Skip to content
This repository has been archived by the owner on Sep 2, 2021. It is now read-only.


Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?

Latest commit


Git stats


Failed to load latest commit information.
Latest commit message
Commit time

prison: php apps can go right to jail

This is a containerized attempt of getting legacy-ridden PHP apps to run in a cloud-native containerized environment.

I originally built this to run Nextcloud on Kubernetes, a topic you can read more about on my blog.

Basically, it is assumed you have modified the app to be able to run at least mostly without mutating the disk. Then you place a tarball of the app webroot in an Azure Storage account. This tarball will be downloaded and extracted to the container's webroot on container boot.

If you make changes inside a container, say running some inline updater, then you can just prison-update-source and it'll create a new tarball and upload it back to the Azure Storage account container, thereby updating the source so you can just reboot the containers.


The Docker container is hosted on the Docker Hub.

$ docker pull alexblackie/prison

See Configuration below for details on the environment variables you have to set. The container just runs Apache HTTPD, so it is available in the container on port 80.


A single environment variable must be set: AZURE_STORAGE_WEBROOT_URL. This must be a full URL to the webroot tarball in Azure Storage, appended with a valid Shared Access Signature (SAS).

For example (with sensitive values removed):


You can generate a SAS for your storage account from the "Shared access signature" section of its settings in the Azure Portal. Ensure you set a reasonable expiry date, and rotate regularly as you would any sensitive credential.

A note on file permissions

On container boot, we forcibly chown the entire webroot to apache:www-data to make sure everything works.


๐Ÿ‘ฎ run php in containers that download their webroot as a tarball







No releases published


No packages published