Last active
January 31, 2019 12:42
-
-
Save souri-t/234324799c53481f816863a6928cbc15 to your computer and use it in GitHub Desktop.
php7.0-fpm-alpine-pi
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
FROM resin/raspberry-pi-alpine:latest | |
# dependencies required for running "phpize" | |
# these get automatically installed and removed by "docker-php-ext-*" (unless they're already installed) | |
ENV PHPIZE_DEPS \ | |
autoconf \ | |
dpkg-dev dpkg \ | |
file \ | |
g++ \ | |
gcc \ | |
libc-dev \ | |
make \ | |
pkgconf \ | |
re2c | |
# persistent / runtime deps | |
RUN apk add --no-cache --virtual .persistent-deps \ | |
ca-certificates \ | |
curl \ | |
tar \ | |
xz \ | |
# https://github.com/docker-library/php/issues/494 | |
libressl | |
# ensure www-data user exists | |
RUN set -x \ | |
&& addgroup -g 82 -S www-data \ | |
&& adduser -u 82 -D -S -G www-data www-data | |
# 82 is the standard uid/gid for "www-data" in Alpine | |
# http://git.alpinelinux.org/cgit/aports/tree/main/apache2/apache2.pre-install?h=v3.3.2 | |
# http://git.alpinelinux.org/cgit/aports/tree/main/lighttpd/lighttpd.pre-install?h=v3.3.2 | |
# http://git.alpinelinux.org/cgit/aports/tree/main/nginx-initscripts/nginx-initscripts.pre-install?h=v3.3.2 | |
ENV PHP_INI_DIR /usr/local/etc/php | |
RUN mkdir -p $PHP_INI_DIR/conf.d | |
##<autogenerated>## | |
ENV PHP_EXTRA_CONFIGURE_ARGS --enable-fpm --with-fpm-user=www-data --with-fpm-group=www-data --disable-cgi | |
##</autogenerated>## | |
# Apply stack smash protection to functions using local buffers and alloca() | |
# Make PHP's main executable position-independent (improves ASLR security mechanism, and has no performance impact on x86_64) | |
# Enable optimization (-O2) | |
# Enable linker optimization (this sorts the hash buckets to improve cache locality, and is non-default) | |
# Adds GNU HASH segments to generated executables (this is used if present, and is much faster than sysv hash; in this configuration, sysv hash is also generated) | |
# https://github.com/docker-library/php/issues/272 | |
ENV PHP_CFLAGS="-fstack-protector-strong -fpic -fpie -O2" | |
ENV PHP_CPPFLAGS="$PHP_CFLAGS" | |
ENV PHP_LDFLAGS="-Wl,-O1 -Wl,--hash-style=both -pie" | |
ENV GPG_KEYS 1A4E8B7277C42E53DBA9C7B9BCAA30EA9C0D5763 6E4F6AB321FDC07F2C332E3AC2BF0BC433CFC8B3 | |
ENV PHP_VERSION 7.0.30 | |
ENV PHP_URL="https://secure.php.net/get/php-7.0.30.tar.xz/from/this/mirror" PHP_ASC_URL="https://secure.php.net/get/php-7.0.30.tar.xz.asc/from/this/mirror" | |
ENV PHP_SHA256="c90892fb68ab9b8476519658d3f78f6388f2609ae1309bdc2a2e1cc9f92dd686" PHP_MD5="" | |
RUN set -xe; \ | |
\ | |
apk add --no-cache --virtual .fetch-deps \ | |
gnupg \ | |
wget \ | |
; \ | |
\ | |
mkdir -p /usr/src; \ | |
cd /usr/src; \ | |
\ | |
wget -O php.tar.xz "$PHP_URL"; \ | |
\ | |
if [ -n "$PHP_SHA256" ]; then \ | |
echo "$PHP_SHA256 *php.tar.xz" | sha256sum -c -; \ | |
fi; \ | |
if [ -n "$PHP_MD5" ]; then \ | |
echo "$PHP_MD5 *php.tar.xz" | md5sum -c -; \ | |
fi; \ | |
\ | |
if [ -n "$PHP_ASC_URL" ]; then \ | |
wget -O php.tar.xz.asc "$PHP_ASC_URL"; \ | |
export GNUPGHOME="$(mktemp -d)"; \ | |
for key in $GPG_KEYS; do \ | |
gpg --keyserver ha.pool.sks-keyservers.net --recv-keys "$key"; \ | |
done; \ | |
gpg --batch --verify php.tar.xz.asc php.tar.xz; \ | |
command -v gpgconf > /dev/null && gpgconf --kill all; \ | |
rm -rf "$GNUPGHOME"; \ | |
fi; \ | |
\ | |
apk del .fetch-deps | |
COPY docker-php-source /usr/local/bin/ | |
RUN set -xe \ | |
&& apk add --no-cache --virtual .build-deps \ | |
$PHPIZE_DEPS \ | |
coreutils \ | |
curl-dev \ | |
libedit-dev \ | |
libressl-dev \ | |
libxml2-dev \ | |
sqlite-dev \ | |
\ | |
&& export CFLAGS="$PHP_CFLAGS" \ | |
CPPFLAGS="$PHP_CPPFLAGS" \ | |
LDFLAGS="$PHP_LDFLAGS" \ | |
&& docker-php-source extract \ | |
&& cd /usr/src/php \ | |
&& gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)" \ | |
&& ./configure \ | |
--build="$gnuArch" \ | |
--with-config-file-path="$PHP_INI_DIR" \ | |
--with-config-file-scan-dir="$PHP_INI_DIR/conf.d" \ | |
\ | |
# make sure invalid --configure-flags are fatal errors intead of just warnings | |
--enable-option-checking=fatal \ | |
\ | |
# https://github.com/docker-library/php/issues/439 | |
--with-mhash \ | |
\ | |
# --enable-ftp is included here because ftp_ssl_connect() needs ftp to be compiled statically (see https://github.com/docker-library/php/issues/236) | |
--enable-ftp \ | |
# --enable-mbstring is included here because otherwise there's no way to get pecl to use it properly (see https://github.com/docker-library/php/issues/195) | |
--enable-mbstring \ | |
# --enable-mysqlnd is included here because it's harder to compile after the fact than extensions are (since it's a plugin for several extensions, not an extension in itself) | |
--enable-mysqlnd \ | |
\ | |
--with-curl \ | |
--with-libedit \ | |
--with-openssl \ | |
--with-zlib \ | |
\ | |
# bundled pcre does not support JIT on s390x | |
# https://manpages.debian.org/stretch/libpcre3-dev/pcrejit.3.en.html#AVAILABILITY_OF_JIT_SUPPORT | |
$(test "$gnuArch" = 's390x-linux-gnu' && echo '--without-pcre-jit') \ | |
\ | |
$PHP_EXTRA_CONFIGURE_ARGS \ | |
&& make -j "$(nproc)" \ | |
&& make install \ | |
&& { find /usr/local/bin /usr/local/sbin -type f -perm +0111 -exec strip --strip-all '{}' + || true; } \ | |
&& make clean \ | |
&& cd / \ | |
&& docker-php-source delete \ | |
\ | |
&& runDeps="$( \ | |
scanelf --needed --nobanner --format '%n#p' --recursive /usr/local \ | |
| tr ',' '\n' \ | |
| sort -u \ | |
| awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \ | |
)" \ | |
&& apk add --no-cache --virtual .php-rundeps $runDeps \ | |
\ | |
&& apk del .build-deps \ | |
\ | |
# https://github.com/docker-library/php/issues/443 | |
&& pecl update-channels \ | |
&& rm -rf /tmp/pear ~/.pearrc | |
COPY docker-php-ext-* docker-php-entrypoint /usr/local/bin/ | |
ENTRYPOINT ["docker-php-entrypoint"] | |
##<autogenerated>## | |
WORKDIR /var/www/html | |
RUN set -ex \ | |
&& cd /usr/local/etc \ | |
&& if [ -d php-fpm.d ]; then \ | |
# for some reason, upstream's php-fpm.conf.default has "include=NONE/etc/php-fpm.d/*.conf" | |
sed 's!=NONE/!=!g' php-fpm.conf.default | tee php-fpm.conf > /dev/null; \ | |
cp php-fpm.d/www.conf.default php-fpm.d/www.conf; \ | |
else \ | |
# PHP 5.x doesn't use "include=" by default, so we'll create our own simple config that mimics PHP 7+ for consistency | |
mkdir php-fpm.d; \ | |
cp php-fpm.conf.default php-fpm.d/www.conf; \ | |
{ \ | |
echo '[global]'; \ | |
echo 'include=etc/php-fpm.d/*.conf'; \ | |
} | tee php-fpm.conf; \ | |
fi \ | |
&& { \ | |
echo '[global]'; \ | |
echo 'error_log = /proc/self/fd/2'; \ | |
echo; \ | |
echo '[www]'; \ | |
echo '; if we send this to /proc/self/fd/1, it never appears'; \ | |
echo 'access.log = /proc/self/fd/2'; \ | |
echo; \ | |
echo 'clear_env = no'; \ | |
echo; \ | |
echo '; Ensure worker stdout and stderr are sent to the main error log.'; \ | |
echo 'catch_workers_output = yes'; \ | |
} | tee php-fpm.d/docker.conf \ | |
&& { \ | |
echo '[global]'; \ | |
echo 'daemonize = no'; \ | |
echo; \ | |
echo '[www]'; \ | |
echo 'listen = 9000'; \ | |
} | tee php-fpm.d/zz-docker.conf | |
EXPOSE 9000 | |
CMD ["php-fpm"] | |
##</autogenerated>## |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment