实践说明:基于RHEL7(CentOS7.9)部署docker环境(23.0.1、24.0.2),所构建的php7.4.33镜像应用于RHEL7-9(如AlmaLinux9.1),但因为docker的特性,适用场景是不限于此的。
文档形成时期:2017-2023年
因系统或软件版本不同,构建部署可能略有差异,但本文未做细分,对稍有经验者应不存在明显障碍。
因软件世界之复杂和个人能力之限,难免疏漏和错误,欢迎指正。
php-7.4.33发布时间是2022.11.03,各模组安装可以参考这个时间。
通过临时容器获得默认配置和模组信息(可选):
创建临时容器的目的主要是获得默认配置、模组等信息。
docker run -itd --name phpfpm-7.4.33-tmp php:7.4.33-fpm
进入容器查看默认配置
docker exec -it phpfpm-7.4.33-tmp /bin/bash
准备国内源,建议用http而不是https
/etc/apt/sources.list阿里云源准备,放构建当前目录
deb https://mirrors.aliyun.com/debian/ bullseye main non-free contrib
deb-src https://mirrors.aliyun.com/debian/ bullseye main non-free contrib
deb https://mirrors.aliyun.com/debian-security/ bullseye-security main
deb-src https://mirrors.aliyun.com/debian-security/ bullseye-security main
deb https://mirrors.aliyun.com/debian/ bullseye-updates main non-free contrib
deb-src https://mirrors.aliyun.com/debian/ bullseye-updates main non-free contrib
deb https://mirrors.aliyun.com/debian/ bullseye-backports main non-free contrib
deb-src https://mirrors.aliyun.com/debian/ bullseye-backports main non-free contrib
[root@localhost ~]# docker exec phpfpm-7.4.33-tmp /bin/bash -c ‘php -m’
[PHP Modules]
Core
ctype
curl
date
dom
fileinfo
filter
ftp
hash
iconv
json
libxml
mbstring
mysqlnd
openssl
pcre
PDO
pdo_sqlite
Phar
posix
readline
Reflection
session
SimpleXML
sodium
SPL
sqlite3
standard
tokenizer
xml
xmlreader
xmlwriter
zlib
[Zend Modules]
和php7.1.33的差不多,仅多一个sodium
创建自定义网络,并指定网段、网关,只有定义了网段,才可以使用此网络为容器分配固定IP
docker network create -d bridge --subnet 10.1.5.0/24 --gateway 10.1.5.1 custom_bridge_net
基于官方php:7.4.33-fpm镜像默认模组、wordpress对php环境的要求,第三方php7.4.33部署常见模组,以及曾经的生产环境常用模组,最终整理了比较完整模组安装的Dockerfile文件。
/root/sh/Dockerfiles/Independent/php7.4.33_Dockerfile 的内容:
FROM php:7.4.33-fpm
MAINTAINER Fisher "N"
# 设置时区
ENV TZ=Asia/Shanghai
#Download PHP extensions
#ADD https://raw.githubusercontent.com/mlocati/docker-php-extension-installer/master/install-php-extensions /usr/local/bin/
#RUN chmod uga+x /usr/local/bin/install-php-extensions && sync
COPY --from=mlocati/php-extension-installer /usr/bin/install-php-extensions /usr/bin/
ADD sources_debian11.list /etc/apt/sources.list
RUN ln -snf /usr/share/zoneinfo/$TZ /etc/localtime && echo $TZ > /etc/timezone \
&& mkdir /opt/web && mkdir -p /usr/local/php74/var/log && touch /usr/local/php74/var/log/php-fpm.log && touch /usr/local/php74/var/log/php_errors.log \
&& groupadd www -g 1000 && useradd -s /sbin/nologin -M www -u 1000 -g 1000 && mkdir /home/www && chown www:www /home/www \
&& chown www:www /usr/local/php74/var/log/php-fpm.log /usr/local/php74/var/log/php_errors.log \
&& DEBIAN_FRONTEND=noninteractive apt-get update -q \
&& DEBIAN_FRONTEND=noninteractive apt-get install -qq -y \
curl \
git \
zip unzip \
&& install-php-extensions \
@composer-2.5.8 \
bcmath \
bz2 \
calendar \
exif \
gd \
intl \
ldap \
memcached \
mysqli \
opcache \
pdo_mysql \
pdo_pgsql \
pgsql \
redis \
soap \
xsl \
zip \
sockets \
swoole \
yaf \
memcached \
mongodb-stable \
mcrypt \
iconv \
mbstring \
gettext \
gmp \
ftp \
pcntl \
shmop \
sysvsem \
sysvshm \
sqlsrv pdo_sqlsrv \
odbc \
xmlrpc \
geoip \
imagick \
&& docker-php-ext-enable \
bcmath \
exif \
gmp \
mcrypt \
mysqli \
pcntl \
pdo_sqlsrv \
shmop \
sysvsem \
xsl \
bz2 \
gd \
intl \
memcached \
odbc \
pdo_mysql \
pgsql \
soap \
sqlsrv \
sysvshm \
yaf \
calendar \
gettext \
ldap \
mongodb \
pdo_pgsql \
redis \
sockets \
swoole \
xmlrpc \
zip \
geoip \
imagick
参考:php模组部署说明
cd /root/sh/Dockerfiles/Independent
docker buildx build -t tmtcha/php:7.4.33-fpm-v1.02 -f /root/sh/Dockerfiles/Independent/php7.4.33_Dockerfile .
注:偶尔因网络问题构建失败,可调整模组构建顺序后重试。
构建时间:1049.9s,约17分钟
容器运行失败,可查看日志
docker logs 容器ID或名称
以构建的镜像运行一个临时的容器,为查看和拷贝配置等文件。
删除之前的临时容器(如果有):docker stop phpfpm-7.4.33-tmp; docker rm phpfpm-7.4.33-tmp
docker run -itd --name phpfpm-7.4.33-tmp tmtcha/php:7.4.33-fpm-v1.02
可以看到,默认加载配置是这样的:
[root@localhost ~]# docker exec phpfpm-7.4.33-tmp /bin/bash -c "php --ini"
Configuration File (php.ini) Path: /usr/local/etc/php
Loaded Configuration File: (none)
Scan for additional .ini files in: /usr/local/etc/php/conf.d
Additional .ini files parsed: /usr/local/etc/php/conf.d/docker-php-ext-bcmath.ini,
/usr/local/etc/php/conf.d/docker-php-ext-bz2.ini,
/usr/local/etc/php/conf.d/docker-php-ext-calendar.ini,
/usr/local/etc/php/conf.d/docker-php-ext-exif.ini,
/usr/local/etc/php/conf.d/docker-php-ext-gd.ini,
/usr/local/etc/php/conf.d/docker-php-ext-geoip.ini,
/usr/local/etc/php/conf.d/docker-php-ext-gettext.ini,
/usr/local/etc/php/conf.d/docker-php-ext-gmp.ini,
/usr/local/etc/php/conf.d/docker-php-ext-imagick.ini,
/usr/local/etc/php/conf.d/docker-php-ext-intl.ini,
/usr/local/etc/php/conf.d/docker-php-ext-ldap.ini,
/usr/local/etc/php/conf.d/docker-php-ext-mcrypt.ini,
/usr/local/etc/php/conf.d/docker-php-ext-mongodb.ini,
/usr/local/etc/php/conf.d/docker-php-ext-mysqli.ini,
/usr/local/etc/php/conf.d/docker-php-ext-odbc.ini,
/usr/local/etc/php/conf.d/docker-php-ext-opcache.ini,
/usr/local/etc/php/conf.d/docker-php-ext-pcntl.ini,
/usr/local/etc/php/conf.d/docker-php-ext-pdo_mysql.ini,
/usr/local/etc/php/conf.d/docker-php-ext-pdo_pgsql.ini,
/usr/local/etc/php/conf.d/docker-php-ext-pdo_sqlsrv.ini,
/usr/local/etc/php/conf.d/docker-php-ext-pgsql.ini,
/usr/local/etc/php/conf.d/docker-php-ext-redis.ini,
/usr/local/etc/php/conf.d/docker-php-ext-shmop.ini,
/usr/local/etc/php/conf.d/docker-php-ext-soap.ini,
/usr/local/etc/php/conf.d/docker-php-ext-sockets.ini,
/usr/local/etc/php/conf.d/docker-php-ext-sodium.ini,
/usr/local/etc/php/conf.d/docker-php-ext-sqlsrv.ini,
/usr/local/etc/php/conf.d/docker-php-ext-swoole.ini,
/usr/local/etc/php/conf.d/docker-php-ext-sysvsem.ini,
/usr/local/etc/php/conf.d/docker-php-ext-sysvshm.ini,
/usr/local/etc/php/conf.d/docker-php-ext-xmlrpc.ini,
/usr/local/etc/php/conf.d/docker-php-ext-xsl.ini,
/usr/local/etc/php/conf.d/docker-php-ext-yaf.ini,
/usr/local/etc/php/conf.d/docker-php-ext-zip.ini,
/usr/local/etc/php/conf.d/xx-php-ext-memcached.ini
配置均在/usr/local/etc/中,默认没有php.ini主配置,但仍然加载了构建过程中启用模组的子配置,
停止临时docker容器
docker stop phpfpm-7.4.33-tmp
拷贝配置到宿主机持久化目录中:
宿主机中执行:
mkdir -p /opt/docker_lnmp/{php74_cfg,php74_log}
docker cp phpfpm-7.4.33-tmp:/usr/local/etc /opt/docker_lnmp/php74_cfg
docker cp -a phpfpm-7.4.33-tmp:/usr/local/php74/var/log /opt/docker_lnmp/php74_log
注:会拷贝到目标路径下的子目录,需要再手动拷贝出来,并纠正权限,比如log文件应该是php-fpm运行用户所有,有可读写权限,因为用的www账户,容器内和宿主机的uid/gid一样,所以在宿主机执行chown www:www -R /opt/docker_lnmp/php74_log 也可以。
cd /opt/docker_lnmp/php74_cfg
cp -a php/php.ini-production php/php.ini
vi php/php.ini
php日志路径变更为 error_log = /usr/local/php74/var/log/php_errors.log
修改内存限制,上传文件大小等必要配置,
upload_max_filesize = 32M
post_max_size = 32M
注,下面一些配置在php-fpm.conf中,一些在子配置www.conf,zz-docker.conf,docker.conf
user = www-data
group = www-data
改为
user = www
group = www
侦听端口变更为9002
listen = 127.0.0.1:9002
zz-docker.conf中有侦听配置,实践中发现优先于www.conf的配置生效。
listen = 9002
php-fpm日志路径变更为 error_log = /usr/local/php74/var/log/php-fpm.log
实践中发现docker.conf有日志路径输出配置:
error_log = /proc/self/fd/2
access.log = /proc/self/fd/2
这优先于php-fpm.conf中的配置生效,docker.conf中默认配置应该是为了便于通过docker观察日志输出,进入容器查看日志或手动挂载日志和docker的使用设计原则不符吧,应该尽可能通过docker去管理和查看服务。不过前面dockerfile和后面容器创建中关于日志自定义配置可以权当一个备用方案。
child processes视业务场景修改
内存限制
php_admin_value[memory_limit] = 128M
停止临时docker容器,或可删除
docker stop phpfpm-7.4.33-tmp; # docker rm phpfpm-7.4.33-tmp
docker run -dit --privileged=true
-p 9002:9002
–network custom_bridge_net --ip 10.1.5.131
-v /opt/web:/opt/web
-v /opt/docker_lnmp/php74_cfg:/usr/local/etc
-v /opt/docker_lnmp/php74_log:/usr/local/php74/var/log
–name=phpfpm-7.4.33-v1.02 tmtcha/php:7.4.33-fpm-v1.02
创建容器后重启容器:docker restart phpfpm-7.4.33-v1.02
容器内查看和调试
安装必要软件包
apt update
apt install net-tools vim procps inetutils-ping telnet
该环境搭配宿主机的nginx+mysql,成功访问。
[root@localhost php74_cfg]# docker exec -it phpfpm-7.4.33-v1.02 /bin/bash -c "php -m"
[PHP Modules]
bcmath
bz2
calendar
Core
ctype
curl
date
dom
exif
fileinfo
filter
ftp
gd
geoip
gettext
gmp
hash
iconv
imagick
intl
json
ldap
libxml
mbstring
mcrypt
memcached
mongodb
mysqli
mysqlnd
odbc
openssl
pcntl
pcre
PDO
pdo_mysql
pdo_pgsql
pdo_sqlite
pdo_sqlsrv
pgsql
Phar
posix
readline
redis
Reflection
session
shmop
SimpleXML
soap
sockets
sodium
SPL
sqlite3
sqlsrv
standard
swoole
sysvsem
sysvshm
tokenizer
xml
xmlreader
xmlrpc
xmlwriter
xsl
yaf
Zend OPcache
zip
zlib
[Zend Modules]
Zend OPcache
mkdir /opt/data_bak/backup_ever/docker_images
docker save tmtcha/php:7.4.33-fpm-v1.02 > /opt/data_bak/backup_ever/docker_images/tmtcha-php-7.4.33-fpm-v1.02.tar
cd /opt/docker_lnmp
tar czpf /opt/data_bak/backup_ever/docker_images/php74_cfg.tar.gz php74_cfg
地址:https://download.csdn.net/download/ynz1220/88732566
(资源如果不能打开是可能正在审核中,可过一会儿或次日访问)
docker load < /opt/data_bak/backup_ever/docker_images/tmtcha_phpfpm7.4.33-v1.02.tar
tar czpf /opt/data_bak/backup_ever/docker_images/php74_cfg.tar.gz -C /opt/docker_lnmp/
名称:tmtcha/php:7.4.33-fpm-v1.02
大小:571MB