Added configuration for ssl with apache2 based on the nginx container

This commit is contained in:
Marcelo Garbin 2021-03-16 10:05:46 -03:00
parent d6b7d95f34
commit fb110a9d91
7 changed files with 68 additions and 18 deletions

View File

@ -2,36 +2,25 @@ FROM webdevops/apache:ubuntu-18.04
LABEL maintainer="Eric Pfeiffer <computerfr33k@users.noreply.github.com>" LABEL maintainer="Eric Pfeiffer <computerfr33k@users.noreply.github.com>"
ARG DOCUMENT_ROOT=/var/www/
ARG PHP_UPSTREAM_CONTAINER=php-fpm ARG PHP_UPSTREAM_CONTAINER=php-fpm
ARG PHP_UPSTREAM_PORT=9000 ARG PHP_UPSTREAM_PORT=9000
ARG PHP_UPSTREAM_TIMEOUT=60 ARG PHP_UPSTREAM_TIMEOUT=60
ARG DOCUMENT_ROOT=/var/www/ ARG APACHE_INSTALL_HTTP2=false
ENV WEB_PHP_SOCKET=${PHP_UPSTREAM_CONTAINER}:${PHP_UPSTREAM_PORT} ENV WEB_PHP_SOCKET=${PHP_UPSTREAM_CONTAINER}:${PHP_UPSTREAM_PORT}
ENV WEB_DOCUMENT_ROOT=${DOCUMENT_ROOT} ENV WEB_DOCUMENT_ROOT=${DOCUMENT_ROOT}
ENV APACHE_HTTP2=${APACHE_INSTALL_HTTP2}
ENV WEB_PHP_TIMEOUT=${PHP_UPSTREAM_TIMEOUT} ENV WEB_PHP_TIMEOUT=${PHP_UPSTREAM_TIMEOUT}
EXPOSE 80 443
WORKDIR /var/www/ WORKDIR /var/www/
COPY vhost.conf /etc/apache2/sites-enabled/vhost.conf COPY vhost.conf /etc/apache2/sites-enabled/vhost.conf
ARG APACHE_INSTALL_HTTP2=false ADD ./startup.sh /opt/startup.sh
RUN mkdir /etc/apache2/ssl 2> /dev/null
RUN if [ ${APACHE_INSTALL_HTTP2} = true ]; then \
openssl genrsa -out "/etc/apache2/ssl/ssl_site.key" 2048 \
&& openssl rand -out /root/.rnd -hex 256 \
&& openssl req -new -key "/etc/apache2/ssl/ssl_site.key" -out "/etc/apache2/ssl/ssl_site.csr" -subj "/CN=site.com/O=LGS/C=IT" \
&& openssl x509 -req -days 365 -in "/etc/apache2/ssl/ssl_site.csr" -signkey "/etc/apache2/ssl/ssl_site.key" -out "/etc/apache2/ssl/ssl_site.crt" \
&& a2enmod rewrite \
&& a2enmod headers \
&& a2enmod proxy proxy_html proxy_http xml2enc ssl http2 \
&& service apache2 restart \
;fi
ENTRYPOINT ["/opt/docker/bin/entrypoint.sh"] ENTRYPOINT ["/opt/docker/bin/entrypoint.sh"]
CMD ["supervisord"] CMD ["/bin/bash", "/opt/startup.sh"]
EXPOSE 80 443

View File

@ -13,4 +13,6 @@
</IfVersion> </IfVersion>
</Directory> </Directory>
ErrorLog /var/log/apache2/error.log
CustomLog /var/log/apache2/access.log combined
</VirtualHost> </VirtualHost>

View File

@ -0,0 +1,32 @@
<VirtualHost *:80>
ServerName laradock.test
ServerAlias *.laradock.test
RewriteEngine On
RewriteCond %{HTTPS} !on
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
</VirtualHost>
<VirtualHost *:443>
ServerName laradock.test
ServerAlias *.laradock.test
DocumentRoot /var/www/
Options Indexes FollowSymLinks
SSLEngine on
SSLCertificateFile /etc/apache2/ssl/ssl_site.crt
SSLCertificateKeyFile /etc/apache2/ssl/ssl_site.key
<Directory "/var/www/">
AllowOverride All
<IfVersion < 2.4>
Allow from all
</IfVersion>
<IfVersion >= 2.4>
Require all granted
</IfVersion>
</Directory>
ErrorLog /var/log/apache2/error.log
CustomLog /var/log/apache2/access.log combined
</VirtualHost>

4
apache2/ssl/.gitignore vendored Normal file
View File

@ -0,0 +1,4 @@
*.crt
*.csr
*.key
*.pem

21
apache2/startup.sh Normal file
View File

@ -0,0 +1,21 @@
#!/bin/bash
mkdir /etc/apache2/ssl 2> /dev/null
# Change laradock.test to the URL to be used
if [ ${APACHE_HTTP2} = true ]; then
if [ ! -f /etc/apache2/ssl/ssl_site.crt ]; then
openssl genrsa -out "/etc/apache2/ssl/ssl_site.key" 2048
openssl rand -out /root/.rnd -hex 256
openssl req -new -key "/etc/apache2/ssl/ssl_site.key" -out "/etc/apache2/ssl/ssl_site.csr" -subj "/CN=laradock.test/O=Laradock/C=BR"
openssl x509 -req -days 365 -extfile <(printf "subjectAltName=DNS:laradock.test,DNS:*.laradock.test") -in "/etc/apache2/ssl/ssl_site.csr" -signkey "/etc/apache2/ssl/ssl_site.key" -out "/etc/apache2/ssl/ssl_site.crt"
fi
a2enmod rewrite
a2enmod headers
a2enmod proxy proxy_html proxy_http xml2enc ssl http2
service apache2 restart
fi
# Start supervisord in foreground
supervisord

View File

@ -423,6 +423,7 @@ services:
- ${APP_CODE_PATH_HOST}:${APP_CODE_PATH_CONTAINER}${APP_CODE_CONTAINER_FLAG} - ${APP_CODE_PATH_HOST}:${APP_CODE_PATH_CONTAINER}${APP_CODE_CONTAINER_FLAG}
- ${APACHE_HOST_LOG_PATH}:/var/log/apache2 - ${APACHE_HOST_LOG_PATH}:/var/log/apache2
- ${APACHE_SITES_PATH}:/etc/apache2/sites-available - ${APACHE_SITES_PATH}:/etc/apache2/sites-available
- ${APACHE_SSL_PATH}:/etc/apache2/ssl
ports: ports:
- "${APACHE_HOST_HTTP_PORT}:80" - "${APACHE_HOST_HTTP_PORT}:80"
- "${APACHE_HOST_HTTPS_PORT}:443" - "${APACHE_HOST_HTTPS_PORT}:443"

View File

@ -337,6 +337,7 @@ APACHE_PHP_UPSTREAM_CONTAINER=php-fpm
APACHE_PHP_UPSTREAM_PORT=9000 APACHE_PHP_UPSTREAM_PORT=9000
APACHE_PHP_UPSTREAM_TIMEOUT=60 APACHE_PHP_UPSTREAM_TIMEOUT=60
APACHE_DOCUMENT_ROOT=/var/www/ APACHE_DOCUMENT_ROOT=/var/www/
APACHE_SSL_PATH=./apache2/ssl/
APACHE_INSTALL_HTTP2=false APACHE_INSTALL_HTTP2=false
### MYSQL ################################################# ### MYSQL #################################################