Added configuration for ssl with apache2 based on the nginx container
This commit is contained in:
parent
d6b7d95f34
commit
fb110a9d91
@ -2,36 +2,25 @@ FROM webdevops/apache:ubuntu-18.04
|
|||||||
|
|
||||||
LABEL maintainer="Eric Pfeiffer <computerfr33k@users.noreply.github.com>"
|
LABEL maintainer="Eric Pfeiffer <computerfr33k@users.noreply.github.com>"
|
||||||
|
|
||||||
|
ARG DOCUMENT_ROOT=/var/www/
|
||||||
ARG PHP_UPSTREAM_CONTAINER=php-fpm
|
ARG PHP_UPSTREAM_CONTAINER=php-fpm
|
||||||
ARG PHP_UPSTREAM_PORT=9000
|
ARG PHP_UPSTREAM_PORT=9000
|
||||||
ARG PHP_UPSTREAM_TIMEOUT=60
|
ARG PHP_UPSTREAM_TIMEOUT=60
|
||||||
ARG DOCUMENT_ROOT=/var/www/
|
ARG APACHE_INSTALL_HTTP2=false
|
||||||
|
|
||||||
ENV WEB_PHP_SOCKET=${PHP_UPSTREAM_CONTAINER}:${PHP_UPSTREAM_PORT}
|
ENV WEB_PHP_SOCKET=${PHP_UPSTREAM_CONTAINER}:${PHP_UPSTREAM_PORT}
|
||||||
|
|
||||||
ENV WEB_DOCUMENT_ROOT=${DOCUMENT_ROOT}
|
ENV WEB_DOCUMENT_ROOT=${DOCUMENT_ROOT}
|
||||||
|
ENV APACHE_HTTP2=${APACHE_INSTALL_HTTP2}
|
||||||
ENV WEB_PHP_TIMEOUT=${PHP_UPSTREAM_TIMEOUT}
|
ENV WEB_PHP_TIMEOUT=${PHP_UPSTREAM_TIMEOUT}
|
||||||
|
|
||||||
EXPOSE 80 443
|
|
||||||
|
|
||||||
WORKDIR /var/www/
|
WORKDIR /var/www/
|
||||||
|
|
||||||
COPY vhost.conf /etc/apache2/sites-enabled/vhost.conf
|
COPY vhost.conf /etc/apache2/sites-enabled/vhost.conf
|
||||||
|
|
||||||
ARG APACHE_INSTALL_HTTP2=false
|
ADD ./startup.sh /opt/startup.sh
|
||||||
RUN mkdir /etc/apache2/ssl 2> /dev/null
|
|
||||||
RUN if [ ${APACHE_INSTALL_HTTP2} = true ]; then \
|
|
||||||
openssl genrsa -out "/etc/apache2/ssl/ssl_site.key" 2048 \
|
|
||||||
&& openssl rand -out /root/.rnd -hex 256 \
|
|
||||||
&& openssl req -new -key "/etc/apache2/ssl/ssl_site.key" -out "/etc/apache2/ssl/ssl_site.csr" -subj "/CN=site.com/O=LGS/C=IT" \
|
|
||||||
&& openssl x509 -req -days 365 -in "/etc/apache2/ssl/ssl_site.csr" -signkey "/etc/apache2/ssl/ssl_site.key" -out "/etc/apache2/ssl/ssl_site.crt" \
|
|
||||||
&& a2enmod rewrite \
|
|
||||||
&& a2enmod headers \
|
|
||||||
&& a2enmod proxy proxy_html proxy_http xml2enc ssl http2 \
|
|
||||||
&& service apache2 restart \
|
|
||||||
;fi
|
|
||||||
|
|
||||||
ENTRYPOINT ["/opt/docker/bin/entrypoint.sh"]
|
ENTRYPOINT ["/opt/docker/bin/entrypoint.sh"]
|
||||||
|
|
||||||
CMD ["supervisord"]
|
CMD ["/bin/bash", "/opt/startup.sh"]
|
||||||
|
|
||||||
|
EXPOSE 80 443
|
@ -13,4 +13,6 @@
|
|||||||
</IfVersion>
|
</IfVersion>
|
||||||
</Directory>
|
</Directory>
|
||||||
|
|
||||||
|
ErrorLog /var/log/apache2/error.log
|
||||||
|
CustomLog /var/log/apache2/access.log combined
|
||||||
</VirtualHost>
|
</VirtualHost>
|
||||||
|
32
apache2/sites/default.apache.ssl.example
Normal file
32
apache2/sites/default.apache.ssl.example
Normal file
@ -0,0 +1,32 @@
|
|||||||
|
<VirtualHost *:80>
|
||||||
|
ServerName laradock.test
|
||||||
|
ServerAlias *.laradock.test
|
||||||
|
|
||||||
|
RewriteEngine On
|
||||||
|
RewriteCond %{HTTPS} !on
|
||||||
|
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
|
||||||
|
</VirtualHost>
|
||||||
|
|
||||||
|
<VirtualHost *:443>
|
||||||
|
ServerName laradock.test
|
||||||
|
ServerAlias *.laradock.test
|
||||||
|
DocumentRoot /var/www/
|
||||||
|
Options Indexes FollowSymLinks
|
||||||
|
|
||||||
|
SSLEngine on
|
||||||
|
SSLCertificateFile /etc/apache2/ssl/ssl_site.crt
|
||||||
|
SSLCertificateKeyFile /etc/apache2/ssl/ssl_site.key
|
||||||
|
|
||||||
|
<Directory "/var/www/">
|
||||||
|
AllowOverride All
|
||||||
|
<IfVersion < 2.4>
|
||||||
|
Allow from all
|
||||||
|
</IfVersion>
|
||||||
|
<IfVersion >= 2.4>
|
||||||
|
Require all granted
|
||||||
|
</IfVersion>
|
||||||
|
</Directory>
|
||||||
|
|
||||||
|
ErrorLog /var/log/apache2/error.log
|
||||||
|
CustomLog /var/log/apache2/access.log combined
|
||||||
|
</VirtualHost>
|
4
apache2/ssl/.gitignore
vendored
Normal file
4
apache2/ssl/.gitignore
vendored
Normal file
@ -0,0 +1,4 @@
|
|||||||
|
*.crt
|
||||||
|
*.csr
|
||||||
|
*.key
|
||||||
|
*.pem
|
21
apache2/startup.sh
Normal file
21
apache2/startup.sh
Normal file
@ -0,0 +1,21 @@
|
|||||||
|
#!/bin/bash
|
||||||
|
|
||||||
|
mkdir /etc/apache2/ssl 2> /dev/null
|
||||||
|
|
||||||
|
# Change laradock.test to the URL to be used
|
||||||
|
if [ ${APACHE_HTTP2} = true ]; then
|
||||||
|
if [ ! -f /etc/apache2/ssl/ssl_site.crt ]; then
|
||||||
|
openssl genrsa -out "/etc/apache2/ssl/ssl_site.key" 2048
|
||||||
|
openssl rand -out /root/.rnd -hex 256
|
||||||
|
openssl req -new -key "/etc/apache2/ssl/ssl_site.key" -out "/etc/apache2/ssl/ssl_site.csr" -subj "/CN=laradock.test/O=Laradock/C=BR"
|
||||||
|
openssl x509 -req -days 365 -extfile <(printf "subjectAltName=DNS:laradock.test,DNS:*.laradock.test") -in "/etc/apache2/ssl/ssl_site.csr" -signkey "/etc/apache2/ssl/ssl_site.key" -out "/etc/apache2/ssl/ssl_site.crt"
|
||||||
|
fi
|
||||||
|
|
||||||
|
a2enmod rewrite
|
||||||
|
a2enmod headers
|
||||||
|
a2enmod proxy proxy_html proxy_http xml2enc ssl http2
|
||||||
|
service apache2 restart
|
||||||
|
fi
|
||||||
|
|
||||||
|
# Start supervisord in foreground
|
||||||
|
supervisord
|
@ -423,6 +423,7 @@ services:
|
|||||||
- ${APP_CODE_PATH_HOST}:${APP_CODE_PATH_CONTAINER}${APP_CODE_CONTAINER_FLAG}
|
- ${APP_CODE_PATH_HOST}:${APP_CODE_PATH_CONTAINER}${APP_CODE_CONTAINER_FLAG}
|
||||||
- ${APACHE_HOST_LOG_PATH}:/var/log/apache2
|
- ${APACHE_HOST_LOG_PATH}:/var/log/apache2
|
||||||
- ${APACHE_SITES_PATH}:/etc/apache2/sites-available
|
- ${APACHE_SITES_PATH}:/etc/apache2/sites-available
|
||||||
|
- ${APACHE_SSL_PATH}:/etc/apache2/ssl
|
||||||
ports:
|
ports:
|
||||||
- "${APACHE_HOST_HTTP_PORT}:80"
|
- "${APACHE_HOST_HTTP_PORT}:80"
|
||||||
- "${APACHE_HOST_HTTPS_PORT}:443"
|
- "${APACHE_HOST_HTTPS_PORT}:443"
|
||||||
|
@ -337,6 +337,7 @@ APACHE_PHP_UPSTREAM_CONTAINER=php-fpm
|
|||||||
APACHE_PHP_UPSTREAM_PORT=9000
|
APACHE_PHP_UPSTREAM_PORT=9000
|
||||||
APACHE_PHP_UPSTREAM_TIMEOUT=60
|
APACHE_PHP_UPSTREAM_TIMEOUT=60
|
||||||
APACHE_DOCUMENT_ROOT=/var/www/
|
APACHE_DOCUMENT_ROOT=/var/www/
|
||||||
|
APACHE_SSL_PATH=./apache2/ssl/
|
||||||
APACHE_INSTALL_HTTP2=false
|
APACHE_INSTALL_HTTP2=false
|
||||||
|
|
||||||
### MYSQL #################################################
|
### MYSQL #################################################
|
||||||
|
Loading…
Reference in New Issue
Block a user