Merge branch 'release-0.4.0' into stable

Author: Administrator

Dockerfile

@@ -1,15 +1,18 @@
-FROM osixia/baseimage:0.6.0
-MAINTAINER Bertrand Gouny <bertrand.gouny@osixia.fr>
+FROM osixia/baseimage:0.8.0
+MAINTAINER Bertrand Gouny <bertrand.gouny@osixia.net>
 
 # Default configuration: can be overridden at the docker command line
 ENV LDAP_HOST 127.0.0.1
 ENV LDAP_BASE_DN dc=example,dc=com
 ENV LDAP_LOGIN_DN cn=admin,dc=example,dc=com
 ENV LDAP_SERVER_NAME docker.io phpLDAPadmin
 
-# TLS configs
-# add to run command -v some/host/dir:/etc/ldap/ssl
-# the directory some/host/dir must contain the ldap CA certificat file named ca.crt
+# phpmyadmin SSL certificat and private key filename
+ENV PHPLDAPADMIN_SSL_CRT_FILENAME phpmyadmin.crt
+ENV PHPLDAPADMIN_SSL_KEY_FILENAME phpmyadmin.key
+
+# LDAP CA certificat filename
+ENV LDAP_TLS_CA_NAME ca.crt
 
 # Disable SSH
 # RUN rm -rf /etc/service/sshd /etc/my_init.d/00_regen_ssh_host_keys.sh
@@ -26,17 +29,15 @@ RUN apt-get -y update
 # Install phpLDAPadmin
 RUN LC_ALL=C DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends phpldapadmin
 
-# Expose port 80 must (match port in phpLDAPadmin.nginx)
-EXPOSE 80
+# Expose http and https default ports
+EXPOSE 80 443
 
-# Create TSL certificats directory
+# Create LDAP CA certificat directory
 RUN mkdir /etc/ldap/ssl
+
 # phpLDAPadmin config
 RUN mkdir -p /etc/my_init.d
 ADD service/phpldapadmin/phpldapadmin.sh /etc/my_init.d/phpldapadmin.sh
 
-# phpLDAPadmin nginx config
-ADD service/phpldapadmin/config/phpldapadmin.nginx /etc/nginx/sites-available/phpldapadmin
-
 # Clear out the local repository of retrieved package files
 RUN apt-get clean && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*

Makefile

@@ -1,5 +1,5 @@
 NAME = osixia/phpldapadmin
-VERSION = 0.3.1
+VERSION = 0.4.0
 
 .PHONY: all build test tag_latest release
 

README.md

@@ -1,26 +1,43 @@
 # docker-phpLDAPadmin
 
-A docker.io image for phpLDAPadmin
+A version of the [osixia/phpldapadmin][1] image with the following improvements:
+
+- A [bug on not finding "password_hash" when trying to create a new user][2] is fixed
+- phpLDAPadmin is also exposed via HTTPS on port 443 (using a self-signed certificate)
 
 ### Quick start
 Run docker image with your custom environment variables :
 
-    docker run -p 80:80 -e LDAP_HOST=ldap.example.com \
+    docker run -p 80:80 -p 443:443 \
+               -e LDAP_HOST=ldap.example.com \
                -e LDAP_BASE_DN=dc=example,dc=com \
                -e LDAP_LOGIN_DN=cn=admin,dc=example,dc=com \
-               -d osixia/phpldapadmin
+               -d windfisch/phpldapadmin
+
+phpLDAPadmin should be running on http://localhost and https://localhost
+
+### nginx SSL configuration
+
+The details for the self-signed certificate can be defined with the following environment variables:
 
-phpLDAPadmin should be running on http://localhost
+| Variable         | Default           |
+| ---------------- | ----------------- |
+| SSL_COUNTRY      | XX                |
+| SSL_STATE        | Some-State        |
+| SSL_LOCATION     | Some-Location     |
+| SSL_ORGANIZATION | Some-Organization |
+| SSL_COMMON_NAME  | Some-Common-Name  |
 
 ### Build image from sources
 
 Clone the repository 
 
-    git clone https://github.com/osixia/docker-phpLDAPadmin
+    git clone https://github.com/rabejens/docker-phpLDAPadmin
     cd docker-phpLDAPadmin
 
 Build image
 
     docker build -t phpldapadmin .
 
-to be completed :)
+[1]: https://github.com/osixia/docker-phpLDAPadmin
+[2]: http://stackoverflow.com/questions/20673186/getting-error-for-setting-password-feild-when-creating-generic-user-account-phpl

service/phpldapadmin/config/phpldapadmin.nginx

@@ -42,10 +42,15 @@ else
   LDAP_SERVER_NAME=${LDAP_SERVER_NAME}
 fi
 
+PHPLDAPADMIN_SSL_CRT_FILENAME=${PHPLDAPADMIN_SSL_CRT_FILENAME}
+PHPLDAPADMIN_SSL_KEY_FILENAME=${PHPLDAPADMIN_SSL_KEY_FILENAME}
+
+LDAP_TLS_CA_NAME=${LDAP_TLS_CA_NAME}
+
 if [ ! -e /etc/phpldapadmin/docker_bootstrapped ]; then
   status "configuring LDAP for first run"
 
-  if [ -e /etc/ldap/ssl/ca.crt ]; then
+  if [ -e /etc/ldap/ssl/$LDAP_TLS_CA_NAME ]; then
     # LDAP  CA
     sed -i "s/TLS_CACERT.*/TLS_CACERT       \/etc\/ldap\/ssl\/ca.crt/g" /etc/ldap/ldap.conf
     sed -i '/TLS_CACERT/a\TLS_CIPHER_SUITE        HIGH:MEDIUM:+SSLv3' /etc/ldap/ldap.conf
@@ -59,9 +64,16 @@ if [ ! -e /etc/phpldapadmin/docker_bootstrapped ]; then
   sed -i "s/'cn=admin,dc=example,dc=com'/'${LDAP_LOGIN_DN}'/g" /etc/phpldapadmin/config.php
   sed -i "s/'My LDAP Server'/'${LDAP_SERVER_NAME}'/g" /etc/phpldapadmin/config.php
 
-  # nginx config
-  ln -s /etc/nginx/sites-available/phpldapadmin /etc/nginx/sites-enabled/phpldapadmin
-  rm /etc/nginx/sites-enabled/default
+  # Fix the bug with password_hash
+  # See http://stackoverflow.com/questions/20673186/getting-error-for-setting-password-feild-when-creating-generic-user-account-phpl
+  sed -i "s/'password_hash'/'password_hash_custom'/" /usr/share/phpldapadmin/lib/TemplateRender.php
+
+  # Hide template warnings
+  sed -i "s:// \$config->custom->appearance\['hide_template_warning'\] = false;:\$config->custom->appearance\[\'hide_template_warning\'\] = true;:g" /etc/phpldapadmin/config.php
+
+  # nginx config (tools from osixia/baseimage)
+  /sbin/nginx-add-vhost localhost /usr/share/phpldapadmin/htdocs --php --ssl --ssl-crt=/etc/nginx/ssl/$PHPLDAPADMIN_SSL_CRT_FILENAME --ssl-key=/etc/nginx/ssl/$PHPLDAPADMIN_SSL_KEY_FILENAME
+  /sbin/nginx-remove-vhost default
 
   touch /etc/phpldapadmin/docker_bootstrapped
 else

service/phpldapadmin/phpldapadmin.sh

@@ -12,12 +12,12 @@ dir=$(dirname $0)
 runOptions="--link osixia-phpldapadmin-openldap:ldap"
 . $dir/tools/run-container.sh
 
-echo "curl -c $testDir/cookie.txt $IP"
-curl -c $testDir/cookie.txt $IP
+echo "curl --insecure -c $testDir/cookie.txt https://$IP"
+curl --insecure -c $testDir/cookie.txt https://$IP
 
-echo "curl http://$IP/cmd.php -L -b $testDir/cookie.txt  -H 'Accept-Encoding: gzip,deflate,sdch' -H 'Accept-Language: fr-FR,fr;q=0.8,en-US;q=0.6,en;q=0.4' -H 'User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.153 Safari/537.36' -H 'Content-Type: application/x-www-form-urlencoded' -H 'Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8' -H 'Cache-Control: max-age=0'  -H 'Connection: keep-alive' --data 'cmd=login&server_id=1&nodecode%5Blogin_pass%5D=1&login=cn%3Dadmin%2Cdc%3Dexample%2Cdc%3Dcom&login_pass=toor&submit=Authenticate' --compressed"
+echo "curl --insecure  https://$IP/cmd.php -L -b $testDir/cookie.txt  -H 'Accept-Encoding: gzip,deflate,sdch' -H 'Accept-Language: fr-FR,fr;q=0.8,en-US;q=0.6,en;q=0.4' -H 'User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.153 Safari/537.36' -H 'Content-Type: application/x-www-form-urlencoded' -H 'Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8' -H 'Cache-Control: max-age=0'  -H 'Connection: keep-alive' --data 'cmd=login&server_id=1&nodecode%5Blogin_pass%5D=1&login=cn%3Dadmin%2Cdc%3Dexample%2Cdc%3Dcom&login_pass=toor&submit=Authenticate' --compressed"
 
-curl http://$IP/cmd.php -L -b $testDir/cookie.txt  -H 'Accept-Encoding: gzip,deflate,sdch' -H 'Accept-Language: fr-FR,fr;q=0.8,en-US;q=0.6,en;q=0.4' -H 'User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.153 Safari/537.36' -H 'Content-Type: application/x-www-form-urlencoded' -H 'Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8' -H 'Cache-Control: max-age=0'  -H 'Connection: keep-alive' --data 'cmd=login&server_id=1&nodecode%5Blogin_pass%5D=1&login=cn%3Dadmin%2Cdc%3Dexample%2Cdc%3Dcom&login_pass=toor&submit=Authenticate' --compressed
+curl --insecure https://$IP/cmd.php -L -b $testDir/cookie.txt  -H 'Accept-Encoding: gzip,deflate,sdch' -H 'Accept-Language: fr-FR,fr;q=0.8,en-US;q=0.6,en;q=0.4' -H 'User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.153 Safari/537.36' -H 'Content-Type: application/x-www-form-urlencoded' -H 'Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8' -H 'Cache-Control: max-age=0'  -H 'Connection: keep-alive' --data 'cmd=login&server_id=1&nodecode%5Blogin_pass%5D=1&login=cn%3Dadmin%2Cdc%3Dexample%2Cdc%3Dcom&login_pass=toor&submit=Authenticate' --compressed
 
 docker.io stop $openldap
 docker.io rm $openldap

test/link.sh

@@ -3,7 +3,7 @@
 dir=$(dirname $0)
 . $dir/tools/run-container.sh
 
-echo "curl $IP"
-curl $IP
+echo "curl --insecure https://$IP"
+curl --insecure https://$IP
 
 $dir/tools/delete-container.sh