From 1bf1f811ff175d9ad83820784030e5ef1197d7fa Mon Sep 17 00:00:00 2001 From: Tim de Pater Date: Thu, 7 Oct 2021 13:26:36 +0200 Subject: [PATCH 01/73] Introduce multi-arch builds with Docker buildx --- .github/workflows/{deploy.yaml => build.yaml} | 32 ++++++++++++++----- docker-compose.test.yml | 1 + 2 files changed, 25 insertions(+), 8 deletions(-) rename .github/workflows/{deploy.yaml => build.yaml} (63%) diff --git a/.github/workflows/deploy.yaml b/.github/workflows/build.yaml similarity index 63% rename from .github/workflows/deploy.yaml rename to .github/workflows/build.yaml index 332968243..a6e48d238 100644 --- a/.github/workflows/deploy.yaml +++ b/.github/workflows/build.yaml @@ -8,19 +8,26 @@ on: env: IMAGE_NAME: trafex/php-nginx + IMAGE_TAG: ${{ github.sha }} jobs: - deploy: + build: runs-on: ubuntu-latest steps: - name: Checkout uses: actions/checkout@v2 + - name: Set up QEMU + uses: docker/setup-qemu-action@v1 + + - name: Set up Docker Buildx + id: buildx + uses: docker/setup-buildx-action@v1 + - name: Build image run: |- - docker build -t $IMAGE_NAME . - docker tag $IMAGE_NAME:latest $IMAGE_NAME:${{ github.sha }} + docker build -t $IMAGE_NAME:$IMAGE_TAG . - name: Smoke test image run: |- @@ -47,17 +54,26 @@ jobs: username: ${{ secrets.DOCKERHUB_USERNAME }} password: ${{ secrets.DOCKERHUB_TOKEN }} - - name: Push latest image + - name: Build multi-arch image and push latest tag if: github.ref == 'refs/heads/master' && github.event_name == 'push' run: |- - docker push $IMAGE_NAME:latest + docker buildx build \ + --cache-from=$IMAGE_NAME:latest + --push \ + -t $IMAGE_NAME:latest \ + --platform linux/amd64,linux/arm64,linux/arm/v7,linux/arm/v6 \ + . - name: Set tag in environment if: contains(github.ref, 'refs/tags/') run: echo "RELEASE_VERSION=${GITHUB_REF#refs/*/}" >> $GITHUB_ENV - - name: Push tagged image + - name: Build multi-arch image and push release tag if: contains(github.ref, 'refs/tags/') run: |- - docker tag $IMAGE_NAME:${{ github.sha }} $IMAGE_NAME:$RELEASE_VERSION - docker push $IMAGE_NAME:$RELEASE_VERSION + docker buildx build \ + --cache-from=$IMAGE_NAME:latest + --push \ + -t $IMAGE_NAME:$RELEASE_VERSION \ + --platform linux/amd64,linux/arm64,linux/arm/v7,linux/arm/v6 \ + . diff --git a/docker-compose.test.yml b/docker-compose.test.yml index bc43092a9..ae8a05b56 100644 --- a/docker-compose.test.yml +++ b/docker-compose.test.yml @@ -1,6 +1,7 @@ version: '3.5' services: app: + image: ${IMAGE_NAME}:${IMAGE_TAG} build: . sut: image: alpine:3.13 From 68d8df88dc68f77686a397f9b70e22a73bb68659 Mon Sep 17 00:00:00 2001 From: Tim de Pater Date: Thu, 7 Oct 2021 20:59:08 +0200 Subject: [PATCH 02/73] Improving multi-platform support --- .github/workflows/build.yaml | 4 ++-- README.md | 1 + 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml index a6e48d238..e8bbfd22e 100644 --- a/.github/workflows/build.yaml +++ b/.github/workflows/build.yaml @@ -58,7 +58,7 @@ jobs: if: github.ref == 'refs/heads/master' && github.event_name == 'push' run: |- docker buildx build \ - --cache-from=$IMAGE_NAME:latest + --cache-from=$IMAGE_NAME:latest \ --push \ -t $IMAGE_NAME:latest \ --platform linux/amd64,linux/arm64,linux/arm/v7,linux/arm/v6 \ @@ -72,7 +72,7 @@ jobs: if: contains(github.ref, 'refs/tags/') run: |- docker buildx build \ - --cache-from=$IMAGE_NAME:latest + --cache-from=$IMAGE_NAME:latest \ --push \ -t $IMAGE_NAME:$RELEASE_VERSION \ --platform linux/amd64,linux/arm64,linux/arm/v7,linux/arm/v6 \ diff --git a/README.md b/README.md index 749285dfb..2d337bc78 100644 --- a/README.md +++ b/README.md @@ -5,6 +5,7 @@ Repository: https://github.com/TrafeX/docker-php-nginx * Built on the lightweight and secure Alpine Linux distribution +* Multi-platform, supporting AMD4, ARMv6, ARMv7, ARM64 * Very small Docker image size (+/-40MB) * Uses PHP 8.0 for better performance, lower CPU usage & memory footprint * Optimized for 100 concurrent users From a41ad3100f66b739d31d61d1c31e5eaeb596c048 Mon Sep 17 00:00:00 2001 From: Tim de Pater Date: Thu, 7 Oct 2021 21:06:54 +0200 Subject: [PATCH 03/73] Automatically update the description on Docker Hub --- .github/workflows/dockerhub-description.yaml | 21 ++++++++++++++++++++ 1 file changed, 21 insertions(+) create mode 100644 .github/workflows/dockerhub-description.yaml diff --git a/.github/workflows/dockerhub-description.yaml b/.github/workflows/dockerhub-description.yaml new file mode 100644 index 000000000..cdaac77b5 --- /dev/null +++ b/.github/workflows/dockerhub-description.yaml @@ -0,0 +1,21 @@ +name: Update Docker Hub Description +on: + push: + branches: + - master + paths: + - README.md + - .github/workflows/dockerhub-description.yml +jobs: + dockerHubDescription: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v2 + + - name: Docker Hub Description + uses: peter-evans/dockerhub-description@v2 + with: + username: ${{ secrets.DOCKERHUB_USERNAME }} + password: ${{ secrets.DOCKERHUB_PASSWORD }} + repository: peterevans/dockerhub-description + short-description: ${{ github.event.repository.description }} From 1c140e82452dda942d9363ae271e9051c62a4343 Mon Sep 17 00:00:00 2001 From: Tim de Pater Date: Thu, 7 Oct 2021 21:09:30 +0200 Subject: [PATCH 04/73] Update nginx version in badge --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 2d337bc78..e541645c3 100644 --- a/README.md +++ b/README.md @@ -15,7 +15,7 @@ Repository: https://github.com/TrafeX/docker-php-nginx * Follows the KISS principle (Keep It Simple, Stupid) to make it easy to understand and adjust the image to your needs [![Docker Pulls](https://img.shields.io/docker/pulls/trafex/php-nginx.svg)](https://hub.docker.com/r/trafex/php-nginx/) -![nginx 1.18.0](https://img.shields.io/badge/nginx-1.20-brightgreen.svg) +![nginx 1.20](https://img.shields.io/badge/nginx-1.20-brightgreen.svg) ![php 8.0](https://img.shields.io/badge/php-8.0-brightgreen.svg) ![License MIT](https://img.shields.io/badge/license-MIT-blue.svg) From 6a440c890ff22e4ef4667b99f8bed98e2f0e635e Mon Sep 17 00:00:00 2001 From: Tim de Pater Date: Thu, 7 Oct 2021 21:24:03 +0200 Subject: [PATCH 05/73] Fix incorrect repository --- .github/workflows/dockerhub-description.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/dockerhub-description.yaml b/.github/workflows/dockerhub-description.yaml index cdaac77b5..fa153ad6b 100644 --- a/.github/workflows/dockerhub-description.yaml +++ b/.github/workflows/dockerhub-description.yaml @@ -17,5 +17,5 @@ jobs: with: username: ${{ secrets.DOCKERHUB_USERNAME }} password: ${{ secrets.DOCKERHUB_PASSWORD }} - repository: peterevans/dockerhub-description + repository: trafex/php-nginx short-description: ${{ github.event.repository.description }} From df1a00c9796fe961038ca715d06355e0cd4d88e7 Mon Sep 17 00:00:00 2001 From: Tim de Pater Date: Thu, 7 Oct 2021 21:37:35 +0200 Subject: [PATCH 06/73] Replace old PHP7 example with PHP8 --- README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index e541645c3..57bd3ae71 100644 --- a/README.md +++ b/README.md @@ -51,11 +51,11 @@ Nginx configuration: PHP configuration: - docker run -v "`pwd`/php-setting.ini:/etc/php7/conf.d/settings.ini" trafex/php-nginx + docker run -v "`pwd`/php-setting.ini:/etc/php8/conf.d/settings.ini" trafex/php-nginx PHP-FPM configuration: - docker run -v "`pwd`/php-fpm-settings.conf:/etc/php7/php-fpm.d/server.conf" trafex/php-nginx + docker run -v "`pwd`/php-fpm-settings.conf:/etc/php8/php-fpm.d/server.conf" trafex/php-nginx _Note; Because `-v` requires an absolute path I've added `pwd` in the example to return the absolute path to the current directory_ From 5cd428375b7ac875005dc2b5b47d811b034aa75d Mon Sep 17 00:00:00 2001 From: vildand Date: Thu, 16 Dec 2021 23:24:42 +0100 Subject: [PATCH 07/73] unix socket instead of tcp sockets between nginx and php-fpm --- config/fpm-pool.conf | 2 +- config/nginx.conf | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/config/fpm-pool.conf b/config/fpm-pool.conf index d4692868f..4be20613c 100644 --- a/config/fpm-pool.conf +++ b/config/fpm-pool.conf @@ -13,7 +13,7 @@ error_log = /dev/stderr ; (IPv6 and IPv4-mapped) on a specific port; ; '/path/to/unix/socket' - to listen on a unix socket. ; Note: This value is mandatory. -listen = 127.0.0.1:9000 +listen = /run/php-fpm.sock ; Enable status page pm.status_path = /fpm-status diff --git a/config/nginx.conf b/config/nginx.conf index 7e906596b..9e6efd85a 100644 --- a/config/nginx.conf +++ b/config/nginx.conf @@ -51,11 +51,11 @@ http { root /var/lib/nginx/html; } - # Pass the PHP scripts to PHP-FPM listening on 127.0.0.1:9000 + # Pass the PHP scripts to PHP-FPM listening on php-fpm.sock location ~ \.php$ { try_files $uri =404; fastcgi_split_path_info ^(.+\.php)(/.+)$; - fastcgi_pass 127.0.0.1:9000; + fastcgi_pass unix:/run/php-fpm.sock; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_param SCRIPT_NAME $fastcgi_script_name; fastcgi_index index.php; @@ -79,7 +79,7 @@ http { deny all; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; include fastcgi_params; - fastcgi_pass 127.0.0.1:9000; + fastcgi_pass unix:/run/php-fpm.sock; } } From 302cf16dccfcb4987c3c933f56c3e512dcb02607 Mon Sep 17 00:00:00 2001 From: Tim de Pater Date: Wed, 29 Dec 2021 08:29:18 +0100 Subject: [PATCH 08/73] Only login to Docker Hub when pushing on master branch --- .github/workflows/build.yaml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml index e8bbfd22e..cbfe7c331 100644 --- a/.github/workflows/build.yaml +++ b/.github/workflows/build.yaml @@ -38,7 +38,7 @@ jobs: - name: Run Trivy vulnerability scanner uses: aquasecurity/trivy-action@master with: - image-ref: '${{ env.IMAGE_NAME }}:${{ github.sha }}' + image-ref: '${{ env.IMAGE_NAME }}:${{ env.IMAGE_TAG }}' format: 'template' template: '@/contrib/sarif.tpl' output: 'trivy-results.sarif' @@ -49,6 +49,7 @@ jobs: sarif_file: 'trivy-results.sarif' - name: Login to Docker Hub + if: github.ref == 'refs/heads/master' && github.event_name == 'push' uses: docker/login-action@v1 with: username: ${{ secrets.DOCKERHUB_USERNAME }} From 77f9f02c7cb1169ed4fe2be52bbc9ff7fc4b9377 Mon Sep 17 00:00:00 2001 From: Tim de Pater Date: Thu, 30 Dec 2021 09:19:05 +0100 Subject: [PATCH 09/73] Trigger Docker Hub login on tags as well --- .github/workflows/build.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml index cbfe7c331..a32ac5324 100644 --- a/.github/workflows/build.yaml +++ b/.github/workflows/build.yaml @@ -49,7 +49,7 @@ jobs: sarif_file: 'trivy-results.sarif' - name: Login to Docker Hub - if: github.ref == 'refs/heads/master' && github.event_name == 'push' + if: (github.ref == 'refs/heads/master' && github.event_name == 'push') || contains(github.ref, 'refs/tags/') uses: docker/login-action@v1 with: username: ${{ secrets.DOCKERHUB_USERNAME }} From 2f2b574195b3291d96b05b3966d0c6a4c36497fd Mon Sep 17 00:00:00 2001 From: jlxip Date: Fri, 14 Jan 2022 18:27:10 +0100 Subject: [PATCH 10/73] Disable absolute_redirect --- config/nginx.conf | 1 + 1 file changed, 1 insertion(+) diff --git a/config/nginx.conf b/config/nginx.conf index 9e6efd85a..4563007ca 100644 --- a/config/nginx.conf +++ b/config/nginx.conf @@ -35,6 +35,7 @@ http { server_name _; sendfile off; + absolute_redirect off; root /var/www/html; index index.php index.html; From 8bf0386136f3df96fc40fb73a6bff4f84b960fb4 Mon Sep 17 00:00:00 2001 From: Tiago Lopes Date: Sat, 18 Dec 2021 10:58:03 -0300 Subject: [PATCH 11/73] updated Dockerfile --- Dockerfile | 22 +++++++++------------- 1 file changed, 9 insertions(+), 13 deletions(-) diff --git a/Dockerfile b/Dockerfile index d2d133741..21980a337 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,9 +1,12 @@ -FROM alpine:3.14 +ARG ALPINE_VERSION=3.14 +FROM alpine:${ALPINE_VERSION} LABEL Maintainer="Tim de Pater " LABEL Description="Lightweight container with Nginx 1.20 & PHP 8.0 based on Alpine Linux." +# Setup document root +WORKDIR /var/www/html # Install packages and remove default server definition -RUN apk --no-cache add \ +RUN apk add --no-cache --update \ curl \ nginx \ php8 \ @@ -22,8 +25,7 @@ RUN apk --no-cache add \ php8-session \ php8-xml \ php8-xmlreader \ - php8-zlib \ - supervisor + php8-zlib # Create symlink so programs depending on `php` still function RUN ln -s /usr/bin/php8 /usr/bin/php @@ -35,23 +37,17 @@ COPY config/nginx.conf /etc/nginx/nginx.conf COPY config/fpm-pool.conf /etc/php8/php-fpm.d/www.conf COPY config/php.ini /etc/php8/conf.d/custom.ini -# Configure supervisord +# Install a golang port of supervisord and Configure +COPY --from=ochinchina/supervisord:latest /usr/local/bin/supervisord /usr/bin/supervisord COPY config/supervisord.conf /etc/supervisor/conf.d/supervisord.conf -# Setup document root -RUN mkdir -p /var/www/html - # Make sure files/folders needed by the processes are accessable when they run under the nobody user -RUN chown -R nobody.nobody /var/www/html && \ - chown -R nobody.nobody /run && \ - chown -R nobody.nobody /var/lib/nginx && \ - chown -R nobody.nobody /var/log/nginx +RUN chown -R nobody.nobody /var/www/html /run /var/lib/nginx /var/log/nginx # Switch to use a non-root user from here on USER nobody # Add application -WORKDIR /var/www/html COPY --chown=nobody src/ /var/www/html/ # Expose the port nginx is reachable on From 8405c555d019e325234b501716e5956ca300f0bd Mon Sep 17 00:00:00 2001 From: Tiago Lopes Date: Tue, 18 Jan 2022 19:50:51 -0300 Subject: [PATCH 12/73] removed --update flag --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 21980a337..98d24f4c6 100644 --- a/Dockerfile +++ b/Dockerfile @@ -6,7 +6,7 @@ LABEL Description="Lightweight container with Nginx 1.20 & PHP 8.0 based on Alpi WORKDIR /var/www/html # Install packages and remove default server definition -RUN apk add --no-cache --update \ +RUN apk add --no-cache \ curl \ nginx \ php8 \ From b3ee5d84c0a2bc12ac8180e365f9afca326523e4 Mon Sep 17 00:00:00 2001 From: Tim de Pater Date: Sat, 29 Jan 2022 06:53:36 +0100 Subject: [PATCH 13/73] Reverted the switch to a Go version of supervisord; it doesn't support multi-arch builds and the image is outdated --- Dockerfile | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/Dockerfile b/Dockerfile index 98d24f4c6..e18926921 100644 --- a/Dockerfile +++ b/Dockerfile @@ -25,7 +25,8 @@ RUN apk add --no-cache \ php8-session \ php8-xml \ php8-xmlreader \ - php8-zlib + php8-zlib \ + supervisor # Create symlink so programs depending on `php` still function RUN ln -s /usr/bin/php8 /usr/bin/php @@ -37,8 +38,7 @@ COPY config/nginx.conf /etc/nginx/nginx.conf COPY config/fpm-pool.conf /etc/php8/php-fpm.d/www.conf COPY config/php.ini /etc/php8/conf.d/custom.ini -# Install a golang port of supervisord and Configure -COPY --from=ochinchina/supervisord:latest /usr/local/bin/supervisord /usr/bin/supervisord +# Configure supervisord COPY config/supervisord.conf /etc/supervisor/conf.d/supervisord.conf # Make sure files/folders needed by the processes are accessable when they run under the nobody user From f4db6cea400fca049a224959bc49f61ed014de27 Mon Sep 17 00:00:00 2001 From: Tim de Pater Date: Sun, 20 Mar 2022 06:26:17 +0100 Subject: [PATCH 14/73] Dropped installing the json extension, is included in PHP's core. Fixes #89 --- Dockerfile | 1 - 1 file changed, 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index e18926921..343e54a70 100644 --- a/Dockerfile +++ b/Dockerfile @@ -16,7 +16,6 @@ RUN apk add --no-cache \ php8-fpm \ php8-gd \ php8-intl \ - php8-json \ php8-mbstring \ php8-mysqli \ php8-opcache \ From e9596ce49904db6e2da858fa14869b48145d33b5 Mon Sep 17 00:00:00 2001 From: Tim de Pater Date: Sun, 20 Mar 2022 06:36:09 +0100 Subject: [PATCH 15/73] Add reference to my services --- README.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/README.md b/README.md index 57bd3ae71..b714371ae 100644 --- a/README.md +++ b/README.md @@ -19,6 +19,10 @@ Repository: https://github.com/TrafeX/docker-php-nginx ![php 8.0](https://img.shields.io/badge/php-8.0-brightgreen.svg) ![License MIT](https://img.shields.io/badge/license-MIT-blue.svg) +## [![Trafex Consultancy](https://timdepater.com/logo/mini-logo.png)](https://timdepater.com) +I can help you with [Containerization, Kubernetes, Monitoring, Infrastructure as Code and other DevOps challenges](https://timdepater.com/). + + ## Goal of this project The goal of this container image is to provide an example for running Nginx and PHP-FPM in a container which follows the best practices and is easy to understand and modify to your needs. From b8e362cfab0cdbd37cf784b71d292deb03baaa60 Mon Sep 17 00:00:00 2001 From: Tim de Pater Date: Mon, 21 Mar 2022 16:58:45 +0100 Subject: [PATCH 16/73] Update Alpine Linux to 3.15 --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 343e54a70..5c13cbb76 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,4 +1,4 @@ -ARG ALPINE_VERSION=3.14 +ARG ALPINE_VERSION=3.15 FROM alpine:${ALPINE_VERSION} LABEL Maintainer="Tim de Pater " LABEL Description="Lightweight container with Nginx 1.20 & PHP 8.0 based on Alpine Linux." From cc99d82d0dac221032faa35c893e322608dd4780 Mon Sep 17 00:00:00 2001 From: Tim de Pater Date: Thu, 24 Mar 2022 14:54:01 +0100 Subject: [PATCH 17/73] Fix spell error --- README.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index b714371ae..07011e1e8 100644 --- a/README.md +++ b/README.md @@ -1,5 +1,5 @@ # Docker PHP-FPM 8.0 & Nginx 1.20 on Alpine Linux -Example PHP-FPM 8.0 & Nginx 1.20 container image for Docker, build on [Alpine Linux](https://www.alpinelinux.org/). +Example PHP-FPM 8.0 & Nginx 1.20 container image for Docker, built on [Alpine Linux](https://www.alpinelinux.org/). Repository: https://github.com/TrafeX/docker-php-nginx @@ -19,8 +19,8 @@ Repository: https://github.com/TrafeX/docker-php-nginx ![php 8.0](https://img.shields.io/badge/php-8.0-brightgreen.svg) ![License MIT](https://img.shields.io/badge/license-MIT-blue.svg) -## [![Trafex Consultancy](https://timdepater.com/logo/mini-logo.png)](https://timdepater.com) -I can help you with [Containerization, Kubernetes, Monitoring, Infrastructure as Code and other DevOps challenges](https://timdepater.com/). +## [![Trafex Consultancy](https://timdepater.com/logo/mini-logo.png)](https://timdepater.com?mtm_campaign=github) +I can help you with [Containerization, Kubernetes, Monitoring, Infrastructure as Code and other DevOps challenges](https://timdepater.com/?mtm_campaign=github). ## Goal of this project From 27cf98b64712b2c38907754619b523212ef6c27f Mon Sep 17 00:00:00 2001 From: Tim de Pater Date: Sun, 29 May 2022 07:14:18 +0200 Subject: [PATCH 18/73] Upgrade Alpine Linux to 3.16, PHP to 8.1 and Nginx to 1.22 --- Dockerfile | 42 ++++++++++++++++++++--------------------- README.md | 10 +++++----- config/supervisord.conf | 2 +- run_tests.sh | 2 +- 4 files changed, 28 insertions(+), 28 deletions(-) diff --git a/Dockerfile b/Dockerfile index 5c13cbb76..81a4bf4c2 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,7 +1,7 @@ -ARG ALPINE_VERSION=3.15 +ARG ALPINE_VERSION=3.16 FROM alpine:${ALPINE_VERSION} LABEL Maintainer="Tim de Pater " -LABEL Description="Lightweight container with Nginx 1.20 & PHP 8.0 based on Alpine Linux." +LABEL Description="Lightweight container with Nginx 1.22 & PHP 8.1 based on Alpine Linux." # Setup document root WORKDIR /var/www/html @@ -9,33 +9,33 @@ WORKDIR /var/www/html RUN apk add --no-cache \ curl \ nginx \ - php8 \ - php8-ctype \ - php8-curl \ - php8-dom \ - php8-fpm \ - php8-gd \ - php8-intl \ - php8-mbstring \ - php8-mysqli \ - php8-opcache \ - php8-openssl \ - php8-phar \ - php8-session \ - php8-xml \ - php8-xmlreader \ - php8-zlib \ + php81 \ + php81-ctype \ + php81-curl \ + php81-dom \ + php81-fpm \ + php81-gd \ + php81-intl \ + php81-mbstring \ + php81-mysqli \ + php81-opcache \ + php81-openssl \ + php81-phar \ + php81-session \ + php81-xml \ + php81-xmlreader \ + php81-zlib \ supervisor # Create symlink so programs depending on `php` still function -RUN ln -s /usr/bin/php8 /usr/bin/php +RUN ln -s /usr/bin/php81 /usr/bin/php # Configure nginx COPY config/nginx.conf /etc/nginx/nginx.conf # Configure PHP-FPM -COPY config/fpm-pool.conf /etc/php8/php-fpm.d/www.conf -COPY config/php.ini /etc/php8/conf.d/custom.ini +COPY config/fpm-pool.conf /etc/php81/php-fpm.d/www.conf +COPY config/php.ini /etc/php81/conf.d/custom.ini # Configure supervisord COPY config/supervisord.conf /etc/supervisor/conf.d/supervisord.conf diff --git a/README.md b/README.md index 07011e1e8..6dd7d4be8 100644 --- a/README.md +++ b/README.md @@ -1,5 +1,5 @@ -# Docker PHP-FPM 8.0 & Nginx 1.20 on Alpine Linux -Example PHP-FPM 8.0 & Nginx 1.20 container image for Docker, built on [Alpine Linux](https://www.alpinelinux.org/). +# Docker PHP-FPM 8.1 & Nginx 1.22 on Alpine Linux +Example PHP-FPM 8.1 & Nginx 1.22 container image for Docker, built on [Alpine Linux](https://www.alpinelinux.org/). Repository: https://github.com/TrafeX/docker-php-nginx @@ -7,7 +7,7 @@ Repository: https://github.com/TrafeX/docker-php-nginx * Built on the lightweight and secure Alpine Linux distribution * Multi-platform, supporting AMD4, ARMv6, ARMv7, ARM64 * Very small Docker image size (+/-40MB) -* Uses PHP 8.0 for better performance, lower CPU usage & memory footprint +* Uses PHP 8.1 for better performance, lower CPU usage & memory footprint * Optimized for 100 concurrent users * Optimized to only use resources when there's traffic (by using PHP-FPM's `on-demand` process manager) * The services Nginx, PHP-FPM and supervisord run under a non-privileged user (nobody) to make it more secure @@ -15,8 +15,8 @@ Repository: https://github.com/TrafeX/docker-php-nginx * Follows the KISS principle (Keep It Simple, Stupid) to make it easy to understand and adjust the image to your needs [![Docker Pulls](https://img.shields.io/docker/pulls/trafex/php-nginx.svg)](https://hub.docker.com/r/trafex/php-nginx/) -![nginx 1.20](https://img.shields.io/badge/nginx-1.20-brightgreen.svg) -![php 8.0](https://img.shields.io/badge/php-8.0-brightgreen.svg) +![nginx 1.22](https://img.shields.io/badge/nginx-1.22-brightgreen.svg) +![php 8.1](https://img.shields.io/badge/php-8.1-brightgreen.svg) ![License MIT](https://img.shields.io/badge/license-MIT-blue.svg) ## [![Trafex Consultancy](https://timdepater.com/logo/mini-logo.png)](https://timdepater.com?mtm_campaign=github) diff --git a/config/supervisord.conf b/config/supervisord.conf index 216a38797..77bda1a5b 100644 --- a/config/supervisord.conf +++ b/config/supervisord.conf @@ -5,7 +5,7 @@ logfile_maxbytes=0 pidfile=/run/supervisord.pid [program:php-fpm] -command=php-fpm8 -F +command=php-fpm81 -F stdout_logfile=/dev/stdout stdout_logfile_maxbytes=0 stderr_logfile=/dev/stderr diff --git a/run_tests.sh b/run_tests.sh index 189ceba8b..39689fe47 100755 --- a/run_tests.sh +++ b/run_tests.sh @@ -1,3 +1,3 @@ #!/usr/bin/env sh apk --no-cache add curl -curl --silent --fail http://app:8080 | grep 'PHP 8.0' +curl --silent --fail http://app:8080 | grep 'PHP 8.1' From 76a9204eae1367a38837efa31b9e9a202cd41837 Mon Sep 17 00:00:00 2001 From: Tim de Pater Date: Sun, 29 May 2022 16:00:48 +0200 Subject: [PATCH 19/73] Enable Docker buildkit by default --- .github/workflows/build.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml index a32ac5324..142a99137 100644 --- a/.github/workflows/build.yaml +++ b/.github/workflows/build.yaml @@ -9,6 +9,7 @@ on: env: IMAGE_NAME: trafex/php-nginx IMAGE_TAG: ${{ github.sha }} + DOCKER_BUILDKIT: 1 jobs: build: From 866e9a3175e9f987e57c65aad891790b3092af10 Mon Sep 17 00:00:00 2001 From: Kroese Date: Sun, 5 Jun 2022 15:47:54 +0200 Subject: [PATCH 20/73] Optimize performance --- config/nginx.conf | 1 + 1 file changed, 1 insertion(+) diff --git a/config/nginx.conf b/config/nginx.conf index 4563007ca..1582cd6a1 100644 --- a/config/nginx.conf +++ b/config/nginx.conf @@ -35,6 +35,7 @@ http { server_name _; sendfile off; + tcp_nodelay on; absolute_redirect off; root /var/www/html; From dbfab1ec0772b2ee650166c2e92377c7f49b190d Mon Sep 17 00:00:00 2001 From: John Coles Date: Wed, 10 Aug 2022 11:06:20 +0100 Subject: [PATCH 21/73] Update location of PHP.ini files As this is now PHP 8.1 the files are in the `php81` directory rather than just the `php8` directory. --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 6dd7d4be8..b3cfcc7b7 100644 --- a/README.md +++ b/README.md @@ -55,7 +55,7 @@ Nginx configuration: PHP configuration: - docker run -v "`pwd`/php-setting.ini:/etc/php8/conf.d/settings.ini" trafex/php-nginx + docker run -v "`pwd`/php-setting.ini:/etc/php81/conf.d/settings.ini" trafex/php-nginx PHP-FPM configuration: From 0be32d31319b0e5f81850f9ef11db2e0b9446092 Mon Sep 17 00:00:00 2001 From: Tim de Pater Date: Tue, 6 Sep 2022 21:48:09 +0200 Subject: [PATCH 22/73] Remove the zlib PHP extension, it's included in PHP core --- Dockerfile | 1 - 1 file changed, 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 81a4bf4c2..e523828b8 100644 --- a/Dockerfile +++ b/Dockerfile @@ -24,7 +24,6 @@ RUN apk add --no-cache \ php81-session \ php81-xml \ php81-xmlreader \ - php81-zlib \ supervisor # Create symlink so programs depending on `php` still function From 15dba6846f1c9ad70fbefc541ed9d121f9d66322 Mon Sep 17 00:00:00 2001 From: jimsihk <99048231+jimsihk@users.noreply.github.com> Date: Mon, 15 Aug 2022 20:09:23 +0800 Subject: [PATCH 23/73] Hide server info for security hardening --- config/nginx.conf | 5 +++++ config/php.ini | 1 + 2 files changed, 6 insertions(+) diff --git a/config/nginx.conf b/config/nginx.conf index 1582cd6a1..fd6121738 100644 --- a/config/nginx.conf +++ b/config/nginx.conf @@ -85,6 +85,11 @@ http { } } + # Hardening + proxy_hide_header X-Powered-By; + fastcgi_hide_header X-Powered-By; + server_tokens off; + gzip on; gzip_proxied any; gzip_types text/plain application/xml text/css text/js text/xml application/x-javascript text/javascript application/json application/xml+rss; diff --git a/config/php.ini b/config/php.ini index 7bb1be5ea..d85d12acf 100644 --- a/config/php.ini +++ b/config/php.ini @@ -1,2 +1,3 @@ [Date] date.timezone="UTC" +expose_php= Off \ No newline at end of file From bf2732f0cf25d531578c3d56ac56117ce0031fcb Mon Sep 17 00:00:00 2001 From: Remy Blom Date: Tue, 29 Nov 2022 09:34:18 +0000 Subject: [PATCH 24/73] Chopped up nginx.conf, extracted the server block to /conf.d/default.conf as requested in #98 --- Dockerfile | 4 ++- config/conf.d/default.conf | 56 ++++++++++++++++++++++++++++++++++ config/nginx.conf | 61 ++------------------------------------ 3 files changed, 61 insertions(+), 60 deletions(-) create mode 100644 config/conf.d/default.conf diff --git a/Dockerfile b/Dockerfile index e523828b8..d895b7736 100644 --- a/Dockerfile +++ b/Dockerfile @@ -29,8 +29,10 @@ RUN apk add --no-cache \ # Create symlink so programs depending on `php` still function RUN ln -s /usr/bin/php81 /usr/bin/php -# Configure nginx +# Configure nginx - http COPY config/nginx.conf /etc/nginx/nginx.conf +# Configure nginx - default server +COPY config/conf.d /etc/nginx/conf.d/ # Configure PHP-FPM COPY config/fpm-pool.conf /etc/php81/php-fpm.d/www.conf diff --git a/config/conf.d/default.conf b/config/conf.d/default.conf new file mode 100644 index 000000000..d9eefdca2 --- /dev/null +++ b/config/conf.d/default.conf @@ -0,0 +1,56 @@ +# Default server definition +server { + listen [::]:8080 default_server; + listen 8080 default_server; + server_name _; + + sendfile off; + tcp_nodelay on; + absolute_redirect off; + + root /var/www/html; + index index.php index.html; + + location / { + # First attempt to serve request as file, then + # as directory, then fall back to index.php + try_files $uri $uri/ /index.php?q=$uri&$args; + } + + # Redirect server error pages to the static page /50x.html + error_page 500 502 503 504 /50x.html; + location = /50x.html { + root /var/lib/nginx/html; + } + + # Pass the PHP scripts to PHP-FPM listening on php-fpm.sock + location ~ \.php$ { + try_files $uri =404; + fastcgi_split_path_info ^(.+\.php)(/.+)$; + fastcgi_pass unix:/run/php-fpm.sock; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_param SCRIPT_NAME $fastcgi_script_name; + fastcgi_index index.php; + include fastcgi_params; + } + + location ~* \.(jpg|jpeg|gif|png|css|js|ico|xml)$ { + expires 5d; + } + + # Deny access to . files, for security + location ~ /\. { + log_not_found off; + deny all; + } + + # Allow fpm ping and status from localhost + location ~ ^/(fpm-status|fpm-ping)$ { + access_log off; + allow 127.0.0.1; + deny all; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + include fastcgi_params; + fastcgi_pass unix:/run/php-fpm.sock; + } +} diff --git a/config/nginx.conf b/config/nginx.conf index fd6121738..56c298c0b 100644 --- a/config/nginx.conf +++ b/config/nginx.conf @@ -28,74 +28,17 @@ http { uwsgi_temp_path /tmp/uwsgi_temp; scgi_temp_path /tmp/scgi_temp; - # Default server definition - server { - listen [::]:8080 default_server; - listen 8080 default_server; - server_name _; - - sendfile off; - tcp_nodelay on; - absolute_redirect off; - - root /var/www/html; - index index.php index.html; - - location / { - # First attempt to serve request as file, then - # as directory, then fall back to index.php - try_files $uri $uri/ /index.php?q=$uri&$args; - } - - # Redirect server error pages to the static page /50x.html - error_page 500 502 503 504 /50x.html; - location = /50x.html { - root /var/lib/nginx/html; - } - - # Pass the PHP scripts to PHP-FPM listening on php-fpm.sock - location ~ \.php$ { - try_files $uri =404; - fastcgi_split_path_info ^(.+\.php)(/.+)$; - fastcgi_pass unix:/run/php-fpm.sock; - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - fastcgi_param SCRIPT_NAME $fastcgi_script_name; - fastcgi_index index.php; - include fastcgi_params; - } - - location ~* \.(jpg|jpeg|gif|png|css|js|ico|xml)$ { - expires 5d; - } - - # Deny access to . files, for security - location ~ /\. { - log_not_found off; - deny all; - } - - # Allow fpm ping and status from localhost - location ~ ^/(fpm-status|fpm-ping)$ { - access_log off; - allow 127.0.0.1; - deny all; - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - include fastcgi_params; - fastcgi_pass unix:/run/php-fpm.sock; - } - } - # Hardening proxy_hide_header X-Powered-By; fastcgi_hide_header X-Powered-By; server_tokens off; - + gzip on; gzip_proxied any; gzip_types text/plain application/xml text/css text/js text/xml application/x-javascript text/javascript application/json application/xml+rss; gzip_vary on; gzip_disable "msie6"; - + # Include other server configs include /etc/nginx/conf.d/*.conf; } From 31e09d9b2ab7cbe6e9b4ef7d41705b6cd248633e Mon Sep 17 00:00:00 2001 From: Tim de Pater Date: Sat, 7 Jan 2023 07:06:53 +0100 Subject: [PATCH 25/73] Describe a few things better with comments --- config/conf.d/default.conf | 1 + config/nginx.conf | 3 ++- 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/config/conf.d/default.conf b/config/conf.d/default.conf index d9eefdca2..e2b80fa29 100644 --- a/config/conf.d/default.conf +++ b/config/conf.d/default.conf @@ -34,6 +34,7 @@ server { include fastcgi_params; } + # Set the cache-control headers on assets to cache for 5 days location ~* \.(jpg|jpeg|gif|png|css|js|ico|xml)$ { expires 5d; } diff --git a/config/nginx.conf b/config/nginx.conf index 56c298c0b..ba8d09a93 100644 --- a/config/nginx.conf +++ b/config/nginx.conf @@ -33,12 +33,13 @@ http { fastcgi_hide_header X-Powered-By; server_tokens off; + # Enable gzip compression by default gzip on; gzip_proxied any; gzip_types text/plain application/xml text/css text/js text/xml application/x-javascript text/javascript application/json application/xml+rss; gzip_vary on; gzip_disable "msie6"; - # Include other server configs + # Include server configs include /etc/nginx/conf.d/*.conf; } From ef39565a2661a3e52046c513b9f0fcd0ff3e0c95 Mon Sep 17 00:00:00 2001 From: Tim de Pater Date: Sat, 7 Jan 2023 07:09:35 +0100 Subject: [PATCH 26/73] Upgrade Alpine Linux to 3.17 --- Dockerfile | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/Dockerfile b/Dockerfile index d895b7736..bc97d6f76 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,4 +1,4 @@ -ARG ALPINE_VERSION=3.16 +ARG ALPINE_VERSION=3.17 FROM alpine:${ALPINE_VERSION} LABEL Maintainer="Tim de Pater " LABEL Description="Lightweight container with Nginx 1.22 & PHP 8.1 based on Alpine Linux." @@ -26,9 +26,6 @@ RUN apk add --no-cache \ php81-xmlreader \ supervisor -# Create symlink so programs depending on `php` still function -RUN ln -s /usr/bin/php81 /usr/bin/php - # Configure nginx - http COPY config/nginx.conf /etc/nginx/nginx.conf # Configure nginx - default server From d6e646288447d1979858937fa18c79366daa91ff Mon Sep 17 00:00:00 2001 From: Tim de Pater Date: Sat, 7 Jan 2023 07:24:31 +0100 Subject: [PATCH 27/73] Only upload Trivy reports to GitHub on master branch to avoid duplicates --- .github/workflows/build.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml index 142a99137..8fcdce154 100644 --- a/.github/workflows/build.yaml +++ b/.github/workflows/build.yaml @@ -45,6 +45,7 @@ jobs: output: 'trivy-results.sarif' - name: Upload Trivy scan results to GitHub Security tab + if: github.ref == 'refs/heads/master' && github.event_name == 'push' uses: github/codeql-action/upload-sarif@v1 with: sarif_file: 'trivy-results.sarif' From 8944c19e6cb9ad4f85054c82671aac833c32654b Mon Sep 17 00:00:00 2001 From: Tim de Pater Date: Sat, 7 Jan 2023 07:34:15 +0100 Subject: [PATCH 28/73] Upgrade GitHub workflow packages and configure dependabot --- .github/dependabot.yml | 10 ++++++++++ .github/workflows/build.yaml | 8 ++++---- 2 files changed, 14 insertions(+), 4 deletions(-) create mode 100644 .github/dependabot.yml diff --git a/.github/dependabot.yml b/.github/dependabot.yml new file mode 100644 index 000000000..690f2d7bf --- /dev/null +++ b/.github/dependabot.yml @@ -0,0 +1,10 @@ +version: 2 +updates: + - package-ecosystem: "github-actions" + directory: "/" + schedule: + interval: "daily" + - package-ecosystem: "docker" + directory: "/" + schedule: + interval: "daily" \ No newline at end of file diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml index 8fcdce154..2c593c2c9 100644 --- a/.github/workflows/build.yaml +++ b/.github/workflows/build.yaml @@ -17,14 +17,14 @@ jobs: steps: - name: Checkout - uses: actions/checkout@v2 + uses: actions/checkout@v3 - name: Set up QEMU - uses: docker/setup-qemu-action@v1 + uses: docker/setup-qemu-action@v2 - name: Set up Docker Buildx id: buildx - uses: docker/setup-buildx-action@v1 + uses: docker/setup-buildx-action@v2 - name: Build image run: |- @@ -52,7 +52,7 @@ jobs: - name: Login to Docker Hub if: (github.ref == 'refs/heads/master' && github.event_name == 'push') || contains(github.ref, 'refs/tags/') - uses: docker/login-action@v1 + uses: docker/login-action@v2 with: username: ${{ secrets.DOCKERHUB_USERNAME }} password: ${{ secrets.DOCKERHUB_TOKEN }} From 47c413ffa6d9e5a5bc67a0569b5d8aba2a8abc84 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 7 Jan 2023 06:38:01 +0000 Subject: [PATCH 29/73] Bump peter-evans/dockerhub-description from 2 to 3 Bumps [peter-evans/dockerhub-description](https://github.com/peter-evans/dockerhub-description) from 2 to 3. - [Release notes](https://github.com/peter-evans/dockerhub-description/releases) - [Commits](https://github.com/peter-evans/dockerhub-description/compare/v2...v3) --- updated-dependencies: - dependency-name: peter-evans/dockerhub-description dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- .github/workflows/dockerhub-description.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/dockerhub-description.yaml b/.github/workflows/dockerhub-description.yaml index fa153ad6b..92f26d459 100644 --- a/.github/workflows/dockerhub-description.yaml +++ b/.github/workflows/dockerhub-description.yaml @@ -13,7 +13,7 @@ jobs: - uses: actions/checkout@v2 - name: Docker Hub Description - uses: peter-evans/dockerhub-description@v2 + uses: peter-evans/dockerhub-description@v3 with: username: ${{ secrets.DOCKERHUB_USERNAME }} password: ${{ secrets.DOCKERHUB_PASSWORD }} From 9d8c0914d6215db7ff473cd3fa61dd93aa6cc154 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 7 Jan 2023 06:38:05 +0000 Subject: [PATCH 30/73] Bump github/codeql-action from 1 to 2 Bumps [github/codeql-action](https://github.com/github/codeql-action) from 1 to 2. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/v1...v2) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- .github/workflows/build.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml index 2c593c2c9..f10da973f 100644 --- a/.github/workflows/build.yaml +++ b/.github/workflows/build.yaml @@ -46,7 +46,7 @@ jobs: - name: Upload Trivy scan results to GitHub Security tab if: github.ref == 'refs/heads/master' && github.event_name == 'push' - uses: github/codeql-action/upload-sarif@v1 + uses: github/codeql-action/upload-sarif@v2 with: sarif_file: 'trivy-results.sarif' From c397b92945827221ad726dcc7be0db230398bd12 Mon Sep 17 00:00:00 2001 From: Tim de Pater Date: Sat, 7 Jan 2023 07:44:41 +0100 Subject: [PATCH 31/73] Run workflow weekly to keep the image up to date --- .github/workflows/build.yaml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml index f10da973f..d77827a1f 100644 --- a/.github/workflows/build.yaml +++ b/.github/workflows/build.yaml @@ -5,6 +5,8 @@ on: branches: [ master ] tags: ['*'] pull_request: + schedule: + - cron: '0 2 * * 6' env: IMAGE_NAME: trafex/php-nginx From d01c49f64b29ee016cae8645372141dfd820ec11 Mon Sep 17 00:00:00 2001 From: Tim de Pater Date: Sun, 15 Jan 2023 07:58:40 +0100 Subject: [PATCH 32/73] Update image when triggered via schedules pipeline --- .github/workflows/build.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml index d77827a1f..5d903de4f 100644 --- a/.github/workflows/build.yaml +++ b/.github/workflows/build.yaml @@ -47,20 +47,20 @@ jobs: output: 'trivy-results.sarif' - name: Upload Trivy scan results to GitHub Security tab - if: github.ref == 'refs/heads/master' && github.event_name == 'push' + if: github.ref == 'refs/heads/master' && (github.event_name == 'push' || github.event_name == 'schedule') uses: github/codeql-action/upload-sarif@v2 with: sarif_file: 'trivy-results.sarif' - name: Login to Docker Hub - if: (github.ref == 'refs/heads/master' && github.event_name == 'push') || contains(github.ref, 'refs/tags/') + if: (github.ref == 'refs/heads/master' && (github.event_name == 'push' || github.event_name == 'schedule' ) || contains(github.ref, 'refs/tags/') uses: docker/login-action@v2 with: username: ${{ secrets.DOCKERHUB_USERNAME }} password: ${{ secrets.DOCKERHUB_TOKEN }} - name: Build multi-arch image and push latest tag - if: github.ref == 'refs/heads/master' && github.event_name == 'push' + if: github.ref == 'refs/heads/master' && (github.event_name == 'push' || github.event_name == 'schedule') run: |- docker buildx build \ --cache-from=$IMAGE_NAME:latest \ From 02d326e91fffd74e47af690235b775aa21952d79 Mon Sep 17 00:00:00 2001 From: Tim de Pater Date: Sun, 15 Jan 2023 07:58:56 +0100 Subject: [PATCH 33/73] Update supported versions --- SECURITY.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/SECURITY.md b/SECURITY.md index f3b0abca3..2672b40fa 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -5,7 +5,8 @@ Only the latest version will be supported and receive security updates. | Version | Supported | | ------- | ------------------ | -| 2.x.x | :white_check_mark: | +| 3.x.x | :white_check_mark: | +| 2.x.x | :x: | | 1.x.x | :x: | ## Reporting a Vulnerability From f4d87ab9b2749f29d24c4b467e897768e05a90d3 Mon Sep 17 00:00:00 2001 From: Tim de Pater Date: Sun, 15 Jan 2023 08:00:08 +0100 Subject: [PATCH 34/73] Update image when triggered via schedules pipeline --- .github/workflows/build.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml index 5d903de4f..27e68f1ad 100644 --- a/.github/workflows/build.yaml +++ b/.github/workflows/build.yaml @@ -53,7 +53,7 @@ jobs: sarif_file: 'trivy-results.sarif' - name: Login to Docker Hub - if: (github.ref == 'refs/heads/master' && (github.event_name == 'push' || github.event_name == 'schedule' ) || contains(github.ref, 'refs/tags/') + if: (github.ref == 'refs/heads/master' && (github.event_name == 'push' || github.event_name == 'schedule' )) || contains(github.ref, 'refs/tags/') uses: docker/login-action@v2 with: username: ${{ secrets.DOCKERHUB_USERNAME }} From 37460bf15f67363e2a70ad229c36a34ae2bb9266 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 24 Feb 2023 23:05:34 +0000 Subject: [PATCH 35/73] Bump actions/checkout from 2 to 3 Bumps [actions/checkout](https://github.com/actions/checkout) from 2 to 3. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/checkout/compare/v2...v3) --- updated-dependencies: - dependency-name: actions/checkout dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- .github/workflows/dockerhub-description.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/dockerhub-description.yaml b/.github/workflows/dockerhub-description.yaml index 92f26d459..31b06424b 100644 --- a/.github/workflows/dockerhub-description.yaml +++ b/.github/workflows/dockerhub-description.yaml @@ -10,7 +10,7 @@ jobs: dockerHubDescription: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v2 + - uses: actions/checkout@v3 - name: Docker Hub Description uses: peter-evans/dockerhub-description@v3 From 8780e1b403c7c9d7d34ca42f3c8d898abae64998 Mon Sep 17 00:00:00 2001 From: Tim de Pater Date: Sun, 4 Jun 2023 06:45:48 +0200 Subject: [PATCH 36/73] Upgrade to Alpine Linux 3.18 and Nginx 1.24 --- Dockerfile | 4 ++-- README.md | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/Dockerfile b/Dockerfile index bc97d6f76..3eae7a88f 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,7 +1,7 @@ -ARG ALPINE_VERSION=3.17 +ARG ALPINE_VERSION=3.18 FROM alpine:${ALPINE_VERSION} LABEL Maintainer="Tim de Pater " -LABEL Description="Lightweight container with Nginx 1.22 & PHP 8.1 based on Alpine Linux." +LABEL Description="Lightweight container with Nginx 1.24 & PHP 8.1 based on Alpine Linux." # Setup document root WORKDIR /var/www/html diff --git a/README.md b/README.md index b3cfcc7b7..29847b669 100644 --- a/README.md +++ b/README.md @@ -1,5 +1,5 @@ -# Docker PHP-FPM 8.1 & Nginx 1.22 on Alpine Linux -Example PHP-FPM 8.1 & Nginx 1.22 container image for Docker, built on [Alpine Linux](https://www.alpinelinux.org/). +# Docker PHP-FPM 8.1 & Nginx 1.24 on Alpine Linux +Example PHP-FPM 8.1 & Nginx 1.24 container image for Docker, built on [Alpine Linux](https://www.alpinelinux.org/). Repository: https://github.com/TrafeX/docker-php-nginx From 397b58a5bcc664406911f7de40d6b6ba74df21b1 Mon Sep 17 00:00:00 2001 From: Tim de Pater Date: Fri, 18 Aug 2023 21:03:50 +0200 Subject: [PATCH 37/73] Upgrade PHP to 8.2 --- Dockerfile | 36 ++++++++++++++++++------------------ README.md | 12 ++++++------ config/supervisord.conf | 2 +- run_tests.sh | 2 +- 4 files changed, 26 insertions(+), 26 deletions(-) diff --git a/Dockerfile b/Dockerfile index 3eae7a88f..c9632b190 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,7 +1,7 @@ ARG ALPINE_VERSION=3.18 FROM alpine:${ALPINE_VERSION} LABEL Maintainer="Tim de Pater " -LABEL Description="Lightweight container with Nginx 1.24 & PHP 8.1 based on Alpine Linux." +LABEL Description="Lightweight container with Nginx 1.24 & PHP 8.2 based on Alpine Linux." # Setup document root WORKDIR /var/www/html @@ -9,21 +9,21 @@ WORKDIR /var/www/html RUN apk add --no-cache \ curl \ nginx \ - php81 \ - php81-ctype \ - php81-curl \ - php81-dom \ - php81-fpm \ - php81-gd \ - php81-intl \ - php81-mbstring \ - php81-mysqli \ - php81-opcache \ - php81-openssl \ - php81-phar \ - php81-session \ - php81-xml \ - php81-xmlreader \ + php82 \ + php82-ctype \ + php82-curl \ + php82-dom \ + php82-fpm \ + php82-gd \ + php82-intl \ + php82-mbstring \ + php82-mysqli \ + php82-opcache \ + php82-openssl \ + php82-phar \ + php82-session \ + php82-xml \ + php82-xmlreader \ supervisor # Configure nginx - http @@ -32,8 +32,8 @@ COPY config/nginx.conf /etc/nginx/nginx.conf COPY config/conf.d /etc/nginx/conf.d/ # Configure PHP-FPM -COPY config/fpm-pool.conf /etc/php81/php-fpm.d/www.conf -COPY config/php.ini /etc/php81/conf.d/custom.ini +COPY config/fpm-pool.conf /etc/php82/php-fpm.d/www.conf +COPY config/php.ini /etc/php82/conf.d/custom.ini # Configure supervisord COPY config/supervisord.conf /etc/supervisor/conf.d/supervisord.conf diff --git a/README.md b/README.md index 29847b669..e8ed28254 100644 --- a/README.md +++ b/README.md @@ -1,5 +1,5 @@ -# Docker PHP-FPM 8.1 & Nginx 1.24 on Alpine Linux -Example PHP-FPM 8.1 & Nginx 1.24 container image for Docker, built on [Alpine Linux](https://www.alpinelinux.org/). +# Docker PHP-FPM 8.2 & Nginx 1.24 on Alpine Linux +Example PHP-FPM 8.2 & Nginx 1.24 container image for Docker, built on [Alpine Linux](https://www.alpinelinux.org/). Repository: https://github.com/TrafeX/docker-php-nginx @@ -7,7 +7,7 @@ Repository: https://github.com/TrafeX/docker-php-nginx * Built on the lightweight and secure Alpine Linux distribution * Multi-platform, supporting AMD4, ARMv6, ARMv7, ARM64 * Very small Docker image size (+/-40MB) -* Uses PHP 8.1 for better performance, lower CPU usage & memory footprint +* Uses PHP 8.2 for the best performance, low CPU usage & memory footprint * Optimized for 100 concurrent users * Optimized to only use resources when there's traffic (by using PHP-FPM's `on-demand` process manager) * The services Nginx, PHP-FPM and supervisord run under a non-privileged user (nobody) to make it more secure @@ -15,8 +15,8 @@ Repository: https://github.com/TrafeX/docker-php-nginx * Follows the KISS principle (Keep It Simple, Stupid) to make it easy to understand and adjust the image to your needs [![Docker Pulls](https://img.shields.io/docker/pulls/trafex/php-nginx.svg)](https://hub.docker.com/r/trafex/php-nginx/) -![nginx 1.22](https://img.shields.io/badge/nginx-1.22-brightgreen.svg) -![php 8.1](https://img.shields.io/badge/php-8.1-brightgreen.svg) +![nginx 1.24](https://img.shields.io/badge/nginx-1.24-brightgreen.svg) +![php 8.2](https://img.shields.io/badge/php-8.2-brightgreen.svg) ![License MIT](https://img.shields.io/badge/license-MIT-blue.svg) ## [![Trafex Consultancy](https://timdepater.com/logo/mini-logo.png)](https://timdepater.com?mtm_campaign=github) @@ -55,7 +55,7 @@ Nginx configuration: PHP configuration: - docker run -v "`pwd`/php-setting.ini:/etc/php81/conf.d/settings.ini" trafex/php-nginx + docker run -v "`pwd`/php-setting.ini:/etc/php82/conf.d/settings.ini" trafex/php-nginx PHP-FPM configuration: diff --git a/config/supervisord.conf b/config/supervisord.conf index 77bda1a5b..584aed26b 100644 --- a/config/supervisord.conf +++ b/config/supervisord.conf @@ -5,7 +5,7 @@ logfile_maxbytes=0 pidfile=/run/supervisord.pid [program:php-fpm] -command=php-fpm81 -F +command=php-fpm82 -F stdout_logfile=/dev/stdout stdout_logfile_maxbytes=0 stderr_logfile=/dev/stderr diff --git a/run_tests.sh b/run_tests.sh index 39689fe47..155fd0c56 100755 --- a/run_tests.sh +++ b/run_tests.sh @@ -1,3 +1,3 @@ #!/usr/bin/env sh apk --no-cache add curl -curl --silent --fail http://app:8080 | grep 'PHP 8.1' +curl --silent --fail http://app:8080 | grep 'PHP 8.2' From bb5751abecafdc4ffcdb6df17d031c49a6058a53 Mon Sep 17 00:00:00 2001 From: Denis Urban Date: Mon, 21 Aug 2023 11:54:31 +0200 Subject: [PATCH 38/73] create symlinkg for php --- Dockerfile | 3 +++ 1 file changed, 3 insertions(+) diff --git a/Dockerfile b/Dockerfile index c9632b190..42b736c37 100644 --- a/Dockerfile +++ b/Dockerfile @@ -41,6 +41,9 @@ COPY config/supervisord.conf /etc/supervisor/conf.d/supervisord.conf # Make sure files/folders needed by the processes are accessable when they run under the nobody user RUN chown -R nobody.nobody /var/www/html /run /var/lib/nginx /var/log/nginx +# Create symlink for php +RUN ln -s /usr/bin/php82 /usr/bin/php + # Switch to use a non-root user from here on USER nobody From 7fb96f7ee7db119051ff9cfd98a09e3ab7b0908a Mon Sep 17 00:00:00 2001 From: Tim de Pater Date: Sun, 27 Aug 2023 11:54:59 +0200 Subject: [PATCH 39/73] Add PHP_INI_DIR to make it easier for future PHP updates --- Dockerfile | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/Dockerfile b/Dockerfile index 42b736c37..bd52ce381 100644 --- a/Dockerfile +++ b/Dockerfile @@ -32,8 +32,9 @@ COPY config/nginx.conf /etc/nginx/nginx.conf COPY config/conf.d /etc/nginx/conf.d/ # Configure PHP-FPM -COPY config/fpm-pool.conf /etc/php82/php-fpm.d/www.conf -COPY config/php.ini /etc/php82/conf.d/custom.ini +ENV PHP_INI_DIR /etc/php82 +COPY config/fpm-pool.conf ${PHP_INI_DIR}/php-fpm.d/www.conf +COPY config/php.ini ${PHP_INI_DIR}/conf.d/custom.ini # Configure supervisord COPY config/supervisord.conf /etc/supervisor/conf.d/supervisord.conf From 9cda0d06f4da36e9d1d3912870e234764a064930 Mon Sep 17 00:00:00 2001 From: Tim de Pater Date: Sun, 27 Aug 2023 11:55:30 +0200 Subject: [PATCH 40/73] Add documentation and examples --- README.md | 49 ++++------------------------- docs/composer-support.md | 35 +++++++++++++++++++++ docs/real-ip-behind-loadbalancer.md | 13 ++++++++ docs/xdebug-support.md | 37 ++++++++++++++++++++++ 4 files changed, 91 insertions(+), 43 deletions(-) create mode 100644 docs/composer-support.md create mode 100644 docs/real-ip-behind-loadbalancer.md create mode 100644 docs/xdebug-support.md diff --git a/README.md b/README.md index e8ed28254..41ad023f8 100644 --- a/README.md +++ b/README.md @@ -39,12 +39,6 @@ Or mount your own code to be served by PHP-FPM & Nginx docker run -p 80:8080 -v ~/my-codebase:/var/www/html trafex/php-nginx -### Docker Hub repository name change -Since we switched to PHP8 the repository name [trafex/alpine-nginx-php7](https://hub.docker.com/r/trafex/alpine-nginx-php7) didn't make sense anymore. -Because you can't change the name of the repository on Docker Hub I created a new one. - -From now on this image can be pulled from Docker Hub under the name [trafex/php-nginx](https://hub.docker.com/r/trafex/php-nginx). - ## Configuration In [config/](config/) you'll find the default configuration files for Nginx, PHP and PHP-FPM. If you want to extend or customize that you can do so by mounting a configuration file in the correct folder; @@ -59,44 +53,13 @@ PHP configuration: PHP-FPM configuration: - docker run -v "`pwd`/php-fpm-settings.conf:/etc/php8/php-fpm.d/server.conf" trafex/php-nginx + docker run -v "`pwd`/php-fpm-settings.conf:/etc/php82/php-fpm.d/server.conf" trafex/php-nginx _Note; Because `-v` requires an absolute path I've added `pwd` in the example to return the absolute path to the current directory_ +## Documentation and examples +To modify this container to your specific needs please see the following examples; -## Adding composer - -If you need [Composer](https://getcomposer.org/) in your project, here's an easy way to add it. - -```Dockerfile -FROM trafex/php-nginx:latest - -# Install composer from the official image -COPY --from=composer /usr/bin/composer /usr/bin/composer - -# Run composer install to install the dependencies -RUN composer install --optimize-autoloader --no-interaction --no-progress -``` - -### Building with composer - -If you are building an image with source code in it and dependencies managed by composer then the definition can be improved. -The dependencies should be retrieved by the composer but the composer itself (`/usr/bin/composer`) is not necessary to be included in the image. - -```Dockerfile -FROM composer AS composer - -# copying the source directory and install the dependencies with composer -COPY / /app - -# run composer install to install the dependencies -RUN composer install \ - --optimize-autoloader \ - --no-interaction \ - --no-progress - -# continue stage build with the desired image and copy the source including the -# dependencies downloaded by composer -FROM trafex/php-nginx -COPY --chown=nginx --from=composer /app /var/www/html -``` +* [Adding xdebug support](docs/xdebug-support.md) +* [Adding composer](docs/composer-support.md) +* [Getting the real IP of the client behind a load balancer](docs/real-ip-behind-loadbalancer.md) \ No newline at end of file diff --git a/docs/composer-support.md b/docs/composer-support.md new file mode 100644 index 000000000..784a3836c --- /dev/null +++ b/docs/composer-support.md @@ -0,0 +1,35 @@ +# Adding composer + +If you need [Composer](https://getcomposer.org/) in your project, here's an easy way to add it. + +```Dockerfile +FROM trafex/php-nginx:latest + +# Install composer from the official image +COPY --from=composer /usr/bin/composer /usr/bin/composer + +# Run composer install to install the dependencies +RUN composer install --optimize-autoloader --no-interaction --no-progress +``` + +## Building with composer + +If you are building an image with source code in it and dependencies managed by composer then the definition can be improved. +The dependencies should be retrieved by the composer but the composer itself (`/usr/bin/composer`) is not necessary to be included in the image. + +```Dockerfile +FROM composer AS composer + +# Copying the source directory and install the dependencies with composer +COPY / /app + +# Run composer install to install the dependencies +RUN composer install \ + --optimize-autoloader \ + --no-interaction \ + --no-progress + +# Continue stage build with the desired image and copy the source including the dependencies downloaded by composer +FROM trafex/php-nginx:latest +COPY --chown=nginx --from=composer /app /var/www/html +``` diff --git a/docs/real-ip-behind-loadbalancer.md b/docs/real-ip-behind-loadbalancer.md new file mode 100644 index 000000000..47d72a2c1 --- /dev/null +++ b/docs/real-ip-behind-loadbalancer.md @@ -0,0 +1,13 @@ +# Getting the real IP of the client behind a load balancer +If you use this container behind a proxy or load balancer you might want to get the real IP of the client instead of the IP of the proxy or load balancer. + +To do this you can add the following configuration to the [Nginx configuration](../config/nginx.conf): + +```nginx +set_real_ip_from + +real_ip_header X-Forwarded-For; +real_ip_recursive on; +``` + +Where `` is the CIDR of your proxy or load balancer, see the [Nginx documentation](http://nginx.org/en/docs/http/ngx_http_realip_module.html#set_real_ip_from). The real IP of the client will now be available in PHP under `$_SERVER['REMOTE_ADDR']`. \ No newline at end of file diff --git a/docs/xdebug-support.md b/docs/xdebug-support.md new file mode 100644 index 000000000..76ca1d78c --- /dev/null +++ b/docs/xdebug-support.md @@ -0,0 +1,37 @@ +# Adding xdebug support + +Create the following file `xdebug.ini` + +```ini +zend_extension=xdebug.so +xdebug.mode=develop,debug +xdebug.discover_client_host=true +xdebug.start_with_request=yes +xdebug.trigger_value=PHPSTORM +xdebug.log_level=0 + +xdebug.var_display_max_children=10 +xdebug.var_display_max_data=10 +xdebug.var_display_max_depth=10 + +xdebug.client_host=host.docker.internal +xdebug.client_port=9003 +``` + +Create a new image with the following `Dockerfile` + +```Dockerfile +FROM trafex/php-nginx:latest + +# Temporary switch to root +USER root + +# Install xdebug +RUN apk add --no-cache php82-pecl-xdebug + +# Add configuration +COPY xdebug.ini ${PHP_INI_DIR}/conf.d/xdebug.ini + +# Switch back to non-root user +USER nobody +``` From 58f3e7ebf93633f9110de6e51c9076bc49109b6a Mon Sep 17 00:00:00 2001 From: Tim de Pater Date: Sun, 27 Aug 2023 12:02:41 +0200 Subject: [PATCH 41/73] Describe how to add e-mail support --- README.md | 3 ++- docs/sending-emails.md | 16 ++++++++++++++++ 2 files changed, 18 insertions(+), 1 deletion(-) create mode 100644 docs/sending-emails.md diff --git a/README.md b/README.md index 41ad023f8..08e133946 100644 --- a/README.md +++ b/README.md @@ -62,4 +62,5 @@ To modify this container to your specific needs please see the following example * [Adding xdebug support](docs/xdebug-support.md) * [Adding composer](docs/composer-support.md) -* [Getting the real IP of the client behind a load balancer](docs/real-ip-behind-loadbalancer.md) \ No newline at end of file +* [Getting the real IP of the client behind a load balancer](docs/real-ip-behind-loadbalancer.md) +* [Sending e-mails](docs/sending-emails.md) \ No newline at end of file diff --git a/docs/sending-emails.md b/docs/sending-emails.md new file mode 100644 index 000000000..6f46c3e73 --- /dev/null +++ b/docs/sending-emails.md @@ -0,0 +1,16 @@ +# Sending e-mails +To be able to use the `mail()` function in PHP you need to install a MTA (Mail Transfer Agent) in the container. + +The most simple approach is to install `ssmtp`. + +The `ssmtp.conf` file needs to be created based on the [documentation online](https://wiki.archlinux.org/title/SSMTP). + +```Dockerfile +FROM trafex/php-nginx:latest + +# Install ssmtp +RUN apk add --no-cache ssmtp + +# Add configuration +COPY ssmtp.conf /etc/ssmtp/ssmtp.conf +``` \ No newline at end of file From 2de0c0d2e26f6b55c9d87ade4ab2c876900d21a5 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 12 Sep 2023 23:00:45 +0000 Subject: [PATCH 42/73] Bump docker/setup-buildx-action from 2 to 3 Bumps [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action) from 2 to 3. - [Release notes](https://github.com/docker/setup-buildx-action/releases) - [Commits](https://github.com/docker/setup-buildx-action/compare/v2...v3) --- updated-dependencies: - dependency-name: docker/setup-buildx-action dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- .github/workflows/build.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml index 27e68f1ad..36aef5349 100644 --- a/.github/workflows/build.yaml +++ b/.github/workflows/build.yaml @@ -26,7 +26,7 @@ jobs: - name: Set up Docker Buildx id: buildx - uses: docker/setup-buildx-action@v2 + uses: docker/setup-buildx-action@v3 - name: Build image run: |- From 428bd70c6d508019c0b9b9a8144bd9601ca8607b Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 4 Sep 2023 22:49:01 +0000 Subject: [PATCH 43/73] Bump actions/checkout from 3 to 4 Bumps [actions/checkout](https://github.com/actions/checkout) from 3 to 4. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/checkout/compare/v3...v4) --- updated-dependencies: - dependency-name: actions/checkout dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- .github/workflows/build.yaml | 2 +- .github/workflows/dockerhub-description.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml index 36aef5349..28a09875d 100644 --- a/.github/workflows/build.yaml +++ b/.github/workflows/build.yaml @@ -19,7 +19,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@v3 + uses: actions/checkout@v4 - name: Set up QEMU uses: docker/setup-qemu-action@v2 diff --git a/.github/workflows/dockerhub-description.yaml b/.github/workflows/dockerhub-description.yaml index 31b06424b..413978556 100644 --- a/.github/workflows/dockerhub-description.yaml +++ b/.github/workflows/dockerhub-description.yaml @@ -10,7 +10,7 @@ jobs: dockerHubDescription: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 - name: Docker Hub Description uses: peter-evans/dockerhub-description@v3 From 5ae5c75663bfa9022dac2b030afb40e1b0cbc57f Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 12 Sep 2023 23:00:47 +0000 Subject: [PATCH 44/73] Bump docker/setup-qemu-action from 2 to 3 Bumps [docker/setup-qemu-action](https://github.com/docker/setup-qemu-action) from 2 to 3. - [Release notes](https://github.com/docker/setup-qemu-action/releases) - [Commits](https://github.com/docker/setup-qemu-action/compare/v2...v3) --- updated-dependencies: - dependency-name: docker/setup-qemu-action dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- .github/workflows/build.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml index 28a09875d..9a4f799ce 100644 --- a/.github/workflows/build.yaml +++ b/.github/workflows/build.yaml @@ -22,7 +22,7 @@ jobs: uses: actions/checkout@v4 - name: Set up QEMU - uses: docker/setup-qemu-action@v2 + uses: docker/setup-qemu-action@v3 - name: Set up Docker Buildx id: buildx From 0005024bb3efc75576a6f3831d003c6318610292 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 12 Sep 2023 23:00:50 +0000 Subject: [PATCH 45/73] Bump docker/login-action from 2 to 3 Bumps [docker/login-action](https://github.com/docker/login-action) from 2 to 3. - [Release notes](https://github.com/docker/login-action/releases) - [Commits](https://github.com/docker/login-action/compare/v2...v3) --- updated-dependencies: - dependency-name: docker/login-action dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- .github/workflows/build.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml index 9a4f799ce..a67e3b3c6 100644 --- a/.github/workflows/build.yaml +++ b/.github/workflows/build.yaml @@ -54,7 +54,7 @@ jobs: - name: Login to Docker Hub if: (github.ref == 'refs/heads/master' && (github.event_name == 'push' || github.event_name == 'schedule' )) || contains(github.ref, 'refs/tags/') - uses: docker/login-action@v2 + uses: docker/login-action@v3 with: username: ${{ secrets.DOCKERHUB_USERNAME }} password: ${{ secrets.DOCKERHUB_TOKEN }} From d0692cba638be7bc13859bacaeaecbbbe6923b7b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?H=C3=A9lio=20Ara=C3=BAjo=20de=20Oliveira?= Date: Thu, 14 Sep 2023 07:44:59 -0300 Subject: [PATCH 46/73] Update Dockerfile with Laravel PHP extensions needed Based on https://laravel.com/docs/10.x/deployment#server-requirements I think it is relevant since is the most popular framework these days. xmlwriter is needed for Laravel Sanctum. --- Dockerfile | 3 +++ 1 file changed, 3 insertions(+) diff --git a/Dockerfile b/Dockerfile index bd52ce381..a1fa721f3 100644 --- a/Dockerfile +++ b/Dockerfile @@ -13,6 +13,7 @@ RUN apk add --no-cache \ php82-ctype \ php82-curl \ php82-dom \ + php82-fileinfo \ php82-fpm \ php82-gd \ php82-intl \ @@ -22,8 +23,10 @@ RUN apk add --no-cache \ php82-openssl \ php82-phar \ php82-session \ + php82-tokenizer \ php82-xml \ php82-xmlreader \ + php82-xmlwriter \ supervisor # Configure nginx - http From 232971a9990450d6a126295e7b40bbd8221e3b15 Mon Sep 17 00:00:00 2001 From: Tim de Pater Date: Sun, 17 Sep 2023 11:35:23 +0200 Subject: [PATCH 47/73] Changed docs urls to absolute for Docker Hub --- README.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/README.md b/README.md index 08e133946..f9888fd1c 100644 --- a/README.md +++ b/README.md @@ -60,7 +60,7 @@ _Note; Because `-v` requires an absolute path I've added `pwd` in the example to ## Documentation and examples To modify this container to your specific needs please see the following examples; -* [Adding xdebug support](docs/xdebug-support.md) -* [Adding composer](docs/composer-support.md) -* [Getting the real IP of the client behind a load balancer](docs/real-ip-behind-loadbalancer.md) -* [Sending e-mails](docs/sending-emails.md) \ No newline at end of file +* [Adding xdebug support](https://github.com/TrafeX/docker-php-nginx/blob/master/docs/xdebug-support.md) +* [Adding composer](https://github.com/TrafeX/docker-php-nginx/blob/master/docs/composer-support.md) +* [Getting the real IP of the client behind a load balancer](https://github.com/TrafeX/docker-php-nginx/blob/master/docs/real-ip-behind-loadbalancer.md) +* [Sending e-mails](https://github.com/TrafeX/docker-php-nginx/blob/master/docs/sending-emails.md) \ No newline at end of file From 407333983fd0260c41bb96bdef1183bd644da185 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?H=C3=A9lio=20Ara=C3=BAjo=20de=20Oliveira?= Date: Mon, 13 Nov 2023 21:17:07 -0300 Subject: [PATCH 48/73] added instructions to enable https/ssl --- docs/enable-https.md | 59 ++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 59 insertions(+) create mode 100644 docs/enable-https.md diff --git a/docs/enable-https.md b/docs/enable-https.md new file mode 100644 index 000000000..d5f8cb69c --- /dev/null +++ b/docs/enable-https.md @@ -0,0 +1,59 @@ +# Adding support for HTTPS/SSL + +> All the following instructions should be adapted to your personal needs + +If your plan to work locally only, first generate your self-signed cert and key: + +```bash +openssl req -x509 -nodes -newkey rsa:2048 -keyout https.key -out https.crt -subj "/CN=localhost" -days 5000 +``` + +Then copy your cert files on build stage of your Dockerfile: + +```Dockerfile +FROM trafex/php-nginx:latest + +# ... + +COPY https.crt /etc/nginx/ssl/default.crt +COPY https.key /etc/nginx/ssl/default.key + +# ... + +``` + +Edit your nginx.conf file. + +> Check [Nginx configuration](../config/nginx.conf) for more help: + + +```nginx +server { + listen [::]:443 ssl; + listen 443 ssl; + server_name localhost; + root /var/www/html/public; + + ssl_certificate /etc/nginx/ssl/default.crt; + ssl_certificate_key /etc/nginx/ssl/default.key; + + # ... the rest here +} +``` + +If you use docker-compose here is an example: + +```yaml + php-nginx: + build: ./api + networks: [ backend ] + ports: [ "443:443" ] + working_dir: /var/www/html + volumes: + - ./api:/var/www/html + - ./api/nginx.conf:/etc/nginx/conf.d/default.conf + restart: on-failure + +``` + +Finally rebuild and restart your docker/compose. From f9d28d18e224bd44eae4688186acc07796eeebe6 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 13 Dec 2023 22:55:06 +0000 Subject: [PATCH 49/73] Bump github/codeql-action from 2 to 3 Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2 to 3. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/v2...v3) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- .github/workflows/build.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml index a67e3b3c6..09eb05e83 100644 --- a/.github/workflows/build.yaml +++ b/.github/workflows/build.yaml @@ -48,7 +48,7 @@ jobs: - name: Upload Trivy scan results to GitHub Security tab if: github.ref == 'refs/heads/master' && (github.event_name == 'push' || github.event_name == 'schedule') - uses: github/codeql-action/upload-sarif@v2 + uses: github/codeql-action/upload-sarif@v3 with: sarif_file: 'trivy-results.sarif' From b829e435a1125a4293e11e7441a14f811d682c26 Mon Sep 17 00:00:00 2001 From: Tim de Pater Date: Mon, 1 Jan 2024 19:58:52 +0100 Subject: [PATCH 50/73] Remove duplicatie SCRIPT_NAME, already defined in fastcgi_params --- config/conf.d/default.conf | 1 - 1 file changed, 1 deletion(-) diff --git a/config/conf.d/default.conf b/config/conf.d/default.conf index e2b80fa29..e0c1be780 100644 --- a/config/conf.d/default.conf +++ b/config/conf.d/default.conf @@ -29,7 +29,6 @@ server { fastcgi_split_path_info ^(.+\.php)(/.+)$; fastcgi_pass unix:/run/php-fpm.sock; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - fastcgi_param SCRIPT_NAME $fastcgi_script_name; fastcgi_index index.php; include fastcgi_params; } From 1545dc181851b50156d8a6452d41c4582d08f8cb Mon Sep 17 00:00:00 2001 From: Tim de Pater Date: Mon, 15 Jan 2024 20:38:00 +0100 Subject: [PATCH 51/73] Upgrade to Alpine Linux 3.19 and PHP 8.3 --- Dockerfile | 44 ++++++++++++++++++++--------------------- README.md | 12 +++++------ config/supervisord.conf | 2 +- docs/xdebug-support.md | 2 +- run_tests.sh | 2 +- 5 files changed, 31 insertions(+), 31 deletions(-) diff --git a/Dockerfile b/Dockerfile index a1fa721f3..764537a0c 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,7 +1,7 @@ -ARG ALPINE_VERSION=3.18 +ARG ALPINE_VERSION=3.19 FROM alpine:${ALPINE_VERSION} LABEL Maintainer="Tim de Pater " -LABEL Description="Lightweight container with Nginx 1.24 & PHP 8.2 based on Alpine Linux." +LABEL Description="Lightweight container with Nginx 1.24 & PHP 8.3 based on Alpine Linux." # Setup document root WORKDIR /var/www/html @@ -9,24 +9,24 @@ WORKDIR /var/www/html RUN apk add --no-cache \ curl \ nginx \ - php82 \ - php82-ctype \ - php82-curl \ - php82-dom \ - php82-fileinfo \ - php82-fpm \ - php82-gd \ - php82-intl \ - php82-mbstring \ - php82-mysqli \ - php82-opcache \ - php82-openssl \ - php82-phar \ - php82-session \ - php82-tokenizer \ - php82-xml \ - php82-xmlreader \ - php82-xmlwriter \ + php83 \ + php83-ctype \ + php83-curl \ + php83-dom \ + php83-fileinfo \ + php83-fpm \ + php83-gd \ + php83-intl \ + php83-mbstring \ + php83-mysqli \ + php83-opcache \ + php83-openssl \ + php83-phar \ + php83-session \ + php83-tokenizer \ + php83-xml \ + php83-xmlreader \ + php83-xmlwriter \ supervisor # Configure nginx - http @@ -35,7 +35,7 @@ COPY config/nginx.conf /etc/nginx/nginx.conf COPY config/conf.d /etc/nginx/conf.d/ # Configure PHP-FPM -ENV PHP_INI_DIR /etc/php82 +ENV PHP_INI_DIR /etc/php83 COPY config/fpm-pool.conf ${PHP_INI_DIR}/php-fpm.d/www.conf COPY config/php.ini ${PHP_INI_DIR}/conf.d/custom.ini @@ -46,7 +46,7 @@ COPY config/supervisord.conf /etc/supervisor/conf.d/supervisord.conf RUN chown -R nobody.nobody /var/www/html /run /var/lib/nginx /var/log/nginx # Create symlink for php -RUN ln -s /usr/bin/php82 /usr/bin/php +RUN ln -s /usr/bin/php83 /usr/bin/php # Switch to use a non-root user from here on USER nobody diff --git a/README.md b/README.md index f9888fd1c..adb9d6284 100644 --- a/README.md +++ b/README.md @@ -1,5 +1,5 @@ -# Docker PHP-FPM 8.2 & Nginx 1.24 on Alpine Linux -Example PHP-FPM 8.2 & Nginx 1.24 container image for Docker, built on [Alpine Linux](https://www.alpinelinux.org/). +# Docker PHP-FPM 8.3 & Nginx 1.24 on Alpine Linux +Example PHP-FPM 8.3 & Nginx 1.24 container image for Docker, built on [Alpine Linux](https://www.alpinelinux.org/). Repository: https://github.com/TrafeX/docker-php-nginx @@ -7,7 +7,7 @@ Repository: https://github.com/TrafeX/docker-php-nginx * Built on the lightweight and secure Alpine Linux distribution * Multi-platform, supporting AMD4, ARMv6, ARMv7, ARM64 * Very small Docker image size (+/-40MB) -* Uses PHP 8.2 for the best performance, low CPU usage & memory footprint +* Uses PHP 8.3 for the best performance, low CPU usage & memory footprint * Optimized for 100 concurrent users * Optimized to only use resources when there's traffic (by using PHP-FPM's `on-demand` process manager) * The services Nginx, PHP-FPM and supervisord run under a non-privileged user (nobody) to make it more secure @@ -16,7 +16,7 @@ Repository: https://github.com/TrafeX/docker-php-nginx [![Docker Pulls](https://img.shields.io/docker/pulls/trafex/php-nginx.svg)](https://hub.docker.com/r/trafex/php-nginx/) ![nginx 1.24](https://img.shields.io/badge/nginx-1.24-brightgreen.svg) -![php 8.2](https://img.shields.io/badge/php-8.2-brightgreen.svg) +![php 8.3](https://img.shields.io/badge/php-8.3-brightgreen.svg) ![License MIT](https://img.shields.io/badge/license-MIT-blue.svg) ## [![Trafex Consultancy](https://timdepater.com/logo/mini-logo.png)](https://timdepater.com?mtm_campaign=github) @@ -49,11 +49,11 @@ Nginx configuration: PHP configuration: - docker run -v "`pwd`/php-setting.ini:/etc/php82/conf.d/settings.ini" trafex/php-nginx + docker run -v "`pwd`/php-setting.ini:/etc/php83/conf.d/settings.ini" trafex/php-nginx PHP-FPM configuration: - docker run -v "`pwd`/php-fpm-settings.conf:/etc/php82/php-fpm.d/server.conf" trafex/php-nginx + docker run -v "`pwd`/php-fpm-settings.conf:/etc/php83/php-fpm.d/server.conf" trafex/php-nginx _Note; Because `-v` requires an absolute path I've added `pwd` in the example to return the absolute path to the current directory_ diff --git a/config/supervisord.conf b/config/supervisord.conf index 584aed26b..26dabbe66 100644 --- a/config/supervisord.conf +++ b/config/supervisord.conf @@ -5,7 +5,7 @@ logfile_maxbytes=0 pidfile=/run/supervisord.pid [program:php-fpm] -command=php-fpm82 -F +command=php-fpm83 -F stdout_logfile=/dev/stdout stdout_logfile_maxbytes=0 stderr_logfile=/dev/stderr diff --git a/docs/xdebug-support.md b/docs/xdebug-support.md index 76ca1d78c..46c78a2fb 100644 --- a/docs/xdebug-support.md +++ b/docs/xdebug-support.md @@ -27,7 +27,7 @@ FROM trafex/php-nginx:latest USER root # Install xdebug -RUN apk add --no-cache php82-pecl-xdebug +RUN apk add --no-cache php83-pecl-xdebug # Add configuration COPY xdebug.ini ${PHP_INI_DIR}/conf.d/xdebug.ini diff --git a/run_tests.sh b/run_tests.sh index 155fd0c56..69d0b8f3e 100755 --- a/run_tests.sh +++ b/run_tests.sh @@ -1,3 +1,3 @@ #!/usr/bin/env sh apk --no-cache add curl -curl --silent --fail http://app:8080 | grep 'PHP 8.2' +curl --silent --fail http://app:8080 | grep 'PHP 8.3' From 1784a0a064dc0db5d235cb7bb5eb630c320d737d Mon Sep 17 00:00:00 2001 From: JoshuaLicense Date: Mon, 15 Jan 2024 22:19:55 +0000 Subject: [PATCH 52/73] Add `|| exit 1` to `HEALTHCHECK` to map cURL exit codes and Docker possible values --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 764537a0c..38979f262 100644 --- a/Dockerfile +++ b/Dockerfile @@ -61,4 +61,4 @@ EXPOSE 8080 CMD ["/usr/bin/supervisord", "-c", "/etc/supervisor/conf.d/supervisord.conf"] # Configure a healthcheck to validate that everything is up&running -HEALTHCHECK --timeout=10s CMD curl --silent --fail http://127.0.0.1:8080/fpm-ping +HEALTHCHECK --timeout=10s CMD curl --silent --fail http://127.0.0.1:8080/fpm-ping || exit 1 From cf05bd70fbbc7d024e159a69eed456d3642f8141 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 25 Jan 2024 23:00:08 +0000 Subject: [PATCH 53/73] Bump peter-evans/dockerhub-description from 3 to 4 Bumps [peter-evans/dockerhub-description](https://github.com/peter-evans/dockerhub-description) from 3 to 4. - [Release notes](https://github.com/peter-evans/dockerhub-description/releases) - [Commits](https://github.com/peter-evans/dockerhub-description/compare/v3...v4) --- updated-dependencies: - dependency-name: peter-evans/dockerhub-description dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- .github/workflows/dockerhub-description.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/dockerhub-description.yaml b/.github/workflows/dockerhub-description.yaml index 413978556..1859be702 100644 --- a/.github/workflows/dockerhub-description.yaml +++ b/.github/workflows/dockerhub-description.yaml @@ -13,7 +13,7 @@ jobs: - uses: actions/checkout@v4 - name: Docker Hub Description - uses: peter-evans/dockerhub-description@v3 + uses: peter-evans/dockerhub-description@v4 with: username: ${{ secrets.DOCKERHUB_USERNAME }} password: ${{ secrets.DOCKERHUB_PASSWORD }} From 93b0234d4f8665347f531c634d1d82ec5303da3a Mon Sep 17 00:00:00 2001 From: Tim de Pater Date: Fri, 23 Feb 2024 14:36:46 +0100 Subject: [PATCH 54/73] Add mimetypes to be gzipped based on CloudFlare --- config/nginx.conf | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/config/nginx.conf b/config/nginx.conf index ba8d09a93..206334e31 100644 --- a/config/nginx.conf +++ b/config/nginx.conf @@ -8,6 +8,7 @@ events { http { include mime.types; + # Threat files with a unknown filetype as binary default_type application/octet-stream; # Define custom log format to include reponse times @@ -28,7 +29,7 @@ http { uwsgi_temp_path /tmp/uwsgi_temp; scgi_temp_path /tmp/scgi_temp; - # Hardening + # Hide headers that identify the server to prevent information leakage proxy_hide_header X-Powered-By; fastcgi_hide_header X-Powered-By; server_tokens off; @@ -36,7 +37,8 @@ http { # Enable gzip compression by default gzip on; gzip_proxied any; - gzip_types text/plain application/xml text/css text/js text/xml application/x-javascript text/javascript application/json application/xml+rss; + # Based on CloudFlare's recommended settings + gzip_types text/richtext text/plain text/css text/x-script text/x-component text/x-java-source text/x-markdown application/javascript application/x-javascript text/javascript text/js image/x-icon image/vnd.microsoft.icon application/x-perl application/x-httpd-cgi text/xml application/xml application/rss+xml application/vnd.api+json application/x-protobuf application/json multipart/bag multipart/mixed application/xhtml+xml font/ttf font/otf font/x-woff image/svg+xml application/vnd.ms-fontobject application/ttf application/x-ttf application/otf application/x-otf application/truetype application/opentype application/x-opentype application/font-woff application/eot application/font application/font-sfnt application/wasm application/javascript-binast application/manifest+json application/ld+json application/graphql+json application/geo+json; gzip_vary on; gzip_disable "msie6"; From 519bec553e3d76edcb1a8d18b072ebb5e5f2a6d0 Mon Sep 17 00:00:00 2001 From: Tim de Pater Date: Fri, 10 May 2024 08:10:32 +0200 Subject: [PATCH 55/73] Explain versioning --- README.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/README.md b/README.md index adb9d6284..1f03f7084 100644 --- a/README.md +++ b/README.md @@ -39,6 +39,10 @@ Or mount your own code to be served by PHP-FPM & Nginx docker run -p 80:8080 -v ~/my-codebase:/var/www/html trafex/php-nginx +## Versioning +Major or minor changes are always published as a [release](https://github.com/TrafeX/docker-php-nginx/releases) with correspondending changelogs. +The `latest` tag is automatically updated weekly to include the latests patches from Alpine Linux. + ## Configuration In [config/](config/) you'll find the default configuration files for Nginx, PHP and PHP-FPM. If you want to extend or customize that you can do so by mounting a configuration file in the correct folder; From d764e5c7d11f8b966b51432bcb0c053fef07fe67 Mon Sep 17 00:00:00 2001 From: Tim de Pater Date: Sun, 14 Jul 2024 06:55:43 +0200 Subject: [PATCH 56/73] Upgrade Alpine Linux to 3.20 and Nginx to 1.26 --- Dockerfile | 5 +---- README.md | 2 +- 2 files changed, 2 insertions(+), 5 deletions(-) diff --git a/Dockerfile b/Dockerfile index 38979f262..c8044725e 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,4 +1,4 @@ -ARG ALPINE_VERSION=3.19 +ARG ALPINE_VERSION=3.20 FROM alpine:${ALPINE_VERSION} LABEL Maintainer="Tim de Pater " LABEL Description="Lightweight container with Nginx 1.24 & PHP 8.3 based on Alpine Linux." @@ -45,9 +45,6 @@ COPY config/supervisord.conf /etc/supervisor/conf.d/supervisord.conf # Make sure files/folders needed by the processes are accessable when they run under the nobody user RUN chown -R nobody.nobody /var/www/html /run /var/lib/nginx /var/log/nginx -# Create symlink for php -RUN ln -s /usr/bin/php83 /usr/bin/php - # Switch to use a non-root user from here on USER nobody diff --git a/README.md b/README.md index 1f03f7084..0467e7f09 100644 --- a/README.md +++ b/README.md @@ -15,7 +15,7 @@ Repository: https://github.com/TrafeX/docker-php-nginx * Follows the KISS principle (Keep It Simple, Stupid) to make it easy to understand and adjust the image to your needs [![Docker Pulls](https://img.shields.io/docker/pulls/trafex/php-nginx.svg)](https://hub.docker.com/r/trafex/php-nginx/) -![nginx 1.24](https://img.shields.io/badge/nginx-1.24-brightgreen.svg) +![nginx 1.24](https://img.shields.io/badge/nginx-1.26-brightgreen.svg) ![php 8.3](https://img.shields.io/badge/php-8.3-brightgreen.svg) ![License MIT](https://img.shields.io/badge/license-MIT-blue.svg) From b6d29076bbe84a2d72799d043250d0d51108a93e Mon Sep 17 00:00:00 2001 From: Tim de Pater Date: Sun, 14 Jul 2024 07:07:51 +0200 Subject: [PATCH 57/73] Update Nginx version description --- Dockerfile | 2 +- README.md | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/Dockerfile b/Dockerfile index c8044725e..cd30723e2 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,7 +1,7 @@ ARG ALPINE_VERSION=3.20 FROM alpine:${ALPINE_VERSION} LABEL Maintainer="Tim de Pater " -LABEL Description="Lightweight container with Nginx 1.24 & PHP 8.3 based on Alpine Linux." +LABEL Description="Lightweight container with Nginx 1.26 & PHP 8.3 based on Alpine Linux." # Setup document root WORKDIR /var/www/html diff --git a/README.md b/README.md index 0467e7f09..30888d888 100644 --- a/README.md +++ b/README.md @@ -1,5 +1,5 @@ -# Docker PHP-FPM 8.3 & Nginx 1.24 on Alpine Linux -Example PHP-FPM 8.3 & Nginx 1.24 container image for Docker, built on [Alpine Linux](https://www.alpinelinux.org/). +# Docker PHP-FPM 8.3 & Nginx 1.26 on Alpine Linux +Example PHP-FPM 8.3 & Nginx 1.26 container image for Docker, built on [Alpine Linux](https://www.alpinelinux.org/). Repository: https://github.com/TrafeX/docker-php-nginx @@ -15,7 +15,7 @@ Repository: https://github.com/TrafeX/docker-php-nginx * Follows the KISS principle (Keep It Simple, Stupid) to make it easy to understand and adjust the image to your needs [![Docker Pulls](https://img.shields.io/docker/pulls/trafex/php-nginx.svg)](https://hub.docker.com/r/trafex/php-nginx/) -![nginx 1.24](https://img.shields.io/badge/nginx-1.26-brightgreen.svg) +![nginx 1.26](https://img.shields.io/badge/nginx-1.26-brightgreen.svg) ![php 8.3](https://img.shields.io/badge/php-8.3-brightgreen.svg) ![License MIT](https://img.shields.io/badge/license-MIT-blue.svg) From ff7ef5079805350acc0b49baaddc807b0e4e7454 Mon Sep 17 00:00:00 2001 From: Tim de Pater Date: Tue, 13 Aug 2024 16:46:27 +0200 Subject: [PATCH 58/73] Renamed docker-compose to docker compose --- .github/workflows/build.yaml | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml index 09eb05e83..1b13f32ec 100644 --- a/.github/workflows/build.yaml +++ b/.github/workflows/build.yaml @@ -2,11 +2,11 @@ name: Test & build Docker image on: push: - branches: [ master ] - tags: ['*'] + branches: [master] + tags: ["*"] pull_request: schedule: - - cron: '0 2 * * 6' + - cron: "0 2 * * 6" env: IMAGE_NAME: trafex/php-nginx @@ -34,23 +34,23 @@ jobs: - name: Smoke test image run: |- - docker-compose -f docker-compose.test.yml up -d app + docker compose -f docker-compose.test.yml up -d app sleep 2 - docker-compose -f docker-compose.test.yml run sut + docker compose -f docker-compose.test.yml run sut - name: Run Trivy vulnerability scanner uses: aquasecurity/trivy-action@master with: - image-ref: '${{ env.IMAGE_NAME }}:${{ env.IMAGE_TAG }}' - format: 'template' - template: '@/contrib/sarif.tpl' - output: 'trivy-results.sarif' + image-ref: "${{ env.IMAGE_NAME }}:${{ env.IMAGE_TAG }}" + format: "template" + template: "@/contrib/sarif.tpl" + output: "trivy-results.sarif" - name: Upload Trivy scan results to GitHub Security tab if: github.ref == 'refs/heads/master' && (github.event_name == 'push' || github.event_name == 'schedule') uses: github/codeql-action/upload-sarif@v3 with: - sarif_file: 'trivy-results.sarif' + sarif_file: "trivy-results.sarif" - name: Login to Docker Hub if: (github.ref == 'refs/heads/master' && (github.event_name == 'push' || github.event_name == 'schedule' )) || contains(github.ref, 'refs/tags/') From e5c5ec7f7b14be1001681124de50cf518a87da62 Mon Sep 17 00:00:00 2001 From: Andrew Dorokhov Date: Sat, 24 Aug 2024 23:32:33 +0300 Subject: [PATCH 59/73] Fix chown command to use colon for user and group separation --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index cd30723e2..a21d918c6 100644 --- a/Dockerfile +++ b/Dockerfile @@ -43,7 +43,7 @@ COPY config/php.ini ${PHP_INI_DIR}/conf.d/custom.ini COPY config/supervisord.conf /etc/supervisor/conf.d/supervisord.conf # Make sure files/folders needed by the processes are accessable when they run under the nobody user -RUN chown -R nobody.nobody /var/www/html /run /var/lib/nginx /var/log/nginx +RUN chown -R nobody:nobody /var/www/html /run /var/lib/nginx /var/log/nginx # Switch to use a non-root user from here on USER nobody From 43aa4be9b739753b7d8f2dafde0c653de179c10b Mon Sep 17 00:00:00 2001 From: Tim de Pater Date: Wed, 4 Dec 2024 22:32:55 +0100 Subject: [PATCH 60/73] Get weekly updates from Dependabot --- .github/dependabot.yml | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/.github/dependabot.yml b/.github/dependabot.yml index 690f2d7bf..c592f47ef 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -3,8 +3,13 @@ updates: - package-ecosystem: "github-actions" directory: "/" schedule: - interval: "daily" + interval: "weekly" - package-ecosystem: "docker" directory: "/" schedule: - interval: "daily" \ No newline at end of file + interval: "weekly" + groups: + docker-updates: + update-types: + - "patch" + - "minor" From 7be04d94a2f59bf635dfdce1f232268aaddd77f2 Mon Sep 17 00:00:00 2001 From: Mark Hewitt Date: Fri, 20 Dec 2024 00:31:07 +1100 Subject: [PATCH 61/73] Update to PHP 8.4 --- Dockerfile | 42 ++++++++++++++++++++--------------------- README.md | 12 ++++++------ config/supervisord.conf | 2 +- docs/xdebug-support.md | 2 +- run_tests.sh | 2 +- 5 files changed, 30 insertions(+), 30 deletions(-) diff --git a/Dockerfile b/Dockerfile index a21d918c6..87cedb5f1 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,7 +1,7 @@ -ARG ALPINE_VERSION=3.20 +ARG ALPINE_VERSION=3.21 FROM alpine:${ALPINE_VERSION} LABEL Maintainer="Tim de Pater " -LABEL Description="Lightweight container with Nginx 1.26 & PHP 8.3 based on Alpine Linux." +LABEL Description="Lightweight container with Nginx 1.26 & PHP 8.4 based on Alpine Linux." # Setup document root WORKDIR /var/www/html @@ -9,24 +9,24 @@ WORKDIR /var/www/html RUN apk add --no-cache \ curl \ nginx \ - php83 \ - php83-ctype \ - php83-curl \ - php83-dom \ - php83-fileinfo \ - php83-fpm \ - php83-gd \ - php83-intl \ - php83-mbstring \ - php83-mysqli \ - php83-opcache \ - php83-openssl \ - php83-phar \ - php83-session \ - php83-tokenizer \ - php83-xml \ - php83-xmlreader \ - php83-xmlwriter \ + php84 \ + php84-ctype \ + php84-curl \ + php84-dom \ + php84-fileinfo \ + php84-fpm \ + php84-gd \ + php84-intl \ + php84-mbstring \ + php84-mysqli \ + php84-opcache \ + php84-openssl \ + php84-phar \ + php84-session \ + php84-tokenizer \ + php84-xml \ + php84-xmlreader \ + php84-xmlwriter \ supervisor # Configure nginx - http @@ -35,7 +35,7 @@ COPY config/nginx.conf /etc/nginx/nginx.conf COPY config/conf.d /etc/nginx/conf.d/ # Configure PHP-FPM -ENV PHP_INI_DIR /etc/php83 +ENV PHP_INI_DIR /etc/php84 COPY config/fpm-pool.conf ${PHP_INI_DIR}/php-fpm.d/www.conf COPY config/php.ini ${PHP_INI_DIR}/conf.d/custom.ini diff --git a/README.md b/README.md index 30888d888..5873002dd 100644 --- a/README.md +++ b/README.md @@ -1,5 +1,5 @@ -# Docker PHP-FPM 8.3 & Nginx 1.26 on Alpine Linux -Example PHP-FPM 8.3 & Nginx 1.26 container image for Docker, built on [Alpine Linux](https://www.alpinelinux.org/). +# Docker PHP-FPM 8.4 & Nginx 1.26 on Alpine Linux +Example PHP-FPM 8.4 & Nginx 1.26 container image for Docker, built on [Alpine Linux](https://www.alpinelinux.org/). Repository: https://github.com/TrafeX/docker-php-nginx @@ -7,7 +7,7 @@ Repository: https://github.com/TrafeX/docker-php-nginx * Built on the lightweight and secure Alpine Linux distribution * Multi-platform, supporting AMD4, ARMv6, ARMv7, ARM64 * Very small Docker image size (+/-40MB) -* Uses PHP 8.3 for the best performance, low CPU usage & memory footprint +* Uses PHP 8.4 for the best performance, low CPU usage & memory footprint * Optimized for 100 concurrent users * Optimized to only use resources when there's traffic (by using PHP-FPM's `on-demand` process manager) * The services Nginx, PHP-FPM and supervisord run under a non-privileged user (nobody) to make it more secure @@ -16,7 +16,7 @@ Repository: https://github.com/TrafeX/docker-php-nginx [![Docker Pulls](https://img.shields.io/docker/pulls/trafex/php-nginx.svg)](https://hub.docker.com/r/trafex/php-nginx/) ![nginx 1.26](https://img.shields.io/badge/nginx-1.26-brightgreen.svg) -![php 8.3](https://img.shields.io/badge/php-8.3-brightgreen.svg) +![php 8.4](https://img.shields.io/badge/php-8.4-brightgreen.svg) ![License MIT](https://img.shields.io/badge/license-MIT-blue.svg) ## [![Trafex Consultancy](https://timdepater.com/logo/mini-logo.png)](https://timdepater.com?mtm_campaign=github) @@ -53,11 +53,11 @@ Nginx configuration: PHP configuration: - docker run -v "`pwd`/php-setting.ini:/etc/php83/conf.d/settings.ini" trafex/php-nginx + docker run -v "`pwd`/php-setting.ini:/etc/php84/conf.d/settings.ini" trafex/php-nginx PHP-FPM configuration: - docker run -v "`pwd`/php-fpm-settings.conf:/etc/php83/php-fpm.d/server.conf" trafex/php-nginx + docker run -v "`pwd`/php-fpm-settings.conf:/etc/php84/php-fpm.d/server.conf" trafex/php-nginx _Note; Because `-v` requires an absolute path I've added `pwd` in the example to return the absolute path to the current directory_ diff --git a/config/supervisord.conf b/config/supervisord.conf index 26dabbe66..0922e2fd5 100644 --- a/config/supervisord.conf +++ b/config/supervisord.conf @@ -5,7 +5,7 @@ logfile_maxbytes=0 pidfile=/run/supervisord.pid [program:php-fpm] -command=php-fpm83 -F +command=php-fpm84 -F stdout_logfile=/dev/stdout stdout_logfile_maxbytes=0 stderr_logfile=/dev/stderr diff --git a/docs/xdebug-support.md b/docs/xdebug-support.md index 46c78a2fb..34d8210a4 100644 --- a/docs/xdebug-support.md +++ b/docs/xdebug-support.md @@ -27,7 +27,7 @@ FROM trafex/php-nginx:latest USER root # Install xdebug -RUN apk add --no-cache php83-pecl-xdebug +RUN apk add --no-cache php84-pecl-xdebug # Add configuration COPY xdebug.ini ${PHP_INI_DIR}/conf.d/xdebug.ini diff --git a/run_tests.sh b/run_tests.sh index 69d0b8f3e..818614738 100755 --- a/run_tests.sh +++ b/run_tests.sh @@ -1,3 +1,3 @@ #!/usr/bin/env sh apk --no-cache add curl -curl --silent --fail http://app:8080 | grep 'PHP 8.3' +curl --silent --fail http://app:8080 | grep 'PHP 8.4' From a17d18ac270be00831db2b1b09ab2eaeec0e9492 Mon Sep 17 00:00:00 2001 From: Tim de Pater Date: Sat, 4 Jan 2025 09:01:23 +0100 Subject: [PATCH 62/73] Remove deprecated version and upgrade Alpine to 3.21 --- docker-compose.test.yml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/docker-compose.test.yml b/docker-compose.test.yml index ae8a05b56..3665aae06 100644 --- a/docker-compose.test.yml +++ b/docker-compose.test.yml @@ -1,10 +1,9 @@ -version: '3.5' services: app: image: ${IMAGE_NAME}:${IMAGE_TAG} build: . sut: - image: alpine:3.13 + image: alpine:3.21 depends_on: - app command: /tmp/run_tests.sh From d1772a60416fc602f72700ef0b3e1ef7a5df96b5 Mon Sep 17 00:00:00 2001 From: Tim de Pater Date: Sat, 4 Jan 2025 09:17:36 +0100 Subject: [PATCH 63/73] Remove the extra q query param with the request URL --- config/conf.d/default.conf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/config/conf.d/default.conf b/config/conf.d/default.conf index e0c1be780..e0920f54f 100644 --- a/config/conf.d/default.conf +++ b/config/conf.d/default.conf @@ -14,7 +14,7 @@ server { location / { # First attempt to serve request as file, then # as directory, then fall back to index.php - try_files $uri $uri/ /index.php?q=$uri&$args; + try_files $uri $uri/ /index.php$is_args$args; } # Redirect server error pages to the static page /50x.html From dc6f38e97e0bdcefba75c236a013e4b0be48d1f2 Mon Sep 17 00:00:00 2001 From: Federico Biccheddu <433819+f15u@users.noreply.github.com> Date: Fri, 21 Feb 2025 13:12:04 +0100 Subject: [PATCH 64/73] build: create an alias for `php` --- Dockerfile | 2 ++ 1 file changed, 2 insertions(+) diff --git a/Dockerfile b/Dockerfile index 87cedb5f1..5a7c5808a 100644 --- a/Dockerfile +++ b/Dockerfile @@ -29,6 +29,8 @@ RUN apk add --no-cache \ php84-xmlwriter \ supervisor +RUN ln -s /usr/bin/php84 /usr/bin/php + # Configure nginx - http COPY config/nginx.conf /etc/nginx/nginx.conf # Configure nginx - default server From 363c974e502df7c5071dfbd395a5b2c9c9178cb0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Carl=20H=C3=B6gberg?= <1549687+chogberg@users.noreply.github.com> Date: Tue, 15 Jul 2025 18:52:25 +0200 Subject: [PATCH 65/73] Clarified that optimization for 100 concurrent users refers to limiting concurrent PHP file requests --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 5873002dd..3b90faf81 100644 --- a/README.md +++ b/README.md @@ -8,7 +8,7 @@ Repository: https://github.com/TrafeX/docker-php-nginx * Multi-platform, supporting AMD4, ARMv6, ARMv7, ARM64 * Very small Docker image size (+/-40MB) * Uses PHP 8.4 for the best performance, low CPU usage & memory footprint -* Optimized for 100 concurrent users +* Optimized for 100 concurrent users i.e. limits the concurrent requests serving php files * Optimized to only use resources when there's traffic (by using PHP-FPM's `on-demand` process manager) * The services Nginx, PHP-FPM and supervisord run under a non-privileged user (nobody) to make it more secure * The logs of all the services are redirected to the output of the Docker container (visible with `docker logs -f `) From 1dddea6405ebed574ec8c9da4359adcdc19489c5 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 19 Aug 2025 10:04:05 +0000 Subject: [PATCH 66/73] Bump actions/checkout from 4 to 5 Bumps [actions/checkout](https://github.com/actions/checkout) from 4 to 5. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/checkout/compare/v4...v5) --- updated-dependencies: - dependency-name: actions/checkout dependency-version: '5' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- .github/workflows/build.yaml | 2 +- .github/workflows/dockerhub-description.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml index 1b13f32ec..93a51b064 100644 --- a/.github/workflows/build.yaml +++ b/.github/workflows/build.yaml @@ -19,7 +19,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@v4 + uses: actions/checkout@v5 - name: Set up QEMU uses: docker/setup-qemu-action@v3 diff --git a/.github/workflows/dockerhub-description.yaml b/.github/workflows/dockerhub-description.yaml index 1859be702..1d5bbfa42 100644 --- a/.github/workflows/dockerhub-description.yaml +++ b/.github/workflows/dockerhub-description.yaml @@ -10,7 +10,7 @@ jobs: dockerHubDescription: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v5 - name: Docker Hub Description uses: peter-evans/dockerhub-description@v4 From 0f776854e2db1e39e0cbcc3d6cb4b29e7512c441 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 6 Oct 2025 22:14:36 +0000 Subject: [PATCH 67/73] Bump peter-evans/dockerhub-description from 4 to 5 Bumps [peter-evans/dockerhub-description](https://github.com/peter-evans/dockerhub-description) from 4 to 5. - [Release notes](https://github.com/peter-evans/dockerhub-description/releases) - [Commits](https://github.com/peter-evans/dockerhub-description/compare/v4...v5) --- updated-dependencies: - dependency-name: peter-evans/dockerhub-description dependency-version: '5' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- .github/workflows/dockerhub-description.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/dockerhub-description.yaml b/.github/workflows/dockerhub-description.yaml index 1d5bbfa42..99fa820f5 100644 --- a/.github/workflows/dockerhub-description.yaml +++ b/.github/workflows/dockerhub-description.yaml @@ -13,7 +13,7 @@ jobs: - uses: actions/checkout@v5 - name: Docker Hub Description - uses: peter-evans/dockerhub-description@v4 + uses: peter-evans/dockerhub-description@v5 with: username: ${{ secrets.DOCKERHUB_USERNAME }} password: ${{ secrets.DOCKERHUB_PASSWORD }} From 935a23d928f0761099ba4ced4001ee03a2d1e6db Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 24 Nov 2025 22:12:02 +0000 Subject: [PATCH 68/73] Bump actions/checkout from 5 to 6 Bumps [actions/checkout](https://github.com/actions/checkout) from 5 to 6. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/checkout/compare/v5...v6) --- updated-dependencies: - dependency-name: actions/checkout dependency-version: '6' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- .github/workflows/build.yaml | 2 +- .github/workflows/dockerhub-description.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml index 93a51b064..2c81a543d 100644 --- a/.github/workflows/build.yaml +++ b/.github/workflows/build.yaml @@ -19,7 +19,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@v5 + uses: actions/checkout@v6 - name: Set up QEMU uses: docker/setup-qemu-action@v3 diff --git a/.github/workflows/dockerhub-description.yaml b/.github/workflows/dockerhub-description.yaml index 99fa820f5..6f5c2e489 100644 --- a/.github/workflows/dockerhub-description.yaml +++ b/.github/workflows/dockerhub-description.yaml @@ -10,7 +10,7 @@ jobs: dockerHubDescription: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v5 + - uses: actions/checkout@v6 - name: Docker Hub Description uses: peter-evans/dockerhub-description@v5 From 65b59f77e8c3f7f6f84a855685a1282da72240ad Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 13 Oct 2025 22:03:34 +0000 Subject: [PATCH 69/73] Bump github/codeql-action from 3 to 4 Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3 to 4. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/v3...v4) --- updated-dependencies: - dependency-name: github/codeql-action dependency-version: '4' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- .github/workflows/build.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml index 2c81a543d..d99de1f0d 100644 --- a/.github/workflows/build.yaml +++ b/.github/workflows/build.yaml @@ -48,7 +48,7 @@ jobs: - name: Upload Trivy scan results to GitHub Security tab if: github.ref == 'refs/heads/master' && (github.event_name == 'push' || github.event_name == 'schedule') - uses: github/codeql-action/upload-sarif@v3 + uses: github/codeql-action/upload-sarif@v4 with: sarif_file: "trivy-results.sarif" From faed4f8661e20c1beb5d8621a61641d5ee37b216 Mon Sep 17 00:00:00 2001 From: Tim de Pater Date: Sun, 14 Dec 2025 11:04:23 +0100 Subject: [PATCH 70/73] Upgrade to Alpine Linux 3.23, Nginx 1.28 --- Dockerfile | 8 +++----- README.md | 6 +++--- 2 files changed, 6 insertions(+), 8 deletions(-) diff --git a/Dockerfile b/Dockerfile index 5a7c5808a..f99edbbdc 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,7 +1,7 @@ -ARG ALPINE_VERSION=3.21 +ARG ALPINE_VERSION=3.23 FROM alpine:${ALPINE_VERSION} LABEL Maintainer="Tim de Pater " -LABEL Description="Lightweight container with Nginx 1.26 & PHP 8.4 based on Alpine Linux." +LABEL Description="Lightweight container with Nginx 1.28 & PHP 8.4 based on Alpine Linux." # Setup document root WORKDIR /var/www/html @@ -29,15 +29,13 @@ RUN apk add --no-cache \ php84-xmlwriter \ supervisor -RUN ln -s /usr/bin/php84 /usr/bin/php - # Configure nginx - http COPY config/nginx.conf /etc/nginx/nginx.conf # Configure nginx - default server COPY config/conf.d /etc/nginx/conf.d/ # Configure PHP-FPM -ENV PHP_INI_DIR /etc/php84 +ENV PHP_INI_DIR=/etc/php84 COPY config/fpm-pool.conf ${PHP_INI_DIR}/php-fpm.d/www.conf COPY config/php.ini ${PHP_INI_DIR}/conf.d/custom.ini diff --git a/README.md b/README.md index 3b90faf81..d5efdd709 100644 --- a/README.md +++ b/README.md @@ -1,5 +1,5 @@ -# Docker PHP-FPM 8.4 & Nginx 1.26 on Alpine Linux -Example PHP-FPM 8.4 & Nginx 1.26 container image for Docker, built on [Alpine Linux](https://www.alpinelinux.org/). +# Docker PHP-FPM 8.4 & Nginx 1.28 on Alpine Linux +Example PHP-FPM 8.4 & Nginx 1.28 container image for Docker, built on [Alpine Linux](https://www.alpinelinux.org/). Repository: https://github.com/TrafeX/docker-php-nginx @@ -15,7 +15,7 @@ Repository: https://github.com/TrafeX/docker-php-nginx * Follows the KISS principle (Keep It Simple, Stupid) to make it easy to understand and adjust the image to your needs [![Docker Pulls](https://img.shields.io/docker/pulls/trafex/php-nginx.svg)](https://hub.docker.com/r/trafex/php-nginx/) -![nginx 1.26](https://img.shields.io/badge/nginx-1.26-brightgreen.svg) +![nginx 1.28](https://img.shields.io/badge/nginx-1.28-brightgreen.svg) ![php 8.4](https://img.shields.io/badge/php-8.4-brightgreen.svg) ![License MIT](https://img.shields.io/badge/license-MIT-blue.svg) From 2c385890953dd7af21a4d1e0ab2d28eadaf8d5f1 Mon Sep 17 00:00:00 2001 From: Tim de Pater Date: Sun, 14 Dec 2025 11:25:25 +0100 Subject: [PATCH 71/73] Introduce tagging per major, minor, patch version. Add OCI labels. --- .github/workflows/build.yaml | 25 +++++++++++++++++++++++-- Dockerfile | 20 ++++++++++++++++++-- README.md | 9 +++++++-- 3 files changed, 48 insertions(+), 6 deletions(-) diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml index d99de1f0d..d650c8f6a 100644 --- a/.github/workflows/build.yaml +++ b/.github/workflows/build.yaml @@ -67,18 +67,39 @@ jobs: --push \ -t $IMAGE_NAME:latest \ --platform linux/amd64,linux/arm64,linux/arm/v7,linux/arm/v6 \ + --build-arg BUILD_DATE=$(date -u +'%Y-%m-%dT%H:%M:%SZ') \ + --build-arg VCS_REF=${{ github.sha }} \ + --build-arg VERSION=latest \ . - name: Set tag in environment if: contains(github.ref, 'refs/tags/') run: echo "RELEASE_VERSION=${GITHUB_REF#refs/*/}" >> $GITHUB_ENV - - name: Build multi-arch image and push release tag + - name: Parse version components + if: contains(github.ref, 'refs/tags/') + id: parse_version + run: | + VERSION=${GITHUB_REF#refs/tags/} + echo "FULL_VERSION=$VERSION" >> $GITHUB_ENV + # Extract major version (e.g., 3 from 3.9.1) + MAJOR=$(echo $VERSION | cut -d. -f1) + echo "MAJOR_VERSION=$MAJOR" >> $GITHUB_ENV + # Extract minor version (e.g., 3.9 from 3.9.1) + MINOR=$(echo $VERSION | cut -d. -f1,2) + echo "MINOR_VERSION=$MINOR" >> $GITHUB_ENV + + - name: Build multi-arch image and push release tags if: contains(github.ref, 'refs/tags/') run: |- docker buildx build \ --cache-from=$IMAGE_NAME:latest \ --push \ - -t $IMAGE_NAME:$RELEASE_VERSION \ + -t $IMAGE_NAME:$FULL_VERSION \ + -t $IMAGE_NAME:$MINOR_VERSION \ + -t $IMAGE_NAME:$MAJOR_VERSION \ --platform linux/amd64,linux/arm64,linux/arm/v7,linux/arm/v6 \ + --build-arg BUILD_DATE=$(date -u +'%Y-%m-%dT%H:%M:%SZ') \ + --build-arg VCS_REF=${{ github.sha }} \ + --build-arg VERSION=$FULL_VERSION \ . diff --git a/Dockerfile b/Dockerfile index f99edbbdc..5c24504c8 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,7 +1,23 @@ ARG ALPINE_VERSION=3.23 FROM alpine:${ALPINE_VERSION} -LABEL Maintainer="Tim de Pater " -LABEL Description="Lightweight container with Nginx 1.28 & PHP 8.4 based on Alpine Linux." + +# Build metadata arguments +ARG BUILD_DATE +ARG VCS_REF +ARG VERSION + +# OCI annotations for supply chain security +LABEL org.opencontainers.image.created="${BUILD_DATE}" +LABEL org.opencontainers.image.authors="Tim de Pater " +LABEL org.opencontainers.image.url="https://github.com/TrafeX/docker-php-nginx" +LABEL org.opencontainers.image.documentation="https://github.com/TrafeX/docker-php-nginx" +LABEL org.opencontainers.image.source="https://github.com/TrafeX/docker-php-nginx" +LABEL org.opencontainers.image.version="${VERSION}" +LABEL org.opencontainers.image.revision="${VCS_REF}" +LABEL org.opencontainers.image.vendor="TrafeX" +LABEL org.opencontainers.image.title="PHP-FPM 8.4 & Nginx on Alpine Linux" +LABEL org.opencontainers.image.description="Lightweight container with Nginx 1.28 & PHP 8.4 based on Alpine Linux." + # Setup document root WORKDIR /var/www/html diff --git a/README.md b/README.md index d5efdd709..8d603e6f2 100644 --- a/README.md +++ b/README.md @@ -40,8 +40,13 @@ Or mount your own code to be served by PHP-FPM & Nginx docker run -p 80:8080 -v ~/my-codebase:/var/www/html trafex/php-nginx ## Versioning -Major or minor changes are always published as a [release](https://github.com/TrafeX/docker-php-nginx/releases) with correspondending changelogs. -The `latest` tag is automatically updated weekly to include the latests patches from Alpine Linux. + +This image follows semantic versioning; + +- `latest` - Automatically updated weekly with the latest patches from Alpine Linux +- `3` - Latest major version 3.x (follows minor and patch updates) +- `3.9` - Latest version 3.9.x (follows patch updates only) +- `3.9.1` - Specific patch version (immutable) ## Configuration In [config/](config/) you'll find the default configuration files for Nginx, PHP and PHP-FPM. From 2d6af9f49882402d495e8fd3da09ae16ecac4553 Mon Sep 17 00:00:00 2001 From: Tim de Pater Date: Sun, 14 Dec 2025 11:50:32 +0100 Subject: [PATCH 72/73] Don't use an ARG for the version so that Dependabot will provide updates --- Dockerfile | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/Dockerfile b/Dockerfile index 5c24504c8..9fb5529ad 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,12 +1,11 @@ -ARG ALPINE_VERSION=3.23 -FROM alpine:${ALPINE_VERSION} +FROM alpine:3.23 # Build metadata arguments ARG BUILD_DATE ARG VCS_REF ARG VERSION -# OCI annotations for supply chain security +# OCI annotations LABEL org.opencontainers.image.created="${BUILD_DATE}" LABEL org.opencontainers.image.authors="Tim de Pater " LABEL org.opencontainers.image.url="https://github.com/TrafeX/docker-php-nginx" From 5a9f290f61cb14d59cf53a48242e2674a45bced3 Mon Sep 17 00:00:00 2001 From: Tim de Pater Date: Sun, 14 Dec 2025 12:19:38 +0100 Subject: [PATCH 73/73] Remove unused step and add missing build args --- .github/workflows/build.yaml | 10 +++++----- README.md | 9 ++++----- 2 files changed, 9 insertions(+), 10 deletions(-) diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml index d650c8f6a..f04c41cbe 100644 --- a/.github/workflows/build.yaml +++ b/.github/workflows/build.yaml @@ -30,7 +30,11 @@ jobs: - name: Build image run: |- - docker build -t $IMAGE_NAME:$IMAGE_TAG . + docker build \ + --build-arg BUILD_DATE=$(date -u +'%Y-%m-%dT%H:%M:%SZ') \ + --build-arg VCS_REF=${{ github.sha }} \ + --build-arg VERSION=${{ github.ref_name }} \ + -t $IMAGE_NAME:$IMAGE_TAG . - name: Smoke test image run: |- @@ -72,10 +76,6 @@ jobs: --build-arg VERSION=latest \ . - - name: Set tag in environment - if: contains(github.ref, 'refs/tags/') - run: echo "RELEASE_VERSION=${GITHUB_REF#refs/*/}" >> $GITHUB_ENV - - name: Parse version components if: contains(github.ref, 'refs/tags/') id: parse_version diff --git a/README.md b/README.md index 8d603e6f2..6a52bf398 100644 --- a/README.md +++ b/README.md @@ -40,13 +40,12 @@ Or mount your own code to be served by PHP-FPM & Nginx docker run -p 80:8080 -v ~/my-codebase:/var/www/html trafex/php-nginx ## Versioning - This image follows semantic versioning; -- `latest` - Automatically updated weekly with the latest patches from Alpine Linux -- `3` - Latest major version 3.x (follows minor and patch updates) -- `3.9` - Latest version 3.9.x (follows patch updates only) -- `3.9.1` - Specific patch version (immutable) +* `latest` - Latest stable release (automatically updated weekly with the latest patches from Alpine Linux) +* `..` - Specific immutable version (e.g., `3.9.1`, `3.9.2`) +* `.` - Latest patch version for a minor release (e.g., `3.9` → `3.9.2`) +* `` - Latest minor and patch version (e.g., `3` → `3.9.2`) ## Configuration In [config/](config/) you'll find the default configuration files for Nginx, PHP and PHP-FPM.