FROM harbor.dragse.it/base/alpine:3.15 LABEL maintainer="Lennard Brinkhaus " # dependencies required for running "phpize" # these get automatically installed and removed by "docker-php-ext-*" (unless they're already installed) ENV PHPIZE_DEPS \ autoconf \ dpkg-dev dpkg \ file \ g++ \ gcc \ libc-dev \ make \ pkgconf \ re2c # persistent / runtime deps RUN apk add --no-cache \ ca-certificates \ curl \ tar \ xz \ # https://github.com/docker-library/php/issues/494 openssl \ imagemagick-dev \ libzip # ensure www-data user exists RUN set -eux; \ adduser -u 82 -D -S -G www-data www-data # 82 is the standard uid/gid for "www-data" in Alpine # https://git.alpinelinux.org/aports/tree/main/apache2/apache2.pre-install?h=3.14-stable # https://git.alpinelinux.org/aports/tree/main/lighttpd/lighttpd.pre-install?h=3.14-stable # https://git.alpinelinux.org/aports/tree/main/nginx/nginx.pre-install?h=3.14-stable ENV PHP_INI_DIR /usr/local/etc/php RUN set -eux; \ mkdir -p "$PHP_INI_DIR/conf.d"; \ # allow running as an arbitrary user (https://github.com/docker-library/php/issues/743) [ ! -d /var/www/html ]; \ mkdir -p /var/www/html; \ chown www-data:www-data /var/www/html; \ chmod 777 /var/www/html # Apply stack smash protection to functions using local buffers and alloca() # Make PHP's main executable position-independent (improves ASLR security mechanism, and has no performance impact on x86_64) # Enable optimization (-O2) # Enable linker optimization (this sorts the hash buckets to improve cache locality, and is non-default) # https://github.com/docker-library/php/issues/272 # -D_LARGEFILE_SOURCE and -D_FILE_OFFSET_BITS=64 (https://www.php.net/manual/en/intro.filesystem.php) ENV PHP_CFLAGS="-fstack-protector-strong -fpic -fpie -O2 -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64" ENV PHP_CPPFLAGS="$PHP_CFLAGS" ENV PHP_LDFLAGS="-Wl,-O1 -pie" ENV GPG_KEYS 42670A7FE4D0441C8E4632349E4FDC074A4EF02D 5A52880781F755608BF815FC910DEB46F53EA312 ENV PHP_VERSION 7.4.30 ENV PHP_URL="https://www.php.net/distributions/php-$PHP_VERSION.tar.xz" PHP_ASC_URL="https://www.php.net/distributions/php-$PHP_VERSION.tar.xz.asc" ENV PHP_SHA256="ea72a34f32c67e79ac2da7dfe96177f3c451c3eefae5810ba13312ed398ba70d" RUN set -eux; \ \ apk add --no-cache --virtual .fetch-deps gnupg; \ \ mkdir -p /usr/src; \ cd /usr/src; \ \ curl -fsSL -o php.tar.xz "$PHP_URL"; \ \ if [ -n "$PHP_SHA256" ]; then \ echo "$PHP_SHA256 *php.tar.xz" | sha256sum -c -; \ fi; \ \ if [ -n "$PHP_ASC_URL" ]; then \ curl -fsSL -o php.tar.xz.asc "$PHP_ASC_URL"; \ export GNUPGHOME="$(mktemp -d)"; \ for key in $GPG_KEYS; do \ gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key"; \ done; \ gpg --batch --verify php.tar.xz.asc php.tar.xz; \ gpgconf --kill all; \ rm -rf "$GNUPGHOME"; \ fi; \ \ apk del --no-network .fetch-deps COPY docker-php-source /usr/local/bin/docker-php-source RUN chmod +x /usr/local/bin/docker-php-source RUN set -eux; \ apk add --no-cache --virtual .build-deps \ $PHPIZE_DEPS \ argon2-dev \ coreutils \ curl-dev \ libsodium-dev \ libxml2-dev \ linux-headers \ oniguruma-dev \ openssl-dev \ readline-dev \ sqlite-dev \ ; \ \ export \ CFLAGS="$PHP_CFLAGS" \ CPPFLAGS="$PHP_CPPFLAGS" \ LDFLAGS="$PHP_LDFLAGS" \ ; \ docker-php-source extract; \ cd /usr/src/php; \ gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ ./configure \ --build="$gnuArch" \ --with-config-file-path="$PHP_INI_DIR" \ --with-config-file-scan-dir="$PHP_INI_DIR/conf.d" \ \ # make sure invalid --configure-flags are fatal errors instead of just warnings --enable-option-checking=fatal \ \ # https://github.com/docker-library/php/issues/439 --with-mhash \ \ # https://github.com/docker-library/php/issues/822 --with-pic \ \ # --enable-ftp is included here because ftp_ssl_connect() needs ftp to be compiled statically (see https://github.com/docker-library/php/issues/236) --enable-ftp \ # --enable-mbstring is included here because otherwise there's no way to get pecl to use it properly (see https://github.com/docker-library/php/issues/195) --enable-mbstring \ # --enable-mysqlnd is included here because it's harder to compile after the fact than extensions are (since it's a plugin for several extensions, not an extension in itself) --enable-mysqlnd \ # https://wiki.php.net/rfc/argon2_password_hash --with-password-argon2 \ # https://wiki.php.net/rfc/libsodium --with-sodium=shared \ # always build against system sqlite3 (https://github.com/php/php-src/commit/6083a387a81dbbd66d6316a3a12a63f06d5f7109) --with-pdo-sqlite=/usr \ --with-sqlite3=/usr \ \ --with-curl \ --with-openssl \ --with-readline \ --with-zlib \ \ # in PHP 7.4+, the pecl/pear installers are officially deprecated (requiring an explicit "--with-pear") --with-pear \ \ # bundled pcre does not support JIT on s390x # https://manpages.debian.org/bullseye/libpcre3-dev/pcrejit.3.en.html#AVAILABILITY_OF_JIT_SUPPORT $(test "$gnuArch" = 's390x-linux-musl' && echo '--without-pcre-jit') \ \ --disable-cgi \ \ --enable-fpm \ --with-fpm-user=www-data \ --with-fpm-group=www-data \ ; \ make -j "$(nproc)"; \ find -type f -name '*.a' -delete; \ make install; \ find \ /usr/local \ -type f \ -perm '/0111' \ -exec sh -euxc ' \ strip --strip-all "$@" || : \ ' -- '{}' + \ ; \ make clean; \ \ # https://github.com/docker-library/php/issues/692 (copy default example "php.ini" files somewhere easily discoverable) cp -v php.ini-* "$PHP_INI_DIR/"; \ \ cd /; \ docker-php-source delete; \ \ runDeps="$( \ scanelf --needed --nobanner --format '%n#p' --recursive /usr/local \ | tr ',' '\n' \ | sort -u \ | awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \ )"; \ apk add --no-cache $runDeps; \ \ apk del --no-network .build-deps; \ \ # update pecl channel definitions https://github.com/docker-library/php/issues/443 pecl update-channels; \ rm -rf /tmp/pear ~/.pearrc; \ \ # smoke test php --version RUN touch /usr/local/etc/php/conf.d/uploads.ini \ && echo "upload_max_filesize = 50M;" >> /usr/local/etc/php/conf.d/uploads.ini \ && echp "post_max_size = 50M;" >> /usr/local/etc/php/conf.d/uploads.ini COPY docker-php-ext-* docker-php-entrypoint /usr/local/bin/ COPY --from=mlocati/php-extension-installer /usr/bin/install-php-extensions /usr/local/bin/ RUN chmod +x /usr/local/bin/docker-php-ext-enable RUN chmod +x /usr/local/bin/docker-php-ext-install RUN chmod +x /usr/local/bin/docker-php-ext-configure RUN chmod +x /usr/local/bin/install-php-extensions RUN install-php-extensions mysqli exif zip gd intl imagick && docker-php-ext-enable mysqli exif gd intl imagick zip # sodium was built as a shared module (so that it can be replaced later if so desired), so let's enable it too (https://github.com/docker-library/php/issues/598) RUN docker-php-ext-enable sodium ENTRYPOINT ["docker-php-entrypoint"] WORKDIR /var/www/html RUN set -eux; \ cd /usr/local/etc; \ if [ -d php-fpm.d ]; then \ # for some reason, upstream's php-fpm.conf.default has "include=NONE/etc/php-fpm.d/*.conf" sed 's!=NONE/!=!g' php-fpm.conf.default | tee php-fpm.conf > /dev/null; \ cp php-fpm.d/www.conf.default php-fpm.d/www.conf; \ else \ # PHP 5.x doesn't use "include=" by default, so we'll create our own simple config that mimics PHP 7+ for consistency mkdir php-fpm.d; \ cp php-fpm.conf.default php-fpm.d/www.conf; \ { \ echo '[global]'; \ echo 'include=etc/php-fpm.d/*.conf'; \ } | tee php-fpm.conf; \ fi; \ { \ echo '[global]'; \ echo 'error_log = /proc/self/fd/2'; \ echo; echo '; https://github.com/docker-library/php/pull/725#issuecomment-443540114'; echo 'log_limit = 8192'; \ echo; \ echo '[www]'; \ echo '; if we send this to /proc/self/fd/1, it never appears'; \ echo 'access.log = /proc/self/fd/2'; \ echo; \ echo 'clear_env = no'; \ echo; \ echo '; Ensure worker stdout and stderr are sent to the main error log.'; \ echo 'catch_workers_output = yes'; \ echo 'decorate_workers_output = no'; \ } | tee php-fpm.d/docker.conf; \ { \ echo '[global]'; \ echo 'daemonize = no'; \ echo; \ echo '[www]'; \ echo 'listen = 9000'; \ echo ''; \ } | tee php-fpm.d/zz-docker.conf # Override stop signal to stop process gracefully # https://github.com/php/php-src/blob/17baa87faddc2550def3ae7314236826bc1b1398/sapi/fpm/php-fpm.8.in#L163 STOPSIGNAL SIGQUIT EXPOSE 9000 CMD ["php-fpm"]