Add cats to the docker-compose setup
This commit is contained in:
parent
af156f24c6
commit
0c56512174
12 changed files with 140 additions and 26 deletions
17
docker/apache-cats-foreground
Executable file
17
docker/apache-cats-foreground
Executable file
|
|
@ -0,0 +1,17 @@
|
|||
#!/bin/sh
|
||||
set -eux
|
||||
|
||||
# Apache gets grumpy about PID files pre-existing
|
||||
rm -f /run/apache2/apache2.pid
|
||||
|
||||
sed "s/@CATS_NORMAL_HOSTNAME@/${CATS_NORMAL_HOSTNAME}/g;
|
||||
s/@CATS_SECURE_HOSTNAME@/${CATS_SECURE_HOSTNAME}/g;
|
||||
s/@CATS_DB_HOSTNAME@/db/g;
|
||||
s/@CATS_DB_USER@/${MYSQL_CATS_USER}/g;
|
||||
s/@CATS_DB_PASSWORD@/${MYSQL_CATS_PASSWORD}/g;
|
||||
s/@CATS_DATABASE@/${MYSQL_CATS_DATABASE}/g" \
|
||||
/var/www/cats/includes/db_connect.inc.template > /var/www/cats/includes/db_connect.inc
|
||||
|
||||
apache2ctl start "$@"
|
||||
|
||||
exec tail -F --follow=name --retry /var/log/apache2/error.log
|
||||
25
docker/apache-cats-virtualhost.conf
Normal file
25
docker/apache-cats-virtualhost.conf
Normal file
|
|
@ -0,0 +1,25 @@
|
|||
<VirtualHost *:443>
|
||||
ServerName cats.cacert.localhost
|
||||
ServerAlias www.cats.cacert.localhost
|
||||
DocumentRoot /var/www/cats
|
||||
|
||||
SSLEngine on
|
||||
SSLStrictSNIVHostCheck on
|
||||
SSLProtocol all -SSLv2 -SSLv3 -TLSv1
|
||||
SSLHonorCipherOrder on
|
||||
SSLCipherSuite kEECDH:kEDH:AESGCM:ALL:!3DES!RC4:!LOW:!EXP:!MD5:!aNULL:!eNULL
|
||||
SSLCertificateFile /etc/apache2/ssl/certs/cats.cacert.localhost.crt.pem
|
||||
SSLCertificateKeyFile /etc/apache2/ssl/private/cats.cacert.localhost.key.pem
|
||||
|
||||
SSLCACertificateFile /etc/apache2/ssl/certs/combined.crt
|
||||
SSLVerifyClient optional
|
||||
SSLVerifyDepth 2
|
||||
SSLOptions +StdEnvVars
|
||||
|
||||
<Directory /var/www/cats>
|
||||
Options Indexes FollowSymlinks MultiViews
|
||||
AllowOverride Options FileInfo
|
||||
</Directory>
|
||||
|
||||
Header always set Strict-Transport-Security "max-age=31536000"
|
||||
</VirtualHost>
|
||||
|
|
@ -5,11 +5,14 @@ set -eux
|
|||
rm -f /run/apache2/apache2.pid
|
||||
|
||||
sed "s/@MYSQL_MGR_USER@/${MYSQL_MGR_USER}/g; s/@MYSQL_MGR_PASSWORD@/${MYSQL_MGR_PASSWORD}/g" \
|
||||
/usr/local/etc/mgr-application.ini > /var/www/manager/application/configs/application.ini
|
||||
/usr/local/etc/mgr-application.ini > /var/www/mgr/manager/application/configs/application.ini
|
||||
|
||||
mysql -u "${MYSQL_MGR_USER}" -h db "-p${MYSQL_MGR_PASSWORD}" mgr <<-EOF
|
||||
REPLACE INTO system_user (id, system_role_id, login, user_client_crt_s_dn_i_dn)
|
||||
VALUES (1, 2,'${CLIENT_CERT_EMAIL}','CN=${CLIENT_CERT_USERNAME}//CN=Class 3 Test CA,O=CAcert Inc.,C=AU');
|
||||
VALUES (
|
||||
1, 2,'${CLIENT_CERT_EMAIL}',
|
||||
'emailAddress=${CLIENT_CERT_EMAIL},CN=${CLIENT_CERT_USERNAME}//CN=Class 3 Test CA,O=CAcert Inc.,C=AU'
|
||||
);
|
||||
|
||||
UPDATE system_config SET config_value='1' WHERE config_key='log.file.enabled';
|
||||
UPDATE system_config SET config_value='mail' WHERE config_key='imap.mailhost';
|
||||
|
|
|
|||
|
|
@ -1,23 +1,23 @@
|
|||
<VirtualHost *:443>
|
||||
ServerName mgr.cacert.localhost
|
||||
ServerAlias www.mgr.cacert.localhost
|
||||
DocumentRoot /var/www/manager/public
|
||||
DocumentRoot /var/www/mgr/manager/public
|
||||
|
||||
SSLEngine on
|
||||
SSLStrictSNIVHostCheck on
|
||||
SSLProtocol all -SSLv2 -SSLv3 -TLSv1
|
||||
SSLHonorCipherOrder on
|
||||
SSLCipherSuite kEECDH:kEDH:AESGCM:ALL:!3DES!RC4:!LOW:!EXP:!MD5:!aNULL:!eNULL
|
||||
SSLCertificateFile /etc/ssl/certs/mgr.cacert.localhost.crt.pem
|
||||
SSLCertificateKeyFile /etc/ssl/private/mgr.cacert.localhost.key.pem
|
||||
SSLCertificateChainFile /etc/ssl/certs/combined.crt
|
||||
SSLCertificateFile /etc/apache2/ssl/certs/mgr.cacert.localhost.crt.pem
|
||||
SSLCertificateKeyFile /etc/apache2/ssl/private/mgr.cacert.localhost.key.pem
|
||||
|
||||
SSLCACertificateFile /etc/ssl/certs/combined.crt
|
||||
SSLCACertificateFile /etc/apache2/ssl/certs/combined.crt
|
||||
SSLCADNRequestFile /etc/apache2/ssl/certs/clientca.crt
|
||||
SSLVerifyClient optional
|
||||
SSLVerifyDepth 2
|
||||
SSLOptions +StdEnvVars
|
||||
|
||||
<Directory /var/www/manager/public>
|
||||
<Directory /var/www/mgr/manager/public>
|
||||
Options Indexes FollowSymlinks MultiViews
|
||||
AllowOverride Options FileInfo
|
||||
</Directory>
|
||||
|
|
|
|||
|
|
@ -24,9 +24,8 @@
|
|||
SSLProtocol all -SSLv2 -SSLv3
|
||||
SSLHonorCipherOrder on
|
||||
SSLCipherSuite kEECDH:kEDH:AESGCM:ALL:!3DES!RC4:!LOW:!EXP:!MD5:!aNULL:!eNULL
|
||||
SSLCertificateFile /etc/ssl/certs/test.cacert.localhost.crt.pem
|
||||
SSLCertificateKeyFile /etc/ssl/private/test.cacert.localhost.key.pem
|
||||
SSLCACertificateFile /etc/ssl/certs/combined.crt
|
||||
SSLCertificateFile /etc/apache2/ssl/certs/test.cacert.localhost.crt.pem
|
||||
SSLCertificateKeyFile /etc/apache2/ssl/private/test.cacert.localhost.key.pem
|
||||
|
||||
Header always set Strict-Transport-Security "max-age=31536000"
|
||||
|
||||
|
|
@ -50,11 +49,12 @@
|
|||
SSLProtocol all -SSLv2 -SSLv3
|
||||
SSLHonorCipherOrder on
|
||||
SSLCipherSuite kEECDH:kEDH:AESGCM:ALL:!3DES!RC4:!LOW:!EXP:!MD5:!aNULL:!eNULL
|
||||
SSLCertificateFile /etc/ssl/certs/secure.test.cacert.localhost.crt.pem
|
||||
SSLCertificateKeyFile /etc/ssl/private/secure.test.cacert.localhost.key.pem
|
||||
SSLCertificateFile /etc/apache2/ssl/certs/secure.test.cacert.localhost.crt.pem
|
||||
SSLCertificateKeyFile /etc/apache2/ssl/private/secure.test.cacert.localhost.key.pem
|
||||
|
||||
SSLVerifyClient require
|
||||
SSLVerifyDepth 2
|
||||
SSLCACertificateFile /etc/ssl/certs/combined.crt
|
||||
SSLCACertificateFile /etc/ssl/apache2/certs/combined.crt
|
||||
#SSLCARevocationFile /etc/ssl/crls/cacert-combined.crl
|
||||
#SSLOCSPEnable on
|
||||
#SSLOCSPDefaultResponder http://ocsp.cacert.localhost/
|
||||
|
|
|
|||
|
|
@ -4,6 +4,7 @@ set -eux
|
|||
|
||||
mysql -h localhost -u root "-p$MYSQL_ROOT_PASSWORD" <<-EOF
|
||||
CREATE database cacert CHARSET latin1 COLLATE latin1_swedish_ci;
|
||||
CREATE database $MYSQL_CATS_DATABASE CHARSET latin1 COLLATE latin1_swedish_ci;
|
||||
CREATE database mgr CHARSET utf8 COLLATE utf8_unicode_ci;
|
||||
EOF
|
||||
|
||||
|
|
@ -13,6 +14,11 @@ done
|
|||
|
||||
mysql -h localhost -u root "-p$MYSQL_ROOT_PASSWORD" mgr </mgr_dbadm/ca_mgr.mysql
|
||||
|
||||
mysql -h localhost -u root "-p$MYSQL_ROOT_PASSWORD" "${MYSQL_CATS_DATABASE}" </cats_db/create_db.sql
|
||||
mysql -h localhost -u root "-p$MYSQL_ROOT_PASSWORD" "${MYSQL_CATS_DATABASE}" </cats_db/update1.sql
|
||||
mysql -h localhost -u root "-p$MYSQL_ROOT_PASSWORD" "${MYSQL_CATS_DATABASE}" </cats_db/update2.sql
|
||||
mysql -h localhost -u root "-p$MYSQL_ROOT_PASSWORD" "${MYSQL_CATS_DATABASE}" </cats_db/sample_test.sql
|
||||
|
||||
mysql -h localhost -u root "-p$MYSQL_ROOT_PASSWORD" cacert <<-'EOF'
|
||||
INSERT INTO languages (locale, en_co, en_lang, country, lang)
|
||||
VALUES ('sq_AL', 'Albania', 'Albanian', 'Shqipëria', 'shqipe'),
|
||||
|
|
@ -122,7 +128,9 @@ GRANT CREATE TEMPORARY TABLES ON cacert.* TO $MYSQL_APP_USER@'%';
|
|||
GRANT SELECT, INSERT, UPDATE, DELETE ON cacert.* TO $MYSQL_APP_USER@'%';
|
||||
|
||||
CREATE USER $MYSQL_MGR_USER@'%' IDENTIFIED BY '$MYSQL_MGR_PASSWORD';
|
||||
GRANT CREATE TEMPORARY TABLES ON mgr.* TO $MYSQL_MGR_USER@'%';
|
||||
GRANT SELECT, INSERT, UPDATE, DELETE ON mgr.* TO $MYSQL_MGR_USER@'%';
|
||||
GRANT SELECT, INSERT, UPDATE, DELETE ON cacert.* TO $MYSQL_MGR_USER@'%';
|
||||
|
||||
CREATE USER $MYSQL_CATS_USER@'%' IDENTIFIED BY '$MYSQL_CATS_PASSWORD';
|
||||
GRANT SELECT, INSERT, UPDATE, DELETE ON $MYSQL_CATS_DATABASE.* TO $MYSQL_CATS_USER@'%';
|
||||
EOF
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue