phpipam/phpipam-www Docker 镜像 - 轩辕镜像
phpipam/phpipam-wwwphpipam
phpIPAM是一款基于Web的开源IP地址管理应用程序(IPAM),其源代码开放且免费使用,用户可通过浏览器便捷访问,主要功能包括IP地址的分配、跟踪、规划与监控,能有效记录地址使用状态、关联设备信息、预防地址冲突,适用于企业、机构等各类网络环境的IP资源管理需求。
115 收藏0 次下载
phpIPAM Apache2 Container
Intended Audience
As the typical users of phpIPAM (Network admins) have limited experience with LAMP stacks, these docker images provide a simpler method to create and maintain a working phpIPAM environment. Given the intended audience, simplicity is preferred over complexity and some advanced use cases are not supported with these images.
Native SSL support can be achieved by use of the many reverse-https-proxy docker images available on DockerHub. See HAProxy example below.
For advanced use-cases phpIPAM can be installed in a VM by following the instructions found at [***]
Source files, Issues & Pull Requests
Dockerfile build sources can be found at [***]
Issues and pull requests/patches for phpipam-docker can be found at [***]
Issues and pull requests for the phpIPAM application can be found at [***]
Container Images
phpipam-wwwFrontend Apache/PHP container.phpipam-croncron container for scheduled network discovery jobs.
Multiple replicas of the phpipam-www container can be deployed and load-balanced.
Only a single running replica of the phpipam-cron container should be deployed.
Permissions & Capabilities
Rootless docker is not supported.
When running under Docker, NET_ADMIN and NET_RAW container capabilities are required for ping and SNMP functionality.
When running under Kubernetes, set allowPrivilegeEscalation=true
Supported Tags
latestTracks the latest stable release + Alpine Linux security updates.1.7xTracks the 1.7 git maintenance branch + Alpine Linux security updates.1.6xTracks the 1.6 git maintenance branch + Alpine Linux security updates (obsolete).1.5xTracks the 1.5 git maintenance branch + Alpine Linux security updates (obsolete).1.4xTracks the 1.4 git maintenance branch + Alpine Linux security updates (obsolete).nightlyNightly git development snapshot (non-production).v1.7.x / v1.6.y / v1.5.yStatic snapshots, no Alpine Linux security updates.
Usage
Docker Standalone
Example full stack deployment via docker-compose.
Save and edit the the below configuration as docker-compose.yml and run docker-compose -p phpIPAM up -d from the same directory.
yaml# WARNING: Replace the example passwords with secure secrets. # WARNING: 'my_secret_phpipam_pass' and 'my_secret_mysql_root_pass' version: '3' services: phpipam-web: image: phpipam/phpipam-www:latest ports: - "80:80" environment: - TZ=Europe/London - IPAM_DATABASE_HOST=phpipam-mariadb - IPAM_DATABASE_PASS=my_secret_phpipam_pass - IPAM_DATABASE_WEBHOST=% restart: unless-stopped volumes: - phpipam-logo:/phpipam/css/images/logo - phpipam-ca:/usr/local/share/ca-certificates:ro depends_on: - phpipam-mariadb phpipam-cron: image: phpipam/phpipam-cron:latest environment: - TZ=Europe/London - IPAM_DATABASE_HOST=phpipam-mariadb - IPAM_DATABASE_PASS=my_secret_phpipam_pass - SCAN_INTERVAL=1h restart: unless-stopped volumes: - phpipam-ca:/usr/local/share/ca-certificates:ro depends_on: - phpipam-mariadb phpipam-mariadb: image: mariadb:latest environment: - MYSQL_ROOT_PASSWORD=my_secret_mysql_root_pass restart: unless-stopped volumes: - phpipam-db-data:/var/lib/mysql volumes: phpipam-db-data: phpipam-logo: phpipam-ca:
Docker External MySQL Server
Example external MySQL server deployment via docker-compose.
Save and edit the the below configuration as docker-compose.yml and run docker-compose -p phpIPAM up -d from the same directory.
yamlversion: '3' services: phpipam-web: image: phpipam/phpipam-www:latest ports: - "80:80" environment: - TZ=Europe/London - IPAM_DATABASE_HOST=my.database.server - IPAM_DATABASE_USER=existing_username - IPAM_DATABASE_PASS=existing_password - IPAM_DATABASE_NAME=existing_db_name restart: unless-stopped volumes: - phpipam-logo:/phpipam/css/images/logo - phpipam-ca:/usr/local/share/ca-certificates:ro phpipam-cron: image: phpipam/phpipam-cron:latest environment: - TZ=Europe/London - IPAM_DATABASE_HOST=my.database.server - IPAM_DATABASE_USER=existing_username - IPAM_DATABASE_PASS=existing_password - IPAM_DATABASE_NAME=existing_db_name - SCAN_INTERVAL=1h restart: unless-stopped volumes: - phpipam-ca:/usr/local/share/ca-certificates:ro volumes: phpipam-logo: phpipam-ca:
Configuration
Supported Docker Environment Variables
A subset of available phpIPAM configuration settings in config.dist.php can be configured via Docker Environment variables.
As an alternative to passing sensitive information via environment variables, _FILE may be appended to environment variables marked 📂, causing the initialization script to load the values for those variables from files present in the container. In particular, this can be used to load passwords from Docker secrets stored in /run/secrets/<secret_name> files.
bashdocker ... -e IPAM_DATABASE_PASS_FILE=/run/secrets/ipam_database_password
| ENV | Default | WWW/CRON Container | Description |
|---|---|---|---|
| TZ | "UTC" | ✅ ✅ | Time Zone (e.g "Europe/London") |
| IPAM_DISABLE_INSTALLER 📂 | "false" | ✅ ❌ | Disables installation helper scripts (v1.6.1+) ** |
| IPAM_DATABASE_HOST 📂 | "127.0.0.1" | ✅ ✅ | MySQL database host |
| IPAM_DATABASE_USER 📂 | "phpipam" | ✅ ✅ | MySQL database user |
| IPAM_DATABASE_PASS 📂 | "phpipamadmin" | ✅ ✅ | MySQL database password |
| IPAM_DATABASE_NAME 📂 | "phpipam" | ✅ ✅ | MySQL database name |
| IPAM_DATABASE_PORT 📂 | 3306 | ✅ ✅ | MySQL database port |
| IPAM_DATABASE_WEBHOST 📂 | "localhost" | ✅ ✅ | MySQL allowed hosts |
| IPAM_BASE | "/" | ✅ ❌ | For reverse-proxy/load-***s. Path to access phpipam in site URL, http:/url/BASE/ |
| IPAM_TRUST_X_FORWARDED 📂 | "false" | ✅ ❌ | Trust and use X_FORWARDED_* headers set by reverse-proxies/load-***s (v1.6.0+) * |
| PROXY_ENABLED 📂 | false | ✅ ✅ | Use proxy |
| PROXY_SERVER 📂 | "myproxy.something.com" | ✅ ✅ | Proxy server |
| PROXY_PORT 📂 | 8080 | ✅ ✅ | Proxy port |
| PROXY_USE_AUTH 📂 | false | ✅ ✅ | Proxy authentication |
| PROXY_USER 📂 | "USERNAME" | ✅ ✅ | Proxy username |
| PROXY_PASS 📂 | "PASSWORD" | ✅ ✅ | Proxy password |
| IPAM_DEBUG 📂 | false | ✅ ✅ | Enable php/application debugging |
| OFFLINE_MODE 📂 | false | ✅ ❌ | Disable server-side Internet requests, avoid timeouts with restricted Internet access (v1.5.0+) |
| COOKIE_SAMESITE 📂 | "Lax" | ✅ ❌ | Cookie security policy = None,Lax,Strict. "None" requires HTTPS. (v1.4.5+) |
| IPAM_FOOTER_MESSAGE 📂 | "" | ✅ ❌ | Custom message included in the footer of every page (v1.6.0+) |
| IPAM_GMAPS_API_KEY 📂 | "" | ✅ ❌ | Google Maps and Geocode API Key. (Removed in v1.5.0, replaced by OpenStreetMap) |
| SCAN_INTERVAL | "1h" | ❌ ✅ | Network discovery job interval = 5m,10m,15m,30m,1h,2h,4h,6h,12h |
* Enabling IPAM_TRUST_X_FORWARDED without filtering request from end-clients can result in security issues. Ensure the headers are filtered or overwritten by the reverse-proxy/load*** and can not be set by the clients.
** Please disable installation helper scripts by setting IPAM_DISABLE_INSTALLER = 1 after initial setup is complete.
In Container config.php
From v1.5.0 the IPAM_CONFIG_FILE environment variable can be used load a configuration file located in a persistent volume.
When IPAM_CONFIG_FILE is configured the following environment variables are available. All other enviroment variables are ignored and must be configured manually in the config.php file if required.
| ENV | Default | WWW/CRON Container | Description |
|---|---|---|---|
| TZ | "UTC" | ✅ ✅ | Time Zone (e.g "Europe/London") |
| IPAM_CONFIG_FILE | "" | ✅ ✅ | Full path to the config file (e.g "/config/config.php") Must end .php (v1.5.0+) |
| SCAN_INTERVAL | "1h" | ❌ ✅ | Network discovery job interval = 5m,10m,15m,30m,1h,2h,4h,6h,12h |
NOTE: When load-balancing multiple instances set $session_storage = "database"; to ensure consistent PHP session information across all containers.
Trusted CAs
update-ca-certificates is run at startup, all certificates found below /usr/local/share/ca-certificates are included as implicitly trusted. Mount persistent storage at this location with custom trusted CAs in PEM format.
bash/usr/local/share/ca-certificates # ls ACME_ROOT.crt ACME_INTERMEDIATE_1.crt ACME_INTERMEDIATE_2.crt
HAProxy SSL Example
Example configuration to use HAProxy as a reverse HTTPS proxy for phpIPAM.
Create the HAProxy container.
bashdocker run -d -p 443:443 -p 80:80 --name HAProxy --restart always -v haproxy_ssl:/etc/ssl/certs -v haproxy_cfg:/usr/local/etc/haproxy haproxy:latest
Create the /usr/local/etc/haproxy/haproxy.cfg configuration file inside the container.
text# Example /usr/local/etc/haproxy/haproxy.cfg global daemon maxconn 256 resolvers mydns # Replace with the IP addresses of your internal DNS servers nameserver ns1 192.168.1.53:53 nameserver ns2 192.168.2.53:53 accepted_payload_size 8192 defaults mode http timeout connect 5000ms timeout client 5000ms timeout server 60000ms option forwardfor frontend phpipam-rp bind *:80 bind *:443 ssl crt /etc/ssl/certs http-request redirect scheme https code 301 unless { ssl_fc } default_backend phpipam-web http-request del-header X-Forwarded-For backend phpipam-web # Replace phpipam.local with the internal DNS name of your phpipam container. server s1 phpipam.local:80 check resolvers mydns init-addr none http-request set-header X-Forwarded-Uri %[url] http-request set-header X-Forwarded-Port %[dst_port] http-request add-header X-Forwarded-Proto https if { ssl_fc }
HAProxy will load your full*** certificate and key files mounted at /etc/ssl/certs inside the container.
bashhaproxy@HAProxy:/etc/ssl/certs$ ls ipam.crt ipam.crt.key
Restart the HAProxy container and check the container logs for issues.
bashdocker restart HAProxy docker container logs HAProxy
License
GNU General Public License v3.0
Maintainer
Gary Allan ***
phpipam/phpipam-cron
phpIPAM cron容器是开源Web IP地址管理应用(IPAM)的定时任务容器,用于执行计划网络发现作业等定时任务,需单实例部署以确保任务正常执行。
3210M+ pulls
上次更新:未知
mc303/phpipam-agent
phpipam-agent是开源IP地址管理应用phpIPAM的发现扫描代理,用于执行主机可用性检查和网络发现,支持计划扫描以自动更新网络状态。
100K+ pulls
上次更新:未知
mhzawadi/phpipam
phpIPAM是一款开源Web IP地址管理应用程序,旨在提供轻量级、简洁的IP地址管理解决方案。
10K+ pulls
上次更新:未知
轩辕镜像配置手册
探索更多轩辕镜像的使用方法,找到最适合您系统的配置方式
登录仓库拉取
通过 Docker 登录认证访问私有仓库
Linux
在 Linux 系统配置镜像服务
Windows/Mac
在 Docker Desktop 配置镜像
Docker Compose
Docker Compose 项目配置
K8s Containerd
Kubernetes 集群配置 Containerd
K3s
K3s 轻量级 Kubernetes 镜像加速
Dev Containers
VS Code Dev Containers 配置
MacOS OrbStack
MacOS OrbStack 容器配置
宝塔面板
在宝塔面板一键配置镜像
群晖
Synology 群晖 NAS 配置
飞牛
飞牛 fnOS 系统配置镜像
极空间
极空间 NAS 系统配置服务
爱快路由
爱快 iKuai 路由系统配置
绿联
绿联 NAS 系统配置镜像
威联通
QNAP 威联通 NAS 配置
Podman
Podman 容器引擎配置
Singularity/Apptainer
HPC 科学计算容器配置
其他仓库配置
ghcr、Quay、nvcr 等镜像仓库
专属域名拉取
无需登录使用专属域名
需要其他帮助?请查看我们的 常见问题Docker 镜像访问常见问题解答 或 提交工单
镜像拉取常见问题
轩辕镜像免费版与专业版有什么区别?
免费版仅支持 Docker Hub 访问,不承诺可用性和速度;专业版支持更多镜像源,保证可用性和稳定速度,提供优先客服响应。
轩辕镜像支持哪些镜像仓库?
专业版支持 docker.io、gcr.io、ghcr.io、registry.k8s.io、nvcr.io、quay.io、mcr.microsoft.com、docker.elastic.co 等;免费版仅支持 docker.io。
流量耗尽错误提示
当返回 402 Payment Required 错误时,表示流量已耗尽,需要充值流量包以恢复服务。
410 错误问题
通常由 Docker 版本过低导致,需要升级到 20.x 或更高版本以支持 V2 协议。
manifest unknown 错误
先检查 Docker 版本,版本过低则升级;版本正常则验证镜像信息是否正确。
镜像拉取成功后,如何去掉轩辕镜像域名前缀?
使用 docker tag 命令为镜像打上新标签,去掉域名前缀,使镜像名称更简洁。
用户好评
来自真实用户的反馈,见证轩辕镜像的优质服务
oldzhang
运维工程师
Linux服务器
5
"Docker访问体验非常流畅,大镜像也能快速完成下载。"
咨询镜像拉取问题请 提交工单,官方技术交流群:1072982923
轩辕镜像面向开发者与科研用户,提供开源镜像的搜索和访问支持。所有镜像均来源于原始仓库,本站不存储、不修改、不传播任何镜像内容。