Add Debian 13 Trixie

Author: macropin

.github/workflows/multi-build-push.yml

@@ -19,12 +19,12 @@ jobs:
   build_and_push:
     strategy:
       matrix:
-        version: ["debian12", "debian11"]
+        version: ["debian13", "debian12", "debian11"]
 
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
 
       - name: Get repo name
         id: image_name

LICENSE

@@ -1,6 +1,6 @@
 The MIT License (MIT)
 
-Copyright (c) 2015-2024 Volt Grid Pty Ltd
+Copyright (c) 2015-2025 Volt Grid Pty Ltd
 
 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to deal

Makefile

@@ -1,4 +1,4 @@
-SUBDIRS := centos7 centos7-develop debian9 debian10 debian11 debian12 sid
+SUBDIRS := centos7 centos7-develop debian9 debian10 debian11 debian12 debian13 sid
 
 .PHONY: build push clean
 

README.md

@@ -10,6 +10,7 @@ These images are available from the [Docker Hub](https://hub.docker.com/r/panubo
 
 - [Debian 11 (Bullseye) Base](/debian11) - Recommended for PHP applications that require PHP 7.4
 - [Debian 12 (Bookworm) Base](/debian12) - Recommended for PHP applications that require PHP 8.2
+- [Debian 13 (Trixie) Base](/debian13) - Recommended for PHP applications that require PHP 8.4
 
 ## Development Images
 

debian13/.dockerignore

@@ -0,0 +1,2 @@
+*.md
+test

debian13/Dockerfile

@@ -0,0 +1,137 @@
+# Panubo PHP-Apache
+#
+# Debian bookworm
+# PHP 8.4
+# Apache 2.4
+# Mongo support
+#
+
+FROM debian:13
+
+# Component Versions
+ENV \
+  BASHCONTAINER_VERSION=0.8.0 BASHCONTAINER_SHA256=0ddc93b11fd8d6ac67f6aefbe4ba790550fc98444e051e461330f10371a877f1 \
+  PHPEXTRAS_VERSION=0.1.0 PHPEXTRAS_SHA256=515af5789d5180123acfac9b1090f46e07f355c8df51a34e27ada5f7da0495cc
+
+# Change the www-data use to uid and gid 48 to match other containers
+RUN \
+  usermod -u 48 www-data && \
+  groupmod -g 48 www-data
+
+# Install bash-container functions
+RUN set -x \
+  && if ! command -v wget > /dev/null; then \
+      fetchDeps="${fetchDeps} wget"; \
+     fi \
+  && apt-get update \
+  && apt-get install -y --no-install-recommends ca-certificates curl ${fetchDeps} \
+  && cd /tmp \
+  && wget -nv https://github.com/panubo/bash-container/releases/download/v${BASHCONTAINER_VERSION}/panubo-functions.tar.gz \
+  && echo "${BASHCONTAINER_SHA256}  panubo-functions.tar.gz" > /tmp/SHA256SUM \
+  && ( cd /tmp; sha256sum -c SHA256SUM || ( echo "Expected $(sha256sum panubo-functions.tar.gz)"; exit 1; )) \
+  && tar --no-same-owner -C / -zxf panubo-functions.tar.gz \
+  && rm -rf /tmp/* \
+  && apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false ${fetchDeps} \
+  && apt-get clean \
+  && rm -rf /var/lib/apt/lists/* \
+  ;
+
+# Install gomplate
+RUN set -x \
+  && GOMPLATE_VERSION=v4.3.3 \
+  && GOMPLATE_CHECKSUM_X86_64=ca281666e86f2f09218c1653e1908f572c0e349e9de64cb4ea93ade9333f0596 \
+  && GOMPLATE_CHECKSUM_AARCH64=25bd73720ff470cec0dfaa31ca2c436b30f86142db9af68382ce64e0f3e7b9c5 \
+  && if [ "$(uname -m)" = "x86_64" ] ; then \
+        GOMPLATE_CHECKSUM="${GOMPLATE_CHECKSUM_X86_64}"; \
+        GOMPLATE_ARCH="amd64"; \
+      elif [ "$(uname -m)" = "aarch64" ]; then \
+        GOMPLATE_CHECKSUM="${GOMPLATE_CHECKSUM_AARCH64}"; \
+        GOMPLATE_ARCH="arm64"; \
+      fi \
+  && curl -sSf -o /tmp/gomplate_linux-${GOMPLATE_ARCH} -L https://github.com/hairyhenderson/gomplate/releases/download/${GOMPLATE_VERSION}/gomplate_linux-${GOMPLATE_ARCH} \
+  && echo "${GOMPLATE_CHECKSUM}  gomplate_linux-${GOMPLATE_ARCH}" > /tmp/SHA256SUM \
+  && ( cd /tmp; sha256sum -c SHA256SUM || ( echo "Expected $(sha256sum gomplate_linux-${GOMPLATE_ARCH})"; exit 1; )) \
+  && install -m 0755 /tmp/gomplate_linux-${GOMPLATE_ARCH} /usr/local/bin/gomplate \
+  && rm -f /tmp/* \
+  ;
+
+# Install PHP Extras
+RUN set -x \
+  && if ! command -v wget > /dev/null; then \
+      fetchDeps="${fetchDeps} wget"; \
+     fi \
+  && apt-get update \
+  && apt-get install -y --no-install-recommends ${fetchDeps} \
+  && cd /tmp \
+  && wget -nv https://github.com/panubo/php-extras/releases/download/v${PHPEXTRAS_VERSION}/php-extras.tar.gz \
+  && echo "${PHPEXTRAS_SHA256}  php-extras.tar.gz" > /tmp/SHA256SUM \
+  && ( cd /tmp; sha256sum -c SHA256SUM || ( echo "Expected $(sha256sum php-extras.tar.gz)"; exit 1; )) \
+  && mkdir -p /usr/share/php/ \
+  && tar --no-same-owner -C /usr/share/php/ -zxf php-extras.tar.gz \
+  && rm -rf /tmp/* \
+  && apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false ${fetchDeps} \
+  && apt-get clean \
+  && rm -rf /var/lib/apt/lists/* \
+  ;
+
+# Install main packages
+# IMAP not available
+# ref: https://www.reddit.com/r/debian/comments/1mu271u/php_84_desperately_need_imap_support/
+# php8.4-imap \
+RUN \
+  export DEBIAN_FRONTEND=noninteractive && \
+  apt-get update && \
+  apt-get install --no-install-recommends --no-install-suggests -y wget curl ca-certificates git gnupg openssh-client msmtp-mta apache2 libapache2-mod-xsendfile imagemagick ghostscript s6 \
+  php8.4-apcu \
+  php8.4-cli \
+  php8.4-curl \
+  php8.4-dom \
+  php8.4-fpm \
+  php8.4-gd \
+  php8.4-igbinary \
+  php8.4-imagick \
+  php8.4-intl \
+  php8.4-ldap \
+  php8.4-mbstring \
+  php8.4-memcached \
+  php8.4-mongodb \
+  php8.4-mysql \
+  php8.4-pgsql \
+  php8.4-pspell \
+  php8.4-redis \
+  php8.4-sqlite \
+  php8.4-xmlrpc \
+  php8.4-zip && \
+  apt-get clean && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* /var/www/html/*
+
+# Configure
+RUN \
+  mkdir -p /root/.ssh && \
+  echo "Host *\n\tStrictHostKeyChecking no\n" >> /root/.ssh/config && \
+  sed -i -e '/^session.save_/ s/^/;/' /etc/php/8.4/*/php.ini && \
+  touch /etc/php/8.4/mods-available/auto.ini && \
+  touch /var/log/msmtp.log && \
+  chown www-data:www-data /var/log/msmtp.log && \
+  sed -i -r 's/^Listen.*/Listen 8000/g' /etc/apache2/ports.conf && \
+  sed -i 's/^error_log.*/error_log = \/dev\/stderr/' /etc/php/8.4/fpm/php-fpm.conf && \
+  sed -i -E 's/^;?systemd_interval.*/systemd_interval = 0/' /etc/php/8.4/fpm/php-fpm.conf && \
+  mv /etc/php/8.4/fpm/pool.d/www.conf /etc/php/8.4/fpm/pool.d/www.conf_orig && \
+  mkdir -p /var/log/php-fpm
+
+# Copy configs and templates
+COPY etc /etc
+COPY root /
+
+# Enable modules / configs
+RUN \
+  phpenmod session mongodb && \
+  a2dissite 000-default && \
+  a2disconf security other-vhosts-access-log && \
+  phpenmod auto && \
+  a2enconf php8.4-fpm && \
+  a2enmod proxy_fcgi remoteip rewrite headers
+
+ENV TMPDIR=/var/tmp TERM=dumb
+EXPOSE 8000
+ENTRYPOINT ["/entry.sh"]
+CMD ["s6"]

debian13/Makefile

@@ -0,0 +1,37 @@
+NAME = php-apache
+TAG = $(shell basename $(shell pwd))
+IMAGE_NAME := panubo/$(NAME)
+
+.PHONY: help build buildarm buildamd push clean bash run
+
+help:
+	@printf "$$(grep -hE '^\S+:.*##' $(MAKEFILE_LIST) | sed -e 's/:.*##\s*/:/' -e 's/^\(.\+\):\(.*\)/\\x1b[36m\1\\x1b[m:\2/' | column -c2 -t -s :)\n"
+
+build:  ## build image
+	docker build --pull -t $(IMAGE_NAME):$(TAG) .
+
+buildarm:  ## build image
+	docker build --platform=linux/arm64 --pull -t $(IMAGE_NAME):$(TAG) .
+
+buildamd:  ## build image
+	docker build --platform=linux/amd64 --pull -t $(IMAGE_NAME):$(TAG) .
+
+push: ## Push image to registry
+	docker tag $(IMAGE_NAME):$(TAG) docker.io/$(IMAGE_NAME):latest
+	docker push $(IMAGE_NAME):$(TAG)
+	docker push $(IMAGE_NAME):latest
+
+clean: ## Remove built image
+	docker rmi $(IMAGE_NAME):$(TAG)
+
+bash: ## Runs bash in the container
+	docker run --rm -it -v $(shell pwd)/test:/srv/remote $(IMAGE_NAME):$(TAG) bash
+
+run: ## Runs the container with test data
+	docker run --rm -it -p 8000:8000 -v $(shell pwd)/test:/srv/remote --name $(NAME) $(IMAGE_NAME):$(TAG)
+
+_ci_test:
+	true
+
+_ci_version:
+	@echo $(TAG)

debian13/README.md

@@ -0,0 +1,134 @@
+# PHP-Apache Debian 13 (Trixie)
+
+This is an Apache and php-fpm image:
+
+- Base: Debian 13 (Trixie)
+- Apache httpd: 2.4
+- PHP: 8.4
+
+This image is designed to be quite configurable and as such is good for getting
+started but probably not a great base if you want a highly optimised container.
+This image also expects to be used behind a load balancer and as such does not
+listen on port 80 but instead port 8000. Also make note of how to handle SSL
+offloading to the load balancer and how this affects .htaccess rules.
+
+Note: Unlike the other images this does not provide php-imap due to Debian packaging issues.
+
+## Options:
+
+All options are optional.
+The values shown here are the defaults. The options listed here are also case sensitive.
+
+### Global
+
+```
+timeout = 30
+TZ = UTC
+```
+
+### HTTPD
+
+```
+httpd_remoteipheader = X-Forwarded-For
+httpd_remoteipinternalproxy = (unset)
+
+# Subdirectory within the git repository that contains the site root eg 'www'
+httpd_root = (unset)
+
+# If unset the following is used
+RemoteIPInternalProxy 10.0.0.0/8
+RemoteIPInternalProxy 172.16.0.0/12
+RemoteIPInternalProxy 192.168.0.0/16
+```
+
+### PHP/PHP-FPM
+
+```
+phpopts_ = (unset)
+
+# phpopts Examples
+phpopts_short_open_tag = off
+phpopts_post_max_size = 8M
+phpopts_upload_max_filesize = 2M
+phpopts_memory_limit = 128M
+
+# PHP Cache options
+php_cache = (opcache|none) default is opcache, none doesn't load any cache extensions.
+php_apc_shm_size = 64M # This is for the apcu extension
+php_opcache_memory_consumption = 128
+php_opcache_revalidate_freq = 2
+
+# PHP Session options
+php_session_save_handler = (unset)
+php_session_save_path = (unset)
+
+# PHP Session examples
+php_session_save_handler = redis
+php_session_save_path = "tcp://host1:6379?weight=1, tcp://host2:6379?weight=2&timeout=2.5, tcp://host3:6379?weight=2"
+
+php_session_save_handler = memcached
+php_session_save_path = "host:11211"
+
+# PHP-FPM options
+phpfpm_pm_max_children = 3
+phpfpm_pm_max_requests = 500
+```
+
+### Email/msmtp
+
+msmtp expects a from address to be set either via environment variable (`msmtp_from`) or
+in the php mail() function. eg. `mail('nobody@example.com', 'the subject',
+'the message', null, '-fwebmaster@example.com');`
+
+msmtp also need a host to send email via, it does not queue and forward mail
+like postfix or exim. This could be defined via a docker link `--link
+smtp:smtp`
+
+```
+msmtp_host = SMTP_PORT_25_TCP_ADDR or mail
+msmtp_port = SMTP_PORT_25_TCP_PORT or 25
+msmtp_from = (unset)
+msmtp_user = (unset)
+msmtp_pass = (unset)
+```
+
+## PHP Pre Execution
+
+PHP pre-execution helpers are included in this image. See
+[PHP Extras](https://github.com/panubo/php-extras) for more information.
+
+Set `auto_prepend_file=xxxx_prepend.php` to enable.
+
+## SSL Offloading
+
+This container should be used behind a load balancing reverse proxy and as such
+SSL should be offloaded to the load balancer. However, this can cause issues
+when your applications want to know if they are being served over SSL as the
+local webserver cannot determine this. Below are workarounds for the two most common
+issues.
+
+If you want to redirect users from a non-ssl connection to a SSL connection with
+htaccess and mod_rewrite the following rules work both behind an SSL offloading
+load balancer and also when the local webserver is handling the SSL.
+
+```
+<IfModule mod_rewrite.c>
+	RewriteEngine on
+	RewriteCond %{HTTP:X-Forwarded-Proto} !=https
+	RewriteCond %{HTTPS} !=on
+	RewriteRule ^(.*) https://%{HTTP_HOST}/$1 [R=301,L]
+</IfModule>
+```
+
+Some PHP application also check they are running on an SSL connection. As the
+local webserver doesn't set $_SERVER['HTTPS'] correctly when behind a proxy the
+following code can be used to fix the issue.
+
+```php
+/* Set _SERVER['HTTPS'] correctly when behind a proxy setting HTTP_X_FORWARDED_PROTO */
+if (isset($_SERVER['HTTP_X_FORWARDED_PROTO']) && $_SERVER['HTTP_X_FORWARDED_PROTO'] == 'https') {
+    $_SERVER['HTTPS'] = 'on';
+}
+```
+
+or set `auto_prepend_file=SSLHelper_prepend.php` to use the SSL Helper from the [PHP Extras](https://github.com/panubo/php-extras) repo.

debian13/etc/apache2/conf-available/php8.4-fpm.conf.tmpl

@@ -0,0 +1,37 @@
+{{- define "get_httpd_root" -}}
+  {{ if getenv "httpd_root" -}}/var/www/html/{{ getenv "httpd_root" }}{{ else }}/var/www/html{{ end }}
+{{- end -}}
+
+DocumentRoot "{{- template "get_httpd_root" -}}"
+<Directory "{{- template "get_httpd_root" -}}">
+    Options Indexes FollowSymLinks
+    AllowOverride All
+    Require all granted
+</Directory>
+
+RemoteIPHeader {{ getenv "httpd_remoteipheader" "X-Forwarded-For" }}
+{{ if getenv "httpd_remoteipinternalproxy" -}}
+RemoteIPInternalProxy {{ getenv "httpd_remoteipinternalproxy" }}
+{{ else -}}
+RemoteIPInternalProxy 10.0.0.0/8
+RemoteIPInternalProxy 172.16.0.0/12
+RemoteIPInternalProxy 192.168.0.0/16
+{{ end -}}
+
+DirectoryIndex index.php index.html index.htm
+
+<LocationMatch "^/(.*\.php)$">
+  ProxyPass fcgi://127.0.0.1:9000{{- template "get_httpd_root" -}}/$1 connectiontimeout=10 timeout={{ getenv "timeout" "30" }}
+</LocationMatch>
+
+<FilesMatch "\.ph(p[345]?|t|tml|ps)$">
+   Require all denied
+</FilesMatch>
+
+LogFormat "%a %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
+
+CustomLog "/dev/stdout" combined
+ErrorLog "/dev/stderr"
+
+ServerTokens Minor
+ServerSignature On