diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 5b4fa2f7aad98b2c4c27e54cfd66516ff7bbe039..1072abdc022d7956d571d4a887df9b78a655bbbf 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -3,20 +3,13 @@ include: "https://git.autistici.org/pipelines/containers/raw/master/common.yml"
 # test the newly built container before releasing it.
 test:
   stage: container-test
-  image: ${CI_DEPENDENCY_PROXY_GROUP_IMAGE_PREFIX}/debian:stable
-  tags: [docker-in-docker]
-  services:
-    - name: ${IMAGE_TAG}
-      alias: noblogs
-    - name: ${CI_DEPENDENCY_PROXY_GROUP_IMAGE_PREFIX}/mysql:latest
-      alias: mysql
+  image: registry.git.autistici.org/pipelines/images/test/float-podman-runner:master
+  tags: [podman]
   variables:
     APACHE_PORT: 8080
-    SITE_URL: "http://noblogs:8080"
-    MYSQL_DATABASE: noblogstest
-    MYSQL_ROOT_PASSWORD: changeme
-    PHP_FPM_USER: www-data
+    SITE_URL: "http://localhost:8080"
+  before_script:
+    - echo -n "$CI_JOB_TOKEN" | podman login -u gitlab-ci-token --password-stdin $CI_REGISTRY
   script:
-    - apt -q update
-    - env DEBIAN_FRONTEND=noninteractive apt -y --no-install-recommends install curl
-    - "curl -H 'Host: noblogs.org' -v ${SITE_URL}"
+    - with-container --expose=8080 $IMAGE_TAG ./docker/test.sh
+
diff --git a/Dockerfile b/Dockerfile
index 5d057de67c3b5a4d2d00c81c123fcdb5a9b7a48e..8c13133546fed009ae7def54bbf03cb935d05466 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -9,7 +9,7 @@ ADD . /build
 WORKDIR /build
 RUN /build/install.sh
 
-FROM registry.git.autistici.org/ai3/docker/apache2-php-base:master
+FROM registry.git.autistici.org/ai3/docker/apache2-php-base:bookworm
 
 COPY --from=build /build/app/ /opt/noblogs/www
 
diff --git a/docker/build.sh b/docker/build.sh
index 3543435ce48e42621cdf0eeadba90159779a06f6..b51db2343859a0e46d821930dbd90c152a819895 100755
--- a/docker/build.sh
+++ b/docker/build.sh
@@ -78,7 +78,14 @@ a2ensite ${APACHE_SITES}
 # The file is named 00modsecurity.conf so it is loaded first.
 mv /etc/modsecurity/modsecurity.conf-recommended /etc/modsecurity/00modsecurity.conf
 
+# Patch the /etc/modsecurity/00modsecurity.conf file shipped
+# with the packages because it fails with a SyntaxError as
+# soon as it sees the first SecAuditLog directive.
+sed -e 's,^SecAuditLog .*$,SecAuditLog /dev/null,' -i \
+    /etc/modsecurity/00modsecurity.conf
+
 # This needs to be writable for mod security to be able to start.
+# Useless because the float container is read-only anyway.
 install -d -m 1777 /var/log/apache2
 
 # Ensure that the mount points exist.
diff --git a/docker/conf/php/7.4/fpm/pool.d/www.conf b/docker/conf/php/8.2/fpm/pool.d/www.conf
similarity index 90%
rename from docker/conf/php/7.4/fpm/pool.d/www.conf
rename to docker/conf/php/8.2/fpm/pool.d/www.conf
index 294100233c15834359afea86421d89662d2a5fbd..89f954718ca6e6ca7b8dc212ce8dbb0f8f89dcc5 100644
--- a/docker/conf/php/7.4/fpm/pool.d/www.conf
+++ b/docker/conf/php/8.2/fpm/pool.d/www.conf
@@ -1,13 +1,12 @@
 [www]
-user = ${PHP_FPM_USER}
-listen = /run/php/php7.4-fpm.sock
+listen = /run/php/php8.2-fpm.sock
 
 pm = dynamic
 pm.max_children = 75
 pm.start_servers = 10
 pm.min_spare_servers = 10
 pm.max_spare_servers = 20
-pm.max_requests = 1000
+pm.max_requests = 10000
 
 pm.status_path = /status
 
diff --git a/docker/test.sh b/docker/test.sh
new file mode 100755
index 0000000000000000000000000000000000000000..55dcaed17821b2de2f784e2fe7dffd44b2b07191
--- /dev/null
+++ b/docker/test.sh
@@ -0,0 +1,4 @@
+#!/bin/sh
+
+exec curl -H 'Host: noblogs.org' -v -s ${SITE_URL}/
+