Optimize php config. Use existing www-data user.

php-fpm/Dockerfile

@@ -57,12 +57,9 @@ COPY symfony.pool.conf /usr/local/etc/php/php-fpm.d/
 COPY entrypoint.sh /entrypoint.sh
 RUN chmod +x /entrypoint.sh
 
-RUN addgroup -S www
-RUN adduser -S -D -H -g "php-fpm user" -G www -s /sbin/nologin www
-
 ARG APP_ENVIRONMENT
 ENV APP_ENV=${APP_ENVIRONMENT}
-ENV APP_SECRET=67d829bf61dc5f87a73fd814e2c9f629
+ENV APP_SECRET=${APP_SECRET}
 ENV APP_DEBUG=1
 ENV REDIS_URL=redis://cc-redis
 ENV LDAP_URL=ldap://cc-ldap

php-fpm/entrypoint.sh

@@ -15,6 +15,7 @@ if [ "$APP_CLUSTERCOCKPIT_INIT" = true ]; then
     fi
 
     ln -s /var/lib/job-archive var/job-archive
+    chown -R www-data:www-data /var/www/symfony/* /var/www/symfony/.??*
 fi
 
 # Reports php environment on container startup

php-fpm/php.ini

@@ -1900,7 +1900,7 @@ opcache.preload=/var/www/symfony/config/preload.php
 ; Preloading code as root is not allowed for security reasons. This directive
 ; facilitates to let the preloading to be run as another user.
 ; http://php.net/opcache.preload_user
-opcache.preload_user=www
+opcache.preload_user=www-data
 
 ; Prevents caching files that are less than this number of seconds old. It
 ; protects from caching of incompletely updated files. In case all file updates

php-fpm/symfony.pool.conf

@@ -6,8 +6,8 @@
 ; Unix user/group of processes
 ; Note: The user is mandatory. If the group is not set, the default user's group
 ;       will be used.
-user = www
-group = www
+user = www-data
+group = www-data
 
 ; The address on which to accept FastCGI requests.
 ; Valid syntaxes are:
@@ -78,10 +78,11 @@ env[APP_ENV] = $APP_ENV
 env[APP_SECRET] = $APP_SECRET
 env[APP_DEBUG] = $APP_DEBUG
 env[INFLUXDB_URL] = $INFLUXDB_URL
-env[INFLUXDB_V2_URL] = $INFLUXDB_V2_URL
 env[INFLUXDB_TOKEN] = $INFLUXDB_TOKEN
 env[DATABASE_URL] = $DATABASE_URL
 env[REDIS_URL] = $REDIS_URL
+env[LDAP_URL] = $LDAP_URL
+env[LDAP_PW] = $LDAP_PW
 env[CORS_ALLOW_ORIGIN] = $CORS_ALLOW_ORIGIN
 
 ; Catch worker output