We Keep Coding

Docker-Compose with PHP and Nginx not working on production

I have a very simple config in docker-compose with php:7-fpm and nginx that I want to use to host simple php websites.
Can someone please tell me what I did wrong?
Here is docker-compose.prod.yml:
version: '3.8'
services:
web:
image: nginx:latest
ports:
- "8080:80"
volumes:
- ../nurock/hidden_creste:/code
- ./site.prod.conf:/etc/nginx/conf.d/default.conf
php:
image: php:7-fpm
volumes:
- ../nurock/hidden_creste:/code
Here is the site.prod.conf file:
server {
listen 80;
index index.php index.html;
server_name example.com;
error_log /var/log/nginx/error.log;
access_log /var/log/nginx/access.log;
root /code;
location ~ \.php$ {
try_files $uri =404;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass php:9000;
fastcgi_index index.php;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
}
}
I can compose up and the logs appear to be fine and when I run docker ps:
docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
c268a9cf4716 php:7-fpm "docker-php-entrypoi…" 27 minutes ago Up 16 seconds 9000/tcp example_code-php-1
beaaec39209b nginx:latest "/docker-entrypoint.…" 27 minutes ago Up 16 seconds 0.0.0.0:8080->80/tcp, :::8080->80/tcp example_code-web-1
Then checking the ports, I think this looks fine:
netstat -tulpn | grep :80
tcp 0 0 0.0.0.0:8080 0.0.0.0:* LISTEN 204195/docker-proxy
tcp6 0 0 :::8080 :::* LISTEN 204207/docker-proxy

You need to expose TCP port 9000 of the PHP container to made other containers able to use it (see What is the difference between docker-compose ports vs expose):
php:
image: php:7-fpm
expose:
- "9000"
...
Do you really want your sites to be available on TCP port 8080, not the standard port 80? If not, change "8080:80" to "80:80".
Besides the PHP handler, use a default location (although your site should be workable even without it, it is a bad practice to not add it to your nginx config):
location / {
try_files $uri $uri/ =404;
}

You must check the logs to find out the error. https://docs.docker.com/engine/reference/commandline/logs/
These issues can happen :
A php module is missing
user / permission are not correct. Is www-data defined in your nginx and php-fpm config ?
Use HTTPS and port 443 instead of HTTP and port 80. HTTP may be blocked by your browser. You can define a free SSL certificate with Let's Encrypt Docker image.
PHP 7.0 is EOL (end or life) since January 10, 2019. Please use PHP 8.0 or PHP 8.1. https://endoflife.date/php
Do not use use tag nginx:latest on production. You may have serious issues when you update your container, because last version will be downloaded.
Do not mount directory on production. Please use COPY in your Dockerfile.
Check the firewall on your server
Here is Docker Docker best practices : https://docs.docker.com/develop/dev-best-practices/
https://docs.docker.com/develop/develop-images/dockerfile_best-practices/
Here, I suggest this docker-compose.prod.yml
version: '3.8'
services:
web:
image: nginx:1.21
depends_on:
- my-php-container-name
container_name: my-nginx-container-name
working_dir: /code
ports:
- '80:80'
- '443:443'
volumes:
- ../nurock/hidden_creste:/code
- ./site.prod.conf:/etc/nginx/conf.d/default.conf
restart: always
php:
build: php-fpm
container_name: my-php-container-name
working_dir: /code
volumes:
- ../nurock/hidden_creste:/code
restart: always
In the same directory as this docker-compose.prod.yml file, create a php-fpm directory: mkdir php-fpm (or directory architecture written under build in docker-compose.prod.yml file.)
In php-fpm directory, please add this Dockerfile called Dockerfile
FROM php:8.1-fpm
COPY --from=composer:latest /usr/bin/composer /usr/local/bin/composer
WORKDIR "/code"
RUN apt-get update && apt-get install -y --no-install-recommends \
libfreetype6-dev \
libjpeg62-turbo-dev \
libpng-dev \
libicu-dev
&& docker-php-ext-configure gd --with-freetype --with-jpeg \
&& docker-php-ext-install -j$(nproc) gd pdo_mysql bcmath mysqli intl
Of course, add the PHP extensions that you need for your project. Here you have an example how to install gd, pdo_mysql, bcmatch, mysqli, intl. But there are others extension as curl, xml, xdebug, mcrypt, memcache, etc... https://github.com/mlocati/docker-php-extension-installer
In your nginx configuration, you should define config for HTTPS with port 443. Please also update this line fastcgi_pass php:9000;. Replace php by the container name. Of course, container name must be unique.
location ~ \.php$ {
try_files $uri =404;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass my-php-container-name:9000;
fastcgi_index index.php;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
}
Then, build your set-up
docker-compose -f docker-compose.prod.yml build && docker-compose -f docker-compose.prod.yml up

Permissions issue with Docker, nginx and Grav

I'm trying to set up a simple Grav site workflow using git, Docker and two containers: one for nginx and one for PHP. The idea is to git clone into my Digital Ocean droplet and run docker-compose up -d --build to build and serve the website.
I'm getting permission issues whenever I try to access the sites, and even Grav's documentation about troubleshooting permission issues does not help.
Here's my docker-compose.yml:
version: '3'
services:
web:
build:
context: .
dockerfile: ./docker/nginx/Dockerfile
ports:
- "80:80"
volumes:
- ./src:/var/www/html
links:
- php
php:
build:
context: .
dockerfile: ./docker/php/Dockerfile
volumes:
- ./src:/var/www/html
And here's nginx's Dockerfile:
FROM nginx:stable-alpine
WORKDIR /var/www/html
COPY ./src .
COPY ./docker/nginx/default.conf /etc/nginx/conf.d/default.conf
If that's any use, here's the nginx configuration I'm using:
server {
listen 80;
index index.php index.html;
server_name www.gravtest.test gravtest.test;
error_log /var/log/nginx/gravtest.test.error.log;
access_log /var/log/nginx/gravtest.test.access.log;
root /var/www/html;
location / {
try_files $uri $uri/ /index.php?$query_string;
}
location ~ \.php$ {
try_files $uri =404;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass php:9000;
fastcgi_index index.php;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
}
}
The PHP Dockerfile is simple, it just spawns php:7.3-fpm and installs a few dependencies like opcache, gd, etc...
Whenever I try to access the site via localhost, I get this error:
Fatal error: Uncaught RuntimeException: Creating directory failed for /var/www/html/cache/compiled/files/40779d000b68629af00dd987148afc06.yaml.php in /var/www/html/vendor/rockettheme/toolbox/File/src/File.php:325 Stack trace:....
Files are copied from the host to the container with the nginx:nginx owner, so I should be good, but looks like I'm not. I've tried setting folders/files chmod using Grav's documentation but no dice.
Am I missing something?

Answering my own question:
It turns out the images php-fpm and nginx do not use the same user, so the permission problem came from that. I simply had to add a new user to both Dockerfile, and run that container from that user.
So for PHP, my Dockerfile is now:
FROM php:7.3-fpm
# Install a few dependencies here...
COPY ./src /var/www/html
RUN addgroup --gid 1000 mygroup
RUN adduser --system --no-create-home --disabled-password --disabled-login --uid 1000 --ingroup mygroup myuser
RUN chown -R myuser:mygroup /var/www
USER myuser
And for nginx:
FROM nginx:stable-alpine
RUN addgroup --gid 1000 mygroup
RUN adduser --system --no-create-home --disabled-password --disabled-login --uid 1000 --ingroup mygroup myuser
WORKDIR /var/www/html
RUN chown -R myuser:mygroup .
USER myuser
And now everything works fine! :)

failed (104: Connection reset by peer) while reading response header from upstream in docker and ubuntu

I created a DockerFile like below
FROM ubuntu:18.04
MAINTAINER Amin Keshavarz <ak_1596#yahoo.com>
# Add your github access token if needed in composer update as arg or env var.
ARG github_access_token
ENV github_access_token=${github_access_token}
ENV DEBIAN_FRONTEND=noninteractive
# Install dependency packages
RUN apt-get update && apt-get install -yq --no-install-recommends \
git \
curl \
ca-certificates \
# php \
php7.2-fpm php7.2-common \
php7.2-mongodb php-pear php7.2-dev
RUN apt-get install -y build-essential
# Install mongodb driver
RUN pecl install mongodb
#RUN echo "extension=mongodb.so" >> /etc/php/7.2/fpm/php.ini
#RUN echo "extension=mongodb.so" >> /etc/php/7.2/cli/php.ini
RUN curl -sS https://getcomposer.org/installer | php -- --install-dir=/usr/local/bin --filename=composer
RUN apt-get install -y php7.2-mbstring \
php7.2-intl \
php7.2-soap \
php7.2-curl \
php7.2-imap \
php7.2-zmq \
php7.2-bcmath \
php7.2-gd \
php7.2-zip
# Add working directory and copy files into that.
RUN mkdir /app
VOLUME /app
WORKDIR /app
COPY . /app
# Start application installation by composer update command.
#RUN composer config -g github-oauth.github.com $github_access_token
RUN composer global require fxp/composer-asset-plugin
#RUN composer update -vvv
ENTRYPOINT service php7.2-fpm start && /bin/bash
CMD ["php-fpm"]
EXPOSE 9000
And using below docke-compose.yml
version: "3"
services:
web:
build:
context: .
dockerfile: ./docker/Dockerfile
container_name: "crm_web"
tty: true
ports:
- "9000:9000"
networks:
- default
volumes:
- .:/app
nginx:
image: nginx:1.10.3
container_name: "crm_nginx"
ports:
- 8080:80
restart: always
volumes:
- ./docker/nginx.conf:/etc/nginx/conf.d/default.conf
- .:/app
links:
- web
depends_on:
- web
And has below nginx.conf
server {
client_max_body_size 100M;
set $host_path "/app";
access_log /app/log/access.log main;
server_name _ localhost;
root $host_path/;
set $yii_bootstrap "index.php";
charset utf-8;
location / {
index index.html $yii_bootstrap;
try_files $uri $uri/ /$yii_bootstrap?$args;
}
location ~ ^/(protected|framework|themes/\w+/views) {
deny all;
}
#avoid processing of calls to unexisting static files by yii
location ~ \.(js|css|png|jpg|gif|swf|ico|pdf|mov|fla|zip|rar)$ {
try_files $uri =404;
}
# pass the PHP scripts to FastCGI server listening on web:9000
#
location ~ \.php {
fastcgi_split_path_info ^(.+\.php)(.*)$;
#let yii catch the calls to unexising PHP files
set $fsn /$yii_bootstrap;
if (-f $document_root$fastcgi_script_name){
set $fsn $fastcgi_script_name;
}
fastcgi_pass web:9000;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fsn;
#PATH_INFO and PATH_TRANSLATED can be omitted, but RFC 3875 specifies them for CGI
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_param PATH_TRANSLATED $document_root$fsn;
}
# prevent nginx from serving dotfiles (.htaccess, .svn, .git, etc.)
location ~ /\. {
deny all;
access_log off;
log_not_found off;
}
}
But when i try to connect my host http://localhost:8080 i get below error in my console from docker:
crm_nginx | 2018/12/03 14:48:14 [error] 28#28: *17 recv() failed (104:
Connection reset by peer) while reading response header from upstream,
client: 172.18.0.1, server: _, request: "GET /web/ HTTP/1.1",
upstream: "fastcgi://172.18.0.2:9000", host: "localhost:8080"
And get 502 Bad Gateway in browser.
Can you help me solve this problem?
What i missed?

Add below line into your Dockerfile
RUN sed -i "s|;*listen\s*=\s*/run/php/php7.2-fpm.sock|listen = 9000|g" /etc/php/7.2/fpm/pool.d/www.conf && \
sed -i "s|;*listen\s*=\s*/||g" /etc/php/7.2/fpm/php-fpm.conf
This will tell to php7.2-fpm listen to port 9000 instead /run/php/php7.2-fpm.sock.
Be careful to do not add IP address before port like 127.0.0.1:9000 because this forces PHP to listen to port and IP at the same time but you don't know what is container ip address.
I found my answer here and you can refer to that:
https://www.digitalocean.com/community/questions/nginx-error-111-connection-refused

fastcgi_pass web:9000;
try changing this line to:
fastcgi_pass crm_web:9000;
since you have container_name: "crm_web" in your docker-compose.yml

Class not found in autoload.php on line 14 on some docker hosts

I try to create dockerfile for laravel 5.5 application and nginx. I use similar to following dockerfile:
FROM richarvey/nginx-php-fpm:1.3.7
# we cannot directly work in /var/www/html beaouse in richarvey/nginx-php-fpm is VOLUME directive so if we create
# files in this directory - they will 'disappear' - so we use /tmp dir.
WORKDIR /tmp/project
# due to docker cache
COPY ./composer.json .
RUN composer install --no-scripts --no-autoloader
ADD . .
RUN composer dump-autoload --optimize
RUN php artisan key:generate
ADD ./config/server-nginx.conf /etc/nginx/sites-available/default.conf
WORKDIR /var/www/html
CMD if [ -f index.php ]; then \
rm index.php &&\
mv /tmp/project/* /var/www/html/ && \
mv /tmp/project/.* /var/www/html/ | : &&\
php artisan config:clear &&\
php artisan cache:clear ; \
fi &&\
echo "Try connect to db and set up schema..." && \
php artisan migrate --seed --force &&\
/start.sh
My project/config/server-nginx.conf looks like that:
server {
listen 80; ## listen for ipv4; this line is default and implied
listen [::]:80 default ipv6only=on; ## listen for ipv6
root /var/www/html/public;
index index.php index.html index.htm;
server_name _;
# Add stdout logging
error_log /dev/stdout info;
access_log /dev/stdout;
location / {
try_files $uri $uri/ /index.php?$query_string;
}
location ~ \.php$ {
try_files $uri /index.php =404;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/var/run/php-fpm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param SCRIPT_NAME $fastcgi_script_name;
include fastcgi_params;
...
}
}
The problem is that everything works fine in my macOs and ubuntu, however my client which use Docker Claud and DigitalOcean have following problem after container run (so building step is fine, but after container run it is killed by docker - so in CMD dockerfile part):
Fatal error: Uncaught Error: Class 'Illuminate\Foundation\Application' not found in /var/www/html/vendor/autoload.php:14
Stack trace:
#0 /var/www/html/artisan(18): require()

So the problem sometimes (! - on some hosts - why?) appear when we use composer ... in some directory (with php project) and then we move/rename that directory (by mv ... bash command in CMD dockerfile part) - so if we do it (in some hosts) then file autoload.php (generated by composer) will have not proper paths to php classes.
However in this case we use dir tmp/project (and call composer inside) and then move it to /var/www/html, because we cannot directly work in /var/www/html because in richarvey/nginx-php-fpm is VOLUME directive so if we create files in this directory - they will 'disappear' - so we use /tmp dir.
Additional there is also problem when we want to link by ln /var/www/html to /tmp/project and use chown -R nginx:nginx /tmp/project because it will go into infinit loop and never ends... :( (why?).
SOLUTION
Is to change root dir in project/config/server-nginx.conf to:
root /var/www/app/public;
Then change workdir in dockerfile to:
WORKDIR /var/www/app
And in dockerfile CMD section add
chown -R nginx:nginx /var/www/app/storage
To give write access to laravel only to storage directory (in which laravel save work data) (if we use chown -R nginx:nginx /var/www/app/storage it will newer 'ends' (go into infinit loop) :( )
In this way we avoid move composer compiled directory and everything works grate on all hosts :)

500 (Internal Server Error) with Laravel & Docker [duplicate]

This question already has answers here:
How do I get PHP errors to display?
(27 answers)
Closed 10 months ago.
I create Laravel PHP application in Docker. First I setup Laravel app using
laravel new laravelDockerApp
it creates successfully.I verify it's setup by built-in server
php artisan serve
Then setup Local environment with Docker
docker-compose.yml
version: '2'
services:
web:
build:
context: ./
dockerfile: web.docker
volumes:
- ./:/var/www
ports:
- "8080:80"
links:
- app
app:
build:
context: ./
dockerfile: app.docker
volumes:
- ./:/var/www
app.docker
FROM php:7-fpm
RUN apt-get update && apt-get install -y libmcrypt-dev mysql-client \
&& docker-php-ext-install mcrypt pdo_mysql
WORKDIR /var/www
web.docker
FROM nginx:1.10
ADD ./vhost.conf /etc/nginx/conf.d/default.conf
WORKDIR /var/www
vhost.conf
server {
listen 80;
index index.php index.html;
root /var/www/public;
location / {
try_files $uri /index.php?$args;
}
location ~ \.php$ {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass app:9000;
fastcgi_index index.php;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
}
}
I run docker-compose up -d command. app & web containers up successfully.When I check app in Browser using
localhost:8080
I got
500(Internal Server Error)
Please, can you help to solve this? Thanks.

I found a solution. I set the permission on my Laravel app using:
sudo chmod -R 777 storage && sudo chmod -R 777 bootstrap/cache

This solution might not apply to you since you are using Nginx, but in my case I am using the php:7.0-apache as source image, so I made the Apache user the owner of my app's files.
In my Dockerfile I have:
...
USER www-data
WORKDIR /var/www/html
COPY --chown=www-data:www-data . .
...
This solved the problem, so it could be worth trying, either modifying your Dockerfile or maybe Docker Compose has some option for user permissions when mounting volumes.

I ran into this today, and the issue for me was that while I'd created my directory structure, I'd failed to copy the .env file from .env.example. Copying this and hitting the webpage gave me a page which had this in the top right corner:
Clicking "Generate App Key" resolved this issue for me, but it's probably worth giving the .env file a once-over to make sure it's not got some other unset variables you'll need!