Can docker help me isolate/separate web applications from each other?

I tried using php-fpm with chroot and liked how it restricted the php process to a specified folder.

Problems arose later when I noticed that almost all php functions depended on the “outside world”, so not much worked.

I used the stacktrace to figure out which libraries/folders I had to include in the chroot-folder for the functions to work. This approach was successful and I managed to use functions like date, mysqli_query etc.

I tried taking it a step further and installing WordPress. So I unzipped WordPress into the chroot folder and visited the index/installation file. The page was obviously broken and incomplete, because there was a lot PHP was trying to do outside the chroot-folder that it didn’t have access to.

So again, I used stacktrace to find out everything the process was trying to do and included this in the chroot folder. It worked, so now I could install and run wordpress.

But this was the end, not even stacktrace could help me when I tried to install plugins. There were a lot of errors on the page even though I had created access to everything the process needed (according to stacktrace)

Of course, it’s not sustainable to go on like this and use stacktrace just to find out what needs to be included in the chroot folder every time, and then still something is missing.

So now I’m wondering if Docker can come in handy here.
I have read a bit about it but still not sure how it works.

What I want to do is to create an isolated environment for a domain website (virtualhost) so that no scripts or shell commands can be run outside this area from this specific domain

If I’ve understood it all correctly, I can run docker containers with apache, php & mysql, and all the necessities/libraries are automatically included in the container?

Very grateful if anyone can give me some feedback here.

From what I understand chroot is not a very good solution anymore. Is docker containers an option? Absolutely! One of the reasons for docker, and containers in general, is that they are isolated from one another with their own set of resources. Think of them like lightweight virtual machines, but instead of having their own kernels etc. they share the operating system kernel.

Docker can and does do this, again, one of the reasons for containers is to be isolated environments.

Yes, but typically you run mysql in its own container and the image ‘php-apache’ can run PHP and apache together and you connect the containers in a docker network.

Read up on docker, it is going to be what you want if you are looking for isolation.

You can set up pretty much whatever you like, so you could choose NGINX instead of Apache if you wanted to, or PDO instead of mysqli. And you are not limited to just PHP as well. These things are set up in the docker-compose.yml file. You can also have additional set up in a Dockerfile, you can add things like Composer to handle libraires and dependancies.
Though a lot of people say it’s very easy to get set up, personally I found it initially difficult to get Docker working with various set ups (coming from using Wamp), but it is way more flexible and worth learning.