/docker-php-fpm

Devilbox's PHP-FPM Docker Images

Primary LanguageRoffMIT LicenseMIT

PHP-FPM Docker images

Linting CI Nightly Travis Release Gitter Discourse License

This repository will provide you fully functional PHP-FPM Docker images in different flavours, versions and packed with different types of integrated PHP modules. It also solves the problem of syncronizing file permissions of mounted volumes between the host and the container.

Docker Hub Upstream Project

Base Images

Have a look at the following Devilbox base images for which no official versions exist yet, but are required to serve as a foundation for this repository:

Documentation

In case you seek help, go and visit the community pages.

devilbox.readthedocs.io gitter.im/devilbox devilbox.discourse.group

Table of Contents

  1. Motivation
    1. Unsynchronized permissions
    2. It gets even worse
    3. The solution
  2. PHP-FPM Flavours
    1. Assembly
    2. Available Images
    3. Tagging
    4. PHP Modules
  3. PHP-FPM Features
    1. Image: base
    2. Image: mods
    3. Image: prod
    4. Image: work
  4. PHP-FPM Options
    1. Environment variables
    2. Volumes
    3. Ports
  5. PHP Default Configuration
  6. Integrated Development Environment
    1. What toos can you expect
    2. What else is available
  7. Examples
    1. Provide PHP-FPM port to host
    2. Alter PHP-FPM and system timezone
    3. Load custom PHP configuration
    4. Load custom PHP modules
    5. MySQL connect via 127.0.0.1 (via port-forward)
    6. MySQL and Redis connect via 127.0.0.1 (via port-forward)
    7. Launch Postfix for mail-catching
    8. Webserver and PHP-FPM
    9. Create MySQL Backups
  8. Automated builds
  9. Contributing
  10. Credits
  11. License

Motivation

One main problem with a running Docker container is to synchronize the ownership of files in a mounted volume in order to preserve security (Not having to use chmod 0777).

Unsynchronized permissions

Consider the following directory structure of a mounted volume. Your hosts computer uid/gid are 1000 which does not have a corresponding user/group within the container. Fortunately the tmp/ directory allows everybody to create new files in it.

                  [Host]                   |             [Container]
------------------------------------------------------------------------------------------
 $ ls -l                                   | $ ls -l
 -rw-r--r-- user group index.php           | -rw-r--r-- 1000 1000 index.php
 drwxrwxrwx user group tmp/                | drwxrwxrwx 1000 1000 tmp/

Your web application might now have created some temporary files (via the PHP-FPM process) inside the tmp/ directory:

                  [Host]                   |             [Container]
------------------------------------------------------------------------------------------
 $ ls -l tmp/                              | $ ls -l tmp/
 -rw-r--r-- 96 96 _tmp_cache01.php         | -rw-r--r-- www www _tmp_cache01.php
 -rw-r--r-- 96 96 _tmp_cache02.php         | -rw-r--r-- www www _tmp_cache01.php

On the Docker container side everything is still fine, but on your host computers side, those files now show a user id and group id of 96, which is in fact the uid/gid of the PHP-FPM process running inside the container. On the host side you will now have to use sudo in order to delete/edit those files.

It gets even worse

Consider your had created the tmp/ directory on your host only with 0775 permissions:

                  [Host]                   |             [Container]
------------------------------------------------------------------------------------------
 $ ls -l                                   | $ ls -l
 -rw-r--r-- user group index.php           | -rw-r--r-- 1000 1000 index.php
 drwxrwxr-x user group tmp/                | drwxrwxr-x 1000 1000 tmp/

If your web application now wants to create some temporary files (via the PHP-FPM process) inside the tmp/ directory, it will fail due to lacking permissions.

The solution

To overcome this problem, it must be made sure that the PHP-FPM process inside the container runs under the same uid/gid as your local user that mouns the volumes and also wants to work on those files locally. However, you never know during Image build time what user id this would be. Therefore it must be something that can be changed during startup of the container.

This is achieved by two environment variables that can be provided during startup in order to change the uid/gid of the PHP-FPM user prior starting up PHP-FPM.

$ docker run -e NEW_UID=1000 -e NEW_GID=1000 -it devilbox/php-fpm:7.2-base
[INFO] Changing user 'devilbox' uid to: 1000
root $ usermod -u 1000 devilbox
[INFO] Changing group 'devilbox' gid to: 1000
root $ groupmod -g 1000 devilbox
[INFO] Starting PHP 7.2.0 (fpm-fcgi) (built: Oct 30 2017 12:05:19)

When NEW_UID and NEW_GID are provided to the startup command, the container will do a usermod and groupmod prior starting up in order to assign new uid/gid to the PHP-FPM user. When the PHP-FPM process finally starts up it actually runs with your local system user and making sure permissions will be in sync from now on.

At a minimum those two environment variables are offered by all flavours and types of the here provided PHP-FPM images.

Note:

To tackle this on the PHP-FPM side is only half a solution to the problem. The same applies to a web server Docker container when you offer file uploads. They will be uploaded and created by the web servers uid/gid. Therefore the web server itself must also provide the same kind of solution. See the following Web server Docker images for how this is done:

Apache 2.2 | Apache 2.4 | Nginx stable | Nginx mainline

PHP-FPM Flavours

Assembly

The provided Docker images heavily rely on inheritance to guarantee smallest possible image size. Each of them provide a working PHP-FPM server and you must decide what version works best for you. Look at the sketch below to get an overview about the two provided flavours and each of their different types.

        [PHP]            # Base FROM image (Official PHP-FPM image)
          ^              #
          |              #
          |              #
        [base]           # Introduces env variables and adjusts entrypoint
          ^              #
          |              #
          |              #
        [mods]           # Installs additional PHP modules
          ^              # via pecl, git and other means
          |              #
          |              #
        [prod]           # Devilbox flavour for production
          ^              # (locales, postifx, socat and injectables)
          |              # (custom modules and *.ini files)
          |              #
        [work]           # Devilbox flavour for local development
                         # (includes backup and development tools)
                         # (sudo, custom bash and tool configs)

Available Images

The following table shows a more complete overview about the offered Docker images and what they should be used for.

Type Docker Image Description
base devilbox/php-fpm:5.2-base
devilbox/php-fpm:5.3-base
devilbox/php-fpm:5.4-base
devilbox/php-fpm:5.5-base
devilbox/php-fpm:5.6-base
devilbox/php-fpm:7.0-base
devilbox/php-fpm:7.1-base
devilbox/php-fpm:7.2-base
devilbox/php-fpm:7.3-base
devilbox/php-fpm:7.4-base
devilbox/php-fpm:8.0-base
mods devilbox/php-fpm:5.2-mods
devilbox/php-fpm:5.3-mods
devilbox/php-fpm:5.4-mods
devilbox/php-fpm:5.5-mods
devilbox/php-fpm:5.6-mods
devilbox/php-fpm:7.0-mods
devilbox/php-fpm:7.1-mods
devilbox/php-fpm:7.2-mods
devilbox/php-fpm:7.3-mods
devilbox/php-fpm:7.4-mods
devilbox/php-fpm:8.0-mods
prod devilbox/php-fpm:5.2-prod
devilbox/php-fpm:5.3-prod
devilbox/php-fpm:5.4-prod
devilbox/php-fpm:5.5-prod
devilbox/php-fpm:5.6-prod
devilbox/php-fpm:7.0-prod
devilbox/php-fpm:7.1-prod
devilbox/php-fpm:7.2-prod
devilbox/php-fpm:7.3-prod
devilbox/php-fpm:7.4-prod
devilbox/php-fpm:8.0-prod
work devilbox/php-fpm:5.2-work
devilbox/php-fpm:5.3-work
devilbox/php-fpm:5.4-work
devilbox/php-fpm:5.5-work
devilbox/php-fpm:5.6-work
devilbox/php-fpm:7.0-work
devilbox/php-fpm:7.1-work
devilbox/php-fpm:7.2-work
devilbox/php-fpm:7.3-work
devilbox/php-fpm:7.4-work
devilbox/php-fpm:8.0-work

Tagging

This repository uses Docker tags to refer to different flavours and types of the PHP-FPM Docker image. Therefore :latest and :<git-branch-name> as well as :<git-tag-name> must be presented differently. Refer to the following table to see how tagged Docker images are produced at Docker hub:

Meant Tag Actual Tag Comment
:latest :X.Y-base
:X.Y-mods
:X.Y-prod
:X.Y-work
Stable
(rolling)

These tags are produced by the master branch of this repository.
:<git-tag-name> :X.Y-base-<git-tag-name>
:X.Y-mods-<git-tag-name>
:X.Y-prod-<git-tag-name>
:X.Y-work-<git-tag-name>
Stable
(fixed)

Every git tag will produce and preserve these Docker tags.
:<git-branch-name> :X.Y-base-<git-branch-name>
:X.Y-mods-<git-branch-name>
:X.Y-prod-<git-branch-name>
:X.Y-work-<git-branch-name>
Feature
(for testing)

Tags produced by unmerged branches. Do not rely on them as they might come and go.

PHP Modules

Check out this table to see which Docker image provides what PHP modules.

base mods, prod and work
5.2 ctype, curl, date, dom, filter, hash, iconv, json, libxml, mbstring, mysql, mysqli, openssl, pcre, PDO, pdo_mysql, pdo_sqlite, posix, readline, Reflection, session, SimpleXML, soap, SPL, SQLite, standard, tokenizer, xml, xmlreader, xmlwriter, zlib amqp, bcmath, bz2, calendar, ctype, curl, date, dba, dom, enchant, exif, fileinfo, filter, ftp, gd, gettext, hash, iconv, igbinary, imap, interbase, intl, ioncube, json, ldap, libxml, mbstring, mcrypt, memcache, memcached, mongo, msgpack, mysql, mysqli, OAuth, openssl, pcntl, pcre, PDO, pdo_dblib, PDO_Firebird, pdo_mysql, pdo_pgsql, pdo_sqlite, pgsql, Phar, posix, pspell, readline, recode, redis, Reflection, session, shmop, SimpleXML, snmp, soap, sockets, SPL, SQLite, standard, sysvmsg, sysvsem, sysvshm, tidy, tokenizer, uploadprogress, wddx, xdebug, xml, xmlreader, xmlrpc, xmlwriter, xsl, Zend OPcache, zip, zlib
5.3 Core, ctype, curl, date, dom, ereg, fileinfo, filter, hash, iconv, json, libxml, mysql, mysqlnd, openssl, pcre, PDO, pdo_sqlite, Phar, posix, readline, recode, Reflection, session, SimpleXML, SPL, SQLite, sqlite3, standard, tokenizer, xml, xmlreader, xmlwriter, zlib amqp, apc, apcu, bcmath, bz2, calendar, Core, ctype, curl, date, dba, dom, enchant, ereg, exif, fileinfo, filter, ftp, gd, gettext, gmp, hash, iconv, igbinary, imap, interbase, intl, ioncube, json, ldap, libxml, mbstring, mcrypt, memcache, memcached, mongo, mongodb, msgpack, mysql, mysqli, mysqlnd, OAuth, oci8, openssl, pcntl, pcre, PDO, pdo_dblib, PDO_Firebird, pdo_mysql, pdo_pgsql, pdo_sqlite, pgsql, phalcon, Phar, posix, pspell, rdkafka, readline, recode, redis, Reflection, session, shmop, SimpleXML, snmp, soap, sockets, SPL, SQLite, sqlite3, standard, swoole, sysvmsg, sysvsem, sysvshm, tidy, tokenizer, uploadprogress, wddx, xdebug, xml, xmlreader, xmlrpc, xmlwriter, xsl, Zend OPcache, zip, zlib
5.4 Core, ctype, curl, date, dom, ereg, fileinfo, filter, hash, iconv, json, libxml, mysqlnd, openssl, pcre, PDO, pdo_sqlite, Phar, posix, readline, recode, Reflection, session, SimpleXML, SPL, sqlite3, standard, tokenizer, xml, xmlreader, xmlwriter, zlib amqp, apc, apcu, bcmath, bz2, calendar, Core, ctype, curl, date, dba, dom, enchant, ereg, exif, fileinfo, filter, ftp, gd, gettext, gmp, hash, iconv, igbinary, imap, interbase, intl, ioncube, json, ldap, libxml, mbstring, mcrypt, memcache, memcached, mongo, mongodb, msgpack, mysql, mysqli, mysqlnd, OAuth, oci8, openssl, pcntl, pcre, PDO, pdo_dblib, PDO_Firebird, pdo_mysql, pdo_pgsql, pdo_sqlite, pgsql, phalcon, Phar, posix, pspell, rdkafka, readline, recode, redis, Reflection, session, shmop, SimpleXML, snmp, soap, sockets, SPL, sqlite3, standard, swoole, sysvmsg, sysvsem, sysvshm, tidy, tokenizer, uploadprogress, wddx, xdebug, xml, xmlreader, xmlrpc, xmlwriter, xsl, Zend OPcache, zip, zlib
5.5 Core, ctype, curl, date, dom, ereg, fileinfo, filter, ftp, hash, iconv, json, libxml, mbstring, mysqlnd, openssl, pcre, PDO, pdo_sqlite, Phar, posix, readline, Reflection, session, SimpleXML, SPL, sqlite3, standard, tokenizer, xml, xmlreader, xmlwriter, zlib amqp, apc, apcu, bcmath, bz2, calendar, Core, ctype, curl, date, dba, dom, enchant, ereg, exif, fileinfo, filter, ftp, gd, gettext, gmp, hash, iconv, igbinary, imap, interbase, intl, ioncube, json, ldap, libxml, mbstring, mcrypt, memcache, memcached, mongo, mongodb, msgpack, mysql, mysqli, mysqlnd, OAuth, oci8, openssl, pcntl, pcre, PDO, pdo_dblib, PDO_Firebird, pdo_mysql, pdo_pgsql, pdo_sqlite, pgsql, phalcon, Phar, posix, pspell, rdkafka, readline, recode, redis, Reflection, session, shmop, SimpleXML, snmp, soap, sockets, SPL, sqlite3, standard, swoole, sysvmsg, sysvsem, sysvshm, tidy, tokenizer, uploadprogress, wddx, xdebug, xml, xmlreader, xmlrpc, xmlwriter, xsl, Zend OPcache, zip, zlib
5.6 Core, ctype, curl, date, dom, ereg, fileinfo, filter, ftp, hash, iconv, json, libxml, mbstring, mhash, mysqlnd, openssl, pcre, PDO, pdo_sqlite, Phar, posix, readline, Reflection, session, SimpleXML, SPL, sqlite3, standard, tokenizer, xml, xmlreader, xmlwriter, zlib amqp, apc, apcu, bcmath, blackfire, bz2, calendar, Core, ctype, curl, date, dba, dom, enchant, ereg, exif, fileinfo, filter, ftp, gd, gettext, gmp, hash, iconv, igbinary, imagick, imap, interbase, intl, ioncube, json, ldap, libxml, mbstring, mcrypt, memcache, memcached, mhash, mongo, mongodb, msgpack, mysql, mysqli, mysqlnd, OAuth, oci8, openssl, pcntl, pcre, PDO, pdo_dblib, PDO_Firebird, pdo_mysql, pdo_pgsql, pdo_sqlite, pgsql, phalcon, Phar, posix, pspell, rdkafka, readline, recode, redis, Reflection, session, shmop, SimpleXML, snmp, soap, sockets, SPL, sqlite3, standard, swoole, sysvmsg, sysvsem, sysvshm, tidy, tokenizer, uploadprogress, wddx, xdebug, xml, xmlreader, xmlrpc, xmlwriter, xsl, Zend OPcache, zip, zlib
7.0 Core, ctype, curl, date, dom, fileinfo, filter, ftp, hash, iconv, json, libxml, mbstring, mysqlnd, openssl, pcre, PDO, pdo_sqlite, Phar, posix, readline, Reflection, session, SimpleXML, SPL, sqlite3, standard, tokenizer, xml, xmlreader, xmlwriter, zlib amqp, apcu, bcmath, blackfire, bz2, calendar, Core, ctype, curl, date, dba, dom, enchant, exif, fileinfo, filter, ftp, gd, gettext, gmp, hash, iconv, igbinary, imagick, imap, interbase, intl, ioncube, json, ldap, libxml, mbstring, mcrypt, memcache, memcached, mongodb, msgpack, mysqli, mysqlnd, OAuth, oci8, openssl, pcntl, pcre, PDO, pdo_dblib, PDO_Firebird, pdo_mysql, PDO_OCI, pdo_pgsql, pdo_sqlite, pdo_sqlsrv, pgsql, phalcon, Phar, posix, pspell, rdkafka, readline, recode, redis, Reflection, session, shmop, SimpleXML, snmp, soap, sockets, SPL, sqlite3, sqlsrv, standard, swoole, sysvmsg, sysvsem, sysvshm, tidy, tokenizer, uploadprogress, wddx, xdebug, xml, xmlreader, xmlrpc, xmlwriter, xsl, Zend OPcache, zip, zlib
7.1 Core, ctype, curl, date, dom, fileinfo, filter, ftp, hash, iconv, json, libxml, mbstring, mysqlnd, openssl, pcre, PDO, pdo_sqlite, Phar, posix, readline, Reflection, session, SimpleXML, SPL, sqlite3, standard, tokenizer, xml, xmlreader, xmlwriter, zlib amqp, apcu, bcmath, blackfire, bz2, calendar, Core, ctype, curl, date, dba, dom, enchant, exif, fileinfo, filter, ftp, gd, gettext, gmp, hash, iconv, igbinary, imagick, imap, interbase, intl, ioncube, json, ldap, libxml, mbstring, mcrypt, memcache, memcached, mongodb, msgpack, mysqli, mysqlnd, OAuth, oci8, openssl, pcntl, pcre, PDO, pdo_dblib, PDO_Firebird, pdo_mysql, PDO_OCI, pdo_pgsql, pdo_sqlite, pdo_sqlsrv, pgsql, phalcon, Phar, posix, pspell, rdkafka, readline, recode, redis, Reflection, session, shmop, SimpleXML, snmp, soap, sockets, SPL, sqlite3, sqlsrv, standard, swoole, sysvmsg, sysvsem, sysvshm, tidy, tokenizer, uploadprogress, wddx, xdebug, xml, xmlreader, xmlrpc, xmlwriter, xsl, Zend OPcache, zip, zlib
7.2 Core, ctype, curl, date, dom, fileinfo, filter, ftp, hash, iconv, json, libxml, mbstring, mysqlnd, openssl, pcre, PDO, pdo_sqlite, Phar, posix, readline, Reflection, session, SimpleXML, sodium, SPL, sqlite3, standard, tokenizer, xml, xmlreader, xmlwriter, zlib amqp, apcu, bcmath, blackfire, bz2, calendar, Core, ctype, curl, date, dba, dom, enchant, exif, fileinfo, filter, ftp, gd, gettext, gmp, hash, iconv, igbinary, imagick, imap, interbase, intl, ioncube, json, ldap, libxml, mbstring, mcrypt, memcache, memcached, mongodb, msgpack, mysqli, mysqlnd, OAuth, oci8, openssl, pcntl, pcre, PDO, pdo_dblib, PDO_Firebird, pdo_mysql, PDO_OCI, pdo_pgsql, pdo_sqlite, pdo_sqlsrv, pgsql, phalcon, Phar, posix, pspell, rdkafka, readline, recode, redis, Reflection, session, shmop, SimpleXML, snmp, soap, sockets, sodium, SPL, sqlite3, sqlsrv, standard, swoole, sysvmsg, sysvsem, sysvshm, tidy, tokenizer, uploadprogress, wddx, xdebug, xml, xmlreader, xmlrpc, xmlwriter, xsl, Zend OPcache, zip, zlib
7.3 Core, ctype, curl, date, dom, fileinfo, filter, ftp, hash, iconv, json, libxml, mbstring, mysqlnd, openssl, pcre, PDO, pdo_sqlite, Phar, posix, readline, Reflection, session, SimpleXML, sodium, SPL, sqlite3, standard, tokenizer, xml, xmlreader, xmlwriter, zlib amqp, apcu, bcmath, blackfire, bz2, calendar, Core, ctype, curl, date, dba, dom, enchant, exif, fileinfo, filter, ftp, gd, gettext, gmp, hash, iconv, igbinary, imagick, imap, interbase, intl, ioncube, json, ldap, libxml, mbstring, mcrypt, memcached, mongodb, msgpack, mysqli, mysqlnd, OAuth, oci8, openssl, pcntl, pcre, PDO, pdo_dblib, PDO_Firebird, pdo_mysql, PDO_OCI, pdo_pgsql, pdo_sqlite, pdo_sqlsrv, pgsql, phalcon, Phar, posix, pspell, rdkafka, readline, recode, redis, Reflection, session, shmop, SimpleXML, snmp, soap, sockets, sodium, SPL, sqlite3, sqlsrv, standard, swoole, sysvmsg, sysvsem, sysvshm, tidy, tokenizer, uploadprogress, wddx, xdebug, xml, xmlreader, xmlrpc, xmlwriter, xsl, Zend OPcache, zip, zlib
7.4 Core, ctype, curl, date, dom, fileinfo, filter, ftp, hash, iconv, json, libxml, mbstring, mysqlnd, openssl, pcre, PDO, pdo_sqlite, Phar, posix, readline, Reflection, session, SimpleXML, sodium, SPL, sqlite3, standard, tokenizer, xml, xmlreader, xmlwriter, zlib amqp, bcmath, bz2, calendar, Core, ctype, curl, date, dba, dom, enchant, exif, FFI, fileinfo, filter, ftp, gd, gettext, gmp, hash, iconv, igbinary, imagick, intl, json, ldap, libxml, mbstring, mcrypt, memcached, mongodb, msgpack, mysqli, mysqlnd, oci8, openssl, pcntl, pcre, PDO, pdo_dblib, PDO_Firebird, pdo_mysql, PDO_OCI, pdo_pgsql, pdo_sqlite, pgsql, Phar, posix, pspell, rdkafka, readline, redis, Reflection, session, shmop, SimpleXML, snmp, soap, sockets, sodium, SPL, sqlite3, standard, swoole, sysvmsg, sysvsem, sysvshm, tidy, tokenizer, uploadprogress, xdebug, xml, xmlreader, xmlrpc, xmlwriter, xsl, Zend OPcache, zip, zlib
8.0 Core, ctype, curl, date, dom, FFI, fileinfo, filter, ftp, hash, iconv, json, libxml, mbstring, mysqlnd, openssl, pcre, PDO, pdo_sqlite, Phar, posix, readline, Reflection, session, SimpleXML, sodium, SPL, sqlite3, standard, tokenizer, xml, xmlreader, xmlwriter, zlib bcmath, bz2, calendar, Core, ctype, curl, date, dba, dom, enchant, exif, FFI, fileinfo, filter, ftp, gd, gettext, gmp, hash, iconv, intl, json, ldap, libxml, mbstring, memcached, mongodb, mysqli, mysqlnd, oci8, openssl, pcntl, pcre, PDO, pdo_dblib, PDO_Firebird, pdo_mysql, PDO_OCI, pdo_pgsql, pdo_sqlite, pgsql, Phar, posix, pspell, readline, redis, Reflection, session, shmop, SimpleXML, snmp, soap, sockets, sodium, SPL, sqlite3, standard, sysvmsg, sysvsem, sysvshm, tidy, tokenizer, uploadprogress, xml, xmlreader, xmlrpc, xmlwriter, xsl, Zend OPcache, zip, zlib

PHP-FPM Features

Image: base

docker pull devilbox/php-fpm:5.2-base
docker pull devilbox/php-fpm:5.3-base
docker pull devilbox/php-fpm:5.4-base
docker pull devilbox/php-fpm:5.5-base
docker pull devilbox/php-fpm:5.6-base
docker pull devilbox/php-fpm:7.0-base
docker pull devilbox/php-fpm:7.1-base
docker pull devilbox/php-fpm:7.2-base
docker pull devilbox/php-fpm:7.3-base
docker pull devilbox/php-fpm:7.4-base
docker pull devilbox/php-fpm:8.0-base

Generic PHP-FPM base image. Use it to derive your own php-fpm docker image from it and add more extensions, tools and injectables.

(Does not offer any environment variables except for NEW_UID and NEW_GID)

Image: mods

docker pull devilbox/php-fpm:5.2-mods
docker pull devilbox/php-fpm:5.3-mods
docker pull devilbox/php-fpm:5.4-mods
docker pull devilbox/php-fpm:5.5-mods
docker pull devilbox/php-fpm:5.6-mods
docker pull devilbox/php-fpm:7.0-mods
docker pull devilbox/php-fpm:7.1-mods
docker pull devilbox/php-fpm:7.2-mods
docker pull devilbox/php-fpm:7.3-mods
docker pull devilbox/php-fpm:7.4-mods
docker pull devilbox/php-fpm:8.0-mods

Generic PHP-FPM image with fully loaded extensions. Use it to derive your own php-fpm docker image from it and add more extensions, tools and injectables.

(Does not offer any environment variables except for NEW_UID and NEW_GID)

Image: prod

docker pull devilbox/php-fpm:5.2-prod
docker pull devilbox/php-fpm:5.3-prod
docker pull devilbox/php-fpm:5.4-prod
docker pull devilbox/php-fpm:5.5-prod
docker pull devilbox/php-fpm:5.6-prod
docker pull devilbox/php-fpm:7.0-prod
docker pull devilbox/php-fpm:7.1-prod
docker pull devilbox/php-fpm:7.2-prod
docker pull devilbox/php-fpm:7.3-prod
docker pull devilbox/php-fpm:7.4-prod
docker pull devilbox/php-fpm:8.0-prod

Devilbox production image. This Docker image comes with many injectables, port-forwardings, mail-catch-all and user/group rewriting.

Image: work

docker pull devilbox/php-fpm:5.2-work
docker pull devilbox/php-fpm:5.3-work
docker pull devilbox/php-fpm:5.4-work
docker pull devilbox/php-fpm:5.5-work
docker pull devilbox/php-fpm:5.6-work
docker pull devilbox/php-fpm:7.0-work
docker pull devilbox/php-fpm:7.1-work
docker pull devilbox/php-fpm:7.2-work
docker pull devilbox/php-fpm:7.3-work
docker pull devilbox/php-fpm:7.4-work
docker pull devilbox/php-fpm:8.0-work

Devilbox development image. Same as prod, but comes with lots of locally installed tools to make development inside the container as convenient as possible. See Integrated Development Environment for more information about this.

PHP-FPM Options

Environment variables

Have a look at the following table to see all supported environment variables for each Docker image flavour.

Image Env Variable Type Default Description
base

mods

prod

work
DEBUG_ENTRYPOINT int 0 Set debug level for startup.
0 Only warnings and errors are shown.
1 All log messages are shown
2 All log messages and executed commands are shown.
NEW_UID int 1000 Assign the PHP-FPM user a new uid in order to syncronize file system permissions with your host computer and the Docker container. You should use a value that matches your host systems local user.
(Type id -u for your uid).
NEW_GID int 1000 Assign the PHP-FPM group a new gid in order to syncronize file system permissions with your host computer and the Docker container. You should use a value that matches your host systems local group.
(Type id -g for your gid).
prod

work
TIMEZONE string UTC Set docker OS timezone as well as PHP timezone.
(Example: Europe/Berlin)
DOCKER_LOGS bool 1 By default all Docker images are configured to output their PHP-FPM access and error logs to stdout and stderr. Those which support it can change the behaviour to log into files inside the container. Their respective directories are available as volumes that can be mounted to the host computer. This feature might help developer who are more comfortable with tailing or searching through actual files instead of using docker logs.

Set this variable to 0 in order to enable logging to files. Log files are avilable under /var/log/php/ which is also a docker volume that can be mounted locally.
ENABLE_MODULES string '' Comma separated list of PHP modules to enable, which are not enabled by default.
Example:
ENABLE_MODULES=blackfire, ioncube
DISABLE_MODULES string '' Comma separated list of PHP modules to disable.
Example:
DISABLE_MODULES=swoole,imagick
ENABLE_MAIL bool 0 Enable local email catch-all.
Postfix will be configured for local delivery and all mails sent (even to real domains) will be catched locally. No email will ever go out. They will all be stored in a local devilbox account.
Value: 0 or 1
FORWARD_PORTS_TO_LOCALHOST string List of remote ports to forward to 127.0.0.1.
Format:
<local-port>:<remote-host>:<remote-port>
You can separate multiple entries by comma.
Example:
3306:mysqlhost:3306, 6379:192.0.1.1:6379
work MYSQL_BACKUP_USER string '' Username for mysql backups used for bundled mysqldump-secure
MYSQL_BACKUP_PASS string '' Password for mysql backups used for bundled mysqldump-secure
MYSQL_BACKUP_HOST string '' Hostname for mysql backups used for bundled mysqldump-secure

Volumes

Have a look at the following table to see all offered volumes for each Docker image flavour.

Image Volumes Description
prod

work
/etc/php-custom.d Mount this directory into your host computer and add custom \*.ini files in order to alter php behaviour.
/etc/php-fpm-custom.d Mount this directory into your host computer and add custom PHP-FPM \*.conf files in order to alter PHP-FPM behaviour.
/etc/php-modules.d Mount this directory into your host computer and add custo \*.so files in order to add your php modules.

Note:Your should then also provide a custom \*.ini file in order to actually load your custom provided module.
/startup.1.d Any executable scripts ending by \*.sh found in this directory will be executed during startup. This is useful to supply additional commands (such as installing custom software) when the container starts up. (will run before /startup.2.d)
/startup.2.d Any executable scripts ending by \*.sh found in this directory will be executed during startup. This is useful to supply additional commands (such as installing custom software) when the container starts up. (will run after /startup.1.d)
/var/log/php When setting environment variable DOCKER_LOGS to 0, log files will be available under this directory.
/var/mail Emails caught be the postfix catch-all (ENABLE_MAIL=1) will be available in this directory.
work /etc/bashrc-devilbox.d Mount this directory into your host computer and add custom configuration files for bash and other tools.
/shared/backups Mount this directory into your host computer to access MySQL backups created by mysqldump-secure.
/ca Mount this directory into your host computer to bake any *.crt file that is located in there as a trusted SSL entity.

Ports

Have a look at the following table to see all offered exposed ports for each Docker image flavour.

Image Port Description
base
mods
prod
work
9000 PHP-FPM listening port

PHP Default Configuration

Each PHP version is using the same sane default php.ini values, making it pain-free to switch versions and not having to worry about different php.ini settings. Note: Flavours alway inherit the settings from its parent flavour if they have no own configuration.

Flavour Applied php.ini files
base php.ini and php-fpm.conf
mods inherits from base
prod inherits from base
work php.ini php-fpm.conf

Integrated Development Environment

If you plan to use the PHP-FPM image for development, hence being able to execute common commands inside the container itself, you should go with the work Image.

The work Docker image has many common tools already installed which on one hand increases its image size, but on the other hand removes the necessity to install those tools locally.

You want to use tools such as git, drush, composer, npm, eslint, phpcs as well as many others, simply do it directly inside the container. As all Docker images are auto-built every night by travis-ci it is assured that you are always at the latest version of your favorite dev tool.

What tools can you expect

Tool Description
Ansible Automation tool.
asgardcms AsgardCMS cli installer.
awesome-ci Various linting and source code analyzing tools.
codeception Elegant and efficient testing for PHP.
composer Dependency Manager for PHP.
deployer Deployment tool for PHP.
drupal-console The Drupal CLI. A tool to generate boilerplate code, interact with and debug Drupal.
drush Drush is a computer software shell-based application used to control, manipulate, and administer Drupal websites.
eslint The pluggable linting utility for JavaScript and JSX.
git Git is a version control system for tracking changes in source files.
git-flow Git-flow tools.
gulp Gulp command line JS tool.
grunt Grunt command line JS tool.
jsonlint Json command line linter.
jq Command-line JSON processor.
laravel installer A CLI tool to easily install and manage the laravel framework.
linkcheck Search for URLs in files (optionally limited by extension) and validate their HTTP status code.
linuxbrew The Homebrew package manager for Linux.
mdl Markdown command line linter.
mdlint Markdown command line linter.
mysqldump-secure Secury MySQL database backup tool with encryption.
nodejs Node.js is an open-source, cross-platform JavaScript run-time environment for executing JavaScript code server-side.
npm npm is a package manager for the JavaScript programming language.
phalcon-devtools CLI tool to generate code helping to develop faster and easy applications that use with Phalcon framework.
phpcs PHP_CodeSniffer tokenizes PHP, JavaScript and CSS files and detects violations of a defined set of coding standards.
phpcbf PHP Code Beautifier and Fixer.
php-cs-fixer A tool to automatically fix PHP Coding Standards issues.
photon Photon CMS cli.
sass Sass CSS compiler.
scss-lint Sass/CSS command line linter.
ssh OpenSSH command line client.
symfony installer This is the official installer to start new projects based on the Symfony full-stack framework.
tig Text-mode Interface for Git.
webpack A bundler for javascript and friends.
wp-cli WP-CLI is the command-line interface for WordPress.
yamllint Yaml command line linter.
yarn Fast, reliable and secure dependency management.

What else is available

Apart from the provided tools, you will also be able to use the container similar as you would do with your host system. Just a few things to mention here:

  • Mount custom bash configuration files so your config persists between restarts
  • Use password-less sudo to become root and do whatever you need to do

If there is anything else you'd like to be able to do, drop me an issue.

Examples

Provide PHP-FPM port to host

$ docker run -d \
    -p 127.0.0.1:9000:9000 \
    -t devilbox/php-fpm:7.2-prod

Alter PHP-FPM and system timezone

$ docker run -d \
    -p 127.0.0.1:9000:9000 \
    -e TIMEZONE=Europe/Berlin \
    -t devilbox/php-fpm:7.2-prod

Load custom PHP configuration

config/ is a local directory that will hold the PHP *.ini files you want to load into the Docker container.

# Create config directory to be mounted with dummy configuration
$ mkdir config
$ echo "xdebug.enable = 1" > config/xdebug.ini

# Run container and mount it
$ docker run -d \
    -p 127.0.0.1:9000:9000 \
    -v config:/etc/php-custom.d \
    -t devilbox/php-fpm:7.2-prod

Load custom PHP modules

modules/ is a local directory that will hold the PHP modules you want to mount into the Docker container. config/ is a local directory that will hold the PHP *.ini files you want to load into the Docker container.

# Create module directory and place module into it
$ mkdir modules
$ cp /my/module/phalcon.so modules/

# Custom php config to load this module
$ mkdir config
$ echo "extension=/etc/php-modules.d/phalcon.so" > config/phalcon.ini

# Run container and mount it
$ docker run -d \
    -p 127.0.0.1:9000:9000 \
    -v config:/etc/php-custom.d \
    -v modules:/etc/php-modules.d \
    -t devilbox/php-fpm:7.2-prod

MySQL connect via 127.0.0.1 (via port-forward)

Forward MySQL Port from 172.168.0.30 (or any other IP address/hostname) and Port 3306 to the PHP docker on 127.0.0.1:3306. By this, your PHP files inside the docker can use 127.0.0.1 to connect to a MySQL database.

$ docker run -d \
    -p 127.0.0.1:9000:9000 \
    -e FORWARD_PORTS_TO_LOCALHOST='3306:172.168.0.30:3306' \
    -t devilbox/php-fpm:7.2-prod

MySQL and Redis connect via 127.0.0.1 (via port-forward)

Forward MySQL Port from 172.168.0.30:3306 and Redis port from redis:6379 to the PHP docker on 127.0.0.1:3306 and 127.0.0.1:6379. By this, your PHP files inside the docker can use 127.0.0.1 to connect to a MySQL or Redis database.

$ docker run -d \
    -p 127.0.0.1:9000:9000 \
    -e FORWARD_PORTS_TO_LOCALHOST='3306:172.168.0.30:3306, 6379:redis:6379' \
    -t devilbox/php-fpm:7.2-prod

Launch Postfix for mail-catching

Once you set $ENABLE_MAIL=1, all mails sent via any of your PHP applications no matter to which domain, are catched locally into the devilbox account. You can also mount the mail directory locally to hook in with mutt and read those mails.

$ docker run -d \
    -p 127.0.0.1:9000:9000 \
    -v /tmp/mail:/var/mail \
    -e ENABLE_MAIL=1 \
    -t devilbox/php-fpm:7.2-prod

Webserver and PHP-FPM

~/my-host-www will be the directory that serves the php files (your document root). Make sure to mount it into both, php and the webserver.

# Start PHP-FPM container
$ docker run -d \
    -v ~/my-host-www:/var/www/default/htdocs \
    --name php \
    -t devilbox/php-fpm:7.2-prod

# Start webserver and link with PHP-FPM
$ docker run -d \
    -p 80:80 \
    -v ~/my-host-www:/var/www/default/htdocs \
    -e PHP_FPM_ENABLE=1 \
    -e PHP_FPM_SERVER_ADDR=php \
    -e PHP_FPM_SERVER_PORT=9000 \
    --link php \
    -t devilbox/nginx-mainline

Create MySQL Backups

Note: This will only work with work Docker images.

The MySQL server could be another Docker container linked to the PHP-FPM container. Let's assume the PHP-FPM container is able to access the MySQL container by the hostname mysql.

# Start container
$ docker run -d \
    -e MYSQL_BACKUP_USER=root \
    -e MYSQL_BACKUP_PASS=somepass \
    -e MYSQL_BACKUP_HOST=mysql \
    -v ~/backups:/shared/backups \
    --name php \
    -t devilbox/php-fpm:7.2-work

# Run database dump
$ docker exec -it php mysqldump-secure

Automated builds

Nightly Travis

Docker images are built and tested every night by travis-ci and pushed to Docker hub on success. This is all done automatically to ensure that sources as well as base images are always fresh and in case of security updates always have the latest patches.

Contributing

Contributors are welcome. Feel free to star and clone this repository and submit issues and pull-requests. Add examples and show what you have created with the provided images. If you see any errors or ways to improve this repository in any way, please do so.

Credits

License

MIT License

Copyright (c) 2017 cytopia