# # NOTE: THIS DOCKERFILE IS GENERATED VIA "update.sh" # # PLEASE DO NOT EDIT IT DIRECTLY. # FROM alpine:3.4 # persistent / runtime deps ENV PHPIZE_DEPS \ autoconf \ file \ g++ \ gcc \ libc-dev \ make \ pkgconf \ re2c RUN apk add --no-cache --virtual .persistent-deps \ ca-certificates \ curl \ tar \ xz # ensure www-data user exists RUN set -x \ && addgroup -g 82 -S www-data \ && adduser -u 82 -D -S -G www-data www-data # 82 is the standard uid/gid for "www-data" in Alpine # http://git.alpinelinux.org/cgit/aports/tree/main/apache2/apache2.pre-install?h=v3.3.2 # http://git.alpinelinux.org/cgit/aports/tree/main/lighttpd/lighttpd.pre-install?h=v3.3.2 # http://git.alpinelinux.org/cgit/aports/tree/main/nginx-initscripts/nginx-initscripts.pre-install?h=v3.3.2 ENV PHP_INI_DIR /usr/local/etc/php RUN mkdir -p $PHP_INI_DIR/conf.d #### ENV PHP_EXTRA_CONFIGURE_ARGS --enable-fpm --with-fpm-user=www-data --with-fpm-group=www-data #### # Apply stack smash protection to functions using local buffers and alloca() # Make PHP's main executable position-independent (improves ASLR security mechanism, and has no performance impact on x86_64) # Enable optimization (-O2) # Enable linker optimization (this sorts the hash buckets to improve cache locality, and is non-default) # Adds GNU HASH segments to generated executables (this is used if present, and is much faster than sysv hash; in this configuration, sysv hash is also generated) # https://github.com/docker-library/php/issues/272 ENV CFLAGS="-fstack-protector-strong -fpic -fpie -O2" ENV CPPFLAGS="$CFLAGS" ENV LDFLAGS="-Wl,-O1 -Wl,--hash-style=both" ENV GPG_KEYS 1A4E8B7277C42E53DBA9C7B9BCAA30EA9C0D5763 ENV PHP_VERSION 7.0.14 ENV PHP_URL="https://secure.php.net/get/php-7.0.14.tar.xz/from/this/mirror" PHP_ASC_URL="https://secure.php.net/get/php-7.0.14.tar.xz.asc/from/this/mirror" ENV PHP_SHA256="0f1dff6392a1cc2ed126b9695f580a2ed77eb09d2c23b41cabfb41e6f27a8c89" PHP_MD5="a51f1d4f03f4e4c745856e9f76fca476" RUN set -xe; \ \ apk add --no-cache --virtual .fetch-deps \ gnupg \ openssl \ ; \ \ mkdir -p /usr/src; \ cd /usr/src; \ \ wget -O php.tar.xz "$PHP_URL"; \ \ if [ -n "$PHP_SHA256" ]; then \ echo "$PHP_SHA256 *php.tar.xz" | sha256sum -c -; \ fi; \ if [ -n "$PHP_MD5" ]; then \ echo "$PHP_MD5 *php.tar.xz" | md5sum -c -; \ fi; \ \ if [ -n "$PHP_ASC_URL" ]; then \ wget -O php.tar.xz.asc "$PHP_ASC_URL"; \ export GNUPGHOME="$(mktemp -d)"; \ for key in $GPG_KEYS; do \ gpg --keyserver ha.pool.sks-keyservers.net --recv-keys "$key"; \ done; \ gpg --batch --verify php.tar.xz.asc php.tar.xz; \ rm -r "$GNUPGHOME"; \ fi; \ \ apk del .fetch-deps COPY docker-php-source /usr/local/bin/ RUN set -xe \ && apk add --no-cache --virtual .build-deps \ $PHPIZE_DEPS \ curl-dev \ libedit-dev \ libxml2-dev \ openssl-dev \ sqlite-dev \ \ && docker-php-source extract \ && cd /usr/src/php \ && ./configure \ --with-config-file-path="$PHP_INI_DIR" \ --with-config-file-scan-dir="$PHP_INI_DIR/conf.d" \ \ --disable-cgi \ \ # --enable-ftp is included here because ftp_ssl_connect() needs ftp to be compiled statically (see https://github.com/docker-library/php/issues/236) --enable-ftp \ # --enable-mbstring is included here because otherwise there's no way to get pecl to use it properly (see https://github.com/docker-library/php/issues/195) --enable-mbstring \ # --enable-mysqlnd is included here because it's harder to compile after the fact than extensions are (since it's a plugin for several extensions, not an extension in itself) --enable-mysqlnd \ \ --with-curl \ --with-libedit \ --with-openssl \ --with-zlib \ \ $PHP_EXTRA_CONFIGURE_ARGS \ && make -j "$(getconf _NPROCESSORS_ONLN)" \ && make install \ && { find /usr/local/bin /usr/local/sbin -type f -perm +0111 -exec strip --strip-all '{}' + || true; } \ && make clean \ && docker-php-source delete \ \ && runDeps="$( \ scanelf --needed --nobanner --recursive /usr/local \ | awk '{ gsub(/,/, "\nso:", $2); print "so:" $2 }' \ | sort -u \ | xargs -r apk info --installed \ | sort -u \ )" \ && apk add --no-cache --virtual .php-rundeps $runDeps \ \ && apk del .build-deps COPY docker-php-ext-* /usr/local/bin/ #### WORKDIR /var/www/html RUN set -ex \ && cd /usr/local/etc \ && if [ -d php-fpm.d ]; then \ # for some reason, upstream's php-fpm.conf.default has "include=NONE/etc/php-fpm.d/*.conf" sed 's!=NONE/!=!g' php-fpm.conf.default | tee php-fpm.conf > /dev/null; \ cp php-fpm.d/www.conf.default php-fpm.d/www.conf; \ else \ # PHP 5.x doesn't use "include=" by default, so we'll create our own simple config that mimics PHP 7+ for consistency mkdir php-fpm.d; \ cp php-fpm.conf.default php-fpm.d/www.conf; \ { \ echo '[global]'; \ echo 'include=etc/php-fpm.d/*.conf'; \ } | tee php-fpm.conf; \ fi \ && { \ echo '[global]'; \ echo 'error_log = /proc/self/fd/2'; \ echo; \ echo '[www]'; \ echo '; if we send this to /proc/self/fd/1, it never appears'; \ echo 'access.log = /proc/self/fd/2'; \ echo; \ echo 'clear_env = no'; \ echo; \ echo '; Ensure worker stdout and stderr are sent to the main error log.'; \ echo 'catch_workers_output = yes'; \ } | tee php-fpm.d/docker.conf \ && { \ echo '[global]'; \ echo 'daemonize = no'; \ echo; \ echo '[www]'; \ echo 'listen = [::]:9000'; \ } | tee php-fpm.d/zz-docker.conf EXPOSE 9000 CMD ["php-fpm"] ####