Using the correct PHP basic image and configuring a secure, performance-optimized Docker environment is the key to achieving production ready. 1. Use php:8.3-fpm-alpine as the basic image to reduce the attack surface and improve performance; 2. Disable dangerous functions through custom php.ini, turn off error display, and enable Opcache and JIT to enhance security and performance; 3. Use Nginx as the reverse proxy to restrict access to sensitive files and correctly forward PHP requests to PHP-FPM; 4. Use multi-stage optimization images to remove development dependencies, and set up non-root users to run containers; 5. Optional Supervisord to manage multiple processes such as cron; 6. Verify that no sensitive information leakage, log output to standard flow, configure health checks, scan for image vulnerabilities, and the application can run independently. Ultimately ensuring that the environment is safe, high performance, maintainability and observability is called production ready.
Setting up a production-ready Docker environment for PHP isn't just about getting your app to run—it's about security, performance, maintenance, and scalability. A lot of tutorials stop at "it works locally," but real production environments demand more. Here's how to build a robust, secure, and efficient Docker setup for PHP that's ready for real-world deployment.
? Use the Right PHP Base Image
Start with a minimum, secure base image. Avoid php:latest or development-focused tags like php:8.3-cli .
Recommended:
-
php:8.3-fpm-alpinefor backend services (lightweight, secure) - Pair with
nginxin a separate container for serving web traffic
Why Alpine?
Smaller attack surface, faster builds, and lower resource usage. But be cautious: some PHP extensions may require extra steps to install in Alpine due to musl vs. glibc.
FROM php:8.3-fpm-alpine
# Install essential PHP extensions (compiled for Alpine)
RUN apk add --no-cache \
nginx \
supervisor \
postgresql-dev \
&& docker-php-ext-install -j$(nproc) \
pdo_pgsql \
opcache \
&& docker-php-ext-enable pdo_pgsql Avoid RUN apk add --update && pecl install ... unless absolutely necessary—each command increases image size and build time.
? Secure PHP Configuration
Default php.ini settings are not production-safe. Override them explicitly.
Create custom config files:
./docker/php/php.ini ./docker/php/opcache.ini
Example php.ini tweaks:
; Disable dangerous functions disable_functions = exec,passthru,shell_exec,system,proc_open,popen ; Limit exposure expose_php = Off display_errors = Off log_errors = On ; Set reasonable limits upload_max_filesize = 16M post_max_size = 18M max_execution_time = 30
Opcache (critical for performance):
opcache.enable=1 opcache.validate_timestamps=0 ; Only in production (use rolling deploys to clear) opcache.max_accelerated_files=20000 opcache.memory_consumption=256 opcache.jit=1205 ; Enable JIT in PHP 8
Copy these into the image:
COPY ./docker/php/php.ini /usr/local/etc/php/conf.d/app.ini COPY ./docker/php/opcache.ini /usr/local/etc/php/conf.d/opcache.ini
? Use a Reverse Proxy (Nginx) PHP-FPM
Never expose PHP-FPM directly. Use Nginx as a reverse proxy.
Typical structure:
# docker-compose.yml (for staging/CI)
version: '3.8'
services:
nginx:
image: nginx:alpine
Ports:
- "80:80"
Volumes:
- ./nginx.conf:/etc/nginx/nginx.conf
- ./public:/var/www/html/public
depends_on:
- php
php:
build: .
Volumes:
- ./:/var/www/html
environment:
- APP_ENV=prodNginx config highlights:
- Serve only the
public/directory - Block access to
.env,.git, and config files - Set proper headers (security, caching)
- Pass PHP requests to
php:9000
Example location block:
location ~ \.php$ {
fastcgi_pass php:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME /var/www/html/public$fastcgi_script_name;
include fastcgi_params;
}? Optimize for Build and Runtime
Multi-stage builds (if needed for tools like Composer):
# Build stage FROM composer:latest AS composer COPY composer.json composer.lock ./ RUN composer install --no-dev --optimize-autoloader --no-scripts # Final stage FROM php:8.3-fpm-alpine COPY --from=composer /app/vendor ./vendor COPY . .
Key runtime optimizations:
- Set
APP_ENV=prodto enable framework optimizations (eg, Symfony, Laravel) - Use
--optimize-autoloaderand--classmap-authoritativein Composer - Run as non-root user:
RUN adduser -D -s /bin/sh www USER www
?? Add Supervisord (Optional but Useful)
If you need to run PHP-FPM and cron or other daemons:
RUN apk add --no-cache supervisor COPY ./docker/supervisord.conf /etc/supervisor/conf.d/supervisord.conf CMD ["/usr/bin/supervisord", "-c", "/etc/supervisor/conf.d/supervisord.conf"]
Supervisord config:
[supervisord] nodaemon=true [program:php-fpm] command=php-fpm stdout_logfile=/dev/stdout stderr_logfile=/dev/stderr [program:cron] command=cron -f
? Test Before Deploying
Before calling it "production-ready," verify:
- [ ] No sensitive info in environment or config
- [ ] Error logs go to stdout/stderr (for Docker logging drivers)
- [ ] Health check is defined:
HEALTHCHECK --interval=30s --timeout=3s --start-period=5s --retries=3 \ CMD curl -f http://localhost/health || exit 1
- [ ] Image is scanned for vulnerabilities (use
docker scanor CI tooling) - [ ] It works without volume mounts (ie, code is embedded)
- Security (minimal image, secure configs, non-root user)
- Performance (Opcache, JIT, autoloader optimization)
- Maintainability (clear Dockerfiles, separation of concerns)
- Observability (logs to stdout, health checks)
Final Notes
A production-ready PHP Docker setup balances:
You don't need Kubernetes on day one, but you do need a solid foundation. Start simple, automatic config, and test like it's already in production.
Basically: if it's not secure, fast, and observable, it's not production-ready.
The above is the detailed content of Creating Production-Ready Docker Environments for PHP. For more information, please follow other related articles on the PHP Chinese website!
Hot AI Tools
Undress AI Tool
Undress images for free
Undresser.AI Undress
AI-powered app for creating realistic nude photos
AI Clothes Remover
Online AI tool for removing clothes from photos.
Clothoff.io
AI clothes remover
Video Face Swap
Swap faces in any video effortlessly with our completely free AI face swap tool!
Hot Article
Hot Tools
Notepad++7.3.1
Easy-to-use and free code editor
SublimeText3 Chinese version
Chinese version, very easy to use
Zend Studio 13.0.1
Powerful PHP integrated development environment
Dreamweaver CS6
Visual web development tools
SublimeText3 Mac version
God-level code editing software (SublimeText3)
Hot Topics
How to use PHP to build social sharing functions PHP sharing interface integration practice
Jul 25, 2025 pm 08:51 PM
The core method of building social sharing functions in PHP is to dynamically generate sharing links that meet the requirements of each platform. 1. First get the current page or specified URL and article information; 2. Use urlencode to encode the parameters; 3. Splice and generate sharing links according to the protocols of each platform; 4. Display links on the front end for users to click and share; 5. Dynamically generate OG tags on the page to optimize sharing content display; 6. Be sure to escape user input to prevent XSS attacks. This method does not require complex authentication, has low maintenance costs, and is suitable for most content sharing needs.
How to use PHP combined with AI to achieve text error correction PHP syntax detection and optimization
Jul 25, 2025 pm 08:57 PM
To realize text error correction and syntax optimization with AI, you need to follow the following steps: 1. Select a suitable AI model or API, such as Baidu, Tencent API or open source NLP library; 2. Call the API through PHP's curl or Guzzle and process the return results; 3. Display error correction information in the application and allow users to choose whether to adopt it; 4. Use php-l and PHP_CodeSniffer for syntax detection and code optimization; 5. Continuously collect feedback and update the model or rules to improve the effect. When choosing AIAPI, focus on evaluating accuracy, response speed, price and support for PHP. Code optimization should follow PSR specifications, use cache reasonably, avoid circular queries, review code regularly, and use X
PHP creates a blog comment system to monetize PHP comment review and anti-brush strategy
Jul 25, 2025 pm 08:27 PM
1. Maximizing the commercial value of the comment system requires combining native advertising precise delivery, user paid value-added services (such as uploading pictures, top-up comments), influence incentive mechanism based on comment quality, and compliance anonymous data insight monetization; 2. The audit strategy should adopt a combination of pre-audit dynamic keyword filtering and user reporting mechanisms, supplemented by comment quality rating to achieve content hierarchical exposure; 3. Anti-brushing requires the construction of multi-layer defense: reCAPTCHAv3 sensorless verification, Honeypot honeypot field recognition robot, IP and timestamp frequency limit prevents watering, and content pattern recognition marks suspicious comments, and continuously iterate to deal with attacks.
PHP calls AI intelligent voice assistant PHP voice interaction system construction
Jul 25, 2025 pm 08:45 PM
User voice input is captured and sent to the PHP backend through the MediaRecorder API of the front-end JavaScript; 2. PHP saves the audio as a temporary file and calls STTAPI (such as Google or Baidu voice recognition) to convert it into text; 3. PHP sends the text to an AI service (such as OpenAIGPT) to obtain intelligent reply; 4. PHP then calls TTSAPI (such as Baidu or Google voice synthesis) to convert the reply to a voice file; 5. PHP streams the voice file back to the front-end to play, completing interaction. The entire process is dominated by PHP to ensure seamless connection between all links.
How to use PHP to combine AI to generate image. PHP automatically generates art works
Jul 25, 2025 pm 07:21 PM
PHP does not directly perform AI image processing, but integrates through APIs, because it is good at web development rather than computing-intensive tasks. API integration can achieve professional division of labor, reduce costs, and improve efficiency; 2. Integrating key technologies include using Guzzle or cURL to send HTTP requests, JSON data encoding and decoding, API key security authentication, asynchronous queue processing time-consuming tasks, robust error handling and retry mechanism, image storage and display; 3. Common challenges include API cost out of control, uncontrollable generation results, poor user experience, security risks and difficult data management. The response strategies are setting user quotas and caches, providing propt guidance and multi-picture selection, asynchronous notifications and progress prompts, key environment variable storage and content audit, and cloud storage.
PHP realizes commodity inventory management and monetization PHP inventory synchronization and alarm mechanism
Jul 25, 2025 pm 08:30 PM
PHP ensures inventory deduction atomicity through database transactions and FORUPDATE row locks to prevent high concurrent overselling; 2. Multi-platform inventory consistency depends on centralized management and event-driven synchronization, combining API/Webhook notifications and message queues to ensure reliable data transmission; 3. The alarm mechanism should set low inventory, zero/negative inventory, unsalable sales, replenishment cycles and abnormal fluctuations strategies in different scenarios, and select DingTalk, SMS or Email Responsible Persons according to the urgency, and the alarm information must be complete and clear to achieve business adaptation and rapid response.
Beyond the LAMP Stack: PHP's Role in Modern Enterprise Architecture
Jul 27, 2025 am 04:31 AM
PHPisstillrelevantinmodernenterpriseenvironments.1.ModernPHP(7.xand8.x)offersperformancegains,stricttyping,JITcompilation,andmodernsyntax,makingitsuitableforlarge-scaleapplications.2.PHPintegrateseffectivelyinhybridarchitectures,servingasanAPIgateway
How to build a PHP Nginx environment with MacOS to configure the combination of Nginx and PHP services
Jul 25, 2025 pm 08:24 PM
The core role of Homebrew in the construction of Mac environment is to simplify software installation and management. 1. Homebrew automatically handles dependencies and encapsulates complex compilation and installation processes into simple commands; 2. Provides a unified software package ecosystem to ensure the standardization of software installation location and configuration; 3. Integrates service management functions, and can easily start and stop services through brewservices; 4. Convenient software upgrade and maintenance, and improves system security and functionality.
