search

craftcms / image

Container images that are used as the base for Craft CMS container applications
https://craftcms.com
7 stars 0 forks source link

PHP ini overrides are not working #8

Open jessedobbelaere opened 2 months ago

jessedobbelaere commented 2 months ago

Description

Overriding PHP settings with env variables such as PHP_MEMORY_LIMIT does not seem to work at the moment.

Issue 1: not loading the craftcms.ini

The 60-craftcms.ini file does not get loaded by PHP:

image

The Dockerfile might not be using the right location to put 60-craftcms.ini in?

- COPY etc/php.d/60-craftcms.ini /etc/php.d/60-craftcms.ini
+ COPY etc/php.d/60-craftcms.ini /etc/php/8.3/fpm/conf.d/60-craftcms.ini

Issue 2: settings cannot get overridden because of php_admin_value

After fixing the issue where 60-craftcms.ini did not load, I could see the ini file loaded in phpinfo ✅ . However, the memory_limit still did not change ⚠️

I figured out that memory_limit is set in the php-fpm settings using:

php_admin_value[memory_limit] = "256M"

I looked it up and found:

Unlike php_value, php_admin_value stands immune to local overwrites. Regardless of the attempts made in individual directories or files to alter the same configuration setting, the global directive set via php_admin_value remains supreme. This characteristic renders it an excellent choice for safeguarding vital configurations against inadvertent alterations.

So in fact, there's no way that any .ini file can override settings like memory_limit. Could this get fixed?

Feature request: allow to override open_basedir

Should there be an ENV var to modify open_basedir? Or at least, also stop using php_admin_value here and switch to php_value so I can copy a custom .ini to override open_basedir?

php_admin_value[open_basedir] = /app:/dev/stdout:/tmp

👉 I have installed /usr/bin/cwebp, /usr/bin/cavif, /usr/bin/jpegoptim and /usr/bin/optipng that Imager-X needs to use. The open_basedir feature of PHP prevents PHP from using files in the /usr/bin directory. So I need to modify it with a .ini file, but that requires me to use sed magic to uncomment the open_basedir in the php-fpm config, unfortunately.

Quite the hack, but using this I could proof the steps to override the open_basedir setting:

RUN sed -i 's/php_admin_value\[open_basedir\] = \/app:\/dev\/stdout:\/tmp/;php_admin_value\[open_basedir\] = \/app:\/dev\/stdout:\/tmp/' /etc/php-fpm.conf
RUN echo "open_basedir=/app:/dev/stdout:/tmp:/usr/bin/jpegoptim:/usr/bin/optipng:/usr/bin/cwebp:/usr/bin/cavif" > /etc/php/8.3/fpm/conf.d/70-custom.ini

Steps to reproduce

  1. Go to examples/nginx and add an environment variable as mentioned in the README.md
version: "3.8"
services:
  web:
    image: craftcms/web:local
    build:
      context: .
      dockerfile: Dockerfile
      args:
        - php_version=8.3
    ports:
      - "8080:8080"
+   environment:
+     PHP_MEMORY_LIMIT: 512M
    volumes:
      - ./local:/app
  1. Run docker compose up
  2. Visit http://localhost:8080 and look in the phpinfo for memory_limit --> it will be set at 256M instead of 512M!. You will also see that it did not load 60-craftcms.ini at all.
jessedobbelaere commented 2 months ago

Currently worked around using:

RUN mv /etc/php.d/60-craftcms.ini /etc/php/8.3/fpm/conf.d/60-craftcms.ini && \
    sed -i '/^php_admin_value\[open_basedir\]/s/^/;/' /etc/php-fpm.conf && \
    sed -i '/^php_admin_value\[memory_limit\]/s/^/;/' /etc/php-fpm.conf && \
    echo "open_basedir=/app:/dev/stdout:/tmp:/usr/bin/jpegoptim:/usr/bin/optipng:/usr/bin/cwebp:/usr/bin/cavif" >> /etc/php/8.3/fpm/conf.d/70-custom.ini
jasonmccallister commented 3 weeks ago

@jessedobbelaere thank you for the report, I will look into this and let you know.