Nginx-proxy docker receives stderr output from php-fpm docker (resulting in 502 errors)

Question

I have a (quite standard) setup where nginx-proxy serves static files and sends php requests to a php-fpm docker. Simplified version of the compose file:

services:
  php:
    image: php:7-fpm-alpine
    volumes:
      - ./my-src:/var/www
  web:
    image: nginx:alpine
    volumes:
      - ./my-src:/var/www
    ports:
      - "80:80"

Now, whenever I request a php page, notices get dumped in the stderr of the php docker:

NOTICE: PHP message: [info] Matched route "game_index".
NOTICE: PHP message: [debug] Checking for authenticator support.
NOTICE: PHP message: [debug] Checking support on authenticator.
[...]
NOTICE: PHP message: [debug] Notified event "kernel.finish_request" to listener "Symfony\Component\HttpKernel\EventListener\LocaleAwareListener::onKernelFinishRequest".
NOTICE: PHP message: [debug] Notified event "kernel.terminate" to listener "Symfony\Component\HttpKernel\EventListener\ProfilerListener::onKernelTerminate".
172.18.0.2 -  03/Feb/2021:20:20:20 +0000 "GET /index.php" 200

which is good and as expected. However, these messages appear in nginx' docker logs, too

2021/02/03 20:20:20 [error] 7#7: *8 FastCGI sent in stderr: "PHP message: [info] Matched route "game_index".
PHP message: [debug] Checking for authenticator support.
PHP message: [debug] Checking support on authenticator.
[...]
PHP message: [debug] Notified event "kernel.finish_request" to listener "Symfony\Bundle\SecurityBundle\Debug\TraceableFirewallListener::onKernelFinishRequest".
PHP message: [debug] Notified event "kernel.finish_request" to listener "Symfony\Component\HttpKernel\EventListener\LocaleAwareListener::onKernelFinishRequest"" while reading response header from upstream, client: 172.18.0.1, server: , request: "GET /game/ HTTP/1.1", upstream: "fastcgi://172.18.0.3:9000", host: "localhost"
172.18.0.1 - - [03/Feb/2021:20:20:20 +0000] "GET /game/ HTTP/1.1" 200 437 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:85.0) Gecko/20100101 Firefox/85.0" "-"

Which results in an error, and if the text gets too long, a 502 Bad Gateway. In dev, Symfony is quite chatty and I run into this 502 often. In prod, the issue disappears, but I'd like to fix the root cause.

If I adjust the settings in /usr/local/etc/php-fpm.d/docker.conf so the error_log and the access.log point not to /proc/self/fd/2 as per default but to /dev/null instead, the php docker goes silent, but the nginx docker still returns the error.

If I adjust point the files to /proc/self/fd/2 as suggested here, both logs get filled like before.

How can I make sure the logs in the php docker stay the same, but the stderr is not sent to nginx?

(Just tested the full solution in the other thread succesfully: setting log_limit to 1024 as suggested there and discouraged here actually stops the 502 from happening. Still, the stderr output seems to be handled poorly in this setup)

[EDIT] Following the comment of Ilia Yatsenko, I added this to the Dockerfile:

RUN cp "$PHP_INI_DIR/php.ini-production" "$PHP_INI_DIR/php.ini"
RUN echo 'fastcgi.logging=0' >> "$PHP_INI_DIR/php.ini"

Answer 1

It's been a while since I configured alpine php-fpm in a Docker setup, but if I remember correctly, I had to do a few overrides to the default php-fpm.conf.

This is what I have in a similar setup... when the image is being built, the config is copied to /etc/php7/php-fpm.conf.

[www]
listen = 127.0.0.1:9000
clear_env = no

; if we send this to /proc/self/fd/1, it never appears
access.log = /dev/stdout

; Ensure worker stdout and stderr are sent to the main error log.
catch_workers_output = yes
decorate_workers_output = no

pm = dynamic
pm.max_children = 5
pm.start_servers = 2
pm.min_spare_servers = 1
pm.max_spare_servers = 3

[global]
error_log = /dev/stdout