From e9920e9ab7e6f4e1edc91033dfacac1fecad3722 Mon Sep 17 00:00:00 2001 From: Bitnami Bot Date: Thu, 30 Jul 2020 00:59:39 +0000 Subject: [PATCH] 2.4.43-debian-10-r116 release --- bitnami/apache/2.4/debian-10/Dockerfile | 2 +- .../opt/bitnami/.bitnami_components.json | 1 + .../opt/bitnami/scripts/libcomponent.sh | 4 - .../opt/bitnami/scripts/libwebserver.sh | 258 ++++++++++-------- .../apache/conf/vhosts/00_status-vhost.conf | 6 - .../app-ruby-passenger-http-vhost.conf.tpl | 14 + .../app-ruby-passenger-https-vhost.conf.tpl | 17 ++ .../app-ruby-passenger-prefix.conf.tpl | 9 + .../bitnami-templates/bitnami-ssl.conf.tpl | 4 + .../apache/bitnami-templates/bitnami.conf.tpl | 4 + .../opt/bitnami/scripts/apache/postunpack.sh | 4 +- bitnami/apache/README.md | 2 +- 12 files changed, 193 insertions(+), 132 deletions(-) create mode 100644 bitnami/apache/2.4/debian-10/prebuildfs/opt/bitnami/.bitnami_components.json delete mode 100644 bitnami/apache/2.4/debian-10/rootfs/opt/bitnami/apache/conf/vhosts/00_status-vhost.conf create mode 100644 bitnami/apache/2.4/debian-10/rootfs/opt/bitnami/scripts/apache/bitnami-templates/app-ruby-passenger-http-vhost.conf.tpl create mode 100644 bitnami/apache/2.4/debian-10/rootfs/opt/bitnami/scripts/apache/bitnami-templates/app-ruby-passenger-https-vhost.conf.tpl create mode 100644 bitnami/apache/2.4/debian-10/rootfs/opt/bitnami/scripts/apache/bitnami-templates/app-ruby-passenger-prefix.conf.tpl diff --git a/bitnami/apache/2.4/debian-10/Dockerfile b/bitnami/apache/2.4/debian-10/Dockerfile index 454d51703a98..6766b4fc91bc 100644 --- a/bitnami/apache/2.4/debian-10/Dockerfile +++ b/bitnami/apache/2.4/debian-10/Dockerfile @@ -22,7 +22,7 @@ ENV APACHE_ENABLE_CUSTOM_PORTS="no" \ APACHE_HTTPS_PORT_NUMBER="" \ APACHE_HTTP_PORT_NUMBER="" \ BITNAMI_APP_NAME="apache" \ - BITNAMI_IMAGE_VERSION="2.4.43-debian-10-r115" \ + BITNAMI_IMAGE_VERSION="2.4.43-debian-10-r116" \ PATH="/opt/bitnami/common/bin:/opt/bitnami/apache/bin:$PATH" EXPOSE 8080 8443 diff --git a/bitnami/apache/2.4/debian-10/prebuildfs/opt/bitnami/.bitnami_components.json b/bitnami/apache/2.4/debian-10/prebuildfs/opt/bitnami/.bitnami_components.json new file mode 100644 index 000000000000..8f4a1e7fd6d3 --- /dev/null +++ b/bitnami/apache/2.4/debian-10/prebuildfs/opt/bitnami/.bitnami_components.json @@ -0,0 +1 @@ +{"apache": {"arch": "amd64", "digest": "e9faded57e3703fe9fcea650eb302e673d969a399fe9dfafa67e173465637665", "distro": "debian-10", "type": "NAMI", "version": "2.4.43-5"}, "gosu": {"arch": "amd64", "digest": "51cfb1b7fd7b05b8abd1df0278c698103a9b1a4964bdacd87ca1d5c01631d59c", "distro": "debian-10", "type": "NAMI", "version": "1.12.0-1"}, "render-template": {"arch": "amd64", "digest": "a94f94357aa06f3718db1550fa5f5188cd61383d66bf754eef49c58a18bf02cc", "distro": "debian-10", "type": "NAMI", "version": "1.0.0-1"}} \ No newline at end of file diff --git a/bitnami/apache/2.4/debian-10/prebuildfs/opt/bitnami/scripts/libcomponent.sh b/bitnami/apache/2.4/debian-10/prebuildfs/opt/bitnami/scripts/libcomponent.sh index 76083e1e0a1d..1d8c6bf24375 100644 --- a/bitnami/apache/2.4/debian-10/prebuildfs/opt/bitnami/scripts/libcomponent.sh +++ b/bitnami/apache/2.4/debian-10/prebuildfs/opt/bitnami/scripts/libcomponent.sh @@ -62,8 +62,4 @@ component_unpack() { fi tar --directory "${directory}" --extract --gunzip --file "${base_name}.tar.gz" --no-same-owner --strip-components=2 "${base_name}/files/" rm "${base_name}.tar.gz" - - # Include metadata about the package - touch "${directory}/.bitnami_packages" - echo "$base_name" >> "${directory}/.bitnami_packages" } diff --git a/bitnami/apache/2.4/debian-10/prebuildfs/opt/bitnami/scripts/libwebserver.sh b/bitnami/apache/2.4/debian-10/prebuildfs/opt/bitnami/scripts/libwebserver.sh index 4aefa86cd862..7fce9bb4a9a0 100644 --- a/bitnami/apache/2.4/debian-10/prebuildfs/opt/bitnami/scripts/libwebserver.sh +++ b/bitnami/apache/2.4/debian-10/prebuildfs/opt/bitnami/scripts/libwebserver.sh @@ -2,19 +2,35 @@ # # Bitnami web server handler library -# shellcheck disable=SC1091 +# shellcheck disable=SC1090,SC1091 # Load generic libraries . /opt/bitnami/scripts/liblog.sh -# Load web server libraries -[[ -f "/opt/bitnami/scripts/libapache.sh" ]] && . /opt/bitnami/scripts/libapache.sh -[[ -f "/opt/bitnami/scripts/libnginx.sh" ]] && . /opt/bitnami/scripts/libnginx.sh +######################## +# Execute a command (or list of commands) with the web server environment and library loaded +# Globals: +# * +# Arguments: +# None +# Returns: +# None +######################### +web_server_execute() { + local -r web_server="${1:?missing web server}" + shift + # Run program in sub-shell to avoid web server environment getting loaded when not necessary + ( + . "/opt/bitnami/scripts/lib${web_server}.sh" + . "/opt/bitnami/scripts/${web_server}-env.sh" + "$@" + ) +} ######################## # Prints the list of enabled web servers # Globals: -# WEB_SERVER_TYPE +# None # Arguments: # None # Returns: @@ -32,7 +48,7 @@ web_server_list() { ######################## # Prints the currently-enabled web server type (only one, in order of preference) # Globals: -# WEB_SERVER_TYPE +# None # Arguments: # None # Returns: @@ -47,7 +63,7 @@ web_server_type() { ######################## # Validate that a supported web server is configured # Globals: -# WEB_SERVER_* +# None # Arguments: # None # Returns: @@ -65,7 +81,7 @@ web_server_validate() { if [[ -z "$(web_server_type)" || ! " ${supported_web_servers[*]} " == *" $(web_server_type) "* ]]; then print_validation_error "Could not detect any supported web servers. It must be one of: ${supported_web_servers[*]}" - elif ! type -t "is_$(web_server_type)_running" >/dev/null; then + elif ! web_server_execute "$(web_server_type)" type -t "is_$(web_server_type)_running" >/dev/null; then print_validation_error "Could not load the $(web_server_type) web server library from /opt/bitnami/scripts. Check that it exists and is readable." fi @@ -170,53 +186,56 @@ web_server_reload() { ######################## ensure_web_server_app_configuration_exists() { local app="${1:?missing app}" - local -a web_servers args + shift + local -a apache_args nginx_args web_servers args_var + apache_args=("$app") + nginx_args=("$app") + # Validate arguments + while [[ "$#" -gt 0 ]]; do + case "$1" in + # Common flags + --hosts \ + | --type \ + | --allow-remote-connections \ + | --disabled \ + | --enable-https \ + | --http-port \ + | --https-port \ + | --document-root \ + ) + apache_args+=("$1" "${2:?missing value}") + nginx_args+=("$1" "${2:?missing value}") + shift + ;; + + # Specific Apache flags + --apache-additional-configuration \ + | --apache-before-vhost-configuration \ + | --apache-allow-override \ + | --apache-extra-directory-configuration \ + | --apache-move-htaccess \ + ) + apache_args+=("${1//apache-/}" "${2:?missing value}") + shift + ;; + + # Specific NGINX flags + --nginx-additional-configuration) + nginx_args+=("${1//nginx-/}" "${2:?missing value}") + shift + ;; + + *) + echo "Invalid command line flag $1" >&2 + return 1 + ;; + esac + shift + done read -r -a web_servers <<< "$(web_server_list)" for web_server in "${web_servers[@]}"; do - args=("$app") - # Validate arguments - shift - while [[ "$#" -gt 0 ]]; do - case "$1" in - # Common flags - --hosts \ - | --type \ - | --allow-remote-connections \ - | --disabled \ - | --enable-https \ - | --http-port \ - | --https-port \ - | --document-root \ - ) - args+=("$1" "${2:?missing value}") - shift - ;; - - # Specific Apache flags - --apache-additional-configuration \ - | --apache-before-vhost-configuration \ - | --apache-allow-override \ - | --apache-extra-directory-configuration \ - | --apache-move-htaccess \ - ) - [[ "$web_server" == "apache" ]] && args+=("${1//apache-/}" "${2:?missing value}") - shift - ;; - - # Specific NGINX flags - --nginx-additional-configuration) - [[ "$web_server" == "nginx" ]] && args+=("${1//nginx-/}" "${2:?missing value}") - shift - ;; - - *) - echo "Invalid command line flag $1" >&2 - return 1 - ;; - esac - shift - done - "ensure_${web_server}_app_configuration_exists" "${args[@]}" + args_var="${web_server}_args[@]" + web_server_execute "$web_server" "ensure_${web_server}_app_configuration_exists" "${!args_var}" done } @@ -235,7 +254,7 @@ ensure_web_server_app_configuration_not_exists() { local -a web_servers read -r -a web_servers <<< "$(web_server_list)" for web_server in "${web_servers[@]}"; do - "ensure_${web_server}_app_configuration_not_exists" "$app" + web_server_execute "$web_server" "ensure_${web_server}_app_configuration_not_exists" "$app" done } @@ -263,48 +282,51 @@ ensure_web_server_app_configuration_not_exists() { ######################## ensure_web_server_prefix_configuration_exists() { local app="${1:?missing app}" - local -a web_servers args + shift + local -a apache_args nginx_args web_servers args_var + apache_args=("$app") + nginx_args=("$app") + # Validate arguments + while [[ "$#" -gt 0 ]]; do + case "$1" in + # Common flags + --allow-remote-connections \ + | --document-root \ + | --prefix \ + | --type \ + ) + apache_args+=("$1" "${2:?missing value}") + nginx_args+=("$1" "${2:?missing value}") + shift + ;; + + # Specific Apache flags + --apache-additional-configuration \ + | --apache-allow-override \ + | --apache-extra-directory-configuration \ + | --apache-move-htaccess \ + ) + apache_args+=("${1//apache-/}" "$2") + shift + ;; + + # Specific NGINX flags + --nginx-additional-configuration) + nginx_args+=("${1//nginx-/}" "$2") + shift + ;; + + *) + echo "Invalid command line flag $1" >&2 + return 1 + ;; + esac + shift + done read -r -a web_servers <<< "$(web_server_list)" for web_server in "${web_servers[@]}"; do - args=("$app") - # Validate arguments - shift - while [[ "$#" -gt 0 ]]; do - case "$1" in - # Common flags - --allow-remote-connections \ - | --document-root \ - | --prefix \ - | --type \ - ) - args+=("$1" "${2:?missing value}") - shift - ;; - - # Specific Apache flags - --apache-additional-configuration \ - | --apache-allow-override \ - | --apache-extra-directory-configuration \ - | --apache-move-htaccess \ - ) - [[ "$web_server" == "apache" ]] && args+=("${1//apache-/}" "$2") - shift - ;; - - # Specific NGINX flags - --nginx-additional-configuration) - [[ "$web_server" == "nginx" ]] && args+=("${1//nginx-/}" "$2") - shift - ;; - - *) - echo "Invalid command line flag $1" >&2 - return 1 - ;; - esac - shift - done - "ensure_${web_server}_prefix_configuration_exists" "${args[@]}" + args_var="${web_server}_args[@]" + web_server_execute "$web_server" "ensure_${web_server}_prefix_configuration_exists" "${!args_var}" done } @@ -325,32 +347,32 @@ ensure_web_server_prefix_configuration_exists() { ######################## web_server_update_app_configuration() { local app="${1:?missing app}" - local -a web_servers args + shift + local -a args web_servers + args=("$app") + # Validate arguments + while [[ "$#" -gt 0 ]]; do + case "$1" in + # Common flags + --hosts \ + | --enable-https \ + | --http-port \ + | --https-port \ + ) + args+=("$1" "${2:?missing value}") + shift + ;; + + *) + echo "Invalid command line flag $1" >&2 + return 1 + ;; + esac + shift + done read -r -a web_servers <<< "$(web_server_list)" for web_server in "${web_servers[@]}"; do - args=("$app") - # Validate arguments - shift - while [[ "$#" -gt 0 ]]; do - case "$1" in - # Common flags - --hosts \ - | --enable-https \ - | --http-port \ - | --https-port \ - ) - args+=("$1" "${2:?missing value}") - shift - ;; - - *) - echo "Invalid command line flag $1" >&2 - return 1 - ;; - esac - shift - done - "${web_server}_update_app_configuration" "${args[@]}" + web_server_execute "$web_server" "${web_server}_update_app_configuration" "${args[@]}" done } diff --git a/bitnami/apache/2.4/debian-10/rootfs/opt/bitnami/apache/conf/vhosts/00_status-vhost.conf b/bitnami/apache/2.4/debian-10/rootfs/opt/bitnami/apache/conf/vhosts/00_status-vhost.conf deleted file mode 100644 index a0b032243bd2..000000000000 --- a/bitnami/apache/2.4/debian-10/rootfs/opt/bitnami/apache/conf/vhosts/00_status-vhost.conf +++ /dev/null @@ -1,6 +0,0 @@ - - ServerName status.localhost - - SetHandler server-status - - diff --git a/bitnami/apache/2.4/debian-10/rootfs/opt/bitnami/scripts/apache/bitnami-templates/app-ruby-passenger-http-vhost.conf.tpl b/bitnami/apache/2.4/debian-10/rootfs/opt/bitnami/scripts/apache/bitnami-templates/app-ruby-passenger-http-vhost.conf.tpl new file mode 100644 index 000000000000..e8a3788d8a62 --- /dev/null +++ b/bitnami/apache/2.4/debian-10/rootfs/opt/bitnami/scripts/apache/bitnami-templates/app-ruby-passenger-http-vhost.conf.tpl @@ -0,0 +1,14 @@ +{{before_vhost_configuration}} +PassengerPreStart http://localhost:{{APACHE_DEFAULT_HTTP_PORT_NUMBER}}/ + + ServerAlias * + DocumentRoot {{document_root}} + + Options -Indexes +FollowSymLinks -MultiViews + AllowOverride {{allow_override}} + {{acl_configuration}} + PassengerEnabled on + {{extra_directory_configuration}} + + {{additional_configuration}} + diff --git a/bitnami/apache/2.4/debian-10/rootfs/opt/bitnami/scripts/apache/bitnami-templates/app-ruby-passenger-https-vhost.conf.tpl b/bitnami/apache/2.4/debian-10/rootfs/opt/bitnami/scripts/apache/bitnami-templates/app-ruby-passenger-https-vhost.conf.tpl new file mode 100644 index 000000000000..289a3b0959cd --- /dev/null +++ b/bitnami/apache/2.4/debian-10/rootfs/opt/bitnami/scripts/apache/bitnami-templates/app-ruby-passenger-https-vhost.conf.tpl @@ -0,0 +1,17 @@ +{{before_vhost_configuration}} +PassengerPreStart https://localhost:{{APACHE_DEFAULT_HTTPS_PORT_NUMBER}}/ + + ServerAlias * + SSLEngine on + SSLCertificateFile "{{APACHE_CONF_DIR}}/bitnami/certs/server.crt" + SSLCertificateKeyFile "{{APACHE_CONF_DIR}}/bitnami/certs/server.key" + DocumentRoot {{document_root}} + + Options -Indexes +FollowSymLinks -MultiViews + AllowOverride {{allow_override}} + {{acl_configuration}} + PassengerEnabled on + {{extra_directory_configuration}} + + {{additional_configuration}} + diff --git a/bitnami/apache/2.4/debian-10/rootfs/opt/bitnami/scripts/apache/bitnami-templates/app-ruby-passenger-prefix.conf.tpl b/bitnami/apache/2.4/debian-10/rootfs/opt/bitnami/scripts/apache/bitnami-templates/app-ruby-passenger-prefix.conf.tpl new file mode 100644 index 000000000000..2242d656b5a8 --- /dev/null +++ b/bitnami/apache/2.4/debian-10/rootfs/opt/bitnami/scripts/apache/bitnami-templates/app-ruby-passenger-prefix.conf.tpl @@ -0,0 +1,9 @@ +{{prefix_conf}} + + Options -Indexes +FollowSymLinks -MultiViews + AllowOverride {{allow_override}} + {{acl_configuration}} + PassengerEnabled on + {{extra_directory_configuration}} + +{{additional_configuration}} diff --git a/bitnami/apache/2.4/debian-10/rootfs/opt/bitnami/scripts/apache/bitnami-templates/bitnami-ssl.conf.tpl b/bitnami/apache/2.4/debian-10/rootfs/opt/bitnami/scripts/apache/bitnami-templates/bitnami-ssl.conf.tpl index b43486531519..e83d92d1157f 100644 --- a/bitnami/apache/2.4/debian-10/rootfs/opt/bitnami/scripts/apache/bitnami-templates/bitnami-ssl.conf.tpl +++ b/bitnami/apache/2.4/debian-10/rootfs/opt/bitnami/scripts/apache/bitnami-templates/bitnami-ssl.conf.tpl @@ -27,4 +27,8 @@ SSLSessionCacheTimeout 300 # Error Documents ErrorDocument 503 /503.html + + Require local + SetHandler server-status + diff --git a/bitnami/apache/2.4/debian-10/rootfs/opt/bitnami/scripts/apache/bitnami-templates/bitnami.conf.tpl b/bitnami/apache/2.4/debian-10/rootfs/opt/bitnami/scripts/apache/bitnami-templates/bitnami.conf.tpl index 53ae1742e8af..339a6ae6206f 100644 --- a/bitnami/apache/2.4/debian-10/rootfs/opt/bitnami/scripts/apache/bitnami-templates/bitnami.conf.tpl +++ b/bitnami/apache/2.4/debian-10/rootfs/opt/bitnami/scripts/apache/bitnami-templates/bitnami.conf.tpl @@ -14,6 +14,10 @@ SetEnvIf X-Forwarded-Proto https HTTPS=on # Error Documents ErrorDocument 503 /503.html + + Require local + SetHandler server-status + Include "{{APACHE_CONF_DIR}}/bitnami/bitnami-ssl.conf" diff --git a/bitnami/apache/2.4/debian-10/rootfs/opt/bitnami/scripts/apache/postunpack.sh b/bitnami/apache/2.4/debian-10/rootfs/opt/bitnami/scripts/apache/postunpack.sh index 9c59856a6351..e7d67d19321d 100755 --- a/bitnami/apache/2.4/debian-10/rootfs/opt/bitnami/scripts/apache/postunpack.sh +++ b/bitnami/apache/2.4/debian-10/rootfs/opt/bitnami/scripts/apache/postunpack.sh @@ -73,8 +73,8 @@ EOF # Patch the HTTPoxy vulnerability - see: https://docs.bitnami.com/general/security/security-2016-07-18/ apache_patch_httpoxy_vulnerability - # Remove unneeded directories that come with the tarball - rm -rf "/opt/bitnami/certs" "/opt/bitnami/conf" + # Remove unnecessary directories that come with the tarball + rm -rf "${BITNAMI_ROOT_DIR}/certs" "${BITNAMI_ROOT_DIR}/conf" } ######################## diff --git a/bitnami/apache/README.md b/bitnami/apache/README.md index b4f65ccdf788..1f9ca8f6767f 100644 --- a/bitnami/apache/README.md +++ b/bitnami/apache/README.md @@ -43,7 +43,7 @@ Non-root container images add an extra layer of security and are generally recom Learn more about the Bitnami tagging policy and the difference between rolling tags and immutable tags [in our documentation page](https://docs.bitnami.com/tutorials/understand-rolling-tags-containers/). -* [`2.4-debian-10`, `2.4.43-debian-10-r115`, `2.4`, `2.4.43`, `latest` (2.4/debian-10/Dockerfile)](https://github.com/bitnami/bitnami-docker-apache/blob/2.4.43-debian-10-r115/2.4/debian-10/Dockerfile) +* [`2.4-debian-10`, `2.4.43-debian-10-r116`, `2.4`, `2.4.43`, `latest` (2.4/debian-10/Dockerfile)](https://github.com/bitnami/bitnami-docker-apache/blob/2.4.43-debian-10-r116/2.4/debian-10/Dockerfile) Subscribe to project updates by watching the [bitnami/apache GitHub repo](https://github.com/bitnami/bitnami-docker-apache).