modify docker entrypoint

2024-02-09 01:59:25 -08:00
parent 5648fcf263
commit b3515bc063
7 changed files with 101 additions and 26 deletions
--- a/docker/apache/conf.d/ssl.conf
+++ b/docker/apache/conf.d/ssl.conf
@ -0,0 +1,19 @@
+LoadModule ssl_module modules/mod_ssl.so
+LoadModule socache_shmcb_module modules/mod_socache_shmcb.so
+
+SSLRandomSeed startup file:/dev/urandom 512
+SSLRandomSeed connect builtin
+
+Listen 443
+
+SSLCipherSuite HIGH:MEDIUM:!MD5:!RC4:!3DES:!ADH
+SSLProxyCipherSuite HIGH:MEDIUM:!MD5:!RC4:!3DES:!ADH
+SSLHonorCipherOrder on
+
+SSLProtocol all -SSLv3
+SSLProxyProtocol all -SSLv3
+
+SSLPassPhraseDialog  builtin
+
+SSLSessionCache        "shmcb:/var/cache/mod_ssl/scache(512000)"
+SSLSessionCacheTimeout  300
--- a/docker/apache/http.conf
+++ b/docker/apache/http.conf
@ -0,0 +1,89 @@
+Listen 80
+ServerTokens OS
+ServerRoot /var/www
+ServerSignature On
+ServerName localhost
+
+DocumentRoot "/var/www/html/4get"
+
+LogLevel warn
+CustomLog /dev/null common
+ErrorLog /dev/null
+
+<Directory "/var/www/html/4get">
+    RewriteEngine On
+    RewriteCond %{THE_REQUEST} ^\w+\ /(.*)\.php(\?.*)?\ HTTP/
+    RewriteRule ^ http://%{HTTP_HOST}/%1 [R=301]
+    RewriteCond %{REQUEST_FILENAME}.php -f
+    RewriteRule .* $0.php
+    Options Indexes FollowSymLinks
+    AllowOverride None
+    Require all granted
+</Directory>
+
+LoadModule rewrite_module modules/mod_rewrite.so
+LoadModule mpm_prefork_module modules/mod_mpm_prefork.so
+LoadModule authn_file_module modules/mod_authn_file.so
+LoadModule authn_core_module modules/mod_authn_core.so
+LoadModule authz_host_module modules/mod_authz_host.so
+LoadModule authz_groupfile_module modules/mod_authz_groupfile.so
+LoadModule authz_user_module modules/mod_authz_user.so
+LoadModule authz_core_module modules/mod_authz_core.so
+LoadModule access_compat_module modules/mod_access_compat.so
+LoadModule auth_basic_module modules/mod_auth_basic.so
+LoadModule reqtimeout_module modules/mod_reqtimeout.so
+LoadModule filter_module modules/mod_filter.so
+LoadModule mime_module modules/mod_mime.so
+LoadModule log_config_module modules/mod_log_config.so
+LoadModule env_module modules/mod_env.so
+LoadModule headers_module modules/mod_headers.so
+LoadModule setenvif_module modules/mod_setenvif.so
+LoadModule version_module modules/mod_version.so
+LoadModule unixd_module modules/mod_unixd.so
+LoadModule status_module modules/mod_status.so
+LoadModule autoindex_module modules/mod_autoindex.so
+LoadModule dir_module modules/mod_dir.so
+LoadModule alias_module modules/mod_alias.so
+LoadModule negotiation_module modules/mod_negotiation.so
+
+<IfModule unixd_module>
+User apache
+Group apache
+</IfModule>
+
+
+
+<Directory />
+    AllowOverride none
+    Require all denied
+</Directory>
+
+
+
+
+<IfModule dir_module>
+    DirectoryIndex index.html
+</IfModule>
+
+<Files ".ht*">
+    Require all denied
+</Files>
+
+
+
+<IfModule headers_module>
+    RequestHeader unset Proxy early
+</IfModule>
+
+<IfModule mime_module>
+    TypesConfig /etc/apache2/mime.types
+    AddType application/x-compress .Z
+    AddType application/x-gzip .gz .tgz
+</IfModule>
+
+<IfModule mime_magic_module>
+    MIMEMagicFile /etc/apache2/magic
+</IfModule>
+
+IncludeOptional /etc/apache2/conf.d/*.conf
+
--- a/docker/apache/https.conf
+++ b/docker/apache/https.conf
@ -0,0 +1,96 @@
+ServerTokens OS
+ServerRoot /var/www
+ServerSignature On
+ServerName localhost
+
+DocumentRoot "/var/www/html/4get"
+
+LogLevel warn
+CustomLog /dev/null common
+ErrorLog /dev/null
+
+<VirtualHost *:443>
+    SSLEngine on
+    SSLCertificateFile /etc/4get/certs/fullchain.pem
+    SSLCertificateKeyFile /etc/4get/certs/privkey.pem
+</VirtualHost>
+
+<Directory "/var/www/html/4get">
+    RewriteEngine On
+    RewriteCond %{THE_REQUEST} ^\w+\ /(.*)\.php(\?.*)?\ HTTP/
+    RewriteRule ^ http://%{HTTP_HOST}/%1 [R=301]
+    RewriteCond %{REQUEST_FILENAME}.php -f
+    RewriteRule .* $0.php
+    Options Indexes FollowSymLinks
+    AllowOverride None
+    Require all granted
+</Directory>
+
+
+
+LoadModule rewrite_module modules/mod_rewrite.so
+LoadModule mpm_prefork_module modules/mod_mpm_prefork.so
+LoadModule authn_file_module modules/mod_authn_file.so
+LoadModule authn_core_module modules/mod_authn_core.so
+LoadModule authz_host_module modules/mod_authz_host.so
+LoadModule authz_groupfile_module modules/mod_authz_groupfile.so
+LoadModule authz_user_module modules/mod_authz_user.so
+LoadModule authz_core_module modules/mod_authz_core.so
+LoadModule access_compat_module modules/mod_access_compat.so
+LoadModule auth_basic_module modules/mod_auth_basic.so
+LoadModule reqtimeout_module modules/mod_reqtimeout.so
+LoadModule filter_module modules/mod_filter.so
+LoadModule mime_module modules/mod_mime.so
+LoadModule log_config_module modules/mod_log_config.so
+LoadModule env_module modules/mod_env.so
+LoadModule headers_module modules/mod_headers.so
+LoadModule setenvif_module modules/mod_setenvif.so
+LoadModule version_module modules/mod_version.so
+LoadModule unixd_module modules/mod_unixd.so
+LoadModule status_module modules/mod_status.so
+LoadModule autoindex_module modules/mod_autoindex.so
+LoadModule dir_module modules/mod_dir.so
+LoadModule alias_module modules/mod_alias.so
+LoadModule negotiation_module modules/mod_negotiation.so
+
+<IfModule unixd_module>
+User apache
+Group apache
+</IfModule>
+
+
+
+<Directory />
+    AllowOverride none
+    Require all denied
+</Directory>
+
+
+
+
+<IfModule dir_module>
+    DirectoryIndex index.html
+</IfModule>
+
+<Files ".ht*">
+    Require all denied
+</Files>
+
+
+
+<IfModule headers_module>
+    RequestHeader unset Proxy early
+</IfModule>
+
+<IfModule mime_module>
+    TypesConfig /etc/apache2/mime.types
+    AddType application/x-compress .Z
+    AddType application/x-gzip .gz .tgz
+</IfModule>
+
+<IfModule mime_magic_module>
+    MIMEMagicFile /etc/apache2/magic
+</IfModule>
+
+IncludeOptional /etc/apache2/conf.d/*.conf
+
--- a/docker/docker-entrypoint.sh
+++ b/docker/docker-entrypoint.sh
@ -1,20 +1,13 @@
 #!/bin/sh
 set -e
-sed -i "s/ServerName.*/ServerName ${FOURGET_SERVER_NAME}/g" /etc/apache2/httpd.conf
-sed -i "s/ServerAdmin.*/ServerAdmin ${FOURGET_SERVER_ADMIN_EMAIL}/g" /etc/apache2/httpd.conf
-
-if [ ! -f /etc/4get/certs/cert.pem ] || [ ! -f /etc/4get/certs/chain.pem ] || [ ! -f /etc/4get/certs/privkey.pem ]; then
-        # remove SSL VirtualHost
-        echo "No certificate files detected. Listening on port 80"
-        sed -i '/<VirtualHost \*:443>/,/<\/VirtualHost>/d' /etc/apache2/httpd.conf
-
-        # prepend Listen 80 to /apache2/httpd.conf
-        echo "Listen 80" > /etc/apache2/httpd.conf_temp
-        cat /etc/apache2/httpd.conf >> /etc/apache2/httpd.conf_temp
-        mv /etc/apache2/httpd.conf_temp /etc/apache2/httpd.conf
+if [ ! -f /etc/4get/certs/fullchain.pem ] || [ ! -f /etc/4get/certs/privkey.pem ]; then
+        echo "Using http configuration"
+        cp /etc/apache2/http.conf /etc/apache2/httpd.conf
+else
+        echo "Using https configuration"
+        cp /etc/apache2/https.conf /etc/apache2/httpd.conf
 fi

-
 php82 ./docker/gen_config.php