initial commit

docker/php-fpm/entrypoint.sh

@@ -0,0 +1,19 @@
+#!/bin/sh
+set -euo pipefail
+
+# Entrypoint for php-fpm images.
+# If CHOWN_ON_START is set to '1' or 'true', recursively chown the webroot
+# to the 'app' user (UID 1000). This is optional and must be explicitly enabled
+# via environment (safer for multi-tenant hosts).
+
+: ${CHOWN_ON_START:=}
+if [ "${CHOWN_ON_START}" = "1" ] || [ "${CHOWN_ON_START}" = "true" ]; then
+  echo "[entrypoint] CHOWN_ON_START enabled — fixing ownership of /var/www/html"
+  # Only run chown if the directory exists
+  if [ -d /var/www/html ]; then
+    chown -R 1000:1000 /var/www/html || true
+  fi
+fi
+
+# Exec the given command (php-fpm by default)
+exec "$@"

docker/php-fpm/www.conf

@@ -0,0 +1,43 @@
+; Shared php-fpm pool configuration for containers
+; Designed to be reused across php-fpm versions in this repo
+
+[www]
+; Listen on TCP to be container-friendly
+listen = 0.0.0.0:9000
+
+; Run workers as the unprivileged 'app' user
+user = app
+group = app
+
+; Ensure socket ownership/mode if a socket is used
+listen.owner = app
+listen.group = app
+listen.mode = 0660
+
+; Process management
+pm = dynamic
+pm.max_children = 10
+pm.start_servers = 2
+pm.min_spare_servers = 1
+pm.max_spare_servers = 3
+pm.max_requests = 500
+
+; Timeouts and logging
+request_terminate_timeout = 300s
+request_slowlog_timeout = 5s
+slowlog = /var/log/php/www-slow.log
+
+; Helpful logging for debugging worker crashes
+catch_workers_output = yes
+access.log = /var/log/php/www-access.log
+
+; Keep environment variables (useful if you pass DB credentials via env)
+clear_env = no
+
+; Security and restart behaviour
+emergency_restart_threshold = 10
+emergency_restart_interval = 1m
+process_control_timeout = 10s
+
+; Ensure stdout/stderr are visible in container logs
+; php-fpm will already write logs to paths above; ensure the directory exists in image