+FROM php:7.3-fpm
+RUN apt-get update && apt-get install -y \
+		libfreetype6-dev \
+		libjpeg62-turbo-dev \
+    libmcrypt-dev \
+		libpng-dev \
+		mysql-client \
+    zip \
+    libzip-dev && \
+		# docker-php-ext-install -j$(nproc) iconv && \
+		docker-php-ext-configure gd --with-freetype-dir=/usr/include/ --with-jpeg-dir=/usr/include/ && \
+		apt-get install -y imagemagick libmagickwand-dev && \
+    pecl install imagick && docker-php-ext-enable imagick && \
+		docker-php-ext-install -j$(nproc) gd && \
+		docker-php-ext-install pdo_mysql mysqli zip && \
+		docker-php-ext-install opcache && \
+		docker-php-ext-install bcmath && \
+		apt-get install -y git vim && \
+		pecl install redis-4.3.0 && \
+    pecl install xdebug-2.7.0 && \
+    docker-php-ext-enable redis xdebug mysqli
+RUN export COMPOSER_HOME=/usr/local/composer && \
+	    curl -sS \
+				| php -- --install-dir=/usr/local/bin --filename=composer && \
+			curl \
+				-L -o /usr/local/bin/drupal && \
+			chmod +x /usr/local/bin/drupal && \
+			curl \
+				-L -o /usr/local/bin/drush && \
+			chmod +x /usr/local/bin/drush
+RUN apt-get install -y curl && \
+		curl -sL | bash - && \
+		curl -sS | apt-key add - && \
+		echo "deb stable main" | tee /etc/apt/sources.list.d/yarn.list && \
+    apt-get update && \
+		apt-get install -y nodejs yarn

+; FPM Configuration ;
+; All relative paths in this configuration file are relative to PHP's install
+; prefix (/usr/local). This prefix can be dynamically changed by using the
+; '-p' argument from the command line.
+; Global Options ;
+; Pid file
+; Note: the default prefix is /usr/local/var
+; Default Value: none
+;pid = run/
+; Error log file
+; If it's set to "syslog", log is sent to syslogd instead of being written
+; into a local file.
+; Note: the default prefix is /usr/local/var
+; Default Value: log/php-fpm.log
+;error_log = log/php-fpm.log
+; syslog_facility is used to specify what type of program is logging the
+; message. This lets syslogd specify that messages from different facilities
+; will be handled differently.
+; See syslog(3) for possible values (ex daemon equiv LOG_DAEMON)
+; Default Value: daemon
+;syslog.facility = daemon
+; syslog_ident is prepended to every message. If you have multiple FPM
+; instances running on the same server, you can change the default value
+; which must suit common needs.
+; Default Value: php-fpm
+;syslog.ident = php-fpm
+; Log level
+; Possible Values: alert, error, warning, notice, debug
+; Default Value: notice
+;log_level = notice
+; Log limit on number of characters in the single line (log entry). If the
+; line is over the limit, it is wrapped on multiple lines. The limit is for
+; all logged characters including message prefix and suffix if present. However
+; the new line character does not count into it as it is present only when
+; logging to a file descriptor. It means the new line character is not present
+; when logging to syslog.
+; Default Value: 1024
+;log_limit = 4096
+; Log buffering specifies if the log line is buffered which means that the
+; line is written in a single write operation. If the value is false, then the
+; data is written directly into the file descriptor. It is an experimental
+; option that can potentionaly improve logging performance and memory usage
+; for some heavy logging scenarios. This option is ignored if logging to syslog
+; as it has to be always buffered.
+; Default value: yes
+;log_buffering = no
+; If this number of child processes exit with SIGSEGV or SIGBUS within the time
+; interval set by emergency_restart_interval then FPM will restart. A value
+; of '0' means 'Off'.
+; Default Value: 0
+;emergency_restart_threshold = 0
+; Interval of time used by emergency_restart_interval to determine when
+; a graceful restart will be initiated.  This can be useful to work around
+; accidental corruptions in an accelerator's shared memory.
+; Available Units: s(econds), m(inutes), h(ours), or d(ays)
+; Default Unit: seconds
+; Default Value: 0
+;emergency_restart_interval = 0
+; Time limit for child processes to wait for a reaction on signals from master.
+; Available units: s(econds), m(inutes), h(ours), or d(ays)
+; Default Unit: seconds
+; Default Value: 0
+;process_control_timeout = 0
+; The maximum number of processes FPM will fork. This has been designed to control
+; the global number of processes when using dynamic PM within a lot of pools.
+; Use it with caution.
+; Note: A value of 0 indicates no limit
+; Default Value: 0
+; process.max = 128
+; Specify the nice(2) priority to apply to the master process (only if set)
+; The value can vary from -19 (highest priority) to 20 (lowest priority)
+; Note: - It will only work if the FPM master process is launched as root
+;       - The pool process will inherit the master process priority
+;         unless specified otherwise
+; Default Value: no set
+; process.priority = -19
+; Send FPM to background. Set to 'no' to keep FPM in foreground for debugging.
+; Default Value: yes
+;daemonize = yes
+; Set open file descriptor rlimit for the master process.
+; Default Value: system defined value
+;rlimit_files = 1024
+; Set max core size rlimit for the master process.
+; Possible Values: 'unlimited' or an integer greater or equal to 0
+; Default Value: system defined value
+;rlimit_core = 0
+; Specify the event mechanism FPM will use. The following is available:
+; - select     (any POSIX os)
+; - poll       (any POSIX os)
+; - epoll      (linux >= 2.5.44)
+; - kqueue     (FreeBSD >= 4.1, OpenBSD >= 2.9, NetBSD >= 2.0)
+; - /dev/poll  (Solaris >= 7)
+; - port       (Solaris >= 10)
+; Default Value: not set (auto detection)
+;events.mechanism = epoll
+; When FPM is built with systemd integration, specify the interval,
+; in seconds, between health report notification to systemd.
+; Set to 0 to disable.
+; Available Units: s(econds), m(inutes), h(ours)
+; Default Unit: seconds
+; Default value: 10
+;systemd_interval = 10
+; Pool Definitions ;
+; Multiple pools of child processes may be started with different listening
+; ports and different management options.  The name of the pool will be
+; used in logs and stats. There is no limitation on the number of pools which
+; FPM can handle. Your system will tell you anyway :)
+; Include one or more files. If glob(3) exists, it is used to include a bunch of
+; files from a glob(3) pattern. This directive can be used everywhere in the
+; file.
+; Relative path can also be used. They will be prefixed by:
+;  - the global prefix if it's been set (-p argument)
+;  - /usr/local otherwise
+max_execution_time = 600
+max_input_time = 600
+memory_limit = 2500M
+post_max_size = 0
+upload_max_filesize = 256M

+# Docker LEMP
+|name|pulls|version|layers|image size|
+|[metowolf/php](|![Pulls Count](|![GitHub release (latest by date)](|![Layers](|![image size](|
+|[metowolf/nginx](|![Pulls Count](|![GitHub release (latest by date)](|![](|![](|
+|[mysql/mysql-server](|![Pulls Count](||![](|![](|
+|[metowolf/redis](|![Pulls Count](|![GitHub release (latest by date)](|![](|![](|
+|[phpmyadmin/phpmyadmin](|![Pulls Count](||![](|![](|
+## Requirements
+Install [Docker]( and [Compose](
+## Usage
+ 1. Clone docker-lemp inside your project
+git clone
+ 2. Enter the docker-lemp folder and rename .env.example to .env.
+cd docker-lemp
+cp .env.example .env
+cp docker-compose.example.yml docker-compose.yml
+ 3. Open your project’s .env file and set the following:
+ 4. Run your containers:
+docker-compose up -d
+### Running `QUIC`
+The following configuration file can be used as a starting point to enable HTTP/3 support:
+http {
+    server {
+        # Enable QUIC, HTTP/3 and HTTP/2 on both IPv4 and IPv6.
+        listen 443 ssl http2;
+        listen 443 quic;
+        listen [::]:443 ssl http2;
+        listen [::]:443 quic;
+        ssl_certificate      cert.crt;
+        ssl_certificate_key  cert.key;
+        # Add HSTS header
+        add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;
+        # Add Alt-Svc header to negotiate HTTP/3.
+        add_header alt-svc 'h3-23=":443"; ma=86400';
+        # Enable specific TLS versions (TLSv1 and TLSv1.1 are not longer saft, TLSv1.3 is required for QUIC).
+        ssl_protocols TLSv1.2 TLSv1.3;
+        ssl_prefer_server_ciphers on;
+        ssl_early_data on;
+    }
+## Running `brotli`
+ 1. Add the following lines into `nginx.conf` to load `brotli` module for your nginx server:
+load_module  modules/;
+load_module  modules/;
+ 2. Add the following lines into the configuration file of your sites to enable `brotli` feature:
+brotli on;
+brotli_comp_level 6;
+brotli_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript application/javascript image/svg+xml;
+## Generally Upgrade
+ 1. Modify project’s .env file.
+vim .env
+ 2. Rebuild containers:
+docker-compose up -d --no-deps --build
+## Upgrade to `Caddyless` version
+### Before `git pull`
+ 1. Rename conflicted file if exists:
+mv etc/nginx/nginx.conf etc/nginx/nginx.conf.bak
+### After `git pull`
+ 1. Modify project’s .env file.
+vim .env
+ 2. Move Nginx/MySQL/SSL configuration to new directory:
+# move nginx configuration
+mv etc/nginx/config/* etc/nginx/conf.d/
+# move MySQL configuration
+rm -fr etc/mysql && mkdir etc/mysql && mkdir etc/mysql/my.cnf.d
+mv etc/database/data etc/mysql && mv etc/database/config/* etc/mysql/my.cnf.d
+# move SSL configuration
+mv etc/ssl etc/nginx
+ 3. Rebuild containers and remove the `Caddy` container:
+docker-compose up -d --no-deps --build --remove-orphans

+version: '3.2'
+  nginx:
+    image: "${NGINX_VERSION}"
+    ports:
+      - 80:80
+      - 443:443
+    volumes:
+      - ./log/nginx:/var/log/nginx
+      - ./etc/nginx/nginx.conf:/etc/nginx/nginx.conf
+      - ./etc/nginx/conf.d:/etc/nginx/conf.d
+      - ./etc/nginx/ssl:/etc/nginx/ssl
+      - ./wwwroot:/var/www
+    environment:
+      ENABLE_CRONTAB: "true"
+      TZ: ${TZ}
+    restart: on-failure
+  php-fpm:
+    # image: "${PHP_VERSION}"
+    build: ./Docker/php-fpm/
+    volumes:
+      - ./etc/php-fpm/php-fpm.ini:/usr/local/etc/php-fpm.ini
+      # - ./etc/php-fpm/crontabs:/etc/crontabs
+      - ./wwwroot:/var/www
+    environment:
+      ENABLE_CRONTAB: "true"
+      TZ: ${TZ}
+    restart: on-failure
+  mysql:
+    image: "${MYSQL_VERSION}"
+    # command: --default-authentication-plugin=mysql_native_password
+    volumes:
+      # - ./etc/mysql/my.cnf:/etc/my.cnf
+      # - ./etc/mysql/my.cnf.d:/etc/my.cnf.d
+      - ./data/mysql/databases:/var/lib/mysql
+    environment:
+      MYSQL_ROOT_HOST: "%"
+      TZ: ${TZ}
+    restart: on-failure
+  phpmyadmin:
+    image: "${PMA_VERSION}"
+    ports:
+      - 8081:80
+    depends_on:
+      - mysql
+    environment:
+      PMA_HOST: mysql
+      TZ: ${TZ}
+    restart: on-failure
+  # redis:
+  #   image: "${REDIS_VERSION}"
+  #   volumes:
+  #     - ./data/redis/data:/data:rw
+  #   environment:
+  #     TZ: ${TZ}
+  #   restart: on-failure

+# from docker mysql/mysql-server:8.0.18
+# For advice on how to change settings please see
+# Remove leading # and set to the amount of RAM for the most important data
+# cache in MySQL. Start at 70% of total RAM for dedicated server, else 10%.
+# innodb_buffer_pool_size = 128M
+# Remove leading # to turn on a very important data integrity option: logging
+# changes to the binary log between backups.
+# log_bin
+# Remove leading # to set options mainly useful for reporting servers.
+# The server defaults are faster for transactions and fast SELECTs.
+# Adjust sizes as needed, experiment to find the optimal values.
+# join_buffer_size = 128M
+# sort_buffer_size = 2M
+# read_rnd_buffer_size = 2M
+# Remove leading # to revert to previous value for default_authentication_plugin,
+# this will increase compatibility with older clients. For background, see:
+# default-authentication-plugin=mysql_native_password

+server {
+    listen    80;
+    listen    443 ssl http2;
+    server_name    localhost;
+    root    /var/www/html/web;
+    index   index.php;
+    ssl_certificate     /etc/nginx/ssl/localhost.crt;
+    ssl_certificate_key /etc/nginx/ssl/localhost.key;
+    ssl_protocols TLSv1.2 TLSv1.3;
+    ssl_prefer_server_ciphers on;
+    ssl_early_data on;
+    location / {
+        try_files $uri $uri/ /index.php?$query_string;
+    }
+    location ~ \.php$ {
+        fastcgi_split_path_info ^(.+\.php)(/.+)$;
+        fastcgi_pass php-fpm:9000;
+        fastcgi_index index.php;
+        include fastcgi_params;
+        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
+        fastcgi_param PATH_INFO $fastcgi_path_info;
+    }

+# from docker metowolf/nginx:1.17.5
+user  nginx;
+worker_processes  auto;
+error_log  /var/log/nginx/error.log warn;
+pid        /var/run/;
+events {
+    worker_connections  1024;
+http {
+    include       /etc/nginx/mime.types;
+    default_type  application/octet-stream;
+    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
+                      '$status $body_bytes_sent "$http_referer" '
+                      '"$http_user_agent" "$http_x_forwarded_for"';
+    access_log  /var/log/nginx/access.log  main;
+    sendfile        on;
+    #tcp_nopush     on;
+    keepalive_timeout  65;
+    #gzip  on;
+    include /etc/nginx/conf.d/*.conf;

