-
Notifications
You must be signed in to change notification settings - Fork 4
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
2 changed files
with
81 additions
and
94 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,13 +1,23 @@ | ||
FROM alpine:3.9 | ||
FROM alpine:3.12 | ||
|
||
MAINTAINER Peter Szalatnay <[email protected]> | ||
|
||
ENV PHP_VERSION=7.3.2 PHPREDIS_FILENAME=4.2.0.tar.gz PHP_FILENAME=php-7.3.2.tar.xz NEWRELIC_FILENAME=newrelic-php5-8.5.0.235-linux-musl.tar.gz | ||
ENV PHP_VERSION=7.4.7 PHPREDIS_FILENAME=5.3.0.tar.gz PHP_FILENAME=php-7.4.7.tar.xz NEWRELIC_FILENAME=newrelic-php5-9.11.0.267-linux-musl.tar.gz | ||
|
||
RUN \ | ||
addgroup -S nginx \ | ||
&& adduser -D -S -h /var/cache/nginx -s /sbin/nologin -G nginx nginx \ | ||
&& apk add --update \ | ||
# Apply stack smash protection to functions using local buffers and alloca() | ||
# Make PHP's main executable position-independent (improves ASLR security mechanism, and has no performance impact on x86_64) | ||
# Enable optimization (-O2) | ||
# Enable linker optimization (this sorts the hash buckets to improve cache locality, and is non-default) | ||
# https:/docker-library/php/issues/272 | ||
# -D_LARGEFILE_SOURCE and -D_FILE_OFFSET_BITS=64 (https://www.php.net/manual/en/intro.filesystem.php) | ||
ENV PHP_CFLAGS="-fstack-protector-strong -fpic -fpie -O2 -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64" | ||
ENV PHP_CPPFLAGS="$PHP_CFLAGS" | ||
ENV PHP_LDFLAGS="-Wl,-O1 -pie" | ||
|
||
RUN set -eux; \ | ||
addgroup -S nginx; \ | ||
adduser -D -S -h /var/cache/nginx -s /sbin/nologin -G nginx nginx; \ | ||
apk add --update --no-cache \ | ||
curl \ | ||
tar \ | ||
xz \ | ||
|
@@ -20,8 +30,8 @@ RUN \ | |
libedit \ | ||
libmcrypt \ | ||
libbz2 \ | ||
libzip \ | ||
&& apk add --no-cache --virtual .build-deps \ | ||
libzip; \ | ||
apk add --no-cache --virtual .build-deps \ | ||
git \ | ||
autoconf \ | ||
file \ | ||
|
@@ -43,14 +53,18 @@ RUN \ | |
libedit-dev \ | ||
libssh2-dev \ | ||
libzip-dev \ | ||
oniguruma-dev; \ | ||
# download sources | ||
&& cd /tmp \ | ||
&& curl -fSL "http://php.net/get/$PHP_FILENAME/from/this/mirror" -o "$PHP_FILENAME" \ | ||
&& mkdir -p /tmp/php \ | ||
&& tar -Jxf "$PHP_FILENAME" -C /tmp/php --strip-components=1 \ | ||
&& rm "$PHP_FILENAME" \ | ||
&& cd /tmp/php \ | ||
&& ./configure \ | ||
cd /tmp; \ | ||
curl -fSL "http://php.net/get/$PHP_FILENAME/from/this/mirror" -o "$PHP_FILENAME"; \ | ||
mkdir -p /tmp/php; \ | ||
tar -Jxf "$PHP_FILENAME" -C /tmp/php --strip-components=1; \ | ||
rm "$PHP_FILENAME"; \ | ||
cd /tmp/php; \ | ||
export CFLAGS="$PHP_CFLAGS" \ | ||
CPPFLAGS="$PHP_CPPFLAGS" \ | ||
LDFLAGS="$PHP_LDFLAGS"; \ | ||
./configure \ | ||
--prefix=/usr \ | ||
--libdir=/usr/lib/php \ | ||
--datadir=/usr/share/php \ | ||
|
@@ -67,70 +81,69 @@ RUN \ | |
--enable-mysqlnd \ | ||
--enable-mbstring \ | ||
--enable-opcache \ | ||
--enable-zip \ | ||
--enable-libxml --with-libxml-dir \ | ||
--with-zip \ | ||
--with-libxml \ | ||
--enable-sockets \ | ||
--with-mysqli \ | ||
--with-curl \ | ||
--with-libedit \ | ||
--with-openssl \ | ||
--with-gd \ | ||
--with-jpeg-dir \ | ||
--with-png-dir \ | ||
--with-webp-dir \ | ||
--with-xpm-dir=no \ | ||
--with-freetype-dir \ | ||
--enable-gd \ | ||
--with-jpeg \ | ||
--with-webp \ | ||
--with-freetype \ | ||
--with-zlib \ | ||
--without-readline \ | ||
--without-sqlite3 \ | ||
--without-pdo-sqlite \ | ||
&& make \ | ||
&& make install \ | ||
&& { find /usr/local/bin /usr/local/sbin -type f -perm +0111 -exec strip --strip-all '{}' + || true; } \ | ||
&& make clean \ | ||
&& runDeps="$( \ | ||
--without-pdo-sqlite; \ | ||
make; \ | ||
make install; \ | ||
{ find /usr/local/bin /usr/local/sbin -type f -perm +0111 -exec strip --strip-all '{}' + || true; }; \ | ||
make clean; \ | ||
runDeps="$( \ | ||
scanelf --needed --nobanner --recursive /usr/local \ | ||
| awk '{ gsub(/,/, "\nso:", $2); print "so:" $2 }' \ | ||
| sort -u \ | ||
| xargs -r apk info --installed \ | ||
| sort -u \ | ||
)" \ | ||
&& apk add --virtual .php-rundeps $runDeps \ | ||
&& mkdir /etc/php/conf.d/ \ | ||
&& echo "zend_extension=opcache.so" >> "/etc/php/conf.d/docker-php-ext-opcache.ini" \ | ||
)"; \ | ||
apk add --virtual .php-rundeps $runDeps; \ | ||
mkdir /etc/php/conf.d/; \ | ||
echo "zend_extension=opcache.so" >> "/etc/php/conf.d/docker-php-ext-opcache.ini"; \ | ||
# install phpredis | ||
&& cd /tmp \ | ||
&& curl -fSL "https:/phpredis/phpredis/archive/$PHPREDIS_FILENAME" -o "$PHPREDIS_FILENAME" \ | ||
&& mkdir -p /tmp/phpredis \ | ||
&& tar -xzf "$PHPREDIS_FILENAME" -C /tmp/phpredis --strip-components=1 \ | ||
&& cd /tmp/phpredis \ | ||
&& phpize && ./configure && make install \ | ||
&& echo "extension=redis.so" >> "/etc/php/conf.d/docker-php-ext-redis.ini" \ | ||
cd /tmp; \ | ||
curl -fSL "https:/phpredis/phpredis/archive/$PHPREDIS_FILENAME" -o "$PHPREDIS_FILENAME"; \ | ||
mkdir -p /tmp/phpredis; \ | ||
tar -xzf "$PHPREDIS_FILENAME" -C /tmp/phpredis --strip-components=1; \ | ||
cd /tmp/phpredis; \ | ||
phpize ./configure make install; \ | ||
echo "extension=redis.so" >> "/etc/php/conf.d/docker-php-ext-redis.ini"; \ | ||
# install xdebug (but it will be disabled, see /etc/php/conf.d/xdebug.ini) | ||
&& cd /tmp \ | ||
&& git clone https:/xdebug/xdebug.git \ | ||
&& cd /tmp/xdebug \ | ||
&& git checkout master \ | ||
&& phpize && ./configure --enable-xdebug && make install \ | ||
&& echo ";zend_extension=xdebug.so" >> "/etc/php/conf.d/docker-php-ext-xdebug.ini" \ | ||
cd /tmp; \ | ||
git clone https:/xdebug/xdebug.git; \ | ||
cd /tmp/xdebug; \ | ||
git checkout master; \ | ||
phpize ./configure --enable-xdebug make install; \ | ||
echo ";zend_extension=xdebug.so" >> "/etc/php/conf.d/docker-php-ext-xdebug.ini"; \ | ||
# install newrelic apm agent | ||
&& cd /tmp \ | ||
&& curl -fSL "https://download.newrelic.com/php_agent/release/$NEWRELIC_FILENAME" -o "$NEWRELIC_FILENAME" \ | ||
&& mkdir -p /tmp/newrelic /var/log/newrelic \ | ||
&& tar -xzf "$NEWRELIC_FILENAME" -C /tmp/newrelic --strip-components=1 \ | ||
&& rm "$NEWRELIC_FILENAME" \ | ||
&& cd /tmp/newrelic \ | ||
&& cp agent/x64/newrelic-20180731.so /usr/lib/php/extensions/no-debug-non-zts-20180731/newrelic.so \ | ||
&& cp daemon/newrelic-daemon.x64 /usr/bin/newrelic-daemon \ | ||
&& cp scripts/newrelic.ini.template /etc/php/conf.d/newrelic.ini \ | ||
cd /tmp; \ | ||
curl -fSL "https://download.newrelic.com/php_agent/release/$NEWRELIC_FILENAME" -o "$NEWRELIC_FILENAME"; \ | ||
mkdir -p /tmp/newrelic /var/log/newrelic; \ | ||
tar -xzf "$NEWRELIC_FILENAME" -C /tmp/newrelic --strip-components=1; \ | ||
rm "$NEWRELIC_FILENAME"; \ | ||
cd /tmp/newrelic; \ | ||
cp agent/x64/newrelic-20190902.so /usr/lib/php/extensions/no-debug-non-zts-20190902/newrelic.so; \ | ||
cp daemon/newrelic-daemon.x64 /usr/bin/newrelic-daemon; \ | ||
cp scripts/newrelic.ini.template /etc/php/conf.d/newrelic.ini; \ | ||
# remove PHP dev dependencies | ||
&& apk del .build-deps \ | ||
&& rm -rf /tmp/* \ | ||
&& cd /etc/php \ | ||
&& if [ -d php-fpm.d ]; then \ | ||
apk del .build-deps; \ | ||
rm -rf /tmp/*; \ | ||
cd /etc/php; \ | ||
if [ -d php-fpm.d ]; then \ | ||
# for some reason, upstream's php-fpm.conf.default has "include=NONE/etc/php-fpm.d/*.conf" | ||
sed 's!=NONE/!=!g' php-fpm.conf.default | tee php-fpm.conf > /dev/null; \ | ||
fi \ | ||
&& { \ | ||
fi; \ | ||
{ \ | ||
echo '[global]'; \ | ||
echo 'error_log = /proc/self/fd/2'; \ | ||
echo 'daemonize = no'; \ | ||
|
@@ -153,6 +166,10 @@ RUN chmod +x /docker-entrypoint.sh | |
|
||
ENTRYPOINT ["/docker-entrypoint.sh"] | ||
|
||
# Override stop signal to stop process gracefully | ||
# https:/php/php-src/blob/17baa87faddc2550def3ae7314236826bc1b1398/sapi/fpm/php-fpm.8.in#L163 | ||
STOPSIGNAL SIGQUIT | ||
|
||
EXPOSE 9000 | ||
|
||
CMD ["php-fpm"] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters