1
0
Fork 0

Refine local setup

- Add dependencies for gettext and PDF support
- add whois and netbase to support whois checks
- remove docker/mysql.php because configuration should be done via
  environment variables
- install CAcert CA certificates to allow retrieval of translation data
  from translations.cacert.org
- build i18n files on start of application container
- disable broken OCSP stapling for local certificates
- add language data during database initialization
This commit is contained in:
Jan Dittberner 2020-12-21 18:44:20 +01:00 committed by Jan Dittberner
parent c39be2c6c8
commit ff5ea7dd39
6 changed files with 131 additions and 123 deletions

View file

@ -5,16 +5,22 @@ RUN apt-get update \
apt-get install -y --no-install-recommends \
ca-certificates \
curl \
gettext \
libapache2-mod-php5 \
locales-all \
mariadb-client \
make \
netbase \
nullmailer \
php-apc \
php-fpdf \
php-gettext \
php-mail \
php-mail-mime \
php-mail-mimedecode \
php-net-smtp \
php-net-socket \
php-tcpdf \
php5-apcu \
php5-curl \
php5-gd \
@ -27,6 +33,7 @@ RUN apt-get update \
php5-recode \
psmisc \
wamerican \
whois \
&& apt-get clean \
&& rm -rf /var/lib/apt/lists/*
@ -34,7 +41,6 @@ STOPSIGNAL SIGWINCH
COPY docker/apache-foreground /usr/local/bin/
COPY testca/ /usr/local/etc/testca/
COPY docker/mysql.php /usr/local/etc/application/mysql.php
COPY docker/apache-virtualhost.conf /etc/apache2/sites-available/
COPY docker/cacert.conf /etc/apache2/conf-available/
COPY docker/php5-cacert.ini /etc/php5/mods-available/cacert.ini
@ -48,7 +54,11 @@ RUN a2ensite apache-virtualhost ; \
a2enmod headers ; \
a2enmod rewrite ; \
a2enmod ssl ; \
ln -s /etc/php5/mods-available/cacert.ini /etc/php5/apache2/conf.d/20-cacert.ini
ln -s /etc/php5/mods-available/cacert.ini /etc/php5/apache2/conf.d/20-cacert.ini ; \
cd /usr/local/share/ca-certificates ; \
curl -O http://www.cacert.org/certs/root_X0F.crt ; \
curl -O http://www.cacert.org/certs/class3_X0E.crt ; \
update-ca-certificates
EXPOSE 80
EXPOSE 443

View file

@ -23,6 +23,19 @@ services:
build:
context: .
dockerfile: application.Dockerfile
environment:
DEPLOYMENT_NAME: "CAcert.org Website (local development)"
MYSQL_APP_HOSTNAME: db
MYSQL_APP_DATABASE: cacert
CSR_DIRECTORY: /csr
CRT_DIRECTORY: /crt
DEFAULT_HOSTNAME: test.cacert.localhost
SECURE_HOSTNAME: secure.test.cacert.localhost
TVERIFY_HOSTNAME: tverify.test.cacert.localhost
INSECURE_PORT: 8080
SECURE_PORT: 8443
RETURN_ADDRESS: "returns@cacert.localhost"
SMTP_HOST: smtp
env_file:
- ./.env
ports:

View file

@ -14,14 +14,10 @@ cp /usr/local/etc/testca/certs/test.cacert.localhost.key.pem /etc/ssl/private/
cp /usr/local/etc/testca/certs/secure.test.cacert.localhost.crt.pem /etc/ssl/certs/
cp /usr/local/etc/testca/certs/secure.test.cacert.localhost.key.pem /etc/ssl/private/
sed -i "s/@MYSQL_USERNAME@/$MYSQL_APP_USER/g; s/@MYSQL_PASSWORD@/$MYSQL_APP_PASSWORD/g" \
/usr/local/etc/application/mysql.php
if [ ! -f /www/includes/mysql.php ]; then
rm -f /www/includes/mysql.php
cp /usr/local/etc/application/mysql.php /www/includes/mysql.php
fi
cp /usr/local/etc/application/feed.rss /www/pages/index/feed.rss
make -C /www/locale
apache2ctl start "$@"
exec tail -F --follow=name --retry /var/log/apache2/error.log /var/log/apache2/phperror.log

View file

@ -46,7 +46,7 @@ AddDefaultCharset on
<IfModule mod_ssl.c>
# OCSP Stapling, only in httpd 2.3.3 and later
SSLUseStapling on
SSLUseStapling off
SSLStaplingResponderTimeout 5
SSLStaplingReturnResponderErrors off
SSLStaplingCache shmcb:${APACHE_RUN_DIR}/ocsp(1280000)

View file

@ -12,3 +12,106 @@ EOF
for script in /db_migrations/*.sh; do
sh "$script" -h localhost -u root "-p$MYSQL_ROOT_PASSWORD" cacert
done
mysql -h localhost -u root "-p$MYSQL_ROOT_PASSWORD" cacert <<-'EOF'
INSERT INTO languages (locale, en_co, en_lang, country, lang)
VALUES ('sq_AL', 'Albania', 'Albanian', 'Shqip&euml;ria', 'shqipe'),
('ar_DZ', 'Algeria', 'Arabic', '&#65198;&#65164;&#65166;&#65200;&#65184;&#65248;&#65165;', '&#65172;&#65268;&#65168;&#65198;&#65228;&#65248;&#65165;'),
('ar_AA', 'Arabic Speaking', 'Arabic', '&#65172;&#65268;&#65168;&#65198;&#65228;&#65248;&#65165;', '&#65172;&#65268;&#65168;&#65198;&#65228;&#65248;&#65165;'),
('es_AR', 'Argentina', 'Spanish', 'Argentina', 'Espa&ntilde;ol'),
('en_AU', 'Australia', 'English', 'Australia', 'English'),
('de_AT', 'Austria', 'German', '&Ouml;sterreich', 'Deutsch'),
('ar_BH', 'Bahrain', 'Arabic', '&#65254;&#65268;&#65198;&#65188;&#65168;&#65248;&#65165;', '&#65172;&#65268;&#65168;&#65198;&#65228;&#65248;&#65165;'),
('be_BY', 'Belarus', 'Belarusian', '&#1041;&#1077;&#1083;&#1072;&#1088;&#1091;&#1089;&#1100;', '&#1073;&#1077;&#1083;&#1072;&#1088;&#1091;&#1089;&#1082;&#1080;'),
('nl_BE', 'Belgium', 'Dutch', 'Belgi&euml;', 'Nederlands'),
('fr_BE', 'Belgium', 'French', 'Belgique', 'fran&ccedil;ais'),
('es_BO', 'Bolivia', 'Spanish', 'Bolivia', 'Espa&ntilde;ol'),
('sh_BA', 'Bosnia Herzogovina', 'Serbo-Croatian', 'Bosnia Herzogovina', 'Serbo-Croatian'),
('pt_BR', 'Brazil', 'Portuguese', 'Brasil', 'Portugu&ecirc;s'),
('bg_BG', 'Bulgaria', 'Bulgarian', '&#1041;&#1098;&#1083;&#1075;&#1072;&#1088;&#1080;&#1103;', '&#1073;&#1098;&#1083;&#1075;&#1072;&#1088;&#1089;&#1082;&#1080;'),
('en_CA', 'Canada', 'English', 'Canada', 'English'),
('fr_CA', 'Canada', 'French', 'Canada', 'fran&ccedil;ais'),
('es_CL', 'Chile', 'Spanish', 'Chile', 'Espa&ntilde;ol'),
('es_CO', 'Colombia', 'Spanish', 'Colombia', 'Espa&ntilde;ol'),
('es_CR', 'Costa Rica', 'Spanish', 'Costa Rica', 'Espa&ntilde;ol'),
('hr_HR', 'Croatia', 'Croatian', 'Hrvatska', 'hrvatski'),
('cs_CZ', 'Czech Republic', 'Czech', '&#268;esk&aacute; republika', '&#269;e&scaron;tina'),
('da_DK', 'Denmark', 'Danish', 'Danmark', 'dansk'),
('es_DO', 'Dominican Republic', 'Spanish', 'Rep&uacute;blica Dominicana', 'Espa&ntilde;ol'),
('es_EC', 'Ecuador', 'Spanish', 'Ecuador', 'Espa&ntilde;ol'),
('ar_EG', 'Egypt', 'Arabic', '&#65198;&#65212;&#65251;', '&#65172;&#65268;&#65168;&#65198;&#65228;&#65248;&#65165;'),
('es_SV', 'El Salvador', 'Spanish', 'El Salvador', 'Espa&ntilde;ol'),
('et_EE', 'Estonia', 'Estonian', 'Eesti', 'eesti'),
('mk_MK', 'FYR Macedonia', 'Macedonian', 'FYR Macedonia', 'Macedonian'),
('fi_FI', 'Finland', 'Finnish', 'Suomi', 'suomi'),
('sv_FI', 'Finland', 'Swedish', 'Finland', 'svenska'),
('fr_FR', 'France', 'French', 'France', 'fran&ccedil;ais'),
('de_DE', 'Germany', 'German', 'Deutschland', 'Deutsch'),
('el_GR', 'Greece', 'Greek', '&Epsilon;&lambda;&lambda;&#940;&delta;&alpha;', '&epsilon;&lambda;&lambda;&eta;&nu;&iota;&kappa;&#940;'),
('es_GT', 'Guatemala', 'Spanish', 'Guatemala', 'Espa&ntilde;ol'),
('es_HN', 'Honduras', 'Spanish', 'Honduras', 'Espa&ntilde;ol'),
('zh_HK', 'Hong Kong', 'Chinese', '&#39321;&#28207;', '&#20013;&#25991;'),
('hu_HU', 'Hungary', 'Hungarian', 'Magyarorsz&aacute;g', 'magyar'),
('is_IS', 'Iceland', 'Icelandic', '&Iacute;sland', '&iacute;slenska'),
('in_ID', 'Indonesia', 'Indonesian', 'Indonesia', 'Bahasa Indonesia'),
('fa_IR', 'Iran', 'Farsi', 'Iran', '&#65264;&#65204;&#65198;&#65166;&#65235;'),
('en_IE', 'Ireland', 'English', 'Ireland', 'English'),
('he_IL', 'Israel', 'Hebrew', '&#1500;&#1488;&#1512;&#1513;&#1497;', '&#1514;&#1497;&#1512;&#1489;&#1506;'),
('iw_IL', 'Israel', 'Hebrew', '&#1500;&#1488;&#1512;&#1513;&#1497;', '&#1514;&#1497;&#1512;&#1489;&#1506;'),
('it_IT', 'Italy', 'Italian', 'Italia', 'italiano'),
('ja_JP', 'Japan', 'Japanese', '&#26085;&#26412;', '&#26085;&#26412;&#35486;'),
('ar_JO', 'Jordan', 'Arabic', '&#65254;&#65194;&#65198;&#65156;&#65248;&#65165;', '&#65172;&#65268;&#65168;&#65198;&#65228;&#65248;&#65165;'),
('ko_KR', 'Korea', 'Korean', '&#45824;&#54620;&#48124;&#44397;', '&#54620;&#44397;&#50612;'),
('ar_KW', 'Kuwait', 'Arabic', '&#65174;&#65268;&#65262;&#65244;&#65248;&#65165;', '&#65172;&#65268;&#65168;&#65198;&#65228;&#65248;&#65165;'),
('es_LA', 'Latin America', 'Spanish', 'Am&eacute;rica latina', 'Espa&ntilde;ol'),
('lv_LV', 'Latvia', 'Latvian', 'Latvija', 'latvie&scaron;u'),
('ar_LB', 'Lebanon', 'Arabic', '&#65254;&#65166;&#65256;&#65168;&#65247;', '&#65172;&#65268;&#65168;&#65198;&#65228;&#65248;&#65165;'),
('de_LI', 'Liechtenstein', 'German', 'Liechtenstein', 'Deutsch'),
('lt_LT', 'Lithuania', 'Lithuanian', 'Lietuva', 'lietuvi&#371;'),
('fr_LU', 'Luxembourg', 'French', 'Luxembourg', 'fran&ccedil;ais'),
('de_LU', 'Luxembourg', 'German', 'Luxemburg', 'Deutsch'),
('es_MX', 'Mexico', 'Spanish', 'M&eacute;xico', 'Espa&ntilde;ol'),
('ar_MA', 'Morocco', 'Arabic', '&#65172;&#65268;&#65168;&#65198;&#65232;&#65252;&#65248;&#65165; &#65172;&#65244;&#65248;&#65252;&#65252;&#65248;&#65165;', '&#65172;&#65268;&#65168;&#65198;&#65228;&#65248;&#65165;'),
('nl_NL', 'Netherlands', 'Dutch', 'Nederland', 'Nederlands'),
('en_NZ', 'New Zealand', 'English', 'New Zealand', 'English'),
('es_NI', 'Nicaragua', 'Spanish', 'Nicar&aacute;gua', 'Espa&ntilde;ol'),
('no_NO', 'Norway', 'Norwegian', 'Norge', 'bokm&aring;l'),
('ar_OM', 'Oman', 'Arabic', '&#65254;&#65166;&#65252;&#65227;', '&#65172;&#65268;&#65168;&#65198;&#65228;&#65248;&#65165;'),
('es_PA', 'Panama', 'Spanish', 'Panam&aacute;', 'Espa&ntilde;ol'),
('es_PY', 'Paraguay', 'Spanish', 'Paraguay', 'Espa&ntilde;ol'),
('zh_CN', 'People''s Republic of China', 'Chinese', '&#20013;&#21326;&#20154;&#27665;&#20849;&#21644;&#22269;', '&#20013;&#25991;'),
('es_PE', 'Peru', 'Spanish', 'Per&uacute;', 'Espa&ntilde;ol'),
('pl_PL', 'Poland', 'Polish', 'Polska', 'polski'),
('pt_PT', 'Portugal', 'Portuguese', 'Portugal', 'portugu&ecirc;s'),
('ar_QA', 'Qatar', 'Arabic', '&#65198;&#65220;&#65239;', '&#65172;&#65268;&#65168;&#65198;&#65228;&#65248;&#65165;'),
('ro_RO', 'Romania', 'Romanian', 'Rom&acirc;nia', 'rom&acirc;n&#259;'),
('ru_RU', 'Russia', 'Russian', '&#1056;&#1086;&#1089;&#1089;&#1080;&#1103;', '&#1088;&#1091;&#1089;&#1089;&#1082;&#1080;&#1081;'),
('ar_SA', 'Saudi Arabia', 'Arabic', '&#65172;&#65268;&#65194;&#65262;&#65228;&#65204;&#65248;&#65165; &#65172;&#65268;&#65168;&#65198;&#65228;&#65248;&#65165; &#65172;&#65244;&#65248;&#65252;&#65252;&#65248;&#65165;', '&#65172;&#65268;&#65168;&#65198;&#65228;&#65248;&#65165;'),
('hr_SP', 'Serbia', 'Romanian', 'Srbija', 'rom&acirc;n&#259;'),
('sr_SP', 'Serbia', 'Serbian (Cyrillic)', '&#1032;&#1091;&#1075;&#1086;&#1089;&#1083;&#1072;&#1074;&#1080;&#1112;&#1072;', '&#1089;&#1088;&#1087;&#1089;&#1082;&#1080;'),
('zh_SG', 'Singapore', 'Chinese', '&#26032;&#21152;&#22369;', '&#20013;&#25991;'),
('sk_SK', 'Slovakia', 'Slovak', 'Slovensk&aacute; republika', 'sloven&#269;ina'),
('sl_SI', 'Slovenia', 'Slovene', 'Slovenija', 'slovenski'),
('en_ZA', 'South Africa', 'English', 'South Africa', 'English'),
('eu_ES', 'Spain', 'Basque', 'Espainia', 'Euskara'),
('ca_ES', 'Spain', 'Catalan', 'Espanya', 'catal&agrave;'),
('es_ES', 'Spain', 'Spanish', 'Espa&ntilde;a', 'Espa&ntilde;ol'),
('sv_SE', 'Sweden', 'Swedish', 'Sverige', 'svenska'),
('fr_CH', 'Switzerland', 'French', 'Suisse', 'fran&ccedil;ais'),
('de_CH', 'Switzerland', 'German', 'Schweiz', 'Deutsch'),
('it_CH', 'Switzerland', 'Italian', 'Svizzera', 'italiano'),
('ar_SY', 'Syria', 'Arabic', '&#65166;&#65268;&#65198;&#65262;&#65203;', '&#65172;&#65268;&#65168;&#65198;&#65228;&#65248;&#65165;'),
('zh_TW', 'Taiwan', 'Chinese', '&#20013;&#33775;&#27665;&#22283;', '&#20013;&#25991;'),
('th_TH', 'Thailand', 'Thai', '&#3652;&#3607;&#3618;', '&#3652;&#3607;&#3618;'),
('ar_TN', 'Tunisia', 'Arabic', '&#65202;&#65256;&#65262;&#65175;', '&#65172;&#65268;&#65168;&#65198;&#65228;&#65248;&#65165;'),
('tr_TR', 'Turkey', 'Turkish', 'T&uuml;rkiye', 'T&uuml;rk&ccedil;e'),
('ar_UA', 'U.A.E.', 'Arabic', '&#65172;&#65194;&#65188;&#65176;&#65252;&#65248;&#65165; &#65172;&#65268;&#65168;&#65198;&#65228;&#65248;&#65165; &#65174;&#65166;&#65198;&#65166;&#65252;&#65160;&#65248;&#65165;', '&#65172;&#65268;&#65168;&#65198;&#65228;&#65248;&#65165;'),
('uk_UA', 'Ukraine', 'Ukrainian', '&#1059;&#1082;&#1088;&#1072;&#1111;&#1085;&#1072;', '&#1091;&#1082;&#1088;&#1072;&#1111;&#1085;&#1100;&#1089;&#1082;&#1072;'),
('en_GB', 'United Kingdom', 'English', 'United Kingdom', 'English'),
('en_US', 'United States', 'English', 'United States', 'English'),
('es_US', 'United States', 'Spanish', 'Estados Unidos', 'Espa&ntilde;ol'),
('es_UY', 'Uruguay', 'Spanish', 'Uruguay', 'Espa&ntilde;ol'),
('es_VE', 'Venezuela', 'Spanish', 'Venezuela', 'Espa&ntilde;ol'),
('vi_VN', 'Vietnam', 'Vietnamese', 'Vi&#7879;t Nam', 'Ti&#7875;ng Vi&#7879;t'),
('ar_YE', 'Yemen', 'Arabic', '&#65254;&#65252;&#65268;&#65248;&#65165;', '&#65172;&#65268;&#65168;&#65198;&#65228;&#65248;&#65165;');
EOF

View file

@ -1,114 +0,0 @@
<? /*
LibreSSL - CAcert web application
Copyright (C) 2004-2008 CAcert Inc.
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; version 2 of the License.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
*/
$_SESSION['mconn'] = mysql_connect("db", "@MYSQL_USERNAME@", "@MYSQL_PASSWORD@");
if ($_SESSION['mconn'] != FALSE)
{
mysql_select_db("cacert");
$_SESSION['mconn'] = TRUE;
}
$_SESSION['_config']['normalhostname'] = "test.cacert.localhost:8443";
$_SESSION['_config']['securehostname'] = "secure.test.cacert.localhost:8443";
$_SESSION['_config']['tverify'] = "tverify.cacert.localhost";
function sendmail($to, $subject, $message, $from, $replyto = "", $toname = "", $fromname = "", $errorsto = "returns@cacert.localhost", $use_utf8 = true)
{
$lines = explode("\n", $message);
$message = "";
foreach($lines as $line)
{
$line = trim($line);
if($line == ".")
$message .= " .\n";
else
$message .= $line."\n";
}
if($fromname == "")
$fromname = $from;
$bits = explode(",", $from);
$from = addslashes($bits['0']);
$fromname = addslashes($fromname);
$smtp = fsockopen("smtp", 25);
if(!$smtp)
{
echo("Could not connect to mailserver at localhost:25\n");
return;
}
$InputBuffer = fgets($smtp, 1024);
fputs($smtp, "EHLO test.cacert.localhost\r\n");
$InputBuffer = fgets($smtp, 1024);
fputs($smtp, "MAIL FROM:<returns@cacert.localhost>\r\n");
$InputBuffer = fgets($smtp, 1024);
$bits = explode(",", $to);
foreach($bits as $user)
fputs($smtp, "RCPT TO:<".trim($user).">\r\n");
$InputBuffer = fgets($smtp, 1024);
fputs($smtp, "DATA\r\n");
$InputBuffer = fgets($smtp, 1024);
fputs($smtp, "X-Mailer: CAcert.org Website (local development)\r\n");
if (array_key_exists("REMOTE_ADDR", $_SERVER))
fputs($smtp, "X-OriginatingIP: ".$_SERVER["REMOTE_ADDR"]."\r\n");
fputs($smtp, "Sender: $errorsto\r\n");
fputs($smtp, "Errors-To: $errorsto\r\n");
if($replyto != "")
fputs($smtp, "Reply-To: $replyto\r\n");
else
fputs($smtp, "Reply-To: $from\r\n");
fputs($smtp, "From: $from\r\n");
fputs($smtp, "To: $to\r\n");
if(preg_match("/[^a-zA-Z0-9 .-\[\]!_@]/",$subject))
{
fputs($smtp, "Subject: =?utf-8?B?".base64_encode(recode("html..utf-8", $subject))."?=\r\n");
}
else
{
fputs($smtp, "Subject: $subject\r\n");
}
fputs($smtp, "Mime-Version: 1.0\r\n");
if($use_utf8)
{
fputs($smtp, "Content-Type: text/plain; charset=\"utf-8\"\r\n");
}
else
{
fputs($smtp, "Content-Type: text/plain; charset=\"iso-8859-1\"\r\n");
}
fputs($smtp, "Content-Transfer-Encoding: quoted-printable\r\n");
fputs($smtp, "Content-Disposition: inline\r\n");
// fputs($smtp, "Content-Transfer-Encoding: BASE64\r\n");
fputs($smtp, "\r\n");
// fputs($smtp, chunk_split(base64_encode(recode("html..utf-8", $message)))."\r\n.\r\n");
$encoded_lines = explode( "\n", str_replace("\r", "", $message) );
array_walk( $encoded_lines,
function (&$a) {
$a = quoted_printable_encode(recode("html..utf-8", $a));
});
$encoded_message = implode("\n", $encoded_lines);
$encoded_message = str_replace("\r.", "\r=2E", $encoded_message);
$encoded_message = str_replace("\n.", "\n=2E", $encoded_message);
fputs($smtp, $encoded_message);
fputs($smtp, "\r\n.\r\n");
fputs($smtp, "QUIT\n");
$InputBuffer = fgets($smtp, 1024);
fclose($smtp);
}