From f94e0645fb1ca28f4f406e173358376187d0b1fd Mon Sep 17 00:00:00 2001 From: Ernesto Baschny Date: Wed, 2 Jul 2025 18:51:27 +0200 Subject: [PATCH 1/5] Add PHP_EXTENSIONS setting to enable specific set of extensions Overrides the defaults, which enables all provided extensions --- README.md | 36 +++++++++++++---------- example-app/.env.docker | 3 ++ files/entrypoint-extras.sh | 60 +++++++++++++++++++++++++++++--------- 3 files changed, 71 insertions(+), 28 deletions(-) diff --git a/README.md b/README.md index 2325530..04bb043 100644 --- a/README.md +++ b/README.md @@ -76,7 +76,12 @@ This image includes the following additional extensions: * yaml * zip -Additionally, it includes the following utilities for TYPO3 specific workflows: +All extensions are enabled by default. If you want to only disable some of them, +you can use the setting `PHP_DISABLE_EXTENSIONS` in the environment variables. +If you want to override the list of enabled extensions, you can use the +`PHP_EXTENSIONS` environment variable. + +Additionally, the image includes the following utilities for TYPO3 specific workflows: * GraphicsMagick * curl @@ -141,22 +146,23 @@ Application root is `/app`. Application runs as user `application` (uid=1000). ### Settings (through environment variables) -| Setting | Image | Default | Description | -|----------------------------------------|----------|-------------|------------------------------------------------------------------------------------------------------------------------------------------| -| `XDEBUG_MODE` | fpm, ssh | debug | Or set to `develop` (slow) or `none` to turn it off completely. See https://xdebug.org/docs/all_settings#mode | +| Setting | Image | Default | Description | +|--------------------------------------------|----------|-------------|------------------------------------------------------------------------------------------------------------------------------------------| +| `XDEBUG_MODE` | fpm, ssh | debug | Or set to `develop` (slow) or `none` to turn it off completely. See https://xdebug.org/docs/all_settings#mode | | `DB_HOST`, `DB_USER`, `DB_PASS`, `DB_NAME` | ssh | | These will create a `.my.cnf` for the user. You can use the same variables in your `docker-compose.yml` to configure the MariaDB image. | | `APPLICATION_UID`, `APPLICATION_GID` | fpm, ssh | 1000, 1000 | UID and GID for the application user. Change to match your local user in case you use bind-mounts (Linux only) | -| `IMPORT_GITLAB_SERVER` | ssh | git.cron.eu | Gitlab instance to import SSH key from | -| `IMPORT_GITLAB_PUB_KEYS` | ssh | | Gitlab user to import SSH keys from | -| `IMPORT_GITHUB_PUB_KEYS` | ssh | | GitHub user to import SSH keys from | -| `IMPORT_PUB_KEYS` | ssh | | Additional SSH public keys to load, comma separated | -| `SSH_CONFIG` | ssh | | The whole content of the `.ssh/config` file | -| `SSH_KNOWN_HOSTS` | ssh | | The whole content of the `.ssh/known_hosts` file | -| `SSH_PRIVATE_KEY` | ssh | | A SSH private key to load in an `ssh-agent`, useful if you run a SSH container with commands | | -| `ENV` | ssh | | The name of the environment to show on the shell prompt | -| `PHP_INI_OVERRIDE` | fpm, ssh | | Allow overriding php.ini settings. Simply the multiline content for a php.ini here. Use "\n" for multiline i.e. in ECS | -| `PHP_FPM_OVERRIDE` | fpm | | Allow overriding php-fpm pool settings. The multiline content for php-fpm.conf here. Use "\n" for multiline i.e. in ECS | -| `PHP_DISABLE_EXTENSIONS` | fpm, ssh | | Comma separated list of PHP extensions to disable. | +| `IMPORT_GITLAB_SERVER` | ssh | git.cron.eu | Gitlab instance to import SSH key from | +| `IMPORT_GITLAB_PUB_KEYS` | ssh | | Gitlab user to import SSH keys from | +| `IMPORT_GITHUB_PUB_KEYS` | ssh | | GitHub user to import SSH keys from | +| `IMPORT_PUB_KEYS` | ssh | | Additional SSH public keys to load, comma separated | +| `SSH_CONFIG` | ssh | | The whole content of the `.ssh/config` file | +| `SSH_KNOWN_HOSTS` | ssh | | The whole content of the `.ssh/known_hosts` file | +| `SSH_PRIVATE_KEY` | ssh | | A SSH private key to load in an `ssh-agent`, useful if you run a SSH container with commands | | +| `ENV` | ssh | | The name of the environment to show on the shell prompt | +| `PHP_INI_OVERRIDE` | fpm, ssh | | Allow overriding php.ini settings. Simply the multiline content for a php.ini here. Use "\n" for multiline i.e. in ECS | +| `PHP_FPM_OVERRIDE` | fpm | | Allow overriding php-fpm pool settings. The multiline content for php-fpm.conf here. Use "\n" for multiline i.e. in ECS | +| `PHP_EXTENSIONS` | fpm, ssh | (all) | Comma separated list of PHP extensions to enable (if this is not set, all are enabled). | +| `PHP_DISABLE_EXTENSIONS` | fpm, ssh | | Comma separated list of PHP extensions to disable (in case you keep all enabled, you can disable individual ones, i.e. igbinary). | ## Example usage diff --git a/example-app/.env.docker b/example-app/.env.docker index 1eab004..b229b90 100644 --- a/example-app/.env.docker +++ b/example-app/.env.docker @@ -12,6 +12,9 @@ # See https://xdebug.org/docs/develop#mode XDEBUG_MODE=debug +# If you only want a specific subset of extensions enabled. This is the default set of all: +#PHP_EXTENSIONS=apcu,bcmath,bz2,calendar,exif,gd,gettext,imagick,intl,mysqli,opcache,pcntl,pdo_mysql,redis,shmop,soap,sockets,sysvmsg,sysvsem,sysvshm,uuid,xdebug,yaml,zip + # ----------------------------------------- # For the ssh container # ----------------------------------------- diff --git a/files/entrypoint-extras.sh b/files/entrypoint-extras.sh index da358ec..e5bac8e 100644 --- a/files/entrypoint-extras.sh +++ b/files/entrypoint-extras.sh @@ -14,22 +14,56 @@ else echo "zend_extension=xdebug.so" > /usr/local/etc/php/conf.d/docker-php-ext-xdebug.ini fi -# Enable all extensions which might have been disabled at some point first -if ls /usr/local/etc/php/conf.d/*php-ext*.disabled 1> /dev/null 2>&1; then - for file in /usr/local/etc/php/conf.d/*php-ext*.disabled; do - mv "$file" "${file%.disabled}" - done -fi -# Disable extensions based on PHP_DISABLE_EXTENSIONS -if [ ! -z "${PHP_DISABLE_EXTENSIONS}" ]; then - for ext in $(echo $PHP_DISABLE_EXTENSIONS | sed -e 's/,/ /g'); do - if [ -f "/usr/local/etc/php/conf.d/docker-php-ext-$ext.ini" ]; then - echo "* Disabling PHP extension: $ext" - mv /usr/local/etc/php/conf.d/docker-php-ext-$ext.ini /usr/local/etc/php/conf.d/docker-php-ext-$ext.ini.disabled +# Controls which extensions are enabled. + +if [ ! -z "${PHP_EXTENSIONS}" ]; then + # If PHP_EXTENSIONS is set: only enable the ones specified + + echo "* PHP_EXTENSIONS: $PHP_EXTENSIONS" + echo "* Disabling all extensions and enabling only specified ones." + + # First, disable all extensions by renaming them + if ls /usr/local/etc/php/conf.d/docker-php-ext-*.ini 1> /dev/null 2>&1; then + for file in /usr/local/etc/php/conf.d/docker-php-ext-*.ini; do + mv "$file" "$file.disabled" + done + fi + + # Now, enable the extensions listed in PHP_EXTENSIONS + for ext in $(echo "$PHP_EXTENSIONS" | sed -e 's/,/ /g'); do + disabled_ext_file="/usr/local/etc/php/conf.d/docker-php-ext-$ext.ini.disabled" + enabled_ext_file="/usr/local/etc/php/conf.d/docker-php-ext-$ext.ini" + + if [ -f "$disabled_ext_file" ]; then + echo "* Enabling PHP extension: $ext" + mv "$disabled_ext_file" "$enabled_ext_file" + elif [ -f "$enabled_ext_file" ]; then + # This case should not happen if the above disabling loop worked, but as a fallback. + echo "* PHP extension $ext was already enabled." else - echo "* WARNING: PHP extension $ext not found, cannot disable" + echo "* WARNING: PHP extension $ext not found, cannot enable." fi done +else + # If PHP_EXTENSIONS is not set, all extensions are enabled by default. + + # Enable all extensions which might have been disabled at some point first + if ls /usr/local/etc/php/conf.d/*php-ext*.disabled 1> /dev/null 2>&1; then + for file in /usr/local/etc/php/conf.d/*php-ext*.disabled; do + mv "$file" "${file%.disabled}" + done + fi + # Disable extensions based on PHP_DISABLE_EXTENSIONS + if [ ! -z "${PHP_DISABLE_EXTENSIONS}" ]; then + for ext in $(echo $PHP_DISABLE_EXTENSIONS | sed -e 's/,/ /g'); do + if [ -f "/usr/local/etc/php/conf.d/docker-php-ext-$ext.ini" ]; then + echo "* Disabling PHP extension: $ext" + mv /usr/local/etc/php/conf.d/docker-php-ext-$ext.ini /usr/local/etc/php/conf.d/docker-php-ext-$ext.ini.disabled + else + echo "* WARNING: PHP extension $ext not found, cannot disable" + fi + done + fi fi if [ ! -z "${APPLICATION_UID}" ]; then From 88938285261bab72494add05542f8b9a972ca841 Mon Sep 17 00:00:00 2001 From: Ernesto Baschny Date: Wed, 2 Jul 2025 19:03:19 +0200 Subject: [PATCH 2/5] Readd removed extensions (apcu, bcmath) Regression from https://github.com/cron-eu/docker-phpapp-php/pull/42/commits/192d55f36e202be85fc64fe518fedc3bb666d0c0 --- Dockerfile | 2 ++ 1 file changed, 2 insertions(+) diff --git a/Dockerfile b/Dockerfile index da48979..2ebd74f 100644 --- a/Dockerfile +++ b/Dockerfile @@ -33,6 +33,8 @@ COPY --from=mlocati/php-extension-installer /usr/bin/install-php-extensions /usr RUN < Date: Wed, 2 Jul 2025 19:22:53 +0200 Subject: [PATCH 3/5] Add vips extension (image processing) --- Dockerfile | 1 + README.md | 1 + example-app/.env.docker | 4 +++- 3 files changed, 5 insertions(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 2ebd74f..5d4bedc 100644 --- a/Dockerfile +++ b/Dockerfile @@ -54,6 +54,7 @@ RUN < Date: Wed, 2 Jul 2025 19:54:50 +0200 Subject: [PATCH 4/5] Keep special handling of XDEBUG_MOD --- files/entrypoint-extras.sh | 20 +++++++++++--------- 1 file changed, 11 insertions(+), 9 deletions(-) diff --git a/files/entrypoint-extras.sh b/files/entrypoint-extras.sh index e5bac8e..6282472 100644 --- a/files/entrypoint-extras.sh +++ b/files/entrypoint-extras.sh @@ -5,15 +5,6 @@ # # Mainly tweaking php settings based on ENV variables -# Really disable XDEBUG if not required -if [ -z "${XDEBUG_MODE}" ] || [ "${XDEBUG_MODE}" = "off" ]; then - # completely not load xdebug if its off - rm -f /usr/local/etc/php/conf.d/docker-php-ext-xdebug.ini -else - echo "* Enabling XDEBUG: $XDEBUG_MODE" - echo "zend_extension=xdebug.so" > /usr/local/etc/php/conf.d/docker-php-ext-xdebug.ini -fi - # Controls which extensions are enabled. if [ ! -z "${PHP_EXTENSIONS}" ]; then @@ -66,6 +57,17 @@ else fi fi +# Special handling for XDEBUG through XDEBUG_MODE: + +# Really disable XDEBUG if not required +if [ -z "${XDEBUG_MODE}" ] || [ "${XDEBUG_MODE}" = "off" ]; then + # completely not load xdebug if its off + rm -f /usr/local/etc/php/conf.d/docker-php-ext-xdebug.ini +else + echo "* Enabling XDEBUG: $XDEBUG_MODE" + echo "zend_extension=xdebug.so" > /usr/local/etc/php/conf.d/docker-php-ext-xdebug.ini +fi + if [ ! -z "${APPLICATION_UID}" ]; then echo "* Change uid of 'application' user to $APPLICATION_UID" usermod -u $APPLICATION_UID application From abc5063cbe12ea7ef5da2da2ee91ba8e06945237 Mon Sep 17 00:00:00 2001 From: Ernesto Baschny Date: Thu, 3 Jul 2025 00:47:39 +0200 Subject: [PATCH 5/5] Also add ffi for newer vips implementations --- Dockerfile | 1 + README.md | 1 + example-app/.env.docker | 2 +- 3 files changed, 3 insertions(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 5d4bedc..9f5bfba 100644 --- a/Dockerfile +++ b/Dockerfile @@ -38,6 +38,7 @@ RUN <