customcontainer.io vs. Docker Hub

The official php:* images on Docker Hub are a great generic starting point — and that is exactly their problem. They ship a full distro userland, a fixed set of extensions and several hundred megabytes you will never execute. customcontainer builds the opposite: a purpose-built image from your actual composer.lock, updated extension by extension.

Docker Hub php:* customcontainer
Image size Hundreds of megabytes on disk — a full Debian or Alpine userland plus a generic PHP build. Only your stack: PHP runtime + your extensions + their libraries. Often a tenth of the size.
PHP extensions Fixed preinstalled set. Everything else means docker-php-ext-install, compilers in the image and a rebuild. Exactly the extensions your composer.lock requires — detected automatically, adjustable per click.
Extension security updates Wait for the next upstream image rebuild, then rebuild and redeploy every downstream image yourself. A single updated extension produces a new image version automatically — usually within hours, webhook notification included.
Pipeline time docker build plus extension compilation on every change — minutes per build, for every project. No build pipeline at all. The image is composed from prebuilt layers and is instantly pullable.
Attack surface Shells, package manager, perl, coreutils — tooling an attacker can use, even if your app never does. Only the libraries your extensions actually link against. Shell and timezone data are opt-in.
Reproducibility Tags are moving targets: php:8.4-fpm silently changes content between pulls. Every build gets a pinned semver version with recorded build history — and you can diff any two versions.
Staying current Manual: watch CVE feeds, bump base images, rebuild, redeploy. Automatic rebuilds when upstream packages update — no version drift.
CPU architectures x86_64 & ARM64 x86_64 & ARM64

Convinced?

Build your image in under a minute.

Paste your composer.lock on the start page and pull a purpose-built PHP image right away — no account, no build pipeline, no credit card.