This commit is contained in:
2020-07-08 12:34:48 +00:00
commit 48b0afefa9
4 changed files with 132 additions and 0 deletions

25
.gitlab-ci.yml Normal file
View File

@ -0,0 +1,25 @@
stages:
- dockerize
variables:
IMAGE_NAME: registry.hottis.de/dockerized/httpdispatcher
HUB_IMAGE_NAME: wollud1969/httpdispatcher
dockerize:
stage: dockerize
image: wollud1969/docker-bash:0.3
tags:
- linux
- docker
script:
- VERSION="$(cat VERSION).$(git rev-list --all --count).$CI_COMMIT_REF_NAME"
- cat httpd-vhosts.conf-template | sed -e 's/%AuthLDAPBindDN%/'"${AuthLDAPBindDN/\\/\\\\}"'/' -e 's/%AuthLDAPBindPassword%/'"${AuthLDAPBindPassword//&/\\&}"'/' -e 's@%AuthLDAPURL%@'"$AuthLDAPURL"'@' > httpd-vhosts.conf
- docker build --tag $IMAGE_NAME:latest --tag $IMAGE_NAME:$VERSION --tag $HUB_IMAGE_NAME:latest --tag $HUB_IMAGE_NAME:$VERSION .
- docker login -u gitlab-ci-token -p $CI_JOB_TOKEN $CI_REGISTRY
- docker push $IMAGE_NAME:latest
- docker push $IMAGE_NAME:$VERSION
- docker login -u $DOCKER_HUB_LOGIN -p $DOCKER_HUB_PASSWORD
- docker push $HUB_IMAGE_NAME:latest
- docker push $HUB_IMAGE_NAME:$VERSION

34
Dockerfile Normal file
View File

@ -0,0 +1,34 @@
FROM httpd:2.4
LABEL Maintainer="Wolfgang Hottgenroth <woho@hottis.de>"
LABEL ImageName="registry.hottis.de/dockerized/httpdispatcher"
LABEL HubImageName="wollud1969/httpdispatcher"
RUN \
apt update && \
apt install -y curl && \
sed -i \
-e 's,^#\(LoadModule proxy_module modules/mod_proxy.so\),\1,' \
-e 's,^#\(LoadModule proxy_http_module modules/mod_proxy_http.so\),\1,' \
-e 's,^#\(LoadModule macro_module modules/mod_macro.so\),\1,' \
-e 's,^#\(LoadModule rewrite_module modules/mod_rewrite.so\),\1,' \
-e 's,^#\(LoadModule authnz_ldap_module modules/mod_authnz_ldap.so\),\1,' \
-e 's,^#\(LoadModule ldap_module modules/mod_ldap.so\),\1,' \
-e 's,^#\(LoadModule ssl_module modules/mod_ssl.so\),\1,' \
-e 's,^#\(LoadModule socache_shmcb_module modules/mod_socache_shmcb.so\),\1,' \
-e 's,^#\(Include conf/extra/httpd-vhosts.conf\),Include conf/editable/httpd-vhosts.conf,' \
conf/httpd.conf && \
mkdir conf/editable && \
mkdir conf/editable/ssl && \
mkdir conf/editable/ssl/private && \
mkdir conf/editable/ssl/certs
COPY httpd-vhosts.conf conf/editable/
VOLUME /usr/local/apache2/conf/editable
VOLUME /usr/local/apache2/logs
EXPOSE 443/tcp
EXPOSE 80/tcp

View File

@ -0,0 +1,55 @@
<Macro LDAPAuthConfig>
AuthBasicProvider ldap
AuthLDAPBindDN "%AuthLDAPBindDN%"
AuthLDAPBindPassword "%AuthLDAPBindPassword%"
AuthLDAPURL "%AuthLDAPURL%"
LDAPReferrals Off
AuthLDAPGroupAttribute member
AuthLDAPGroupAttributeIsDN on
AuthType Basic
</Macro>
SSLCipherSuite ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES256-GCM-SHA384
SSLProxyCipherSuite HIGH:MEDIUM:!MD5:!RC4:!3DES
SSLHonorCipherOrder on
SSLProtocol all -SSLv3 -SSLv2 -TLSv1 -TLSv1.1
SSLProxyProtocol all -SSLv3
SSLPassPhraseDialog builtin
SSLSessionCache "shmcb:/usr/local/apache2/logs/ssl_scache(512000)"
SSLSessionCacheTimeout 300
# Example on usage on above LDAPAuthConfig macro
# <Location /pw>
# Use LDAPAuthConfig
# AuthName "pw-webservice"
# Require ldap-group CN=...
# </Location>
Listen 0.0.0.0:443
<VirtualHost 0.0.0.0:80>
ServerName test.example.com
Redirect / https://test.example.com
</VirtualHost>
<VirtualHost 0.0.0.0:443>
ServerName test.example.com
ServerAlias test
CustomLog /usr/local/apache2/logs/test_access.log combined
ErrorLog /usr/local/apache2/logs/test_error.log
AllowEncodedSlashes On
ProxyRequests Off
ProxyPreserveHost On
ProxyPass "/" "http://servicehost:3400/" nocanon
ProxyPassReverse "/" "http://servicehost:3400/"
RequestHeader set X-Forwarded-Proto "https"
RequestHeader set X-Forwarded-Port "443"
SSLEngine on
</VirtualHost>

18
startScript.sh-template Normal file
View File

@ -0,0 +1,18 @@
#!/bin/bash
CONTAINER_NAME="httpdispatcher"
IMAGE_NAME="wollud1969/httpdispatcher"
VERSION="latest"
if [ "$MAINADDR" = "" ]; then
MAINDEV=`ip route list match default | sed -e 's/^default.*dev \(\S\+\)\( \S\+\)\? \?$/\1/'`
MAINADDR=`ip addr list dev $MAINDEV | awk '/inet / {print $2}' | awk -F/ '{print $1}'`
fi
docker run \
-d \
-p 80:80 \
-p 443:443 \
--add-host servicehost:$MAINADDR \
--name $CONTAINER_NAME \
--restart always \
$IMAGE_NAME:$VERSION