Migrate to PHP-FPM for all Web images

zabbix · Jan 13, 2025 · f239aec · f239aec
1 parent 1be587f
commit f239aec
Show file tree

Hide file tree

Showing 131 changed files with 4,005 additions and 1,938 deletions.
diff --git a/Dockerfiles/agent/windows/docker-entrypoint.ps1 b/Dockerfiles/agent/windows/docker-entrypoint.ps1
@@ -127,8 +127,8 @@ function File-Process-From-Env {
     )
 
     if (![string]::IsNullOrEmpty($VarValue)) {
-        $VarValue | Set-Content "$ZabbixInternalEncDir\$VarName"
-        $FileName="$ZabbixInternalEncDir\$VarName"
+        $VarValue | Set-Content "$ZabbixInternalEncDir\VarName"
+        $FileName="$ZabbixInternalEncDir\VarName"
     }
 
     if (![string]::IsNullOrEmpty($FileName)) {

diff --git a/Dockerfiles/agent2/windows/docker-entrypoint.ps1 b/Dockerfiles/agent2/windows/docker-entrypoint.ps1
@@ -127,8 +127,8 @@ function File-Process-From-Env {
     )
 
     if (![string]::IsNullOrEmpty($VarValue)) {
-        $VarValue | Set-Content "$ZabbixInternalEncDir\$VarName"
-        $FileName="$ZabbixInternalEncDir\$VarName"
+        $VarValue | Set-Content "$ZabbixInternalEncDir\VarName"
+        $FileName="$ZabbixInternalEncDir\VarName"
     }
 
     if (![string]::IsNullOrEmpty($FileName)) {

diff --git a/Dockerfiles/web-apache-mysql/alpine/Dockerfile b/Dockerfiles/web-apache-mysql/alpine/Dockerfile
@@ -14,7 +14,8 @@ ARG ZBX_SOURCES=https://git.zabbix.com/scm/zbx/zabbix.git
 
 ENV TERM=xterm \
     ZBX_VERSION=${ZBX_VERSION} ZBX_SOURCES=${ZBX_SOURCES} \
-    ZABBIX_CONF_DIR="/etc/zabbix"
+    ZABBIX_CONF_DIR="/etc/zabbix" \
+    ZABBIX_WWW_ROOT="/usr/share/zabbix"
 
 LABEL org.opencontainers.image.authors="Alexey Pustovalov <[email protected]>" \
       org.opencontainers.image.description="Zabbix web-interface based on Apache2 web server with MySQL database support" \
@@ -28,20 +29,20 @@ LABEL org.opencontainers.image.authors="Alexey Pustovalov <alexey.pustovalov@zab
 
 STOPSIGNAL SIGTERM
 
-COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}/ui", "/usr/share/zabbix"]
+COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}/ui", "${ZABBIX_WWW_ROOT}"]
 COPY ["conf/etc/", "/etc/"]
 
 RUN set -eux && \
     INSTALL_PKGS="bash \
             tzdata \
-            apache2 \
             curl \
             mariadb-client \
             mariadb-connector-c \
-            php83-apache2 \
+            apache2-proxy \
             php83-bcmath \
             php83-ctype \
             php83-curl \
+            php83-fpm \
             php83-gd \
             php83-gettext \
             php83-json \
@@ -54,7 +55,8 @@ RUN set -eux && \
             php83-fileinfo \
             php83-xmlreader \
             php83-xmlwriter \
-            php83-openssl" && \
+            php83-openssl \
+            supervisor" && \
     apk add \
             --no-cache \
             --clean-protected \
@@ -82,38 +84,40 @@ RUN set -eux && \
     mkdir -p ${ZABBIX_CONF_DIR}/web/certs && \
     rm -f "/etc/apache2/conf.d/default.conf" && \
     rm -f "/etc/apache2/conf.d/ssl.conf" && \
-    sed -ri \
-            -e 's!^(\s*CustomLog)\s+\S+!\1 /proc/self/fd/1!g' \
-            -e 's!^(\s*ErrorLog)\s+\S+!\1 /proc/self/fd/2!g' \
-        "/etc/apache2/httpd.conf" && \
-    sed -ri \
-            -e 's!^(\s*PidFile)\s+\S+!\1 "/tmp/httpd.pid"!g' \
-        "/etc/apache2/conf.d/mpm.conf" && \
-    sed -i 's/Listen 80/Listen 8080/g' /etc/apache2/httpd.conf && \
+    rm -f "/etc/apache2/conf.d/info.conf" && \
+    rm -f "/etc/apache2/conf.d/mpm.conf" && \
+    rm -f "/etc/apache2/conf.d/proxy.conf" && \
+    rm -f "/etc/apache2/conf.d/userdir.conf" && \
+    mkdir -p /var/lib/php/session && \
+    rm -rf /etc/php83/php-fpm.d/www.conf && \
     rm -rf "/var/run/apache2/" && \
-    cd /usr/share/zabbix/ && \
+    cd ${ZABBIX_WWW_ROOT}/ && \
     rm -f conf/zabbix.conf.php conf/maintenance.inc.php conf/zabbix.conf.php.example && \
     rm -rf tests && \
     rm -f locale/add_new_language.sh locale/update_po.sh locale/make_mo.sh && \
-    find /usr/share/zabbix/locale -name '*.po' | xargs rm -f && \
-    find /usr/share/zabbix/locale -name '*.sh' | xargs rm -f && \
-    ln -s "${ZABBIX_CONF_DIR}/web/zabbix.conf.php" "/usr/share/zabbix/conf/zabbix.conf.php" && \
-    ln -s "${ZABBIX_CONF_DIR}/web/maintenance.inc.php" "/usr/share/zabbix/conf/maintenance.inc.php" && \
-    chown --quiet -R zabbix:root ${ZABBIX_CONF_DIR}/ /usr/share/zabbix/include/defines.inc.php /usr/share/zabbix/modules/ && \
-    chgrp -R 0 ${ZABBIX_CONF_DIR}/ /usr/share/zabbix/include/defines.inc.php /usr/share/zabbix/modules/ && \
-    chmod -R g=u ${ZABBIX_CONF_DIR}/ /usr/share/zabbix/include/defines.inc.php /usr/share/zabbix/modules/ && \
-    chown --quiet -R zabbix:root /etc/apache2/ /etc/php83/ && \
-    chgrp -R 0 /etc/apache2/ /etc/php83/ && \
-    chmod -R g=u /etc/apache2/ /etc/php83/
+    find ${ZABBIX_WWW_ROOT}/locale -name '*.po' | xargs rm -f && \
+    find ${ZABBIX_WWW_ROOT}/locale -name '*.sh' | xargs rm -f && \
+    ln -s "${ZABBIX_CONF_DIR}/web/zabbix.conf.php" "${ZABBIX_WWW_ROOT}/conf/zabbix.conf.php" && \
+    ln -s "${ZABBIX_CONF_DIR}/web/maintenance.inc.php" "${ZABBIX_WWW_ROOT}/conf/maintenance.inc.php" && \
+    chown --quiet -R zabbix:root ${ZABBIX_CONF_DIR}/ ${ZABBIX_WWW_ROOT}/include/defines.inc.php ${ZABBIX_WWW_ROOT}/modules/ && \
+    chgrp -R 0 ${ZABBIX_CONF_DIR}/ ${ZABBIX_WWW_ROOT}/include/defines.inc.php ${ZABBIX_WWW_ROOT}/modules/ && \
+    chmod -R g=u ${ZABBIX_CONF_DIR}/ ${ZABBIX_WWW_ROOT}/include/defines.inc.php ${ZABBIX_WWW_ROOT}/modules/ && \
+    chown --quiet -R zabbix:root /etc/apache2/ /etc/php83/php-fpm.d/ /etc/php83/php-fpm.conf && \
+    chgrp -R 0 /etc/apache2/ /etc/php83/php-fpm.d/ /etc/php83/php-fpm.conf && \
+    chmod -R g=u /etc/apache2/ /etc/php83/php-fpm.d/ /etc/php83/php-fpm.conf && \
+    chown --quiet -R zabbix:root /var/lib/php/session/ && \
+    chgrp -R 0 /var/lib/php/session/ && \
+    chmod -R g=u /var/lib/php/session/
+
+HEALTHCHECK --interval=1m30s --timeout=3s --retries=3 --start-period=40s --start-interval=5s \
+    CMD curl -f http://localhost:8080/ping || exit 1
 
 EXPOSE 8080/TCP 8443/TCP
 
-WORKDIR /usr/share/zabbix
+WORKDIR ${ZABBIX_WWW_ROOT}
 
 COPY ["docker-entrypoint.sh", "/usr/bin/"]
 
 USER 1997
 
 ENTRYPOINT ["docker-entrypoint.sh"]
-
-CMD ["/usr/sbin/httpd", "-D", "FOREGROUND"]
diff --git a/Dockerfiles/web-apache-mysql/alpine/conf/etc/apache2/conf.d/mime.conf b/Dockerfiles/web-apache-mysql/alpine/conf/etc/apache2/conf.d/mime.conf
@@ -0,0 +1,8 @@
+<IfModule mime_module>
+    TypesConfig /etc/apache2/mime.types
+    AddType application/x-compress .Z
+    AddType application/x-gzip .gz .tgz
+</IfModule>
+<IfModule mime_magic_module>
+    MIMEMagicFile /etc/apache2/magic
+</IfModule>
diff --git a/Dockerfiles/web-apache-mysql/alpine/conf/etc/apache2/httpd.conf b/Dockerfiles/web-apache-mysql/alpine/conf/etc/apache2/httpd.conf
@@ -0,0 +1,75 @@
+ServerRoot /etc/apache2/
+ServerRoot /var/www
+DefaultRuntimeDir /tmp/apache2/
+PidFile /tmp/apache2.pid
+
+ServerName 127.0.0.1
+
+IncludeOptional /etc/apache2/includes.conf
+
+Timeout 300
+KeepAlive On
+MaxKeepAliveRequests 100
+KeepAliveTimeout 5
+
+<IfModule unixd_module>
+    User ${APACHE_RUN_USER}
+    Group ${APACHE_RUN_GROUP}
+</IfModule>
+
+HostnameLookups Off
+
+LogLevel warn
+
+<IfModule log_config_module>
+    SetEnvIf Request_URI "^/(robots\.txt|favicon\.ico|status|ping|apache-status)$" exclude_from_logs
+
+    LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
+    LogFormat "%v:%p %h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" vhost_combined
+    LogFormat "%h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" combined
+    LogFormat "%h %l %u %t \"%r\" %>s %O" common
+    LogFormat "%{Referer}i -> %U" referer
+    LogFormat "%{User-agent}i" agent
+
+    CustomLog ${APACHE_CUSTOM_LOG} vhost_combined env=!exclude_from_logs
+</IfModule>
+
+ErrorLog /proc/self/fd/2
+
+LogLevel warn
+
+<IfModule mpm_event_module>
+    StartServers            2
+    MinSpareThreads         25
+    MaxSpareThreads         75
+    ThreadLimit             64
+    ThreadsPerChild         25
+    MaxRequestWorkers       150
+    MaxConnectionsPerChild  0
+</IfModule>
+
+# Deny all attempts to access hidden files such as .htaccess, .htpasswd, .DS_Store (Mac).
+<FilesMatch "^\.">
+    Require all denied
+</FilesMatch>
+
+ServerTokens ${APACHE_SERVER_TOKENS}
+
+ServerSignature ${APACHE_SERVER_SIGNATURE}
+
+TraceEnable Off
+
+AddDefaultCharset UTF-8
+
+<IfModule status_module>
+    <Location /apache-status>
+        SetHandler server-status
+        Require local
+    </Location>
+
+    ExtendedStatus On
+
+    <IfModule mod_proxy.c>
+        ProxyStatus On
+    </IfModule>
+</IfModule>
diff --git a/Dockerfiles/web-apache-mysql/alpine/conf/etc/apache2/includes.conf b/Dockerfiles/web-apache-mysql/alpine/conf/etc/apache2/includes.conf
@@ -0,0 +1,3 @@
+IncludeOptional /etc/apache2/modules.conf
+
+IncludeOptional /etc/apache2/conf.d/*.conf
diff --git a/Dockerfiles/web-apache-mysql/alpine/conf/etc/apache2/modules.conf b/Dockerfiles/web-apache-mysql/alpine/conf/etc/apache2/modules.conf
@@ -0,0 +1,24 @@
+LoadModule logio_module modules/mod_logio.so
+LoadModule unixd_module modules/mod_unixd.so
+LoadModule log_config_module modules/mod_log_config.so
+LoadModule access_compat_module modules/mod_access_compat.so
+LoadModule auth_basic_module modules/mod_auth_basic.so
+LoadModule authn_core_module modules/mod_authn_core.so
+LoadModule authn_file_module modules/mod_authn_file.so
+LoadModule authz_core_module modules/mod_authz_core.so
+LoadModule authz_host_module modules/mod_authz_host.so
+LoadModule authz_user_module modules/mod_authz_user.so
+LoadModule dir_module modules/mod_dir.so
+LoadModule env_module modules/mod_env.so
+LoadModule filter_module modules/mod_filter.so
+LoadModule mime_module modules/mod_mime.so
+LoadModule mpm_event_module modules/mod_mpm_event.so
+LoadModule negotiation_module modules/mod_negotiation.so
+LoadModule reqtimeout_module modules/mod_reqtimeout.so
+LoadModule setenvif_module modules/mod_setenvif.so
+LoadModule status_module modules/mod_status.so
+
+LoadModule proxy_module modules/mod_proxy.so
+LoadModule proxy_fcgi_module modules/mod_proxy_fcgi.so
+LoadModule expires_module modules/mod_expires.so
+LoadModule headers_module modules/mod_headers.so
diff --git a/Dockerfiles/web-apache-mysql/alpine/conf/etc/php83/conf.d/99-zabbix.ini b/Dockerfiles/web-apache-mysql/alpine/conf/etc/php83/conf.d/99-zabbix.ini
diff --git a/Dockerfiles/web-apache-mysql/alpine/conf/etc/php83/php-fpm.conf b/Dockerfiles/web-apache-mysql/alpine/conf/etc/php83/php-fpm.conf
@@ -0,0 +1,10 @@
+include=/etc/php83/php-fpm.d/*.conf
+
+[global]
+
+pid = /tmp/php-fpm.pid
+
+error_log = /dev/fd/2
+log_level = notice
+
+daemonize = no
diff --git a/Dockerfiles/web-apache-mysql/alpine/conf/etc/php83/php-fpm.d/zabbix.conf b/Dockerfiles/web-apache-mysql/alpine/conf/etc/php83/php-fpm.d/zabbix.conf
@@ -0,0 +1,36 @@
+[zabbix]
+
+; https://www.php.net/manual/en/security.hiding.php
+php_value[expose_php] = ${EXPOSE_WEB_SERVER_INFO}
+
+listen = /tmp/php-fpm.sock
+
+clear_env = no
+
+pm = ${PHP_FPM_PM}
+pm.max_children = ${PHP_FPM_PM_MAX_CHILDREN}
+pm.start_servers = ${PHP_FPM_PM_START_SERVERS}
+pm.min_spare_servers = ${PHP_FPM_PM_MIN_SPARE_SERVERS}
+pm.max_spare_servers = ${PHP_FPM_PM_MAX_SPARE_SERVERS}
+pm.max_requests = ${PHP_FPM_PM_MAX_REQUESTS}
+
+slowlog = /dev/fd/1
+
+php_admin_value[error_log] = /dev/fd/2
+php_admin_flag[log_errors] = on
+catch_workers_output = yes
+
+php_value[session.save_handler] = files
+php_value[session.save_path]    = /var/lib/php/session
+
+php_value[max_execution_time] = ${ZBX_MAXEXECUTIONTIME}
+php_value[memory_limit] = ${ZBX_MEMORYLIMIT}
+php_value[post_max_size] = ${ZBX_POSTMAXSIZE}
+php_value[upload_max_filesize] = ${ZBX_UPLOADMAXFILESIZE}
+php_value[max_input_time] = ${ZBX_MAXINPUTTIME}
+php_value[max_input_vars] = 10000
+php_value[date.timezone] = ${PHP_TZ}
+
+; PHP-FPM monitoring
+pm.status_path = /status
+ping.path = /ping
diff --git a/Dockerfiles/web-apache-mysql/alpine/conf/etc/supervisor/conf.d/supervisord_zabbix.conf b/Dockerfiles/web-apache-mysql/alpine/conf/etc/supervisor/conf.d/supervisord_zabbix.conf
@@ -0,0 +1,30 @@
+[supervisord]
+nodaemon = true
+
+[program:httpd]
+command = /usr/sbin/%(program_name)s -D FOREGROUND
+auto_start = true
+autorestart = true
+
+startsecs=2
+startretries=3
+stopsignal=TERM
+stopwaitsecs=2
+
+redirect_stderr=true
+stdout_logfile = /dev/stdout
+stdout_logfile_maxbytes = 0
+
+[program:php-fpm83]
+command = /usr/sbin/%(program_name)s -F -y /etc/php83/php-fpm.conf
+auto_start = true
+autorestart = true
+
+startsecs=2
+startretries=3
+stopsignal=TERM
+stopwaitsecs=2
+
+redirect_stderr=true
+stdout_logfile = /dev/stdout
+stdout_logfile_maxbytes = 0
diff --git a/Dockerfiles/web-apache-mysql/alpine/conf/etc/supervisor/supervisord.conf b/Dockerfiles/web-apache-mysql/alpine/conf/etc/supervisor/supervisord.conf
@@ -0,0 +1,35 @@
+; supervisor config file
+
+[unix_http_server]
+file = /tmp/supervisor.sock        ; (the path to the socket file)
+chmod = 0700                       ; sockef file mode (default 0700)
+username = zbx
+password = password
+
+[supervisord]
+logfile = /dev/stdout                        ; (main log file;default $CWD/supervisord.log)
+pidfile = /tmp/supervisord.pid               ; (supervisord pidfile;default supervisord.pid)
+childlogdir = /tmp                           ; ('AUTO' child log dir, default $TEMP)
+critical = critical
+;user = zabbix
+logfile_maxbytes = 0
+logfile_backupcount = 0
+loglevel = info
+
+; the below section must remain in the config file for RPC
+; (supervisorctl/web interface) to work, additional interfaces may be
+; added by defining them in separate rpcinterface: sections
+[rpcinterface:supervisor]
+supervisor.rpcinterface_factory = supervisor.rpcinterface:make_main_rpcinterface
+
+[supervisorctl]
+serverurl = unix:///tmp/supervisor.sock ; use a unix:// URL  for a unix socket
+
+; The [include] section can just contain the "files" setting.  This
+; setting can list multiple files (separated by whitespace or
+; newlines).  It can also contain wildcards.  The filenames are
+; interpreted as relative to this file.  Included files *cannot*
+; include files themselves.
+
+[include]
+files = /etc/supervisor/conf.d/*.conf
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1,3 @@
		IncludeOptional /etc/apache2/modules.conf

		IncludeOptional /etc/apache2/conf.d/*.conf