Can't disable DDEV-injected commands in webimage to launch with a custom web image

[MurzNN]

Is there an existing issue for this?

• I have searched the existing issues

Output of ddev debug test

Expand `ddev debug test` diagnostic information

$ ddev debug test
Running bash [-c /tmp/test_ddev.sh] 
======= Existing project config =========
These config files were loaded for project h: [/home/alexey_korepov/projects/h/.ddev/config.yaml]
name: h
type: php
php_version: 8.1
webserver_type: nginx-fpm
webimage: hhvm/hhvm
additional_hostnames: []
additional_fqdns: []
database: {mariadb 10.4}
project_tld: ddev.site
use_dns_when_possible: true
composer_version: 2
nodejs_version: 18
default_container_timeout: 120
======= Creating dummy project named  tryddevproject-9707 in ../tryddevproject-9707 =========
OS Information: Linux EPAMYERW0270 6.5.0-15-generic #15-Ubuntu SMP PREEMPT_DYNAMIC Tue Jan  9 17:03:36 UTC 2024 x86_64 x86_64 x86_64 GNU/Linux
User information: uid=1000(alexey_korepov) gid=1000(alexey_korepov) groups=1000(alexey_korepov),4(adm),24(cdrom),27(sudo),30(dip),44(video),46(plugdev),105(crontab),107(input),109(render),120(lpadmin),132(lxd),133(sambashare),142(vboxusers),997(docker)
DDEV version:  ITEM             VALUE                                   
 DDEV version     v1.22.6                                 
 architecture     amd64                                   
 db               ddev/ddev-dbserver-mariadb-10.4:v1.22.6 
 ddev-ssh-agent   ddev/ddev-ssh-agent:v1.22.6             
 docker           25.0.2                                  
 docker-compose   v2.23.3                                 
 docker-platform  linux-docker                            
 mutagen          0.17.2                                  
 os               linux                                   
 router           ddev/ddev-traefik-router:v1.22.6        
 web              ddev/ddev-webserver:v1.22.6             
PROXY settings: HTTP_PROXY='' HTTPS_PROXY='' http_proxy='' NO_PROXY=''
======= DDEV global info =========
Global configuration:
instrumentation-opt-in=true
omit-containers=[]
performance-mode=none
router-bind-all-interfaces=false
internet-detection-timeout-ms=3000
disable-http2=false
use-letsencrypt=false
letsencrypt-email=
table-style=default
simple-formatting=false
use-hardened-images=false
fail-on-hook-fail=false
required-docker-compose-version=v2.23.3
use-docker-compose-from-path=false
project-tld=
xdebug-ide-location=
no-bind-mounts=false
router=traefik
wsl2-no-windows-hosts-mgt=false
router-http-port=80
router-https-port=443
mailpit-http-port=8025
mailpit-https-port=8026
traefik-monitor-port=10999

======= DOCKER info =========
docker location: -rwxr-xr-x 1 root root 36781576 Feb  1 04:23 /usr/bin/docker
docker version: 
Client: Docker Engine - Community
 Version:           25.0.2
 API version:       1.44
 Go version:        go1.21.6
 Git commit:        29cf629
 Built:             Thu Feb  1 00:23:19 2024
 OS/Arch:           linux/amd64
 Context:           default

Server: Docker Engine - Community
 Engine:
  Version:          25.0.2
  API version:      1.44 (minimum version 1.24)
  Go version:       go1.21.6
  Git commit:       fce6e0c
  Built:            Thu Feb  1 00:23:19 2024
  OS/Arch:          linux/amd64
  Experimental:     false
 containerd:
  Version:          1.6.28
  GitCommit:        ae07eda36dd25f8a1b98dfbf587313b99c0190bb
 runc:
  Version:          1.1.12
  GitCommit:        v1.1.12-0-g51d5e94
 docker-init:
  Version:          0.19.0
  GitCommit:        de40ad0
DOCKER_DEFAULT_PLATFORM=notset
======= Mutagen Info =========
======= Docker Info =========
Docker platform: linux-docker 
Using Docker context: default (unix:///var/run/docker.sock) 
docker-compose: v2.23.3 
Using DOCKER_HOST=unix:///var/run/docker.sock 
Docker version: 25.0.2 
Able to run simple container that mounts a volume. 
Able to use internet inside container. 
Docker disk space:
Filesystem                Size      Used Available Use% Mounted on
overlay                 191.7G    177.7G      5.1G  97% /

Unable to create project at project root '/home/alexey_korepov/tmp/test-grafana': project root /home/alexey_korepov/tmp/test-grafana does not exist
 Container ddev-dt2-opentelemetry-collector  Stopped
 Container ddev-dt2-php-custom  Stopped
 Container ddev-dt2-agent  Stopped
 Container ddev-dt2-prometheus  Stopped
 Container ddev-dt2-grafana  Stopped
 Container ddev-dt2-phpmyadmin  Stopped
 Container ddev-dt2-loki  Stopped
 Container ddev-dt2-db  Stopped
 Container ddev-dt2-tempo  Stopped
 Container ddev-dt2-solr  Stopped
 Container ddev-dt2-web  Stopped
 Container ddev-dt2-agent  Stopped
 Container ddev-dt2-php-custom  Stopped
 Container ddev-dt2-grafana  Stopped
 Container ddev-dt2-solr  Stopped
 Container ddev-dt2-prometheus  Stopped
 Container ddev-dt2-loki  Stopped
 Container ddev-dt2-opentelemetry-collector  Stopped
 Container ddev-dt2-tempo  Stopped
 Container ddev-dt2-phpmyadmin  Stopped
 Container ddev-dt2-web  Stopped
 Container ddev-dt2-opentelemetry-collector  Removed
 Container ddev-dt2-solr  Removed
 Container ddev-dt2-loki  Removed
 Container ddev-dt2-tempo  Removed
 Container ddev-dt2-grafana  Removed
 Container ddev-dt2-agent  Removed
 Container ddev-dt2-phpmyadmin  Removed
 Container ddev-dt2-db  Stopped
 Container ddev-dt2-prometheus  Removed
 Container ddev-dt2-php-custom  Removed
 Container ddev-dt2-db  Removed
 Container ddev-dt2-web  Removed
 Network ddev-dt2_default  Removed
Project dt2 has been stopped.
The ddev-ssh-agent container has been removed. When you start it again you will have to use 'ddev auth ssh' to provide key authentication again.
Network ddev_default removed
Network ddev-h_default removed
Existing docker containers: 
CONTAINER ID   IMAGE                  COMMAND                   CREATED             STATUS                        PORTS                       NAMES
33b6c84ee4be   ubuntu:22.04           "bash"                    24 minutes ago      Exited (100) 8 minutes ago                                thirsty_chaplygin
2a2492e52dd1   ubuntu:23.10           "bash"                    24 minutes ago      Exited (0) 24 minutes ago                                 upbeat_leavitt
b78b542885de   ubuntu:23.10           "bash"                    27 minutes ago      Exited (100) 24 minutes ago                               friendly_cartwright
26093056424a   debian:11              "bash"                    33 minutes ago      Exited (0) 27 minutes ago                                 zen_kilby
9ce6fd06f391   debian:11              "bash"                    34 minutes ago      Exited (0) 33 minutes ago                                 keen_ritchie
af34e5873e50   debian:9               "bash"                    38 minutes ago      Exited (130) 34 minutes ago                               eager_lamarr
511f88601b42   debian:10              "bash"                    44 minutes ago      Exited (1) 38 minutes ago                                 sweet_bouman
5df0a9bbe2f7   debian:12              "bash"                    46 minutes ago      Exited (100) 45 minutes ago                               pensive_neumann
57976bd226fd   debian:11              "bash"                    55 minutes ago      Exited (1) 46 minutes ago                                 cranky_payne
7976e4a20d6d   hhvm/hhvm              "sh"                      About an hour ago   Exited (0) 58 minutes ago                                 musing_maxwell
3b900e8bb3b7   kindest/node:v1.27.3   "/usr/local/bin/entr…"    2 weeks ago         Up 7 hours                    127.0.0.1:34723->6443/tcp   kind-control-plane
6545382e3889   b59534d92575           "/docker-entrypoint.…"    2 weeks ago         Exited (0) 2 weeks ago                                    xenodochial_black
dc0ca8a10614   3f448830e06f           "docker-entrypoint.s…"    2 weeks ago         Exited (0) 2 weeks ago                                    stupefied_lewin
64a88c670394   3f448830e06f           "docker-entrypoint.s…"    2 weeks ago         Exited (130) 2 weeks ago                                  zen_cori
4f735a9d68d0   eb0b2e901921           "/docker-entrypoint.…"    2 weeks ago         Exited (0) 2 weeks ago                                    great_heisenberg
fad47b7d3bfa   eb0b2e901921           "/docker-entrypoint.…"    2 weeks ago         Exited (127) 2 weeks ago                                  thirsty_keller
7a5ea607784c   343b883b34d6           "/docker-entrypoint.…"    2 weeks ago         Exited (127) 2 weeks ago                                  charming_faraday
1b0964daa5f7   343b883b34d6           "/docker-entrypoint.…"    2 weeks ago         Exited (0) 2 weeks ago                                    goofy_bose
2713385febea   debian:12              "sh"                      2 months ago        Exited (127) 2 months ago                                 competent_jennings
ecddf5fdfc50   debian:12              "sh -c 'dig A'"           2 months ago        Exited (127) 2 months ago                                 recursing_newton
379330ca7794   debian:12              "sh -c 'cat /etc/res…"    2 months ago        Exited (0) 2 months ago                                   wizardly_villani
1599a2c44851   debian:12              "sh -c 'cat /etc/res…"    2 months ago        Exited (1) 2 months ago                                   festive_pascal
3d3596d39c5b   debian:12              "-c 'sh \"cat /etc/re…"   2 months ago        Created                                                   agitated_albattani
e674fa0f5706   debian:12              "bash"                    2 months ago        Exited (0) 2 months ago                                   clever_lovelace
450ee813d450   debian:12              "-c"                      2 months ago        Created                                                   infallible_solomon
c12c14c39b8b   debian:12              "-c 'which cat'"          2 months ago        Created                                                   intelligent_golick
a2b4c461ff51   debian:12              "-c 'cat /etc/resolv…"    2 months ago        Created                                                   nice_solomon
af89868b2f36   debian:12              "-c"                      2 months ago        Created                                                   cool_vaughan
82f8e2a355cf   debian:12              "bash"                    2 months ago        Exited (0) 2 months ago                                   elastic_nobel
1e7b32958d85   debian:12              "bash"                    2 months ago        Exited (0) 2 months ago                                   keen_colden
0c0f4e2ce2d0   debian:12              "bash"                    2 months ago        Exited (130) 2 months ago                                 determined_ardinghelli
f442ac22041d   debian:12              "bash"                    2 months ago        Exited (130) 2 months ago                                 optimistic_mayer
45078e806aca   a3d490fe0838           "/usr/local/bin/jenk…"    2 months ago        Exited (1) 2 months ago                                   recursing_mahavira
Network ddev_default created 

 TIP OF THE DAY                                                                                                                       
 VS Code users: have you tried the new DDEV VS Code extension? https://marketplace.visualstudio.com/items?itemName=biati.ddev-manager 
 
Starting tryddevproject-9707... 
Network ddev-tryddevproject-9707_default created 
 Container ddev-ssh-agent  Created 
 Container ddev-ssh-agent  Started 
ssh-agent container is running: If you want to add authentication to the ssh-agent container, run 'ddev auth ssh' to enable your keys. 
Building project images... 
Project images built in 0s. 
 Container ddev-tryddevproject-9707-web  Created 
 Container ddev-tryddevproject-9707-db  Created 
 Container ddev-tryddevproject-9707-web  Started 
 Container ddev-tryddevproject-9707-db  Started 
Waiting for web/db containers to become ready: [web db] 
Starting ddev-router if necessary... 
 Container ddev-router  Created 
 Container ddev-router  Started 
Waiting for additional project containers to become ready... 
All project containers are now ready. 
Successfully started tryddevproject-9707 
Project can be reached at https://tryddevproject-9707.ddev.site https://127.0.0.1:32783 
======== Curl of site from inside container:
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 05 Feb 2024 12:33:44 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
Vary: Accept-Encoding

======== curl -I of http://tryddevproject-9707.ddev.site from outside:
HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Date: Mon, 05 Feb 2024 12:33:44 GMT
Server: nginx
Vary: Accept-Encoding

======== full curl of http://tryddevproject-9707.ddev.site from outside:
Success accessing database... db via TCP/IP
ddev is working. You will want to delete this project with 'ddev delete -Oy tryddevproject-9707'
======== Project ownership on host:
drwxr-xr-x 4 alexey_korepov alexey_korepov 4096 Feb  5 16:32 ../tryddevproject-9707
======== Project ownership in container:
drwxr-xr-x 4 alexey_korepov alexey_korepov 4096 Feb  5 12:32 /var/www/html
======== In-container filesystem:
Filesystem         Type 1K-blocks      Used Available Use% Mounted on
/dev/mapper/rootfs ext4 200983460 186470908   5182616  98% /var/www/html
======== curl again of tryddevproject-9707 from host:
Success accessing database... db via TCP/IP
ddev is working. You will want to delete this project with 'ddev delete -Oy tryddevproject-9707'
Thanks for running the diagnostic. It was successful.
Please provide the output of this script in a new gist at gist.github.com
Running ddev launch in 5 seconds

Please run cleanup after debugging with 'ddev debug testcleanup'

Expected Behavior

I need to launch ddev with a custom PHP image hhvm/hhvm, so I'm putting the custom image name in the .ddev/config.yaml:

webimage: hhvm/hhvm

But after that - the ddev projects fail to start with an error:

#13 [web 4/4] RUN mkdir -p /home/alexey_korepov && chown alexey_korepov /home/alexey_korepov && chmod 600 /home/alexey_korepov/.pgpass
#13 0.242 chmod: cannot access '/home/alexey_korepov/.pgpass': No such file or directory
#13 ERROR: process "/bin/bash -c mkdir -p /home/$username && chown $username /home/$username && chmod 600 /home/$username/.pgpass" did not complete successfully: exit code: 1

Actual Behavior

It should start well with a custom image.
At least, it should be a way to disable build-in webimage commands.

Steps To Reproduce

1. Create a ddev project with the type "php"
2. Set the custom web image in .ddev/config.yaml:

webimage: hhvm/hhvm

3. Start the project.

Anything else?

There is a strange hardcoded command that causes the error:

ddev/pkg/ddevapp/config.go

Line 932 in c9aa2b7

extraWebContent := "\nRUN mkdir -p /home/$username && chown $username /home/$username && chmod 600 /home/$username/.pgpass"

How the .pgpass file can exist in the just-created empty directory? Seems we should check if it exists before chmoding.

[rfay]

Custom webimages and their outcomes are entirely your issue to sort out. We don't even have webimage in the docs any more.

Any webimage you customize will have to conform to all the features that ddev-webserver has. hhvm/hhvm absolutely does not have those.

I would expect complete failure going this route.

If you want to run hhvm as part of a DDEV project, add it as an additional service. You can also set it up as an alternate back-end for nginx using a number of techniques. But this path isn't going to work.

[MurzNN]

Thanks for the explanation! For a new project we need hhvm so I wanted to go with ddev router, to have its cool router work for us, and other features like db management.

But hhvm refuses to install on Debian (issue facebook/hhvm#9432) so a workaround can be replacing ddev webimage based on Debian with something similar based on Ubuntu.

So, at least just fixing the missing .pgpass chmod should not do any harm, right?

[rfay]

.pgpass is created in the process of setting up ddev-webserver.

You can easily add a layer to your hhvm image that adds anything you want, and you can even do that in the docker-compose build section. But you're still not going to be successful. This was just the beginning.

Add it as a separate service. There are a number of examples of that (like "old php" in ddev-contrib, and there are some in Stack Overflow as well)

[MurzNN]

Thanks, but I want to continue suffering a little bit before giving up and go with a separate service :)

Still can't find a way to add a command before executing the chmod 600 /home/$username/.pgpass - could you advice where I can put it?

If I create the .ddev/web-build/Dockerfile.custom file - it executes after the generated one from DDEV. How can I add custom commands before it?

[rfay]

Please see https://ddev.readthedocs.io/en/latest/users/extend/customizing-images/#adding-extra-dockerfiles-for-webimage-and-dbimage

You have two different options

• A pre Dockerfile (probably what you want)
• web-entrypoint.d scripts might work for you (https://ddev.readthedocs.io/en/latest/users/usage/architecture/#directory-tour)

[MurzNN]

Yeah, it works!!!
I created a .ddev/web-build/pre.Dockerfile.customimage file with the content:

RUN touch /home/$username/.pgpass

RUN echo "#!/bin/bash" >> /pre-start.sh && \
    echo "" >> /pre-start.sh && \
    echo "sudo nginx -g 'daemon off;'" >> /pre-start.sh && \
    echo "sleep infinity" >> /pre-start.sh && \
    chmod +x /pre-start.sh

RUN apt-get update && apt-get install nginx sudo -yy
RUN echo "ALL ALL=(ALL:ALL) NOPASSWD:ALL" | sudo tee -a /etc/sudoers

RUN sed -i 's/# listen 443 ssl/listen 443/' /etc/nginx/sites-available/default

And it builds with a custom image (checked with hhvm/hhvm and ubuntu), and seems all works weel!

Of course, there can be a lot of missing scripts for some ddev features, but at least it starts and the base functionality works well!

[MurzNN]

By the way, why ddev checks the 443 ssl port as healthcheck? I think 80 port should be enough.

[tyler36]

DDEV servers the site on both HTTP (80) and HTTPS (443).
By checking HTTPS, we can confirm the extra layers of security are also setup correctly.

[rfay]

Congratulations @MurzNN ! I don't understand exactly what you're saying, the ddev-webserver healthcheck.sh checks only http, https://github.com/ddev/ddev/blob/120cbe5ed6973bb42782014e493bbe183cafdbda/containers/ddev-webserver/ddev-webserver-base-scripts/healthcheck.sh

You are also able to overwrite that healthcheck.sh if you need to in your Dockerfile.