inanzzz | Using unix socket for php-fpm and nginx docker setup

Follow example below to use a unix socket configuration in order for PHP-FPM and Nginx docker containers to talk to each other. Both containers are running as same user inanzzz.

Structure

When you run docker the php-fpm.sock will be created automatically.

.
├── docker
│   ├── docker-compose.yml
│   ├── nginx
│   │   ├── app.conf
│   │   ├── Dockerfile
│   │   └── nginx.conf
│   ├── php
│   │   ├── Dockerfile
│   │   └── www.conf
│   └── socket
│       └── php-fpm.sock
├── index.html
└── index.php

Files

docker/docker-compose.yml

version: "3.4"

services:

  socket_php:
    build:
      context: "php"
    hostname: "socket-php"
    working_dir: "/app"
    volumes:
      - "..:/app"
      - "../docker/socket:/socket"
    environment:
      PS1: "\\u@\\h:\\w\\$$ "

  socket_nginx:
    build:
      context: "nginx"
    hostname: "socket-nginx"
    working_dir: "/app"
    ports:
      - "6080:8080"
    volumes:
      - "..:/app"
      - "../docker/socket:/socket"
    environment:
      PS1: "\\u@\\h:\\w\\$$ "

docker/nginx/app.conf

Our user inanzzz is not as privileged as nginx user so we cannot use default 80 and 443 ports anymore so use different ones.

server {
    listen 8080 default_server;

    server_name localhost;

    root /app;

    location ~ \.php$ {
        try_files $uri =404;
        fastcgi_pass unix:/socket/php-fpm.sock;
        fastcgi_split_path_info ^(.+\.php)(/.*)$;
        fastcgi_index index.php;
        include fastcgi_params;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
        fastcgi_param PATH_INFO $fastcgi_path_info;
    }

    error_log /var/log/nginx/app_error.log;
    access_log /var/log/nginx/app_access.log;
}

docker/nginx/Dockerfile

FROM nginx:1.15.8-alpine

RUN addgroup -g 1000 -S inanzzz
RUN adduser -u 1000 -S -G inanzzz inanzzz

COPY app.conf /etc/nginx/conf.d/default.conf
COPY nginx.conf /etc/nginx/nginx.conf

RUN touch /var/run/nginx.pid \
 && chown -Rf inanzzz:inanzzz \
    /var/run/nginx.pid \
    /var/cache/nginx \
    /var/log/nginx

USER inanzzz

docker/nginx/nginx.conf

I am leaving this standard but removed the user because nginx will ignore it anyway with warning message "the 'user' directive makes sense only if the master process runs with super-user privileges".

worker_processes 1;

error_log /var/log/nginx/error.log warn;
pid /var/run/nginx.pid;

events {
    worker_connections 1024;
}

http {
    include /etc/nginx/mime.types;
    default_type application/octet-stream;

    log_format main '$remote_addr - $remote_user [$time_local] "$request" '
                    '$status $body_bytes_sent "$http_referer" '
                    '"$http_user_agent" "$http_x_forwarded_for"';

    access_log /var/log/nginx/access.log main;

    sendfile on;

    keepalive_timeout 65;

    include /etc/nginx/conf.d/*.conf;
}

docker/php/Dockerfile

FROM php:7.2.13-fpm-alpine3.8

RUN addgroup -g 1000 -S inanzzz
RUN adduser -u 1000 -S -G inanzzz inanzzz

COPY www.conf /usr/local/etc/php-fpm.d/www.conf
RUN rm /usr/local/etc/php-fpm.d/zz-docker.conf

USER inanzzz

CMD ["php-fpm", "--nodaemonize"]

docker/php/www.conf

[global]
daemonize=no

[www]
listen=/socket/php-fpm.sock
listen.owner=inanzzz
listen.group=inanzzz
listen.mode=0660

# I leave these standard as well
pm=dynamic
pm.max_children=5
pm.start_servers=2
pm.min_spare_servers=1
pm.max_spare_servers=3

Build

$ docker ps
CONTAINER ID        IMAGE                 COMMAND                  CREATED              STATUS              PORTS                            NAMES
2d681f533292        docker_socket_php     "docker-php-entrypoi…"   About a minute ago   Up About a minute   9000/tcp                         docker_socket_php_1
7a27f4d3add4        docker_socket_nginx   "nginx -g 'daemon of…"   About a minute ago   Up About a minute   80/tcp, 0.0.0.0:6080->8080/tcp   docker_socket_nginx_1

Test

$ curl -i http://0.0.0.0:6080
HTTP/1.1 200 OK

Hello HTML

$ curl -i http://0.0.0.0:6080/index.php
HTTP/1.1 200 OK

Hello PHP