Merge branch '1-add-support-for-shibboleth' into 'master'

Resolve "add support for shibboleth"

Closes #1

See merge request !3

2.4/Dockerfile

-FROM httpd:2.4-alpine
-ENTRYPOINT [ "/docker-entrypoint" ]
-CMD ["httpd-foreground"]
+FROM ubleipzig/httpd:2.4-1
 
 ENV BASE_PATH=""
 
-ADD assets/docker-entrypoint /docker-entrypoint
+ADD assets/vufind.conf /etc/apache2/sites-available/vufind.conf
 
-ADD assets/httpd.conf /usr/local/apache2/conf/httpd.conf
-
-RUN chmod a+x /docker-entrypoint \
-	&& apk add --no-cache openssl \
-	&& openssl genrsa -out /usr/local/apache2/conf/server.key 2048 \
-	&& openssl req -nodes -new -x509 -newkey rsa:4096 -subj "/CN=localhost" -keyout /usr/local/apache2/conf/server.key -out /usr/local/apache2/conf/server.crt -days 3650 \
-	&& apk del --no-cache openssl
+RUN a2ensite vufind
\ No newline at end of file

2.4/assets/docker-entrypoint

-#!/bin/bash
-set -e
-
-sed -e 's!AliasMatch \^\(/themes\|/cache\)!AliasMatch \^'${BASE_PATH}'\1!' -i /usr/local/apache2/conf/httpd.conf
-sed -e 's!Alias / !Alias '${BASE_PATH}'/ !' -i /usr/local/apache2/conf/httpd.conf
-sed -e 's!Location />!Location '${BASE_PATH}'/>!' -i /usr/local/apache2/conf/httpd.conf
-sed -e 's!RewriteBase /!RewriteBase '${BASE_PATH}'/!' -i /usr/local/apache2/conf/httpd.conf
-
-exec "$@"
\ No newline at end of file

2.4/assets/vufind.conf

+<FilesMatch \.php$>
+  SetHandler "proxy:fcgi://php:9000"
+</FilesMatch>
+
+# Configuration for theme-specific resources:
+AliasMatch ^${BASE_PATH}/themes/([0-9a-zA-Z-_]*)/css/(.*)$ /usr/local/vufind/themes/$1/css/$2
+AliasMatch ^${BASE_PATH}/themes/([0-9a-zA-Z-_]*)/images/(.*)$ /usr/local/vufind/themes/$1/images/$2
+AliasMatch ^${BASE_PATH}/themes/([0-9a-zA-Z-_]*)/js/(.*)$ /usr/local/vufind/themes/$1/js/$2
+<Directory ~ "^/usr/local/vufind/themes/([0-9a-zA-Z-_]*)/(css|images|js)/">
+  <IfModule !mod_authz_core.c>
+    Order allow,deny
+    Allow from all
+  </IfModule>
+  <IfModule mod_authz_core.c>
+    Require all granted
+  </IfModule>
+  AllowOverride All
+</Directory>
+
+# Configuration for public cache (used for asset pipeline minification)
+AliasMatch ^${BASE_PATH}/cache/(.*)$ /var/cache/vufind/public/$1
+<Directory /var/cache/vufind/public/>
+  <IfModule !mod_authz_core.c>
+    Order allow,deny
+    Allow from all
+  </IfModule>
+  <IfModule mod_authz_core.c>
+    Require all granted
+  </IfModule>
+  AllowOverride All
+</Directory>
+
+# Configuration for general VuFind base:
+Alias ${BASE_PATH}/ /usr/local/vufind/public/
+<Directory /usr/local/vufind/public/>
+  <IfModule !mod_authz_core.c>
+    Order allow,deny
+    Allow from all
+  </IfModule>
+  <IfModule mod_authz_core.c>
+    Require all granted
+  </IfModule>
+  AllowOverride All
+
+  # If you wish to use the Shibboleth authentication, uncomment the following lines
+  # AND comment out the "Require all granted" line above. There must not be any other
+  # "Require" lines in this configuration section for the "Require shibboleth"
+  # directive to be effective.
+  #AuthType shibboleth
+  #Require shibboleth
+</Directory>
+
+<Location ${BASE_PATH}/>
+  RewriteEngine On
+#  RewriteBase ${BASE_PATH}/
+
+  RewriteCond %{REQUEST_FILENAME} -s [OR]
+  RewriteCond %{REQUEST_FILENAME} -l [OR]
+  RewriteCond %{REQUEST_FILENAME} -d
+  RewriteRule ^.*$ - [NC,L]
+  RewriteRule ^.*$ index.php [NC,L]
+
+</Location>
+
+# Having a configured shibboleth-handler
+<Location ${SHIB_HANDLER_URL}>
+  RewriteEngine On
+  RewriteRule .* - [L]
+</Location>
\ No newline at end of file

Changelog.md

 # Changelog
 
+## [2.4-4] - 2018-07-02
+
+#### Added
+* shibboleth-support **this is a breaking feature due to a new base image. see _advanced startup_ for how to start the container for different purposes**
+
 ## [2.4-3] - 2018-06-18
+
 ### Added
 * ssl-support
 * added proxy-support to gitlab-ci
 
 ## [vufind1-2.4-1] - 2018-04-18
+
 ### Added
 * initial image for vufind1
 
@@ -13,4 +20,5 @@
 * initial release
 
 [vufind1-2.4-1]: https://git.sc.uni-leipzig.de/ubl/bdd_dev/docker/vufind-httpd/compare/2.4-2...vufind1-2.4-1
-[2.4-3]: https://git.sc.uni-leipzig.de/ubl/bdd_dev/docker/vufind-httpd/compare/vufind1-2.4-1...2.4-3
\ No newline at end of file
+[2.4-3]: https://git.sc.uni-leipzig.de/ubl/bdd_dev/docker/vufind-httpd/compare/vufind1-2.4-1...2.4-3
+[2.4-4]: https://git.sc.uni-leipzig.de/ubl/bdd_dev/docker/vufind-httpd/compare/vufind1-2.4-3...2.4-4
\ No newline at end of file

Docker.md

 # vufind-httpd
 
-*vufind-httpd* is [VuFind]s default webserver, which delivers file-requests and passes requests through to the php-service. the image is based on [httpd:alpine].
+*vufind-httpd* is [VuFind]s default webserver, which delivers file-requests and passes requests through to the php-service. The image is based on [ubleipzig/httpd].
 
 The images are extended by a default configuration with [VuFind]-specific configuration. The configuration expects the [VuFind]-Sources under `/usr/local/vufind`, and the cache-files which are built at [VuFind]-runtime under `/var/cache/vufind`.
 
-Also i created a new *entrypoint* that modifies the configuration based on the value from the environment variable `BASE_PATH`. If you want to access [VuFind] unter http://localhost/vufind you need to provide the environment variable `BASE_PATH=/vufind` on container-create.
+If you want to access [VuFind] unter http://localhost/vufind you need to provide the environment variable `BASE_PATH=/vufind` on container-create.
 
 ## supported tags
 
@@ -15,7 +15,7 @@ Also i created a new *entrypoint* that modifies the configuration based on the v
 
 Usage makes only sense in connection with with [vufind-php], which provides the application server of [VuFind]. The server needs to be available as host *php*. Also the [VuFind]-files need to be connected to the container, so that the webserver can serve static content. [VuFind] creates additional cache-files, which have to be served by the webserver. This folder needs to be connected to the container as well.
 
-You can start the webserver as follows:n:
+You can start the webserver as follows:
 ```
 #$ docker run --name httpd \
   --link php:php \
@@ -24,27 +24,10 @@ You can start the webserver as follows:n:
   --environment BASE_PATH=/vufind
   ubleipzig/vufind-httpd
 ```
-## advanced configuration
-
-### SSL
-
-To start containers with ssl-support enabled one has to modify the containers startup command:
 
-    httpd -D FOREGROUND -D ssl
-
-By this apache will load all necessary modules and configuration to enable SSL on port 443. The provided key and certificate are self-signed and not meant for production usage. to provide a valid key and certificate the files `/usr/local/apache2/conf/server.key` and `/usr/local/apache2/conf/server.crt` have to be overridden e.g.
+## advanced configuration
 
-```bash
-$# docker run --name httpd \
-  --link php:php \
-  --volume /path/to/vufind:/usr/local/vufind:ro \
-  --volume /path/to/cache:/var/cache/vufind:ro \
-  --volume /path/to/ssl_key.pem:/usr/local/apache2/conf/server.key:ro \
-  --volume /path/to/ssl_cert.pem:/usr/local/apache2/conf/server.crt \
-  --environment BASE_PATH=/vufind \
-  ubleipzig/vufind-httpd \
-  httpd -D FOREGROUND -D ssl
-```
+* `BASE_PATH=""`: the base-path under which VuFind is reachable
 
 ## Notes
 
@@ -52,7 +35,7 @@ $# docker run --name httpd \
 * There are no tests until i know how to write them for Docker-images
 
 [VuFind]: https://github.com/vufind-org/vufind
-[httpd:alpine]: https://hub.docker.com/_/httpd/
+[ubleipzig/httpd]: https://hub.docker.com/_/httpd/
 [2.4/Dockerfile]: https://git.sc.uni-leipzig.de/ubl/bdd_dev/docker/vufind-httpd/blob/master/2.4/Dockerfile
 [vufind1/Dockerfile]: https://git.sc.uni-leipzig.de/ubl/bdd_dev/docker/vufind-httpd/blob/master/vufind1/Dockerfile
 [vufind-php]: https://hub.docker.com/r/ubleipzig/vufind-php/

Liesmich.md

 # vufind-httpd
 
-*vufind-httpd* ist der Standard-Webserver von [VuFind], welcher Datei-Requests ausliefert und Anfragen an den PHP-Service weiterleitet. Das Basis-Image ist [httpd:alpine].
+*vufind-httpd* ist der Standard-Webserver von [VuFind], welcher Datei-Requests ausliefert und Anfragen an den PHP-Service weiterleitet. Das Basis-Image ist [ubleipzig/httpd].
 
 Das Image wurde dahingehend erweitert, dass eine Standard-Konfiguration eingefügt wird, welche die [VuFind]-spezifische Konfiguration beinhaltet. Die Konfiguration erwartet die  Quellen von [VuFind] unter `/usr/local/vufind`, die Cache-Dateien, welche von PHP/VuFind zur Laufzeit erzeugt werden, werden unter `/var/cache/vufind` erwartet.
 
-Weiterhin wurde ein eigener *entrypoint* erstellt, welcher den Pfadanteil der Request-URL anhand der Umgebungsvariablen `BASE_PATH` anpasst. Möchte man [VuFind] unter http://localhost/vufind aufrufen, muss man bei Container-Start die Umgebungsvariable `BASE_PATH=/vufind` mitgeben.
+Möchte man [VuFind] unter http://localhost/vufind aufrufen, muss man bei Container-Start die Umgebungsvariable `BASE_PATH=/vufind` mitgeben.
 
 ## Unterstützte tags
 
@@ -27,25 +27,7 @@ $# docker run --name httpd \
 
 ## erweiterte Konfiguration
 
-### SSL
-
-Um den Container mit SSL-Unterstützung zu starten, muss der Startbefehl angepasst werden:
-
-    httpd -D FOREGROUND -D ssl
-
-Dadurch werden in Apache2 erforderiche Module und Konfigurationen geladen, um SSL an Port 443 zur Verfügung zu stellen. Als Schlüssel und Zertifikate werden im Image eingebaute selbstignierte Objekte benutzt. Möchte man eigens erstellte Objekte nutzen, so müssen die Dateien `/usr/local/apache2/conf/server.key` und `/usr/local/apache2/conf/server.crt` entsprechend überschrieben werden. z.B.
-
-```bash
-$# docker run --name httpd \
-  --link php:php \
-  --volume /path/to/vufind:/usr/local/vufind:ro \
-  --volume /path/to/cache:/var/cache/vufind:ro \
-  --volume /path/to/ssl_key.pem:/usr/local/apache2/conf/server.key:ro \
-  --volume /path/to/ssl_cert.pem:/usr/local/apache2/conf/server.crt \
-  --environment BASE_PATH=/vufind \
-  ubleipzig/vufind-httpd \
-  httpd -D FOREGROUND -D ssl
-```
+* `BASE_PATH=""`: der Basis-Pfad, an dem VuFind erreichbar sein soll
 
 ## Anmerkungen
 
@@ -53,7 +35,7 @@ $# docker run --name httpd \
 * es müssen Tests geschrieben werden, sobald ich weiß, wie man das für Docker-Images am besten macht
 
 [VuFind]: https://github.com/vufind-org/vufind
-[httpd:alpine]: https://hub.docker.com/_/httpd/
+[ubleipzig/httpd]: https://hub.docker.com/_/httpd/
 [2.4/Dockerfile]: https://git.sc.uni-leipzig.de/ubl/bdd_dev/docker/vufind-httpd/blob/master/2.4/Dockerfile
 [vufind1/Dockerfile]: https://git.sc.uni-leipzig.de/ubl/bdd_dev/docker/vufind-httpd/blob/master/vufind1/Dockerfile
 [vufind-php]: https://hub.docker.com/r/ubleipzig/vufind-php/

Makefile

+HTTP_PROXY = http://proxy.uni-leipzig.de:3128
+HTTPS_PROXY = http://proxy.uni-leipzig.de:3128
+IMAGE_NAME = ubleipzig/vufind-httpd
+
+.PHONY: vufind1 2.4
+
+vufind1:
+	docker build --pull \
+		--build-arg HTTP_PROXY=$(HTTP_PROXY) \
+		--build-arg HTTPS_PROXY=$(HTTPS_PROXY) \
+		--build-arg NO_PROXY=$(NO_PROXY) \
+		--build-arg http_proxy=$(HTTP_PROXY) \
+		--build-arg https_proxy=$(HTTPS_PROXY) \
+		--build-arg no_proxy=$(NO_PROXY) \
+		-t $(IMAGE_NAME):vufind1 \
+		2.4/vufind1
+
+2.4:
+	docker build --pull \
+		--build-arg HTTP_PROXY=$(HTTP_PROXY) \
+		--build-arg HTTPS_PROXY=$(HTTPS_PROXY) \
+		--build-arg NO_PROXY=$(NO_PROXY) \
+		--build-arg http_proxy=$(HTTP_PROXY) \
+		--build-arg https_proxy=$(HTTPS_PROXY) \
+		--build-arg no_proxy=$(NO_PROXY) \
+		-t $(IMAGE_NAME):2.4 \
+		2.4
\ No newline at end of file