Code Monkey home page Code Monkey logo

docker's Issues

Missing optional dependencies:

The detectPow function at:
will use bcpow or gmp_pow or pow functions, the bcpow & gmp_pow functions require:

1. in docker, add php5-bcmath:
2. in debian, add under "Recommends" a PHP bcmath package:

Reported by Emanuel Bronshtein.

Permit config authentication

Generally on dev env, user is root with a simple password or none.

Would be great to be able to set a USER_LOGIN and optionally USER_PASSWORD env var that will change configuration from cookie to config.

User configuration not taken into account

Using the latest image, I'm mounting a file under / as described in the documentation. The file is not loaded by the default

After investigating, the file is mounted properly but the line if (file_exists('/')) { return false, which means that the PHP code does not have access to this file. A simple scandir('/') returns false also.

I'm running Docker 1.11.1

link deprecated


the --link option have been deprecated shouldn't we use the --net option?

Login redirects to port-qualified url

Thus breaking if running behind a reverse proxy.

When logging in, the server answers with a 302 and Location: https://<server>:8080/index.php?token=<token>, even though <server> was accessed via port 80.

not signed docker image

docker has mechanism for image signing (called "content trust"), more information:
I wasn't able to install PMA docker while using --disable-content-trust=false such as:
docker pull phpmyadmin/phpmyadmin --disable-content-trust=false

Error: remote trust data does not exist for does not have trust data for

Reported by Emanuel Bronshtein.

allow to describe host with description

For cases where the hosts are IP addresses
how can one give description to the IP address so one can know what DB server the ip belongs to when on login page?

So instead of showing ip address of host on login page and no one knows what DB server the ip address belongs to, i can declare a some env variable to connect ip address to a description


Insecure default docker umask (022)

The default umask settings for docker is 022 (which is also used by many distros)
it's better to use more secure umask when possible, such as:
(none permissions for other)

The umask need to be set before creation of files that will remain in the image, thus affecting the permissions of extracted files (see issue above) & created files, such as:

Reported by Emanuel Bronshtein.

Unable to nagivate

I'm operating this docker container and am running into all kinds of problems. Among many other issues, none of these filtering options actually filter the current "Browse" selection. The tab will reload and that's it.

screen shot 2016-08-14 at 8 59 19 am

Multiple mysql servers

I want to link more than one mysql container into phpmyadmin and this is not working.

It only works when I link only one container and named it db

Lock Table problem with phpmyadmin

I just tried to import a dump that uses lock table, and it throws

#1100 - Table 'pma_column_info' was not locked with LOCK TABLES

I found the answer here Seems like you have to insert

$cfg['Servers'][$i]['controluser'] = 'root';
$cfg['Servers'][$i]['controlpass'] = '';

inside the loop for every server. I just tried it out and it works.
I'm not sure if this is really a problem, or should be included in the But I like the idea of having a container that can start without configuration and works out of the box.

Install zip & bz2

Would be great if zip & bz2 were enabled by default in the image. I think it's pretty common to import zipped SQL files.

PMA DB/Configuration Storage Missing from Docker Container Capability

As a follow-on to:

The docker configuration of PHPMYADMIN does not allow turning on of the PMADB / Configuration Storage settings for PHPMYADMIN, leaving it somewhat less functional than it's non-dockerized installation. (This is among other non-configurable options).

This is easy to turn on without breaking or corrupting the current installation:

  1. Put a user hook at the end of the current file:

  2. Document the override for users to write their own config options based off of the standard file distributed with the base phpmyadmin package.
    -v /some/local/directory/

  3. Update to "touch" the file upon boot in the same way it creates the file. This will keep the warning message from "include" from firing.
    if [ ! -f /www/ ]; then
    touch /www/

The benefit to this approach is it leaves the code written to handle external variables alone and allows the file to continue being maintained by the maintainer of the docker files while still allowing users to configure their phpmyadmin installation in the same way they're capable of maintaining the non-dockerized version. becomes a "hands off" file that no one needs to touch, and users still get the ability to configure the full range of phpmyadmin settings for their local installations.

If anyone wants, I can put a pull request together for this.

chown operation after applied 027 umask

after setting umask (issues: #59 & #61) a chown call need to be made on nearly all files used by container (such as:, to set nobody as group (thus giving read access to PHP-FPM).

chown all files that need read access by nobody with nobody group.

Reported by Emanuel Bronshtein.

increased attack surface by internal redirect in try_files option

the try_files at:
has internal redirect to:
which increase attack surface by enabling various URIs, for example such as:
possible XSS via REQUEST_URI, etc..:
possible phishing via // if used in URL context.
possible RFD: (force using of .hta extension, which will used in forced file download)

Reported by Emanuel Bronshtein.

show/create instead of if run on Docker instance

User modifications when run from docker
need to be made in file instead of
Thus, show '' instead of '' if run from Docker, for example change need to be done in:
also the file created under SETUP need to be '' in the above scenario.

Frequently losing session

I have a fairly vanilla version of the phpMyAdmin docker container yet after I login, I keep losing the session and are taken back to the login screen. Sometimes it'll happen after a few seconds, sometimes after a minute or two.

I've tried clearing all the cookies in my browser, tried multiple computers and multiple browsers without much luck.

Below is the Docker command being used to start the container:

docker run \
        --name phpMyAdmin \
        --restart=always \
        -d \
        -p 8080:80 \
        --link mysql:db \

Performance Improvements to Test

  1. set opcache.save_comments to false


    more information:

  2. set opcache.validate_timestamps to 0


    more information:
    will require note in documentation that changes in files content require Resetting the OpCache / Restarting PHP-FPM.

Reported by Emanuel Bronshtein.

Image does not shutdown gracefully

When shutting down the image, docker first sends a SIGTERM to the process used as ENTRYPOINT, then after 10 secs a SIGKILL.

The phpmyadmin image ignores the first signal.

Even though there is no probable data loss at stake, it would be nicer if the image stopped immediately, saving 10 secs of wait on every docker stop.

Two ways to do that come to my mind:
a- catch the signal in (but this means not using 'exec' as last command)
b- do not run as entrypoint for the webserver the std index.php from phpmyadmin, but have a 'startup' php script which sets up listening to signals then includes the default index.php

I can send a PR if you have any preference for either option...

Docker PHPmyadmin Access?

I've got a project that sets phpmyadmin up in docker-compose using the following configuration:

image: phpmyadmin/phpmyadmin
- "8080:80"
PMA_HOST: "mysql"
PMA_PORT: 3306

I need to import sql but I'm not sure how to access either via command line, browser, or sequel pro (where do I find the credentials to use?)
ssh host-?
ssh user-?
ssh key-?

Preferably sql pro so I can view all the data and learn the structure better :)

Verify downloaded sources

Currently we download the phpMyAdmin sources and do no verification of that download.

This could be improved by checking PGP signature on download. All needed pieces are there, it just needs to be properly glued together. The most tricky part is probably to avoid increasing size of the image.

  • The PGP signature for latest release is on same URL, just append .asc, see
  • The PGP keyring should be included in sources, not downloaded during the build
  • Verification should be done by gpgv as it doesn't seem to do all the initialization which gpg does

problem with reverse proxy when using https://domain/phpmyadmin

Hi all,
I am trying to serve this phpmyadmin docker image via nginx upstream.
It is working with :

# docker run -d -e PMA_ABSOLUTE_URI="" phpmyadmin/phpmyadmin
nginx: location / { proxy_pass http://phpmyadmin;  }

But not working with:

# docker run -d -e PMA_ABSOLUTE_URI="" phpmyadmin/phpmyadmin
nginx: location /phpmyadmin { proxy_pass http://phpmyadmin;  }

php just returns it can't find the index.php (or any other files). Any ideas? :-)

not needed sections in php.ini

The php.ini file in docker contain some sections which are not needed (related modules isn't used/installed), thus make it harder to audit it:
mcrypt don't installed (don't install it, use openssl instead as already done)
COM is windows only:
Not used DBs:

Reported by Emanuel Bronshtein.

Incorrect PHP log/socket name

The filename contain 7.0 which is php version that's not used by the image.

use filename without version such as (thus, the name is correct even if used with newer/older php versions):

Reported by Emanuel Bronshtein.

Add Themes

How do you add themes to this image? Is the best possible way to create my own image from this or would it be good to have all the themes preloaded with this image? I don't know if it will take too much space though?

Version Tags

Any chance of taging versions on docker hub?

I was trying to use that new feature (#13, #12 PmaAbsoluteUri) and couldn't understand why it wasn't working. Turns out this feature is incredibly new and not part of my 7 day old image. Ugh!

But anyways, I'm glad its implemented. :)

Missing white-list of allowed HTTP methods (in nginx.conf)

it's recommended to white-list the used HTTP methods (decrease attack surface) as noted by:

for example:

if ($request_method !~ ^(GET|HEAD|POST)$ )
       return 405;

Note: while there no usage of HEAD method in PMA, it's suggested to enable it in order to not break monitoring tools (which use HEAD method instead of GET to check that application is responding)

Reported by Emanuel Bronshtein.

Environement not working with docker-compose

With the following docker-compose.yml file:

  image: mysql
    - data

  image: phpmyadmin/phpmyadmin
    - mysql:db
    - '8080:8080'
    PMA_USER: root

If I dump the $_ENV variable from, I get an empty array.

Did I something wrong?

Use port 80 instead of port 8080

Just a thought: wouldn't it make sense to expose port 80 instead of port 8080? A user can always map any exposed ports to whatever he likes, e.g. -p 8080:80, and as this is in fact a Docker container running a web application, doesn't it sound logical to use the http port for that? Or were there practical considerations for using port 8080 instead?

If you agree, I'm willing to open a PR, but let's discuss this first.

Is it necessary to run it as root?


I just needed phpmyadmin for one of our projects and I looked into the image and I don't understand a couple of concepts here.

1.) Why does anything in this image run as root (tried both latest and 4.6.4-1 from docker hub and although they are different both run php processes as root).
2.) Let's presume this is changed and the processes in the container are ran as UID 1000, in that case why is the /www/ directory writable by user 1000.

I think running web applications as root even in a docker container is very insecure as it highly increases the attack surface despite not being as bad as running them on the host.
Also it is I think a common best practice in web operation to make sure that an application is not able to write it's own code.

I don't think there is any need in the docker world to run things on privileged ports like 80 so I don't think that should prevent the process to be ran as a non root user that is not able to write anything except what it needs to.

Thanks a lot in advance.

missing security headers

While PMA code does send the below headers in sendHttpHeaders function
(the correct place for such headers, are in PMA code, as it's the best/safest place to calculate CSP headers)
but it effects only .php files.
thus, it's recommended to add the below headers in nginx.conf in case the request wasn't passed to php-fpm

for every request that wasn't passed to php-fpm:

add_header X-Frame-Options "DENY" always;
add_header X-Content-Type-Options "nosniff" always;
add_header X-Robots-Tag "noindex, nofollow" always;
add_header X-Permitted-Cross-Domain-Policies "none" always;

for every request that wasn't passed to php-fpm and return HTML content (.html files), which effect the files in doc directory (/doc/html/):

add_header X-Xss-Protection "1; mode=block" always;

while I will recommend the following for default CSP header:

add_header Content-Security-Policy "default-src 'self';form-action 'self';referrer no-referrer;reflected-xss block;" always;

The HTML file in doc folder require unsafe-inline in JS & CSS , Thus using:
add_header Content-Security-Policy "default-src 'self';script-src 'self' 'unsafe-inline';style-src 'self' 'unsafe-inline';form-action 'self';referrer no-referrer;reflected-xss block;" always;

The documentation generated using old Sphinx version (1.2.3) while the last one is 1.4.6.
in case the generated documentation using latest version still require unsafe-inline in JS & CSS, I suggest to report this to Sphinx.

Reported by Emanuel Bronshtein.

incorrect permissions/ownership adjustment routine

The code at:
run after the tar extract at:
which will generate files with read permissions for others. (permissions will be changes after the extract & removing some directories)
it's better to avoid creating the files with bad permissions, which possible by:
1. --no-same-permissions in tar , require setting the umask before the tar command to 027, see: #59 (Insecure umask).
2. --no-same-owner in tar
The chown command is still needed, in order to set group as nobody (instead of root)
but chmod commands can be removed in line 26&27 after the above change.

Reported by Emanuel Bronshtein.

I cannot login to PMA - Error #2002 - php_network_getaddresses: getaddrinfo failed

I do not know what might be the case, but I cannot login to PMA. I have the following docker-composer.yml file:

  image: mysql:5.6
    - MYSQL_DATABASE=wordpress
    - datamysql

  image: debian:jessie
    - /mypath:/var/lib/mysql

  image: phpmyadmin/phpmyadmin
    - db:mysql
    - "8080:80"

I tried to log in to PMA using root account and the given password: blabla.
I receive the following error:

#2002 - php_network_getaddresses: getaddrinfo failed: Name does not resolve โ€” The server is not responding (or the local server's socket is not correctly configured).

Something wrong with my setup?

MySQL connection error in 4.6.2-3

I've found an issue in 4.6.2-3. The issue appears when I'm trying to expand a table info in the sidebar.
There is no such error in the latest version. Can you build new tagged version based on the latest one?

missing restrictions of opcache functions usage via opcache.restrict_api/disable_functions in php.ini used by docker

the value used as "start of path", more information:

it will be better to disable it completely, didn't found way to do it, does it PHP bug/limitation? probably better to limit it using opcache.restrict_api (instead of using disable_functions for this)

Reported by Emanuel Bronshtein.

Cannot change configuration options

I would like to change some other configuration values that are not settable via environment variables (FirstLevelNavigationItems in this case). However it seems there is no way to do this at the moment.

A good way to implement this would be via volume mapping. My proposal would be to:

  1. Add a include '/'; as a last line to in this repo.

  2. Make the Dockerfile create an empty PHP file to that location.

  3. Document that one can volume map a PHP file to that location. Ie:

       - ./some/local/

Now any configuration option can be set or overwritten.

Any thoughts on this?

Missing Official Repository in DockerHub

The docker image marked as public at:
There is a process that will mark the image as official, more information:
example of official repositories:
it appears that official repos has some security benefits (apart from distinguish from other public repos) such as content trust (see issue: not signed docker image) enabled by docker itself.

do the needed changes (there is a guideline), and apply for official repositories at DockerHub.

Reported by Emanuel Bronshtein.

Add Kubernetes support

It is currently not possible to use this image with Kubernetes because of known bug in alpine image.
It would be great to have an additional tag, suffixed with -k8s, that will use janeczku/alpine-kubernetes as a base image.

Do not hardcode MySQL host

It should be possible to set MySQL host via an environment variable.

In some container engines (for example Kubernetes), there are no concept of link aliases, so a user will have to change his service name (if it's not db) in order to make it work with this Docker image.

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.