diff --git a/ats/trouter/Dockerfile b/ats/trouter/Dockerfile
index 37ee0336..d25c1268 100644
--- a/ats/trouter/Dockerfile
+++ b/ats/trouter/Dockerfile
@@ -2,18 +2,18 @@ FROM java_base
 
 EXPOSE 8095 8443
 
-ARG GROUPNAME
-ARG GROUPID
-ARG ROUTERUSERNAME
-ARG USERID
+ARG ALFRESCO_TROUTER_GROUP_NAME
+ARG ALFRESCO_TROUTER_GROUP_ID
+ARG ALFRESCO_TROUTER_USER_NAME
+ARG ALFRESCO_TROUTER_USER_ID
 
 ADD ats/trouter/alfresco-transform-router*.jar /opt/app.jar
 
-RUN groupadd -g ${GROUPID} ${GROUPNAME} && \
-    useradd -u ${USERID} -G ${GROUPNAME} ${ROUTERUSERNAME} && \
-    chgrp -R ${GROUPNAME} /opt/app.jar
+RUN groupadd -g ${ALFRESCO_TROUTER_GROUP_ID} ${ALFRESCO_TROUTER_GROUP_NAME} && \
+    useradd -u ${ALFRESCO_TROUTER_USER_ID} -g ${ALFRESCO_TROUTER_GROUP_NAME} ${ALFRESCO_TROUTER_USER_NAME} && \
+    chgrp -R ${ALFRESCO_TROUTER_GROUP_NAME} /opt/app.jar
 
-USER ${ROUTERUSERNAME}
+USER ${ALFRESCO_TROUTER_USER_NAME}
 
 HEALTHCHECK --interval=30s --timeout=10s --retries=3 --start-period=1m \
   CMD curl -f http://localhost:8095/actuator/health || exit 1
diff --git a/docker-bake.hcl b/docker-bake.hcl
index c4daf5e9..c2b30c12 100644
--- a/docker-bake.hcl
+++ b/docker-bake.hcl
@@ -66,16 +66,20 @@ variable "LIVEINDEXING" {
   default = "metadata"
 }
 
-variable "USERID" {
-  default = "33016"
+variable "ALFRESCO_REPO_GROUP_ID" {
+  default = "1000"
 }
 
-variable "GROUPNAME" {
-  default = "Alfresco"
+variable "ALFRESCO_REPO_GROUP_NAME" {
+  default = "alfresco"
 }
 
-variable "GROUPID" {
-  default = "1000"
+variable "ALFRESCO_REPO_USER_ID" {
+  default = "33000"
+}
+
+variable "ALFRESCO_REPO_USER_NAME" {
+  default = "alfresco"
 }
 
 target "java_base" {
@@ -161,6 +165,12 @@ target "repository" {
   contexts = {
     tomcat_base = "target:tomcat_base"
   }
+  args = {
+    ALFRESCO_REPO_GROUP_ID = "${ALFRESCO_REPO_GROUP_ID}"
+    ALFRESCO_REPO_GROUP_NAME = "${ALFRESCO_REPO_GROUP_NAME}"
+    ALFRESCO_REPO_USER_ID = "${ALFRESCO_REPO_USER_ID}"
+    ALFRESCO_REPO_USER_NAME = "${ALFRESCO_REPO_USER_NAME}"
+  }
   labels = {
     "org.opencontainers.image.title" = "${PRODUCT_LINE} Content Repository"
     "org.opencontainers.image.description" = "Alfresco Content Services Repository"
@@ -207,10 +217,22 @@ target "search_liveindexing" {
   output = ["type=docker"]
 }
 
-variable "TROUTER_ROUTERUSERNAME" {
+variable "ALFRESCO_TROUTER_GROUPNAME" {
+  default = "Alfresco"
+}
+
+variable "ALFRESCO_TROUTER_GROUPID" {
+  default = "1000"
+}
+
+variable "ALFRESCO_TROUTER_USERNAME" {
   default = "trouter"
 }
 
+variable "ALFRESCO_TROUTER_USERID" {
+  default = "33016"
+}
+
 target "ats_trouter" {
   dockerfile = "./ats/trouter/Dockerfile"
   inherits = ["java_base"]
@@ -218,10 +240,10 @@ target "ats_trouter" {
     java_base = "target:java_base"
   }
   args = {
-    GROUPNAME = "${GROUPNAME}"
-    GROUPID = "${GROUPID}"
-    ROUTERUSERNAME = "${TROUTER_ROUTERUSERNAME}"
-    USERID = "${USERID}"
+    ALFRESCO_TROUTER_GROUP_NAME = "${ALFRESCO_TROUTER_GROUP_NAME}"
+    ALFRESCO_TROUTER_GROUP_ID = "${ALFRESCO_TROUTER_GROUP_ID}"
+    ALFRESCO_TROUTER_USER_NAME = "${ALFRESCO_TROUTER_USER_NAME}"
+    ALFRESCO_TROUTER_USER_ID = "${ALFRESCO_TROUTER_USER_ID}"
   }
   labels = {
     "org.opencontainers.image.title" = "${PRODUCT_LINE} ATS Trouter"
diff --git a/repository/Dockerfile b/repository/Dockerfile
index 8c61b40f..a752c0a7 100644
--- a/repository/Dockerfile
+++ b/repository/Dockerfile
@@ -1,3 +1,8 @@
+ARG DISTRIB_NAME
+ARG DISTRIB_MAJOR
+ARG ALFRESCO_REPO_USER_ID
+ARG ALFRESCO_REPO_GROUP_ID
+
 FROM tomcat_base AS repo_build
 
 USER root
@@ -6,27 +11,40 @@ RUN yum install -y unzip
 ADD alfresco-content-services-distribution-*.zip /tmp/
 
 RUN unzip /tmp/alfresco-content-services-distribution-*.zip -d /tmp/distribution
+RUN mkdir -m 750 -p ${CATALINA_HOME}/shared/classes/alfresco/extension/keystore/ ${CATALINA_HOME}/alf_data
+RUN unzip /tmp/distribution/web-server/webapps/alfresco.war -d ${CATALINA_HOME}/webapps/alfresco/
+RUN cp -a /tmp/distribution/web-server/conf/* ${CATALINA_HOME}/conf/ && rm -f ${CATALINA_HOME}/conf/Catalina/localhost/share.xml
+RUN cp -a /tmp/distribution/web-server/lib/* ${CATALINA_HOME}/lib/
+RUN cp -a /tmp/distribution/licenses ${CATALINA_HOME}/
+RUN cp -a /tmp/distribution/keystore/metadata-keystore/keystore* ${CATALINA_HOME}/shared/classes/alfresco/extension/keystore/
+RUN chmod -R o= ${CATALINA_HOME}/
+RUN sed -i 's|shared.loader=|shared.loader=${catalina.base}/shared/classes,${catalina.base}/shared/lib/*.jar|' \
+  ${CATALINA_HOME}/conf/catalina.properties
+RUN sed -i 's|../modules/platform|modules/platform|' ${CATALINA_HOME}/conf/Catalina/localhost/alfresco.xml
+RUN sed -i \
+  -re "s|(appender.rolling.fileName\=)(alfresco.log)|\1${CATALINA_HOME}/logs\/\2|" \
+  -re "s|(appender.rolling.filePattern=)(alfresco.log.%d\{yyyy-MM-dd\})|\1${CATALINA_HOME}/logs\/\2|" \
+  ${CATALINA_HOME}/webapps/alfresco/WEB-INF/classes/log4j2.properties
+
+FROM tomcat_base AS repo-rhlike
+ARG ALFRESCO_REPO_USER_ID
+ARG ALFRESCO_REPO_GROUP_ID
+ARG ALFRESCO_REPO_GROUP_NAME
+ARG ALFRESCO_REPO_USER_NAME
+
+COPY --chown=:${ALFRESCO_REPO_GROUP_ID} --from=repo_build ${CATALINA_HOME} ${CATALINA_HOME}
 
-RUN mkdir -p /usr/local/tomcat/shared/classes/alfresco/extension/keystore/
-
-RUN unzip /tmp/distribution/web-server/webapps/alfresco.war -d /usr/local/tomcat/webapps/alfresco/
-RUN cp -ra /tmp/distribution/web-server/conf/* /usr/local/tomcat/conf/ && rm -f /usr/local/tomcat/conf/Catalina/localhost/share.xml
-RUN cp -ra /tmp/distribution/web-server/lib/* /usr/local/tomcat/lib/
-RUN cp -ra /tmp/distribution/web-server/shared/* /usr/local/tomcat/shared/
-RUN cp -ra /tmp/distribution/keystore/metadata-keystore/keystore* /usr/local/tomcat/shared/classes/alfresco/extension/keystore/
-
-RUN sed -i 's|shared.loader=|shared.loader=${catalina.base}/shared/classes,${catalina.base}/shared/lib/*.jar|' /usr/local/tomcat/conf/catalina.properties
-RUN sed -i 's|../modules/platform|modules/platform|' /usr/local/tomcat/conf/Catalina/localhost/alfresco.xml
-
-FROM tomcat_base
-
-RUN mkdir -p /usr/local/tomcat/modules/platform /usr/local/tomcat/modules/share
+USER root
+RUN groupadd -g ${ALFRESCO_REPO_GROUP_ID} ${ALFRESCO_REPO_GROUP_NAME} && \
+  useradd -u ${ALFRESCO_REPO_USER_ID} -g ${ALFRESCO_REPO_GROUP_NAME} ${ALFRESCO_REPO_USER_NAME} -G tomcat && \
+  mkdir -m 750 -p ${CATALINA_HOME}/modules/platform && \
+  chgrp -R ${ALFRESCO_REPO_GROUP_ID} ${CATALINA_HOME}/modules && \
+  yum install -y fontconfig && \
+  yum clean all && rm -rf /var/cache/yum
 
-COPY --from=repo_build /usr/local/tomcat/conf /usr/local/tomcat/conf
-COPY --from=repo_build /usr/local/tomcat/lib /usr/local/tomcat/lib
-COPY --from=repo_build /usr/local/tomcat/shared /usr/local/tomcat/shared
-COPY --from=repo_build /usr/local/tomcat/webapps /usr/local/tomcat/webapps
+FROM repo-rhlike AS repo-rockylinux9
 
-USER tomcat
+FROM repo-${DISTRIB_NAME}${DISTRIB_MAJOR}
+USER ${ALFRESCO_REPO_USER_NAME}
 
 CMD ["catalina.sh", "run"]
diff --git a/repository/README.md b/repository/README.md
new file mode 100644
index 00000000..9ef3f22a
--- /dev/null
+++ b/repository/README.md
@@ -0,0 +1,38 @@
+# Alfresco Content Repository image
+
+## Description
+
+This Docker file is used to build an Alfresco Content Repository image.
+
+## Building the image
+
+Make sure all required artifacts are present in the build context `repository/`.
+You can put them manually in the `repository/` folder (for example if that's a
+custom module of yours), or use the script `./scripts/fetch-artifacts.sh` to
+download them from Alfresco's Nexus.
+
+Then, you can build the image from the root of this git repository with the
+following command:
+
+```bash
+docker buildx bake repository
+```
+
+## Running the image
+
+### Alfresco repository configuration
+
+All preperties you would normally add in the alfresco-global.properties file can
+be added in the `JAVA_OPTS` environment variable to the container.
+
+For example, to set the database URL, you can use the following environment
+variable:
+
+```bash
+docker run -e JAVA_OPTS="-Ddb.url=jdbc:postgresql://postgres.domain.tld:5432/alfresco" \
+  alfresco-content-repository:mytag
+```
+
+> If the image is meant to be used with the Alfresco Content Services Helm
+> chart, you can use other [higher level means of
+> configuration](https://github.com/Alfresco/alfresco-helm-charts/blob/main/charts/alfresco-repository/docs/repository-properties.md).
diff --git a/tomcat/Dockerfile b/tomcat/Dockerfile
index 7865c3a2..8331d825 100644
--- a/tomcat/Dockerfile
+++ b/tomcat/Dockerfile
@@ -124,7 +124,6 @@ COPY --chown=:tomcat --chmod=640 --from=tcnative_build /usr/local/tcnative $TOMC
 SHELL ["/bin/bash", "-euo", "pipefail", "-c"]
 RUN mkdir -m 770 logs temp work && chgrp tomcat . logs temp work; \
   chmod og+x bin/*.sh; \
-  find . -type d -exec chmod 770 {} +; \
   # verify Tomcat Native is working properly
   nativeLines="$(catalina.sh configtest 2>&1 | grep -c 'Loaded Apache Tomcat Native library')" && \
   test $nativeLines -ge 1 || exit 1