1
0

Remove confog.php bootstrap

This commit is contained in:
michael 2023-12-06 12:05:54 +13:00
parent 6a5bd17d78
commit c42491a388
4 changed files with 87 additions and 1 deletions

8
Dockerfile Normal file
View File

@ -0,0 +1,8 @@
FROM osixia/phpldapadmin
ENV DEBIAN_FRONTEND=noninteractive
RUN apt update && \
apt install --no-install-recommends -y ca-certificates dnsutils iputils-ping && \
rm -rf /var/lib/apt/lists/*
COPY ldap.conf /etc/ldap/ldap.conf
COPY startup.sh /container/service/phpldapadmin/startup.sh

View File

@ -1,2 +1,7 @@
# phpldapadmin Extendded from Osixia/phpldapadmin
- Adds ca-certificates package
- Points ldap.conf TLS_CACERT to the ISRG Root X1 CA (allows using let's Encrypt certificates for ldaps)
- Rips out the config.php bootstrap from startup
- Expects an existing config (ie a volume mounted configMap) present at /container/service/phpldapadmin/assets/config/config.php
- The read-only config mount will be copied to /var/www/phpldapadmin/config/config.php at startup and chowned to www-data

1
ldap.conf Normal file
View File

@ -0,0 +1 @@
TLS_CACERT /etc/ssl/certs/ISRG_Root_X1.pem

72
startup.sh Executable file
View File

@ -0,0 +1,72 @@
#!/bin/bash -e
# set -x (bash debug) if log level is trace
# https://github.com/osixia/docker-light-baseimage/blob/stable/image/tool/log-helper
log-helper level eq trace && set -x
FIRST_START_DONE="${CONTAINER_STATE_DIR}/docker-phpldapadmin-first-start-done"
#
# HTTPS config
#
if [ "${PHPLDAPADMIN_HTTPS,,}" == "true" ]; then
log-helper info "Set apache2 https config..."
# generate a certificate and key if files don't exists
# https://github.com/osixia/docker-light-baseimage/blob/stable/image/service-available/:ssl-tools/assets/tool/ssl-helper
ssl-helper ${PHPLDAPADMIN_SSL_HELPER_PREFIX} "${CONTAINER_SERVICE_DIR}/phpldapadmin/assets/apache2/certs/$PHPLDAPADMIN_HTTPS_CRT_FILENAME" "${CONTAINER_SERVICE_DIR}/phpldapadmin/assets/apache2/certs/$PHPLDAPADMIN_HTTPS_KEY_FILENAME" "${CONTAINER_SERVICE_DIR}/phpldapadmin/assets/apache2/certs/$PHPLDAPADMIN_HTTPS_CA_CRT_FILENAME"
# add CA certificat config if CA cert exists
if [ -e "${CONTAINER_SERVICE_DIR}/phpldapadmin/assets/apache2/certs/$PHPLDAPADMIN_HTTPS_CA_CRT_FILENAME" ]; then
sed -i "s/#SSLCACertificateFile/SSLCACertificateFile/g" ${CONTAINER_SERVICE_DIR}/phpldapadmin/assets/apache2/https.conf
fi
ln -sf ${CONTAINER_SERVICE_DIR}/phpldapadmin/assets/apache2/https.conf /etc/apache2/sites-available/phpldapadmin.conf
#
# HTTP config
#
else
log-helper info "Set apache2 http config..."
ln -sf ${CONTAINER_SERVICE_DIR}/phpldapadmin/assets/apache2/http.conf /etc/apache2/sites-available/phpldapadmin.conf
fi
#
# Reverse proxy config
#
if [ "${PHPLDAPADMIN_TRUST_PROXY_SSL,,}" == "true" ]; then
echo 'SetEnvIf X-Forwarded-Proto "^https$" HTTPS=on' > /etc/apache2/mods-enabled/remoteip_ssl.conf
fi
a2ensite phpldapadmin | log-helper debug
#
# phpLDAPadmin directory is empty, we use the bootstrap
#
if [ ! "$(ls -A -I lost+found /var/www/phpldapadmin)" ]; then
log-helper info "Bootstap phpLDAPadmin..."
cp -R /var/www/phpldapadmin_bootstrap/* /var/www/phpldapadmin
rm -rf /var/www/phpldapadmin_bootstrap
rm -f /var/www/phpldapadmin/config/config.php
fi
# if there is no config
if [ ! -e "/var/www/phpldapadmin/config/config.php" ]; then
log-helper debug "copy ${CONTAINER_SERVICE_DIR}/phpldapadmin/assets/config/config.php to /var/www/phpldapadmin/config/config.php"
cp -f ${CONTAINER_SERVICE_DIR}/phpldapadmin/assets/config/config.php /var/www/phpldapadmin/config/config.php
fi
# fix file permission
find /var/www/ -type d -exec chmod 755 {} \;
find /var/www/ -type f -exec chmod 644 {} \;
chown www-data:www-data -R /var/www
# symlinks special (chown -R don't follow symlinks)
chown www-data:www-data /var/www/phpldapadmin/config/config.php
chmod 400 /var/www/phpldapadmin/config/config.php
exit 0