cli/.core/linuxkit/server-php.yml

# PHP/FrankenPHP Server Template
# A minimal production-ready PHP server with FrankenPHP and Caddy
#
# Variables:
#   ${SSH_KEY}              - SSH public key for management access (required)
#   ${MEMORY:-512}          - Memory in MB (default: 512)
#   ${CPUS:-1}              - Number of CPUs (default: 1)
#   ${HOSTNAME:-php-server} - Hostname for the VM
#   ${APP_NAME:-app}        - Application name
#   ${DOMAIN:-localhost}    - Domain for SSL certificates
#   ${PHP_MEMORY:-128M}     - PHP memory limit

kernel:
  image: linuxkit/kernel:6.6.13
  cmdline: "console=tty0 console=ttyS0"

init:
  - linuxkit/init:v1.2.0
  - linuxkit/runc:v1.1.12
  - linuxkit/containerd:v1.7.13
  - linuxkit/ca-certificates:v1.0.0

onboot:
  - name: sysctl
    image: linuxkit/sysctl:v1.0.0
  - name: dhcpcd
    image: linuxkit/dhcpcd:v1.0.0
    command: ["/sbin/dhcpcd", "--nobackground", "-f", "/dhcpcd.conf", "-1"]

services:
  - name: sshd
    image: linuxkit/sshd:v1.2.0
    binds:
      - /etc/ssh/authorized_keys:/root/.ssh/authorized_keys

  - name: frankenphp
    image: dunglas/frankenphp:latest
    capabilities:
      - CAP_NET_BIND_SERVICE
    net: host
    binds:
      - /app:/app
      - /data:/data
      - /etc/caddy/Caddyfile:/etc/caddy/Caddyfile
    env:
      - SERVER_NAME=${DOMAIN:-localhost}
      - FRANKENPHP_CONFIG=/etc/caddy/Caddyfile
    command:
      - frankenphp
      - run
      - --config
      - /etc/caddy/Caddyfile

  - name: healthcheck
    image: alpine:3.19
    net: host
    command:
      - /bin/sh
      - -c
      - |
        apk add --no-cache curl
        while true; do
          sleep 30
          curl -sf http://localhost/health || echo "Health check failed"
        done

files:
  - path: /etc/hostname
    contents: "${HOSTNAME:-php-server}"
  - path: /etc/ssh/authorized_keys
    contents: "${SSH_KEY}"
    mode: "0600"
  - path: /etc/caddy/Caddyfile
    contents: |
      {
        frankenphp
        order php_server before file_server
      }

      ${DOMAIN:-localhost} {
        root * /app/public

        # Health check endpoint
        handle /health {
          respond "OK" 200
        }

        # PHP handling
        php_server

        # Encode responses
        encode zstd gzip

        # Security headers
        header {
          X-Content-Type-Options nosniff
          X-Frame-Options DENY
          X-XSS-Protection "1; mode=block"
          Referrer-Policy strict-origin-when-cross-origin
        }

        # Logging
        log {
          output file /data/logs/access.log
          format json
        }
      }
    mode: "0644"
  - path: /app/public/index.php
    contents: |
      <?php
      echo "Welcome to ${APP_NAME:-app}";
    mode: "0644"
  - path: /app/public/health.php
    contents: |
      <?php
      header('Content-Type: application/json');
      echo json_encode([
          'status' => 'healthy',
          'app' => '${APP_NAME:-app}',
          'timestamp' => date('c'),
          'php_version' => PHP_VERSION,
      ]);
    mode: "0644"
  - path: /etc/php/php.ini
    contents: |
      memory_limit = ${PHP_MEMORY:-128M}
      max_execution_time = 30
      upload_max_filesize = 64M
      post_max_size = 64M
      display_errors = Off
      log_errors = On
      error_log = /data/logs/php_errors.log
    mode: "0644"
  - path: /data/logs/.gitkeep
    contents: ""

trust:
  org:
    - linuxkit
    - library
    - dunglas
feat(container): add LinuxKit YAML templates with variable substitution Templates: - core-dev: Development environment (Go, Node, PHP, Docker-in-LinuxKit) - server-php: Production FrankenPHP server with Caddy Features: - Variable substitution: ${VAR} (required), ${VAR:-default} (optional) - Template listing, viewing, and variable extraction - Run directly from template: core run --template <name> CLI commands: - core templates - list available templates - core templates show <name> - display template - core templates vars <name> - show variables - core run --template <name> --var KEY=value Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> 2026-01-28 18:59:45 +00:00			`# PHP/FrankenPHP Server Template`
			`# A minimal production-ready PHP server with FrankenPHP and Caddy`
			`#`
			`# Variables:`
			`# ${SSH_KEY} - SSH public key for management access (required)`
			`# ${MEMORY:-512} - Memory in MB (default: 512)`
			`# ${CPUS:-1} - Number of CPUs (default: 1)`
			`# ${HOSTNAME:-php-server} - Hostname for the VM`
			`# ${APP_NAME:-app} - Application name`
			`# ${DOMAIN:-localhost} - Domain for SSL certificates`
			`# ${PHP_MEMORY:-128M} - PHP memory limit`

			`kernel:`
			`image: linuxkit/kernel:6.6.13`
			`cmdline: "console=tty0 console=ttyS0"`

			`init:`
			`- linuxkit/init:v1.2.0`
			`- linuxkit/runc:v1.1.12`
			`- linuxkit/containerd:v1.7.13`
			`- linuxkit/ca-certificates:v1.0.0`

			`onboot:`
			`- name: sysctl`
			`image: linuxkit/sysctl:v1.0.0`
			`- name: dhcpcd`
			`image: linuxkit/dhcpcd:v1.0.0`
			`command: ["/sbin/dhcpcd", "--nobackground", "-f", "/dhcpcd.conf", "-1"]`

			`services:`
			`- name: sshd`
			`image: linuxkit/sshd:v1.2.0`
			`binds:`
			`- /etc/ssh/authorized_keys:/root/.ssh/authorized_keys`

			`- name: frankenphp`
			`image: dunglas/frankenphp:latest`
			`capabilities:`
			`- CAP_NET_BIND_SERVICE`
			`net: host`
			`binds:`
			`- /app:/app`
			`- /data:/data`
			`- /etc/caddy/Caddyfile:/etc/caddy/Caddyfile`
			`env:`
			`- SERVER_NAME=${DOMAIN:-localhost}`
			`- FRANKENPHP_CONFIG=/etc/caddy/Caddyfile`
			`command:`
			`- frankenphp`
			`- run`
			`- --config`
			`- /etc/caddy/Caddyfile`

			`- name: healthcheck`
			`image: alpine:3.19`
			`net: host`
			`command:`
			`- /bin/sh`
			`- -c`
			`- \|`
			`apk add --no-cache curl`
			`while true; do`
			`sleep 30`
			`curl -sf http://localhost/health \|\| echo "Health check failed"`
			`done`

			`files:`
			`- path: /etc/hostname`
			`contents: "${HOSTNAME:-php-server}"`
			`- path: /etc/ssh/authorized_keys`
			`contents: "${SSH_KEY}"`
			`mode: "0600"`
			`- path: /etc/caddy/Caddyfile`
			`contents: \|`
			`{`
			`frankenphp`
			`order php_server before file_server`
			`}`

			`${DOMAIN:-localhost} {`
			`root * /app/public`

			`# Health check endpoint`
			`handle /health {`
			`respond "OK" 200`
			`}`

			`# PHP handling`
			`php_server`

			`# Encode responses`
			`encode zstd gzip`

			`# Security headers`
			`header {`
			`X-Content-Type-Options nosniff`
			`X-Frame-Options DENY`
			`X-XSS-Protection "1; mode=block"`
			`Referrer-Policy strict-origin-when-cross-origin`
			`}`

			`# Logging`
			`log {`
			`output file /data/logs/access.log`
			`format json`
			`}`
			`}`
			`mode: "0644"`
			`- path: /app/public/index.php`
			`contents: \|`
			`<?php`
			`echo "Welcome to ${APP_NAME:-app}";`
			`mode: "0644"`
			`- path: /app/public/health.php`
			`contents: \|`
			`<?php`
			`header('Content-Type: application/json');`
			`echo json_encode([`
			`'status' => 'healthy',`
			`'app' => '${APP_NAME:-app}',`
			`'timestamp' => date('c'),`
			`'php_version' => PHP_VERSION,`
			`]);`
			`mode: "0644"`
			`- path: /etc/php/php.ini`
			`contents: \|`
			`memory_limit = ${PHP_MEMORY:-128M}`
			`max_execution_time = 30`
			`upload_max_filesize = 64M`
			`post_max_size = 64M`
			`display_errors = Off`
			`log_errors = On`
			`error_log = /data/logs/php_errors.log`
			`mode: "0644"`
			`- path: /data/logs/.gitkeep`
			`contents: ""`

			`trust:`
			`org:`
			`- linuxkit`
			`- library`
			`- dunglas`