parent
af156f24c6
commit
0c56512174
@ -0,0 +1,42 @@
|
||||
FROM debian:jessie
|
||||
|
||||
RUN apt-get update \
|
||||
&& DEBIAN_FRONTEND=noninteractive \
|
||||
apt-get install -y --no-install-recommends \
|
||||
ca-certificates \
|
||||
curl \
|
||||
gettext \
|
||||
libapache2-mod-php5 \
|
||||
locales-all \
|
||||
nullmailer \
|
||||
php5-mysql \
|
||||
&& apt-get clean \
|
||||
&& rm -rf /var/lib/apt/lists/*
|
||||
|
||||
STOPSIGNAL SIGWINCH
|
||||
|
||||
COPY docker/apache-cats-foreground /usr/local/bin/
|
||||
COPY testca/root/ca.crt.pem /usr/local/share/ca-certificates/testca_root.crt
|
||||
COPY testca/class3/ca.crt.pem /usr/local/share/ca-certificates/testca_class3.crt
|
||||
COPY testca/certs/cats.cacert.localhost.crt.pem /etc/apache2/ssl/certs/
|
||||
COPY testca/certs/cats.cacert.localhost.key.pem /etc/apache2/ssl/private/
|
||||
COPY testca/certs/cachain.crt.pem /etc/apache2/ssl/certs/combined.crt
|
||||
COPY testca/class3/ca.crt.pem /etc/apache2/ssl/certs/clientca.crt
|
||||
|
||||
COPY docker/apache-cats-virtualhost.conf /etc/apache2/sites-available/cats.cacert.localhost.conf
|
||||
|
||||
VOLUME /var/www/cats
|
||||
|
||||
RUN a2ensite cats.cacert.localhost ; \
|
||||
a2dissite 000-default ; \
|
||||
a2enmod headers ; \
|
||||
a2enmod rewrite ; \
|
||||
a2enmod ssl ; \
|
||||
cd /usr/local/share/ca-certificates ; \
|
||||
curl -O http://www.cacert.org/certs/root_X0F.crt ; \
|
||||
curl -O http://www.cacert.org/certs/class3_X0E.crt ; \
|
||||
update-ca-certificates
|
||||
|
||||
EXPOSE 443
|
||||
|
||||
CMD ["/usr/local/bin/apache-cats-foreground"]
|
@ -0,0 +1,17 @@
|
||||
#!/bin/sh
|
||||
set -eux
|
||||
|
||||
# Apache gets grumpy about PID files pre-existing
|
||||
rm -f /run/apache2/apache2.pid
|
||||
|
||||
sed "s/@CATS_NORMAL_HOSTNAME@/${CATS_NORMAL_HOSTNAME}/g;
|
||||
s/@CATS_SECURE_HOSTNAME@/${CATS_SECURE_HOSTNAME}/g;
|
||||
s/@CATS_DB_HOSTNAME@/db/g;
|
||||
s/@CATS_DB_USER@/${MYSQL_CATS_USER}/g;
|
||||
s/@CATS_DB_PASSWORD@/${MYSQL_CATS_PASSWORD}/g;
|
||||
s/@CATS_DATABASE@/${MYSQL_CATS_DATABASE}/g" \
|
||||
/var/www/cats/includes/db_connect.inc.template > /var/www/cats/includes/db_connect.inc
|
||||
|
||||
apache2ctl start "$@"
|
||||
|
||||
exec tail -F --follow=name --retry /var/log/apache2/error.log
|
@ -0,0 +1,25 @@
|
||||
<VirtualHost *:443>
|
||||
ServerName cats.cacert.localhost
|
||||
ServerAlias www.cats.cacert.localhost
|
||||
DocumentRoot /var/www/cats
|
||||
|
||||
SSLEngine on
|
||||
SSLStrictSNIVHostCheck on
|
||||
SSLProtocol all -SSLv2 -SSLv3 -TLSv1
|
||||
SSLHonorCipherOrder on
|
||||
SSLCipherSuite kEECDH:kEDH:AESGCM:ALL:!3DES!RC4:!LOW:!EXP:!MD5:!aNULL:!eNULL
|
||||
SSLCertificateFile /etc/apache2/ssl/certs/cats.cacert.localhost.crt.pem
|
||||
SSLCertificateKeyFile /etc/apache2/ssl/private/cats.cacert.localhost.key.pem
|
||||
|
||||
SSLCACertificateFile /etc/apache2/ssl/certs/combined.crt
|
||||
SSLVerifyClient optional
|
||||
SSLVerifyDepth 2
|
||||
SSLOptions +StdEnvVars
|
||||
|
||||
<Directory /var/www/cats>
|
||||
Options Indexes FollowSymlinks MultiViews
|
||||
AllowOverride Options FileInfo
|
||||
</Directory>
|
||||
|
||||
Header always set Strict-Transport-Security "max-age=31536000"
|
||||
</VirtualHost>
|
Loading…
Reference in new issue