|
|
- #
- # NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh"
- #
- # PLEASE DO NOT EDIT IT DIRECTLY.
- #
-
- FROM debian:buster-slim
-
- # prevent Debian's PHP packages from being installed
- # https://github.com/docker-library/php/pull/542
- RUN set -eux; \
- { \
- echo 'Package: php*'; \
- echo 'Pin: release *'; \
- echo 'Pin-Priority: -1'; \
- } > /etc/apt/preferences.d/no-debian-php
-
- # dependencies required for running "phpize"
- # (see persistent deps below)
- ENV PHPIZE_DEPS \
- autoconf \
- dpkg-dev \
- file \
- g++ \
- gcc \
- libc-dev \
- make \
- pkg-config \
- re2c
-
- # persistent / runtime deps
- RUN set -eux; \
- apt-get update; \
- apt-get install -y --no-install-recommends \
- $PHPIZE_DEPS \
- ca-certificates \
- curl \
- xz-utils \
- ; \
- rm -rf /var/lib/apt/lists/*
-
- ENV PHP_INI_DIR /usr/local/etc/php
- RUN set -eux; \
- mkdir -p "$PHP_INI_DIR/conf.d"; \
- # allow running as an arbitrary user (https://github.com/docker-library/php/issues/743)
- [ ! -d /var/www/html ]; \
- mkdir -p /var/www/html; \
- chown www-data:www-data /var/www/html; \
- chmod 777 /var/www/html
-
- ENV APACHE_CONFDIR /etc/apache2
- ENV APACHE_ENVVARS $APACHE_CONFDIR/envvars
-
- RUN set -eux; \
- apt-get update; \
- apt-get install -y --no-install-recommends apache2; \
- rm -rf /var/lib/apt/lists/*; \
- \
- # generically convert lines like
- # export APACHE_RUN_USER=www-data
- # into
- # : ${APACHE_RUN_USER:=www-data}
- # export APACHE_RUN_USER
- # so that they can be overridden at runtime ("-e APACHE_RUN_USER=...")
- sed -ri 's/^export ([^=]+)=(.*)$/: ${\1:=\2}\nexport \1/' "$APACHE_ENVVARS"; \
- \
- # setup directories and permissions
- . "$APACHE_ENVVARS"; \
- for dir in \
- "$APACHE_LOCK_DIR" \
- "$APACHE_RUN_DIR" \
- "$APACHE_LOG_DIR" \
- ; do \
- rm -rvf "$dir"; \
- mkdir -p "$dir"; \
- chown "$APACHE_RUN_USER:$APACHE_RUN_GROUP" "$dir"; \
- # allow running as an arbitrary user (https://github.com/docker-library/php/issues/743)
- chmod 777 "$dir"; \
- done; \
- \
- # delete the "index.html" that installing Apache drops in here
- rm -rvf /var/www/html/*; \
- \
- # logs should go to stdout / stderr
- ln -sfT /dev/stderr "$APACHE_LOG_DIR/error.log"; \
- ln -sfT /dev/stdout "$APACHE_LOG_DIR/access.log"; \
- ln -sfT /dev/stdout "$APACHE_LOG_DIR/other_vhosts_access.log"; \
- chown -R --no-dereference "$APACHE_RUN_USER:$APACHE_RUN_GROUP" "$APACHE_LOG_DIR"
-
- # Apache + PHP requires preforking Apache for best results
- RUN a2dismod mpm_event && a2enmod mpm_prefork
-
- # PHP files should be handled by PHP, and should be preferred over any other file type
- RUN { \
- echo '<FilesMatch \.php$>'; \
- echo '\tSetHandler application/x-httpd-php'; \
- echo '</FilesMatch>'; \
- echo; \
- echo 'DirectoryIndex disabled'; \
- echo 'DirectoryIndex index.php index.html'; \
- echo; \
- echo '<Directory /var/www/>'; \
- echo '\tOptions -Indexes'; \
- echo '\tAllowOverride All'; \
- echo '</Directory>'; \
- } | tee "$APACHE_CONFDIR/conf-available/docker-php.conf" \
- && a2enconf docker-php
-
- # Apply stack smash protection to functions using local buffers and alloca()
- # Make PHP's main executable position-independent (improves ASLR security mechanism, and has no performance impact on x86_64)
- # Enable optimization (-O2)
- # Enable linker optimization (this sorts the hash buckets to improve cache locality, and is non-default)
- # https://github.com/docker-library/php/issues/272
- # -D_LARGEFILE_SOURCE and -D_FILE_OFFSET_BITS=64 (https://www.php.net/manual/en/intro.filesystem.php)
- ENV PHP_CFLAGS="-fstack-protector-strong -fpic -fpie -O2 -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64"
- ENV PHP_CPPFLAGS="$PHP_CFLAGS"
- ENV PHP_LDFLAGS="-Wl,-O1 -pie"
-
- ENV GPG_KEYS 42670A7FE4D0441C8E4632349E4FDC074A4EF02D 5A52880781F755608BF815FC910DEB46F53EA312
-
- ENV PHP_VERSION 7.4.24
- ENV PHP_URL="https://www.php.net/distributions/php-7.4.24.tar.xz" PHP_ASC_URL="https://www.php.net/distributions/php-7.4.24.tar.xz.asc"
- ENV PHP_SHA256="ff7658ee2f6d8af05b48c21146af5f502e121def4e76e862df5ec9fa06e98734"
-
- RUN set -eux; \
- \
- savedAptMark="$(apt-mark showmanual)"; \
- apt-get update; \
- apt-get install -y --no-install-recommends gnupg dirmngr; \
- rm -rf /var/lib/apt/lists/*; \
- \
- mkdir -p /usr/src; \
- cd /usr/src; \
- \
- curl -fsSL -o php.tar.xz "$PHP_URL"; \
- \
- if [ -n "$PHP_SHA256" ]; then \
- echo "$PHP_SHA256 *php.tar.xz" | sha256sum -c -; \
- fi; \
- \
- if [ -n "$PHP_ASC_URL" ]; then \
- curl -fsSL -o php.tar.xz.asc "$PHP_ASC_URL"; \
- export GNUPGHOME="$(mktemp -d)"; \
- for key in $GPG_KEYS; do \
- gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key"; \
- done; \
- gpg --batch --verify php.tar.xz.asc php.tar.xz; \
- gpgconf --kill all; \
- rm -rf "$GNUPGHOME"; \
- fi; \
- \
- apt-mark auto '.*' > /dev/null; \
- apt-mark manual $savedAptMark > /dev/null; \
- apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false
-
- COPY docker-php-source /usr/local/bin/
-
- RUN set -eux; \
- \
- savedAptMark="$(apt-mark showmanual)"; \
- apt-get update; \
- apt-get install -y --no-install-recommends \
- apache2-dev \
- libargon2-dev \
- libcurl4-openssl-dev \
- libonig-dev \
- libreadline-dev \
- libsodium-dev \
- libsqlite3-dev \
- libssl-dev \
- libxml2-dev \
- zlib1g-dev \
- ; \
- \
- export \
- CFLAGS="$PHP_CFLAGS" \
- CPPFLAGS="$PHP_CPPFLAGS" \
- LDFLAGS="$PHP_LDFLAGS" \
- ; \
- docker-php-source extract; \
- cd /usr/src/php; \
- gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \
- debMultiarch="$(dpkg-architecture --query DEB_BUILD_MULTIARCH)"; \
- # https://bugs.php.net/bug.php?id=74125
- if [ ! -d /usr/include/curl ]; then \
- ln -sT "/usr/include/$debMultiarch/curl" /usr/local/include/curl; \
- fi; \
- ./configure \
- --build="$gnuArch" \
- --with-config-file-path="$PHP_INI_DIR" \
- --with-config-file-scan-dir="$PHP_INI_DIR/conf.d" \
- \
- # make sure invalid --configure-flags are fatal errors instead of just warnings
- --enable-option-checking=fatal \
- \
- # https://github.com/docker-library/php/issues/439
- --with-mhash \
- \
- # https://github.com/docker-library/php/issues/822
- --with-pic \
- \
- # --enable-ftp is included here because ftp_ssl_connect() needs ftp to be compiled statically (see https://github.com/docker-library/php/issues/236)
- --enable-ftp \
- # --enable-mbstring is included here because otherwise there's no way to get pecl to use it properly (see https://github.com/docker-library/php/issues/195)
- --enable-mbstring \
- # --enable-mysqlnd is included here because it's harder to compile after the fact than extensions are (since it's a plugin for several extensions, not an extension in itself)
- --enable-mysqlnd \
- # https://wiki.php.net/rfc/argon2_password_hash
- --with-password-argon2 \
- # https://wiki.php.net/rfc/libsodium
- --with-sodium=shared \
- # always build against system sqlite3 (https://github.com/php/php-src/commit/6083a387a81dbbd66d6316a3a12a63f06d5f7109)
- --with-pdo-sqlite=/usr \
- --with-sqlite3=/usr \
- \
- --with-curl \
- --with-openssl \
- --with-readline \
- --with-zlib \
- \
- # in PHP 7.4+, the pecl/pear installers are officially deprecated (requiring an explicit "--with-pear")
- --with-pear \
- \
- # bundled pcre does not support JIT on s390x
- # https://manpages.debian.org/bullseye/libpcre3-dev/pcrejit.3.en.html#AVAILABILITY_OF_JIT_SUPPORT
- $(test "$gnuArch" = 's390x-linux-gnu' && echo '--without-pcre-jit') \
- --with-libdir="lib/$debMultiarch" \
- \
- --disable-cgi \
- \
- --with-apxs2 \
- ; \
- make -j "$(nproc)"; \
- find -type f -name '*.a' -delete; \
- make install; \
- find \
- /usr/local \
- -type f \
- -perm '/0111' \
- -exec sh -euxc ' \
- strip --strip-all "$@" || : \
- ' -- '{}' + \
- ; \
- make clean; \
- \
- # https://github.com/docker-library/php/issues/692 (copy default example "php.ini" files somewhere easily discoverable)
- cp -v php.ini-* "$PHP_INI_DIR/"; \
- \
- cd /; \
- docker-php-source delete; \
- \
- # reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies
- apt-mark auto '.*' > /dev/null; \
- [ -z "$savedAptMark" ] || apt-mark manual $savedAptMark; \
- find /usr/local -type f -executable -exec ldd '{}' ';' \
- | awk '/=>/ { print $(NF-1) }' \
- | sort -u \
- | xargs -r dpkg-query --search \
- | cut -d: -f1 \
- | sort -u \
- | xargs -r apt-mark manual \
- ; \
- apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \
- rm -rf /var/lib/apt/lists/*; \
- \
- # update pecl channel definitions https://github.com/docker-library/php/issues/443
- pecl update-channels; \
- rm -rf /tmp/pear ~/.pearrc; \
- \
- # smoke test
- php --version
-
- COPY docker-php-ext-* docker-php-entrypoint /usr/local/bin/
-
- # sodium was built as a shared module (so that it can be replaced later if so desired), so let's enable it too (https://github.com/docker-library/php/issues/598)
- RUN docker-php-ext-enable sodium
-
- ENTRYPOINT ["docker-php-entrypoint"]
- # https://httpd.apache.org/docs/2.4/stopping.html#gracefulstop
- STOPSIGNAL SIGWINCH
-
- COPY apache2-foreground /usr/local/bin/
- WORKDIR /var/www/html
-
- EXPOSE 80
- CMD ["apache2-foreground"]
|