From 2e3f49e1cc7c3dbd2838c95d1d3d50687b425457 Mon Sep 17 00:00:00 2001 From: Rahul Soni Date: Sun, 12 Apr 2026 15:54:56 +0530 Subject: [PATCH] Improve Dockerfile and entrypoint for production use - Add apt cache cleanup (rm -rf /var/lib/apt/lists/*) to reduce image size - Add HEALTHCHECK instruction for container health monitoring - Add SIGTERM/SIGINT trap in entrypoint for graceful shutdown - Add custom setup.sh hook support via volume mount - Consolidate post-setup RUN layers (setup, chown, config backup) - Add descriptive comments throughout Dockerfile - Fail build explicitly on unsupported platforms (exit 1) - Add -y flag consistently to all apt-get install commands Tested with OLS 1.8.5 + lsphp85 on linux/arm64: - HTTP 200, HTTPS 200 - HEALTHCHECK reports healthy - Graceful shutdown via docker stop completes without timeout --- template/Dockerfile | 40 ++++++++++++++++++++++++++++++---------- template/entrypoint.sh | 13 ++++++++++++- 2 files changed, 42 insertions(+), 11 deletions(-) diff --git a/template/Dockerfile b/template/Dockerfile index fb94b14..a0e71ac 100644 --- a/template/Dockerfile +++ b/template/Dockerfile @@ -7,8 +7,10 @@ ARG TARGETPLATFORM ENV LS_FD='/usr/local/lsws' ENV PHPINI_PATH="$LS_FD/$PHP_VERSION/etc/php/*/litespeed/php.ini" -RUN apt-get update && apt-get install wget curl cron tzdata -y +# Install base dependencies +RUN apt-get update && apt-get install -y wget curl cron tzdata +# Install OpenLiteSpeed (platform-aware) RUN if [ "$TARGETPLATFORM" = "linux/amd64" ]; then \ wget https://openlitespeed.org/packages/openlitespeed-$OLS_VERSION-x86_64-linux.tgz && \ tar xzf openlitespeed-$OLS_VERSION-x86_64-linux.tgz && cd openlitespeed && ./install.sh && \ @@ -18,31 +20,42 @@ RUN if [ "$TARGETPLATFORM" = "linux/amd64" ]; then \ tar xzf openlitespeed-$OLS_VERSION-aarch64-linux.tgz && cd openlitespeed && ./install.sh && \ echo 'cloud-docker' > $LS_FD/PLAT && rm -rf /openlitespeed && rm /openlitespeed-$OLS_VERSION-aarch64-linux.tgz; \ else \ - echo "$TARGETPLATFORM is not supported"; \ + echo "$TARGETPLATFORM is not supported" && exit 1; \ fi +# Setup LiteSpeed repos RUN wget -O - https://repo.litespeed.sh | bash -RUN apt-get update && apt-get install mysql-client $PHP_VERSION $PHP_VERSION-common $PHP_VERSION-mysql \ - $PHP_VERSION-curl $PHP_VERSION-imagick $PHP_VERSION-redis $PHP_VERSION-memcached $PHP_VERSION-intl -y +# Install PHP, extensions, and MySQL client +RUN apt-get update && apt-get install -y \ + mysql-client $PHP_VERSION $PHP_VERSION-common $PHP_VERSION-mysql \ + $PHP_VERSION-curl $PHP_VERSION-imagick $PHP_VERSION-redis \ + $PHP_VERSION-memcached $PHP_VERSION-intl -RUN ["/bin/bash", "-c", "case \"$PHP_VERSION\" in lsphp81|lsphp82|lsphp83|lsphp84) apt-get install ${PHP_VERSION}-opcache -y ;; esac"] +RUN ["/bin/bash", "-c", "case \"$PHP_VERSION\" in lsphp81|lsphp82|lsphp83|lsphp84) apt-get install -y ${PHP_VERSION}-opcache ;; esac"] -RUN ["/bin/bash", "-c", "if [[ $PHP_VERSION == lsphp7* ]]; then apt-get install $PHP_VERSION-json -y; fi"] +RUN ["/bin/bash", "-c", "if [[ $PHP_VERSION == lsphp7* ]]; then apt-get install -y $PHP_VERSION-json; fi"] +# Clean apt cache to reduce image size +RUN rm -rf /var/lib/apt/lists/* + +# Fetch admin update script RUN wget -O $LS_FD/admin/misc/lsup.sh \ https://raw.githubusercontent.com/litespeedtech/openlitespeed/master/dist/admin/misc/lsup.sh && \ chmod +x $LS_FD/admin/misc/lsup.sh +# Tune PHP settings for production use RUN sed -i 's/memory_limit = 128M/memory_limit = 1024M/g' $PHPINI_PATH && \ sed -i 's/upload_max_filesize = 2M/upload_max_filesize = 1024M/g' $PHPINI_PATH && \ sed -i 's/post_max_size = 8M/post_max_size = 1024M/g' $PHPINI_PATH && \ sed -i 's/max_execution_time = 30/max_execution_time = 300/g' $PHPINI_PATH +# Install WP-CLI and symlink PHP binary RUN curl -O https://raw.githubusercontent.com/wp-cli/builds/gh-pages/phar/wp-cli.phar && \ chmod +x wp-cli.phar && mv wp-cli.phar /usr/bin/wp && \ ln -s $LS_FD/$PHP_VERSION/bin/php /usr/bin/php +# Install ACME.sh for SSL certificate management RUN wget -O - https://get.acme.sh | sh EXPOSE 7080 @@ -52,14 +65,21 @@ ADD docker.conf $LS_FD/conf/templates/docker.conf ADD setup_docker.sh $LS_FD/bin/setup_docker.sh ADD htpasswd $LS_FD/admin/conf/htpasswd -RUN $LS_FD/bin/setup_docker.sh && rm $LS_FD/bin/setup_docker.sh -RUN chown 994:994 $LS_FD/conf -R -RUN cp -RP $LS_FD/conf/ $LS_FD/.conf/ -RUN cp -RP $LS_FD/admin/conf $LS_FD/admin/.conf/ +# Setup config, permissions, and config backups (consolidated layer) +RUN $LS_FD/bin/setup_docker.sh && rm $LS_FD/bin/setup_docker.sh \ + && chown 994:994 $LS_FD/conf -R \ + && cp -RP $LS_FD/conf/ $LS_FD/.conf/ \ + && cp -RP $LS_FD/admin/conf $LS_FD/admin/.conf/ + +# Link PHP binaries based on version RUN ["/bin/bash", "-c", "if [[ $PHP_VERSION == lsphp8* ]]; then ln -sf $LS_FD/$PHP_VERSION/bin/lsphp $LS_FD/fcgi-bin/lsphp8; fi"] RUN ["/bin/bash", "-c", "if [[ $PHP_VERSION == lsphp8* ]]; then ln -sf $LS_FD/fcgi-bin/lsphp8 $LS_FD/fcgi-bin/lsphp; fi"] RUN ["/bin/bash", "-c", "if [[ $PHP_VERSION == lsphp7* ]]; then ln -sf $LS_FD/$PHP_VERSION/bin/lsphp $LS_FD/fcgi-bin/lsphp7; fi"] RUN ["/bin/bash", "-c", "if [[ $PHP_VERSION == lsphp7* ]]; then ln -sf $LS_FD/fcgi-bin/lsphp7 $LS_FD/fcgi-bin/lsphp; fi"] + +HEALTHCHECK --interval=30s --timeout=5s --start-period=10s --retries=3 \ + CMD curl -sf http://localhost/ -o /dev/null || exit 1 + COPY entrypoint.sh /entrypoint.sh RUN chmod +x /entrypoint.sh ENTRYPOINT ["/entrypoint.sh"] diff --git a/template/entrypoint.sh b/template/entrypoint.sh index 820940e..23a8275 100644 --- a/template/entrypoint.sh +++ b/template/entrypoint.sh @@ -1,4 +1,6 @@ #!/bin/bash + +# Restore default config if volumes are empty if [ -z "$(ls -A -- "/usr/local/lsws/conf/")" ]; then cp -R /usr/local/lsws/.conf/* /usr/local/lsws/conf/ fi @@ -8,12 +10,21 @@ fi chown 994:994 /usr/local/lsws/conf -R chown 994:1001 /usr/local/lsws/admin/conf -R +# Graceful shutdown handler +shutdown() { + echo "Received shutdown signal, stopping OpenLiteSpeed..." + /usr/local/lsws/bin/lswsctrl stop + exit 0 +} +trap shutdown SIGTERM SIGINT + /usr/local/lsws/bin/lswsctrl start $@ + +# Monitor OLS process; exit if it dies while true; do if ! /usr/local/lsws/bin/lswsctrl status | /usr/bin/grep 'litespeed is running with PID *' > /dev/null; then break fi sleep 60 done -