diff --git a/Dockerfile b/Dockerfile new file mode 100644 index 0000000..11de0a6 --- /dev/null +++ b/Dockerfile @@ -0,0 +1,8 @@ +FROM osixia/phpldapadmin +ENV DEBIAN_FRONTEND=noninteractive +RUN apt update && \ + apt install --no-install-recommends -y ca-certificates dnsutils iputils-ping && \ + rm -rf /var/lib/apt/lists/* +COPY ldap.conf /etc/ldap/ldap.conf +COPY startup.sh /container/service/phpldapadmin/startup.sh + diff --git a/README.md b/README.md index 603a39e..dd7b530 100644 --- a/README.md +++ b/README.md @@ -1,2 +1,7 @@ -# phpldapadmin +Extendded from Osixia/phpldapadmin + - Adds ca-certificates package + - Points ldap.conf TLS_CACERT to the ISRG Root X1 CA (allows using let's Encrypt certificates for ldaps) + - Rips out the config.php bootstrap from startup + - Expects an existing config (ie a volume mounted configMap) present at /container/service/phpldapadmin/assets/config/config.php + - The read-only config mount will be copied to /var/www/phpldapadmin/config/config.php at startup and chowned to www-data diff --git a/ldap.conf b/ldap.conf new file mode 100644 index 0000000..e5d275e --- /dev/null +++ b/ldap.conf @@ -0,0 +1 @@ +TLS_CACERT /etc/ssl/certs/ISRG_Root_X1.pem diff --git a/startup.sh b/startup.sh new file mode 100755 index 0000000..cc81343 --- /dev/null +++ b/startup.sh @@ -0,0 +1,72 @@ +#!/bin/bash -e + +# set -x (bash debug) if log level is trace +# https://github.com/osixia/docker-light-baseimage/blob/stable/image/tool/log-helper +log-helper level eq trace && set -x + +FIRST_START_DONE="${CONTAINER_STATE_DIR}/docker-phpldapadmin-first-start-done" + +# +# HTTPS config +# +if [ "${PHPLDAPADMIN_HTTPS,,}" == "true" ]; then + + log-helper info "Set apache2 https config..." + + # generate a certificate and key if files don't exists + # https://github.com/osixia/docker-light-baseimage/blob/stable/image/service-available/:ssl-tools/assets/tool/ssl-helper + ssl-helper ${PHPLDAPADMIN_SSL_HELPER_PREFIX} "${CONTAINER_SERVICE_DIR}/phpldapadmin/assets/apache2/certs/$PHPLDAPADMIN_HTTPS_CRT_FILENAME" "${CONTAINER_SERVICE_DIR}/phpldapadmin/assets/apache2/certs/$PHPLDAPADMIN_HTTPS_KEY_FILENAME" "${CONTAINER_SERVICE_DIR}/phpldapadmin/assets/apache2/certs/$PHPLDAPADMIN_HTTPS_CA_CRT_FILENAME" + + # add CA certificat config if CA cert exists + if [ -e "${CONTAINER_SERVICE_DIR}/phpldapadmin/assets/apache2/certs/$PHPLDAPADMIN_HTTPS_CA_CRT_FILENAME" ]; then + sed -i "s/#SSLCACertificateFile/SSLCACertificateFile/g" ${CONTAINER_SERVICE_DIR}/phpldapadmin/assets/apache2/https.conf + fi + + ln -sf ${CONTAINER_SERVICE_DIR}/phpldapadmin/assets/apache2/https.conf /etc/apache2/sites-available/phpldapadmin.conf +# +# HTTP config +# +else + log-helper info "Set apache2 http config..." + ln -sf ${CONTAINER_SERVICE_DIR}/phpldapadmin/assets/apache2/http.conf /etc/apache2/sites-available/phpldapadmin.conf +fi + +# +# Reverse proxy config +# +if [ "${PHPLDAPADMIN_TRUST_PROXY_SSL,,}" == "true" ]; then + echo 'SetEnvIf X-Forwarded-Proto "^https$" HTTPS=on' > /etc/apache2/mods-enabled/remoteip_ssl.conf +fi + +a2ensite phpldapadmin | log-helper debug + +# +# phpLDAPadmin directory is empty, we use the bootstrap +# +if [ ! "$(ls -A -I lost+found /var/www/phpldapadmin)" ]; then + + log-helper info "Bootstap phpLDAPadmin..." + + cp -R /var/www/phpldapadmin_bootstrap/* /var/www/phpldapadmin + rm -rf /var/www/phpldapadmin_bootstrap + rm -f /var/www/phpldapadmin/config/config.php +fi + +# if there is no config +if [ ! -e "/var/www/phpldapadmin/config/config.php" ]; then + + log-helper debug "copy ${CONTAINER_SERVICE_DIR}/phpldapadmin/assets/config/config.php to /var/www/phpldapadmin/config/config.php" + cp -f ${CONTAINER_SERVICE_DIR}/phpldapadmin/assets/config/config.php /var/www/phpldapadmin/config/config.php + +fi + +# fix file permission +find /var/www/ -type d -exec chmod 755 {} \; +find /var/www/ -type f -exec chmod 644 {} \; +chown www-data:www-data -R /var/www + +# symlinks special (chown -R don't follow symlinks) +chown www-data:www-data /var/www/phpldapadmin/config/config.php +chmod 400 /var/www/phpldapadmin/config/config.php + +exit 0 \ No newline at end of file