first commit

.env

@@ -0,0 +1,4 @@
+APP_ENV=production
+DEBUG=false
+PORT_HTTP=11008
+PORT_HTTPS=11043

Dockerfile

@@ -0,0 +1,45 @@
+FROM php:7.4-fpm
+
+# Set working directory
+WORKDIR /var/www
+RUN chmod 777 /var/www -R
+# Rebuild the image and set appropriate permissions
+RUN chown www-data:www-data /usr/local/etc/php-fpm.d/www.conf
+# Install dependencies
+RUN apt-get update && apt-get install -y \
+    libssl-dev \
+    build-essential \
+    libpng-dev \
+    libjpeg62-turbo-dev \
+    libfreetype6-dev \
+    locales \
+    zip \
+    jpegoptim optipng pngquant gifsicle \
+    vim \
+    unzip \
+    git \
+    curl \
+    wget \
+    nano \
+    libonig-dev \
+    libzip-dev \
+    libicu-dev \
+    sendmail \
+    libxml2-dev \
+    cron
+# Install extensions
+RUN docker-php-ext-install pdo_mysql mbstring zip exif pcntl intl mysqli gd sockets
+RUN pecl install redis && docker-php-ext-enable redis
+#
+RUN apt install libjpeg-dev \
+  && docker-php-ext-configure gd --with-jpeg \
+  && docker-php-ext-install gd
+# get latest nodejs
+RUN curl -sL https://deb.nodesource.com/setup_16.x | bash -
+RUN apt-get install -y nodejs
+RUN npm install -g bower
+# Get latest Composer
+COPY --from=composer:latest /usr/bin/composer /usr/bin/composer
+# ENTRYPOINT [ "cron", "-f" ]
+EXPOSE 9000
+CMD ["php-fpm"]

docker-compose.yml

@@ -0,0 +1,68 @@
+version: '3.5'
+services:
+  #Nginx Service
+  api-service-nginx:
+    image: nginx:alpine
+    container_name: api-service-nginx
+    restart: unless-stopped
+    tty: true
+    ports:
+      - "${PORT_HTTP}:80"
+      - "${PORT_HTTPS}:443"
+    volumes:
+      - ./:/var/www
+      - ./nginx/conf.d:/etc/nginx/conf.d
+      - ./nginx/nginx.conf:/etc/nginx/nginx.conf
+      - ./certbot/www:/var/www/certbot/:ro
+      - ./certbot/conf/:/etc/nginx/ssl/:ro
+      - ./certbot/htpasswd/:/etc/nginx/htpasswd/
+    networks:
+      - app-network
+      # - app-network-2
+      # - app-network-rabbit
+      # - app-network-mysql
+  #-----------------------------------------------------------------------------
+  #PHP Service
+  api-service-php:
+    image: api-service-php
+    container_name: api-service-php
+    build:
+      context: .
+      dockerfile: ./Dockerfile
+    restart: unless-stopped
+    tty: true
+    working_dir: /var/www
+    volumes:
+      - ./:/var/www
+      - ./php/local.ini:/usr/local/etc/php/conf.d/local.ini
+      - ./php-fpm/www.conf:/usr/local/etc/php-fpm.d/www.conf
+    networks:
+      - app-network
+      # - app-network-2
+      # - app-network-rabbit
+      # - app-network-mysql
+  certbot:
+    image: certbot/certbot:latest
+    volumes:
+      - ./certbot/www/:/var/www/certbot/:rw
+      - ./certbot/conf/:/etc/letsencrypt/:rw
+#-------------------------------------------------------------------------------
+#Docker Networks
+networks:
+  app-network:
+    name: gk.internal
+    external: true
+  # app-network-2:
+  #   name: speech
+  #   external: true
+  # app-network-rabbit:
+  #   name: gk_rabbit.internal
+  #   external: true
+  # app-network-mysql:
+  #   name: gk_mysql_sunday
+  #   external: true
+  # default:
+  #   name: service-se-api-net
+  #   driver: bridge
+volumes:
+  service-api-data:

docker-compose.yml.default

@@ -0,0 +1,69 @@
+version: '3.5'
+services:
+  #Nginx Service
+  api-service-nginx:
+    image: nginx:alpine
+    container_name: api-service-nginx
+    restart: unless-stopped
+    tty: true
+    ports:
+      - "11008:80"
+      - "11043:443"
+    volumes:
+      - ./:/var/www
+      - ./nginx/conf.d:/etc/nginx/conf.d
+      - ./nginx/nginx.conf:/etc/nginx/nginx.conf
+      - ./certbot/www:/var/www/certbot/:ro
+      - ./certbot/conf/:/etc/nginx/ssl/:ro
+      - ./certbot/htpasswd/:/etc/nginx/htpasswd/
+    networks:
+      - app-network
+      - app-network-2
+      - app-network-rabbit
+      - app-network-mysql
+  #-----------------------------------------------------------------------------
+  #PHP Service
+  api-service-php:
+    image: api-service-php
+    container_name: api-service-php
+    build:
+      context: .
+      dockerfile: ./Dockerfile
+    restart: unless-stopped
+    tty: true
+    working_dir: /var/www
+    volumes:
+      - ./:/var/www
+      - ./php/local.ini:/usr/local/etc/php/conf.d/local.ini
+      - ./se-cron:/etc/crontab
+      - ./php-fpm/www.conf:/usr/local/etc/php-fpm.d/www.conf
+    networks:
+      - app-network
+      - app-network-2
+      - app-network-rabbit
+      - app-network-mysql
+  certbot:
+    image: certbot/certbot:latest
+    volumes:
+      - ./certbot/www/:/var/www/certbot/:rw
+      - ./certbot/conf/:/etc/letsencrypt/:rw
+#-------------------------------------------------------------------------------
+#Docker Networks
+networks:
+  app-network:
+    name: gk.internal
+    external: true
+  app-network-2:
+    name: speech
+    external: true
+  app-network-rabbit:
+    name: gk_rabbit.internal
+    external: true
+  app-network-mysql:
+    name: gk_mysql_sunday
+    external: true
+  default:
+    name: service-se-api-net
+    driver: bridge
+volumes:
+  service-api-data:

nginx/Dockerfile

@@ -0,0 +1,10 @@
+FROM nginx:alpine
+
+# Copy composer.lock and composer.json
+COPY nginx/conf.d/vhost.conf /etc/nginx/conf.d/default.conf
+COPY . /var/www
+# Set working directory
+WORKDIR /var/www
+
+# Expose port 9000 and start php-fpm server
+EXPOSE 80

nginx/conf.d/vhost.conf

@@ -0,0 +1,128 @@
+server {
+    listen 80;
+    server_name api.sundayenglish.com;
+
+    index index.php index.html;
+    error_log  /var/log/nginx/error.log;
+    access_log /var/log/nginx/access.log;
+    add_header Access-Control-Allow-Origin *;
+    underscores_in_headers on;
+    root /var/www;
+
+    location /.well-known/acme-challenge/ {
+        root /var/www/certbot;
+    }
+
+    location ~ \.php$ {
+        try_files $uri =404;
+        fastcgi_split_path_info ^(.+\.php)(/.+)$;
+        fastcgi_pass api-service-php:9000;
+        fastcgi_index index.php;
+        include fastcgi_params;
+        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
+        fastcgi_param PATH_INFO $fastcgi_path_info;
+        
+        # Định nghĩa fastcgi_cache_key
+      #   fastcgi_cache_key "$scheme$request_method$host$request_uri";
+
+        # Định nghĩa fastcgi_cache
+      #   fastcgi_cache_path /var/cache/nginx levels=1:2 keys_zone=FASTCGI_CACHE:10m inactive=60m use_temp_path=off;
+
+        #cache settings
+      #   fastcgi_cache FASTCGI_CACHE;
+      #   fastcgi_cache_valid 200 301 302 10m;
+      #   fastcgi_cache_valid 404 1m;
+      #   fastcgi_cache_bypass $http_cookie;
+      #   fastcgi_no_cache $http_cookie;
+      #   fastcgi_buffer_size 16k;
+      #   fastcgi_buffers 4 16k;
+      #   fastcgi_busy_buffers_size 32k;
+      #   fastcgi_temp_file_write_size 32k;
+    }
+    location / {
+        try_files $uri $uri/ /index.php$is_args$args;
+        gzip_static on;
+
+        proxy_buffering on;
+        proxy_buffers 8 160k;
+        proxy_buffer_size 320k;
+        proxy_busy_buffers_size 640k;
+    }
+    location ~* \.(jpg|jpeg|png|gif|ico|css|js|svg|woff|woff2|ttf|eot|otf)$ {
+        expires 30d;
+        access_log off;
+    }
+    client_max_body_size 1024m;
+}
+# server {
+#     listen 443 ssl http2;
+#  #   ssl on;
+#     # add_header Access-Control-Allow-Origin *;
+#     # add_header Access-Control-Allow-Headers "*";
+#     # add_header Access-Control-Allow-Methods "GET,POST,OPTIONS,DELETE,PUT";
+
+#     add_header 'Access-Control-Allow-Origin' "*" always;
+#     add_header 'Access-Control-Allow-Credentials' 'true' always;
+#     add_header 'Access-Control-Allow-Methods' 'GET, POST, PUT, DELETE, OPTIONS' always;
+#     add_header 'Access-Control-Allow-Headers' 'Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Requested-With,X-API-KEY,jwt_token' always;
+#     # required to be able to read Authorization header in frontend
+#     add_header 'Access-Control-Expose-Headers' 'Authorization' always;
+
+#     server_name api.sundayenglish.com;
+
+#     index index.php index.html;
+#     error_log  /var/log/nginx/error.log;
+#     access_log /var/log/nginx/access.log;
+#     underscores_in_headers on;
+#     root /var/www;
+    
+#     ssl_certificate /etc/nginx/ssl/live/api.sundayenglish.com/fullchain.pem;
+#     ssl_certificate_key /etc/nginx/ssl/live/api.sundayenglish.com/privkey.pem;
+
+#     # optimiz SSL settings
+#     ssl_session_cache shared:SSL:10m;
+#     ssl_session_timeout 1h;
+#     ssl_prefer_server_ciphers on;
+#     ssl_protocols TLSv1.2 TLSv1.3;
+#     ssl_ciphers HIGH:!aNULL:!MD5;
+#     # ssl_dhparam /etc/nginx/ssl/dhparam.pem;
+    
+#     location ~ \.php$ {
+#         try_files $uri =404;
+#         fastcgi_split_path_info ^(.+\.php)(/.+)$;
+#         fastcgi_pass api-service-php:9000;
+#         fastcgi_index index.php;
+#         include fastcgi_params;
+#         fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
+#         fastcgi_param PATH_INFO $fastcgi_path_info;
+
+#       #   fastcgi_cache FASTCGI_CACHE;
+#       #   fastcgi_cache_valid 200 301 302 10m;
+#       #   fastcgi_cache_valid 404 1m;
+#       #   fastcgi_cache_bypass $http_cookie;
+#       #   fastcgi_no_cache $http_cookie;
+#       #   fastcgi_buffer_size 16k;
+#       #   fastcgi_buffers 4 16k;
+#       #   fastcgi_busy_buffers_size 32k;
+#       #   fastcgi_temp_file_write_size 32k;
+        
+#     }
+#     location / {
+#         if ($request_method = 'OPTIONS' ) {
+#             return 204 no-content;
+#         }
+#         try_files $uri $uri/ /index.php$is_args$args;
+#         gzip_static on;
+
+#         proxy_buffering on;
+#         proxy_buffers 8 160k;
+#         proxy_buffer_size 320k;
+#         proxy_busy_buffers_size 640k;
+#     }
+#     location ~* \.(jpg|jpeg|png|gif|ico|css|js|svg|woff|woff2|ttf|eot|otf)$ {
+#         expires 30d;
+#         access_log off;
+#     }
+#     client_max_body_size 1024m;
+# }
+

nginx/nginx.conf

@@ -0,0 +1,32 @@
+
+user  nginx;
+worker_processes  auto;
+
+error_log  /var/log/nginx/error.log notice;
+pid        /var/run/nginx.pid;
+
+
+events {
+    worker_connections  2048;
+}
+
+
+http {
+    include       /etc/nginx/mime.types;
+    default_type  application/octet-stream;
+
+    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
+                      '$status $body_bytes_sent "$http_referer" '
+                      '"$http_user_agent" "$http_x_forwarded_for"';
+
+    access_log  /var/log/nginx/access.log  main;
+
+    sendfile        on;
+    #tcp_nopush     on;
+
+    keepalive_timeout  65;
+
+    #gzip  on;
+
+    include /etc/nginx/conf.d/*.conf;
+}

php-fpm/www.conf

@@ -0,0 +1,23 @@
+[www]
+; Listen on all interfaces on port 9000
+listen = 0.0.0.0:9000
+
+; Set the user and group that the PHP-FPM pool should run as
+user = www-data
+group = www-data
+
+; Set the listen socket ownership and permissions
+listen.owner = www-data
+listen.group = www-data
+listen.mode = 0666
+
+; PHP-FPM Process Manager settings
+pm = dynamic
+pm.max_children = 70
+pm.start_servers = 70
+pm.min_spare_servers = 70
+pm.max_spare_servers = 70
+pm.max_requests = 500
+
+; Set the directory to change to when executing PHP scripts
+chdir = /var/www