Added configuration for ssl with apache2 based on the nginx container

mr-klaatu · Mar 16, 2021 · fb110a9 · fb110a9
1 parent d6b7d95
commit fb110a9
Show file tree

Hide file tree

Showing 7 changed files with 68 additions and 18 deletions.
diff --git a/apache2/Dockerfile b/apache2/Dockerfile
@@ -2,36 +2,25 @@ FROM webdevops/apache:ubuntu-18.04
 
 LABEL maintainer="Eric Pfeiffer <[email protected]>"
 
+ARG DOCUMENT_ROOT=/var/www/
 ARG PHP_UPSTREAM_CONTAINER=php-fpm
 ARG PHP_UPSTREAM_PORT=9000
 ARG PHP_UPSTREAM_TIMEOUT=60
-ARG DOCUMENT_ROOT=/var/www/
+ARG APACHE_INSTALL_HTTP2=false
 
 ENV WEB_PHP_SOCKET=${PHP_UPSTREAM_CONTAINER}:${PHP_UPSTREAM_PORT}
-
 ENV WEB_DOCUMENT_ROOT=${DOCUMENT_ROOT}
-
+ENV APACHE_HTTP2=${APACHE_INSTALL_HTTP2}
 ENV WEB_PHP_TIMEOUT=${PHP_UPSTREAM_TIMEOUT}
 
-EXPOSE 80 443
-
 WORKDIR /var/www/
 
 COPY vhost.conf /etc/apache2/sites-enabled/vhost.conf
 
-ARG APACHE_INSTALL_HTTP2=false
-RUN mkdir /etc/apache2/ssl 2> /dev/null
-RUN if [ ${APACHE_INSTALL_HTTP2} = true ]; then \
-    openssl genrsa -out "/etc/apache2/ssl/ssl_site.key" 2048 \
-    && openssl rand -out /root/.rnd -hex 256 \
-    && openssl req -new -key "/etc/apache2/ssl/ssl_site.key" -out "/etc/apache2/ssl/ssl_site.csr" -subj "/CN=site.com/O=LGS/C=IT" \
-    && openssl x509 -req -days 365 -in "/etc/apache2/ssl/ssl_site.csr" -signkey "/etc/apache2/ssl/ssl_site.key" -out "/etc/apache2/ssl/ssl_site.crt" \
-    && a2enmod rewrite \
-    && a2enmod headers \
-    && a2enmod proxy proxy_html proxy_http xml2enc ssl http2 \
-    && service apache2 restart \
-;fi
+ADD ./startup.sh /opt/startup.sh
 
 ENTRYPOINT ["/opt/docker/bin/entrypoint.sh"]
 
-CMD ["supervisord"]
+CMD ["/bin/bash", "/opt/startup.sh"]
+
+EXPOSE 80 443
diff --git a/apache2/sites/default.apache.conf b/apache2/sites/default.apache.conf
@@ -13,4 +13,6 @@
     </IfVersion>
   </Directory>
 
+  ErrorLog /var/log/apache2/error.log
+  CustomLog /var/log/apache2/access.log combined
 </VirtualHost>
diff --git a/apache2/sites/default.apache.ssl.example b/apache2/sites/default.apache.ssl.example
@@ -0,0 +1,32 @@
+<VirtualHost *:80>
+    ServerName laradock.test
+    ServerAlias *.laradock.test
+
+    RewriteEngine On
+    RewriteCond %{HTTPS} !on
+    RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
+</VirtualHost>
+
+<VirtualHost *:443>
+    ServerName laradock.test
+    ServerAlias *.laradock.test
+    DocumentRoot /var/www/
+    Options Indexes FollowSymLinks
+
+    SSLEngine on
+    SSLCertificateFile /etc/apache2/ssl/ssl_site.crt
+    SSLCertificateKeyFile /etc/apache2/ssl/ssl_site.key
+
+    <Directory "/var/www/">
+      AllowOverride All
+      <IfVersion < 2.4>
+        Allow from all
+      </IfVersion>
+      <IfVersion >= 2.4>
+        Require all granted
+      </IfVersion>
+    </Directory>
+
+    ErrorLog /var/log/apache2/error.log
+    CustomLog /var/log/apache2/access.log combined
+</VirtualHost>
diff --git a/apache2/ssl/.gitignore b/apache2/ssl/.gitignore
@@ -0,0 +1,4 @@
+*.crt
+*.csr
+*.key
+*.pem
diff --git a/apache2/startup.sh b/apache2/startup.sh
@@ -0,0 +1,21 @@
+#!/bin/bash
+
+mkdir /etc/apache2/ssl 2> /dev/null
+
+# Change laradock.test to the URL to be used
+if [ ${APACHE_HTTP2} = true ]; then
+  if [ ! -f /etc/apache2/ssl/ssl_site.crt ]; then
+    openssl genrsa -out "/etc/apache2/ssl/ssl_site.key" 2048
+    openssl rand -out /root/.rnd -hex 256
+    openssl req -new -key "/etc/apache2/ssl/ssl_site.key" -out "/etc/apache2/ssl/ssl_site.csr" -subj "/CN=laradock.test/O=Laradock/C=BR"
+    openssl x509 -req -days 365 -extfile <(printf "subjectAltName=DNS:laradock.test,DNS:*.laradock.test") -in "/etc/apache2/ssl/ssl_site.csr" -signkey "/etc/apache2/ssl/ssl_site.key" -out "/etc/apache2/ssl/ssl_site.crt"
+  fi
+
+  a2enmod rewrite
+  a2enmod headers
+  a2enmod proxy proxy_html proxy_http xml2enc ssl http2
+  service apache2 restart
+fi
+
+# Start supervisord in foreground
+supervisord
diff --git a/docker-compose.yml b/docker-compose.yml
@@ -423,6 +423,7 @@ services:
         - ${APP_CODE_PATH_HOST}:${APP_CODE_PATH_CONTAINER}${APP_CODE_CONTAINER_FLAG}
         - ${APACHE_HOST_LOG_PATH}:/var/log/apache2
         - ${APACHE_SITES_PATH}:/etc/apache2/sites-available
+        - ${APACHE_SSL_PATH}:/etc/apache2/ssl
       ports:
         - "${APACHE_HOST_HTTP_PORT}:80"
         - "${APACHE_HOST_HTTPS_PORT}:443"

diff --git a/env-example b/env-example
@@ -337,6 +337,7 @@ APACHE_PHP_UPSTREAM_CONTAINER=php-fpm
 APACHE_PHP_UPSTREAM_PORT=9000
 APACHE_PHP_UPSTREAM_TIMEOUT=60
 APACHE_DOCUMENT_ROOT=/var/www/
+APACHE_SSL_PATH=./apache2/ssl/
 APACHE_INSTALL_HTTP2=false
 
 ### MYSQL #################################################
-Original file line number
+Diff line change
@@ -0,0 +1,4 @@
+    *.crt
+    *.csr
+    *.key
+    *.pem