From f2a81442d1b1f7a1503e3f8dcd39147645b09613 Mon Sep 17 00:00:00 2001
From: oupala <oupala@users.noreply.github.com>
Date: Mon, 20 May 2019 16:45:27 +0200
Subject: [PATCH] feat: docker image

The new Dockerfile is based on a smaller image (httpd instead of php) and is more secure due to a smaller attack surface. It also comes with a docker-compose configuration and offers some options.

The Dockerfile is using a multi-stage build, and it using the brand new apaxy install script. It is also running as non root so the image can run in a secured container cluster.
---
 Dockerfile                      | 62 ++++++++++++++++++++++-----------
 apache-config.conf              | 10 ------
 docker-compose.yml              | 18 +++++++---
 share/PLACE_YOUR_FILES_HERE.txt |  3 ++
 4 files changed, 58 insertions(+), 35 deletions(-)
 delete mode 100644 apache-config.conf
 create mode 100644 share/PLACE_YOUR_FILES_HERE.txt

diff --git a/Dockerfile b/Dockerfile
index a1b1e71..5c80554 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,30 +1,52 @@
-FROM php:7.3-apache
-LABEL authors="Carlos Brandt <chbrandt@github>, Inti Gabriel <inti.gabriel+github@intigabriel.de>"
+# bash docker image will be used for configuring apaxy
+FROM bash
 
-ARG HTDOCS=/var/www/html
+# set apaxyPath to the path where you want apaxy to be installed
+# by default, apaxy will be available at "/" (web root)
+ARG apaxyPath=""
 
-ENV APACHE_RUN_USER=www-data \
-    APACHE_RUN_GROUP=www-data
+# copy apaxy and proceed to configuration
+WORKDIR /
+COPY . /
+RUN bash apaxy-configure.sh -w "${apaxyPath}"
 
-RUN a2enmod rewrite
+# httpd docker image will be used for running apaxy
+FROM httpd:2.4
 
-COPY apache-config.conf /etc/apache2/sites-enabled/000-default.conf
+# set apaxyPath to the path where you want apaxy to be installed
+# by default, apaxy will be available at "/" (web root)
+ARG apaxyPath=""
 
-COPY apaxy/ $HTDOCS
+# image labels and description
+LABEL name="apaxy" \
+      description="Apaxy is a customisable theme built to enhance the experience of browsing web directories. It uses the mod_autoindex Apache module — and some CSS — to override the default style of a directory listing" \
+      maintainer="Ploc" \
+      url="https://oupala.github.io/apaxy/"
 
-RUN cd ${HTDOCS}                                            && \
-    rm -f index.html                                        && \
-    sed -i "s:/{FOLDERNAME}::g" htaccess.txt                && \
-    sed -i "s:/{FOLDERNAME}::g" theme/htaccess.txt          && \
-    grep -l "{FOLDERNAME}" theme/*.html | xargs -L1 -I {}   \
-        sed -i "s:/{FOLDERNAME}::g" {}                      && \
-    mv htaccess.txt .htaccess                               && \
-    mv theme/htaccess.txt theme/.htaccess
+# remove index.html file from original httpd image
+RUN rm /usr/local/apache2/htdocs/index.html
 
+# enable apache config to be overridden by .htaccess files
+RUN sed -i '/<Directory "\/usr\/local\/apache2\/htdocs">/,/<\/Directory>/ s/AllowOverride None/AllowOverride Options Indexes FileInfo/' /usr/local/apache2/conf/httpd.conf
 
-RUN ["/bin/bash", "-c", \
-    "cd $HTDOCS && touch example.{gif,jpg,txt,md,mp4,zip,doc,xls,pdf,tex,c,mp3}"]
+# define apache listen port on a port greater than 1024 to allow a non-root user to start apache
+RUN sed -i 's/Listen\ 80/Listen\ 8080/g' /usr/local/apache2/conf/httpd.conf
+EXPOSE 8080
 
-EXPOSE 80
+# create 'me' group whith gid 1000 and 'me' user in this group with uid 1000
+# see https://docs.openshift.com/enterprise/3.2/creating_images/guidelines.html#use-uid
+RUN groupadd -f -g 1000 me && \
+    useradd -u 1000 -g me me
 
-CMD /usr/sbin/apache2ctl -D FOREGROUND
+# copy apaxy directory
+COPY --from=0 /var/www/html${apaxyPath} /usr/local/apache2/htdocs${apaxyPath}
+
+WORKDIR /usr/local/apache2/htdocs${apaxyPath}
+RUN for file_extension in txt mp3 mp4 7z bin bmp c xlsx iso cpp css dev docx svg ai exe gif h html ico jar jpg js md pdf php m3u png ps psd py rar rb rpm rss cmd sql tiff epub xml zip; do touch example.${file_extension}; done
+
+# allow user 'me' to read apache's files
+RUN chown -R me:root /usr/local/apache2/ && \
+    chmod -R g+rwX /usr/local/apache2/
+
+# start container as me
+USER me
diff --git a/apache-config.conf b/apache-config.conf
deleted file mode 100644
index 4cf1103..0000000
--- a/apache-config.conf
+++ /dev/null
@@ -1,10 +0,0 @@
-<VirtualHost *:80>
-  DocumentRoot /var/www/html
-
-  <Directory /var/www/html/>
-    Options Indexes FollowSymLinks MultiViews
-    AllowOverride All
-    Order deny,allow
-    Allow from all
-  </Directory>
-</VirtualHost>
diff --git a/docker-compose.yml b/docker-compose.yml
index bffed0f..10f1495 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -1,5 +1,13 @@
-apaxy:
-  build: .
-  ports:
-    - "80:80"
-
+version: '3'
+services:
+  apaxy:
+    image: apaxy
+    build:
+      context: .
+      args:
+        apaxyPath: ''
+    ports:
+      - '80:8080'
+    volumes:
+      - './share/:/usr/local/apache2/htdocs/share/'
+    image: apaxy
diff --git a/share/PLACE_YOUR_FILES_HERE.txt b/share/PLACE_YOUR_FILES_HERE.txt
new file mode 100644
index 0000000..5b6b08a
--- /dev/null
+++ b/share/PLACE_YOUR_FILES_HERE.txt
@@ -0,0 +1,3 @@
+You can place your file in the "share" directory (here!) so that they are accessible if you use docker-compose.
+
+If you want to share files at the root level of your docker container, you'll have to edit the Dockerfile.