7fceb32f7b
The current configuration is not able to start FrankenPHP when mercure
and SELinux are used with a Caddyfile like this:
```Caddyfile
mercure {
transport bolt {
path mercure.db
}
}
```
closes https://github.com/php/frankenphp/issues/2035
Exact error:
```
SELinux is preventing /usr/bin/frankenphp from map access on the file /var/lib/frankenphp/mercure.db.
***** Plugin catchall_boolean (89.3 confidence) suggests ******************
If you want to allow domain to can mmap files
Then you must tell SELinux about this by enabling the 'domain_can_mmap_files' boolean.
Do
setsebool -P domain_can_mmap_files 1
***** Plugin catchall (11.6 confidence) suggests **************************
If you believe that frankenphp should be allowed map access on the mercure.db file by default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.
Do
allow this access for now by executing:
# ausearch -c 'frankenphp' --raw | audit2allow -M my-frankenphp
# semodule -X 300 -i my-frankenphp.pp
Additional Information:
Source Context system_u:system_r:httpd_t:s0
Target Context system_u:object_r:httpd_var_lib_t:s0
Target Objects /var/lib/frankenphp/mercure.db [ file ]
Source frankenphp
Source Path /usr/bin/frankenphp
Port <Unknown>
Host localhost
Source RPM Packages frankenphp-1.10.0_84-1.x86_64
Target RPM Packages
SELinux Policy RPM selinux-policy-targeted-3.14.3-139.el8_10.1.noarch
Local Policy RPM selinux-policy-targeted-3.14.3-139.el8_10.1.noarch
Selinux Enabled True
Policy Type targeted
Enforcing Mode Enforcing
Host Name localhost
Platform Linux localhost
4.18.0-553.81.1.el8_10.x86_64 #1 SMP Mon Oct 27
11:29:19 EDT 2025 x86_64 x86_64
Alert Count 12
First Seen 2025-10-29 17:25:26 CET
Last Seen 2025-11-25 17:18:19 CET
Local ID c4e79504-117e-4e9f-ad8c-f0bcc4856697
Raw Audit Messages
type=AVC msg=audit(1764087499.320:475517): avc: denied { map } for pid=322613 comm="frankenphp" path="/var/lib/frankenphp/mercure.db" dev="md3" ino=93716492 scontext=system_u:system_r:httpd_t:s0 tcontext=system_u:object_r:httpd_var_lib_t:s0 tclass=file permissive=0
type=SYSCALL msg=audit(1764087499.320:475517): arch=x86_64 syscall=mmap success=no exit=EACCES a0=0 a1=8000 a2=1 a3=1 items=0 ppid=1 pid=322613 auid=4294967295 uid=991 gid=988 euid=991 suid=991 fsuid=991 egid=988 sgid=988 fsgid=988 tty=(none) ses=4294967295 comm=frankenphp exe=/usr/bin/frankenphp subj=system_u:system_r:httpd_t:s0 key=(null)
Hash: frankenphp,httpd_t,httpd_var_lib_t,file,map
```
FrankenPHP: Modern App Server for PHP
FrankenPHP is a modern application server for PHP built on top of the Caddy web server.
FrankenPHP gives superpowers to your PHP apps thanks to its stunning features: Early Hints, worker mode, real-time capabilities, automatic HTTPS, HTTP/2, and HTTP/3 support...
FrankenPHP works with any PHP app and makes your Laravel and Symfony projects faster than ever thanks to their official integrations with the worker mode.
FrankenPHP can also be used as a standalone Go library to embed PHP in any app using net/http.
Learn more on frankenphp.dev and in this slide deck:
Getting Started
On Windows, use WSL to run FrankenPHP.
Install Script
You can copy this line into your terminal to automatically install an appropriate version for your platform:
curl https://frankenphp.dev/install.sh | sh
Standalone Binary
We provide static FrankenPHP binaries for development purposes on Linux and macOS containing PHP 8.4 and most popular PHP extensions.
Installing extensions: Most common extensions are bundled. It's not possible to install more extensions.
rpm Packages
Our maintainers offer rpm packages for all systems using dnf. To install, run:
sudo dnf install https://rpm.henderkes.com/static-php-1-0.noarch.rpm
sudo dnf module enable php-zts:static-8.4 # 8.2-8.5 available
sudo dnf install frankenphp
Installing extensions: sudo dnf install php-zts-<extension>
For extensions not available by default, use PIE:
sudo dnf install php-zts-devel
sudo pie install asgrim/example-pie-extension --with-php-config=php-config-zts
deb Packages
Our maintainers offer deb packages for all systems using apt. To install, run:
sudo curl -fsSL https://key.henderkes.com/static-php.gpg -o /usr/share/keyrings/static-php.gpg && \
echo "deb [signed-by=/usr/share/keyrings/static-php.gpg] https://deb.henderkes.com/ stable main" | sudo tee /etc/apt/sources.list.d/static-php.list && \
sudo apt update
sudo apt install frankenphp
Installing extensions: sudo apt install php-zts-<extension>
For extensions not available by default, use PIE:
sudo apt install php-zts-devel
sudo pie install asgrim/example-pie-extension --with-php-config=php-config-zts
Homebrew
FrankenPHP is also available as a Homebrew package for macOS and Linux.
brew install dunglas/frankenphp/frankenphp
Installing extensions: Use PIE.
Usage
To serve the content of the current directory, run:
frankenphp php-server
You can also run command-line scripts with:
frankenphp php-cli /path/to/your/script.php
For the deb and rpm packages, you can also start the systemd service:
sudo systemctl start frankenphp
Docker
Alternatively, Docker images are available:
docker run -v .:/app/public \
-p 80:80 -p 443:443 -p 443:443/udp \
dunglas/frankenphp
Go to https://localhost, and enjoy!
Tip
Do not attempt to use
https://127.0.0.1. Usehttps://localhostand accept the self-signed certificate. Use theSERVER_NAMEenvironment variable to change the domain to use.
Docs
- Classic mode
- Worker mode
- Early Hints support (103 HTTP status code)
- Real-time
- Efficiently Serving Large Static Files
- Configuration
- Writing PHP Extensions in Go
- Docker images
- Deploy in production
- Performance optimization
- Create standalone, self-executable PHP apps
- Create static binaries
- Compile from sources
- Monitoring FrankenPHP
- Laravel integration
- Known issues
- Demo app (Symfony) and benchmarks
- Go library documentation
- Contributing and debugging