From 64e5bc57a1c376cb1391fbcfad356cf6f1fe1bd2 Mon Sep 17 00:00:00 2001
From: nenych <nenych.m@gmail.com>
Date: Fri, 27 Mar 2026 18:12:08 +0100
Subject: [PATCH] Update logging, add include folder for custom locations

---
 README.md                                     | 11 ++++++
 alpine-php-wordpress-aarch64/Dockerfile       |  5 ++-
 alpine-php-wordpress-aarch64/files/nginx.conf | 39 ++++++++++---------
 .../files/php-fpm.conf                        |  6 ++-
 alpine-php-wordpress-aarch64/files/run.sh     | 28 +++++++------
 alpine-php-wordpress-amd64/Dockerfile         |  5 ++-
 alpine-php-wordpress-amd64/files/nginx.conf   | 39 ++++++++++---------
 alpine-php-wordpress-amd64/files/php-fpm.conf |  6 ++-
 alpine-php-wordpress-amd64/files/run.sh       | 28 +++++++------
 alpine-php-wordpress-armhf/Dockerfile         |  5 ++-
 alpine-php-wordpress-armhf/files/nginx.conf   | 39 ++++++++++---------
 alpine-php-wordpress-armhf/files/php-fpm.conf |  6 ++-
 alpine-php-wordpress-armhf/files/run.sh       | 28 +++++++------
 13 files changed, 146 insertions(+), 99 deletions(-)

diff --git a/README.md b/README.md
index 0834b70..95455a0 100644
--- a/README.md
+++ b/README.md
@@ -91,6 +91,16 @@ mkdir -p /data/example-com/html
 docker run -e VIRTUAL_HOST=www.example.com,example.com -v /data/example-com/html:/usr/html -p 80:80 yobasystems/alpine-php-wordpress:latest
 ```
 
+### Nginx access logs
+
+Nginx access logs (including blocked/security logs) are enabled by default and written to stdout.
+
+To disable all nginx access logs (for example, if Envoy already captures request logs), set `NGINX_ACCESS_LOG=off`.
+
+```bash
+docker run -e NGINX_ACCESS_LOG=off -e VIRTUAL_HOST=www.example.com,example.com -v /data/example-com/html:/usr/html -p 80:80 yobasystems/alpine-php-wordpress:latest
+```
+
 The following user and group id are used, the files should be set to this:
 User ID:1001
 Group ID: 1001
@@ -249,6 +259,7 @@ wordpress:
   image: yobasystems/alpine-php-wordpress:latest
   environment:
     VIRTUAL_HOST: example.com
+    NGINX_ACCESS_LOG: "off" # optional
   expose:
     - "80"
   volumes:
diff --git a/alpine-php-wordpress-aarch64/Dockerfile b/alpine-php-wordpress-aarch64/Dockerfile
index 5b921c6..a37eb71 100644
--- a/alpine-php-wordpress-aarch64/Dockerfile
+++ b/alpine-php-wordpress-aarch64/Dockerfile
@@ -47,7 +47,10 @@ ADD files/nginx.conf /etc/nginx/
 ADD files/php-fpm.conf /etc/php84/
 ADD files/run.sh /
 RUN chmod +x /run.sh && \
-    curl -O https://raw.githubusercontent.com/wp-cli/builds/gh-pages/phar/wp-cli.phar && chmod +x wp-cli.phar && mv wp-cli.phar /usr/bin/wp-cli && chown nginx:nginx /usr/bin/wp-cli
+    curl -O https://raw.githubusercontent.com/wp-cli/builds/gh-pages/phar/wp-cli.phar && chmod +x wp-cli.phar && mv wp-cli.phar /usr/bin/wp-cli && chown nginx:nginx /usr/bin/wp-cli && \
+    mkdir -p /usr/html /tmp/nginx /etc/nginx/server_includes && \
+    chown -R nginx:www-data /usr/html && \
+    chown nginx:nginx /tmp/nginx
 
 EXPOSE 80
 VOLUME ["/usr/html"]
diff --git a/alpine-php-wordpress-aarch64/files/nginx.conf b/alpine-php-wordpress-aarch64/files/nginx.conf
index b8c647f..210d219 100644
--- a/alpine-php-wordpress-aarch64/files/nginx.conf
+++ b/alpine-php-wordpress-aarch64/files/nginx.conf
@@ -17,7 +17,7 @@ http {
   include    /etc/nginx/mime.types;
   include    /etc/nginx/fastcgi.conf;
   default_type application/octet-stream;
-  access_log stdout;
+  access_log /dev/stdout;
   tcp_nopush   on;
   client_body_temp_path /tmp/nginx/body 1 2;
   fastcgi_temp_path /tmp/nginx/fastcgi_temp 1 2;
@@ -36,10 +36,11 @@ http {
 
     root /usr/html;
     index  index.php index.html index.htm;
-    access_log stdout;
+    access_log /dev/stdout;
     error_log stderr notice;
 
     disable_symlinks off;
+    include /etc/nginx/server_includes/*.conf;
 
     location = /robots.txt {
       allow all;
@@ -73,29 +74,29 @@ http {
     }
 
     ## Block SQL injections
-    location ~* union.*select.*\( { access_log /usr/logs/nginx/blocked.log blocked; deny all; }
-    location ~* union.*all.*select.* { access_log /usr/logs/nginx/blocked.log blocked; deny all; }
-    location ~* concat.*\( { access_log /usr/logs/nginx/blocked.log blocked; deny all; }
+    location ~* union.*select.*\( { access_log /dev/stdout blocked; deny all; }
+    location ~* union.*all.*select.* { access_log /dev/stdout blocked; deny all; }
+    location ~* concat.*\( { access_log /dev/stdout blocked; deny all; }
 
     ## Block common exploits
-    location ~* (<|%3C).*script.*(>|%3E) { access_log /usr/logs/nginx/blocked.log blocked; deny all; }
-    location ~* base64_(en|de)code\(.*\) { access_log /usr/logs/nginx/blocked.log blocked; deny all; }
-    location ~* (%24&x) { access_log /usr/logs/nginx/blocked.log blocked; deny all; }
-    location ~* (%0|%A|%B|%C|%D|%E|%F|127\.0) { access_log /usr/logs/nginx/blocked.log blocked; deny all; }
-    location ~* \.\.\/  { access_log /usr/logs/nginx/blocked.log blocked; deny all; }
-    location ~* ~$ { access_log /usr/logs/nginx/blocked.log blocked; deny all; }
-    location ~* proc/self/environ { access_log /usr/logs/nginx/blocked.log blocked; deny all; }
-    location ~* /\.(htaccess|htpasswd|svn) { access_log /usr/logs/nginx/blocked.log blocked; deny all; }
+    location ~* (<|%3C).*script.*(>|%3E) { access_log /dev/stdout blocked; deny all; }
+    location ~* base64_(en|de)code\(.*\) { access_log /dev/stdout blocked; deny all; }
+    location ~* (%24&x) { access_log /dev/stdout blocked; deny all; }
+    location ~* (%0|%A|%B|%C|%D|%E|%F|127\.0) { access_log /dev/stdout blocked; deny all; }
+    location ~* \.\.\/  { access_log /dev/stdout blocked; deny all; }
+    location ~* ~$ { access_log /dev/stdout blocked; deny all; }
+    location ~* proc/self/environ { access_log /dev/stdout blocked; deny all; }
+    location ~* /\.(htaccess|htpasswd|svn) { access_log /dev/stdout blocked; deny all; }
 
     ## Block file injections
-    location ~* [a-zA-Z0-9_]=(\.\.//?)+ { access_log /usr/logs/nginx/blocked.log blocked; deny all; }
-    location ~* [a-zA-Z0-9_]=/([a-z0-9_.]//?)+ { access_log /usr/logs/nginx/blocked.log blocked; deny all; }
+    location ~* [a-zA-Z0-9_]=(\.\.//?)+ { access_log /dev/stdout blocked; deny all; }
+    location ~* [a-zA-Z0-9_]=/([a-z0-9_.]//?)+ { access_log /dev/stdout blocked; deny all; }
 
     ## wordpress security
-    location ~* wp-config.php { access_log /usr/logs/nginx/blocked.log blocked; deny all; }
-    location ~* wp-admin/includes { access_log /usr/logs/nginx/blocked.log blocked; deny all; }
-    location ~* wp-app\.log { access_log /usr/logs/nginx/blocked.log blocked; deny all; }
-    location ~* (licence|readme|license)\.(html|txt) { access_log /usr/logs/nginx/blocked.log blocked; deny all; }
+    location ~* wp-config.php { access_log /dev/stdout blocked; deny all; }
+    location ~* wp-admin/includes { access_log /dev/stdout blocked; deny all; }
+    location ~* wp-app\.log { access_log /dev/stdout blocked; deny all; }
+    location ~* (licence|readme|license)\.(html|txt) { access_log /dev/stdout blocked; deny all; }
 
   }
 
diff --git a/alpine-php-wordpress-aarch64/files/php-fpm.conf b/alpine-php-wordpress-aarch64/files/php-fpm.conf
index 8aed3d4..a1e0529 100644
--- a/alpine-php-wordpress-aarch64/files/php-fpm.conf
+++ b/alpine-php-wordpress-aarch64/files/php-fpm.conf
@@ -1,4 +1,4 @@
-error_log = /usr/logs/php-fpm/php-fpm.log
+error_log = /proc/1/fd/2
 log_level = warning
 
 [www]
@@ -9,12 +9,16 @@ listen.owner = nginx
 listen.group = nginx
 pm = ondemand
 
+; Do not clear environment variables
+clear_env = no
+
 ; Total RAM dedicated to the web server / Max child process size
 pm.max_children = 75
 
 pm.process_idle_timeout = 10s
 pm.max_requests = 500
 chdir = /usr/html
+access.log = /proc/1/fd/1
 php_flag[display_errors] = on
 php_admin_value[memory_limit] = 128M
 php_admin_value[upload_max_filesize] = 32M
diff --git a/alpine-php-wordpress-aarch64/files/run.sh b/alpine-php-wordpress-aarch64/files/run.sh
index 594f3cf..d7bb67e 100644
--- a/alpine-php-wordpress-aarch64/files/run.sh
+++ b/alpine-php-wordpress-aarch64/files/run.sh
@@ -2,24 +2,28 @@
 
 [ -f /run-pre.sh ] && /run-pre.sh
 
-if [ ! -d /usr/html ] ; then
-  echo "[i] Creating directories..."
-  mkdir -p /usr/html
-  echo "[i] Fixing permissions..."
-  chown -R nginx:nginx /usr/html
-else
-  echo "[i] Fixing permissions..."
-  chown -R nginx:nginx /usr/html
-fi
+for entrypoint in /entrypoint.d/*.sh; do
+  [ -f "$entrypoint" ] || continue
+  echo "[i] Sourcing $entrypoint..."
+  . "$entrypoint"
+done
 
+echo "[i] Fixing permissions..."
 chown -R nginx:www-data /usr/html
 
+NGINX_ACCESS_LOG=${NGINX_ACCESS_LOG:-on}
+
+case "$NGINX_ACCESS_LOG" in
+[Oo][Ff][Ff] | [Ff][Aa][Ll][Ss][Ee] | 0 | [Nn][Oo])
+  echo "[i] Disabling nginx access logs..."
+  sed -i 's#access_log /dev/stdout blocked;#access_log off;#g' /etc/nginx/nginx.conf
+  sed -i 's#access_log /dev/stdout;#access_log off;#g' /etc/nginx/nginx.conf
+  ;;
+esac
+
 # start php-fpm
-mkdir -p /usr/logs/php-fpm
 php-fpm84
 
 # start nginx
-mkdir -p /usr/logs/nginx
-mkdir -p /tmp/nginx
 chown nginx /tmp/nginx
 nginx
diff --git a/alpine-php-wordpress-amd64/Dockerfile b/alpine-php-wordpress-amd64/Dockerfile
index 1159871..fd97478 100644
--- a/alpine-php-wordpress-amd64/Dockerfile
+++ b/alpine-php-wordpress-amd64/Dockerfile
@@ -47,7 +47,10 @@ ADD files/nginx.conf /etc/nginx/
 ADD files/php-fpm.conf /etc/php84/
 ADD files/run.sh /
 RUN chmod +x /run.sh && \
-    curl -O https://raw.githubusercontent.com/wp-cli/builds/gh-pages/phar/wp-cli.phar && chmod +x wp-cli.phar && mv wp-cli.phar /usr/bin/wp-cli && chown nginx:nginx /usr/bin/wp-cli
+    curl -O https://raw.githubusercontent.com/wp-cli/builds/gh-pages/phar/wp-cli.phar && chmod +x wp-cli.phar && mv wp-cli.phar /usr/bin/wp-cli && chown nginx:nginx /usr/bin/wp-cli && \
+    mkdir -p /usr/html /tmp/nginx /etc/nginx/server_includes && \
+    chown -R nginx:www-data /usr/html && \
+    chown nginx:nginx /tmp/nginx
 
 EXPOSE 80
 VOLUME ["/usr/html"]
diff --git a/alpine-php-wordpress-amd64/files/nginx.conf b/alpine-php-wordpress-amd64/files/nginx.conf
index b8c647f..210d219 100644
--- a/alpine-php-wordpress-amd64/files/nginx.conf
+++ b/alpine-php-wordpress-amd64/files/nginx.conf
@@ -17,7 +17,7 @@ http {
   include    /etc/nginx/mime.types;
   include    /etc/nginx/fastcgi.conf;
   default_type application/octet-stream;
-  access_log stdout;
+  access_log /dev/stdout;
   tcp_nopush   on;
   client_body_temp_path /tmp/nginx/body 1 2;
   fastcgi_temp_path /tmp/nginx/fastcgi_temp 1 2;
@@ -36,10 +36,11 @@ http {
 
     root /usr/html;
     index  index.php index.html index.htm;
-    access_log stdout;
+    access_log /dev/stdout;
     error_log stderr notice;
 
     disable_symlinks off;
+    include /etc/nginx/server_includes/*.conf;
 
     location = /robots.txt {
       allow all;
@@ -73,29 +74,29 @@ http {
     }
 
     ## Block SQL injections
-    location ~* union.*select.*\( { access_log /usr/logs/nginx/blocked.log blocked; deny all; }
-    location ~* union.*all.*select.* { access_log /usr/logs/nginx/blocked.log blocked; deny all; }
-    location ~* concat.*\( { access_log /usr/logs/nginx/blocked.log blocked; deny all; }
+    location ~* union.*select.*\( { access_log /dev/stdout blocked; deny all; }
+    location ~* union.*all.*select.* { access_log /dev/stdout blocked; deny all; }
+    location ~* concat.*\( { access_log /dev/stdout blocked; deny all; }
 
     ## Block common exploits
-    location ~* (<|%3C).*script.*(>|%3E) { access_log /usr/logs/nginx/blocked.log blocked; deny all; }
-    location ~* base64_(en|de)code\(.*\) { access_log /usr/logs/nginx/blocked.log blocked; deny all; }
-    location ~* (%24&x) { access_log /usr/logs/nginx/blocked.log blocked; deny all; }
-    location ~* (%0|%A|%B|%C|%D|%E|%F|127\.0) { access_log /usr/logs/nginx/blocked.log blocked; deny all; }
-    location ~* \.\.\/  { access_log /usr/logs/nginx/blocked.log blocked; deny all; }
-    location ~* ~$ { access_log /usr/logs/nginx/blocked.log blocked; deny all; }
-    location ~* proc/self/environ { access_log /usr/logs/nginx/blocked.log blocked; deny all; }
-    location ~* /\.(htaccess|htpasswd|svn) { access_log /usr/logs/nginx/blocked.log blocked; deny all; }
+    location ~* (<|%3C).*script.*(>|%3E) { access_log /dev/stdout blocked; deny all; }
+    location ~* base64_(en|de)code\(.*\) { access_log /dev/stdout blocked; deny all; }
+    location ~* (%24&x) { access_log /dev/stdout blocked; deny all; }
+    location ~* (%0|%A|%B|%C|%D|%E|%F|127\.0) { access_log /dev/stdout blocked; deny all; }
+    location ~* \.\.\/  { access_log /dev/stdout blocked; deny all; }
+    location ~* ~$ { access_log /dev/stdout blocked; deny all; }
+    location ~* proc/self/environ { access_log /dev/stdout blocked; deny all; }
+    location ~* /\.(htaccess|htpasswd|svn) { access_log /dev/stdout blocked; deny all; }
 
     ## Block file injections
-    location ~* [a-zA-Z0-9_]=(\.\.//?)+ { access_log /usr/logs/nginx/blocked.log blocked; deny all; }
-    location ~* [a-zA-Z0-9_]=/([a-z0-9_.]//?)+ { access_log /usr/logs/nginx/blocked.log blocked; deny all; }
+    location ~* [a-zA-Z0-9_]=(\.\.//?)+ { access_log /dev/stdout blocked; deny all; }
+    location ~* [a-zA-Z0-9_]=/([a-z0-9_.]//?)+ { access_log /dev/stdout blocked; deny all; }
 
     ## wordpress security
-    location ~* wp-config.php { access_log /usr/logs/nginx/blocked.log blocked; deny all; }
-    location ~* wp-admin/includes { access_log /usr/logs/nginx/blocked.log blocked; deny all; }
-    location ~* wp-app\.log { access_log /usr/logs/nginx/blocked.log blocked; deny all; }
-    location ~* (licence|readme|license)\.(html|txt) { access_log /usr/logs/nginx/blocked.log blocked; deny all; }
+    location ~* wp-config.php { access_log /dev/stdout blocked; deny all; }
+    location ~* wp-admin/includes { access_log /dev/stdout blocked; deny all; }
+    location ~* wp-app\.log { access_log /dev/stdout blocked; deny all; }
+    location ~* (licence|readme|license)\.(html|txt) { access_log /dev/stdout blocked; deny all; }
 
   }
 
diff --git a/alpine-php-wordpress-amd64/files/php-fpm.conf b/alpine-php-wordpress-amd64/files/php-fpm.conf
index 8aed3d4..a1e0529 100644
--- a/alpine-php-wordpress-amd64/files/php-fpm.conf
+++ b/alpine-php-wordpress-amd64/files/php-fpm.conf
@@ -1,4 +1,4 @@
-error_log = /usr/logs/php-fpm/php-fpm.log
+error_log = /proc/1/fd/2
 log_level = warning
 
 [www]
@@ -9,12 +9,16 @@ listen.owner = nginx
 listen.group = nginx
 pm = ondemand
 
+; Do not clear environment variables
+clear_env = no
+
 ; Total RAM dedicated to the web server / Max child process size
 pm.max_children = 75
 
 pm.process_idle_timeout = 10s
 pm.max_requests = 500
 chdir = /usr/html
+access.log = /proc/1/fd/1
 php_flag[display_errors] = on
 php_admin_value[memory_limit] = 128M
 php_admin_value[upload_max_filesize] = 32M
diff --git a/alpine-php-wordpress-amd64/files/run.sh b/alpine-php-wordpress-amd64/files/run.sh
index 594f3cf..d7bb67e 100644
--- a/alpine-php-wordpress-amd64/files/run.sh
+++ b/alpine-php-wordpress-amd64/files/run.sh
@@ -2,24 +2,28 @@
 
 [ -f /run-pre.sh ] && /run-pre.sh
 
-if [ ! -d /usr/html ] ; then
-  echo "[i] Creating directories..."
-  mkdir -p /usr/html
-  echo "[i] Fixing permissions..."
-  chown -R nginx:nginx /usr/html
-else
-  echo "[i] Fixing permissions..."
-  chown -R nginx:nginx /usr/html
-fi
+for entrypoint in /entrypoint.d/*.sh; do
+  [ -f "$entrypoint" ] || continue
+  echo "[i] Sourcing $entrypoint..."
+  . "$entrypoint"
+done
 
+echo "[i] Fixing permissions..."
 chown -R nginx:www-data /usr/html
 
+NGINX_ACCESS_LOG=${NGINX_ACCESS_LOG:-on}
+
+case "$NGINX_ACCESS_LOG" in
+[Oo][Ff][Ff] | [Ff][Aa][Ll][Ss][Ee] | 0 | [Nn][Oo])
+  echo "[i] Disabling nginx access logs..."
+  sed -i 's#access_log /dev/stdout blocked;#access_log off;#g' /etc/nginx/nginx.conf
+  sed -i 's#access_log /dev/stdout;#access_log off;#g' /etc/nginx/nginx.conf
+  ;;
+esac
+
 # start php-fpm
-mkdir -p /usr/logs/php-fpm
 php-fpm84
 
 # start nginx
-mkdir -p /usr/logs/nginx
-mkdir -p /tmp/nginx
 chown nginx /tmp/nginx
 nginx
diff --git a/alpine-php-wordpress-armhf/Dockerfile b/alpine-php-wordpress-armhf/Dockerfile
index 310cd39..23e20e5 100644
--- a/alpine-php-wordpress-armhf/Dockerfile
+++ b/alpine-php-wordpress-armhf/Dockerfile
@@ -47,7 +47,10 @@ ADD files/nginx.conf /etc/nginx/
 ADD files/php-fpm.conf /etc/php84/
 ADD files/run.sh /
 RUN chmod +x /run.sh && \
-    curl -O https://raw.githubusercontent.com/wp-cli/builds/gh-pages/phar/wp-cli.phar && chmod +x wp-cli.phar && mv wp-cli.phar /usr/bin/wp-cli && chown nginx:nginx /usr/bin/wp-cli
+    curl -O https://raw.githubusercontent.com/wp-cli/builds/gh-pages/phar/wp-cli.phar && chmod +x wp-cli.phar && mv wp-cli.phar /usr/bin/wp-cli && chown nginx:nginx /usr/bin/wp-cli && \
+    mkdir -p /usr/html /tmp/nginx /etc/nginx/server_includes && \
+    chown -R nginx:www-data /usr/html && \
+    chown nginx:nginx /tmp/nginx
 
 EXPOSE 80
 VOLUME ["/usr/html"]
diff --git a/alpine-php-wordpress-armhf/files/nginx.conf b/alpine-php-wordpress-armhf/files/nginx.conf
index b8c647f..210d219 100644
--- a/alpine-php-wordpress-armhf/files/nginx.conf
+++ b/alpine-php-wordpress-armhf/files/nginx.conf
@@ -17,7 +17,7 @@ http {
   include    /etc/nginx/mime.types;
   include    /etc/nginx/fastcgi.conf;
   default_type application/octet-stream;
-  access_log stdout;
+  access_log /dev/stdout;
   tcp_nopush   on;
   client_body_temp_path /tmp/nginx/body 1 2;
   fastcgi_temp_path /tmp/nginx/fastcgi_temp 1 2;
@@ -36,10 +36,11 @@ http {
 
     root /usr/html;
     index  index.php index.html index.htm;
-    access_log stdout;
+    access_log /dev/stdout;
     error_log stderr notice;
 
     disable_symlinks off;
+    include /etc/nginx/server_includes/*.conf;
 
     location = /robots.txt {
       allow all;
@@ -73,29 +74,29 @@ http {
     }
 
     ## Block SQL injections
-    location ~* union.*select.*\( { access_log /usr/logs/nginx/blocked.log blocked; deny all; }
-    location ~* union.*all.*select.* { access_log /usr/logs/nginx/blocked.log blocked; deny all; }
-    location ~* concat.*\( { access_log /usr/logs/nginx/blocked.log blocked; deny all; }
+    location ~* union.*select.*\( { access_log /dev/stdout blocked; deny all; }
+    location ~* union.*all.*select.* { access_log /dev/stdout blocked; deny all; }
+    location ~* concat.*\( { access_log /dev/stdout blocked; deny all; }
 
     ## Block common exploits
-    location ~* (<|%3C).*script.*(>|%3E) { access_log /usr/logs/nginx/blocked.log blocked; deny all; }
-    location ~* base64_(en|de)code\(.*\) { access_log /usr/logs/nginx/blocked.log blocked; deny all; }
-    location ~* (%24&x) { access_log /usr/logs/nginx/blocked.log blocked; deny all; }
-    location ~* (%0|%A|%B|%C|%D|%E|%F|127\.0) { access_log /usr/logs/nginx/blocked.log blocked; deny all; }
-    location ~* \.\.\/  { access_log /usr/logs/nginx/blocked.log blocked; deny all; }
-    location ~* ~$ { access_log /usr/logs/nginx/blocked.log blocked; deny all; }
-    location ~* proc/self/environ { access_log /usr/logs/nginx/blocked.log blocked; deny all; }
-    location ~* /\.(htaccess|htpasswd|svn) { access_log /usr/logs/nginx/blocked.log blocked; deny all; }
+    location ~* (<|%3C).*script.*(>|%3E) { access_log /dev/stdout blocked; deny all; }
+    location ~* base64_(en|de)code\(.*\) { access_log /dev/stdout blocked; deny all; }
+    location ~* (%24&x) { access_log /dev/stdout blocked; deny all; }
+    location ~* (%0|%A|%B|%C|%D|%E|%F|127\.0) { access_log /dev/stdout blocked; deny all; }
+    location ~* \.\.\/  { access_log /dev/stdout blocked; deny all; }
+    location ~* ~$ { access_log /dev/stdout blocked; deny all; }
+    location ~* proc/self/environ { access_log /dev/stdout blocked; deny all; }
+    location ~* /\.(htaccess|htpasswd|svn) { access_log /dev/stdout blocked; deny all; }
 
     ## Block file injections
-    location ~* [a-zA-Z0-9_]=(\.\.//?)+ { access_log /usr/logs/nginx/blocked.log blocked; deny all; }
-    location ~* [a-zA-Z0-9_]=/([a-z0-9_.]//?)+ { access_log /usr/logs/nginx/blocked.log blocked; deny all; }
+    location ~* [a-zA-Z0-9_]=(\.\.//?)+ { access_log /dev/stdout blocked; deny all; }
+    location ~* [a-zA-Z0-9_]=/([a-z0-9_.]//?)+ { access_log /dev/stdout blocked; deny all; }
 
     ## wordpress security
-    location ~* wp-config.php { access_log /usr/logs/nginx/blocked.log blocked; deny all; }
-    location ~* wp-admin/includes { access_log /usr/logs/nginx/blocked.log blocked; deny all; }
-    location ~* wp-app\.log { access_log /usr/logs/nginx/blocked.log blocked; deny all; }
-    location ~* (licence|readme|license)\.(html|txt) { access_log /usr/logs/nginx/blocked.log blocked; deny all; }
+    location ~* wp-config.php { access_log /dev/stdout blocked; deny all; }
+    location ~* wp-admin/includes { access_log /dev/stdout blocked; deny all; }
+    location ~* wp-app\.log { access_log /dev/stdout blocked; deny all; }
+    location ~* (licence|readme|license)\.(html|txt) { access_log /dev/stdout blocked; deny all; }
 
   }
 
diff --git a/alpine-php-wordpress-armhf/files/php-fpm.conf b/alpine-php-wordpress-armhf/files/php-fpm.conf
index 8aed3d4..a1e0529 100644
--- a/alpine-php-wordpress-armhf/files/php-fpm.conf
+++ b/alpine-php-wordpress-armhf/files/php-fpm.conf
@@ -1,4 +1,4 @@
-error_log = /usr/logs/php-fpm/php-fpm.log
+error_log = /proc/1/fd/2
 log_level = warning
 
 [www]
@@ -9,12 +9,16 @@ listen.owner = nginx
 listen.group = nginx
 pm = ondemand
 
+; Do not clear environment variables
+clear_env = no
+
 ; Total RAM dedicated to the web server / Max child process size
 pm.max_children = 75
 
 pm.process_idle_timeout = 10s
 pm.max_requests = 500
 chdir = /usr/html
+access.log = /proc/1/fd/1
 php_flag[display_errors] = on
 php_admin_value[memory_limit] = 128M
 php_admin_value[upload_max_filesize] = 32M
diff --git a/alpine-php-wordpress-armhf/files/run.sh b/alpine-php-wordpress-armhf/files/run.sh
index 594f3cf..d7bb67e 100644
--- a/alpine-php-wordpress-armhf/files/run.sh
+++ b/alpine-php-wordpress-armhf/files/run.sh
@@ -2,24 +2,28 @@
 
 [ -f /run-pre.sh ] && /run-pre.sh
 
-if [ ! -d /usr/html ] ; then
-  echo "[i] Creating directories..."
-  mkdir -p /usr/html
-  echo "[i] Fixing permissions..."
-  chown -R nginx:nginx /usr/html
-else
-  echo "[i] Fixing permissions..."
-  chown -R nginx:nginx /usr/html
-fi
+for entrypoint in /entrypoint.d/*.sh; do
+  [ -f "$entrypoint" ] || continue
+  echo "[i] Sourcing $entrypoint..."
+  . "$entrypoint"
+done
 
+echo "[i] Fixing permissions..."
 chown -R nginx:www-data /usr/html
 
+NGINX_ACCESS_LOG=${NGINX_ACCESS_LOG:-on}
+
+case "$NGINX_ACCESS_LOG" in
+[Oo][Ff][Ff] | [Ff][Aa][Ll][Ss][Ee] | 0 | [Nn][Oo])
+  echo "[i] Disabling nginx access logs..."
+  sed -i 's#access_log /dev/stdout blocked;#access_log off;#g' /etc/nginx/nginx.conf
+  sed -i 's#access_log /dev/stdout;#access_log off;#g' /etc/nginx/nginx.conf
+  ;;
+esac
+
 # start php-fpm
-mkdir -p /usr/logs/php-fpm
 php-fpm84
 
 # start nginx
-mkdir -p /usr/logs/nginx
-mkdir -p /tmp/nginx
 chown nginx /tmp/nginx
 nginx