rework container to frankenphp runtime

hUwUtao · hUwUtao · commit 028ed7e0675b · 2026-02-08T15:31:54.000+07:00
diff --git a/Dockerfile b/Dockerfile
@@ -5,10 +5,25 @@
 #  If you want to build this locally you want to run `docker build -f Dockerfile.dev .`
 ##
 
+ARG TARGETOS=linux
+ARG TARGETARCH=amd64
+
+# ================================
+# Stage 0: Base Runtime (FrankenPHP dev, GNU libc)
+# ================================
+FROM dunglas/frankenphp-dev:php8.4-bookworm AS base
+
+# Keep compatible with the legacy Docker builder (no BuildKit required).
+ADD https://github.com/mlocati/docker-php-extension-installer/releases/latest/download/install-php-extensions /usr/local/bin/install-php-extensions
+
+RUN chmod +x /usr/local/bin/install-php-extensions \
+    && install-php-extensions bcmath gd intl zip pcntl pdo_mysql pdo_pgsql bz2 \
+    && rm /usr/local/bin/install-php-extensions
+
 # ================================
 # Stage 1-1: Composer Install
 # ================================
-FROM --platform=$TARGETOS/$TARGETARCH localhost:5000/base-php:$TARGETARCH AS composer
+FROM --platform=$TARGETOS/$TARGETARCH base AS composer
 
 WORKDIR /build
 
@@ -58,15 +73,17 @@ RUN yarn run build
 # ================================
 # Stage 5: Build Final Application Image
 # ================================
-FROM --platform=$TARGETOS/$TARGETARCH localhost:5000/base-php:$TARGETARCH AS final
+FROM --platform=$TARGETOS/$TARGETARCH base AS final
 
 WORKDIR /var/www/html
 
-RUN apk add --no-cache \
+RUN apt-get update \
+    && apt-get install -y --no-install-recommends \
     # packages for running the panel
-    caddy ca-certificates supervisor supercronic fcgi \
+    ca-certificates supervisor curl netcat-openbsd \
     # required for installing plugins. Pulled from https://github.com/pelican-dev/panel/pull/2034
-    zip unzip 7zip bzip2-dev yarn git
+    zip unzip p7zip-full bzip2 git yarnpkg \
+    && rm -rf /var/lib/apt/lists/*
 
 COPY --chown=root:www-data --chmod=770 --from=composerbuild /build .
 COPY --chown=root:www-data --chmod=770 --from=yarnbuild /build/public ./public
@@ -83,25 +100,23 @@ RUN mkdir -p /pelican-data/storage /pelican-data/plugins /var/run/supervisord \
 # Allow www-data write permissions where necessary
     && chown -R www-data: /pelican-data .env ./storage ./plugins ./bootstrap/cache /var/run/supervisord /var/www/html/public/storage \
     && chmod -R 770 /pelican-data ./storage ./bootstrap/cache /var/run/supervisord \
-    && chown -R www-data: /usr/local/etc/php/ /usr/local/etc/php-fpm.d/
+    && chown -R www-data: /usr/local/etc/php/
 
 # Configure Supervisor
 COPY docker/supervisord.conf /etc/supervisord.conf
 COPY docker/Caddyfile /etc/caddy/Caddyfile
-# Add Laravel scheduler to crontab
-COPY docker/crontab /etc/crontabs/crontab
 
 COPY docker/entrypoint.sh /entrypoint.sh
 COPY docker/healthcheck.sh /healthcheck.sh
 
 HEALTHCHECK --interval=5m --timeout=10s --start-period=5s --retries=3 \
-  CMD /bin/ash /healthcheck.sh
+  CMD /bin/sh /healthcheck.sh
 
 EXPOSE 80 443
 
 VOLUME /pelican-data
 
 USER www-data
 
-ENTRYPOINT [ "/bin/ash", "/entrypoint.sh" ]
+ENTRYPOINT [ "/bin/sh", "/entrypoint.sh" ]
 CMD [ "supervisord", "-n", "-c", "/etc/supervisord.conf" ]
diff --git a/Dockerfile.base b/Dockerfile.base
@@ -1,10 +1,17 @@
-# ================================
-# Stage 0: Build PHP Base Image
-# ================================
-FROM --platform=$TARGETOS/$TARGETARCH php:8.4-fpm-alpine
-
-ADD --chmod=0755 https://github.com/mlocati/docker-php-extension-installer/releases/latest/download/install-php-extensions /usr/local/bin/
-
-RUN install-php-extensions bcmath gd intl zip pcntl pdo_mysql pdo_pgsql bz2
-
-RUN rm /usr/local/bin/install-php-extensions
+# ================================
+# Stage 0: Base Panel Runtime (FrankenPHP dev, GNU libc)
+# ================================
+#
+# We use the FrankenPHP *development* images (as requested) and a GNU libc base
+# (Debian bookworm) to avoid musl compatibility issues and to match "gnu"
+# expectations.
+#
+FROM dunglas/frankenphp-dev:php8.4-bookworm
+
+# Keep compatible with the legacy Docker builder (no BuildKit required).
+ADD https://github.com/mlocati/docker-php-extension-installer/releases/latest/download/install-php-extensions /usr/local/bin/install-php-extensions
+
+# Match what the panel previously installed on php:*-alpine.
+RUN chmod +x /usr/local/bin/install-php-extensions \
+  && install-php-extensions bcmath gd intl zip pcntl pdo_mysql pdo_pgsql bz2 \
+  && rm /usr/local/bin/install-php-extensions
diff --git a/Dockerfile.dev b/Dockerfile.dev
@@ -1,11 +1,15 @@
 # syntax=docker.io/docker/dockerfile:1.13-labs
 # Pelican Development Dockerfile
 
-FROM --platform=$TARGETOS/$TARGETARCH php:8.4-fpm-alpine AS base
+ARG TARGETOS=linux
+ARG TARGETARCH=amd64
 
-ADD --chmod=0755 https://github.com/mlocati/docker-php-extension-installer/releases/latest/download/install-php-extensions /usr/local/bin/
+FROM dunglas/frankenphp-dev:php8.4-bookworm AS base
 
-RUN install-php-extensions bcmath gd intl zip pcntl pdo_mysql pdo_pgsql bz2
+ADD https://github.com/mlocati/docker-php-extension-installer/releases/latest/download/install-php-extensions /usr/local/bin/install-php-extensions
+
+RUN chmod +x /usr/local/bin/install-php-extensions \
+    && install-php-extensions bcmath gd intl zip pcntl pdo_mysql pdo_pgsql bz2
 
 RUN rm /usr/local/bin/install-php-extensions
 
@@ -62,16 +66,18 @@ RUN yarn run build
 # ================================
 # Stage 5: Build Final Application Image
 # ================================
-FROM --platform=$TARGETOS/$TARGETARCH base AS final
+FROM base AS final
 
 WORKDIR /var/www/html
 
 # Install additional required libraries
-RUN apk add --no-cache \
+RUN apt-get update \
+    && apt-get install -y --no-install-recommends \
     # packages for running the panel
-    caddy ca-certificates supervisor supercronic fcgi coreutils \
+    ca-certificates supervisor curl coreutils netcat-openbsd \
     # required for installing plugins. Pulled from https://github.com/pelican-dev/panel/pull/2034
-    zip unzip 7zip bzip2-dev yarn git
+    zip unzip p7zip-full bzip2 git yarnpkg \
+    && rm -rf /var/lib/apt/lists/*
 
 COPY --chown=root:www-data --chmod=770 --from=composerbuild /build .
 COPY --chown=root:www-data --chmod=770 --from=yarnbuild /build/public ./public
@@ -88,25 +94,23 @@ RUN mkdir -p /pelican-data/storage /pelican-data/plugins /var/run/supervisord \
 # Allow www-data write permissions where necessary
     && chown -R www-data: /pelican-data .env ./storage ./plugins ./bootstrap/cache /var/run/supervisord /var/www/html/public/storage \
     && chmod -R 770 /pelican-data ./storage ./bootstrap/cache /var/run/supervisord \
-    && chown -R www-data: /usr/local/etc/php/ /usr/local/etc/php-fpm.d/
+    && chown -R www-data: /usr/local/etc/php/
 
 # Configure Supervisor
 COPY docker/supervisord.conf /etc/supervisord.conf
 COPY docker/Caddyfile /etc/caddy/Caddyfile
-# Add Laravel scheduler to crontab
-COPY docker/crontab /etc/crontabs/crontab
 
 COPY docker/entrypoint.sh /entrypoint.sh
 COPY docker/healthcheck.sh /healthcheck.sh
 
 HEALTHCHECK --interval=5m --timeout=10s --start-period=5s --retries=3 \
-  CMD /bin/ash /healthcheck.sh
+  CMD /bin/sh /healthcheck.sh
 
 EXPOSE 80 443
 
 VOLUME /pelican-data
 
 USER www-data
 
-ENTRYPOINT [ "/bin/ash", "/entrypoint.sh" ]
+ENTRYPOINT [ "/bin/sh", "/entrypoint.sh" ]
 CMD [ "supervisord", "-n", "-c", "/etc/supervisord.conf" ]
diff --git a/docker/Caddyfile b/docker/Caddyfile
@@ -1,7 +1,7 @@
 {
 	servers {
 		## docs https://caddyserver.com/docs/caddyfile/options#trusted-proxies
-		{$CADDY_TRUSTED_PROXIES} 
+		{$CADDY_TRUSTED_PROXIES}
 		{$CADDY_STRICT_PROXIES}
 	}
 	admin off
@@ -14,5 +14,11 @@
 	encode gzip
 
 	file_server
-	php_fastcgi 127.0.0.1:9000
+
+	# FrankenPHP replaces php-fpm + fastcgi with an in-process PHP runtime.
+	# When we later want Laravel "worker mode", we can extend this block with
+	# FrankenPHP worker directives (often via Laravel Octane).
+	php_server {
+	    worker ./public/index.php
+	}
 }
diff --git a/docker/entrypoint.sh b/docker/entrypoint.sh
@@ -1,4 +1,4 @@
-#!/bin/ash -e
+#!/bin/sh -eu
 # check for .env file or symlink and generate app keys if missing
 if [ -f /var/www/html/.env ]; then
   echo "external vars exist."
@@ -10,30 +10,30 @@ else
   touch /pelican-data/.env
 
   # manually generate a key because key generate --force fails
-  if [ -z ${APP_KEY} ]; then
-    echo -e "Generating key."
+  if [ -z "${APP_KEY:-}" ]; then
+    echo "Generating key."
     APP_KEY=$(cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 32 | head -n 1)
-    echo -e "Generated app key: $APP_KEY"
-    echo -e "APP_KEY=$APP_KEY" > /pelican-data/.env
+    echo "Generated app key: $APP_KEY"
+    printf '%s\n' "APP_KEY=$APP_KEY" > /pelican-data/.env
   else
-    echo -e "APP_KEY exists in environment, using that."
-    echo -e "APP_KEY=$APP_KEY" > /pelican-data/.env
+    echo "APP_KEY exists in environment, using that."
+    printf '%s\n' "APP_KEY=$APP_KEY" > /pelican-data/.env
   fi
 
   # enable installer
-  echo -e "APP_INSTALLED=false" >> /pelican-data/.env
+  printf '%s\n' "APP_INSTALLED=false" >> /pelican-data/.env
 fi
 
 # create directories for volumes
 mkdir -p /pelican-data/database /pelican-data/storage/avatars /pelican-data/storage/fonts /pelican-data/storage/icons /pelican-data/plugins /var/www/html/storage/logs/supervisord 2>/dev/null
 
 # if the app is installed then we need to run migrations on start. New installs will run migrations when you run the installer.
-if [ "${APP_INSTALLED}" == "true" ];  then
+if [ "${APP_INSTALLED:-}" = "true" ] && [ "${SKIP_MIGRATIONS:-}" != "true" ]; then
   #if the db is anything but sqlite wait until it's accepting connections
-  if [ "${DB_CONNECTION}" != "sqlite" ]; then
+  if [ "${DB_CONNECTION:-}" != "sqlite" ]; then
     # check for DB up before starting the panel
     echo "Checking database status."
-    until nc -z -v -w30 $DB_HOST $DB_PORT
+    until nc -z -v -w30 "${DB_HOST:-}" "${DB_PORT:-}"
     do
       echo "Waiting for database connection..."
       # wait for 1 seconds before check again
@@ -44,21 +44,31 @@ if [ "${APP_INSTALLED}" == "true" ];  then
   php artisan migrate --force
 fi
 
-echo -e "Optimizing Filament"
+echo "Optimizing Filament"
 php artisan filament:optimize
 
 # default to caddy not starting
 export SUPERVISORD_CADDY=false
+export SUPERVISORD_QUEUE=true
+export SUPERVISORD_SCHEDULER=true
 export PARSED_APP_URL=${APP_URL}
 
+# allow running the queue worker and scheduler in separate containers later
+if [ "${SKIP_QUEUE:-}" = "true" ]; then
+  export SUPERVISORD_QUEUE=false
+fi
+if [ "${SKIP_SCHEDULER:-}" = "true" ]; then
+  export SUPERVISORD_SCHEDULER=false
+fi
+
 # checking if app url is using https
 if echo "${APP_URL}" | grep -qE '^https://'; then
   echo "https domain found setting email var"
   export PARSED_LE_EMAIL="email ${LE_EMAIL}"
 fi
 
 # when running behind a proxy
-if [ "${BEHIND_PROXY}" == "true" ]; then
+if [ "${BEHIND_PROXY:-}" = "true" ]; then
   echo "running behind proxy"
   echo "listening on port 80 internally"
   export PARSED_LE_EMAIL=""
@@ -68,19 +78,19 @@ if [ "${BEHIND_PROXY}" == "true" ]; then
 fi
 
 # disable caddy if SKIP_CADDY is set
-if [ "${SKIP_CADDY:-}" == "true" ]; then
-  echo "Starting PHP-FPM only"
+if [ "${SKIP_CADDY:-}" = "true" ]; then
+  echo "Starting app services without web server"
 else
-  echo "Starting PHP-FPM and Caddy"
+  echo "Starting app services"
   # enable caddy
   export SUPERVISORD_CADDY=true
 
   # handle trusted proxies for caddy when variable has data
-  if [ ! -z ${TRUSTED_PROXIES} ]; then
+  if [ -n "${TRUSTED_PROXIES:-}" ]; then
     export CADDY_TRUSTED_PROXIES=$(echo "trusted_proxies static ${TRUSTED_PROXIES}" | sed 's/,/ /g')
     export CADDY_STRICT_PROXIES="trusted_proxies_strict"
   fi
 fi
 
 echo "Starting Supervisord"
-exec "$@"
+exec "$@"
diff --git a/docker/healthcheck.sh b/docker/healthcheck.sh
@@ -1,9 +1,6 @@
-#!/bin/ash -e
+#!/bin/sh -eu
 
-if [ ${SKIP_CADDY} ! "true" ]; then
-    curl -f http://localhost/up || exit 1
+# If the web server is enabled, ensure the app responds.
+if [ "${SKIP_CADDY:-}" != "true" ]; then
+  curl -fsS http://localhost/up >/dev/null
 fi
-
-cgi-fcgi -bind -connect 127.0.0.1:9000 || exit 2
-
-exit 0
diff --git a/docker/supervisord.conf b/docker/supervisord.conf
@@ -21,27 +21,23 @@ serverurl=unix:///tmp/supervisor.sock         ; use a unix:// URL  for a unix so
 username=dummy
 password=dummy
 
-[program:php-fpm]
-command=/usr/local/sbin/php-fpm -F
-autostart=true
-autorestart=true
-
-[program:queue-worker]
-command=/usr/local/bin/php /var/www/html/artisan queue:work --tries=3
-autostart=true
-autorestart=true
-
 [program:caddy]
-command=caddy run --config /etc/caddy/Caddyfile --adapter caddyfile
+
+command=/usr/local/bin/frankenphp run --config /etc/caddy/Caddyfile --adapter caddyfile
 autostart=%(ENV_SUPERVISORD_CADDY)s
 autorestart=%(ENV_SUPERVISORD_CADDY)s
 priority=10
 stdout_logfile=/dev/fd/1
 stdout_logfile_maxbytes=0
 redirect_stderr=true
 
-[program:supercronic]
-command=supercronic -overlapping /etc/crontabs/crontab
-autostart=true
-autorestart=true
+[program:queue-worker]
+command=/usr/local/bin/php /var/www/html/artisan queue:work --tries=3
+autostart=%(ENV_SUPERVISORD_QUEUE)s
+autorestart=%(ENV_SUPERVISORD_QUEUE)s
+
+[program:scheduler]
+command=/usr/local/bin/php /var/www/html/artisan schedule:work
+autostart=%(ENV_SUPERVISORD_SCHEDULER)s
+autorestart=%(ENV_SUPERVISORD_SCHEDULER)s
 redirect_stderr=true
