Release 7.7.0 - See CHANGELOG.md

CHANGELOG.md

@@ -1,3 +1,11 @@
+## 7.7.0 2023-11-25 <dave at tiredofit dot ca>
+
+ ### Added
+  - Allow listening on Unix Socket or TCP Socket (default Unix Socket)
+  - Add host/ip restrictions for TCP listening
+  - Add PHP_FPM_USER and PHP_FPM_GROUP variables to create isolation from upstream image (default NGINX_ or UNIT_ USER|GROUP)
+
+
 ## 7.6.16 2023-11-22 <dave at tiredofit dot ca>
 
  ### Added

README.md

@@ -189,44 +189,51 @@ When `PHP_FPM_CONTAINER_MODE` set to `nginx` the `PHP_FPM_LISTEN_PORT` environme
 
 *You can also pass arguments to each server as defined in the [Nginx Upstream Documentation](https://nginx.org/en/docs/http/ngx_http_upstream_module.html)*
 
-| Parameter | Description | Default |
-| ------------------------------------- | -------------------------------------------------------------------------------------------------------- | ---------------------------------------------- |
-| `PHP_APC_SHM_SIZE` | APC Cache Memory size - `0` to disable | `128M` |
-| `PHP_APC_TTL` | APC Time to live in seconds | `7200` |
-| `PHP_FPM_HOST` | Default PHP-FPM Host, seperate multiple by commas | `127.0.0.1:9000` - See above Container options |
-| `PHP_FPM_LISTEN_PORT` | PHP-FPM Listening Port - Ignored with above container options | `9000` |
-| `PHP_FPM_MAX_CHILDREN` | Maximum Children | `75` |
-| `PHP_FPM_MAX_REQUESTS` | How many requests before spawning new server | `500` |
-| `PHP_FPM_MAX_SPARE_SERVERS` | Maximum Spare Servers available | `3` |
-| `PHP_FPM_MIN_SPARE_SERVERS` | Minium Spare Servers avaialble | `1` |
-| `PHP_FPM_OUTPUT_BUFFER_SIZE` | Output buffer size in bytes | `0` |
-| `PHP_FPM_POST_INIT_COMMAND` | If you wish to execute a command before php-fpm executes, enter it here and seperate multiples by comma. | |
-| `PHP_FPM_POST_INIT_SCRIPT` | If you wish to execute a script before php-fpm executes, enter it here and seperate multiples by comma. | |
-| `PHP_FPM_PROCESS_MANAGER` | How to handle processes `static`, `ondemand`, `dynamic` | `dynamic` |
-| `PHP_FPM_START_SERVERS` | How many FPM servers to start initially | `2` |
-| `PHP_HIDE_X_POWERED_BY` | Hide X-Powered by response | `TRUE` |
-| `PHP_LOG_ACCESS_FILE` | PHP Access Logfile Name | `access.log` |
-| `PHP_LOG_ERROR_FILE` | Logfile name | `error.log` |
-| `PHP_LOG_LEVEL` | PHP Log Level `alert` `error` `warning` `notice` `debug` | `notice` |
-| `PHP_LOG_ACCESS_FORMAT` | Log format - `default` or `json` | `default` |
-| `PHP_LOG_LIMIT` | Characters to log | `2048` |
-| `PHP_LOG_LOCATION` | Log Location for PHP Logs | `/www/logs/php-fpm` |
-| `PHP_MEMORY_LIMIT` | How much memory should PHP use | `128M` |
-| `PHP_OPCACHE_INTERNED_STRINGS_BUFFER` | OPCache interned strings buffer | `8` |
-| `PHP_OPCACHE_JIT_BUFFER_SIZE` | JIT Buffer Size `0` to disable | `50M` |
-| `PHP_OPCACHE_JIT_MODE` | JIT [CRTO](https://wiki.php.net/rfc/jit) Mode - > PHP 8.x | `1255` |
-| `PHP_OPCACHE_MAX_ACCELERATED_FILES` | OPCache Max accelerated files | `10000` |
-| `PHP_OPCACHE_MEM_SIZE` | OPCache Memory Size - Set `0` to disable or via other env vars | `128` |
-| `PHP_OPCACHE_REVALIDATE_FREQ` | OPCache revalidate frequency in seconds | `2` |
-| `PHP_OPCACHE_MAX_WASTED_PERCENTAGE` | Max wasted percentage cache | `5` |
-| `PHP_OPCACHE_VALIDATE_TIMESTAMPS` | Validate timestamps `1` or `0` | `1` |
-| `PHP_OPCACHE_SAVE_COMMENTS` | Opcache Save Comments `0` or `1` | `1` |
-| `PHP_OPCACHE_MAX_FILE_SIZE` | Opcache maximum file size | `0` |
-| `PHP_OPCACHE_OPTIMIZATION_LEVEL` | Opcache optimization level | `0x7FFFBFF` |
-| `PHP_POST_MAX_SIZE` | Maximum Input Size for POST | `2G` |
-| `PHP_TIMEOUT` | Maximum Script execution Time | `180` |
-| `PHP_UPLOAD_MAX_SIZE` | Maximum Input Size for Uploads | `2G` |
-| `PHP_WEBROOT` | Used with `CONTAINER_MODE=php-fpm` | `/www/html` |
+| Parameter | Description | Default |
+| ------------------------------------- | -------------------------------------------------------------------------------------------------------- | ------------------------------------------- |
+| `PHP_APC_SHM_SIZE` | APC Cache Memory size - `0` to disable | `128M` |
+| `PHP_APC_TTL` | APC Time to live in seconds | `7200` |
+| `PHP_FPM_HOST` | PHP-FPM Host, dependenent on PHP_FPM_LISTEN_TYPE, add multiple with commas | `127.0.0.1:9000` or `/var/run/php-fpm.sock` |
+| `PHP_FPM_LISTEN_TYPE` | PHP-FPM listen type `UNIX` sockets or `TCP` sockets or `BOTH` | `unix` |
+| `PHP_FPM_LISTEN_TCP_IP` | PHP-FPM Listening IP if `PHP_LISTEN_TYPE=TCP` | `0.0.0.0` |
+| `PHP_FPM_LISTEN_TCP_IP_ALLOWED` | PHP-FPM allow only these hosts if `PHP_LISTEN_TYPE=TCP` | `127.0.0.1` |
+| `PHP_FPM_LISTEN_TCP_PORT` | PHP-FPM Listening Port - Ignored with above container options | `9000` |
+| `PHP_FPM_LISTEN_UNIX_SOCKET` | PHP-FPM Listen Socket if `PHP_LISTEN_TYPE=UNIX` | `/var/run/php-fpm.sock` |
+| `PHP_FPM_LISTEN_UNIX_SOCKET_USER` | PHP-FPM Listen Socket user `PHP_LISTEN_TYPE=UNIX` | `${NGINX_USER}` or `${UNIT_USER}` |
+| `PHP_FPM_LISTEN_UNIX_SOCKET_GROUP` | PHP-FPM Listen Socket group `PHP_LISTEN_TYPE=UNIX` | `${NGINX_GROUP}` or `${UNIT_GROUP}` |
+| `PHP_FPM_MAX_CHILDREN` | Maximum Children | `75` |
+| `PHP_FPM_MAX_REQUESTS` | How many requests before spawning new server | `500` |
+| `PHP_FPM_MAX_SPARE_SERVERS` | Maximum Spare Servers available | `3` |
+| `PHP_FPM_MIN_SPARE_SERVERS` | Minium Spare Servers avaialble | `1` |
+| `PHP_FPM_OUTPUT_BUFFER_SIZE` | Output buffer size in bytes | `0` |
+| `PHP_FPM_POST_INIT_COMMAND` | If you wish to execute a command before php-fpm executes, enter it here and seperate multiples by comma. | |
+| `PHP_FPM_POST_INIT_SCRIPT` | If you wish to execute a script before php-fpm executes, enter it here and seperate multiples by comma. | |
+| `PHP_FPM_PROCESS_MANAGER` | How to handle processes `static`, `ondemand`, `dynamic` | `dynamic` |
+| `PHP_FPM_START_SERVERS` | How many FPM servers to start initially | `2` |
+| `PHP_FPM_USER` | User to run PHP-FPM master process as | `${NGINX_USER}` or `${UNIT_USER}` |
+| `PHP_HIDE_X_POWERED_BY` | Hide X-Powered by response | `TRUE` |
+| `PHP_LOG_ACCESS_FILE` | PHP Access Logfile Name | `access.log` |
+| `PHP_LOG_ERROR_FILE` | Logfile name | `error.log` |
+| `PHP_LOG_LEVEL` | PHP Log Level `alert` `error` `warning` `notice` `debug` | `notice` |
+| `PHP_LOG_ACCESS_FORMAT` | Log format - `default` or `json` | `default` |
+| `PHP_LOG_LIMIT` | Characters to log | `2048` |
+| `PHP_LOG_LOCATION` | Log Location for PHP Logs | `/www/logs/php-fpm` |
+| `PHP_MEMORY_LIMIT` | How much memory should PHP use | `128M` |
+| `PHP_OPCACHE_INTERNED_STRINGS_BUFFER` | OPCache interned strings buffer | `8` |
+| `PHP_OPCACHE_JIT_BUFFER_SIZE` | JIT Buffer Size `0` to disable | `50M` |
+| `PHP_OPCACHE_JIT_MODE` | JIT [CRTO](https://wiki.php.net/rfc/jit) Mode - > PHP 8.x | `1255` |
+| `PHP_OPCACHE_MAX_ACCELERATED_FILES` | OPCache Max accelerated files | `10000` |
+| `PHP_OPCACHE_MEM_SIZE` | OPCache Memory Size - Set `0` to disable or via other env vars | `128` |
+| `PHP_OPCACHE_REVALIDATE_FREQ` | OPCache revalidate frequency in seconds | `2` |
+| `PHP_OPCACHE_MAX_WASTED_PERCENTAGE` | Max wasted percentage cache | `5` |
+| `PHP_OPCACHE_VALIDATE_TIMESTAMPS` | Validate timestamps `1` or `0` | `1` |
+| `PHP_OPCACHE_SAVE_COMMENTS` | Opcache Save Comments `0` or `1` | `1` |
+| `PHP_OPCACHE_MAX_FILE_SIZE` | Opcache maximum file size | `0` |
+| `PHP_OPCACHE_OPTIMIZATION_LEVEL` | Opcache optimization level | `0x7FFFBFF` |
+| `PHP_POST_MAX_SIZE` | Maximum Input Size for POST | `2G` |
+| `PHP_TIMEOUT` | Maximum Script execution Time | `180` |
+| `PHP_UPLOAD_MAX_SIZE` | Maximum Input Size for Uploads | `2G` |
+| `PHP_WEBROOT` | Used with `CONTAINER_MODE=php-fpm` | `/www/html` |
 
 #### Enabling / Disabling Specific Extensions
 

examples/docker-compose.yml → examples/compose.yml

@@ -1,8 +1,6 @@
-version: '3.7'
-
 services:
  nginx-php-fpm-app:
- image: tiredofit/nginx-php-fpm/8.1
+ image: tiredofit/nginx-php-fpm/8.3-alpine
  container_name: nginx-php-fpm-app
  labels:
  - traefik.enable=true
@@ -14,7 +12,6 @@ services:
  environment:
  - TIMEZONE=America/Vancouver
  - CONTAINER_NAME=nginx-php-fpm-app-app
-
  networks:
  - services
  - proxy

install/assets/defaults/20-php-fpm

@@ -9,8 +9,13 @@ PHP_DISPLAY_ERRORS=${PHP_DISPLAY_ERRORS:-"TRUE"}
 PHP_ENABLE_CREATE_SAMPLE_PHP=${PHP_ENABLE_CREATE_SAMPLE_PHP:-"TRUE"}
 PHP_HIDE_X_POWERED_BY=${PHP_HIDE_X_POWERED_BY:-"TRUE"}
 PHP_KITCHENSINK=${PHP_KITCHENSINK:-"FALSE"}
-PHP_FPM_HOST=${PHP_FPM_HOST:-"127.0.0.1"}
+PHP_FPM_LISTEN_IP=${PHP_FPM_LISTEN_IP:-"0.0.0.0"}
+PHP_FPM_LISTEN_TYPE=${PHP_FPM_LISTEN_TYPE:-"both"}
 PHP_FPM_LISTEN_PORT=${PHP_FPM_LISTEN_PORT:-"9000"}
+PHP_FPM_LISTEN_TCP_IP=${PHP_FPM_LISTEN_TCP_IP:-"${PHP_FPM_LISTEN_IP}"}
+PHP_FPM_LISTEN_TCP_IP_ALLOWED=${PHP_FPM_LISTEN_TCP_IP_ALLOWED:-"127.0.0.1"}
+PHP_FPM_LISTEN_TCP_PORT=${PHP_FPM_LISTEN_TCP_PORT:-"${PHP_FPM_LISTEN_PORT}"}
+PHP_FPM_LISTEN_UNIX_SOCKET=${PHP_FPM_LISTEN_UNIX_SOCKET:-"/var/lib/php-fpm/run/php-fpm.sock"}
 PHP_FPM_MAX_CHILDREN=${PHP_FPM_MAX_CHILDREN:-"75"}
 PHP_FPM_MAX_REQUESTS=${PHP_FPM_MAX_REQUESTS:-"500"}
 PHP_FPM_MAX_SPARE_SERVERS=${PHP_FPM_MAX_SPARE_SERVERS:-"3"}
@@ -37,7 +42,6 @@ PHP_OPCACHE_REVALIDATE_FREQ=${PHP_OPCACHE_REVALIDATE_FREQ:-"2"}
 PHP_OPCACHE_SAVE_COMMENTS=${PHP_OPCACHE_SAVE_COMMENTS:-"1"}
 PHP_OPCACHE_VALIDATE_TIMESTAMPS=${PHP_OPCACHE_VALIDATE_TIMESTAMPS:-"1"}
 PHP_POST_MAX_SIZE=${PHP_POST_MAX_SIZE:-"2G"}
-
 PHP_TIMEOUT=${PHP_TIMEOUT:-"180"}
 PHP_UPLOAD_MAX_SIZE=${PHP_UPLOAD_MAX_SIZE:-"2G"}
 PHP_VERSION=${PHP_VERSION:-$(php -v 2>/dev/null | grep "^PHP " | head -n 1 | awk '{print $2}')}
@@ -62,6 +66,34 @@ PHP_XDEBUG_DISCOVER_CLIENT_HOST=${PHP_XDEBUG_DISCOVER_CLIENT_HOST:-"default"}
 PHP_XDEBUG_CLIENT_HOST=${PHP_XDEBUG_CLIENT_HOST:-"127.0.0.1"}
 PHP_XDEBUG_CLIENT_PORT=${PHP_XDEBUG_CLIENT_PORT:-"9003"}
 
+if [ -f "/usr/sbin/unitd" ] ; then
+ PHP_FPM_LISTEN_UNIX_GROUP=${PHP_FPM_LISTEN_UNIX_GROUP:-"${UNIT_GROUP}"}
+ PHP_FPM_LISTEN_UNIX_USER=${PHP_FPM_LISTEN_UNIX_USER:-"${UNIT_USER}"}
+ PHP_FPM_USER=${PHP_FPM_USER:-"${UNIT_USER}"}
+ PHP_FPM_GROUP=${PHP_FPM_GROUP:-"${UNIT_GROUP}"}
+fi
+
+if [ -f "/usr/sbin/nginx" ] ; then
+ PHP_FPM_LISTEN_UNIX_GROUP=${PHP_FPM_LISTEN_UNIX_GROUP:-"${NGINX_GROUP}"}
+ PHP_FPM_LISTEN_UNIX_USER=${PHP_FPM_LISTEN_UNIX_USER:-"${NGINX_USER}"}
+ PHP_FPM_USER=${PHP_FPM_USER:-"${NGINX_USER}"}
+ PHP_FPM_GROUP=${PHP_FPM_GROUP:-"${NGINX_GROUP}"}
+fi
+
+if [ -z "${PHP_FPM_HOST}" ]; then
+ case "${PHP_FPM_LISTEN_TYPE,,}" in
+ both )
+ PHP_FPM_HOST=${PHP_FPM_LISTEN_UNIX_SOCKET}
+ ;;
+ tcp )
+ PHP_FPM_HOST=127.0.0.1:${PHP_FPM_LISTEN_TCP_PORT}
+ ;;
+ unix )
+ PHP_FPM_HOST=${PHP_FPM_LISTEN_UNIX_SOCKET}
+ ;;
+ esac
+fi
+
 if [ "${PHP_BASE:0:1}" != "8" ] ; then
  PHP_ENABLE_JSON=TRUE
 fi
@@ -75,3 +107,4 @@ if [ "${PHP_ENABLE_MEMCACHED,,}" = "true" ] ; then
  PHP_ENABLE_IGBINARY=TRUE
  PHP_ENABLE_MSGPACK=TRUE
 fi
+