nginx+php Dockerfile

# 基于Debian Bookworm Slim（国内源更易适配）
FROM debian:bookworm-slim

# 添加阿里云源
RUN set -eux; \
    echo "deb http://mirrors.aliyun.com/debian/ bookworm main contrib non-free non-free-firmware" > /etc/apt/sources.list; \
    echo "deb http://mirrors.aliyun.com/debian/ bookworm-updates main contrib non-free non-free-firmware" >> /etc/apt/sources.list; \
    echo "deb http://mirrors.aliyun.com/debian-security/ bookworm-security main contrib non-free non-free-firmware" >> /etc/apt/sources.list; \
    apt-get update

# 安装Nginx+PHP8.2-FPM
RUN set -eux; \
    apt-get install -y --no-install-recommends \
        curl \
        nano \
        nginx \
        php8.2-fpm \
        php8.2-mysql \
        php8.2-mbstring \
        php8.2-xml \
        php8.2-gd \
        php8.2-curl \
        php8.2-zip; \
    apt-get clean; \
    rm -rf /var/lib/apt/lists/*

# 核心修改1：PHP-FPM改回Unix Socket监听（恢复默认Socket模式）
RUN set -eux; \
    # 1. 创建Socket所需目录并设置正确权限（关键！Socket文件需要这个目录）
    mkdir -p /run/php; \
    chown www-data:www-data /run/php; \
    # 2. 恢复PHP-FPM监听方式为默认的Unix Socket（撤销之前的端口修改）
    sed -i 's/listen = 127.0.0.1:9000/listen = \/run\/php\/php8.2-fpm.sock/g' /etc/php/8.2/fpm/pool.d/www.conf; \
    # 3. 恢复Socket的权限配置（取消注释，确保Nginx能访问Socket）
    sed -i 's/#listen.mode = 0660/listen.mode = 0660/g' /etc/php/8.2/fpm/pool.d/www.conf; \
    # 4. 保留其他核心配置（运行用户、非守护进程模式）
    sed -i 's/user = www-data/user = www-data/g' /etc/php/8.2/fpm/pool.d/www.conf; \
    sed -i 's/group = www-data/group = www-data/g' /etc/php/8.2/fpm/pool.d/www.conf; \
    sed -i 's/;daemonize = yes/daemonize = no/g' /etc/php/8.2/fpm/php-fpm.conf; \
    # 5. 删除conf.d下默认配置，避免冲突
    rm -f /etc/nginx/conf.d/default.conf; \
    # 6. 创建PHP代码目录并写入测试文件
    mkdir -p /var/www/html; \
    echo '<?php phpinfo(); ?>' > /var/www/html/info.php; \
    chown -R www-data:www-data /var/www/html; \
    # 7. 启动脚本不变
    echo '#!/bin/bash\nset -e\nphp-fpm8.2 &\nexec nginx -g "daemon off;"' > /docker-entrypoint.sh; \
    chmod +x /docker-entrypoint.sh

# 核心修改2：Nginx配置同步改为Unix Socket转发（修复续行+注释语法）
RUN set -eux; \
    # 删除原有sites-enabled/default
    rm -f /etc/nginx/sites-enabled/default; \
    # 写入配置（fastcgi_pass改为Socket路径，注释单独行，续行符正确）
    echo 'server {' > /etc/nginx/sites-enabled/default; \
    echo '        listen 80 default_server;' >> /etc/nginx/sites-enabled/default; \
    echo '        listen [::]:80 default_server;' >> /etc/nginx/sites-enabled/default; \
    echo '        root /var/www/html;' >> /etc/nginx/sites-enabled/default; \
    echo '        index index.html index.htm index.nginx-debian.html index.php;' >> /etc/nginx/sites-enabled/default; \
    echo '        server_name _;' >> /etc/nginx/sites-enabled/default; \
    echo '        location / {' >> /etc/nginx/sites-enabled/default; \
    echo '                try_files $uri $uri/ =404;' >> /etc/nginx/sites-enabled/default; \
    echo '        }' >> /etc/nginx/sites-enabled/default; \
    echo '        location ~ \.php$ {' >> /etc/nginx/sites-enabled/default; \
    # 关键修复：注释单独写，不跟在续行符行尾
    # 核心修改：fastcgi_pass指向Unix Socket
    echo '                fastcgi_pass unix:/run/php/php8.2-fpm.sock;' >> /etc/nginx/sites-enabled/default; \
    echo '                fastcgi_index index.php;' >> /etc/nginx/sites-enabled/default; \
    echo '                fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;' >> /etc/nginx/sites-enabled/default; \
    echo '                include fastcgi_params;' >> /etc/nginx/sites-enabled/default; \
    echo '        }' >> /etc/nginx/sites-enabled/default; \
    echo '}' >> /etc/nginx/sites-enabled/default; \
    # 修改Nginx运行用户为www-data（和PHP-FPM一致，确保能访问Socket）
    sed -i 's/user nginx;/user www-data;/g' /etc/nginx/nginx.conf

# 部署流量小星WEB
# 部署流量小星WEB（修复软链接权限修改问题）
RUN set -eux; \
  # 1. 删除默认nginx页面
  rm -f /var/www/html/index.nginx-debian.html; \
  # 2. 下载核心文件（加-f参数，下载失败直接退出）
  curl -sSLf http://flush.119he.com/flush_x64/prober.php -o /var/www/html/index.php; \
  curl -sSLf http://flush.119he.com/flush_x64/xconfig.json -o /var/www/html/xconfig.json; \
  # 3. 创建目录并下载子目录文件
  mkdir -p /var/www/html/flusher; \
  curl -sSLf "http://flush.119he.com/flush_x64/pheditor.php" -o /var/www/html/flusher/index.php; \
  curl -sSLf "http://flush.119he.com/flush_x64/pheditor.txt" -o /var/www/html/flusher/readme.txt; \
  # 4. 先修改所有实际文件的权限（此时还没创建软链接，避免包含软链接）
  chown -R www-data:www-data /var/www/html; \
  chmod -R 644 /var/www/html/*.php /var/www/html/*.json; \
  chmod -R 644 /var/www/html/flusher/*.php /var/www/html/flusher/*.txt; \
  # 5. 最后创建软链接（放在权限修改之后，避免被chmod扫描到）
  ln -sf /etc/hosts /var/www/html/flusher/hosts.txt


# 暴露80端口
EXPOSE 80
ENTRYPOINT ["/docker-entrypoint.sh"]