mautic
FPM Image Issues
Hello,
I've verified that the tag 5.2.4-fpm contains version 5.2.1 of Mautic.
I tried doing my custom build (php 8.1 and 8.2) using the Dockerfile from the repo, and it still showed up as 5.2.1. The same happened when I did a custom build for 5.2.3.
The issue might be related not to the docker image itself but to the examplified docker-compose.yml for fpm.
Line 10 reads - mautic-docroot:/var/www/html/docroot:z, meaning that mautic will be mounted as a volume, impeding the upgrade process.
I should do some checks in a few hours. I will keep this thread updated!
Indeed, the issue was solved by manually removing the volume.
I'll oeep the issue open meanwhile we work on a fix / README clarification for it.
Hmm, you are right. This line shouldn't be there:
https://github.com/mautic/docker-mautic/blob/mautic5/examples/fpm-nginx/docker-compose.yml#L10
Because the config, images, logs, files are are all mentioned as volumes above it. And the other 2 examples don't have this line. Can you create a PR that will remove this line?
Because the config, images, logs, files are are all mentioned as volumes above it. And the other 2 examples don't have this line. Can you create a PR that will remove this line?
The problem is: if we don't have this line, Nginx won't be able to serve files.
The alternatives I'm thinking about are:
-
Add "warnings", both on the file and README, pointing this out.
-
Create a custom Nginx container (meaning, maintaining another image) that has the static files attributed to it.
I think that alternative 2 would be the best one, but given that even the mautic image itself is currently "unmaintained", we could do alternative 1 for the tike being.
What do you think?
I'm no Docker expert. So I did what the people with no knowledge do these days and discussed this issue with AI. It suggests this:
version: '3'
x-mautic-volumes:
&mautic-volumes
- ./mautic/config:/var/www/html/config:z
- ./mautic/logs:/var/www/html/var/logs:z
- ./mautic/media/files:/var/www/html/docroot/media/files:z
- ./mautic/media/images:/var/www/html/docroot/media/images:z
- ./cron:/opt/mautic/cron:z
- mautic-docroot:/var/www/html/docroot:z
services:
+ init:
+ image: busybox
+ volumes:
+ - /var/run/docker.sock:/var/run/docker.sock
+ entrypoint: ["sh", "-c", "docker-compose down && docker volume rm ${COMPOSE_PROJECT_NAME}_mautic-docroot && docker-compose up -d"]
+ depends_on:
+ - db
db:
image: mysql:8.0
environment:
- MYSQL_ROOT_PASSWORD=${MYSQL_ROOT_PASSWORD}
- MYSQL_DATABASE=${MYSQL_DATABASE}
- MYSQL_USER=${MYSQL_USER}
- MYSQL_PASSWORD=${MYSQL_PASSWORD}
volumes:
- mysql-data:/var/lib/mysql
healthcheck:
test: mysqladmin --user=$$MYSQL_USER --password=$$MYSQL_PASSWORD ping
start_period: 5s
interval: 5s
timeout: 5s
retries: 10
networks:
- default
nginx:
image: nginx
volumes:
- ./nginx.conf:/etc/nginx/conf.d/default.conf
- mautic-docroot:/var/www/html/docroot:z
depends_on:
- mautic_web
ports:
- 8002:80
networks:
- default
mautic_web:
image: mautic/mautic:5-fpm
links:
- db:mysql
volumes: *mautic-volumes
environment:
- DOCKER_MAUTIC_LOAD_TEST_DATA=${DOCKER_MAUTIC_LOAD_TEST_DATA}
- DOCKER_MAUTIC_RUN_MIGRATIONS=${DOCKER_MAUTIC_RUN_MIGRATIONS}
env_file:
- .mautic_env
healthcheck:
test: cgi-fcgi -bind -connect 127.0.0.1:9000
start_period: 5s
interval: 5s
timeout: 5s
retries: 100
depends_on:
db:
condition: service_healthy
networks:
- default
mautic_cron:
image: mautic/mautic:5-fpm
links:
- db:mysql
volumes: *mautic-volumes
environment:
- DOCKER_MAUTIC_ROLE=mautic_cron
env_file:
- .mautic_env
depends_on:
mautic_web:
condition: service_healthy
networks:
- default
mautic_worker:
image: mautic/mautic:5-fpm
links:
- db:mysql
volumes: *mautic-volumes
environment:
- DOCKER_MAUTIC_ROLE=mautic_worker
env_file:
- .mautic_env
depends_on:
mautic_web:
condition: service_healthy
networks:
- default
volumes:
mysql-data:
mautic-docroot:
networks:
default:
name: ${COMPOSE_PROJECT_NAME}-docker
Do you think it's on to something?
Hey @escopecz ,
Thank you for the suggestion. Sadly, that's not a good security practice, as you give a container full access to manage docker (consequently, one exploit on Busybox could compromise the whole host).
I'm trying to find a way how to automate it as users usually forget to check the docs every time they'll upgrade. If there is no secure way how to do it then we'll have to go with the docs.
I think the best thing we could do is to have another container, only with the static files, running nginx.
Actually, I would really advise that. Otherwise, we would need to change more things on the example too, as the current nginx.conf is VERY unsafe.
Perhaps we can wait a bit for the new maintainers to join the boat and organize what's already pending, and then think about the nginx image...
Hi! Just a suggestion: there is a project called FrankenPHP (the modern PHP app server) which has been adopted by the PHP foundation. Not only does it combine webserver and PHP in a single container, it's also significantly faster than anything I tried before. I don't have any affiliation with the project, but it seems like a good fit for you if you want to provide a single, trustworthy, and performant docker image.
