From 48b0afefa90686c5535951870d2ec07cf1a50b0d Mon Sep 17 00:00:00 2001 From: Wolfgang Hottgenroth Date: Wed, 8 Jul 2020 12:34:48 +0000 Subject: [PATCH] initial --- .gitlab-ci.yml | 25 +++++++++++++++++ Dockerfile | 34 +++++++++++++++++++++++ httpd-vhosts.conf-template | 55 ++++++++++++++++++++++++++++++++++++++ startScript.sh-template | 18 +++++++++++++ 4 files changed, 132 insertions(+) create mode 100644 .gitlab-ci.yml create mode 100644 Dockerfile create mode 100644 httpd-vhosts.conf-template create mode 100644 startScript.sh-template diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml new file mode 100644 index 0000000..ba1ff0f --- /dev/null +++ b/.gitlab-ci.yml @@ -0,0 +1,25 @@ +stages: + - dockerize + +variables: + IMAGE_NAME: registry.hottis.de/dockerized/httpdispatcher + HUB_IMAGE_NAME: wollud1969/httpdispatcher + + +dockerize: + stage: dockerize + image: wollud1969/docker-bash:0.3 + tags: + - linux + - docker + script: + - VERSION="$(cat VERSION).$(git rev-list --all --count).$CI_COMMIT_REF_NAME" + - cat httpd-vhosts.conf-template | sed -e 's/%AuthLDAPBindDN%/'"${AuthLDAPBindDN/\\/\\\\}"'/' -e 's/%AuthLDAPBindPassword%/'"${AuthLDAPBindPassword//&/\\&}"'/' -e 's@%AuthLDAPURL%@'"$AuthLDAPURL"'@' > httpd-vhosts.conf + - docker build --tag $IMAGE_NAME:latest --tag $IMAGE_NAME:$VERSION --tag $HUB_IMAGE_NAME:latest --tag $HUB_IMAGE_NAME:$VERSION . + - docker login -u gitlab-ci-token -p $CI_JOB_TOKEN $CI_REGISTRY + - docker push $IMAGE_NAME:latest + - docker push $IMAGE_NAME:$VERSION + - docker login -u $DOCKER_HUB_LOGIN -p $DOCKER_HUB_PASSWORD + - docker push $HUB_IMAGE_NAME:latest + - docker push $HUB_IMAGE_NAME:$VERSION + diff --git a/Dockerfile b/Dockerfile new file mode 100644 index 0000000..59a96ef --- /dev/null +++ b/Dockerfile @@ -0,0 +1,34 @@ +FROM httpd:2.4 + +LABEL Maintainer="Wolfgang Hottgenroth " +LABEL ImageName="registry.hottis.de/dockerized/httpdispatcher" +LABEL HubImageName="wollud1969/httpdispatcher" + +RUN \ + apt update && \ + apt install -y curl && \ + sed -i \ + -e 's,^#\(LoadModule proxy_module modules/mod_proxy.so\),\1,' \ + -e 's,^#\(LoadModule proxy_http_module modules/mod_proxy_http.so\),\1,' \ + -e 's,^#\(LoadModule macro_module modules/mod_macro.so\),\1,' \ + -e 's,^#\(LoadModule rewrite_module modules/mod_rewrite.so\),\1,' \ + -e 's,^#\(LoadModule authnz_ldap_module modules/mod_authnz_ldap.so\),\1,' \ + -e 's,^#\(LoadModule ldap_module modules/mod_ldap.so\),\1,' \ + -e 's,^#\(LoadModule ssl_module modules/mod_ssl.so\),\1,' \ + -e 's,^#\(LoadModule socache_shmcb_module modules/mod_socache_shmcb.so\),\1,' \ + -e 's,^#\(Include conf/extra/httpd-vhosts.conf\),Include conf/editable/httpd-vhosts.conf,' \ + conf/httpd.conf && \ + mkdir conf/editable && \ + mkdir conf/editable/ssl && \ + mkdir conf/editable/ssl/private && \ + mkdir conf/editable/ssl/certs + +COPY httpd-vhosts.conf conf/editable/ + +VOLUME /usr/local/apache2/conf/editable +VOLUME /usr/local/apache2/logs + +EXPOSE 443/tcp +EXPOSE 80/tcp + + diff --git a/httpd-vhosts.conf-template b/httpd-vhosts.conf-template new file mode 100644 index 0000000..bf6fff5 --- /dev/null +++ b/httpd-vhosts.conf-template @@ -0,0 +1,55 @@ + + AuthBasicProvider ldap + AuthLDAPBindDN "%AuthLDAPBindDN%" + AuthLDAPBindPassword "%AuthLDAPBindPassword%" + AuthLDAPURL "%AuthLDAPURL%" + LDAPReferrals Off + AuthLDAPGroupAttribute member + AuthLDAPGroupAttributeIsDN on + AuthType Basic + + +SSLCipherSuite ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES256-GCM-SHA384 +SSLProxyCipherSuite HIGH:MEDIUM:!MD5:!RC4:!3DES +SSLHonorCipherOrder on +SSLProtocol all -SSLv3 -SSLv2 -TLSv1 -TLSv1.1 +SSLProxyProtocol all -SSLv3 +SSLPassPhraseDialog builtin +SSLSessionCache "shmcb:/usr/local/apache2/logs/ssl_scache(512000)" +SSLSessionCacheTimeout 300 + + +# Example on usage on above LDAPAuthConfig macro +# +# Use LDAPAuthConfig +# AuthName "pw-webservice" +# Require ldap-group CN=... +# + +Listen 0.0.0.0:443 + + + ServerName test.example.com + Redirect / https://test.example.com + + + + ServerName test.example.com + ServerAlias test + + CustomLog /usr/local/apache2/logs/test_access.log combined + ErrorLog /usr/local/apache2/logs/test_error.log + + + AllowEncodedSlashes On + ProxyRequests Off + ProxyPreserveHost On + ProxyPass "/" "http://servicehost:3400/" nocanon + ProxyPassReverse "/" "http://servicehost:3400/" + RequestHeader set X-Forwarded-Proto "https" + RequestHeader set X-Forwarded-Port "443" + + + SSLEngine on + + diff --git a/startScript.sh-template b/startScript.sh-template new file mode 100644 index 0000000..a3c1078 --- /dev/null +++ b/startScript.sh-template @@ -0,0 +1,18 @@ +#!/bin/bash + +CONTAINER_NAME="httpdispatcher" +IMAGE_NAME="wollud1969/httpdispatcher" +VERSION="latest" +if [ "$MAINADDR" = "" ]; then + MAINDEV=`ip route list match default | sed -e 's/^default.*dev \(\S\+\)\( \S\+\)\? \?$/\1/'` + MAINADDR=`ip addr list dev $MAINDEV | awk '/inet / {print $2}' | awk -F/ '{print $1}'` +fi + +docker run \ + -d \ + -p 80:80 \ + -p 443:443 \ + --add-host servicehost:$MAINADDR \ + --name $CONTAINER_NAME \ + --restart always \ + $IMAGE_NAME:$VERSION