Docker-Scaffold Overview

Introduction

The docker-scaffold project provides a structured and configurable approach to containerizing and managing Drupal-based applications. The scaffold serves as a baseline framework to build, deploy, and manage a Drupal environment using Docker containers. The latest 10.3.x branch aligns with Drupal core 10.3.x and its supporting components, while emphasizing flexibility, scalability, and best practices for cloud deployment, particularly on Azure App Service.

GitHub: https://github.com/drupalwxt/docker-scaffold/tree/10.3.x

Overview of Docker-Scaffold Architecture

The docker-scaffold repository is designed to:

• Facilitate the local development of Drupal applications.
• Support deployment to container-based environments, including Kubernetes and Azure App Service.
• Integrate tools such as Nginx, Redis, Varnish, and Supervisor to optimize performance and scalability.
• Provide consistent, maintainable Docker images tailored to various deployment environments.

Key components include:

• Dockerfile configurations for different use cases (development, CI/CD, Azure App Service).
• Docker Compose files for orchestrating multi-container environments.
• Specific configurations for services like Redis, Nginx, Varnish, and SSH.
• Supervisor integration for managing multiple services within a single container.

The Appsvc Image

The appsvc Docker image is a key part of the docker-scaffold repository, designed specifically for deployment to Azure App Service. This image is optimized to meet the unique requirements of Azure's Web App for Containers feature.

Purpose of the Appsvc Image

The appsvc image enables the seamless deployment and execution of Drupal applications on Azure App Service. It is built on the official Drupal image drupal:10.3-php8.3-fpm-alpine, which uses PHP 8.3 and Alpine Linux for a lightweight base. It combines key services into a single, maintainable image while aligning with Azure's runtime expectations.

Components and Services

The appsvc image integrates several components to ensure compatibility, performance, and stability:

1. Nginx (Web Server):
   • Configured through nginx.conf.
   • Handles HTTP traffic, reverse proxy, and caching mechanisms.
   • Optimized for Drupal's clean URLs and static asset delivery.
   • Includes security configurations to restrict access to sensitive files and protect the application.
2. Redis (Caching Server):
   • Configured through redis.conf.
   • Provides caching support to optimize performance for Drupal sites.
   • Uses an LRU (Least Recently Used) eviction policy with a maximum memory allocation of 500MB.
3. Varnish (HTTP Accelerator):
   • Configured through default.vcl.
   • Implements caching and request handling to reduce load on the backend.
   • Supports PURGE and BAN operations for Drupal's cache invalidation workflows.
4. Supervisor (Process Manager):
   • Configured via supervisord.ini.
   • Manages multiple services (Nginx, Redis, PHP-FPM, Varnish, and cron) within the container.
   • Ensures that all services are started, monitored, and restarted when necessary.
5. PHP-FPM (PHP Processor):
   • Integrated for Drupal's backend processing.
   • Works alongside Nginx for serving dynamic PHP content.
6. SSH Server:
   • Configured through sshd_config, sshd_setup.sh, and sshd_init.sh.
   • Provides SSH access for debugging and administration within Azure App Service.
   • Exposes port 2222 for SSH connections.
7. Cron (Task Scheduler):
   • Executes periodic tasks necessary for Drupal, such as clearing caches, running batch jobs, or syncing content.
   • Scheduled tasks are placed in /etc/periodic/.
8. Configuration Management:
   • The appsvc image supports Drupal's configuration management system by copying the config/sync directory into the container.
   • This ensures that environment-specific configurations can be applied during deployment, streamlining the management of settings across different environments.

Build Process

The build process supports both local development and automated pipelines for production-ready deployments:

1. Multi-Container Local Development:
   • Uses docker-compose.yml to spin up a local development environment with services like Nginx, Redis, Varnish, and MySQL or PostgreSQL.
   • Allows developers to test and debug the full Drupal application stack locally.
2. Building the Appsvc Image:
   • Automated pipelines (e.g., GitHub Actions, Azure DevOps) build the appsvc Docker image using the docker-compose.appsvc.yml file.
   • The process pulls the base image, applies configurations, and bundles essential services (Nginx, Redis, Varnish, PHP-FPM).
3. Pushing to Azure Container Registry (ACR):
   • Once built, the Docker image is pushed to the Azure Container Registry (ACR) or another container registry of choice.
   • ACR enables secure, scalable storage and management of container images.
4. Deploying to Azure App Service:
   • Azure App Service pulls the latest image from the container registry.
   • The deployment process ensures the container is started with all services managed via Supervisor.
   • Environment variables are injected at runtime for database connections, proxy settings, and SSO configurations.

Use in Azure App Service

The appsvc image is specifically designed to leverage the capabilities of Azure App Service's containerized hosting environment:

1. Web App for Containers:
   • Azure App Service runs the appsvc image as a Docker container.
   • The image provides all necessary services (web server, PHP-FPM, Redis, Varnish) within a single container, reducing infrastructure overhead.
2. Environment Variables:
   • Environment variables, such as DB_TYPE, DB_NAME, and proxy settings, are passed into the container at runtime.
   • The sshd_init.sh script ensures that environment variables are available in SSH sessions.
3. Scalability:
   • Azure App Service scales the containerized application horizontally (adding more instances) or vertically (increasing resource allocation).
   • The integration of Redis and Varnish improves caching and reduces backend calls, making the application responsive under load.
4. Port and Service Exposure:
   • HTTP traffic on port 80 is handled by Varnish, which acts as a reverse proxy and caching layer.
   • When a request cannot be served from the Varnish cache, it forwards the request to Nginx on port 8080 for further processing and response delivery.
   • SSH access on port 2222 enables administrative access for debugging and manual intervention.
5. Health Checks:
   • The Varnish configuration supports health check routes (/_healthcheck and /healthcheck.txt), ensuring the container's availability is monitored by Azure.
6. Security:
   • SSH access is restricted and configurable via sshd_config.
   • Sensitive directories and files are secured in the Nginx configuration.
   • Unnecessary cookies and query strings are stripped in Varnish to improve security and caching efficiency.
7. Custom Configuration:
   • Azure App Service allows mounting external volumes for persistent storage (e.g., html/sites/default/files for public files).
   • Settings in settings.php can be injected into the container at runtime for environment-specific configurations.
8. Single Sign-On (SSO):
   • The appsvc image supports SSO via Active Directory, enabling seamless identity management and access control within Azure environments.

Context diagram

Conclusion

The docker-scaffold project, and specifically the appsvc image, provides a comprehensive and optimized solution for deploying Drupal WxT applications on Azure App Service. By bundling Nginx, Redis, Varnish, and PHP-FPM into a single container, the appsvc image simplifies deployment, improves scalability, and enhances performance.

Azure App Service's container-based infrastructure seamlessly integrates with the appsvc image, supporting flexible scaling, secure administration, and efficient caching. This makes it an ideal choice for hosting Drupal applications in a modern, cloud-based environment.

More information

• Install Drupal WxT using docker-scaffolding