Closed alberto56 closed 2 years ago
In a two-container fpm-apache setup, if in ./sites/default/files/.htaccess I comment out the security-related lines, the image styles are properly generated:
...
# Set the catch-all handler to prevent scripts from being executed.
# SetHandler Drupal_Security_Do_Not_Remove_See_SA_2006_006
<Files *>
# Override the handler again if we're run later in the evaluation list.
# SetHandler Drupal_Security_Do_Not_Remove_See_SA_2013_003
</Files>
...
Note that in my setup that file exists in both the Drupal container and the Apache container, so it is changed in both containers. (Actually it is a volume shared by both containers)
Related:
Context
The FPM variant of the Drupal image is meant to be used with a reverse proxy. That is, the webserver is in a separate container from the Drupal code. The webserver then communicates with Drupal using TCP on port 9000.
The "php:-fpm" section of the Docker homepage for this image contains resources on how to use this.
Based on those resources and my own research, I have written the article PHP and Apache (or Nginx) in separate Docker containers using Docker Compose, March 25, 2022, Dcycle blog, which shows how to link the FPM tag of PHP with an Apache frontend.
I then tried to get this working with Drupal, and everything works perfectly except image styles.
Normally, Drupal image styles are generated only if they do not exist. Here is an example as per my understanding:
The problem
This works as expected with images which combine Apache and Drupal. However when using FPM, a request to /sites/default/files/styles/large/public/2022-03/kittens01.jpg, or indeed /sites/default/files/this/can/be/anything/that/does/not/exist, result in an Apache message to the effect that the file does not exist. Drupal is not called at all and does not have the opportunity to generate the image style.
To reproduce (example)
I maintain a project called Starterkit for a complete Drupal 9 site which I just converted to a two-container architecture (Drupal FPM, based on drupal:9-fpm).
You can see the issue by doing he following:
This will give you a result such as:
The port is random, yours will differ. Now you can run:
I have surmised that when we use a reverse proxy, Drupal's 'index.php' is never called when a non-existing file inside /sites/default/files/* is requested.
I think there is something "special" about the non-FPM version of the Drupal image, which causes /sites/default/files/whatever/whatever to call Drupal's main index.php file. And that does not happen in the FPM version of the Drupal image.
Consider the following project
Project structure:
web-files/subfolder/.htaccess
This is the same .htaccess which is Drupal's sites/default/files:
web-files/.htaccess
web-files/index.php
Hello World
docker-compose.yml
Here's we're creating a bunch of services, including a basic drupal:9-based service, which works fine, and a two-container setup.
Dockerfile-apache
php.apache.conf
Reproducing the issue
In the above folder, run:
Then you can visit:
In the case of http://0.0.0.0:8767/subfolder/a/b/c/, this is based on the image
drupal:9
which includes both Apache and Drupal, and the fact that we're seeing "Hello World" even though we're requesting the non-existing /subfolder/a/b/c/ is the desired behaviour because the base index.php file is being called (if this were a running Drupal site, it would allow Drupal to generate the image style).In the case of curl http://0.0.0.0:8766/subfolder/a/b/c, we get a "not found": the index.php file is never executed. This uses php:apache, not drupal:9, which causes me to believe that drupal:9 is doing something server-wise which php:apache is not doing. I have tried to figure out what this is (a conf file? something else?) and could not do it. I would be greatly appreciative of any guidance to figure out what is special about the drupal:9 image which causes /subfolder/a/b/c/ to load index.php.
Finally, the case of http://0.0.0.0:8765/subfolder/a/b/c showing not found is what I'm trying to fix. I would like that to load "Hello World", the same way drupal:9 does. (the 8765 port loads the httpd:alpine image which then communicates with the drupal:9-fpm-alpine service via TCP, and I would like http://0.0.0.0:8765/subfolder/a/b/c to work the same way http://0.0.0.0:8767/subfolder/a/b/c/ -- the single container solution -- does).
Thanks for any guidance on how to get image styles to generate on a setup where FPM and the Apache webserver are in different containers.