By default PHP-FPM and Nginx use specific user/group. PHP-FPM user and group are set to www-data whereas Nginx user is set to nginx in their configurations. In this example we will change it to inanzzz.


Current configuration


PHP-FPM


# www.conf

...
[www]

user=www-data
group=www-data

listen.owner=www-data
listen.group=www-data

...

Nginx


# nginx.conf

...

user nginx;

...

New configuration


PHP-FPM


# www.conf

...
[www]

user=inanzzz
group=inanzzz

listen.owner=inanzzz
listen.group=inanzzz

...

# Dockerfile

FROM php:7.2.13-fpm

....

# Create group "inanzzz"
# set group id "1000"
RUN groupadd -g 1000 inanzzz
# Create user "inanzzz"
# set user id "1000"
# assign to existing group id "1000"
# set home directory "/home/inanzzz"
# set shell "/bin/bash"
RUN useradd -d /home/inanzzz -s /bin/bash -u 1000 -g 1000 inanzzz
# Create home directory
RUN mkdir /home/inanzzz
# User and group own home directory
RUN chown -R inanzzz:inanzzz /home/inanzzz

USER inanzzz

CMD ["php-fpm", "--nodaemonize"]

Nginx


# nginx.conf

user inanzzz;

...

# Dockerfile

FROM nginx:1.15.7

...

# Create group "inanzzz"
# set group id "1000"
RUN groupadd -g 1000 inanzzz
# Create user "inanzzz"
# set user id "1000"
# assign to existing group id "1000"
# set home directory "/home/inanzzz"
# set shell "/bin/bash"
RUN useradd -d /home/inanzzz -s /bin/bash -u 1000 -g 1000 inanzzz
# Create home directory
RUN mkdir /home/inanzzz
# User and group own home directory
RUN chown -R inanzzz:inanzzz /home/inanzzz

# Necessary steps to avoid permission errors
RUN touch /var/run/nginx.pid \
&& chown -R inanzzz:inanzzz /var/run/nginx.pid /var/cache/nginx

USER inanzzz

Our user inanzzz is not privileged as nginx user so we cannot use default 80 and 443 ports anymore so changing them as follows. After this change you can use '8081:8080' and '4431:4443' in your docker-compose.yml file if you wish.


# Site virtualhost config

server {
listen 8080;
listen 4443 default_server ssl;

...
}

If the application is linked to a shared folder in docker-compose.yml file, optionally you can change /home/inanzzz as the shared folder so that the new user owns the application.