├── .editorconfig ├── .gitattributes ├── .github ├── files │ └── test_heif.php └── workflows │ ├── cla-check.yaml │ ├── release.yml │ └── test.yml ├── .gitignore ├── Dockerfile ├── README.md ├── SECURITY.md ├── doc └── xdebug.png └── files ├── build-cleanup.sh ├── build-install.sh ├── conf ├── php-fpm │ └── php-fpm.conf ├── php │ └── php.ini └── supervisord │ └── supervisord.conf └── entrypoint.sh /.editorconfig: -------------------------------------------------------------------------------- 1 | root = true 2 | 3 | [*] 4 | charset = utf-8 5 | end_of_line = lf 6 | indent_style = space 7 | indent_size = 4 8 | 9 | [*.yml] 10 | indent_size = 4 11 | 12 | [composer*.json] 13 | indent_style = space 14 | indent_size = 2 15 | -------------------------------------------------------------------------------- /.gitattributes: -------------------------------------------------------------------------------- 1 | supervisord.conf linguist-language=ini 2 | -------------------------------------------------------------------------------- /.github/files/test_heif.php: -------------------------------------------------------------------------------- 1 | newImage(1, 1, new \ImagickPixel('red')); 7 | $image->writeImage('avif'.':'.$tmpFile); 8 | unlink($tmpFile); 9 | 10 | return 0; 11 | } catch (\Exception $e) { 12 | return 1; 13 | } -------------------------------------------------------------------------------- /.github/workflows/cla-check.yaml: -------------------------------------------------------------------------------- 1 | name: CLA check 2 | 3 | on: 4 | issue_comment: 5 | types: [created] 6 | pull_request_target: 7 | types: [opened, closed, synchronize] 8 | 9 | jobs: 10 | cla-workflow: 11 | uses: pimcore/workflows-collection-public/.github/workflows/reusable-cla-check.yaml@v1.3.0 12 | if: (github.event.comment.body == 'recheck' || github.event.comment.body == 'I have read the CLA Document and I hereby sign the CLA') || github.event_name == 'pull_request_target' 13 | secrets: 14 | CLA_ACTION_ACCESS_TOKEN: ${{ secrets.CLA_ACTION_ACCESS_TOKEN }} -------------------------------------------------------------------------------- /.github/workflows/release.yml: -------------------------------------------------------------------------------- 1 | name: Docker Build & Release 2 | 3 | on: 4 | workflow_dispatch: 5 | push: 6 | tags: 7 | - 'v*.*' 8 | schedule: 9 | - cron: '30 2 * * 1,3,5' 10 | 11 | env: 12 | IMAGE_NAME: pimcore/pimcore 13 | 14 | jobs: 15 | build-php: 16 | name: "Build PHP images" 17 | runs-on: ${{ matrix.runner }} 18 | if: github.repository == 'pimcore/docker' 19 | strategy: 20 | matrix: 21 | runner: 22 | - ubuntu-22.04 23 | - ubuntu-22.04-arm 24 | build: 25 | - { tag: '1.x', php: '8.1', distro: bullseye, version-override: "v1-dev", latest-tag: false } 26 | - { tag: '1.x', php: '8.2', distro: bullseye, version-override: "v1-dev", latest-tag: false } 27 | - { tag: 'v1.3', php: '8.1', distro: bullseye, version-override: "", latest-tag: true } 28 | - { tag: 'v1.3', php: '8.2', distro: bullseye, version-override: "", latest-tag: false } 29 | - { tag: 'v2.0', php: '8.2', distro: bullseye, version-override: "", latest-tag: false } 30 | - { tag: '2.x', php: '8.2', distro: bullseye, version-override: "v2-dev", latest-tag: false } 31 | - { tag: 'v3.6', php: '8.2', distro: bookworm, version-override: "", latest-tag: true } 32 | - { tag: 'v3.6', php: '8.3', distro: bookworm, version-override: "", latest-tag: true } 33 | - { tag: '3.x', php: '8.2', distro: bookworm, version-override: "v3-dev", latest-tag: false } 34 | - { tag: '3.x', php: '8.3', distro: bookworm, version-override: "v3-dev", latest-tag: false } 35 | - { tag: '4.x', php: '8.3', distro: bookworm, version-override: "v4-dev", latest-tag: false } 36 | - { tag: '4.x', php: '8.4', distro: bookworm, version-override: "v4-dev", latest-tag: false } 37 | 38 | steps: 39 | - uses: actions/checkout@v4 40 | with: 41 | ref: ${{ matrix.build.tag }} 42 | 43 | - name: Login to DockerHub Registry 44 | run: echo ${{ secrets.DOCKERHUB_PASSWORD }} | docker login -u ${{ secrets.DOCKERHUB_USERNAME }} --password-stdin 45 | 46 | - name: Login to GitHub Container Registry 47 | run: echo ${{ secrets.IMAGES_REPO_TOKEN }} | docker login ghcr.io -u ${{ secrets.IMAGES_REPO_USERNAME }} --password-stdin 48 | 49 | - name: Configure and build images 50 | id: vars 51 | env: 52 | VERSION_OVERRIDE: "${{ matrix.build.version-override }}" 53 | ARCH_TAG: ${{ contains(matrix.runner, 'arm') && 'arm64' || 'amd64' }} 54 | run: | 55 | set -eux; 56 | sudo apt-get update 57 | 58 | echo ${{ matrix.runner}} 59 | 60 | if [[ "${{ matrix.build.tag }}" =~ ^v?1.[0-9x]+$ ]]; then 61 | imageVariants=("fpm" "debug" "supervisord") 62 | else 63 | imageVariants=("min" "default" "max" "debug" "supervisord") 64 | fi 65 | for imageVariant in ${imageVariants[@]}; do 66 | echo "Building image variant $imageVariant" 67 | DOCKER_PLATFORMS=linux/amd64,linux/arm64 68 | PHP_VERSION=${{ matrix.build.php }} 69 | DEBIAN_VERSION="${{ matrix.build.distro }}" 70 | VERSION="${{ matrix.build.tag }}" 71 | # for the latest dev branch we use "dev" as the version and not the name of the branch 72 | if [ ! -z "$VERSION_OVERRIDE" ]; then 73 | VERSION="$VERSION_OVERRIDE" 74 | fi 75 | PHP_SUB_VERSION=$(docker run -i --rm php:${{ matrix.build.php }}-fpm-${{ matrix.build.distro }} php -r 'echo PHP_VERSION;') 76 | if [ "$imageVariant" = "fpm" ] || [ "$imageVariant" = "default" ]; then 77 | BASE_TAG="php${{ matrix.build.php }}" 78 | BASE_TAG_DETAILED="php${PHP_SUB_VERSION}" 79 | else 80 | BASE_TAG="php${{ matrix.build.php }}-$imageVariant" 81 | BASE_TAG_DETAILED="php${PHP_SUB_VERSION}-$imageVariant" 82 | fi 83 | # DEBUG / TEST 84 | #BASE_TAG="testv3-$BASE_TAG" 85 | #BASE_TAG_DETAILED="testv3-$BASE_TAG_DETAILED" 86 | 87 | 88 | TAG="${BASE_TAG}-${VERSION}-${ARCH_TAG}" 89 | TAG_DETAILED="${BASE_TAG_DETAILED}-${VERSION}-${ARCH_TAG}" 90 | 91 | GHCR_TAG="ghcr.io/pimcore/pimcore:${TAG}" 92 | GHCR_TAG_DETAILED="ghcr.io/pimcore/pimcore:${TAG_DETAILED}" 93 | 94 | TAGS="--tag ${IMAGE_NAME}:${TAG}" 95 | TAGS="$TAGS --tag ${IMAGE_NAME}:${TAG_DETAILED}" 96 | 97 | TAGS="$TAGS --tag $GHCR_TAG" 98 | TAGS="$TAGS --tag $GHCR_TAG_DETAILED" 99 | 100 | # Tag latest with Version build too 101 | if [ "true" = "${{ matrix.build.latest-tag }}" ]; then 102 | TAGS="$TAGS --tag ${IMAGE_NAME}:${BASE_TAG}-latest-${ARCH_TAG}" 103 | TAGS="$TAGS --tag ghcr.io/pimcore/pimcore:${BASE_TAG}-latest-${ARCH_TAG}" 104 | fi 105 | # Create tag for major version 106 | if [[ $VERSION =~ ^v[0-9]+.[0-9]+$ ]]; then 107 | VERSION_MAJOR="${VERSION//.[0-9]/}" 108 | TAG_MAJOR="${BASE_TAG}-${VERSION_MAJOR}-${ARCH_TAG}" 109 | GHCR_TAG_MAJOR="ghcr.io/pimcore/pimcore:${TAG_MAJOR}" 110 | TAGS="$TAGS --tag ${IMAGE_NAME}:${TAG_MAJOR}" 111 | TAGS="$TAGS --tag $GHCR_TAG_MAJOR" 112 | fi 113 | 114 | docker build --output "type=image,push=true" \ 115 | --target="pimcore_php_$imageVariant" \ 116 | --build-arg PHP_VERSION="${PHP_VERSION}" \ 117 | --build-arg DEBIAN_VERSION="${DEBIAN_VERSION}" \ 118 | ${TAGS} . 119 | 120 | docker inspect ${IMAGE_NAME}:${TAG} || true; 121 | 122 | CLEAN_TAGS="${TAGS//-arm64/}" 123 | CLEAN_TAGS="${CLEAN_TAGS//-amd64/}" 124 | CLEAN_TAGS="${CLEAN_TAGS//--tag /}" 125 | 126 | read -r -a TAGS_ARRAY <<< "$CLEAN_TAGS" 127 | 128 | for tag in "${TAGS_ARRAY[@]}"; do 129 | echo "Processing tag: $tag" 130 | echo "$tag" >> aggregated_tags.txt 131 | done 132 | 133 | done 134 | 135 | - name: Upload aggregated tags 136 | uses: actions/upload-artifact@v4 137 | with: 138 | name: aggregated_tags_${{ matrix.runner }}_${{ matrix.build.tag }}_${{ matrix.build.php }}_${{ matrix.build.distro }}_${{ matrix.build.version-override }}_${{ matrix.build.latest-tag }} 139 | path: aggregated_tags.txt 140 | 141 | process-tags: 142 | runs-on: ubuntu-22.04 143 | needs: build-php 144 | steps: 145 | 146 | - name: Login to DockerHub Registry 147 | run: echo ${{ secrets.DOCKERHUB_PASSWORD }} | docker login -u ${{ secrets.DOCKERHUB_USERNAME }} --password-stdin 148 | 149 | - name: Login to GitHub Container Registry 150 | run: echo ${{ secrets.IMAGES_REPO_TOKEN }} | docker login ghcr.io -u ${{ secrets.IMAGES_REPO_USERNAME }} --password-stdin 151 | 152 | - name: Download aggregated tags 153 | uses: actions/download-artifact@v4 154 | with: 155 | path: artifacts 156 | 157 | - name: Process tags 158 | run: | 159 | find artifacts -type f -name "aggregated_tags.txt" -exec cat {} + > all_aggregated_tags.txt 160 | 161 | readarray -t TAGS_ARRAY < all_aggregated_tags.txt 162 | 163 | declare -A UNIQUE_TAGS 164 | for tag in "${TAGS_ARRAY[@]}"; do 165 | UNIQUE_TAGS["$tag"]=1 166 | done 167 | 168 | for tag in "${!UNIQUE_TAGS[@]}"; do 169 | 170 | echo "Processing tag: $tag" 171 | 172 | docker manifest create "$tag" \ 173 | --amend "${tag}-amd64" \ 174 | --amend "${tag}-arm64" 175 | 176 | docker manifest push "$tag" 177 | 178 | done 179 | 180 | -------------------------------------------------------------------------------- /.github/workflows/test.yml: -------------------------------------------------------------------------------- 1 | name: Docker TEST 2 | 3 | on: 4 | workflow_dispatch: 5 | pull_request: 6 | 7 | env: 8 | DOCKER_BUILDKIT: 1 9 | IMAGE_NAME: pimcore/pimcore 10 | 11 | jobs: 12 | test: 13 | runs-on: ubuntu-latest 14 | strategy: 15 | matrix: 16 | include: 17 | - { php: '8.3', distro: bookworm } 18 | - { php: '8.4', distro: bookworm } 19 | steps: 20 | - uses: actions/checkout@v2 21 | - name: Build Image 22 | run: | 23 | set -ex 24 | 25 | imageVariants=("min" "default" "max" "debug" "supervisord") 26 | 27 | for imageVariant in ${imageVariants[@]}; do 28 | docker build --tag pimcore-image \ 29 | --target="pimcore_php_$imageVariant" \ 30 | --build-arg PHP_VERSION="${{ matrix.php }}" \ 31 | --build-arg DEBIAN_VERSION="${{ matrix.distro }}" \ 32 | . 33 | 34 | if [ "$imageVariant" != "min" ]; then 35 | # Test that Imagick is installed 36 | docker run --rm pimcore-image sh -c 'php -m | grep imagick' 37 | fi 38 | 39 | if [ "$imageVariant" == "debug" ]; then 40 | # Make sure xdebug is installed and configured on debug-build 41 | docker run --rm pimcore-image sh -c 'php -m | grep xdebug' 42 | docker run --rm pimcore-image test -f /usr/local/etc/php/conf.d/docker-php-ext-xdebug.ini 43 | # Check if entrypoint did it's job and generated xdebug configuration 44 | docker run --rm pimcore-image php -r 'assert("PHPSTORM" === ini_get("xdebug.idekey"));' 45 | docker run --rm -e XDEBUG_HOST=pim.co.re pimcore-image sh -c 'php -i | grep "xdebug.*pim\.co\.re"' 46 | else 47 | # Make sure xdebug is neither activated nor configured on non-debug build 48 | docker run --rm pimcore-image sh -c '! php -m | grep xdebug' 49 | docker run --rm pimcore-image test ! -f /usr/local/etc/php/conf.d/docker-php-ext-xdebug.ini 50 | fi 51 | 52 | docker run --rm pimcore-image composer create-project pimcore/skeleton:2025.x-dev pimcore --no-scripts 53 | 54 | if [ "$imageVariant" != "min" ]; then 55 | docker run -v "$(pwd)/.github/files":/var/www/html --rm pimcore-image php test_heif.php 56 | fi 57 | done 58 | - name: Run Trivy vulnerability scanner 59 | uses: aquasecurity/trivy-action@master 60 | with: 61 | image-ref: 'pimcore-image' 62 | format: 'table' 63 | exit-code: '1' 64 | ignore-unfixed: true 65 | vuln-type: 'os,library' 66 | severity: 'CRITICAL,HIGH' 67 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | .idea 2 | .DS_Store -------------------------------------------------------------------------------- /Dockerfile: -------------------------------------------------------------------------------- 1 | # syntax=docker/dockerfile:1 2 | 3 | ARG PHP_VERSION="8.3" 4 | ARG DEBIAN_VERSION="bookworm" 5 | 6 | FROM php:${PHP_VERSION}-fpm-${DEBIAN_VERSION} AS pimcore_php_min 7 | 8 | COPY --chmod=0755 files/build-*.sh /usr/local/bin/ 9 | 10 | RUN set -eux; \ 11 | \ 12 | DPKG_ARCH="$(dpkg --print-architecture)"; \ 13 | echo "deb http://deb.debian.org/debian bookworm-backports main" > /etc/apt/sources.list.d/backports.list; \ 14 | apt-get update; \ 15 | apt-get upgrade -y; \ 16 | \ 17 | # tools used by Pimcore 18 | apt-get install -y \ 19 | iproute2 \ 20 | unzip \ 21 | ; \ 22 | \ 23 | # dependencies for building PHP extensions 24 | apt-get install -y \ 25 | libicu-dev \ 26 | libjpeg62-turbo-dev \ 27 | libpng-dev \ 28 | libzip-dev \ 29 | zlib1g-dev \ 30 | librabbitmq-dev \ 31 | ; \ 32 | \ 33 | docker-php-ext-configure gd --enable-gd --with-jpeg; \ 34 | docker-php-ext-configure pcntl --enable-pcntl; \ 35 | docker-php-ext-install \ 36 | bcmath \ 37 | exif \ 38 | gd \ 39 | intl \ 40 | opcache \ 41 | pcntl \ 42 | pdo_mysql \ 43 | sockets \ 44 | zip \ 45 | ; \ 46 | \ 47 | pecl install -f \ 48 | amqp \ 49 | ; \ 50 | docker-php-ext-enable \ 51 | amqp \ 52 | ; \ 53 | build-cleanup.sh; \ 54 | \ 55 | ldconfig /usr/local/lib; \ 56 | \ 57 | sync 58 | 59 | COPY files/conf/php/php.ini /usr/local/etc/php/conf.d/20-pimcore.ini 60 | COPY files/conf/php-fpm/php-fpm.conf /usr/local/etc/php-fpm.d/zz-www.conf 61 | 62 | # env php.ini 63 | ENV PHP_MEMORY_LIMIT "256M" 64 | ENV PHP_POST_MAX_SIZE "100M" 65 | ENV PHP_UPLOAD_MAX_FILESIZE "100M" 66 | ENV PHP_DISPLAY_STARTUP_ERRORS 1 67 | ENV PHP_MAX_EXECUTION_TIME "30" 68 | ENV PHP_ERROR_REPORTING "E_ALL" 69 | 70 | # opcache settings 71 | ENV OPCACHE_ENABLE 1 72 | ENV OPCACHE_ENABLE_CLI 0 73 | ENV OPCACHE_MEMORY_CONSUMPTION 128 74 | ENV OPCACHE_MAX_ACCELERATED_FILES 10000 75 | ENV OPCACHE_VALIDATE_TIMESTAMPS 1 76 | ENV OPCACHE_CONSISTENCY_CHECKS 0 77 | 78 | # fpm settings 79 | ENV PHP_FPM_LISTEN 0.0.0.0:9000 80 | ENV PHP_FPM_PM dynamic 81 | ENV PHP_FPM_PM_MAX_CHILDREN 5 82 | ENV PHP_FPM_PM_START_SERVERS 2 83 | ENV PHP_FPM_PM_MAX_SPARE_SERVERS 3 84 | ENV PHP_FPM_PM_MIN_SPARE_SERVERS 1 85 | ENV PHP_FPM_PM_MAX_REQUESTS 10000 86 | 87 | ENV COMPOSER_ALLOW_SUPERUSER 1 88 | ENV COMPOSER_MEMORY_LIMIT -1 89 | COPY --from=composer/composer:2-bin /composer /usr/local/bin/composer 90 | 91 | WORKDIR /var/www/html 92 | 93 | CMD ["php-fpm"] 94 | 95 | 96 | 97 | 98 | FROM pimcore_php_min AS pimcore_php_default 99 | 100 | RUN set -eux; \ 101 | \ 102 | build-install.sh; \ 103 | \ 104 | DPKG_ARCH="$(dpkg --print-architecture)"; \ 105 | echo "deb https://www.deb-multimedia.org bookworm main non-free" > /etc/apt/sources.list.d/deb-multimedia.list; \ 106 | apt-get update -oAcquire::AllowInsecureRepositories=true; \ 107 | apt-get install -y --allow-unauthenticated deb-multimedia-keyring; \ 108 | apt-get update; \ 109 | \ 110 | # tools used by Pimcore 111 | apt-get install -y \ 112 | exiftool \ 113 | ffmpeg \ 114 | ghostscript \ 115 | git \ 116 | graphviz \ 117 | jpegoptim \ 118 | locales \ 119 | locales-all \ 120 | optipng \ 121 | pngquant \ 122 | poppler-utils \ 123 | webp \ 124 | ; \ 125 | \ 126 | # dependencies for building PHP extensions 127 | apt-get install -y \ 128 | libfreetype6-dev \ 129 | libwebp-dev \ 130 | ; \ 131 | \ 132 | # ImageMagick 133 | apt-get install -y \ 134 | imagemagick-7 \ 135 | libmagickwand-7-dev \ 136 | ; \ 137 | \ 138 | docker-php-ext-configure gd --enable-gd --with-freetype --with-jpeg --with-webp; \ 139 | docker-php-ext-install gd; \ 140 | \ 141 | pecl install -f \ 142 | apcu \ 143 | imagick \ 144 | redis \ 145 | ; \ 146 | docker-php-ext-enable \ 147 | apcu \ 148 | imagick \ 149 | redis \ 150 | ; \ 151 | \ 152 | build-cleanup.sh; \ 153 | \ 154 | ldconfig /usr/local/lib; \ 155 | \ 156 | sync 157 | 158 | CMD ["php-fpm"] 159 | 160 | 161 | 162 | 163 | FROM pimcore_php_default AS pimcore_php_max 164 | 165 | RUN set -eux; \ 166 | \ 167 | build-install.sh; \ 168 | \ 169 | apt-get install -y \ 170 | chromium-sandbox \ 171 | libc-client-dev \ 172 | libkrb5-dev \ 173 | libreoffice \ 174 | libxml2-dev \ 175 | openssl \ 176 | ; \ 177 | \ 178 | docker-php-ext-install \ 179 | soap \ 180 | ; \ 181 | docker-php-ext-enable \ 182 | soap \ 183 | ; \ 184 | \ 185 | build-cleanup.sh; \ 186 | \ 187 | sync 188 | 189 | CMD ["php-fpm"] 190 | 191 | 192 | 193 | 194 | FROM pimcore_php_default AS pimcore_php_debug 195 | 196 | RUN set -eux; \ 197 | \ 198 | build-install.sh; \ 199 | \ 200 | pecl install xdebug; \ 201 | docker-php-ext-enable xdebug; \ 202 | \ 203 | build-cleanup.sh; \ 204 | \ 205 | # For local development, it should be possible to use any local (Git) Composer repository - that's safe in debug image flavor 206 | git config --global --add safe.directory "*"; \ 207 | \ 208 | # Allow running as an arbitrary user, as the config will be changed through 209 | # the entrypoint.sh script 210 | chmod -R 0777 /usr/local/etc/php/conf.d/ 211 | 212 | ENV PHP_IDE_CONFIG serverName=localhost 213 | 214 | COPY --chmod=0755 files/entrypoint.sh /usr/local/bin/ 215 | 216 | ENTRYPOINT ["/usr/local/bin/entrypoint.sh"] 217 | CMD ["php-fpm"] 218 | 219 | 220 | 221 | 222 | FROM pimcore_php_default AS pimcore_php_supervisord 223 | 224 | RUN set -eux; \ 225 | \ 226 | apt-get update; \ 227 | apt-get install -y \ 228 | cron \ 229 | supervisor \ 230 | ; \ 231 | \ 232 | chmod gu+rw /var/run; \ 233 | chmod gu+s /usr/sbin/cron 234 | 235 | COPY files/conf/supervisord/supervisord.conf /etc/supervisor/supervisord.conf 236 | 237 | CMD ["/usr/bin/supervisord"] 238 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # Pimcore PHP Docker Image 2 | 3 | This is are customized PHP Docker images specifically optimized for running [Pimcore](https://github.com/pimcore/pimcore). 4 | It doesn't include the Pimcore software itself, it just provides an environment that fulfills all system requirements 5 | of Pimcore, so that you can leverage the full functionality. 6 | 7 | You can either use this image directly by mounting Pimcore into the container, or as a template for your customized 8 | ready-to-deploy images. 9 | 10 | ## Usage 11 | As a starting point please see [example docker-compose configuration](https://github.com/pimcore/skeleton/blob/HEAD/docker-compose.yaml). 12 | 13 | ## Image flavors 14 | We're providing different image flavors: 15 | - [`min`] PHP image for FPM and CLI with minimum requirements (e.g. `php8.2-min-latest`) 16 | - [`default`] PHP image for FPM and CLI incl. all optional dependencies (e.g. `php8.2-latest` or `php8.2-default-latest`) 17 | - [`max`] PHP image for FPM and CLI incl. all optional dependencies and additional extensions and software (e.g. `php8.2-max-latest`) 18 | - [`debug`] PHP debug image based on the `default` flavor, including preconfigured Xdebug for FPM and CLI (e.g. `php8.2-debug-latest`) 19 | - [`supervisord`] Supervisord image based on PHP image above, for cron & queue processing (e.g. `php8.2-supervisord-latest`) 20 | 21 | ## Versioning 22 | Our images are versioned using a version-suffix staring with `-v` following SemVer (e.g. `-v2.0`). 23 | With that we're able to allow smooth upgrades, breaking changes are only delivered with major versions. 24 | Additionally we're offering 2 special tag suffixes: 25 | - `-latest` always points to the latest available tag (recommended for local development) 26 | - `-dev` always points to the work in progress 27 | 28 | We're also offering special tags for specific PHP versions, e.g. `php8.2.5-v2.0`. 29 | 30 | ## Container registries 31 | Our images are available on both Docker Hub and the GitHub Container Registry, so you can choose the one that best fits your workflow. 32 | Use either of the following commands: 33 | `docker pull ghcr.io/pimcore/pimcore:php8.3-debug-v3-dev` or 34 | `docker pull pimcore/pimcore:php8.3-debug-v3-dev` 35 | 36 | 37 | ### Pimcore version compatibility & recommendations 38 | | Image / Pimcore | v10 | v11 | v2023.3 | v2024.4 |v2025.x 39 | |-----------------|-----|--|---------|---------|-----| 40 | | v1 | ✅ | ✅ | ✅ | ✅ |❌ | 41 | | v2 | ❌ | ✅ | ✅ | ✅ |❌ | 42 | | v3 | ❌ | ✅* | ✅* | ✅ |✅ | 43 | | v4 | ❌ | ❌ | ❌ | ✅* |✅* | 44 | 45 | > *) recommended version 46 | 47 | ## Examples 48 | 49 | ### PHP images 50 | ```text 51 | php8.2-latest # always use the latest PHP 8.2 image 52 | php8.2-v1 # always point to the latest minor version of v1 53 | php8.2-v1.0 # pin to specific image version, always using the latest bugfixes from PHP 8.2 54 | php8.2.5-v1.0 # pin to a specific PHP version & image version 55 | php8.2-dev # development image (build from the default branch) 56 | ``` 57 | 58 | ### PHP Debug images 59 | Same as PHP images, but using `-debug` after the PHP version: 60 | ```text 61 | php8.2-debug-latest 62 | php8.2-debug-v3 63 | ... 64 | ``` 65 | 66 | #### Configure Xdebug in your IDE 67 | 68 | The following configuration depends on the default [`docker-compose.yaml`](https://github.com/pimcore/skeleton/blob/11.x/docker-compose.yaml). 69 | 70 | ![How to configure Xdebug with Pimcore Docker image](./doc/xdebug.png) 71 | 72 | #### Use step-debugging 73 | 74 | - **Browser**: Install "Xdebug helper" browser extension for [Chrome](https://chrome.google.com/webstore/detail/xdebug-helper/eadndfjplgieldjbigjakmdgkmoaaaoc) or [Firefox](https://addons.mozilla.org/en-GB/firefox/addon/xdebug-helper-for-firefox/) and start debugging session in your tab. 75 | - **CLI**: Run your command like this: `docker compose exec -e XDEBUG_TRIGGER=PHPSTORM php bin/console` 76 | 77 | ### Supervisord 78 | Same as PHP images, but using `-supervisor` after the PHP version: 79 | ```text 80 | php8.2-supervisor-latest 81 | php8.2-supervisor-v3 82 | ... 83 | ``` 84 | -------------------------------------------------------------------------------- /SECURITY.md: -------------------------------------------------------------------------------- 1 | # Security Policy 2 | 3 | ## Reporting a Vulnerability 4 | 5 | If you think that you have found a security issue, 6 | don’t use the bug tracker and don’t publish it publicly. 7 | Instead, all security issues must be reported via a private vulnerability report. 8 | 9 | Please follow the [instructions](https://docs.github.com/en/code-security/security-advisories/guidance-on-reporting-and-writing-information-about-vulnerabilities/privately-reporting-a-security-vulnerability#privately-reporting-a-security-vulnerability) to submit a private report. 10 | 11 | 12 | ## Resolving Process 13 | Every submitted security issue is handled with top priority by following these steps: 14 | 15 | 1. Confirm the vulnerability 16 | 2. Determine the severity 17 | 3. Contact reporter 18 | 4. Work on a patch 19 | 5. Get a CVE identification number (may be done by the reporter or a security service provider) 20 | 6. Patch reviewing 21 | 7. Tagging a new release for supported versions 22 | 8. Publish security announcement 23 | -------------------------------------------------------------------------------- /doc/xdebug.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/pimcore/docker/9700f7008ed6373d326be80e50020b638eb973f0/doc/xdebug.png -------------------------------------------------------------------------------- /files/build-cleanup.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | 4 | apt-get remove -y autoconf automake libtool make cmake ninja-build pkg-config build-essential g++ gcc libicu-dev; 5 | apt-get clean 6 | rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* /usr/share/doc/* ~/.composer || true 7 | apt-get autoremove -y 8 | sync 9 | 10 | -------------------------------------------------------------------------------- /files/build-install.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | 4 | apt-get update; 5 | apt-get install -y autoconf automake libtool make cmake ninja-build pkg-config build-essential g++ gcc 6 | -------------------------------------------------------------------------------- /files/conf/php-fpm/php-fpm.conf: -------------------------------------------------------------------------------- 1 | ; File overwrites the original values with environment variables 2 | [www] 3 | listen = ${PHP_FPM_LISTEN} 4 | pm = ${PHP_FPM_PM} 5 | pm.max_children = ${PHP_FPM_PM_MAX_CHILDREN} 6 | pm.start_servers = ${PHP_FPM_PM_START_SERVERS} 7 | pm.min_spare_servers = ${PHP_FPM_PM_MIN_SPARE_SERVERS} 8 | pm.max_spare_servers = ${PHP_FPM_PM_MAX_SPARE_SERVERS} 9 | pm.max_requests = ${PHP_FPM_PM_MAX_REQUESTS} 10 | -------------------------------------------------------------------------------- /files/conf/php/php.ini: -------------------------------------------------------------------------------- 1 | memory_limit = ${PHP_MEMORY_LIMIT} 2 | max_execution_time = ${PHP_MAX_EXECUTION_TIME} 3 | error_reporting = ${PHP_ERROR_REPORTING} 4 | display_errors = ${PHP_DISPLAY_ERRORS} 5 | display_startup_errors = ${PHP_DISPLAY_STARTUP_ERRORS} 6 | post_max_size = ${PHP_POST_MAX_SIZE} 7 | upload_max_filesize = ${PHP_UPLOAD_MAX_FILESIZE} 8 | 9 | opcache.enable = ${OPCACHE_ENABLE} 10 | opcache.enable_cli = ${OPCACHE_ENABLE_CLI} 11 | opcache.memory_consumption = ${OPCACHE_MEMORY_CONSUMPTION} 12 | opcache.max_accelerated_files = ${OPCACHE_MAX_ACCELERATED_FILES} 13 | opcache.validate_timestamps = ${OPCACHE_VALIDATE_TIMESTAMPS} 14 | opcache.consistency_checks = ${OPCACHE_CONSISTENCY_CHECKS} 15 | -------------------------------------------------------------------------------- /files/conf/supervisord/supervisord.conf: -------------------------------------------------------------------------------- 1 | ; supervisor config file 2 | 3 | [supervisord] 4 | pidfile=/tmp/supervisord.pid ; (supervisord pidfile;default supervisord.pid) 5 | nodaemon=true 6 | logfile=/dev/null 7 | logfile_maxbytes=0 8 | 9 | [include] 10 | files = /etc/supervisor/conf.d/*.conf 11 | -------------------------------------------------------------------------------- /files/entrypoint.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # Override default configuration for xdebug v3.x. 4 | # See: https://xdebug.org/docs/all_settings 5 | cat << EOF > /usr/local/etc/php/conf.d/20-xdebug.ini 6 | xdebug.idekey = PHPSTORM 7 | xdebug.mode = debug 8 | EOF 9 | 10 | # if XDEBUG_HOST is manually set 11 | HOST="$XDEBUG_HOST" 12 | 13 | # OrbStack 14 | if [ -z "$HOST" ]; then 15 | HOST=`getent ahostsv4 host.internal | awk 'NR==1{ print $1 }'` 16 | fi 17 | 18 | # else if check if is Docker for Mac 19 | if [ -z "$HOST" ]; then 20 | HOST=`getent hosts docker.for.mac.localhost | awk '{ print $1 }'` 21 | fi 22 | 23 | # else get host ip 24 | if [ -z "$HOST" ]; then 25 | HOST=`/sbin/ip route|awk '/default/ { print $3 }'` 26 | fi 27 | 28 | # if we managed to determine HOST add it to the xdebug config. Otherwise use xdebug's 29 | # default config. 30 | if [ -n "$HOST" ]; then 31 | echo "xdebug.client_host = $HOST" >> /usr/local/etc/php/conf.d/20-xdebug.ini 32 | fi 33 | 34 | exec docker-php-entrypoint "$@" 35 | --------------------------------------------------------------------------------