// Docker

Packages, dockerized

Here’s a confession that surprises people: I build my own Debian and Ubuntu packages, and then I run almost all of them in Docker anyway. Not because containers are fashionable. Because a daily-rebuilt image that already has the right modules, the right allocator, and the right hardening baked in beats hand-patching a bare-metal box at 3 a.m. every single time. This very site, every HTTP service on it, runs on a dockerized Angie + PHP-FPM stack. Eat your own cooking, as they say.

So this page is the short version. The full image catalogue, the docker-compose example, and the three-user security model live on the Angie & NGINX Docker images page. Start there if you want to actually pull something.

What’s on offer

  • NGINX and Angie images, with or without PHP-FPM, from PHP 5.6 (yes, for the truly stuck) through 8.5. The same module-rich, HTTP/3-capable builds as the APT repository, just containerised — 101 NGINX modules and 100 Angie modules selectable at runtime via NGX_MODULES.
  • An angie-cms image: Angie + PHP 8.5 + the entire WordPress-and-friends toolbox (WP-CLI, Composer, image-optim tools, backup tooling) in one container. Pull it, mount your site, you’re hosting.
  • Hardened base images (eilandert/ubuntu-base:rolling, eilandert/debian-base:stable), preloaded with jemalloc where it earns its keep, with the obvious sharp edges (stray setuid binaries, loose umask, su/sudo lying around) filed off so everything downstream starts from a sane floor.

Everything rebuilds once a day, so you pick up upstream security fixes and package updates without lifting a finger. No “I’ll patch it this weekend” that becomes next quarter.

Browse the lot on Docker Hub, read the Dockerfiles and hardening notes on GitHub, or jump straight to the full image documentation.

Further reading