# 強制指定使用 bookworm (Debian 12) 基礎映像檔 FROM php:8.2-apache-bookworm SHELL ["/bin/bash", "-o", "pipefail", "-c"] # 1. 修正網路連線並安裝系統相依套件 (使用台灣 NCHC 鏡像站) RUN rm -f /etc/apt/sources.list.d/debian.sources /etc/apt/sources.list && \ printf "deb https://free.nchc.org.tw/debian bookworm main contrib non-free non-free-firmware\n\ deb https://free.nchc.org.tw/debian bookworm-updates main contrib non-free non-free-firmware\n\ deb https://security.debian.org/debian-security bookworm-security main contrib non-free non-free-firmware\n" > /etc/apt/sources.list && \ apt-get -o Acquire::https::Verify-Peer=false update && \ apt-get install -y --no-install-recommends -o Acquire::https::Verify-Peer=false \ ca-certificates \ curl \ gnupg \ gnupg2 && \ apt-get update && apt-get install -y --no-install-recommends \ lsb-release \ libfreetype6-dev \ libjpeg62-turbo-dev \ libpng-dev \ libgmp-dev \ libxml2-dev \ libcurl4-gnutls-dev \ libmariadb-dev-compat \ libmariadb-dev \ libpq-dev \ libsqlite3-dev \ unixodbc-dev \ libmemcached-dev \ zlib1g-dev \ && rm -rf /var/lib/apt/lists/* # 2. 安裝微軟 ODBC Driver for SQL Server RUN curl -fsSL https://packages.microsoft.com/keys/microsoft.asc \ | gpg --dearmor -o /usr/share/keyrings/microsoft-prod.gpg \ && echo "deb [arch=amd64,arm64 signed-by=/usr/share/keyrings/microsoft-prod.gpg] https://packages.microsoft.com/debian/12/prod bookworm main" \ > /etc/apt/sources.list.d/mssql-release.list \ && apt-get update && ACCEPT_EULA=Y apt-get install -y --no-install-recommends \ msodbcsql18 \ mssql-tools18 \ && rm -rf /var/lib/apt/lists/* ENV PATH="$PATH:/opt/mssql-tools18/bin" # 3. 安裝 PHP 內建擴充 RUN docker-php-ext-configure gd --with-freetype --with-jpeg \ && docker-php-ext-configure gmp \ && docker-php-ext-install -j"$(nproc)" \ gd exif gmp mysqli pdo_mysql pdo_pgsql pgsql pdo_sqlite opcache # 4. 安裝 PECL 擴充 (xmlrpc, sqlsrv, pdo_sqlsrv, memcached) RUN pecl install channel://pecl.php.net/xmlrpc-1.0.0RC3 \ && pecl install sqlsrv pdo_sqlsrv \ && pecl install memcached \ && docker-php-ext-enable xmlrpc sqlsrv pdo_sqlsrv memcached # 5. SQL Server TLS workaround (修正舊版 SQL Server 連線問題) RUN echo 'openssl_conf = default_conf' > /etc/ssl/openssl_custom.cnf \ && echo '[default_conf]' >> /etc/ssl/openssl_custom.cnf \ && echo 'ssl_conf = ssl_sect' >> /etc/ssl/openssl_custom.cnf \ && echo '[ssl_sect]' >> /etc/ssl/openssl_custom.cnf \ && echo 'system_default = system_default_sect' >> /etc/ssl/openssl_custom.cnf \ && echo '[system_default_sect]' >> /etc/ssl/openssl_custom.cnf \ && echo 'CipherString = DEFAULT@SECLEVEL=0' >> /etc/ssl/openssl_custom.cnf \ && echo 'Options = UnsafeLegacyRenegotiation' >> /etc/ssl/openssl_custom.cnf ENV OPENSSL_CONF=/etc/ssl/openssl_custom.cnf # 6. 設定 Apache Log 獨立目錄 (不在 /var/www/html 內) RUN mkdir -p /var/log/apache2/custom && chown -R www-data:www-data /var/log/apache2/custom # 修改 Apache 預設站台設定,指向自定義 Log 路徑 RUN sed -i 's|${APACHE_LOG_DIR}/access.log|/var/log/apache2/custom/access.log|g' /etc/apache2/sites-available/000-default.conf && \ sed -i 's|${APACHE_LOG_DIR}/error.log|/var/log/apache2/custom/error.log|g' /etc/apache2/sites-available/000-default.conf WORKDIR /var/www/html # 啟用 Apache Rewrite 模組 RUN a2enmod rewrite