From 5438d9982864f61b764362212fd6c5fffab57646 Mon Sep 17 00:00:00 2001 From: James Deathe Date: Wed, 10 Jul 2019 00:36:49 +0100 Subject: [PATCH 01/15] #663: Fixes regex quoting. --- CHANGELOG.md | 4 ++++ Dockerfile | 2 +- 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 0a87de3..3c17ba1 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -6,6 +6,10 @@ Summary of release changes for Version 1. CentOS-6 6.10 x86_64, Apache 2.2, PHP 5.3, PHP memcached 1.0, PHP APC 3.1. +### 1.13.0 - Unreleased + +- Fixes php_uname to gethostname replacment regex quoting. + ### 1.12.0 - 2019-04-11 - Updates source image to [1.10.1](https://github.com/jdeathe/centos-ssh/releases/tag/1.10.1). diff --git a/Dockerfile b/Dockerfile index 4eb1e25..49e17a3 100644 --- a/Dockerfile +++ b/Dockerfile @@ -167,7 +167,7 @@ RUN useradd -r -M -d /var/www/app -s /sbin/nologin app \ && sed -i \ -e "s~'ADMIN_PASSWORD','password'~'ADMIN_PASSWORD','apc!123'~g" \ -e "s~'DATE_FORMAT', 'Y/m/d H:i:s'~'DATE_FORMAT', 'Y-m-d H:i:s'~g" \ - -e "s~php_uname(\'n\');~gethostname();~g" \ + -e "s~php_uname('n');~gethostname();~g" \ /usr/share/php-pecl-apc/apc.php \ && sed -i \ -e "s~{{RELEASE_VERSION}}~${RELEASE_VERSION}~g" \ From 1aefeaa1c7e5a46026f34f027d24b6e864084136 Mon Sep 17 00:00:00 2001 From: James Deathe Date: Wed, 10 Jul 2019 01:12:52 +0100 Subject: [PATCH 02/15] #674: Fixes README SSL/TLS data volume names/paths in examples. --- CHANGELOG.md | 1 + README.md | 4 ++-- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 3c17ba1..24f5de7 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -9,6 +9,7 @@ CentOS-6 6.10 x86_64, Apache 2.2, PHP 5.3, PHP memcached 1.0, PHP APC 3.1. ### 1.13.0 - Unreleased - Fixes php_uname to gethostname replacment regex quoting. +- Fixes README SSL/TLS data volume names/paths in examples. ### 1.12.0 - 2019-04-11 diff --git a/README.md b/README.md index 1b7570a..8fe9331 100644 --- a/README.md +++ b/README.md @@ -148,7 +148,7 @@ $ docker run \ --manager=systemd \ --register \ --env='APACHE_MOD_SSL_ENABLED=true' \ - --setopt='--volume {{NAME}}.data-ssl:/etc/services-config/ssl' + --setopt='--volume {{NAME}}.data-tls:/etc/pki/tls' ``` ##### SCMI Fleet Support @@ -358,7 +358,7 @@ $ docker run -d \ --env "APACHE_SERVER_ALIAS=app-1" \ --env "APACHE_SERVER_NAME=app-1.local" \ --env "APACHE_MOD_SSL_ENABLED=true" \ - --volume apache-php.1.data-ssl:/etc/services-config/ssl \ + --volume apache-php.1.data-tls:/etc/pki/tls \ jdeathe/centos-ssh-apache-php:1.12.0 ``` From 4d83f8a799498d6d70f7612d41070e252d946c77 Mon Sep 17 00:00:00 2001 From: James Deathe Date: Wed, 10 Jul 2019 18:35:18 +0100 Subject: [PATCH 03/15] #673: Adds redis to image description. --- CHANGELOG.md | 1 + Dockerfile | 2 +- README.md | 6 +++--- 3 files changed, 5 insertions(+), 4 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 24f5de7..5114ee1 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -8,6 +8,7 @@ CentOS-6 6.10 x86_64, Apache 2.2, PHP 5.3, PHP memcached 1.0, PHP APC 3.1. ### 1.13.0 - Unreleased +- Updates Dockerfile `org.deathe.description` metadata LABEL to include PHP redis module. - Fixes php_uname to gethostname replacment regex quoting. - Fixes README SSL/TLS data volume names/paths in examples. diff --git a/Dockerfile b/Dockerfile index 49e17a3..2ac9ee5 100644 --- a/Dockerfile +++ b/Dockerfile @@ -269,7 +269,7 @@ jdeathe/centos-ssh-apache-php:${RELEASE_VERSION} \ org.deathe.license="MIT" \ org.deathe.vendor="jdeathe" \ org.deathe.url="https://github.com/jdeathe/centos-ssh-apache-php" \ - org.deathe.description="CentOS-6 6.10 x86_64 - Apache 2.2, PHP 5.3, PHP memcached 1.0, PHP APC 3.1." + org.deathe.description="CentOS-6 6.10 x86_64 - Apache 2.2, PHP 5.3, PHP memcached 1.0, PHP redis 2.2, PHP APC 3.1." HEALTHCHECK \ --interval=1s \ diff --git a/README.md b/README.md index 8fe9331..44749db 100644 --- a/README.md +++ b/README.md @@ -3,9 +3,9 @@ centos-ssh-apache-php Docker Image including: -- CentOS-6 6.10 x86_64, Apache 2.2, PHP 5.3, PHP memcached 1.0, PHP APC 3.1. -- CentOS-6 6.10 x86_64, Apache 2.4, PHP-FPM 5.6, PHP memcached 2.2, Zend Opcache 7.0. -- CentOS-7 7.5.1804 x86_64, Apache 2.4, PHP-FPM 7.2, PHP memcached 3.0, Zend Opcache 7.2. +- CentOS-6 6.10 x86_64, Apache 2.2, PHP 5.3, PHP memcached 1.0, PHP redis 2.2, PHP APC 3.1. +- CentOS-6 6.10 x86_64, Apache 2.4, PHP-FPM 5.6, PHP memcached 2.2, PHP redis 3.1, Zend Opcache 7.0. +- CentOS-7 7.5.1804 x86_64, Apache 2.4, PHP-FPM 7.2, PHP memcached 3.0, PHP redis 3.1, Zend Opcache 7.2. Apache PHP web server, loading only a minimal set of Apache modules by default. Supports custom configuration via environment variables. From 4e6c68ff8e0af48d1f3a79f876e5262981e4c5b2 Mon Sep 17 00:00:00 2001 From: James Deathe Date: Wed, 10 Jul 2019 19:39:07 +0100 Subject: [PATCH 04/15] #686: Updates description in systemd register unit file template. --- CHANGELOG.md | 1 + src/etc/systemd/system/centos-ssh-apache-php.register@.service | 3 ++- 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 5114ee1..e3dfb9b 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -9,6 +9,7 @@ CentOS-6 6.10 x86_64, Apache 2.2, PHP 5.3, PHP memcached 1.0, PHP APC 3.1. ### 1.13.0 - Unreleased - Updates Dockerfile `org.deathe.description` metadata LABEL to include PHP redis module. +- Updates description in centos-ssh-apache-php.register@.service. - Fixes php_uname to gethostname replacment regex quoting. - Fixes README SSL/TLS data volume names/paths in examples. diff --git a/src/etc/systemd/system/centos-ssh-apache-php.register@.service b/src/etc/systemd/system/centos-ssh-apache-php.register@.service index cec06eb..c66065f 100644 --- a/src/etc/systemd/system/centos-ssh-apache-php.register@.service +++ b/src/etc/systemd/system/centos-ssh-apache-php.register@.service @@ -35,12 +35,13 @@ # # To uninstall: # sudo systemctl disable -f {service-unit-instance-name} +# sudo systemctl daemon-reload # sudo rm /etc/systemd/system/{service-unit-template-name} # sudo systemctl daemon-reload # ------------------------------------------------------------------------------ [Unit] -Description=centos-apache-php etcd registration // %p@%i +Description=centos-ssh-apache-php etcd registration // %p@%i After=etcd.service After=etcd2.service After={{SERVICE_UNIT_NAME}}@%i.service From a89e5703c81c4b0810de3783bbe5a437de0382d8 Mon Sep 17 00:00:00 2001 From: James Deathe Date: Wed, 10 Jul 2019 20:50:11 +0100 Subject: [PATCH 05/15] #677: Removes unused DOCKER_PORT_MAP_TCP_22 variable. --- CHANGELOG.md | 1 + environment.mk | 1 - src/opt/scmi/environment.sh | 1 - test/shpec/operation_shpec.sh | 1 - 4 files changed, 1 insertion(+), 3 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index e3dfb9b..db8d91e 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -12,6 +12,7 @@ CentOS-6 6.10 x86_64, Apache 2.2, PHP 5.3, PHP memcached 1.0, PHP APC 3.1. - Updates description in centos-ssh-apache-php.register@.service. - Fixes php_uname to gethostname replacment regex quoting. - Fixes README SSL/TLS data volume names/paths in examples. +- Removes unused `DOCKER_PORT_MAP_TCP_22` variable from environment includes. ### 1.12.0 - 2019-04-11 diff --git a/environment.mk b/environment.mk index 70ef5b5..aa1184d 100644 --- a/environment.mk +++ b/environment.mk @@ -17,7 +17,6 @@ DOCKER_IMAGE_RELEASE_TAG_PATTERN := ^(1|2|centos-(6-1|6-httpd24u-php56u-2))\.[0- DOCKER_CONTAINER_OPTS ?= DOCKER_IMAGE_TAG ?= latest DOCKER_NAME ?= apache-php.1 -DOCKER_PORT_MAP_TCP_22 ?= NULL DOCKER_PORT_MAP_TCP_80 ?= 8080 DOCKER_PORT_MAP_TCP_443 ?= 9443 DOCKER_PORT_MAP_TCP_8443 ?= NULL diff --git a/src/opt/scmi/environment.sh b/src/opt/scmi/environment.sh index ee3826b..97cdad0 100644 --- a/src/opt/scmi/environment.sh +++ b/src/opt/scmi/environment.sh @@ -17,7 +17,6 @@ readonly DOCKER_IMAGE_RELEASE_TAG_PATTERN='^(1|2|centos-(6-1|6-httpd24u-php56u-2 DOCKER_CONTAINER_OPTS="${DOCKER_CONTAINER_OPTS:-}" DOCKER_IMAGE_TAG="${DOCKER_IMAGE_TAG:-latest}" DOCKER_NAME="${DOCKER_NAME:-apache-php.1}" -DOCKER_PORT_MAP_TCP_22="${DOCKER_PORT_MAP_TCP_22:-NULL}" DOCKER_PORT_MAP_TCP_80="${DOCKER_PORT_MAP_TCP_80:-8080}" DOCKER_PORT_MAP_TCP_443="${DOCKER_PORT_MAP_TCP_443:-9443}" DOCKER_PORT_MAP_TCP_8443="${DOCKER_PORT_MAP_TCP_8443:-NULL}" diff --git a/test/shpec/operation_shpec.sh b/test/shpec/operation_shpec.sh index a99c459..543e35e 100644 --- a/test/shpec/operation_shpec.sh +++ b/test/shpec/operation_shpec.sh @@ -4,7 +4,6 @@ readonly TEST_DIRECTORY="test" # These should ideally be a static value but hosts might be using this port so # need to allow for alternatives. -DOCKER_PORT_MAP_TCP_22="${DOCKER_PORT_MAP_TCP_22:-NULL}" DOCKER_PORT_MAP_TCP_80="${DOCKER_PORT_MAP_TCP_80:-8080}" DOCKER_PORT_MAP_TCP_443="${DOCKER_PORT_MAP_TCP_443:-9443}" DOCKER_PORT_MAP_TCP_8443="${DOCKER_PORT_MAP_TCP_8443:-NULL}" From 3feb264d0d7fb16fbf04fa67017d5ec14675629e Mon Sep 17 00:00:00 2001 From: James Deathe Date: Wed, 10 Jul 2019 22:45:10 +0100 Subject: [PATCH 06/15] #657: Fixes issue with setting file permissions before user is created. --- CHANGELOG.md | 1 + src/usr/sbin/httpd-bootstrap | 31 +++++++++++++++---------------- 2 files changed, 16 insertions(+), 16 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index db8d91e..c3bf46e 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -12,6 +12,7 @@ CentOS-6 6.10 x86_64, Apache 2.2, PHP 5.3, PHP memcached 1.0, PHP APC 3.1. - Updates description in centos-ssh-apache-php.register@.service. - Fixes php_uname to gethostname replacment regex quoting. - Fixes README SSL/TLS data volume names/paths in examples. +- Fixes bootstrap; ensure user creation occurs before setting ownership with user. - Removes unused `DOCKER_PORT_MAP_TCP_22` variable from environment includes. ### 1.12.0 - 2019-04-11 diff --git a/src/usr/sbin/httpd-bootstrap b/src/usr/sbin/httpd-bootstrap index 0b218f9..57c0bbc 100755 --- a/src/usr/sbin/httpd-bootstrap +++ b/src/usr/sbin/httpd-bootstrap @@ -1843,15 +1843,14 @@ function main () pids[1]="${!}" fi - __load_php_ini_scan_files \ - "${package_path}" - __set_php_fpm_pool \ - "${apache_run_user}" \ + __set_apache_system_user \ + "${apache_system_user}" + __set_apache_run_user \ + "${apache_run_user}" + __set_apache_run_group \ "${apache_run_group}" __set_apache_mpm \ "${apache_mpm}" - __load_httpd_conf_scan_files \ - "${package_path}" __set_apache_header_x_service_uid \ "${apache_header_x_service_uid}" __set_apache_server_name \ @@ -1860,6 +1859,16 @@ function main () "${apache_mod_ssl_enabled}" __set_apache_extended_status \ "${apache_extended_status_enabled}" + __set_php_fpm_pool \ + "${apache_run_user}" \ + "${apache_run_group}" + __set_loopback_hosts_entry \ + "${apache_server_name}" \ + "${apache_server_alias}" + __load_httpd_conf_scan_files \ + "${package_path}" + __load_php_ini_scan_files \ + "${package_path}" details_modules_enabled_list="$( __enable_apache_modules @@ -1935,16 +1944,6 @@ function main () -e "s~(\\$\{|\{\{)PHP_OPTIONS_SESSION_SAVE_PATH(\}\}|(:-.+)?\})~${php_options_session_save_path}~g" \ ${config_files} - __set_apache_system_user \ - "${apache_system_user}" - __set_apache_run_user \ - "${apache_run_user}" - __set_apache_run_group \ - "${apache_run_group}" - __set_loopback_hosts_entry \ - "${apache_server_name}" \ - "${apache_server_alias}" - if [[ ${apache_mod_ssl_enabled} == true ]] then # Wait for certificate generation if necessary From 11b0dbc9f567dc6969bb8760d54fd08c79769c37 Mon Sep 17 00:00:00 2001 From: James Deathe Date: Thu, 11 Jul 2019 00:05:28 +0100 Subject: [PATCH 07/15] #661: Updates wrapper to set httpd ErrorLog to /dev/stderr. --- CHANGELOG.md | 1 + src/usr/sbin/httpd-wrapper | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index c3bf46e..0c967d7 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -10,6 +10,7 @@ CentOS-6 6.10 x86_64, Apache 2.2, PHP 5.3, PHP memcached 1.0, PHP APC 3.1. - Updates Dockerfile `org.deathe.description` metadata LABEL to include PHP redis module. - Updates description in centos-ssh-apache-php.register@.service. +- Updates wrapper to set httpd ErrorLog to `/dev/stderr` instead of `/dev/stdout`. - Fixes php_uname to gethostname replacment regex quoting. - Fixes README SSL/TLS data volume names/paths in examples. - Fixes bootstrap; ensure user creation occurs before setting ownership with user. diff --git a/src/usr/sbin/httpd-wrapper b/src/usr/sbin/httpd-wrapper index ece28f3..85a0bb9 100755 --- a/src/usr/sbin/httpd-wrapper +++ b/src/usr/sbin/httpd-wrapper @@ -89,7 +89,7 @@ function main () __get_apache_operating_mode )" - local options="-c \"ErrorLog /dev/stdout\" -D FOREGROUND -D ${mode}" + local options="-c \"ErrorLog /dev/stderr\" -D FOREGROUND -D ${mode}" if [[ ${autostart_bootstrap} == false ]] then From 5b13a5ea5c10d35b1b613b05531247bb3e9b37b3 Mon Sep 17 00:00:00 2001 From: James Deathe Date: Thu, 11 Jul 2019 00:35:37 +0100 Subject: [PATCH 08/15] #671: Adds PACKAGE_PATH placeholder/variable replacement in bootstrap of configuration files. --- CHANGELOG.md | 1 + src/usr/sbin/httpd-bootstrap | 1 + 2 files changed, 2 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 0c967d7..4d85dfd 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -14,6 +14,7 @@ CentOS-6 6.10 x86_64, Apache 2.2, PHP 5.3, PHP memcached 1.0, PHP APC 3.1. - Fixes php_uname to gethostname replacment regex quoting. - Fixes README SSL/TLS data volume names/paths in examples. - Fixes bootstrap; ensure user creation occurs before setting ownership with user. +- Adds `PACKAGE_PATH` placeholder/variable replacement in bootstrap of configuration files. - Removes unused `DOCKER_PORT_MAP_TCP_22` variable from environment includes. ### 1.12.0 - 2019-04-11 diff --git a/src/usr/sbin/httpd-bootstrap b/src/usr/sbin/httpd-bootstrap index 57c0bbc..e261cd9 100755 --- a/src/usr/sbin/httpd-bootstrap +++ b/src/usr/sbin/httpd-bootstrap @@ -1938,6 +1938,7 @@ function main () -e "s~(\\$\{|\{\{)APACHE_SSL_CIPHER_SUITE(\}\}|(:-.+)?\})~${apache_ssl_cipher_suite}~g" \ -e "s~(\\$\{|\{\{)APACHE_SSL_PROTOCOL(\}\}|(:-.+)?\})~${apache_ssl_protocol}~g" \ -e "s~(\\$\{|\{\{)APACHE_SYSTEM_USER(\}\}|(:-.+)?\})~${apache_system_user}~g" \ + -e "s~(\\$\{|\{\{)PACKAGE_PATH(\}\}|(:-.+)?\})~${package_path}~g" \ -e "s~(\\$\{|\{\{)PHP_OPTIONS_DATE_TIMEZONE(\}\}|(:-.+)?\})~${php_options_date_timezone}~g" \ -e "s~(\\$\{|\{\{)PHP_OPTIONS_SESSION_NAME(\}\}|(:-.+)?\})~${php_options_session_name}~g" \ -e "s~(\\$\{|\{\{)PHP_OPTIONS_SESSION_SAVE_HANDLER(\}\}|(:-.+)?\})~${php_options_session_save_handler}~g" \ From bf0c712a47e80e052d3c1764a100d691dc02d9f6 Mon Sep 17 00:00:00 2001 From: James Deathe Date: Thu, 11 Jul 2019 13:20:09 +0100 Subject: [PATCH 09/15] #666: Updates Apache configuration to use DSO Module identifiers for consistency. --- CHANGELOG.md | 1 + src/etc/httpd/conf.d/00-deflate.conf | 6 +++--- src/etc/httpd/conf.d/00-expires.conf | 2 +- src/etc/httpd/conf.d/00-headers.conf | 2 +- src/etc/httpd/conf.d/00-mime-type.conf | 2 +- src/etc/httpd/conf.d/00-php-operating-mode.conf | 2 +- src/etc/httpd/conf.d/00-reqtimeout.conf | 2 +- src/etc/httpd/conf.d/10-name-virtual-host.conf | 2 +- src/etc/httpd/conf.d/10-virtual-host-encrypted.conf | 2 +- src/etc/httpd/conf.virtualhost.d/00-log.conf | 4 ++-- src/etc/httpd/conf.virtualhost.d/00-rewrite.conf | 2 +- 11 files changed, 14 insertions(+), 13 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 4d85dfd..35adf41 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -11,6 +11,7 @@ CentOS-6 6.10 x86_64, Apache 2.2, PHP 5.3, PHP memcached 1.0, PHP APC 3.1. - Updates Dockerfile `org.deathe.description` metadata LABEL to include PHP redis module. - Updates description in centos-ssh-apache-php.register@.service. - Updates wrapper to set httpd ErrorLog to `/dev/stderr` instead of `/dev/stdout`. +- Updates Apache configuration to use DSO Module identifiers for consistency. - Fixes php_uname to gethostname replacment regex quoting. - Fixes README SSL/TLS data volume names/paths in examples. - Fixes bootstrap; ensure user creation occurs before setting ownership with user. diff --git a/src/etc/httpd/conf.d/00-deflate.conf b/src/etc/httpd/conf.d/00-deflate.conf index 4eb118d..dac92d2 100644 --- a/src/etc/httpd/conf.d/00-deflate.conf +++ b/src/etc/httpd/conf.d/00-deflate.conf @@ -1,7 +1,7 @@ - + # Identify known cases of invalidated Accept-Encoding request headers. - - + + SetEnvIfNoCase \ ^(Accept-EncodXng|X-cept-Encoding|[X~-]{15})$ \ ^((gzip|deflate)\s*,?\s*)+|[X~-]{4,13}$ \ diff --git a/src/etc/httpd/conf.d/00-expires.conf b/src/etc/httpd/conf.d/00-expires.conf index 4e50751..24d89c3 100644 --- a/src/etc/httpd/conf.d/00-expires.conf +++ b/src/etc/httpd/conf.d/00-expires.conf @@ -1,4 +1,4 @@ - + ExpiresActive On ExpiresByType application/font-woff A604800 ExpiresByType application/font-woff2 A604800 diff --git a/src/etc/httpd/conf.d/00-headers.conf b/src/etc/httpd/conf.d/00-headers.conf index 1e107f5..224c72d 100644 --- a/src/etc/httpd/conf.d/00-headers.conf +++ b/src/etc/httpd/conf.d/00-headers.conf @@ -1,4 +1,4 @@ - + RequestHeader unset Proxy early Header unset X-Service-Operating-Mode diff --git a/src/etc/httpd/conf.d/00-mime-type.conf b/src/etc/httpd/conf.d/00-mime-type.conf index e376fd6..f4d27aa 100644 --- a/src/etc/httpd/conf.d/00-mime-type.conf +++ b/src/etc/httpd/conf.d/00-mime-type.conf @@ -1,4 +1,4 @@ - + AddEncoding gzip svgz AddType application/font-woff woff AddType application/font-woff2 woff2 diff --git a/src/etc/httpd/conf.d/00-php-operating-mode.conf b/src/etc/httpd/conf.d/00-php-operating-mode.conf index ef67ef5..aa100fd 100644 --- a/src/etc/httpd/conf.d/00-php-operating-mode.conf +++ b/src/etc/httpd/conf.d/00-php-operating-mode.conf @@ -1,4 +1,4 @@ - + # Operating mode is production default php_value error_reporting 32767 diff --git a/src/etc/httpd/conf.d/00-reqtimeout.conf b/src/etc/httpd/conf.d/00-reqtimeout.conf index b95b0a1..46c0255 100644 --- a/src/etc/httpd/conf.d/00-reqtimeout.conf +++ b/src/etc/httpd/conf.d/00-reqtimeout.conf @@ -1,3 +1,3 @@ - + RequestReadTimeout header=20-40,MinRate=500 body=20,MinRate=500 diff --git a/src/etc/httpd/conf.d/10-name-virtual-host.conf b/src/etc/httpd/conf.d/10-name-virtual-host.conf index 12f9831..e57833f 100644 --- a/src/etc/httpd/conf.d/10-name-virtual-host.conf +++ b/src/etc/httpd/conf.d/10-name-virtual-host.conf @@ -1,7 +1,7 @@ NameVirtualHost *:80 NameVirtualHost *:8443 - + NameVirtualHost *:443 diff --git a/src/etc/httpd/conf.d/10-virtual-host-encrypted.conf b/src/etc/httpd/conf.d/10-virtual-host-encrypted.conf index a1f5994..933b51b 100644 --- a/src/etc/httpd/conf.d/10-virtual-host-encrypted.conf +++ b/src/etc/httpd/conf.d/10-virtual-host-encrypted.conf @@ -1,4 +1,4 @@ - + Include conf.virtualhost.d/*.conf diff --git a/src/etc/httpd/conf.virtualhost.d/00-log.conf b/src/etc/httpd/conf.virtualhost.d/00-log.conf index 4ad474d..4d3130b 100644 --- a/src/etc/httpd/conf.virtualhost.d/00-log.conf +++ b/src/etc/httpd/conf.virtualhost.d/00-log.conf @@ -1,9 +1,9 @@ ErrorLog "${APACHE_ERROR_LOG_LOCATION}" LogLevel "${APACHE_ERROR_LOG_LEVEL}" - + CustomLog "${APACHE_CUSTOM_LOG_LOCATION}" "${APACHE_CUSTOM_LOG_FORMAT}" env=!SKIP_CUSTOM_LOG - + SetEnvIf Request_Method ".*" TRUSTED_ADDRESS=false SetEnvIf Remote_Addr "^127\.0\.0\.1$" TRUSTED_ADDRESS=true diff --git a/src/etc/httpd/conf.virtualhost.d/00-rewrite.conf b/src/etc/httpd/conf.virtualhost.d/00-rewrite.conf index f1d444e..685e9a5 100644 --- a/src/etc/httpd/conf.virtualhost.d/00-rewrite.conf +++ b/src/etc/httpd/conf.virtualhost.d/00-rewrite.conf @@ -1,4 +1,4 @@ - + RewriteEngine On RewriteOptions Inherit From ea81056d783d3a1743c367178f28f913944a5623 Mon Sep 17 00:00:00 2001 From: James Deathe Date: Fri, 12 Jul 2019 12:54:32 +0100 Subject: [PATCH 10/15] #712: Updates README and related content to improve readability and simplify maintenance. --- CHANGELOG.md | 9 +- Dockerfile | 2 +- README-short.txt | 2 +- README.md | 297 +++++++++++++---------------------------------- command-keys.md | 67 ----------- 5 files changed, 87 insertions(+), 290 deletions(-) delete mode 100644 command-keys.md diff --git a/CHANGELOG.md b/CHANGELOG.md index 35adf41..1e116f9 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,10 +1,8 @@ # Change Log -## centos-6 +## 1 - centos-6 -Summary of release changes for Version 1. - -CentOS-6 6.10 x86_64, Apache 2.2, PHP 5.3, PHP memcached 1.0, PHP APC 3.1. +Summary of release changes. ### 1.13.0 - Unreleased @@ -12,6 +10,9 @@ CentOS-6 6.10 x86_64, Apache 2.2, PHP 5.3, PHP memcached 1.0, PHP APC 3.1. - Updates description in centos-ssh-apache-php.register@.service. - Updates wrapper to set httpd ErrorLog to `/dev/stderr` instead of `/dev/stdout`. - Updates Apache configuration to use DSO Module identifiers for consistency. +- Updates CHANGELOG.md to simplify maintenance. +- Updates README.md to simplify contents and improve readability. +- Updates README-short.txt to apply to all image variants. - Fixes php_uname to gethostname replacment regex quoting. - Fixes README SSL/TLS data volume names/paths in examples. - Fixes bootstrap; ensure user creation occurs before setting ownership with user. diff --git a/Dockerfile b/Dockerfile index 2ac9ee5..998cc1f 100644 --- a/Dockerfile +++ b/Dockerfile @@ -269,7 +269,7 @@ jdeathe/centos-ssh-apache-php:${RELEASE_VERSION} \ org.deathe.license="MIT" \ org.deathe.vendor="jdeathe" \ org.deathe.url="https://github.com/jdeathe/centos-ssh-apache-php" \ - org.deathe.description="CentOS-6 6.10 x86_64 - Apache 2.2, PHP 5.3, PHP memcached 1.0, PHP redis 2.2, PHP APC 3.1." + org.deathe.description="Apache 2.2, PHP 5.3, PHP memcached 1.0, PHP redis 2.2, PHP APC 3.1 - CentOS-6 6.10 x86_64." HEALTHCHECK \ --interval=1s \ diff --git a/README-short.txt b/README-short.txt index ca1cf2e..79dc621 100644 --- a/README-short.txt +++ b/README-short.txt @@ -1 +1 @@ -CentOS-6 6.10 x86_64 - Apache / PHP / PHP memcached / PHP APC. \ No newline at end of file +Apache PHP - CentOS. \ No newline at end of file diff --git a/README.md b/README.md index 44749db..5eff818 100644 --- a/README.md +++ b/README.md @@ -1,51 +1,24 @@ -centos-ssh-apache-php -===================== - -Docker Image including: - -- CentOS-6 6.10 x86_64, Apache 2.2, PHP 5.3, PHP memcached 1.0, PHP redis 2.2, PHP APC 3.1. -- CentOS-6 6.10 x86_64, Apache 2.4, PHP-FPM 5.6, PHP memcached 2.2, PHP redis 3.1, Zend Opcache 7.0. -- CentOS-7 7.5.1804 x86_64, Apache 2.4, PHP-FPM 7.2, PHP memcached 3.0, PHP redis 3.1, Zend Opcache 7.2. - -Apache PHP web server, loading only a minimal set of Apache modules by default. Supports custom configuration via environment variables. - -## Overview & links - ### Tags and respective `Dockerfile` links -- `centos-7-httpd24u-php72u`, `centos-7-httpd24u-php72u-3.1.1`, `3.1.1` [(centos-7-httpd24u-php72u/Dockerfile)](https://github.com/jdeathe/centos-ssh-apache-php/blob/centos-7-httpd24u-php72u/Dockerfile) -- `centos-6-httpd24u-php56u`, `centos-6-httpd24u-php56u-2.3.1`, `2.3.1` [(centos-6-httpd24u-php56u/Dockerfile)](https://github.com/jdeathe/centos-ssh-apache-php/blob/centos-6-httpd24u-php56u/Dockerfile) +- `centos-7-httpd24u-php72u`, `centos-7-httpd24u-php72u-3.2.0`, `3.2.0` [(centos-7-httpd24u-php72u/Dockerfile)](https://github.com/jdeathe/centos-ssh-apache-php/blob/centos-7-httpd24u-php72u/Dockerfile) +- `centos-6-httpd24u-php56u`, `centos-6-httpd24u-php56u-2.4.0`, `2.4.0` [(centos-6-httpd24u-php56u/Dockerfile)](https://github.com/jdeathe/centos-ssh-apache-php/blob/centos-6-httpd24u-php56u/Dockerfile) - `centos-6`, `centos-6-1.12.0`, `1.12.0` [(centos-6/Dockerfile)](https://github.com/jdeathe/centos-ssh-apache-php/blob/centos-6/Dockerfile) -#### centos-6 - -The latest CentOS-6 Standard Package based release can be pulled from the `centos-6` Docker tag. It is recommended to select a specific release tag - the convention is `centos-6-1.12.0` or `1.12.0` for the [1.12.0](https://github.com/jdeathe/centos-ssh-apache-php/tree/1.12.0) release tag. This build of [Apache](https://httpd.apache.org/), (httpd CentOS package), uses the mpm_prefork_module and php5_module modules for handling [PHP](http://php.net/). - -#### centos-6-httpd24u-php56u +## Overview -The latest CentOS-6 [IUS](https://ius.io) Apache 2.4, [IUS](https://ius.io) PHP-FPM 5.6 based release can be pulled from the `centos-6-httpd24u-php56u` Docker tag. It is recommended to select a specific release tag - the convention is `centos-6-httpd24u-php56u-2.3.1` or `2.3.1` for the [2.3.1](https://github.com/jdeathe/centos-ssh-apache-php/tree/2.3.1) release tag. This build of [Apache](https://httpd.apache.org/), (httpd24u package), uses the mpm_prefork_module and php-fpm for handling [PHP](http://php.net/). This version has the option of using the worker or event MPM. +Apache PHP web server, loading only a minimal set of Apache modules by default. -#### centos-7-httpd24u-php72u +This build uses the base image [jdeathe/centos-ssh](https://github.com/jdeathe/centos-ssh) so inherits it's features but with `sshd` disabled by default. [Supervisor](http://supervisord.org/) is used to start the Apache [`httpd`](https://httpd.apache.org/) daemon when a docker container based on this image is run. -The latest CentOS-7 [IUS](https://ius.io) Apache 2.4, [IUS](https://ius.io) PHP-FPM 7.2 based release can be pulled from the `centos-7-httpd24u-php72u` Docker tag. It is recommended to select a specific release tag - the convention is `centos-7-httpd24u-php72u-3.1.1` or `3.1.1` for the [3.1.1](https://github.com/jdeathe/centos-ssh-apache-php/tree/3.1.1) release tag. This build of [Apache](https://httpd.apache.org/), uses the mpm_prefork_module and php-fpm for handling [PHP](http://php.net/). This version has the option of using the worker or event MPM. +### Image variants -Included in the build are the [SCL](https://www.softwarecollections.org/), [EPEL](http://fedoraproject.org/wiki/EPEL) and [IUS](https://ius.io) repositories. Installed packages include [OpenSSH](http://www.openssh.com/portable.html) secure shell, [vim-minimal](http://www.vim.org/), [elinks](http://elinks.or.cz) (for fullstatus support), PHP [Memcached](http://pecl.php.net/package/memcached) are installed along with python-setuptools, [supervisor](http://supervisord.org/) and [supervisor-stdout](https://github.com/coderanger/supervisor-stdout). The `centos-6` "Standard" PHP 5.3 build includes PHP [APC](http://pecl.php.net/package/APC) where Zend Opcache is bundled in PHP 5.6 and 7.2. - -Supervisor is used to start the httpd (and, if applicable, php-fpm) daemon when a docker container based on this image is run. To enable simple viewing of stdout for the service's subprocess, supervisor-stdout is included. This allows you to see output from the supervisord controlled subprocesses with `docker logs {docker-container-name}`. - -If enabling and configuring SSH access, it is by public key authentication and, by default, the [Vagrant](http://www.vagrantup.com/) [insecure private key](https://github.com/mitchellh/vagrant/blob/master/keys/vagrant) is required. - -### SSH Alternatives - -SSH is not required in order to access a terminal for the running container. The simplest method is to use the docker exec command to run bash (or sh) as follows: - -``` -$ docker exec -it {docker-name-or-id} bash -``` +- [IUS Apache 2.4, IUS PHP-FPM 7.2, PHP memcached 3.0, PHP redis 3.1, Zend Opcache 7.2 - CentOS-7](https://github.com/jdeathe/centos-ssh-apache-php/blob/centos-7-httpd24u-php72u) +- [IUS Apache 2.4, IUS PHP-FPM 5.6, PHP memcached 2.2, PHP redis 3.1, Zend Opcache 7.0 - CentOS-6](https://github.com/jdeathe/centos-ssh-apache-php/blob/centos-6-httpd24u-php56u) +- [Apache 2.2, PHP 5.3, PHP memcached 1.0, PHP redis 2.2, PHP APC 3.1 - CentOS-6](https://github.com/jdeathe/centos-ssh-apache-php/blob/centos-6) -For cases where access to docker exec is not possible the preferred method is to use Command Keys and the nsenter command. See [command-keys.md](https://github.com/jdeathe/centos-ssh-apache-php/blob/centos-6/command-keys.md) for details on how to set this up. +## Quick start -## Quick Example +> For production use, it is recommended to select a specific release tag as shown in the examples. Run up a container named `apache-php.1` from the docker image `jdeathe/centos-ssh-apache-php` on port 8080 of your docker host. @@ -54,210 +27,87 @@ $ docker run -d \ --name apache-php.1 \ -p 8080:80 \ -e "APACHE_SERVER_NAME=app-1.local" \ - jdeathe/centos-ssh-apache-php:1.12.0 + jdeathe/centos-ssh-apache-php:3.2.0 ``` -Now point your browser to `http://{docker-host}:8080` where `{docker-host}` is the host name of your docker server and, if all went well, you should see the "Hello, world!" page. +Go to `http://{{docker-host}}:8080` using a browser where `{{docker-host}}` is the host name of your docker server and, if all went well, you should see the "Hello, world!" page. -![PHP "Hello, world!" - Chrome screenshot](https://raw.github.com/jdeathe/centos-ssh-apache-php/centos-6/images/php-hello-world-chrome.png) +![PHP "Hello, world!" - Chrome screenshot](https://raw.github.com/jdeathe/centos-ssh-apache-php/centos-7-httpd24u-php72u/images/php-hello-world-chrome.png) -To be able to access the server using the "app-1.local" domain name you need to add a hosts file entry locally; such that the IP address of the Docker host resolves to the name "app-1.local". Alternatively, you can use the elinks browser installed in the container. Note that because you are using the browser from the container you access the site over port 80. +To be able to access the server using the "app-1.local" domain name you need to add a hosts file entry locally; such that the IP address of the Docker host resolves to the name "app-1.local". Alternatively, you can use the `elinks` browser installed in the container. + +> Note that because you are using the browser from the container you access the site over the standard port 80. ``` $ docker exec -it apache-php.1 \ elinks http://app-1.local ``` -![PHP "Hello, world!" - eLinks screenshot](https://raw.github.com/jdeathe/centos-ssh-apache-php/centos-6/images/php-hello-world-elinks.png) +![PHP "Hello, world!" - eLinks screenshot](https://raw.github.com/jdeathe/centos-ssh-apache-php/centos-7-httpd24u-php72u/images/php-hello-world-elinks.png) -To verify the container is initialised and running successfully by inspecting the container's logs. +Verify the named container's process status and health. + +``` +$ docker ps -a \ + -f "name=apache-php.1" +``` + +Verify successful initialisation of the named container. ``` $ docker logs apache-php.1 ``` -On first run, the bootstrap script, ([/usr/sbin/httpd-bootstrap](https://github.com/jdeathe/centos-ssh-apache-php/blob/centos-6/src/usr/sbin/httpd-bootstrap)), will check if the DocumentRoot directory is empty and, if so, will populate it with the example app scripts and app specific configuration files. +On first run, if the DocumentRoot directory is empty, it will be populated with the example app scripts and app specific configuration files. The `apachectl` command can be accessed as follows. ``` $ docker exec -it apache-php.1 \ - bash -c "apachectl -h" + apachectl -h ``` ## Instructions ### Running -To run the a docker container from this image you can use the standard docker commands. Alternatively, you can use the embedded (Service Container Manager Interface) [scmi](https://github.com/jdeathe/centos-ssh/blob/centos-6/src/usr/sbin/scmi) that is included in the image since `centos-6-1.7.2` or, if you have a checkout of the [source repository](https://github.com/jdeathe/centos-ssh-apache-php), and have make installed the Makefile provides targets to build, install, start, stop etc. where environment variables can be used to configure the container options and set custom docker run parameters. - -#### SCMI Installation Examples +To run the a docker container from this image you can use the standard docker commands as shown in the example below. Alternatively, there's a [docker-compose](https://github.com/jdeathe/centos-ssh-apache-php/blob/centos-7-httpd24u-php72u/docker-compose.yml) example. -The following example uses docker to run the SCMI install command to create and start a container named `apache-php.1`. To use SCMI it requires the use of the `--privileged` docker run parameter and the docker host's root directory mounted as a volume with the container's mount directory also being set in the `scmi` `--chroot` option. The `--setopt` option is used to add extra parameters to the default docker run command template; in the following example a named configuration volume is added which allows the SSH host keys to persist after the first container initialisation. Not that the placeholder `{{NAME}}` can be used in this option and is replaced with the container's name. +For production use, it is recommended to select a specific release tag as shown in the examples. -##### SCMI Install +#### Using environment variables ``` -$ docker run \ - --rm \ - --privileged \ - --volume /:/media/root \ - --env BASH_ENV="" \ - --env ENV="" \ - jdeathe/centos-ssh-apache-php:1.12.0 \ - /usr/sbin/scmi install \ - --chroot=/media/root \ - --tag=1.12.0 \ - --name=apache-php.1 -``` - -##### SCMI Uninstall - -To uninstall the previous example simply run the same docker run command with the scmi `uninstall` command. - -``` -$ docker run \ - --rm \ - --privileged \ - --volume /:/media/root \ - --env BASH_ENV="" \ - --env ENV="" \ - jdeathe/centos-ssh-apache-php:1.12.0 \ - /usr/sbin/scmi uninstall \ - --chroot=/media/root \ - --tag=1.12.0 \ - --name=apache-php.1 -``` - -##### SCMI Systemd Support - -If your docker host has systemd (and optionally etcd) installed then `scmi` provides a method to install the container as a systemd service unit. This provides some additional features for managing a group of instances on a single docker host and has the option to use an etcd backed service registry. Using a systemd unit file allows the System Administrator to use a Drop-In to override the settings of a unit-file template used to create service instances. To use the systemd method of installation use the `-m` or `--manager` option of `scmi` and to include the optional etcd register companion unit use the `--register` option. - -``` -$ docker run \ - --rm \ - --privileged \ - --volume /:/media/root \ - --env BASH_ENV="" \ - --env ENV="" \ - jdeathe/centos-ssh-apache-php:1.12.0 \ - /usr/sbin/scmi install \ - --chroot=/media/root \ - --tag=1.12.0 \ - --name=apache-php.1 \ - --manager=systemd \ - --register \ - --env='APACHE_MOD_SSL_ENABLED=true' \ - --setopt='--volume {{NAME}}.data-tls:/etc/pki/tls' -``` - -##### SCMI Fleet Support - -**_Deprecation Notice:_** The fleet project is no longer maintained. The fleet `--manager` option has been deprecated in `scmi`. - -If your docker host has systemd, fleetd (and optionally etcd) installed then `scmi` provides a method to schedule the container to run on the cluster. This provides some additional features for managing a group of instances on a [fleet](https://github.com/coreos/fleet) cluster and has the option to use an etcd backed service registry. To use the fleet method of installation use the `-m` or `--manager` option of `scmi` and to include the optional etcd register companion unit use the `--register` option. - -##### SCMI Image Information - -Since release `centos-6-1.7.2` the install template has been added to the image metadata. Using docker inspect you can access `scmi` to simplify install/uninstall tasks. - -_NOTE:_ A prerequisite of the following examples is that the image has been pulled (or loaded from the release package). - -``` -$ docker pull jdeathe/centos-ssh-apache-php:1.12.0 -``` - -To see detailed information about the image run `scmi` with the `--info` option. To see all available `scmi` options run with the `--help` option. - -``` -$ eval "sudo -E $( - docker inspect \ - -f "{{.ContainerConfig.Labels.install}}" \ - jdeathe/centos-ssh-apache-php:1.12.0 - ) --info" -``` - -To perform an installation using the docker name `apache-php.2` simply use the `--name` or `-n` option. - -``` -$ eval "sudo -E $( - docker inspect \ - -f "{{.ContainerConfig.Labels.install}}" \ - jdeathe/centos-ssh-apache-php:1.12.0 - ) --name=apache-php.2" -``` - -To uninstall use the *same command* that was used to install but with the `uninstall` Label. - -``` -$ eval "sudo -E $( - docker inspect \ - -f "{{.ContainerConfig.Labels.uninstall}}" \ - jdeathe/centos-ssh-apache-php:1.12.0 - ) --name=apache-php.2" -``` - -##### SCMI on Atomic Host - -With the addition of install/uninstall image labels it is possible to use [Project Atomic's](http://www.projectatomic.io/) `atomic install` command to simplify install/uninstall tasks on [CentOS Atomic](https://wiki.centos.org/SpecialInterestGroup/Atomic) Hosts. - -To see detailed information about the image run `scmi` with the `--info` option. To see all available `scmi` options run with the `--help` option. - -``` -$ sudo -E atomic install \ - -n apache-php.3 \ - jdeathe/centos-ssh-apache-php:1.12.0 \ - --info -``` - -To perform an installation using the docker name `apache-php.3` simply use the `-n` option of the `atomic install` command. - -``` -$ sudo -E atomic install \ - -n apache-php.3 \ - jdeathe/centos-ssh-apache-php:1.12.0 -``` - -Alternatively, you could use the `scmi` options `--name` or `-n` for naming the container. - -``` -$ sudo -E atomic install \ - jdeathe/centos-ssh-apache-php:1.12.0 \ - --name apache-php.3 -``` - -To uninstall use the *same command* that was used to install but with the `uninstall` Label. - -``` -$ sudo -E atomic uninstall \ - -n apache-php.3 \ - jdeathe/centos-ssh-apache-php:1.12.0 +$ docker stop apache-php.1 && \ + docker rm apache-php.1; \ + docker run -d \ + --name apache-php.1 \ + --publish 8080:80 \ + --publish 9443:443 \ + --env "APACHE_CUSTOM_LOG_LOCATION=/dev/stdout" \ + --env "APACHE_ERROR_LOG_LOCATION=/dev/stderr" \ + --env "APACHE_EXTENDED_STATUS_ENABLED=true" \ + --env "APACHE_LOAD_MODULES=env_module rewrite_module" \ + --env "APACHE_MOD_SSL_ENABLED=true" \ + --env "APACHE_MPM=event" \ + --env "APACHE_SERVER_NAME=app-1.local" \ + --env "APACHE_SSL_PROTOCOL=All -SSLv2 -SSLv3 -TLSv1 -TLSv1.1" \ + --env "PHP_OPTIONS_DATE_TIMEZONE=Europe/London" \ + --volume apache-php.1.data-tls:/etc/pki/tls \ + jdeathe/centos-ssh-apache-php:3.2.0 ``` #### Environment Variables There are environmental variables available which allows the operator to customise the running container. -##### APACHE_AUTOSTART_HTTPD_BOOTSTRAP & APACHE_AUTOSTART_HTTPD_WRAPPER +##### APACHE_AUTOSTART_HTTPD_BOOTSTRAP, APACHE_AUTOSTART_HTTPD_WRAPPER & APACHE_AUTOSTART_PHP_FPM_WRAPPER -It may be desirable to prevent the startup of the httpd-bootstrap and/or httpd-wrapper scripts. For example, when using an image built from this Dockerfile as the source for another Dockerfile you could disable services from startup by setting `APACHE_AUTOSTART_HTTPD_WRAPPER` to `false`. The benefit of this is to reduce the number of running processes in the final container. Another use for this would be to make use of the packages installed in the image such as `ab`, `curl`, `elinks`, `php-cli` etc. - -##### APACHE_SERVER_NAME & APACHE_SERVER_ALIAS - -The `APACHE_SERVER_NAME` and `APACHE_SERVER_ALIAS` environmental variables are used to set the VirtualHost `ServerName` and `ServerAlias` values respectively. If the value contains the placeholder `{{HOSTNAME}}` it will be replaced with the system `hostname` value; by default this is the container id but the hostname can be modified using the `--hostname` docker create|run parameter. - -In the following example the running container would respond to the host names `app-1.local` or `app-1`. - -``` -... - --env "APACHE_SERVER_ALIAS=app-1" \ - --env "APACHE_SERVER_NAME=app-1.local" \ -... -``` +It may be desirable to prevent the startup of the `httpd-bootstrap`, `httpd-wrapper`, and/or, `php-fpm-wrapper` scripts. For example, when using an image built from this Dockerfile as the source for another Dockerfile you could disable services from startup by setting `APACHE_AUTOSTART_HTTPD_WRAPPER` and `APACHE_AUTOSTART_PHP_FPM_WRAPPER` to `false`. The benefit of this is to reduce the number of running processes in the final container. Another use for this would be to make use of the packages installed in the image such as `ab`, `curl`, `elinks`, `php-cli` etc. ##### APACHE_CONTENT_ROOT -The home directory of the service user and parent directory of the Apache DocumentRoot is /var/www/app by default but can be changed if necessary using the `APACHE_CONTENT_ROOT` environment variable. +The home directory of the service user and parent directory of the Apache DocumentRoot is `/var/www/app` by default but can be changed if necessary using the `APACHE_CONTENT_ROOT` environment variable. ``` ... @@ -265,8 +115,6 @@ The home directory of the service user and parent directory of the Apache Docume ... ``` -from your browser you can then access it with `http://app-1.local:8080` assuming you have the IP address of your docker mapped to the hostname using your DNS server or a local hosts entry. - ##### APACHE_CUSTOM_LOG_LOCATION & APACHE_CUSTOM_LOG_FORMAT The Apache CustomLog can be defined using `APACHE_CUSTOM_LOG_LOCATION` to set a file, (or pipe), location and `APACHE_CUSTOM_LOG_FORMAT` to specify the required LogFormat nickname. @@ -315,13 +163,15 @@ The variable `APACHE_EXTENDED_STATUS_ENABLED` allows you to turn ExtendedStatus ... ``` -You can view the output from Apache server-status either using the elinks browser from onboard the container or by using `watch` and `curl` to monitor status over time. The following command shows the server-status updated at a 1 second interval given an `APACHE_SERVER_NAME` or `APACHE_SERVER_ALIAS` of "app-1.local". +You can view the output from Apache server-status either using the `elinks` browser from onboard the container or by using `watch` and `curl` to monitor status over time. The following command shows the server-status updated at a 1 second interval given an `APACHE_SERVER_NAME` or `APACHE_SERVER_ALIAS` of "app-1.local". ``` $ docker exec -it apache-php.1 \ env TERM=xterm \ watch -n 1 \ - -d "curl -sH 'Host: app-1.local' http://127.0.0.1/server-status?auto" + -d "curl -s \ + -H 'Host: app-1.local' \ + http://127.0.0.1/server-status?auto" ``` ##### APACHE_HEADER_X_SERVICE_UID @@ -350,8 +200,8 @@ By default SSL support is disabled but a second port, (mapped to 8443), is avail ``` $ docker stop apache-php.1 && \ - docker rm apache-php.1 -$ docker run -d \ + docker rm apache-php.1; \ + docker run -d \ --name apache-php.1 \ --publish 8080:80 \ --publish 9443:443 \ @@ -359,16 +209,16 @@ $ docker run -d \ --env "APACHE_SERVER_NAME=app-1.local" \ --env "APACHE_MOD_SSL_ENABLED=true" \ --volume apache-php.1.data-tls:/etc/pki/tls \ - jdeathe/centos-ssh-apache-php:1.12.0 + jdeathe/centos-ssh-apache-php:3.2.0 ``` ##### APACHE_MPM -Using `APACHE_MPM` the Apache MPM can be set. Defaults to `prefork` and in most cases this shouldn't be altered. +Using `APACHE_MPM` the Apache MPM can be set. Defaults to `prefork` but `event` or `worker`, is recommended. ``` ... - --env "APACHE_MPM=prefork" \ + --env "APACHE_MPM=event" \ ... ``` @@ -393,6 +243,19 @@ The public directory is relative to the `APACHE_CONTENT_ROOT` and together they ... ``` +##### APACHE_SERVER_ALIAS & APACHE_SERVER_NAME + +The `APACHE_SERVER_NAME` and `APACHE_SERVER_ALIAS` environmental variables are used to set the VirtualHost `ServerName` and `ServerAlias` values respectively. If the value contains the placeholder `{{HOSTNAME}}` it will be replaced with the system `hostname` value; by default this is the container id but the hostname can be modified using the `--hostname` docker create|run parameter. + +In the following example the running container would respond to the host names `app-1.local` or `app-1`. + +``` +... + --env "APACHE_SERVER_ALIAS=app-1" \ + --env "APACHE_SERVER_NAME=app-1.local" \ +... +``` + ##### APACHE_SSL_CERTIFICATE The `APACHE_SSL_CERTIFICATE` environment variable is used to define a PEM encoded certificate bundle. To make a compatible certificate bundle use the `cat` command to combine the certificate files together. @@ -406,7 +269,7 @@ $ cat /usr/share/private/server-key.pem \ Base64 encoding of the PEM file contents is recommended if not using the file path method. -*Note:* The `base64` command on Mac OSX will encode a file without line breaks by default but if using the command on Linux you need to include use the `-w` option to prevent wrapping lines at 80 characters. i.e. `base64 -w 0 -i {certificate-path}`. +> *Note:* The `base64` command on Mac OSX will encode a file without line breaks by default but if using the command on Linux you need to include use the `-w` option to prevent wrapping lines at 80 characters. i.e. `base64 -w 0 -i {{certificate-path}}`. ``` ... @@ -432,7 +295,7 @@ References: - [OpenSSL ciphers documentation](https://www.openssl.org/docs/manmaster/man1/ciphers.html). - [Mozilla Security/Server Side TLS guidance](https://wiki.mozilla.org/Security/Server_Side_TLS). -*Note:* The value show is using space separated values to allow for readablity in the documentation; this is valid syntax however using the colon separator is the recommended form. +> *Note:* The value show is using space separated values to allow for readablity in the documentation; this is valid syntax however using the colon separator is the recommended form. ``` ... @@ -479,15 +342,15 @@ To set the timezone for the UK and account for British Summer Time you would use ##### PHP_OPTIONS_SESSION_NAME, PHP_OPTIONS_SESSION_SAVE_HANDLER & PHP_OPTIONS_SESSION_SAVE_PATH -Using `PHP_OPTIONS_SESSION_SAVE_HANDLER` and `PHP_OPTIONS_SESSION_SAVE_PATH` together it's possible to configure PHP to use an alternative `session.save_handler` and `session.save_path`. For example if you have a Memcached server running on the host `memcached-server` on the default port `11211` the following configuration will allow session data to be stored in Memcached, allowing session data to be shared between multiple PHP containers. +Using `PHP_OPTIONS_SESSION_SAVE_HANDLER` and `PHP_OPTIONS_SESSION_SAVE_PATH` together it's possible to configure PHP to use an alternative `session.save_handler` and `session.save_path`. For example if you have a Redis server running on the host `redis-server` on the default port `6379` the following configuration will allow session data to be stored in Redis, allowing session data to be shared between multiple PHP containers. -Using `PHP_OPTIONS_SESSION_NAME` a session name can be defined - otherwise the default name "PHPSESSID" is used. +Using `PHP_OPTIONS_SESSION_NAME` a session name can be defined - otherwise the default name "PHPSESSID" is used. ``` ... - --env "PHP_OPTIONS_SESSION_NAME=app-session" \ - --env "PHP_OPTIONS_SESSION_SAVE_HANDLER=memcached" \ - --env "PHP_OPTIONS_SESSION_SAVE_PATH=memcached-server:11211" \ + --env "PHP_OPTIONS_SESSION_NAME=APPSESSID" \ + --env "PHP_OPTIONS_SESSION_SAVE_HANDLER=redis" \ + --env "PHP_OPTIONS_SESSION_SAVE_PATH=redis-server:6379" \ ... ``` diff --git a/command-keys.md b/command-keys.md deleted file mode 100644 index 9bdf6a9..0000000 --- a/command-keys.md +++ /dev/null @@ -1,67 +0,0 @@ -# Command Keys - -Using command keys to access containers (without sshd). - -Access docker containers using docker host SSH public key authentication and nsenter command to start up a bash terminal inside a container. In the following example the container name is "apache-php.pool-1.1.1" - -## Create a unique public/private key pair for each container - -``` -$ cd ~/.ssh/ && ssh-keygen -q -t rsa -f id-rsa.apache-php.pool-1.1.1 -``` - -## Prefix the public key with the nsenter command - -``` -$ sed -i '' \ - '1s#^#command="sudo nsenter -m -u -i -n -p -t $(docker inspect --format \\\"{{ .State.Pid }}\\\" apache-php.pool-1.1.1) /bin/bash" #' \ - ~/.ssh/id-rsa.apache-php.pool-1.1.1.pub -``` - -## Upload the public key to the docker host VM - -The host in this example is core-01.local that has SSH public key authentication enabled using the Vagrant insecure private key. - -### Generic Linux Host Example - -``` -$ cat ~/.ssh/id-rsa.apache-php.pool-1.1.1.pub | ssh -i ~/.vagrant.d/insecure_private_key \ - core@core-01.local \ - "mkdir -p ~/.ssh && cat >> ~/.ssh/authorized_keys" -``` - -### CoreOS Host Example - -``` -$ cat ~/.ssh/id-rsa.apache-php.pool-1.1.1.pub | ssh -i ~/.vagrant.d/insecure_private_key \ - core@core-01.local \ - update-ssh-keys -a core@apache-php.pool-1.1.1 -``` - -### Usage - -``` -$ ssh -i ~/.ssh/id-rsa.apache-php.pool-1.1.1 \ - core@core-01.local \ - -o StrictHostKeyChecking=no -``` - -#### SSH Config - -To simplify the command required to access the running container we can add an entry to the SSH configuration file ```~/.ssh/config``` as follows: - -``` -Host core-01.apache-php.pool-1.1.1 - HostName core-01.local - Port 22 - User core - StrictHostKeyChecking no - IdentitiesOnly yes - IdentityFile ~/.ssh/id-rsa.apache-php.pool-1.1.1 -``` - -With the above entry in place we can now run the following to access the running container: - -``` -$ ssh core-01.apache-php.pool-1.1.1 -``` From 694adfee643750ea0d4216bb2ec589713403bfbd Mon Sep 17 00:00:00 2001 From: James Deathe Date: Sun, 14 Jul 2019 15:49:47 +0100 Subject: [PATCH 11/15] #709: Updates source image to 1.11.0. --- .../{httpd-bootstrap.conf => 20-httpd-bootstrap.conf} | 0 .../supervisord.d/{httpd-wrapper.conf => 70-httpd-wrapper.conf} | 0 2 files changed, 0 insertions(+), 0 deletions(-) rename src/etc/supervisord.d/{httpd-bootstrap.conf => 20-httpd-bootstrap.conf} (100%) rename src/etc/supervisord.d/{httpd-wrapper.conf => 70-httpd-wrapper.conf} (100%) diff --git a/src/etc/supervisord.d/httpd-bootstrap.conf b/src/etc/supervisord.d/20-httpd-bootstrap.conf similarity index 100% rename from src/etc/supervisord.d/httpd-bootstrap.conf rename to src/etc/supervisord.d/20-httpd-bootstrap.conf diff --git a/src/etc/supervisord.d/httpd-wrapper.conf b/src/etc/supervisord.d/70-httpd-wrapper.conf similarity index 100% rename from src/etc/supervisord.d/httpd-wrapper.conf rename to src/etc/supervisord.d/70-httpd-wrapper.conf From 846ef2e35265710903d93b8fe2d1a79622207844 Mon Sep 17 00:00:00 2001 From: James Deathe Date: Sun, 14 Jul 2019 15:56:18 +0100 Subject: [PATCH 12/15] #709: Updates source image to 1.11.0. --- .env.example | 1 + CHANGELOG.md | 16 + Dockerfile | 21 +- Makefile | 287 +++++++++++------- README.md | 12 +- default.mk | 7 +- docker-compose.yml | 9 +- environment.mk | 32 +- src/etc/supervisord.d/20-httpd-bootstrap.conf | 7 +- src/etc/supervisord.d/70-httpd-wrapper.conf | 11 +- .../system/centos-ssh-apache-php@.service | 12 +- src/opt/scmi/default.sh | 5 +- src/opt/scmi/environment.sh | 29 +- src/opt/scmi/service-unit.sh | 5 +- src/usr/bin/healthcheck | 115 ++++--- src/usr/sbin/httpd-bootstrap | 94 +++--- src/usr/sbin/httpd-wrapper | 141 ++++++--- test/shpec/operation_shpec.sh | 16 +- 18 files changed, 518 insertions(+), 302 deletions(-) diff --git a/.env.example b/.env.example index 73dd5a5..bbe2525 100644 --- a/.env.example +++ b/.env.example @@ -23,3 +23,4 @@ PHP_OPTIONS_DATE_TIMEZONE=UTC PHP_OPTIONS_SESSION_NAME=PHPSESSID PHP_OPTIONS_SESSION_SAVE_HANDLER=files PHP_OPTIONS_SESSION_SAVE_PATH=var/session +SYSTEM_TIMEZONE=UTC diff --git a/CHANGELOG.md b/CHANGELOG.md index 1e116f9..1523ad2 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -6,6 +6,8 @@ Summary of release changes. ### 1.13.0 - Unreleased +- Updates source image to [1.11.0](https://github.com/jdeathe/centos-ssh/releases/tag/1.11.0). +- Updates `httpd24u` packages to 2.4.39-2. - Updates Dockerfile `org.deathe.description` metadata LABEL to include PHP redis module. - Updates description in centos-ssh-apache-php.register@.service. - Updates wrapper to set httpd ErrorLog to `/dev/stderr` instead of `/dev/stdout`. @@ -13,11 +15,25 @@ Summary of release changes. - Updates CHANGELOG.md to simplify maintenance. - Updates README.md to simplify contents and improve readability. - Updates README-short.txt to apply to all image variants. +- Updates Dockerfile `org.deathe.description` metadata LABEL for consistency. +- Updates supervisord configuration to send error log output to stderr. +- Updates bootstrap timer to use UTC date timestamps. +- Updates bootstrap supervisord configuration file/priority to `20-httpd-bootstrap.conf`/`20`. +- Updates httpd wrapper supervisord configuration file/priority to `70-httpd-wrapper.conf`/`70`. - Fixes php_uname to gethostname replacment regex quoting. - Fixes README SSL/TLS data volume names/paths in examples. - Fixes bootstrap; ensure user creation occurs before setting ownership with user. +- Fixes docker host connection status check in Makefile. - Adds `PACKAGE_PATH` placeholder/variable replacement in bootstrap of configuration files. +- Adds `inspect`, `reload` and `top` Makefile targets. +- Adds improved `clean` Makefile target; includes exited containers and dangling images. +- Adds `SYSTEM_TIMEZONE` handling to Makefile, scmi, systemd unit and docker-compose templates. +- Adds system time zone validation to healthcheck. +- Adds lock/state file to bootstrap/wrapper scripts. - Removes unused `DOCKER_PORT_MAP_TCP_22` variable from environment includes. +- Removes support for long image tags (i.e. centos-6-1.x.x). +- Removes `APACHE_AUTOSTART_HTTPD_BOOTSTRAP`, replaced with `ENABLE_HTTPD_BOOTSTRAP`. +- Removes `APACHE_AUTOSTART_HTTPD_WRAPPER`, replaced with `ENABLE_HTTPD_WRAPPER`. ### 1.12.0 - 2019-04-11 diff --git a/Dockerfile b/Dockerfile index 998cc1f..7f4923a 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,4 +1,4 @@ -FROM jdeathe/centos-ssh:1.10.1 +FROM jdeathe/centos-ssh:1.11.0 # Use the form ([{fqdn}-]{package-name}|[{fqdn}-]{provider-name}) ARG PACKAGE_NAME="app" @@ -7,10 +7,9 @@ ARG PACKAGE_RELEASE_VERSION="0.11.0" ARG RELEASE_VERSION="1.12.0" # ------------------------------------------------------------------------------ -# - Base install of required packages +# Base install of required packages # ------------------------------------------------------------------------------ -RUN rpm --rebuilddb \ - && yum -y install \ +RUN yum -y install \ --setopt=tsflags=nodocs \ --disableplugin=fastestmirror \ elinks-0.12-0.21.pre5.el6_3 \ @@ -172,6 +171,8 @@ RUN useradd -r -M -d /var/www/app -s /sbin/nologin app \ && sed -i \ -e "s~{{RELEASE_VERSION}}~${RELEASE_VERSION}~g" \ /etc/systemd/system/centos-ssh-apache-php@.service \ + && chmod 644 \ + /etc/supervisord.d/{20-httpd-bootstrap,70-httpd-wrapper}.conf \ && chmod 700 \ /usr/{bin/healthcheck,sbin/httpd-{bootstrap,wrapper}} @@ -209,8 +210,11 @@ EXPOSE 80 443 8443 # ------------------------------------------------------------------------------ # Set default environment variables used to configure the service container # ------------------------------------------------------------------------------ -ENV APACHE_AUTOSTART_HTTPD_BOOTSTRAP="true" \ - APACHE_AUTOSTART_HTTPD_WRAPPER="true" \ +ENV \ + ENABLE_HTTPD_BOOTSTRAP="true" \ + ENABLE_HTTPD_WRAPPER="true" \ + ENABLE_SSHD_BOOTSTRAP="false" \ + ENABLE_SSHD_WRAPPER="false" \ APACHE_CONTENT_ROOT="/var/www/${PACKAGE_NAME}" \ APACHE_CUSTOM_LOG_FORMAT="combined" \ APACHE_CUSTOM_LOG_LOCATION="var/log/apache_access_log" \ @@ -235,10 +239,7 @@ ENV APACHE_AUTOSTART_HTTPD_BOOTSTRAP="true" \ PHP_OPTIONS_DATE_TIMEZONE="UTC" \ PHP_OPTIONS_SESSION_NAME="PHPSESSID" \ PHP_OPTIONS_SESSION_SAVE_HANDLER="files" \ - PHP_OPTIONS_SESSION_SAVE_PATH="var/session" \ - SSH_AUTOSTART_SSHD="false" \ - SSH_AUTOSTART_SSHD_BOOTSTRAP="false" \ - SSH_AUTOSTART_SUPERVISOR_STDOUT="false" + PHP_OPTIONS_SESSION_SAVE_PATH="var/session" # ------------------------------------------------------------------------------ # Set image metadata diff --git a/Makefile b/Makefile index 5ebb343..6416f1b 100644 --- a/Makefile +++ b/Makefile @@ -19,6 +19,7 @@ Targets: distclean Clean up distribution artifacts. exec COMMAND [ARG...] Run command in a the running container. help Show this help. + inspect [-f \"FORMAT\"] Return low-level information on the container. install Terminate running container and run the docker create template. images Show container's image details. @@ -32,14 +33,19 @@ Targets: pull Pull the release image from the registry. Requires the DOCKER_IMAGE_TAG variable. ps Display the details of the container process. + reload Send SIGHUP to the PID 1 container process. restart Restarts the container. rm Force remove the container. + rm-exited Force remove all containers in the exited state. rmi Untag (remove) the image. + rmi-dangling Untag (remove) images not referenced by any + container. run Execute the run container template. start Start the container in the created state. stop Stop the container when in a running state. terminate Unpause, stop and remove the container. test Run all test cases. + top [ps OPTIONS] Display the running processes of the container. unpause Unpause the container when in a paused state. Variables: @@ -60,6 +66,8 @@ Variables: artifacts are placed. - NO_CACHE When true, no cache will be used while running the build target. + - RELOAD_SIGNAL Default signal is SIGHUP. Use to set an alternative + signal value. - STARTUP_TIME Defines the number of seconds expected to complete the startup process, including the bootstrap where applicable. @@ -69,7 +77,7 @@ endef include environment.mk include default.mk -# UI constants +.DEFAULT_GOAL := build COLOUR_NEGATIVE := \033[1;31m COLOUR_POSITIVE := \033[1;32m COLOUR_RESET := \033[0m @@ -106,25 +114,22 @@ PREFIX_SUB_STEP_POSITIVE := $(shell \ "$(PREFIX_SUB_STEP)" \ "$(COLOUR_RESET)"; \ ) - -.DEFAULT_GOAL := build - -# Package prerequisites docker := $(shell \ command -v docker \ ) -xz := $(shell \ - command -v xz \ +docker-status := $(shell \ + if ! docker version > /dev/null; \ + then \ + printf -- 'ERROR'; \ + else \ + printf -- 'OK'; \ + fi \ ) - -# Testing prerequisites shpec := $(shell \ command -v shpec \ ) - -# Used to test docker host is accessible -get-docker-info := $(shell \ - $(docker) info \ +xz := $(shell \ + command -v xz \ ) define get-docker-image-id @@ -166,6 +171,7 @@ endef distclean \ exec \ help \ + inspect \ install \ images \ load \ @@ -174,14 +180,18 @@ endef pause \ pull \ ps \ + reload \ restart \ rm \ + rm-exited \ rmi \ + rmi-dangling \ run \ start \ stop \ terminate \ test \ + top \ unpause _prerequisites: @@ -193,38 +203,34 @@ ifeq ($(xz),) $(error "Please install the xz package.") endif -ifeq ($(get-docker-info),) - $(error "Unable to connect to docker host.") +ifneq ($(docker-status),OK) + $(error "Docker server host error.") endif _require-docker-container: @ if [[ -z $$($(docker) ps -aq --filter "name=$(DOCKER_NAME)") ]]; \ then \ - printf -- '%sThis operation requires the %s container.\n' \ + >&2 printf -- '%sThis operation requires the %s container.\n' \ "$(PREFIX_STEP_NEGATIVE)" \ - "$(DOCKER_NAME)" \ - >&2; \ - printf -- '%sTry: DOCKER_NAME=%s make %s\n' \ + "$(DOCKER_NAME)"; \ + >&2 printf -- '%sTry: DOCKER_NAME=%s make %s\n' \ "$(PREFIX_SUB_STEP)" \ "$(DOCKER_NAME)" \ - "install" \ - >&2; \ + "install"; \ exit 1; \ fi _require-docker-container-not: @ if [[ -n $$($(docker) ps -aq --filter "name=$(DOCKER_NAME)") ]]; \ then \ - printf -- '%sThis operation requires the %s container %s.\n' \ + >&2 printf -- '%sThis operation requires the %s container %s.\n' \ "$(PREFIX_STEP_NEGATIVE)" \ "$(DOCKER_NAME)" \ - "be removed or renamed" \ - >&2; \ - printf -- '%sTry: DOCKER_NAME=%s make %s\n' \ + "be removed or renamed"; \ + >&2 printf -- '%sTry: DOCKER_NAME=%s make %s\n' \ "$(PREFIX_SUB_STEP)" \ "$(DOCKER_NAME)" \ - "rm" \ - >&2; \ + "rm"; \ exit 1; \ fi @@ -234,16 +240,14 @@ _require-docker-container-not-status-paused: --filter "status=paused" \ ) ]]; \ then \ - printf -- '%sThis operation requires the %s container %s.\n' \ + >&2 printf -- '%sThis operation requires the %s container %s.\n' \ "$(PREFIX_STEP_NEGATIVE)" \ "$(DOCKER_NAME)" \ - "to be unpaused" \ - >&2; \ - printf -- '%sTry: DOCKER_NAME=%s make %s\n' \ + "to be unpaused"; \ + >&2 printf -- '%sTry: DOCKER_NAME=%s make %s\n' \ "$(PREFIX_SUB_STEP)" \ "$(DOCKER_NAME)" \ - "unpause" \ - >&2; \ + "unpause"; \ exit 1; \ fi @@ -253,16 +257,14 @@ _require-docker-container-status-created: --filter "status=created" \ ) ]]; \ then \ - printf -- '%sThis operation requires the %s container %s.\n' \ + >&2 printf -- '%sThis operation requires the %s container %s.\n' \ "$(PREFIX_STEP_NEGATIVE)" \ "$(DOCKER_NAME)" \ - "to be created" \ - >&2; \ - printf -- '%sTry: DOCKER_NAME=%s make %s\n' \ + "to be created"; \ + >&2 printf -- '%sTry: DOCKER_NAME=%s make %s\n' \ "$(PREFIX_SUB_STEP)" \ "$(DOCKER_NAME)" \ - "install" \ - >&2; \ + "install"; \ exit 1; \ fi @@ -272,16 +274,14 @@ _require-docker-container-status-exited: --filter "status=exited" \ ) ]]; \ then \ - printf -- '%sThis operation requires the %s container %s.\n' \ + >&2 printf -- '%sThis operation requires the %s container %s.\n' \ "$(PREFIX_STEP_NEGATIVE)" \ "$(DOCKER_NAME)" \ - "to be exited" \ - >&2; \ - printf -- '%sTry: DOCKER_NAME=%s make %s\n' \ + "to be exited"; \ + >&2 printf -- '%sTry: DOCKER_NAME=%s make %s\n' \ "$(PREFIX_SUB_STEP)" \ "$(DOCKER_NAME)" \ - "stop" \ - >&2; \ + "stop"; \ exit 1; \ fi @@ -291,16 +291,14 @@ _require-docker-container-status-paused: --filter "status=paused" \ ) ]]; \ then \ - printf -- '%sThis operation requires the %s container %s.\n' \ + >&2 printf -- '%sThis operation requires the %s container %s.\n' \ "$(PREFIX_STEP_NEGATIVE)" \ "$(DOCKER_NAME)" \ - "to be paused" \ - >&2; \ - printf -- '%sTry: DOCKER_NAME=%s make %s\n' \ + "to be paused"; \ + >&2 printf -- '%sTry: DOCKER_NAME=%s make %s\n' \ "$(PREFIX_SUB_STEP)" \ "$(DOCKER_NAME)" \ - "pause" \ - >&2; \ + "pause"; \ exit 1; \ fi @@ -310,42 +308,37 @@ _require-docker-container-status-running: --filter "status=running" \ ) ]]; \ then \ - printf -- '%sThis operation requires the %s container %s.\n' \ + >&2 printf -- '%sThis operation requires the %s container %s.\n' \ "$(PREFIX_STEP_NEGATIVE)" \ "$(DOCKER_NAME)" \ - "to be running" \ - >&2; \ - printf -- '%sTry: DOCKER_NAME=%s make %s\n' \ + "to be running"; \ + >&2 printf -- '%sTry: DOCKER_NAME=%s make %s\n' \ "$(PREFIX_SUB_STEP)" \ "$(DOCKER_NAME)" \ - "start" \ - >&2; \ + "start"; \ exit 1; \ fi _require-docker-image-tag: @ if ! [[ "$(DOCKER_IMAGE_TAG)" =~ $(DOCKER_IMAGE_TAG_PATTERN) ]]; \ then \ - printf -- '%sInvalid %s value: %s\n' \ + >&2 printf -- '%sInvalid %s value: %s\n' \ "$(PREFIX_STEP_NEGATIVE)" \ "DOCKER_IMAGE_TAG" \ - "$(DOCKER_IMAGE_TAG)" \ - >&2; \ + "$(DOCKER_IMAGE_TAG)"; \ exit 1; \ fi _require-docker-release-tag: @ if ! [[ "$(DOCKER_IMAGE_TAG)" =~ $(DOCKER_IMAGE_RELEASE_TAG_PATTERN) ]]; \ then \ - printf -- '%sInvalid %s value: %s\n' \ + >&2 printf -- '%sInvalid %s value: %s\n' \ "$(PREFIX_STEP_NEGATIVE)" \ "DOCKER_IMAGE_TAG" \ - "$(DOCKER_IMAGE_TAG)" \ - >&2; \ - printf -- '%s%s\n' \ + "$(DOCKER_IMAGE_TAG)"; \ + >&2 printf -- '%s%s\n' \ "$(PREFIX_SUB_STEP)" \ - "A release tag is required for this operation." \ - >&2; \ + "A release tag is required for this operation."; \ exit 1; \ fi @@ -359,18 +352,16 @@ _require-package-path: fi; \ if [[ ! $${?} -eq 0 ]]; \ then \ - printf -- '%s%s: %s\n' \ + >&2 printf -- '%s%s: %s\n' \ "$(PREFIX_STEP_NEGATIVE)" \ "Failed to make package path" \ - "$(DIST_PATH)" \ - >&2; \ + "$(DIST_PATH)"; \ exit 1; \ elif [[ -z $(DIST_PATH) ]]; \ then \ - printf -- '%sUndefined %s\n' \ + >&2 printf -- '%sUndefined %s\n' \ "$(PREFIX_STEP_NEGATIVE)" \ - "DIST_PATH" \ - >&2; \ + "DIST_PATH"; \ exit 1; \ fi @@ -415,10 +406,9 @@ build: \ "$(PREFIX_SUB_STEP_POSITIVE)" \ "Build complete"; \ else \ - printf -- '%s%s\n' \ + >&2 printf -- '%s%s\n' \ "$(PREFIX_SUB_STEP_NEGATIVE)" \ - "Build error" \ - >&2; \ + "Build error"; \ exit 1; \ fi @@ -426,7 +416,9 @@ clean: \ _prerequisites \ | \ terminate \ - rmi + rm-exited \ + rmi \ + rmi-dangling create: \ _prerequisites \ @@ -456,10 +448,9 @@ create: \ "$(PREFIX_SUB_STEP_POSITIVE)" \ "Container created"; \ else \ - printf -- '%s%s\n' \ + >&2 printf -- '%s%s\n' \ "$(PREFIX_SUB_STEP_NEGATIVE)" \ - "Container creation failed" \ - >&2; \ + "Container creation failed"; \ exit 1; \ fi @@ -506,10 +497,9 @@ dist: \ "$(PREFIX_SUB_STEP_POSITIVE)" \ "Package saved"; \ else \ - printf -- '%s%s\n' \ + >&2 printf -- '%s%s\n' \ "$(PREFIX_SUB_STEP_NEGATIVE)" \ - "Package save error" \ - >&2; \ + "Package save error"; \ exit 1; \ fi; \ fi @@ -547,10 +537,9 @@ distclean: \ "$(PREFIX_SUB_STEP_POSITIVE)" \ "Package cleanup complete"; \ else \ - printf -- '%s%s\n' \ + >&2 printf -- '%s%s\n' \ "$(PREFIX_SUB_STEP_NEGATIVE)" \ - "Package cleanup failed" \ - >&2; \ + "Package cleanup failed"; \ exit 1; \ fi; \ else \ @@ -560,7 +549,9 @@ distclean: \ fi exec: \ - _prerequisites + _prerequisites \ + _require-docker-container \ + _require-docker-container-status-running @ $(docker) exec -it $(DOCKER_NAME) $(filter-out $@, $(MAKECMDGOALS)) %:; @: @@ -572,17 +563,29 @@ images: \ help: \ _usage +inspect: \ + _prerequisites \ + _require-docker-container \ + _require-docker-container-status-running + @ $(docker) inspect \ + --type=container \ + $(filter-out $@, $(MAKECMDGOALS)) \ + $(DOCKER_NAME) +%:; @: + install: | \ _prerequisites \ terminate \ create logs: \ - _prerequisites + _prerequisites \ + _require-docker-container @ $(docker) logs $(DOCKER_NAME) logs-delayed: \ - _prerequisites + _prerequisites \ + _require-docker-container @ sleep $(STARTUP_TIME) @ $(MAKE) logs @@ -608,15 +611,13 @@ load: \ "$(DOCKER_IMAGE_TAG)"; \ if [[ ! -s $($@_dist_path)/$($@_dist_file) ]]; \ then \ - printf -- '%s%s\n' \ + >&2 printf -- '%s%s\n' \ "$(PREFIX_SUB_STEP_NEGATIVE)" \ - "Package not found" \ - >&2; \ - printf -- '%sTry: DOCKER_IMAGE_TAG=%s make %s\n' \ + "Package not found"; \ + >&2 printf -- '%sTry: DOCKER_IMAGE_TAG=%s make %s\n' \ "$(PREFIX_SUB_STEP_NEGATIVE)" \ "$(DOCKER_IMAGE_TAG)" \ - "dist" \ - >&2; \ + "dist"; \ exit 1; \ else \ $(xz) -dc \ @@ -632,6 +633,7 @@ load: \ pause: \ _prerequisites \ + _require-docker-container \ _require-docker-container-status-running @ printf -- '%s%s\n' \ "$(PREFIX_STEP)" \ @@ -660,10 +662,9 @@ pull: \ "$(PREFIX_SUB_STEP_POSITIVE)" \ "Image pulled"; \ else \ - printf -- '%s%s\n' \ + >&2 printf -- '%s%s\n' \ "$(PREFIX_SUB_STEP_NEGATIVE)" \ - "Error pulling image" \ - >&2; \ + "Error pulling image"; \ exit 1; \ fi @@ -673,6 +674,19 @@ ps: \ @ $(docker) ps -as \ --filter "name=$(DOCKER_NAME)" +reload: \ + _prerequisites \ + _require-docker-container \ + _require-docker-container-status-running + @ printf -- '%s%s\n' \ + "$(PREFIX_STEP)" \ + "Reloading container" + @ $(docker) exec $(DOCKER_NAME) \ + kill -$(RELOAD_SIGNAL) 1 + @ printf -- '%s%s\n' \ + "$(PREFIX_SUB_STEP_POSITIVE)" \ + "Container reloaded" + restart: \ _prerequisites \ _require-docker-container \ @@ -710,14 +724,33 @@ rm: \ "$(PREFIX_SUB_STEP_POSITIVE)" \ "Container removed"; \ else \ - printf -- '%s%s\n' \ + >&2 printf -- '%s%s\n' \ "$(PREFIX_SUB_STEP_NEGATIVE)" \ - "Container removal failed" \ - >&2; \ + "Container removal failed"; \ exit 1; \ fi; \ fi +rm-exited: \ + _prerequisites + @ if [[ -z $$($(docker) ps -aq \ + --filter "status=exited" \ + ) ]]; \ + then \ + printf -- '%s%s\n' \ + "$(PREFIX_STEP)" \ + "Exited containers removal skipped"; \ + else \ + printf -- '%s%s\n' \ + "$(PREFIX_STEP)" \ + "Removing exited containers"; \ + $(docker) rm -f \ + $$($(docker) ps -aq \ + --filter "status=exited" \ + ) \ + 1> /dev/null; \ + fi + rmi: \ _prerequisites \ _require-docker-image-tag \ @@ -742,10 +775,9 @@ rmi: \ "$(PREFIX_SUB_STEP_POSITIVE)" \ "Image untagged"; \ else \ - printf -- '%s%s\n' \ + >&2 printf -- '%s%s\n' \ "$(PREFIX_SUB_STEP_NEGATIVE)" \ - "Error untagging image" \ - >&2; \ + "Error untagging image"; \ exit 1; \ fi; \ else \ @@ -754,6 +786,26 @@ rmi: \ "Untagging image skipped"; \ fi +rmi-dangling: \ + _prerequisites + @ if [[ -z $$($(docker) images -q \ + --filter "dangling=true" \ + ) ]]; \ + then \ + printf -- '%s%s\n' \ + "$(PREFIX_STEP)" \ + "Untagging dangling images skipped"; \ + else \ + printf -- '%s%s\n' \ + "$(PREFIX_STEP)" \ + "Untagging dangling images"; \ + $(docker) rmi \ + $$($(docker) images -q \ + --filter "dangling=true" \ + ) \ + 1> /dev/null; \ + fi + run: \ _prerequisites \ _require-docker-image-tag @@ -783,10 +835,9 @@ run: \ "$(PREFIX_SUB_STEP_POSITIVE)" \ "Container running"; \ else \ - printf -- '%s%s\n' \ + >&2 printf -- '%s%s\n' \ "$(PREFIX_SUB_STEP_NEGATIVE)" \ - "Container run failed" \ - >&2; \ + "Container run failed"; \ exit 1; \ fi @@ -816,15 +867,15 @@ start: \ "$(PREFIX_SUB_STEP_POSITIVE)" \ "Container started"; \ else \ - printf -- '%s%s\n' \ + >&2 printf -- '%s%s\n' \ "$(PREFIX_SUB_STEP_NEGATIVE)" \ - "Container start failed" \ - >&2; \ + "Container start failed"; \ exit 1; \ fi stop: \ _prerequisites \ + _require-docker-container \ _require-docker-container-not-status-paused \ _require-docker-container-status-running @ printf -- '%s%s\n' \ @@ -847,14 +898,20 @@ stop: \ "$(PREFIX_SUB_STEP_POSITIVE)" \ "Container stopped"; \ else \ - printf -- '%s%s\n' \ + >&2 printf -- '%s%s\n' \ "$(PREFIX_SUB_STEP_NEGATIVE)" \ - "Error stopping container" \ - >&2; \ + "Error stopping container"; \ exit 1; \ fi; \ fi +top: \ + _prerequisites \ + _require-docker-container \ + _require-docker-container-status-running + @ $(docker) top $(DOCKER_NAME) $(filter-out $@, $(MAKECMDGOALS)) +%:; @: + terminate: \ _prerequisites @ if [[ -z $$($(docker) ps -aq --filter "name=$(DOCKER_NAME)") ]]; \ @@ -905,10 +962,9 @@ terminate: \ "$(PREFIX_SUB_STEP_POSITIVE)" \ "Container terminated"; \ else \ - printf -- '%s%s\n' \ + >&2 printf -- '%s%s\n' \ "$(PREFIX_SUB_STEP_NEGATIVE)" \ - "Container termination failed" \ - >&2; \ + "Container termination failed"; \ exit 1; \ fi; \ fi @@ -926,6 +982,7 @@ test: \ unpause: \ _prerequisites \ + _require-docker-container \ _require-docker-container-status-paused @ printf -- '%s%s\n' \ "$(PREFIX_STEP)" \ diff --git a/README.md b/README.md index 5eff818..70a0159 100644 --- a/README.md +++ b/README.md @@ -1,8 +1,8 @@ ### Tags and respective `Dockerfile` links -- `centos-7-httpd24u-php72u`, `centos-7-httpd24u-php72u-3.2.0`, `3.2.0` [(centos-7-httpd24u-php72u/Dockerfile)](https://github.com/jdeathe/centos-ssh-apache-php/blob/centos-7-httpd24u-php72u/Dockerfile) -- `centos-6-httpd24u-php56u`, `centos-6-httpd24u-php56u-2.4.0`, `2.4.0` [(centos-6-httpd24u-php56u/Dockerfile)](https://github.com/jdeathe/centos-ssh-apache-php/blob/centos-6-httpd24u-php56u/Dockerfile) -- `centos-6`, `centos-6-1.12.0`, `1.12.0` [(centos-6/Dockerfile)](https://github.com/jdeathe/centos-ssh-apache-php/blob/centos-6/Dockerfile) +- `centos-7-httpd24u-php72u`, `3.2.0` [(centos-7-httpd24u-php72u/Dockerfile)](https://github.com/jdeathe/centos-ssh-apache-php/blob/centos-7-httpd24u-php72u/Dockerfile) +- `centos-6-httpd24u-php56u`, `2.4.0` [(centos-6-httpd24u-php56u/Dockerfile)](https://github.com/jdeathe/centos-ssh-apache-php/blob/centos-6-httpd24u-php56u/Dockerfile) +- `centos-6`, `1.12.0` [(centos-6/Dockerfile)](https://github.com/jdeathe/centos-ssh-apache-php/blob/centos-6/Dockerfile) ## Overview @@ -93,7 +93,6 @@ $ docker stop apache-php.1 && \ --env "APACHE_SERVER_NAME=app-1.local" \ --env "APACHE_SSL_PROTOCOL=All -SSLv2 -SSLv3 -TLSv1 -TLSv1.1" \ --env "PHP_OPTIONS_DATE_TIMEZONE=Europe/London" \ - --volume apache-php.1.data-tls:/etc/pki/tls \ jdeathe/centos-ssh-apache-php:3.2.0 ``` @@ -101,9 +100,9 @@ $ docker stop apache-php.1 && \ There are environmental variables available which allows the operator to customise the running container. -##### APACHE_AUTOSTART_HTTPD_BOOTSTRAP, APACHE_AUTOSTART_HTTPD_WRAPPER & APACHE_AUTOSTART_PHP_FPM_WRAPPER +##### ENABLE_HTTPD_BOOTSTRAP, ENABLE_HTTPD_WRAPPER & ENABLE_PHP_FPM_WRAPPER -It may be desirable to prevent the startup of the `httpd-bootstrap`, `httpd-wrapper`, and/or, `php-fpm-wrapper` scripts. For example, when using an image built from this Dockerfile as the source for another Dockerfile you could disable services from startup by setting `APACHE_AUTOSTART_HTTPD_WRAPPER` and `APACHE_AUTOSTART_PHP_FPM_WRAPPER` to `false`. The benefit of this is to reduce the number of running processes in the final container. Another use for this would be to make use of the packages installed in the image such as `ab`, `curl`, `elinks`, `php-cli` etc. +It may be desirable to prevent the startup of the `httpd-bootstrap`, `httpd-wrapper`, and/or, `php-fpm-wrapper` scripts. For example, when using an image built from this Dockerfile as the source for another Dockerfile you could disable services from startup by setting `ENABLE_HTTPD_WRAPPER` and `ENABLE_PHP_FPM_WRAPPER` to `false`. The benefit of this is to reduce the number of running processes in the final container. Another use for this would be to make use of the packages installed in the image such as `ab`, `curl`, `elinks`, `php-cli` etc. ##### APACHE_CONTENT_ROOT @@ -208,7 +207,6 @@ $ docker stop apache-php.1 && \ --env "APACHE_SERVER_ALIAS=app-1" \ --env "APACHE_SERVER_NAME=app-1.local" \ --env "APACHE_MOD_SSL_ENABLED=true" \ - --volume apache-php.1.data-tls:/etc/pki/tls \ jdeathe/centos-ssh-apache-php:3.2.0 ``` diff --git a/default.mk b/default.mk index 7677721..96b7dbe 100644 --- a/default.mk +++ b/default.mk @@ -110,8 +110,8 @@ DOCKER_PUBLISH := $(shell \ define DOCKER_CONTAINER_PARAMETERS --name $(DOCKER_NAME) \ --restart $(DOCKER_RESTART_POLICY) \ ---env "APACHE_AUTOSTART_HTTPD_BOOTSTRAP=$(APACHE_AUTOSTART_HTTPD_BOOTSTRAP)" \ ---env "APACHE_AUTOSTART_HTTPD_WRAPPER=$(APACHE_AUTOSTART_HTTPD_WRAPPER)" \ +--env "ENABLE_HTTPD_BOOTSTRAP=$(ENABLE_HTTPD_BOOTSTRAP)" \ +--env "ENABLE_HTTPD_WRAPPER=$(ENABLE_HTTPD_WRAPPER)" \ --env "APACHE_CONTENT_ROOT=$(APACHE_CONTENT_ROOT)" \ --env "APACHE_CUSTOM_LOG_FORMAT=$(APACHE_CUSTOM_LOG_FORMAT)" \ --env "APACHE_CUSTOM_LOG_LOCATION=$(APACHE_CUSTOM_LOG_LOCATION)" \ @@ -135,5 +135,6 @@ define DOCKER_CONTAINER_PARAMETERS --env "PHP_OPTIONS_DATE_TIMEZONE=$(PHP_OPTIONS_DATE_TIMEZONE)" \ --env "PHP_OPTIONS_SESSION_NAME=$(PHP_OPTIONS_SESSION_NAME)" \ --env "PHP_OPTIONS_SESSION_SAVE_HANDLER=$(PHP_OPTIONS_SESSION_SAVE_HANDLER)" \ ---env "PHP_OPTIONS_SESSION_SAVE_PATH=$(PHP_OPTIONS_SESSION_SAVE_PATH)" +--env "PHP_OPTIONS_SESSION_SAVE_PATH=$(PHP_OPTIONS_SESSION_SAVE_PATH)" \ +--env "SYSTEM_TIMEZONE=$(SYSTEM_TIMEZONE)" endef diff --git a/docker-compose.yml b/docker-compose.yml index 5056379..7a70414 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -13,10 +13,10 @@ # docker-compose logs apache-php # # Usage: -# docker-compose exec apache-php bash -c "apachectl -V" -# docker-compose exec apache-php bash -c "apachectl -M" -# docker-compose exec apache-php bash -c "apachectl -S" -# docker-compose exec apache-php bash -c "apachectl -t -D DUMP_INCLUDES" +# docker-compose exec apache-php apachectl -V +# docker-compose exec apache-php apachectl -M +# docker-compose exec apache-php apachectl -S +# docker-compose exec apache-php apachectl -t -D DUMP_INCLUDES # docker-compose exec apache-php elinks http://localhost # ------------------------------------------------------------------------------ version: "3.0" @@ -51,6 +51,7 @@ services: PHP_OPTIONS_SESSION_NAME: "${PHP_OPTIONS_SESSION_NAME}" PHP_OPTIONS_SESSION_SAVE_HANDLER: "${PHP_OPTIONS_SESSION_SAVE_HANDLER}" PHP_OPTIONS_SESSION_SAVE_PATH: "${PHP_OPTIONS_SESSION_SAVE_PATH}" + SYSTEM_TIMEZONE: "${SYSTEM_TIMEZONE}" image: "jdeathe/centos-ssh-apache-php:latest" ports: - "8080:80" diff --git a/environment.mk b/environment.mk index aa1184d..f2379b1 100644 --- a/environment.mk +++ b/environment.mk @@ -1,19 +1,16 @@ -# ----------------------------------------------------------------------------- +# ------------------------------------------------------------------------------ # Constants -# ----------------------------------------------------------------------------- -DOCKER_USER := jdeathe +# ------------------------------------------------------------------------------ DOCKER_IMAGE_NAME := centos-ssh-apache-php +DOCKER_IMAGE_RELEASE_TAG_PATTERN := ^[1-3]\.[0-9]+\.[0-9]+$ +DOCKER_IMAGE_TAG_PATTERN := ^(latest|[1-3]\.[0-9]+\.[0-9]+)$ +DOCKER_USER := jdeathe SHPEC_ROOT := test/shpec -# Tag validation patterns -DOCKER_IMAGE_TAG_PATTERN := ^(latest|centos-[6-7]|centos-6-httpd24u-php56u|(([1-3]|centos-(6-1|6-httpd24u-php56u-2|7-3))\.[0-9]+\.[0-9]+))$ -DOCKER_IMAGE_RELEASE_TAG_PATTERN := ^(1|2|centos-(6-1|6-httpd24u-php56u-2))\.[0-9]+\.[0-9]+$ - -# ----------------------------------------------------------------------------- +# ------------------------------------------------------------------------------ # Variables -# ----------------------------------------------------------------------------- - -# Docker image/container settings +# ------------------------------------------------------------------------------ +DIST_PATH ?= ./dist DOCKER_CONTAINER_OPTS ?= DOCKER_IMAGE_TAG ?= latest DOCKER_NAME ?= apache-php.1 @@ -21,21 +18,15 @@ DOCKER_PORT_MAP_TCP_80 ?= 8080 DOCKER_PORT_MAP_TCP_443 ?= 9443 DOCKER_PORT_MAP_TCP_8443 ?= NULL DOCKER_RESTART_POLICY ?= always - -# Docker build --no-cache parameter NO_CACHE ?= false - -# Directory path for release packages -DIST_PATH ?= ./dist - -# Number of seconds expected to complete container startup including bootstrap. +RELOAD_SIGNAL ?= HUP STARTUP_TIME ?= 2 # ------------------------------------------------------------------------------ # Application container configuration # ------------------------------------------------------------------------------ -APACHE_AUTOSTART_HTTPD_BOOTSTRAP ?= true -APACHE_AUTOSTART_HTTPD_WRAPPER ?= true +ENABLE_HTTPD_BOOTSTRAP ?= true +ENABLE_HTTPD_WRAPPER ?= true APACHE_CONTENT_ROOT ?= /var/www/app APACHE_CUSTOM_LOG_FORMAT ?= combined APACHE_CUSTOM_LOG_LOCATION ?= var/log/apache_access_log @@ -60,3 +51,4 @@ PHP_OPTIONS_DATE_TIMEZONE ?= UTC PHP_OPTIONS_SESSION_NAME ?= PHPSESSID PHP_OPTIONS_SESSION_SAVE_HANDLER ?= files PHP_OPTIONS_SESSION_SAVE_PATH ?= var/session +SYSTEM_TIMEZONE ?= UTC diff --git a/src/etc/supervisord.d/20-httpd-bootstrap.conf b/src/etc/supervisord.d/20-httpd-bootstrap.conf index 1f2195b..637afa0 100644 --- a/src/etc/supervisord.d/20-httpd-bootstrap.conf +++ b/src/etc/supervisord.d/20-httpd-bootstrap.conf @@ -1,10 +1,11 @@ [program:httpd-bootstrap] autorestart = false -autostart = %(ENV_APACHE_AUTOSTART_HTTPD_BOOTSTRAP)s +autostart = %(ENV_ENABLE_HTTPD_BOOTSTRAP)s command = /usr/sbin/httpd-bootstrap --verbose -priority = 6 -redirect_stderr = true +priority = 20 startsecs = 0 startretries = 0 +stderr_logfile = /dev/stderr +stderr_logfile_maxbytes = 0 stdout_logfile = /dev/stdout stdout_logfile_maxbytes = 0 diff --git a/src/etc/supervisord.d/70-httpd-wrapper.conf b/src/etc/supervisord.d/70-httpd-wrapper.conf index af87f11..7f939d6 100644 --- a/src/etc/supervisord.d/70-httpd-wrapper.conf +++ b/src/etc/supervisord.d/70-httpd-wrapper.conf @@ -1,10 +1,11 @@ [program:httpd-wrapper] autorestart = true -autostart = %(ENV_APACHE_AUTOSTART_HTTPD_WRAPPER)s -command = /usr/sbin/httpd-wrapper -priority = 100 -redirect_stderr = true -startsecs = 0 +autostart = %(ENV_ENABLE_HTTPD_WRAPPER)s +command = /usr/sbin/httpd-wrapper --verbose +priority = 70 +startsecs = 4 +stderr_logfile = /dev/stderr +stderr_logfile_maxbytes = 0 stdout_logfile = /dev/stdout stdout_logfile_maxbytes = 0 stopsignal = WINCH diff --git a/src/etc/systemd/system/centos-ssh-apache-php@.service b/src/etc/systemd/system/centos-ssh-apache-php@.service index a29fd1e..95b90dc 100644 --- a/src/etc/systemd/system/centos-ssh-apache-php@.service +++ b/src/etc/systemd/system/centos-ssh-apache-php@.service @@ -50,7 +50,6 @@ After=docker.service Restart=on-failure RestartSec=30 TimeoutStartSec=1200 -Environment="DOCKER_USER=jdeathe" Environment="DOCKER_CONTAINER_OPTS=" Environment="DOCKER_IMAGE_PACKAGE_PATH=/var/opt/scmi/packages" Environment="DOCKER_IMAGE_NAME=centos-ssh-apache-php" @@ -58,8 +57,9 @@ Environment="DOCKER_IMAGE_TAG={{RELEASE_VERSION}}" Environment="DOCKER_PORT_MAP_TCP_80=8080" Environment="DOCKER_PORT_MAP_TCP_443=9443" Environment="DOCKER_PORT_MAP_TCP_8443=NULL" -Environment="APACHE_AUTOSTART_HTTPD_BOOTSTRAP=true" -Environment="APACHE_AUTOSTART_HTTPD_WRAPPER=true" +Environment="DOCKER_USER=jdeathe" +Environment="ENABLE_HTTPD_BOOTSTRAP=true" +Environment="ENABLE_HTTPD_WRAPPER=true" Environment="APACHE_CONTENT_ROOT=/var/www/app" Environment="APACHE_CUSTOM_LOG_FORMAT=combined" Environment="APACHE_CUSTOM_LOG_LOCATION=var/log/apache_access_log" @@ -84,6 +84,7 @@ Environment="PHP_OPTIONS_DATE_TIMEZONE=UTC" Environment="PHP_OPTIONS_SESSION_NAME=PHPSESSID" Environment="PHP_OPTIONS_SESSION_SAVE_HANDLER=files" Environment="PHP_OPTIONS_SESSION_SAVE_PATH=var/session" +Environment="SYSTEM_TIMEZONE=UTC" # Initialisation: Load image from local storage if available, otherwise pull. ExecStartPre=/bin/bash -c \ @@ -140,8 +141,8 @@ ExecStartPre=-/bin/bash -c \ ExecStart=/bin/bash -c \ "exec /usr/bin/docker run \ --name %p.%i \ - --env \"APACHE_AUTOSTART_HTTPD_BOOTSTRAP=${APACHE_AUTOSTART_HTTPD_BOOTSTRAP}\" \ - --env \"APACHE_AUTOSTART_HTTPD_WRAPPER=${APACHE_AUTOSTART_HTTPD_WRAPPER}\" \ + --env \"ENABLE_HTTPD_BOOTSTRAP=${ENABLE_HTTPD_BOOTSTRAP}\" \ + --env \"ENABLE_HTTPD_WRAPPER=${ENABLE_HTTPD_WRAPPER}\" \ --env \"APACHE_CONTENT_ROOT=${APACHE_CONTENT_ROOT}\" \ --env \"APACHE_CUSTOM_LOG_FORMAT=${APACHE_CUSTOM_LOG_FORMAT}\" \ --env \"APACHE_CUSTOM_LOG_LOCATION=${APACHE_CUSTOM_LOG_LOCATION}\" \ @@ -166,6 +167,7 @@ ExecStart=/bin/bash -c \ --env \"PHP_OPTIONS_SESSION_NAME=${PHP_OPTIONS_SESSION_NAME}\" \ --env \"PHP_OPTIONS_SESSION_SAVE_HANDLER=${PHP_OPTIONS_SESSION_SAVE_HANDLER}\" \ --env \"PHP_OPTIONS_SESSION_SAVE_PATH=${PHP_OPTIONS_SESSION_SAVE_PATH}\" \ + --env \"SYSTEM_TIMEZONE=${SYSTEM_TIMEZONE}\" \ $(if [[ ${DOCKER_PORT_MAP_TCP_80} != NULL ]]; \ then \ if /bin/grep -qE \ diff --git a/src/opt/scmi/default.sh b/src/opt/scmi/default.sh index 47beb66..43ae25b 100644 --- a/src/opt/scmi/default.sh +++ b/src/opt/scmi/default.sh @@ -131,8 +131,8 @@ fi # Common parameters of create and run targets DOCKER_CONTAINER_PARAMETERS="--name ${DOCKER_NAME} \ --restart ${DOCKER_RESTART_POLICY} \ ---env \"APACHE_AUTOSTART_HTTPD_BOOTSTRAP=${APACHE_AUTOSTART_HTTPD_BOOTSTRAP}\" \ ---env \"APACHE_AUTOSTART_HTTPD_WRAPPER=${APACHE_AUTOSTART_HTTPD_WRAPPER}\" \ +--env \"ENABLE_HTTPD_BOOTSTRAP=${ENABLE_HTTPD_BOOTSTRAP}\" \ +--env \"ENABLE_HTTPD_WRAPPER=${ENABLE_HTTPD_WRAPPER}\" \ --env \"APACHE_CONTENT_ROOT=${APACHE_CONTENT_ROOT}\" \ --env \"APACHE_CUSTOM_LOG_FORMAT=${APACHE_CUSTOM_LOG_FORMAT}\" \ --env \"APACHE_CUSTOM_LOG_LOCATION=${APACHE_CUSTOM_LOG_LOCATION}\" \ @@ -157,4 +157,5 @@ DOCKER_CONTAINER_PARAMETERS="--name ${DOCKER_NAME} \ --env \"PHP_OPTIONS_SESSION_NAME=${PHP_OPTIONS_SESSION_NAME}\" \ --env \"PHP_OPTIONS_SESSION_SAVE_HANDLER=${PHP_OPTIONS_SESSION_SAVE_HANDLER}\" \ --env \"PHP_OPTIONS_SESSION_SAVE_PATH=${PHP_OPTIONS_SESSION_SAVE_PATH}\" \ +--env \"SYSTEM_TIMEZONE=${SYSTEM_TIMEZONE}\" \ ${DOCKER_PUBLISH}" diff --git a/src/opt/scmi/environment.sh b/src/opt/scmi/environment.sh index 97cdad0..adba70a 100644 --- a/src/opt/scmi/environment.sh +++ b/src/opt/scmi/environment.sh @@ -1,19 +1,16 @@ # ------------------------------------------------------------------------------ # Constants # ------------------------------------------------------------------------------ -readonly DOCKER_USER=jdeathe readonly DOCKER_IMAGE_NAME=centos-ssh-apache-php +readonly DOCKER_IMAGE_RELEASE_TAG_PATTERN='^[1-3]\.[0-9]+\.[0-9]+$' +readonly DOCKER_IMAGE_TAG_PATTERN='^(latest|[1-3]\.[0-9]+\.[0-9]+)$' +readonly DOCKER_USER=jdeathe readonly SHPEC_ROOT=test/shpec -# Tag validation patterns -readonly DOCKER_IMAGE_TAG_PATTERN='^(latest|centos-[6-7]|centos-6-httpd24u-php56u|(([1-3]|centos-(6-1|6-httpd24u-php56u-2|7-3))\.[0-9]+\.[0-9]+))$' -readonly DOCKER_IMAGE_RELEASE_TAG_PATTERN='^(1|2|centos-(6-1|6-httpd24u-php56u-2))\.[0-9]+\.[0-9]+$' - # ------------------------------------------------------------------------------ # Variables # ------------------------------------------------------------------------------ - -# Docker image/container settings +DIST_PATH="${DIST_PATH:-./dist}" DOCKER_CONTAINER_OPTS="${DOCKER_CONTAINER_OPTS:-}" DOCKER_IMAGE_TAG="${DOCKER_IMAGE_TAG:-latest}" DOCKER_NAME="${DOCKER_NAME:-apache-php.1}" @@ -21,26 +18,17 @@ DOCKER_PORT_MAP_TCP_80="${DOCKER_PORT_MAP_TCP_80:-8080}" DOCKER_PORT_MAP_TCP_443="${DOCKER_PORT_MAP_TCP_443:-9443}" DOCKER_PORT_MAP_TCP_8443="${DOCKER_PORT_MAP_TCP_8443:-NULL}" DOCKER_RESTART_POLICY="${DOCKER_RESTART_POLICY:-always}" - -# Docker build --no-cache parameter NO_CACHE="${NO_CACHE:-false}" - -# Directory path for release packages -DIST_PATH="${DIST_PATH:-./dist}" - -# Number of seconds expected to complete container startup including bootstrap. -STARTUP_TIME="${STARTUP_TIME:-2}" - -# ETCD register service settings REGISTER_ETCD_PARAMETERS="${REGISTER_ETCD_PARAMETERS:-}" REGISTER_TTL="${REGISTER_TTL:-60}" REGISTER_UPDATE_INTERVAL="${REGISTER_UPDATE_INTERVAL:-55}" +STARTUP_TIME="${STARTUP_TIME:-2}" # ------------------------------------------------------------------------------ # Application container configuration # ------------------------------------------------------------------------------ -APACHE_AUTOSTART_HTTPD_BOOTSTRAP="${APACHE_AUTOSTART_HTTPD_BOOTSTRAP:-true}" -APACHE_AUTOSTART_HTTPD_WRAPPER="${APACHE_AUTOSTART_HTTPD_WRAPPER:-true}" +ENABLE_HTTPD_BOOTSTRAP="${ENABLE_HTTPD_BOOTSTRAP:-true}" +ENABLE_HTTPD_WRAPPER="${ENABLE_HTTPD_WRAPPER:-true}" APACHE_CONTENT_ROOT="${APACHE_CONTENT_ROOT:-/var/www/app}" APACHE_CUSTOM_LOG_FORMAT="${APACHE_CUSTOM_LOG_FORMAT:-combined}" APACHE_CUSTOM_LOG_LOCATION="${APACHE_CUSTOM_LOG_LOCATION:-var/log/apache_access_log}" @@ -59,9 +47,10 @@ APACHE_SERVER_ALIAS="${APACHE_SERVER_ALIAS:-}" APACHE_SERVER_NAME="${APACHE_SERVER_NAME:-}" APACHE_SSL_CERTIFICATE="${APACHE_SSL_CERTIFICATE:-}" APACHE_SSL_CIPHER_SUITE="${APACHE_SSL_CIPHER_SUITE:-"ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS"}" -APACHE_SSL_PROTOCOL="${APACHE_SSL_PROTOCOL:-All -SSLv2 -SSLv3}" +APACHE_SSL_PROTOCOL="${APACHE_SSL_PROTOCOL:-"All -SSLv2 -SSLv3"}" APACHE_SYSTEM_USER="${APACHE_SYSTEM_USER:-app}" PHP_OPTIONS_DATE_TIMEZONE="${PHP_OPTIONS_DATE_TIMEZONE:-UTC}" PHP_OPTIONS_SESSION_NAME="${PHP_OPTIONS_SESSION_NAME:-PHPSESSID}" PHP_OPTIONS_SESSION_SAVE_HANDLER="${PHP_OPTIONS_SESSION_SAVE_HANDLER:-files}" PHP_OPTIONS_SESSION_SAVE_PATH="${PHP_OPTIONS_SESSION_SAVE_PATH:-var/session}" +SYSTEM_TIMEZONE="${SYSTEM_TIMEZONE:-UTC}" diff --git a/src/opt/scmi/service-unit.sh b/src/opt/scmi/service-unit.sh index 24da7a2..49f6f30 100644 --- a/src/opt/scmi/service-unit.sh +++ b/src/opt/scmi/service-unit.sh @@ -8,8 +8,8 @@ readonly SERVICE_UNIT_ENVIRONMENT_KEYS=" DOCKER_PORT_MAP_TCP_80 DOCKER_PORT_MAP_TCP_443 DOCKER_PORT_MAP_TCP_8443 - APACHE_AUTOSTART_HTTPD_BOOTSTRAP - APACHE_AUTOSTART_HTTPD_WRAPPER + ENABLE_HTTPD_BOOTSTRAP + ENABLE_HTTPD_WRAPPER APACHE_CONTENT_ROOT APACHE_CUSTOM_LOG_FORMAT APACHE_CUSTOM_LOG_LOCATION @@ -31,6 +31,7 @@ readonly SERVICE_UNIT_ENVIRONMENT_KEYS=" PHP_OPTIONS_SESSION_NAME PHP_OPTIONS_SESSION_SAVE_HANDLER PHP_OPTIONS_SESSION_SAVE_PATH + SYSTEM_TIMEZONE " readonly SERVICE_UNIT_REGISTER_ENVIRONMENT_KEYS=" REGISTER_ETCD_PARAMETERS diff --git a/src/usr/bin/healthcheck b/src/usr/bin/healthcheck index 1513f96..bfe6753 100755 --- a/src/usr/bin/healthcheck +++ b/src/usr/bin/healthcheck @@ -1,5 +1,21 @@ #!/usr/bin/env bash +set -e + +function __get_system_timezone () +{ + local -r default_value="${1:-UTC}" + + local value="${SYSTEM_TIMEZONE}" + + if ! __is_valid_system_timezone "${value}" + then + value="${default_value}" + fi + + printf -- '%s' "${value}" +} + function __is_throttled_interval () { local -i interval="${1:-10}" @@ -19,18 +35,36 @@ function __is_throttled_interval () fi } +function __is_valid_system_timezone () +{ + __is_valid_zone "${@}" +} + +function __is_valid_zone () +{ + local zone="${1}" + + if [[ -n ${zone} ]] \ + && [[ -f /usr/share/zoneinfo/${zone} ]] + then + return 0 + fi + + return 1 +} + function __last_check_passed () { local -i status=0 - if [[ ! -f ${STATUS_PATH} ]] + if [[ ! -f ${status_path} ]] then return ${status} else read \ -n 1 \ status \ - < "${STATUS_PATH}" + < "${status_path}" if [[ ${status} =~ ^[01]$ ]] then @@ -43,17 +77,18 @@ function __last_check_passed () function __print_message () { - local -r type="${1:-}" - local -r quiet="${QUIET:-false}" - local message="${2:-}" - local prefix="" + local -r quiet="${quiet:-false}" + local -r type="${1}" + + local message="${2}" + local prefix case "${type}" in error) - prefix="[ERROR] " + prefix="ERROR: " ;; info) - prefix="[INFO] " + prefix="INFO: " ;; *) message="${type}" @@ -81,10 +116,9 @@ function __print_message () function __record_exit_status () { + local -r status_directory="${status_path%/*}" + local -i status=${1:-${?}} - local status_directory="$( - dirname "${STATUS_PATH}" - )" if [[ ! -d ${status_directory} ]] then @@ -96,20 +130,20 @@ function __record_exit_status () "${status_directory}" fi - if [[ ! -f ${STATUS_PATH} ]] + if [[ ! -f ${status_path} ]] then install \ -m 0660 \ -o root \ -g root \ /dev/null \ - "${STATUS_PATH}" + "${status_path}" fi printf -- \ '%d' \ "${status}" \ - > "${STATUS_PATH}" + > "${status_path}" trap - \ EXIT @@ -121,8 +155,8 @@ function __usage () { cat <<-USAGE - Usage: $(basename ${0}) [OPTIONS] - $(basename ${0}) [-h|--help] + Usage: ${0##*/} [OPTIONS] + ${0##*/} [-h|--help] Options: -H, --host= Hostname used in the Host request @@ -151,19 +185,24 @@ function __usage () function main () { - local -r STATUS_PATH="/var/lib/healthcheck/status" - local QUITE="false" + local -r pattern_host='^([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]{0,61}[a-zA-Z0-9])(\.([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]{0,61}[a-zA-Z0-9]))*$' + local -r pattern_local_url='^https?://(127\.0\.0\.1|localhost)/' + local -r pattern_max_time='^[1-9][0-9]*$' + local -r pattern_seconds_in_minute='^([1-9]|[1-5][0-9]|60)$' + local -r status_path="/var/lib/healthcheck/status" + local -r system_timezone="$( + __get_system_timezone + )" + local -r zone="$( + system-timezone -qq + )" local host="localhost.localdomain" local -i interval=10 - local max_time=0.5 - local pattern_host='^([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]{0,61}[a-zA-Z0-9])(\.([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]{0,61}[a-zA-Z0-9]))*$' - local pattern_local_url='^https?://(127\.0\.0\.1|localhost)/' - local pattern_max_time='^(0\.[1-9]|[1-9][0-9]*)$' - local pattern_seconds_in_minute='^([1-9]|[1-5][0-9]|60)$' + local max_time=1 + local quiet="false" local url="http://127.0.0.1/" - # Trap and record the exit status trap "__record_exit_status \${?}" \ EXIT @@ -207,7 +246,7 @@ function main () shift 1 ;; -q|--quiet) - QUIET=true + quiet="true" shift 1 ;; *) @@ -257,24 +296,30 @@ function main () exit 1 fi - if [[ ${APACHE_AUTOSTART_HTTPD_BOOTSTRAP} == false ]] \ - && [[ ${APACHE_AUTOSTART_HTTPD_WRAPPER} == false ]] + if [[ ${system_timezone} != "${zone}" ]] + then + __print_message \ + "error" \ + "system-timezone zone mismatch." + exit 1 + fi + + if [[ ${ENABLE_HTTPD_BOOTSTRAP} == false ]] \ + && [[ ${ENABLE_HTTPD_WRAPPER} == false ]] then exit 0 fi - # httpd-bootstrap - if [[ ${APACHE_AUTOSTART_HTTPD_BOOTSTRAP} == true ]] \ - && [[ -e /var/lock/subsys/httpd-bootstrap ]] + if [[ ${ENABLE_HTTPD_BOOTSTRAP} == true ]] \ + && [[ ! -f /var/lib/misc/httpd-bootstrap ]] then __print_message \ "error" \ - "Bootstrap failed to complete." + "httpd-bootstrap not completed." exit 1 fi - # httpd-wrapper - if [[ ${APACHE_AUTOSTART_HTTPD_WRAPPER} == true ]] \ + if [[ ${ENABLE_HTTPD_WRAPPER} == true ]] \ && ! ps axo command \ | grep -qE '^/usr/sbin/httpd(\.worker|\.event)? ' then @@ -285,7 +330,7 @@ function main () fi # Throttle CURL checks if last check passed. - if [[ ${APACHE_AUTOSTART_HTTPD_WRAPPER} == false ]] \ + if [[ ${ENABLE_HTTPD_WRAPPER} == false ]] \ || __last_check_passed \ && ! __is_throttled_interval \ "${interval}" @@ -323,6 +368,8 @@ function main () )" exit 1 fi + + exit 0 } main "${@}" diff --git a/src/usr/sbin/httpd-bootstrap b/src/usr/sbin/httpd-bootstrap index e261cd9..b61be2c 100755 --- a/src/usr/sbin/httpd-bootstrap +++ b/src/usr/sbin/httpd-bootstrap @@ -55,19 +55,37 @@ function __add_hosts_entry () function __cleanup () { local -r exit_code="${?}" - local -r lock_file="${1}" - local -r state_file="${2}" - if [[ -e ${lock_file} ]] + __delete_lock + + if [[ ${exit_code} -eq 0 ]] then - rm -f "${lock_file}" + __create_state fi +} - if [[ ${exit_code} -eq 0 ]] +function __create_lock () +{ + if [[ -n ${lock_file} ]] + then + touch "${lock_file}" + fi +} + +function __create_state () +{ + if [[ -n ${state_file} ]] then touch "${state_file}" fi +} +function __delete_lock () +{ + if [[ -f ${lock_file} ]] + then + rm -f "${lock_file}" + fi } function __enable_apache_modules () @@ -654,7 +672,8 @@ function __get_apache_server_version () if ! command -v httpd &> /dev/null then >&2 printf -- \ - 'ERROR: Apache Server binary not installed.\n' + 'ERROR: %s httpd binary not installed\n' + "${0##*/}" return 1 fi @@ -814,7 +833,7 @@ function __get_ssl_certificate_fingerprint () function __get_timer_total () { local -r timer_end="$( - date +%s.%N + date -u +%s.%N )" local -r timer_start="${1}" @@ -822,7 +841,8 @@ function __get_timer_total () || [[ ${timer_start//.} -gt ${timer_end//.} ]] then >&2 printf -- \ - 'ERROR: invalid timer start: %s\n' \ + 'ERROR: %s invalid timer start: %s\n' \ + "${0##*/}" \ "${timer_start}" printf -- \ '0.000000' @@ -864,7 +884,8 @@ function __init_datadir () if [[ ${verbose} == true ]] then printf -- \ - 'Linking install directory %s > %s.\n' \ + 'INFO: %s linking install directory %s -> %s\n' \ + "${0##*/}" \ "${package_path}" \ "${content_root}" fi @@ -879,7 +900,8 @@ function __init_datadir () if [[ ${verbose} == true ]] then printf -- \ - 'Populating install directory %s > %s.\n' \ + 'INFO: %s populating install directory %s -> %s\n' \ + "${0##*/}" \ "${package_path}" \ "${content_root}" fi @@ -1447,7 +1469,8 @@ function __set_apache_mpm () /etc/sysconfig/httpd else >&2 printf -- \ - 'ERROR: Invalid Apache Server MPM: %s\n' \ + 'ERROR: %s invalid mpm: %s\n' \ + "${0##*/}" \ "${apache_mpm}" exit 1 fi @@ -1466,7 +1489,8 @@ function __set_apache_mpm () /etc/sysconfig/httpd else >&2 printf -- \ - 'ERROR: Invalid Apache Server MPM: %s\n' \ + 'ERROR: %s invalid mpm: %s\n' \ + "${0##*/}" \ "${apache_mpm}" exit 1 fi @@ -1485,14 +1509,16 @@ function __set_apache_mpm () /etc/sysconfig/httpd else >&2 printf -- \ - 'ERROR: Invalid Apache Server MPM: %s\n' \ + 'ERROR: %s invalid mpm: %s\n' \ + "${0##*/}" \ "${apache_mpm}" exit 1 fi ;; *) >&2 printf -- \ - 'ERROR: Invalid Apache Server MPM: %s\n' \ + 'ERROR: %s invalid mpm: %s\n' \ + "${0##*/}" \ "${apache_mpm}" exit 1 ;; @@ -1544,7 +1570,8 @@ function __set_apache_ssl_certificate () if ! __is_valid_apache_ssl_certificate_file "${certificate_path}" then >&2 printf -- \ - 'ERROR: Invalid APACHE_SSL_CERTIFICATE\n' + 'ERROR: %s invalid APACHE_SSL_CERTIFICATE\n' \ + "${0##*/}" exit 1 fi } @@ -1668,7 +1695,7 @@ function main () local -r ssl_certificate_fingerprint_digest="sha1" local -r state_file="/var/lib/misc/httpd-bootstrap" local -r timer_start="$( - date +%s.%N + date -u +%s.%N )" local HOSTNAME @@ -1704,7 +1731,6 @@ function main () local -a pids local verbose="false" - # Parse options while [[ "${#}" -gt 0 ]] do case "${1}" in @@ -1715,37 +1741,32 @@ function main () esac done - if [[ -e ${state_file} ]] + if [[ -f ${state_file} ]] then if [[ ${verbose} == true ]] then printf -- \ - 'INFO: %s finished - skipping.\n' \ + 'INFO: %s finished - skipping\n' \ "${0##*/}" fi exit 0 fi - if [[ -e ${lock_file} ]] + if [[ -f ${lock_file} ]] then >&2 printf -- \ - 'ERROR: %s lock detected - aborting.\n' \ + 'ERROR: %s lock detected - aborting\n' \ "${0##*/}" exit 1 fi - trap \ - "__cleanup \"${lock_file}\" \"${state_file}\"" \ - INT TERM EXIT - - # Create lock - touch \ - "${lock_file}" + trap "__cleanup" \ + EXIT INT TERM + __create_lock HOSTNAME="$( hostname )" - apache_content_root="$( __get_apache_content_root )" @@ -1806,7 +1827,6 @@ function main () php_options_session_save_path="$( __get_php_options_session_save_path )" - document_root="$( __get_apache_document_root )" @@ -1814,11 +1834,11 @@ function main () __get_package_path )" - # Verify package installation directory exists if [[ ! -d ${package_path} ]] then >&2 printf -- \ - 'ERROR: %s not found.\n' \ + 'ERROR: %s PACKAGE_PATH not found: %s\n' \ + "${0##*/}" \ "${package_path}" exit 1 fi @@ -1887,11 +1907,11 @@ function main () "${package_path}" \ "${apache_content_root}" - # Verify Apache DocumentRoot directory exists if [[ ! -d ${document_root} ]] then >&2 printf -- \ - 'ERROR: %s not found.\n' \ + 'ERROR: %s DocumentRoot path not found: %s\n' \ + "${0##*/}" \ "${document_root}" exit 1 fi @@ -1905,7 +1925,8 @@ function main () if [[ ${verbose} == true ]] then printf -- \ - 'Disabling EnableSendfile.' + 'INFO: %s disabling EnableSendfile\n' \ + "${0##*/}" fi __set_apache_enable_sendfile \ "false" @@ -2001,6 +2022,9 @@ function main () EOT fi + + # Trigger cleanup trap. + exit 0 } main "${@}" \ No newline at end of file diff --git a/src/usr/sbin/httpd-wrapper b/src/usr/sbin/httpd-wrapper index 85a0bb9..28d331f 100755 --- a/src/usr/sbin/httpd-wrapper +++ b/src/usr/sbin/httpd-wrapper @@ -2,18 +2,25 @@ set -e -function __get_apache_autostart_httpd_bootstrap () +function __cleanup () { - local -r default_value="${1:-true}" - - local value="${APACHE_AUTOSTART_HTTPD_BOOTSTRAP}" + __delete_lock +} - if ! __is_valid_apache_autostart_httpd_bootstrap "${value}" +function __create_lock () +{ + if [[ -n ${lock_file} ]] then - value="${default_value}" + touch "${lock_file}" fi +} - printf -- '%s' "${value}" +function __delete_lock () +{ + if [[ -f ${lock_file} ]] + then + rm -f "${lock_file}" + fi } function __get_apache_operating_mode () @@ -30,7 +37,7 @@ function __get_apache_operating_mode () printf -- '%s' "${value}" } -function __get_httpd_bin () +function __get_bin () { local -r bin="/usr/sbin/httpd" local mpm="${APACHE_MPM:-prefork}" @@ -48,17 +55,26 @@ function __get_httpd_bin () fi } -function __is_valid_apache_autostart_httpd_bootstrap () +function __get_options () { - local -r boolean_value='^(true|false)$' - local -r value="${1}" + local -r mode="$( + __get_apache_operating_mode + )" + local -r options="${1}" - if [[ ${value} =~ ${boolean_value} ]] - then - return 0 - fi + printf -- \ + '-c \"ErrorLog /dev/stderr\" -D FOREGROUND -D %s%s%s' \ + "${mode}" \ + "${options:+" "}" \ + "${options}" +} - return 1 +function __get_proxy () +{ + printf -- \ + '%s -n %s' \ + "${nice}" \ + "${niceness}" } function __is_valid_apache_operating_mode () @@ -76,35 +92,92 @@ function __is_valid_apache_operating_mode () function main () { - local -r autostart_bootstrap="$( - __get_apache_autostart_httpd_bootstrap - )" - local -r bin="$( - __get_httpd_bin - )" local -r bootstrap_state_file="/var/lib/misc/httpd-bootstrap" + local -r bootstrap_timeout="4" local -r nice="/bin/nice" local -r niceness="10" - local -r mode="$( - __get_apache_operating_mode - )" - local options="-c \"ErrorLog /dev/stderr\" -D FOREGROUND -D ${mode}" + local bin + local options + local proxy + local verbose="false" + + while [[ "${#}" -gt 0 ]] + do + case "${1}" in + -v|--verbose) + verbose="true" + shift 1 + ;; + esac + done + + if [[ -f ${lock_file} ]] + then + >&2 printf -- \ + 'ERROR: %s lock detected - aborting\n' \ + "${0##*/}" + exit 1 + fi + + trap __cleanup \ + EXIT INT TERM + __create_lock + + bin="$( + __get_bin + )" + options="$( + __get_options + )" + proxy="$( + __get_proxy + )" - if [[ ${autostart_bootstrap} == false ]] + if [[ ${verbose} == true ]] then - # block. - sleep infinity + printf -- \ + 'INFO: %s waiting on %s\n' \ + "${0##*/}" \ + "${bootstrap_state_file##*/}" fi - until [[ -e ${bootstrap_state_file} ]] + set +e + until [[ -f ${bootstrap_state_file} ]] do - sleep 0.1 + if ! inotifywait -qq \ + -e "create" \ + -t "${bootstrap_timeout}" \ + "${bootstrap_state_file%/*}" + then + break + fi done + set -e + + if ! [[ -f ${bootstrap_state_file} ]] + then + >&2 printf -- \ + 'ERROR: %s timed out waiting on %s\n' \ + "${0##*/}" \ + "${bootstrap_state_file##*/}" + exit 1 + fi + + if [[ ${verbose} == true ]] + then + printf -- \ + 'INFO: %s starting %s\n' \ + "${0##*/}" \ + "${bin##*/}" + fi + + __cleanup + trap - \ + EXIT INT TERM - # Process via eval to allow for quoted option values. - eval "exec ${nice} \ - -n ${niceness} \ + eval "exec \ + ${proxy} \ ${bin} \ ${options}" } diff --git a/test/shpec/operation_shpec.sh b/test/shpec/operation_shpec.sh index 543e35e..29a09b5 100644 --- a/test/shpec/operation_shpec.sh +++ b/test/shpec/operation_shpec.sh @@ -88,7 +88,7 @@ function __setup () local -r session_store_alias="memcached_1" local -r session_store_name="memcached.1" local -r session_store_network="bridge_internal_1" - local -r session_store_release="1.3.1" + local -r session_store_release="1.4.0" if [[ -z $(docker network ls -q -f name="${session_store_network}") ]]; then docker network create \ @@ -317,6 +317,7 @@ ${other_required_apache_modules} apache_details_title="$( docker logs \ apache-php.1 \ + 2> /dev/null \ | grep '^Apache Details' \ | tr -d '\r' )" @@ -331,6 +332,7 @@ ${other_required_apache_modules} apache_system_user="$( docker logs \ apache-php.1 \ + 2> /dev/null \ | grep '^system user : ' \ | cut -c 15- \ | tr -d '\r' @@ -345,6 +347,7 @@ ${other_required_apache_modules} apache_run_user="$( docker logs \ apache-php.1 \ + 2> /dev/null \ | grep '^run user : ' \ | cut -c 12- \ | tr -d '\r' @@ -359,6 +362,7 @@ ${other_required_apache_modules} apache_run_group="$( docker logs \ apache-php.1 \ + 2> /dev/null \ | grep '^run group : ' \ | cut -c 13- \ | tr -d '\r' @@ -373,6 +377,7 @@ ${other_required_apache_modules} apache_server_name="$( docker logs \ apache-php.1 \ + 2> /dev/null \ | grep '^server name : ' \ | cut -c 15- \ | tr -d '\r' @@ -387,6 +392,7 @@ ${other_required_apache_modules} apache_server_alias="$( docker logs \ apache-php.1 \ + 2> /dev/null \ | grep '^server alias : ' \ | cut -c 16- \ | tr -d '\r' @@ -401,6 +407,7 @@ ${other_required_apache_modules} header_x_service_uid="$( docker logs \ apache-php.1 \ + 2> /dev/null \ | grep '^header x-service-uid : ' \ | cut -c 24- \ | tr -d '\r' @@ -416,6 +423,7 @@ ${other_required_apache_modules} apache_document_root="$( docker logs \ apache-php.1 \ + 2> /dev/null \ | grep '^document root : ' \ | cut -c 17- \ | tr -d '\r' \ @@ -432,6 +440,7 @@ ${other_required_apache_modules} apache_server_mpm="$( docker logs \ apache-php.1 \ + 2> /dev/null \ | grep '^server mpm : ' \ | cut -c 13- \ | tr -d '\r' \ @@ -447,6 +456,7 @@ ${other_required_apache_modules} apache_load_modules="$( docker logs \ apache-php.1 \ + 2> /dev/null \ | sed -ne \ '/^modules enabled :/,/^--+$/ p' \ | awk '/^ - /' @@ -2035,7 +2045,7 @@ function test_custom_configuration () docker run \ --detach \ --name apache-php.1 \ - --env APACHE_AUTOSTART_HTTPD_BOOTSTRAP=false \ + --env ENABLE_HTTPD_BOOTSTRAP=false \ jdeathe/centos-ssh-apache-php:latest \ &> /dev/null @@ -2069,7 +2079,7 @@ function test_custom_configuration () docker run \ --detach \ --name apache-php.1 \ - --env APACHE_AUTOSTART_HTTPD_WRAPPER=false \ + --env ENABLE_HTTPD_WRAPPER=false \ jdeathe/centos-ssh-apache-php:latest \ &> /dev/null From f4232f2bff076e8b5e412b1635a8b6d91c005697 Mon Sep 17 00:00:00 2001 From: James Deathe Date: Sun, 14 Jul 2019 15:57:46 +0100 Subject: [PATCH 13/15] #709: Removes non-applicable info from changelog. --- CHANGELOG.md | 1 - 1 file changed, 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 1523ad2..d01546e 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -7,7 +7,6 @@ Summary of release changes. ### 1.13.0 - Unreleased - Updates source image to [1.11.0](https://github.com/jdeathe/centos-ssh/releases/tag/1.11.0). -- Updates `httpd24u` packages to 2.4.39-2. - Updates Dockerfile `org.deathe.description` metadata LABEL to include PHP redis module. - Updates description in centos-ssh-apache-php.register@.service. - Updates wrapper to set httpd ErrorLog to `/dev/stderr` instead of `/dev/stdout`. From 8d11ad8fe429e7f83e806fb8b6c198369d50a0fb Mon Sep 17 00:00:00 2001 From: James Deathe Date: Mon, 15 Jul 2019 00:10:00 +0100 Subject: [PATCH 14/15] #721: Updates php-hello-world to 0.12.0. --- CHANGELOG.md | 1 + Dockerfile | 2 +- test/shpec/operation_shpec.sh | 94 ++++++++++++++--------------------- 3 files changed, 38 insertions(+), 59 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index d01546e..c8e3ec0 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -7,6 +7,7 @@ Summary of release changes. ### 1.13.0 - Unreleased - Updates source image to [1.11.0](https://github.com/jdeathe/centos-ssh/releases/tag/1.11.0). +- Updates php-hello-world to [0.12.0](https://github.com/jdeathe/php-hello-world/releases/tag/0.12.0). - Updates Dockerfile `org.deathe.description` metadata LABEL to include PHP redis module. - Updates description in centos-ssh-apache-php.register@.service. - Updates wrapper to set httpd ErrorLog to `/dev/stderr` instead of `/dev/stdout`. diff --git a/Dockerfile b/Dockerfile index 7f4923a..e62913c 100644 --- a/Dockerfile +++ b/Dockerfile @@ -3,7 +3,7 @@ FROM jdeathe/centos-ssh:1.11.0 # Use the form ([{fqdn}-]{package-name}|[{fqdn}-]{provider-name}) ARG PACKAGE_NAME="app" ARG PACKAGE_PATH="/opt/${PACKAGE_NAME}" -ARG PACKAGE_RELEASE_VERSION="0.11.0" +ARG PACKAGE_RELEASE_VERSION="0.12.0" ARG RELEASE_VERSION="1.12.0" # ------------------------------------------------------------------------------ diff --git a/test/shpec/operation_shpec.sh b/test/shpec/operation_shpec.sh index 29a09b5..ca4276e 100644 --- a/test/shpec/operation_shpec.sh +++ b/test/shpec/operation_shpec.sh @@ -221,9 +221,9 @@ ${other_required_apache_modules} local container_hostname="" local container_port_80="" local curl_get_request="" - local curl_session_name="" local header_server="" local header_x_service_uid="" + local php_session_name="" local status=0 describe "Basic Apache PHP operations" @@ -643,20 +643,16 @@ ${other_required_apache_modules} describe "PHP options" it "Has default session.name." - curl_session_name="$( - curl -s \ - --header 'Host: localhost.localdomain' \ - http://127.0.0.1:${container_port_80}/_phpinfo.php \ - | grep 'session.name' \ - | sed -E \ - -e 's~^.*(session.name)~\1~' \ - -e 's~~~g' \ - -e 's~]*>~ ~g' + php_session_name="$( + docker exec \ + apache-php.1 \ + php -r \ + "printf('%s', ini_get('session.name'));" )" assert equal \ - "${curl_session_name}" \ - "session.name PHPSESSID PHPSESSID" + "${php_session_name}" \ + "PHPSESSID" end end @@ -692,11 +688,11 @@ function test_custom_configuration () local curl_response_code_server_alias="" local curl_session_data_write="" local curl_session_data_read="" - local curl_session_name="" local header_x_service_operating_mode="" local header_x_service_uid="" local is_up="" local php_date_timezone="" + local php_session_name="" local protocol="" describe "Customised Apache PHP configuration" @@ -2110,33 +2106,32 @@ function test_custom_configuration () end describe "PHP date.timezone" - it "Sets to 'Europe/London'." - __terminate_container \ - apache-php.1 \ - &> /dev/null + __terminate_container \ + apache-php.1 \ + &> /dev/null - docker run \ - --detach \ - --name apache-php.1 \ - --publish ${DOCKER_PORT_MAP_TCP_80}:80 \ - --env PHP_OPTIONS_DATE_TIMEZONE="Europe/London" \ - jdeathe/centos-ssh-apache-php:latest \ - &> /dev/null + docker run \ + --detach \ + --name apache-php.1 \ + --publish ${DOCKER_PORT_MAP_TCP_80}:80 \ + --env PHP_OPTIONS_DATE_TIMEZONE="Europe/London" \ + jdeathe/centos-ssh-apache-php:latest \ + &> /dev/null - if ! __is_container_ready \ - apache-php.1 \ - ${STARTUP_TIME} \ - "/usr/sbin/httpd(\.worker|\.event)? " \ - "[[ 000 != \$(curl -sI -o /dev/null -w %{http_code} localhost/) ]]" - then - exit 1 - fi + if ! __is_container_ready \ + apache-php.1 \ + ${STARTUP_TIME} \ + "/usr/sbin/httpd(\.worker|\.event)? " \ + "[[ 000 != \$(curl -sI -o /dev/null -w %{http_code} localhost/) ]]" + then + exit 1 + fi + it "Sets to 'Europe/London'." php_date_timezone="$( docker exec \ apache-php.1 \ - php \ - -r \ + php -r \ "printf('%s', ini_get('date.timezone'));" )" @@ -2175,20 +2170,16 @@ function test_custom_configuration () )" it "Sets to app-session." - curl_session_name="$( - curl -s \ - --header 'Host: localhost.localdomain' \ - http://127.0.0.1:${container_port_80}/_phpinfo.php \ - | grep 'session.name' \ - | sed -E \ - -e 's~^.*(session.name)~\1~' \ - -e 's~~~g' \ - -e 's~]*>~ ~g' + php_session_name="$( + docker exec \ + apache-php.1 \ + php -r \ + "printf('%s', ini_get('session.name'));" )" assert equal \ - "${curl_session_name}" \ - "session.name app-session app-session" + "${php_session_name}" \ + "app-session" end __terminate_container \ @@ -2266,19 +2257,6 @@ function test_custom_configuration () apache-php.1 \ find /opt/app/public_html/session -type f -exec chmod 640 {} + - docker restart \ - apache-php.1 \ - &> /dev/null - - if ! __is_container_ready \ - apache-php.1 \ - ${STARTUP_TIME} \ - "/usr/sbin/httpd(\.worker|\.event)? " \ - "[[ 000 != \$(curl -sI -o /dev/null -w %{http_code} localhost/) ]]" - then - exit 1 - fi - container_port_80="$( __get_container_port \ apache-php.1 \ From 19b82ba5716f9055c374593dde2f73607da0a071 Mon Sep 17 00:00:00 2001 From: James Deathe Date: Mon, 15 Jul 2019 00:40:02 +0100 Subject: [PATCH 15/15] Release changes for 1.13.0, 2.5.0 and 3.3.0. --- CHANGELOG.md | 2 +- Dockerfile | 2 +- README.md | 12 ++++++------ 3 files changed, 8 insertions(+), 8 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index c8e3ec0..ae64bb0 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,7 +4,7 @@ Summary of release changes. -### 1.13.0 - Unreleased +### 1.13.0 - 2019-07-15 - Updates source image to [1.11.0](https://github.com/jdeathe/centos-ssh/releases/tag/1.11.0). - Updates php-hello-world to [0.12.0](https://github.com/jdeathe/php-hello-world/releases/tag/0.12.0). diff --git a/Dockerfile b/Dockerfile index e62913c..fc90338 100644 --- a/Dockerfile +++ b/Dockerfile @@ -4,7 +4,7 @@ FROM jdeathe/centos-ssh:1.11.0 ARG PACKAGE_NAME="app" ARG PACKAGE_PATH="/opt/${PACKAGE_NAME}" ARG PACKAGE_RELEASE_VERSION="0.12.0" -ARG RELEASE_VERSION="1.12.0" +ARG RELEASE_VERSION="1.13.0" # ------------------------------------------------------------------------------ # Base install of required packages diff --git a/README.md b/README.md index 70a0159..25077d1 100644 --- a/README.md +++ b/README.md @@ -1,8 +1,8 @@ ### Tags and respective `Dockerfile` links -- `centos-7-httpd24u-php72u`, `3.2.0` [(centos-7-httpd24u-php72u/Dockerfile)](https://github.com/jdeathe/centos-ssh-apache-php/blob/centos-7-httpd24u-php72u/Dockerfile) -- `centos-6-httpd24u-php56u`, `2.4.0` [(centos-6-httpd24u-php56u/Dockerfile)](https://github.com/jdeathe/centos-ssh-apache-php/blob/centos-6-httpd24u-php56u/Dockerfile) -- `centos-6`, `1.12.0` [(centos-6/Dockerfile)](https://github.com/jdeathe/centos-ssh-apache-php/blob/centos-6/Dockerfile) +- `centos-7-httpd24u-php72u`, `3.3.0` [(centos-7-httpd24u-php72u/Dockerfile)](https://github.com/jdeathe/centos-ssh-apache-php/blob/centos-7-httpd24u-php72u/Dockerfile) +- `centos-6-httpd24u-php56u`, `2.5.0` [(centos-6-httpd24u-php56u/Dockerfile)](https://github.com/jdeathe/centos-ssh-apache-php/blob/centos-6-httpd24u-php56u/Dockerfile) +- `centos-6`, `1.13.0` [(centos-6/Dockerfile)](https://github.com/jdeathe/centos-ssh-apache-php/blob/centos-6/Dockerfile) ## Overview @@ -27,7 +27,7 @@ $ docker run -d \ --name apache-php.1 \ -p 8080:80 \ -e "APACHE_SERVER_NAME=app-1.local" \ - jdeathe/centos-ssh-apache-php:3.2.0 + jdeathe/centos-ssh-apache-php:3.3.0 ``` Go to `http://{{docker-host}}:8080` using a browser where `{{docker-host}}` is the host name of your docker server and, if all went well, you should see the "Hello, world!" page. @@ -93,7 +93,7 @@ $ docker stop apache-php.1 && \ --env "APACHE_SERVER_NAME=app-1.local" \ --env "APACHE_SSL_PROTOCOL=All -SSLv2 -SSLv3 -TLSv1 -TLSv1.1" \ --env "PHP_OPTIONS_DATE_TIMEZONE=Europe/London" \ - jdeathe/centos-ssh-apache-php:3.2.0 + jdeathe/centos-ssh-apache-php:3.3.0 ``` #### Environment Variables @@ -207,7 +207,7 @@ $ docker stop apache-php.1 && \ --env "APACHE_SERVER_ALIAS=app-1" \ --env "APACHE_SERVER_NAME=app-1.local" \ --env "APACHE_MOD_SSL_ENABLED=true" \ - jdeathe/centos-ssh-apache-php:3.2.0 + jdeathe/centos-ssh-apache-php:3.3.0 ``` ##### APACHE_MPM