If you want to debug or enter your docker container, you might think that you will easily run a sshd server and that's fine. But it's wrong and most of all: it's not necessary.

Like @jpetazzo explained in "Docker SSHD considered evil": containers run with only one executable as main process. So if you want to have a sshd next to your php-fpm, you will need monit or supervisor to launch them. That's already 3 services in total!

That's why: keep your docker image clean!

But how to enter the container? There is a little tool called "nsenter" (available with util-linux >= 2.24)

$ PID = $( docker inspect --format <container_name_or_ID> ) $ sudo nsenter --target $PID --mount --uts --ipc --net --pid

There is also a wrapper for the nsenter command from the beginning, called docker-enter (available at https://github.com/jpetazzo/nsenter):

$ sudo docker-enter my_awesome_container ls -la

If you don't have nsenter available (e.g. it does not come with ubuntu, yet), you can install it like this:

$ # use jpetazzo container to build and cat nsenter to /usr/local/bin/nsenter on your local machine $ sudo docker run jpetazzo/nsenter cat /nsenter > /usr/local/bin/nsenter

or build it on your own (needs the build-essential package):

$ cd /tmp $ curl https://www.kernel.org/pub/linux/utils/util-linux/v2.24/util-linux-2.24.tar.gz | tar -zxf- $ cd util-linux-2.24 $ ./configure --without-ncurses $ make nsenter $ sudo cp nsenter /usr/local/bin/nsenter

Happy debugging.