From eed32a153c862cec31d1353ea0ed6e01fc70b8da Mon Sep 17 00:00:00 2001 From: throwaway Date: Fri, 24 Jan 2025 00:53:34 -0800 Subject: remove ssl.conf when using http config --- .dockerignore | 1 + Dockerfile | 4 +- docker-compose.yaml | 11 ++-- docker/apache/conf.d/ssl.conf | 19 ------- docker/apache/http.conf | 97 ---------------------------------- docker/apache/http/conf.d/ssl.conf | 1 + docker/apache/http/httpd.conf | 97 ++++++++++++++++++++++++++++++++++ docker/apache/https.conf | 102 ------------------------------------ docker/apache/https/conf.d/ssl.conf | 19 +++++++ docker/apache/https/httpd.conf | 102 ++++++++++++++++++++++++++++++++++++ docker/docker-entrypoint.sh | 19 +++++-- 11 files changed, 242 insertions(+), 230 deletions(-) create mode 100644 .dockerignore delete mode 100644 docker/apache/conf.d/ssl.conf delete mode 100644 docker/apache/http.conf create mode 100644 docker/apache/http/conf.d/ssl.conf create mode 100644 docker/apache/http/httpd.conf delete mode 100644 docker/apache/https.conf create mode 100644 docker/apache/https/conf.d/ssl.conf create mode 100644 docker/apache/https/httpd.conf diff --git a/.dockerignore b/.dockerignore new file mode 100644 index 0000000..6b8710a --- /dev/null +++ b/.dockerignore @@ -0,0 +1 @@ +.git diff --git a/Dockerfile b/Dockerfile index 8ee52cd..09672f8 100644 --- a/Dockerfile +++ b/Dockerfile @@ -4,7 +4,6 @@ WORKDIR /var/www/html/4get RUN apk update && apk upgrade RUN apk add php apache2-ssl php83-fileinfo php83-openssl php83-iconv php83-common php83-dom php83-sodium php83-curl curl php83-pecl-apcu php83-apache2 imagemagick php83-pecl-imagick php-mbstring imagemagick-webp imagemagick-jpeg -COPY ./docker/apache/ /etc/apache2/ COPY . . RUN chmod 777 /var/www/html/4get/icons @@ -14,4 +13,5 @@ EXPOSE 443 ENV FOURGET_PROTO=http -CMD ["./docker/docker-entrypoint.sh"] +ENTRYPOINT ["./docker/docker-entrypoint.sh"] +CMD ["start"] diff --git a/docker-compose.yaml b/docker-compose.yaml index 2bba4ca..3797294 100644 --- a/docker-compose.yaml +++ b/docker-compose.yaml @@ -6,14 +6,15 @@ services: image: luuul/4get:latest restart: unless-stopped environment: + - FOURGET_PROTO=http - FOURGET_SERVER_NAME=4get.ca + - FOURGET_INSTANCES=https://4get.ca ports: - "80:80" - "443:443" - volumes: - - /etc/letsencrypt/live/domain.tld:/etc/4get/certs - # mount custom banners and captcha - - ./banners:/var/www/html/4get/banner - - ./captcha:/var/www/html/4get/data/captcha + # volumes: + # - /etc/letsencrypt/live/domain.tld:/etc/4get/certs # mount ssl + # - ./banners:/var/www/html/4get/banner # mount custom banners + # - ./captcha:/var/www/html/4get/data/captcha # mount captcha images diff --git a/docker/apache/conf.d/ssl.conf b/docker/apache/conf.d/ssl.conf deleted file mode 100644 index 7b0dd15..0000000 --- a/docker/apache/conf.d/ssl.conf +++ /dev/null @@ -1,19 +0,0 @@ -LoadModule ssl_module modules/mod_ssl.so -LoadModule socache_shmcb_module modules/mod_socache_shmcb.so - -SSLRandomSeed startup file:/dev/urandom 512 -SSLRandomSeed connect builtin - -Listen 443 - -SSLCipherSuite HIGH:MEDIUM:!MD5:!RC4:!3DES:!ADH -SSLProxyCipherSuite HIGH:MEDIUM:!MD5:!RC4:!3DES:!ADH -SSLHonorCipherOrder on - -SSLProtocol all -SSLv3 -SSLProxyProtocol all -SSLv3 - -SSLPassPhraseDialog builtin - -SSLSessionCache "shmcb:/var/cache/mod_ssl/scache(512000)" -SSLSessionCacheTimeout 300 diff --git a/docker/apache/http.conf b/docker/apache/http.conf deleted file mode 100644 index f496ba5..0000000 --- a/docker/apache/http.conf +++ /dev/null @@ -1,97 +0,0 @@ -Listen 80 -ServerTokens OS -ServerRoot /var/www -ServerSignature On -ServerName localhost - -DocumentRoot "/var/www/html/4get" - -LogLevel warn -CustomLog /dev/null common -ErrorLog /dev/null - - - RewriteEngine On - RewriteCond %{THE_REQUEST} ^\w+\ /(.*)\.php(\?.*)?\ HTTP/ - RewriteRule ^ http://%{HTTP_HOST}/%1 [R=301] - RewriteCond %{REQUEST_FILENAME}.php -f - RewriteRule .* $0.php - Options FollowSymLinks - AllowOverride None - Require all granted - - -# deny access to private resources - - Require all denied - - Require all denied - - - -LoadModule rewrite_module modules/mod_rewrite.so -LoadModule mpm_prefork_module modules/mod_mpm_prefork.so -LoadModule authn_file_module modules/mod_authn_file.so -LoadModule authn_core_module modules/mod_authn_core.so -LoadModule authz_host_module modules/mod_authz_host.so -LoadModule authz_groupfile_module modules/mod_authz_groupfile.so -LoadModule authz_user_module modules/mod_authz_user.so -LoadModule authz_core_module modules/mod_authz_core.so -LoadModule access_compat_module modules/mod_access_compat.so -LoadModule auth_basic_module modules/mod_auth_basic.so -LoadModule reqtimeout_module modules/mod_reqtimeout.so -LoadModule filter_module modules/mod_filter.so -LoadModule mime_module modules/mod_mime.so -LoadModule log_config_module modules/mod_log_config.so -LoadModule env_module modules/mod_env.so -LoadModule headers_module modules/mod_headers.so -LoadModule setenvif_module modules/mod_setenvif.so -LoadModule version_module modules/mod_version.so -LoadModule unixd_module modules/mod_unixd.so -LoadModule status_module modules/mod_status.so -LoadModule autoindex_module modules/mod_autoindex.so -LoadModule dir_module modules/mod_dir.so -LoadModule alias_module modules/mod_alias.so -LoadModule negotiation_module modules/mod_negotiation.so - - -User apache -Group apache - - - - - - AllowOverride none - Require all denied - - - - - - - DirectoryIndex index.html - - - - Require all denied - - - - - - RequestHeader unset Proxy early - - - - TypesConfig /etc/apache2/mime.types - AddType application/x-compress .Z - AddType application/x-gzip .gz .tgz - - - - MIMEMagicFile /etc/apache2/magic - - -IncludeOptional /etc/apache2/conf.d/*.conf - diff --git a/docker/apache/http/conf.d/ssl.conf b/docker/apache/http/conf.d/ssl.conf new file mode 100644 index 0000000..1357f56 --- /dev/null +++ b/docker/apache/http/conf.d/ssl.conf @@ -0,0 +1 @@ +# intentionally blank diff --git a/docker/apache/http/httpd.conf b/docker/apache/http/httpd.conf new file mode 100644 index 0000000..f496ba5 --- /dev/null +++ b/docker/apache/http/httpd.conf @@ -0,0 +1,97 @@ +Listen 80 +ServerTokens OS +ServerRoot /var/www +ServerSignature On +ServerName localhost + +DocumentRoot "/var/www/html/4get" + +LogLevel warn +CustomLog /dev/null common +ErrorLog /dev/null + + + RewriteEngine On + RewriteCond %{THE_REQUEST} ^\w+\ /(.*)\.php(\?.*)?\ HTTP/ + RewriteRule ^ http://%{HTTP_HOST}/%1 [R=301] + RewriteCond %{REQUEST_FILENAME}.php -f + RewriteRule .* $0.php + Options FollowSymLinks + AllowOverride None + Require all granted + + +# deny access to private resources + + Require all denied + + Require all denied + + + +LoadModule rewrite_module modules/mod_rewrite.so +LoadModule mpm_prefork_module modules/mod_mpm_prefork.so +LoadModule authn_file_module modules/mod_authn_file.so +LoadModule authn_core_module modules/mod_authn_core.so +LoadModule authz_host_module modules/mod_authz_host.so +LoadModule authz_groupfile_module modules/mod_authz_groupfile.so +LoadModule authz_user_module modules/mod_authz_user.so +LoadModule authz_core_module modules/mod_authz_core.so +LoadModule access_compat_module modules/mod_access_compat.so +LoadModule auth_basic_module modules/mod_auth_basic.so +LoadModule reqtimeout_module modules/mod_reqtimeout.so +LoadModule filter_module modules/mod_filter.so +LoadModule mime_module modules/mod_mime.so +LoadModule log_config_module modules/mod_log_config.so +LoadModule env_module modules/mod_env.so +LoadModule headers_module modules/mod_headers.so +LoadModule setenvif_module modules/mod_setenvif.so +LoadModule version_module modules/mod_version.so +LoadModule unixd_module modules/mod_unixd.so +LoadModule status_module modules/mod_status.so +LoadModule autoindex_module modules/mod_autoindex.so +LoadModule dir_module modules/mod_dir.so +LoadModule alias_module modules/mod_alias.so +LoadModule negotiation_module modules/mod_negotiation.so + + +User apache +Group apache + + + + + + AllowOverride none + Require all denied + + + + + + + DirectoryIndex index.html + + + + Require all denied + + + + + + RequestHeader unset Proxy early + + + + TypesConfig /etc/apache2/mime.types + AddType application/x-compress .Z + AddType application/x-gzip .gz .tgz + + + + MIMEMagicFile /etc/apache2/magic + + +IncludeOptional /etc/apache2/conf.d/*.conf + diff --git a/docker/apache/https.conf b/docker/apache/https.conf deleted file mode 100644 index ca5edf5..0000000 --- a/docker/apache/https.conf +++ /dev/null @@ -1,102 +0,0 @@ -ServerTokens OS -ServerRoot /var/www -ServerSignature On -ServerName localhost - -DocumentRoot "/var/www/html/4get" - -LogLevel warn -CustomLog /dev/null common -ErrorLog /dev/null - - - SSLEngine on - SSLCertificateFile /etc/4get/certs/fullchain.pem - SSLCertificateKeyFile /etc/4get/certs/privkey.pem - - - - RewriteEngine On - RewriteCond %{THE_REQUEST} ^\w+\ /(.*)\.php(\?.*)?\ HTTP/ - RewriteRule ^ http://%{HTTP_HOST}/%1 [R=301] - RewriteCond %{REQUEST_FILENAME}.php -f - RewriteRule .* $0.php - Options FollowSymLinks - AllowOverride None - Require all granted - - -# deny access to private resources - - Require all denied - - Require all denied - - - -LoadModule rewrite_module modules/mod_rewrite.so -LoadModule mpm_prefork_module modules/mod_mpm_prefork.so -LoadModule authn_file_module modules/mod_authn_file.so -LoadModule authn_core_module modules/mod_authn_core.so -LoadModule authz_host_module modules/mod_authz_host.so -LoadModule authz_groupfile_module modules/mod_authz_groupfile.so -LoadModule authz_user_module modules/mod_authz_user.so -LoadModule authz_core_module modules/mod_authz_core.so -LoadModule access_compat_module modules/mod_access_compat.so -LoadModule auth_basic_module modules/mod_auth_basic.so -LoadModule reqtimeout_module modules/mod_reqtimeout.so -LoadModule filter_module modules/mod_filter.so -LoadModule mime_module modules/mod_mime.so -LoadModule log_config_module modules/mod_log_config.so -LoadModule env_module modules/mod_env.so -LoadModule headers_module modules/mod_headers.so -LoadModule setenvif_module modules/mod_setenvif.so -LoadModule version_module modules/mod_version.so -LoadModule unixd_module modules/mod_unixd.so -LoadModule status_module modules/mod_status.so -LoadModule autoindex_module modules/mod_autoindex.so -LoadModule dir_module modules/mod_dir.so -LoadModule alias_module modules/mod_alias.so -LoadModule negotiation_module modules/mod_negotiation.so - - -User apache -Group apache - - - - - - AllowOverride none - Require all denied - - - - - - - DirectoryIndex index.html - - - - Require all denied - - - - - - RequestHeader unset Proxy early - - - - TypesConfig /etc/apache2/mime.types - AddType application/x-compress .Z - AddType application/x-gzip .gz .tgz - - - - MIMEMagicFile /etc/apache2/magic - - -IncludeOptional /etc/apache2/conf.d/*.conf - diff --git a/docker/apache/https/conf.d/ssl.conf b/docker/apache/https/conf.d/ssl.conf new file mode 100644 index 0000000..7b0dd15 --- /dev/null +++ b/docker/apache/https/conf.d/ssl.conf @@ -0,0 +1,19 @@ +LoadModule ssl_module modules/mod_ssl.so +LoadModule socache_shmcb_module modules/mod_socache_shmcb.so + +SSLRandomSeed startup file:/dev/urandom 512 +SSLRandomSeed connect builtin + +Listen 443 + +SSLCipherSuite HIGH:MEDIUM:!MD5:!RC4:!3DES:!ADH +SSLProxyCipherSuite HIGH:MEDIUM:!MD5:!RC4:!3DES:!ADH +SSLHonorCipherOrder on + +SSLProtocol all -SSLv3 +SSLProxyProtocol all -SSLv3 + +SSLPassPhraseDialog builtin + +SSLSessionCache "shmcb:/var/cache/mod_ssl/scache(512000)" +SSLSessionCacheTimeout 300 diff --git a/docker/apache/https/httpd.conf b/docker/apache/https/httpd.conf new file mode 100644 index 0000000..ca5edf5 --- /dev/null +++ b/docker/apache/https/httpd.conf @@ -0,0 +1,102 @@ +ServerTokens OS +ServerRoot /var/www +ServerSignature On +ServerName localhost + +DocumentRoot "/var/www/html/4get" + +LogLevel warn +CustomLog /dev/null common +ErrorLog /dev/null + + + SSLEngine on + SSLCertificateFile /etc/4get/certs/fullchain.pem + SSLCertificateKeyFile /etc/4get/certs/privkey.pem + + + + RewriteEngine On + RewriteCond %{THE_REQUEST} ^\w+\ /(.*)\.php(\?.*)?\ HTTP/ + RewriteRule ^ http://%{HTTP_HOST}/%1 [R=301] + RewriteCond %{REQUEST_FILENAME}.php -f + RewriteRule .* $0.php + Options FollowSymLinks + AllowOverride None + Require all granted + + +# deny access to private resources + + Require all denied + + Require all denied + + + +LoadModule rewrite_module modules/mod_rewrite.so +LoadModule mpm_prefork_module modules/mod_mpm_prefork.so +LoadModule authn_file_module modules/mod_authn_file.so +LoadModule authn_core_module modules/mod_authn_core.so +LoadModule authz_host_module modules/mod_authz_host.so +LoadModule authz_groupfile_module modules/mod_authz_groupfile.so +LoadModule authz_user_module modules/mod_authz_user.so +LoadModule authz_core_module modules/mod_authz_core.so +LoadModule access_compat_module modules/mod_access_compat.so +LoadModule auth_basic_module modules/mod_auth_basic.so +LoadModule reqtimeout_module modules/mod_reqtimeout.so +LoadModule filter_module modules/mod_filter.so +LoadModule mime_module modules/mod_mime.so +LoadModule log_config_module modules/mod_log_config.so +LoadModule env_module modules/mod_env.so +LoadModule headers_module modules/mod_headers.so +LoadModule setenvif_module modules/mod_setenvif.so +LoadModule version_module modules/mod_version.so +LoadModule unixd_module modules/mod_unixd.so +LoadModule status_module modules/mod_status.so +LoadModule autoindex_module modules/mod_autoindex.so +LoadModule dir_module modules/mod_dir.so +LoadModule alias_module modules/mod_alias.so +LoadModule negotiation_module modules/mod_negotiation.so + + +User apache +Group apache + + + + + + AllowOverride none + Require all denied + + + + + + + DirectoryIndex index.html + + + + Require all denied + + + + + + RequestHeader unset Proxy early + + + + TypesConfig /etc/apache2/mime.types + AddType application/x-compress .Z + AddType application/x-gzip .gz .tgz + + + + MIMEMagicFile /etc/apache2/magic + + +IncludeOptional /etc/apache2/conf.d/*.conf + diff --git a/docker/docker-entrypoint.sh b/docker/docker-entrypoint.sh index 66d4067..53e7654 100755 --- a/docker/docker-entrypoint.sh +++ b/docker/docker-entrypoint.sh @@ -8,18 +8,27 @@ FOURGET_PROTO="${FOURGET_PROTO#\"}" # make lowercase FOURGET_PROTO=`echo $FOURGET_PROTO | awk '{print tolower($0)}'` +FOURGET_SRC='/var/www/html/4get' + +mkdir -p /etc/apache2 if [ "$FOURGET_PROTO" = "https" ]; then echo "Using https configuration" - cp /etc/apache2/https.conf /etc/apache2/httpd.conf + cp -r ${FOURGET_SRC}/docker/apache/https/httpd.conf /etc/apache2 + cp -r ${FOURGET_SRC}/docker/apache/https/conf.d/* /etc/apache2/conf.d + else echo "Using http configuration" - cp /etc/apache2/http.conf /etc/apache2/httpd.conf + cp -r ${FOURGET_SRC}/docker/apache/http/httpd.conf /etc/apache2 + cp -r ${FOURGET_SRC}/docker/apache/http/conf.d/* /etc/apache2/conf.d fi php ./docker/gen_config.php - -echo "4get is running" -exec httpd -DFOREGROUND +if [ "$@" = "start" ]; then + echo "4get is running" + exec httpd -DFOREGROUND +else + exec "$@" +fi -- cgit v1.2.3