Provides basis for Nginx/PHP-FPM web apps
Provides a pre-wired, configurable PHP + Nginx setup across multiple runtime versions.
Integrated with Behance’s docker-nginx
Available on Docker Hub.
docker run behance/docker-php:7.4-alpine "php" "-v"
docker run behance/docker-php:7.4" "php" "-v"
docker run behance/docker-php:8.0" "php" "-v"
Adding code to runtime, see here. PHP tuning and configuration, see here. Nginx tuning and configuration, see here. Adding startup logic, basic or advanced.
PHP_MAJOR.PHP_MINOR(-Major.Minor.Patch)(-variant)
PHP_MAJOR.PHP_MINOR
, required. Engine versions of PHP. ex. docker-php:8.0
(Major.Minor.Patch)
, optional. Semantically versioned container provisioning code. ex. docker-php:7.4-13.4.0
.(-variant)
, optional. Alpine variants are slim versions of the container. ex. docker-php:7.4-alpine
.goss -g /tests/php-fpm/{PHP_MAJOR.PHP_MINOR}(-variant).goss.yaml
to validate any configuration updatesFor extension customization, including enabling and disabling defaults, see here
^
- not available on -alpine
variant
~
- disabled by default
Sample Dockerfile
FROM behance/docker-php:8.0
# (optional, recommended) Verify everything is in order from the parent
RUN goss -g /tests/php-fpm/8.0.goss.yaml validate && /aufs_hack.sh
# Layer local code into runtime
COPY ./ /app/
# Done!
Local code should be copied into /app
, for example:
COPY ./ /app/
Nginx is pre-configured to use a front controller PHP file (entrypoint)
a front controller called index.php
within a public
folder. /app/public/index.php
Dev Mode (no ENV variables): PHP's opcache is enabled, and is set to check files for updates. Code can be developed locally in Docker by mounting into the /app
folder.
For example, the docker-compose.yml
syntax:
volumes:
- ./:/app
CFG_APP_DEBUG=0
. Container becomes immutable, PHP's opcache is configured to not check files for updates.8080
.REPLACE_NEWRELIC_APP
and REPLACE_NEWRELIC_LICENSE
NEWRELIC_TRACING_ENABLED
to true
.newrelic.loglevel
and newrelic.daemon.loglevel
config defaults (currently warning
) to something more verbose for debugging purposes by setting environment variable NEWRELIC_LOGLEVEL
to an available option (options include info
, debug
, verbosedebug
)newrelic.special
config for special debug (sometimes requested by the NewRelic support team), you can turn that option on as directed by NewRelic support by setting enviroment variable NEWRELIC_SPECIAL
to whatever value requested./__status
. Application healthcheck can pull PHP-FPM statistics from http://127.0.0.1/__status?json
. To open to more clients than local, add more allow
statements in __status
location block in $CONF_NGINX_SITE
(/etc/nginx/sites-available/default
)/__nginx_status
. Application healthcheck can pull nginx statistics from http://127.0.0.1/__nginx_status
. To open to more clients than local, add more allow
statements in __nginx_status
location block in $CONF_NGINX_SITE (/etc/nginx/sites-available/default
)A variety of common extensions are included, and can be enabled or disabled as needed.
enable
a built-in and disabled extension:On Ubuntu (default):
# phpenmod XXX
On Alpine variant:
# sed -i "s/^;ext/ext/" $CONF_PHPMODS/XXX.ini
disable
a built-in extension:On Ubuntu (default):
# phpdismod XXX
On Alpine variant:
# sed -i "s/ext/;ext/" $CONF_PHPMODS/XXX.ini
Environment variables can be used to tune various PHP-FPM and Nginx parameters without baking them in.
See parent(s) for additional configuration options:
Variable | Example | Default | Description |
---|---|---|---|
(all) | DATABASE_HOST=master.rds.aws.com | - | PHP has access to environment variables by default |
CFG_APP_DEBUG | CFG_APP_DEBUG=1 | 1 | Setting to 1 or true will cue the Opcache to watch for file changes. Set to 0 for production mode, which provides a sizeable performance boost, though manually updating a file will not be seen unless the opcache is reset. |
CFG_XDEBUG_ENABLE | CFG_XDEBUG_ENABLE=1 | - | Setting to 1 or true will enable the XDebug extension, which is preconfigured to allow remote debugging as well as profiling. NOTE: Requires "dev" mode be enabled via CFG_APP_DEBUG . |
SERVER_MAX_BODY_SIZE | SERVER_MAX_BODY_SIZE=4M | 1M | Allows the downstream application to specify a non-default client_max_body_size configuration for the server -level directive in /etc/nginx/sites-available/default |
SERVER_FASTCGI_BUFFERS | SERVER_FASTCGI_BUFFERS='512 32k' | 256 16k | docs, tweaking |
SERVER_FASTCGI_BUFFER_SIZE | SERVER_FASTCGI_BUFFER_SIZE='256k' | 128k | docs, tweaking |
SERVER_FASTCGI_BUSY_BUFFERS_SIZE | SERVER_FASTCGI_BUSY_BUFFERS_SIZE='1024k' | 256k | docs |
REPLACE_NEWRELIC_APP | REPLACE_NEWRELIC_APP=prod-server-abc | - | Sets application name for newrelic |
REPLACE_NEWRELIC_LICENSE | REPLACE_NEWRELIC_LICENSE=abcdefg | - | Sets license for newrelic, when combined with above, will enable newrelic reporting |
NEWRELIC_TRACING_ENABLED | NEWRELIC_TRACING_ENABLED=true | disabled | Sets transaction_tracer and distributed_tracing true for newrelic, when combined with above, will enable newrelic distributed tracing |
NEWRELIC_LOGLEVEL | NEWRELIC_LOGLEVEL=verbosedebug | - | Overrides sane default loglevels for newrelic.loglevel and newrelic.daemon.loglevel (options include warning , info , debug , verbosedebug ) |
NEWRELIC_SPECIAL | NEWRELIC_SPECIAL=debug_autorum | - | Special NewRelic environment variable, for use with NewRelic support for when doing special debugging. |
PHP_FPM_MEMORY_LIMIT | PHP_FPM_MEMORY_LIMIT=256M | 192MB | Sets memory limit for FPM instances of PHP |
PHP_FPM_MAX_EXECUTION_TIME | PHP_FPM_MAX_EXECUTION_TIME=30 | 60 | Sets time limit for FPM workers |
PHP_FPM_UPLOAD_MAX_FILESIZE | PHP_FPM_UPLOAD_MAX_FILESIZE=100M | 1M | Sets both upload_max_filesize and post_max_size |
PHP_FPM_MAX_CHILDREN | PHP_FPM_MAX_CHILDREN=15 | 4096 | docs |
PHP_FPM_START_SERVERS | PHP_FPM_START_SERVERS=40 | 20 | docs |
PHP_FPM_MAX_REQUESTS | PHP_FPM_MAX_REQUESTS=100 | 1024 | docs How many requests an individual FPM worker will process before recycling |
PHP_FPM_MIN_SPARE_SERVERS | PHP_FPM_MIN_SPARE_SERVERS=10 | 5 | docs |
PHP_OPCACHE_MEMORY_CONSUMPTION | PHP_OPCACHE_MEMORY_CONSUMPTION=512 | 128 | docs |
PHP_OPCACHE_MAX_WASTED_PERCENTAGE | PHP_OPCACHE_MAX_WASTED_PERCENTAGE=10 | 5 | docs |
PHP_OPCACHE_INTERNED_STRINGS_BUFFER | PHP_OPCACHE_INTERNED_STRINGS_BUFFER=64 | 16 | docs |
PHP_OPCACHE_FILE_CACHE | PHP_OPCACHE_FILE_CACHE=/tmp | - | docs |
PHP_OPCACHE_ENABLE_CLI | PHP_OPCACHE_ENABLE_CLI=0 | 1 | docs |
PHP_OPCACHE_PRELOAD | PHP_OPCACHE_PRELOAD=/etc/php/preload.php | - | docs |
PHP_FPM_LOG_LIMIT | PHP_FPM_LOG_LIMIT=4096 | 1024 | PHP 7.3+ only, allows configurable stdout message max length docs |
PHP_FPM_LOG_BUFFERING | PHP_FPM_LOG_BUFFERING=no | yes | PHP 7.3+ only docs |
bash
, docker
, and dgoss
(link)To test locally, run PHP_VARIANT=8.0 ./test.sh {docker engine IP}
.
This will:
PHP_VARIANT
(ex. 7.4-alpine, 7.4, 8.0)Github actions provide the machinery for testing (ci.yaml) and producing tags distributed through Docker Hub (publish.yaml). Testing will confirm that nginx
is able to serve content in various configurations, but also that it can terminate TLS with self-signed certificates. Once a tested and approved PR is merged, simply cutting a new semantically-versioned tag will generate the a matrix of tagged builds. See Container tag scheme above.
Platform support is available for multiple architectures:
linux/amd64
: Ubuntu and Alpine variantslinux/arm64
: Ubuntu variants-onlyTo add new variant based on a new Dockerfile, add an entry to matrix.props
within ./github/workflows
YAML files.
docker-nginx uses Github Actions for CI/CD. Simulated workflows can be achieved locally with act
. All commands must be executes from repository root.
Pre-reqs: tested on Mac
Pull request simulation: executes successfully, but only on ARM devices (ex. Apple M1). ARM emulation through QEMU on X64 machines does not implement the full kernel functionality required by nginx at this time.
act pull_request
Publish simulation: executes, but fails (intentionally) without credentials
act