From 48b0afefa90686c5535951870d2ec07cf1a50b0d Mon Sep 17 00:00:00 2001
From: Wolfgang Hottgenroth <wolfgang.hottgenroth@icloud.com>
Date: Wed, 8 Jul 2020 12:34:48 +0000
Subject: [PATCH] initial

---
 .gitlab-ci.yml             | 25 +++++++++++++++++
 Dockerfile                 | 34 +++++++++++++++++++++++
 httpd-vhosts.conf-template | 55 ++++++++++++++++++++++++++++++++++++++
 startScript.sh-template    | 18 +++++++++++++
 4 files changed, 132 insertions(+)
 create mode 100644 .gitlab-ci.yml
 create mode 100644 Dockerfile
 create mode 100644 httpd-vhosts.conf-template
 create mode 100644 startScript.sh-template

diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
new file mode 100644
index 0000000..ba1ff0f
--- /dev/null
+++ b/.gitlab-ci.yml
@@ -0,0 +1,25 @@
+stages:
+        - dockerize
+
+variables:
+        IMAGE_NAME: registry.hottis.de/dockerized/httpdispatcher
+        HUB_IMAGE_NAME: wollud1969/httpdispatcher
+
+
+dockerize:
+        stage: dockerize
+        image: wollud1969/docker-bash:0.3
+        tags:
+                - linux
+                - docker
+        script: 
+                - VERSION="$(cat VERSION).$(git rev-list --all --count).$CI_COMMIT_REF_NAME"
+                - cat httpd-vhosts.conf-template | sed -e 's/%AuthLDAPBindDN%/'"${AuthLDAPBindDN/\\/\\\\}"'/' -e 's/%AuthLDAPBindPassword%/'"${AuthLDAPBindPassword//&/\\&}"'/' -e 's@%AuthLDAPURL%@'"$AuthLDAPURL"'@' > httpd-vhosts.conf
+                - docker build --tag $IMAGE_NAME:latest --tag $IMAGE_NAME:$VERSION --tag $HUB_IMAGE_NAME:latest --tag $HUB_IMAGE_NAME:$VERSION .
+                - docker login -u gitlab-ci-token -p $CI_JOB_TOKEN $CI_REGISTRY
+                - docker push $IMAGE_NAME:latest
+                - docker push $IMAGE_NAME:$VERSION
+                - docker login -u $DOCKER_HUB_LOGIN -p $DOCKER_HUB_PASSWORD
+                - docker push $HUB_IMAGE_NAME:latest
+                - docker push $HUB_IMAGE_NAME:$VERSION
+
diff --git a/Dockerfile b/Dockerfile
new file mode 100644
index 0000000..59a96ef
--- /dev/null
+++ b/Dockerfile
@@ -0,0 +1,34 @@
+FROM httpd:2.4
+
+LABEL Maintainer="Wolfgang Hottgenroth <woho@hottis.de>"
+LABEL ImageName="registry.hottis.de/dockerized/httpdispatcher"
+LABEL HubImageName="wollud1969/httpdispatcher"
+
+RUN \
+  apt update && \
+  apt install -y curl && \
+  sed -i \
+      -e 's,^#\(LoadModule proxy_module modules/mod_proxy.so\),\1,' \
+      -e 's,^#\(LoadModule proxy_http_module modules/mod_proxy_http.so\),\1,' \
+      -e 's,^#\(LoadModule macro_module modules/mod_macro.so\),\1,' \
+      -e 's,^#\(LoadModule rewrite_module modules/mod_rewrite.so\),\1,' \
+      -e 's,^#\(LoadModule authnz_ldap_module modules/mod_authnz_ldap.so\),\1,' \
+      -e 's,^#\(LoadModule ldap_module modules/mod_ldap.so\),\1,' \
+      -e 's,^#\(LoadModule ssl_module modules/mod_ssl.so\),\1,' \
+      -e 's,^#\(LoadModule socache_shmcb_module modules/mod_socache_shmcb.so\),\1,' \
+      -e 's,^#\(Include conf/extra/httpd-vhosts.conf\),Include conf/editable/httpd-vhosts.conf,' \
+      conf/httpd.conf && \
+  mkdir conf/editable && \
+  mkdir conf/editable/ssl && \
+  mkdir conf/editable/ssl/private && \
+  mkdir conf/editable/ssl/certs 
+
+COPY httpd-vhosts.conf conf/editable/
+
+VOLUME /usr/local/apache2/conf/editable
+VOLUME /usr/local/apache2/logs
+
+EXPOSE 443/tcp
+EXPOSE 80/tcp
+
+
diff --git a/httpd-vhosts.conf-template b/httpd-vhosts.conf-template
new file mode 100644
index 0000000..bf6fff5
--- /dev/null
+++ b/httpd-vhosts.conf-template
@@ -0,0 +1,55 @@
+<Macro LDAPAuthConfig>
+    AuthBasicProvider ldap
+    AuthLDAPBindDN "%AuthLDAPBindDN%"
+    AuthLDAPBindPassword "%AuthLDAPBindPassword%"
+    AuthLDAPURL "%AuthLDAPURL%"
+    LDAPReferrals Off
+    AuthLDAPGroupAttribute member
+    AuthLDAPGroupAttributeIsDN on
+    AuthType Basic
+</Macro>
+
+SSLCipherSuite          ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES256-GCM-SHA384
+SSLProxyCipherSuite HIGH:MEDIUM:!MD5:!RC4:!3DES
+SSLHonorCipherOrder on
+SSLProtocol all -SSLv3 -SSLv2 -TLSv1 -TLSv1.1
+SSLProxyProtocol all -SSLv3
+SSLPassPhraseDialog  builtin
+SSLSessionCache        "shmcb:/usr/local/apache2/logs/ssl_scache(512000)"
+SSLSessionCacheTimeout  300
+
+
+# Example on usage on above LDAPAuthConfig macro
+#  <Location /pw>
+#    Use LDAPAuthConfig
+#    AuthName "pw-webservice"
+#    Require ldap-group CN=...
+#  </Location>
+
+Listen 0.0.0.0:443
+
+<VirtualHost 0.0.0.0:80>
+  ServerName test.example.com
+  Redirect / https://test.example.com
+</VirtualHost>
+
+<VirtualHost 0.0.0.0:443>
+  ServerName test.example.com
+  ServerAlias test
+
+  CustomLog /usr/local/apache2/logs/test_access.log combined
+  ErrorLog /usr/local/apache2/logs/test_error.log
+
+
+  AllowEncodedSlashes On
+  ProxyRequests Off
+  ProxyPreserveHost On
+  ProxyPass "/" "http://servicehost:3400/" nocanon
+  ProxyPassReverse "/" "http://servicehost:3400/"
+  RequestHeader set X-Forwarded-Proto "https"
+  RequestHeader set X-Forwarded-Port "443"
+
+
+  SSLEngine on
+</VirtualHost>
+
diff --git a/startScript.sh-template b/startScript.sh-template
new file mode 100644
index 0000000..a3c1078
--- /dev/null
+++ b/startScript.sh-template
@@ -0,0 +1,18 @@
+#!/bin/bash
+
+CONTAINER_NAME="httpdispatcher"
+IMAGE_NAME="wollud1969/httpdispatcher"
+VERSION="latest"
+if [ "$MAINADDR" = "" ]; then
+  MAINDEV=`ip route list match default |  sed -e 's/^default.*dev \(\S\+\)\( \S\+\)\? \?$/\1/'`
+  MAINADDR=`ip addr list dev $MAINDEV | awk '/inet / {print $2}' | awk -F/ '{print $1}'`
+fi
+
+docker run \
+  -d \
+  -p 80:80 \
+  -p 443:443 \
+  --add-host servicehost:$MAINADDR \
+  --name $CONTAINER_NAME \
+  --restart always \
+  $IMAGE_NAME:$VERSION