Migrate to PHP-FPM for all Web images

Dockerfiles/web-apache-mysql/ubuntu/docker-entrypoint.sh

@@ -18,13 +18,19 @@ fi
 # Default timezone for web interface
 : ${PHP_TZ:="Europe/Riga"}
 
+# Default user settings
+: ${DAEMON_USER:="www-data"}
+: ${DAEMON_GROUP:="www-data"}
+
 # Default directories
-# Web interface www-root directory
-ZABBIX_WWW_ROOT="/usr/share/zabbix"
 # Apache main configuration file
 HTTPD_CONF_FILE="/etc/apache2/apache2.conf"
-# Apache security configuration file
-HTTPD_SECURITY_CONF_FILE="/etc/apache2/conf-enabled/security.conf"
+# Apache additional configuration files directory
+APACHE_SITES_DIR="/etc/apache2/sites-enabled"
+# Directory with SSL certificate files for Apache
+APACHE_SSL_CONFIG_DIR="/etc/ssl/apache2"
+# PHP-FPM configuration file
+PHP_CONFIG_FILE="/etc/php/8.3/fpm/pool.d/zabbix.conf"
 
 # usage: file_env VAR [DEFAULT]
 # as example: file_env 'MYSQL_PASSWORD' 'zabbix'
@@ -133,9 +139,12 @@ check_db_connect() {
 }
 
 prepare_web_server() {
-    APACHE_SITES_DIR="/etc/apache2/sites-enabled"
-
-    ln -sfT "$ZABBIX_CONF_DIR/apache_envvars" "/etc/apache2/envvars"
+    if [ "$(id -u)" == '0' ]; then
+        export APACHE_RUN_USER=${DAEMON_USER}
+    else
+        export APACHE_RUN_USER=$(id -n -u)
+    fi
+    export APACHE_RUN_GROUP=${DAEMON_GROUP}
 
     echo "** Adding Zabbix virtual host (HTTP)"
     if [ -f "$ZABBIX_CONF_DIR/apache.conf" ]; then
@@ -144,7 +153,7 @@ prepare_web_server() {
         echo "**** Impossible to enable HTTP virtual host"
     fi
 
-    if [ -f "/etc/ssl/apache2/ssl.crt" ] && [ -f "/etc/ssl/apache2/ssl.key" ]; then
+    if [ -f "$APACHE_SSL_CONFIG_DIR/ssl.crt" ] && [ -f "$APACHE_SSL_CONFIG_DIR/ssl.key" ]; then
         echo "** Adding Zabbix virtual host (HTTPS)"
         if [ -f "$ZABBIX_CONF_DIR/apache_ssl.conf" ]; then
             ln -sfT "$ZABBIX_CONF_DIR/apache_ssl.conf" "$APACHE_SITES_DIR/zabbix_ssl.conf"
@@ -154,10 +163,42 @@ prepare_web_server() {
     else
         echo "**** Impossible to enable SSL support for Apache2. Certificates are missed."
     fi
+
+    export HTTP_INDEX_FILE=${HTTP_INDEX_FILE:="index.php"}
+
+    : ${ENABLE_WEB_ACCESS_LOG:="true"}
+    export APACHE_CUSTOM_LOG="/proc/self/fd/1"
+    if [ "${ENABLE_WEB_ACCESS_LOG,,}" == "false" ]; then
+        export APACHE_CUSTOM_LOG="/dev/null"
+    fi
+
+    : ${EXPOSE_WEB_SERVER_INFO:="on"}
+    export APACHE_SERVER_TOKENS="OS"
+    export APACHE_SERVER_SIGNATURE="On"
+    if [ "${EXPOSE_WEB_SERVER_INFO}" == "off" ]; then
+        export APACHE_SERVER_TOKENS="Prod"
+        export APACHE_SERVER_SIGNATURE="Off"
+    fi
+
+    mkdir -p /tmp/apache2
 }
 
-prepare_zbx_web_config() {
-    echo "** Preparing Zabbix frontend configuration file"
+prepare_zbx_php_config() {
+    echo "** Preparing PHP configuration"
+
+    export PHP_FPM_PM=${PHP_FPM_PM:-"dynamic"}
+    export PHP_FPM_PM_MAX_CHILDREN=${PHP_FPM_PM_MAX_CHILDREN:-"50"}
+    export PHP_FPM_PM_START_SERVERS=${PHP_FPM_PM_START_SERVERS:-"5"}
+    export PHP_FPM_PM_MIN_SPARE_SERVERS=${PHP_FPM_PM_MIN_SPARE_SERVERS:-"5"}
+    export PHP_FPM_PM_MAX_SPARE_SERVERS=${PHP_FPM_PM_MAX_SPARE_SERVERS:-"35"}
+    export PHP_FPM_PM_MAX_REQUESTS=${PHP_FPM_PM_MAX_REQUESTS:-"0"}
+
+    if [ "$(id -u)" == '0' ]; then
+        echo "user = ${DAEMON_USER}" >> "$PHP_CONFIG_FILE"
+        echo "group = ${DAEMON_GROUP}" >> "$PHP_CONFIG_FILE"
+        echo "listen.owner = ${DAEMON_USER}" >> "$PHP_CONFIG_FILE"
+        echo "listen.group = ${DAEMON_GROUP}" >> "$PHP_CONFIG_FILE"
+    fi
 
     : ${ZBX_DENY_GUI_ACCESS:="false"}
     export ZBX_DENY_GUI_ACCESS=${ZBX_DENY_GUI_ACCESS,,}
@@ -204,48 +245,14 @@ prepare_zbx_web_config() {
     export ZBX_SSO_SP_KEY=${ZBX_SSO_SP_KEY}
     export ZBX_SSO_SP_CERT=${ZBX_SSO_SP_CERT}
     export ZBX_SSO_IDP_CERT=${ZBX_SSO_IDP_CERT}
+}
 
+prepare_zbx_config() {
     if [ -n "${ZBX_SESSION_NAME}" ]; then
         cp "$ZABBIX_WWW_ROOT/include/defines.inc.php" "/tmp/defines.inc.php_tmp"
         sed "/ZBX_SESSION_NAME/s/'[^']*'/'${ZBX_SESSION_NAME}'/2" "/tmp/defines.inc.php_tmp" > "$ZABBIX_WWW_ROOT/include/defines.inc.php"
         rm -f "/tmp/defines.inc.php_tmp"
     fi
-
-    : ${HTTP_INDEX_FILE:="index.php"}
-    sed -i \
-        -e "s/{HTTP_INDEX_FILE}/${HTTP_INDEX_FILE}/g" \
-    "$ZABBIX_CONF_DIR/apache.conf"
-
-    if [ -f "$ZABBIX_CONF_DIR/apache_ssl.conf" ]; then
-        sed -i \
-            -e "s/{HTTP_INDEX_FILE}/${HTTP_INDEX_FILE}/g" \
-        "$ZABBIX_CONF_DIR/apache_ssl.conf"
-    fi
-
-    : ${ENABLE_WEB_ACCESS_LOG:="true"}
-
-    if [ "${ENABLE_WEB_ACCESS_LOG,,}" == "false" ]; then
-        sed -ri \
-            -e 's!^(\s*CustomLog)\s+\S+!\1 /dev/null!g' \
-            "$HTTPD_CONF_FILE"
-        sed -ri \
-            -e 's!^(\s*CustomLog)\s+\S+!\1 /dev/null!g' \
-            "/etc/apache2/conf-available/other-vhosts-access-log.conf"
-    fi
-
-    : ${EXPOSE_WEB_SERVER_INFO:="on"}
-    [[ "${EXPOSE_WEB_SERVER_INFO}" != "off" ]] && EXPOSE_WEB_SERVER_INFO="on"
-    export EXPOSE_WEB_SERVER_INFO=${EXPOSE_WEB_SERVER_INFO}
-
-    if [ "${EXPOSE_WEB_SERVER_INFO}" == "off" ]; then
-        sed -i \
-            -e "s/^\(\s*ServerTokens\).*\$/\1 Prod/g" \
-        "$HTTPD_SECURITY_CONF_FILE"
-    fi
-
-    sed -i \
-        -e "s/^\(\s*ServerSignature\).*\$/\1 ${EXPOSE_WEB_SERVER_INFO}/g" \
-    "$HTTPD_SECURITY_CONF_FILE"
 }
 
 #################################################
@@ -254,17 +261,18 @@ echo "** Deploying Zabbix web-interface (Apache) with MySQL database"
 
 check_variables
 check_db_connect
+prepare_zbx_php_config
 prepare_web_server
-prepare_zbx_web_config
+prepare_zbx_config
 
 echo "########################################################"
 
 if [ "$1" != "" ]; then
     echo "** Executing '$@'"
     exec "$@"
-elif [ -f "/usr/sbin/httpd" ]; then
-    echo "** Executing HTTPD"
-    exec /usr/sbin/httpd -D FOREGROUND
+elif [ -f "/usr/bin/supervisord" ]; then
+    echo "** Executing supervisord"
+    exec /usr/bin/supervisord -c /etc/supervisor/supervisord.conf
 else
     echo "Unknown instructions. Exiting..."
     exit 1