Merge pull request #782 from jdeathe/centos-6-develop

Release changes for 1.13.2

CHANGELOG.md

@@ -4,6 +4,15 @@
 
 Summary of release changes.
 
+### 1.13.2 - 2019-08-03
+
+- Updates php-hello-world to [0.14.0](https://github.com/jdeathe/php-hello-world/releases/tag/0.14.0).
+- Updates bootstrap script to set ownership of app package binaries in the `bin/` path irrespective of `mod_fcgid` being installed.
+- Updates bootstrap script to truncate `/etc/httpd/conf.d/10-ssl.conf` if SSL disabled; included for consistency with el7 script.
+- Updates screenshots in README.
+- Adds configuration file replacement of placeholders for Xdebug's `DBGP_IDEKEY`.
+- Adds PHP 5 applicable session settings into service configuration; removes dependency on app package configuration.
+
 ### 1.13.1 - 2019-07-26
 
 - Updates php-hello-world to [0.13.0](https://github.com/jdeathe/php-hello-world/releases/tag/0.13.0).

Dockerfile

@@ -3,8 +3,8 @@ FROM jdeathe/centos-ssh:1.11.0
 # Use the form ([{fqdn}-]{package-name}|[{fqdn}-]{provider-name})
 ARG PACKAGE_NAME="app"
 ARG PACKAGE_PATH="/opt/${PACKAGE_NAME}"
-ARG PACKAGE_RELEASE_VERSION="0.13.0"
-ARG RELEASE_VERSION="1.13.1"
+ARG PACKAGE_RELEASE_VERSION="0.14.0"
+ARG RELEASE_VERSION="1.13.2"
 
 # ------------------------------------------------------------------------------
 # Base install of required packages
@@ -43,9 +43,9 @@ ADD src /
 # - Disable Apache language based content negotiation
 # - Custom Apache configuration
 # - Disable all Apache modules and enable the minimum
-# - Disable SSL
 # - Disable the default SSL Virtual Host
-# - Global PHP configuration changes
+# - Disable SSL
+# - Add default PHP configuration overrides to 00-php.ini drop-in
 # - APC configuration
 # - Replace placeholders with values in systemd service unit template
 # - Set permissions
@@ -89,21 +89,21 @@ RUN useradd -r -M -d /var/www/app -s /sbin/nologin app \
 		-e '/<Location \/server-status>/,/<\/Location>/ s~Allow from .example.com~Allow from localhost 127.0.0.1~' \
 		/etc/httpd/conf/httpd.conf \
 	&& { printf -- \
-			'\n%s\n%s\n%s\n%s\\\n%s%s\\\n%s\n%s\n%s\n%s\n%s\n%s\n%s\n%s\n' \
-			'#' \
-			'# Custom configuration' \
-			'#' \
-			'LogFormat ' \
-			'  "%{X-Forwarded-For}i %l %u %t \"%r\" %>s %b' \
-			' \"%{Referer}i\" \"%{User-Agent}i\"" ' \
-			'  forwarded_for_combined' \
-			'Listen 8443' \
-			'Options -Indexes' \
-			'ServerSignature Off' \
-			'ServerTokens Prod' \
-			'TraceEnable Off' \
-			'UseCanonicalName On' \
-			'UseCanonicalPhysicalPort On'; \
+		'\n%s\n%s\n%s\n%s\\\n%s%s\\\n%s\n%s\n%s\n%s\n%s\n%s\n%s\n%s\n' \
+		'#' \
+		'# Custom configuration' \
+		'#' \
+		'LogFormat ' \
+		'  "%{X-Forwarded-For}i %l %u %t \"%r\" %>s %b' \
+		' \"%{Referer}i\" \"%{User-Agent}i\"" ' \
+		'  forwarded_for_combined' \
+		'Listen 8443' \
+		'Options -Indexes' \
+		'ServerSignature Off' \
+		'ServerTokens Prod' \
+		'TraceEnable Off' \
+		'UseCanonicalName On' \
+		'UseCanonicalPhysicalPort On'; \
 		} >> /etc/httpd/conf/httpd.conf \
 	&& sed -i \
 		-e 's~^\(LoadModule .*\)$~#\1~g' \
@@ -151,6 +151,8 @@ RUN useradd -r -M -d /var/www/app -s /sbin/nologin app \
 		-e 's~^;?(realpath_cache_size( )?=).*$~\1\24096k~' \
 		-e 's~^;?(realpath_cache_ttl( )?=).*$~\1\2600~' \
 		-e 's~^;?(session.cookie_httponly( )?=).*$~\1\21~' \
+		-e 's~^;?(session.hash_bits_per_character( )?=).*$~\1\25~' \
+		-e 's~^;?(session.hash_function( )?=).*$~\1\2sha256~' \
 		-e 's~^;?(session.name( )?=).*$~\1\2"${PHP_OPTIONS_SESSION_NAME:-PHPSESSID}"~' \
 		-e 's~^;?(session.save_handler( )?=).*$~\1\2"${PHP_OPTIONS_SESSION_SAVE_HANDLER:-files}"~' \
 		-e 's~^;?(session.save_path( )?=).*$~\1\2"${PHP_OPTIONS_SESSION_SAVE_PATH:-/var/lib/php/session}"~' \

README.md

@@ -1,7 +1,7 @@
 ### Tags and respective `Dockerfile` links
 
-- `centos-7-httpd24u-php72u`, `3.3.1` [(centos-7-httpd24u-php72u/Dockerfile)](https://github.com/jdeathe/centos-ssh-apache-php/blob/centos-7-httpd24u-php72u/Dockerfile)
-- `centos-6`, `1.13.1` [(centos-6/Dockerfile)](https://github.com/jdeathe/centos-ssh-apache-php/blob/centos-6/Dockerfile)
+- `centos-7-httpd24u-php72u`, `3.3.2` [(centos-7-httpd24u-php72u/Dockerfile)](https://github.com/jdeathe/centos-ssh-apache-php/blob/centos-7-httpd24u-php72u/Dockerfile)
+- `centos-6`, `1.13.2` [(centos-6/Dockerfile)](https://github.com/jdeathe/centos-ssh-apache-php/blob/centos-6/Dockerfile)
 
 ## Overview
 
@@ -25,12 +25,12 @@ $ docker run -d \
   --name apache-php.1 \
   -p 8080:80 \
   -e "APACHE_SERVER_NAME=app-1.local" \
-  jdeathe/centos-ssh-apache-php:3.3.1
+  jdeathe/centos-ssh-apache-php:3.3.2
 ```
 
 Go to `http://{{docker-host}}:8080` using a browser where `{{docker-host}}` is the host name of your docker server and, if all went well, you should see the "Hello, world!" page.
 
-![PHP "Hello, world!" - Chrome screenshot](https://raw.github.com/jdeathe/centos-ssh-apache-php/centos-7-httpd24u-php72u/images/php-hello-world-chrome-v1.13.1.png)
+![PHP "Hello, world!" - Chrome screenshot](https://raw.github.com/jdeathe/centos-ssh-apache-php/centos-7-httpd24u-php72u/images/php-hello-world-chrome-v3.3.2.png)
 
 To be able to access the server using the "app-1.local" domain name you need to add a hosts file entry locally; such that the IP address of the Docker host resolves to the name "app-1.local". Alternatively, you can use the `elinks` browser installed in the container.
 
@@ -41,7 +41,7 @@ $ docker exec -it apache-php.1 \
   elinks http://app-1.local
 ```
 
-![PHP "Hello, world!" - eLinks screenshot](https://raw.github.com/jdeathe/centos-ssh-apache-php/centos-7-httpd24u-php72u/images/php-hello-world-elinks-v1.13.1.png)
+![PHP "Hello, world!" - eLinks screenshot](https://raw.github.com/jdeathe/centos-ssh-apache-php/centos-7-httpd24u-php72u/images/php-hello-world-elinks-v3.3.2.png)
 
 Verify the named container's process status and health.
 
@@ -91,7 +91,7 @@ $ docker stop apache-php.1 && \
   --env "APACHE_SERVER_NAME=app-1.local" \
   --env "APACHE_SSL_PROTOCOL=All -SSLv2 -SSLv3 -TLSv1 -TLSv1.1" \
   --env "PHP_OPTIONS_DATE_TIMEZONE=Europe/London" \
-  jdeathe/centos-ssh-apache-php:3.3.1
+  jdeathe/centos-ssh-apache-php:3.3.2
 ```
 
 #### Environment Variables
@@ -205,7 +205,7 @@ $ docker stop apache-php.1 && \
   --env "APACHE_SERVER_ALIAS=app-1" \
   --env "APACHE_SERVER_NAME=app-1.local" \
   --env "APACHE_MOD_SSL_ENABLED=true" \
-  jdeathe/centos-ssh-apache-php:3.3.1
+  jdeathe/centos-ssh-apache-php:3.3.2
 ```
 
 ##### APACHE_MPM

src/usr/sbin/httpd-bootstrap

@@ -686,6 +686,11 @@ function __get_apache_server_version ()
 	printf -- '%s' "${semantic_version}"
 }
 
+function __get_dbgp_idekey ()
+{
+	printf -- '%s' "${DBGP_IDEKEY}"
+}
+
 function __get_details_ssl_certificate_fingerprint ()
 {
 	local -r digest="${1:-sha1}"
@@ -1433,6 +1438,12 @@ function __set_apache_mod_ssl_enabled ()
 		truncate -s 0 \
 			/etc/httpd/conf.d/00-ssl.conf
 
+		if [[ -f /etc/httpd/conf.d/10-ssl.conf ]]
+		then
+			truncate -s 0 \
+				/etc/httpd/conf.d/10-ssl.conf
+		fi
+
 		if [[ -f /etc/httpd/conf.d/10-ssl-vhost.conf ]]
 		then
 			truncate -s 0 \
@@ -1719,6 +1730,7 @@ function main ()
 	local apache_ssl_protocol
 	local apache_system_user
 	local config_files
+	local dbgp_idekey
 	local details_modules_enabled_list
 	local details_ssl_certificate_fingerprint
 	local document_root
@@ -1815,6 +1827,9 @@ function main ()
 	apache_system_user="$(
 		__get_apache_system_user
 	)"
+	dbgp_idekey="$(
+		__get_dbgp_idekey
+	)"
 	php_options_date_timezone="$(
 		__get_php_options_date_timezone
 	)"
@@ -1894,13 +1909,20 @@ function main ()
 		__enable_apache_modules
 	)"
 
-	# Set ownership for fcgid php-wrapper and socket if necessary
-	if [[ -d /var/run/mod_fcgid ]] \
-		&& [[ -d ${package_path}/bin ]]
+	# Set ownership for fcgid socket
+	if [[ -d /var/run/mod_fcgid ]]
+	then
+		chown -R \
+			"${apache_run_user}":"${apache_run_group}" \
+			/var/run/mod_fcgid
+	fi
+
+	# Set ownership for any package binaries
+	if [[ -d ${package_path}/bin ]]
 	then
 		chown -R \
 			"${apache_run_user}":"${apache_run_group}" \
-			{"${package_path}"/bin,/var/run/mod_fcgid}
+			"${package_path}"/bin
 	fi
 
 	__init_datadir \
@@ -1959,6 +1981,7 @@ function main ()
 		-e "s~(\\$\{|\{\{)APACHE_SSL_CIPHER_SUITE(\}\}|(:-.+)?\})~${apache_ssl_cipher_suite}~g" \
 		-e "s~(\\$\{|\{\{)APACHE_SSL_PROTOCOL(\}\}|(:-.+)?\})~${apache_ssl_protocol}~g" \
 		-e "s~(\\$\{|\{\{)APACHE_SYSTEM_USER(\}\}|(:-.+)?\})~${apache_system_user}~g" \
+		-e "s~(\\$\{|\{\{)DBGP_IDEKEY(\}\}|(:-.+)?\})~${dbgp_idekey}~g" \
 		-e "s~(\\$\{|\{\{)PACKAGE_PATH(\}\}|(:-.+)?\})~${package_path}~g" \
 		-e "s~(\\$\{|\{\{)PHP_OPTIONS_DATE_TIMEZONE(\}\}|(:-.+)?\})~${php_options_date_timezone}~g" \
 		-e "s~(\\$\{|\{\{)PHP_OPTIONS_SESSION_NAME(\}\}|(:-.+)?\})~${php_options_session_name}~g" \