Reputation: 2842
Build container with php files unaccessible to user running the docker container?
I need to know whether there is a possibility to create a container running my php application with some of my php files unaccessible from outside the docker.
Docker secret can not be applied to this case.
Is there anything I might have overlooked?
Edit: Apparently this is not possible, I still need a detailed explanation as to why this is not possible.
Edit2: We need to make files within the docker unaccessible (so the code can not be read) to the user running the container. Opening port 80 to execute/run the scripts via apache is not the problem.
Upvotes: 5
Views: 1742
Answers (3)
Reputation: 160
Can't you put the restricted files on your own server like a SaaS app. If not then obfuscation and other tooling are your best bet I think.
Upvotes: 1
Reputation: 32350
First, it is not clear what you mean by hidden/unaccessible from outside the docker.
To which port or method do you like to restrict this? Physically, it is not possible to deny root or an administrator from viewing something especially when it needs to execute it at the same time.
When you are talking about http/port 80, you can of course restrict files in the document root or in general what can be seen from outside and what cannot.
Second, there is a big difference between hidden and unaccessable. You can try to hide things as good as possible, use hidden folders and obscure folder structure. But it won't stop an administrator from beeing able to view or access the file.
At this point, your question is vague and unclear, we don't know your goal and what exactly you want under which circumstances.
Update
You can encrypt PHP code using various tools like Zend Guard for example. Zend is the company behind PHP. This is used exactly for cases like yours, it enables licencing of PHP applications and code encryption.
Upvotes: 1
Reputation: 51866
I understand that you intend somehow to distribute your application via Docker and don't want the user running the container to read the PHP code.
This problem is not something for Docker to solve, as the container file system is accessible by the user running the container.
The issue of hiding source code is usually handled by tools specific to the programming language. Some tools try to encrypt the source code and decrypt it on the fly. Other tools try to obfuscate the source code so that it becomes very hard to be understood.
Some tools to do that for PHP:
http://www.phpprotect.info/ http://www.semanticdesigns.com/Products/Obfuscators/PHPObfuscator.jsp
You can apply these tools before adding the code into the image being built. Note however that all of these tools/techniques can be reversed by a non-trivial user.
To really protect the code you should create a license or host the service and only expose API.
Upvotes: 4
Related Questions
- Docker PHP permissions
- Run docker as non-root in a development environment for an specific process
- How to deal with permissions using docker - nginx / php-fpm
- Run nginx and php into containers with proper user for development
- Root user inside Composer container
- Dockerfile for PHP service
- Permission Issue in Docker container for Symfony2
- Allow web server to edit files inside a docker container
- Restricting access to Docker container contents