initial duplication commit from php80 with as many changes to 8.2 as i

could find just eyeballing it

.dockerignore

+**/.git
+.gitlab-ci.yml
+.project
+README.md
+runlocal.sh
+Makefile

.gitignore

+.project
+.settings
+*.DS_Store
+
+!*.gitkeep

.gitlab-ci.yml

+variables:
+  DOCKER_DRIVER: overlay2
+  DOCKER_TLS_CERTDIR: ""
+  DOCKER_TLS_VERIFY: ""
+
+stages:
+  - awsauth
+  - build
+  - test
+
+awsauth:
+  stage: awsauth
+  image: registry.containers.it.osu.edu/cache/gitlab-org/cloud-deploy/aws-base:latest
+  script:
+    - echo -n "AWS_ECR_TOKEN=" > awstoken.env
+    - aws ecr get-login-password --region $AWS_DEFAULT_REGION >> awstoken.env
+  artifacts:
+    reports:
+      dotenv: awstoken.env
+
+build:
+  stage: build
+  image: registry.containers.it.osu.edu/cache-docker/library/docker:19
+  needs:
+    - job: awsauth
+      artifacts: true
+  services:
+    - name: docker:19-dind
+      command: ["--experimental"]
+  variables:
+    IMAGE: "$CI_REGISTRY_IMAGE/$CI_COMMIT_REF_SLUG:$CI_COMMIT_SHA"
+  script:
+    - docker info
+    - echo "$CI_REGISTRY_PASSWORD" | docker login --username "$CI_REGISTRY_USER" --password-stdin $CI_REGISTRY
+    - echo "$AWS_ECR_TOKEN" | docker login --username "AWS" --password-stdin $AWS_ECR_REGISTRY
+    - docker build --squash --tag $IMAGE .
+    - docker push $IMAGE
+    - |
+      if [ $CI_COMMIT_REF_SLUG == "master" ]; then
+        TAG="latest"
+      else
+        TAG="$CI_COMMIT_REF_SLUG"
+      fi
+    - docker tag $IMAGE $CI_REGISTRY_IMAGE:$TAG
+    - docker push $CI_REGISTRY_IMAGE:$TAG
+    - docker tag $IMAGE $AWS_ECR_REGISTRY/$CI_PROJECT_NAME:$TAG
+    - docker push $AWS_ECR_REGISTRY/$CI_PROJECT_NAME:$TAG
+  retry: 2

Dockerfile

+FROM docker.io/php:8.2-fpm
+LABEL maintainer="E. Stuart Hicks <hicks.367@osu.edu>"
+
+# Preload users that we need consistent UIDs on
+RUN groupadd -g 90 postdrop
+RUN useradd -u 89 -g 90 -d /var/spool/postfix -M -s /sbin/nologin -c "Postfix user" postfix
+RUN groupadd -g 48 apache
+RUN useradd -u 48 -g 48 -G postdrop -d /var/www -M -s /bin/bash -c "Apache" apache
+RUN groupadd -g 91 shibd
+RUN useradd -u 91 -g 91 -G apache -d /var/run/shibboleth -M -s /sbin/nologin -c "Shibboleth SP daemon" shibd
+RUN groupadd -g 88 www
+RUN useradd -u 88 -g 88 -G apache,shibd -d /var/www -M -s /sbin/nologin -c "OTDI Web Hosting user" www
+RUN usermod -a -G www,postdrop www-data
+
+# Update everything & install PHP LDAP extension
+RUN rm -f /etc/localtime && ln -s /usr/share/zoneinfo/US/Eastern /etc/localtime
+ENV DEBIAN_FRONTEND=noninteractive
+RUN apt-get -yq update
+RUN apt-get -yq install apt-utils
+RUN apt-get -yq upgrade
+RUN apt-get -yq install less nano git procps lsof postfix mailutils ldap-utils libnss-ldap libpam-ldap
+RUN apt-get -yq install libgd-dev libpng-dev libwebp-dev libjpeg-dev libxpm-dev libfreetype-dev libz-dev
+RUN apt-get -yq install libc-client-dev libkrb5-dev libldap-dev libsasl2-dev unixodbc-dev libbz2-dev
+RUN apt-get -yq install libgmp-dev libicu-dev libpq-dev libpspell-dev libxml2-dev libtidy-dev libxslt-dev
+RUN apt-get -yq install libzip-dev libssl-dev
+RUN apt-get -yq install libgeoip-dev imagemagick libmagickwand-dev libmcrypt-dev libmemcached-dev 
+RUN apt-get -yq install libzstd-dev libyaml-dev libyaz-dev
+RUN apt-get -yq install gdb
+
+# Install PHP 8.2 modules
+WORKDIR /usr/local/src
+ENV EXTRA_CFLAGS="-I/usr/src/php"
+RUN docker-php-source extract
+RUN { \
+		echo '# https://github.com/docker-library/php/issues/103#issuecomment-271413933'; \
+		echo 'AC_DEFUN([PHP_ALWAYS_SHARED],[])dnl'; \
+		echo; \
+		cat /usr/src/php/ext/odbc/config.m4; \
+	} > /tmp/temp.m4; \
+	mv /tmp/temp.m4 /usr/src/php/ext/odbc/config.m4
+RUN docker-php-ext-configure gd --with-webp --with-jpeg --with-xpm --with-freetype --enable-gd-jis-conv
+RUN docker-php-ext-configure imap --with-kerberos --with-imap-ssl
+RUN docker-php-ext-configure ldap --with-ldap-sasl
+RUN docker-php-ext-configure odbc --with-unixODBC=shared,/usr
+RUN docker-php-ext-configure pdo_odbc --with-pdo-odbc=unixODBC,/usr
+
+RUN docker-php-ext-install bcmath bz2 calendar dba exif gd gettext gmp imap 
+RUN docker-php-ext-install intl ldap mysqli odbc pcntl pdo pdo_mysql pdo_odbc
+RUN docker-php-ext-install pdo_pgsql pgsql pspell shmop soap sockets
+RUN docker-php-ext-install sysvsem sysvshm sysvmsg tidy xsl zip
+RUN docker-php-ext-enable opcache sodium
+RUN cp -v /usr/local/etc/php/php.ini-production /usr/local/etc/php/php.ini
+
+# Build & install PECL modules
+RUN pecl channel-update pecl.php.net
+RUN printf "\n" | pecl install --force apcu
+#RUN pecl install --force geoip
+RUN pecl install --force igbinary
+RUN printf "\n" | pecl install --force imagick
+RUN printf "\n" | pecl install --force mcrypt
+RUN printf "yes\nyes\n\nyes\n\nyes\n\n\n\n" | pecl install --force memcached
+RUN pecl install --force --configureoptions " \
+	with-mongodb-client-side-encryption=yes \
+	with-mongodb-sasl=yes with-mongodb-ssl=yes \
+	enable-mongodb-crypto-system-profile=yes \
+	with-mongodb-icu=yes" \
+	mongodb
+RUN printf "yes\nyes\nyes\n" | pecl install --force redis
+RUN pecl install --force uploadprogress
+RUN pecl install --force xdebug
+RUN pecl install --force xhprof
+RUN pecl install --force xmlrpc
+RUN printf "\n" | pecl install --force yaml
+RUN printf "\n" | pecl install --force yaz
+RUN git clone https://github.com/rlerdorf/geoip.git && \
+	cd geoip/ && \
+	phpize && \
+	./configure && \
+	make && make install && \
+	cd .. && \
+	rm -rfv geoip
+
+# Copy in our custom stuff
+COPY etc/ /etc/
+COPY usr/ /usr/
+RUN mkdir -pv /var/www/sharedtmp /var/www/privatedata
+RUN chmod -c 2775 /var/www/privatedata
+RUN chmod -c 1777 /var/www/sharedtmp
+
+# Enable LDAP accounts
+RUN sed -E -i 's/^passwd:(.*)$/passwd:\1 ldap/' /etc/nsswitch.conf
+RUN sed -E -i 's/^group:(.*)$/group:\1 ldap/' /etc/nsswitch.conf
+RUN sed -E -i 's/^shadow:(.*)$/shadow:\1 ldap/' /etc/nsswitch.conf
+RUN sed -E -i 's/^gshadow:(.*)$/gshadow:\1 ldap/' /etc/nsswitch.conf
+
+# Install PHP Composer
+RUN php composer-setup.php --2.2
+RUN mv -v composer.phar /usr/local/bin/composer22.phar
+RUN ln -sv /usr/local/bin/composer22.phar /usr/local/bin/composer22
+RUN php composer-setup.php --2
+RUN mv -v composer.phar /usr/local/bin/composer2.phar
+RUN ln -sv /usr/local/bin/composer2.phar /usr/local/bin/composer2
+RUN php composer-setup.php --1
+RUN mv -v composer.phar /usr/local/bin/composer1.phar
+RUN ln -sv /usr/local/bin/composer1.phar /usr/local/bin/composer1
+RUN ln -sv /usr/local/bin/composer22.phar /usr/local/bin/composer
+
+# Final setup & cleanup
+RUN docker-php-source delete
+RUN apt-get -yq remove git
+RUN apt-get -yq autoremove
+RUN apt-get -yq clean
+RUN rm -rf /var/lib/apt/lists/* /tmp/* /usr/local/src/*
+
+WORKDIR /var/www
+ENTRYPOINT [ "/usr/local/bin/docker-php-entrypoint-custom" ]
+CMD [ "/usr/local/sbin/php-fpm" ]

Makefile

+IMAGE = wheks-php82
+
+build-and-push:
+	docker build -t $(IMAGE) .

README.md

-# wheks-php82
-

etc/libnss-ldap.conf

+ldap_version 3
+uri ldaps://webhosting-ldap-nlb-ff10c809b1beba67.elb.us-east-2.amazonaws.com
+tls_checkpeer no
+base ou=nextweb,dc=osu,dc=edu
+scope sub
+binddn cn=wwwro2,ou=admins,dc=osu,dc=edu
+bindpw Smk6Ucsq74F0H3iZnKZeSNE4aTzV8VEzaeBBARUtOyGmMRBQbU

etc/security/limits.d/disable-core-dumps.conf

+# Disable core dumps since php-fpm's
+# setting doesn't seem to be enough
+*    hard   core   0
+*    soft   core   0

runlocal.sh

+docker run -it --rm --name wheks \
+  -p 9000:9000 \
+  -u 1000:1000 \
+  -e WHEKS_ACCTID=blah \
+  -e WHEKS_UID=1000 \
+  -e WHEKS_GID=1000 \
+  -e WHEKS_HOST=blah.osu.edu \
+  -e WHEKS_EMAIL=hicks.367@osu.edu \
+  -e WHEKS_ENTITYID=https://blah.osu.edu/shibboleth \
+  -v php-html:/var/www/html:rw \
+  wheks-php82 $@
+
+docker rm wheks

usr/local/bin/docker-php-entrypoint-custom

+#!/bin/sh
+
+# Overwrite default instance of php.ini with a custom one if one is found.
+# This is preferred to mapping in directly as the file
+if [ -r /usr/local/etc/php/php.ini-custom ]; then
+	if [ -w /usr/local/etc/php/ ]; then
+		echo "Replacing default php.ini with provided custom"
+		rm -vf /usr/local/etc/php/php.ini
+		cp -v /usr/local/etc/php/php.ini-custom /usr/local/etc/php/php.ini
+		chmod -v 440 /usr/local/etc/php/php.ini
+	else
+		echo "Unable to replace default php.ini!"
+	fi
+else
+	echo "Using existing php.ini"
+fi
+
+# Launch the actual entrypoint script for this container
+. /usr/local/bin/docker-php-entrypoint

usr/local/etc/php/conf.d/zzz_01_pecl_modules.ini

+extension=apcu
+extension=geoip
+extension=igbinary
+extension=imagick
+extension=mcrypt
+extension=memcached
+extension=mongodb
+extension=redis
+extension=uploadprogress
+;;zend_extension=xdebug
+extension=xhprof
+extension=xmlrpc
+extension=yaml
+extension=yaz

usr/local/etc/php/conf.d/zzz_02_osuwebhosting.ini

+; Custom settings for OSU Web Hosting
+expose_php = off
+date.timezone = "America/New_York"
+sys_temp_dir = "/var/www/sharedtmp"
+upload_tmp_dir = "/var/www/privatedata"
+soap.wsdl_cache_dir = "/var/www/sharedtmp"
+
+; Sessions
+session.save_handler = "files"
+;session.save_handler=memcached
+session.save_path = "/var/www/sharedtmp"
+;session.save_path="localhost:11211"
+
+; Error output
+log_errors = on
+error_reporting = E_ALL & ~E_NOTICE & ~E_STRICT
+error_log = "/var/log/httpd/php_error_log"
+variables_order = "EGPCS"
+
+; APC compatibility support
+apc.enabled=1
+apc.enable_cli=1
+apc.shm_segments=1
+apc.shm_size=256M
+apc.entries_hint=4096
+apc.max_file_size=10M
+apc.ttl=7200
+apc.use_request_time=1
+apc.user_ttl=7200
+apc.gc_ttl=3600
+apc.smart=0
+apc.mmap_file_mask=/tmp/apc.XXXXXX
+apc.file_update_protection=2
+apc.slam_defense=0
+apc.write_lock=1
+apc.filters="-/apc\.php"
+apc.serializer='igbinary'
+apc.rfc1867=0
+apc.rfc1867_prefix =upload_
+apc.rfc1867_name=APC_UPLOAD_PROGRESS
+apc.rfc1867_freq=0
+apc.rfc1867_ttl=3600
+apc.coredump_unmap=0
+
+; Memcached integration
+[memcached]
+memcached.sess_locking = on
+memcached.sess_lock_wait_min = 1000
+memcached.sess_lock_wait_max = 2000
+memcached.sess_lock_retries = 5
+memcached.sess_lock_expire = 0
+memcached.sess_prefix = "memc.sess.key."
+memcached.sess_consistent_hash = Off
+memcached.sess_remove_failed = 1
+memcached.sess_number_of_replicas = 0
+memcached.sess_binary = off
+memcached.sess_randomize_replica_read = off
+memcached.sess_connect_timeout = 1000
+memcached.use_sasl = off
+memcached.sess_sasl_username = NULL
+memcached.sess_sasl_password = NULL
+memcached.compression_type = "fastlz"
+memcached.compression_factor = "1.3"
+memcached.compression_threshold = 2000
+memcached.serializer = "igbinary"
+memcached.store_retry_count = 2
+
+; Zend OpCache
+[opcache]
+opcache.enable=1
+opcache.enable_cli=0
+opcache.memory_consumption=256
+opcache.interned_strings_buffer=32
+opcache.max_accelerated_files=20000
+opcache.max_file_size=10485760
+opcache.revalidate_freq=10
+opcache.fast_shutdown=1
+opcache.save_comments=1
+;;opcache.huge_code_pages=1
+opcache.blacklist_filename="/var/www/privatedata/opcache*.blacklist"
+
+; Default XHProf logging directory
+[xhprof]
+xhprof.output_dir="/var/log/httpd/xhprof/"