From 6214417384aa24ff1444e63bdd8bb3b7853180c9 Mon Sep 17 00:00:00 2001
From: lordrobincbz <robincrombez.pro@gmail.com>
Date: Wed, 11 Dec 2024 14:44:09 +0100
Subject: [PATCH 1/9] feat:(config.inc.php/docker-entrypoint.sh): Add support
 for mTLS to a remote server/cluster/service

---
 README.md                       |  9 ++++-
 apache/config.inc.php           | 28 +++++++++++++++
 apache/docker-entrypoint.sh     | 64 +++++++++++++++++++++++++++++++++
 fpm-alpine/config.inc.php       | 28 +++++++++++++++
 fpm-alpine/docker-entrypoint.sh | 63 ++++++++++++++++++++++++++++++++
 fpm/config.inc.php              | 28 +++++++++++++++
 fpm/docker-entrypoint.sh        | 63 ++++++++++++++++++++++++++++++++
 7 files changed, 282 insertions(+), 1 deletion(-)

diff --git a/README.md b/README.md
index 8fbece6..dfa2279 100644
--- a/README.md
+++ b/README.md
@@ -185,7 +185,14 @@ docker run --name phpmyadmin -d -e PMA_HOSTS='sslhost,nosslhost' -e PMA_SSLS='1,
 * ``PMA_SOCKET`` - define socket file for the MySQL connection
 * ``PMA_SOCKETS`` - define comma separated list of socket files for the MySQL connections
 * ``PMA_SSL`` - when set to 1, defines SSL usage for the MySQL connection
-* ``PMA_SSLS`` - comma separated list of `0` and `1` defining SSL usage for the corresponding MySQL connections
+* ``PMA_SSL_VERIFY`` - when set to 1, enables SSL certificate verification for the MySQL connection.
+* ``PMA_SSL_VERIFIES`` - comma-separated list of `0` and `1` to enable or disable SSL certificate verification for multiple MySQL connections.
+* ``PMA_SSL_CA_BASE64`` - in the context of mTLS security, allows setting your CA file as a base64 string inside the default `config.inc.php`.
+* ``PMA_SSL_CAS_BASE64`` - in the context of mTLS security, allows setting multiple CA files as a comma-separated list of base64 strings inside the default `config.inc.php`.
+* ``PMA_SSL_CERT_BASE64`` - in the context of mTLS security, allows setting your CERT file as a base64 string inside the default `config.inc.php`.
+* ``PMA_SSL_CERTS_BASE64`` - in the context of mTLS security, allows setting multiple CERT files as a comma-separated list of base64 strings inside the default `config.inc.php`.
+* ``PMA_SSL_KEY_BASE64`` - in the context of mTLS security, allows setting your KEY file as a base64 string inside the default `config.inc.php`.
+* ``PMA_SSL_KEYS_BASE64`` - in the context of mTLS security, allows setting multiple KEY files as a comma-separated list of base64 strings inside the default `config.inc.php`.
 * ``PMA_USER`` and ``PMA_PASSWORD`` - define username and password to use only with the `config` authentication method
 * ``PMA_ABSOLUTE_URI`` - the full URL to phpMyAdmin. Sometimes needed when used in a reverse-proxy configuration. Don't set this unless needed. See [documentation](https://docs.phpmyadmin.net/en/latest/config.html#cfg_PmaAbsoluteUri).
 * ``PMA_CONFIG_BASE64`` - if set, this option will override the default `config.inc.php` with the base64 decoded contents of the variable
diff --git a/apache/config.inc.php b/apache/config.inc.php
index 9f5d2ac..693a715 100644
--- a/apache/config.inc.php
+++ b/apache/config.inc.php
@@ -28,7 +28,15 @@
     'PMA_UPLOADDIR',
     'PMA_SAVEDIR',
     'PMA_SSL',
+    'PMA_SSL_VERIFY',
+    'PMA_SSL_CA',
+    'PMA_SSL_KEY',
+    'PMA_SSL_CERT',
     'PMA_SSLS',
+    'PMA_SSL_VERIFIES',
+    'PMA_SSL_CAS',
+    'PMA_SSL_KEYS',
+    'PMA_SSL_CERTS'
 ];
 
 foreach ($vars as $var) {
@@ -66,11 +74,19 @@
     $verbose = [$_ENV['PMA_VERBOSE']];
     $ports = [$_ENV['PMA_PORT']];
     $ssls = [$_ENV['PMA_SSL']];
+    $ssl_verifies = [$_ENV['PMA_SSL_VERIFY']];
+    $ssl_cas = [$_ENV['PMA_SSL_CA']];
+    $ssl_keys = [$_ENV['PMA_SSL_KEY']];
+    $ssl_certs = [$_ENV['PMA_SSL_CERT']];
 } elseif (! empty($_ENV['PMA_HOSTS'])) {
     $hosts = array_map('trim', explode(',', $_ENV['PMA_HOSTS']));
     $verbose = array_map('trim', explode(',', $_ENV['PMA_VERBOSES']));
     $ports = array_map('trim', explode(',', $_ENV['PMA_PORTS']));
     $ssls = array_map('trim', explode(',', $_ENV['PMA_SSLS']));
+    $ssl_verifies = array_map('trim', explode(',', $_ENV['PMA_SSL_VERIFIES']));
+    $ssl_cas = array_map('trim', explode(',', $_ENV['PMA_SSL_CAS']));
+    $ssl_keys = array_map('trim', explode(',', $_ENV['PMA_SSL_KEYS']));
+    $ssl_certs = array_map('trim', explode(',', $_ENV['PMA_SSL_CERTS']));
 }
 
 if (! empty($_ENV['PMA_SOCKET'])) {
@@ -84,6 +100,18 @@
     if (isset($ssls[$i - 1]) && $ssls[$i - 1] === '1') {
         $cfg['Servers'][$i]['ssl'] = $ssls[$i - 1];
     }
+    if (isset($ssl_verifies[$i - 1]) && $ssl_verifies[$i - 1] === '1') {
+        $cfg['Servers'][$i]['ssl_verify'] = $ssl_verifies[$i - 1];
+    }
+    if (isset($ssl_cas[$i - 1])) {
+        $cfg['Servers'][$i]['ssl_ca'] = $ssl_cas[$i - 1];
+    }
+    if (isset($ssl_keys[$i - 1])) {
+        $cfg['Servers'][$i]['ssl_key'] = $ssl_keys[$i - 1];
+    }
+    if (isset($ssl_certs[$i - 1])) {
+        $cfg['Servers'][$i]['ssl_cert'] = $ssl_certs[$i - 1];
+    }
     $cfg['Servers'][$i]['host'] = $hosts[$i - 1];
     if (isset($verbose[$i - 1])) {
         $cfg['Servers'][$i]['verbose'] = $verbose[$i - 1];
diff --git a/apache/docker-entrypoint.sh b/apache/docker-entrypoint.sh
index 5c2e85a..655072f 100755
--- a/apache/docker-entrypoint.sh
+++ b/apache/docker-entrypoint.sh
@@ -29,6 +29,45 @@ if [ ! -z "${PMA_USER_CONFIG_BASE64}" ]; then
     echo "${PMA_USER_CONFIG_BASE64}" | base64 -d > /etc/phpmyadmin/config.user.inc.php
 fi
 
+if [ ! -z "${PMA_SSL_CA_BASE64}" ]; then
+    mkdir -p /etc/phpmyadmin/ssl
+    echo "Adding the custom pma-ssl-ca from base64."
+    echo "${PMA_SSL_CA_BASE64}" | base64 -d > /etc/phpmyadmin/ssl/pma-ssl-ca.pem
+    export "PMA_SSL_CA"="/etc/phpmyadmin/ssl/pma-ssl-ca.pem"
+fi
+
+if [ ! -z "${PMA_SSL_KEY_BASE64}" ]; then
+    mkdir -p /etc/phpmyadmin/ssl
+    echo "Adding the custom pma-ssl-key from base64."
+    echo "${PMA_SSL_KEY_BASE64}" | base64 -d > /etc/phpmyadmin/ssl/pma-ssl-key.key
+    export "PMA_SSL_KEY"="/etc/phpmyadmin/ssl/pma-ssl-key.key"
+fi
+
+if [ ! -z "${PMA_SSL_CERT_BASE64}" ]; then
+    mkdir -p /etc/phpmyadmin/ssl
+    echo "Adding the custom pma-ssl-cert from base64."
+    echo "${PMA_SSL_CERT_BASE64}" | base64 -d > /etc/phpmyadmin/ssl/pma-ssl-cert.pem
+    export "PMA_SSL_CERT"="/etc/phpmyadmin/ssl/pma-ssl-cert.pem"
+fi
+
+if [ ! -z "${PMA_SSL_CAS_BASE64}" ]; then
+    echo "Adding multiples custom pma-ssl-ca from base64."
+    PMA_SSL_CAS=$(generate_ssl_files "${PMA_SSL_CAS_BASE64}" "CA" "pem")
+    export "PMA_SSL_CAS"
+fi
+
+if [ ! -z "${PMA_SSL_KEYS_BASE64}" ]; then
+    echo "Adding multiples custom pma-ssl-key from base64."
+    PMA_SSL_KEYS=$(generate_ssl_files "${PMA_SSL_KEYS_BASE64}" "CERT" "cert")
+    export "PMA_SSL_KEYS"
+fi
+
+if [ ! -z "${PMA_SSL_CERTS_BASE64}" ]; then
+    echo "Adding multiples custom pma-ssl-cert from base64."
+    PMA_SSL_CERTS=$(generate_ssl_files "${PMA_SSL_CERTS_BASE64}" "KEY" "key")
+    export "PMA_SSL_CERTS"
+fi
+
 # start: Apache specific settings
 if [ -n "${APACHE_PORT+x}" ]; then
     echo "Setting apache port to ${APACHE_PORT}."
@@ -50,6 +89,31 @@ get_docker_secret() {
     fi
 }
 
+# This function generates SSL files from a base64 encoded string.
+# Arguments:
+#   1. base64_string: A comma-separated string of base64 encoded SSL files.
+#   2. prefix: A prefix to be used in the output file names.
+#   3. extension: The file extension to be used for the output files.
+# The function creates a directory for the SSL files, decodes each base64 string,
+# writes the decoded content to a file, and returns a comma-separated list of the generated file paths.
+# 
+generate_ssl_files() {
+    local base64_string="${1}"
+    local output_dir="/etc/phpmyadmin/ssl"
+    mkdir -p "${output_dir}"
+    IFS=',' read -ra FILES <<< "${base64_string}"
+    local counter=1
+    local ssl_files=""
+    for file in "${FILES[@]}"; do
+        local output_file="${output_dir}/pma-ssl-${2}-${counter}.${3}"
+        echo "${file}" | base64 -d > "${output_file}"
+        ssl_files="${ssl_files}${output_file},"
+        counter=$((counter + 1))
+    done
+    ssl_files="${ssl_files%,}"
+    echo "${ssl_files}"
+}
+
 get_docker_secret PMA_USER
 get_docker_secret PMA_PASSWORD
 get_docker_secret MYSQL_ROOT_PASSWORD
diff --git a/fpm-alpine/config.inc.php b/fpm-alpine/config.inc.php
index 9f5d2ac..693a715 100644
--- a/fpm-alpine/config.inc.php
+++ b/fpm-alpine/config.inc.php
@@ -28,7 +28,15 @@
     'PMA_UPLOADDIR',
     'PMA_SAVEDIR',
     'PMA_SSL',
+    'PMA_SSL_VERIFY',
+    'PMA_SSL_CA',
+    'PMA_SSL_KEY',
+    'PMA_SSL_CERT',
     'PMA_SSLS',
+    'PMA_SSL_VERIFIES',
+    'PMA_SSL_CAS',
+    'PMA_SSL_KEYS',
+    'PMA_SSL_CERTS'
 ];
 
 foreach ($vars as $var) {
@@ -66,11 +74,19 @@
     $verbose = [$_ENV['PMA_VERBOSE']];
     $ports = [$_ENV['PMA_PORT']];
     $ssls = [$_ENV['PMA_SSL']];
+    $ssl_verifies = [$_ENV['PMA_SSL_VERIFY']];
+    $ssl_cas = [$_ENV['PMA_SSL_CA']];
+    $ssl_keys = [$_ENV['PMA_SSL_KEY']];
+    $ssl_certs = [$_ENV['PMA_SSL_CERT']];
 } elseif (! empty($_ENV['PMA_HOSTS'])) {
     $hosts = array_map('trim', explode(',', $_ENV['PMA_HOSTS']));
     $verbose = array_map('trim', explode(',', $_ENV['PMA_VERBOSES']));
     $ports = array_map('trim', explode(',', $_ENV['PMA_PORTS']));
     $ssls = array_map('trim', explode(',', $_ENV['PMA_SSLS']));
+    $ssl_verifies = array_map('trim', explode(',', $_ENV['PMA_SSL_VERIFIES']));
+    $ssl_cas = array_map('trim', explode(',', $_ENV['PMA_SSL_CAS']));
+    $ssl_keys = array_map('trim', explode(',', $_ENV['PMA_SSL_KEYS']));
+    $ssl_certs = array_map('trim', explode(',', $_ENV['PMA_SSL_CERTS']));
 }
 
 if (! empty($_ENV['PMA_SOCKET'])) {
@@ -84,6 +100,18 @@
     if (isset($ssls[$i - 1]) && $ssls[$i - 1] === '1') {
         $cfg['Servers'][$i]['ssl'] = $ssls[$i - 1];
     }
+    if (isset($ssl_verifies[$i - 1]) && $ssl_verifies[$i - 1] === '1') {
+        $cfg['Servers'][$i]['ssl_verify'] = $ssl_verifies[$i - 1];
+    }
+    if (isset($ssl_cas[$i - 1])) {
+        $cfg['Servers'][$i]['ssl_ca'] = $ssl_cas[$i - 1];
+    }
+    if (isset($ssl_keys[$i - 1])) {
+        $cfg['Servers'][$i]['ssl_key'] = $ssl_keys[$i - 1];
+    }
+    if (isset($ssl_certs[$i - 1])) {
+        $cfg['Servers'][$i]['ssl_cert'] = $ssl_certs[$i - 1];
+    }
     $cfg['Servers'][$i]['host'] = $hosts[$i - 1];
     if (isset($verbose[$i - 1])) {
         $cfg['Servers'][$i]['verbose'] = $verbose[$i - 1];
diff --git a/fpm-alpine/docker-entrypoint.sh b/fpm-alpine/docker-entrypoint.sh
index 0d98e27..7a4c8f7 100755
--- a/fpm-alpine/docker-entrypoint.sh
+++ b/fpm-alpine/docker-entrypoint.sh
@@ -29,6 +29,44 @@ if [ ! -z "${PMA_USER_CONFIG_BASE64}" ]; then
     echo "${PMA_USER_CONFIG_BASE64}" | base64 -d > /etc/phpmyadmin/config.user.inc.php
 fi
 
+if [ ! -z "${PMA_SSL_CA_BASE64}" ]; then
+    mkdir -p /etc/phpmyadmin/ssl
+    echo "Adding the custom pma-ssl-ca from base64."
+    echo "${PMA_SSL_CA_BASE64}" | base64 -d > /etc/phpmyadmin/ssl/pma-ssl-ca.pem
+    export "PMA_SSL_CA"="/etc/phpmyadmin/ssl/pma-ssl-ca.pem"
+fi
+
+if [ ! -z "${PMA_SSL_KEY_BASE64}" ]; then
+    mkdir -p /etc/phpmyadmin/ssl
+    echo "Adding the custom pma-ssl-key from base64."
+    echo "${PMA_SSL_KEY_BASE64}" | base64 -d > /etc/phpmyadmin/ssl/pma-ssl-key.key
+    export "PMA_SSL_KEY"="/etc/phpmyadmin/ssl/pma-ssl-key.key"
+fi
+
+if [ ! -z "${PMA_SSL_CERT_BASE64}" ]; then
+    mkdir -p /etc/phpmyadmin/ssl
+    echo "Adding the custom pma-ssl-cert from base64."
+    echo "${PMA_SSL_CERT_BASE64}" | base64 -d > /etc/phpmyadmin/ssl/pma-ssl-cert.pem
+    export "PMA_SSL_CERT"="/etc/phpmyadmin/ssl/pma-ssl-cert.pem"
+fi
+
+if [ ! -z "${PMA_SSL_CAS_BASE64}" ]; then
+    echo "Adding multiples custom pma-ssl-ca from base64."
+    PMA_SSL_CAS=$(generate_ssl_files "${PMA_SSL_CAS_BASE64}" "CA" "pem")
+    export "PMA_SSL_CAS"
+fi
+
+if [ ! -z "${PMA_SSL_KEYS_BASE64}" ]; then
+    echo "Adding multiples custom pma-ssl-key from base64."
+    PMA_SSL_KEYS=$(generate_ssl_files "${PMA_SSL_KEYS_BASE64}" "CERT" "cert")
+    export "PMA_SSL_KEYS"
+fi
+
+if [ ! -z "${PMA_SSL_CERTS_BASE64}" ]; then
+    echo "Adding multiples custom pma-ssl-cert from base64."
+    PMA_SSL_CERTS=$(generate_ssl_files "${PMA_SSL_CERTS_BASE64}" "KEY" "key")
+    export "PMA_SSL_CERTS"
+fi
 
 get_docker_secret() {
     local env_var="${1}"
@@ -42,6 +80,31 @@ get_docker_secret() {
     fi
 }
 
+# This function generates SSL files from a base64 encoded string.
+# Arguments:
+#   1. base64_string: A comma-separated string of base64 encoded SSL files.
+#   2. prefix: A prefix to be used in the output file names.
+#   3. extension: The file extension to be used for the output files.
+# The function creates a directory for the SSL files, decodes each base64 string,
+# writes the decoded content to a file, and returns a comma-separated list of the generated file paths.
+# 
+generate_ssl_files() {
+    local base64_string="${1}"
+    local output_dir="/etc/phpmyadmin/ssl"
+    mkdir -p "${output_dir}"
+    IFS=',' read -ra FILES <<< "${base64_string}"
+    local counter=1
+    local ssl_files=""
+    for file in "${FILES[@]}"; do
+        local output_file="${output_dir}/pma-ssl-${2}-${counter}.${3}"
+        echo "${file}" | base64 -d > "${output_file}"
+        ssl_files="${ssl_files}${output_file},"
+        counter=$((counter + 1))
+    done
+    ssl_files="${ssl_files%,}"
+    echo "${ssl_files}"
+}
+
 get_docker_secret PMA_USER
 get_docker_secret PMA_PASSWORD
 get_docker_secret MYSQL_ROOT_PASSWORD
diff --git a/fpm/config.inc.php b/fpm/config.inc.php
index 9f5d2ac..693a715 100644
--- a/fpm/config.inc.php
+++ b/fpm/config.inc.php
@@ -28,7 +28,15 @@
     'PMA_UPLOADDIR',
     'PMA_SAVEDIR',
     'PMA_SSL',
+    'PMA_SSL_VERIFY',
+    'PMA_SSL_CA',
+    'PMA_SSL_KEY',
+    'PMA_SSL_CERT',
     'PMA_SSLS',
+    'PMA_SSL_VERIFIES',
+    'PMA_SSL_CAS',
+    'PMA_SSL_KEYS',
+    'PMA_SSL_CERTS'
 ];
 
 foreach ($vars as $var) {
@@ -66,11 +74,19 @@
     $verbose = [$_ENV['PMA_VERBOSE']];
     $ports = [$_ENV['PMA_PORT']];
     $ssls = [$_ENV['PMA_SSL']];
+    $ssl_verifies = [$_ENV['PMA_SSL_VERIFY']];
+    $ssl_cas = [$_ENV['PMA_SSL_CA']];
+    $ssl_keys = [$_ENV['PMA_SSL_KEY']];
+    $ssl_certs = [$_ENV['PMA_SSL_CERT']];
 } elseif (! empty($_ENV['PMA_HOSTS'])) {
     $hosts = array_map('trim', explode(',', $_ENV['PMA_HOSTS']));
     $verbose = array_map('trim', explode(',', $_ENV['PMA_VERBOSES']));
     $ports = array_map('trim', explode(',', $_ENV['PMA_PORTS']));
     $ssls = array_map('trim', explode(',', $_ENV['PMA_SSLS']));
+    $ssl_verifies = array_map('trim', explode(',', $_ENV['PMA_SSL_VERIFIES']));
+    $ssl_cas = array_map('trim', explode(',', $_ENV['PMA_SSL_CAS']));
+    $ssl_keys = array_map('trim', explode(',', $_ENV['PMA_SSL_KEYS']));
+    $ssl_certs = array_map('trim', explode(',', $_ENV['PMA_SSL_CERTS']));
 }
 
 if (! empty($_ENV['PMA_SOCKET'])) {
@@ -84,6 +100,18 @@
     if (isset($ssls[$i - 1]) && $ssls[$i - 1] === '1') {
         $cfg['Servers'][$i]['ssl'] = $ssls[$i - 1];
     }
+    if (isset($ssl_verifies[$i - 1]) && $ssl_verifies[$i - 1] === '1') {
+        $cfg['Servers'][$i]['ssl_verify'] = $ssl_verifies[$i - 1];
+    }
+    if (isset($ssl_cas[$i - 1])) {
+        $cfg['Servers'][$i]['ssl_ca'] = $ssl_cas[$i - 1];
+    }
+    if (isset($ssl_keys[$i - 1])) {
+        $cfg['Servers'][$i]['ssl_key'] = $ssl_keys[$i - 1];
+    }
+    if (isset($ssl_certs[$i - 1])) {
+        $cfg['Servers'][$i]['ssl_cert'] = $ssl_certs[$i - 1];
+    }
     $cfg['Servers'][$i]['host'] = $hosts[$i - 1];
     if (isset($verbose[$i - 1])) {
         $cfg['Servers'][$i]['verbose'] = $verbose[$i - 1];
diff --git a/fpm/docker-entrypoint.sh b/fpm/docker-entrypoint.sh
index 0d98e27..7a4c8f7 100755
--- a/fpm/docker-entrypoint.sh
+++ b/fpm/docker-entrypoint.sh
@@ -29,6 +29,44 @@ if [ ! -z "${PMA_USER_CONFIG_BASE64}" ]; then
     echo "${PMA_USER_CONFIG_BASE64}" | base64 -d > /etc/phpmyadmin/config.user.inc.php
 fi
 
+if [ ! -z "${PMA_SSL_CA_BASE64}" ]; then
+    mkdir -p /etc/phpmyadmin/ssl
+    echo "Adding the custom pma-ssl-ca from base64."
+    echo "${PMA_SSL_CA_BASE64}" | base64 -d > /etc/phpmyadmin/ssl/pma-ssl-ca.pem
+    export "PMA_SSL_CA"="/etc/phpmyadmin/ssl/pma-ssl-ca.pem"
+fi
+
+if [ ! -z "${PMA_SSL_KEY_BASE64}" ]; then
+    mkdir -p /etc/phpmyadmin/ssl
+    echo "Adding the custom pma-ssl-key from base64."
+    echo "${PMA_SSL_KEY_BASE64}" | base64 -d > /etc/phpmyadmin/ssl/pma-ssl-key.key
+    export "PMA_SSL_KEY"="/etc/phpmyadmin/ssl/pma-ssl-key.key"
+fi
+
+if [ ! -z "${PMA_SSL_CERT_BASE64}" ]; then
+    mkdir -p /etc/phpmyadmin/ssl
+    echo "Adding the custom pma-ssl-cert from base64."
+    echo "${PMA_SSL_CERT_BASE64}" | base64 -d > /etc/phpmyadmin/ssl/pma-ssl-cert.pem
+    export "PMA_SSL_CERT"="/etc/phpmyadmin/ssl/pma-ssl-cert.pem"
+fi
+
+if [ ! -z "${PMA_SSL_CAS_BASE64}" ]; then
+    echo "Adding multiples custom pma-ssl-ca from base64."
+    PMA_SSL_CAS=$(generate_ssl_files "${PMA_SSL_CAS_BASE64}" "CA" "pem")
+    export "PMA_SSL_CAS"
+fi
+
+if [ ! -z "${PMA_SSL_KEYS_BASE64}" ]; then
+    echo "Adding multiples custom pma-ssl-key from base64."
+    PMA_SSL_KEYS=$(generate_ssl_files "${PMA_SSL_KEYS_BASE64}" "CERT" "cert")
+    export "PMA_SSL_KEYS"
+fi
+
+if [ ! -z "${PMA_SSL_CERTS_BASE64}" ]; then
+    echo "Adding multiples custom pma-ssl-cert from base64."
+    PMA_SSL_CERTS=$(generate_ssl_files "${PMA_SSL_CERTS_BASE64}" "KEY" "key")
+    export "PMA_SSL_CERTS"
+fi
 
 get_docker_secret() {
     local env_var="${1}"
@@ -42,6 +80,31 @@ get_docker_secret() {
     fi
 }
 
+# This function generates SSL files from a base64 encoded string.
+# Arguments:
+#   1. base64_string: A comma-separated string of base64 encoded SSL files.
+#   2. prefix: A prefix to be used in the output file names.
+#   3. extension: The file extension to be used for the output files.
+# The function creates a directory for the SSL files, decodes each base64 string,
+# writes the decoded content to a file, and returns a comma-separated list of the generated file paths.
+# 
+generate_ssl_files() {
+    local base64_string="${1}"
+    local output_dir="/etc/phpmyadmin/ssl"
+    mkdir -p "${output_dir}"
+    IFS=',' read -ra FILES <<< "${base64_string}"
+    local counter=1
+    local ssl_files=""
+    for file in "${FILES[@]}"; do
+        local output_file="${output_dir}/pma-ssl-${2}-${counter}.${3}"
+        echo "${file}" | base64 -d > "${output_file}"
+        ssl_files="${ssl_files}${output_file},"
+        counter=$((counter + 1))
+    done
+    ssl_files="${ssl_files%,}"
+    echo "${ssl_files}"
+}
+
 get_docker_secret PMA_USER
 get_docker_secret PMA_PASSWORD
 get_docker_secret MYSQL_ROOT_PASSWORD

From b78da1f2a386e6c427b204efeb31e155bc8c32ec Mon Sep 17 00:00:00 2001
From: lordrobincbz <robincrombez.pro@gmail.com>
Date: Sat, 21 Dec 2024 16:22:07 +0100
Subject: [PATCH 2/9] 
 fix(config.inc.php/docker-entrypoint.sh,dockerfile,helpers.php): Move TLS
 logic from entrypoint to php configuration files

---
 apache/Dockerfile           |  1 +
 apache/config.inc.php       | 44 +++++++++++++++++++++++++
 apache/docker-entrypoint.sh | 64 -------------------------------------
 apache/helpers.php          | 43 +++++++++++++++++++++++++
 4 files changed, 88 insertions(+), 64 deletions(-)
 create mode 100644 apache/helpers.php

diff --git a/apache/Dockerfile b/apache/Dockerfile
index 2984356..dfae652 100644
--- a/apache/Dockerfile
+++ b/apache/Dockerfile
@@ -140,6 +140,7 @@ RUN set -ex; \
 
 # Copy configuration
 COPY config.inc.php /etc/phpmyadmin/config.inc.php
+COPY helpers.php /etc/phpmyadmin/helpers.php
 RUN chown www-data:www-data -R /etc/phpmyadmin/
 
 # Copy main script
diff --git a/apache/config.inc.php b/apache/config.inc.php
index 693a715..74e5085 100644
--- a/apache/config.inc.php
+++ b/apache/config.inc.php
@@ -1,6 +1,9 @@
 <?php
 
+define('SSL_DIR', '/etc/phpmyadmin/ssl');
+
 require '/etc/phpmyadmin/config.secret.inc.php';
+require '/etc/phpmyadmin/helpers.php';
 
 /* Ensure we got the environment */
 $vars = [
@@ -63,6 +66,47 @@
     $cfg['PmaAbsoluteUri'] = trim($_ENV['PMA_ABSOLUTE_URI']);
 }
 
+if (isset($_ENV['PMA_SSL_CA_BASE64'])) {
+    if (!is_dir(SSL_DIR)) {
+        mkdir(SSL_DIR, 0755, true);
+    }
+    file_put_contents(SSL_DIR . '/pma-ssl-ca.pem', base64_decode($_ENV['PMA_SSL_CA_BASE64']));
+    $_ENV['PMA_SSL_CA'] = SSL_DIR . '/pma-ssl-ca.pem';
+}
+
+/* Decode and save the SSL key from base64 */
+if (isset($_ENV['PMA_SSL_KEY_BASE64'])) {
+    if (!is_dir(SSL_DIR)) {
+        mkdir(SSL_DIR, 0755, true);
+    }
+    file_put_contents(SSL_DIR . '/pma-ssl-key.key', base64_decode($_ENV['PMA_SSL_KEY_BASE64']));
+    $_ENV['PMA_SSL_KEY'] = SSL_DIR . '/pma-ssl-key.key';
+}
+
+/* Decode and save the SSL certificate from base64 */
+if (isset($_ENV['PMA_SSL_CERT_BASE64'])) {
+    if (!is_dir(SSL_DIR)) {
+        mkdir(SSL_DIR, 0755, true);
+    }
+    file_put_contents(SSL_DIR . '/pma-ssl-cert.pem', base64_decode($_ENV['PMA_SSL_CERT_BASE64']));
+    $_ENV['PMA_SSL_CERT'] = SSL_DIR . '/pma-ssl-cert.pem';
+}
+
+/* Decode and save multiple SSL CA certificates from base64 */
+if (isset($_ENV['PMA_SSL_CAS_BASE64'])) {
+    $_ENV['PMA_SSL_CAS'] = decodeAndSaveSslFiles($_ENV['PMA_SSL_CAS_BASE64'], 'CA', 'pem');
+}
+
+/* Decode and save multiple SSL keys from base64 */
+if (isset($_ENV['PMA_SSL_KEYS_BASE64'])) {
+    $_ENV['PMA_SSL_KEYS'] = decodeAndSaveSslFiles($_ENV['PMA_SSL_KEYS_BASE64'], 'CERT', 'cert');
+}
+
+/* Decode and save multiple SSL certificates from base64 */
+if (isset($_ENV['PMA_SSL_CERTS_BASE64'])) {
+    $_ENV['PMA_SSL_CERTS'] = decodeAndSaveSslFiles($_ENV['PMA_SSL_CERTS_BASE64'], 'KEY', 'key');
+}
+
 /* Figure out hosts */
 
 /* Fallback to default linked */
diff --git a/apache/docker-entrypoint.sh b/apache/docker-entrypoint.sh
index 655072f..5c2e85a 100755
--- a/apache/docker-entrypoint.sh
+++ b/apache/docker-entrypoint.sh
@@ -29,45 +29,6 @@ if [ ! -z "${PMA_USER_CONFIG_BASE64}" ]; then
     echo "${PMA_USER_CONFIG_BASE64}" | base64 -d > /etc/phpmyadmin/config.user.inc.php
 fi
 
-if [ ! -z "${PMA_SSL_CA_BASE64}" ]; then
-    mkdir -p /etc/phpmyadmin/ssl
-    echo "Adding the custom pma-ssl-ca from base64."
-    echo "${PMA_SSL_CA_BASE64}" | base64 -d > /etc/phpmyadmin/ssl/pma-ssl-ca.pem
-    export "PMA_SSL_CA"="/etc/phpmyadmin/ssl/pma-ssl-ca.pem"
-fi
-
-if [ ! -z "${PMA_SSL_KEY_BASE64}" ]; then
-    mkdir -p /etc/phpmyadmin/ssl
-    echo "Adding the custom pma-ssl-key from base64."
-    echo "${PMA_SSL_KEY_BASE64}" | base64 -d > /etc/phpmyadmin/ssl/pma-ssl-key.key
-    export "PMA_SSL_KEY"="/etc/phpmyadmin/ssl/pma-ssl-key.key"
-fi
-
-if [ ! -z "${PMA_SSL_CERT_BASE64}" ]; then
-    mkdir -p /etc/phpmyadmin/ssl
-    echo "Adding the custom pma-ssl-cert from base64."
-    echo "${PMA_SSL_CERT_BASE64}" | base64 -d > /etc/phpmyadmin/ssl/pma-ssl-cert.pem
-    export "PMA_SSL_CERT"="/etc/phpmyadmin/ssl/pma-ssl-cert.pem"
-fi
-
-if [ ! -z "${PMA_SSL_CAS_BASE64}" ]; then
-    echo "Adding multiples custom pma-ssl-ca from base64."
-    PMA_SSL_CAS=$(generate_ssl_files "${PMA_SSL_CAS_BASE64}" "CA" "pem")
-    export "PMA_SSL_CAS"
-fi
-
-if [ ! -z "${PMA_SSL_KEYS_BASE64}" ]; then
-    echo "Adding multiples custom pma-ssl-key from base64."
-    PMA_SSL_KEYS=$(generate_ssl_files "${PMA_SSL_KEYS_BASE64}" "CERT" "cert")
-    export "PMA_SSL_KEYS"
-fi
-
-if [ ! -z "${PMA_SSL_CERTS_BASE64}" ]; then
-    echo "Adding multiples custom pma-ssl-cert from base64."
-    PMA_SSL_CERTS=$(generate_ssl_files "${PMA_SSL_CERTS_BASE64}" "KEY" "key")
-    export "PMA_SSL_CERTS"
-fi
-
 # start: Apache specific settings
 if [ -n "${APACHE_PORT+x}" ]; then
     echo "Setting apache port to ${APACHE_PORT}."
@@ -89,31 +50,6 @@ get_docker_secret() {
     fi
 }
 
-# This function generates SSL files from a base64 encoded string.
-# Arguments:
-#   1. base64_string: A comma-separated string of base64 encoded SSL files.
-#   2. prefix: A prefix to be used in the output file names.
-#   3. extension: The file extension to be used for the output files.
-# The function creates a directory for the SSL files, decodes each base64 string,
-# writes the decoded content to a file, and returns a comma-separated list of the generated file paths.
-# 
-generate_ssl_files() {
-    local base64_string="${1}"
-    local output_dir="/etc/phpmyadmin/ssl"
-    mkdir -p "${output_dir}"
-    IFS=',' read -ra FILES <<< "${base64_string}"
-    local counter=1
-    local ssl_files=""
-    for file in "${FILES[@]}"; do
-        local output_file="${output_dir}/pma-ssl-${2}-${counter}.${3}"
-        echo "${file}" | base64 -d > "${output_file}"
-        ssl_files="${ssl_files}${output_file},"
-        counter=$((counter + 1))
-    done
-    ssl_files="${ssl_files%,}"
-    echo "${ssl_files}"
-}
-
 get_docker_secret PMA_USER
 get_docker_secret PMA_PASSWORD
 get_docker_secret MYSQL_ROOT_PASSWORD
diff --git a/apache/helpers.php b/apache/helpers.php
new file mode 100644
index 0000000..54d2942
--- /dev/null
+++ b/apache/helpers.php
@@ -0,0 +1,43 @@
+<?php
+
+class SslFileGenerationException extends Exception {}
+
+define('OUTPUT_DIR', '/etc/phpmyadmin/ssl');
+
+/**
+ * Helper function to decode and save multiple SSL files from base64.
+ *
+ * @param string $base64_string The base64 encoded string containing multiple SSL files separated by commas.
+ *                               If no commas are present, the entire string is treated as a single file.
+ * @param string $prefix The prefix to use for the generated SSL file names.
+ * @param string $extension The file extension to use for the generated SSL files.
+ * @return string A comma-separated list of paths to the generated SSL files.
+ */
+function decodeAndSaveSslFiles($base64_string, $prefix, $extension) {
+    // Ensure the output directory exists
+    if (!is_dir(OUTPUT_DIR)) {
+        mkdir(OUTPUT_DIR, 0755, true);
+    }
+
+    // Split the base64 string into an array of files
+    $files = strpos($base64_string, ',') !== false ? explode(',', $base64_string) : [$base64_string];
+    $counter = 1;
+    $ssl_files = [];
+
+    // Process each file
+    foreach ($files as $file) {
+        $output_file = OUTPUT_DIR . "/pma-ssl-$prefix-$counter.$extension";
+        
+        // Write the decoded file to the output directory
+        if (file_put_contents($output_file, base64_decode($file)) === false) {
+            throw new SslFileGenerationException("Failed to write to $output_file");
+        }
+        
+        // Add the output file path to the list
+        $ssl_files[] = $output_file;
+        $counter++;
+    }
+
+    // Return a comma-separated list of the generated file paths
+    return implode(',', $ssl_files);
+}

From 088137ef49811cc4f33cfe8a470cdf22a960f971 Mon Sep 17 00:00:00 2001
From: lordrobincbz <robincrombez.pro@gmail.com>
Date: Sat, 21 Dec 2024 16:24:25 +0100
Subject: [PATCH 3/9] 
 fix(config.inc.php/docker-entrypoint.sh,dockerfile,helpers.php): Move TLS
 logic from entrypoint to php configuration files, in all other build

---
 README.md                       | 12 +++----
 fpm-alpine/Dockerfile           |  1 +
 fpm-alpine/config.inc.php       | 41 +++++++++++++++++++++
 fpm-alpine/docker-entrypoint.sh | 64 ---------------------------------
 fpm-alpine/helpers.php          | 43 ++++++++++++++++++++++
 fpm/Dockerfile                  |  1 +
 fpm/config.inc.php              | 41 +++++++++++++++++++++
 fpm/docker-entrypoint.sh        | 64 ---------------------------------
 fpm/helpers.php                 | 43 ++++++++++++++++++++++
 9 files changed, 176 insertions(+), 134 deletions(-)
 create mode 100644 fpm-alpine/helpers.php
 create mode 100644 fpm/helpers.php

diff --git a/README.md b/README.md
index dfa2279..34c202b 100644
--- a/README.md
+++ b/README.md
@@ -187,12 +187,12 @@ docker run --name phpmyadmin -d -e PMA_HOSTS='sslhost,nosslhost' -e PMA_SSLS='1,
 * ``PMA_SSL`` - when set to 1, defines SSL usage for the MySQL connection
 * ``PMA_SSL_VERIFY`` - when set to 1, enables SSL certificate verification for the MySQL connection.
 * ``PMA_SSL_VERIFIES`` - comma-separated list of `0` and `1` to enable or disable SSL certificate verification for multiple MySQL connections.
-* ``PMA_SSL_CA_BASE64`` - in the context of mTLS security, allows setting your CA file as a base64 string inside the default `config.inc.php`.
-* ``PMA_SSL_CAS_BASE64`` - in the context of mTLS security, allows setting multiple CA files as a comma-separated list of base64 strings inside the default `config.inc.php`.
-* ``PMA_SSL_CERT_BASE64`` - in the context of mTLS security, allows setting your CERT file as a base64 string inside the default `config.inc.php`.
-* ``PMA_SSL_CERTS_BASE64`` - in the context of mTLS security, allows setting multiple CERT files as a comma-separated list of base64 strings inside the default `config.inc.php`.
-* ``PMA_SSL_KEY_BASE64`` - in the context of mTLS security, allows setting your KEY file as a base64 string inside the default `config.inc.php`.
-* ``PMA_SSL_KEYS_BASE64`` - in the context of mTLS security, allows setting multiple KEY files as a comma-separated list of base64 strings inside the default `config.inc.php`.
+* ``PMA_SSL_CA_BASE64`` - in the context of mutual TLS security, allows setting your CA file as a base64 string inside the default `config.inc.php`.
+* ``PMA_SSL_CAS_BASE64`` - in the context of mutual TLS security, allows setting multiple CA files as a comma-separated list of base64 strings inside the default `config.inc.php`.
+* ``PMA_SSL_CERT_BASE64`` - in the context of mutual TLS security, allows setting your CERT file as a base64 string inside the default `config.inc.php`.
+* ``PMA_SSL_CERTS_BASE64`` - in the context of mutual TLS security, allows setting multiple CERT files as a comma-separated list of base64 strings inside the default `config.inc.php`.
+* ``PMA_SSL_KEY_BASE64`` - in the context of mutual TLS security, allows setting your KEY file as a base64 string inside the default `config.inc.php`.
+* ``PMA_SSL_KEYS_BASE64`` - in the context of mutual TLS security, allows setting multiple KEY files as a comma-separated list of base64 strings inside the default `config.inc.php`.
 * ``PMA_USER`` and ``PMA_PASSWORD`` - define username and password to use only with the `config` authentication method
 * ``PMA_ABSOLUTE_URI`` - the full URL to phpMyAdmin. Sometimes needed when used in a reverse-proxy configuration. Don't set this unless needed. See [documentation](https://docs.phpmyadmin.net/en/latest/config.html#cfg_PmaAbsoluteUri).
 * ``PMA_CONFIG_BASE64`` - if set, this option will override the default `config.inc.php` with the base64 decoded contents of the variable
diff --git a/fpm-alpine/Dockerfile b/fpm-alpine/Dockerfile
index f947994..4e189a0 100644
--- a/fpm-alpine/Dockerfile
+++ b/fpm-alpine/Dockerfile
@@ -120,6 +120,7 @@ RUN set -ex; \
 
 # Copy configuration
 COPY config.inc.php /etc/phpmyadmin/config.inc.php
+COPY helpers.php /etc/phpmyadmin/helpers.php
 RUN chown www-data:www-data -R /etc/phpmyadmin/
 
 # Copy main script
diff --git a/fpm-alpine/config.inc.php b/fpm-alpine/config.inc.php
index 693a715..fb0feeb 100644
--- a/fpm-alpine/config.inc.php
+++ b/fpm-alpine/config.inc.php
@@ -63,6 +63,47 @@
     $cfg['PmaAbsoluteUri'] = trim($_ENV['PMA_ABSOLUTE_URI']);
 }
 
+if (isset($_ENV['PMA_SSL_CA_BASE64'])) {
+    if (!is_dir(SSL_DIR)) {
+        mkdir(SSL_DIR, 0755, true);
+    }
+    file_put_contents(SSL_DIR . '/pma-ssl-ca.pem', base64_decode($_ENV['PMA_SSL_CA_BASE64']));
+    $_ENV['PMA_SSL_CA'] = SSL_DIR . '/pma-ssl-ca.pem';
+}
+
+/* Decode and save the SSL key from base64 */
+if (isset($_ENV['PMA_SSL_KEY_BASE64'])) {
+    if (!is_dir(SSL_DIR)) {
+        mkdir(SSL_DIR, 0755, true);
+    }
+    file_put_contents(SSL_DIR . '/pma-ssl-key.key', base64_decode($_ENV['PMA_SSL_KEY_BASE64']));
+    $_ENV['PMA_SSL_KEY'] = SSL_DIR . '/pma-ssl-key.key';
+}
+
+/* Decode and save the SSL certificate from base64 */
+if (isset($_ENV['PMA_SSL_CERT_BASE64'])) {
+    if (!is_dir(SSL_DIR)) {
+        mkdir(SSL_DIR, 0755, true);
+    }
+    file_put_contents(SSL_DIR . '/pma-ssl-cert.pem', base64_decode($_ENV['PMA_SSL_CERT_BASE64']));
+    $_ENV['PMA_SSL_CERT'] = SSL_DIR . '/pma-ssl-cert.pem';
+}
+
+/* Decode and save multiple SSL CA certificates from base64 */
+if (isset($_ENV['PMA_SSL_CAS_BASE64'])) {
+    $_ENV['PMA_SSL_CAS'] = decodeAndSaveSslFiles($_ENV['PMA_SSL_CAS_BASE64'], 'CA', 'pem');
+}
+
+/* Decode and save multiple SSL keys from base64 */
+if (isset($_ENV['PMA_SSL_KEYS_BASE64'])) {
+    $_ENV['PMA_SSL_KEYS'] = decodeAndSaveSslFiles($_ENV['PMA_SSL_KEYS_BASE64'], 'CERT', 'cert');
+}
+
+/* Decode and save multiple SSL certificates from base64 */
+if (isset($_ENV['PMA_SSL_CERTS_BASE64'])) {
+    $_ENV['PMA_SSL_CERTS'] = decodeAndSaveSslFiles($_ENV['PMA_SSL_CERTS_BASE64'], 'KEY', 'key');
+}
+
 /* Figure out hosts */
 
 /* Fallback to default linked */
diff --git a/fpm-alpine/docker-entrypoint.sh b/fpm-alpine/docker-entrypoint.sh
index 7a4c8f7..51c8303 100755
--- a/fpm-alpine/docker-entrypoint.sh
+++ b/fpm-alpine/docker-entrypoint.sh
@@ -29,45 +29,6 @@ if [ ! -z "${PMA_USER_CONFIG_BASE64}" ]; then
     echo "${PMA_USER_CONFIG_BASE64}" | base64 -d > /etc/phpmyadmin/config.user.inc.php
 fi
 
-if [ ! -z "${PMA_SSL_CA_BASE64}" ]; then
-    mkdir -p /etc/phpmyadmin/ssl
-    echo "Adding the custom pma-ssl-ca from base64."
-    echo "${PMA_SSL_CA_BASE64}" | base64 -d > /etc/phpmyadmin/ssl/pma-ssl-ca.pem
-    export "PMA_SSL_CA"="/etc/phpmyadmin/ssl/pma-ssl-ca.pem"
-fi
-
-if [ ! -z "${PMA_SSL_KEY_BASE64}" ]; then
-    mkdir -p /etc/phpmyadmin/ssl
-    echo "Adding the custom pma-ssl-key from base64."
-    echo "${PMA_SSL_KEY_BASE64}" | base64 -d > /etc/phpmyadmin/ssl/pma-ssl-key.key
-    export "PMA_SSL_KEY"="/etc/phpmyadmin/ssl/pma-ssl-key.key"
-fi
-
-if [ ! -z "${PMA_SSL_CERT_BASE64}" ]; then
-    mkdir -p /etc/phpmyadmin/ssl
-    echo "Adding the custom pma-ssl-cert from base64."
-    echo "${PMA_SSL_CERT_BASE64}" | base64 -d > /etc/phpmyadmin/ssl/pma-ssl-cert.pem
-    export "PMA_SSL_CERT"="/etc/phpmyadmin/ssl/pma-ssl-cert.pem"
-fi
-
-if [ ! -z "${PMA_SSL_CAS_BASE64}" ]; then
-    echo "Adding multiples custom pma-ssl-ca from base64."
-    PMA_SSL_CAS=$(generate_ssl_files "${PMA_SSL_CAS_BASE64}" "CA" "pem")
-    export "PMA_SSL_CAS"
-fi
-
-if [ ! -z "${PMA_SSL_KEYS_BASE64}" ]; then
-    echo "Adding multiples custom pma-ssl-key from base64."
-    PMA_SSL_KEYS=$(generate_ssl_files "${PMA_SSL_KEYS_BASE64}" "CERT" "cert")
-    export "PMA_SSL_KEYS"
-fi
-
-if [ ! -z "${PMA_SSL_CERTS_BASE64}" ]; then
-    echo "Adding multiples custom pma-ssl-cert from base64."
-    PMA_SSL_CERTS=$(generate_ssl_files "${PMA_SSL_CERTS_BASE64}" "KEY" "key")
-    export "PMA_SSL_CERTS"
-fi
-
 get_docker_secret() {
     local env_var="${1}"
     local env_var_file="${env_var}_FILE"
@@ -80,31 +41,6 @@ get_docker_secret() {
     fi
 }
 
-# This function generates SSL files from a base64 encoded string.
-# Arguments:
-#   1. base64_string: A comma-separated string of base64 encoded SSL files.
-#   2. prefix: A prefix to be used in the output file names.
-#   3. extension: The file extension to be used for the output files.
-# The function creates a directory for the SSL files, decodes each base64 string,
-# writes the decoded content to a file, and returns a comma-separated list of the generated file paths.
-# 
-generate_ssl_files() {
-    local base64_string="${1}"
-    local output_dir="/etc/phpmyadmin/ssl"
-    mkdir -p "${output_dir}"
-    IFS=',' read -ra FILES <<< "${base64_string}"
-    local counter=1
-    local ssl_files=""
-    for file in "${FILES[@]}"; do
-        local output_file="${output_dir}/pma-ssl-${2}-${counter}.${3}"
-        echo "${file}" | base64 -d > "${output_file}"
-        ssl_files="${ssl_files}${output_file},"
-        counter=$((counter + 1))
-    done
-    ssl_files="${ssl_files%,}"
-    echo "${ssl_files}"
-}
-
 get_docker_secret PMA_USER
 get_docker_secret PMA_PASSWORD
 get_docker_secret MYSQL_ROOT_PASSWORD
diff --git a/fpm-alpine/helpers.php b/fpm-alpine/helpers.php
new file mode 100644
index 0000000..54d2942
--- /dev/null
+++ b/fpm-alpine/helpers.php
@@ -0,0 +1,43 @@
+<?php
+
+class SslFileGenerationException extends Exception {}
+
+define('OUTPUT_DIR', '/etc/phpmyadmin/ssl');
+
+/**
+ * Helper function to decode and save multiple SSL files from base64.
+ *
+ * @param string $base64_string The base64 encoded string containing multiple SSL files separated by commas.
+ *                               If no commas are present, the entire string is treated as a single file.
+ * @param string $prefix The prefix to use for the generated SSL file names.
+ * @param string $extension The file extension to use for the generated SSL files.
+ * @return string A comma-separated list of paths to the generated SSL files.
+ */
+function decodeAndSaveSslFiles($base64_string, $prefix, $extension) {
+    // Ensure the output directory exists
+    if (!is_dir(OUTPUT_DIR)) {
+        mkdir(OUTPUT_DIR, 0755, true);
+    }
+
+    // Split the base64 string into an array of files
+    $files = strpos($base64_string, ',') !== false ? explode(',', $base64_string) : [$base64_string];
+    $counter = 1;
+    $ssl_files = [];
+
+    // Process each file
+    foreach ($files as $file) {
+        $output_file = OUTPUT_DIR . "/pma-ssl-$prefix-$counter.$extension";
+        
+        // Write the decoded file to the output directory
+        if (file_put_contents($output_file, base64_decode($file)) === false) {
+            throw new SslFileGenerationException("Failed to write to $output_file");
+        }
+        
+        // Add the output file path to the list
+        $ssl_files[] = $output_file;
+        $counter++;
+    }
+
+    // Return a comma-separated list of the generated file paths
+    return implode(',', $ssl_files);
+}
diff --git a/fpm/Dockerfile b/fpm/Dockerfile
index 4ec338b..147b61b 100644
--- a/fpm/Dockerfile
+++ b/fpm/Dockerfile
@@ -137,6 +137,7 @@ RUN set -ex; \
 
 # Copy configuration
 COPY config.inc.php /etc/phpmyadmin/config.inc.php
+COPY helpers.php /etc/phpmyadmin/helpers.php
 RUN chown www-data:www-data -R /etc/phpmyadmin/
 
 # Copy main script
diff --git a/fpm/config.inc.php b/fpm/config.inc.php
index 693a715..fb0feeb 100644
--- a/fpm/config.inc.php
+++ b/fpm/config.inc.php
@@ -63,6 +63,47 @@
     $cfg['PmaAbsoluteUri'] = trim($_ENV['PMA_ABSOLUTE_URI']);
 }
 
+if (isset($_ENV['PMA_SSL_CA_BASE64'])) {
+    if (!is_dir(SSL_DIR)) {
+        mkdir(SSL_DIR, 0755, true);
+    }
+    file_put_contents(SSL_DIR . '/pma-ssl-ca.pem', base64_decode($_ENV['PMA_SSL_CA_BASE64']));
+    $_ENV['PMA_SSL_CA'] = SSL_DIR . '/pma-ssl-ca.pem';
+}
+
+/* Decode and save the SSL key from base64 */
+if (isset($_ENV['PMA_SSL_KEY_BASE64'])) {
+    if (!is_dir(SSL_DIR)) {
+        mkdir(SSL_DIR, 0755, true);
+    }
+    file_put_contents(SSL_DIR . '/pma-ssl-key.key', base64_decode($_ENV['PMA_SSL_KEY_BASE64']));
+    $_ENV['PMA_SSL_KEY'] = SSL_DIR . '/pma-ssl-key.key';
+}
+
+/* Decode and save the SSL certificate from base64 */
+if (isset($_ENV['PMA_SSL_CERT_BASE64'])) {
+    if (!is_dir(SSL_DIR)) {
+        mkdir(SSL_DIR, 0755, true);
+    }
+    file_put_contents(SSL_DIR . '/pma-ssl-cert.pem', base64_decode($_ENV['PMA_SSL_CERT_BASE64']));
+    $_ENV['PMA_SSL_CERT'] = SSL_DIR . '/pma-ssl-cert.pem';
+}
+
+/* Decode and save multiple SSL CA certificates from base64 */
+if (isset($_ENV['PMA_SSL_CAS_BASE64'])) {
+    $_ENV['PMA_SSL_CAS'] = decodeAndSaveSslFiles($_ENV['PMA_SSL_CAS_BASE64'], 'CA', 'pem');
+}
+
+/* Decode and save multiple SSL keys from base64 */
+if (isset($_ENV['PMA_SSL_KEYS_BASE64'])) {
+    $_ENV['PMA_SSL_KEYS'] = decodeAndSaveSslFiles($_ENV['PMA_SSL_KEYS_BASE64'], 'CERT', 'cert');
+}
+
+/* Decode and save multiple SSL certificates from base64 */
+if (isset($_ENV['PMA_SSL_CERTS_BASE64'])) {
+    $_ENV['PMA_SSL_CERTS'] = decodeAndSaveSslFiles($_ENV['PMA_SSL_CERTS_BASE64'], 'KEY', 'key');
+}
+
 /* Figure out hosts */
 
 /* Fallback to default linked */
diff --git a/fpm/docker-entrypoint.sh b/fpm/docker-entrypoint.sh
index 7a4c8f7..51c8303 100755
--- a/fpm/docker-entrypoint.sh
+++ b/fpm/docker-entrypoint.sh
@@ -29,45 +29,6 @@ if [ ! -z "${PMA_USER_CONFIG_BASE64}" ]; then
     echo "${PMA_USER_CONFIG_BASE64}" | base64 -d > /etc/phpmyadmin/config.user.inc.php
 fi
 
-if [ ! -z "${PMA_SSL_CA_BASE64}" ]; then
-    mkdir -p /etc/phpmyadmin/ssl
-    echo "Adding the custom pma-ssl-ca from base64."
-    echo "${PMA_SSL_CA_BASE64}" | base64 -d > /etc/phpmyadmin/ssl/pma-ssl-ca.pem
-    export "PMA_SSL_CA"="/etc/phpmyadmin/ssl/pma-ssl-ca.pem"
-fi
-
-if [ ! -z "${PMA_SSL_KEY_BASE64}" ]; then
-    mkdir -p /etc/phpmyadmin/ssl
-    echo "Adding the custom pma-ssl-key from base64."
-    echo "${PMA_SSL_KEY_BASE64}" | base64 -d > /etc/phpmyadmin/ssl/pma-ssl-key.key
-    export "PMA_SSL_KEY"="/etc/phpmyadmin/ssl/pma-ssl-key.key"
-fi
-
-if [ ! -z "${PMA_SSL_CERT_BASE64}" ]; then
-    mkdir -p /etc/phpmyadmin/ssl
-    echo "Adding the custom pma-ssl-cert from base64."
-    echo "${PMA_SSL_CERT_BASE64}" | base64 -d > /etc/phpmyadmin/ssl/pma-ssl-cert.pem
-    export "PMA_SSL_CERT"="/etc/phpmyadmin/ssl/pma-ssl-cert.pem"
-fi
-
-if [ ! -z "${PMA_SSL_CAS_BASE64}" ]; then
-    echo "Adding multiples custom pma-ssl-ca from base64."
-    PMA_SSL_CAS=$(generate_ssl_files "${PMA_SSL_CAS_BASE64}" "CA" "pem")
-    export "PMA_SSL_CAS"
-fi
-
-if [ ! -z "${PMA_SSL_KEYS_BASE64}" ]; then
-    echo "Adding multiples custom pma-ssl-key from base64."
-    PMA_SSL_KEYS=$(generate_ssl_files "${PMA_SSL_KEYS_BASE64}" "CERT" "cert")
-    export "PMA_SSL_KEYS"
-fi
-
-if [ ! -z "${PMA_SSL_CERTS_BASE64}" ]; then
-    echo "Adding multiples custom pma-ssl-cert from base64."
-    PMA_SSL_CERTS=$(generate_ssl_files "${PMA_SSL_CERTS_BASE64}" "KEY" "key")
-    export "PMA_SSL_CERTS"
-fi
-
 get_docker_secret() {
     local env_var="${1}"
     local env_var_file="${env_var}_FILE"
@@ -80,31 +41,6 @@ get_docker_secret() {
     fi
 }
 
-# This function generates SSL files from a base64 encoded string.
-# Arguments:
-#   1. base64_string: A comma-separated string of base64 encoded SSL files.
-#   2. prefix: A prefix to be used in the output file names.
-#   3. extension: The file extension to be used for the output files.
-# The function creates a directory for the SSL files, decodes each base64 string,
-# writes the decoded content to a file, and returns a comma-separated list of the generated file paths.
-# 
-generate_ssl_files() {
-    local base64_string="${1}"
-    local output_dir="/etc/phpmyadmin/ssl"
-    mkdir -p "${output_dir}"
-    IFS=',' read -ra FILES <<< "${base64_string}"
-    local counter=1
-    local ssl_files=""
-    for file in "${FILES[@]}"; do
-        local output_file="${output_dir}/pma-ssl-${2}-${counter}.${3}"
-        echo "${file}" | base64 -d > "${output_file}"
-        ssl_files="${ssl_files}${output_file},"
-        counter=$((counter + 1))
-    done
-    ssl_files="${ssl_files%,}"
-    echo "${ssl_files}"
-}
-
 get_docker_secret PMA_USER
 get_docker_secret PMA_PASSWORD
 get_docker_secret MYSQL_ROOT_PASSWORD
diff --git a/fpm/helpers.php b/fpm/helpers.php
new file mode 100644
index 0000000..54d2942
--- /dev/null
+++ b/fpm/helpers.php
@@ -0,0 +1,43 @@
+<?php
+
+class SslFileGenerationException extends Exception {}
+
+define('OUTPUT_DIR', '/etc/phpmyadmin/ssl');
+
+/**
+ * Helper function to decode and save multiple SSL files from base64.
+ *
+ * @param string $base64_string The base64 encoded string containing multiple SSL files separated by commas.
+ *                               If no commas are present, the entire string is treated as a single file.
+ * @param string $prefix The prefix to use for the generated SSL file names.
+ * @param string $extension The file extension to use for the generated SSL files.
+ * @return string A comma-separated list of paths to the generated SSL files.
+ */
+function decodeAndSaveSslFiles($base64_string, $prefix, $extension) {
+    // Ensure the output directory exists
+    if (!is_dir(OUTPUT_DIR)) {
+        mkdir(OUTPUT_DIR, 0755, true);
+    }
+
+    // Split the base64 string into an array of files
+    $files = strpos($base64_string, ',') !== false ? explode(',', $base64_string) : [$base64_string];
+    $counter = 1;
+    $ssl_files = [];
+
+    // Process each file
+    foreach ($files as $file) {
+        $output_file = OUTPUT_DIR . "/pma-ssl-$prefix-$counter.$extension";
+        
+        // Write the decoded file to the output directory
+        if (file_put_contents($output_file, base64_decode($file)) === false) {
+            throw new SslFileGenerationException("Failed to write to $output_file");
+        }
+        
+        // Add the output file path to the list
+        $ssl_files[] = $output_file;
+        $counter++;
+    }
+
+    // Return a comma-separated list of the generated file paths
+    return implode(',', $ssl_files);
+}

From a245719ff637d578e6cf00942bcdc91af3b3d5cd Mon Sep 17 00:00:00 2001
From: lordrobincbz <robincrombez.pro@gmail.com>
Date: Sat, 21 Dec 2024 16:28:20 +0100
Subject: [PATCH 4/9] fix(config.inc.php): import require statements

---
 fpm-alpine/config.inc.php | 3 +++
 fpm/config.inc.php        | 3 +++
 2 files changed, 6 insertions(+)

diff --git a/fpm-alpine/config.inc.php b/fpm-alpine/config.inc.php
index fb0feeb..74e5085 100644
--- a/fpm-alpine/config.inc.php
+++ b/fpm-alpine/config.inc.php
@@ -1,6 +1,9 @@
 <?php
 
+define('SSL_DIR', '/etc/phpmyadmin/ssl');
+
 require '/etc/phpmyadmin/config.secret.inc.php';
+require '/etc/phpmyadmin/helpers.php';
 
 /* Ensure we got the environment */
 $vars = [
diff --git a/fpm/config.inc.php b/fpm/config.inc.php
index fb0feeb..74e5085 100644
--- a/fpm/config.inc.php
+++ b/fpm/config.inc.php
@@ -1,6 +1,9 @@
 <?php
 
+define('SSL_DIR', '/etc/phpmyadmin/ssl');
+
 require '/etc/phpmyadmin/config.secret.inc.php';
+require '/etc/phpmyadmin/helpers.php';
 
 /* Ensure we got the environment */
 $vars = [

From 76f4def6816000d45d71f4e516e86403bbdec9e0 Mon Sep 17 00:00:00 2001
From: Lord Robin Crombez <137684928+LordRobinCbz@users.noreply.github.com>
Date: Sat, 21 Dec 2024 21:40:29 +0100
Subject: [PATCH 5/9] Update apache/helpers.php

Co-authored-by: William Desportes <williamdes@wdes.fr>
---
 apache/helpers.php | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/apache/helpers.php b/apache/helpers.php
index 54d2942..a8ad0fd 100644
--- a/apache/helpers.php
+++ b/apache/helpers.php
@@ -30,7 +30,8 @@ function decodeAndSaveSslFiles($base64_string, $prefix, $extension) {
         
         // Write the decoded file to the output directory
         if (file_put_contents($output_file, base64_decode($file)) === false) {
-            throw new SslFileGenerationException("Failed to write to $output_file");
+            echo 'Failed to write to ' . $output_file;
+            exit(1);
         }
         
         // Add the output file path to the list

From 92ca977edcc50df4a250ea81483c6eeec61eddb9 Mon Sep 17 00:00:00 2001
From: Lord Robin Crombez <137684928+LordRobinCbz@users.noreply.github.com>
Date: Sat, 21 Dec 2024 21:41:11 +0100
Subject: [PATCH 6/9] Update apache/helpers.php

add types to function parameters

Co-authored-by: William Desportes <williamdes@wdes.fr>
---
 apache/helpers.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/apache/helpers.php b/apache/helpers.php
index a8ad0fd..61b3554 100644
--- a/apache/helpers.php
+++ b/apache/helpers.php
@@ -13,7 +13,7 @@ class SslFileGenerationException extends Exception {}
  * @param string $extension The file extension to use for the generated SSL files.
  * @return string A comma-separated list of paths to the generated SSL files.
  */
-function decodeAndSaveSslFiles($base64_string, $prefix, $extension) {
+function decodeAndSaveSslFiles(string $base64_string, string $prefix, string $extension): array {
     // Ensure the output directory exists
     if (!is_dir(OUTPUT_DIR)) {
         mkdir(OUTPUT_DIR, 0755, true);

From 35ad5ea06330d089e5ea9c24d7a3067672a70bbc Mon Sep 17 00:00:00 2001
From: Lord Robin Crombez <137684928+LordRobinCbz@users.noreply.github.com>
Date: Sat, 21 Dec 2024 21:42:19 +0100
Subject: [PATCH 7/9] Update apache/helpers.php

Remove the custom exception

Co-authored-by: William Desportes <williamdes@wdes.fr>
---
 apache/helpers.php | 1 -
 1 file changed, 1 deletion(-)

diff --git a/apache/helpers.php b/apache/helpers.php
index 61b3554..1f7418f 100644
--- a/apache/helpers.php
+++ b/apache/helpers.php
@@ -1,6 +1,5 @@
 <?php
 
-class SslFileGenerationException extends Exception {}
 
 define('OUTPUT_DIR', '/etc/phpmyadmin/ssl');
 

From 0e85faf7736951bafbc5a9c75e55960746cc2045 Mon Sep 17 00:00:00 2001
From: lordrobincbz <robincrombez.pro@gmail.com>
Date: Sat, 21 Dec 2024 22:03:31 +0100
Subject: [PATCH 8/9] fix(dockerfiles, config.inc.php): Add ENV in Dockerfile,
 edited templates, add PMA_SSLS in the README and add PMA_SSL_DIR to set
 output path for certificate generation

---
 Dockerfile-alpine.template      |  1 +
 Dockerfile-debian.template      |  1 +
 README.md                       |  2 +
 apache/Dockerfile               |  2 +-
 apache/config.inc.php           | 29 +++++++-------
 apache/helpers.php              |  8 ++--
 config.inc.php                  | 71 +++++++++++++++++++++++++++++++++
 fpm-alpine/Dockerfile           |  2 +-
 fpm-alpine/config.inc.php       | 29 +++++++-------
 fpm-alpine/docker-entrypoint.sh |  1 +
 fpm-alpine/helpers.php          | 14 +++----
 fpm/Dockerfile                  |  2 +-
 fpm/config.inc.php              | 29 +++++++-------
 fpm/docker-entrypoint.sh        |  1 +
 fpm/helpers.php                 | 14 +++----
 15 files changed, 140 insertions(+), 66 deletions(-)

diff --git a/Dockerfile-alpine.template b/Dockerfile-alpine.template
index f237639..d5c32a7 100644
--- a/Dockerfile-alpine.template
+++ b/Dockerfile-alpine.template
@@ -39,6 +39,7 @@ RUN set -ex; \
 
 # set recommended PHP.ini settings
 # see https://secure.php.net/manual/en/opcache.installation.php
+ENV PMA_SSL_DIR /etc/phpmyadmin/ssl
 ENV MAX_EXECUTION_TIME 600
 ENV MEMORY_LIMIT 512M
 ENV UPLOAD_LIMIT 2048K
diff --git a/Dockerfile-debian.template b/Dockerfile-debian.template
index 7c757e0..aec666f 100644
--- a/Dockerfile-debian.template
+++ b/Dockerfile-debian.template
@@ -50,6 +50,7 @@ RUN set -ex; \
 
 # set recommended PHP.ini settings
 # see https://secure.php.net/manual/en/opcache.installation.php
+ENV PMA_SSL_DIR /etc/phpmyadmin/ssl
 ENV MAX_EXECUTION_TIME 600
 ENV MEMORY_LIMIT 512M
 ENV UPLOAD_LIMIT 2048K
diff --git a/README.md b/README.md
index 34c202b..829f250 100644
--- a/README.md
+++ b/README.md
@@ -184,7 +184,9 @@ docker run --name phpmyadmin -d -e PMA_HOSTS='sslhost,nosslhost' -e PMA_SSLS='1,
 * ``PMA_PORTS`` -  define comma separated list of ports of the MySQL servers
 * ``PMA_SOCKET`` - define socket file for the MySQL connection
 * ``PMA_SOCKETS`` - define comma separated list of socket files for the MySQL connections
+* ``PMA_SSL_DIR`` - define the path used for SSL files generated from environement variables, default value is `/etc/phpmyadmin/ssl`
 * ``PMA_SSL`` - when set to 1, defines SSL usage for the MySQL connection
+* ``PMA_SSLS`` - comma separated list of `0` and `1` defining SSL usage for the corresponding MySQL connections
 * ``PMA_SSL_VERIFY`` - when set to 1, enables SSL certificate verification for the MySQL connection.
 * ``PMA_SSL_VERIFIES`` - comma-separated list of `0` and `1` to enable or disable SSL certificate verification for multiple MySQL connections.
 * ``PMA_SSL_CA_BASE64`` - in the context of mutual TLS security, allows setting your CA file as a base64 string inside the default `config.inc.php`.
diff --git a/apache/Dockerfile b/apache/Dockerfile
index dfae652..75112cd 100644
--- a/apache/Dockerfile
+++ b/apache/Dockerfile
@@ -51,6 +51,7 @@ RUN set -ex; \
 
 # set recommended PHP.ini settings
 # see https://secure.php.net/manual/en/opcache.installation.php
+ENV PMA_SSL_DIR /etc/phpmyadmin/ssl
 ENV MAX_EXECUTION_TIME 600
 ENV MEMORY_LIMIT 512M
 ENV UPLOAD_LIMIT 2048K
@@ -140,7 +141,6 @@ RUN set -ex; \
 
 # Copy configuration
 COPY config.inc.php /etc/phpmyadmin/config.inc.php
-COPY helpers.php /etc/phpmyadmin/helpers.php
 RUN chown www-data:www-data -R /etc/phpmyadmin/
 
 # Copy main script
diff --git a/apache/config.inc.php b/apache/config.inc.php
index 74e5085..c1a043a 100644
--- a/apache/config.inc.php
+++ b/apache/config.inc.php
@@ -1,7 +1,5 @@
 <?php
 
-define('SSL_DIR', '/etc/phpmyadmin/ssl');
-
 require '/etc/phpmyadmin/config.secret.inc.php';
 require '/etc/phpmyadmin/helpers.php';
 
@@ -39,7 +37,8 @@
     'PMA_SSL_VERIFIES',
     'PMA_SSL_CAS',
     'PMA_SSL_KEYS',
-    'PMA_SSL_CERTS'
+    'PMA_SSL_CERTS',
+    'PMA_PMA_SSL_DIR'
 ];
 
 foreach ($vars as $var) {
@@ -67,29 +66,29 @@
 }
 
 if (isset($_ENV['PMA_SSL_CA_BASE64'])) {
-    if (!is_dir(SSL_DIR)) {
-        mkdir(SSL_DIR, 0755, true);
+    if (!is_dir(PMA_SSL_DIR)) {
+        mkdir(PMA_SSL_DIR, 0755, true);
     }
-    file_put_contents(SSL_DIR . '/pma-ssl-ca.pem', base64_decode($_ENV['PMA_SSL_CA_BASE64']));
-    $_ENV['PMA_SSL_CA'] = SSL_DIR . '/pma-ssl-ca.pem';
+    file_put_contents(PMA_SSL_DIR . '/pma-ssl-ca.pem', base64_decode($_ENV['PMA_SSL_CA_BASE64']));
+    $_ENV['PMA_SSL_CA'] = PMA_SSL_DIR . '/pma-ssl-ca.pem';
 }
 
 /* Decode and save the SSL key from base64 */
 if (isset($_ENV['PMA_SSL_KEY_BASE64'])) {
-    if (!is_dir(SSL_DIR)) {
-        mkdir(SSL_DIR, 0755, true);
+    if (!is_dir(PMA_SSL_DIR)) {
+        mkdir(PMA_SSL_DIR, 0755, true);
     }
-    file_put_contents(SSL_DIR . '/pma-ssl-key.key', base64_decode($_ENV['PMA_SSL_KEY_BASE64']));
-    $_ENV['PMA_SSL_KEY'] = SSL_DIR . '/pma-ssl-key.key';
+    file_put_contents(PMA_SSL_DIR . '/pma-ssl-key.key', base64_decode($_ENV['PMA_SSL_KEY_BASE64']));
+    $_ENV['PMA_SSL_KEY'] = PMA_SSL_DIR . '/pma-ssl-key.key';
 }
 
 /* Decode and save the SSL certificate from base64 */
 if (isset($_ENV['PMA_SSL_CERT_BASE64'])) {
-    if (!is_dir(SSL_DIR)) {
-        mkdir(SSL_DIR, 0755, true);
+    if (!is_dir(PMA_SSL_DIR)) {
+        mkdir(PMA_SSL_DIR, 0755, true);
     }
-    file_put_contents(SSL_DIR . '/pma-ssl-cert.pem', base64_decode($_ENV['PMA_SSL_CERT_BASE64']));
-    $_ENV['PMA_SSL_CERT'] = SSL_DIR . '/pma-ssl-cert.pem';
+    file_put_contents(PMA_SSL_DIR . '/pma-ssl-cert.pem', base64_decode($_ENV['PMA_SSL_CERT_BASE64']));
+    $_ENV['PMA_SSL_CERT'] = PMA_SSL_DIR . '/pma-ssl-cert.pem';
 }
 
 /* Decode and save multiple SSL CA certificates from base64 */
diff --git a/apache/helpers.php b/apache/helpers.php
index 1f7418f..bb431aa 100644
--- a/apache/helpers.php
+++ b/apache/helpers.php
@@ -1,7 +1,7 @@
 <?php
 
 
-define('OUTPUT_DIR', '/etc/phpmyadmin/ssl');
+define('PMA_SSL_DIR', $_ENV['PMA_SSL_DIR'] ?? '/etc/phpmyadmin/ssl');
 
 /**
  * Helper function to decode and save multiple SSL files from base64.
@@ -14,8 +14,8 @@
  */
 function decodeAndSaveSslFiles(string $base64_string, string $prefix, string $extension): array {
     // Ensure the output directory exists
-    if (!is_dir(OUTPUT_DIR)) {
-        mkdir(OUTPUT_DIR, 0755, true);
+    if (!is_dir(PMA_SSL_DIR)) {
+        mkdir(PMA_SSL_DIR, 0755, true);
     }
 
     // Split the base64 string into an array of files
@@ -25,7 +25,7 @@ function decodeAndSaveSslFiles(string $base64_string, string $prefix, string $ex
 
     // Process each file
     foreach ($files as $file) {
-        $output_file = OUTPUT_DIR . "/pma-ssl-$prefix-$counter.$extension";
+        $output_file = PMA_SSL_DIR . "/pma-ssl-$prefix-$counter.$extension";
         
         // Write the decoded file to the output directory
         if (file_put_contents($output_file, base64_decode($file)) === false) {
diff --git a/config.inc.php b/config.inc.php
index 9f5d2ac..c1a043a 100644
--- a/config.inc.php
+++ b/config.inc.php
@@ -1,6 +1,7 @@
 <?php
 
 require '/etc/phpmyadmin/config.secret.inc.php';
+require '/etc/phpmyadmin/helpers.php';
 
 /* Ensure we got the environment */
 $vars = [
@@ -28,7 +29,16 @@
     'PMA_UPLOADDIR',
     'PMA_SAVEDIR',
     'PMA_SSL',
+    'PMA_SSL_VERIFY',
+    'PMA_SSL_CA',
+    'PMA_SSL_KEY',
+    'PMA_SSL_CERT',
     'PMA_SSLS',
+    'PMA_SSL_VERIFIES',
+    'PMA_SSL_CAS',
+    'PMA_SSL_KEYS',
+    'PMA_SSL_CERTS',
+    'PMA_PMA_SSL_DIR'
 ];
 
 foreach ($vars as $var) {
@@ -55,6 +65,47 @@
     $cfg['PmaAbsoluteUri'] = trim($_ENV['PMA_ABSOLUTE_URI']);
 }
 
+if (isset($_ENV['PMA_SSL_CA_BASE64'])) {
+    if (!is_dir(PMA_SSL_DIR)) {
+        mkdir(PMA_SSL_DIR, 0755, true);
+    }
+    file_put_contents(PMA_SSL_DIR . '/pma-ssl-ca.pem', base64_decode($_ENV['PMA_SSL_CA_BASE64']));
+    $_ENV['PMA_SSL_CA'] = PMA_SSL_DIR . '/pma-ssl-ca.pem';
+}
+
+/* Decode and save the SSL key from base64 */
+if (isset($_ENV['PMA_SSL_KEY_BASE64'])) {
+    if (!is_dir(PMA_SSL_DIR)) {
+        mkdir(PMA_SSL_DIR, 0755, true);
+    }
+    file_put_contents(PMA_SSL_DIR . '/pma-ssl-key.key', base64_decode($_ENV['PMA_SSL_KEY_BASE64']));
+    $_ENV['PMA_SSL_KEY'] = PMA_SSL_DIR . '/pma-ssl-key.key';
+}
+
+/* Decode and save the SSL certificate from base64 */
+if (isset($_ENV['PMA_SSL_CERT_BASE64'])) {
+    if (!is_dir(PMA_SSL_DIR)) {
+        mkdir(PMA_SSL_DIR, 0755, true);
+    }
+    file_put_contents(PMA_SSL_DIR . '/pma-ssl-cert.pem', base64_decode($_ENV['PMA_SSL_CERT_BASE64']));
+    $_ENV['PMA_SSL_CERT'] = PMA_SSL_DIR . '/pma-ssl-cert.pem';
+}
+
+/* Decode and save multiple SSL CA certificates from base64 */
+if (isset($_ENV['PMA_SSL_CAS_BASE64'])) {
+    $_ENV['PMA_SSL_CAS'] = decodeAndSaveSslFiles($_ENV['PMA_SSL_CAS_BASE64'], 'CA', 'pem');
+}
+
+/* Decode and save multiple SSL keys from base64 */
+if (isset($_ENV['PMA_SSL_KEYS_BASE64'])) {
+    $_ENV['PMA_SSL_KEYS'] = decodeAndSaveSslFiles($_ENV['PMA_SSL_KEYS_BASE64'], 'CERT', 'cert');
+}
+
+/* Decode and save multiple SSL certificates from base64 */
+if (isset($_ENV['PMA_SSL_CERTS_BASE64'])) {
+    $_ENV['PMA_SSL_CERTS'] = decodeAndSaveSslFiles($_ENV['PMA_SSL_CERTS_BASE64'], 'KEY', 'key');
+}
+
 /* Figure out hosts */
 
 /* Fallback to default linked */
@@ -66,11 +117,19 @@
     $verbose = [$_ENV['PMA_VERBOSE']];
     $ports = [$_ENV['PMA_PORT']];
     $ssls = [$_ENV['PMA_SSL']];
+    $ssl_verifies = [$_ENV['PMA_SSL_VERIFY']];
+    $ssl_cas = [$_ENV['PMA_SSL_CA']];
+    $ssl_keys = [$_ENV['PMA_SSL_KEY']];
+    $ssl_certs = [$_ENV['PMA_SSL_CERT']];
 } elseif (! empty($_ENV['PMA_HOSTS'])) {
     $hosts = array_map('trim', explode(',', $_ENV['PMA_HOSTS']));
     $verbose = array_map('trim', explode(',', $_ENV['PMA_VERBOSES']));
     $ports = array_map('trim', explode(',', $_ENV['PMA_PORTS']));
     $ssls = array_map('trim', explode(',', $_ENV['PMA_SSLS']));
+    $ssl_verifies = array_map('trim', explode(',', $_ENV['PMA_SSL_VERIFIES']));
+    $ssl_cas = array_map('trim', explode(',', $_ENV['PMA_SSL_CAS']));
+    $ssl_keys = array_map('trim', explode(',', $_ENV['PMA_SSL_KEYS']));
+    $ssl_certs = array_map('trim', explode(',', $_ENV['PMA_SSL_CERTS']));
 }
 
 if (! empty($_ENV['PMA_SOCKET'])) {
@@ -84,6 +143,18 @@
     if (isset($ssls[$i - 1]) && $ssls[$i - 1] === '1') {
         $cfg['Servers'][$i]['ssl'] = $ssls[$i - 1];
     }
+    if (isset($ssl_verifies[$i - 1]) && $ssl_verifies[$i - 1] === '1') {
+        $cfg['Servers'][$i]['ssl_verify'] = $ssl_verifies[$i - 1];
+    }
+    if (isset($ssl_cas[$i - 1])) {
+        $cfg['Servers'][$i]['ssl_ca'] = $ssl_cas[$i - 1];
+    }
+    if (isset($ssl_keys[$i - 1])) {
+        $cfg['Servers'][$i]['ssl_key'] = $ssl_keys[$i - 1];
+    }
+    if (isset($ssl_certs[$i - 1])) {
+        $cfg['Servers'][$i]['ssl_cert'] = $ssl_certs[$i - 1];
+    }
     $cfg['Servers'][$i]['host'] = $hosts[$i - 1];
     if (isset($verbose[$i - 1])) {
         $cfg['Servers'][$i]['verbose'] = $verbose[$i - 1];
diff --git a/fpm-alpine/Dockerfile b/fpm-alpine/Dockerfile
index 4e189a0..6e2a71e 100644
--- a/fpm-alpine/Dockerfile
+++ b/fpm-alpine/Dockerfile
@@ -40,6 +40,7 @@ RUN set -ex; \
 
 # set recommended PHP.ini settings
 # see https://secure.php.net/manual/en/opcache.installation.php
+ENV PMA_SSL_DIR /etc/phpmyadmin/ssl
 ENV MAX_EXECUTION_TIME 600
 ENV MEMORY_LIMIT 512M
 ENV UPLOAD_LIMIT 2048K
@@ -120,7 +121,6 @@ RUN set -ex; \
 
 # Copy configuration
 COPY config.inc.php /etc/phpmyadmin/config.inc.php
-COPY helpers.php /etc/phpmyadmin/helpers.php
 RUN chown www-data:www-data -R /etc/phpmyadmin/
 
 # Copy main script
diff --git a/fpm-alpine/config.inc.php b/fpm-alpine/config.inc.php
index 74e5085..c1a043a 100644
--- a/fpm-alpine/config.inc.php
+++ b/fpm-alpine/config.inc.php
@@ -1,7 +1,5 @@
 <?php
 
-define('SSL_DIR', '/etc/phpmyadmin/ssl');
-
 require '/etc/phpmyadmin/config.secret.inc.php';
 require '/etc/phpmyadmin/helpers.php';
 
@@ -39,7 +37,8 @@
     'PMA_SSL_VERIFIES',
     'PMA_SSL_CAS',
     'PMA_SSL_KEYS',
-    'PMA_SSL_CERTS'
+    'PMA_SSL_CERTS',
+    'PMA_PMA_SSL_DIR'
 ];
 
 foreach ($vars as $var) {
@@ -67,29 +66,29 @@
 }
 
 if (isset($_ENV['PMA_SSL_CA_BASE64'])) {
-    if (!is_dir(SSL_DIR)) {
-        mkdir(SSL_DIR, 0755, true);
+    if (!is_dir(PMA_SSL_DIR)) {
+        mkdir(PMA_SSL_DIR, 0755, true);
     }
-    file_put_contents(SSL_DIR . '/pma-ssl-ca.pem', base64_decode($_ENV['PMA_SSL_CA_BASE64']));
-    $_ENV['PMA_SSL_CA'] = SSL_DIR . '/pma-ssl-ca.pem';
+    file_put_contents(PMA_SSL_DIR . '/pma-ssl-ca.pem', base64_decode($_ENV['PMA_SSL_CA_BASE64']));
+    $_ENV['PMA_SSL_CA'] = PMA_SSL_DIR . '/pma-ssl-ca.pem';
 }
 
 /* Decode and save the SSL key from base64 */
 if (isset($_ENV['PMA_SSL_KEY_BASE64'])) {
-    if (!is_dir(SSL_DIR)) {
-        mkdir(SSL_DIR, 0755, true);
+    if (!is_dir(PMA_SSL_DIR)) {
+        mkdir(PMA_SSL_DIR, 0755, true);
     }
-    file_put_contents(SSL_DIR . '/pma-ssl-key.key', base64_decode($_ENV['PMA_SSL_KEY_BASE64']));
-    $_ENV['PMA_SSL_KEY'] = SSL_DIR . '/pma-ssl-key.key';
+    file_put_contents(PMA_SSL_DIR . '/pma-ssl-key.key', base64_decode($_ENV['PMA_SSL_KEY_BASE64']));
+    $_ENV['PMA_SSL_KEY'] = PMA_SSL_DIR . '/pma-ssl-key.key';
 }
 
 /* Decode and save the SSL certificate from base64 */
 if (isset($_ENV['PMA_SSL_CERT_BASE64'])) {
-    if (!is_dir(SSL_DIR)) {
-        mkdir(SSL_DIR, 0755, true);
+    if (!is_dir(PMA_SSL_DIR)) {
+        mkdir(PMA_SSL_DIR, 0755, true);
     }
-    file_put_contents(SSL_DIR . '/pma-ssl-cert.pem', base64_decode($_ENV['PMA_SSL_CERT_BASE64']));
-    $_ENV['PMA_SSL_CERT'] = SSL_DIR . '/pma-ssl-cert.pem';
+    file_put_contents(PMA_SSL_DIR . '/pma-ssl-cert.pem', base64_decode($_ENV['PMA_SSL_CERT_BASE64']));
+    $_ENV['PMA_SSL_CERT'] = PMA_SSL_DIR . '/pma-ssl-cert.pem';
 }
 
 /* Decode and save multiple SSL CA certificates from base64 */
diff --git a/fpm-alpine/docker-entrypoint.sh b/fpm-alpine/docker-entrypoint.sh
index 51c8303..0d98e27 100755
--- a/fpm-alpine/docker-entrypoint.sh
+++ b/fpm-alpine/docker-entrypoint.sh
@@ -29,6 +29,7 @@ if [ ! -z "${PMA_USER_CONFIG_BASE64}" ]; then
     echo "${PMA_USER_CONFIG_BASE64}" | base64 -d > /etc/phpmyadmin/config.user.inc.php
 fi
 
+
 get_docker_secret() {
     local env_var="${1}"
     local env_var_file="${env_var}_FILE"
diff --git a/fpm-alpine/helpers.php b/fpm-alpine/helpers.php
index 54d2942..bb431aa 100644
--- a/fpm-alpine/helpers.php
+++ b/fpm-alpine/helpers.php
@@ -1,8 +1,7 @@
 <?php
 
-class SslFileGenerationException extends Exception {}
 
-define('OUTPUT_DIR', '/etc/phpmyadmin/ssl');
+define('PMA_SSL_DIR', $_ENV['PMA_SSL_DIR'] ?? '/etc/phpmyadmin/ssl');
 
 /**
  * Helper function to decode and save multiple SSL files from base64.
@@ -13,10 +12,10 @@ class SslFileGenerationException extends Exception {}
  * @param string $extension The file extension to use for the generated SSL files.
  * @return string A comma-separated list of paths to the generated SSL files.
  */
-function decodeAndSaveSslFiles($base64_string, $prefix, $extension) {
+function decodeAndSaveSslFiles(string $base64_string, string $prefix, string $extension): array {
     // Ensure the output directory exists
-    if (!is_dir(OUTPUT_DIR)) {
-        mkdir(OUTPUT_DIR, 0755, true);
+    if (!is_dir(PMA_SSL_DIR)) {
+        mkdir(PMA_SSL_DIR, 0755, true);
     }
 
     // Split the base64 string into an array of files
@@ -26,11 +25,12 @@ function decodeAndSaveSslFiles($base64_string, $prefix, $extension) {
 
     // Process each file
     foreach ($files as $file) {
-        $output_file = OUTPUT_DIR . "/pma-ssl-$prefix-$counter.$extension";
+        $output_file = PMA_SSL_DIR . "/pma-ssl-$prefix-$counter.$extension";
         
         // Write the decoded file to the output directory
         if (file_put_contents($output_file, base64_decode($file)) === false) {
-            throw new SslFileGenerationException("Failed to write to $output_file");
+            echo 'Failed to write to ' . $output_file;
+            exit(1);
         }
         
         // Add the output file path to the list
diff --git a/fpm/Dockerfile b/fpm/Dockerfile
index 147b61b..f6d668f 100644
--- a/fpm/Dockerfile
+++ b/fpm/Dockerfile
@@ -48,6 +48,7 @@ RUN set -ex; \
 
 # set recommended PHP.ini settings
 # see https://secure.php.net/manual/en/opcache.installation.php
+ENV PMA_SSL_DIR /etc/phpmyadmin/ssl
 ENV MAX_EXECUTION_TIME 600
 ENV MEMORY_LIMIT 512M
 ENV UPLOAD_LIMIT 2048K
@@ -137,7 +138,6 @@ RUN set -ex; \
 
 # Copy configuration
 COPY config.inc.php /etc/phpmyadmin/config.inc.php
-COPY helpers.php /etc/phpmyadmin/helpers.php
 RUN chown www-data:www-data -R /etc/phpmyadmin/
 
 # Copy main script
diff --git a/fpm/config.inc.php b/fpm/config.inc.php
index 74e5085..c1a043a 100644
--- a/fpm/config.inc.php
+++ b/fpm/config.inc.php
@@ -1,7 +1,5 @@
 <?php
 
-define('SSL_DIR', '/etc/phpmyadmin/ssl');
-
 require '/etc/phpmyadmin/config.secret.inc.php';
 require '/etc/phpmyadmin/helpers.php';
 
@@ -39,7 +37,8 @@
     'PMA_SSL_VERIFIES',
     'PMA_SSL_CAS',
     'PMA_SSL_KEYS',
-    'PMA_SSL_CERTS'
+    'PMA_SSL_CERTS',
+    'PMA_PMA_SSL_DIR'
 ];
 
 foreach ($vars as $var) {
@@ -67,29 +66,29 @@
 }
 
 if (isset($_ENV['PMA_SSL_CA_BASE64'])) {
-    if (!is_dir(SSL_DIR)) {
-        mkdir(SSL_DIR, 0755, true);
+    if (!is_dir(PMA_SSL_DIR)) {
+        mkdir(PMA_SSL_DIR, 0755, true);
     }
-    file_put_contents(SSL_DIR . '/pma-ssl-ca.pem', base64_decode($_ENV['PMA_SSL_CA_BASE64']));
-    $_ENV['PMA_SSL_CA'] = SSL_DIR . '/pma-ssl-ca.pem';
+    file_put_contents(PMA_SSL_DIR . '/pma-ssl-ca.pem', base64_decode($_ENV['PMA_SSL_CA_BASE64']));
+    $_ENV['PMA_SSL_CA'] = PMA_SSL_DIR . '/pma-ssl-ca.pem';
 }
 
 /* Decode and save the SSL key from base64 */
 if (isset($_ENV['PMA_SSL_KEY_BASE64'])) {
-    if (!is_dir(SSL_DIR)) {
-        mkdir(SSL_DIR, 0755, true);
+    if (!is_dir(PMA_SSL_DIR)) {
+        mkdir(PMA_SSL_DIR, 0755, true);
     }
-    file_put_contents(SSL_DIR . '/pma-ssl-key.key', base64_decode($_ENV['PMA_SSL_KEY_BASE64']));
-    $_ENV['PMA_SSL_KEY'] = SSL_DIR . '/pma-ssl-key.key';
+    file_put_contents(PMA_SSL_DIR . '/pma-ssl-key.key', base64_decode($_ENV['PMA_SSL_KEY_BASE64']));
+    $_ENV['PMA_SSL_KEY'] = PMA_SSL_DIR . '/pma-ssl-key.key';
 }
 
 /* Decode and save the SSL certificate from base64 */
 if (isset($_ENV['PMA_SSL_CERT_BASE64'])) {
-    if (!is_dir(SSL_DIR)) {
-        mkdir(SSL_DIR, 0755, true);
+    if (!is_dir(PMA_SSL_DIR)) {
+        mkdir(PMA_SSL_DIR, 0755, true);
     }
-    file_put_contents(SSL_DIR . '/pma-ssl-cert.pem', base64_decode($_ENV['PMA_SSL_CERT_BASE64']));
-    $_ENV['PMA_SSL_CERT'] = SSL_DIR . '/pma-ssl-cert.pem';
+    file_put_contents(PMA_SSL_DIR . '/pma-ssl-cert.pem', base64_decode($_ENV['PMA_SSL_CERT_BASE64']));
+    $_ENV['PMA_SSL_CERT'] = PMA_SSL_DIR . '/pma-ssl-cert.pem';
 }
 
 /* Decode and save multiple SSL CA certificates from base64 */
diff --git a/fpm/docker-entrypoint.sh b/fpm/docker-entrypoint.sh
index 51c8303..0d98e27 100755
--- a/fpm/docker-entrypoint.sh
+++ b/fpm/docker-entrypoint.sh
@@ -29,6 +29,7 @@ if [ ! -z "${PMA_USER_CONFIG_BASE64}" ]; then
     echo "${PMA_USER_CONFIG_BASE64}" | base64 -d > /etc/phpmyadmin/config.user.inc.php
 fi
 
+
 get_docker_secret() {
     local env_var="${1}"
     local env_var_file="${env_var}_FILE"
diff --git a/fpm/helpers.php b/fpm/helpers.php
index 54d2942..bb431aa 100644
--- a/fpm/helpers.php
+++ b/fpm/helpers.php
@@ -1,8 +1,7 @@
 <?php
 
-class SslFileGenerationException extends Exception {}
 
-define('OUTPUT_DIR', '/etc/phpmyadmin/ssl');
+define('PMA_SSL_DIR', $_ENV['PMA_SSL_DIR'] ?? '/etc/phpmyadmin/ssl');
 
 /**
  * Helper function to decode and save multiple SSL files from base64.
@@ -13,10 +12,10 @@ class SslFileGenerationException extends Exception {}
  * @param string $extension The file extension to use for the generated SSL files.
  * @return string A comma-separated list of paths to the generated SSL files.
  */
-function decodeAndSaveSslFiles($base64_string, $prefix, $extension) {
+function decodeAndSaveSslFiles(string $base64_string, string $prefix, string $extension): array {
     // Ensure the output directory exists
-    if (!is_dir(OUTPUT_DIR)) {
-        mkdir(OUTPUT_DIR, 0755, true);
+    if (!is_dir(PMA_SSL_DIR)) {
+        mkdir(PMA_SSL_DIR, 0755, true);
     }
 
     // Split the base64 string into an array of files
@@ -26,11 +25,12 @@ function decodeAndSaveSslFiles($base64_string, $prefix, $extension) {
 
     // Process each file
     foreach ($files as $file) {
-        $output_file = OUTPUT_DIR . "/pma-ssl-$prefix-$counter.$extension";
+        $output_file = PMA_SSL_DIR . "/pma-ssl-$prefix-$counter.$extension";
         
         // Write the decoded file to the output directory
         if (file_put_contents($output_file, base64_decode($file)) === false) {
-            throw new SslFileGenerationException("Failed to write to $output_file");
+            echo 'Failed to write to ' . $output_file;
+            exit(1);
         }
         
         // Add the output file path to the list

From b044109b08ddcaaf9de926f8a80ebbdec55873ac Mon Sep 17 00:00:00 2001
From: lordrobincbz <robincrombez.pro@gmail.com>
Date: Sun, 22 Dec 2024 10:20:05 +0100
Subject: [PATCH 9/9] fix(helpers,update.sh): add helpers file to the root and
 edited update script to import it in target folders/images

Signed-off-by: lordrobincbz <robincrombez.pro@gmail.com>
---
 apache/config.inc.php     |  4 ++--
 config.inc.php            |  4 ++--
 fpm-alpine/config.inc.php |  4 ++--
 fpm/config.inc.php        |  4 ++--
 helpers.php               | 43 +++++++++++++++++++++++++++++++++++++++
 update.sh                 |  3 ++-
 6 files changed, 53 insertions(+), 9 deletions(-)
 create mode 100644 helpers.php

diff --git a/apache/config.inc.php b/apache/config.inc.php
index c1a043a..05a4f9e 100644
--- a/apache/config.inc.php
+++ b/apache/config.inc.php
@@ -1,7 +1,7 @@
 <?php
 
-require '/etc/phpmyadmin/config.secret.inc.php';
-require '/etc/phpmyadmin/helpers.php';
+require_once '/etc/phpmyadmin/config.secret.inc.php';
+require_once '/etc/phpmyadmin/helpers.php';
 
 /* Ensure we got the environment */
 $vars = [
diff --git a/config.inc.php b/config.inc.php
index c1a043a..05a4f9e 100644
--- a/config.inc.php
+++ b/config.inc.php
@@ -1,7 +1,7 @@
 <?php
 
-require '/etc/phpmyadmin/config.secret.inc.php';
-require '/etc/phpmyadmin/helpers.php';
+require_once '/etc/phpmyadmin/config.secret.inc.php';
+require_once '/etc/phpmyadmin/helpers.php';
 
 /* Ensure we got the environment */
 $vars = [
diff --git a/fpm-alpine/config.inc.php b/fpm-alpine/config.inc.php
index c1a043a..05a4f9e 100644
--- a/fpm-alpine/config.inc.php
+++ b/fpm-alpine/config.inc.php
@@ -1,7 +1,7 @@
 <?php
 
-require '/etc/phpmyadmin/config.secret.inc.php';
-require '/etc/phpmyadmin/helpers.php';
+require_once '/etc/phpmyadmin/config.secret.inc.php';
+require_once '/etc/phpmyadmin/helpers.php';
 
 /* Ensure we got the environment */
 $vars = [
diff --git a/fpm/config.inc.php b/fpm/config.inc.php
index c1a043a..05a4f9e 100644
--- a/fpm/config.inc.php
+++ b/fpm/config.inc.php
@@ -1,7 +1,7 @@
 <?php
 
-require '/etc/phpmyadmin/config.secret.inc.php';
-require '/etc/phpmyadmin/helpers.php';
+require_once '/etc/phpmyadmin/config.secret.inc.php';
+require_once '/etc/phpmyadmin/helpers.php';
 
 /* Ensure we got the environment */
 $vars = [
diff --git a/helpers.php b/helpers.php
new file mode 100644
index 0000000..bb431aa
--- /dev/null
+++ b/helpers.php
@@ -0,0 +1,43 @@
+<?php
+
+
+define('PMA_SSL_DIR', $_ENV['PMA_SSL_DIR'] ?? '/etc/phpmyadmin/ssl');
+
+/**
+ * Helper function to decode and save multiple SSL files from base64.
+ *
+ * @param string $base64_string The base64 encoded string containing multiple SSL files separated by commas.
+ *                               If no commas are present, the entire string is treated as a single file.
+ * @param string $prefix The prefix to use for the generated SSL file names.
+ * @param string $extension The file extension to use for the generated SSL files.
+ * @return string A comma-separated list of paths to the generated SSL files.
+ */
+function decodeAndSaveSslFiles(string $base64_string, string $prefix, string $extension): array {
+    // Ensure the output directory exists
+    if (!is_dir(PMA_SSL_DIR)) {
+        mkdir(PMA_SSL_DIR, 0755, true);
+    }
+
+    // Split the base64 string into an array of files
+    $files = strpos($base64_string, ',') !== false ? explode(',', $base64_string) : [$base64_string];
+    $counter = 1;
+    $ssl_files = [];
+
+    // Process each file
+    foreach ($files as $file) {
+        $output_file = PMA_SSL_DIR . "/pma-ssl-$prefix-$counter.$extension";
+        
+        // Write the decoded file to the output directory
+        if (file_put_contents($output_file, base64_decode($file)) === false) {
+            echo 'Failed to write to ' . $output_file;
+            exit(1);
+        }
+        
+        // Add the output file path to the list
+        $ssl_files[] = $output_file;
+        $counter++;
+    }
+
+    // Return a comma-separated list of the generated file paths
+    return implode(',', $ssl_files);
+}
diff --git a/update.sh b/update.sh
index 42ddef2..7008408 100755
--- a/update.sh
+++ b/update.sh
@@ -67,8 +67,9 @@ function create_variant() {
 		sed -i "/^\s*# start: Apache specific build$/,/^\s*# end: Apache specific build$/d" "$variant/Dockerfile"
 	fi
 
-	# Copy config.inc.php
+	# Copy config.inc.php and helpers.php
 	cp config.inc.php "$variant/config.inc.php"
+	cp helpers.php "$variant/helpers.php"
 
 	# Add variant to versions.json
 	versionVariantsJson="$(jq -e \