Migrate to Stack A: PHP-fpm + nginx + supervisord, drop flat HTML + Python API

- Remove old flat HTML pages (index, about, blog, contact, reviews, services/*, locations/*) - Remove Python/Flask API container (api/) - Remove old root nginx.conf and components/ - Add infra/: full nginx.conf (http block at /etc/nginx/nginx.conf), php-fpm-pool.conf (TCP listen), supervisord.conf, entrypoint.sh (auto-generates ALTCHA_HMAC_KEY) - Add src/: PHP router, page/service/location/blog templates, contact handler, altcha handler, promo endpoint, SQLite data files - Rewrite Dockerfile: single container, tini PID 1, healthcheck, all env vars declared - Update docker-compose.yml: port 8096, env_file, healthcheck - Update .dockerignore: exclude .env.*, include robots.txt/sitemap.xml/404.html/500.html - Update assets: tokens.css, promo-popup.css/js, altcha.min.js, refactored form.js/main.js Verified: all 17 routes 200, protection audit PASS, Resend confirmed working Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-05-29 18:56:56 +02:00
parent 88ed4e6bda
commit 81feccdc1a
61 changed files with 2460 additions and 5747 deletions
@@ -1,18 +1,35 @@
-FROM nginx:alpine
+FROM php:8.3-fpm-alpine

-# nginx config (server-only, not served as a static file)
-COPY nginx.conf /etc/nginx/conf.d/default.conf
+RUN apk add --no-cache nginx supervisor curl openssl tini \
+    && mkdir -p /run/nginx /var/cache/nginx /var/log/nginx /run/supervisord

-# Copy only public website assets — everything else (api/, build scripts,
-# Dockerfile, .env, docs, screenshots) stays out of the web root.
-COPY index.html         /usr/share/nginx/html/
-COPY assets             /usr/share/nginx/html/assets/
-COPY components         /usr/share/nginx/html/components/
-COPY about              /usr/share/nginx/html/about/
-COPY blog               /usr/share/nginx/html/blog/
-COPY contact            /usr/share/nginx/html/contact/
-COPY locations          /usr/share/nginx/html/locations/
-COPY reviews            /usr/share/nginx/html/reviews/
-COPY services           /usr/share/nginx/html/services/
+COPY infra/php-fpm-pool.conf /usr/local/etc/php-fpm.d/www.conf
+COPY infra/supervisord.conf  /etc/supervisord.conf
+COPY infra/nginx.conf        /etc/nginx/nginx.conf
+COPY infra/entrypoint.sh     /entrypoint.sh
+RUN chmod +x /entrypoint.sh
+
+COPY assets             /var/www/html/assets/
+COPY src                /var/www/html/src/
+COPY robots.txt         /var/www/html/robots.txt
+COPY sitemap.xml        /var/www/html/sitemap.xml
+COPY 404.html           /var/www/html/404.html
+COPY 500.html           /var/www/html/500.html
+
+RUN chown -R www-data:www-data /var/www/html
+
+ENV RESEND_API_KEY="" \
+    FROM_EMAIL="" \
+    TO_EMAIL="" \
+    ALTCHA_HMAC_KEY="" \
+    RATE_LIMIT_PER_IP_PER_10MIN=5 \
+    TIME_MIN_SECONDS=3 \
+    TRUST_PROXY=1

 EXPOSE 80
+
+HEALTHCHECK --interval=30s --timeout=5s --start-period=10s --retries=3 \
+    CMD curl -fsS http://127.0.0.1/ > /dev/null || exit 1
+
+ENTRYPOINT ["/entrypoint.sh", "/sbin/tini", "--"]
+CMD ["/usr/bin/supervisord", "-c", "/etc/supervisord.conf", "-n"]