修復正式機 sysctl 權限錯誤：移除 setcap，PHP 改用 port 8080 搭配 Nginx proxy

docker/8.5/Dockerfile

@@ -11,7 +11,7 @@ WORKDIR /var/www/html
 
 ENV DEBIAN_FRONTEND=noninteractive
 ENV TZ=UTC
-ENV SUPERVISOR_PHP_COMMAND="/usr/bin/php -d variables_order=EGPCS /var/www/html/artisan serve --host=0.0.0.0 --port=80"
+ENV SUPERVISOR_PHP_COMMAND="/usr/bin/php -d variables_order=EGPCS /var/www/html/artisan serve --host=0.0.0.0 --port=8080"
 ENV SUPERVISOR_PHP_USER="sail"
 ENV PLAYWRIGHT_BROWSERS_PATH=0
 
@@ -28,32 +28,32 @@ RUN apt-get update && apt-get upgrade -y \
     && echo "deb [signed-by=/etc/apt/keyrings/ppa_ondrej_php.gpg] https://ppa.launchpadcontent.net/ondrej/php/ubuntu noble main" > /etc/apt/sources.list.d/ppa_ondrej_php.list \
     && apt-get update \
     && apt-get install -y \
-        libgd3 \
+    libgd3 \
-        php8.5-cli \
+    php8.5-cli \
-        php8.5-dev \
+    php8.5-dev \
-        php8.5-pgsql \
+    php8.5-pgsql \
-        php8.5-sqlite3 \
+    php8.5-sqlite3 \
-        php8.5-gd \
+    php8.5-gd \
-        php8.5-curl \
+    php8.5-curl \
-        php8.5-mongodb \
+    php8.5-mongodb \
-        php8.5-imap \
+    php8.5-imap \
-        php8.5-mysql \
+    php8.5-mysql \
-        php8.5-mbstring \
+    php8.5-mbstring \
-        php8.5-xml \
+    php8.5-xml \
-        php8.5-zip \
+    php8.5-zip \
-        php8.5-bcmath \
+    php8.5-bcmath \
-        php8.5-soap \
+    php8.5-soap \
-        php8.5-intl \
+    php8.5-intl \
-        php8.5-readline \
+    php8.5-readline \
-        php8.5-ldap \
+    php8.5-ldap \
-        php8.5-msgpack \
+    php8.5-msgpack \
-        php8.5-igbinary \
+    php8.5-igbinary \
-        php8.5-redis \
+    php8.5-redis \
-        #php8.5-swoole \
+    #php8.5-swoole \
-        php8.5-memcached \
+    php8.5-memcached \
-        php8.5-pcov \
+    php8.5-pcov \
-        php8.5-imagick \
+    php8.5-imagick \
-        php8.5-xdebug \
+    php8.5-xdebug \
     && curl -sLS https://getcomposer.org/installer | php -- --install-dir=/usr/bin/ --filename=composer \
     && curl -fsSL https://deb.nodesource.com/gpgkey/nodesource-repo.gpg.key | gpg --dearmor -o /etc/apt/keyrings/nodesource.gpg \
     && echo "deb [signed-by=/etc/apt/keyrings/nodesource.gpg] https://deb.nodesource.com/node_$NODE_VERSION.x nodistro main" > /etc/apt/sources.list.d/nodesource.list \
@@ -75,7 +75,7 @@ RUN apt-get update && apt-get upgrade -y \
     && apt-get clean \
     && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*
 
-RUN setcap "cap_net_bind_service=+ep" /usr/bin/php8.5
+# setcap 已移除：正式機核心不允許 sysctl 設定，改用高位 port 8080 搭配 Nginx proxy
 
 RUN userdel -r ubuntu
 RUN groupadd --force -g $WWWGROUP sail
@@ -87,6 +87,6 @@ COPY supervisord.conf /etc/supervisor/conf.d/supervisord.conf
 COPY php.ini /etc/php/8.5/cli/conf.d/99-sail.ini
 RUN chmod +x /usr/local/bin/start-container
 
-EXPOSE 80/tcp
+EXPOSE 8080/tcp
 
 ENTRYPOINT ["start-container"]

nginx/demo-proxy.conf

@@ -4,7 +4,7 @@ server {
     server_name _;
 
     location / {
-        proxy_pass http://star-erp-laravel:80;
+        proxy_pass http://star-erp-laravel:8080;
         proxy_set_header Host star-erp.demo;
         proxy_set_header X-Real-IP $remote_addr;
         proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
@@ -19,7 +19,7 @@ server {
     server_name _;
 
     location / {
-        proxy_pass http://star-erp-laravel:80;
+        proxy_pass http://star-erp-laravel:8080;
         proxy_set_header Host $host;
         proxy_set_header X-Real-IP $remote_addr;
         proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

nginx/prod-proxy.conf

@@ -12,7 +12,7 @@ server {
     server_name erp.koori.tw erp.mamaiclub.com;
 
     location / {
-        proxy_pass http://star-erp-laravel:80;
+        proxy_pass http://star-erp-laravel:8080;
         proxy_set_header Host $host;
         proxy_set_header X-Real-IP $remote_addr;
         proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;