From ae2dcc51248753319996241ad5be7071a464346bccc7f5c8238bc2d041a81111 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Dan=20=C4=8Cerm=C3=A1k?= Date: Wed, 22 May 2024 13:59:09 +0000 Subject: [PATCH 1/2] [info=9aaa860adbc6c2ab0fea0c82ded6401e] OBS-URL: https://build.opensuse.org/package/show/devel:BCI:Tumbleweed/php-fpm8-image?expand=0&rev=74 --- Dockerfile | 24 +------- README.md | 135 ++++++++++++++++++++++++++++++++++++++++- php-fpm8-image.changes | 5 ++ 3 files changed, 140 insertions(+), 24 deletions(-) diff --git a/Dockerfile b/Dockerfile index e19d006..5f31d00 100644 --- a/Dockerfile +++ b/Dockerfile @@ -52,28 +52,8 @@ RUN chmod +x /usr/local/bin/docker-php-* WORKDIR /srv/www/htdocs RUN set -euo pipefail; \ - cd /etc/php8/fpm/; \ - test -e php-fpm.d/www.conf.default && cp -p php-fpm.d/www.conf.default php-fpm.d/www.conf; \ - test -e php-fpm.conf.default && cp -p php-fpm.conf.default php-fpm.conf; \ - { \ - echo '[global]'; \ - echo 'error_log = /proc/self/fd/2'; \ - echo; echo '; https://github.com/docker-library/php/pull/725#issuecomment-443540114'; echo 'log_limit = 8192'; \ - echo; \ - echo '[www]'; \ - echo '; if we send this to /proc/self/fd/1, it never appears'; \ - echo 'access.log = /proc/self/fd/2'; \ - echo; \ - echo 'clear_env = no'; \ - echo; \ - echo '; Ensure worker stdout and stderr are sent to the main error log.'; \ - echo 'catch_workers_output = yes'; \ - echo 'decorate_workers_output = no'; \ - } | tee php-fpm.d/docker.conf; \ - { \ - echo '[global]'; \ - echo 'daemonize = no'; \ - } | tee php-fpm.d/zz-docker.conf + cd /etc/php8/fpm/; \ + test -e php-fpm.d/www.conf.default && cp -p php-fpm.d/www.conf.default php-fpm.d/www.conf; test -e php-fpm.conf.default && cp -p php-fpm.conf.default php-fpm.conf; { echo '[global]'; echo 'error_log = /proc/self/fd/2'; echo; echo '; https://github.com/docker-library/php/pull/725#issuecomment-443540114'; echo 'log_limit = 8192'; echo; echo '[www]'; echo '; if we send this to /proc/self/fd/1, it never appears'; echo 'access.log = /proc/self/fd/2'; echo; echo 'clear_env = no'; echo; echo '; Ensure worker stdout and stderr are sent to the main error log.'; echo 'catch_workers_output = yes'; echo 'decorate_workers_output = no'; } | tee php-fpm.d/docker.conf; { echo '[global]'; echo 'daemonize = no'; } | tee php-fpm.d/zz-docker.conf # Override stop signal to stop process gracefully # https://github.com/php/php-src/blob/17baa87faddc2550def3ae7314236826bc1b1398/sapi/fpm/php-fpm.8.in#L163 diff --git a/README.md b/README.md index 38ad0e9..b6cca58 100644 --- a/README.md +++ b/README.md @@ -1,8 +1,139 @@ -# The openSUSE Tumbleweed BCI PHP-FPM 8 Container Image +# The PHP FPM 8 Container Image + ![Redistributable](https://img.shields.io/badge/Redistributable-Yes-green) -PHP-FPM 8 container based on the openSUSE Tumbleweed Base Container Image. +PHP is a general-purpose scripting language used primarily for server-side web +development. It can be used directly, embedded in HTML files, or executed via a +server-side Apache2 module or CGI scripts. + +## How to use the image + +The image contains [PHP-FPM](https://php-fpm.org/), a FastCGI implementation +for PHP that serves content via the FastCGI protocol and not via HTTP(S). This +requires a reverse proxy that can handle FastCGI and can serve content via +HTTP(s). + +**Caution:** FastCGI does not offer any protection or access control, so the +open socket must be protected via network separation. This means that the +PHP-FPM container must run in a separate private network or a pod, and its +socket must be exposed to the reverse proxy only. + +To deploy an application in the PHP-FPM container, copy the application into +`/srv/www/htdocs` (this directory is the `WORKDIR` of the container image): + +```Dockerfile +FROM registry.opensuse.org/opensuse/bci/php-fpm:8 + +RUN set -eux; \ + zypper -n in $my_dependencies; \ + # additional setup steps + +# Copy the app into the PHP-FPM document root +COPY app/ . +``` + +To configure NGINX as a reverse proxy, add the following to the +`server` section in `/etc/nginx/nginx.conf`: +``` + location ~ \.php$ { + include fastcgi_params; + fastcgi_index index.php; + root /srv/www/htdocs/; + fastcgi_pass 127.0.0.1:9000; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + } +``` + +Additionally, create `/etc/nginx/fastcgi_params` with the following contents: +``` +fastcgi_param QUERY_STRING $query_string; +fastcgi_param REQUEST_METHOD $request_method; +fastcgi_param CONTENT_TYPE $content_type; +fastcgi_param CONTENT_LENGTH $content_length; + +fastcgi_param SCRIPT_NAME $fastcgi_script_name; +fastcgi_param REQUEST_URI $request_uri; +fastcgi_param DOCUMENT_URI $document_uri; +fastcgi_param DOCUMENT_ROOT $document_root; +fastcgi_param SERVER_PROTOCOL $server_protocol; +fastcgi_param REQUEST_SCHEME $scheme; +fastcgi_param HTTPS $https if_not_empty; + +fastcgi_param GATEWAY_INTERFACE CGI/1.1; +fastcgi_param SERVER_SOFTWARE nginx/$nginx_version; + +fastcgi_param REMOTE_ADDR $remote_addr; +fastcgi_param REMOTE_PORT $remote_port; +fastcgi_param SERVER_ADDR $server_addr; +fastcgi_param SERVER_PORT $server_port; +fastcgi_param SERVER_NAME $server_name; + +# PHP only, required if PHP was built with --enable-force-cgi-redirect +fastcgi_param REDIRECT_STATUS 200; +``` + +If you are using a NGINX container with the above changes, you can +use a Podman pod to deploy the application: +```ShellSession +$ podman pod create --name fpm -p 80:8080 +$ podman run -d --pod fpm name-of-my-fpm-container +$ podman run -d --pod fpm name-of-my-nginx-container +``` + +The website is served on port 8080, and the FastCGI application is not +accessible from outside of the `fpm` pod. + +## How to install PHP extensions + +PHP extensions must be installed using the `zypper` package manager. PHP +extensions are named using the `php8-$extension_name` scheme, +and they can be installed as follows: + +```Dockerfile +FROM registry.opensuse.org/opensuse/bci/php-fpm:8 + +RUN zypper -n in php8-gd php8-intl +``` + +Alternatively, you can use the `docker-php-ext-install` script. It is provided +for compatibility with the [PHP DockerHub Image](https://hub.docker.com/_/php) +but it uses zypper to install the extensions from RPMs. It is provided for +compatibility reasons and can be used similar to the script from PHP DockerHub +image: + +```Dockerfile +FROM registry.opensuse.org/opensuse/bci/php-fpm:8 + +RUN docker-php-ext-install gd intl +``` + +## How to install PECL extensions + +[PECL](https://pecl.php.net/) is a package repository hosting PHP extensions. It +can be used as an alternative source to obtain PHP extensions, but without any +guarantee of interoperability with this image and without any official support. + +PECL extensions can be installed as follows: + +```Dockerfile +FROM registry.opensuse.org/opensuse/bci/php-fpm:8 + +RUN set -euo pipefail; \ + zypper -n in $PHPIZE_DEPS php8-pecl; \ + pecl install APCu-5.1.21; +``` + +**Note:** Building an extension may require installing additional dependencies. + + +## Compatibility with the DockerHub Image + +The following scripts ship with the image to keep it compatible with the +DockerHub image: `docker-php-source`, `docker-php-ext-configure`, +`docker-php-ext-enable`, and `docker-php-ext-install`. Note that only +`docker-php-ext-install` performs an actual job. None of the other scripts +require to be executed in the image. ## Licensing `SPDX-License-Identifier: MIT` diff --git a/php-fpm8-image.changes b/php-fpm8-image.changes index ae5a7e5..6faa9a5 100644 --- a/php-fpm8-image.changes +++ b/php-fpm8-image.changes @@ -1,3 +1,8 @@ +------------------------------------------------------------------- +Wed May 22 13:38:53 UTC 2024 - Dan Čermák + +- Extend README + ------------------------------------------------------------------- Sun May 19 09:10:06 UTC 2024 - Dan Čermák From 4b3aa6885abec35b6d36deac76a1b012a204ed17dd58d55b1fba95e6bb57fc53 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Dan=20=C4=8Cerm=C3=A1k?= Date: Thu, 23 May 2024 09:16:50 +0000 Subject: [PATCH 2/2] [info=586d7a37cb2192712a164a87bc625e29] OBS-URL: https://build.opensuse.org/package/show/devel:BCI:Tumbleweed/php-fpm8-image?expand=0&rev=75 --- Dockerfile | 22 +++++++++++++++++++++- 1 file changed, 21 insertions(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 5f31d00..80ca141 100644 --- a/Dockerfile +++ b/Dockerfile @@ -53,7 +53,27 @@ WORKDIR /srv/www/htdocs RUN set -euo pipefail; \ cd /etc/php8/fpm/; \ - test -e php-fpm.d/www.conf.default && cp -p php-fpm.d/www.conf.default php-fpm.d/www.conf; test -e php-fpm.conf.default && cp -p php-fpm.conf.default php-fpm.conf; { echo '[global]'; echo 'error_log = /proc/self/fd/2'; echo; echo '; https://github.com/docker-library/php/pull/725#issuecomment-443540114'; echo 'log_limit = 8192'; echo; echo '[www]'; echo '; if we send this to /proc/self/fd/1, it never appears'; echo 'access.log = /proc/self/fd/2'; echo; echo 'clear_env = no'; echo; echo '; Ensure worker stdout and stderr are sent to the main error log.'; echo 'catch_workers_output = yes'; echo 'decorate_workers_output = no'; } | tee php-fpm.d/docker.conf; { echo '[global]'; echo 'daemonize = no'; } | tee php-fpm.d/zz-docker.conf + test -e php-fpm.d/www.conf.default && cp -p php-fpm.d/www.conf.default php-fpm.d/www.conf; \ + test -e php-fpm.conf.default && cp -p php-fpm.conf.default php-fpm.conf; \ + { \ + echo '[global]'; \ + echo 'error_log = /proc/self/fd/2'; \ + echo; echo '; https://github.com/docker-library/php/pull/725#issuecomment-443540114'; echo 'log_limit = 8192'; \ + echo; \ + echo '[www]'; \ + echo '; if we send this to /proc/self/fd/1, it never appears'; \ + echo 'access.log = /proc/self/fd/2'; \ + echo; \ + echo 'clear_env = no'; \ + echo; \ + echo '; Ensure worker stdout and stderr are sent to the main error log.'; \ + echo 'catch_workers_output = yes'; \ + echo 'decorate_workers_output = no'; \ + } | tee php-fpm.d/docker.conf; \ + { \ + echo '[global]'; \ + echo 'daemonize = no'; \ + } | tee php-fpm.d/zz-docker.conf # Override stop signal to stop process gracefully # https://github.com/php/php-src/blob/17baa87faddc2550def3ae7314236826bc1b1398/sapi/fpm/php-fpm.8.in#L163