I tried using php-fpm with chroot and liked how it restricted the php process to a specified folder.
Problems arose later when I noticed that almost all php functions depended on the “outside world”, so not much worked.
I used the stacktrace to figure out which libraries/folders I had to include in the chroot-folder for the functions to work. This approach was successful and I managed to use functions like date, mysqli_query etc.
I tried taking it a step further and installing WordPress. So I unzipped WordPress into the chroot folder and visited the index/installation file. The page was obviously broken and incomplete, because there was a lot PHP was trying to do outside the chroot-folder that it didn’t have access to.
So again, I used stacktrace to find out everything the process was trying to do and included this in the chroot folder. It worked, so now I could install and run wordpress.
But this was the end, not even stacktrace could help me when I tried to install plugins. There were a lot of errors on the page even though I had created access to everything the process needed (according to stacktrace)
Of course, it’s not sustainable to go on like this and use stacktrace just to find out what needs to be included in the chroot folder every time, and then still something is missing.
So now I’m wondering if Docker can come in handy here.
I have read a bit about it but still not sure how it works.
What I want to do is to create an isolated environment for a domain website (virtualhost) so that no scripts or shell commands can be run outside this area from this specific domain
If I’ve understood it all correctly, I can run docker containers with apache, php & mysql, and all the necessities/libraries are automatically included in the container?
Very grateful if anyone can give me some feedback here.