From ff5ea7dd396704cbc39e296e9fb85e92e2644391 Mon Sep 17 00:00:00 2001 From: Jan Dittberner Date: Mon, 21 Dec 2020 18:44:20 +0100 Subject: [PATCH] Refine local setup - Add dependencies for gettext and PDF support - add whois and netbase to support whois checks - remove docker/mysql.php because configuration should be done via environment variables - install CAcert CA certificates to allow retrieval of translation data from translations.cacert.org - build i18n files on start of application container - disable broken OCSP stapling for local certificates - add language data during database initialization --- application.Dockerfile | 14 ++++- docker-compose.yml | 13 +++++ docker/apache-foreground | 8 +-- docker/cacert.conf | 2 +- docker/initdb.sh | 103 +++++++++++++++++++++++++++++++++++ docker/mysql.php | 114 --------------------------------------- 6 files changed, 131 insertions(+), 123 deletions(-) delete mode 100644 docker/mysql.php diff --git a/application.Dockerfile b/application.Dockerfile index 1fa5b39..f870bb7 100644 --- a/application.Dockerfile +++ b/application.Dockerfile @@ -5,16 +5,22 @@ RUN apt-get update \ apt-get install -y --no-install-recommends \ ca-certificates \ curl \ + gettext \ libapache2-mod-php5 \ locales-all \ mariadb-client \ + make \ + netbase \ nullmailer \ php-apc \ + php-fpdf \ + php-gettext \ php-mail \ php-mail-mime \ php-mail-mimedecode \ php-net-smtp \ php-net-socket \ + php-tcpdf \ php5-apcu \ php5-curl \ php5-gd \ @@ -27,6 +33,7 @@ RUN apt-get update \ php5-recode \ psmisc \ wamerican \ + whois \ && apt-get clean \ && rm -rf /var/lib/apt/lists/* @@ -34,7 +41,6 @@ STOPSIGNAL SIGWINCH COPY docker/apache-foreground /usr/local/bin/ COPY testca/ /usr/local/etc/testca/ -COPY docker/mysql.php /usr/local/etc/application/mysql.php COPY docker/apache-virtualhost.conf /etc/apache2/sites-available/ COPY docker/cacert.conf /etc/apache2/conf-available/ COPY docker/php5-cacert.ini /etc/php5/mods-available/cacert.ini @@ -48,7 +54,11 @@ RUN a2ensite apache-virtualhost ; \ a2enmod headers ; \ a2enmod rewrite ; \ a2enmod ssl ; \ - ln -s /etc/php5/mods-available/cacert.ini /etc/php5/apache2/conf.d/20-cacert.ini + ln -s /etc/php5/mods-available/cacert.ini /etc/php5/apache2/conf.d/20-cacert.ini ; \ + cd /usr/local/share/ca-certificates ; \ + curl -O http://www.cacert.org/certs/root_X0F.crt ; \ + curl -O http://www.cacert.org/certs/class3_X0E.crt ; \ + update-ca-certificates EXPOSE 80 EXPOSE 443 diff --git a/docker-compose.yml b/docker-compose.yml index 79b4a53..5b0cf8b 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -23,6 +23,19 @@ services: build: context: . dockerfile: application.Dockerfile + environment: + DEPLOYMENT_NAME: "CAcert.org Website (local development)" + MYSQL_APP_HOSTNAME: db + MYSQL_APP_DATABASE: cacert + CSR_DIRECTORY: /csr + CRT_DIRECTORY: /crt + DEFAULT_HOSTNAME: test.cacert.localhost + SECURE_HOSTNAME: secure.test.cacert.localhost + TVERIFY_HOSTNAME: tverify.test.cacert.localhost + INSECURE_PORT: 8080 + SECURE_PORT: 8443 + RETURN_ADDRESS: "returns@cacert.localhost" + SMTP_HOST: smtp env_file: - ./.env ports: diff --git a/docker/apache-foreground b/docker/apache-foreground index a729be6..e0c24d9 100755 --- a/docker/apache-foreground +++ b/docker/apache-foreground @@ -14,14 +14,10 @@ cp /usr/local/etc/testca/certs/test.cacert.localhost.key.pem /etc/ssl/private/ cp /usr/local/etc/testca/certs/secure.test.cacert.localhost.crt.pem /etc/ssl/certs/ cp /usr/local/etc/testca/certs/secure.test.cacert.localhost.key.pem /etc/ssl/private/ -sed -i "s/@MYSQL_USERNAME@/$MYSQL_APP_USER/g; s/@MYSQL_PASSWORD@/$MYSQL_APP_PASSWORD/g" \ - /usr/local/etc/application/mysql.php -if [ ! -f /www/includes/mysql.php ]; then - rm -f /www/includes/mysql.php - cp /usr/local/etc/application/mysql.php /www/includes/mysql.php -fi cp /usr/local/etc/application/feed.rss /www/pages/index/feed.rss +make -C /www/locale + apache2ctl start "$@" exec tail -F --follow=name --retry /var/log/apache2/error.log /var/log/apache2/phperror.log diff --git a/docker/cacert.conf b/docker/cacert.conf index 1edd99a..fdb0250 100644 --- a/docker/cacert.conf +++ b/docker/cacert.conf @@ -46,7 +46,7 @@ AddDefaultCharset on # OCSP Stapling, only in httpd 2.3.3 and later - SSLUseStapling on + SSLUseStapling off SSLStaplingResponderTimeout 5 SSLStaplingReturnResponderErrors off SSLStaplingCache shmcb:${APACHE_RUN_DIR}/ocsp(1280000) diff --git a/docker/initdb.sh b/docker/initdb.sh index 906ba97..4a1cc21 100755 --- a/docker/initdb.sh +++ b/docker/initdb.sh @@ -12,3 +12,106 @@ EOF for script in /db_migrations/*.sh; do sh "$script" -h localhost -u root "-p$MYSQL_ROOT_PASSWORD" cacert done + +mysql -h localhost -u root "-p$MYSQL_ROOT_PASSWORD" cacert <<-'EOF' +INSERT INTO languages (locale, en_co, en_lang, country, lang) +VALUES ('sq_AL', 'Albania', 'Albanian', 'Shqipëria', 'shqipe'), + ('ar_DZ', 'Algeria', 'Arabic', 'ﺮﺌﺎﺰﺠﻠﺍ', 'ﺔﻴﺐﺮﻌﻠﺍ'), + ('ar_AA', 'Arabic Speaking', 'Arabic', 'ﺔﻴﺐﺮﻌﻠﺍ', 'ﺔﻴﺐﺮﻌﻠﺍ'), + ('es_AR', 'Argentina', 'Spanish', 'Argentina', 'Español'), + ('en_AU', 'Australia', 'English', 'Australia', 'English'), + ('de_AT', 'Austria', 'German', 'Österreich', 'Deutsch'), + ('ar_BH', 'Bahrain', 'Arabic', 'ﻦﻴﺮﺤﺐﻠﺍ', 'ﺔﻴﺐﺮﻌﻠﺍ'), + ('be_BY', 'Belarus', 'Belarusian', 'Беларусь', 'беларуски'), + ('nl_BE', 'Belgium', 'Dutch', 'België', 'Nederlands'), + ('fr_BE', 'Belgium', 'French', 'Belgique', 'français'), + ('es_BO', 'Bolivia', 'Spanish', 'Bolivia', 'Español'), + ('sh_BA', 'Bosnia Herzogovina', 'Serbo-Croatian', 'Bosnia Herzogovina', 'Serbo-Croatian'), + ('pt_BR', 'Brazil', 'Portuguese', 'Brasil', 'Português'), + ('bg_BG', 'Bulgaria', 'Bulgarian', 'България', 'български'), + ('en_CA', 'Canada', 'English', 'Canada', 'English'), + ('fr_CA', 'Canada', 'French', 'Canada', 'français'), + ('es_CL', 'Chile', 'Spanish', 'Chile', 'Español'), + ('es_CO', 'Colombia', 'Spanish', 'Colombia', 'Español'), + ('es_CR', 'Costa Rica', 'Spanish', 'Costa Rica', 'Español'), + ('hr_HR', 'Croatia', 'Croatian', 'Hrvatska', 'hrvatski'), + ('cs_CZ', 'Czech Republic', 'Czech', 'Česká republika', 'čeština'), + ('da_DK', 'Denmark', 'Danish', 'Danmark', 'dansk'), + ('es_DO', 'Dominican Republic', 'Spanish', 'República Dominicana', 'Español'), + ('es_EC', 'Ecuador', 'Spanish', 'Ecuador', 'Español'), + ('ar_EG', 'Egypt', 'Arabic', 'ﺮﺼﻣ', 'ﺔﻴﺐﺮﻌﻠﺍ'), + ('es_SV', 'El Salvador', 'Spanish', 'El Salvador', 'Español'), + ('et_EE', 'Estonia', 'Estonian', 'Eesti', 'eesti'), + ('mk_MK', 'FYR Macedonia', 'Macedonian', 'FYR Macedonia', 'Macedonian'), + ('fi_FI', 'Finland', 'Finnish', 'Suomi', 'suomi'), + ('sv_FI', 'Finland', 'Swedish', 'Finland', 'svenska'), + ('fr_FR', 'France', 'French', 'France', 'français'), + ('de_DE', 'Germany', 'German', 'Deutschland', 'Deutsch'), + ('el_GR', 'Greece', 'Greek', 'Ελλάδα', 'ελληνικά'), + ('es_GT', 'Guatemala', 'Spanish', 'Guatemala', 'Español'), + ('es_HN', 'Honduras', 'Spanish', 'Honduras', 'Español'), + ('zh_HK', 'Hong Kong', 'Chinese', '香港', '中文'), + ('hu_HU', 'Hungary', 'Hungarian', 'Magyarország', 'magyar'), + ('is_IS', 'Iceland', 'Icelandic', 'Ísland', 'íslenska'), + ('in_ID', 'Indonesia', 'Indonesian', 'Indonesia', 'Bahasa Indonesia'), + ('fa_IR', 'Iran', 'Farsi', 'Iran', 'ﻰﺴﺮﺎﻓ'), + ('en_IE', 'Ireland', 'English', 'Ireland', 'English'), + ('he_IL', 'Israel', 'Hebrew', 'לארשי', 'תירבע'), + ('iw_IL', 'Israel', 'Hebrew', 'לארשי', 'תירבע'), + ('it_IT', 'Italy', 'Italian', 'Italia', 'italiano'), + ('ja_JP', 'Japan', 'Japanese', '日本', '日本語'), + ('ar_JO', 'Jordan', 'Arabic', 'ﻦﺪﺮﺄﻠﺍ', 'ﺔﻴﺐﺮﻌﻠﺍ'), + ('ko_KR', 'Korea', 'Korean', '대한민국', '한국어'), + ('ar_KW', 'Kuwait', 'Arabic', 'ﺖﻴﻮﻜﻠﺍ', 'ﺔﻴﺐﺮﻌﻠﺍ'), + ('es_LA', 'Latin America', 'Spanish', 'América latina', 'Español'), + ('lv_LV', 'Latvia', 'Latvian', 'Latvija', 'latviešu'), + ('ar_LB', 'Lebanon', 'Arabic', 'ﻦﺎﻨﺐﻟ', 'ﺔﻴﺐﺮﻌﻠﺍ'), + ('de_LI', 'Liechtenstein', 'German', 'Liechtenstein', 'Deutsch'), + ('lt_LT', 'Lithuania', 'Lithuanian', 'Lietuva', 'lietuvių'), + ('fr_LU', 'Luxembourg', 'French', 'Luxembourg', 'français'), + ('de_LU', 'Luxembourg', 'German', 'Luxemburg', 'Deutsch'), + ('es_MX', 'Mexico', 'Spanish', 'México', 'Español'), + ('ar_MA', 'Morocco', 'Arabic', 'ﺔﻴﺐﺮﻐﻤﻠﺍ ﺔﻜﻠﻤﻤﻠﺍ', 'ﺔﻴﺐﺮﻌﻠﺍ'), + ('nl_NL', 'Netherlands', 'Dutch', 'Nederland', 'Nederlands'), + ('en_NZ', 'New Zealand', 'English', 'New Zealand', 'English'), + ('es_NI', 'Nicaragua', 'Spanish', 'Nicarágua', 'Español'), + ('no_NO', 'Norway', 'Norwegian', 'Norge', 'bokmål'), + ('ar_OM', 'Oman', 'Arabic', 'ﻦﺎﻤﻋ', 'ﺔﻴﺐﺮﻌﻠﺍ'), + ('es_PA', 'Panama', 'Spanish', 'Panamá', 'Español'), + ('es_PY', 'Paraguay', 'Spanish', 'Paraguay', 'Español'), + ('zh_CN', 'People''s Republic of China', 'Chinese', '中华人民共和国', '中文'), + ('es_PE', 'Peru', 'Spanish', 'Perú', 'Español'), + ('pl_PL', 'Poland', 'Polish', 'Polska', 'polski'), + ('pt_PT', 'Portugal', 'Portuguese', 'Portugal', 'português'), + ('ar_QA', 'Qatar', 'Arabic', 'ﺮﻄﻗ', 'ﺔﻴﺐﺮﻌﻠﺍ'), + ('ro_RO', 'Romania', 'Romanian', 'România', 'română'), + ('ru_RU', 'Russia', 'Russian', 'Россия', 'русский'), + ('ar_SA', 'Saudi Arabia', 'Arabic', 'ﺔﻴﺪﻮﻌﺴﻠﺍ ﺔﻴﺐﺮﻌﻠﺍ ﺔﻜﻠﻤﻤﻠﺍ', 'ﺔﻴﺐﺮﻌﻠﺍ'), + ('hr_SP', 'Serbia', 'Romanian', 'Srbija', 'română'), + ('sr_SP', 'Serbia', 'Serbian (Cyrillic)', 'Југославија', 'српски'), + ('zh_SG', 'Singapore', 'Chinese', '新加坡', '中文'), + ('sk_SK', 'Slovakia', 'Slovak', 'Slovenská republika', 'slovenčina'), + ('sl_SI', 'Slovenia', 'Slovene', 'Slovenija', 'slovenski'), + ('en_ZA', 'South Africa', 'English', 'South Africa', 'English'), + ('eu_ES', 'Spain', 'Basque', 'Espainia', 'Euskara'), + ('ca_ES', 'Spain', 'Catalan', 'Espanya', 'català'), + ('es_ES', 'Spain', 'Spanish', 'España', 'Español'), + ('sv_SE', 'Sweden', 'Swedish', 'Sverige', 'svenska'), + ('fr_CH', 'Switzerland', 'French', 'Suisse', 'français'), + ('de_CH', 'Switzerland', 'German', 'Schweiz', 'Deutsch'), + ('it_CH', 'Switzerland', 'Italian', 'Svizzera', 'italiano'), + ('ar_SY', 'Syria', 'Arabic', 'ﺎﻴﺮﻮﺳ', 'ﺔﻴﺐﺮﻌﻠﺍ'), + ('zh_TW', 'Taiwan', 'Chinese', '中華民國', '中文'), + ('th_TH', 'Thailand', 'Thai', 'ไทย', 'ไทย'), + ('ar_TN', 'Tunisia', 'Arabic', 'ﺲﻨﻮﺗ', 'ﺔﻴﺐﺮﻌﻠﺍ'), + ('tr_TR', 'Turkey', 'Turkish', 'Türkiye', 'Türkçe'), + ('ar_UA', 'U.A.E.', 'Arabic', 'ﺔﺪﺤﺘﻤﻠﺍ ﺔﻴﺐﺮﻌﻠﺍ ﺖﺎﺮﺎﻤﺈﻠﺍ', 'ﺔﻴﺐﺮﻌﻠﺍ'), + ('uk_UA', 'Ukraine', 'Ukrainian', 'Україна', 'україньска'), + ('en_GB', 'United Kingdom', 'English', 'United Kingdom', 'English'), + ('en_US', 'United States', 'English', 'United States', 'English'), + ('es_US', 'United States', 'Spanish', 'Estados Unidos', 'Español'), + ('es_UY', 'Uruguay', 'Spanish', 'Uruguay', 'Español'), + ('es_VE', 'Venezuela', 'Spanish', 'Venezuela', 'Español'), + ('vi_VN', 'Vietnam', 'Vietnamese', 'Việt Nam', 'Tiểng Việt'), + ('ar_YE', 'Yemen', 'Arabic', 'ﻦﻤﻴﻠﺍ', 'ﺔﻴﺐﺮﻌﻠﺍ'); +EOF \ No newline at end of file diff --git a/docker/mysql.php b/docker/mysql.php deleted file mode 100644 index 2b4dbf4..0000000 --- a/docker/mysql.php +++ /dev/null @@ -1,114 +0,0 @@ -\r\n"); - $InputBuffer = fgets($smtp, 1024); - $bits = explode(",", $to); - foreach($bits as $user) - fputs($smtp, "RCPT TO:<".trim($user).">\r\n"); - $InputBuffer = fgets($smtp, 1024); - fputs($smtp, "DATA\r\n"); - $InputBuffer = fgets($smtp, 1024); - fputs($smtp, "X-Mailer: CAcert.org Website (local development)\r\n"); - if (array_key_exists("REMOTE_ADDR", $_SERVER)) - fputs($smtp, "X-OriginatingIP: ".$_SERVER["REMOTE_ADDR"]."\r\n"); - fputs($smtp, "Sender: $errorsto\r\n"); - fputs($smtp, "Errors-To: $errorsto\r\n"); - if($replyto != "") - fputs($smtp, "Reply-To: $replyto\r\n"); - else - fputs($smtp, "Reply-To: $from\r\n"); - fputs($smtp, "From: $from\r\n"); - fputs($smtp, "To: $to\r\n"); - if(preg_match("/[^a-zA-Z0-9 .-\[\]!_@]/",$subject)) - { - fputs($smtp, "Subject: =?utf-8?B?".base64_encode(recode("html..utf-8", $subject))."?=\r\n"); - } - else - { - fputs($smtp, "Subject: $subject\r\n"); - } - fputs($smtp, "Mime-Version: 1.0\r\n"); - if($use_utf8) - { - fputs($smtp, "Content-Type: text/plain; charset=\"utf-8\"\r\n"); - } - else - { - fputs($smtp, "Content-Type: text/plain; charset=\"iso-8859-1\"\r\n"); - } - fputs($smtp, "Content-Transfer-Encoding: quoted-printable\r\n"); - fputs($smtp, "Content-Disposition: inline\r\n"); - -// fputs($smtp, "Content-Transfer-Encoding: BASE64\r\n"); - fputs($smtp, "\r\n"); -// fputs($smtp, chunk_split(base64_encode(recode("html..utf-8", $message)))."\r\n.\r\n"); - $encoded_lines = explode( "\n", str_replace("\r", "", $message) ); - array_walk( $encoded_lines, - function (&$a) { - $a = quoted_printable_encode(recode("html..utf-8", $a)); - }); - $encoded_message = implode("\n", $encoded_lines); - - $encoded_message = str_replace("\r.", "\r=2E", $encoded_message); - $encoded_message = str_replace("\n.", "\n=2E", $encoded_message); - fputs($smtp, $encoded_message); - fputs($smtp, "\r\n.\r\n"); - fputs($smtp, "QUIT\n"); - $InputBuffer = fgets($smtp, 1024); - fclose($smtp); -}