From b3515bc0636e15d42c796ac31e4e088c007e55b2 Mon Sep 17 00:00:00 2001 From: throwaway Date: Fri, 9 Feb 2024 01:59:25 -0800 Subject: modify docker entrypoint --- Dockerfile | 3 +- README.md | 9 ++-- apache/conf.d/ssl.conf | 19 --------- apache/httpd.conf | 98 ------------------------------------------- docker-compose.yaml | 1 - docker/apache/conf.d/ssl.conf | 19 +++++++++ docker/apache/http.conf | 89 +++++++++++++++++++++++++++++++++++++++ docker/apache/https.conf | 96 ++++++++++++++++++++++++++++++++++++++++++ docker/docker-entrypoint.sh | 19 +++------ 9 files changed, 214 insertions(+), 139 deletions(-) delete mode 100644 apache/conf.d/ssl.conf delete mode 100644 apache/httpd.conf create mode 100644 docker/apache/conf.d/ssl.conf create mode 100644 docker/apache/http.conf create mode 100644 docker/apache/https.conf diff --git a/Dockerfile b/Dockerfile index 266f701..62638c9 100644 --- a/Dockerfile +++ b/Dockerfile @@ -4,8 +4,7 @@ WORKDIR /var/www/html/4get RUN apk update && apk upgrade RUN apk add php apache2-ssl php82-fileinfo php82-openssl php82-iconv php82-common php82-dom php82-curl curl php82-pecl-apcu php82-apache2 imagemagick php82-pecl-imagick php-mbstring imagemagick-webp imagemagick-jpeg -COPY ./apache/httpd.conf /etc/apache2/httpd.conf -COPY ./apache/conf.d/ssl.conf /etc/apache2/conf.d/ssl.conf +COPY ./docker/apache/ /etc/apache2/ COPY . . RUN chmod 777 /var/www/html/4get/icons diff --git a/README.md b/README.md index 512a95e..ea93811 100644 --- a/README.md +++ b/README.md @@ -152,19 +152,17 @@ Now test the nginx config with `nginx -t`, if it says that everything is good, r ## Install using Docker (lol u lazy fuck) ``` -docker run -d -p 80:80 -e FOURGET_SERVER_NAME="4get.ca" -e FOURGET_SERVER_ADMIN_EMAIL="you@example.com" luuul/4get:latest +docker run -d -p 80:80 -e FOURGET_SERVER_NAME="4get.ca" luuul/4get:latest ``` ...Or with SSL: ``` -docker run -d -p 443:443 -e FOURGET_SERVER_NAME="4get.ca" -e FOURGET_SERVER_ADMIN_EMAIL="you@example.com" -v /etc/letsencrypt/live/domain.tld:/etc/4get/certs luuul/4get:latest +docker run -d -p 443:443 -v /etc/letsencrypt/live/domain.tld:/etc/4get/certs -e FOURGET_SERVER_NAME="4get.ca" luuul/4get:latest ``` -replace enviroment variables FOURGET_SERVER_NAME and FOURGET_SERVER_ADMIN_EMAIL with relevant values - if the certificate files are not mounted to /etc/4get/certs the service listens to port 80 -the certificate directory expects files named `cert.pem`, `chain.pem`, `privkey.pem` +the certificate directory expects files named `fullchain.pem` and `privkey.pem` ## Install using Docker Compose @@ -189,7 +187,6 @@ services: restart: always environment: - FOURGET_SERVER_NAME=4get.ca - - FOURGET_SERVER_ADMIN_EMAIL="you@example.com" ports: - "80:80" diff --git a/apache/conf.d/ssl.conf b/apache/conf.d/ssl.conf deleted file mode 100644 index 7b0dd15..0000000 --- a/apache/conf.d/ssl.conf +++ /dev/null @@ -1,19 +0,0 @@ -LoadModule ssl_module modules/mod_ssl.so -LoadModule socache_shmcb_module modules/mod_socache_shmcb.so - -SSLRandomSeed startup file:/dev/urandom 512 -SSLRandomSeed connect builtin - -Listen 443 - -SSLCipherSuite HIGH:MEDIUM:!MD5:!RC4:!3DES:!ADH -SSLProxyCipherSuite HIGH:MEDIUM:!MD5:!RC4:!3DES:!ADH -SSLHonorCipherOrder on - -SSLProtocol all -SSLv3 -SSLProxyProtocol all -SSLv3 - -SSLPassPhraseDialog builtin - -SSLSessionCache "shmcb:/var/cache/mod_ssl/scache(512000)" -SSLSessionCacheTimeout 300 diff --git a/apache/httpd.conf b/apache/httpd.conf deleted file mode 100644 index 8a4caa7..0000000 --- a/apache/httpd.conf +++ /dev/null @@ -1,98 +0,0 @@ -ServerTokens OS -ServerRoot /var/www -ServerSignature On -ServerName 4get.ca -ServerAdmin you@example.com - -DocumentRoot "/var/www/html/4get" - -LogLevel warn -CustomLog /dev/null common -ErrorLog /dev/null - - - SSLEngine on - SSLCertificateFile /etc/4get/certs/cert.pem - SSLCertificateKeyFile /etc/4get/certs/privkey.pem - SSLCertificateChainFile /etc/4get/certs/chain.pem - - - - RewriteEngine On - RewriteCond %{THE_REQUEST} ^\w+\ /(.*)\.php(\?.*)?\ HTTP/ - RewriteRule ^ http://%{HTTP_HOST}/%1 [R=301] - RewriteCond %{REQUEST_FILENAME}.php -f - RewriteRule .* $0.php - Options Indexes FollowSymLinks - AllowOverride None - Require all granted - - - - -LoadModule rewrite_module modules/mod_rewrite.so -LoadModule mpm_prefork_module modules/mod_mpm_prefork.so -LoadModule authn_file_module modules/mod_authn_file.so -LoadModule authn_core_module modules/mod_authn_core.so -LoadModule authz_host_module modules/mod_authz_host.so -LoadModule authz_groupfile_module modules/mod_authz_groupfile.so -LoadModule authz_user_module modules/mod_authz_user.so -LoadModule authz_core_module modules/mod_authz_core.so -LoadModule access_compat_module modules/mod_access_compat.so -LoadModule auth_basic_module modules/mod_auth_basic.so -LoadModule reqtimeout_module modules/mod_reqtimeout.so -LoadModule filter_module modules/mod_filter.so -LoadModule mime_module modules/mod_mime.so -LoadModule log_config_module modules/mod_log_config.so -LoadModule env_module modules/mod_env.so -LoadModule headers_module modules/mod_headers.so -LoadModule setenvif_module modules/mod_setenvif.so -LoadModule version_module modules/mod_version.so -LoadModule unixd_module modules/mod_unixd.so -LoadModule status_module modules/mod_status.so -LoadModule autoindex_module modules/mod_autoindex.so -LoadModule dir_module modules/mod_dir.so -LoadModule alias_module modules/mod_alias.so -LoadModule negotiation_module modules/mod_negotiation.so - - -User apache -Group apache - - - - - - AllowOverride none - Require all denied - - - - - - - DirectoryIndex index.html - - - - Require all denied - - - - - - RequestHeader unset Proxy early - - - - TypesConfig /etc/apache2/mime.types - AddType application/x-compress .Z - AddType application/x-gzip .gz .tgz - - - - MIMEMagicFile /etc/apache2/magic - - -IncludeOptional /etc/apache2/conf.d/*.conf - diff --git a/docker-compose.yaml b/docker-compose.yaml index b0eff1a..f4ae0aa 100644 --- a/docker-compose.yaml +++ b/docker-compose.yaml @@ -8,7 +8,6 @@ services: environment: - FOURGET_VERSION=6 - FOURGET_SERVER_NAME=4get.ca - - FOURGET_SERVER_ADMIN_EMAIL=you@example.com ports: - "80:80" diff --git a/docker/apache/conf.d/ssl.conf b/docker/apache/conf.d/ssl.conf new file mode 100644 index 0000000..7b0dd15 --- /dev/null +++ b/docker/apache/conf.d/ssl.conf @@ -0,0 +1,19 @@ +LoadModule ssl_module modules/mod_ssl.so +LoadModule socache_shmcb_module modules/mod_socache_shmcb.so + +SSLRandomSeed startup file:/dev/urandom 512 +SSLRandomSeed connect builtin + +Listen 443 + +SSLCipherSuite HIGH:MEDIUM:!MD5:!RC4:!3DES:!ADH +SSLProxyCipherSuite HIGH:MEDIUM:!MD5:!RC4:!3DES:!ADH +SSLHonorCipherOrder on + +SSLProtocol all -SSLv3 +SSLProxyProtocol all -SSLv3 + +SSLPassPhraseDialog builtin + +SSLSessionCache "shmcb:/var/cache/mod_ssl/scache(512000)" +SSLSessionCacheTimeout 300 diff --git a/docker/apache/http.conf b/docker/apache/http.conf new file mode 100644 index 0000000..24bb1d2 --- /dev/null +++ b/docker/apache/http.conf @@ -0,0 +1,89 @@ +Listen 80 +ServerTokens OS +ServerRoot /var/www +ServerSignature On +ServerName localhost + +DocumentRoot "/var/www/html/4get" + +LogLevel warn +CustomLog /dev/null common +ErrorLog /dev/null + + + RewriteEngine On + RewriteCond %{THE_REQUEST} ^\w+\ /(.*)\.php(\?.*)?\ HTTP/ + RewriteRule ^ http://%{HTTP_HOST}/%1 [R=301] + RewriteCond %{REQUEST_FILENAME}.php -f + RewriteRule .* $0.php + Options Indexes FollowSymLinks + AllowOverride None + Require all granted + + +LoadModule rewrite_module modules/mod_rewrite.so +LoadModule mpm_prefork_module modules/mod_mpm_prefork.so +LoadModule authn_file_module modules/mod_authn_file.so +LoadModule authn_core_module modules/mod_authn_core.so +LoadModule authz_host_module modules/mod_authz_host.so +LoadModule authz_groupfile_module modules/mod_authz_groupfile.so +LoadModule authz_user_module modules/mod_authz_user.so +LoadModule authz_core_module modules/mod_authz_core.so +LoadModule access_compat_module modules/mod_access_compat.so +LoadModule auth_basic_module modules/mod_auth_basic.so +LoadModule reqtimeout_module modules/mod_reqtimeout.so +LoadModule filter_module modules/mod_filter.so +LoadModule mime_module modules/mod_mime.so +LoadModule log_config_module modules/mod_log_config.so +LoadModule env_module modules/mod_env.so +LoadModule headers_module modules/mod_headers.so +LoadModule setenvif_module modules/mod_setenvif.so +LoadModule version_module modules/mod_version.so +LoadModule unixd_module modules/mod_unixd.so +LoadModule status_module modules/mod_status.so +LoadModule autoindex_module modules/mod_autoindex.so +LoadModule dir_module modules/mod_dir.so +LoadModule alias_module modules/mod_alias.so +LoadModule negotiation_module modules/mod_negotiation.so + + +User apache +Group apache + + + + + + AllowOverride none + Require all denied + + + + + + + DirectoryIndex index.html + + + + Require all denied + + + + + + RequestHeader unset Proxy early + + + + TypesConfig /etc/apache2/mime.types + AddType application/x-compress .Z + AddType application/x-gzip .gz .tgz + + + + MIMEMagicFile /etc/apache2/magic + + +IncludeOptional /etc/apache2/conf.d/*.conf + diff --git a/docker/apache/https.conf b/docker/apache/https.conf new file mode 100644 index 0000000..db032dd --- /dev/null +++ b/docker/apache/https.conf @@ -0,0 +1,96 @@ +ServerTokens OS +ServerRoot /var/www +ServerSignature On +ServerName localhost + +DocumentRoot "/var/www/html/4get" + +LogLevel warn +CustomLog /dev/null common +ErrorLog /dev/null + + + SSLEngine on + SSLCertificateFile /etc/4get/certs/fullchain.pem + SSLCertificateKeyFile /etc/4get/certs/privkey.pem + + + + RewriteEngine On + RewriteCond %{THE_REQUEST} ^\w+\ /(.*)\.php(\?.*)?\ HTTP/ + RewriteRule ^ http://%{HTTP_HOST}/%1 [R=301] + RewriteCond %{REQUEST_FILENAME}.php -f + RewriteRule .* $0.php + Options Indexes FollowSymLinks + AllowOverride None + Require all granted + + + + +LoadModule rewrite_module modules/mod_rewrite.so +LoadModule mpm_prefork_module modules/mod_mpm_prefork.so +LoadModule authn_file_module modules/mod_authn_file.so +LoadModule authn_core_module modules/mod_authn_core.so +LoadModule authz_host_module modules/mod_authz_host.so +LoadModule authz_groupfile_module modules/mod_authz_groupfile.so +LoadModule authz_user_module modules/mod_authz_user.so +LoadModule authz_core_module modules/mod_authz_core.so +LoadModule access_compat_module modules/mod_access_compat.so +LoadModule auth_basic_module modules/mod_auth_basic.so +LoadModule reqtimeout_module modules/mod_reqtimeout.so +LoadModule filter_module modules/mod_filter.so +LoadModule mime_module modules/mod_mime.so +LoadModule log_config_module modules/mod_log_config.so +LoadModule env_module modules/mod_env.so +LoadModule headers_module modules/mod_headers.so +LoadModule setenvif_module modules/mod_setenvif.so +LoadModule version_module modules/mod_version.so +LoadModule unixd_module modules/mod_unixd.so +LoadModule status_module modules/mod_status.so +LoadModule autoindex_module modules/mod_autoindex.so +LoadModule dir_module modules/mod_dir.so +LoadModule alias_module modules/mod_alias.so +LoadModule negotiation_module modules/mod_negotiation.so + + +User apache +Group apache + + + + + + AllowOverride none + Require all denied + + + + + + + DirectoryIndex index.html + + + + Require all denied + + + + + + RequestHeader unset Proxy early + + + + TypesConfig /etc/apache2/mime.types + AddType application/x-compress .Z + AddType application/x-gzip .gz .tgz + + + + MIMEMagicFile /etc/apache2/magic + + +IncludeOptional /etc/apache2/conf.d/*.conf + diff --git a/docker/docker-entrypoint.sh b/docker/docker-entrypoint.sh index bbb8229..0a41ddd 100755 --- a/docker/docker-entrypoint.sh +++ b/docker/docker-entrypoint.sh @@ -1,20 +1,13 @@ #!/bin/sh set -e -sed -i "s/ServerName.*/ServerName ${FOURGET_SERVER_NAME}/g" /etc/apache2/httpd.conf -sed -i "s/ServerAdmin.*/ServerAdmin ${FOURGET_SERVER_ADMIN_EMAIL}/g" /etc/apache2/httpd.conf - -if [ ! -f /etc/4get/certs/cert.pem ] || [ ! -f /etc/4get/certs/chain.pem ] || [ ! -f /etc/4get/certs/privkey.pem ]; then - # remove SSL VirtualHost - echo "No certificate files detected. Listening on port 80" - sed -i '//,/<\/VirtualHost>/d' /etc/apache2/httpd.conf - - # prepend Listen 80 to /apache2/httpd.conf - echo "Listen 80" > /etc/apache2/httpd.conf_temp - cat /etc/apache2/httpd.conf >> /etc/apache2/httpd.conf_temp - mv /etc/apache2/httpd.conf_temp /etc/apache2/httpd.conf +if [ ! -f /etc/4get/certs/fullchain.pem ] || [ ! -f /etc/4get/certs/privkey.pem ]; then + echo "Using http configuration" + cp /etc/apache2/http.conf /etc/apache2/httpd.conf +else + echo "Using https configuration" + cp /etc/apache2/https.conf /etc/apache2/httpd.conf fi - php82 ./docker/gen_config.php -- cgit v1.2.3