NGINX + Bedrock & Sage with Docker Compose

docker-compose.yml:

version: "3.8"

services:
    wordpress:
        container_name: ${PROJECT:-project}_wp
        image: ${PROJECT:-project}_wp:${IMAGE_TAG:-production}
        build: .
        restart: always
        working_dir: /project/web
        volumes:
            
            - ./common/db/:/project/common/db/
        networks:
            - backend
        env_file: .env
        security_opt:
            - no-new-privileges

    database:
        container_name: ${PROJECT:-project}_db
        platform: linux/x86_64
        image: mysql:5.7
        restart: always
        environment:
            MYSQL_DATABASE: ${DB_NAME:-database_name}
            MYSQL_USER: ${DB_USER:-database_user}
            MYSQL_PASSWORD: ${DB_PASSWORD:-database_password}
            MYSQL_ROOT_PASSWORD: ${DB_ROOT_PASSWORD:-database_root_password}
        volumes:
            - database:/var/lib/mysql
        networks:
            - backend
        security_opt:
            - no-new-privileges

    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    

networks:
    backend: {}

volumes:
    database: {}

Dockerfile:

FROM composer:2.0 as builder


COPY ./composer.json composer.json
COPY ./composer.lock composer.lock
COPY ./auth.json auth.json
RUN mkdir -p /app/web/app/mu-plugins
RUN composer install --no-dev


RUN mkdir -p /app/theme
COPY ./web/app/themes/theme-name/ /app/theme
RUN composer install -d /app/theme/ --ignore-platform-reqs
RUN composer test -d /app/theme/





FROM node:12-alpine as frontend

RUN mkdir -p /app/theme
COPY ./web/app/themes/theme-name/ /app/theme
WORKDIR /app/theme
RUN yarn install --ignore-optional --frozen-lockfile && yarn build:production
RUN yarn lint:js
RUN yarn lint:css





FROM wordpress:php7.4-fpm-alpine


RUN curl -sS -o /usr/local/bin/wp https://raw.githubusercontent.com/wp-cli/builds/gh-pages/phar/wp-cli.phar && 
	chmod +x /usr/local/bin/wp


RUN apk update && apk add -f nginx mysql-client


COPY ./config/nginx/ /etc/nginx/


RUN nginx -t


RUN touch /var/run/nginx.pid


RUN chown -R www-data:www-data /var/lib/nginx/ && 
	chown -R www-data:www-data /var/run/


RUN ln -sf /dev/stdout /var/log/nginx/access.log
RUN ln -sf /dev/stderr /var/log/nginx/error.log


ADD ./common /project/common
ADD ./config /project/config
ADD ./web /project/web


COPY --from=builder /app/vendor /project/vendor
COPY --from=builder /app/web/wp /project/web/wp
COPY --from=builder /app/web/app/plugins/ /project/web/app/plugins/
COPY --from=builder /app/web/app/mu-plugins/ /project/web/app/mu-plugins/


COPY --from=builder /app/theme/vendor /project/web/app/themes/netsparker/vendor


COPY --from=frontend /app/theme/public /project/web/app/themes/netsparker/public


RUN chown -R www-data:www-data /project/ && 
    find /project/ -type f -exec chmod 644 {} ; && 
    find /project/ -type d -exec chmod 755 {} ;


WORKDIR /project


EXPOSE 80 443


CMD php-fpm | nginx -g 'daemon off;'


USER www-data

NGINX default.conf:

server {

    listen 80;
    listen [::]:80;
    listen 443 http2;
    listen [::]:443 http2;

    server_name _;


	client_body_timeout 3s;
	client_header_timeout 3s;


    root /project/web;
    index index.php index.htm index.html;


    
    location ~* /app/uploads/.*.php$ {
       deny all;
    }

    location / {
        try_files $uri $uri/ /index.php?$args;
    }

    
    location ~ .php$ {
        try_files $uri =404;
        fastcgi_split_path_info ^(.+.php)(/.+)$;
        fastcgi_pass localhost:9000;
        fastcgi_index index.php;
        include fastcgi_params;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
        fastcgi_param PATH_INFO $fastcgi_path_info;
        fastcgi_param HTTP_PROXY "";
        if (!-f $document_root$fastcgi_script_name) {
            return 404;
        }

        fastcgi_buffer_size 128k;
        fastcgi_buffers 256 16k;
        fastcgi_busy_buffers_size 256k;
        fastcgi_temp_file_write_size 256k;
    }

}