From 475cae5b0e17ba8f1ca56b914b87889de130716c Mon Sep 17 00:00:00 2001 From: Akira Yamamoto <3007213+akirayamamoto@users.noreply.github.com> Date: Mon, 27 Apr 2026 09:46:22 +1000 Subject: [PATCH 1/2] EXPERIMENT: drop FROM php:8-alpine in favor of FROM alpine:3.21 The current Dockerfile.alpine pulls FROM php:8-alpine and then `apk add php-apache2`. The result is two PHP installs side by side: the docker-library PHP at /usr/local/bin/php (~30 MB, never used by Apache) and the apk-installed PHP at /usr/bin/php (which mod_php actually loads). Pinning a fresh Alpine release and installing the apk packages directly drops the dead /usr/local/bin/php install entirely. Expected wins: - Smaller image (~30 MB less; 2024 baseline was ~120 MB) - One PHP binary, no $PATH ambiguity - Cleaner story for any follow-up that touches PHP config --- Dockerfile.alpine | 9 ++------- 1 file changed, 2 insertions(+), 7 deletions(-) diff --git a/Dockerfile.alpine b/Dockerfile.alpine index 1a99be981..472d5e39a 100755 --- a/Dockerfile.alpine +++ b/Dockerfile.alpine @@ -1,7 +1,8 @@ -FROM php:8-alpine +FROM alpine:3.23 RUN apk add --quiet --no-cache \ bash \ apache2 \ + php \ php-apache2 \ php-ctype \ php-phar \ @@ -15,12 +16,6 @@ RUN apk add --quiet --no-cache \ php-session \ php-sqlite3 -# # use docker-php-extension-installer for automatically get the right packages installed -# ADD --chmod=0755 https://github.com/mlocati/docker-php-extension-installer/releases/latest/download/install-php-extensions /usr/local/bin/ - -# # Install extensions -# RUN install-php-extensions iconv gd pdo pdo_mysql pdo_pgsql pgsql - RUN ln -sf /dev/stdout /var/log/apache2/access.log && \ ln -sf /dev/stderr /var/log/apache2/error.log From 8c22140ebb010a253bad7c3aa4f3bcffb45c2e72 Mon Sep 17 00:00:00 2001 From: Akira Yamamoto <3007213+akirayamamoto@users.noreply.github.com> Date: Mon, 27 Apr 2026 14:27:46 +1000 Subject: [PATCH 2/2] Make ca-certificates dependency explicit ca-certificates-bundle (which provides /etc/ssl/certs/ca-certificates.crt) is already pulled in transitively by apache2 / php-apache2 on alpine:3.23, so live HTTPS calls from PHP work today (verified with file_get_contents against ipinfo.io). But the master image (FROM php:8-alpine) installs the full ca-certificates package explicitly, and operators with IPINFO_APIKEY configured rely on outbound HTTPS. Make the dependency explicit to: * Match master's package set rather than relying on a transitive pull that some future apk dep change could drop. * Document the runtime TLS requirement at the Dockerfile level instead of leaving it implicit. ~50 KB image-size cost; the umbrella ca-certificates package adds the update-ca-certificates CLI on top of the bundle. Per Qodo's review on PR #800. --- Dockerfile.alpine | 1 + 1 file changed, 1 insertion(+) diff --git a/Dockerfile.alpine b/Dockerfile.alpine index 472d5e39a..e492a83f8 100755 --- a/Dockerfile.alpine +++ b/Dockerfile.alpine @@ -2,6 +2,7 @@ FROM alpine:3.23 RUN apk add --quiet --no-cache \ bash \ apache2 \ + ca-certificates \ php \ php-apache2 \ php-ctype \