So, CentOS 6 runs php 5.3 natively, isn’t it? Why not install it as an isolated instance in Docker, simply install php 5.3 with php-fpm, expose it’s socket and use it from outside the instance. Furthermore, Docker has a native Centos 6 image, so all comes out perfect.
Let’s install Docker:
yum install docker systemctl enable docker systemctl start docker
Now, create a Docker file somewhere in root/php53:
mkdir ~/php53 cd ~php53/ vim Dockerfile
…and paste this into the file:
FROM centos:6 RUN yum -y update && yum clean all RUN yum -y install php-* && yum clean all RUN sed -i -e 's/127.0.0.1:9000/\/home\/www\/php-fpm_sockets\/php53.socket/' /etc/php-fpm.d/www.conf RUN sed -i -e '/allowed_clients/d' /etc/php-fpm.d/www.conf RUN sed -i -e 's/\[www]/\[php53]/' /etc/php-fpm.d/www.conf RUN sed -i -e 's/\;date.timezone =/date.timezone = Europe\/Berlin/' /etc/php.ini RUN sed -i -e 's/listen.owner =/listen.owner = apache/' /etc/php-fpm.d/www.conf RUN sed -i -e 's/listen.group =/listen.group = apache/' /etc/php-fpm.d/www.conf RUN mkdir /home/www RUN chown apache: /var/run/php-fpm/ USER apache:apache ENTRYPOINT /usr/sbin/php-fpm --nodaemonize
…and save it.
What this will do, is to pull the CentOS 6 image from the Docker repo, and then isntall php-* (the idea behind this is to install all php packages. It will pull something more that starts with php-* but it doesn’t really matter).
You should check the sed’s and modify it to your own need. For example, my docu root is /home/www/html and my php sockets are in /home/www/php-fpm_sockets, also modify your time zone, etc.
The USER apache:apache tells Docker to run this whole thing as the apache user. In a standard setup, php-fpm is run as root and then it drops to some low priority user like nobody, or in my case apache (I like to run it as apache or nginx, depending on the user the web server is run under, so I don’t have to run it with 666 permissions). Nevermind, the problem that came out running it from a Docker instance, is that Docker itself is running as root, and although php-fpm did drop to apache user inside the instance, otside the instance it’s socket was root, which made me unconfortable – runnign insecure php53 apps as root is a security nightmare.
So, after all the modifications, let’s try to build this instance, and give the image a php53 tag:
docker build -t php53 .
This thould go without errors, and you should have a docker image ready for deployment. Now remember, in my case the documnet root and the php socker all start from /home/www so when starting the docker image, we’ll have to expose the base direcrory to php53-fpm can actually access the document root (which is outside the instance) and also, to let it put the php53-fpm.sock socket in the right directory.
docker run -v /home/www:/home/www php53
It should be ready to accept connections. If all goes well, you can run it detached (just stop it by pressing ctrl+C) and make it start each time docker is started (on reboot perhaps, etc):
docker run -d --restart="unless-stopped" -v /home/www:/home/www
Another discussion could be open on the subject, why did I use unix sockets instead of tcp ports. If you want a docker file with tcp ports, I’d be happy to create one for you, but as for me personally, I like to avoid the whole tcp/ip stack and go to a socket directly for speed.