Bravery Family

Tag: PHP

  • Custom PHP Container

    Custom PHP Container

    As part of the creation of my new lab installation I wanted to migrate WordPress from barebones Apache/FPM into a custom PHP container.

    The original thought was to segretate the web server and PHP FPM from one another – but it seemed to be far to complex. I eventually found this web site:

    Containerize a PHP Application

    This site is talking about a generalised solution for embedding any PHP application into a container, but it turns out the approach worked fine for WordPress too.

    In short, it is easier to start off with a PHP-FPM container. So I chose one from the DockerHub PHP site.

    Having done that, I created a Docker file:

    # Dockerfile.nginx - PHP-FPM with Nginx in a single container
FROM php:8.3-fpm-alpine

# Install Nginx
RUN apk add --no-cache nginx curl

# Install PHP extensions
RUN apk add --no-cache \
    freetype-dev \
    libjpeg-turbo-dev \
    libpng-dev \
    libzip-dev \
    icu-dev \
    postgresql-dev \
    && docker-php-ext-configure gd --with-freetype --with-jpeg \
    && docker-php-ext-install -j$(nproc) \
        gd zip intl pdo pdo_mysql pdo_pgsql opcache

# PHP-FPM configuration
COPY php-fpm.conf /usr/local/etc/php-fpm.d/www.conf
COPY php-production.ini /usr/local/etc/php/conf.d/production.ini

# Nginx configuration
COPY nginx.conf /etc/nginx/nginx.conf
COPY nginx-default.conf /etc/nginx/http.d/default.conf

# Copy application code
COPY . /var/www/html/
RUN chown -R www-data:www-data /var/www/html

# Startup script that runs both Nginx and PHP-FPM
COPY docker-entrypoint.sh /docker-entrypoint.sh
RUN chmod +x /docker-entrypoint.sh

EXPOSE 80

HEALTHCHECK --interval=15s --timeout=5s --retries=3 \
  CMD curl -f http://localhost/health.php || exit 1

ENTRYPOINT ["/docker-entrypoint.sh"]

    This file:

    • Installs NGINX
    • Configures NGINX
    • Installs PHP modules.
    • Configures FPM
    • Installs CURL
    • Defines a CURL healthcheck
    • Mounts the application and fixes the permissions.

    TODO: add actual example files.

    I then just archived my installation on the old server, and transferred the directories to the Lab server. These where then mounted as volumes.

    Obviously, I need to do regular checks of the image to make sure it is patched up – but WordPress is working in my custom PHP container (as you can tell by being here now!)

  • Using Oracle InstantClient 11g with PHP onto RHEL 5 with SELinux

    This is an example of using the Oracle InstantClient 11g with PHP.

    Installation InstantClient for PHP

    This is based on work from the past – but I appeared to have done the following:

    1. Installed InstantClient and Pear to manage the php installation.
      • sudo yum install php-pear
      • sudo rpm -ivh oracle-instantclient11.1-basic-11.1.0.7.0-1.i386.rpm
      • sudo rpm -Uvh oracle-instantclient11.1-devel-11.1.0.7.0-1.i386.rpm
    2. Update the library cache to include oracle:
      • sudo vi /etc/ld.so.conf.d/oracle.conf 
      • This file just contains the line: 
        /usr/lib/oracle/11.1/client/lib
    3. Used pecl to install the OCI client into PHP:
      • sudo pecl install oci8
    4. Updated PHP to then make use of the installed module
      • sudo vi /etc/php.d/oci8.ini
      • This file just contained
        ; Enable oci8 extension module
        extension=oci8.so
    5. I then restarted the web server.
      • sudo /etc/init.d/httpd restart

    Testing

    You can then test this by creating a php file with the following content:

    <?php      
$conn = oci_connect('[user]', '[password]', ' [//]host_name[:port][/service_name][:server_type][/instance_name]');       
$query = 'select table_name from user_tables';       
$stid = oci_parse($conn, $query);       
oci_execute($stid, OCI_DEFAULT);       
while ($row = oci_fetch_array($stid, OCI_ASSOC)) {       
  foreach ($row as $item) {       
    echo $item." ";       
  }       
  echo "&lt;br&gt;\n";       
}       
oci_free_statement($stid);       
oci_close($conn);       
?>

    Then use a browser to get to this web page, and it should show you the content of user_tables.

    Troubleshooting

    Then, if SELinux its not turned off then the following is needed, (but we don’t want to do it this way as it’s painful and make SELinux a bit pointless):

    sudo chcon -t textrel_shlib_t '/usr/lib/oracle/11.1/client/lib/libnnz11.so'       
sudo chcon -t textrel_shlib_t '/usr/lib/oracle/11.1/client/lib/libclntsh.so.11.1'       
sudo chcon -t textrel_shlib_t '/usr/lib/php/modules/oci8.so'       
sudo execstack -c /usr/lib/oracle/11.1/client/lib/libclntsh.so       
sudo execstack -c /usr/lib/oracle/11.1/client/lib/libclntsh.so.11.1       
sudo execstack -c /usr/lib/oracle/11.1/client/lib/libnnz11.so       
sudo chcon -u system_u '/usr/lib/php/modules/oci8.so'       
sudo execstack -s /usr/sbin/httpd       
sudo /usr/sbin/setsebool -P httpd_can_network_connect 1