Split production in ROOD and De Socialisten environments

Includes PoC for separate contribution tiers configuration.

.env

@@ -60,3 +60,4 @@ USE_MIDDLE_NAME=true
 
 # Set to https in production environment
 SECURE_SCHEME='http'
+CONTRIBUTION_TIERS='{"tiers": [{"amount": 500, "description": "5 euro per maand"}, {"amount": 1000, "description": "10 euro per maand"}, {"amount": 1500, "description": "15 euro per maand"}, {"amount": null, "description": "Anders, namelijk"}]}'

.env.ds

@@ -0,0 +1,7 @@
+# Socialisten and ROOD specific variables
+ORGANIZATION_NAME='de Socialisten'
+ORGANIZATION_EMAIL='[email protected]'
+NOREPLY_ADDRESS='[email protected]'
+HOMEPAGE='socialisten.org'
+ORGANIZATION_NAME_SHORT='de Socialisten'
+CONTRIBUTION_TIERS='{"tiers": [{"amount": 500, "description": "5 euro per maand"}, {"amount": 1000, "description": "10 euro per maand"}, {"amount": 1500, "description": "15 euro per maand"}, {"amount": null, "description": "Anders, namelijk"}]}'

.env.rood

@@ -0,0 +1,2 @@
+USE_MIDDLE_NAME=false
+CONTRIBUTION_TIERS='{"tiers": [{"amount": 500, "description": "5 euro per maand"}, {"amount": 1000, "description": "10 euro per maand"}, {"amount": 1500, "description": "15 euro per maand"}, {"amount": null, "description": "Anders, namelijk"}]}'

config/packages/rood/deprecations.yaml

@@ -0,0 +1,8 @@
+# As of Symfony 5.1, deprecations are logged in the dedicated "deprecation" channel when it exists
+#monolog:
+#    channels: [deprecation]
+#    handlers:
+#        deprecation:
+#            type: stream
+#            channels: [deprecation]
+#            path: "%kernel.logs_dir%/%kernel.environment%.deprecations.log"

config/packages/rood/doctrine.yaml

@@ -0,0 +1,20 @@
+doctrine:
+    orm:
+        auto_generate_proxy_classes: false
+        metadata_cache_driver:
+            type: pool
+            pool: doctrine.system_cache_pool
+        query_cache_driver:
+            type: pool
+            pool: doctrine.system_cache_pool
+        result_cache_driver:
+            type: pool
+            pool: doctrine.result_cache_pool
+
+framework:
+    cache:
+        pools:
+            doctrine.result_cache_pool:
+                adapter: cache.app
+            doctrine.system_cache_pool:
+                adapter: cache.system

config/packages/rood/monolog.yaml

@@ -0,0 +1,16 @@
+monolog:
+    handlers:
+        main:
+            type: fingers_crossed
+            action_level: error
+            handler: nested
+            excluded_http_codes: [404, 405]
+            buffer_size: 50 # How many messages should be saved? Prevent memory leaks
+        nested:
+            type: stream
+            path: "php://stderr"
+            level: debug
+        console:
+            type: console
+            process_psr_3_messages: false
+            channels: ["!event", "!doctrine"]

config/packages/rood/routing.yaml

@@ -0,0 +1,3 @@
+framework:
+    router:
+        strict_requirements: null

config/packages/rood/webpack_encore.yaml

@@ -0,0 +1,4 @@
+#webpack_encore:
+    # Cache the entrypoints.json (rebuild Symfony's cache when entrypoints.json changes)
+    # Available in version 1.2
+    #cache: true

config/services.yaml

@@ -13,6 +13,7 @@ parameters:
     app.privacyPolicyUrl: '%env(PRIVACY_POLICY_URL)%'
     app.listmonkUrl: '%env(string:LISTMONK_URL)%'
     app.useMiddleName: '%env(bool:USE_MIDDLE_NAME)%'
+    app.contributionTiers: '%env(json:CONTRIBUTION_TIERS)%'
     router.request_context.scheme: '%env(SECURE_SCHEME)%'
     asset.request_context.secure: true
 

docker/prod/Dockerfile → docker/ds/Dockerfile

@@ -11,7 +11,7 @@ RUN apt-get update && apt-get install -y zlib1g-dev g++ git libicu-dev zip libzi
 
 WORKDIR /var/www/project
 
-ENV APP_ENV=prod
+ENV APP_ENV=ds
 
 RUN curl -sS https://getcomposer.org/installer | php -- --install-dir=/usr/local/bin --filename=composer
 
@@ -59,7 +59,7 @@ COPY public/index.php /var/www/project/public/index.php
 COPY src /var/www/project/src
 COPY templates /var/www/project/templates
 COPY translations /var/www/project/translations
-COPY .env composer.json /var/www/project/
+COPY .env composer.json .env.ds /var/www/project/
 COPY docker/prod/php-fpm-entrypoint.sh /var/www/project/
 COPY docker/prod/php.ini /usr/local/etc/php/php.ini
 

docker/rood/Dockerfile

@@ -0,0 +1,71 @@
+FROM php:8.1-fpm as php_builder
+
+RUN apt-get update && apt-get install -y zlib1g-dev g++ git libicu-dev zip libzip-dev libgd3 libgd-dev zip \
+    && docker-php-ext-install intl opcache pdo pdo_mysql \
+    && pecl install apcu \
+    && docker-php-ext-enable apcu \
+    && docker-php-ext-configure zip \
+    && docker-php-ext-configure gd \
+    && docker-php-ext-install zip \
+    && docker-php-ext-install gd
+
+WORKDIR /var/www/project
+
+ENV APP_ENV=rood
+
+RUN curl -sS https://getcomposer.org/installer | php -- --install-dir=/usr/local/bin --filename=composer
+
+COPY bin /var/www/project/bin
+COPY config /var/www/project/config
+COPY src /var/www/project/src
+COPY composer.json composer.lock symfony.lock .env /var/www/project/
+RUN mkdir /var/www/project/public
+RUN composer install
+
+RUN bin/console assets:install public
+
+FROM node:18.8.0 as node_builder
+
+COPY package.json yarn.lock ./
+COPY --from=php_builder /var/www/project/vendor ./vendor
+RUN yarn install
+COPY assets ./assets
+COPY webpack.config.js ./
+RUN npm run build
+
+FROM php:8.1-fpm as mijnrood_php
+
+RUN apt-get update && apt-get install -y zlib1g-dev g++ git libicu-dev zip libzip-dev libgd3 libgd-dev zip \
+    && docker-php-ext-install intl opcache pdo pdo_mysql \
+    && pecl install apcu \
+    && docker-php-ext-enable apcu \
+    && docker-php-ext-configure zip \
+    && docker-php-ext-configure gd \
+    && docker-php-ext-install zip \
+    && docker-php-ext-install gd
+
+WORKDIR /var/www/project
+
+COPY --from=node_builder public /var/www/project/public
+COPY --from=php_builder /var/www/project/public/bundles /var/www/project/public/bundles
+COPY --from=php_builder --chown=www-data:www-data /var/www/project/var /var/www/project/var
+COPY --from=php_builder /var/www/project/vendor /var/www/project/vendor
+
+COPY bin /var/www/project/bin
+COPY config /var/www/project/config
+COPY migrations /var/www/project/migrations
+COPY public/.htaccess /var/www/project/public/.htaccess
+COPY public/index.php /var/www/project/public/index.php
+COPY src /var/www/project/src
+COPY templates /var/www/project/templates
+COPY translations /var/www/project/translations
+COPY .env composer.json .env.rood /var/www/project/
+COPY docker/prod/php-fpm-entrypoint.sh /var/www/project/
+COPY docker/prod/php.ini /usr/local/etc/php/php.ini
+
+CMD [ "/var/www/project/php-fpm-entrypoint.sh" ]
+
+FROM nginx:1.23.1 as mijnrood_nginx
+
+COPY --from=mijnrood_php /var/www/project/public /var/www/project/public
+COPY docker/prod/nginx.conf /etc/nginx/nginx.conf

docker/rood/docker-compose.yml

@@ -0,0 +1,40 @@
+version: '3.9'
+services:
+  mijnrood_nginx:
+    restart: unless-stopped
+    build:
+      dockerfile: ./docker/prod/Dockerfile
+      context: ../..
+      target: mijnrood_nginx
+    networks:
+      - mijnrood
+    ports:
+      - "8080:80"
+  mijnrood_php:
+    restart: unless-stopped
+    build:
+      dockerfile: ./docker/prod/Dockerfile
+      context: ../..
+      target: mijnrood_php
+    volumes:
+      - ../../.env.local:/var/www/project/.env.local
+      - ../../../mijnrood-data/documents:/var/www/project/var/documents
+    networks:
+      - mijnrood
+  mijnrood_mariadb:
+    restart: unless-stopped
+    image: mariadb:10
+    container_name: mijnrood_mariadb
+    volumes:
+      - mariadb_volume:/var/lib/mysql
+    command: --default-authentication-plugin=mysql_native_password
+    environment:
+      MYSQL_ROOT_PASSWORD: trotzalledem
+    networks:
+      - mijnrood
+networks:
+  mijnrood:
+    driver: bridge
+volumes:
+  mariadb_volume:
+    driver: local

docker/rood/nginx.conf

@@ -0,0 +1,100 @@
+user  nginx;
+worker_processes  auto;
+
+error_log  /var/log/nginx/error.log notice;
+pid        /var/run/nginx.pid;
+
+
+events {
+    worker_connections  1024;
+}
+
+
+http {
+    include       /etc/nginx/mime.types;
+    default_type  application/octet-stream;
+
+    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
+                      '$status $body_bytes_sent "$http_referer" '
+                      '"$http_user_agent" "$http_x_forwarded_for"';
+
+    access_log  /var/log/nginx/access.log  main;
+
+    sendfile        on;
+    #tcp_nopush     on;
+
+    keepalive_timeout  65;
+
+    #gzip  on;
+
+    server {
+        listen 80;
+        index index.php;
+        server_name _;
+        root /var/www/project/public;
+        error_log /var/log/nginx/error.log;
+        access_log /var/log/nginx/access.log;
+
+	client_max_body_size 1G;
+
+        location / {
+            # try to serve file directly, fallback to index.php
+            try_files $uri /index.php$is_args$args;
+        }
+
+        # optionally disable falling back to PHP script for the asset directories;
+        # nginx will return a 404 error when files are not found instead of passing the
+        # request to Symfony (improves performance but Symfony's 404 page is not displayed)
+        location /bundles {
+            try_files $uri =404;
+        }
+        location /assets {
+            try_files $uri =404;
+        }
+
+        location ~ ^/index\.php(/|$) {
+            fastcgi_pass mijnrood_php:9000;
+            fastcgi_split_path_info ^(.+\.php)(/.*)$;
+            include fastcgi_params;
+
+            fastcgi_param  REQUEST_SCHEME     "https";
+            fastcgi_param  HTTPS              "on";
+
+            # optionally set the value of the environment variables used in the application
+            # fastcgi_param APP_ENV prod;
+            # fastcgi_param APP_SECRET <app-secret-id>;
+            # fastcgi_param DATABASE_URL "mysql://db_user:db_pass@host:3306/db_name";
+
+            # When you are using symlinks to link the document root to the
+            # current version of your application, you should pass the real
+            # application path instead of the path to the symlink to PHP
+            # FPM.
+            # Otherwise, PHP's OPcache may not properly detect changes to
+            # your PHP files (see https://github.com/zendtech/ZendOptimizerPlus/issues/126
+            # for more information).
+            # Caveat: When PHP-FPM is hosted on a different machine from nginx
+            #         $realpath_root may not resolve as you expect! In this case try using
+            #         $document_root instead.
+            fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
+            fastcgi_param DOCUMENT_ROOT $document_root;
+            fastcgi_param SCRIPT_NAME $request_uri;
+
+            # Avoid upstream sent too big header while reading error
+            # https://stackoverflow.com/questions/17708152/nginx-overwrites-general-symfony-errors-with-502-bad-gateway
+            fastcgi_buffer_size 128k;
+            fastcgi_buffers 4 256k;
+            fastcgi_busy_buffers_size 256k;
+
+            # Prevents URIs that include the front controller. This will 404:
+            # http://domain.tld/index.php/some-path
+            # Remove the internal directive to allow URIs like this
+            internal;
+        }
+
+        # return 404 for all other php files not matching the front controller
+        # this prevents access to other php files you don't want to be accessible.
+        location ~ \.php$ {
+            return 404;
+        }
+    }
+}

docker/rood/php-fpm-entrypoint.sh

@@ -0,0 +1,8 @@
+#!/bin/sh
+set -e
+
+/var/www/project/bin/console cache:clear
+
+chown -R www-data:www-data /var/www/project/var/
+
+exec php-fpm