NGINX + Bedrock & Sage with Docker Compose

docker-compose.yml:

version: "3.8"

services:
    wordpress:
        container_name: ${PROJECT:-project}_wp
        image: ${PROJECT:-project}_wp:${IMAGE_TAG:-production}
        build: .
        restart: always
        working_dir: /project/web
        volumes:
            
            - ./common/db/:/project/common/db/
        networks:
            - backend
        env_file: .env
        security_opt:
            - no-new-privileges
    database:
        container_name: ${PROJECT:-project}_db
        platform: linux/x86_64
        image: mysql:5.7
        restart: always
        environment:
            MYSQL_DATABASE: ${DB_NAME:-database_name}
            MYSQL_USER: ${DB_USER:-database_user}
            MYSQL_PASSWORD: ${DB_PASSWORD:-database_password}
            MYSQL_ROOT_PASSWORD: ${DB_ROOT_PASSWORD:-database_root_password}
        volumes:
            - database:/var/lib/mysql
        networks:
            - backend
        security_opt:
            - no-new-privileges
networks:
    backend: {}

volumes:
    database: {}

Dockerfile:

FROM composer:2.0 as builder

COPY ./composer.json composer.json
COPY ./composer.lock composer.lock
COPY ./auth.json auth.json
RUN mkdir -p /app/web/app/mu-plugins
RUN composer install --no-dev

RUN mkdir -p /app/theme
COPY ./web/app/themes/theme-name/ /app/theme
RUN composer install -d /app/theme/ --ignore-platform-reqs
RUN composer test -d /app/theme/

FROM node:12-alpine as frontend

RUN mkdir -p /app/theme
COPY ./web/app/themes/theme-name/ /app/theme
WORKDIR /app/theme
RUN yarn install --ignore-optional --frozen-lockfile && yarn build:production
RUN yarn lint:js
RUN yarn lint:css

FROM wordpress:php7.4-fpm-alpine
RUN curl -sS -o /usr/local/bin/wp https://raw.githubusercontent.com/wp-cli/builds/gh-pages/phar/wp-cli.phar && 
	chmod +x /usr/local/bin/wp
RUN apk update && apk add -f nginx mysql-client

COPY ./config/nginx/ /etc/nginx/

RUN nginx -t

RUN touch /var/run/nginx.pid

RUN chown -R www-data:www-data /var/lib/nginx/ && 
	chown -R www-data:www-data /var/run/

RUN ln -sf /dev/stdout /var/log/nginx/access.log
RUN ln -sf /dev/stderr /var/log/nginx/error.log

ADD ./common /project/common
ADD ./config /project/config
ADD ./web /project/web

COPY --from=builder /app/vendor /project/vendor
COPY --from=builder /app/web/wp /project/web/wp
COPY --from=builder /app/web/app/plugins/ /project/web/app/plugins/
COPY --from=builder /app/web/app/mu-plugins/ /project/web/app/mu-plugins/

COPY --from=builder /app/theme/vendor /project/web/app/themes/netsparker/vendor
COPY --from=frontend /app/theme/public /project/web/app/themes/netsparker/public

RUN chown -R www-data:www-data /project/ && 
    find /project/ -type f -exec chmod 644 {} ; && 
    find /project/ -type d -exec chmod 755 {} ;

WORKDIR /project

EXPOSE 80 443

CMD php-fpm | nginx -g 'daemon off;'

USER www-data

NGINX default.conf:

server {
    listen 80;
    listen [::]:80;
    listen 443 http2;
    listen [::]:443 http2;

    server_name _;
    client_body_timeout 3s;
    client_header_timeout 3s;

    root /project/web;
    index index.php index.htm index.html;
    
    location ~* /app/uploads/.*.php$ {
       deny all;
    }

    location / {
        try_files $uri $uri/ /index.php?$args;
    }

    location ~ .php$ {
        try_files $uri =404;
        fastcgi_split_path_info ^(.+.php)(/.+)$;
        fastcgi_pass localhost:9000;
        fastcgi_index index.php;
        include fastcgi_params;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
        fastcgi_param PATH_INFO $fastcgi_path_info;
        fastcgi_param HTTP_PROXY "";
        if (!-f $document_root$fastcgi_script_name) {
            return 404;
        }

        fastcgi_buffer_size 128k;
        fastcgi_buffers 256 16k;
        fastcgi_busy_buffers_size 256k;
        fastcgi_temp_file_write_size 256k;
    }

}