initial
This commit is contained in:
25
.gitlab-ci.yml
Normal file
25
.gitlab-ci.yml
Normal file
@ -0,0 +1,25 @@
|
||||
stages:
|
||||
- dockerize
|
||||
|
||||
variables:
|
||||
IMAGE_NAME: registry.hottis.de/dockerized/httpdispatcher
|
||||
HUB_IMAGE_NAME: wollud1969/httpdispatcher
|
||||
|
||||
|
||||
dockerize:
|
||||
stage: dockerize
|
||||
image: wollud1969/docker-bash:0.3
|
||||
tags:
|
||||
- linux
|
||||
- docker
|
||||
script:
|
||||
- VERSION="$(cat VERSION).$(git rev-list --all --count).$CI_COMMIT_REF_NAME"
|
||||
- cat httpd-vhosts.conf-template | sed -e 's/%AuthLDAPBindDN%/'"${AuthLDAPBindDN/\\/\\\\}"'/' -e 's/%AuthLDAPBindPassword%/'"${AuthLDAPBindPassword//&/\\&}"'/' -e 's@%AuthLDAPURL%@'"$AuthLDAPURL"'@' > httpd-vhosts.conf
|
||||
- docker build --tag $IMAGE_NAME:latest --tag $IMAGE_NAME:$VERSION --tag $HUB_IMAGE_NAME:latest --tag $HUB_IMAGE_NAME:$VERSION .
|
||||
- docker login -u gitlab-ci-token -p $CI_JOB_TOKEN $CI_REGISTRY
|
||||
- docker push $IMAGE_NAME:latest
|
||||
- docker push $IMAGE_NAME:$VERSION
|
||||
- docker login -u $DOCKER_HUB_LOGIN -p $DOCKER_HUB_PASSWORD
|
||||
- docker push $HUB_IMAGE_NAME:latest
|
||||
- docker push $HUB_IMAGE_NAME:$VERSION
|
||||
|
34
Dockerfile
Normal file
34
Dockerfile
Normal file
@ -0,0 +1,34 @@
|
||||
FROM httpd:2.4
|
||||
|
||||
LABEL Maintainer="Wolfgang Hottgenroth <woho@hottis.de>"
|
||||
LABEL ImageName="registry.hottis.de/dockerized/httpdispatcher"
|
||||
LABEL HubImageName="wollud1969/httpdispatcher"
|
||||
|
||||
RUN \
|
||||
apt update && \
|
||||
apt install -y curl && \
|
||||
sed -i \
|
||||
-e 's,^#\(LoadModule proxy_module modules/mod_proxy.so\),\1,' \
|
||||
-e 's,^#\(LoadModule proxy_http_module modules/mod_proxy_http.so\),\1,' \
|
||||
-e 's,^#\(LoadModule macro_module modules/mod_macro.so\),\1,' \
|
||||
-e 's,^#\(LoadModule rewrite_module modules/mod_rewrite.so\),\1,' \
|
||||
-e 's,^#\(LoadModule authnz_ldap_module modules/mod_authnz_ldap.so\),\1,' \
|
||||
-e 's,^#\(LoadModule ldap_module modules/mod_ldap.so\),\1,' \
|
||||
-e 's,^#\(LoadModule ssl_module modules/mod_ssl.so\),\1,' \
|
||||
-e 's,^#\(LoadModule socache_shmcb_module modules/mod_socache_shmcb.so\),\1,' \
|
||||
-e 's,^#\(Include conf/extra/httpd-vhosts.conf\),Include conf/editable/httpd-vhosts.conf,' \
|
||||
conf/httpd.conf && \
|
||||
mkdir conf/editable && \
|
||||
mkdir conf/editable/ssl && \
|
||||
mkdir conf/editable/ssl/private && \
|
||||
mkdir conf/editable/ssl/certs
|
||||
|
||||
COPY httpd-vhosts.conf conf/editable/
|
||||
|
||||
VOLUME /usr/local/apache2/conf/editable
|
||||
VOLUME /usr/local/apache2/logs
|
||||
|
||||
EXPOSE 443/tcp
|
||||
EXPOSE 80/tcp
|
||||
|
||||
|
55
httpd-vhosts.conf-template
Normal file
55
httpd-vhosts.conf-template
Normal file
@ -0,0 +1,55 @@
|
||||
<Macro LDAPAuthConfig>
|
||||
AuthBasicProvider ldap
|
||||
AuthLDAPBindDN "%AuthLDAPBindDN%"
|
||||
AuthLDAPBindPassword "%AuthLDAPBindPassword%"
|
||||
AuthLDAPURL "%AuthLDAPURL%"
|
||||
LDAPReferrals Off
|
||||
AuthLDAPGroupAttribute member
|
||||
AuthLDAPGroupAttributeIsDN on
|
||||
AuthType Basic
|
||||
</Macro>
|
||||
|
||||
SSLCipherSuite ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES256-GCM-SHA384
|
||||
SSLProxyCipherSuite HIGH:MEDIUM:!MD5:!RC4:!3DES
|
||||
SSLHonorCipherOrder on
|
||||
SSLProtocol all -SSLv3 -SSLv2 -TLSv1 -TLSv1.1
|
||||
SSLProxyProtocol all -SSLv3
|
||||
SSLPassPhraseDialog builtin
|
||||
SSLSessionCache "shmcb:/usr/local/apache2/logs/ssl_scache(512000)"
|
||||
SSLSessionCacheTimeout 300
|
||||
|
||||
|
||||
# Example on usage on above LDAPAuthConfig macro
|
||||
# <Location /pw>
|
||||
# Use LDAPAuthConfig
|
||||
# AuthName "pw-webservice"
|
||||
# Require ldap-group CN=...
|
||||
# </Location>
|
||||
|
||||
Listen 0.0.0.0:443
|
||||
|
||||
<VirtualHost 0.0.0.0:80>
|
||||
ServerName test.example.com
|
||||
Redirect / https://test.example.com
|
||||
</VirtualHost>
|
||||
|
||||
<VirtualHost 0.0.0.0:443>
|
||||
ServerName test.example.com
|
||||
ServerAlias test
|
||||
|
||||
CustomLog /usr/local/apache2/logs/test_access.log combined
|
||||
ErrorLog /usr/local/apache2/logs/test_error.log
|
||||
|
||||
|
||||
AllowEncodedSlashes On
|
||||
ProxyRequests Off
|
||||
ProxyPreserveHost On
|
||||
ProxyPass "/" "http://servicehost:3400/" nocanon
|
||||
ProxyPassReverse "/" "http://servicehost:3400/"
|
||||
RequestHeader set X-Forwarded-Proto "https"
|
||||
RequestHeader set X-Forwarded-Port "443"
|
||||
|
||||
|
||||
SSLEngine on
|
||||
</VirtualHost>
|
||||
|
18
startScript.sh-template
Normal file
18
startScript.sh-template
Normal file
@ -0,0 +1,18 @@
|
||||
#!/bin/bash
|
||||
|
||||
CONTAINER_NAME="httpdispatcher"
|
||||
IMAGE_NAME="wollud1969/httpdispatcher"
|
||||
VERSION="latest"
|
||||
if [ "$MAINADDR" = "" ]; then
|
||||
MAINDEV=`ip route list match default | sed -e 's/^default.*dev \(\S\+\)\( \S\+\)\? \?$/\1/'`
|
||||
MAINADDR=`ip addr list dev $MAINDEV | awk '/inet / {print $2}' | awk -F/ '{print $1}'`
|
||||
fi
|
||||
|
||||
docker run \
|
||||
-d \
|
||||
-p 80:80 \
|
||||
-p 443:443 \
|
||||
--add-host servicehost:$MAINADDR \
|
||||
--name $CONTAINER_NAME \
|
||||
--restart always \
|
||||
$IMAGE_NAME:$VERSION
|
Reference in New Issue
Block a user