๐ณ Production-ready Docker images for PHP. Optimized for Laravel, WordPress, and more!
Home Page: https://serversideup.net/open-source/docker-php/
License: GNU General Public License v3.0
In certain cloud deployment scenarios, all of the environment is set on the hosting site (e.g. Azure App Service) so that the .env is empty / not needed. The following unfortunately relies on .env existing and being used.
Optimally the correct precedence should be used (i.e. what phpdotenv also uses). Maybe check if environment variable exists and use it if it does, if not check if .env exists and source it, if it does.
Docker's build context in this example should be placed in a sub directory, lets say ./.docker/ to reduce context size for building custom images, unless you want to copy all your files in webroot folder to your build context.
Including too many assets in the build context can become a performance drain.
Line 285 in d76db02
beta-8.1-fpm-nginx
When I attempt to bring up my containers, and APP_ENV = production, I receive the following error message:
s6-rc: fatal: timed out
s6-svlisten1: fatal: timed out
/run/s6/basedir/scripts/rc.init: warning: s6-rc failed to properly bring all the services up! Check your logs (in /run/uncaught-logs/current if you have in-container logging) for more information.
prog: fatal: stopping the container.
[04-Oct-2022 14:25:03] NOTICE: Terminating ...
[04-Oct-2022 14:25:03] NOTICE: exiting, bye-bye!
The containers should spin up without any errors.
Mac OS 11.6.8
Client:
Cloud integration: v1.0.29
Version: 20.10.17
API version: 1.41
Go version: go1.17.11
Git commit: 100c701
Built: Mon Jun 6 23:04:45 2022
OS/Arch: darwin/amd64
Context: default
Experimental: true
Server: Docker Desktop 4.12.0 (85629)
Engine:
Version: 20.10.17
API version: 1.41 (minimum version 1.12)
Go version: go1.17.11
Git commit: a89b842
Built: Mon Jun 6 23:01:23 2022
OS/Arch: linux/amd64
Experimental: false
containerd:
Version: 1.6.8
GitCommit: 9cd3357b7fd7218e4aec3eae239db1f68a5a6ec6
runc:
Version: 1.1.4
GitCommit: v1.1.4-0-g5fd4c4d
docker-init:
Version: 0.19.0
GitCommit: de40ad0
### Anything else?
This could possibly be related to the Laravel automation script not exiting correctly.
php8.2-redis had to be removed in order to build the 8.2 images.
PHP-Redis should be supported by default in our 8.2 images
php8.2-redis to the packages file (https://github.com/serversideup/docker-php/blob/dev/src/cli/php-version-packages/8.2.txt)Ubuntu 22.04
N/ANo response
Seeing
You may be interested in https://github.com/szepeviktor/debian-server-tools/blob/master/webserver/apache-conf-available/wordpress.inc.conf
I couldn't find info on how fpm containers will read .php files.
I'm getting Bash warnings after I set the Locale.
bash: warning: setlocale: LC_ALL: cannot change locale (en_US.UTF-8)
Accessing the service over exposed port from host results in 404 file not found error, regardless of files present in the docker containers /var/www/html/ directory.
Accessing the service over exposed port from host should serve files present in the docker containers /var/www/html/ directory.
version: '3.7'
services:
php:
image: serversideup/php:7.4-fpm-nginx
restart: always
ports:
- "8023:80"
- "8448:443"
volumes:
- ./public/:/var/www/html/
docker compose up --build ./public/:/var/www/html/ and access via https://localhost:8448Expected result = 200 phpinfo() output
Actual result = 404 file not found
Screenshot of 404 response served by container:
Screenshot of file present in the container /var/www/html/ directory
Windows 10
Client:
Cloud integration: v1.0.22
Version: 20.10.12
API version: 1.41
Go version: go1.16.12
Git commit: e91ed57
Built: Mon Dec 13 11:44:07 2021
OS/Arch: windows/amd64
Context: default
Experimental: true
Server: Docker Desktop 4.5.1 (74721)
Engine:
Version: 20.10.12
API version: 1.41 (minimum version 1.12)
Go version: go1.16.12
Git commit: 459d0df
Built: Mon Dec 13 11:43:56 2021
OS/Arch: linux/amd64
Experimental: false
containerd:
Version: 1.4.12
GitCommit: 7b11cfaabd73bb80907dd23182b9347b4245eb5d
runc:
Version: 1.0.2
GitCommit: v1.0.2-0-g52b36a2
docker-init:
Version: 0.19.0
GitCommit: de40ad0
### Anything else?
_No response_
An average WordPress installation will see 3ร - 10ร speedup with OPcache.validate_timestamps = 0 and Redis object cache.
Reasons
Please consider adding Redis as default. (I do that)
Right now, SSL is automatically generated: https://github.com/serversideup/docker-php/blob/main/templates/fpm-nginx/etc/cont-init.d/10-generate-ssl
There should be an option to disable the SSL auto-generation.
All
AllNo response
Here are the packages that we are currently using:
php7.4-cli
php7.4-common
php7.4-curl
php7.4-fpm
php7.4-gd
php7.4-json
php7.4-mbstring
php7.4-mysql
php7.4-soap
php7.4-sqlite3
php7.4-xml
php7.4-zip
These are very different from what PHPDocker.io are using:
php7.4-apcu
php7.4-apcu-bc
php7.4-cli
php7.4-curl
php7.4-json
php7.4-mbstring
php7.4-opcache
php7.4-readline
php7.4-xml
php7.4-zip
Here's a diff (ours left, theirs right)
I would like to make these images as small as possible.
*-fpm-nginx
When an OPTIONS request is made to a URL NOT ending in .php, a "405 Method Not Allowed" is returned.
When making an OPTIONS request, it should return a "200".
cores-issue branch for latest code: https://github.com/jaydrogers/docker-php-test-app/tree/cors-issuedocker compose up to bring up the containershttp://localhostResult is 405.
http://localhost/index.phpResult is 200.
N/A
N/AThis issue was originally reported by @zigazajc007 via Discord.
It seems these might be quite "hacky". Would love to open this up to the community for further discussion on a stable solution.
This could potentially be a resource: just-containers/s6-overlay#87
latestlatest as well as version numbers (so people have more control)Here is a good example: https://github.com/jauderho/dockerfiles/blob/main/.github/workflows/cloudflared.yml
Get:1 http://security.ubuntu.com/ubuntu focal-security InRelease [114 kB]
Get:2 http://ppa.launchpad.net/ondrej/php/ubuntu focal InRelease [23.9 kB]
Get:3 http://archive.ubuntu.com/ubuntu focal InRelease [265 kB]
Get:4 http://ppa.launchpad.net/ondrej/php/ubuntu focal/main amd64 Packages [158 kB]
Get:5 http://archive.ubuntu.com/ubuntu focal-updates InRelease [114 kB]
Get:6 http://archive.ubuntu.com/ubuntu focal-backports InRelease [101 kB]
Get:7 http://archive.ubuntu.com/ubuntu focal/main amd64 Packages [1275 kB]
Get:8 http://archive.ubuntu.com/ubuntu focal/universe amd64 Packages [11.3 MB]
Get:9 http://archive.ubuntu.com/ubuntu focal/restricted amd64 Packages [33.4 kB]
Get:10 http://archive.ubuntu.com/ubuntu focal/multiverse amd64 Packages [177 kB]
Reading package lists...
E: Release file for http://security.ubuntu.com/ubuntu/dists/focal-security/InRelease is not valid yet (invalid for another 2d 0h 29min 13s). Updates for this repository will not be applied.
E: Release file for http://archive.ubuntu.com/ubuntu/dists/focal-updates/InRelease is not valid yet (invalid for another 2d 0h 29min 38s). Updates for this repository will not be applied.
E: Release file for http://archive.ubuntu.com/ubuntu/dists/focal-backports/InRelease is not valid yet (invalid for another 2d 0h 30min 19s). Updates for this repository will not be applied.
error building at STEP "RUN apt-get update && echo "Install requirements..." && apt-get -y --no-install-recommends install msmtp msmtp-mta nginx && echo "Fixing permissions issues on the webroot..." && chown -R webuser:webgroup /var/www/html/ && echo "Clean up after ourselves..." && apt-get clean && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* /usr/share/doc/* /var/www/html/*": error while running runtime: exit status 100
ERRO[0045] exit status 100
For each PHP version, I am thinking of having 3 versions:
Each image will depend on eachother, just like phpdocker-io (Dependency looks like: CLI < FPM < FPM-NGINX)
I'll need to update Github actions to:
latestHopefully I can do this without having a mile long Github actions file ๐
There will probably be a lot of people who will totally disagree with this methodology, but I really do like having the entire app in one container for exact reference points for the app (see this https://www.reddit.com/r/kubernetes/comments/f68s3z/what_is_the_best_way_to_deploy_laravel_in/fi3lsuq)
This methodology was also used in @fideloper's Shipping Docker course, which I really liked.
Offering the other images in this dependency structure should still give people the option to use what they need.
I will start organizing this and am open to any other comments/feedback.
serversideup/php:-
When using the current images (like serversideup/php:8.1-fpm-nginx) and you release a major upgrade with breaking changes, I will automatically be upgraded and my own images will stop working.
For the current images there should be the option to specify the image version, e.g. serversideup/php:8.1-fpm-nginx-v2.0.
So if you release a version 3.0 with breaking changes, my automatic build pipeline will not produce broken images. :-)
see above
any
anyThank you so much for your beautiful images.
Hey @szepeviktor,
Thanks again for all of your help and feedback on these images. I really like learning from developers who are much smarter than me ๐ค
If you have the time or interest, I would love to hear your feedback on what you think of these images.
If you have a PayPal (or whatever you use), we'd love to send a few bucks for your help. Just to be clear, it would probably be in the $50 to $100 USD ballpark, so don't spend hundreds of hours on this ๐
If we can keep your feedback in this single thread, then I can create issues for each item you come up with.
Thoughts?
If you're too busy... no problem! We totally get it. You had a lot of great feedback earlier, so I wanted to just let you know that I am in a good spot to actually make changes now that things are working.
Hope you are doing well!
I scanned the php:8.1-fpm-apache version and it said that there is a HIGH level vulnerability found.
Package: cryptsetup:2:2.2.2-3ubuntu2.3
Level: HIGH
Description: [disable encryption via header rewrite]
Please consider avoiding root (UID 0) and system users (UID 1-999) e.g. www-data.
Least privileges come with normal users.
Caching will be helpful because:
base_image (ubuntu:20.04)(notice we still need to build even if there are not updates for the base_image)
docker run ... /bin/bash -c "dpkg -l|shasum"Related comment: 26723e7#r48044607
dev branch deploys a serversideup/php-beta imagemainWhen i start container with command "su - webuser -c "php artisan queue:work --tries=3"" its not processing queue from redis with no errors.
Also it not processing when i run this command inside container.
But when i run command from root (without su - webuser -c) all work.
Laravel queue work with webuser
bitnami/redis:latest
serversideup/php:8.1-fpm-nginx
Laravel 9.5.1
predis: 1.1.9
Ubuntu-20.04-amd64
20.10.7No response
Are there any plans to add PHP 8.2 support?
Thanks in advance!
Originally posted by @nsaliu in #59 (comment)
As the title says, we're getting the screen filled up with this error in console when building a container with serversideup/php:8.1-fpm:
Host machine is a clean CentOS 7.6.1810 installation. We have Ubuntu based machines and we cannot reproduce it since it works properly.
s6-supervise php-fpm: warning: can't happen: timeout while the service is up!
This log is enormous and ends up weighing GBs.
This is the upper section of the log generated when building the container:
{"log":"[s6-init] making user provided files available at /var/run/s6/etc...exited 0.\n","stream":"stdout","time":"2022-09-21T09:22:54.234077611Z"}
{"log":"[s6-init] ensuring user provided files have correct perms...exited 0.\n","stream":"stdout","time":"2022-09-21T09:23:13.981158229Z"}
{"log":"[fix-attrs.d] applying ownership \u0026 permissions fixes...\n","stream":"stdout","time":"2022-09-21T09:23:14.515080141Z"}
{"log":"[fix-attrs.d] done.\n","stream":"stdout","time":"2022-09-21T09:23:15.016074619Z"}
{"log":"[cont-init.d] executing container initialization scripts...\n","stream":"stdout","time":"2022-09-21T09:23:15.709092034Z"}
{"log":"[cont-init.d] 10-generate-ssl: executing... \n","stream":"stdout","time":"2022-09-21T09:23:16.231078977Z"}
{"log":":candado_cerrado_con_llave: Generating a self-signed SSL certificate because one was not provided...\n","stream":"stdout","time":"2022-09-21T09:23:16.783900205Z"}
{"log":"Generating a RSA private key\n","stream":"stderr","time":"2022-09-21T09:23:16.909891846Z"}
{"log":"...............................................................................................................................................................................+++++\n","stream":"s
tderr","time":"2022-09-21T09:23:17.071584305Z"}
{"log":"........................................................................+++++\n","stream":"stderr","time":"2022-09-21T09:23:17.138873144Z"}
{"log":"writing new private key to '/etc/ssl/web/ssl.key'\n","stream":"stderr","time":"2022-09-21T09:23:17.139844063Z"}
{"log":"-----\n","stream":"stderr","time":"2022-09-21T09:23:17.139857295Z"}
{"log":"[cont-init.d] 10-generate-ssl: exited 0.\n","stream":"stdout","time":"2022-09-21T09:23:17.643062091Z"}
{"log":"[cont-init.d] 11-msmtp: executing... \n","stream":"stdout","time":"2022-09-21T09:23:18.228070886Z"}
{"log":"[cont-init.d] 11-msmtp: exited 0.\n","stream":"stdout","time":"2022-09-21T09:23:19.206105222Z"}
{"log":"[cont-init.d] 21-debug-apache2.j2: executing... \n","stream":"stdout","time":"2022-09-21T09:23:19.623105062Z"}
{"log":"[cont-init.d] 21-debug-apache2.j2: exited 0.\n","stream":"stdout","time":"2022-09-21T09:23:20.646149531Z"}
{"log":"[cont-init.d] 5-runas-user: executing... \n","stream":"stdout","time":"2022-09-21T09:23:21.225084191Z"}
{"log":"\n","stream":"stdout","time":"2022-09-21T09:23:21.93716779Z"}
{"log":"--------------------------------------------------------------------\n","stream":"stdout","time":"2022-09-21T09:23:21.937194013Z"}
{"log":" ____ ____ _ _ _ _\n","stream":"stdout","time":"2022-09-21T09:23:21.937197153Z"}
{"log":"/ ___| ___ _ ____ _____ _ __ / ___|(_) __| | ___ | | | |_ __\n","stream":"stdout","time":"2022-09-21T09:23:21.937199487Z"}
{"log":"\\___ \\ / _ \\ __\\ \\ / / _ \\ __| \\___ \\| |/ _` |/ _ \\ | | | | _ \\\n","stream":"stdout","time":"2022-09-21T09:23:21.937201797Z"}
{"log":" ___) | __/ | \\ V / __/ | ___) | | (_| | __/ | |_| | |_) |\n","stream":"stdout","time":"2022-09-21T09:23:21.937204411Z"}
{"log":"|____/ \\___|_| \\_/ \\___|_| |____/|_|\\__,_|\\___| \\___/| .__/\n","stream":"stdout","time":"2022-09-21T09:23:21.93720658Z"}
{"log":" |_|\n","stream":"stdout","time":"2022-09-21T09:23:21.937208919Z"}
{"log":"\n","stream":"stdout","time":"2022-09-21T09:23:21.937211125Z"}
{"log":"Brought to you by [serversideup.net](http://serversideup.net/)\n","stream":"stdout","time":"2022-09-21T09:23:21.937213043Z"}
{"log":"--------------------------------------------------------------------\n","stream":"stdout","time":"2022-09-21T09:23:21.937215042Z"}
{"log":"\n","stream":"stdout","time":"2022-09-21T09:23:21.937217086Z"}
{"log":"To support Server Side Up projects visit:\n","stream":"stdout","time":"2022-09-21T09:23:21.937219063Z"}
{"log":"https://serversideup.net/sponsor\n","stream":"stdout","time":"2022-09-21T09:23:21.937221395Z"}
{"log":"-------------------------------------\n","stream":"stdout","time":"2022-09-21T09:23:21.937223521Z"}
{"log":"GID/UID\n","stream":"stdout","time":"2022-09-21T09:23:21.93722552Z"}
{"log":"-------------------------------------\n","stream":"stdout","time":"2022-09-21T09:23:21.937227478Z"}
{"log":"\n","stream":"stdout","time":"2022-09-21T09:23:22.012490726Z"}
{"log":"User uid: 1000\n","stream":"stdout","time":"2022-09-21T09:23:22.012518251Z"}
{"log":"User gid: 9999\n","stream":"stdout","time":"2022-09-21T09:23:22.012520889Z"}
{"log":"-------------------------------------\n","stream":"stdout","time":"2022-09-21T09:23:22.012523196Z"}
{"log":"\n","stream":"stdout","time":"2022-09-21T09:23:22.012525479Z"}
{"log":"[cont-init.d] 5-runas-user: exited 0.\n","stream":"stdout","time":"2022-09-21T09:23:22.167058385Z"}
{"log":"[cont-init.d] 50-laravel-automations: executing... \n","stream":"stdout","time":"2022-09-21T09:23:22.65208468Z"}
{"log":":hombre_corriendo: Checking for Laravel automations...\n","stream":"stdout","time":"2022-09-21T09:23:23.410353582Z"}
{"log":":candado_cerrado_con_llave: Linking the storage...\n","stream":"stdout","time":"2022-09-21T09:23:23.410388868Z"}
{"log":"\n","stream":"stdout","time":"2022-09-21T09:23:24.286664555Z"}
{"log":" ERROR The [public/storage] link already exists. \n","stream":"stdout","time":"2022-09-21T09:23:24.286686122Z"}
{"log":"\n","stream":"stdout","time":"2022-09-21T09:23:24.286688967Z"}
{"log":"[cont-init.d] 50-laravel-automations: exited 0.\n","stream":"stdout","time":"2022-09-21T09:23:24.490162105Z"}
{"log":"[cont-init.d] done.\n","stream":"stdout","time":"2022-09-21T09:23:24.718093531Z"}
{"log":"[services.d] starting services\n","stream":"stdout","time":"2022-09-21T09:23:25.837054617Z"}
{"log":"s6-supervise apache2: warning: can't happen: timeout while the service is up!\n","stream":"stderr","time":"2022-09-21T09:23:26.506945651Z"}
{"log":"s6-supervise apache2: warning: can't happen: timeout while the service is up!\n","stream":"stderr","time":"2022-09-21T09:23:26.506963661Z"}
{"log":"s6-supervise apache2: warning: can't happen: timeout while the service is up!\n","stream":"stderr","time":"2022-09-21T09:23:26.506966296Z"}
And after that, the s6-supervise apache2: warning: can't happen: timeout while the service is up! is repeated beyond infinite.
We want to wake up a project based on Laravel 9.
Is there anything we're missing? Thank you in advance.
Just wake up the container normally, as we do in Ubuntu based host machines.
CentOS 7.6.1810 host machine, just trying to run docker-composer up --build, the error shows up on console
CentOS 7.6.1810
Docker 20.10
Docker-compose 1.29Thank you very much for your time and help!
The order in which nginx location directives are evaluated leads to this
being evaluated before this
docker-php/templates/fpm-nginx/etc/nginx/sites-available/default
Lines 32 to 41 in 4233993
This makes it impossible to define Laravel routes like livewire/livewire.js because they will always be seen as static assets. Same problem if the Laravel app servers other assets through its own routing.
It would be nice to have each image go through these steps:
Here's some code that was provided by Github for reference:
# Run tests.
# See also https://docs.docker.com/docker-hub/builds/automated-testing/
test:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- name: Run tests
run: |
if [ -f docker-compose.test.yml ]; then
docker-compose --file docker-compose.test.yml build
docker-compose --file docker-compose.test.yml run sut
else
docker build . --file Dockerfile
fi
Push image to GitHub Packages.
See also https://docs.docker.com/docker-hub/builds/https://hub.docker.com/r/serversideup/php ๐ฒ
Please consider adding a readme and show how images are built from each other. Ubuntu > cli > fpm > fpm-*
All
When there is a PHP error, they are not displaying.
PHP errors should display when the settings are configured to do so.
Follow reproduction steps here: https://github.com/jaydrogers/docker-php-test-app
All
N/ASee the discussion from Discord by @zigazajc007:
Giving advises gives Jay the false sense of security and robust operations.
In this tiny slice of running a web application any advise is misleading!
Digest: sha256:b4f9e18267eb98998f6130342baacaeb9553f136142d40959a1b46d6401f0f2b
Please consider caching the image digest and skip pushing if it matches.
I must say, I'm a heavy RaspberryPi user myself, and last time I checked, the Ubuntu images did not play well with ARM based system... Is it something that changed lately, multi arch images for ubuntu? If not, is there any reason why you don't use Alpine here?
Thanks to /u/Tontonsb on Reddit for this. See our discussion why this issue was created.
From /u/Tontonsb:
Now, why did the browsers remove the feature and why it was (and is) considered a vulnerability? Because it "protects" in a manner that the attacker can observe. Here's one of the attacks abusing it: https://portswigger.net/research/abusing-chromes-xss-auditor-to-steal-tokens
There is not a field on the GitHub issue template to specify what image the user is having issues with
Allow the user to enter the Docker Image they are having issues with.
Open an issue
N/A
N/ANo response
Many people think that Cloudflare will protect their web application.
Many people are happy that Cloudflare pays for their CDN bandwidth.
I think Cloudflare is a monster. Especially in their free plan. You loose control of many things.
I conclude Cloudflare is not for business. You should protect your web application, pay for a CDN, purchase an SSL certificate etc.
business meaning you have at least 1 employee in full-time job
Sub 1 employee "businesses" are actually fantasies: none of the above applies!
As users will not run anything but certain popular PHP stuff we could consider telling them how to deal with
fpm-apache and fpm-nginx images use Supervisor to bring things upmain (not dev)See this example: https://github.com/serversideup/docker-php/runs/2762400574?check_suite_focus=true#step:2:40
Docker suggests you to run 1 service per container.
- SSL termination - web server - PHP-FPM
\ SMTP server
If you want to run a monolith why not do it in an operating system and keep it as clean as a container?
As the title, ini_set() doesn't seem to work with php-fpm.
I tried confirming it with the following images:
<?php
echo ini_get('display_errors');
if (ini_get('display_errors')) {
ini_set('display_errors', '0');
} else {
ini_set('display_errors', '1');
}
echo ini_get('display_errors');Value of display_errors will change.
I have not changed any settings from your Docker images.
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
Django
The Web framework for perfectionists with deadlines.
Laravel
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
Microsoft
Open source projects and samples from Microsoft.
Google
Google โค๏ธ Open Source for everyone.
Alibaba
Alibaba Open Source for everyone
D3
Data-Driven Documents codes.
Tencent
China tencent open source team.