php
php copied to clipboard
docker-library
PECL not working in php:7.4-fpm-alpine up from php:7.3-fpm-alpine due to DNS issue with pecl.php.net
After changing from php:7.3-fpm-alpine to php:7.4-fpm-alpine, the pecl install command stopped working. The error given in the docker build process is: No releases available for package "pecl.php.net/redis" for RUN pecl install redis-5.3.2
tl;dr: The problem seems to be with alpine 3.13 and not 3.12, so you can use php:7.4.15-fpm-alpine3.12.
Digging for cause
Many older resources online refer to the Great Firewall of China as the cause as this seems to be a network issue, but I'm not in China or behind any strange network setup. I dig on.
Entering the container, the following things seem problematic and related:
bash-5.1# pecl install redis-5.3.2
No releases available for package "pecl.php.net/redis"
install failed
bash-5.1# pear update-channels
Updating channel "doc.php.net"
Channel "doc.php.net" is up to date
Updating channel "pear.php.net"
Channel "pear.php.net" is up to date
Updating channel "pecl.php.net"
Channel "pecl.php.net" is not responding over http://, failed with message: Connection to `pecl.php.net:80' failed: php_network_getaddresses: getaddrinfo failed: Try again
Trying channel "pecl.php.net" over https:// instead
Cannot retrieve channel.xml for channel "pecl.php.net" (Connection to `ssl://pecl.php.net:443' failed: php_network_getaddresses: getaddrinfo failed: Try again)
bash-5.1#
It makes sense that if pecl.php.net is not reachable then it pecl install will fail. The cause seems to be related to resolving the hostname:
bash-5.1# nslookup pear.php.net
Server: 192.168.65.1
Address: 192.168.65.1:53
Non-authoritative answer:
pear.php.net canonical name = euk3.php.net
Non-authoritative answer:
pear.php.net canonical name = euk3.php.net
Name: euk3.php.net
Address: 109.203.101.62
bash-5.1# nslookup pecl.php.net
Server: 192.168.65.1
Address: 192.168.65.1:53
Non-authoritative answer:
Name: pecl.php.net
Address: 104.236.228.160
Non-authoritative answer:
*** Can't find pecl.php.net: No answer
bash-5.1#
From here on out I'm not sure what the root cause of this problem is, but I do see a working IP address for pecl.php.net.
Proof of concept
Changing the command in the Dockerfile from:
RUN pecl install redis-5.3.3
to:
RUN echo "104.236.228.160 pecl.php.net" >> /etc/hosts && pecl install redis-5.3.3
solves the problem entirely.
This is not a sustainable fix because if the DNS for this address changes it will stop working.
Workaround
This problem does not occur on the alpine3.12-based image: php:7.4.15-fpm-alpine3.12.
Proposed solution
I suggest to recall the alpine 3.13 based images entirely and use 3.12 instead.
This seems potentially related to whatever is going on in https://github.com/alpinelinux/docker-alpine/issues/149 🤔 😬
Great find, I just tested with php:7.4.15-fpm-alpine3.12 and that worked as normal. I edited my post above to reflect that the workaround should just be to use that specific image.
Since I don't know how else this alpine image bug could manifest in a php application I would like to propose that the php alpine 3.13 images be removed or at least the default tags set to the 3.12 version that doesn't have this issue.
Frankly I'd say this is the variant "working as designed" (unfortunately) -- see https://github.com/docker-library/docs/tree/7451c1a4c08f7f08f3fe7b8803112a9c33ecd62a/php#phpversion-alpine for a little detail, but the TLDR is that Alpine is really not an officially supported target of the PHP community, and even beyond that underlying platform differences like this are bound to continue to come up sometimes.
I would further always suggest pinning your dependencies to the most specific level of risk/update you're willing to tolerate (with the ideal really being a full content-addressable digest instead of a tag, but that requires a much larger commitment in terms of effort to validate and update it over time).
Having this issue. Profoundly annoying. Using Alpine 3.12 works for me. I agree with the solution proposed, at least until we can get a fix.
I disagree it's a "working as designed" because the docs showcase RUN pecl install working. Currently, it does not work - at all. For any package.
There's definitely something environmental to this issue, because I can't reproduce on my system:
$ docker pull php:7.4-fpm-alpine3.13
7.4-fpm-alpine3.13: Pulling from library/php
Digest: sha256:d405a86d94e881d61172930ad757f133412e385f908d5034e9f06c2fc2444765
Status: Image is up to date for php:7.4-fpm-alpine3.13
docker.io/library/php:7.4-fpm-alpine3.13
$ docker run -it --rm php:7.4-fpm-alpine3.13 sh
/var/www/html # apk add --no-cache $PHPIZE_DEPS
...
OK: 245 MiB in 57 packages
/var/www/html # pecl install redis
downloading redis-5.3.4.tgz ...
Starting to download redis-5.3.4.tgz (268,154 bytes)
........................................................done: 268,154 bytes
29 source files, building
running: phpize
...
configuration option "php_ini" is not set to php.ini location
You should add "extension=redis.so" to php.ini
/var/www/html # docker-php-ext-enable redis
...
/var/www/html # php -m | grep redis
redis
@tianon I am using a brand new install of Docker for Windows v3.3.1 and Docker Engine v20.10.5. Orchestration with Debian 10 on WSL 2.
Confirmed to get this on WSL 2 Ubuntu on Windows 11/10..
Tried this on Ubuntu Docker Engine and it works without issue.
I'm still running into this issue using php:8.1-fpm-alpine. macOS works fine, however WSL2 fails.
Having this issue on Manjaro with 7.4-fpm-alpine3.16 but on macOS no issues.
I work on windows 10 on docker desktop. And the error is "connecting filed: try again" because of the default docker dns setting. You can write multiple dns addresses. Below is my laptop network setting DNS. Docker desktop -> Settings -> Docker Engine:
{
"builder": {
"gc": {
"defaultKeepStorage": "20GB",
"enabled": true
}
},
"experimental": false,
"features": {
"buildkit": true
},
"dns": ["192.168.100.1"]
}
Dockerfile for example:
FROM php:7.4-fpm-alpine
RUN apk add --no-cache $PHPIZE_DEPS
RUN set -ex && apk --no-cache add libxml2-dev libmcrypt-dev
RUN docker-php-ext-enable mcrypt
...
And then in the container run:
/var/www/html # php -i | grep mcrypt
+ php -i
+ grep mcrypt
Additional .ini files parsed => /usr/local/etc/php/conf.d/docker-php-ext-mcrypt.ini,
Registered Stream Filters => zlib.*, convert.iconv.*, string.rot13, string.toupper, string.tolower, string.strip_tags, convert.*, consumed, dechunk, mcrypt.*, mdecrypt.*
mcrypt
mcrypt support => enabled
mcrypt_filter support => enabled
mcrypt.algorithms_dir => no value => no value
mcrypt.modes_dir => no value => no value
https://stackoverflow.com/questions/24151129/network-calls-fail-during-image-build-on-corporate-network
Alpine 3.12 has been EOL for over a year now :grimacing: (I don't recommend using it for anything important)
PECL also fails for PHP 5.6.32 too. With similar error message.
$ docker run --rm -it php:5.6.32-apache bash -c 'pecl channel-update pecl.php.net && pecl list-all'
Updating channel "pecl.php.net"
Update of Channel "pecl.php.net" succeeded
Connection to `ssl://pecl.php.net:443' failed:
I am not getting that error
Status: Downloaded newer image for php:5.6.32-apache
Updating channel "pecl.php.net"
Update of Channel "pecl.php.net" succeeded
After trying to use api-platform in my team, we were forced to switch to another image for now as we are facing the reported issue.
https://github.com/dunglas/frankenphp/blob/main/dev-alpine.Dockerfile
PHP 7.4 has been end of life for almost a full year (https://github.com/docker-library/php/pull/1349) and PHP 5.6 longer than that (https://github.com/docker-library/php/pull/768).
Closing since this issue concerns EOL versions of PHP.
