From f239aec83fbe5faf6e0030e90a4602d5e2084da1 Mon Sep 17 00:00:00 2001
From: Alexey Pustovalov <alexey.pustovalov@zabbix.com>
Date: Mon, 13 Jan 2025 19:24:39 +0900
Subject: [PATCH] Migrate to PHP-FPM for all Web images

---
 .../agent/windows/docker-entrypoint.ps1       |   4 +-
 .../agent2/windows/docker-entrypoint.ps1      |   4 +-
 .../web-apache-mysql/alpine/Dockerfile        |  58 +++---
 .../alpine/conf/etc/apache2/conf.d/mime.conf  |   8 +
 .../alpine/conf/etc/apache2/httpd.conf        |  75 +++++++
 .../alpine/conf/etc/apache2/includes.conf     |   3 +
 .../alpine/conf/etc/apache2/modules.conf      |  24 +++
 .../conf/etc/php83/conf.d/99-zabbix.ini       |  10 -
 .../alpine/conf/etc/php83/php-fpm.conf        |  10 +
 .../conf/etc/php83/php-fpm.d/zabbix.conf      |  36 ++++
 .../supervisor/conf.d/supervisord_zabbix.conf |  30 +++
 .../conf/etc/supervisor/supervisord.conf      |  35 ++++
 .../alpine/conf/etc/zabbix/apache.conf        |  32 ++-
 .../alpine/conf/etc/zabbix/apache_ssl.conf    | 195 +++++++++--------
 .../alpine/docker-entrypoint.sh               | 101 +++++----
 .../web-apache-mysql/centos/Dockerfile        |  54 ++---
 .../conf/etc/httpd/conf.d/99-zabbix.conf      |   3 -
 .../centos/conf/etc/httpd/conf.d/mime.conf    |   9 +
 .../centos/conf/etc/httpd/conf/httpd.conf     |  75 +++++++
 .../centos/conf/etc/httpd/includes.conf       |   3 +
 .../centos/conf/etc/httpd/modules.conf        |  24 +++
 .../centos/conf/etc/zabbix/apache.conf        |  21 +-
 .../centos/conf/etc/zabbix/apache_ssl.conf    | 186 +++++++++--------
 .../centos/docker-entrypoint.sh               |  91 ++++----
 Dockerfiles/web-apache-mysql/ol/Dockerfile    |  42 ++--
 .../ol/conf/etc/httpd/conf.d/99-zabbix.conf   |   3 -
 .../ol/conf/etc/httpd/conf.d/mime.conf        |   9 +
 .../ol/conf/etc/httpd/conf/httpd.conf         |  75 +++++++
 .../ol/conf/etc/httpd/includes.conf           |   3 +
 .../ol/conf/etc/httpd/modules.conf            |  24 +++
 .../ol/conf/etc/zabbix/apache.conf            |  21 +-
 .../ol/conf/etc/zabbix/apache_ssl.conf        | 186 +++++++++--------
 .../web-apache-mysql/ol/docker-entrypoint.sh  |  91 ++++----
 .../web-apache-mysql/ubuntu/Dockerfile        |  68 +++---
 .../ubuntu/conf/etc/apache2/apache2.conf      |  75 +++++++
 .../ubuntu/conf/etc/apache2/includes.conf     |   8 +
 .../ubuntu/conf/etc/apache2/modules.conf      |  21 ++
 .../etc/php/8.3/apache2/conf.d/99-zabbix.ini  |  10 -
 .../ubuntu/conf/etc/php/8.3/fpm/php-fpm.conf  |  10 +
 .../conf/etc/php/8.3/fpm/pool.d/zabbix.conf   |  36 ++++
 .../supervisor/conf.d/supervisord_zabbix.conf |  30 +++
 .../conf/etc/supervisor/supervisord.conf      |  35 ++++
 .../ubuntu/conf/etc/zabbix/apache.conf        |  32 ++-
 .../ubuntu/conf/etc/zabbix/apache_envvars     |   4 -
 .../ubuntu/conf/etc/zabbix/apache_ssl.conf    | 196 ++++++++++--------
 .../ubuntu/docker-entrypoint.sh               | 108 +++++-----
 .../web-apache-pgsql/alpine/Dockerfile        |  58 +++---
 .../alpine/conf/etc/apache2/conf.d/mime.conf  |   8 +
 .../alpine/conf/etc/apache2/httpd.conf        |  75 +++++++
 .../alpine/conf/etc/apache2/includes.conf     |   3 +
 .../alpine/conf/etc/apache2/modules.conf      |  24 +++
 .../conf/etc/php83/conf.d/99-zabbix.ini       |  10 -
 .../alpine/conf/etc/php83/php-fpm.conf        |  10 +
 .../conf/etc/php83/php-fpm.d/zabbix.conf      |  36 ++++
 .../supervisor/conf.d/supervisord_zabbix.conf |  30 +++
 .../conf/etc/supervisor/supervisord.conf      |  35 ++++
 .../alpine/conf/etc/zabbix/apache.conf        |  32 ++-
 .../alpine/conf/etc/zabbix/apache_ssl.conf    | 191 +++++++++--------
 .../alpine/docker-entrypoint.sh               | 101 +++++----
 .../web-apache-pgsql/centos/Dockerfile        |  42 ++--
 .../conf/etc/httpd/conf.d/99-zabbix.conf      |   3 -
 .../centos/conf/etc/httpd/conf.d/mime.conf    |   9 +
 .../centos/conf/etc/httpd/conf/httpd.conf     |  75 +++++++
 .../centos/conf/etc/httpd/includes.conf       |   3 +
 .../centos/conf/etc/httpd/modules.conf        |  24 +++
 .../centos/conf/etc/zabbix/apache.conf        |  21 +-
 .../centos/conf/etc/zabbix/apache_ssl.conf    | 186 +++++++++--------
 .../centos/docker-entrypoint.sh               |  91 ++++----
 Dockerfiles/web-apache-pgsql/ol/Dockerfile    |  42 ++--
 .../ol/conf/etc/httpd/conf.d/99-zabbix.conf   |   3 -
 .../ol/conf/etc/httpd/conf.d/mime.conf        |   9 +
 .../ol/conf/etc/httpd/conf/httpd.conf         |  75 +++++++
 .../ol/conf/etc/httpd/includes.conf           |   3 +
 .../ol/conf/etc/httpd/modules.conf            |  24 +++
 .../ol/conf/etc/zabbix/apache.conf            |  21 +-
 .../ol/conf/etc/zabbix/apache_ssl.conf        | 186 +++++++++--------
 .../web-apache-pgsql/ol/docker-entrypoint.sh  | 107 ++++++----
 .../web-apache-pgsql/ubuntu/Dockerfile        |  65 +++---
 .../ubuntu/conf/etc/apache2/apache2.conf      |  75 +++++++
 .../ubuntu/conf/etc/apache2/includes.conf     |   8 +
 .../ubuntu/conf/etc/apache2/modules.conf      |  21 ++
 .../etc/php/8.3/apache2/conf.d/99-zabbix.ini  |  10 -
 .../ubuntu/conf/etc/php/8.3/fpm/php-fpm.conf  |  10 +
 .../conf/etc/php/8.3/fpm/pool.d/zabbix.conf   |  36 ++++
 .../supervisor/conf.d/supervisord_zabbix.conf |  30 +++
 .../conf/etc/supervisor/supervisord.conf      |  35 ++++
 .../ubuntu/conf/etc/zabbix/apache.conf        |  32 ++-
 .../ubuntu/conf/etc/zabbix/apache_ssl.conf    | 196 ++++++++++--------
 .../ubuntu/docker-entrypoint.sh               | 110 +++++-----
 Dockerfiles/web-nginx-mysql/alpine/Dockerfile |  26 ++-
 .../alpine/conf/etc/php83/php-fpm.conf        |   1 +
 .../alpine/conf/etc/zabbix/nginx.conf         |   9 +
 .../alpine/docker-entrypoint.sh               | 123 +++++------
 Dockerfiles/web-nginx-mysql/centos/Dockerfile |  28 +--
 .../centos/conf/etc/php-fpm.conf              |   1 +
 .../centos/conf/etc/zabbix/nginx.conf         |   9 +
 .../centos/docker-entrypoint.sh               | 123 +++++------
 Dockerfiles/web-nginx-mysql/ol/Dockerfile     |  28 +--
 .../web-nginx-mysql/ol/conf/etc/php-fpm.conf  |   1 +
 .../ol/conf/etc/zabbix/nginx.conf             |   9 +
 .../web-nginx-mysql/ol/docker-entrypoint.sh   | 123 +++++------
 Dockerfiles/web-nginx-mysql/rhel/Dockerfile   |  28 +--
 .../rhel/conf/etc/php-fpm.conf                |   1 +
 .../rhel/conf/etc/zabbix/nginx.conf           |   9 +
 .../web-nginx-mysql/rhel/docker-entrypoint.sh | 127 ++++++------
 Dockerfiles/web-nginx-mysql/ubuntu/Dockerfile |  28 +--
 .../ubuntu/conf/etc/php/8.3/fpm/php-fpm.conf  |   1 +
 .../ubuntu/conf/etc/zabbix/nginx.conf         |   9 +
 .../ubuntu/docker-entrypoint.sh               | 125 +++++------
 Dockerfiles/web-nginx-pgsql/alpine/Dockerfile |  26 ++-
 .../alpine/conf/etc/php83/php-fpm.conf        |   1 +
 .../alpine/conf/etc/zabbix/nginx.conf         |   9 +
 .../alpine/docker-entrypoint.sh               | 123 +++++------
 Dockerfiles/web-nginx-pgsql/centos/Dockerfile |  28 +--
 .../centos/conf/etc/php-fpm.conf              |   1 +
 .../centos/conf/etc/zabbix/nginx.conf         |   9 +
 .../centos/docker-entrypoint.sh               |  78 +++++--
 Dockerfiles/web-nginx-pgsql/ol/Dockerfile     |  28 +--
 .../web-nginx-pgsql/ol/conf/etc/php-fpm.conf  |   1 +
 .../ol/conf/etc/zabbix/nginx.conf             |   9 +
 .../web-nginx-pgsql/ol/docker-entrypoint.sh   |  78 +++++--
 Dockerfiles/web-nginx-pgsql/rhel/Dockerfile   |  28 +--
 .../rhel/conf/etc/php-fpm.conf                |   1 +
 .../rhel/conf/etc/zabbix/nginx.conf           |   9 +
 .../web-nginx-pgsql/rhel/docker-entrypoint.sh | 123 +++++------
 Dockerfiles/web-nginx-pgsql/ubuntu/Dockerfile |  28 +--
 .../ubuntu/conf/etc/php/8.3/fpm/php-fpm.conf  |   1 +
 .../ubuntu/conf/etc/zabbix/nginx.conf         |   9 +
 .../ubuntu/docker-entrypoint.sh               |  80 +++++--
 compose_databases.yaml                        |   6 +-
 compose_zabbix_components.yaml                | 115 ++++++----
 131 files changed, 4005 insertions(+), 1938 deletions(-)
 create mode 100644 Dockerfiles/web-apache-mysql/alpine/conf/etc/apache2/conf.d/mime.conf
 create mode 100644 Dockerfiles/web-apache-mysql/alpine/conf/etc/apache2/httpd.conf
 create mode 100644 Dockerfiles/web-apache-mysql/alpine/conf/etc/apache2/includes.conf
 create mode 100644 Dockerfiles/web-apache-mysql/alpine/conf/etc/apache2/modules.conf
 delete mode 100644 Dockerfiles/web-apache-mysql/alpine/conf/etc/php83/conf.d/99-zabbix.ini
 create mode 100644 Dockerfiles/web-apache-mysql/alpine/conf/etc/php83/php-fpm.conf
 create mode 100644 Dockerfiles/web-apache-mysql/alpine/conf/etc/php83/php-fpm.d/zabbix.conf
 create mode 100644 Dockerfiles/web-apache-mysql/alpine/conf/etc/supervisor/conf.d/supervisord_zabbix.conf
 create mode 100644 Dockerfiles/web-apache-mysql/alpine/conf/etc/supervisor/supervisord.conf
 delete mode 100644 Dockerfiles/web-apache-mysql/centos/conf/etc/httpd/conf.d/99-zabbix.conf
 create mode 100644 Dockerfiles/web-apache-mysql/centos/conf/etc/httpd/conf.d/mime.conf
 create mode 100644 Dockerfiles/web-apache-mysql/centos/conf/etc/httpd/conf/httpd.conf
 create mode 100644 Dockerfiles/web-apache-mysql/centos/conf/etc/httpd/includes.conf
 create mode 100644 Dockerfiles/web-apache-mysql/centos/conf/etc/httpd/modules.conf
 delete mode 100644 Dockerfiles/web-apache-mysql/ol/conf/etc/httpd/conf.d/99-zabbix.conf
 create mode 100644 Dockerfiles/web-apache-mysql/ol/conf/etc/httpd/conf.d/mime.conf
 create mode 100644 Dockerfiles/web-apache-mysql/ol/conf/etc/httpd/conf/httpd.conf
 create mode 100644 Dockerfiles/web-apache-mysql/ol/conf/etc/httpd/includes.conf
 create mode 100644 Dockerfiles/web-apache-mysql/ol/conf/etc/httpd/modules.conf
 create mode 100644 Dockerfiles/web-apache-mysql/ubuntu/conf/etc/apache2/apache2.conf
 create mode 100644 Dockerfiles/web-apache-mysql/ubuntu/conf/etc/apache2/includes.conf
 create mode 100644 Dockerfiles/web-apache-mysql/ubuntu/conf/etc/apache2/modules.conf
 delete mode 100644 Dockerfiles/web-apache-mysql/ubuntu/conf/etc/php/8.3/apache2/conf.d/99-zabbix.ini
 create mode 100644 Dockerfiles/web-apache-mysql/ubuntu/conf/etc/php/8.3/fpm/php-fpm.conf
 create mode 100644 Dockerfiles/web-apache-mysql/ubuntu/conf/etc/php/8.3/fpm/pool.d/zabbix.conf
 create mode 100644 Dockerfiles/web-apache-mysql/ubuntu/conf/etc/supervisor/conf.d/supervisord_zabbix.conf
 create mode 100644 Dockerfiles/web-apache-mysql/ubuntu/conf/etc/supervisor/supervisord.conf
 delete mode 100644 Dockerfiles/web-apache-mysql/ubuntu/conf/etc/zabbix/apache_envvars
 create mode 100644 Dockerfiles/web-apache-pgsql/alpine/conf/etc/apache2/conf.d/mime.conf
 create mode 100644 Dockerfiles/web-apache-pgsql/alpine/conf/etc/apache2/httpd.conf
 create mode 100644 Dockerfiles/web-apache-pgsql/alpine/conf/etc/apache2/includes.conf
 create mode 100644 Dockerfiles/web-apache-pgsql/alpine/conf/etc/apache2/modules.conf
 delete mode 100644 Dockerfiles/web-apache-pgsql/alpine/conf/etc/php83/conf.d/99-zabbix.ini
 create mode 100644 Dockerfiles/web-apache-pgsql/alpine/conf/etc/php83/php-fpm.conf
 create mode 100644 Dockerfiles/web-apache-pgsql/alpine/conf/etc/php83/php-fpm.d/zabbix.conf
 create mode 100644 Dockerfiles/web-apache-pgsql/alpine/conf/etc/supervisor/conf.d/supervisord_zabbix.conf
 create mode 100644 Dockerfiles/web-apache-pgsql/alpine/conf/etc/supervisor/supervisord.conf
 delete mode 100644 Dockerfiles/web-apache-pgsql/centos/conf/etc/httpd/conf.d/99-zabbix.conf
 create mode 100644 Dockerfiles/web-apache-pgsql/centos/conf/etc/httpd/conf.d/mime.conf
 create mode 100644 Dockerfiles/web-apache-pgsql/centos/conf/etc/httpd/conf/httpd.conf
 create mode 100644 Dockerfiles/web-apache-pgsql/centos/conf/etc/httpd/includes.conf
 create mode 100644 Dockerfiles/web-apache-pgsql/centos/conf/etc/httpd/modules.conf
 delete mode 100644 Dockerfiles/web-apache-pgsql/ol/conf/etc/httpd/conf.d/99-zabbix.conf
 create mode 100644 Dockerfiles/web-apache-pgsql/ol/conf/etc/httpd/conf.d/mime.conf
 create mode 100644 Dockerfiles/web-apache-pgsql/ol/conf/etc/httpd/conf/httpd.conf
 create mode 100644 Dockerfiles/web-apache-pgsql/ol/conf/etc/httpd/includes.conf
 create mode 100644 Dockerfiles/web-apache-pgsql/ol/conf/etc/httpd/modules.conf
 create mode 100644 Dockerfiles/web-apache-pgsql/ubuntu/conf/etc/apache2/apache2.conf
 create mode 100644 Dockerfiles/web-apache-pgsql/ubuntu/conf/etc/apache2/includes.conf
 create mode 100644 Dockerfiles/web-apache-pgsql/ubuntu/conf/etc/apache2/modules.conf
 delete mode 100644 Dockerfiles/web-apache-pgsql/ubuntu/conf/etc/php/8.3/apache2/conf.d/99-zabbix.ini
 create mode 100644 Dockerfiles/web-apache-pgsql/ubuntu/conf/etc/php/8.3/fpm/php-fpm.conf
 create mode 100644 Dockerfiles/web-apache-pgsql/ubuntu/conf/etc/php/8.3/fpm/pool.d/zabbix.conf
 create mode 100644 Dockerfiles/web-apache-pgsql/ubuntu/conf/etc/supervisor/conf.d/supervisord_zabbix.conf
 create mode 100644 Dockerfiles/web-apache-pgsql/ubuntu/conf/etc/supervisor/supervisord.conf

diff --git a/Dockerfiles/agent/windows/docker-entrypoint.ps1 b/Dockerfiles/agent/windows/docker-entrypoint.ps1
index c7bb5d4bc6..443f4cc8c7 100644
--- a/Dockerfiles/agent/windows/docker-entrypoint.ps1
+++ b/Dockerfiles/agent/windows/docker-entrypoint.ps1
@@ -127,8 +127,8 @@ function File-Process-From-Env {
     )
 
     if (![string]::IsNullOrEmpty($VarValue)) {
-        $VarValue | Set-Content "$ZabbixInternalEncDir\$VarName"
-        $FileName="$ZabbixInternalEncDir\$VarName"
+        $VarValue | Set-Content "$ZabbixInternalEncDir\VarName"
+        $FileName="$ZabbixInternalEncDir\VarName"
     }
 
     if (![string]::IsNullOrEmpty($FileName)) {
diff --git a/Dockerfiles/agent2/windows/docker-entrypoint.ps1 b/Dockerfiles/agent2/windows/docker-entrypoint.ps1
index d0a6907459..f78ae4684d 100644
--- a/Dockerfiles/agent2/windows/docker-entrypoint.ps1
+++ b/Dockerfiles/agent2/windows/docker-entrypoint.ps1
@@ -127,8 +127,8 @@ function File-Process-From-Env {
     )
 
     if (![string]::IsNullOrEmpty($VarValue)) {
-        $VarValue | Set-Content "$ZabbixInternalEncDir\$VarName"
-        $FileName="$ZabbixInternalEncDir\$VarName"
+        $VarValue | Set-Content "$ZabbixInternalEncDir\VarName"
+        $FileName="$ZabbixInternalEncDir\VarName"
     }
 
     if (![string]::IsNullOrEmpty($FileName)) {
diff --git a/Dockerfiles/web-apache-mysql/alpine/Dockerfile b/Dockerfiles/web-apache-mysql/alpine/Dockerfile
index ae12dcbe30..b70fe2b32b 100644
--- a/Dockerfiles/web-apache-mysql/alpine/Dockerfile
+++ b/Dockerfiles/web-apache-mysql/alpine/Dockerfile
@@ -14,7 +14,8 @@ ARG ZBX_SOURCES=https://git.zabbix.com/scm/zbx/zabbix.git
 
 ENV TERM=xterm \
     ZBX_VERSION=${ZBX_VERSION} ZBX_SOURCES=${ZBX_SOURCES} \
-    ZABBIX_CONF_DIR="/etc/zabbix"
+    ZABBIX_CONF_DIR="/etc/zabbix" \
+    ZABBIX_WWW_ROOT="/usr/share/zabbix"
 
 LABEL org.opencontainers.image.authors="Alexey Pustovalov <alexey.pustovalov@zabbix.com>" \
       org.opencontainers.image.description="Zabbix web-interface based on Apache2 web server with MySQL database support" \
@@ -28,20 +29,20 @@ LABEL org.opencontainers.image.authors="Alexey Pustovalov <alexey.pustovalov@zab
 
 STOPSIGNAL SIGTERM
 
-COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}/ui", "/usr/share/zabbix"]
+COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}/ui", "${ZABBIX_WWW_ROOT}"]
 COPY ["conf/etc/", "/etc/"]
 
 RUN set -eux && \
     INSTALL_PKGS="bash \
             tzdata \
-            apache2 \
             curl \
             mariadb-client \
             mariadb-connector-c \
-            php83-apache2 \
+            apache2-proxy \
             php83-bcmath \
             php83-ctype \
             php83-curl \
+            php83-fpm \
             php83-gd \
             php83-gettext \
             php83-json \
@@ -54,7 +55,8 @@ RUN set -eux && \
             php83-fileinfo \
             php83-xmlreader \
             php83-xmlwriter \
-            php83-openssl" && \
+            php83-openssl \
+            supervisor" && \
     apk add \
             --no-cache \
             --clean-protected \
@@ -82,38 +84,40 @@ RUN set -eux && \
     mkdir -p ${ZABBIX_CONF_DIR}/web/certs && \
     rm -f "/etc/apache2/conf.d/default.conf" && \
     rm -f "/etc/apache2/conf.d/ssl.conf" && \
-    sed -ri \
-            -e 's!^(\s*CustomLog)\s+\S+!\1 /proc/self/fd/1!g' \
-            -e 's!^(\s*ErrorLog)\s+\S+!\1 /proc/self/fd/2!g' \
-        "/etc/apache2/httpd.conf" && \
-    sed -ri \
-            -e 's!^(\s*PidFile)\s+\S+!\1 "/tmp/httpd.pid"!g' \
-        "/etc/apache2/conf.d/mpm.conf" && \
-    sed -i 's/Listen 80/Listen 8080/g' /etc/apache2/httpd.conf && \
+    rm -f "/etc/apache2/conf.d/info.conf" && \
+    rm -f "/etc/apache2/conf.d/mpm.conf" && \
+    rm -f "/etc/apache2/conf.d/proxy.conf" && \
+    rm -f "/etc/apache2/conf.d/userdir.conf" && \
+    mkdir -p /var/lib/php/session && \
+    rm -rf /etc/php83/php-fpm.d/www.conf && \
     rm -rf "/var/run/apache2/" && \
-    cd /usr/share/zabbix/ && \
+    cd ${ZABBIX_WWW_ROOT}/ && \
     rm -f conf/zabbix.conf.php conf/maintenance.inc.php conf/zabbix.conf.php.example && \
     rm -rf tests && \
     rm -f locale/add_new_language.sh locale/update_po.sh locale/make_mo.sh && \
-    find /usr/share/zabbix/locale -name '*.po' | xargs rm -f && \
-    find /usr/share/zabbix/locale -name '*.sh' | xargs rm -f && \
-    ln -s "${ZABBIX_CONF_DIR}/web/zabbix.conf.php" "/usr/share/zabbix/conf/zabbix.conf.php" && \
-    ln -s "${ZABBIX_CONF_DIR}/web/maintenance.inc.php" "/usr/share/zabbix/conf/maintenance.inc.php" && \
-    chown --quiet -R zabbix:root ${ZABBIX_CONF_DIR}/ /usr/share/zabbix/include/defines.inc.php /usr/share/zabbix/modules/ && \
-    chgrp -R 0 ${ZABBIX_CONF_DIR}/ /usr/share/zabbix/include/defines.inc.php /usr/share/zabbix/modules/ && \
-    chmod -R g=u ${ZABBIX_CONF_DIR}/ /usr/share/zabbix/include/defines.inc.php /usr/share/zabbix/modules/ && \
-    chown --quiet -R zabbix:root /etc/apache2/ /etc/php83/ && \
-    chgrp -R 0 /etc/apache2/ /etc/php83/ && \
-    chmod -R g=u /etc/apache2/ /etc/php83/
+    find ${ZABBIX_WWW_ROOT}/locale -name '*.po' | xargs rm -f && \
+    find ${ZABBIX_WWW_ROOT}/locale -name '*.sh' | xargs rm -f && \
+    ln -s "${ZABBIX_CONF_DIR}/web/zabbix.conf.php" "${ZABBIX_WWW_ROOT}/conf/zabbix.conf.php" && \
+    ln -s "${ZABBIX_CONF_DIR}/web/maintenance.inc.php" "${ZABBIX_WWW_ROOT}/conf/maintenance.inc.php" && \
+    chown --quiet -R zabbix:root ${ZABBIX_CONF_DIR}/ ${ZABBIX_WWW_ROOT}/include/defines.inc.php ${ZABBIX_WWW_ROOT}/modules/ && \
+    chgrp -R 0 ${ZABBIX_CONF_DIR}/ ${ZABBIX_WWW_ROOT}/include/defines.inc.php ${ZABBIX_WWW_ROOT}/modules/ && \
+    chmod -R g=u ${ZABBIX_CONF_DIR}/ ${ZABBIX_WWW_ROOT}/include/defines.inc.php ${ZABBIX_WWW_ROOT}/modules/ && \
+    chown --quiet -R zabbix:root /etc/apache2/ /etc/php83/php-fpm.d/ /etc/php83/php-fpm.conf && \
+    chgrp -R 0 /etc/apache2/ /etc/php83/php-fpm.d/ /etc/php83/php-fpm.conf && \
+    chmod -R g=u /etc/apache2/ /etc/php83/php-fpm.d/ /etc/php83/php-fpm.conf && \
+    chown --quiet -R zabbix:root /var/lib/php/session/ && \
+    chgrp -R 0 /var/lib/php/session/ && \
+    chmod -R g=u /var/lib/php/session/
+
+HEALTHCHECK --interval=1m30s --timeout=3s --retries=3 --start-period=40s --start-interval=5s \
+    CMD curl -f http://localhost:8080/ping || exit 1
 
 EXPOSE 8080/TCP 8443/TCP
 
-WORKDIR /usr/share/zabbix
+WORKDIR ${ZABBIX_WWW_ROOT}
 
 COPY ["docker-entrypoint.sh", "/usr/bin/"]
 
 USER 1997
 
 ENTRYPOINT ["docker-entrypoint.sh"]
-
-CMD ["/usr/sbin/httpd", "-D", "FOREGROUND"]
diff --git a/Dockerfiles/web-apache-mysql/alpine/conf/etc/apache2/conf.d/mime.conf b/Dockerfiles/web-apache-mysql/alpine/conf/etc/apache2/conf.d/mime.conf
new file mode 100644
index 0000000000..9d0a0a6dcf
--- /dev/null
+++ b/Dockerfiles/web-apache-mysql/alpine/conf/etc/apache2/conf.d/mime.conf
@@ -0,0 +1,8 @@
+<IfModule mime_module>
+    TypesConfig /etc/apache2/mime.types
+    AddType application/x-compress .Z
+    AddType application/x-gzip .gz .tgz
+</IfModule>
+<IfModule mime_magic_module>
+    MIMEMagicFile /etc/apache2/magic
+</IfModule>
diff --git a/Dockerfiles/web-apache-mysql/alpine/conf/etc/apache2/httpd.conf b/Dockerfiles/web-apache-mysql/alpine/conf/etc/apache2/httpd.conf
new file mode 100644
index 0000000000..2cf9de5361
--- /dev/null
+++ b/Dockerfiles/web-apache-mysql/alpine/conf/etc/apache2/httpd.conf
@@ -0,0 +1,75 @@
+ServerRoot /etc/apache2/
+ServerRoot /var/www
+DefaultRuntimeDir /tmp/apache2/
+PidFile /tmp/apache2.pid
+
+ServerName 127.0.0.1
+
+IncludeOptional /etc/apache2/includes.conf
+
+Timeout 300
+KeepAlive On
+MaxKeepAliveRequests 100
+KeepAliveTimeout 5
+
+<IfModule unixd_module>
+    User ${APACHE_RUN_USER}
+    Group ${APACHE_RUN_GROUP}
+</IfModule>
+
+HostnameLookups Off
+
+LogLevel warn
+
+<IfModule log_config_module>
+    SetEnvIf Request_URI "^/(robots\.txt|favicon\.ico|status|ping|apache-status)$" exclude_from_logs
+
+    LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
+    LogFormat "%v:%p %h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" vhost_combined
+    LogFormat "%h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" combined
+    LogFormat "%h %l %u %t \"%r\" %>s %O" common
+    LogFormat "%{Referer}i -> %U" referer
+    LogFormat "%{User-agent}i" agent
+
+    CustomLog ${APACHE_CUSTOM_LOG} vhost_combined env=!exclude_from_logs
+</IfModule>
+
+ErrorLog /proc/self/fd/2
+
+LogLevel warn
+
+<IfModule mpm_event_module>
+    StartServers            2
+    MinSpareThreads         25
+    MaxSpareThreads         75
+    ThreadLimit             64
+    ThreadsPerChild         25
+    MaxRequestWorkers       150
+    MaxConnectionsPerChild  0
+</IfModule>
+
+# Deny all attempts to access hidden files such as .htaccess, .htpasswd, .DS_Store (Mac).
+<FilesMatch "^\.">
+    Require all denied
+</FilesMatch>
+
+ServerTokens ${APACHE_SERVER_TOKENS}
+
+ServerSignature ${APACHE_SERVER_SIGNATURE}
+
+TraceEnable Off
+
+AddDefaultCharset UTF-8
+
+<IfModule status_module>
+    <Location /apache-status>
+        SetHandler server-status
+        Require local
+    </Location>
+
+    ExtendedStatus On
+
+    <IfModule mod_proxy.c>
+        ProxyStatus On
+    </IfModule>
+</IfModule>
diff --git a/Dockerfiles/web-apache-mysql/alpine/conf/etc/apache2/includes.conf b/Dockerfiles/web-apache-mysql/alpine/conf/etc/apache2/includes.conf
new file mode 100644
index 0000000000..1c093db0b8
--- /dev/null
+++ b/Dockerfiles/web-apache-mysql/alpine/conf/etc/apache2/includes.conf
@@ -0,0 +1,3 @@
+IncludeOptional /etc/apache2/modules.conf
+
+IncludeOptional /etc/apache2/conf.d/*.conf
diff --git a/Dockerfiles/web-apache-mysql/alpine/conf/etc/apache2/modules.conf b/Dockerfiles/web-apache-mysql/alpine/conf/etc/apache2/modules.conf
new file mode 100644
index 0000000000..4f642f8e98
--- /dev/null
+++ b/Dockerfiles/web-apache-mysql/alpine/conf/etc/apache2/modules.conf
@@ -0,0 +1,24 @@
+LoadModule logio_module modules/mod_logio.so
+LoadModule unixd_module modules/mod_unixd.so
+LoadModule log_config_module modules/mod_log_config.so
+LoadModule access_compat_module modules/mod_access_compat.so
+LoadModule auth_basic_module modules/mod_auth_basic.so
+LoadModule authn_core_module modules/mod_authn_core.so
+LoadModule authn_file_module modules/mod_authn_file.so
+LoadModule authz_core_module modules/mod_authz_core.so
+LoadModule authz_host_module modules/mod_authz_host.so
+LoadModule authz_user_module modules/mod_authz_user.so
+LoadModule dir_module modules/mod_dir.so
+LoadModule env_module modules/mod_env.so
+LoadModule filter_module modules/mod_filter.so
+LoadModule mime_module modules/mod_mime.so
+LoadModule mpm_event_module modules/mod_mpm_event.so
+LoadModule negotiation_module modules/mod_negotiation.so
+LoadModule reqtimeout_module modules/mod_reqtimeout.so
+LoadModule setenvif_module modules/mod_setenvif.so
+LoadModule status_module modules/mod_status.so
+
+LoadModule proxy_module modules/mod_proxy.so
+LoadModule proxy_fcgi_module modules/mod_proxy_fcgi.so
+LoadModule expires_module modules/mod_expires.so
+LoadModule headers_module modules/mod_headers.so
diff --git a/Dockerfiles/web-apache-mysql/alpine/conf/etc/php83/conf.d/99-zabbix.ini b/Dockerfiles/web-apache-mysql/alpine/conf/etc/php83/conf.d/99-zabbix.ini
deleted file mode 100644
index e180720b92..0000000000
--- a/Dockerfiles/web-apache-mysql/alpine/conf/etc/php83/conf.d/99-zabbix.ini
+++ /dev/null
@@ -1,10 +0,0 @@
-max_execution_time = ${ZBX_MAXEXECUTIONTIME}
-memory_limit = ${ZBX_MEMORYLIMIT}
-post_max_size = ${ZBX_POSTMAXSIZE}
-upload_max_filesize = ${ZBX_UPLOADMAXFILESIZE}
-max_input_time = ${ZBX_MAXINPUTTIME}
-; always_populate_raw_post_data=-1
-max_input_vars = 10000
-date.timezone = ${PHP_TZ}
-; https://www.php.net/manual/en/security.hiding.php
-expose_php = ${EXPOSE_WEB_SERVER_INFO}
diff --git a/Dockerfiles/web-apache-mysql/alpine/conf/etc/php83/php-fpm.conf b/Dockerfiles/web-apache-mysql/alpine/conf/etc/php83/php-fpm.conf
new file mode 100644
index 0000000000..e23aa2d905
--- /dev/null
+++ b/Dockerfiles/web-apache-mysql/alpine/conf/etc/php83/php-fpm.conf
@@ -0,0 +1,10 @@
+include=/etc/php83/php-fpm.d/*.conf
+
+[global]
+
+pid = /tmp/php-fpm.pid
+
+error_log = /dev/fd/2
+log_level = notice
+
+daemonize = no
diff --git a/Dockerfiles/web-apache-mysql/alpine/conf/etc/php83/php-fpm.d/zabbix.conf b/Dockerfiles/web-apache-mysql/alpine/conf/etc/php83/php-fpm.d/zabbix.conf
new file mode 100644
index 0000000000..66c3c1252c
--- /dev/null
+++ b/Dockerfiles/web-apache-mysql/alpine/conf/etc/php83/php-fpm.d/zabbix.conf
@@ -0,0 +1,36 @@
+[zabbix]
+
+; https://www.php.net/manual/en/security.hiding.php
+php_value[expose_php] = ${EXPOSE_WEB_SERVER_INFO}
+
+listen = /tmp/php-fpm.sock
+
+clear_env = no
+
+pm = ${PHP_FPM_PM}
+pm.max_children = ${PHP_FPM_PM_MAX_CHILDREN}
+pm.start_servers = ${PHP_FPM_PM_START_SERVERS}
+pm.min_spare_servers = ${PHP_FPM_PM_MIN_SPARE_SERVERS}
+pm.max_spare_servers = ${PHP_FPM_PM_MAX_SPARE_SERVERS}
+pm.max_requests = ${PHP_FPM_PM_MAX_REQUESTS}
+
+slowlog = /dev/fd/1
+
+php_admin_value[error_log] = /dev/fd/2
+php_admin_flag[log_errors] = on
+catch_workers_output = yes
+
+php_value[session.save_handler] = files
+php_value[session.save_path]    = /var/lib/php/session
+
+php_value[max_execution_time] = ${ZBX_MAXEXECUTIONTIME}
+php_value[memory_limit] = ${ZBX_MEMORYLIMIT}
+php_value[post_max_size] = ${ZBX_POSTMAXSIZE}
+php_value[upload_max_filesize] = ${ZBX_UPLOADMAXFILESIZE}
+php_value[max_input_time] = ${ZBX_MAXINPUTTIME}
+php_value[max_input_vars] = 10000
+php_value[date.timezone] = ${PHP_TZ}
+
+; PHP-FPM monitoring
+pm.status_path = /status
+ping.path = /ping
diff --git a/Dockerfiles/web-apache-mysql/alpine/conf/etc/supervisor/conf.d/supervisord_zabbix.conf b/Dockerfiles/web-apache-mysql/alpine/conf/etc/supervisor/conf.d/supervisord_zabbix.conf
new file mode 100644
index 0000000000..4471419844
--- /dev/null
+++ b/Dockerfiles/web-apache-mysql/alpine/conf/etc/supervisor/conf.d/supervisord_zabbix.conf
@@ -0,0 +1,30 @@
+[supervisord]
+nodaemon = true
+
+[program:httpd]
+command = /usr/sbin/%(program_name)s -D FOREGROUND
+auto_start = true
+autorestart = true
+
+startsecs=2
+startretries=3
+stopsignal=TERM
+stopwaitsecs=2
+
+redirect_stderr=true
+stdout_logfile = /dev/stdout
+stdout_logfile_maxbytes = 0
+
+[program:php-fpm83]
+command = /usr/sbin/%(program_name)s -F -y /etc/php83/php-fpm.conf
+auto_start = true
+autorestart = true
+
+startsecs=2
+startretries=3
+stopsignal=TERM
+stopwaitsecs=2
+
+redirect_stderr=true
+stdout_logfile = /dev/stdout
+stdout_logfile_maxbytes = 0
diff --git a/Dockerfiles/web-apache-mysql/alpine/conf/etc/supervisor/supervisord.conf b/Dockerfiles/web-apache-mysql/alpine/conf/etc/supervisor/supervisord.conf
new file mode 100644
index 0000000000..f8d80e461b
--- /dev/null
+++ b/Dockerfiles/web-apache-mysql/alpine/conf/etc/supervisor/supervisord.conf
@@ -0,0 +1,35 @@
+; supervisor config file
+
+[unix_http_server]
+file = /tmp/supervisor.sock        ; (the path to the socket file)
+chmod = 0700                       ; sockef file mode (default 0700)
+username = zbx
+password = password
+
+[supervisord]
+logfile = /dev/stdout                        ; (main log file;default $CWD/supervisord.log)
+pidfile = /tmp/supervisord.pid               ; (supervisord pidfile;default supervisord.pid)
+childlogdir = /tmp                           ; ('AUTO' child log dir, default $TEMP)
+critical = critical
+;user = zabbix
+logfile_maxbytes = 0
+logfile_backupcount = 0
+loglevel = info
+
+; the below section must remain in the config file for RPC
+; (supervisorctl/web interface) to work, additional interfaces may be
+; added by defining them in separate rpcinterface: sections
+[rpcinterface:supervisor]
+supervisor.rpcinterface_factory = supervisor.rpcinterface:make_main_rpcinterface
+
+[supervisorctl]
+serverurl = unix:///tmp/supervisor.sock ; use a unix:// URL  for a unix socket
+
+; The [include] section can just contain the "files" setting.  This
+; setting can list multiple files (separated by whitespace or
+; newlines).  It can also contain wildcards.  The filenames are
+; interpreted as relative to this file.  Included files *cannot*
+; include files themselves.
+
+[include]
+files = /etc/supervisor/conf.d/*.conf
diff --git a/Dockerfiles/web-apache-mysql/alpine/conf/etc/zabbix/apache.conf b/Dockerfiles/web-apache-mysql/alpine/conf/etc/zabbix/apache.conf
index b32e8167fe..f0a69becdd 100644
--- a/Dockerfiles/web-apache-mysql/alpine/conf/etc/zabbix/apache.conf
+++ b/Dockerfiles/web-apache-mysql/alpine/conf/etc/zabbix/apache.conf
@@ -1,14 +1,44 @@
+Listen 8080
+
 <VirtualHost *:8080>
     DocumentRoot /usr/share/zabbix/
+
     ServerName zabbix
-    DirectoryIndex {HTTP_INDEX_FILE}
+
+    DirectoryIndex ${HTTP_INDEX_FILE}
+
     AddType application/x-httpd-php .php .php3 .php4 .php5 .phtml
     AddType application/x-httpd-php-source .phps
 
+    SetEnvIfNoCase ^Authorization$ "(.+)" HTTP_AUTHORIZATION=$1
+
+    <LocationMatch "/(ping|status)">
+        Order Allow,Deny
+        Allow from all
+
+        SetHandler "proxy:unix:/tmp/php-fpm.sock|fcgi://localhost"
+    </LocationMatch>
+
     <Directory "/usr/share/zabbix">
         Options FollowSymLinks
         AllowOverride None
         Require all granted
+
+        <FilesMatch \.(php|phar)$>
+            SetHandler "proxy:unix:/tmp/php-fpm.sock|fcgi://localhost"
+        </FilesMatch>
+
+        <filesMatch "\.(ico)$">
+            ExpiresActive On
+            ExpiresDefault "access plus 1 year"
+            Header append Cache-Control "public"
+        </filesMatch>
+
+        <filesMatch "\.(js|css|png|jpg|jpeg|gif|xml|txt)$">
+            ExpiresActive On
+            ExpiresDefault "access plus 14 day"
+            Header append Cache-Control "public"
+        </filesMatch>
     </Directory>
 
     <Directory "/usr/share/zabbix/conf">
diff --git a/Dockerfiles/web-apache-mysql/alpine/conf/etc/zabbix/apache_ssl.conf b/Dockerfiles/web-apache-mysql/alpine/conf/etc/zabbix/apache_ssl.conf
index 92b08a986f..b46e7f800d 100644
--- a/Dockerfiles/web-apache-mysql/alpine/conf/etc/zabbix/apache_ssl.conf
+++ b/Dockerfiles/web-apache-mysql/alpine/conf/etc/zabbix/apache_ssl.conf
@@ -1,88 +1,113 @@
-LoadModule ssl_module modules/mod_ssl.so
-LoadModule socache_shmcb_module modules/mod_socache_shmcb.so
+LoadModule ssl_module /usr/lib/apache2/modules/mod_ssl.so
+LoadModule socache_shmcb_module /usr/lib/apache2/modules/mod_socache_shmcb.so
 
 Listen 8443
 
-<IfModule mod_ssl.c>
-    <VirtualHost *:8443>
-        DocumentRoot /usr/share/zabbix/
-        ServerName zabbix
-        DirectoryIndex {HTTP_INDEX_FILE}
-
-        AddType application/x-httpd-php .php .php3 .php4 .php5 .phtml
-        AddType application/x-httpd-php-source .phps
-
-        # Enable/Disable SSL for this virtual host.
-        SSLEngine on
-
-        # intermediate configuration
-        SSLProtocol             -all +TLSv1.2 +TLSv1.3
-        SSLCipherSuite          ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305
-        SSLHonorCipherOrder     off
-        SSLSessionTickets       off
-
-        SSLCertificateFile /etc/ssl/apache2/ssl.crt
-        SSLCertificateKeyFile /etc/ssl/apache2/ssl.key
-        # SSLCACertificatePath /etc/ssl/apache2/chain/
-
-        # enable HTTP/2, if available
-        Protocols h2 http/1.1
-
-        # HTTP Strict Transport Security (mod_headers is required) (63072000 seconds)
-        Header always set Strict-Transport-Security "max-age=63072000"
-
-        <Directory "/usr/share/zabbix">
-            Options FollowSymLinks
-            AllowOverride None
-            Require all granted
-        </Directory>
-
-        <Directory "/usr/share/zabbix/conf">
-            Require all denied
-            <files *.php>
-                Order deny,allow
-                Deny from all
-            </files>
-        </Directory>
-
-        <Directory "/usr/share/zabbix/app">
-            Require all denied
-            <files *.php>
-                Order deny,allow
-                Deny from all
-            </files>
-        </Directory>
-
-        <Directory "/usr/share/zabbix/include">
-            Require all denied
-            <files *.php>
-                Order deny,allow
-                Deny from all
-            </files>
-        </Directory>
-
-        <Directory "/usr/share/zabbix/local">
-            Require all denied
-            <files *.php>
-                Order deny,allow
-                Deny from all
-            </files>
-        </Directory>
-
-        <Directory "/usr/share/zabbix/locale">
-            Require all denied
-            <files *.php>
-                Order deny,allow
-                Deny from all
-            </files>
-        </Directory>
-
-        <Directory "/usr/share/zabbix/vendor">
-            Require all denied
-            <files *.php>
-                Order deny,allow
-                Deny from all
-            </files>
-        </Directory>
-    </VirtualHost>
-</IfModule>
+<VirtualHost *:8443>
+    DocumentRoot /usr/share/zabbix/
+
+    ServerName zabbix
+
+    DirectoryIndex ${HTTP_INDEX_FILE}
+
+    AddType application/x-httpd-php .php .php3 .php4 .php5 .phtml
+    AddType application/x-httpd-php-source .phps
+
+    SetEnvIfNoCase ^Authorization$ "(.+)" HTTP_AUTHORIZATION=$1
+
+    # Enable/Disable SSL for this virtual host.
+    SSLEngine on
+
+    # intermediate configuration
+    SSLProtocol             -all +TLSv1.2 +TLSv1.3
+    SSLCipherSuite          ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305
+    SSLHonorCipherOrder     off
+    SSLSessionTickets       off
+
+    SSLCertificateFile /etc/ssl/apache2/ssl.crt
+    SSLCertificateKeyFile /etc/ssl/apache2/ssl.key
+    # SSLCACertificatePath /etc/ssl/apache2/chain/
+
+    # enable HTTP/2, if available
+    Protocols h2 http/1.1
+
+    # HTTP Strict Transport Security (mod_headers is required) (63072000 seconds)
+    Header always set Strict-Transport-Security "max-age=63072000"
+
+    <LocationMatch "/(ping|status)">
+        Order Allow,Deny
+        Allow from all
+
+        SetHandler "proxy:unix:/tmp/php-fpm.sock|fcgi://localhost"
+    </LocationMatch>
+
+    <Directory "/usr/share/zabbix">
+        Options FollowSymLinks
+        AllowOverride None
+        Require all granted
+
+        <FilesMatch \.(php|phar)$>
+            SetHandler "proxy:unix:/tmp/php-fpm.sock|fcgi://localhost"
+        </FilesMatch>
+
+        <filesMatch "\.(ico)$">
+            ExpiresActive On
+            ExpiresDefault "access plus 1 year"
+            Header append Cache-Control "public"
+        </filesMatch>
+
+        <filesMatch "\.(js|css|png|jpg|jpeg|gif|xml|txt)$">
+            ExpiresActive On
+            ExpiresDefault "access plus 14 day"
+            Header append Cache-Control "public"
+        </filesMatch>
+    </Directory>
+
+    <Directory "/usr/share/zabbix/conf">
+        Require all denied
+        <files *.php>
+            Order deny,allow
+            Deny from all
+        </files>
+    </Directory>
+
+    <Directory "/usr/share/zabbix/app">
+        Require all denied
+        <files *.php>
+            Order deny,allow
+            Deny from all
+        </files>
+    </Directory>
+
+    <Directory "/usr/share/zabbix/include">
+        Require all denied
+        <files *.php>
+            Order deny,allow
+            Deny from all
+        </files>
+    </Directory>
+
+    <Directory "/usr/share/zabbix/local">
+        Require all denied
+        <files *.php>
+            Order deny,allow
+            Deny from all
+        </files>
+    </Directory>
+
+    <Directory "/usr/share/zabbix/locale">
+        Require all denied
+        <files *.php>
+            Order deny,allow
+            Deny from all
+        </files>
+    </Directory>
+
+    <Directory "/usr/share/zabbix/vendor">
+        Require all denied
+        <files *.php>
+            Order deny,allow
+            Deny from all
+        </files>
+    </Directory>
+</VirtualHost>
diff --git a/Dockerfiles/web-apache-mysql/alpine/docker-entrypoint.sh b/Dockerfiles/web-apache-mysql/alpine/docker-entrypoint.sh
index 1147ccfd35..f1d36b2347 100755
--- a/Dockerfiles/web-apache-mysql/alpine/docker-entrypoint.sh
+++ b/Dockerfiles/web-apache-mysql/alpine/docker-entrypoint.sh
@@ -18,11 +18,19 @@ fi
 # Default timezone for web interface
 : ${PHP_TZ:="Europe/Riga"}
 
+# Default user settings
+: ${DAEMON_USER:="apache"}
+: ${DAEMON_GROUP:="apache"}
+
 # Default directories
-# Web interface www-root directory
-ZABBIX_WWW_ROOT="/usr/share/zabbix"
 # Apache main configuration file
 HTTPD_CONF_FILE="/etc/apache2/httpd.conf"
+# Apache additional configuration files directory
+APACHE_SITES_DIR="/etc/apache2/conf.d"
+# Directory with SSL certificate files for Apache
+APACHE_SSL_CONFIG_DIR="/etc/ssl/apache2"
+# PHP-FPM configuration file
+PHP_CONFIG_FILE="/etc/php83/php-fpm.d/zabbix.conf"
 
 # usage: file_env VAR [DEFAULT]
 # as example: file_env 'MYSQL_PASSWORD' 'zabbix'
@@ -131,7 +139,12 @@ check_db_connect() {
 }
 
 prepare_web_server() {
-    APACHE_SITES_DIR=/etc/apache2/conf.d
+    if [ "$(id -u)" == '0' ]; then
+        export APACHE_RUN_USER=${DAEMON_USER}
+    else
+        export APACHE_RUN_USER=$(id -n -u)
+    fi
+    export APACHE_RUN_GROUP=${DAEMON_GROUP}
 
     echo "** Adding Zabbix virtual host (HTTP)"
     if [ -f "$ZABBIX_CONF_DIR/apache.conf" ]; then
@@ -140,7 +153,7 @@ prepare_web_server() {
         echo "**** Impossible to enable HTTP virtual host"
     fi
 
-    if [ -f "/etc/ssl/apache2/ssl.crt" ] && [ -f "/etc/ssl/apache2/ssl.key" ]; then
+    if [ -f "$APACHE_SSL_CONFIG_DIR/ssl.crt" ] && [ -f "$APACHE_SSL_CONFIG_DIR/ssl.key" ]; then
         echo "** Adding Zabbix virtual host (HTTPS)"
         if [ -f "$ZABBIX_CONF_DIR/apache_ssl.conf" ]; then
             ln -sfT "$ZABBIX_CONF_DIR/apache_ssl.conf" "$APACHE_SITES_DIR/zabbix_ssl.conf"
@@ -150,10 +163,42 @@ prepare_web_server() {
     else
         echo "**** Impossible to enable SSL support for Apache2. Certificates are missed."
     fi
+
+    export HTTP_INDEX_FILE=${HTTP_INDEX_FILE:="index.php"}
+
+    : ${ENABLE_WEB_ACCESS_LOG:="true"}
+    export APACHE_CUSTOM_LOG="/proc/self/fd/1"
+    if [ "${ENABLE_WEB_ACCESS_LOG,,}" == "false" ]; then
+        export APACHE_CUSTOM_LOG="/dev/null"
+    fi
+
+    : ${EXPOSE_WEB_SERVER_INFO:="on"}
+    export APACHE_SERVER_TOKENS="OS"
+    export APACHE_SERVER_SIGNATURE="On"
+    if [ "${EXPOSE_WEB_SERVER_INFO}" == "off" ]; then
+        export APACHE_SERVER_TOKENS="Prod"
+        export APACHE_SERVER_SIGNATURE="Off"
+    fi
+
+    mkdir -p /tmp/apache2
 }
 
-prepare_zbx_web_config() {
-    echo "** Preparing Zabbix frontend configuration file"
+prepare_zbx_php_config() {
+    echo "** Preparing PHP configuration"
+
+    export PHP_FPM_PM=${PHP_FPM_PM:-"dynamic"}
+    export PHP_FPM_PM_MAX_CHILDREN=${PHP_FPM_PM_MAX_CHILDREN:-"50"}
+    export PHP_FPM_PM_START_SERVERS=${PHP_FPM_PM_START_SERVERS:-"5"}
+    export PHP_FPM_PM_MIN_SPARE_SERVERS=${PHP_FPM_PM_MIN_SPARE_SERVERS:-"5"}
+    export PHP_FPM_PM_MAX_SPARE_SERVERS=${PHP_FPM_PM_MAX_SPARE_SERVERS:-"35"}
+    export PHP_FPM_PM_MAX_REQUESTS=${PHP_FPM_PM_MAX_REQUESTS:-"0"}
+
+    if [ "$(id -u)" == '0' ]; then
+        echo "user = ${DAEMON_USER}" >> "$PHP_CONFIG_FILE"
+        echo "group = ${DAEMON_GROUP}" >> "$PHP_CONFIG_FILE"
+        echo "listen.owner = ${DAEMON_USER}" >> "$PHP_CONFIG_FILE"
+        echo "listen.group = ${DAEMON_GROUP}" >> "$PHP_CONFIG_FILE"
+    fi
 
     : ${ZBX_DENY_GUI_ACCESS:="false"}
     export ZBX_DENY_GUI_ACCESS=${ZBX_DENY_GUI_ACCESS,,}
@@ -206,45 +251,14 @@ prepare_zbx_web_config() {
 
     : ${ZBX_ALLOW_HTTP_AUTH:="true"}
     export ZBX_ALLOW_HTTP_AUTH=${ZBX_ALLOW_HTTP_AUTH}
+}
 
+prepare_zbx_config() {
     if [ -n "${ZBX_SESSION_NAME}" ]; then
         cp "$ZABBIX_WWW_ROOT/include/defines.inc.php" "/tmp/defines.inc.php_tmp"
         sed "/ZBX_SESSION_NAME/s/'[^']*'/'${ZBX_SESSION_NAME}'/2" "/tmp/defines.inc.php_tmp" > "$ZABBIX_WWW_ROOT/include/defines.inc.php"
         rm -f "/tmp/defines.inc.php_tmp"
     fi
-
-    : ${HTTP_INDEX_FILE:="index.php"}
-    sed -i \
-        -e "s/{HTTP_INDEX_FILE}/${HTTP_INDEX_FILE}/g" \
-    "$ZABBIX_CONF_DIR/apache.conf"
-
-    if [ -f "$ZABBIX_CONF_DIR/apache_ssl.conf" ]; then
-        sed -i \
-            -e "s/{HTTP_INDEX_FILE}/${HTTP_INDEX_FILE}/g" \
-        "$ZABBIX_CONF_DIR/apache_ssl.conf"
-    fi
-
-    : ${ENABLE_WEB_ACCESS_LOG:="true"}
-
-    if [ "${ENABLE_WEB_ACCESS_LOG,,}" == "false" ]; then
-        sed -ri \
-            -e 's!^(\s*CustomLog)\s+\S+!\1 /dev/null!g' \
-            "$HTTPD_CONF_FILE"
-    fi
-
-    : ${EXPOSE_WEB_SERVER_INFO:="on"}
-    if [ "${EXPOSE_WEB_SERVER_INFO}" = "off" ]; then
-        sed -i \
-            -e "s/^\(\s*ServerTokens\).*\$/\1 Prod/g" \
-        "$HTTPD_CONF_FILE"
-    else
-        EXPOSE_WEB_SERVER_INFO="on"
-    fi
-
-    export EXPOSE_WEB_SERVER_INFO=${EXPOSE_WEB_SERVER_INFO}
-    sed -i \
-        -e "s/^\(\s*ServerSignature\).*\$/\1 ${EXPOSE_WEB_SERVER_INFO^}/g" \
-    "$HTTPD_CONF_FILE"
 }
 
 #################################################
@@ -253,17 +267,18 @@ echo "** Deploying Zabbix web-interface (Apache) with MySQL database"
 
 check_variables
 check_db_connect
+prepare_zbx_php_config
 prepare_web_server
-prepare_zbx_web_config
+prepare_zbx_config
 
 echo "########################################################"
 
 if [ "$1" != "" ]; then
     echo "** Executing '$@'"
     exec "$@"
-elif [ -f "/usr/sbin/httpd" ]; then
-    echo "** Executing HTTPD"
-    exec /usr/sbin/httpd -D FOREGROUND
+elif [ -f "/usr/bin/supervisord" ]; then
+    echo "** Executing supervisord"
+    exec /usr/bin/supervisord -c /etc/supervisor/supervisord.conf
 else
     echo "Unknown instructions. Exiting..."
     exit 1
diff --git a/Dockerfiles/web-apache-mysql/centos/Dockerfile b/Dockerfiles/web-apache-mysql/centos/Dockerfile
index 62901f4afb..f4819e4a20 100644
--- a/Dockerfiles/web-apache-mysql/centos/Dockerfile
+++ b/Dockerfiles/web-apache-mysql/centos/Dockerfile
@@ -14,7 +14,8 @@ ARG ZBX_SOURCES=https://git.zabbix.com/scm/zbx/zabbix.git
 
 ENV TERM=xterm \
     ZBX_VERSION=${ZBX_VERSION} ZBX_SOURCES=${ZBX_SOURCES} \
-    ZABBIX_CONF_DIR="/etc/zabbix"
+    ZABBIX_CONF_DIR="/etc/zabbix" \
+    ZABBIX_WWW_ROOT="/usr/share/zabbix"
 
 LABEL org.opencontainers.image.authors="Alexey Pustovalov <alexey.pustovalov@zabbix.com>" \
       org.opencontainers.image.description="Zabbix web-interface based on Apache2 web server with MySQL database support" \
@@ -28,7 +29,7 @@ LABEL org.opencontainers.image.authors="Alexey Pustovalov <alexey.pustovalov@zab
 
 STOPSIGNAL SIGTERM
 
-COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}/ui", "/usr/share/zabbix"]
+COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}/ui", "${ZABBIX_WWW_ROOT}"]
 COPY ["conf/etc/", "/etc/"]
 
 RUN --mount=type=tmpfs,target=/var/lib/dnf/ \
@@ -53,12 +54,6 @@ RUN --mount=type=tmpfs,target=/var/lib/dnf/ \
             glibc-locale-source \
             shadow-utils \
             supervisor" && \
-    microdnf -y module enable \
-        --disablerepo "*" \
-        --enablerepo "appstream" \
-        --setopt=install_weak_deps=0 \
-        --setopt=keepcache=0 \
-        php:8.2 && \
     microdnf -y install \
         --disablerepo "*" \
         --enablerepo "extras-common" \
@@ -66,6 +61,12 @@ RUN --mount=type=tmpfs,target=/var/lib/dnf/ \
         --setopt=keepcache=0 \
         --best \
         --nodocs epel-release && \
+    microdnf -y module enable \
+        --disablerepo "*" \
+        --enablerepo "appstream" \
+        --setopt=install_weak_deps=0 \
+        --setopt=keepcache=0 \
+        php:8.2 && \
     microdnf -y install \
         --disablerepo "*" \
         --enablerepo "baseos" \
@@ -99,26 +100,26 @@ RUN --mount=type=tmpfs,target=/var/lib/dnf/ \
     mkdir -p ${ZABBIX_CONF_DIR}/web/certs && \
     rm -f "/etc/httpd/conf.d/default.conf" && \
     rm -f "/etc/httpd/conf.d/ssl.conf" && \
+    rm -f "/etc/httpd/conf.d/autoindex.conf" && \
+    rm -f "/etc/httpd/conf.d/php.conf" && \
+    rm -f "/etc/httpd/conf.d/userdir.conf" && \
+    rm -f "/etc/httpd/conf.d/welcome.conf" && \
     rm -f /etc/php-fpm.d/www.conf && \
-    sed -ri \
-            -e 's!^(\s*CustomLog)\s+\S+!\1 /proc/self/fd/1!g' \
-            -e 's!^(\s*ErrorLog)\s+\S+!\1 /proc/self/fd/2!g' \
-        "/etc/httpd/conf/httpd.conf" && \
-    sed -i 's/Listen 80/Listen 8080/g' /etc/httpd/conf/httpd.conf && \
-    cd /usr/share/zabbix/ && \
+    find /etc/ -name '*.rpmnew' | xargs rm -f && \
+    cd ${ZABBIX_WWW_ROOT}/ && \
     rm -f conf/zabbix.conf.php conf/maintenance.inc.php conf/zabbix.conf.php.example && \
     rm -rf tests && \
     rm -f locale/add_new_language.sh locale/update_po.sh locale/make_mo.sh && \
-    find /usr/share/zabbix/locale -name '*.po' | xargs rm -f && \
-    find /usr/share/zabbix/locale -name '*.sh' | xargs rm -f && \
-    ln -s "${ZABBIX_CONF_DIR}/web/zabbix.conf.php" "/usr/share/zabbix/conf/zabbix.conf.php" && \
-    ln -s "${ZABBIX_CONF_DIR}/web/maintenance.inc.php" "/usr/share/zabbix/conf/maintenance.inc.php" && \
-    cat /usr/share/zabbix/include/locales.inc.php | grep display | grep true | awk '{$1=$1};1' | \
+    find ${ZABBIX_WWW_ROOT}/locale -name '*.po' | xargs rm -f && \
+    find ${ZABBIX_WWW_ROOT}/locale -name '*.sh' | xargs rm -f && \
+    ln -s "${ZABBIX_CONF_DIR}/web/zabbix.conf.php" "${ZABBIX_WWW_ROOT}/conf/zabbix.conf.php" && \
+    ln -s "${ZABBIX_CONF_DIR}/web/maintenance.inc.php" "${ZABBIX_WWW_ROOT}/conf/maintenance.inc.php" && \
+    cat ${ZABBIX_WWW_ROOT}/include/locales.inc.php | grep display | grep true | awk '{$1=$1};1' | \
         cut -d"'" -f 2 | sort | \
         xargs -I '{}' bash -c 'echo "{}" && localedef -c -i {} -f UTF-8 {}.UTF-8 2>/dev/null' && \
-    chown --quiet -R zabbix:root ${ZABBIX_CONF_DIR}/ /usr/share/zabbix/include/defines.inc.php /usr/share/zabbix/modules/ && \
-    chgrp -R 0 ${ZABBIX_CONF_DIR}/ /usr/share/zabbix/include/defines.inc.php /usr/share/zabbix/modules/ && \
-    chmod -R g=u ${ZABBIX_CONF_DIR}/ /usr/share/zabbix/include/defines.inc.php /usr/share/zabbix/modules/ && \
+    chown --quiet -R zabbix:root ${ZABBIX_CONF_DIR}/ ${ZABBIX_WWW_ROOT}/include/defines.inc.php ${ZABBIX_WWW_ROOT}/modules/ && \
+    chgrp -R 0 ${ZABBIX_CONF_DIR}/ ${ZABBIX_WWW_ROOT}/include/defines.inc.php ${ZABBIX_WWW_ROOT}/modules/ && \
+    chmod -R g=u ${ZABBIX_CONF_DIR}/ ${ZABBIX_WWW_ROOT}/include/defines.inc.php ${ZABBIX_WWW_ROOT}/modules/ && \
     chown --quiet -R zabbix:root /etc/httpd/ /etc/php-fpm.d/ /etc/php-fpm.conf && \
     chgrp -R 0 /etc/httpd/ /etc/php-fpm.d/ /etc/php-fpm.conf && \
     chmod -R g=u /etc/httpd/ /etc/php-fpm.d/ /etc/php-fpm.conf && \
@@ -126,12 +127,15 @@ RUN --mount=type=tmpfs,target=/var/lib/dnf/ \
     chgrp -R 0 /run/httpd/ /var/lib/php/session/ && \
     chmod -R g=u /run/httpd/ /var/lib/php/session/ && \
     microdnf -y remove \
-        findutils \
-        glibc-locale-source
+            findutils \
+            glibc-locale-source
+
+HEALTHCHECK --interval=1m30s --timeout=3s --retries=3 --start-period=40s --start-interval=5s \
+    CMD curl -f http://localhost:8080/ping || exit 1
 
 EXPOSE 8080/TCP 8443/TCP
 
-WORKDIR /usr/share/zabbix
+WORKDIR ${ZABBIX_WWW_ROOT}
 
 COPY ["docker-entrypoint.sh", "/usr/bin/"]
 
diff --git a/Dockerfiles/web-apache-mysql/centos/conf/etc/httpd/conf.d/99-zabbix.conf b/Dockerfiles/web-apache-mysql/centos/conf/etc/httpd/conf.d/99-zabbix.conf
deleted file mode 100644
index c28b761b99..0000000000
--- a/Dockerfiles/web-apache-mysql/centos/conf/etc/httpd/conf.d/99-zabbix.conf
+++ /dev/null
@@ -1,3 +0,0 @@
-<IfModule !mpm_netware_module>
-    PidFile "/tmp/httpd.pid"
-</IfModule>
diff --git a/Dockerfiles/web-apache-mysql/centos/conf/etc/httpd/conf.d/mime.conf b/Dockerfiles/web-apache-mysql/centos/conf/etc/httpd/conf.d/mime.conf
new file mode 100644
index 0000000000..6dd43b1cfa
--- /dev/null
+++ b/Dockerfiles/web-apache-mysql/centos/conf/etc/httpd/conf.d/mime.conf
@@ -0,0 +1,9 @@
+<IfModule mime_module>
+    TypesConfig /etc/mime.types
+
+    AddType application/x-compress .Z
+    AddType application/x-gzip .gz .tgz
+</IfModule>
+<IfModule mime_magic_module>
+    MIMEMagicFile conf/magic
+</IfModule>
diff --git a/Dockerfiles/web-apache-mysql/centos/conf/etc/httpd/conf/httpd.conf b/Dockerfiles/web-apache-mysql/centos/conf/etc/httpd/conf/httpd.conf
new file mode 100644
index 0000000000..eacc151234
--- /dev/null
+++ b/Dockerfiles/web-apache-mysql/centos/conf/etc/httpd/conf/httpd.conf
@@ -0,0 +1,75 @@
+ServerRoot /etc/httpd/
+ServerRoot /var/www
+DefaultRuntimeDir /tmp/httpd/
+PidFile /tmp/httpd.pid
+
+ServerName 127.0.0.1
+
+IncludeOptional /etc/httpd/includes.conf
+
+Timeout 300
+KeepAlive On
+MaxKeepAliveRequests 100
+KeepAliveTimeout 5
+
+<IfModule unixd_module>
+    User ${APACHE_RUN_USER}
+    Group ${APACHE_RUN_GROUP}
+</IfModule>
+
+HostnameLookups Off
+
+LogLevel warn
+
+<IfModule log_config_module>
+    SetEnvIf Request_URI "^/(robots\.txt|favicon\.ico|status|ping|apache-status)$" exclude_from_logs
+
+    LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
+    LogFormat "%v:%p %h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" vhost_combined
+    LogFormat "%h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" combined
+    LogFormat "%h %l %u %t \"%r\" %>s %O" common
+    LogFormat "%{Referer}i -> %U" referer
+    LogFormat "%{User-agent}i" agent
+
+    CustomLog ${APACHE_CUSTOM_LOG} vhost_combined env=!exclude_from_logs
+</IfModule>
+
+ErrorLog /proc/self/fd/2
+
+LogLevel warn
+
+<IfModule mpm_event_module>
+    StartServers            2
+    MinSpareThreads         25
+    MaxSpareThreads         75
+    ThreadLimit             64
+    ThreadsPerChild         25
+    MaxRequestWorkers       150
+    MaxConnectionsPerChild  0
+</IfModule>
+
+# Deny all attempts to access hidden files such as .htaccess, .htpasswd, .DS_Store (Mac).
+<FilesMatch "^\.">
+    Require all denied
+</FilesMatch>
+
+ServerTokens ${APACHE_SERVER_TOKENS}
+
+ServerSignature ${APACHE_SERVER_SIGNATURE}
+
+TraceEnable Off
+
+AddDefaultCharset UTF-8
+
+<IfModule status_module>
+    <Location /apache-status>
+        SetHandler server-status
+        Require local
+    </Location>
+
+    ExtendedStatus On
+
+    <IfModule mod_proxy.c>
+        ProxyStatus On
+    </IfModule>
+</IfModule>
diff --git a/Dockerfiles/web-apache-mysql/centos/conf/etc/httpd/includes.conf b/Dockerfiles/web-apache-mysql/centos/conf/etc/httpd/includes.conf
new file mode 100644
index 0000000000..f7ee6da9b3
--- /dev/null
+++ b/Dockerfiles/web-apache-mysql/centos/conf/etc/httpd/includes.conf
@@ -0,0 +1,3 @@
+IncludeOptional /etc/httpd/modules.conf
+
+IncludeOptional /etc/httpd/conf.d/*.conf
diff --git a/Dockerfiles/web-apache-mysql/centos/conf/etc/httpd/modules.conf b/Dockerfiles/web-apache-mysql/centos/conf/etc/httpd/modules.conf
new file mode 100644
index 0000000000..e84a9daac2
--- /dev/null
+++ b/Dockerfiles/web-apache-mysql/centos/conf/etc/httpd/modules.conf
@@ -0,0 +1,24 @@
+LoadModule logio_module /usr/lib64/httpd/modules/mod_logio.so
+LoadModule unixd_module /usr/lib64/httpd/modules/mod_unixd.so
+LoadModule log_config_module /usr/lib64/httpd/modules/mod_log_config.so
+LoadModule access_compat_module /usr/lib64/httpd/modules/mod_access_compat.so
+LoadModule auth_basic_module /usr/lib64/httpd/modules/mod_auth_basic.so
+LoadModule authn_core_module /usr/lib64/httpd/modules/mod_authn_core.so
+LoadModule authn_file_module /usr/lib64/httpd/modules/mod_authn_file.so
+LoadModule authz_core_module /usr/lib64/httpd/modules/mod_authz_core.so
+LoadModule authz_host_module /usr/lib64/httpd/modules/mod_authz_host.so
+LoadModule authz_user_module /usr/lib64/httpd/modules/mod_authz_user.so
+LoadModule dir_module /usr/lib64/httpd/modules/mod_dir.so
+LoadModule env_module /usr/lib64/httpd/modules/mod_env.so
+LoadModule filter_module /usr/lib64/httpd/modules/mod_filter.so
+LoadModule mime_module /usr/lib64/httpd/modules/mod_mime.so
+LoadModule mpm_event_module /usr/lib64/httpd/modules/mod_mpm_event.so
+LoadModule negotiation_module /usr/lib64/httpd/modules/mod_negotiation.so
+LoadModule reqtimeout_module /usr/lib64/httpd/modules/mod_reqtimeout.so
+LoadModule setenvif_module /usr/lib64/httpd/modules/mod_setenvif.so
+LoadModule status_module /usr/lib64/httpd/modules/mod_status.so
+
+LoadModule proxy_module /usr/lib64/httpd/modules/mod_proxy.so
+LoadModule proxy_fcgi_module /usr/lib64/httpd/modules/mod_proxy_fcgi.so
+LoadModule expires_module /usr/lib64/httpd/modules/mod_expires.so
+LoadModule headers_module /usr/lib64/httpd/modules/mod_headers.so
diff --git a/Dockerfiles/web-apache-mysql/centos/conf/etc/zabbix/apache.conf b/Dockerfiles/web-apache-mysql/centos/conf/etc/zabbix/apache.conf
index e696330bf3..f0a69becdd 100644
--- a/Dockerfiles/web-apache-mysql/centos/conf/etc/zabbix/apache.conf
+++ b/Dockerfiles/web-apache-mysql/centos/conf/etc/zabbix/apache.conf
@@ -1,10 +1,17 @@
+Listen 8080
+
 <VirtualHost *:8080>
     DocumentRoot /usr/share/zabbix/
+
     ServerName zabbix
-    DirectoryIndex {HTTP_INDEX_FILE}
+
+    DirectoryIndex ${HTTP_INDEX_FILE}
+
     AddType application/x-httpd-php .php .php3 .php4 .php5 .phtml
     AddType application/x-httpd-php-source .phps
 
+    SetEnvIfNoCase ^Authorization$ "(.+)" HTTP_AUTHORIZATION=$1
+
     <LocationMatch "/(ping|status)">
         Order Allow,Deny
         Allow from all
@@ -20,6 +27,18 @@
         <FilesMatch \.(php|phar)$>
             SetHandler "proxy:unix:/tmp/php-fpm.sock|fcgi://localhost"
         </FilesMatch>
+
+        <filesMatch "\.(ico)$">
+            ExpiresActive On
+            ExpiresDefault "access plus 1 year"
+            Header append Cache-Control "public"
+        </filesMatch>
+
+        <filesMatch "\.(js|css|png|jpg|jpeg|gif|xml|txt)$">
+            ExpiresActive On
+            ExpiresDefault "access plus 14 day"
+            Header append Cache-Control "public"
+        </filesMatch>
     </Directory>
 
     <Directory "/usr/share/zabbix/conf">
diff --git a/Dockerfiles/web-apache-mysql/centos/conf/etc/zabbix/apache_ssl.conf b/Dockerfiles/web-apache-mysql/centos/conf/etc/zabbix/apache_ssl.conf
index 43faf0efff..dfa10d8750 100644
--- a/Dockerfiles/web-apache-mysql/centos/conf/etc/zabbix/apache_ssl.conf
+++ b/Dockerfiles/web-apache-mysql/centos/conf/etc/zabbix/apache_ssl.conf
@@ -1,97 +1,113 @@
-LoadModule ssl_module modules/mod_ssl.so
-LoadModule socache_shmcb_module modules/mod_socache_shmcb.so
+LoadModule ssl_module /usr/lib64/httpd/modules/mod_ssl.so
+LoadModule socache_shmcb_module /usr/lib64/httpd/modules/mod_socache_shmcb.so
 
 Listen 8443
 
-    <VirtualHost *:8443>
-        DocumentRoot /usr/share/zabbix/
-        ServerName zabbix
-        DirectoryIndex {HTTP_INDEX_FILE}
+<VirtualHost *:8443>
+    DocumentRoot /usr/share/zabbix/
 
-        AddType application/x-httpd-php .php .php3 .php4 .php5 .phtml
-        AddType application/x-httpd-php-source .phps
+    ServerName zabbix
 
-        # Enable/Disable SSL for this virtual host.
-        SSLEngine on
+    DirectoryIndex ${HTTP_INDEX_FILE}
 
-        # intermediate configuration
-        SSLProtocol             -all +TLSv1.2 +TLSv1.3
-        SSLCipherSuite          ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305
-        SSLHonorCipherOrder     off
-        SSLSessionTickets       off
+    AddType application/x-httpd-php .php .php3 .php4 .php5 .phtml
+    AddType application/x-httpd-php-source .phps
 
-        SSLCertificateFile /etc/ssl/apache2/ssl.crt
-        SSLCertificateKeyFile /etc/ssl/apache2/ssl.key
-        # SSLCACertificatePath /etc/ssl/apache2/chain/
+    SetEnvIfNoCase ^Authorization$ "(.+)" HTTP_AUTHORIZATION=$1
 
-        # enable HTTP/2, if available
-        Protocols h2 http/1.1
+    # Enable/Disable SSL for this virtual host.
+    SSLEngine on
 
-        # HTTP Strict Transport Security (mod_headers is required) (63072000 seconds)
-        Header always set Strict-Transport-Security "max-age=63072000"
+    # intermediate configuration
+    SSLProtocol             -all +TLSv1.2 +TLSv1.3
+    SSLCipherSuite          ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305
+    SSLHonorCipherOrder     off
+    SSLSessionTickets       off
 
-        <LocationMatch "/(ping|status)">
-            Order Allow,Deny
-            Allow from all
+    SSLCertificateFile /etc/ssl/apache2/ssl.crt
+    SSLCertificateKeyFile /etc/ssl/apache2/ssl.key
+    # SSLCACertificatePath /etc/ssl/apache2/chain/
 
+    # enable HTTP/2, if available
+    Protocols h2 http/1.1
+
+    # HTTP Strict Transport Security (mod_headers is required) (63072000 seconds)
+    Header always set Strict-Transport-Security "max-age=63072000"
+
+    <LocationMatch "/(ping|status)">
+        Order Allow,Deny
+        Allow from all
+
+        SetHandler "proxy:unix:/tmp/php-fpm.sock|fcgi://localhost"
+    </LocationMatch>
+
+    <Directory "/usr/share/zabbix">
+        Options FollowSymLinks
+        AllowOverride None
+        Require all granted
+
+        <FilesMatch \.(php|phar)$>
             SetHandler "proxy:unix:/tmp/php-fpm.sock|fcgi://localhost"
-        </LocationMatch>
-
-        <Directory "/usr/share/zabbix">
-            Options FollowSymLinks
-            AllowOverride None
-            Require all granted
-
-            <FilesMatch \.(php|phar)$>
-                SetHandler "proxy:unix:/tmp/php-fpm.sock|fcgi://localhost"
-            </FilesMatch>
-        </Directory>
-
-        <Directory "/usr/share/zabbix/conf">
-            Require all denied
-            <files *.php>
-                Order deny,allow
-                Deny from all
-            </files>
-        </Directory>
-
-        <Directory "/usr/share/zabbix/app">
-            Require all denied
-            <files *.php>
-                Order deny,allow
-                Deny from all
-            </files>
-        </Directory>
-
-        <Directory "/usr/share/zabbix/include">
-            Require all denied
-            <files *.php>
-                Order deny,allow
-                Deny from all
-            </files>
-        </Directory>
-
-        <Directory "/usr/share/zabbix/local">
-            Require all denied
-            <files *.php>
-                Order deny,allow
-                Deny from all
-            </files>
-        </Directory>
-
-        <Directory "/usr/share/zabbix/locale">
-            Require all denied
-            <files *.php>
-                Order deny,allow
-                Deny from all
-            </files>
-        </Directory>
-
-        <Directory "/usr/share/zabbix/vendor">
-            Require all denied
-            <files *.php>
-                Order deny,allow
-                Deny from all
-            </files>
-        </Directory>
-    </VirtualHost>
+        </FilesMatch>
+
+        <filesMatch "\.(ico)$">
+            ExpiresActive On
+            ExpiresDefault "access plus 1 year"
+            Header append Cache-Control "public"
+        </filesMatch>
+
+        <filesMatch "\.(js|css|png|jpg|jpeg|gif|xml|txt)$">
+            ExpiresActive On
+            ExpiresDefault "access plus 14 day"
+            Header append Cache-Control "public"
+        </filesMatch>
+    </Directory>
+
+    <Directory "/usr/share/zabbix/conf">
+        Require all denied
+        <files *.php>
+            Order deny,allow
+            Deny from all
+        </files>
+    </Directory>
+
+    <Directory "/usr/share/zabbix/app">
+        Require all denied
+        <files *.php>
+            Order deny,allow
+            Deny from all
+        </files>
+    </Directory>
+
+    <Directory "/usr/share/zabbix/include">
+        Require all denied
+        <files *.php>
+            Order deny,allow
+            Deny from all
+        </files>
+    </Directory>
+
+    <Directory "/usr/share/zabbix/local">
+        Require all denied
+        <files *.php>
+            Order deny,allow
+            Deny from all
+        </files>
+    </Directory>
+
+    <Directory "/usr/share/zabbix/locale">
+        Require all denied
+        <files *.php>
+            Order deny,allow
+            Deny from all
+        </files>
+    </Directory>
+
+    <Directory "/usr/share/zabbix/vendor">
+        Require all denied
+        <files *.php>
+            Order deny,allow
+            Deny from all
+        </files>
+    </Directory>
+</VirtualHost>
diff --git a/Dockerfiles/web-apache-mysql/centos/docker-entrypoint.sh b/Dockerfiles/web-apache-mysql/centos/docker-entrypoint.sh
index bdd3cac8c4..79deeb0934 100755
--- a/Dockerfiles/web-apache-mysql/centos/docker-entrypoint.sh
+++ b/Dockerfiles/web-apache-mysql/centos/docker-entrypoint.sh
@@ -18,11 +18,19 @@ fi
 # Default timezone for web interface
 : ${PHP_TZ:="Europe/Riga"}
 
+# Default user settings
+: ${DAEMON_USER:="apache"}
+: ${DAEMON_GROUP:="apache"}
+
 # Default directories
-# Web interface www-root directory
-ZABBIX_WWW_ROOT="/usr/share/zabbix"
 # Apache main configuration file
 HTTPD_CONF_FILE="/etc/httpd/conf/httpd.conf"
+# Apache additional configuration files directory
+APACHE_SITES_DIR="/etc/httpd/conf.d"
+# Directory with SSL certificate files for Apache
+APACHE_SSL_CONFIG_DIR="/etc/ssl/apache2"
+# PHP-FPM configuration file
+PHP_CONFIG_FILE="/etc/php-fpm.d/zabbix.conf"
 
 # usage: file_env VAR [DEFAULT]
 # as example: file_env 'MYSQL_PASSWORD' 'zabbix'
@@ -131,7 +139,12 @@ check_db_connect() {
 }
 
 prepare_web_server() {
-    APACHE_SITES_DIR=/etc/httpd/conf.d
+    if [ "$(id -u)" == '0' ]; then
+        export APACHE_RUN_USER=${DAEMON_USER}
+    else
+        export APACHE_RUN_USER=$(id -n -u)
+    fi
+    export APACHE_RUN_GROUP=${DAEMON_GROUP}
 
     echo "** Adding Zabbix virtual host (HTTP)"
     if [ -f "$ZABBIX_CONF_DIR/apache.conf" ]; then
@@ -140,7 +153,7 @@ prepare_web_server() {
         echo "**** Impossible to enable HTTP virtual host"
     fi
 
-    if [ -f "/etc/ssl/apache2/ssl.crt" ] && [ -f "/etc/ssl/apache2/ssl.key" ]; then
+    if [ -f "$APACHE_SSL_CONFIG_DIR/ssl.crt" ] && [ -f "$APACHE_SSL_CONFIG_DIR/ssl.key" ]; then
         echo "** Adding Zabbix virtual host (HTTPS)"
         if [ -f "$ZABBIX_CONF_DIR/apache_ssl.conf" ]; then
             ln -sfT "$ZABBIX_CONF_DIR/apache_ssl.conf" "$APACHE_SITES_DIR/zabbix_ssl.conf"
@@ -150,12 +163,28 @@ prepare_web_server() {
     else
         echo "**** Impossible to enable SSL support for Apache2. Certificates are missed."
     fi
-}
 
-prepare_zbx_web_config() {
-    echo "** Preparing Zabbix frontend configuration file"
+    export HTTP_INDEX_FILE=${HTTP_INDEX_FILE:="index.php"}
+
+    : ${ENABLE_WEB_ACCESS_LOG:="true"}
+    export APACHE_CUSTOM_LOG="/proc/self/fd/1"
+    if [ "${ENABLE_WEB_ACCESS_LOG,,}" == "false" ]; then
+        export APACHE_CUSTOM_LOG="/dev/null"
+    fi
+
+    : ${EXPOSE_WEB_SERVER_INFO:="on"}
+    export APACHE_SERVER_TOKENS="OS"
+    export APACHE_SERVER_SIGNATURE="On"
+    if [ "${EXPOSE_WEB_SERVER_INFO}" == "off" ]; then
+        export APACHE_SERVER_TOKENS="Prod"
+        export APACHE_SERVER_SIGNATURE="Off"
+    fi
+
+    mkdir -p /tmp/httpd
+}
 
-    PHP_CONFIG_FILE="/etc/php-fpm.d/zabbix.conf"
+prepare_zbx_php_config() {
+    echo "** Preparing PHP configuration"
 
     export PHP_FPM_PM=${PHP_FPM_PM:-"dynamic"}
     export PHP_FPM_PM_MAX_CHILDREN=${PHP_FPM_PM_MAX_CHILDREN:-"50"}
@@ -165,10 +194,10 @@ prepare_zbx_web_config() {
     export PHP_FPM_PM_MAX_REQUESTS=${PHP_FPM_PM_MAX_REQUESTS:-"0"}
 
     if [ "$(id -u)" == '0' ]; then
-        echo "user = zabbix" >> "$PHP_CONFIG_FILE"
-        echo "group = zabbix" >> "$PHP_CONFIG_FILE"
-        echo "listen.owner = nginx" >> "$PHP_CONFIG_FILE"
-        echo "listen.group = nginx" >> "$PHP_CONFIG_FILE"
+        echo "user = ${DAEMON_USER}" >> "$PHP_CONFIG_FILE"
+        echo "group = ${DAEMON_GROUP}" >> "$PHP_CONFIG_FILE"
+        echo "listen.owner = ${DAEMON_USER}" >> "$PHP_CONFIG_FILE"
+        echo "listen.group = ${DAEMON_GROUP}" >> "$PHP_CONFIG_FILE"
     fi
 
     : ${ZBX_DENY_GUI_ACCESS:="false"}
@@ -222,45 +251,14 @@ prepare_zbx_web_config() {
 
     : ${ZBX_ALLOW_HTTP_AUTH:="true"}
     export ZBX_ALLOW_HTTP_AUTH=${ZBX_ALLOW_HTTP_AUTH}
+}
 
+prepare_zbx_config() {
     if [ -n "${ZBX_SESSION_NAME}" ]; then
         cp "$ZABBIX_WWW_ROOT/include/defines.inc.php" "/tmp/defines.inc.php_tmp"
         sed "/ZBX_SESSION_NAME/s/'[^']*'/'${ZBX_SESSION_NAME}'/2" "/tmp/defines.inc.php_tmp" > "$ZABBIX_WWW_ROOT/include/defines.inc.php"
         rm -f "/tmp/defines.inc.php_tmp"
     fi
-
-    : ${HTTP_INDEX_FILE:="index.php"}
-    sed -i \
-        -e "s/{HTTP_INDEX_FILE}/${HTTP_INDEX_FILE}/g" \
-    "$ZABBIX_CONF_DIR/apache.conf"
-
-    if [ -f "$ZABBIX_CONF_DIR/apache_ssl.conf" ]; then
-        sed -i \
-            -e "s/{HTTP_INDEX_FILE}/${HTTP_INDEX_FILE}/g" \
-        "$ZABBIX_CONF_DIR/apache_ssl.conf"
-    fi
-
-    : ${ENABLE_WEB_ACCESS_LOG:="true"}
-
-    if [ "${ENABLE_WEB_ACCESS_LOG,,}" == "false" ]; then
-        sed -ri \
-            -e 's!^(\s*CustomLog)\s+\S+!\1 /dev/null!g' \
-            "$HTTPD_CONF_FILE"
-    fi
-
-    : ${EXPOSE_WEB_SERVER_INFO:="on"}
-    if [ "${EXPOSE_WEB_SERVER_INFO}" = "off" ]; then
-        sed -i \
-            -e "s/^\(\s*ServerTokens\).*\$/\1 Prod/g" \
-        "$HTTPD_CONF_FILE"
-    else
-        EXPOSE_WEB_SERVER_INFO="on"
-    fi
-
-    export EXPOSE_WEB_SERVER_INFO=${EXPOSE_WEB_SERVER_INFO}
-    sed -i \
-        -e "s/^\(\s*ServerSignature\).*\$/\1 ${EXPOSE_WEB_SERVER_INFO^}/g" \
-    "$HTTPD_CONF_FILE"
 }
 
 #################################################
@@ -269,8 +267,9 @@ echo "** Deploying Zabbix web-interface (Apache) with MySQL database"
 
 check_variables
 check_db_connect
+prepare_zbx_php_config
 prepare_web_server
-prepare_zbx_web_config
+prepare_zbx_config
 
 echo "########################################################"
 
diff --git a/Dockerfiles/web-apache-mysql/ol/Dockerfile b/Dockerfiles/web-apache-mysql/ol/Dockerfile
index 7d41324898..79775549c2 100644
--- a/Dockerfiles/web-apache-mysql/ol/Dockerfile
+++ b/Dockerfiles/web-apache-mysql/ol/Dockerfile
@@ -14,7 +14,8 @@ ARG ZBX_SOURCES=https://git.zabbix.com/scm/zbx/zabbix.git
 
 ENV TERM=xterm \
     ZBX_VERSION=${ZBX_VERSION} ZBX_SOURCES=${ZBX_SOURCES} \
-    ZABBIX_CONF_DIR="/etc/zabbix"
+    ZABBIX_CONF_DIR="/etc/zabbix" \
+    ZABBIX_WWW_ROOT="/usr/share/zabbix"
 
 LABEL org.opencontainers.image.authors="Alexey Pustovalov <alexey.pustovalov@zabbix.com>" \
       org.opencontainers.image.description="Zabbix web-interface based on Apache2 web server with MySQL database support" \
@@ -28,7 +29,7 @@ LABEL org.opencontainers.image.authors="Alexey Pustovalov <alexey.pustovalov@zab
 
 STOPSIGNAL SIGTERM
 
-COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}/ui", "/usr/share/zabbix"]
+COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}/ui", "${ZABBIX_WWW_ROOT}"]
 COPY ["conf/etc/", "/etc/"]
 COPY ["conf/etc/yum.repos.d/oracle-epel-ol9.repo", "/etc/yum.repos.d/oracle-epel-ol9.repo"]
 
@@ -86,26 +87,26 @@ RUN --mount=type=tmpfs,target=/var/lib/dnf/ \
     mkdir -p ${ZABBIX_CONF_DIR}/web/certs && \
     rm -f "/etc/httpd/conf.d/default.conf" && \
     rm -f "/etc/httpd/conf.d/ssl.conf" && \
+    rm -f "/etc/httpd/conf.d/autoindex.conf" && \
+    rm -f "/etc/httpd/conf.d/php.conf" && \
+    rm -f "/etc/httpd/conf.d/userdir.conf" && \
+    rm -f "/etc/httpd/conf.d/welcome.conf" && \
     rm -f /etc/php-fpm.d/www.conf && \
-    sed -ri \
-            -e 's!^(\s*CustomLog)\s+\S+!\1 /proc/self/fd/1!g' \
-            -e 's!^(\s*ErrorLog)\s+\S+!\1 /proc/self/fd/2!g' \
-        "/etc/httpd/conf/httpd.conf" && \
-    sed -i 's/Listen 80/Listen 8080/g' /etc/httpd/conf/httpd.conf && \
-    cd /usr/share/zabbix/ && \
+    find /etc/ -name '*.rpmnew' | xargs rm -f && \
+    cd ${ZABBIX_WWW_ROOT}/ && \
     rm -f conf/zabbix.conf.php conf/maintenance.inc.php conf/zabbix.conf.php.example && \
     rm -rf tests && \
     rm -f locale/add_new_language.sh locale/update_po.sh locale/make_mo.sh && \
-    find /usr/share/zabbix/locale -name '*.po' | xargs rm -f && \
-    find /usr/share/zabbix/locale -name '*.sh' | xargs rm -f && \
-    ln -s "${ZABBIX_CONF_DIR}/web/zabbix.conf.php" "/usr/share/zabbix/conf/zabbix.conf.php" && \
-    ln -s "${ZABBIX_CONF_DIR}/web/maintenance.inc.php" "/usr/share/zabbix/conf/maintenance.inc.php" && \
-    cat /usr/share/zabbix/include/locales.inc.php | grep display | grep true | awk '{$1=$1};1' | \
+    find ${ZABBIX_WWW_ROOT}/locale -name '*.po' | xargs rm -f && \
+    find ${ZABBIX_WWW_ROOT}/locale -name '*.sh' | xargs rm -f && \
+    ln -s "${ZABBIX_CONF_DIR}/web/zabbix.conf.php" "${ZABBIX_WWW_ROOT}/conf/zabbix.conf.php" && \
+    ln -s "${ZABBIX_CONF_DIR}/web/maintenance.inc.php" "${ZABBIX_WWW_ROOT}/conf/maintenance.inc.php" && \
+    cat ${ZABBIX_WWW_ROOT}/include/locales.inc.php | grep display | grep true | awk '{$1=$1};1' | \
         cut -d"'" -f 2 | sort | \
         xargs -I '{}' bash -c 'echo "{}" && localedef -c -i {} -f UTF-8 {}.UTF-8 2>/dev/null' && \
-    chown --quiet -R zabbix:root ${ZABBIX_CONF_DIR}/ /usr/share/zabbix/include/defines.inc.php /usr/share/zabbix/modules/ && \
-    chgrp -R 0 ${ZABBIX_CONF_DIR}/ /usr/share/zabbix/include/defines.inc.php /usr/share/zabbix/modules/ && \
-    chmod -R g=u ${ZABBIX_CONF_DIR}/ /usr/share/zabbix/include/defines.inc.php /usr/share/zabbix/modules/ && \
+    chown --quiet -R zabbix:root ${ZABBIX_CONF_DIR}/ ${ZABBIX_WWW_ROOT}/include/defines.inc.php ${ZABBIX_WWW_ROOT}/modules/ && \
+    chgrp -R 0 ${ZABBIX_CONF_DIR}/ ${ZABBIX_WWW_ROOT}/include/defines.inc.php ${ZABBIX_WWW_ROOT}/modules/ && \
+    chmod -R g=u ${ZABBIX_CONF_DIR}/ ${ZABBIX_WWW_ROOT}/include/defines.inc.php ${ZABBIX_WWW_ROOT}/modules/ && \
     chown --quiet -R zabbix:root /etc/httpd/ /etc/php-fpm.d/ /etc/php-fpm.conf && \
     chgrp -R 0 /etc/httpd/ /etc/php-fpm.d/ /etc/php-fpm.conf && \
     chmod -R g=u /etc/httpd/ /etc/php-fpm.d/ /etc/php-fpm.conf && \
@@ -113,12 +114,15 @@ RUN --mount=type=tmpfs,target=/var/lib/dnf/ \
     chgrp -R 0 /run/httpd/ /var/lib/php/session/ && \
     chmod -R g=u /run/httpd/ /var/lib/php/session/ && \
     microdnf -y remove \
-        findutils \
-        glibc-locale-source
+            findutils \
+            glibc-locale-source
+
+HEALTHCHECK --interval=1m30s --timeout=3s --retries=3 --start-period=40s --start-interval=5s \
+    CMD curl -f http://localhost:8080/ping || exit 1
 
 EXPOSE 8080/TCP 8443/TCP
 
-WORKDIR /usr/share/zabbix
+WORKDIR ${ZABBIX_WWW_ROOT}
 
 COPY ["docker-entrypoint.sh", "/usr/bin/"]
 
diff --git a/Dockerfiles/web-apache-mysql/ol/conf/etc/httpd/conf.d/99-zabbix.conf b/Dockerfiles/web-apache-mysql/ol/conf/etc/httpd/conf.d/99-zabbix.conf
deleted file mode 100644
index c28b761b99..0000000000
--- a/Dockerfiles/web-apache-mysql/ol/conf/etc/httpd/conf.d/99-zabbix.conf
+++ /dev/null
@@ -1,3 +0,0 @@
-<IfModule !mpm_netware_module>
-    PidFile "/tmp/httpd.pid"
-</IfModule>
diff --git a/Dockerfiles/web-apache-mysql/ol/conf/etc/httpd/conf.d/mime.conf b/Dockerfiles/web-apache-mysql/ol/conf/etc/httpd/conf.d/mime.conf
new file mode 100644
index 0000000000..6dd43b1cfa
--- /dev/null
+++ b/Dockerfiles/web-apache-mysql/ol/conf/etc/httpd/conf.d/mime.conf
@@ -0,0 +1,9 @@
+<IfModule mime_module>
+    TypesConfig /etc/mime.types
+
+    AddType application/x-compress .Z
+    AddType application/x-gzip .gz .tgz
+</IfModule>
+<IfModule mime_magic_module>
+    MIMEMagicFile conf/magic
+</IfModule>
diff --git a/Dockerfiles/web-apache-mysql/ol/conf/etc/httpd/conf/httpd.conf b/Dockerfiles/web-apache-mysql/ol/conf/etc/httpd/conf/httpd.conf
new file mode 100644
index 0000000000..eacc151234
--- /dev/null
+++ b/Dockerfiles/web-apache-mysql/ol/conf/etc/httpd/conf/httpd.conf
@@ -0,0 +1,75 @@
+ServerRoot /etc/httpd/
+ServerRoot /var/www
+DefaultRuntimeDir /tmp/httpd/
+PidFile /tmp/httpd.pid
+
+ServerName 127.0.0.1
+
+IncludeOptional /etc/httpd/includes.conf
+
+Timeout 300
+KeepAlive On
+MaxKeepAliveRequests 100
+KeepAliveTimeout 5
+
+<IfModule unixd_module>
+    User ${APACHE_RUN_USER}
+    Group ${APACHE_RUN_GROUP}
+</IfModule>
+
+HostnameLookups Off
+
+LogLevel warn
+
+<IfModule log_config_module>
+    SetEnvIf Request_URI "^/(robots\.txt|favicon\.ico|status|ping|apache-status)$" exclude_from_logs
+
+    LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
+    LogFormat "%v:%p %h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" vhost_combined
+    LogFormat "%h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" combined
+    LogFormat "%h %l %u %t \"%r\" %>s %O" common
+    LogFormat "%{Referer}i -> %U" referer
+    LogFormat "%{User-agent}i" agent
+
+    CustomLog ${APACHE_CUSTOM_LOG} vhost_combined env=!exclude_from_logs
+</IfModule>
+
+ErrorLog /proc/self/fd/2
+
+LogLevel warn
+
+<IfModule mpm_event_module>
+    StartServers            2
+    MinSpareThreads         25
+    MaxSpareThreads         75
+    ThreadLimit             64
+    ThreadsPerChild         25
+    MaxRequestWorkers       150
+    MaxConnectionsPerChild  0
+</IfModule>
+
+# Deny all attempts to access hidden files such as .htaccess, .htpasswd, .DS_Store (Mac).
+<FilesMatch "^\.">
+    Require all denied
+</FilesMatch>
+
+ServerTokens ${APACHE_SERVER_TOKENS}
+
+ServerSignature ${APACHE_SERVER_SIGNATURE}
+
+TraceEnable Off
+
+AddDefaultCharset UTF-8
+
+<IfModule status_module>
+    <Location /apache-status>
+        SetHandler server-status
+        Require local
+    </Location>
+
+    ExtendedStatus On
+
+    <IfModule mod_proxy.c>
+        ProxyStatus On
+    </IfModule>
+</IfModule>
diff --git a/Dockerfiles/web-apache-mysql/ol/conf/etc/httpd/includes.conf b/Dockerfiles/web-apache-mysql/ol/conf/etc/httpd/includes.conf
new file mode 100644
index 0000000000..f7ee6da9b3
--- /dev/null
+++ b/Dockerfiles/web-apache-mysql/ol/conf/etc/httpd/includes.conf
@@ -0,0 +1,3 @@
+IncludeOptional /etc/httpd/modules.conf
+
+IncludeOptional /etc/httpd/conf.d/*.conf
diff --git a/Dockerfiles/web-apache-mysql/ol/conf/etc/httpd/modules.conf b/Dockerfiles/web-apache-mysql/ol/conf/etc/httpd/modules.conf
new file mode 100644
index 0000000000..e84a9daac2
--- /dev/null
+++ b/Dockerfiles/web-apache-mysql/ol/conf/etc/httpd/modules.conf
@@ -0,0 +1,24 @@
+LoadModule logio_module /usr/lib64/httpd/modules/mod_logio.so
+LoadModule unixd_module /usr/lib64/httpd/modules/mod_unixd.so
+LoadModule log_config_module /usr/lib64/httpd/modules/mod_log_config.so
+LoadModule access_compat_module /usr/lib64/httpd/modules/mod_access_compat.so
+LoadModule auth_basic_module /usr/lib64/httpd/modules/mod_auth_basic.so
+LoadModule authn_core_module /usr/lib64/httpd/modules/mod_authn_core.so
+LoadModule authn_file_module /usr/lib64/httpd/modules/mod_authn_file.so
+LoadModule authz_core_module /usr/lib64/httpd/modules/mod_authz_core.so
+LoadModule authz_host_module /usr/lib64/httpd/modules/mod_authz_host.so
+LoadModule authz_user_module /usr/lib64/httpd/modules/mod_authz_user.so
+LoadModule dir_module /usr/lib64/httpd/modules/mod_dir.so
+LoadModule env_module /usr/lib64/httpd/modules/mod_env.so
+LoadModule filter_module /usr/lib64/httpd/modules/mod_filter.so
+LoadModule mime_module /usr/lib64/httpd/modules/mod_mime.so
+LoadModule mpm_event_module /usr/lib64/httpd/modules/mod_mpm_event.so
+LoadModule negotiation_module /usr/lib64/httpd/modules/mod_negotiation.so
+LoadModule reqtimeout_module /usr/lib64/httpd/modules/mod_reqtimeout.so
+LoadModule setenvif_module /usr/lib64/httpd/modules/mod_setenvif.so
+LoadModule status_module /usr/lib64/httpd/modules/mod_status.so
+
+LoadModule proxy_module /usr/lib64/httpd/modules/mod_proxy.so
+LoadModule proxy_fcgi_module /usr/lib64/httpd/modules/mod_proxy_fcgi.so
+LoadModule expires_module /usr/lib64/httpd/modules/mod_expires.so
+LoadModule headers_module /usr/lib64/httpd/modules/mod_headers.so
diff --git a/Dockerfiles/web-apache-mysql/ol/conf/etc/zabbix/apache.conf b/Dockerfiles/web-apache-mysql/ol/conf/etc/zabbix/apache.conf
index e696330bf3..f0a69becdd 100644
--- a/Dockerfiles/web-apache-mysql/ol/conf/etc/zabbix/apache.conf
+++ b/Dockerfiles/web-apache-mysql/ol/conf/etc/zabbix/apache.conf
@@ -1,10 +1,17 @@
+Listen 8080
+
 <VirtualHost *:8080>
     DocumentRoot /usr/share/zabbix/
+
     ServerName zabbix
-    DirectoryIndex {HTTP_INDEX_FILE}
+
+    DirectoryIndex ${HTTP_INDEX_FILE}
+
     AddType application/x-httpd-php .php .php3 .php4 .php5 .phtml
     AddType application/x-httpd-php-source .phps
 
+    SetEnvIfNoCase ^Authorization$ "(.+)" HTTP_AUTHORIZATION=$1
+
     <LocationMatch "/(ping|status)">
         Order Allow,Deny
         Allow from all
@@ -20,6 +27,18 @@
         <FilesMatch \.(php|phar)$>
             SetHandler "proxy:unix:/tmp/php-fpm.sock|fcgi://localhost"
         </FilesMatch>
+
+        <filesMatch "\.(ico)$">
+            ExpiresActive On
+            ExpiresDefault "access plus 1 year"
+            Header append Cache-Control "public"
+        </filesMatch>
+
+        <filesMatch "\.(js|css|png|jpg|jpeg|gif|xml|txt)$">
+            ExpiresActive On
+            ExpiresDefault "access plus 14 day"
+            Header append Cache-Control "public"
+        </filesMatch>
     </Directory>
 
     <Directory "/usr/share/zabbix/conf">
diff --git a/Dockerfiles/web-apache-mysql/ol/conf/etc/zabbix/apache_ssl.conf b/Dockerfiles/web-apache-mysql/ol/conf/etc/zabbix/apache_ssl.conf
index 43faf0efff..dfa10d8750 100644
--- a/Dockerfiles/web-apache-mysql/ol/conf/etc/zabbix/apache_ssl.conf
+++ b/Dockerfiles/web-apache-mysql/ol/conf/etc/zabbix/apache_ssl.conf
@@ -1,97 +1,113 @@
-LoadModule ssl_module modules/mod_ssl.so
-LoadModule socache_shmcb_module modules/mod_socache_shmcb.so
+LoadModule ssl_module /usr/lib64/httpd/modules/mod_ssl.so
+LoadModule socache_shmcb_module /usr/lib64/httpd/modules/mod_socache_shmcb.so
 
 Listen 8443
 
-    <VirtualHost *:8443>
-        DocumentRoot /usr/share/zabbix/
-        ServerName zabbix
-        DirectoryIndex {HTTP_INDEX_FILE}
+<VirtualHost *:8443>
+    DocumentRoot /usr/share/zabbix/
 
-        AddType application/x-httpd-php .php .php3 .php4 .php5 .phtml
-        AddType application/x-httpd-php-source .phps
+    ServerName zabbix
 
-        # Enable/Disable SSL for this virtual host.
-        SSLEngine on
+    DirectoryIndex ${HTTP_INDEX_FILE}
 
-        # intermediate configuration
-        SSLProtocol             -all +TLSv1.2 +TLSv1.3
-        SSLCipherSuite          ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305
-        SSLHonorCipherOrder     off
-        SSLSessionTickets       off
+    AddType application/x-httpd-php .php .php3 .php4 .php5 .phtml
+    AddType application/x-httpd-php-source .phps
 
-        SSLCertificateFile /etc/ssl/apache2/ssl.crt
-        SSLCertificateKeyFile /etc/ssl/apache2/ssl.key
-        # SSLCACertificatePath /etc/ssl/apache2/chain/
+    SetEnvIfNoCase ^Authorization$ "(.+)" HTTP_AUTHORIZATION=$1
 
-        # enable HTTP/2, if available
-        Protocols h2 http/1.1
+    # Enable/Disable SSL for this virtual host.
+    SSLEngine on
 
-        # HTTP Strict Transport Security (mod_headers is required) (63072000 seconds)
-        Header always set Strict-Transport-Security "max-age=63072000"
+    # intermediate configuration
+    SSLProtocol             -all +TLSv1.2 +TLSv1.3
+    SSLCipherSuite          ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305
+    SSLHonorCipherOrder     off
+    SSLSessionTickets       off
 
-        <LocationMatch "/(ping|status)">
-            Order Allow,Deny
-            Allow from all
+    SSLCertificateFile /etc/ssl/apache2/ssl.crt
+    SSLCertificateKeyFile /etc/ssl/apache2/ssl.key
+    # SSLCACertificatePath /etc/ssl/apache2/chain/
 
+    # enable HTTP/2, if available
+    Protocols h2 http/1.1
+
+    # HTTP Strict Transport Security (mod_headers is required) (63072000 seconds)
+    Header always set Strict-Transport-Security "max-age=63072000"
+
+    <LocationMatch "/(ping|status)">
+        Order Allow,Deny
+        Allow from all
+
+        SetHandler "proxy:unix:/tmp/php-fpm.sock|fcgi://localhost"
+    </LocationMatch>
+
+    <Directory "/usr/share/zabbix">
+        Options FollowSymLinks
+        AllowOverride None
+        Require all granted
+
+        <FilesMatch \.(php|phar)$>
             SetHandler "proxy:unix:/tmp/php-fpm.sock|fcgi://localhost"
-        </LocationMatch>
-
-        <Directory "/usr/share/zabbix">
-            Options FollowSymLinks
-            AllowOverride None
-            Require all granted
-
-            <FilesMatch \.(php|phar)$>
-                SetHandler "proxy:unix:/tmp/php-fpm.sock|fcgi://localhost"
-            </FilesMatch>
-        </Directory>
-
-        <Directory "/usr/share/zabbix/conf">
-            Require all denied
-            <files *.php>
-                Order deny,allow
-                Deny from all
-            </files>
-        </Directory>
-
-        <Directory "/usr/share/zabbix/app">
-            Require all denied
-            <files *.php>
-                Order deny,allow
-                Deny from all
-            </files>
-        </Directory>
-
-        <Directory "/usr/share/zabbix/include">
-            Require all denied
-            <files *.php>
-                Order deny,allow
-                Deny from all
-            </files>
-        </Directory>
-
-        <Directory "/usr/share/zabbix/local">
-            Require all denied
-            <files *.php>
-                Order deny,allow
-                Deny from all
-            </files>
-        </Directory>
-
-        <Directory "/usr/share/zabbix/locale">
-            Require all denied
-            <files *.php>
-                Order deny,allow
-                Deny from all
-            </files>
-        </Directory>
-
-        <Directory "/usr/share/zabbix/vendor">
-            Require all denied
-            <files *.php>
-                Order deny,allow
-                Deny from all
-            </files>
-        </Directory>
-    </VirtualHost>
+        </FilesMatch>
+
+        <filesMatch "\.(ico)$">
+            ExpiresActive On
+            ExpiresDefault "access plus 1 year"
+            Header append Cache-Control "public"
+        </filesMatch>
+
+        <filesMatch "\.(js|css|png|jpg|jpeg|gif|xml|txt)$">
+            ExpiresActive On
+            ExpiresDefault "access plus 14 day"
+            Header append Cache-Control "public"
+        </filesMatch>
+    </Directory>
+
+    <Directory "/usr/share/zabbix/conf">
+        Require all denied
+        <files *.php>
+            Order deny,allow
+            Deny from all
+        </files>
+    </Directory>
+
+    <Directory "/usr/share/zabbix/app">
+        Require all denied
+        <files *.php>
+            Order deny,allow
+            Deny from all
+        </files>
+    </Directory>
+
+    <Directory "/usr/share/zabbix/include">
+        Require all denied
+        <files *.php>
+            Order deny,allow
+            Deny from all
+        </files>
+    </Directory>
+
+    <Directory "/usr/share/zabbix/local">
+        Require all denied
+        <files *.php>
+            Order deny,allow
+            Deny from all
+        </files>
+    </Directory>
+
+    <Directory "/usr/share/zabbix/locale">
+        Require all denied
+        <files *.php>
+            Order deny,allow
+            Deny from all
+        </files>
+    </Directory>
+
+    <Directory "/usr/share/zabbix/vendor">
+        Require all denied
+        <files *.php>
+            Order deny,allow
+            Deny from all
+        </files>
+    </Directory>
+</VirtualHost>
diff --git a/Dockerfiles/web-apache-mysql/ol/docker-entrypoint.sh b/Dockerfiles/web-apache-mysql/ol/docker-entrypoint.sh
index bdd3cac8c4..79deeb0934 100755
--- a/Dockerfiles/web-apache-mysql/ol/docker-entrypoint.sh
+++ b/Dockerfiles/web-apache-mysql/ol/docker-entrypoint.sh
@@ -18,11 +18,19 @@ fi
 # Default timezone for web interface
 : ${PHP_TZ:="Europe/Riga"}
 
+# Default user settings
+: ${DAEMON_USER:="apache"}
+: ${DAEMON_GROUP:="apache"}
+
 # Default directories
-# Web interface www-root directory
-ZABBIX_WWW_ROOT="/usr/share/zabbix"
 # Apache main configuration file
 HTTPD_CONF_FILE="/etc/httpd/conf/httpd.conf"
+# Apache additional configuration files directory
+APACHE_SITES_DIR="/etc/httpd/conf.d"
+# Directory with SSL certificate files for Apache
+APACHE_SSL_CONFIG_DIR="/etc/ssl/apache2"
+# PHP-FPM configuration file
+PHP_CONFIG_FILE="/etc/php-fpm.d/zabbix.conf"
 
 # usage: file_env VAR [DEFAULT]
 # as example: file_env 'MYSQL_PASSWORD' 'zabbix'
@@ -131,7 +139,12 @@ check_db_connect() {
 }
 
 prepare_web_server() {
-    APACHE_SITES_DIR=/etc/httpd/conf.d
+    if [ "$(id -u)" == '0' ]; then
+        export APACHE_RUN_USER=${DAEMON_USER}
+    else
+        export APACHE_RUN_USER=$(id -n -u)
+    fi
+    export APACHE_RUN_GROUP=${DAEMON_GROUP}
 
     echo "** Adding Zabbix virtual host (HTTP)"
     if [ -f "$ZABBIX_CONF_DIR/apache.conf" ]; then
@@ -140,7 +153,7 @@ prepare_web_server() {
         echo "**** Impossible to enable HTTP virtual host"
     fi
 
-    if [ -f "/etc/ssl/apache2/ssl.crt" ] && [ -f "/etc/ssl/apache2/ssl.key" ]; then
+    if [ -f "$APACHE_SSL_CONFIG_DIR/ssl.crt" ] && [ -f "$APACHE_SSL_CONFIG_DIR/ssl.key" ]; then
         echo "** Adding Zabbix virtual host (HTTPS)"
         if [ -f "$ZABBIX_CONF_DIR/apache_ssl.conf" ]; then
             ln -sfT "$ZABBIX_CONF_DIR/apache_ssl.conf" "$APACHE_SITES_DIR/zabbix_ssl.conf"
@@ -150,12 +163,28 @@ prepare_web_server() {
     else
         echo "**** Impossible to enable SSL support for Apache2. Certificates are missed."
     fi
-}
 
-prepare_zbx_web_config() {
-    echo "** Preparing Zabbix frontend configuration file"
+    export HTTP_INDEX_FILE=${HTTP_INDEX_FILE:="index.php"}
+
+    : ${ENABLE_WEB_ACCESS_LOG:="true"}
+    export APACHE_CUSTOM_LOG="/proc/self/fd/1"
+    if [ "${ENABLE_WEB_ACCESS_LOG,,}" == "false" ]; then
+        export APACHE_CUSTOM_LOG="/dev/null"
+    fi
+
+    : ${EXPOSE_WEB_SERVER_INFO:="on"}
+    export APACHE_SERVER_TOKENS="OS"
+    export APACHE_SERVER_SIGNATURE="On"
+    if [ "${EXPOSE_WEB_SERVER_INFO}" == "off" ]; then
+        export APACHE_SERVER_TOKENS="Prod"
+        export APACHE_SERVER_SIGNATURE="Off"
+    fi
+
+    mkdir -p /tmp/httpd
+}
 
-    PHP_CONFIG_FILE="/etc/php-fpm.d/zabbix.conf"
+prepare_zbx_php_config() {
+    echo "** Preparing PHP configuration"
 
     export PHP_FPM_PM=${PHP_FPM_PM:-"dynamic"}
     export PHP_FPM_PM_MAX_CHILDREN=${PHP_FPM_PM_MAX_CHILDREN:-"50"}
@@ -165,10 +194,10 @@ prepare_zbx_web_config() {
     export PHP_FPM_PM_MAX_REQUESTS=${PHP_FPM_PM_MAX_REQUESTS:-"0"}
 
     if [ "$(id -u)" == '0' ]; then
-        echo "user = zabbix" >> "$PHP_CONFIG_FILE"
-        echo "group = zabbix" >> "$PHP_CONFIG_FILE"
-        echo "listen.owner = nginx" >> "$PHP_CONFIG_FILE"
-        echo "listen.group = nginx" >> "$PHP_CONFIG_FILE"
+        echo "user = ${DAEMON_USER}" >> "$PHP_CONFIG_FILE"
+        echo "group = ${DAEMON_GROUP}" >> "$PHP_CONFIG_FILE"
+        echo "listen.owner = ${DAEMON_USER}" >> "$PHP_CONFIG_FILE"
+        echo "listen.group = ${DAEMON_GROUP}" >> "$PHP_CONFIG_FILE"
     fi
 
     : ${ZBX_DENY_GUI_ACCESS:="false"}
@@ -222,45 +251,14 @@ prepare_zbx_web_config() {
 
     : ${ZBX_ALLOW_HTTP_AUTH:="true"}
     export ZBX_ALLOW_HTTP_AUTH=${ZBX_ALLOW_HTTP_AUTH}
+}
 
+prepare_zbx_config() {
     if [ -n "${ZBX_SESSION_NAME}" ]; then
         cp "$ZABBIX_WWW_ROOT/include/defines.inc.php" "/tmp/defines.inc.php_tmp"
         sed "/ZBX_SESSION_NAME/s/'[^']*'/'${ZBX_SESSION_NAME}'/2" "/tmp/defines.inc.php_tmp" > "$ZABBIX_WWW_ROOT/include/defines.inc.php"
         rm -f "/tmp/defines.inc.php_tmp"
     fi
-
-    : ${HTTP_INDEX_FILE:="index.php"}
-    sed -i \
-        -e "s/{HTTP_INDEX_FILE}/${HTTP_INDEX_FILE}/g" \
-    "$ZABBIX_CONF_DIR/apache.conf"
-
-    if [ -f "$ZABBIX_CONF_DIR/apache_ssl.conf" ]; then
-        sed -i \
-            -e "s/{HTTP_INDEX_FILE}/${HTTP_INDEX_FILE}/g" \
-        "$ZABBIX_CONF_DIR/apache_ssl.conf"
-    fi
-
-    : ${ENABLE_WEB_ACCESS_LOG:="true"}
-
-    if [ "${ENABLE_WEB_ACCESS_LOG,,}" == "false" ]; then
-        sed -ri \
-            -e 's!^(\s*CustomLog)\s+\S+!\1 /dev/null!g' \
-            "$HTTPD_CONF_FILE"
-    fi
-
-    : ${EXPOSE_WEB_SERVER_INFO:="on"}
-    if [ "${EXPOSE_WEB_SERVER_INFO}" = "off" ]; then
-        sed -i \
-            -e "s/^\(\s*ServerTokens\).*\$/\1 Prod/g" \
-        "$HTTPD_CONF_FILE"
-    else
-        EXPOSE_WEB_SERVER_INFO="on"
-    fi
-
-    export EXPOSE_WEB_SERVER_INFO=${EXPOSE_WEB_SERVER_INFO}
-    sed -i \
-        -e "s/^\(\s*ServerSignature\).*\$/\1 ${EXPOSE_WEB_SERVER_INFO^}/g" \
-    "$HTTPD_CONF_FILE"
 }
 
 #################################################
@@ -269,8 +267,9 @@ echo "** Deploying Zabbix web-interface (Apache) with MySQL database"
 
 check_variables
 check_db_connect
+prepare_zbx_php_config
 prepare_web_server
-prepare_zbx_web_config
+prepare_zbx_config
 
 echo "########################################################"
 
diff --git a/Dockerfiles/web-apache-mysql/ubuntu/Dockerfile b/Dockerfiles/web-apache-mysql/ubuntu/Dockerfile
index 902cb0ba77..8a780f32c7 100644
--- a/Dockerfiles/web-apache-mysql/ubuntu/Dockerfile
+++ b/Dockerfiles/web-apache-mysql/ubuntu/Dockerfile
@@ -14,7 +14,8 @@ ARG ZBX_SOURCES=https://git.zabbix.com/scm/zbx/zabbix.git
 
 ENV TERM=xterm \
     ZBX_VERSION=${ZBX_VERSION} ZBX_SOURCES=${ZBX_SOURCES} \
-    ZABBIX_CONF_DIR="/etc/zabbix"
+    ZABBIX_CONF_DIR="/etc/zabbix" \
+    ZABBIX_WWW_ROOT="/usr/share/zabbix"
 
 LABEL org.opencontainers.image.authors="Alexey Pustovalov <alexey.pustovalov@zabbix.com>" \
       org.opencontainers.image.description="Zabbix web-interface based on Apache2 web server with MySQL database support" \
@@ -28,7 +29,7 @@ LABEL org.opencontainers.image.authors="Alexey Pustovalov <alexey.pustovalov@zab
 
 STOPSIGNAL SIGTERM
 
-COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}/ui", "/usr/share/zabbix"]
+COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}/ui", "${ZABBIX_WWW_ROOT}"]
 COPY ["conf/etc/", "/etc/"]
 
 RUN --mount=type=cache,target=/var/cache/apt/,sharing=locked \
@@ -37,22 +38,26 @@ RUN --mount=type=cache,target=/var/cache/apt/,sharing=locked \
     echo "#!/bin/sh\nexit 101" > /usr/sbin/policy-rc.d && \
     INSTALL_PKGS="bash \
             tzdata \
-            apache2 \
-            curl \
-            libapache2-mod-php \
+            curl \ 
             ca-certificates \
+            curl \
             mysql-client \
+            apache2 \
             locales \
             libldap-common \
             php8.3-bcmath \
             php8.3-curl \
+            php8.3-fpm \
             php8.3-gd \
             php8.3-ldap \
             php8.3-mbstring \
             php8.3-mysql \
-            php8.3-xml" && \
+            php8.3-xml \
+            supervisor" && \
     apt-get -y update && \
     DEBIAN_FRONTEND=noninteractive apt-get -y \
+            -o Dpkg::Options::="--force-confdef" \
+            -o Dpkg::Options::="--force-confold" \
             --no-install-recommends install \
         ${INSTALL_PKGS} && \
     groupadd \
@@ -70,50 +75,45 @@ RUN --mount=type=cache,target=/var/cache/apt/,sharing=locked \
     mkdir -p ${ZABBIX_CONF_DIR} && \
     mkdir -p ${ZABBIX_CONF_DIR}/web && \
     mkdir -p ${ZABBIX_CONF_DIR}/web/certs && \
+    mkdir -p /var/lib/php/session && \
+    find /etc/ -name '*.dpkg-dist' | xargs rm -f && \
     rm -f /etc/apache2/sites-available/* && \
     rm -f /etc/apache2/sites-enabled/* && \
-    /usr/sbin/a2enmod ssl && \
-    sed -ri \
-            -e 's!^(\s*CustomLog)\s+\S+!\1 /proc/self/fd/1!g' \
-            -e 's!^(\s*ErrorLog)\s+\S+!\1 /proc/self/fd/2!g' \
-        "/etc/apache2/apache2.conf" && \
-    sed -ri \
-            -e 's!^(\s*CustomLog)\s+\S+!\1 /proc/self/fd/1!g' \
-            -e 's!^(\s*ErrorLog)\s+\S+!\1 /proc/self/fd/2!g' \
-        "/etc/apache2/conf-available/other-vhosts-access-log.conf" && \
-    sed -i 's/Listen 80/Listen 8080/g' /etc/apache2/ports.conf && \
-    sed -i 's/Listen 443/Listen 8443/g' /etc/apache2/ports.conf && \
-    sed -i 's|/var/run/apache2$SUFFIX|/tmp|g' /etc/apache2/envvars && \
-    rm -f /var/run/apache2/apache2.pid && \
-    cd /usr/share/zabbix/ && \
+    rm -f /etc/php/8.3/fpm/pool.d/www.conf && \
+    rm -f /var/run/apache2/ && \
+    cd ${ZABBIX_WWW_ROOT}/ && \
     rm -f conf/zabbix.conf.php conf/maintenance.inc.php conf/zabbix.conf.php.example && \
     rm -rf tests && \
     rm -f locale/add_new_language.sh locale/update_po.sh locale/make_mo.sh && \
-    find /usr/share/zabbix/locale -name '*.po' | xargs rm -f && \
-    find /usr/share/zabbix/locale -name '*.sh' | xargs rm -f && \
-    ln -s "${ZABBIX_CONF_DIR}/web/zabbix.conf.php" "/usr/share/zabbix/conf/zabbix.conf.php" && \
-    ln -s "${ZABBIX_CONF_DIR}/web/maintenance.inc.php" "/usr/share/zabbix/conf/maintenance.inc.php" && \
+    find ${ZABBIX_WWW_ROOT}/locale -name '*.po' | xargs rm -f && \
+    find ${ZABBIX_WWW_ROOT}/locale -name '*.sh' | xargs rm -f && \
+    ln -s "${ZABBIX_CONF_DIR}/web/zabbix.conf.php" "${ZABBIX_WWW_ROOT}/conf/zabbix.conf.php" && \
+    ln -s "${ZABBIX_CONF_DIR}/web/maintenance.inc.php" "${ZABBIX_WWW_ROOT}/conf/maintenance.inc.php" && \
     mkdir -p /var/lib/locales/supported.d/ && \
     rm -f /var/lib/locales/supported.d/local && \
-    cat /usr/share/zabbix/include/locales.inc.php | grep display | grep true | awk '{$1=$1};1' | \
+    cat ${ZABBIX_WWW_ROOT}/include/locales.inc.php | grep display | grep true | awk '{$1=$1};1' | \
         cut -d"'" -f 2 | sort | \
         xargs -I '{}' bash -c 'echo "{}.UTF-8 UTF-8" >> /var/lib/locales/supported.d/local' && \
     dpkg-reconfigure locales && \
-    chown --quiet -R zabbix:root ${ZABBIX_CONF_DIR}/ /usr/share/zabbix/include/defines.inc.php /usr/share/zabbix/modules/ && \
-    chgrp -R 0 ${ZABBIX_CONF_DIR}/ /usr/share/zabbix/include/defines.inc.php /usr/share/zabbix/modules/ && \
-    chmod -R g=u ${ZABBIX_CONF_DIR}/ /usr/share/zabbix/include/defines.inc.php /usr/share/zabbix/modules/ && \
-    chown --quiet -R zabbix:root /etc/apache2/ /etc/php/8.3/ && \
-    chgrp -R 0 /etc/apache2/ /etc/php/8.3/ && \
-    chmod -R g=u /etc/apache2/ /etc/php/8.3/
+    chown --quiet -R zabbix:root ${ZABBIX_CONF_DIR}/ ${ZABBIX_WWW_ROOT}/include/defines.inc.php ${ZABBIX_WWW_ROOT}/modules/ && \
+    chgrp -R 0 ${ZABBIX_CONF_DIR}/ ${ZABBIX_WWW_ROOT}/include/defines.inc.php ${ZABBIX_WWW_ROOT}/modules/ && \
+    chmod -R g=u ${ZABBIX_CONF_DIR}/ ${ZABBIX_WWW_ROOT}/include/defines.inc.php ${ZABBIX_WWW_ROOT}/modules/ && \
+    chown --quiet -R zabbix:root /etc/apache2/ /etc/php/8.3/fpm/ && \
+    chgrp -R 0 /etc/apache2/ /etc/php/8.3/fpm/ && \
+    chmod -R g=u /etc/apache2/ /etc/php/8.3/fpm/ && \
+    chown --quiet -R zabbix:root /var/lib/php/session/ && \
+    chgrp -R 0 /var/lib/php/session/ && \
+    chmod -R g=u /var/lib/php/session/
+
+HEALTHCHECK --interval=1m30s --timeout=3s --retries=3 --start-period=40s --start-interval=5s \
+    CMD curl -f http://localhost:8080/ping || exit 1
 
 EXPOSE 8080/TCP 8443/TCP
 
-WORKDIR /usr/share/zabbix
+WORKDIR ${ZABBIX_WWW_ROOT}
 
 COPY ["docker-entrypoint.sh", "/usr/bin/"]
 
 USER 1997
 
 ENTRYPOINT ["docker-entrypoint.sh"]
-
-CMD ["/usr/sbin/apache2ctl", "-D", "FOREGROUND"]
diff --git a/Dockerfiles/web-apache-mysql/ubuntu/conf/etc/apache2/apache2.conf b/Dockerfiles/web-apache-mysql/ubuntu/conf/etc/apache2/apache2.conf
new file mode 100644
index 0000000000..2cf9de5361
--- /dev/null
+++ b/Dockerfiles/web-apache-mysql/ubuntu/conf/etc/apache2/apache2.conf
@@ -0,0 +1,75 @@
+ServerRoot /etc/apache2/
+ServerRoot /var/www
+DefaultRuntimeDir /tmp/apache2/
+PidFile /tmp/apache2.pid
+
+ServerName 127.0.0.1
+
+IncludeOptional /etc/apache2/includes.conf
+
+Timeout 300
+KeepAlive On
+MaxKeepAliveRequests 100
+KeepAliveTimeout 5
+
+<IfModule unixd_module>
+    User ${APACHE_RUN_USER}
+    Group ${APACHE_RUN_GROUP}
+</IfModule>
+
+HostnameLookups Off
+
+LogLevel warn
+
+<IfModule log_config_module>
+    SetEnvIf Request_URI "^/(robots\.txt|favicon\.ico|status|ping|apache-status)$" exclude_from_logs
+
+    LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
+    LogFormat "%v:%p %h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" vhost_combined
+    LogFormat "%h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" combined
+    LogFormat "%h %l %u %t \"%r\" %>s %O" common
+    LogFormat "%{Referer}i -> %U" referer
+    LogFormat "%{User-agent}i" agent
+
+    CustomLog ${APACHE_CUSTOM_LOG} vhost_combined env=!exclude_from_logs
+</IfModule>
+
+ErrorLog /proc/self/fd/2
+
+LogLevel warn
+
+<IfModule mpm_event_module>
+    StartServers            2
+    MinSpareThreads         25
+    MaxSpareThreads         75
+    ThreadLimit             64
+    ThreadsPerChild         25
+    MaxRequestWorkers       150
+    MaxConnectionsPerChild  0
+</IfModule>
+
+# Deny all attempts to access hidden files such as .htaccess, .htpasswd, .DS_Store (Mac).
+<FilesMatch "^\.">
+    Require all denied
+</FilesMatch>
+
+ServerTokens ${APACHE_SERVER_TOKENS}
+
+ServerSignature ${APACHE_SERVER_SIGNATURE}
+
+TraceEnable Off
+
+AddDefaultCharset UTF-8
+
+<IfModule status_module>
+    <Location /apache-status>
+        SetHandler server-status
+        Require local
+    </Location>
+
+    ExtendedStatus On
+
+    <IfModule mod_proxy.c>
+        ProxyStatus On
+    </IfModule>
+</IfModule>
diff --git a/Dockerfiles/web-apache-mysql/ubuntu/conf/etc/apache2/includes.conf b/Dockerfiles/web-apache-mysql/ubuntu/conf/etc/apache2/includes.conf
new file mode 100644
index 0000000000..f6d7bdec12
--- /dev/null
+++ b/Dockerfiles/web-apache-mysql/ubuntu/conf/etc/apache2/includes.conf
@@ -0,0 +1,8 @@
+IncludeOptional /etc/apache2/modules.conf
+
+IncludeOptional mods-enabled/mime.conf
+IncludeOptional mods-enabled/negotiation.conf
+IncludeOptional mods-enabled/reqtimeout.conf
+IncludeOptional mods-enabled/setenvif.conf
+
+IncludeOptional sites-enabled/*.conf
diff --git a/Dockerfiles/web-apache-mysql/ubuntu/conf/etc/apache2/modules.conf b/Dockerfiles/web-apache-mysql/ubuntu/conf/etc/apache2/modules.conf
new file mode 100644
index 0000000000..8151e37b1d
--- /dev/null
+++ b/Dockerfiles/web-apache-mysql/ubuntu/conf/etc/apache2/modules.conf
@@ -0,0 +1,21 @@
+LoadModule access_compat_module /usr/lib/apache2/modules/mod_access_compat.so
+LoadModule auth_basic_module /usr/lib/apache2/modules/mod_auth_basic.so
+LoadModule authn_core_module /usr/lib/apache2/modules/mod_authn_core.so
+LoadModule authn_file_module /usr/lib/apache2/modules/mod_authn_file.so
+LoadModule authz_core_module /usr/lib/apache2/modules/mod_authz_core.so
+LoadModule authz_host_module /usr/lib/apache2/modules/mod_authz_host.so
+LoadModule authz_user_module /usr/lib/apache2/modules/mod_authz_user.so
+LoadModule dir_module /usr/lib/apache2/modules/mod_dir.so
+LoadModule env_module /usr/lib/apache2/modules/mod_env.so
+LoadModule filter_module /usr/lib/apache2/modules/mod_filter.so
+LoadModule mime_module /usr/lib/apache2/modules/mod_mime.so
+LoadModule mpm_event_module /usr/lib/apache2/modules/mod_mpm_event.so
+LoadModule negotiation_module /usr/lib/apache2/modules/mod_negotiation.so
+LoadModule reqtimeout_module /usr/lib/apache2/modules/mod_reqtimeout.so
+LoadModule setenvif_module /usr/lib/apache2/modules/mod_setenvif.so
+LoadModule status_module /usr/lib/apache2/modules/mod_status.so
+
+LoadModule proxy_module /usr/lib/apache2/modules/mod_proxy.so
+LoadModule proxy_fcgi_module /usr/lib/apache2/modules/mod_proxy_fcgi.so
+LoadModule expires_module /usr/lib/apache2/modules/mod_expires.so
+LoadModule headers_module /usr/lib/apache2/modules/mod_headers.so
diff --git a/Dockerfiles/web-apache-mysql/ubuntu/conf/etc/php/8.3/apache2/conf.d/99-zabbix.ini b/Dockerfiles/web-apache-mysql/ubuntu/conf/etc/php/8.3/apache2/conf.d/99-zabbix.ini
deleted file mode 100644
index e180720b92..0000000000
--- a/Dockerfiles/web-apache-mysql/ubuntu/conf/etc/php/8.3/apache2/conf.d/99-zabbix.ini
+++ /dev/null
@@ -1,10 +0,0 @@
-max_execution_time = ${ZBX_MAXEXECUTIONTIME}
-memory_limit = ${ZBX_MEMORYLIMIT}
-post_max_size = ${ZBX_POSTMAXSIZE}
-upload_max_filesize = ${ZBX_UPLOADMAXFILESIZE}
-max_input_time = ${ZBX_MAXINPUTTIME}
-; always_populate_raw_post_data=-1
-max_input_vars = 10000
-date.timezone = ${PHP_TZ}
-; https://www.php.net/manual/en/security.hiding.php
-expose_php = ${EXPOSE_WEB_SERVER_INFO}
diff --git a/Dockerfiles/web-apache-mysql/ubuntu/conf/etc/php/8.3/fpm/php-fpm.conf b/Dockerfiles/web-apache-mysql/ubuntu/conf/etc/php/8.3/fpm/php-fpm.conf
new file mode 100644
index 0000000000..5311405bf4
--- /dev/null
+++ b/Dockerfiles/web-apache-mysql/ubuntu/conf/etc/php/8.3/fpm/php-fpm.conf
@@ -0,0 +1,10 @@
+include=/etc/php/8.3/fpm/pool.d/*.conf
+
+[global]
+
+pid = /tmp/php-fpm.pid
+
+error_log = /dev/fd/2
+log_level = notice
+
+daemonize = no
diff --git a/Dockerfiles/web-apache-mysql/ubuntu/conf/etc/php/8.3/fpm/pool.d/zabbix.conf b/Dockerfiles/web-apache-mysql/ubuntu/conf/etc/php/8.3/fpm/pool.d/zabbix.conf
new file mode 100644
index 0000000000..66c3c1252c
--- /dev/null
+++ b/Dockerfiles/web-apache-mysql/ubuntu/conf/etc/php/8.3/fpm/pool.d/zabbix.conf
@@ -0,0 +1,36 @@
+[zabbix]
+
+; https://www.php.net/manual/en/security.hiding.php
+php_value[expose_php] = ${EXPOSE_WEB_SERVER_INFO}
+
+listen = /tmp/php-fpm.sock
+
+clear_env = no
+
+pm = ${PHP_FPM_PM}
+pm.max_children = ${PHP_FPM_PM_MAX_CHILDREN}
+pm.start_servers = ${PHP_FPM_PM_START_SERVERS}
+pm.min_spare_servers = ${PHP_FPM_PM_MIN_SPARE_SERVERS}
+pm.max_spare_servers = ${PHP_FPM_PM_MAX_SPARE_SERVERS}
+pm.max_requests = ${PHP_FPM_PM_MAX_REQUESTS}
+
+slowlog = /dev/fd/1
+
+php_admin_value[error_log] = /dev/fd/2
+php_admin_flag[log_errors] = on
+catch_workers_output = yes
+
+php_value[session.save_handler] = files
+php_value[session.save_path]    = /var/lib/php/session
+
+php_value[max_execution_time] = ${ZBX_MAXEXECUTIONTIME}
+php_value[memory_limit] = ${ZBX_MEMORYLIMIT}
+php_value[post_max_size] = ${ZBX_POSTMAXSIZE}
+php_value[upload_max_filesize] = ${ZBX_UPLOADMAXFILESIZE}
+php_value[max_input_time] = ${ZBX_MAXINPUTTIME}
+php_value[max_input_vars] = 10000
+php_value[date.timezone] = ${PHP_TZ}
+
+; PHP-FPM monitoring
+pm.status_path = /status
+ping.path = /ping
diff --git a/Dockerfiles/web-apache-mysql/ubuntu/conf/etc/supervisor/conf.d/supervisord_zabbix.conf b/Dockerfiles/web-apache-mysql/ubuntu/conf/etc/supervisor/conf.d/supervisord_zabbix.conf
new file mode 100644
index 0000000000..04c8578fbe
--- /dev/null
+++ b/Dockerfiles/web-apache-mysql/ubuntu/conf/etc/supervisor/conf.d/supervisord_zabbix.conf
@@ -0,0 +1,30 @@
+[supervisord]
+nodaemon = true
+
+[program:apache2]
+command = /usr/sbin/%(program_name)s -D FOREGROUND
+auto_start = true
+autorestart = true
+
+startsecs=2
+startretries=3
+stopsignal=TERM
+stopwaitsecs=2
+
+redirect_stderr=true
+stdout_logfile = /dev/stdout
+stdout_logfile_maxbytes = 0
+
+[program:php-fpm8.3]
+command = /usr/sbin/%(program_name)s -F -y /etc/php/8.3/fpm/php-fpm.conf
+auto_start = true
+autorestart = true
+
+startsecs=2
+startretries=3
+stopsignal=TERM
+stopwaitsecs=2
+
+redirect_stderr=true
+stdout_logfile = /dev/stdout
+stdout_logfile_maxbytes = 0
diff --git a/Dockerfiles/web-apache-mysql/ubuntu/conf/etc/supervisor/supervisord.conf b/Dockerfiles/web-apache-mysql/ubuntu/conf/etc/supervisor/supervisord.conf
new file mode 100644
index 0000000000..f8d80e461b
--- /dev/null
+++ b/Dockerfiles/web-apache-mysql/ubuntu/conf/etc/supervisor/supervisord.conf
@@ -0,0 +1,35 @@
+; supervisor config file
+
+[unix_http_server]
+file = /tmp/supervisor.sock        ; (the path to the socket file)
+chmod = 0700                       ; sockef file mode (default 0700)
+username = zbx
+password = password
+
+[supervisord]
+logfile = /dev/stdout                        ; (main log file;default $CWD/supervisord.log)
+pidfile = /tmp/supervisord.pid               ; (supervisord pidfile;default supervisord.pid)
+childlogdir = /tmp                           ; ('AUTO' child log dir, default $TEMP)
+critical = critical
+;user = zabbix
+logfile_maxbytes = 0
+logfile_backupcount = 0
+loglevel = info
+
+; the below section must remain in the config file for RPC
+; (supervisorctl/web interface) to work, additional interfaces may be
+; added by defining them in separate rpcinterface: sections
+[rpcinterface:supervisor]
+supervisor.rpcinterface_factory = supervisor.rpcinterface:make_main_rpcinterface
+
+[supervisorctl]
+serverurl = unix:///tmp/supervisor.sock ; use a unix:// URL  for a unix socket
+
+; The [include] section can just contain the "files" setting.  This
+; setting can list multiple files (separated by whitespace or
+; newlines).  It can also contain wildcards.  The filenames are
+; interpreted as relative to this file.  Included files *cannot*
+; include files themselves.
+
+[include]
+files = /etc/supervisor/conf.d/*.conf
diff --git a/Dockerfiles/web-apache-mysql/ubuntu/conf/etc/zabbix/apache.conf b/Dockerfiles/web-apache-mysql/ubuntu/conf/etc/zabbix/apache.conf
index b32e8167fe..f0a69becdd 100644
--- a/Dockerfiles/web-apache-mysql/ubuntu/conf/etc/zabbix/apache.conf
+++ b/Dockerfiles/web-apache-mysql/ubuntu/conf/etc/zabbix/apache.conf
@@ -1,14 +1,44 @@
+Listen 8080
+
 <VirtualHost *:8080>
     DocumentRoot /usr/share/zabbix/
+
     ServerName zabbix
-    DirectoryIndex {HTTP_INDEX_FILE}
+
+    DirectoryIndex ${HTTP_INDEX_FILE}
+
     AddType application/x-httpd-php .php .php3 .php4 .php5 .phtml
     AddType application/x-httpd-php-source .phps
 
+    SetEnvIfNoCase ^Authorization$ "(.+)" HTTP_AUTHORIZATION=$1
+
+    <LocationMatch "/(ping|status)">
+        Order Allow,Deny
+        Allow from all
+
+        SetHandler "proxy:unix:/tmp/php-fpm.sock|fcgi://localhost"
+    </LocationMatch>
+
     <Directory "/usr/share/zabbix">
         Options FollowSymLinks
         AllowOverride None
         Require all granted
+
+        <FilesMatch \.(php|phar)$>
+            SetHandler "proxy:unix:/tmp/php-fpm.sock|fcgi://localhost"
+        </FilesMatch>
+
+        <filesMatch "\.(ico)$">
+            ExpiresActive On
+            ExpiresDefault "access plus 1 year"
+            Header append Cache-Control "public"
+        </filesMatch>
+
+        <filesMatch "\.(js|css|png|jpg|jpeg|gif|xml|txt)$">
+            ExpiresActive On
+            ExpiresDefault "access plus 14 day"
+            Header append Cache-Control "public"
+        </filesMatch>
     </Directory>
 
     <Directory "/usr/share/zabbix/conf">
diff --git a/Dockerfiles/web-apache-mysql/ubuntu/conf/etc/zabbix/apache_envvars b/Dockerfiles/web-apache-mysql/ubuntu/conf/etc/zabbix/apache_envvars
deleted file mode 100644
index 7826620bab..0000000000
--- a/Dockerfiles/web-apache-mysql/ubuntu/conf/etc/zabbix/apache_envvars
+++ /dev/null
@@ -1,4 +0,0 @@
-export APACHE_RUN_USER=$(id -n -u)
-export APACHE_RUN_GROUP=www-data
-export APACHE_PID_FILE=/tmp/apache2.pid
-export APACHE_RUN_DIR=/tmp/apache2
diff --git a/Dockerfiles/web-apache-mysql/ubuntu/conf/etc/zabbix/apache_ssl.conf b/Dockerfiles/web-apache-mysql/ubuntu/conf/etc/zabbix/apache_ssl.conf
index a26afff0a1..b46e7f800d 100644
--- a/Dockerfiles/web-apache-mysql/ubuntu/conf/etc/zabbix/apache_ssl.conf
+++ b/Dockerfiles/web-apache-mysql/ubuntu/conf/etc/zabbix/apache_ssl.conf
@@ -1,87 +1,113 @@
 LoadModule ssl_module /usr/lib/apache2/modules/mod_ssl.so
 LoadModule socache_shmcb_module /usr/lib/apache2/modules/mod_socache_shmcb.so
-LoadModule headers_module /usr/lib/apache2/modules/mod_headers.so
-
-<IfModule mod_ssl.c>
-    <VirtualHost *:8443>
-        DocumentRoot /usr/share/zabbix/
-        ServerName zabbix
-        DirectoryIndex {HTTP_INDEX_FILE}
-
-        AddType application/x-httpd-php .php .php3 .php4 .php5 .phtml
-        AddType application/x-httpd-php-source .phps
-
-        # Enable/Disable SSL for this virtual host.
-        SSLEngine on
-
-        # intermediate configuration
-        SSLProtocol             -all +TLSv1.2 +TLSv1.3
-        SSLCipherSuite          ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305
-        SSLHonorCipherOrder     off
-        SSLSessionTickets       off
-
-        SSLCertificateFile /etc/ssl/apache2/ssl.crt
-        SSLCertificateKeyFile /etc/ssl/apache2/ssl.key
-        # SSLCACertificatePath /etc/ssl/apache2/chain/
-
-        # enable HTTP/2, if available
-        Protocols h2 http/1.1
-
-        # HTTP Strict Transport Security (mod_headers is required) (63072000 seconds)
-        Header always set Strict-Transport-Security "max-age=63072000"
-
-        <Directory "/usr/share/zabbix">
-            Options FollowSymLinks
-            AllowOverride None
-            Require all granted
-        </Directory>
-
-        <Directory "/usr/share/zabbix/conf">
-            Require all denied
-            <files *.php>
-                Order deny,allow
-                Deny from all
-            </files>
-        </Directory>
-
-        <Directory "/usr/share/zabbix/app">
-            Require all denied
-            <files *.php>
-                Order deny,allow
-                Deny from all
-            </files>
-        </Directory>
-
-        <Directory "/usr/share/zabbix/include">
-            Require all denied
-            <files *.php>
-                Order deny,allow
-                Deny from all
-            </files>
-        </Directory>
-
-        <Directory "/usr/share/zabbix/local">
-            Require all denied
-            <files *.php>
-                Order deny,allow
-                Deny from all
-            </files>
-        </Directory>
-
-        <Directory "/usr/share/zabbix/locale">
-            Require all denied
-            <files *.php>
-                Order deny,allow
-                Deny from all
-            </files>
-        </Directory>
-
-        <Directory "/usr/share/zabbix/vendor">
-            Require all denied
-            <files *.php>
-                Order deny,allow
-                Deny from all
-            </files>
-        </Directory>
-    </VirtualHost>
-</IfModule>
+
+Listen 8443
+
+<VirtualHost *:8443>
+    DocumentRoot /usr/share/zabbix/
+
+    ServerName zabbix
+
+    DirectoryIndex ${HTTP_INDEX_FILE}
+
+    AddType application/x-httpd-php .php .php3 .php4 .php5 .phtml
+    AddType application/x-httpd-php-source .phps
+
+    SetEnvIfNoCase ^Authorization$ "(.+)" HTTP_AUTHORIZATION=$1
+
+    # Enable/Disable SSL for this virtual host.
+    SSLEngine on
+
+    # intermediate configuration
+    SSLProtocol             -all +TLSv1.2 +TLSv1.3
+    SSLCipherSuite          ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305
+    SSLHonorCipherOrder     off
+    SSLSessionTickets       off
+
+    SSLCertificateFile /etc/ssl/apache2/ssl.crt
+    SSLCertificateKeyFile /etc/ssl/apache2/ssl.key
+    # SSLCACertificatePath /etc/ssl/apache2/chain/
+
+    # enable HTTP/2, if available
+    Protocols h2 http/1.1
+
+    # HTTP Strict Transport Security (mod_headers is required) (63072000 seconds)
+    Header always set Strict-Transport-Security "max-age=63072000"
+
+    <LocationMatch "/(ping|status)">
+        Order Allow,Deny
+        Allow from all
+
+        SetHandler "proxy:unix:/tmp/php-fpm.sock|fcgi://localhost"
+    </LocationMatch>
+
+    <Directory "/usr/share/zabbix">
+        Options FollowSymLinks
+        AllowOverride None
+        Require all granted
+
+        <FilesMatch \.(php|phar)$>
+            SetHandler "proxy:unix:/tmp/php-fpm.sock|fcgi://localhost"
+        </FilesMatch>
+
+        <filesMatch "\.(ico)$">
+            ExpiresActive On
+            ExpiresDefault "access plus 1 year"
+            Header append Cache-Control "public"
+        </filesMatch>
+
+        <filesMatch "\.(js|css|png|jpg|jpeg|gif|xml|txt)$">
+            ExpiresActive On
+            ExpiresDefault "access plus 14 day"
+            Header append Cache-Control "public"
+        </filesMatch>
+    </Directory>
+
+    <Directory "/usr/share/zabbix/conf">
+        Require all denied
+        <files *.php>
+            Order deny,allow
+            Deny from all
+        </files>
+    </Directory>
+
+    <Directory "/usr/share/zabbix/app">
+        Require all denied
+        <files *.php>
+            Order deny,allow
+            Deny from all
+        </files>
+    </Directory>
+
+    <Directory "/usr/share/zabbix/include">
+        Require all denied
+        <files *.php>
+            Order deny,allow
+            Deny from all
+        </files>
+    </Directory>
+
+    <Directory "/usr/share/zabbix/local">
+        Require all denied
+        <files *.php>
+            Order deny,allow
+            Deny from all
+        </files>
+    </Directory>
+
+    <Directory "/usr/share/zabbix/locale">
+        Require all denied
+        <files *.php>
+            Order deny,allow
+            Deny from all
+        </files>
+    </Directory>
+
+    <Directory "/usr/share/zabbix/vendor">
+        Require all denied
+        <files *.php>
+            Order deny,allow
+            Deny from all
+        </files>
+    </Directory>
+</VirtualHost>
diff --git a/Dockerfiles/web-apache-mysql/ubuntu/docker-entrypoint.sh b/Dockerfiles/web-apache-mysql/ubuntu/docker-entrypoint.sh
index 8d184e7954..1c0086e3df 100755
--- a/Dockerfiles/web-apache-mysql/ubuntu/docker-entrypoint.sh
+++ b/Dockerfiles/web-apache-mysql/ubuntu/docker-entrypoint.sh
@@ -18,13 +18,19 @@ fi
 # Default timezone for web interface
 : ${PHP_TZ:="Europe/Riga"}
 
+# Default user settings
+: ${DAEMON_USER:="www-data"}
+: ${DAEMON_GROUP:="www-data"}
+
 # Default directories
-# Web interface www-root directory
-ZABBIX_WWW_ROOT="/usr/share/zabbix"
 # Apache main configuration file
 HTTPD_CONF_FILE="/etc/apache2/apache2.conf"
-# Apache security configuration file
-HTTPD_SECURITY_CONF_FILE="/etc/apache2/conf-enabled/security.conf"
+# Apache additional configuration files directory
+APACHE_SITES_DIR="/etc/apache2/sites-enabled"
+# Directory with SSL certificate files for Apache
+APACHE_SSL_CONFIG_DIR="/etc/ssl/apache2"
+# PHP-FPM configuration file
+PHP_CONFIG_FILE="/etc/php/8.3/fpm/pool.d/zabbix.conf"
 
 # usage: file_env VAR [DEFAULT]
 # as example: file_env 'MYSQL_PASSWORD' 'zabbix'
@@ -133,9 +139,12 @@ check_db_connect() {
 }
 
 prepare_web_server() {
-    APACHE_SITES_DIR="/etc/apache2/sites-enabled"
-
-    ln -sfT "$ZABBIX_CONF_DIR/apache_envvars" "/etc/apache2/envvars"
+    if [ "$(id -u)" == '0' ]; then
+        export APACHE_RUN_USER=${DAEMON_USER}
+    else
+        export APACHE_RUN_USER=$(id -n -u)
+    fi
+    export APACHE_RUN_GROUP=${DAEMON_GROUP}
 
     echo "** Adding Zabbix virtual host (HTTP)"
     if [ -f "$ZABBIX_CONF_DIR/apache.conf" ]; then
@@ -144,7 +153,7 @@ prepare_web_server() {
         echo "**** Impossible to enable HTTP virtual host"
     fi
 
-    if [ -f "/etc/ssl/apache2/ssl.crt" ] && [ -f "/etc/ssl/apache2/ssl.key" ]; then
+    if [ -f "$APACHE_SSL_CONFIG_DIR/ssl.crt" ] && [ -f "$APACHE_SSL_CONFIG_DIR/ssl.key" ]; then
         echo "** Adding Zabbix virtual host (HTTPS)"
         if [ -f "$ZABBIX_CONF_DIR/apache_ssl.conf" ]; then
             ln -sfT "$ZABBIX_CONF_DIR/apache_ssl.conf" "$APACHE_SITES_DIR/zabbix_ssl.conf"
@@ -154,10 +163,42 @@ prepare_web_server() {
     else
         echo "**** Impossible to enable SSL support for Apache2. Certificates are missed."
     fi
+
+    export HTTP_INDEX_FILE=${HTTP_INDEX_FILE:="index.php"}
+
+    : ${ENABLE_WEB_ACCESS_LOG:="true"}
+    export APACHE_CUSTOM_LOG="/proc/self/fd/1"
+    if [ "${ENABLE_WEB_ACCESS_LOG,,}" == "false" ]; then
+        export APACHE_CUSTOM_LOG="/dev/null"
+    fi
+
+    : ${EXPOSE_WEB_SERVER_INFO:="on"}
+    export APACHE_SERVER_TOKENS="OS"
+    export APACHE_SERVER_SIGNATURE="On"
+    if [ "${EXPOSE_WEB_SERVER_INFO}" == "off" ]; then
+        export APACHE_SERVER_TOKENS="Prod"
+        export APACHE_SERVER_SIGNATURE="Off"
+    fi
+
+    mkdir -p /tmp/apache2
 }
 
-prepare_zbx_web_config() {
-    echo "** Preparing Zabbix frontend configuration file"
+prepare_zbx_php_config() {
+    echo "** Preparing PHP configuration"
+
+    export PHP_FPM_PM=${PHP_FPM_PM:-"dynamic"}
+    export PHP_FPM_PM_MAX_CHILDREN=${PHP_FPM_PM_MAX_CHILDREN:-"50"}
+    export PHP_FPM_PM_START_SERVERS=${PHP_FPM_PM_START_SERVERS:-"5"}
+    export PHP_FPM_PM_MIN_SPARE_SERVERS=${PHP_FPM_PM_MIN_SPARE_SERVERS:-"5"}
+    export PHP_FPM_PM_MAX_SPARE_SERVERS=${PHP_FPM_PM_MAX_SPARE_SERVERS:-"35"}
+    export PHP_FPM_PM_MAX_REQUESTS=${PHP_FPM_PM_MAX_REQUESTS:-"0"}
+
+    if [ "$(id -u)" == '0' ]; then
+        echo "user = ${DAEMON_USER}" >> "$PHP_CONFIG_FILE"
+        echo "group = ${DAEMON_GROUP}" >> "$PHP_CONFIG_FILE"
+        echo "listen.owner = ${DAEMON_USER}" >> "$PHP_CONFIG_FILE"
+        echo "listen.group = ${DAEMON_GROUP}" >> "$PHP_CONFIG_FILE"
+    fi
 
     : ${ZBX_DENY_GUI_ACCESS:="false"}
     export ZBX_DENY_GUI_ACCESS=${ZBX_DENY_GUI_ACCESS,,}
@@ -210,48 +251,14 @@ prepare_zbx_web_config() {
 
     : ${ZBX_ALLOW_HTTP_AUTH:="true"}
     export ZBX_ALLOW_HTTP_AUTH=${ZBX_ALLOW_HTTP_AUTH}
+}
 
+prepare_zbx_config() {
     if [ -n "${ZBX_SESSION_NAME}" ]; then
         cp "$ZABBIX_WWW_ROOT/include/defines.inc.php" "/tmp/defines.inc.php_tmp"
         sed "/ZBX_SESSION_NAME/s/'[^']*'/'${ZBX_SESSION_NAME}'/2" "/tmp/defines.inc.php_tmp" > "$ZABBIX_WWW_ROOT/include/defines.inc.php"
         rm -f "/tmp/defines.inc.php_tmp"
     fi
-
-    : ${HTTP_INDEX_FILE:="index.php"}
-    sed -i \
-        -e "s/{HTTP_INDEX_FILE}/${HTTP_INDEX_FILE}/g" \
-    "$ZABBIX_CONF_DIR/apache.conf"
-
-    if [ -f "$ZABBIX_CONF_DIR/apache_ssl.conf" ]; then
-        sed -i \
-            -e "s/{HTTP_INDEX_FILE}/${HTTP_INDEX_FILE}/g" \
-        "$ZABBIX_CONF_DIR/apache_ssl.conf"
-    fi
-
-    : ${ENABLE_WEB_ACCESS_LOG:="true"}
-
-    if [ "${ENABLE_WEB_ACCESS_LOG,,}" == "false" ]; then
-        sed -ri \
-            -e 's!^(\s*CustomLog)\s+\S+!\1 /dev/null!g' \
-            "$HTTPD_CONF_FILE"
-        sed -ri \
-            -e 's!^(\s*CustomLog)\s+\S+!\1 /dev/null!g' \
-            "/etc/apache2/conf-available/other-vhosts-access-log.conf"
-    fi
-
-    : ${EXPOSE_WEB_SERVER_INFO:="on"}
-    [[ "${EXPOSE_WEB_SERVER_INFO}" != "off" ]] && EXPOSE_WEB_SERVER_INFO="on"
-    export EXPOSE_WEB_SERVER_INFO=${EXPOSE_WEB_SERVER_INFO}
-
-    if [ "${EXPOSE_WEB_SERVER_INFO}" == "off" ]; then
-        sed -i \
-            -e "s/^\(\s*ServerTokens\).*\$/\1 Prod/g" \
-        "$HTTPD_SECURITY_CONF_FILE"
-    fi
-
-    sed -i \
-        -e "s/^\(\s*ServerSignature\).*\$/\1 ${EXPOSE_WEB_SERVER_INFO}/g" \
-    "$HTTPD_SECURITY_CONF_FILE"
 }
 
 #################################################
@@ -260,17 +267,18 @@ echo "** Deploying Zabbix web-interface (Apache) with MySQL database"
 
 check_variables
 check_db_connect
+prepare_zbx_php_config
 prepare_web_server
-prepare_zbx_web_config
+prepare_zbx_config
 
 echo "########################################################"
 
 if [ "$1" != "" ]; then
     echo "** Executing '$@'"
     exec "$@"
-elif [ -f "/usr/sbin/httpd" ]; then
-    echo "** Executing HTTPD"
-    exec /usr/sbin/httpd -D FOREGROUND
+elif [ -f "/usr/bin/supervisord" ]; then
+    echo "** Executing supervisord"
+    exec /usr/bin/supervisord -c /etc/supervisor/supervisord.conf
 else
     echo "Unknown instructions. Exiting..."
     exit 1
diff --git a/Dockerfiles/web-apache-pgsql/alpine/Dockerfile b/Dockerfiles/web-apache-pgsql/alpine/Dockerfile
index 269aa12437..e20860033a 100644
--- a/Dockerfiles/web-apache-pgsql/alpine/Dockerfile
+++ b/Dockerfiles/web-apache-pgsql/alpine/Dockerfile
@@ -14,7 +14,8 @@ ARG ZBX_SOURCES=https://git.zabbix.com/scm/zbx/zabbix.git
 
 ENV TERM=xterm \
     ZBX_VERSION=${ZBX_VERSION} ZBX_SOURCES=${ZBX_SOURCES} \
-    ZABBIX_CONF_DIR="/etc/zabbix"
+    ZABBIX_CONF_DIR="/etc/zabbix" \
+    ZABBIX_WWW_ROOT="/usr/share/zabbix"
 
 LABEL org.opencontainers.image.authors="Alexey Pustovalov <alexey.pustovalov@zabbix.com>" \
       org.opencontainers.image.description="Zabbix web-interface based on Apache2 web server with PostgreSQL database support" \
@@ -28,18 +29,18 @@ LABEL org.opencontainers.image.authors="Alexey Pustovalov <alexey.pustovalov@zab
 
 STOPSIGNAL SIGTERM
 
-COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}/ui", "/usr/share/zabbix"]
+COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}/ui", "${ZABBIX_WWW_ROOT}"]
 COPY ["conf/etc/", "/etc/"]
 
 RUN set -eux && \
     INSTALL_PKGS="bash \
             tzdata \
-            apache2 \
             curl \
-            php83-apache2 \
+            apache2-proxy \
             php83-bcmath \
             php83-ctype \
             php83-curl \
+            php83-fpm \
             php83-gd \
             php83-gettext \
             php83-json \
@@ -53,7 +54,8 @@ RUN set -eux && \
             php83-xmlreader \
             php83-xmlwriter \
             php83-openssl \
-            postgresql17-client" && \
+            postgresql17-client \
+            supervisor" && \
     apk add \
             --no-cache \
             --clean-protected \
@@ -81,38 +83,40 @@ RUN set -eux && \
     mkdir -p ${ZABBIX_CONF_DIR}/web/certs && \
     rm -f "/etc/apache2/conf.d/default.conf" && \
     rm -f "/etc/apache2/conf.d/ssl.conf" && \
-    sed -ri \
-            -e 's!^(\s*CustomLog)\s+\S+!\1 /proc/self/fd/1!g' \
-            -e 's!^(\s*ErrorLog)\s+\S+!\1 /proc/self/fd/2!g' \
-        "/etc/apache2/httpd.conf" && \
-    sed -ri \
-            -e 's!^(\s*PidFile)\s+\S+!\1 "/tmp/httpd.pid"!g' \
-        "/etc/apache2/conf.d/mpm.conf" && \
-    sed -i 's/Listen 80/Listen 8080/g' /etc/apache2/httpd.conf && \
+    rm -f "/etc/apache2/conf.d/info.conf" && \
+    rm -f "/etc/apache2/conf.d/mpm.conf" && \
+    rm -f "/etc/apache2/conf.d/proxy.conf" && \
+    rm -f "/etc/apache2/conf.d/userdir.conf" && \
+    mkdir -p /var/lib/php/session && \
+    rm -rf /etc/php83/php-fpm.d/www.conf && \
     rm -rf "/var/run/apache2/" && \
-    cd /usr/share/zabbix/ && \
+    cd ${ZABBIX_WWW_ROOT}/ && \
     rm -f conf/zabbix.conf.php conf/maintenance.inc.php conf/zabbix.conf.php.example && \
     rm -rf tests && \
     rm -f locale/add_new_language.sh locale/update_po.sh locale/make_mo.sh && \
-    find /usr/share/zabbix/locale -name '*.po' | xargs rm -f && \
-    find /usr/share/zabbix/locale -name '*.sh' | xargs rm -f && \
-    ln -s "${ZABBIX_CONF_DIR}/web/zabbix.conf.php" "/usr/share/zabbix/conf/zabbix.conf.php" && \
-    ln -s "${ZABBIX_CONF_DIR}/web/maintenance.inc.php" "/usr/share/zabbix/conf/maintenance.inc.php" && \
-    chown --quiet -R zabbix:root ${ZABBIX_CONF_DIR}/ /usr/share/zabbix/include/defines.inc.php /usr/share/zabbix/modules/ && \
-    chgrp -R 0 ${ZABBIX_CONF_DIR}/ /usr/share/zabbix/include/defines.inc.php /usr/share/zabbix/modules/ && \
-    chmod -R g=u ${ZABBIX_CONF_DIR}/ /usr/share/zabbix/include/defines.inc.php /usr/share/zabbix/modules/ && \
-    chown --quiet -R zabbix:root /etc/apache2/ /etc/php83/ && \
-    chgrp -R 0 /etc/apache2/ /etc/php83/ && \
-    chmod -R g=u /etc/apache2/ /etc/php83/
+    find ${ZABBIX_WWW_ROOT}/locale -name '*.po' | xargs rm -f && \
+    find ${ZABBIX_WWW_ROOT}/locale -name '*.sh' | xargs rm -f && \
+    ln -s "${ZABBIX_CONF_DIR}/web/zabbix.conf.php" "${ZABBIX_WWW_ROOT}/conf/zabbix.conf.php" && \
+    ln -s "${ZABBIX_CONF_DIR}/web/maintenance.inc.php" "${ZABBIX_WWW_ROOT}/conf/maintenance.inc.php" && \
+    chown --quiet -R zabbix:root ${ZABBIX_CONF_DIR}/ ${ZABBIX_WWW_ROOT}/include/defines.inc.php ${ZABBIX_WWW_ROOT}/modules/ && \
+    chgrp -R 0 ${ZABBIX_CONF_DIR}/ ${ZABBIX_WWW_ROOT}/include/defines.inc.php ${ZABBIX_WWW_ROOT}/modules/ && \
+    chmod -R g=u ${ZABBIX_CONF_DIR}/ ${ZABBIX_WWW_ROOT}/include/defines.inc.php ${ZABBIX_WWW_ROOT}/modules/ && \
+    chown --quiet -R zabbix:root /etc/apache2/ /etc/php83/php-fpm.d/ /etc/php83/php-fpm.conf && \
+    chgrp -R 0 /etc/apache2/ /etc/php83/php-fpm.d/ /etc/php83/php-fpm.conf && \
+    chmod -R g=u /etc/apache2/ /etc/php83/php-fpm.d/ /etc/php83/php-fpm.conf && \
+    chown --quiet -R zabbix:root /var/lib/php/session/ && \
+    chgrp -R 0 /var/lib/php/session/ && \
+    chmod -R g=u /var/lib/php/session/
+
+HEALTHCHECK --interval=1m30s --timeout=3s --retries=3 --start-period=40s --start-interval=5s \
+    CMD curl -f http://localhost:8080/ping || exit 1
 
 EXPOSE 8080/TCP 8443/TCP
 
-WORKDIR /usr/share/zabbix
+WORKDIR ${ZABBIX_WWW_ROOT}
 
 COPY ["docker-entrypoint.sh", "/usr/bin/"]
 
 USER 1997
 
 ENTRYPOINT ["docker-entrypoint.sh"]
-
-CMD ["/usr/sbin/httpd", "-D", "FOREGROUND"]
diff --git a/Dockerfiles/web-apache-pgsql/alpine/conf/etc/apache2/conf.d/mime.conf b/Dockerfiles/web-apache-pgsql/alpine/conf/etc/apache2/conf.d/mime.conf
new file mode 100644
index 0000000000..9d0a0a6dcf
--- /dev/null
+++ b/Dockerfiles/web-apache-pgsql/alpine/conf/etc/apache2/conf.d/mime.conf
@@ -0,0 +1,8 @@
+<IfModule mime_module>
+    TypesConfig /etc/apache2/mime.types
+    AddType application/x-compress .Z
+    AddType application/x-gzip .gz .tgz
+</IfModule>
+<IfModule mime_magic_module>
+    MIMEMagicFile /etc/apache2/magic
+</IfModule>
diff --git a/Dockerfiles/web-apache-pgsql/alpine/conf/etc/apache2/httpd.conf b/Dockerfiles/web-apache-pgsql/alpine/conf/etc/apache2/httpd.conf
new file mode 100644
index 0000000000..2cf9de5361
--- /dev/null
+++ b/Dockerfiles/web-apache-pgsql/alpine/conf/etc/apache2/httpd.conf
@@ -0,0 +1,75 @@
+ServerRoot /etc/apache2/
+ServerRoot /var/www
+DefaultRuntimeDir /tmp/apache2/
+PidFile /tmp/apache2.pid
+
+ServerName 127.0.0.1
+
+IncludeOptional /etc/apache2/includes.conf
+
+Timeout 300
+KeepAlive On
+MaxKeepAliveRequests 100
+KeepAliveTimeout 5
+
+<IfModule unixd_module>
+    User ${APACHE_RUN_USER}
+    Group ${APACHE_RUN_GROUP}
+</IfModule>
+
+HostnameLookups Off
+
+LogLevel warn
+
+<IfModule log_config_module>
+    SetEnvIf Request_URI "^/(robots\.txt|favicon\.ico|status|ping|apache-status)$" exclude_from_logs
+
+    LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
+    LogFormat "%v:%p %h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" vhost_combined
+    LogFormat "%h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" combined
+    LogFormat "%h %l %u %t \"%r\" %>s %O" common
+    LogFormat "%{Referer}i -> %U" referer
+    LogFormat "%{User-agent}i" agent
+
+    CustomLog ${APACHE_CUSTOM_LOG} vhost_combined env=!exclude_from_logs
+</IfModule>
+
+ErrorLog /proc/self/fd/2
+
+LogLevel warn
+
+<IfModule mpm_event_module>
+    StartServers            2
+    MinSpareThreads         25
+    MaxSpareThreads         75
+    ThreadLimit             64
+    ThreadsPerChild         25
+    MaxRequestWorkers       150
+    MaxConnectionsPerChild  0
+</IfModule>
+
+# Deny all attempts to access hidden files such as .htaccess, .htpasswd, .DS_Store (Mac).
+<FilesMatch "^\.">
+    Require all denied
+</FilesMatch>
+
+ServerTokens ${APACHE_SERVER_TOKENS}
+
+ServerSignature ${APACHE_SERVER_SIGNATURE}
+
+TraceEnable Off
+
+AddDefaultCharset UTF-8
+
+<IfModule status_module>
+    <Location /apache-status>
+        SetHandler server-status
+        Require local
+    </Location>
+
+    ExtendedStatus On
+
+    <IfModule mod_proxy.c>
+        ProxyStatus On
+    </IfModule>
+</IfModule>
diff --git a/Dockerfiles/web-apache-pgsql/alpine/conf/etc/apache2/includes.conf b/Dockerfiles/web-apache-pgsql/alpine/conf/etc/apache2/includes.conf
new file mode 100644
index 0000000000..1c093db0b8
--- /dev/null
+++ b/Dockerfiles/web-apache-pgsql/alpine/conf/etc/apache2/includes.conf
@@ -0,0 +1,3 @@
+IncludeOptional /etc/apache2/modules.conf
+
+IncludeOptional /etc/apache2/conf.d/*.conf
diff --git a/Dockerfiles/web-apache-pgsql/alpine/conf/etc/apache2/modules.conf b/Dockerfiles/web-apache-pgsql/alpine/conf/etc/apache2/modules.conf
new file mode 100644
index 0000000000..4f642f8e98
--- /dev/null
+++ b/Dockerfiles/web-apache-pgsql/alpine/conf/etc/apache2/modules.conf
@@ -0,0 +1,24 @@
+LoadModule logio_module modules/mod_logio.so
+LoadModule unixd_module modules/mod_unixd.so
+LoadModule log_config_module modules/mod_log_config.so
+LoadModule access_compat_module modules/mod_access_compat.so
+LoadModule auth_basic_module modules/mod_auth_basic.so
+LoadModule authn_core_module modules/mod_authn_core.so
+LoadModule authn_file_module modules/mod_authn_file.so
+LoadModule authz_core_module modules/mod_authz_core.so
+LoadModule authz_host_module modules/mod_authz_host.so
+LoadModule authz_user_module modules/mod_authz_user.so
+LoadModule dir_module modules/mod_dir.so
+LoadModule env_module modules/mod_env.so
+LoadModule filter_module modules/mod_filter.so
+LoadModule mime_module modules/mod_mime.so
+LoadModule mpm_event_module modules/mod_mpm_event.so
+LoadModule negotiation_module modules/mod_negotiation.so
+LoadModule reqtimeout_module modules/mod_reqtimeout.so
+LoadModule setenvif_module modules/mod_setenvif.so
+LoadModule status_module modules/mod_status.so
+
+LoadModule proxy_module modules/mod_proxy.so
+LoadModule proxy_fcgi_module modules/mod_proxy_fcgi.so
+LoadModule expires_module modules/mod_expires.so
+LoadModule headers_module modules/mod_headers.so
diff --git a/Dockerfiles/web-apache-pgsql/alpine/conf/etc/php83/conf.d/99-zabbix.ini b/Dockerfiles/web-apache-pgsql/alpine/conf/etc/php83/conf.d/99-zabbix.ini
deleted file mode 100644
index e180720b92..0000000000
--- a/Dockerfiles/web-apache-pgsql/alpine/conf/etc/php83/conf.d/99-zabbix.ini
+++ /dev/null
@@ -1,10 +0,0 @@
-max_execution_time = ${ZBX_MAXEXECUTIONTIME}
-memory_limit = ${ZBX_MEMORYLIMIT}
-post_max_size = ${ZBX_POSTMAXSIZE}
-upload_max_filesize = ${ZBX_UPLOADMAXFILESIZE}
-max_input_time = ${ZBX_MAXINPUTTIME}
-; always_populate_raw_post_data=-1
-max_input_vars = 10000
-date.timezone = ${PHP_TZ}
-; https://www.php.net/manual/en/security.hiding.php
-expose_php = ${EXPOSE_WEB_SERVER_INFO}
diff --git a/Dockerfiles/web-apache-pgsql/alpine/conf/etc/php83/php-fpm.conf b/Dockerfiles/web-apache-pgsql/alpine/conf/etc/php83/php-fpm.conf
new file mode 100644
index 0000000000..e23aa2d905
--- /dev/null
+++ b/Dockerfiles/web-apache-pgsql/alpine/conf/etc/php83/php-fpm.conf
@@ -0,0 +1,10 @@
+include=/etc/php83/php-fpm.d/*.conf
+
+[global]
+
+pid = /tmp/php-fpm.pid
+
+error_log = /dev/fd/2
+log_level = notice
+
+daemonize = no
diff --git a/Dockerfiles/web-apache-pgsql/alpine/conf/etc/php83/php-fpm.d/zabbix.conf b/Dockerfiles/web-apache-pgsql/alpine/conf/etc/php83/php-fpm.d/zabbix.conf
new file mode 100644
index 0000000000..66c3c1252c
--- /dev/null
+++ b/Dockerfiles/web-apache-pgsql/alpine/conf/etc/php83/php-fpm.d/zabbix.conf
@@ -0,0 +1,36 @@
+[zabbix]
+
+; https://www.php.net/manual/en/security.hiding.php
+php_value[expose_php] = ${EXPOSE_WEB_SERVER_INFO}
+
+listen = /tmp/php-fpm.sock
+
+clear_env = no
+
+pm = ${PHP_FPM_PM}
+pm.max_children = ${PHP_FPM_PM_MAX_CHILDREN}
+pm.start_servers = ${PHP_FPM_PM_START_SERVERS}
+pm.min_spare_servers = ${PHP_FPM_PM_MIN_SPARE_SERVERS}
+pm.max_spare_servers = ${PHP_FPM_PM_MAX_SPARE_SERVERS}
+pm.max_requests = ${PHP_FPM_PM_MAX_REQUESTS}
+
+slowlog = /dev/fd/1
+
+php_admin_value[error_log] = /dev/fd/2
+php_admin_flag[log_errors] = on
+catch_workers_output = yes
+
+php_value[session.save_handler] = files
+php_value[session.save_path]    = /var/lib/php/session
+
+php_value[max_execution_time] = ${ZBX_MAXEXECUTIONTIME}
+php_value[memory_limit] = ${ZBX_MEMORYLIMIT}
+php_value[post_max_size] = ${ZBX_POSTMAXSIZE}
+php_value[upload_max_filesize] = ${ZBX_UPLOADMAXFILESIZE}
+php_value[max_input_time] = ${ZBX_MAXINPUTTIME}
+php_value[max_input_vars] = 10000
+php_value[date.timezone] = ${PHP_TZ}
+
+; PHP-FPM monitoring
+pm.status_path = /status
+ping.path = /ping
diff --git a/Dockerfiles/web-apache-pgsql/alpine/conf/etc/supervisor/conf.d/supervisord_zabbix.conf b/Dockerfiles/web-apache-pgsql/alpine/conf/etc/supervisor/conf.d/supervisord_zabbix.conf
new file mode 100644
index 0000000000..4471419844
--- /dev/null
+++ b/Dockerfiles/web-apache-pgsql/alpine/conf/etc/supervisor/conf.d/supervisord_zabbix.conf
@@ -0,0 +1,30 @@
+[supervisord]
+nodaemon = true
+
+[program:httpd]
+command = /usr/sbin/%(program_name)s -D FOREGROUND
+auto_start = true
+autorestart = true
+
+startsecs=2
+startretries=3
+stopsignal=TERM
+stopwaitsecs=2
+
+redirect_stderr=true
+stdout_logfile = /dev/stdout
+stdout_logfile_maxbytes = 0
+
+[program:php-fpm83]
+command = /usr/sbin/%(program_name)s -F -y /etc/php83/php-fpm.conf
+auto_start = true
+autorestart = true
+
+startsecs=2
+startretries=3
+stopsignal=TERM
+stopwaitsecs=2
+
+redirect_stderr=true
+stdout_logfile = /dev/stdout
+stdout_logfile_maxbytes = 0
diff --git a/Dockerfiles/web-apache-pgsql/alpine/conf/etc/supervisor/supervisord.conf b/Dockerfiles/web-apache-pgsql/alpine/conf/etc/supervisor/supervisord.conf
new file mode 100644
index 0000000000..f8d80e461b
--- /dev/null
+++ b/Dockerfiles/web-apache-pgsql/alpine/conf/etc/supervisor/supervisord.conf
@@ -0,0 +1,35 @@
+; supervisor config file
+
+[unix_http_server]
+file = /tmp/supervisor.sock        ; (the path to the socket file)
+chmod = 0700                       ; sockef file mode (default 0700)
+username = zbx
+password = password
+
+[supervisord]
+logfile = /dev/stdout                        ; (main log file;default $CWD/supervisord.log)
+pidfile = /tmp/supervisord.pid               ; (supervisord pidfile;default supervisord.pid)
+childlogdir = /tmp                           ; ('AUTO' child log dir, default $TEMP)
+critical = critical
+;user = zabbix
+logfile_maxbytes = 0
+logfile_backupcount = 0
+loglevel = info
+
+; the below section must remain in the config file for RPC
+; (supervisorctl/web interface) to work, additional interfaces may be
+; added by defining them in separate rpcinterface: sections
+[rpcinterface:supervisor]
+supervisor.rpcinterface_factory = supervisor.rpcinterface:make_main_rpcinterface
+
+[supervisorctl]
+serverurl = unix:///tmp/supervisor.sock ; use a unix:// URL  for a unix socket
+
+; The [include] section can just contain the "files" setting.  This
+; setting can list multiple files (separated by whitespace or
+; newlines).  It can also contain wildcards.  The filenames are
+; interpreted as relative to this file.  Included files *cannot*
+; include files themselves.
+
+[include]
+files = /etc/supervisor/conf.d/*.conf
diff --git a/Dockerfiles/web-apache-pgsql/alpine/conf/etc/zabbix/apache.conf b/Dockerfiles/web-apache-pgsql/alpine/conf/etc/zabbix/apache.conf
index b32e8167fe..f0a69becdd 100644
--- a/Dockerfiles/web-apache-pgsql/alpine/conf/etc/zabbix/apache.conf
+++ b/Dockerfiles/web-apache-pgsql/alpine/conf/etc/zabbix/apache.conf
@@ -1,14 +1,44 @@
+Listen 8080
+
 <VirtualHost *:8080>
     DocumentRoot /usr/share/zabbix/
+
     ServerName zabbix
-    DirectoryIndex {HTTP_INDEX_FILE}
+
+    DirectoryIndex ${HTTP_INDEX_FILE}
+
     AddType application/x-httpd-php .php .php3 .php4 .php5 .phtml
     AddType application/x-httpd-php-source .phps
 
+    SetEnvIfNoCase ^Authorization$ "(.+)" HTTP_AUTHORIZATION=$1
+
+    <LocationMatch "/(ping|status)">
+        Order Allow,Deny
+        Allow from all
+
+        SetHandler "proxy:unix:/tmp/php-fpm.sock|fcgi://localhost"
+    </LocationMatch>
+
     <Directory "/usr/share/zabbix">
         Options FollowSymLinks
         AllowOverride None
         Require all granted
+
+        <FilesMatch \.(php|phar)$>
+            SetHandler "proxy:unix:/tmp/php-fpm.sock|fcgi://localhost"
+        </FilesMatch>
+
+        <filesMatch "\.(ico)$">
+            ExpiresActive On
+            ExpiresDefault "access plus 1 year"
+            Header append Cache-Control "public"
+        </filesMatch>
+
+        <filesMatch "\.(js|css|png|jpg|jpeg|gif|xml|txt)$">
+            ExpiresActive On
+            ExpiresDefault "access plus 14 day"
+            Header append Cache-Control "public"
+        </filesMatch>
     </Directory>
 
     <Directory "/usr/share/zabbix/conf">
diff --git a/Dockerfiles/web-apache-pgsql/alpine/conf/etc/zabbix/apache_ssl.conf b/Dockerfiles/web-apache-pgsql/alpine/conf/etc/zabbix/apache_ssl.conf
index 92b08a986f..768da0d1b1 100644
--- a/Dockerfiles/web-apache-pgsql/alpine/conf/etc/zabbix/apache_ssl.conf
+++ b/Dockerfiles/web-apache-pgsql/alpine/conf/etc/zabbix/apache_ssl.conf
@@ -3,86 +3,111 @@ LoadModule socache_shmcb_module modules/mod_socache_shmcb.so
 
 Listen 8443
 
-<IfModule mod_ssl.c>
-    <VirtualHost *:8443>
-        DocumentRoot /usr/share/zabbix/
-        ServerName zabbix
-        DirectoryIndex {HTTP_INDEX_FILE}
-
-        AddType application/x-httpd-php .php .php3 .php4 .php5 .phtml
-        AddType application/x-httpd-php-source .phps
-
-        # Enable/Disable SSL for this virtual host.
-        SSLEngine on
-
-        # intermediate configuration
-        SSLProtocol             -all +TLSv1.2 +TLSv1.3
-        SSLCipherSuite          ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305
-        SSLHonorCipherOrder     off
-        SSLSessionTickets       off
-
-        SSLCertificateFile /etc/ssl/apache2/ssl.crt
-        SSLCertificateKeyFile /etc/ssl/apache2/ssl.key
-        # SSLCACertificatePath /etc/ssl/apache2/chain/
-
-        # enable HTTP/2, if available
-        Protocols h2 http/1.1
-
-        # HTTP Strict Transport Security (mod_headers is required) (63072000 seconds)
-        Header always set Strict-Transport-Security "max-age=63072000"
-
-        <Directory "/usr/share/zabbix">
-            Options FollowSymLinks
-            AllowOverride None
-            Require all granted
-        </Directory>
-
-        <Directory "/usr/share/zabbix/conf">
-            Require all denied
-            <files *.php>
-                Order deny,allow
-                Deny from all
-            </files>
-        </Directory>
-
-        <Directory "/usr/share/zabbix/app">
-            Require all denied
-            <files *.php>
-                Order deny,allow
-                Deny from all
-            </files>
-        </Directory>
-
-        <Directory "/usr/share/zabbix/include">
-            Require all denied
-            <files *.php>
-                Order deny,allow
-                Deny from all
-            </files>
-        </Directory>
-
-        <Directory "/usr/share/zabbix/local">
-            Require all denied
-            <files *.php>
-                Order deny,allow
-                Deny from all
-            </files>
-        </Directory>
-
-        <Directory "/usr/share/zabbix/locale">
-            Require all denied
-            <files *.php>
-                Order deny,allow
-                Deny from all
-            </files>
-        </Directory>
-
-        <Directory "/usr/share/zabbix/vendor">
-            Require all denied
-            <files *.php>
-                Order deny,allow
-                Deny from all
-            </files>
-        </Directory>
-    </VirtualHost>
-</IfModule>
+<VirtualHost *:8443>
+    DocumentRoot /usr/share/zabbix/
+
+    ServerName zabbix
+
+    DirectoryIndex ${HTTP_INDEX_FILE}
+
+    AddType application/x-httpd-php .php .php3 .php4 .php5 .phtml
+    AddType application/x-httpd-php-source .phps
+
+    SetEnvIfNoCase ^Authorization$ "(.+)" HTTP_AUTHORIZATION=$1
+
+    # Enable/Disable SSL for this virtual host.
+    SSLEngine on
+
+    # intermediate configuration
+    SSLProtocol             -all +TLSv1.2 +TLSv1.3
+    SSLCipherSuite          ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305
+    SSLHonorCipherOrder     off
+    SSLSessionTickets       off
+
+    SSLCertificateFile /etc/ssl/apache2/ssl.crt
+    SSLCertificateKeyFile /etc/ssl/apache2/ssl.key
+    # SSLCACertificatePath /etc/ssl/apache2/chain/
+
+    # enable HTTP/2, if available
+    Protocols h2 http/1.1
+
+    # HTTP Strict Transport Security (mod_headers is required) (63072000 seconds)
+    Header always set Strict-Transport-Security "max-age=63072000"
+
+    <LocationMatch "/(ping|status)">
+        Order Allow,Deny
+        Allow from all
+
+        SetHandler "proxy:unix:/tmp/php-fpm.sock|fcgi://localhost"
+    </LocationMatch>
+
+    <Directory "/usr/share/zabbix">
+        Options FollowSymLinks
+        AllowOverride None
+        Require all granted
+
+        <FilesMatch \.(php|phar)$>
+            SetHandler "proxy:unix:/tmp/php-fpm.sock|fcgi://localhost"
+        </FilesMatch>
+
+        <filesMatch "\.(ico)$">
+            ExpiresActive On
+            ExpiresDefault "access plus 1 year"
+            Header append Cache-Control "public"
+        </filesMatch>
+
+        <filesMatch "\.(js|css|png|jpg|jpeg|gif|xml|txt)$">
+            ExpiresActive On
+            ExpiresDefault "access plus 14 day"
+            Header append Cache-Control "public"
+        </filesMatch>
+    </Directory>
+
+    <Directory "/usr/share/zabbix/conf">
+        Require all denied
+        <files *.php>
+            Order deny,allow
+            Deny from all
+        </files>
+    </Directory>
+
+    <Directory "/usr/share/zabbix/app">
+        Require all denied
+        <files *.php>
+            Order deny,allow
+            Deny from all
+        </files>
+    </Directory>
+
+    <Directory "/usr/share/zabbix/include">
+        Require all denied
+        <files *.php>
+            Order deny,allow
+            Deny from all
+        </files>
+    </Directory>
+
+    <Directory "/usr/share/zabbix/local">
+        Require all denied
+        <files *.php>
+            Order deny,allow
+            Deny from all
+        </files>
+    </Directory>
+
+    <Directory "/usr/share/zabbix/locale">
+        Require all denied
+        <files *.php>
+            Order deny,allow
+            Deny from all
+        </files>
+    </Directory>
+
+    <Directory "/usr/share/zabbix/vendor">
+        Require all denied
+        <files *.php>
+            Order deny,allow
+            Deny from all
+        </files>
+    </Directory>
+</VirtualHost>
diff --git a/Dockerfiles/web-apache-pgsql/alpine/docker-entrypoint.sh b/Dockerfiles/web-apache-pgsql/alpine/docker-entrypoint.sh
index 342a8fa7fe..fe3ba89bf5 100755
--- a/Dockerfiles/web-apache-pgsql/alpine/docker-entrypoint.sh
+++ b/Dockerfiles/web-apache-pgsql/alpine/docker-entrypoint.sh
@@ -18,11 +18,19 @@ fi
 # Default timezone for web interface
 : ${PHP_TZ:="Europe/Riga"}
 
+# Default user settings
+: ${DAEMON_USER:="apache"}
+: ${DAEMON_GROUP:="apache"}
+    
 # Default directories
-# Web interface www-root directory
-ZABBIX_WWW_ROOT="/usr/share/zabbix"
 # Apache main configuration file
 HTTPD_CONF_FILE="/etc/apache2/httpd.conf"
+# Apache additional configuration files directory
+APACHE_SITES_DIR="/etc/apache2/conf.d"
+# Directory with SSL certificate files for Apache
+APACHE_SSL_CONFIG_DIR="/etc/ssl/apache2"
+# PHP-FPM configuration file
+PHP_CONFIG_FILE="/etc/php83/php-fpm.d/zabbix.conf"
 
 # usage: file_env VAR [DEFAULT]
 # as example: file_env 'MYSQL_PASSWORD' 'zabbix'
@@ -130,7 +138,12 @@ check_db_connect() {
 }
 
 prepare_web_server() {
-    APACHE_SITES_DIR=/etc/apache2/conf.d
+    if [ "$(id -u)" == '0' ]; then
+        export APACHE_RUN_USER=${DAEMON_USER}
+    else
+        export APACHE_RUN_USER=$(id -n -u)
+    fi
+    export APACHE_RUN_GROUP=${DAEMON_GROUP}
 
     echo "** Adding Zabbix virtual host (HTTP)"
     if [ -f "$ZABBIX_CONF_DIR/apache.conf" ]; then
@@ -139,7 +152,7 @@ prepare_web_server() {
         echo "**** Impossible to enable HTTP virtual host"
     fi
 
-    if [ -f "/etc/ssl/apache2/ssl.crt" ] && [ -f "/etc/ssl/apache2/ssl.key" ]; then
+    if [ -f "$APACHE_SSL_CONFIG_DIR/ssl.crt" ] && [ -f "$APACHE_SSL_CONFIG_DIR/ssl.key" ]; then
         echo "** Adding Zabbix virtual host (HTTPS)"
         if [ -f "$ZABBIX_CONF_DIR/apache_ssl.conf" ]; then
             ln -sfT "$ZABBIX_CONF_DIR/apache_ssl.conf" "$APACHE_SITES_DIR/zabbix_ssl.conf"
@@ -149,10 +162,42 @@ prepare_web_server() {
     else
         echo "**** Impossible to enable SSL support for Apache2. Certificates are missed."
     fi
+
+    export HTTP_INDEX_FILE=${HTTP_INDEX_FILE:="index.php"}
+
+    : ${ENABLE_WEB_ACCESS_LOG:="true"}
+    export APACHE_CUSTOM_LOG="/proc/self/fd/1"
+    if [ "${ENABLE_WEB_ACCESS_LOG,,}" == "false" ]; then
+        export APACHE_CUSTOM_LOG="/dev/null"
+    fi
+
+    : ${EXPOSE_WEB_SERVER_INFO:="on"}
+    export APACHE_SERVER_TOKENS="OS"
+    export APACHE_SERVER_SIGNATURE="On"
+    if [ "${EXPOSE_WEB_SERVER_INFO}" == "off" ]; then
+        export APACHE_SERVER_TOKENS="Prod"
+        export APACHE_SERVER_SIGNATURE="Off"
+    fi
+
+    mkdir -p /tmp/apache2
 }
 
-prepare_zbx_web_config() {
-    echo "** Preparing Zabbix frontend configuration file"
+prepare_zbx_php_config() {
+    echo "** Preparing PHP configuration"
+
+    export PHP_FPM_PM=${PHP_FPM_PM:-"dynamic"}
+    export PHP_FPM_PM_MAX_CHILDREN=${PHP_FPM_PM_MAX_CHILDREN:-"50"}
+    export PHP_FPM_PM_START_SERVERS=${PHP_FPM_PM_START_SERVERS:-"5"}
+    export PHP_FPM_PM_MIN_SPARE_SERVERS=${PHP_FPM_PM_MIN_SPARE_SERVERS:-"5"}
+    export PHP_FPM_PM_MAX_SPARE_SERVERS=${PHP_FPM_PM_MAX_SPARE_SERVERS:-"35"}
+    export PHP_FPM_PM_MAX_REQUESTS=${PHP_FPM_PM_MAX_REQUESTS:-"0"}
+
+    if [ "$(id -u)" == '0' ]; then
+        echo "user = ${DAEMON_USER}" >> "$PHP_CONFIG_FILE"
+        echo "group = ${DAEMON_GROUP}" >> "$PHP_CONFIG_FILE"
+        echo "listen.owner = ${DAEMON_USER}" >> "$PHP_CONFIG_FILE"
+        echo "listen.group = ${DAEMON_GROUP}" >> "$PHP_CONFIG_FILE"
+    fi
 
     : ${ZBX_DENY_GUI_ACCESS:="false"}
     export ZBX_DENY_GUI_ACCESS=${ZBX_DENY_GUI_ACCESS,,}
@@ -205,45 +250,14 @@ prepare_zbx_web_config() {
 
     : ${ZBX_ALLOW_HTTP_AUTH:="true"}
     export ZBX_ALLOW_HTTP_AUTH=${ZBX_ALLOW_HTTP_AUTH}
+}
 
+prepare_zbx_config() {
     if [ -n "${ZBX_SESSION_NAME}" ]; then
         cp "$ZABBIX_WWW_ROOT/include/defines.inc.php" "/tmp/defines.inc.php_tmp"
         sed "/ZBX_SESSION_NAME/s/'[^']*'/'${ZBX_SESSION_NAME}'/2" "/tmp/defines.inc.php_tmp" > "$ZABBIX_WWW_ROOT/include/defines.inc.php"
         rm -f "/tmp/defines.inc.php_tmp"
     fi
-
-    : ${HTTP_INDEX_FILE:="index.php"}
-    sed -i \
-        -e "s/{HTTP_INDEX_FILE}/${HTTP_INDEX_FILE}/g" \
-    "$ZABBIX_CONF_DIR/apache.conf"
-
-    if [ -f "$ZABBIX_CONF_DIR/apache_ssl.conf" ]; then
-        sed -i \
-            -e "s/{HTTP_INDEX_FILE}/${HTTP_INDEX_FILE}/g" \
-        "$ZABBIX_CONF_DIR/apache_ssl.conf"
-    fi
-
-    : ${ENABLE_WEB_ACCESS_LOG:="true"}
-
-    if [ "${ENABLE_WEB_ACCESS_LOG,,}" == "false" ]; then
-        sed -ri \
-            -e 's!^(\s*CustomLog)\s+\S+!\1 /dev/null!g' \
-            "$HTTPD_CONF_FILE"
-    fi
-
-    : ${EXPOSE_WEB_SERVER_INFO:="on"}
-    if [ "${EXPOSE_WEB_SERVER_INFO}" = "off" ]; then
-        sed -i \
-            -e "s/^\(\s*ServerTokens\).*\$/\1 Prod/g" \
-        "$HTTPD_CONF_FILE"
-    else
-        EXPOSE_WEB_SERVER_INFO="on"
-    fi
-
-    export EXPOSE_WEB_SERVER_INFO=${EXPOSE_WEB_SERVER_INFO}
-    sed -i \
-        -e "s/^\(\s*ServerSignature\).*\$/\1 ${EXPOSE_WEB_SERVER_INFO^}/g" \
-    "$HTTPD_CONF_FILE"
 }
 
 #################################################
@@ -252,17 +266,18 @@ echo "** Deploying Zabbix web-interface (Apache) with PostgreSQL database"
 
 check_variables
 check_db_connect
+prepare_zbx_php_config
 prepare_web_server
-prepare_zbx_web_config
+prepare_zbx_config
 
 echo "########################################################"
 
 if [ "$1" != "" ]; then
     echo "** Executing '$@'"
     exec "$@"
-elif [ -f "/usr/sbin/httpd" ]; then
-    echo "** Executing HTTPD"
-    exec /usr/sbin/httpd -D FOREGROUND
+elif [ -f "/usr/bin/supervisord" ]; then
+    echo "** Executing supervisord"
+    exec /usr/bin/supervisord -c /etc/supervisor/supervisord.conf
 else
     echo "Unknown instructions. Exiting..."
     exit 1
diff --git a/Dockerfiles/web-apache-pgsql/centos/Dockerfile b/Dockerfiles/web-apache-pgsql/centos/Dockerfile
index aae3e6b854..f8639117df 100644
--- a/Dockerfiles/web-apache-pgsql/centos/Dockerfile
+++ b/Dockerfiles/web-apache-pgsql/centos/Dockerfile
@@ -14,7 +14,8 @@ ARG ZBX_SOURCES=https://git.zabbix.com/scm/zbx/zabbix.git
 
 ENV TERM=xterm \
     ZBX_VERSION=${ZBX_VERSION} ZBX_SOURCES=${ZBX_SOURCES} \
-    ZABBIX_CONF_DIR="/etc/zabbix"
+    ZABBIX_CONF_DIR="/etc/zabbix" \
+    ZABBIX_WWW_ROOT="/usr/share/zabbix"
 
 LABEL org.opencontainers.image.authors="Alexey Pustovalov <alexey.pustovalov@zabbix.com>" \
       org.opencontainers.image.description="Zabbix web-interface based on Apache2 web server with PostgreSQL database support" \
@@ -28,7 +29,7 @@ LABEL org.opencontainers.image.authors="Alexey Pustovalov <alexey.pustovalov@zab
 
 STOPSIGNAL SIGTERM
 
-COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}/ui", "/usr/share/zabbix"]
+COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}/ui", "${ZABBIX_WWW_ROOT}"]
 COPY ["conf/etc/", "/etc/"]
 
 RUN --mount=type=tmpfs,target=/var/lib/dnf/ \
@@ -100,26 +101,26 @@ RUN --mount=type=tmpfs,target=/var/lib/dnf/ \
     mkdir -p ${ZABBIX_CONF_DIR}/web/certs && \
     rm -f "/etc/httpd/conf.d/default.conf" && \
     rm -f "/etc/httpd/conf.d/ssl.conf" && \
+    rm -f "/etc/httpd/conf.d/autoindex.conf" && \
+    rm -f "/etc/httpd/conf.d/php.conf" && \
+    rm -f "/etc/httpd/conf.d/userdir.conf" && \
+    rm -f "/etc/httpd/conf.d/welcome.conf" && \
     rm -f /etc/php-fpm.d/www.conf && \
-    sed -ri \
-            -e 's!^(\s*CustomLog)\s+\S+!\1 /proc/self/fd/1!g' \
-            -e 's!^(\s*ErrorLog)\s+\S+!\1 /proc/self/fd/2!g' \
-        "/etc/httpd/conf/httpd.conf" && \
-    sed -i 's/Listen 80/Listen 8080/g' /etc/httpd/conf/httpd.conf && \
-    cd /usr/share/zabbix/ && \
+    find /etc/ -name '*.rpmnew' | xargs rm -f && \
+    cd ${ZABBIX_WWW_ROOT}/ && \
     rm -f conf/zabbix.conf.php conf/maintenance.inc.php conf/zabbix.conf.php.example && \
     rm -rf tests && \
     rm -f locale/add_new_language.sh locale/update_po.sh locale/make_mo.sh && \
-    find /usr/share/zabbix/locale -name '*.po' | xargs rm -f && \
-    find /usr/share/zabbix/locale -name '*.sh' | xargs rm -f && \
-    ln -s "${ZABBIX_CONF_DIR}/web/zabbix.conf.php" "/usr/share/zabbix/conf/zabbix.conf.php" && \
-    ln -s "${ZABBIX_CONF_DIR}/web/maintenance.inc.php" "/usr/share/zabbix/conf/maintenance.inc.php" && \
-    cat /usr/share/zabbix/include/locales.inc.php | grep display | grep true | awk '{$1=$1};1' | \
+    find ${ZABBIX_WWW_ROOT}/locale -name '*.po' | xargs rm -f && \
+    find ${ZABBIX_WWW_ROOT}/locale -name '*.sh' | xargs rm -f && \
+    ln -s "${ZABBIX_CONF_DIR}/web/zabbix.conf.php" "${ZABBIX_WWW_ROOT}/conf/zabbix.conf.php" && \
+    ln -s "${ZABBIX_CONF_DIR}/web/maintenance.inc.php" "${ZABBIX_WWW_ROOT}/conf/maintenance.inc.php" && \
+    cat ${ZABBIX_WWW_ROOT}/include/locales.inc.php | grep display | grep true | awk '{$1=$1};1' | \
         cut -d"'" -f 2 | sort | \
         xargs -I '{}' bash -c 'echo "{}" && localedef -c -i {} -f UTF-8 {}.UTF-8 2>/dev/null' && \
-    chown --quiet -R zabbix:root ${ZABBIX_CONF_DIR}/ /usr/share/zabbix/include/defines.inc.php /usr/share/zabbix/modules/ && \
-    chgrp -R 0 ${ZABBIX_CONF_DIR}/ /usr/share/zabbix/include/defines.inc.php /usr/share/zabbix/modules/ && \
-    chmod -R g=u ${ZABBIX_CONF_DIR}/ /usr/share/zabbix/include/defines.inc.php /usr/share/zabbix/modules/ && \
+    chown --quiet -R zabbix:root ${ZABBIX_CONF_DIR}/ ${ZABBIX_WWW_ROOT}/include/defines.inc.php ${ZABBIX_WWW_ROOT}/modules/ && \
+    chgrp -R 0 ${ZABBIX_CONF_DIR}/ ${ZABBIX_WWW_ROOT}/include/defines.inc.php ${ZABBIX_WWW_ROOT}/modules/ && \
+    chmod -R g=u ${ZABBIX_CONF_DIR}/ ${ZABBIX_WWW_ROOT}/include/defines.inc.php ${ZABBIX_WWW_ROOT}/modules/ && \
     chown --quiet -R zabbix:root /etc/httpd/ /etc/php-fpm.d/ /etc/php-fpm.conf && \
     chgrp -R 0 /etc/httpd/ /etc/php-fpm.d/ /etc/php-fpm.conf && \
     chmod -R g=u /etc/httpd/ /etc/php-fpm.d/ /etc/php-fpm.conf && \
@@ -127,12 +128,15 @@ RUN --mount=type=tmpfs,target=/var/lib/dnf/ \
     chgrp -R 0 /run/httpd/ /var/lib/php/session/ && \
     chmod -R g=u /run/httpd/ /var/lib/php/session/ && \
     microdnf -y remove \
-        findutils \
-        glibc-locale-source
+            findutils \
+            glibc-locale-source
+
+HEALTHCHECK --interval=1m30s --timeout=3s --retries=3 --start-period=40s --start-interval=5s \
+    CMD curl -f http://localhost:8080/ping || exit `
 
 EXPOSE 8080/TCP 8443/TCP
 
-WORKDIR /usr/share/zabbix
+WORKDIR ${ZABBIX_WWW_ROOT}
 
 COPY ["docker-entrypoint.sh", "/usr/bin/"]
 
diff --git a/Dockerfiles/web-apache-pgsql/centos/conf/etc/httpd/conf.d/99-zabbix.conf b/Dockerfiles/web-apache-pgsql/centos/conf/etc/httpd/conf.d/99-zabbix.conf
deleted file mode 100644
index c28b761b99..0000000000
--- a/Dockerfiles/web-apache-pgsql/centos/conf/etc/httpd/conf.d/99-zabbix.conf
+++ /dev/null
@@ -1,3 +0,0 @@
-<IfModule !mpm_netware_module>
-    PidFile "/tmp/httpd.pid"
-</IfModule>
diff --git a/Dockerfiles/web-apache-pgsql/centos/conf/etc/httpd/conf.d/mime.conf b/Dockerfiles/web-apache-pgsql/centos/conf/etc/httpd/conf.d/mime.conf
new file mode 100644
index 0000000000..6dd43b1cfa
--- /dev/null
+++ b/Dockerfiles/web-apache-pgsql/centos/conf/etc/httpd/conf.d/mime.conf
@@ -0,0 +1,9 @@
+<IfModule mime_module>
+    TypesConfig /etc/mime.types
+
+    AddType application/x-compress .Z
+    AddType application/x-gzip .gz .tgz
+</IfModule>
+<IfModule mime_magic_module>
+    MIMEMagicFile conf/magic
+</IfModule>
diff --git a/Dockerfiles/web-apache-pgsql/centos/conf/etc/httpd/conf/httpd.conf b/Dockerfiles/web-apache-pgsql/centos/conf/etc/httpd/conf/httpd.conf
new file mode 100644
index 0000000000..eacc151234
--- /dev/null
+++ b/Dockerfiles/web-apache-pgsql/centos/conf/etc/httpd/conf/httpd.conf
@@ -0,0 +1,75 @@
+ServerRoot /etc/httpd/
+ServerRoot /var/www
+DefaultRuntimeDir /tmp/httpd/
+PidFile /tmp/httpd.pid
+
+ServerName 127.0.0.1
+
+IncludeOptional /etc/httpd/includes.conf
+
+Timeout 300
+KeepAlive On
+MaxKeepAliveRequests 100
+KeepAliveTimeout 5
+
+<IfModule unixd_module>
+    User ${APACHE_RUN_USER}
+    Group ${APACHE_RUN_GROUP}
+</IfModule>
+
+HostnameLookups Off
+
+LogLevel warn
+
+<IfModule log_config_module>
+    SetEnvIf Request_URI "^/(robots\.txt|favicon\.ico|status|ping|apache-status)$" exclude_from_logs
+
+    LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
+    LogFormat "%v:%p %h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" vhost_combined
+    LogFormat "%h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" combined
+    LogFormat "%h %l %u %t \"%r\" %>s %O" common
+    LogFormat "%{Referer}i -> %U" referer
+    LogFormat "%{User-agent}i" agent
+
+    CustomLog ${APACHE_CUSTOM_LOG} vhost_combined env=!exclude_from_logs
+</IfModule>
+
+ErrorLog /proc/self/fd/2
+
+LogLevel warn
+
+<IfModule mpm_event_module>
+    StartServers            2
+    MinSpareThreads         25
+    MaxSpareThreads         75
+    ThreadLimit             64
+    ThreadsPerChild         25
+    MaxRequestWorkers       150
+    MaxConnectionsPerChild  0
+</IfModule>
+
+# Deny all attempts to access hidden files such as .htaccess, .htpasswd, .DS_Store (Mac).
+<FilesMatch "^\.">
+    Require all denied
+</FilesMatch>
+
+ServerTokens ${APACHE_SERVER_TOKENS}
+
+ServerSignature ${APACHE_SERVER_SIGNATURE}
+
+TraceEnable Off
+
+AddDefaultCharset UTF-8
+
+<IfModule status_module>
+    <Location /apache-status>
+        SetHandler server-status
+        Require local
+    </Location>
+
+    ExtendedStatus On
+
+    <IfModule mod_proxy.c>
+        ProxyStatus On
+    </IfModule>
+</IfModule>
diff --git a/Dockerfiles/web-apache-pgsql/centos/conf/etc/httpd/includes.conf b/Dockerfiles/web-apache-pgsql/centos/conf/etc/httpd/includes.conf
new file mode 100644
index 0000000000..f7ee6da9b3
--- /dev/null
+++ b/Dockerfiles/web-apache-pgsql/centos/conf/etc/httpd/includes.conf
@@ -0,0 +1,3 @@
+IncludeOptional /etc/httpd/modules.conf
+
+IncludeOptional /etc/httpd/conf.d/*.conf
diff --git a/Dockerfiles/web-apache-pgsql/centos/conf/etc/httpd/modules.conf b/Dockerfiles/web-apache-pgsql/centos/conf/etc/httpd/modules.conf
new file mode 100644
index 0000000000..e84a9daac2
--- /dev/null
+++ b/Dockerfiles/web-apache-pgsql/centos/conf/etc/httpd/modules.conf
@@ -0,0 +1,24 @@
+LoadModule logio_module /usr/lib64/httpd/modules/mod_logio.so
+LoadModule unixd_module /usr/lib64/httpd/modules/mod_unixd.so
+LoadModule log_config_module /usr/lib64/httpd/modules/mod_log_config.so
+LoadModule access_compat_module /usr/lib64/httpd/modules/mod_access_compat.so
+LoadModule auth_basic_module /usr/lib64/httpd/modules/mod_auth_basic.so
+LoadModule authn_core_module /usr/lib64/httpd/modules/mod_authn_core.so
+LoadModule authn_file_module /usr/lib64/httpd/modules/mod_authn_file.so
+LoadModule authz_core_module /usr/lib64/httpd/modules/mod_authz_core.so
+LoadModule authz_host_module /usr/lib64/httpd/modules/mod_authz_host.so
+LoadModule authz_user_module /usr/lib64/httpd/modules/mod_authz_user.so
+LoadModule dir_module /usr/lib64/httpd/modules/mod_dir.so
+LoadModule env_module /usr/lib64/httpd/modules/mod_env.so
+LoadModule filter_module /usr/lib64/httpd/modules/mod_filter.so
+LoadModule mime_module /usr/lib64/httpd/modules/mod_mime.so
+LoadModule mpm_event_module /usr/lib64/httpd/modules/mod_mpm_event.so
+LoadModule negotiation_module /usr/lib64/httpd/modules/mod_negotiation.so
+LoadModule reqtimeout_module /usr/lib64/httpd/modules/mod_reqtimeout.so
+LoadModule setenvif_module /usr/lib64/httpd/modules/mod_setenvif.so
+LoadModule status_module /usr/lib64/httpd/modules/mod_status.so
+
+LoadModule proxy_module /usr/lib64/httpd/modules/mod_proxy.so
+LoadModule proxy_fcgi_module /usr/lib64/httpd/modules/mod_proxy_fcgi.so
+LoadModule expires_module /usr/lib64/httpd/modules/mod_expires.so
+LoadModule headers_module /usr/lib64/httpd/modules/mod_headers.so
diff --git a/Dockerfiles/web-apache-pgsql/centos/conf/etc/zabbix/apache.conf b/Dockerfiles/web-apache-pgsql/centos/conf/etc/zabbix/apache.conf
index e696330bf3..f0a69becdd 100644
--- a/Dockerfiles/web-apache-pgsql/centos/conf/etc/zabbix/apache.conf
+++ b/Dockerfiles/web-apache-pgsql/centos/conf/etc/zabbix/apache.conf
@@ -1,10 +1,17 @@
+Listen 8080
+
 <VirtualHost *:8080>
     DocumentRoot /usr/share/zabbix/
+
     ServerName zabbix
-    DirectoryIndex {HTTP_INDEX_FILE}
+
+    DirectoryIndex ${HTTP_INDEX_FILE}
+
     AddType application/x-httpd-php .php .php3 .php4 .php5 .phtml
     AddType application/x-httpd-php-source .phps
 
+    SetEnvIfNoCase ^Authorization$ "(.+)" HTTP_AUTHORIZATION=$1
+
     <LocationMatch "/(ping|status)">
         Order Allow,Deny
         Allow from all
@@ -20,6 +27,18 @@
         <FilesMatch \.(php|phar)$>
             SetHandler "proxy:unix:/tmp/php-fpm.sock|fcgi://localhost"
         </FilesMatch>
+
+        <filesMatch "\.(ico)$">
+            ExpiresActive On
+            ExpiresDefault "access plus 1 year"
+            Header append Cache-Control "public"
+        </filesMatch>
+
+        <filesMatch "\.(js|css|png|jpg|jpeg|gif|xml|txt)$">
+            ExpiresActive On
+            ExpiresDefault "access plus 14 day"
+            Header append Cache-Control "public"
+        </filesMatch>
     </Directory>
 
     <Directory "/usr/share/zabbix/conf">
diff --git a/Dockerfiles/web-apache-pgsql/centos/conf/etc/zabbix/apache_ssl.conf b/Dockerfiles/web-apache-pgsql/centos/conf/etc/zabbix/apache_ssl.conf
index 43faf0efff..dfa10d8750 100644
--- a/Dockerfiles/web-apache-pgsql/centos/conf/etc/zabbix/apache_ssl.conf
+++ b/Dockerfiles/web-apache-pgsql/centos/conf/etc/zabbix/apache_ssl.conf
@@ -1,97 +1,113 @@
-LoadModule ssl_module modules/mod_ssl.so
-LoadModule socache_shmcb_module modules/mod_socache_shmcb.so
+LoadModule ssl_module /usr/lib64/httpd/modules/mod_ssl.so
+LoadModule socache_shmcb_module /usr/lib64/httpd/modules/mod_socache_shmcb.so
 
 Listen 8443
 
-    <VirtualHost *:8443>
-        DocumentRoot /usr/share/zabbix/
-        ServerName zabbix
-        DirectoryIndex {HTTP_INDEX_FILE}
+<VirtualHost *:8443>
+    DocumentRoot /usr/share/zabbix/
 
-        AddType application/x-httpd-php .php .php3 .php4 .php5 .phtml
-        AddType application/x-httpd-php-source .phps
+    ServerName zabbix
 
-        # Enable/Disable SSL for this virtual host.
-        SSLEngine on
+    DirectoryIndex ${HTTP_INDEX_FILE}
 
-        # intermediate configuration
-        SSLProtocol             -all +TLSv1.2 +TLSv1.3
-        SSLCipherSuite          ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305
-        SSLHonorCipherOrder     off
-        SSLSessionTickets       off
+    AddType application/x-httpd-php .php .php3 .php4 .php5 .phtml
+    AddType application/x-httpd-php-source .phps
 
-        SSLCertificateFile /etc/ssl/apache2/ssl.crt
-        SSLCertificateKeyFile /etc/ssl/apache2/ssl.key
-        # SSLCACertificatePath /etc/ssl/apache2/chain/
+    SetEnvIfNoCase ^Authorization$ "(.+)" HTTP_AUTHORIZATION=$1
 
-        # enable HTTP/2, if available
-        Protocols h2 http/1.1
+    # Enable/Disable SSL for this virtual host.
+    SSLEngine on
 
-        # HTTP Strict Transport Security (mod_headers is required) (63072000 seconds)
-        Header always set Strict-Transport-Security "max-age=63072000"
+    # intermediate configuration
+    SSLProtocol             -all +TLSv1.2 +TLSv1.3
+    SSLCipherSuite          ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305
+    SSLHonorCipherOrder     off
+    SSLSessionTickets       off
 
-        <LocationMatch "/(ping|status)">
-            Order Allow,Deny
-            Allow from all
+    SSLCertificateFile /etc/ssl/apache2/ssl.crt
+    SSLCertificateKeyFile /etc/ssl/apache2/ssl.key
+    # SSLCACertificatePath /etc/ssl/apache2/chain/
 
+    # enable HTTP/2, if available
+    Protocols h2 http/1.1
+
+    # HTTP Strict Transport Security (mod_headers is required) (63072000 seconds)
+    Header always set Strict-Transport-Security "max-age=63072000"
+
+    <LocationMatch "/(ping|status)">
+        Order Allow,Deny
+        Allow from all
+
+        SetHandler "proxy:unix:/tmp/php-fpm.sock|fcgi://localhost"
+    </LocationMatch>
+
+    <Directory "/usr/share/zabbix">
+        Options FollowSymLinks
+        AllowOverride None
+        Require all granted
+
+        <FilesMatch \.(php|phar)$>
             SetHandler "proxy:unix:/tmp/php-fpm.sock|fcgi://localhost"
-        </LocationMatch>
-
-        <Directory "/usr/share/zabbix">
-            Options FollowSymLinks
-            AllowOverride None
-            Require all granted
-
-            <FilesMatch \.(php|phar)$>
-                SetHandler "proxy:unix:/tmp/php-fpm.sock|fcgi://localhost"
-            </FilesMatch>
-        </Directory>
-
-        <Directory "/usr/share/zabbix/conf">
-            Require all denied
-            <files *.php>
-                Order deny,allow
-                Deny from all
-            </files>
-        </Directory>
-
-        <Directory "/usr/share/zabbix/app">
-            Require all denied
-            <files *.php>
-                Order deny,allow
-                Deny from all
-            </files>
-        </Directory>
-
-        <Directory "/usr/share/zabbix/include">
-            Require all denied
-            <files *.php>
-                Order deny,allow
-                Deny from all
-            </files>
-        </Directory>
-
-        <Directory "/usr/share/zabbix/local">
-            Require all denied
-            <files *.php>
-                Order deny,allow
-                Deny from all
-            </files>
-        </Directory>
-
-        <Directory "/usr/share/zabbix/locale">
-            Require all denied
-            <files *.php>
-                Order deny,allow
-                Deny from all
-            </files>
-        </Directory>
-
-        <Directory "/usr/share/zabbix/vendor">
-            Require all denied
-            <files *.php>
-                Order deny,allow
-                Deny from all
-            </files>
-        </Directory>
-    </VirtualHost>
+        </FilesMatch>
+
+        <filesMatch "\.(ico)$">
+            ExpiresActive On
+            ExpiresDefault "access plus 1 year"
+            Header append Cache-Control "public"
+        </filesMatch>
+
+        <filesMatch "\.(js|css|png|jpg|jpeg|gif|xml|txt)$">
+            ExpiresActive On
+            ExpiresDefault "access plus 14 day"
+            Header append Cache-Control "public"
+        </filesMatch>
+    </Directory>
+
+    <Directory "/usr/share/zabbix/conf">
+        Require all denied
+        <files *.php>
+            Order deny,allow
+            Deny from all
+        </files>
+    </Directory>
+
+    <Directory "/usr/share/zabbix/app">
+        Require all denied
+        <files *.php>
+            Order deny,allow
+            Deny from all
+        </files>
+    </Directory>
+
+    <Directory "/usr/share/zabbix/include">
+        Require all denied
+        <files *.php>
+            Order deny,allow
+            Deny from all
+        </files>
+    </Directory>
+
+    <Directory "/usr/share/zabbix/local">
+        Require all denied
+        <files *.php>
+            Order deny,allow
+            Deny from all
+        </files>
+    </Directory>
+
+    <Directory "/usr/share/zabbix/locale">
+        Require all denied
+        <files *.php>
+            Order deny,allow
+            Deny from all
+        </files>
+    </Directory>
+
+    <Directory "/usr/share/zabbix/vendor">
+        Require all denied
+        <files *.php>
+            Order deny,allow
+            Deny from all
+        </files>
+    </Directory>
+</VirtualHost>
diff --git a/Dockerfiles/web-apache-pgsql/centos/docker-entrypoint.sh b/Dockerfiles/web-apache-pgsql/centos/docker-entrypoint.sh
index e350b2f083..270fef28ee 100755
--- a/Dockerfiles/web-apache-pgsql/centos/docker-entrypoint.sh
+++ b/Dockerfiles/web-apache-pgsql/centos/docker-entrypoint.sh
@@ -18,11 +18,19 @@ fi
 # Default timezone for web interface
 : ${PHP_TZ:="Europe/Riga"}
 
+# Default user settings
+: ${DAEMON_USER:="apache"}
+: ${DAEMON_GROUP:="apache"}
+    
 # Default directories
-# Web interface www-root directory
-ZABBIX_WWW_ROOT="/usr/share/zabbix"
 # Apache main configuration file
 HTTPD_CONF_FILE="/etc/httpd/conf/httpd.conf"
+# Apache additional configuration files directory
+APACHE_SITES_DIR="/etc/httpd/conf.d"
+# Directory with SSL certificate files for Apache
+APACHE_SSL_CONFIG_DIR="/etc/ssl/apache2"
+# PHP-FPM configuration file
+PHP_CONFIG_FILE="/etc/php-fpm.d/zabbix.conf"
 
 # usage: file_env VAR [DEFAULT]
 # as example: file_env 'MYSQL_PASSWORD' 'zabbix'
@@ -130,7 +138,12 @@ check_db_connect() {
 }
 
 prepare_web_server() {
-    APACHE_SITES_DIR=/etc/httpd/conf.d
+    if [ "$(id -u)" == '0' ]; then
+        export APACHE_RUN_USER=${DAEMON_USER}
+    else
+        export APACHE_RUN_USER=$(id -n -u)
+    fi
+    export APACHE_RUN_GROUP=${DAEMON_GROUP}
 
     echo "** Adding Zabbix virtual host (HTTP)"
     if [ -f "$ZABBIX_CONF_DIR/apache.conf" ]; then
@@ -139,7 +152,7 @@ prepare_web_server() {
         echo "**** Impossible to enable HTTP virtual host"
     fi
 
-    if [ -f "/etc/ssl/apache2/ssl.crt" ] && [ -f "/etc/ssl/apache2/ssl.key" ]; then
+    if [ -f "$APACHE_SSL_CONFIG_DIR/ssl.crt" ] && [ -f "$APACHE_SSL_CONFIG_DIR/ssl.key" ]; then
         echo "** Adding Zabbix virtual host (HTTPS)"
         if [ -f "$ZABBIX_CONF_DIR/apache_ssl.conf" ]; then
             ln -sfT "$ZABBIX_CONF_DIR/apache_ssl.conf" "$APACHE_SITES_DIR/zabbix_ssl.conf"
@@ -149,12 +162,28 @@ prepare_web_server() {
     else
         echo "**** Impossible to enable SSL support for Apache2. Certificates are missed."
     fi
-}
 
-prepare_zbx_web_config() {
-    echo "** Preparing Zabbix frontend configuration file"
+    export HTTP_INDEX_FILE=${HTTP_INDEX_FILE:="index.php"}
+
+    : ${ENABLE_WEB_ACCESS_LOG:="true"}
+    export APACHE_CUSTOM_LOG="/proc/self/fd/1"
+    if [ "${ENABLE_WEB_ACCESS_LOG,,}" == "false" ]; then
+        export APACHE_CUSTOM_LOG="/dev/null"
+    fi
+
+    : ${EXPOSE_WEB_SERVER_INFO:="on"}
+    export APACHE_SERVER_TOKENS="OS"
+    export APACHE_SERVER_SIGNATURE="On"
+    if [ "${EXPOSE_WEB_SERVER_INFO}" == "off" ]; then
+        export APACHE_SERVER_TOKENS="Prod"
+        export APACHE_SERVER_SIGNATURE="Off"
+    fi
 
-    PHP_CONFIG_FILE="/etc/php-fpm.d/zabbix.conf"
+    mkdir -p /tmp/httpd
+}
+
+prepare_zbx_php_config() {
+    echo "** Preparing PHP configuration"
 
     export PHP_FPM_PM=${PHP_FPM_PM:-"dynamic"}
     export PHP_FPM_PM_MAX_CHILDREN=${PHP_FPM_PM_MAX_CHILDREN:-"50"}
@@ -164,10 +193,10 @@ prepare_zbx_web_config() {
     export PHP_FPM_PM_MAX_REQUESTS=${PHP_FPM_PM_MAX_REQUESTS:-"0"}
 
     if [ "$(id -u)" == '0' ]; then
-        echo "user = zabbix" >> "$PHP_CONFIG_FILE"
-        echo "group = zabbix" >> "$PHP_CONFIG_FILE"
-        echo "listen.owner = nginx" >> "$PHP_CONFIG_FILE"
-        echo "listen.group = nginx" >> "$PHP_CONFIG_FILE"
+        echo "user = ${DAEMON_USER}" >> "$PHP_CONFIG_FILE"
+        echo "group = ${DAEMON_GROUP}" >> "$PHP_CONFIG_FILE"
+        echo "listen.owner = ${DAEMON_USER}" >> "$PHP_CONFIG_FILE"
+        echo "listen.group = ${DAEMON_GROUP}" >> "$PHP_CONFIG_FILE"
     fi
 
     : ${ZBX_DENY_GUI_ACCESS:="false"}
@@ -221,45 +250,14 @@ prepare_zbx_web_config() {
 
     : ${ZBX_ALLOW_HTTP_AUTH:="true"}
     export ZBX_ALLOW_HTTP_AUTH=${ZBX_ALLOW_HTTP_AUTH}
+}
 
+prepare_zbx_config() {
     if [ -n "${ZBX_SESSION_NAME}" ]; then
         cp "$ZABBIX_WWW_ROOT/include/defines.inc.php" "/tmp/defines.inc.php_tmp"
         sed "/ZBX_SESSION_NAME/s/'[^']*'/'${ZBX_SESSION_NAME}'/2" "/tmp/defines.inc.php_tmp" > "$ZABBIX_WWW_ROOT/include/defines.inc.php"
         rm -f "/tmp/defines.inc.php_tmp"
     fi
-
-    : ${HTTP_INDEX_FILE:="index.php"}
-    sed -i \
-        -e "s/{HTTP_INDEX_FILE}/${HTTP_INDEX_FILE}/g" \
-    "$ZABBIX_CONF_DIR/apache.conf"
-
-    if [ -f "$ZABBIX_CONF_DIR/apache_ssl.conf" ]; then
-        sed -i \
-            -e "s/{HTTP_INDEX_FILE}/${HTTP_INDEX_FILE}/g" \
-        "$ZABBIX_CONF_DIR/apache_ssl.conf"
-    fi
-
-    : ${ENABLE_WEB_ACCESS_LOG:="true"}
-
-    if [ "${ENABLE_WEB_ACCESS_LOG,,}" == "false" ]; then
-        sed -ri \
-            -e 's!^(\s*CustomLog)\s+\S+!\1 /dev/null!g' \
-            "$HTTPD_CONF_FILE"
-    fi
-
-    : ${EXPOSE_WEB_SERVER_INFO:="on"}
-    if [ "${EXPOSE_WEB_SERVER_INFO}" = "off" ]; then
-        sed -i \
-            -e "s/^\(\s*ServerTokens\).*\$/\1 Prod/g" \
-        "$HTTPD_CONF_FILE"
-    else
-        EXPOSE_WEB_SERVER_INFO="on"
-    fi
-
-    export EXPOSE_WEB_SERVER_INFO=${EXPOSE_WEB_SERVER_INFO}
-    sed -i \
-        -e "s/^\(\s*ServerSignature\).*\$/\1 ${EXPOSE_WEB_SERVER_INFO^}/g" \
-    "$HTTPD_CONF_FILE"
 }
 
 #################################################
@@ -268,8 +266,9 @@ echo "** Deploying Zabbix web-interface (Apache) with PostgreSQL database"
 
 check_variables
 check_db_connect
+prepare_zbx_php_config
 prepare_web_server
-prepare_zbx_web_config
+prepare_zbx_config
 
 echo "########################################################"
 
diff --git a/Dockerfiles/web-apache-pgsql/ol/Dockerfile b/Dockerfiles/web-apache-pgsql/ol/Dockerfile
index 76423c102f..315e3638f1 100644
--- a/Dockerfiles/web-apache-pgsql/ol/Dockerfile
+++ b/Dockerfiles/web-apache-pgsql/ol/Dockerfile
@@ -14,7 +14,8 @@ ARG ZBX_SOURCES=https://git.zabbix.com/scm/zbx/zabbix.git
 
 ENV TERM=xterm \
     ZBX_VERSION=${ZBX_VERSION} ZBX_SOURCES=${ZBX_SOURCES} \
-    ZABBIX_CONF_DIR="/etc/zabbix"
+    ZABBIX_CONF_DIR="/etc/zabbix" \
+    ZABBIX_WWW_ROOT="/usr/share/zabbix"
 
 LABEL org.opencontainers.image.authors="Alexey Pustovalov <alexey.pustovalov@zabbix.com>" \
       org.opencontainers.image.description="Zabbix web-interface based on Apache2 web server with PostgreSQL database support" \
@@ -28,7 +29,7 @@ LABEL org.opencontainers.image.authors="Alexey Pustovalov <alexey.pustovalov@zab
 
 STOPSIGNAL SIGTERM
 
-COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}/ui", "/usr/share/zabbix"]
+COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}/ui", "${ZABBIX_WWW_ROOT}"]
 COPY ["conf/etc/", "/etc/"]
 COPY ["conf/etc/yum.repos.d/oracle-epel-ol9.repo", "/etc/yum.repos.d/oracle-epel-ol9.repo"]
 
@@ -87,26 +88,26 @@ RUN --mount=type=tmpfs,target=/var/lib/dnf/ \
     mkdir -p ${ZABBIX_CONF_DIR}/web/certs && \
     rm -f "/etc/httpd/conf.d/default.conf" && \
     rm -f "/etc/httpd/conf.d/ssl.conf" && \
+    rm -f "/etc/httpd/conf.d/autoindex.conf" && \
+    rm -f "/etc/httpd/conf.d/php.conf" && \
+    rm -f "/etc/httpd/conf.d/userdir.conf" && \
+    rm -f "/etc/httpd/conf.d/welcome.conf" && \
     rm -f /etc/php-fpm.d/www.conf && \
-    sed -ri \
-            -e 's!^(\s*CustomLog)\s+\S+!\1 /proc/self/fd/1!g' \
-            -e 's!^(\s*ErrorLog)\s+\S+!\1 /proc/self/fd/2!g' \
-        "/etc/httpd/conf/httpd.conf" && \
-    sed -i 's/Listen 80/Listen 8080/g' /etc/httpd/conf/httpd.conf && \
-    cd /usr/share/zabbix/ && \
+    find /etc/ -name '*.rpmnew' | xargs rm -f && \
+    cd ${ZABBIX_WWW_ROOT}/ && \
     rm -f conf/zabbix.conf.php conf/maintenance.inc.php conf/zabbix.conf.php.example && \
     rm -rf tests && \
     rm -f locale/add_new_language.sh locale/update_po.sh locale/make_mo.sh && \
-    find /usr/share/zabbix/locale -name '*.po' | xargs rm -f && \
-    find /usr/share/zabbix/locale -name '*.sh' | xargs rm -f && \
-    ln -s "${ZABBIX_CONF_DIR}/web/zabbix.conf.php" "/usr/share/zabbix/conf/zabbix.conf.php" && \
-    ln -s "${ZABBIX_CONF_DIR}/web/maintenance.inc.php" "/usr/share/zabbix/conf/maintenance.inc.php" && \
-    cat /usr/share/zabbix/include/locales.inc.php | grep display | grep true | awk '{$1=$1};1' | \
+    find ${ZABBIX_WWW_ROOT}/locale -name '*.po' | xargs rm -f && \
+    find ${ZABBIX_WWW_ROOT}/locale -name '*.sh' | xargs rm -f && \
+    ln -s "${ZABBIX_CONF_DIR}/web/zabbix.conf.php" "${ZABBIX_WWW_ROOT}/conf/zabbix.conf.php" && \
+    ln -s "${ZABBIX_CONF_DIR}/web/maintenance.inc.php" "${ZABBIX_WWW_ROOT}/conf/maintenance.inc.php" && \
+    cat ${ZABBIX_WWW_ROOT}/include/locales.inc.php | grep display | grep true | awk '{$1=$1};1' | \
         cut -d"'" -f 2 | sort | \
         xargs -I '{}' bash -c 'echo "{}" && localedef -c -i {} -f UTF-8 {}.UTF-8 2>/dev/null' && \
-    chown --quiet -R zabbix:root ${ZABBIX_CONF_DIR}/ /usr/share/zabbix/include/defines.inc.php /usr/share/zabbix/modules/ && \
-    chgrp -R 0 ${ZABBIX_CONF_DIR}/ /usr/share/zabbix/include/defines.inc.php /usr/share/zabbix/modules/ && \
-    chmod -R g=u ${ZABBIX_CONF_DIR}/ /usr/share/zabbix/include/defines.inc.php /usr/share/zabbix/modules/ && \
+    chown --quiet -R zabbix:root ${ZABBIX_CONF_DIR}/ ${ZABBIX_WWW_ROOT}/include/defines.inc.php ${ZABBIX_WWW_ROOT}/modules/ && \
+    chgrp -R 0 ${ZABBIX_CONF_DIR}/ ${ZABBIX_WWW_ROOT}/include/defines.inc.php ${ZABBIX_WWW_ROOT}/modules/ && \
+    chmod -R g=u ${ZABBIX_CONF_DIR}/ ${ZABBIX_WWW_ROOT}/include/defines.inc.php ${ZABBIX_WWW_ROOT}/modules/ && \
     chown --quiet -R zabbix:root /etc/httpd/ /etc/php-fpm.d/ /etc/php-fpm.conf && \
     chgrp -R 0 /etc/httpd/ /etc/php-fpm.d/ /etc/php-fpm.conf && \
     chmod -R g=u /etc/httpd/ /etc/php-fpm.d/ /etc/php-fpm.conf && \
@@ -114,12 +115,15 @@ RUN --mount=type=tmpfs,target=/var/lib/dnf/ \
     chgrp -R 0 /run/httpd/ /var/lib/php/session/ && \
     chmod -R g=u /run/httpd/ /var/lib/php/session/ && \
     microdnf -y remove \
-        findutils \
-        glibc-locale-source
+            findutils \
+            glibc-locale-source
+
+HEALTHCHECK --interval=1m30s --timeout=3s --retries=3 --start-period=40s --start-interval=5s \
+    CMD curl -f http://localhost:8080/ping || exit 1
 
 EXPOSE 8080/TCP 8443/TCP
 
-WORKDIR /usr/share/zabbix
+WORKDIR ${ZABBIX_WWW_ROOT}
 
 COPY ["docker-entrypoint.sh", "/usr/bin/"]
 
diff --git a/Dockerfiles/web-apache-pgsql/ol/conf/etc/httpd/conf.d/99-zabbix.conf b/Dockerfiles/web-apache-pgsql/ol/conf/etc/httpd/conf.d/99-zabbix.conf
deleted file mode 100644
index c28b761b99..0000000000
--- a/Dockerfiles/web-apache-pgsql/ol/conf/etc/httpd/conf.d/99-zabbix.conf
+++ /dev/null
@@ -1,3 +0,0 @@
-<IfModule !mpm_netware_module>
-    PidFile "/tmp/httpd.pid"
-</IfModule>
diff --git a/Dockerfiles/web-apache-pgsql/ol/conf/etc/httpd/conf.d/mime.conf b/Dockerfiles/web-apache-pgsql/ol/conf/etc/httpd/conf.d/mime.conf
new file mode 100644
index 0000000000..6dd43b1cfa
--- /dev/null
+++ b/Dockerfiles/web-apache-pgsql/ol/conf/etc/httpd/conf.d/mime.conf
@@ -0,0 +1,9 @@
+<IfModule mime_module>
+    TypesConfig /etc/mime.types
+
+    AddType application/x-compress .Z
+    AddType application/x-gzip .gz .tgz
+</IfModule>
+<IfModule mime_magic_module>
+    MIMEMagicFile conf/magic
+</IfModule>
diff --git a/Dockerfiles/web-apache-pgsql/ol/conf/etc/httpd/conf/httpd.conf b/Dockerfiles/web-apache-pgsql/ol/conf/etc/httpd/conf/httpd.conf
new file mode 100644
index 0000000000..eacc151234
--- /dev/null
+++ b/Dockerfiles/web-apache-pgsql/ol/conf/etc/httpd/conf/httpd.conf
@@ -0,0 +1,75 @@
+ServerRoot /etc/httpd/
+ServerRoot /var/www
+DefaultRuntimeDir /tmp/httpd/
+PidFile /tmp/httpd.pid
+
+ServerName 127.0.0.1
+
+IncludeOptional /etc/httpd/includes.conf
+
+Timeout 300
+KeepAlive On
+MaxKeepAliveRequests 100
+KeepAliveTimeout 5
+
+<IfModule unixd_module>
+    User ${APACHE_RUN_USER}
+    Group ${APACHE_RUN_GROUP}
+</IfModule>
+
+HostnameLookups Off
+
+LogLevel warn
+
+<IfModule log_config_module>
+    SetEnvIf Request_URI "^/(robots\.txt|favicon\.ico|status|ping|apache-status)$" exclude_from_logs
+
+    LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
+    LogFormat "%v:%p %h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" vhost_combined
+    LogFormat "%h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" combined
+    LogFormat "%h %l %u %t \"%r\" %>s %O" common
+    LogFormat "%{Referer}i -> %U" referer
+    LogFormat "%{User-agent}i" agent
+
+    CustomLog ${APACHE_CUSTOM_LOG} vhost_combined env=!exclude_from_logs
+</IfModule>
+
+ErrorLog /proc/self/fd/2
+
+LogLevel warn
+
+<IfModule mpm_event_module>
+    StartServers            2
+    MinSpareThreads         25
+    MaxSpareThreads         75
+    ThreadLimit             64
+    ThreadsPerChild         25
+    MaxRequestWorkers       150
+    MaxConnectionsPerChild  0
+</IfModule>
+
+# Deny all attempts to access hidden files such as .htaccess, .htpasswd, .DS_Store (Mac).
+<FilesMatch "^\.">
+    Require all denied
+</FilesMatch>
+
+ServerTokens ${APACHE_SERVER_TOKENS}
+
+ServerSignature ${APACHE_SERVER_SIGNATURE}
+
+TraceEnable Off
+
+AddDefaultCharset UTF-8
+
+<IfModule status_module>
+    <Location /apache-status>
+        SetHandler server-status
+        Require local
+    </Location>
+
+    ExtendedStatus On
+
+    <IfModule mod_proxy.c>
+        ProxyStatus On
+    </IfModule>
+</IfModule>
diff --git a/Dockerfiles/web-apache-pgsql/ol/conf/etc/httpd/includes.conf b/Dockerfiles/web-apache-pgsql/ol/conf/etc/httpd/includes.conf
new file mode 100644
index 0000000000..f7ee6da9b3
--- /dev/null
+++ b/Dockerfiles/web-apache-pgsql/ol/conf/etc/httpd/includes.conf
@@ -0,0 +1,3 @@
+IncludeOptional /etc/httpd/modules.conf
+
+IncludeOptional /etc/httpd/conf.d/*.conf
diff --git a/Dockerfiles/web-apache-pgsql/ol/conf/etc/httpd/modules.conf b/Dockerfiles/web-apache-pgsql/ol/conf/etc/httpd/modules.conf
new file mode 100644
index 0000000000..e84a9daac2
--- /dev/null
+++ b/Dockerfiles/web-apache-pgsql/ol/conf/etc/httpd/modules.conf
@@ -0,0 +1,24 @@
+LoadModule logio_module /usr/lib64/httpd/modules/mod_logio.so
+LoadModule unixd_module /usr/lib64/httpd/modules/mod_unixd.so
+LoadModule log_config_module /usr/lib64/httpd/modules/mod_log_config.so
+LoadModule access_compat_module /usr/lib64/httpd/modules/mod_access_compat.so
+LoadModule auth_basic_module /usr/lib64/httpd/modules/mod_auth_basic.so
+LoadModule authn_core_module /usr/lib64/httpd/modules/mod_authn_core.so
+LoadModule authn_file_module /usr/lib64/httpd/modules/mod_authn_file.so
+LoadModule authz_core_module /usr/lib64/httpd/modules/mod_authz_core.so
+LoadModule authz_host_module /usr/lib64/httpd/modules/mod_authz_host.so
+LoadModule authz_user_module /usr/lib64/httpd/modules/mod_authz_user.so
+LoadModule dir_module /usr/lib64/httpd/modules/mod_dir.so
+LoadModule env_module /usr/lib64/httpd/modules/mod_env.so
+LoadModule filter_module /usr/lib64/httpd/modules/mod_filter.so
+LoadModule mime_module /usr/lib64/httpd/modules/mod_mime.so
+LoadModule mpm_event_module /usr/lib64/httpd/modules/mod_mpm_event.so
+LoadModule negotiation_module /usr/lib64/httpd/modules/mod_negotiation.so
+LoadModule reqtimeout_module /usr/lib64/httpd/modules/mod_reqtimeout.so
+LoadModule setenvif_module /usr/lib64/httpd/modules/mod_setenvif.so
+LoadModule status_module /usr/lib64/httpd/modules/mod_status.so
+
+LoadModule proxy_module /usr/lib64/httpd/modules/mod_proxy.so
+LoadModule proxy_fcgi_module /usr/lib64/httpd/modules/mod_proxy_fcgi.so
+LoadModule expires_module /usr/lib64/httpd/modules/mod_expires.so
+LoadModule headers_module /usr/lib64/httpd/modules/mod_headers.so
diff --git a/Dockerfiles/web-apache-pgsql/ol/conf/etc/zabbix/apache.conf b/Dockerfiles/web-apache-pgsql/ol/conf/etc/zabbix/apache.conf
index e696330bf3..f0a69becdd 100644
--- a/Dockerfiles/web-apache-pgsql/ol/conf/etc/zabbix/apache.conf
+++ b/Dockerfiles/web-apache-pgsql/ol/conf/etc/zabbix/apache.conf
@@ -1,10 +1,17 @@
+Listen 8080
+
 <VirtualHost *:8080>
     DocumentRoot /usr/share/zabbix/
+
     ServerName zabbix
-    DirectoryIndex {HTTP_INDEX_FILE}
+
+    DirectoryIndex ${HTTP_INDEX_FILE}
+
     AddType application/x-httpd-php .php .php3 .php4 .php5 .phtml
     AddType application/x-httpd-php-source .phps
 
+    SetEnvIfNoCase ^Authorization$ "(.+)" HTTP_AUTHORIZATION=$1
+
     <LocationMatch "/(ping|status)">
         Order Allow,Deny
         Allow from all
@@ -20,6 +27,18 @@
         <FilesMatch \.(php|phar)$>
             SetHandler "proxy:unix:/tmp/php-fpm.sock|fcgi://localhost"
         </FilesMatch>
+
+        <filesMatch "\.(ico)$">
+            ExpiresActive On
+            ExpiresDefault "access plus 1 year"
+            Header append Cache-Control "public"
+        </filesMatch>
+
+        <filesMatch "\.(js|css|png|jpg|jpeg|gif|xml|txt)$">
+            ExpiresActive On
+            ExpiresDefault "access plus 14 day"
+            Header append Cache-Control "public"
+        </filesMatch>
     </Directory>
 
     <Directory "/usr/share/zabbix/conf">
diff --git a/Dockerfiles/web-apache-pgsql/ol/conf/etc/zabbix/apache_ssl.conf b/Dockerfiles/web-apache-pgsql/ol/conf/etc/zabbix/apache_ssl.conf
index 43faf0efff..dfa10d8750 100644
--- a/Dockerfiles/web-apache-pgsql/ol/conf/etc/zabbix/apache_ssl.conf
+++ b/Dockerfiles/web-apache-pgsql/ol/conf/etc/zabbix/apache_ssl.conf
@@ -1,97 +1,113 @@
-LoadModule ssl_module modules/mod_ssl.so
-LoadModule socache_shmcb_module modules/mod_socache_shmcb.so
+LoadModule ssl_module /usr/lib64/httpd/modules/mod_ssl.so
+LoadModule socache_shmcb_module /usr/lib64/httpd/modules/mod_socache_shmcb.so
 
 Listen 8443
 
-    <VirtualHost *:8443>
-        DocumentRoot /usr/share/zabbix/
-        ServerName zabbix
-        DirectoryIndex {HTTP_INDEX_FILE}
+<VirtualHost *:8443>
+    DocumentRoot /usr/share/zabbix/
 
-        AddType application/x-httpd-php .php .php3 .php4 .php5 .phtml
-        AddType application/x-httpd-php-source .phps
+    ServerName zabbix
 
-        # Enable/Disable SSL for this virtual host.
-        SSLEngine on
+    DirectoryIndex ${HTTP_INDEX_FILE}
 
-        # intermediate configuration
-        SSLProtocol             -all +TLSv1.2 +TLSv1.3
-        SSLCipherSuite          ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305
-        SSLHonorCipherOrder     off
-        SSLSessionTickets       off
+    AddType application/x-httpd-php .php .php3 .php4 .php5 .phtml
+    AddType application/x-httpd-php-source .phps
 
-        SSLCertificateFile /etc/ssl/apache2/ssl.crt
-        SSLCertificateKeyFile /etc/ssl/apache2/ssl.key
-        # SSLCACertificatePath /etc/ssl/apache2/chain/
+    SetEnvIfNoCase ^Authorization$ "(.+)" HTTP_AUTHORIZATION=$1
 
-        # enable HTTP/2, if available
-        Protocols h2 http/1.1
+    # Enable/Disable SSL for this virtual host.
+    SSLEngine on
 
-        # HTTP Strict Transport Security (mod_headers is required) (63072000 seconds)
-        Header always set Strict-Transport-Security "max-age=63072000"
+    # intermediate configuration
+    SSLProtocol             -all +TLSv1.2 +TLSv1.3
+    SSLCipherSuite          ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305
+    SSLHonorCipherOrder     off
+    SSLSessionTickets       off
 
-        <LocationMatch "/(ping|status)">
-            Order Allow,Deny
-            Allow from all
+    SSLCertificateFile /etc/ssl/apache2/ssl.crt
+    SSLCertificateKeyFile /etc/ssl/apache2/ssl.key
+    # SSLCACertificatePath /etc/ssl/apache2/chain/
 
+    # enable HTTP/2, if available
+    Protocols h2 http/1.1
+
+    # HTTP Strict Transport Security (mod_headers is required) (63072000 seconds)
+    Header always set Strict-Transport-Security "max-age=63072000"
+
+    <LocationMatch "/(ping|status)">
+        Order Allow,Deny
+        Allow from all
+
+        SetHandler "proxy:unix:/tmp/php-fpm.sock|fcgi://localhost"
+    </LocationMatch>
+
+    <Directory "/usr/share/zabbix">
+        Options FollowSymLinks
+        AllowOverride None
+        Require all granted
+
+        <FilesMatch \.(php|phar)$>
             SetHandler "proxy:unix:/tmp/php-fpm.sock|fcgi://localhost"
-        </LocationMatch>
-
-        <Directory "/usr/share/zabbix">
-            Options FollowSymLinks
-            AllowOverride None
-            Require all granted
-
-            <FilesMatch \.(php|phar)$>
-                SetHandler "proxy:unix:/tmp/php-fpm.sock|fcgi://localhost"
-            </FilesMatch>
-        </Directory>
-
-        <Directory "/usr/share/zabbix/conf">
-            Require all denied
-            <files *.php>
-                Order deny,allow
-                Deny from all
-            </files>
-        </Directory>
-
-        <Directory "/usr/share/zabbix/app">
-            Require all denied
-            <files *.php>
-                Order deny,allow
-                Deny from all
-            </files>
-        </Directory>
-
-        <Directory "/usr/share/zabbix/include">
-            Require all denied
-            <files *.php>
-                Order deny,allow
-                Deny from all
-            </files>
-        </Directory>
-
-        <Directory "/usr/share/zabbix/local">
-            Require all denied
-            <files *.php>
-                Order deny,allow
-                Deny from all
-            </files>
-        </Directory>
-
-        <Directory "/usr/share/zabbix/locale">
-            Require all denied
-            <files *.php>
-                Order deny,allow
-                Deny from all
-            </files>
-        </Directory>
-
-        <Directory "/usr/share/zabbix/vendor">
-            Require all denied
-            <files *.php>
-                Order deny,allow
-                Deny from all
-            </files>
-        </Directory>
-    </VirtualHost>
+        </FilesMatch>
+
+        <filesMatch "\.(ico)$">
+            ExpiresActive On
+            ExpiresDefault "access plus 1 year"
+            Header append Cache-Control "public"
+        </filesMatch>
+
+        <filesMatch "\.(js|css|png|jpg|jpeg|gif|xml|txt)$">
+            ExpiresActive On
+            ExpiresDefault "access plus 14 day"
+            Header append Cache-Control "public"
+        </filesMatch>
+    </Directory>
+
+    <Directory "/usr/share/zabbix/conf">
+        Require all denied
+        <files *.php>
+            Order deny,allow
+            Deny from all
+        </files>
+    </Directory>
+
+    <Directory "/usr/share/zabbix/app">
+        Require all denied
+        <files *.php>
+            Order deny,allow
+            Deny from all
+        </files>
+    </Directory>
+
+    <Directory "/usr/share/zabbix/include">
+        Require all denied
+        <files *.php>
+            Order deny,allow
+            Deny from all
+        </files>
+    </Directory>
+
+    <Directory "/usr/share/zabbix/local">
+        Require all denied
+        <files *.php>
+            Order deny,allow
+            Deny from all
+        </files>
+    </Directory>
+
+    <Directory "/usr/share/zabbix/locale">
+        Require all denied
+        <files *.php>
+            Order deny,allow
+            Deny from all
+        </files>
+    </Directory>
+
+    <Directory "/usr/share/zabbix/vendor">
+        Require all denied
+        <files *.php>
+            Order deny,allow
+            Deny from all
+        </files>
+    </Directory>
+</VirtualHost>
diff --git a/Dockerfiles/web-apache-pgsql/ol/docker-entrypoint.sh b/Dockerfiles/web-apache-pgsql/ol/docker-entrypoint.sh
index e350b2f083..456251ff89 100755
--- a/Dockerfiles/web-apache-pgsql/ol/docker-entrypoint.sh
+++ b/Dockerfiles/web-apache-pgsql/ol/docker-entrypoint.sh
@@ -18,11 +18,19 @@ fi
 # Default timezone for web interface
 : ${PHP_TZ:="Europe/Riga"}
 
+# Default user settings
+: ${DAEMON_USER:="apache"}
+: ${DAEMON_GROUP:="apache"}
+
 # Default directories
-# Web interface www-root directory
-ZABBIX_WWW_ROOT="/usr/share/zabbix"
 # Apache main configuration file
 HTTPD_CONF_FILE="/etc/httpd/conf/httpd.conf"
+# Apache additional configuration files directory
+APACHE_SITES_DIR="/etc/httpd/conf.d"
+# Directory with SSL certificate files for Apache
+APACHE_SSL_CONFIG_DIR="/etc/ssl/apache2"
+# PHP-FPM configuration file
+PHP_CONFIG_FILE="/etc/php-fpm.d/zabbix.conf"
 
 # usage: file_env VAR [DEFAULT]
 # as example: file_env 'MYSQL_PASSWORD' 'zabbix'
@@ -151,10 +159,53 @@ prepare_web_server() {
     fi
 }
 
-prepare_zbx_web_config() {
-    echo "** Preparing Zabbix frontend configuration file"
+prepare_web_server() {
+    if [ "$(id -u)" == '0' ]; then
+        export APACHE_RUN_USER=${DAEMON_USER}
+    else
+        export APACHE_RUN_USER=$(id -n -u)
+    fi
+    export APACHE_RUN_GROUP=${DAEMON_GROUP}
+
+    echo "** Adding Zabbix virtual host (HTTP)"
+    if [ -f "$ZABBIX_CONF_DIR/apache.conf" ]; then
+        ln -sfT "$ZABBIX_CONF_DIR/apache.conf" "$APACHE_SITES_DIR/zabbix.conf"
+    else
+        echo "**** Impossible to enable HTTP virtual host"
+    fi
+
+    if [ -f "$APACHE_SSL_CONFIG_DIR/ssl.crt" ] && [ -f "$APACHE_SSL_CONFIG_DIR/ssl.key" ]; then
+        echo "** Adding Zabbix virtual host (HTTPS)"
+        if [ -f "$ZABBIX_CONF_DIR/apache_ssl.conf" ]; then
+            ln -sfT "$ZABBIX_CONF_DIR/apache_ssl.conf" "$APACHE_SITES_DIR/zabbix_ssl.conf"
+        else
+            echo "**** Impossible to enable HTTPS virtual host"
+        fi
+    else
+        echo "**** Impossible to enable SSL support for Apache2. Certificates are missed."
+    fi
+
+    export HTTP_INDEX_FILE=${HTTP_INDEX_FILE:="index.php"}
 
-    PHP_CONFIG_FILE="/etc/php-fpm.d/zabbix.conf"
+    : ${ENABLE_WEB_ACCESS_LOG:="true"}
+    export APACHE_CUSTOM_LOG="/proc/self/fd/1"
+    if [ "${ENABLE_WEB_ACCESS_LOG,,}" == "false" ]; then
+        export APACHE_CUSTOM_LOG="/dev/null"
+    fi
+
+    : ${EXPOSE_WEB_SERVER_INFO:="on"}
+    export APACHE_SERVER_TOKENS="OS"
+    export APACHE_SERVER_SIGNATURE="On"
+    if [ "${EXPOSE_WEB_SERVER_INFO}" == "off" ]; then
+        export APACHE_SERVER_TOKENS="Prod"
+        export APACHE_SERVER_SIGNATURE="Off"
+    fi
+
+    mkdir -p /tmp/httpd
+}
+
+prepare_zbx_php_config() {
+    echo "** Preparing PHP configuration"
 
     export PHP_FPM_PM=${PHP_FPM_PM:-"dynamic"}
     export PHP_FPM_PM_MAX_CHILDREN=${PHP_FPM_PM_MAX_CHILDREN:-"50"}
@@ -164,10 +215,10 @@ prepare_zbx_web_config() {
     export PHP_FPM_PM_MAX_REQUESTS=${PHP_FPM_PM_MAX_REQUESTS:-"0"}
 
     if [ "$(id -u)" == '0' ]; then
-        echo "user = zabbix" >> "$PHP_CONFIG_FILE"
-        echo "group = zabbix" >> "$PHP_CONFIG_FILE"
-        echo "listen.owner = nginx" >> "$PHP_CONFIG_FILE"
-        echo "listen.group = nginx" >> "$PHP_CONFIG_FILE"
+        echo "user = ${DAEMON_USER}" >> "$PHP_CONFIG_FILE"
+        echo "group = ${DAEMON_GROUP}" >> "$PHP_CONFIG_FILE"
+        echo "listen.owner = ${DAEMON_USER}" >> "$PHP_CONFIG_FILE"
+        echo "listen.group = ${DAEMON_GROUP}" >> "$PHP_CONFIG_FILE"
     fi
 
     : ${ZBX_DENY_GUI_ACCESS:="false"}
@@ -221,45 +272,14 @@ prepare_zbx_web_config() {
 
     : ${ZBX_ALLOW_HTTP_AUTH:="true"}
     export ZBX_ALLOW_HTTP_AUTH=${ZBX_ALLOW_HTTP_AUTH}
+}
 
+prepare_zbx_config() {
     if [ -n "${ZBX_SESSION_NAME}" ]; then
         cp "$ZABBIX_WWW_ROOT/include/defines.inc.php" "/tmp/defines.inc.php_tmp"
         sed "/ZBX_SESSION_NAME/s/'[^']*'/'${ZBX_SESSION_NAME}'/2" "/tmp/defines.inc.php_tmp" > "$ZABBIX_WWW_ROOT/include/defines.inc.php"
         rm -f "/tmp/defines.inc.php_tmp"
     fi
-
-    : ${HTTP_INDEX_FILE:="index.php"}
-    sed -i \
-        -e "s/{HTTP_INDEX_FILE}/${HTTP_INDEX_FILE}/g" \
-    "$ZABBIX_CONF_DIR/apache.conf"
-
-    if [ -f "$ZABBIX_CONF_DIR/apache_ssl.conf" ]; then
-        sed -i \
-            -e "s/{HTTP_INDEX_FILE}/${HTTP_INDEX_FILE}/g" \
-        "$ZABBIX_CONF_DIR/apache_ssl.conf"
-    fi
-
-    : ${ENABLE_WEB_ACCESS_LOG:="true"}
-
-    if [ "${ENABLE_WEB_ACCESS_LOG,,}" == "false" ]; then
-        sed -ri \
-            -e 's!^(\s*CustomLog)\s+\S+!\1 /dev/null!g' \
-            "$HTTPD_CONF_FILE"
-    fi
-
-    : ${EXPOSE_WEB_SERVER_INFO:="on"}
-    if [ "${EXPOSE_WEB_SERVER_INFO}" = "off" ]; then
-        sed -i \
-            -e "s/^\(\s*ServerTokens\).*\$/\1 Prod/g" \
-        "$HTTPD_CONF_FILE"
-    else
-        EXPOSE_WEB_SERVER_INFO="on"
-    fi
-
-    export EXPOSE_WEB_SERVER_INFO=${EXPOSE_WEB_SERVER_INFO}
-    sed -i \
-        -e "s/^\(\s*ServerSignature\).*\$/\1 ${EXPOSE_WEB_SERVER_INFO^}/g" \
-    "$HTTPD_CONF_FILE"
 }
 
 #################################################
@@ -268,8 +288,9 @@ echo "** Deploying Zabbix web-interface (Apache) with PostgreSQL database"
 
 check_variables
 check_db_connect
+prepare_zbx_php_config
 prepare_web_server
-prepare_zbx_web_config
+prepare_zbx_config
 
 echo "########################################################"
 
diff --git a/Dockerfiles/web-apache-pgsql/ubuntu/Dockerfile b/Dockerfiles/web-apache-pgsql/ubuntu/Dockerfile
index 70b0912d2c..097b08a319 100644
--- a/Dockerfiles/web-apache-pgsql/ubuntu/Dockerfile
+++ b/Dockerfiles/web-apache-pgsql/ubuntu/Dockerfile
@@ -14,7 +14,8 @@ ARG ZBX_SOURCES=https://git.zabbix.com/scm/zbx/zabbix.git
 
 ENV TERM=xterm \
     ZBX_VERSION=${ZBX_VERSION} ZBX_SOURCES=${ZBX_SOURCES} \
-    ZABBIX_CONF_DIR="/etc/zabbix"
+    ZABBIX_CONF_DIR="/etc/zabbix" \
+    ZABBIX_WWW_ROOT="/usr/share/zabbix"
 
 LABEL org.opencontainers.image.authors="Alexey Pustovalov <alexey.pustovalov@zabbix.com>" \
       org.opencontainers.image.description="Zabbix web-interface based on Apache2 web server with PostgreSQL database support" \
@@ -28,7 +29,7 @@ LABEL org.opencontainers.image.authors="Alexey Pustovalov <alexey.pustovalov@zab
 
 STOPSIGNAL SIGTERM
 
-COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}/ui", "/usr/share/zabbix"]
+COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}/ui", "${ZABBIX_WWW_ROOT}"]
 COPY ["conf/etc/", "/etc/"]
 
 RUN --mount=type=cache,target=/var/cache/apt/,sharing=locked \
@@ -37,22 +38,25 @@ RUN --mount=type=cache,target=/var/cache/apt/,sharing=locked \
     echo "#!/bin/sh\nexit 101" > /usr/sbin/policy-rc.d && \
     INSTALL_PKGS="bash \
             tzdata \
-            apache2 \
             curl \
-            libapache2-mod-php \
             ca-certificates \
+            apache2 \ 
             locales \
             libldap-common \
             php8.3-bcmath \
             php8.3-curl \
+            php8.3-fpm \
             php8.3-gd \
             php8.3-ldap \
             php8.3-mbstring \
             php8.3-xml \
             php8.3-pgsql \
-            postgresql-client" && \
+            postgresql-client \
+            supervisor" && \
     apt-get -y update && \
     DEBIAN_FRONTEND=noninteractive apt-get -y \
+            -o Dpkg::Options::="--force-confdef" \
+            -o Dpkg::Options::="--force-confold" \
             --no-install-recommends install \
         ${INSTALL_PKGS} && \
     groupadd \
@@ -70,50 +74,45 @@ RUN --mount=type=cache,target=/var/cache/apt/,sharing=locked \
     mkdir -p ${ZABBIX_CONF_DIR} && \
     mkdir -p ${ZABBIX_CONF_DIR}/web && \
     mkdir -p ${ZABBIX_CONF_DIR}/web/certs && \
+    mkdir -p /var/lib/php/session && \
+    find /etc/ -name '*.dpkg-dist' | xargs rm -f && \
     rm -f /etc/apache2/sites-available/* && \
     rm -f /etc/apache2/sites-enabled/* && \
-    /usr/sbin/a2enmod ssl && \
-    sed -ri \
-            -e 's!^(\s*CustomLog)\s+\S+!\1 /proc/self/fd/1!g' \
-            -e 's!^(\s*ErrorLog)\s+\S+!\1 /proc/self/fd/2!g' \
-        "/etc/apache2/apache2.conf" && \
-    sed -ri \
-            -e 's!^(\s*CustomLog)\s+\S+!\1 /proc/self/fd/1!g' \
-            -e 's!^(\s*ErrorLog)\s+\S+!\1 /proc/self/fd/2!g' \
-        "/etc/apache2/conf-available/other-vhosts-access-log.conf" && \
-    sed -i 's/Listen 80/Listen 8080/g' /etc/apache2/ports.conf && \
-    sed -i 's/Listen 443/Listen 8443/g' /etc/apache2/ports.conf && \
-    sed -i 's|/var/run/apache2$SUFFIX|/tmp|g' /etc/apache2/envvars && \
-    rm -f /var/run/apache2/apache2.pid && \
-    cd /usr/share/zabbix/ && \
+    rm -f /etc/php/8.3/fpm/pool.d/www.conf && \
+    rm -f /var/run/apache2/ && \
+    cd ${ZABBIX_WWW_ROOT}/ && \
     rm -f conf/zabbix.conf.php conf/maintenance.inc.php conf/zabbix.conf.php.example && \
     rm -rf tests && \
     rm -f locale/add_new_language.sh locale/update_po.sh locale/make_mo.sh && \
-    find /usr/share/zabbix/locale -name '*.po' | xargs rm -f && \
-    find /usr/share/zabbix/locale -name '*.sh' | xargs rm -f && \
-    ln -s "${ZABBIX_CONF_DIR}/web/zabbix.conf.php" "/usr/share/zabbix/conf/zabbix.conf.php" && \
-    ln -s "${ZABBIX_CONF_DIR}/web/maintenance.inc.php" "/usr/share/zabbix/conf/maintenance.inc.php" && \
+    find ${ZABBIX_WWW_ROOT}/locale -name '*.po' | xargs rm -f && \
+    find ${ZABBIX_WWW_ROOT}/locale -name '*.sh' | xargs rm -f && \
+    ln -s "${ZABBIX_CONF_DIR}/web/zabbix.conf.php" "${ZABBIX_WWW_ROOT}/conf/zabbix.conf.php" && \
+    ln -s "${ZABBIX_CONF_DIR}/web/maintenance.inc.php" "${ZABBIX_WWW_ROOT}/conf/maintenance.inc.php" && \
     mkdir -p /var/lib/locales/supported.d/ && \
     rm -f /var/lib/locales/supported.d/local && \
-    cat /usr/share/zabbix/include/locales.inc.php | grep display | grep true | awk '{$1=$1};1' | \
+    cat ${ZABBIX_WWW_ROOT}/include/locales.inc.php | grep display | grep true | awk '{$1=$1};1' | \
         cut -d"'" -f 2 | sort | \
         xargs -I '{}' bash -c 'echo "{}.UTF-8 UTF-8" >> /var/lib/locales/supported.d/local' && \
     dpkg-reconfigure locales && \
-    chown --quiet -R zabbix:root ${ZABBIX_CONF_DIR}/ /usr/share/zabbix/include/defines.inc.php /usr/share/zabbix/modules/ && \
-    chgrp -R 0 ${ZABBIX_CONF_DIR}/ /usr/share/zabbix/include/defines.inc.php /usr/share/zabbix/modules/ && \
-    chmod -R g=u ${ZABBIX_CONF_DIR}/ /usr/share/zabbix/include/defines.inc.php /usr/share/zabbix/modules/ && \
-    chown --quiet -R zabbix:root /etc/apache2/ /etc/php/8.3/ && \
-    chgrp -R 0 /etc/apache2/ /etc/php/8.3/ && \
-    chmod -R g=u /etc/apache2/ /etc/php/8.3/
+    chown --quiet -R zabbix:root ${ZABBIX_CONF_DIR}/ ${ZABBIX_WWW_ROOT}/include/defines.inc.php ${ZABBIX_WWW_ROOT}/modules/ && \
+    chgrp -R 0 ${ZABBIX_CONF_DIR}/ ${ZABBIX_WWW_ROOT}/include/defines.inc.php ${ZABBIX_WWW_ROOT}/modules/ && \
+    chmod -R g=u ${ZABBIX_CONF_DIR}/ ${ZABBIX_WWW_ROOT}/include/defines.inc.php ${ZABBIX_WWW_ROOT}/modules/ && \
+    chown --quiet -R zabbix:root /etc/apache2/ /etc/php/8.3/fpm/ && \
+    chgrp -R 0 /etc/apache2/ /etc/php/8.3/fpm/ && \
+    chmod -R g=u /etc/apache2/ /etc/php/8.3/fpm/ && \
+    chown --quiet -R zabbix:root /var/lib/php/session/ && \
+    chgrp -R 0 /var/lib/php/session/ && \
+    chmod -R g=u /var/lib/php/session/
+
+HEALTHCHECK --interval=1m30s --timeout=3s --retries=3 --start-period=40s --start-interval=5s \
+    CMD curl -f http://localhost:8080/ping || exit 1
 
 EXPOSE 8080/TCP 8443/TCP
 
-WORKDIR /usr/share/zabbix
+WORKDIR ${ZABBIX_WWW_ROOT}
 
 COPY ["docker-entrypoint.sh", "/usr/bin/"]
 
 USER 1997
 
 ENTRYPOINT ["docker-entrypoint.sh"]
-
-CMD ["/usr/sbin/apache2ctl", "-D", "FOREGROUND"]
diff --git a/Dockerfiles/web-apache-pgsql/ubuntu/conf/etc/apache2/apache2.conf b/Dockerfiles/web-apache-pgsql/ubuntu/conf/etc/apache2/apache2.conf
new file mode 100644
index 0000000000..2cf9de5361
--- /dev/null
+++ b/Dockerfiles/web-apache-pgsql/ubuntu/conf/etc/apache2/apache2.conf
@@ -0,0 +1,75 @@
+ServerRoot /etc/apache2/
+ServerRoot /var/www
+DefaultRuntimeDir /tmp/apache2/
+PidFile /tmp/apache2.pid
+
+ServerName 127.0.0.1
+
+IncludeOptional /etc/apache2/includes.conf
+
+Timeout 300
+KeepAlive On
+MaxKeepAliveRequests 100
+KeepAliveTimeout 5
+
+<IfModule unixd_module>
+    User ${APACHE_RUN_USER}
+    Group ${APACHE_RUN_GROUP}
+</IfModule>
+
+HostnameLookups Off
+
+LogLevel warn
+
+<IfModule log_config_module>
+    SetEnvIf Request_URI "^/(robots\.txt|favicon\.ico|status|ping|apache-status)$" exclude_from_logs
+
+    LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
+    LogFormat "%v:%p %h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" vhost_combined
+    LogFormat "%h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" combined
+    LogFormat "%h %l %u %t \"%r\" %>s %O" common
+    LogFormat "%{Referer}i -> %U" referer
+    LogFormat "%{User-agent}i" agent
+
+    CustomLog ${APACHE_CUSTOM_LOG} vhost_combined env=!exclude_from_logs
+</IfModule>
+
+ErrorLog /proc/self/fd/2
+
+LogLevel warn
+
+<IfModule mpm_event_module>
+    StartServers            2
+    MinSpareThreads         25
+    MaxSpareThreads         75
+    ThreadLimit             64
+    ThreadsPerChild         25
+    MaxRequestWorkers       150
+    MaxConnectionsPerChild  0
+</IfModule>
+
+# Deny all attempts to access hidden files such as .htaccess, .htpasswd, .DS_Store (Mac).
+<FilesMatch "^\.">
+    Require all denied
+</FilesMatch>
+
+ServerTokens ${APACHE_SERVER_TOKENS}
+
+ServerSignature ${APACHE_SERVER_SIGNATURE}
+
+TraceEnable Off
+
+AddDefaultCharset UTF-8
+
+<IfModule status_module>
+    <Location /apache-status>
+        SetHandler server-status
+        Require local
+    </Location>
+
+    ExtendedStatus On
+
+    <IfModule mod_proxy.c>
+        ProxyStatus On
+    </IfModule>
+</IfModule>
diff --git a/Dockerfiles/web-apache-pgsql/ubuntu/conf/etc/apache2/includes.conf b/Dockerfiles/web-apache-pgsql/ubuntu/conf/etc/apache2/includes.conf
new file mode 100644
index 0000000000..f6d7bdec12
--- /dev/null
+++ b/Dockerfiles/web-apache-pgsql/ubuntu/conf/etc/apache2/includes.conf
@@ -0,0 +1,8 @@
+IncludeOptional /etc/apache2/modules.conf
+
+IncludeOptional mods-enabled/mime.conf
+IncludeOptional mods-enabled/negotiation.conf
+IncludeOptional mods-enabled/reqtimeout.conf
+IncludeOptional mods-enabled/setenvif.conf
+
+IncludeOptional sites-enabled/*.conf
diff --git a/Dockerfiles/web-apache-pgsql/ubuntu/conf/etc/apache2/modules.conf b/Dockerfiles/web-apache-pgsql/ubuntu/conf/etc/apache2/modules.conf
new file mode 100644
index 0000000000..8151e37b1d
--- /dev/null
+++ b/Dockerfiles/web-apache-pgsql/ubuntu/conf/etc/apache2/modules.conf
@@ -0,0 +1,21 @@
+LoadModule access_compat_module /usr/lib/apache2/modules/mod_access_compat.so
+LoadModule auth_basic_module /usr/lib/apache2/modules/mod_auth_basic.so
+LoadModule authn_core_module /usr/lib/apache2/modules/mod_authn_core.so
+LoadModule authn_file_module /usr/lib/apache2/modules/mod_authn_file.so
+LoadModule authz_core_module /usr/lib/apache2/modules/mod_authz_core.so
+LoadModule authz_host_module /usr/lib/apache2/modules/mod_authz_host.so
+LoadModule authz_user_module /usr/lib/apache2/modules/mod_authz_user.so
+LoadModule dir_module /usr/lib/apache2/modules/mod_dir.so
+LoadModule env_module /usr/lib/apache2/modules/mod_env.so
+LoadModule filter_module /usr/lib/apache2/modules/mod_filter.so
+LoadModule mime_module /usr/lib/apache2/modules/mod_mime.so
+LoadModule mpm_event_module /usr/lib/apache2/modules/mod_mpm_event.so
+LoadModule negotiation_module /usr/lib/apache2/modules/mod_negotiation.so
+LoadModule reqtimeout_module /usr/lib/apache2/modules/mod_reqtimeout.so
+LoadModule setenvif_module /usr/lib/apache2/modules/mod_setenvif.so
+LoadModule status_module /usr/lib/apache2/modules/mod_status.so
+
+LoadModule proxy_module /usr/lib/apache2/modules/mod_proxy.so
+LoadModule proxy_fcgi_module /usr/lib/apache2/modules/mod_proxy_fcgi.so
+LoadModule expires_module /usr/lib/apache2/modules/mod_expires.so
+LoadModule headers_module /usr/lib/apache2/modules/mod_headers.so
diff --git a/Dockerfiles/web-apache-pgsql/ubuntu/conf/etc/php/8.3/apache2/conf.d/99-zabbix.ini b/Dockerfiles/web-apache-pgsql/ubuntu/conf/etc/php/8.3/apache2/conf.d/99-zabbix.ini
deleted file mode 100644
index e180720b92..0000000000
--- a/Dockerfiles/web-apache-pgsql/ubuntu/conf/etc/php/8.3/apache2/conf.d/99-zabbix.ini
+++ /dev/null
@@ -1,10 +0,0 @@
-max_execution_time = ${ZBX_MAXEXECUTIONTIME}
-memory_limit = ${ZBX_MEMORYLIMIT}
-post_max_size = ${ZBX_POSTMAXSIZE}
-upload_max_filesize = ${ZBX_UPLOADMAXFILESIZE}
-max_input_time = ${ZBX_MAXINPUTTIME}
-; always_populate_raw_post_data=-1
-max_input_vars = 10000
-date.timezone = ${PHP_TZ}
-; https://www.php.net/manual/en/security.hiding.php
-expose_php = ${EXPOSE_WEB_SERVER_INFO}
diff --git a/Dockerfiles/web-apache-pgsql/ubuntu/conf/etc/php/8.3/fpm/php-fpm.conf b/Dockerfiles/web-apache-pgsql/ubuntu/conf/etc/php/8.3/fpm/php-fpm.conf
new file mode 100644
index 0000000000..5311405bf4
--- /dev/null
+++ b/Dockerfiles/web-apache-pgsql/ubuntu/conf/etc/php/8.3/fpm/php-fpm.conf
@@ -0,0 +1,10 @@
+include=/etc/php/8.3/fpm/pool.d/*.conf
+
+[global]
+
+pid = /tmp/php-fpm.pid
+
+error_log = /dev/fd/2
+log_level = notice
+
+daemonize = no
diff --git a/Dockerfiles/web-apache-pgsql/ubuntu/conf/etc/php/8.3/fpm/pool.d/zabbix.conf b/Dockerfiles/web-apache-pgsql/ubuntu/conf/etc/php/8.3/fpm/pool.d/zabbix.conf
new file mode 100644
index 0000000000..66c3c1252c
--- /dev/null
+++ b/Dockerfiles/web-apache-pgsql/ubuntu/conf/etc/php/8.3/fpm/pool.d/zabbix.conf
@@ -0,0 +1,36 @@
+[zabbix]
+
+; https://www.php.net/manual/en/security.hiding.php
+php_value[expose_php] = ${EXPOSE_WEB_SERVER_INFO}
+
+listen = /tmp/php-fpm.sock
+
+clear_env = no
+
+pm = ${PHP_FPM_PM}
+pm.max_children = ${PHP_FPM_PM_MAX_CHILDREN}
+pm.start_servers = ${PHP_FPM_PM_START_SERVERS}
+pm.min_spare_servers = ${PHP_FPM_PM_MIN_SPARE_SERVERS}
+pm.max_spare_servers = ${PHP_FPM_PM_MAX_SPARE_SERVERS}
+pm.max_requests = ${PHP_FPM_PM_MAX_REQUESTS}
+
+slowlog = /dev/fd/1
+
+php_admin_value[error_log] = /dev/fd/2
+php_admin_flag[log_errors] = on
+catch_workers_output = yes
+
+php_value[session.save_handler] = files
+php_value[session.save_path]    = /var/lib/php/session
+
+php_value[max_execution_time] = ${ZBX_MAXEXECUTIONTIME}
+php_value[memory_limit] = ${ZBX_MEMORYLIMIT}
+php_value[post_max_size] = ${ZBX_POSTMAXSIZE}
+php_value[upload_max_filesize] = ${ZBX_UPLOADMAXFILESIZE}
+php_value[max_input_time] = ${ZBX_MAXINPUTTIME}
+php_value[max_input_vars] = 10000
+php_value[date.timezone] = ${PHP_TZ}
+
+; PHP-FPM monitoring
+pm.status_path = /status
+ping.path = /ping
diff --git a/Dockerfiles/web-apache-pgsql/ubuntu/conf/etc/supervisor/conf.d/supervisord_zabbix.conf b/Dockerfiles/web-apache-pgsql/ubuntu/conf/etc/supervisor/conf.d/supervisord_zabbix.conf
new file mode 100644
index 0000000000..04c8578fbe
--- /dev/null
+++ b/Dockerfiles/web-apache-pgsql/ubuntu/conf/etc/supervisor/conf.d/supervisord_zabbix.conf
@@ -0,0 +1,30 @@
+[supervisord]
+nodaemon = true
+
+[program:apache2]
+command = /usr/sbin/%(program_name)s -D FOREGROUND
+auto_start = true
+autorestart = true
+
+startsecs=2
+startretries=3
+stopsignal=TERM
+stopwaitsecs=2
+
+redirect_stderr=true
+stdout_logfile = /dev/stdout
+stdout_logfile_maxbytes = 0
+
+[program:php-fpm8.3]
+command = /usr/sbin/%(program_name)s -F -y /etc/php/8.3/fpm/php-fpm.conf
+auto_start = true
+autorestart = true
+
+startsecs=2
+startretries=3
+stopsignal=TERM
+stopwaitsecs=2
+
+redirect_stderr=true
+stdout_logfile = /dev/stdout
+stdout_logfile_maxbytes = 0
diff --git a/Dockerfiles/web-apache-pgsql/ubuntu/conf/etc/supervisor/supervisord.conf b/Dockerfiles/web-apache-pgsql/ubuntu/conf/etc/supervisor/supervisord.conf
new file mode 100644
index 0000000000..f8d80e461b
--- /dev/null
+++ b/Dockerfiles/web-apache-pgsql/ubuntu/conf/etc/supervisor/supervisord.conf
@@ -0,0 +1,35 @@
+; supervisor config file
+
+[unix_http_server]
+file = /tmp/supervisor.sock        ; (the path to the socket file)
+chmod = 0700                       ; sockef file mode (default 0700)
+username = zbx
+password = password
+
+[supervisord]
+logfile = /dev/stdout                        ; (main log file;default $CWD/supervisord.log)
+pidfile = /tmp/supervisord.pid               ; (supervisord pidfile;default supervisord.pid)
+childlogdir = /tmp                           ; ('AUTO' child log dir, default $TEMP)
+critical = critical
+;user = zabbix
+logfile_maxbytes = 0
+logfile_backupcount = 0
+loglevel = info
+
+; the below section must remain in the config file for RPC
+; (supervisorctl/web interface) to work, additional interfaces may be
+; added by defining them in separate rpcinterface: sections
+[rpcinterface:supervisor]
+supervisor.rpcinterface_factory = supervisor.rpcinterface:make_main_rpcinterface
+
+[supervisorctl]
+serverurl = unix:///tmp/supervisor.sock ; use a unix:// URL  for a unix socket
+
+; The [include] section can just contain the "files" setting.  This
+; setting can list multiple files (separated by whitespace or
+; newlines).  It can also contain wildcards.  The filenames are
+; interpreted as relative to this file.  Included files *cannot*
+; include files themselves.
+
+[include]
+files = /etc/supervisor/conf.d/*.conf
diff --git a/Dockerfiles/web-apache-pgsql/ubuntu/conf/etc/zabbix/apache.conf b/Dockerfiles/web-apache-pgsql/ubuntu/conf/etc/zabbix/apache.conf
index b32e8167fe..f0a69becdd 100644
--- a/Dockerfiles/web-apache-pgsql/ubuntu/conf/etc/zabbix/apache.conf
+++ b/Dockerfiles/web-apache-pgsql/ubuntu/conf/etc/zabbix/apache.conf
@@ -1,14 +1,44 @@
+Listen 8080
+
 <VirtualHost *:8080>
     DocumentRoot /usr/share/zabbix/
+
     ServerName zabbix
-    DirectoryIndex {HTTP_INDEX_FILE}
+
+    DirectoryIndex ${HTTP_INDEX_FILE}
+
     AddType application/x-httpd-php .php .php3 .php4 .php5 .phtml
     AddType application/x-httpd-php-source .phps
 
+    SetEnvIfNoCase ^Authorization$ "(.+)" HTTP_AUTHORIZATION=$1
+
+    <LocationMatch "/(ping|status)">
+        Order Allow,Deny
+        Allow from all
+
+        SetHandler "proxy:unix:/tmp/php-fpm.sock|fcgi://localhost"
+    </LocationMatch>
+
     <Directory "/usr/share/zabbix">
         Options FollowSymLinks
         AllowOverride None
         Require all granted
+
+        <FilesMatch \.(php|phar)$>
+            SetHandler "proxy:unix:/tmp/php-fpm.sock|fcgi://localhost"
+        </FilesMatch>
+
+        <filesMatch "\.(ico)$">
+            ExpiresActive On
+            ExpiresDefault "access plus 1 year"
+            Header append Cache-Control "public"
+        </filesMatch>
+
+        <filesMatch "\.(js|css|png|jpg|jpeg|gif|xml|txt)$">
+            ExpiresActive On
+            ExpiresDefault "access plus 14 day"
+            Header append Cache-Control "public"
+        </filesMatch>
     </Directory>
 
     <Directory "/usr/share/zabbix/conf">
diff --git a/Dockerfiles/web-apache-pgsql/ubuntu/conf/etc/zabbix/apache_ssl.conf b/Dockerfiles/web-apache-pgsql/ubuntu/conf/etc/zabbix/apache_ssl.conf
index a26afff0a1..b46e7f800d 100644
--- a/Dockerfiles/web-apache-pgsql/ubuntu/conf/etc/zabbix/apache_ssl.conf
+++ b/Dockerfiles/web-apache-pgsql/ubuntu/conf/etc/zabbix/apache_ssl.conf
@@ -1,87 +1,113 @@
 LoadModule ssl_module /usr/lib/apache2/modules/mod_ssl.so
 LoadModule socache_shmcb_module /usr/lib/apache2/modules/mod_socache_shmcb.so
-LoadModule headers_module /usr/lib/apache2/modules/mod_headers.so
-
-<IfModule mod_ssl.c>
-    <VirtualHost *:8443>
-        DocumentRoot /usr/share/zabbix/
-        ServerName zabbix
-        DirectoryIndex {HTTP_INDEX_FILE}
-
-        AddType application/x-httpd-php .php .php3 .php4 .php5 .phtml
-        AddType application/x-httpd-php-source .phps
-
-        # Enable/Disable SSL for this virtual host.
-        SSLEngine on
-
-        # intermediate configuration
-        SSLProtocol             -all +TLSv1.2 +TLSv1.3
-        SSLCipherSuite          ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305
-        SSLHonorCipherOrder     off
-        SSLSessionTickets       off
-
-        SSLCertificateFile /etc/ssl/apache2/ssl.crt
-        SSLCertificateKeyFile /etc/ssl/apache2/ssl.key
-        # SSLCACertificatePath /etc/ssl/apache2/chain/
-
-        # enable HTTP/2, if available
-        Protocols h2 http/1.1
-
-        # HTTP Strict Transport Security (mod_headers is required) (63072000 seconds)
-        Header always set Strict-Transport-Security "max-age=63072000"
-
-        <Directory "/usr/share/zabbix">
-            Options FollowSymLinks
-            AllowOverride None
-            Require all granted
-        </Directory>
-
-        <Directory "/usr/share/zabbix/conf">
-            Require all denied
-            <files *.php>
-                Order deny,allow
-                Deny from all
-            </files>
-        </Directory>
-
-        <Directory "/usr/share/zabbix/app">
-            Require all denied
-            <files *.php>
-                Order deny,allow
-                Deny from all
-            </files>
-        </Directory>
-
-        <Directory "/usr/share/zabbix/include">
-            Require all denied
-            <files *.php>
-                Order deny,allow
-                Deny from all
-            </files>
-        </Directory>
-
-        <Directory "/usr/share/zabbix/local">
-            Require all denied
-            <files *.php>
-                Order deny,allow
-                Deny from all
-            </files>
-        </Directory>
-
-        <Directory "/usr/share/zabbix/locale">
-            Require all denied
-            <files *.php>
-                Order deny,allow
-                Deny from all
-            </files>
-        </Directory>
-
-        <Directory "/usr/share/zabbix/vendor">
-            Require all denied
-            <files *.php>
-                Order deny,allow
-                Deny from all
-            </files>
-        </Directory>
-    </VirtualHost>
-</IfModule>
+
+Listen 8443
+
+<VirtualHost *:8443>
+    DocumentRoot /usr/share/zabbix/
+
+    ServerName zabbix
+
+    DirectoryIndex ${HTTP_INDEX_FILE}
+
+    AddType application/x-httpd-php .php .php3 .php4 .php5 .phtml
+    AddType application/x-httpd-php-source .phps
+
+    SetEnvIfNoCase ^Authorization$ "(.+)" HTTP_AUTHORIZATION=$1
+
+    # Enable/Disable SSL for this virtual host.
+    SSLEngine on
+
+    # intermediate configuration
+    SSLProtocol             -all +TLSv1.2 +TLSv1.3
+    SSLCipherSuite          ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305
+    SSLHonorCipherOrder     off
+    SSLSessionTickets       off
+
+    SSLCertificateFile /etc/ssl/apache2/ssl.crt
+    SSLCertificateKeyFile /etc/ssl/apache2/ssl.key
+    # SSLCACertificatePath /etc/ssl/apache2/chain/
+
+    # enable HTTP/2, if available
+    Protocols h2 http/1.1
+
+    # HTTP Strict Transport Security (mod_headers is required) (63072000 seconds)
+    Header always set Strict-Transport-Security "max-age=63072000"
+
+    <LocationMatch "/(ping|status)">
+        Order Allow,Deny
+        Allow from all
+
+        SetHandler "proxy:unix:/tmp/php-fpm.sock|fcgi://localhost"
+    </LocationMatch>
+
+    <Directory "/usr/share/zabbix">
+        Options FollowSymLinks
+        AllowOverride None
+        Require all granted
+
+        <FilesMatch \.(php|phar)$>
+            SetHandler "proxy:unix:/tmp/php-fpm.sock|fcgi://localhost"
+        </FilesMatch>
+
+        <filesMatch "\.(ico)$">
+            ExpiresActive On
+            ExpiresDefault "access plus 1 year"
+            Header append Cache-Control "public"
+        </filesMatch>
+
+        <filesMatch "\.(js|css|png|jpg|jpeg|gif|xml|txt)$">
+            ExpiresActive On
+            ExpiresDefault "access plus 14 day"
+            Header append Cache-Control "public"
+        </filesMatch>
+    </Directory>
+
+    <Directory "/usr/share/zabbix/conf">
+        Require all denied
+        <files *.php>
+            Order deny,allow
+            Deny from all
+        </files>
+    </Directory>
+
+    <Directory "/usr/share/zabbix/app">
+        Require all denied
+        <files *.php>
+            Order deny,allow
+            Deny from all
+        </files>
+    </Directory>
+
+    <Directory "/usr/share/zabbix/include">
+        Require all denied
+        <files *.php>
+            Order deny,allow
+            Deny from all
+        </files>
+    </Directory>
+
+    <Directory "/usr/share/zabbix/local">
+        Require all denied
+        <files *.php>
+            Order deny,allow
+            Deny from all
+        </files>
+    </Directory>
+
+    <Directory "/usr/share/zabbix/locale">
+        Require all denied
+        <files *.php>
+            Order deny,allow
+            Deny from all
+        </files>
+    </Directory>
+
+    <Directory "/usr/share/zabbix/vendor">
+        Require all denied
+        <files *.php>
+            Order deny,allow
+            Deny from all
+        </files>
+    </Directory>
+</VirtualHost>
diff --git a/Dockerfiles/web-apache-pgsql/ubuntu/docker-entrypoint.sh b/Dockerfiles/web-apache-pgsql/ubuntu/docker-entrypoint.sh
index 1ef14e8eb9..8ecd6ba78e 100755
--- a/Dockerfiles/web-apache-pgsql/ubuntu/docker-entrypoint.sh
+++ b/Dockerfiles/web-apache-pgsql/ubuntu/docker-entrypoint.sh
@@ -18,13 +18,19 @@ fi
 # Default timezone for web interface
 : ${PHP_TZ:="Europe/Riga"}
 
+# Default user settings
+: ${DAEMON_USER:="www-data"}
+: ${DAEMON_GROUP:="www-data"}
+
 # Default directories
-# Web interface www-root directory
-ZABBIX_WWW_ROOT="/usr/share/zabbix"
 # Apache main configuration file
 HTTPD_CONF_FILE="/etc/apache2/apache2.conf"
-# Apache security configuration file
-HTTPD_SECURITY_CONF_FILE="/etc/apache2/conf-enabled/security.conf"
+# Apache additional configuration files directory
+APACHE_SITES_DIR="/etc/apache2/sites-enabled"
+# Directory with SSL certificate files for Apache
+APACHE_SSL_CONFIG_DIR="/etc/ssl/apache2"
+# PHP-FPM configuration file
+PHP_CONFIG_FILE="/etc/php/8.3/fpm/pool.d/zabbix.conf"
 
 # usage: file_env VAR [DEFAULT]
 # as example: file_env 'MYSQL_PASSWORD' 'zabbix'
@@ -132,9 +138,12 @@ check_db_connect() {
 }
 
 prepare_web_server() {
-    APACHE_SITES_DIR="/etc/apache2/sites-enabled"
-
-    ln -sfT "$ZABBIX_CONF_DIR/apache_envvars" "/etc/apache2/envvars"
+    if [ "$(id -u)" == '0' ]; then
+        export APACHE_RUN_USER=${DAEMON_USER}
+    else
+        export APACHE_RUN_USER=$(id -n -u)
+    fi
+    export APACHE_RUN_GROUP=${DAEMON_GROUP}
 
     echo "** Adding Zabbix virtual host (HTTP)"
     if [ -f "$ZABBIX_CONF_DIR/apache.conf" ]; then
@@ -143,7 +152,7 @@ prepare_web_server() {
         echo "**** Impossible to enable HTTP virtual host"
     fi
 
-    if [ -f "/etc/ssl/apache2/ssl.crt" ] && [ -f "/etc/ssl/apache2/ssl.key" ]; then
+    if [ -f "$APACHE_SSL_CONFIG_DIR/ssl.crt" ] && [ -f "$APACHE_SSL_CONFIG_DIR/ssl.key" ]; then
         echo "** Adding Zabbix virtual host (HTTPS)"
         if [ -f "$ZABBIX_CONF_DIR/apache_ssl.conf" ]; then
             ln -sfT "$ZABBIX_CONF_DIR/apache_ssl.conf" "$APACHE_SITES_DIR/zabbix_ssl.conf"
@@ -153,14 +162,42 @@ prepare_web_server() {
     else
         echo "**** Impossible to enable SSL support for Apache2. Certificates are missed."
     fi
-}
 
-clear_deploy() {
-    echo "** Cleaning the system"
+    export HTTP_INDEX_FILE=${HTTP_INDEX_FILE:="index.php"}
+
+    : ${ENABLE_WEB_ACCESS_LOG:="true"}
+    export APACHE_CUSTOM_LOG="/proc/self/fd/1"
+    if [ "${ENABLE_WEB_ACCESS_LOG,,}" == "false" ]; then
+        export APACHE_CUSTOM_LOG="/dev/null"
+    fi
+
+    : ${EXPOSE_WEB_SERVER_INFO:="on"}
+    export APACHE_SERVER_TOKENS="OS"
+    export APACHE_SERVER_SIGNATURE="On"
+    if [ "${EXPOSE_WEB_SERVER_INFO}" == "off" ]; then
+        export APACHE_SERVER_TOKENS="Prod"
+        export APACHE_SERVER_SIGNATURE="Off"
+    fi
+
+    mkdir -p /tmp/httpd
 }
 
-prepare_zbx_web_config() {
-    echo "** Preparing Zabbix frontend configuration file"
+prepare_zbx_php_config() {
+    echo "** Preparing PHP configuration"
+
+    export PHP_FPM_PM=${PHP_FPM_PM:-"dynamic"}
+    export PHP_FPM_PM_MAX_CHILDREN=${PHP_FPM_PM_MAX_CHILDREN:-"50"}
+    export PHP_FPM_PM_START_SERVERS=${PHP_FPM_PM_START_SERVERS:-"5"}
+    export PHP_FPM_PM_MIN_SPARE_SERVERS=${PHP_FPM_PM_MIN_SPARE_SERVERS:-"5"}
+    export PHP_FPM_PM_MAX_SPARE_SERVERS=${PHP_FPM_PM_MAX_SPARE_SERVERS:-"35"}
+    export PHP_FPM_PM_MAX_REQUESTS=${PHP_FPM_PM_MAX_REQUESTS:-"0"}
+
+    if [ "$(id -u)" == '0' ]; then
+        echo "user = ${DAEMON_USER}" >> "$PHP_CONFIG_FILE"
+        echo "group = ${DAEMON_GROUP}" >> "$PHP_CONFIG_FILE"
+        echo "listen.owner = ${DAEMON_USER}" >> "$PHP_CONFIG_FILE"
+        echo "listen.group = ${DAEMON_GROUP}" >> "$PHP_CONFIG_FILE"
+    fi
 
     : ${ZBX_DENY_GUI_ACCESS:="false"}
     export ZBX_DENY_GUI_ACCESS=${ZBX_DENY_GUI_ACCESS,,}
@@ -213,48 +250,14 @@ prepare_zbx_web_config() {
 
     : ${ZBX_ALLOW_HTTP_AUTH:="true"}
     export ZBX_ALLOW_HTTP_AUTH=${ZBX_ALLOW_HTTP_AUTH}
+}
 
+prepare_zbx_config() {
     if [ -n "${ZBX_SESSION_NAME}" ]; then
         cp "$ZABBIX_WWW_ROOT/include/defines.inc.php" "/tmp/defines.inc.php_tmp"
         sed "/ZBX_SESSION_NAME/s/'[^']*'/'${ZBX_SESSION_NAME}'/2" "/tmp/defines.inc.php_tmp" > "$ZABBIX_WWW_ROOT/include/defines.inc.php"
         rm -f "/tmp/defines.inc.php_tmp"
     fi
-
-    : ${HTTP_INDEX_FILE:="index.php"}
-    sed -i \
-        -e "s/{HTTP_INDEX_FILE}/${HTTP_INDEX_FILE}/g" \
-    "$ZABBIX_CONF_DIR/apache.conf"
-
-    if [ -f "$ZABBIX_CONF_DIR/apache_ssl.conf" ]; then
-        sed -i \
-            -e "s/{HTTP_INDEX_FILE}/${HTTP_INDEX_FILE}/g" \
-        "$ZABBIX_CONF_DIR/apache_ssl.conf"
-    fi
-
-    : ${ENABLE_WEB_ACCESS_LOG:="true"}
-
-    if [ "${ENABLE_WEB_ACCESS_LOG,,}" == "false" ]; then
-        sed -ri \
-            -e 's!^(\s*CustomLog)\s+\S+!\1 /dev/null!g' \
-            "$HTTPD_CONF_FILE"
-        sed -ri \
-            -e 's!^(\s*CustomLog)\s+\S+!\1 /dev/null!g' \
-            "/etc/apache2/conf-available/other-vhosts-access-log.conf"
-    fi
-
-    : ${EXPOSE_WEB_SERVER_INFO:="on"}
-    [[ "${EXPOSE_WEB_SERVER_INFO}" != "off" ]] && EXPOSE_WEB_SERVER_INFO="on"
-    export EXPOSE_WEB_SERVER_INFO=${EXPOSE_WEB_SERVER_INFO}
-
-    if [ "${EXPOSE_WEB_SERVER_INFO}" == "off" ]; then
-        sed -i \
-            -e "s/^\(\s*ServerTokens\).*\$/\1 Prod/g" \
-        "$HTTPD_SECURITY_CONF_FILE"
-    fi
-
-    sed -i \
-        -e "s/^\(\s*ServerSignature\).*\$/\1 ${EXPOSE_WEB_SERVER_INFO}/g" \
-    "$HTTPD_SECURITY_CONF_FILE"
 }
 
 #################################################
@@ -263,17 +266,18 @@ echo "** Deploying Zabbix web-interface (Apache) with PostgreSQL database"
 
 check_variables
 check_db_connect
+prepare_zbx_php_config
 prepare_web_server
-prepare_zbx_web_config
+prepare_zbx_config
 
 echo "########################################################"
 
 if [ "$1" != "" ]; then
     echo "** Executing '$@'"
     exec "$@"
-elif [ -f "/usr/sbin/httpd" ]; then
-    echo "** Executing HTTPD"
-    exec /usr/sbin/httpd -D FOREGROUND
+elif [ -f "/usr/bin/supervisord" ]; then
+    echo "** Executing supervisord"
+    exec /usr/bin/supervisord -c /etc/supervisor/supervisord.conf
 else
     echo "Unknown instructions. Exiting..."
     exit 1
diff --git a/Dockerfiles/web-nginx-mysql/alpine/Dockerfile b/Dockerfiles/web-nginx-mysql/alpine/Dockerfile
index 6f4ae56302..c046b682d9 100644
--- a/Dockerfiles/web-nginx-mysql/alpine/Dockerfile
+++ b/Dockerfiles/web-nginx-mysql/alpine/Dockerfile
@@ -14,7 +14,8 @@ ARG ZBX_SOURCES=https://git.zabbix.com/scm/zbx/zabbix.git
 
 ENV TERM=xterm \
     ZBX_VERSION=${ZBX_VERSION} ZBX_SOURCES=${ZBX_SOURCES} \
-    ZABBIX_CONF_DIR="/etc/zabbix"
+    ZABBIX_CONF_DIR="/etc/zabbix" \
+    ZABBIX_WWW_ROOT="/usr/share/zabbix"
 
 LABEL org.opencontainers.image.authors="Alexey Pustovalov <alexey.pustovalov@zabbix.com>" \
       org.opencontainers.image.description="Zabbix web-interface based on Nginx web server with MySQL database support" \
@@ -28,7 +29,7 @@ LABEL org.opencontainers.image.authors="Alexey Pustovalov <alexey.pustovalov@zab
 
 STOPSIGNAL SIGTERM
 
-COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}/ui", "/usr/share/zabbix"]
+COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}/ui", "${ZABBIX_WWW_ROOT}"]
 COPY ["conf/etc/", "/etc/"]
 
 RUN set -eux && \
@@ -86,17 +87,17 @@ RUN set -eux && \
     rm -f /etc/nginx/http.d/*.conf && \
     ln -sf /dev/stdout /var/log/nginx/access.log && \
     ln -sf /dev/stderr /var/log/nginx/error.log && \
-    cd /usr/share/zabbix/ && \
+    cd ${ZABBIX_WWW_ROOT}/ && \
     rm -f conf/zabbix.conf.php conf/maintenance.inc.php conf/zabbix.conf.php.example && \
     rm -rf tests && \
     rm -f locale/add_new_language.sh locale/update_po.sh locale/make_mo.sh && \
-    find /usr/share/zabbix/locale -name '*.po' | xargs rm -f && \
-    find /usr/share/zabbix/locale -name '*.sh' | xargs rm -f && \
-    ln -s "${ZABBIX_CONF_DIR}/web/zabbix.conf.php" "/usr/share/zabbix/conf/zabbix.conf.php" && \
-    ln -s "${ZABBIX_CONF_DIR}/web/maintenance.inc.php" "/usr/share/zabbix/conf/maintenance.inc.php" && \
-    chown --quiet -R zabbix:root ${ZABBIX_CONF_DIR}/ /usr/share/zabbix/include/defines.inc.php /usr/share/zabbix/modules/ && \
-    chgrp -R 0 ${ZABBIX_CONF_DIR}/ /usr/share/zabbix/include/defines.inc.php /usr/share/zabbix/modules/ && \
-    chmod -R g=u ${ZABBIX_CONF_DIR}/ /usr/share/zabbix/include/defines.inc.php /usr/share/zabbix/modules/ && \
+    find ${ZABBIX_WWW_ROOT}/locale -name '*.po' | xargs rm -f && \
+    find ${ZABBIX_WWW_ROOT}/locale -name '*.sh' | xargs rm -f && \
+    ln -s "${ZABBIX_CONF_DIR}/web/zabbix.conf.php" "${ZABBIX_WWW_ROOT}/conf/zabbix.conf.php" && \
+    ln -s "${ZABBIX_CONF_DIR}/web/maintenance.inc.php" "${ZABBIX_WWW_ROOT}/conf/maintenance.inc.php" && \
+    chown --quiet -R zabbix:root ${ZABBIX_CONF_DIR}/ ${ZABBIX_WWW_ROOT}/include/defines.inc.php ${ZABBIX_WWW_ROOT}/modules/ && \
+    chgrp -R 0 ${ZABBIX_CONF_DIR}/ ${ZABBIX_WWW_ROOT}/include/defines.inc.php ${ZABBIX_WWW_ROOT}/modules/ && \
+    chmod -R g=u ${ZABBIX_CONF_DIR}/ ${ZABBIX_WWW_ROOT}/include/defines.inc.php ${ZABBIX_WWW_ROOT}/modules/ && \
     chown --quiet -R zabbix:root /etc/nginx/ /etc/php83/php-fpm.d/ /etc/php83/php-fpm.conf && \
     chgrp -R 0 /etc/nginx/ /etc/php83/php-fpm.d/ /etc/php83/php-fpm.conf && \
     chmod -R g=u /etc/nginx/ /etc/php83/php-fpm.d/ /etc/php83/php-fpm.conf && \
@@ -104,9 +105,12 @@ RUN set -eux && \
     chgrp -R 0 /var/lib/php/session/ /var/lib/nginx/ && \
     chmod -R g=u /var/lib/php/session/ /var/lib/nginx/
 
+HEALTHCHECK --interval=1m30s --timeout=3s --retries=3 --start-period=40s --start-interval=5s \
+    CMD curl -f http://localhost:8080/ping || exit 1
+
 EXPOSE 8080/TCP 8443/TCP
 
-WORKDIR /usr/share/zabbix
+WORKDIR ${ZABBIX_WWW_ROOT}
 
 COPY ["docker-entrypoint.sh", "/usr/bin/"]
 
diff --git a/Dockerfiles/web-nginx-mysql/alpine/conf/etc/php83/php-fpm.conf b/Dockerfiles/web-nginx-mysql/alpine/conf/etc/php83/php-fpm.conf
index 2e2f3a51d6..e23aa2d905 100644
--- a/Dockerfiles/web-nginx-mysql/alpine/conf/etc/php83/php-fpm.conf
+++ b/Dockerfiles/web-nginx-mysql/alpine/conf/etc/php83/php-fpm.conf
@@ -5,5 +5,6 @@ include=/etc/php83/php-fpm.d/*.conf
 pid = /tmp/php-fpm.pid
 
 error_log = /dev/fd/2
+log_level = notice
 
 daemonize = no
diff --git a/Dockerfiles/web-nginx-mysql/alpine/conf/etc/zabbix/nginx.conf b/Dockerfiles/web-nginx-mysql/alpine/conf/etc/zabbix/nginx.conf
index f33585b149..eb9cd6c645 100644
--- a/Dockerfiles/web-nginx-mysql/alpine/conf/etc/zabbix/nginx.conf
+++ b/Dockerfiles/web-nginx-mysql/alpine/conf/etc/zabbix/nginx.conf
@@ -46,8 +46,17 @@ server {
         return 404;
     }
 
+    location = /nginx-status {
+        access_log off;
+        allow 127.0.0.1;
+        allow ::1;
+        deny all;
+        stub_status;
+    }
+
     location ~ ^/(status|ping)$ {
         access_log off;
+
         fastcgi_pass   unix:/tmp/php-fpm.sock;
 
         fastcgi_param  SCRIPT_FILENAME  $webroot$fastcgi_script_name;
diff --git a/Dockerfiles/web-nginx-mysql/alpine/docker-entrypoint.sh b/Dockerfiles/web-nginx-mysql/alpine/docker-entrypoint.sh
index 64746712d1..b8dd865320 100755
--- a/Dockerfiles/web-nginx-mysql/alpine/docker-entrypoint.sh
+++ b/Dockerfiles/web-nginx-mysql/alpine/docker-entrypoint.sh
@@ -18,14 +18,19 @@ fi
 # Default timezone for web interface
 : ${PHP_TZ:="Europe/Riga"}
 
-# Default user
+# Default user settings
 : ${DAEMON_USER:="nginx"}
+: ${DAEMON_GROUP:="nginx"}
 
 # Default directories
-# Web interface www-root directory
-ZABBIX_WWW_ROOT="/usr/share/zabbix"
 # Nginx main configuration file
 NGINX_CONF_FILE="/etc/nginx/nginx.conf"
+# Nginx virtual hosts configuration directory
+NGINX_CONFD_DIR="/etc/nginx/http.d"
+# Directory with SSL certificate files for Nginx
+NGINX_SSL_CONFIG_DIR="/etc/ssl/nginx"
+# PHP-FPM configuration file
+PHP_CONFIG_FILE="/etc/php83/php-fpm.d/zabbix.conf"
 
 # usage: file_env VAR [DEFAULT]
 # as example: file_env 'MYSQL_PASSWORD' 'zabbix'
@@ -134,12 +139,15 @@ check_db_connect() {
 }
 
 prepare_web_server() {
-    NGINX_CONFD_DIR="/etc/nginx/http.d"
-    NGINX_SSL_CONFIG="/etc/ssl/nginx"
+    if [ "$(id -u)" == '0' ]; then
+        sed -i -e "/^[#;] user/s/.*/user ${DAEMON_USER};/" "$NGINX_CONF_FILE"
+    fi
 
     if [ ! -f "/proc/net/if_inet6" ]; then
         sed -i '/listen \[::\]/d' "$ZABBIX_CONF_DIR/nginx.conf"
+        sed -i '/allow ::1/d' "$ZABBIX_CONF_DIR/nginx.conf"
         sed -i '/listen \[::\]/d' "$ZABBIX_CONF_DIR/nginx_ssl.conf"
+        sed -i '/allow ::1/d' "$ZABBIX_CONF_DIR/nginx_ssl.conf"
     fi
 
     echo "** Adding Zabbix virtual host (HTTP)"
@@ -149,7 +157,7 @@ prepare_web_server() {
         echo "**** Impossible to enable HTTP virtual host"
     fi
 
-    if [ -f "$NGINX_SSL_CONFIG/ssl.crt" ] && [ -f "$NGINX_SSL_CONFIG/ssl.key" ] && [ -f "$NGINX_SSL_CONFIG/dhparam.pem" ]; then
+    if [ -f "$NGINX_SSL_CONFIG_DIR/ssl.crt" ] && [ -f "$NGINX_SSL_CONFIG_DIR/ssl.key" ] && [ -f "$NGINX_SSL_CONFIG_DIR/dhparam.pem" ]; then
         echo "** Enable SSL support for Nginx"
         if [ -f "$ZABBIX_CONF_DIR/nginx_ssl.conf" ]; then
             ln -sfT "$ZABBIX_CONF_DIR/nginx_ssl.conf" "$NGINX_CONFD_DIR/nginx_ssl.conf"
@@ -159,12 +167,53 @@ prepare_web_server() {
     else
         echo "**** Impossible to enable SSL support for Nginx. Certificates are missed."
     fi
-}
 
-prepare_zbx_web_config() {
-    echo "** Preparing Zabbix frontend configuration file"
+    FCGI_READ_TIMEOUT=$(expr ${ZBX_MAXEXECUTIONTIME} + 1)
+    sed -i \
+        -e "s/{FCGI_READ_TIMEOUT}/${FCGI_READ_TIMEOUT}/g" \
+    "$ZABBIX_CONF_DIR/nginx.conf"
+
+    : ${HTTP_INDEX_FILE:="index.php"}
+    sed -i \
+        -e "s/{HTTP_INDEX_FILE}/${HTTP_INDEX_FILE}/g" \
+    "$ZABBIX_CONF_DIR/nginx.conf"
+
+    if [ -f "$ZABBIX_CONF_DIR/nginx_ssl.conf" ]; then
+        sed -i \
+            -e "s/{FCGI_READ_TIMEOUT}/${FCGI_READ_TIMEOUT}/g" \
+        "$ZABBIX_CONF_DIR/nginx_ssl.conf"
+
+        sed -i \
+            -e "s/{HTTP_INDEX_FILE}/${HTTP_INDEX_FILE}/g" \
+        "$ZABBIX_CONF_DIR/nginx_ssl.conf"
+    fi
+
+    : ${ENABLE_WEB_ACCESS_LOG:="true"}
+
+    if [ "${ENABLE_WEB_ACCESS_LOG,,}" == "false" ]; then
+        sed -ri \
+            -e 's!^(\s*access_log).+\;!\1 off\;!g' \
+            "$NGINX_CONF_FILE"
+        sed -ri \
+            -e 's!^(\s*access_log).+\;!\1 off\;!g' \
+            "$ZABBIX_CONF_DIR/nginx.conf"
+        sed -ri \
+            -e 's!^(\s*access_log).+\;!\1 off\;!g' \
+            "$ZABBIX_CONF_DIR/nginx_ssl.conf"
+    fi
+
+    : ${EXPOSE_WEB_SERVER_INFO:="on"}
+
+    [[ "${EXPOSE_WEB_SERVER_INFO}" != "off" ]] && EXPOSE_WEB_SERVER_INFO="on"
+
+    export EXPOSE_WEB_SERVER_INFO=${EXPOSE_WEB_SERVER_INFO}
+    sed -i \
+        -e "s/{EXPOSE_WEB_SERVER_INFO}/${EXPOSE_WEB_SERVER_INFO}/g" \
+    "$NGINX_CONF_FILE"
+}
 
-    PHP_CONFIG_FILE="/etc/php83/php-fpm.d/zabbix.conf"
+prepare_zbx_php_config() {
+    echo "** Preparing PHP configuration"
 
     export PHP_FPM_PM=${PHP_FPM_PM:-"dynamic"}
     export PHP_FPM_PM_MAX_CHILDREN=${PHP_FPM_PM_MAX_CHILDREN:-"50"}
@@ -174,12 +223,10 @@ prepare_zbx_web_config() {
     export PHP_FPM_PM_MAX_REQUESTS=${PHP_FPM_PM_MAX_REQUESTS:-"0"}
 
     if [ "$(id -u)" == '0' ]; then
-        sed -i -e "/^[#;] user/s/.*/user ${DAEMON_USER};/" "$NGINX_CONF_FILE"
-
         echo "user = ${DAEMON_USER}" >> "$PHP_CONFIG_FILE"
-        echo "group = ${DAEMON_USER}" >> "$PHP_CONFIG_FILE"
+        echo "group = ${DAEMON_GROUP}" >> "$PHP_CONFIG_FILE"
         echo "listen.owner = ${DAEMON_USER}" >> "$PHP_CONFIG_FILE"
-        echo "listen.group = ${DAEMON_USER}" >> "$PHP_CONFIG_FILE"
+        echo "listen.group = ${DAEMON_GROUP}" >> "$PHP_CONFIG_FILE"
     fi
 
     : ${ZBX_DENY_GUI_ACCESS:="false"}
@@ -233,55 +280,14 @@ prepare_zbx_web_config() {
 
     : ${ZBX_ALLOW_HTTP_AUTH:="true"}
     export ZBX_ALLOW_HTTP_AUTH=${ZBX_ALLOW_HTTP_AUTH}
+}
 
+prepare_zbx_config() {
     if [ -n "${ZBX_SESSION_NAME}" ]; then
         cp "$ZABBIX_WWW_ROOT/include/defines.inc.php" "/tmp/defines.inc.php_tmp"
         sed "/ZBX_SESSION_NAME/s/'[^']*'/'${ZBX_SESSION_NAME}'/2" "/tmp/defines.inc.php_tmp" > "$ZABBIX_WWW_ROOT/include/defines.inc.php"
         rm -f "/tmp/defines.inc.php_tmp"
     fi
-
-    FCGI_READ_TIMEOUT=$(expr ${ZBX_MAXEXECUTIONTIME} + 1)
-    sed -i \
-        -e "s/{FCGI_READ_TIMEOUT}/${FCGI_READ_TIMEOUT}/g" \
-    "$ZABBIX_CONF_DIR/nginx.conf"
-
-    : ${HTTP_INDEX_FILE:="index.php"}
-    sed -i \
-        -e "s/{HTTP_INDEX_FILE}/${HTTP_INDEX_FILE}/g" \
-    "$ZABBIX_CONF_DIR/nginx.conf"
-
-    if [ -f "$ZABBIX_CONF_DIR/nginx_ssl.conf" ]; then
-        sed -i \
-            -e "s/{FCGI_READ_TIMEOUT}/${FCGI_READ_TIMEOUT}/g" \
-        "$ZABBIX_CONF_DIR/nginx_ssl.conf"
-
-        sed -i \
-            -e "s/{HTTP_INDEX_FILE}/${HTTP_INDEX_FILE}/g" \
-        "$ZABBIX_CONF_DIR/nginx_ssl.conf"
-    fi
-
-    : ${ENABLE_WEB_ACCESS_LOG:="true"}
-
-    if [ "${ENABLE_WEB_ACCESS_LOG,,}" == "false" ]; then
-        sed -ri \
-            -e 's!^(\s*access_log).+\;!\1 off\;!g' \
-            "$NGINX_CONF_FILE"
-        sed -ri \
-            -e 's!^(\s*access_log).+\;!\1 off\;!g' \
-            "$ZABBIX_CONF_DIR/nginx.conf"
-        sed -ri \
-            -e 's!^(\s*access_log).+\;!\1 off\;!g' \
-            "$ZABBIX_CONF_DIR/nginx_ssl.conf"
-    fi
-
-    : ${EXPOSE_WEB_SERVER_INFO:="on"}
-
-    [[ "${EXPOSE_WEB_SERVER_INFO}" != "off" ]] && EXPOSE_WEB_SERVER_INFO="on"
-
-    export EXPOSE_WEB_SERVER_INFO=${EXPOSE_WEB_SERVER_INFO}
-    sed -i \
-        -e "s/{EXPOSE_WEB_SERVER_INFO}/${EXPOSE_WEB_SERVER_INFO}/g" \
-    "$NGINX_CONF_FILE"
 }
 
 #################################################
@@ -290,8 +296,9 @@ echo "** Deploying Zabbix web-interface (Nginx) with MySQL database"
 
 check_variables
 check_db_connect
+prepare_zbx_php_config
 prepare_web_server
-prepare_zbx_web_config
+prepare_zbx_config
 
 echo "########################################################"
 
diff --git a/Dockerfiles/web-nginx-mysql/centos/Dockerfile b/Dockerfiles/web-nginx-mysql/centos/Dockerfile
index a00fcf93e3..f220fb7fa9 100644
--- a/Dockerfiles/web-nginx-mysql/centos/Dockerfile
+++ b/Dockerfiles/web-nginx-mysql/centos/Dockerfile
@@ -14,7 +14,8 @@ ARG ZBX_SOURCES=https://git.zabbix.com/scm/zbx/zabbix.git
 
 ENV TERM=xterm \
     ZBX_VERSION=${ZBX_VERSION} ZBX_SOURCES=${ZBX_SOURCES} \
-    ZABBIX_CONF_DIR="/etc/zabbix"
+    ZABBIX_CONF_DIR="/etc/zabbix" \
+    ZABBIX_WWW_ROOT="/usr/share/zabbix"
 
 LABEL org.opencontainers.image.authors="Alexey Pustovalov <alexey.pustovalov@zabbix.com>" \
       org.opencontainers.image.description="Zabbix web-interface based on Nginx web server with MySQL database support" \
@@ -28,7 +29,7 @@ LABEL org.opencontainers.image.authors="Alexey Pustovalov <alexey.pustovalov@zab
 
 STOPSIGNAL SIGTERM
 
-COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}/ui", "/usr/share/zabbix"]
+COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}/ui", "${ZABBIX_WWW_ROOT}"]
 COPY ["conf/etc/", "/etc/"]
 
 RUN --mount=type=tmpfs,target=/var/lib/dnf/ \
@@ -101,20 +102,20 @@ RUN --mount=type=tmpfs,target=/var/lib/dnf/ \
     rm -f /etc/php-fpm.d/www.conf && \
     ln -sf /dev/stdout /var/log/nginx/access.log && \
     ln -sf /dev/stderr /var/log/nginx/error.log && \
-    cd /usr/share/zabbix/ && \
+    cd ${ZABBIX_WWW_ROOT}/ && \
     rm -f conf/zabbix.conf.php conf/maintenance.inc.php conf/zabbix.conf.php.example && \
     rm -rf tests && \
     rm -f locale/add_new_language.sh locale/update_po.sh locale/make_mo.sh && \
-    find /usr/share/zabbix/locale -name '*.po' | xargs rm -f && \
-    find /usr/share/zabbix/locale -name '*.sh' | xargs rm -f && \
-    ln -s "${ZABBIX_CONF_DIR}/web/zabbix.conf.php" "/usr/share/zabbix/conf/zabbix.conf.php" && \
-    ln -s "${ZABBIX_CONF_DIR}/web/maintenance.inc.php" "/usr/share/zabbix/conf/maintenance.inc.php" && \
-    cat /usr/share/zabbix/include/locales.inc.php | grep display | grep true | awk '{$1=$1};1' | \
+    find ${ZABBIX_WWW_ROOT}/locale -name '*.po' | xargs rm -f && \
+    find ${ZABBIX_WWW_ROOT}/locale -name '*.sh' | xargs rm -f && \
+    ln -s "${ZABBIX_CONF_DIR}/web/zabbix.conf.php" "${ZABBIX_WWW_ROOT}/conf/zabbix.conf.php" && \
+    ln -s "${ZABBIX_CONF_DIR}/web/maintenance.inc.php" "${ZABBIX_WWW_ROOT}/conf/maintenance.inc.php" && \
+    cat ${ZABBIX_WWW_ROOT}/include/locales.inc.php | grep display | grep true | awk '{$1=$1};1' | \
         cut -d"'" -f 2 | sort | \
         xargs -I '{}' bash -c 'echo "{}" && localedef -c -i {} -f UTF-8 {}.UTF-8 2>/dev/null' && \
-    chown --quiet -R zabbix:root ${ZABBIX_CONF_DIR}/ /usr/share/zabbix/include/defines.inc.php /usr/share/zabbix/modules/ && \
-    chgrp -R 0 ${ZABBIX_CONF_DIR}/ /usr/share/zabbix/include/defines.inc.php /usr/share/zabbix/modules/ && \
-    chmod -R g=u ${ZABBIX_CONF_DIR}/ /usr/share/zabbix/include/defines.inc.php /usr/share/zabbix/modules/ && \
+    chown --quiet -R zabbix:root ${ZABBIX_CONF_DIR}/ ${ZABBIX_WWW_ROOT}/include/defines.inc.php ${ZABBIX_WWW_ROOT}/modules/ && \
+    chgrp -R 0 ${ZABBIX_CONF_DIR}/ ${ZABBIX_WWW_ROOT}/include/defines.inc.php ${ZABBIX_WWW_ROOT}/modules/ && \
+    chmod -R g=u ${ZABBIX_CONF_DIR}/ ${ZABBIX_WWW_ROOT}/include/defines.inc.php ${ZABBIX_WWW_ROOT}/modules/ && \
     chown --quiet -R zabbix:root /etc/nginx/ /etc/php-fpm.d/ /etc/php-fpm.conf /var/log/nginx/ && \
     chgrp -R 0 /etc/nginx/ /etc/php-fpm.d/ /etc/php-fpm.conf /var/log/nginx/ && \
     chmod -R g=u /etc/nginx/ /etc/php-fpm.d/ /etc/php-fpm.conf /var/log/nginx/ && \
@@ -125,9 +126,12 @@ RUN --mount=type=tmpfs,target=/var/lib/dnf/ \
             findutils \
             glibc-locale-source
 
+HEALTHCHECK --interval=1m30s --timeout=3s --retries=3 --start-period=40s --start-interval=5s \
+    CMD curl -f http://localhost:8080/ping || exit 1
+
 EXPOSE 8080/TCP 8443/TCP
 
-WORKDIR /usr/share/zabbix
+WORKDIR ${ZABBIX_WWW_ROOT}
 
 COPY ["docker-entrypoint.sh", "/usr/bin/"]
 
diff --git a/Dockerfiles/web-nginx-mysql/centos/conf/etc/php-fpm.conf b/Dockerfiles/web-nginx-mysql/centos/conf/etc/php-fpm.conf
index ce0225346c..c3accf48d8 100644
--- a/Dockerfiles/web-nginx-mysql/centos/conf/etc/php-fpm.conf
+++ b/Dockerfiles/web-nginx-mysql/centos/conf/etc/php-fpm.conf
@@ -5,5 +5,6 @@ include=/etc/php-fpm.d/*.conf
 pid = /tmp/php-fpm.pid
 
 error_log = /dev/fd/2
+log_level = notice
 
 daemonize = no
diff --git a/Dockerfiles/web-nginx-mysql/centos/conf/etc/zabbix/nginx.conf b/Dockerfiles/web-nginx-mysql/centos/conf/etc/zabbix/nginx.conf
index f33585b149..eb9cd6c645 100644
--- a/Dockerfiles/web-nginx-mysql/centos/conf/etc/zabbix/nginx.conf
+++ b/Dockerfiles/web-nginx-mysql/centos/conf/etc/zabbix/nginx.conf
@@ -46,8 +46,17 @@ server {
         return 404;
     }
 
+    location = /nginx-status {
+        access_log off;
+        allow 127.0.0.1;
+        allow ::1;
+        deny all;
+        stub_status;
+    }
+
     location ~ ^/(status|ping)$ {
         access_log off;
+
         fastcgi_pass   unix:/tmp/php-fpm.sock;
 
         fastcgi_param  SCRIPT_FILENAME  $webroot$fastcgi_script_name;
diff --git a/Dockerfiles/web-nginx-mysql/centos/docker-entrypoint.sh b/Dockerfiles/web-nginx-mysql/centos/docker-entrypoint.sh
index 29b50273a5..0d945631c3 100755
--- a/Dockerfiles/web-nginx-mysql/centos/docker-entrypoint.sh
+++ b/Dockerfiles/web-nginx-mysql/centos/docker-entrypoint.sh
@@ -18,14 +18,19 @@ fi
 # Default timezone for web interface
 : ${PHP_TZ:="Europe/Riga"}
 
-# Default user
+# Default user settings
 : ${DAEMON_USER:="nginx"}
+: ${DAEMON_GROUP:="nginx"}
 
 # Default directories
-# Web interface www-root directory
-ZABBIX_WWW_ROOT="/usr/share/zabbix"
 # Nginx main configuration file
 NGINX_CONF_FILE="/etc/nginx/nginx.conf"
+# Nginx virtual hosts configuration directory
+NGINX_CONFD_DIR="/etc/nginx/conf.d"
+# Directory with SSL certificate files for Nginx
+NGINX_SSL_CONFIG_DIR="/etc/ssl/nginx"
+# PHP-FPM configuration file
+PHP_CONFIG_FILE="/etc/php-fpm.d/zabbix.conf"
 
 # usage: file_env VAR [DEFAULT]
 # as example: file_env 'MYSQL_PASSWORD' 'zabbix'
@@ -134,12 +139,15 @@ check_db_connect() {
 }
 
 prepare_web_server() {
-    NGINX_CONFD_DIR="/etc/nginx/conf.d"
-    NGINX_SSL_CONFIG="/etc/ssl/nginx"
+    if [ "$(id -u)" == '0' ]; then
+        sed -i -e "/^[#;] user/s/.*/user ${DAEMON_USER};/" "$NGINX_CONF_FILE"
+    fi
 
     if [ ! -f "/proc/net/if_inet6" ]; then
         sed -i '/listen \[::\]/d' "$ZABBIX_CONF_DIR/nginx.conf"
+        sed -i '/allow ::1/d' "$ZABBIX_CONF_DIR/nginx.conf"
         sed -i '/listen \[::\]/d' "$ZABBIX_CONF_DIR/nginx_ssl.conf"
+        sed -i '/allow ::1/d' "$ZABBIX_CONF_DIR/nginx_ssl.conf"
     fi
 
     echo "** Adding Zabbix virtual host (HTTP)"
@@ -149,7 +157,7 @@ prepare_web_server() {
         echo "**** Impossible to enable HTTP virtual host"
     fi
 
-    if [ -f "$NGINX_SSL_CONFIG/ssl.crt" ] && [ -f "$NGINX_SSL_CONFIG/ssl.key" ] && [ -f "$NGINX_SSL_CONFIG/dhparam.pem" ]; then
+    if [ -f "$NGINX_SSL_CONFIG_DIR/ssl.crt" ] && [ -f "$NGINX_SSL_CONFIG_DIR/ssl.key" ] && [ -f "$NGINX_SSL_CONFIG_DIR/dhparam.pem" ]; then
         echo "** Enable SSL support for Nginx"
         if [ -f "$ZABBIX_CONF_DIR/nginx_ssl.conf" ]; then
             ln -sfT "$ZABBIX_CONF_DIR/nginx_ssl.conf" "$NGINX_CONFD_DIR/nginx_ssl.conf"
@@ -159,12 +167,53 @@ prepare_web_server() {
     else
         echo "**** Impossible to enable SSL support for Nginx. Certificates are missed."
     fi
-}
 
-prepare_zbx_web_config() {
-    echo "** Preparing Zabbix frontend configuration file"
+    FCGI_READ_TIMEOUT=$(expr ${ZBX_MAXEXECUTIONTIME} + 1)
+    sed -i \
+        -e "s/{FCGI_READ_TIMEOUT}/${FCGI_READ_TIMEOUT}/g" \
+    "$ZABBIX_CONF_DIR/nginx.conf"
+
+    : ${HTTP_INDEX_FILE:="index.php"}
+    sed -i \
+        -e "s/{HTTP_INDEX_FILE}/${HTTP_INDEX_FILE}/g" \
+    "$ZABBIX_CONF_DIR/nginx.conf"
+
+    if [ -f "$ZABBIX_CONF_DIR/nginx_ssl.conf" ]; then
+        sed -i \
+            -e "s/{FCGI_READ_TIMEOUT}/${FCGI_READ_TIMEOUT}/g" \
+        "$ZABBIX_CONF_DIR/nginx_ssl.conf"
+
+        sed -i \
+            -e "s/{HTTP_INDEX_FILE}/${HTTP_INDEX_FILE}/g" \
+        "$ZABBIX_CONF_DIR/nginx_ssl.conf"
+    fi
+
+    : ${ENABLE_WEB_ACCESS_LOG:="true"}
+
+    if [ "${ENABLE_WEB_ACCESS_LOG,,}" == "false" ]; then
+        sed -ri \
+            -e 's!^(\s*access_log).+\;!\1 off\;!g' \
+            "$NGINX_CONF_FILE"
+        sed -ri \
+            -e 's!^(\s*access_log).+\;!\1 off\;!g' \
+            "$ZABBIX_CONF_DIR/nginx.conf"
+        sed -ri \
+            -e 's!^(\s*access_log).+\;!\1 off\;!g' \
+            "$ZABBIX_CONF_DIR/nginx_ssl.conf"
+    fi
+
+    : ${EXPOSE_WEB_SERVER_INFO:="on"}
+
+    [[ "${EXPOSE_WEB_SERVER_INFO}" != "off" ]] && EXPOSE_WEB_SERVER_INFO="on"
+
+    export EXPOSE_WEB_SERVER_INFO=${EXPOSE_WEB_SERVER_INFO}
+    sed -i \
+        -e "s/{EXPOSE_WEB_SERVER_INFO}/${EXPOSE_WEB_SERVER_INFO}/g" \
+    "$NGINX_CONF_FILE"
+}
 
-    PHP_CONFIG_FILE="/etc/php-fpm.d/zabbix.conf"
+prepare_zbx_php_config() {
+    echo "** Preparing PHP configuration"
 
     export PHP_FPM_PM=${PHP_FPM_PM:-"dynamic"}
     export PHP_FPM_PM_MAX_CHILDREN=${PHP_FPM_PM_MAX_CHILDREN:-"50"}
@@ -174,12 +223,10 @@ prepare_zbx_web_config() {
     export PHP_FPM_PM_MAX_REQUESTS=${PHP_FPM_PM_MAX_REQUESTS:-"0"}
 
     if [ "$(id -u)" == '0' ]; then
-        sed -i -e "/^[#;] user/s/.*/user ${DAEMON_USER};/" "$NGINX_CONF_FILE"
-
         echo "user = ${DAEMON_USER}" >> "$PHP_CONFIG_FILE"
-        echo "group = ${DAEMON_USER}" >> "$PHP_CONFIG_FILE"
+        echo "group = ${DAEMON_GROUP}" >> "$PHP_CONFIG_FILE"
         echo "listen.owner = ${DAEMON_USER}" >> "$PHP_CONFIG_FILE"
-        echo "listen.group = ${DAEMON_USER}" >> "$PHP_CONFIG_FILE"
+        echo "listen.group = ${DAEMON_GROUP}" >> "$PHP_CONFIG_FILE"
     fi
 
     : ${ZBX_DENY_GUI_ACCESS:="false"}
@@ -233,55 +280,14 @@ prepare_zbx_web_config() {
 
     : ${ZBX_ALLOW_HTTP_AUTH:="true"}
     export ZBX_ALLOW_HTTP_AUTH=${ZBX_ALLOW_HTTP_AUTH}
+}
 
+prepare_zbx_config() {
     if [ -n "${ZBX_SESSION_NAME}" ]; then
         cp "$ZABBIX_WWW_ROOT/include/defines.inc.php" "/tmp/defines.inc.php_tmp"
         sed "/ZBX_SESSION_NAME/s/'[^']*'/'${ZBX_SESSION_NAME}'/2" "/tmp/defines.inc.php_tmp" > "$ZABBIX_WWW_ROOT/include/defines.inc.php"
         rm -f "/tmp/defines.inc.php_tmp"
     fi
-
-    FCGI_READ_TIMEOUT=$(expr ${ZBX_MAXEXECUTIONTIME} + 1)
-    sed -i \
-        -e "s/{FCGI_READ_TIMEOUT}/${FCGI_READ_TIMEOUT}/g" \
-    "$ZABBIX_CONF_DIR/nginx.conf"
-
-    : ${HTTP_INDEX_FILE:="index.php"}
-    sed -i \
-        -e "s/{HTTP_INDEX_FILE}/${HTTP_INDEX_FILE}/g" \
-    "$ZABBIX_CONF_DIR/nginx.conf"
-
-    if [ -f "$ZABBIX_CONF_DIR/nginx_ssl.conf" ]; then
-        sed -i \
-            -e "s/{FCGI_READ_TIMEOUT}/${FCGI_READ_TIMEOUT}/g" \
-        "$ZABBIX_CONF_DIR/nginx_ssl.conf"
-
-        sed -i \
-            -e "s/{HTTP_INDEX_FILE}/${HTTP_INDEX_FILE}/g" \
-        "$ZABBIX_CONF_DIR/nginx_ssl.conf"
-    fi
-
-    : ${ENABLE_WEB_ACCESS_LOG:="true"}
-
-    if [ "${ENABLE_WEB_ACCESS_LOG,,}" == "false" ]; then
-        sed -ri \
-            -e 's!^(\s*access_log).+\;!\1 off\;!g' \
-            "$NGINX_CONF_FILE"
-        sed -ri \
-            -e 's!^(\s*access_log).+\;!\1 off\;!g' \
-            "$ZABBIX_CONF_DIR/nginx.conf"
-        sed -ri \
-            -e 's!^(\s*access_log).+\;!\1 off\;!g' \
-            "$ZABBIX_CONF_DIR/nginx_ssl.conf"
-    fi
-
-    : ${EXPOSE_WEB_SERVER_INFO:="on"}
-
-    [[ "${EXPOSE_WEB_SERVER_INFO}" != "off" ]] && EXPOSE_WEB_SERVER_INFO="on"
-
-    export EXPOSE_WEB_SERVER_INFO=${EXPOSE_WEB_SERVER_INFO}
-    sed -i \
-        -e "s/{EXPOSE_WEB_SERVER_INFO}/${EXPOSE_WEB_SERVER_INFO}/g" \
-    "$NGINX_CONF_FILE"
 }
 
 #################################################
@@ -290,8 +296,9 @@ echo "** Deploying Zabbix web-interface (Nginx) with MySQL database"
 
 check_variables
 check_db_connect
+prepare_zbx_php_config
 prepare_web_server
-prepare_zbx_web_config
+prepare_zbx_config
 
 echo "########################################################"
 
diff --git a/Dockerfiles/web-nginx-mysql/ol/Dockerfile b/Dockerfiles/web-nginx-mysql/ol/Dockerfile
index 57f97a6121..82fb85156e 100644
--- a/Dockerfiles/web-nginx-mysql/ol/Dockerfile
+++ b/Dockerfiles/web-nginx-mysql/ol/Dockerfile
@@ -14,7 +14,8 @@ ARG ZBX_SOURCES=https://git.zabbix.com/scm/zbx/zabbix.git
 
 ENV TERM=xterm \
     ZBX_VERSION=${ZBX_VERSION} ZBX_SOURCES=${ZBX_SOURCES} \
-    ZABBIX_CONF_DIR="/etc/zabbix"
+    ZABBIX_CONF_DIR="/etc/zabbix" \
+    ZABBIX_WWW_ROOT="/usr/share/zabbix"
 
 LABEL org.opencontainers.image.authors="Alexey Pustovalov <alexey.pustovalov@zabbix.com>" \
       org.opencontainers.image.description="Zabbix web-interface based on Nginx web server with MySQL database support" \
@@ -28,7 +29,7 @@ LABEL org.opencontainers.image.authors="Alexey Pustovalov <alexey.pustovalov@zab
 
 STOPSIGNAL SIGTERM
 
-COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}/ui", "/usr/share/zabbix"]
+COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}/ui", "${ZABBIX_WWW_ROOT}"]
 COPY ["conf/etc/", "/etc/"]
 COPY ["conf/etc/yum.repos.d/oracle-epel-ol9.repo", "/etc/yum.repos.d/oracle-epel-ol9.repo"]
 
@@ -88,20 +89,20 @@ RUN --mount=type=tmpfs,target=/var/lib/dnf/ \
     rm -f /etc/php-fpm.d/www.conf && \
     ln -sf /dev/stdout /var/log/nginx/access.log && \
     ln -sf /dev/stderr /var/log/nginx/error.log && \
-    cd /usr/share/zabbix/ && \
+    cd ${ZABBIX_WWW_ROOT}/ && \
     rm -f conf/zabbix.conf.php conf/maintenance.inc.php conf/zabbix.conf.php.example && \
     rm -rf tests && \
     rm -f locale/add_new_language.sh locale/update_po.sh locale/make_mo.sh && \
-    find /usr/share/zabbix/locale -name '*.po' | xargs rm -f && \
-    find /usr/share/zabbix/locale -name '*.sh' | xargs rm -f && \
-    ln -s "${ZABBIX_CONF_DIR}/web/zabbix.conf.php" "/usr/share/zabbix/conf/zabbix.conf.php" && \
-    ln -s "${ZABBIX_CONF_DIR}/web/maintenance.inc.php" "/usr/share/zabbix/conf/maintenance.inc.php" && \
-    cat /usr/share/zabbix/include/locales.inc.php | grep display | grep true | awk '{$1=$1};1' | \
+    find ${ZABBIX_WWW_ROOT}/locale -name '*.po' | xargs rm -f && \
+    find ${ZABBIX_WWW_ROOT}/locale -name '*.sh' | xargs rm -f && \
+    ln -s "${ZABBIX_CONF_DIR}/web/zabbix.conf.php" "${ZABBIX_WWW_ROOT}/conf/zabbix.conf.php" && \
+    ln -s "${ZABBIX_CONF_DIR}/web/maintenance.inc.php" "${ZABBIX_WWW_ROOT}/conf/maintenance.inc.php" && \
+    cat ${ZABBIX_WWW_ROOT}/include/locales.inc.php | grep display | grep true | awk '{$1=$1};1' | \
         cut -d"'" -f 2 | sort | \
         xargs -I '{}' bash -c 'echo "{}" && localedef -c -i {} -f UTF-8 {}.UTF-8 2>/dev/null' && \
-    chown --quiet -R zabbix:root ${ZABBIX_CONF_DIR}/ /usr/share/zabbix/include/defines.inc.php /usr/share/zabbix/modules/ && \
-    chgrp -R 0 ${ZABBIX_CONF_DIR}/ /usr/share/zabbix/include/defines.inc.php /usr/share/zabbix/modules/ && \
-    chmod -R g=u ${ZABBIX_CONF_DIR}/ /usr/share/zabbix/include/defines.inc.php /usr/share/zabbix/modules/ && \
+    chown --quiet -R zabbix:root ${ZABBIX_CONF_DIR}/ ${ZABBIX_WWW_ROOT}/include/defines.inc.php ${ZABBIX_WWW_ROOT}/modules/ && \
+    chgrp -R 0 ${ZABBIX_CONF_DIR}/ ${ZABBIX_WWW_ROOT}/include/defines.inc.php ${ZABBIX_WWW_ROOT}/modules/ && \
+    chmod -R g=u ${ZABBIX_CONF_DIR}/ ${ZABBIX_WWW_ROOT}/include/defines.inc.php ${ZABBIX_WWW_ROOT}/modules/ && \
     chown --quiet -R zabbix:root /etc/nginx/ /etc/php-fpm.d/ /etc/php-fpm.conf /var/log/nginx/ && \
     chgrp -R 0 /etc/nginx/ /etc/php-fpm.d/ /etc/php-fpm.conf /var/log/nginx/ && \
     chmod -R g=u /etc/nginx/ /etc/php-fpm.d/ /etc/php-fpm.conf /var/log/nginx/ && \
@@ -112,9 +113,12 @@ RUN --mount=type=tmpfs,target=/var/lib/dnf/ \
             findutils \
             glibc-locale-source
 
+HEALTHCHECK --interval=1m30s --timeout=3s --retries=3 --start-period=40s --start-interval=5s \
+    CMD curl -f http://localhost:8080/ping || exit 1
+
 EXPOSE 8080/TCP 8443/TCP
 
-WORKDIR /usr/share/zabbix
+WORKDIR ${ZABBIX_WWW_ROOT}
 
 COPY ["docker-entrypoint.sh", "/usr/bin/"]
 
diff --git a/Dockerfiles/web-nginx-mysql/ol/conf/etc/php-fpm.conf b/Dockerfiles/web-nginx-mysql/ol/conf/etc/php-fpm.conf
index ce0225346c..c3accf48d8 100644
--- a/Dockerfiles/web-nginx-mysql/ol/conf/etc/php-fpm.conf
+++ b/Dockerfiles/web-nginx-mysql/ol/conf/etc/php-fpm.conf
@@ -5,5 +5,6 @@ include=/etc/php-fpm.d/*.conf
 pid = /tmp/php-fpm.pid
 
 error_log = /dev/fd/2
+log_level = notice
 
 daemonize = no
diff --git a/Dockerfiles/web-nginx-mysql/ol/conf/etc/zabbix/nginx.conf b/Dockerfiles/web-nginx-mysql/ol/conf/etc/zabbix/nginx.conf
index f33585b149..eb9cd6c645 100644
--- a/Dockerfiles/web-nginx-mysql/ol/conf/etc/zabbix/nginx.conf
+++ b/Dockerfiles/web-nginx-mysql/ol/conf/etc/zabbix/nginx.conf
@@ -46,8 +46,17 @@ server {
         return 404;
     }
 
+    location = /nginx-status {
+        access_log off;
+        allow 127.0.0.1;
+        allow ::1;
+        deny all;
+        stub_status;
+    }
+
     location ~ ^/(status|ping)$ {
         access_log off;
+
         fastcgi_pass   unix:/tmp/php-fpm.sock;
 
         fastcgi_param  SCRIPT_FILENAME  $webroot$fastcgi_script_name;
diff --git a/Dockerfiles/web-nginx-mysql/ol/docker-entrypoint.sh b/Dockerfiles/web-nginx-mysql/ol/docker-entrypoint.sh
index 29b50273a5..0d945631c3 100755
--- a/Dockerfiles/web-nginx-mysql/ol/docker-entrypoint.sh
+++ b/Dockerfiles/web-nginx-mysql/ol/docker-entrypoint.sh
@@ -18,14 +18,19 @@ fi
 # Default timezone for web interface
 : ${PHP_TZ:="Europe/Riga"}
 
-# Default user
+# Default user settings
 : ${DAEMON_USER:="nginx"}
+: ${DAEMON_GROUP:="nginx"}
 
 # Default directories
-# Web interface www-root directory
-ZABBIX_WWW_ROOT="/usr/share/zabbix"
 # Nginx main configuration file
 NGINX_CONF_FILE="/etc/nginx/nginx.conf"
+# Nginx virtual hosts configuration directory
+NGINX_CONFD_DIR="/etc/nginx/conf.d"
+# Directory with SSL certificate files for Nginx
+NGINX_SSL_CONFIG_DIR="/etc/ssl/nginx"
+# PHP-FPM configuration file
+PHP_CONFIG_FILE="/etc/php-fpm.d/zabbix.conf"
 
 # usage: file_env VAR [DEFAULT]
 # as example: file_env 'MYSQL_PASSWORD' 'zabbix'
@@ -134,12 +139,15 @@ check_db_connect() {
 }
 
 prepare_web_server() {
-    NGINX_CONFD_DIR="/etc/nginx/conf.d"
-    NGINX_SSL_CONFIG="/etc/ssl/nginx"
+    if [ "$(id -u)" == '0' ]; then
+        sed -i -e "/^[#;] user/s/.*/user ${DAEMON_USER};/" "$NGINX_CONF_FILE"
+    fi
 
     if [ ! -f "/proc/net/if_inet6" ]; then
         sed -i '/listen \[::\]/d' "$ZABBIX_CONF_DIR/nginx.conf"
+        sed -i '/allow ::1/d' "$ZABBIX_CONF_DIR/nginx.conf"
         sed -i '/listen \[::\]/d' "$ZABBIX_CONF_DIR/nginx_ssl.conf"
+        sed -i '/allow ::1/d' "$ZABBIX_CONF_DIR/nginx_ssl.conf"
     fi
 
     echo "** Adding Zabbix virtual host (HTTP)"
@@ -149,7 +157,7 @@ prepare_web_server() {
         echo "**** Impossible to enable HTTP virtual host"
     fi
 
-    if [ -f "$NGINX_SSL_CONFIG/ssl.crt" ] && [ -f "$NGINX_SSL_CONFIG/ssl.key" ] && [ -f "$NGINX_SSL_CONFIG/dhparam.pem" ]; then
+    if [ -f "$NGINX_SSL_CONFIG_DIR/ssl.crt" ] && [ -f "$NGINX_SSL_CONFIG_DIR/ssl.key" ] && [ -f "$NGINX_SSL_CONFIG_DIR/dhparam.pem" ]; then
         echo "** Enable SSL support for Nginx"
         if [ -f "$ZABBIX_CONF_DIR/nginx_ssl.conf" ]; then
             ln -sfT "$ZABBIX_CONF_DIR/nginx_ssl.conf" "$NGINX_CONFD_DIR/nginx_ssl.conf"
@@ -159,12 +167,53 @@ prepare_web_server() {
     else
         echo "**** Impossible to enable SSL support for Nginx. Certificates are missed."
     fi
-}
 
-prepare_zbx_web_config() {
-    echo "** Preparing Zabbix frontend configuration file"
+    FCGI_READ_TIMEOUT=$(expr ${ZBX_MAXEXECUTIONTIME} + 1)
+    sed -i \
+        -e "s/{FCGI_READ_TIMEOUT}/${FCGI_READ_TIMEOUT}/g" \
+    "$ZABBIX_CONF_DIR/nginx.conf"
+
+    : ${HTTP_INDEX_FILE:="index.php"}
+    sed -i \
+        -e "s/{HTTP_INDEX_FILE}/${HTTP_INDEX_FILE}/g" \
+    "$ZABBIX_CONF_DIR/nginx.conf"
+
+    if [ -f "$ZABBIX_CONF_DIR/nginx_ssl.conf" ]; then
+        sed -i \
+            -e "s/{FCGI_READ_TIMEOUT}/${FCGI_READ_TIMEOUT}/g" \
+        "$ZABBIX_CONF_DIR/nginx_ssl.conf"
+
+        sed -i \
+            -e "s/{HTTP_INDEX_FILE}/${HTTP_INDEX_FILE}/g" \
+        "$ZABBIX_CONF_DIR/nginx_ssl.conf"
+    fi
+
+    : ${ENABLE_WEB_ACCESS_LOG:="true"}
+
+    if [ "${ENABLE_WEB_ACCESS_LOG,,}" == "false" ]; then
+        sed -ri \
+            -e 's!^(\s*access_log).+\;!\1 off\;!g' \
+            "$NGINX_CONF_FILE"
+        sed -ri \
+            -e 's!^(\s*access_log).+\;!\1 off\;!g' \
+            "$ZABBIX_CONF_DIR/nginx.conf"
+        sed -ri \
+            -e 's!^(\s*access_log).+\;!\1 off\;!g' \
+            "$ZABBIX_CONF_DIR/nginx_ssl.conf"
+    fi
+
+    : ${EXPOSE_WEB_SERVER_INFO:="on"}
+
+    [[ "${EXPOSE_WEB_SERVER_INFO}" != "off" ]] && EXPOSE_WEB_SERVER_INFO="on"
+
+    export EXPOSE_WEB_SERVER_INFO=${EXPOSE_WEB_SERVER_INFO}
+    sed -i \
+        -e "s/{EXPOSE_WEB_SERVER_INFO}/${EXPOSE_WEB_SERVER_INFO}/g" \
+    "$NGINX_CONF_FILE"
+}
 
-    PHP_CONFIG_FILE="/etc/php-fpm.d/zabbix.conf"
+prepare_zbx_php_config() {
+    echo "** Preparing PHP configuration"
 
     export PHP_FPM_PM=${PHP_FPM_PM:-"dynamic"}
     export PHP_FPM_PM_MAX_CHILDREN=${PHP_FPM_PM_MAX_CHILDREN:-"50"}
@@ -174,12 +223,10 @@ prepare_zbx_web_config() {
     export PHP_FPM_PM_MAX_REQUESTS=${PHP_FPM_PM_MAX_REQUESTS:-"0"}
 
     if [ "$(id -u)" == '0' ]; then
-        sed -i -e "/^[#;] user/s/.*/user ${DAEMON_USER};/" "$NGINX_CONF_FILE"
-
         echo "user = ${DAEMON_USER}" >> "$PHP_CONFIG_FILE"
-        echo "group = ${DAEMON_USER}" >> "$PHP_CONFIG_FILE"
+        echo "group = ${DAEMON_GROUP}" >> "$PHP_CONFIG_FILE"
         echo "listen.owner = ${DAEMON_USER}" >> "$PHP_CONFIG_FILE"
-        echo "listen.group = ${DAEMON_USER}" >> "$PHP_CONFIG_FILE"
+        echo "listen.group = ${DAEMON_GROUP}" >> "$PHP_CONFIG_FILE"
     fi
 
     : ${ZBX_DENY_GUI_ACCESS:="false"}
@@ -233,55 +280,14 @@ prepare_zbx_web_config() {
 
     : ${ZBX_ALLOW_HTTP_AUTH:="true"}
     export ZBX_ALLOW_HTTP_AUTH=${ZBX_ALLOW_HTTP_AUTH}
+}
 
+prepare_zbx_config() {
     if [ -n "${ZBX_SESSION_NAME}" ]; then
         cp "$ZABBIX_WWW_ROOT/include/defines.inc.php" "/tmp/defines.inc.php_tmp"
         sed "/ZBX_SESSION_NAME/s/'[^']*'/'${ZBX_SESSION_NAME}'/2" "/tmp/defines.inc.php_tmp" > "$ZABBIX_WWW_ROOT/include/defines.inc.php"
         rm -f "/tmp/defines.inc.php_tmp"
     fi
-
-    FCGI_READ_TIMEOUT=$(expr ${ZBX_MAXEXECUTIONTIME} + 1)
-    sed -i \
-        -e "s/{FCGI_READ_TIMEOUT}/${FCGI_READ_TIMEOUT}/g" \
-    "$ZABBIX_CONF_DIR/nginx.conf"
-
-    : ${HTTP_INDEX_FILE:="index.php"}
-    sed -i \
-        -e "s/{HTTP_INDEX_FILE}/${HTTP_INDEX_FILE}/g" \
-    "$ZABBIX_CONF_DIR/nginx.conf"
-
-    if [ -f "$ZABBIX_CONF_DIR/nginx_ssl.conf" ]; then
-        sed -i \
-            -e "s/{FCGI_READ_TIMEOUT}/${FCGI_READ_TIMEOUT}/g" \
-        "$ZABBIX_CONF_DIR/nginx_ssl.conf"
-
-        sed -i \
-            -e "s/{HTTP_INDEX_FILE}/${HTTP_INDEX_FILE}/g" \
-        "$ZABBIX_CONF_DIR/nginx_ssl.conf"
-    fi
-
-    : ${ENABLE_WEB_ACCESS_LOG:="true"}
-
-    if [ "${ENABLE_WEB_ACCESS_LOG,,}" == "false" ]; then
-        sed -ri \
-            -e 's!^(\s*access_log).+\;!\1 off\;!g' \
-            "$NGINX_CONF_FILE"
-        sed -ri \
-            -e 's!^(\s*access_log).+\;!\1 off\;!g' \
-            "$ZABBIX_CONF_DIR/nginx.conf"
-        sed -ri \
-            -e 's!^(\s*access_log).+\;!\1 off\;!g' \
-            "$ZABBIX_CONF_DIR/nginx_ssl.conf"
-    fi
-
-    : ${EXPOSE_WEB_SERVER_INFO:="on"}
-
-    [[ "${EXPOSE_WEB_SERVER_INFO}" != "off" ]] && EXPOSE_WEB_SERVER_INFO="on"
-
-    export EXPOSE_WEB_SERVER_INFO=${EXPOSE_WEB_SERVER_INFO}
-    sed -i \
-        -e "s/{EXPOSE_WEB_SERVER_INFO}/${EXPOSE_WEB_SERVER_INFO}/g" \
-    "$NGINX_CONF_FILE"
 }
 
 #################################################
@@ -290,8 +296,9 @@ echo "** Deploying Zabbix web-interface (Nginx) with MySQL database"
 
 check_variables
 check_db_connect
+prepare_zbx_php_config
 prepare_web_server
-prepare_zbx_web_config
+prepare_zbx_config
 
 echo "########################################################"
 
diff --git a/Dockerfiles/web-nginx-mysql/rhel/Dockerfile b/Dockerfiles/web-nginx-mysql/rhel/Dockerfile
index e48ffee23f..54e79f9f18 100644
--- a/Dockerfiles/web-nginx-mysql/rhel/Dockerfile
+++ b/Dockerfiles/web-nginx-mysql/rhel/Dockerfile
@@ -16,7 +16,8 @@ ARG ZBX_SOURCES=https://git.zabbix.com/scm/zbx/zabbix.git
 
 ENV TERM=xterm \
     ZBX_VERSION=${ZBX_VERSION} ZBX_SOURCES=${ZBX_SOURCES} \
-    ZABBIX_CONF_DIR="/etc/zabbix"
+    ZABBIX_CONF_DIR="/etc/zabbix" \
+    ZABBIX_WWW_ROOT="/usr/share/zabbix"
 
 LABEL description="Zabbix web-interface based on Nginx web server with MySQL database support" \
       maintainer="alexey.pustovalov@zabbix.com" \
@@ -48,7 +49,7 @@ STOPSIGNAL SIGTERM
 
 COPY ["licenses", "/licenses"]
 COPY ["conf/etc/", "/etc/"]
-COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}/ui", "/usr/share/zabbix"]
+COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}/ui", "${ZABBIX_WWW_ROOT}"]
 
 RUN --mount=type=tmpfs,target=/var/lib/dnf/ \
     --mount=type=tmpfs,target=/var/cache/yum/ \
@@ -132,20 +133,20 @@ RUN --mount=type=tmpfs,target=/var/lib/dnf/ \
     rm -f /etc/php-fpm.d/www.conf && \
     ln -sf /dev/stdout /var/log/nginx/access.log && \
     ln -sf /dev/stderr /var/log/nginx/error.log && \
-    cd /usr/share/zabbix/ && \
+    cd ${ZABBIX_WWW_ROOT}/ && \
     rm -f conf/zabbix.conf.php conf/maintenance.inc.php conf/zabbix.conf.php.example && \
     rm -rf tests && \
     rm -f locale/add_new_language.sh locale/update_po.sh locale/make_mo.sh && \
-    find /usr/share/zabbix/locale -name '*.po' | xargs rm -f && \
-    find /usr/share/zabbix/locale -name '*.sh' | xargs rm -f && \
-    ln -s "${ZABBIX_CONF_DIR}/web/zabbix.conf.php" "/usr/share/zabbix/conf/zabbix.conf.php" && \
-    ln -s "${ZABBIX_CONF_DIR}/web/maintenance.inc.php" "/usr/share/zabbix/conf/maintenance.inc.php" && \
-    cat /usr/share/zabbix/include/locales.inc.php | grep display | grep true | awk '{$1=$1};1' | \
+    find ${ZABBIX_WWW_ROOT}/locale -name '*.po' | xargs rm -f && \
+    find ${ZABBIX_WWW_ROOT}/locale -name '*.sh' | xargs rm -f && \
+    ln -s "${ZABBIX_CONF_DIR}/web/zabbix.conf.php" "${ZABBIX_WWW_ROOT}/conf/zabbix.conf.php" && \
+    ln -s "${ZABBIX_CONF_DIR}/web/maintenance.inc.php" "${ZABBIX_WWW_ROOT}/conf/maintenance.inc.php" && \
+    cat ${ZABBIX_WWW_ROOT}/include/locales.inc.php | grep display | grep true | awk '{$1=$1};1' | \
         cut -d"'" -f 2 | sort | \
         xargs -I '{}' bash -c 'echo "{}" && localedef -c -i {} -f UTF-8 {}.UTF-8 2>/dev/null' && \
-    chown --quiet -R zabbix:root ${ZABBIX_CONF_DIR}/ /usr/share/zabbix/include/defines.inc.php /usr/share/zabbix/modules/ && \
-    chgrp -R 0 ${ZABBIX_CONF_DIR}/ /usr/share/zabbix/include/defines.inc.php /usr/share/zabbix/modules/ && \
-    chmod -R g=u ${ZABBIX_CONF_DIR}/ /usr/share/zabbix/include/defines.inc.php /usr/share/zabbix/modules/ && \
+    chown --quiet -R zabbix:root ${ZABBIX_CONF_DIR}/ ${ZABBIX_WWW_ROOT}/include/defines.inc.php ${ZABBIX_WWW_ROOT}/modules/ && \
+    chgrp -R 0 ${ZABBIX_CONF_DIR}/ ${ZABBIX_WWW_ROOT}/include/defines.inc.php ${ZABBIX_WWW_ROOT}/modules/ && \
+    chmod -R g=u ${ZABBIX_CONF_DIR}/ ${ZABBIX_WWW_ROOT}/include/defines.inc.php ${ZABBIX_WWW_ROOT}/modules/ && \
     chown --quiet -R zabbix:root /etc/nginx/ /etc/php-fpm.d/ /etc/php-fpm.conf /var/log/nginx/ && \
     chgrp -R 0 /etc/nginx/ /etc/php-fpm.d/ /etc/php-fpm.conf /var/log/nginx/ && \
     chmod -R g=u /etc/nginx/ /etc/php-fpm.d/ /etc/php-fpm.conf /var/log/nginx/ && \
@@ -156,9 +157,12 @@ RUN --mount=type=tmpfs,target=/var/lib/dnf/ \
             findutils \
             glibc-locale-source
 
+HEALTHCHECK --interval=1m30s --timeout=3s --retries=3 --start-period=40s --start-interval=5s \
+    CMD curl -f http://localhost:8080/ping || exit 1
+
 EXPOSE 8080/TCP 8443/TCP
 
-WORKDIR /usr/share/zabbix
+WORKDIR ${ZABBIX_WWW_ROOT}
 
 COPY ["docker-entrypoint.sh", "/usr/bin/"]
 
diff --git a/Dockerfiles/web-nginx-mysql/rhel/conf/etc/php-fpm.conf b/Dockerfiles/web-nginx-mysql/rhel/conf/etc/php-fpm.conf
index ce0225346c..c3accf48d8 100644
--- a/Dockerfiles/web-nginx-mysql/rhel/conf/etc/php-fpm.conf
+++ b/Dockerfiles/web-nginx-mysql/rhel/conf/etc/php-fpm.conf
@@ -5,5 +5,6 @@ include=/etc/php-fpm.d/*.conf
 pid = /tmp/php-fpm.pid
 
 error_log = /dev/fd/2
+log_level = notice
 
 daemonize = no
diff --git a/Dockerfiles/web-nginx-mysql/rhel/conf/etc/zabbix/nginx.conf b/Dockerfiles/web-nginx-mysql/rhel/conf/etc/zabbix/nginx.conf
index f33585b149..eb9cd6c645 100644
--- a/Dockerfiles/web-nginx-mysql/rhel/conf/etc/zabbix/nginx.conf
+++ b/Dockerfiles/web-nginx-mysql/rhel/conf/etc/zabbix/nginx.conf
@@ -46,8 +46,17 @@ server {
         return 404;
     }
 
+    location = /nginx-status {
+        access_log off;
+        allow 127.0.0.1;
+        allow ::1;
+        deny all;
+        stub_status;
+    }
+
     location ~ ^/(status|ping)$ {
         access_log off;
+
         fastcgi_pass   unix:/tmp/php-fpm.sock;
 
         fastcgi_param  SCRIPT_FILENAME  $webroot$fastcgi_script_name;
diff --git a/Dockerfiles/web-nginx-mysql/rhel/docker-entrypoint.sh b/Dockerfiles/web-nginx-mysql/rhel/docker-entrypoint.sh
index 1e147d0a1c..0d945631c3 100755
--- a/Dockerfiles/web-nginx-mysql/rhel/docker-entrypoint.sh
+++ b/Dockerfiles/web-nginx-mysql/rhel/docker-entrypoint.sh
@@ -18,14 +18,19 @@ fi
 # Default timezone for web interface
 : ${PHP_TZ:="Europe/Riga"}
 
-# Default user
+# Default user settings
 : ${DAEMON_USER:="nginx"}
+: ${DAEMON_GROUP:="nginx"}
 
 # Default directories
-# Web interface www-root directory
-ZABBIX_WWW_ROOT="/usr/share/zabbix"
 # Nginx main configuration file
 NGINX_CONF_FILE="/etc/nginx/nginx.conf"
+# Nginx virtual hosts configuration directory
+NGINX_CONFD_DIR="/etc/nginx/conf.d"
+# Directory with SSL certificate files for Nginx
+NGINX_SSL_CONFIG_DIR="/etc/ssl/nginx"
+# PHP-FPM configuration file
+PHP_CONFIG_FILE="/etc/php-fpm.d/zabbix.conf"
 
 # usage: file_env VAR [DEFAULT]
 # as example: file_env 'MYSQL_PASSWORD' 'zabbix'
@@ -134,37 +139,81 @@ check_db_connect() {
 }
 
 prepare_web_server() {
-    NGINX_CONFD_DIR="/etc/nginx/conf.d"
-    NGINX_SSL_CONFIG="/etc/ssl/nginx"
+    if [ "$(id -u)" == '0' ]; then
+        sed -i -e "/^[#;] user/s/.*/user ${DAEMON_USER};/" "$NGINX_CONF_FILE"
+    fi
 
     if [ ! -f "/proc/net/if_inet6" ]; then
         sed -i '/listen \[::\]/d' "$ZABBIX_CONF_DIR/nginx.conf"
+        sed -i '/allow ::1/d' "$ZABBIX_CONF_DIR/nginx.conf"
         sed -i '/listen \[::\]/d' "$ZABBIX_CONF_DIR/nginx_ssl.conf"
+        sed -i '/allow ::1/d' "$ZABBIX_CONF_DIR/nginx_ssl.conf"
     fi
 
     echo "** Adding Zabbix virtual host (HTTP)"
     if [ -f "$ZABBIX_CONF_DIR/nginx.conf" ]; then
-        ln -s "$ZABBIX_CONF_DIR/nginx.conf" "$NGINX_CONFD_DIR"
+        ln -sfT "$ZABBIX_CONF_DIR/nginx.conf" "$NGINX_CONFD_DIR/nginx.conf"
     else
         echo "**** Impossible to enable HTTP virtual host"
     fi
 
-    if [ -f "$NGINX_SSL_CONFIG/ssl.crt" ] && [ -f "$NGINX_SSL_CONFIG/ssl.key" ] && [ -f "$NGINX_SSL_CONFIG/dhparam.pem" ]; then
+    if [ -f "$NGINX_SSL_CONFIG_DIR/ssl.crt" ] && [ -f "$NGINX_SSL_CONFIG_DIR/ssl.key" ] && [ -f "$NGINX_SSL_CONFIG_DIR/dhparam.pem" ]; then
         echo "** Enable SSL support for Nginx"
         if [ -f "$ZABBIX_CONF_DIR/nginx_ssl.conf" ]; then
-            ln -s "$ZABBIX_CONF_DIR/nginx_ssl.conf" "$NGINX_CONFD_DIR"
+            ln -sfT "$ZABBIX_CONF_DIR/nginx_ssl.conf" "$NGINX_CONFD_DIR/nginx_ssl.conf"
         else
             echo "**** Impossible to enable HTTPS virtual host"
         fi
     else
         echo "**** Impossible to enable SSL support for Nginx. Certificates are missed."
     fi
-}
 
-prepare_zbx_web_config() {
-    echo "** Preparing Zabbix frontend configuration file"
+    FCGI_READ_TIMEOUT=$(expr ${ZBX_MAXEXECUTIONTIME} + 1)
+    sed -i \
+        -e "s/{FCGI_READ_TIMEOUT}/${FCGI_READ_TIMEOUT}/g" \
+    "$ZABBIX_CONF_DIR/nginx.conf"
+
+    : ${HTTP_INDEX_FILE:="index.php"}
+    sed -i \
+        -e "s/{HTTP_INDEX_FILE}/${HTTP_INDEX_FILE}/g" \
+    "$ZABBIX_CONF_DIR/nginx.conf"
+
+    if [ -f "$ZABBIX_CONF_DIR/nginx_ssl.conf" ]; then
+        sed -i \
+            -e "s/{FCGI_READ_TIMEOUT}/${FCGI_READ_TIMEOUT}/g" \
+        "$ZABBIX_CONF_DIR/nginx_ssl.conf"
+
+        sed -i \
+            -e "s/{HTTP_INDEX_FILE}/${HTTP_INDEX_FILE}/g" \
+        "$ZABBIX_CONF_DIR/nginx_ssl.conf"
+    fi
+
+    : ${ENABLE_WEB_ACCESS_LOG:="true"}
+
+    if [ "${ENABLE_WEB_ACCESS_LOG,,}" == "false" ]; then
+        sed -ri \
+            -e 's!^(\s*access_log).+\;!\1 off\;!g' \
+            "$NGINX_CONF_FILE"
+        sed -ri \
+            -e 's!^(\s*access_log).+\;!\1 off\;!g' \
+            "$ZABBIX_CONF_DIR/nginx.conf"
+        sed -ri \
+            -e 's!^(\s*access_log).+\;!\1 off\;!g' \
+            "$ZABBIX_CONF_DIR/nginx_ssl.conf"
+    fi
+
+    : ${EXPOSE_WEB_SERVER_INFO:="on"}
+
+    [[ "${EXPOSE_WEB_SERVER_INFO}" != "off" ]] && EXPOSE_WEB_SERVER_INFO="on"
+
+    export EXPOSE_WEB_SERVER_INFO=${EXPOSE_WEB_SERVER_INFO}
+    sed -i \
+        -e "s/{EXPOSE_WEB_SERVER_INFO}/${EXPOSE_WEB_SERVER_INFO}/g" \
+    "$NGINX_CONF_FILE"
+}
 
-    PHP_CONFIG_FILE="/etc/php-fpm.d/zabbix.conf"
+prepare_zbx_php_config() {
+    echo "** Preparing PHP configuration"
 
     export PHP_FPM_PM=${PHP_FPM_PM:-"dynamic"}
     export PHP_FPM_PM_MAX_CHILDREN=${PHP_FPM_PM_MAX_CHILDREN:-"50"}
@@ -174,12 +223,10 @@ prepare_zbx_web_config() {
     export PHP_FPM_PM_MAX_REQUESTS=${PHP_FPM_PM_MAX_REQUESTS:-"0"}
 
     if [ "$(id -u)" == '0' ]; then
-        sed -i -e "/^[#;] user/s/.*/user ${DAEMON_USER};/" "$NGINX_CONF_FILE"
-
         echo "user = ${DAEMON_USER}" >> "$PHP_CONFIG_FILE"
-        echo "group = ${DAEMON_USER}" >> "$PHP_CONFIG_FILE"
+        echo "group = ${DAEMON_GROUP}" >> "$PHP_CONFIG_FILE"
         echo "listen.owner = ${DAEMON_USER}" >> "$PHP_CONFIG_FILE"
-        echo "listen.group = ${DAEMON_USER}" >> "$PHP_CONFIG_FILE"
+        echo "listen.group = ${DAEMON_GROUP}" >> "$PHP_CONFIG_FILE"
     fi
 
     : ${ZBX_DENY_GUI_ACCESS:="false"}
@@ -233,55 +280,14 @@ prepare_zbx_web_config() {
 
     : ${ZBX_ALLOW_HTTP_AUTH:="true"}
     export ZBX_ALLOW_HTTP_AUTH=${ZBX_ALLOW_HTTP_AUTH}
+}
 
+prepare_zbx_config() {
     if [ -n "${ZBX_SESSION_NAME}" ]; then
         cp "$ZABBIX_WWW_ROOT/include/defines.inc.php" "/tmp/defines.inc.php_tmp"
         sed "/ZBX_SESSION_NAME/s/'[^']*'/'${ZBX_SESSION_NAME}'/2" "/tmp/defines.inc.php_tmp" > "$ZABBIX_WWW_ROOT/include/defines.inc.php"
         rm -f "/tmp/defines.inc.php_tmp"
     fi
-
-    FCGI_READ_TIMEOUT=$(expr ${ZBX_MAXEXECUTIONTIME} + 1)
-    sed -i \
-        -e "s/{FCGI_READ_TIMEOUT}/${FCGI_READ_TIMEOUT}/g" \
-    "$ZABBIX_CONF_DIR/nginx.conf"
-
-    : ${HTTP_INDEX_FILE:="index.php"}
-    sed -i \
-        -e "s/{HTTP_INDEX_FILE}/${HTTP_INDEX_FILE}/g" \
-    "$ZABBIX_CONF_DIR/nginx.conf"
-
-    if [ -f "$ZABBIX_CONF_DIR/nginx_ssl.conf" ]; then
-        sed -i \
-            -e "s/{FCGI_READ_TIMEOUT}/${FCGI_READ_TIMEOUT}/g" \
-        "$ZABBIX_CONF_DIR/nginx_ssl.conf"
-
-        sed -i \
-            -e "s/{HTTP_INDEX_FILE}/${HTTP_INDEX_FILE}/g" \
-        "$ZABBIX_CONF_DIR/nginx_ssl.conf"
-    fi
-
-    : ${ENABLE_WEB_ACCESS_LOG:="true"}
-
-    if [ "${ENABLE_WEB_ACCESS_LOG,,}" == "false" ]; then
-        sed -ri \
-            -e 's!^(\s*access_log).+\;!\1 off\;!g' \
-            "$NGINX_CONF_FILE"
-        sed -ri \
-            -e 's!^(\s*access_log).+\;!\1 off\;!g' \
-            "$ZABBIX_CONF_DIR/nginx.conf"
-        sed -ri \
-            -e 's!^(\s*access_log).+\;!\1 off\;!g' \
-            "$ZABBIX_CONF_DIR/nginx_ssl.conf"
-    fi
-
-    : ${EXPOSE_WEB_SERVER_INFO:="on"}
-
-    [[ "${EXPOSE_WEB_SERVER_INFO}" != "off" ]] && EXPOSE_WEB_SERVER_INFO="on"
-
-    export EXPOSE_WEB_SERVER_INFO=${EXPOSE_WEB_SERVER_INFO}
-    sed -i \
-        -e "s/{EXPOSE_WEB_SERVER_INFO}/${EXPOSE_WEB_SERVER_INFO}/g" \
-    "$NGINX_CONF_FILE"
 }
 
 #################################################
@@ -290,8 +296,9 @@ echo "** Deploying Zabbix web-interface (Nginx) with MySQL database"
 
 check_variables
 check_db_connect
+prepare_zbx_php_config
 prepare_web_server
-prepare_zbx_web_config
+prepare_zbx_config
 
 echo "########################################################"
 
diff --git a/Dockerfiles/web-nginx-mysql/ubuntu/Dockerfile b/Dockerfiles/web-nginx-mysql/ubuntu/Dockerfile
index 9113f5841a..0edd47e1db 100644
--- a/Dockerfiles/web-nginx-mysql/ubuntu/Dockerfile
+++ b/Dockerfiles/web-nginx-mysql/ubuntu/Dockerfile
@@ -14,7 +14,8 @@ ARG ZBX_SOURCES=https://git.zabbix.com/scm/zbx/zabbix.git
 
 ENV TERM=xterm \
     ZBX_VERSION=${ZBX_VERSION} ZBX_SOURCES=${ZBX_SOURCES} \
-    ZABBIX_CONF_DIR="/etc/zabbix"
+    ZABBIX_CONF_DIR="/etc/zabbix" \
+    ZABBIX_WWW_ROOT="/usr/share/zabbix"
 
 LABEL org.opencontainers.image.authors="Alexey Pustovalov <alexey.pustovalov@zabbix.com>" \
       org.opencontainers.image.description="Zabbix web-interface based on Nginx web server with MySQL database support" \
@@ -28,7 +29,7 @@ LABEL org.opencontainers.image.authors="Alexey Pustovalov <alexey.pustovalov@zab
 
 STOPSIGNAL SIGTERM
 
-COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}/ui", "/usr/share/zabbix"]
+COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}/ui", "${ZABBIX_WWW_ROOT}"]
 COPY ["conf/etc/", "/etc/"]
 
 RUN --mount=type=cache,target=/var/cache/apt/,sharing=locked \
@@ -80,23 +81,23 @@ RUN --mount=type=cache,target=/var/cache/apt/,sharing=locked \
     rm -f /etc/php/8.3/fpm/php-fpm.conf.dpkg-dist && \
     ln -sf /dev/stdout /var/log/nginx/access.log && \
     ln -sf /dev/stderr /var/log/nginx/error.log && \
-    cd /usr/share/zabbix/ && \
+    cd ${ZABBIX_WWW_ROOT}/ && \
     rm -f conf/zabbix.conf.php conf/maintenance.inc.php conf/zabbix.conf.php.example && \
     rm -rf tests && \
     rm -f locale/add_new_language.sh locale/update_po.sh locale/make_mo.sh && \
-    find /usr/share/zabbix/locale -name '*.po' | xargs rm -f && \
-    find /usr/share/zabbix/locale -name '*.sh' | xargs rm -f && \
-    ln -s "${ZABBIX_CONF_DIR}/web/zabbix.conf.php" "/usr/share/zabbix/conf/zabbix.conf.php" && \
-    ln -s "${ZABBIX_CONF_DIR}/web/maintenance.inc.php" "/usr/share/zabbix/conf/maintenance.inc.php" && \
+    find ${ZABBIX_WWW_ROOT}/locale -name '*.po' | xargs rm -f && \
+    find ${ZABBIX_WWW_ROOT}/locale -name '*.sh' | xargs rm -f && \
+    ln -s "${ZABBIX_CONF_DIR}/web/zabbix.conf.php" "${ZABBIX_WWW_ROOT}/conf/zabbix.conf.php" && \
+    ln -s "${ZABBIX_CONF_DIR}/web/maintenance.inc.php" "${ZABBIX_WWW_ROOT}/conf/maintenance.inc.php" && \
     mkdir -p /var/lib/locales/supported.d/ && \
     rm -f /var/lib/locales/supported.d/local && \
-    cat /usr/share/zabbix/include/locales.inc.php | grep display | grep true | awk '{$1=$1};1' | \
+    cat ${ZABBIX_WWW_ROOT}/include/locales.inc.php | grep display | grep true | awk '{$1=$1};1' | \
         cut -d"'" -f 2 | sort | \
         xargs -I '{}' bash -c 'echo "{}.UTF-8 UTF-8" >> /var/lib/locales/supported.d/local' && \
     dpkg-reconfigure locales && \
-    chown --quiet -R zabbix:root ${ZABBIX_CONF_DIR}/ /usr/share/zabbix/include/defines.inc.php /usr/share/zabbix/modules/ && \
-    chgrp -R 0 ${ZABBIX_CONF_DIR}/ /usr/share/zabbix/include/defines.inc.php /usr/share/zabbix/modules/ && \
-    chmod -R g=u ${ZABBIX_CONF_DIR}/ /usr/share/zabbix/include/defines.inc.php /usr/share/zabbix/modules/ && \
+    chown --quiet -R zabbix:root ${ZABBIX_CONF_DIR}/ ${ZABBIX_WWW_ROOT}/include/defines.inc.php ${ZABBIX_WWW_ROOT}/modules/ && \
+    chgrp -R 0 ${ZABBIX_CONF_DIR}/ ${ZABBIX_WWW_ROOT}/include/defines.inc.php ${ZABBIX_WWW_ROOT}/modules/ && \
+    chmod -R g=u ${ZABBIX_CONF_DIR}/ ${ZABBIX_WWW_ROOT}/include/defines.inc.php ${ZABBIX_WWW_ROOT}/modules/ && \
     chown --quiet -R zabbix:root /etc/nginx/ /etc/php/8.3/fpm/php-fpm.conf /etc/php/8.3/fpm/pool.d/ && \
     chgrp -R 0 /etc/nginx/ /etc/php/8.3/fpm/php-fpm.conf /etc/php/8.3/fpm/pool.d/ && \
     chmod -R g=u /etc/nginx/ /etc/php/8.3/fpm/php-fpm.conf /etc/php/8.3/fpm/pool.d/ && \
@@ -104,9 +105,12 @@ RUN --mount=type=cache,target=/var/cache/apt/,sharing=locked \
     chgrp -R 0 /var/lib/php/session/ && \
     chmod -R g=u /var/lib/php/session/
 
+HEALTHCHECK --interval=1m30s --timeout=3s --retries=3 --start-period=40s --start-interval=5s \
+    CMD curl -f http://localhost:8080/ping || exit 1
+
 EXPOSE 8080/TCP 8443/TCP
 
-WORKDIR /usr/share/zabbix
+WORKDIR ${ZABBIX_WWW_ROOT}
 
 COPY ["docker-entrypoint.sh", "/usr/bin/"]
 
diff --git a/Dockerfiles/web-nginx-mysql/ubuntu/conf/etc/php/8.3/fpm/php-fpm.conf b/Dockerfiles/web-nginx-mysql/ubuntu/conf/etc/php/8.3/fpm/php-fpm.conf
index 14deee27a6..5311405bf4 100644
--- a/Dockerfiles/web-nginx-mysql/ubuntu/conf/etc/php/8.3/fpm/php-fpm.conf
+++ b/Dockerfiles/web-nginx-mysql/ubuntu/conf/etc/php/8.3/fpm/php-fpm.conf
@@ -5,5 +5,6 @@ include=/etc/php/8.3/fpm/pool.d/*.conf
 pid = /tmp/php-fpm.pid
 
 error_log = /dev/fd/2
+log_level = notice
 
 daemonize = no
diff --git a/Dockerfiles/web-nginx-mysql/ubuntu/conf/etc/zabbix/nginx.conf b/Dockerfiles/web-nginx-mysql/ubuntu/conf/etc/zabbix/nginx.conf
index f33585b149..eb9cd6c645 100644
--- a/Dockerfiles/web-nginx-mysql/ubuntu/conf/etc/zabbix/nginx.conf
+++ b/Dockerfiles/web-nginx-mysql/ubuntu/conf/etc/zabbix/nginx.conf
@@ -46,8 +46,17 @@ server {
         return 404;
     }
 
+    location = /nginx-status {
+        access_log off;
+        allow 127.0.0.1;
+        allow ::1;
+        deny all;
+        stub_status;
+    }
+
     location ~ ^/(status|ping)$ {
         access_log off;
+
         fastcgi_pass   unix:/tmp/php-fpm.sock;
 
         fastcgi_param  SCRIPT_FILENAME  $webroot$fastcgi_script_name;
diff --git a/Dockerfiles/web-nginx-mysql/ubuntu/docker-entrypoint.sh b/Dockerfiles/web-nginx-mysql/ubuntu/docker-entrypoint.sh
index 5b7e209a6e..faf50953b2 100755
--- a/Dockerfiles/web-nginx-mysql/ubuntu/docker-entrypoint.sh
+++ b/Dockerfiles/web-nginx-mysql/ubuntu/docker-entrypoint.sh
@@ -18,14 +18,19 @@ fi
 # Default timezone for web interface
 : ${PHP_TZ:="Europe/Riga"}
 
-# Default user
+# Default user settings
 : ${DAEMON_USER:="www-data"}
+: ${DAEMON_GROUP:="www-data"}
 
 # Default directories
-# Web interface www-root directory
-ZABBIX_WWW_ROOT="/usr/share/zabbix"
 # Nginx main configuration file
-NGINX_CONF_FILE="/etc/nginx/nginx.conf"
+NGINX_MAIN_FILE="/etc/nginx/nginx.conf"
+# Nginx virtual hosts configuration directory
+NGINX_CONFD_DIR="/etc/nginx/http.d"
+# Directory with SSL certificate files for Nginx
+NGINX_SSL_CONFIG_DIR="/etc/ssl/nginx"
+# PHP-FPM configuration file
+PHP_CONFIG_FILE="/etc/php/8.3/fpm/pool.d/zabbix.conf"
 
 # usage: file_env VAR [DEFAULT]
 # as example: file_env 'MYSQL_PASSWORD' 'zabbix'
@@ -134,12 +139,15 @@ check_db_connect() {
 }
 
 prepare_web_server() {
-    NGINX_CONFD_DIR="/etc/nginx/conf.d"
-    NGINX_SSL_CONFIG="/etc/ssl/nginx"
+    if [ "$(id -u)" == '0' ]; then
+        sed -i -e "/^[#;] user/s/.*/user ${DAEMON_USER};/" "$NGINX_CONF_FILE"
+    fi
 
     if [ ! -f "/proc/net/if_inet6" ]; then
         sed -i '/listen \[::\]/d' "$ZABBIX_CONF_DIR/nginx.conf"
+        sed -i '/allow ::1/d' "$ZABBIX_CONF_DIR/nginx.conf"
         sed -i '/listen \[::\]/d' "$ZABBIX_CONF_DIR/nginx_ssl.conf"
+        sed -i '/allow ::1/d' "$ZABBIX_CONF_DIR/nginx_ssl.conf"
     fi
 
     echo "** Adding Zabbix virtual host (HTTP)"
@@ -149,7 +157,7 @@ prepare_web_server() {
         echo "**** Impossible to enable HTTP virtual host"
     fi
 
-    if [ -f "$NGINX_SSL_CONFIG/ssl.crt" ] && [ -f "$NGINX_SSL_CONFIG/ssl.key" ] && [ -f "$NGINX_SSL_CONFIG/dhparam.pem" ]; then
+    if [ -f "$NGINX_SSL_CONFIG_DIR/ssl.crt" ] && [ -f "$NGINX_SSL_CONFIG_DIR/ssl.key" ] && [ -f "$NGINX_SSL_CONFIG_DIR/dhparam.pem" ]; then
         echo "** Enable SSL support for Nginx"
         if [ -f "$ZABBIX_CONF_DIR/nginx_ssl.conf" ]; then
             ln -sfT "$ZABBIX_CONF_DIR/nginx_ssl.conf" "$NGINX_CONFD_DIR/nginx_ssl.conf"
@@ -159,12 +167,53 @@ prepare_web_server() {
     else
         echo "**** Impossible to enable SSL support for Nginx. Certificates are missed."
     fi
-}
 
-prepare_zbx_web_config() {
-    echo "** Preparing Zabbix frontend configuration file"
+    FCGI_READ_TIMEOUT=$(expr ${ZBX_MAXEXECUTIONTIME} + 1)
+    sed -i \
+        -e "s/{FCGI_READ_TIMEOUT}/${FCGI_READ_TIMEOUT}/g" \
+    "$ZABBIX_CONF_DIR/nginx.conf"
+
+    : ${HTTP_INDEX_FILE:="index.php"}
+    sed -i \
+        -e "s/{HTTP_INDEX_FILE}/${HTTP_INDEX_FILE}/g" \
+    "$ZABBIX_CONF_DIR/nginx.conf"
+
+    if [ -f "$ZABBIX_CONF_DIR/nginx_ssl.conf" ]; then
+        sed -i \
+            -e "s/{FCGI_READ_TIMEOUT}/${FCGI_READ_TIMEOUT}/g" \
+        "$ZABBIX_CONF_DIR/nginx_ssl.conf"
+
+        sed -i \
+            -e "s/{HTTP_INDEX_FILE}/${HTTP_INDEX_FILE}/g" \
+        "$ZABBIX_CONF_DIR/nginx_ssl.conf"
+    fi
+
+    : ${ENABLE_WEB_ACCESS_LOG:="true"}
+
+    if [ "${ENABLE_WEB_ACCESS_LOG,,}" == "false" ]; then
+        sed -ri \
+            -e 's!^(\s*access_log).+\;!\1 off\;!g' \
+            "$NGINX_CONF_FILE"
+        sed -ri \
+            -e 's!^(\s*access_log).+\;!\1 off\;!g' \
+            "$ZABBIX_CONF_DIR/nginx.conf"
+        sed -ri \
+            -e 's!^(\s*access_log).+\;!\1 off\;!g' \
+            "$ZABBIX_CONF_DIR/nginx_ssl.conf"
+    fi
+
+    : ${EXPOSE_WEB_SERVER_INFO:="on"}
+
+    [[ "${EXPOSE_WEB_SERVER_INFO}" != "off" ]] && EXPOSE_WEB_SERVER_INFO="on"
+
+    export EXPOSE_WEB_SERVER_INFO=${EXPOSE_WEB_SERVER_INFO}
+    sed -i \
+        -e "s/{EXPOSE_WEB_SERVER_INFO}/${EXPOSE_WEB_SERVER_INFO}/g" \
+    "$NGINX_CONF_FILE"
+}
 
-    PHP_CONFIG_FILE="/etc/php/8.3/fpm/pool.d/zabbix.conf"
+prepare_zbx_php_config() {
+    echo "** Preparing PHP configuration"
 
     export PHP_FPM_PM=${PHP_FPM_PM:-"dynamic"}
     export PHP_FPM_PM_MAX_CHILDREN=${PHP_FPM_PM_MAX_CHILDREN:-"50"}
@@ -174,12 +223,10 @@ prepare_zbx_web_config() {
     export PHP_FPM_PM_MAX_REQUESTS=${PHP_FPM_PM_MAX_REQUESTS:-"0"}
 
     if [ "$(id -u)" == '0' ]; then
-        sed -i -e "/^[#;] user/s/.*/user ${DAEMON_USER};/" "$NGINX_CONF_FILE"
-
         echo "user = ${DAEMON_USER}" >> "$PHP_CONFIG_FILE"
-        echo "group = ${DAEMON_USER}" >> "$PHP_CONFIG_FILE"
+        echo "group = ${DAEMON_GROUP}" >> "$PHP_CONFIG_FILE"
         echo "listen.owner = ${DAEMON_USER}" >> "$PHP_CONFIG_FILE"
-        echo "listen.group = ${DAEMON_USER}" >> "$PHP_CONFIG_FILE"
+        echo "listen.group = ${DAEMON_GROUP}" >> "$PHP_CONFIG_FILE"
     fi
 
     : ${ZBX_DENY_GUI_ACCESS:="false"}
@@ -233,55 +280,14 @@ prepare_zbx_web_config() {
 
     : ${ZBX_ALLOW_HTTP_AUTH:="true"}
     export ZBX_ALLOW_HTTP_AUTH=${ZBX_ALLOW_HTTP_AUTH}
+}
 
+prepare_zbx_config() {
     if [ -n "${ZBX_SESSION_NAME}" ]; then
         cp "$ZABBIX_WWW_ROOT/include/defines.inc.php" "/tmp/defines.inc.php_tmp"
         sed "/ZBX_SESSION_NAME/s/'[^']*'/'${ZBX_SESSION_NAME}'/2" "/tmp/defines.inc.php_tmp" > "$ZABBIX_WWW_ROOT/include/defines.inc.php"
         rm -f "/tmp/defines.inc.php_tmp"
     fi
-
-    FCGI_READ_TIMEOUT=$(expr ${ZBX_MAXEXECUTIONTIME} + 1)
-    sed -i \
-        -e "s/{FCGI_READ_TIMEOUT}/${FCGI_READ_TIMEOUT}/g" \
-    "$ZABBIX_CONF_DIR/nginx.conf"
-
-    : ${HTTP_INDEX_FILE:="index.php"}
-    sed -i \
-        -e "s/{HTTP_INDEX_FILE}/${HTTP_INDEX_FILE}/g" \
-    "$ZABBIX_CONF_DIR/nginx.conf"
-
-    if [ -f "$ZABBIX_CONF_DIR/nginx_ssl.conf" ]; then
-        sed -i \
-            -e "s/{FCGI_READ_TIMEOUT}/${FCGI_READ_TIMEOUT}/g" \
-        "$ZABBIX_CONF_DIR/nginx_ssl.conf"
-
-        sed -i \
-            -e "s/{HTTP_INDEX_FILE}/${HTTP_INDEX_FILE}/g" \
-        "$ZABBIX_CONF_DIR/nginx_ssl.conf"
-    fi
-
-    : ${ENABLE_WEB_ACCESS_LOG:="true"}
-
-    if [ "${ENABLE_WEB_ACCESS_LOG,,}" == "false" ]; then
-        sed -ri \
-            -e 's!^(\s*access_log).+\;!\1 off\;!g' \
-            "$NGINX_CONF_FILE"
-        sed -ri \
-            -e 's!^(\s*access_log).+\;!\1 off\;!g' \
-            "$ZABBIX_CONF_DIR/nginx.conf"
-        sed -ri \
-            -e 's!^(\s*access_log).+\;!\1 off\;!g' \
-            "$ZABBIX_CONF_DIR/nginx_ssl.conf"
-    fi
-
-    : ${EXPOSE_WEB_SERVER_INFO:="on"}
-
-    [[ "${EXPOSE_WEB_SERVER_INFO}" != "off" ]] && EXPOSE_WEB_SERVER_INFO="on"
-
-    export EXPOSE_WEB_SERVER_INFO=${EXPOSE_WEB_SERVER_INFO}
-    sed -i \
-        -e "s/{EXPOSE_WEB_SERVER_INFO}/${EXPOSE_WEB_SERVER_INFO}/g" \
-    "$NGINX_CONF_FILE"
 }
 
 #################################################
@@ -290,8 +296,9 @@ echo "** Deploying Zabbix web-interface (Nginx) with MySQL database"
 
 check_variables
 check_db_connect
+prepare_zbx_php_config
 prepare_web_server
-prepare_zbx_web_config
+prepare_zbx_config
 
 echo "########################################################"
 
diff --git a/Dockerfiles/web-nginx-pgsql/alpine/Dockerfile b/Dockerfiles/web-nginx-pgsql/alpine/Dockerfile
index 0e168fa74c..bbfbb135c8 100644
--- a/Dockerfiles/web-nginx-pgsql/alpine/Dockerfile
+++ b/Dockerfiles/web-nginx-pgsql/alpine/Dockerfile
@@ -14,7 +14,8 @@ ARG ZBX_SOURCES=https://git.zabbix.com/scm/zbx/zabbix.git
 
 ENV TERM=xterm \
     ZBX_VERSION=${ZBX_VERSION} ZBX_SOURCES=${ZBX_SOURCES} \
-    ZABBIX_CONF_DIR="/etc/zabbix"
+    ZABBIX_CONF_DIR="/etc/zabbix" \
+    ZABBIX_WWW_ROOT="/usr/share/zabbix"
 
 LABEL org.opencontainers.image.authors="Alexey Pustovalov <alexey.pustovalov@zabbix.com>" \
       org.opencontainers.image.description="Zabbix web-interface based on Nginx web server with PostgreSQL database support" \
@@ -28,7 +29,7 @@ LABEL org.opencontainers.image.authors="Alexey Pustovalov <alexey.pustovalov@zab
 
 STOPSIGNAL SIGTERM
 
-COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}/ui", "/usr/share/zabbix"]
+COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}/ui", "${ZABBIX_WWW_ROOT}"]
 COPY ["conf/etc/", "/etc/"]
 
 RUN set -eux && \
@@ -85,17 +86,17 @@ RUN set -eux && \
     rm -f /etc/nginx/http.d/*.conf && \
     ln -sf /dev/stdout /var/log/nginx/access.log && \
     ln -sf /dev/stderr /var/log/nginx/error.log && \
-    cd /usr/share/zabbix/ && \
+    cd ${ZABBIX_WWW_ROOT}/ && \
     rm -f conf/zabbix.conf.php conf/maintenance.inc.php conf/zabbix.conf.php.example && \
     rm -rf tests && \
     rm -f locale/add_new_language.sh locale/update_po.sh locale/make_mo.sh && \
-    find /usr/share/zabbix/locale -name '*.po' | xargs rm -f && \
-    find /usr/share/zabbix/locale -name '*.sh' | xargs rm -f && \
-    ln -s "${ZABBIX_CONF_DIR}/web/zabbix.conf.php" "/usr/share/zabbix/conf/zabbix.conf.php" && \
-    ln -s "${ZABBIX_CONF_DIR}/web/maintenance.inc.php" "/usr/share/zabbix/conf/maintenance.inc.php" && \
-    chown --quiet -R zabbix:root ${ZABBIX_CONF_DIR}/ /usr/share/zabbix/include/defines.inc.php /usr/share/zabbix/modules/ && \
-    chgrp -R 0 ${ZABBIX_CONF_DIR}/ /usr/share/zabbix/include/defines.inc.php /usr/share/zabbix/modules/ && \
-    chmod -R g=u ${ZABBIX_CONF_DIR}/ /usr/share/zabbix/include/defines.inc.php /usr/share/zabbix/modules/ && \
+    find ${ZABBIX_WWW_ROOT}/locale -name '*.po' | xargs rm -f && \
+    find ${ZABBIX_WWW_ROOT}/locale -name '*.sh' | xargs rm -f && \
+    ln -s "${ZABBIX_CONF_DIR}/web/zabbix.conf.php" "${ZABBIX_WWW_ROOT}/conf/zabbix.conf.php" && \
+    ln -s "${ZABBIX_CONF_DIR}/web/maintenance.inc.php" "${ZABBIX_WWW_ROOT}/conf/maintenance.inc.php" && \
+    chown --quiet -R zabbix:root ${ZABBIX_CONF_DIR}/ ${ZABBIX_WWW_ROOT}/include/defines.inc.php ${ZABBIX_WWW_ROOT}/modules/ && \
+    chgrp -R 0 ${ZABBIX_CONF_DIR}/ ${ZABBIX_WWW_ROOT}/include/defines.inc.php ${ZABBIX_WWW_ROOT}/modules/ && \
+    chmod -R g=u ${ZABBIX_CONF_DIR}/ ${ZABBIX_WWW_ROOT}/include/defines.inc.php ${ZABBIX_WWW_ROOT}/modules/ && \
     chown --quiet -R zabbix:root /etc/nginx/ /etc/php83/php-fpm.d/ /etc/php83/php-fpm.conf && \
     chgrp -R 0 /etc/nginx/ /etc/php83/php-fpm.d/ /etc/php83/php-fpm.conf && \
     chmod -R g=u /etc/nginx/ /etc/php83/php-fpm.d/ /etc/php83/php-fpm.conf && \
@@ -103,9 +104,12 @@ RUN set -eux && \
     chgrp -R 0 /var/lib/php/session/ /var/lib/nginx/ && \
     chmod -R g=u /var/lib/php/session/ /var/lib/nginx/
 
+HEALTHCHECK --interval=1m30s --timeout=3s --retries=3 --start-period=40s --start-interval=5s \
+    CMD curl -f http://localhost:8080/ping || exit 1
+
 EXPOSE 8080/TCP 8443/TCP
 
-WORKDIR /usr/share/zabbix
+WORKDIR ${ZABBIX_WWW_ROOT}
 
 COPY ["docker-entrypoint.sh", "/usr/bin/"]
 
diff --git a/Dockerfiles/web-nginx-pgsql/alpine/conf/etc/php83/php-fpm.conf b/Dockerfiles/web-nginx-pgsql/alpine/conf/etc/php83/php-fpm.conf
index 2e2f3a51d6..e23aa2d905 100644
--- a/Dockerfiles/web-nginx-pgsql/alpine/conf/etc/php83/php-fpm.conf
+++ b/Dockerfiles/web-nginx-pgsql/alpine/conf/etc/php83/php-fpm.conf
@@ -5,5 +5,6 @@ include=/etc/php83/php-fpm.d/*.conf
 pid = /tmp/php-fpm.pid
 
 error_log = /dev/fd/2
+log_level = notice
 
 daemonize = no
diff --git a/Dockerfiles/web-nginx-pgsql/alpine/conf/etc/zabbix/nginx.conf b/Dockerfiles/web-nginx-pgsql/alpine/conf/etc/zabbix/nginx.conf
index f33585b149..eb9cd6c645 100644
--- a/Dockerfiles/web-nginx-pgsql/alpine/conf/etc/zabbix/nginx.conf
+++ b/Dockerfiles/web-nginx-pgsql/alpine/conf/etc/zabbix/nginx.conf
@@ -46,8 +46,17 @@ server {
         return 404;
     }
 
+    location = /nginx-status {
+        access_log off;
+        allow 127.0.0.1;
+        allow ::1;
+        deny all;
+        stub_status;
+    }
+
     location ~ ^/(status|ping)$ {
         access_log off;
+
         fastcgi_pass   unix:/tmp/php-fpm.sock;
 
         fastcgi_param  SCRIPT_FILENAME  $webroot$fastcgi_script_name;
diff --git a/Dockerfiles/web-nginx-pgsql/alpine/docker-entrypoint.sh b/Dockerfiles/web-nginx-pgsql/alpine/docker-entrypoint.sh
index 970a4163ac..957fc4ac95 100755
--- a/Dockerfiles/web-nginx-pgsql/alpine/docker-entrypoint.sh
+++ b/Dockerfiles/web-nginx-pgsql/alpine/docker-entrypoint.sh
@@ -18,14 +18,19 @@ fi
 # Default timezone for web interface
 : ${PHP_TZ:="Europe/Riga"}
 
-# Default user
+# Default user settings
 : ${DAEMON_USER:="nginx"}
+: ${DAEMON_GROUP:="nginx"}
 
 # Default directories
-# Web interface www-root directory
-ZABBIX_WWW_ROOT="/usr/share/zabbix"
 # Nginx main configuration file
 NGINX_CONF_FILE="/etc/nginx/nginx.conf"
+# Nginx virtual hosts configuration directory
+NGINX_CONFD_DIR="/etc/nginx/http.d"
+# Directory with SSL certificate files for Nginx
+NGINX_SSL_CONFIG_DIR="/etc/ssl/nginx"
+# PHP-FPM configuration file
+PHP_CONFIG_FILE="/etc/php83/php-fpm.d/zabbix.conf"
 
 # usage: file_env VAR [DEFAULT]
 # as example: file_env 'MYSQL_PASSWORD' 'zabbix'
@@ -133,12 +138,15 @@ check_db_connect() {
 }
 
 prepare_web_server() {
-    NGINX_CONFD_DIR="/etc/nginx/http.d"
-    NGINX_SSL_CONFIG="/etc/ssl/nginx"
+    if [ "$(id -u)" == '0' ]; then
+        sed -i -e "/^[#;] user/s/.*/user ${DAEMON_USER};/" "$NGINX_CONF_FILE"
+    fi
 
     if [ ! -f "/proc/net/if_inet6" ]; then
         sed -i '/listen \[::\]/d' "$ZABBIX_CONF_DIR/nginx.conf"
+        sed -i '/allow ::1/d' "$ZABBIX_CONF_DIR/nginx.conf"
         sed -i '/listen \[::\]/d' "$ZABBIX_CONF_DIR/nginx_ssl.conf"
+        sed -i '/allow ::1/d' "$ZABBIX_CONF_DIR/nginx_ssl.conf"
     fi
 
     echo "** Adding Zabbix virtual host (HTTP)"
@@ -148,7 +156,7 @@ prepare_web_server() {
         echo "**** Impossible to enable HTTP virtual host"
     fi
 
-    if [ -f "$NGINX_SSL_CONFIG/ssl.crt" ] && [ -f "$NGINX_SSL_CONFIG/ssl.key" ] && [ -f "$NGINX_SSL_CONFIG/dhparam.pem" ]; then
+    if [ -f "$NGINX_SSL_CONFIG_DIR/ssl.crt" ] && [ -f "$NGINX_SSL_CONFIG_DIR/ssl.key" ] && [ -f "$NGINX_SSL_CONFIG_DIR/dhparam.pem" ]; then
         echo "** Enable SSL support for Nginx"
         if [ -f "$ZABBIX_CONF_DIR/nginx_ssl.conf" ]; then
             ln -sfT "$ZABBIX_CONF_DIR/nginx_ssl.conf" "$NGINX_CONFD_DIR/nginx_ssl.conf"
@@ -158,12 +166,53 @@ prepare_web_server() {
     else
         echo "**** Impossible to enable SSL support for Nginx. Certificates are missed."
     fi
-}
 
-prepare_zbx_web_config() {
-    echo "** Preparing Zabbix frontend configuration file"
+    FCGI_READ_TIMEOUT=$(expr ${ZBX_MAXEXECUTIONTIME} + 1)
+    sed -i \
+        -e "s/{FCGI_READ_TIMEOUT}/${FCGI_READ_TIMEOUT}/g" \
+    "$ZABBIX_CONF_DIR/nginx.conf"
+
+    : ${HTTP_INDEX_FILE:="index.php"}
+    sed -i \
+        -e "s/{HTTP_INDEX_FILE}/${HTTP_INDEX_FILE}/g" \
+    "$ZABBIX_CONF_DIR/nginx.conf"
+
+    if [ -f "$ZABBIX_CONF_DIR/nginx_ssl.conf" ]; then
+        sed -i \
+            -e "s/{FCGI_READ_TIMEOUT}/${FCGI_READ_TIMEOUT}/g" \
+        "$ZABBIX_CONF_DIR/nginx_ssl.conf"
+
+        sed -i \
+            -e "s/{HTTP_INDEX_FILE}/${HTTP_INDEX_FILE}/g" \
+        "$ZABBIX_CONF_DIR/nginx_ssl.conf"
+    fi
+
+    : ${ENABLE_WEB_ACCESS_LOG:="true"}
+
+    if [ "${ENABLE_WEB_ACCESS_LOG,,}" == "false" ]; then
+        sed -ri \
+            -e 's!^(\s*access_log).+\;!\1 off\;!g' \
+            "$NGINX_CONF_FILE"
+        sed -ri \
+            -e 's!^(\s*access_log).+\;!\1 off\;!g' \
+            "$ZABBIX_CONF_DIR/nginx.conf"
+        sed -ri \
+            -e 's!^(\s*access_log).+\;!\1 off\;!g' \
+            "$ZABBIX_CONF_DIR/nginx_ssl.conf"
+    fi
+
+    : ${EXPOSE_WEB_SERVER_INFO:="on"}
+
+    [[ "${EXPOSE_WEB_SERVER_INFO}" != "off" ]] && EXPOSE_WEB_SERVER_INFO="on"
+
+    export EXPOSE_WEB_SERVER_INFO=${EXPOSE_WEB_SERVER_INFO}
+    sed -i \
+        -e "s/{EXPOSE_WEB_SERVER_INFO}/${EXPOSE_WEB_SERVER_INFO}/g" \
+    "$NGINX_CONF_FILE"
+}
 
-    PHP_CONFIG_FILE="/etc/php83/php-fpm.d/zabbix.conf"
+prepare_zbx_php_config() {
+    echo "** Preparing PHP configuration"
 
     export PHP_FPM_PM=${PHP_FPM_PM:-"dynamic"}
     export PHP_FPM_PM_MAX_CHILDREN=${PHP_FPM_PM_MAX_CHILDREN:-"50"}
@@ -173,12 +222,10 @@ prepare_zbx_web_config() {
     export PHP_FPM_PM_MAX_REQUESTS=${PHP_FPM_PM_MAX_REQUESTS:-"0"}
 
     if [ "$(id -u)" == '0' ]; then
-        sed -i -e "/^[#;] user/s/.*/user ${DAEMON_USER};/" "$NGINX_CONF_FILE"
-
         echo "user = ${DAEMON_USER}" >> "$PHP_CONFIG_FILE"
-        echo "group = ${DAEMON_USER}" >> "$PHP_CONFIG_FILE"
+        echo "group = ${DAEMON_GROUP}" >> "$PHP_CONFIG_FILE"
         echo "listen.owner = ${DAEMON_USER}" >> "$PHP_CONFIG_FILE"
-        echo "listen.group = ${DAEMON_USER}" >> "$PHP_CONFIG_FILE"
+        echo "listen.group = ${DAEMON_GROUP}" >> "$PHP_CONFIG_FILE"
     fi
 
     : ${ZBX_DENY_GUI_ACCESS:="false"}
@@ -232,55 +279,14 @@ prepare_zbx_web_config() {
 
     : ${ZBX_ALLOW_HTTP_AUTH:="true"}
     export ZBX_ALLOW_HTTP_AUTH=${ZBX_ALLOW_HTTP_AUTH}
+}
 
+prepare_zbx_config() {
     if [ -n "${ZBX_SESSION_NAME}" ]; then
         cp "$ZABBIX_WWW_ROOT/include/defines.inc.php" "/tmp/defines.inc.php_tmp"
         sed "/ZBX_SESSION_NAME/s/'[^']*'/'${ZBX_SESSION_NAME}'/2" "/tmp/defines.inc.php_tmp" > "$ZABBIX_WWW_ROOT/include/defines.inc.php"
         rm -f "/tmp/defines.inc.php_tmp"
     fi
-
-    FCGI_READ_TIMEOUT=$(expr ${ZBX_MAXEXECUTIONTIME} + 1)
-    sed -i \
-        -e "s/{FCGI_READ_TIMEOUT}/${FCGI_READ_TIMEOUT}/g" \
-    "$ZABBIX_CONF_DIR/nginx.conf"
-
-    : ${HTTP_INDEX_FILE:="index.php"}
-    sed -i \
-        -e "s/{HTTP_INDEX_FILE}/${HTTP_INDEX_FILE}/g" \
-    "$ZABBIX_CONF_DIR/nginx.conf"
-
-    if [ -f "$ZABBIX_CONF_DIR/nginx_ssl.conf" ]; then
-        sed -i \
-            -e "s/{FCGI_READ_TIMEOUT}/${FCGI_READ_TIMEOUT}/g" \
-        "$ZABBIX_CONF_DIR/nginx_ssl.conf"
-
-        sed -i \
-            -e "s/{HTTP_INDEX_FILE}/${HTTP_INDEX_FILE}/g" \
-        "$ZABBIX_CONF_DIR/nginx_ssl.conf"
-    fi
-
-    : ${ENABLE_WEB_ACCESS_LOG:="true"}
-
-    if [ "${ENABLE_WEB_ACCESS_LOG,,}" == "false" ]; then
-        sed -ri \
-            -e 's!^(\s*access_log).+\;!\1 off\;!g' \
-            "$NGINX_CONF_FILE"
-        sed -ri \
-            -e 's!^(\s*access_log).+\;!\1 off\;!g' \
-            "$ZABBIX_CONF_DIR/nginx.conf"
-        sed -ri \
-            -e 's!^(\s*access_log).+\;!\1 off\;!g' \
-            "$ZABBIX_CONF_DIR/nginx_ssl.conf"
-    fi
-
-    : ${EXPOSE_WEB_SERVER_INFO:="on"}
-
-    [[ "${EXPOSE_WEB_SERVER_INFO}" != "off" ]] && EXPOSE_WEB_SERVER_INFO="on"
-
-    export EXPOSE_WEB_SERVER_INFO=${EXPOSE_WEB_SERVER_INFO}
-    sed -i \
-        -e "s/{EXPOSE_WEB_SERVER_INFO}/${EXPOSE_WEB_SERVER_INFO}/g" \
-    "$NGINX_CONF_FILE"
 }
 
 #################################################
@@ -289,8 +295,9 @@ echo "** Deploying Zabbix web-interface (Nginx) with PostgreSQL database"
 
 check_variables
 check_db_connect
+prepare_zbx_php_config
 prepare_web_server
-prepare_zbx_web_config
+prepare_zbx_config
 
 echo "########################################################"
 
diff --git a/Dockerfiles/web-nginx-pgsql/centos/Dockerfile b/Dockerfiles/web-nginx-pgsql/centos/Dockerfile
index 40566e543f..eb1a49bffc 100644
--- a/Dockerfiles/web-nginx-pgsql/centos/Dockerfile
+++ b/Dockerfiles/web-nginx-pgsql/centos/Dockerfile
@@ -14,7 +14,8 @@ ARG ZBX_SOURCES=https://git.zabbix.com/scm/zbx/zabbix.git
 
 ENV TERM=xterm \
     ZBX_VERSION=${ZBX_VERSION} ZBX_SOURCES=${ZBX_SOURCES} \
-    ZABBIX_CONF_DIR="/etc/zabbix"
+    ZABBIX_CONF_DIR="/etc/zabbix" \
+    ZABBIX_WWW_ROOT="/usr/share/zabbix"
 
 LABEL org.opencontainers.image.authors="Alexey Pustovalov <alexey.pustovalov@zabbix.com>" \
       org.opencontainers.image.description="Zabbix web-interface based on Nginx web server with PostgreSQL database support" \
@@ -28,7 +29,7 @@ LABEL org.opencontainers.image.authors="Alexey Pustovalov <alexey.pustovalov@zab
 
 STOPSIGNAL SIGTERM
 
-COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}/ui", "/usr/share/zabbix"]
+COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}/ui", "${ZABBIX_WWW_ROOT}"]
 COPY ["conf/etc/", "/etc/"]
 
 RUN --mount=type=tmpfs,target=/var/lib/dnf/ \
@@ -102,20 +103,20 @@ RUN --mount=type=tmpfs,target=/var/lib/dnf/ \
     rm -f /etc/php-fpm.d/www.conf && \
     ln -sf /dev/stdout /var/log/nginx/access.log && \
     ln -sf /dev/stderr /var/log/nginx/error.log && \
-    cd /usr/share/zabbix/ && \
+    cd ${ZABBIX_WWW_ROOT}/ && \
     rm -f conf/zabbix.conf.php conf/maintenance.inc.php conf/zabbix.conf.php.example && \
     rm -rf tests && \
     rm -f locale/add_new_language.sh locale/update_po.sh locale/make_mo.sh && \
-    find /usr/share/zabbix/locale -name '*.po' | xargs rm -f && \
-    find /usr/share/zabbix/locale -name '*.sh' | xargs rm -f && \
-    ln -s "${ZABBIX_CONF_DIR}/web/zabbix.conf.php" "/usr/share/zabbix/conf/zabbix.conf.php" && \
-    ln -s "${ZABBIX_CONF_DIR}/web/maintenance.inc.php" "/usr/share/zabbix/conf/maintenance.inc.php" && \
-    cat /usr/share/zabbix/include/locales.inc.php | grep display | grep true | awk '{$1=$1};1' | \
+    find ${ZABBIX_WWW_ROOT}/locale -name '*.po' | xargs rm -f && \
+    find ${ZABBIX_WWW_ROOT}/locale -name '*.sh' | xargs rm -f && \
+    ln -s "${ZABBIX_CONF_DIR}/web/zabbix.conf.php" "${ZABBIX_WWW_ROOT}/conf/zabbix.conf.php" && \
+    ln -s "${ZABBIX_CONF_DIR}/web/maintenance.inc.php" "${ZABBIX_WWW_ROOT}/conf/maintenance.inc.php" && \
+    cat ${ZABBIX_WWW_ROOT}/include/locales.inc.php | grep display | grep true | awk '{$1=$1};1' | \
         cut -d"'" -f 2 | sort | \
         xargs -I '{}' bash -c 'echo "{}" && localedef -c -i {} -f UTF-8 {}.UTF-8 2>/dev/null' && \
-    chown --quiet -R zabbix:root ${ZABBIX_CONF_DIR}/ /usr/share/zabbix/include/defines.inc.php /usr/share/zabbix/modules/ && \
-    chgrp -R 0 ${ZABBIX_CONF_DIR}/ /usr/share/zabbix/include/defines.inc.php /usr/share/zabbix/modules/ && \
-    chmod -R g=u ${ZABBIX_CONF_DIR}/ /usr/share/zabbix/include/defines.inc.php /usr/share/zabbix/modules/ && \
+    chown --quiet -R zabbix:root ${ZABBIX_CONF_DIR}/ ${ZABBIX_WWW_ROOT}/include/defines.inc.php ${ZABBIX_WWW_ROOT}/modules/ && \
+    chgrp -R 0 ${ZABBIX_CONF_DIR}/ ${ZABBIX_WWW_ROOT}/include/defines.inc.php ${ZABBIX_WWW_ROOT}/modules/ && \
+    chmod -R g=u ${ZABBIX_CONF_DIR}/ ${ZABBIX_WWW_ROOT}/include/defines.inc.php ${ZABBIX_WWW_ROOT}/modules/ && \
     chown --quiet -R zabbix:root /etc/nginx/ /etc/php-fpm.d/ /etc/php-fpm.conf /var/log/nginx/ && \
     chgrp -R 0 /etc/nginx/ /etc/php-fpm.d/ /etc/php-fpm.conf /var/log/nginx/ && \
     chmod -R g=u /etc/nginx/ /etc/php-fpm.d/ /etc/php-fpm.conf /var/log/nginx/ && \
@@ -126,9 +127,12 @@ RUN --mount=type=tmpfs,target=/var/lib/dnf/ \
             findutils \
             glibc-locale-source
 
+HEALTHCHECK --interval=1m30s --timeout=3s --retries=3 --start-period=40s --start-interval=5s \
+    CMD curl -f http://localhost:8080/ping || exit 1
+
 EXPOSE 8080/TCP 8443/TCP
 
-WORKDIR /usr/share/zabbix
+WORKDIR ${ZABBIX_WWW_ROOT}
 
 COPY ["docker-entrypoint.sh", "/usr/bin/"]
 
diff --git a/Dockerfiles/web-nginx-pgsql/centos/conf/etc/php-fpm.conf b/Dockerfiles/web-nginx-pgsql/centos/conf/etc/php-fpm.conf
index ce0225346c..c3accf48d8 100644
--- a/Dockerfiles/web-nginx-pgsql/centos/conf/etc/php-fpm.conf
+++ b/Dockerfiles/web-nginx-pgsql/centos/conf/etc/php-fpm.conf
@@ -5,5 +5,6 @@ include=/etc/php-fpm.d/*.conf
 pid = /tmp/php-fpm.pid
 
 error_log = /dev/fd/2
+log_level = notice
 
 daemonize = no
diff --git a/Dockerfiles/web-nginx-pgsql/centos/conf/etc/zabbix/nginx.conf b/Dockerfiles/web-nginx-pgsql/centos/conf/etc/zabbix/nginx.conf
index f33585b149..eb9cd6c645 100644
--- a/Dockerfiles/web-nginx-pgsql/centos/conf/etc/zabbix/nginx.conf
+++ b/Dockerfiles/web-nginx-pgsql/centos/conf/etc/zabbix/nginx.conf
@@ -46,8 +46,17 @@ server {
         return 404;
     }
 
+    location = /nginx-status {
+        access_log off;
+        allow 127.0.0.1;
+        allow ::1;
+        deny all;
+        stub_status;
+    }
+
     location ~ ^/(status|ping)$ {
         access_log off;
+
         fastcgi_pass   unix:/tmp/php-fpm.sock;
 
         fastcgi_param  SCRIPT_FILENAME  $webroot$fastcgi_script_name;
diff --git a/Dockerfiles/web-nginx-pgsql/centos/docker-entrypoint.sh b/Dockerfiles/web-nginx-pgsql/centos/docker-entrypoint.sh
index 4c54ff0161..77591e6f9a 100755
--- a/Dockerfiles/web-nginx-pgsql/centos/docker-entrypoint.sh
+++ b/Dockerfiles/web-nginx-pgsql/centos/docker-entrypoint.sh
@@ -18,14 +18,19 @@ fi
 # Default timezone for web interface
 : ${PHP_TZ:="Europe/Riga"}
 
-# Default user
+# Default user settings
 : ${DAEMON_USER:="nginx"}
+: ${DAEMON_GROUP:="nginx"}
 
 # Default directories
-# Web interface www-root directory
-ZABBIX_WWW_ROOT="/usr/share/zabbix"
 # Nginx main configuration file
 NGINX_CONF_FILE="/etc/nginx/nginx.conf"
+# Nginx virtual hosts configuration directory
+NGINX_CONFD_DIR="/etc/nginx/conf.d"
+# Directory with SSL certificate files for Nginx
+NGINX_SSL_CONFIG_DIR="/etc/ssl/nginx"
+# PHP-FPM configuration file
+PHP_CONFIG_FILE="/etc/php-fpm.d/zabbix.conf"
 
 # usage: file_env VAR [DEFAULT]
 # as example: file_env 'MYSQL_PASSWORD' 'zabbix'
@@ -133,12 +138,15 @@ check_db_connect() {
 }
 
 prepare_web_server() {
-    NGINX_CONFD_DIR="/etc/nginx/conf.d"
-    NGINX_SSL_CONFIG="/etc/ssl/nginx"
+    if [ "$(id -u)" == '0' ]; then
+        sed -i -e "/^[#;] user/s/.*/user ${DAEMON_USER};/" "$NGINX_CONF_FILE"
+    fi
 
     if [ ! -f "/proc/net/if_inet6" ]; then
         sed -i '/listen \[::\]/d' "$ZABBIX_CONF_DIR/nginx.conf"
+        sed -i '/allow ::1/d' "$ZABBIX_CONF_DIR/nginx.conf"
         sed -i '/listen \[::\]/d' "$ZABBIX_CONF_DIR/nginx_ssl.conf"
+        sed -i '/allow ::1/d' "$ZABBIX_CONF_DIR/nginx_ssl.conf"
     fi
 
     echo "** Adding Zabbix virtual host (HTTP)"
@@ -148,7 +156,7 @@ prepare_web_server() {
         echo "**** Impossible to enable HTTP virtual host"
     fi
 
-    if [ -f "$NGINX_SSL_CONFIG/ssl.crt" ] && [ -f "$NGINX_SSL_CONFIG/ssl.key" ] && [ -f "$NGINX_SSL_CONFIG/dhparam.pem" ]; then
+    if [ -f "$NGINX_SSL_CONFIG_DIR/ssl.crt" ] && [ -f "$NGINX_SSL_CONFIG_DIR/ssl.key" ] && [ -f "$NGINX_SSL_CONFIG_DIR/dhparam.pem" ]; then
         echo "** Enable SSL support for Nginx"
         if [ -f "$ZABBIX_CONF_DIR/nginx_ssl.conf" ]; then
             ln -sfT "$ZABBIX_CONF_DIR/nginx_ssl.conf" "$NGINX_CONFD_DIR/nginx_ssl.conf"
@@ -158,12 +166,53 @@ prepare_web_server() {
     else
         echo "**** Impossible to enable SSL support for Nginx. Certificates are missed."
     fi
-}
 
-prepare_zbx_web_config() {
-    echo "** Preparing Zabbix frontend configuration file"
+    FCGI_READ_TIMEOUT=$(expr ${ZBX_MAXEXECUTIONTIME} + 1)
+    sed -i \
+        -e "s/{FCGI_READ_TIMEOUT}/${FCGI_READ_TIMEOUT}/g" \
+    "$ZABBIX_CONF_DIR/nginx.conf"
+
+    : ${HTTP_INDEX_FILE:="index.php"}
+    sed -i \
+        -e "s/{HTTP_INDEX_FILE}/${HTTP_INDEX_FILE}/g" \
+    "$ZABBIX_CONF_DIR/nginx.conf"
+
+    if [ -f "$ZABBIX_CONF_DIR/nginx_ssl.conf" ]; then
+        sed -i \
+            -e "s/{FCGI_READ_TIMEOUT}/${FCGI_READ_TIMEOUT}/g" \
+        "$ZABBIX_CONF_DIR/nginx_ssl.conf"
+
+        sed -i \
+            -e "s/{HTTP_INDEX_FILE}/${HTTP_INDEX_FILE}/g" \
+        "$ZABBIX_CONF_DIR/nginx_ssl.conf"
+    fi
+
+    : ${ENABLE_WEB_ACCESS_LOG:="true"}
+
+    if [ "${ENABLE_WEB_ACCESS_LOG,,}" == "false" ]; then
+        sed -ri \
+            -e 's!^(\s*access_log).+\;!\1 off\;!g' \
+            "$NGINX_CONF_FILE"
+        sed -ri \
+            -e 's!^(\s*access_log).+\;!\1 off\;!g' \
+            "$ZABBIX_CONF_DIR/nginx.conf"
+        sed -ri \
+            -e 's!^(\s*access_log).+\;!\1 off\;!g' \
+            "$ZABBIX_CONF_DIR/nginx_ssl.conf"
+    fi
 
-    PHP_CONFIG_FILE="/etc/php-fpm.d/zabbix.conf"
+    : ${EXPOSE_WEB_SERVER_INFO:="on"}
+
+    [[ "${EXPOSE_WEB_SERVER_INFO}" != "off" ]] && EXPOSE_WEB_SERVER_INFO="on"
+
+    export EXPOSE_WEB_SERVER_INFO=${EXPOSE_WEB_SERVER_INFO}
+    sed -i \
+        -e "s/{EXPOSE_WEB_SERVER_INFO}/${EXPOSE_WEB_SERVER_INFO}/g" \
+    "$NGINX_CONF_FILE"
+}
+
+prepare_zbx_php_config() {
+    echo "** Preparing PHP configuration"
 
     export PHP_FPM_PM=${PHP_FPM_PM:-"dynamic"}
     export PHP_FPM_PM_MAX_CHILDREN=${PHP_FPM_PM_MAX_CHILDREN:-"50"}
@@ -173,12 +222,10 @@ prepare_zbx_web_config() {
     export PHP_FPM_PM_MAX_REQUESTS=${PHP_FPM_PM_MAX_REQUESTS:-"0"}
 
     if [ "$(id -u)" == '0' ]; then
-        sed -i -e "/^[#;] user/s/.*/user ${DAEMON_USER};/" "$NGINX_CONF_FILE"
-
         echo "user = ${DAEMON_USER}" >> "$PHP_CONFIG_FILE"
-        echo "group = ${DAEMON_USER}" >> "$PHP_CONFIG_FILE"
+        echo "group = ${DAEMON_GROUP}" >> "$PHP_CONFIG_FILE"
         echo "listen.owner = ${DAEMON_USER}" >> "$PHP_CONFIG_FILE"
-        echo "listen.group = ${DAEMON_USER}" >> "$PHP_CONFIG_FILE"
+        echo "listen.group = ${DAEMON_GROUP}" >> "$PHP_CONFIG_FILE"
     fi
 
     : ${ZBX_DENY_GUI_ACCESS:="false"}
@@ -289,8 +336,9 @@ echo "** Deploying Zabbix web-interface (Nginx) with PostgreSQL database"
 
 check_variables
 check_db_connect
+prepare_zbx_php_config
 prepare_web_server
-prepare_zbx_web_config
+prepare_zbx_config
 
 echo "########################################################"
 
diff --git a/Dockerfiles/web-nginx-pgsql/ol/Dockerfile b/Dockerfiles/web-nginx-pgsql/ol/Dockerfile
index 68cfafd8e8..ec37e4346c 100644
--- a/Dockerfiles/web-nginx-pgsql/ol/Dockerfile
+++ b/Dockerfiles/web-nginx-pgsql/ol/Dockerfile
@@ -14,7 +14,8 @@ ARG ZBX_SOURCES=https://git.zabbix.com/scm/zbx/zabbix.git
 
 ENV TERM=xterm \
     ZBX_VERSION=${ZBX_VERSION} ZBX_SOURCES=${ZBX_SOURCES} \
-    ZABBIX_CONF_DIR="/etc/zabbix"
+    ZABBIX_CONF_DIR="/etc/zabbix" \
+    ZABBIX_WWW_ROOT="/usr/share/zabbix"
 
 LABEL org.opencontainers.image.authors="Alexey Pustovalov <alexey.pustovalov@zabbix.com>" \
       org.opencontainers.image.description="Zabbix web-interface based on Nginx web server with PostgreSQL database support" \
@@ -28,7 +29,7 @@ LABEL org.opencontainers.image.authors="Alexey Pustovalov <alexey.pustovalov@zab
 
 STOPSIGNAL SIGTERM
 
-COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}/ui", "/usr/share/zabbix"]
+COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}/ui", "${ZABBIX_WWW_ROOT}"]
 COPY ["conf/etc/", "/etc/"]
 COPY ["conf/etc/yum.repos.d/oracle-epel-ol9.repo", "/etc/yum.repos.d/oracle-epel-ol9.repo"]
 
@@ -89,20 +90,20 @@ RUN --mount=type=tmpfs,target=/var/lib/dnf/ \
     rm -f /etc/php-fpm.d/www.conf && \
     ln -sf /dev/stdout /var/log/nginx/access.log && \
     ln -sf /dev/stderr /var/log/nginx/error.log && \
-    cd /usr/share/zabbix/ && \
+    cd ${ZABBIX_WWW_ROOT}/ && \
     rm -f conf/zabbix.conf.php conf/maintenance.inc.php conf/zabbix.conf.php.example && \
     rm -rf tests && \
     rm -f locale/add_new_language.sh locale/update_po.sh locale/make_mo.sh && \
-    find /usr/share/zabbix/locale -name '*.po' | xargs rm -f && \
-    find /usr/share/zabbix/locale -name '*.sh' | xargs rm -f && \
-    ln -s "${ZABBIX_CONF_DIR}/web/zabbix.conf.php" "/usr/share/zabbix/conf/zabbix.conf.php" && \
-    ln -s "${ZABBIX_CONF_DIR}/web/maintenance.inc.php" "/usr/share/zabbix/conf/maintenance.inc.php" && \
-    cat /usr/share/zabbix/include/locales.inc.php | grep display | grep true | awk '{$1=$1};1' | \
+    find ${ZABBIX_WWW_ROOT}/locale -name '*.po' | xargs rm -f && \
+    find ${ZABBIX_WWW_ROOT}/locale -name '*.sh' | xargs rm -f && \
+    ln -s "${ZABBIX_CONF_DIR}/web/zabbix.conf.php" "${ZABBIX_WWW_ROOT}/conf/zabbix.conf.php" && \
+    ln -s "${ZABBIX_CONF_DIR}/web/maintenance.inc.php" "${ZABBIX_WWW_ROOT}/conf/maintenance.inc.php" && \
+    cat ${ZABBIX_WWW_ROOT}/include/locales.inc.php | grep display | grep true | awk '{$1=$1};1' | \
         cut -d"'" -f 2 | sort | \
         xargs -I '{}' bash -c 'echo "{}" && localedef -c -i {} -f UTF-8 {}.UTF-8 2>/dev/null' && \
-    chown --quiet -R zabbix:root ${ZABBIX_CONF_DIR}/ /usr/share/zabbix/include/defines.inc.php /usr/share/zabbix/modules/ && \
-    chgrp -R 0 ${ZABBIX_CONF_DIR}/ /usr/share/zabbix/include/defines.inc.php /usr/share/zabbix/modules/ && \
-    chmod -R g=u ${ZABBIX_CONF_DIR}/ /usr/share/zabbix/include/defines.inc.php /usr/share/zabbix/modules/ && \
+    chown --quiet -R zabbix:root ${ZABBIX_CONF_DIR}/ ${ZABBIX_WWW_ROOT}/include/defines.inc.php ${ZABBIX_WWW_ROOT}/modules/ && \
+    chgrp -R 0 ${ZABBIX_CONF_DIR}/ ${ZABBIX_WWW_ROOT}/include/defines.inc.php ${ZABBIX_WWW_ROOT}/modules/ && \
+    chmod -R g=u ${ZABBIX_CONF_DIR}/ ${ZABBIX_WWW_ROOT}/include/defines.inc.php ${ZABBIX_WWW_ROOT}/modules/ && \
     chown --quiet -R zabbix:root /etc/nginx/ /etc/php-fpm.d/ /etc/php-fpm.conf /var/log/nginx/ && \
     chgrp -R 0 /etc/nginx/ /etc/php-fpm.d/ /etc/php-fpm.conf /var/log/nginx/ && \
     chmod -R g=u /etc/nginx/ /etc/php-fpm.d/ /etc/php-fpm.conf /var/log/nginx/ && \
@@ -113,9 +114,12 @@ RUN --mount=type=tmpfs,target=/var/lib/dnf/ \
             findutils \
             glibc-locale-source
 
+HEALTHCHECK --interval=1m30s --timeout=3s --retries=3 --start-period=40s --start-interval=5s \
+    CMD curl -f http://localhost:8080/ping || exit 1
+
 EXPOSE 8080/TCP 8443/TCP
 
-WORKDIR /usr/share/zabbix
+WORKDIR ${ZABBIX_WWW_ROOT}
 
 COPY ["docker-entrypoint.sh", "/usr/bin/"]
 
diff --git a/Dockerfiles/web-nginx-pgsql/ol/conf/etc/php-fpm.conf b/Dockerfiles/web-nginx-pgsql/ol/conf/etc/php-fpm.conf
index ce0225346c..c3accf48d8 100644
--- a/Dockerfiles/web-nginx-pgsql/ol/conf/etc/php-fpm.conf
+++ b/Dockerfiles/web-nginx-pgsql/ol/conf/etc/php-fpm.conf
@@ -5,5 +5,6 @@ include=/etc/php-fpm.d/*.conf
 pid = /tmp/php-fpm.pid
 
 error_log = /dev/fd/2
+log_level = notice
 
 daemonize = no
diff --git a/Dockerfiles/web-nginx-pgsql/ol/conf/etc/zabbix/nginx.conf b/Dockerfiles/web-nginx-pgsql/ol/conf/etc/zabbix/nginx.conf
index f33585b149..eb9cd6c645 100644
--- a/Dockerfiles/web-nginx-pgsql/ol/conf/etc/zabbix/nginx.conf
+++ b/Dockerfiles/web-nginx-pgsql/ol/conf/etc/zabbix/nginx.conf
@@ -46,8 +46,17 @@ server {
         return 404;
     }
 
+    location = /nginx-status {
+        access_log off;
+        allow 127.0.0.1;
+        allow ::1;
+        deny all;
+        stub_status;
+    }
+
     location ~ ^/(status|ping)$ {
         access_log off;
+
         fastcgi_pass   unix:/tmp/php-fpm.sock;
 
         fastcgi_param  SCRIPT_FILENAME  $webroot$fastcgi_script_name;
diff --git a/Dockerfiles/web-nginx-pgsql/ol/docker-entrypoint.sh b/Dockerfiles/web-nginx-pgsql/ol/docker-entrypoint.sh
index 4c54ff0161..77591e6f9a 100755
--- a/Dockerfiles/web-nginx-pgsql/ol/docker-entrypoint.sh
+++ b/Dockerfiles/web-nginx-pgsql/ol/docker-entrypoint.sh
@@ -18,14 +18,19 @@ fi
 # Default timezone for web interface
 : ${PHP_TZ:="Europe/Riga"}
 
-# Default user
+# Default user settings
 : ${DAEMON_USER:="nginx"}
+: ${DAEMON_GROUP:="nginx"}
 
 # Default directories
-# Web interface www-root directory
-ZABBIX_WWW_ROOT="/usr/share/zabbix"
 # Nginx main configuration file
 NGINX_CONF_FILE="/etc/nginx/nginx.conf"
+# Nginx virtual hosts configuration directory
+NGINX_CONFD_DIR="/etc/nginx/conf.d"
+# Directory with SSL certificate files for Nginx
+NGINX_SSL_CONFIG_DIR="/etc/ssl/nginx"
+# PHP-FPM configuration file
+PHP_CONFIG_FILE="/etc/php-fpm.d/zabbix.conf"
 
 # usage: file_env VAR [DEFAULT]
 # as example: file_env 'MYSQL_PASSWORD' 'zabbix'
@@ -133,12 +138,15 @@ check_db_connect() {
 }
 
 prepare_web_server() {
-    NGINX_CONFD_DIR="/etc/nginx/conf.d"
-    NGINX_SSL_CONFIG="/etc/ssl/nginx"
+    if [ "$(id -u)" == '0' ]; then
+        sed -i -e "/^[#;] user/s/.*/user ${DAEMON_USER};/" "$NGINX_CONF_FILE"
+    fi
 
     if [ ! -f "/proc/net/if_inet6" ]; then
         sed -i '/listen \[::\]/d' "$ZABBIX_CONF_DIR/nginx.conf"
+        sed -i '/allow ::1/d' "$ZABBIX_CONF_DIR/nginx.conf"
         sed -i '/listen \[::\]/d' "$ZABBIX_CONF_DIR/nginx_ssl.conf"
+        sed -i '/allow ::1/d' "$ZABBIX_CONF_DIR/nginx_ssl.conf"
     fi
 
     echo "** Adding Zabbix virtual host (HTTP)"
@@ -148,7 +156,7 @@ prepare_web_server() {
         echo "**** Impossible to enable HTTP virtual host"
     fi
 
-    if [ -f "$NGINX_SSL_CONFIG/ssl.crt" ] && [ -f "$NGINX_SSL_CONFIG/ssl.key" ] && [ -f "$NGINX_SSL_CONFIG/dhparam.pem" ]; then
+    if [ -f "$NGINX_SSL_CONFIG_DIR/ssl.crt" ] && [ -f "$NGINX_SSL_CONFIG_DIR/ssl.key" ] && [ -f "$NGINX_SSL_CONFIG_DIR/dhparam.pem" ]; then
         echo "** Enable SSL support for Nginx"
         if [ -f "$ZABBIX_CONF_DIR/nginx_ssl.conf" ]; then
             ln -sfT "$ZABBIX_CONF_DIR/nginx_ssl.conf" "$NGINX_CONFD_DIR/nginx_ssl.conf"
@@ -158,12 +166,53 @@ prepare_web_server() {
     else
         echo "**** Impossible to enable SSL support for Nginx. Certificates are missed."
     fi
-}
 
-prepare_zbx_web_config() {
-    echo "** Preparing Zabbix frontend configuration file"
+    FCGI_READ_TIMEOUT=$(expr ${ZBX_MAXEXECUTIONTIME} + 1)
+    sed -i \
+        -e "s/{FCGI_READ_TIMEOUT}/${FCGI_READ_TIMEOUT}/g" \
+    "$ZABBIX_CONF_DIR/nginx.conf"
+
+    : ${HTTP_INDEX_FILE:="index.php"}
+    sed -i \
+        -e "s/{HTTP_INDEX_FILE}/${HTTP_INDEX_FILE}/g" \
+    "$ZABBIX_CONF_DIR/nginx.conf"
+
+    if [ -f "$ZABBIX_CONF_DIR/nginx_ssl.conf" ]; then
+        sed -i \
+            -e "s/{FCGI_READ_TIMEOUT}/${FCGI_READ_TIMEOUT}/g" \
+        "$ZABBIX_CONF_DIR/nginx_ssl.conf"
+
+        sed -i \
+            -e "s/{HTTP_INDEX_FILE}/${HTTP_INDEX_FILE}/g" \
+        "$ZABBIX_CONF_DIR/nginx_ssl.conf"
+    fi
+
+    : ${ENABLE_WEB_ACCESS_LOG:="true"}
+
+    if [ "${ENABLE_WEB_ACCESS_LOG,,}" == "false" ]; then
+        sed -ri \
+            -e 's!^(\s*access_log).+\;!\1 off\;!g' \
+            "$NGINX_CONF_FILE"
+        sed -ri \
+            -e 's!^(\s*access_log).+\;!\1 off\;!g' \
+            "$ZABBIX_CONF_DIR/nginx.conf"
+        sed -ri \
+            -e 's!^(\s*access_log).+\;!\1 off\;!g' \
+            "$ZABBIX_CONF_DIR/nginx_ssl.conf"
+    fi
 
-    PHP_CONFIG_FILE="/etc/php-fpm.d/zabbix.conf"
+    : ${EXPOSE_WEB_SERVER_INFO:="on"}
+
+    [[ "${EXPOSE_WEB_SERVER_INFO}" != "off" ]] && EXPOSE_WEB_SERVER_INFO="on"
+
+    export EXPOSE_WEB_SERVER_INFO=${EXPOSE_WEB_SERVER_INFO}
+    sed -i \
+        -e "s/{EXPOSE_WEB_SERVER_INFO}/${EXPOSE_WEB_SERVER_INFO}/g" \
+    "$NGINX_CONF_FILE"
+}
+
+prepare_zbx_php_config() {
+    echo "** Preparing PHP configuration"
 
     export PHP_FPM_PM=${PHP_FPM_PM:-"dynamic"}
     export PHP_FPM_PM_MAX_CHILDREN=${PHP_FPM_PM_MAX_CHILDREN:-"50"}
@@ -173,12 +222,10 @@ prepare_zbx_web_config() {
     export PHP_FPM_PM_MAX_REQUESTS=${PHP_FPM_PM_MAX_REQUESTS:-"0"}
 
     if [ "$(id -u)" == '0' ]; then
-        sed -i -e "/^[#;] user/s/.*/user ${DAEMON_USER};/" "$NGINX_CONF_FILE"
-
         echo "user = ${DAEMON_USER}" >> "$PHP_CONFIG_FILE"
-        echo "group = ${DAEMON_USER}" >> "$PHP_CONFIG_FILE"
+        echo "group = ${DAEMON_GROUP}" >> "$PHP_CONFIG_FILE"
         echo "listen.owner = ${DAEMON_USER}" >> "$PHP_CONFIG_FILE"
-        echo "listen.group = ${DAEMON_USER}" >> "$PHP_CONFIG_FILE"
+        echo "listen.group = ${DAEMON_GROUP}" >> "$PHP_CONFIG_FILE"
     fi
 
     : ${ZBX_DENY_GUI_ACCESS:="false"}
@@ -289,8 +336,9 @@ echo "** Deploying Zabbix web-interface (Nginx) with PostgreSQL database"
 
 check_variables
 check_db_connect
+prepare_zbx_php_config
 prepare_web_server
-prepare_zbx_web_config
+prepare_zbx_config
 
 echo "########################################################"
 
diff --git a/Dockerfiles/web-nginx-pgsql/rhel/Dockerfile b/Dockerfiles/web-nginx-pgsql/rhel/Dockerfile
index cd1fab47dd..0e1810b437 100644
--- a/Dockerfiles/web-nginx-pgsql/rhel/Dockerfile
+++ b/Dockerfiles/web-nginx-pgsql/rhel/Dockerfile
@@ -17,7 +17,8 @@ ARG ZBX_SOURCES=https://git.zabbix.com/scm/zbx/zabbix.git
 
 ENV TERM=xterm \
     ZBX_VERSION=${ZBX_VERSION} ZBX_SOURCES=${ZBX_SOURCES} \
-    ZABBIX_CONF_DIR="/etc/zabbix"
+    ZABBIX_CONF_DIR="/etc/zabbix" \
+    ZABBIX_WWW_ROOT="/usr/share/zabbix"
 
 LABEL description="Zabbix web-interface based on Nginx web server with PostgreSQL database support" \
       maintainer="alexey.pustovalov@zabbix.com" \
@@ -49,7 +50,7 @@ STOPSIGNAL SIGTERM
 
 COPY ["licenses", "/licenses"]
 COPY ["conf/etc/", "/etc/"]
-COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}/ui", "/usr/share/zabbix"]
+COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}/ui", "${ZABBIX_WWW_ROOT}"]
 
 RUN --mount=type=tmpfs,target=/var/lib/dnf/ \
     --mount=type=tmpfs,target=/var/cache/yum/ \
@@ -134,20 +135,20 @@ RUN --mount=type=tmpfs,target=/var/lib/dnf/ \
     rm -f /etc/php-fpm.d/www.conf && \
     ln -sf /dev/stdout /var/log/nginx/access.log && \
     ln -sf /dev/stderr /var/log/nginx/error.log && \
-    cd /usr/share/zabbix/ && \
+    cd ${ZABBIX_WWW_ROOT}/ && \
     rm -f conf/zabbix.conf.php conf/maintenance.inc.php conf/zabbix.conf.php.example && \
     rm -rf tests && \
     rm -f locale/add_new_language.sh locale/update_po.sh locale/make_mo.sh && \
-    find /usr/share/zabbix/locale -name '*.po' | xargs rm -f && \
-    find /usr/share/zabbix/locale -name '*.sh' | xargs rm -f && \
-    ln -s "${ZABBIX_CONF_DIR}/web/zabbix.conf.php" "/usr/share/zabbix/conf/zabbix.conf.php" && \
-    ln -s "${ZABBIX_CONF_DIR}/web/maintenance.inc.php" "/usr/share/zabbix/conf/maintenance.inc.php" && \
-    cat /usr/share/zabbix/include/locales.inc.php | grep display | grep true | awk '{$1=$1};1' | \
+    find ${ZABBIX_WWW_ROOT}/locale -name '*.po' | xargs rm -f && \
+    find ${ZABBIX_WWW_ROOT}/locale -name '*.sh' | xargs rm -f && \
+    ln -s "${ZABBIX_CONF_DIR}/web/zabbix.conf.php" "${ZABBIX_WWW_ROOT}/conf/zabbix.conf.php" && \
+    ln -s "${ZABBIX_CONF_DIR}/web/maintenance.inc.php" "${ZABBIX_WWW_ROOT}/conf/maintenance.inc.php" && \
+    cat ${ZABBIX_WWW_ROOT}/include/locales.inc.php | grep display | grep true | awk '{$1=$1};1' | \
         cut -d"'" -f 2 | sort | \
         xargs -I '{}' bash -c 'echo "{}" && localedef -c -i {} -f UTF-8 {}.UTF-8 2>/dev/null' && \
-    chown --quiet -R zabbix:root ${ZABBIX_CONF_DIR}/ /usr/share/zabbix/include/defines.inc.php /usr/share/zabbix/modules/ && \
-    chgrp -R 0 ${ZABBIX_CONF_DIR}/ /usr/share/zabbix/include/defines.inc.php /usr/share/zabbix/modules/ && \
-    chmod -R g=u ${ZABBIX_CONF_DIR}/ /usr/share/zabbix/include/defines.inc.php /usr/share/zabbix/modules/ && \
+    chown --quiet -R zabbix:root ${ZABBIX_CONF_DIR}/ ${ZABBIX_WWW_ROOT}/include/defines.inc.php ${ZABBIX_WWW_ROOT}/modules/ && \
+    chgrp -R 0 ${ZABBIX_CONF_DIR}/ ${ZABBIX_WWW_ROOT}/include/defines.inc.php ${ZABBIX_WWW_ROOT}/modules/ && \
+    chmod -R g=u ${ZABBIX_CONF_DIR}/ ${ZABBIX_WWW_ROOT}/include/defines.inc.php ${ZABBIX_WWW_ROOT}/modules/ && \
     chown --quiet -R zabbix:root /etc/nginx/ /etc/php-fpm.d/ /etc/php-fpm.conf /var/log/nginx/ && \
     chgrp -R 0 /etc/nginx/ /etc/php-fpm.d/ /etc/php-fpm.conf /var/log/nginx/ && \
     chmod -R g=u /etc/nginx/ /etc/php-fpm.d/ /etc/php-fpm.conf /var/log/nginx/ && \
@@ -158,9 +159,12 @@ RUN --mount=type=tmpfs,target=/var/lib/dnf/ \
             findutils \
             glibc-locale-source
 
+HEALTHCHECK --interval=1m30s --timeout=3s --retries=3 --start-period=40s --start-interval=5s \
+    CMD curl -f http://localhost:8080/ping || exit 1
+
 EXPOSE 8080/TCP 8443/TCP
 
-WORKDIR /usr/share/zabbix
+WORKDIR ${ZABBIX_WWW_ROOT}
 
 COPY ["docker-entrypoint.sh", "/usr/bin/"]
 
diff --git a/Dockerfiles/web-nginx-pgsql/rhel/conf/etc/php-fpm.conf b/Dockerfiles/web-nginx-pgsql/rhel/conf/etc/php-fpm.conf
index ce0225346c..c3accf48d8 100644
--- a/Dockerfiles/web-nginx-pgsql/rhel/conf/etc/php-fpm.conf
+++ b/Dockerfiles/web-nginx-pgsql/rhel/conf/etc/php-fpm.conf
@@ -5,5 +5,6 @@ include=/etc/php-fpm.d/*.conf
 pid = /tmp/php-fpm.pid
 
 error_log = /dev/fd/2
+log_level = notice
 
 daemonize = no
diff --git a/Dockerfiles/web-nginx-pgsql/rhel/conf/etc/zabbix/nginx.conf b/Dockerfiles/web-nginx-pgsql/rhel/conf/etc/zabbix/nginx.conf
index f33585b149..eb9cd6c645 100644
--- a/Dockerfiles/web-nginx-pgsql/rhel/conf/etc/zabbix/nginx.conf
+++ b/Dockerfiles/web-nginx-pgsql/rhel/conf/etc/zabbix/nginx.conf
@@ -46,8 +46,17 @@ server {
         return 404;
     }
 
+    location = /nginx-status {
+        access_log off;
+        allow 127.0.0.1;
+        allow ::1;
+        deny all;
+        stub_status;
+    }
+
     location ~ ^/(status|ping)$ {
         access_log off;
+
         fastcgi_pass   unix:/tmp/php-fpm.sock;
 
         fastcgi_param  SCRIPT_FILENAME  $webroot$fastcgi_script_name;
diff --git a/Dockerfiles/web-nginx-pgsql/rhel/docker-entrypoint.sh b/Dockerfiles/web-nginx-pgsql/rhel/docker-entrypoint.sh
index 4c54ff0161..94c5b5186c 100755
--- a/Dockerfiles/web-nginx-pgsql/rhel/docker-entrypoint.sh
+++ b/Dockerfiles/web-nginx-pgsql/rhel/docker-entrypoint.sh
@@ -18,14 +18,19 @@ fi
 # Default timezone for web interface
 : ${PHP_TZ:="Europe/Riga"}
 
-# Default user
+# Default user settings
 : ${DAEMON_USER:="nginx"}
+: ${DAEMON_GROUP:="nginx"}
 
 # Default directories
-# Web interface www-root directory
-ZABBIX_WWW_ROOT="/usr/share/zabbix"
 # Nginx main configuration file
 NGINX_CONF_FILE="/etc/nginx/nginx.conf"
+# Nginx virtual hosts configuration directory
+NGINX_CONFD_DIR="/etc/nginx/conf.d"
+# Directory with SSL certificate files for Nginx
+NGINX_SSL_CONFIG_DIR="/etc/ssl/nginx"
+# PHP-FPM configuration file
+PHP_CONFIG_FILE="/etc/php-fpm.d/zabbix.conf"
 
 # usage: file_env VAR [DEFAULT]
 # as example: file_env 'MYSQL_PASSWORD' 'zabbix'
@@ -133,12 +138,15 @@ check_db_connect() {
 }
 
 prepare_web_server() {
-    NGINX_CONFD_DIR="/etc/nginx/conf.d"
-    NGINX_SSL_CONFIG="/etc/ssl/nginx"
+    if [ "$(id -u)" == '0' ]; then
+        sed -i -e "/^[#;] user/s/.*/user ${DAEMON_USER};/" "$NGINX_CONF_FILE"
+    fi
 
     if [ ! -f "/proc/net/if_inet6" ]; then
         sed -i '/listen \[::\]/d' "$ZABBIX_CONF_DIR/nginx.conf"
+        sed -i '/allow ::1/d' "$ZABBIX_CONF_DIR/nginx.conf"
         sed -i '/listen \[::\]/d' "$ZABBIX_CONF_DIR/nginx_ssl.conf"
+        sed -i '/allow ::1/d' "$ZABBIX_CONF_DIR/nginx_ssl.conf"
     fi
 
     echo "** Adding Zabbix virtual host (HTTP)"
@@ -148,7 +156,7 @@ prepare_web_server() {
         echo "**** Impossible to enable HTTP virtual host"
     fi
 
-    if [ -f "$NGINX_SSL_CONFIG/ssl.crt" ] && [ -f "$NGINX_SSL_CONFIG/ssl.key" ] && [ -f "$NGINX_SSL_CONFIG/dhparam.pem" ]; then
+    if [ -f "$NGINX_SSL_CONFIG_DIR/ssl.crt" ] && [ -f "$NGINX_SSL_CONFIG_DIR/ssl.key" ] && [ -f "$NGINX_SSL_CONFIG_DIR/dhparam.pem" ]; then
         echo "** Enable SSL support for Nginx"
         if [ -f "$ZABBIX_CONF_DIR/nginx_ssl.conf" ]; then
             ln -sfT "$ZABBIX_CONF_DIR/nginx_ssl.conf" "$NGINX_CONFD_DIR/nginx_ssl.conf"
@@ -158,12 +166,53 @@ prepare_web_server() {
     else
         echo "**** Impossible to enable SSL support for Nginx. Certificates are missed."
     fi
-}
 
-prepare_zbx_web_config() {
-    echo "** Preparing Zabbix frontend configuration file"
+    FCGI_READ_TIMEOUT=$(expr ${ZBX_MAXEXECUTIONTIME} + 1)
+    sed -i \
+        -e "s/{FCGI_READ_TIMEOUT}/${FCGI_READ_TIMEOUT}/g" \
+    "$ZABBIX_CONF_DIR/nginx.conf"
+
+    : ${HTTP_INDEX_FILE:="index.php"}
+    sed -i \
+        -e "s/{HTTP_INDEX_FILE}/${HTTP_INDEX_FILE}/g" \
+    "$ZABBIX_CONF_DIR/nginx.conf"
+
+    if [ -f "$ZABBIX_CONF_DIR/nginx_ssl.conf" ]; then
+        sed -i \
+            -e "s/{FCGI_READ_TIMEOUT}/${FCGI_READ_TIMEOUT}/g" \
+        "$ZABBIX_CONF_DIR/nginx_ssl.conf"
+
+        sed -i \
+            -e "s/{HTTP_INDEX_FILE}/${HTTP_INDEX_FILE}/g" \
+        "$ZABBIX_CONF_DIR/nginx_ssl.conf"
+    fi
+
+    : ${ENABLE_WEB_ACCESS_LOG:="true"}
+
+    if [ "${ENABLE_WEB_ACCESS_LOG,,}" == "false" ]; then
+        sed -ri \
+            -e 's!^(\s*access_log).+\;!\1 off\;!g' \
+            "$NGINX_CONF_FILE"
+        sed -ri \
+            -e 's!^(\s*access_log).+\;!\1 off\;!g' \
+            "$ZABBIX_CONF_DIR/nginx.conf"
+        sed -ri \
+            -e 's!^(\s*access_log).+\;!\1 off\;!g' \
+            "$ZABBIX_CONF_DIR/nginx_ssl.conf"
+    fi
+
+    : ${EXPOSE_WEB_SERVER_INFO:="on"}
+
+    [[ "${EXPOSE_WEB_SERVER_INFO}" != "off" ]] && EXPOSE_WEB_SERVER_INFO="on"
+
+    export EXPOSE_WEB_SERVER_INFO=${EXPOSE_WEB_SERVER_INFO}
+    sed -i \
+        -e "s/{EXPOSE_WEB_SERVER_INFO}/${EXPOSE_WEB_SERVER_INFO}/g" \
+    "$NGINX_CONF_FILE"
+}
 
-    PHP_CONFIG_FILE="/etc/php-fpm.d/zabbix.conf"
+prepare_zbx_php_config() {
+    echo "** Preparing PHP configuration"
 
     export PHP_FPM_PM=${PHP_FPM_PM:-"dynamic"}
     export PHP_FPM_PM_MAX_CHILDREN=${PHP_FPM_PM_MAX_CHILDREN:-"50"}
@@ -173,12 +222,10 @@ prepare_zbx_web_config() {
     export PHP_FPM_PM_MAX_REQUESTS=${PHP_FPM_PM_MAX_REQUESTS:-"0"}
 
     if [ "$(id -u)" == '0' ]; then
-        sed -i -e "/^[#;] user/s/.*/user ${DAEMON_USER};/" "$NGINX_CONF_FILE"
-
         echo "user = ${DAEMON_USER}" >> "$PHP_CONFIG_FILE"
-        echo "group = ${DAEMON_USER}" >> "$PHP_CONFIG_FILE"
+        echo "group = ${DAEMON_GROUP}" >> "$PHP_CONFIG_FILE"
         echo "listen.owner = ${DAEMON_USER}" >> "$PHP_CONFIG_FILE"
-        echo "listen.group = ${DAEMON_USER}" >> "$PHP_CONFIG_FILE"
+        echo "listen.group = ${DAEMON_GROUP}" >> "$PHP_CONFIG_FILE"
     fi
 
     : ${ZBX_DENY_GUI_ACCESS:="false"}
@@ -232,55 +279,14 @@ prepare_zbx_web_config() {
 
     : ${ZBX_ALLOW_HTTP_AUTH:="true"}
     export ZBX_ALLOW_HTTP_AUTH=${ZBX_ALLOW_HTTP_AUTH}
+}
 
+prepare_zbx_config() {
     if [ -n "${ZBX_SESSION_NAME}" ]; then
         cp "$ZABBIX_WWW_ROOT/include/defines.inc.php" "/tmp/defines.inc.php_tmp"
         sed "/ZBX_SESSION_NAME/s/'[^']*'/'${ZBX_SESSION_NAME}'/2" "/tmp/defines.inc.php_tmp" > "$ZABBIX_WWW_ROOT/include/defines.inc.php"
         rm -f "/tmp/defines.inc.php_tmp"
     fi
-
-    FCGI_READ_TIMEOUT=$(expr ${ZBX_MAXEXECUTIONTIME} + 1)
-    sed -i \
-        -e "s/{FCGI_READ_TIMEOUT}/${FCGI_READ_TIMEOUT}/g" \
-    "$ZABBIX_CONF_DIR/nginx.conf"
-
-    : ${HTTP_INDEX_FILE:="index.php"}
-    sed -i \
-        -e "s/{HTTP_INDEX_FILE}/${HTTP_INDEX_FILE}/g" \
-    "$ZABBIX_CONF_DIR/nginx.conf"
-
-    if [ -f "$ZABBIX_CONF_DIR/nginx_ssl.conf" ]; then
-        sed -i \
-            -e "s/{FCGI_READ_TIMEOUT}/${FCGI_READ_TIMEOUT}/g" \
-        "$ZABBIX_CONF_DIR/nginx_ssl.conf"
-
-        sed -i \
-            -e "s/{HTTP_INDEX_FILE}/${HTTP_INDEX_FILE}/g" \
-        "$ZABBIX_CONF_DIR/nginx_ssl.conf"
-    fi
-
-    : ${ENABLE_WEB_ACCESS_LOG:="true"}
-
-    if [ "${ENABLE_WEB_ACCESS_LOG,,}" == "false" ]; then
-        sed -ri \
-            -e 's!^(\s*access_log).+\;!\1 off\;!g' \
-            "$NGINX_CONF_FILE"
-        sed -ri \
-            -e 's!^(\s*access_log).+\;!\1 off\;!g' \
-            "$NGINX_CONF_FILE"
-        sed -ri \
-            -e 's!^(\s*access_log).+\;!\1 off\;!g' \
-            "$ZABBIX_CONF_DIR/nginx_ssl.conf"
-    fi
-
-    : ${EXPOSE_WEB_SERVER_INFO:="on"}
-
-    [[ "${EXPOSE_WEB_SERVER_INFO}" != "off" ]] && EXPOSE_WEB_SERVER_INFO="on"
-
-    export EXPOSE_WEB_SERVER_INFO=${EXPOSE_WEB_SERVER_INFO}
-    sed -i \
-        -e "s/{EXPOSE_WEB_SERVER_INFO}/${EXPOSE_WEB_SERVER_INFO}/g" \
-    "$NGINX_CONF_FILE"
 }
 
 #################################################
@@ -289,8 +295,9 @@ echo "** Deploying Zabbix web-interface (Nginx) with PostgreSQL database"
 
 check_variables
 check_db_connect
+prepare_zbx_php_config
 prepare_web_server
-prepare_zbx_web_config
+prepare_zbx_config
 
 echo "########################################################"
 
diff --git a/Dockerfiles/web-nginx-pgsql/ubuntu/Dockerfile b/Dockerfiles/web-nginx-pgsql/ubuntu/Dockerfile
index 9863859a28..0068c65370 100644
--- a/Dockerfiles/web-nginx-pgsql/ubuntu/Dockerfile
+++ b/Dockerfiles/web-nginx-pgsql/ubuntu/Dockerfile
@@ -14,7 +14,8 @@ ARG ZBX_SOURCES=https://git.zabbix.com/scm/zbx/zabbix.git
 
 ENV TERM=xterm \
     ZBX_VERSION=${ZBX_VERSION} ZBX_SOURCES=${ZBX_SOURCES} \
-    ZABBIX_CONF_DIR="/etc/zabbix"
+    ZABBIX_CONF_DIR="/etc/zabbix" \
+    ZABBIX_WWW_ROOT="/usr/share/zabbix"
 
 LABEL org.opencontainers.image.authors="Alexey Pustovalov <alexey.pustovalov@zabbix.com>" \
       org.opencontainers.image.description="Zabbix web-interface based on Nginx web server with PostgreSQL database support" \
@@ -28,7 +29,7 @@ LABEL org.opencontainers.image.authors="Alexey Pustovalov <alexey.pustovalov@zab
 
 STOPSIGNAL SIGTERM
 
-COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}/ui", "/usr/share/zabbix"]
+COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}/ui", "${ZABBIX_WWW_ROOT}"]
 COPY ["conf/etc/", "/etc/"]
 
 RUN --mount=type=cache,target=/var/cache/apt/,sharing=locked \
@@ -80,23 +81,23 @@ RUN --mount=type=cache,target=/var/cache/apt/,sharing=locked \
     rm -f /etc/php/8.3/fpm/php-fpm.conf.dpkg-dist && \
     ln -sf /dev/stdout /var/log/nginx/access.log && \
     ln -sf /dev/stderr /var/log/nginx/error.log && \
-    cd /usr/share/zabbix/ && \
+    cd ${ZABBIX_WWW_ROOT}/ && \
     rm -f conf/zabbix.conf.php conf/maintenance.inc.php conf/zabbix.conf.php.example && \
     rm -rf tests && \
     rm -f locale/add_new_language.sh locale/update_po.sh locale/make_mo.sh && \
-    find /usr/share/zabbix/locale -name '*.po' | xargs rm -f && \
-    find /usr/share/zabbix/locale -name '*.sh' | xargs rm -f && \
-    ln -s "${ZABBIX_CONF_DIR}/web/zabbix.conf.php" "/usr/share/zabbix/conf/zabbix.conf.php" && \
-    ln -s "${ZABBIX_CONF_DIR}/web/maintenance.inc.php" "/usr/share/zabbix/conf/maintenance.inc.php" && \
+    find ${ZABBIX_WWW_ROOT}/locale -name '*.po' | xargs rm -f && \
+    find ${ZABBIX_WWW_ROOT}/locale -name '*.sh' | xargs rm -f && \
+    ln -s "${ZABBIX_CONF_DIR}/web/zabbix.conf.php" "${ZABBIX_WWW_ROOT}/conf/zabbix.conf.php" && \
+    ln -s "${ZABBIX_CONF_DIR}/web/maintenance.inc.php" "${ZABBIX_WWW_ROOT}/conf/maintenance.inc.php" && \
     mkdir -p /var/lib/locales/supported.d/ && \
     rm -f /var/lib/locales/supported.d/local && \
-    cat /usr/share/zabbix/include/locales.inc.php | grep display | grep true | awk '{$1=$1};1' | \
+    cat ${ZABBIX_WWW_ROOT}/include/locales.inc.php | grep display | grep true | awk '{$1=$1};1' | \
         cut -d"'" -f 2 | sort | \
         xargs -I '{}' bash -c 'echo "{}.UTF-8 UTF-8" >> /var/lib/locales/supported.d/local' && \
     dpkg-reconfigure locales && \
-    chown --quiet -R zabbix:root ${ZABBIX_CONF_DIR}/ /usr/share/zabbix/include/defines.inc.php /usr/share/zabbix/modules/ && \
-    chgrp -R 0 ${ZABBIX_CONF_DIR}/ /usr/share/zabbix/include/defines.inc.php /usr/share/zabbix/modules/ && \
-    chmod -R g=u ${ZABBIX_CONF_DIR}/ /usr/share/zabbix/include/defines.inc.php /usr/share/zabbix/modules/ && \
+    chown --quiet -R zabbix:root ${ZABBIX_CONF_DIR}/ ${ZABBIX_WWW_ROOT}/include/defines.inc.php ${ZABBIX_WWW_ROOT}/modules/ && \
+    chgrp -R 0 ${ZABBIX_CONF_DIR}/ ${ZABBIX_WWW_ROOT}/include/defines.inc.php ${ZABBIX_WWW_ROOT}/modules/ && \
+    chmod -R g=u ${ZABBIX_CONF_DIR}/ ${ZABBIX_WWW_ROOT}/include/defines.inc.php ${ZABBIX_WWW_ROOT}/modules/ && \
     chown --quiet -R zabbix:root /etc/nginx/ /etc/php/8.3/fpm/php-fpm.conf /etc/php/8.3/fpm/pool.d/ && \
     chgrp -R 0 /etc/nginx/ /etc/php/8.3/fpm/php-fpm.conf /etc/php/8.3/fpm/pool.d/ && \
     chmod -R g=u /etc/nginx/ /etc/php/8.3/fpm/php-fpm.conf /etc/php/8.3/fpm/pool.d/ && \
@@ -104,9 +105,12 @@ RUN --mount=type=cache,target=/var/cache/apt/,sharing=locked \
     chgrp -R 0 /var/lib/php/session/ && \
     chmod -R g=u /var/lib/php/session/
 
+HEALTHCHECK --interval=1m30s --timeout=3s --retries=3 --start-period=40s --start-interval=5s \
+    CMD curl -f http://localhost:8080/ping || exit 1
+
 EXPOSE 8080/TCP 8443/TCP
 
-WORKDIR /usr/share/zabbix
+WORKDIR ${ZABBIX_WWW_ROOT}
 
 COPY ["docker-entrypoint.sh", "/usr/bin/"]
 
diff --git a/Dockerfiles/web-nginx-pgsql/ubuntu/conf/etc/php/8.3/fpm/php-fpm.conf b/Dockerfiles/web-nginx-pgsql/ubuntu/conf/etc/php/8.3/fpm/php-fpm.conf
index 14deee27a6..5311405bf4 100644
--- a/Dockerfiles/web-nginx-pgsql/ubuntu/conf/etc/php/8.3/fpm/php-fpm.conf
+++ b/Dockerfiles/web-nginx-pgsql/ubuntu/conf/etc/php/8.3/fpm/php-fpm.conf
@@ -5,5 +5,6 @@ include=/etc/php/8.3/fpm/pool.d/*.conf
 pid = /tmp/php-fpm.pid
 
 error_log = /dev/fd/2
+log_level = notice
 
 daemonize = no
diff --git a/Dockerfiles/web-nginx-pgsql/ubuntu/conf/etc/zabbix/nginx.conf b/Dockerfiles/web-nginx-pgsql/ubuntu/conf/etc/zabbix/nginx.conf
index f33585b149..eb9cd6c645 100644
--- a/Dockerfiles/web-nginx-pgsql/ubuntu/conf/etc/zabbix/nginx.conf
+++ b/Dockerfiles/web-nginx-pgsql/ubuntu/conf/etc/zabbix/nginx.conf
@@ -46,8 +46,17 @@ server {
         return 404;
     }
 
+    location = /nginx-status {
+        access_log off;
+        allow 127.0.0.1;
+        allow ::1;
+        deny all;
+        stub_status;
+    }
+
     location ~ ^/(status|ping)$ {
         access_log off;
+
         fastcgi_pass   unix:/tmp/php-fpm.sock;
 
         fastcgi_param  SCRIPT_FILENAME  $webroot$fastcgi_script_name;
diff --git a/Dockerfiles/web-nginx-pgsql/ubuntu/docker-entrypoint.sh b/Dockerfiles/web-nginx-pgsql/ubuntu/docker-entrypoint.sh
index 8121c5b6e3..b7d9adcdea 100755
--- a/Dockerfiles/web-nginx-pgsql/ubuntu/docker-entrypoint.sh
+++ b/Dockerfiles/web-nginx-pgsql/ubuntu/docker-entrypoint.sh
@@ -18,14 +18,19 @@ fi
 # Default timezone for web interface
 : ${PHP_TZ:="Europe/Riga"}
 
-# Default user
+# Default user settings
 : ${DAEMON_USER:="www-data"}
+: ${DAEMON_GROUP:="www-data"}
 
 # Default directories
-# Web interface www-root directory
-ZABBIX_WWW_ROOT="/usr/share/zabbix"
 # Nginx main configuration file
-NGINX_CONF_FILE="/etc/nginx/nginx.conf"
+NGINX_MAIN_FILE="/etc/nginx/nginx.conf"
+# Nginx virtual hosts configuration directory
+NGINX_CONFD_DIR="/etc/nginx/http.d"
+# Directory with SSL certificate files for Nginx
+NGINX_SSL_CONFIG_DIR="/etc/ssl/nginx"
+# PHP-FPM configuration file
+PHP_CONFIG_FILE="/etc/php/8.3/fpm/pool.d/zabbix.conf"
 
 # usage: file_env VAR [DEFAULT]
 # as example: file_env 'MYSQL_PASSWORD' 'zabbix'
@@ -133,12 +138,15 @@ check_db_connect() {
 }
 
 prepare_web_server() {
-    NGINX_CONFD_DIR="/etc/nginx/conf.d"
-    NGINX_SSL_CONFIG="/etc/ssl/nginx"
+    if [ "$(id -u)" == '0' ]; then
+        sed -i -e "/^[#;] user/s/.*/user ${DAEMON_USER};/" "$NGINX_CONF_FILE"
+    fi
 
     if [ ! -f "/proc/net/if_inet6" ]; then
         sed -i '/listen \[::\]/d' "$ZABBIX_CONF_DIR/nginx.conf"
+        sed -i '/allow ::1/d' "$ZABBIX_CONF_DIR/nginx.conf"
         sed -i '/listen \[::\]/d' "$ZABBIX_CONF_DIR/nginx_ssl.conf"
+        sed -i '/allow ::1/d' "$ZABBIX_CONF_DIR/nginx_ssl.conf"
     fi
 
     echo "** Adding Zabbix virtual host (HTTP)"
@@ -148,7 +156,7 @@ prepare_web_server() {
         echo "**** Impossible to enable HTTP virtual host"
     fi
 
-    if [ -f "$NGINX_SSL_CONFIG/ssl.crt" ] && [ -f "$NGINX_SSL_CONFIG/ssl.key" ] && [ -f "$NGINX_SSL_CONFIG/dhparam.pem" ]; then
+    if [ -f "$NGINX_SSL_CONFIG_DIR/ssl.crt" ] && [ -f "$NGINX_SSL_CONFIG_DIR/ssl.key" ] && [ -f "$NGINX_SSL_CONFIG_DIR/dhparam.pem" ]; then
         echo "** Enable SSL support for Nginx"
         if [ -f "$ZABBIX_CONF_DIR/nginx_ssl.conf" ]; then
             ln -sfT "$ZABBIX_CONF_DIR/nginx_ssl.conf" "$NGINX_CONFD_DIR/nginx_ssl.conf"
@@ -158,12 +166,53 @@ prepare_web_server() {
     else
         echo "**** Impossible to enable SSL support for Nginx. Certificates are missed."
     fi
-}
 
-prepare_zbx_web_config() {
-    echo "** Preparing Zabbix frontend configuration file"
+    FCGI_READ_TIMEOUT=$(expr ${ZBX_MAXEXECUTIONTIME} + 1)
+    sed -i \
+        -e "s/{FCGI_READ_TIMEOUT}/${FCGI_READ_TIMEOUT}/g" \
+    "$ZABBIX_CONF_DIR/nginx.conf"
+
+    : ${HTTP_INDEX_FILE:="index.php"}
+    sed -i \
+        -e "s/{HTTP_INDEX_FILE}/${HTTP_INDEX_FILE}/g" \
+    "$ZABBIX_CONF_DIR/nginx.conf"
+
+    if [ -f "$ZABBIX_CONF_DIR/nginx_ssl.conf" ]; then
+        sed -i \
+            -e "s/{FCGI_READ_TIMEOUT}/${FCGI_READ_TIMEOUT}/g" \
+        "$ZABBIX_CONF_DIR/nginx_ssl.conf"
+
+        sed -i \
+            -e "s/{HTTP_INDEX_FILE}/${HTTP_INDEX_FILE}/g" \
+        "$ZABBIX_CONF_DIR/nginx_ssl.conf"
+    fi
+
+    : ${ENABLE_WEB_ACCESS_LOG:="true"}
+
+    if [ "${ENABLE_WEB_ACCESS_LOG,,}" == "false" ]; then
+        sed -ri \
+            -e 's!^(\s*access_log).+\;!\1 off\;!g' \
+            "$NGINX_CONF_FILE"
+        sed -ri \
+            -e 's!^(\s*access_log).+\;!\1 off\;!g' \
+            "$ZABBIX_CONF_DIR/nginx.conf"
+        sed -ri \
+            -e 's!^(\s*access_log).+\;!\1 off\;!g' \
+            "$ZABBIX_CONF_DIR/nginx_ssl.conf"
+    fi
 
-    PHP_CONFIG_FILE="/etc/php/8.3/fpm/pool.d/zabbix.conf"
+    : ${EXPOSE_WEB_SERVER_INFO:="on"}
+
+    [[ "${EXPOSE_WEB_SERVER_INFO}" != "off" ]] && EXPOSE_WEB_SERVER_INFO="on"
+
+    export EXPOSE_WEB_SERVER_INFO=${EXPOSE_WEB_SERVER_INFO}
+    sed -i \
+        -e "s/{EXPOSE_WEB_SERVER_INFO}/${EXPOSE_WEB_SERVER_INFO}/g" \
+    "$NGINX_CONF_FILE"
+}
+
+prepare_zbx_php_config() {
+    echo "** Preparing PHP configuration"
 
     export PHP_FPM_PM=${PHP_FPM_PM:-"dynamic"}
     export PHP_FPM_PM_MAX_CHILDREN=${PHP_FPM_PM_MAX_CHILDREN:-"50"}
@@ -173,12 +222,10 @@ prepare_zbx_web_config() {
     export PHP_FPM_PM_MAX_REQUESTS=${PHP_FPM_PM_MAX_REQUESTS:-"0"}
 
     if [ "$(id -u)" == '0' ]; then
-        sed -i -e "/^[#;] user/s/.*/user ${DAEMON_USER};/" "$NGINX_CONF_FILE"
-
         echo "user = ${DAEMON_USER}" >> "$PHP_CONFIG_FILE"
-        echo "group = ${DAEMON_USER}" >> "$PHP_CONFIG_FILE"
+        echo "group = ${DAEMON_GROUP}" >> "$PHP_CONFIG_FILE"
         echo "listen.owner = ${DAEMON_USER}" >> "$PHP_CONFIG_FILE"
-        echo "listen.group = ${DAEMON_USER}" >> "$PHP_CONFIG_FILE"
+        echo "listen.group = ${DAEMON_GROUP}" >> "$PHP_CONFIG_FILE"
     fi
 
     : ${ZBX_DENY_GUI_ACCESS:="false"}
@@ -289,8 +336,9 @@ echo "** Deploying Zabbix web-interface (Nginx) with PostgreSQL database"
 
 check_variables
 check_db_connect
+prepare_zbx_php_config
 prepare_web_server
-prepare_zbx_web_config
+prepare_zbx_config
 
 echo "########################################################"
 
diff --git a/compose_databases.yaml b/compose_databases.yaml
index 8e392bb6b5..29ce78b5f8 100644
--- a/compose_databases.yaml
+++ b/compose_databases.yaml
@@ -20,7 +20,8 @@ services:
    - ${ENV_VARS_DIRECTORY}/mysql_init/init_proxy_db.sql:/docker-entrypoint-initdb.d/mysql_init_proxy.sql:ro
 #   - mysql_socket:/var/run/mysqld/
   env_file:
-   - ${ENV_VARS_DIRECTORY}/.env_db_mysql
+   - path: ${ENV_VARS_DIRECTORY}/.env_db_mysql
+     required: true
    - path: ${ENV_VARS_DIRECTORY}/.env_db_mysql_override
      required: false
   environment:
@@ -50,7 +51,8 @@ services:
    - ${ENV_VARS_DIRECTORY}/.ZBX_DB_KEY_FILE:/run/secrets/server-key.pem:ro
 #   - pgsql_socket:/var/run/postgresql/
   env_file:
-   - ${ENV_VARS_DIRECTORY}/.env_db_pgsql
+   - path: ${ENV_VARS_DIRECTORY}/.env_db_pgsql
+     required: true
    - path: ${ENV_VARS_DIRECTORY}/.env_db_pgsql_override
      required: false
   secrets:
diff --git a/compose_zabbix_components.yaml b/compose_zabbix_components.yaml
index 2a7889f633..cee962a670 100644
--- a/compose_zabbix_components.yaml
+++ b/compose_zabbix_components.yaml
@@ -34,7 +34,8 @@ services:
       cpus: '0.5'
       memory: 512M
   env_file:
-   - ${ENV_VARS_DIRECTORY}/.env_srv
+   - path: ${ENV_VARS_DIRECTORY}/.env_srv
+     required: true
    - path: ${ENV_VARS_DIRECTORY}/.env_srv_override
      required: false
   networks:
@@ -58,8 +59,8 @@ services:
    - net.ipv4.conf.all.send_redirects=0
 #   - net.ipv4.ping_group_range=0 1995
   labels:
-   com.zabbix.company: "Zabbix LLC"
-   com.zabbix.component: "zabbix-server"
+   com.zabbix.company: "Zabbix SIA"
+   com.zabbix.component: "server"
 
  server-mysql-db-init:
   init: true
@@ -73,7 +74,8 @@ services:
 #  volumes:
 #   - dbsocket:/var/run/mysqld/
   env_file:
-   - ${ENV_VARS_DIRECTORY}/.env_db_mysql
+   - path: ${ENV_VARS_DIRECTORY}/.env_db_mysql
+     required: true
   secrets:
    - MYSQL_USER
    - MYSQL_PASSWORD
@@ -99,7 +101,8 @@ services:
 #   - pgsql_socket:/var/run/postgresql
   command: init_db_only
   env_file:
-   - ${ENV_VARS_DIRECTORY}/.env_db_pgsql
+   - path: ${ENV_VARS_DIRECTORY}/.env_db_pgsql
+     required: true
   secrets:
    - POSTGRES_USER
    - POSTGRES_PASSWORD
@@ -117,7 +120,8 @@ services:
 #  volumes:
 #   - mysql_socket:/var/run/mysqld/
   env_file:
-   - ${ENV_VARS_DIRECTORY}/.env_db_mysql
+   - path: ${ENV_VARS_DIRECTORY}/.env_db_mysql
+     required: true
   secrets:
    - MYSQL_USER
    - MYSQL_PASSWORD
@@ -141,7 +145,8 @@ services:
 #   - ${ENV_VARS_DIRECTORY}/.ZBX_DB_KEY_FILE:/run/secrets/client-key.pem:ro
 #   - pgsql_socket:/var/run/postgresql
   env_file:
-   - ${ENV_VARS_DIRECTORY}/.env_db_pgsql
+   - path: ${ENV_VARS_DIRECTORY}/.env_db_pgsql
+     required: true
   secrets:
    - POSTGRES_USER
    - POSTGRES_PASSWORD
@@ -182,7 +187,8 @@ services:
       cpus: '0.3'
       memory: 256M
   env_file:
-   - ${ENV_VARS_DIRECTORY}/.env_prx
+   - path: ${ENV_VARS_DIRECTORY}/.env_prx
+     required: true
   networks:
    backend:
    frontend:
@@ -197,8 +203,8 @@ services:
    - net.ipv4.conf.all.send_redirects=0
 #   - net.ipv4.ping_group_range=0 1995
   labels:
-   com.zabbix.company: "Zabbix LLC"
-   com.zabbix.component: "zabbix-proxy"
+   com.zabbix.company: "Zabbix SIA"
+   com.zabbix.component: "proxy"
 
  proxy-sqlite3:
   extends:
@@ -210,7 +216,8 @@ services:
      protocol: tcp
      app_protocol: zabbix-trapper
   env_file:
-   - ${ENV_VARS_DIRECTORY}/.env_prx_sqlite3
+   - path: ${ENV_VARS_DIRECTORY}/.env_prx_sqlite3
+     required: true
    - path: ${ENV_VARS_DIRECTORY}/.env_prx_sqlite3_override
      required: false
   networks:
@@ -234,7 +241,8 @@ services:
 #  volumes:
 #   - dbsocket:/var/run/mysqld/
   env_file:
-   - ${ENV_VARS_DIRECTORY}/.env_db_mysql_proxy
+   - path: ${ENV_VARS_DIRECTORY}/.env_db_mysql_proxy
+     required: true
   secrets:
    - MYSQL_USER
    - MYSQL_PASSWORD
@@ -261,8 +269,10 @@ services:
 #  volumes:
 #   - mysql_socket:/var/run/mysqld/
   env_file:
-   - ${ENV_VARS_DIRECTORY}/.env_db_mysql_proxy
-   - ${ENV_VARS_DIRECTORY}/.env_prx_mysql
+   - path: ${ENV_VARS_DIRECTORY}/.env_db_mysql_proxy
+     required: true
+   - path: ${ENV_VARS_DIRECTORY}/.env_prx_mysql
+     required: true
    - path: ${ENV_VARS_DIRECTORY}/.env_prx_mysql_override
      required: false
   secrets:
@@ -302,7 +312,9 @@ services:
    - /etc/localtime:/etc/localtime:ro
    - ${DATA_DIRECTORY}/etc/ssl/apache2:/etc/ssl/apache2:ro
    - ${DATA_DIRECTORY}/usr/share/zabbix/modules/:/usr/share/zabbix/modules/:ro
-  tmpfs: /tmp
+  tmpfs:
+   - /tmp
+   - /var/lib/php/session:mode=770,uid=1997,gid=1995
   deploy:
    resources:
     limits:
@@ -312,15 +324,17 @@ services:
       cpus: '0.5'
       memory: 256M
   env_file:
-   - ${ENV_VARS_DIRECTORY}/.env_web
+   - path: ${ENV_VARS_DIRECTORY}/.env_web
+     required: true
    - path: ${ENV_VARS_DIRECTORY}/.env_web_override
      required: false
   healthcheck:
-   test: ["CMD", "curl", "-f", "http://localhost:8080/"]
-   interval: 10s
-   timeout: 5s
+   test: ["CMD", "curl", "-f", "http://localhost:8080/ping"]
+   interval: 1m30s
+   timeout: 3s
    retries: 3
-   start_period: 30s
+   start_period: 40s
+   start_interval: 5s
   networks:
    database:
    backend:
@@ -329,8 +343,8 @@ services:
   sysctls:
    - net.core.somaxconn=65535
   labels:
-   com.zabbix.company: "Zabbix LLC"
-   com.zabbix.component: "zabbix-frontend"
+   com.zabbix.company: "Zabbix SIA"
+   com.zabbix.component: "frontend"
    com.zabbix.webserver: "apache2"
 
  web-apache-mysql:
@@ -339,7 +353,8 @@ services:
 #  volumes:
 #   - mysql_socket:/var/run/mysqld/
   env_file:
-   - ${ENV_VARS_DIRECTORY}/.env_db_mysql
+   - path: ${ENV_VARS_DIRECTORY}/.env_db_mysql
+     required: true
   secrets:
    - MYSQL_USER
    - MYSQL_PASSWORD
@@ -359,7 +374,8 @@ services:
 #   - ${ENV_VARS_DIRECTORY}/.ZBX_DB_KEY_FILE:/run/secrets/client-key.pem:ro
 #   - pgsql_socket:/var/run/postgresql
   env_file:
-   - ${ENV_VARS_DIRECTORY}/.env_db_pgsql
+   - path: ${ENV_VARS_DIRECTORY}/.env_db_pgsql
+     required: true
   secrets:
    - POSTGRES_USER
    - POSTGRES_PASSWORD
@@ -389,7 +405,9 @@ services:
    - /etc/localtime:/etc/localtime:ro
    - ${DATA_DIRECTORY}/etc/ssl/nginx:/etc/ssl/nginx:ro
    - ${DATA_DIRECTORY}/usr/share/zabbix/modules/:/usr/share/zabbix/modules/:ro
-  tmpfs: /tmp
+  tmpfs:
+   - /tmp
+   - /var/lib/php/session:mode=770,uid=1997,gid=1995
   deploy:
    resources:
     limits:
@@ -399,15 +417,17 @@ services:
       cpus: '0.5'
       memory: 256M
   env_file:
-   - ${ENV_VARS_DIRECTORY}/.env_web
+   - path: ${ENV_VARS_DIRECTORY}/.env_web
+     required: true
    - path: ${ENV_VARS_DIRECTORY}/.env_web_override
      required: false
   healthcheck:
    test: ["CMD", "curl", "-f", "http://localhost:8080/ping"]
-   interval: 10s
-   timeout: 5s
+   interval: 1m30s
+   timeout: 3s
    retries: 3
-   start_period: 30s
+   start_period: 40s
+   start_interval: 5s
   networks:
    database:
    backend:
@@ -416,8 +436,8 @@ services:
   sysctls:
    - net.core.somaxconn=65535
   labels:
-   com.zabbix.company: "Zabbix LLC"
-   com.zabbix.component: "zabbix-frontend"
+   com.zabbix.company: "Zabbix SIA"
+   com.zabbix.component: "frontend"
    com.zabbix.webserver: "nginx"
 
  web-nginx-mysql:
@@ -450,7 +470,8 @@ services:
 #   - ${ENV_VARS_DIRECTORY}/.ZBX_DB_KEY_FILE:/run/secrets/client-key.pem:ro
 #   - pgsql_socket:/var/run/postgresql
   env_file:
-   - ${ENV_VARS_DIRECTORY}/.env_db_pgsql
+   - path: ${ENV_VARS_DIRECTORY}/.env_db_pgsql
+     required: true
   secrets:
    - POSTGRES_USER
    - POSTGRES_PASSWORD
@@ -493,7 +514,8 @@ services:
       memory: 64M
    mode: global
   env_file:
-   - ${ENV_VARS_DIRECTORY}/.env_agent
+   - path: ${ENV_VARS_DIRECTORY}/.env_agent
+     required: true
    - path: ${ENV_VARS_DIRECTORY}/.env_agent_override
      required: false
   privileged: true
@@ -506,8 +528,8 @@ services:
   stop_grace_period: 5s
   labels:
    com.zabbix.description: "Zabbix agent"
-   com.zabbix.company: "Zabbix LLC"
-   com.zabbix.component: "zabbix-agentd"
+   com.zabbix.company: "Zabbix SIA"
+   com.zabbix.component: "agent"
 
  agent2:
   init: true
@@ -544,7 +566,8 @@ services:
       memory: 64M
    mode: global
   env_file:
-   - ${ENV_VARS_DIRECTORY}/.env_agent
+   - path: ${ENV_VARS_DIRECTORY}/.env_agent
+     required: true
    - path: ${ENV_VARS_DIRECTORY}/.env_agent_override
      required: false
   privileged: true
@@ -557,8 +580,8 @@ services:
   stop_grace_period: 5s
   labels:
    com.zabbix.description: "Zabbix agent 2"
-   com.zabbix.company: "Zabbix LLC"
-   com.zabbix.component: "zabbix-agent2"
+   com.zabbix.company: "Zabbix SIA"
+   com.zabbix.component: "agent2"
 
  java-gateway:
   profiles:
@@ -580,7 +603,8 @@ services:
       cpus: '0.25'
       memory: 256M
   env_file:
-   - ${ENV_VARS_DIRECTORY}/.env_java
+   - path: ${ENV_VARS_DIRECTORY}/.env_java
+     required: true
    - path: ${ENV_VARS_DIRECTORY}/.env_java_override
      required: false
   networks:
@@ -591,7 +615,7 @@ services:
   stop_grace_period: 5s
   labels:
    com.zabbix.description: "Zabbix Java Gateway"
-   com.zabbix.company: "Zabbix LLC"
+   com.zabbix.company: "Zabbix SIA"
    com.zabbix.component: "java-gateway"
 
  snmptraps:
@@ -622,7 +646,8 @@ services:
       cpus: '0.25'
       memory: 128M
   env_file:
-   - ${ENV_VARS_DIRECTORY}/.env_snmptraps
+   - path: ${ENV_VARS_DIRECTORY}/.env_snmptraps
+     required: true
    - path: ${ENV_VARS_DIRECTORY}/.env_snmptraps_override
      required: false
   networks:
@@ -633,7 +658,7 @@ services:
   stop_grace_period: 5s
   labels:
    com.zabbix.description: "Zabbix snmptraps"
-   com.zabbix.company: "Zabbix LLC"
+   com.zabbix.company: "Zabbix SIA"
    com.zabbix.component: "snmptraps"
 
  web-service:
@@ -647,6 +672,7 @@ services:
      protocol: tcp
   restart: "${RESTART_POLICY}"
   attach: false
+  read_only: true
   volumes:
    - ${DATA_DIRECTORY}/var/lib/zabbix/enc:/var/lib/zabbix/enc:ro
   tmpfs: /tmp
@@ -661,7 +687,8 @@ services:
       cpus: '0.25'
       memory: 256M
   env_file:
-   - ${ENV_VARS_DIRECTORY}/.env_web_service
+   - path: ${ENV_VARS_DIRECTORY}/.env_web_service
+     required: true
    - path: ${ENV_VARS_DIRECTORY}/.env_web_service_override
      required: false
   networks:
@@ -671,5 +698,5 @@ services:
   stop_grace_period: 5s
   labels:
    com.zabbix.description: "Zabbix web service"
-   com.zabbix.company: "Zabbix LLC"
+   com.zabbix.company: "Zabbix SIA"
    com.zabbix.component: "web-service"