2.4.43-debian-10-r26 release

bitnami/apache/2.4/debian-10/Dockerfile

@@ -21,8 +21,8 @@ ENV APACHE_ENABLE_CUSTOM_PORTS="no" \
     APACHE_HTTPS_PORT_NUMBER="" \
     APACHE_HTTP_PORT_NUMBER="" \
     BITNAMI_APP_NAME="apache" \
-    BITNAMI_IMAGE_VERSION="2.4.43-debian-10-r25" \
-    PATH="/opt/bitnami/common/bin:/opt/bitnami/common/bin:/opt/bitnami/apache/bin:$PATH"
+    BITNAMI_IMAGE_VERSION="2.4.43-debian-10-r26" \
+    PATH="/opt/bitnami/common/bin:/opt/bitnami/apache/bin:$PATH"
 
 EXPOSE 8080 8443
 

bitnami/apache/2.4/debian-10/rootfs/opt/bitnami/scripts/apache-env.sh

@@ -0,0 +1,62 @@
+#!/bin/bash
+#
+# Environment configuration for apache
+
+# The values for all environment variables will be set in the below order of precedence
+# 1. Custom environment variables defined below after Bitnami defaults
+# 2. Constants defined in this file (environment variables with no default), i.e. BITNAMI_ROOT_DIR
+# 3. Environment variables overridden via external files using *_FILE variables (see below)
+# 4. Environment variables set externally (i.e. current Bash context/Dockerfile/userdata)
+
+export BITNAMI_ROOT_DIR="/opt/bitnami"
+
+# Logging configuration
+export MODULE="apache"
+export BITNAMI_DEBUG="${BITNAMI_DEBUG:-false}"
+
+# By setting an environment variable matching *_FILE to a file path, the prefixed environment
+# variable will be overridden with the value specified in that file
+apache_env_vars=(
+    APACHE_HTTP_PORT_NUMBER
+    APACHE_HTTPS_PORT_NUMBER
+)
+for env_var in "${apache_env_vars[@]}"; do
+    file_env_var="${env_var}_FILE"
+    if [[ -n "${!file_env_var:-}" ]]; then
+        export "${env_var}=$(< "${!file_env_var}")"
+        unset "${file_env_var}"
+    fi
+done
+unset apache_env_vars
+export WEB_SERVER_TYPE="apache"
+
+# Paths
+export APACHE_BASE_DIR="${BITNAMI_ROOT_DIR}/apache"
+export APACHE_BIN_DIR="${APACHE_BASE_DIR}/bin"
+export APACHE_CONF_DIR="${APACHE_BASE_DIR}/conf"
+export APACHE_HTDOCS_DIR="${APACHE_BASE_DIR}/htdocs"
+export APACHE_TMP_DIR="${APACHE_BASE_DIR}/tmp"
+export APACHE_LOGS_DIR="${APACHE_BASE_DIR}/logs"
+export APACHE_VHOSTS_DIR="${APACHE_CONF_DIR}/vhosts"
+export APACHE_HTACCESS_DIR="${APACHE_VHOSTS_DIR}/htaccess"
+export APACHE_CONF_FILE="${APACHE_CONF_DIR}/httpd.conf"
+export APACHE_PID_FILE="${APACHE_TMP_DIR}/httpd.pid"
+export PATH="${APACHE_BIN_DIR}:${BITNAMI_ROOT_DIR}/common/bin:${PATH}"
+
+# System users (when running with a privileged user)
+export APACHE_DAEMON_USER="daemon"
+export WEB_SERVER_DAEMON_USER="$APACHE_DAEMON_USER"
+export APACHE_DAEMON_GROUP="daemon"
+export WEB_SERVER_DAEMON_GROUP="$APACHE_DAEMON_GROUP"
+export APACHE_DEFAULT_HTTP_PORT_NUMBER="8080" # only used at build time
+export WEB_SERVER_DEFAULT_HTTP_PORT_NUMBER="$APACHE_DEFAULT_HTTP_PORT_NUMBER"
+export APACHE_DEFAULT_HTTPS_PORT_NUMBER="8443" # only used at build time
+export WEB_SERVER_DEFAULT_HTTPS_PORT_NUMBER="$APACHE_DEFAULT_HTTPS_PORT_NUMBER"
+
+# Apache configuration
+export APACHE_HTTP_PORT_NUMBER="${APACHE_HTTP_PORT_NUMBER:-}"
+export WEB_SERVER_HTTP_PORT_NUMBER="$APACHE_HTTP_PORT_NUMBER"
+export APACHE_HTTPS_PORT_NUMBER="${APACHE_HTTPS_PORT_NUMBER:-}"
+export WEB_SERVER_HTTPS_PORT_NUMBER="$APACHE_HTTPS_PORT_NUMBER"
+
+# Custom environment variables may be defined below

bitnami/apache/2.4/debian-10/rootfs/opt/bitnami/scripts/apache/bitnami-templates/bitnami-ssl.conf.tpl

@@ -9,7 +9,7 @@ SSLProtocol all -SSLv2 -SSLv3
 SSLHonorCipherOrder on
 SSLCipherSuite "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS !EDH !RC4"
 SSLPassPhraseDialog  builtin
-SSLSessionCache "shmcb:{{APACHE_LOG_DIR}}/ssl_scache(512000)"
+SSLSessionCache "shmcb:{{APACHE_LOGS_DIR}}/ssl_scache(512000)"
 SSLSessionCacheTimeout  300
 
 <VirtualHost _default_:443>

bitnami/apache/2.4/debian-10/rootfs/opt/bitnami/scripts/apache/entrypoint.sh

@@ -13,7 +13,7 @@ set -o pipefail
 . /opt/bitnami/scripts/liblog.sh
 
 # Load Apache environment
-eval "$(apache_env)"
+. /opt/bitnami/scripts/apache-env.sh
 
 print_welcome_page
 

bitnami/apache/2.4/debian-10/rootfs/opt/bitnami/scripts/apache/postunpack.sh

@@ -7,6 +7,7 @@ set -o nounset
 set -o pipefail
 # set -o xtrace # Uncomment this line for debugging purpose
 
+# Load libraries
 . /opt/bitnami/scripts/libapache.sh
 . /opt/bitnami/scripts/libfs.sh
 . /opt/bitnami/scripts/liblog.sh
@@ -21,7 +22,7 @@ set -o pipefail
 #   None
 #########################
 apache_setup_bitnami_config() {
-    local -r template_dir="${APACHE_CONF_DIR}/bitnami-templates"
+    local -r template_dir="${BITNAMI_ROOT_DIR}/scripts/apache/bitnami-templates"
 
     # Enable Apache modules
     modules_to_enable="mod_version mod_socache_shmcb mod_negotiation mod_ssl mod_slotmem_shm mod_deflate mod_rewrite mod_proxy.* mod_status"
@@ -38,21 +39,23 @@ apache_setup_bitnami_config() {
     apache_enable_configuration_entry "Include conf/extra/httpd-default.conf"
 
     # Bitnami customizations
-    /opt/bitnami/common/bin/render-template "${template_dir}/bitnami.conf.tpl" > "${APACHE_CONF_DIR}/bitnami/bitnami.conf"
-    /opt/bitnami/common/bin/render-template "${template_dir}/bitnami-ssl.conf.tpl" > "${APACHE_CONF_DIR}/bitnami/bitnami-ssl.conf"
-    rm -rf "$template_dir"
+    render-template "${template_dir}/bitnami.conf.tpl" > "${APACHE_CONF_DIR}/bitnami/bitnami.conf"
+    render-template "${template_dir}/bitnami-ssl.conf.tpl" > "${APACHE_CONF_DIR}/bitnami/bitnami-ssl.conf"
 
-    cat >>"${APACHE_CONF_FILE}" <<EOF
+    # Add new configuration only once, to avoid a second postunpack run breaking Apache
+    if ! grep -q "${APACHE_CONF_DIR}/bitnami/bitnami.conf" "$APACHE_CONF_FILE"; then
+        cat >>"$APACHE_CONF_FILE" <<EOF
 PidFile "${APACHE_PID_FILE}"
 TraceEnable Off
 Include ${APACHE_CONF_DIR}/deflate.conf
 IncludeOptional ${APACHE_VHOSTS_DIR}/*.conf
 Include ${APACHE_CONF_DIR}/bitnami/bitnami.conf
 EOF
+    fi
 
     # Configure the default ports since the container is non root by default
-    apache_configure_http_port "8080"
-    apache_configure_https_port "8443"
+    apache_configure_http_port "$APACHE_DEFAULT_HTTP_PORT_NUMBER"
+    apache_configure_https_port "$APACHE_DEFAULT_HTTPS_PORT_NUMBER"
 
     # Patch the HTTPoxy vulnerability - see: https://docs.bitnami.com/general/security/security-2016-07-18/
     apache_patch_httpoxy_vulnerability
@@ -71,23 +74,26 @@ EOF
 #   None
 #########################
 apache_patch_httpoxy_vulnerability() {
-    cat >>"${APACHE_CONF_FILE}" <<EOF
+    # Apache HTTPD includes the HTTPoxy fix since 2016, so we only add it if not present
+    if ! grep -q "RequestHeader unset Proxy" "$APACHE_CONF_FILE"; then
+        cat >>"$APACHE_CONF_FILE" <<EOF
 <IfModule mod_headers.c>
   RequestHeader unset Proxy
 </IfModule>
 EOF
+    fi
 }
 
 # Load Apache environment
-eval "$(apache_env)"
+. /opt/bitnami/scripts/apache-env.sh
 
 apache_setup_bitnami_config
 
 # Ensure non-root user has write permissions on a set of directories
-for dir in "$APACHE_TMP_DIR" "$APACHE_CONF_DIR" "$APACHE_LOG_DIR" "$APACHE_VHOSTS_DIR" "$APACHE_HTACCESS_DIR" "$APACHE_HTDOCS_DIR"; do
+for dir in "$APACHE_TMP_DIR" "$APACHE_CONF_DIR" "$APACHE_LOGS_DIR" "$APACHE_VHOSTS_DIR" "$APACHE_HTACCESS_DIR" "$APACHE_HTDOCS_DIR"; do
     ensure_dir_exists "$dir"
     chmod -R g+rwX "$dir"
 done
 
-ln -sf "/dev/stdout" "${APACHE_LOG_DIR}/access_log"
-ln -sf "/dev/stderr" "${APACHE_LOG_DIR}/error_log"
+ln -sf "/dev/stdout" "${APACHE_LOGS_DIR}/access_log"
+ln -sf "/dev/stderr" "${APACHE_LOGS_DIR}/error_log"

bitnami/apache/2.4/debian-10/rootfs/opt/bitnami/scripts/apache/run.sh

@@ -12,7 +12,7 @@ set -o pipefail
 . /opt/bitnami/scripts/liblog.sh
 
 # Load Apache environment
-eval "$(apache_env)"
+. /opt/bitnami/scripts/apache-env.sh
 
 info "** Starting apache **"
 exec "${APACHE_BIN_DIR}/httpd" -f "$APACHE_CONF_FILE" -D "FOREGROUND"

bitnami/apache/2.4/debian-10/rootfs/opt/bitnami/scripts/apache/setup.sh

@@ -11,7 +11,7 @@ set -o pipefail
 . /opt/bitnami/scripts/libapache.sh
 
 # Load Apache environment
-eval "$(apache_env)"
+. /opt/bitnami/scripts/apache-env.sh
 
 # Ensure apache environment variables are valid
 apache_validate

bitnami/apache/2.4/debian-10/rootfs/opt/bitnami/scripts/libapache.sh

@@ -9,43 +9,7 @@
 . /opt/bitnami/scripts/liblog.sh
 . /opt/bitnami/scripts/libos.sh
 . /opt/bitnami/scripts/libvalidations.sh
-
-########################
-# Load global variables used on Apache configuration.
-# Globals:
-#   APACHE_*
-# Arguments:
-#   None
-# Returns:
-#   Series of exports to be used as 'eval' arguments
-#########################
-apache_env() {
-    cat <<"EOF"
-# Bitnami debug
-export MODULE=apache
-export BITNAMI_DEBUG="${BITNAMI_DEBUG:-false}"
-
-# Paths
-export APACHE_BASE_DIR="/opt/bitnami/apache"
-export APACHE_BIN_DIR="${APACHE_BASE_DIR}/bin"
-export APACHE_CONF_DIR="${APACHE_BASE_DIR}/conf"
-export APACHE_HTDOCS_DIR="${APACHE_BASE_DIR}/htdocs"
-export APACHE_LOG_DIR="${APACHE_BASE_DIR}/logs"
-export APACHE_TMP_DIR="${APACHE_BASE_DIR}/tmp"
-export APACHE_VHOSTS_DIR="${APACHE_CONF_DIR}/vhosts"
-export APACHE_HTACCESS_DIR="${APACHE_VHOSTS_DIR}/htaccess"
-export APACHE_CONF_FILE="${APACHE_CONF_DIR}/httpd.conf"
-export APACHE_PID_FILE="${APACHE_TMP_DIR}/httpd.pid"
-
-# Users
-export APACHE_DAEMON_USER="daemon"
-export APACHE_DAEMON_GROUP="daemon"
-
-# Configuration
-export APACHE_HTTP_PORT_NUMBER="${APACHE_HTTP_PORT_NUMBER:-}"
-export APACHE_HTTPS_PORT_NUMBER="${APACHE_HTTPS_PORT_NUMBER:-}"
-EOF
-}
+. /opt/bitnami/scripts/libservice.sh
 
 ########################
 # Validate settings in APACHE_* env vars
@@ -158,20 +122,20 @@ apache_configure_https_port() {
 apache_initialize() {
     # Copy vhosts files
     if ! is_dir_empty "/vhosts"; then
-        info "Found mounted virtual hosts in '/vhosts'. Copying them to '/opt/bitnami/apache/conf/vhosts'"
+        info "Found mounted virtual hosts in '/vhosts'. Copying them to '${APACHE_BASE_DIR}/conf/vhosts'"
         cp -Lr "/vhosts/." "${APACHE_VHOSTS_DIR}"
     fi
 
     # Mount certificate files
-    if ! is_dir_empty "/opt/bitnami/apache/certs"; then
-        warn "The directory '/opt/bitnami/apache/certs' was externally mounted. This is a legacy configuration and will be deprecated soon. Please mount certificate files at '/certs' instead. Find an example at: https://github.com/bitnami/bitnami-docker-apache#using-custom-ssl-certificates"
-        warn "Restoring certificates at '/opt/bitnami/apache/certs' to '/opt/bitnami/apache/conf/bitnami/certs'..."
-        rm -rf "/opt/bitnami/apache/conf/bitnami/certs"
-        ln -sf "/opt/bitnami/apache/certs" "/opt/bitnami/apache/conf/bitnami/certs"
+    if ! is_dir_empty "${APACHE_BASE_DIR}/certs"; then
+        warn "The directory '${APACHE_BASE_DIR}/certs' was externally mounted. This is a legacy configuration and will be deprecated soon. Please mount certificate files at '/certs' instead. Find an example at: https://github.com/bitnami/bitnami-docker-apache#using-custom-ssl-certificates"
+        warn "Restoring certificates at '${APACHE_BASE_DIR}/certs' to '${APACHE_CONF_DIR}/bitnami/certs'..."
+        rm -rf "${APACHE_CONF_DIR}/bitnami/certs"
+        ln -sf "${APACHE_BASE_DIR}/certs" "${APACHE_CONF_DIR}/bitnami/certs"
     elif ! is_dir_empty "/certs"; then
         info "Mounting certificates files from '/certs'..."
-        rm -rf "/opt/bitnami/apache/conf/bitnami/certs"
-        ln -sf "/certs" "/opt/bitnami/apache/conf/bitnami/certs"
+        rm -rf "${APACHE_CONF_DIR}/bitnami/certs"
+        ln -sf "/certs" "${APACHE_CONF_DIR}/bitnami/certs"
     fi
 
     # Mount application files
@@ -259,3 +223,49 @@ apache_enable_configuration_entry() {
         echo "$apache_configuration" > "$APACHE_CONF_FILE"
     fi
 }
+
+########################
+# Stop Apache
+# Globals:
+#   APACHE_*
+# Arguments:
+#   None
+# Returns:
+#   None
+#########################
+apache_stop() {
+    is_apache_not_running && return
+    stop_service_using_pid "$APACHE_PID_FILE"
+}
+
+########################
+# Check if Apache is running
+# Globals:
+#   APACHE_PID_FILE
+# Arguments:
+#   None
+# Returns:
+#   Whether Apache is running
+########################
+is_apache_running() {
+    local pid
+    pid="$(get_pid_from_file "$APACHE_PID_FILE")"
+    if [[ -n "$pid" ]]; then
+        is_service_running "$pid"
+    else
+        false
+    fi
+}
+
+########################
+# Check if Apache is running
+# Globals:
+#   APACHE_PID_FILE
+# Arguments:
+#   None
+# Returns:
+#   Whether Apache is not running
+########################
+is_apache_not_running() {
+    ! is_apache_running
+}

bitnami/apache/README.md

@@ -43,7 +43,7 @@ Non-root container images add an extra layer of security and are generally recom
 Learn more about the Bitnami tagging policy and the difference between rolling tags and immutable tags [in our documentation page](https://docs.bitnami.com/tutorials/understand-rolling-tags-containers/).
 
 
-* [`2.4-debian-10`, `2.4.43-debian-10-r25`, `2.4`, `2.4.43`, `latest` (2.4/debian-10/Dockerfile)](https://github.com/bitnami/bitnami-docker-apache/blob/2.4.43-debian-10-r25/2.4/debian-10/Dockerfile)
+* [`2.4-debian-10`, `2.4.43-debian-10-r26`, `2.4`, `2.4.43`, `latest` (2.4/debian-10/Dockerfile)](https://github.com/bitnami/bitnami-docker-apache/blob/2.4.43-debian-10-r26/2.4/debian-10/Dockerfile)
 
 Subscribe to project updates by watching the [bitnami/apache GitHub repo](https://github.com/bitnami/bitnami-docker-apache).