summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJamie Nguyen <j@jamielinux.com>2018-07-16 11:25:08 +0100
committerJamie Nguyen <j@jamielinux.com>2018-07-16 11:25:08 +0100
commita347a4ae65ec8e54fc15d012ad557de1035f4a12 (patch)
tree715b8459aba01b51160beedc18d0a580fa68a0e6
parent213fa1f8a37fb59163ab1bde931b2294d045363e (diff)
downloadapache-a347a4ae65ec8e54fc15d012ad557de1035f4a12.tar.gz
apache-a347a4ae65ec8e54fc15d012ad557de1035f4a12.tar.bz2
apache-a347a4ae65ec8e54fc15d012ad557de1035f4a12.tar.xz
apache-a347a4ae65ec8e54fc15d012ad557de1035f4a12.zip
Allow bind mounting in /cert.pem and /privkey.pem
-rwxr-xr-x2.4/docker-entrypoint.sh42
-rw-r--r--README.md9
2 files changed, 30 insertions, 21 deletions
diff --git a/2.4/docker-entrypoint.sh b/2.4/docker-entrypoint.sh
index cff51eb..74da63b 100755
--- a/2.4/docker-entrypoint.sh
+++ b/2.4/docker-entrypoint.sh
@@ -74,25 +74,27 @@ if [ "x$ANONYMOUS_METHODS" != "x" ]; then
fi
fi
-case "${SSL_CERT:-none}" in
- "selfsigned")
- # Generate self-signed SSL certificate.
- # If SERVER_NAMES is given, use the first domain as the Common Name.
- if [ ! -e /privkey.pem ] || [ ! -e /cert.pem ]; then
- apk add --no-cache openssl
- openssl req -x509 -newkey rsa:2048 -days 1000 -nodes \
- -keyout /privkey.pem -out /cert.pem -subj "/CN=${SERVER_NAME:-selfsigned}"
- apk del --no-cache openssl
- fi
- # Enable SSL Apache modules.
- for i in http2 ssl; do
- sed -i -e "/^#LoadModule ${i}_module.*/s/^#//" "$HTTPD_PREFIX/conf/httpd.conf"
- done
- # Enable SSL vhost.
- if [ -e /privkey.pem ] && [ -e /cert.pem ]; then
- ln -s ../sites-available/default-ssl.conf "$HTTPD_PREFIX/conf/sites-enabled"; \
- fi
- ;;
-esac
+# If specified, generate a selfsigned certificate.
+if [ "${SSL_CERT:-none}" = "selfsigned" ]; then
+ # Generate self-signed SSL certificate.
+ # If SERVER_NAMES is given, use the first domain as the Common Name.
+ if [ ! -e /privkey.pem ] || [ ! -e /cert.pem ]; then
+ apk add --no-cache openssl
+ openssl req -x509 -newkey rsa:2048 -days 1000 -nodes \
+ -keyout /privkey.pem -out /cert.pem -subj "/CN=${SERVER_NAME:-selfsigned}"
+ apk del --no-cache openssl
+ fi
+fi
+
+# This will either be the self-signed certificate generated above or one that
+# has been bind mounted in by the user.
+if [ -e /privkey.pem ] && [ -e /cert.pem ]; then
+ # Enable SSL Apache modules.
+ for i in http2 ssl; do
+ sed -i -e "/^#LoadModule ${i}_module.*/s/^#//" "$HTTPD_PREFIX/conf/httpd.conf"
+ done
+ # Enable SSL vhost.
+ ln -s ../sites-available/default-ssl.conf "$HTTPD_PREFIX/conf/sites-enabled"; \
+fi
exec "$@"
diff --git a/README.md b/README.md
index 9bab72f..52b9f59 100644
--- a/README.md
+++ b/README.md
@@ -6,6 +6,9 @@
This image runs an easily configurable WebDAV server with Apache.
+You can configure the authentication type, the authentication of multiple
+users, or to run with a self-signed SSL certificate.
+
* **Code repository:**
https://github.com/BytemarkHosting/docker-webdav
* **Where to file issues:**
@@ -19,7 +22,8 @@ This image runs an easily configurable WebDAV server with Apache.
### Basic WebDAV server
-This example starts a WebDAV server.
+This example starts a WebDAV server on port 80. It can only be accessed by
+a single username and password.
When using unencrypted HTTP, use `Digest` authentication (instead of `Basic`)
to avoid sending plaintext passwords in the clear.
@@ -67,6 +71,9 @@ docker run --restart always -v /srv/dav:/var/lib/dav \
```
+If you bind mount a certificate chain to `/cert.pem` and a private key to
+`/privkey.pem`, the container will use that instead!
+
### Authenticate multiple clients
Specifying `USERNAME` and `PASSWORD` only supports a single user. If you want