mirror of
https://github.com/oupala/apaxy.git
synced 2025-08-23 13:23:43 +02:00
feat: docker image
The new Dockerfile is based on a smaller image (httpd instead of php) and is more secure due to a smaller attack surface. It also comes with a docker-compose configuration and offers some options. The Dockerfile is using a multi-stage build, and it using the brand new apaxy install script. It is also running as non root so the image can run in a secured container cluster.
This commit is contained in:
oupala
62
Dockerfile
62
Dockerfile
@@ -1,30 +1,52 @@
|
|||||||
FROM php:7.3-apache
|
# bash docker image will be used for configuring apaxy
|
||||||
LABEL authors="Carlos Brandt <chbrandt@github>, Inti Gabriel <inti.gabriel+github@intigabriel.de>"
|
FROM bash
|
||||||
|
|
||||||
ARG HTDOCS=/var/www/html
|
# set apaxyPath to the path where you want apaxy to be installed
|
||||||
|
# by default, apaxy will be available at "/" (web root)
|
||||||
|
ARG apaxyPath=""
|
||||||
|
|
||||||
ENV APACHE_RUN_USER=www-data \
|
# copy apaxy and proceed to configuration
|
||||||
APACHE_RUN_GROUP=www-data
|
WORKDIR /
|
||||||
|
COPY . /
|
||||||
|
RUN bash apaxy-configure.sh -w "${apaxyPath}"
|
||||||
|
|
||||||
RUN a2enmod rewrite
|
# httpd docker image will be used for running apaxy
|
||||||
|
FROM httpd:2.4
|
||||||
|
|
||||||
COPY apache-config.conf /etc/apache2/sites-enabled/000-default.conf
|
# set apaxyPath to the path where you want apaxy to be installed
|
||||||
|
# by default, apaxy will be available at "/" (web root)
|
||||||
|
ARG apaxyPath=""
|
||||||
|
|
||||||
COPY apaxy/ $HTDOCS
|
# image labels and description
|
||||||
|
LABEL name="apaxy" \
|
||||||
|
description="Apaxy is a customisable theme built to enhance the experience of browsing web directories. It uses the mod_autoindex Apache module — and some CSS — to override the default style of a directory listing" \
|
||||||
|
maintainer="Ploc" \
|
||||||
|
url="https://oupala.github.io/apaxy/"
|
||||||
|
|
||||||
RUN cd ${HTDOCS} && \
|
# remove index.html file from original httpd image
|
||||||
rm -f index.html && \
|
RUN rm /usr/local/apache2/htdocs/index.html
|
||||||
sed -i "s:/{FOLDERNAME}::g" htaccess.txt && \
|
|
||||||
sed -i "s:/{FOLDERNAME}::g" theme/htaccess.txt && \
|
|
||||||
grep -l "{FOLDERNAME}" theme/*.html | xargs -L1 -I {} \
|
|
||||||
sed -i "s:/{FOLDERNAME}::g" {} && \
|
|
||||||
mv htaccess.txt .htaccess && \
|
|
||||||
mv theme/htaccess.txt theme/.htaccess
|
|
||||||
|
|
||||||
|
# enable apache config to be overridden by .htaccess files
|
||||||
|
RUN sed -i '/<Directory "\/usr\/local\/apache2\/htdocs">/,/<\/Directory>/ s/AllowOverride None/AllowOverride Options Indexes FileInfo/' /usr/local/apache2/conf/httpd.conf
|
||||||
|
|
||||||
RUN ["/bin/bash", "-c", \
|
# define apache listen port on a port greater than 1024 to allow a non-root user to start apache
|
||||||
"cd $HTDOCS && touch example.{gif,jpg,txt,md,mp4,zip,doc,xls,pdf,tex,c,mp3}"]
|
RUN sed -i 's/Listen\ 80/Listen\ 8080/g' /usr/local/apache2/conf/httpd.conf
|
||||||
|
EXPOSE 8080
|
||||||
|
|
||||||
EXPOSE 80
|
# create 'me' group whith gid 1000 and 'me' user in this group with uid 1000
|
||||||
|
# see https://docs.openshift.com/enterprise/3.2/creating_images/guidelines.html#use-uid
|
||||||
|
RUN groupadd -f -g 1000 me && \
|
||||||
|
useradd -u 1000 -g me me
|
||||||
|
|
||||||
CMD /usr/sbin/apache2ctl -D FOREGROUND
|
# copy apaxy directory
|
||||||
|
COPY --from=0 /var/www/html${apaxyPath} /usr/local/apache2/htdocs${apaxyPath}
|
||||||
|
|
||||||
|
WORKDIR /usr/local/apache2/htdocs${apaxyPath}
|
||||||
|
RUN for file_extension in txt mp3 mp4 7z bin bmp c xlsx iso cpp css dev docx svg ai exe gif h html ico jar jpg js md pdf php m3u png ps psd py rar rb rpm rss cmd sql tiff epub xml zip; do touch example.${file_extension}; done
|
||||||
|
|
||||||
|
# allow user 'me' to read apache's files
|
||||||
|
RUN chown -R me:root /usr/local/apache2/ && \
|
||||||
|
chmod -R g+rwX /usr/local/apache2/
|
||||||
|
|
||||||
|
# start container as me
|
||||||
|
USER me
|
||||||
|
|||||||
@@ -1,10 +0,0 @@
|
|||||||
<VirtualHost *:80>
|
|
||||||
DocumentRoot /var/www/html
|
|
||||||
|
|
||||||
<Directory /var/www/html/>
|
|
||||||
Options Indexes FollowSymLinks MultiViews
|
|
||||||
AllowOverride All
|
|
||||||
Order deny,allow
|
|
||||||
Allow from all
|
|
||||||
</Directory>
|
|
||||||
</VirtualHost>
|
|
||||||
@@ -1,5 +1,13 @@
|
|||||||
apaxy:
|
version: '3'
|
||||||
build: .
|
services:
|
||||||
ports:
|
apaxy:
|
||||||
- "80:80"
|
image: apaxy
|
||||||
|
build:
|
||||||
|
context: .
|
||||||
|
args:
|
||||||
|
apaxyPath: ''
|
||||||
|
ports:
|
||||||
|
- '80:8080'
|
||||||
|
volumes:
|
||||||
|
- './share/:/usr/local/apache2/htdocs/share/'
|
||||||
|
image: apaxy
|
||||||
|
|||||||
3
share/PLACE_YOUR_FILES_HERE.txt
Normal file
3
share/PLACE_YOUR_FILES_HERE.txt
Normal file
@@ -0,0 +1,3 @@
|
|||||||
|
You can place your file in the "share" directory (here!) so that they are accessible if you use docker-compose.
|
||||||
|
|
||||||
|
If you want to share files at the root level of your docker container, you'll have to edit the Dockerfile.
|
||||||
Reference in New Issue
Block a user