php 7.4.7

Flowman · Jul 6, 2020 · 0a1b374 · 0a1b374
1 parent c77791f
commit 0a1b374
Show file tree

Hide file tree

Showing 2 changed files with 81 additions and 94 deletions.
diff --git a/Dockerfile b/Dockerfile
@@ -1,13 +1,23 @@
-FROM alpine:3.9
+FROM alpine:3.12
 
 MAINTAINER Peter Szalatnay <[email protected]>
 
-ENV PHP_VERSION=7.3.2 PHPREDIS_FILENAME=4.2.0.tar.gz PHP_FILENAME=php-7.3.2.tar.xz NEWRELIC_FILENAME=newrelic-php5-8.5.0.235-linux-musl.tar.gz
+ENV PHP_VERSION=7.4.7 PHPREDIS_FILENAME=5.3.0.tar.gz PHP_FILENAME=php-7.4.7.tar.xz NEWRELIC_FILENAME=newrelic-php5-9.11.0.267-linux-musl.tar.gz
 
-RUN \
- addgroup -S nginx \
- && adduser -D -S -h /var/cache/nginx -s /sbin/nologin -G nginx nginx \
- && apk add --update \
+# Apply stack smash protection to functions using local buffers and alloca()
+# Make PHP's main executable position-independent (improves ASLR security mechanism, and has no performance impact on x86_64)
+# Enable optimization (-O2)
+# Enable linker optimization (this sorts the hash buckets to improve cache locality, and is non-default)
+# https:/docker-library/php/issues/272
+# -D_LARGEFILE_SOURCE and -D_FILE_OFFSET_BITS=64 (https://www.php.net/manual/en/intro.filesystem.php)
+ENV PHP_CFLAGS="-fstack-protector-strong -fpic -fpie -O2 -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64"
+ENV PHP_CPPFLAGS="$PHP_CFLAGS"
+ENV PHP_LDFLAGS="-Wl,-O1 -pie"
+
+RUN set -eux; \
+ addgroup -S nginx; \
+ adduser -D -S -h /var/cache/nginx -s /sbin/nologin -G nginx nginx; \
+ apk add --update --no-cache \
  curl \
  tar \
  xz \
@@ -20,8 +30,8 @@ RUN \
  libedit \
  libmcrypt \
  libbz2 \
- libzip \
- && apk add --no-cache --virtual .build-deps \
+ libzip; \
+ apk add --no-cache --virtual .build-deps \
  git \
  autoconf \
  file \
@@ -43,14 +53,18 @@ RUN \
  libedit-dev \
  libssh2-dev \
  libzip-dev \
+ oniguruma-dev; \
  # download sources
- && cd /tmp \
- && curl -fSL "http://php.net/get/$PHP_FILENAME/from/this/mirror" -o "$PHP_FILENAME" \
- && mkdir -p /tmp/php \
- && tar -Jxf "$PHP_FILENAME" -C /tmp/php --strip-components=1 \
- && rm "$PHP_FILENAME" \
- && cd /tmp/php \
- && ./configure \
+ cd /tmp; \
+ curl -fSL "http://php.net/get/$PHP_FILENAME/from/this/mirror" -o "$PHP_FILENAME"; \
+ mkdir -p /tmp/php; \
+ tar -Jxf "$PHP_FILENAME" -C /tmp/php --strip-components=1; \
+ rm "$PHP_FILENAME"; \
+ cd /tmp/php; \
+ export CFLAGS="$PHP_CFLAGS" \
+ CPPFLAGS="$PHP_CPPFLAGS" \
+ LDFLAGS="$PHP_LDFLAGS"; \
+ ./configure \
  --prefix=/usr \
  --libdir=/usr/lib/php \
  --datadir=/usr/share/php \
@@ -67,70 +81,69 @@ RUN \
  --enable-mysqlnd \
  --enable-mbstring \
  --enable-opcache \
- --enable-zip \
- --enable-libxml --with-libxml-dir \
+ --with-zip \
+ --with-libxml \
+ --enable-sockets \
  --with-mysqli \
  --with-curl \
  --with-libedit \
  --with-openssl \
- --with-gd \
- --with-jpeg-dir \
- --with-png-dir \
- --with-webp-dir \
- --with-xpm-dir=no \
- --with-freetype-dir \
+ --enable-gd \
+ --with-jpeg \
+ --with-webp \
+ --with-freetype \
  --with-zlib \
  --without-readline \
  --without-sqlite3 \
- --without-pdo-sqlite \
- && make \
- && make install \
- && { find /usr/local/bin /usr/local/sbin -type f -perm +0111 -exec strip --strip-all '{}' + || true; } \
- && make clean \
- && runDeps="$( \
+ --without-pdo-sqlite; \
+ make; \
+ make install; \
+ { find /usr/local/bin /usr/local/sbin -type f -perm +0111 -exec strip --strip-all '{}' + || true; }; \
+ make clean; \
+ runDeps="$( \
  scanelf --needed --nobanner --recursive /usr/local \
  | awk '{ gsub(/,/, "\nso:", $2); print "so:" $2 }' \
  | sort -u \
  | xargs -r apk info --installed \
  | sort -u \
- )" \
- && apk add --virtual .php-rundeps $runDeps \
- && mkdir /etc/php/conf.d/ \
- && echo "zend_extension=opcache.so" >> "/etc/php/conf.d/docker-php-ext-opcache.ini" \
+ )"; \
+ apk add --virtual .php-rundeps $runDeps; \
+ mkdir /etc/php/conf.d/; \
+ echo "zend_extension=opcache.so" >> "/etc/php/conf.d/docker-php-ext-opcache.ini"; \
  # install phpredis
- && cd /tmp \
- && curl -fSL "https:/phpredis/phpredis/archive/$PHPREDIS_FILENAME" -o "$PHPREDIS_FILENAME" \
- && mkdir -p /tmp/phpredis \
- && tar -xzf "$PHPREDIS_FILENAME" -C /tmp/phpredis --strip-components=1 \
- && cd /tmp/phpredis \
- && phpize && ./configure && make install \
- && echo "extension=redis.so" >> "/etc/php/conf.d/docker-php-ext-redis.ini" \
+ cd /tmp; \
+ curl -fSL "https:/phpredis/phpredis/archive/$PHPREDIS_FILENAME" -o "$PHPREDIS_FILENAME"; \
+ mkdir -p /tmp/phpredis; \
+ tar -xzf "$PHPREDIS_FILENAME" -C /tmp/phpredis --strip-components=1; \
+ cd /tmp/phpredis; \
+ phpize ./configure make install; \
+ echo "extension=redis.so" >> "/etc/php/conf.d/docker-php-ext-redis.ini"; \
  # install xdebug (but it will be disabled, see /etc/php/conf.d/xdebug.ini)
- && cd /tmp \
- && git clone https:/xdebug/xdebug.git \
- && cd /tmp/xdebug \
- && git checkout master \
- && phpize && ./configure --enable-xdebug && make install \
- && echo ";zend_extension=xdebug.so" >> "/etc/php/conf.d/docker-php-ext-xdebug.ini" \
+ cd /tmp; \
+ git clone https:/xdebug/xdebug.git; \
+ cd /tmp/xdebug; \
+ git checkout master; \
+ phpize ./configure --enable-xdebug make install; \
+ echo ";zend_extension=xdebug.so" >> "/etc/php/conf.d/docker-php-ext-xdebug.ini"; \
  # install newrelic apm agent
- && cd /tmp \
- && curl -fSL "https://download.newrelic.com/php_agent/release/$NEWRELIC_FILENAME" -o "$NEWRELIC_FILENAME" \
- && mkdir -p /tmp/newrelic /var/log/newrelic \
- && tar -xzf "$NEWRELIC_FILENAME" -C /tmp/newrelic --strip-components=1 \
- && rm "$NEWRELIC_FILENAME" \
- && cd /tmp/newrelic \
- && cp agent/x64/newrelic-20180731.so /usr/lib/php/extensions/no-debug-non-zts-20180731/newrelic.so \
- && cp daemon/newrelic-daemon.x64 /usr/bin/newrelic-daemon \
- && cp scripts/newrelic.ini.template /etc/php/conf.d/newrelic.ini \
+ cd /tmp; \
+ curl -fSL "https://download.newrelic.com/php_agent/release/$NEWRELIC_FILENAME" -o "$NEWRELIC_FILENAME"; \
+ mkdir -p /tmp/newrelic /var/log/newrelic; \
+ tar -xzf "$NEWRELIC_FILENAME" -C /tmp/newrelic --strip-components=1; \
+ rm "$NEWRELIC_FILENAME"; \
+ cd /tmp/newrelic; \
+ cp agent/x64/newrelic-20190902.so /usr/lib/php/extensions/no-debug-non-zts-20190902/newrelic.so; \
+ cp daemon/newrelic-daemon.x64 /usr/bin/newrelic-daemon; \
+ cp scripts/newrelic.ini.template /etc/php/conf.d/newrelic.ini; \
  # remove PHP dev dependencies
- && apk del .build-deps \
- && rm -rf /tmp/* \
- && cd /etc/php \
- && if [ -d php-fpm.d ]; then \
+ apk del .build-deps; \
+ rm -rf /tmp/*; \
+ cd /etc/php; \
+ if [ -d php-fpm.d ]; then \
  # for some reason, upstream's php-fpm.conf.default has "include=NONE/etc/php-fpm.d/*.conf"
  sed 's!=NONE/!=!g' php-fpm.conf.default | tee php-fpm.conf > /dev/null; \
- fi \
- && { \
+ fi; \
+ { \
  echo '[global]'; \
  echo 'error_log = /proc/self/fd/2'; \
  echo 'daemonize = no'; \
@@ -153,6 +166,10 @@ RUN chmod +x /docker-entrypoint.sh
 
 ENTRYPOINT ["/docker-entrypoint.sh"]
 
+# Override stop signal to stop process gracefully
+# https:/php/php-src/blob/17baa87faddc2550def3ae7314236826bc1b1398/sapi/fpm/php-fpm.8.in#L163
+STOPSIGNAL SIGQUIT
+
 EXPOSE 9000
 
 CMD ["php-fpm"]
diff --git a/README.md b/README.md
@@ -1,13 +1,9 @@
-[![](https://badge.imagelayers.io/flowman/php-fpm:latest.svg)](https://imagelayers.io/?images=flowman/php-fpm:latest 'Get your own badge on imagelayers.io')
-
 # What is PHP-FPM?
 
 PHP-FPM (FastCGI Process Manager) is an alternative PHP FastCGI implementation with some additional features useful for sites of any size, especially busier sites.
 
 ## Info
 
-This container is not meant to be run standalone as it is part of a [Rancher](http://rancher.com) Catalog item. If it suites your purpose you are more then welcome to use it.
-
 The container is optimized to run !Joomla with Nginx, so some PHP modules have been striped out. Check the build section to customize this container for your needs.
 
 This image is based on the popular Alpine Linux project, available in the alpine official image. Alpine Linux is much smaller than most distribution base images (~5MB), and thus leads to much slimmer images in general.
@@ -45,52 +41,26 @@ This variable is optional and will enable xdebug.
 
 ## ... via `docker-compose`
 
-Example Rancher docker-compose stack
-
-```yaml
-nginx:
- image: flowman/nginx:1.10.0
- labels:
- io.rancher.sidekicks: php-fpm, www-data
- volumes_from:
- - 'www-data'
- ports:
- - "80:80"
-php-fpm:
- image: flowman/php-fpm:7.0.6
- net: "container:nginx"
- volumes_from:
- - 'www-data'
- environment:
- XDEBUG: 'true'
-www-data:
- image: flowman/joomla:3.5.1
- net: none
- command: /bin/true
- labels:
- io.rancher.container.start_once: true
-```
-
 Example docker-compose file
 
 ```yaml
 version: '2'
 services:
  nginx:
- image: flowman/nginx:1.10.0
+ image: flowman/nginx:1.18.0
  ports:
  - "80:80"
  volumes_from:
  - 'joomla'
  php-fpm:
- image: flowman/php-fpm:7.0.6
+ image: flowman/php-fpm:7.4.7
  network_mode: "service:nginx"
  volumes_from:
  - 'joomla'
  environment:
  XDEBUG: 'true'
  joomla:
- image: flowman/joomla:3.5.1
+ image: flowman/joomla:3.9.18
  network_mode: none
 ```