Run php container as www-data

garymengcom · garymengcom · commit d3f846aa197e · 2019-10-30T15:43:27.000+08:00
diff --git a/services/php/Dockerfile b/services/php/Dockerfile
@@ -6,24 +6,14 @@ ARG PHP_EXTENSIONS
 ARG CONTAINER_PACKAGE_URL
 
 
-COPY --from=composer /usr/bin/composer /usr/bin/composer
-COPY ./extensions /tmp/extensions
-WORKDIR /tmp/extensions
-
-# php alpine image's www-data user uid & gid are 82, change them to 1000 (primary user)
-RUN apk add shadow && usermod -u 1000 www-data && groupmod -g 1000 www-data
-
-RUN if [ "${CONTAINER_PACKAGE_URL}" != "" ]; then \
-        sed -i "s/dl-cdn.alpinelinux.org/${CONTAINER_PACKAGE_URL}/g" /etc/apk/repositories; \
-    fi
-
-
-RUN if [ "${PHP_EXTENSIONS}" != "" ]; then \
-        apk add --no-cache autoconf g++ libtool make curl-dev gettext-dev linux-headers; \
-    fi
+RUN sed -i "s/dl-cdn.alpinelinux.org/${CONTAINER_PACKAGE_URL}/g" /etc/apk/repositories
 
 
-RUN chmod +x install.sh && sh install.sh && rm -rf /tmp/extensions
+COPY ./extensions /tmp/extensions
+WORKDIR /tmp/extensions
+RUN chmod +x install.sh \
+    && sh install.sh \
+    && rm -rf /tmp/extensions
 
 
 RUN apk --no-cache add tzdata \
@@ -35,9 +25,17 @@ RUN apk --no-cache add tzdata \
 RUN apk add gnu-libiconv --no-cache --repository http://${CONTAINER_PACKAGE_URL}/alpine/edge/community/ --allow-untrusted
 ENV LD_PRELOAD /usr/lib/preloadable_libiconv.so php
 
-# Install Composer
-RUN curl -sS https://getcomposer.org/installer | php -- --install-dir=/usr/local/bin --filename=composer
-# Change Composer Home
-ENV COMPOSER_HOME="/tmp/composer"
+
+# Install composer and change it's cache home
+RUN curl -o /usr/bin/composer https://mirrors.aliyun.com/composer/composer.phar \
+    && chmod +x /usr/bin/composer
+ENV COMPOSER_HOME=/tmp/composer
+
+
+# php image's www-data user uid & gid are 82, change them to 1000 (primary user)
+RUN apk --no-cache add shadow && usermod -u 1000 www-data && groupmod -g 1000 www-data
+# Use www-data to run the first process
+USER www-data
+
 
 WORKDIR /www
diff --git a/services/php/extensions/install.sh b/services/php/extensions/install.sh
@@ -14,6 +14,11 @@ echo "============================================"
 echo
 
 
+if [ "${PHP_EXTENSIONS}" != "" ]; then
+    apk add --no-cache autoconf g++ libtool make curl-dev gettext-dev linux-headers
+fi
+
+
 export EXTENSIONS=",${PHP_EXTENSIONS},"
 
 
diff --git a/services/php/php-fpm.conf b/services/php/php-fpm.conf
@@ -20,8 +20,8 @@
 ; Unix user/group of processes
 ; Note: The user is mandatory. If the group is not set, the default user's group
 ;       will be used.
-user = www-data
-group = www-data
+;user = www-data
+;group = www-data
 
 ; The address on which to accept FastCGI requests.
 ; Valid syntaxes are:
diff --git a/services/php54/Dockerfile b/services/php54/Dockerfile
@@ -6,17 +6,27 @@ ARG PHP_EXTENSIONS
 ARG CONTAINER_PACKAGE_URL
 
 
+RUN sed -i "s/httpredir.debian.org/${CONTAINER_PACKAGE_URL}/g" /etc/apt/sources.list; \
+    && sed -i "s/security.debian.org/${CONTAINER_PACKAGE_URL}\/debian-security/g" /etc/apt/sources.list; \
+    && apt-get update
+
+
 COPY ./extensions /tmp/extensions
 WORKDIR /tmp/extensions
-
 RUN chmod +x install.sh \
     && sh install.sh \
     && rm -rf /tmp/extensions
 
 
-# Install Composer
-RUN curl -sS https://getcomposer.org/installer | php -- --install-dir=/usr/local/bin --filename=composer
-# Change Composer Home
-ENV COMPOSER_HOME="/tmp/composer"
+# Install composer and change it's cache home
+RUN curl -o /usr/bin/composer https://mirrors.aliyun.com/composer/composer.phar \
+    && chmod +x /usr/bin/composer
+ENV COMPOSER_HOME=/tmp/composer
+
+
+# php image's www-data user uid & gid are 82, change them to 1000 (primary user)
+RUN usermod -u 1000 www-data && groupmod -g 1000 www-data
+# Use www-data to run the first process
+USER "www-data"
 
 WORKDIR /www
diff --git a/services/php54/extensions/install.sh b/services/php54/extensions/install.sh
@@ -12,16 +12,9 @@ echo "============================================"
 echo
 
 
-if [ "${CONTAINER_PACKAGE_URL}" != "" ]; then
-    sed -i "s/httpredir.debian.org/${CONTAINER_PACKAGE_URL}/g" /etc/apt/sources.list
-    sed -i "s/security.debian.org/${CONTAINER_PACKAGE_URL}\/debian-security/g" /etc/apt/sources.list
-fi
-
-
-if [ "${PHP_EXTENSIONS}" != "" ]; then
-    echo "---------- Update source list ----------"
-    apt-get update
-fi
+echo "---------- Install zip extension ----------"
+apt-get install -y zlib1g-dev unzip
+docker-php-ext-install zip
 
 
 export EXTENSIONS=",${PHP_EXTENSIONS},"
@@ -50,11 +43,6 @@ if [ -z "${EXTENSIONS##*,bz2,*}" ]; then
     docker-php-ext-install bz2
 fi
 
-if [ -z "${EXTENSIONS##*,zip,*}" ]; then
-    echo "---------- Install zip ----------"
-	docker-php-ext-install zip
-fi
-
 if [ -z "${EXTENSIONS##*,pcntl,*}" ]; then
     echo "---------- Install pcntl ----------"
 	docker-php-ext-install pcntl
@@ -265,7 +253,7 @@ fi
 
 if [ -z "${EXTENSIONS##*,memcached,*}" ]; then
     echo "---------- Install memcached ----------"
-	apt-get install -y libmemcached-dev zlib1g-dev
+	apt-get install -y libmemcached-dev
     pecl install memcached-2.2.0
     docker-php-ext-enable memcached
 fi
diff --git a/services/php54/php-fpm.conf b/services/php54/php-fpm.conf
@@ -20,8 +20,8 @@
 ; Unix user/group of processes
 ; Note: The user is mandatory. If the group is not set, the default user's group
 ;       will be used.
-user = www-data
-group = www-data
+;user = www-data
+;group = www-data
 
 ; The address on which to accept FastCGI requests.
 ; Valid syntaxes are:
