From 04b2d8bafa77e03574490656075a95831da53451 Mon Sep 17 00:00:00 2001
From: Romain de Laage <romain@delaage.fr>
Date: Mon, 23 Oct 2023 11:04:51 +0000
Subject: [PATCH] build(docker): update nginx unit image to 1.31.0

---
 docker/production/castopod/Dockerfile         | 37 ++++++++-----------
 .../production/castopod/config.template.json  | 21 +++++++++++
 docker/production/castopod/entrypoint.sh      |  4 +-
 3 files changed, 37 insertions(+), 25 deletions(-)

diff --git a/docker/production/castopod/Dockerfile b/docker/production/castopod/Dockerfile
index f549bb0d..77700f5e 100644
--- a/docker/production/castopod/Dockerfile
+++ b/docker/production/castopod/Dockerfile
@@ -1,6 +1,6 @@
-FROM docker.io/golang:1.20-bookworm AS CRON_BUILDER
+FROM docker.io/golang:1.21-bookworm AS CRON_BUILDER
 
-ARG SUPERCRONIC_VERSION=v0.2.25
+ARG SUPERCRONIC_VERSION=v0.2.26
 
 RUN apt-get update && \
     apt-get install -y git && \
@@ -11,26 +11,10 @@ RUN apt-get update && \
     mv supercronic /usr/local/bin
 
 
-FROM docker.io/php:8.1-cli AS UNIT_BUILDER
+FROM docker.io/php:8.2-cli
 
-ARG UNIT_VERSION=1.29.0
+ARG UNIT_VERSION=1.31.1
 
-RUN apt-get update && \
-    apt-get install -y libpcre2-dev git && \
-    mkdir -p /usr/lib/unit/modules && \
-    git clone https://github.com/nginx/unit.git && \
-    cd unit && \
-    git checkout $UNIT_VERSION && \
-    ./configure --prefix=/usr --state=/var/lib/unit --control=unix:/var/run/control.unit.sock --log=/var/log/unit.log --user=www-data --group=www-data --tmp=/tmp --modules=/usr/lib/unit/modules && \
-    ./configure php && \
-    make && \
-    make install
-
-
-FROM docker.io/php:8.1-cli
-
-COPY --from=UNIT_BUILDER /usr/sbin/unitd /usr/sbin/unitd
-COPY --from=UNIT_BUILDER /usr/lib/unit/ /usr/lib/unit/
 COPY --from=CRON_BUILDER /usr/local/bin/supercronic /usr/local/bin/supercronic
 
 COPY docker/production/common/prepare_environment.sh /prepare_environment.sh
@@ -42,15 +26,24 @@ COPY docker/production/common/crontab.txt /crontab.txt
 COPY docker/production/castopod/supervisord.conf /etc/supervisor/conf.d/supervisord.conf
 
 RUN apt-get update && \
-    apt-get install -y supervisor ffmpeg curl gettext-base libfreetype6-dev libjpeg62-turbo-dev libpng-dev libwebp-dev libxpm-dev libpcre2-8-0 libicu-dev && \
+    apt-get install -y supervisor ffmpeg curl gettext-base libfreetype6-dev libjpeg62-turbo-dev libpng-dev libwebp-dev libxpm-dev libpcre2-dev libicu-dev git && \
     rm -rf /var/lib/apt/lists/* && \
+    git clone https://github.com/nginx/unit.git && \
+    cd unit && \
+    git checkout $UNIT_VERSION && \
+    ./configure --user=www-data --group=www-data && \
+    ./configure php && \
+    make && \
+    make install && \
+    cd .. && \
+    rm -rf unit && \
     pecl install -o -f redis && \
     rm -rf /tmp/pear && \
     docker-php-ext-configure gd --with-freetype --with-jpeg --with-webp --with-xpm && \
     docker-php-ext-install mysqli gd intl exif && \
     docker-php-ext-enable mysqli gd intl exif redis && \
     ln -s /dev/stdout /var/log/unit.log && \
-    mkdir -p /var/lib/unit && \
+    mkdir -p /usr/local/var/lib/unit /usr/local/var/run/unit /usr/local/var/log/unit && \
     chmod 544 /entrypoint.sh && \
     chmod -R 750 /var/www/castopod && \
     chown -R root:www-data /var/www/castopod && \
diff --git a/docker/production/castopod/config.template.json b/docker/production/castopod/config.template.json
index 8b980172..e165e1fc 100644
--- a/docker/production/castopod/config.template.json
+++ b/docker/production/castopod/config.template.json
@@ -6,8 +6,29 @@
   },
   "routes": [
     {
+      "match": {
+        "uri": "~^.+\\.(css|js|jpg|jpeg|gif|png|ico|gz|svg|svgz|ttf|otf|woff|woff2|eot|mp4|ogg|ogv|webm|webp|zip|swf|map)$"
+      },
       "action": {
         "share": "/var/www/castopod/public$uri",
+        "response_headers": {
+          "X-Content-Type-Options": "nosniff",
+          "Access-Control-Allow-Origin": "*",
+          "Cache-Control": "max-age=604800"
+        },
+        "fallback": {
+          "pass": "applications/castopod"
+        }
+      }
+    },
+    {
+      "action": {
+        "share": "/var/www/castopod/public$uri",
+        "response_headers": {
+          "X-Frame-Options": "sameorigin",
+          "X-Content-Type-Options": "nosniff",
+          "Access-Control-Allow-Origin": "*"
+        },
         "fallback": {
           "pass": "applications/castopod"
         }
diff --git a/docker/production/castopod/entrypoint.sh b/docker/production/castopod/entrypoint.sh
index c6fd2a02..51516b14 100644
--- a/docker/production/castopod/entrypoint.sh
+++ b/docker/production/castopod/entrypoint.sh
@@ -3,8 +3,6 @@
 ENV_FILE_LOCATION=/var/www/castopod/.env
 
 . /prepare_environment.sh
-cat /config.template.json | envsubst '$CP_MAX_BODY_SIZE_BYTES$CP_TIMEOUT' > /config.json
+cat /config.template.json | envsubst '$CP_MAX_BODY_SIZE_BYTES$CP_TIMEOUT' > /usr/local/var/lib/unit/conf.json
 
-#Apply configuration after unit is started
-(sleep 2 && curl -X PUT --data-binary @/config.json --unix-socket /var/run/control.unit.sock http://localhost/config/) &
 supervisord