 
 RUN set -eux; \
 	mkdir -p var/cache var/log; \
 	composer dump-autoload --classmap-authoritative --no-dev; \
 	composer dump-env prod; \
 	composer run-script --no-dev post-install-cmd; \
 	chmod +x bin/console; sync;
-
-
-# Base Caddy image
-FROM caddy_upstream AS caddy_base
-
-ARG TARGETARCH
-
-WORKDIR /srv/app
-
-# Download Caddy compiled with the Mercure and Vulcain modules
-ADD --chmod=500 https://caddyserver.com/api/download?os=linux&arch=$TARGETARCH&p=github.com/dunglas/mercure/caddy&p=github.com/dunglas/vulcain/caddy /usr/bin/caddy
-
-COPY --link docker/caddy/Caddyfile /etc/caddy/Caddyfile
-HEALTHCHECK CMD wget --no-verbose --tries=1 --spider https://localhost/healthz || exit 1
-
-# Prod Caddy image
-FROM caddy_base AS caddy_prod
-
-COPY --from=php_prod --link /srv/app/public public/

docker-compose.override.yml

@@ -5,30 +5,22 @@ services:
   php:
     build:
       context: .
-      target: php_dev
+      target: frankenphp_dev
+    command: [ "frankenphp", "run", "--config", "/etc/caddy/Caddyfile", "--adapter", "caddyfile", "--watch" ]
     volumes:
       - ./:/srv/app
-      - ./docker/php/conf.d/app.dev.ini:/usr/local/etc/php/conf.d/app.dev.ini:ro
+      - ./frankenphp/Caddyfile:/etc/caddy/Caddyfile:ro
+      - ./frankenphp/conf.d/app.dev.ini:/usr/local/etc/php/conf.d/app.dev.ini:ro
       # If you develop on Mac or Windows you can remove the vendor/ directory
       #  from the bind-mount for better performance by enabling the next line:
       #- /srv/app/vendor
     environment:
+      MERCURE_EXTRA_DIRECTIVES: demo
       # See https://xdebug.org/docs/all_settings#mode
       XDEBUG_MODE: "${XDEBUG_MODE:-off}"
     extra_hosts:
       # Ensure that host.docker.internal is correctly defined on Linux
       - host.docker.internal:host-gateway
 
-  caddy:
-    command: [ "caddy", "run", "--config", "/etc/caddy/Caddyfile", "--adapter", "caddyfile", "--watch" ]
-    build:
-      context: .
-      target: caddy_base
-    volumes:
-      - ./public:/srv/app/public:ro
-      - ./docker/caddy/Caddyfile:/etc/caddy/Caddyfile:ro
-    environment:
-      MERCURE_EXTRA_DIRECTIVES: demo
-
 ###> symfony/mercure-bundle ###
 ###< symfony/mercure-bundle ###

docker-compose.prod.yml

@@ -5,15 +5,9 @@ services:
   php:
     build:
       context: .
-      target: php_prod
+      target: frankenphp_prod
     environment:
       APP_SECRET: ${APP_SECRET}
       MERCURE_JWT_SECRET: ${CADDY_MERCURE_JWT_SECRET}
-
-  caddy:
-    build:
-      context: .
-      target: caddy_prod
-    environment:
       MERCURE_PUBLISHER_JWT_KEY: ${CADDY_MERCURE_JWT_SECRET}
       MERCURE_SUBSCRIBER_JWT_KEY: ${CADDY_MERCURE_JWT_SECRET}

docker-compose.yml

@@ -4,34 +4,22 @@ services:
   php:
     image: ${IMAGES_PREFIX:-}app-php
     restart: unless-stopped
-    volumes:
-      - php_socket:/var/run/php
     environment:
+      SERVER_NAME: ${SERVER_NAME:-localhost}, caddy:80
+      MERCURE_PUBLISHER_JWT_KEY: ${CADDY_MERCURE_JWT_SECRET:-!ChangeThisMercureHubJWTSecretKey!}
+      MERCURE_SUBSCRIBER_JWT_KEY: ${CADDY_MERCURE_JWT_SECRET:-!ChangeThisMercureHubJWTSecretKey!}
       TRUSTED_PROXIES: ${TRUSTED_PROXIES:-127.0.0.0/8,10.0.0.0/8,172.16.0.0/12,192.168.0.0/16}
       TRUSTED_HOSTS: ^${SERVER_NAME:-example\.com|localhost}|caddy$$
-      # The two next lines can be removed after initial installation
-      SYMFONY_VERSION: ${SYMFONY_VERSION:-}
-      STABILITY: ${STABILITY:-stable}
       # Run "composer require symfony/orm-pack" to install and configure Doctrine ORM
       DATABASE_URL: postgresql://${POSTGRES_USER:-app}:${POSTGRES_PASSWORD:-!ChangeMe!}@database:5432/${POSTGRES_DB:-app}?serverVersion=${POSTGRES_VERSION:-15}&charset=${POSTGRES_CHARSET:-utf8}
       # Run "composer require symfony/mercure-bundle" to install and configure the Mercure integration
       MERCURE_URL: ${CADDY_MERCURE_URL:-http://caddy/.well-known/mercure}
       MERCURE_PUBLIC_URL: https://${SERVER_NAME:-localhost}/.well-known/mercure
       MERCURE_JWT_SECRET: ${CADDY_MERCURE_JWT_SECRET:-!ChangeThisMercureHubJWTSecretKey!}
-
-  caddy:
-    image: ${IMAGES_PREFIX:-}app-caddy
-    depends_on:
-      php:
-        condition: service_healthy
-        restart: true
-    environment:
-      SERVER_NAME: ${SERVER_NAME:-localhost}, caddy:80
-      MERCURE_PUBLISHER_JWT_KEY: ${CADDY_MERCURE_JWT_SECRET:-!ChangeThisMercureHubJWTSecretKey!}
-      MERCURE_SUBSCRIBER_JWT_KEY: ${CADDY_MERCURE_JWT_SECRET:-!ChangeThisMercureHubJWTSecretKey!}
-    restart: unless-stopped
+      # The two next lines can be removed after initial installation
+      SYMFONY_VERSION: ${SYMFONY_VERSION:-}
+      STABILITY: ${STABILITY:-stable}
     volumes:
-      - php_socket:/var/run/php
       - caddy_data:/data
       - caddy_config:/config
     ports:
@@ -53,7 +41,6 @@ services:
 ###< symfony/mercure-bundle ###
 
 volumes:
-  php_socket:
   caddy_data:
   caddy_config:
 ###> symfony/mercure-bundle ###

docs/tls.md

@@ -23,16 +23,16 @@ For instance, to use self-signed certificates created with [mkcert](https://gith
 
 1. Locally install `mkcert`
 2. Create the folder storing the certs: 
-   `mkdir docker/caddy/certs -p`
+   `mkdir frankenphp/certs -p`
 3. Generate the certificates for your local host (example: "server-name.localhost"):
-   `mkcert -cert-file docker/caddy/certs/tls.pem -key-file docker/caddy/certs/tls.key "server-name.localhost"`
+   `mkcert -cert-file frankenphp/certs/tls.pem -key-file frankenphp/certs/tls.key "server-name.localhost"`
 4. Add these lines to the `./docker-compose.override.yml` file about `CADDY_EXTRA_CONFIG` environment and volume for the `caddy` service :
     ```diff
     caddy:
     +  environment:
     +    CADDY_EXTRA_CONFIG: "tls /etc/caddy/certs/tls.pem /etc/caddy/certs/tls.key"
       volumes:
-    +    - ./docker/caddy/certs:/etc/caddy/certs:ro
+    +    - ./frankenphp/certs:/etc/caddy/certs:ro
         - ./public:/srv/app/public:ro
     ```
-5. Restart your `caddy` container
+5. Restart your `php` service

docker/caddy/Caddyfile → frankenphp/Caddyfile

@@ -1,13 +1,17 @@
 {
 	{$CADDY_GLOBAL_OPTIONS}
+
+	frankenphp {
+		{$FRANKENPHP_CONFIG}
+	}
 }
 
-{$SERVER_NAME:localhost} 
+{$SERVER_NAME:localhost}
 
 {$CADDY_EXTRA_CONFIG}
 
 log {
-	# Redact the authorization query parameter that can be set by Mercure
+    # Redact the authorization query parameter that can be set by Mercure
 	format filter {
 		wrap console
 		fields {
@@ -19,7 +23,7 @@ log {
 }
 
 route {
-	# Healthcheck URL
+    # Healthcheck URL
 	respond /healthz 200
 	skip_log /healthz
 
@@ -40,7 +44,25 @@ route {
 	}
 	vulcain
 
-	php_fastcgi unix//var/run/php/php-fpm.sock
+	# Add trailing slash for directory requests
+	@canonicalPath {
+		file {path}/index.php
+		not path */
+	}
+	redir @canonicalPath {path}/ 308
+
+	# If the requested file does not exist, try index files
+	@indexFiles file {
+		try_files {path} {path}/index.php index.php
+		split_path .php
+	}
+	rewrite @indexFiles {http.matchers.file.relative}
+
+	# FrankenPHP!
+	@phpFiles path *.php
+	php @phpFiles
 	encode zstd gzip
 	file_server
+
+	respond 404
 }

docker/php/docker-entrypoint.sh → frankenphp/docker-entrypoint.sh

@@ -1,12 +1,7 @@
 #!/bin/sh
 set -e
 
-# first arg is `-f` or `--some-option`
-if [ "${1#-}" != "$1" ]; then
-	set -- php-fpm "$@"
-fi
-
-if [ "$1" = 'php-fpm' ] || [ "$1" = 'php' ] || [ "$1" = 'bin/console' ]; then
+if [ "$1" = 'frankenphp' ] || [ "$1" = 'php' ] || [ "$1" = 'bin/console' ]; then
 	# Install the project the first time PHP is started
 	# After the installation, the following block can be deleted
 	if [ ! -f composer.json ]; then
@@ -18,7 +13,7 @@ if [ "$1" = 'php-fpm' ] || [ "$1" = 'php' ] || [ "$1" = 'bin/console' ]; then
 		cd -
 		rm -Rf tmp/
 
-		composer require "php:>=$PHP_VERSION"
+		composer require "php:>=$PHP_VERSION" runtime/frankenphp-symfony
 		composer config --json extra.symfony.docker 'true'
 
 		if grep -q ^DATABASE_URL= .env; then