Migrate to PHP-FPM for all Web images

Dockerfiles/web-apache-mysql/alpine/conf/etc/apache2/httpd.conf

@@ -1,9 +1,8 @@
 ServerRoot /etc/apache2/
-ServerRoot /var/www
+DefaultRuntimeDir ${APACHE_RUN_DIR}
-DefaultRuntimeDir /tmp/apache2/
 PidFile /tmp/apache2.pid
 
-ServerName 127.0.0.1
+ServerName zabbix
 
 IncludeOptional /etc/apache2/includes.conf
 
@@ -24,12 +23,7 @@ LogLevel warn
 <IfModule log_config_module>
     SetEnvIf Request_URI "^/(robots\.txt|favicon\.ico|status|ping|apache-status)$" exclude_from_logs
 
-    LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
     LogFormat "%v:%p %h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" vhost_combined
-    LogFormat "%h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" combined
-    LogFormat "%h %l %u %t \"%r\" %>s %O" common
-    LogFormat "%{Referer}i -> %U" referer
-    LogFormat "%{User-agent}i" agent
 
     CustomLog ${APACHE_CUSTOM_LOG} vhost_combined env=!exclude_from_logs
 </IfModule>
@@ -61,6 +55,19 @@ TraceEnable Off
 
 AddDefaultCharset UTF-8
 
+<IfModule reqtimeout_module>
+    RequestReadTimeout handshake=0 header=20-40,MinRate=500 body=20,MinRate=500
+</IfModule>
+
+SetEnvIfNoCase ^Authorization$ "(.+)" HTTP_AUTHORIZATION=$1
+
+AddType application/x-httpd-php .php .php3 .php4 .php5 .phtml
+AddType application/x-httpd-php-source .phps
+
+DirectoryIndex ${HTTP_INDEX_FILE}
+
+DocumentRoot "${ZABBIX_WWW_ROOT}"
+
 <IfModule status_module>
     <Location /apache-status>
         SetHandler server-status

Dockerfiles/web-apache-mysql/alpine/conf/etc/apache2/modules.conf

@@ -1,19 +1,12 @@
 LoadModule logio_module modules/mod_logio.so
 LoadModule unixd_module modules/mod_unixd.so
 LoadModule log_config_module modules/mod_log_config.so
-LoadModule access_compat_module modules/mod_access_compat.so
 LoadModule auth_basic_module modules/mod_auth_basic.so
-LoadModule authn_core_module modules/mod_authn_core.so
-LoadModule authn_file_module modules/mod_authn_file.so
 LoadModule authz_core_module modules/mod_authz_core.so
 LoadModule authz_host_module modules/mod_authz_host.so
-LoadModule authz_user_module modules/mod_authz_user.so
 LoadModule dir_module modules/mod_dir.so
-LoadModule env_module modules/mod_env.so
-LoadModule filter_module modules/mod_filter.so
 LoadModule mime_module modules/mod_mime.so
 LoadModule mpm_event_module modules/mod_mpm_event.so
-LoadModule negotiation_module modules/mod_negotiation.so
 LoadModule reqtimeout_module modules/mod_reqtimeout.so
 LoadModule setenvif_module modules/mod_setenvif.so
 LoadModule status_module modules/mod_status.so

Dockerfiles/web-apache-mysql/alpine/conf/etc/zabbix/apache.conf

@@ -1,20 +1,8 @@
 Listen 8080
 
 <VirtualHost *:8080>
-    DocumentRoot /usr/share/zabbix/
-
-    ServerName zabbix
-
-    DirectoryIndex ${HTTP_INDEX_FILE}
-
-    AddType application/x-httpd-php .php .php3 .php4 .php5 .phtml
-    AddType application/x-httpd-php-source .phps
-
-    SetEnvIfNoCase ^Authorization$ "(.+)" HTTP_AUTHORIZATION=$1
-
     <LocationMatch "/(ping|status)">
-        Order Allow,Deny
+        Require all granted
-        Allow from all
 
         SetHandler "proxy:unix:/tmp/php-fpm.sock|fcgi://localhost"
     </LocationMatch>
@@ -24,7 +12,7 @@ Listen 8080
         AllowOverride None
         Require all granted
 
-        <FilesMatch \.(php|phar)$>
+        <FilesMatch \.php$>
             SetHandler "proxy:unix:/tmp/php-fpm.sock|fcgi://localhost"
         </FilesMatch>
 
@@ -44,48 +32,42 @@ Listen 8080
     <Directory "/usr/share/zabbix/conf">
         Require all denied
         <files *.php>
-            Order deny,allow
+            Require all denied
-            Deny from all
         </files>
     </Directory>
 
     <Directory "/usr/share/zabbix/app">
         Require all denied
         <files *.php>
-            Order deny,allow
+            Require all denied
-            Deny from all
         </files>
     </Directory>
 
     <Directory "/usr/share/zabbix/include">
         Require all denied
         <files *.php>
-            Order deny,allow
+            Require all denied
-            Deny from all
         </files>
     </Directory>
 
     <Directory "/usr/share/zabbix/local">
         Require all denied
         <files *.php>
-            Order deny,allow
+            Require all denied
-            Deny from all
         </files>
     </Directory>
 
     <Directory "/usr/share/zabbix/locale">
         Require all denied
         <files *.php>
-            Order deny,allow
+            Require all denied
-            Deny from all
         </files>
     </Directory>
 
     <Directory "/usr/share/zabbix/vendor">
         Require all denied
         <files *.php>
-            Order deny,allow
+            Require all denied
-            Deny from all
         </files>
     </Directory>
 </VirtualHost>

Dockerfiles/web-apache-mysql/alpine/conf/etc/zabbix/apache_ssl.conf

@@ -3,18 +3,17 @@ LoadModule socache_shmcb_module modules/mod_socache_shmcb.so
 
 Listen 8443
 
+SSLRandomSeed startup builtin
+SSLRandomSeed startup file:/dev/urandom 512
+SSLRandomSeed connect builtin
+SSLRandomSeed connect file:/dev/urandom 512
+
+AddType application/x-x509-ca-cert .crt
+
+SSLSessionCache     shmcb:${APACHE_RUN_DIR}/ssl_scache(512000)
+SSLSessionCacheTimeout  300
+
 <VirtualHost *:8443>
-    DocumentRoot /usr/share/zabbix/
-
-    ServerName zabbix
-
-    DirectoryIndex ${HTTP_INDEX_FILE}
-
-    AddType application/x-httpd-php .php .php3 .php4 .php5 .phtml
-    AddType application/x-httpd-php-source .phps
-
-    SetEnvIfNoCase ^Authorization$ "(.+)" HTTP_AUTHORIZATION=$1
-
     # Enable/Disable SSL for this virtual host.
     SSLEngine on
 
@@ -35,8 +34,7 @@ Listen 8443
     Header always set Strict-Transport-Security "max-age=63072000"
 
     <LocationMatch "/(ping|status)">
-        Order Allow,Deny
+        Require all granted
-        Allow from all
 
         SetHandler "proxy:unix:/tmp/php-fpm.sock|fcgi://localhost"
     </LocationMatch>
@@ -46,7 +44,7 @@ Listen 8443
         AllowOverride None
         Require all granted
 
-        <FilesMatch \.(php|phar)$>
+        <FilesMatch \.php$>
             SetHandler "proxy:unix:/tmp/php-fpm.sock|fcgi://localhost"
         </FilesMatch>
 
@@ -66,48 +64,42 @@ Listen 8443
     <Directory "/usr/share/zabbix/conf">
         Require all denied
         <files *.php>
-            Order deny,allow
+            Require all denied
-            Deny from all
         </files>
     </Directory>
 
     <Directory "/usr/share/zabbix/app">
         Require all denied
         <files *.php>
-            Order deny,allow
+            Require all denied
-            Deny from all
         </files>
     </Directory>
 
     <Directory "/usr/share/zabbix/include">
         Require all denied
         <files *.php>
-            Order deny,allow
+            Require all denied
-            Deny from all
         </files>
     </Directory>
 
     <Directory "/usr/share/zabbix/local">
         Require all denied
         <files *.php>
-            Order deny,allow
+            Require all denied
-            Deny from all
         </files>
     </Directory>
 
     <Directory "/usr/share/zabbix/locale">
         Require all denied
         <files *.php>
-            Order deny,allow
+            Require all denied
-            Deny from all
         </files>
     </Directory>
 
     <Directory "/usr/share/zabbix/vendor">
         Require all denied
         <files *.php>
-            Order deny,allow
+            Require all denied
-            Deny from all
         </files>
     </Directory>
 </VirtualHost>

Dockerfiles/web-apache-mysql/alpine/docker-entrypoint.sh

@@ -24,6 +24,9 @@ fi
 : ${DAEMON_USER:="apache"}
 : ${DAEMON_GROUP:="apache"}
 
+# DefaultRuntimeDir configuration option value
+export APACHE_RUN_DIR="/tmp/apache2"
+
 # Default directories
 # Apache main configuration file
 HTTPD_CONF_FILE="/etc/apache2/httpd.conf"
@@ -182,7 +185,7 @@ prepare_web_server() {
         export APACHE_SERVER_SIGNATURE="Off"
     fi
 
-    mkdir -p /tmp/apache2
+    mkdir -p "${APACHE_RUN_DIR}"
 }
 
 prepare_zbx_php_config() {

Dockerfiles/web-apache-mysql/centos/conf/etc/httpd/conf/httpd.conf

@@ -1,9 +1,8 @@
 ServerRoot /etc/httpd/
-ServerRoot /var/www
+DefaultRuntimeDir ${APACHE_RUN_DIR}
-DefaultRuntimeDir /tmp/httpd/
 PidFile /tmp/httpd.pid
 
-ServerName 127.0.0.1
+ServerName zabbix
 
 IncludeOptional /etc/httpd/includes.conf
 
@@ -24,12 +23,7 @@ LogLevel warn
 <IfModule log_config_module>
     SetEnvIf Request_URI "^/(robots\.txt|favicon\.ico|status|ping|apache-status)$" exclude_from_logs
 
-    LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
     LogFormat "%v:%p %h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" vhost_combined
-    LogFormat "%h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" combined
-    LogFormat "%h %l %u %t \"%r\" %>s %O" common
-    LogFormat "%{Referer}i -> %U" referer
-    LogFormat "%{User-agent}i" agent
 
     CustomLog ${APACHE_CUSTOM_LOG} vhost_combined env=!exclude_from_logs
 </IfModule>
@@ -61,6 +55,19 @@ TraceEnable Off
 
 AddDefaultCharset UTF-8
 
+<IfModule reqtimeout_module>
+    RequestReadTimeout handshake=0 header=20-40,MinRate=500 body=20,MinRate=500
+</IfModule>
+
+SetEnvIfNoCase ^Authorization$ "(.+)" HTTP_AUTHORIZATION=$1
+
+AddType application/x-httpd-php .php .php3 .php4 .php5 .phtml
+AddType application/x-httpd-php-source .phps
+
+DirectoryIndex ${HTTP_INDEX_FILE}
+
+DocumentRoot "${ZABBIX_WWW_ROOT}"
+
 <IfModule status_module>
     <Location /apache-status>
         SetHandler server-status

Dockerfiles/web-apache-mysql/centos/conf/etc/httpd/modules.conf

@@ -1,19 +1,12 @@
 LoadModule logio_module /usr/lib64/httpd/modules/mod_logio.so
 LoadModule unixd_module /usr/lib64/httpd/modules/mod_unixd.so
 LoadModule log_config_module /usr/lib64/httpd/modules/mod_log_config.so
-LoadModule access_compat_module /usr/lib64/httpd/modules/mod_access_compat.so
 LoadModule auth_basic_module /usr/lib64/httpd/modules/mod_auth_basic.so
-LoadModule authn_core_module /usr/lib64/httpd/modules/mod_authn_core.so
-LoadModule authn_file_module /usr/lib64/httpd/modules/mod_authn_file.so
 LoadModule authz_core_module /usr/lib64/httpd/modules/mod_authz_core.so
 LoadModule authz_host_module /usr/lib64/httpd/modules/mod_authz_host.so
-LoadModule authz_user_module /usr/lib64/httpd/modules/mod_authz_user.so
 LoadModule dir_module /usr/lib64/httpd/modules/mod_dir.so
-LoadModule env_module /usr/lib64/httpd/modules/mod_env.so
-LoadModule filter_module /usr/lib64/httpd/modules/mod_filter.so
 LoadModule mime_module /usr/lib64/httpd/modules/mod_mime.so
 LoadModule mpm_event_module /usr/lib64/httpd/modules/mod_mpm_event.so
-LoadModule negotiation_module /usr/lib64/httpd/modules/mod_negotiation.so
 LoadModule reqtimeout_module /usr/lib64/httpd/modules/mod_reqtimeout.so
 LoadModule setenvif_module /usr/lib64/httpd/modules/mod_setenvif.so
 LoadModule status_module /usr/lib64/httpd/modules/mod_status.so

Dockerfiles/web-apache-mysql/centos/conf/etc/zabbix/apache.conf

@@ -1,20 +1,8 @@
 Listen 8080
 
 <VirtualHost *:8080>
-    DocumentRoot /usr/share/zabbix/
-
-    ServerName zabbix
-
-    DirectoryIndex ${HTTP_INDEX_FILE}
-
-    AddType application/x-httpd-php .php .php3 .php4 .php5 .phtml
-    AddType application/x-httpd-php-source .phps
-
-    SetEnvIfNoCase ^Authorization$ "(.+)" HTTP_AUTHORIZATION=$1
-
     <LocationMatch "/(ping|status)">
-        Order Allow,Deny
+        Require all granted
-        Allow from all
 
         SetHandler "proxy:unix:/tmp/php-fpm.sock|fcgi://localhost"
     </LocationMatch>
@@ -24,7 +12,7 @@ Listen 8080
         AllowOverride None
         Require all granted
 
-        <FilesMatch \.(php|phar)$>
+        <FilesMatch \.php$>
             SetHandler "proxy:unix:/tmp/php-fpm.sock|fcgi://localhost"
         </FilesMatch>
 
@@ -44,48 +32,42 @@ Listen 8080
     <Directory "/usr/share/zabbix/conf">
         Require all denied
         <files *.php>
-            Order deny,allow
+            Require all denied
-            Deny from all
         </files>
     </Directory>
 
     <Directory "/usr/share/zabbix/app">
         Require all denied
         <files *.php>
-            Order deny,allow
+            Require all denied
-            Deny from all
         </files>
     </Directory>
 
     <Directory "/usr/share/zabbix/include">
         Require all denied
         <files *.php>
-            Order deny,allow
+            Require all denied
-            Deny from all
         </files>
     </Directory>
 
     <Directory "/usr/share/zabbix/local">
         Require all denied
         <files *.php>
-            Order deny,allow
+            Require all denied
-            Deny from all
         </files>
     </Directory>
 
     <Directory "/usr/share/zabbix/locale">
         Require all denied
         <files *.php>
-            Order deny,allow
+            Require all denied
-            Deny from all
         </files>
     </Directory>
 
     <Directory "/usr/share/zabbix/vendor">
         Require all denied
         <files *.php>
-            Order deny,allow
+            Require all denied
-            Deny from all
         </files>
     </Directory>
 </VirtualHost>

Dockerfiles/web-apache-mysql/centos/conf/etc/zabbix/apache_ssl.conf

@@ -3,18 +3,17 @@ LoadModule socache_shmcb_module /usr/lib64/httpd/modules/mod_socache_shmcb.so
 
 Listen 8443
 
+SSLRandomSeed startup builtin
+SSLRandomSeed startup file:/dev/urandom 512
+SSLRandomSeed connect builtin
+SSLRandomSeed connect file:/dev/urandom 512
+
+AddType application/x-x509-ca-cert .crt
+
+SSLSessionCache     shmcb:${APACHE_RUN_DIR}/ssl_scache(512000)
+SSLSessionCacheTimeout  300
+
 <VirtualHost *:8443>
-    DocumentRoot /usr/share/zabbix/
-
-    ServerName zabbix
-
-    DirectoryIndex ${HTTP_INDEX_FILE}
-
-    AddType application/x-httpd-php .php .php3 .php4 .php5 .phtml
-    AddType application/x-httpd-php-source .phps
-
-    SetEnvIfNoCase ^Authorization$ "(.+)" HTTP_AUTHORIZATION=$1
-
     # Enable/Disable SSL for this virtual host.
     SSLEngine on
 
@@ -35,8 +34,7 @@ Listen 8443
     Header always set Strict-Transport-Security "max-age=63072000"
 
     <LocationMatch "/(ping|status)">
-        Order Allow,Deny
+        Require all granted
-        Allow from all
 
         SetHandler "proxy:unix:/tmp/php-fpm.sock|fcgi://localhost"
     </LocationMatch>
@@ -46,7 +44,7 @@ Listen 8443
         AllowOverride None
         Require all granted
 
-        <FilesMatch \.(php|phar)$>
+        <FilesMatch \.php$>
             SetHandler "proxy:unix:/tmp/php-fpm.sock|fcgi://localhost"
         </FilesMatch>
 
@@ -66,48 +64,42 @@ Listen 8443
     <Directory "/usr/share/zabbix/conf">
         Require all denied
         <files *.php>
-            Order deny,allow
+            Require all denied
-            Deny from all
         </files>
     </Directory>
 
     <Directory "/usr/share/zabbix/app">
         Require all denied
         <files *.php>
-            Order deny,allow
+            Require all denied
-            Deny from all
         </files>
     </Directory>
 
     <Directory "/usr/share/zabbix/include">
         Require all denied
         <files *.php>
-            Order deny,allow
+            Require all denied
-            Deny from all
         </files>
     </Directory>
 
     <Directory "/usr/share/zabbix/local">
         Require all denied
         <files *.php>
-            Order deny,allow
+            Require all denied
-            Deny from all
         </files>
     </Directory>
 
     <Directory "/usr/share/zabbix/locale">
         Require all denied
         <files *.php>
-            Order deny,allow
+            Require all denied
-            Deny from all
         </files>
     </Directory>
 
     <Directory "/usr/share/zabbix/vendor">
         Require all denied
         <files *.php>
-            Order deny,allow
+            Require all denied
-            Deny from all
         </files>
     </Directory>
 </VirtualHost>

Dockerfiles/web-apache-mysql/centos/docker-entrypoint.sh

@@ -24,6 +24,9 @@ fi
 : ${DAEMON_USER:="apache"}
 : ${DAEMON_GROUP:="apache"}
 
+# DefaultRuntimeDir configuration option value
+export APACHE_RUN_DIR="/tmp/httpd"
+
 # Default directories
 # Apache main configuration file
 HTTPD_CONF_FILE="/etc/httpd/conf/httpd.conf"
@@ -182,7 +185,7 @@ prepare_web_server() {
         export APACHE_SERVER_SIGNATURE="Off"
     fi
 
-    mkdir -p /tmp/httpd
+    mkdir -p "${APACHE_RUN_DIR}"
 }
 
 prepare_zbx_php_config() {

Dockerfiles/web-apache-mysql/ol/conf/etc/httpd/conf/httpd.conf

@@ -1,9 +1,8 @@
 ServerRoot /etc/httpd/
-ServerRoot /var/www
+DefaultRuntimeDir ${APACHE_RUN_DIR}
-DefaultRuntimeDir /tmp/httpd/
 PidFile /tmp/httpd.pid
 
-ServerName 127.0.0.1
+ServerName zabbix
 
 IncludeOptional /etc/httpd/includes.conf
 
@@ -24,12 +23,7 @@ LogLevel warn
 <IfModule log_config_module>
     SetEnvIf Request_URI "^/(robots\.txt|favicon\.ico|status|ping|apache-status)$" exclude_from_logs
 
-    LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
     LogFormat "%v:%p %h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" vhost_combined
-    LogFormat "%h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" combined
-    LogFormat "%h %l %u %t \"%r\" %>s %O" common
-    LogFormat "%{Referer}i -> %U" referer
-    LogFormat "%{User-agent}i" agent
 
     CustomLog ${APACHE_CUSTOM_LOG} vhost_combined env=!exclude_from_logs
 </IfModule>
@@ -61,6 +55,19 @@ TraceEnable Off
 
 AddDefaultCharset UTF-8
 
+<IfModule reqtimeout_module>
+    RequestReadTimeout handshake=0 header=20-40,MinRate=500 body=20,MinRate=500
+</IfModule>
+
+SetEnvIfNoCase ^Authorization$ "(.+)" HTTP_AUTHORIZATION=$1
+
+AddType application/x-httpd-php .php .php3 .php4 .php5 .phtml
+AddType application/x-httpd-php-source .phps
+
+DirectoryIndex ${HTTP_INDEX_FILE}
+
+DocumentRoot "${ZABBIX_WWW_ROOT}"
+
 <IfModule status_module>
     <Location /apache-status>
         SetHandler server-status

Dockerfiles/web-apache-mysql/ol/conf/etc/httpd/modules.conf

@@ -1,19 +1,12 @@
 LoadModule logio_module /usr/lib64/httpd/modules/mod_logio.so
 LoadModule unixd_module /usr/lib64/httpd/modules/mod_unixd.so
 LoadModule log_config_module /usr/lib64/httpd/modules/mod_log_config.so
-LoadModule access_compat_module /usr/lib64/httpd/modules/mod_access_compat.so
 LoadModule auth_basic_module /usr/lib64/httpd/modules/mod_auth_basic.so
-LoadModule authn_core_module /usr/lib64/httpd/modules/mod_authn_core.so
-LoadModule authn_file_module /usr/lib64/httpd/modules/mod_authn_file.so
 LoadModule authz_core_module /usr/lib64/httpd/modules/mod_authz_core.so
 LoadModule authz_host_module /usr/lib64/httpd/modules/mod_authz_host.so
-LoadModule authz_user_module /usr/lib64/httpd/modules/mod_authz_user.so
 LoadModule dir_module /usr/lib64/httpd/modules/mod_dir.so
-LoadModule env_module /usr/lib64/httpd/modules/mod_env.so
-LoadModule filter_module /usr/lib64/httpd/modules/mod_filter.so
 LoadModule mime_module /usr/lib64/httpd/modules/mod_mime.so
 LoadModule mpm_event_module /usr/lib64/httpd/modules/mod_mpm_event.so
-LoadModule negotiation_module /usr/lib64/httpd/modules/mod_negotiation.so
 LoadModule reqtimeout_module /usr/lib64/httpd/modules/mod_reqtimeout.so
 LoadModule setenvif_module /usr/lib64/httpd/modules/mod_setenvif.so
 LoadModule status_module /usr/lib64/httpd/modules/mod_status.so

Dockerfiles/web-apache-mysql/ol/conf/etc/zabbix/apache.conf

@@ -1,20 +1,8 @@
 Listen 8080
 
 <VirtualHost *:8080>
-    DocumentRoot /usr/share/zabbix/
-
-    ServerName zabbix
-
-    DirectoryIndex ${HTTP_INDEX_FILE}
-
-    AddType application/x-httpd-php .php .php3 .php4 .php5 .phtml
-    AddType application/x-httpd-php-source .phps
-
-    SetEnvIfNoCase ^Authorization$ "(.+)" HTTP_AUTHORIZATION=$1
-
     <LocationMatch "/(ping|status)">
-        Order Allow,Deny
+        Require all granted
-        Allow from all
 
         SetHandler "proxy:unix:/tmp/php-fpm.sock|fcgi://localhost"
     </LocationMatch>
@@ -24,7 +12,7 @@ Listen 8080
         AllowOverride None
         Require all granted
 
-        <FilesMatch \.(php|phar)$>
+        <FilesMatch \.php$>
             SetHandler "proxy:unix:/tmp/php-fpm.sock|fcgi://localhost"
         </FilesMatch>
 
@@ -44,48 +32,42 @@ Listen 8080
     <Directory "/usr/share/zabbix/conf">
         Require all denied
         <files *.php>
-            Order deny,allow
+            Require all denied
-            Deny from all
         </files>
     </Directory>
 
     <Directory "/usr/share/zabbix/app">
         Require all denied
         <files *.php>
-            Order deny,allow
+            Require all denied
-            Deny from all
         </files>
     </Directory>
 
     <Directory "/usr/share/zabbix/include">
         Require all denied
         <files *.php>
-            Order deny,allow
+            Require all denied
-            Deny from all
         </files>
     </Directory>
 
     <Directory "/usr/share/zabbix/local">
         Require all denied
         <files *.php>
-            Order deny,allow
+            Require all denied
-            Deny from all
         </files>
     </Directory>
 
     <Directory "/usr/share/zabbix/locale">
         Require all denied
         <files *.php>
-            Order deny,allow
+            Require all denied
-            Deny from all
         </files>
     </Directory>
 
     <Directory "/usr/share/zabbix/vendor">
         Require all denied
         <files *.php>
-            Order deny,allow
+            Require all denied
-            Deny from all
         </files>
     </Directory>
 </VirtualHost>

Dockerfiles/web-apache-mysql/ol/conf/etc/zabbix/apache_ssl.conf

@@ -3,18 +3,17 @@ LoadModule socache_shmcb_module /usr/lib64/httpd/modules/mod_socache_shmcb.so
 
 Listen 8443
 
+SSLRandomSeed startup builtin
+SSLRandomSeed startup file:/dev/urandom 512
+SSLRandomSeed connect builtin
+SSLRandomSeed connect file:/dev/urandom 512
+
+AddType application/x-x509-ca-cert .crt
+
+SSLSessionCache     shmcb:${APACHE_RUN_DIR}/ssl_scache(512000)
+SSLSessionCacheTimeout  300
+
 <VirtualHost *:8443>
-    DocumentRoot /usr/share/zabbix/
-
-    ServerName zabbix
-
-    DirectoryIndex ${HTTP_INDEX_FILE}
-
-    AddType application/x-httpd-php .php .php3 .php4 .php5 .phtml
-    AddType application/x-httpd-php-source .phps
-
-    SetEnvIfNoCase ^Authorization$ "(.+)" HTTP_AUTHORIZATION=$1
-
     # Enable/Disable SSL for this virtual host.
     SSLEngine on
 
@@ -35,8 +34,7 @@ Listen 8443
     Header always set Strict-Transport-Security "max-age=63072000"
 
     <LocationMatch "/(ping|status)">
-        Order Allow,Deny
+        Require all granted
-        Allow from all
 
         SetHandler "proxy:unix:/tmp/php-fpm.sock|fcgi://localhost"
     </LocationMatch>
@@ -46,7 +44,7 @@ Listen 8443
         AllowOverride None
         Require all granted
 
-        <FilesMatch \.(php|phar)$>
+        <FilesMatch \.php$>
             SetHandler "proxy:unix:/tmp/php-fpm.sock|fcgi://localhost"
         </FilesMatch>
 
@@ -66,48 +64,42 @@ Listen 8443
     <Directory "/usr/share/zabbix/conf">
         Require all denied
         <files *.php>
-            Order deny,allow
+            Require all denied
-            Deny from all
         </files>
     </Directory>
 
     <Directory "/usr/share/zabbix/app">
         Require all denied
         <files *.php>
-            Order deny,allow
+            Require all denied
-            Deny from all
         </files>
     </Directory>
 
     <Directory "/usr/share/zabbix/include">
         Require all denied
         <files *.php>
-            Order deny,allow
+            Require all denied
-            Deny from all
         </files>
     </Directory>
 
     <Directory "/usr/share/zabbix/local">
         Require all denied
         <files *.php>
-            Order deny,allow
+            Require all denied
-            Deny from all
         </files>
     </Directory>
 
     <Directory "/usr/share/zabbix/locale">
         Require all denied
         <files *.php>
-            Order deny,allow
+            Require all denied
-            Deny from all
         </files>
     </Directory>
 
     <Directory "/usr/share/zabbix/vendor">
         Require all denied
         <files *.php>
-            Order deny,allow
+            Require all denied
-            Deny from all
         </files>
     </Directory>
 </VirtualHost>

Dockerfiles/web-apache-mysql/ol/docker-entrypoint.sh

@@ -24,6 +24,9 @@ fi
 : ${DAEMON_USER:="apache"}
 : ${DAEMON_GROUP:="apache"}
 
+# DefaultRuntimeDir configuration option value
+export APACHE_RUN_DIR="/tmp/httpd"
+
 # Default directories
 # Apache main configuration file
 HTTPD_CONF_FILE="/etc/httpd/conf/httpd.conf"
@@ -182,7 +185,7 @@ prepare_web_server() {
         export APACHE_SERVER_SIGNATURE="Off"
     fi
 
-    mkdir -p /tmp/httpd
+    mkdir -p "${APACHE_RUN_DIR}"
 }
 
 prepare_zbx_php_config() {

Dockerfiles/web-apache-mysql/ubuntu/conf/etc/apache2/apache2.conf

@@ -1,9 +1,8 @@
 ServerRoot /etc/apache2/
-ServerRoot /var/www
+DefaultRuntimeDir ${APACHE_RUN_DIR}
-DefaultRuntimeDir /tmp/apache2/
 PidFile /tmp/apache2.pid
 
-ServerName 127.0.0.1
+ServerName zabbix
 
 IncludeOptional /etc/apache2/includes.conf
 
@@ -24,12 +23,7 @@ LogLevel warn
 <IfModule log_config_module>
     SetEnvIf Request_URI "^/(robots\.txt|favicon\.ico|status|ping|apache-status)$" exclude_from_logs
 
-    LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
     LogFormat "%v:%p %h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" vhost_combined
-    LogFormat "%h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" combined
-    LogFormat "%h %l %u %t \"%r\" %>s %O" common
-    LogFormat "%{Referer}i -> %U" referer
-    LogFormat "%{User-agent}i" agent
 
     CustomLog ${APACHE_CUSTOM_LOG} vhost_combined env=!exclude_from_logs
 </IfModule>
@@ -61,6 +55,19 @@ TraceEnable Off
 
 AddDefaultCharset UTF-8
 
+<IfModule reqtimeout_module>
+    RequestReadTimeout handshake=0 header=20-40,MinRate=500 body=20,MinRate=500
+</IfModule>
+
+SetEnvIfNoCase ^Authorization$ "(.+)" HTTP_AUTHORIZATION=$1
+
+AddType application/x-httpd-php .php .php3 .php4 .php5 .phtml
+AddType application/x-httpd-php-source .phps
+
+DirectoryIndex ${HTTP_INDEX_FILE}
+
+DocumentRoot "${ZABBIX_WWW_ROOT}"
+
 <IfModule status_module>
     <Location /apache-status>
         SetHandler server-status

Dockerfiles/web-apache-mysql/ubuntu/conf/etc/apache2/includes.conf

@@ -1,8 +1,5 @@
 IncludeOptional /etc/apache2/modules.conf
 
 IncludeOptional /etc/apache2/mods-enabled/mime.conf
-IncludeOptional /etc/apache2/mods-enabled/negotiation.conf
-IncludeOptional /etc/apache2/mods-enabled/reqtimeout.conf
-IncludeOptional /etc/apache2/mods-enabled/setenvif.conf
 
 IncludeOptional /etc/apache2/sites-enabled/*.conf

Dockerfiles/web-apache-mysql/ubuntu/conf/etc/apache2/modules.conf

@@ -1,16 +1,9 @@
-LoadModule access_compat_module /usr/lib/apache2/modules/mod_access_compat.so
 LoadModule auth_basic_module /usr/lib/apache2/modules/mod_auth_basic.so
-LoadModule authn_core_module /usr/lib/apache2/modules/mod_authn_core.so
-LoadModule authn_file_module /usr/lib/apache2/modules/mod_authn_file.so
 LoadModule authz_core_module /usr/lib/apache2/modules/mod_authz_core.so
 LoadModule authz_host_module /usr/lib/apache2/modules/mod_authz_host.so
-LoadModule authz_user_module /usr/lib/apache2/modules/mod_authz_user.so
 LoadModule dir_module /usr/lib/apache2/modules/mod_dir.so
-LoadModule env_module /usr/lib/apache2/modules/mod_env.so
-LoadModule filter_module /usr/lib/apache2/modules/mod_filter.so
 LoadModule mime_module /usr/lib/apache2/modules/mod_mime.so
 LoadModule mpm_event_module /usr/lib/apache2/modules/mod_mpm_event.so
-LoadModule negotiation_module /usr/lib/apache2/modules/mod_negotiation.so
 LoadModule reqtimeout_module /usr/lib/apache2/modules/mod_reqtimeout.so
 LoadModule setenvif_module /usr/lib/apache2/modules/mod_setenvif.so
 LoadModule status_module /usr/lib/apache2/modules/mod_status.so

Dockerfiles/web-apache-mysql/ubuntu/conf/etc/zabbix/apache.conf

@@ -1,20 +1,8 @@
 Listen 8080
 
 <VirtualHost *:8080>
-    DocumentRoot /usr/share/zabbix/
-
-    ServerName zabbix
-
-    DirectoryIndex ${HTTP_INDEX_FILE}
-
-    AddType application/x-httpd-php .php .php3 .php4 .php5 .phtml
-    AddType application/x-httpd-php-source .phps
-
-    SetEnvIfNoCase ^Authorization$ "(.+)" HTTP_AUTHORIZATION=$1
-
     <LocationMatch "/(ping|status)">
-        Order Allow,Deny
+        Require all granted
-        Allow from all
 
         SetHandler "proxy:unix:/tmp/php-fpm.sock|fcgi://localhost"
     </LocationMatch>
@@ -24,7 +12,7 @@ Listen 8080
         AllowOverride None
         Require all granted
 
-        <FilesMatch \.(php|phar)$>
+        <FilesMatch \.php$>
             SetHandler "proxy:unix:/tmp/php-fpm.sock|fcgi://localhost"
         </FilesMatch>
 
@@ -44,48 +32,42 @@ Listen 8080
     <Directory "/usr/share/zabbix/conf">
         Require all denied
         <files *.php>
-            Order deny,allow
+            Require all denied
-            Deny from all
         </files>
     </Directory>
 
     <Directory "/usr/share/zabbix/app">
         Require all denied
         <files *.php>
-            Order deny,allow
+            Require all denied
-            Deny from all
         </files>
     </Directory>
 
     <Directory "/usr/share/zabbix/include">
         Require all denied
         <files *.php>
-            Order deny,allow
+            Require all denied
-            Deny from all
         </files>
     </Directory>
 
     <Directory "/usr/share/zabbix/local">
         Require all denied
         <files *.php>
-            Order deny,allow
+            Require all denied
-            Deny from all
         </files>
     </Directory>
 
     <Directory "/usr/share/zabbix/locale">
         Require all denied
         <files *.php>
-            Order deny,allow
+            Require all denied
-            Deny from all
         </files>
     </Directory>
 
     <Directory "/usr/share/zabbix/vendor">
         Require all denied
         <files *.php>
-            Order deny,allow
+            Require all denied
-            Deny from all
         </files>
     </Directory>
 </VirtualHost>

Dockerfiles/web-apache-mysql/ubuntu/conf/etc/zabbix/apache_ssl.conf

@@ -3,18 +3,17 @@ LoadModule socache_shmcb_module /usr/lib/apache2/modules/mod_socache_shmcb.so
 
 Listen 8443
 
+SSLRandomSeed startup builtin
+SSLRandomSeed startup file:/dev/urandom 512
+SSLRandomSeed connect builtin
+SSLRandomSeed connect file:/dev/urandom 512
+
+AddType application/x-x509-ca-cert .crt
+
+SSLSessionCache     shmcb:${APACHE_RUN_DIR}/ssl_scache(512000)
+SSLSessionCacheTimeout  300
+
 <VirtualHost *:8443>
-    DocumentRoot /usr/share/zabbix/
-
-    ServerName zabbix
-
-    DirectoryIndex ${HTTP_INDEX_FILE}
-
-    AddType application/x-httpd-php .php .php3 .php4 .php5 .phtml
-    AddType application/x-httpd-php-source .phps
-
-    SetEnvIfNoCase ^Authorization$ "(.+)" HTTP_AUTHORIZATION=$1
-
     # Enable/Disable SSL for this virtual host.
     SSLEngine on
 
@@ -35,8 +34,7 @@ Listen 8443
     Header always set Strict-Transport-Security "max-age=63072000"
 
     <LocationMatch "/(ping|status)">
-        Order Allow,Deny
+        Require all granted
-        Allow from all
 
         SetHandler "proxy:unix:/tmp/php-fpm.sock|fcgi://localhost"
     </LocationMatch>
@@ -46,7 +44,7 @@ Listen 8443
         AllowOverride None
         Require all granted
 
-        <FilesMatch \.(php|phar)$>
+        <FilesMatch \.php$>
             SetHandler "proxy:unix:/tmp/php-fpm.sock|fcgi://localhost"
         </FilesMatch>
 
@@ -66,48 +64,42 @@ Listen 8443
     <Directory "/usr/share/zabbix/conf">
         Require all denied
         <files *.php>
-            Order deny,allow
+            Require all denied
-            Deny from all
         </files>
     </Directory>
 
     <Directory "/usr/share/zabbix/app">
         Require all denied
         <files *.php>
-            Order deny,allow
+            Require all denied
-            Deny from all
         </files>
     </Directory>
 
     <Directory "/usr/share/zabbix/include">
         Require all denied
         <files *.php>
-            Order deny,allow
+            Require all denied
-            Deny from all
         </files>
     </Directory>
 
     <Directory "/usr/share/zabbix/local">
         Require all denied
         <files *.php>
-            Order deny,allow
+            Require all denied
-            Deny from all
         </files>
     </Directory>
 
     <Directory "/usr/share/zabbix/locale">
         Require all denied
         <files *.php>
-            Order deny,allow
+            Require all denied
-            Deny from all
         </files>
     </Directory>
 
     <Directory "/usr/share/zabbix/vendor">
         Require all denied
         <files *.php>
-            Order deny,allow
+            Require all denied
-            Deny from all
         </files>
     </Directory>
 </VirtualHost>

Dockerfiles/web-apache-mysql/ubuntu/docker-entrypoint.sh

@@ -24,6 +24,9 @@ fi
 : ${DAEMON_USER:="www-data"}
 : ${DAEMON_GROUP:="www-data"}
 
+# DefaultRuntimeDir configuration option value
+export APACHE_RUN_DIR="/tmp/apache2"
+
 # Default directories
 # Apache main configuration file
 HTTPD_CONF_FILE="/etc/apache2/apache2.conf"
@@ -182,7 +185,7 @@ prepare_web_server() {
         export APACHE_SERVER_SIGNATURE="Off"
     fi
 
-    mkdir -p /tmp/apache2
+    mkdir -p "${APACHE_RUN_DIR}"
 }
 
 prepare_zbx_php_config() {

Dockerfiles/web-apache-pgsql/alpine/conf/etc/apache2/httpd.conf

@@ -1,9 +1,8 @@
 ServerRoot /etc/apache2/
-ServerRoot /var/www
+DefaultRuntimeDir ${APACHE_RUN_DIR}
-DefaultRuntimeDir /tmp/apache2/
 PidFile /tmp/apache2.pid
 
-ServerName 127.0.0.1
+ServerName zabbix
 
 IncludeOptional /etc/apache2/includes.conf
 
@@ -24,12 +23,7 @@ LogLevel warn
 <IfModule log_config_module>
     SetEnvIf Request_URI "^/(robots\.txt|favicon\.ico|status|ping|apache-status)$" exclude_from_logs
 
-    LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
     LogFormat "%v:%p %h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" vhost_combined
-    LogFormat "%h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" combined
-    LogFormat "%h %l %u %t \"%r\" %>s %O" common
-    LogFormat "%{Referer}i -> %U" referer
-    LogFormat "%{User-agent}i" agent
 
     CustomLog ${APACHE_CUSTOM_LOG} vhost_combined env=!exclude_from_logs
 </IfModule>
@@ -61,6 +55,19 @@ TraceEnable Off
 
 AddDefaultCharset UTF-8
 
+<IfModule reqtimeout_module>
+    RequestReadTimeout handshake=0 header=20-40,MinRate=500 body=20,MinRate=500
+</IfModule>
+
+SetEnvIfNoCase ^Authorization$ "(.+)" HTTP_AUTHORIZATION=$1
+
+AddType application/x-httpd-php .php .php3 .php4 .php5 .phtml
+AddType application/x-httpd-php-source .phps
+
+DirectoryIndex ${HTTP_INDEX_FILE}
+
+DocumentRoot "${ZABBIX_WWW_ROOT}"
+
 <IfModule status_module>
     <Location /apache-status>
         SetHandler server-status

Dockerfiles/web-apache-pgsql/alpine/conf/etc/apache2/modules.conf

@@ -1,19 +1,12 @@
 LoadModule logio_module modules/mod_logio.so
 LoadModule unixd_module modules/mod_unixd.so
 LoadModule log_config_module modules/mod_log_config.so
-LoadModule access_compat_module modules/mod_access_compat.so
 LoadModule auth_basic_module modules/mod_auth_basic.so
-LoadModule authn_core_module modules/mod_authn_core.so
-LoadModule authn_file_module modules/mod_authn_file.so
 LoadModule authz_core_module modules/mod_authz_core.so
 LoadModule authz_host_module modules/mod_authz_host.so
-LoadModule authz_user_module modules/mod_authz_user.so
 LoadModule dir_module modules/mod_dir.so
-LoadModule env_module modules/mod_env.so
-LoadModule filter_module modules/mod_filter.so
 LoadModule mime_module modules/mod_mime.so
 LoadModule mpm_event_module modules/mod_mpm_event.so
-LoadModule negotiation_module modules/mod_negotiation.so
 LoadModule reqtimeout_module modules/mod_reqtimeout.so
 LoadModule setenvif_module modules/mod_setenvif.so
 LoadModule status_module modules/mod_status.so

Dockerfiles/web-apache-pgsql/alpine/conf/etc/zabbix/apache.conf

@@ -1,20 +1,8 @@
 Listen 8080
 
 <VirtualHost *:8080>
-    DocumentRoot /usr/share/zabbix/
-
-    ServerName zabbix
-
-    DirectoryIndex ${HTTP_INDEX_FILE}
-
-    AddType application/x-httpd-php .php .php3 .php4 .php5 .phtml
-    AddType application/x-httpd-php-source .phps
-
-    SetEnvIfNoCase ^Authorization$ "(.+)" HTTP_AUTHORIZATION=$1
-
     <LocationMatch "/(ping|status)">
-        Order Allow,Deny
+        Require all granted
-        Allow from all
 
         SetHandler "proxy:unix:/tmp/php-fpm.sock|fcgi://localhost"
     </LocationMatch>
@@ -24,7 +12,7 @@ Listen 8080
         AllowOverride None
         Require all granted
 
-        <FilesMatch \.(php|phar)$>
+        <FilesMatch \.php$>
             SetHandler "proxy:unix:/tmp/php-fpm.sock|fcgi://localhost"
         </FilesMatch>
 
@@ -44,48 +32,42 @@ Listen 8080
     <Directory "/usr/share/zabbix/conf">
         Require all denied
         <files *.php>
-            Order deny,allow
+            Require all denied
-            Deny from all
         </files>
     </Directory>
 
     <Directory "/usr/share/zabbix/app">
         Require all denied
         <files *.php>
-            Order deny,allow
+            Require all denied
-            Deny from all
         </files>
     </Directory>
 
     <Directory "/usr/share/zabbix/include">
         Require all denied
         <files *.php>
-            Order deny,allow
+            Require all denied
-            Deny from all
         </files>
     </Directory>
 
     <Directory "/usr/share/zabbix/local">
         Require all denied
         <files *.php>
-            Order deny,allow
+            Require all denied
-            Deny from all
         </files>
     </Directory>
 
     <Directory "/usr/share/zabbix/locale">
         Require all denied
         <files *.php>
-            Order deny,allow
+            Require all denied
-            Deny from all
         </files>
     </Directory>
 
     <Directory "/usr/share/zabbix/vendor">
         Require all denied
         <files *.php>
-            Order deny,allow
+            Require all denied
-            Deny from all
         </files>
     </Directory>
 </VirtualHost>

Dockerfiles/web-apache-pgsql/alpine/conf/etc/zabbix/apache_ssl.conf

@@ -3,18 +3,17 @@ LoadModule socache_shmcb_module modules/mod_socache_shmcb.so
 
 Listen 8443
 
+SSLRandomSeed startup builtin
+SSLRandomSeed startup file:/dev/urandom 512
+SSLRandomSeed connect builtin
+SSLRandomSeed connect file:/dev/urandom 512
+
+AddType application/x-x509-ca-cert .crt
+
+SSLSessionCache     shmcb:${APACHE_RUN_DIR}/ssl_scache(512000)
+SSLSessionCacheTimeout  300
+
 <VirtualHost *:8443>
-    DocumentRoot /usr/share/zabbix/
-
-    ServerName zabbix
-
-    DirectoryIndex ${HTTP_INDEX_FILE}
-
-    AddType application/x-httpd-php .php .php3 .php4 .php5 .phtml
-    AddType application/x-httpd-php-source .phps
-
-    SetEnvIfNoCase ^Authorization$ "(.+)" HTTP_AUTHORIZATION=$1
-
     # Enable/Disable SSL for this virtual host.
     SSLEngine on
 
@@ -35,8 +34,7 @@ Listen 8443
     Header always set Strict-Transport-Security "max-age=63072000"
 
     <LocationMatch "/(ping|status)">
-        Order Allow,Deny
+        Require all granted
-        Allow from all
 
         SetHandler "proxy:unix:/tmp/php-fpm.sock|fcgi://localhost"
     </LocationMatch>
@@ -46,7 +44,7 @@ Listen 8443
         AllowOverride None
         Require all granted
 
-        <FilesMatch \.(php|phar)$>
+        <FilesMatch \.php$>
             SetHandler "proxy:unix:/tmp/php-fpm.sock|fcgi://localhost"
         </FilesMatch>
 
@@ -66,48 +64,42 @@ Listen 8443
     <Directory "/usr/share/zabbix/conf">
         Require all denied
         <files *.php>
-            Order deny,allow
+            Require all denied
-            Deny from all
         </files>
     </Directory>
 
     <Directory "/usr/share/zabbix/app">
         Require all denied
         <files *.php>
-            Order deny,allow
+            Require all denied
-            Deny from all
         </files>
     </Directory>
 
     <Directory "/usr/share/zabbix/include">
         Require all denied
         <files *.php>
-            Order deny,allow
+            Require all denied
-            Deny from all
         </files>
     </Directory>
 
     <Directory "/usr/share/zabbix/local">
         Require all denied
         <files *.php>
-            Order deny,allow
+            Require all denied
-            Deny from all
         </files>
     </Directory>
 
     <Directory "/usr/share/zabbix/locale">
         Require all denied
         <files *.php>
-            Order deny,allow
+            Require all denied
-            Deny from all
         </files>
     </Directory>
 
     <Directory "/usr/share/zabbix/vendor">
         Require all denied
         <files *.php>
-            Order deny,allow
+            Require all denied
-            Deny from all
         </files>
     </Directory>
 </VirtualHost>

Dockerfiles/web-apache-pgsql/alpine/docker-entrypoint.sh

@@ -24,6 +24,9 @@ fi
 : ${DAEMON_USER:="apache"}
 : ${DAEMON_GROUP:="apache"}
 
+# DefaultRuntimeDir configuration option value
+export APACHE_RUN_DIR="/tmp/apache2"
+    
 # Default directories
 # Apache main configuration file
 HTTPD_CONF_FILE="/etc/apache2/httpd.conf"
@@ -181,7 +184,7 @@ prepare_web_server() {
         export APACHE_SERVER_SIGNATURE="Off"
     fi
 
-    mkdir -p /tmp/apache2
+    mkdir -p "${APACHE_RUN_DIR}"
 }
 
 prepare_zbx_php_config() {

Dockerfiles/web-apache-pgsql/centos/conf/etc/httpd/conf/httpd.conf

@@ -1,9 +1,8 @@
 ServerRoot /etc/httpd/
-ServerRoot /var/www
+DefaultRuntimeDir ${APACHE_RUN_DIR}
-DefaultRuntimeDir /tmp/httpd/
 PidFile /tmp/httpd.pid
 
-ServerName 127.0.0.1
+ServerName zabbix
 
 IncludeOptional /etc/httpd/includes.conf
 
@@ -24,12 +23,7 @@ LogLevel warn
 <IfModule log_config_module>
     SetEnvIf Request_URI "^/(robots\.txt|favicon\.ico|status|ping|apache-status)$" exclude_from_logs
 
-    LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
     LogFormat "%v:%p %h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" vhost_combined
-    LogFormat "%h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" combined
-    LogFormat "%h %l %u %t \"%r\" %>s %O" common
-    LogFormat "%{Referer}i -> %U" referer
-    LogFormat "%{User-agent}i" agent
 
     CustomLog ${APACHE_CUSTOM_LOG} vhost_combined env=!exclude_from_logs
 </IfModule>
@@ -61,6 +55,19 @@ TraceEnable Off
 
 AddDefaultCharset UTF-8
 
+<IfModule reqtimeout_module>
+    RequestReadTimeout handshake=0 header=20-40,MinRate=500 body=20,MinRate=500
+</IfModule>
+
+SetEnvIfNoCase ^Authorization$ "(.+)" HTTP_AUTHORIZATION=$1
+
+AddType application/x-httpd-php .php .php3 .php4 .php5 .phtml
+AddType application/x-httpd-php-source .phps
+
+DirectoryIndex ${HTTP_INDEX_FILE}
+
+DocumentRoot "${ZABBIX_WWW_ROOT}"
+
 <IfModule status_module>
     <Location /apache-status>
         SetHandler server-status

Dockerfiles/web-apache-pgsql/centos/conf/etc/httpd/modules.conf

@@ -1,19 +1,12 @@
 LoadModule logio_module /usr/lib64/httpd/modules/mod_logio.so
 LoadModule unixd_module /usr/lib64/httpd/modules/mod_unixd.so
 LoadModule log_config_module /usr/lib64/httpd/modules/mod_log_config.so
-LoadModule access_compat_module /usr/lib64/httpd/modules/mod_access_compat.so
 LoadModule auth_basic_module /usr/lib64/httpd/modules/mod_auth_basic.so
-LoadModule authn_core_module /usr/lib64/httpd/modules/mod_authn_core.so
-LoadModule authn_file_module /usr/lib64/httpd/modules/mod_authn_file.so
 LoadModule authz_core_module /usr/lib64/httpd/modules/mod_authz_core.so
 LoadModule authz_host_module /usr/lib64/httpd/modules/mod_authz_host.so
-LoadModule authz_user_module /usr/lib64/httpd/modules/mod_authz_user.so
 LoadModule dir_module /usr/lib64/httpd/modules/mod_dir.so
-LoadModule env_module /usr/lib64/httpd/modules/mod_env.so
-LoadModule filter_module /usr/lib64/httpd/modules/mod_filter.so
 LoadModule mime_module /usr/lib64/httpd/modules/mod_mime.so
 LoadModule mpm_event_module /usr/lib64/httpd/modules/mod_mpm_event.so
-LoadModule negotiation_module /usr/lib64/httpd/modules/mod_negotiation.so
 LoadModule reqtimeout_module /usr/lib64/httpd/modules/mod_reqtimeout.so
 LoadModule setenvif_module /usr/lib64/httpd/modules/mod_setenvif.so
 LoadModule status_module /usr/lib64/httpd/modules/mod_status.so

Dockerfiles/web-apache-pgsql/centos/conf/etc/zabbix/apache.conf

@@ -1,20 +1,8 @@
 Listen 8080
 
 <VirtualHost *:8080>
-    DocumentRoot /usr/share/zabbix/
-
-    ServerName zabbix
-
-    DirectoryIndex ${HTTP_INDEX_FILE}
-
-    AddType application/x-httpd-php .php .php3 .php4 .php5 .phtml
-    AddType application/x-httpd-php-source .phps
-
-    SetEnvIfNoCase ^Authorization$ "(.+)" HTTP_AUTHORIZATION=$1
-
     <LocationMatch "/(ping|status)">
-        Order Allow,Deny
+        Require all granted
-        Allow from all
 
         SetHandler "proxy:unix:/tmp/php-fpm.sock|fcgi://localhost"
     </LocationMatch>
@@ -24,7 +12,7 @@ Listen 8080
         AllowOverride None
         Require all granted
 
-        <FilesMatch \.(php|phar)$>
+        <FilesMatch \.php$>
             SetHandler "proxy:unix:/tmp/php-fpm.sock|fcgi://localhost"
         </FilesMatch>
 
@@ -44,48 +32,42 @@ Listen 8080
     <Directory "/usr/share/zabbix/conf">
         Require all denied
         <files *.php>
-            Order deny,allow
+            Require all denied
-            Deny from all
         </files>
     </Directory>
 
     <Directory "/usr/share/zabbix/app">
         Require all denied
         <files *.php>
-            Order deny,allow
+            Require all denied
-            Deny from all
         </files>
     </Directory>
 
     <Directory "/usr/share/zabbix/include">
         Require all denied
         <files *.php>
-            Order deny,allow
+            Require all denied
-            Deny from all
         </files>
     </Directory>
 
     <Directory "/usr/share/zabbix/local">
         Require all denied
         <files *.php>
-            Order deny,allow
+            Require all denied
-            Deny from all
         </files>
     </Directory>
 
     <Directory "/usr/share/zabbix/locale">
         Require all denied
         <files *.php>
-            Order deny,allow
+            Require all denied
-            Deny from all
         </files>
     </Directory>
 
     <Directory "/usr/share/zabbix/vendor">
         Require all denied
         <files *.php>
-            Order deny,allow
+            Require all denied
-            Deny from all
         </files>
     </Directory>
 </VirtualHost>

Dockerfiles/web-apache-pgsql/centos/conf/etc/zabbix/apache_ssl.conf

@@ -3,18 +3,17 @@ LoadModule socache_shmcb_module /usr/lib64/httpd/modules/mod_socache_shmcb.so
 
 Listen 8443
 
+SSLRandomSeed startup builtin
+SSLRandomSeed startup file:/dev/urandom 512
+SSLRandomSeed connect builtin
+SSLRandomSeed connect file:/dev/urandom 512
+
+AddType application/x-x509-ca-cert .crt
+
+SSLSessionCache     shmcb:${APACHE_RUN_DIR}/ssl_scache(512000)
+SSLSessionCacheTimeout  300
+
 <VirtualHost *:8443>
-    DocumentRoot /usr/share/zabbix/
-
-    ServerName zabbix
-
-    DirectoryIndex ${HTTP_INDEX_FILE}
-
-    AddType application/x-httpd-php .php .php3 .php4 .php5 .phtml
-    AddType application/x-httpd-php-source .phps
-
-    SetEnvIfNoCase ^Authorization$ "(.+)" HTTP_AUTHORIZATION=$1
-
     # Enable/Disable SSL for this virtual host.
     SSLEngine on
 
@@ -35,8 +34,7 @@ Listen 8443
     Header always set Strict-Transport-Security "max-age=63072000"
 
     <LocationMatch "/(ping|status)">
-        Order Allow,Deny
+        Require all granted
-        Allow from all
 
         SetHandler "proxy:unix:/tmp/php-fpm.sock|fcgi://localhost"
     </LocationMatch>
@@ -46,7 +44,7 @@ Listen 8443
         AllowOverride None
         Require all granted
 
-        <FilesMatch \.(php|phar)$>
+        <FilesMatch \.php$>
             SetHandler "proxy:unix:/tmp/php-fpm.sock|fcgi://localhost"
         </FilesMatch>
 
@@ -66,48 +64,42 @@ Listen 8443
     <Directory "/usr/share/zabbix/conf">
         Require all denied
         <files *.php>
-            Order deny,allow
+            Require all denied
-            Deny from all
         </files>
     </Directory>
 
     <Directory "/usr/share/zabbix/app">
         Require all denied
         <files *.php>
-            Order deny,allow
+            Require all denied
-            Deny from all
         </files>
     </Directory>
 
     <Directory "/usr/share/zabbix/include">
         Require all denied
         <files *.php>
-            Order deny,allow
+            Require all denied
-            Deny from all
         </files>
     </Directory>
 
     <Directory "/usr/share/zabbix/local">
         Require all denied
         <files *.php>
-            Order deny,allow
+            Require all denied
-            Deny from all
         </files>
     </Directory>
 
     <Directory "/usr/share/zabbix/locale">
         Require all denied
         <files *.php>
-            Order deny,allow
+            Require all denied
-            Deny from all
         </files>
     </Directory>
 
     <Directory "/usr/share/zabbix/vendor">
         Require all denied
         <files *.php>
-            Order deny,allow
+            Require all denied
-            Deny from all
         </files>
     </Directory>
 </VirtualHost>

Dockerfiles/web-apache-pgsql/centos/docker-entrypoint.sh

@@ -24,6 +24,9 @@ fi
 : ${DAEMON_USER:="apache"}
 : ${DAEMON_GROUP:="apache"}
 
+# DefaultRuntimeDir configuration option value
+export APACHE_RUN_DIR="/tmp/httpd"
+    
 # Default directories
 # Apache main configuration file
 HTTPD_CONF_FILE="/etc/httpd/conf/httpd.conf"
@@ -181,7 +184,7 @@ prepare_web_server() {
         export APACHE_SERVER_SIGNATURE="Off"
     fi
 
-    mkdir -p /tmp/httpd
+    mkdir -p "${APACHE_RUN_DIR}"
 }
 
 prepare_zbx_php_config() {

Dockerfiles/web-apache-pgsql/ol/conf/etc/httpd/conf/httpd.conf

@@ -1,9 +1,8 @@
 ServerRoot /etc/httpd/
-ServerRoot /var/www
+DefaultRuntimeDir ${APACHE_RUN_DIR}
-DefaultRuntimeDir /tmp/httpd/
 PidFile /tmp/httpd.pid
 
-ServerName 127.0.0.1
+ServerName zabbix
 
 IncludeOptional /etc/httpd/includes.conf
 
@@ -24,12 +23,7 @@ LogLevel warn
 <IfModule log_config_module>
     SetEnvIf Request_URI "^/(robots\.txt|favicon\.ico|status|ping|apache-status)$" exclude_from_logs
 
-    LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
     LogFormat "%v:%p %h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" vhost_combined
-    LogFormat "%h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" combined
-    LogFormat "%h %l %u %t \"%r\" %>s %O" common
-    LogFormat "%{Referer}i -> %U" referer
-    LogFormat "%{User-agent}i" agent
 
     CustomLog ${APACHE_CUSTOM_LOG} vhost_combined env=!exclude_from_logs
 </IfModule>
@@ -61,6 +55,19 @@ TraceEnable Off
 
 AddDefaultCharset UTF-8
 
+<IfModule reqtimeout_module>
+    RequestReadTimeout handshake=0 header=20-40,MinRate=500 body=20,MinRate=500
+</IfModule>
+
+SetEnvIfNoCase ^Authorization$ "(.+)" HTTP_AUTHORIZATION=$1
+
+AddType application/x-httpd-php .php .php3 .php4 .php5 .phtml
+AddType application/x-httpd-php-source .phps
+
+DirectoryIndex ${HTTP_INDEX_FILE}
+
+DocumentRoot "${ZABBIX_WWW_ROOT}"
+
 <IfModule status_module>
     <Location /apache-status>
         SetHandler server-status

Dockerfiles/web-apache-pgsql/ol/conf/etc/httpd/modules.conf

@@ -1,19 +1,12 @@
 LoadModule logio_module /usr/lib64/httpd/modules/mod_logio.so
 LoadModule unixd_module /usr/lib64/httpd/modules/mod_unixd.so
 LoadModule log_config_module /usr/lib64/httpd/modules/mod_log_config.so
-LoadModule access_compat_module /usr/lib64/httpd/modules/mod_access_compat.so
 LoadModule auth_basic_module /usr/lib64/httpd/modules/mod_auth_basic.so
-LoadModule authn_core_module /usr/lib64/httpd/modules/mod_authn_core.so
-LoadModule authn_file_module /usr/lib64/httpd/modules/mod_authn_file.so
 LoadModule authz_core_module /usr/lib64/httpd/modules/mod_authz_core.so
 LoadModule authz_host_module /usr/lib64/httpd/modules/mod_authz_host.so
-LoadModule authz_user_module /usr/lib64/httpd/modules/mod_authz_user.so
 LoadModule dir_module /usr/lib64/httpd/modules/mod_dir.so
-LoadModule env_module /usr/lib64/httpd/modules/mod_env.so
-LoadModule filter_module /usr/lib64/httpd/modules/mod_filter.so
 LoadModule mime_module /usr/lib64/httpd/modules/mod_mime.so
 LoadModule mpm_event_module /usr/lib64/httpd/modules/mod_mpm_event.so
-LoadModule negotiation_module /usr/lib64/httpd/modules/mod_negotiation.so
 LoadModule reqtimeout_module /usr/lib64/httpd/modules/mod_reqtimeout.so
 LoadModule setenvif_module /usr/lib64/httpd/modules/mod_setenvif.so
 LoadModule status_module /usr/lib64/httpd/modules/mod_status.so

Dockerfiles/web-apache-pgsql/ol/conf/etc/zabbix/apache.conf

@@ -1,20 +1,8 @@
 Listen 8080
 
 <VirtualHost *:8080>
-    DocumentRoot /usr/share/zabbix/
-
-    ServerName zabbix
-
-    DirectoryIndex ${HTTP_INDEX_FILE}
-
-    AddType application/x-httpd-php .php .php3 .php4 .php5 .phtml
-    AddType application/x-httpd-php-source .phps
-
-    SetEnvIfNoCase ^Authorization$ "(.+)" HTTP_AUTHORIZATION=$1
-
     <LocationMatch "/(ping|status)">
-        Order Allow,Deny
+        Require all granted
-        Allow from all
 
         SetHandler "proxy:unix:/tmp/php-fpm.sock|fcgi://localhost"
     </LocationMatch>
@@ -24,7 +12,7 @@ Listen 8080
         AllowOverride None
         Require all granted
 
-        <FilesMatch \.(php|phar)$>
+        <FilesMatch \.php$>
             SetHandler "proxy:unix:/tmp/php-fpm.sock|fcgi://localhost"
         </FilesMatch>
 
@@ -44,48 +32,42 @@ Listen 8080
     <Directory "/usr/share/zabbix/conf">
         Require all denied
         <files *.php>
-            Order deny,allow
+            Require all denied
-            Deny from all
         </files>
     </Directory>
 
     <Directory "/usr/share/zabbix/app">
         Require all denied
         <files *.php>
-            Order deny,allow
+            Require all denied
-            Deny from all
         </files>
     </Directory>
 
     <Directory "/usr/share/zabbix/include">
         Require all denied
         <files *.php>
-            Order deny,allow
+            Require all denied
-            Deny from all
         </files>
     </Directory>
 
     <Directory "/usr/share/zabbix/local">
         Require all denied
         <files *.php>
-            Order deny,allow
+            Require all denied
-            Deny from all
         </files>
     </Directory>
 
     <Directory "/usr/share/zabbix/locale">
         Require all denied
         <files *.php>
-            Order deny,allow
+            Require all denied
-            Deny from all
         </files>
     </Directory>
 
     <Directory "/usr/share/zabbix/vendor">
         Require all denied
         <files *.php>
-            Order deny,allow
+            Require all denied
-            Deny from all
         </files>
     </Directory>
 </VirtualHost>

Dockerfiles/web-apache-pgsql/ol/conf/etc/zabbix/apache_ssl.conf

@@ -3,18 +3,17 @@ LoadModule socache_shmcb_module /usr/lib64/httpd/modules/mod_socache_shmcb.so
 
 Listen 8443
 
+SSLRandomSeed startup builtin
+SSLRandomSeed startup file:/dev/urandom 512
+SSLRandomSeed connect builtin
+SSLRandomSeed connect file:/dev/urandom 512
+
+AddType application/x-x509-ca-cert .crt
+
+SSLSessionCache     shmcb:${APACHE_RUN_DIR}/ssl_scache(512000)
+SSLSessionCacheTimeout  300
+
 <VirtualHost *:8443>
-    DocumentRoot /usr/share/zabbix/
-
-    ServerName zabbix
-
-    DirectoryIndex ${HTTP_INDEX_FILE}
-
-    AddType application/x-httpd-php .php .php3 .php4 .php5 .phtml
-    AddType application/x-httpd-php-source .phps
-
-    SetEnvIfNoCase ^Authorization$ "(.+)" HTTP_AUTHORIZATION=$1
-
     # Enable/Disable SSL for this virtual host.
     SSLEngine on
 
@@ -35,8 +34,7 @@ Listen 8443
     Header always set Strict-Transport-Security "max-age=63072000"
 
     <LocationMatch "/(ping|status)">
-        Order Allow,Deny
+        Require all granted
-        Allow from all
 
         SetHandler "proxy:unix:/tmp/php-fpm.sock|fcgi://localhost"
     </LocationMatch>
@@ -46,7 +44,7 @@ Listen 8443
         AllowOverride None
         Require all granted
 
-        <FilesMatch \.(php|phar)$>
+        <FilesMatch \.php$>
             SetHandler "proxy:unix:/tmp/php-fpm.sock|fcgi://localhost"
         </FilesMatch>
 
@@ -66,48 +64,42 @@ Listen 8443
     <Directory "/usr/share/zabbix/conf">
         Require all denied
         <files *.php>
-            Order deny,allow
+            Require all denied
-            Deny from all
         </files>
     </Directory>
 
     <Directory "/usr/share/zabbix/app">
         Require all denied
         <files *.php>
-            Order deny,allow
+            Require all denied
-            Deny from all
         </files>
     </Directory>
 
     <Directory "/usr/share/zabbix/include">
         Require all denied
         <files *.php>
-            Order deny,allow
+            Require all denied
-            Deny from all
         </files>
     </Directory>
 
     <Directory "/usr/share/zabbix/local">
         Require all denied
         <files *.php>
-            Order deny,allow
+            Require all denied
-            Deny from all
         </files>
     </Directory>
 
     <Directory "/usr/share/zabbix/locale">
         Require all denied
         <files *.php>
-            Order deny,allow
+            Require all denied
-            Deny from all
         </files>
     </Directory>
 
     <Directory "/usr/share/zabbix/vendor">
         Require all denied
         <files *.php>
-            Order deny,allow
+            Require all denied
-            Deny from all
         </files>
     </Directory>
 </VirtualHost>

Dockerfiles/web-apache-pgsql/ol/docker-entrypoint.sh

@@ -24,6 +24,9 @@ fi
 : ${DAEMON_USER:="apache"}
 : ${DAEMON_GROUP:="apache"}
 
+# DefaultRuntimeDir configuration option value
+export APACHE_RUN_DIR="/tmp/httpd"
+
 # Default directories
 # Apache main configuration file
 HTTPD_CONF_FILE="/etc/httpd/conf/httpd.conf"
@@ -203,7 +206,7 @@ prepare_web_server() {
         export APACHE_SERVER_SIGNATURE="Off"
     fi
 
-    mkdir -p /tmp/httpd
+    mkdir -p "${APACHE_RUN_DIR}"
 }
 
 prepare_zbx_php_config() {

Dockerfiles/web-apache-pgsql/ubuntu/conf/etc/apache2/apache2.conf

@@ -1,9 +1,8 @@
 ServerRoot /etc/apache2/
-ServerRoot /var/www
+DefaultRuntimeDir ${APACHE_RUN_DIR}
-DefaultRuntimeDir /tmp/apache2/
 PidFile /tmp/apache2.pid
 
-ServerName 127.0.0.1
+ServerName zabbix
 
 IncludeOptional /etc/apache2/includes.conf
 
@@ -24,12 +23,7 @@ LogLevel warn
 <IfModule log_config_module>
     SetEnvIf Request_URI "^/(robots\.txt|favicon\.ico|status|ping|apache-status)$" exclude_from_logs
 
-    LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
     LogFormat "%v:%p %h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" vhost_combined
-    LogFormat "%h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" combined
-    LogFormat "%h %l %u %t \"%r\" %>s %O" common
-    LogFormat "%{Referer}i -> %U" referer
-    LogFormat "%{User-agent}i" agent
 
     CustomLog ${APACHE_CUSTOM_LOG} vhost_combined env=!exclude_from_logs
 </IfModule>
@@ -61,6 +55,19 @@ TraceEnable Off
 
 AddDefaultCharset UTF-8
 
+<IfModule reqtimeout_module>
+    RequestReadTimeout handshake=0 header=20-40,MinRate=500 body=20,MinRate=500
+</IfModule>
+
+SetEnvIfNoCase ^Authorization$ "(.+)" HTTP_AUTHORIZATION=$1
+
+AddType application/x-httpd-php .php .php3 .php4 .php5 .phtml
+AddType application/x-httpd-php-source .phps
+
+DirectoryIndex ${HTTP_INDEX_FILE}
+
+DocumentRoot "${ZABBIX_WWW_ROOT}"
+
 <IfModule status_module>
     <Location /apache-status>
         SetHandler server-status

Dockerfiles/web-apache-pgsql/ubuntu/conf/etc/apache2/includes.conf

@@ -1,8 +1,5 @@
 IncludeOptional /etc/apache2/modules.conf
 
 IncludeOptional /etc/apache2/mods-enabled/mime.conf
-IncludeOptional /etc/apache2/mods-enabled/negotiation.conf
-IncludeOptional /etc/apache2/mods-enabled/reqtimeout.conf
-IncludeOptional /etc/apache2/mods-enabled/setenvif.conf
 
 IncludeOptional /etc/apache2/sites-enabled/*.conf

Dockerfiles/web-apache-pgsql/ubuntu/conf/etc/apache2/modules.conf

@@ -1,16 +1,9 @@
-LoadModule access_compat_module /usr/lib/apache2/modules/mod_access_compat.so
 LoadModule auth_basic_module /usr/lib/apache2/modules/mod_auth_basic.so
-LoadModule authn_core_module /usr/lib/apache2/modules/mod_authn_core.so
-LoadModule authn_file_module /usr/lib/apache2/modules/mod_authn_file.so
 LoadModule authz_core_module /usr/lib/apache2/modules/mod_authz_core.so
 LoadModule authz_host_module /usr/lib/apache2/modules/mod_authz_host.so
-LoadModule authz_user_module /usr/lib/apache2/modules/mod_authz_user.so
 LoadModule dir_module /usr/lib/apache2/modules/mod_dir.so
-LoadModule env_module /usr/lib/apache2/modules/mod_env.so
-LoadModule filter_module /usr/lib/apache2/modules/mod_filter.so
 LoadModule mime_module /usr/lib/apache2/modules/mod_mime.so
 LoadModule mpm_event_module /usr/lib/apache2/modules/mod_mpm_event.so
-LoadModule negotiation_module /usr/lib/apache2/modules/mod_negotiation.so
 LoadModule reqtimeout_module /usr/lib/apache2/modules/mod_reqtimeout.so
 LoadModule setenvif_module /usr/lib/apache2/modules/mod_setenvif.so
 LoadModule status_module /usr/lib/apache2/modules/mod_status.so

Dockerfiles/web-apache-pgsql/ubuntu/conf/etc/zabbix/apache.conf

@@ -1,20 +1,8 @@
 Listen 8080
 
 <VirtualHost *:8080>
-    DocumentRoot /usr/share/zabbix/
-
-    ServerName zabbix
-
-    DirectoryIndex ${HTTP_INDEX_FILE}
-
-    AddType application/x-httpd-php .php .php3 .php4 .php5 .phtml
-    AddType application/x-httpd-php-source .phps
-
-    SetEnvIfNoCase ^Authorization$ "(.+)" HTTP_AUTHORIZATION=$1
-
     <LocationMatch "/(ping|status)">
-        Order Allow,Deny
+        Require all granted
-        Allow from all
 
         SetHandler "proxy:unix:/tmp/php-fpm.sock|fcgi://localhost"
     </LocationMatch>
@@ -24,7 +12,7 @@ Listen 8080
         AllowOverride None
         Require all granted
 
-        <FilesMatch \.(php|phar)$>
+        <FilesMatch \.php$>
             SetHandler "proxy:unix:/tmp/php-fpm.sock|fcgi://localhost"
         </FilesMatch>
 
@@ -44,48 +32,42 @@ Listen 8080
     <Directory "/usr/share/zabbix/conf">
         Require all denied
         <files *.php>
-            Order deny,allow
+            Require all denied
-            Deny from all
         </files>
     </Directory>
 
     <Directory "/usr/share/zabbix/app">
         Require all denied
         <files *.php>
-            Order deny,allow
+            Require all denied
-            Deny from all
         </files>
     </Directory>
 
     <Directory "/usr/share/zabbix/include">
         Require all denied
         <files *.php>
-            Order deny,allow
+            Require all denied
-            Deny from all
         </files>
     </Directory>
 
     <Directory "/usr/share/zabbix/local">
         Require all denied
         <files *.php>
-            Order deny,allow
+            Require all denied
-            Deny from all
         </files>
     </Directory>
 
     <Directory "/usr/share/zabbix/locale">
         Require all denied
         <files *.php>
-            Order deny,allow
+            Require all denied
-            Deny from all
         </files>
     </Directory>
 
     <Directory "/usr/share/zabbix/vendor">
         Require all denied
         <files *.php>
-            Order deny,allow
+            Require all denied
-            Deny from all
         </files>
     </Directory>
 </VirtualHost>

Dockerfiles/web-apache-pgsql/ubuntu/conf/etc/zabbix/apache_ssl.conf

@@ -3,18 +3,17 @@ LoadModule socache_shmcb_module /usr/lib/apache2/modules/mod_socache_shmcb.so
 
 Listen 8443
 
+SSLRandomSeed startup builtin
+SSLRandomSeed startup file:/dev/urandom 512
+SSLRandomSeed connect builtin
+SSLRandomSeed connect file:/dev/urandom 512
+
+AddType application/x-x509-ca-cert .crt
+
+SSLSessionCache     shmcb:${APACHE_RUN_DIR}/ssl_scache(512000)
+SSLSessionCacheTimeout  300
+
 <VirtualHost *:8443>
-    DocumentRoot /usr/share/zabbix/
-
-    ServerName zabbix
-
-    DirectoryIndex ${HTTP_INDEX_FILE}
-
-    AddType application/x-httpd-php .php .php3 .php4 .php5 .phtml
-    AddType application/x-httpd-php-source .phps
-
-    SetEnvIfNoCase ^Authorization$ "(.+)" HTTP_AUTHORIZATION=$1
-
     # Enable/Disable SSL for this virtual host.
     SSLEngine on
 
@@ -35,8 +34,7 @@ Listen 8443
     Header always set Strict-Transport-Security "max-age=63072000"
 
     <LocationMatch "/(ping|status)">
-        Order Allow,Deny
+        Require all granted
-        Allow from all
 
         SetHandler "proxy:unix:/tmp/php-fpm.sock|fcgi://localhost"
     </LocationMatch>
@@ -46,7 +44,7 @@ Listen 8443
         AllowOverride None
         Require all granted
 
-        <FilesMatch \.(php|phar)$>
+        <FilesMatch \.php$>
             SetHandler "proxy:unix:/tmp/php-fpm.sock|fcgi://localhost"
         </FilesMatch>
 
@@ -66,48 +64,42 @@ Listen 8443
     <Directory "/usr/share/zabbix/conf">
         Require all denied
         <files *.php>
-            Order deny,allow
+            Require all denied
-            Deny from all
         </files>
     </Directory>
 
     <Directory "/usr/share/zabbix/app">
         Require all denied
         <files *.php>
-            Order deny,allow
+            Require all denied
-            Deny from all
         </files>
     </Directory>
 
     <Directory "/usr/share/zabbix/include">
         Require all denied
         <files *.php>
-            Order deny,allow
+            Require all denied
-            Deny from all
         </files>
     </Directory>
 
     <Directory "/usr/share/zabbix/local">
         Require all denied
         <files *.php>
-            Order deny,allow
+            Require all denied
-            Deny from all
         </files>
     </Directory>
 
     <Directory "/usr/share/zabbix/locale">
         Require all denied
         <files *.php>
-            Order deny,allow
+            Require all denied
-            Deny from all
         </files>
     </Directory>
 
     <Directory "/usr/share/zabbix/vendor">
         Require all denied
         <files *.php>
-            Order deny,allow
+            Require all denied
-            Deny from all
         </files>
     </Directory>
 </VirtualHost>

Dockerfiles/web-apache-pgsql/ubuntu/docker-entrypoint.sh

@@ -24,6 +24,9 @@ fi
 : ${DAEMON_USER:="www-data"}
 : ${DAEMON_GROUP:="www-data"}
 
+# DefaultRuntimeDir configuration option value
+export APACHE_RUN_DIR="/tmp/apache2"
+
 # Default directories
 # Apache main configuration file
 HTTPD_CONF_FILE="/etc/apache2/apache2.conf"
@@ -181,7 +184,7 @@ prepare_web_server() {
         export APACHE_SERVER_SIGNATURE="Off"
     fi
 
-    mkdir -p /tmp/apache2
+    mkdir -p "${APACHE_RUN_DIR}"
 }
 
 prepare_zbx_php_config() {