php-fpm: refactor with deterministic config files & improved debug

php-fpm/7.4/Dockerfile

@@ -79,30 +79,16 @@ RUN addgroup -g 1000 app && \
 	mkdir -p /var/run/php /run/php /var/log/php && \
 	chown -R app:app /var/run/php /run/php /var/log/php
 
-# Minimal security / production tuning for opcache and PHP
-RUN set -eux; \
-	{ \
-	echo 'opcache.enable=1'; \
-	echo 'opcache.memory_consumption=128'; \
-	echo 'opcache.interned_strings_buffer=8'; \
-	echo 'opcache.max_accelerated_files=10000'; \
-	echo 'opcache.revalidate_freq=2'; \
-	echo 'opcache.fast_shutdown=1'; \
-	echo 'opcache.enable_file_override=0'; \
-	} > /usr/local/etc/php/conf.d/zz-opcache.ini; \
-	{ \
-	echo 'expose_php = Off'; \
-	echo 'display_errors = On'; \
-	echo 'log_errors = On'; \
-	echo 'error_log = /proc/self/fd/2'; \
-	} > /usr/local/etc/php/conf.d/zz-hardening.ini
+# Ship opinionated PHP configuration snippets from source control
+COPY php-fpm/conf.d/ /usr/local/etc/php/conf.d/
 
-# Copy the force-debug script and enable it
+# Copy the force-debug script (enablement is handled via conf.d/99-force-debug.ini)
 COPY --chown=app:app shared/php-fpm/force-debug.php /usr/local/etc/php/force-debug.php
-RUN echo 'auto_prepend_file = /usr/local/etc/php/force-debug.php' > /usr/local/etc/php/conf.d/zz-force-debug.ini
 
 # Copy pool configuration from this directory
 COPY --chown=app:app php-fpm/${BASE_VERSION}/www.conf /usr/local/etc/php-fpm.d/www.conf
+# Copy the global php-fpm configuration so logging defaults are predictable
+COPY php-fpm/${BASE_VERSION}/php-fpm.conf /usr/local/etc/php-fpm.conf
 
 # Copy entrypoint from shared path in repo root
 COPY --chown=root:root shared/php-fpm/entrypoint.sh /usr/local/bin/entrypoint.sh