From 213fa1f8a37fb59163ab1bde931b2294d045363e Mon Sep 17 00:00:00 2001 From: Jamie Nguyen Date: Mon, 16 Jul 2018 11:11:02 +0100 Subject: Move files into 2.4 folder --- 2.4/Dockerfile | 61 ++++++++++++++++++++++++++++++ 2.4/dav.conf | 25 ++++++++++++ 2.4/default-ssl.conf | 18 +++++++++ 2.4/default.conf | 11 ++++++ 2.4/docker-entrypoint.sh | 98 ++++++++++++++++++++++++++++++++++++++++++++++++ Dockerfile | 61 ------------------------------ dav.conf | 25 ------------ default-ssl.conf | 18 --------- default.conf | 11 ------ docker-entrypoint.sh | 98 ------------------------------------------------ latest | 1 + 11 files changed, 214 insertions(+), 213 deletions(-) create mode 100644 2.4/Dockerfile create mode 100644 2.4/dav.conf create mode 100644 2.4/default-ssl.conf create mode 100644 2.4/default.conf create mode 100755 2.4/docker-entrypoint.sh delete mode 100644 Dockerfile delete mode 100644 dav.conf delete mode 100644 default-ssl.conf delete mode 100644 default.conf delete mode 100755 docker-entrypoint.sh create mode 120000 latest diff --git a/2.4/Dockerfile b/2.4/Dockerfile new file mode 100644 index 0000000..e18b21a --- /dev/null +++ b/2.4/Dockerfile @@ -0,0 +1,61 @@ +FROM httpd:alpine +MAINTAINER Bytemark Hosting "support@bytemark.co.uk" + +# This variable is inherited from httpd:alpine image: +# ENV HTTPD_PREFIX /usr/local/apache2 + +RUN set -ex; \ + # Create Debian-style subdirectories. + mkdir -p "$HTTPD_PREFIX/conf/conf-available"; \ + mkdir -p "$HTTPD_PREFIX/conf/conf-enabled"; \ + mkdir -p "$HTTPD_PREFIX/conf/sites-available"; \ + mkdir -p "$HTTPD_PREFIX/conf/sites-enabled" + +# Copy in our configuration files. +COPY dav.conf "$HTTPD_PREFIX/conf/conf-available" +COPY default.conf "$HTTPD_PREFIX/conf/sites-available" +COPY default-ssl.conf "$HTTPD_PREFIX/conf/sites-available" + +RUN set -ex; \ + # Create empty default DocumentRoot. + mkdir -p "/var/www/html"; \ + # Create directories for Dav data and lock database. + mkdir -p "/var/lib/dav"; \ + mkdir -p "/var/lib/dav/data"; \ + touch "/var/lib/dav/DavLock"; \ + chown -R www-data:www-data "/var/lib/dav"; \ + \ + # Enable DAV modules. + for i in dav dav_fs; do \ + sed -i -e "/^#LoadModule ${i}_module.*/s/^#//" "$HTTPD_PREFIX/conf/httpd.conf"; \ + done; \ + \ + # Make sure authentication modules are enabled. + for i in authn_core authn_file authz_core authz_user auth_basic auth_digest; do \ + sed -i -e "/^#LoadModule ${i}_module.*/s/^#//" "$HTTPD_PREFIX/conf/httpd.conf"; \ + done; \ + \ + # Make sure other modules are enabled. + for i in alias headers mime setenvif; do \ + sed -i -e "/^#LoadModule ${i}_module.*/s/^#//" "$HTTPD_PREFIX/conf/httpd.conf"; \ + done; \ + \ + # Run httpd as "www-data" (instead of "daemon"). + for i in User Group; do \ + sed -i -e "s|^$i .*|$i www-data|" "$HTTPD_PREFIX/conf/httpd.conf"; \ + done; \ + \ + # Include enabled configs and sites. + printf '%s\n' "Include conf/conf-enabled/*.conf" \ + >> "$HTTPD_PREFIX/conf/httpd.conf"; \ + printf '%s\n' "Include conf/sites-enabled/*.conf" \ + >> "$HTTPD_PREFIX/conf/httpd.conf"; \ + \ + # Enable dav and default site. + ln -s ../conf-available/dav.conf "$HTTPD_PREFIX/conf/conf-enabled"; \ + ln -s ../sites-available/default.conf "$HTTPD_PREFIX/conf/sites-enabled" + +COPY docker-entrypoint.sh /usr/local/bin/docker-entrypoint.sh +EXPOSE 80/tcp 443/tcp +ENTRYPOINT [ "docker-entrypoint.sh" ] +CMD [ "httpd-foreground" ] diff --git a/2.4/dav.conf b/2.4/dav.conf new file mode 100644 index 0000000..caacd03 --- /dev/null +++ b/2.4/dav.conf @@ -0,0 +1,25 @@ +DavLockDB "/var/lib/dav/DavLock" +Alias / "/var/lib/dav/data/" + + Dav On + Options Indexes FollowSymLinks + + AuthType Basic + AuthName "WebDAV" + AuthUserFile "/user.passwd" + + Require valid-user + + + +# These disable redirects on non-GET requests for directories that +# don't include the trailing slash (for misbehaving clients). +BrowserMatch "Microsoft Data Access Internet Publishing Provider" redirect-carefully +BrowserMatch "MS FrontPage" redirect-carefully +BrowserMatch "^WebDrive" redirect-carefully +BrowserMatch "^WebDAVFS/1.[01234]" redirect-carefully +BrowserMatch "^gnome-vfs/1.0" redirect-carefully +BrowserMatch "^XML Spy" redirect-carefully +BrowserMatch "^Dreamweaver-WebDAV-SCM1" redirect-carefully +BrowserMatch " Konqueror/4" redirect-carefully +BrowserMatch "^gvfs" redirect-carefully diff --git a/2.4/default-ssl.conf b/2.4/default-ssl.conf new file mode 100644 index 0000000..ef90866 --- /dev/null +++ b/2.4/default-ssl.conf @@ -0,0 +1,18 @@ +Listen 443 + + Protocols h2 http/1.1 + ServerName localhost + DocumentRoot "/var/www/html/" + + Require all denied + + CustomLog /proc/self/fd/1 combined + ErrorLog /proc/self/fd/2 + SSLEngine on + SSLCertificateFile /cert.pem + SSLCertificateKeyFile /privkey.pem + SSLProtocol all -SSLv3 + SSLCipherSuite ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS + SSLHonorCipherOrder on + SSLSessionTickets off + diff --git a/2.4/default.conf b/2.4/default.conf new file mode 100644 index 0000000..e309338 --- /dev/null +++ b/2.4/default.conf @@ -0,0 +1,11 @@ + + ServerName localhost + DocumentRoot "/var/www/html/" + + Require all denied + + CustomLog /proc/self/fd/1 combined + ErrorLog /proc/self/fd/2 + # This lets certain DAV methods work behind an SSL reverse proxy. + RequestHeader edit Destination ^https http early + diff --git a/2.4/docker-entrypoint.sh b/2.4/docker-entrypoint.sh new file mode 100755 index 0000000..cff51eb --- /dev/null +++ b/2.4/docker-entrypoint.sh @@ -0,0 +1,98 @@ +#!/bin/sh +set -e + +# Environment variables that are used if not empty: +# SERVER_NAMES +# LOCATION +# AUTH_TYPE +# REALM +# USERNAME +# PASSWORD +# ANONYMOUS_METHODS +# SSL_CERT + +# Just in case this environment variable has gone missing. +HTTPD_PREFIX="${HTTPD_PREFIX:-/usr/local/apache2}" + +# Configure vhosts. +if [ "x$SERVER_NAMES" != "x" ]; then + # Use first domain as Apache ServerName. + SERVER_NAME="${SERVER_NAMES%%,*}" + sed -e "s|ServerName .*|ServerName $SERVER_NAME|" \ + -i "$HTTPD_PREFIX"/conf/sites-available/default*.conf + + # Replace commas with spaces and set as Apache ServerAlias. + SERVER_ALIAS="`printf '%s\n' "$SERVER_NAMES" | tr ',' ' '`" + sed -e "/ServerName/a\ \ ServerAlias $SERVER_ALIAS" \ + -i "$HTTPD_PREFIX"/conf/sites-available/default*.conf +fi + +# Configure dav.conf +if [ "x$LOCATION" != "x" ]; then + sed -e "s|Alias /|Alias $LOCATION|" \ + -i "$HTTPD_PREFIX/conf/conf-available/dav.conf" +fi +if [ "x$REALM" != "x" ]; then + sed -e "s|AuthName .*|AuthName \"$REALM\"|" \ + -i "$HTTPD_PREFIX/conf/conf-available/dav.conf" +else + REALM="WebDAV" +fi +if [ "x$AUTH_TYPE" != "x" ]; then + # Only support "Basic" and "Digest". + if [ "$AUTH_TYPE" != "Basic" ] && [ "$AUTH_TYPE" != "Digest" ]; then + printf '%s\n' "$AUTH_TYPE: Unknown AuthType" 1>&2 + exit 1 + fi + sed -e "s|AuthType .*|AuthType $AUTH_TYPE|" \ + -i "$HTTPD_PREFIX/conf/conf-available/dav.conf" +fi + +# Add password hash, unless "user.passwd" already exists (ie, bind mounted). +if [ ! -e "/user.passwd" ]; then + touch "/user.passwd" + # Only generate a password hash if both username and password given. + if [ "x$USERNAME" != "x" ] && [ "x$PASSWORD" != "x" ]; then + if [ "$AUTH_TYPE" = "Digest" ]; then + # Can't run `htdigest` non-interactively, so use other tools. + HASH="`printf '%s' "$USERNAME:$REALM:$PASSWORD" | md5sum | awk '{print $1}'`" + printf '%s\n' "$USERNAME:$REALM:$HASH" > /user.passwd + else + htpasswd -B -b -c "/user.passwd" $USERNAME $PASSWORD + fi + fi +fi + +# If specified, allow anonymous access to specified methods. +if [ "x$ANONYMOUS_METHODS" != "x" ]; then + if [ "$ANONYMOUS_METHODS" = "ALL" ]; then + sed -e "s/Require valid-user/Require all granted/" \ + -i "$HTTPD_PREFIX/conf/conf-available/dav.conf" + else + sed -e "/Require valid-user/a\ \ \ \ Require method $ANONYMOUS_METHODS" \ + -i "$HTTPD_PREFIX/conf/conf-available/dav.conf" + fi +fi + +case "${SSL_CERT:-none}" in + "selfsigned") + # Generate self-signed SSL certificate. + # If SERVER_NAMES is given, use the first domain as the Common Name. + if [ ! -e /privkey.pem ] || [ ! -e /cert.pem ]; then + apk add --no-cache openssl + openssl req -x509 -newkey rsa:2048 -days 1000 -nodes \ + -keyout /privkey.pem -out /cert.pem -subj "/CN=${SERVER_NAME:-selfsigned}" + apk del --no-cache openssl + fi + # Enable SSL Apache modules. + for i in http2 ssl; do + sed -i -e "/^#LoadModule ${i}_module.*/s/^#//" "$HTTPD_PREFIX/conf/httpd.conf" + done + # Enable SSL vhost. + if [ -e /privkey.pem ] && [ -e /cert.pem ]; then + ln -s ../sites-available/default-ssl.conf "$HTTPD_PREFIX/conf/sites-enabled"; \ + fi + ;; +esac + +exec "$@" diff --git a/Dockerfile b/Dockerfile deleted file mode 100644 index e18b21a..0000000 --- a/Dockerfile +++ /dev/null @@ -1,61 +0,0 @@ -FROM httpd:alpine -MAINTAINER Bytemark Hosting "support@bytemark.co.uk" - -# This variable is inherited from httpd:alpine image: -# ENV HTTPD_PREFIX /usr/local/apache2 - -RUN set -ex; \ - # Create Debian-style subdirectories. - mkdir -p "$HTTPD_PREFIX/conf/conf-available"; \ - mkdir -p "$HTTPD_PREFIX/conf/conf-enabled"; \ - mkdir -p "$HTTPD_PREFIX/conf/sites-available"; \ - mkdir -p "$HTTPD_PREFIX/conf/sites-enabled" - -# Copy in our configuration files. -COPY dav.conf "$HTTPD_PREFIX/conf/conf-available" -COPY default.conf "$HTTPD_PREFIX/conf/sites-available" -COPY default-ssl.conf "$HTTPD_PREFIX/conf/sites-available" - -RUN set -ex; \ - # Create empty default DocumentRoot. - mkdir -p "/var/www/html"; \ - # Create directories for Dav data and lock database. - mkdir -p "/var/lib/dav"; \ - mkdir -p "/var/lib/dav/data"; \ - touch "/var/lib/dav/DavLock"; \ - chown -R www-data:www-data "/var/lib/dav"; \ - \ - # Enable DAV modules. - for i in dav dav_fs; do \ - sed -i -e "/^#LoadModule ${i}_module.*/s/^#//" "$HTTPD_PREFIX/conf/httpd.conf"; \ - done; \ - \ - # Make sure authentication modules are enabled. - for i in authn_core authn_file authz_core authz_user auth_basic auth_digest; do \ - sed -i -e "/^#LoadModule ${i}_module.*/s/^#//" "$HTTPD_PREFIX/conf/httpd.conf"; \ - done; \ - \ - # Make sure other modules are enabled. - for i in alias headers mime setenvif; do \ - sed -i -e "/^#LoadModule ${i}_module.*/s/^#//" "$HTTPD_PREFIX/conf/httpd.conf"; \ - done; \ - \ - # Run httpd as "www-data" (instead of "daemon"). - for i in User Group; do \ - sed -i -e "s|^$i .*|$i www-data|" "$HTTPD_PREFIX/conf/httpd.conf"; \ - done; \ - \ - # Include enabled configs and sites. - printf '%s\n' "Include conf/conf-enabled/*.conf" \ - >> "$HTTPD_PREFIX/conf/httpd.conf"; \ - printf '%s\n' "Include conf/sites-enabled/*.conf" \ - >> "$HTTPD_PREFIX/conf/httpd.conf"; \ - \ - # Enable dav and default site. - ln -s ../conf-available/dav.conf "$HTTPD_PREFIX/conf/conf-enabled"; \ - ln -s ../sites-available/default.conf "$HTTPD_PREFIX/conf/sites-enabled" - -COPY docker-entrypoint.sh /usr/local/bin/docker-entrypoint.sh -EXPOSE 80/tcp 443/tcp -ENTRYPOINT [ "docker-entrypoint.sh" ] -CMD [ "httpd-foreground" ] diff --git a/dav.conf b/dav.conf deleted file mode 100644 index caacd03..0000000 --- a/dav.conf +++ /dev/null @@ -1,25 +0,0 @@ -DavLockDB "/var/lib/dav/DavLock" -Alias / "/var/lib/dav/data/" - - Dav On - Options Indexes FollowSymLinks - - AuthType Basic - AuthName "WebDAV" - AuthUserFile "/user.passwd" - - Require valid-user - - - -# These disable redirects on non-GET requests for directories that -# don't include the trailing slash (for misbehaving clients). -BrowserMatch "Microsoft Data Access Internet Publishing Provider" redirect-carefully -BrowserMatch "MS FrontPage" redirect-carefully -BrowserMatch "^WebDrive" redirect-carefully -BrowserMatch "^WebDAVFS/1.[01234]" redirect-carefully -BrowserMatch "^gnome-vfs/1.0" redirect-carefully -BrowserMatch "^XML Spy" redirect-carefully -BrowserMatch "^Dreamweaver-WebDAV-SCM1" redirect-carefully -BrowserMatch " Konqueror/4" redirect-carefully -BrowserMatch "^gvfs" redirect-carefully diff --git a/default-ssl.conf b/default-ssl.conf deleted file mode 100644 index ef90866..0000000 --- a/default-ssl.conf +++ /dev/null @@ -1,18 +0,0 @@ -Listen 443 - - Protocols h2 http/1.1 - ServerName localhost - DocumentRoot "/var/www/html/" - - Require all denied - - CustomLog /proc/self/fd/1 combined - ErrorLog /proc/self/fd/2 - SSLEngine on - SSLCertificateFile /cert.pem - SSLCertificateKeyFile /privkey.pem - SSLProtocol all -SSLv3 - SSLCipherSuite ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS - SSLHonorCipherOrder on - SSLSessionTickets off - diff --git a/default.conf b/default.conf deleted file mode 100644 index e309338..0000000 --- a/default.conf +++ /dev/null @@ -1,11 +0,0 @@ - - ServerName localhost - DocumentRoot "/var/www/html/" - - Require all denied - - CustomLog /proc/self/fd/1 combined - ErrorLog /proc/self/fd/2 - # This lets certain DAV methods work behind an SSL reverse proxy. - RequestHeader edit Destination ^https http early - diff --git a/docker-entrypoint.sh b/docker-entrypoint.sh deleted file mode 100755 index cff51eb..0000000 --- a/docker-entrypoint.sh +++ /dev/null @@ -1,98 +0,0 @@ -#!/bin/sh -set -e - -# Environment variables that are used if not empty: -# SERVER_NAMES -# LOCATION -# AUTH_TYPE -# REALM -# USERNAME -# PASSWORD -# ANONYMOUS_METHODS -# SSL_CERT - -# Just in case this environment variable has gone missing. -HTTPD_PREFIX="${HTTPD_PREFIX:-/usr/local/apache2}" - -# Configure vhosts. -if [ "x$SERVER_NAMES" != "x" ]; then - # Use first domain as Apache ServerName. - SERVER_NAME="${SERVER_NAMES%%,*}" - sed -e "s|ServerName .*|ServerName $SERVER_NAME|" \ - -i "$HTTPD_PREFIX"/conf/sites-available/default*.conf - - # Replace commas with spaces and set as Apache ServerAlias. - SERVER_ALIAS="`printf '%s\n' "$SERVER_NAMES" | tr ',' ' '`" - sed -e "/ServerName/a\ \ ServerAlias $SERVER_ALIAS" \ - -i "$HTTPD_PREFIX"/conf/sites-available/default*.conf -fi - -# Configure dav.conf -if [ "x$LOCATION" != "x" ]; then - sed -e "s|Alias /|Alias $LOCATION|" \ - -i "$HTTPD_PREFIX/conf/conf-available/dav.conf" -fi -if [ "x$REALM" != "x" ]; then - sed -e "s|AuthName .*|AuthName \"$REALM\"|" \ - -i "$HTTPD_PREFIX/conf/conf-available/dav.conf" -else - REALM="WebDAV" -fi -if [ "x$AUTH_TYPE" != "x" ]; then - # Only support "Basic" and "Digest". - if [ "$AUTH_TYPE" != "Basic" ] && [ "$AUTH_TYPE" != "Digest" ]; then - printf '%s\n' "$AUTH_TYPE: Unknown AuthType" 1>&2 - exit 1 - fi - sed -e "s|AuthType .*|AuthType $AUTH_TYPE|" \ - -i "$HTTPD_PREFIX/conf/conf-available/dav.conf" -fi - -# Add password hash, unless "user.passwd" already exists (ie, bind mounted). -if [ ! -e "/user.passwd" ]; then - touch "/user.passwd" - # Only generate a password hash if both username and password given. - if [ "x$USERNAME" != "x" ] && [ "x$PASSWORD" != "x" ]; then - if [ "$AUTH_TYPE" = "Digest" ]; then - # Can't run `htdigest` non-interactively, so use other tools. - HASH="`printf '%s' "$USERNAME:$REALM:$PASSWORD" | md5sum | awk '{print $1}'`" - printf '%s\n' "$USERNAME:$REALM:$HASH" > /user.passwd - else - htpasswd -B -b -c "/user.passwd" $USERNAME $PASSWORD - fi - fi -fi - -# If specified, allow anonymous access to specified methods. -if [ "x$ANONYMOUS_METHODS" != "x" ]; then - if [ "$ANONYMOUS_METHODS" = "ALL" ]; then - sed -e "s/Require valid-user/Require all granted/" \ - -i "$HTTPD_PREFIX/conf/conf-available/dav.conf" - else - sed -e "/Require valid-user/a\ \ \ \ Require method $ANONYMOUS_METHODS" \ - -i "$HTTPD_PREFIX/conf/conf-available/dav.conf" - fi -fi - -case "${SSL_CERT:-none}" in - "selfsigned") - # Generate self-signed SSL certificate. - # If SERVER_NAMES is given, use the first domain as the Common Name. - if [ ! -e /privkey.pem ] || [ ! -e /cert.pem ]; then - apk add --no-cache openssl - openssl req -x509 -newkey rsa:2048 -days 1000 -nodes \ - -keyout /privkey.pem -out /cert.pem -subj "/CN=${SERVER_NAME:-selfsigned}" - apk del --no-cache openssl - fi - # Enable SSL Apache modules. - for i in http2 ssl; do - sed -i -e "/^#LoadModule ${i}_module.*/s/^#//" "$HTTPD_PREFIX/conf/httpd.conf" - done - # Enable SSL vhost. - if [ -e /privkey.pem ] && [ -e /cert.pem ]; then - ln -s ../sites-available/default-ssl.conf "$HTTPD_PREFIX/conf/sites-enabled"; \ - fi - ;; -esac - -exec "$@" diff --git a/latest b/latest new file mode 120000 index 0000000..7208c21 --- /dev/null +++ b/latest @@ -0,0 +1 @@ +2.4 \ No newline at end of file -- cgit v1.2.1