Enable SSL in docker container.

CHANGELOG.md

@@ -4,6 +4,7 @@
 
 dd mm yyyy
 
+- New: The Docker image now supports HTTPS.
 - New: The ESI proxy API endpoints now also accept the headers `Neucore-EveCharacter` and `Neucore-EveLogin` 
   as an alternative to the `datasource` parameter, which is now optional.
 - Change: The role `app-esi` has been split into several roles: `app-esi-login`, `app-esi-proxy` and `app-esi-token`.

doc/Install.md

@@ -107,8 +107,19 @@ Continue reading [Getting started](../README.md#getting-started).
 
 #### Production environment
 
-In a production environment you want to set up a reverse proxy server with SSL and remove the
-`NEUCORE_SESSION_SECURE=0` environment variable.
+In a production environment you want to run a web server with SSL and remove the `NEUCORE_SESSION_SECURE=0` 
+environment variable.
+
+You can do that by setting up a reverse proxy (recommended) or by forwarding the SSL port from the Docker 
+container and provide an SSL certificate.
+
+To use SSL from Docker use the following arguments when running the container:
+
+```
+  --volume="/path/to/your/certificate":/etc/ssl/certs/neucore.pem \
+  --volume="/path/to/your/key":/etc/ssl/private/neucore.key \
+  --publish=443:443 \
+```
 
 Example reverse proxy configuration for Apache, including necessary setup on Ubuntu 22.04:
 
@@ -148,7 +159,8 @@ when running the Neucore container, for example:
 
 ```shell
 mkdir docker-logs && sudo chown 33 docker-logs
-
+```
+```
   --volume="$(pwd)/docker-logs":/var/www/backend/var/logs \
 ```
 

setup/Dockerfile

@@ -12,7 +12,7 @@ FROM php:8.2-apache-bullseye
 ARG DEBIAN_FRONTEND=noninteractive
 
 RUN apt-get update && \
-    apt-get install -y --no-install-recommends libgmp-dev libzip4 libzip-dev libicu-dev && \
+    apt-get install -y --no-install-recommends libgmp-dev libzip4 libzip-dev libicu-dev ssl-cert && \
     docker-php-ext-install pdo_mysql bcmath gmp zip intl opcache mysqli && \
     apt-get remove --purge -y libgmp-dev libzip-dev libicu-dev && \
     apt-get autoremove --purge -y && \
@@ -25,8 +25,13 @@ RUN pecl channel-update pecl.php.net &&  \
 RUN mv "$PHP_INI_DIR/php.ini-production" "$PHP_INI_DIR/php.ini" # /usr/local/etc/php
 RUN echo 'expose_php = Off' > "$PHP_INI_DIR/conf.d/x-neucore.ini"
 
-RUN a2enmod rewrite headers
-RUN echo 'Header always set Strict-Transport-Security "max-age=31536000"' > /etc/apache2/conf-enabled/x-neucore.conf && \
+RUN a2enmod rewrite headers ssl socache_shmcb && \
+    cp /etc/ssl/certs/ssl-cert-snakeoil.pem /etc/ssl/certs/neucore.pem && \
+    cp /etc/ssl/private/ssl-cert-snakeoil.key /etc/ssl/private/neucore.key && \
+    sed -i '/SSLCertificateFile.*snakeoil\.pem/c\SSLCertificateFile \/etc\/ssl\/certs\/neucore.pem' /etc/apache2/sites-available/default-ssl.conf &&  \
+    sed -i '/SSLCertificateKeyFile.*snakeoil\.key/cSSLCertificateKeyFile /etc/ssl/private/neucore.key\' /etc/apache2/sites-available/default-ssl.conf && \
+    a2ensite default-ssl && \
+    echo 'Header always set Strict-Transport-Security "max-age=31536000"' > /etc/apache2/conf-enabled/x-neucore.conf && \
     echo "Header always set Content-Security-Policy \"default-src 'none'; style-src 'self'; script-src 'self'; font-src 'self' data:; img-src 'self' data: https://images.evetech.net; connect-src 'self' https://esi.evetech.net; form-action 'self'; base-uri 'none'; frame-ancestors 'none'; sandbox allow-downloads allow-forms allow-popups allow-popups-to-escape-sandbox allow-same-origin allow-scripts allow-top-navigation;\"" >> /etc/apache2/conf-enabled/x-neucore.conf && \
     echo 'Header always set X-Frame-Options "sameorigin"'                >> /etc/apache2/conf-enabled/x-neucore.conf && \
     echo 'Header always set X-Content-Type-Options "nosniff"'            >> /etc/apache2/conf-enabled/x-neucore.conf && \