12

I've dockerised a wordpress application, now I'm being a purist and don't want to include nginx in the docker container and don't want to share any state between the nginx container and php-fpm container.

I want to run php-fpm as a standalone webserver (like unicorn in ruby or gunicorn in python) serving all the content (html, css and images) for the wordpress site. And run a nginx reverse proxy in front off it (caching static content). That way I can keep the separation of concerns and I don't have nginx forwarding traffic to and nginx server.

The default configuration for php-fpm only allows php files to be processed. Can the php-fpm conf that be changed? How? Is it a good idea?

Martinffx
  • 277
  • 3
  • 5

2 Answers2

8

You could, but the performance would be terrible, since everything would go through the PHP interpreter. This would also introduce an obvious, massive security problem.

This is exactly the sort of scenario in which you should be using shared data volumes.

Michael Hampton
  • 244,070
  • 43
  • 506
  • 972
  • PHP should run coden only in `` and .php files, shouldn't? Or FPM will interpret everything including .jpg or .txt? – Bobík Apr 21 '17 at 17:49
  • There is no reason why performance would be terrible. If you need to protect access to a file, it's normal to check access by PHP and if it's a public file then PHP application should set cache HTTP headers so any cache proxy could improve perfs. – Charles-Édouard Coste Sep 24 '18 at 16:59
  • 1
    @Charles-ÉdouardCoste Even if you check access in PHP code, you generally would not have PHP serve the file itself. It's not very fast at that. You would [pass that back to Apache or nginx](https://idiallo.com/blog/making-php-as-fast-as-nginx-or-apache). – Michael Hampton Sep 24 '18 at 17:14
  • It is quite easy to add `` as a comment into GIF files. Then you simply let the website display the picture and you are in. – Josef Kufner Feb 28 '21 at 11:02
1

You can use a TCP socket connection between nginx and php-fpm, then you can run those in different containers. Just specify fastcgi_pass fastcgi://php-fpm-ip:port in your nginx configuration.

Then, using shared data volumes you can access the files from same place.

Tero Kilkanen
  • 36,796
  • 3
  • 41
  • 63
  • I'm trying to avoid shared data volumes – Martinffx Sep 26 '16 at 12:30
  • Well, then you can have the static data in another container and PHP files in another one. Passing the requests for these files via PHP causes overhead and will make your website slower. Or you can run `lsyncd` or similar utility to sync the files between app container and nginx container. Anyway, this is a bad idea, since it introduces unnecessary complexity for no visible benefit. – Tero Kilkanen Sep 26 '16 at 15:50