Production Dockerfile Generator

Generates production-ready, multi-stage Dockerfiles for PHP 8.4 projects with security hardening, OPcache tuning, and PHP-FPM optimization.

Generated Files

Dockerfile              # Production multi-stage build (3 stages)

Generation Instructions

1. Analyze project:

   • Read

     composer.json

     for PHP version and required extensions
   • Check

     require

     section for

     ext-*

     entries
   • Detect framework: Symfony (

     symfony/framework-bundle

     ), Laravel (

     laravel/framework

     )
   • Identify database drivers:

     pdo_pgsql

     ,

     pdo_mysql

   • Check for

     ext-redis

     ,

     ext-amqp

     ,

     ext-gd

     ,

     ext-intl

     , etc.

2. Determine base image:

   • Default:

     php:8.4-fpm-alpine

     (smallest production image)
   • Use Alpine variants for minimal attack surface

3. Generate Dockerfile:

   • Use 3-stage build: composer deps, extensions builder, production
   • Order layers by change frequency (least changed first)
   • Include only runtime dependencies in final stage

4. Apply security hardening:

   • Non-root user with explicit UID/GID
   • Read-only filesystem where possible
   • No package manager cache in final image
   • HEALTHCHECK for orchestration

5. Apply framework-specific optimizations:

   • Symfony: warm cache, dump env, compile container
   • Laravel: config cache, route cache, view cache, storage link

Multi-Stage Production Dockerfile

# syntax=docker/dockerfile:1.6

#############################################
# Stage 1: Composer Dependencies
#############################################
FROM composer:2.8 AS composer-deps

WORKDIR /app

# Copy only composer files for better layer caching
COPY composer.json composer.lock ./

# Install production dependencies only
RUN --mount=type=cache,target=/root/.composer/cache \
    composer install \
    --no-dev \
    --no-scripts \
    --no-autoloader \
    --prefer-dist \
    --no-progress \
    --ignore-platform-reqs

# Copy full source code
COPY . .

# Generate optimized autoloader with classmap
RUN composer dump-autoload \
    --no-dev \
    --optimize \
    --classmap-authoritative

#############################################
# Stage 2: PHP Extensions Builder
#############################################
FROM php:8.4-fpm-alpine AS extensions-builder

# Install build dependencies in single layer
RUN apk add --no-cache --virtual .build-deps \
    $PHPIZE_DEPS \
    linux-headers \
    libzip-dev \
    icu-dev \
    postgresql-dev \
    libpng-dev \
    libjpeg-turbo-dev \
    freetype-dev \
    libwebp-dev \
    libxml2-dev \
    oniguruma-dev \
    rabbitmq-c-dev

# Configure and install extensions in single RUN
RUN docker-php-ext-configure gd \
        --with-freetype \
        --with-jpeg \
        --with-webp \
    && docker-php-ext-install -j$(nproc) \
        pdo_pgsql \
        pdo_mysql \
        intl \
        zip \
        opcache \
        gd \
        pcntl \
        bcmath \
        sockets \
        mbstring

# Install PECL extensions
RUN pecl install redis-6.1.0 \
    && pecl install amqp-2.1.2 \
    && docker-php-ext-enable redis amqp

#############################################
# Stage 3: Production Image
#############################################
FROM php:8.4-fpm-alpine AS production

LABEL maintainer="team@example.com"
LABEL org.opencontainers.image.source="https://github.com/org/repo"

# Install runtime dependencies only (no build tools)
RUN apk add --no-cache \
    libzip \
    icu-libs \
    libpq \
    libpng \
    libjpeg-turbo \
    freetype \
    libwebp \
    libxml2 \
    oniguruma \
    rabbitmq-c \
    fcgi \
    && rm -rf /var/cache/apk/*

# Copy compiled extensions from builder
COPY --from=extensions-builder /usr/local/lib/php/extensions/ /usr/local/lib/php/extensions/
COPY --from=extensions-builder /usr/local/etc/php/conf.d/ /usr/local/etc/php/conf.d/

# Use production PHP configuration
RUN mv "$PHP_INI_DIR/php.ini-production" "$PHP_INI_DIR/php.ini"

# OPcache production configuration
COPY <<'EOF' /usr/local/etc/php/conf.d/opcache-prod.ini
opcache.enable=1
opcache.enable_cli=1
opcache.memory_consumption=256
opcache.interned_strings_buffer=32
opcache.max_accelerated_files=30000
opcache.validate_timestamps=0
opcache.save_comments=1
opcache.jit=1255
opcache.jit_buffer_size=256M
opcache.preload_user=app
EOF

# PHP production settings
COPY <<'EOF' /usr/local/etc/php/conf.d/production.ini
display_errors=Off
display_startup_errors=Off
log_errors=On
error_log=/proc/self/fd/2
error_reporting=E_ALL & ~E_DEPRECATED & ~E_STRICT
expose_php=Off
memory_limit=256M
max_execution_time=30
max_input_time=60
post_max_size=20M
upload_max_filesize=10M
session.use_strict_mode=1
session.cookie_httponly=1
session.cookie_secure=1
session.cookie_samesite=Lax
realpath_cache_size=4096K
realpath_cache_ttl=600
EOF

# PHP-FPM tuning
COPY <<'EOF' /usr/local/etc/php-fpm.d/zz-production.conf
[www]
pm = dynamic
pm.max_children = 50
pm.start_servers = 10
pm.min_spare_servers = 5
pm.max_spare_servers = 20
pm.max_requests = 1000
pm.process_idle_timeout = 10s
pm.status_path = /status
ping.path = /ping
ping.response = pong
access.log = /proc/self/fd/2
slowlog = /proc/self/fd/2
request_slowlog_timeout = 5s
catch_workers_output = yes
decorate_workers_output = no
EOF

# Create non-root user
RUN addgroup -g 1000 app \
    && adduser -u 1000 -G app -s /bin/sh -D app \
    && mkdir -p /app/var /app/public \
    && chown -R app:app /app

WORKDIR /app

# Copy application from composer stage
COPY --from=composer-deps --chown=app:app /app/vendor /app/vendor
COPY --chown=app:app . /app

# Set proper permissions
RUN chown -R app:app /app/var 2>/dev/null || true

USER app

# Health check using php-fpm ping
HEALTHCHECK --interval=30s --timeout=3s --start-period=10s --retries=3 \
    CMD SCRIPT_NAME=/ping SCRIPT_FILENAME=/ping REQUEST_METHOD=GET \
        cgi-fcgi -bind -connect 127.0.0.1:9000 || exit 1

EXPOSE 9000

CMD ["php-fpm"]

Framework Variations

Symfony Production

See

references/symfony-dockerfile.md

• Cache warmup during build
• Compiled container
• Environment variable handling via

  .env.local.php

• Asset compilation stage

Laravel Production

See

references/laravel-dockerfile.md

• Config/route/view caching
• Storage directory linking
• Artisan optimize
• Queue worker variant

Extension Detection from composer.json

Map

require

ext-pdo_pgsql

pdo_pgsql

libpq

ext-pdo_mysql

pdo_mysql

ext-intl

intl

icu-libs

ext-zip

zip

libzip

ext-gd

gd

libpng libjpeg-turbo freetype libwebp

ext-redis

redis

ext-amqp

amqp

rabbitmq-c

ext-bcmath

bcmath

ext-pcntl

pcntl

ext-sockets

sockets

ext-mbstring

mbstring

oniguruma

Build Commands

# Standard production build
docker build --target production -t app:latest .

# Build with BuildKit cache
DOCKER_BUILDKIT=1 docker build \
    --target production \
    --cache-from app:latest \
    -t app:$(git rev-parse --short HEAD) \
    -t app:latest \
    .

# Multi-platform build
docker buildx build \
    --platform linux/amd64,linux/arm64 \
    --target production \
    -t registry.example.com/app:latest \
    --push \
    .

Security Checklist

• Non-root user (UID 1000)
• Alpine base (minimal attack surface)
• No build tools in final image
• No package manager cache

• expose_php=Off

• Secure session cookies
• HEALTHCHECK for orchestration readiness
• OCI labels for image provenance
• No secrets baked into image

Usage

Provide:

• PHP version (default: 8.4)
• Required extensions (from composer.json)
• Framework (Symfony/Laravel/none)
• OPcache preload file path (optional)

The generator will:

1. Detect extensions from composer.json
2. Create 3-stage Dockerfile
3. Apply framework-specific optimizations
4. Configure OPcache, PHP-FPM, and security settings