eightball/all-in-one
1
0
Fork 0
mirror of https://github.com/nextcloud/all-in-one.git synced 2025-12-20 14:36:52 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 10

Merge pull request #2874 from nextcloud/enh/2506/apache

Browse source 
make apache container read-only
This commit is contained in:
Simon L 2023-07-13 14:18:49 +02:00 committed by GitHub
commit 1d67da4bd5
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
5 changed files with 20 additions and 7 deletions
Download patch file Download diff file Expand all files Collapse all files

6
Containers/apache/Dockerfile
View file

@ -22,6 +22,8 @@ RUN set -ex; \
\ \
mkdir -p /mnt/data; \ mkdir -p /mnt/data; \
chown -R www-data:www-data /mnt/data; \ chown -R www-data:www-data /mnt/data; \
mkdir /caddy; \
chown 777 /caddy; \
\ \
apk add --no-cache \ apk add --no-cache \
bash \ bash \
@ -59,9 +61,13 @@ RUN set -ex; \
mkdir /var/run/supervisord; \ mkdir /var/run/supervisord; \
chown www-data:www-data /var/run/supervisord; \ chown www-data:www-data /var/run/supervisord; \
chown www-data:www-data /var/log/supervisord; \ chown www-data:www-data /var/log/supervisord; \
chmod 777 /var/run/supervisord; \
chmod 777 /var/log/supervisord; \
\ \
chown -R www-data:www-data /usr/local/apache2; \ chown -R www-data:www-data /usr/local/apache2; \
chmod +r -R /usr/local/apache2; \ chmod +r -R /usr/local/apache2; \
mkdir -p /usr/local/apache2/logs; \
chmod 777 -R /usr/local/apache2/logs; \
\ \
echo "root:$(openssl rand -base64 12)" | chpasswd echo "root:$(openssl rand -base64 12)" | chpasswd

10
Containers/apache/start.sh
View file

@ -35,18 +35,18 @@ if [ "$APACHE_PORT" != '443' ]; then
else else
CADDYFILE="$(sed 's|auto_https.*|auto_https disable_redirects|' /Caddyfile)" CADDYFILE="$(sed 's|auto_https.*|auto_https disable_redirects|' /Caddyfile)"
fi fi
echo "$CADDYFILE" > /Caddyfile echo "$CADDYFILE" > /caddy/Caddyfile
# Change the trusted_proxies in case of reverse proxies # Change the trusted_proxies in case of reverse proxies
if [ "$APACHE_PORT" != '443' ]; then if [ "$APACHE_PORT" != '443' ]; then
CADDYFILE="$(sed 's|# trusted_proxies placeholder|trusted_proxies static private_ranges|' /Caddyfile)" CADDYFILE="$(sed 's|# trusted_proxies placeholder|trusted_proxies static private_ranges|' /caddy/Caddyfile)"
else else
CADDYFILE="$(sed 's|trusted_proxies.*private_ranges|# trusted_proxies placeholder|' /Caddyfile)" CADDYFILE="$(sed 's|trusted_proxies.*private_ranges|# trusted_proxies placeholder|' /caddy/Caddyfile)"
fi fi
echo "$CADDYFILE" > /Caddyfile echo "$CADDYFILE" > /caddy/Caddyfile
# Fix the Caddyfile format # Fix the Caddyfile format
caddy fmt --overwrite /Caddyfile caddy fmt --overwrite /caddy/Caddyfile
# Add caddy path # Add caddy path
mkdir -p /mnt/data/caddy/ mkdir -p /mnt/data/caddy/

2
Containers/apache/supervisord.conf
View file

@ -20,4 +20,4 @@ stdout_logfile=/dev/stdout
stdout_logfile_maxbytes=0 stdout_logfile_maxbytes=0
stderr_logfile=/dev/stderr stderr_logfile=/dev/stderr
stderr_logfile_maxbytes=0 stderr_logfile_maxbytes=0
command=/usr/bin/caddy run --config /Caddyfile command=/usr/bin/caddy run --config /caddy/Caddyfile

2
php/containers-schema.json
View file

@ -141,7 +141,7 @@
"type": "array", "type": "array",
"items": { "items": {
"type": "string", "type": "string",
"pattern": "^/[a-z/_-]+$" "pattern": "^/[a-z/_0-9-]+$"
} }
}, },
"volumes": { "volumes": {

7
php/containers.json
View file

@ -55,6 +55,13 @@
], ],
"networks": [ "networks": [
"nextcloud-aio" "nextcloud-aio"
],
"read_only": true,
"tmpfs": [
"/var/log/supervisord",
"/var/run/supervisord",
"/usr/local/apache2/logs",
"/caddy"
] ]
}, },
{ {