Merge branch '2-add-https-support' into 'master'

Resolve "add https-support" Closes #2 See merge request !1

Merge branch '2-add-https-support' into 'master'
Resolve "add https-support" Closes #2 See merge request !1
965b114f · Ulf Seltmann · d9a399be · d43f732c · 965b114f · 965b114f
Commit 965b114f authored 6 years ago by Ulf Seltmann
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -11,7 +11,7 @@ stages:
    mkdir -p ~/.docker && echo "$DOCKER_AUTH_CONFIG" >~/.docker/config.json
    export suffix=`expr $CI_COMMIT_TAG ':' '2.4-\(.*\)'`
    cd 2.4
-    docker build --pull -t ubleipzig/vufind-httpd:2.4 .
+    docker build --pull -t ubleipzig/vufind-httpd:2.4 -f 2.4/Dockerfile 2.4
    docker push ubleipzig/vufind-httpd:2.4
    for tag in "latest" "2" "2.4-${suffix}"; do
      docker tag ubleipzig/vufind-httpd:2.4 ubleipzig/vufind-httpd:${tag}
@@ -32,8 +32,7 @@ vufind1:
  script: |
    mkdir -p ~/.docker && echo "$DOCKER_AUTH_CONFIG" >~/.docker/config.json
    export suffix=`expr ${CI_COMMIT_TAG} ':' 'vufind1-2.4-\(.*\)'`
-    cd vufind1
-    docker build --pull -t ubleipzig/vufind-httpd:vufind1 .
+    docker build --pull -t ubleipzig/vufind-httpd:vufind1 -f 2.4/vufind1/Dockerfile 2.4/vufind1
    docker push ubleipzig/vufind-httpd:vufind1
    for tag in "2" "2.4" "2.4-${suffix}"; do
      docker tag ubleipzig/vufind-httpd:vufind1 ubleipzig/vufind-httpd:vufind1-${tag}

--- a/2.4/Dockerfile
+++ b/2.4/Dockerfile
@@ -5,6 +5,11 @@ CMD ["httpd-foreground"]
 ENV BASE_PATH=""

 ADD assets/docker-entrypoint /docker-entrypoint
-RUN chmod a+x /docker-entrypoint

 ADD assets/httpd.conf /usr/local/apache2/conf/httpd.conf
+
+RUN chmod a+x /docker-entrypoint \
+	&& apk add --no-cache openssl \
+	&& openssl genrsa -out /usr/local/apache2/conf/server.key 2048 \
+	&& openssl req -nodes -new -x509 -newkey rsa:4096 -subj "/CN=localhost" -keyout /usr/local/apache2/conf/server.key -out /usr/local/apache2/conf/server.crt -days 3650 \
+	&& apk del --no-cache openssl
--- a/2.4/assets/httpd.conf
+++ b/2.4/assets/httpd.conf
@@ -88,10 +88,7 @@ LoadModule auth_basic_module modules/mod_auth_basic.so
 #LoadModule allowmethods_module modules/mod_allowmethods.so
 #LoadModule isapi_module modules/mod_isapi.so
 #LoadModule file_cache_module modules/mod_file_cache.so
-#LoadModule cache_module modules/mod_cache.so
 #LoadModule cache_disk_module modules/mod_cache_disk.so
-#LoadModule cache_socache_module modules/mod_cache_socache.so
-#LoadModule socache_shmcb_module modules/mod_socache_shmcb.so
 #LoadModule socache_dbm_module modules/mod_socache_dbm.so
 #LoadModule socache_memcache_module modules/mod_socache_memcache.so
 #LoadModule watchdog_module modules/mod_watchdog.so
@@ -155,7 +152,12 @@ LoadModule proxy_fcgi_module modules/mod_proxy_fcgi.so
 #LoadModule session_dbd_module modules/mod_session_dbd.so
 #LoadModule slotmem_shm_module modules/mod_slotmem_shm.so
 #LoadModule slotmem_plain_module modules/mod_slotmem_plain.so
-#LoadModule ssl_module modules/mod_ssl.so
+<IfDefine ssl>
+  LoadModule ssl_module modules/mod_ssl.so
+  LoadModule cache_module modules/mod_cache.so
+  LoadModule cache_socache_module modules/mod_cache_socache.so
+  LoadModule socache_shmcb_module modules/mod_socache_shmcb.so
+</IfDefine>
 #LoadModule optional_hook_export_module modules/mod_optional_hook_export.so
 #LoadModule optional_hook_import_module modules/mod_optional_hook_import.so
 #LoadModule optional_fn_import_module modules/mod_optional_fn_import.so
@@ -258,8 +260,8 @@ ServerAdmin you@example.com
 # documents. By default, all requests are taken from this directory, but
 # symbolic links and aliases may be used to point to other locations.
 #
-DocumentRoot "/usr/local/vufind/public"
-<Directory "/usr/local/vufind/public">
+DocumentRoot "/usr/local/apache2/htdocs"
+<Directory "/usr/local/apache2/htdocs">
    #
    # Possible values for the Options directive are "None", "All",
    # or any combination of:
@@ -533,14 +535,13 @@ LogLevel warn
 Include conf/extra/proxy-html.conf
 </IfModule>

-# Secure (SSL/TLS) connections
-#Include conf/extra/httpd-ssl.conf
-#
 # Note: The following must must be present to support
 #       starting without SSL on platforms with no /dev/random equivalent
 #       but a statically compiled-in mod_ssl.
 #
+# Secure (SSL/TLS) connections
 <IfModule ssl_module>
+Include conf/extra/httpd-ssl.conf
 SSLRandomSeed startup builtin
 SSLRandomSeed connect builtin
 </IfModule>

--- a/vufind1/Dockerfile
+++ b/vufind1/Dockerfile
--- a/vufind1/assets/httpd.conf
+++ b/vufind1/assets/httpd.conf
--- a/Docker.md
+++ b/Docker.md
@@ -24,6 +24,27 @@ You can start the webserver as follows:n:
  --environment BASE_PATH=/vufind
  ubleipzig/vufind-httpd
 ```
+## advanced configuration
+
+### SSL
+
+To start containers with ssl-support enabled one has to modify the containers startup command:
+
+    httpd -D FOREGROUND -D ssl
+
+By this apache will load all necessary modules and configuration to enable SSL on port 443. The provided key and certificate are self-signed and not meant for production usage. to provide a valid key and certificate the files `/usr/local/apache2/conf/server.key` and `/usr/local/apache2/conf/server.crt` have to be overridden e.g.
+
+```bash
+$# docker run --name httpd \
+  --link php:php \
+  --volume /path/to/vufind:/usr/local/vufind:ro \
+  --volume /path/to/cache:/var/cache/vufind:ro \
+  --volume /path/to/ssl_key.pem:/usr/local/apache2/conf/server.key:ro \
+  --volume /path/to/ssl_cert.pem:/usr/local/apache2/conf/server.crt \
+  --environment BASE_PATH=/vufind \
+  ubleipzig/vufind-httpd \
+  httpd -D FOREGROUND -D ssl
+```

 ## Notes


--- a/Liesmich.md
+++ b/Liesmich.md
@@ -21,10 +21,32 @@ $# docker run --name httpd \
  --link php:php \
  --volume /path/to/vufind:/usr/local/vufind:ro \
  --volume /path/to/cache:/var/cache/vufind:ro \
-  --environment BASE_PATH=/vufind
+  --environment BASE_PATH=/vufind \
  ubleipzig/vufind-httpd
 ```

+## erweiterte Konfiguration
+
+### SSL
+
+Um den Container mit SSL-Unterstützung zu starten, muss der Startbefehl angepasst werden:
+
+    httpd -D FOREGROUND -D ssl
+
+Dadurch werden in Apache2 erforderiche Module und Konfigurationen geladen, um SSL an Port 443 zur Verfügung zu stellen. Als Schlüssel und Zertifikate werden im Image eingebaute selbstignierte Objekte benutzt. Möchte man eigens erstellte Objekte nutzen, so müssen die Dateien `/usr/local/apache2/conf/server.key` und `/usr/local/apache2/conf/server.crt` entsprechend überschrieben werden. z.B.
+
+```bash
+$# docker run --name httpd \
+  --link php:php \
+  --volume /path/to/vufind:/usr/local/vufind:ro \
+  --volume /path/to/cache:/var/cache/vufind:ro \
+  --volume /path/to/ssl_key.pem:/usr/local/apache2/conf/server.key:ro \
+  --volume /path/to/ssl_cert.pem:/usr/local/apache2/conf/server.crt \
+  --environment BASE_PATH=/vufind \
+  ubleipzig/vufind-httpd \
+  httpd -D FOREGROUND -D ssl
+```
+
 ## Anmerkungen

 * Das *vufind1*-Image existiert, um Entwicklern das Umschalten zu VuFind1-Instanzen so einfach wie möglich zu machen. Hier wird keine weitere Arbeit investiert, z.B. funktioniert die Pfad-Konfiguration über die `BASE_PATH`-Variable nicht.