FROM debian:trixie-20260316 WORKDIR /data # Install base packages + Apache + PHP repo RUN apt-get update && apt-get install -y \ lsb-release \ ca-certificates \ curl \ logrotate \ ssl-cert \ apache2 \ && echo "ServerName localhost" >> /etc/apache2/apache2.conf \ \ # Add Sury PHP repo && curl -sSLo /tmp/debsuryorg-archive-keyring.deb https://packages.sury.org/debsuryorg-archive-keyring.deb \ && dpkg -i /tmp/debsuryorg-archive-keyring.deb \ && echo "deb [signed-by=/usr/share/keyrings/deb.sury.org-php.gpg] https://packages.sury.org/php/ $(lsb_release -sc) main" > /etc/apt/sources.list.d/php.list \ \ && apt-get update \ \ # Install PHP 8.5 + extensions && apt-get install -y \ php8.5 \ php8.5-cli \ php8.5-fpm \ php8.5-mysql \ php8.5-xml \ php8.5-mbstring \ php8.5-curl \ php8.5-zip \ php8.5-redis \ \ # Cleanup && apt-get autoremove -y \ && apt-get clean \ && rm -rf /var/lib/apt/lists/* /tmp/* # Apache + PHP-FPM configuration + performance tuning RUN \ # Enable modules a2enmod proxy_fcgi setenvif expires headers rewrite remoteip socache_shmcb ssl deflate \ \ # Switch to MPM event && a2dismod mpm_prefork \ && a2enmod mpm_event \ \ # Enable PHP-FPM && a2enconf php8.5-fpm \ \ # Remote IP config && echo 'RemoteIPHeader X-Forwarded-For' > /etc/apache2/conf-available/remoteip.conf \ && echo 'RemoteIPTrustedProxy 127.0.0.1' >> /etc/apache2/conf-available/remoteip.conf \ && a2enconf remoteip \ && sed -ri 's/([[:space:]]*LogFormat[[:space:]]+"[^"]*)%h([^"]*")/\1%a\2/g' /etc/apache2/*.conf \ \ # Security headers && echo 'Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"' >> /etc/apache2/conf-available/security.conf \ && echo 'Header always set X-Content-Type-Options "nosniff"' >> /etc/apache2/conf-available/security.conf \ && echo 'Header always set X-Frame-Options "SAMEORIGIN"' >> /etc/apache2/conf-available/security.conf \ \ # Compression && echo 'AddOutputFilterByType DEFLATE text/html text/plain text/xml text/css application/javascript application/json' > /etc/apache2/conf-available/compression.conf \ && a2enconf compression \ \ # KeepAlive tuning && cat < /etc/apache2/conf-available/keepalive.conf KeepAlive On MaxKeepAliveRequests 100 KeepAliveTimeout 2 EOF \ && a2enconf keepalive \ \ # MPM Event tuning && cat < /etc/apache2/conf-available/mpm-event-tuning.conf StartServers 2 MinSpareThreads 25 MaxSpareThreads 75 ThreadLimit 64 ThreadsPerChild 25 MaxRequestWorkers 150 MaxConnectionsPerChild 1000 EOF \ && a2enconf mpm-event-tuning \ \ # Logrotate && cat < /etc/logrotate.d/apache2 /var/log/apache2/*.log { weekly missingok rotate 4 compress delaycompress notifempty create 640 root adm } EOF # PHP-FPM tuning RUN sed -i 's/^pm = .*/pm = dynamic/' /etc/php/8.5/fpm/pool.d/www.conf && \ sed -i 's/^pm.max_children = .*/pm.max_children = 20/' /etc/php/8.5/fpm/pool.d/www.conf && \ sed -i 's/^pm.start_servers = .*/pm.start_servers = 2/' /etc/php/8.5/fpm/pool.d/www.conf && \ sed -i 's/^pm.min_spare_servers = .*/pm.min_spare_servers = 2/' /etc/php/8.5/fpm/pool.d/www.conf && \ sed -i 's/^pm.max_spare_servers = .*/pm.max_spare_servers = 5/' /etc/php/8.5/fpm/pool.d/www.conf # PHP custom config RUN mkdir -p /php && echo "PHP_INI_SCAN_DIR=/php" > /etc/environment COPY php.ini /php/php.ini COPY 000-default.conf /etc/apache2/sites-available/000-default.conf EXPOSE 80 # Startup COPY start.sh /start.sh RUN chmod +x /start.sh CMD ["/start.sh"]