Docker environmental variables are not accessible in a PHP web application

Question

index.php:

<?php
$host = getenv('HOST');
$port = getenv('PORT');
echo "HOST is : $host";
echo "PORT is : $port";
?>

Dockerfile:

FROM php:7.4-cli
COPY . /var/www/php  
EXPOSE 8000
RUN adduser rouser
CMD ["su", "-", "rouser", "-c", "cd /var/www/php && php -S 0.0.0.0:8000"]

I build a PHP docker image for my application.

docker build -t php-web-app:1.0.0 .

Running my PHP docker container:

docker run -e HOST='0.0.0.0' \
-e PORT='8084' \
-p 8000:8000 \
php-web-app:1.0.0

I made a curl request to my web application, and here the docker environment variable is not accessible by the PHP web application. It seems to be a security feature and how to do we access the docker environmental variable within a php web application.

$ curl http://0.0.0.0:8000/
HOST is : PORT is :

Answer 1

I'm going to guess that changing user does not preserve the environment variables of your execution.

You can check which variables are available in the environment with the env command.

There are however several things that are non-idiomatic going on with your Dockerfile.

1. You should not create users in your docker image. You can simply set the userid and groupid of your user in the container by setting the --user uid:gid flag in docker run.
2. You should not run interactive commands such as adduser in a Dockerfile. Unless you can provide all parameters in a single command so that it can run without user-intervention. Adding users is not one of them; how will you provide a password?

So to see the the environment, change your CMD line to the following:

CMD ["su", "-", "rouser", "-c", "env"]

You will see that it prints the following:

SHELL=/bin/bash
PWD=/home/rouser
LOGNAME=rouser
HOME=/home/rouser
USER=rouser
SHLVL=0
PATH=/usr/local/bin:/usr/bin:/bin:/usr/local/games:/usr/games
MAIL=/var/mail/rouser
_=/usr/bin/env

The environment variables you set are not available. However, if we change the CMD line to just print the env we get another output.

CMD ["env"]

shows us:

HOSTNAME=be0b41fed51e
PHP_INI_DIR=/usr/local/etc/php
PORT=8084
HOME=/root
PHP_LDFLAGS=-Wl,-O1 -pie
PHP_CFLAGS=-fstack-protector-strong -fpic -fpie -O2 -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64
PHP_MD5=
PHP_VERSION=7.4.6
GPG_KEYS=42670A7FE4D0441C8E4632349E4FDC074A4EF02D 5A52880781F755608BF815FC910DEB46F53EA312
PHP_CPPFLAGS=-fstack-protector-strong -fpic -fpie -O2 -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64
PHP_ASC_URL=https://www.php.net/distributions/php-7.4.6.tar.xz.asc
PHP_URL=https://www.php.net/distributions/php-7.4.6.tar.xz
PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
HOST=0.0.0.0
PHPIZE_DEPS=autoconf            dpkg-dev           file             g++             gcc             libc-dev            make            pkg-config         re2c
PWD=/
PHP_SHA256=d740322f84f63019622b9f369d64ea5ab676547d2bdcf12be77a5a4cffd06832

Notice here that the user is not rouser , but the root user. You can change this by passing, for example, --user 1000:1000 in your docker run command.

So, to fix your problem, I propose you use the following Dockerfile:

FROM php:7.4-cli
COPY . /var/www/php  
EXPOSE 8000
# RUN adduser rouser
# CMD ["su", "-", "rouser", "-c", "cd /var/www/php && php -S 0.0.0.0:8000"]

WORKDIR /var/www/php 
CMD ["php", "-S", "0.0.0.0:8000"]

Then we get the following output:

$ curl http://0.0.0.0:8000
HOST is : 0.0.0.0PORT is : 8084

Answer 2

If you login to your docker container with

docker exec -it [container id] bash

and run

env

command, you will see that the passed variables are there.

I'm not a PHP expert, but try the same exercise locally (without docker) and see if you are able to print out any env variable via getenv