From eed32a153c862cec31d1353ea0ed6e01fc70b8da Mon Sep 17 00:00:00 2001 From: throwaway Date: Fri, 24 Jan 2025 00:53:34 -0800 Subject: remove ssl.conf when using http config --- docker/apache/conf.d/ssl.conf | 19 ------- docker/apache/http.conf | 97 ---------------------------------- docker/apache/http/conf.d/ssl.conf | 1 + docker/apache/http/httpd.conf | 97 ++++++++++++++++++++++++++++++++++ docker/apache/https.conf | 102 ------------------------------------ docker/apache/https/conf.d/ssl.conf | 19 +++++++ docker/apache/https/httpd.conf | 102 ++++++++++++++++++++++++++++++++++++ docker/docker-entrypoint.sh | 19 +++++-- 8 files changed, 233 insertions(+), 223 deletions(-) delete mode 100644 docker/apache/conf.d/ssl.conf delete mode 100644 docker/apache/http.conf create mode 100644 docker/apache/http/conf.d/ssl.conf create mode 100644 docker/apache/http/httpd.conf delete mode 100644 docker/apache/https.conf create mode 100644 docker/apache/https/conf.d/ssl.conf create mode 100644 docker/apache/https/httpd.conf (limited to 'docker') diff --git a/docker/apache/conf.d/ssl.conf b/docker/apache/conf.d/ssl.conf deleted file mode 100644 index 7b0dd15..0000000 --- a/docker/apache/conf.d/ssl.conf +++ /dev/null @@ -1,19 +0,0 @@ -LoadModule ssl_module modules/mod_ssl.so -LoadModule socache_shmcb_module modules/mod_socache_shmcb.so - -SSLRandomSeed startup file:/dev/urandom 512 -SSLRandomSeed connect builtin - -Listen 443 - -SSLCipherSuite HIGH:MEDIUM:!MD5:!RC4:!3DES:!ADH -SSLProxyCipherSuite HIGH:MEDIUM:!MD5:!RC4:!3DES:!ADH -SSLHonorCipherOrder on - -SSLProtocol all -SSLv3 -SSLProxyProtocol all -SSLv3 - -SSLPassPhraseDialog builtin - -SSLSessionCache "shmcb:/var/cache/mod_ssl/scache(512000)" -SSLSessionCacheTimeout 300 diff --git a/docker/apache/http.conf b/docker/apache/http.conf deleted file mode 100644 index f496ba5..0000000 --- a/docker/apache/http.conf +++ /dev/null @@ -1,97 +0,0 @@ -Listen 80 -ServerTokens OS -ServerRoot /var/www -ServerSignature On -ServerName localhost - -DocumentRoot "/var/www/html/4get" - -LogLevel warn -CustomLog /dev/null common -ErrorLog /dev/null - - - RewriteEngine On - RewriteCond %{THE_REQUEST} ^\w+\ /(.*)\.php(\?.*)?\ HTTP/ - RewriteRule ^ http://%{HTTP_HOST}/%1 [R=301] - RewriteCond %{REQUEST_FILENAME}.php -f - RewriteRule .* $0.php - Options FollowSymLinks - AllowOverride None - Require all granted - - -# deny access to private resources - - Require all denied - - Require all denied - - - -LoadModule rewrite_module modules/mod_rewrite.so -LoadModule mpm_prefork_module modules/mod_mpm_prefork.so -LoadModule authn_file_module modules/mod_authn_file.so -LoadModule authn_core_module modules/mod_authn_core.so -LoadModule authz_host_module modules/mod_authz_host.so -LoadModule authz_groupfile_module modules/mod_authz_groupfile.so -LoadModule authz_user_module modules/mod_authz_user.so -LoadModule authz_core_module modules/mod_authz_core.so -LoadModule access_compat_module modules/mod_access_compat.so -LoadModule auth_basic_module modules/mod_auth_basic.so -LoadModule reqtimeout_module modules/mod_reqtimeout.so -LoadModule filter_module modules/mod_filter.so -LoadModule mime_module modules/mod_mime.so -LoadModule log_config_module modules/mod_log_config.so -LoadModule env_module modules/mod_env.so -LoadModule headers_module modules/mod_headers.so -LoadModule setenvif_module modules/mod_setenvif.so -LoadModule version_module modules/mod_version.so -LoadModule unixd_module modules/mod_unixd.so -LoadModule status_module modules/mod_status.so -LoadModule autoindex_module modules/mod_autoindex.so -LoadModule dir_module modules/mod_dir.so -LoadModule alias_module modules/mod_alias.so -LoadModule negotiation_module modules/mod_negotiation.so - - -User apache -Group apache - - - - - - AllowOverride none - Require all denied - - - - - - - DirectoryIndex index.html - - - - Require all denied - - - - - - RequestHeader unset Proxy early - - - - TypesConfig /etc/apache2/mime.types - AddType application/x-compress .Z - AddType application/x-gzip .gz .tgz - - - - MIMEMagicFile /etc/apache2/magic - - -IncludeOptional /etc/apache2/conf.d/*.conf - diff --git a/docker/apache/http/conf.d/ssl.conf b/docker/apache/http/conf.d/ssl.conf new file mode 100644 index 0000000..1357f56 --- /dev/null +++ b/docker/apache/http/conf.d/ssl.conf @@ -0,0 +1 @@ +# intentionally blank diff --git a/docker/apache/http/httpd.conf b/docker/apache/http/httpd.conf new file mode 100644 index 0000000..f496ba5 --- /dev/null +++ b/docker/apache/http/httpd.conf @@ -0,0 +1,97 @@ +Listen 80 +ServerTokens OS +ServerRoot /var/www +ServerSignature On +ServerName localhost + +DocumentRoot "/var/www/html/4get" + +LogLevel warn +CustomLog /dev/null common +ErrorLog /dev/null + + + RewriteEngine On + RewriteCond %{THE_REQUEST} ^\w+\ /(.*)\.php(\?.*)?\ HTTP/ + RewriteRule ^ http://%{HTTP_HOST}/%1 [R=301] + RewriteCond %{REQUEST_FILENAME}.php -f + RewriteRule .* $0.php + Options FollowSymLinks + AllowOverride None + Require all granted + + +# deny access to private resources + + Require all denied + + Require all denied + + + +LoadModule rewrite_module modules/mod_rewrite.so +LoadModule mpm_prefork_module modules/mod_mpm_prefork.so +LoadModule authn_file_module modules/mod_authn_file.so +LoadModule authn_core_module modules/mod_authn_core.so +LoadModule authz_host_module modules/mod_authz_host.so +LoadModule authz_groupfile_module modules/mod_authz_groupfile.so +LoadModule authz_user_module modules/mod_authz_user.so +LoadModule authz_core_module modules/mod_authz_core.so +LoadModule access_compat_module modules/mod_access_compat.so +LoadModule auth_basic_module modules/mod_auth_basic.so +LoadModule reqtimeout_module modules/mod_reqtimeout.so +LoadModule filter_module modules/mod_filter.so +LoadModule mime_module modules/mod_mime.so +LoadModule log_config_module modules/mod_log_config.so +LoadModule env_module modules/mod_env.so +LoadModule headers_module modules/mod_headers.so +LoadModule setenvif_module modules/mod_setenvif.so +LoadModule version_module modules/mod_version.so +LoadModule unixd_module modules/mod_unixd.so +LoadModule status_module modules/mod_status.so +LoadModule autoindex_module modules/mod_autoindex.so +LoadModule dir_module modules/mod_dir.so +LoadModule alias_module modules/mod_alias.so +LoadModule negotiation_module modules/mod_negotiation.so + + +User apache +Group apache + + + + + + AllowOverride none + Require all denied + + + + + + + DirectoryIndex index.html + + + + Require all denied + + + + + + RequestHeader unset Proxy early + + + + TypesConfig /etc/apache2/mime.types + AddType application/x-compress .Z + AddType application/x-gzip .gz .tgz + + + + MIMEMagicFile /etc/apache2/magic + + +IncludeOptional /etc/apache2/conf.d/*.conf + diff --git a/docker/apache/https.conf b/docker/apache/https.conf deleted file mode 100644 index ca5edf5..0000000 --- a/docker/apache/https.conf +++ /dev/null @@ -1,102 +0,0 @@ -ServerTokens OS -ServerRoot /var/www -ServerSignature On -ServerName localhost - -DocumentRoot "/var/www/html/4get" - -LogLevel warn -CustomLog /dev/null common -ErrorLog /dev/null - - - SSLEngine on - SSLCertificateFile /etc/4get/certs/fullchain.pem - SSLCertificateKeyFile /etc/4get/certs/privkey.pem - - - - RewriteEngine On - RewriteCond %{THE_REQUEST} ^\w+\ /(.*)\.php(\?.*)?\ HTTP/ - RewriteRule ^ http://%{HTTP_HOST}/%1 [R=301] - RewriteCond %{REQUEST_FILENAME}.php -f - RewriteRule .* $0.php - Options FollowSymLinks - AllowOverride None - Require all granted - - -# deny access to private resources - - Require all denied - - Require all denied - - - -LoadModule rewrite_module modules/mod_rewrite.so -LoadModule mpm_prefork_module modules/mod_mpm_prefork.so -LoadModule authn_file_module modules/mod_authn_file.so -LoadModule authn_core_module modules/mod_authn_core.so -LoadModule authz_host_module modules/mod_authz_host.so -LoadModule authz_groupfile_module modules/mod_authz_groupfile.so -LoadModule authz_user_module modules/mod_authz_user.so -LoadModule authz_core_module modules/mod_authz_core.so -LoadModule access_compat_module modules/mod_access_compat.so -LoadModule auth_basic_module modules/mod_auth_basic.so -LoadModule reqtimeout_module modules/mod_reqtimeout.so -LoadModule filter_module modules/mod_filter.so -LoadModule mime_module modules/mod_mime.so -LoadModule log_config_module modules/mod_log_config.so -LoadModule env_module modules/mod_env.so -LoadModule headers_module modules/mod_headers.so -LoadModule setenvif_module modules/mod_setenvif.so -LoadModule version_module modules/mod_version.so -LoadModule unixd_module modules/mod_unixd.so -LoadModule status_module modules/mod_status.so -LoadModule autoindex_module modules/mod_autoindex.so -LoadModule dir_module modules/mod_dir.so -LoadModule alias_module modules/mod_alias.so -LoadModule negotiation_module modules/mod_negotiation.so - - -User apache -Group apache - - - - - - AllowOverride none - Require all denied - - - - - - - DirectoryIndex index.html - - - - Require all denied - - - - - - RequestHeader unset Proxy early - - - - TypesConfig /etc/apache2/mime.types - AddType application/x-compress .Z - AddType application/x-gzip .gz .tgz - - - - MIMEMagicFile /etc/apache2/magic - - -IncludeOptional /etc/apache2/conf.d/*.conf - diff --git a/docker/apache/https/conf.d/ssl.conf b/docker/apache/https/conf.d/ssl.conf new file mode 100644 index 0000000..7b0dd15 --- /dev/null +++ b/docker/apache/https/conf.d/ssl.conf @@ -0,0 +1,19 @@ +LoadModule ssl_module modules/mod_ssl.so +LoadModule socache_shmcb_module modules/mod_socache_shmcb.so + +SSLRandomSeed startup file:/dev/urandom 512 +SSLRandomSeed connect builtin + +Listen 443 + +SSLCipherSuite HIGH:MEDIUM:!MD5:!RC4:!3DES:!ADH +SSLProxyCipherSuite HIGH:MEDIUM:!MD5:!RC4:!3DES:!ADH +SSLHonorCipherOrder on + +SSLProtocol all -SSLv3 +SSLProxyProtocol all -SSLv3 + +SSLPassPhraseDialog builtin + +SSLSessionCache "shmcb:/var/cache/mod_ssl/scache(512000)" +SSLSessionCacheTimeout 300 diff --git a/docker/apache/https/httpd.conf b/docker/apache/https/httpd.conf new file mode 100644 index 0000000..ca5edf5 --- /dev/null +++ b/docker/apache/https/httpd.conf @@ -0,0 +1,102 @@ +ServerTokens OS +ServerRoot /var/www +ServerSignature On +ServerName localhost + +DocumentRoot "/var/www/html/4get" + +LogLevel warn +CustomLog /dev/null common +ErrorLog /dev/null + + + SSLEngine on + SSLCertificateFile /etc/4get/certs/fullchain.pem + SSLCertificateKeyFile /etc/4get/certs/privkey.pem + + + + RewriteEngine On + RewriteCond %{THE_REQUEST} ^\w+\ /(.*)\.php(\?.*)?\ HTTP/ + RewriteRule ^ http://%{HTTP_HOST}/%1 [R=301] + RewriteCond %{REQUEST_FILENAME}.php -f + RewriteRule .* $0.php + Options FollowSymLinks + AllowOverride None + Require all granted + + +# deny access to private resources + + Require all denied + + Require all denied + + + +LoadModule rewrite_module modules/mod_rewrite.so +LoadModule mpm_prefork_module modules/mod_mpm_prefork.so +LoadModule authn_file_module modules/mod_authn_file.so +LoadModule authn_core_module modules/mod_authn_core.so +LoadModule authz_host_module modules/mod_authz_host.so +LoadModule authz_groupfile_module modules/mod_authz_groupfile.so +LoadModule authz_user_module modules/mod_authz_user.so +LoadModule authz_core_module modules/mod_authz_core.so +LoadModule access_compat_module modules/mod_access_compat.so +LoadModule auth_basic_module modules/mod_auth_basic.so +LoadModule reqtimeout_module modules/mod_reqtimeout.so +LoadModule filter_module modules/mod_filter.so +LoadModule mime_module modules/mod_mime.so +LoadModule log_config_module modules/mod_log_config.so +LoadModule env_module modules/mod_env.so +LoadModule headers_module modules/mod_headers.so +LoadModule setenvif_module modules/mod_setenvif.so +LoadModule version_module modules/mod_version.so +LoadModule unixd_module modules/mod_unixd.so +LoadModule status_module modules/mod_status.so +LoadModule autoindex_module modules/mod_autoindex.so +LoadModule dir_module modules/mod_dir.so +LoadModule alias_module modules/mod_alias.so +LoadModule negotiation_module modules/mod_negotiation.so + + +User apache +Group apache + + + + + + AllowOverride none + Require all denied + + + + + + + DirectoryIndex index.html + + + + Require all denied + + + + + + RequestHeader unset Proxy early + + + + TypesConfig /etc/apache2/mime.types + AddType application/x-compress .Z + AddType application/x-gzip .gz .tgz + + + + MIMEMagicFile /etc/apache2/magic + + +IncludeOptional /etc/apache2/conf.d/*.conf + diff --git a/docker/docker-entrypoint.sh b/docker/docker-entrypoint.sh index 66d4067..53e7654 100755 --- a/docker/docker-entrypoint.sh +++ b/docker/docker-entrypoint.sh @@ -8,18 +8,27 @@ FOURGET_PROTO="${FOURGET_PROTO#\"}" # make lowercase FOURGET_PROTO=`echo $FOURGET_PROTO | awk '{print tolower($0)}'` +FOURGET_SRC='/var/www/html/4get' + +mkdir -p /etc/apache2 if [ "$FOURGET_PROTO" = "https" ]; then echo "Using https configuration" - cp /etc/apache2/https.conf /etc/apache2/httpd.conf + cp -r ${FOURGET_SRC}/docker/apache/https/httpd.conf /etc/apache2 + cp -r ${FOURGET_SRC}/docker/apache/https/conf.d/* /etc/apache2/conf.d + else echo "Using http configuration" - cp /etc/apache2/http.conf /etc/apache2/httpd.conf + cp -r ${FOURGET_SRC}/docker/apache/http/httpd.conf /etc/apache2 + cp -r ${FOURGET_SRC}/docker/apache/http/conf.d/* /etc/apache2/conf.d fi php ./docker/gen_config.php - -echo "4get is running" -exec httpd -DFOREGROUND +if [ "$@" = "start" ]; then + echo "4get is running" + exec httpd -DFOREGROUND +else + exec "$@" +fi -- cgit v1.2.3