Remove confog.php bootstrap

Dockerfile

@@ -0,0 +1,8 @@
+FROM osixia/phpldapadmin
+ENV DEBIAN_FRONTEND=noninteractive
+RUN apt update && \
+    apt install --no-install-recommends -y ca-certificates dnsutils iputils-ping && \
+    rm -rf /var/lib/apt/lists/*
+COPY ldap.conf /etc/ldap/ldap.conf
+COPY startup.sh /container/service/phpldapadmin/startup.sh
+

README.md

@@ -1,2 +1,7 @@
-# phpldapadmin
+Extendded from Osixia/phpldapadmin
 
+  - Adds ca-certificates package
+  - Points ldap.conf TLS_CACERT to the ISRG Root X1 CA (allows using let's Encrypt certificates for ldaps) 
+  - Rips out the config.php bootstrap from startup
+  - Expects an existing config (ie a volume mounted configMap) present at /container/service/phpldapadmin/assets/config/config.php 
+  - The read-only config mount will be copied to /var/www/phpldapadmin/config/config.php at startup and chowned to www-data

ldap.conf

@@ -0,0 +1 @@
+TLS_CACERT /etc/ssl/certs/ISRG_Root_X1.pem

startup.sh

@@ -0,0 +1,72 @@
+#!/bin/bash -e
+
+# set -x (bash debug) if log level is trace
+# https://github.com/osixia/docker-light-baseimage/blob/stable/image/tool/log-helper
+log-helper level eq trace && set -x
+
+FIRST_START_DONE="${CONTAINER_STATE_DIR}/docker-phpldapadmin-first-start-done"
+
+#
+# HTTPS config
+#
+if [ "${PHPLDAPADMIN_HTTPS,,}" == "true" ]; then
+
+  log-helper info "Set apache2 https config..."
+
+  # generate a certificate and key if files don't exists
+  # https://github.com/osixia/docker-light-baseimage/blob/stable/image/service-available/:ssl-tools/assets/tool/ssl-helper
+  ssl-helper ${PHPLDAPADMIN_SSL_HELPER_PREFIX} "${CONTAINER_SERVICE_DIR}/phpldapadmin/assets/apache2/certs/$PHPLDAPADMIN_HTTPS_CRT_FILENAME" "${CONTAINER_SERVICE_DIR}/phpldapadmin/assets/apache2/certs/$PHPLDAPADMIN_HTTPS_KEY_FILENAME" "${CONTAINER_SERVICE_DIR}/phpldapadmin/assets/apache2/certs/$PHPLDAPADMIN_HTTPS_CA_CRT_FILENAME"
+
+  # add CA certificat config if CA cert exists
+  if [ -e "${CONTAINER_SERVICE_DIR}/phpldapadmin/assets/apache2/certs/$PHPLDAPADMIN_HTTPS_CA_CRT_FILENAME" ]; then
+    sed -i "s/#SSLCACertificateFile/SSLCACertificateFile/g" ${CONTAINER_SERVICE_DIR}/phpldapadmin/assets/apache2/https.conf
+  fi
+
+  ln -sf ${CONTAINER_SERVICE_DIR}/phpldapadmin/assets/apache2/https.conf /etc/apache2/sites-available/phpldapadmin.conf
+#
+# HTTP config
+#
+else
+  log-helper info "Set apache2 http config..."
+  ln -sf ${CONTAINER_SERVICE_DIR}/phpldapadmin/assets/apache2/http.conf /etc/apache2/sites-available/phpldapadmin.conf
+fi
+
+#
+# Reverse proxy config
+#
+if [ "${PHPLDAPADMIN_TRUST_PROXY_SSL,,}" == "true" ]; then
+  echo 'SetEnvIf X-Forwarded-Proto "^https$" HTTPS=on' > /etc/apache2/mods-enabled/remoteip_ssl.conf
+fi
+
+a2ensite phpldapadmin | log-helper debug
+
+#
+# phpLDAPadmin directory is empty, we use the bootstrap
+#
+if [ ! "$(ls -A -I lost+found /var/www/phpldapadmin)" ]; then
+
+  log-helper info "Bootstap phpLDAPadmin..."
+
+  cp -R /var/www/phpldapadmin_bootstrap/* /var/www/phpldapadmin
+  rm -rf /var/www/phpldapadmin_bootstrap
+  rm -f /var/www/phpldapadmin/config/config.php
+fi
+
+# if there is no config
+if [ ! -e "/var/www/phpldapadmin/config/config.php" ]; then
+
+  log-helper debug "copy ${CONTAINER_SERVICE_DIR}/phpldapadmin/assets/config/config.php to /var/www/phpldapadmin/config/config.php"
+  cp -f ${CONTAINER_SERVICE_DIR}/phpldapadmin/assets/config/config.php /var/www/phpldapadmin/config/config.php
+
+fi
+
+# fix file permission
+find /var/www/ -type d -exec chmod 755 {} \;
+find /var/www/ -type f -exec chmod 644 {} \;
+chown www-data:www-data -R /var/www
+
+# symlinks special (chown -R don't follow symlinks)
+chown www-data:www-data /var/www/phpldapadmin/config/config.php
+chmod 400 /var/www/phpldapadmin/config/config.php
+
+exit 0