From da253163d5352f5487d68d0ae30a1667482de1cb Mon Sep 17 00:00:00 2001 From: Jamie Nguyen Date: Tue, 17 Jul 2018 14:11:52 +0100 Subject: Switch to copying whole directory of config files --- 2.4/Dockerfile | 13 +++---------- 2.4/conf/conf-available/dav.conf | 25 +++++++++++++++++++++++++ 2.4/conf/sites-available/default-ssl.conf | 18 ++++++++++++++++++ 2.4/conf/sites-available/default.conf | 11 +++++++++++ 2.4/dav.conf | 25 ------------------------- 2.4/default-ssl.conf | 18 ------------------ 2.4/default.conf | 11 ----------- 7 files changed, 57 insertions(+), 64 deletions(-) create mode 100644 2.4/conf/conf-available/dav.conf create mode 100644 2.4/conf/sites-available/default-ssl.conf create mode 100644 2.4/conf/sites-available/default.conf delete mode 100644 2.4/dav.conf delete mode 100644 2.4/default-ssl.conf delete mode 100644 2.4/default.conf diff --git a/2.4/Dockerfile b/2.4/Dockerfile index 151bd38..58e3ea7 100644 --- a/2.4/Dockerfile +++ b/2.4/Dockerfile @@ -4,17 +4,8 @@ MAINTAINER Bytemark Hosting "support@bytemark.co.uk" # This variable is inherited from httpd:alpine image: # ENV HTTPD_PREFIX /usr/local/apache2 -RUN set -ex; \ - # Create Debian-style subdirectories. - mkdir -p "$HTTPD_PREFIX/conf/conf-available"; \ - mkdir -p "$HTTPD_PREFIX/conf/conf-enabled"; \ - mkdir -p "$HTTPD_PREFIX/conf/sites-available"; \ - mkdir -p "$HTTPD_PREFIX/conf/sites-enabled" - # Copy in our configuration files. -COPY dav.conf "$HTTPD_PREFIX/conf/conf-available" -COPY default.conf "$HTTPD_PREFIX/conf/sites-available" -COPY default-ssl.conf "$HTTPD_PREFIX/conf/sites-available" +COPY conf/ "$HTTPD_PREFIX/conf/" RUN set -ex; \ # Create empty default DocumentRoot. @@ -51,6 +42,8 @@ RUN set -ex; \ >> "$HTTPD_PREFIX/conf/httpd.conf"; \ \ # Enable dav and default site. + mkdir -p "$HTTPD_PREFIX/conf/conf-enabled"; \ + mkdir -p "$HTTPD_PREFIX/conf/sites-enabled"; \ ln -s ../conf-available/dav.conf "$HTTPD_PREFIX/conf/conf-enabled"; \ ln -s ../sites-available/default.conf "$HTTPD_PREFIX/conf/sites-enabled" diff --git a/2.4/conf/conf-available/dav.conf b/2.4/conf/conf-available/dav.conf new file mode 100644 index 0000000..caacd03 --- /dev/null +++ b/2.4/conf/conf-available/dav.conf @@ -0,0 +1,25 @@ +DavLockDB "/var/lib/dav/DavLock" +Alias / "/var/lib/dav/data/" + + Dav On + Options Indexes FollowSymLinks + + AuthType Basic + AuthName "WebDAV" + AuthUserFile "/user.passwd" + + Require valid-user + + + +# These disable redirects on non-GET requests for directories that +# don't include the trailing slash (for misbehaving clients). +BrowserMatch "Microsoft Data Access Internet Publishing Provider" redirect-carefully +BrowserMatch "MS FrontPage" redirect-carefully +BrowserMatch "^WebDrive" redirect-carefully +BrowserMatch "^WebDAVFS/1.[01234]" redirect-carefully +BrowserMatch "^gnome-vfs/1.0" redirect-carefully +BrowserMatch "^XML Spy" redirect-carefully +BrowserMatch "^Dreamweaver-WebDAV-SCM1" redirect-carefully +BrowserMatch " Konqueror/4" redirect-carefully +BrowserMatch "^gvfs" redirect-carefully diff --git a/2.4/conf/sites-available/default-ssl.conf b/2.4/conf/sites-available/default-ssl.conf new file mode 100644 index 0000000..ef90866 --- /dev/null +++ b/2.4/conf/sites-available/default-ssl.conf @@ -0,0 +1,18 @@ +Listen 443 + + Protocols h2 http/1.1 + ServerName localhost + DocumentRoot "/var/www/html/" + + Require all denied + + CustomLog /proc/self/fd/1 combined + ErrorLog /proc/self/fd/2 + SSLEngine on + SSLCertificateFile /cert.pem + SSLCertificateKeyFile /privkey.pem + SSLProtocol all -SSLv3 + SSLCipherSuite ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS + SSLHonorCipherOrder on + SSLSessionTickets off + diff --git a/2.4/conf/sites-available/default.conf b/2.4/conf/sites-available/default.conf new file mode 100644 index 0000000..e309338 --- /dev/null +++ b/2.4/conf/sites-available/default.conf @@ -0,0 +1,11 @@ + + ServerName localhost + DocumentRoot "/var/www/html/" + + Require all denied + + CustomLog /proc/self/fd/1 combined + ErrorLog /proc/self/fd/2 + # This lets certain DAV methods work behind an SSL reverse proxy. + RequestHeader edit Destination ^https http early + diff --git a/2.4/dav.conf b/2.4/dav.conf deleted file mode 100644 index caacd03..0000000 --- a/2.4/dav.conf +++ /dev/null @@ -1,25 +0,0 @@ -DavLockDB "/var/lib/dav/DavLock" -Alias / "/var/lib/dav/data/" - - Dav On - Options Indexes FollowSymLinks - - AuthType Basic - AuthName "WebDAV" - AuthUserFile "/user.passwd" - - Require valid-user - - - -# These disable redirects on non-GET requests for directories that -# don't include the trailing slash (for misbehaving clients). -BrowserMatch "Microsoft Data Access Internet Publishing Provider" redirect-carefully -BrowserMatch "MS FrontPage" redirect-carefully -BrowserMatch "^WebDrive" redirect-carefully -BrowserMatch "^WebDAVFS/1.[01234]" redirect-carefully -BrowserMatch "^gnome-vfs/1.0" redirect-carefully -BrowserMatch "^XML Spy" redirect-carefully -BrowserMatch "^Dreamweaver-WebDAV-SCM1" redirect-carefully -BrowserMatch " Konqueror/4" redirect-carefully -BrowserMatch "^gvfs" redirect-carefully diff --git a/2.4/default-ssl.conf b/2.4/default-ssl.conf deleted file mode 100644 index ef90866..0000000 --- a/2.4/default-ssl.conf +++ /dev/null @@ -1,18 +0,0 @@ -Listen 443 - - Protocols h2 http/1.1 - ServerName localhost - DocumentRoot "/var/www/html/" - - Require all denied - - CustomLog /proc/self/fd/1 combined - ErrorLog /proc/self/fd/2 - SSLEngine on - SSLCertificateFile /cert.pem - SSLCertificateKeyFile /privkey.pem - SSLProtocol all -SSLv3 - SSLCipherSuite ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS - SSLHonorCipherOrder on - SSLSessionTickets off - diff --git a/2.4/default.conf b/2.4/default.conf deleted file mode 100644 index e309338..0000000 --- a/2.4/default.conf +++ /dev/null @@ -1,11 +0,0 @@ - - ServerName localhost - DocumentRoot "/var/www/html/" - - Require all denied - - CustomLog /proc/self/fd/1 combined - ErrorLog /proc/self/fd/2 - # This lets certain DAV methods work behind an SSL reverse proxy. - RequestHeader edit Destination ^https http early - -- cgit v1.2.1