acc-docker-knowledge
SKILL.md
Docker Knowledge Base
Quick reference for Docker patterns and PHP-specific guidelines.
Core Concepts
┌─────────────────────────────────────────────────────────────────┐
│ DOCKER FOR PHP │
├─────────────────────────────────────────────────────────────────┤
│ │
│ Dockerfile → Build image instructions │
│ docker-compose.yml → Multi-container orchestration │
│ .dockerignore → Build context exclusions │
│ entrypoint.sh → Container startup logic │
│ nginx.conf → Reverse proxy for PHP-FPM │
│ php.ini → PHP runtime configuration │
│ supervisord.conf → Process management │
│ │
│ Multi-Stage Build: │
│ ┌──────────┐ ┌──────────┐ ┌──────────┐ │
│ │ composer │ │ php-ext │ │production│ │
│ │ deps │──│ builder │──│ final │ │
│ └──────────┘ └──────────┘ └──────────┘ │
│ │
└─────────────────────────────────────────────────────────────────┘
PHP Docker Image Types
| Image | Use Case | Size |
|---|---|---|
php:8.4-fpm-alpine |
Production (FPM) | ~50MB |
php:8.4-cli-alpine |
CI/workers | ~45MB |
php:8.4-fpm |
Production (Debian) | ~150MB |
php:8.4-cli |
CI/workers (Debian) | ~140MB |
php:8.4-apache |
Simple deployments | ~160MB |
Quick Checklists
Dockerfile Checklist
- Multi-stage build (deps → build → production)
- Alpine base image when possible
- Pinned version tags (not
latest) - BuildKit syntax header
- Non-root user
- Health check defined
-
.dockerignorepresent - Composer deps installed before source copy
- Production PHP config (
php.ini-production) - OPcache enabled and configured
- No secrets in build args or layers
Docker Compose Checklist
- Health checks for all services
- Named volumes for persistent data
- Environment variables via
.envfile - Dependency ordering with
depends_on+condition - Resource limits defined
- Networks segmented (frontend/backend)
- No hardcoded passwords
Security Checklist
- Non-root user (
USER app) - Read-only root filesystem where possible
- No secrets in Dockerfile or image
- Minimal base image
- No unnecessary packages
- Capabilities dropped
- No privileged mode
Common Violations Quick Reference
| Violation | Where | Severity |
|---|---|---|
FROM php:latest |
Dockerfile | High |
COPY . . before deps install |
Dockerfile | High |
| Running as root | Dockerfile | High |
| Secrets in ENV/ARG | Dockerfile | Critical |
| No health check | Dockerfile/Compose | Medium |
No .dockerignore |
Project root | Medium |
privileged: true |
docker-compose.yml | Critical |
| Hardcoded passwords | docker-compose.yml | Critical |
| No resource limits | docker-compose.yml | Medium |
Missing depends_on conditions |
docker-compose.yml | Medium |
PHP-Specific Best Practices
Extensions Installation
# Alpine: use apk + docker-php-ext-install
RUN apk add --no-cache libzip-dev icu-dev \
&& docker-php-ext-install zip intl pdo_mysql opcache
# Debian: use apt-get + docker-php-ext-install
RUN apt-get update && apt-get install -y \
libzip-dev libicu-dev \
&& docker-php-ext-install zip intl pdo_mysql opcache \
&& rm -rf /var/lib/apt/lists/*
OPcache Configuration (Production)
opcache.enable=1
opcache.enable_cli=1
opcache.memory_consumption=256
opcache.interned_strings_buffer=16
opcache.max_accelerated_files=20000
opcache.validate_timestamps=0
opcache.jit=1255
opcache.jit_buffer_size=256M
PHP-FPM Tuning
pm = dynamic
pm.max_children = 50
pm.start_servers = 5
pm.min_spare_servers = 5
pm.max_spare_servers = 35
pm.max_requests = 1000
References
For detailed information, load these reference files:
references/image-selection.md— Base image comparison and selection guidereferences/multistage-patterns.md— Multi-stage build patterns for PHPreferences/security-hardening.md— Security best practices and hardeningreferences/compose-patterns.md— Docker Compose patterns for PHP stacksreferences/production-checklist.md— Production readiness checklist
Weekly Installs
1
Repository
dykyi-roman/awe…ude-codeGitHub Stars
39
First Seen
Feb 11, 2026
Security Audits
Installed on
opencode1
claude-code1