From 91ceca38d978e71051d1e5d1b18524ee63936c9b Mon Sep 17 00:00:00 2001 From: Honza Horak Date: Sun, 3 Dec 2017 22:29:10 +0100 Subject: [PATCH 01/12] Refactor php-container for extendibility and better similarity with httpd Files are moved to non-opt directories, so they're same in SCL and non-SCL version SSL is installed, so apache can accept secured connections Variables used instead of hard-coded paths Allow to extend container by own configuration, including own SSL certificates --- 7.1/Dockerfile | 30 +++---- 7.1/root/opt/app-root/etc/sslconf.sed | 5 ++ 7.1/root/usr/libexec/container-setup | 45 +++++++++++ .../usr/share/container-scripts/php/common.sh | 81 +++++++++++++++++++ .../php/pre-start/70-s2i-config.sh | 6 ++ 7.1/s2i/bin/assemble | 5 ++ 7.1/test/run | 21 ++++- 7 files changed, 175 insertions(+), 18 deletions(-) create mode 100644 7.1/root/opt/app-root/etc/sslconf.sed create mode 100755 7.1/root/usr/libexec/container-setup create mode 100644 7.1/root/usr/share/container-scripts/php/common.sh create mode 100644 7.1/root/usr/share/container-scripts/php/pre-start/70-s2i-config.sh diff --git a/7.1/Dockerfile b/7.1/Dockerfile index c6aa09efd..a6645cce5 100644 --- a/7.1/Dockerfile +++ b/7.1/Dockerfile @@ -4,6 +4,7 @@ FROM centos/s2i-base-centos7 # applications. EXPOSE 8080 +EXPOSE 8443 # Description # This image provides an Apache 2.4 + PHP 7.1 environment for running PHP applications. @@ -45,31 +46,30 @@ RUN yum install -y centos-release-scl && \ INSTALL_PKGS="rh-php71 rh-php71-php rh-php71-php-mysqlnd rh-php71-php-pgsql rh-php71-php-bcmath \ rh-php71-php-gd rh-php71-php-intl rh-php71-php-ldap rh-php71-php-mbstring rh-php71-php-pdo \ rh-php71-php-process rh-php71-php-soap rh-php71-php-opcache rh-php71-php-xml \ - rh-php71-php-gmp rh-php71-php-pecl-apcu" && \ + rh-php71-php-gmp rh-php71-php-pecl-apcu httpd24-mod_ssl" && \ yum install -y --setopt=tsflags=nodocs $INSTALL_PKGS --nogpgcheck && \ rpm -V $INSTALL_PKGS && \ yum clean all -y +ENV CONTAINER_SCRIPTS_PATH=/usr/share/container-scripts/php/ \ + APP_ROOT=/opt/app-root \ + HTTPD_CONFIGURATION_PATH=/opt/app-root/etc/httpd.d \ + HTTPD_MAIN_CONF_PATH=/etc/httpd/conf \ + HTTPD_MAIN_CONF_D_PATH=/etc/httpd/conf.d \ + HTTPD_VAR_RUN=/var/run/httpd \ + HTTPD_DATA_PATH=/var/www \ + HTTPD_DATA_ORIG_PATH=/opt/rh/httpd24/root/var/www \ + HTTPD_LOG_PATH=/var/log/httpd24 \ + HTTPD_SCL=rh-php71 + # Copy the S2I scripts from the specific language image to $STI_SCRIPTS_PATH COPY ./s2i/bin/ $STI_SCRIPTS_PATH # Copy extra files to the image. COPY ./root/ / -# In order to drop the root user, we have to make some directories world -# writeable as OpenShift default security model is to run the container under -# random UID. -RUN sed -i -f /opt/app-root/etc/httpdconf.sed /opt/rh/httpd24/root/etc/httpd/conf/httpd.conf && \ - sed -i '/php_value session.save_path/d' /opt/rh/httpd24/root/etc/httpd/conf.d/rh-php71-php.conf && \ - head -n151 /opt/rh/httpd24/root/etc/httpd/conf/httpd.conf | tail -n1 | grep "AllowOverride All" || exit && \ - echo "IncludeOptional /opt/app-root/etc/conf.d/*.conf" >> /opt/rh/httpd24/root/etc/httpd/conf/httpd.conf && \ - mkdir /tmp/sessions && \ - chown -R 1001:0 /opt/app-root /tmp/sessions && \ - chmod -R a+rwx /tmp/sessions && \ - chmod -R ug+rwx /opt/app-root && \ - chmod -R a+rwx /etc/opt/rh/rh-php71 && \ - chmod -R a+rwx /opt/rh/httpd24/root/var/run/httpd && \ - rpm-file-permissions +# Reset permissions of filesystem to default values +RUN /usr/libexec/container-setup && rpm-file-permissions USER 1001 diff --git a/7.1/root/opt/app-root/etc/sslconf.sed b/7.1/root/opt/app-root/etc/sslconf.sed new file mode 100644 index 000000000..67641db92 --- /dev/null +++ b/7.1/root/opt/app-root/etc/sslconf.sed @@ -0,0 +1,5 @@ +s/^Listen 443/Listen 0.0.0.0:8443/ +s/_default_:443/_default_:8443/ +s!^(\s*CustomLog)\s+\S+!\1 |/usr/bin/cat! +s!^(\s*TransferLog)\s+\S+!\1 |/usr/bin/cat! +s!^(\s*ErrorLog)\s+\S+!\1 |/usr/bin/cat! diff --git a/7.1/root/usr/libexec/container-setup b/7.1/root/usr/libexec/container-setup new file mode 100755 index 000000000..49601d101 --- /dev/null +++ b/7.1/root/usr/libexec/container-setup @@ -0,0 +1,45 @@ +#!/bin/bash + +set -e + +# In order to drop the root user, we have to make some directories world +# writeable as OpenShift default security model is to run the container under +# random UID. + +source ${CONTAINER_SCRIPTS_PATH}/common.sh + +# compatibility symlinks so we hide SCL paths +if [ -v HTTPD_SCL ] ; then + # /opt/rh/httpd24/root/etc/httpd will be symlink to /etc/httpd + mv /opt/rh/httpd24/root/etc/httpd /etc/httpd + ln -s /etc/httpd /opt/rh/httpd24/root/etc/httpd + + # /opt/rh/httpd24/root/var/run/httpd will be symlink to /var/run/httpd + mv /opt/rh/httpd24/root/var/run/httpd /var/run/httpd + ln -s /var/run/httpd /opt/rh/httpd24/root/var/run/httpd + + # /opt/rh/httpd24/root/var/www will be symlink to /var/www + rm -rf /var/www + mv /opt/rh/httpd24/root/var/www /var/www + ln -s /var/www /opt/rh/httpd24/root/var/www +fi + +mkdir -p ${HTTPD_CONFIGURATION_PATH} +chmod -R a+rwx ${HTTPD_MAIN_CONF_PATH} +chmod -R a+rwx ${HTTPD_MAIN_CONF_D_PATH} +chmod -R a+r /etc/pki/tls/certs/localhost.crt +chmod -R a+r /etc/pki/tls/private/localhost.key +mkdir -p ${APP_ROOT}/etc +chmod -R a+rwx ${APP_ROOT}/etc +chmod -R a+rwx ${HTTPD_VAR_RUN} +chown -R 1001:0 ${APP_ROOT} +mkdir /tmp/sessions +chown -R 1000:0 /tmp/sessions +chown -R 1001:0 ${HTTPD_DATA_PATH} +chown -R 1001:0 ${HTTPD_LOG_PATH} +chmod -R a+rwx /etc/opt/rh/rh-php71 + +mkdir -p ${CONTAINER_SCRIPTS_PATH}/pre-init + +config_general + diff --git a/7.1/root/usr/share/container-scripts/php/common.sh b/7.1/root/usr/share/container-scripts/php/common.sh new file mode 100644 index 000000000..45258f576 --- /dev/null +++ b/7.1/root/usr/share/container-scripts/php/common.sh @@ -0,0 +1,81 @@ +config_general() { + sed -i -f ${APP_ROOT}/etc/httpdconf.sed /opt/rh/httpd24/root/etc/httpd/conf/httpd.conf + sed -i -E -f ${APP_ROOT}/etc/sslconf.sed /opt/rh/httpd24/root/etc/httpd/conf.d/ssl.conf + sed -i '/php_value session.save_path/d' /opt/rh/httpd24/root/etc/httpd/conf.d/rh-php71-php.conf + head -n151 /opt/rh/httpd24/root/etc/httpd/conf/httpd.conf | tail -n1 | grep "AllowOverride All" || exit 1 + echo "IncludeOptional /opt/app-root/etc/conf.d/*.conf" >> /opt/rh/httpd24/root/etc/httpd/conf/httpd.conf +} + +function log_info { + echo "---> `date +%T` $@" +} + +function log_and_run { + log_info "Running $@" + "$@" +} + +function log_volume_info { + CONTAINER_DEBUG=${CONTAINER_DEBUG:-} + if [[ "${CONTAINER_DEBUG,,}" != "true" ]]; then + return + fi + + log_info "Volume info for $@:" + set +e + log_and_run mount + while [ $# -gt 0 ]; do + log_and_run ls -alZ $1 + shift + done + set -e +} + +# get_matched_files finds file for image extending +function get_matched_files() { + local custom_dir default_dir + custom_dir="$1" + default_dir="$2" + files_matched="$3" + find "$default_dir" -maxdepth 1 -type f -name "$files_matched" -printf "%f\n" + [ -d "$custom_dir" ] && find "$custom_dir" -maxdepth 1 -type f -name "$files_matched" -printf "%f\n" +} + +# process_extending_files process extending files in $1 and $2 directories +# - source all *.sh files +# (if there are files with same name source only file from $1) +function process_extending_files() { + local custom_dir default_dir + custom_dir=$1 + default_dir=$2 + + while read filename ; do + echo "=> sourcing $filename ..." + # Custom file is prefered + if [ -f $custom_dir/$filename ]; then + source $custom_dir/$filename + elif [ -f $default_dir/$filename ]; then + source $default_dir/$filename + fi + done <<<"$(get_matched_files "$custom_dir" "$default_dir" '*.sh' | sort -u)" +} + +# process extending config files in $1 and $2 directories +# - expand variables in *.conf and copy the files into /opt/app-root/etc/httpd.d directory +# (if there are files with same name source only file from $1) +function process_extending_config_files() { + local custom_dir default_dir + custom_dir=$1 + default_dir=$2 + + while read filename ; do + echo "=> sourcing $filename ..." + # Custom file is prefered + if [ -f $custom_dir/$filename ]; then + envsubst < $custom_dir/$filename > ${HTTPD_CONFIGURATION_PATH}/$filename + elif [ -f $default_dir/$filename ]; then + envsubst < $default_dir/$filename > ${HTTPD_CONFIGURATION_PATH}/$filename + fi + done <<<"$(get_matched_files "$custom_dir" "$default_dir" '*.conf' | sort -u)" +} + diff --git a/7.1/root/usr/share/container-scripts/php/pre-start/70-s2i-config.sh b/7.1/root/usr/share/container-scripts/php/pre-start/70-s2i-config.sh new file mode 100644 index 000000000..9cca6c905 --- /dev/null +++ b/7.1/root/usr/share/container-scripts/php/pre-start/70-s2i-config.sh @@ -0,0 +1,6 @@ +# additional arbitrary httpd configuration provided by user using s2i + +log_info 'Processing additional arbitrary httpd configuration provided by s2i ...' + +process_extending_config_files ${APP_DATA}/httpd-cfg/ ${CONTAINER_SCRIPTS_PATH}/cnf/ + diff --git a/7.1/s2i/bin/assemble b/7.1/s2i/bin/assemble index 97e1a03fa..f8a4c6c0f 100755 --- a/7.1/s2i/bin/assemble +++ b/7.1/s2i/bin/assemble @@ -2,6 +2,8 @@ set -e +source ${CONTAINER_SCRIPTS_PATH}/common.sh + shopt -s dotglob echo "---> Installing application source..." mv /tmp/src/* ./ @@ -46,5 +48,8 @@ if [ -f composer.json ]; then fi fi +# pre-start files +process_extending_files ${APP_DATA}/php-pre-start/ ${CONTAINER_SCRIPTS_PATH}/pre-start/ + # Fix source directory permissions fix-permissions ./ diff --git a/7.1/test/run b/7.1/test/run index d12de049b..9714a6c0e 100755 --- a/7.1/test/run +++ b/7.1/test/run @@ -14,6 +14,7 @@ image_dir=$(readlink -zf ${test_dir}/..) # TODO: This should be part of the image metadata test_port=8080 +test_port_ssl=8443 info() { echo -e "\n\e[1m[INFO] $@...\e[0m\n" @@ -129,14 +130,16 @@ test_scl_usage() { } test_connection() { + local check_port=$1 ; shift + local check_protocol=${1:-http} cat $cid_file - info "Testing the HTTP connection (http://$(container_ip):${test_port})" + info "Testing the HTTP connection (${check_protocol}://$(container_ip):${check_port})" local max_attempts=10 local sleep_time=1 local attempt=1 local result=1 while [ $attempt -le $max_attempts ]; do - response_code=$(curl -s -w %{http_code} -o /dev/null http://$(container_ip):${test_port}/) + response_code=$(curl -s -w %{http_code} -o /dev/null -k ${check_protocol}://$(container_ip):${check_port}/) status=$? if [ $status -eq 0 ]; then if [ $response_code -eq 200 ]; then @@ -160,11 +163,23 @@ test_application() { test_scl_usage "php --version" "7.1" check_result $? - test_connection + test_connection ${test_port} + check_result $? + test_connection ${test_port_ssl} https check_result $? cleanup_test_app } +test_ssl() { + source ${image_dir}/common/test-lib.sh + local cert_dir=/tmp + local cert_base=mycert + ct_gen_self_signed_cert_pem ${cert_dir} ${cert_base} + local private_key=${cert_dir}/${cert_base}-cert-selfsigned.pem + local cert_file=${cert_dir}/${cert_base}-key.pem + +} + cid_file=$(mktemp -u --suffix=.cid) # Since we built the candidate image locally, we don't want S2I attempt to pull From b9c17dcb24ee8851d5bdcd9f8f522b43da082d6a Mon Sep 17 00:00:00 2001 From: Honza Horak Date: Sun, 3 Dec 2017 23:24:04 +0100 Subject: [PATCH 02/12] Use variables instead of hard-coded paths --- 7.1/Dockerfile | 1 + 7.1/root/opt/app-root/etc/httpdconf.sed | 9 ------- 7.1/root/opt/app-root/etc/sslconf.sed | 5 ---- 7.1/root/usr/libexec/container-setup | 4 ++-- .../usr/share/container-scripts/php/common.sh | 24 +++++++++++++++++-- 7.1/s2i/bin/run | 2 +- 6 files changed, 26 insertions(+), 19 deletions(-) delete mode 100644 7.1/root/opt/app-root/etc/httpdconf.sed delete mode 100644 7.1/root/opt/app-root/etc/sslconf.sed diff --git a/7.1/Dockerfile b/7.1/Dockerfile index a6645cce5..88d2e5d2f 100644 --- a/7.1/Dockerfile +++ b/7.1/Dockerfile @@ -53,6 +53,7 @@ RUN yum install -y centos-release-scl && \ ENV CONTAINER_SCRIPTS_PATH=/usr/share/container-scripts/php/ \ APP_ROOT=/opt/app-root \ + DEFAULT_INCLUDE_PATH=/opt/rh/rh-php71/root/usr/share/pear \ HTTPD_CONFIGURATION_PATH=/opt/app-root/etc/httpd.d \ HTTPD_MAIN_CONF_PATH=/etc/httpd/conf \ HTTPD_MAIN_CONF_D_PATH=/etc/httpd/conf.d \ diff --git a/7.1/root/opt/app-root/etc/httpdconf.sed b/7.1/root/opt/app-root/etc/httpdconf.sed deleted file mode 100644 index d97059ea9..000000000 --- a/7.1/root/opt/app-root/etc/httpdconf.sed +++ /dev/null @@ -1,9 +0,0 @@ -s/^Listen 80/Listen 0.0.0.0:8080/ -s/^User apache/User default/ -s/^Group apache/Group root/ -s%^DocumentRoot "/opt/rh/httpd24/root/var/www/html"%#DocumentRoot "/opt/app-root/src"% -s%^> /opt/rh/httpd24/root/etc/httpd/conf/httpd.conf diff --git a/7.1/s2i/bin/run b/7.1/s2i/bin/run index b3ee45962..6f7b44c52 100755 --- a/7.1/s2i/bin/run +++ b/7.1/s2i/bin/run @@ -10,7 +10,7 @@ export DISPLAY_ERRORS=${DISPLAY_ERRORS:-ON} export DISPLAY_STARTUP_ERRORS=${DISPLAY_STARTUP_ERRORS:-OFF} export TRACK_ERRORS=${TRACK_ERRORS:-OFF} export HTML_ERRORS=${HTML_ERRORS:-ON} -export INCLUDE_PATH=${INCLUDE_PATH:-.:/opt/app-root/src:/opt/rh/rh-php71/root/usr/share/pear} +export INCLUDE_PATH=${INCLUDE_PATH:-.:/opt/app-root/src:${DEFAULT_INCLUDE_PATH}} export SESSION_PATH=${SESSION_PATH:-/tmp/sessions} export SHORT_OPEN_TAG=${SHORT_OPEN_TAG:-OFF} # TODO should be dynamically calculated based on container memory limit/16 From e10f6170f3548772af79d8e77dd3c5af7d6e8d5e Mon Sep 17 00:00:00 2001 From: Honza Horak Date: Mon, 4 Dec 2017 10:50:37 +0100 Subject: [PATCH 03/12] Additional changes to make it more similar to httpd container --- 5.6/Dockerfile | 33 +++++++------- 5.6/Dockerfile.rhel7 | 33 +++++++------- 7.0/Dockerfile | 33 +++++++------- 7.0/Dockerfile.rhel7 | 33 +++++++------- 7.1/Dockerfile | 12 ++--- 7.1/Dockerfile.rhel7 | 33 +++++++------- 7.1/README.md | 15 +++++++ .../etc/php.d/10-opcache.ini.template | 2 +- 7.1/root/usr/libexec/container-setup | 15 ++++--- .../usr/share/container-scripts/php/common.sh | 45 ++++++++++++++++--- .../php/httpd-cnf/00-documentroot.conf} | 0 .../php/httpd-cnf/50-mpm-tuning.conf} | 0 .../20-copy-config.sh} | 2 +- .../php/post-assemble/40-ssl-certs.sh | 4 ++ .../php/pre-start/20-copy-config.sh | 6 +++ .../php/pre-start/40-ssl-certs.sh | 4 ++ 7.1/s2i/bin/assemble | 7 +-- 7.1/s2i/bin/run | 8 ++-- 7.1/test/run | 15 +++++++ 7.1/test/self-signed-ssl | 1 + .../certs/server-cert-selfsigned.pem | 20 +++++++++ .../httpd-ssl/private/server-key.pem | 28 ++++++++++++ examples/self-signed-ssl/index.html | 1 + 23 files changed, 249 insertions(+), 101 deletions(-) rename 7.1/root/{opt/app-root/etc/conf.d/00-documentroot.conf.template => usr/share/container-scripts/php/httpd-cnf/00-documentroot.conf} (100%) rename 7.1/root/{opt/app-root/etc/conf.d/50-mpm-tuning.conf.template => usr/share/container-scripts/php/httpd-cnf/50-mpm-tuning.conf} (100%) rename 7.1/root/usr/share/container-scripts/php/{pre-start/70-s2i-config.sh => post-assemble/20-copy-config.sh} (62%) create mode 100644 7.1/root/usr/share/container-scripts/php/post-assemble/40-ssl-certs.sh create mode 100644 7.1/root/usr/share/container-scripts/php/pre-start/20-copy-config.sh create mode 100644 7.1/root/usr/share/container-scripts/php/pre-start/40-ssl-certs.sh create mode 120000 7.1/test/self-signed-ssl create mode 100644 examples/self-signed-ssl/httpd-ssl/certs/server-cert-selfsigned.pem create mode 100644 examples/self-signed-ssl/httpd-ssl/private/server-key.pem create mode 100644 examples/self-signed-ssl/index.html diff --git a/5.6/Dockerfile b/5.6/Dockerfile index a65beb7a2..9ce1bb457 100644 --- a/5.6/Dockerfile +++ b/5.6/Dockerfile @@ -4,6 +4,7 @@ FROM centos/s2i-base-centos7 # applications. EXPOSE 8080 +EXPOSE 8443 # Description # This image provides an Apache 2.4 + PHP 5.6 environment for running PHP applications. @@ -46,31 +47,33 @@ RUN yum install -y centos-release-scl && \ INSTALL_PKGS="rh-php56 rh-php56-php rh-php56-php-mysqlnd rh-php56-php-pgsql rh-php56-php-bcmath \ rh-php56-php-gd rh-php56-php-intl rh-php56-php-ldap rh-php56-php-mbstring rh-php56-php-pdo \ rh-php56-php-pecl-memcache rh-php56-php-process rh-php56-php-soap rh-php56-php-opcache rh-php56-php-xml \ - rh-php56-php-pecl-xdebug rh-php56-php-gmp" && \ + rh-php56-php-pecl-xdebug rh-php56-php-gmp httpd24-mod_ssl" && \ yum install -y --setopt=tsflags=nodocs --enablerepo=centosplus $INSTALL_PKGS && \ rpm -V $INSTALL_PKGS && \ yum clean all -y +ENV PHP_CONTAINER_SCRIPTS_PATH=/usr/share/container-scripts/php/ \ + APP_ROOT=/opt/app-root \ + APP_DATA=/opt/app-root/src \ + PHP_DEFAULT_INCLUDE_PATH=/opt/rh/rh-php56/root/usr/share/pear \ + PHP_SYSCONF_PATH=/etc/opt/rh/rh-php56 \ + HTTPD_CONFIGURATION_PATH=/opt/app-root/etc/conf.d \ + HTTPD_MAIN_CONF_PATH=/etc/httpd/conf \ + HTTPD_MAIN_CONF_D_PATH=/etc/httpd/conf.d \ + HTTPD_VAR_RUN=/var/run/httpd \ + HTTPD_DATA_PATH=/var/www \ + HTTPD_DATA_ORIG_PATH=/opt/rh/httpd24/root/var/www \ + HTTPD_VAR_PATH=/opt/rh/httpd24/root/var \ + SCL_ENABLED=rh-php56 + # Copy the S2I scripts from the specific language image to $STI_SCRIPTS_PATH COPY ./s2i/bin/ $STI_SCRIPTS_PATH # Copy extra files to the image. COPY ./root/ / -# In order to drop the root user, we have to make some directories world -# writeable as OpenShift default security model is to run the container under -# random UID. -RUN sed -i -f /opt/app-root/etc/httpdconf.sed /opt/rh/httpd24/root/etc/httpd/conf/httpd.conf && \ - echo "IncludeOptional /opt/app-root/etc/conf.d/*.conf" >> /opt/rh/httpd24/root/etc/httpd/conf/httpd.conf && \ - sed -i '/php_value session.save_path/d' /opt/rh/httpd24/root/etc/httpd/conf.d/rh-php56-php.conf && \ - head -n151 /opt/rh/httpd24/root/etc/httpd/conf/httpd.conf | tail -n1 | grep "AllowOverride All" || exit && \ - mkdir /tmp/sessions && \ - chown -R 1001:0 /opt/app-root /tmp/sessions && \ - chmod -R a+rwx /tmp/sessions && \ - chmod -R ug+rwx /opt/app-root && \ - chmod -R a+rwx /etc/opt/rh/rh-php56 && \ - chmod -R a+rwx /opt/rh/httpd24/root/var/run/httpd && \ - rpm-file-permissions +# Reset permissions of filesystem to default values +RUN /usr/libexec/container-setup && rpm-file-permissions USER 1001 diff --git a/5.6/Dockerfile.rhel7 b/5.6/Dockerfile.rhel7 index 534cddb6e..d33e9ef9b 100644 --- a/5.6/Dockerfile.rhel7 +++ b/5.6/Dockerfile.rhel7 @@ -4,6 +4,7 @@ FROM rhscl/s2i-base-rhel7 # applications. EXPOSE 8080 +EXPOSE 8443 # Description # This image provides an Apache 2.4 + PHP 5.6 environment for running PHP applications. @@ -50,31 +51,33 @@ RUN yum install -y yum-utils && \ INSTALL_PKGS="rh-php56 rh-php56-php rh-php56-php-mysqlnd rh-php56-php-pgsql rh-php56-php-bcmath \ rh-php56-php-gd rh-php56-php-intl rh-php56-php-ldap rh-php56-php-mbstring rh-php56-php-pdo \ rh-php56-php-pecl-memcache rh-php56-php-process rh-php56-php-soap rh-php56-php-opcache rh-php56-php-xml \ - rh-php56-php-pecl-xdebug rh-php56-php-gmp" && \ + rh-php56-php-pecl-xdebug rh-php56-php-gmp httpd24-mod_ssl" && \ yum install -y --setopt=tsflags=nodocs $INSTALL_PKGS && \ rpm -V $INSTALL_PKGS && \ yum clean all -y +ENV PHP_CONTAINER_SCRIPTS_PATH=/usr/share/container-scripts/php/ \ + APP_ROOT=/opt/app-root \ + APP_DATA=/opt/app-root/src \ + PHP_DEFAULT_INCLUDE_PATH=/opt/rh/rh-php56/root/usr/share/pear \ + PHP_SYSCONF_PATH=/etc/opt/rh/rh-php56 \ + HTTPD_CONFIGURATION_PATH=/opt/app-root/etc/conf.d \ + HTTPD_MAIN_CONF_PATH=/etc/httpd/conf \ + HTTPD_MAIN_CONF_D_PATH=/etc/httpd/conf.d \ + HTTPD_VAR_RUN=/var/run/httpd \ + HTTPD_DATA_PATH=/var/www \ + HTTPD_DATA_ORIG_PATH=/opt/rh/httpd24/root/var/www \ + HTTPD_VAR_PATH=/opt/rh/httpd24/root/var \ + SCL_ENABLED=rh-php56 + # Copy the S2I scripts from the specific language image to $STI_SCRIPTS_PATH COPY ./s2i/bin/ $STI_SCRIPTS_PATH # Copy extra files to the image. COPY ./root/ / -# In order to drop the root user, we have to make some directories world -# writeable as OpenShift default security model is to run the container under -# random UID. -RUN sed -i -f /opt/app-root/etc/httpdconf.sed /opt/rh/httpd24/root/etc/httpd/conf/httpd.conf && \ - sed -i '/php_value session.save_path/d' /opt/rh/httpd24/root/etc/httpd/conf.d/rh-php56-php.conf && \ - head -n151 /opt/rh/httpd24/root/etc/httpd/conf/httpd.conf | tail -n1 | grep "AllowOverride All" || exit && \ - echo "IncludeOptional /opt/app-root/etc/conf.d/*.conf" >> /opt/rh/httpd24/root/etc/httpd/conf/httpd.conf && \ - mkdir /tmp/sessions && \ - chown -R 1001:0 /opt/app-root /tmp/sessions && \ - chmod -R a+rwx /tmp/sessions && \ - chmod -R ug+rwx /opt/app-root && \ - chmod -R a+rwx /etc/opt/rh/rh-php56 && \ - chmod -R a+rwx /opt/rh/httpd24/root/var/run/httpd && \ - rpm-file-permissions +# Reset permissions of filesystem to default values +RUN /usr/libexec/container-setup && rpm-file-permissions USER 1001 diff --git a/7.0/Dockerfile b/7.0/Dockerfile index 7d08eb5ea..780e5851d 100644 --- a/7.0/Dockerfile +++ b/7.0/Dockerfile @@ -4,6 +4,7 @@ FROM centos/s2i-base-centos7 # applications. EXPOSE 8080 +EXPOSE 8443 # Description # This image provides an Apache 2.4 + PHP 7.0 environment for running PHP applications. @@ -46,31 +47,33 @@ RUN yum install -y centos-release-scl && \ INSTALL_PKGS="rh-php70 rh-php70-php rh-php70-php-mysqlnd rh-php70-php-pgsql rh-php70-php-bcmath \ rh-php70-php-gd rh-php70-php-intl rh-php70-php-ldap rh-php70-php-mbstring rh-php70-php-pdo \ rh-php70-php-process rh-php70-php-soap rh-php70-php-opcache rh-php70-php-xml \ - rh-php70-php-gmp" && \ + rh-php70-php-gmp httpd24-mod_ssl" && \ yum install -y --setopt=tsflags=nodocs $INSTALL_PKGS --nogpgcheck && \ rpm -V $INSTALL_PKGS && \ yum clean all -y +ENV PHP_CONTAINER_SCRIPTS_PATH=/usr/share/container-scripts/php/ \ + APP_ROOT=/opt/app-root \ + APP_DATA=/opt/app-root/src \ + PHP_DEFAULT_INCLUDE_PATH=/opt/rh/rh-php70/root/usr/share/pear \ + PHP_SYSCONF_PATH=/etc/opt/rh/rh-php70 \ + HTTPD_CONFIGURATION_PATH=/opt/app-root/etc/conf.d \ + HTTPD_MAIN_CONF_PATH=/etc/httpd/conf \ + HTTPD_MAIN_CONF_D_PATH=/etc/httpd/conf.d \ + HTTPD_VAR_RUN=/var/run/httpd \ + HTTPD_DATA_PATH=/var/www \ + HTTPD_DATA_ORIG_PATH=/opt/rh/httpd24/root/var/www \ + HTTPD_VAR_PATH=/opt/rh/httpd24/root/var \ + SCL_ENABLED=rh-php70 + # Copy the S2I scripts from the specific language image to $STI_SCRIPTS_PATH COPY ./s2i/bin/ $STI_SCRIPTS_PATH # Copy extra files to the image. COPY ./root/ / -# In order to drop the root user, we have to make some directories world -# writeable as OpenShift default security model is to run the container under -# random UID. -RUN sed -i -f /opt/app-root/etc/httpdconf.sed /opt/rh/httpd24/root/etc/httpd/conf/httpd.conf && \ - sed -i '/php_value session.save_path/d' /opt/rh/httpd24/root/etc/httpd/conf.d/rh-php70-php.conf && \ - head -n151 /opt/rh/httpd24/root/etc/httpd/conf/httpd.conf | tail -n1 | grep "AllowOverride All" || exit && \ - echo "IncludeOptional /opt/app-root/etc/conf.d/*.conf" >> /opt/rh/httpd24/root/etc/httpd/conf/httpd.conf && \ - mkdir /tmp/sessions && \ - chown -R 1001:0 /opt/app-root /tmp/sessions && \ - chmod -R a+rwx /tmp/sessions && \ - chmod -R ug+rwx /opt/app-root && \ - chmod -R a+rwx /etc/opt/rh/rh-php70 && \ - chmod -R a+rwx /opt/rh/httpd24/root/var/run/httpd && \ - rpm-file-permissions +# Reset permissions of filesystem to default values +RUN /usr/libexec/container-setup && rpm-file-permissions USER 1001 diff --git a/7.0/Dockerfile.rhel7 b/7.0/Dockerfile.rhel7 index 94bd237c7..f783fbfbc 100644 --- a/7.0/Dockerfile.rhel7 +++ b/7.0/Dockerfile.rhel7 @@ -4,6 +4,7 @@ FROM rhscl/s2i-base-rhel7:1 # applications. EXPOSE 8080 +EXPOSE 8443 # Description # This image provides an Apache 2.4 + PHP 7.0 environment for running PHP applications. @@ -49,31 +50,33 @@ RUN yum install -y yum-utils && \ INSTALL_PKGS="rh-php70 rh-php70-php rh-php70-php-mysqlnd rh-php70-php-pgsql rh-php70-php-bcmath \ rh-php70-php-gd rh-php70-php-intl rh-php70-php-ldap rh-php70-php-mbstring rh-php70-php-pdo \ rh-php70-php-process rh-php70-php-soap rh-php70-php-opcache rh-php70-php-xml \ - rh-php70-php-gmp" && \ + rh-php70-php-gmp httpd24-mod_ssl" && \ yum install -y --setopt=tsflags=nodocs $INSTALL_PKGS && \ rpm -V $INSTALL_PKGS && \ yum clean all -y +ENV PHP_CONTAINER_SCRIPTS_PATH=/usr/share/container-scripts/php/ \ + APP_ROOT=/opt/app-root \ + APP_DATA=/opt/app-root/src \ + PHP_DEFAULT_INCLUDE_PATH=/opt/rh/rh-php70/root/usr/share/pear \ + PHP_SYSCONF_PATH=/etc/opt/rh/rh-php70 \ + HTTPD_CONFIGURATION_PATH=/opt/app-root/etc/conf.d \ + HTTPD_MAIN_CONF_PATH=/etc/httpd/conf \ + HTTPD_MAIN_CONF_D_PATH=/etc/httpd/conf.d \ + HTTPD_VAR_RUN=/var/run/httpd \ + HTTPD_DATA_PATH=/var/www \ + HTTPD_DATA_ORIG_PATH=/opt/rh/httpd24/root/var/www \ + HTTPD_VAR_PATH=/opt/rh/httpd24/root/var \ + SCL_ENABLED=rh-php70 + # Copy the S2I scripts from the specific language image to $STI_SCRIPTS_PATH COPY ./s2i/bin/ $STI_SCRIPTS_PATH # Copy extra files to the image. COPY ./root/ / -# In order to drop the root user, we have to make some directories world -# writeable as OpenShift default security model is to run the container under -# random UID. -RUN sed -i -f /opt/app-root/etc/httpdconf.sed /opt/rh/httpd24/root/etc/httpd/conf/httpd.conf && \ - sed -i '/php_value session.save_path/d' /opt/rh/httpd24/root/etc/httpd/conf.d/rh-php70-php.conf && \ - head -n151 /opt/rh/httpd24/root/etc/httpd/conf/httpd.conf | tail -n1 | grep "AllowOverride All" || exit && \ - echo "IncludeOptional /opt/app-root/etc/conf.d/*.conf" >> /opt/rh/httpd24/root/etc/httpd/conf/httpd.conf && \ - mkdir /tmp/sessions && \ - chown -R 1001:0 /opt/app-root /tmp/sessions && \ - chmod -R a+rwx /tmp/sessions && \ - chmod -R ug+rwx /opt/app-root && \ - chmod -R a+rwx /etc/opt/rh/rh-php70 && \ - chmod -R a+rwx /opt/rh/httpd24/root/var/run/httpd && \ - rpm-file-permissions +# Reset permissions of filesystem to default values +RUN /usr/libexec/container-setup && rpm-file-permissions USER 1001 diff --git a/7.1/Dockerfile b/7.1/Dockerfile index 88d2e5d2f..cc6449d3e 100644 --- a/7.1/Dockerfile +++ b/7.1/Dockerfile @@ -51,17 +51,19 @@ RUN yum install -y centos-release-scl && \ rpm -V $INSTALL_PKGS && \ yum clean all -y -ENV CONTAINER_SCRIPTS_PATH=/usr/share/container-scripts/php/ \ +ENV PHP_CONTAINER_SCRIPTS_PATH=/usr/share/container-scripts/php/ \ APP_ROOT=/opt/app-root \ - DEFAULT_INCLUDE_PATH=/opt/rh/rh-php71/root/usr/share/pear \ - HTTPD_CONFIGURATION_PATH=/opt/app-root/etc/httpd.d \ + APP_DATA=/opt/app-root/src \ + PHP_DEFAULT_INCLUDE_PATH=/opt/rh/rh-php71/root/usr/share/pear \ + PHP_SYSCONF_PATH=/etc/opt/rh/rh-php71 \ + HTTPD_CONFIGURATION_PATH=/opt/app-root/etc/conf.d \ HTTPD_MAIN_CONF_PATH=/etc/httpd/conf \ HTTPD_MAIN_CONF_D_PATH=/etc/httpd/conf.d \ HTTPD_VAR_RUN=/var/run/httpd \ HTTPD_DATA_PATH=/var/www \ HTTPD_DATA_ORIG_PATH=/opt/rh/httpd24/root/var/www \ - HTTPD_LOG_PATH=/var/log/httpd24 \ - HTTPD_SCL=rh-php71 + HTTPD_VAR_PATH=/opt/rh/httpd24/root/var \ + SCL_ENABLED=rh-php71 # Copy the S2I scripts from the specific language image to $STI_SCRIPTS_PATH COPY ./s2i/bin/ $STI_SCRIPTS_PATH diff --git a/7.1/Dockerfile.rhel7 b/7.1/Dockerfile.rhel7 index 65b400fe8..a83fb6b9f 100644 --- a/7.1/Dockerfile.rhel7 +++ b/7.1/Dockerfile.rhel7 @@ -4,6 +4,7 @@ FROM rhscl/s2i-base-rhel7:1 # applications. EXPOSE 8080 +EXPOSE 8443 # Description # This image provides an Apache 2.4 + PHP 7.1 environment for running PHP applications. @@ -48,31 +49,33 @@ RUN yum install -y yum-utils && \ INSTALL_PKGS="rh-php71 rh-php71-php rh-php71-php-mysqlnd rh-php71-php-pgsql rh-php71-php-bcmath \ rh-php71-php-gd rh-php71-php-intl rh-php71-php-ldap rh-php71-php-mbstring rh-php71-php-pdo \ rh-php71-php-process rh-php71-php-soap rh-php71-php-opcache rh-php71-php-xml \ - rh-php71-php-gmp rh-php71-php-pecl-apcu" && \ + rh-php71-php-gmp rh-php71-php-pecl-apcu httpd24-mod_ssl" && \ yum install -y --setopt=tsflags=nodocs $INSTALL_PKGS && \ rpm -V $INSTALL_PKGS && \ yum clean all -y +ENV PHP_CONTAINER_SCRIPTS_PATH=/usr/share/container-scripts/php/ \ + APP_ROOT=/opt/app-root \ + APP_DATA=/opt/app-root/src \ + PHP_DEFAULT_INCLUDE_PATH=/opt/rh/rh-php71/root/usr/share/pear \ + PHP_SYSCONF_PATH=/etc/opt/rh/rh-php71 \ + HTTPD_CONFIGURATION_PATH=/opt/app-root/etc/conf.d \ + HTTPD_MAIN_CONF_PATH=/etc/httpd/conf \ + HTTPD_MAIN_CONF_D_PATH=/etc/httpd/conf.d \ + HTTPD_VAR_RUN=/var/run/httpd \ + HTTPD_DATA_PATH=/var/www \ + HTTPD_DATA_ORIG_PATH=/opt/rh/httpd24/root/var/www \ + HTTPD_VAR_PATH=/opt/rh/httpd24/root/var \ + SCL_ENABLED=rh-php71 + # Copy the S2I scripts from the specific language image to $STI_SCRIPTS_PATH COPY ./s2i/bin/ $STI_SCRIPTS_PATH # Copy extra files to the image. COPY ./root/ / -# In order to drop the root user, we have to make some directories world -# writeable as OpenShift default security model is to run the container under -# random UID. -RUN sed -i -f /opt/app-root/etc/httpdconf.sed /opt/rh/httpd24/root/etc/httpd/conf/httpd.conf && \ - sed -i '/php_value session.save_path/d' /opt/rh/httpd24/root/etc/httpd/conf.d/rh-php71-php.conf && \ - head -n151 /opt/rh/httpd24/root/etc/httpd/conf/httpd.conf | tail -n1 | grep "AllowOverride All" || exit && \ - echo "IncludeOptional /opt/app-root/etc/conf.d/*.conf" >> /opt/rh/httpd24/root/etc/httpd/conf/httpd.conf && \ - mkdir /tmp/sessions && \ - chown -R 1001:0 /opt/app-root /tmp/sessions && \ - chmod -R a+rwx /tmp/sessions && \ - chmod -R ug+rwx /opt/app-root && \ - chmod -R a+rwx /etc/opt/rh/rh-php71 && \ - chmod -R a+rwx /opt/rh/httpd24/root/var/run/httpd && \ - rpm-file-permissions +# Reset permissions of filesystem to default values +RUN /usr/libexec/container-setup && rpm-file-permissions USER 1001 diff --git a/7.1/README.md b/7.1/README.md index fe807ec71..d65455dad 100644 --- a/7.1/README.md +++ b/7.1/README.md @@ -154,6 +154,21 @@ After you [Docker exec](http://docker.io) into the running container, your curre to `/opt/app-root/src`, where the source code is located. +Extending image +--------------- +Not only content, but also startup scripts and configuration of the image can +be extended using [source-to-image](https://github.com/openshift/source-to-image). + +The structure of the application can look like this: + +| Folder name | Description | +|-------------------|----------------------------| +| `./httpd-cfg` | Can contain additional Apache configuration files (`*.conf`)| +| `./httpd-pre-init`| Can contain shell scripts (`*.sh`) that are sourced before `httpd` is started| +| `./httpd-ssl` | Can contain own SSL certificate (in `certs/` subdirectory) and key (in `private/` subdirectory)| +| `./` | Application source code | + + See also -------- Dockerfile and other sources are available on https://github.com/sclorg/s2i-php-container. diff --git a/7.1/root/opt/app-root/etc/php.d/10-opcache.ini.template b/7.1/root/opt/app-root/etc/php.d/10-opcache.ini.template index 00591dae4..d079b81f5 100644 --- a/7.1/root/opt/app-root/etc/php.d/10-opcache.ini.template +++ b/7.1/root/opt/app-root/etc/php.d/10-opcache.ini.template @@ -58,7 +58,7 @@ opcache.revalidate_freq=${OPCACHE_REVALIDATE_FREQ} ; The location of the OPcache blacklist file (wildcards allowed). ; Each OPcache blacklist file is a text file that holds the names of files ; that should not be accelerated. -opcache.blacklist_filename=/etc/opt/rh/rh-php71/php.d/opcache*.blacklist +opcache.blacklist_filename=${PHP_SYSCONF_PATH}/php.d/opcache*.blacklist ; Allows exclusion of large files from being cached. By default all files ; are cached. diff --git a/7.1/root/usr/libexec/container-setup b/7.1/root/usr/libexec/container-setup index 1f65271c0..1a6d7ed7b 100755 --- a/7.1/root/usr/libexec/container-setup +++ b/7.1/root/usr/libexec/container-setup @@ -6,10 +6,10 @@ set -e # writeable as OpenShift default security model is to run the container under # random UID. -source ${CONTAINER_SCRIPTS_PATH}/common.sh +source ${PHP_CONTAINER_SCRIPTS_PATH}/common.sh # compatibility symlinks so we hide SCL paths -if [ -v HTTPD_SCL ] ; then +if [ -v SCL_ENABLED ] ; then # /opt/rh/httpd24/root/etc/httpd will be symlink to /etc/httpd mv /opt/rh/httpd24/root/etc/httpd /etc/httpd ln -s /etc/httpd /opt/rh/httpd24/root/etc/httpd @@ -27,8 +27,10 @@ fi mkdir -p ${HTTPD_CONFIGURATION_PATH} chmod -R a+rwx ${HTTPD_MAIN_CONF_PATH} chmod -R a+rwx ${HTTPD_MAIN_CONF_D_PATH} -chmod -R a+r /etc/pki/tls/certs/localhost.crt -chmod -R a+r /etc/pki/tls/private/localhost.key +chmod -R ug+r /etc/pki/tls/certs/localhost.crt +chmod -R ug+r /etc/pki/tls/private/localhost.key +chown -R 1000:0 /etc/pki/tls/certs/localhost.crt +chown -R 1000:0 /etc/pki/tls/private/localhost.key mkdir -p ${APP_ROOT}/etc chmod -R a+rwx ${APP_ROOT}/etc chmod -R a+rwx ${HTTPD_VAR_RUN} @@ -36,10 +38,9 @@ chown -R 1001:0 ${APP_ROOT} mkdir /tmp/sessions chown -R 1000:0 /tmp/sessions chown -R 1001:0 ${HTTPD_DATA_PATH} -chown -R 1001:0 ${HTTPD_LOG_PATH} -chmod -R a+rwx /etc/opt/rh/rh-php71 +chmod -R a+rwx ${PHP_SYSCONF_PATH} -mkdir -p ${CONTAINER_SCRIPTS_PATH}/pre-init +mkdir -p ${PHP_CONTAINER_SCRIPTS_PATH}/pre-init config_general diff --git a/7.1/root/usr/share/container-scripts/php/common.sh b/7.1/root/usr/share/container-scripts/php/common.sh index 86b1acc68..d9f345751 100644 --- a/7.1/root/usr/share/container-scripts/php/common.sh +++ b/7.1/root/usr/share/container-scripts/php/common.sh @@ -2,9 +2,9 @@ config_httpd_conf() { sed -i "s/^Listen 80/Listen 0.0.0.0:8080/" ${HTTPD_MAIN_CONF_PATH}/httpd.conf sed -i "s/^User apache/User default/" ${HTTPD_MAIN_CONF_PATH}/httpd.conf sed -i "s/^Group apache/Group root/" ${HTTPD_MAIN_CONF_PATH}/httpd.conf - sed -i "s%^DocumentRoot \"/opt/rh/httpd24/root/var/www/html\"%#DocumentRoot \"/opt/app-root/src\"%" ${HTTPD_MAIN_CONF_PATH}/httpd.conf - sed -i "s%^> /opt/rh/httpd24/root/etc/httpd/conf/httpd.conf + sed -i '/php_value session.save_path/d' ${HTTPD_MAIN_CONF_D_PATH}/rh-php71-php.conf + head -n151 ${HTTPD_MAIN_CONF_PATH}/httpd.conf | tail -n1 | grep "AllowOverride All" || exit 1 + echo "IncludeOptional ${APP_ROOT}/etc/conf.d/*.conf" >> ${HTTPD_MAIN_CONF_PATH}/httpd.conf } function log_info { @@ -99,3 +99,36 @@ function process_extending_config_files() { done <<<"$(get_matched_files "$custom_dir" "$default_dir" '*.conf' | sort -u)" } +# Copy config files from application to the location where httd expects them +# Param sets the directory where to look for files +# This function was taken from httpd container +process_config_files() { + local dir=${1:-.} + if [ -d ${dir}/httpd-cfg ]; then + echo "---> Copying httpd configuration files..." + if [ "$(ls -A ${dir}/httpd-cfg/*.conf)" ]; then + cp -v ${dir}/httpd-cfg/*.conf "${HTTPD_CONFIGURATION_PATH}"/ + rm -rf ${dir}/httpd-cfg + fi + fi +} + +# Copy SSL files provided in application source +# This function was taken from httpd container +process_ssl_certs() { + local dir=${1:-.} + if [ -d ${dir}/httpd-ssl/private ] && [ -d ${dir}/httpd-ssl/certs ]; then + echo "---> Looking for SSL certs for httpd..." + cp -r ${dir}/httpd-ssl ${APP_ROOT} + local ssl_cert="$(ls -A ${APP_ROOT}/httpd-ssl/certs/*.pem | head -n 1)" + local ssl_private="$(ls -A ${APP_ROOT}/httpd-ssl/private/*.pem | head -n 1)" + if [ -f "${ssl_cert}" ] && [ -f "${ssl_private}" ]; then + echo "---> Setting SSL certs for httpd..." + sed -i -e "s|^SSLCertificateFile .*$|SSLCertificateFile ${ssl_cert}|" ${HTTPD_MAIN_CONF_D_PATH}/ssl.conf + sed -i -e "s|^SSLCertificateKeyFile .*$|SSLCertificateKeyFile ${ssl_private}|" ${HTTPD_MAIN_CONF_D_PATH}/ssl.conf + fi + rm -rf ${dir}/httpd-ssl + fi +} + + diff --git a/7.1/root/opt/app-root/etc/conf.d/00-documentroot.conf.template b/7.1/root/usr/share/container-scripts/php/httpd-cnf/00-documentroot.conf similarity index 100% rename from 7.1/root/opt/app-root/etc/conf.d/00-documentroot.conf.template rename to 7.1/root/usr/share/container-scripts/php/httpd-cnf/00-documentroot.conf diff --git a/7.1/root/opt/app-root/etc/conf.d/50-mpm-tuning.conf.template b/7.1/root/usr/share/container-scripts/php/httpd-cnf/50-mpm-tuning.conf similarity index 100% rename from 7.1/root/opt/app-root/etc/conf.d/50-mpm-tuning.conf.template rename to 7.1/root/usr/share/container-scripts/php/httpd-cnf/50-mpm-tuning.conf diff --git a/7.1/root/usr/share/container-scripts/php/pre-start/70-s2i-config.sh b/7.1/root/usr/share/container-scripts/php/post-assemble/20-copy-config.sh similarity index 62% rename from 7.1/root/usr/share/container-scripts/php/pre-start/70-s2i-config.sh rename to 7.1/root/usr/share/container-scripts/php/post-assemble/20-copy-config.sh index 9cca6c905..cd6a356af 100644 --- a/7.1/root/usr/share/container-scripts/php/pre-start/70-s2i-config.sh +++ b/7.1/root/usr/share/container-scripts/php/post-assemble/20-copy-config.sh @@ -2,5 +2,5 @@ log_info 'Processing additional arbitrary httpd configuration provided by s2i ...' -process_extending_config_files ${APP_DATA}/httpd-cfg/ ${CONTAINER_SCRIPTS_PATH}/cnf/ +process_extending_config_files ${APP_DATA}/httpd-cfg/ ${PHP_CONTAINER_SCRIPTS_PATH}/httpd-cnf/ diff --git a/7.1/root/usr/share/container-scripts/php/post-assemble/40-ssl-certs.sh b/7.1/root/usr/share/container-scripts/php/post-assemble/40-ssl-certs.sh new file mode 100644 index 000000000..a003826a2 --- /dev/null +++ b/7.1/root/usr/share/container-scripts/php/post-assemble/40-ssl-certs.sh @@ -0,0 +1,4 @@ +source ${PHP_CONTAINER_SCRIPTS_PATH}/common.sh + +# Copy SSL files provided in application source +process_ssl_certs diff --git a/7.1/root/usr/share/container-scripts/php/pre-start/20-copy-config.sh b/7.1/root/usr/share/container-scripts/php/pre-start/20-copy-config.sh new file mode 100644 index 000000000..cd6a356af --- /dev/null +++ b/7.1/root/usr/share/container-scripts/php/pre-start/20-copy-config.sh @@ -0,0 +1,6 @@ +# additional arbitrary httpd configuration provided by user using s2i + +log_info 'Processing additional arbitrary httpd configuration provided by s2i ...' + +process_extending_config_files ${APP_DATA}/httpd-cfg/ ${PHP_CONTAINER_SCRIPTS_PATH}/httpd-cnf/ + diff --git a/7.1/root/usr/share/container-scripts/php/pre-start/40-ssl-certs.sh b/7.1/root/usr/share/container-scripts/php/pre-start/40-ssl-certs.sh new file mode 100644 index 000000000..541bbce40 --- /dev/null +++ b/7.1/root/usr/share/container-scripts/php/pre-start/40-ssl-certs.sh @@ -0,0 +1,4 @@ +source ${PHP_CONTAINER_SCRIPTS_PATH}/common.sh + +# Copy SSL files provided in application source +process_ssl_certs ${APP_ROOT}/src diff --git a/7.1/s2i/bin/assemble b/7.1/s2i/bin/assemble index f8a4c6c0f..cf31a19d6 100755 --- a/7.1/s2i/bin/assemble +++ b/7.1/s2i/bin/assemble @@ -2,7 +2,7 @@ set -e -source ${CONTAINER_SCRIPTS_PATH}/common.sh +source ${PHP_CONTAINER_SCRIPTS_PATH}/common.sh shopt -s dotglob echo "---> Installing application source..." @@ -48,8 +48,9 @@ if [ -f composer.json ]; then fi fi -# pre-start files -process_extending_files ${APP_DATA}/php-pre-start/ ${CONTAINER_SCRIPTS_PATH}/pre-start/ +# post-assemble files +process_extending_files ./php-post-assemble/ ${PHP_CONTAINER_SCRIPTS_PATH}/post-assemble/ # Fix source directory permissions fix-permissions ./ +fix-permissions ${HTTPD_CONFIGURATION_PATH} diff --git a/7.1/s2i/bin/run b/7.1/s2i/bin/run index 6f7b44c52..1d723cf42 100755 --- a/7.1/s2i/bin/run +++ b/7.1/s2i/bin/run @@ -1,5 +1,7 @@ #!/bin/bash +source ${PHP_CONTAINER_SCRIPTS_PATH}/common.sh + export_vars=$(cgroup-limits); export $export_vars export DOCUMENTROOT=${DOCUMENTROOT:-/} @@ -10,7 +12,7 @@ export DISPLAY_ERRORS=${DISPLAY_ERRORS:-ON} export DISPLAY_STARTUP_ERRORS=${DISPLAY_STARTUP_ERRORS:-OFF} export TRACK_ERRORS=${TRACK_ERRORS:-OFF} export HTML_ERRORS=${HTML_ERRORS:-ON} -export INCLUDE_PATH=${INCLUDE_PATH:-.:/opt/app-root/src:${DEFAULT_INCLUDE_PATH}} +export INCLUDE_PATH=${INCLUDE_PATH:-.:/opt/app-root/src:${PHP_DEFAULT_INCLUDE_PATH}} export SESSION_PATH=${SESSION_PATH:-/tmp/sessions} export SHORT_OPEN_TAG=${SHORT_OPEN_TAG:-OFF} # TODO should be dynamically calculated based on container memory limit/16 @@ -42,7 +44,7 @@ else echo "-> Cgroups memory limit is set, using HTTPD_MAX_REQUEST_WORKERS=${HTTPD_MAX_REQUEST_WORKERS}" fi -envsubst < /opt/app-root/etc/conf.d/50-mpm-tuning.conf.template > /opt/app-root/etc/conf.d/50-mpm-tuning.conf -envsubst < /opt/app-root/etc/conf.d/00-documentroot.conf.template > /opt/app-root/etc/conf.d/00-documentroot.conf +# pre-start files +process_extending_files ${APP_DATA}/php-pre-start/ ${PHP_CONTAINER_SCRIPTS_PATH}/pre-start/ exec httpd -D FOREGROUND diff --git a/7.1/test/run b/7.1/test/run index 9714a6c0e..2f9144d8c 100755 --- a/7.1/test/run +++ b/7.1/test/run @@ -180,6 +180,16 @@ test_ssl() { } +test_ssl_own_cert() { + s2i build ${s2i_args} file://${test_dir}/self-signed-ssl ${IMAGE_NAME} ${IMAGE_NAME}-test-self-signed-ssl + docker run -d --user=100001 ${run_args} --cidfile=${cid_file} ${IMAGE_NAME}-test-self-signed-ssl + test_connection ${test_port_ssl} https + check_result $? + echo | openssl s_client -showcerts -servername $(container_ip) -connect $(container_ip):${test_port_ssl} 2>/dev/null | openssl x509 -inform pem -noout -text >./servercert + openssl x509 -in ${test_dir}/self-signed-ssl/httpd-ssl/certs/server-cert-selfsigned.pem -inform pem -noout -text >./configcert + diff ./configcert ./servercert >cert.diff +} + cid_file=$(mktemp -u --suffix=.cid) # Since we built the candidate image locally, we don't want S2I attempt to pull @@ -203,6 +213,11 @@ test_application # Test application with random uid CONTAINER_ARGS="-u 12345" test_application + +cleanup + +test_ssl_own_cert +check_result $? cleanup info "All tests finished successfully." diff --git a/7.1/test/self-signed-ssl b/7.1/test/self-signed-ssl new file mode 120000 index 000000000..1c1fd1874 --- /dev/null +++ b/7.1/test/self-signed-ssl @@ -0,0 +1 @@ +../../examples/self-signed-ssl/ \ No newline at end of file diff --git a/examples/self-signed-ssl/httpd-ssl/certs/server-cert-selfsigned.pem b/examples/self-signed-ssl/httpd-ssl/certs/server-cert-selfsigned.pem new file mode 100644 index 000000000..8495b8847 --- /dev/null +++ b/examples/self-signed-ssl/httpd-ssl/certs/server-cert-selfsigned.pem @@ -0,0 +1,20 @@ +-----BEGIN CERTIFICATE----- +MIIDWjCCAkKgAwIBAgIJAI4x7HuBG49oMA0GCSqGSIb3DQEBCwUAMEIxCzAJBgNV +BAYTAlhYMRUwEwYDVQQHDAxEZWZhdWx0IENpdHkxHDAaBgNVBAoME0RlZmF1bHQg +Q29tcGFueSBMdGQwHhcNMTcxMjAzMjMzMzU3WhcNMTgwMTAyMjMzMzU3WjBCMQsw +CQYDVQQGEwJYWDEVMBMGA1UEBwwMRGVmYXVsdCBDaXR5MRwwGgYDVQQKDBNEZWZh +dWx0IENvbXBhbnkgTHRkMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA +vH4Vdq0a3UWUQd8Z6s2csxhxjAOyUx0rszGL0m3uTjQido6JRBdjN2dXiZc3LFoq +YeOKR3CeHsn7UdrlzaboHFDfjAaextse0740mB1g14H1bAS0POuTPeKa+3wGfzCb +sTSXnfSrICl3n2D/3KSO93WwmS90kBD6HmKt5nfkLpJnROM/4bHmuoV0Ry8CDjzj +mka7pQU4yzyMKLU3sHpncZU6g7o4Vezic9ksVzIAbdPCSbF7ktVz/hisyCuzyKN6 +s2327jq593vBgGOsNU5PDPDjKW74Q0Bv/FxPK4nx+o4IkcRW1QEb+yAx8XOM7CDZ +ViKvI/A0b+Y4Y3rIQ465+wIDAQABo1MwUTAdBgNVHQ4EFgQUAY1i6ZNbqO1+46aw +pldCyPaWoYswHwYDVR0jBBgwFoAUAY1i6ZNbqO1+46awpldCyPaWoYswDwYDVR0T +AQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEADhGjnYGq9JvQcygMYEQiIdyS +t06Nu7NUkWz52GJp7WFognWyG+0jAomBR0GSUchfubvVZ7cHIaVKLhiGOqg+HIol +7tNRfvE6x/Idk674g6OTRAWxO/wOlgnRMpRy6XhHOtb4HcPcpWFZJS8MC8+HRWIs +kzMErXe0/obnKn9O04kcEREfmB7kfcD4ooqk5gwbdQk1W6a44LcN6AB5qYPjOzgF +Qnb2aLQW9XhgNhiMsYqDzCZsy0az0rz7NgkVOnKrGJ8x3kVX13GR2joVVHOazms9 +Gd90z+mLMDTbqCRGIPMLvEp4HtAmBxbgsj/zHyinajIqV96B3Cr3zTdW29lHJg== +-----END CERTIFICATE----- diff --git a/examples/self-signed-ssl/httpd-ssl/private/server-key.pem b/examples/self-signed-ssl/httpd-ssl/private/server-key.pem new file mode 100644 index 000000000..ff2ac89c4 --- /dev/null +++ b/examples/self-signed-ssl/httpd-ssl/private/server-key.pem @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQC8fhV2rRrdRZRB +3xnqzZyzGHGMA7JTHSuzMYvSbe5ONCJ2jolEF2M3Z1eJlzcsWiph44pHcJ4eyftR +2uXNpugcUN+MBp7G2x7TvjSYHWDXgfVsBLQ865M94pr7fAZ/MJuxNJed9KsgKXef +YP/cpI73dbCZL3SQEPoeYq3md+QukmdE4z/hsea6hXRHLwIOPOOaRrulBTjLPIwo +tTewemdxlTqDujhV7OJz2SxXMgBt08JJsXuS1XP+GKzIK7PIo3qzbfbuOrn3e8GA +Y6w1Tk8M8OMpbvhDQG/8XE8rifH6jgiRxFbVARv7IDHxc4zsINlWIq8j8DRv5jhj +eshDjrn7AgMBAAECggEARZxeutxE/pCypv0IqkFS7IVLccTvt2gfemcC1yzIBFOW +oqgTI3Vrq8tbdbHFq3iFDG+m4qlBi+dWDC3GDoPkVoi7dg//1TqZEOO+sqqu2Afj +pge6tIDfeMxWJifwkkpWRURB9hCknhUSW2bMNyUCs3rgREJVTtsmM9CHnoSKXXQL +aOeYXalFVpx3ceK+xdp0VGfpsqEabBKs0yy3EDiQy2huoWce3EVFLVrwx/IkhcsZ +JlI5LPpoiTglSs1g9i88JHS2slBtKtb1lWl/yXHhK1g7s34c6f9jP8snuFE5ddMn +0L4GDA9teaPGvB533eb2RIFy2kUYgpr5c03G6rpoOQKBgQDpY6BFJkPGENnC5Bdb +fJCuN2nyRdC1qvv6ESFaQYb0s6QjKDqpb0dUSYN3+zNgtiAysbQLeU/d9mmt4UR8 +ohjRkOySU0eQ/YNFokjw6g6GPoiMHJJ9cP75NA94uIMIUTY7uHEWWZwXI5UphdPC +p5/3MaF1VlYQys9a5wtiEaDSfQKBgQDOwPV0zQjUabkVQ4yV0amP8xybvHH8ghG0 +RMStHg96RfDmg35JQaw22A2xiVROCoZgLqiE1DFSl/3gBF/vfqBh/uzdxwNerJC6 +ROdCxyS4rys5d/02P4aNOa73sD+ZKyEZRTF1v3bmOGKidRFF5oxIpuHjFWlJFKx1 +O/b3AI0v1wKBgQC/L4N84emm+OrKAfs4UIRckrxRYOulxhmAMkQ2IXOiRP5yZmQX +pDa0TzxJLxhZYxhhLr0koQ3R8CeF7wEhb9AQ7D0/aMU5etLsWhKSd8nKIrPMwyMl +a0kTb5g09kEwsQZSSbcp7eI1+koYp65eyN37q0ZuTnlWbC0MdDQY9APgKQKBgQCb +HqaKNXLUe2XDkGSf2ygOumXSanZS7vt9dsLg59bQ9DyjljBfogglNcBAXTqFOtxK +uXbyAYnn3+U399BKjYSjQXJRioj6tRn4xs2DiooAjlwtx9qQouS+fHLLns54iqVQ +oltTbo00eUV3gcGt4iWKNLrxdxUBIaOqaY0HEMDdDQKBgQCRvcHDF7JSPuBiO3Tw +PSOUD4q6dD/dhI+X2ZKg83w94SZXXms6eMSbedUkLoJ8TDunmdRUUWb6rgP/pJwr +zKRTskItF15i9IWCwC6jBrSfx5n2JcSoBALyc0aR9heF0GQjWwqURd+PC/msomrW +z9SCl8mpQVFtBlui7PcnDLTFAg== +-----END PRIVATE KEY----- diff --git a/examples/self-signed-ssl/index.html b/examples/self-signed-ssl/index.html new file mode 100644 index 000000000..82ff698e7 --- /dev/null +++ b/examples/self-signed-ssl/index.html @@ -0,0 +1 @@ +SSL test works From 2c188c6c1ac4ae9f3f175a68fd189ea206709e63 Mon Sep 17 00:00:00 2001 From: Honza Horak Date: Mon, 4 Dec 2017 16:48:26 +0100 Subject: [PATCH 04/12] Do the same change in 5.6 and 7.0 as well --- 5.6/README.md | 15 ++++++++ .../etc/conf.d/00-documentroot.conf.template | 1 - .../etc/conf.d/50-mpm-tuning.conf.template | 12 ------- 5.6/root/opt/app-root/etc/httpdconf.sed | 9 ----- .../etc/php.d/10-opcache.ini.template | 2 +- 5.6/s2i/bin/assemble | 6 ++++ 5.6/s2i/bin/run | 8 +++-- 5.6/test/run | 36 +++++++++++++++++-- 7.0/README.md | 15 ++++++++ .../etc/conf.d/00-documentroot.conf.template | 1 - .../etc/conf.d/50-mpm-tuning.conf.template | 12 ------- 7.0/root/opt/app-root/etc/httpdconf.sed | 9 ----- .../etc/php.d/10-opcache.ini.template | 2 +- 7.0/s2i/bin/assemble | 6 ++++ 7.0/s2i/bin/run | 8 +++-- 7.0/test/run | 36 +++++++++++++++++-- 16 files changed, 120 insertions(+), 58 deletions(-) delete mode 100644 5.6/root/opt/app-root/etc/conf.d/00-documentroot.conf.template delete mode 100644 5.6/root/opt/app-root/etc/conf.d/50-mpm-tuning.conf.template delete mode 100644 5.6/root/opt/app-root/etc/httpdconf.sed delete mode 100644 7.0/root/opt/app-root/etc/conf.d/00-documentroot.conf.template delete mode 100644 7.0/root/opt/app-root/etc/conf.d/50-mpm-tuning.conf.template delete mode 100644 7.0/root/opt/app-root/etc/httpdconf.sed diff --git a/5.6/README.md b/5.6/README.md index 416d66f24..263b9d93c 100644 --- a/5.6/README.md +++ b/5.6/README.md @@ -153,6 +153,21 @@ After you [Docker exec](http://docker.io) into the running container, your curre to `/opt/app-root/src`, where the source code is located. +Extending image +--------------- +Not only content, but also startup scripts and configuration of the image can +be extended using [source-to-image](https://github.com/openshift/source-to-image). + +The structure of the application can look like this: + +| Folder name | Description | +|-------------------|----------------------------| +| `./httpd-cfg` | Can contain additional Apache configuration files (`*.conf`)| +| `./httpd-pre-init`| Can contain shell scripts (`*.sh`) that are sourced before `httpd` is started| +| `./httpd-ssl` | Can contain own SSL certificate (in `certs/` subdirectory) and key (in `private/` subdirectory)| +| `./` | Application source code | + + See also -------- Dockerfile and other sources are available on https://github.com/sclorg/s2i-php-container. diff --git a/5.6/root/opt/app-root/etc/conf.d/00-documentroot.conf.template b/5.6/root/opt/app-root/etc/conf.d/00-documentroot.conf.template deleted file mode 100644 index bd3600f09..000000000 --- a/5.6/root/opt/app-root/etc/conf.d/00-documentroot.conf.template +++ /dev/null @@ -1 +0,0 @@ -DocumentRoot "/opt/app-root/src${DOCUMENTROOT}" diff --git a/5.6/root/opt/app-root/etc/conf.d/50-mpm-tuning.conf.template b/5.6/root/opt/app-root/etc/conf.d/50-mpm-tuning.conf.template deleted file mode 100644 index f109ba30f..000000000 --- a/5.6/root/opt/app-root/etc/conf.d/50-mpm-tuning.conf.template +++ /dev/null @@ -1,12 +0,0 @@ - - # This value should mirror what is set in MinSpareServers. - StartServers ${HTTPD_START_SERVERS} - MinSpareServers ${HTTPD_START_SERVERS} - MaxSpareServers ${HTTPD_MAX_SPARE_SERVERS} - # The MaxRequestWorkers directive sets the limit on the number of simultaneous requests that will be served. - # The default value, when no Cgroup limits are set is 256. - MaxRequestWorkers ${HTTPD_MAX_REQUEST_WORKERS} - ServerLimit ${HTTPD_MAX_REQUEST_WORKERS} - MaxRequestsPerChild 4000 - MaxKeepAliveRequests 100 - diff --git a/5.6/root/opt/app-root/etc/httpdconf.sed b/5.6/root/opt/app-root/etc/httpdconf.sed deleted file mode 100644 index d97059ea9..000000000 --- a/5.6/root/opt/app-root/etc/httpdconf.sed +++ /dev/null @@ -1,9 +0,0 @@ -s/^Listen 80/Listen 0.0.0.0:8080/ -s/^User apache/User default/ -s/^Group apache/Group root/ -s%^DocumentRoot "/opt/rh/httpd24/root/var/www/html"%#DocumentRoot "/opt/app-root/src"% -s%^ Installing application source..." mv /tmp/src/* ./ @@ -46,5 +48,9 @@ if [ -f composer.json ]; then fi fi +# post-assemble files +process_extending_files ./php-post-assemble/ ${PHP_CONTAINER_SCRIPTS_PATH}/post-assemble/ + # Fix source directory permissions fix-permissions ./ +fix-permissions ${HTTPD_CONFIGURATION_PATH} diff --git a/5.6/s2i/bin/run b/5.6/s2i/bin/run index bdd8b8603..ad61d0f66 100755 --- a/5.6/s2i/bin/run +++ b/5.6/s2i/bin/run @@ -1,5 +1,7 @@ #!/bin/bash +source ${PHP_CONTAINER_SCRIPTS_PATH}/common.sh + export_vars=$(cgroup-limits); export $export_vars export DOCUMENTROOT=${DOCUMENTROOT:-/} @@ -10,7 +12,7 @@ export DISPLAY_ERRORS=${DISPLAY_ERRORS:-ON} export DISPLAY_STARTUP_ERRORS=${DISPLAY_STARTUP_ERRORS:-OFF} export TRACK_ERRORS=${TRACK_ERRORS:-OFF} export HTML_ERRORS=${HTML_ERRORS:-ON} -export INCLUDE_PATH=${INCLUDE_PATH:-.:/opt/app-root/src:/opt/rh/rh-php56/root/usr/share/pear} +export INCLUDE_PATH=${INCLUDE_PATH:-.:/opt/app-root/src:${PHP_DEFAULT_INCLUDE_PATH}} export SESSION_PATH=${SESSION_PATH:-/tmp/sessions} export SHORT_OPEN_TAG=${SHORT_OPEN_TAG:-OFF} # TODO should be dynamically calculated based on container memory limit/16 @@ -42,7 +44,7 @@ else echo "-> Cgroups memory limit is set, using HTTPD_MAX_REQUEST_WORKERS=${HTTPD_MAX_REQUEST_WORKERS}" fi -envsubst < /opt/app-root/etc/conf.d/50-mpm-tuning.conf.template > /opt/app-root/etc/conf.d/50-mpm-tuning.conf -envsubst < /opt/app-root/etc/conf.d/00-documentroot.conf.template > /opt/app-root/etc/conf.d/00-documentroot.conf +# pre-start files +process_extending_files ${APP_DATA}/php-pre-start/ ${PHP_CONTAINER_SCRIPTS_PATH}/pre-start/ exec httpd -D FOREGROUND diff --git a/5.6/test/run b/5.6/test/run index 846540a07..48638f495 100755 --- a/5.6/test/run +++ b/5.6/test/run @@ -14,6 +14,7 @@ image_dir=$(readlink -zf ${test_dir}/..) # TODO: This should be part of the image metadata test_port=8080 +test_port_ssl=8443 info() { echo -e "\n\e[1m[INFO] $@...\e[0m\n" @@ -129,14 +130,16 @@ test_scl_usage() { } test_connection() { + local check_port=$1 ; shift + local check_protocol=${1:-http} cat $cid_file - info "Testing the HTTP connection (http://$(container_ip):${test_port})" + info "Testing the HTTP connection (${check_protocol}://$(container_ip):${check_port})" local max_attempts=10 local sleep_time=1 local attempt=1 local result=1 while [ $attempt -le $max_attempts ]; do - response_code=$(curl -s -w %{http_code} -o /dev/null http://$(container_ip):${test_port}/) + response_code=$(curl -s -w %{http_code} -o /dev/null -k ${check_protocol}://$(container_ip):${check_port}/) status=$? if [ $status -eq 0 ]; then if [ $response_code -eq 200 ]; then @@ -160,11 +163,33 @@ test_application() { test_scl_usage "php --version" "5.6" check_result $? - test_connection + test_connection ${test_port} + check_result $? + test_connection ${test_port_ssl} https check_result $? cleanup_test_app } +test_ssl() { + source ${image_dir}/common/test-lib.sh + local cert_dir=/tmp + local cert_base=mycert + ct_gen_self_signed_cert_pem ${cert_dir} ${cert_base} + local private_key=${cert_dir}/${cert_base}-cert-selfsigned.pem + local cert_file=${cert_dir}/${cert_base}-key.pem + +} + +test_ssl_own_cert() { + s2i build ${s2i_args} file://${test_dir}/self-signed-ssl ${IMAGE_NAME} ${IMAGE_NAME}-test-self-signed-ssl + docker run -d --user=100001 ${run_args} --cidfile=${cid_file} ${IMAGE_NAME}-test-self-signed-ssl + test_connection ${test_port_ssl} https + check_result $? + echo | openssl s_client -showcerts -servername $(container_ip) -connect $(container_ip):${test_port_ssl} 2>/dev/null | openssl x509 -inform pem -noout -text >./servercert + openssl x509 -in ${test_dir}/self-signed-ssl/httpd-ssl/certs/server-cert-selfsigned.pem -inform pem -noout -text >./configcert + diff ./configcert ./servercert >cert.diff +} + cid_file=$(mktemp -u --suffix=.cid) # Since we built the candidate image locally, we don't want S2I attempt to pull @@ -188,6 +213,11 @@ test_application # Test application with random uid CONTAINER_ARGS="-u 12345" test_application + +cleanup + +test_ssl_own_cert +check_result $? cleanup info "All tests finished successfully." diff --git a/7.0/README.md b/7.0/README.md index 26a3bb295..b1eb7c5a0 100644 --- a/7.0/README.md +++ b/7.0/README.md @@ -153,6 +153,21 @@ After you [Docker exec](http://docker.io) into the running container, your curre to `/opt/app-root/src`, where the source code is located. +Extending image +--------------- +Not only content, but also startup scripts and configuration of the image can +be extended using [source-to-image](https://github.com/openshift/source-to-image). + +The structure of the application can look like this: + +| Folder name | Description | +|-------------------|----------------------------| +| `./httpd-cfg` | Can contain additional Apache configuration files (`*.conf`)| +| `./httpd-pre-init`| Can contain shell scripts (`*.sh`) that are sourced before `httpd` is started| +| `./httpd-ssl` | Can contain own SSL certificate (in `certs/` subdirectory) and key (in `private/` subdirectory)| +| `./` | Application source code | + + See also -------- Dockerfile and other sources are available on https://github.com/sclorg/s2i-php-container. diff --git a/7.0/root/opt/app-root/etc/conf.d/00-documentroot.conf.template b/7.0/root/opt/app-root/etc/conf.d/00-documentroot.conf.template deleted file mode 100644 index bd3600f09..000000000 --- a/7.0/root/opt/app-root/etc/conf.d/00-documentroot.conf.template +++ /dev/null @@ -1 +0,0 @@ -DocumentRoot "/opt/app-root/src${DOCUMENTROOT}" diff --git a/7.0/root/opt/app-root/etc/conf.d/50-mpm-tuning.conf.template b/7.0/root/opt/app-root/etc/conf.d/50-mpm-tuning.conf.template deleted file mode 100644 index f109ba30f..000000000 --- a/7.0/root/opt/app-root/etc/conf.d/50-mpm-tuning.conf.template +++ /dev/null @@ -1,12 +0,0 @@ - - # This value should mirror what is set in MinSpareServers. - StartServers ${HTTPD_START_SERVERS} - MinSpareServers ${HTTPD_START_SERVERS} - MaxSpareServers ${HTTPD_MAX_SPARE_SERVERS} - # The MaxRequestWorkers directive sets the limit on the number of simultaneous requests that will be served. - # The default value, when no Cgroup limits are set is 256. - MaxRequestWorkers ${HTTPD_MAX_REQUEST_WORKERS} - ServerLimit ${HTTPD_MAX_REQUEST_WORKERS} - MaxRequestsPerChild 4000 - MaxKeepAliveRequests 100 - diff --git a/7.0/root/opt/app-root/etc/httpdconf.sed b/7.0/root/opt/app-root/etc/httpdconf.sed deleted file mode 100644 index d97059ea9..000000000 --- a/7.0/root/opt/app-root/etc/httpdconf.sed +++ /dev/null @@ -1,9 +0,0 @@ -s/^Listen 80/Listen 0.0.0.0:8080/ -s/^User apache/User default/ -s/^Group apache/Group root/ -s%^DocumentRoot "/opt/rh/httpd24/root/var/www/html"%#DocumentRoot "/opt/app-root/src"% -s%^ Installing application source..." mv /tmp/src/* ./ @@ -46,5 +48,9 @@ if [ -f composer.json ]; then fi fi +# post-assemble files +process_extending_files ./php-post-assemble/ ${PHP_CONTAINER_SCRIPTS_PATH}/post-assemble/ + # Fix source directory permissions fix-permissions ./ +fix-permissions ${HTTPD_CONFIGURATION_PATH} diff --git a/7.0/s2i/bin/run b/7.0/s2i/bin/run index a53e1f784..e59b34458 100755 --- a/7.0/s2i/bin/run +++ b/7.0/s2i/bin/run @@ -1,5 +1,7 @@ #!/bin/bash +source ${PHP_CONTAINER_SCRIPTS_PATH}/common.sh + export_vars=$(cgroup-limits); export $export_vars export DOCUMENTROOT=${DOCUMENTROOT:-/} @@ -10,7 +12,7 @@ export DISPLAY_ERRORS=${DISPLAY_ERRORS:-ON} export DISPLAY_STARTUP_ERRORS=${DISPLAY_STARTUP_ERRORS:-OFF} export TRACK_ERRORS=${TRACK_ERRORS:-OFF} export HTML_ERRORS=${HTML_ERRORS:-ON} -export INCLUDE_PATH=${INCLUDE_PATH:-.:/opt/app-root/src:/opt/rh/rh-php70/root/usr/share/pear} +export INCLUDE_PATH=${INCLUDE_PATH:-.:/opt/app-root/src:${PHP_DEFAULT_INCLUDE_PATH}} export SESSION_PATH=${SESSION_PATH:-/tmp/sessions} export SHORT_OPEN_TAG=${SHORT_OPEN_TAG:-OFF} # TODO should be dynamically calculated based on container memory limit/16 @@ -42,7 +44,7 @@ else echo "-> Cgroups memory limit is set, using HTTPD_MAX_REQUEST_WORKERS=${HTTPD_MAX_REQUEST_WORKERS}" fi -envsubst < /opt/app-root/etc/conf.d/50-mpm-tuning.conf.template > /opt/app-root/etc/conf.d/50-mpm-tuning.conf -envsubst < /opt/app-root/etc/conf.d/00-documentroot.conf.template > /opt/app-root/etc/conf.d/00-documentroot.conf +# pre-start files +process_extending_files ${APP_DATA}/php-pre-start/ ${PHP_CONTAINER_SCRIPTS_PATH}/pre-start/ exec httpd -D FOREGROUND diff --git a/7.0/test/run b/7.0/test/run index 37c6ece07..e9d575b3c 100755 --- a/7.0/test/run +++ b/7.0/test/run @@ -14,6 +14,7 @@ image_dir=$(readlink -zf ${test_dir}/..) # TODO: This should be part of the image metadata test_port=8080 +test_port_ssl=8443 info() { echo -e "\n\e[1m[INFO] $@...\e[0m\n" @@ -129,14 +130,16 @@ test_scl_usage() { } test_connection() { + local check_port=$1 ; shift + local check_protocol=${1:-http} cat $cid_file - info "Testing the HTTP connection (http://$(container_ip):${test_port})" + info "Testing the HTTP connection (${check_protocol}://$(container_ip):${check_port})" local max_attempts=10 local sleep_time=1 local attempt=1 local result=1 while [ $attempt -le $max_attempts ]; do - response_code=$(curl -s -w %{http_code} -o /dev/null http://$(container_ip):${test_port}/) + response_code=$(curl -s -w %{http_code} -o /dev/null -k ${check_protocol}://$(container_ip):${check_port}/) status=$? if [ $status -eq 0 ]; then if [ $response_code -eq 200 ]; then @@ -160,11 +163,33 @@ test_application() { test_scl_usage "php --version" "7.0" check_result $? - test_connection + test_connection ${test_port} + check_result $? + test_connection ${test_port_ssl} https check_result $? cleanup_test_app } +test_ssl() { + source ${image_dir}/common/test-lib.sh + local cert_dir=/tmp + local cert_base=mycert + ct_gen_self_signed_cert_pem ${cert_dir} ${cert_base} + local private_key=${cert_dir}/${cert_base}-cert-selfsigned.pem + local cert_file=${cert_dir}/${cert_base}-key.pem + +} + +test_ssl_own_cert() { + s2i build ${s2i_args} file://${test_dir}/self-signed-ssl ${IMAGE_NAME} ${IMAGE_NAME}-test-self-signed-ssl + docker run -d --user=100001 ${run_args} --cidfile=${cid_file} ${IMAGE_NAME}-test-self-signed-ssl + test_connection ${test_port_ssl} https + check_result $? + echo | openssl s_client -showcerts -servername $(container_ip) -connect $(container_ip):${test_port_ssl} 2>/dev/null | openssl x509 -inform pem -noout -text >./servercert + openssl x509 -in ${test_dir}/self-signed-ssl/httpd-ssl/certs/server-cert-selfsigned.pem -inform pem -noout -text >./configcert + diff ./configcert ./servercert >cert.diff +} + cid_file=$(mktemp -u --suffix=.cid) # Since we built the candidate image locally, we don't want S2I attempt to pull @@ -188,6 +213,11 @@ test_application # Test application with random uid CONTAINER_ARGS="-u 12345" test_application + +cleanup + +test_ssl_own_cert +check_result $? cleanup info "All tests finished successfully." From 1c23367a744a34da58cd74ea718e4f66dc979b01 Mon Sep 17 00:00:00 2001 From: Honza Horak Date: Mon, 4 Dec 2017 17:26:29 +0100 Subject: [PATCH 05/12] Some more variables replacement in 70 and 56 versions --- 5.6/Dockerfile | 1 + 5.6/Dockerfile.rhel7 | 1 + 5.6/root/opt/app-root/etc/scl_enable | 2 +- 5.6/s2i/bin/run | 8 ++++---- 7.0/Dockerfile | 1 + 7.0/Dockerfile.rhel7 | 1 + 7.0/root/opt/app-root/etc/scl_enable | 2 +- 7.0/s2i/bin/run | 8 ++++---- 7.1/Dockerfile | 1 + 7.1/Dockerfile.rhel7 | 1 + 7.1/root/opt/app-root/etc/scl_enable | 2 +- 7.1/root/usr/libexec/container-setup | 2 ++ 7.1/root/usr/share/container-scripts/php/common.sh | 2 +- 7.1/s2i/bin/run | 8 ++++---- 14 files changed, 24 insertions(+), 16 deletions(-) diff --git a/5.6/Dockerfile b/5.6/Dockerfile index 9ce1bb457..e6f5536c0 100644 --- a/5.6/Dockerfile +++ b/5.6/Dockerfile @@ -57,6 +57,7 @@ ENV PHP_CONTAINER_SCRIPTS_PATH=/usr/share/container-scripts/php/ \ APP_DATA=/opt/app-root/src \ PHP_DEFAULT_INCLUDE_PATH=/opt/rh/rh-php56/root/usr/share/pear \ PHP_SYSCONF_PATH=/etc/opt/rh/rh-php56 \ + PHP_HTTPD_CONF_FILE=rh-php56-php.conf \ HTTPD_CONFIGURATION_PATH=/opt/app-root/etc/conf.d \ HTTPD_MAIN_CONF_PATH=/etc/httpd/conf \ HTTPD_MAIN_CONF_D_PATH=/etc/httpd/conf.d \ diff --git a/5.6/Dockerfile.rhel7 b/5.6/Dockerfile.rhel7 index d33e9ef9b..f06098624 100644 --- a/5.6/Dockerfile.rhel7 +++ b/5.6/Dockerfile.rhel7 @@ -61,6 +61,7 @@ ENV PHP_CONTAINER_SCRIPTS_PATH=/usr/share/container-scripts/php/ \ APP_DATA=/opt/app-root/src \ PHP_DEFAULT_INCLUDE_PATH=/opt/rh/rh-php56/root/usr/share/pear \ PHP_SYSCONF_PATH=/etc/opt/rh/rh-php56 \ + PHP_HTTPD_CONF_FILE=rh-php56-php.conf \ HTTPD_CONFIGURATION_PATH=/opt/app-root/etc/conf.d \ HTTPD_MAIN_CONF_PATH=/etc/httpd/conf \ HTTPD_MAIN_CONF_D_PATH=/etc/httpd/conf.d \ diff --git a/5.6/root/opt/app-root/etc/scl_enable b/5.6/root/opt/app-root/etc/scl_enable index 93ba1bb6b..8aef0ee36 100644 --- a/5.6/root/opt/app-root/etc/scl_enable +++ b/5.6/root/opt/app-root/etc/scl_enable @@ -3,4 +3,4 @@ # # This will make scl collection binaries work out of box. unset BASH_ENV PROMPT_COMMAND ENV -source scl_source enable rh-php56 httpd24 rh-nodejs6 +source scl_source enable ${SCL_ENABLED} httpd24 rh-nodejs6 diff --git a/5.6/s2i/bin/run b/5.6/s2i/bin/run index ad61d0f66..a3a5d30ac 100755 --- a/5.6/s2i/bin/run +++ b/5.6/s2i/bin/run @@ -20,11 +20,11 @@ export OPCACHE_MEMORY_CONSUMPTION=${OPCACHE_MEMORY_CONSUMPTION:-128} export OPCACHE_REVALIDATE_FREQ=${OPCACHE_REVALIDATE_FREQ:-2} -export PHPRC=${PHPRC:-/etc/opt/rh/rh-php56/php.ini} -export PHP_INI_SCAN_DIR=${PHP_INI_SCAN_DIR:-/etc/opt/rh/rh-php56/php.d} +export PHPRC=${PHPRC:-${PHP_SYSCONF_PATH}/php.ini} +export PHP_INI_SCAN_DIR=${PHP_INI_SCAN_DIR:-${PHP_SYSCONF_PATH}/php.d} -envsubst < /opt/app-root/etc/php.ini.template > /etc/opt/rh/rh-php56/php.ini -envsubst < /opt/app-root/etc/php.d/10-opcache.ini.template > /etc/opt/rh/rh-php56/php.d/10-opcache.ini +envsubst < /opt/app-root/etc/php.ini.template > ${PHP_SYSCONF_PATH}/php.ini +envsubst < /opt/app-root/etc/php.d/10-opcache.ini.template > ${PHP_SYSCONF_PATH}/php.d/10-opcache.ini export HTTPD_START_SERVERS=${HTTPD_START_SERVERS:-8} export HTTPD_MAX_SPARE_SERVERS=$((HTTPD_START_SERVERS+10)) diff --git a/7.0/Dockerfile b/7.0/Dockerfile index 780e5851d..cea44a01a 100644 --- a/7.0/Dockerfile +++ b/7.0/Dockerfile @@ -57,6 +57,7 @@ ENV PHP_CONTAINER_SCRIPTS_PATH=/usr/share/container-scripts/php/ \ APP_DATA=/opt/app-root/src \ PHP_DEFAULT_INCLUDE_PATH=/opt/rh/rh-php70/root/usr/share/pear \ PHP_SYSCONF_PATH=/etc/opt/rh/rh-php70 \ + PHP_HTTPD_CONF_FILE=rh-php70-php.conf \ HTTPD_CONFIGURATION_PATH=/opt/app-root/etc/conf.d \ HTTPD_MAIN_CONF_PATH=/etc/httpd/conf \ HTTPD_MAIN_CONF_D_PATH=/etc/httpd/conf.d \ diff --git a/7.0/Dockerfile.rhel7 b/7.0/Dockerfile.rhel7 index f783fbfbc..65d3a1125 100644 --- a/7.0/Dockerfile.rhel7 +++ b/7.0/Dockerfile.rhel7 @@ -60,6 +60,7 @@ ENV PHP_CONTAINER_SCRIPTS_PATH=/usr/share/container-scripts/php/ \ APP_DATA=/opt/app-root/src \ PHP_DEFAULT_INCLUDE_PATH=/opt/rh/rh-php70/root/usr/share/pear \ PHP_SYSCONF_PATH=/etc/opt/rh/rh-php70 \ + PHP_HTTPD_CONF_FILE=rh-php70-php.conf \ HTTPD_CONFIGURATION_PATH=/opt/app-root/etc/conf.d \ HTTPD_MAIN_CONF_PATH=/etc/httpd/conf \ HTTPD_MAIN_CONF_D_PATH=/etc/httpd/conf.d \ diff --git a/7.0/root/opt/app-root/etc/scl_enable b/7.0/root/opt/app-root/etc/scl_enable index 03f5dbb5d..8aef0ee36 100644 --- a/7.0/root/opt/app-root/etc/scl_enable +++ b/7.0/root/opt/app-root/etc/scl_enable @@ -3,4 +3,4 @@ # # This will make scl collection binaries work out of box. unset BASH_ENV PROMPT_COMMAND ENV -source scl_source enable rh-php70 httpd24 rh-nodejs6 +source scl_source enable ${SCL_ENABLED} httpd24 rh-nodejs6 diff --git a/7.0/s2i/bin/run b/7.0/s2i/bin/run index e59b34458..a3a5d30ac 100755 --- a/7.0/s2i/bin/run +++ b/7.0/s2i/bin/run @@ -20,11 +20,11 @@ export OPCACHE_MEMORY_CONSUMPTION=${OPCACHE_MEMORY_CONSUMPTION:-128} export OPCACHE_REVALIDATE_FREQ=${OPCACHE_REVALIDATE_FREQ:-2} -export PHPRC=${PHPRC:-/etc/opt/rh/rh-php70/php.ini} -export PHP_INI_SCAN_DIR=${PHP_INI_SCAN_DIR:-/etc/opt/rh/rh-php70/php.d} +export PHPRC=${PHPRC:-${PHP_SYSCONF_PATH}/php.ini} +export PHP_INI_SCAN_DIR=${PHP_INI_SCAN_DIR:-${PHP_SYSCONF_PATH}/php.d} -envsubst < /opt/app-root/etc/php.ini.template > /etc/opt/rh/rh-php70/php.ini -envsubst < /opt/app-root/etc/php.d/10-opcache.ini.template > /etc/opt/rh/rh-php70/php.d/10-opcache.ini +envsubst < /opt/app-root/etc/php.ini.template > ${PHP_SYSCONF_PATH}/php.ini +envsubst < /opt/app-root/etc/php.d/10-opcache.ini.template > ${PHP_SYSCONF_PATH}/php.d/10-opcache.ini export HTTPD_START_SERVERS=${HTTPD_START_SERVERS:-8} export HTTPD_MAX_SPARE_SERVERS=$((HTTPD_START_SERVERS+10)) diff --git a/7.1/Dockerfile b/7.1/Dockerfile index cc6449d3e..caaf3eb85 100644 --- a/7.1/Dockerfile +++ b/7.1/Dockerfile @@ -56,6 +56,7 @@ ENV PHP_CONTAINER_SCRIPTS_PATH=/usr/share/container-scripts/php/ \ APP_DATA=/opt/app-root/src \ PHP_DEFAULT_INCLUDE_PATH=/opt/rh/rh-php71/root/usr/share/pear \ PHP_SYSCONF_PATH=/etc/opt/rh/rh-php71 \ + PHP_HTTPD_CONF_FILE=rh-php71-php.conf \ HTTPD_CONFIGURATION_PATH=/opt/app-root/etc/conf.d \ HTTPD_MAIN_CONF_PATH=/etc/httpd/conf \ HTTPD_MAIN_CONF_D_PATH=/etc/httpd/conf.d \ diff --git a/7.1/Dockerfile.rhel7 b/7.1/Dockerfile.rhel7 index a83fb6b9f..9926c043b 100644 --- a/7.1/Dockerfile.rhel7 +++ b/7.1/Dockerfile.rhel7 @@ -59,6 +59,7 @@ ENV PHP_CONTAINER_SCRIPTS_PATH=/usr/share/container-scripts/php/ \ APP_DATA=/opt/app-root/src \ PHP_DEFAULT_INCLUDE_PATH=/opt/rh/rh-php71/root/usr/share/pear \ PHP_SYSCONF_PATH=/etc/opt/rh/rh-php71 \ + PHP_HTTPD_CONF_FILE=rh-php71-php.conf \ HTTPD_CONFIGURATION_PATH=/opt/app-root/etc/conf.d \ HTTPD_MAIN_CONF_PATH=/etc/httpd/conf \ HTTPD_MAIN_CONF_D_PATH=/etc/httpd/conf.d \ diff --git a/7.1/root/opt/app-root/etc/scl_enable b/7.1/root/opt/app-root/etc/scl_enable index f364b11e1..8aef0ee36 100644 --- a/7.1/root/opt/app-root/etc/scl_enable +++ b/7.1/root/opt/app-root/etc/scl_enable @@ -3,4 +3,4 @@ # # This will make scl collection binaries work out of box. unset BASH_ENV PROMPT_COMMAND ENV -source scl_source enable rh-php71 httpd24 rh-nodejs6 +source scl_source enable ${SCL_ENABLED} httpd24 rh-nodejs6 diff --git a/7.1/root/usr/libexec/container-setup b/7.1/root/usr/libexec/container-setup index 1a6d7ed7b..59ac23e78 100755 --- a/7.1/root/usr/libexec/container-setup +++ b/7.1/root/usr/libexec/container-setup @@ -22,6 +22,8 @@ if [ -v SCL_ENABLED ] ; then rm -rf /var/www mv ${HTTPD_DATA_ORIG_PATH} /var/www ln -s /var/www ${HTTPD_DATA_ORIG_PATH} +else + rm -f /opt/app-root/etc/scl_enable fi mkdir -p ${HTTPD_CONFIGURATION_PATH} diff --git a/7.1/root/usr/share/container-scripts/php/common.sh b/7.1/root/usr/share/container-scripts/php/common.sh index d9f345751..f47d8b11d 100644 --- a/7.1/root/usr/share/container-scripts/php/common.sh +++ b/7.1/root/usr/share/container-scripts/php/common.sh @@ -21,7 +21,7 @@ config_ssl_conf() { config_general() { config_httpd_conf config_ssl_conf - sed -i '/php_value session.save_path/d' ${HTTPD_MAIN_CONF_D_PATH}/rh-php71-php.conf + sed -i '/php_value session.save_path/d' ${HTTPD_MAIN_CONF_D_PATH}/${PHP_HTTPD_CONF_FILE} head -n151 ${HTTPD_MAIN_CONF_PATH}/httpd.conf | tail -n1 | grep "AllowOverride All" || exit 1 echo "IncludeOptional ${APP_ROOT}/etc/conf.d/*.conf" >> ${HTTPD_MAIN_CONF_PATH}/httpd.conf } diff --git a/7.1/s2i/bin/run b/7.1/s2i/bin/run index 1d723cf42..a3a5d30ac 100755 --- a/7.1/s2i/bin/run +++ b/7.1/s2i/bin/run @@ -20,11 +20,11 @@ export OPCACHE_MEMORY_CONSUMPTION=${OPCACHE_MEMORY_CONSUMPTION:-128} export OPCACHE_REVALIDATE_FREQ=${OPCACHE_REVALIDATE_FREQ:-2} -export PHPRC=${PHPRC:-/etc/opt/rh/rh-php71/php.ini} -export PHP_INI_SCAN_DIR=${PHP_INI_SCAN_DIR:-/etc/opt/rh/rh-php71/php.d} +export PHPRC=${PHPRC:-${PHP_SYSCONF_PATH}/php.ini} +export PHP_INI_SCAN_DIR=${PHP_INI_SCAN_DIR:-${PHP_SYSCONF_PATH}/php.d} -envsubst < /opt/app-root/etc/php.ini.template > /etc/opt/rh/rh-php71/php.ini -envsubst < /opt/app-root/etc/php.d/10-opcache.ini.template > /etc/opt/rh/rh-php71/php.d/10-opcache.ini +envsubst < /opt/app-root/etc/php.ini.template > ${PHP_SYSCONF_PATH}/php.ini +envsubst < /opt/app-root/etc/php.d/10-opcache.ini.template > ${PHP_SYSCONF_PATH}/php.d/10-opcache.ini export HTTPD_START_SERVERS=${HTTPD_START_SERVERS:-8} export HTTPD_MAX_SPARE_SERVERS=$((HTTPD_START_SERVERS+10)) From f9cca09ef4ec20e9008db7e0a3b221018e6327fa Mon Sep 17 00:00:00 2001 From: Honza Horak Date: Mon, 4 Dec 2017 17:28:07 +0100 Subject: [PATCH 06/12] Add symlink to common example --- 5.6/test/self-signed-ssl | 1 + 7.0/test/self-signed-ssl | 1 + 2 files changed, 2 insertions(+) create mode 120000 5.6/test/self-signed-ssl create mode 120000 7.0/test/self-signed-ssl diff --git a/5.6/test/self-signed-ssl b/5.6/test/self-signed-ssl new file mode 120000 index 000000000..1c1fd1874 --- /dev/null +++ b/5.6/test/self-signed-ssl @@ -0,0 +1 @@ +../../examples/self-signed-ssl/ \ No newline at end of file diff --git a/7.0/test/self-signed-ssl b/7.0/test/self-signed-ssl new file mode 120000 index 000000000..1c1fd1874 --- /dev/null +++ b/7.0/test/self-signed-ssl @@ -0,0 +1 @@ +../../examples/self-signed-ssl/ \ No newline at end of file From 727d24aefd5034ab8bbe919e8ae6e64915a2be4d Mon Sep 17 00:00:00 2001 From: Honza Horak Date: Mon, 4 Dec 2017 17:48:15 +0100 Subject: [PATCH 07/12] Add Fedora Dockerfile --- 7.1/Dockerfile.fedora | 73 +++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 73 insertions(+) create mode 100644 7.1/Dockerfile.fedora diff --git a/7.1/Dockerfile.fedora b/7.1/Dockerfile.fedora new file mode 100644 index 000000000..d38c237be --- /dev/null +++ b/7.1/Dockerfile.fedora @@ -0,0 +1,73 @@ +FROM registry.fedoraproject.org/f26/s2i-base:latest + +# This image provides an Apache+PHP environment for running PHP +# applications. + +EXPOSE 8080 +EXPOSE 8443 + +ENV PHP_VERSION=7.1 \ + PATH=$PATH:/usr/bin + +ENV SUMMARY="Platform for building and running PHP $PHP_VERSION applications" \ + DESCRIPTION="PHP $PHP_VERSION available as docker container is a base platform for \ +building and running various PHP $PHP_VERSION applications and frameworks. \ +PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers \ +to write dynamically generated web pages. PHP also offers built-in database integration \ +for several commercial and non-commercial database management systems, so writing \ +a database-enabled webpage with PHP is fairly simple. The most common use of PHP coding \ +is probably as a replacement for CGI scripts." + +ENV NAME=php \ + VERSION=0 \ + RELEASE=1 \ + ARCH=x86_64 + +LABEL summary="$SUMMARY" \ + description="$DESCRIPTION" \ + io.k8s.description="$DESCRIPTION" \ + io.k8s.display-name="Apache 2.4 with PHP 7.1" \ + io.openshift.expose-services="8080:http" \ + io.openshift.tags="builder,php,php71,rh-php71" \ + name="$FGC/$NAME" \ + com.redhat.component="$NAME" \ + version="$VERSION" \ + release="$RELEASE" \ + maintainer="SoftwareCollections.org " + +# Install Apache httpd and PHP +RUN INSTALL_PKGS="php php-mysqlnd php-bcmath \ + php-gd php-intl php-ldap php-mbstring php-pdo \ + php-process php-soap php-opcache php-xml \ + php-gmp php-pecl-apcu mod_ssl" && \ + yum install -y --setopt=tsflags=nodocs $INSTALL_PKGS --nogpgcheck && \ + rpm -V $INSTALL_PKGS && \ + yum clean all -y + +ENV PHP_CONTAINER_SCRIPTS_PATH=/usr/share/container-scripts/php/ \ + APP_ROOT=/opt/app-root \ + APP_DATA=/opt/app-root/src \ + PHP_DEFAULT_INCLUDE_PATH=/usr/share/pear \ + PHP_SYSCONF_PATH=/etc/ \ + PHP_HTTPD_CONF_FILE=php.conf \ + HTTPD_CONFIGURATION_PATH=/opt/app-root/etc/conf.d \ + HTTPD_MAIN_CONF_PATH=/etc/httpd/conf \ + HTTPD_MAIN_CONF_D_PATH=/etc/httpd/conf.d \ + HTTPD_VAR_RUN=/var/run/httpd \ + HTTPD_DATA_PATH=/var/www \ + HTTPD_DATA_ORIG_PATH=/var/www \ + HTTPD_VAR_PATH=/var + +# Copy the S2I scripts from the specific language image to $STI_SCRIPTS_PATH +COPY ./s2i/bin/ $STI_SCRIPTS_PATH + +# Copy extra files to the image. +COPY ./root/ / + +# Reset permissions of filesystem to default values +RUN /usr/libexec/container-setup && rpm-file-permissions + +USER 1001 + +# Set the default CMD to print the usage of the language image +CMD $STI_SCRIPTS_PATH/usage From d049eea048f6a04cedf64739e6474f928d4e1597 Mon Sep 17 00:00:00 2001 From: Honza Horak Date: Mon, 4 Dec 2017 17:49:32 +0100 Subject: [PATCH 08/12] Include the same changes in 70 and 56 versions --- 5.6/root/usr/libexec/container-setup | 48 +++++++ .../usr/share/container-scripts/php/common.sh | 134 ++++++++++++++++++ .../php/httpd-cnf/00-documentroot.conf | 1 + .../php/httpd-cnf/50-mpm-tuning.conf | 12 ++ .../php/post-assemble/20-copy-config.sh | 6 + .../php/post-assemble/40-ssl-certs.sh | 4 + .../php/pre-start/20-copy-config.sh | 6 + .../php/pre-start/40-ssl-certs.sh | 4 + 7.0/root/usr/libexec/container-setup | 48 +++++++ .../usr/share/container-scripts/php/common.sh | 134 ++++++++++++++++++ .../php/httpd-cnf/00-documentroot.conf | 1 + .../php/httpd-cnf/50-mpm-tuning.conf | 12 ++ .../php/post-assemble/20-copy-config.sh | 6 + .../php/post-assemble/40-ssl-certs.sh | 4 + .../php/pre-start/20-copy-config.sh | 6 + .../php/pre-start/40-ssl-certs.sh | 4 + 16 files changed, 430 insertions(+) create mode 100755 5.6/root/usr/libexec/container-setup create mode 100644 5.6/root/usr/share/container-scripts/php/common.sh create mode 100644 5.6/root/usr/share/container-scripts/php/httpd-cnf/00-documentroot.conf create mode 100644 5.6/root/usr/share/container-scripts/php/httpd-cnf/50-mpm-tuning.conf create mode 100644 5.6/root/usr/share/container-scripts/php/post-assemble/20-copy-config.sh create mode 100644 5.6/root/usr/share/container-scripts/php/post-assemble/40-ssl-certs.sh create mode 100644 5.6/root/usr/share/container-scripts/php/pre-start/20-copy-config.sh create mode 100644 5.6/root/usr/share/container-scripts/php/pre-start/40-ssl-certs.sh create mode 100755 7.0/root/usr/libexec/container-setup create mode 100644 7.0/root/usr/share/container-scripts/php/common.sh create mode 100644 7.0/root/usr/share/container-scripts/php/httpd-cnf/00-documentroot.conf create mode 100644 7.0/root/usr/share/container-scripts/php/httpd-cnf/50-mpm-tuning.conf create mode 100644 7.0/root/usr/share/container-scripts/php/post-assemble/20-copy-config.sh create mode 100644 7.0/root/usr/share/container-scripts/php/post-assemble/40-ssl-certs.sh create mode 100644 7.0/root/usr/share/container-scripts/php/pre-start/20-copy-config.sh create mode 100644 7.0/root/usr/share/container-scripts/php/pre-start/40-ssl-certs.sh diff --git a/5.6/root/usr/libexec/container-setup b/5.6/root/usr/libexec/container-setup new file mode 100755 index 000000000..59ac23e78 --- /dev/null +++ b/5.6/root/usr/libexec/container-setup @@ -0,0 +1,48 @@ +#!/bin/bash + +set -e + +# In order to drop the root user, we have to make some directories world +# writeable as OpenShift default security model is to run the container under +# random UID. + +source ${PHP_CONTAINER_SCRIPTS_PATH}/common.sh + +# compatibility symlinks so we hide SCL paths +if [ -v SCL_ENABLED ] ; then + # /opt/rh/httpd24/root/etc/httpd will be symlink to /etc/httpd + mv /opt/rh/httpd24/root/etc/httpd /etc/httpd + ln -s /etc/httpd /opt/rh/httpd24/root/etc/httpd + + # /opt/rh/httpd24/root/var/run/httpd will be symlink to /var/run/httpd + mv /opt/rh/httpd24/root/var/run/httpd /var/run/httpd + ln -s /var/run/httpd /opt/rh/httpd24/root/var/run/httpd + + # /opt/rh/httpd24/root/var/www will be symlink to /var/www + rm -rf /var/www + mv ${HTTPD_DATA_ORIG_PATH} /var/www + ln -s /var/www ${HTTPD_DATA_ORIG_PATH} +else + rm -f /opt/app-root/etc/scl_enable +fi + +mkdir -p ${HTTPD_CONFIGURATION_PATH} +chmod -R a+rwx ${HTTPD_MAIN_CONF_PATH} +chmod -R a+rwx ${HTTPD_MAIN_CONF_D_PATH} +chmod -R ug+r /etc/pki/tls/certs/localhost.crt +chmod -R ug+r /etc/pki/tls/private/localhost.key +chown -R 1000:0 /etc/pki/tls/certs/localhost.crt +chown -R 1000:0 /etc/pki/tls/private/localhost.key +mkdir -p ${APP_ROOT}/etc +chmod -R a+rwx ${APP_ROOT}/etc +chmod -R a+rwx ${HTTPD_VAR_RUN} +chown -R 1001:0 ${APP_ROOT} +mkdir /tmp/sessions +chown -R 1000:0 /tmp/sessions +chown -R 1001:0 ${HTTPD_DATA_PATH} +chmod -R a+rwx ${PHP_SYSCONF_PATH} + +mkdir -p ${PHP_CONTAINER_SCRIPTS_PATH}/pre-init + +config_general + diff --git a/5.6/root/usr/share/container-scripts/php/common.sh b/5.6/root/usr/share/container-scripts/php/common.sh new file mode 100644 index 000000000..f47d8b11d --- /dev/null +++ b/5.6/root/usr/share/container-scripts/php/common.sh @@ -0,0 +1,134 @@ +config_httpd_conf() { + sed -i "s/^Listen 80/Listen 0.0.0.0:8080/" ${HTTPD_MAIN_CONF_PATH}/httpd.conf + sed -i "s/^User apache/User default/" ${HTTPD_MAIN_CONF_PATH}/httpd.conf + sed -i "s/^Group apache/Group root/" ${HTTPD_MAIN_CONF_PATH}/httpd.conf + sed -i "s%^DocumentRoot \"${HTTPD_DATA_ORIG_PATH}/html\"%#DocumentRoot \"${APP_DATA}\"%" ${HTTPD_MAIN_CONF_PATH}/httpd.conf + sed -i "s%^> ${HTTPD_MAIN_CONF_PATH}/httpd.conf +} + +function log_info { + echo "---> `date +%T` $@" +} + +function log_and_run { + log_info "Running $@" + "$@" +} + +function log_volume_info { + CONTAINER_DEBUG=${CONTAINER_DEBUG:-} + if [[ "${CONTAINER_DEBUG,,}" != "true" ]]; then + return + fi + + log_info "Volume info for $@:" + set +e + log_and_run mount + while [ $# -gt 0 ]; do + log_and_run ls -alZ $1 + shift + done + set -e +} + +# get_matched_files finds file for image extending +function get_matched_files() { + local custom_dir default_dir + custom_dir="$1" + default_dir="$2" + files_matched="$3" + find "$default_dir" -maxdepth 1 -type f -name "$files_matched" -printf "%f\n" + [ -d "$custom_dir" ] && find "$custom_dir" -maxdepth 1 -type f -name "$files_matched" -printf "%f\n" +} + +# process_extending_files process extending files in $1 and $2 directories +# - source all *.sh files +# (if there are files with same name source only file from $1) +function process_extending_files() { + local custom_dir default_dir + custom_dir=$1 + default_dir=$2 + + while read filename ; do + echo "=> sourcing $filename ..." + # Custom file is prefered + if [ -f $custom_dir/$filename ]; then + source $custom_dir/$filename + elif [ -f $default_dir/$filename ]; then + source $default_dir/$filename + fi + done <<<"$(get_matched_files "$custom_dir" "$default_dir" '*.sh' | sort -u)" +} + +# process extending config files in $1 and $2 directories +# - expand variables in *.conf and copy the files into /opt/app-root/etc/httpd.d directory +# (if there are files with same name source only file from $1) +function process_extending_config_files() { + local custom_dir default_dir + custom_dir=$1 + default_dir=$2 + + while read filename ; do + echo "=> sourcing $filename ..." + # Custom file is prefered + if [ -f $custom_dir/$filename ]; then + envsubst < $custom_dir/$filename > ${HTTPD_CONFIGURATION_PATH}/$filename + elif [ -f $default_dir/$filename ]; then + envsubst < $default_dir/$filename > ${HTTPD_CONFIGURATION_PATH}/$filename + fi + done <<<"$(get_matched_files "$custom_dir" "$default_dir" '*.conf' | sort -u)" +} + +# Copy config files from application to the location where httd expects them +# Param sets the directory where to look for files +# This function was taken from httpd container +process_config_files() { + local dir=${1:-.} + if [ -d ${dir}/httpd-cfg ]; then + echo "---> Copying httpd configuration files..." + if [ "$(ls -A ${dir}/httpd-cfg/*.conf)" ]; then + cp -v ${dir}/httpd-cfg/*.conf "${HTTPD_CONFIGURATION_PATH}"/ + rm -rf ${dir}/httpd-cfg + fi + fi +} + +# Copy SSL files provided in application source +# This function was taken from httpd container +process_ssl_certs() { + local dir=${1:-.} + if [ -d ${dir}/httpd-ssl/private ] && [ -d ${dir}/httpd-ssl/certs ]; then + echo "---> Looking for SSL certs for httpd..." + cp -r ${dir}/httpd-ssl ${APP_ROOT} + local ssl_cert="$(ls -A ${APP_ROOT}/httpd-ssl/certs/*.pem | head -n 1)" + local ssl_private="$(ls -A ${APP_ROOT}/httpd-ssl/private/*.pem | head -n 1)" + if [ -f "${ssl_cert}" ] && [ -f "${ssl_private}" ]; then + echo "---> Setting SSL certs for httpd..." + sed -i -e "s|^SSLCertificateFile .*$|SSLCertificateFile ${ssl_cert}|" ${HTTPD_MAIN_CONF_D_PATH}/ssl.conf + sed -i -e "s|^SSLCertificateKeyFile .*$|SSLCertificateKeyFile ${ssl_private}|" ${HTTPD_MAIN_CONF_D_PATH}/ssl.conf + fi + rm -rf ${dir}/httpd-ssl + fi +} + + diff --git a/5.6/root/usr/share/container-scripts/php/httpd-cnf/00-documentroot.conf b/5.6/root/usr/share/container-scripts/php/httpd-cnf/00-documentroot.conf new file mode 100644 index 000000000..bd3600f09 --- /dev/null +++ b/5.6/root/usr/share/container-scripts/php/httpd-cnf/00-documentroot.conf @@ -0,0 +1 @@ +DocumentRoot "/opt/app-root/src${DOCUMENTROOT}" diff --git a/5.6/root/usr/share/container-scripts/php/httpd-cnf/50-mpm-tuning.conf b/5.6/root/usr/share/container-scripts/php/httpd-cnf/50-mpm-tuning.conf new file mode 100644 index 000000000..f109ba30f --- /dev/null +++ b/5.6/root/usr/share/container-scripts/php/httpd-cnf/50-mpm-tuning.conf @@ -0,0 +1,12 @@ + + # This value should mirror what is set in MinSpareServers. + StartServers ${HTTPD_START_SERVERS} + MinSpareServers ${HTTPD_START_SERVERS} + MaxSpareServers ${HTTPD_MAX_SPARE_SERVERS} + # The MaxRequestWorkers directive sets the limit on the number of simultaneous requests that will be served. + # The default value, when no Cgroup limits are set is 256. + MaxRequestWorkers ${HTTPD_MAX_REQUEST_WORKERS} + ServerLimit ${HTTPD_MAX_REQUEST_WORKERS} + MaxRequestsPerChild 4000 + MaxKeepAliveRequests 100 + diff --git a/5.6/root/usr/share/container-scripts/php/post-assemble/20-copy-config.sh b/5.6/root/usr/share/container-scripts/php/post-assemble/20-copy-config.sh new file mode 100644 index 000000000..cd6a356af --- /dev/null +++ b/5.6/root/usr/share/container-scripts/php/post-assemble/20-copy-config.sh @@ -0,0 +1,6 @@ +# additional arbitrary httpd configuration provided by user using s2i + +log_info 'Processing additional arbitrary httpd configuration provided by s2i ...' + +process_extending_config_files ${APP_DATA}/httpd-cfg/ ${PHP_CONTAINER_SCRIPTS_PATH}/httpd-cnf/ + diff --git a/5.6/root/usr/share/container-scripts/php/post-assemble/40-ssl-certs.sh b/5.6/root/usr/share/container-scripts/php/post-assemble/40-ssl-certs.sh new file mode 100644 index 000000000..a003826a2 --- /dev/null +++ b/5.6/root/usr/share/container-scripts/php/post-assemble/40-ssl-certs.sh @@ -0,0 +1,4 @@ +source ${PHP_CONTAINER_SCRIPTS_PATH}/common.sh + +# Copy SSL files provided in application source +process_ssl_certs diff --git a/5.6/root/usr/share/container-scripts/php/pre-start/20-copy-config.sh b/5.6/root/usr/share/container-scripts/php/pre-start/20-copy-config.sh new file mode 100644 index 000000000..cd6a356af --- /dev/null +++ b/5.6/root/usr/share/container-scripts/php/pre-start/20-copy-config.sh @@ -0,0 +1,6 @@ +# additional arbitrary httpd configuration provided by user using s2i + +log_info 'Processing additional arbitrary httpd configuration provided by s2i ...' + +process_extending_config_files ${APP_DATA}/httpd-cfg/ ${PHP_CONTAINER_SCRIPTS_PATH}/httpd-cnf/ + diff --git a/5.6/root/usr/share/container-scripts/php/pre-start/40-ssl-certs.sh b/5.6/root/usr/share/container-scripts/php/pre-start/40-ssl-certs.sh new file mode 100644 index 000000000..541bbce40 --- /dev/null +++ b/5.6/root/usr/share/container-scripts/php/pre-start/40-ssl-certs.sh @@ -0,0 +1,4 @@ +source ${PHP_CONTAINER_SCRIPTS_PATH}/common.sh + +# Copy SSL files provided in application source +process_ssl_certs ${APP_ROOT}/src diff --git a/7.0/root/usr/libexec/container-setup b/7.0/root/usr/libexec/container-setup new file mode 100755 index 000000000..59ac23e78 --- /dev/null +++ b/7.0/root/usr/libexec/container-setup @@ -0,0 +1,48 @@ +#!/bin/bash + +set -e + +# In order to drop the root user, we have to make some directories world +# writeable as OpenShift default security model is to run the container under +# random UID. + +source ${PHP_CONTAINER_SCRIPTS_PATH}/common.sh + +# compatibility symlinks so we hide SCL paths +if [ -v SCL_ENABLED ] ; then + # /opt/rh/httpd24/root/etc/httpd will be symlink to /etc/httpd + mv /opt/rh/httpd24/root/etc/httpd /etc/httpd + ln -s /etc/httpd /opt/rh/httpd24/root/etc/httpd + + # /opt/rh/httpd24/root/var/run/httpd will be symlink to /var/run/httpd + mv /opt/rh/httpd24/root/var/run/httpd /var/run/httpd + ln -s /var/run/httpd /opt/rh/httpd24/root/var/run/httpd + + # /opt/rh/httpd24/root/var/www will be symlink to /var/www + rm -rf /var/www + mv ${HTTPD_DATA_ORIG_PATH} /var/www + ln -s /var/www ${HTTPD_DATA_ORIG_PATH} +else + rm -f /opt/app-root/etc/scl_enable +fi + +mkdir -p ${HTTPD_CONFIGURATION_PATH} +chmod -R a+rwx ${HTTPD_MAIN_CONF_PATH} +chmod -R a+rwx ${HTTPD_MAIN_CONF_D_PATH} +chmod -R ug+r /etc/pki/tls/certs/localhost.crt +chmod -R ug+r /etc/pki/tls/private/localhost.key +chown -R 1000:0 /etc/pki/tls/certs/localhost.crt +chown -R 1000:0 /etc/pki/tls/private/localhost.key +mkdir -p ${APP_ROOT}/etc +chmod -R a+rwx ${APP_ROOT}/etc +chmod -R a+rwx ${HTTPD_VAR_RUN} +chown -R 1001:0 ${APP_ROOT} +mkdir /tmp/sessions +chown -R 1000:0 /tmp/sessions +chown -R 1001:0 ${HTTPD_DATA_PATH} +chmod -R a+rwx ${PHP_SYSCONF_PATH} + +mkdir -p ${PHP_CONTAINER_SCRIPTS_PATH}/pre-init + +config_general + diff --git a/7.0/root/usr/share/container-scripts/php/common.sh b/7.0/root/usr/share/container-scripts/php/common.sh new file mode 100644 index 000000000..f47d8b11d --- /dev/null +++ b/7.0/root/usr/share/container-scripts/php/common.sh @@ -0,0 +1,134 @@ +config_httpd_conf() { + sed -i "s/^Listen 80/Listen 0.0.0.0:8080/" ${HTTPD_MAIN_CONF_PATH}/httpd.conf + sed -i "s/^User apache/User default/" ${HTTPD_MAIN_CONF_PATH}/httpd.conf + sed -i "s/^Group apache/Group root/" ${HTTPD_MAIN_CONF_PATH}/httpd.conf + sed -i "s%^DocumentRoot \"${HTTPD_DATA_ORIG_PATH}/html\"%#DocumentRoot \"${APP_DATA}\"%" ${HTTPD_MAIN_CONF_PATH}/httpd.conf + sed -i "s%^> ${HTTPD_MAIN_CONF_PATH}/httpd.conf +} + +function log_info { + echo "---> `date +%T` $@" +} + +function log_and_run { + log_info "Running $@" + "$@" +} + +function log_volume_info { + CONTAINER_DEBUG=${CONTAINER_DEBUG:-} + if [[ "${CONTAINER_DEBUG,,}" != "true" ]]; then + return + fi + + log_info "Volume info for $@:" + set +e + log_and_run mount + while [ $# -gt 0 ]; do + log_and_run ls -alZ $1 + shift + done + set -e +} + +# get_matched_files finds file for image extending +function get_matched_files() { + local custom_dir default_dir + custom_dir="$1" + default_dir="$2" + files_matched="$3" + find "$default_dir" -maxdepth 1 -type f -name "$files_matched" -printf "%f\n" + [ -d "$custom_dir" ] && find "$custom_dir" -maxdepth 1 -type f -name "$files_matched" -printf "%f\n" +} + +# process_extending_files process extending files in $1 and $2 directories +# - source all *.sh files +# (if there are files with same name source only file from $1) +function process_extending_files() { + local custom_dir default_dir + custom_dir=$1 + default_dir=$2 + + while read filename ; do + echo "=> sourcing $filename ..." + # Custom file is prefered + if [ -f $custom_dir/$filename ]; then + source $custom_dir/$filename + elif [ -f $default_dir/$filename ]; then + source $default_dir/$filename + fi + done <<<"$(get_matched_files "$custom_dir" "$default_dir" '*.sh' | sort -u)" +} + +# process extending config files in $1 and $2 directories +# - expand variables in *.conf and copy the files into /opt/app-root/etc/httpd.d directory +# (if there are files with same name source only file from $1) +function process_extending_config_files() { + local custom_dir default_dir + custom_dir=$1 + default_dir=$2 + + while read filename ; do + echo "=> sourcing $filename ..." + # Custom file is prefered + if [ -f $custom_dir/$filename ]; then + envsubst < $custom_dir/$filename > ${HTTPD_CONFIGURATION_PATH}/$filename + elif [ -f $default_dir/$filename ]; then + envsubst < $default_dir/$filename > ${HTTPD_CONFIGURATION_PATH}/$filename + fi + done <<<"$(get_matched_files "$custom_dir" "$default_dir" '*.conf' | sort -u)" +} + +# Copy config files from application to the location where httd expects them +# Param sets the directory where to look for files +# This function was taken from httpd container +process_config_files() { + local dir=${1:-.} + if [ -d ${dir}/httpd-cfg ]; then + echo "---> Copying httpd configuration files..." + if [ "$(ls -A ${dir}/httpd-cfg/*.conf)" ]; then + cp -v ${dir}/httpd-cfg/*.conf "${HTTPD_CONFIGURATION_PATH}"/ + rm -rf ${dir}/httpd-cfg + fi + fi +} + +# Copy SSL files provided in application source +# This function was taken from httpd container +process_ssl_certs() { + local dir=${1:-.} + if [ -d ${dir}/httpd-ssl/private ] && [ -d ${dir}/httpd-ssl/certs ]; then + echo "---> Looking for SSL certs for httpd..." + cp -r ${dir}/httpd-ssl ${APP_ROOT} + local ssl_cert="$(ls -A ${APP_ROOT}/httpd-ssl/certs/*.pem | head -n 1)" + local ssl_private="$(ls -A ${APP_ROOT}/httpd-ssl/private/*.pem | head -n 1)" + if [ -f "${ssl_cert}" ] && [ -f "${ssl_private}" ]; then + echo "---> Setting SSL certs for httpd..." + sed -i -e "s|^SSLCertificateFile .*$|SSLCertificateFile ${ssl_cert}|" ${HTTPD_MAIN_CONF_D_PATH}/ssl.conf + sed -i -e "s|^SSLCertificateKeyFile .*$|SSLCertificateKeyFile ${ssl_private}|" ${HTTPD_MAIN_CONF_D_PATH}/ssl.conf + fi + rm -rf ${dir}/httpd-ssl + fi +} + + diff --git a/7.0/root/usr/share/container-scripts/php/httpd-cnf/00-documentroot.conf b/7.0/root/usr/share/container-scripts/php/httpd-cnf/00-documentroot.conf new file mode 100644 index 000000000..bd3600f09 --- /dev/null +++ b/7.0/root/usr/share/container-scripts/php/httpd-cnf/00-documentroot.conf @@ -0,0 +1 @@ +DocumentRoot "/opt/app-root/src${DOCUMENTROOT}" diff --git a/7.0/root/usr/share/container-scripts/php/httpd-cnf/50-mpm-tuning.conf b/7.0/root/usr/share/container-scripts/php/httpd-cnf/50-mpm-tuning.conf new file mode 100644 index 000000000..f109ba30f --- /dev/null +++ b/7.0/root/usr/share/container-scripts/php/httpd-cnf/50-mpm-tuning.conf @@ -0,0 +1,12 @@ + + # This value should mirror what is set in MinSpareServers. + StartServers ${HTTPD_START_SERVERS} + MinSpareServers ${HTTPD_START_SERVERS} + MaxSpareServers ${HTTPD_MAX_SPARE_SERVERS} + # The MaxRequestWorkers directive sets the limit on the number of simultaneous requests that will be served. + # The default value, when no Cgroup limits are set is 256. + MaxRequestWorkers ${HTTPD_MAX_REQUEST_WORKERS} + ServerLimit ${HTTPD_MAX_REQUEST_WORKERS} + MaxRequestsPerChild 4000 + MaxKeepAliveRequests 100 + diff --git a/7.0/root/usr/share/container-scripts/php/post-assemble/20-copy-config.sh b/7.0/root/usr/share/container-scripts/php/post-assemble/20-copy-config.sh new file mode 100644 index 000000000..cd6a356af --- /dev/null +++ b/7.0/root/usr/share/container-scripts/php/post-assemble/20-copy-config.sh @@ -0,0 +1,6 @@ +# additional arbitrary httpd configuration provided by user using s2i + +log_info 'Processing additional arbitrary httpd configuration provided by s2i ...' + +process_extending_config_files ${APP_DATA}/httpd-cfg/ ${PHP_CONTAINER_SCRIPTS_PATH}/httpd-cnf/ + diff --git a/7.0/root/usr/share/container-scripts/php/post-assemble/40-ssl-certs.sh b/7.0/root/usr/share/container-scripts/php/post-assemble/40-ssl-certs.sh new file mode 100644 index 000000000..a003826a2 --- /dev/null +++ b/7.0/root/usr/share/container-scripts/php/post-assemble/40-ssl-certs.sh @@ -0,0 +1,4 @@ +source ${PHP_CONTAINER_SCRIPTS_PATH}/common.sh + +# Copy SSL files provided in application source +process_ssl_certs diff --git a/7.0/root/usr/share/container-scripts/php/pre-start/20-copy-config.sh b/7.0/root/usr/share/container-scripts/php/pre-start/20-copy-config.sh new file mode 100644 index 000000000..cd6a356af --- /dev/null +++ b/7.0/root/usr/share/container-scripts/php/pre-start/20-copy-config.sh @@ -0,0 +1,6 @@ +# additional arbitrary httpd configuration provided by user using s2i + +log_info 'Processing additional arbitrary httpd configuration provided by s2i ...' + +process_extending_config_files ${APP_DATA}/httpd-cfg/ ${PHP_CONTAINER_SCRIPTS_PATH}/httpd-cnf/ + diff --git a/7.0/root/usr/share/container-scripts/php/pre-start/40-ssl-certs.sh b/7.0/root/usr/share/container-scripts/php/pre-start/40-ssl-certs.sh new file mode 100644 index 000000000..541bbce40 --- /dev/null +++ b/7.0/root/usr/share/container-scripts/php/pre-start/40-ssl-certs.sh @@ -0,0 +1,4 @@ +source ${PHP_CONTAINER_SCRIPTS_PATH}/common.sh + +# Copy SSL files provided in application source +process_ssl_certs ${APP_ROOT}/src From 1554260c9b575a28b7f3674acf553ec3035aa262 Mon Sep 17 00:00:00 2001 From: Honza Horak Date: Thu, 14 Dec 2017 21:03:51 +0100 Subject: [PATCH 09/12] Fix typo and allow to set SSL cert file only, without a key file --- .../usr/share/container-scripts/php/common.sh | 22 ++++++++++++------- .../usr/share/container-scripts/php/common.sh | 22 ++++++++++++------- .../usr/share/container-scripts/php/common.sh | 22 ++++++++++++------- 3 files changed, 42 insertions(+), 24 deletions(-) diff --git a/5.6/root/usr/share/container-scripts/php/common.sh b/5.6/root/usr/share/container-scripts/php/common.sh index f47d8b11d..9d366bd30 100644 --- a/5.6/root/usr/share/container-scripts/php/common.sh +++ b/5.6/root/usr/share/container-scripts/php/common.sh @@ -99,7 +99,7 @@ function process_extending_config_files() { done <<<"$(get_matched_files "$custom_dir" "$default_dir" '*.conf' | sort -u)" } -# Copy config files from application to the location where httd expects them +# Copy config files from application to the location where httpd expects them # Param sets the directory where to look for files # This function was taken from httpd container process_config_files() { @@ -119,16 +119,22 @@ process_ssl_certs() { local dir=${1:-.} if [ -d ${dir}/httpd-ssl/private ] && [ -d ${dir}/httpd-ssl/certs ]; then echo "---> Looking for SSL certs for httpd..." - cp -r ${dir}/httpd-ssl ${APP_ROOT} - local ssl_cert="$(ls -A ${APP_ROOT}/httpd-ssl/certs/*.pem | head -n 1)" - local ssl_private="$(ls -A ${APP_ROOT}/httpd-ssl/private/*.pem | head -n 1)" - if [ -f "${ssl_cert}" ] && [ -f "${ssl_private}" ]; then - echo "---> Setting SSL certs for httpd..." + cp -r ${dir}/httpd-ssl ${HTTPD_APP_ROOT} + local ssl_cert="$(ls -A ${HTTPD_APP_ROOT}/httpd-ssl/certs/*.pem | head -n 1)" + local ssl_private="$(ls -A ${HTTPD_APP_ROOT}/httpd-ssl/private/*.pem | head -n 1)" + if [ -f "${ssl_cert}" ] ; then + # do sed for SSLCertificateFile and SSLCertificateKeyFile + echo "---> Setting SSL cert file for httpd..." sed -i -e "s|^SSLCertificateFile .*$|SSLCertificateFile ${ssl_cert}|" ${HTTPD_MAIN_CONF_D_PATH}/ssl.conf - sed -i -e "s|^SSLCertificateKeyFile .*$|SSLCertificateKeyFile ${ssl_private}|" ${HTTPD_MAIN_CONF_D_PATH}/ssl.conf + if [ -f "${ssl_private}" ]; then + echo "---> Setting SSL key file for httpd..." + sed -i -e "s|^SSLCertificateKeyFile .*$|SSLCertificateKeyFile ${ssl_private}|" ${HTTPD_MAIN_CONF_D_PATH}/ssl.conf + else + echo "---> Removing SSL key file settings for httpd..." + sed -i '/^SSLCertificateKeyFile .*/d' ${HTTPD_MAIN_CONF_D_PATH}/ssl.conf + fi fi rm -rf ${dir}/httpd-ssl fi } - diff --git a/7.0/root/usr/share/container-scripts/php/common.sh b/7.0/root/usr/share/container-scripts/php/common.sh index f47d8b11d..9d366bd30 100644 --- a/7.0/root/usr/share/container-scripts/php/common.sh +++ b/7.0/root/usr/share/container-scripts/php/common.sh @@ -99,7 +99,7 @@ function process_extending_config_files() { done <<<"$(get_matched_files "$custom_dir" "$default_dir" '*.conf' | sort -u)" } -# Copy config files from application to the location where httd expects them +# Copy config files from application to the location where httpd expects them # Param sets the directory where to look for files # This function was taken from httpd container process_config_files() { @@ -119,16 +119,22 @@ process_ssl_certs() { local dir=${1:-.} if [ -d ${dir}/httpd-ssl/private ] && [ -d ${dir}/httpd-ssl/certs ]; then echo "---> Looking for SSL certs for httpd..." - cp -r ${dir}/httpd-ssl ${APP_ROOT} - local ssl_cert="$(ls -A ${APP_ROOT}/httpd-ssl/certs/*.pem | head -n 1)" - local ssl_private="$(ls -A ${APP_ROOT}/httpd-ssl/private/*.pem | head -n 1)" - if [ -f "${ssl_cert}" ] && [ -f "${ssl_private}" ]; then - echo "---> Setting SSL certs for httpd..." + cp -r ${dir}/httpd-ssl ${HTTPD_APP_ROOT} + local ssl_cert="$(ls -A ${HTTPD_APP_ROOT}/httpd-ssl/certs/*.pem | head -n 1)" + local ssl_private="$(ls -A ${HTTPD_APP_ROOT}/httpd-ssl/private/*.pem | head -n 1)" + if [ -f "${ssl_cert}" ] ; then + # do sed for SSLCertificateFile and SSLCertificateKeyFile + echo "---> Setting SSL cert file for httpd..." sed -i -e "s|^SSLCertificateFile .*$|SSLCertificateFile ${ssl_cert}|" ${HTTPD_MAIN_CONF_D_PATH}/ssl.conf - sed -i -e "s|^SSLCertificateKeyFile .*$|SSLCertificateKeyFile ${ssl_private}|" ${HTTPD_MAIN_CONF_D_PATH}/ssl.conf + if [ -f "${ssl_private}" ]; then + echo "---> Setting SSL key file for httpd..." + sed -i -e "s|^SSLCertificateKeyFile .*$|SSLCertificateKeyFile ${ssl_private}|" ${HTTPD_MAIN_CONF_D_PATH}/ssl.conf + else + echo "---> Removing SSL key file settings for httpd..." + sed -i '/^SSLCertificateKeyFile .*/d' ${HTTPD_MAIN_CONF_D_PATH}/ssl.conf + fi fi rm -rf ${dir}/httpd-ssl fi } - diff --git a/7.1/root/usr/share/container-scripts/php/common.sh b/7.1/root/usr/share/container-scripts/php/common.sh index f47d8b11d..9d366bd30 100644 --- a/7.1/root/usr/share/container-scripts/php/common.sh +++ b/7.1/root/usr/share/container-scripts/php/common.sh @@ -99,7 +99,7 @@ function process_extending_config_files() { done <<<"$(get_matched_files "$custom_dir" "$default_dir" '*.conf' | sort -u)" } -# Copy config files from application to the location where httd expects them +# Copy config files from application to the location where httpd expects them # Param sets the directory where to look for files # This function was taken from httpd container process_config_files() { @@ -119,16 +119,22 @@ process_ssl_certs() { local dir=${1:-.} if [ -d ${dir}/httpd-ssl/private ] && [ -d ${dir}/httpd-ssl/certs ]; then echo "---> Looking for SSL certs for httpd..." - cp -r ${dir}/httpd-ssl ${APP_ROOT} - local ssl_cert="$(ls -A ${APP_ROOT}/httpd-ssl/certs/*.pem | head -n 1)" - local ssl_private="$(ls -A ${APP_ROOT}/httpd-ssl/private/*.pem | head -n 1)" - if [ -f "${ssl_cert}" ] && [ -f "${ssl_private}" ]; then - echo "---> Setting SSL certs for httpd..." + cp -r ${dir}/httpd-ssl ${HTTPD_APP_ROOT} + local ssl_cert="$(ls -A ${HTTPD_APP_ROOT}/httpd-ssl/certs/*.pem | head -n 1)" + local ssl_private="$(ls -A ${HTTPD_APP_ROOT}/httpd-ssl/private/*.pem | head -n 1)" + if [ -f "${ssl_cert}" ] ; then + # do sed for SSLCertificateFile and SSLCertificateKeyFile + echo "---> Setting SSL cert file for httpd..." sed -i -e "s|^SSLCertificateFile .*$|SSLCertificateFile ${ssl_cert}|" ${HTTPD_MAIN_CONF_D_PATH}/ssl.conf - sed -i -e "s|^SSLCertificateKeyFile .*$|SSLCertificateKeyFile ${ssl_private}|" ${HTTPD_MAIN_CONF_D_PATH}/ssl.conf + if [ -f "${ssl_private}" ]; then + echo "---> Setting SSL key file for httpd..." + sed -i -e "s|^SSLCertificateKeyFile .*$|SSLCertificateKeyFile ${ssl_private}|" ${HTTPD_MAIN_CONF_D_PATH}/ssl.conf + else + echo "---> Removing SSL key file settings for httpd..." + sed -i '/^SSLCertificateKeyFile .*/d' ${HTTPD_MAIN_CONF_D_PATH}/ssl.conf + fi fi rm -rf ${dir}/httpd-ssl fi } - From 08757ffa7a24db9fd15d709c713d281ae1d1e817 Mon Sep 17 00:00:00 2001 From: Honza Horak Date: Fri, 15 Dec 2017 12:22:33 +0100 Subject: [PATCH 10/12] Fix APP_ROOT variable name that got broken during previous commit --- 5.6/root/usr/share/container-scripts/php/common.sh | 6 +++--- 7.0/root/usr/share/container-scripts/php/common.sh | 6 +++--- 7.1/root/usr/share/container-scripts/php/common.sh | 6 +++--- 3 files changed, 9 insertions(+), 9 deletions(-) diff --git a/5.6/root/usr/share/container-scripts/php/common.sh b/5.6/root/usr/share/container-scripts/php/common.sh index 9d366bd30..70abce261 100644 --- a/5.6/root/usr/share/container-scripts/php/common.sh +++ b/5.6/root/usr/share/container-scripts/php/common.sh @@ -119,9 +119,9 @@ process_ssl_certs() { local dir=${1:-.} if [ -d ${dir}/httpd-ssl/private ] && [ -d ${dir}/httpd-ssl/certs ]; then echo "---> Looking for SSL certs for httpd..." - cp -r ${dir}/httpd-ssl ${HTTPD_APP_ROOT} - local ssl_cert="$(ls -A ${HTTPD_APP_ROOT}/httpd-ssl/certs/*.pem | head -n 1)" - local ssl_private="$(ls -A ${HTTPD_APP_ROOT}/httpd-ssl/private/*.pem | head -n 1)" + cp -r ${dir}/httpd-ssl ${APP_ROOT} + local ssl_cert="$(ls -A ${APP_ROOT}/httpd-ssl/certs/*.pem | head -n 1)" + local ssl_private="$(ls -A ${APP_ROOT}/httpd-ssl/private/*.pem | head -n 1)" if [ -f "${ssl_cert}" ] ; then # do sed for SSLCertificateFile and SSLCertificateKeyFile echo "---> Setting SSL cert file for httpd..." diff --git a/7.0/root/usr/share/container-scripts/php/common.sh b/7.0/root/usr/share/container-scripts/php/common.sh index 9d366bd30..70abce261 100644 --- a/7.0/root/usr/share/container-scripts/php/common.sh +++ b/7.0/root/usr/share/container-scripts/php/common.sh @@ -119,9 +119,9 @@ process_ssl_certs() { local dir=${1:-.} if [ -d ${dir}/httpd-ssl/private ] && [ -d ${dir}/httpd-ssl/certs ]; then echo "---> Looking for SSL certs for httpd..." - cp -r ${dir}/httpd-ssl ${HTTPD_APP_ROOT} - local ssl_cert="$(ls -A ${HTTPD_APP_ROOT}/httpd-ssl/certs/*.pem | head -n 1)" - local ssl_private="$(ls -A ${HTTPD_APP_ROOT}/httpd-ssl/private/*.pem | head -n 1)" + cp -r ${dir}/httpd-ssl ${APP_ROOT} + local ssl_cert="$(ls -A ${APP_ROOT}/httpd-ssl/certs/*.pem | head -n 1)" + local ssl_private="$(ls -A ${APP_ROOT}/httpd-ssl/private/*.pem | head -n 1)" if [ -f "${ssl_cert}" ] ; then # do sed for SSLCertificateFile and SSLCertificateKeyFile echo "---> Setting SSL cert file for httpd..." diff --git a/7.1/root/usr/share/container-scripts/php/common.sh b/7.1/root/usr/share/container-scripts/php/common.sh index 9d366bd30..70abce261 100644 --- a/7.1/root/usr/share/container-scripts/php/common.sh +++ b/7.1/root/usr/share/container-scripts/php/common.sh @@ -119,9 +119,9 @@ process_ssl_certs() { local dir=${1:-.} if [ -d ${dir}/httpd-ssl/private ] && [ -d ${dir}/httpd-ssl/certs ]; then echo "---> Looking for SSL certs for httpd..." - cp -r ${dir}/httpd-ssl ${HTTPD_APP_ROOT} - local ssl_cert="$(ls -A ${HTTPD_APP_ROOT}/httpd-ssl/certs/*.pem | head -n 1)" - local ssl_private="$(ls -A ${HTTPD_APP_ROOT}/httpd-ssl/private/*.pem | head -n 1)" + cp -r ${dir}/httpd-ssl ${APP_ROOT} + local ssl_cert="$(ls -A ${APP_ROOT}/httpd-ssl/certs/*.pem | head -n 1)" + local ssl_private="$(ls -A ${APP_ROOT}/httpd-ssl/private/*.pem | head -n 1)" if [ -f "${ssl_cert}" ] ; then # do sed for SSLCertificateFile and SSLCertificateKeyFile echo "---> Setting SSL cert file for httpd..." From fd5c09c75968badef5808ee7fd379509fbbb99e2 Mon Sep 17 00:00:00 2001 From: Honza Horak Date: Sat, 16 Dec 2017 14:49:54 +0100 Subject: [PATCH 11/12] Do not re-define APP_ROOT, since it is already defined in s2i-code And use usage and maintainer labels consistently --- 5.6/Dockerfile | 29 +++++++++++++---------------- 5.6/Dockerfile.rhel7 | 29 +++++++++++++---------------- 7.0/Dockerfile | 28 +++++++++++++--------------- 7.0/Dockerfile.rhel7 | 28 +++++++++++++--------------- 7.1/Dockerfile | 27 +++++++++++++-------------- 7.1/Dockerfile.fedora | 6 +++--- 7.1/Dockerfile.rhel7 | 27 +++++++++++++-------------- 7 files changed, 81 insertions(+), 93 deletions(-) diff --git a/5.6/Dockerfile b/5.6/Dockerfile index e6f5536c0..10f84a7e2 100644 --- a/5.6/Dockerfile +++ b/5.6/Dockerfile @@ -14,7 +14,6 @@ EXPOSE 8443 ENV PHP_VERSION=5.6 \ PHP_VER_SHORT=56 \ NAME=php \ - VERSION=5.0 \ PATH=$PATH:/opt/rh/rh-php56/root/usr/bin ENV SUMMARY="Platform for building and running PHP $PHP_VERSION applications" \ @@ -26,21 +25,20 @@ for several commercial and non-commercial database management systems, so writin a database-enabled webpage with PHP is fairly simple. The most common use of PHP coding \ is probably as a replacement for CGI scripts." -LABEL summary="$SUMMARY" \ - description="$DESCRIPTION" \ - io.k8s.description="$DESCRIPTION" \ - io.k8s.display-name="Apache 2.4 with PHP $PHP_VERSION" \ +LABEL summary="${SUMMARY}" \ + description="${DESCRIPTION}" \ + io.k8s.description="${DESCRIPTION}" \ + io.k8s.display-name="Apache 2.4 with PHP ${PHP_VERSION}" \ io.openshift.expose-services="8080:http" \ - io.openshift.tags="builder,$NAME,$NAME$PHP_VER_SHORT,rh-$NAME$PHP_VER_SHORT" \ + io.openshift.tags="builder,${NAME},${NAME}${PHP_VER_SHORT},rh-${NAME}${PHP_VER_SHORT}" \ io.openshift.s2i.scripts-url="image:///usr/libexec/s2i" \ io.s2i.scripts-url="image:///usr/libexec/s2i" \ - name="centos/$NAME-$PHP_VER_SHORT-centos7" \ - com.redhat.component="rh-$NAME$PHP_VER_SHORT-docker" \ - version="$VERSION" \ - release="1" \ - maintainer="SoftwareCollections.org " \ - help="For more information visit https://github.com/sclorg/s2i-$NAME-container" \ - usage="s2i build centos/$NAME-$PHP_VER_SHORT-centos7:latest " + name="centos/${NAME}-${PHP_VER_SHORT}-centos7" \ + com.redhat.component="rh-${NAME}${PHP_VER_SHORT}-docker" \ + version="${PHP_VERSION}" \ + help="For more information visit https://github.com/sclorg/s2i-${NAME}-container" \ + usage="s2i build https://github.com/sclorg/s2i-php-container.git --context-dir=${PHP_VERSION}/test/test-app centos/${NAME}-${PHP_VER_SHORT}-centos7 sample-server" \ + maintainer="SoftwareCollections.org " # Install Apache httpd and PHP RUN yum install -y centos-release-scl && \ @@ -53,12 +51,11 @@ RUN yum install -y centos-release-scl && \ yum clean all -y ENV PHP_CONTAINER_SCRIPTS_PATH=/usr/share/container-scripts/php/ \ - APP_ROOT=/opt/app-root \ - APP_DATA=/opt/app-root/src \ + APP_DATA=${APP_ROOT}/src \ PHP_DEFAULT_INCLUDE_PATH=/opt/rh/rh-php56/root/usr/share/pear \ PHP_SYSCONF_PATH=/etc/opt/rh/rh-php56 \ PHP_HTTPD_CONF_FILE=rh-php56-php.conf \ - HTTPD_CONFIGURATION_PATH=/opt/app-root/etc/conf.d \ + HTTPD_CONFIGURATION_PATH=${APP_ROOT}/etc/conf.d \ HTTPD_MAIN_CONF_PATH=/etc/httpd/conf \ HTTPD_MAIN_CONF_D_PATH=/etc/httpd/conf.d \ HTTPD_VAR_RUN=/var/run/httpd \ diff --git a/5.6/Dockerfile.rhel7 b/5.6/Dockerfile.rhel7 index f06098624..b56d2823a 100644 --- a/5.6/Dockerfile.rhel7 +++ b/5.6/Dockerfile.rhel7 @@ -14,7 +14,6 @@ EXPOSE 8443 ENV PHP_VERSION=5.6 \ PHP_VER_SHORT=56 \ NAME=php \ - VERSION=5.0 \ PATH=$PATH:/opt/rh/rh-php56/root/usr/bin ENV SUMMARY="Platform for building and running PHP $PHP_VERSION applications" \ @@ -26,21 +25,20 @@ for several commercial and non-commercial database management systems, so writin a database-enabled webpage with PHP is fairly simple. The most common use of PHP coding \ is probably as a replacement for CGI scripts." -LABEL summary="$SUMMARY" \ - description="$DESCRIPTION" \ - io.k8s.description="$DESCRIPTION" \ - io.k8s.display-name="Apache 2.4 with PHP $PHP_VERSION" \ +LABEL summary="${SUMMARY}" \ + description="${DESCRIPTION}" \ + io.k8s.description="${DESCRIPTION}" \ + io.k8s.display-name="Apache 2.4 with PHP ${PHP_VERSION}" \ io.openshift.expose-services="8080:http" \ - io.openshift.tags="builder,$NAME,$NAME$PHP_VER_SHORT,rh-$NAME$PHP_VER_SHORT" \ + io.openshift.tags="builder,${NAME},${NAME}${PHP_VER_SHORT},rh-${NAME}${PHP_VER_SHORT}" \ io.openshift.s2i.scripts-url="image:///usr/libexec/s2i" \ io.s2i.scripts-url="image:///usr/libexec/s2i" \ - name="rhscl/$NAME-$PHP_VER_SHORT-rhel7" \ - com.redhat.component="rh-$NAME$PHP_VER_SHORT-docker" \ - version="$VERSION" \ - release="3" \ - maintainer="SoftwareCollections.org " \ - help="For more information visit https://github.com/sclorg/s2i-$NAME-container" \ - usage="s2i build rhscl/$NAME-$PHP_VER_SHORT-rhel7:latest " + name="rhscl/${NAME}-${PHP_VER_SHORT}-rhel7" \ + com.redhat.component="rh-${NAME}${PHP_VER_SHORT}-docker" \ + version="${PHP_VERSION}" \ + help="For more information visit https://github.com/sclorg/s2i-${NAME}-container" \ + usage="s2i build https://github.com/sclorg/s2i-php-container.git --context-dir=${PHP_VERSION}/test/test-app rhscl/${NAME}-${PHP_VER_SHORT}-rhel7 sample-server" \ + maintainer="SoftwareCollections.org " # Install Apache httpd and PHP RUN yum install -y yum-utils && \ @@ -57,12 +55,11 @@ RUN yum install -y yum-utils && \ yum clean all -y ENV PHP_CONTAINER_SCRIPTS_PATH=/usr/share/container-scripts/php/ \ - APP_ROOT=/opt/app-root \ - APP_DATA=/opt/app-root/src \ + APP_DATA=${APP_ROOT}/src \ PHP_DEFAULT_INCLUDE_PATH=/opt/rh/rh-php56/root/usr/share/pear \ PHP_SYSCONF_PATH=/etc/opt/rh/rh-php56 \ PHP_HTTPD_CONF_FILE=rh-php56-php.conf \ - HTTPD_CONFIGURATION_PATH=/opt/app-root/etc/conf.d \ + HTTPD_CONFIGURATION_PATH=${APP_ROOT}/etc/conf.d \ HTTPD_MAIN_CONF_PATH=/etc/httpd/conf \ HTTPD_MAIN_CONF_D_PATH=/etc/httpd/conf.d \ HTTPD_VAR_RUN=/var/run/httpd \ diff --git a/7.0/Dockerfile b/7.0/Dockerfile index cea44a01a..7b2ca1def 100644 --- a/7.0/Dockerfile +++ b/7.0/Dockerfile @@ -25,21 +25,20 @@ for several commercial and non-commercial database management systems, so writin a database-enabled webpage with PHP is fairly simple. The most common use of PHP coding \ is probably as a replacement for CGI scripts." -LABEL summary="$SUMMARY" \ - description="$DESCRIPTION" \ - io.k8s.description="$DESCRIPTION" \ - io.k8s.display-name="Apache 2.4 with PHP $PHP_VERSION" \ +LABEL summary="${SUMMARY}" \ + description="${DESCRIPTION}" \ + io.k8s.description="${DESCRIPTION}" \ + io.k8s.display-name="Apache 2.4 with PHP ${PHP_VERSION}" \ io.openshift.expose-services="8080:http" \ - io.openshift.tags="builder,$NAME,$NAME$PHP_VER_SHORT,rh-$NAME$PHP_VER_SHORT" \ + io.openshift.tags="builder,${NAME},${NAME}${PHP_VER_SHORT},rh-${NAME}${PHP_VER_SHORT}" \ io.openshift.s2i.scripts-url="image:///usr/libexec/s2i" \ io.s2i.scripts-url="image:///usr/libexec/s2i" \ - name="centos/$NAME-$PHP_VER_SHORT-centos7" \ - com.redhat.component="rh-$NAME$PHP_VER_SHORT-docker" \ - version="$PHP_VERSION" \ - release="1" \ - maintainer="SoftwareCollections.org " \ - help="For more information visit https://github.com/sclorg/s2i-$NAME-container" \ - usage="s2i build centos/$NAME-$PHP_VER_SHORT-centos7:latest " + name="centos/${NAME}-${PHP_VER_SHORT}-centos7" \ + com.redhat.component="rh-${NAME}${PHP_VER_SHORT}-docker" \ + version="${PHP_VERSION}" \ + help="For more information visit https://github.com/sclorg/s2i-${NAME}-container" \ + usage="s2i build https://github.com/sclorg/s2i-php-container.git --context-dir=${PHP_VERSION}/test/test-app centos/${NAME}-${PHP_VER_SHORT}-centos7 sample-server" \ + maintainer="SoftwareCollections.org " # Install Apache httpd and PHP RUN yum install -y centos-release-scl && \ @@ -53,12 +52,11 @@ RUN yum install -y centos-release-scl && \ yum clean all -y ENV PHP_CONTAINER_SCRIPTS_PATH=/usr/share/container-scripts/php/ \ - APP_ROOT=/opt/app-root \ - APP_DATA=/opt/app-root/src \ + APP_DATA=${APP_ROOT}/src \ PHP_DEFAULT_INCLUDE_PATH=/opt/rh/rh-php70/root/usr/share/pear \ PHP_SYSCONF_PATH=/etc/opt/rh/rh-php70 \ PHP_HTTPD_CONF_FILE=rh-php70-php.conf \ - HTTPD_CONFIGURATION_PATH=/opt/app-root/etc/conf.d \ + HTTPD_CONFIGURATION_PATH=${APP_ROOT}/etc/conf.d \ HTTPD_MAIN_CONF_PATH=/etc/httpd/conf \ HTTPD_MAIN_CONF_D_PATH=/etc/httpd/conf.d \ HTTPD_VAR_RUN=/var/run/httpd \ diff --git a/7.0/Dockerfile.rhel7 b/7.0/Dockerfile.rhel7 index 65d3a1125..5d3018a0e 100644 --- a/7.0/Dockerfile.rhel7 +++ b/7.0/Dockerfile.rhel7 @@ -25,21 +25,20 @@ for several commercial and non-commercial database management systems, so writin a database-enabled webpage with PHP is fairly simple. The most common use of PHP coding \ is probably as a replacement for CGI scripts." -LABEL summary="$SUMMARY" \ - description="$DESCRIPTION" \ - io.k8s.description="$DESCRIPTION" \ - io.k8s.display-name="Apache 2.4 with PHP $PHP_VERSION" \ +LABEL summary="${SUMMARY}" \ + description="${DESCRIPTION}" \ + io.k8s.description="${DESCRIPTION}" \ + io.k8s.display-name="Apache 2.4 with PHP ${PHP_VERSION}" \ io.openshift.expose-services="8080:http" \ - io.openshift.tags="builder,$NAME,$NAME$PHP_VER_SHORT,rh-$NAME$PHP_VER_SHORT" \ + io.openshift.tags="builder,${NAME},${NAME}${PHP_VER_SHORT},rh-${NAME}${PHP_VER_SHORT}" \ io.openshift.s2i.scripts-url="image:///usr/libexec/s2i" \ io.s2i.scripts-url="image:///usr/libexec/s2i" \ - name="rhscl/$NAME-$PHP_VER_SHORT-rhel7" \ - com.redhat.component="rh-$NAME$PHP_VER_SHORT-docker" \ - version="$PHP_VERSION" \ - release="5.0" \ - maintainer="SoftwareCollections.org " \ - help="For more information visit https://github.com/sclorg/s2i-$NAME-container" \ - usage="s2i build rhscl/$NAME-$PHP_VER_SHORT-rhel7:latest " + name="rhscl/${NAME}-${PHP_VER_SHORT}-rhel7" \ + com.redhat.component="rh-${NAME}${PHP_VER_SHORT}-docker" \ + version="${PHP_VERSION}" \ + help="For more information visit https://github.com/sclorg/s2i-${NAME}-container" \ + usage="s2i build https://github.com/sclorg/s2i-php-container.git --context-dir=${PHP_VERSION}/test/test-app rhscl/${NAME}-${PHP_VER_SHORT}-rhel7 sample-server" \ + maintainer="SoftwareCollections.org " # Install Apache httpd and PHP RUN yum install -y yum-utils && \ @@ -56,12 +55,11 @@ RUN yum install -y yum-utils && \ yum clean all -y ENV PHP_CONTAINER_SCRIPTS_PATH=/usr/share/container-scripts/php/ \ - APP_ROOT=/opt/app-root \ - APP_DATA=/opt/app-root/src \ + APP_DATA=${APP_ROOT}/src \ PHP_DEFAULT_INCLUDE_PATH=/opt/rh/rh-php70/root/usr/share/pear \ PHP_SYSCONF_PATH=/etc/opt/rh/rh-php70 \ PHP_HTTPD_CONF_FILE=rh-php70-php.conf \ - HTTPD_CONFIGURATION_PATH=/opt/app-root/etc/conf.d \ + HTTPD_CONFIGURATION_PATH=${APP_ROOT}/etc/conf.d \ HTTPD_MAIN_CONF_PATH=/etc/httpd/conf \ HTTPD_MAIN_CONF_D_PATH=/etc/httpd/conf.d \ HTTPD_VAR_RUN=/var/run/httpd \ diff --git a/7.1/Dockerfile b/7.1/Dockerfile index caaf3eb85..22a36a109 100644 --- a/7.1/Dockerfile +++ b/7.1/Dockerfile @@ -25,20 +25,20 @@ for several commercial and non-commercial database management systems, so writin a database-enabled webpage with PHP is fairly simple. The most common use of PHP coding \ is probably as a replacement for CGI scripts." -LABEL summary="$SUMMARY" \ - description="$DESCRIPTION" \ - io.k8s.description="$DESCRIPTION" \ - io.k8s.display-name="Apache 2.4 with PHP $PHP_VERSION" \ +LABEL summary="${SUMMARY}" \ + description="${DESCRIPTION}" \ + io.k8s.description="${DESCRIPTION}" \ + io.k8s.display-name="Apache 2.4 with PHP ${PHP_VERSION}" \ io.openshift.expose-services="8080:http" \ - io.openshift.tags="builder,$NAME,$NAME$PHP_VER_SHORT,rh-$NAME$PHP_VER_SHORT" \ + io.openshift.tags="builder,${NAME},${NAME}${PHP_VER_SHORT},rh-${NAME}${PHP_VER_SHORT}" \ io.openshift.s2i.scripts-url="image:///usr/libexec/s2i" \ io.s2i.scripts-url="image:///usr/libexec/s2i" \ - name="centos/$NAME-$PHP_VER_SHORT-centos7" \ - com.redhat.component="rh-$NAME$PHP_VER_SHORT-docker" \ - version="1" \ - maintainer="SoftwareCollections.org " \ - help="For more information visit https://github.com/sclorg/s2i-$NAME-container" \ - usage="s2i build centos/$NAME-$PHP_VER_SHORT-centos7:latest " + name="centos/${NAME}-${PHP_VER_SHORT}-centos7" \ + com.redhat.component="rh-${NAME}${PHP_VER_SHORT}-docker" \ + version="${PHP_VERSION}" \ + help="For more information visit https://github.com/sclorg/s2i-${NAME}-container" \ + usage="s2i build https://github.com/sclorg/s2i-php-container.git --context-dir=${PHP_VERSION}/test/test-app centos/${NAME}-${PHP_VER_SHORT}-centos7 sample-server" \ + maintainer="SoftwareCollections.org " # Install Apache httpd and PHP RUN yum install -y centos-release-scl && \ @@ -52,12 +52,11 @@ RUN yum install -y centos-release-scl && \ yum clean all -y ENV PHP_CONTAINER_SCRIPTS_PATH=/usr/share/container-scripts/php/ \ - APP_ROOT=/opt/app-root \ - APP_DATA=/opt/app-root/src \ + APP_DATA=${APP_ROOT}/src \ PHP_DEFAULT_INCLUDE_PATH=/opt/rh/rh-php71/root/usr/share/pear \ PHP_SYSCONF_PATH=/etc/opt/rh/rh-php71 \ PHP_HTTPD_CONF_FILE=rh-php71-php.conf \ - HTTPD_CONFIGURATION_PATH=/opt/app-root/etc/conf.d \ + HTTPD_CONFIGURATION_PATH=${APP_ROOT}/etc/conf.d \ HTTPD_MAIN_CONF_PATH=/etc/httpd/conf \ HTTPD_MAIN_CONF_D_PATH=/etc/httpd/conf.d \ HTTPD_VAR_RUN=/var/run/httpd \ diff --git a/7.1/Dockerfile.fedora b/7.1/Dockerfile.fedora index d38c237be..bc4bcae7d 100644 --- a/7.1/Dockerfile.fedora +++ b/7.1/Dockerfile.fedora @@ -33,6 +33,7 @@ LABEL summary="$SUMMARY" \ com.redhat.component="$NAME" \ version="$VERSION" \ release="$RELEASE" \ + usage="s2i build https://github.com/sclorg/s2i-php-container.git --context-dir=/7.1/test/test-app $FGC/$NAME sample-server" \ maintainer="SoftwareCollections.org " # Install Apache httpd and PHP @@ -45,12 +46,11 @@ RUN INSTALL_PKGS="php php-mysqlnd php-bcmath \ yum clean all -y ENV PHP_CONTAINER_SCRIPTS_PATH=/usr/share/container-scripts/php/ \ - APP_ROOT=/opt/app-root \ - APP_DATA=/opt/app-root/src \ + APP_DATA=${APP_ROOT}/src \ PHP_DEFAULT_INCLUDE_PATH=/usr/share/pear \ PHP_SYSCONF_PATH=/etc/ \ PHP_HTTPD_CONF_FILE=php.conf \ - HTTPD_CONFIGURATION_PATH=/opt/app-root/etc/conf.d \ + HTTPD_CONFIGURATION_PATH=${APP_ROOT}/etc/conf.d \ HTTPD_MAIN_CONF_PATH=/etc/httpd/conf \ HTTPD_MAIN_CONF_D_PATH=/etc/httpd/conf.d \ HTTPD_VAR_RUN=/var/run/httpd \ diff --git a/7.1/Dockerfile.rhel7 b/7.1/Dockerfile.rhel7 index 9926c043b..5023ad331 100644 --- a/7.1/Dockerfile.rhel7 +++ b/7.1/Dockerfile.rhel7 @@ -25,20 +25,20 @@ for several commercial and non-commercial database management systems, so writin a database-enabled webpage with PHP is fairly simple. The most common use of PHP coding \ is probably as a replacement for CGI scripts." -LABEL summary="$SUMMARY" \ - description="$DESCRIPTION" \ - io.k8s.description="$DESCRIPTION" \ - io.k8s.display-name="Apache 2.4 with PHP $PHP_VERSION" \ +LABEL summary="${SUMMARY}" \ + description="${DESCRIPTION}" \ + io.k8s.description="${DESCRIPTION}" \ + io.k8s.display-name="Apache 2.4 with PHP ${PHP_VERSION}" \ io.openshift.expose-services="8080:http" \ - io.openshift.tags="builder,$NAME,$NAME$PHP_VER_SHORT,rh-$NAME$PHP_VER_SHORT" \ + io.openshift.tags="builder,${NAME},${NAME}${PHP_VER_SHORT},rh-${NAME}${PHP_VER_SHORT}" \ io.openshift.s2i.scripts-url="image:///usr/libexec/s2i" \ io.s2i.scripts-url="image:///usr/libexec/s2i" \ - name="rhscl/$NAME-$PHP_VER_SHORT-rhel7" \ - com.redhat.component="rh-$NAME$PHP_VER_SHORT-docker" \ - version="1" \ - maintainer="SoftwareCollections.org " \ - help="For more information visit https://github.com/sclorg/s2i-$NAME-container" \ - usage="s2i build rhscl/$NAME-$PHP_VER_SHORT-rhel7:latest " + name="rhscl/${NAME}-${PHP_VER_SHORT}-rhel7" \ + com.redhat.component="rh-${NAME}${PHP_VER_SHORT}-docker" \ + version="${PHP_VERSION}" \ + help="For more information visit https://github.com/sclorg/s2i-${NAME}-container" \ + usage="s2i build https://github.com/sclorg/s2i-php-container.git --context-dir=${PHP_VERSION}/test/test-app rhscl/${NAME}-${PHP_VER_SHORT}-rhel7 sample-server" \ + maintainer="SoftwareCollections.org " # Install Apache httpd and PHP RUN yum install -y yum-utils && \ @@ -55,12 +55,11 @@ RUN yum install -y yum-utils && \ yum clean all -y ENV PHP_CONTAINER_SCRIPTS_PATH=/usr/share/container-scripts/php/ \ - APP_ROOT=/opt/app-root \ - APP_DATA=/opt/app-root/src \ + APP_DATA=${APP_ROOT}/src \ PHP_DEFAULT_INCLUDE_PATH=/opt/rh/rh-php71/root/usr/share/pear \ PHP_SYSCONF_PATH=/etc/opt/rh/rh-php71 \ PHP_HTTPD_CONF_FILE=rh-php71-php.conf \ - HTTPD_CONFIGURATION_PATH=/opt/app-root/etc/conf.d \ + HTTPD_CONFIGURATION_PATH=${APP_ROOT}/etc/conf.d \ HTTPD_MAIN_CONF_PATH=/etc/httpd/conf \ HTTPD_MAIN_CONF_D_PATH=/etc/httpd/conf.d \ HTTPD_VAR_RUN=/var/run/httpd \ From 0244247163d1cb699eef15b4d10c855720c0bdfa Mon Sep 17 00:00:00 2001 From: Honza Horak Date: Tue, 19 Dec 2017 13:02:55 +0100 Subject: [PATCH 12/12] Update common submodule to latest commit --- common | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/common b/common index f51071814..37f8907fc 160000 --- a/common +++ b/common @@ -1 +1 @@ -Subproject commit f51071814e57dc0fd118c8dc961fd6971b09db76 +Subproject commit 37f8907fca297b3590879336c5930def74e3b400