v4.0.0-beta4

🐛 Bug fixes

• Fix "missing unzip" command in FrankenPHP images by @kohenkatz in #602
• fix(config): remove default port from apache http virtualhost by @ikerls in #608

⏫ Dependency updates

• Updated PHP extension install script to v2.9.18

New Contributors

• @kohenkatz made their first contribution in #602
• @ikerls made their first contribution in #608

Full Changelog: v4.0.0-beta3...v4.0.0-beta4

v4.0.0-beta3

🚀 Laravel Octane Support

Laravel Octane is now natively supported with our FrankenPHP variation. We created a native health check script to ensure your container is healthy when running Octane and also documented how you can add Octane to your project.

Add Octane to your project →

🔐 Let's Encrypt Support for FrankenPHP

Let's Encrypt is now natively supported with our FrankenPHP variation. We restructured our Caddyfile and documented the procedure how to easily get up and running with free and trusted SSL certificates without requiring another container.

Configure SSL for production →

🌍 A completely new documentation site

We completely rewrote our documentation site and improved the user experience dramatically. Not only did we add a ton of new documentation, we used many native Nuxt Content components to improve the experience when reading the docs.

It's even optimized to interact with LLMs 👀

View the preview site →

💪 Other enhancements

• Added variables like NGINX_HTTPS_PORT and APACHE_HTTPS_PORT to mimic how you can control ports by environment variable in FrankenPHP
• Added 5-fpm-pool-user.sh to automatically set the child process user when the containers run as root
• Added ability to see the FrankenPHP version on phpinfo() (#577)
• Moved health check SSL to be different from the container SSL (this prevents issues when you provide your own certificate)
• Changed default FrankenPHP log level to info (instead of warn)
• Improved health check messages on start up to not be as noisy for fpm-nginx and fpm-apache
• FPM-NGINX & FPM-APACHE: Set default FPM process control to ondemand for even lower resource usage by default

🤖 Developer Improvements

• Moved our "generate-ssl" script to be centralized so one script controls the SSL generation for fpm-nginx, fpm-apache, and frankenphp variations
• Improved the structure of the FrankenPHP Caddyfile to better reference snippets

🐛 Bug fixes

• FrankenPHP: Fixed an issue where SSL certificates would not generate because of a permission issue (#593)
• FPM-NGINX: Allow robots.txt to be dynamically generated by PHP (#589)

✋ Deprecation Notices

• Added a deprecation notice to Unit because NGINX is no longer maintaining the project

⚠️ Possible breaking changes (minor)

• FrankenPHP: Renamed variable CADDY_APP_PUBLIC_PATH to CADDY_SERVER_ROOT to better follow the experience from the official FrankenPHP images
• FrankenPHP: Renamed SSL_CERTIFICATE_KEY_FILE to SSL_PRIVATE_KEY_FILE to better match our other variations

🗣️ Further Discussion

Join the beta discussion →

Full Changelog: v4.0.0-beta2...v4.0.0-beta3

v4.0.0-beta2

🐛 Bug fix

• Fixed issue with missing pgrep on Debian variations of FrankenPHP by @arnaud-ritti in #571

New Contributors

• @arnaud-ritti made their first contribution in #571

Full Changelog: v4.0.0-beta1...v4.0.0-beta2

🗣️ Further Discussion

Join the beta discussion →

v4.0.0-beta1

⚡️ What's new

🧟‍♂️ FrankenPHP variations now added

The highly anticipated release of FrankenPHP is now available. These images come with many enhancements compared to the official FrankenPHP images.

Images are unprivileged by default

For best security practices, we're running things as www-data. This dramatically reduces your security footprint when running PHP in production. Because of this, we're listening on 8080 (HTTP) and 8443 (HTTPS). This follows the same design pattern as our other images.

Native health checks

Health checks are critical for ensureing zero-downtime deployments. Our images come "batteries included" with intelligent health check endpoints that can easily be customized with $HEALTHCHECK_PATH. By default, our images ensure /healthcheck is alive with Caddy, but you can change this variable to HEALTHCHECK_PATH=/up and it will use the built-in Laravel health check endpoint to ensure Laravel is actually ready to accept requests.

Extremely flexible and production-grade Caddyfile by default

The default FrankenPHP Caddyfile gives you enough to get started, but we spent a ton of time making sure that we're shipping production-grade and secure configurations by default. This includes:

1. Native CloudFlare support with trusted IP addresses
2. Performance and caching rules made available by default
3. Security headers included by default
4. Flexible and powerful logging defaults
5. Simple and intelligent self-signed certificate generation (but still allowing you to use Let's Encrypt if you wanted)

Designed for mass-scale production deployments

It's almost unbelievable and amazing how well FrankenPHP works with Caddy as a proxy. This tight integration allows you to do magical things like deploy trusted SSLs with Let's Encrypt. The only problem is, you probably have something else serving SSL termination and you most likely would not use that feature in a single container.

Our approach is "orchestrator first", meaning the image is designed for mass-scale in mind.

This means we're shipping the image assuming that you're doing TLS termination elsewhere. This makes it easier for you to scale and perform zero-downtime deployments:

flowchart TD
    A["Reverse Proxy 
    (Not FrankenPHP)"] -->C{Container Service}
    C -->|STOP| D[MyApp:v1]
    C -->|START| E[MyApp:v2]

Flexible environment configuration

Just like the experience with our other PHP variations, we also have things like SSL_MODE, LOG_OUTPUT_LEVEL, changing PHP INI settings with environment variables, all our helper scripts for changing permissions, etc. that make it a breeze for you to customize how the PHP image behaves.

More operating system variations

We are able to compile FrankenPHP by source, which allows us to open up support for many operating systems.

How tagging works
There's more to it, but in general the primary principle is:

{php-minor-version}-{variation}-{os-version}

This means we're offering FrankenPHP with the following operating systems:

1. trixie: Debian Trixie (13)
2. bookworm: Debian Bookworm (12)
3. alpine3.22: Alpine 3.22
4. alpine3.21: Alpine 3.21

🌎 New Environment Variables

The following environment variables are now available:

Environment Variable	Default	Authored By
AUTORUN_DEBUG	false	@jaydrogers
AUTORUN_LARAVEL_OPTIMIZE	true	@aSeriousDeveloper
AUTORUN_LARAVEL_MIGRATION_FORCE	true	@jaydrogers
AUTORUN_LARAVEL_MIGRATION_MODE	default	@jaydrogers
AUTORUN_LARAVEL_MIGRATION_SEED	false	@jaydrogers
AUTORUN_LARAVEL_MIGRATION_SKIP_DB_CHECK	false	@jaydrogers
NGINX_ACCESS_LOG	/dev/stdout	@robsontenorio
NGINX_CLIENT_MAX_BODY_SIZE	100M	@dlundgren
NGINX_ERROR_LOG	/dev/stderr	@robsontenorio
NGINX_LISTEN_IP_PROTOCOL	all	@yuuzukatsu, @jaydrogers
PHP_FPM_PM_MAX_REQUESTS	0	@ifaridjalilov, @thueske
PHP_FPM_PM_STATUS_PATH	/status	@jaydrogers
PHP_MAX_INPUT_VARS	1000	@RadeJR
PHP_OPCACHE_ENABLE_FILE_OVERRIDE	0	@jaydrogers
PHP_OPCACHE_FORCE_RESTART_TIMEOUT	180	@aSeriousDeveloper, @jaydrogers
PHP_OPCACHE_JIT	off	@aSeriousDeveloper, @jaydrogers
PHP_OPCACHE_JIT_BUFFER_SIZE	0	@aSeriousDeveloper, @jaydrogers
PHP_OPCACHE_SAVE_COMMENTS	1	@aSeriousDeveloper, @jaydrogers
PHP_OPCACHE_VALIDATE_TIMESTAMPS	1	@aSeriousDeveloper, @jaydrogers
PHP_REALPATH_CACHE_TTL	120	@jaydrogers
PHP_ZEND_DETECT_UNICODE	null	@jaydrogers
PHP_ZEND_MULTIBYTE	Off	@jaydrogers

🤩 New Features

Laravel Automations Script Improvements

The Laravel Automations script has been completely refactored to make it easier to support advanced Laravel features. Tons of new features are now available:

"php artisan optmize" now run by default

Instead of setting AUTORUN_LARAVEL_ROUTE_CACHE, AUTORUN_LARAVEL_VIEW_CACHE etc, we use AUTORUN_LARAVEL_OPTIMIZE by default, which calls php artisan optimize. Readjusting our logic to this new structure not only simplifies our approach to follow Laravel's best practices, it allows you to hook into the optimize command if you need to use it for your own application.

If you don't want to use php artisan optimize or if you're running an older version of Laravel, no sweat! Our refactored approach is backwards compatible and you can enable/disable certain functions by just setting your desired values to AUTORUN_LARAVEL_ROUTE_CACHE, AUTORUN_LARAVEL_VIEW_CACHE etc.

Added support for "migration modes"

We now support different migration modes of refresh or fresh by Laravel. This is super helpful if you need to seed a preview environment.

Migration Mode	Description
default (our default behavior)	Runs php artisan migrate - standard forward migrations
fresh	Runs php artisan migrate:fresh - drops all tables and re-runs migrations
refresh	Runs php artisan migrate:refresh - rolls back and re-runs migrations

Specify which database connections to run migrations with

If you run multiple databases with a multi-tenant Laravel application, you may need to specify your exact database connection that you'd like to use. We created AUTORUN_LARAVEL_MIGRATION_DATABASE so you can set the configuration name of the database connection you'd like to run migrations on (ie. mysql). Supports running against multiple databases too (ie. mysql,pgsql).

Added "--seed" option to migrations

Laravel has a helpful flag of --seed that you can run with php artisan migrate that will indicate if the seed task should be re-run. If you need this, just set AUTORUN_LARAVEL_MIGRATION_SEED to true.

Easier debugging

If you're running into issues with automations, set AUTORUN_DEBUG to true and you'll get helpful output to help you figure out why you're running into issues.

Control NGINX IP listening protocols with NGINX_LISTEN_IP_PROTOCOL

Are you running an IPv6 only cluster with fpm-nginx? Now you can set NGINX_LISTEN_IP_PROTOCOL: ipv6 and NGINX will listen on IPv6 stacks only. Same thing works if you set it to ipv4, then IPv6 will be disabled.

Great for Kubernetes clusters! 🤓

Default behavior is to keep a non-breaking change of all which will listen on IPv4 and IPv6.

🧘‍♂️ Quality Of Life Improvements

Improved health checks

A brilliant PR by @aSeriousDeveloper was merged which dramatically improves our "definition of healthy", especially on container start up. This approach utilizes start-period and start-interval which will give us more accurate readings and flexibility for container start up.

Option	Description	Old Value	New Value
start-period	start period provides initialization time for containers that need time to bootstrap. Probe failure during that period will not be counted towards the maximum number of retries. However, if a health check succeeds during the start period, the container is considered started and all consecutive failures will be counted towards the maximum number of retries.	-	60s
start-interval	start interval is the time between health checks during the start period.	-	3s
timeout	If a single run of the check takes longer than timeout seconds then the check is considered to have failed.	3s	3s
retries	It takes retries consecutive failures of the health check for the container to be considered unhealthy.	3	3
interval	The health check will first run interval seconds after the container is started, and then again interval seconds after each previous check completes.	5s	10s

Startup and Entrypoint Scripts

• Changed approach to executing entrypoint.d scripts so we can gracefully handle exit 0 in a entrypoint script
• Re-designed container start up info script

Changing file permissions (docker-php-serversideup-set-file-permissions)

• Added automated service detection (--service is now optional)
• Added --dir parameter for specifying extra directories (you can specify multiple --dir flags for multiple directories)

Quiet health check access logs

• Improved fpm-nginx and fpm-apache logs to never show access log output for any request$HEALTHCHECK_PATH. Things are much quieter now 😃

🐛 Bug Fixes

All images

• Fixed deprecation notices for session.sid_bits_per_character and session.sid_length (using PHP defaults now) (#560)

S6-based ima...

v3.6.1

🐛 Bug fix

• Fixed bug with Alpine OS support for PHP 8.1 (only): We were offering Alpine 3.22 but the official PHP Docker images support Alpine 3.21 (#565)

Full Changelog: v3.6.0...v3.6.1

v3.6.0

🤩 What's new

All images

• Adds support for Debian Trixie 🥳
• Greatly expanded support for many different versions of operating systems (Alpine 3.22, 3.21, etc)

FPM-NGINX

• Changes fpm-nginx to install from the official NGINX repos with specific version pinning

Unit

• Bumped NGINX Unit to v1.34.2

🐛 Bug Fixes

• Fixed issue where Alpine images were the /run directory was not being changed when running docker-php-serversideup-set-file-permissions

🤖 CI Improvements

• Adds CI runners from depot.dev -- who graciously offered this service to us at no charge 🙏
• Improves CI running process where it runs a build but can "fallback" to a previous minor version if PHP hasn't published a Docker image yet

⏫️ Upstream Dependencies

• Bumped mlocati/docker-php-extension-installer to v2.9.4
• Bumped S6 Overlay to v3.2.1.0
• Bumped php-fpmhealthcheck to v0.6.0

Full Changelog: v3.5.2...v3.6.0

v3.6.0-beta2

🤩 What's new

All images

• Adds support for Debian Trixie 🥳
• Greatly expanded support for many different versions of operating systems (Alpine 3.22, 3.21, etc)

FPM-NGINX

• Changes fpm-nginx to install from the official NGINX repos with specific version pinning

Unit

• Bumped NGINX Unit to v1.34.2

🐛 Bug Fixes

• Fixed issue where Alpine images were the /run directory was not being changed when running docker-php-serversideup-set-file-permissions

🤖 CI Improvements

• Adds CI runners from depot.dev -- who graciously offered this service to us at no charge 🙏
• Improves CI running process where it runs a build but can "fallback" to a previous minor version if PHP hasn't published a Docker image yet

⏫️ Upstream Dependencies

• Bumped mlocati/docker-php-extension-installer to v2.8.0
• Bumped S6 Overlay to v3.2.1.0
• Bumped php-fpmhealthcheck to v0.6.0

v3.5.2

🛠️ CI Improvement

• re-enable the weekly image builds cron by @tomschlick in #505
• Added specific step for checking out tagged releases

Full Changelog: v3.5.1...v3.5.2

v3.5.2-beta1

🛠️ CI Improvement

• Enabled weekly builds. Added specific step for checking out tagged releases

Full Changelog: v3.5.1...v3.5.2-beta1

v3.5.1

🤩 What's new

• Updated docker-php-extension-installer to v2.7.0 for Imagick support on PHP 8.4 🥳