diff --git a/.github/workflows/container-tests.yml b/.github/workflows/container-tests.yml index 16d93379..ee503d08 100644 --- a/.github/workflows/container-tests.yml +++ b/.github/workflows/container-tests.yml @@ -3,6 +3,8 @@ on: types: - created jobs: + distgen-check: + uses: "sclorg/ci-actions/.github/workflows/distgen-check.yml@main" check-readme: uses: "sclorg/ci-actions/.github/workflows/check-readme.yml@main" container-tests: diff --git a/specs/multispec.yml b/specs/multispec.yml new file mode 100644 index 00000000..d7300776 --- /dev/null +++ b/specs/multispec.yml @@ -0,0 +1,133 @@ +version: 1 + +specs: + distroinfo: + rhel8: + distros: + - rhel-8-x86_64 + s2i_base: ubi8/s2i-core:1 + org: "rhel8" + prod: "rhel8" + img_name: "{{ spec.org }}/httpd-{{ spec.short }}" + base_image_tag: ":1" + env_init: "simple" + var_style: "dollar" + pkg_manager: "yum" + pkgs: "gettext hostname nss_wrapper-libs httpd mod_ssl mod_ldap mod_session mod_security mod_auth_mellon sscg" + pkg_verify: true + module_enable: "yum -y module enable httpd:$HTTPD_VERSION && \\" + redhat_component: "httpd-{{ spec.short }}-container" + version_label: "1" + license_terms: "https://www.redhat.com/en/about/red-hat-end-user-license-agreements#UBI" + usage_image: "{{ spec.org }}/httpd-{{ spec.short }}" + copy_version: "{{ spec.version }}" + + rhel9: + distros: + - rhel-9-x86_64 + s2i_base: ubi9/s2i-core:1 + org: "rhel9" + prod: "rhel9" + img_name: "{{ spec.org }}/${NAME}-${HTTPD_SHORT_VERSION}" + base_image_tag: ":1" + env_init: "combined" + var_style: "braces" + pkg_manager: "yum" + pkgs: "gettext hostname nss_wrapper-libs httpd mod_ssl mod_ldap mod_session mod_security mod_auth_mellon sscg" + pkg_verify: false + redhat_component: "${NAME}-${HTTPD_SHORT_VERSION}-container" + version_label: "1" + license_terms: "https://www.redhat.com/en/about/red-hat-end-user-license-agreements#UBI" + usage_image: "{{ spec.org }}/${NAME}-${HTTPD_SHORT_VERSION}" + + rhel10: + distros: + - rhel-10-x86_64 + s2i_base: ubi10/s2i-core + org: "ubi10" + prod: "rhel10" + img_name: "{{ spec.org }}/${NAME}-${HTTPD_SHORT_VERSION}" + base_image_tag: "" + env_init: "combined_with_arch" + var_style: "braces" + pkg_manager: "dnf" + pkgs: "gettext hostname nss_wrapper-libs httpd mod_ssl mod_ldap mod_session sscg" + pkg_verify: false + redhat_component: "${NAME}-${HTTPD_SHORT_VERSION}-container" + version_label: "" + license_terms: "https://www.redhat.com/en/about/red-hat-end-user-license-agreements#UBI" + usage_image: "{{ spec.org }}/${NAME}-${HTTPD_SHORT_VERSION}" + + c9s: + distros: + - centos-stream-9-x86_64 + s2i_base: quay.io/sclorg/s2i-core-c9s:c9s + org: "sclorg" + prod: "c9s" + img_name: "{{ spec.org }}/${NAME}-${HTTPD_SHORT_VERSION}-{{ spec.prod }}" + base_image_tag: ":c9s" + env_init: "combined" + var_style: "braces" + pkg_manager: "yum" + pkgs: "gettext hostname nss_wrapper-libs httpd mod_ssl mod_ldap mod_session mod_security mod_auth_mellon sscg" + pkg_verify: false + redhat_component: "${NAME}-${HTTPD_SHORT_VERSION}-container" + version_label: "1" + license_terms: "https://www.redhat.com/en/about/red-hat-end-user-license-agreements#UBI" + usage_image: "quay.io/{{ spec.org }}/${NAME}-${HTTPD_SHORT_VERSION}-{{ spec.prod }}" + + c10s: + distros: + - centos-stream-10-x86_64 + s2i_base: quay.io/sclorg/s2i-core-c10s:c10s + org: "sclorg" + prod: "c10s" + img_name: "{{ spec.org }}/${NAME}-${HTTPD_SHORT_VERSION}-{{ spec.prod }}" + base_image_tag: ":c10s" + env_init: "combined_with_arch" + var_style: "braces" + pkg_manager: "dnf" + pkgs: "gettext hostname nss_wrapper-libs httpd mod_ssl mod_ldap mod_session sscg" + pkg_verify: false + redhat_component: "${NAME}-${HTTPD_SHORT_VERSION}-container" + version_label: "1" + license_terms: "https://www.redhat.com/en/about/red-hat-end-user-license-agreements#UBI" + usage_image: "quay.io/{{ spec.org }}/${NAME}-${HTTPD_SHORT_VERSION}-{{ spec.prod }}" + + fedora42: + distros: + - fedora-42-x86_64 + s2i_base: quay.io/fedora/s2i-core:42 + org: "fedora" + prod: "fedora" + img_name: "{{ spec.org }}/${NAME}-${HTTPD_SHORT_VERSION}" + base_image_tag: ":42" + env_init: "combined_with_arch" + var_style: "braces" + pkg_manager: "dnf" + pkg_clean: "dnf clean all" + pkgs: "nss_wrapper-libs httpd mod_ssl mod_ldap mod_session mod_security sscg" + extra_install: "dnf install -y yum-utils gettext hostname && \\" + pkg_verify: false + redhat_component: "${NAME}" + version_label: "version" + license_terms: "" + usage_image: "quya.io/{{ spec.org }}/${NAME}-${HTTPD_SHORT_VERSION}" + fedora_specific: true + + version: + "2.4": + version: "2.4" + short: "24" + common_image_name: "{{ spec.org }}/httpd-{{ spec.short }}-{{ spec.prod }}" + +matrix: + include: + - version: "2.4" + distros: + - rhel-8-x86_64 + - rhel-9-x86_64 + - rhel-10-x86_64 + - centos-stream-9-x86_64 + - centos-stream-10-x86_64 + - fedora-42-x86_64 diff --git a/src/Dockerfile b/src/Dockerfile new file mode 100644 index 00000000..501c95ee --- /dev/null +++ b/src/Dockerfile @@ -0,0 +1,158 @@ +FROM {{ spec.s2i_base }} + +# Apache HTTP Server image. +# +# Volumes: +# * /var/www - Datastore for httpd +{% if spec.prod == "fedora" %} +# * /var/log/httpd - Storage for logs when $HTTPD_LOG_TO_VOLUME is set +# Environment: +# * $HTTPD_LOG_TO_VOLUME (optional) - When set, httpd will log into /var/log/httpd +{% else %} +# * /var/log/httpd24 - Storage for logs when $HTTPD_LOG_TO_VOLUME is set +# Environment: +# * $HTTPD_LOG_TO_VOLUME (optional) - When set, httpd will log into /var/log/httpd24 +{% endif %} + +{% if spec.env_init == "simple" %} +ENV HTTPD_VERSION={{ spec.version }} + +ENV SUMMARY="Platform for running Apache httpd $HTTPD_VERSION or building httpd-based application" \ + DESCRIPTION="Apache httpd $HTTPD_VERSION available as container, is a powerful, efficient, \ +{% elif spec.env_init == "combined" %} +ENV HTTPD_VERSION={{ spec.version }} \ + HTTPD_SHORT_VERSION={{ spec.short }} \ + NAME=httpd + +ENV SUMMARY="Platform for running Apache httpd ${HTTPD_VERSION} or building httpd-based application" \ + DESCRIPTION="Apache httpd ${HTTPD_VERSION} available as container, is a powerful, efficient, \ +{% else %} +ENV HTTPD_VERSION={{ spec.version }} \ + HTTPD_SHORT_VERSION={{ spec.short }} \ + NAME=httpd \ + ARCH=x86_64 + +ENV SUMMARY="Platform for running Apache httpd ${HTTPD_VERSION} or building httpd-based application" \ + DESCRIPTION="Apache httpd ${HTTPD_VERSION} available as container, is a powerful, efficient, \ +{% endif %} +and extensible web server. Apache supports a variety of features, many implemented as compiled modules \ +which extend the core functionality. \ +These can range from server-side programming language support to authentication schemes. \ +Virtual hosting allows one Apache installation to serve many different Web sites." + +{% if spec.var_style == "dollar" %} +LABEL summary="$SUMMARY" \ + description="$DESCRIPTION" \ + io.k8s.description="$DESCRIPTION" \ + io.k8s.display-name="Apache httpd $HTTPD_VERSION" \ + io.openshift.expose-services="8080:http,8443:https" \ + io.openshift.tags="builder,httpd,httpd-{{ spec.short }}" \ + name="{{ spec.img_name }}" \ +{% if spec.version_label %} + version="{{ spec.version_label }}" \ +{% endif %} +{% if spec.license_terms %} + com.redhat.license_terms="{{ spec.license_terms }}" \ +{% endif %} + com.redhat.component="{{ spec.redhat_component }}" \ + usage="s2i build https://github.com/sclorg/httpd-container.git --context-dir=examples/sample-test-app/ {{ spec.usage_image }} sample-server" \ + maintainer="SoftwareCollections.org " +{% elif spec.fedora_specific %} +LABEL summary="${SUMMARY}" \ + description="${DESCRIPTION}" \ + io.k8s.description="${SUMMARY}" \ + io.k8s.display-name="Apache httpd ${HTTPD_VERSION}" \ + io.openshift.expose-services="8080:http,8443:https" \ + io.openshift.tags="builder,${NAME},${NAME}${HTTPD_SHORT_VERSION}" \ + com.redhat.component="{{ spec.redhat_component }}" \ + name="{{ spec.img_name }}" \ + version="${HTTPD_VERSION}" \ + usage="s2i build https://github.com/sclorg/httpd-container.git --context-dir=examples/sample-test-app/ {{ spec.usage_image }} sample-server" \ + maintainer="SoftwareCollections.org " +{% else %} +LABEL summary="${SUMMARY}" \ + description="${DESCRIPTION}" \ + io.k8s.description="${DESCRIPTION}" \ + io.k8s.display-name="Apache httpd ${HTTPD_VERSION}" \ + io.openshift.expose-services="8080:http,8443:https" \ + io.openshift.tags="builder,${NAME},${NAME}-${HTTPD_SHORT_VERSION}" \ + name="{{ spec.img_name }}" \ +{% if spec.version_label %} + version="{{ spec.version_label }}" \ +{% endif %} +{% if spec.license_terms %} + com.redhat.license_terms="{{ spec.license_terms }}" \ +{% endif %} + com.redhat.component="{{ spec.redhat_component }}" \ + usage="s2i build https://github.com/sclorg/httpd-container.git --context-dir=examples/sample-test-app/ {{ spec.usage_image }} sample-server" \ + maintainer="SoftwareCollections.org " +{% endif %} + +EXPOSE 8080 +EXPOSE 8443 + +{% if spec.extra_install %} +RUN {{ spec.extra_install }} + INSTALL_PKGS="{{ spec.pkgs }}" && \ + {{ spec.pkg_manager }} install -y --setopt=tsflags=nodocs ${INSTALL_PKGS} && \ + httpd -v | grep -qe "Apache/${HTTPD_VERSION}" && echo "Found VERSION ${HTTPD_VERSION}" && \ +{% if spec.pkg_clean %} + {{ spec.pkg_clean }} +{% else %} + {{ spec.pkg_manager }} -y clean all --enablerepo='*' +{% endif %} +{% elif spec.pkg_verify %} +RUN {% if spec.module_enable %}{{ spec.module_enable }} + {% endif %}{% if spec.var_style == "dollar" %} INSTALL_PKGS="{{ spec.pkgs }}" && \ + {{ spec.pkg_manager }} install -y --setopt=tsflags=nodocs $INSTALL_PKGS && \ + rpm -V $INSTALL_PKGS && \ + httpd -v | grep -qe "Apache/$HTTPD_VERSION" && echo "Found VERSION $HTTPD_VERSION" && \ +{% else %}INSTALL_PKGS="{{ spec.pkgs }}" && \ + {{ spec.pkg_manager }} install -y --setopt=tsflags=nodocs ${INSTALL_PKGS} && \ + rpm -V ${INSTALL_PKGS} && \ + httpd -v | grep -qe "Apache/${HTTPD_VERSION}" && echo "Found VERSION ${HTTPD_VERSION}" && \ +{% endif %} + {{ spec.pkg_manager }} -y clean all --enablerepo='*' +{% else %} +RUN INSTALL_PKGS="{{ spec.pkgs }}" && \ + {{ spec.pkg_manager }} install -y --setopt=tsflags=nodocs ${INSTALL_PKGS} && \ + httpd -v | grep -qe "Apache/${HTTPD_VERSION}" && echo "Found VERSION ${HTTPD_VERSION}" && \ + {{ spec.pkg_manager }} -y clean all --enablerepo='*' +{% endif %} + +ENV HTTPD_CONTAINER_SCRIPTS_PATH=/usr/share/container-scripts/httpd/ \ + HTTPD_APP_ROOT=${APP_ROOT} \ + HTTPD_CONFIGURATION_PATH=${APP_ROOT}/etc/httpd.d \ + HTTPD_MAIN_CONF_PATH=/etc/httpd/conf \ + HTTPD_MAIN_CONF_MODULES_D_PATH=/etc/httpd/conf.modules.d \ + HTTPD_MAIN_CONF_D_PATH=/etc/httpd/conf.d \ + HTTPD_TLS_CERT_PATH=/etc/httpd/tls \ + HTTPD_VAR_RUN=/var/run/httpd \ + HTTPD_DATA_PATH=/var/www \ + HTTPD_DATA_ORIG_PATH=/var/www \ + HTTPD_LOG_PATH=/var/log/httpd + +{% if spec.copy_version %} +COPY {{ spec.copy_version }}/s2i/bin/ $STI_SCRIPTS_PATH +COPY {{ spec.copy_version }}/root / +{% else %} +COPY ${HTTPD_VERSION}/s2i/bin/ ${STI_SCRIPTS_PATH} +COPY ${HTTPD_VERSION}/root / +{% endif %} + +{% if spec.fedora_specific %} +# Generate SSL certs and reset permissions of filesystem to default values +# Reset permissions of filesystem to default values +{% else %} +# Reset permissions of filesystem to default values +{% endif %} +RUN /usr/libexec/httpd-prepare && rpm-file-permissions + +USER 1001 + +# Not using VOLUME statement since it's not working in OpenShift Online: +# https://github.com/sclorg/httpd-container/issues/30 +# VOLUME ["${HTTPD_DATA_PATH}"] +# VOLUME ["${HTTPD_LOG_PATH}"] + +CMD ["/usr/bin/run-httpd"] diff --git a/src/README.md b/src/README.md new file mode 120000 index 00000000..299cf2b6 --- /dev/null +++ b/src/README.md @@ -0,0 +1 @@ +root/usr/share/container-scripts/httpd/README.md \ No newline at end of file diff --git a/src/root/README.md b/src/root/README.md new file mode 100644 index 00000000..318b2854 --- /dev/null +++ b/src/root/README.md @@ -0,0 +1,251 @@ +Apache HTTP Server 2.4 Container Image +====================================== + +This container image includes Apache HTTP Server 2.4 for OpenShift and general usage. +Users can choose between RHEL, CentOS and Fedora based images. +The RHEL images are available in the [Red Hat Container Catalog](https://access.redhat.com/containers/), +the CentOS Stream images are available on [Quay.io](https://quay.io/organization/sclorg), +and the Fedora images are available in [Fedora Registry](https://registry.fedoraproject.org/). +The resulting image can be run using [podman](https://github.com/containers/libpod). + +Note: while the examples in this README are calling `podman`, you can replace any such calls by `docker` with the same arguments + +Description +----------- + +Apache HTTP Server 2.4 available as container, is a powerful, efficient, +and extensible web server. Apache supports a variety of features, many implemented as compiled modules +which extend the core functionality. +These can range from server-side programming language support to authentication schemes. +Virtual hosting allows one Apache installation to serve many different Web sites." + + +Usage in OpenShift +------------------ +In this example, we assume that you are using the `rhel10/httpd-24` image, available through the `openshift/httpd:2.4-el10` imagestream tag in Openshift. +To build a simple [httpd-sample-app](https://github.com/sclorg/httpd-ex.git) application in Openshift: + +``` +oc new-app openshift/httpd:2.4-el10~https://github.com/sclorg/httpd-ex.git +``` + +To access the application: +``` +$ oc get pods +$ oc exec -- curl 127.0.0.1:8080 +``` + +Source-to-Image framework and scripts +------------------------------------- +This image supports the [Source-to-Image](https://docs.openshift.com/container-platform/4.14/openshift_images/create-images.html#images-create-s2i_create-images) +(S2I) strategy in OpenShift. The Source-to-Image is an OpenShift framework +which makes it easy to write images that take application source code as +an input, use a builder image like this httpd container image, and produce +a new image that runs the assembled application as an output. + +To support the Source-to-Image framework, important scripts are included in the builder image: + +* The `/usr/libexec/s2i/run` script is set as the default command in the resulting container image (the new image with the application artifacts). + +* The `/usr/libexec/s2i/assemble` script inside the image is run to produce a new image with the application artifacts. The script takes sources of a given application and places them into appropriate directories inside the image. The structure of httpd-app can look like this: + +**`./httpd-cfg`** + Can contain additional Apache configuration files (`*.conf`) + +**`./httpd-pre-init`** + Can contain shell scripts (`*.sh`) that are sourced before `httpd` is started + +**`./httpd-ssl`** + Can contain user's own SSL certificate (in the `certs/` subdirectory) and a key (in the `private/` subdirectory) + +**`./`** + Application source code + + +Build an application using a Dockerfile +--------------------------------------- +Compared to the Source-to-Image strategy, using a Dockerfile is a more +flexible way to build an httpd container image with an application. +Use a Dockerfile when Source-to-Image is not sufficiently flexible for you or +when you build the image outside of the OpenShift environment. + +To use the httpd image in a Dockerfile, follow these steps: + +#### 1. Pull a base builder image to build on + +``` +podman pull rhel10/httpd-24 +``` + +#### 2. Pull an application code + +An example application available at https://github.com/sclorg/httpd-ex.git is used here. To adjust the example application, clone the repository. + +``` +git clone https://github.com/sclorg/httpd-ex.git app-src +``` + +#### 3. Prepare an application inside a container + +This step usually consists of at least these parts: + +* putting the application source into the container +* moving certificates to the correct place (if available in the application source code) +* setting the default command in the resulting image + +For all these three parts, you can either set up all manually and use the `httpd` or `run-httpd` commands explicitly in the Dockerfile ([3.1.](#31-to-use-own-setup-create-a-dockerfile-with-this-content)), or you can use the Source-to-Image scripts inside the image ([3.2.](#32-to-use-the-source-to-image-scripts-and-build-an-image-using-a-dockerfile-create-a-dockerfile-with-this-content). For more information about these scripts, which enable you to set-up and run the httpd daemon, see the "Source-to-Image framework and scripts" section above. + +##### 3.1. To use your own setup, create a Dockerfile with this content: +``` +FROM registry.redhat.io/rhel10/httpd-24 + +# Add application sources +ADD app-src/index.html /var/www/html/index.html + +# The run script uses standard ways to run the application +CMD run-httpd +``` + +##### 3.2. To use the Source-to-Image scripts and build an image using a Dockerfile, create a Dockerfile with this content: +``` +FROM registry.redhat.io/rhel10/httpd-24 + +# Add application sources to a directory where the assemble script expects them +# and set permissions so that the container runs without the root access +USER 0 +ADD app-src/index.html /tmp/src/index.html +RUN chown -R 1001:0 /tmp/src +USER 1001 + +# Let the assemble script install the dependencies +RUN /usr/libexec/s2i/assemble + +# The run script uses standard ways to run the application +CMD /usr/libexec/s2i/run +``` + +#### 4. Build a new image from a Dockerfile prepared in the previous step + +``` +podman build -t httpd-app . +``` + +#### 5. Run the resulting image with the final application + +``` +podman run -d httpd-app +``` + + +Direct usage with a mounted directory +------------------------------------- + +An example of the data on the host for both the examples above, which is served by +The Apache HTTP web server: + +``` +$ ls -lZ /wwwdata/html +-rw-r--r--. 1 1001 1001 54321 Jan 01 12:34 index.html +-rw-r--r--. 1 1001 1001 5678 Jan 01 12:34 page.html +``` + +If you want to run the image directly and mount the static pages available in the `/wwwdata/` directory on the host +as a container volume, execute the following command: + +``` +$ podman run -d --name httpd -p 8080:8080 -v /wwwdata:/var/www:Z rhel10/httpd-24 +``` + +This creates a container named `httpd` running the Apache HTTP Server, serving data from +` the /wwwdata/` directory. Port 8080 is exposed and mapped to the host. + + + +Environment variables and volumes +--------------------------------- + +The Apache HTTP Server container image supports the following configuration variable, which can be set by using the `-e` option with the podman run command: + +**`HTTPD_LOG_TO_VOLUME`** + By default, httpd logs into standard output, so the logs are accessible by using the podman logs command. When `HTTPD_LOG_TO_VOLUME` is set, httpd logs into `/var/log/httpd24`, which can be mounted to host system using the container volumes. This option is only allowed when container is run as UID 0. + +**`HTTPD_MPM`** + The variable `HTTPD_MPM` can be set to change the default Multi-Processing Module (MPM) from the package default MPM. + + +If you want to run the image and mount the log files into `/wwwlogs` on the host +as a container volume, execute the following command: + +``` +$ podman run -d -u 0 -e HTTPD_LOG_TO_VOLUME=1 --name httpd -v /wwwlogs:/var/log/httpd24:Z rhel10/httpd-24 +``` + +To run an image using the `event` MPM (rather than the default `prefork`), execute the following command: + +``` +$ podman run -d -e HTTPD_MPM=event --name httpd rhel10/httpd-24 +``` + +You can also set the following mount points by passing the `-v /host:/container` flag to podman. + +**`/var/www`** + Apache HTTP Server data directory + +**`/var/log/httpd24`** + Apache HTTP Server log directory (available only when running as root, path `/var/log/httpd` is used in case of Fedora based image) + + +**Notice: When mouting a directory from the host into the container, ensure that the mounted +directory has the appropriate permissions and that the owner and group of the directory +matches the user UID or name which is running inside the container.** + +Default SSL certificates +------------------------ + +Default SSL certificates are generated when Apache HTTP server container is started for the first time or own SSL certificates were not provided (see bolow how to provide them). SSL certificates are not stored in the base image but generated, so each container will have unique default SSL key pair. SSL certificate/key are stored in /etc/httpd/tls directory: + + /etc/httpd/tls/localhost.key + /etc/httpd/tls/localhost.crt + + +Using own SSL certificates +-------------------------- +In order to provide own SSL certificates for securing the connection with SSL, use the extending feature described above. In particular, put the SSL certificates into a separate directory inside your application: + + ./httpd-ssl/certs/server-cert-selfsigned.pem + ./httpd-ssl/private/server-key.pem + +The default behaviour is to look for the certificate and the private key in subdirectories certs/ and private/; those files will be used for the ssl settings in the httpd. + + +Default user +------------ + +By default, Apache HTTP Server container runs as UID 1001. That means the volume mounted directories for the files (if mounted using `-v` option) need to be prepared properly, so the UID 1001 can read them. + +To run the container as a different UID, use `-u` option. For example if you want to run the container as UID 1234, execute the following command: + +``` +podman run -d -u 1234 rhel10/httpd-24 +``` + +To log into a volume mounted directory, the container needs to be run as UID 0 (see above). + + +Troubleshooting +--------------- +The httpd deamon in the container logs to the standard output by default, so the log is available in the container log. The log can be examined by running: + + podman logs + + +See also +-------- +Dockerfile and other sources for this container image are available on +https://github.com/sclorg/httpd-container. +In that repository, the Dockerfile for RHEL8 is called Dockerfile.rhel8, +the Dockerfile for RHEL9 is called Dockerfile.rhel9, +the Dockerfile for RHEL10 is called Dockerfile.rhel10, +the Dockerfile for CentOS Stream 9 is called Dockerfile.c9s, +the Dockerfile for CentOS Stream 10 is called Dockerfile.c10s, +and the Dockerfile for Fedora is called Dockerfile.fedora. diff --git a/src/root/usr/bin/run-httpd b/src/root/usr/bin/run-httpd new file mode 100755 index 00000000..e03578fd --- /dev/null +++ b/src/root/usr/bin/run-httpd @@ -0,0 +1,18 @@ +#!/bin/bash + +set -eu + +source ${HTTPD_CONTAINER_SCRIPTS_PATH}/common.sh + +# Check whether we run as s2i +if ! [ -v HTTPD_RUN_BY_S2I ] && runs_privileged ; then + config_privileged +else + # We run as non-root or as s2i + config_non_privileged + generate_container_user +fi + +process_extending_files ${HTTPD_APP_ROOT}/src/httpd-pre-init/ ${HTTPD_CONTAINER_SCRIPTS_PATH}/pre-init/ + +exec httpd -D FOREGROUND $@ diff --git a/src/root/usr/libexec/httpd-prepare b/src/root/usr/libexec/httpd-prepare new file mode 100755 index 00000000..3454cd1d --- /dev/null +++ b/src/root/usr/libexec/httpd-prepare @@ -0,0 +1,28 @@ +#!/bin/bash + +set -e + +source ${HTTPD_CONTAINER_SCRIPTS_PATH}/common.sh + +mkdir -p ${HTTPD_CONFIGURATION_PATH} +chmod -R a+rwx ${HTTPD_MAIN_CONF_PATH} +chmod -R a+rwx ${HTTPD_MAIN_CONF_D_PATH} +chmod -R a+rwx ${HTTPD_MAIN_CONF_MODULES_D_PATH} +mkdir -p ${HTTPD_APP_ROOT}/etc +chmod -R a+rwx ${HTTPD_APP_ROOT}/etc +chmod -R a+rwx ${HTTPD_VAR_RUN} +chown -R 1001:0 ${HTTPD_APP_ROOT} +chown -R 1001:0 ${HTTPD_DATA_PATH} +chmod -R g+rwx ${HTTPD_LOG_PATH} +chown -R 1001:0 ${HTTPD_LOG_PATH} + +# remove bundled key pair and create new dir, where we store it +rm -f /etc/pki/tls/certs/localhost.crt +rm -f /etc/pki/tls/private/localhost.key +mkdir -p $HTTPD_TLS_CERT_PATH +chmod -R a+rwx $HTTPD_TLS_CERT_PATH + +mkdir -p ${HTTPD_CONTAINER_SCRIPTS_PATH}/pre-init + +config_general + diff --git a/src/root/usr/share/container-scripts/httpd/README.md b/src/root/usr/share/container-scripts/httpd/README.md new file mode 100644 index 00000000..318b2854 --- /dev/null +++ b/src/root/usr/share/container-scripts/httpd/README.md @@ -0,0 +1,251 @@ +Apache HTTP Server 2.4 Container Image +====================================== + +This container image includes Apache HTTP Server 2.4 for OpenShift and general usage. +Users can choose between RHEL, CentOS and Fedora based images. +The RHEL images are available in the [Red Hat Container Catalog](https://access.redhat.com/containers/), +the CentOS Stream images are available on [Quay.io](https://quay.io/organization/sclorg), +and the Fedora images are available in [Fedora Registry](https://registry.fedoraproject.org/). +The resulting image can be run using [podman](https://github.com/containers/libpod). + +Note: while the examples in this README are calling `podman`, you can replace any such calls by `docker` with the same arguments + +Description +----------- + +Apache HTTP Server 2.4 available as container, is a powerful, efficient, +and extensible web server. Apache supports a variety of features, many implemented as compiled modules +which extend the core functionality. +These can range from server-side programming language support to authentication schemes. +Virtual hosting allows one Apache installation to serve many different Web sites." + + +Usage in OpenShift +------------------ +In this example, we assume that you are using the `rhel10/httpd-24` image, available through the `openshift/httpd:2.4-el10` imagestream tag in Openshift. +To build a simple [httpd-sample-app](https://github.com/sclorg/httpd-ex.git) application in Openshift: + +``` +oc new-app openshift/httpd:2.4-el10~https://github.com/sclorg/httpd-ex.git +``` + +To access the application: +``` +$ oc get pods +$ oc exec -- curl 127.0.0.1:8080 +``` + +Source-to-Image framework and scripts +------------------------------------- +This image supports the [Source-to-Image](https://docs.openshift.com/container-platform/4.14/openshift_images/create-images.html#images-create-s2i_create-images) +(S2I) strategy in OpenShift. The Source-to-Image is an OpenShift framework +which makes it easy to write images that take application source code as +an input, use a builder image like this httpd container image, and produce +a new image that runs the assembled application as an output. + +To support the Source-to-Image framework, important scripts are included in the builder image: + +* The `/usr/libexec/s2i/run` script is set as the default command in the resulting container image (the new image with the application artifacts). + +* The `/usr/libexec/s2i/assemble` script inside the image is run to produce a new image with the application artifacts. The script takes sources of a given application and places them into appropriate directories inside the image. The structure of httpd-app can look like this: + +**`./httpd-cfg`** + Can contain additional Apache configuration files (`*.conf`) + +**`./httpd-pre-init`** + Can contain shell scripts (`*.sh`) that are sourced before `httpd` is started + +**`./httpd-ssl`** + Can contain user's own SSL certificate (in the `certs/` subdirectory) and a key (in the `private/` subdirectory) + +**`./`** + Application source code + + +Build an application using a Dockerfile +--------------------------------------- +Compared to the Source-to-Image strategy, using a Dockerfile is a more +flexible way to build an httpd container image with an application. +Use a Dockerfile when Source-to-Image is not sufficiently flexible for you or +when you build the image outside of the OpenShift environment. + +To use the httpd image in a Dockerfile, follow these steps: + +#### 1. Pull a base builder image to build on + +``` +podman pull rhel10/httpd-24 +``` + +#### 2. Pull an application code + +An example application available at https://github.com/sclorg/httpd-ex.git is used here. To adjust the example application, clone the repository. + +``` +git clone https://github.com/sclorg/httpd-ex.git app-src +``` + +#### 3. Prepare an application inside a container + +This step usually consists of at least these parts: + +* putting the application source into the container +* moving certificates to the correct place (if available in the application source code) +* setting the default command in the resulting image + +For all these three parts, you can either set up all manually and use the `httpd` or `run-httpd` commands explicitly in the Dockerfile ([3.1.](#31-to-use-own-setup-create-a-dockerfile-with-this-content)), or you can use the Source-to-Image scripts inside the image ([3.2.](#32-to-use-the-source-to-image-scripts-and-build-an-image-using-a-dockerfile-create-a-dockerfile-with-this-content). For more information about these scripts, which enable you to set-up and run the httpd daemon, see the "Source-to-Image framework and scripts" section above. + +##### 3.1. To use your own setup, create a Dockerfile with this content: +``` +FROM registry.redhat.io/rhel10/httpd-24 + +# Add application sources +ADD app-src/index.html /var/www/html/index.html + +# The run script uses standard ways to run the application +CMD run-httpd +``` + +##### 3.2. To use the Source-to-Image scripts and build an image using a Dockerfile, create a Dockerfile with this content: +``` +FROM registry.redhat.io/rhel10/httpd-24 + +# Add application sources to a directory where the assemble script expects them +# and set permissions so that the container runs without the root access +USER 0 +ADD app-src/index.html /tmp/src/index.html +RUN chown -R 1001:0 /tmp/src +USER 1001 + +# Let the assemble script install the dependencies +RUN /usr/libexec/s2i/assemble + +# The run script uses standard ways to run the application +CMD /usr/libexec/s2i/run +``` + +#### 4. Build a new image from a Dockerfile prepared in the previous step + +``` +podman build -t httpd-app . +``` + +#### 5. Run the resulting image with the final application + +``` +podman run -d httpd-app +``` + + +Direct usage with a mounted directory +------------------------------------- + +An example of the data on the host for both the examples above, which is served by +The Apache HTTP web server: + +``` +$ ls -lZ /wwwdata/html +-rw-r--r--. 1 1001 1001 54321 Jan 01 12:34 index.html +-rw-r--r--. 1 1001 1001 5678 Jan 01 12:34 page.html +``` + +If you want to run the image directly and mount the static pages available in the `/wwwdata/` directory on the host +as a container volume, execute the following command: + +``` +$ podman run -d --name httpd -p 8080:8080 -v /wwwdata:/var/www:Z rhel10/httpd-24 +``` + +This creates a container named `httpd` running the Apache HTTP Server, serving data from +` the /wwwdata/` directory. Port 8080 is exposed and mapped to the host. + + + +Environment variables and volumes +--------------------------------- + +The Apache HTTP Server container image supports the following configuration variable, which can be set by using the `-e` option with the podman run command: + +**`HTTPD_LOG_TO_VOLUME`** + By default, httpd logs into standard output, so the logs are accessible by using the podman logs command. When `HTTPD_LOG_TO_VOLUME` is set, httpd logs into `/var/log/httpd24`, which can be mounted to host system using the container volumes. This option is only allowed when container is run as UID 0. + +**`HTTPD_MPM`** + The variable `HTTPD_MPM` can be set to change the default Multi-Processing Module (MPM) from the package default MPM. + + +If you want to run the image and mount the log files into `/wwwlogs` on the host +as a container volume, execute the following command: + +``` +$ podman run -d -u 0 -e HTTPD_LOG_TO_VOLUME=1 --name httpd -v /wwwlogs:/var/log/httpd24:Z rhel10/httpd-24 +``` + +To run an image using the `event` MPM (rather than the default `prefork`), execute the following command: + +``` +$ podman run -d -e HTTPD_MPM=event --name httpd rhel10/httpd-24 +``` + +You can also set the following mount points by passing the `-v /host:/container` flag to podman. + +**`/var/www`** + Apache HTTP Server data directory + +**`/var/log/httpd24`** + Apache HTTP Server log directory (available only when running as root, path `/var/log/httpd` is used in case of Fedora based image) + + +**Notice: When mouting a directory from the host into the container, ensure that the mounted +directory has the appropriate permissions and that the owner and group of the directory +matches the user UID or name which is running inside the container.** + +Default SSL certificates +------------------------ + +Default SSL certificates are generated when Apache HTTP server container is started for the first time or own SSL certificates were not provided (see bolow how to provide them). SSL certificates are not stored in the base image but generated, so each container will have unique default SSL key pair. SSL certificate/key are stored in /etc/httpd/tls directory: + + /etc/httpd/tls/localhost.key + /etc/httpd/tls/localhost.crt + + +Using own SSL certificates +-------------------------- +In order to provide own SSL certificates for securing the connection with SSL, use the extending feature described above. In particular, put the SSL certificates into a separate directory inside your application: + + ./httpd-ssl/certs/server-cert-selfsigned.pem + ./httpd-ssl/private/server-key.pem + +The default behaviour is to look for the certificate and the private key in subdirectories certs/ and private/; those files will be used for the ssl settings in the httpd. + + +Default user +------------ + +By default, Apache HTTP Server container runs as UID 1001. That means the volume mounted directories for the files (if mounted using `-v` option) need to be prepared properly, so the UID 1001 can read them. + +To run the container as a different UID, use `-u` option. For example if you want to run the container as UID 1234, execute the following command: + +``` +podman run -d -u 1234 rhel10/httpd-24 +``` + +To log into a volume mounted directory, the container needs to be run as UID 0 (see above). + + +Troubleshooting +--------------- +The httpd deamon in the container logs to the standard output by default, so the log is available in the container log. The log can be examined by running: + + podman logs + + +See also +-------- +Dockerfile and other sources for this container image are available on +https://github.com/sclorg/httpd-container. +In that repository, the Dockerfile for RHEL8 is called Dockerfile.rhel8, +the Dockerfile for RHEL9 is called Dockerfile.rhel9, +the Dockerfile for RHEL10 is called Dockerfile.rhel10, +the Dockerfile for CentOS Stream 9 is called Dockerfile.c9s, +the Dockerfile for CentOS Stream 10 is called Dockerfile.c10s, +and the Dockerfile for Fedora is called Dockerfile.fedora. diff --git a/src/root/usr/share/container-scripts/httpd/common.sh b/src/root/usr/share/container-scripts/httpd/common.sh new file mode 100644 index 00000000..205fd697 --- /dev/null +++ b/src/root/usr/share/container-scripts/httpd/common.sh @@ -0,0 +1,222 @@ +# Set of functions used in other scripts + +if head "/etc/redhat-release" | grep -q "^Red Hat Enterprise Linux release 8"; then + HTTPCONF_LINENO=154 +elif head "/etc/redhat-release" | grep -q "^CentOS Stream release 10"; then + HTTPCONF_LINENO=156 +elif head "/etc/redhat-release" | grep -q "^Fedora"; then + HTTPCONF_LINENO=156 +elif [ "x$PLATFORM" == "xel9" ]; then + HTTPCONF_LINENO=156 +elif [ "x$PLATFORM" == "xel10" ]; then + HTTPCONF_LINENO=156 +else + HTTPCONF_LINENO=151 +fi + +gen_ssl_certs() { + local sslcert=$HTTPD_TLS_CERT_PATH/localhost.crt + local sslkey=$HTTPD_TLS_CERT_PATH/localhost.key + local fqdn=`hostname` + + # A >59 char FQDN means "root@FQDN" exceeds 64-char max length for emailAddress + if [ "x${fqdn}" = "x" -o ${#fqdn} -gt 59 ]; then + fqdn=localhost.localdomain + fi + + if [ -f ${sslcert} -o -f ${sslkey} ]; then + return 0 + fi + + echo "---> Generating SSL key pair for httpd..." + if [ -x "/usr/bin/sscg" ]; then + if sscg --help | grep -q dhparams-file; then + # This is not used by mod_ssl but sscg now generates it + # See https://bugzilla.redhat.com/show_bug.cgi?id=2143206 + dhparams=$HTTPD_TLS_CERT_PATH/dhparams.pem + fi + sscg -q \ + --cert-file $sslcert \ + --cert-key-file $sslkey \ + --ca-file $sslcert \ + --lifetime 365 \ + --hostname $fqdn \ + --email root@$fqdn \ + ${dhparams+--dhparams-file $dhparams} + else + openssl genrsa -rand /proc/apm:/proc/cpuinfo:/proc/dma:/proc/filesystems:/proc/interrupts:/proc/ioports:/proc/pci:/proc/rtc:/proc/uptime 2048 > ${sslkey} 2> /dev/null + + cat << EOF | openssl req -new -key ${sslkey} \ + -x509 -sha256 -days 365 -set_serial $RANDOM -extensions v3_req \ + -out ${sslcert} 2>/dev/null +-- +SomeState +SomeCity +SomeOrganization +SomeOrganizationalUnit +${fqdn} +root@${fqdn} +EOF + fi + + chmod 640 "${sslcert}" + chmod 640 "${sslkey}" +} + +config_general() { + sed -i -e 's/^Listen 80$/Listen 8080/' ${HTTPD_MAIN_CONF_PATH}/httpd.conf && \ + sed -i -e ${HTTPCONF_LINENO}'s%AllowOverride None%AllowOverride All%' ${HTTPD_MAIN_CONF_PATH}/httpd.conf && \ + sed -i -e 's/^Listen 443/Listen 8443/' ${HTTPD_MAIN_CONF_D_PATH}/ssl.conf + sed -i -e 's/_default_:443/_default_:8443/' ${HTTPD_MAIN_CONF_D_PATH}/ssl.conf + + # do sed for SSLCertificateFile and SSLCertificateKeyFile + sed -i -e "s|^SSLCertificateFile .*$|SSLCertificateFile ${HTTPD_TLS_CERT_PATH}/localhost.crt|" ${HTTPD_MAIN_CONF_D_PATH}/ssl.conf + sed -i -e "s|^SSLCertificateKeyFile .*$|SSLCertificateKeyFile ${HTTPD_TLS_CERT_PATH}/localhost.key|" ${HTTPD_MAIN_CONF_D_PATH}/ssl.conf +} + +config_log_to_stdout() { + sed -ri " s!^(\s*CustomLog)\s+\S+!\1 |/usr/bin/cat!g; s!^(\s*ErrorLog)\s+\S+!\1 |/usr/bin/cat!g;" ${HTTPD_MAIN_CONF_PATH}/httpd.conf + sed -ri " s!^(\s*CustomLog)\s+\S+!\1 |/usr/bin/cat!g; s!^(\s*TransferLog)\s+\S+!\1 |/usr/bin/cat!g; s!^(\s*ErrorLog)\s+\S+!\1 |/usr/bin/cat!g;" ${HTTPD_MAIN_CONF_D_PATH}/ssl.conf +} + +runs_privileged() { + test "$(id -u)" == "0" + return $? +} + +config_privileged() { + # Change the s2i permissions back to the normal ones + chmod 644 ${HTTPD_MAIN_CONF_PATH}/* && \ + chmod 755 ${HTTPD_MAIN_CONF_PATH} && \ + chmod 644 ${HTTPD_MAIN_CONF_D_PATH}/* && \ + chmod 755 ${HTTPD_MAIN_CONF_D_PATH} && \ + chmod 644 ${HTTPD_MAIN_CONF_MODULES_D_PATH}/* && \ + chmod 755 ${HTTPD_MAIN_CONF_MODULES_D_PATH} && \ + chmod 600 ${HTTPD_TLS_CERT_PATH}/localhost.crt && \ + chmod 600 ${HTTPD_TLS_CERT_PATH}/localhost.key && \ + chmod 710 ${HTTPD_VAR_RUN} + + if ! [ -v HTTPD_LOG_TO_VOLUME ] ; then + config_log_to_stdout + fi +} + +config_s2i() { + sed -i -e "s%^DocumentRoot \"${HTTPD_DATA_ORIG_PATH}/html\"%DocumentRoot \"${HTTPD_APP_ROOT}/src\"%" ${HTTPD_MAIN_CONF_PATH}/httpd.conf + sed -i -e "s%^> ${HTTPD_MAIN_CONF_PATH}/httpd.conf && \ + head -n${HTTPCONF_LINENO} ${HTTPD_MAIN_CONF_PATH}/httpd.conf | tail -n1 | grep "AllowOverride All" || exit +} + +config_non_privileged() { + sed -i -e "s/^User apache/User default/" ${HTTPD_MAIN_CONF_PATH}/httpd.conf + sed -i -e "s/^Group apache/Group root/" ${HTTPD_MAIN_CONF_PATH}/httpd.conf + config_log_to_stdout + if [ -v HTTPD_LOG_TO_VOLUME ] ; then + echo "Error: Option HTTPD_LOG_TO_VOLUME is only valid for privileged runs (as UID 0)." + return 1 + fi +} + +config_mpm() { + if [ -v HTTPD_MPM -a -f ${HTTPD_MAIN_CONF_MODULES_D_PATH}/00-mpm.conf ]; then + local mpmconf=${HTTPD_MAIN_CONF_MODULES_D_PATH}/00-mpm.conf + sed -i -e 's,^LoadModule,#LoadModule,' ${mpmconf} + sed -i -e "/LoadModule mpm_${HTTPD_MPM}/s,^#LoadModule,LoadModule," ${mpmconf} + echo "---> Set MPM to ${HTTPD_MPM} in ${mpmconf}" + fi +} + +# get_matched_files finds file for image extending +function get_matched_files() { + local custom_dir default_dir + custom_dir="$1" + default_dir="$2" + files_matched="$3" + find "$default_dir" -maxdepth 1 -type f -name "$files_matched" -printf "%f\n" + [ -d "$custom_dir" ] && find "$custom_dir" -maxdepth 10 -type f -name "$files_matched" -printf "%p\n" +} + +# process_extending_files process extending files in $1 and $2 directories +# - source all *.sh files +# (if there are files with same name source only file from $1) +function process_extending_files() { + local custom_dir default_dir + custom_dir=$1 + default_dir=$2 + while read filename ; do + echo "=> sourcing $filename ..." + # Custom file is prefered + if [ -f $filename ]; then + source $filename + elif [ -f $default_dir/$filename ]; then + source $default_dir/$filename + fi + done <<<"$(get_matched_files "$custom_dir" "$default_dir" '*.sh' | sort -u)" +} + +# Set current user in nss_wrapper +generate_container_user() { + local passwd_output_dir="${HTTPD_APP_ROOT}/etc" + + export USER_ID=$(id -u) + export GROUP_ID=$(id -g) + cp ${HTTPD_CONTAINER_SCRIPTS_PATH}/passwd.template ${passwd_output_dir}/passwd + echo "default:x:${USER_ID}:${GROUP_ID}:Default Application User:${HOME}:/bin/bash" >> ${passwd_output_dir}/passwd + export LD_PRELOAD=libnss_wrapper.so + export NSS_WRAPPER_PASSWD=${passwd_output_dir}/passwd + export NSS_WRAPPER_GROUP=/etc/group +} + +# Copy config files from application to the location where httd expects them +# Param sets the directory where to look for files +process_config_files() { + local dir=${1:-.} + if [ -d ${dir}/httpd-cfg ]; then + echo "---> Copying httpd configuration files..." + if [ "$(ls -A ${dir}/httpd-cfg/*.conf)" ]; then + cp -v ${dir}/httpd-cfg/*.conf "${HTTPD_CONFIGURATION_PATH}" + rm -rf ${dir}/httpd-cfg + fi + else + if [ -d ${dir}/cfg ]; then + echo "---> Copying httpd configuration files from deprecated './cfg' directory, use './httpd-cfg' instead..." + if [ "$(ls -A ${dir}/cfg/*.conf)" ]; then + cp -v ${dir}/cfg/*.conf "${HTTPD_CONFIGURATION_PATH}" + rm -rf ${dir}/cfg + fi + fi + fi +} + +# Copy SSL files provided in application source +process_ssl_certs() { + local dir=${1:-.} + if [ -d ${dir}/httpd-ssl/private ] && [ -d ${dir}/httpd-ssl/certs ]; then + echo "---> Moving the httpd-ssl directory included in the source to a directory that isn't exposed by httpd..." + mv ${dir}/httpd-ssl ${HTTPD_APP_ROOT} + fi + if [ -d ${HTTPD_APP_ROOT}/httpd-ssl/private ] && [ -d ${HTTPD_APP_ROOT}/httpd-ssl/certs ]; then + echo "---> Looking for SSL certs for httpd..." + local ssl_cert="$(ls -A ${HTTPD_APP_ROOT}/httpd-ssl/certs/*.pem | head -n 1)" + local ssl_private="$(ls -A ${HTTPD_APP_ROOT}/httpd-ssl/private/*.pem | head -n 1)" + if [ -f "${ssl_cert}" ] ; then + # do sed for SSLCertificateFile and SSLCertificateKeyFile + echo "---> Setting SSL cert file for httpd..." + sed -i -e "s|^SSLCertificateFile .*$|SSLCertificateFile ${ssl_cert}|" ${HTTPD_MAIN_CONF_D_PATH}/ssl.conf + if [ -f "${ssl_private}" ]; then + echo "---> Setting SSL key file for httpd..." + sed -i -e "s|^SSLCertificateKeyFile .*$|SSLCertificateKeyFile ${ssl_private}|" ${HTTPD_MAIN_CONF_D_PATH}/ssl.conf + else + echo "---> Removing SSL key file settings for httpd..." + sed -i '/^SSLCertificateKeyFile .*/d' ${HTTPD_MAIN_CONF_D_PATH}/ssl.conf + fi + else + # Generate TLS key pair if no SSL cert was found + gen_ssl_certs + fi + else + gen_ssl_certs + fi +} + diff --git a/src/root/usr/share/container-scripts/httpd/passwd.template b/src/root/usr/share/container-scripts/httpd/passwd.template new file mode 100644 index 00000000..c937416f --- /dev/null +++ b/src/root/usr/share/container-scripts/httpd/passwd.template @@ -0,0 +1,14 @@ +root:x:0:0:root:/root:/bin/bash +bin:x:1:1:bin:/bin:/sbin/nologin +daemon:x:2:2:daemon:/sbin:/sbin/nologin +adm:x:3:4:adm:/var/adm:/sbin/nologin +lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin +sync:x:5:0:sync:/sbin:/bin/sync +shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown +halt:x:7:0:halt:/sbin:/sbin/halt +mail:x:8:12:mail:/var/spool/mail:/sbin/nologin +operator:x:11:0:operator:/root:/sbin/nologin +games:x:12:100:games:/usr/games:/sbin/nologin +ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin +nobody:x:99:99:Nobody:/:/sbin/nologin +apache:x:48:48:Apache:/usr/share/httpd:/sbin/nologin diff --git a/src/root/usr/share/container-scripts/httpd/post-assemble/20-copy-config.sh b/src/root/usr/share/container-scripts/httpd/post-assemble/20-copy-config.sh new file mode 100644 index 00000000..2fd03c7d --- /dev/null +++ b/src/root/usr/share/container-scripts/httpd/post-assemble/20-copy-config.sh @@ -0,0 +1,4 @@ +source ${HTTPD_CONTAINER_SCRIPTS_PATH}/common.sh + +# Copy config files from application to the location where httpd expects them +process_config_files diff --git a/src/root/usr/share/container-scripts/httpd/post-assemble/40-ssl-certs.sh b/src/root/usr/share/container-scripts/httpd/post-assemble/40-ssl-certs.sh new file mode 100644 index 00000000..cbad2c37 --- /dev/null +++ b/src/root/usr/share/container-scripts/httpd/post-assemble/40-ssl-certs.sh @@ -0,0 +1,4 @@ +source ${HTTPD_CONTAINER_SCRIPTS_PATH}/common.sh + +# Copy SSL files provided in application source +process_ssl_certs diff --git a/src/root/usr/share/container-scripts/httpd/pre-init/10-set-mpm.sh b/src/root/usr/share/container-scripts/httpd/pre-init/10-set-mpm.sh new file mode 100644 index 00000000..f7de4959 --- /dev/null +++ b/src/root/usr/share/container-scripts/httpd/pre-init/10-set-mpm.sh @@ -0,0 +1,3 @@ +source ${HTTPD_CONTAINER_SCRIPTS_PATH}/common.sh + +config_mpm diff --git a/src/root/usr/share/container-scripts/httpd/pre-init/20-copy-config.sh b/src/root/usr/share/container-scripts/httpd/pre-init/20-copy-config.sh new file mode 100644 index 00000000..f7ce08b5 --- /dev/null +++ b/src/root/usr/share/container-scripts/httpd/pre-init/20-copy-config.sh @@ -0,0 +1,4 @@ +source ${HTTPD_CONTAINER_SCRIPTS_PATH}/common.sh + +# Copy config files from application to the location where httd expects them +process_config_files ${HTTPD_APP_ROOT}/src diff --git a/src/root/usr/share/container-scripts/httpd/pre-init/40-ssl-certs.sh b/src/root/usr/share/container-scripts/httpd/pre-init/40-ssl-certs.sh new file mode 100644 index 00000000..38bc8cf3 --- /dev/null +++ b/src/root/usr/share/container-scripts/httpd/pre-init/40-ssl-certs.sh @@ -0,0 +1,4 @@ +source ${HTTPD_CONTAINER_SCRIPTS_PATH}/common.sh + +# Copy SSL files provided in application source +process_ssl_certs ${HTTPD_APP_ROOT}/src diff --git a/src/s2i/bin/assemble b/src/s2i/bin/assemble new file mode 100755 index 00000000..ad6f7c8b --- /dev/null +++ b/src/s2i/bin/assemble @@ -0,0 +1,21 @@ +#!/bin/bash + +set -e + +source ${HTTPD_CONTAINER_SCRIPTS_PATH}/common.sh + +echo "---> Enabling s2i support in httpd24 image" + +config_s2i + +echo "---> Installing application source" +cp -af /tmp/src/. ./ +rm -rf ./.hg ./.git ./.svn + +# Fix source directory permissions +fix-permissions ./ + +process_extending_files ${HTTPD_APP_ROOT}/src/httpd-post-assemble/ ${HTTPD_CONTAINER_SCRIPTS_PATH}/post-assemble/ + +# Fix source directory permissions +fix-permissions ./ diff --git a/src/s2i/bin/run b/src/s2i/bin/run new file mode 100755 index 00000000..f8f8aa39 --- /dev/null +++ b/src/s2i/bin/run @@ -0,0 +1,7 @@ +#!/bin/bash + +source ${HTTPD_CONTAINER_SCRIPTS_PATH}/common.sh + +export HTTPD_RUN_BY_S2I=1 + +exec run-httpd $@ diff --git a/src/s2i/bin/usage b/src/s2i/bin/usage new file mode 100755 index 00000000..9ebe8e2a --- /dev/null +++ b/src/s2i/bin/usage @@ -0,0 +1,22 @@ +#!/bin/sh + +DISTRO=`cat /etc/*-release | grep ^ID= | grep -Po '".*?"' | tr -d '"'` +NAMESPACE=sclorg +if [[ $DISTRO =~ rhel* ]]; then + NAMESPACE=rhel10 + DISTRO="" +else + DISTRO="-c10s" +fi + +cat <