Merge pull request #9 from devilbox/release-0.15

WIP: Add HTTPS support

.travis.yml

@@ -71,7 +71,7 @@ jobs:
             elif [ "${TRAVIS_BRANCH}" == "master" ]; then
               docker build --no-cache=true -t "${IMAGE}:latest" . &&
               docker images;
-            elif [[ ${TRAVIS_BRANCH} =~ ^(release[/-][.0-9]+)$ ]]; then
+            elif [[ ${TRAVIS_BRANCH} =~ ^(release-[.0-9]+)$ ]]; then
               docker build --no-cache=true -t "${IMAGE}:${TRAVIS_BRANCH}" . &&
               docker images;
             else
@@ -91,7 +91,7 @@ jobs:
             elif [ "${TRAVIS_BRANCH}" == "master" ]; then
               echo "Pushing ${IMAGE}:latest" &&
               docker push "${IMAGE}:latest";
-            elif [[ ${TRAVIS_BRANCH} =~ ^(release[/-][.0-9]+)$ ]]; then
+            elif [[ ${TRAVIS_BRANCH} =~ ^(release-[.0-9]+)$ ]]; then
               echo "Pushing ${IMAGE}:${TRAVIS_BRANCH}" &&
               docker push "${IMAGE}:${TRAVIS_BRANCH}";
             else

Dockerfile

@@ -3,14 +3,31 @@ MAINTAINER "cytopia" <cytopia@everythingcli.org>
 
 
 ###
-### Labels
+### Build arguments
 ###
-LABEL \
-	name="cytopia's Apache 2.2 Image" \
-	image="apache-2.2" \
-	vendor="devilbox" \
-	license="MIT" \
-	build-date="2017-10-01"
+ARG VHOST_GEN_GIT_REF=0.5
+ARG CERT_GEN_GIT_REF=0.2
+
+ENV BUILD_DEPS \
+	autoconf \
+	gcc \
+	git \
+	make \
+	wget
+
+ENV RUN_DEPS \
+	ca-certificates \
+	python-yaml \
+	supervisor
+
+
+###
+### Runtime arguments
+###
+ENV MY_USER=daemon
+ENV MY_GROUP=daemon
+ENV HTTPD_START="httpd-foreground"
+ENV HTTPD_RELOAD="/usr/local/apache2/bin/httpd -k restart"
 
 
 ###
@@ -22,17 +39,10 @@ RUN set -x \
 	&& apt-get update \
 	&& apt-get upgrade -y \
 	&& apt-get install --no-install-recommends --no-install-suggests -y \
-		autoconf \
-		gcc \
-		make \
-		python-yaml \
-		supervisor \
-		wget \
-	&& rm -rf /var/lib/apt/lists/* \
-	&& apt-get purge -y --auto-remove
-
-# mod-proxy-fcgi
-RUN set -x \
+		${BUILD_DEPS} \
+		${RUN_DEPS} \
+	\
+	# mod-proxy-fcgi
 	&& wget --no-check-certificate -O mod-proxy-fcgi.tar.gz https://github.com/devilbox/mod-proxy-fcgi/archive/master.tar.gz \
 	&& tar xvfz mod-proxy-fcgi.tar.gz \
 	&& cd mod-proxy-fcgi-master \
@@ -41,33 +51,30 @@ RUN set -x \
 	&& make \
 	&& make install \
 	&& cd .. \
-	&& rm -rf mod-proxy-fcgi*
-
-# vhost-gen
-RUN set -x \
-	&& wget --no-check-certificate -O vhost_gen.tar.gz https://github.com/devilbox/vhost-gen/archive/master.tar.gz \
-	&& tar xfvz vhost_gen.tar.gz \
-	&& cd vhost-gen-master \
+	&& rm -rf mod-proxy-fcgi* \
+	\
+	# Install vhost-gen
+	&& git clone https://github.com/devilbox/vhost-gen \
+	&& cd vhost-gen \
+	&& git checkout "${VHOST_GEN_GIT_REF}" \
 	&& make install \
 	&& cd .. \
-	&& rm -rf vhost*gen*
-
-# watcherd
-RUN set -x \
+	&& rm -rf vhost*gen* \
+	\
+	# Install cert-gen
+	&& wget --no-check-certificate -O /usr/bin/ca-gen https://raw.githubusercontent.com/devilbox/cert-gen/${CERT_GEN_GIT_REF}/bin/ca-gen \
+	&& wget --no-check-certificate -O /usr/bin/cert-gen https://raw.githubusercontent.com/devilbox/cert-gen/${CERT_GEN_GIT_REF}/bin/cert-gen \
+	&& chmod +x /usr/bin/ca-gen \
+	&& chmod +x /usr/bin/cert-gen \
+	\
+	# Install watcherd
 	&& wget --no-check-certificate -O /usr/bin/watcherd https://raw.githubusercontent.com/devilbox/watcherd/master/watcherd \
-	&& chmod +x /usr/bin/watcherd
-
-# cleanup
-RUN set -x \
-	&& apt-get update \
-	&& apt-get remove -y \
-		autoconf \
-		gcc \
-		make \
-		wget \
-	&& apt-get autoremove -y \
-	&& rm -rf /var/lib/apt/lists/* \
-	&& apt-get purge -y --auto-remove
+	&& chmod +x /usr/bin/watcherd \
+	\
+	# Clean-up
+	&& apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false $fetchDeps \
+		${BUILD_DEPS} \
+	&& rm -rf /var/lib/apt/lists/*
 
 # Add custom config directive to httpd server
 RUN set -x \
@@ -79,6 +86,19 @@ RUN set -x \
 		echo "Include /etc/httpd-custom.d/*.conf"; \
 		echo "Include /etc/httpd/conf.d/*.conf"; \
 		echo "Include /etc/httpd/vhost.d/*.conf"; \
+		\
+		#echo "LoadModule ssl_module modules/mod_ssl.so"; \
+		echo "Listen 443"; \
+		echo "NameVirtualHost *:443"; \
+		echo "SSLCipherSuite HIGH:MEDIUM:!MD5:!RC4:!3DES"; \
+		echo "SSLProxyCipherSuite HIGH:MEDIUM:!MD5:!RC4:!3DES"; \
+		echo "SSLHonorCipherOrder on"; \
+		echo "SSLProtocol all -SSLv2 -SSLv3"; \
+		echo "SSLProxyProtocol all -SSLv2 -SSLv3"; \
+		echo "SSLPassPhraseDialog  builtin"; \
+		echo "SSLSessionCache        \"shmcb:/usr/local/apache2/logs/ssl_scache(512000)\""; \
+		echo "SSLSessionCacheTimeout  300"; \
+		echo "SSLMutex  \"file:/usr/local/apache2/logs/ssl_mutex\""; \
 	) >> /usr/local/apache2/conf/httpd.conf
 
 # create directories
@@ -89,28 +109,31 @@ RUN set -x \
 	&& mkdir -p /var/www/default/htdocs \
 	&& mkdir -p /shared/httpd \
 	&& chmod 0775 /shared/httpd \
-	&& chown daemon:daemon /shared/httpd
+	&& chown ${MY_USER}:${MY_GROUP} /shared/httpd
 
 
 ###
 ### Copy files
 ###
-COPY ./data/vhost-gen/conf.yml /etc/vhost-gen/conf.yml
 COPY ./data/vhost-gen/main.yml /etc/vhost-gen/main.yml
-COPY ./data/supervisord.conf /etc/supervisord.conf
+COPY ./data/vhost-gen/mass.yml /etc/vhost-gen/mass.yml
+COPY ./data/create-vhost.sh /usr/local/bin/create-vhost.sh
+COPY ./data/docker-entrypoint.d /docker-entrypoint.d
 COPY ./data/docker-entrypoint.sh /docker-entrypoint.sh
 
 
 ###
 ### Ports
 ###
 EXPOSE 80
+EXPOSE 443
 
 
 ###
 ### Volumes
 ###
 VOLUME /shared/httpd
+VOLUME /ca
 
 
 ###

README.md

@@ -1,24 +1,22 @@
-# Apache 2.2 Docker
+# Apache 2.2 Docker image
 
-[![Devilbox](https://raw.githubusercontent.com/cytopia/devilbox/master/.devilbox/www/htdocs/assets/img/devilbox_80.png)](https://github.com/cytopia/devilbox)
+[![Build Status](https://travis-ci.org/devilbox/docker-apache-2.2.svg?branch=master)](https://travis-ci.org/devilbox/docker-apache-2.2)
+[![release](https://img.shields.io/github/release/devilbox/docker-apache-2.2.svg)](https://github.com/devilbox/docker-apache-2.2/releases)
+[![Join the chat at https://gitter.im/devilbox/Lobby](https://badges.gitter.im/devilbox/Lobby.svg)](https://gitter.im/devilbox/Lobby?utm_source=badge&utm_medium=badge&utm_campaign=pr-badge&utm_content=badge)
+[![Github](https://img.shields.io/badge/github-docker--apache--2.2-red.svg)](https://github.com/devilbox/docker-apache-2.2)
+[![](https://images.microbadger.com/badges/license/devilbox/apache-2.2.svg)](https://microbadger.com/images/devilbox/apache-2.2 "apache-2.2")
 
-<sub>This Docker image is part of the **[devilbox](https://github.com/cytopia/devilbox)**.</sub>
+**[devilbox/docker-apache-2.2](https://github.com/devilbox/docker-apache-2.2)**
 
-**Apache 2.2 | [Apache 2.4](https://github.com/devilbox/docker-apache-2.2) | [Nginx stable](https://github.com/devilbox/docker-nginx-stable) | [Nginx mainline](https://github.com/devilbox/docker-nginx-mainline)**
-
-[![Build Status](https://travis-ci.org/devilbox/docker-apache-2.2.svg?branch=master)](https://travis-ci.org/devilbox/docker-apache-2.2) [![](https://images.microbadger.com/badges/version/devilbox/apache-2.2.svg)](https://microbadger.com/images/devilbox/apache-2.2 "apache-2.2") [![](https://images.microbadger.com/badges/image/devilbox/apache-2.2.svg)](https://microbadger.com/images/devilbox/apache-2.2 "apache-2.2") [![](https://images.microbadger.com/badges/license/devilbox/apache-2.2.svg)](https://microbadger.com/images/devilbox/apache-2.2 "apache-2.2")
+This image is based on the official **[Apache 2.2](https://hub.docker.com/_/httpd)** Docker image and extends it with the ability to have **virtual hosts created automatically**, as well as **adding SSL certificates** when creating new directories. For that to work, it integrates two tools that will take care about the whole process: **[watcherd](https://github.com/devilbox/watcherd)** and **[vhost-gen](https://github.com/devilbox/vhost-gen)**.
 
-This image is based on the official **[Apache 2.2](https://hub.docker.com/_/httpd)** Docker image and extends it with the ability to have **virtual hosts created automatically** when adding new directories. For that to work, it integrates two tools that will take care about the whole process: **[watcherd](https://github.com/devilbox/watcherd)** and **[vhost-gen](https://github.com/devilbox/vhost-gen)**.
+From a users perspective, you mount your local project directory into the container under `/shared/httpd`. Any directory then created in your local project directory wil spawn a new virtual host by the same name. Additional settings such as custom server names, PHP-FPM or even different Apache templates per project are supported as well.
 
-From a users perspective, you mount your local project directory into the Docker under `/shared/httpd`. Any directory then created in your local project directory wil spawn a new virtual host by the same name. Additional settings such as custom server names, PHP-FPM or even different Apache templates per project are supported as well.
-
-----
+| Docker Hub | Upstream Project |
+|------------|------------------|
+| <a href="https://hub.docker.com/r/devilbox/apache-2.2"><img height="82px" src="http://dockeri.co/image/devilbox/apache-2.2" /></a> | <a href="https://github.com/cytopia/devilbox" ><img height="82px" src="https://raw.githubusercontent.com/devilbox/artwork/master/submissions_banner/cytopia/01/png/banner_256_trans.png" /></a> |
 
-Find me on **[Docker Hub](https://hub.docker.com/r/devilbox/apache-2.2)**:
-
-[![devilbox/apache-2.2](http://dockeri.co/image/devilbox/apache-2.2)](https://hub.docker.com/r/devilbox/apache-2.2/)
-
-<small>**Latest build:** This container is built every night by [travis-ci](https://travis-ci.org/devilbox/docker-apache-2.2).</small>
+**Apache 2.2 | [Apache 2.4](https://github.com/devilbox/docker-apache-2.2) | [Nginx stable](https://github.com/devilbox/docker-nginx-stable) | [Nginx mainline](https://github.com/devilbox/docker-nginx-mainline)**
 
 ----
 
@@ -29,12 +27,16 @@ Find me on **[Docker Hub](https://hub.docker.com/r/devilbox/apache-2.2)**:
 
 1. Automated virtual hosts can be enabled by providing `-e MASS_VHOST_ENABLE=1`.
 2. You should mount a local project directory into the Docker under `/shared/httpd` (`-v /local/path:/shared/httpd`).
-3. You can optionally specify a global server name suffix via e.g.: `-e MASS_VHOST_TLD=.local`
+3. You can optionally specify a global server name suffix via e.g.: `-e MASS_VHOST_TLD=.loc`
 4. You can optionally specify a global subdirectory from which the virtual host will servve the documents via e.g.: `-e MASS_VHOST_DOCROOT=www`
-4. Allow the Docker to expose its port via `-p 80:80`.
-5. Have DNS names point to the IP address the docker runs on (e.g. via `/etc/hosts`)
+5. Allow the Docker to expose its port via `-p 80:80`.
+6. Have DNS names point to the IP address the container runs on (e.g. via `/etc/hosts`)
 
-With the above described settings, whenever you create a local directory under your projects dir, such as `/local/path/mydir`, there will be a new virtual host created by the same name `http://mydir`. You can also specify a global suffix for the vhost names via `-e MASS_VHOST_TLD=.local`, afterwards your above created vhost would be reachable via `http://mydir.local`.
+With the above described settings, whenever you create a local directory under your projects dir
+such as `/local/path/mydir`, there will be a new virtual host created by the same name
+`http://mydir`. You can also specify a global suffix for the vhost names via
+`-e MASS_VHOST_TLD=.loc`, afterwards your above created vhost would be reachable via
+`http://mydir.loc`.
 
 Just to give you a few examples:
 
@@ -67,7 +69,7 @@ docker run -it \
     -p 80:80 \
     -e MASS_VHOST_ENABLE=1 \
     -e MASS_VHOST_DOCROOT=www \
-    -e MASS_VHOST_TLD=.local \
+    -e MASS_VHOST_TLD=.loc \
     -v /local/path:/shared/httpd \
     devilbox/apache-2.2
 ```
@@ -99,7 +101,7 @@ PHP-FPM is not included inside this Docker container, but can be enabled to cont
 
 #### Disabling the default virtual host
 
-If you only want to server you custom projects and don't need the default virtual host, you can disable it by `-e MAIN_VHOST_DISABLE=1`.
+If you only want to server you custom projects and don't need the default virtual host, you can disable it by `-e MAIN_VHOST_ENABLE=0`.
 
 
 ## Options
@@ -130,7 +132,10 @@ This Docker container adds a lot of injectables in order to customize it to your
 
 | Variable | Type | Default | Description |
 |----------|------|---------|-------------|
-| MAIN_VHOST_DISABLE  | bool   | `0`     | By default there is a standard (catch-all) vhost configured to accept requests served from `/var/www/default/htdocs`. If you want to disable it, set the value to `1`.<br/><strong>Note:</strong>The `htdocs` dir name can be changed with `MAIN_VHOST_DOCROOT`. See below. |
+| MAIN_VHOST_ENABLE  | bool   | `1`     | By default there is a standard (catch-all) vhost configured to accept requests served from `/var/www/default/htdocs`. If you want to disable it, set the value to `0`.<br/><strong>Note:</strong>The `htdocs` dir name can be changed with `MAIN_VHOST_DOCROOT`. See below. |
+| MAIN_VHOST_SSL_TYPE | string | `plain` | <ul><li><code>plain</code> - only serve via http</li><li><code>ssl</code> - only serve via https</li><li><code>both</code> - serve via http and https</li><li><code>redir</code> - serve via https and redirect http to https</li></ul> |
+| MAIN_VHOST_SSL_GEN | bool | `0` | `0`: Do not generate an ssl certificate<br/> `1`: Generate self-signed certificate automatically |
+| MAIN_VHOST_SSL_CN  | string | `localhost` | Comma separated list of CN names for SSL certificate generation (The domain names by which you want to reach the default server) |
 | MAIN_VHOST_DOCROOT  | string | `htdocs`| This is the directory name appended to `/var/www/default/` from which the default virtual host will serve its files.<br/><strong>Default:</strong><br/>`/var/www/default/htdocs`<br/><strong>Example:</strong><br/>`MAIN_VHOST_DOCROOT=www`<br/>Doc root: `/var/www/default/www` | 
 | MAIN_VHOST_TPL      | string | `cfg`   | Directory within th default vhost base path (`/var/www/default`) to look for templates to overwrite virtual host settings. See [vhost-gen](https://github.com/devilbox/vhost-gen/tree/master/etc/templates) for available template files.<br/><strong>Resulting default path:</strong><br/>`/var/www/default/cfg` |
 | MAIN_VHOST_STATUS_ENABLE | bool | `0`  | Enable httpd status page. |
@@ -141,7 +146,9 @@ This Docker container adds a lot of injectables in order to customize it to your
 | Variable | Type | Default | Description |
 |----------|------|---------|-------------|
 | MASS_VHOST_ENABLE   | bool   | `0`     | You can enable mass virtual hosts by setting this value to `1`. Mass virtual hosts will be created for each directory present in `/shared/httpd` by the same name including a top-level domain suffix (which could also be a domain+tld). See `MASS_VHOST_TLD` for how to set it. |
-| MASS_VHOST_TLD      | string | `.local`| This string will be appended to the server name (which is built by its directory name) for mass virtual hosts and together build the final domain.<br/><strong>Default:</strong>`<project>.local`<br/><strong>Example:</strong><br/>Path: `/shared/httpd/temp`<br/>`MASS_VHOST_TLD=.lan`<br/>Server name: `temp.lan`<br/><strong>Example:</strong><br/>Path:`/shared/httpd/api`<br/>`MASS_VHOST_TLD=.example.com`<br/>Server name: `api.example.com` |
+| MASS_VHOST_SSL_TYPE | string | `plain` | <ul><li><code>plain</code> - only serve via http</li><li><code>ssl</code> - only serve via https</li><li><code>both</code> - serve via http and https</li><li><code>redir</code> - serve via https and redirect http to https</li></ul> |
+| MASS_VHOST_SSL_GEN | bool | `0` | `0`: Do not generate an ssl certificate<br/> `1`: Generate self-signed certificate automatically |
+| MASS_VHOST_TLD      | string | `.loc`| This string will be appended to the server name (which is built by its directory name) for mass virtual hosts and together build the final domain.<br/><strong>Default:</strong>`<project>.loc`<br/><strong>Example:</strong><br/>Path: `/shared/httpd/temp`<br/>`MASS_VHOST_TLD=.lan`<br/>Server name: `temp.lan`<br/><strong>Example:</strong><br/>Path:`/shared/httpd/api`<br/>`MASS_VHOST_TLD=.example.com`<br/>Server name: `api.example.com` |
 | MASS_VHOST_DOCROOT  | string | `htdocs`| This is a subdirectory within your project dir under each project from which the web server will serve its files.<br/>`/shared/httpd/<project>/$MASS_VHOST_DOCROOT/`<br/><strong>Default:</strong><br/>`/shared/httpd/<project>/htdocs/` |
 | MASS_VHOST_TPL      | string | `cfg`   | Directory within your new virtual host to look for templates to overwrite virtual host settings. See [vhost-gen](https://github.com/devilbox/vhost-gen/tree/master/etc/templates) for available template files.<br/>`/shared/httpd/<project>/$MASS_VHOST_TPL/`<br/><strong>Resulting default path:</strong><br/>`/shared/httpd/<project>/cfg/` |
 
@@ -159,7 +166,8 @@ This Docker container adds a lot of injectables in order to customize it to your
 
 | Docker | Description |
 |--------|-------------|
-| 80     | Apache listening Port |
+| 80     | HTTP listening Port |
+| 443    | HTTPS listening Port |
 
 
 ## Examples
@@ -248,8 +256,31 @@ It allows any of the following combinations:
 
 ```
 Server version: Apache/2.2.34 (Unix)
-Server built:   Sep 19 2017 01:07:59
+Server built:   Jan 18 2018 23:12:10
 Server's Module Magic Number: 20051115:43
 Server loaded:  APR 1.5.1, APR-Util 1.5.4
+Compiled using: APR 1.5.1, APR-Util 1.5.4
+Architecture:   64-bit
 Server MPM:     Prefork
+  threaded:     no
+    forked:     yes (variable process count)
+Server compiled with....
+ -D APACHE_MPM_DIR="server/mpm/prefork"
+ -D APR_HAS_SENDFILE
+ -D APR_HAS_MMAP
+ -D APR_HAVE_IPV6 (IPv4-mapped addresses enabled)
+ -D APR_USE_SYSVSEM_SERIALIZE
+ -D APR_USE_PTHREAD_SERIALIZE
+ -D SINGLE_LISTEN_UNSERIALIZED_ACCEPT
+ -D APR_HAS_OTHER_CHILD
+ -D AP_HAVE_RELIABLE_PIPED_LOGS
+ -D DYNAMIC_MODULE_LIMIT=128
+ -D HTTPD_ROOT="/usr/local/apache2"
+ -D SUEXEC_BIN="/usr/local/apache2/bin/suexec"
+ -D DEFAULT_PIDLOG="logs/httpd.pid"
+ -D DEFAULT_SCOREBOARD="logs/apache_runtime_status"
+ -D DEFAULT_LOCKFILE="logs/accept.lock"
+ -D DEFAULT_ERRORLOG="logs/error_log"
+ -D AP_TYPES_CONFIG_FILE="conf/mime.types"
+ -D SERVER_CONFIG_FILE="conf/httpd.conf"
 ```