diff options
author | Suren A. Chilingaryan <csa@suren.me> | 2019-08-21 03:19:29 +0200 |
---|---|---|
committer | Suren A. Chilingaryan <csa@suren.me> | 2019-08-21 03:19:29 +0200 |
commit | 2d8efa1787ffa56dfc78edb62f4dbc94c1c9450e (patch) | |
tree | f200f1be9028033bb4470b2684d5b75bf070d150 /2.4/docker-entrypoint.sh | |
parent | 95601d0dbf09cf500b9b0aeb6963d7ee27d8cb2e (diff) | |
download | apache-2d8efa1787ffa56dfc78edb62f4dbc94c1c9450e.tar.gz apache-2d8efa1787ffa56dfc78edb62f4dbc94c1c9450e.tar.bz2 apache-2d8efa1787ffa56dfc78edb62f4dbc94c1c9450e.tar.xz apache-2d8efa1787ffa56dfc78edb62f4dbc94c1c9450e.zip |
Change to system-wide Apache installation
Diffstat (limited to '2.4/docker-entrypoint.sh')
-rwxr-xr-x | 2.4/docker-entrypoint.sh | 90 |
1 files changed, 14 insertions, 76 deletions
diff --git a/2.4/docker-entrypoint.sh b/2.4/docker-entrypoint.sh index cab689a..d565765 100755 --- a/2.4/docker-entrypoint.sh +++ b/2.4/docker-entrypoint.sh @@ -1,56 +1,10 @@ #!/bin/sh set -e -# Environment variables that are used if not empty: -# SERVER_NAMES -# LOCATION -# AUTH_TYPE -# REALM -# USERNAME -# PASSWORD -# ANONYMOUS_METHODS -# SSL_CERT - -# Just in case this environment variable has gone missing. -HTTPD_PREFIX="${HTTPD_PREFIX:-/usr/local/apache2}" - -# Configure vhosts. -if [ "x$SERVER_NAMES" != "x" ]; then - # Use first domain as Apache ServerName. - SERVER_NAME="${SERVER_NAMES%%,*}" - sed -e "s|ServerName .*|ServerName $SERVER_NAME|" \ - -i "$HTTPD_PREFIX"/conf/sites-available/default*.conf - - # Replace commas with spaces and set as Apache ServerAlias. - SERVER_ALIAS="`printf '%s\n' "$SERVER_NAMES" | tr ',' ' '`" - sed -e "/ServerName/a\ \ ServerAlias $SERVER_ALIAS" \ - -i "$HTTPD_PREFIX"/conf/sites-available/default*.conf -fi - -# Configure dav.conf -if [ "x$LOCATION" != "x" ]; then - sed -e "s|Alias .*|Alias $LOCATION /var/lib/dav/data/|" \ - -i "$HTTPD_PREFIX/conf/conf-available/dav.conf" -fi -if [ "x$REALM" != "x" ]; then - sed -e "s|AuthName .*|AuthName \"$REALM\"|" \ - -i "$HTTPD_PREFIX/conf/conf-available/dav.conf" -else - REALM="WebDAV" -fi -if [ "x$AUTH_TYPE" != "x" ]; then - # Only support "Basic" and "Digest". - if [ "$AUTH_TYPE" != "Basic" ] && [ "$AUTH_TYPE" != "Digest" ]; then - printf '%s\n' "$AUTH_TYPE: Unknown AuthType" 1>&2 - exit 1 - fi - sed -e "s|AuthType .*|AuthType $AUTH_TYPE|" \ - -i "$HTTPD_PREFIX/conf/conf-available/dav.conf" -fi - # Add password hash, unless "user.passwd" already exists (ie, bind mounted). -if [ ! -e "/tmp/user.passwd" ]; then - touch "/tmp/user.passwd" +REALM="WebDAV" +if [ ! -e "/tmp/conf/user.passwd" ]; then + touch "/tmp/conf/user.passwd" # Only generate a password hash if both username and password given. if [ "x$USERNAME" != "x" ] && [ "x$PASSWORD" != "x" ]; then if [ "$AUTH_TYPE" = "Digest" ]; then @@ -58,7 +12,7 @@ if [ ! -e "/tmp/user.passwd" ]; then HASH="`printf '%s' "$USERNAME:$REALM:$PASSWORD" | md5sum | awk '{print $1}'`" printf '%s\n' "$USERNAME:$REALM:$HASH" > /tmp/user.passwd else - htpasswd -B -b -c "/tmp/user.passwd" $USERNAME $PASSWORD + htpasswd -B -b -c "/tmp/conf/user.passwd" $USERNAME $PASSWORD fi fi fi @@ -67,39 +21,23 @@ fi if [ "x$ANONYMOUS_METHODS" != "x" ]; then if [ "$ANONYMOUS_METHODS" = "ALL" ]; then sed -e "s/Require valid-user/Require all granted/" \ - -i "$HTTPD_PREFIX/conf/conf-available/dav.conf" + -i "/tmp/conf/conf-available/dav.conf" else ANONYMOUS_METHODS="`printf '%s\n' "$ANONYMOUS_METHODS" | tr ',' ' '`" sed -e "/Require valid-user/a\ \ \ \ Require method $ANONYMOUS_METHODS" \ - -i "$HTTPD_PREFIX/conf/conf-available/dav.conf" + -i "/tmp/conf/conf-available/dav.conf" fi fi -# If specified, generate a selfsigned certificate. -if [ "${SSL_CERT:-none}" = "selfsigned" ]; then - # Generate self-signed SSL certificate. - # If SERVER_NAMES is given, use the first domain as the Common Name. - if [ ! -e /privkey.pem ] || [ ! -e /cert.pem ]; then - openssl req -x509 -newkey rsa:2048 -days 1000 -nodes \ - -keyout /privkey.pem -out /cert.pem -subj "/CN=${SERVER_NAME:-selfsigned}" - fi -fi - -# This will either be the self-signed certificate generated above or one that -# has been bind mounted in by the user. -if [ -e /privkey.pem ] && [ -e /cert.pem ]; then - # Enable SSL Apache modules. - for i in http2 ssl; do - sed -e "/^#LoadModule ${i}_module.*/s/^#//" \ - -i "$HTTPD_PREFIX/conf/httpd.conf" - done - # Enable SSL vhost. - ln -sf ../sites-available/default-ssl.conf \ - "$HTTPD_PREFIX/conf/sites-enabled" -fi - # Create directories for Dav data and lock database. -[ ! -d "/var/lib/dav/data" ] && mkdir -p "/var/lib/dav/data" +[ ! -d "/var/dav/data" ] && mkdir -p "/var/dav/data" [ ! -e "/tmp/DavLock" ] && touch "/tmp/DavLock" + +if ! whoami &> /dev/null; then + if [ -w /etc/passwd ]; then + echo "${USER_NAME:-default}:x:$(id -u):0:${USER_NAME:-default} user:${HOME}:/sbin/nologin" >> /etc/passwd + fi +fi + exec "$@" |