Using the correct PHP basic image and configuring a secure, performance-optimized Docker environment is the key to achieving production ready. 1. Use php:8.3-fpm-alpine as the basic image to reduce the attack surface and improve performance; 2. Disable dangerous functions through custom php.ini, turn off error display, and enable Opcache and JIT to enhance security and performance; 3. Use Nginx as the reverse proxy to restrict access to sensitive files and correctly forward PHP requests to PHP-FPM; 4. Use multi-stage optimization images to remove development dependencies, and set up non-root users to run containers; 5. Optional Supervisord to manage multiple processes such as cron; 6. Verify that no sensitive information leakage, log output to standard flow, configure health checks, scan for image vulnerabilities, and the application can run independently. Ultimately ensuring that the environment is safe, high performance, maintainability and observability is called production ready.
Setting up a production-ready Docker environment for PHP isn't just about getting your app to run—it's about security, performance, maintenance, and scalability. A lot of tutorials stop at "it works locally," but real production environments demand more. Here's how to build a robust, secure, and efficient Docker setup for PHP that's ready for real-world deployment.
? Use the Right PHP Base Image
Start with a minimum, secure base image. Avoid php:latest or development-focused tags like php:8.3-cli .
Recommended:
-
php:8.3-fpm-alpinefor backend services (lightweight, secure) - Pair with
nginxin a separate container for serving web traffic
Why Alpine?
Smaller attack surface, faster builds, and lower resource usage. But be cautious: some PHP extensions may require extra steps to install in Alpine due to musl vs. glibc.
FROM php:8.3-fpm-alpine
# Install essential PHP extensions (compiled for Alpine)
RUN apk add --no-cache \
nginx \
supervisor \
postgresql-dev \
&& docker-php-ext-install -j$(nproc) \
pdo_pgsql \
opcache \
&& docker-php-ext-enable pdo_pgsql Avoid RUN apk add --update && pecl install ... unless absolutely necessary—each command increases image size and build time.
? Secure PHP Configuration
Default php.ini settings are not production-safe. Override them explicitly.
Create custom config files:
./docker/php/php.ini ./docker/php/opcache.ini
Example php.ini tweaks:
; Disable dangerous functions disable_functions = exec,passthru,shell_exec,system,proc_open,popen ; Limit exposure expose_php = Off display_errors = Off log_errors = On ; Set reasonable limits upload_max_filesize = 16M post_max_size = 18M max_execution_time = 30
Opcache (critical for performance):
opcache.enable=1 opcache.validate_timestamps=0 ; Only in production (use rolling deploys to clear) opcache.max_accelerated_files=20000 opcache.memory_consumption=256 opcache.jit=1205 ; Enable JIT in PHP 8
Copy these into the image:
COPY ./docker/php/php.ini /usr/local/etc/php/conf.d/app.ini COPY ./docker/php/opcache.ini /usr/local/etc/php/conf.d/opcache.ini
? Use a Reverse Proxy (Nginx) PHP-FPM
Never expose PHP-FPM directly. Use Nginx as a reverse proxy.
Typical structure:
# docker-compose.yml (for staging/CI)
version: '3.8'
services:
nginx:
image: nginx:alpine
Ports:
- "80:80"
Volumes:
- ./nginx.conf:/etc/nginx/nginx.conf
- ./public:/var/www/html/public
depends_on:
- php
php:
build: .
Volumes:
- ./:/var/www/html
environment:
- APP_ENV=prodNginx config highlights:
- Serve only the
public/directory - Block access to
.env,.git, and config files - Set proper headers (security, caching)
- Pass PHP requests to
php:9000
Example location block:
location ~ \.php$ {
fastcgi_pass php:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME /var/www/html/public$fastcgi_script_name;
include fastcgi_params;
}? Optimize for Build and Runtime
Multi-stage builds (if needed for tools like Composer):
# Build stage FROM composer:latest AS composer COPY composer.json composer.lock ./ RUN composer install --no-dev --optimize-autoloader --no-scripts # Final stage FROM php:8.3-fpm-alpine COPY --from=composer /app/vendor ./vendor COPY . .
Key runtime optimizations:
- Set
APP_ENV=prodto enable framework optimizations (eg, Symfony, Laravel) - Use
--optimize-autoloaderand--classmap-authoritativein Composer - Run as non-root user:
RUN adduser -D -s /bin/sh www USER www
?? Add Supervisord (Optional but Useful)
If you need to run PHP-FPM and cron or other daemons:
RUN apk add --no-cache supervisor COPY ./docker/supervisord.conf /etc/supervisor/conf.d/supervisord.conf CMD ["/usr/bin/supervisord", "-c", "/etc/supervisor/conf.d/supervisord.conf"]
Supervisord config:
[supervisord] nodaemon=true [program:php-fpm] command=php-fpm stdout_logfile=/dev/stdout stderr_logfile=/dev/stderr [program:cron] command=cron -f
? Test Before Deploying
Before calling it "production-ready," verify:
- [ ] No sensitive info in environment or config
- [ ] Error logs go to stdout/stderr (for Docker logging drivers)
- [ ] Health check is defined:
HEALTHCHECK --interval=30s --timeout=3s --start-period=5s --retries=3 \ CMD curl -f http://localhost/health || exit 1
- [ ] Image is scanned for vulnerabilities (use
docker scanor CI tooling) - [ ] It works without volume mounts (ie, code is embedded)
- Security (minimal image, secure configs, non-root user)
- Performance (Opcache, JIT, autoloader optimization)
- Maintainability (clear Dockerfiles, separation of concerns)
- Observability (logs to stdout, health checks)
Final Notes
A production-ready PHP Docker setup balances:
You don't need Kubernetes on day one, but you do need a solid foundation. Start simple, automatic config, and test like it's already in production.
Basically: if it's not secure, fast, and observable, it's not production-ready.
The above is the detailed content of Creating Production-Ready Docker Environments for PHP. For more information, please follow other related articles on the PHP Chinese website!
Hot AI Tools
Undress AI Tool
Undress images for free
Undresser.AI Undress
AI-powered app for creating realistic nude photos
AI Clothes Remover
Online AI tool for removing clothes from photos.
ArtGPT
AI image generator for creative art from text prompts.
Stock Market GPT
AI powered investment research for smarter decisions
Hot Article
Hot Tools
Notepad++7.3.1
Easy-to-use and free code editor
SublimeText3 Chinese version
Chinese version, very easy to use
Zend Studio 13.0.1
Powerful PHP integrated development environment
Dreamweaver CS6
Visual web development tools
SublimeText3 Mac version
God-level code editing software (SublimeText3)
What are traits and how to use them in PHP
Oct 02, 2025 am 04:17 AM
TraitsinPHPenablehorizontalcodereusebyallowingclassestoinheritmethodsfromreusabletraitcontainers,bypassingsingleinheritancelimits.Forexample,theLoggabletraitprovidesalog()methodtoanyclassusingit,suchasUser,whichcanthencall$this->log("Usercrea
How to use set_error_handler to create a custom error handler in PHP
Oct 02, 2025 am 03:54 AM
set_error_handlerinPHPenablescustomerrorhandlingbydefiningafunctionthatinterceptsrecoverableerrors,allowingcontrolledlogginganduser-friendlyresponses;itacceptsparameterslike$errno,$errstr,$errfile,and$errlinetocaptureerrordetails,isregisteredviaset_e
How to convert a string from one character encoding to another in PHP
Oct 09, 2025 am 03:45 AM
Use the mb_convert_encoding() function to convert a string between different character encodings. Make sure that PHP's MultibyteString extension is enabled. 1. The format of this function is mb_convert_encoding (string, target encoding, source encoding), such as converting ISO-8859-1 to UTF-8; 2. It can be combined with mb_detect_encoding() to detect the source encoding, but the result may be inaccurate; 3. It is often used to convert old encoding data to UTF-8 to adapt to modern applications; 4. The alternative iconv() supports the //TRANSLIT and //IGNORE options, but the cross-platform consistency is poor; 5. Recommended first
How to use the intl extension for internationalization in PHP
Oct 04, 2025 am 12:51 AM
Answer: PHP's intl extension is internationalized based on the ICU library and supports multilingual formatting, translation and sorting. First install and enable the intl extension. Linux system is installed using apt-get or yum. Windows enable extension=intl in php.ini. Format numbers by region through NumberFormatter, such as de_DE output 1.234.567,89; IntlDateFormatter processing date display, such as fr_FR displays "lundi4septembre2023"; CurrencyFormatter formats currency, en_US displays $99.99. Me
How to validate user input on the server side in PHP?
Oct 03, 2025 am 03:23 AM
Server-sidevalidationinPHPiscrucialforsecurityanddataintegrity.1.Usefilter_input()andfilter_var()tosanitizeandvalidateinput.2.Checkrequiredfieldswithempty()ortrim().3.Validatedatatypesandformatsusingbuilt-infiltersorregex.4.Preventinjectionviaprepare
How to check if a variable is empty in PHP
Oct 04, 2025 am 03:35 AM
Useempty()tocheckifavariableisempty;itreturnstrueforfalse,null,"",0,0.0,"0",andemptyarrays,makingitidealforgeneralchecks.
How to use the array_reduce function in PHP
Oct 06, 2025 am 03:45 AM
The array_reduce function simplifies an array into a single value by iteratively applying a callback function, and is often used to sum, splice strings, or convert data structures. 1. The syntax is array_reduce($array,$callback,$initial), and $callback receives $carry (cumulative value) and $item (current element). 2. Summarization example: $numbers=[1,2,3,4,5], the result after callback accumulation is 15. 3. String splicing: Use "Fruits:" as the initial value, add elements one by one, and get "Fruits:,apple,banana,cherry&qu
How to parse command line arguments in a PHP script
Oct 03, 2025 am 04:29 AM
Use $argv and $argc to process command line parameters, $argv[0] is the script name, and subsequently it is the incoming value; getopt() supports short and long options parsing, such as -u or --user=value, the colon represents the required value, and the double colon represents the optional value. Combining the two can achieve flexible parameter processing.
