customcontainer.io vs. Docker Hub
The official php:* images on Docker Hub are a great generic starting point — and that is
exactly their problem. They ship a full distro userland, a fixed set of extensions and several hundred
megabytes you will never execute. customcontainer builds the opposite: a purpose-built image from your
actual composer.lock, updated extension by extension.
Docker Hub php:* |
customcontainer | |
|---|---|---|
| Image size | Hundreds of megabytes on disk — a full Debian or Alpine userland plus a generic PHP build. | Only your stack: PHP runtime + your extensions + their libraries. Often a tenth of the size. |
| PHP extensions | Fixed preinstalled set. Everything else means docker-php-ext-install, compilers in
the image and a rebuild.
|
Exactly the extensions your composer.lock requires — detected
automatically, adjustable per click.
|
| Extension security updates | Wait for the next upstream image rebuild, then rebuild and redeploy every downstream image yourself. | A single updated extension produces a new image version automatically — usually within hours, webhook notification included. |
| Pipeline time | docker build plus extension compilation on every change — minutes per build, for
every project.
|
No build pipeline at all. The image is composed from prebuilt layers and is instantly pullable. |
| Attack surface | Shells, package manager, perl, coreutils — tooling an attacker can use, even if your app never does. | Only the libraries your extensions actually link against. Shell and timezone data are opt-in. |
| Reproducibility | Tags are moving targets: php:8.4-fpm silently changes content between pulls. |
Every build gets a pinned semver version with recorded build history — and you can diff any two versions. |
| Staying current | Manual: watch CVE feeds, bump base images, rebuild, redeploy. | Automatic rebuilds when upstream packages update — no version drift. |
| CPU architectures | x86_64 & ARM64 | x86_64 & ARM64 |
A fraction of the footprint.
A smaller image is not just faster to pull and cheaper to store. Every binary, shell and library you do not ship is one less thing to scan, patch and defend. customcontainer images reduce the PHP attack surface to what your application actually executes.
Extension updates in hours, not weeks.
Generic images update extensions only when the whole image is rebuilt. Because customcontainer keeps every extension in its own layer, a fixed extension reaches you as a new image version as soon as the upstream package ships — rebuild, version bump and webhook are automatic.
Convinced?
Build your image in under a minute.
Paste your composer.lock on the start page and pull a purpose-built PHP image right away —
no account, no build pipeline, no credit card.