Migrate to PHP-FPM for all Web images

Dockerfiles/web-apache-mysql/centos/conf/etc/httpd/conf.d/99-zabbix.conf

@@ -1,3 +0,0 @@
-<IfModule !mpm_netware_module>
-    PidFile "/tmp/httpd.pid"
-</IfModule>

Dockerfiles/web-apache-mysql/centos/conf/etc/httpd/conf.d/mime.conf

@@ -0,0 +1,9 @@
+<IfModule mime_module>
+    TypesConfig /etc/mime.types
+
+    AddType application/x-compress .Z
+    AddType application/x-gzip .gz .tgz
+</IfModule>
+<IfModule mime_magic_module>
+    MIMEMagicFile conf/magic
+</IfModule>

Dockerfiles/web-apache-mysql/centos/conf/etc/httpd/conf/httpd.conf

@@ -0,0 +1,75 @@
+ServerRoot /etc/httpd/
+ServerRoot /var/www
+DefaultRuntimeDir /tmp/httpd/
+PidFile /tmp/httpd.pid
+
+ServerName 127.0.0.1
+
+IncludeOptional /etc/httpd/includes.conf
+
+Timeout 300
+KeepAlive On
+MaxKeepAliveRequests 100
+KeepAliveTimeout 5
+
+<IfModule unixd_module>
+    User ${APACHE_RUN_USER}
+    Group ${APACHE_RUN_GROUP}
+</IfModule>
+
+HostnameLookups Off
+
+LogLevel warn
+
+<IfModule log_config_module>
+    SetEnvIf Request_URI "^/(robots\.txt|favicon\.ico|status|ping|apache-status)$" exclude_from_logs
+
+    LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
+    LogFormat "%v:%p %h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" vhost_combined
+    LogFormat "%h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" combined
+    LogFormat "%h %l %u %t \"%r\" %>s %O" common
+    LogFormat "%{Referer}i -> %U" referer
+    LogFormat "%{User-agent}i" agent
+
+    CustomLog ${APACHE_CUSTOM_LOG} vhost_combined env=!exclude_from_logs
+</IfModule>
+
+ErrorLog /proc/self/fd/2
+
+LogLevel warn
+
+<IfModule mpm_event_module>
+    StartServers            2
+    MinSpareThreads         25
+    MaxSpareThreads         75
+    ThreadLimit             64
+    ThreadsPerChild         25
+    MaxRequestWorkers       150
+    MaxConnectionsPerChild  0
+</IfModule>
+
+# Deny all attempts to access hidden files such as .htaccess, .htpasswd, .DS_Store (Mac).
+<FilesMatch "^\.">
+    Require all denied
+</FilesMatch>
+
+ServerTokens ${APACHE_SERVER_TOKENS}
+
+ServerSignature ${APACHE_SERVER_SIGNATURE}
+
+TraceEnable Off
+
+AddDefaultCharset UTF-8
+
+<IfModule status_module>
+    <Location /apache-status>
+        SetHandler server-status
+        Require local
+    </Location>
+
+    ExtendedStatus On
+
+    <IfModule mod_proxy.c>
+        ProxyStatus On
+    </IfModule>
+</IfModule>

Dockerfiles/web-apache-mysql/centos/conf/etc/httpd/includes.conf

@@ -0,0 +1,3 @@
+IncludeOptional /etc/httpd/modules.conf
+
+IncludeOptional /etc/httpd/conf.d/*.conf

Dockerfiles/web-apache-mysql/centos/conf/etc/httpd/modules.conf

@@ -0,0 +1,24 @@
+LoadModule logio_module /usr/lib64/httpd/modules/mod_logio.so
+LoadModule unixd_module /usr/lib64/httpd/modules/mod_unixd.so
+LoadModule log_config_module /usr/lib64/httpd/modules/mod_log_config.so
+LoadModule access_compat_module /usr/lib64/httpd/modules/mod_access_compat.so
+LoadModule auth_basic_module /usr/lib64/httpd/modules/mod_auth_basic.so
+LoadModule authn_core_module /usr/lib64/httpd/modules/mod_authn_core.so
+LoadModule authn_file_module /usr/lib64/httpd/modules/mod_authn_file.so
+LoadModule authz_core_module /usr/lib64/httpd/modules/mod_authz_core.so
+LoadModule authz_host_module /usr/lib64/httpd/modules/mod_authz_host.so
+LoadModule authz_user_module /usr/lib64/httpd/modules/mod_authz_user.so
+LoadModule dir_module /usr/lib64/httpd/modules/mod_dir.so
+LoadModule env_module /usr/lib64/httpd/modules/mod_env.so
+LoadModule filter_module /usr/lib64/httpd/modules/mod_filter.so
+LoadModule mime_module /usr/lib64/httpd/modules/mod_mime.so
+LoadModule mpm_event_module /usr/lib64/httpd/modules/mod_mpm_event.so
+LoadModule negotiation_module /usr/lib64/httpd/modules/mod_negotiation.so
+LoadModule reqtimeout_module /usr/lib64/httpd/modules/mod_reqtimeout.so
+LoadModule setenvif_module /usr/lib64/httpd/modules/mod_setenvif.so
+LoadModule status_module /usr/lib64/httpd/modules/mod_status.so
+
+LoadModule proxy_module /usr/lib64/httpd/modules/mod_proxy.so
+LoadModule proxy_fcgi_module /usr/lib64/httpd/modules/mod_proxy_fcgi.so
+LoadModule expires_module /usr/lib64/httpd/modules/mod_expires.so
+LoadModule headers_module /usr/lib64/httpd/modules/mod_headers.so

Dockerfiles/web-apache-mysql/centos/conf/etc/zabbix/apache.conf

@@ -1,10 +1,17 @@
+Listen 8080
+
 <VirtualHost *:8080>
     DocumentRoot /usr/share/zabbix/
+
     ServerName zabbix
-    DirectoryIndex {HTTP_INDEX_FILE}
+
+    DirectoryIndex ${HTTP_INDEX_FILE}
+
     AddType application/x-httpd-php .php .php3 .php4 .php5 .phtml
     AddType application/x-httpd-php-source .phps
 
+    SetEnvIfNoCase ^Authorization$ "(.+)" HTTP_AUTHORIZATION=$1
+
     <LocationMatch "/(ping|status)">
         Order Allow,Deny
         Allow from all
@@ -20,6 +27,18 @@
         <FilesMatch \.(php|phar)$>
             SetHandler "proxy:unix:/tmp/php-fpm.sock|fcgi://localhost"
         </FilesMatch>
+
+        <filesMatch "\.(ico)$">
+            ExpiresActive On
+            ExpiresDefault "access plus 1 year"
+            Header append Cache-Control "public"
+        </filesMatch>
+
+        <filesMatch "\.(js|css|png|jpg|jpeg|gif|xml|txt)$">
+            ExpiresActive On
+            ExpiresDefault "access plus 14 day"
+            Header append Cache-Control "public"
+        </filesMatch>
     </Directory>
 
     <Directory "/usr/share/zabbix/conf">

Dockerfiles/web-apache-mysql/centos/conf/etc/zabbix/apache_ssl.conf

@@ -1,97 +1,113 @@
-LoadModule ssl_module modules/mod_ssl.so
-LoadModule socache_shmcb_module modules/mod_socache_shmcb.so
+LoadModule ssl_module /usr/lib64/httpd/modules/mod_ssl.so
+LoadModule socache_shmcb_module /usr/lib64/httpd/modules/mod_socache_shmcb.so
 
 Listen 8443
 
-    <VirtualHost *:8443>
-        DocumentRoot /usr/share/zabbix/
-        ServerName zabbix
-        DirectoryIndex {HTTP_INDEX_FILE}
+<VirtualHost *:8443>
+    DocumentRoot /usr/share/zabbix/
 
-        AddType application/x-httpd-php .php .php3 .php4 .php5 .phtml
-        AddType application/x-httpd-php-source .phps
+    ServerName zabbix
 
-        # Enable/Disable SSL for this virtual host.
-        SSLEngine on
+    DirectoryIndex ${HTTP_INDEX_FILE}
 
-        # intermediate configuration
-        SSLProtocol             -all +TLSv1.2 +TLSv1.3
-        SSLCipherSuite          ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305
-        SSLHonorCipherOrder     off
-        SSLSessionTickets       off
+    AddType application/x-httpd-php .php .php3 .php4 .php5 .phtml
+    AddType application/x-httpd-php-source .phps
 
-        SSLCertificateFile /etc/ssl/apache2/ssl.crt
-        SSLCertificateKeyFile /etc/ssl/apache2/ssl.key
-        # SSLCACertificatePath /etc/ssl/apache2/chain/
+    SetEnvIfNoCase ^Authorization$ "(.+)" HTTP_AUTHORIZATION=$1
 
-        # enable HTTP/2, if available
-        Protocols h2 http/1.1
+    # Enable/Disable SSL for this virtual host.
+    SSLEngine on
 
-        # HTTP Strict Transport Security (mod_headers is required) (63072000 seconds)
-        Header always set Strict-Transport-Security "max-age=63072000"
+    # intermediate configuration
+    SSLProtocol             -all +TLSv1.2 +TLSv1.3
+    SSLCipherSuite          ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305
+    SSLHonorCipherOrder     off
+    SSLSessionTickets       off
 
-        <LocationMatch "/(ping|status)">
-            Order Allow,Deny
-            Allow from all
+    SSLCertificateFile /etc/ssl/apache2/ssl.crt
+    SSLCertificateKeyFile /etc/ssl/apache2/ssl.key
+    # SSLCACertificatePath /etc/ssl/apache2/chain/
 
+    # enable HTTP/2, if available
+    Protocols h2 http/1.1
+
+    # HTTP Strict Transport Security (mod_headers is required) (63072000 seconds)
+    Header always set Strict-Transport-Security "max-age=63072000"
+
+    <LocationMatch "/(ping|status)">
+        Order Allow,Deny
+        Allow from all
+
+        SetHandler "proxy:unix:/tmp/php-fpm.sock|fcgi://localhost"
+    </LocationMatch>
+
+    <Directory "/usr/share/zabbix">
+        Options FollowSymLinks
+        AllowOverride None
+        Require all granted
+
+        <FilesMatch \.(php|phar)$>
             SetHandler "proxy:unix:/tmp/php-fpm.sock|fcgi://localhost"
-        </LocationMatch>
+        </FilesMatch>
 
-        <Directory "/usr/share/zabbix">
-            Options FollowSymLinks
-            AllowOverride None
-            Require all granted
+        <filesMatch "\.(ico)$">
+            ExpiresActive On
+            ExpiresDefault "access plus 1 year"
+            Header append Cache-Control "public"
+        </filesMatch>
 
-            <FilesMatch \.(php|phar)$>
-                SetHandler "proxy:unix:/tmp/php-fpm.sock|fcgi://localhost"
-            </FilesMatch>
-        </Directory>
+        <filesMatch "\.(js|css|png|jpg|jpeg|gif|xml|txt)$">
+            ExpiresActive On
+            ExpiresDefault "access plus 14 day"
+            Header append Cache-Control "public"
+        </filesMatch>
+    </Directory>
 
-        <Directory "/usr/share/zabbix/conf">
-            Require all denied
-            <files *.php>
-                Order deny,allow
-                Deny from all
-            </files>
-        </Directory>
+    <Directory "/usr/share/zabbix/conf">
+        Require all denied
+        <files *.php>
+            Order deny,allow
+            Deny from all
+        </files>
+    </Directory>
 
-        <Directory "/usr/share/zabbix/app">
-            Require all denied
-            <files *.php>
-                Order deny,allow
-                Deny from all
-            </files>
-        </Directory>
+    <Directory "/usr/share/zabbix/app">
+        Require all denied
+        <files *.php>
+            Order deny,allow
+            Deny from all
+        </files>
+    </Directory>
 
-        <Directory "/usr/share/zabbix/include">
-            Require all denied
-            <files *.php>
-                Order deny,allow
-                Deny from all
-            </files>
-        </Directory>
+    <Directory "/usr/share/zabbix/include">
+        Require all denied
+        <files *.php>
+            Order deny,allow
+            Deny from all
+        </files>
+    </Directory>
 
-        <Directory "/usr/share/zabbix/local">
-            Require all denied
-            <files *.php>
-                Order deny,allow
-                Deny from all
-            </files>
-        </Directory>
+    <Directory "/usr/share/zabbix/local">
+        Require all denied
+        <files *.php>
+            Order deny,allow
+            Deny from all
+        </files>
+    </Directory>
 
-        <Directory "/usr/share/zabbix/locale">
-            Require all denied
-            <files *.php>
-                Order deny,allow
-                Deny from all
-            </files>
-        </Directory>
+    <Directory "/usr/share/zabbix/locale">
+        Require all denied
+        <files *.php>
+            Order deny,allow
+            Deny from all
+        </files>
+    </Directory>
 
-        <Directory "/usr/share/zabbix/vendor">
-            Require all denied
-            <files *.php>
-                Order deny,allow
-                Deny from all
-            </files>
-        </Directory>
-    </VirtualHost>
+    <Directory "/usr/share/zabbix/vendor">
+        Require all denied
+        <files *.php>
+            Order deny,allow
+            Deny from all
+        </files>
+    </Directory>
+</VirtualHost>