mirror of
https://github.com/oupala/apaxy.git
synced 2025-08-23 09:53:16 +02:00
feat: docker image
The new Dockerfile is based on a smaller image (httpd instead of php) and is more secure due to a smaller attack surface. It also comes with a docker-compose configuration and offers some options. The Dockerfile is using a multi-stage build, and it using the brand new apaxy install script. It is also running as non root so the image can run in a secured container cluster.
This commit is contained in:
oupala
62
Dockerfile
62
Dockerfile
@@ -1,30 +1,52 @@
|
||||
FROM php:7.3-apache
|
||||
LABEL authors="Carlos Brandt <chbrandt@github>, Inti Gabriel <inti.gabriel+github@intigabriel.de>"
|
||||
# bash docker image will be used for configuring apaxy
|
||||
FROM bash
|
||||
|
||||
ARG HTDOCS=/var/www/html
|
||||
# set apaxyPath to the path where you want apaxy to be installed
|
||||
# by default, apaxy will be available at "/" (web root)
|
||||
ARG apaxyPath=""
|
||||
|
||||
ENV APACHE_RUN_USER=www-data \
|
||||
APACHE_RUN_GROUP=www-data
|
||||
# copy apaxy and proceed to configuration
|
||||
WORKDIR /
|
||||
COPY . /
|
||||
RUN bash apaxy-configure.sh -w "${apaxyPath}"
|
||||
|
||||
RUN a2enmod rewrite
|
||||
# httpd docker image will be used for running apaxy
|
||||
FROM httpd:2.4
|
||||
|
||||
COPY apache-config.conf /etc/apache2/sites-enabled/000-default.conf
|
||||
# set apaxyPath to the path where you want apaxy to be installed
|
||||
# by default, apaxy will be available at "/" (web root)
|
||||
ARG apaxyPath=""
|
||||
|
||||
COPY apaxy/ $HTDOCS
|
||||
# image labels and description
|
||||
LABEL name="apaxy" \
|
||||
description="Apaxy is a customisable theme built to enhance the experience of browsing web directories. It uses the mod_autoindex Apache module — and some CSS — to override the default style of a directory listing" \
|
||||
maintainer="Ploc" \
|
||||
url="https://oupala.github.io/apaxy/"
|
||||
|
||||
RUN cd ${HTDOCS} && \
|
||||
rm -f index.html && \
|
||||
sed -i "s:/{FOLDERNAME}::g" htaccess.txt && \
|
||||
sed -i "s:/{FOLDERNAME}::g" theme/htaccess.txt && \
|
||||
grep -l "{FOLDERNAME}" theme/*.html | xargs -L1 -I {} \
|
||||
sed -i "s:/{FOLDERNAME}::g" {} && \
|
||||
mv htaccess.txt .htaccess && \
|
||||
mv theme/htaccess.txt theme/.htaccess
|
||||
# remove index.html file from original httpd image
|
||||
RUN rm /usr/local/apache2/htdocs/index.html
|
||||
|
||||
# enable apache config to be overridden by .htaccess files
|
||||
RUN sed -i '/<Directory "\/usr\/local\/apache2\/htdocs">/,/<\/Directory>/ s/AllowOverride None/AllowOverride Options Indexes FileInfo/' /usr/local/apache2/conf/httpd.conf
|
||||
|
||||
RUN ["/bin/bash", "-c", \
|
||||
"cd $HTDOCS && touch example.{gif,jpg,txt,md,mp4,zip,doc,xls,pdf,tex,c,mp3}"]
|
||||
# define apache listen port on a port greater than 1024 to allow a non-root user to start apache
|
||||
RUN sed -i 's/Listen\ 80/Listen\ 8080/g' /usr/local/apache2/conf/httpd.conf
|
||||
EXPOSE 8080
|
||||
|
||||
EXPOSE 80
|
||||
# create 'me' group whith gid 1000 and 'me' user in this group with uid 1000
|
||||
# see https://docs.openshift.com/enterprise/3.2/creating_images/guidelines.html#use-uid
|
||||
RUN groupadd -f -g 1000 me && \
|
||||
useradd -u 1000 -g me me
|
||||
|
||||
CMD /usr/sbin/apache2ctl -D FOREGROUND
|
||||
# copy apaxy directory
|
||||
COPY --from=0 /var/www/html${apaxyPath} /usr/local/apache2/htdocs${apaxyPath}
|
||||
|
||||
WORKDIR /usr/local/apache2/htdocs${apaxyPath}
|
||||
RUN for file_extension in txt mp3 mp4 7z bin bmp c xlsx iso cpp css dev docx svg ai exe gif h html ico jar jpg js md pdf php m3u png ps psd py rar rb rpm rss cmd sql tiff epub xml zip; do touch example.${file_extension}; done
|
||||
|
||||
# allow user 'me' to read apache's files
|
||||
RUN chown -R me:root /usr/local/apache2/ && \
|
||||
chmod -R g+rwX /usr/local/apache2/
|
||||
|
||||
# start container as me
|
||||
USER me
|
||||
|
||||
@@ -1,10 +0,0 @@
|
||||
<VirtualHost *:80>
|
||||
DocumentRoot /var/www/html
|
||||
|
||||
<Directory /var/www/html/>
|
||||
Options Indexes FollowSymLinks MultiViews
|
||||
AllowOverride All
|
||||
Order deny,allow
|
||||
Allow from all
|
||||
</Directory>
|
||||
</VirtualHost>
|
||||
@@ -1,5 +1,13 @@
|
||||
apaxy:
|
||||
build: .
|
||||
ports:
|
||||
- "80:80"
|
||||
|
||||
version: '3'
|
||||
services:
|
||||
apaxy:
|
||||
image: apaxy
|
||||
build:
|
||||
context: .
|
||||
args:
|
||||
apaxyPath: ''
|
||||
ports:
|
||||
- '80:8080'
|
||||
volumes:
|
||||
- './share/:/usr/local/apache2/htdocs/share/'
|
||||
image: apaxy
|
||||
|
||||
3
share/PLACE_YOUR_FILES_HERE.txt
Normal file
3
share/PLACE_YOUR_FILES_HERE.txt
Normal file
@@ -0,0 +1,3 @@
|
||||
You can place your file in the "share" directory (here!) so that they are accessible if you use docker-compose.
|
||||
|
||||
If you want to share files at the root level of your docker container, you'll have to edit the Dockerfile.
|
||||
Reference in New Issue
Block a user