FROM registry.hub.docker.com/library/debian:bookworm-slim
ENV APACHE_RUN_DIR=/run/apache2 \
    APACHE_LOCK_DIR=/var/lock/apache2 \
    APACHE_LOG_DIR=/var/log/apache2 \
    APACHE_RUN_USER=www-data \
    APACHE_RUN_GROUP=www-data \
    APACHE_PID_FILE=/run/apache2/apache2.pid
# hadolint ignore=DL3008,DL3015
RUN apt-get update && \
    DEBIAN_FRONTEND=noninteractive apt-get install -y \
        apache2 \
        libcap2-bin \
        wget \
    && \
    setcap CAP_NET_BIND_SERVICE=+ep /usr/sbin/apache2 && \
    DEBIAN_FRONTEND=noninteractive apt-get purge --auto-remove -y libcap2-bin && \
    a2enmod status && \
    sed -i "s@combined@combined expr=\!(%{REMOTE_HOST}=='127.0.0.1'\&\&%{HTTP_USER_AGENT}=='Healthcheck')@" /etc/apache2/sites-available/000-default.conf && \
    sed -i 's@Require local@Require ip 127.0.0.1/8 10.0.0.0/8 172.16.0.0/12 192.0.0.0/24@' /etc/apache2/mods-available/status.conf && \
    install -d -o "$APACHE_RUN_USER" -g "$APACHE_RUN_GROUP" -m 755 "$APACHE_RUN_DIR" && \
    install -d -o "$APACHE_RUN_USER" -g "$APACHE_RUN_GROUP" -m 755 "$APACHE_LOCK_DIR" && \
    install -d -o "$APACHE_RUN_USER" -g "$APACHE_RUN_GROUP" -m 755 "$APACHE_LOG_DIR" && \
    ln -sf /dev/stdout "$APACHE_LOG_DIR/access.log" && \
    ln -sf /dev/stderr "$APACHE_LOG_DIR/error.log" && \
    ln -sf /dev/stdout "$APACHE_LOG_DIR/other_vhosts_access.log" && \
    rm -rf /tmp/* /var/tmp/* /var/lib/apt/lists/* /var/cache/apt/archives/*
RUN apache2 -t
EXPOSE 80
CMD [ "apache2", "-DFOREGROUND" ]
USER "www-data"
WORKDIR /var/www
HEALTHCHECK CMD wget --spider --quiet http://localhost/server-status --user-agent 'Healthcheck' || exit 1
