Dockerfile.shared-httpd

FROM almalinux/10-base

# Install Apache and minimal dependencies (no PHP at all)
RUN dnf install -y \
      https://dl.fedoraproject.org/pub/epel/epel-release-latest-10.noarch.rpm && \
    dnf update -y && \
    dnf install -y httpd mod_ssl openssl iproute cronie procps curl && \
    dnf clean all && \
    rm -rf /var/cache/dnf /usr/share/doc /usr/share/man /usr/share/locale/*

# Copy scripts and set permissions
COPY ./scripts/detect-memory.sh /scripts/detect-memory.sh
COPY ./scripts/create-apache-mpm-config.sh /scripts/create-apache-mpm-config.sh
COPY ./scripts/log-rotate.sh /scripts/log-rotate.sh
COPY ./scripts/entrypoint-shared-httpd.sh /scripts/entrypoint-shared-httpd.sh
COPY ./scripts/tune-mpm.sh /scripts/tune-mpm.sh
RUN chmod +x /scripts/*

# Generate self-signed SSL cert (same as main CAC image)
RUN openssl req -newkey rsa:2048 -nodes \
      -keyout /etc/pki/tls/private/localhost.key \
      -x509 -days 3650 -subj "/CN=localhost" \
      -out /etc/pki/tls/certs/localhost.crt

# Copy Apache configs
COPY ./configs/remote_ip.conf /etc/httpd/conf.d/
COPY ./configs/default-index.conf /etc/httpd/conf.d/

# Create vhosts directory (will be volume-mounted from host)
RUN mkdir -p /etc/httpd/conf.d/vhosts

# Set up cron job for log rotation
RUN echo "15 */12 * * * root /scripts/log-rotate.sh" >> /etc/crontab

EXPOSE 80 443

HEALTHCHECK --interval=30s --timeout=5s --start-period=60s --retries=3 \
  CMD curl -sfk https://localhost/ping || exit 1

ENTRYPOINT [ "/scripts/entrypoint-shared-httpd.sh" ]
Upgrade base image from AlmaLinux 9 to AlmaLinux 10 Bump all three Dockerfiles to almalinux/10-base with matching EPEL 10 and Remi 10 repository URLs. AlmaLinux 10.1 has been stable since Nov 2025. All PHP versions (7.4-8.5) confirmed available via Remi for EL10. Also removes --allowerasing from shared-httpd Dockerfile since AL10 base does not ship curl-minimal. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> 2026-04-01 10:55:26 -07:00			`FROM almalinux/10-base`
Add shared httpd + PHP-FPM-only container architecture Separate Apache and PHP-FPM into distinct container roles to reduce per-customer memory overhead on shared servers. Adds three new images: - Dockerfile.fpm: PHP-FPM only (no Apache), listens on TCP port 9000 - Dockerfile.shared-httpd: Apache only (no PHP), with SSL and proxy_fcgi - Existing Dockerfile unchanged for standalone mode Key changes: - detect-memory.sh: CONTAINER_ROLE env var (combined/fpm_only/httpd_only) controls the memory budget split - create-php-config.sh: FPM_LISTEN env var for TCP port vs Unix socket, added /fpm-ping and /fpm-status health endpoints - New entrypoints for each container role - tune-mpm.sh for hot-adjusting Apache MPM settings - shared-vhost-template.tpl with proxy_fcgi and SSL on port 443 - CI/CD builds all three image types in parallel Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> 2026-04-01 10:08:00 -07:00
			`# Install Apache and minimal dependencies (no PHP at all)`
			`RUN dnf install -y \`
Upgrade base image from AlmaLinux 9 to AlmaLinux 10 Bump all three Dockerfiles to almalinux/10-base with matching EPEL 10 and Remi 10 repository URLs. AlmaLinux 10.1 has been stable since Nov 2025. All PHP versions (7.4-8.5) confirmed available via Remi for EL10. Also removes --allowerasing from shared-httpd Dockerfile since AL10 base does not ship curl-minimal. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> 2026-04-01 10:55:26 -07:00			`https://dl.fedoraproject.org/pub/epel/epel-release-latest-10.noarch.rpm && \`
Add shared httpd + PHP-FPM-only container architecture Separate Apache and PHP-FPM into distinct container roles to reduce per-customer memory overhead on shared servers. Adds three new images: - Dockerfile.fpm: PHP-FPM only (no Apache), listens on TCP port 9000 - Dockerfile.shared-httpd: Apache only (no PHP), with SSL and proxy_fcgi - Existing Dockerfile unchanged for standalone mode Key changes: - detect-memory.sh: CONTAINER_ROLE env var (combined/fpm_only/httpd_only) controls the memory budget split - create-php-config.sh: FPM_LISTEN env var for TCP port vs Unix socket, added /fpm-ping and /fpm-status health endpoints - New entrypoints for each container role - tune-mpm.sh for hot-adjusting Apache MPM settings - shared-vhost-template.tpl with proxy_fcgi and SSL on port 443 - CI/CD builds all three image types in parallel Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> 2026-04-01 10:08:00 -07:00			`dnf update -y && \`
Add openssl to package installs for AlmaLinux 10 AlmaLinux 10 base image does not include openssl by default (AL9 did). Add it explicitly to all three Dockerfiles since it's needed for self-signed cert generation. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> 2026-04-01 11:11:10 -07:00			`dnf install -y httpd mod_ssl openssl iproute cronie procps curl && \`
Add shared httpd + PHP-FPM-only container architecture Separate Apache and PHP-FPM into distinct container roles to reduce per-customer memory overhead on shared servers. Adds three new images: - Dockerfile.fpm: PHP-FPM only (no Apache), listens on TCP port 9000 - Dockerfile.shared-httpd: Apache only (no PHP), with SSL and proxy_fcgi - Existing Dockerfile unchanged for standalone mode Key changes: - detect-memory.sh: CONTAINER_ROLE env var (combined/fpm_only/httpd_only) controls the memory budget split - create-php-config.sh: FPM_LISTEN env var for TCP port vs Unix socket, added /fpm-ping and /fpm-status health endpoints - New entrypoints for each container role - tune-mpm.sh for hot-adjusting Apache MPM settings - shared-vhost-template.tpl with proxy_fcgi and SSL on port 443 - CI/CD builds all three image types in parallel Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> 2026-04-01 10:08:00 -07:00			`dnf clean all && \`
			`rm -rf /var/cache/dnf /usr/share/doc /usr/share/man /usr/share/locale/*`

			`# Copy scripts and set permissions`
			`COPY ./scripts/detect-memory.sh /scripts/detect-memory.sh`
			`COPY ./scripts/create-apache-mpm-config.sh /scripts/create-apache-mpm-config.sh`
			`COPY ./scripts/log-rotate.sh /scripts/log-rotate.sh`
			`COPY ./scripts/entrypoint-shared-httpd.sh /scripts/entrypoint-shared-httpd.sh`
			`COPY ./scripts/tune-mpm.sh /scripts/tune-mpm.sh`
			`RUN chmod +x /scripts/*`

			`# Generate self-signed SSL cert (same as main CAC image)`
			`RUN openssl req -newkey rsa:2048 -nodes \`
			`-keyout /etc/pki/tls/private/localhost.key \`
			`-x509 -days 3650 -subj "/CN=localhost" \`
			`-out /etc/pki/tls/certs/localhost.crt`

			`# Copy Apache configs`
			`COPY ./configs/remote_ip.conf /etc/httpd/conf.d/`
			`COPY ./configs/default-index.conf /etc/httpd/conf.d/`

			`# Create vhosts directory (will be volume-mounted from host)`
			`RUN mkdir -p /etc/httpd/conf.d/vhosts`

			`# Set up cron job for log rotation`
			`RUN echo "15 /12 * * root /scripts/log-rotate.sh" >> /etc/crontab`

			`EXPOSE 80 443`

			`HEALTHCHECK --interval=30s --timeout=5s --start-period=60s --retries=3 \`
			`CMD curl -sfk https://localhost/ping \|\| exit 1`

			`ENTRYPOINT [ "/scripts/entrypoint-shared-httpd.sh" ]`