What happens if I run php, composer, and wp commands in Docker?
To use Docker, you either need to have root privileges, or be part of the docker group. If you try to run php, composer or wp commands in Docker without these permissions, you’ll get an error message saying that you are not authorized to access the Docker daemon.
Is there any limitation on bash shell on the containerized server?
Each container has its own file system and environment variables. When you use the bash shell on the containerized server, you can only access the files and commands that are available in the container.
Bash shell cannot execute commands such as php artisan cache:clear
or composer install
because it lacks access to the PHP, composer, and WP commands.
Why use rc-shell instead of bash for system user?
RunCloud uses the Bash shell (common shell) by default, which allows users to access any software installed on the OS. RunCloud also applies facl rules to limit the access of other users, but users can still use all the software on the system.
Some users may want to have a more restricted shell access (jailed) to prevent fakeroot and other security risks. However, a jailed shell has some drawbacks, such as high storage usage and frequent binary updates.
Docker requires root or sudoers privileges to run. By default, RunCloud does not create system users with these privileges; therefore, they cannot use PHP, composer or wp commands as these tools aren’t installed on the system natively.
To solve this problem, we created rc-shell (RunCloud Shell). This is a jailed shell that runs inside a docker container. When a user logs in using ssh or SFTP, Docker creates a container for them – and they log in to it.
Inside the container, the user can use all the commands natively and securely, but can only see their own files inside the container. The only limitation is that the user can only choose one PHP-CLI version for their shell. The user can select this option in the system user settings. They can either follow the server’s PHP-CLI version or choose a different one for each user.
How does rc-shell function as a root?
You can run PHP directly as root in any PHP installation. The default PHP-CLI version is called “PHP” in both native and containerized servers.
If you want to use a different PHP-CLI version in a native server, you need to use /RunCloud/Packages/<php_version>/bin/php
. But in a containerized server, you can use php74rc
, php81rc
, php82rc
, etc. However, the composer and wp command will always use the default PHP-CLI version and you cannot change that.
When you run a command such as php, wp or composer as root in a user’s directory, the command will run as the user specified in the command line. You don’t need to switch to that user before running those commands. For example, if you run composer install as root in the directory of user the “John”, it will be the same as though that user himself was running it.
Will the container exit when there is no session?
A container is created for each user when they log in, and they work inside it. The same container is used for subsequent logins. If there are no sessions left, the container will stop automatically.
In the above example, the container with the name ssh-login-myuser123
was created when the user myuser123
logged in via SSH. This container was stopped automatically when the user disconnected the SSH connection.
How do containerized servers work with git or atomic deployment?
On RunCloud Docker, both git and Atomic Deployment use the PHP version that is set in the web app. Containerized servers also give you more options for git deployment – you can use your own image for such deployments.
For example, if you want to use yarn production or something else, you can do that. We don’t install NodeJS in our container because we’re focussed on keeping it lightweight, so you can either extend our image, or create a new image that we can run a command on.
Will Docker be affected by the firewall?
The firewall will affect the iptables rules for Docker. You cannot use firewalld for this case – you need to use a cloud firewall instead. Therefore, Docker servers will not have firewalls installed on them. Read our post about Docker Firewall in RunCloud to learn more.
How do I reload the php-fpm in a containerized server?
To reload the php-fpm in a containerized server, you can go to the Services tab and click on the “…” button next to the service that you want to reload. In that menu, you will find the option to Reload and Restart services.
Do Laravel Octane and Modsec work in Docker?
Yes, Laravel Octane can be used with Modsec in a Docker environment on RunCloud.