eightball/all-in-one
1
0
Fork 0
mirror of https://github.com/nextcloud/all-in-one.git synced 2025-12-20 06:26:57 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 10

make apache container read-only

Browse source 
Signed-off-by: Simon L <szaimen@e.mail.de>
This commit is contained in:
Simon L 2023-06-26 17:27:13 +02:00
parent bb63abd8a6
commit 2d0b92db77
5 changed files with 20 additions and 7 deletions
Download patch file Download diff file Expand all files Collapse all files

6
Containers/apache/Dockerfile
View file

@ -22,6 +22,8 @@ RUN set -ex; \
\
mkdir -p /mnt/data; \
chown -R www-data:www-data /mnt/data; \
mkdir /caddy; \
chown 777 /caddy; \
\
apk add --no-cache \
bash \
@ -59,9 +61,13 @@ RUN set -ex; \
mkdir /var/run/supervisord; \
chown www-data:www-data /var/run/supervisord; \
chown www-data:www-data /var/log/supervisord; \
chmod 777 /var/run/supervisord; \
chmod 777 /var/log/supervisord; \
\
chown -R www-data:www-data /usr/local/apache2; \
chmod +r -R /usr/local/apache2; \
mkdir -p /usr/local/apache2/logs; \
chmod 777 -R /usr/local/apache2/logs; \
\
echo "root:$(openssl rand -base64 12)" | chpasswd

10
Containers/apache/start.sh
View file

@ -35,18 +35,18 @@ if [ "$APACHE_PORT" != '443' ]; then
else
CADDYFILE="$(sed 's|auto_https.*|auto_https disable_redirects|' /Caddyfile)"
fi
echo "$CADDYFILE" > /Caddyfile
echo "$CADDYFILE" > /caddy/Caddyfile
# Change the trusted_proxies in case of reverse proxies
if [ "$APACHE_PORT" != '443' ]; then
CADDYFILE="$(sed 's|# trusted_proxies placeholder|trusted_proxies static private_ranges|' /Caddyfile)"
CADDYFILE="$(sed 's|# trusted_proxies placeholder|trusted_proxies static private_ranges|' /caddy/Caddyfile)"
else
CADDYFILE="$(sed 's|trusted_proxies.*private_ranges|# trusted_proxies placeholder|' /Caddyfile)"
CADDYFILE="$(sed 's|trusted_proxies.*private_ranges|# trusted_proxies placeholder|' /caddy/Caddyfile)"
fi
echo "$CADDYFILE" > /Caddyfile
echo "$CADDYFILE" > /caddy/Caddyfile
# Fix the Caddyfile format
caddy fmt --overwrite /Caddyfile
caddy fmt --overwrite /caddy/Caddyfile
# Add caddy path
mkdir -p /mnt/data/caddy/

2
Containers/apache/supervisord.conf
View file

@ -20,4 +20,4 @@ stdout_logfile=/dev/stdout
stdout_logfile_maxbytes=0
stderr_logfile=/dev/stderr
stderr_logfile_maxbytes=0
command=/usr/bin/caddy run --config /Caddyfile
command=/usr/bin/caddy run --config /caddy/Caddyfile