We recently converted our old site into a dockerized version with a single Nginx Container and a Php-fpm Container.
We have various versions of php so had one for php5 and another for php7.
After a while we noticed that every time a form was posted, especially in PHP7 an entire dump of the post variables would appear in the web browser at the top of the next page.
It would happen after a few hours and if you restarted the container it would be fine again for a few hours.
This problem seems almost certainly to be caused by some hack bot exploiting a vulnerability in the PHP-FPM container.
It changes a setting in the config file, which causes this issue:
auto_prepend_file = php://input
You can solve it by locking down the PHP-FPM container to the local machine using your docker-compose file.
Instead of:
Ports:
- "9000:9000"
Use:
Ports:
- "127.0.0.1:9000:9000"
Locking your firewall to this port is not good enough as it appears docker has control to your firewall and will reopen the ports it sees in the docker compose file.
This second version of the ports command will only allow access from the local machine where the nginx container is running.
Other more flexible ways to secure the container: https://serversforhackers.com/c/php-fpm-configuration-the-listen-directive
Issue originally reported in the PHP bug tracker here: https://bugs.php.net/bug.php?id=80385