From af5dc1151a00e8cf82683e1c6caad09356d5f1cf Mon Sep 17 00:00:00 2001 From: Bitnami Bot Date: Thu, 19 Sep 2019 10:39:54 +0000 Subject: [PATCH] 2.4.41-ol-7-r42 release --- bitnami/apache/2.4/ol-7/Dockerfile | 29 +- bitnami/apache/2.4/ol-7/docker-compose.yml | 7 +- bitnami/apache/2.4/ol-7/rootfs/apache-init.sh | 34 --- .../apache/2.4/ol-7/rootfs/app-entrypoint.sh | 14 - bitnami/apache/2.4/ol-7/rootfs/entrypoint.sh | 27 ++ bitnami/apache/2.4/ol-7/rootfs/libapache.sh | 261 ++++++++++++++++++ .../bitnami-templates/bitnami-ssl.conf.tpl | 30 ++ .../conf/bitnami-templates/bitnami.conf.tpl | 19 ++ .../apache/conf/bitnami/certs/server.crt | 17 ++ .../apache/conf/bitnami/certs/server.key | 27 ++ .../opt/bitnami/apache/conf/deflate.conf | 5 + .../apache/conf/vhosts/00_status-vhost.conf | 6 + bitnami/apache/2.4/ol-7/rootfs/postunpack.sh | 93 +++++++ bitnami/apache/2.4/ol-7/rootfs/run.sh | 18 ++ bitnami/apache/2.4/ol-7/rootfs/setup.sh | 20 ++ bitnami/apache/README.md | 28 +- 16 files changed, 555 insertions(+), 80 deletions(-) delete mode 100644 bitnami/apache/2.4/ol-7/rootfs/apache-init.sh delete mode 100755 bitnami/apache/2.4/ol-7/rootfs/app-entrypoint.sh create mode 100755 bitnami/apache/2.4/ol-7/rootfs/entrypoint.sh create mode 100644 bitnami/apache/2.4/ol-7/rootfs/libapache.sh create mode 100644 bitnami/apache/2.4/ol-7/rootfs/opt/bitnami/apache/conf/bitnami-templates/bitnami-ssl.conf.tpl create mode 100644 bitnami/apache/2.4/ol-7/rootfs/opt/bitnami/apache/conf/bitnami-templates/bitnami.conf.tpl create mode 100644 bitnami/apache/2.4/ol-7/rootfs/opt/bitnami/apache/conf/bitnami/certs/server.crt create mode 100644 bitnami/apache/2.4/ol-7/rootfs/opt/bitnami/apache/conf/bitnami/certs/server.key create mode 100644 bitnami/apache/2.4/ol-7/rootfs/opt/bitnami/apache/conf/deflate.conf create mode 100644 bitnami/apache/2.4/ol-7/rootfs/opt/bitnami/apache/conf/vhosts/00_status-vhost.conf create mode 100755 bitnami/apache/2.4/ol-7/rootfs/postunpack.sh create mode 100755 bitnami/apache/2.4/ol-7/rootfs/run.sh create mode 100755 bitnami/apache/2.4/ol-7/rootfs/setup.sh diff --git a/bitnami/apache/2.4/ol-7/Dockerfile b/bitnami/apache/2.4/ol-7/Dockerfile index 30d5637aea83..0f62eee04425 100644 --- a/bitnami/apache/2.4/ol-7/Dockerfile +++ b/bitnami/apache/2.4/ol-7/Dockerfile @@ -1,31 +1,24 @@ -FROM bitnami/oraclelinux-extras:7-r471 +FROM bitnami/oraclelinux-extras-base:7-r422 LABEL maintainer "Bitnami " -ENV BITNAMI_PKG_CHMOD="-R g+rwX" \ - HOME="/" +ENV HOME="/" \ + OS_ARCH="x86_64" \ + OS_FLAVOUR="ol-7" \ + OS_NAME="linux" # Install required system packages and dependencies RUN install_packages cyrus-sasl-lib expat glibc keyutils-libs krb5-libs libcom_err libnghttp2 libselinux nspr nss nss-softokn-freebl nss-util openldap openssl-libs pcre zlib -RUN bitnami-pkg unpack apache-2.4.41-1 --checksum 64b7880c3d0f0f9e7cde0e71496eed06d4240a90a2b6d62c2443fce54c614691 -RUN ln -sf /dev/stdout /opt/bitnami/apache/logs/access_log -RUN ln -sf /dev/stderr /opt/bitnami/apache/logs/error_log -RUN chmod -R g+rwX /opt/bitnami/apache/tmp /opt/bitnami/apache/conf +RUN . ./libcomponent.sh && component_unpack "apache" "2.4.41-1" --checksum 64b7880c3d0f0f9e7cde0e71496eed06d4240a90a2b6d62c2443fce54c614691 COPY rootfs / -ENV APACHE_HTTPS_PORT_NUMBER="8443" \ - APACHE_HTTP_PORT_NUMBER="8080" \ - APACHE_SET_HTTPS_PORT="no" \ - APACHE_SET_HTTP_PORT="no" \ - BITNAMI_APP_NAME="apache" \ - BITNAMI_IMAGE_VERSION="2.4.41-ol-7-r41" \ - NAMI_PREFIX="/.nami" \ +RUN /postunpack.sh +ENV BITNAMI_APP_NAME="apache" \ + BITNAMI_IMAGE_VERSION="2.4.41-ol-7-r42" \ PATH="/opt/bitnami/apache/bin:$PATH" -VOLUME [ "/certs" ] - EXPOSE 8080 8443 WORKDIR /app USER 1001 -ENTRYPOINT [ "/app-entrypoint.sh" ] -CMD [ "httpd", "-f", "/opt/bitnami/apache/conf/httpd.conf", "-DFOREGROUND" ] +ENTRYPOINT [ "/entrypoint.sh" ] +CMD [ "/run.sh" ] diff --git a/bitnami/apache/2.4/ol-7/docker-compose.yml b/bitnami/apache/2.4/ol-7/docker-compose.yml index 6ff0218bb7c4..ddaffba780df 100644 --- a/bitnami/apache/2.4/ol-7/docker-compose.yml +++ b/bitnami/apache/2.4/ol-7/docker-compose.yml @@ -1,8 +1,7 @@ version: '2' - services: apache: - image: 'bitnami/apache:2.4-ol-7' + image: bitnami/apache:2.4-ol-7 ports: - - '80:8080' - - '443:8443' + - 80:8080 + - 443:8443 diff --git a/bitnami/apache/2.4/ol-7/rootfs/apache-init.sh b/bitnami/apache/2.4/ol-7/rootfs/apache-init.sh deleted file mode 100644 index e87f75b58c2b..000000000000 --- a/bitnami/apache/2.4/ol-7/rootfs/apache-init.sh +++ /dev/null @@ -1,34 +0,0 @@ -#!/bin/bash - -# Check whether Apache ports must be configured -if [[ -n "${APACHE_HTTP_PORT_NUMBER:-}" ]]; then - export APACHE_SET_HTTP_PORT="yes" -fi -if [[ -n "${APACHE_HTTPS_PORT_NUMBER:-}" ]]; then - export APACHE_SET_HTTPS_PORT="yes" -fi - -# Copy vhosts file -if [[ "$(ls -A /vhosts 2>/dev/null)" ]]; then - info "Found vhost definitions in /vhosts. Copying them to /opt/bitnami/apache/conf/vhosts" - cp -r /vhosts/* /opt/bitnami/apache/conf/vhosts -fi - -# Mount certificate files -if [[ -d "/opt/bitnami/apache/certs" ]]; then - warn "The directory '/opt/bitnami/apache/certs' was externally mounted. This is a legacy configuration and will be deprecated soon. Please mount certificate files at '/opt/bitnami/apache/conf/bitnami/certs' instead. Find an example at: https://github.com/bitnami/bitnami-docker-apache#using-custom-ssl-certificates" - warn "Restoring certificates at '/opt/bitnami/apache/certs' to '/opt/bitnami/apache/conf/bitnami/certs'..." - rm -rf /opt/bitnami/apache/conf/bitnami/certs - ln -sf /opt/bitnami/apache/certs /opt/bitnami/apache/conf/bitnami/certs -elif [ "$(ls -A /certs 2>/dev/null)" ]; then - info "Mounting certificates files from /certs..." - rm -rf /opt/bitnami/apache/conf/bitnami/certs - ln -sf /certs /opt/bitnami/apache/conf/bitnami/certs -fi - -# Mount application files -if [ "$(ls -A /app 2>/dev/null)" ]; then - info "Mounting application files from /app..." - rm -rf /opt/bitnami/apache/htdocs - ln -sf /app /opt/bitnami/apache/htdocs -fi diff --git a/bitnami/apache/2.4/ol-7/rootfs/app-entrypoint.sh b/bitnami/apache/2.4/ol-7/rootfs/app-entrypoint.sh deleted file mode 100755 index 82834a284e11..000000000000 --- a/bitnami/apache/2.4/ol-7/rootfs/app-entrypoint.sh +++ /dev/null @@ -1,14 +0,0 @@ -#!/bin/bash -e - -. /opt/bitnami/base/functions -. /opt/bitnami/base/helpers - -print_welcome_page - -if [[ "$1" == "nami" && "$2" == "start" ]] || [[ "$1" == "httpd" ]]; then - . /apache-init.sh - nami_initialize apache - info "Starting apache... " -fi - -exec tini -- "$@" diff --git a/bitnami/apache/2.4/ol-7/rootfs/entrypoint.sh b/bitnami/apache/2.4/ol-7/rootfs/entrypoint.sh new file mode 100755 index 000000000000..4df5e01a5c54 --- /dev/null +++ b/bitnami/apache/2.4/ol-7/rootfs/entrypoint.sh @@ -0,0 +1,27 @@ +#!/bin/bash + +# shellcheck disable=SC1091 + +set -o errexit +set -o nounset +set -o pipefail +#set -o xtrace + +# Load libraries +. /libapache.sh +. /libbitnami.sh +. /liblog.sh + +# Load Apache environment +eval "$(apache_env)" + +print_welcome_page + +if [[ "$*" == *"/run.sh"* ]]; then + info "** Starting Apache setup **" + /setup.sh + info "** Apache setup finished! **" +fi + +echo "" +exec "$@" diff --git a/bitnami/apache/2.4/ol-7/rootfs/libapache.sh b/bitnami/apache/2.4/ol-7/rootfs/libapache.sh new file mode 100644 index 000000000000..c62aedb77a44 --- /dev/null +++ b/bitnami/apache/2.4/ol-7/rootfs/libapache.sh @@ -0,0 +1,261 @@ +#!/bin/bash +# +# Bitnami Apache library + +# shellcheck disable=SC1090 +# shellcheck disable=SC1091 + +# Load Generic Libraries +. /libfs.sh +. /liblog.sh +. /libos.sh +. /libvalidations.sh + +######################## +# Load global variables used on Apache configuration. +# Globals: +# APACHE_* +# Arguments: +# None +# Returns: +# Series of exports to be used as 'eval' arguments +######################### +apache_env() { + cat <<"EOF" +# Bitnami debug +export MODULE=apache +export BITNAMI_DEBUG="${BITNAMI_DEBUG:-false}" + +# Paths +export APACHE_BASE_DIR="/opt/bitnami/apache" +export APACHE_BIN_DIR="${APACHE_BASE_DIR}/bin" +export APACHE_CONF_DIR="${APACHE_BASE_DIR}/conf" +export APACHE_LOG_DIR="${APACHE_BASE_DIR}/logs" +export APACHE_TMP_DIR="${APACHE_BASE_DIR}/tmp" +export APACHE_VHOSTS_DIR="${APACHE_CONF_DIR}/vhosts" +export APACHE_HTACCESS_DIR="${APACHE_VHOSTS_DIR}/htaccess" +export APACHE_CONF_FILE="${APACHE_CONF_DIR}/httpd.conf" +export APACHE_PID_FILE="${APACHE_TMP_DIR}/httpd.pid" + +# Users +export APACHE_DAEMON_USER="daemon" +export APACHE_DAEMON_GROUP="daemon" + +# Configuration +export APACHE_HTTP_PORT_NUMBER="${APACHE_HTTP_PORT_NUMBER:-}" +export APACHE_HTTPS_PORT_NUMBER="${APACHE_HTTPS_PORT_NUMBER:-}" +EOF +} + +######################## +# Validate settings in APACHE_* env vars +# Globals: +# APACHE_* +# Arguments: +# None +# Returns: +# None +######################### +apache_validate() { + debug "Validating settings in APACHE_* environment variables..." + local error_code=0 + + # Auxiliary functions + print_validation_error() { + error "$1" + error_code=1 + } + + check_allowed_port() { + local port_var="${1:?missing port variable}" + local validate_port_args=() + ! am_i_root && validate_port_args+=("-unprivileged") + if ! err=$(validate_port "${validate_port_args[@]}" "${!port_var}"); then + print_validation_error "An invalid port was specified in the environment variable ${port_var}: ${err}." + fi + } + + [[ -w "$APACHE_CONF_FILE" ]] || warn "The Apache configuration file '${APACHE_CONF_FILE}' is not writable. Configurations based on environment variables will not be applied." + + if [[ -n "$APACHE_HTTP_PORT_NUMBER" ]] && [[ -n "$APACHE_HTTPS_PORT_NUMBER" ]]; then + if [[ "$APACHE_HTTP_PORT_NUMBER" -eq "$APACHE_HTTPS_PORT_NUMBER" ]]; then + print_validation_error "APACHE_HTTP_PORT_NUMBER and APACHE_HTTPS_PORT_NUMBER are bound to the same port!" + fi + fi + + [[ -n "$APACHE_HTTP_PORT_NUMBER" ]] && check_allowed_port APACHE_HTTP_PORT_NUMBER + [[ -n "$APACHE_HTTPS_PORT_NUMBER" ]] && check_allowed_port APACHE_HTTPS_PORT_NUMBER + + [[ "$error_code" -eq 0 ]] || exit "$error_code" +} + +######################## +# Configure Apache's HTTP port +# Globals: +# APACHE_CONF_FILE, APACHE_CONF_DIR +# Arguments: +# None +# Returns: +# None +######################### +apache_configure_http_port() { + local -r port=${1:?missing port} + local -r listen_exp="s|^\s*Listen\s+([^:]*:)?[0-9]+\s*$|Listen ${port}|" + local -r server_name_exp="s|^\s*#?\s*ServerName\s+([^:\s]+)(:[0-9]+)?$|ServerName \1:${port}|" + local -r vhost_exp="s|VirtualHost\s+([^:>]+)(:[0-9]+)|VirtualHost \1:${port}|" + local apache_configuration + + if [[ -w "$APACHE_CONF_FILE" ]]; then + debug "Configuring port ${port} on file ${APACHE_CONF_FILE}" + apache_configuration="$(sed -E -e "$listen_exp" -e "$server_name_exp" "$APACHE_CONF_FILE")" + echo "$apache_configuration" > "$APACHE_CONF_FILE" + fi + + if [[ -w "${APACHE_CONF_DIR}/bitnami/bitnami.conf" ]]; then + debug "Configuring port ${port} on file ${APACHE_CONF_DIR}/bitnami/bitnami.conf" + apache_configuration="$(sed -E "$vhost_exp" "${APACHE_CONF_DIR}/bitnami/bitnami.conf")" + echo "$apache_configuration" > "${APACHE_CONF_DIR}/bitnami/bitnami.conf" + fi + + if [[ -w "${APACHE_VHOSTS_DIR}/00_status-vhost.conf" ]]; then + debug "Configuring port ${port} on file ${APACHE_VHOSTS_DIR}/00_status-vhost.conf" + apache_configuration="$(sed -E "$vhost_exp" "${APACHE_VHOSTS_DIR}/00_status-vhost.conf")" + echo "$apache_configuration" > "${APACHE_VHOSTS_DIR}/00_status-vhost.conf" + fi +} + +######################## +# Configure Apache's HTTPS port +# Globals: +# APACHE_CONF_DIR +# Arguments: +# None +# Returns: +# None +######################### +apache_configure_https_port() { + local -r port=${1:?missing port} + local -r listen_exp="s|^\s*Listen\s+([^:]*:)?[0-9]+\s*$|Listen ${port}|" + local -r vhost_exp="s|VirtualHost\s+([^:>]+)(:[0-9]+)|VirtualHost \1:${port}|" + local apache_configuration + + if [[ -w "${APACHE_CONF_DIR}/bitnami/bitnami-ssl.conf" ]]; then + debug "Configuring port ${port} on file ${APACHE_CONF_DIR}/bitnami/bitnami-ssl.conf" + apache_configuration="$(sed -E -e "$listen_exp" -e "$vhost_exp" "${APACHE_CONF_DIR}/bitnami/bitnami-ssl.conf")" + echo "$apache_configuration" > "${APACHE_CONF_DIR}/bitnami/bitnami-ssl.conf" + fi +} + +######################## +# Ensure Apache is initialized +# Globals: +# APACHE_* +# Arguments: +# None +# Returns: +# None +######################### +apache_initialize() { + # Copy vhosts files + if ! is_dir_empty "/vhosts"; then + info "Found mounted virtual hosts in '/vhosts'. Copying them to '/opt/bitnami/apache/conf/vhosts'" + cp -r "/vhosts/." "${APACHE_VHOSTS_DIR}" + fi + + # Mount certificate files + if ! is_dir_empty "/opt/bitnami/apache/certs"; then + warn "The directory '/opt/bitnami/apache/certs' was externally mounted. This is a legacy configuration and will be deprecated soon. Please mount certificate files at '/certs' instead. Find an example at: https://github.com/bitnami/bitnami-docker-apache#using-custom-ssl-certificates" + warn "Restoring certificates at '/opt/bitnami/apache/certs' to '/opt/bitnami/apache/conf/bitnami/certs'..." + rm -rf "/opt/bitnami/apache/conf/bitnami/certs" + ln -sf "/opt/bitnami/apache/certs" "/opt/bitnami/apache/conf/bitnami/certs" + elif ! is_dir_empty "/certs"; then + info "Mounting certificates files from '/certs'..." + rm -rf "/opt/bitnami/apache/conf/bitnami/certs" + ln -sf "/certs" "/opt/bitnami/apache/conf/bitnami/certs" + fi + + # Mount application files + if ! is_dir_empty "/app"; then + info "Mounting application files from '/app'..." + rm -rf "/opt/bitnami/apache/htdocs" + ln -sf "/app" "/opt/bitnami/apache/htdocs" + fi + + # Port configuration + [[ -n "$APACHE_HTTP_PORT_NUMBER" ]] && info "Configuring the HTTP port" && apache_configure_http_port "$APACHE_HTTP_PORT_NUMBER" + [[ -n "$APACHE_HTTPS_PORT_NUMBER" ]] && info "Configuring the HTTPS port" && apache_configure_https_port "$APACHE_HTTPS_PORT_NUMBER" + + # Restore persisted configuration files (deprecated) + if ! is_dir_empty "/bitnami/apache/conf"; then + warn "The directory '/bitnami/apache/conf' was externally mounted. This is a legacy configuration and will be deprecated soon. Please mount certificate files at '${APACHE_CONF_DIR}' instead. Find an example at: https://github.com/bitnami/bitnami-docker-apache#full-configuration" + warn "Restoring configuration at '/bitnami/apache/conf' to '${APACHE_CONF_DIR}'..." + rm -rf "$APACHE_CONF_DIR" + ln -sf "/bitnami/apache/conf" "$APACHE_CONF_DIR" + fi +} + +######################## +# Enable a module in the Apache configuration file +# Globals: +# APACHE_CONF_FILE +# Arguments: +# $1 - Module to enable +# Returns: +# None +######################### +apache_enable_module() { + local -r module="${1:?missing module}" + local -r expression="s|^\s*#+\s*(LoadModule\s+[^ ]+\s+modules/${module}\.so.*)$|\1|" + local apache_configuration + + debug "Enabling module '${module}'..." + + if [[ -w "$APACHE_CONF_FILE" ]]; then + apache_configuration="$(sed -E "$expression" "$APACHE_CONF_FILE")" + echo "$apache_configuration" > "$APACHE_CONF_FILE" + fi +} + +######################## +# Disable a module in the Apache configuration file +# Globals: +# APACHE_CONF_FILE +# Arguments: +# $1 - Module to disable +# Returns: +# None +######################### +apache_disable_module() { + local -r module="${1:?missing module}" + local -r expression="s|^\s*(LoadModule\s+[^ ]+\s+modules/${module}\.so.*)$|#\1|" + local apache_configuration + + debug "Disabling module '${module}'..." + + if [[ -w "$APACHE_CONF_FILE" ]]; then + apache_configuration="$(sed -E "$expression" "$APACHE_CONF_FILE")" + echo "$apache_configuration" > "$APACHE_CONF_FILE" + fi +} + +######################## +# Enable a configuration entry in the Apache configuration file +# Globals: +# APACHE_CONF_FILE +# Arguments: +# $1 - Entry to enable +# Returns: +# None +######################### +apache_enable_configuration_entry() { + local -r entry="${1:?missing entry}" + local -r expression="s|^\s*#+\s*(${entry}\s*)$|\1|" + local apache_configuration + + debug "Enabling entry '${entry}'..." + + if [[ -w "$APACHE_CONF_FILE" ]]; then + apache_configuration="$(sed -E "$expression" "$APACHE_CONF_FILE")" + echo "$apache_configuration" > "$APACHE_CONF_FILE" + fi +} diff --git a/bitnami/apache/2.4/ol-7/rootfs/opt/bitnami/apache/conf/bitnami-templates/bitnami-ssl.conf.tpl b/bitnami/apache/2.4/ol-7/rootfs/opt/bitnami/apache/conf/bitnami-templates/bitnami-ssl.conf.tpl new file mode 100644 index 000000000000..c783a0cd5069 --- /dev/null +++ b/bitnami/apache/2.4/ol-7/rootfs/opt/bitnami/apache/conf/bitnami-templates/bitnami-ssl.conf.tpl @@ -0,0 +1,30 @@ +# Default SSL Virtual Host configuration. + + + LoadModule ssl_module modules/mod_ssl.so + + +Listen 443 +SSLProtocol all -SSLv2 -SSLv3 +SSLHonorCipherOrder on +SSLCipherSuite "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS !EDH !RC4" +SSLPassPhraseDialog builtin +SSLSessionCache "shmcb:{{APACHE_LOG_DIR}}/ssl_scache(512000)" +SSLSessionCacheTimeout 300 + + + DocumentRoot "{{APACHE_BASE_DIR}}/htdocs" + SSLEngine on + SSLCertificateFile "{{APACHE_CONF_DIR}}/bitnami/certs/server.crt" + SSLCertificateKeyFile "{{APACHE_CONF_DIR}}/bitnami/certs/server.key" + + + Options Indexes FollowSymLinks + AllowOverride All + Require all granted + + + # Error Documents + ErrorDocument 503 /503.html + + diff --git a/bitnami/apache/2.4/ol-7/rootfs/opt/bitnami/apache/conf/bitnami-templates/bitnami.conf.tpl b/bitnami/apache/2.4/ol-7/rootfs/opt/bitnami/apache/conf/bitnami-templates/bitnami.conf.tpl new file mode 100644 index 000000000000..1b74b53bb6d7 --- /dev/null +++ b/bitnami/apache/2.4/ol-7/rootfs/opt/bitnami/apache/conf/bitnami-templates/bitnami.conf.tpl @@ -0,0 +1,19 @@ +# Default Virtual Host configuration. + +# Let apache know we're behind a SSL reverse proxy +SetEnvIf X-Forwarded-Proto https HTTPS=on + + + DocumentRoot "{{APACHE_BASE_DIR}}/htdocs" + + Options Indexes FollowSymLinks + AllowOverride All + Require all granted + + + # Error Documents + ErrorDocument 503 /503.html + + + +Include "{{APACHE_CONF_DIR}}/bitnami/bitnami-ssl.conf" diff --git a/bitnami/apache/2.4/ol-7/rootfs/opt/bitnami/apache/conf/bitnami/certs/server.crt b/bitnami/apache/2.4/ol-7/rootfs/opt/bitnami/apache/conf/bitnami/certs/server.crt new file mode 100644 index 000000000000..466bbeab9ff4 --- /dev/null +++ b/bitnami/apache/2.4/ol-7/rootfs/opt/bitnami/apache/conf/bitnami/certs/server.crt @@ -0,0 +1,17 @@ +-----BEGIN CERTIFICATE----- +MIICqDCCAZACCQCz8T3726LYsjANBgkqhkiG9w0BAQUFADAWMRQwEgYDVQQDDAtl +eGFtcGxlLmNvbTAeFw0xMjExMTQxMTE4MjdaFw0yMjExMTIxMTE4MjdaMBYxFDAS +BgNVBAMMC2V4YW1wbGUuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC +AQEA5NHl5TfZtO6zugau2tp5mWIcQYJhuwKTmYeXDLYAGJpoD2SixwPL5c8glneI +Rz1N2EQIZVeaWGbS0FLFlPdOkCkplpW9isYVC4XqKrk5b4HW4+YC+Cup0k+Kd4NM +eZOTUvWr5N6dIpdibkVumBc/pao8VtdwywlCL/PwGRsQtkXrRICzdtRa3MXqTmEF +foyVCGgBRtronlB9x4Plfb8Psk4GrPkjrWYgO8peKrl0O5+F+sYg7Gj95zCH73BQ +ANzCVNrgD9fs9cyx3ru9CUdEoIxAAJwQFkjm7xr6xqhIlSgnQ7B0uOSTNRcXY6rw +s+PxGneec/kRPRgzjC/QHY6n8QIDAQABMA0GCSqGSIb3DQEBBQUAA4IBAQBbyMqF +RDsX8zX1EW5qA8AQ8Jb2XqWrVeSO8blMV3WagJ2airMm3+c/82FCwsd/cZ08UXhA +/Kou0gi/F16tV26PiiUdp590Qao3d8H2qxc1rzzULimZPgxH4iA4vRyMHtyZN6h4 +7Fdn7O9xNMPu8siOz8rrzsEdEX5URbOMkDLCZsbTIUWVv2XmqrR0K10d5VuLWeLi +r+4G6c6jpa244WmqT9ClqceJ12G1Wnmezy7ybiW0l5M2iuIKFEiRP5Hj0J15o1I2 +pXAbKysAdWRHsJSQOtcgO8Vh9k0wo3tKg4HDp1hbrEzoGzOv92Vjg3lG8X+hzbMJ +MQURotHkD4Gk57wL +-----END CERTIFICATE----- diff --git a/bitnami/apache/2.4/ol-7/rootfs/opt/bitnami/apache/conf/bitnami/certs/server.key b/bitnami/apache/2.4/ol-7/rootfs/opt/bitnami/apache/conf/bitnami/certs/server.key new file mode 100644 index 000000000000..1904ca7090ae --- /dev/null +++ b/bitnami/apache/2.4/ol-7/rootfs/opt/bitnami/apache/conf/bitnami/certs/server.key @@ -0,0 +1,27 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIEpAIBAAKCAQEA5NHl5TfZtO6zugau2tp5mWIcQYJhuwKTmYeXDLYAGJpoD2Si +xwPL5c8glneIRz1N2EQIZVeaWGbS0FLFlPdOkCkplpW9isYVC4XqKrk5b4HW4+YC ++Cup0k+Kd4NMeZOTUvWr5N6dIpdibkVumBc/pao8VtdwywlCL/PwGRsQtkXrRICz +dtRa3MXqTmEFfoyVCGgBRtronlB9x4Plfb8Psk4GrPkjrWYgO8peKrl0O5+F+sYg +7Gj95zCH73BQANzCVNrgD9fs9cyx3ru9CUdEoIxAAJwQFkjm7xr6xqhIlSgnQ7B0 +uOSTNRcXY6rws+PxGneec/kRPRgzjC/QHY6n8QIDAQABAoIBACo3G131tuGtpFTu +xLW11vdYZXQklNlGuWp63IBI162yVv54B5wF9Ek6tH1uIiNaiREcRBxGVEB4/+3V +R4SbN9Ba98RDbgu7TcipdTFaqOEMqFO1bNjSXWtip14zSBmqA2Ur1AHOnFj0awGD +J8tBhsmOpcEz0Ch1VdO5ApPvLV8jH9wQiMI/Q6yYQMtmzTMCUMYdMqe+LOziIOzL +oqN/WXnKL5E5TiO1bIxSpWPbT+IVn1c3/PShmvmRrLWsFUQlkwXJKMYZPO+rCCfe +b+Q9lMLMnj+vOnM3z16WC3aiiJGCZjVTvQ+x22YrBTRPxZmHO2eZ4H/cUQM7Y/tw +I7RjEM0CgYEA9Kxt1t8bWonzBii3P0rwyx0IECvg63k+pp4BpxpeWQKL7NVdSzk3 +AyJVcNjUoZgi2kVPdxzZGLrnZfuZ691xQB3oZF0LwBzQ4GFHkTRCB0s8ZA5lcJaI +9pBu91bhz2VOZSTeQWpdMMURjXVyTXZInU1mwzmjVOIAYmO33shH9gcCgYEA72mX +UoIrFPLkOTSZOb7UbjYH01vf6ThQiYCEWg7mD3CbY7n9oobIcQMzNnt7xN4wOl/V +eKfZ7G56q8enfqm45Dyo9aCBCENVzmwO8wLe5UnvJBNL20KjvtwG8w5A6UZQzC7p +3QS+U2zxVQNEeaE6a8Wrq2d1PlhVAHYw8odgNEcCgYBN38+58xrmrz99d1oTuAt5 +6kyVsRGOgPGS4HmQMRFUbT4R7DscZSKASd4945WRtTVqmWLYe4MRnvNlfzYXX0zb +ZmmAAClsRP+qWuwHaEWXwrd+9SIOOqtvJrta1/lZJFpWUOy4j10H18Flb7sosnwc +LPWHL4Iv0xriNfDg5Iga4wKBgQDLJBU59SkJBW+Q+oho7vrg6QeK15IOGbJ8eYfT +woCC6VFwNQh5N1QsUELMH8rNKJpTba18SzAl5ThBOY9tciVnw/C5Og9CK6BLHnUw +zWbDtxAq1BSxXsIB2EAtTBLX3MoB9myJFNVJhE7hi3w2mA8yEu+u6IIa/Ghjk+XE +ZAnFUQKBgQDjMinRZrK5wA09jcetI+dNiLnKHoQG6OaXDDsNCatex0O2F36BvVXE +P78qDz/i5aBMWsLx6VDvWJAkBIpZoNS5UsOn17tFaocGUSkcm48bs8Dn6VvsE8Bd +XMPAHyKuILlKYifBvNq5T22KhqKX7yGmk/AeOOiKr2KeMnh27JYrCA== +-----END RSA PRIVATE KEY----- diff --git a/bitnami/apache/2.4/ol-7/rootfs/opt/bitnami/apache/conf/deflate.conf b/bitnami/apache/2.4/ol-7/rootfs/opt/bitnami/apache/conf/deflate.conf new file mode 100644 index 000000000000..ca9bc1d6e4b6 --- /dev/null +++ b/bitnami/apache/2.4/ol-7/rootfs/opt/bitnami/apache/conf/deflate.conf @@ -0,0 +1,5 @@ + + AddOutputFilterByType DEFLATE text/html text/plain text/xml text/css + AddOutputFilterByType DEFLATE application/x-javascript application/javascript application/ecmascript + AddOutputFilterByType DEFLATE application/rss+xml + diff --git a/bitnami/apache/2.4/ol-7/rootfs/opt/bitnami/apache/conf/vhosts/00_status-vhost.conf b/bitnami/apache/2.4/ol-7/rootfs/opt/bitnami/apache/conf/vhosts/00_status-vhost.conf new file mode 100644 index 000000000000..a0b032243bd2 --- /dev/null +++ b/bitnami/apache/2.4/ol-7/rootfs/opt/bitnami/apache/conf/vhosts/00_status-vhost.conf @@ -0,0 +1,6 @@ + + ServerName status.localhost + + SetHandler server-status + + diff --git a/bitnami/apache/2.4/ol-7/rootfs/postunpack.sh b/bitnami/apache/2.4/ol-7/rootfs/postunpack.sh new file mode 100755 index 000000000000..476cfc4b7457 --- /dev/null +++ b/bitnami/apache/2.4/ol-7/rootfs/postunpack.sh @@ -0,0 +1,93 @@ +#!/bin/bash + +# shellcheck disable=SC1091 + +set -o errexit +set -o nounset +set -o pipefail +# set -o xtrace # Uncomment this line for debugging purpose + +. /libapache.sh +. /libfs.sh +. /liblog.sh + +######################## +# Sets up the default Bitnami configuration +# Globals: +# APACHE_* +# Arguments: +# None +# Returns: +# None +######################### +apache_setup_bitnami_config() { + local -r template_dir="${APACHE_CONF_DIR}/bitnami-templates" + + # Enable Apache modules + modules_to_enable="mod_version mod_socache_shmcb mod_negotiation mod_ssl mod_slotmem_shm mod_deflate mod_rewrite mod_proxy.* mod_status" + for module in $modules_to_enable; do + apache_enable_module "$module" + done + + # Disable Apache modules + modules_to_disable="mod_proxy_hcheck mod_http2" + for module in $modules_to_disable; do + apache_disable_module "$module" + done + + apache_enable_configuration_entry "Include conf/extra/httpd-default.conf" + + # Bitnami customizations + render-template "${template_dir}/bitnami.conf.tpl" > "${APACHE_CONF_DIR}/bitnami/bitnami.conf" + render-template "${template_dir}/bitnami-ssl.conf.tpl" > "${APACHE_CONF_DIR}/bitnami/bitnami-ssl.conf" + rm -rf "$template_dir" + + cat >>"${APACHE_CONF_FILE}" <>"${APACHE_CONF_FILE}" < + RequestHeader unset Proxy + +EOF +} + +# Load Apache environment +eval "$(apache_env)" + +apache_setup_bitnami_config + +# Ensure non-root user has write permissions on a set of directories +for dir in "$APACHE_TMP_DIR" "$APACHE_CONF_DIR" "$APACHE_LOG_DIR" "$APACHE_VHOSTS_DIR" "$APACHE_HTACCESS_DIR"; do + ensure_dir_exists "$dir" + chmod -R g+rwX "$dir" +done + +ln -sf "/dev/stdout" "${APACHE_LOG_DIR}/access_log" +ln -sf "/dev/stderr" "${APACHE_LOG_DIR}/error_log" diff --git a/bitnami/apache/2.4/ol-7/rootfs/run.sh b/bitnami/apache/2.4/ol-7/rootfs/run.sh new file mode 100755 index 000000000000..78850cc9079c --- /dev/null +++ b/bitnami/apache/2.4/ol-7/rootfs/run.sh @@ -0,0 +1,18 @@ +#!/bin/bash + +# shellcheck disable=SC1091 + +set -o errexit +set -o nounset +set -o pipefail +# set -o xtrace # Uncomment this line for debugging purpose + +# Load libraries +. /libapache.sh +. /liblog.sh + +# Load Apache environment +eval "$(apache_env)" + +info "** Starting apache **" +exec "${APACHE_BIN_DIR}/httpd" -f "$APACHE_CONF_FILE" -D "FOREGROUND" diff --git a/bitnami/apache/2.4/ol-7/rootfs/setup.sh b/bitnami/apache/2.4/ol-7/rootfs/setup.sh new file mode 100755 index 000000000000..ba149ff282aa --- /dev/null +++ b/bitnami/apache/2.4/ol-7/rootfs/setup.sh @@ -0,0 +1,20 @@ +#!/bin/bash + +# shellcheck disable=SC1091 + +set -o errexit +set -o nounset +set -o pipefail +# set -o xtrace # Uncomment this line for debugging purpose + +# Load libraries +. /libapache.sh + +# Load Apache environment +eval "$(apache_env)" + +# Ensure apache environment variables are valid +apache_validate + +# Ensure apache is initialized +apache_initialize diff --git a/bitnami/apache/README.md b/bitnami/apache/README.md index a0160b6453c7..e82a59cf9a70 100644 --- a/bitnami/apache/README.md +++ b/bitnami/apache/README.md @@ -45,9 +45,11 @@ Non-root container images add an extra layer of security and are generally recom Learn more about the Bitnami tagging policy and the difference between rolling tags and immutable tags [in our documentation page](https://docs.bitnami.com/containers/how-to/understand-rolling-tags-containers/). -* [`2.4-ol-7`, `2.4.41-ol-7-r41` (2.4/ol-7/Dockerfile)](https://github.com/bitnami/bitnami-docker-apache/blob/2.4.41-ol-7-r41/2.4/ol-7/Dockerfile) +* [`2.4-ol-7`, `2.4.41-ol-7-r42` (2.4/ol-7/Dockerfile)](https://github.com/bitnami/bitnami-docker-apache/blob/2.4.41-ol-7-r42/2.4/ol-7/Dockerfile) * [`2.4-debian-9`, `2.4.41-debian-9-r39`, `2.4`, `2.4.41`, `2.4.41-r39`, `latest` (2.4/debian-9/Dockerfile)](https://github.com/bitnami/bitnami-docker-apache/blob/2.4.41-debian-9-r39/2.4/debian-9/Dockerfile) +Subscribe to project updates by watching the [bitnami/apache GitHub repo](https://github.com/bitnami/bitnami-docker-apache). + # Get this image The recommended way to get the Bitnami Apache Docker Image is to pull the prebuilt image from the [Docker Hub Registry](https://hub.docker.com/r/bitnami/apache). @@ -288,20 +290,22 @@ You can configure the containers [logging driver](https://docs.docker.com/engine The Bitnami Apache Docker image is built using a Dockerfile with the structure below: ```Dockerfile -FROM bitnami/minideb-extras +FROM bitnami/minideb-extras-base ... # Install required system packages and dependencies RUN install_packages xxx yyy zzz -RUN bitnami-pkg unpack apache-aa.bb.cc-dd +RUN . ./libcomponent.sh && component_unpack "apache" "aa.bb.cc-dd" ... COPY rootfs / -ENV APACHE_PARAMETER="xyz" ... -VOLUME [ "/app", "/certs" ] + +ENV ... + EXPOSE 8080 8443 + WORKDIR /app USER 1001 -ENTRYPOINT [ "/app-entrypoint.sh" ] -CMD [ "httpd", "-f", "/opt/bitnami/apache/conf/httpd.conf", "-DFOREGROUND" ] +ENTRYPOINT [ "/entrypoint.sh" ] +CMD [ "/run.sh" ] ``` The Dockerfile has several sections related to: @@ -360,8 +364,8 @@ RUN sed -i -r 's/#LoadModule ratelimit_module/LoadModule ratelimit_module/' /opt ## Modify the ports used by Apache by default # It is also possible to change these environment variables at runtime -ENV APACHE_HTTP_PORT_NUMBER=8181 -EXPOSE 8181 8143 +ENV APACHE_HTTP_PORT_NUMBER=8181 +EXPOSE 8181 8443 ## Modify the default container user USER 1002 @@ -385,7 +389,7 @@ services: depends_on: - cloner volumes: - - ./config/my_vhost.conf:/opt/bitnami/apache/conf/vhosts/my_vhost.conf:ro + - ./config/my_vhost.conf:/vhosts/my_vhost.conf:ro - ./certs:/certs - data:/app cloner: @@ -471,6 +475,10 @@ $ docker-compose up apache # Notable Changes +## 2.4.41-debian-9-r40 and 2.4.41-ol-7-r42 + +- Decrease the size of the container. The configuration logic is now based on Bash scripts in the `rootfs/` folder. + ## 2.4.39-debian-9-r40 and 2.4.39-ol-7-r50 - This image has been adapted so it's easier to customize. See the [Customize this image](#customize-this-image) section for more information.