diff --git a/CHANGELOG.md b/CHANGELOG.md index 4d8fa92..5d7da88 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,6 +4,15 @@ Summary of release changes. +### 1.13.2 - 2019-08-03 + +- Updates php-hello-world to [0.14.0](https://github.com/jdeathe/php-hello-world/releases/tag/0.14.0). +- Updates bootstrap script to set ownership of app package binaries in the `bin/` path irrespective of `mod_fcgid` being installed. +- Updates bootstrap script to truncate `/etc/httpd/conf.d/10-ssl.conf` if SSL disabled; included for consistency with el7 script. +- Updates screenshots in README. +- Adds configuration file replacement of placeholders for Xdebug's `DBGP_IDEKEY`. +- Adds PHP 5 applicable session settings into service configuration; removes dependency on app package configuration. + ### 1.13.1 - 2019-07-26 - Updates php-hello-world to [0.13.0](https://github.com/jdeathe/php-hello-world/releases/tag/0.13.0). diff --git a/Dockerfile b/Dockerfile index 93f00fb..db07eb7 100644 --- a/Dockerfile +++ b/Dockerfile @@ -3,8 +3,8 @@ FROM jdeathe/centos-ssh:1.11.0 # Use the form ([{fqdn}-]{package-name}|[{fqdn}-]{provider-name}) ARG PACKAGE_NAME="app" ARG PACKAGE_PATH="/opt/${PACKAGE_NAME}" -ARG PACKAGE_RELEASE_VERSION="0.13.0" -ARG RELEASE_VERSION="1.13.1" +ARG PACKAGE_RELEASE_VERSION="0.14.0" +ARG RELEASE_VERSION="1.13.2" # ------------------------------------------------------------------------------ # Base install of required packages @@ -43,9 +43,9 @@ ADD src / # - Disable Apache language based content negotiation # - Custom Apache configuration # - Disable all Apache modules and enable the minimum -# - Disable SSL # - Disable the default SSL Virtual Host -# - Global PHP configuration changes +# - Disable SSL +# - Add default PHP configuration overrides to 00-php.ini drop-in # - APC configuration # - Replace placeholders with values in systemd service unit template # - Set permissions @@ -89,21 +89,21 @@ RUN useradd -r -M -d /var/www/app -s /sbin/nologin app \ -e '//,/<\/Location>/ s~Allow from .example.com~Allow from localhost 127.0.0.1~' \ /etc/httpd/conf/httpd.conf \ && { printf -- \ - '\n%s\n%s\n%s\n%s\\\n%s%s\\\n%s\n%s\n%s\n%s\n%s\n%s\n%s\n%s\n' \ - '#' \ - '# Custom configuration' \ - '#' \ - 'LogFormat ' \ - ' "%{X-Forwarded-For}i %l %u %t \"%r\" %>s %b' \ - ' \"%{Referer}i\" \"%{User-Agent}i\"" ' \ - ' forwarded_for_combined' \ - 'Listen 8443' \ - 'Options -Indexes' \ - 'ServerSignature Off' \ - 'ServerTokens Prod' \ - 'TraceEnable Off' \ - 'UseCanonicalName On' \ - 'UseCanonicalPhysicalPort On'; \ + '\n%s\n%s\n%s\n%s\\\n%s%s\\\n%s\n%s\n%s\n%s\n%s\n%s\n%s\n%s\n' \ + '#' \ + '# Custom configuration' \ + '#' \ + 'LogFormat ' \ + ' "%{X-Forwarded-For}i %l %u %t \"%r\" %>s %b' \ + ' \"%{Referer}i\" \"%{User-Agent}i\"" ' \ + ' forwarded_for_combined' \ + 'Listen 8443' \ + 'Options -Indexes' \ + 'ServerSignature Off' \ + 'ServerTokens Prod' \ + 'TraceEnable Off' \ + 'UseCanonicalName On' \ + 'UseCanonicalPhysicalPort On'; \ } >> /etc/httpd/conf/httpd.conf \ && sed -i \ -e 's~^\(LoadModule .*\)$~#\1~g' \ @@ -151,6 +151,8 @@ RUN useradd -r -M -d /var/www/app -s /sbin/nologin app \ -e 's~^;?(realpath_cache_size( )?=).*$~\1\24096k~' \ -e 's~^;?(realpath_cache_ttl( )?=).*$~\1\2600~' \ -e 's~^;?(session.cookie_httponly( )?=).*$~\1\21~' \ + -e 's~^;?(session.hash_bits_per_character( )?=).*$~\1\25~' \ + -e 's~^;?(session.hash_function( )?=).*$~\1\2sha256~' \ -e 's~^;?(session.name( )?=).*$~\1\2"${PHP_OPTIONS_SESSION_NAME:-PHPSESSID}"~' \ -e 's~^;?(session.save_handler( )?=).*$~\1\2"${PHP_OPTIONS_SESSION_SAVE_HANDLER:-files}"~' \ -e 's~^;?(session.save_path( )?=).*$~\1\2"${PHP_OPTIONS_SESSION_SAVE_PATH:-/var/lib/php/session}"~' \ diff --git a/README.md b/README.md index 062ebd9..db3f63b 100644 --- a/README.md +++ b/README.md @@ -1,7 +1,7 @@ ### Tags and respective `Dockerfile` links -- `centos-7-httpd24u-php72u`, `3.3.1` [(centos-7-httpd24u-php72u/Dockerfile)](https://github.com/jdeathe/centos-ssh-apache-php/blob/centos-7-httpd24u-php72u/Dockerfile) -- `centos-6`, `1.13.1` [(centos-6/Dockerfile)](https://github.com/jdeathe/centos-ssh-apache-php/blob/centos-6/Dockerfile) +- `centos-7-httpd24u-php72u`, `3.3.2` [(centos-7-httpd24u-php72u/Dockerfile)](https://github.com/jdeathe/centos-ssh-apache-php/blob/centos-7-httpd24u-php72u/Dockerfile) +- `centos-6`, `1.13.2` [(centos-6/Dockerfile)](https://github.com/jdeathe/centos-ssh-apache-php/blob/centos-6/Dockerfile) ## Overview @@ -25,12 +25,12 @@ $ docker run -d \ --name apache-php.1 \ -p 8080:80 \ -e "APACHE_SERVER_NAME=app-1.local" \ - jdeathe/centos-ssh-apache-php:3.3.1 + jdeathe/centos-ssh-apache-php:3.3.2 ``` Go to `http://{{docker-host}}:8080` using a browser where `{{docker-host}}` is the host name of your docker server and, if all went well, you should see the "Hello, world!" page. -![PHP "Hello, world!" - Chrome screenshot](https://raw.github.com/jdeathe/centos-ssh-apache-php/centos-7-httpd24u-php72u/images/php-hello-world-chrome-v1.13.1.png) +![PHP "Hello, world!" - Chrome screenshot](https://raw.github.com/jdeathe/centos-ssh-apache-php/centos-7-httpd24u-php72u/images/php-hello-world-chrome-v3.3.2.png) To be able to access the server using the "app-1.local" domain name you need to add a hosts file entry locally; such that the IP address of the Docker host resolves to the name "app-1.local". Alternatively, you can use the `elinks` browser installed in the container. @@ -41,7 +41,7 @@ $ docker exec -it apache-php.1 \ elinks http://app-1.local ``` -![PHP "Hello, world!" - eLinks screenshot](https://raw.github.com/jdeathe/centos-ssh-apache-php/centos-7-httpd24u-php72u/images/php-hello-world-elinks-v1.13.1.png) +![PHP "Hello, world!" - eLinks screenshot](https://raw.github.com/jdeathe/centos-ssh-apache-php/centos-7-httpd24u-php72u/images/php-hello-world-elinks-v3.3.2.png) Verify the named container's process status and health. @@ -91,7 +91,7 @@ $ docker stop apache-php.1 && \ --env "APACHE_SERVER_NAME=app-1.local" \ --env "APACHE_SSL_PROTOCOL=All -SSLv2 -SSLv3 -TLSv1 -TLSv1.1" \ --env "PHP_OPTIONS_DATE_TIMEZONE=Europe/London" \ - jdeathe/centos-ssh-apache-php:3.3.1 + jdeathe/centos-ssh-apache-php:3.3.2 ``` #### Environment Variables @@ -205,7 +205,7 @@ $ docker stop apache-php.1 && \ --env "APACHE_SERVER_ALIAS=app-1" \ --env "APACHE_SERVER_NAME=app-1.local" \ --env "APACHE_MOD_SSL_ENABLED=true" \ - jdeathe/centos-ssh-apache-php:3.3.1 + jdeathe/centos-ssh-apache-php:3.3.2 ``` ##### APACHE_MPM diff --git a/images/php-hello-world-chrome-v1.13.1.png b/images/php-hello-world-chrome-v1.13.1.png deleted file mode 100644 index 6d13744..0000000 Binary files a/images/php-hello-world-chrome-v1.13.1.png and /dev/null differ diff --git a/images/php-hello-world-chrome-v3.3.2.png b/images/php-hello-world-chrome-v3.3.2.png new file mode 100644 index 0000000..5d8fd31 Binary files /dev/null and b/images/php-hello-world-chrome-v3.3.2.png differ diff --git a/images/php-hello-world-chrome.png b/images/php-hello-world-chrome.png deleted file mode 100644 index 8a96d5f..0000000 Binary files a/images/php-hello-world-chrome.png and /dev/null differ diff --git a/images/php-hello-world-elinks-v1.13.1.png b/images/php-hello-world-elinks-v1.13.1.png deleted file mode 100644 index fe33157..0000000 Binary files a/images/php-hello-world-elinks-v1.13.1.png and /dev/null differ diff --git a/images/php-hello-world-elinks-v3.3.2.png b/images/php-hello-world-elinks-v3.3.2.png new file mode 100644 index 0000000..8d172a4 Binary files /dev/null and b/images/php-hello-world-elinks-v3.3.2.png differ diff --git a/images/php-hello-world-elinks.png b/images/php-hello-world-elinks.png deleted file mode 100644 index f8e42bf..0000000 Binary files a/images/php-hello-world-elinks.png and /dev/null differ diff --git a/src/usr/sbin/httpd-bootstrap b/src/usr/sbin/httpd-bootstrap index b61be2c..c2b5daf 100755 --- a/src/usr/sbin/httpd-bootstrap +++ b/src/usr/sbin/httpd-bootstrap @@ -686,6 +686,11 @@ function __get_apache_server_version () printf -- '%s' "${semantic_version}" } +function __get_dbgp_idekey () +{ + printf -- '%s' "${DBGP_IDEKEY}" +} + function __get_details_ssl_certificate_fingerprint () { local -r digest="${1:-sha1}" @@ -1433,6 +1438,12 @@ function __set_apache_mod_ssl_enabled () truncate -s 0 \ /etc/httpd/conf.d/00-ssl.conf + if [[ -f /etc/httpd/conf.d/10-ssl.conf ]] + then + truncate -s 0 \ + /etc/httpd/conf.d/10-ssl.conf + fi + if [[ -f /etc/httpd/conf.d/10-ssl-vhost.conf ]] then truncate -s 0 \ @@ -1719,6 +1730,7 @@ function main () local apache_ssl_protocol local apache_system_user local config_files + local dbgp_idekey local details_modules_enabled_list local details_ssl_certificate_fingerprint local document_root @@ -1815,6 +1827,9 @@ function main () apache_system_user="$( __get_apache_system_user )" + dbgp_idekey="$( + __get_dbgp_idekey + )" php_options_date_timezone="$( __get_php_options_date_timezone )" @@ -1894,13 +1909,20 @@ function main () __enable_apache_modules )" - # Set ownership for fcgid php-wrapper and socket if necessary - if [[ -d /var/run/mod_fcgid ]] \ - && [[ -d ${package_path}/bin ]] + # Set ownership for fcgid socket + if [[ -d /var/run/mod_fcgid ]] + then + chown -R \ + "${apache_run_user}":"${apache_run_group}" \ + /var/run/mod_fcgid + fi + + # Set ownership for any package binaries + if [[ -d ${package_path}/bin ]] then chown -R \ "${apache_run_user}":"${apache_run_group}" \ - {"${package_path}"/bin,/var/run/mod_fcgid} + "${package_path}"/bin fi __init_datadir \ @@ -1959,6 +1981,7 @@ function main () -e "s~(\\$\{|\{\{)APACHE_SSL_CIPHER_SUITE(\}\}|(:-.+)?\})~${apache_ssl_cipher_suite}~g" \ -e "s~(\\$\{|\{\{)APACHE_SSL_PROTOCOL(\}\}|(:-.+)?\})~${apache_ssl_protocol}~g" \ -e "s~(\\$\{|\{\{)APACHE_SYSTEM_USER(\}\}|(:-.+)?\})~${apache_system_user}~g" \ + -e "s~(\\$\{|\{\{)DBGP_IDEKEY(\}\}|(:-.+)?\})~${dbgp_idekey}~g" \ -e "s~(\\$\{|\{\{)PACKAGE_PATH(\}\}|(:-.+)?\})~${package_path}~g" \ -e "s~(\\$\{|\{\{)PHP_OPTIONS_DATE_TIMEZONE(\}\}|(:-.+)?\})~${php_options_date_timezone}~g" \ -e "s~(\\$\{|\{\{)PHP_OPTIONS_SESSION_NAME(\}\}|(:-.+)?\})~${php_options_session_name}~g" \