scripts/entrypoint-shared-httpd.sh

#!/usr/bin/env bash

export CONTAINER_ROLE="httpd_only"

if [ -z "$environment" ]; then
  environment="PROD"
fi

# Generate self-signed SSL cert if not already present
if [ ! -f /etc/pki/tls/certs/localhost.crt ]; then
  openssl req -newkey rsa:2048 -nodes \
    -keyout /etc/pki/tls/private/localhost.key \
    -x509 -days 3650 -subj "/CN=localhost" \
    -out /etc/pki/tls/certs/localhost.crt
fi

# Create log directory
mkdir -p /var/log/httpd

# Remove default configs that conflict
rm -f /etc/httpd/conf.d/userdir.conf

# Configure RemoteIP for Docker network
docker_network=$(ip addr show | grep eth0 | grep inet | awk -F " " '{print $2}')
if [ -n "$docker_network" ]; then
  echo "RemoteIPInternalProxy $docker_network" >> /etc/httpd/conf.d/remoteip.conf
fi

# Detect memory and calculate Apache MPM tuning
source /scripts/detect-memory.sh
echo "Container memory: ${CONTAINER_MEMORY_MB}MB | Apache workers=${APACHE_MAX_REQUEST_WORKERS} | Role=${CONTAINER_ROLE}"

# Generate MPM tuning config
/scripts/create-apache-mpm-config.sh

# Write SSL global config (matches standalone CAC behavior)
cat <<'EOF' > /etc/httpd/conf.d/ssl-global.conf
Listen 443 https
SSLPassPhraseDialog exec:/usr/libexec/httpd-ssl-pass-dialog
SSLSessionCache         shmcb:/run/httpd/sslcache(512000)
SSLSessionCacheTimeout  300
SSLCryptoDevice builtin
EOF

# Disable the default ssl.conf if present (we use per-vhost SSL)
if [ -f /etc/httpd/conf.d/ssl.conf ]; then
  mv /etc/httpd/conf.d/ssl.conf /etc/httpd/conf.d/ssl.conf.bak
fi

# Ensure vhosts directory exists and is included
mkdir -p /etc/httpd/conf.d/vhosts
if ! grep -q 'IncludeOptional conf.d/vhosts/' /etc/httpd/conf/httpd.conf; then
  echo 'IncludeOptional conf.d/vhosts/*.conf' >> /etc/httpd/conf/httpd.conf
fi

# Start Apache
/usr/sbin/httpd -k start

# Start cron for log rotation
/usr/sbin/crond

# Tail Apache logs (becomes PID 1 process)
# Use a loop to pick up new log files as vhosts are added.
# tail -f only watches files that exist at start time.
touch /var/log/httpd/error_log
TAIL_PID=""
while true; do
  LOG_FILES=$(find /var/log/httpd/ -name '*.log' -o -name '*_log' 2>/dev/null | sort)
  if [ -n "$TAIL_PID" ]; then
    kill "$TAIL_PID" 2>/dev/null
    wait "$TAIL_PID" 2>/dev/null
  fi
  tail -f $LOG_FILES &
  TAIL_PID=$!
  # Re-check for new log files every 60 seconds
  sleep 60
done
Add shared httpd + PHP-FPM-only container architecture Separate Apache and PHP-FPM into distinct container roles to reduce per-customer memory overhead on shared servers. Adds three new images: - Dockerfile.fpm: PHP-FPM only (no Apache), listens on TCP port 9000 - Dockerfile.shared-httpd: Apache only (no PHP), with SSL and proxy_fcgi - Existing Dockerfile unchanged for standalone mode Key changes: - detect-memory.sh: CONTAINER_ROLE env var (combined/fpm_only/httpd_only) controls the memory budget split - create-php-config.sh: FPM_LISTEN env var for TCP port vs Unix socket, added /fpm-ping and /fpm-status health endpoints - New entrypoints for each container role - tune-mpm.sh for hot-adjusting Apache MPM settings - shared-vhost-template.tpl with proxy_fcgi and SSL on port 443 - CI/CD builds all three image types in parallel Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> 2026-04-01 10:08:00 -07:00			`#!/usr/bin/env bash`

			`export CONTAINER_ROLE="httpd_only"`

			`if [ -z "$environment" ]; then`
			`environment="PROD"`
			`fi`

			`# Generate self-signed SSL cert if not already present`
			`if [ ! -f /etc/pki/tls/certs/localhost.crt ]; then`
			`openssl req -newkey rsa:2048 -nodes \`
			`-keyout /etc/pki/tls/private/localhost.key \`
			`-x509 -days 3650 -subj "/CN=localhost" \`
			`-out /etc/pki/tls/certs/localhost.crt`
			`fi`

			`# Create log directory`
			`mkdir -p /var/log/httpd`

			`# Remove default configs that conflict`
			`rm -f /etc/httpd/conf.d/userdir.conf`

			`# Configure RemoteIP for Docker network`
			`docker_network=$(ip addr show \| grep eth0 \| grep inet \| awk -F " " '{print $2}')`
			`if [ -n "$docker_network" ]; then`
			`echo "RemoteIPInternalProxy $docker_network" >> /etc/httpd/conf.d/remoteip.conf`
			`fi`

			`# Detect memory and calculate Apache MPM tuning`
			`source /scripts/detect-memory.sh`
			`echo "Container memory: ${CONTAINER_MEMORY_MB}MB \| Apache workers=${APACHE_MAX_REQUEST_WORKERS} \| Role=${CONTAINER_ROLE}"`

			`# Generate MPM tuning config`
			`/scripts/create-apache-mpm-config.sh`

			`# Write SSL global config (matches standalone CAC behavior)`
			`cat <<'EOF' > /etc/httpd/conf.d/ssl-global.conf`
			`Listen 443 https`
			`SSLPassPhraseDialog exec:/usr/libexec/httpd-ssl-pass-dialog`
			`SSLSessionCache shmcb:/run/httpd/sslcache(512000)`
			`SSLSessionCacheTimeout 300`
			`SSLCryptoDevice builtin`
			`EOF`

			`# Disable the default ssl.conf if present (we use per-vhost SSL)`
			`if [ -f /etc/httpd/conf.d/ssl.conf ]; then`
			`mv /etc/httpd/conf.d/ssl.conf /etc/httpd/conf.d/ssl.conf.bak`
			`fi`

			`# Ensure vhosts directory exists and is included`
			`mkdir -p /etc/httpd/conf.d/vhosts`
			`if ! grep -q 'IncludeOptional conf.d/vhosts/' /etc/httpd/conf/httpd.conf; then`
			`echo 'IncludeOptional conf.d/vhosts/*.conf' >> /etc/httpd/conf/httpd.conf`
			`fi`

			`# Start Apache`
			`/usr/sbin/httpd -k start`

			`# Start cron for log rotation`
			`/usr/sbin/crond`

			`# Tail Apache logs (becomes PID 1 process)`
Fix shared httpd log tailing for dynamically added vhosts The entrypoint used 'tail -f /var/log/httpd/*' which expands the glob at startup. Log files created later (when new vhost configs are added) were never tailed, so 'docker logs' showed nothing for sites added after the container started. Replaced with a loop that re-discovers log files every 60 seconds and restarts tail to include new ones. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> 2026-04-01 22:22:10 -07:00			`# Use a loop to pick up new log files as vhosts are added.`
			`# tail -f only watches files that exist at start time.`
Add shared httpd + PHP-FPM-only container architecture Separate Apache and PHP-FPM into distinct container roles to reduce per-customer memory overhead on shared servers. Adds three new images: - Dockerfile.fpm: PHP-FPM only (no Apache), listens on TCP port 9000 - Dockerfile.shared-httpd: Apache only (no PHP), with SSL and proxy_fcgi - Existing Dockerfile unchanged for standalone mode Key changes: - detect-memory.sh: CONTAINER_ROLE env var (combined/fpm_only/httpd_only) controls the memory budget split - create-php-config.sh: FPM_LISTEN env var for TCP port vs Unix socket, added /fpm-ping and /fpm-status health endpoints - New entrypoints for each container role - tune-mpm.sh for hot-adjusting Apache MPM settings - shared-vhost-template.tpl with proxy_fcgi and SSL on port 443 - CI/CD builds all three image types in parallel Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> 2026-04-01 10:08:00 -07:00			`touch /var/log/httpd/error_log`
Fix shared httpd log tailing for dynamically added vhosts The entrypoint used 'tail -f /var/log/httpd/*' which expands the glob at startup. Log files created later (when new vhost configs are added) were never tailed, so 'docker logs' showed nothing for sites added after the container started. Replaced with a loop that re-discovers log files every 60 seconds and restarts tail to include new ones. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> 2026-04-01 22:22:10 -07:00			`TAIL_PID=""`
			`while true; do`
			`LOG_FILES=$(find /var/log/httpd/ -name '.log' -o -name '_log' 2>/dev/null \| sort)`
			`if [ -n "$TAIL_PID" ]; then`
			`kill "$TAIL_PID" 2>/dev/null`
			`wait "$TAIL_PID" 2>/dev/null`
			`fi`
			`tail -f $LOG_FILES &`
			`TAIL_PID=$!`
			`# Re-check for new log files every 60 seconds`
			`sleep 60`
			`done`