use supervisord in image

nix/image/configs/nginx.conf

@@ -0,0 +1,113 @@
+user haze;
+worker_processes 4;
+pid /run/nginx.pid;
+daemon off;
+
+events {
+    worker_connections 768;
+    # multi_accept on;
+}
+
+http {
+    ##
+    # Basic Settings
+    ##
+
+    sendfile off;
+    tcp_nopush on;
+    tcp_nodelay on;
+    keepalive_timeout 65;
+    types_hash_max_size 2048;
+    # server_tokens off;
+
+    # server_names_hash_bucket_size 64;
+    # server_name_in_redirect off;
+
+    include /conf/mime.types;
+    types {
+        application/javascript mjs;
+    }
+    default_type application/octet-stream;
+
+    ##
+    # Logging Settings
+    ##
+
+    access_log /var/log/nginx/access.log;
+    error_log /var/log/nginx/error.log;
+
+    ##
+    # Gzip Settings
+    ##
+
+    gzip on;
+    gzip_disable "msie6";
+
+
+    # Don't send the nginx version number in error pages and Server header
+    server_tokens off;
+
+    upstream php-handler {
+        server unix:/var/run/php-fpm.sock;
+    }
+
+    server {
+        listen 80;
+
+        # Path to the root of your installation
+        root /var/www/html;
+
+        client_max_body_size 10G;
+        # set max upload size
+        fastcgi_buffers 64 4K;
+
+        index index.php index.html /index.php$request_uri;
+
+        location = /robots.txt {
+            allow all;
+            log_not_found off;
+            access_log off;
+        }
+
+        location ^~ /store_apps {
+            root /var/www;
+            try_files $uri /index.php$request_uri;
+            access_log off;     # Optional: Don't log access to assets
+
+            location ~ \.wasm$ {
+                default_type application/wasm;
+            }
+        }
+
+        include /conf/nginx-app.conf;
+
+        location ~ \.php(?:$|/) {
+            rewrite ^/(?!index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|ocs-provider\/.+|.+\/richdocumentscode\/proxy) /index.php$request_uri;
+
+            fastcgi_split_path_info ^(.+\.php)(/.+)$;
+            include /conf/fastcgi_params;
+            fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
+            fastcgi_param PATH_INFO $fastcgi_path_info;
+            fastcgi_pass php-handler;
+            fastcgi_read_timeout 3600;
+            proxy_request_buffering off;
+            fastcgi_request_buffering off;
+            fastcgi_buffering off;
+        }
+
+        location ~ \.(?:css|js|mjs|svg|gif|png|jpg|ico|wasm|tflite|map)$ {
+            try_files $uri /index.php$request_uri;
+            access_log off;     # Optional: Don't log access to assets
+
+            location ~ \.wasm$ {
+                default_type application/wasm;
+            }
+        }
+
+        location ~ \.woff2?$ {
+            try_files $uri /index.php$request_uri;
+            expires 7d;         # Cache-Control policy borrowed from `.htaccess`
+            access_log off;     # Optional: Don't log access to assets
+        }
+    }
+}

nix/image/configs/php-fpm.conf

@@ -0,0 +1,28 @@
+[global]
+
+error_log = /proc/self/fd/2
+daemonize = no
+
+[www]
+
+access.log = /proc/self/fd/2
+
+user = haze
+group = haze
+
+listen = /var/run/php-fpm.sock
+
+listen.owner = haze
+listen.group = haze
+listen.mode = 0660
+
+pm = dynamic
+pm.max_children = 5
+pm.start_servers = 2
+pm.min_spare_servers = 1
+pm.max_spare_servers = 3
+
+clear_env = no
+
+; Ensure worker stdout and stderr are sent to the main error log.
+catch_workers_output = yes

nix/image/configs/supervisor/blackfire.conf

@@ -0,0 +1,2 @@
+[program:blackfire]
+command = blackfire agent

nix/image/configs/supervisor/redis-plain.conf

@@ -0,0 +1,2 @@
+[program:redis]
+command = /bin/redis-server --protected-mode no

nix/image/configs/supervisor/redis-tls.conf

@@ -0,0 +1,6 @@
+[program:redis-tls]
+command = /bin/redis-server --protected-mode no \
+  --tls-port 6379 --port 0 \
+  --tls-cert-file /certificates/redis/server.crt \
+  --tls-key-file /certificates/redis/server.key \
+  --tls-ca-cert-file /certificates/redis/ca.crt

nix/image/configs/supervisor/supervisord.conf

@@ -0,0 +1,25 @@
+[supervisord]
+logfile = /dev/stdout
+logfile_maxbytes = 0
+nodaemon = true
+pidfile = /var/run/supervisord.pid
+
+[unix_http_server]
+file = /var/run/supervisor.sock
+chmod = 0777
+
+
+[rpcinterface:supervisor]
+supervisor.rpcinterface_factory = supervisor.rpcinterface:make_main_rpcinterface
+
+[supervisorctl]
+serverurl = unix:///var/run/supervisor.sock
+
+[program:nginx]
+command = /bin/nginx -c /etc/nginx.conf
+
+[program:php-fpm]
+command = /bin/php-fpm --fpm-config /etc/php-fpm.conf
+
+[include]
+files = enabled/*